From 4f74449f2c8e2f3a92db6b0932bc07bd75d0dd24 Mon Sep 17 00:00:00 2001 From: seonah moon Date: Mon, 23 Dec 2019 06:21:38 +0000 Subject: [PATCH] Revert "Imported Upstream version 3.2" This reverts commit 9f40b6be3050816502ad408cac6e8678ce0531ca. Change-Id: I6b89811f277ac78c541181b45a829300b140a30f --- .gitignore | 17 - .mailmap | 3 - .travis.yml | 25 +- contrib/Android.mk => Android.mk | 0 CMakeLists.txt | 1711 +-- ...dLibWebSockets.cmake => FindLibWebSockets.cmake | 0 LICENSE | 14 +- Makefile.projbuild | 1 - README.build.md | 469 + READMEs/README.coding.md => README.coding.md | 586 +- READMEs/README.esp32.md => README.esp32.md | 14 - README.esp8266.md | 34 + ...neric-sessions.md => README.generic-sessions.md | 0 ...DME.generic-table.md => README.generic-table.md | 0 README.lws-meta.md | 192 + READMEs/README.lwsws.md => README.lwsws.md | 140 +- README.md | 351 +- README.problems.md | 43 + READMEs/README.test-apps.md => README.test-apps.md | 164 +- READMEs/README.build.md | 732 - READMEs/README.ci.md | 29 - READMEs/README.content-security-policy.md | 148 - READMEs/README.contributing.md | 41 - READMEs/README.crypto-apis.md | 181 - READMEs/README.http-fallback.md | 172 - READMEs/README.lws_dll.md | 130 - READMEs/README.lws_sequencer.md | 149 - READMEs/README.lws_struct.md | 38 - READMEs/README.lws_sul.md | 62 - READMEs/README.plugin-acme.md | 180 - READMEs/README.plugin-sshd-base.md | 250 - READMEs/README.porting.md | 60 - READMEs/README.problems.md | 66 - READMEs/README.release-policy.md | 88 - READMEs/README.unix-domain-reverse-proxy.md | 101 - READMEs/README.vulnerability-reporting.md | 12 - READMEs/mainpage.md | 23 - READMEs/release-checklist | 85 - appveyor.yml | 49 +- autobahn-test.sh | 41 + changelog | 338 - cmake/FindMiniz.cmake | 35 - cmake/UseRPMTools.cmake | 2 +- cmake/lws_config.h.in | 146 - component.mk | 40 +- contrib/abi/README.md | 8 +- contrib/abi/libwebsockets.json | 150 - contrib/android-make-script.sh | 144 +- contrib/cross-arm-android-gnueabi.cmake | 46 - contrib/cross-w32.cmake | 45 - contrib/cross-w64.cmake | 45 - contrib/cross-aarch64.cmake => cross-aarch64.cmake | 18 +- ...eabihf.cmake => cross-arm-linux-gnueabihf.cmake | 16 - contrib/cross-esp32.cmake => cross-esp32.cmake | 28 +- contrib/cross-ming.cmake => cross-ming.cmake | 16 - ...ross-openwrt-makefile => cross-openwrt-makefile | 4 +- doc-assets/abstract-overview.svg | 348 - doc-assets/accept-flow-1.svg | 46 - doc-assets/accept-flow-2.svg | 71 - doc-assets/accept-flow-3.svg | 23 - doc-assets/http-proxy-overview.svg | 84 - doc-assets/lws-crypto-overview.svg | 43 - doc-assets/lws-fts.svg | 63 - doc-assets/lws-overview.png | Bin 641195 -> 0 bytes doc-assets/lws-relpol-1.svg | 30 - doc-assets/lws-relpol-2.svg | 53 - doc-assets/lws-relpol-3.svg | 64 - doc-assets/lws-relpol-4.svg | 84 - doc-assets/lws-relpol-5.svg | 156 - doc-assets/lws-smp-example.png | Bin 93289 -> 0 bytes doc-assets/lws-smp-ov.png | Bin 72738 -> 0 bytes doc-assets/lws_dll.svg | 133 - doc-assets/lws_sequencer.svg | 955 -- doc-assets/lws_struct-overview.svg | 62 - doc-assets/lwsac.svg | 131 - doc-assets/threadpool-states.svg | 153 - doc-assets/threadpool.svg | 2 - doc-assets/wss2.png | Bin 39101 -> 0 bytes include/libwebsockets.h | 592 - include/libwebsockets/abstract/abstract.h | 123 - include/libwebsockets/abstract/protocols.h | 53 - include/libwebsockets/abstract/protocols/smtp.h | 134 - include/libwebsockets/abstract/transports.h | 61 - .../libwebsockets/abstract/transports/raw-skt.h | 26 - .../libwebsockets/abstract/transports/unit-test.h | 78 - include/libwebsockets/lws-adopt.h | 185 - include/libwebsockets/lws-callbacks.h | 850 -- include/libwebsockets/lws-cgi.h | 103 - include/libwebsockets/lws-client.h | 244 - include/libwebsockets/lws-context-vhost.h | 1069 -- include/libwebsockets/lws-dbus.h | 91 - include/libwebsockets/lws-diskcache.h | 186 - include/libwebsockets/lws-dsh.h | 144 - include/libwebsockets/lws-esp32.h | 250 - include/libwebsockets/lws-fts.h | 214 - include/libwebsockets/lws-genaes.h | 168 - include/libwebsockets/lws-gencrypto.h | 117 - include/libwebsockets/lws-genec.h | 210 - include/libwebsockets/lws-genhash.h | 179 - include/libwebsockets/lws-genrsa.h | 253 - include/libwebsockets/lws-http.h | 776 - include/libwebsockets/lws-jose.h | 209 - include/libwebsockets/lws-jwe.h | 163 - include/libwebsockets/lws-jwk.h | 206 - include/libwebsockets/lws-jws.h | 404 - include/libwebsockets/lws-logs.h | 230 - include/libwebsockets/lws-lwsac.h | 230 - include/libwebsockets/lws-misc.h | 926 -- include/libwebsockets/lws-network-helper.h | 105 - include/libwebsockets/lws-optee.h | 77 - .../libwebsockets/lws-plugin-generic-sessions.h | 74 - include/libwebsockets/lws-protocols-plugins.h | 228 - include/libwebsockets/lws-purify.h | 81 - include/libwebsockets/lws-retry.h | 60 - include/libwebsockets/lws-ring.h | 305 - include/libwebsockets/lws-sequencer.h | 232 - include/libwebsockets/lws-service.h | 199 - include/libwebsockets/lws-sha1-base64.h | 93 - include/libwebsockets/lws-spa.h | 175 - include/libwebsockets/lws-stats.h | 80 - include/libwebsockets/lws-struct.h | 258 - include/libwebsockets/lws-system.h | 84 - include/libwebsockets/lws-test-sequencer.h | 60 - include/libwebsockets/lws-threadpool.h | 231 - include/libwebsockets/lws-timeout-timer.h | 230 - include/libwebsockets/lws-tokenize.h | 138 - include/libwebsockets/lws-vfs.h | 272 - include/libwebsockets/lws-write.h | 263 - include/libwebsockets/lws-writeable.h | 225 - include/libwebsockets/lws-ws-close.h | 124 - include/libwebsockets/lws-ws-ext.h | 197 - include/libwebsockets/lws-ws-state.h | 92 - include/libwebsockets/lws-x509.h | 278 - lib/.gitignore | 8 + lib/README.md | 15 - lib/abstract/README.md | 170 - lib/abstract/abstract.c | 147 - lib/abstract/private.h | 24 - lib/abstract/protocols/smtp/smtp.c | 449 - lib/abstract/test-sequencer.c | 272 - lib/abstract/transports/raw-skt.c | 356 - lib/abstract/transports/unit-test.c | 531 - lib/alloc.c | 83 + lib/{misc => }/base64-decode.c | 61 +- lib/client-handshake.c | 1045 ++ lib/client-parser.c | 589 + lib/client.c | 1402 ++ lib/context.c | 1458 ++ lib/core-net/adopt.c | 464 - lib/core-net/client.c | 117 - lib/core-net/close.c | 574 - lib/core-net/connect.c | 315 - lib/core-net/dummy-callback.c | 824 -- lib/core-net/lws-dsh.c | 501 - lib/core-net/network.c | 519 - lib/core-net/output.c | 344 - lib/core-net/pollfd.c | 639 - lib/core-net/private.h | 1168 -- lib/core-net/sequencer.c | 327 - lib/core-net/server.c | 315 - lib/core-net/service.c | 708 - lib/core-net/sorted-usec-list.c | 138 - lib/core-net/stats.c | 276 - lib/core-net/vhost.c | 1318 -- lib/core-net/wsi-timeout.c | 269 - lib/core-net/wsi.c | 887 -- lib/core/alloc.c | 156 - lib/core/buflist.c | 172 - lib/core/context.c | 880 -- lib/core/libwebsockets.c | 955 -- lib/core/logs.c | 279 - lib/core/lws_dll.c | 246 - lib/core/lws_dll2.c | 226 - lib/core/private.h | 621 - lib/core/vfs.c | 134 - lib/{misc => }/daemonize.c | 66 +- lib/event-libs/README.md | 124 - lib/event-libs/libev/libev.c | 375 - lib/event-libs/libev/private.h | 53 - lib/event-libs/libevent/libevent.c | 421 - lib/event-libs/libevent/private.h | 44 - lib/event-libs/libuv/libuv.c | 969 -- lib/event-libs/libuv/private.h | 76 - lib/event-libs/poll/poll.c | 43 - lib/event-libs/poll/private.h | 23 - lib/event-libs/private.h | 74 - lib/extension-permessage-deflate.c | 473 + .../ws/ext => }/extension-permessage-deflate.h | 17 +- lib/{roles/ws/ext => }/extension.c | 133 +- lib/{roles/http/server => }/fops-zip.c | 21 +- lib/{misc => }/getifaddrs.c | 22 +- lib/{misc => }/getifaddrs.h | 0 lib/handshake.c | 262 + lib/header.c | 317 + lib/hpack.c | 704 + lib/http2.c | 536 + lib/{roles/h2 => }/huftable.h | 0 lib/jose/README.md | 79 - lib/jose/jwe/enc/aescbc.c | 252 - lib/jose/jwe/enc/aesgcm.c | 173 - lib/jose/jwe/enc/aeskw.c | 178 - lib/jose/jwe/jwe-ecdh-es-aeskw.c | 615 - lib/jose/jwe/jwe-rsa-aescbc.c | 195 - lib/jose/jwe/jwe-rsa-aesgcm.c | 183 - lib/jose/jwe/jwe.c | 788 - lib/jose/jwe/private.h | 85 - lib/jose/jwk/jwk.c | 903 -- lib/jose/jws/jose.c | 602 - lib/jose/jws/jws.c | 929 -- lib/jose/jws/private.h | 24 - lib/jose/private.h | 32 - lib/{roles/http/server => }/lejp-conf.c | 483 +- lib/{misc => }/lejp.c | 310 +- include/libwebsockets/lws-lejp.h => lib/lejp.h | 122 +- lib/{roles/http => }/lextable-strings.h | 14 +- lib/lextable.h | 796 + lib/libev.c | 233 + lib/libevent.c | 249 + lib/libuv.c | 723 + lib/libwebsockets.c | 3634 +++++ lib/libwebsockets.h | 5184 +++++++ .../esp32/esp32-helpers.c => lws-plat-esp32.c} | 1154 +- lib/lws-plat-esp8266.c | 700 + lib/lws-plat-optee.c | 329 + lib/lws-plat-unix.c | 828 ++ lib/lws-plat-win.c | 742 + lib/{roles/h2 => }/minihuf.c | 8 +- lib/{roles/http => }/minilex.c | 0 lib/misc/dir.c | 180 - lib/misc/diskcache.c | 476 - lib/misc/fts/README.md | 315 - lib/misc/fts/private.h | 23 - lib/misc/fts/trie-fd.c | 1001 -- lib/misc/fts/trie.c | 1369 -- lib/misc/lws-ring.c | 294 - lib/misc/lws-struct-lejp.c | 762 - lib/misc/lws-struct-sqlite.c | 278 - lib/misc/lwsac/README.md | 106 - lib/misc/lwsac/cached-file.c | 206 - lib/misc/lwsac/lwsac.c | 226 - lib/misc/lwsac/private.h | 52 - lib/misc/peer-limits.c | 290 - lib/misc/threadpool/README.md | 182 - lib/misc/threadpool/threadpool.c | 1013 -- lib/output.c | 871 ++ lib/parsers.c | 1634 +++ lib/plat/esp32/esp32-fds.c | 58 - lib/plat/esp32/esp32-file.c | 223 - lib/plat/esp32/esp32-init.c | 112 - lib/plat/esp32/esp32-misc.c | 96 - lib/plat/esp32/esp32-pipe.c | 39 - lib/plat/esp32/esp32-service.c | 217 - lib/plat/esp32/esp32-sockets.c | 226 - lib/plat/esp32/esp_attr.h | 58 - lib/plat/esp32/private.h | 101 - lib/plat/optee/lws-plat-optee.c | 213 - lib/plat/optee/network.c | 232 - lib/plat/optee/private.h | 47 - lib/plat/unix/private.h | 173 - lib/plat/unix/unix-caps.c | 195 - lib/plat/unix/unix-fds.c | 174 - lib/plat/unix/unix-file.c | 172 - lib/plat/unix/unix-init.c | 188 - lib/plat/unix/unix-misc.c | 93 - lib/plat/unix/unix-pipe.c | 62 - lib/plat/unix/unix-plugins.c | 177 - lib/plat/unix/unix-service.c | 220 - lib/plat/unix/unix-sockets.c | 265 - lib/plat/windows/private.h | 147 - lib/plat/windows/windows-fds.c | 76 - lib/plat/windows/windows-file.c | 173 - lib/plat/windows/windows-init.c | 113 - lib/plat/windows/windows-misc.c | 108 - lib/plat/windows/windows-pipe.c | 49 - lib/plat/windows/windows-plugins.c | 47 - lib/plat/windows/windows-service.c | 227 - lib/plat/windows/windows-sockets.c | 309 - lib/pollfd.c | 560 + lib/private-libwebsockets.h | 2270 +++ lib/{roles/http/server => }/ranges.c | 10 +- lib/{roles/http/server => }/rewrite.c | 11 +- lib/roles/README.md | 161 - lib/roles/cgi/cgi-server.c | 1242 -- lib/roles/cgi/ops-cgi.c | 124 - lib/roles/cgi/private.h | 87 - lib/roles/dbus/README.md | 83 - lib/roles/dbus/dbus.c | 530 - lib/roles/dbus/private.h | 42 - lib/roles/h1/ops-h1.c | 1170 -- lib/roles/h1/private.h | 27 - lib/roles/h2/hpack.c | 1416 -- lib/roles/h2/http2.c | 2399 --- lib/roles/h2/ops-h2.c | 1247 -- lib/roles/h2/private.h | 406 - lib/roles/http/client/client-handshake.c | 1197 -- lib/roles/http/client/client.c | 1337 -- lib/roles/http/compression/README.md | 17 - lib/roles/http/compression/brotli/brotli.c | 122 - lib/roles/http/compression/deflate/deflate.c | 110 - lib/roles/http/compression/private.h | 84 - lib/roles/http/compression/stream.c | 223 - lib/roles/http/header.c | 616 - lib/roles/http/lextable.h | 839 -- lib/roles/http/private.h | 306 - lib/roles/http/server/access-log.c | 197 - lib/roles/http/server/lws-spa.c | 675 - lib/roles/http/server/parsers.c | 1420 -- lib/roles/http/server/server.c | 2995 ---- lib/roles/listen/ops-listen.c | 205 - lib/roles/pipe/ops-pipe.c | 98 - lib/roles/private.h | 335 - lib/roles/raw-file/ops-raw-file.c | 119 - lib/roles/raw-proxy/ops-raw-proxy.c | 218 - lib/roles/raw-proxy/private.h | 41 - lib/roles/raw-skt/ops-raw-skt.c | 257 - lib/roles/ws/client-parser-ws.c | 703 - lib/roles/ws/client-ws.c | 687 - lib/roles/ws/ext/extension-permessage-deflate.c | 553 - lib/roles/ws/ops-ws.c | 2125 --- lib/roles/ws/private.h | 191 - lib/roles/ws/server-ws.c | 1000 -- lib/{misc => }/romfs.c | 14 +- lib/{misc => }/romfs.h | 0 lib/server-handshake.c | 351 + lib/server.c | 3507 +++++ lib/service.c | 1415 ++ lib/{misc => }/sha-1.c | 20 +- lib/smtp.c | 241 + lib/ssl-client.c | 593 + lib/ssl-http2.c | 154 + lib/ssl-server.c | 439 + lib/ssl.c | 892 ++ lib/tls/lws-gencrypto-common.c | 684 - lib/tls/lws-genec-common.c | 130 - lib/tls/mbedtls/lws-genaes.c | 368 - lib/tls/mbedtls/lws-gencrypto.c | 64 - lib/tls/mbedtls/lws-genec.c | 519 - lib/tls/mbedtls/lws-genhash.c | 187 - lib/tls/mbedtls/lws-genrsa.c | 479 - lib/tls/mbedtls/mbedtls-client.c | 305 - lib/tls/mbedtls/mbedtls-server.c | 712 - lib/tls/mbedtls/private.h | 34 - lib/tls/mbedtls/ssl.c | 317 - lib/tls/mbedtls/tls.c | 46 - lib/tls/mbedtls/wrapper/include/internal/ssl3.h | 44 - .../mbedtls/wrapper/include/internal/ssl_cert.h | 55 - .../mbedtls/wrapper/include/internal/ssl_code.h | 124 - lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h | 190 - lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h | 30 - .../mbedtls/wrapper/include/internal/ssl_methods.h | 121 - .../mbedtls/wrapper/include/internal/ssl_pkey.h | 86 - .../mbedtls/wrapper/include/internal/ssl_stack.h | 52 - .../mbedtls/wrapper/include/internal/ssl_types.h | 311 - .../mbedtls/wrapper/include/internal/ssl_x509.h | 110 - lib/tls/mbedtls/wrapper/include/internal/tls1.h | 58 - .../mbedtls/wrapper/include/internal/x509_vfy.h | 111 - lib/tls/mbedtls/wrapper/include/openssl/ssl.h | 1827 --- lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h | 61 - .../mbedtls/wrapper/include/platform/ssl_port.h | 46 - lib/tls/mbedtls/wrapper/library/ssl_cert.c | 87 - lib/tls/mbedtls/wrapper/library/ssl_lib.c | 1734 --- lib/tls/mbedtls/wrapper/library/ssl_methods.c | 81 - lib/tls/mbedtls/wrapper/library/ssl_pkey.c | 239 - lib/tls/mbedtls/wrapper/library/ssl_stack.c | 74 - lib/tls/mbedtls/wrapper/library/ssl_x509.c | 354 - lib/tls/mbedtls/wrapper/platform/ssl_pm.c | 950 -- lib/tls/mbedtls/wrapper/platform/ssl_port.c | 29 - lib/tls/mbedtls/x509.c | 431 - lib/tls/openssl/lws-genaes.c | 379 - lib/tls/openssl/lws-gencrypto.c | 86 - lib/tls/openssl/lws-genec.c | 661 - lib/tls/openssl/lws-genhash.c | 170 - lib/tls/openssl/lws-genrsa.c | 404 - lib/tls/openssl/openssl-client.c | 673 - lib/tls/openssl/openssl-server.c | 1001 -- lib/tls/openssl/private.h | 53 - lib/tls/openssl/ssl.c | 510 - lib/tls/openssl/tls.c | 193 - lib/tls/openssl/x509.c | 664 - lib/tls/private-network.h | 190 - lib/tls/private.h | 182 - lib/tls/tls-client.c | 160 - lib/tls/tls-network.c | 252 - lib/tls/tls-server.c | 453 - lib/tls/tls.c | 336 - libwebsockets.dox | 84 +- libwebsockets.spec | 91 + lws_config.h.in | 154 + ..._config_private.h.in => lws_config_private.h.in | 15 +- lwsws/etc-lwsws-conf.d-localhost-EXAMPLE | 3 +- lwsws/main.c | 93 +- lwsws/usr-lib-systemd-system-lwsws.service | 1 + mainpage.md | 16 + minimal-examples/README.md | 88 - .../abstract/protocols/smtp-client/CMakeLists.txt | 76 - .../abstract/protocols/smtp-client/README.md | 29 - .../abstract/protocols/smtp-client/main.c | 175 - minimal-examples/api-tests/README.md | 12 - .../api-tests/api-test-fts/CMakeLists.txt | 76 - minimal-examples/api-tests/api-test-fts/README.md | 53 - .../api-tests/api-test-fts/canned-1.txt | 26 - .../api-tests/api-test-fts/canned-2.txt | 42 - .../api-tests/api-test-fts/les-mis-utf8.txt | 14399 ------------------- minimal-examples/api-tests/api-test-fts/main.c | 230 - .../api-tests/api-test-fts/selftest.sh | 58 - .../api-test-fts/the-picture-of-dorian-gray.txt | 8904 ------------ .../api-tests/api-test-gencrypto/CMakeLists.txt | 80 - .../api-tests/api-test-gencrypto/README.md | 26 - .../api-tests/api-test-gencrypto/lws-genaes.c | 801 -- .../api-tests/api-test-gencrypto/lws-genec.c | 132 - .../api-tests/api-test-gencrypto/main.c | 48 - .../api-tests/api-test-gencrypto/selftest.sh | 24 - .../api-tests/api-test-jose/CMakeLists.txt | 77 - minimal-examples/api-tests/api-test-jose/README.md | 22 - minimal-examples/api-tests/api-test-jose/jwe.c | 2231 --- minimal-examples/api-tests/api-test-jose/jwk.c | 350 - minimal-examples/api-tests/api-test-jose/jws.c | 713 - minimal-examples/api-tests/api-test-jose/main.c | 54 - .../api-tests/api-test-jose/selftest.sh | 24 - .../api-tests/api-test-lws_dsh/CMakeLists.txt | 78 - .../api-tests/api-test-lws_dsh/README.md | 22 - minimal-examples/api-tests/api-test-lws_dsh/main.c | 361 - .../api-tests/api-test-lws_dsh/selftest.sh | 24 - .../api-test-lws_sequencer/CMakeLists.txt | 78 - .../api-test-lws_sequencer/libwebsockets.org.cer | 58 - .../api-tests/api-test-lws_sequencer/main.c | 399 - .../api-test-lws_struct-json/CMakeLists.txt | 77 - .../api-tests/api-test-lws_struct-json/README.md | 56 - .../api-tests/api-test-lws_struct-json/main.c | 365 - .../api-tests/api-test-lws_struct-json/selftest.sh | 24 - .../api-tests/api-test-lws_tokenize/CMakeLists.txt | 73 - .../api-tests/api-test-lws_tokenize/README.md | 37 - .../api-tests/api-test-lws_tokenize/main.c | 408 - .../api-tests/api-test-lws_tokenize/selftest.sh | 24 - .../api-tests/api-test-lwsac/CMakeLists.txt | 73 - .../api-tests/api-test-lwsac/README.md | 22 - minimal-examples/api-tests/api-test-lwsac/main.c | 83 - .../api-tests/api-test-lwsac/selftest.sh | 24 - .../api-tests/api-test-smtp_client/CMakeLists.txt | 76 - .../api-tests/api-test-smtp_client/README.md | 41 - .../api-tests/api-test-smtp_client/main.c | 275 - minimal-examples/client-server/README.md | 3 - .../client-server/minimal-ws-proxy/CMakeLists.txt | 79 - .../client-server/minimal-ws-proxy/README.md | 38 - .../minimal-ws-proxy/minimal-ws-proxy.c | 99 - .../minimal-ws-proxy/mount-origin/example.js | 70 - .../minimal-ws-proxy/mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-ws-proxy/mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../minimal-ws-proxy/mount-origin/strict-csp.svg | 53 - .../minimal-ws-proxy/protocol_lws_minimal.c | 279 - minimal-examples/crypto/README.md | 7 - .../crypto/minimal-crypto-jwe/CMakeLists.txt | 77 - .../crypto/minimal-crypto-jwe/README.md | 70 - .../crypto/minimal-crypto-jwe/key-rsa-4096.private | 1 - .../crypto/minimal-crypto-jwe/key-rsa-4096.pub | 1 - minimal-examples/crypto/minimal-crypto-jwe/main.c | 279 - .../crypto/minimal-crypto-jwk/CMakeLists.txt | 77 - .../crypto/minimal-crypto-jwk/README.md | 52 - minimal-examples/crypto/minimal-crypto-jwk/main.c | 190 - .../crypto/minimal-crypto-jws/CMakeLists.txt | 77 - .../crypto/minimal-crypto-jws/README.md | 60 - minimal-examples/crypto/minimal-crypto-jws/main.c | 209 - .../crypto/minimal-crypto-x509/CMakeLists.txt | 77 - .../crypto/minimal-crypto-x509/README.md | 59 - minimal-examples/crypto/minimal-crypto-x509/main.c | 202 - minimal-examples/dbus-client/README.md | 4 - .../dbus-client/minimal-dbus-client/CMakeLists.txt | 120 - .../dbus-client/minimal-dbus-client/README.md | 49 - .../minimal-dbus-client/minimal-dbus-client.c | 281 - .../CMakeLists.txt | 120 - .../minimal-dbus-ws-proxy-testclient/README.md | 52 - .../minimal-dbus-ws-proxy-testclient.c | 459 - minimal-examples/dbus-server/README.md | 4 - .../dbus-server/minimal-dbus-server/CMakeLists.txt | 120 - .../dbus-server/minimal-dbus-server/README.md | 96 - .../dbus-server/minimal-dbus-server/main.c | 535 - .../minimal-dbus-ws-proxy/CMakeLists.txt | 122 - .../dbus-server/minimal-dbus-ws-proxy/README.md | 115 - .../dbus-server/minimal-dbus-ws-proxy/main.c | 102 - .../org.libwebsockets.wsclientproxy.conf | 14 - .../protocol_lws_minimal_dbus_ws_proxy.c | 828 -- minimal-examples/http-client/README.md | 8 - .../minimal-http-client-certinfo/CMakeLists.txt | 80 - .../minimal-http-client-certinfo/README.md | 77 - .../minimal-http-client-certinfo.c | 217 - .../minimal-http-client-certinfo/warmcat.com.cer | 58 - .../CMakeLists.txt | 79 - .../minimal-http-client-custom-headers/README.md | 45 - .../minimal-http-client-custom-headers.c | 228 - .../warmcat.com.cer | 58 - .../minimal-http-client-hugeurl/CMakeLists.txt | 78 - .../minimal-http-client-hugeurl/README.md | 52 - .../minimal-http-client-hugeurl.c | 227 - .../minimal-http-client-hugeurl/selftest.sh | 47 - .../minimal-http-client-hugeurl/warmcat.com.cer | 58 - .../minimal-http-client-multi/CMakeLists.txt | 79 - .../minimal-http-client-multi/README.md | 25 - .../minimal-http-client-multi.c | 343 - .../minimal-http-client-multi/selftest.sh | 52 - .../minimal-http-client-multi/warmcat.com.cer | 58 - .../minimal-http-client-post/CMakeLists.txt | 78 - .../http-client/minimal-http-client-post/README.md | 74 - .../minimal-http-client-post/libwebsockets.org.cer | 58 - .../minimal-http-client-post.c | 302 - .../minimal-http-client-post/selftest.sh | 39 - .../http-client/minimal-http-client/CMakeLists.txt | 79 - .../http-client/minimal-http-client/README.md | 64 - .../minimal-http-client/minimal-http-client.c | 207 - .../http-client/minimal-http-client/selftest.sh | 33 - .../minimal-http-client/warmcat.com.cer | 58 - minimal-examples/http-server/README.md | 24 - .../minimal-http-server-basicauth/CMakeLists.txt | 77 - .../minimal-http-server-basicauth/README.md | 34 - .../minimal-http-server-basicauth/ba-passwords | 1 - .../minimal-http-server-basicauth.c | 113 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 25 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../mount-secret-origin/index.html | 11 - .../mount-secret-origin/libwebsockets.org-logo.svg | 120 - .../CMakeLists.txt | 78 - .../minimal-http-server-custom-headers/README.md | 20 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-custom-headers.c | 220 - .../mount-origin/404.html | 9 - .../mount-origin/error.css | 0 .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 20 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-deaddrop/CMakeLists.txt | 86 - .../minimal-http-server-deaddrop/README.md | 49 - .../minimal-http-server-deaddrop/ba-passwords | 2 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-deaddrop.c | 171 - .../mount-origin/404.html | 9 - .../mount-origin/deaddrop.css | 70 - .../mount-origin/deaddrop.js | 300 - .../mount-origin/drop.svg | 102 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 35 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../uploads/user1/placeholder.txt | 1 - .../minimal-http-server-dynamic/CMakeLists.txt | 78 - .../minimal-http-server-dynamic/README.md | 20 - .../localhost-100y.cert | 34 - .../minimal-http-server-dynamic/localhost-100y.key | 52 - .../minimal-http-server-dynamic.c | 300 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../CMakeLists.txt | 79 - .../minimal-http-server-eventlib-demos/README.md | 30 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-eventlib-demos.c | 188 - .../mount-origin/404.html | 9 - .../mount-origin/candide.zip | Bin 211764 -> 0 bytes .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/http2.png | Bin 2046 -> 0 bytes .../mount-origin/leaf.jpg | Bin 2477518 -> 0 bytes .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/lws-common.js | 128 - .../mount-origin/strict-csp.svg | 53 - .../mount-origin/test.css | 190 - .../mount-origin/test.html | 261 - .../mount-origin/wss-over-h2.png | Bin 2727 -> 0 bytes .../CMakeLists.txt | 97 - .../minimal-http-server-eventlib-foreign/README.md | 58 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-eventlib-foreign.c | 425 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 16 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../CMakeLists.txt | 91 - .../minimal-http-server-eventlib-smp/README.md | 33 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-eventlib-smp.c | 159 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 15 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-eventlib/CMakeLists.txt | 78 - .../minimal-http-server-eventlib/README.md | 27 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-eventlib.c | 119 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 15 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-form-get/CMakeLists.txt | 77 - .../minimal-http-server-form-get/README.md | 21 - .../minimal-http-server-form-get.c | 148 - .../mount-origin/404.html | 9 - .../mount-origin/after-form1.html | 12 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 23 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../CMakeLists.txt | 77 - .../minimal-http-server-form-post-file/README.md | 23 - .../minimal-http-server-form-post-file.c | 260 - .../mount-origin/404.html | 9 - .../mount-origin/after-form1.html | 14 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 29 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../CMakeLists.txt | 77 - .../minimal-http-server-form-post-lwsac/README.md | 23 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-form-post.c | 217 - .../minimal-http-server-form-post/CMakeLists.txt | 77 - .../minimal-http-server-form-post/README.md | 21 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-form-post.c | 207 - .../mount-origin/404.html | 9 - .../mount-origin/after-form1.html | 12 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 23 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../CMakeLists.txt | 82 - .../minimal-http-server-fulltext-search/README.md | 18 - .../lws-fts.index | Bin 332641 -> 0 bytes .../minimal-http-server.c | 126 - .../mount-origin/404.html | 9 - .../mount-origin/dorian-gray-wikipedia.jpg | Bin 170097 -> 0 bytes .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 30 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/lws-fts.css | 154 - .../mount-origin/lws-fts.js | 211 - .../mount-origin/strict-csp.svg | 53 - .../the-picture-of-dorian-gray.txt | 8904 ------------ .../CMakeLists.txt | 82 - .../minimal-http-server-generic-sessions/README.md | 26 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-http-server-generic-sessions.c | 202 - .../mount-origin/404.html | 11 - .../mount-origin/admin-login.html | 5 - .../mount-origin/example.js | 22 - .../mount-origin/failed-login.html | 3 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/http2.png | Bin 7563 -> 0 bytes .../mount-origin/index.html | 57 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/lws-common.js | 128 - .../mount-origin/lwsgs-logo.png | Bin 9729 -> 0 bytes .../mount-origin/lwsgs.css | 144 - .../mount-origin/lwsgs.js | 637 - .../mount-origin/md5.min.js | 2 - .../mount-origin/needadmin/admin-login.html | 5 - .../mount-origin/needauth/successful-login.html | 4 - .../mount-origin/post-forgot-fail.html | 5 - .../mount-origin/post-forgot-ok.html | 6 - .../mount-origin/post-register-fail.html | 1 - .../mount-origin/post-register-ok.html | 27 - .../mount-origin/post-verify-fail.html | 20 - .../mount-origin/post-verify-ok.html | 25 - .../mount-origin/seats.jpg | Bin 122754 -> 0 bytes .../mount-origin/sent-forgot-fail.html | 5 - .../mount-origin/sent-forgot-ok.html | 4 - .../mount-origin/strict-csp.svg | 53 - .../mount-origin/successful-login.html | 4 - .../minimal-http-server-mimetypes/CMakeLists.txt | 79 - .../minimal-http-server-mimetypes/README.md | 21 - .../minimal-http-server-mimetypes.c | 94 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 24 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../mount-origin/test.tar.bz2 | Bin 7589 -> 0 bytes .../minimal-http-server-multivhost/CMakeLists.txt | 77 - .../minimal-http-server-multivhost/README.md | 48 - .../minimal-http-server.c | 179 - .../mount-origin-localhost1/404.html | 9 - .../mount-origin-localhost1/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin-localhost1/index.html | 18 - .../libwebsockets.org-logo.svg | 120 - .../mount-origin-localhost1/strict-csp.svg | 53 - .../mount-origin-localhost2/404.html | 9 - .../mount-origin-localhost2/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin-localhost2/index.html | 17 - .../libwebsockets.org-logo.svg | 120 - .../mount-origin-localhost2/strict-csp.svg | 53 - .../mount-origin-localhost3/404.html | 9 - .../mount-origin-localhost3/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin-localhost3/index.html | 17 - .../libwebsockets.org-logo.svg | 120 - .../mount-origin-localhost3/strict-csp.svg | 53 - .../minimal-http-server-proxy/CMakeLists.txt | 80 - .../minimal-http-server-proxy/localhost-100y.cert | 34 - .../minimal-http-server-proxy/localhost-100y.key | 52 - .../minimal-http-server-proxy.c | 84 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/http2.png | Bin 7563 -> 0 bytes .../mount-origin/index.html | 17 - .../minimal-http-server-smp/CMakeLists.txt | 91 - .../http-server/minimal-http-server-smp/README.md | 34 - .../minimal-http-server-smp/localhost-100y.cert | 34 - .../minimal-http-server-smp/localhost-100y.key | 52 - .../minimal-http-server-smp.c | 132 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 12 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-sse-ring/CMakeLists.txt | 91 - .../minimal-http-server-sse-ring/README.md | 27 - .../minimal-http-server-sse-ring.c | 395 - .../mount-origin/404.html | 9 - .../mount-origin/example.js | 38 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 23 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-sse/CMakeLists.txt | 78 - .../http-server/minimal-http-server-sse/README.md | 25 - .../minimal-http-server-sse/localhost-100y.cert | 34 - .../minimal-http-server-sse/localhost-100y.key | 52 - .../minimal-http-server-sse.c | 224 - .../minimal-http-server-sse/mount-origin/404.html | 9 - .../mount-origin/example.js | 38 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 20 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-tls-80/CMakeLists.txt | 79 - .../minimal-http-server-tls-80/README.md | 64 - .../minimal-http-server-tls-80/localhost-100y.cert | 34 - .../minimal-http-server-tls-80/localhost-100y.key | 52 - .../minimal-http-server-tls-80.c | 136 - .../mount-origin/404.html | 13 - .../mount-origin/example.js | 21 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/http2.png | Bin 7563 -> 0 bytes .../mount-origin/index.html | 18 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-tls-mem/CMakeLists.txt | 79 - .../minimal-http-server-tls-mem/README.md | 60 - .../minimal-http-server-tls-mem.c | 465 - .../mount-origin/404.html | 11 - .../mount-origin/example.js | 22 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/http2.png | Bin 7563 -> 0 bytes .../mount-origin/index.html | 17 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-http-server-tls/CMakeLists.txt | 79 - .../http-server/minimal-http-server-tls/README.md | 45 - .../minimal-http-server-tls/localhost-100y.cert | 34 - .../minimal-http-server-tls/localhost-100y.key | 52 - .../minimal-http-server-tls.c | 95 - .../minimal-http-server-tls/mount-origin/404.html | 11 - .../mount-origin/example.js | 22 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-http-server-tls/mount-origin/http2.png | Bin 7563 -> 0 bytes .../mount-origin/index.html | 17 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../http-server/minimal-http-server/CMakeLists.txt | 79 - .../http-server/minimal-http-server/README.md | 18 - .../minimal-http-server/minimal-http-server.c | 87 - .../minimal-http-server/mount-origin/404.html | 9 - .../minimal-http-server/mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-http-server/mount-origin/index.html | 15 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - minimal-examples/raw/README.md | 11 - .../raw/minimal-raw-adopt-tcp/CMakeLists.txt | 76 - .../raw/minimal-raw-adopt-tcp/README.md | 57 - .../minimal-raw-adopt-tcp/minimal-raw-adopt-tcp.c | 188 - .../raw/minimal-raw-adopt-udp/CMakeLists.txt | 76 - .../raw/minimal-raw-adopt-udp/README.md | 49 - .../minimal-raw-adopt-udp/minimal-raw-adopt-udp.c | 185 - .../CMakeLists.txt | 79 - .../raw/minimal-raw-fallback-http-server/README.md | 41 - .../localhost-100y.cert | 34 - .../localhost-100y.key | 52 - .../minimal-raw-fallback-http-server.c | 147 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 15 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../raw/minimal-raw-file/CMakeLists.txt | 77 - minimal-examples/raw/minimal-raw-file/README.md | 48 - .../raw/minimal-raw-file/minimal-raw-file.c | 160 - .../raw/minimal-raw-netcat/CMakeLists.txt | 76 - minimal-examples/raw/minimal-raw-netcat/README.md | 38 - .../raw/minimal-raw-netcat/minimal-raw-netcat.c | 255 - .../raw/minimal-raw-proxy-fallback/CMakeLists.txt | 84 - .../raw/minimal-raw-proxy-fallback/README.md | 49 - .../minimal-raw-proxy-fallback/localhost-100y.cert | 34 - .../minimal-raw-proxy-fallback/localhost-100y.key | 52 - .../minimal-raw-proxy-fallback.c | 134 - .../mount-origin/404.html | 9 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 15 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../raw/minimal-raw-proxy/CMakeLists.txt | 84 - minimal-examples/raw/minimal-raw-proxy/README.md | 41 - .../raw/minimal-raw-proxy/minimal-raw-proxy.c | 91 - .../raw/minimal-raw-vhost/CMakeLists.txt | 76 - minimal-examples/raw/minimal-raw-vhost/README.md | 42 - .../raw/minimal-raw-vhost/localhost-100y.cert | 34 - .../raw/minimal-raw-vhost/localhost-100y.key | 52 - .../raw/minimal-raw-vhost/minimal-raw-vhost.c | 158 - minimal-examples/selftests-library.sh | 95 - minimal-examples/selftests.sh | 61 - minimal-examples/ws-client/README.md | 8 - .../minimal-ws-client-echo/CMakeLists.txt | 79 - .../ws-client/minimal-ws-client-echo/README.md | 37 - .../minimal-ws-client-echo.c | 172 - .../protocol_lws_minimal_client_echo.c | 328 - .../minimal-ws-client-ping/CMakeLists.txt | 90 - .../ws-client/minimal-ws-client-ping/README.md | 42 - .../minimal-ws-client-ping/libwebsockets.org.cer | 58 - .../minimal-ws-client-ping.c | 222 - .../minimal-ws-client-pmd-bulk/CMakeLists.txt | 79 - .../ws-client/minimal-ws-client-pmd-bulk/README.md | 164 - .../minimal-ws-client-pmd-bulk.c | 132 - .../protocol_lws_minimal_pmd_bulk.c | 319 - .../ws-client/minimal-ws-client-rx/CMakeLists.txt | 78 - .../ws-client/minimal-ws-client-rx/README.md | 39 - .../minimal-ws-client-rx/libwebsockets.org.cer | 58 - .../minimal-ws-client-rx/minimal-ws-client.c | 149 - .../ws-client/minimal-ws-client-rx/selftest.sh | 25 - .../minimal-ws-client-spam/CMakeLists.txt | 90 - .../ws-client/minimal-ws-client-spam/README.md | 53 - .../minimal-ws-client-spam/libwebsockets.org.cer | 58 - .../minimal-ws-client-spam.c | 265 - .../ws-client/minimal-ws-client-spam/selftest.sh | 26 - .../ws-client/minimal-ws-client-tx/CMakeLists.txt | 90 - .../ws-client/minimal-ws-client-tx/README.md | 33 - .../minimal-ws-client-tx/minimal-ws-client.c | 342 - minimal-examples/ws-server/README.md | 13 - .../ws-server/minimal-ws-broker/CMakeLists.txt | 77 - .../ws-server/minimal-ws-broker/README.md | 26 - .../minimal-ws-broker/minimal-ws-broker.c | 97 - .../minimal-ws-broker/mount-origin/example.js | 83 - .../minimal-ws-broker/mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-ws-broker/mount-origin/index.html | 24 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../minimal-ws-broker/mount-origin/strict-csp.svg | 53 - .../minimal-ws-broker/protocol_lws_minimal.c | 250 - .../minimal-ws-server-echo/CMakeLists.txt | 79 - .../ws-server/minimal-ws-server-echo/README.md | 30 - .../minimal-ws-server-echo.c | 118 - .../protocol_lws_minimal_server_echo.c | 265 - .../minimal-ws-server-pmd-bulk/CMakeLists.txt | 79 - .../ws-server/minimal-ws-server-pmd-bulk/README.md | 21 - .../minimal-ws-server-pmd-bulk.c | 143 - .../mount-origin/example.js | 65 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../protocol_lws_minimal_pmd_bulk.c | 256 - .../minimal-ws-server-pmd-corner/CMakeLists.txt | 79 - .../minimal-ws-server-pmd-corner/README.md | 24 - .../minimal-ws-server-pmd-corner.c | 108 - .../mount-origin/example.js | 88 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 21 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../protocol_lws_minimal.c | 304 - .../ws-server/minimal-ws-server-pmd/CMakeLists.txt | 79 - .../ws-server/minimal-ws-server-pmd/README.md | 23 - .../minimal-ws-server-pmd/minimal-ws-server-pmd.c | 108 - .../minimal-ws-server-pmd/mount-origin/example.js | 71 - .../minimal-ws-server-pmd/mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-ws-server-pmd/mount-origin/index.html | 21 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-ws-server-pmd/protocol_lws_minimal.c | 193 - .../minimal-ws-server-ring/CMakeLists.txt | 78 - .../ws-server/minimal-ws-server-ring/README.md | 24 - .../minimal-ws-server-ring.c | 97 - .../minimal-ws-server-ring/mount-origin/example.js | 68 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-ws-server-ring/mount-origin/index.html | 20 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../minimal-ws-server-ring/protocol_lws_minimal.c | 314 - .../minimal-ws-server-threadpool/CMakeLists.txt | 92 - .../minimal-ws-server-threadpool/README.md | 26 - .../minimal-ws-server-threadpool.c | 129 - .../mount-origin/example.js | 78 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../protocol_lws_minimal_threadpool.c | 343 - .../minimal-ws-server-threads-smp/CMakeLists.txt | 91 - .../minimal-ws-server-threads-smp/README.md | 39 - .../minimal-ws-server.c | 148 - .../mount-origin/example.js | 71 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../protocol_lws_minimal.c | 333 - .../minimal-ws-server-threads/CMakeLists.txt | 91 - .../ws-server/minimal-ws-server-threads/README.md | 25 - .../minimal-ws-server-threads/minimal-ws-server.c | 129 - .../mount-origin/example.js | 71 - .../mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../protocol_lws_minimal.c | 326 - .../minimal-ws-server-timer/CMakeLists.txt | 78 - .../ws-server/minimal-ws-server-timer/README.md | 34 - .../minimal-ws-server-timer/localhost-100y.cert | 34 - .../minimal-ws-server-timer/localhost-100y.key | 52 - .../minimal-ws-server-timer/minimal-ws-server.c | 134 - .../mount-origin/example.js | 69 - .../mount-origin/favicon.ico | 0 .../mount-origin/index.html | 16 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../mount-origin/strict-csp.svg | 53 - .../ws-server/minimal-ws-server/CMakeLists.txt | 78 - .../ws-server/minimal-ws-server/README.md | 29 - .../minimal-ws-server/localhost-100y.cert | 34 - .../ws-server/minimal-ws-server/localhost-100y.key | 52 - .../minimal-ws-server/minimal-ws-server.c | 109 - .../minimal-ws-server/mount-origin/example.js | 69 - .../minimal-ws-server/mount-origin/favicon.ico | Bin 1406 -> 0 bytes .../minimal-ws-server/mount-origin/index.html | 19 - .../mount-origin/libwebsockets.org-logo.svg | 120 - .../minimal-ws-server/mount-origin/strict-csp.svg | 53 - .../minimal-ws-server/protocol_lws_minimal.c | 187 - module.json | 21 + plugin-standalone/protocol_example_standalone.c | 6 +- plugins/acme-client/protocol_lws_acme_client.c | 1625 --- plugins/deaddrop/README.md | 91 - plugins/deaddrop/assets/deaddrop.css | 70 - plugins/deaddrop/assets/deaddrop.js | 300 - plugins/deaddrop/assets/drop.svg | 102 - plugins/deaddrop/assets/index.html | 34 - plugins/deaddrop/protocol_lws_deaddrop.c | 702 - plugins/generic-sessions/assets/index.html | 148 +- plugins/generic-sessions/assets/lwsgs.css | 134 - plugins/generic-sessions/assets/lwsgs.js | 199 +- plugins/generic-sessions/handlers.c | 174 +- plugins/generic-sessions/private-lwsgs.h | 18 +- .../generic-sessions/protocol_generic_sessions.c | 530 +- .../generic-sessions/protocol_lws_messageboard.c | 72 +- plugins/generic-sessions/utils.c | 122 +- plugins/generic-table/assets/lwsgt.js | 45 +- plugins/generic-table/protocol_table_dirlisting.c | 21 +- plugins/protocol_client_loopback_test.c | 11 +- plugins/protocol_dumb_increment.c | 95 +- plugins/protocol_esp32_lws_ota.c | 29 +- plugins/protocol_esp32_lws_scan.c | 430 +- plugins/protocol_fulltext_demo.c | 293 - plugins/protocol_lws_meta.c | 616 + plugins/protocol_lws_mirror.c | 437 +- plugins/protocol_lws_raw_test.c | 55 +- plugins/protocol_lws_server_status.c | 147 +- plugins/protocol_lws_sshd_demo.c | 482 - plugins/protocol_lws_status.c | 67 +- plugins/protocol_post_demo.c | 182 +- plugins/raw-proxy/README.md | 66 - plugins/raw-proxy/protocol_lws_raw_proxy.c | 582 - plugins/server-status.css | 197 - plugins/server-status.html | 357 +- plugins/server-status.js | 253 - plugins/ssh-base/crypto/chacha.c | 368 - plugins/ssh-base/crypto/ed25519.c | 221 - plugins/ssh-base/crypto/fe25519.c | 338 - plugins/ssh-base/crypto/fe25519.h | 68 - plugins/ssh-base/crypto/ge25519.c | 321 - plugins/ssh-base/crypto/ge25519.h | 43 - plugins/ssh-base/crypto/ge25519_base.data | 858 -- plugins/ssh-base/crypto/poly1305.c | 172 - plugins/ssh-base/crypto/sc25519.c | 307 - plugins/ssh-base/crypto/sc25519.h | 78 - plugins/ssh-base/crypto/smult_curve25519_ref.c | 265 - plugins/ssh-base/include/lws-plugin-ssh.h | 370 - .../lws-plugin-sshd-static-build-includes.h | 18 - plugins/ssh-base/include/lws-ssh.h | 604 - plugins/ssh-base/kex-25519.c | 545 - plugins/ssh-base/sshd.c | 2588 ---- plugins/ssh-base/telnet.c | 260 - release-checklist | 102 + scripts/FindLibWebSockets.cmake | 33 + scripts/autobahn-test-client.sh | 101 - scripts/autobahn-test-server.sh | 92 - scripts/build-gcov.sh | 6 - scripts/client-ca/certindex.txt | 0 scripts/client-ca/create-ca.sh | 6 - scripts/client-ca/create-client-cert.sh | 21 - scripts/client-ca/create-server-cert.sh | 20 - scripts/client-ca/serial | 1 - scripts/client-ca/tmp.cnf | 74 - scripts/esp32.mk | 72 +- scripts/gcov.sh | 3 - scripts/h2load-smp.sh | 63 - scripts/h2load.sh | 63 - scripts/h2spec.sh | 41 - scripts/libwebsockets.spec | 180 - scripts/test-dbus-proxy.sh | 34 - scripts/travis_control.sh | 54 - scripts/travis_install.sh | 79 - test-apps/1.png | Bin 5249 -> 0 bytes test-apps/2.png | Bin 5195 -> 0 bytes test-apps/3.png | Bin 5171 -> 0 bytes test-apps/4.png | Bin 5171 -> 0 bytes test-apps/5.png | Bin 5114 -> 0 bytes test-apps/6.png | Bin 5153 -> 0 bytes test-apps/7.png | Bin 5055 -> 0 bytes test-apps/8.png | Bin 5117 -> 0 bytes test-apps/http2.png | Bin 2046 -> 0 bytes test-apps/libwebsockets.org-logo.svg | 120 - test-apps/lws-common.js | 128 - test-apps/lws-ssh-test-keys | 51 - test-apps/lws-ssh-test-keys.pub | 1 - test-apps/test-lejp.c | 129 - test-apps/test-sshd.c | 704 - test-apps/test.css | 190 - test-apps/test.html | 258 - test-apps/test.js | 543 - test-apps/wss-over-h2.png | Bin 2727 -> 0 bytes test-server/.gitignore | 9 + {test-apps => test-server}/android/README | 0 {test-apps => test-server}/android/app/app.iml | 0 .../android/app/build.gradle | 0 .../android/app/src/main/AndroidManifest.xml | 0 .../java/org/libwebsockets/client/LwsService.java | 0 .../org/libwebsockets/client/MainActivity.java | 0 .../org/libwebsockets/client/ThreadService.java | 0 .../android/app/src/main/jni/Android.mk | 0 .../android/app/src/main/jni/Application.mk | 0 .../android/app/src/main/jni/LwsService.cpp | 2 +- .../android/app/src/main/jni/NativeLibs.mk | 16 +- .../android/app/src/main/libs/placeholder | 0 .../android/app/src/main/res/drawable/warmcat.png | Bin .../app/src/main/res/layout/activity_main.xml | 0 .../app/src/main/res/mipmap-hdpi/ic_launcher.png | Bin .../app/src/main/res/mipmap-mdpi/ic_launcher.png | Bin .../app/src/main/res/mipmap-xhdpi/ic_launcher.png | Bin .../app/src/main/res/mipmap-xxhdpi/ic_launcher.png | Bin .../src/main/res/mipmap-xxxhdpi/ic_launcher.png | Bin .../android/app/src/main/res/values/colors.xml | 0 .../android/app/src/main/res/values/dimens.xml | 0 .../android/app/src/main/res/values/strings.xml | 0 .../android/app/src/main/res/values/styles.xml | 0 {test-apps => test-server}/android/build.gradle | 0 .../android/gradle.properties | 0 {test-apps => test-server}/android/settings.gradle | 0 {scripts => test-server}/attack.sh | 340 +- {test-apps => test-server}/candide.zip | Bin {test-apps => test-server}/favicon.ico | Bin test-server/fuzxy.c | 969 ++ {test-apps => test-server}/leaf.jpg | Bin .../libwebsockets-test-server.service | 0 .../libwebsockets.org-logo.png | Bin {test-apps => test-server}/lws-cgi-test.sh | 3 +- test-server/lws-common.js | 397 + {test-apps => test-server}/private/index.html | 0 {test-apps => test-server}/test-client.c | 263 +- test-server/test-echo.c | 524 + test-server/test-fraggle.c | 383 + test-server/test-ping.c | 571 + test-server/test-server-dumb-increment.c | 94 + test-server/test-server-http.c | 806 ++ test-server/test-server-libev.c | 347 + test-server/test-server-libevent.c | 345 + test-server/test-server-libuv.c | 480 + test-server/test-server-pthreads.c | 393 + test-server/test-server-v2.0.c | 571 + {test-apps => test-server}/test-server.c | 344 +- test-server/test-server.h | 118 + .../mount-origin/test.js => test-server/test.html | 690 +- travis_install.sh | 35 + win32port/version.rc.in | 34 - win32port/win32helpers/getopt_long.c | 7 +- win32port/zlib/crc32.c | 4 +- win32port/zlib/deflate.c | 12 - win32port/zlib/gzclose.c | 25 + win32port/zlib/gzio.c | 1006 ++ win32port/zlib/inflate.c | 11 +- win32port/zlib/zconf.h | 1 - 1108 files changed, 46409 insertions(+), 196566 deletions(-) delete mode 100644 .mailmap rename contrib/Android.mk => Android.mk (100%) rename cmake/FindLibWebSockets.cmake => FindLibWebSockets.cmake (100%) delete mode 100644 Makefile.projbuild create mode 100644 README.build.md rename READMEs/README.coding.md => README.coding.md (55%) rename READMEs/README.esp32.md => README.esp32.md (66%) create mode 100644 README.esp8266.md rename READMEs/README.generic-sessions.md => README.generic-sessions.md (100%) rename READMEs/README.generic-table.md => README.generic-table.md (100%) create mode 100644 README.lws-meta.md rename READMEs/README.lwsws.md => README.lwsws.md (75%) create mode 100644 README.problems.md rename READMEs/README.test-apps.md => README.test-apps.md (75%) delete mode 100644 READMEs/README.build.md delete mode 100644 READMEs/README.ci.md delete mode 100644 READMEs/README.content-security-policy.md delete mode 100644 READMEs/README.contributing.md delete mode 100644 READMEs/README.crypto-apis.md delete mode 100644 READMEs/README.http-fallback.md delete mode 100644 READMEs/README.lws_dll.md delete mode 100644 READMEs/README.lws_sequencer.md delete mode 100644 READMEs/README.lws_struct.md delete mode 100644 READMEs/README.lws_sul.md delete mode 100644 READMEs/README.plugin-acme.md delete mode 100644 READMEs/README.plugin-sshd-base.md delete mode 100644 READMEs/README.porting.md delete mode 100644 READMEs/README.problems.md delete mode 100644 READMEs/README.release-policy.md delete mode 100644 READMEs/README.unix-domain-reverse-proxy.md delete mode 100644 READMEs/README.vulnerability-reporting.md delete mode 100644 READMEs/mainpage.md delete mode 100644 READMEs/release-checklist create mode 100755 autobahn-test.sh delete mode 100644 cmake/FindMiniz.cmake delete mode 100644 cmake/lws_config.h.in delete mode 100644 contrib/cross-arm-android-gnueabi.cmake delete mode 100644 contrib/cross-w32.cmake delete mode 100644 contrib/cross-w64.cmake rename contrib/cross-aarch64.cmake => cross-aarch64.cmake (50%) rename contrib/cross-arm-linux-gnueabihf.cmake => cross-arm-linux-gnueabihf.cmake (53%) rename contrib/cross-esp32.cmake => cross-esp32.cmake (53%) rename contrib/cross-ming.cmake => cross-ming.cmake (54%) rename contrib/cross-openwrt-makefile => cross-openwrt-makefile (97%) delete mode 100644 doc-assets/abstract-overview.svg delete mode 100644 doc-assets/accept-flow-1.svg delete mode 100644 doc-assets/accept-flow-2.svg delete mode 100644 doc-assets/accept-flow-3.svg delete mode 100644 doc-assets/http-proxy-overview.svg delete mode 100644 doc-assets/lws-crypto-overview.svg delete mode 100644 doc-assets/lws-fts.svg delete mode 100644 doc-assets/lws-overview.png delete mode 100644 doc-assets/lws-relpol-1.svg delete mode 100644 doc-assets/lws-relpol-2.svg delete mode 100644 doc-assets/lws-relpol-3.svg delete mode 100644 doc-assets/lws-relpol-4.svg delete mode 100644 doc-assets/lws-relpol-5.svg delete mode 100644 doc-assets/lws-smp-example.png delete mode 100644 doc-assets/lws-smp-ov.png delete mode 100644 doc-assets/lws_dll.svg delete mode 100644 doc-assets/lws_sequencer.svg delete mode 100644 doc-assets/lws_struct-overview.svg delete mode 100644 doc-assets/lwsac.svg delete mode 100644 doc-assets/threadpool-states.svg delete mode 100644 doc-assets/threadpool.svg delete mode 100644 doc-assets/wss2.png delete mode 100644 include/libwebsockets.h delete mode 100644 include/libwebsockets/abstract/abstract.h delete mode 100644 include/libwebsockets/abstract/protocols.h delete mode 100644 include/libwebsockets/abstract/protocols/smtp.h delete mode 100644 include/libwebsockets/abstract/transports.h delete mode 100644 include/libwebsockets/abstract/transports/raw-skt.h delete mode 100644 include/libwebsockets/abstract/transports/unit-test.h delete mode 100644 include/libwebsockets/lws-adopt.h delete mode 100644 include/libwebsockets/lws-callbacks.h delete mode 100644 include/libwebsockets/lws-cgi.h delete mode 100644 include/libwebsockets/lws-client.h delete mode 100644 include/libwebsockets/lws-context-vhost.h delete mode 100644 include/libwebsockets/lws-dbus.h delete mode 100644 include/libwebsockets/lws-diskcache.h delete mode 100644 include/libwebsockets/lws-dsh.h delete mode 100644 include/libwebsockets/lws-esp32.h delete mode 100644 include/libwebsockets/lws-fts.h delete mode 100644 include/libwebsockets/lws-genaes.h delete mode 100644 include/libwebsockets/lws-gencrypto.h delete mode 100644 include/libwebsockets/lws-genec.h delete mode 100644 include/libwebsockets/lws-genhash.h delete mode 100644 include/libwebsockets/lws-genrsa.h delete mode 100644 include/libwebsockets/lws-http.h delete mode 100644 include/libwebsockets/lws-jose.h delete mode 100644 include/libwebsockets/lws-jwe.h delete mode 100644 include/libwebsockets/lws-jwk.h delete mode 100644 include/libwebsockets/lws-jws.h delete mode 100644 include/libwebsockets/lws-logs.h delete mode 100644 include/libwebsockets/lws-lwsac.h delete mode 100644 include/libwebsockets/lws-misc.h delete mode 100644 include/libwebsockets/lws-network-helper.h delete mode 100644 include/libwebsockets/lws-optee.h delete mode 100644 include/libwebsockets/lws-plugin-generic-sessions.h delete mode 100644 include/libwebsockets/lws-protocols-plugins.h delete mode 100644 include/libwebsockets/lws-purify.h delete mode 100644 include/libwebsockets/lws-retry.h delete mode 100644 include/libwebsockets/lws-ring.h delete mode 100644 include/libwebsockets/lws-sequencer.h delete mode 100644 include/libwebsockets/lws-service.h delete mode 100644 include/libwebsockets/lws-sha1-base64.h delete mode 100644 include/libwebsockets/lws-spa.h delete mode 100644 include/libwebsockets/lws-stats.h delete mode 100644 include/libwebsockets/lws-struct.h delete mode 100644 include/libwebsockets/lws-system.h delete mode 100644 include/libwebsockets/lws-test-sequencer.h delete mode 100644 include/libwebsockets/lws-threadpool.h delete mode 100644 include/libwebsockets/lws-timeout-timer.h delete mode 100644 include/libwebsockets/lws-tokenize.h delete mode 100644 include/libwebsockets/lws-vfs.h delete mode 100644 include/libwebsockets/lws-write.h delete mode 100644 include/libwebsockets/lws-writeable.h delete mode 100644 include/libwebsockets/lws-ws-close.h delete mode 100644 include/libwebsockets/lws-ws-ext.h delete mode 100644 include/libwebsockets/lws-ws-state.h delete mode 100644 include/libwebsockets/lws-x509.h create mode 100644 lib/.gitignore delete mode 100644 lib/README.md delete mode 100644 lib/abstract/README.md delete mode 100644 lib/abstract/abstract.c delete mode 100644 lib/abstract/private.h delete mode 100644 lib/abstract/protocols/smtp/smtp.c delete mode 100644 lib/abstract/test-sequencer.c delete mode 100644 lib/abstract/transports/raw-skt.c delete mode 100644 lib/abstract/transports/unit-test.c create mode 100644 lib/alloc.c rename lib/{misc => }/base64-decode.c (80%) create mode 100644 lib/client-handshake.c create mode 100644 lib/client-parser.c create mode 100755 lib/client.c create mode 100644 lib/context.c delete mode 100644 lib/core-net/adopt.c delete mode 100644 lib/core-net/client.c delete mode 100644 lib/core-net/close.c delete mode 100644 lib/core-net/connect.c delete mode 100644 lib/core-net/dummy-callback.c delete mode 100644 lib/core-net/lws-dsh.c delete mode 100644 lib/core-net/network.c delete mode 100644 lib/core-net/output.c delete mode 100644 lib/core-net/pollfd.c delete mode 100644 lib/core-net/private.h delete mode 100644 lib/core-net/sequencer.c delete mode 100644 lib/core-net/server.c delete mode 100644 lib/core-net/service.c delete mode 100644 lib/core-net/sorted-usec-list.c delete mode 100644 lib/core-net/stats.c delete mode 100644 lib/core-net/vhost.c delete mode 100644 lib/core-net/wsi-timeout.c delete mode 100644 lib/core-net/wsi.c delete mode 100644 lib/core/alloc.c delete mode 100644 lib/core/buflist.c delete mode 100644 lib/core/context.c delete mode 100644 lib/core/libwebsockets.c delete mode 100644 lib/core/logs.c delete mode 100644 lib/core/lws_dll.c delete mode 100644 lib/core/lws_dll2.c delete mode 100644 lib/core/private.h delete mode 100644 lib/core/vfs.c rename lib/{misc => }/daemonize.c (80%) delete mode 100644 lib/event-libs/README.md delete mode 100644 lib/event-libs/libev/libev.c delete mode 100644 lib/event-libs/libev/private.h delete mode 100644 lib/event-libs/libevent/libevent.c delete mode 100644 lib/event-libs/libevent/private.h delete mode 100644 lib/event-libs/libuv/libuv.c delete mode 100644 lib/event-libs/libuv/private.h delete mode 100644 lib/event-libs/poll/poll.c delete mode 100644 lib/event-libs/poll/private.h delete mode 100644 lib/event-libs/private.h create mode 100644 lib/extension-permessage-deflate.c rename lib/{roles/ws/ext => }/extension-permessage-deflate.h (79%) rename lib/{roles/ws/ext => }/extension.c (70%) rename lib/{roles/http/server => }/fops-zip.c (98%) rename lib/{misc => }/getifaddrs.c (95%) rename lib/{misc => }/getifaddrs.h (100%) create mode 100644 lib/handshake.c create mode 100644 lib/header.c create mode 100644 lib/hpack.c create mode 100644 lib/http2.c rename lib/{roles/h2 => }/huftable.h (100%) delete mode 100644 lib/jose/README.md delete mode 100644 lib/jose/jwe/enc/aescbc.c delete mode 100644 lib/jose/jwe/enc/aesgcm.c delete mode 100644 lib/jose/jwe/enc/aeskw.c delete mode 100644 lib/jose/jwe/jwe-ecdh-es-aeskw.c delete mode 100644 lib/jose/jwe/jwe-rsa-aescbc.c delete mode 100644 lib/jose/jwe/jwe-rsa-aesgcm.c delete mode 100644 lib/jose/jwe/jwe.c delete mode 100644 lib/jose/jwe/private.h delete mode 100644 lib/jose/jwk/jwk.c delete mode 100644 lib/jose/jws/jose.c delete mode 100644 lib/jose/jws/jws.c delete mode 100644 lib/jose/jws/private.h delete mode 100644 lib/jose/private.h rename lib/{roles/http/server => }/lejp-conf.c (66%) rename lib/{misc => }/lejp.c (66%) rename include/libwebsockets/lws-lejp.h => lib/lejp.h (64%) rename lib/{roles/http => }/lextable-strings.h (87%) create mode 100644 lib/lextable.h create mode 100644 lib/libev.c create mode 100644 lib/libevent.c create mode 100644 lib/libuv.c create mode 100755 lib/libwebsockets.c create mode 100644 lib/libwebsockets.h rename lib/{plat/esp32/esp32-helpers.c => lws-plat-esp32.c} (53%) create mode 100644 lib/lws-plat-esp8266.c create mode 100644 lib/lws-plat-optee.c create mode 100644 lib/lws-plat-unix.c create mode 100644 lib/lws-plat-win.c rename lib/{roles/h2 => }/minihuf.c (98%) rename lib/{roles/http => }/minilex.c (100%) delete mode 100644 lib/misc/dir.c delete mode 100644 lib/misc/diskcache.c delete mode 100644 lib/misc/fts/README.md delete mode 100644 lib/misc/fts/private.h delete mode 100644 lib/misc/fts/trie-fd.c delete mode 100644 lib/misc/fts/trie.c delete mode 100644 lib/misc/lws-ring.c delete mode 100644 lib/misc/lws-struct-lejp.c delete mode 100644 lib/misc/lws-struct-sqlite.c delete mode 100644 lib/misc/lwsac/README.md delete mode 100644 lib/misc/lwsac/cached-file.c delete mode 100644 lib/misc/lwsac/lwsac.c delete mode 100644 lib/misc/lwsac/private.h delete mode 100644 lib/misc/peer-limits.c delete mode 100644 lib/misc/threadpool/README.md delete mode 100644 lib/misc/threadpool/threadpool.c create mode 100644 lib/output.c create mode 100644 lib/parsers.c delete mode 100644 lib/plat/esp32/esp32-fds.c delete mode 100644 lib/plat/esp32/esp32-file.c delete mode 100644 lib/plat/esp32/esp32-init.c delete mode 100644 lib/plat/esp32/esp32-misc.c delete mode 100644 lib/plat/esp32/esp32-pipe.c delete mode 100644 lib/plat/esp32/esp32-service.c delete mode 100644 lib/plat/esp32/esp32-sockets.c delete mode 100644 lib/plat/esp32/esp_attr.h delete mode 100644 lib/plat/esp32/private.h delete mode 100644 lib/plat/optee/lws-plat-optee.c delete mode 100644 lib/plat/optee/network.c delete mode 100644 lib/plat/optee/private.h delete mode 100644 lib/plat/unix/private.h delete mode 100644 lib/plat/unix/unix-caps.c delete mode 100644 lib/plat/unix/unix-fds.c delete mode 100644 lib/plat/unix/unix-file.c delete mode 100644 lib/plat/unix/unix-init.c delete mode 100644 lib/plat/unix/unix-misc.c delete mode 100644 lib/plat/unix/unix-pipe.c delete mode 100644 lib/plat/unix/unix-plugins.c delete mode 100644 lib/plat/unix/unix-service.c delete mode 100644 lib/plat/unix/unix-sockets.c delete mode 100644 lib/plat/windows/private.h delete mode 100644 lib/plat/windows/windows-fds.c delete mode 100644 lib/plat/windows/windows-file.c delete mode 100644 lib/plat/windows/windows-init.c delete mode 100644 lib/plat/windows/windows-misc.c delete mode 100644 lib/plat/windows/windows-pipe.c delete mode 100644 lib/plat/windows/windows-plugins.c delete mode 100644 lib/plat/windows/windows-service.c delete mode 100644 lib/plat/windows/windows-sockets.c create mode 100644 lib/pollfd.c create mode 100644 lib/private-libwebsockets.h rename lib/{roles/http/server => }/ranges.c (96%) rename lib/{roles/http/server => }/rewrite.c (78%) delete mode 100644 lib/roles/README.md delete mode 100644 lib/roles/cgi/cgi-server.c delete mode 100644 lib/roles/cgi/ops-cgi.c delete mode 100644 lib/roles/cgi/private.h delete mode 100644 lib/roles/dbus/README.md delete mode 100644 lib/roles/dbus/dbus.c delete mode 100644 lib/roles/dbus/private.h delete mode 100644 lib/roles/h1/ops-h1.c delete mode 100644 lib/roles/h1/private.h delete mode 100644 lib/roles/h2/hpack.c delete mode 100644 lib/roles/h2/http2.c delete mode 100644 lib/roles/h2/ops-h2.c delete mode 100644 lib/roles/h2/private.h delete mode 100644 lib/roles/http/client/client-handshake.c delete mode 100644 lib/roles/http/client/client.c delete mode 100644 lib/roles/http/compression/README.md delete mode 100644 lib/roles/http/compression/brotli/brotli.c delete mode 100644 lib/roles/http/compression/deflate/deflate.c delete mode 100644 lib/roles/http/compression/private.h delete mode 100644 lib/roles/http/compression/stream.c delete mode 100644 lib/roles/http/header.c delete mode 100644 lib/roles/http/lextable.h delete mode 100644 lib/roles/http/private.h delete mode 100644 lib/roles/http/server/access-log.c delete mode 100644 lib/roles/http/server/lws-spa.c delete mode 100644 lib/roles/http/server/parsers.c delete mode 100644 lib/roles/http/server/server.c delete mode 100644 lib/roles/listen/ops-listen.c delete mode 100644 lib/roles/pipe/ops-pipe.c delete mode 100644 lib/roles/private.h delete mode 100644 lib/roles/raw-file/ops-raw-file.c delete mode 100644 lib/roles/raw-proxy/ops-raw-proxy.c delete mode 100644 lib/roles/raw-proxy/private.h delete mode 100644 lib/roles/raw-skt/ops-raw-skt.c delete mode 100644 lib/roles/ws/client-parser-ws.c delete mode 100644 lib/roles/ws/client-ws.c delete mode 100644 lib/roles/ws/ext/extension-permessage-deflate.c delete mode 100644 lib/roles/ws/ops-ws.c delete mode 100644 lib/roles/ws/private.h delete mode 100644 lib/roles/ws/server-ws.c rename lib/{misc => }/romfs.c (95%) rename lib/{misc => }/romfs.h (100%) create mode 100644 lib/server-handshake.c create mode 100644 lib/server.c create mode 100644 lib/service.c rename lib/{misc => }/sha-1.c (96%) create mode 100644 lib/smtp.c create mode 100644 lib/ssl-client.c create mode 100644 lib/ssl-http2.c create mode 100644 lib/ssl-server.c create mode 100644 lib/ssl.c delete mode 100644 lib/tls/lws-gencrypto-common.c delete mode 100644 lib/tls/lws-genec-common.c delete mode 100644 lib/tls/mbedtls/lws-genaes.c delete mode 100644 lib/tls/mbedtls/lws-gencrypto.c delete mode 100644 lib/tls/mbedtls/lws-genec.c delete mode 100644 lib/tls/mbedtls/lws-genhash.c delete mode 100644 lib/tls/mbedtls/lws-genrsa.c delete mode 100644 lib/tls/mbedtls/mbedtls-client.c delete mode 100644 lib/tls/mbedtls/mbedtls-server.c delete mode 100644 lib/tls/mbedtls/private.h delete mode 100644 lib/tls/mbedtls/ssl.c delete mode 100644 lib/tls/mbedtls/tls.c delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl3.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_code.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_methods.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_stack.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_types.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/ssl_x509.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/tls1.h delete mode 100644 lib/tls/mbedtls/wrapper/include/internal/x509_vfy.h delete mode 100755 lib/tls/mbedtls/wrapper/include/openssl/ssl.h delete mode 100644 lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h delete mode 100644 lib/tls/mbedtls/wrapper/include/platform/ssl_port.h delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_cert.c delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_lib.c delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_methods.c delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_pkey.c delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_stack.c delete mode 100644 lib/tls/mbedtls/wrapper/library/ssl_x509.c delete mode 100755 lib/tls/mbedtls/wrapper/platform/ssl_pm.c delete mode 100644 lib/tls/mbedtls/wrapper/platform/ssl_port.c delete mode 100644 lib/tls/mbedtls/x509.c delete mode 100644 lib/tls/openssl/lws-genaes.c delete mode 100644 lib/tls/openssl/lws-gencrypto.c delete mode 100644 lib/tls/openssl/lws-genec.c delete mode 100644 lib/tls/openssl/lws-genhash.c delete mode 100644 lib/tls/openssl/lws-genrsa.c delete mode 100644 lib/tls/openssl/openssl-client.c delete mode 100644 lib/tls/openssl/openssl-server.c delete mode 100644 lib/tls/openssl/private.h delete mode 100644 lib/tls/openssl/ssl.c delete mode 100644 lib/tls/openssl/tls.c delete mode 100644 lib/tls/openssl/x509.c delete mode 100644 lib/tls/private-network.h delete mode 100644 lib/tls/private.h delete mode 100644 lib/tls/tls-client.c delete mode 100644 lib/tls/tls-network.c delete mode 100644 lib/tls/tls-server.c delete mode 100644 lib/tls/tls.c create mode 100644 libwebsockets.spec create mode 100644 lws_config.h.in rename cmake/lws_config_private.h.in => lws_config_private.h.in (93%) create mode 100644 mainpage.md delete mode 100644 minimal-examples/README.md delete mode 100644 minimal-examples/abstract/protocols/smtp-client/CMakeLists.txt delete mode 100644 minimal-examples/abstract/protocols/smtp-client/README.md delete mode 100644 minimal-examples/abstract/protocols/smtp-client/main.c delete mode 100644 minimal-examples/api-tests/README.md delete mode 100644 minimal-examples/api-tests/api-test-fts/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-fts/README.md delete mode 100644 minimal-examples/api-tests/api-test-fts/canned-1.txt delete mode 100644 minimal-examples/api-tests/api-test-fts/canned-2.txt delete mode 100644 minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt delete mode 100644 minimal-examples/api-tests/api-test-fts/main.c delete mode 100755 minimal-examples/api-tests/api-test-fts/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt delete mode 100644 minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-gencrypto/README.md delete mode 100644 minimal-examples/api-tests/api-test-gencrypto/lws-genaes.c delete mode 100644 minimal-examples/api-tests/api-test-gencrypto/lws-genec.c delete mode 100644 minimal-examples/api-tests/api-test-gencrypto/main.c delete mode 100755 minimal-examples/api-tests/api-test-gencrypto/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-jose/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-jose/README.md delete mode 100644 minimal-examples/api-tests/api-test-jose/jwe.c delete mode 100644 minimal-examples/api-tests/api-test-jose/jwk.c delete mode 100644 minimal-examples/api-tests/api-test-jose/jws.c delete mode 100644 minimal-examples/api-tests/api-test-jose/main.c delete mode 100755 minimal-examples/api-tests/api-test-jose/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-lws_dsh/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-lws_dsh/README.md delete mode 100644 minimal-examples/api-tests/api-test-lws_dsh/main.c delete mode 100755 minimal-examples/api-tests/api-test-lws_dsh/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-lws_sequencer/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-lws_sequencer/libwebsockets.org.cer delete mode 100644 minimal-examples/api-tests/api-test-lws_sequencer/main.c delete mode 100644 minimal-examples/api-tests/api-test-lws_struct-json/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-lws_struct-json/README.md delete mode 100644 minimal-examples/api-tests/api-test-lws_struct-json/main.c delete mode 100755 minimal-examples/api-tests/api-test-lws_struct-json/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-lws_tokenize/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-lws_tokenize/README.md delete mode 100644 minimal-examples/api-tests/api-test-lws_tokenize/main.c delete mode 100755 minimal-examples/api-tests/api-test-lws_tokenize/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-lwsac/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-lwsac/README.md delete mode 100644 minimal-examples/api-tests/api-test-lwsac/main.c delete mode 100755 minimal-examples/api-tests/api-test-lwsac/selftest.sh delete mode 100644 minimal-examples/api-tests/api-test-smtp_client/CMakeLists.txt delete mode 100644 minimal-examples/api-tests/api-test-smtp_client/README.md delete mode 100644 minimal-examples/api-tests/api-test-smtp_client/main.c delete mode 100644 minimal-examples/client-server/README.md delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/CMakeLists.txt delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/README.md delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/minimal-ws-proxy.c delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/mount-origin/example.js delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/mount-origin/favicon.ico delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/mount-origin/index.html delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/client-server/minimal-ws-proxy/protocol_lws_minimal.c delete mode 100644 minimal-examples/crypto/README.md delete mode 100644 minimal-examples/crypto/minimal-crypto-jwe/CMakeLists.txt delete mode 100644 minimal-examples/crypto/minimal-crypto-jwe/README.md delete mode 100644 minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.private delete mode 100644 minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.pub delete mode 100644 minimal-examples/crypto/minimal-crypto-jwe/main.c delete mode 100644 minimal-examples/crypto/minimal-crypto-jwk/CMakeLists.txt delete mode 100644 minimal-examples/crypto/minimal-crypto-jwk/README.md delete mode 100644 minimal-examples/crypto/minimal-crypto-jwk/main.c delete mode 100644 minimal-examples/crypto/minimal-crypto-jws/CMakeLists.txt delete mode 100644 minimal-examples/crypto/minimal-crypto-jws/README.md delete mode 100644 minimal-examples/crypto/minimal-crypto-jws/main.c delete mode 100644 minimal-examples/crypto/minimal-crypto-x509/CMakeLists.txt delete mode 100644 minimal-examples/crypto/minimal-crypto-x509/README.md delete mode 100644 minimal-examples/crypto/minimal-crypto-x509/main.c delete mode 100644 minimal-examples/dbus-client/README.md delete mode 100644 minimal-examples/dbus-client/minimal-dbus-client/CMakeLists.txt delete mode 100644 minimal-examples/dbus-client/minimal-dbus-client/README.md delete mode 100644 minimal-examples/dbus-client/minimal-dbus-client/minimal-dbus-client.c delete mode 100644 minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/CMakeLists.txt delete mode 100644 minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/README.md delete mode 100644 minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/minimal-dbus-ws-proxy-testclient.c delete mode 100644 minimal-examples/dbus-server/README.md delete mode 100644 minimal-examples/dbus-server/minimal-dbus-server/CMakeLists.txt delete mode 100644 minimal-examples/dbus-server/minimal-dbus-server/README.md delete mode 100644 minimal-examples/dbus-server/minimal-dbus-server/main.c delete mode 100644 minimal-examples/dbus-server/minimal-dbus-ws-proxy/CMakeLists.txt delete mode 100644 minimal-examples/dbus-server/minimal-dbus-ws-proxy/README.md delete mode 100644 minimal-examples/dbus-server/minimal-dbus-ws-proxy/main.c delete mode 100644 minimal-examples/dbus-server/minimal-dbus-ws-proxy/org.libwebsockets.wsclientproxy.conf delete mode 100644 minimal-examples/dbus-server/minimal-dbus-ws-proxy/protocol_lws_minimal_dbus_ws_proxy.c delete mode 100644 minimal-examples/http-client/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-certinfo/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client-certinfo/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c delete mode 100644 minimal-examples/http-client/minimal-http-client-certinfo/warmcat.com.cer delete mode 100644 minimal-examples/http-client/minimal-http-client-custom-headers/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client-custom-headers/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-custom-headers/minimal-http-client-custom-headers.c delete mode 100644 minimal-examples/http-client/minimal-http-client-custom-headers/warmcat.com.cer delete mode 100644 minimal-examples/http-client/minimal-http-client-hugeurl/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client-hugeurl/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-hugeurl/minimal-http-client-hugeurl.c delete mode 100755 minimal-examples/http-client/minimal-http-client-hugeurl/selftest.sh delete mode 100644 minimal-examples/http-client/minimal-http-client-hugeurl/warmcat.com.cer delete mode 100644 minimal-examples/http-client/minimal-http-client-multi/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client-multi/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-multi/minimal-http-client-multi.c delete mode 100755 minimal-examples/http-client/minimal-http-client-multi/selftest.sh delete mode 100644 minimal-examples/http-client/minimal-http-client-multi/warmcat.com.cer delete mode 100644 minimal-examples/http-client/minimal-http-client-post/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client-post/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client-post/libwebsockets.org.cer delete mode 100644 minimal-examples/http-client/minimal-http-client-post/minimal-http-client-post.c delete mode 100755 minimal-examples/http-client/minimal-http-client-post/selftest.sh delete mode 100644 minimal-examples/http-client/minimal-http-client/CMakeLists.txt delete mode 100644 minimal-examples/http-client/minimal-http-client/README.md delete mode 100644 minimal-examples/http-client/minimal-http-client/minimal-http-client.c delete mode 100755 minimal-examples/http-client/minimal-http-client/selftest.sh delete mode 100644 minimal-examples/http-client/minimal-http-client/warmcat.com.cer delete mode 100644 minimal-examples/http-server/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/minimal-http-server-custom-headers.c delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/error.css delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/ba-passwords delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/minimal-http-server-deaddrop.c delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.css delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.js delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/drop.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-deaddrop/uploads/user1/placeholder.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/minimal-http-server-eventlib-demos.c delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/candide.zip delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/leaf.jpg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/lws-common.js delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.css delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/wss-over-h2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/minimal-http-server-eventlib-foreign.c delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/minimal-http-server-eventlib-smp.c delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/minimal-http-server-eventlib.c delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/minimal-http-server-form-get.c delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/after-form1.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-get/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/minimal-http-server-form-post-file.c delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/after-form1.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-lwsac/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-lwsac/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post-lwsac/minimal-http-server-form-post.c delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/minimal-http-server-form-post.c delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/after-form1.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-form-post/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/lws-fts.index delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/minimal-http-server.c delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/dorian-gray-wikipedia.jpg delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.css delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.js delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-fulltext-search/the-picture-of-dorian-gray.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/minimal-http-server-generic-sessions.c delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/admin-login.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/failed-login.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lws-common.js delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs-logo.png delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.css delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.js delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/md5.min.js delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needadmin/admin-login.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needauth/successful-login.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-fail.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-ok.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-fail.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-ok.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-fail.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-ok.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/seats.jpg delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-fail.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-ok.html delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/successful-login.html delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/minimal-http-server-mimetypes.c delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/test.tar.bz2 delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/minimal-http-server.c delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/minimal-http-server-proxy.c delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-proxy/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/minimal-http-server-smp.c delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-smp/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/minimal-http-server-sse-ring.c delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/minimal-http-server-sse.c delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-sse/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/minimal-http-server-tls-80.c delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/minimal-http-server-tls-mem.c delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/localhost-100y.cert delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/localhost-100y.key delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/minimal-http-server-tls.c delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/example.js delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/http2.png delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server-tls/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/http-server/minimal-http-server/CMakeLists.txt delete mode 100644 minimal-examples/http-server/minimal-http-server/README.md delete mode 100644 minimal-examples/http-server/minimal-http-server/minimal-http-server.c delete mode 100644 minimal-examples/http-server/minimal-http-server/mount-origin/404.html delete mode 100644 minimal-examples/http-server/minimal-http-server/mount-origin/favicon.ico delete mode 100644 minimal-examples/http-server/minimal-http-server/mount-origin/index.html delete mode 100644 minimal-examples/http-server/minimal-http-server/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/http-server/minimal-http-server/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/raw/README.md delete mode 100644 minimal-examples/raw/minimal-raw-adopt-tcp/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-adopt-tcp/README.md delete mode 100644 minimal-examples/raw/minimal-raw-adopt-tcp/minimal-raw-adopt-tcp.c delete mode 100644 minimal-examples/raw/minimal-raw-adopt-udp/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-adopt-udp/README.md delete mode 100644 minimal-examples/raw/minimal-raw-adopt-udp/minimal-raw-adopt-udp.c delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/README.md delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.cert delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.key delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/minimal-raw-fallback-http-server.c delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/404.html delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/favicon.ico delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/index.html delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/raw/minimal-raw-file/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-file/README.md delete mode 100644 minimal-examples/raw/minimal-raw-file/minimal-raw-file.c delete mode 100644 minimal-examples/raw/minimal-raw-netcat/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-netcat/README.md delete mode 100644 minimal-examples/raw/minimal-raw-netcat/minimal-raw-netcat.c delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/README.md delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.cert delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.key delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/minimal-raw-proxy-fallback.c delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/404.html delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/favicon.ico delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/index.html delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/raw/minimal-raw-proxy/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-proxy/README.md delete mode 100644 minimal-examples/raw/minimal-raw-proxy/minimal-raw-proxy.c delete mode 100644 minimal-examples/raw/minimal-raw-vhost/CMakeLists.txt delete mode 100644 minimal-examples/raw/minimal-raw-vhost/README.md delete mode 100644 minimal-examples/raw/minimal-raw-vhost/localhost-100y.cert delete mode 100644 minimal-examples/raw/minimal-raw-vhost/localhost-100y.key delete mode 100644 minimal-examples/raw/minimal-raw-vhost/minimal-raw-vhost.c delete mode 100755 minimal-examples/selftests-library.sh delete mode 100755 minimal-examples/selftests.sh delete mode 100644 minimal-examples/ws-client/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-echo/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-echo/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-echo/minimal-ws-client-echo.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-echo/protocol_lws_minimal_client_echo.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-ping/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-ping/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-ping/libwebsockets.org.cer delete mode 100644 minimal-examples/ws-client/minimal-ws-client-ping/minimal-ws-client-ping.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-pmd-bulk/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-pmd-bulk/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-pmd-bulk/minimal-ws-client-pmd-bulk.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-pmd-bulk/protocol_lws_minimal_pmd_bulk.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-rx/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-rx/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-rx/libwebsockets.org.cer delete mode 100644 minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c delete mode 100644 minimal-examples/ws-client/minimal-ws-client-rx/selftest.sh delete mode 100644 minimal-examples/ws-client/minimal-ws-client-spam/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-spam/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-spam/libwebsockets.org.cer delete mode 100644 minimal-examples/ws-client/minimal-ws-client-spam/minimal-ws-client-spam.c delete mode 100755 minimal-examples/ws-client/minimal-ws-client-spam/selftest.sh delete mode 100644 minimal-examples/ws-client/minimal-ws-client-tx/CMakeLists.txt delete mode 100644 minimal-examples/ws-client/minimal-ws-client-tx/README.md delete mode 100644 minimal-examples/ws-client/minimal-ws-client-tx/minimal-ws-client.c delete mode 100644 minimal-examples/ws-server/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/minimal-ws-broker.c delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-broker/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-echo/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-echo/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-echo/minimal-ws-server-echo.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-echo/protocol_lws_minimal_server_echo.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/minimal-ws-server-pmd-bulk.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-bulk/protocol_lws_minimal_pmd_bulk.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/minimal-ws-server-pmd-corner.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd-corner/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/minimal-ws-server-pmd.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-pmd/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/minimal-ws-server-ring.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-ring/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/minimal-ws-server-threadpool.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threadpool/protocol_lws_minimal_threadpool.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/minimal-ws-server.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads-smp/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/minimal-ws-server.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-threads/protocol_lws_minimal.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.cert delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.key delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/minimal-ws-server.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server/CMakeLists.txt delete mode 100644 minimal-examples/ws-server/minimal-ws-server/README.md delete mode 100644 minimal-examples/ws-server/minimal-ws-server/localhost-100y.cert delete mode 100644 minimal-examples/ws-server/minimal-ws-server/localhost-100y.key delete mode 100644 minimal-examples/ws-server/minimal-ws-server/minimal-ws-server.c delete mode 100644 minimal-examples/ws-server/minimal-ws-server/mount-origin/example.js delete mode 100644 minimal-examples/ws-server/minimal-ws-server/mount-origin/favicon.ico delete mode 100644 minimal-examples/ws-server/minimal-ws-server/mount-origin/index.html delete mode 100644 minimal-examples/ws-server/minimal-ws-server/mount-origin/libwebsockets.org-logo.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server/mount-origin/strict-csp.svg delete mode 100644 minimal-examples/ws-server/minimal-ws-server/protocol_lws_minimal.c create mode 100644 module.json delete mode 100644 plugins/acme-client/protocol_lws_acme_client.c delete mode 100644 plugins/deaddrop/README.md delete mode 100644 plugins/deaddrop/assets/deaddrop.css delete mode 100644 plugins/deaddrop/assets/deaddrop.js delete mode 100644 plugins/deaddrop/assets/drop.svg delete mode 100644 plugins/deaddrop/assets/index.html delete mode 100644 plugins/deaddrop/protocol_lws_deaddrop.c delete mode 100644 plugins/generic-sessions/assets/lwsgs.css delete mode 100644 plugins/protocol_fulltext_demo.c create mode 100644 plugins/protocol_lws_meta.c delete mode 100644 plugins/protocol_lws_sshd_demo.c delete mode 100644 plugins/raw-proxy/README.md delete mode 100644 plugins/raw-proxy/protocol_lws_raw_proxy.c delete mode 100644 plugins/server-status.css delete mode 100644 plugins/server-status.js delete mode 100644 plugins/ssh-base/crypto/chacha.c delete mode 100644 plugins/ssh-base/crypto/ed25519.c delete mode 100644 plugins/ssh-base/crypto/fe25519.c delete mode 100644 plugins/ssh-base/crypto/fe25519.h delete mode 100644 plugins/ssh-base/crypto/ge25519.c delete mode 100644 plugins/ssh-base/crypto/ge25519.h delete mode 100644 plugins/ssh-base/crypto/ge25519_base.data delete mode 100644 plugins/ssh-base/crypto/poly1305.c delete mode 100644 plugins/ssh-base/crypto/sc25519.c delete mode 100644 plugins/ssh-base/crypto/sc25519.h delete mode 100644 plugins/ssh-base/crypto/smult_curve25519_ref.c delete mode 100644 plugins/ssh-base/include/lws-plugin-ssh.h delete mode 100644 plugins/ssh-base/include/lws-plugin-sshd-static-build-includes.h delete mode 100644 plugins/ssh-base/include/lws-ssh.h delete mode 100644 plugins/ssh-base/kex-25519.c delete mode 100644 plugins/ssh-base/sshd.c delete mode 100644 plugins/ssh-base/telnet.c create mode 100644 release-checklist create mode 100644 scripts/FindLibWebSockets.cmake delete mode 100755 scripts/autobahn-test-client.sh delete mode 100755 scripts/autobahn-test-server.sh delete mode 100755 scripts/build-gcov.sh delete mode 100644 scripts/client-ca/certindex.txt delete mode 100755 scripts/client-ca/create-ca.sh delete mode 100755 scripts/client-ca/create-client-cert.sh delete mode 100755 scripts/client-ca/create-server-cert.sh delete mode 100644 scripts/client-ca/serial delete mode 100644 scripts/client-ca/tmp.cnf delete mode 100755 scripts/gcov.sh delete mode 100755 scripts/h2load-smp.sh delete mode 100755 scripts/h2load.sh delete mode 100755 scripts/h2spec.sh delete mode 100644 scripts/libwebsockets.spec delete mode 100755 scripts/test-dbus-proxy.sh delete mode 100755 scripts/travis_control.sh delete mode 100755 scripts/travis_install.sh delete mode 100644 test-apps/1.png delete mode 100644 test-apps/2.png delete mode 100644 test-apps/3.png delete mode 100644 test-apps/4.png delete mode 100644 test-apps/5.png delete mode 100644 test-apps/6.png delete mode 100644 test-apps/7.png delete mode 100644 test-apps/8.png delete mode 100644 test-apps/http2.png delete mode 100644 test-apps/libwebsockets.org-logo.svg delete mode 100644 test-apps/lws-common.js delete mode 100644 test-apps/lws-ssh-test-keys delete mode 100644 test-apps/lws-ssh-test-keys.pub delete mode 100644 test-apps/test-lejp.c delete mode 100644 test-apps/test-sshd.c delete mode 100644 test-apps/test.css delete mode 100644 test-apps/test.html delete mode 100644 test-apps/test.js delete mode 100644 test-apps/wss-over-h2.png create mode 100644 test-server/.gitignore rename {test-apps => test-server}/android/README (100%) rename {test-apps => test-server}/android/app/app.iml (100%) rename {test-apps => test-server}/android/app/build.gradle (100%) rename {test-apps => test-server}/android/app/src/main/AndroidManifest.xml (100%) rename {test-apps => test-server}/android/app/src/main/java/org/libwebsockets/client/LwsService.java (100%) rename {test-apps => test-server}/android/app/src/main/java/org/libwebsockets/client/MainActivity.java (100%) rename {test-apps => test-server}/android/app/src/main/java/org/libwebsockets/client/ThreadService.java (100%) rename {test-apps => test-server}/android/app/src/main/jni/Android.mk (100%) rename {test-apps => test-server}/android/app/src/main/jni/Application.mk (100%) rename {test-apps => test-server}/android/app/src/main/jni/LwsService.cpp (99%) rename {test-apps => test-server}/android/app/src/main/jni/NativeLibs.mk (99%) rename {test-apps => test-server}/android/app/src/main/libs/placeholder (100%) rename {test-apps => test-server}/android/app/src/main/res/drawable/warmcat.png (100%) rename {test-apps => test-server}/android/app/src/main/res/layout/activity_main.xml (100%) rename {test-apps => test-server}/android/app/src/main/res/mipmap-hdpi/ic_launcher.png (100%) rename {test-apps => test-server}/android/app/src/main/res/mipmap-mdpi/ic_launcher.png (100%) rename {test-apps => test-server}/android/app/src/main/res/mipmap-xhdpi/ic_launcher.png (100%) rename {test-apps => test-server}/android/app/src/main/res/mipmap-xxhdpi/ic_launcher.png (100%) rename {test-apps => test-server}/android/app/src/main/res/mipmap-xxxhdpi/ic_launcher.png (100%) rename {test-apps => test-server}/android/app/src/main/res/values/colors.xml (100%) rename {test-apps => test-server}/android/app/src/main/res/values/dimens.xml (100%) rename {test-apps => test-server}/android/app/src/main/res/values/strings.xml (100%) rename {test-apps => test-server}/android/app/src/main/res/values/styles.xml (100%) rename {test-apps => test-server}/android/build.gradle (100%) rename {test-apps => test-server}/android/gradle.properties (100%) rename {test-apps => test-server}/android/settings.gradle (100%) rename {scripts => test-server}/attack.sh (61%) rename {test-apps => test-server}/candide.zip (100%) rename {test-apps => test-server}/favicon.ico (100%) create mode 100644 test-server/fuzxy.c rename {test-apps => test-server}/leaf.jpg (100%) rename {test-apps => test-server}/libwebsockets-test-server.service (100%) rename {test-apps => test-server}/libwebsockets.org-logo.png (100%) rename {test-apps => test-server}/lws-cgi-test.sh (90%) create mode 100644 test-server/lws-common.js rename {test-apps => test-server}/private/index.html (100%) rename {test-apps => test-server}/test-client.c (69%) create mode 100644 test-server/test-echo.c create mode 100644 test-server/test-fraggle.c create mode 100644 test-server/test-ping.c create mode 100644 test-server/test-server-dumb-increment.c create mode 100644 test-server/test-server-http.c create mode 100644 test-server/test-server-libev.c create mode 100644 test-server/test-server-libevent.c create mode 100644 test-server/test-server-libuv.c create mode 100644 test-server/test-server-pthreads.c create mode 100644 test-server/test-server-v2.0.c rename {test-apps => test-server}/test-server.c (68%) create mode 100644 test-server/test-server.h rename minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.js => test-server/test.html (79%) create mode 100755 travis_install.sh delete mode 100644 win32port/version.rc.in create mode 100755 win32port/zlib/gzclose.c create mode 100644 win32port/zlib/gzio.c diff --git a/.gitignore b/.gitignore index 21289f3..7a1adf8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,12 +1,4 @@ #Ignore build files -CMakeCache.txt -CMakeFiles -build -cmake_install.cmake -lws-minimal* -Makefile -.cproject -.project config.h config.log config.status @@ -46,12 +38,3 @@ ar-lib libwebsockets.pc build/ *.swp -doc -/build2/ -/build3/ -/cov-int/ -/.vs/ -/build-mtls/ -/build-mingw64/ -/n9/ -/bb/ diff --git a/.mailmap b/.mailmap deleted file mode 100644 index b14d9d1..0000000 --- a/.mailmap +++ /dev/null @@ -1,3 +0,0 @@ -Andy Green -Joakim Söderberg - diff --git a/.travis.yml b/.travis.yml index df21b90..3f5293c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,37 +4,26 @@ env: global: - secure: "KhAdQ9ja+LBObWNQTYO7Df5J4DyOih6S+eerDMu8UPSO+CoWV2pWoQzbOfocjyOscGOwC+2PrrHDNZyGfqkCLDXg1BxynXPCFerHC1yc2IajvKpGXmAAygNIvp4KACDfGv/dkXrViqIzr/CdcNaU4vIMHSVb5xkeLi0W1dPnQOI=" matrix: - - LWS_METHOD=lwsws CMAKE_ARGS="-DLWS_WITH_LWSWS=ON -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_HTTP2=1 -DLWS_WITH_ACME=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_ROLE_DBUS=1 -DLWS_DBUS_INCLUDE2=/usr/lib/x86_64-linux-gnu/dbus-1.0/include/ -DLWS_WITH_GENCRYPTO=1 -DLWS_WITH_JOSE=1" - - LWS_METHOD=lwsws2 CMAKE_ARGS="-DLWS_WITH_LWSWS=ON -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_HTTP2=1 -DLWS_WITH_ACME=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_ROLE_DBUS=1 -DLWS_DBUS_INCLUDE2=/usr/lib/x86_64-linux-gnu/dbus-1.0/include/ -DLWS_WITH_LWS_DSH=1" - - LWS_METHOD=default CMAKE_ARGS="-DLWS_WITH_MINIMAL_EXAMPLES=1" - - LWS_METHOD=mbedtls CMAKE_ARGS="-DLWS_WITH_MBEDTLS=1 -DLWS_WITH_HTTP2=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_JOSE=1 -DCMAKE_BUILD_TYPE=DEBUG" - - LWS_METHOD=noserver CMAKE_ARGS="-DLWS_WITHOUT_SERVER=ON -DLWS_WITH_MINIMAL_EXAMPLES=1" - - LWS_METHOD=noclient CMAKE_ARGS="-DLWS_WITHOUT_CLIENT=ON -DLWS_WITH_MINIMAL_EXAMPLES=1" - - LWS_METHOD=noext CMAKE_ARGS="-DLWS_WITHOUT_EXTENSIONS=ON -DLWS_WITH_MINIMAL_EXAMPLES=1" - - LWS_METHOD=nonetwork CMAKE_ARGS="-DLWS_WITH_NETWORK=0" + - LWS_METHOD=lwsws CMAKE_ARGS="-DLWS_WITH_LWSWS=ON" + - LWS_METHOD=default + - LWS_METHOD=noserver CMAKE_ARGS="-DLWS_WITHOUT_SERVER=ON" + - LWS_METHOD=noclient CMAKE_ARGS="-DLWS_WITHOUT_CLIENT=ON" + - LWS_METHOD=noext CMAKE_ARGS="-DLWS_WITHOUT_EXTENSIONS=ON" - LWS_METHOD=libev CMAKE_ARGS="-DLWS_WITH_LIBEV=ON" - LWS_METHOD=noipv6 CMAKE_ARGS="-DLWS_IPV6=OFF" - LWS_METHOD=nossl CMAKE_ARGS="-DLWS_WITH_SSL=OFF" - LWS_METHOD=nodaemon CMAKE_ARGS="-DLWS_WITHOUT_DAEMONIZE=ON" - LWS_METHOD=cgi CMAKE_ARGS="-DLWS_WITH_CGI=ON" - LWS_METHOD=nologs CMAKE_ARGS="-DLWS_WITH_NO_LOGS=ON" - - LWS_METHOD=smp CMAKE_ARGS="-DLWS_MAX_SMP=32 -DLWS_WITH_MINIMAL_EXAMPLES=1" - - LWS_METHOD=nows CMAKE_ARGS="-DLWS_ROLE_WS=0" - - LWS_METHOD=threadpool CMAKE_ARGS="-DLWS_WITH_THREADPOOL=1 -DLWS_WITH_MINIMAL_EXAMPLES=1" os: - linux - osx language: generic install: - - ./scripts/travis_install.sh -# - ./travis-tool.sh github_package jimhester/covr - -#after_success: -# - Rscript -e 'covr::coveralls()' - + - ./travis_install.sh script: - - ./scripts/travis_control.sh + - if [ "$COVERITY_SCAN_BRANCH" != 1 -a "$TRAVIS_OS_NAME" = "osx" ]; then mkdir build && cd build && cmake -DOPENSSL_ROOT_DIR="/usr/local/opt/openssl" $CMAKE_ARGS .. && cmake --build .; else if [ "$COVERITY_SCAN_BRANCH" != 1 -a "$TRAVIS_OS_NAME" = "linux" ]; then mkdir build && cd build && cmake $CMAKE_ARGS .. && cmake --build .; fi ; fi sudo: required dist: trusty addons: diff --git a/contrib/Android.mk b/Android.mk similarity index 100% rename from contrib/Android.mk rename to Android.mk diff --git a/CMakeLists.txt b/CMakeLists.txt index d214d77..933ed63 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,269 +1,20 @@ cmake_minimum_required(VERSION 2.8.9) -# General Advice -# -# For selecting between DEBUG / RELEASE, use -DCMAKE_BUILD_TYPE=DEBUG or =RELEASE -# debug builds include source level debug info and extra logging - -set(LWS_WITH_BUNDLED_ZLIB_DEFAULT OFF) -if(WIN32) - set(LWS_WITH_BUNDLED_ZLIB_DEFAULT ON) -endif() - -set(LWS_ROLE_RAW 1) -set(LWS_WITH_POLL 1) - -# -# Select features recommended for PC distro packaging -# -option(LWS_WITH_DISTRO_RECOMMENDED "Enable features recommended for distro packaging" OFF) -option(LWS_FOR_GITOHASHI "Enable features recommended for use with gitohashi" OFF) - -# -# Major individual features -# -option(LWS_WITH_NETWORK "Compile with network-related code" ON) -option(LWS_ROLE_H1 "Compile with support for http/1 (needed for ws)" ON) -option(LWS_ROLE_WS "Compile with support for websockets" ON) -option(LWS_ROLE_DBUS "Compile with support for DBUS" OFF) -option(LWS_ROLE_RAW_PROXY "Raw packet proxy" OFF) -option(LWS_WITH_HTTP2 "Compile with server support for HTTP/2" ON) -option(LWS_WITH_LWSWS "Libwebsockets Webserver" OFF) -option(LWS_WITH_CGI "Include CGI (spawn process with network-connected stdin/out/err) APIs" OFF) -option(LWS_IPV6 "Compile with support for ipv6" OFF) -option(LWS_UNIX_SOCK "Compile with support for UNIX domain socket" OFF) -option(LWS_WITH_PLUGINS "Support plugins for protocols and extensions" OFF) -option(LWS_WITH_HTTP_PROXY "Support for HTTP proxying" OFF) -option(LWS_WITH_ZIP_FOPS "Support serving pre-zipped files" OFF) -option(LWS_WITH_SOCKS5 "Allow use of SOCKS5 proxy on client connections" OFF) -option(LWS_WITH_GENERIC_SESSIONS "With the Generic Sessions plugin" OFF) -option(LWS_WITH_PEER_LIMITS "Track peers and restrict resources a single peer can allocate" OFF) -option(LWS_WITH_ACCESS_LOG "Support generating Apache-compatible access logs" OFF) -option(LWS_WITH_RANGES "Support http ranges (RFC7233)" OFF) -option(LWS_WITH_SERVER_STATUS "Support json + jscript server monitoring" OFF) -option(LWS_WITH_THREADPOOL "Managed worker thread pool support (relies on pthreads)" OFF) -option(LWS_WITH_HTTP_STREAM_COMPRESSION "Support HTTP stream compression" OFF) -option(LWS_WITH_HTTP_BROTLI "Also offer brotli http stream compression (requires LWS_WITH_HTTP_STREAM_COMPRESSION)" OFF) -option(LWS_WITH_ACME "Enable support for ACME automatic cert acquisition + maintenance (letsencrypt etc)" OFF) -option(LWS_WITH_HUBBUB "Enable libhubbub rewriting support" OFF) -option(LWS_WITH_FTS "Full Text Search support" OFF) -# -# TLS library options... all except mbedTLS are basically OpenSSL variants. -# -option(LWS_WITH_SSL "Include SSL support (defaults to OpenSSL or similar, mbedTLS if LWS_WITH_MBEDTLS is set)" ON) -option(LWS_WITH_MBEDTLS "Use mbedTLS (>=2.0) replacement for OpenSSL. When setting this, you also may need to specify LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS" OFF) -option(LWS_WITH_BORINGSSL "Use BoringSSL replacement for OpenSSL" OFF) -option(LWS_WITH_CYASSL "Use CyaSSL replacement for OpenSSL. When setting this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF) -option(LWS_WITH_WOLFSSL "Use wolfSSL replacement for OpenSSL. When setting this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF) -option(LWS_SSL_CLIENT_USE_OS_CA_CERTS "SSL support should make use of the OS-installed CA root certs" ON) -# -# Event library options (may select multiple, or none for default poll() -# -option(LWS_WITH_LIBEV "Compile with support for libev" OFF) -option(LWS_WITH_LIBUV "Compile with support for libuv" OFF) -option(LWS_WITH_LIBEVENT "Compile with support for libevent" OFF) -# -# Static / Dynamic build options -# -option(LWS_WITH_STATIC "Build the static version of the library" ON) -option(LWS_WITH_SHARED "Build the shared version of the library" ON) -option(LWS_LINK_TESTAPPS_DYNAMIC "Link the test apps to the shared version of the library. Default is to link statically" OFF) -option(LWS_STATIC_PIC "Build the static version of the library with position-independent code" OFF) -# -# Specific platforms -# -option(LWS_WITH_ESP32 "Build for ESP32" OFF) -option(LWS_WITH_ESP32_HELPER "Build ESP32 helper" OFF) -option(LWS_PLAT_OPTEE "Build for OPTEE" OFF) -# -# Client / Server / Test Apps build control -# -option(LWS_WITHOUT_CLIENT "Don't build the client part of the library" OFF) -option(LWS_WITHOUT_SERVER "Don't build the server part of the library" OFF) -option(LWS_WITHOUT_TESTAPPS "Don't build the libwebsocket-test-apps" OFF) -option(LWS_WITHOUT_TEST_SERVER "Don't build the test server" OFF) -option(LWS_WITHOUT_TEST_SERVER_EXTPOLL "Don't build the test server version that uses external poll" OFF) -option(LWS_WITHOUT_TEST_PING "Don't build the ping test application" OFF) -option(LWS_WITHOUT_TEST_CLIENT "Don't build the client test application" OFF) -# -# Extensions (permessage-deflate) -# -option(LWS_WITHOUT_EXTENSIONS "Don't compile with extensions" ON) -# -# Helpers + misc -# -option(LWS_WITHOUT_BUILTIN_GETIFADDRS "Don't use the BSD getifaddrs implementation from libwebsockets if it is missing (this will result in a compilation error) ... The default is to assume that your libc provides it. On some systems such as uclibc it doesn't exist." OFF) -option(LWS_FALLBACK_GETHOSTBYNAME "Also try to do dns resolution using gethostbyname if getaddrinfo fails" OFF) -option(LWS_WITHOUT_BUILTIN_SHA1 "Don't build the lws sha-1 (eg, because openssl will provide it" OFF) -option(LWS_WITH_LATENCY "Build latency measuring code into the library" OFF) -option(LWS_WITHOUT_DAEMONIZE "Don't build the daemonization api" ON) -option(LWS_SSL_SERVER_WITH_ECDH_CERT "Include SSL server use ECDH certificate" OFF) -option(LWS_WITH_LEJP "With the Lightweight JSON Parser" ON) -option(LWS_WITH_SQLITE3 "Require SQLITE3 support" OFF) -option(LWS_WITH_STRUCT_JSON "Generic struct serialization to and from JSON" ON) -option(LWS_WITH_STRUCT_SQLITE3 "Generic struct serialization to and from SQLITE3" OFF) -option(LWS_WITH_SMTP "Provide SMTP support" OFF) -if (WIN32 OR LWS_WITH_ESP32) -option(LWS_WITH_DIR "Directory scanning api support" OFF) -option(LWS_WITH_LEJP_CONF "With LEJP configuration parser as used by lwsws" OFF) -else() -option(LWS_WITH_DIR "Directory scanning api support" ON) -option(LWS_WITH_LEJP_CONF "With LEJP configuration parser as used by lwsws" ON) -endif() -option(LWS_WITH_NO_LOGS "Disable all logging from being compiled in" OFF) -option(LWS_AVOID_SIGPIPE_IGN "Android 7+ reportedly needs this" OFF) -option(LWS_WITH_STATS "Keep statistics of lws internal operations" OFF) -option(LWS_WITH_JOSE "JSON Web Signature / Encryption / Keys (RFC7515/6/) API" OFF) -option(LWS_WITH_GENCRYPTO "Enable support for Generic Crypto apis independent of TLS backend" OFF) -option(LWS_WITH_SELFTESTS "Selftests run at context creation" OFF) -option(LWS_WITH_GCOV "Build with gcc gcov coverage instrumentation" OFF) -option(LWS_WITH_EXPORT_LWSTARGETS "Export libwebsockets CMake targets. Disable if they conflict with an outer cmake project." ON) -option(LWS_REPRODUCIBLE "Build libwebsockets reproducible. It removes the build user and hostname from the build" ON) -option(LWS_WITH_MINIMAL_EXAMPLES "Also build the normally standalone minimal examples, for QA" OFF) -option(LWS_WITH_LWSAC "lwsac Chunk Allocation api" ON) -option(LWS_WITH_CUSTOM_HEADERS "Store and allow querying custom HTTP headers (H1 only)" ON) -option(LWS_WITH_DISKCACHE "Hashed cache directory with lazy LRU deletion to size limit" OFF) -option(LWS_WITH_ASAN "Build with gcc runtime sanitizer options enabled (needs libasan)" OFF) -option(LWS_WITH_DIR "Directory scanning api support" OFF) -option(LWS_WITH_LEJP_CONF "With LEJP configuration parser as used by lwsws" OFF) -option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" OFF) -option(LWS_WITH_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_WITH_BUNDLED_ZLIB_DEFAULT}) -option(LWS_WITH_MINIZ "Use miniz instead of zlib" OFF) -option(LWS_WITH_DEPRECATED_LWS_DLL "Migrate to lws_dll2 instead ASAP" OFF) -option(LWS_WITH_SEQUENCER "lws_seq_t support" ON) -option(LWS_WITH_EXTERNAL_POLL "Support external POLL integration using callback messages (not recommended)" OFF) -option(LWS_WITH_LWS_DSH "Support lws_dsh_t Disordered Shared Heap" OFF) -# -# to use miniz, enable both LWS_WITH_ZLIB and LWS_WITH_MINIZ -# -# End of user settings -# - -# Workaround for ESP-IDF -# Detect ESP_PLATFORM environment flag, if exist, set LWS_WITH_ESP32. -# Otherwise the user may not be able to run configuration ESP-IDF in the first time. -if(ESP_PLATFORM) - message(STATUS "ESP-IDF enabled") - set(LWS_WITH_ESP32 ON) -else() - set(LWS_WITH_ESP32_HELPER OFF) -endif() - -if (WIN32 OR LWS_WITH_ESP32) - message(STATUS "No LWS_WITH_DIR and LWS_WITH_DIR") - set(LWS_WITH_DIR OFF) - set(LWS_WITH_LEJP_CONF OFF) - message("LWS_WITH_DIR ${LWS_WITH_DIR}") -else() - message(STATUS "Compiled with LWS_WITH_DIR and LWS_WITH_DIR") - set(LWS_WITH_DIR ON) - set(LWS_WITH_LEJP_CONF ON) -endif() - -if (LWS_FOR_GITOHASHI) - set(LWS_WITH_THREADPOOL 1) - set(LWS_WITH_HTTP2 1) - set(LWS_UNIX_SOCK 1) - set(LWS_WITH_HTTP_PROXY 1) - set(LWS_WITH_FTS 1) - set(LWS_WITH_DISKCACHE 1) - set(LWS_WITH_LWSAC 1) - set(LWS_WITH_LEJP_CONF 1) -endif() - -if(LWS_WITH_DISTRO_RECOMMENDED) - set(LWS_WITH_HTTP2 1) - set(LWS_WITH_LWSWS 1) - set(LWS_WITH_CGI 1) - set(LWS_IPV6 1) - set(LWS_WITH_ZIP_FOPS 1) - set(LWS_WITH_SOCKS5 1) - set(LWS_WITH_RANGES 1) - set(LWS_WITH_ACME 1) - set(LWS_WITH_SERVER_STATUS 1) - set(LWS_WITH_LIBUV 1) - set(LWS_WITH_LIBEV 1) - # libev + libevent cannot coexist at build-time - set(LWS_WITH_LIBEVENT 0) - set(LWS_WITHOUT_EXTENSIONS 0) - set(LWS_ROLE_DBUS 1) - set(LWS_WITH_FTS 1) - set(LWS_WITH_THREADPOOL 1) - set(LWS_UNIX_SOCK 1) - set(LWS_WITH_HTTP_PROXY 1) - set(LWS_WITH_DISKCACHE 1) - set(LWS_WITH_LWSAC 1) - set(LWS_WITH_LEJP_CONF 1) - set(LWS_WITH_PLUGINS 1) - set(LWS_ROLE_RAW_PROXY 1) - set(LWS_WITH_GENCRYPTO 1) - set(LWS_WITH_JOSE 1) -endif() - -if (NOT LWS_WITH_NETWORK) - set(LWS_ROLE_H1 0) - set(LWS_ROLE_WS 0) - set(LWS_ROLE_RAW 0) - set(LWS_WITHOUT_EXTENSIONS 1) - set(LWS_WITHOUT_SERVER 1) - set(LWS_WITHOUT_CLIENT 1) - set(LWS_WITH_HTTP2 0) - set(LWS_WITH_SOCKS5 0) - set(LWS_UNIX_SOCK 0) - set(LWS_WITH_HTTP_PROXY 0) - set(LWS_WITH_PLUGINS 0) - set(LWS_WITH_LWSWS 0) - set(LWS_WITH_CGI 0) - set(LWS_ROLE_RAW_PROXY 0) - set(LWS_WITH_PEER_LIMITS 0) - set(LWS_WITH_GENERIC_SESSIONS 0) - set(LWS_WITH_HTTP_STREAM_COMPRESSION 0) - set(LWS_WITH_HTTP_BROTLI 0) - set(LWS_WITH_POLL 0) - set(LWS_WITH_SEQUENCER 0) - set(LWS_ROLE_DBUS 0) - set(LWS_WITH_LWS_DSH 0) -endif() - -if (LWS_WITH_STRUCT_SQLITE3) - set(LWS_WITH_SQLITE3 1) -endif() - -# do you care about this? Then send me a patch where it disables it on travis -# but allows it on APPLE -if (APPLE) - set(LWS_ROLE_DBUS 0) -endif() - if(NOT DEFINED CMAKE_BUILD_TYPE) set(CMAKE_BUILD_TYPE Release CACHE STRING "Build type") endif() -# microsoft... that's why you can't have nice things - -if (WIN32 OR LWS_WITH_ESP32) - set(LWS_UNIX_SOCK 0) -endif() - -if (LWS_WITH_ESP32) - set(LWS_WITH_LWSAC 0) - set(LWS_WITH_FTS 0) -endif() - project(libwebsockets C) set(PACKAGE "libwebsockets") set(CPACK_PACKAGE_NAME "${PACKAGE}") -set(CPACK_PACKAGE_VERSION_MAJOR "3") -set(CPACK_PACKAGE_VERSION_MINOR "2") +set(CPACK_PACKAGE_VERSION_MAJOR "2") +set(CPACK_PACKAGE_VERSION_MINOR "3") set(CPACK_PACKAGE_VERSION_PATCH "0") -set(CPACK_PACKAGE_RELEASE 1) -set(CPACK_GENERATOR "RPM") set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set(CPACK_PACKAGE_VENDOR "andy@warmcat.com") -set(CPACK_PACKAGE_CONTACT "andy@warmcat.com") set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "${PACKAGE} ${PACKAGE_VERSION}") -set(SOVERSION "15") +set(SOVERSION "11") if(NOT CPACK_GENERATOR) if(UNIX) set(CPACK_GENERATOR "TGZ") @@ -282,64 +33,92 @@ set(LWS_LIBRARY_VERSION_PATCH ${CPACK_PACKAGE_VERSION_PATCH}) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake/") - message(STATUS "CMAKE_TOOLCHAIN_FILE='${CMAKE_TOOLCHAIN_FILE}'") -if(WIN32) - configure_file(${CMAKE_CURRENT_SOURCE_DIR}/win32port/version.rc.in ${CMAKE_CURRENT_BINARY_DIR}/win32port/version.rc @ONLY) - set(RESOURCES ${CMAKE_CURRENT_BINARY_DIR}/win32port/version.rc) -endif() - # Try to find the current Git hash. find_package(Git) if(GIT_EXECUTABLE) execute_process( - WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" - COMMAND "${GIT_EXECUTABLE}" describe --tags - OUTPUT_VARIABLE GIT_HASH - OUTPUT_STRIP_TRAILING_WHITESPACE - ) - set(LWS_BUILD_HASH ${GIT_HASH}) - - # append the build user and hostname - if(NOT LWS_REPRODUCIBLE) - execute_process( - WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" - COMMAND "whoami" - OUTPUT_VARIABLE GIT_USER - OUTPUT_STRIP_TRAILING_WHITESPACE - ) - execute_process( - WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" - COMMAND "hostname" - OUTPUT_VARIABLE GIT_HOST - OUTPUT_STRIP_TRAILING_WHITESPACE - ) - string(REGEX REPLACE "([^\\])[\\]([^\\])" "\\1\\\\\\\\\\2" GIT_USER ${GIT_USER}) - set(LWS_BUILD_HASH ${GIT_USER}@${GIT_HOST}-${GIT_HASH}) - endif() - - message("Git commit hash: ${LWS_BUILD_HASH}") -endif() - -# translate old functionality enables to set up ROLE enables so nothing changes -if (LWS_WITH_HTTP2 AND LWS_WITHOUT_SERVER) - set(LWS_WITH_HTTP2 0) - message("HTTP2 disabled due to LWS_WITHOUT_SERVER") -endif() - -if (LWS_WITH_HTTP2) - set(LWS_ROLE_H2 1) -endif() -if (LWS_WITH_CGI) - set(LWS_ROLE_CGI 1) + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + COMMAND "${GIT_EXECUTABLE}" describe + OUTPUT_VARIABLE GIT_HASH + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + execute_process( + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + COMMAND "whoami" + OUTPUT_VARIABLE GIT_USER + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + execute_process( + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + COMMAND "hostname" + OUTPUT_VARIABLE GIT_HOST + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + string(REGEX REPLACE "([^\\])[\\]([^\\])" "\\1\\\\\\\\\\2" GIT_USER ${GIT_USER}) + set(LWS_BUILD_HASH ${GIT_USER}@${GIT_HOST}-${GIT_HASH}) + message("Git commit hash: ${LWS_BUILD_HASH}") endif() -if (NOT LWS_ROLE_WS) - set(LWS_WITHOUT_EXTENSIONS 1) +set(LWS_USE_BUNDLED_ZLIB_DEFAULT OFF) +if(WIN32) + set(LWS_USE_BUNDLED_ZLIB_DEFAULT ON) endif() -include_directories(include plugins) +option(LWS_WITH_STATIC "Build the static version of the library" ON) +option(LWS_WITH_SHARED "Build the shared version of the library" ON) +option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON) +option(LWS_USE_BORINGSSL "Use BoringSSL replacement for OpenSSL" OFF) +option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When setting this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF) +option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When setting this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF) +option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON) +option(LWS_WITH_LIBEV "Compile with support for libev" OFF) +option(LWS_WITH_LIBUV "Compile with support for libuv" OFF) +option(LWS_WITH_LIBEVENT "Compile with support for libevent" OFF) +option(LWS_USE_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_USE_BUNDLED_ZLIB_DEFAULT}) +option(LWS_SSL_CLIENT_USE_OS_CA_CERTS "SSL support should make use of the OS-installed CA root certs" ON) +option(LWS_WITHOUT_BUILTIN_GETIFADDRS "Don't use the BSD getifaddrs implementation from libwebsockets if it is missing (this will result in a compilation error) ... The default is to assume that your libc provides it. On some systems such as uclibc it doesn't exist." OFF) +option(LWS_WITHOUT_BUILTIN_SHA1 "Don't build the lws sha-1 (eg, because openssl will provide it" OFF) +option(LWS_WITHOUT_CLIENT "Don't build the client part of the library" OFF) +option(LWS_WITHOUT_SERVER "Don't build the server part of the library" OFF) +option(LWS_LINK_TESTAPPS_DYNAMIC "Link the test apps to the shared version of the library. Default is to link statically" OFF) +option(LWS_WITHOUT_TESTAPPS "Don't build the libwebsocket-test-apps" OFF) +option(LWS_WITHOUT_TEST_SERVER "Don't build the test server" OFF) +option(LWS_WITHOUT_TEST_SERVER_EXTPOLL "Don't build the test server version that uses external poll" OFF) +option(LWS_WITHOUT_TEST_PING "Don't build the ping test application" OFF) +option(LWS_WITHOUT_TEST_ECHO "Don't build the echo test application" OFF) +option(LWS_WITHOUT_TEST_CLIENT "Don't build the client test application" OFF) +option(LWS_WITHOUT_TEST_FRAGGLE "Don't build the ping test application" OFF) +option(LWS_WITHOUT_EXTENSIONS "Don't compile with extensions" OFF) +option(LWS_WITH_LATENCY "Build latency measuring code into the library" OFF) +option(LWS_WITHOUT_DAEMONIZE "Don't build the daemonization api" ON) +option(LWS_IPV6 "Compile with support for ipv6" OFF) +option(LWS_UNIX_SOCK "Compile with support for UNIX domain socket" OFF) +#option(LWS_WITH_HTTP2 "Compile with support for http2" OFF) +option(LWS_SSL_SERVER_WITH_ECDH_CERT "Include SSL server use ECDH certificate" OFF) +option(LWS_WITH_CGI "Include CGI (spawn process with network-connected stdin/out/err) APIs" OFF) +option(LWS_WITH_HTTP_PROXY "Support for rewriting HTTP proxying (requires libhubbub)" OFF) +option(LWS_WITH_LWSWS "Libwebsockets Webserver" OFF) +option(LWS_WITH_PLUGINS "Support plugins for protocols and extensions" OFF) +option(LWS_WITH_ACCESS_LOG "Support generating Apache-compatible access logs" OFF) +option(LWS_WITH_SERVER_STATUS "Support json + jscript server monitoring" OFF) +option(LWS_WITH_LEJP "With the Lightweight JSON Parser" OFF) +option(LWS_WITH_LEJP_CONF "With LEJP configuration parser as used by lwsws" OFF) +option(LWS_WITH_GENERIC_SESSIONS "With the Generic Sessions plugin" OFF) +option(LWS_WITH_SQLITE3 "Require SQLITE3 support" OFF) +option(LWS_WITH_SMTP "Provide SMTP support" OFF) +option(LWS_WITH_ESP8266 "Build for ESP8266" OFF) +option(LWS_WITH_ESP32 "Build for ESP32" OFF) +option(LWS_PLAT_OPTEE "Build for OPTEE" OFF) +option(LWS_WITH_NO_LOGS "Disable all logging from being compiled in" OFF) +option(LWS_STATIC_PIC "Build the static version of the library with position-independent code" OFF) +option(LWS_WITH_RANGES "Support http ranges (RFC7233)" ON) +option(LWS_FALLBACK_GETHOSTBYNAME "Also try to do dns resolution using gethostbyname if getaddrinfo fails" OFF) +option(LWS_WITH_ZIP_FOPS "Support serving pre-zipped files" ON) +option(LWS_AVOID_SIGPIPE_IGN "Android 7+ seems to need this" OFF) +option(LWS_WITH_STATS "Keep statistics of lws internal operations" OFF) +option(LWS_WITH_SOCKS5 "Allow use of SOCKS5 proxy on client connections" OFF) if (LWS_WITH_LWSWS) message(STATUS "LWS_WITH_LWSWS --> Enabling LWS_WITH_PLUGINS and LWS_WITH_LIBUV") @@ -349,29 +128,6 @@ if (LWS_WITH_LWSWS) set(LWS_WITH_SERVER_STATUS 1) set(LWS_WITH_LEJP 1) set(LWS_WITH_LEJP_CONF 1) - set(LWS_WITH_PEER_LIMITS 1) - set(LWS_ROLE_RAW_PROXY 1) -endif() - -# sshd plugin -if (LWS_WITH_PLUGINS) - set(LWS_WITH_GENCRYPTO 1) -endif() - -if (LWS_ROLE_RAW_PROXY) - set (LWS_WITHOUT_CLIENT 0) - set (LWS_WITHOUT_SERVER 0) -endif() - -if (LWS_WITH_ACME) - set (LWS_WITHOUT_CLIENT 0) - set (LWS_WITHOUT_SERVER 0) - set (LWS_WITH_JOSE 1) -endif() - -if (LWS_WITH_JOSE) - set(LWS_WITH_LEJP 1) - set(LWS_WITH_GENCRYPTO 1) endif() if (LWS_WITH_PLUGINS AND NOT LWS_WITH_LIBUV) @@ -379,20 +135,41 @@ message(STATUS "LWS_WITH_PLUGINS --> Enabling LWS_WITH_LIBUV") set(LWS_WITH_LIBUV 1) endif() -if (LWS_WITH_PLUGINS OR LWS_WITH_CGI) - # sshd plugin - set(LWS_WITH_GENCRYPTO 1) +if (LWS_WITH_SMTP AND NOT LWS_WITH_LIBUV) +message(STATUS "LWS_WITH_SMTP --> Enabling LWS_WITH_LIBUV") + set(LWS_WITH_LIBUV 1) endif() if (LWS_WITH_GENERIC_SESSIONS) set(LWS_WITH_SQLITE3 1) set(LWS_WITH_SMTP 1) - set(LWS_WITH_STRUCT_SQLITE3 1) +endif() + +if (LWS_WITH_SMTP AND NOT LWS_WITH_LIBUV) +message(STATUS "LWS_WITH_SMTP --> Enabling LWS_WITH_LIBUV") + set(LWS_WITH_LIBUV 1) +endif() + +if (LWS_WITH_ESP8266) + set(LWS_WITH_SHARED OFF) + set(LWS_WITH_SSL OFF) + set(LWS_WITH_ZLIB OFF) + set(LWS_WITHOUT_CLIENT ON) + set(LWS_WITHOUT_TESTAPPS ON) + set(LWS_WITHOUT_EXTENSIONS ON) + set(LWS_WITH_PLUGINS OFF) + set(LWS_WITH_RANGES OFF) + # this implies no pthreads in the lib + set(LWS_MAX_SMP 1) + set(LWS_HAVE_MALLOC 1) + set(LWS_HAVE_REALLOC 1) + set(LWS_HAVE_GETIFADDRS 1) + set(LWS_WITH_ZIP_FOPS 0) endif() if (LWS_WITH_ESP32) set(LWS_WITH_SHARED OFF) - set(LWS_WITH_MBEDTLS ON) + set(LWS_WITH_SSL ON) # set(LWS_WITHOUT_CLIENT ON) set(LWS_WITHOUT_TESTAPPS ON) set(LWS_WITHOUT_EXTENSIONS ON) @@ -404,59 +181,21 @@ if (LWS_WITH_ESP32) set(LWS_HAVE_REALLOC 1) set(LWS_HAVE_GETIFADDRS 1) set(LWS_WITH_ZIP_FOPS 1) - set(LWS_WITH_CUSTOM_HEADERS 0) endif() if (WIN32) +# this implies no pthreads in the lib set(LWS_MAX_SMP 1) -set(LWS_WITH_THREADPOOL 0) endif() + if (LWS_WITHOUT_SERVER) set(LWS_WITH_LWSWS OFF) endif() -if (LWS_WITH_LEJP_CONF) - set(LWS_WITH_DIR 1) -endif() - -# confirm H1 relationships - -if (NOT LWS_ROLE_H1 AND LWS_ROLE_H2) - message(FATAL_ERROR "H2 requires LWS_ROLE_H1") -endif() - -if (NOT LWS_ROLE_H1 AND LWS_ROLE_WS) - message(FATAL_ERROR "WS requires LWS_ROLE_H1") -endif() - -if (NOT LWS_ROLE_H1 AND LWS_ROLE_CGI) - message(FATAL_ERROR "CGI requires LWS_ROLE_H1") -endif() - -# confirm HTTP relationships - -if (NOT LWS_ROLE_H1 AND NOT LWS_ROLE_H2 AND LWS_WITH_HTTP_PROXY) - message(FATAL_ERROR "LWS_WITH_LWSWS requires LWS_ROLE_H1") -endif() - -if (NOT LWS_ROLE_H1 AND NOT LWS_ROLE_H2 AND LWS_WITH_HTTP_PROXY) - message(FATAL_ERROR "LWS_WITH_HTTP_PROXY requires LWS_ROLE_H1") -endif() - -if (NOT LWS_ROLE_H1 AND NOT LWS_ROLE_H2 AND LWS_WITH_RANGES) - message(FATAL_ERROR "LWS_WITH_RANGES requires LWS_ROLE_H1") -endif() - -if (NOT LWS_ROLE_H1 AND NOT LWS_ROLE_H2 AND LWS_WITH_ACCESS_LOG) - message(FATAL_ERROR "LWS_WITH_ACCESS_LOG requires LWS_ROLE_H1") -endif() - - if (LWS_WITH_HTTP_PROXY AND (LWS_WITHOUT_CLIENT OR LWS_WITHOUT_SERVER)) - message("You have to enable both client and server for http proxy") - set(LWS_WITH_HTTP_PROXY 0) + message(FATAL_ERROR "You have to enable both client and server for http proxy") endif() # Allow the user to override installation directories. @@ -466,34 +205,37 @@ set(LWS_INSTALL_INCLUDE_DIR include CACHE PATH "Installation directory for hea set(LWS_INSTALL_EXAMPLES_DIR bin CACHE PATH "Installation directory for example files") # Allow the user to use the old CyaSSL options/library in stead of wolfSSL -if (LWS_WITH_CYASSL AND LWS_WITH_WOLFSSL) - message(FATAL_ERROR "LWS_WITH_CYASSL and LWS_WITH_WOLFSSL are mutually exclusive!") +if (LWS_USE_CYASSL AND LWS_USE_WOLFSSL) + message(FATAL_ERROR "LWS_USE_CYASSL and LWS_USE_WOLFSSL are mutually exclusive!") endif() -if (LWS_WITH_CYASSL) +if (LWS_USE_CYASSL) # Copy CyaSSL options to the wolfSSL options - set(LWS_WITH_WOLFSSL ${LWS_WITH_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE) + set(LWS_USE_WOLFSSL ${LWS_USE_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE) set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE) set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE) endif() +if (LWS_WITHOUT_CLIENT AND LWS_WITHOUT_SERVER) + message(FATAL_ERROR "Makes no sense to compile with neither client nor server.") +endif() + if (NOT (LWS_WITH_STATIC OR LWS_WITH_SHARED)) message(FATAL_ERROR "Makes no sense to compile with neither static nor shared libraries.") endif() -if (NOT LWS_WITHOUT_EXTENSIONS OR LWS_WITH_ZIP_FOPS) - set(LWS_WITH_ZLIB 1) +if (NOT LWS_WITHOUT_EXTENSIONS) + if (NOT LWS_WITH_ZLIB) + message(FATAL_ERROR "zlib is required for extensions.") + endif() endif() -# if you gave LWS_WITH_MINIZ, point to MINIZ here if not found -# automatically - -set(LWS_ZLIB_LIBRARIES CACHE PATH "Path to the zlib/miniz library") -set(LWS_ZLIB_INCLUDE_DIRS CACHE PATH "Path to the zlib/miniz include directory") +set(LWS_ZLIB_LIBRARIES CACHE PATH "Path to the zlib library") +set(LWS_ZLIB_INCLUDE_DIRS CACHE PATH "Path to the zlib include directory") set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library") set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory") set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library") set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory") -set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library") +set( CACHE PATH "Path to the libev library") set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory") set(LWS_LIBUV_LIBRARIES CACHE PATH "Path to the libuv library") set(LWS_LIBUV_INCLUDE_DIRS CACHE PATH "Path to the libuv include directory") @@ -507,12 +249,7 @@ if (NOT LWS_WITH_SSL) set(LWS_WITHOUT_BUILTIN_SHA1 OFF) endif() -if (LWS_WITH_BORINGSSL) - # boringssl deprecated EVP_PKEY - set (LWS_WITH_GENHASH OFF) -endif() - -if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS) +if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "") else() if (NOT LWS_WITH_ESP32) @@ -523,13 +260,13 @@ if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS) endif() endif() -if (LWS_WITH_SSL AND LWS_WITH_WOLFSSL) +if (LWS_WITH_SSL AND LWS_USE_WOLFSSL) if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "") if (NOT WOLFSSL_FOUND) - if (LWS_WITH_CYASSL) - message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_WITH_CYASSL is turned on.") + if (LWS_USE_CYASSL) + message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.") else() - message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_WITH_WOLFSSL is turned on.") + message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.") endif() endif() else() @@ -538,44 +275,12 @@ if (LWS_WITH_SSL AND LWS_WITH_WOLFSSL) set(WOLFSSL_FOUND 1) endif() set(USE_WOLFSSL 1) - set(LWS_WITH_TLS 1) - if (LWS_WITH_CYASSL) + if (LWS_USE_CYASSL) set(USE_OLD_CYASSL 1) endif() endif() -if (LWS_WITH_SSL AND LWS_WITH_MBEDTLS) - if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "" AND NOT LWS_WITH_ESP32) - - find_path(LWS_MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) - - find_library(MBEDTLS_LIBRARY mbedtls) - find_library(MBEDX509_LIBRARY mbedx509) - find_library(MBEDCRYPTO_LIBRARY mbedcrypto) - - set(LWS_MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}") - - include(FindPackageHandleStandardArgs) - find_package_handle_standard_args(MBEDTLS DEFAULT_MSG - LWS_MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) - - mark_as_advanced(LWS_MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) - - if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "") - message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_WITH_MBEDTLS is turned on.") - endif() - endif() - set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES}) - set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS}) - set(MBEDTLS_FOUND 1) - set(USE_MBEDTLS 1) -endif() - -if (LWS_WITH_HTTP_STREAM_COMPRESSION) - set(LWS_WITH_ZLIB 1) -endif() - -if (LWS_WITH_ZLIB AND NOT LWS_WITH_BUNDLED_ZLIB) +if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB) if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "") else() set(ZLIB_LIBRARIES ${LWS_ZLIB_LIBRARIES}) @@ -621,10 +326,6 @@ if (LWS_WITH_SQLITE3) endif() -if (LWS_WITH_LIBEV AND LWS_WITH_LIBEVENT) - message(FATAL_ERROR "Sorry libev and libevent conflict with each others' namespace, you can only have one or the other") -endif() - # The base dir where the test-apps look for the SSL certs. set(LWS_OPENSSL_CLIENT_CERTS ../share CACHE PATH "Server SSL certificate directory") if (WIN32) @@ -638,10 +339,12 @@ else() set(LWS_OPENSSL_CLIENT_CERTS /etc/pki/tls/certs/ CACHE PATH "Client SSL certificate directory") endif() -# LWS_OPENSSL_SUPPORT deprecated... use LWS_WITH_TLS -if (LWS_WITH_SSL OR LWS_WITH_MBEDTLS) +if (LWS_WITHOUT_EXTENSIONS) + set(LWS_NO_EXTENSIONS 1) +endif() + +if (LWS_WITH_SSL) set(LWS_OPENSSL_SUPPORT 1) - set(LWS_WITH_TLS 1) endif() if (LWS_SSL_CLIENT_USE_OS_CA_CERTS) @@ -665,45 +368,41 @@ if (LWS_WITHOUT_CLIENT) endif() if (LWS_WITH_LIBEV) - set(LWS_WITH_LIBEV 1) + set(LWS_USE_LIBEV 1) endif() if (LWS_WITH_LIBUV) - set(LWS_WITH_LIBUV 1) + set(LWS_USE_LIBUV 1) endif() if (LWS_WITH_LIBEVENT) - set(LWS_WITH_LIBEVENT 1) + set(LWS_USE_LIBEVENT 1) endif() if (LWS_IPV6) - set(LWS_WITH_IPV6 1) + set(LWS_USE_IPV6 1) endif() if (LWS_UNIX_SOCK) - set(LWS_WITH_UNIX_SOCK 1) + set(LWS_USE_UNIX_SOCK 1) endif() if (LWS_WITH_HTTP2) - set(LWS_WITH_HTTP2 1) + set(LWS_USE_HTTP2 1) endif() if ("${LWS_MAX_SMP}" STREQUAL "") set(LWS_MAX_SMP 1) endif() -# using any abstract protocol enables LWS_WITH_ABSTRACT -if (LWS_WITH_SMTP) - set(LWS_WITH_ABSTRACT 1) +if (LWS_WITH_ESP8266) +set(CMAKE_C_FLAGS "-nostdlib ${CMAKE_C_FLAGS}") endif() - - if (MINGW) set(LWS_MINGW_SUPPORT 1) set(CMAKE_C_FLAGS "-D__USE_MINGW_ANSI_STDIO ${CMAKE_C_FLAGS}") - add_definitions(-DWINVER=0x0601 -D_WIN32_WINNT=0x0601) endif() if (LWS_SSL_SERVER_WITH_ECDH_CERT) @@ -751,25 +450,12 @@ include(CheckIncludeFile) include(CheckIncludeFiles) include(CheckLibraryExists) include(CheckTypeSize) -include(CheckCSourceCompiles) if (LWS_WITHOUT_BUILTIN_SHA1) set(LWS_SHA1_USE_OPENSSL_NAME 1) endif() -if (HAIKU) - set(CMAKE_REQUIRED_LIBRARIES network) -endif() - -CHECK_C_SOURCE_COMPILES( - "#include - int main(int argc, char **argv) { return malloc_trim(0); } - " LWS_HAVE_MALLOC_TRIM) -CHECK_C_SOURCE_COMPILES( - "#include - int main(int argc, char **argv) { return (int)malloc_usable_size((void *)0); } - " LWS_HAVE_MALLOC_USABLE_SIZE) - +CHECK_FUNCTION_EXISTS(bzero LWS_HAVE_BZERO) CHECK_FUNCTION_EXISTS(fork LWS_HAVE_FORK) CHECK_FUNCTION_EXISTS(getenv LWS_HAVE_GETENV) CHECK_FUNCTION_EXISTS(malloc LWS_HAVE_MALLOC) @@ -787,7 +473,6 @@ CHECK_FUNCTION_EXISTS(getloadavg LWS_HAVE_GETLOADAVG) CHECK_FUNCTION_EXISTS(atoll LWS_HAVE_ATOLL) CHECK_FUNCTION_EXISTS(_atoi64 LWS_HAVE__ATOI64) CHECK_FUNCTION_EXISTS(_stat32i64 LWS_HAVE__STAT32I64) -CHECK_FUNCTION_EXISTS(clock_gettime LWS_HAVE_CLOCK_GETTIME) if (NOT LWS_HAVE_GETIFADDRS) if (LWS_WITHOUT_BUILTIN_GETIFADDRS) @@ -799,6 +484,7 @@ endif() CHECK_INCLUDE_FILE(dlfcn.h LWS_HAVE_DLFCN_H) CHECK_INCLUDE_FILE(fcntl.h LWS_HAVE_FCNTL_H) CHECK_INCLUDE_FILE(in6addr.h LWS_HAVE_IN6ADDR_H) +CHECK_INCLUDE_FILE(inttypes.h LWS_HAVE_INTTYPES_H) CHECK_INCLUDE_FILE(memory.h LWS_HAVE_MEMORY_H) CHECK_INCLUDE_FILE(netinet/in.h LWS_HAVE_NETINET_IN_H) CHECK_INCLUDE_FILE(stdint.h LWS_HAVE_STDINT_H) @@ -813,65 +499,16 @@ CHECK_INCLUDE_FILE(sys/types.h LWS_HAVE_SYS_TYPES_H) CHECK_INCLUDE_FILE(unistd.h LWS_HAVE_UNISTD_H) CHECK_INCLUDE_FILE(vfork.h LWS_HAVE_VFORK_H) CHECK_INCLUDE_FILE(sys/capability.h LWS_HAVE_SYS_CAPABILITY_H) -CHECK_INCLUDE_FILE(malloc.h LWS_HAVE_MALLOC_H) -CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) -CHECK_INCLUDE_FILE(inttypes.h LWS_HAVE_INTTYPES_H) - -CHECK_LIBRARY_EXISTS(cap cap_set_flag "" LWS_HAVE_LIBCAP) -if (LWS_ROLE_DBUS) - - if (NOT LWS_DBUS_LIB) - set(LWS_DBUS_LIB "dbus-1") - endif() - - CHECK_LIBRARY_EXISTS(${LWS_DBUS_LIB} dbus_connection_set_watch_functions "" LWS_HAVE_LIBDBUS) - if (NOT LWS_HAVE_LIBDBUS) - message(FATAL_ERROR "Install dbus-devel, or libdbus-1-dev etc") - endif() - - if (NOT LWS_DBUS_INCLUDE1) - # look in fedora and debian / ubuntu place - if (EXISTS "/usr/include/dbus-1.0") - set(LWS_DBUS_INCLUDE1 "/usr/include/dbus-1.0") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE1 to /usr/include/dbus-1.0 or wherever the main dbus includes are") - endif() - endif() - - if (NOT LWS_DBUS_INCLUDE2) - # look in fedora... debian / ubuntu has the ARCH in the path... - if (EXISTS "/usr/lib64/dbus-1.0/include") - set(LWS_DBUS_INCLUDE2 "/usr/lib64/dbus-1.0/include") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE2 to /usr/lib/ARCH-linux-gnu/dbus-1.0/include or wherever dbus-arch-deps.h is on your system") - endif() - endif() - - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES};${LWS_DBUS_INCLUDE1};${LWS_DBUS_INCLUDE2}) - - CHECK_C_SOURCE_COMPILES("#include - int main(void) { - return 0; - }" LWS_DBUS_CHECK_OK) -endif() +CHECK_LIBRARY_EXISTS(cap cap_set_flag "" LWS_HAVE_LIBCAP) if (LWS_WITH_LIBUV) CHECK_INCLUDE_FILE(uv-version.h LWS_HAVE_UV_VERSION_H) - # libuv changed the location in 1.21.0. Retain both - # checks temporarily to ensure a smooth transition. - if (NOT LWS_HAVE_UV_VERSION_H) - CHECK_INCLUDE_FILE(uv/version.h LWS_HAVE_NEW_UV_VERSION_H) - endif() endif() -if (LWS_WITH_ZLIB AND NOT LWS_WITH_BUNDLED_ZLIB) - if (LWS_WITH_MINIZ) - CHECK_INCLUDE_FILE(miniz.h LWS_HAVE_ZLIB_H) - else() - CHECK_INCLUDE_FILE(zlib.h LWS_HAVE_ZLIB_H) - endif() +if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB) + CHECK_INCLUDE_FILE(zlib.h LWS_HAVE_ZLIB_H) endif() # TODO: These can also be tested to see whether they actually work... @@ -886,538 +523,180 @@ CHECK_C_SOURCE_COMPILES("#include return 0; }" LWS_HAS_INTPTR_T) -set(CMAKE_REQUIRED_FLAGS "-pthread") -CHECK_C_SOURCE_COMPILES("#define _GNU_SOURCE - #include - int main(void) { - pthread_t th = 0; - pthread_setname_np(th, NULL); - return 0; - }" LWS_HAS_PTHREAD_SETNAME_NP) - -CHECK_C_SOURCE_COMPILES("#include - #include - int main(void) { - void *p = (void *)getopt_long; - return p != NULL; - }" LWS_HAS_GETOPT_LONG) - - -if (NOT PID_T_SIZE) - set(pid_t int) -endif() - -if (NOT SIZE_T_SIZE) - set(size_t "unsigned int") -endif() - -if (NOT LWS_HAVE_MALLOC) - set(malloc rpl_malloc) -endif() - -if (NOT LWS_HAVE_REALLOC) - set(realloc rpl_realloc) -endif() - -if (UNIX) - execute_process(COMMAND uname -n OUTPUT_VARIABLE NODENAME) - # Need to chomp the \n at end of output. - string(REGEX REPLACE "[\n]+" "" NODENAME "${NODENAME}") - - if( NODENAME STREQUAL "smartos" ) - add_definitions( "-D__smartos__" ) - set(SMARTOS 1) - endif() -endif() - -if (MSVC) - # Turn off stupid microsoft security warnings. - add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) -endif(MSVC) - -include_directories("${PROJECT_SOURCE_DIR}/lib") - -# Group headers and sources. -# Some IDEs use this for nicer file structure. -set(HDR_PRIVATE - lib/core/private.h) - -set(HDR_PUBLIC - "${PROJECT_SOURCE_DIR}/include/libwebsockets.h" - "${PROJECT_BINARY_DIR}/lws_config.h" - "${PROJECT_SOURCE_DIR}/plugins/ssh-base/include/lws-plugin-ssh.h" - ) - -set(SOURCES - lib/core/alloc.c - lib/core/buflist.c - lib/core/context.c - lib/core/lws_dll2.c - lib/core/libwebsockets.c - lib/core/logs.c - lib/misc/base64-decode.c - lib/core/vfs.c - lib/misc/lws-ring.c -) - -if (LWS_WITH_DEPRECATED_LWS_DLL) - list(APPEND SOURCES - lib/core/lws_dll.c) -endif() - -if (LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/core-net/dummy-callback.c - lib/core-net/output.c - lib/core-net/close.c - lib/core-net/network.c - lib/core-net/vhost.c - lib/core-net/pollfd.c - lib/core-net/service.c - lib/core-net/sorted-usec-list.c - lib/core-net/stats.c - lib/core-net/wsi.c - lib/core-net/wsi-timeout.c - lib/core-net/adopt.c - lib/roles/pipe/ops-pipe.c - ) - - if (LWS_WITH_LWS_DSH) - list(APPEND SOURCES - lib/core-net/lws-dsh.c) - endif() - - if (LWS_WITH_SEQUENCER) - list(APPEND SOURCES - lib/core-net/sequencer.c) - endif() - - if (LWS_WITH_ABSTRACT) - list(APPEND SOURCES - lib/abstract/abstract.c - ) - if (LWS_WITH_SEQUENCER) - list(APPEND SOURCES - lib/abstract/test-sequencer.c) - endif() - endif() - - if (LWS_WITH_STATS) - list(APPEND SOURCES - lib/core-net/stats.c - ) - endif() -endif() - -if (LWS_WITH_DIR) - list(APPEND SOURCES lib/misc/dir.c) -endif() - -if (LWS_WITH_THREADPOOL AND UNIX AND LWS_HAVE_PTHREAD_H) - list(APPEND SOURCES lib/misc/threadpool/threadpool.c) -endif() - -if (LWS_ROLE_H1 OR LWS_ROLE_H2) - list(APPEND SOURCES - lib/roles/http/header.c - lib/roles/http/server/parsers.c) - if (LWS_WITH_HTTP_STREAM_COMPRESSION) - list(APPEND SOURCES - lib/roles/http/compression/stream.c - lib/roles/http/compression/deflate/deflate.c) - if (LWS_WITH_HTTP_BROTLI) - list(APPEND SOURCES - lib/roles/http/compression/brotli/brotli.c) - endif() - endif() -endif() - -if (LWS_ROLE_H1) - list(APPEND SOURCES - lib/roles/h1/ops-h1.c) -endif() - -if (LWS_ROLE_WS) - list(APPEND SOURCES - lib/roles/ws/ops-ws.c) - if (NOT LWS_WITHOUT_CLIENT) - list(APPEND SOURCES - lib/roles/ws/client-ws.c - lib/roles/ws/client-parser-ws.c) - endif() - if (NOT LWS_WITHOUT_SERVER) - list(APPEND SOURCES - lib/roles/ws/server-ws.c) - endif() -endif() - -if (LWS_ROLE_RAW) - list(APPEND SOURCES - lib/roles/raw-skt/ops-raw-skt.c - lib/roles/raw-file/ops-raw-file.c) - - if (LWS_WITH_ABSTRACT) - list(APPEND SOURCES - lib/abstract/transports/raw-skt.c) - endif() -endif() +# These don't work Cross... +#CHECK_TYPE_SIZE(pid_t PID_T_SIZE) +#CHECK_TYPE_SIZE(size_t SIZE_T_SIZE) +#CHECK_TYPE_SIZE("void *" LWS_SIZEOFPTR LANGUAGE C) -if (LWS_ROLE_RAW_PROXY) - list(APPEND SOURCES - lib/roles/raw-proxy/ops-raw-proxy.c) +if (NOT PID_T_SIZE) + set(pid_t int) endif() -if (LWS_ROLE_CGI) - list(APPEND SOURCES - lib/roles/cgi/cgi-server.c - lib/roles/cgi/ops-cgi.c) +if (NOT SIZE_T_SIZE) + set(size_t "unsigned int") endif() -if (LWS_ROLE_DBUS) - list(APPEND SOURCES - lib/roles/dbus/dbus.c) +if (NOT LWS_HAVE_MALLOC) + set(malloc rpl_malloc) endif() -if (LWS_WITH_ACCESS_LOG) - list(APPEND SOURCES - lib/roles/http/server/access-log.c) +if (NOT LWS_HAVE_REALLOC) + set(realloc rpl_realloc) endif() -if (LWS_WITH_PEER_LIMITS) - list(APPEND SOURCES - lib/misc/peer-limits.c) -endif() -if (LWS_WITH_LWSAC) - list(APPEND SOURCES - lib/misc/lwsac/lwsac.c - lib/misc/lwsac/cached-file.c) -endif() +if (MSVC) + # Turn off stupid microsoft security warnings. + add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) +endif(MSVC) -if (LWS_WITH_FTS) - list(APPEND SOURCES - lib/misc/fts/trie.c - lib/misc/fts/trie-fd.c) -endif() +include_directories("${PROJECT_SOURCE_DIR}/lib") -if (LWS_WITH_DISKCACHE) - list(APPEND SOURCES - lib/misc/diskcache.c) -endif() +# Group headers and sources. +# Some IDEs use this for nicer file structure. +set(HDR_PRIVATE + lib/private-libwebsockets.h) -if (LWS_WITH_STRUCT_JSON) - list(APPEND SOURCES - lib/misc/lws-struct-lejp.c) -endif() +set(HDR_PUBLIC + "${PROJECT_SOURCE_DIR}/lib/libwebsockets.h" + "${PROJECT_BINARY_DIR}/lws_config.h") -if (LWS_WITH_STRUCT_SQLITE3) - list(APPEND SOURCES - lib/misc/lws-struct-sqlite.c) -endif() +set(SOURCES + lib/base64-decode.c + lib/handshake.c + lib/libwebsockets.c + lib/service.c + lib/pollfd.c + lib/output.c + lib/parsers.c + lib/context.c + lib/alloc.c + lib/header.c) if (NOT LWS_WITHOUT_CLIENT) list(APPEND SOURCES - lib/core-net/connect.c - lib/core-net/client.c - lib/roles/http/client/client.c - lib/roles/http/client/client-handshake.c) -endif() - -if (NOT LWS_WITHOUT_SERVER) - list(APPEND SOURCES - lib/core-net/server.c - lib/roles/listen/ops-listen.c) -endif() - -if (LWS_WITH_MBEDTLS) - set(LWS_WITH_SSL ON) - - include_directories(lib/tls/mbedtls/wrapper/include) - include_directories(lib/tls/mbedtls/wrapper/include/platform) - include_directories(lib/tls/mbedtls/wrapper/include/internal) - include_directories(lib/tls/mbedtls/wrapper/include/openssl) - - if (LWS_WITH_NETWORK) - list(APPEND HDR_PRIVATE - lib/tls/mbedtls/wrapper/include/internal/ssl3.h - lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h - lib/tls/mbedtls/wrapper/include/internal/ssl_code.h - lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h - lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h - lib/tls/mbedtls/wrapper/include/internal/ssl_methods.h - lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h - lib/tls/mbedtls/wrapper/include/internal/ssl_stack.h - lib/tls/mbedtls/wrapper/include/internal/ssl_types.h - lib/tls/mbedtls/wrapper/include/internal/ssl_x509.h - lib/tls/mbedtls/wrapper/include/internal/tls1.h - lib/tls/mbedtls/wrapper/include/internal/x509_vfy.h) - - list(APPEND HDR_PRIVATE - lib/tls/mbedtls/wrapper/include/openssl/ssl.h) - - list(APPEND HDR_PRIVATE - lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h - lib/tls/mbedtls/wrapper/include/platform/ssl_port.h) - - list(APPEND SOURCES - lib/tls/mbedtls/wrapper/library/ssl_cert.c - lib/tls/mbedtls/wrapper/library/ssl_lib.c - lib/tls/mbedtls/wrapper/library/ssl_methods.c - lib/tls/mbedtls/wrapper/library/ssl_pkey.c - lib/tls/mbedtls/wrapper/library/ssl_stack.c - lib/tls/mbedtls/wrapper/library/ssl_x509.c) - - list(APPEND SOURCES - lib/tls/mbedtls/wrapper/platform/ssl_pm.c - lib/tls/mbedtls/wrapper/platform/ssl_port.c) - endif() + lib/client.c + lib/client-handshake.c + lib/client-parser.c) endif() if (LWS_WITH_SSL) list(APPEND SOURCES - lib/tls/tls.c - ) - if (LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/tls/tls-network.c - ) - endif() - - if (LWS_WITH_MBEDTLS) - list(APPEND SOURCES - lib/tls/mbedtls/tls.c - lib/tls/mbedtls/x509.c - ) - if (LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/tls/mbedtls/ssl.c - ) - endif() - if (LWS_WITH_GENCRYPTO) - list(APPEND SOURCES - lib/tls/mbedtls/lws-genhash.c - lib/tls/mbedtls/lws-genrsa.c - lib/tls/mbedtls/lws-genaes.c - lib/tls/lws-genec-common.c - lib/tls/mbedtls/lws-genec.c - lib/tls/mbedtls/lws-gencrypto.c - ) - endif() - else() - list(APPEND SOURCES - lib/tls/openssl/tls.c - lib/tls/openssl/x509.c - ) - if (LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/tls/openssl/ssl.c - ) - endif() - if (LWS_WITH_GENCRYPTO) - list(APPEND SOURCES - lib/tls/openssl/lws-genhash.c - lib/tls/openssl/lws-genrsa.c - lib/tls/openssl/lws-genaes.c - lib/tls/lws-genec-common.c - lib/tls/openssl/lws-genec.c - lib/tls/openssl/lws-gencrypto.c - ) - endif() - endif() + lib/ssl.c) if (NOT LWS_WITHOUT_SERVER) list(APPEND SOURCES - lib/tls/tls-server.c) - if (LWS_WITH_MBEDTLS) - list(APPEND SOURCES - lib/tls/mbedtls/mbedtls-server.c) - else() - list(APPEND SOURCES - lib/tls/openssl/openssl-server.c) - endif() + lib/ssl-server.c) endif() if (NOT LWS_WITHOUT_CLIENT) list(APPEND SOURCES - lib/tls/tls-client.c) - if (LWS_WITH_MBEDTLS) - list(APPEND SOURCES - lib/tls/mbedtls/mbedtls-client.c) - else() - list(APPEND SOURCES - lib/tls/openssl/openssl-client.c) - endif() - + lib/ssl-client.c) endif() endif() if (NOT LWS_WITHOUT_BUILTIN_SHA1) list(APPEND SOURCES - lib/misc/sha-1.c) + lib/sha-1.c) endif() -if (LWS_WITH_HTTP2 AND NOT LWS_WITHOUT_SERVER) +if (LWS_WITH_HTTP2) list(APPEND SOURCES - lib/roles/h2/http2.c - lib/roles/h2/hpack.c - lib/roles/h2/ops-h2.c) + lib/http2.c + lib/hpack.c + lib/ssl-http2.c) endif() # select the active platform files if (WIN32) list(APPEND SOURCES - lib/plat/windows/windows-fds.c - lib/plat/windows/windows-file.c - lib/plat/windows/windows-init.c - lib/plat/windows/windows-misc.c - lib/plat/windows/windows-pipe.c - lib/plat/windows/windows-plugins.c - lib/plat/windows/windows-service.c - lib/plat/windows/windows-sockets.c - ) + lib/lws-plat-win.c) else() - if (LWS_PLAT_OPTEE) + if (LWS_WITH_ESP8266) list(APPEND SOURCES - lib/plat/optee/lws-plat-optee.c - ) - if (LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/plat/optee/network.c - ) - endif() + lib/lws-plat-esp8266.c) else() - if (LWS_WITH_ESP32) + if (LWS_PLAT_OPTEE) list(APPEND SOURCES - lib/plat/esp32/esp32-fds.c - lib/plat/esp32/esp32-file.c - lib/plat/esp32/esp32-init.c - lib/plat/esp32/esp32-misc.c - lib/plat/esp32/esp32-pipe.c - lib/plat/esp32/esp32-service.c - lib/plat/esp32/esp32-sockets.c - lib/misc/romfs.c) - if(LWS_WITH_ESP32_HELPER) - list(APPEND SOURCES lib/plat/esp32/esp32-helpers.c) - endif() + lib/lws-plat-optee.c) else() - set(LWS_PLAT_UNIX 1) - list(APPEND SOURCES - lib/plat/unix/unix-caps.c - lib/plat/unix/unix-file.c - lib/plat/unix/unix-misc.c - lib/plat/unix/unix-init.c - ) - if (LWS_WITH_NETWORK) + if (LWS_WITH_ESP32) list(APPEND SOURCES - lib/plat/unix/unix-pipe.c - lib/plat/unix/unix-service.c - lib/plat/unix/unix-sockets.c - lib/plat/unix/unix-fds.c - ) - endif() - - if (LWS_WITH_PLUGINS AND LWS_WITH_LIBUV) - list(APPEND SOURCES lib/plat/unix/unix-plugins.c) + lib/lws-plat-esp32.c + lib/romfs.c) + else() + list(APPEND SOURCES + lib/lws-plat-unix.c) endif() endif() endif() endif() -if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_SERVER) +if (NOT LWS_WITHOUT_SERVER) list(APPEND SOURCES - lib/roles/http/server/server.c - lib/roles/http/server/lws-spa.c) + lib/server.c + lib/server-handshake.c) endif() -if (LWS_ROLE_WS AND NOT LWS_WITHOUT_EXTENSIONS) +if (NOT LWS_WITHOUT_EXTENSIONS) list(APPEND HDR_PRIVATE - lib/roles/ws/ext/extension-permessage-deflate.h) + lib/extension-permessage-deflate.h) list(APPEND SOURCES - lib/roles/ws/ext/extension.c - lib/roles/ws/ext/extension-permessage-deflate.c) + lib/extension.c + lib/extension-permessage-deflate.c) endif() if (LWS_WITH_HTTP_PROXY) list(APPEND SOURCES - lib/roles/http/server/rewrite.c) -endif() - -if (LWS_WITH_POLL AND LWS_WITH_NETWORK) - list(APPEND SOURCES - lib/event-libs/poll/poll.c) + lib/rewrite.c) endif() -if (LWS_WITH_LIBUV AND LWS_WITH_NETWORK) +if (LWS_WITH_LIBEV) list(APPEND SOURCES - lib/event-libs/libuv/libuv.c) + lib/libev.c) endif() -if (LWS_WITH_LIBEVENT AND LWS_WITH_NETWORK) +if (LWS_WITH_LIBUV) list(APPEND SOURCES - lib/event-libs/libevent/libevent.c) + lib/libuv.c) endif() -if (LWS_WITH_LIBEV AND LWS_WITH_NETWORK) +if (LWS_WITH_LIBEVENT) list(APPEND SOURCES - lib/event-libs/libev/libev.c) - # libev generates a big mess of warnings with gcc, maintainer claims gcc to blame - set_source_files_properties( lib/event-libs/libev/libev.c PROPERTIES COMPILE_FLAGS "-Wno-error" ) + lib/libevent.c) endif() if (LWS_WITH_LEJP) list(APPEND SOURCES - lib/misc/lejp.c) + lib/lejp.c) + list(APPEND HDR_PUBLIC + lib/lejp.h) endif() -if (LWS_WITH_LEJP_CONF AND LWS_WITH_NETWORK AND NOT LWS_PLAT_OPTEE) +if (LWS_WITH_LEJP_CONF) list(APPEND SOURCES - "lib/roles/http/server/lejp-conf.c" + "lib/lejp-conf.c" ) endif() -if (LWS_WITH_ABSTRACT) - list(APPEND SOURCES - lib/abstract/transports/unit-test.c) -endif() - if (LWS_WITH_SMTP) list(APPEND SOURCES - lib/abstract/protocols/smtp/smtp.c) + lib/smtp.c) endif() if (LWS_WITH_RANGES) list(APPEND SOURCES - lib/roles/http/server/ranges.c) + lib/ranges.c) endif() if (LWS_WITH_ZIP_FOPS) if (LWS_WITH_ZLIB) list(APPEND SOURCES - lib/roles/http/server/fops-zip.c) + lib/fops-zip.c) else() message(FATAL_ERROR "Pre-zipped file support (LWS_WITH_ZIP_FOPS) requires ZLIB (LWS_WITH_ZLIB)") endif() endif() -if (LWS_WITH_JOSE) - list(APPEND SOURCES - lib/jose/jwk/jwk.c - lib/jose/jws/jose.c - lib/jose/jws/jws.c - lib/jose/jwe/jwe.c - lib/jose/jwe/enc/aescbc.c - lib/jose/jwe/enc/aesgcm.c - lib/jose/jwe/enc/aeskw.c - lib/jose/jwe/jwe-rsa-aescbc.c - lib/jose/jwe/jwe-rsa-aesgcm.c - lib/jose/jwe/jwe-ecdh-es-aeskw.c - ) -endif() - -if (LWS_WITH_JOSE OR LWS_WITH_GENCRYPTO) - list(APPEND SOURCES - lib/tls/lws-gencrypto-common.c) -endif() - # Add helper files for Windows. if (WIN32) set(WIN32_HELPERS_PATH win32port/win32helpers) @@ -1437,82 +716,46 @@ else() # Unix. if (NOT LWS_WITHOUT_DAEMONIZE) list(APPEND SOURCES - lib/misc/daemonize.c) + lib/daemonize.c) endif() endif() if (UNIX) if (NOT LWS_HAVE_GETIFADDRS) - list(APPEND HDR_PRIVATE lib/misc/getifaddrs.h) - list(APPEND SOURCES lib/misc/getifaddrs.c) + list(APPEND HDR_PRIVATE lib/getifaddrs.h) + list(APPEND SOURCES lib/getifaddrs.c) endif() endif() -if ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) - set(COMPILER_IS_CLANG ON) -endif() - -if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR COMPILER_IS_CLANG) +if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR (CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) include (CheckCCompilerFlag) CHECK_C_COMPILER_FLAG(-fvisibility=hidden LWS_HAVE_VISIBILITY) if (LWS_HAVE_VISIBILITY) set(VISIBILITY_FLAG -fvisibility=hidden) endif() - if (LWS_WITH_GCOV) - set (GCOV_FLAGS "-fprofile-arcs -ftest-coverage ") - endif() - - if (LWS_WITH_ASAN) - set (ASAN_FLAGS "-fsanitize=address -fsanitize=undefined -fsanitize-address-use-after-scope -fsanitize-undefined-trap-on-error") - if (NOT COMPILER_IS_CLANG) - set (ASAN_FLAGS "${ASAN_FLAGS} -fsanitize=pointer-compare -fsanitize=pointer-subtract -fsanitize=leak") - endif() - message("Enabling ASAN") - endif() - - check_c_compiler_flag("-Wignored-qualifiers" LWS_GCC_HAS_IGNORED_QUALIFIERS) - check_c_compiler_flag("-Wtype-limits" LWS_GCC_HAS_TYPE_LIMITS) - - if (LWS_GCC_HAS_IGNORED_QUALIFIERS) - set(CMAKE_C_FLAGS "-Wignored-qualifiers ${CMAKE_C_FLAGS}" ) - endif() - - if (LWS_GCC_HAS_TYPE_LIMITS) - set(CMAKE_C_FLAGS "-Wtype-limits ${CMAKE_C_FLAGS}" ) - endif() - - if (UNIX AND NOT LWS_WITH_ESP32) - set(CMAKE_C_FLAGS "-Wall -Wsign-compare -Wuninitialized -Werror ${VISIBILITY_FLAG} -Wundef ${GCOV_FLAGS} ${CMAKE_C_FLAGS} ${ASAN_FLAGS}" ) + if (UNIX OR LWS_WITH_ESP8266) + set(CMAKE_C_FLAGS "-Wall -Werror ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" ) else() - set(CMAKE_C_FLAGS "-Wall -Wsign-compare -Wuninitialized -Werror ${VISIBILITY_FLAG} ${GCOV_FLAGS} ${CMAKE_C_FLAGS}" ) + set(CMAKE_C_FLAGS "-Wall ${VISIBILITY_FLAG} ${CMAKE_C_FLAGS}" ) endif() endif () -if (LWS_PLAT_OPTEE) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --sysroot ../../../../lib/libutils/isoc/include -I../../../../lib/libutils/isoc/include -I../../../../lib/libutils/ext/include" ) -endif() - if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT LWS_WITHOUT_TESTAPPS) - if (UNIX AND LWS_HAVE_PTHREAD_H) + if (UNIX AND LWS_MAX_SMP GREATER 1) # jeez clang understands -pthread but dies if he sees it at link time! # http://stackoverflow.com/questions/2391194/what-is-gs-pthread-equiv-in-clang set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread" ) endif() endif() -if (COMPILER_IS_CLANG) - +if ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) # otherwise osx blows a bunch of openssl deprecated api errors set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-deprecated-declarations" ) - if (UNIX AND LWS_HAVE_PTHREAD_H) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread" ) - endif() endif() source_group("Headers Private" FILES ${HDR_PRIVATE}) source_group("Headers Public" FILES ${HDR_PUBLIC}) source_group("Sources" FILES ${SOURCES}) -source_group("Resources" FILES ${RESOURCES}) # # Create the lib. @@ -1538,16 +781,9 @@ if (LWS_WITH_STATIC) endif() add_custom_command( TARGET websockets - COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/include/libwebsockets.h + COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/lib/libwebsockets.h ${CMAKE_CURRENT_BINARY_DIR}/include/libwebsockets.h ) - - add_custom_command( - TARGET websockets - COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_SOURCE_DIR}/include/libwebsockets/ - ${CMAKE_CURRENT_BINARY_DIR}/include/libwebsockets - ) - add_custom_command( TARGET websockets COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/lws_config.h @@ -1560,8 +796,7 @@ if (LWS_WITH_SHARED) add_library(websockets_shared SHARED ${HDR_PRIVATE} ${HDR_PUBLIC} - ${SOURCES} - ${RESOURCES}) + ${SOURCES}) list(APPEND LWS_LIBRARIES websockets_shared) # We want the shared lib to be named "libwebsockets" @@ -1585,16 +820,9 @@ if (LWS_WITH_SHARED) add_custom_command( TARGET websockets_shared - COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/include/libwebsockets.h + COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/lib/libwebsockets.h ${CMAKE_CURRENT_BINARY_DIR}/include/libwebsockets.h ) - - add_custom_command( - TARGET websockets - COMMAND ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_SOURCE_DIR}/include/libwebsockets - ${CMAKE_CURRENT_BINARY_DIR}/include/libwebsockets - ) - add_custom_command( TARGET websockets_shared COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/lws_config.h @@ -1606,7 +834,7 @@ endif() # Set the so version of the lib. # Equivalent to LDFLAGS=-version-info x:x:x -if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR COMPILER_IS_CLANG) +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR (CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) foreach(lib ${LWS_LIBRARIES}) set_target_properties(${lib} PROPERTIES @@ -1621,10 +849,10 @@ set(LIB_LIST) # # -# ZLIB (needed for deflate extension and if LWS_WITH_HTTP_STREAM_COMPRESSION) +# ZLIB (Only needed for deflate extensions). # if (LWS_WITH_ZLIB) - if (LWS_WITH_BUNDLED_ZLIB) + if (LWS_USE_BUNDLED_ZLIB) if (WIN32) set(WIN32_ZLIB_PATH "win32port/zlib") set(ZLIB_SRCS @@ -1632,6 +860,8 @@ if (LWS_WITH_ZLIB) ${WIN32_ZLIB_PATH}/compress.c ${WIN32_ZLIB_PATH}/crc32.c ${WIN32_ZLIB_PATH}/deflate.c + ${WIN32_ZLIB_PATH}/gzclose.c + ${WIN32_ZLIB_PATH}/gzio.c ${WIN32_ZLIB_PATH}/gzlib.c ${WIN32_ZLIB_PATH}/gzread.c ${WIN32_ZLIB_PATH}/gzwrite.c @@ -1654,31 +884,21 @@ if (LWS_WITH_ZLIB) message(FATAL_ERROR "Don't have bundled zlib for that platform") endif() elseif (NOT ZLIB_FOUND) - if (LWS_WITH_MINIZ) - find_package(Miniz REQUIRED) - set(ZLIB_INCLUDE_DIRS ${MINIZ_INCLUDE_DIRS}) - set(ZLIB_LIBRARIES ${MINIZ_LIBRARIES}) - else() - find_package(ZLIB REQUIRED) - endif() + find_package(ZLIB REQUIRED) endif() - message("zlib/miniz include dirs: ${ZLIB_INCLUDE_DIRS}") - message("zlib/miniz libraries: ${ZLIB_LIBRARIES}") + message("zlib include dirs: ${ZLIB_INCLUDE_DIRS}") + message("zlib libraries: ${ZLIB_LIBRARIES}") include_directories(${ZLIB_INCLUDE_DIRS}) list(APPEND LIB_LIST ${ZLIB_LIBRARIES}) endif() -if (LWS_WITH_HTTP_BROTLI) - list(APPEND LIB_LIST brotlienc brotlidec brotlidec) -endif() - # # OpenSSL # if (LWS_WITH_SSL) message("Compiling with SSL support") set(chose_ssl 0) - if (LWS_WITH_WOLFSSL) + if (LWS_USE_WOLFSSL) # Use wolfSSL as OpenSSL replacement. # TODO: Add a find_package command for this also. message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}") @@ -1688,7 +908,7 @@ if (LWS_WITH_SSL) # the wolfssl/ subdirectory which contains the OpenSSL # compatibility layer headers. - if (LWS_WITH_CYASSL) + if (LWS_USE_CYASSL) foreach(inc ${WOLFSSL_INCLUDE_DIRS}) include_directories("${inc}" "${inc}/cyassl") endforeach() @@ -1702,20 +922,8 @@ if (LWS_WITH_SSL) set(chose_ssl 1) endif() - if (LWS_WITH_MBEDTLS) - message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}") - message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}") - - foreach(inc ${MBEDTLS_INCLUDE_DIRS}) - include_directories("${inc}" "${inc}/mbedtls") - endforeach() - - list(APPEND LIB_LIST "${MBEDTLS_LIBRARIES}") - set(chose_ssl 1) - endif() - if (NOT chose_ssl) - if (NOT OPENSSL_FOUND AND NOT LWS_WITH_BORINGSSL) + if (NOT OPENSSL_FOUND AND NOT LWS_USE_BORINGSSL) # TODO: Add support for STATIC also. if (NOT LWS_WITH_ESP32) find_package(OpenSSL REQUIRED) @@ -1733,17 +941,13 @@ if (LWS_WITH_SSL) list(APPEND LIB_LIST ${OPENSSL_LIBRARIES}) endif() - if (NOT LWS_WITH_MBEDTLS) - # older (0.98) Openssl lacks this - set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS}) - check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H) + # older (0.98) Openssl lacks this + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS}) + check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H) - if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H) - message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT") - endif() - else() - unset(LWS_HAVE_OPENSSL_ECDH_H) - endif(NOT LWS_WITH_MBEDTLS) + if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H) + message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT") + endif() endif() endif(LWS_WITH_SSL) @@ -1805,18 +1009,11 @@ if (LWS_WITH_SQLITE3) endif() -if (LWS_WITH_HUBBUB) +if (LWS_WITH_HTTP_PROXY) find_library(LIBHUBBUB_LIBRARIES NAMES hubbub) list(APPEND LIB_LIST ${LIBHUBBUB_LIBRARIES} ) endif() -if (LWS_ROLE_DBUS) - message("dbus include dir 1: ${LWS_DBUS_INCLUDE1}") - message("dbus include dir 2: ${LWS_DBUS_INCLUDE2}") - include_directories("${LWS_DBUS_INCLUDE1}") - include_directories("${LWS_DBUS_INCLUDE2}") - list(APPEND LIB_LIST ${LWS_DBUS_LIB}) -endif() # # Platform specific libs. @@ -1827,26 +1024,16 @@ elseif (WIN32) list(APPEND LIB_LIST ws2_32.lib userenv.lib psapi.lib iphlpapi.lib) endif() -if (${CMAKE_SYSTEM_NAME} MATCHES "QNX") - list(APPEND LIB_LIST socket) -endif() - if (UNIX) list(APPEND LIB_LIST m) endif() -if(SMARTOS) - list(APPEND LIB_LIST socket) -endif() - -if (HAIKU) - list(APPEND LIB_LIST network) -endif() - if (LWS_HAVE_LIBCAP) list(APPEND LIB_LIST cap ) endif() + + # Setup the linking for all libs. foreach (lib ${LWS_LIBRARIES}) target_link_libraries(${lib} ${LIB_LIST}) @@ -1854,89 +1041,29 @@ endforeach() set (temp ${CMAKE_REQUIRED_LIBRARIES}) set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST}) - -if (LWS_WITH_ZLIB) - if (LWS_WITH_BUNDLED_ZLIB) - if (WIN32) - # it's trying to delete internal zlib entry - LIST(REMOVE_AT CMAKE_REQUIRED_LIBRARIES 0 ) - endif() - endif() -endif() - CHECK_FUNCTION_EXISTS(SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param) CHECK_FUNCTION_EXISTS(SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK) CHECK_FUNCTION_EXISTS(X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host) -CHECK_FUNCTION_EXISTS(RSA_set0_key LWS_HAVE_RSA_SET0_KEY) -CHECK_FUNCTION_EXISTS(X509_get_key_usage LWS_HAVE_X509_get_key_usage) -CHECK_FUNCTION_EXISTS(EVP_PKEY_new_raw_private_key LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key) -CHECK_FUNCTION_EXISTS(SSL_CTX_get0_certificate LWS_HAVE_SSL_CTX_get0_certificate) -CHECK_FUNCTION_EXISTS(SSL_get0_alpn_selected LWS_HAVE_SSL_get0_alpn_selected) -CHECK_FUNCTION_EXISTS(SSL_set_alpn_protos LWS_HAVE_SSL_set_alpn_protos) -CHECK_FUNCTION_EXISTS(EVP_aes_128_cfb8 LWS_HAVE_EVP_aes_128_cfb8) -CHECK_FUNCTION_EXISTS(EVP_aes_128_cfb128 LWS_HAVE_EVP_aes_128_cfb128) -CHECK_FUNCTION_EXISTS(EVP_aes_192_cfb8 LWS_HAVE_EVP_aes_192_cfb8) -CHECK_FUNCTION_EXISTS(EVP_aes_192_cfb128 LWS_HAVE_EVP_aes_192_cfb128) -CHECK_FUNCTION_EXISTS(EVP_aes_256_cfb8 LWS_HAVE_EVP_aes_256_cfb8) -CHECK_FUNCTION_EXISTS(EVP_aes_256_cfb128 LWS_HAVE_EVP_aes_256_cfb128) -CHECK_FUNCTION_EXISTS(EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts) -CHECK_FUNCTION_EXISTS(RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1) -CHECK_FUNCTION_EXISTS(HMAC_CTX_new LWS_HAVE_HMAC_CTX_new) -CHECK_FUNCTION_EXISTS(SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites) -if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS) - if (UNIX) - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} dl) - endif() -CHECK_C_SOURCE_COMPILES("#include \nint main(void) { STACK_OF(X509) *c = NULL; SSL_CTX *ctx = NULL; return (int)SSL_CTX_get_extra_chain_certs_only(ctx, &c); }\n" LWS_HAVE_SSL_EXTRA_CHAIN_CERTS) -CHECK_C_SOURCE_COMPILES("#include \nint main(void) { EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX_free(md_ctx); return 0; }\n" LWS_HAVE_EVP_MD_CTX_free) -CHECK_FUNCTION_EXISTS(ECDSA_SIG_set0 LWS_HAVE_ECDSA_SIG_set0) -CHECK_FUNCTION_EXISTS(BN_bn2binpad LWS_HAVE_BN_bn2binpad) -CHECK_FUNCTION_EXISTS(EVP_aes_128_wrap LWS_HAVE_EVP_aes_128_wrap) -CHECK_FUNCTION_EXISTS(EC_POINT_get_affine_coordinates LWS_HAVE_EC_POINT_get_affine_coordinates) -endif() -if (LWS_WITH_MBEDTLS) +if (LWS_WITH_ESP32) set(LWS_HAVE_TLS_CLIENT_METHOD 1) - if (NOT LWS_WITH_ESP32) - # not supported in esp-idf openssl wrapper yet, but is in our version - set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1) - endif() - - CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_alpn_protocols LWS_HAVE_mbedtls_ssl_conf_alpn_protocols) - CHECK_FUNCTION_EXISTS(mbedtls_ssl_get_alpn_protocol LWS_HAVE_mbedtls_ssl_get_alpn_protocol) - CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_sni LWS_HAVE_mbedtls_ssl_conf_sni) - CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_ca_chain LWS_HAVE_mbedtls_ssl_set_hs_ca_chain) - CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode) - CHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init) - else() CHECK_FUNCTION_EXISTS(TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD) CHECK_FUNCTION_EXISTS(TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD) endif() - -# ideally we want to use pipe2() - -CHECK_C_SOURCE_COMPILES("#define _GNU_SOURCE\n#include \nint main(void) {int fd[2];\n return pipe2(fd, 0);\n}\n" LWS_HAVE_PIPE2) - -# tcp keepalive needs this on linux to work practically... but it only exists -# after kernel 2.6.37 - -CHECK_C_SOURCE_COMPILES("#include \nint main(void) { return TCP_USER_TIMEOUT; }\n" LWS_HAVE_TCP_USER_TIMEOUT) - set(CMAKE_REQUIRED_LIBRARIES ${temp}) # Generate the lws_config.h that includes all the public compilation settings. configure_file( - "${PROJECT_SOURCE_DIR}/cmake/lws_config.h.in" + "${PROJECT_SOURCE_DIR}/lws_config.h.in" "${PROJECT_BINARY_DIR}/lws_config.h") # Generate the lws_config.h that includes all the private compilation settings. configure_file( - "${PROJECT_SOURCE_DIR}/cmake/lws_config_private.h.in" + "${PROJECT_SOURCE_DIR}/lws_config_private.h.in" "${PROJECT_BINARY_DIR}/lws_config_private.h") # Generate self-signed SSL certs for the test-server. -if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL) +if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) message("Searching for OpenSSL executable and dlls") find_package(OpenSSLbins) message("OpenSSL executable: ${OPENSSL_EXECUTABLE}") @@ -1951,7 +1078,7 @@ endif() set(GENCERTS 0) -if (LWS_WITH_SSL AND OPENSSL_EXECUTABLE AND NOT LWS_WITHOUT_TEST_SERVER AND NOT LWS_WITHOUT_SERVER AND NOT LWS_WITHOUT_TESTAPPS) +if (LWS_WITH_SSL AND OPENSSL_EXECUTABLE AND NOT LWS_WITHOUT_TEST_SERVER) set(GENCERTS 1) endif() if (LWS_WITH_ESP32) @@ -2028,7 +1155,7 @@ endif() # Test applications # set(TEST_APP_LIST) -if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) +if (NOT LWS_WITHOUT_TESTAPPS) # # Helper function for adding a test app. # @@ -2085,13 +1212,6 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) endif() target_link_libraries(${TEST_NAME} websockets) add_dependencies(${TEST_NAME} websockets) - if (UNIX AND LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS) - target_link_libraries(${TEST_NAME} dl) - endif() - endif() - - if (LWS_WITH_HTTP_STREAM_COMPRESSION) - target_link_libraries(${TEST_NAME} z) endif() # Set test app specific defines. @@ -2111,44 +1231,83 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) if (UNIX AND LWS_WITH_PLUGINS) set(CMAKE_C_FLAGS "-fPIC ${CMAKE_C_FLAGS}") - if(NOT((${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD") OR (${CMAKE_SYSTEM_NAME} MATCHES "QNX"))) + if(NOT(${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")) target_link_libraries(websockets dl) endif() endif() + + + if (NOT LWS_WITHOUT_SERVER) # # test-server # if (NOT LWS_WITHOUT_TEST_SERVER) - create_test_app(test-server "test-apps/test-server.c" - "" - "" - "" - "" - "") - - if (LWS_WITH_CGI) - create_test_app(test-sshd "test-apps/test-sshd.c" - "" - "" + create_test_app(test-server "test-server/test-server.c" + "test-server/test-server-http.c" + "test-server/test-server-dumb-increment.c" "" "" "") - target_include_directories(test-sshd PRIVATE "${PROJECT_SOURCE_DIR}/plugins/ssh-base/include") - + if (UNIX) + create_test_app(test-fuzxy "test-server/fuzxy.c" + "" + "" + "" + "" + "") + endif() + if (UNIX AND NOT ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) AND LWS_MAX_SMP GREATER 1) + create_test_app(test-server-pthreads + "test-server/test-server-pthreads.c" + "test-server/test-server-http.c" + "test-server/test-server-dumb-increment.c" + "" + "" + "") + endif() + if (NOT ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) + AND LWS_WITH_LIBEV) + create_test_app(test-server-libev + "test-server/test-server-libev.c" + "test-server/test-server-http.c" + "test-server/test-server-dumb-increment.c" + "" + "" + "") + # libev generates a big mess of warnings with gcc, maintainers blame gcc + set_source_files_properties( test-server/test-server-libev.c PROPERTIES COMPILE_FLAGS "-Wno-error" ) + endif() + if (NOT ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) + AND LWS_WITH_LIBUV) + create_test_app(test-server-libuv + "test-server/test-server-libuv.c" + "test-server/test-server-http.c" + "" + "" + "" + "") + endif() + if (NOT ((CMAKE_C_COMPILER_ID MATCHES "Clang") OR (CMAKE_CXX_COMPILER_ID MATCHES "Clang")) + AND LWS_WITH_LIBEVENT) + create_test_app(test-server-libevent + "test-server/test-server-libevent.c" + "test-server/test-server-http.c" + "test-server/test-server-dumb-increment.c" + "" + "" + "") endif() - endif() # # test-server-extpoll # - if (NOT LWS_WITHOUT_TEST_SERVER_EXTPOLL AND NOT WIN32) - create_test_app(test-server-extpoll - "test-apps/test-server.c" - "" - "" + if (NOT LWS_WITHOUT_TEST_SERVER_EXTPOLL) + create_test_app(test-server-extpoll "test-server/test-server.c" + "test-server/test-server-http.c" + "test-server/test-server-dumb-increment.c" "" "" "") @@ -2166,10 +1325,13 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) endif(WIN32) endif() - if (LWS_WITH_LEJP) + # + # test-server-v2.0 + # + if (LWS_WITH_PLUGINS) create_test_app( - test-lejp - "test-apps/test-lejp.c" + test-server-v2.0 + "test-server/test-server-v2.0.c" "" "" "" @@ -2178,17 +1340,13 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) endif() # Data files for running the test server. - list(APPEND TEST_SERVER_DATA - "${PROJECT_SOURCE_DIR}/test-apps/favicon.ico" - "${PROJECT_SOURCE_DIR}/test-apps/leaf.jpg" - "${PROJECT_SOURCE_DIR}/test-apps/candide.zip" - "${PROJECT_SOURCE_DIR}/test-apps/libwebsockets.org-logo.svg" - "${PROJECT_SOURCE_DIR}/test-apps/http2.png" - "${PROJECT_SOURCE_DIR}/test-apps/wss-over-h2.png" - "${PROJECT_SOURCE_DIR}/test-apps/lws-common.js" - "${PROJECT_SOURCE_DIR}/test-apps/test.html" - "${PROJECT_SOURCE_DIR}/test-apps/test.css" - "${PROJECT_SOURCE_DIR}/test-apps/test.js") + set(TEST_SERVER_DATA + "${PROJECT_SOURCE_DIR}/test-server/favicon.ico" + "${PROJECT_SOURCE_DIR}/test-server/leaf.jpg" + "${PROJECT_SOURCE_DIR}/test-server/candide.zip" + "${PROJECT_SOURCE_DIR}/test-server/libwebsockets.org-logo.png" + "${PROJECT_SOURCE_DIR}/test-server/lws-common.js" + "${PROJECT_SOURCE_DIR}/test-server/test.html") add_custom_command(TARGET test-server POST_BUILD @@ -2210,14 +1368,34 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) # test-client # if (NOT LWS_WITHOUT_TEST_CLIENT) - create_test_app(test-client "test-apps/test-client.c" "" "" "" "" "") + create_test_app(test-client "test-server/test-client.c" "" "" "" "" "") + endif() + + # + # test-fraggle + # + if (NOT LWS_WITHOUT_TEST_FRAGGLE) + create_test_app(test-fraggle "test-server/test-fraggle.c" "" "" "" "" "") + endif() + + # + # test-ping + # + if (NOT LWS_WITHOUT_TEST_PING) + create_test_app(test-ping "test-server/test-ping.c" "" "" "" "" "") + endif() + # + # test-echo + # + if (NOT LWS_WITHOUT_TEST_ECHO) + create_test_app(test-echo "test-server/test-echo.c" "" "" "" "" "") endif() endif(NOT LWS_WITHOUT_CLIENT) if (LWS_WITH_PLUGINS AND LWS_WITH_SHARED) - macro(create_plugin PLUGIN_NAME PLUGIN_INCLUDE MAIN_SRC S2 S3) + macro(create_plugin PLUGIN_NAME MAIN_SRC S2 S3) set(PLUGIN_SRCS ${MAIN_SRC}) @@ -2249,7 +1427,6 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) target_link_libraries(${PLUGIN_NAME} websockets_shared) add_dependencies(${PLUGIN_NAME} websockets_shared) - include_directories(${PLUGIN_INCLUDE}) # Set test app specific defines. set_property(TARGET ${PLUGIN_NAME} @@ -2257,9 +1434,6 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) INSTALL_DATADIR="${CMAKE_INSTALL_PREFIX}/plugins" ) - SET_TARGET_PROPERTIES(${PLUGIN_NAME} - PROPERTIES COMPILE_FLAGS ${CMAKE_C_FLAGS}) - # set_target_properties(${PLUGIN_NAME} # PROPERTIES # OUTPUT_NAME ${PLUGIN_NAME}) @@ -2268,67 +1442,36 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) endmacro() -if (LWS_ROLE_WS) - create_plugin(protocol_dumb_increment "" + + create_plugin(protocol_lws_meta + "plugins/protocol_lws_meta.c" "" "") + create_plugin(protocol_dumb_increment "plugins/protocol_dumb_increment.c" "" "") - create_plugin(protocol_lws_mirror "" + create_plugin(protocol_lws_mirror "plugins/protocol_lws_mirror.c" "" "") - create_plugin(protocol_lws_status "" + create_plugin(protocol_lws_status "plugins/protocol_lws_status.c" "" "") - create_plugin(protocol_lws_table_dirlisting "" + create_plugin(protocol_post_demo + "plugins/protocol_post_demo.c" "" "") + create_plugin(protocol_lws_table_dirlisting "plugins/generic-table/protocol_table_dirlisting.c" "" "") if (NOT WIN32) - create_plugin(protocol_lws_raw_test "" + create_plugin(protocol_lws_raw_test "plugins/protocol_lws_raw_test.c" "" "") - - create_plugin(protocol_deaddrop "" - "plugins/deaddrop/protocol_lws_deaddrop.c" "" "") - endif() if (LWS_WITH_SERVER_STATUS) - create_plugin(protocol_lws_server_status "" + create_plugin(protocol_lws_server_status "plugins/protocol_lws_server_status.c" "" "") endif() if (NOT LWS_WITHOUT_CLIENT) - create_plugin(protocol_client_loopback_test "" + create_plugin(protocol_client_loopback_test "plugins/protocol_client_loopback_test.c" "" "") -endif() - -endif() - - create_plugin(protocol_post_demo "" - "plugins/protocol_post_demo.c" "" "") - -if (LWS_ROLE_RAW_PROXY) - create_plugin(protocol_lws_raw_proxy "" - "plugins/raw-proxy/protocol_lws_raw_proxy.c" "" "") -endif() +endif(NOT LWS_WITHOUT_CLIENT) -if (LWS_WITH_FTS) - create_plugin(protocol_fulltext_demo "" - "plugins/protocol_fulltext_demo.c" "" "") -endif() - - -if (LWS_WITH_SSL) - create_plugin(protocol_lws_ssh_base "plugins/ssh-base/include" - "plugins/ssh-base/sshd.c;plugins/ssh-base/telnet.c;plugins/ssh-base/kex-25519.c" "plugins/ssh-base/crypto/chacha.c;plugins/ssh-base/crypto/ed25519.c;plugins/ssh-base/crypto/fe25519.c;plugins/ssh-base/crypto/ge25519.c;plugins/ssh-base/crypto/poly1305.c;plugins/ssh-base/crypto/sc25519.c;plugins/ssh-base/crypto/smult_curve25519_ref.c" "") - create_plugin(protocol_lws_sshd_demo "plugins/ssh-base/include" "plugins/protocol_lws_sshd_demo.c" "" "") - - include_directories("${PROJECT_SOURCE_DIR}/plugins/ssh-base/include") -endif() - - - -if (LWS_WITH_ACME) - create_plugin(protocol_lws_acme_client "" - "plugins/acme-client/protocol_lws_acme_client.c" "" "") -endif() - -if (LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) - create_plugin(protocol_generic_sessions "" +if (LWS_WITH_GENERIC_SESSIONS) + create_plugin(protocol_generic_sessions "plugins/generic-sessions/protocol_generic_sessions.c" "plugins/generic-sessions/utils.c" "plugins/generic-sessions/handlers.c") @@ -2339,7 +1482,7 @@ if (LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) target_link_libraries(protocol_generic_sessions sqlite3 ) endif(WIN32) - create_plugin(protocol_lws_messageboard "" + create_plugin(protocol_lws_messageboard "plugins/generic-sessions/protocol_lws_messageboard.c" "" "") if (WIN32) target_link_libraries(protocol_lws_messageboard ${LWS_SQLITE3_LIBRARIES}) @@ -2347,7 +1490,7 @@ if (LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) target_link_libraries(protocol_lws_messageboard sqlite3 ) endif(WIN32) -endif(LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) +endif(LWS_WITH_GENERIC_SESSIONS) endif(LWS_WITH_PLUGINS AND LWS_WITH_SHARED) @@ -2356,7 +1499,7 @@ endif(LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) # Copy OpenSSL dlls to the output directory on Windows. # (Otherwise we'll get an error when trying to run) # - if (WIN32 AND LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL) + if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) if(OPENSSL_BIN_FOUND) message("OpenSSL dlls found:") message(" Libeay: ${LIBEAY_BIN}") @@ -2369,20 +1512,10 @@ endif(LWS_WITH_GENERIC_SESSIONS AND LWS_ROLE_WS) add_custom_command(TARGET ${TARGET_BIN} POST_BUILD COMMAND "${CMAKE_COMMAND}" -E copy "${SSLEAY_BIN}" "$" VERBATIM) - - # - # Win32: if we are using libuv, also need to copy it in the output dir - # - if (WIN32 AND LWS_WITH_LIBUV) - STRING(REPLACE ".lib" ".dll" LIBUV_BIN ${LIBUV_LIBRARIES}) - add_custom_command(TARGET ${TARGET_BIN} - POST_BUILD - COMMAND "${CMAKE_COMMAND}" -E copy "${LIBUV_BIN}" "$" VERBATIM) - endif() endforeach() endif() endif() -endif((LWS_ROLE_H1 OR LWS_ROLE_H2) AND NOT LWS_WITHOUT_TESTAPPS) +endif(NOT LWS_WITHOUT_TESTAPPS) if (LWS_WITH_LWSWS) list(APPEND LWSWS_SRCS @@ -2471,11 +1604,8 @@ endif() set(LWS_INSTALL_CMAKE_DIR ${DEF_INSTALL_CMAKE_DIR} CACHE PATH "Installation directory for CMake files") # Export targets (This is used for other CMake projects to easily find the libraries and include files). -if (LWS_WITH_EXPORT_LWSTARGETS) - export(TARGETS ${LWS_LIBRARIES} - FILE "${PROJECT_BINARY_DIR}/LibwebsocketsTargets.cmake") -endif() - +export(TARGETS ${LWS_LIBRARIES} + FILE "${PROJECT_BINARY_DIR}/LibwebsocketsTargets.cmake") export(PACKAGE libwebsockets) # Generate the config file for the build-tree. @@ -2517,9 +1647,6 @@ configure_file(${PROJECT_SOURCE_DIR}/cmake/LibwebsocketsConfigVersion.cmake.in # Installation. # -install(DIRECTORY include/libwebsockets - DESTINATION "${LWS_INSTALL_INCLUDE_DIR}" COMPONENT dev_headers) - # Install libs and headers. install(TARGETS ${LWS_LIBRARIES} EXPORT LibwebsocketsTargets @@ -2527,7 +1654,6 @@ install(TARGETS ${LWS_LIBRARIES} ARCHIVE DESTINATION "${LWS_INSTALL_LIB_DIR}${LIB_SUFFIX}" COMPONENT libraries RUNTIME DESTINATION "${LWS_INSTALL_BIN_DIR}" COMPONENT libraries # Windows DLLs PUBLIC_HEADER DESTINATION "${LWS_INSTALL_INCLUDE_DIR}" COMPONENT dev) - set(CPACK_COMPONENT_LIBRARIES_DISPLAY_NAME "Libraries") set(CPACK_COMPONENT_DEV_DISPLAY_NAME "Development files") @@ -2551,11 +1677,11 @@ if (NOT LWS_WITHOUT_TESTAPPS AND NOT LWS_WITHOUT_SERVER) DESTINATION share/libwebsockets-test-server COMPONENT examples) - install(FILES "${PROJECT_SOURCE_DIR}/test-apps/private/index.html" + install(FILES "${PROJECT_SOURCE_DIR}/test-server/private/index.html" DESTINATION share/libwebsockets-test-server/private COMPONENT examples) if (LWS_WITH_CGI) - set(CGI_TEST_SCRIPT "${PROJECT_SOURCE_DIR}/test-apps/lws-cgi-test.sh") + set(CGI_TEST_SCRIPT "${PROJECT_SOURCE_DIR}/test-server/lws-cgi-test.sh") install(FILES ${CGI_TEST_SCRIPT} PERMISSIONS OWNER_EXECUTE GROUP_EXECUTE WORLD_EXECUTE OWNER_READ GROUP_READ WORLD_READ DESTINATION share/libwebsockets-test-server @@ -2563,13 +1689,6 @@ if (LWS_WITH_CGI) endif() endif() - -if (NOT LWS_WITHOUT_TEST_SERVER AND NOT LWS_WITHOUT_SERVER AND NOT LWS_WITHOUT_TESTAPPS) - install(FILES test-apps/lws-ssh-test-keys;test-apps/lws-ssh-test-keys.pub - DESTINATION share/libwebsockets-test-server - COMPONENT examples) -endif() - # plugins if (LWS_WITH_PLUGINS) @@ -2577,16 +1696,8 @@ if (LWS_WITH_PLUGINS) PERMISSIONS OWNER_WRITE OWNER_EXECUTE GROUP_EXECUTE WORLD_EXECUTE OWNER_READ GROUP_READ WORLD_READ DESTINATION share/libwebsockets-test-server/plugins COMPONENT plugins) - - if (NOT WIN32) - install(FILES plugins/deaddrop/assets/index.html;plugins/deaddrop/assets/deaddrop.js;plugins/deaddrop/assets/deaddrop.css;plugins/deaddrop/assets/drop.svg - DESTINATION share/libwebsockets-test-server/deaddrop - COMPONENT plugins) - endif() - - if (LWS_WITH_SERVER_STATUS) - install(FILES plugins/server-status.html;plugins/server-status.js;plugins/server-status.css;plugins/lwsws-logo.png + install(FILES plugins/server-status.html;plugins/lwsws-logo.png DESTINATION share/libwebsockets-test-server/server-status COMPONENT examples) endif() @@ -2596,7 +1707,6 @@ if (LWS_WITH_GENERIC_SESSIONS) plugins/generic-sessions/assets/seats.jpg plugins/generic-sessions/assets/failed-login.html plugins/generic-sessions/assets/lwsgs.js - plugins/generic-sessions/assets/lwsgs.css plugins/generic-sessions/assets/post-register-fail.html plugins/generic-sessions/assets/post-register-ok.html plugins/generic-sessions/assets/post-verify-ok.html @@ -2631,20 +1741,18 @@ install(FILES DESTINATION "${LWS_INSTALL_CMAKE_DIR}" COMPONENT dev) # Install exports for the install-tree. -if (LWS_WITH_EXPORT_LWSTARGETS) - install(EXPORT LibwebsocketsTargets - DESTINATION "${LWS_INSTALL_CMAKE_DIR}" COMPONENT dev) -endif() +install(EXPORT LibwebsocketsTargets + DESTINATION "${LWS_INSTALL_CMAKE_DIR}" COMPONENT dev) # build subdir is not part of sources -set(CPACK_SOURCE_IGNORE_FILES $(CPACK_SOURCE_IGNORE_FILES) "/.git/" "/build/" "\\\\.tgz$" "\\\\.tar\\\\.gz$") +set(CPACK_SOURCE_IGNORE_FILES $(CPACK_SOURCE_IGNORE_FILES) ".git" "build" "tgz" "tar.gz") # Most people are more used to "make dist" compared to "make package_source" add_custom_target(dist COMMAND "${CMAKE_MAKE_PROGRAM}" package_source) include(UseRPMTools) if (RPMTools_FOUND) - RPMTools_ADD_RPM_TARGETS(libwebsockets scripts/libwebsockets.spec) + RPMTools_ADD_RPM_TARGETS(libwebsockets libwebsockets.spec) endif() message("---------------------------------------------------------------------") @@ -2654,12 +1762,11 @@ message(" LWS_WITH_STATIC = ${LWS_WITH_STATIC}") message(" LWS_WITH_SHARED = ${LWS_WITH_SHARED}") message(" LWS_WITH_SSL = ${LWS_WITH_SSL} (SSL Support)") message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}") -message(" LWS_WITH_WOLFSSL = ${LWS_WITH_WOLFSSL} (wolfSSL/CyaSSL replacement for OpenSSL)") -if (LWS_WITH_WOLFSSL) +message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL/CyaSSL replacement for OpenSSL)") +if (LWS_USE_WOLFSSL) message(" LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}") message(" LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}") endif() -message(" LWS_WITH_MBEDTLS = ${LWS_WITH_MBEDTLS} (mbedTLS replacement for OpenSSL)") message(" LWS_WITHOUT_BUILTIN_SHA1 = ${LWS_WITHOUT_BUILTIN_SHA1}") message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}") message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}") @@ -2669,23 +1776,23 @@ message(" LWS_WITHOUT_TESTAPPS = ${LWS_WITHOUT_TESTAPPS}") message(" LWS_WITHOUT_TEST_SERVER = ${LWS_WITHOUT_TEST_SERVER}") message(" LWS_WITHOUT_TEST_SERVER_EXTPOLL = ${LWS_WITHOUT_TEST_SERVER_EXTPOLL}") message(" LWS_WITHOUT_TEST_PING = ${LWS_WITHOUT_TEST_PING}") +message(" LWS_WITHOUT_TEST_ECHO = ${LWS_WITHOUT_TEST_ECHO}") message(" LWS_WITHOUT_TEST_CLIENT = ${LWS_WITHOUT_TEST_CLIENT}") +message(" LWS_WITHOUT_TEST_FRAGGLE = ${LWS_WITHOUT_TEST_FRAGGLE}") message(" LWS_WITHOUT_EXTENSIONS = ${LWS_WITHOUT_EXTENSIONS}") message(" LWS_WITH_LATENCY = ${LWS_WITH_LATENCY}") message(" LWS_WITHOUT_DAEMONIZE = ${LWS_WITHOUT_DAEMONIZE}") -message(" LWS_WITH_LIBEV = ${LWS_WITH_LIBEV}") -message(" LWS_WITH_LIBUV = ${LWS_WITH_LIBUV}") -message(" LWS_WITH_LIBEVENT = ${LWS_WITH_LIBEVENT}") +message(" LWS_USE_LIBEV = ${LWS_USE_LIBEV}") +message(" LWS_USE_LIBUV = ${LWS_USE_LIBUV}") +message(" LWS_USE_LIBEVENT = ${LWS_USE_LIBEVENT}") message(" LWS_IPV6 = ${LWS_IPV6}") message(" LWS_UNIX_SOCK = ${LWS_UNIX_SOCK}") message(" LWS_WITH_HTTP2 = ${LWS_WITH_HTTP2}") message(" LWS_SSL_SERVER_WITH_ECDH_CERT = ${LWS_SSL_SERVER_WITH_ECDH_CERT}") message(" LWS_MAX_SMP = ${LWS_MAX_SMP}") -message(" LWS_HAVE_PTHREAD_H = ${LWS_HAVE_PTHREAD_H}") message(" LWS_WITH_CGI = ${LWS_WITH_CGI}") message(" LWS_HAVE_OPENSSL_ECDH_H = ${LWS_HAVE_OPENSSL_ECDH_H}") message(" LWS_HAVE_SSL_CTX_set1_param = ${LWS_HAVE_SSL_CTX_set1_param}") -message(" LWS_HAVE_RSA_SET0_KEY = ${LWS_HAVE_RSA_SET0_KEY}") message(" LWS_WITH_HTTP_PROXY = ${LWS_WITH_HTTP_PROXY}") message(" LIBHUBBUB_LIBRARIES = ${LIBHUBBUB_LIBRARIES}") message(" PLUGINS = ${PLUGINS_LIST}") @@ -2705,13 +1812,10 @@ message(" LWS_WITH_STATS = ${LWS_WITH_STATS}") message(" LWS_WITH_SOCKS5 = ${LWS_WITH_SOCKS5}") message(" LWS_HAVE_SYS_CAPABILITY_H = ${LWS_HAVE_SYS_CAPABILITY_H}") message(" LWS_HAVE_LIBCAP = ${LWS_HAVE_LIBCAP}") -message(" LWS_WITH_PEER_LIMITS = ${LWS_WITH_PEER_LIMITS}") message(" LWS_HAVE_ATOLL = ${LWS_HAVE_ATOLL}") message(" LWS_HAVE__ATOI64 = ${LWS_HAVE__ATOI64}") message(" LWS_HAVE_STAT32I64 = ${LWS_HAVE_STAT32I64}") message(" LWS_HAS_INTPTR_T = ${LWS_HAS_INTPTR_T}") -message(" LWS_WITH_EXPORT_LWSTARGETS = ${LWS_WITH_EXPORT_LWSTARGETS}") -message(" LWS_WITH_ABSTRACT = ${LWS_WITH_ABSTRACT}") message("---------------------------------------------------------------------") @@ -2724,32 +1828,5 @@ if (LWS_WITH_SHARED) set(LIBWEBSOCKETS_LIBRARIES_SHARED websockets_shared CACHE STRING "Libwebsocket shared library") endif() -if (LWS_WITH_MINIMAL_EXAMPLES) - MACRO(SUBDIRLIST result curdir) - FILE(GLOB children RELATIVE ${curdir} ${curdir}/*) - SET(dirlist "") - - FOREACH(child ${children}) - IF(IS_DIRECTORY ${curdir}/${child}) - LIST(APPEND dirlist ${child}) - ENDIF() - ENDFOREACH() - - SET(${result} ${dirlist}) - ENDMACRO() - - SUBDIRLIST(SUBDIRS "${PROJECT_SOURCE_DIR}/minimal-examples") - FOREACH(subdir ${SUBDIRS}) - - SUBDIRLIST(SUBDIRS2 "${PROJECT_SOURCE_DIR}/minimal-examples/${subdir}") - FOREACH(subdir2 ${SUBDIRS2}) - if (EXISTS "${PROJECT_SOURCE_DIR}/minimal-examples/${subdir}/${subdir2}/CMakeLists.txt") - message("Processing ${PROJECT_SOURCE_DIR}/minimal-examples/${subdir}/${subdir2}") - add_subdirectory("${PROJECT_SOURCE_DIR}/minimal-examples/${subdir}/${subdir2}") - endif() - ENDFOREACH() - ENDFOREACH() -ENDIF() - # This must always be last! include(CPack) diff --git a/cmake/FindLibWebSockets.cmake b/FindLibWebSockets.cmake similarity index 100% rename from cmake/FindLibWebSockets.cmake rename to FindLibWebSockets.cmake diff --git a/LICENSE b/LICENSE index 6c7cd90..9ce0f41 100644 --- a/LICENSE +++ b/LICENSE @@ -33,21 +33,19 @@ to get original sources with the liberal terms. Original liberal license retained - - lib/misc/sha-1.c - 3-clause BSD license retained, link to original + - lib/sha-1.c - 3-clause BSD license retained, link to original - win32port/zlib - ZLIB license (see zlib.h) - - lib/tls/mbedtls/wrapper - Apache 2.0 (only built if linked against mbedtls) Relicensed to libwebsocket license - - lib/misc/base64-decode.c - relicensed to LGPL2.1+SLE, link to original - - lib/misc/daemonize.c - relicensed from Public Domain to LGPL2.1+SLE, - link to original Public Domain version + - lib/base64-decode.c - relicensed to LGPL2.1+SLE, link to original + - lib/daemonize.c - relicensed from Public Domain to LGPL2.1+SLE, + link to original Public Domain version Public Domain (CC-zero) to simplify reuse - - test-apps/*.c - - test-apps/*.h - - minimal-examples/* + - test-server/*.c + - test-server/*.h - lwsws/* ------ end of exceptions diff --git a/Makefile.projbuild b/Makefile.projbuild deleted file mode 100644 index 3145eaf..0000000 --- a/Makefile.projbuild +++ /dev/null @@ -1 +0,0 @@ -CPPFLAGS += -I$(BUILD_DIR_BASE)/libwebsockets/include diff --git a/README.build.md b/README.build.md new file mode 100644 index 0000000..dd3494a --- /dev/null +++ b/README.build.md @@ -0,0 +1,469 @@ +Notes about building lws +======================== + + +@section cm Introduction to CMake + +CMake is a multi-platform build tool that can generate build files for many +different target platforms. See more info at http://www.cmake.org + +CMake also allows/recommends you to do "out of source"-builds, that is, +the build files are separated from your sources, so there is no need to +create elaborate clean scripts to get a clean source tree, instead you +simply remove your build directory. + +Libwebsockets has been tested to build successfully on the following platforms +with SSL support (for OpenSSL/wolfSSL/BoringSSL): + +- Windows (Visual Studio) +- Windows (MinGW) +- Linux (x86 and ARM) +- OSX +- NetBSD + + +@section build1 Building the library and test apps + +The project settings used by CMake to generate the platform specific build +files is called [CMakeLists.txt](CMakeLists.txt). CMake then uses one of its "Generators" to +output a Visual Studio project or Make file for instance. To see a list of +the available generators for your platform, simply run the "cmake" command. + +Note that by default OpenSSL will be linked, if you don't want SSL support +see below on how to toggle compile options. + + +@section bu Building on Unix: + +1. Install CMake 2.8 or greater: http://cmake.org/cmake/resources/software.html + (Most Unix distributions comes with a packaged version also) + +2. Install OpenSSL. + +3. Generate the build files (default is Make files): +``` + $ cd /path/to/src + $ mkdir build + $ cd build + $ cmake .. +``` + +4. Finally you can build using the generated Makefile: +``` + $ make && sudo make install +``` +**NOTE**: The `build/`` directory can have any name and be located anywhere + on your filesystem, and that the argument `..` given to cmake is simply + the source directory of **libwebsockets** containing the [CMakeLists.txt](CMakeLists.txt) + project file. All examples in this file assumes you use ".." + +**NOTE2**: +A common option you may want to give is to set the install path, same +as --prefix= with autotools. It defaults to /usr/local. +You can do this by, eg +``` + $ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr . +``` + +**NOTE3**: +On machines that want libraries in lib64, you can also add the +following to the cmake line +``` + -DLIB_SUFFIX=64 +``` + +**NOTE4**: +If you are building against a non-distro OpenSSL (eg, in order to get +access to ALPN support only in newer OpenSSL versions) the nice way to +express that in one cmake command is eg, +``` + $ cmake .. -DOPENSSL_ROOT_DIR=/usr/local/ssl \ + -DCMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE=/usr/local/ssl \ + -DLWS_WITH_HTTP2=1 +``` + +When you run the test apps using non-distro SSL, you have to force them +to use your libs, not the distro ones +``` + $ LD_LIBRARY_PATH=/usr/local/ssl/lib libwebsockets-test-server --ssl +``` + +To get it to build on latest openssl (2016-04-10) it needed this approach +``` + cmake .. -DLWS_WITH_HTTP2=1 -DLWS_OPENSSL_INCLUDE_DIRS=/usr/local/include/openssl -DLWS_OPENSSL_LIBRARIES="/usr/local/lib64/libssl.so;/usr/local/lib64/libcrypto.so" +``` + +Mac users have reported + +``` + $ export OPENSSL_ROOT_DIR=/usr/local/Cellar/openssl/1.0.2k; cmake ..; make -j4 +``` + +worked for them when using "homebrew" OpenSSL + +**NOTE5**: +To build with debug info and _DEBUG for lower priority debug messages +compiled in, use +``` + $ cmake .. -DCMAKE_BUILD_TYPE=DEBUG +``` + +**NOTE6** +To build on Solaris the linker needs to be informed to use lib socket +and libnsl, and only builds in 64bit mode. + +```bash + $ cmake .. -DCMAKE_C_FLAGS=-m64 -DCMAKE_EXE_LINKER_FLAGS="-lsocket -lnsl" +``` + +4. Finally you can build using the generated Makefile: + +```bash + $ make + ``` + +@section lcap Linux Capabilities + +On Linux, lws now lets you retain selected root capabilities when dropping +privileges. If libcap-dev or similar package is installed providing +sys/capabilities.h, and libcap or similar package is installed providing +libcap.so, CMake will enable the capability features. + +The context creation info struct .caps[] and .count_caps members can then +be set by user code to enable selected root capabilities to survive the +transition to running under an unprivileged user. + +@section cmq Quirk of cmake + +When changing cmake options, for some reason the only way to get it to see the +changes sometimes is delete the contents of your build directory and do the +cmake from scratch. + +deleting build/CMakeCache.txt may be enough. + + +@section cmw Building on Windows (Visual Studio) + +1. Install CMake 2.6 or greater: http://cmake.org/cmake/resources/software.html + +2. Install OpenSSL binaries. http://www.openssl.org/related/binaries.html + + (**NOTE**: Preferably in the default location to make it easier for CMake to find them) + + **NOTE2**: + Be sure that OPENSSL_CONF environment variable is defined and points at + \bin\openssl.cfg + +3. Generate the Visual studio project by opening the Visual Studio cmd prompt: + +``` + cd + md build + cd build + cmake -G "Visual Studio 10" .. +``` + + (**NOTE**: There is also a cmake-gui available on Windows if you prefer that) + + **NOTE2**: + See this link to find out the version number corresponding to your Visual Studio edition: + http://superuser.com/a/194065 + +4. Now you should have a generated Visual Studio Solution in your + `/build` directory, which can be used to build. + +5. Some additional deps may be needed + + - iphlpapi.lib + - psapi.lib + - userenv.lib + +6. If you're using libuv, you must make sure to compile libuv with the same multithread-dll / Mtd attributes as libwebsockets itself + + +@section cmwmgw Building on Windows (MinGW) + +1. Install MinGW: http://sourceforge.net/projects/mingw/files + + (**NOTE**: Preferably in the default location C:\MinGW) + +2. Fix up MinGW headers + + a) If still necessary, sdd the following lines to C:\MinGW\include\winsock2.h: +``` + #if(_WIN32_WINNT >= 0x0600) + + typedef struct pollfd { + + SOCKET fd; + SHORT events; + SHORT revents; + + } WSAPOLLFD, *PWSAPOLLFD, FAR *LPWSAPOLLFD; + + WINSOCK_API_LINKAGE int WSAAPI WSAPoll(LPWSAPOLLFD fdArray, ULONG fds, INT timeout); + + #endif // (_WIN32_WINNT >= 0x0600) +``` + + Update crtdefs.h line 47 to say: + +``` + typedef __int64 ssize_t; +``` + + b) Create C:\MinGW\include\mstcpip.h and copy and paste the content from following link into it: + + https://github.com/Alexpux/mingw-w64/blob/master/mingw-w64-headers/include/mstcpip.h + +3. Install CMake 2.6 or greater: http://cmake.org/cmake/resources/software.html + +4. Install OpenSSL binaries. http://www.openssl.org/related/binaries.html + + (**NOTE**: Preferably in the default location to make it easier for CMake to find them) + + **NOTE2**: + Be sure that OPENSSL_CONF environment variable is defined and points at + \bin\openssl.cfg + +5. Generate the build files (default is Make files) using MSYS shell: +``` + $ cd /drive/path/to/src + $ mkdir build + $ cd build + $ cmake -G "MSYS Makefiles" -DCMAKE_INSTALL_PREFIX=C:/MinGW .. +``` + (**NOTE**: The `build/`` directory can have any name and be located anywhere + on your filesystem, and that the argument `..` given to cmake is simply + the source directory of **libwebsockets** containing the [CMakeLists.txt](CMakeLists.txt) + project file. All examples in this file assumes you use "..") + + **NOTE2**: + To generate build files allowing to create libwebsockets binaries with debug information + set the CMAKE_BUILD_TYPE flag to DEBUG: +``` + $ cmake -G "MSYS Makefiles" -DCMAKE_INSTALL_PREFIX=C:/MinGW -DCMAKE_BUILD_TYPE=DEBUG .. +``` +6. Finally you can build using the generated Makefile and get the results deployed into your MinGW installation: + +``` + $ make + $ make install +``` + +@section optee Building for OP-TEE + +OP-TEE is a "Secure World" Trusted Execution Environment. + +Although lws is only part of the necessary picture to have an https-enabled +TA, it does support OP-TEE as a platform and if you provide the other +pieces, does work very well. + +Select it in cmake with `-DLWS_PLAT_OPTEE=1` + + +@section cmco Setting compile options + +To set compile time flags you can either use one of the CMake gui applications +or do it via the command line. + +@subsection cmcocl Command line + +To list available options (omit the H if you don't want the help text): + + cmake -LH .. + +Then to set an option and build (for example turn off SSL support): + + cmake -DLWS_WITH_SSL=0 .. +or + cmake -DLWS_WITH_SSL:BOOL=OFF .. + +@subsection cmcoug Unix GUI + +If you have a curses-enabled build you simply type: +(not all packages include this, my debian install does not for example). + + ccmake + +@subsection cmcowg Windows GUI + +On windows CMake comes with a gui application: + Start -> Programs -> CMake -> CMake (cmake-gui) + + +@section wolf wolfSSL/CyaSSL replacement for OpenSSL + +wolfSSL/CyaSSL is a lightweight SSL library targeted at embedded systems: +https://www.wolfssl.com/wolfSSL/Products-wolfssl.html + +It contains a OpenSSL compatibility layer which makes it possible to pretty +much link to it instead of OpenSSL, giving a much smaller footprint. + +**NOTE**: wolfssl needs to be compiled using the `--enable-opensslextra` flag for +this to work. + +@section wolf1 Compiling libwebsockets with wolfSSL + +``` + cmake .. -DLWS_USE_WOLFSSL=1 \ + -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \ + -DLWS_WOLFSSL_LIBRARIES=/path/to/wolfssl/wolfssl.a .. +``` + +**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIBRARIES` instead. + +@section cya Compiling libwebsockets with CyaSSL + +``` + cmake .. -DLWS_USE_CYASSL=1 \ + -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \ + -DLWS_CYASSL_LIBRARIES=/path/to/wolfssl/cyassl.a .. +``` + +**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead. + +@section esp32 Building for ESP32 + +Step 1, get ESP-IDF with lws integrated as a component + +``` + $ git clone --int --recursive https://github.com/lws-team/lws-esp-idf +``` + +Step 2: Get Application including the test plugins + +``` + $ git clone https://github.com/lws-team/lws-esp32 +``` + +Set your IDF_PATH to point to the esp-idf you downloaded in 1) + +There's docs for how to build the lws-esp32 test app and reproduce it in the README.md here + +https://github.com/lws-team/lws-esp32/blob/master/README.md + + +@section extplugins Building plugins outside of lws itself + +The directory ./plugin-standalone/ shows how easy it is to create plugins +outside of lws itself. First build lws itself with -DLWS_WITH_PLUGINS, +then use the same flow to build the standalone plugin +``` + cd ./plugin-standalone + mkdir build + cd build + cmake .. + make && sudo make install +``` + +if you changed the default plugin directory when you built lws, you must +also give the same arguments to cmake here (eg, +` -DCMAKE_INSTALL_PREFIX:PATH=/usr/something/else...` ) + +Otherwise if you run lwsws or libwebsockets-test-server-v2.0, it will now +find the additional plugin "libprotocol_example_standalone.so" +``` + lwsts[21257]: Plugins: + lwsts[21257]: libprotocol_dumb_increment.so + lwsts[21257]: libprotocol_example_standalone.so + lwsts[21257]: libprotocol_lws_mirror.so + lwsts[21257]: libprotocol_lws_server_status.so + lwsts[21257]: libprotocol_lws_status.so +``` +If you have multiple vhosts, you must enable plugins at the vhost +additionally, discovered plugins are not enabled automatically for security +reasons. You do this using info->pvo or for lwsws, in the JSON config. + + +@section http2rp Reproducing HTTP2.0 tests + +You must have built and be running lws against a version of openssl that has +ALPN / NPN. Most distros still have older versions. You'll know it's right by +seeing +``` + lwsts[4752]: Compiled with OpenSSL support + lwsts[4752]: Using SSL mode + lwsts[4752]: HTTP2 / ALPN enabled +``` +at lws startup. + +For non-SSL HTTP2.0 upgrade +``` + $ nghttp -nvasu http://localhost:7681/test.htm +``` +For SSL / ALPN HTTP2.0 upgrade +``` + $ nghttp -nvas https://localhost:7681/test.html +``` + +@section cross Cross compiling + +To enable cross-compiling **libwebsockets** using CMake you need to create +a "Toolchain file" that you supply to CMake when generating your build files. +CMake will then use the cross compilers and build paths specified in this file +to look for dependencies and such. + +**Libwebsockets** includes an example toolchain file [cross-arm-linux-gnueabihf.cmake](cross-arm-linux-gnueabihf.cmake) +you can use as a starting point. + +The commandline to configure for cross with this would look like +``` + $ cmake .. -DCMAKE_INSTALL_PREFIX:PATH=/usr \ + -DCMAKE_TOOLCHAIN_FILE=../cross-arm-linux-gnueabihf.cmake \ + -DLWS_WITHOUT_EXTENSIONS=1 -DLWS_WITH_SSL=0 +``` +The example shows how to build with no external cross lib dependencies, you +need to provide the cross libraries otherwise. + +**NOTE**: start from an EMPTY build directory if you had a non-cross build in there + before the settings will be cached and your changes ignored. + +Additional information on cross compilation with CMake: + http://www.vtk.org/Wiki/CMake_Cross_Compiling + +@section mem Memory efficiency + +Embedded server-only configuration without extensions (ie, no compression +on websocket connections), but with full v13 websocket features and http +server, built on ARM Cortex-A9: + +Update at 8dac94d (2013-02-18) +``` + $ ./configure --without-client --without-extensions --disable-debug --without-daemonize + + Context Creation, 1024 fd limit[2]: 16720 (includes 12 bytes per fd) + Per-connection [3]: 72 bytes, +1328 during headers + + .text .rodata .data .bss + 11512 2784 288 4 +``` +This shows the impact of the major configuration with/without options at +13ba5bbc633ea962d46d using Ubuntu ARM on a PandaBoard ES. + +These are accounting for static allocations from the library elf, there are +additional dynamic allocations via malloc. These are a bit old now but give +the right idea for relative "expense" of features. + +Static allocations, ARM9 + +| | .text | .rodata | .data | .bss | +|--------------------------------|---------|---------|-------|------| +| All (no without) | 35024 | 9940 | 336 | 4104 | +| without client | 25684 | 7144 | 336 | 4104 | +| without client, exts | 21652 | 6288 | 288 | 4104 | +| without client, exts, debug[1] | 19756 | 3768 | 288 | 4104 | +| without server | 30304 | 8160 | 336 | 4104 | +| without server, exts | 25382 | 7204 | 288 | 4104 | +| without server, exts, debug[1] | 23712 | 4256 | 288 | 4104 | + +[1] `--disable-debug` only removes messages below `lwsl_notice`. Since that is +the default logging level the impact is not noticeable, error, warn and notice +logs are all still there. + +[2] `1024` fd per process is the default limit (set by ulimit) in at least Fedora +and Ubuntu. You can make significant savings tailoring this to actual expected +peak fds, ie, at a limit of `20`, context creation allocation reduces to `4432 + +240 = 4672`) + +[3] known header content is freed after connection establishment diff --git a/READMEs/README.coding.md b/README.coding.md similarity index 55% rename from READMEs/README.coding.md rename to README.coding.md index 40aa506..c1c4a3f 100644 --- a/READMEs/README.coding.md +++ b/README.coding.md @@ -1,104 +1,6 @@ Notes about coding with lws =========================== -@section era Old lws and lws v2.0 - -Originally lws only supported the "manual" method of handling everything in the -user callback found in test-server.c / test-server-http.c. - -Since v2.0, the need for most or all of this manual boilerplate has been -eliminated: the protocols[0] http stuff is provided by a generic lib export -`lws_callback_http_dummy()`. You can serve parts of your filesystem at part of -the URL space using mounts, the dummy http callback will do the right thing. - -It's much preferred to use the "automated" v2.0 type scheme, because it's less -code and it's easier to support. - -The minimal examples all use the modern, recommended way. - -If you just need generic serving capability, without the need to integrate lws -to some other app, consider not writing any server code at all, and instead use -the generic server `lwsws`, and writing your special user code in a standalone -"plugin". The server is configured for mounts etc using JSON, see -./READMEs/README.lwsws.md. - -Although the "plugins" are dynamically loaded if you use lwsws or lws built -with libuv, actually they may perfectly well be statically included if that -suits your situation better, eg, ESP32 test server, where the platform does -not support processes or dynamic loading, just #includes the plugins -one after the other and gets the same benefit from the same code. - -Isolating and collating the protocol code in one place also makes it very easy -to maintain and understand. - -So it if highly recommended you put your protocol-specific code into the -form of a "plugin" at the source level, even if you have no immediate plan to -use it dynamically-loaded. - -@section writeable Only send data when socket writeable - -You should only send data on a websocket connection from the user callback -`LWS_CALLBACK_SERVER_WRITEABLE` (or `LWS_CALLBACK_CLIENT_WRITEABLE` for -clients). - -If you want to send something, do NOT just send it but request a callback -when the socket is writeable using - - - `lws_callback_on_writable(wsi)` for a specific `wsi`, or - - - `lws_callback_on_writable_all_protocol(protocol)` for all connections -using that protocol to get a callback when next writeable. - -Usually you will get called back immediately next time around the service -loop, but if your peer is slow or temporarily inactive the callback will be -delayed accordingly. Generating what to write and sending it should be done -in the ...WRITEABLE callback. - -See the test server code for an example of how to do this. - -Otherwise evolved libs like libuv get this wrong, they will allow you to "send" -anything you want but it only uses up your local memory (and costs you -memcpys) until the socket can actually accept it. It is much better to regulate -your send action by the downstream peer readiness to take new data in the first -place, avoiding all the wasted buffering. - -Libwebsockets' concept is that the downstream peer is truly the boss, if he, -or our connection to him, cannot handle anything new, we should not generate -anything new for him. This is how unix shell piping works, you may have -`cat a.txt | grep xyz > remote", but actually that does not cat anything from -a.txt while remote cannot accept anything new. - -@section oneper Only one lws_write per WRITEABLE callback - -From v2.5, lws strictly enforces only one lws_write() per WRITEABLE callback. - -You will receive a message about "Illegal back-to-back write of ... detected" -if there is a second lws_write() before returning to the event loop. - -This is because with http/2, the state of the network connection carrying a -wsi is unrelated to any state of the wsi. The situation on http/1 where a -new request implied a new tcp connection and new SSL buffer, so you could -assume some window for writes is no longer true. Any lws_write() can fail -and be buffered for completion by lws; it will be auto-completed by the -event loop. - -Note that if you are handling your own http responses, writing the headers -needs to be done with a separate lws_write() from writing any payload. That -means after writing the headers you must call `lws_callback_on_writable(wsi)` -and send any payload from the writable callback. - -@section otherwr Do not rely on only your own WRITEABLE requests appearing - -Libwebsockets may generate additional `LWS_CALLBACK_CLIENT_WRITEABLE` events -if it met network conditions where it had to buffer your send data internally. - -So your code for `LWS_CALLBACK_CLIENT_WRITEABLE` needs to own the decision -about what to send, it can't assume that just because the writeable callback -came something is ready to send. - -It's quite possible you get an 'extra' writeable callback at any time and -just need to `return 0` and wait for the expected callback later. - @section dae Daemonization There's a helper api `lws_daemonize` built by default that does everything you @@ -108,7 +10,8 @@ headless background process and exit the starting process. Notice stdout, stderr, stdin are all redirected to /dev/null to enforce your daemon is headless, so you'll need to sort out alternative logging, by, eg, -syslog via `lws_set_log_level(..., lwsl_emit_syslog)`. +syslog. + @section conns Maximum number of connections @@ -122,153 +25,81 @@ If you want to restrict that allocation, or increase it, you can use ulimit or similar to change the available number of file descriptors, and when restarted **libwebsockets** will adapt accordingly. -@section peer_limits optional LWS_WITH_PEER_LIMITS - -If you select `LWS_WITH_PEER_LIMITS` at cmake, then lws will track peer IPs -and monitor how many connections and ah resources they are trying to use -at one time. You can choose to limit these at context creation time, using -`info.ip_limit_ah` and `info.ip_limit_wsi`. - -Note that although the ah limit is 'soft', ie, the connection will just wait -until the IP is under the ah limit again before attaching a new ah, the -wsi limit is 'hard', lws will drop any additional connections from the -IP until it's under the limit again. - -If you use these limits, you should consider multiple clients may simultaneously -try to access the site through NAT, etc. So the limits should err on the side -of being generous, while still making it impossible for one IP to exhaust -all the server resources. @section evtloop Libwebsockets is singlethreaded -Libwebsockets works in a serialized event loop, in a single thread. It supports -the default poll() backend, and libuv, libev, and libevent event loop -libraries that also take this locking-free, nonblocking event loop approach that -is not threadsafe. There are several advantages to this technique, but one -disadvantage, it doesn't integrate easily if there are multiple threads that -want to use libwebsockets. - -However integration to multithreaded apps is possible if you follow some guidelines. +Libwebsockets works in a serialized event loop, in a single thread. -1) Aside from two APIs, directly calling lws apis from other threads is not allowed. +Directly performing websocket actions from other threads is not allowed. +Aside from the internal data being inconsistent in `forked()` processes, +the scope of a `wsi` (`struct websocket`) can end at any time during service +with the socket closing and the `wsi` freed. -2) If you want to keep a list of live wsi, you need to use lifecycle callbacks on -the protocol in the service thread to manage the list, with your own locking. -Typically you use an ESTABLISHED callback to add ws wsi to your list and a CLOSED -callback to remove them. +Websocket write activities should only take place in the +`LWS_CALLBACK_SERVER_WRITEABLE` callback as described below. -3) LWS regulates your write activity by being able to let you know when you may -write more on a connection. That reflects the reality that you cannot succeed to -send data to a peer that has no room for it, so you should not generate or buffer -write data until you know the peer connection can take more. +[This network-programming necessity to link the issue of new data to +the peer taking the previous data is not obvious to all users so let's +repeat that in other words: -Other libraries pretend that the guy doing the writing is the boss who decides -what happens, and absorb as much as you want to write to local buffering. That does -not scale to a lot of connections, because it will exhaust your memory and waste -time copying data around in memory needlessly. +***ONLY DO LWS_WRITE FROM THE WRITEABLE CALLBACK*** -The truth is the receiver, along with the network between you, is the boss who -decides what will happen. If he stops accepting data, no data will move. LWS is -designed to reflect that. +There is another network-programming truism that surprises some people which +is if the sink for the data cannot accept more: -If you have something to send, you call `lws_callback_on_writable()` on the -connection, and when it is writeable, you will get a `LWS_CALLBACK_SERVER_WRITEABLE` -callback, where you should generate the data to send and send it with `lws_write()`. +***YOU MUST PERFORM RX FLOW CONTROL*** -You cannot send data using `lws_write()` outside of the WRITEABLE callback. - -4) For multithreaded apps, this corresponds to a need to be able to provoke the -`lws_callback_on_writable()` action and to wake the service thread from its event -loop wait (sleeping in `poll()` or `epoll()` or whatever). The rules above -mean directly sending data on the connection from another thread is out of the -question. - -Therefore the two apis mentioned above that may be used from another thread are - - - For LWS using the default poll() event loop, `lws_callback_on_writable()` - - - For LWS using libuv/libev/libevent event loop, `lws_cancel_service()` +See the mirror protocol implementations for example code. -If you are using the default poll() event loop, one "foreign thread" at a time may -call `lws_callback_on_writable()` directly for a wsi. You need to use your own -locking around that to serialize multiple thread access to it. +Only live connections appear in the user callbacks, so this removes any +possibility of trying to used closed and freed wsis. -If you implement LWS_CALLBACK_GET_THREAD_ID in protocols[0], then LWS will detect -when it has been called from a foreign thread and automatically use -`lws_cancel_service()` to additionally wake the service loop from its wait. +If you need to service other socket or file descriptors as well as the +websocket ones, you can combine them together with the websocket ones +in one poll loop, see "External Polling Loop support" below, and +still do it all in one thread / process context. -For libuv/libev/libevent event loop, they cannot handle being called from other -threads. So there is a slightly different scheme, you may call `lws_cancel_service()` -to force the event loop to end immediately. This then broadcasts a callback (in the -service thread context) `LWS_CALLBACK_EVENT_WAIT_CANCELLED`, to all protocols on all -vhosts, where you can perform your own locking and walk a list of wsi that need -`lws_callback_on_writable()` calling on them. +If you insist on trying to use it from multiple threads, take special care if +you might simultaneously create more than one context from different threads. -`lws_cancel_service()` is very cheap to call. +SSL_library_init() is called from the context create api and it also is not +reentrant. So at least create the contexts sequentially. -5) The obverse of this truism about the receiver being the boss is the case where -we are receiving. If we get into a situation we actually can't usefully -receive any more, perhaps because we are passing the data on and the guy we want -to send to can't receive any more, then we should "turn off RX" by using the -RX flow control API, `lws_rx_flow_control(wsi, 0)`. When something happens where we -can accept more RX, (eg, we learn our onward connection is writeable) we can call -it again to re-enable it on the incoming wsi. -LWS stops calling back about RX immediately you use flow control to disable RX, it -buffers the data internally if necessary. So you will only see RX when you can -handle it. When flow control is disabled, LWS stops taking new data in... this makes -the situation known to the sender by TCP "backpressure", the tx window fills and the -sender finds he cannot write any more to the connection. +@section writeable Only send data when socket writeable -See the mirror protocol implementations for example code. +You should only send data on a websocket connection from the user callback +`LWS_CALLBACK_SERVER_WRITEABLE` (or `LWS_CALLBACK_CLIENT_WRITEABLE` for +clients). -If you need to service other socket or file descriptors as well as the -websocket ones, you can combine them together with the websocket ones -in one poll loop, see "External Polling Loop support" below, and -still do it all in one thread / process context. If the need is less -architectural, you can also create RAW mode client and serving sockets; this -is how the lws plugin for the ssh server works. +If you want to send something, do not just send it but request a callback +when the socket is writeable using -@section anonprot Working without a protocol name + - `lws_callback_on_writable(context, wsi)` for a specific `wsi`, or + + - `lws_callback_on_writable_all_protocol(protocol)` for all connections +using that protocol to get a callback when next writeable. -Websockets allows connections to negotiate without a protocol name... -in that case by default it will bind to the first protocol in your -vhost protocols[] array. +Usually you will get called back immediately next time around the service +loop, but if your peer is slow or temporarily inactive the callback will be +delayed accordingly. Generating what to write and sending it should be done +in the ...WRITEABLE callback. -You can tell the vhost to use a different protocol by attaching a -pvo (per-vhost option) to the +See the test server code for an example of how to do this. -``` -/* - * this sets a per-vhost, per-protocol option name:value pair - * the effect is to set this protocol to be the default one for the vhost, - * ie, selected if no Protocol: header is sent with the ws upgrade. - */ - -static const struct lws_protocol_vhost_options pvo_opt = { - NULL, - NULL, - "default", - "1" -}; -static const struct lws_protocol_vhost_options pvo = { - NULL, - &pvo_opt, - "my-protocol", - "" -}; +@section otherwr Do not rely on only your own WRITEABLE requests appearing -... +Libwebsockets may generate additional `LWS_CALLBACK_CLIENT_WRITEABLE` events +if it met network conditions where it had to buffer your send data internally. - context_info.pvo = &pvo; -... +So your code for `LWS_CALLBACK_CLIENT_WRITEABLE` needs to own the decision +about what to send, it can't assume that just because the writeable callback +came it really is time to send something. -``` +It's quite possible you get an 'extra' writeable callback at any time and +just need to `return 0` and wait for the expected callback later. -Will select "my-protocol" from your protocol list (even if it came -in by plugin) as being the target of client connections that don't -specify a protocol. @section closing Closing connections from the user side @@ -305,7 +136,8 @@ Clients with limited storage and RAM will find this useful; the memory needed for the inflate case is constrained so that only one input buffer at a time is ever in memory. -To use this feature, ensure LWS_WITH_ZIP_FOPS is enabled at CMake. +To use this feature, ensure LWS_WITH_ZIP_FOPS is enabled at CMake (it is by +default). `libwebsockets-test-server-v2.0` includes a mount using this technology already, run that test server and navigate to http://localhost:7681/ziptest/candide.html @@ -378,19 +210,7 @@ If you are not building with _DEBUG defined, ie, without this then log levels below notice do not actually get compiled in. -@section asan Building with ASAN - -Under GCC you can select for the build to be instrumented with the Address -Sanitizer, using `cmake .. -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_ASAN=1`. LWS is routinely run during development with valgrind, but ASAN is capable of finding different issues at runtime, like operations which are not strictly defined in the C -standard and depend on platform behaviours. - -Run your application like this - -``` - $ sudo ASAN_OPTIONS=verbosity=2:halt_on_error=1 /usr/local/bin/lwsws -``` -and attach gdb to catch the place it halts. @section extpoll External Polling Loop support @@ -400,9 +220,10 @@ external polling array. That's needed if **libwebsockets** will cooperate with an existing poll array maintained by another server. -Three callbacks `LWS_CALLBACK_ADD_POLL_FD`, `LWS_CALLBACK_DEL_POLL_FD` -and `LWS_CALLBACK_CHANGE_MODE_POLL_FD` appear in the callback for protocol 0 -and allow interface code to manage socket descriptors in other poll loops. +Four callbacks `LWS_CALLBACK_ADD_POLL_FD`, `LWS_CALLBACK_DEL_POLL_FD`, +`LWS_CALLBACK_SET_MODE_POLL_FD` and `LWS_CALLBACK_CLEAR_MODE_POLL_FD` +appear in the callback for protocol 0 and allow interface code to +manage socket descriptors in other poll loops. You can pass all pollfds that need service to `lws_service_fd()`, even if the socket or file does not belong to **libwebsockets** it is safe. @@ -423,26 +244,6 @@ reflecting the real event: - use LWS_POLLHUP / LWS_POLLIN / LWS_POLLOUT from libwebsockets.h to avoid losing windows compatibility -You also need to take care about "forced service" somehow... these are cases -where the network event was consumed, incoming data was all read, for example, -but the work arising from it was not completed. There will not be any more -network event to trigger the remaining work, Eg, we read compressed data, but -we did not use up all the decompressed data before returning to the event loop -because we had to write some of it. - -Lws provides an API to determine if anyone is waiting for forced service, -`lws_service_adjust_timeout(context, 1, tsi)`, normally tsi is 0. If it returns -0, then at least one connection has pending work you can get done by calling -`lws_service_tsi(context, -1, tsi)`, again normally tsi is 0. - -For eg, the default poll() event loop, or libuv/ev/event, lws does this -checking for you and handles it automatically. But in the external polling -loop case, you must do it explicitly. Handling it after every normal service -triggered by the external poll fd should be enough, since the situations needing -it are initially triggered by actual network events. - -An example of handling it is shown in the test-server code specific to -external polling. @section cpp Using with in c++ apps @@ -450,7 +251,7 @@ The library is ready for use by C++ apps. You can get started quickly by copying the test server ``` - $ cp test-apps/test-server.c test.cpp + $ cp test-server/test-server.c test.cpp ``` and building it in C++ like this @@ -477,75 +278,6 @@ isn't processed by user code before then should be copied out for later. For HTTP connections that don't upgrade, header info remains available the whole time. -@section http2compat Code Requirements for HTTP/2 compatibility - -Websocket connections only work over http/1, so there is nothing special to do -when you want to enable -DLWS_WITH_HTTP2=1. - -The internal http apis already follow these requirements and are compatible with -http/2 already. So if you use stuff like mounts and serve stuff out of the -filesystem, there's also nothing special to do. - -However if you are getting your hands dirty with writing response headers, or -writing bulk data over http/2, you need to observe these rules so that it will -work over both http/1.x and http/2 the same. - -1) LWS_PRE requirement applies on ALL lws_write(). For http/1, you don't have -to take care of LWS_PRE for http data, since it is just sent straight out. -For http/2, it will write up to LWS_PRE bytes behind the buffer start to create -the http/2 frame header. - -This has implications if you treated the input buffer to lws_write() as const... -it isn't any more with http/2, up to 9 bytes behind the buffer will be trashed. - -2) Headers are encoded using a sophisticated scheme in http/2. The existing -header access apis are already made compatible for incoming headers, -for outgoing headers you must: - - - observe the LWS_PRE buffer requirement mentioned above - - - Use `lws_add_http_header_status()` to add the transaction status (200 etc) - - - use lws apis `lws_add_http_header_by_name()` and `lws_add_http_header_by_token()` - to put the headers into the buffer (these will translate what is actually - written to the buffer depending on if the connection is in http/2 mode or not) - - - use the `lws api lws_finalize_http_header()` api after adding the last - response header - - - write the header using lws_write(..., `LWS_WRITE_HTTP_HEADERS`); - - 3) http/2 introduces per-stream transmit credit... how much more you can send - on a stream is decided by the peer. You start off with some amount, as the - stream sends stuff lws will reduce your credit accordingly, when it reaches - zero, you must not send anything further until lws receives "more credit" for - that stream the peer. Lws will suppress writable callbacks if you hit 0 until - more credit for the stream appears, and lws built-in file serving (via mounts - etc) already takes care of observing the tx credit restrictions. However if - you write your own code that wants to send http data, you must consult the - `lws_get_peer_write_allowance()` api to find out the state of your tx credit. - For http/1, it will always return (size_t)-1, ie, no limit. - - This is orthogonal to the question of how much space your local side's kernel - will make to buffer your send data on that connection. So although the result - from `lws_get_peer_write_allowance()` is "how much you can send" logically, - and may be megabytes if the peer allows it, you should restrict what you send - at one time to whatever your machine will generally accept in one go, and - further reduce that amount if `lws_get_peer_write_allowance()` returns - something smaller. If it returns 0, you should not consume or send anything - and return having asked for callback on writable, it will only come back when - more tx credit has arrived for your stream. - - 4) Header names with captital letters are illegal in http/2. Header names in - http/1 are case insensitive. So if you generate headers by name, change all - your header name strings to lower-case to be compatible both ways. - - 5) Chunked Transfer-encoding is illegal in http/2, http/2 peers will actively - reject it. Lws takes care of removing the header and converting CGIs that - emit chunked into unchunked automatically for http/2 connections. - -If you follow these rules, your code will automatically work with both http/1.x -and http/2. @section ka TCP Keepalive @@ -589,20 +321,6 @@ if left `NULL`, then the "DEFAULT" set of ciphers are all possible to select. You can also set it to `"ALL"` to allow everything (including insecure ciphers). -@section sslcerts Passing your own cert information direct to SSL_CTX - -For most users it's enough to pass the SSL certificate and key information by -giving filepaths to the info.ssl_cert_filepath and info.ssl_private_key_filepath -members when creating the vhost. - -If you want to control that from your own code instead, you can do so by leaving -the related info members NULL, and setting the info.options flag -LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX at vhost creation time. That will create -the vhost SSL_CTX without any certificate, and allow you to use the callback -LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS to add your certificate to -the SSL_CTX directly. The vhost SSL_CTX * is in the user parameter in that -callback. - @section clientasync Async nature of client connections When you call `lws_client_connect_info(..)` and get a `wsi` back, it does not @@ -619,7 +337,7 @@ other reasons, if any of that happens you'll get a After attempting the connection and getting back a non-`NULL` `wsi` you should loop calling `lws_service()` until one of the above callbacks occurs. -As usual, see [test-client.c](../test-apps/test-client.c) for example code. +As usual, see [test-client.c](test-server/test-client.c) for example code. Notice that the client connection api tries to progress the connection somewhat before returning. That means it's possible to get callbacks like @@ -754,9 +472,7 @@ callbacks on the named protocol starting with LWS_CALLBACK_RAW_ADOPT_FILE. -The minimal example `raw/minimal-raw-file` demonstrates how to use it. - -`protocol-lws-raw-test` plugin also provides a method for testing this with +`protocol-lws-raw-test` plugin provides a method for testing this with `libwebsockets-test-server-v2.0`: The plugin creates a FIFO on your system called "/tmp/lws-test-raw" @@ -777,8 +493,7 @@ HTTP[s] and WS[s]. If the first bytes written on the connection are not a valid HTTP method, then the connection switches to RAW mode. This is disabled by default, you enable it by setting the `.options` flag -LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG, and setting -`.listen_accept_role` to `"raw-skt"` when creating the vhost. +LWS_SERVER_OPTION_FALLBACK_TO_RAW when creating the vhost. RAW mode socket connections receive the following callbacks @@ -790,8 +505,16 @@ RAW mode socket connections receive the following callbacks ``` You can control which protocol on your vhost handles these RAW mode -incoming connections by setting the vhost info struct's `.listen_accept_protocol` -to the vhost protocol name to use. +incoming connections by marking the selected protocol with a pvo `raw`, eg + +``` + "protocol-lws-raw-test": { + "status": "ok", + "raw": "1" + }, +``` + +The "raw" pvo marks this protocol as being used for RAW connections. `protocol-lws-raw-test` plugin provides a method for testing this with `libwebsockets-test-server-v2.0`: @@ -833,46 +556,6 @@ and in another window, connect to it using the test client The connection should succeed, and text typed in the netcat window (including a CRLF) will be received in the client. -@section rawudp RAW UDP socket integration - -Lws provides an api to create, optionally bind, and adopt a RAW UDP -socket (RAW here means an uninterpreted normal UDP socket, not a -"raw socket"). - -``` -LWS_VISIBLE LWS_EXTERN struct lws * -lws_create_adopt_udp(struct lws_vhost *vhost, int port, int flags, - const char *protocol_name, struct lws *parent_wsi); -``` - -`flags` should be `LWS_CAUDP_BIND` if the socket will receive packets. - -The callbacks `LWS_CALLBACK_RAW_ADOPT`, `LWS_CALLBACK_RAW_CLOSE`, -`LWS_CALLBACK_RAW_RX` and `LWS_CALLBACK_RAW_WRITEABLE` apply to the -wsi. But UDP is different than TCP in some fundamental ways. - -For receiving on a UDP connection, data becomes available at -`LWS_CALLBACK_RAW_RX` as usual, but because there is no specific -connection with UDP, it is necessary to also get the source address of -the data separately, using `struct lws_udp * lws_get_udp(wsi)`. -You should take a copy of the `struct lws_udp` itself (not the -pointer) and save it for when you want to write back to that peer. - -Writing is also a bit different for UDP. By default, the system has no -idea about the receiver state and so asking for a `callback_on_writable()` -always believes that the socket is writeable... the callback will -happen next time around the event loop. - -With UDP, there is no single "connection". You need to write with sendto() and -direct the packets to a specific destination. To return packets to a -peer who sent something earlier and you copied his `struct lws_udp`, you -use the .sa and .salen members as the last two parameters of the sendto(). - -The kernel may not accept to buffer / write everything you wanted to send. -So you are responsible to watch the result of sendto() and resend the -unsent part next time (which may involve adding new protocol headers to -the remainder depending on what you are doing). - @section ecdh ECDH Support ECDH Certs are now supported. Enable the CMake option @@ -915,7 +598,7 @@ Returning nonzero from the callback will close the wsi. SMP support is integrated into LWS without any internal threading. It's very simple to use, libwebsockets-test-server-pthread shows how to do it, -use -j n argument there to control the number of service threads up to 32. +use -j argument there to control the number of service threads up to 32. Two new members are added to the info struct @@ -945,86 +628,35 @@ You can set fd_limit_per_thread to a nonzero number to control this manually, eg the overall supported fd limit is less than the process allowance. You can control the context basic data allocation for multithreading from Cmake -using -DLWS_MAX_SMP=, if not given it's set to 1. The serv_buf allocation +using -DLWS_MAX_SMP=, if not given it's set to 32. The serv_buf allocation for the threads (currently 4096) is made at runtime only for active threads. Because lws will limit the requested number of actual threads supported according to LWS_MAX_SMP, there is an api lws_get_count_threads(context) to discover how many threads were actually allowed when the context was created. -See the test-server-pthreads.c sample for how to use. - -@section smplocking SMP Locking Helpers - -Lws provide a set of pthread mutex helpers that reduce to no code or -variable footprint in the case that LWS_MAX_SMP == 1. - -Define your user mutex like this - -``` - lws_pthread_mutex(name); -``` - -If LWS_MAX_SMP > 1, this produces `pthread_mutex_t name;`. In the case -LWS_MAX_SMP == 1, it produces nothing. - -Likewise these helpers for init, destroy, lock and unlock - - -``` - void lws_pthread_mutex_init(pthread_mutex_t *lock) - void lws_pthread_mutex_destroy(pthread_mutex_t *lock) - void lws_pthread_mutex_lock(pthread_mutex_t *lock) - void lws_pthread_mutex_unlock(pthread_mutex_t *lock) -``` - -resolve to nothing if LWS_MAX_SMP == 1, otherwise produce the equivalent -pthread api. +It's required to implement locking in the user code in the same way that +libwebsockets-test-server-pthread does it, for the FD locking callbacks. -pthreads is required in lws only if LWS_MAX_SMP > 1. +There is no knowledge or dependency in lws itself about pthreads. How the +locking is implemented is entirely up to the user code. -@section libevuv libev / libuv / libevent support +@section libevuv Libev / Libuv support You can select either or both -DLWS_WITH_LIBEV=1 -DLWS_WITH_LIBUV=1 - -DLWS_WITH_LIBEVENT=1 at cmake configure-time. The user application may use one of the context init options flags LWS_SERVER_OPTION_LIBEV LWS_SERVER_OPTION_LIBUV - LWS_SERVER_OPTION_LIBEVENT - -to indicate it will use one of the event libraries at runtime. - -libev and libevent headers conflict, they both define critical constants like -EV_READ to different values. Attempts to discuss clearing that up with both -libevent and libev did not get anywhere useful. Therefore CMakeLists.txt will -error out if you enable both LWS_WITH_LIBEV and LWS_WITH_LIBEVENT. - -In addition depending on libev / compiler version, building anything with libev -apis using gcc may blow strict alias warnings (which are elevated to errors in -lws). I did some googling at found these threads related to it, the issue goes -back at least to 2010 on and off -https://github.com/redis/hiredis/issues/434 -https://bugs.gentoo.org/show_bug.cgi?id=615532 -http://lists.schmorp.de/pipermail/libev/2010q1/000916.html -http://lists.schmorp.de/pipermail/libev/2010q1/000920.html -http://lists.schmorp.de/pipermail/libev/2010q1/000923.html +to indicate it will use either of the event libraries. -We worked around this problem by disabling -Werror on the parts of lws that -use libev. FWIW as of Dec 2019 using Fedora 31 libev 4.27.1 and its gcc 9.2.1 -doesn't seem to trigger the problem even without the workaround. - -For these reasons and the response I got trying to raise these issues with -them, if you have a choice about event loop, I would gently encourage you -to avoid libev. Where lws uses an event loop itself, eg in lwsws, we use -libuv. @section extopts Extension option control from user code @@ -1096,41 +728,7 @@ prepare the client SSL context for the vhost after creating the vhost, since this is not normally done if the vhost was set up to listen / serve. Call the api lws_init_vhost_client_ssl() to also allow client SSL on the vhost. -@section clipipe Pipelining Client Requests to same host - -If you are opening more client requests to the same host and port, you -can give the flag LCCSCF_PIPELINE on `info.ssl_connection` to indicate -you wish to pipeline them. - -Without the flag, the client connections will occur concurrently using a -socket and tls wrapper if requested for each connection individually. -That is fast, but resource-intensive. - -With the flag, lws will queue subsequent client connections on the first -connection to the same host and port. When it has confirmed from the -first connection that pipelining / keep-alive is supported by the server, -it lets the queued client pipeline connections send their headers ahead -of time to create a pipeline of requests on the server side. - -In this way only one tcp connection and tls wrapper is required to transfer -all the transactions sequentially. It takes a little longer but it -can make a significant difference to resources on both sides. -If lws learns from the first response header that keepalive is not possible, -then it marks itself with that information and detaches any queued clients -to make their own individual connections as a fallback. - -Lws can also intelligently combine multiple ongoing client connections to -the same host and port into a single http/2 connection with multiple -streams if the server supports it. - -Unlike http/1 pipelining, with http/2 the client connections all occur -simultaneously using h2 stream multiplexing inside the one tcp + tls -connection. - -You can turn off the h2 client support either by not building lws with -`-DLWS_WITH_HTTP2=1` or giving the `LCCSCF_NOT_H2` flag in the client -connection info struct `ssl_connection` member. @section vhosts Using lws vhosts @@ -1290,15 +888,6 @@ This allocation is only deleted / replaced when the connection accesses a URL region with a different protocol (or the default protocols[0] if no CALLBACK area matches it). -This "binding connection to a protocol" lifecycle in managed by -`LWS_CALLBACK_HTTP_BIND_PROTOCOL` and `LWS_CALLBACK_HTTP_DROP_PROTOCOL`. -Because of HTTP/1.1 connection pipelining, one connection may perform -many transactions, each of which may map to different URLs and need -binding to different protocols. So these messages are used to -create the binding of the wsi to your protocol including any -allocations, and to destroy the binding, at which point you should -destroy any related allocations. - @section BINDTODEV SO_BIND_TO_DEVICE The .bind_iface flag in the context / vhost creation struct lets you @@ -1341,7 +930,7 @@ also add this to your own html easily - include lws-common.js from your HEAD section - \ + - dim the page during initialization, in a script section on your page @@ -1354,20 +943,3 @@ also add this to your own html easily - in your ws onClose(), reapply the dimming lws_gray_out(true,{'zindex':'499'}); - -@section errstyle Styling http error pages - -In the code, http errors should be handled by `lws_return_http_status()`. - -There are basically two ways... the vhost can be told to redirect to an "error -page" URL in response to specifically a 404... this is controlled by the -context / vhost info struct (`struct lws_context_creation_info`) member -`.error_document_404`... if non-null the client is redirected to this string. - -If it wasn't redirected, then the response code html is synthesized containing -the user-selected text message and attempts to pull in `/error.css` for styling. - -If this file exists, it can be used to style the error page. See -https://libwebsockets.org/git/badrepo for an example of what can be done ( -and https://libwebsockets.org/error.css for the corresponding css). - diff --git a/READMEs/README.esp32.md b/README.esp32.md similarity index 66% rename from READMEs/README.esp32.md rename to README.esp32.md index 1abcfb6..6f64891 100644 --- a/READMEs/README.esp32.md +++ b/README.esp32.md @@ -1,8 +1,6 @@ ESP32 Support ============= -See \ref esp32 for details on how to build lws as a component in an ESP-IDF project. - Lws provides a "factory" application https://github.com/warmcat/lws-esp32-factory @@ -23,15 +21,3 @@ Factory Reset or Uninitialized|Factory|AP: ESP_012345|80|http://192.168.4.1|fact User configuration|Factory|AP: config-model-serial|443|https://192.168.4.1|index.html - user set up his AP information Operation|OTA|Station only|443|https://model-serial.local|OTA application -## Basic Auth - -The lws-esp32-test-server-demos app also demos basic auth. - -On a normal platform this is done by binding a mount to a text file somewhere in the filesystem, which -contains user:password information one per line. - -On ESP32 there is not necessarily any generic VFS in use. So instead, the basic auth lookup is bound to -a given nvs domain, where the username is the key and the password the value. main/main.c in the test -demos app shows how to both make the mount use basic auth, and how to set a user:password combination -using nvs. - diff --git a/README.esp8266.md b/README.esp8266.md new file mode 100644 index 0000000..ffcf757 --- /dev/null +++ b/README.esp8266.md @@ -0,0 +1,34 @@ +ESP8266 lws port +---------------- + +lws can now work well on the ESP8266. + +You should get the ESP8266 Espressif SDK-based project here + +https://github.com/lws-team/esplws + +which includes lws as an "app" in the build. The project provides full AP-based setup over the web, and once the device has been configured to associate to a local AP, a separate station vhost with the lws test protocols. + +Instructions for building that are here + +https://github.com/lws-team/esplws/blob/master/README.md + +There are also instructions there for how to remove the test apps from the build and customize your own station content. + + +Information about lws integration on ESP8266 +-------------------------------------------- + +The following existing lws features are used to make a nice integration: + + - vhosts: there are separate vhosts for the configuration AP mode and the normal station mode. + + - file_ops: the lws file operations are overridden and handled by a ROMFS parser + + - mounts: mounts are used to serve files automatically from the ROMFS + + - plugins: standalone protocol plugins are included into the build, so there are clean individual implementations for each protocol, while everything is statically linked + + - lws stability and security features like bytewise parsers, sophisticated timeouts, http/1.1 keepalive support + + diff --git a/READMEs/README.generic-sessions.md b/README.generic-sessions.md similarity index 100% rename from READMEs/README.generic-sessions.md rename to README.generic-sessions.md diff --git a/READMEs/README.generic-table.md b/README.generic-table.md similarity index 100% rename from READMEs/README.generic-table.md rename to README.generic-table.md diff --git a/README.lws-meta.md b/README.lws-meta.md new file mode 100644 index 0000000..dbca4c0 --- /dev/null +++ b/README.lws-meta.md @@ -0,0 +1,192 @@ +# lws-meta protocol + +lws-meta is a lightweight ws subprotocol that accepts other ws connections +to the same server inside it and multiplexes their access to the connection. + +``` + Client Server + + conn1: \ / :conn1 + conn2: = mux ------ lws-meta ws protocol ----- mux = :conn2 + conn3: / \ :conn3 +``` + +You may have n client ws connections back to the server, but you now +only have one tcp connection (and one SSL wrapper if using SSL) instead +of n of those. + +If you currently make multiple ws connections back to the server, so you +can have different protocols active in one webpage, this if for you. + + - The subprotocol code for the connections inside a lws-meta connection + need zero changes from being a normal ws connection. It is unaware + it is inside an lws-meta parent connection. + + - The traffic on the lws-meta connection is indistinguishable from + standard ws traffic, so intermediaries won't object to it + + - The multiplexing is done in the protocol, **not by an extension**. So + it's compatible with all browsers. + + - Javascript helper code is provided to very simply use lws-meta + protocol instead of direct connections. The lws test server has + been converted to use this by default. + +# Converting your server + +1) include the provided lws-meta plugin (plugins/protocl_lws_meta.c) as an +active protocol for your server. You can do that using runtime plugins, or +include the plugin sources into your server at build-time. The lws test +server uses the latter approach. + +That's all you need to do on the server side. + +# Converting your browser JS + +1) import lws-common.js + +2) Instantiate a parent lws-meta connection object + +``` +var lws_meta = new lws_meta_ws(); +``` + +3) Connect the lws-meta object to your server + +``` +lws_meta.new_parent(get_appropriate_ws_url("?mirror=" + mirror_name)); +``` + +4) Convert your actual ws connections to go via the lws_meta object + +``` +var my_ws = lws_meta.new_ws("", "dumb-increment-protocol"); +``` + +The first arg is the URL path, the second arg is the ws protocol you want. + +That's it. my_ws will get `onopen()`, `onmessage()` etc calls as before. + +# lws-meta wire protocol + +lws-meta works by adding some bytes at the start of a message indicating +which channel the message applies to. + +Channel messages are atomic on the wire. The reason is if we tried to +intersperse other channel fragments between one channels message fragments, +an intermediary would observe violations of the ws framing rule about +having to start a message with TEXT or BINARY, and use only CONTINUATION +for the subsequent fragments. Eg + +``` + [ ch1 TEXT NOFIN ] [ ch2 BINARY FIN ] [ ch1 CONTINUATION FIN ] +``` + +is illegal to an observer that doesn't understand lws-meta headers in the +packet payloads. So to avoid this situation, only complete messages may +be sent from one subchannel in each direction at a time. + +Consequently, only the first fragment of each message is modified to +have the extra two bytes identifying the subchannel it is aimed at, since +the rest of the message from the same subchannel is defined to follow. + +If it makes latencies, modify the protocol sending large messages to +send smaller messages, so the transmission of messages from other channels +can be sent inbetween the smaller messages. + +## lws-meta commands + +1) CSTRING indicates a string terminated by 0x00 byte + +2) Channel IDs are sent with 0x20 added to them, to guarantee valid UTF-8 + +### 0x41: RX: LWS_META_CMD_OPEN_SUBCHANNEL + + - CSTRING: protocol name + - CSTRING: url + - CSTRING: cookie (7 bytes max) + +Client is requesting to open a new channel with the given protocol name, +at the given url. The cookie (eg, channel name) is only used in +LWS_META_CMD_OPEN_RESULT, when the channel id is assigned, so it is +applied to the right channel. + +### 0x42: TX: LWS_META_CMD_OPEN_RESULT + + - CSTRING cookie + - BYTE channel id (0 indicates failed) + - CSTRING: selected protocol name + +The server is informing the client of the results of a previous +open request. The cookie the client sent to identify the request +is returned along with a channel id to be used subsequently. If +the channel ID is 0 (after subtracting the transport offset of +0x20) then the open request has failed. + +### 0x43: TX: LWS_META_CMD_CLOSE_NOTIFY + + - BYTE channel id + - BYTE: payload length + 0x20 + - BYTE: close code MSB + - BYTE: close code LSB + - PAYLOAD: payload (< 123 bytes) + +Server notifies the client that a child has closed, for whatever reason. + +### 0x44: RX: LWS_META_CMD_CLOSE_RQ + - BYTE: channel id + - BYTE: payload length + 0x20 + - BYTE: close code MSB + - BYTE: close code LSB + - PAYLOAD: payload (< 123 bytes) + +The client requests to close a child connection + +### 0x45: TX: LWS_META_CMD_WRITE + + - BYTE: channel id + +Normal write of payload n from lws-meta perspective is actually +LWS_META_CMD_WRITE, channel id, then (n - 2) bytes of payload + +The command only appears at the start of a message, continuations do +not have the command. + +## Protocol Notes + + - Once the subchannel is up, overhead is only +2 bytes per message + + - Close reasons are supported in both directions + + - Ping and Pong are only supported at the lws-meta level, using normal ws ping and pong packets. + + - Only the final close of the tcp lws-meta connection itself goes out as + a normal ws close frame. Subchannels close is done in a normal TEXT + message using LWS_META_CMD_CLOSE_RQ and then the close packet payload. + This is so intermediaries do not mistake subchannel closures for the + tcp / ws link going down. + + Messages that start with LWS_META_CMD_OPEN_SUBCHANNEL only contain those + commands but may contain any number of them for the whole duration of the + message. The lws-meta js support collects child open requests made before + the parent lws-meta connection is open, and dumps them all in a single + message when it does open. + + Messages that start with LWS_META_CMD_OPEN_RESULT or LWS_META_CMD_CLOSE_NOTIFY + only contain those two commands, but they may contain any number of them + for the whole duration of the message. + + +# Current Implemention Limitations + + - only server side is supported in lws. The client side JS for + a browser is supported. + + - max number of child connections per parent at the moment is 8 + + - child connection URL paramter when opening the connection is + ignored + + - there is no ah attached when the child connections are + established inside the lws-meta parent. So header access + functions will fail. diff --git a/READMEs/README.lwsws.md b/README.lwsws.md similarity index 75% rename from READMEs/README.lwsws.md rename to README.lwsws.md index d2006b3..04ba81a 100644 --- a/READMEs/README.lwsws.md +++ b/README.lwsws.md @@ -41,8 +41,8 @@ There is a single file intended for global settings { "global": { - "username": "apache", - "groupname": "apache", + "uid": "48", # apache user + "gid": "48", # apache user "count-threads": "1", "server-string": "myserver v1", # returned in http headers "ws-pingpong-secs": "200", # confirm idle established ws connections this often @@ -79,12 +79,6 @@ on port 7681, non-SSL is provided. To set it up # sudo lwsws ``` -@section lwswsacme Using Letsencrypt or other ACME providers - -Lws supports automatic provisioning and renewal of TLS certificates. - -See ./READMEs/README.plugin-acme.md for examples of how to set it up on an lwsws vhost. - @section lwsogo Other Global Options - `reject-service-keywords` allows you to return an HTTP error code and message of your choice @@ -188,7 +182,7 @@ Vhosts can select which plugins they want to offer and give them per-vhost setti ``` The "x":"y" parameters like "status":"ok" are made available to the protocol during its per-vhost -LWS_CALLBACK_PROTOCOL_INIT (in is a pointer to a linked list of struct lws_protocol_vhost_options +LWS_CALLBACK_PROTOCOL_INIT (@in is a pointer to a linked list of struct lws_protocol_vhost_options containing the name and value pointers). To indicate that a protocol should be used when no Protocol: header is sent @@ -202,18 +196,6 @@ by the client, you can use "default": "1" }] ``` -Similarly, if your vhost is serving a raw protocol, you can mark the protocol -to be selected using "raw": "1" -``` - "ws-protocols": [{ - "warmcat-timezoom": { - "status": "ok", - "raw": "1" - } - }] -``` - -See also "apply-listen-accept" below. @section lwswsovo Lwsws Other vhost options @@ -223,27 +205,19 @@ See also "apply-listen-accept" below. - `keeplive-timeout` (in secs) defaults to 60 for lwsws, it may be set as a vhost option - - `interface` lets you specify which network interface to listen on, if not given listens on all. If the network interface is not usable (eg, ethernet cable out) it will be logged at startup with such vhost not listening, and lws will poll for it and bind a listen socket to the interface if and when it becomes available. + - `interface` lets you specify which network interface to listen on, if not given listens on all - "`unix-socket`": "1" causes the unix socket specified in the interface option to be used instead of an INET socket - - "`unix-socket-perms`": "user:group" allows you to control the unix permissons on the listening unix socket. It's always get to `0600` mode, but you can control the user and group for the socket fd at creation time. This allows you to use unix user and groups to control who may open the other end of the unix socket on the local system. - - "`sts`": "1" causes lwsws to send a Strict Transport Security header with responses that informs the client he should never accept to connect to this address using http. This is needed to get the A+ security rating from SSL Labs for your server. - "`access-log`": "filepath" sets where apache-compatible access logs will be written - `"enable-client-ssl"`: `"1"` enables the vhost's client SSL context, you will need this if you plan to create client conections on the vhost that will use SSL. You don't need it if you only want http / ws client connections. - - "`ciphers`": "" OPENSSL only: sets the allowed list of TLS <= 1.2 ciphers and key exchange protocols for the serving SSL_CTX on the vhost. The default list is restricted to only those providing PFS (Perfect Forward Secrecy) on the author's Fedora system. + - "`ciphers`": "" sets the allowed list of ciphers and key exchange protocols for the vhost. The default list is restricted to only those providing PFS (Perfect Forward Secrecy) on the author's Fedora system. - If you need to allow weaker ciphers, you can provide an alternative list here per-vhost. - - - "`client-ssl-ciphers`": "" OPENSSL only: sets the allowed list of <= TLS1.2 ciphers and key exchange protocols for the client SSL_CTX on the vhost - - - "`tls13-ciphers`": "" OPENSSL 1.1.1+ only: sets allowed list of TLS1.3+ ciphers and key exchange protocols for the client SSL_CTX on the vhost. The default is to allow all. - - - "`client-tls13-ciphers`": "" OPENSSL 1.1.1+ only: sets the allowed list of TLS1.3+ ciphers and key exchange protocols for the client SSL_CTX on the vhost. The default is to allow all. + If you need to allow weaker ciphers,you can provide an alternative list here per-vhost. - "`ecdh-curve`": "" The default ecdh curve is "prime256v1", but you can override it here, per-vhost @@ -267,8 +241,6 @@ See also "apply-listen-accept" below. - "`ssl-option-clear'": "" Clears the SSL option flag value for the vhost. It may be used multiple times and OR's the flags together. - - "`ssl-client-option-set`" and "`ssl-client-option-clear`" work the same way for the vhost Client SSL context - - "`headers':: [{ "header1": "h1value", "header2": "h2value" }] allows you to set arbitrary headers on every file served by the vhost @@ -285,8 +257,6 @@ recommended vhost headers for good client security are ``` - - "`apply-listen-accept`": "on" This vhost only serves a non-http protocol, specified in "listen-accept-role" and "listen-accept-protocol" - @section lwswsm Lwsws Mounts Where mounts are given in the vhost definition, then directory contents may @@ -351,7 +321,7 @@ provide them using "pmo" }] } -2) When using a cgi:// protocol origin at a mountpoint, you may also give cgi environment variables specific to the mountpoint like this +2) When using a cgi:// protcol origin at a mountpoint, you may also give cgi environment variables specific to the mountpoint like this ``` { "mountpoint": "/git", @@ -420,7 +390,7 @@ Content-Type: header. 7) A mount can be protected by HTTP Basic Auth. This only makes sense when using https, since otherwise the password can be sniffed. -You can add a `basic-auth` entry on an http mount like this +You can add a `basic-auth` entry on a mount like this ``` { @@ -446,77 +416,6 @@ The file should be readable by lwsws, and for a little bit of extra security not have a file suffix, so lws would reject to serve it even if it could find it on a mount. -After successful authentication, `WSI_TOKEN_HTTP_AUTHORIZATION` contains the -authenticated username. - -In the case you want to also protect being able to connect to a ws protocol on -a particular vhost by requiring the http part can authenticate using Basic -Auth before the ws upgrade, this is also possible. In this case, the -"basic-auth": and filepath to the credentials file is passed as a pvo in the -"ws-protocols" section of the vhost definition. - -@section lwswscc Requiring a Client Cert on a vhost - -You can make a vhost insist to get a client certificate from the peer before -allowing the connection with - -``` - "client-cert-required": "1" -``` - -the connection will only proceed if the client certificate was signed by the -same CA as the server has been told to trust. - -@section rawconf Configuring Fallback and Raw vhosts - -Lws supports some unusual modes for vhost listen sockets, which may be -configured entirely using the JSON per-vhost config language in the related -vhost configuration section. - -There are three main uses for them - -1) A vhost bound to a specific role and protocol, not http. This binds all -incoming connections on the vhost listen socket to the "raw-proxy" role and -protocol "myprotocol". - -``` - "listen-accept-role": "raw-proxy", - "listen-accept-protocol": "myprotocol", - "apply-listen-accept": "1" -``` - -2) A vhost that wants to treat noncompliant connections for http or https as - belonging to a secondary fallback role and protocol. This causes non-https - connections to an https listener to stop being treated as https, to lose the - tls wrapper, and bind to role "raw-proxy" and protocol "myprotocol". For - example, connect a browser on your external IP :443 as usual and it serves - as normal, but if you have configured the raw-proxy to portforward - 127.0.0.1:22, then connecting your ssh client to your external port 443 will - instead proxy your sshd over :443 with no http or tls getting in the way. - -``` - "listen-accept-role": "raw-proxy", - "listen-accept-protocol": "myprotocol", - "fallback-listen-accept": "1", - "allow-non-tls": "1" -``` - -3) A vhost wants to either redirect stray http traffic back to https, or to - actually serve http on an https listen socket (this is not recommended - since it allows anyone to drop the security assurances of https by - accident or design). - -``` - "allow-non-tls": "1", - "redirect-http": "1", -``` - -...or, - -``` - "allow-non-tls": "1", - "allow-http-on-https": "1", -``` @section lwswspl Lwsws Plugins @@ -677,26 +576,3 @@ Prepare the log directory like this sudo mkdir /var/log/lwsws sudo chmod 700 /var/log/lwsws ``` - -@section lwswsgdb Debugging lwsws with gdb - -Hopefully you won't need to debug lwsws itself, but you may want to debug your plugins. start lwsws like this to have everything running under gdb - -``` -sudo gdb -ex "set follow-fork-mode child" -ex "run" --args /usr/local/bin/lwsws - -``` - -this will give nice backtraces in lwsws itself and in plugins, if they were built with symbols. - -@section lwswsvgd Running lwsws under valgrind - -You can just run lwsws under valgrind as usual and get valid results. However the results / analysis part of valgrind runs -after the plugins have removed themselves, this means valgrind backtraces into plugin code is opaque, without -source-level info because the dynamic library is gone. - -There's a simple workaround, use LD_PRELOAD= before running lwsws, this has the loader bring the plugin -in before executing lwsws as if it was a direct dependency. That means it's still mapped until the whole process -exits after valgtind has done its thing. - - diff --git a/README.md b/README.md index aa3ed30..107ae48 100644 --- a/README.md +++ b/README.md @@ -1,299 +1,26 @@ -[![Travis Build Status](https://travis-ci.org/warmcat/libwebsockets.svg)](https://travis-ci.org/warmcat/libwebsockets) [![Appveyor Build status](https://ci.appveyor.com/api/projects/status/qfasji8mnfnd2r8t?svg=true)](https://ci.appveyor.com/project/lws-team/libwebsockets) [![Coverity Scan Build Status](https://scan.coverity.com/projects/3576/badge.svg)](https://scan.coverity.com/projects/3576) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/2266/badge)](https://bestpractices.coreinfrastructure.org/projects/2266) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/144fb195a83046e484a75c8b4c6cfc99)](https://www.codacy.com/app/lws-team/libwebsockets?utm_source=github.com&utm_medium=referral&utm_content=warmcat/libwebsockets&utm_campaign=Badge_Grade) +[![Travis Build Status](https://travis-ci.org/warmcat/libwebsockets.svg)](https://travis-ci.org/warmcat/libwebsockets) +[![Appveyor Build status](https://ci.appveyor.com/api/projects/status/qfasji8mnfnd2r8t?svg=true)](https://ci.appveyor.com/project/lws-team/libwebsockets) +[![Coverity Scan Build Status](https://scan.coverity.com/projects/3576/badge.svg)](https://scan.coverity.com/projects/3576) -# Libwebsockets - -Libwebsockets is a simple-to-use, pure C library providing client and server -for **http/1**, **http/2**, **websockets** and other protocols in a security-minded, -lightweight, configurable, scalable and flexible way. It's easy to build and -cross-build via cmake and is suitable for tasks from embedded RTOS through mass -cloud serving. - -[50 minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples) for -various scenarios, CC0-licensed (public domain) for cut-and-paste, allow you to get started quickly. - -![overview](./doc-assets/lws-overview.png) +libwebsockets +------------- News ---- -## V3.2 relase last planned LGPLv2.1+SLE release - -As foretold the v3.2 release is the last planned release that will have the code -under LGPLv2.1+SLE. Master has those parts changed to MIT license; the pieces -that were CC0 or another liberal license remain the same. - -## License change plan - -Lws is planning to change the pieces that are currently LGPLv2.1+SLE to MIT -https://opensource.org/licenses/MIT . Stuff that is already CC0 or another -permissive license will stay as it is. - -This license change is making an already permissive license (it was already LGPL, -and the SLE removed most restrictions already) even more permissive. -So I expect most contributors either don't much care or are happy about it. -Contributors who object should contact me via: - - - the lws mailing list https://libwebsockets.org/mailman/listinfo/libwebsockets - - github issue https://github.com/warmcat/libwebsockets , or - - email to `andy@warmcat.com` - -...before **Aug 11 2019**, and I'll rewrite the related code before the change. -There'll be a last release of the currently-licensed stuff (probably v3.2) and -then the same code will have the licese grant changed in the sources, become -master and also have an otherwise identical release, probably v4.0. The v3.2 -stuff won't be maintained (by me anyway... it's FOSS though) but the v4.0 -stuff which is the same except the license will get the usual v4.0-stable -treatment. - -Even after the change I will continue to rely on users to help me with bug -reports and patches, work together on new features. The license will no -longer require it but the practical advantages from staying aligned with -upstream lws for users remain the same. - -## New features on master - - - `LWS_WITH_NETWORK` cmake option (default on) allows one-step removal of vhost, - wsi, roles, event loop and all network-related code from the build. This - enables use-cases where you actually need unrelated features like JOSE or FTS - compactly. lws_context still exists and if tls is enabled, the tls-related code - is still built so the crypto is available, just nothing related to network. - - - New Crypto-agile APIs + JOSE / JWS / JWE / JWK support... apis work exactly - the same with OpenSSL or mbedTLS tls library backends, and allow key cycling - and crypto algorithm changes while allowing for grace periods - - [README.crypto-apis](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.crypto-apis.md) - - - CMake config simplification for crypto: `-DLWS_WITH_GENCRYPTO=1` for all - generic cipher and hash apis built (which work the same on mbedtls and - OpenSSL transparently), and `-DLWS_WITH_JOSE=1` for all JOSE, JWK, JWS - and JWE support built (which use gencrypto and so also work the same - regardless of tls library backend). - - - **`x.509`** - new generic x509 api allows PEM-based certificate and key - trust relationship verification, and conversion between x.509 keys and - JWK. Works for EC and RSA keys, and on mbedtls and OpenSSl the same. - - [x.509 api](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-x509.h), - [x.509 minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-x509) - - - **`JWE`** - JWE (RFC7516) Algorithms with CI tests: - -|Key Encryption|Payload authentication + crypt|Enc + Dec Support| -|---|---|---| -|`RSAES-PKCS1-v1.5` 2048b & 4096b|`AES_128_CBC_HMAC_SHA_256`|Enc + Dec| -|`RSAES-PKCS1-v1.5` 2048b|`AES_192_CBC_HMAC_SHA_384`|Enc + Dec| -|`RSAES-PKCS1-v1.5` 2048b|`AES_256_CBC_HMAC_SHA_512`|Enc + Dec| -|`RSAES-OAEP`|`AES_256_GCM`|Enc + Dec| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_128_CBC_HMAC_SHA_256`|Enc + Dec| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_192_CBC_HMAC_SHA_384`|Enc + Dec| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_256_CBC_HMAC_SHA_512`|Enc + Dec| -|`ECDH-ES` (P-256/384/521 key)|`AES_128/192/256_GCM`|Enc + Dec| -|`ECDH-ES+A128/192/256KW` (P-256/384/521 key)|`AES_128/192/256_GCM`|Enc + Dec| - -All tests pass on both OpenSSL and mbedTLS backends, using keys generated on -both OpenSSL and mbedTLS in the tests. - -A minimal example tool shows how to encrypt and decrypt compact JWE objects -from the commandline for all supported algorithms. - - [jwe api](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jwe.h), - [jwe unit tests](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-jose/jwe.c), - [jwe minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) - - - **`lws-genec` ECDSA** - JWS-compatible ECDSA is supported on both OpenSSL and mbedtls. - - - **`JWS`** - JWS (RFC7515) is now supported for none, HS256/384/512, RS256/384/512, and ES256/384/512, on both OpenSSL and mbedtls. There's a minimal example tool that signs and verifies compact - representation JWS from stdin. - [jws api](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jws.h), - [jws unit tests](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-jose/jws.c), - [jws minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) - - - **`JWK`** - JWK (RFC7517) now supports oct, RSA and EC keys including JSON key - arrays on both OpenSSL and mbedtls. A minimal example tool shows how to create - new JSON JWK keys to specified parameters from the commandline for all supported - ciphers. - - [jwk minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwk) - - - **`lws-genrsa` OAEP + PSS support** - in addition to PKCS#1 1.5 padding, OAEP and PSS are - now supported on both mbedtls and openssl backends. - - - **`lws-genaes` Generic AES crypto** - thin api layer works identically with both mbedtls and openssl - backends. Supports CBC, CFB128, CFB8, CTR, ECB, OFB, XTS and GCM variants. Unit tests in CI. - [genaes api](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genaes.h), - [api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-gencrypto), - CMake config: `-DLWS_WITH_GENCRYPTO=1` - - - **http fallback support** - you can specify a role and protocol to apply if non-http or non-tls - packets arrive at an http(s) listen port. For example, you can specify that the new `raw proxy` - role + protocol should be used, to proxy your sshd port over :443 or :80. Without affecting - normal http(s) serving on those ports but allowing, eg, `ssh -p 443 invalid@libwebsockets.org`. - [http fallback docs](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.http-fallback.md) - - - **raw tcp proxy role and protocol** - adding raw tcp proxying is now trivial using the built-in lws - implementation. You can control the onward connection using a pvo in the format "ipv4:server.com:port" - [raw proxy minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/raw/minimal-raw-proxy), - [raw proxy docs](https://libwebsockets.org/git/libwebsockets/tree/plugins/raw-proxy), - Cmake config: `-DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_PLUGINS=1` - - - **deaddrop HTML file upload protocol** - protocol and minimal example for file upload and sharing using - drag and drop and a file picker. Integrated with basic auth, uploaded files marked with upload user, - and files owned by the authenticated user may be deleted via the UI. Supports multiple simultaneous - uploads both by drag-and-drop and from the file picker. - [deaddrop minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/http-server/minimal-http-server-deaddrop) - - - **basic auth for ws(s)** - You can apply basic auth credential requirement to ws connections same - as on mounts now. Just add a pvo "basic-auth" with the value being the credentials file path when - enabling the ws protocol for the vhost. +v2.3 is out... see the changelog https://github.com/warmcat/libwebsockets/blob/v2.3-stable/changelog -## v3.1 released: new features in v3.1 +ESP32 is now supported in lws! Download the - - **lws threadpool** - lightweight pool of pthreads integrated to lws wsi, with all - synchronization to event loop handled internally, queue for excess tasks - [threadpool docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/threadpool), - [threadpool minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/ws-server/minimal-ws-server-threadpool), - Cmake config: `-DLWS_WITH_THREADPOOL=1` + - factory https://github.com/warmcat/lws-esp32-factory and + - test server app https://github.com/warmcat/lws-esp32-test-server-demos - - **libdbus support** integrated on lws event loop - [lws dbus docs](https://libwebsockets.org/git/libwebsockets/tree/lib/roles/dbus), - [lws dbus client minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-client), - [lws dbus server minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-server), - Cmake config: `-DLWS_ROLE_DBUS=1` - - - **lws allocated chunks (lwsac)** - helpers for optimized mass allocation of small - objects inside a few larger malloc chunks... if you need to allocate a lot of - inter-related structs for a limited time, this removes per-struct allocation - library overhead completely and removes the need for any destruction handling - [lwsac docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/lwsac), - [lwsac minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lwsac), - Cmake Config: `-DLWS_WITH_LWSAC=1` - - - **lws tokenizer** - helper api for robustly tokenizing your own strings without - allocating or adding complexity. Configurable by flags for common delimiter - sets and comma-separated-lists in the tokenizer. Detects and reports syntax - errors. - [lws_tokenize docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-tokenize.h), - [lws_tokenize minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lws_tokenize) - - - **lws full-text search** - optimized trie generation, serialization, - autocomplete suggestion generation and instant global search support extensible - to huge corpuses of UTF-8 text while remaining super lightweight on resources. - [full-text search docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/fts), - [full-text search minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-fts), - [demo](https://libwebsockets.org/ftsdemo/), - [demo sources](https://libwebsockets.org/git/libwebsockets/tree/plugins/protocol_fulltext_demo.c), - Cmake config: `-DLWS_WITH_FTS=1 -DLWS_WITH_LWSAC=1` - - - **gzip + brotli http server-side compression** - h1 and h2 detection of client support - for server compression, and auto-application to files with mimetypes "text/*", - "application/javascript" and "image/svg.xml". - Cmake config: `-DLWS_WITH_HTTP_STREAM_COMPRESSION=1` for gzip, optionally also give - `-DLWS_WITH_HTTP_BROTLI=1` for preferred `br` brotli compression - - - **managed disk cache** - API for managing a directory containing cached files - with hashed names, and automatic deletion of LRU files once the cache is - above a given limit. - [lws diskcache docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-diskcache.h), - Cmake config: `-DLWS_WITH_DISKCACHE=1` - - - **http reverse proxy** - lws mounts support proxying h1 or h2 requests to - a local or remote IP, or unix domain socket over h1. This allows microservice - type architectures where parts of the common URL space are actually handled - by external processes which may be remote or on the same machine. - [lws gitohashi serving](https://libwebsockets.org/git/) is handled this way. - [unix domain sockets reverse proxy docs](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.unix-domain-reverse-proxy.md), - CMake config: `-DLWS_WITH_HTTP_PROXY=1` and `-DLWS_UNIX_SOCK=1` for Unix Domain Sockets - - - **update minimal examples for strict Content Security Policy** the minimal - examples now show the best practices around Content Security Policy and - disabling inline Javascript. Updated examples that are served with the - recommended security restrictions show a new "Strict Content Security Policy" - graphic. [Read how to upgrade your applications to use a strict CSP](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.content-security-policy.md). - - - **release policy docs** - unsure what branch, version or tag to use, or how - to follow master cleanly? [Read the release policy docs](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.release-policy.md) - which explain how and why lws is developed, released and maintained. - -## v3.0.1 released - -See the git log for the list of fixes. - -## v3.0.0 released - -See the changelog for info https://libwebsockets.org/git/libwebsockets/tree/changelog?h=v3.0-stable - -## Major CI improvements for QA - -The Travis build of lws done on every commit now runs: - -Tests|Count|Explanation ----|---|--- -Build / Linux / gcc|16|-Wall -Werror cmake config variants -Build / Mac / Clang|16|-Wall -Werror cmake config variants -Build / Windows / MSVC|7|default -Selftests|openssl:43, mbedtls:43|minimal examples built and run against each other and remote server -attack.sh|225|Correctness, robustness and security tests for http parser -Autobahn Server|480|Testing lws ws client, including permessage-deflate -Autobahn Client|480|Testing lws ws server, including permaessage-deflate -h2spec|openssl:146, mbedtls:146|Http/2 server compliance suite (in strict mode) -h2load|openssl:6, mbedtls:6|Http/2 server load tool (checks 10K / 100K in h1 and h2, at 1, 10, 100 concurrency) -h2load SMP|6|Http/2 and http/1.1 server load checks on SMP server build - -The over 1,500 tests run on every commit take 1hr 15 of compute time to complete. -If any problems are found, it breaks the travis build, generating an email. - -Codacy also checks every patch and the information used to keep lws at zero issues. - -Current master is checked by Coverity at least daily and kept at zero issues. - -Current master passes all the tests and these new CI arrangements will help -keep it that way. - -## Lws has the first official ws-over-h2 server support - -![wss-over-h2](./doc-assets/wss2.png) - -There's a new [RFC](https://tools.ietf.org/html/rfc8441) that enables multiplexing ws connections -over an http/2 link. Compared to making individual tcp and tls connections for -each ws link back to the same server, this makes your site start up radically -faster, and since all the connections are in one tls tunnel, with considerable memory -reduction serverside. - -To enable it on master you just need -DLWS_WITH_HTTP2=1 at cmake. No changes to -existing code are necessary for either http/2 (if you use the official header creation -apis if you return your own headers, as shown in the test apps for several versions) -or to take advantage of ws-over-h2. When built with http/2 support, it automatically -falls back to http/1 and traditional ws upgrade if that's all the client can handle. - -Currently only Chrome Canary v67 supports this ws-over-h2 encapsulation (chrome -must be started with `--enable-websocket-over-http2` switch to enable it currently), -and patches exist for Firefox. Authors of both browser implementations tested -against the lws server implementation. - -## New "minimal examples" - -https://libwebsockets.org/git/libwebsockets/tree/minimal-examples - -These are like the test apps, but focus on doing one thing, the best way, with the -minimum amount of code. For example the minimal-http-server serves the cwd on -http/1 or http/2 in 50 LOC. Same thing with tls is just three more lines. - -They build standalone, so it's easier to copy them directly to start your own project; they -are CC0 licensed (public domain) to facilitate that. - -## Windows binary builds - -32- and 64-bit Windows binary builds are available via Appveyor. Visit -[lws on Appveyor](https://ci.appveyor.com/project/lws-team/libwebsockets), -click on a build, the ARTIFACTS, and unzip the zip file at `C:\Program Files (x86)/libwebsockets`. - -## Support This is the libwebsockets C library for lightweight websocket clients and servers. For support, visit https://libwebsockets.org + https://github.com/warmcat/libwebsockets and consider joining the project mailing list at @@ -301,7 +28,65 @@ and consider joining the project mailing list at You can get the latest version of the library from git: +- https://github.com/warmcat/libwebsockets - https://libwebsockets.org/git Doxygen API docs for master: https://libwebsockets.org/lws-api-doc-master/html/index.html + +After libwebsockets 1.3, tags will be signed using a key corresponding to this public key + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBFRe35QBEADZA7snW7MoEXkT2deDYZeggVD3694dg1o5G4q36NWjC8Pn/b2V +d+L9Nmw8ydKIv8PLJW762rnveQpPYRqCRD8X4bVTYzYz3qsOl5BrYf6cuVn0ZrPB +13TVRg+NZwUaVxc7O+tdOvvEBdA9OCIygctPNK9Nyh53xs5gPHhghZrKVrt0xM1A +2LYsgoHmMBCCY25SHb1nuapvhA3LvuJb4cNNVRCukCoA6yx0uhSEz2AUPJSLqnZ9 +XnNBMKq+1a9C+y7jo4O78upTTmuOmRmNEVAu7pxCSUXDrNa87T8n6vFkV/MiW8nv +VmhppKJrKPJ0KxJF9b7uG6eKosfoK2PKyE7pAoDN1fuNyBTB0dkFAwyTCN8hmhOg +z71QrCltotq/AxSCsKzgFkDBL7D3KUM10QR5kmznjcm8tFWHoSttPR334z/1Yepf +ATqH/tfYydW42qeeHgKjfeegnlI65nTDtwYW6lSqZsXg+/ABg0ki9m5HA6l713ig +gRbVHSNkiz56O+UOqBtfcJZBc8QZqqixq8rbP2Is0HBBEtD+aFMuKx/sQ3ULkQs2 +8dZ5qsGTBT/xHmqpHJsIFX/jwjY5zeEiFbnO5bMH7YLmkjynVsn5zxTyXKQJe29C +Uq0Yd9+JpDhHnZoiz/1hIIBsr89Z4Yy6c59YNJ3yJEOast0ODERcKSaUAQARAQAB +tC9BbmR5IEdyZWVuIChMaW5hcm8ga2V5KSA8YW5keS5ncmVlbkBsaW5hcm8ub3Jn +PokCPQQTAQoAJwUCVF7flAIbAwUJBaOagAULCQgHAwUVCgkICwUWAwIBAAIeAQIX +gAAKCRA8ZxoDS3lTexApD/9WT7JWy3tK33OIACYV40XwLEhRam4Xku4rhtsoIeJK +P0k/wa7J2PpceX6gKV+QBsOx3UbUfpqZ/Mu7ff3M0J6W87XpKRROAmP43zyiBkmM +A6v0pJXozknmCU28p3DuLC8spVDFg9N52xV7Qb+9TDHcTYiVi4swKYuDEuHBC/qa +M69+ANgsGbrMFRypxtU7OEhls3AEo3Cq03xD8QvLjFyPpYp1f0vNRFm2Jjgm2CRe +YLVsCGxG35Dz7DpJHekHNxje6xsZ2w9Q38M0rLQ0ICOVQ+E1Dir3hwmZQWASzMMi ++R0P+MVYpVt5y7KtiLywJ4BzNogS7gY3wQxksJOFA1uuk5h/hO54a361mcdA0Ta5 +HHhGKRw87lVjEQSaRjFZmHFClB+Sb8MuWR51JTzVS5HtJlcNqcWhF63vZ8bZ7b6y +Aj8cXNjH6ULXyX3QnTUWXX/QU3an3yh8iPONWOGP5d5Hi/qejHGIhP2L5H+h05CP +aZQYFLjjebYgEHijuA28eKWsBsoBPFSLpLloHTDkiycgFdV2AkQcxZN9ZElAqURP +xUkEIscQg3YhExGiVEtaxBp1/p/WctMxs5HNoi0Oc97ZUcKvSCz9FDGXX9wYBpRf +gzjNn055Xn4QyxBDnp5DrYT0ft/8BEnRK0JP6z3gNfnhOxZo4XA+M6w4Hjh3tI2A +3rkCDQRUXt+UARAA0yHmONtW3L1HpvWFR+VgVNHa1HBWWk7lMsI6ajeiUK/lN3F/ ++vNbux46bPj/sNT9twbWmYhv6c0yVzCpmv5M5ztefS7mW/zPNLJmCmH32kAvVFr1 +Z90R/X+Z1Uh8wCCU72S2pSIXQFza3LF53pbpKi5m1F2icYcx+35egAvvZVZtcrMu +TjHUa+N9mFKxa7tb5PI8Lv93nRLwB7aKkp5PKy9Yvse0jACrAAGeIpI73H467/wO +ujermKlyPOOv+Lpjd7kedWKdaweitva7FVI20K/afn4AwCI8HJUIqVbil0Yrg9Le +M1TRsRydzMQQejsb/cWi3fQ3U3HxvSJijKltckPMqjJaXbqmrLz3FOA5Km0ciIOB +WW0Qq0WREcS3rc5FHU29duS9OAieAWFYyLDieug4nQ29KQE6I0lMqLnz8vWYtbmw +6AHk9i2GsXOZiPnztuADgt9o9Os8fm7ZiacA1LISl86P7wpFk+Gf4LRvv8Fk08NV +b2K1BY4YC9KP+AynyYQmxmyB1YQCh/dZHiD4ikGKttHAy4ZsMW6IRL5bRP0Z97pA +lyBtXP0cGTJtuPt2feh0zaiA7blZ/IDXkB1UqH6jnTa71d1FeNKtVFi8FhPIREN6 +Rc5imyRxubZEgsxhdjqGgdT5k6Qr42SewAN391ygutpgGizGQtTwzvmKa0UAEQEA +AYkCJQQYAQoADwUCVF7flAIbDAUJBaOagAAKCRA8ZxoDS3lTewuBD/9/rakAMCRC ++WmbUVpCbJSWP5ViH87Xko4ku437gq56whcGjQpxfCYt8oeVgS8fZetUOHs2gspJ +CEc8TYLUFntfyt2AzKU29oQoizPm33W9S1u7aRGWsVVutd2sqUaQUDsl9z35+Ka9 +YcWoATJSWBgnhSAmNcM60OG0P5qrZloTlbRSlDZTSZT3RvY4JWtWCubGsjEpXO4h +ZqbKCu3KgV/6NOuTLciriSOZ/iyva3WsCP2S8mRRvma7x04oMTEWX80zozTCK8gG +XqqS9eDhCkRbdmMyUQbHIhc/ChYchO5+fQ1o0zMS5cv6xgkhWI3NJRUkNdXolH9a +5F9q4CmCTcdEZkqpnjsLNiQLIENfHbgC0A5IjR6YgN6qAP8ZJ5hBgyTfyKkwB7bW +DcCnuoC9R79hkI8nWkoRVou9tdzKxo0bGR6O4CfLj+4d3hpWkv9Rw7Xxygo5JOqN +4cNZGtHkmIFFk9fSXul5rkjfF/XmThIwoI8aHSBZ7j3IMtmkKVkBjNjiTfbgW8RT +XIIR+QQdVLOyJqq+NZC/SrKVQITg0ToYJutRTUJViqyz5b3psJo5o2SW6jcexQpE +cX6tdPyGz3o0aywfJ9dcN6izleSV1gYmXmIoS0cQyezVqTUkT8C12zeRB7mtWsDa ++AWJGq/WfB7N6pPh8S/XMW4e6ptuUodjiA== +=HV8t +-----END PGP PUBLIC KEY BLOCK----- +``` diff --git a/README.problems.md b/README.problems.md new file mode 100644 index 0000000..dfd572a --- /dev/null +++ b/README.problems.md @@ -0,0 +1,43 @@ +Debugging problems +================== + +Library is a component +---------------------- + +As a library, lws is always just a component in a bigger application. + +When users have a problem involving lws, what is happening in the bigger +application is usually critical to understand what is going on (and where the +solution lies). + +Many users are able to share their sources, but others decide not to, for +presumed "commercial advantage" or whatever. (In any event, it can be painful +looking through large chunks of someone else's sources for problems when that +is not the library author's responsibility.) + +This makes answering questions like "what is wrong with my code I am not +going to show you?" or even "what is wrong with my code?" very difficult. + +Even if it's clear there is a problem somewhere, it cannot be understood or +reproduced by anyone else if it needs user code that isn't provided. + +The biggest question is, "is this an lws problem actually"? + + +Use the test apps as sanity checks +---------------------------------- + +The test server and client are extremely useful for sanity checks and debugging +guidance. + + - test apps work on your platform, then either + - your user code is broken, align it to how the test apps work, or, + - something from your code is required to show an lws problem, provide a + minimal patch on a test app so it can be reproduced + + - test apps break on your platform, but work on, eg, x86_64, either + - toolchain or platform-specific (eg, OS) issue, or + - lws platform support issue + + - test apps break everywhere + - sounds like lws problem, info to reproduce and / or a patch is appreciated diff --git a/READMEs/README.test-apps.md b/README.test-apps.md similarity index 75% rename from READMEs/README.test-apps.md rename to README.test-apps.md index 7565b43..06854e0 100644 --- a/READMEs/README.test-apps.md +++ b/README.test-apps.md @@ -2,7 +2,7 @@ Overview of lws test apps ========================= Are you building a client? You just need to look at the test client -[libwebsockets-test-client](../test-apps/test-client.c). +[libwebsockets-test-client](test-server/test-client.c). If you are building a standalone server, there are three choices, in order of preferability. @@ -13,12 +13,12 @@ Lws provides a generic web server app that can be configured with JSON config files. https://libwebsockets.org itself uses this method. With lwsws handling the serving part, you only need to write an lws protocol -plugin. See [plugin-standalone](../plugin-standalone) for an example of how +plugin. See [plugin-standalone](plugin-standalone) for an example of how to do that outside lws itself, using lws public apis. $ cmake .. -DLWS_WITH_LWSWS=1 -See [README.lwsws.md](../READMEs/README.lwsws.md) for information on how to configure +See [README.lwsws.md](README.lwsws.md) for information on how to configure lwsws. NOTE this method implies libuv is used by lws, to provide crossplatform @@ -28,13 +28,11 @@ implementations of timers, dynamic lib loading etc for plugins and lwsws. This method lets you configure web serving in code, instead of using lwsws. -Plugins are still used, but you have a choice whether to dynamically load -them or statically include them. In this example, they are dynamically -loaded. +Plugins are still used, which implies libuv needed. $ cmake .. -DLWS_WITH_PLUGINS=1 -See [test-server-v2.0.c](../test-apps/test-server-v2.0.c) +See [test-server-v2.0.c](test-server/test-server-v2.0.c) 3) protocols in the server app @@ -45,23 +43,13 @@ combined code is all squidged together and is much less maintainable. This method is still supported in lws but all ongoing and future work is being done in protocol plugins only. -You can simply include the plugin contents and have it buit statically into -your server, just define this before including the plugin source - -``` -#define LWS_PLUGIN_STATIC -``` - -This gets you most of the advantages without needing dynamic loading + -libuv. - Notes about lws test apps ========================= @section tsb Testing server with a browser -If you run [libwebsockets-test-server](../test-apps/test-server.c) and point your browser +If you run [libwebsockets-test-server](test-server/test-server.c) and point your browser (eg, Chrome) to http://127.0.0.1:7681 @@ -86,7 +74,7 @@ terminates. To stop the daemon, do ``` - $ kill \`cat /tmp/.lwsts-lock\` + $ kill cat /tmp/.lwsts-lock ``` If it finds a stale lock (the pid mentioned in the file does not exist any more) it will delete the lock and create a new one during startup. @@ -94,60 +82,6 @@ any more) it will delete the lock and create a new one during startup. If the lock is valid, the daemon will exit with a note on stderr that it was already running. -@section clicert Testing Client Certs - -Here is a very quick way to create a CA, and a client and server cert from it, -for testing. - -``` -$ cp -rp ./scripts/client-ca /tmp -$ cd /tmp/client-ca -$ ./create-ca.sh -$ ./create-server-cert.sh server -$ ./create-client-cert.sh client -``` - -The last step wants an export password, you will need this password again to -import the p12 format certificate into your browser. - -This will get you the following - -|name|function| -|----|--------| -|ca.pem|Your Certificate Authority cert| -|ca.key|Private key for the CA cert| -|client.pem|Client certificate, signed by your CA| -|client.key|Client private key| -|client.p12|combined client.pem + client.key in p12 format for browsers| -|server.pem|Server cert, signed by your CA| -|server.key|Server private key| - -You can confirm yourself the client and server certs are signed by the CA. - -``` - $ openssl verify -verbose -trusted ca.pem server.pem - $ openssl verify -verbose -trusted ca.pem client.pem -``` - -Import the client.p12 file into your browser. In FFOX57 it's - - - preferences - - Privacy & Security - - Certificates | View Certificates - - Certificate Manager | Your Certificates | Import... - - Enter the password you gave when creating client1.p12 - - Click OK. - -You can then run the test server like this: - -``` - $ libwebsockets-test-server -s -A ca.pem -K server.key -C server.pem -v -``` - -When you connect your browser to https://localhost:7681 after accepting the -selfsigned server cert, your browser will pop up a prompt to send the server -your client cert (the -v switch enables this). The server will only accept -a client cert that has been signed by ca.pem. @section sssl Using SSL on the server side @@ -166,7 +100,7 @@ certificates in the browser and the connection will proceed in first https and then websocket wss, acting exactly the same. -[test-server.c](../test-apps/test-server.c) is all that is needed to use libwebsockets for +[test-server.c](test-server/test-server.c) is all that is needed to use libwebsockets for serving both the script html over http and websockets. @section lwstsdynvhost Dynamic Vhosts @@ -177,28 +111,6 @@ to toggle the creation and destruction of an identical second vhost on port + 1. This is intended as a test and demonstration for how to bring up and remove vhosts dynamically. -@section unixskt Testing Unix Socket Server support - -Start the test server with -U and the path to create the unix domain socket - -``` - $ libwebsockets-test-server -U /tmp/uds -``` - -On exit, lws will delete the socket inode. - -To test the client side, eg - -``` - $ nc -C -U /tmp/uds -i 30 -``` - -and type - -`GET / HTTP/1.1` - -followed by two ENTER. The contents of test.html should be returned. - @section wscl Testing websocket client support If you run the test server as described above, you can also @@ -238,6 +150,30 @@ For those two options libuv is needed to support the protocol plugins, if that's not possible then the other variations with their own protocol code should be considered. + +@section echo Testing simple echo + +You can test against `echo.websockets.org` as a sanity test like +this (the client connects to port `80` by default): + +``` + $ libwebsockets-test-echo --client echo.websocket.org +``` + +This echo test is of limited use though because it doesn't +negotiate any protocol. You can run the same test app as a +local server, by default on localhost:7681 +``` + $ libwebsockets-test-echo +``` +and do the echo test against the local echo server +``` + $ libwebsockets-test-echo --client localhost --port 7681 +``` +If you add the `--ssl` switch to both the client and server, you can also test +with an encrypted link. + + @section tassl Testing SSL on the client side To test SSL/WSS client action, just run the client test with @@ -391,8 +327,8 @@ version 13. Since libwebsockets runs using `poll()` and a single threaded approach, any unexpected latency coming from system calls would be bad news. There's now -a latency tracking scheme that can be built in with `-DLWS_WITH_LATENCY=1` at -cmake, logging the time taken for system calls to complete and if +a latency tracking scheme that can be built in with `--with-latency` at +configure-time, logging the time taken for system calls to complete and if the whole action did complete that time or was deferred. You can see the detailed data by enabling logging level 512 (eg, `-d 519` on @@ -412,29 +348,37 @@ treatment to the other app during that call. @section autobahn Autobahn Test Suite -Lws can be tested against the autobahn websocket fuzzer in both client and -server modes +Lws can be tested against the autobahn websocket fuzzer. 1) pip install autobahntestsuite -2) From your build dir: +2) wstest -m fuzzingserver -``` - $ cmake .. -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_MINIMAL_EXAMPLES=1 && make -``` +3) Run tests like this -3) ../scripts/autobahn-test.sh +libwebsockets-test-echo --client localhost --port 9001 -u "/runCase?case=20&agent=libwebsockets" -v -d 65535 -n 1 -4) In a browser go to the directory you ran wstest in (eg, /projects/libwebsockets) +(this runs test 20) -file:///projects/libwebsockets/build/reports/clients/index.html +4) In a browser, go here + +http://localhost:8080/test_browser.html + +fill in "libwebsockets" in "User Agent Identifier" and press "Update Reports (Manual)" + +5) In a browser go to the directory you ran wstest in (eg, /projects/libwebsockets) + +file:///projects/libwebsockets/reports/clients/index.html to see the results @section autobahnnotes Autobahn Test Notes -1) Two of the tests make no sense for Libwebsockets to support and we fail them. +1) Autobahn tests the user code + lws implementation. So to get the same +results, you need to follow test-echo.c in terms of user implementation. + +2) Two of the tests make no sense for Libwebsockets to support and we fail them. - Tests 2.10 + 2.11: sends multiple pings on one connection. Lws policy is to only allow one active ping in flight on each connection, the rest are dropped. @@ -442,7 +386,5 @@ The autobahn test itself admits this is not part of the standard, just someone's random opinion about how they think a ws server should act. So we will fail this by design and it is no problem about RFC6455 compliance. -2) Currently two parts of autobahn are broken and we skip them - -https://github.com/crossbario/autobahn-testsuite/issues/71 + diff --git a/READMEs/README.build.md b/READMEs/README.build.md deleted file mode 100644 index 17044f6..0000000 --- a/READMEs/README.build.md +++ /dev/null @@ -1,732 +0,0 @@ -Notes about building lws -======================== - - -@section cm Introduction to CMake - -CMake is a multi-platform build tool that can generate build files for many -different target platforms. See more info at http://www.cmake.org - -CMake also allows/recommends you to do "out of source"-builds, that is, -the build files are separated from your sources, so there is no need to -create elaborate clean scripts to get a clean source tree, instead you -simply remove your build directory. - -Libwebsockets has been tested to build successfully on the following platforms -with SSL support (for OpenSSL/wolfSSL/BoringSSL): - -- Windows (Visual Studio) -- Windows (MinGW) -- Linux (x86 and ARM) -- OSX -- NetBSD - - -@section build1 Building the library and test apps - -The project settings used by CMake to generate the platform specific build -files is called [CMakeLists.txt](../CMakeLists.txt). CMake then uses one of its "Generators" to -output a Visual Studio project or Make file for instance. To see a list of -the available generators for your platform, simply run the "cmake" command. - -Note that by default OpenSSL will be linked, if you don't want SSL support -see below on how to toggle compile options. - - -@section bu Building on Unix: - -1. Install CMake 2.8 or greater: http://cmake.org/cmake/resources/software.html - (Most Unix distributions comes with a packaged version also) - -2. Install OpenSSL. - -3. Generate the build files (default is Make files): -``` - $ cd /path/to/src - $ mkdir build - $ cd build - $ cmake .. -``` - -4. Finally you can build using the generated Makefile: -``` - $ make && sudo make install -``` -**NOTE**: The `build/`` directory can have any name and be located anywhere - on your filesystem, and that the argument `..` given to cmake is simply - the source directory of **libwebsockets** containing the [CMakeLists.txt](../CMakeLists.txt) - project file. All examples in this file assumes you use ".." - -**NOTE2**: -A common option you may want to give is to set the install path, same -as --prefix= with autotools. It defaults to /usr/local. -You can do this by, eg -``` - $ cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr . -``` - -**NOTE3**: -On machines that want libraries in lib64, you can also add the -following to the cmake line -``` - -DLIB_SUFFIX=64 -``` - -**NOTE4**: -If you are building against a non-distro OpenSSL (eg, in order to get -access to ALPN support only in newer OpenSSL versions) the nice way to -express that in one cmake command is eg, -``` - $ cmake .. -DOPENSSL_ROOT_DIR=/usr/local/ssl \ - -DCMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE=/usr/local/ssl \ - -DLWS_WITH_HTTP2=1 -``` - -When you run the test apps using non-distro SSL, you have to force them -to use your libs, not the distro ones -``` - $ LD_LIBRARY_PATH=/usr/local/ssl/lib libwebsockets-test-server --ssl -``` - -To get it to build on latest openssl (2016-04-10) it needed this approach -``` - cmake .. -DLWS_WITH_HTTP2=1 -DLWS_OPENSSL_INCLUDE_DIRS=/usr/local/include/openssl -DLWS_OPENSSL_LIBRARIES="/usr/local/lib64/libssl.so;/usr/local/lib64/libcrypto.so" -``` - -Mac users have reported - -``` - $ export OPENSSL_ROOT_DIR=/usr/local/Cellar/openssl/1.0.2k; cmake ..; make -j4 -``` - -worked for them when using "homebrew" OpenSSL - -**NOTE5**: -To build with debug info and _DEBUG for lower priority debug messages -compiled in, use -``` - $ cmake .. -DCMAKE_BUILD_TYPE=DEBUG -``` - -**NOTE6** -To build on Solaris the linker needs to be informed to use lib socket -and libnsl, and only builds in 64bit mode. - -```bash - $ cmake .. -DCMAKE_C_FLAGS=-m64 -DCMAKE_EXE_LINKER_FLAGS="-lsocket -lnsl" -``` - -**NOTE7** - -Build and test flow against boringssl. Notice `LWS_WITH_GENHASH` is currently -unavailable with boringssl due to their removing the necessary apis. - -Build current HEAD boringssl - -``` - $ cd /projects - $ git clone https://boringssl.googlesource.com/boringssl - $ cd boringssl - $ mkdir build - $ cd build - $ cmake .. -DBUILD_SHARED_LIBS=1 - $ make -j8 -``` - -Build and test lws against it - -``` - $ cd /projects/libwebsockets/build - $ cmake .. -DOPENSSL_LIBRARIES="/projects/boringssl/build/ssl/libssl.so;\ - /projects/boringssl/build/crypto/libcrypto.so" \ - -DOPENSSL_INCLUDE_DIRS=/projects/boringssl/include \ - -DLWS_WITH_BORINGSSL=1 -DCMAKE_BUILD_TYPE=DEBUG - $ make -j8 && sudo make install - $ LD_PRELOAD="/projects/boringssl/build/ssl/libssl.so \ - /projects/boringssl/build/crypto/libcrypto.so" \ - /usr/local/bin/libwebsockets-test-server -s -``` - -4. Finally you can build using the generated Makefile: - -```bash - $ make - ``` - -@section lcap Linux Capabilities - -On Linux, lws now lets you retain selected root capabilities when dropping -privileges. If libcap-dev or similar package is installed providing -sys/capabilities.h, and libcap or similar package is installed providing -libcap.so, CMake will enable the capability features. - -The context creation info struct .caps[] and .count_caps members can then -be set by user code to enable selected root capabilities to survive the -transition to running under an unprivileged user. - -@section cmq Quirk of cmake - -When changing cmake options, for some reason the only way to get it to see the -changes sometimes is delete the contents of your build directory and do the -cmake from scratch. - -deleting build/CMakeCache.txt may be enough. - - -@section cmw Building on Windows (Visual Studio) - -1. Install CMake 2.6 or greater: http://cmake.org/cmake/resources/software.html - -2. Install OpenSSL binaries. https://wiki.openssl.org/index.php/Binaries - - (**NOTE**: Preferably in the default location to make it easier for CMake to find them) - - **NOTE2**: - Be sure that OPENSSL_CONF environment variable is defined and points at - \bin\openssl.cfg - -3. Generate the Visual studio project by opening the Visual Studio cmd prompt: - -``` - cd - md build - cd build - cmake -G "Visual Studio 10" .. -``` - - (**NOTE**: There is also a cmake-gui available on Windows if you prefer that) - - **NOTE2**: - See this link to find out the version number corresponding to your Visual Studio edition: - http://superuser.com/a/194065 - -4. Now you should have a generated Visual Studio Solution in your - `/build` directory, which can be used to build. - -5. Some additional deps may be needed - - - iphlpapi.lib - - psapi.lib - - userenv.lib - -6. If you're using libuv, you must make sure to compile libuv with the same multithread-dll / Mtd attributes as libwebsockets itself - - -@section cmwmgw Building on Windows (MinGW) - -1. Install MinGW - - For Fedora, it's, eg, `dnf install mingw64-gcc` - -2. Install current CMake package - - For Fedora, it's `dnf install cmake` - -3. Instal mingw-built OpenSSL pieces - - For Fedora, it's `mingw64-openssl.noarch mingw64-openssl-static.noarch` - - mingw64-cmake as described below will auto-find the libs and includes - for build. But to execute the apps, they either need to go into the same - `/usr/x86_64-w64-mingw32/sys-root/mingw/bin/` as the dlls are installed to, - or the dlls have to be copied into the same dir as your app executable. - -4. Generate the build files (default is Make files) using MSYS shell. - - For Fedora, they provide a `mingw64-cmake` wrapper in the package - `mingw64-filesystem`, with this you can run that instead of cmake directly - and don't have to get involved with setting the cmake generator. - - Otherwise doing it by hand is like this: - -``` - $ cd /drive/path/to/src - $ mkdir build - $ cd build - $ cmake -G "MSYS Makefiles" -DCMAKE_INSTALL_PREFIX=C:/MinGW .. -``` - - To generate build files allowing to create libwebsockets binaries with debug information - set the CMAKE_BUILD_TYPE flag to DEBUG: -``` - $ cmake -G "MSYS Makefiles" -DCMAKE_INSTALL_PREFIX=C:/MinGW -DCMAKE_BUILD_TYPE=DEBUG .. -``` -5. Finally you can build using the generated Makefile and get the results deployed into your MinGW installation: - -``` - $ make && make install -``` - -@section distro Selecting CMake options useful for distros - -Distro packagers should select the CMake option "LWS_WITH_DISTRO_RECOMMENDED", -which selects common additional options like support for various event libraries, -plugins and lwsws. - -@section ssllib Choosing Your TLS Poison - - - If you are really restricted on memory, code size, or don't care about TLS - speed, mbedTLS is a good choice: `cmake .. -DLWS_WITH_MBEDTLS=1` - - - If cpu and memory is not super restricted and you care about TLS speed, - OpenSSL or a directly compatible variant like Boring SSL is a good choice. - -Just building lws against stock Fedora OpenSSL or stock Fedora mbedTLS, for -SSL handhake mbedTLS takes ~36ms and OpenSSL takes ~1ms on the same x86_64 -build machine here, with everything else the same. Over the 144 connections of -h2spec compliance testing for example, this ends up completing in 400ms for -OpenSSL and 5.5sec for mbedTLS on x86_64. In other words mbedTLS is very slow -compared to OpenSSL under the (fairly typical) conditions I tested it. - -This isn't an inefficiency in the mbedtls interface implementation, it's just -mbedTLS doing the crypto much slower than OpenSSL, which has accelerated -versions of common crypto operations it automatically uses for platforms -supporting it. As of Oct 2017 mbedTLS itself has no such optimizations for any -platform that I could find. It's just pure C running on the CPU. - -Lws supports both almost the same, so instead of taking my word for it you are -invited to try it both ways and see which the results (including, eg, binary -size and memory usage as well as speed) suggest you use. - -NOTE: one major difference with mbedTLS is it does not load the system trust -store by default. That has advantages and disadvantages, but the disadvantage -is you must provide the CA cert to lws built against mbedTLS for it to be able -to validate it, ie, use -A with the test client. The minimal test clients -have the CA cert for warmcat.com and libwebsockets.org and use it if they see -they were built with mbedTLS. - -@section optee Building for OP-TEE - -OP-TEE is a "Secure World" Trusted Execution Environment. - -Although lws is only part of the necessary picture to have an https-enabled -TA, it does support OP-TEE as a platform and if you provide the other -pieces, does work very well. - -Select it in cmake with `-DLWS_PLAT_OPTEE=1` - - -@section cmco Setting compile options - -To set compile time flags you can either use one of the CMake gui applications -or do it via the command line. - -@subsection cmcocl Command line - -To list available options (omit the H if you don't want the help text): - - cmake -LH .. - -Then to set an option and build (for example turn off SSL support): - - cmake -DLWS_WITH_SSL=0 .. -or - cmake -DLWS_WITH_SSL:BOOL=OFF .. - -@subsection cmcoug Unix GUI - -If you have a curses-enabled build you simply type: -(not all packages include this, my debian install does not for example). - - ccmake - -@subsection cmcowg Windows GUI - -On windows CMake comes with a gui application: - Start -> Programs -> CMake -> CMake (cmake-gui) - - -@section wolf wolfSSL/CyaSSL replacement for OpenSSL - -wolfSSL/CyaSSL is a lightweight SSL library targeted at embedded systems: -https://www.wolfssl.com/wolfSSL/Products-wolfssl.html - -It contains a OpenSSL compatibility layer which makes it possible to pretty -much link to it instead of OpenSSL, giving a much smaller footprint. - -**NOTE**: wolfssl needs to be compiled using the `--enable-opensslextra` flag for -this to work. - -@section wolf1 Compiling libwebsockets with wolfSSL - -``` - cmake .. -DLWS_WITH_WOLFSSL=1 \ - -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \ - -DLWS_WOLFSSL_LIBRARIES=/path/to/wolfssl/wolfssl.a .. -``` - -**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIBRARIES` instead. - -@section cya Compiling libwebsockets with CyaSSL - -``` - cmake .. -DLWS_WITH_CYASSL=1 \ - -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \ - -DLWS_CYASSL_LIBRARIES=/path/to/wolfssl/cyassl.a .. -``` - -**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead. - -@section gzip Selecting GZIP or MINIZ - -By default lws supports gzip when compression is needed. But you can tell it to use -MINIZ instead by using `-DLWS_WITH_MINIZ=1`. - -For native build cmake will try to find an existing libminiz.so or .a and build -against that and the found includes automatically. - -For cross-build or building against local miniz, you need the following kind of -cmake to tell it where to get miniz - -``` -cmake .. -DLWS_WITH_MINIZ=1 -DLWS_WITH_ZIP_FOPS=1 -DMINIZ_INCLUDE_DIRS="/projects/miniz;/projects/miniz/build" -DMINIZ_LIBRARIES=/projects/miniz/build/libminiz.so.2.1.0 -``` - -@section esp32 Building for ESP32 - -Building for ESP32 requires the ESP-IDF framework. It can be built under Linux, OSX or Windows (MSYS2). - -1. Install ESP-IDF, follow the getting started guide here - http://esp-idf.readthedocs.io/en/latest/get-started/ -2. Set ESP-IDF to last known working version (assuming ESP-IDF is in `~/esp/esp-idf`) : -``` - cd ~/esp/esp-idf - git checkout 0c50b65a34cd6b3954f7435193411a88adb49cb0 - git submodule update --recursive -``` -3. Add `libwebsockets` as a submodule in the `components` folder of your ESP-IDF project: -``` - git submodule add https://github.com/warmcat/libwebsockets.git components/libwebsockets -``` -4. If on Windows (MSYS2) you will need to install CMake in the MSYS2 environment: -``` - pacman -S mingw-w64-i686-cmake -``` -If you're on Linux or OSX ensure CMake version is at least 3.7. - -@section extplugins Building plugins outside of lws itself - -The directory ./plugin-standalone/ shows how easy it is to create plugins -outside of lws itself. First build lws itself with -DLWS_WITH_PLUGINS, -then use the same flow to build the standalone plugin -``` - cd ./plugin-standalone - mkdir build - cd build - cmake .. - make && sudo make install -``` - -if you changed the default plugin directory when you built lws, you must -also give the same arguments to cmake here (eg, -` -DCMAKE_INSTALL_PREFIX:PATH=/usr/something/else...` ) - -Otherwise if you run lwsws or libwebsockets-test-server-v2.0, it will now -find the additional plugin "libprotocol_example_standalone.so" -``` - lwsts[21257]: Plugins: - lwsts[21257]: libprotocol_dumb_increment.so - lwsts[21257]: libprotocol_example_standalone.so - lwsts[21257]: libprotocol_lws_mirror.so - lwsts[21257]: libprotocol_lws_server_status.so - lwsts[21257]: libprotocol_lws_status.so -``` -If you have multiple vhosts, you must enable plugins at the vhost -additionally, discovered plugins are not enabled automatically for security -reasons. You do this using info->pvo or for lwsws, in the JSON config. - - -@section http2rp Reproducing HTTP/2 tests - -Enable `-DLWS_WITH_HTTP2=1` in cmake to build with http/2 support enabled. - -You must have built and be running lws against a version of openssl that has -ALPN. At the time of writing, recent distros have started upgrading to OpenSSL -1.1+ that supports this already. You'll know it's right by seeing - -``` - lwsts[4752]: Compiled with OpenSSL support - lwsts[4752]: Using SSL mode - lwsts[4752]: HTTP2 / ALPN enabled -``` -at lws startup. - -Recent Firefox and Chrome also support HTTP/2 by ALPN, so these should just work -with the test server running in -s / ssl mode. - -For testing with nghttp client: - -``` - $ nghttp -nvas https://localhost:7681/test.html -``` - -Testing with h2spec (https://github.com/summerwind/h2spec) - -``` - $ h2spec -h 127.0.0.1 -p 7681 -t -k -v -o 1 -``` - -``` -145 tests, 145 passed, 0 skipped, 0 failed - -``` - -@section coverage Automated Coverage Testing - -./test-apps/attack.sh contains scripted tests that are the basis -of the automated test coverage assessment available for gcc and clang. - -To reproduce - - $ cd build - $ cmake .. -DLWS_WITH_GCOV=1 -DCMAKE_BUILD_TYPE=DEBUG - $ ../scripts/build-gcov.sh - $ ../test-apps/attack.sh - $ ../scripts/gcov.sh -... -Lines executed:51.24% of 8279 - -@section windowsprebuilt Using Windows binary builds on Appveyor - -The CI builds on Appveyor now produce usable binary outputs. Visit - -[lws on Appveyor](https://ci.appveyor.com/project/lws-team/libwebsockets) - -and select one of the builds, then click on ARTIFACTS at the top right. The zip file -want to be unpacked into `C:\Program Files (x86)/libwebsockets`, after that, you should be able to run the test server, by running it from `bin/Release/libwebsockets-test-server.exe` and opening a browser on http://127.0.0.1:7681 - -@section cross Cross compiling - -To enable cross-compiling **libwebsockets** using CMake you need to create -a "Toolchain file" that you supply to CMake when generating your build files. -CMake will then use the cross compilers and build paths specified in this file -to look for dependencies and such. - -**Libwebsockets** includes an example toolchain file [cross-arm-linux-gnueabihf.cmake](../contrib/cross-arm-linux-gnueabihf.cmake) -you can use as a starting point. - -The commandline to configure for cross with this would look like -``` - $ cmake .. -DCMAKE_INSTALL_PREFIX:PATH=/usr/lib/my-cross-root \ - -DCMAKE_TOOLCHAIN_FILE=../contrib/cross-arm-linux-gnueabihf.cmake \ - -DLWS_WITHOUT_EXTENSIONS=1 -DLWS_WITH_SSL=0 \ - -DLWS_WITH_ZIP_FOPS=0 -DLWS_WITH_ZLIB=0 -``` -The example shows how to build with no external cross lib dependencies, you -need to provide the cross libraries otherwise. - -**NOTE**: start from an EMPTY build directory if you had a non-cross build in there - before the settings will be cached and your changes ignored. - Delete `build/CMakeCache.txt` at least before trying a new cmake config - to ensure you are really building the options you think you are. - -Additional information on cross compilation with CMake: - http://www.vtk.org/Wiki/CMake_Cross_Compiling - -@section cross_example Complex Cross compiling example - -Here are step by step instructions for cross-building the external projects needed for lws with lwsws + mbedtls as an example. - -In the example, my toolchain lives in `/projects/aist-tb/arm-tc` and is named `arm-linux-gnueabihf`. So you will need to adapt those to where your toolchain lives and its name where you see them here. - -Likewise I do all this in /tmp but it has no special meaning, you can adapt that to somewhere else. - -All "foreign" cross-built binaries are sent into `/tmp/cross` so they cannot be confused for 'native' x86_64 stuff on your host machine in /usr/[local/].... - -## Prepare the cmake toolchain file - -1) `cd /tmp` - -2) `wget -O mytoolchainfile https://raw.githubusercontent.com/warmcat/libwebsockets/master/contrib/cross-arm-linux-gnueabihf.cmake` - -3) Edit `/tmp/mytoolchainfile` adapting `CROSS_PATH`, `CMAKE_C_COMPILER` and `CMAKE_CXX_COMPILER` to reflect your toolchain install dir and path to your toolchain C and C++ compilers respectively. For my case: - -``` -set(CROSS_PATH /projects/aist-tb/arm-tc/) -set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/arm-linux-gnueabihf-gcc") -set(CMAKE_CXX_COMPILER "${CROSS_PATH}/bin/arm-linux-gnueabihf-g++") -``` - -## 1/4: Building libuv cross: - -1) `export PATH=/projects/aist-tb/arm-tc/bin:$PATH` Notice there is a **/bin** on the end of the toolchain path - -2) `cd /tmp ; mkdir cross` we will put the cross-built libs in /tmp/cross - -3) `git clone https://github.com/libuv/libuv.git` get libuv - -4) `cd libuv` - -5) `./autogen.sh` - -``` -+ libtoolize --copy -libtoolize: putting auxiliary files in '.'. -libtoolize: copying file './ltmain.sh' -libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'. -libtoolize: copying file 'm4/libtool.m4' -libtoolize: copying file 'm4/ltoptions.m4' -libtoolize: copying file 'm4/ltsugar.m4' -libtoolize: copying file 'm4/ltversion.m4' -libtoolize: copying file 'm4/lt~obsolete.m4' -+ aclocal -I m4 -+ autoconf -+ automake --add-missing --copy -configure.ac:38: installing './ar-lib' -configure.ac:25: installing './compile' -configure.ac:22: installing './config.guess' -configure.ac:22: installing './config.sub' -configure.ac:21: installing './install-sh' -configure.ac:21: installing './missing' -Makefile.am: installing './depcomp' -``` -If it has problems, you will need to install `automake`, `libtool` etc. - -6) `./configure --host=arm-linux-gnueabihf --prefix=/tmp/cross` - -7) `make && make install` this will install to `/tmp/cross/...` - -8) `file /tmp/cross/lib/libuv.so.1.0.0` Check it's really built for ARM -``` -/tmp/cross/lib/libuv.so.1.0.0: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=cdde0bc945e51db6001a9485349c035baaec2b46, with debug_info, not stripped -``` - -## 2/4: Building zlib cross - -1) `cd /tmp` - -2) `git clone https://github.com/madler/zlib.git` - -3) `CC=arm-linux-gnueabihf-gcc ./configure --prefix=/tmp/cross` -``` -Checking for shared library support... -Building shared library libz.so.1.2.11 with arm-linux-gnueabihf-gcc. -Checking for size_t... Yes. -Checking for off64_t... Yes. -Checking for fseeko... Yes. -Checking for strerror... Yes. -Checking for unistd.h... Yes. -Checking for stdarg.h... Yes. -Checking whether to use vs[n]printf() or s[n]printf()... using vs[n]printf(). -Checking for vsnprintf() in stdio.h... Yes. -Checking for return value of vsnprintf()... Yes. -Checking for attribute(visibility) support... Yes. -``` - -4) `make && make install` -``` -arm-linux-gnueabihf-gcc -O3 -D_LARGEFILE64_SOURCE=1 -DHAVE_HIDDEN -I. -c -o example.o test/example.c -... -rm -f /tmp/cross/include/zlib.h /tmp/cross/include/zconf.h -cp zlib.h zconf.h /tmp/cross/include -chmod 644 /tmp/cross/include/zlib.h /tmp/cross/include/zconf.h -``` - -5) `file /tmp/cross/lib/libz.so.1.2.11` This is just to confirm we built an ARM lib as expected -``` -/tmp/cross/lib/libz.so.1.2.11: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=6f8ffef84389b1417d2fd1da1bd0c90f748f300d, with debug_info, not stripped -``` - -## 3/4: Building mbedtls cross - -1) `cd /tmp` - -2) `git clone https://github.com/ARMmbed/mbedtls.git` - -3) `cd mbedtls ; mkdir build ; cd build` - -3) `cmake .. -DCMAKE_TOOLCHAIN_FILE=/tmp/mytoolchainfile -DCMAKE_INSTALL_PREFIX:PATH=/tmp/cross -DCMAKE_BUILD_TYPE=RELEASE -DUSE_SHARED_MBEDTLS_LIBRARY=1` mbedtls also uses cmake, so you can simply reuse the toolchain file you used for libwebsockets. That is why you shouldn't put project-specific options in the toolchain file, it should just describe the toolchain. - -4) `make && make install` - -5) `file /tmp/cross/lib/libmbedcrypto.so.2.6.0` -``` -/tmp/cross/lib/libmbedcrypto.so.2.6.0: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=bcca195e78bd4fd2fb37f36ab7d72d477d609d87, with debug_info, not stripped -``` - -## 4/4: Building libwebsockets with everything - -1) `cd /tmp` - -2) `git clone ssh://git@github.com/warmcat/libwebsockets` - -3) `cd libwebsockets ; mkdir build ; cd build` - -4) (this is all one line on the commandline) -``` -cmake .. -DCMAKE_TOOLCHAIN_FILE=/tmp/mytoolchainfile \ --DCMAKE_INSTALL_PREFIX:PATH=/tmp/cross \ --DLWS_WITH_LWSWS=1 \ --DLWS_WITH_MBEDTLS=1 \ --DLWS_MBEDTLS_LIBRARIES="/tmp/cross/lib/libmbedcrypto.so;/tmp/cross/lib/libmbedtls.so;/tmp/cross/lib/libmbedx509.so" \ --DLWS_MBEDTLS_INCLUDE_DIRS=/tmp/cross/include \ --DLWS_LIBUV_LIBRARIES=/tmp/cross/lib/libuv.so \ --DLWS_LIBUV_INCLUDE_DIRS=/tmp/cross/include \ --DLWS_ZLIB_LIBRARIES=/tmp/cross/lib/libz.so \ --DLWS_ZLIB_INCLUDE_DIRS=/tmp/cross/include -``` - -3) `make && make install` - -4) `file /tmp/cross/lib/libwebsockets.so.11` -``` -/tmp/cross/lib/libwebsockets.so.11: ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=81e59c6534f8e9629a9fc9065c6e955ce96ca690, with debug_info, not stripped -``` - -5) `arm-linux-gnueabihf-objdump -p /tmp/cross/lib/libwebsockets.so.11 | grep NEEDED` Confirm that the lws library was linked against everything we expect (libm / libc are provided by your toolchain) -``` - NEEDED libz.so.1 - NEEDED libmbedcrypto.so.0 - NEEDED libmbedtls.so.10 - NEEDED libmbedx509.so.0 - NEEDED libuv.so.1 - NEEDED libm.so.6 - NEEDED libc.so.6 -``` - -You will also find the lws test apps in `/tmp/cross/bin`... to run lws on the target you will need to copy the related things from /tmp/cross... all the .so from /tmp/cross/lib and anything from /tmp/cross/bin you want. - -@section mem Memory efficiency - -Embedded server-only configuration without extensions (ie, no compression -on websocket connections), but with full v13 websocket features and http -server, built on ARM Cortex-A9: - -Update at 8dac94d (2013-02-18) -``` - $ ./configure --without-client --without-extensions --disable-debug --without-daemonize - - Context Creation, 1024 fd limit[2]: 16720 (includes 12 bytes per fd) - Per-connection [3]: 72 bytes, +1328 during headers - - .text .rodata .data .bss - 11512 2784 288 4 -``` -This shows the impact of the major configuration with/without options at -13ba5bbc633ea962d46d using Ubuntu ARM on a PandaBoard ES. - -These are accounting for static allocations from the library elf, there are -additional dynamic allocations via malloc. These are a bit old now but give -the right idea for relative "expense" of features. - -Static allocations, ARM9 - -| | .text | .rodata | .data | .bss | -|--------------------------------|---------|---------|-------|------| -| All (no without) | 35024 | 9940 | 336 | 4104 | -| without client | 25684 | 7144 | 336 | 4104 | -| without client, exts | 21652 | 6288 | 288 | 4104 | -| without client, exts, debug[1] | 19756 | 3768 | 288 | 4104 | -| without server | 30304 | 8160 | 336 | 4104 | -| without server, exts | 25382 | 7204 | 288 | 4104 | -| without server, exts, debug[1] | 23712 | 4256 | 288 | 4104 | - -[1] `--disable-debug` only removes messages below `lwsl_notice`. Since that is -the default logging level the impact is not noticeable, error, warn and notice -logs are all still there. - -[2] `1024` fd per process is the default limit (set by ulimit) in at least Fedora -and Ubuntu. You can make significant savings tailoring this to actual expected -peak fds, ie, at a limit of `20`, context creation allocation reduces to `4432 + -240 = 4672`) - -[3] known header content is freed after connection establishment diff --git a/READMEs/README.ci.md b/READMEs/README.ci.md deleted file mode 100644 index ed5d55a..0000000 --- a/READMEs/README.ci.md +++ /dev/null @@ -1,29 +0,0 @@ -## Need for CI - -Generally if we're adding something that's supposed to work ongoing, the stuff -should be exercised in CI (at least Travis). - -If there are few users for a particular feature, experience has shown that -refactors or other upheaval can easily break it into a state of uselessness -without anyone noticing until later. - -Therefore here's a description of how to add something to the CI tests... this -is certainly a nonproductive PITA and I have never been thanked for the work -involved. But if the promise of the various features working is going to -remain alive, it's necessary to include CI test where possible with new -nontrivial code. - -## Integration points - -### cmake - -`.travis.yml` maps the various test activities to CMake options needed. - -### including dependent packages into travis - -See `./scripts/travis_install.sh` - -### performing prepared test actions - -See `./scripts/travis_control.sh` - diff --git a/READMEs/README.content-security-policy.md b/READMEs/README.content-security-policy.md deleted file mode 100644 index 0fe0cc2..0000000 --- a/READMEs/README.content-security-policy.md +++ /dev/null @@ -1,148 +0,0 @@ -## Using Content Security Policy (CSP) - -### What is it? - -Modern browsers have recently implemented a new feature providing -a sort of "selinux for your web page". If the server sends some -new headers describing the security policy for the content, then -the browser strictly enforces it. - -### Why would we want to do that? - -Scripting on webpages is pretty universal, sometimes the scripts -come from third parties, and sometimes attackers find a way to -inject scripts into the DOM, eg, through scripts in content. - -CSP lets the origin server define what is legitimate for the page it -served and everything else is denied. - -The CSP for warmcat.com and libwebsockets.org looks like this, -I removed a handful of whitelisted image sources like travis -status etc for clarity... - -``` -"content-security-policy": "default-src 'none'; img-src 'self' data:; script-src 'self'; font-src 'self'; style-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'none';", -"x-content-type-options": "nosniff", -"x-xss-protection": "1; mode=block", -"x-frame-options": "deny", -"referrer-policy": "no-referrer" -``` - -The result of this is the browser won't let the site content be iframed, and it -will reject any inline styles or inline scripts. Fonts, css, ajax, ws and -images are only allowed to come from 'self', ie, the server that served the -page. You may inject your script, or deceptive styles: it won't run or be shown. - -Because inline scripts are banned, the usual methods for XSS are dead; -the attacker can't even load js from another server. So these rules -provide a very significant increase in client security. - -### Implications of strict CSP - -Halfhearted CSP isn't worth much. The only useful approach is to start -with `default-src 'none'` which disables everything, and then whitelist the -minimum needed for the pages to operate. - -"Minimum needed for the pages to operate" doesn't mean defeat the protections -necessary so everything in the HTML can stay the same... it means adapt the -pages to want the minimum and then enable the minimum. - -The main point is segregation of styles and script away from the content, in -files referenced in the document `` section, along these lines: - -``` - - - - - - Minimal Websocket test app - -``` - -#### Inline styles must die - -All styling must go in one or more `.css` file(s) best served by the same -server... while you can whitelist other sources in the CSP if you have to, -unless you control that server as well, you are allowing whoever gains -access to that server access to your users. - -Inline styles are no longer allowed (eg, "style='font-size:120%'" in the -HTML)... they must be replaced by reference to one or more CSS class, which -in this case includes "font-size:120%". This has always been the best -practice anyway, and your pages will be cleaner and more maintainable. - -#### Inline scripts must die - -Inline scripts need to be placed in a `.js` file and loaded in the page head -section, again it should only be from the server that provided the page. - -Then, any kind of inline script, yours or injected or whatever, will be -completely rejected by the browser. - -#### onXXX must be replaced by eventListener - -Inline `onclick()` etc are kinds of inline scripting and are banned. - -Modern browsers have offered a different system called ["EventListener" for -a while](https://developer.mozilla.org/en-US/docs/Web/API/EventListener) -which allows binding of events to DOM elements in JS. - -A bunch of different named events are possible to listen on, commonly the -`.js` file will ask for one or both of - -``` -window.addEventListener("load", function() { -... -}, false); - -document.addEventListener("DOMContentLoaded", function() { -... -}, false); -``` - -These give the JS a way to trigger when either everything on the page has -been "loaded" or the DOM has been populated from the initial HTML. These -can set up other event listeners on the DOM objects and aftwards the -events will drive what happens on the page from user interaction and / or -timers etc. - -If you have `onclick` in your HTML today, you would replace it with an id -for the HTML element, then eg in the DOMContentLoaded event listener, -apply - -``` - document.getElementById("my-id").addEventListener("click", function() { - ... - }, false); -``` - -ie the .js file becomes the only place with the "business logic" of the -elements mentioned in the HTML, applied at runtime. - -#### Do you really need external sources? - -Do your scripts and fonts really need to come from external sources? -If your caching policy is liberal, they are not actually that expensive -to serve once and then the user is using his local copy for the next -days. - -Some external sources are marked as anti-privacy in modern browsers, meaning -they track your users, in turn meaning if your site refers to them, you -will lose your green padlock in the browser. If the content license allows -it, hosting them on "self", ie, the same server that provided the HTML, -will remove that problem. - -Bringing in scripts from external sources is actually quite scary from the -security perspective. If someone hacks the `ajax.googleapis.com` site to serve -a hostile, modified jquery, half the Internet will instantly -become malicious. However if you serve it yourself, unless your server -was specifically targeted you know it will continue to serve what you -expect. - -Since these scripts are usually sent with cache control headers for local -caching duration of 1 year, the cost of serving them yourself under the same -conditions is small but your susceptibility to attack is reduced to only taking -care of your own server. And there is a privacy benefit that google is not -informed of your users' IPs and activities on your site. - diff --git a/READMEs/README.contributing.md b/READMEs/README.contributing.md deleted file mode 100644 index 34df25e..0000000 --- a/READMEs/README.contributing.md +++ /dev/null @@ -1,41 +0,0 @@ -## Contributing to lws - -### How to contribute - -Sending a patch with a bug report is very welcome. - -For nontrivial problems, it's probably best to discuss on the mailing list, -or on github if you prefer, how to best solve it. - -However your contribution is coming is fine: - - - paste a `git diff` - - - send a patch series by mail or mailing list - - - paste in a github issue - - - github PR - -are all OK. - -### Coding Standards - -Code should look roughly like the existing code, which follows linux kernel -coding style. - -If there are non-functional problems I will clean them out when I apply the -patch. - -If there are functional problems (eg broken error paths etc) if they are -small compared to the working part I will also clean them. If there are -larger problems, or consequences to the patch will have to discuss how to -solve them with a retry. - -### Funding specific work - -If there is a feature you wish was supported in lws, consider paying for the -work to be done. The maintainer is a consultant and if we can agree the -task, you can quickly get a high quality result that does just what you need, -maintained ongoing along with the rest of lws. - diff --git a/READMEs/README.crypto-apis.md b/READMEs/README.crypto-apis.md deleted file mode 100644 index 4a04687..0000000 --- a/READMEs/README.crypto-apis.md +++ /dev/null @@ -1,181 +0,0 @@ -# Lws Crypto Apis - -## Overview - -![lws crypto overview](/doc-assets/lws-crypto-overview.svg) - -Lws provides a "generic" crypto layer on top of both OpenSSL and -compatible tls library, and mbedtls. Using this layer, your code -can work without any changes on both types of tls library crypto -backends... it's as simple as rebuilding lws with `-DLWS_WITH_MBEDTLS=0` -or `=1` at cmake. - -The generic layer can be used directly (as in, eg, the sshd plugin), -or via another layer on top, which processes JOSE JSON objects using -JWS (JSON Web Signatures), JWK (JSON Web Keys), and JWE (JSON Web -Encryption). - -The `JW` apis use the generic apis (`lws_genrsa_`, etc) to get the crypto tasks -done, so anything they can do you can also get done using the generic apis. -The main difference is that with the generic apis, you must instantiate the -correct types and use type-specfic apis. With the `JW` apis, there is only -one interface for all operations, with the details hidden in the api and -controlled by the JSON objects. - -Because of this, the `JW` apis are often preferred because they give you -"crypto agility" cheaply... to change your crypto to another supported algorithm -once it's working, you literally just change your JSON defining the keys and -JWE or JWS algorithm. (It's up to you to define your policy for which -combinations are acceptable by querying the parsed JW structs). - -## Crypto supported in generic layer - -### Generic Hash - - - SHA1 - - SHA256 - - SHA384 - - SHA512 - -### Generic HMAC - - - SHA256 - - SHA384 - - SHA512 - -### Generic AES - - - CBC - - CFB128 - - CFB8 - - CTR - - ECB - - OFB - - XTS - - GCM - - KW (Key Wrap) - -### Generic RSA - - - PKCS 1.5 - - OAEP / PSS - -### Generic EC - - - ECDH - - ECDSA - - P256 / P384 / P521 (sic) curves - -## Using the generic layer - -All the necessary includes are part of `libwebsockets.h`. - -Enable `-DLWS_WITH_GENCRYPTO=1` at cmake. - -|api|header|Functionality| -|---|---|---| -|genhash|[./include/libwebsockets/lws-genhash.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genhash.h)|Provides SHA1 + SHA2 hashes and hmac| -|genrsa|[./include/libwebsockets/lws-genrsa.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genrsa.h)|Provides RSA encryption, decryption, signing, verification, key generation and creation| -|genaes|[./include/libwebsockets/lws-genaes.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genaes.h)|Provides AES in all common variants for encryption and decryption| -|genec|[./include/libwebsockets/lws-genec.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-genec.h)|Provides Elliptic Curve for encryption, decryption, signing, verification, key generation and creation| -|x509|[./include/libwebsockets/lws-x509.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-x509.h)|Apis for X.509 Certificate loading, parsing, and stack verification, plus JWK key extraction from PEM X.509 certificate / private key| - -Unit tests for these apis, which serve as usage examples, can be found in [./minimal-examples/api-tests/api-test-gencrypto](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-gencrypto) - -### Keys in the generic layer - -The necessary types and defines are brought in by `libwebsockets.h`. - -Keys are represented only by an array of `struct lws_jwk_elements`... the -length of the array is defined by the cipher... it's one of - -|key elements count|definition| -|---|---| -|`LWS_COUNT_OCT_KEY_ELEMENTS`|1| -|`LWS_COUNT_RSA_KEY_ELEMENTS`|8| -|`LWS_COUNT_EC_KEY_ELEMENTS`|4| -|`LWS_COUNT_AES_KEY_ELEMENTS`|1| - -`struct lws_jwk_elements` is a simple pointer / length combination used to -store arbitrary octets that make up the key element's binary representation. - -## Using the JOSE layer - -The JOSE (JWK / JWS / JWE) stuff is a crypto-agile JSON-based layer -that uses the gencrypto support underneath. - -"Crypto Agility" means the JSON structs include information about the -algorithms and ciphers used in that particular object, making it easy to -upgrade system crypto strength or cycle keys over time while supporting a -transitional period where the old and new keys or algorithms + ciphers -are also valid. - -Uniquely lws generic support means the JOSE stuff also has "tls library -agility", code written to the lws generic or JOSE apis is completely unchanged -even if the underlying tls library changes between OpenSSL and mbedtls, meaning -sharing code between server and client sides is painless. - -All the necessary includes are part of `libwebsockets.h`. - -Enable `-DLWS_WITH_JOSE=1` at CMake. - -|api|header|Functionality| -|---|---|---| -|JOSE|[./include/libwebsockets/lws-jose.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jose.h)|Provides crypto agility for JWS / JWE| -|JWE|[./include/libwebsockets/lws-jwe.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jwe.h)|Provides Encryption and Decryption services for RFC7516 JWE JSON| -|JWS|[./include/libwebsockets/lws-jws.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jws.h)|Provides signature and verifcation services for RFC7515 JWS JSON| -|JWK|[./include/libwebsockets/lws-jwk.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-jwk.h)|Provides signature and verifcation services for RFC7517 JWK JSON, both "keys" arrays and singletons| - -Minimal examples are provided in the form of commandline tools for JWK / JWS / JWE / x509 handling: - - - [JWK minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwk) - - [JWS minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jws) - - [JWE minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) - - [X509 minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-x509) - -Unit tests for these apis, which serve as usage examples, can be found in [./minimal-examples/api-tests/api-test-jose](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-jose) - -## Crypto supported in the JOSE layer - -The JOSE RFCs define specific short names for different algorithms - -### JWS - -|JSOE name|Hash|Signature| ----|---|--- -|RS256, RS384, RS512|SHA256/384/512|RSA -|ES256, ES384, ES521|SHA256/384/512|EC - -### JWE - -|Key Encryption|Payload authentication + crypt| -|---|---| -|`RSAES-PKCS1-v1.5` 2048b & 4096b|`AES_128_CBC_HMAC_SHA_256`| -|`RSAES-PKCS1-v1.5` 2048b|`AES_192_CBC_HMAC_SHA_384`| -|`RSAES-PKCS1-v1.5` 2048b|`AES_256_CBC_HMAC_SHA_512`| -|`RSAES-OAEP`|`AES_256_GCM`| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_128_CBC_HMAC_SHA_256`| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_192_CBC_HMAC_SHA_384`| -|`AES128KW`, `AES192KW`, `AES256KW`|`AES_256_CBC_HMAC_SHA_512`| -|`ECDH-ES` (P-256/384/521 key)|`AES_128/192/256_GCM`| -|`ECDH-ES+A128/192/256KW` (P-256/384/521 key)|`AES_128/192/256_GCM`| - -### Keys in the JOSE layer - -Keys in the JOSE layer use a `struct lws_jwk`, this contains two arrays of -`struct lws_jwk_elements` sized for the worst case (currently RSA). One -array contains the key elements as described for the generic case, and the -other contains various nonencrypted key metadata taken from JWK JSON. - -|metadata index|function| -|---|---| -|`JWK_META_KTY`|Key type, eg, "EC"| -|`JWK_META_KID`|Arbitrary ID string| -|`JWK_META_USE`|What the public key may be used to validate, "enc" or "sig"| -|`JWK_META_KEY_OPS`|Which operations the key is authorized for, eg, "encrypt"| -|`JWK_META_X5C`|Optional X.509 cert version of the key| -|`JWK_META_ALG`|Optional overall crypto algorithm the key is intended for use with| - -`lws_jwk_destroy()` should be called when the jwk is going out of scope... this -takes care to zero down any key element data in the jwk. - diff --git a/READMEs/README.http-fallback.md b/READMEs/README.http-fallback.md deleted file mode 100644 index 120b00f..0000000 --- a/READMEs/README.http-fallback.md +++ /dev/null @@ -1,172 +0,0 @@ -# Http fallback and raw proxying - -Lws has several interesting options and features that can be applied to get -some special behaviours... this article discusses them and how they work. - -## Overview of normal vhost selection - -Lws supports multiple http or https vhosts sharing a listening socket on the -same port. - -For unencrypted http, the Host: header is used to select which vhost the -connection should bind to, by comparing what is given there against the -names the server was configured with for the various vhosts. If no match, it -selects the first configured vhost. - -For TLS, it has an extension called SNI (Server Name Indication) which tells -the server early in the TLS handshake the host name the connection is aimed at. -That allows lws to select the vhost early, and use vhost-specific TLS certs -so everything is happy. Again, if there is no match the connection proceeds -using the first configured vhost and its certs. - -## Http(s) fallback options - -What happens if you try to connect, eg, an ssh client to the http server port -(this is not an idle question...)? Obviously the http server part or the tls -part of lws will fail the connection and close it. (We will look at that flow -in a moment in detail for both unencrypted and tls listeners.) - -However if the first configured vhost for the port was created with the -vhost creation info struct `.options` flag `LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG`, -then instead of the error, the connection transitions to whatever role was -given in the vhost creation info struct `.listen_accept_role` and `.listen_accept_protocol`. - -With lejp-conf / lwsws, the options can be applied to the first vhost using: - -``` - "listen-accept-role": "the-role-name", - "listen-accept-protocol": "the-protocol-name", - "fallback-listen-accept": "1" -``` - -See `./minimal-examples/raw/minimal-raw-fallback-http-server` for examples of -all the options in use via commandline flags. - -So long as the first packet for the protocol doesn't look like GET, POST, or -a valid tls packet if connection to an https vhost, this allows the one listen -socket to handle both http(s) and a second protocol, as we will see, like ssh. - -Notice there is a restriction that no vhost selection processing is possible, -neither for tls listeners nor plain http ones... the packet belonging to a -different protocol will not send any Host: header nor tls SNI. - -Therefore although the flags and settings are applied to the first configured -vhost, actually their effect is global for a given listen port. If enabled, -all vhosts on the same listen port will do the fallback action. - -### Plain http flow - -![plain http flow](/doc-assets/accept-flow-1.svg) - -Normally, if the first received packet does not contain a valid HTTP method, -then the connection is dropped. Which is what you want from an http server. - -However if enabled, the connection can transition to the defined secondary -role / protocol. - -|Flag|lejp-conf / lwsws|Function| -|---|---|---| -|`LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG`|`"fallback-listen-accept": "1"`|Enable fallback processing| - -### TLS https flow - -![tls https flow](/doc-assets/accept-flow-2.svg) - -If the port is listening with tls, the point that a packet from a different -protocol will fail is earlier, when the tls tunnel is being set up. - -|Flag|lejp-conf / lwsws|Function| -|---|---|---| -|`LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG`|`"fallback-listen-accept": "1"`|Enable fallback processing| -|`LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS`|`"redirect-http": "1"`|Treat invalid tls packet as http, issue http redirect to https://| -|`LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER`|`"allow-http-on-https": "1"`|Accept unencrypted http connections on this tls port (dangerous)| - -The latter two options are higher priority than, and defeat, the first one. - -### Non-http listener - -![non-http flow](/doc-assets/accept-flow-3.svg) - -It's also possible to skip the fallback processing and just force the first -vhost on the port to use the specified role and protocol in the first place. - -|Flag|lejp-conf / lwsws|Function| -|---|---|---| -|LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG|`"apply-listen-accept": "1"`|Force vhost to use listen-accept-role / listen-accept-protocol| - -## Using http(s) fallback with raw-proxy - -If enabled for build with `cmake .. -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_PLUGINS=1` -then lws includes ready-to-use support for raw tcp proxying. - -This can be used standalone on the first vhost on a port, but most intriguingly -it can be specified as the fallback for http(s)... - -See `./minimal-examples/raw/minimal-raw-proxy-fallback.c` for a working example. - -### fallback with raw-proxy in code - -On the first vhost for the port, specify the required "onward" pvo to configure -the raw-proxy protocol...you can adjust the "ipv4:127.0.0.1:22" to whatever you -want... - -``` - static struct lws_protocol_vhost_options pvo1 = { - NULL, - NULL, - "onward", /* pvo name */ - "ipv4:127.0.0.1:22" /* pvo value */ - }; - - static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo1, /* "child" pvo linked-list */ - "raw-proxy", /* protocol name we belong to on this vhost */ - "" /* ignored */ - }; -``` - -... and set up the fallback enable and bindings... - -``` - info.options |= LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG; - info.listen_accept_role = "raw_proxy"; - info.listen_accept_proxy = "raw_proxy"; - info.pvo = &pvo; -``` - -### fallback with raw-proxy in JSON conf - -On the first vhost for the port, enable the raw-proxy protocol on the vhost and -set the pvo config - -``` - "ws-protocols": [{ - "raw-proxy": { - "status": "ok", - "onward": "ipv4:127.0.0.1:22" - } - }], -``` - -Enable the fallback behaviour on the vhost and the role / protocol binding - -``` - "listen-accept-role": "raw-proxy", - "listen-accept-protocol": "raw-proxy", - "fallback-listen-accept": "1" -``` - -### Testing - -With this configured, the listen port will function normally for http or https -depending on how it was set up. - -But if you try to connect to it with an ssh client, that will also work fine. - -The libwebsockets.org server is set up in this way, you can confirm it by -visiting `https://libwebsockets.org` on port 443 as usual, but also trying -`ssh -p 443 invalid@libwebsockets.org`... you will get permission denied from -your ssh client. With valid credentials in fact that works perfectly for -ssh, scp, git-over-ssh etc all on port 443... - diff --git a/READMEs/README.lws_dll.md b/READMEs/README.lws_dll.md deleted file mode 100644 index d814b68..0000000 --- a/READMEs/README.lws_dll.md +++ /dev/null @@ -1,130 +0,0 @@ -# lws_dll Doubly-linked list - -## Introduction - -Lws supports two kinds of doubly-linked list, `lws_dll` and `lws_dll2`. - -Unless memory is at a big premium, or it has to work on lws < v3.2, it's -best to simply use `lws_dll2`. - -![lws_dll overview](../doc-assets/lws_dll.svg) - -## How to use - -The basics are the same for lws_dll and lws_dll2. - -The list objects point only to themselves, and you use the `lws_container_of` -macro to get a pointer to your struct that contains the list object. Doing -it this way - - - the list object does not have to be the first thing in your struct - - - your struct can contain multiple list objects and appear on lists belonging - to multiple owners simultaenously, - -### lws_dll Minimal example - -``` -struct mystruct { - .... - lws_dll list; - ... -}; - -lws_dll owner; -``` - -Adding a mystruct to the owner list (...add_tail() works the same way but adds -to the other end of the list) - -``` - struct mystruct *p; - - ... - - lws_dll_add_head(&p->list, &owner); -``` - -Removing the list object from its owner - -``` - lws_dll2_remove(&p->list, &owner); -``` - -If you have a `struct lws_dll *d` pointing to `list` in struct mystruct, you can -convert it to a `struct mystruct *p` ike this - -``` - struct mystruct *p = lws_container_of(d, struct lws_dll, list); -``` - -### lws_dll2 Minimal example - - -``` -struct mystruct { - .... - lws_dll2 list; - ... -}; - -lws_dll2_owner owner; -``` - -Adding a mystruct to the owner list (...add_tail() works the same way but adds -to the other end of the list) - -``` - struct mystruct *p; - - ... - - lws_dll2_add_head(&p->list, &owner); -``` - -Removing the list object from its owner (notice compared to lws_dll, it doesn't -need to be told the owner) - -``` - lws_dll2_remove(&p->list); -``` - -If you have a `struct lws_dll2 *d` pointing to `list` in struct mystruct, you -can convert it to a `struct mystruct *p` ike this - -``` - struct mystruct *p = lws_container_of(d, struct lws_dll2, list); -``` - -## Summary Comparing lws_dll and lws_dll2 - - - both offer a doubly-linked list object, and (since v3.2) track both the - head and tail in an "list owner" object - - - both are initalized by memsetting to 0 - - - for `lws_dll`, it reuses an `lws_dll` as the "owner", for `lws_dll2`, there's a - specific `lws_dll2_owner` structure for that - - - `lws_dll2_owner` also keeps count of the number of list elements - - - `lws_dll2` knows which owner's list it is participating on. So it can remove - itself and update the owner without the caller needing to know its owner. - In the case there are several potential owners list objects may be on, this - is very convenient. - - - `lws_dll` is simpler and has a smaller footprint (two pointers per entry vs - three). But you have to know the exact list owner to perform operations on - it. - -## apis - -|function|lws_dll|lws_dll2| -|---|---|---| -|add entry at head|`void lws_dll_add_head(struct lws_dll *d, struct lws_dll *phead)`|`void lws_dll2_add_head(struct lws_dll2 *d, struct lws_dll2_owner *owner)`| -|add entry at tail|`void lws_dll_add_tail(struct lws_dll *d, struct lws_dll *phead);`|`void lws_dll2_add_tail(struct lws_dll2 *d, struct lws_dll2_owner *owner)`| -|remove entry from its owning list|`void lws_dll_remove_track_tail(struct lws_dll *d, struct lws_dll *phead)`|`void lws_dll2_add_tail(struct lws_dll2 *d, struct lws_dll2_owner *owner)`| -|get owner|(not supported)|`struct lws_dll2_owner * lws_dll2_owner(const struct lws_dll2 *d)`| -|check if item is detached from any list|`lws_dll_is_detached(struct lws_dll *d, struct lws_dll *phead)|int lws_dll2_is_detached(const struct lws_dll2 *d)`| -|iterate through items on list|`int lws_dll_foreach_safe(struct lws_dll *phead, void *user, int (*cb)(struct lws_dll *d, void *user))|int lws_dll2_foreach_safe(struct lws_dll2_owner *owner, void *user, int (*cb)(struct lws_dll2 *d, void *user))`| - diff --git a/READMEs/README.lws_sequencer.md b/READMEs/README.lws_sequencer.md deleted file mode 100644 index fab0573..0000000 --- a/READMEs/README.lws_sequencer.md +++ /dev/null @@ -1,149 +0,0 @@ -# `lws_sequencer_t` introduction - -Often a single network action like a client GET is just part of a -larger series of actions, perhaps involving different connections. - -Since lws operates inside an event loop, if the outer sequencing -doesn't, it can be awkward to synchronize these steps with what's -happening on the network with a particular connection on the event -loop thread. - -![lws_sequencer](/doc-assets/lws_sequencer.svg) - -`lws_sequencer_t` provides a generic way to stage multi-step -operations from inside the event loop. Because it participates -in the event loop similar to a wsi, it always operates from the -service thread context and can access structures that share the -service thread without locking. It can also provide its own -higher-level timeout handling. - -Naturally you can have many of them running in the same event -loop operating independently. - -Sequencers themselves bind to a pt (per-thread) service thread, -by default there's only one of these and it's the same as saying -they bind to an `lws_context`. The sequencer callback may create -wsi which in turn are bound to a vhost, but the sequencer itself -is above all that. - -## Sequencer timeouts - -The sequencer additionally maintains its own second-resolution timeout -checked by lws for the step being sequenced... this is independent of -any lws wsi timeouts which tend to be set and reset for very short-term -timeout protection inside one transaction. - -The sequencer timeout operates separately and above any wsi timeout, and -is typically only reset by the sequencer callback when it receives an -event indicating a step completed or failed, or it sets up the next sequence -step. - -If the sequencer timeout expires, then the sequencer receives a queued -`LWSSEQ_TIMED_OUT` message informing it, and it can take corrective action -or schedule a retry of the step. This message is queued and sent normally -under the service thread context and in order of receipt. - -Unlike lws timeouts which force the wsi to close, the sequencer timeout -only sends the message. This allows the timeout to be used to, eg, wait -out a retry cooloff period and then start the retry when the -`LWSSEQ_TIMED_OUT` is received, according to the state of the sequencer. - -## Creating an `lws_sequencer_t` - -``` -typedef struct lws_seq_info { - struct lws_context *context; /* lws_context for seq */ - int tsi; /* thread service idx */ - size_t user_size; /* size of user alloc */ - void **puser; /* place ptr to user */ - lws_seq_event_cb cb; /* seq callback */ - const char *name; /* seq name */ - const lws_retry_bo_t *retry; /* retry policy */ -} lws_seq_info_t; -``` - -``` -lws_sequencer_t * -lws_sequencer_create(lws_seq_info_t *info); -``` - -When created, in lws the sequencer objects are bound to a 'per-thread', -which is by default the same as to say bound to the `lws_context`. You -can tag them with an opaque user data pointer, and they are also bound to -a user-specified callback which handles sequencer events - -``` -typedef int (*lws_seq_event_cb)(struct lws_sequencer *seq, void *user_data, - lws_seq_events_t event, void *data); -``` - -`lws_sequencer_t` objects are private to lws and opaque to the user. A small -set of apis lets you perform operations on the pointer returned by the -create api. - -## Queueing events on a sequencer - -Each sequencer object can be passed "events", which are held on a per-sequencer -queue and handled strictly in the order they arrived on subsequent event loops. -`LWSSEQ_CREATED` and `LWSSEQ_DESTROYED` events are produced by lws reflecting -the sequencer's lifecycle, but otherwise the event indexes have a user-defined -meaning and are queued on the sequencer by user code for eventual consumption -by user code in the sequencer callback. - -Pending events are removed from the sequencer queues and sent to the sequencer -callback from inside the event loop at a rate of one per event loop wait. - -## Destroying sequencers - -`lws_sequencer_t` objects are cleaned up during context destruction if they are -still around. - -Normally the sequencer callback receives a queued message that -informs it that it's either failed at the current step, or succeeded and that -was the last step, and requests that it should be destroyed by returning -`LWSSEQ_RET_DESTROY` from the sequencer callback. - -## Lifecycle considerations - -Sequencers may spawn additional assets like client wsi as part of the sequenced -actions... the lifecycle of the sequencer and the assets overlap but do not -necessarily depend on each other... that is a wsi created by the sequencer may -outlive the sequencer. - -It's important therefore to detach assets from the sequencer and the sequencer -from the assets when each step is over and the asset is "out of scope" for the -sequencer. It doesn't necessarily mean closing the assets, just making sure -pointers are invalidated. For example, if a client wsi held a pointer to the -sequencer as its `.user_data`, when the wsi is out of scope for the sequencer -it can set it to NULL, eg, `lws_set_wsi_user(wsi, NULL);`. - -Under some conditions wsi may want to hang around a bit to see if there is a -subsequent client wsi transaction they can be reused on. They will clean -themselves up when they time out. - -## Watching wsi lifecycle from a sequencer - -When a sequencer is creating a wsi as part of its sequence, it will be very -interested in lifecycle events. At client wsi creation time, the sequencer -callback can set info->seq to itself in order to receive lifecycle messages -about its wsi. - -|message|meaning| -|---|---| -|`LWSSEQ_WSI_CONNECTED`|The wsi has become connected| -|`LWSSEQ_WSI_CONN_FAIL`|The wsi has failed to connect| -|`LWSSEQ_WSI_CONN_CLOSE`|The wsi had been connected, but has now closed| - -By receiving these, the sequencer can understand when it should attempt -reconnections or that it cannot progress the sequence. - -When dealing with wsi that were created by the sequencer, they may close at -any time, eg, be closed by the remote peer or an intermediary. The -`LWSSEQ_WSI_CONN_CLOSE` message may have been queued but since they are -strictly handled in the order they arrived, before it was -handled an earlier message may want to cause some api to be called on -the now-free()-d wsi. To detect this situation safely, there is a -sequencer api `lws_sequencer_check_wsi()` which peeks the message -buffer and returns nonzero if it later contains an `LWSSEQ_WSI_CONN_CLOSE` -already. - diff --git a/READMEs/README.lws_struct.md b/READMEs/README.lws_struct.md deleted file mode 100644 index 00ca08a..0000000 --- a/READMEs/README.lws_struct.md +++ /dev/null @@ -1,38 +0,0 @@ -# lws_struct - -## Overview - -lws_struct provides a lightweight method for serializing and deserializing C -structs to and from JSON, and to and from sqlite3. - -![lws_struct overview](../doc-assets/lws_struct-overview.svg) - - - you provide a metadata array describing struct members one-time, then call - generic apis to serialize and deserialize - - - supports flat structs, single child struct pointers, and unbounded arrays / - linked-lists of child objects automatically using [lws_dll2 linked-lists](./README.lws_dll.md) - - - supports boolean and C types char, int, long, long long in explicitly signed - and unsigned forms - - - supports both char * type string members where the unbounded content is - separate and pointed to, and fixed length char array[] type members where - the content is part of the struct - - - huge linear strings are supported by storing to a temp lwsac of chained chunks, - which is written into a single linear chunk in the main lwsac once the - total string length is known - - - deserialization allocates into an [lwsac](../lib/misc/lwsac/README.md), so everything is inside as few - heap allocations as possible while still able to expand to handle arbitrary - array or strins sizes - - - when deserialized structs are finished with, a single call to free the - lwsac frees the whole thing without having to walk it - - - stateful serializaton and deserialization allows as-you-get packets incremental - parsing and production of chunks of as-you-can-send incremental serialization - output cleanly - -## Examples diff --git a/READMEs/README.lws_sul.md b/READMEs/README.lws_sul.md deleted file mode 100644 index 1908f10..0000000 --- a/READMEs/README.lws_sul.md +++ /dev/null @@ -1,62 +0,0 @@ -# `lws_sul` scheduler api - -Since v3.2 lws no longer requires periodic checking for timeouts and -other events. A new system was refactored in where future events are -scheduled on to a single, unified, sorted linked-list in time order, -with everything at us resolution. - -This makes it very cheap to know when the next scheduled event is -coming and restrict the poll wait to match, or for event libraries -set a timer to wake at the earliest event when returning to the -event loop. - -Everything that was checked periodically was converted to use `lws_sul` -and schedule its own later event. The end result is when lws is idle, -it will stay asleep in the poll wait until a network event or the next -scheduled `lws_sul` event happens, which is optimal for power. - -# Side effect for older code - -If your older code uses `lws_service_fd()`, it used to be necessary -to call this with a NULL pollfd periodically to indicate you wanted -to let the background checks happen. `lws_sul` eliminates the whole -concept of periodic checking and NULL is no longer a valid pollfd -value for this and related apis. - -# Using `lws_sul` in user code - -See `minimal-http-client-multi` for an example of using the `lws_sul` -scheduler from your own code; it uses it to spread out connection -attempts so they are staggered in time. You must create an -`lws_sorted_usec_list_t` object somewhere, eg, in you own existing object. - -``` -static lws_sorted_usec_list_t sul_stagger; -``` - -Create your own callback for the event... the argument points to the sul object -used when the callback was scheduled. You can use pointer arithmetic to translate -that to your own struct when the `lws_sorted_usec_list_t` was a member of the -same struct. - -``` -static void -stagger_cb(lws_sorted_usec_list_t *sul) -{ -... -} -``` - -When you want to schedule the callback, use `lws_sul_schedule()`... this will call -it 10ms in the future - -``` - lws_sul_schedule(context, 0, &sul_stagger, stagger_cb, 10 * LWS_US_PER_MS); -``` - -In the case you destroy your object and need to cancel the scheduled callback, use - -``` - lws_sul_schedule(context, 0, &sul_stagger, NULL, LWS_SET_TIMER_USEC_CANCEL); -``` - diff --git a/READMEs/README.plugin-acme.md b/READMEs/README.plugin-acme.md deleted file mode 100644 index 8d3af4c..0000000 --- a/READMEs/README.plugin-acme.md +++ /dev/null @@ -1,180 +0,0 @@ -lws-acme-client Plugin -====================== - -## Introduction - -lws-acme-client is a protcol plugin for libwebsockets that implements an -ACME client able to communicate with let's encrypt and other certificate -providers. - -It implements `tls-sni-01` challenge, and is able to provision tls certificates -"from thin air" that are accepted by all the major browsers. It also manages -re-requesting the certificate when it only has two weeks left to run. - -It works with both the OpenSSL and mbedTLS backends. - -## Overview for use - -You need to: - - - Provide name resolution to the IP with your server, ie, myserver.com needs to - resolve to the IP that hosts your server - - - Enable port forwarding / external firewall access to your port, usually 443 - - - Enable the "lws-acme-client" plugin on the vhosts you want it to manage - certs for - - - Add per-vhost options describing what should be in the certificate - -After that the plugin will sort everything else out. - -## Example lwsws setup - -``` - "vhosts": [ { - "name": "home.warmcat.com", - "port": "443", - "host-ssl-cert": "/etc/lwsws/acme/home.warmcat.com.crt.pem", - "host-ssl-key": "/etc/lwsws/acme/home.warmcat.com.key.pem", - "ignore-missing-cert": "1", - "access-log": "/var/log/lwsws/test-access-log", - "ws-protocols": [{ - "lws-acme-client": { - "auth-path": "/etc/lwsws/acme/auth.jwk", - "cert-path": "/etc/lwsws/acme/home.warmcat.com.crt.pem", - "key-path": "/etc/lwsws/acme/home.warmcat.com.key.pem", - "directory-url": "https://acme-staging.api.letsencrypt.org/directory", - "country": "TW", - "state": "Taipei", - "locality": "Xiaobitan", - "organization": "Crash Barrier Ltd", - "common-name": "home.warmcat.com", - "email": "andy@warmcat.com" - }, - ... -``` - -## Required PVOs - -Notice that the `"host-ssl-cert"` and `"host-ssl-key"` entries have the same -meaning as usual, they point to your certificate and private key. However -because the ACME plugin can provision these, you should also mark the vhost with -`"ignore-missing-cert" : "1"`, so lwsws will ignore what will initially be -missing certificate / keys on that vhost, and will set about creating the -necessary certs and keys instead of erroring out. - -You must make sure the directories mentioned here exist, lws doesn't create them -for you. They should be 0700 root:root, even if you drop lws privileges. - -If you are implementing support in code, this corresponds to making sure the -vhost creating `info.options` has the `LWS_SERVER_OPTION_IGNORE_MISSING_CERT` -bit set. - -Similarly, in code, the each of the per-vhost options shown above can be -provided in a linked-list of structs at vhost creation time. See -`./test-apps/test-server-v2.0.c` for example code for providing pvos. - -### auth-path - -This is where the plugin will store the auth keys it generated. - -### cert-path - -Where the plugin will store the certificate file. Should match `host-ssl-cert` -that the vhost wants to use. - -The path should include at least one 0700 root:root directory. - -### key-path - -Where the plugin will store the certificate keys. Again it should match -`host-ssl-key` the vhost is trying to use. - -The path should include at least one 0700 root:root directory. - -### directory-url - -This defines the URL of the certification server you will get your -certificates from. For let's encrypt, they have a "practice" one - - - `https://acme-staging.api.letsencrypt.org/directory` - -and they have a "real" one - - - `https://acme-v01.api.letsencrypt.org/directory` - -the main difference is the CA certificate for the real one is in most browsers -already, but the staging one's CA certificate isn't. The staging server will -also let you abuse it more in terms of repeated testing etc. - -It's recommended you confirm expected operation with the staging directory-url, -and then switch to the "real" URL. - -### common-name - -Your server DNS name, like "libwebsockets.org". The remote ACME server will -use this to find your server to perform the SNI challenges. - -### email - -The contact email address for the certificate. - -## Optional PVOs - -These are not included in the cert by letsencrypt - -### country - -Two-letter country code for the certificate - -### state - -State "or province" for the certificate - -### locality - -Locality for the certificate - -### organization - -Your company name - -## Security / Key storage considerations - -The `lws-acme-client` plugin is able to provision and update your certificate -and keys in an entirely root-only storage environment, even though lws runs -as a different uid / gid with no privileges to access the storage dir. - -It does this by opening and holding two WRONLY fds on "update paths" inside the -root directory structure for each cert and key it manages; these are the normal -cert and key paths with `.upd` appended. If during the time the server is up -the certs become within two weeks of expiry, the `lws-acme-client` plugin will -negotiate new certs and write them to the file descriptors. - -Next time the server starts, if it sees `.upd` cert and keys, it will back up -the old ones and copy them into place as the new ones, before dropping privs. - -To also handle the long-uptime server case, lws will update the vhost with the -new certs using in-memory temporary copies of the cert and key after updating -the cert. - -In this way the cert and key live in root-only storage but the vhost is kept up -to date dynamically with any cert changes as well. - -## Multiple vhosts using same cert - -In the case you have multiple vhosts using of the same cert, just attach -the `lws-acme-client` plugin to one instance. When the cert updates, all the -vhosts are informed and vhosts using the same filepath to access the cert will -be able to update their cert. - -## Implementation point - -You will need to remove the auth keys when switching from OpenSSL to -mbedTLS. They will be regenerated automatically. It's the file at this -path: - -``` -"auth-path": "/etc/lwsws/acme/auth.jwk", -``` diff --git a/READMEs/README.plugin-sshd-base.md b/READMEs/README.plugin-sshd-base.md deleted file mode 100644 index 65d67f8..0000000 --- a/READMEs/README.plugin-sshd-base.md +++ /dev/null @@ -1,250 +0,0 @@ -ssh-base Plugin -================ - -## Introduction - -lws-ssh-base is a protcol plugin for libwebsockets that implements a -generic, abstract, ssh server. - - - very small footprint in code and memory, takes up small part of ESP32 - - - written with security in mind: valgrind and Coverity -clean - - - binds to one or more vhosts, that controls listen port(s) - - - all IO and settings abstracted through a single "ops" struct from user code - - - each instance on a vhost has its own "ops" struct, defining server keys, - auth method and functions to implement IO and other operations - - - The plugin has no built-in behaviours like check ~/.ssh/authorized_keys, - treat auth usernames as system usernames, or spawn the user's shell. - Everything potentially dangerous is left to the user ops code to decide - how to handle. It's NOT like sshd where running it implies it will accept - existing keys for any system user, will spawn a shell, etc, unless you - implement those parts in the ops callbacks. - - - The plugin requires extra code around it in the form of the ops struct - handlers. So it's role is something like an abstract base class for an ssh - server. All the crypto, protocol sequencing and state machine are inside, - but all the IO except the network connection is outside. - - - Built as part of libwebsockets, like all plugins may be dynamically loaded - at runtime or built statically. Test app `libwebsockets-test-sshd` provided - - - Uses hash and RSA functions from either mbedTLS or OpenSSL automatically, - according to which library libwebsockets was built for - -To maintain its small size, it implements a single "best of breed" crypto for -the following functions: - -|Function|Crypto| -|---|---| -|KEX|curve25519-sha256@libssh.org| -|Server host key|ssh-rsa (4096b)| -|Encryption|chacha20-poly1305@openssh.com| -|Compression|None| - -## License - -lws-ssh-base is Free Software, available under libwebsocket's LGPLv2 + -static linking exception license. - -The crypto parts are available elsewhere under a BSD license. But for -simplicity the whole plugin is under LGPLv2. - -## Generating your own keys - -``` - $ ssh-keygen -t rsa -b 4096 -f mykeys -``` - -will ask for a passphrase and generate the private key in `mykeys` and the -public key in `mykeys.pub`. If you already have a suitable RSA key you use -with ssh, you can just use that directly. - -lws installs a test keypair in /usr[/local]/share/libwebsockets-test-server -that the test apps will accept. - -## Example code - -1) There's a working example app `libwebsockets-test-sshd` included that -spawns a bash shell when an ssh client authenticates. The username used on -the remote ssh has no meaning, it spawns the shell under the credentials of -"lws-test-sshd" was run under. It accepts the lws ssh test key which is -installed into /usr[/local]/share/libwebsockets-test-server. - -Start the server like this (it wants root only because the server key is stored -in /etc) - -``` - $ sudo libwebsockets-test-sshd -``` - -Connect to it using the test private key like this - -``` - $ ssh -p 2200 -i /usr/local/share/libwebsockets-test-server/lws-ssh-test-keys anyuser@127.0.0.1 -``` - -2) There's also a working example plugin `lws-sshd-demo` that "subclasses" the -abstract `lws-ssh-base` plugin to make a protocol which can be used from, -eg, lwsws. For an lwsws vhost that listens on port 2222 and responds with -the lws-sshd-demo ssh server, the related config is: - -``` - { - "name": "sshd", - "port": "2222", - "onlyraw": "1", - "ws-protocols": [{ - "lws-ssh-base": { - "status": "ok", - "ops-from": "lws-sshd-demo" - }, - "lws-sshd-demo": { - "status": "ok", - "raw": "1" - } - }] - } -``` - - - -## Integration to other apps - -### Step 0: Build and install libwebsockets - -For the `libwebsockets-test-sshd` example, you will need CMake options -`LWS_WITH_CGI`, since it uses lws helpers to spawn a shell. - -lws-ssh-base itself doesn't require CGI support in libwebsockets. - -### Step 1: make the code available in your app - -Include `lws-plugin-ssh-base` in your app, either as a runtime plugin or by using -the lws static include scheme. - -To bring in the whole of the ssh-base plugin -into your app in one step, statically, just include -`plugins/ssh-base/include/lws-plugin-sshd-static-build-includes.h`, you can see -an example of this in `./test-apps/test-sshd.c`. - -### Step 2: define your `struct lws_ssh_ops` - -`plugins/ssh-base/include/lws-plugin-ssh.h` defines -`struct lws_ssh_ops` which is used for all customization and integration -of the plugin per vhost. Eg, - -``` -static const struct lws_ssh_ops ssh_ops = { - .channel_create = ssh_ops_channel_create, - .channel_destroy = ssh_ops_channel_destroy, - .tx_waiting = ssh_ops_tx_waiting, - .tx = ssh_ops_tx, - .rx = ssh_ops_rx, - .get_server_key = ssh_ops_get_server_key, - .set_server_key = ssh_ops_set_server_key, - .set_env = ssh_ops_set_env, - .pty_req = ssh_ops_pty_req, - .child_process_io = ssh_ops_child_process_io, - .child_process_terminated = ssh_ops_child_process_terminated, - .exec = ssh_ops_exec, - .shell = ssh_ops_shell, - .is_pubkey_authorized = ssh_ops_is_pubkey_authorized, - .banner = ssh_ops_banner, - .disconnect_reason = ssh_ops_disconnect_reason, - .server_string = "SSH-2.0-Libwebsockets", - .api_version = 1, -}; -``` -The `ssh_ops_...()` functions are your implementations for the operations -needed by the plugin for your purposes. - -### Step 3: enable `lws-ssh-base` protocol to a vhost and configure using pvo - -A pointer to your struct lws_ssh_ops is passed into the vhost instance of the -protocol using per-vhost options - -``` -static const struct lws_protocol_vhost_options pvo_ssh_ops = { - NULL, - NULL, - "ops", - (void *)&ssh_ops -}; - -static const struct lws_protocol_vhost_options pvo_ssh = { - NULL, - &pvo_ssh_ops, - "lws-sshd-base", - "" /* ignored, just matches the protocol name above */ -}; - -... - info.port = 22; - info.options = LWS_SERVER_OPTION_ONLY_RAW; - info.vhost_name = "sshd"; - info.protocols = protocols_sshd; - info.pvo = &pvo_ssh; - - vh_sshd = lws_create_vhost(context, &info); -``` - -There are two possible pvos supported, "ops", shown above, directly passes the -ops structure in using the value on the "ops" pvo. - -To support other protocols that want to provide ops to lws-ssh-base themselves -for a particular vhost, you can also provide a pvo `"ops-from"` whose value is -the name of the protocol also enabled on this vhost, whose protocol ".user" -pointer points to the ops struct lws-ssh-base should use. - -## Integration to other plugins - -A worked example of using the abstract `lws-ssh-base` plugin from another -plugin that provides the ops struct is in `./plugins/protocol_lws_sshd_demo`. - -The key points to note - - - the plugin sets the ops struct for the vhost instantiation of `lws-ssh-base` - by passing a pointer to the ops struct in its `lws_protocols` struct `user` - member. - - - the config for the vhost tells `lws-ssh-base` to pick up the ops struct - pointer using an "ops-from" pvo that indicates the protocol name. - -``` - "lws-ssh-base": { - "status": "ok", - "ops-from": "lws-sshd-demo" - }, -``` - - - the config for the vhost tells lws this vhost only serves RAW (ie, no http) - -``` - { - "name": "sshd", - "port": "2222", - "onlyraw": "1", - ... -``` - - - the config for the vhost marks the protocol that uses `lws-ssh-base`, not - `lws-ssh-base` itself, as the protocol to be served for raw connections - -``` - "lws-sshd-demo": { - "status": "ok", - "raw": "1" - ... -``` - -## Notes - -You can have the vhost it binds to listen on a nonstandard port. The ssh -commandline app cane be told to connect to a non-22 port with -`ssh -p portnum user@hostname` - - diff --git a/READMEs/README.porting.md b/READMEs/README.porting.md deleted file mode 100644 index 7b9238c..0000000 --- a/READMEs/README.porting.md +++ /dev/null @@ -1,60 +0,0 @@ -# Guidance for porting to new platform - -Where differences existed between the initial POSIX platform for lws and other -supported platforms like Windows, `lws_plat_...()` apis were added to move -handling to platform-specific code in `./lib/plat/`. - -Depending o which platform is built, different platform-specific implementations -of these `lws_plat...()` apis get built. - -## 1) Prepare the cmake cross-build file if necessary - -CMake isolates its settings for cross-build into a separate file, which can be -used to different cmake projects for the same platform as well. - -Find a similar examples already in `./contrib/cross-*` and copy and adapt it -as needed, - -All settings related to toolchain should go in there. For cross-toolchain, -the convention is to pass the path to its installed directory in `CROSS_PATH` -environment variable. - -## 2) Copy the closest platform dir in ./lib/plat - -Wholesale copy the closest existing platform dir to `/lib/plat/myplatform` and -rename the files. - -Remove stuff specific to the original platform. - -## 3) Add a flag in CMakeLists.txt - -Cut and paste a flag to select your platform, preferably `LWS_PLAT_MYPLATFORM` or so - -## 4) Add a section to force-select and deselect other cmake options based on platform flag - -Some options on by default may not make sense on your platform, and others off -by default may be mandatory. After the options() section in CMakeLists.txt, you -can use this kind of structure - -``` - if (LWS_PLAT_MYPLATFORM) - set(LWS_WITH_XXXX 0) - endif() -``` - -to enforce implicit requirements of your platform. Optional stuff should be set by -running cmake commandline as usual. - -## 5) Add building your platform files into CMakeLists.txt - -Add entries in CMakeLists.txt for building stuff in `./lib/plat/myplatform` when -`LWS_PLAT_MYPLATFORM` is enabled. - -## 6) Adapt your copied ./lib/plat/myplatform/ files - -You can now do test builds using the cross-build file, your platform flag in -cmake, and your copied ./lib/plat content... this last part since it was -copied from another platform will initially be a plentiful source of errors. - -You can iteratively build and adapt the platform files. - diff --git a/READMEs/README.problems.md b/READMEs/README.problems.md deleted file mode 100644 index 6d12f6f..0000000 --- a/READMEs/README.problems.md +++ /dev/null @@ -1,66 +0,0 @@ -Debugging problems -================== - -Check it's still a problem with latest lws ------------------------------------------- - -Older versions of lws don't attract any new work after they are released -(see [the release policy](https://libwebsockets.org/git/libwebsockets/tree/READMEs/README.release-policy.md) for details); -for a while they will get backported bugfixes but that's it. - -All new work and bugfixes happen on master branch. - -Old, old versions may be convenient for you to use for some reason. But unless -you pay for support or have contributed work to lws so we feel we owe you some -consideration, nobody else has any reason to particularly care about solving -issues on ancient versions. Whereas if the problem exists on master, and can be -reproduced by developers, it usually gets attention, often immediately. - -If the problem doesn't exist on master, you can either use master or check also -the -stable branch of the last released version to see if it was already solved -there. - -Library is a component ----------------------- - -As a library, lws is always just a component in a bigger application. - -When users have a problem involving lws, what is happening in the bigger -application is usually critical to understand what is going on (and where the -solution lies). Sometimes access to the remote peer like server or client is also -necessary to provoke the symptom. Sometimes, the problem is in lws, but -sometimes the problem is not in lws but in these other pieces. - -Many users are able to share their sources, but others decide not to, for -presumed "commercial advantage" or whatever. (In any event, it can be painful -looking through large chunks of someone else's sources for problems when that -is not the library author's responsibility.) - -This makes answering questions like "what is wrong with my code I am not -going to show you?" or even "what is wrong with my code?" very difficult. - -Even if it's clear there is a problem somewhere, it cannot be understood or -reproduced by anyone else if it needs user code that isn't provided. - -The biggest question is, "is this an lws problem actually"? To solve that -the best solution is to strip out all or as much user code as possible, -and see if the problem is still coming. - - -Use the test apps / minimal examples as sanity checks ------------------------------------------------------ - -The test server and client, and any more specifically relevant minimal example - are extremely useful for sanity checks and debugging guidance. - - - **test apps work on your platform**, then either - - your user code is broken, align it to how the test apps work, or, - - something from your code is required to show an lws problem, provide a - minimal patch on a test app so it can be reproduced - - - **test apps break on your platform**, but work on, eg, x86_64, either - - toolchain or platform-specific (eg, OS) issue, or - - lws platform support issue - - - **test apps break everywhere** - - sounds like lws problem, info to reproduce and / or a patch is appreciated diff --git a/READMEs/README.release-policy.md b/READMEs/README.release-policy.md deleted file mode 100644 index 6fb457a..0000000 --- a/READMEs/README.release-policy.md +++ /dev/null @@ -1,88 +0,0 @@ -# lws release policy - -## Master branch - -Master branch is the default and all new work happens there. It's unstable and -subject to history rewrites, patches moving about and being squashed etc. In -terms of it working, it is subject to passing CI tests including a battery of -runtime tests, so if it is passing CI as it usually is then it's probably in -usable shape. - -![all work happens on master](../doc-assets/lws-relpol-1.svg) - -If you have patches (you are a hero) they should be targeted at master. - -To follow such a branch, `git pull` is the wrong tool... the starting point -of what you currently have may no longer exist remotely due to rearranging the -patches there. Instead use a flow like this: - -``` - $ git fetch https://libwebsockets.org/repo/libwebsockets +master:m && git reset --hard m -``` - -This fetches current remote master into local branch `m`, and then forces your -local checkout to exactly match `m`. This replaces your checked-out tree -including any of your local changes, so stash those first, or use stgit or so -to pop them before updating your basis against lws master. - -## Stable branches - -Master is very useful for coordinating development, and integrating WIP, -but for distros or integration into large user projects some stability is often -more desirable than the latest development work. - -Periodically, when master seems in good shape and various new developments seem -to be working, it's copied out into a versioned stable branch, like `v3.0-stable`. - -![stable branches are copied from master](../doc-assets/lws-relpol-2.svg) - -The initial copy is tagged with, eg, `v3.0.0`. - -(At that time, master's logical version is set to "...99", eg, `v3.0.99` so -version comparisons show that version of master is "later" than any other -v3.0 version, which will never reach 99 point releases itself, but "earlier" -than, eg, v3.1.) - -## Backport policy - -Work continues on master, and as part of that usually bugs are reported and / or -fixes found that may apply not just to current master, but the version of master -that was copied to form the last -stable branch. - -In that case, the patch may be backported to the last stable branch to also fix -the bug there. In the case of refactors or major internal improvements, these -typically do not get backported. - -This applies only to fixes and public API-neutral internal changes to lws... if -new features were backported or API changes allowed, then there would be -multiple apis under the same version name and library soname, which is -madness. - -When new stable releases are made, the soname is bumped reflecting the API is -different than that of previous versions. - -![backports from master to stable](../doc-assets/lws-relpol-3.svg) - -If there is something you need in a later lws version that is not backported, -you need to either backport it yourself (remember that lws is LGPL and you must -provide your changes when you distribute the binary) or use a later lws version. -Using a more recent version of lws is almost always the correct way. - -## Stable point releases - -Periodically fix patches pile up on the -stable branch and are tagged out as -"point releases". So if the original stable release was "v3.0.0", the point -release may be "v3.0.1". - -![point releases of stable](../doc-assets/lws-relpol-4.svg) - -## Critical fixes - -Sometimes a bug is found and fixed that had been hiding for a few versions. -If the bug has some security dimension or is otherwise important, we may -backport it to a few recent releases, not just the last one. This is pretty -uncommon though. - -![backport to multiple stable branches](../doc-assets/lws-relpol-5.svg) - - diff --git a/READMEs/README.unix-domain-reverse-proxy.md b/READMEs/README.unix-domain-reverse-proxy.md deleted file mode 100644 index 1db8abd..0000000 --- a/READMEs/README.unix-domain-reverse-proxy.md +++ /dev/null @@ -1,101 +0,0 @@ -## Unix Domain Sockets Reverse Proxy - -### Introduction - -lws is able to use a mount to place reverse proxies into the URL space. - -These are particularly useful when using Unix Domain Sockets, basically -files in the server filesystem, to communicate between lws and a separate -server process and integrate the result into a coherent URL namespace on -the lws side. It's also possible to proxy using tcp sockets. - -![overview](../doc-assets/http-proxy-overview.svg) - -This has the advantage that the actual web server that forwards the -data from the unix socket owner is in a different process than the server -that serves on the unix socket. If it has problems, they do not affect -the actual public-facing web server. The unix domain socket server may -be in a completely different language than the web server. - -Compared to CGI, there are no forks to make a connection to the unix -domain socket server. - -### Mount origin format - -Unix Domain Sockets are effectively "files" in the server filesystem, and -are defined by their filepath. The "server" side that is to be proxied opens -the socket and listens on it, which creates a file in the server filesystem. -The socket understands either http or https protocol. - -Lws can be told to act as a proxy for that at a mountpoint in the lws vhost -url space. - -If your mount is expressed in C code, then the mount type is LWSMPRO_HTTP or -LWSMPRO_HTTPS depending on the protocol the unix socket understands, and the -origin address has the form `+/path/to/unix/socket:/path/inside/mount`. - -The + at the start indicates it is a local unix socket we are proxying, and -the ':' acts as a delimiter for the socket path, since unlike other addresses -the unix socket path can contain '/' itself. - -### Connectivity rules and translations - -Onward proxy connections from lws to the Unix Domain Socket happen using -http/1.1. That implies `transfer-encoding: chunking` in the case that the -length of the output is not known beforehand. - -Lws takes care of stripping any chunking (which is illegal in h2) and -translating between h1 and h2 header formats if the return connection is -actually in http/2. - -The h1 onward proxy connection translates the following headers from the return -connection, which may be h1 or h2: - -Header|Function ----|--- -host|Which vhost -etag|Information on any etag the client has cached for this URI -if-modified-since|Information on the freshness of any etag the client has cached for this URI -accept-language|Which languages the return path client prefers -accept-encoding|Which compression encodings the client can accept -cache-control|Information from the return path client about cache acceptability -x-forwarded-for|The IP address of the return path client - -This implies that the proxied connection can - - - return 301 etc to say the return path client's etag is still valid - - - choose to compress using an acceptable content-encoding - -The following headers are translated from the headers replied via the onward -connection (always h1) back to the return path (which may be h1 or h2) - -Header|Function ----|--- -content-length|If present, an assertion of how much payload is expected -content-type|The mimetype of the payload -etag|The canonical etag for the content at this URI -accept-language|This is returned to the return path client because there is no easy way for the return path client to know what it sent originally. It allows clientside selection of i18n. -content-encoding|Any compression format on the payload (selected from what the client sent in accept-encoding, if anything) -cache-control|The onward server's response about cacheability of its payload - -### h1 -> h2 conversion - -Chunked encoding that may have been used on the outgoing proxy client connection -is removed for h2 return connections (chunked encoding is illegal for h2). - -Headers are converted to all lower-case and hpack format for h2 return connections. - -Header and payload proxying is staged according to when the return connection -(which may be an h2 child stream) is writable. - -### Behaviour if unix domain socket server unavailable - -If the server that listens on the unix domain socket is down or being restarted, -lws understands that it couldn't connect to it and returns a clean 503 response -`HTTP_STATUS_SERVICE_UNAVAILABLE` along with a brief human-readable explanation. - -The generated status page produced will try to bring in a stylesheet -`/error.css`. This allows you to produce a styled error pages with logos, -graphics etc. See [this](https://libwebsockets.org/git/badrepo) for an example of what you can do with it. - diff --git a/READMEs/README.vulnerability-reporting.md b/READMEs/README.vulnerability-reporting.md deleted file mode 100644 index ae06435..0000000 --- a/READMEs/README.vulnerability-reporting.md +++ /dev/null @@ -1,12 +0,0 @@ -## Vulnerability Reporting - -If you become aware of an issue with lws that has a security -dimension for users, please contact `andy@warmcat.com` by -direct email. - -## Procedure for announcing vulnerability fixes - -The problem and fixed versions will be announced on the -libwebsockets mailing list and a note added to the master -README.md. - diff --git a/READMEs/mainpage.md b/READMEs/mainpage.md deleted file mode 100644 index 2c6f180..0000000 --- a/READMEs/mainpage.md +++ /dev/null @@ -1,23 +0,0 @@ -##Libwebsockets API introduction - -Libwebsockets covers a lot of interesting features for people making embedded servers or clients - - - HTTP(S) serving and client operation - - HTTP/2 support for serving and client operation - - WS(S) serving and client operation - - HTTP(S) apis for file transfer and upload - - HTTP 1 + 2 POST form handling (including multipart / file upload) - - cookie-based sessions - - account management (including registration, email verification, lost pw etc) - - strong SSL / TLS PFS support (A+ on SSLlabs test) - - ssh server integration - - serving gzipped files directly from inside zip files, without conversion - - support for linux, bsd, windows etc... and very small nonlinux targets like ESP32 - -Please note you just need in include libwebsockets.h. It includes all the individual -includes in /usr/include/libwebsockets/ itself. - -You can browse by api category here - -A collection of READMEs for build, coding, lwsws etc are here - diff --git a/READMEs/release-checklist b/READMEs/release-checklist deleted file mode 100644 index e142130..0000000 --- a/READMEs/release-checklist +++ /dev/null @@ -1,85 +0,0 @@ -Release Checklist ------------------ - -1) non-CI QA - - a) valgrind test servers + client + browser - -2) soname bump? - - a) We need one if we added / changed / removed apis - - - CMakeLists.txt - - set(SOVERSION "6") - - - scripts/libwebsockets.spec - - -/%{_libdir}/libwebsockets.so.6 - +/%{_libdir}/libwebsockets.so.7 - -3) changelog - - a) Add next version tag header. - - b) Classify as - - - NEW - - CHANGE - - REMOVE - -4) main version bump - - - CMakeLists.txt - - set(CPACK_PACKAGE_VERSION_MAJOR "1") - set(CPACK_PACKAGE_VERSION_MINOR "6") - set(CPACK_PACKAGE_VERSION_PATCH "0") - -5) specfile - - a) rpm version bump to match CMake one - - scripts/libwebsockets.spec - - Version: 1.6.0 - - b) Summarize changelog - - scripts/libwebsockets.spec - -%changelog -* Sun Jan 17 2016 Andrew Cooks 1.6.4-1 -- Bump version to 1.6.4 -- MINOR fix xyz - - c) Use -DLWS_WITH_DISTRO_RECOMMENDED=1 then make package and adapt the .spec - to match the file list - -6) Announce latest version on README.md - -7) Make sure all new READMEs and public headers are in libwebsockets.dox - -8) signed tag - - git tag -s vX.Y[.Z] - -9) git - - a) push - - b) final CI check, if fail delete tag, kill pushed tags, restart flow - -10) website - - a) update latest tag for release branch - -11) post-relase version bump - -Bump the PATCH part of the version to 99 - --set(CPACK_PACKAGE_VERSION_PATCH "0") -+set(CPACK_PACKAGE_VERSION_PATCH "99") - -to reflect it's newer than any stable release but not a new version yet. - diff --git a/appveyor.yml b/appveyor.yml index 809ff62..748ab1d 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,11 +1,5 @@ environment: matrix: - - LWS_METHOD: jose - CMAKE_ARGS: -DLWS_WITH_JOSE=1 - - - LWS_METHOD: x64 - CMAKE_ARGS: -DCMAKE_GENERATOR_PLATFORM=x64 -DLWS_WITH_HTTP2=1 -DLWS_WITH_PLUGINS=1 -DLIBUV_INCLUDE_DIRS=C:\assets\libuv64\include -DLIBUV_LIBRARIES=C:\assets\libuv64\libuv.lib - - LWS_METHOD: lwsws CMAKE_ARGS: -DLWS_WITH_LWSWS=1 -DSQLITE3_INCLUDE_DIRS=C:\assets\sqlite3 -DSQLITE3_LIBRARIES=C:\assets\sqlite3\sqlite3.lib -DLIBUV_INCLUDE_DIRS=C:\assets\libuv\include -DLIBUV_LIBRARIES=C:\assets\libuv\libuv.lib @@ -22,21 +16,21 @@ environment: - LWS_METHOD: nossl CMAKE_ARGS: -DLWS_WITH_SSL=OFF - install: - appveyor DownloadFile https://libwebsockets.org:444/win-libuv.zip - mkdir c:\assets - mkdir c:\assets\libuv - 7z x -oc:\assets\libuv win-libuv.zip - - appveyor DownloadFile https://libwebsockets.org:444/win-libuv64.zip - - mkdir c:\assets\libuv64 - - 7z x -oc:\assets\libuv64 win-libuv64.zip +# - appveyor DownloadFile https://slproweb.com/download/Win32OpenSSL-1_0_2h.exe +# - appveyor DownloadFile https://libwebsockets.org:444/Win32OpenSSL-1_0_2L.exe +# - Win32OpenSSL-1_0_2L.exe /silent /verysilent /sp- /suppressmsgboxes - appveyor DownloadFile https://libwebsockets.org:444/nsis-3.0rc1-setup.exe - cmd /c start /wait nsis-3.0rc1-setup.exe /S /D=C:\nsis - appveyor DownloadFile https://libwebsockets.org:444/sqlite-dll-win32-x86-3130000.zip - mkdir c:\assets\sqlite3 - 7z x -oc:\assets\sqlite3 sqlite-dll-win32-x86-3130000.zip - SET PATH=C:\Program Files\NSIS\;C:\Program Files (x86)\NSIS\;c:\nsis;%PATH% +build: build_script: - md build @@ -44,34 +38,21 @@ build_script: - cmake -DCMAKE_BUILD_TYPE=Release %CMAKE_ARGS% .. - cmake --build . --config Release +# TODO: Keeps breaking Windows build, should be rewritten using CPack properly instead... after_build: - - cd %APPVEYOR_BUILD_FOLDER% - - mkdir staging - - mkdir staging\include - - cp -r %APPVEYOR_BUILD_FOLDER%\build\bin %APPVEYOR_BUILD_FOLDER%\build\lib staging - - if EXIST staging\bin\share mv staging\bin\share staging - - if NOT EXIST staging\share\libwebsockets-test-server mkdir staging\share\libwebsockets-test-server - - IF EXIST %APPVEYOR_BUILD_FOLDER%\build\libwebsockets-test-server.pem cp %APPVEYOR_BUILD_FOLDER%\build\libwebsockets-test-server.pem staging\share\libwebsockets-test-server - - IF EXIST %APPVEYOR_BUILD_FOLDER%\build\libwebsockets-test-server.key.pem cp %APPVEYOR_BUILD_FOLDER%\build\libwebsockets-test-server.key.pem staging\share\libwebsockets-test-server - - IF EXIST %APPVEYOR_BUILD_FOLDER%\build\lws_config.h cp %APPVEYOR_BUILD_FOLDER%\build\lws_config.h staging\include - - cp %APPVEYOR_BUILD_FOLDER%\include\libwebsockets.h staging\include - - cp -r %APPVEYOR_BUILD_FOLDER%\include\libwebsockets staging\include - - 7z a build\lws-%LWS_METHOD%-%APPVEYOR_BUILD_ID%.zip %APPVEYOR_BUILD_FOLDER%\staging\* + - 7z a lws.zip %APPVEYOR_BUILD_FOLDER%\build\lib\Release\websockets.lib %APPVEYOR_BUILD_FOLDER%\build\lib\Release\websockets.exp %APPVEYOR_BUILD_FOLDER%\build\bin\Release\websockets.dll %APPVEYOR_BUILD_FOLDER%\lib\libwebsockets.h %APPVEYOR_BUILD_FOLDER%\build\lws_config.h %APPVEYOR_BUILD_FOLDER%\build\bin\Release\*.exe +# - cd .. +# - cd win32port +# - makensis -DVERSION=%APPVEYOR_BUILD_VERSION% libwebsockets.nsi + artifacts: - - path: build\lws-%LWS_METHOD%-%APPVEYOR_BUILD_ID%.zip + - path: lws.zip + name: lws.zip + type: Zip -#deploy: -#- provider: BinTray -# username: lws-team -# api_key: -# secure: nDpZ7P/wrk98DwJPMC6KpCC23QrVP8f3RxvKzBaqOmb9LiVrg1IyO1cc5vcgShZC -# subject: lws-team -# repo: libwebsockets -# package: windows -# publish: true -# override: true -# explode: false + #cache: + # - C:\OpenSSL-Win32 matrix: fast_finish: true diff --git a/autobahn-test.sh b/autobahn-test.sh new file mode 100755 index 0000000..91b9171 --- /dev/null +++ b/autobahn-test.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -u + +N=1 +OS=`uname` + +for i in '1.1.1' '1.1.2' '1.1.3' '1.1.4' '1.1.5' '1.1.6' '1.1.7' '1.1.8' '1.2.1' '1.2.2' '1.2.3' '1.2.4' '1.2.5' '1.2.6' '1.2.7' '1.2.8' '2.1' '2.2' '2.3' '2.4' '2.5' '2.6' '2.7' '2.8' '2.9' '2.10' '2.11' '3.1' '3.2' '3.3' '3.4' '3.5' '3.6' '3.7' '4.1.1' '4.1.2' '4.1.3' '4.1.4' '4.1.5' '4.2.1' '4.2.2' '4.2.3' '4.2.4' '4.2.5' '5.1' '5.2' '5.3' '5.4' '5.5' '5.6' '5.7' '5.8' '5.9' '5.10' '5.11' '5.12' '5.13' '5.14' '5.15' '5.16' '5.17' '5.18' '5.19' '5.20' '6.1.1' '6.1.2' '6.1.3' '6.2.1' '6.2.2' '6.2.3' '6.2.4' '6.3.1' '6.3.2' '6.4.1' '6.4.2' '6.4.3' '6.4.4' '6.5.1' '6.5.2' '6.5.3' '6.5.4' '6.5.5' '6.6.1' '6.6.2' '6.6.3' '6.6.4' '6.6.5' '6.6.6' '6.6.7' '6.6.8' '6.6.9' '6.6.10' '6.6.11' '6.7.1' '6.7.2' '6.7.3' '6.7.4' '6.8.1' '6.8.2' '6.9.1' '6.9.2' '6.9.3' '6.9.4' '6.10.1' '6.10.2' '6.10.3' '6.11.1' '6.11.2' '6.11.3' '6.11.4' '6.11.5' '6.12.1' '6.12.2' '6.12.3' '6.12.4' '6.12.5' '6.12.6' '6.12.7' '6.12.8' '6.13.1' '6.13.2' '6.13.3' '6.13.4' '6.13.5' '6.14.1' '6.14.2' '6.14.3' '6.14.4' '6.14.5' '6.14.6' '6.14.7' '6.14.8' '6.14.9' '6.14.10' '6.15.1' '6.16.1' '6.16.2' '6.16.3' '6.17.1' '6.17.2' '6.17.3' '6.17.4' '6.17.5' '6.18.1' '6.18.2' '6.18.3' '6.18.4' '6.18.5' '6.19.1' '6.19.2' '6.19.3' '6.19.4' '6.19.5' '6.20.1' '6.20.2' '6.20.3' '6.20.4' '6.20.5' '6.20.6' '6.20.7' '6.21.1' '6.21.2' '6.21.3' '6.21.4' '6.21.5' '6.21.6' '6.21.7' '6.21.8' '6.22.1' '6.22.2' '6.22.3' '6.22.4' '6.22.5' '6.22.6' '6.22.7' '6.22.8' '6.22.9' '6.22.10' '6.22.11' '6.22.12' '6.22.13' '6.22.14' '6.22.15' '6.22.16' '6.22.17' '6.22.18' '6.22.19' '6.22.20' '6.22.21' '6.22.22' '6.22.23' '6.22.24' '6.22.25' '6.22.26' '6.22.27' '6.22.28' '6.22.29' '6.22.30' '6.22.31' '6.22.32' '6.22.33' '6.22.34' '6.23.1' '6.23.2' '6.23.3' '6.23.4' '6.23.5' '6.23.6' '6.23.7' '7.1.1' '7.1.2' '7.1.3' '7.1.4' '7.1.5' '7.1.6' '7.3.1' '7.3.2' '7.3.3' '7.3.4' '7.3.5' '7.3.6' '7.5.1' '7.7.1' '7.7.2' '7.7.3' '7.7.4' '7.7.5' '7.7.6' '7.7.7' '7.7.8' '7.7.9' '7.7.10' '7.7.11' '7.7.12' '7.7.13' '7.9.1' '7.9.2' '7.9.3' '7.9.4' '7.9.5' '7.9.6' '7.9.7' '7.9.8' '7.9.9' '7.9.10' '7.9.11' '7.9.12' '7.9.13' '7.13.1' '7.13.2' '9.1.1' '9.1.2' '9.1.3' '9.1.4' '9.1.5' '9.1.6' '9.2.1' '9.2.2' '9.2.3' '9.2.4' '9.2.5' '9.2.6' '9.3.1' '9.3.2' '9.3.3' '9.3.4' '9.3.5' '9.3.6' '9.3.7' '9.3.8' '9.3.9' '9.4.1' '9.4.2' '9.4.3' '9.4.4' '9.4.5' '9.4.6' '9.4.7' '9.4.8' '9.4.9' '9.5.1' '9.5.2' '9.5.3' '9.5.4' '9.5.5' '9.5.6' '9.6.1' '9.6.2' '9.6.3' '9.6.4' '9.6.5' '9.6.6' '9.7.1' '9.7.2' '9.7.3' '9.7.4' '9.7.5' '9.7.6' '9.8.1' '9.8.2' '9.8.3' '9.8.4' '9.8.5' '9.8.6' '10.1.1' '12.1.1' '12.1.2' '12.1.3' '12.1.4' '12.1.5' '12.1.6' '12.1.7' '12.1.8' '12.1.9' '12.1.10' '12.1.11' '12.1.12' '12.1.13' '12.1.14' '12.1.15' '12.1.16' '12.1.17' '12.1.18' '12.2.1' '12.2.2' '12.2.3' '12.2.4' '12.2.5' '12.2.6' '12.2.7' '12.2.8' '12.2.9' '12.2.10' '12.2.11' '12.2.12' '12.2.13' '12.2.14' '12.2.15' '12.2.16' '12.2.17' '12.2.18' '12.3.1' '12.3.2' '12.3.3' '12.3.4' '12.3.5' '12.3.6' '12.3.7' '12.3.8' '12.3.9' '12.3.10' '12.3.11' '12.3.12' '12.3.13' '12.3.14' '12.3.15' '12.3.16' '12.3.17' '12.3.18' '12.4.1' '12.4.2' '12.4.3' '12.4.4' '12.4.5' '12.4.6' '12.4.7' '12.4.8' '12.4.9' '12.4.10' '12.4.11' '12.4.12' '12.4.13' '12.4.14' '12.4.15' '12.4.16' '12.4.17' '12.4.18' '12.5.1' '12.5.2' '12.5.3' '12.5.4' '12.5.5' '12.5.6' '12.5.7' '12.5.8' '12.5.9' '12.5.10' '12.5.11' '12.5.12' '12.5.13' '12.5.14' '12.5.15' '12.5.16' '12.5.17' '12.5.18' '13.1.1' '13.1.2' '13.1.3' '13.1.4' '13.1.5' '13.1.6' '13.1.7' '13.1.8' '13.1.9' '13.1.10' '13.1.11' '13.1.12' '13.1.13' '13.1.14' '13.1.15' '13.1.16' '13.1.17' '13.1.18' '13.2.1' '13.2.2' '13.2.3' '13.2.4' '13.2.5' '13.2.6' '13.2.7' '13.2.8' '13.2.9' '13.2.10' '13.2.11' '13.2.12' '13.2.13' '13.2.14' '13.2.15' '13.2.16' '13.2.17' '13.2.18' '13.3.1' '13.3.2' '13.3.3' '13.3.4' '13.3.5' '13.3.6' '13.3.7' '13.3.8' '13.3.9' '13.3.10' '13.3.11' '13.3.12' '13.3.13' '13.3.14' '13.3.15' '13.3.16' '13.3.17' '13.3.18' '13.4.1' '13.4.2' '13.4.3' '13.4.4' '13.4.5' '13.4.6' '13.4.7' '13.4.8' '13.4.9' '13.4.10' '13.4.11' '13.4.12' '13.4.13' '13.4.14' '13.4.15' '13.4.16' '13.4.17' '13.4.18' '13.5.1' '13.5.2' '13.5.3' '13.5.4' '13.5.5' '13.5.6' '13.5.7' '13.5.8' '13.5.9' '13.5.10' '13.5.11' '13.5.12' '13.5.13' '13.5.14' '13.5.15' '13.5.16' '13.5.17' '13.5.18' '13.6.1' '13.6.2' '13.6.3' '13.6.4' '13.6.5' '13.6.6' '13.6.7' '13.6.8' '13.6.9' '13.6.10' '13.6.11' '13.6.12' '13.6.13' '13.6.14' '13.6.15' '13.6.16' '13.6.17' '13.6.18' '13.7.1' '13.7.2' '13.7.3' '13.7.4' '13.7.5' '13.7.6' '13.7.7' '13.7.8' '13.7.9' '13.7.10' '13.7.11' '13.7.12' '13.7.13' '13.7.14' '13.7.15' '13.7.16' '13.7.17' '13.7.18' ; do + libwebsockets-test-echo --client 127.0.0.1 --port 9001 -u "/runCase?case=$N&agent=libwebsockets" -v -n 1 & + + C=99 + while [ $C -gt 8 ] ; do + if [ $OS=SunOS ] ; then + C=`ps -ef | grep libwebsockets-test-echo | wc -l` + else + C=`ps fax | grep libwebsockets-test-echo | wc -l` + fi + if [ $C -gt 8 ] ; then + sleep 1s + fi + done + + N=$(( $N + 1 )) +done + +echo "waiting for forks to complete..." + +while [ 1 ] ; do + if [ $OS=SunOS ] ; then + n=`ps -ef | grep libwebsocket | grep -v grep | wc -l` + else + n=`ps fax | grep libwebsocket | grep -v grep | wc -l` + fi + echo "$n forks running..." + if [ $n -eq 0 ] ; then + echo "Completed" + exit 0 + fi + sleep 1s +done + diff --git a/changelog b/changelog index 0783fee..74151af 100644 --- a/changelog +++ b/changelog @@ -1,344 +1,6 @@ Changelog --------- -v3.2.0 -====== - - - This is the last planned release under LGPLv2+SLE. It's not planned to be - maintained like previous releases, please switch to master for the latest - stuff or continue to use v3.1-stable until the next release under the - new MIT license. - - - NEW: completely refactored scheduler with a unified, sorted us-resolution - linked-list implementation. All polled checks like timeout are migrated - to use the new timers, which also work on the event lib implementations. - Faster operation, us-resolution timeouts and generic scheduled callbacks - from the event loop. - - - NEW: lws_dsh specialized buffer memory allocator that can borrow space - from other cooperating buffers on the same list. - - - NEW: lws_sequencer allows managing multi-connection processes and - retries - - - NEW: memory buffer cert support - - - NEW: LWS_WITH_NETWORK in CMake... can be configured without any network- - related code at all - - - NEW: builds on QNX 6.5 and SmartOS - - - NEW: JOSE / JWK / JWS / JWE support, for all common ciphers and algs, - works on OpenSSL and mbedtls backends - - - NEW: gencrypto now has genaes and genec in addition to genrsa, works - on OpenSSL and mbedtls backends - - - NEW: raw_proxy role - - - NEW: Basic Auth works on ws connections - - - CHANGE: REMOVED: LWS_WITH_GENRSA, LWS_WITH_GENHASH, LWS_WITH_GENEC, - LWS_WITH_GENAES have all been removed and combined into LWS_WITH_GENCRYPTO - - - CHANGE: REMOVED: LWS_WITH_JWS, LWS_WITH_JWE have been removed and combined - into LWS_WITH_JOSE - -v3.1.0 -====== - - - CHANGE: REMOVED: lws_client_connect() and lws_client_connect_extended() - compatibility apis for lws_client_connect_via_info() have been marked as - deprecated for several versions and are now removed. Use - lws_client_connect_via_info() directly instead. - - - CHANGE: CMAKE: - - LWS_WITH_HTTP2: now defaults ON - - - CHANGE: Minimal examples updated to use Content Security Policy best - practices, using - `LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE` vhost - option flag and disabling of inline style and scripts. A side-effect of - this is that buffers used to marshal headers have to be prepared to take - more content than previously... LWS_RECOMMENDED_MIN_HEADER_SPACE (2048 - currently) is available for user (and internal) use to logically tie the - buffer size to this usecase (and follow future increases). - - - NEW: CMAKE - - LWS_FOR_GITOHASHI: sets various cmake options suitable for gitohashi - - LWS_WITH_ASAN: for Linux, enable build with ASAN - - Don't forget LWS_WITH_DISTRO_RECOMMENDED, which enables a wide range of lws - options suitable for a distro build of the library. - - - NEW: lws threadpool - lightweight pool of pthreads integrated to lws wsi, with - all synchronization to event loop handled internally, queue for excess tasks - [threadpool docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/threadpool) - [threadpool minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/ws-server/minimal-ws-server-threadpool) - Cmake config: `-DLWS_WITH_THREADPOOL=1` - - - NEW: libdbus support integrated on lws event loop - [lws dbus docs](https://libwebsockets.org/git/libwebsockets/tree/lib/roles/dbus) - [lws dbus client minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-client) - [lws dbus server minimal examples](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/dbus-server) - Cmake config: `-DLWS_ROLE_DBUS=1` - - - NEW: lws allocated chunks (lwsac) - helpers for optimized mass allocation of small - objects inside a few larger malloc chunks... if you need to allocate a lot of - inter-related structs for a limited time, this removes per-struct allocation - library overhead completely and removes the need for any destruction handling - [lwsac docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/lwsac) - [lwsac minimal example](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lwsac) - Cmake Config: `-DLWS_WITH_LWSAC=1` - - - NEW: lws tokenizer - helper api for robustly tokenizing your own strings without - allocating or adding complexity. Configurable by flags for common delimiter - sets and comma-separated-lists in the tokenizer. Detects and reports syntax - errors. - [lws_tokenize docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-tokenize.h) - [lws_tokenize minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-lws_tokenize) - - - NEW: lws full-text search - optimized trie generation, serialization, - autocomplete suggestion generation and instant global search support extensible - to huge corpuses of UTF-8 text while remaining super lightweight on resources. - [full-text search docs](https://libwebsockets.org/git/libwebsockets/tree/lib/misc/fts) - [full-text search minimal example / api test](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-fts) - [demo](https://libwebsockets.org/ftsdemo/) - [demo sources](https://libwebsockets.org/git/libwebsockets/tree/plugins/protocol_fulltext_demo.c) - Cmake config: `-DLWS_WITH_FTS=1 -DLWS_WITH_LWSAC=1` - - - NEW: gzip + brotli http server-side compression - h1 and h2 automatic advertising - of server compression and application to files with mimetypes "text/*", - "application/javascript" and "image/svg.xml". - Cmake config: `-DLWS_WITH_HTTP_STREAM_COMPRESSION=1`, `-DLWS_WITH_HTTP_BROTLI=1` - - - NEW: managed disk cache - API for managing a directory containing cached files - with hashed names, and automatic deletion of LRU files once the cache is - above a given limit. - [lws diskcache docs](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-diskcache.h) - Cmake config: `-DLWS_WITH_DISKCACHE=1` - - - NEW: http reverse proxy - lws mounts support proxying h1 or h2 requests to - a local or remote IP, or unix domain socket over h1. This allows microservice - type architectures where parts of the common URL space are actually handled - by external processes which may be remote or on the same machine. - [lws gitohashi serving](https://libwebsockets.org/git/) is handled this way. - CMake config: `-DLWS_WITH_HTTP_PROXY=1` - - - NEW: lws_buflist - internally several types of ad-hoc malloc'd buffer have - been replaced by a new, exported api `struct lws_buflist`. This allows - multiple buffers to be chained and drawn down in strict FIFO order. - - - NEW: In the case of h1 upgrade, the connection header is checked to contain - "upgrade". The vhost flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK - also causes the Host: header to be confirmed to match the vhost name and - listen port. - - - NEW: If no 404 redirect for `lws_return_http_status()` is specified for the vhost, - the status page produced will try to bring in a stylesheet `/error.css`. This allows - you to produce styled 404 or other error pages with logos, graphics etc. See - https://libwebsockets.org/git/badrepo for an example of what you can do with it. - -v3.0.0 -====== - - - CHANGE: Clients used to call LWS_CALLBACK_CLOSED same as servers... - LWS_CALLBACK_CLIENT_CLOSED has been introduced and is called for clients - now. - - - CHANGE: LWS_CALLBACK_CLIENT_CONNECTION_ERROR used to only be directed at - protocols[0]. However in many cases, the protocol to bind to was provided - at client connection info time and the wsi bound accordingly. In those - cases, CONNECTION_ERROR is directed at the bound protocol, not protcols[0] - any more. - - - CHANGE: CMAKE: the following cmake defaults have changed with this version: - - - LWS_WITH_ZIP_FOPS: now defaults OFF - - LWS_WITH_RANGES: now defaults OFF - - LWS_WITH_ZLIB: now defaults OFF - - LWS_WITHOUT_EXTENSIONS: now defaults ON - - - CHANGE: REMOVED: lws_alloc_vfs_file() (read a file to malloc buffer) - - - CHANGE: REMOVED: lws_read() (no longer useful outside of lws internals) - - - CHANGE: REMOVED: ESP8266... ESP32 is now within the same price range and much - more performant - - - CHANGE: soname bump... don't forget to `ldconfig` - - - NEW: all event libraries support "foreign" loop integration where lws itself - if just a temporary user of the loop unrelated to the actual loop lifecycle. - - See `minimal-http-server-eventlib-foreign` for example code demonstrating - this for all the event libraries. - - Internal loop in lws is also supported and demonstrated by - `minimal-http-server-eventlib`. - - - NEW: ws-over-h2 support. This is a new RFC-on-the-way supported by Chrome - and shortly firefox that allows ws connections to be multiplexed back to the - server on the same tcp + tls wrapper h2 connection that the html and scripts - came in on. This is hugely faster that discrete connections. - - - NEW: UDP socket adoption and related event callbacks - - - NEW: Multi-client connection binding, queuing and pipelining support. - - Lws detects multiple client connections to the same server and port, and - optimizes how it handles them according to the server type and provided - flags. For http/1.0, all occur with individual parallel connections. For - http/1.1, you can enable keepalive pipelining, so the connections occur - sequentially on a single network connection. For http/2, they all occur - as parallel streams within a single h2 network connection. - - See minimal-http-client-multi for example code. - - - NEW: High resolution timer API for wsi, get a callback on your wsi with - LWS_CALLBACK_TIMER, set and reset the timer with lws_set_timer_usecs(wsi, us) - Actual resolution depends on event backend. Works with all backends, poll, - libuv, libevent, and libev. - - - NEW: Protocols can arrange vhost-protocol instance specific callbacks with - second resolution using `lws_timed_callback_vh_protocol()` - - - NEW: ACME client plugin for self-service TLS certificates - - - NEW: RFC7517 JSON Web Keys RFC7638 JWK thumbprint, and RFC7515 JSON Web - signatures support - - - NEW: lws_cancel_service() now provides a generic way to synchronize events - from other threads, which appear as a LWS_CALLBACK_EVENT_WAIT_CANCELLED - callback on all protocols. This is compatible with all the event libraries. - - - NEW: support BSD poll() where changes to the poll wait while waiting are - undone. - - - NEW: Introduce generic hash, hmac and RSA apis that operate the same - regardless of OpenSSL or mbedTLS tls backend - - - NEW: Introduce X509 element query api that works the same regardless of - OpenSSL or mbedTLS tls backend - - - NEW: Introduce over 30 "minimal examples" in ./minimal-examples... these - replace most of the old test servers - - - test-echo -> minimal-ws-server-echo and minimal-ws-client-echo - - - test-server-libuv / -libevent / -libev -> - minimal-https-server-eventlib / -eventlib-foreign / -eventlib-demos - - - test-server-v2.0 -> folded into all the minimal servers - - - test-server direct http serving -> minimal-http-server-dynamic - - The minimal examples allow individual standalone build using their own - small CMakeLists.txt. - - - NEW: lws now detects any back-to-back writes that did not go through the - event loop inbetween and reports them. This will flag any possibility of - failure rather than wait until the problem happens. - - - NEW: CMake has LWS_WITH_DISTRO_RECOMMENDED to select features that are - appropriate for distros - - - NEW: Optional vhost URL `error_document_404` if given causes a redirect there - instead of serve the default 404 page. - - - NEW: lws_strncpy() wrapper guarantees NUL in copied string even if it was - truncated to fit. - - - NEW: for client connections, local protocol binding name can be separated - from the ws subprotocol name if needed, using .local_protocol_name - - - NEW: Automatic detection of time discontiguities - - - NEW: Applies TCP_USER_TIMEOUT for Linux tcp keepalive where available - - - QA: 1600 tests run on each commit in Travis CI, including almost all - Autobahn in client and server mode, various h2load tests, h2spec, attack.sh - the minimal example selftests and others. - - - QA: fix small warnings introduced on gcc8.x (eg, Fedora 28) - - - QA: Add most of -Wextra on gcc (-Wsign-compare, -Wignored-qualifiers, - -Wtype-limits, -Wuninitialized) - - - QA: clean out warnings on windows - - - QA: pass all 146 h2spec tests now on strict - - - QA: introduce 35 selftests that operate different minimal examples against - each other and confirm the results. - - - QA: LWS_WITH_MINIMAL_EXAMPLES allows mass build of all relevant minimal- - examples with the LWS build, for CI and to make all the example binaries - available from the lws build dir ./bin - - - REFACTOR: the lws source directory layout in ./lib has been radically - improved, and there are now README.md files in selected subdirs with extra - documentation of interest to people working on lws itself. - - - REFACTOR: pipelined transactions return to the event loop before starting the - next part. - - - REFACTOR: TLS: replace all TLS library constants with generic LWS ones and - adapt all the TLS library code to translate to these common ones. - - Isolated all the tls-related private stuff in `./lib/tls/private.h`, and all - the mbedTLS stuff in `./lib/tls/mbedtls` + openSSL stuff in - `./lib/tls/openssl` - - - REFACTOR: the various kinds of wsi possible with lws have been extracted - from the main code and isolated into "roles" in `./lib/roles` which - communicate with the core code via an ops struct. Everything related to - ah is migrated to the http role. - - wsi modes are eliminated and replaced by the ops pointer for the role the - wsi is performing. Generic states for wsi are available to control the - lifecycle using core code. - - Adding new "roles" is now much easier with the changes and ops struct to - plug into. - - - REFACTOR: reduce four different kinds of buffer management in lws into a - generic scatter-gather struct lws_buflist. - - - REFACTOR: close notifications go through event loop - - -v2.4.0 -====== - - - HTTP/2 server support is now mature and usable! LWS_WITH_HTTP2=1 enables it. - Uses ALPN to serve HTTP/2, HTTP/1 and ws[s] connections all from the same - listen port seamlessly. (Requires ALPN-capable OpenSSL 1.1 or mbedTLS). - - - LWS_WITH_MBEDTLS=1 at CMake now builds and works against mbedTLS instead of - OpenSSL. Most things work identically, although on common targets where - OpenSSL has acceleration, mbedTLS is many times slower in operation. However - it is a lot smaller codewise. - - - Generic hash apis introduced that work the same on mbedTLS or OpenSSL backend - - - LWS_WITH_PEER_LIMITS tracks IPs across all vhosts and allows restrictions on - both the number of simultaneous connections and wsi in use for any single IP - - - lws_ring apis provide a generic single- or multi-tail ringbuffer... mirror - protocol now uses this. Features include ring elements may be sized to fit - structs in the ringbuffer, callback when no tail any longer needs an element - and it can be deleted, and zerocopy options to write new members directly - into the ringbuffer, and use the ringbuffer element by address too. - - - abstract ssh 2 server plugin included, with both plugin and standalone - demos provided. You can bind the plugin to a vhost and also serve full- - strength ssh from the vhost. IO from the ssh server is controlled by an - "ops" struct of callbacks for tx, rx, auth etc. - - - Many fixes, cleanups, source refactors and other improvements. - - v2.3.0 ====== diff --git a/cmake/FindMiniz.cmake b/cmake/FindMiniz.cmake deleted file mode 100644 index 105cee4..0000000 --- a/cmake/FindMiniz.cmake +++ /dev/null @@ -1,35 +0,0 @@ -# This module tries to find miniz library and include files -# -# MINIZ_INCLUDE_DIR, path where to find miniz.h -# MINIZ_LIBRARY_DIR, path where to find libminiz.so -# MINIZ_LIBRARIES, the library to link against -# MINIZ_FOUND, If false, do not try to use miniz -# -# This currently works probably only for Linux - -FIND_PATH ( MINIZ_INCLUDE_DIR miniz.h - /usr/local/include - /usr/include -) - -FIND_LIBRARY ( MINIZ_LIBRARIES libminiz.so libminiz.a libminiz.so.2 libminiz.so.0.1 - /usr/local/lib - /usr/local/lib64 - /usr/lib - /usr/lib64 -) - -GET_FILENAME_COMPONENT( MINIZ_LIBRARY_DIR ${MINIZ_LIBRARIES} PATH ) - -SET ( MINIZ_FOUND "NO" ) -IF ( MINIZ_INCLUDE_DIR ) - IF ( MINIZ_LIBRARIES ) - SET ( MINIZ_FOUND "YES" ) - ENDIF ( MINIZ_LIBRARIES ) -ENDIF ( MINIZ_INCLUDE_DIR ) - -MARK_AS_ADVANCED( - MINIZ_LIBRARY_DIR - MINIZ_INCLUDE_DIR - MINIZ_LIBRARIES -) diff --git a/cmake/UseRPMTools.cmake b/cmake/UseRPMTools.cmake index 36f9d3d..63aac73 100755 --- a/cmake/UseRPMTools.cmake +++ b/cmake/UseRPMTools.cmake @@ -111,7 +111,7 @@ rm -rf build_tree mkdir build_tree cd build_tree cmake -DCMAKE_INSTALL_PREFIX=%{rpmprefix} ../%{srcdirname} -make %{?_smp_mflags} +make %install cd ../build_tree diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in deleted file mode 100644 index 9690a48..0000000 --- a/cmake/lws_config.h.in +++ /dev/null @@ -1,146 +0,0 @@ -/* lws_config.h Generated from lws_config.h.in */ - -#ifndef NDEBUG - #ifndef _DEBUG - #define _DEBUG - #endif -#endif - -#define LWS_INSTALL_DATADIR "${CMAKE_INSTALL_PREFIX}/share" -#define LWS_LIBRARY_VERSION_MAJOR ${LWS_LIBRARY_VERSION_MAJOR} -#define LWS_LIBRARY_VERSION_MINOR ${LWS_LIBRARY_VERSION_MINOR} -#define LWS_LIBRARY_VERSION_PATCH ${LWS_LIBRARY_VERSION_PATCH} -/* LWS_LIBRARY_VERSION_NUMBER looks like 1005001 for e.g. version 1.5.1 */ -#define LWS_LIBRARY_VERSION_NUMBER (LWS_LIBRARY_VERSION_MAJOR * 1000000) + \ - (LWS_LIBRARY_VERSION_MINOR * 1000) + \ - LWS_LIBRARY_VERSION_PATCH -#define LWS_MAX_SMP ${LWS_MAX_SMP} - -#cmakedefine LWS_AVOID_SIGPIPE_IGN -#cmakedefine LWS_BUILD_HASH "${LWS_BUILD_HASH}" -#cmakedefine LWS_BUILTIN_GETIFADDRS -#cmakedefine LWS_FALLBACK_GETHOSTBYNAME -#cmakedefine LWS_HAS_INTPTR_T -#cmakedefine LWS_HAS_GETOPT_LONG -#cmakedefine LWS_HAVE__ATOI64 -#cmakedefine LWS_HAVE_ATOLL -#cmakedefine LWS_HAVE_BN_bn2binpad -#cmakedefine LWS_HAVE_CLOCK_GETTIME -#cmakedefine LWS_HAVE_EC_POINT_get_affine_coordinates -#cmakedefine LWS_HAVE_ECDSA_SIG_set0 -#cmakedefine LWS_HAVE_EVP_MD_CTX_free -#cmakedefine LWS_HAVE_EVP_aes_128_wrap -#cmakedefine LWS_HAVE_EVP_aes_128_cfb8 -#cmakedefine LWS_HAVE_EVP_aes_128_cfb128 -#cmakedefine LWS_HAVE_EVP_aes_192_cfb8 -#cmakedefine LWS_HAVE_EVP_aes_192_cfb128 -#cmakedefine LWS_HAVE_EVP_aes_256_cfb8 -#cmakedefine LWS_HAVE_EVP_aes_256_cfb128 -#cmakedefine LWS_HAVE_EVP_aes_128_xts -#cmakedefine LWS_HAVE_LIBCAP -#cmakedefine LWS_HAVE_HMAC_CTX_new -#cmakedefine LWS_HAVE_MALLOC_H -#cmakedefine LWS_HAVE_MALLOC_TRIM -#cmakedefine LWS_HAVE_MALLOC_USABLE_SIZE -#cmakedefine LWS_HAVE_mbedtls_net_init -#cmakedefine LWS_HAVE_mbedtls_ssl_conf_alpn_protocols -#cmakedefine LWS_HAVE_mbedtls_ssl_get_alpn_protocol -#cmakedefine LWS_HAVE_mbedtls_ssl_conf_sni -#cmakedefine LWS_HAVE_mbedtls_ssl_set_hs_ca_chain -#cmakedefine LWS_HAVE_mbedtls_ssl_set_hs_own_cert -#cmakedefine LWS_HAVE_mbedtls_ssl_set_hs_authmode -#cmakedefine LWS_HAVE_NEW_UV_VERSION_H -#cmakedefine LWS_HAVE_OPENSSL_ECDH_H -#cmakedefine LWS_HAVE_PIPE2 -#cmakedefine LWS_HAVE_PTHREAD_H -#cmakedefine LWS_HAVE_RSA_SET0_KEY -#cmakedefine LWS_HAVE_RSA_verify_pss_mgf1 -#cmakedefine LWS_HAVE_SSL_CTX_get0_certificate -#cmakedefine LWS_HAVE_SSL_CTX_set1_param -#cmakedefine LWS_HAVE_SSL_CTX_set_ciphersuites -#cmakedefine LWS_HAVE_SSL_EXTRA_CHAIN_CERTS -#cmakedefine LWS_HAVE_SSL_get0_alpn_selected -#cmakedefine LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key -#cmakedefine LWS_HAVE_SSL_set_alpn_protos -#cmakedefine LWS_HAVE_SSL_SET_INFO_CALLBACK -#cmakedefine LWS_HAVE__STAT32I64 -#cmakedefine LWS_HAVE_STDINT_H -#cmakedefine LWS_HAVE_SYS_CAPABILITY_H -#cmakedefine LWS_HAVE_TLS_CLIENT_METHOD -#cmakedefine LWS_HAVE_TLSV1_2_CLIENT_METHOD -#cmakedefine LWS_HAVE_UV_VERSION_H -#cmakedefine LWS_HAVE_X509_get_key_usage -#cmakedefine LWS_HAVE_X509_VERIFY_PARAM_set1_host -#cmakedefine LWS_LATENCY -#cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}" -#cmakedefine LWS_MINGW_SUPPORT -#cmakedefine LWS_NO_CLIENT -#cmakedefine LWS_NO_DAEMONIZE -#cmakedefine LWS_NO_SERVER -#cmakedefine LWS_OPENSSL_CLIENT_CERTS "${LWS_OPENSSL_CLIENT_CERTS}" -#cmakedefine LWS_OPENSSL_SUPPORT -#cmakedefine LWS_PLAT_OPTEE -#cmakedefine LWS_PLAT_UNIX -#cmakedefine LWS_ROLE_CGI -#cmakedefine LWS_ROLE_DBUS -#cmakedefine LWS_ROLE_H1 -#cmakedefine LWS_ROLE_H2 -#cmakedefine LWS_ROLE_RAW -#cmakedefine LWS_ROLE_RAW_PROXY -#cmakedefine LWS_ROLE_WS -#cmakedefine LWS_SHA1_USE_OPENSSL_NAME -#cmakedefine LWS_SSL_CLIENT_USE_OS_CA_CERTS -#cmakedefine LWS_SSL_SERVER_WITH_ECDH_CERT -#cmakedefine LWS_WITH_ABSTRACT -#cmakedefine LWS_WITH_ACCESS_LOG -#cmakedefine LWS_WITH_ACME -#cmakedefine LWS_WITH_BORINGSSL -#cmakedefine LWS_WITH_CGI -#cmakedefine LWS_WITH_CUSTOM_HEADERS -#cmakedefine LWS_WITH_DEPRECATED_LWS_DLL -#cmakedefine LWS_WITH_DIR -#cmakedefine LWS_WITH_ESP32 -#cmakedefine LWS_WITH_EXTERNAL_POLL -#cmakedefine LWS_WITH_FTS -#cmakedefine LWS_WITH_GENCRYPTO -#cmakedefine LWS_WITH_GENERIC_SESSIONS -#cmakedefine LWS_WITH_HTTP2 -#cmakedefine LWS_WITH_HTTP_BROTLI -#cmakedefine LWS_WITH_HTTP_PROXY -#cmakedefine LWS_WITH_HTTP_STREAM_COMPRESSION -#cmakedefine LWS_WITH_IPV6 -#cmakedefine LWS_WITH_JOSE -#cmakedefine LWS_WITH_LEJP -#cmakedefine LWS_WITH_LIBEV -#cmakedefine LWS_WITH_LIBEVENT -#cmakedefine LWS_WITH_LIBUV -#cmakedefine LWS_WITH_LWSAC -#cmakedefine LWS_WITH_MBEDTLS -#cmakedefine LWS_WITH_MINIZ -#cmakedefine LWS_WITH_NETWORK -#cmakedefine LWS_WITH_NO_LOGS -#cmakedefine LWS_WITHOUT_CLIENT -#cmakedefine LWS_WITHOUT_EXTENSIONS -#cmakedefine LWS_WITHOUT_SERVER -#cmakedefine LWS_WITH_PEER_LIMITS -#cmakedefine LWS_WITH_PLUGINS -#cmakedefine LWS_WITH_POLARSSL -#cmakedefine LWS_WITH_POLL -#cmakedefine LWS_WITH_RANGES -#cmakedefine LWS_WITH_SELFTESTS -#cmakedefine LWS_WITH_SEQUENCER -#cmakedefine LWS_WITH_SERVER_STATUS -#cmakedefine LWS_WITH_SMTP -#cmakedefine LWS_WITH_SOCKS5 -#cmakedefine LWS_WITH_STATEFUL_URLDECODE -#cmakedefine LWS_WITH_STATS -#cmakedefine LWS_WITH_STRUCT_SQLITE3 -#cmakedefine LWS_WITH_SQLITE3 -#cmakedefine LWS_WITH_THREADPOOL -#cmakedefine LWS_WITH_TLS -#cmakedefine LWS_WITH_UNIX_SOCK -#cmakedefine LWS_WITH_ZIP_FOPS -#cmakedefine USE_OLD_CYASSL -#cmakedefine USE_WOLFSSL - -${LWS_SIZEOFPTR_CODE} diff --git a/component.mk b/component.mk index 67b8abb..61754b5 100644 --- a/component.mk +++ b/component.mk @@ -1,20 +1,19 @@ -COMPONENT_DEPENDS := mbedtls openssl -#COMPONENT_ADD_INCLUDEDIRS := ../../../../../../../../../../../../../../../../../../../../$(COMPONENT_BUILD_DIR)/include +COMPONENT_ADD_INCLUDEDIRS := ../../../../../../../../../../../../../../../../../../$(COMPONENT_BUILD_DIR)/include -COMPONENT_OWNBUILDTARGET := 1 +COMPONENT_OWNBUILDTARGET:= 1 -CROSS_PATH1 := $(shell which xtensa-esp32-elf-gcc ) -CROSS_PATH := $(shell dirname $(CROSS_PATH1) )/.. +CROSS_PATH1:=$(shell which xtensa-esp32-elf-gcc ) +CROSS_PATH:= $(shell dirname $(CROSS_PATH1) )/.. -# detect MSYS2 environment and set generator flag if found -# also set executable extension to .exe so that tools can be properly found -# and disable bundled zlib -MSYS_VERSION = $(if $(findstring Msys, $(shell uname -o)),$(word 1, $(subst ., ,$(shell uname -r))),0) -ifneq ($(MSYS_VERSION),0) - MSYS_FLAGS = -DLWS_WITH_BUNDLED_ZLIB=0 -DEXECUTABLE_EXT=.exe -G'MSYS Makefiles' -endif +#-DLWS_USE_BORINGSSL=1 \ +# -DOPENSSL_ROOT_DIR="${PWD}/../../boringssl" \ +# -DOPENSSL_LIBRARIES="${PWD}/../../boringssl/build/ssl/libssl.a;${PWD}/../../boringssl/build/crypto/libcrypto.a" \ +# -DOPENSSL_INCLUDE_DIRS="${PWD}/../../boringssl/include" \ + +# -DNDEBUG=1 after cflags +# -DOPENSSL_LIBRARIES=x \ +# -DCOMPONENT_PATH=$(COMPONENT_PATH) \ -# -DNDEBUG=1 after cflags stops debug etc being built .PHONY: build build: cd $(COMPONENT_BUILD_DIR) ; \ @@ -23,19 +22,13 @@ build: -DIDF_PATH=$(IDF_PATH) \ -DCROSS_PATH=$(CROSS_PATH) \ -DBUILD_DIR_BASE=$(BUILD_DIR_BASE) \ - -DCMAKE_TOOLCHAIN_FILE=$(COMPONENT_PATH)/contrib/cross-esp32.cmake \ + -DCMAKE_TOOLCHAIN_FILE=$(COMPONENT_PATH)/cross-esp32.cmake \ -DCMAKE_BUILD_TYPE=RELEASE \ - -DLWS_MBEDTLS_INCLUDE_DIRS="${IDF_PATH}/components/openssl/include;${IDF_PATH}/components/mbedtls/mbedtls/include;${IDF_PATH}/components/mbedtls/port/include" \ + -DOPENSSL_INCLUDE_DIR=${IDF_PATH}/components/openssl/include \ -DLWS_WITH_STATS=0 \ - -DLWS_WITH_HTTP2=1 \ - -DLWS_WITH_RANGES=1 \ - -DLWS_WITH_ACME=1 \ - -DLWS_WITH_ZLIB=1 \ - -DLWS_WITH_ZIP_FOPS=1 \ -DZLIB_LIBRARY=$(BUILD_DIR_BASE)/zlib/libzlib.a \ -DZLIB_INCLUDE_DIR=$(COMPONENT_PATH)/../zlib \ - -DLWS_WITH_ESP32=1 \ - $(MSYS_FLAGS) ; \ + -DLWS_WITH_ESP32=1 ;\ make && \ cp ${COMPONENT_BUILD_DIR}/lib/libwebsockets.a ${COMPONENT_BUILD_DIR}/liblibwebsockets.a @@ -43,3 +36,6 @@ clean: myclean myclean: rm -rf ./build + +INCLUDES := $(INCLUDES) -I build/ + diff --git a/contrib/abi/README.md b/contrib/abi/README.md index e0d8769..1b09a1a 100644 --- a/contrib/abi/README.md +++ b/contrib/abi/README.md @@ -20,13 +20,7 @@ LGPL2 / GPL2 at your choice. Installation ------------ -The abi monitoring stuff is now packaged in, eg, fedora, which is a lot -easier than using the helper script. - -``` -# dnf install abi-tracker vtable-dumper - -Otherwise, the author provides an "easy way" to install the various tools he provides: +The author provides an easy way to install the various tools he provides: git clone https://github.com/lvc/installer cd installer diff --git a/contrib/abi/libwebsockets.json b/contrib/abi/libwebsockets.json index 1357afa..c72fda8 100644 --- a/contrib/abi/libwebsockets.json +++ b/contrib/abi/libwebsockets.json @@ -15,156 +15,6 @@ "ABIDiff": "Off" }, { - "Number": "3.0.0", - "Installed": "installed/libwebsockets/3.0.0", - "Source": "src/libwebsockets/3.0.0/libwebsockets-3.0.0.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.4.2", - "Installed": "installed/libwebsockets/2.4.2", - "Source": "src/libwebsockets/2.4.2/libwebsockets-2.4.2.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.4.1", - "Installed": "installed/libwebsockets/2.4.1", - "Source": "src/libwebsockets/2.4.1/libwebsockets-2.4.1.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.4.0", - "Installed": "installed/libwebsockets/2.4.0", - "Source": "src/libwebsockets/2.4.0/libwebsockets-2.4.0.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.3.0", - "Installed": "installed/libwebsockets/2.3.0", - "Source": "src/libwebsockets/2.3.0/libwebsockets-2.3.0.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.2.2", - "Installed": "installed/libwebsockets/2.2.2", - "Source": "src/libwebsockets/2.2.2/libwebsockets-2.2.2.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.2.1", - "Installed": "installed/libwebsockets/2.2.1", - "Source": "src/libwebsockets/2.2.1/libwebsockets-2.2.1.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.2.0", - "Installed": "installed/libwebsockets/2.2.0", - "Source": "src/libwebsockets/2.2.0/libwebsockets-2.2.0.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.1.1", - "Installed": "installed/libwebsockets/2.1.1", - "Source": "src/libwebsockets/2.1.1/libwebsockets-2.1.1.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "2.1.0", - "Installed": "installed/libwebsockets/2.1.0", - "Source": "src/libwebsockets/2.1.0/libwebsockets-2.1.0.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "1.7.9", - "Installed": "installed/libwebsockets/1.7.9", - "Source": "src/libwebsockets/1.7.9/libwebsockets-1.7.9.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "1.7.8", - "Installed": "installed/libwebsockets/1.7.8", - "Source": "src/libwebsockets/1.7.8/libwebsockets-1.7.8.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "1.7.7", - "Installed": "installed/libwebsockets/1.7.7", - "Source": "src/libwebsockets/1.7.7/libwebsockets-1.7.7.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "1.7.6", - "Installed": "installed/libwebsockets/1.7.6", - "Source": "src/libwebsockets/1.7.6/libwebsockets-1.7.6.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { - "Number": "1.7.5", - "Installed": "installed/libwebsockets/1.7.5", - "Source": "src/libwebsockets/1.7.5/libwebsockets-1.7.5.tar.gz", - "Changelog": "changelog", - "HeadersDiff": "On", - "PkgDiff": "Off", - "ABIView": "Off", - "ABIDiff": "Off" - }, - { "Number": "1.7.4", "Installed": "installed/libwebsockets/1.7.4", "Source": "src/libwebsockets/1.7.4/libwebsockets-1.7.4.tar.gz", diff --git a/contrib/android-make-script.sh b/contrib/android-make-script.sh index 1ef8607..8ad36cb 100755 --- a/contrib/android-make-script.sh +++ b/contrib/android-make-script.sh @@ -3,40 +3,52 @@ # # Build libwebsockets static library for Android # +# requires debian package xutils-dev for makedepend (openssl make depend) +# + +# This is based on http://stackoverflow.com/questions/11929773/compiling-the-latest-openssl-for-android/ +# via https://github.com/warmcat/libwebsockets/pull/502 # path to NDK -export NDK=/opt/ndk_r17/android-ndk-r17-beta2-linux-x86_64/android-ndk-r17-beta2 -export ANDROID_NDK=${NDK} -export TOOLCHAIN=${NDK}/toolchain -export CORSS_SYSROOT=${NDK}/sysroot -export SYSROOT=${NDK}/platforms/android-22/arch-arm +export NDK=/opt/Android/SDK/ndk-bundle + set -e -# Download packages libz, libuv, mbedtls and libwebsockets -#zlib-1.2.8 -#libuv-1.x -#mbedtls-2.11.0 -#libwebsockets-3.0.0 +# Download packages libz, openssl and libwebsockets +[ ! -f zlib-1.2.8.tar.gz ] && { +wget http://prdownloads.sourceforge.net/libpng/zlib-1.2.8.tar.gz +} -# create a local android toolchain -API=${3:-24} +[ ! -f openssl-1.0.2g.tar.gz ] && { +wget https://openssl.org/source/openssl-1.0.2g.tar.gz +} +[ ! -f libwebsockets.tar.gz ] && { +git clone https://github.com/warmcat/libwebsockets.git +tar caf libwebsockets.tar.gz libwebsockets +} + +# Clean then Unzip + +[ -d zlib-1.2.8 ] && rm -fr zlib-1.2.8 +[ -d openssl-1.0.2g ] && rm -fr openssl-1.0.2g +[ -d libwebsockets ] && rm -fr libwebsockets +[ -d android-toolchain-arm ] && rm -fr android-toolchain-arm +tar xf zlib-1.2.8.tar.gz +tar xf openssl-1.0.2g.tar.gz +tar xf libwebsockets.tar.gz + +# create a local android toolchain $NDK/build/tools/make-standalone-toolchain.sh \ + --platform=android-9 \ --toolchain=arm-linux-androideabi-4.9 \ - --arch=arm \ - --install-dir=`pwd`/android-toolchain-arm \ - --platform=android-$API \ - --stl=libc++ \ - --force \ - --verbose + --install-dir=`pwd`/android-toolchain-arm # setup environment to use the gcc/ld from the android toolchain -export INSTALL_PATH=/opt/libwebsockets_android/android-toolchain-arm -export TOOLCHAIN_PATH=`pwd`/android-toolchain-arm +export TOOLCHAIN_PATH=`pwd`/android-toolchain-arm/bin export TOOL=arm-linux-androideabi -export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/bin/${TOOL} -export PATH=`pwd`/android-toolchain-arm/bin:$PATH +export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL} export CC=$NDK_TOOLCHAIN_BASENAME-gcc export CXX=$NDK_TOOLCHAIN_BASENAME-g++ export LINK=${CXX} @@ -44,73 +56,59 @@ export LD=$NDK_TOOLCHAIN_BASENAME-ld export AR=$NDK_TOOLCHAIN_BASENAME-ar export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib export STRIP=$NDK_TOOLCHAIN_BASENAME-strip -export PLATFORM=android -export CFLAGS="D__ANDROID_API__=$API" -# configure and build libuv -[ ! -f ./android-toolchain-arm/lib/libuv.so ] && { -cd libuv -echo "=============================================>> build libuv" - -PATH=$TOOLCHAIN_PATH:$PATH make clean -PATH=$TOOLCHAIN_PATH:$PATH make -PATH=$TOOLCHAIN_PATH:$PATH make install -echo "<<============================================= build libuv" -cd .. -} +# setup buildflags +export ARCH_FLAGS="-mthumb" +export ARCH_LINK= +export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 " +export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions " +export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 " +export LDFLAGS=" ${ARCH_LINK} " # configure and build zlib -[ ! -f ./android-toolchain-arm/lib/libz.so ] && { +[ ! -f ./android-toolchain-arm/lib/libz.a ] && { cd zlib-1.2.8 -echo "=============================================>> build libz" - -PATH=$TOOLCHAIN_PATH:$PATH make clean +PATH=$TOOLCHAIN_PATH:$PATH ./configure --static --prefix=$TOOLCHAIN_PATH/.. PATH=$TOOLCHAIN_PATH:$PATH make PATH=$TOOLCHAIN_PATH:$PATH make install -echo "<<============================================= build libz" cd .. } -# configure and build mbedtls -[ ! -f ./android-toolchain-arm/lib/libmbedtls.so ] && { -echo "=============================================>> build mbedtls" -PREFIX=$TOOLCHAIN_PATH -cd mbedtls-2.11.0 -[ ! -d build ] && mkdir build -cd build -export CFLAGS="$CFLAGS -fomit-frame-pointer" - -PATH=$TOOLCHAIN_PATH:$PATH cmake .. -DCMAKE_TOOLCHAIN_FILE=`pwd`/../cross-arm-android-gnueabi.cmake \ - -DCMAKE_INSTALL_PREFIX:PATH=${INSTALL_PATH} \ - -DCMAKE_BUILD_TYPE=RELEASE -DUSE_SHARED_MBEDTLS_LIBRARY=On - -PATH=$TOOLCHAIN_PATH:$PATH make clean -PATH=$TOOLCHAIN_PATH:$PATH make SHARED=1 -PATH=$TOOLCHAIN_PATH:$PATH make install -echo "<<============================================= build mbedtls" -cd ../.. +# configure and build openssl +[ ! -f ./android-toolchain-arm/lib/libssl.a ] && { +PREFIX=$TOOLCHAIN_PATH/.. +cd openssl-1.0.2g +./Configure android --prefix=${PREFIX} no-shared no-idea no-mdc2 no-rc5 no-zlib no-zlib-dynamic enable-tlsext no-ssl2 no-ssl3 enable-ec enable-ecdh enable-ecp +PATH=$TOOLCHAIN_PATH:$PATH make depend +PATH=$TOOLCHAIN_PATH:$PATH make +PATH=$TOOLCHAIN_PATH:$PATH make install_sw +cd .. } # configure and build libwebsockets -[ ! -f ./android-toolchain-arm/lib/libwebsockets.so ] && { +[ ! -f ./android-toolchain-arm/lib/libwebsockets.a ] && { cd libwebsockets [ ! -d build ] && mkdir build cd build -echo "=============================================>> build libwebsockets" - -PATH=$TOOLCHAIN_PATH:$PATH cmake .. -DCMAKE_TOOLCHAIN_FILE=`pwd`/../cross-arm-android-gnueabi.cmake \ - -DCMAKE_INSTALL_PREFIX:PATH=${INSTALL_PATH} \ - -DLWS_WITH_LWSWS=1 \ - -DLWS_WITH_MBEDTLS=1 \ - -DLWS_WITHOUT_TESTAPPS=1 \ - -DLWS_MBEDTLS_LIBRARIES="${INSTALL_PATH}/lib/libmbedcrypto.a;${INSTALL_PATH}/lib/libmbedtls.a;${INSTALL_PATH}/lib/libmbedx509.a" \ - -DLWS_MBEDTLS_INCLUDE_DIRS=${INSTALL_PATH}/include \ - -DLWS_LIBUV_LIBRARIES=${INSTALL_PATH}/lib/libuv.so \ - -DLWS_LIBUV_INCLUDE_DIRS=${INSTALL_PATH}/include \ - -DLWS_ZLIB_LIBRARIES=${INSTALL_PATH}/lib/libz.so \ - -DLWS_ZLIB_INCLUDE_DIRS=${INSTALL_PATH}/include +PATH=$TOOLCHAIN_PATH:$PATH cmake \ + -DCMAKE_C_COMPILER=$CC \ + -DCMAKE_AR=$AR \ + -DCMAKE_RANLIB=$RANLIB \ + -DCMAKE_C_FLAGS="$CFLAGS" \ + -DCMAKE_INSTALL_PREFIX=$TOOLCHAIN_PATH/.. \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_STATIC=ON \ + -DLWS_WITHOUT_DAEMONIZE=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_IPV6=OFF \ + -DLWS_USE_BUNDLED_ZLIB=OFF \ + -DLWS_WITH_SSL=ON \ + -DLWS_WITH_HTTP2=ON \ + -DLWS_OPENSSL_LIBRARIES="$TOOLCHAIN_PATH/../lib/libssl.a;$TOOLCHAIN_PATH/../lib/libcrypto.a" \ + -DLWS_OPENSSL_INCLUDE_DIRS=$TOOLCHAIN_PATH/../include \ + -DCMAKE_BUILD_TYPE=Debug \ + .. PATH=$TOOLCHAIN_PATH:$PATH make PATH=$TOOLCHAIN_PATH:$PATH make install -echo "<<============================================= build libwebsockets" cd ../.. } diff --git a/contrib/cross-arm-android-gnueabi.cmake b/contrib/cross-arm-android-gnueabi.cmake deleted file mode 100644 index da9aaae..0000000 --- a/contrib/cross-arm-android-gnueabi.cmake +++ /dev/null @@ -1,46 +0,0 @@ -# -# CMake Toolchain file for crosscompiling on ARM. -# -# This can be used when running cmake in the following way: -# cd build/ -# cmake .. -DCMAKE_TOOLCHAIN_FILE=../cross-arm-linux-gnueabihf.cmake -# - -set(CROSS_PATH /opt/libwebsockets_android/android-toolchain-arm) - -# Target operating system name. -set(CMAKE_SYSTEM_NAME Android) - -# Target build dynamic libs. -set(BUILD_SHARED_LIBS ON) - -# Name of C compiler. -set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/arm-linux-androideabi-gcc") -set(CMAKE_CXX_COMPILER "${CROSS_PATH}/bin/arm-linux-androideabi-g++") - -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - -# Where to look for the target environment. (More paths can be added here) -set(CMAKE_FIND_ROOT_PATH "${CROSS_PATH}") - -# Adjust the default behavior of the FIND_XXX() commands: -# search programs in the host environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) - -# Search headers and libraries in the target environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) -set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) diff --git a/contrib/cross-w32.cmake b/contrib/cross-w32.cmake deleted file mode 100644 index 0512885..0000000 --- a/contrib/cross-w32.cmake +++ /dev/null @@ -1,45 +0,0 @@ -# -# CMake Toolchain file for crosscompiling on 32bit Windows platforms. -# -# This can be used when running cmake in the following way: -# cd build/ -# cmake .. -DCMAKE_TOOLCHAIN_FILE=../contrib/cross-w32.cmake -DLWS_WITH_SSL=0 -# - -set(CROSS_PATH /opt/mingw32) - -# Target operating system name. -set(CMAKE_SYSTEM_NAME Windows) - -# Name of C compiler. -set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/i686-w64-mingw32-gcc") -set(CMAKE_CXX_COMPILER "${CROSS_PATH}/bin/i686-w64-mingw32-g++") -set(CMAKE_RC_COMPILER "${CROSS_PATH}/bin/i686-w64-mingw32-windres") -set(CMAKE_C_FLAGS "-Wno-error") - -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - -# Where to look for the target environment. (More paths can be added here) -set(CMAKE_FIND_ROOT_PATH "${CROSS_PATH}") - -# Adjust the default behavior of the FIND_XXX() commands: -# search programs in the host environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) - -# Search headers and libraries in the target environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) -set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) diff --git a/contrib/cross-w64.cmake b/contrib/cross-w64.cmake deleted file mode 100644 index 4fff882..0000000 --- a/contrib/cross-w64.cmake +++ /dev/null @@ -1,45 +0,0 @@ -# -# CMake Toolchain file for crosscompiling on 64bit Windows platforms. -# -# This can be used when running cmake in the following way: -# cd build/ -# cmake .. -DCMAKE_TOOLCHAIN_FILE=../contrib/cross-w64.cmake -DLWS_WITH_SSL=0 -# - -set(CROSS_PATH /opt/mingw64) - -# Target operating system name. -set(CMAKE_SYSTEM_NAME Windows) - -# Name of C compiler. -set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/x86_64-w64-mingw32-gcc") -set(CMAKE_CXX_COMPILER "${CROSS_PATH}/bin/x86_64-w64-mingw32-g++") -set(CMAKE_RC_COMPILER "${CROSS_PATH}/bin/x86_64-w64-mingw32-windres") -set(CMAKE_C_FLAGS "-Wno-error") - -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - -# Where to look for the target environment. (More paths can be added here) -set(CMAKE_FIND_ROOT_PATH "${CROSS_PATH}") - -# Adjust the default behavior of the FIND_XXX() commands: -# search programs in the host environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) - -# Search headers and libraries in the target environment only. -set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) -set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) diff --git a/contrib/cross-aarch64.cmake b/cross-aarch64.cmake similarity index 50% rename from contrib/cross-aarch64.cmake rename to cross-aarch64.cmake index c8d880d..d85a641 100644 --- a/contrib/cross-aarch64.cmake +++ b/cross-aarch64.cmake @@ -14,24 +14,8 @@ set(CMAKE_SYSTEM_PROCESSOR aarch64) set(CMAKE_C_COMPILER "aarch64-linux-gnu-gcc") set(CMAKE_CXX_COMPILER "aarch64-linux-gnu-g++") -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - #-nostdlib -SET(CMAKE_C_FLAGS "-DGCC_VER=\"\\\"$(GCC_VER)\\\"\" -DARM64=1 -D__LP64__=1 -Os -g3 -fpie -mstrict-align -DOPTEE_DEV_KIT=../../../../out/arm-plat-hikey/export-ta_arm64/include -I../../../../lib/libutee/include -fPIC -ffunction-sections -fdata-sections -I../../../../core/include" CACHE STRING "" FORCE) +SET(CMAKE_C_FLAGS "-DGCC_VER=\"\\\"$(GCC_VER)\\\"\" -DARM64=1 -D__LP64__=1 -Os -g3 -fpie -mstrict-align -DOPTEE_DEV_KIT=../../../optee_os/out/arm-plat-hikey/export-ta_arm64/include -fPIC -ffunction-sections -fdata-sections" CACHE STRING "" FORCE) # Where to look for the target environment. (More paths can be added here) diff --git a/contrib/cross-arm-linux-gnueabihf.cmake b/cross-arm-linux-gnueabihf.cmake similarity index 53% rename from contrib/cross-arm-linux-gnueabihf.cmake rename to cross-arm-linux-gnueabihf.cmake index 289f27a..12cf3e9 100644 --- a/contrib/cross-arm-linux-gnueabihf.cmake +++ b/cross-arm-linux-gnueabihf.cmake @@ -15,22 +15,6 @@ set(CMAKE_SYSTEM_NAME Linux) set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/arm-linux-gnueabihf-gcc") set(CMAKE_CXX_COMPILER "${CROSS_PATH}/bin/arm-linux-gnueabihf-g++") -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - # Where to look for the target environment. (More paths can be added here) set(CMAKE_FIND_ROOT_PATH "${CROSS_PATH}") diff --git a/contrib/cross-esp32.cmake b/cross-esp32.cmake similarity index 53% rename from contrib/cross-esp32.cmake rename to cross-esp32.cmake index 2c8996b..f978e80 100644 --- a/contrib/cross-esp32.cmake +++ b/cross-esp32.cmake @@ -10,32 +10,14 @@ set(CMAKE_SYSTEM_NAME Linux) # Name of C compiler. -set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/xtensa-esp32-elf-gcc${EXECUTABLE_EXT}") -set(CMAKE_AR "${CROSS_PATH}/bin/xtensa-esp32-elf-ar${EXECUTABLE_EXT}") -set(CMAKE_RANLIB "${CROSS_PATH}/bin/xtensa-esp32-elf-ranlib${EXECUTABLE_EXT}") -set(CMAKE_LINKER "${CROSS_PATH}/bin/xtensa-esp32-elf-ld${EXECUTABLE_EXT}") - -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() +set(CMAKE_C_COMPILER "${CROSS_PATH}/bin/xtensa-esp32-elf-gcc") +set(CMAKE_AR "${CROSS_PATH}/bin/xtensa-esp32-elf-ar") +set(CMAKE_RANLIB "${CROSS_PATH}/bin/xtensa-esp32-elf-ranlib") +set(CMAKE_LINKER "${CROSS_PATH}/bin/xtensa-esp32-elf-ld") SET(CMAKE_C_FLAGS "-nostdlib -Wall -Werror \ -I${BUILD_DIR_BASE}/include \ - -I${IDF_PATH}/components/newlib/platform_include \ -I${IDF_PATH}/components/mdns/include \ - -I${IDF_PATH}/components/heap/include \ -I${IDF_PATH}/components/driver/include \ -I${IDF_PATH}/components/spi_flash/include \ -I${IDF_PATH}/components/nvs_flash/include \ @@ -47,8 +29,6 @@ SET(CMAKE_C_FLAGS "-nostdlib -Wall -Werror \ -I${IDF_PATH}/components/bootloader_support/include/ \ -I${IDF_PATH}/components/app_update/include/ \ -I$(IDF_PATH)/components/soc/esp32/include/ \ - -I$(IDF_PATH)/components/soc/include/ \ - -I$(IDF_PATH)/components/vfs/include/ \ ${LWS_C_FLAGS} -Os \ -I${IDF_PATH}/components/nvs_flash/test_nvs_host \ -I${IDF_PATH}/components/freertos/include" CACHE STRING "" FORCE) diff --git a/contrib/cross-ming.cmake b/cross-ming.cmake similarity index 54% rename from contrib/cross-ming.cmake rename to cross-ming.cmake index 1b21014..94989f2 100644 --- a/contrib/cross-ming.cmake +++ b/cross-ming.cmake @@ -18,22 +18,6 @@ set(CMAKE_C_COMPILER "${CROSS_PATH}/x86_64-w64-mingw32-gcc") set(CMAKE_RC_COMPILER "${CROSS_PATH}/x86_64-w64-mingw32-windres") set(CMAKE_C_FLAGS "-Wno-error") -# -# Different build system distros set release optimization level to different -# things according to their local policy, eg, Fedora is -O2 and Ubuntu is -O3 -# here. Actually the build system's local policy is completely unrelated to -# our desire for cross-build release optimization policy for code built to run -# on a completely different target than the build system itself. -# -# Since this goes last on the compiler commandline we have to override it to a -# sane value for cross-build here. Notice some gcc versions enable broken -# optimizations with -O3. -# -if (CMAKE_BUILD_TYPE MATCHES RELEASE OR CMAKE_BUILD_TYPE MATCHES Release OR CMAKE_BUILD_TYPE MATCHES release) - set(CMAKE_C_FLAGS_RELEASE ${CMAKE_C_FLAGS_RELEASE} -O2) - set(CMAKE_CXX_FLAGS_RELEASE ${CMAKE_CXX_FLAGS_RELEASE} -O2) -endif() - # Where to look for the target environment. (More paths can be added here) set(CMAKE_FIND_ROOT_PATH "${CROSS_PATH}") diff --git a/contrib/cross-openwrt-makefile b/cross-openwrt-makefile similarity index 97% rename from contrib/cross-openwrt-makefile rename to cross-openwrt-makefile index 8acab6b..2504370 100644 --- a/contrib/cross-openwrt-makefile +++ b/cross-openwrt-makefile @@ -25,13 +25,13 @@ CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-exam # for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and # edit package/libs/wolfssl/Makefile to include --enable-opensslextra -# CMAKE_OPTIONS += -DLWS_WITH_WOLFSSL=ON +# CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON # CMAKE_OPTIONS += -DLWS_WOLFSSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libwolfssl.so # CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include # for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and # edit package/libs/wolfssl/Makefile to include --enable-opensslextra -# CMAKE_OPTIONS += -DLWS_WITH_CYASSL=ON +# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON # CMAKE_OPTIONS += -DLWS_CYASSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libcyassl.so # CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include diff --git a/doc-assets/abstract-overview.svg b/doc-assets/abstract-overview.svg deleted file mode 100644 index db1ac47..0000000 --- a/doc-assets/abstract-overview.svg +++ /dev/null @@ -1,348 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/doc-assets/accept-flow-1.svg b/doc-assets/accept-flow-1.svg deleted file mode 100644 index 1c70ca1..0000000 --- a/doc-assets/accept-flow-1.svg +++ /dev/null @@ -1,46 +0,0 @@ - - - - - - - - - - - - - - - - - - httpprocessing - Connection - Fallbackrole +protocol - - - - - Invalid Methodin "http header" - - Fallbackset and enabledon vhost? - - - - - Error - Yes - Yes - - - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG - plain http port - - - - - This flow happensbefore any Host: headers.Indeed there are no Host:headers if the connectionis not actually http.Therefore it occurs on thefirst vhost that listenson the connection port. - - - diff --git a/doc-assets/accept-flow-2.svg b/doc-assets/accept-flow-2.svg deleted file mode 100644 index 1a47cf9..0000000 --- a/doc-assets/accept-flow-2.svg +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - - - - - - - - - Yes - - - - - - - - - httpprocessing - Connection - Issue httpredirect tohttps:// - - - - - TLS headerlooks bad? - - Redirect httpto https enabled? - - - - Yes - Yes - - - - - Allow httpon https enabled? - - - - - - - - - - Error - Yes - Fallbackset and enabledon vhost? - - - LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS - LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG - - - Fallbackrole +protocol - TLS port - - - - - This flow happensbefore any vhost selectionusing SNI or Host: headers.Therefore it occurs on thefirst vhost that listenson the connection port. - - - diff --git a/doc-assets/accept-flow-3.svg b/doc-assets/accept-flow-3.svg deleted file mode 100644 index ea51c3c..0000000 --- a/doc-assets/accept-flow-3.svg +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - Connection - Specifiedrole +protocol - - - - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG - raw-only port - - - diff --git a/doc-assets/http-proxy-overview.svg b/doc-assets/http-proxy-overview.svg deleted file mode 100644 index fbfcf0c..0000000 --- a/doc-assets/http-proxy-overview.svg +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - LWSvhost - listensocket - - unixsocket - localserverprocess - - - - - tcpsocket - remoteserverprocess - - tcpsocket - - - - - - - - - - - - - - - - - - - - - - - - - - h1/h2 - h1 proxy - - - - h1 proxy - chosenby URL - chosenby URL - lws http proxying overview - Same physical server - - - diff --git a/doc-assets/lws-crypto-overview.svg b/doc-assets/lws-crypto-overview.svg deleted file mode 100644 index 559c8c4..0000000 --- a/doc-assets/lws-crypto-overview.svg +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - OpenSSL - mbedTLS - and derivitives - - genhash, genrsa, genaes, genec - JOSE, JWS, JWK, JWE - - TLS-library-specificand cipher-specifickeys using EVPor bignum - TLS library-independentmetadata +binary key elements - JWK JSON keycreation and parsing - - - - - libwebsockets - - - diff --git a/doc-assets/lws-fts.svg b/doc-assets/lws-fts.svg deleted file mode 100644 index 081adc7..0000000 --- a/doc-assets/lws-fts.svg +++ /dev/null @@ -1,63 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OriginalTextfile - - OriginalTextfile - - OriginalTextfile - - IndexFile - - - - - - - - - SearchAction - Keyword - - Auto-comp-lete - Result lwsac - - - - - - - - - diff --git a/doc-assets/lws-overview.png b/doc-assets/lws-overview.png deleted file mode 100644 index 64195d9e7b9f647dc0b4671260acaef4960faa4d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 641195 zcmXt91z6MV*B*@S?(XjH1_40@k#6ZOk=kgaOBzW5mG18D5b5p)X&CGqzWm9Jb=9*xXZoLMuGkLp;$)1 zKBKy*=(z&`TA5r6PK-%y}N~(%SSF}H|xw( z2{HhH2JlKjR@*!4IQx?y!R$kLP7R~v6#zazH%iKE%Hh%u173QC!Y5Zc7qJw`yo?bE`0t_OhzzPO8m;Pa|J20X?{Z}D!hXn*x|8g{hND8;lI79VAwLf<=YjiuUylw(n)9cJsFVt zWK-oJ1uaB-XCnL%Kn~$U_%{e6>1T_77%?Q~FFbjpK53&u)CtcH(meYcdPwHIWlcewJ79zRf~HlH(f<+%-k}-?+%0?)k7jw(4RL z&$N| z%I^)R4uSPx60(m>vczK;Cb9X+8gC~rqlo;{+$Yb;>!tZDgUprn&vnhhdG7af5{f91 z_%=8U-2{UQ@-pdgFgYan{2q&kp<4)62)R*ad&s1_+v0?g>Pl_a^K}9s65kT5cZtL% zk`?C%ZSE-GMIuxsoi=!1Lzc9b8fweIh&{D`G{)l6u-7_X` zB1m+2XTXzw{2!W$ay9LN?_fwJC&5pxWg&oUkxYuO=%iNqe4BHHarqV`SYo&4`MYr5 zSiLaL5{uN=;`<9qY7~l~e5?B{#=9-X8#VrIpKao6)yZPyfF2sH(V$I{7=Gg-nc6TJ zwtQeR>B}j+V5E0yeA)lWtLps;%Py0QqB$zY(@f?ACp>}yGs6Q1l-?1HH-f;IHd2K< zuhU-UL*SIT8eqFqo7opDKxprd@DM@PTjYv_ zxwHS{mp<2jiiv-dV3S&NYHb>!1MeYHo$hPDj4Kie{16{dJMsmJv;vG5>`~~bYMwR} zK-E_F{IAX{kfx?X+NUm!7Dmg*{4o$#-W7z6rF~~uBVf@;pv9Tk2REkuZzV_qzcMji zgvaNab~52HWs=crFXvA1_^>y#tl*a~YA5_~#<4{q!|{o40ou4KVdGRJTm3q4lj)n< zKblOnz7b}DF?(lPT>;dL{;W>?s5;O5Eig3s_xnq+bz|D0xSP9Oa{`7L*xc2$@fucO zRa_VZoTQ%g1u$hmaX_${qYj%kdqc=pKNf$>fnz<55B-ld4K+LV0{ zK&H}Ym?Ns;T(H;&^5KsLT9Ux`y^6+CA?BA+M1+YVC8(Jc#=Nl%UF%2w*H@`b=f09F z?0P@xvrMl)6W3SH>{7=qJX=OQPZQDI z@qbnV&97dqR)^)li5-vAayw53=#aQS<#|AM#DxI0teg9D^?x}-gt4X*JfcZdnB{5S zTFKBAz-#-wtXIQw`Sn*Ac@XeN96Iox4rm|v&2*^ga`K@2w#S;9mdK_Pj(zE8+UHI| z;VDxR0l4=$&vATU9Y@id7)n2?v5Rz5fYcFlR1Q{XzR79N%rBJ4rWV&yoG8k z*8prgfSQxNhOagA*}x;kfel_^Fl#)Ee69%aKQtm!R2EmjtOQawa7qAVxW~r;XN$>G zYE#5>{z{ZPf)b5s62c!eVLVXn(VJrZt7850;-q;^uYjj2A*pyOCH<3DNM2G@%%TGO zcqY0MQ;%+!P%aO19Qs z9a&4obb?nF((CZ++PS{?k1l}Az~aETS4rezipQ4I4j?t6rvsWht@kS2x}o4Bb_ zU%H1kXPv^no2#cQIHMmG7P>oeec-IvX?|cK4 z;Vq`D60redKq8YQ{aVuPolZH^c5u!+p5H0sEbBz3Dp`+DgpJr~fqd|MDZ6YCwXM6S zOt!8ZyQ&}$2MTWCt8^ew^M??z3&h3D~T?4^X4q8_ZOI1#!;Un(jq{WJzqvK<&k?7{H z*ASeaPemdUw~m=|w-?LTwGV$K%U#9ph!eeP0;2W*U*h^!`mxY9@&wo~zw}_$L!->lh z&zY$ccEzb#4`^Ycl!j=vctIUEl386^R@Jkm75q2bl5yd0b;M_kO-2;Jbi&n3-wtTA zHXX5Gie06MHlB^2X7%lVHf8Lql^Ha?VePw?6GvcdaPwVvLPW11_(9uA@w zh&UjY7>ym~>s_&S_n7sfN=|$V%+N3*4VZi6z@FV38{jK(K+l0AYRTR^eT=X-sB>m< zD#{vf&zw6?NItfz$@|&^K){7)A(6)bj7& z5Ei==3OAJe)7g;(2^TO4Cv=L-$OdWdAgG2gnG#O%6O73WX=+kbr6XR^)}9h|^*G#s@bGzEuDR^#%X_)X-G#IL+x0#V zy_V>AtOslen^o!vUE9&Sw{Se%D3%kbrXHObIW@_`@nY1$tKfZ$?BWDUQ2d?JK~ z&lj#}R%7e@2j6ol&$mFUrYg7JyvH6S4tT75Bq*2>*w3Kc!4DJ>${kSWH7Ha#!{TTC zr4-Ggr{z_L_2u`spj7Jd87ksEy|U5I4+a{jt84XI4naQ#%P4a&l4z3D11*)1Et^Sm zqhU9ZDT+ZGpiH;Tx+HvF)R!VE65879UBU!@lC-Fl#~iNTaN%&$#XdBgU$hBs)I!d= z$7rTLM+&v5;to>h<-OnklJQFKO3+>SUw-T*x2v$~e-m zIpxP5^aQXUfx^|m_2{UBt6iw~%vPQVbNEt4a}skLMeN9$*Wq>T(b3g!e-E5VDSvjjDA*I-jlrp8 z$>MNp}CxriVy)>!l(-)$r3mnK7g2xM@`+zI{8zb_r8?|L0sxCc18Xg)JG}d89xAq?)sR>}F7}@w}kcK?@9bH-K7H&i?W~)%P_0W}n+-~QW z-WuO@$ymC)Xx-09TkvHF|Ne7@y}Swj1jX>(Pqrf9_}hYc_vtomga*;iJfB1;4Y@fW z=Us_|DWOl|e)w8+f~YTEOAmocA#FScKaH^CfpPo$8FvKS+sNPc+KL@9&vT)&X!SXaGD z&*~;l%FgJE-c_XI*i>&GE+j7HK(bQ)Io_>CN>e1+xiA$7h{H+FkxGAxm5BAJxe@;A zV)#+C0_bt7bm3TGS~6QMneyw~^11FJINzX%}U8Hv*@Sb_OqmtIA+-jqW)fdt|R4Tv<7A#*2Xc^=rr z{|90R_`qQd5w8g4jyaOIR)GnZ`r-`U3V;n{S6_q#TVX+v$9g~Gh;Rk9JInI>*;!D1 zHz!W#g54cB9`I?O@kK|dqt-P;=HnVBJ3KjjAvNEEji|&>(Fu*3FUNkT>LSOJcU`3B zsOCKQI3ZRpe!l#DneM&Y7kCyw(Xky{?7XRDEh(&>av1`>*!gu(m#30W?4#$H6l5#9>lHKQN7*|H>VNMJ=fQuRV@xcUF0|LYl|H{4Qo8m)b-Qye$C_-+y zXgVkHfS$c;;j|W1`+q=-7{g$hjj0h) zpng7*Wl#b`#Vo84?kcppU~ij=%5c{^V%c6UMZKBP`~Zezz*fG*Czm?az=vjd&)wrx3@B_d-zyyxi>q2}NxD40ah=d{(sO9!8 zvwgjEdcHK>EFtXy!`&9^jk_nj(}B4I_Ufppr=a1gDXGMI9HF-w*4`{Xm(}09%OCtl z70cz!>A1|3th@vztR5~Ke=jV_eg$-E1KLv*a!yG`5X2DG`@!i7K22O(&l{&W5)^&BJ zkd2V?G&8ubn=LN2-B{Q^<_4X7cF~2L=(=o}57hDNC;VfE9RUpADKcPgI?%_WbC3YM z9}~FVQRBgbpc8aXZgt>fI3KU9u9%5H7`!$t6Bthj4%x%UqtE=jhmQK%9RAex3TML9#x^Us) z7znu{2nYcfY7r}S>9~#U>n>YH5Z_f7n*m=DfpK;Zw7Rw$7Uv^@g@tWX?lrnzMxPun ztrCT8Fgz0qITTb`g28;3TR~%ijfxl^c6at1MKW5LfeH%94AU4ks@k1ta!6|Xe=jrw zLbi*MSzZowAvvi9K&32qx$Z56TR6`*(SV4s%{5I>?Pk!De@6rAOb6mVN@<+AI%jCj z7f0LvIvZL@LIj9iKe_Y3MtJ8EtQ;KsMBm7ps5sH8Cs8FU7=-GUq6@e`X7N7FomxKDNPR z^YBoWi-Io*eZXWw17-A(`ZLA#=TLPYS2W~TL+$Uy(=m3t+uN;DBPt%|vK=t4DSoo! zhGXoOg}OH(4_^Dsizk;fSXVWTGY4{t_D^u8Suj^$j!ft>GfEm>Q{en8!%3*{Hm|B7 z1iZ>T+e_eg@hf)hBd!ty8b}PpF;Qlwnw!J|)MPx`9 zJjl_}fi?w*L9gM;_!PmGWbo;hNFhS;(Lpm_@ ztSuUUP`@M6Vp3-@BJE93#}9Mqw8XCEEjJfTFpfj5?mZUEd84SRs?RaU)`?o2`LujZ zK6wjn-`1VYjfWxFA7q<6*&fYQpp0RPC5yi>8^eek@9oDtBhaKag{L;qPx15PN%2!1Eul;uod= z88X}iTqH0zL^_di1;T+*b%yD&Q7-o9VLU0g9$tnzSjeaSFF8^qQgpWr zQgbM)fB*o{-n9(a4@tSfeYGtcMYrezRVRM_l5sNex@y1TnQTNheCrzeysoA_kvadTtg#IobgkDkh{}$cnM({l2*ff6PeLjC;5990KS-0!V%$&d! zmKeBHG^)GMY|D`R1L;7^oz+d#k>96WgD6!NRbOSk@jrC$D*YqVV#vN~ zx|Qq5Zuj&R`zV{>cRI@Tvd*AN0ak`NK?om8cRFxN3093>3Ie3f*<2N_Z-C}RTJUBYEzThlQN#iOVNUP$Jbp? z9KPVJ9c*f!W+9e`0XC`?*vN@kcwQ#y$5*e-?|881NYdC?&t4)ua^vlHvR*|)Za7$) zKk+-g;^{rInlJK1X?qh9zK;FJ7+=$(BgX!-rm7b*PSE=uuT%8XVmsvg=Aa`uvx(iI zaOq9Gr)PUAi>J~bSv+U-yRWz(zdG-RI`8qVS0?nU`6*^7JJo3&zKF)r6z{Q|q`O*; zWG{1U@(A%lXg$qc?`b$&-$T}s(06VzCROm{GYuClOHv}8W|_`MX*>t7HH8)i=Pfpe zmNR^uGXN3#l7#V17kQO~(;M#29mg!OkGRL@oyNwR+y2dM`WrIfWiKB8sc?o-eP z-_XmhGAm>DxJVe#*raE|%Afqp^P3>(_^*TWBhBc+p^r0aHTQ0?dpP+V-wg9} zc6T>75qk&n-Vsp3h4c~T^}{#bl6K-NZHXR`v3-E_DuOEZ&{-F@#s-=^ptAjr^o$LJ zYobT8sy7d=QlEPUgiBpI%CMsPiqb>y7L~;0JD{c%-Q8pdA5A{^?~4IY>SNqW`&T_pp)##pZRj^-{kw z`KIf1*KL8tF(RhjDPZ!<=5W#7u=Y!ohI3%j2Fkl-M zS}fVXZ7T&2N!06a28D<~3to8bJQ-MGnLXVca7_8}FcBtc*`qrSV3XV@HYI{p=J-f`n>rTX#w=S)ES%?rN`9vt{v)`Cvn!spxS)U zbinb&oKJsqcJ#Hk2-@JEGvc6YA#!&&G_pT`<`Fg@Y&lw-1a?#wPv=K@ad-gvgpe*s zdr(*1d&u0|fq@+_B1s?QfmcJuFu^@yY;Utu@yu~A3ET6Z!(673Q%6JlKJNN*pP(FP z$bAg5kI zbMj{@{b=hRh~)(>XLBMxZ0u2AotPPov3(J9CNK`BF<5Emm&s`M8yx_$oQd!o`80Re zw%a5KW>y4uuY;73;40}AJXBQNX^<>vsETCrF#{RrhJ@=Lrb zskXc`1iDJ-$s6SjYNy+MTrn3 z1N;l1lO?hu$<*dobDuk=34JIa3~RxLH~V6CM@hoG-oP?2^A4rK!(1c_w|+$Uvme*F zz&Wdcel^;9F3*#a;qPC135D>W0|v-esL36())n_X$`NRMZ*o|*zu7SQYxUcy*Kw8A zy-wC%kFleAjo(Zl;z2zR$g#Z^b=93)MZH_wX^xrRh8@ymT_#iv?LL_6zrJ6_QwhsU zL%2T+zRyAxX};csyxFAge6MK&hzgzE=)M)dUB8I=C90;{tkIIWA*{Kj1z04Hf{>Bt z*Q0Gzbl=XvyX|UhMI2^RoODmT@$9G+N3xag>aMFNGpqYs zOn%jQ7cK+w2CfIyDEz%;N;C_p5r zWEGeoJ89{j+x8_svXdkNX50uFCmC(j6Ug9Sf5B3zBgGj<@iwJfFvhmHG;oi6zQ|DJ zs?kjsw6-vnMD+Iofal~<6Z2bjC@x(QM|8Lq)hT-4U(dF>Zt420NQ<8r8)P8R(-_;r z4=`neE^4>~y5?=*lil zJ=QSJ5f`h$N?CGuwSlj3zjZ9cM@vAp(V^bq_XDt41=-XZI>~f)z|!-EU7XHqDR1Ly zJdiS6wm!v(z46(1uH(J!x0WX_nf;2=sxOw(H?8Z9#DAa|&~m^M zaOHDgVleiFa`DnO<~4awJ=^7;)HNO!>ryYF6Ei)J3bxyWdW7lC@mP+5u$}argLTgF zA-HREU>|+hYKt3r{p(d}h2r)$=^EIebkQx^n7ggRFEfa?Siw|%SSB`L&nxDL=4v_a zqgn$ET-6~mQi0K}+-CV2;~#QKX>dW<-`PiJn_nuW217Wt@GZ0#jUps8?BRVyF$nKf z#9oo!d#RKV(fZ8At3313YeQi)6@vBA*PR?~4 zcvgh3HY39U-1^?$-XXnqfUBs=6{cF>NHTOAm{5y)&to?ixGxnaw>Ii{s)%3E6k$itQM&N z+K{r*%Wq6Xh)83an<(Uq`Se4zSQhy9^Yr` zK;NU+G!9AWTW*shTUNhs-K(%DeyrRH;X#^nM(Sy(()+{ku{N+-7h0MlH*!eb2l91EY~i+UP3OCs{iB!RQJNvBuux_hl_(BSOwtY2Ds-gvO@N}8E+4Xb1OMu>tjUz^faa}wx& z7;2*-1ii~1jC724d~E{+bng6K)rm5V(X*7*prZb*;~qcL)u_kqy7X!!_L=gM~urx(TDpZk@eoqi_g8eLLXNUuwZ*WfM-9*qFpbu z^LZgm%5rc1I6A8`Ne}*AZ#N*mP*W78VNJV7@HLhQt$X$lkhL4J`Y|x}rXgI`UfBF> z8owa`m9*g8-Jd|uh*2`IBHB0#0{_f<`E}V{OeEl>VtLVB+7NJE*Pp|h8Y~ZR5DE~q z=dVm7H3=B4d-v{q$Dy1`vOU3RzOQ1Wj*%oZ)H8LhU#>=~qA@(~v^jdM)%eD!Ba)f8 zy~i~?)|TRx=Ne(Oo0uqJZmyu_@IX(VjyQD& zrEn|0e_`RAu|Jt6m5~Ra1VVnx^|F9F z6LSnTwYSlxErN~4OVBNHSEDxX`iJ>@{MZAGR<5zj2f~YDR;AZGsW=P1H)4w%APE=v zv%Vh{wetP4khQ?3I}o~p$c6N`^UV$d1>0o00Ko{kHKH+BB@CHN$>G@$P||||c6Udp z{gPUP;xH4=GpG03=Z3$6QvTX?NxUnQA)r$tg>+|hsiNgrmInI2Xmxs^gB>ubmd$&; zaY+<5pR14i@-^NkgIl%v8Hz?1QV?41-ECKCFf1je#cXf30yF$iNG_)_4!CqQ{f=Ia z{ts9uKm#Xch1blz^MRR)2C!5w=mfG%{m8>n$7)mMh&g=&#*Oex*3{;={^yWabjYgI;^}zAdgq%F$heVEZ4P zL^!PdA#>bqDFI%>#S^qke|=6Ur9SdPNJ;l>n*Y^KWL8V)iLQX8@@jAIY=;9XRS+QU z6I1Vm9SlIz=bt-3)xcs^3upiWQ|WIs#foO)^q z6lpVlXuHRwmh#C?5d&0OV%;|w_ZFTQq#>bX#vlqy^&dSyDNRsESpmG;w#iQ>$}wB9 zyE38vKZO@YzbSM4K9sU}m@qQ%*iE9$TXQ>(@B)Kov_5>9bOu|+9yH*PJW)RU7=~5K zKDGbl3jvLA%6q^;GD&v~aDI(cmU8t}j}h%V&xnP9_{F#~&f0C-wVoOeZIDIKm)5Vp zBcqt0eek6n)q48*$*md(!nYOPugC{|2rj^N$Y=}145iUg=KYraHS6?(r%<5(sIaGt z6+BX!u;95kIw>qST}v1UOGjEIu;KzXVD+KAcz5dE=|M7m9~8TF<8(fCmFl`P)GCh5 zb?~dVxYaH{?^%eX=8%S%n6Yg|C^v$d$L|LCJEYTVo~9!Fr8gq)?m=wvzI?|=gb`$f9T+wK#CO!dLRt~6&6MngteF1N?3T0*ZF~< z@3mE49dSZk@Y;X#@+V-eyVxk9+8}}TTIiLlJP+hr?=T*IqB&(;Q15074mA!x&*ku< zzWRovjYVcgQGT`uIr6@0@+H}HR3`duBOZ&i44)rL0FqS1TctWVO~fHHeN{wixn7}Xi}We* zZ9UP-J}gxW-ehD&NR}U6X-!?lKFhAHve21+WbHos-kZ@^*6#oIJ5ovQOMNP{76$mM zP0dJ4sJ%_+Mkg976zLn@*qinSWSY87Y1iKMML?FyvG!WTBMCwV! zr4i(g`&>nIt%f{Boi&k@J(9J^rjd{+mBd^*P%xuMU9KmVa7c{*6xV%m1M;5RS;uQg(mMRvDB19)vmdI4;-&H`eA$nx z;+NTUwPLGYQxaMpVMVh0B7hu$qOvZC-y! zpTsou{QTGc@l+-=<*d5%3e$~!UHV&78=SN>;DrEE^fZcGI=oUCKtKo)BML*w7DeE@ zmrRLv;Oxghlo{AH_2JBzo`3zzrym)9Y{=YMJ(H~vnb))}*-fwzN}PDk-f4D`Kj#&99k`JB(9Y@ zffl3ykJDys>Z7F)e)!DR7Cu#e|Kkwf7aOam0>Wn;V@Pq!xu(_I4x3Pr zmSRWy3LG%)(UFy^v-v=?KY0l#T$A_n8aQ8*e)i*Ie6j~o5M}DxfOH<(P2Fkd=n2U6 zOR|UmjSg1x?fU>8w%-lPChZS>!p=Hc<5D3kwTIa0QqFjpPS0VgthQgXM+$B``d6$5 z5YYXf9NMW49%C!@#}xT&^55!~^q^A_`;RGXpZZ>GW)K?EFlHNrBHfExJ3(U)exJlB zm$@R#gi^ehDGslv3#uui^t{_9>2Sp69U$2sIwk97m!BWqh>Sr(mnU92zHReHSYh66 z8M0%gpv-}UfM89VGw+w6IHRV=o}?8J9CeeD*1FAq#i zCSVsa%erctPC!w>C8l7pI16sjXKZd^F1b6R2nAv^Z6>hXl;0oD}6JDGug+ zFHWbKFyuV4cU`x9{8-nm4tcb`qfQ&TCB`%>NIq_N7pHHSy(oD5SmV5PmZ@}6d^O$k zb^z|d{{h~=vz+xQOQLXgxWP%7e!0DFi=OboDx&kRn`2LCyjn#)Qd_de<2I*$9MzhL zo!=%U#OG;RdlBWsV z2U}*sT|}Y*8b6WMJz-n-0_WUXXSz%c10N+)qwvf=mU{@RPmr!9aXB#y?`$gw!4Wzj zc-Njo54ujgj&l`I+S99)e4A8dqq$5Q3sOFD5*b%7=x%$tZzeKQ@P9<>X){(mhUG^* zPm9V)a`WL}wfM^YBmg<|EfBGYsD_a~copW_#_OZ@AO^B+zO5v>qadLQcU_LrVfB5R z<|PgP1bzfx2A1MDGA{B3&fza5o*u|%p+V9U*fyvuzC)(p-VGRBAxm3LSj85n^hi2| z`H2NX-dd*y%`*~DuAg3(zLLh3RqJh5pFRSMVp6)HH$usGMnNOzsIKDjr9`NJl7D;ojs2eh$1J1LiL+Sap9*L;+v5JX*HhsIc@hO^7g+LOng{sKh{+F zY7)iflzvwgwcs%#{{jl;?Mo^Z*;`UJC+VGGK(WSP=pl$0!a*sg#ZmN-5le%s`i({c z;yt|}zNBjI?x4Rl*JKr~+;XC*J>g!JF2cP0bZRME0X(R6qT~-Ty%PBmqR9 zDrvGF%;k~S1l{^dB%6f#bx%N#}%w?--&b*8NeH(R5crw$7NPkie8Dbdo5#_(dmJ z>+fnOR8S|W$Chp5ynJgA@37JcWlczB>3W{DI3X5{DUfIF@f+dyS4TaMQDT=v{dLQT zmZ|MMm2a&Dxy-EvS~{$$mti%Hl1{OyiLsvImGw*56~^bt)Ja-{@E=I`e3mf`VNnI; zZ}N4ZoB%Ir?wks?tgIbZ_sPh!!BuEHI88WXVFJnPsGrzgfblE;C9BeH_8*>bp){A8 z2R%K%GcUgBqatX_%)uMJE^opF+qlYx-{a(l;e3te`WvR5=`kjOB;@?flL0zY(!IeBqho(ecIpvEp_~HDZ?pkJAO+AT)VCzIrcJk z7fa_tK-Vcl``srpGtNnb{>#|&{HB(@DjOP7-yQi);SVw_L(ax2lQ;N=Zy0c{2-ga) zu5zub4^ZrsKn+IhH!GvPqexTsQwL+&Y&-?qdShGk6HTTx+m$o$Eq64bK#SskE(Ac` z{3ku8D)#!J7e|F=rKyRMhd)V!xv_<`r8+<<(#&y)f?p}HE!&audN0E$Da^P zIPP({O`(TcVH6-N_n@A8xaMnf*FHQzwY1+?`CBo$sKbjWfBJHN@Yf^_)6lt*XF|d( zG&mql*1T}Oh460qV@xL8$ltzb*7Q#HmWP=yJ+DD7DL4*8!&WH;-_$5#WqQF0E^Wtf zL>=D9%uWwU;cZS2O-2}VW5sF)MAR5!DMw-1r7NwPerdkw`p9-mpoWIUdYFFD5I1fB*vBD`Fm1!iZE- zQvyN&96t^2TR1M_tz)lM#5+6ksGJPBob-uGkQWzW&QsGblByEmJ!or?d#&5rq;?>LM2U3F=vX%&mbJ^xe7C8rWIJoOtBPPs^UFrdr-PlZ(&pL^EJD)4w-x zvg^>29j;k(o}P@6e#x-JDMZ!u#7}jkwR|p`K??UGO`9gmWVrP$taXA(HvvM_kDu1% zQI*lRz9z}J3Z4Tmnv_?F(}Jy76x=%&T2)+Ot{oaw7yVI@4zeYE1fy424%|{-7R-%w)e&O+ zD%(w37lL{33k@|JyITtkj4Ny-BKe+owN!w==%4F;27zF9&-+2>rg^=nl07)hZN~`W zx03F+1@o_d2H8t{e~nZAwp=+4skxo*C{F?H>|S&P3HddhICHtS9FRNpKLoLI{3!BpPPMQ2J8$!YoAu^!DWZ%AMk~R{wr1vl%MP+T2i?P z`t#yc+JDpYVpFttv^XTehrJd=866GOjSe)`k_mFz*I|rkpp8Fiv0!6{nNt)k#C%>L z-4`^QBL$+9qHFw$5+Et07v-7T4I0v0iZ(jo*>_LNvs^n+xjjXp0_}<`FY4 zeKu&{EoIEexzJYkyxfassZ?Zj`NFl}2EL>Um7Zg-8@%nA`RFXga!rUnI#EnLIdZZ) zoJGOax=$D2_xw4M602xMF!4b+t3QcmiU3X97N(RhnYJ(haO4c?`RN4CBLFM~HDnS_ zIbtOYD?}Ic^EX-jt}Gd-JZN&^D}u`JNKbPHHv_70)B-?k){jrU23LO^_LS z351nS?0C3kjNs~Gai^`PKlOxN?(Utr1t-_)wFMnbqJ0YMQ?K+q8FD1o;WtqAGP%R8 z(SeS>9x&>?RU@7>o5j;8{jupo%OZWOOT}&%by>FO>a%j(;)!1$y8=(QtP)*6qGasF zKayMJ5|PpxWJK6gW-?K{uaNU)((p^aLPQ@2%10c5K8lD2-uSXd2r@Z5P9`hPFiwPs zST5=h_>EDp;o3yrDEKc&$eKt*KL#v$I$xatQ>@1`f_Y;aV6DgLg@bLV+uugFDe2Nf zAcvrB3&b7^aaj5>{Qbi~c%3yknPR#KxJU31iP*eC0jn7s--#0{@7r*74Z-2aYEN{` zHF7@6&cgV;x8thgDcAv!xInn9u5O$?+0D2(kJgI;d?kX_uz+Ps-ZRmzGxC^-zsLO) zi)8$DYR=djp={l_l_XjRg>SlhEj>=5m+kqiQy0>KNJn&Gf|f6!deK3qU>3az0xYVl zYgs+b1*0%O`ySN0IKXeL1>HI>h0NEZCbXe$U|(`C1)V!Td+m6IfM%#o>VUXE?kdU^ z?u5a-__`qzEK5z#aY_N?B}msomJyqU`2V#4 zZ;zHBjHMAw7GH#>e>se~G`mW7P?cV&LwRB{(mgyuf&NLBdb)$A)cnF- z@N)cBNBJRwvbLsu&Gy zg|v?e7jfLOd|;U+nW>kM*4^>cubr8Fpk`k?%dZnODA@Gvv(Yx{l!#mP&!EhZ^#RT2 z>HPG?as`zkQv;&QnDK*aHxHM)jyd@+ef=}k?`!0sjbr`J@9ch&gz%q^l|!v=(XH^& zl~lga3~MXGeywfDHw`$y;I=VbR!!j1K>8N>mju-i0duY+CLzIQSCa|kMK7m>`&SxK z0haVVmcvRIdkDve;$mSAa%@neTIEy2cT0;jz;eFSU(T`Hn{H;{NCF73GGDjkd5DqX ztDYk#nUs+J9}Q<6*5n(u|7{EyJsLz{lynG6$LMZE326ZV>6REJog#vOprlH7$wq@x zN_R_l!x+DP-}n6;$8+qD{dqsnecspgInV0`SP0%(1g4V)c94DAx^ycK8xyo9P!M4V zvDB$HK`y-A<0<@jJAC@^;cKS*=J(f?J)I+nX^fbzoQKriS*M2JB#l7+(Xgh!cb_Om zYFCZ~B;fn_T77Y=ftK?sfs_*gMd!ZntBp=x&iw7R@)p^TydiCue#`1yTeBusKpl%< z7Rq^ZmGPEz0iZI4O#B%UQ z=HAw+Bs*e9ZV;AsP^jTsiT2Ax+hFPcu()f^#%W=Q%YgfB? zGo@m-T5mM9xLfozY@@8pqOSvOf!e}!Y{_;JtDl|6VPWY>|CXH2w;?c+C_x)r7D4^u zdi8Bq#KBz3W-nnD(wdPgs4NvP!pmfb(on;sL_1?nCTq+9;jtL+`ljG&307GHh&PQs zo-)Ik^tAG7T_2OOk&*6(-gC^R53iD;W{VkV7mqxb?VtJ^FO7WQXj{QntQkFJoQoSE zA%Stf{nuqFX~O}y^IjwIS|sP@=b+dB-g{fNr;lLc)lj1inv)}ajy7q>!iF8xt>CE7 zgn<78nUK@oe>>%OOgELRkcw)H3Vb3@$?x#H7#58REMRVIyvPv180{-7H*AQGrO zMVz^B1-YSKFj{ZYBu87H{!Ao-CJowPAsfAgU_@dswbM3SNQVe;%FwR1i-X{yDE%)l z{u~FM42X`TM9c-5)#g#_;2fk^DWcx%KRjie{Y4@Yo44)FT}9u-t8-U`dknc0V|~^s zH%WhAyne;0d8TOBxukZcxc=X--{_tB7`I-xu3Q&#sw3!PY||h3dzP6#s=_tS;%xWF zIZi@LOq`&c4VHkTW=-EUOqPFqqv9%1^h`%3(EMTjxnNoOtSF!4R-cnY^_+Ta?Ps?9 zFF>d?+xNUzjAB`d)c60^&w2fo1806Vq;cnIZ6@hj+K8m=nl+FCtgRJ4$~2=_2g*>K z=pmlehJEaWV08ZXxkr)IS03%32zkv4vq^Pma|mVLC5GB^qYQvt&o-da@@|~f zpV%V=Spgs8cO|_yW@bGve!KO>-8^WSG!infq=h3GB5pLsR1LR$L^?8te%|!`XPO!> zK9Q`P8`86WDp<9H99A`BhFSc;<)VatQDYXK1puJS@{~n#`B9||?}B+&e;E;ED}g)V zeP(dxp+0#sh_9nVq z7p1>qBE#AFLBBBR0HBKv358T69W9MTiFW3Ry(I<}Z&-wWFMX3LdM1Z0X0k81?kZZc znG|DE`Jcu&z7-8Ffi^z(gX)#tG!6w{8D(8?p@!ME`%OToYHC3eIq)!Wm(&kq}4 zy!iMWbw=4M^7GItJkLhy33P;j=4xfwjojt96T>8y`&WHjRZ+S(7fLCAxhN_OA^xAL zQz;Wv{Qy)=LphEGxUAtSslX6L*ryHL^B$aY6-4c4j~SD}za@C%^{SW~wmzbcK;#vE z(-AnS+RR;6DqiqhAE@%1U{N$-k%^X4`T$-UEQHzBtW!aCB45nmPx9eTR@f~hmN;z_ zg|uASTvuwomia1jiyZ@U+dSqQEp~QT`^19<@y{FHLeGxXrouz+UDq{y z!dlF#p)w!mags;vKb=W*-Duo}%=+bf8zI*{L(+V;AIe0w7g$;!IJ;1l{r*Oow^h7%EvOMR|;*uYShrQt;J0a&8BzoLw(mWx9ZBeGD>-F#+ zIEki8I?lERq04eMXp=4;wsxQQ^OV%<>)!0uq548QAEVMsa_YB&FhU+y7;8)%b;r$Y z>y~p*+;opcHSL*V;g5bE);3X;04$#`*l*_3=fTT9J73P30XzFNKBD#ZiZ5FK0_=s= z?f?JRh`)}R-e%&@mJZ5Q)%6D@0;%eX+qgjG5+bJc5}gK8qycFIhBA} z-_^2g%MYP!v7Xn|WhSw<=z282Iu#9#i0}OGwlo)HW729CBDt24w7vQA**ost3F8nX z*<%cA$Vc|sO=^!3enCfC8Xx+t>(9h3N^;t2DmsQU8xdkc4PTOW-;jnh9|q`XS$}^+ zvwd*+sX9Fp@9w&MoJNS3u++LC3I68n&}acjnBD>mseOv$y@Ne+NojA|%x?zGlZ;wH z7H?zHYJ`ms=5rUxq(_(mg0dRN;Ugv-F6aaA<5a0U%i!}fvYX~6#pgOf7i=L<40vIN zKA`jmK&P{T4ZhHnF`%b;8$CowZQ7)|U(in;C_dlYnAY7Pr?x)Xvw!K&kVhmXH%Q`{ zJt=$3Au;SdiQhko*UuV1nY`Z%%zu}1D7MDoPbUs;*1;+uz-G*$R*mEh!i3@>zg2z5 zW8kv475ONecHas}7L>&1VYX}D2o)o52I_dyN$>FmePLs}VB z<=WTO>zfBUJfg6)Yv~x$T!Oh=J_s(|*16}yEh2!d;MaUaz%$ul(kOA8W6;Uv{?z=t z!(sUvDHAF}A$C*zGY0i_UyE-`AQ>@p&>eOp!3=~|MLT`cxy~It5Ei4(Q zLn3cQ1@59l3z+ltzreDrY)xP>OpXb*a38&>2d9rHad$eapC%4MK=zEF#BY}#2MD8G zJgZ6id_zIl@|sae{I~OZh)+4r`)gQBY6$9 zp9lPzA}+$UQ%3OBI0m?U1R+2ymO&v(%7h$S;5|Zbm5_!*CBwNL8=JAaxYs;8paHc04oPBBgt%Ej)>W+nTa>(jd4(ohp3+AHUw zZe-CLOk&|utfSuftgr%_GBw0UHdK`}ZEVN^$XpN+f_EhylhgKZN|4_<)K%bg2SiMa zzkNF5nbUe8FJ!NkZpU?f`}XqRE^ZzL(EPM`?CnyBw()pV0J5A&i2dPuKkCt51?yV( zBSSm6&vf5Qeo+nRs;u|T_mrSYR2rT^y)$q5v!g`P7vJVlKUUOyqIU78L=h&$PwH4i zu@wU<*MaKA0s%cb&Pm|kuR%PIm+x8~8A!dfKIU$0HQY$ZS!bj4lr`%Sbuv{%-CprGQHIX!(>n)!xZ2h}D3GeE-A`?B)tqIO3N});l z#u_#=3ox(m5E;ZEmRV(+t>s(;~~!r?!0Oqdm*w()|>4C zZu6FDUJ=5HpA*_+h8jD8{e5~PaflnGuFpy-13WskikV&4LOXkF)G~p-Qe#Z_>CxkJ z_e)B9B`<=t*lPJrE?haij8b+vY5$&dOENrPBB20&dh z^}i865FZVu-K2f->;b{4QeYP!7c%{Oqf@k(NXi*#NBOjIgtjUGnT=n6> zkmtpR*7vwIdFo&D5)chk-$tBcbL{{-hgDf#uZ;QBE+n`?@?R^T^K>Gp_2In1s02+o zKcp!_t>U3=pH(koitA&<*4qOEM0%+OqLGID%(Jemr|qgUjA+xN7+Tiq%PPk^HRo0$ zq6ZPRyrlA)IMsTa*XEwdCfTs^dA^i)d4G@ME%X9#{I#Zq1~+%OL*3z2S>s|3H)MA{fsiTFCQoMp!Hva#(H_@&h0rJlxQ#p z90-zUpf%v>gwHAiN#xA5Y`$~aINVFN7zs66I!>PtU~i;2UTY*K4?nprt}&uNbT?ok^=w*& zTpd{u-kWzm$&NS_t#sRgLk|fd{&cQ>Lgz6o+WMC_k`MoG9)?0xjS>7%h{Fi5jH9uVPXSGxlNA&3X;+-aH z0V=gv3R_N6nN5U%`1$daaCL#6oInm`0D+i+%dak(h-P?Pm2Rt!`8RPK8ZB1AhpXM9 zjP!)sQyYO$5{q{d=32abu7S)UWF?a3T0`YZF5tLX770(T%Ron>DtF0>8u~W3+S-$0 z&SssTp+14Au{HPT2x0-A6_<0-C}rtSX4tKeew%H=V#S=I0DL!-Tm6QVa%Gye8D{12 zHYs4uY$pU zwgTu2($Tg?9*dLvGm0~>B}JxJm#f|x4xBa`ELUQ4gz0L?f$$Jhn$X%p<}JLOIbihaZW!)w`^ zCEqT2Kpy^-R?Dh-m6$8L6TmXljEezT4!rCOch>% zr_J%Tiez_($MLyYtp6_XGmZwCr0iJf> z-vY!g?9hJ;+YN`q!^u(4`xk&^HsRn83Xhgmpm@W;c0gcJ)slZsggFr^fvw{~gTgqn ze*L;pWwkOT#8F~ZH~q@2`s&uG&oIZOO8AjFiySVSpl#RX=@mbPwVW;vCvJ}ResNvC z(lvfwXNIy!rfsdhiTSj&o29%YBvg6^|1?rAS4r+A7+ItitcmqV{5SzJnG$~X-Qo6m z^nZ@qEW3_-|xQnx72YZ_vK{<#s5k0|9-v^2vY(b zJQ_gJWXXy$fha_Rc?lwo8r=%HtZTC5Hzz2In&xTVR^o}mH299oF$Q3^EB5jnGdMC|t_@?XZYh)o87}4q` zN$G$+P6h-ilC)K*aMAeak8afR5B0a-`%=I8Mh&HW9ku#k#Tk)0(h;KuJ(cMG`FvyA zP@MzY4ZZLr=q@5|VzBAkZpIN#<h+^<#YuifdrcJAo9_-q8d5Uu-U@`pjqNm)H| zAl|-mqs&FozwLYHo0xxY>-a{EZ+|8M-$)*>dgWD{9-7mHUy=8Fn<7la5G>?y4BP*R z^b@Pr8V37R3$;<4tOP$T>jz}+UlDHF3EN3+!6j4|3}ggN3FEVjPP+4*8TXSE=S!xz zm;@y>i%8U6-Pb#-ge%_WyHU?V%f#o0tD{eOGf76RIfve`=#qlnj1q0%d2 zL{VBMiQZ-$)Aj`Io#w9$;Eh|bLmu6tPk8vYmVp?X)A?pP~^BR4#$ZyHZM0MZ+!KS zUwq{Ei>SJzWyG<0D409@#>;*y7FC zdLj1#9xb4zNM>*KlB9C+l(_ZtTU>dB{?FG)f9?qO*fw-S(50_L{Myp*0a97#u?(s9 zne?``IMC0@umP)alKlL<;fug?VBI_*f5G=x3=}XU05q{n<*6Y>?9)-~g=-Z{0iyax zc+OFTRz+$C4|TC=(RVC!C*`su|A2-ZTWrgM5w^yxw1?TMhVH`8Aj<*k-iYMCk5?KV zp6f<0EDdI6BwUpgR9Q-5{aTe<{`VO0m*rHknyYHwX?At*vbjzKBDwPHpNq)ajsoYTegUYmgZBb^mytHP&>Ep$J{9Twr5fh)awK84HNC3k!*YqPXBnbDraEY? zTzQ>_Whi$Lz*5@2elQ(gBu27gfXu7i_iZPM&bBQ6APID0K^b-lwZ5m1{w%NejePmF zRntO8U3&zFDgzSq=9PS@-SP^j&vn-NRh@Ri6{3 z$#YX>a`D5-jQ@ge>S@H_4KJ-|ObR2*09B0gX>(V(@3cO@rJRe>a=z6@3HB@9%CJx# z(m`Hub*Qb!-54VU_roM8&S20!}Z@l2WJ~V z2V;P20>y+^mea}Q(b;O$o>E`mIlYt28JuqBWC6JGvzqc+nc9{kG@9-~I+p=WMc$Tp z>4KX(h&i1t3#sh3QC#7?SRxIf(O-}OIVhnRH@zPI2C&gQ z;Qj_t21!w-DNYSmn<0gD$fC;orjvW!Ww<6@8ShPX?qsH4skbpkIQqjl%q?d=N zE*X+dm;F({ehTlehnmIQWY^!i@&5>wjJcnzx;A6IlN@!PC{gL;LIT$da`RlkLlC5V zCJTBXCWMFP?oH})w6OmmDULB_5>FW>MEOk&RQnAqAAc*#1L^KEYJq!uBEudV{{^2J zfYZ+aycK|_?ZF?>$Vq+o*?rHM_9DwPk&VX~f$eUSsrE-^=)8wR#}nBBKTmatTQMdf zEw?VNM9~93?-dU~5>El2h=5bMeUG1IXGxu zzi+eS-tK!aCA|7?}i(Xf1%1>ZA1ju&Cg@ zG(cX*V>h;v$BqjOWnUr9LMxBybTy}03NYoVR}MU@ZWI5or36`4{KeF}ug~g8ly2nZ z8ab(*k&?gM3K{c3yyX8CVMm6=ka43Jo4u#}22#$YLMDSiwG`v652g zY~HI@esoAe_R?I_dfTEF#gZ1qg*V$m-z-IVIP0nslIU^Yp*O1uHC|nNeBf7vhz>-A z2jW;nQYiBh7O3qWq4o%`aE?BO^f>^2=;gRYLc*BB2n-ETtsWaluRTcHrO-x`sT#Tc zOI*D$_rAMDgJBO{62MypgJ0%3cjT$4ShyA7FQ0bp>)4Yp$LXq*#1w-E_ns=XD{1Il z&+fakzOhKwo5kw9(9yr+tHt234S6|+w@lrsy!Y!=egfw^mq&YEO{C0PTQLT<^%Uv1 z4b&`F&MiQSBCwL>n9S$@S^3N^(NjdKG9Nn~!o@+i2%g6z3mPWxCu{kBr^9}p5ts)k zA*!2OV@HjlCb$p8n4A#>1);k(s_{1^QX_KIt7OXpZh`y@)OUs)n3OEXP`2$U`Qpn6 z)tdjG1z@`~ExbD>|6Sx;AR_3&9C3X@4<_$J{+2 zHwLY|@7h6st9dyWFTa`JS(1a=GvjuPqOTiEBWsH>-EFQ#CpVO&RwYl7*rTx{T9w!u z9mnB4)As2y*LCr(`*&o929eO1FjRPn8^#O5lAXX5YCywdHFr*TH==_RZs1f8V+2Dc z$(g3d!CPgU&t*~O%OZ|7|B49W5t!~GL)Z9>dv9z%+7j%{g0WiM$H``*drDD(Q%AeQjn+F*JozbKQ{R zaL(Wp;0fod6M09Cd&*a<6mAa~<5zew7+5kOiJL`%^H*OG_Ob#{57oOMR3@@_ANe5Y zZkVm3tsuG2e8eadRmg!0sGI$M}B4~02B&)E`{*;aQvvVy5Y9!k@utIz(u~a?8 zY>EauyX}pjZXQ^)Y|?AolDfw2T^@E&<%gKYoTmGfPYCP_IciNj4U_nOy(A4i>r zo*XIETxP{Fpc0^?f^z~w@qDH-4d0@p85#d51Xa35y(FU$UU|-}`S^(1-73z@l4boO zNJXDGh(ucq^~4&_^LH1tj_G%(32)tPi3XbG@wJOAf^ zcpepUe-$7E#?Q_a=711bW}7}bzdW_s6d0c&g0!BdZSK1|E43G`xU&|q)4ZS}_{&Y| zA7*a-b4kWd1uC>ls#ZdmqVpVK3ISBH;&l@NP5b#3P9|A4sh=Zq9thQt;k%jsZu?1Q zU#S~vgVX;Sxaqy#zcUmhYUtELlE`HrSsC_wwr=BMmPZ8#Hz1&`wN&&XOFOYVmnKD< z0PAv;C+{itiGtJx@-G>`z48o19H!3Q;ifhZ0#Vpmy>ie6rS?L4y6p}qh$y|-UCY|4 z5Rt5%FhlSHvX|2tQh!7$q>+}ez-Jo2fvlgt6Vaaub*8-6nnsV2@4I0UI^T-!)0WEU zkIv$Lnwhski_L=N?$=kg_ax{>2bSNnzTIwuu$+uK1fO>*CC79z7(}!RZ;1>uQVz2V zhZipZ?Yj{fTI6aI)G1mJ{}n>g#i~y;oVlu(Ya=N{7uroZY`jy)+oSO_`&))brSZ5t zS0j+&)4(R1PQF0edc~V#q8!16-tV0a2?5@udAzTI4woCatWE7NI_OebaRCn}KHKu} zUb`17(Y_iseAq@ETO}xJ-0F1&qbT%(p|nY91qIJ{X?0y=>kuI`>Hi_U5B)=k_I@@o zxV^FX9sJYzs_l*6j(JaH4J+J!<^B3n)+B8odB#Za=pSi*w&TdzACwZJgM>KE0E4mm zjxreZFh7ddqMfK2RC&o^ha9s;M)!xm~pa zWX(k+eu%kbDiVaLm=8S%n3=~kx|N7OTqlMlydAieEJxJ0<9)t$z`Z<}Wjnqd#DBs>}mksY~K+`4Ggo zQi>e7*1Y_WVlnnh0vdp7?!X#=6%93NLP22G!A`CV;rFLPte#-n#PJA1kOcl`^F7{Q zWE>ET%lGtgv7o1ug6Xc=oXb27>1oxZvy|yLvgiaYB99hfJl6eiMO%u=<(g%V86g*g z?u#*Oiz(h{Q-&1ahdu4A>=gvY$yRQjLmyhd1`%BE(8OZQV4CaP{t%^1_syr$W35S- zvj+n-erDkZ=BMOKN2DpNRZn}!Rp|!sr`LMIl!R6usP*tKD_6W`tcWU;vT_#3 znU^nAKIOVPp*$eHk)S`4S_rCF)%`4a8ED+=miO%pLF#%f_G6RK-=F?w*`CT%^3eZrifruj5>5yNWoS zcJ45`xqU!KLyCp$#vs>{_qrjcUSufX8@iqHm0Z``nh{N;sE>%G8z*VGY2Q?GsM?CU z1Kn;z`hO-wPg2xA=8KJ4G<&EDl2vtkXj#{)DrNuH{=$#0#;U5d_xC2mU$CP|9%W=u zJ70mHBpNVS!dgN$ZHVpj=Sx;3*JIx z5dl(?@b-C3xP*l)WZ;`YFI3(hkEDMbYkbs+@oAe2(B&bN zT=S#j_@rJ{FA3mM8z;!;7^MgguryLL-sa{+qyp ztZUY1xtWaSh!TD;6Oagz7*oh8mwh)DC;r=VBvFL*VY@St4^hAO|8-E?%Ekc4jgS(?Jhi9kxLdS!GNg2 zI7k+hAl)e3n-Iqs3{)n@9(s^E`^Rt(+%}QVI8%HM8cSmmO;a!@_@hJ0!{v3uzN3KT z;A7sdM@X&4p$+euO?S+WSYhh!ZVRX`5+SAH5unaVvv>v3q+tB2&$9f5{NeNG1Ik!( zIO9@wIG=cLary)al75Tx7IQ0h&k!gol`Csn!3Gfe?}N|f%e^8YE8XPPpP<|t#ofMN zL_Ixb!tnE~%rpP6o9Z~(+AV4F2SRj+-0OvV6QEZ0YRi+JINk98D=kQh7pP`xh0j;Z z&KXb_l4IlfmY_*58LcVo7O4Hy?*sT_oFj`Y(3#yIaEsH%2l0c#S`t!O2 z$AT&c4&S27Y4*iZrt%JQLf8tIw3tF4L6B+LRGzT(?z~OWlN6Q{W;{{AgmE%Y9L&?Q zQo}B`t{n3ZkVY~$``O&IDTNU8m6$f0(DR6)AtxIyJ{}ku%yu}E5RaWV&;KZC{p=xR zW`p@88vj<1To=#7WOSA_(O7qTF*4AHs+Kk`y`g-U#If>{!8Y_xvmoC z5}t?t7%>`u^MeTe%vH(7<5zrOYYR^#({*K~a%lmkSw~5+{A{b0AuoR=%lT z%Uu$0PVTA(3OrYBa}WlF)3nX;Iax z?bQ3WCJv@A09Gn^3`Dd9XXOcWpA3)uSDM|}bTBUYjpMdXGe{fUH+Q=pPO0bakknsky?&X( zfA1_5NFx_*cBaE)l;USD>1)^&d?UM(pcJAk)?SYSnI#^?Pv#JWP{!t?jZ>;vtVK?x zj6!yQeJy)lp|69_8Y@81Z-b~|pL2lC)blaV`mO774;~OXJRKQ6ks=S_T#cX&kfpMz zjJS2bS`e&Sa=mr`I?~nO*Vj9{8f+0+Q#wTpJlHZfT*^lRMl$DKr0-qH(||fdTwd;w z$9luv_&d$w^BG4gUf&^VO;}y{vM*$b1f&wZTxQs6=ysZ@PaM;?Sci(DecCVa#a?c|b< z`Y737X_?5p)eD!3hP@&z`wipY|nl1HU+FS67ij-~&oO0u^P zlGIe@EeXpYKzzpddvx^~R#}m6W^4R^>b93q)mdu@^=J86b{*sb_*s^x+%~vEEoAdt zERv_&+PCZ9NxqxQ9c;o7hQ}T(*+(Ku8Bk|lF2HIJSQRe z`|;3n5~P2h@#}oV`!h0Q0twWkyjQZN{t^0tGE77!>h1wSXz8`{fD6Wc?vlR#s&D%C zy-UvEV&(dY6l2!wkrL$>p87LLuP3^1I;#PiJI$IJy^5lvgMr!PktxdWUaI{{XxQro zWti`lyM8tGaX&1UgNL04DZBi;P0nN zID9P>g{5H65GbRg$$?89Kd)94< zQyhx~{w2d+$>f}ZnN+x%xXOJhf6)fMpDT2VJgs+OI1lQP|*gk`~k|( zjYn5bo9~N5{4@ROkBrB@zaKGuK9!Bvk<@hkaXFy5$4Kg-l&qLdxbXCVQ-So)+Yg?> zAufCcJKqC@Dr4{^y{+XZ@JP$QFSic})?OuOa^;~Zg2P5jolO9L9ss)ufmUT+aA6h{ z!_Pi$1pw5myamgXgRVU7C!Yz6FP9`QbXZ2HEaOhUh&>v|@>e_iN|uwC@NZ;CqdsRD z?4G*JY$fg)l^Iiq`aI0F8PI%bGCFcl*(4qp*t!mGg^dTzv|v+NsUBE0n@mi4)HwCi ziU6WnLvH-CHBi<)EB{+b1^e6~r39|`uD#~TY0ncYOGVYPL^E)&=MjaK$Px4MZ>oQY zrqir#o_k}$yZVe$q~r+mU&|R}J@npg0*!NQY|FS>S+VLSK8qwt#bDigf0r2d!~;AZ z)T7$k;&L|_f%79AkBg|@?F@^gv%+e?6FAJVI24MKeyrWt3pU6&Otv}dm-!j2l z{Mx?zLm5k;+jqAVGlH9)nU|1Bo+QM8?r1^9r|7s@k1i6j6ZvuKs=6R*H=jA}ie-Jn z9=(!mlQ&Ym7}5y^z-Z=TbE1(t^bjtw+!p$IhpGVS~feA4HD7G8I zh7}uZ|66;K+MoNH>|0!C%)z{=hpL2<;NIWW+C=eaQY*={5$_c^|>>7@x#2<-R?_G#=Kj=W?82{QfYv2Dl}; zTyn^{eX~*=#*-d?c|5a^H&8T?bD`Dsxx+ZbiSF)TeGB?RWEEkbsscU!fDz#!v{QgO z52U$Lc5fU}KPR|VPNA5xN8i=CkK0WW}->Czn%;AOefn9iA5jDic z;Dq?$H(VV5LDTA7R$f4zD|_APt`*l&-0-d?(BT{AJ_j5ewv8G_J%c~bJ^r+h%W)lk z1Bx}oPgoXNzM<+B>)h_9d7_s!2N71sG}@0Z@f=6LILRYeC5s&hZJE2iemIMJ3lkB& z_g1yWsohwR;(<`Lw(yVzjemX8Ps!YbQUB>_jolgsWXIo7Hyb#k8Q5Qs>$A6d5^Mgi=xr+QH5CHtJFjKj#n-Tc^MJ_Vy1|*hhAH3cu z^5k~t0hEmD4~)@9{_9~0&KqHuXLK>NxWX(D@xAZ;Z|Md~W>2PhM`~BNKgwl9x*E?H@W1Q0t0GW|tT#a{^KVg%JFz-i_vYe4YbUgiO@ z*YB86Gbl3xi#$R;T+%wBOX4r77O;*FsC}A$h6TKyf4c0&vcawE!h6T|D zeJm@!8=|`MY6PviJw?j>@cz~RuO zW5QBA3(_?Y<*RB`UxKWF{XwecPdm<4cUBXYJJUaRb}x)Z2+|h0zX`pi>iyHK?ZD&2 zE540-@4xGOeIn_6%!kJ)9dl?LG!=wkHc1#A(Ei3>6zs^|8o+xkvuAB9t^|7qL|GTI zw&QlI9wfqE+Ni7@%EZ2aYUsm8Zy*sHSJC~Vr{p4l{#BJ5>BcpTQM&y_Q4Qa*Nsrq&DA;Xb=`oxSWyNuCfRU? zL||D%yEW=>^WwU;X)NYk3kUN8hlevQ229h{&mjrup?%W*w> zTQ{&arXXn zg`4vR;LPHEZt}&_byGLPii^5zZU&3|=cV4qAq;&%4^|H5o$L?v2Q*bTtNv!_POrc< zjMoPRzd7+`wtbIMjA?-cQ@BFIA9a-nn9trDc)o0wetOD1G=&>37;+shk53jy4zOrD zQ|{GfDv@~S#AY8eu3K-4Xn*JFqC%X|q^7i` zbgHo71@3zX`imOftx>lZVi%<97{_5)#dAQWvq)0-hs_J^G&mU1whDzC&;NW&pH8vXHc)UAmPrN|!`#wj5?v z3!y}`SX#U8EnHAq7|^jk^{DE!^4_-Q_t5-Xixtusek#XOTZ9I<)Q@c^7*fvw`1BXF z8V}}i1pq{pK|@WzhN5(YKRK*LHk;yqi*%S*8bhjj^=E5JJ0dh_`SH5OCH+qbq%>t+ z<06*7a&{}hT+PiWJb)I9)Q|9bl@NH#T46b%CGhaI)Lc9Qv!W~|DXRwXPuwyQNiN`w zt}~U3Sp&KR%NqX%U{rW-%~&wSM7P|;meE(cjJ7<@cV7Ss1C3K`cQDF(IS|!g`DS3{ za*(>li_tM*_WpBm`s(q4s*R9;d(S&;@f)oZvCgC^#F1u03=+lu?K+kcvPFIWqvMGB zI{$CPe_I`U=KgCQ`CQOele2ay^%;myYSm#$bhUEG{3(%Kp~`(m;Xq=IX-`yYMJ+S$ z{w}NHP3zzGDj8}YY6y#X)0vgAtEsw=Vm^roU*n>V~qpBWlhsy@?aT459* zffM~Xgtv5ur?6#E@#@9=p!R^hW9JPmff1JChItngZ#Cm26cT2V#-#0YnY#|7QV$U+V_BX)Pb^3`xJ3e&@lN zX!8b@oO%A}tvUrR_F7ubbAM$BKxyNV4te-55@$M2Fm=*H%&{ub9rtAviE}fXSl%Y} z37LB@N4ns3#>u(!48x1&1Lhpi-U_tu-Aas9-)NC0H<^Wp81mmbi*|5?sQ$_Q#+9Ef z<9m%Sa79KOtwLPXqz6vjWIDp-<$tD^LQBkC0|a0A*b;YM!}Ekp*hH3QM&(}S+p|`& zI5PeuDNCo%yGsz@A%HC<%0>oFa7HVn`qLmh0>NE~B%P>0X?^>4n)zxcdt-B$XhlixGR)2{ zNvFj1yYPWd)*?I$UtkD)ogA^SW`A_~CQGzA?1v~u#Y2&#LXwOW89BstO%@GZfp*fr z^mH6n#Sj`${rOQ|`P|+->Q-g3Z})jylHiu@^}CHHSL0MBs%PRLfO^`M%eKROaPLA}NY8Frpgr~42&3*)nj_;g?rV>LIRh%fKLcZM z^(vr)cn&%zYCmSOj!x=ya#^&BYbj4Dei6+Q&1WF7N>hHAPaYW#dF7!*Tk9322$7pk z?@5TEA!SWhKE2w5sCo~4xo&oz7gDWf_YXBam13-ULGStG<@+=rIs#niudn8zIHZxD zi4)&{1nLP^5JhnZA9{o^h0>o+32YXiZ9X>zg5IaUkv^~4eVu%F>~u%Uuv3NGM(o>k zy%fVMG4XGC#9gg@<0=<|qbu)tPNSv4+MQ{HziDd+_lg^~{Z zw$%v%G9f9Crwq(bOHMO}df)vxSgTOl>{wIs&xsK@hbVJ~?kL|1=K+F+8?BD&Bz}HurW2$JWP&)Wzc6L z{~t|P9oF>!eYerw-JQ}(NlQx#f;31;cM2OJEgjMr2uKRjvC&-y9iv5RbdBw|&-ZzL zf9#+Ad*83;o_o%@=RV)N6`GY?b|kk5EIv-XN6TQ{Pb-hT!T6*2gG}&XQ80HHhrom{ zzhRse@)#)bGPqzAhHW^kN3vx~fTEVFnsdYdAlOR>Yaj87>Ic&KRV>$MECcl^ec#=3 z|4p?bo*~z6gU>g9#$2j?1cJ>qAX{@WQtj?->rw)k@b)1;^=eqjq@F0_ z92|(8=MvX&G1p*U9H|!EEihPRhE5B5oh;@;&*e6QcU5b16E+fs2e`JFyiV5lq1No_+*RTy;El$25Mk!0 z0aI!#H@okxF8`TI-E5J50j`SvfMVxSf3)V;(k{*`qC~`!v|xEWYTyR7y&*nX?yu^$ zRiIf)3zApDNnF7q+)o8-HEz-yj`*cKT7UDDhl5!))^y(EGij9LF~oTa;4p34XaZDl zQBDzJ$Dq!7V_zKQU(?98jG7b4qAaC|e9Y;UzioRQ!U}H69!sxnfR=zax1!su3(2_1 zGpjLm(1j9lj^FLxR3hMO;cUj@2$oP$LQpy)WfSofPNf}`!&3lNf$3uY3ML{4oxOYBV>`=^W{FxHd4roja0=trj;Yic9fel4 zm?WmVMmG{$qTYMt9an+{sk75O zEDwHq_!sDZu(-c!;p{WM z9J-?5aoykMy&X|dSPVYAeJcKt=)BElr*?_kmm%gIdCB|vF4dtm^?PTQLMdfa?u5gP zN(|#X_;j3Zdv9BEtAb&2REhht0WayhE(IZ{ijJz~2oY{j`hDZSF2|p5%J!H65!aBp zw-%{DAunLFnzAney?U1#3?ai3tlTB3yl5a-1l;$-QLYg=2;g{+fi4=WV^7~9@v!jA zU&6|akUSnW=znM#+k9zwf(?|Z%&edn+mN9fSEw?!Ka^>OQmBzP*mZ<%-Gg)NtGs zd!hlkc{joD-M2E^E1F5HFv#~@Nv6(IxfIBMd+~M;Cp*0~+-!`Kmy70yqP>Fsqmn4j~IJj0u#|YqkR7b7uBwQMu)wkRa zXQBTm?ZgiRfosLxI-&A9sLL{!>uKs!Gu9`?42`$(AbbiQ)aa*&MAibACo@|W05n~c zLg3e#xY)z*r+~{5^$W)I(N|5BFNes3jJq1;(<0a$2X+U45PA3UbS+F!Mn2BRmnT=z zu1NSe_Gb38KUp1P2u;NG{<25YL(p2`*n4y(ywtJ!gaO7Zbg=kfHS*;uP z>!sNY5>a{EPsC3*N-L{j7p@PdBUQf&z4i!lBN%54P*I!+%TnM;3<_r+x~OK|YA&?h z{P9_TH+==<9H(};A0TPgUXQ`AiV)8m*PfTV=b;o(bYFK6p6-z1&^9NGMeh-yZBJDr zwKLW!d9NvC6D$CA;x>R@6SMp|*&2C)z^}}|=fK?@~hUtcQd*~ zGvPgAT%aETIxvR671#sy$#g*W|KRLZB8xVF9?+$;`;#?}D;eM{c)+Ck8%ONPI{{L_ zS6u;ow#-AH8+t87cA@wRfA6JT5>l-I2huoUiOQNdn{}eR6_b4h=}->d{$OrcA!~5lh#FA$@E?uELEt9m?)c$+IAT z;O_9O6QzxebGBYyhv5C74uV+9JtzJv)HE1Xl+-~urFeHZG>;vfz+KJhpF3p_SHUWL zuN&lHkxqFx!XqnP=ll?6XROjTe>^0068 zGi^phognrrxjH`VBBk7VvV&>yI;+U5`$hTfoHW0)XQbJj0WuEk{xq79Nfm4EpV=V8 z@2RYPLrYttc4}f_Y%*ThG-e7@meSCHd})0+WBQ5Y-p}rRA@#p^{ZAEZs#5M(urF=cidTFuftw$x2~&cx z_*Efcs~9Ez*$dEfJS~YG+?j7gKGOej+8*cyBWy@Fglq&Lo7VpZCiJBp6hU3jv3FoO zI17^!2&Fi6PTxKm<%SPXUwJoUQNccED)_3X;rP=1{Xqb5VrWEGaQ!3Oe}6aZohLlM zUb6}WZnCABU~CX?e<|m!Kka%%fOV&er|-ynSF z9Ww@E4U<*&y#5TSG5d)UFXL14dC<*P&}cmP@D044EIJR zyC&gQ%Cmy0-WJuFRvz)*Z!%?kgvx%c%3b{F-`MSZ=rION_A3Q+2Y;BXv;bzy0*79k z%<%KN*b@w4K5cuC|9ZMjqb_l~w!&JU^@L@~%!`#VT`A8(+pXh~w*A?=_emf}O=YnH z#u*vkC@WzfU7V}3(%yHTAL@Eekj>ddvG2k4ZCUjgCl-GdkY)!HO?ZCw*g!muv+a-+ z)p0{QwdijvBIrdIp3_Y54+NBh6w$)#41}@2eAX(XkXGh&Tq3b^?EH_MU z4%mKRc|&PGCgFN3O?esrTNo31siW=v8&f)^U!kacUR2WLI`OI5rw7hY;O@s4aHa^z z6@Jk=PKY>Y^`ZsOkrK)%+i{}Z(L4p@L`Uaw*}fyrR!EZZsar}rnDg8ic{Kj!q!va4 zD5U6PGx*`5%2#OfSU09Vs&7U07=`c}Dv`_mwDPsU23mXjJ|Qq8Te02y>AfDg;Mw>UISz%+lz$;QB3f>Gv0U7C6PtW{GnB^Q z_m})ur24#SNtIoDfs@j!PexV6W5eelxu%u6<*T{fOZxvZGHi8C$$iYpu^o(Yh>MgI z#FdW-KPVA$cvR)_MWpAOcF-v=8B zsq?>N2G%h@(cR$Hjl?jz-FbgWwu|11oR{q@ZlC+S^kVgH_j9PvRTSl<{8&9cnZ)U+ z30Y5E2qcT9TNxX>xi96m&+5}-vCj4a9*4#L`2o0WNy5+w6*&Cp)L^V_USBNk5CL4M ziwuvldjzJyoJ0)r(EuNoMw}iVUn0c%f91Vdy)~bj!r9&oYfAZwrRA4AaA3T!eggC1 z7$%FiTYA2NFHLdvCyWCXU6a%AM4>I9@BRbnBKXg{e8jfn5T!wctg;=)J~aqf2^&yi znME0rZxD}>4eR4=HVYmTYjZm{vV+5gAUR(&kcBM74YcMlAJ_Qor9;O_x0gD=i|!B5 zY^{>7eGtMQS|&)j@MnA0m0i{(DBL8!HKAhCL+Ry!W;4yEwddG znO=5tyDV#?AYy}Gxi&)HnKd1}R0_#lM{hJ8if9KM|B&==zB&px&zfJ}{$}zF;M8?z z!>=6>Bv&vWbtXf>1IhUTdEN=UD6#!L;;5sXuWt=`_8(t=$iJ|L1F8FxLsrm-1>4y# zF@Xha&&5>1&9|R~cPRAnw7YJ`2pqbw_(?}S0)Qg99|O5|@8$GAt5%=c$8TD|Ud7e{ zW-N#v2J3}*6pX-Pw%eknozR>ylx5*f;rH7EkDoU_HRRwO`J_YzrKVqJ$3(w(L#U6oWeO9{-Q%wD0mmHR|s>IWG<`6$*(4&ifo zI*Qq6t9PJpQ$ z5B#JZx9naKdoRZ#g}CTRdG)M(LUvStjtx#$`HEx@er&W8N=|7)UR57g9Pv#@b{F?PM5R*;zJC*!{9N%zTCyPD*1j%zA<=mPI>LumX5gOquTHt6aM`9il}UT|=I(E;M*0 z0$73AY*bEcy&BQ7tn(egA$if82s07rZTf)Cmt~<4BZrB7VM=4-up^u!Vtm4yJooPU z7<<_nWI29TivNh>vekH7^v_eYXT}X5Bi2wNRBnk4V@$)_eIzS0kHZkZ7Az2LHBNz($weK3uj3J6$6QVp*W2%$5LOkUWeU&O6)#;XQpWMlCpS#|6B#&= z%xFs5N0tLzd!tVx)7JZcuvPe;643D#xnTyPE}&>Riw@AdC6b{jZ^HS8qCdmLZLD*> zYy9^~#S;|x&sWo$T8rhkecUON%{bgD&!W@&Q>njmQBs`v&{IJFPOml2jMvXoQDhR} zG04slCtz(D`c+_F0~0e~vJbUY%16 z%`w*gbl&@LV^PcqzxF9x9lgd;*8`GWD!31**SIg2Fu4hZZa-8knp(5{7m$N|+KDxF z<@qWLflXCQV#odnuz(?JyI-5xJ?6oTK2EerSVQ$qKRMW!dBu|FlAfCmc$4shD3x}a ziLnt9XP<9|-xQf-!X+HN0>cPj6ytaC_2#QSxdO5GQjDlm)kZ2s!}dY#3;Iv7p9=PR z!Dx8*nxj<4p;$~+oq&Qt{k&JLNWOP#dOvl3+j5|0s4vsjr?fJZ5|$o--IZVhc$KD! zEQQRA@pG~p@_*9?wVQ8VJ-p_1RnEGJd5&zpVn~@XVo|QN9IN_BGfO5*uFvujupMvO zJ+Bh^_uWwZ%GXxbYae8>y%?+=wu4dimkgh{cN^M1yja1 zb?;_RX>CY|ZcwU+y-G0k>}q_a-pBdJ^vlmF?G$h+3`>FZRSV;_3&Ou(?kmH3JDbaRS4 z-2hueYVASX`;_?)g5T($r#RxkMsJ4MV}J~81pSbD2l64$>((e7C;dPvpYONHq{~1u z$c z_GN|btpp1G;qrR?ChygwCw8C0BawJYsbn4zjHkVyQn;J3(Zl9L}kdZ8`C4 zZxfFAyh@jIU;ae89;cai1^Lbd4?tp1@}+u6_3(dYK1*Zfy?nzBi0;#~w#!wO5x^I$ z%C5||fE}FMc#JAn{e$>r1JCOn=JgJ4+|%b7ll!Nq;}+%VynY2TzR*s6)tcg7r;zt9 z?;&Zt{+`d)vXL8|El;lq)b}yQ{-70~;y(6q7|}z$Sku6kbW)a35DiMZ!o~Vla)c!BQVYT2NPjX#SanO0mD^pjv0^qXz)d0)I}gX<-y{vw(h zAkuaMVg>K{u6;Pi_17=zFQVE*Tq&*Z5-mq?NTV*?4agdWy?<}M0r8tuzKY?*))shX z#;;;K@=inhTSCSiKl=R>xCUvgW3WS+m0ua<7v*w%;D{(4WGoBltu*?foDJa(YS}r| z?X%bH-}3IO9)}}^;OSiK9?O>VRR(;rU4f72rqH6^Hg}eF-N&VGkNU~(aP0JVfNFZ! zQU+?WJ03j}UW6{GtkdJ|^H`^b2`}AXOX4tnY~}#!T2+S#7fXB1yy25_{Yf8J&fcxL zMgT&jRMNfxTSNB(w}BG)`q6!8DAosb{WEQt@-0ZXvHq^SRAeB%P4Cg`R3V(+Mi8KH#FQ0SL-Her#}J4C7V8wc~e zM;&ent}fNn2ZM+AbSuxNNr=gBI&skDEoarw;GzLv96(^I)o+?Y`o(4IoCc1+iKP|& zxs+rOc;$Kx3~Gf3QK@fI^aMTTyQ2v9CkG_=?dCbuHN2mne>wmpGGmpyxz(wcCN_D= zCa<%ccNPKR?ZHLky}lm*Jp=CSQUJ96pB?lu!^6xO~} z`D|ACJiImkO(?yBH(Y{!c}0|Ud0$?8! z9eeKOZJzGCbiKC83P=5sru_jxG2MIvjW${0r0!xgdu-k(x^MPxi!+#F&t6II5u zOe(wt16sX+`ut1WGoVh!vP|44uWO~C?4LY#m6O1SR7)PH(vbdS<^9+@8k2iM%!yAyf}J{CmR4 z3*HT^ug0pXNIp^jw9@h`QiI5ZFH6}U<@X1W{)ouO5Gx>%ni441h8tC$4oJo;<1W(y znTQ*U8500bG^XE~XRhuQ(&r-zqsGNSO9C(gxKX$TGq3%~;p$W`j|x3WJE@CL7xc(H zdQwXa-;WO_RnO&5i8=z7b2_4FH~`V4%!H$8sWJBxGo870Vx;cmo!OTusFn*@sU58> zdzZ&~-l~>EA;9uRkI-AM=XFfw&xVjAhY~a*RDbQn5fD`TUC6r_O?$9c=hAP=bhEVA zv#X#YtzrV8k`VYB*dp;&UYonv4_xoBl9H4#e(~qxEahN;g7{4Ek1nT$)-v*_1nPUA z+!`)gXN(xlAf)-Hq(KwSD$qCNqj2O$#2_12r=5`A&lP=2+0ELRME@;*CSxMLefJ|f zsh|pZTLy?%+)zZo@QrHO2jeK?5y zy$_;&`7Zq;otDh(O=>yBoq;WWQ%z}zByHTT3-&Ff93Bi#3Cy6^4R~yeb#b2D_T85n zyzjPUhQ56)RMHuLEmhpHO1hgD1cr>GVA=&kzmJs0cjjadS3$UHBr`1PCORbWA9W5| z5CTP8AvkI zIjB_@G^+AkbRIsPq=SPhA4BSWh=MN0RU2F*$o6qtr*O(0j<@_}cOWk+)8_q$MUUap z_o8+e*Bbu2mo9!=(_W5wZ#qK^W_G*VgP#&So*W2}-U_qOcFhHhJrc`wy2zFJH(}#7 zoLt0&6$}lMu1Z-oh#;R$Ia%!XrHH*7(US1Ypm(PX{4qbqZ=b@xR<&cBK5W<3#V$7g zLfE&=kqt|mI$MXBm|MV5Ko$13F4GYfA>Ckkud#m6bbn`J4u4Hl^X(yRUvfiUDXKjf zW^K@0KNU57LiF*i_fKX9L?2aGz^Hc!Jjq}7{3BZYwG26ss%7(gK*98v7jc}h0R}ps zd$e^gYv*x)iDZxyy3~5g-u5PGW6&G-EN%L8duPl#uiNdO8MI%p;&s6@m|-QbW^3g) zU`||x7_@qvcF5mi3Rlj@l3NA8)P@MQaHkBA*YmgzMq_A8d#WK%bcOT2tTSH z!>{OBE_JMoXvlik7EwA6XY!#-4&k2qC-l<)yh*yL%AIO&&DYCoxxB(^?Dy;o*)ulH z4g+?q<;~lp521Lvj9C-j`Mp`MgYBInB;SM!NxLIHjU@yyRt3^LzUFT0YNfrthuNew z-5cKQ4~r#LJ+PN^|0AxiN2k(2K_VBen>(HIg=E6^ zsm-%w758K%c^p&y>ONx&@-dEpd(JLb@dI(yq*L@B>+7GoY5r+-_p%ltTL5Xn`fmD`>7Z{KBqrAMmOj3z9hlpHE_2YL8>q^Nn zyw4vi9%p>GXMBB%@+{tNWxjA@z)v43YXuU-=SBfe?~p-JyfsH44(Q7{4?29i79wo1 zWgO7+f;d#hcmdJ^r-1*fDZ8>6?DSqX#ovv}b<=$L#-C;ArkS9o1;56jL7b8XK!u4M z|3;sQb~xA-#nm4>wiW3CS!usZqz9fuehJFD0Ai!$1D<+~ow~@|D&>?OMB`aKAwrO$ zYG04X?h%BxX`zm`x*Ad9@o**Axpg8h25>zbx*&&+^0`WLw0>B%F(c=yD!Y8}x?je~ zfp2GqTSAI|MYp+xz+o(8+et6#;osMlhA282-n9Q=GEt=1?4b|9ZioarN$PH;ujDhv9 z`8fs}X}E2yVLLmxXuBJX*Y$Vq*Ql@2-*$w6hiN|8is!O7r}gkN%Z=8(-l%w$7d@fH zhSWj-{=sX=Y$P4T?`1>8sDXfr(rNq4NsZ{?e`Iz_F7wWO6S3rI)MJ-#3_`{=V8Tg7}9k zn~f?_7nR|q0PrnNPI%rh366qoYQat5TJUeao9nFm@O)(cG+ymFo=ZDeHVSI#&WD)3 z!7OJ9NPy4dR)i4J6^AAt_B#@Yokr23vbU683R^Eb?mODim-n|J55w)AW(vME8HTZU z&mz_og{14ZKfWV7eZYdAD72G_XLxbf38fg{xf*sRd{t@06AIF97XCcUXyjb+%6xuz z0|%f{JQi~D*o2xRg;h{-a`uZ|#9G%Jlh8P*5ChryEayxI!P?tqM5uKz>DA*_&0Jx?hwsfF zg=O|YGRN|y^=6M#KzhWy6zSSreH0gWyGTbPRth_nM?ROLvMu$6YzAv3RHUOi=oc*q zU2GHpTmtguW~Q20X#n{GJNaEV5UB$yn%fRUJF0*00qlIhA`K{n2@)6%+BtAj0#wcv zi($57PpAICyvK_A2hczoSGi&``y#MN6{bM+Bu^{*+g2pyIJGcWc+it`!*HfAi{SPPC469h?eOYc=oNNq0Xq@(e?Qy1(86nTV+4Rj}GUs zV4L0?zomF**P*glygMB_oUdD6!(P1$d$VfVKUE$4`6u|k)8@{nRlG?aSshm;CD4=@q`?U!=ic*Iz@gFO*?3FLqr&4u zfjAqWAP%Ww&qZ8sISUdSZ)#ek)W zv$w(2J&`!Pj;6IGsyt3WSkY=-wh!3y$)t)xJGqRfcjPlmDBA!<9 znPAptbtm}G156Pc!l?c;kkYLnZcX1IqPTY%7-u<>qTk@~k8(FG7XOculMDHuM3GV0wU7zF z!xsaK&hgK5k@g?~fuP^s$Pa4zGFj^BwzPIUptCD7Lt4WmMs|xhMi?@pK^L@!XY?F1 zHWy$ml?oMLi=i0K&K+pDn7A?k^i*~e?`fW{<-?GK6I_sL2$qmoUZ61vCW*Bx^BfnJ z3RAcXI9c`@hOa*(^JYIMxqF~JQ>^#mgX83kqxQT;@H*F&61LYL9gqz&JmkMZ&r$zW zc6oT%MqR<6=Iv-7QsnAxtMh$vi@VM0c0`eub4qb99$f@%ZmV_oOjFcls!R6bYZ%ac zwWHvO*K4mGjkdXAYyNI=Rov{2vVWZ8UfMC&NetsFtyNc^PjnM}9F}Bm%pQs(JIAh* zGs87`;kDYkHCY`pcdvz6k$*`a{3WMRPj5PXFOU!r5p$o2cVn+G?)pTe%kkA zhs{qM%Z?Lybp1o zUQJlq?qgiREY0M=!Ac-IRM<}JHvsDuCA{UO5N;oaY0AN_bim&Hr3I+Lv8jfiK9}q@ z6BIMUZo|9rz}X#Bp>J=i2YSEsTLUblIjxMLrlcuLdcm~8{7=8UyMZ3ox1UD#LT!2} zA%6cJ@Qlw+q+A3r7|{7aSNwLI#BcOYEi@3t8z+Gf{o1pRX&xW96s# zzXv}f5yRm+I0?%0jwy<*I-l90e#6nEl6q=i6Q%w*>y@p1QZ}{PHPLoIML+iB9X_=+ znZ)7a6Spq35w$P5Z{#aAZAxNV0lU@RucVN-s_Y}a$Pvg6o6-3a2=)2kx4fq)T>-9v zf(O!e-a0zGB0feCrcWLaOv75=Q$kh)#p3|Y)pLJyBsW-vO`wsf$>;}p5zJ{>=Eg`K zqk4CZ?6Ank@78LGHMRQ(J($8pn|R&6o|ZDpFZ(5MBA`=Psv zSsGF8-$|pOw`le#CHhAXeXM8a?7NYRJqx(ZUX;aGk~>Y2D$r1@e>q)d68Mi}4OO(F zzZ@u+8tk!3Uc)!>M1xjZ+TA5JCuNfg4WRj@Y$*T#=t0(q1Ec?bOJR5Sgfn z-%@PklN=wUULGT8(V@D#(h9FXz#~jjx^`WOCD;>BLk|bbw2w-e1i}&gLwL=!TxUWc zW5%yjnrY3Mb50iJ{A_=u&R%W>_h5HfPtbT{Z%Lq(gI)#iD2Uc+5Hq=BN|OePxA8Aap(z> zjV+OfUiUtt^PRc-Qxvb??d3rMV9I*?Fqiz7Kr`f1Pd?uD(`-JMqko4=pT1BK;=3Ox zpEJ6w_i_U#TB2sa-6d^rOQ`-k|>pb_YaK^Izxt}mATh? zKmP`<_VW249Uu7K26c3n{oTJVbzYWi+4)gz@VT?TQ0eUhnMYR`S6+$Vn<@B7d76#G zXa~>R`{Z}DJZ1`^G<+vu368}m-K$rH*|;R!rfNT>wu^pPtHyH2n)xjg2VIC+e9Esg zdTrkIE7@wPp@?P;({AnFLNs2tU3=>(J#>0r?OoBAV`Yi;$f)C@{V2b##*~ZMJCrLxDjXmW;x{y^)qq7D2G45c2D(hSY9%vzl=x6 za@pnVdq1aZ%gf*IEdgoIM~;6Tkf(y3+2*PlVlyMsJgmI*DG+B^Dcu*XR^47a^M4s% z2Nuh;9Q>$zk)`ju{k0i+jXDU~>$CNFpxN`;)J^*pjdh3u7#1i&x;@Lfg#kK}1U116 zqORJ?HJv_1mf8TAVGcI6J1PAaH5jPkUJv&r0pJfQ(A0z#0|F5HibwP#Pk_@PO&O0u zTqKp6Ec{d8q`iO!+v$3f}?-*bQFD;WK) z=i=XQzP5f$Q|I<-VAyF#$FXt$kHjwEQ=$FPk!xb$my9=A{lckpr(s(%Yb=k8FDKuB zaggY+Bv(pLFKDg`eBmPxs_c-%-n<`k&NPynqxV|P&{ zO(o!TI!OW2mU`1RwCSgOV!S|)UAF0otxNDjbYb1oJnx<}ZXCf|zXu?43^XQAP*Wk} z4amZF1>t_;hRIDEW&n1A@O@POgAy_h+>sxqdS&aRPPyQO%l>GrR5Gz^K|626qy!6u zW2-*)&?D&s=3`aa0L6cS%z%sCM5Ds|ezj??wIBh^Fr6LTkLNC!?=v5r{&v^M&QK z+1UfT!s5aIde@?og6{d~-@yz0>+F+ywNt8vAmo>k5`W|{c(VH zkcbe%&B4ecH0IM+g<(tEwCtQqI?E@3+Z_;ZjS~oG+3~`K)p4kB+NZGYh1ub$&Y(dg ziAxDdJ~98BEtetGuYK9HQuI^2OxoJ)^o5WioWqTPx3Vdb=Snhf9|TdK4&J#`xe`-8 zjx$iPWpgyf9VG|2@eeR1S{#>NzB)#4&fX>&y1#-Dv_4O17KT0ZvSo@%-%@OJ0s=6~ znvV#97^W!|z7jf!)aL>6QZigTVc#&MwBxi%^ZHXb_ci7AALHF#^Ho`uw|I%PE(pet zCx$*TAqBwANYj^<;4+Z;C{Iwz`m}wDqBKOmWdGoh9ZGm!X{al z!KCKN4lZ`T@9?^f-r_E>fo&mMQI?e{W1AXqd1~J?LeT18QXj0T(wIpYYu~O~S-%m? zI=h5TS5Ul%TIZ}NLajU+3{j(E&e8XCd7~@EK0X1q994Q--iZ1|kA#B_-5)%ol(tCs&;Z92Uy`{Y=meRlD7A%q z>wgqXU>}O~aK1(khnjR~!vdc9VC4v+~;``o_oB7KSx zVMCm>?Xj|q0zX$K&dsbXmxLeBOFtCUeTn(?Qe1Q>`bJKQ+c@)CJu`SWHkEd0I#hS#BmCBufvip+Y7VsoWuE!ULus3lat>Sme?4c|0;jcWbJ z``z`zaqf>^nc4eK2SNRv9=}_SXAo8e-hte*8dNEQE_#e92XnIjxUA*>ZDqH7B-pRR z;@)pb{GPDIX2kle_L+djI~8p#(SLo6R@DW^ZMd%}JDkz?&$wbAUo>E8>+;Hb%RTxD zF*Sl~63XO|#Ws**NpNDhzS{Q|kATRzQB>k0BNs}7K#juytGTHjJflh}Z4LPaW3!(w42OzYY`XjbhL7%>Y z_2I>uE^;%*%$&J?12wuVjvmRn!M{s{L`e`xP4@<6DNDyFL+)h4#Brna7JXGnKzg-)*4f^)1u((s@qwAE}0EmZRex>T+CkAp4az;*VqI^0+x$<3v|0O=`^8+txqr7E|g!@$&bI%j`5X$ z#Vm4nte)aYKQ1kba-Kqv+08R_`k@jv274933wV=}E-cuu#U?JT$UWcHdVkVPLa2Po z$J6lcC)#rUu2T20@@e5_S%a~JR=!AIx4Wx{Wp8%Lq(^;#Wc6#|Cg~|>t7~e`uy>Uw zu0m4X@oN{P9W|N2yVz&d%=YTsLwKjOYxSigKjTJ!Ji&aC@x@IDrU1&cs<+S=dm-KF z*Wc)|1Ee`t?{>5EWFPv ze#LTqiWPl9_j{Ofn&4?25#u%jhk+JL>2E&MnQxX6mW>KqFErAXzB?W?Qwkj$SM`0-ob!6rm zAKd_OY~n;H8@3M#VioZEq0A}m9!fZo6XUh=Y@Lu9&x#lB5_w+Fk?`A$n>w zE!A@aH-54tolS+rGD!fmU3e8+PrS;1_I0IOSoA?&0 zX|-_1dw1iqkFWmf1O4Q~XXo>!51y`M?bsu{MW9GX!=u*vD*WbR!#xeRj+YW&{Uv|> zJn|^qf9=dWu-&qsa#ZrX%Z0PiBKC9Q40{WO+e_64${#nlQjL#qRKKdlnlq&~NEu^p z+&_BzQ!Jx7F)?6}lK*Pnnek}Spc=3Cce8B{=ea12L`|`vHX5lTbM@oaN*4H_taB&y z?$Zd6dEvo>L3yp{i81Uw`A8MEN4n!hfZPk?TY$1eH8p=O@rPiX_*%;;<~Rf^0@e>_ z%L~W5)As{clfe<=t~EBU;16%>Nn)ZZ&tAF}Jd~C+OpU)`CWiwE*IecmhHSiizH%1?Ziye8;a! zXGDF`7@#bFJg|E4E7kBS1n1I~hrPIXFY$k+9pC~3rYIr_C|I`YT=4q3hP&yladhPC z;DeLlzJFg#Gt^G4tj*x4W1|80+%j_c+bzcPIPBvq{-u4=#VsT+5#G2ca;r18FWt7i z{^b}J-}P*d`#RYFD*opI5>tF{lDk^1iuAR$k!+WLq4*mT!DP6mudq=ehitO0!!Zkc zWcL8Ejz}pCDVghO6=yTW;w>q*7Cv%;{y691@LFbyC~zy(2U*uOFIK`D&dwkOm$r|v zctMdbWo#=yo7((4(A&;qUE}MQun#5L5~fD<$z=kI%4**-T)$Dgs#UMFk97{nRUT8W zr0Xjtf1{Sx`f*G<0Glv6h5PTUliW5rlPbl_I4WU1sm87#W_S1DUq6KBM>tZ4w1{qO{qtVyv z(Rk73C_+~T9IA?F?r0XxTA!6&*H3Z41=$Si^tAM^eWY>f$S%$Rsu0F2Q7e@ zg$7BkC``hx28%+hNDF{}Ok^lbz@7sB4>_pYf1w0~E8CCD5S8@${E$9%f`<{${*#2M zT-cTx47aC(d8ke0&0;8ifa?+>R%Qqe@q}w&R)f97C_T(2t1woaE5T6x-WXl|tq=Km zGUH%6Y6c|MVHW&@W8>5ESYiL`2*UM7MYFoa^~||Gh;tjp9WQ&sCh`ic!-OQ6hpo$f zbyxUa_}MBe>Fm{fl+dY%vfRfvpon}$-sb0<3D#-w;9+Dcm8e2Sr)|&j0b)>PXap6m zb;xzpFnRgqS;Ee&T*(hcfSbsP`V3_KP0BaU3&rg^(ods-zXMx;{+u6bbEKncmZJJi z{Mj@IH^42RxUG&tohwC|mOWr*b~b$kKkx;}q>ZFDz#{K`a6b>9dFZ^Cn z)%5h2;c+usr6wUV_57Kf6qbPr*A0SE%noj7@SQTH;A-NbOr0F;>#CA&zA`~XE&*FvGO0TqseQMheBO1LUzF?bY0ueFqxmAL#B+%SC*Lui0M`|DUC z?~v}kpU0WAdVf47h-HNf!Tez@z-wPM1&zYq?y~h)K`?tV6mV`rF)H# zrjLT!Mu5rhjbvk4>s1(_iSl{xFWCV@_DD}F;_9IM79uj_Iu=H92u1bp$s!E!&Nesc z9_S2-hc?1Z--J?G(|vKuZ!wGx+|cOw!r$@uCYbQ%$l#4&6yY}~hGNF-XT;rKQv>vp zrq-U!RXjmx8_2)UXD!I))^m&FHT`HaUpXt~08(|;lKZQwN)er%{+EWMqt9rm9KUv! zamj(?2Ty^jb)wM)?R64X4 zrTODd%LV&pL?2yvvW{KY{Q5j>fVPt9GD+1)fwfXTxW6UOe$s$99I1n48x2!652@*u ziAxnDh)MDEI`?eJ#11lMpZ{r0s&*ymg?pNrq|d9y>tU&xOWpvT(&Dap-8m6#%VL`p1Jjz0du3-oNiY zXP>jzUVAO;1=ht~2I6JbhfxD%#Au*jkxy7(;c9!jBwR-lSDGk^Z?9`W@?jMG-%0+X zVLJxgc7IL>EYoaU-*F>IM~MncW=cEKw_bqS5WR)}T{?MBM|G+gFEbDZ)Rx4@^?D2U zO#=FZ_u{ebTy?`FQ#=6NAY$TadlOI*$Ky1ASKZDa*VANRZFmZA4!Y}eP0RO?6&Rvw zPlf`67ZenQMV(z3^e0jHXHZ0Ha^8hTS0Pu|ho5+r1Q={?I2?b)mWppNCKk9>?F}OB zTiO6?qT@_{!I--swf^Y8?H7WAr^3|xG(V~+TslLjJ1Rfw`m-#?>@x5_O88hq%+U68 zwT^%>B4J%srLTFijW1(rM6)p0ee~jVktL|fhj^{*1Ja|*1kUQm|7qJTkHeusP-qnF(E?kIadO%-*O^m6R3>tDu~WzdT6*TktceDTVy zyyjEV6Ro}LO%oHUDkSDM>GQmxRdC}DlFBED9V|Zsq~ZLL>WEZeB-F*%lsmG``lGbW zne&{HYsjX46(ZA$jzV^$v>UWClELe)LT=FW$fqiBHJ;3ZiE+~z|D%1~V$0Hm!zrDT z`L*;W7bZ9Cxo_;BSlJWSl!sS8iU?dEE0Hf20bzU|+>xP?+C*9Q87OHg;*0I3U2lis zoPFU@u9;8xgo0Dtz)deonY@0$q3712^-Nrp>}Inm$dm{w0CM1Z03afDf81oQ-2}Sd z3RhGBc8)t@^69ms99kY|)JE9;kRr4JlEYDwrntoeO8D}wC{$|u(VGUecEhbLse?u8 z5iJMcxYywK@IWJiwOs@9&{XVDiP9J2dw`5H+4L%Mya;xf4)FbVu7#X>>n*4;H#4Bd zyft((be9Za?E5Q}VVr01=jy4f8&mO{)%5JPa{OrP;BHRe=R-bX#uF0D0|^8Vr+V-}ssh4y^Oa{o%sKiSQ%@BEz+ zed`;hpcRfg@Ssd;5(gy}o4dzy$ujE^O+tMR^NW)szQ=fbxe!hD567~~8Q*&HC-3R` zVpxflOkj~$xLl;fBbH+ky6c^TTe2CzoOfct3B3BwqtDw$hdJ&L;?LIuBUgxln%VV; zPFrbc-0r|AE8~TFdGqAsJh`>8KLq^j-glM`hp5F_xKiwXPk&OjfcYuOE(H}k}}oA5_*G0KR$Xi3JE^UKkC}jK(^^+tAK{czVgD8-o!S%QBN!T$>#ZnT?}w#<`lN_ZppCQ7%KB za}BQm)Po|RDm&s+RK4+K5>jm25|1g$VWR6gJqRsP+ z7utqfhu1ImNcBT${H%qp e?w@ibv{x@v0KvX&T{N&da5?v=cLHzx`j{ ziRP##FQ6PQA0*fb{AJ&I5JK_s$wknr6NX1|V9k+@ub+H1)@%JSWg~%p)nIOekmwD; zjY{Fx-QCl9rv5ai@Jr(CD`(>5h!;QI*ZX+ zx;SF#(j>XfGVHMD1LB`cl|E9vK6#7(fKj*SL4z}k7XL7BOK|a<;wka1Kxg&dgsg&= ze8*-AZUUq;ZiQSL+2?C%{`5Y{TZsP*Ow)w1%LsP6yN)@od6dqU{0zdhL-;501qRkUqYYrfM#kZ#_ zLF#`EtBSY?zoSD?|N1-+pp_zI{+0n1Algj9ZrT{SSY)Ik;my-ii2+n>a>{y`PPVbqE{FjNcX7o+=q$p`CxR_8w{o@Z1WQ^_AG3 zdVN54IiUpk5v)WJu(=o5YVUI({grlfriIsJU?{IHs7^F#OMr+-b!=U&v~DafcV@I# zMMKkrbo5)A)iSG(O&_()fxTkdSjLy3U>x%}c^`Hh1vWCtSX-o%;x z2a(4j^(pXks~Z=A-ZRVR_SzFsxTs%@;oe?)E*!Y;jBi3R`|iW)1>QcTD0c{wzPxLw z0@VyOH(!~1?0pG#c+E=xDMac8=g(5((2e)?I6lUW-<70OdHmc(j&VZ@^4YebD@g(6 z@HT7cducF+k$6IrIrRuk9L=fnmJ=s~>1qbD>t~a%zkfVZHUvoLTNPndYq7j{03kWD z@l+EG^LF)7oEwQe->=K2ARDD_&;bD=5vCbjej<7gYJm0$<$uTveeI0|B>?amKxY;- zm08*gn2Ur#4PJVA7Xn`xA9GpzV&4ccR{cv0Ls#nmi~*KA?dsZ)G&8L)uynTD4eGz> zA=y(b@q?uOwfL`3iF-DB9+Ppp;jTQp0ZERpH^wEC3TpJSEDYY1KjM7PoMznc5@>Rw zPCLV|jz!DT@jkZi{H@BbuVqnR_IVWNQY);sH?DZSUV4#TF=f*|b{~%yi_3H%QC!SE zfjHu{h430 z<8fK;*-uC#l^}aJsun%rNz=x0c;Se^yuP>1c6~KgXsBbuTXLssTTKteO&9V-*OS3x z<2Pz>O+y^gN?AK>i{{T2YZFyG3-V*+8U(eJ1bbhv#bRKP|HxT7v0 z082k(_}w1H27>VBLk8#xYJ+X5yS5%2m_xqTFDOpP_6g|{2Y{14Ljw{maIs7o6%stI zBszxz(tQY@UK3#pht5b2oN~|*&OO5*h zLov8{cz1{4QJ??gZFmsfNKgR)5FB(9=z=-!9?@zV4Gn=dnc6kdoH}jRIs`Hk4Zt=! z|B^cJVR z0+YH>ytoBk;PDMI&tPl8z&LEy{%@A9L<$7hT!BN%ByRam2{xy*t@R&K!?)=B@&0m* zZ%X3`k`H1oEWQ(%W;_oX?zmmIZSrrb5aPLE)&8Q?7afez)6DHcCiaXMa-#Ir8;Q@ZM4S|@__VBuTiBU@ z7X^t6OL%=<(VJULbK%&cMJiRc96DrwG20T9c8Rb1^LOp)v~XH&d)`>0-g?31#2A}7 zjylUaP}^kPcd83f+!2+e4J)1S=FeAq>f$~od&j~t1v@Dp=#QUxc;%uPz*N8S#Z7Zs z&sXsAVWULjtUb&oL{#B;d_~@CruCbE6Fv^) zUb;2ue0)8Z{L1 z<+AEG8*!8zJgzULJz%Hs4YiD>9mVB+j~+Oi8r<$4hH32Lk&XT(HA zRN`Vai%ikCc~nmsUeLqEaA>MH2Rp9tal7y+7F&L|Kv4~6#TULw^=F(Wkh~Y{Schd` zTP*2UP59{b3tqG69LX{9qJQG9701cLD~hjF4y^)SA{qMUq@u_x^mE-0|V{=O@231$a@@g9lTP_alMQhlQ~X zFu#c#OZf2gzv<(d-DX!2t;oVzMbO_ zGoNWA<7LLYTs%oT2ZftZ%`6bGc+RX77ZuH{;Vp|0-!xECGa*onaiIZ9I%_Z-BEXOi zS#$6Y*-4faG}`B-W~Q<`UajR1lj+oT5ybri#k(bqx48~K0SW)|v~NMArvJC`HR09S z0Fg8Gq*Aoz>U_e4$XH}u*-V}jR0J;w_;J9TR$YZ~z2q~Q?K^L(I{P48%uwSxZ18_M zdnCGOHo5@{f+$$)Xpj=FQBoq=A^Xv~6pZxOJC>Rw}=;^DhUY&g2BkG2UBdOY|O;~aDnf%(5 z)EL(5>RTaB^N>5CvW=P)#Hs%(O7-Byz}SymZG9S?Q87aGaTB7Tar7D?@PQFQ6ELI- zW;azcBaA}DD*3h7tvB$*i8>$QD&4llt!{h_fYsqh)yGXTm3oT%`HQxG`><(P{buyc z7A4yB!C;Ji;#(Y;Y*PmWNS~o^d4>4fv1j}bpmo&ecv-%IbRMd|5S~~6=k4eDQg4B2 zV`b-P%~ooZqEZ;1qYJ_n!u#LNe|FRQ0Knq_*N1yxyHQv00@5|lWpa9L=m@(U`XL$n zb6IDOINP3#ulg%GWazler42)EbVqAF#_rdx1;^>hc)v83KJ5P}UHRaJfx{5>2%_F0 zAZ~cQPI1D9#agz%6{zeWsT)MBu$;(&+h-i#Rz}Fm^&zOwUW`>j|21mQh-=&#eRMLQ zog7Q>`%kOSBXV-GkN!5SvAGc{5QZqYOu;izMK+(r{y&mDe@FWpe->~2glA zPxA)YA5f5UMR0#OwjeJJAtd$XivfFIsE^gsW})$9sc-^R;I2tUG-)1Acnh|zx5I69 zV$}sOX(^_q6Ct89k-|U*&5Xb*rJ`6pCc7hn=P-P!dhu&rM z>yZT+vJVH+A*+U8>&bc6n4RQi{jI(BNx-^9ih}gN!OQK=2yvYEZ(>D-KQ2I`d2so; z{_HY*+*>QWVZq)n2*pe#o0=c*b_=hI(z0- z%BM3hQqjA)m+}E7othbPnWhZd28CPqe)vJ@rjd(Y>)3}7cYlc##F=W{rc|-(z5jf% z6O`+swA~l0l#Ja*`qALA=KBmQZDWKV%0r z$VMBKNs|Ye*il%2C-jag2e#foF%&)SJxb<%f2EPu%f0!1W9TN~76=KXtG~fD7mAw~ zOkOAt>Jzml95gDvMavcz)~J%z?&%9vB7gqZGiwf7K#)%jJFfwPU!xAJDOkR2M_2wT z4Ih6*0!wRLacz83VN}x>==J5YwPc~bM{0Lsdz(bWa0glvKn>3Yh@fk+uFl3-h~{@H zC$y&)?EBXwvAA2K-`|=k73?#Bv1`4Z)2T;n7;|I3zCtx9w<_GQ>ieTr8E&l0UZokc zsL5H(EOw{3)+T?~_80GQe7e#xpwb#~G^J3PedN#A(;xBXBX@bT zP3{&)%X>u=95b#jozFo?+Wb$?;+p?CK1U~{|6O?YJf1_#HG zhO)kh2XtfrY6=E9L5JJFW^H@Sa|h*h zv=_|eVWyBAf3!mw5ZeR6)&%9}*fU{`uaDPAf1vI$VCX;;ey2~dAn(b%w+Z{<3>mUK zS1SC19uhi5)SXa>#jy};=9>?`EU4MH8d_{j*0qpZ($H!#({MIk@f*3) z;6gBnVV1M^{8`JMW$@9TX&Mu^$kI5sF>h@>$6=jMvbWrlk&=>{6_hTO!3(mwMs+I= zEvWOOYiE!hC zhG9byQfY}l`*L5_>RRFg8ykAUzLTG2w=mY$Fnd(Jx2$cI(U@B_r*p~JEOLolsp#w% zJ7re5)77IA=hiyOar_})#&`6!et<~7L{Ct(luwn_OzACslzvGAzEmsu+LeWuskV< zs?CX)a#sds;QJj#>?({o3TAjMGsJ!>9p&n-6l|$_>Hpx!MlTG3KXUE)O8ZmXzIFyb zL$=SJM3q~ufh47lBzqkZmt@k6Q?wzr4ai6IJK*v;fmH<#85x;jOsPS}{=-Nq{_l5& zS+p&TIlq#eosRgVex_CnT0OJMm~Dti2`i#-VeSP@U4%s((KB2`P#48TXx%)t(h{g$ zQ%We3cQ^f$yxijJ^*w9gwL4~RX~92aVdSKqHvgnYzm?w06Jf|6J4-!-XR@Bqd!PU6 zNHQ}}=drfLSeUVt{1La_1G(Ukf}3EuA%oJ*`Pj8j+~PuR z>s9pQ<9aXi-Gg!%v$C(q;@g4_dbNu1sDW}V;Dd+0@bJ*O7KgMhNjE?eu+C-d;C*E$oozqnh15HH_2Ti2rAs$gceBvkk*Bg+1a5eEL^W@Ko5MPx`}8 znAnPIg`W9|6&BXn+`7#Tff+R}^P3m7T!5PboDW<8dNp`;GH%Ts(DZkl0I=EVxAA6c znayxcl6M|NsXNbB??dbx3Uqb)$)&CCsqMHFgq8>``1n@%>z{?JN8zIXqdRp__@u-mpzze zPl`=CTboHY#N{LWp~AsW6kI{+nekmicBEUA#og`0bBhf%_fXO`$+il0QnQR1$%&9x zx#PkQTA$YYR5zOJ-f~DA<@GZVYSJ%xv91gUr4()~M3ETW3jU zdhd&Jbj)K#O^Nr_+*o*{e=SZJjrOm+V6kJQ_4`{m{&p{uzSzrxf@u*c&>1& z_sMU>R*|I$c3M2_1lq23(@^iq=0Fb_9ZCQn|2LmONvPDu`{BENU11J3fif}zN%)7b z+>)#mgIj{`?%;o;5LuU>yu0*TK?SmV1z1=ORAmKnQ9xs2O&K!W0x~ET&~6@63(UvMw)E#ZUXi|6@r%;9* zT)}@uiazUxw8pk;3LT}(u(UbuCrYR3{!BCC_8a$&dTq-IeH?=aZ*$u*P>{2|4sBtI zAX8q?CRVoN1BPlsYjrpg;rb1IZ9W>W99zx#GPwN2NuIcVKyDl-LryY&DzF6VI^c11w9s!WPV~FBmyvI$O%ryPqI>)FprP zYhfxs%u*m0U#8BV4h1#*yJ-}F{umwZ*S`|(o|0JEA^UB0HX78I_3>3GE$$Pwh+7Xe zv2HR=*MgQ#i>Lq31t0*oY(rycW**^ zfmKz~hbqd6?l^ohW*P4WuPQ!@X;(aye1QK_BbPbFbC47XEH-at35Lt6z9~;0AVUvy z3Rxwye~j;;uvQSgsJvbf6XyL;@rvWoL1LVtB$+aw+Go{h2|a_(hq&6n-t#PR;s@ z4%lyq=0DmQ`yAja!{do>Xr>V8@k}z}Rj(`-_3cgnL8Gn-V0SEz&uZ8W5N+_|#(#{5 z%(%sO7VACt*u6y1T_f=<)bVt$__k(DIcKI7ej?+z28!Ln4VryJ`GUn#ay3W zkSq?C>g9iBus->5VqF$X$wOpkgDH#$NJdez`PH8OD-$4;9mZ;Y^=xrcnHlEjuj@KokLn;)>ZtD&sRG4Q#(=qMTji%6}F#JpvVJe@r>P2vrZljZ#Z9 zr_P{MvFxdvd>7~(;CpaPjObVTR9D^I{Yg&OV9~6kq%olC;8(+n!kU@?6srHC_6OM) zKHSBJnsYBEXdv3q!0BreU^`%mdYcZ^`#Nr`U}GWuF!Y#=?T0!VexJL6hSjIs9}#Uz3v4bv5k%p@YV2Do9VjVcXy z(jRtDs2~w{7O35VoBJW;#2x;K|MT0EBvpQ*>~C<8-MG}YJhQHzLBv~WLXO+XQ9xylj&@qK0H#;Grk4Nq58?R@l4DIj{8EH4H)T}t4_EGs4$V$&*Jm;1=PyFVYzS3I%^Y@(#Yyg|D17}n*anV zv*m+qE`2xggncGX*UkhtQ*1#vIxUf3sh@?=DIx}?JF6i2XEtM!eAPipjp~GKL=SVQ z4XJ?u#Lhk)5I{&qsDbmm5o}o8&jl8VFqQy2Ffgs1jze(H`~jP%PPxzP8t;H98ySdD zpf(4<&?@xwJwOx3WX{eW`^7+(HXX5?VfcV?jFl{{1SrV?!e%d~Pu!qZHRwZu*=8bh zlJ|)|0AZlFOAD{BfU0cJodRs6Y2(g!;l6um8}?v+91@Pd&5L;l{8WG>$hc-?$J9D} z!K;}~!-$-FS(jRkL&_JKk=q-U$m7%`RZ((o2~AF5b>9Q? zDl+G8l3P={^L(cd#|lRx%mv``|ryiP+km0 z`(T~grR4-W`~DU0uW9zRJWk^Q2W&FiBYdr)-~aSM7Q_QXDWATR<##90axeMuxk)kn zI2E&Tx+GnHroBhnQfv~sSn8`5& z;!TBfxH(O{*u4&CA<`OTs?!hQWXJI1s-VLtSnY>5ezUCv6hLf+cp&!ok;AOs7AU6i zE3d2@oa0Zh)}bQQt}gP*@{jGoZWiK96T)!TVW@#r*z13YE7*7wLdIz57SDr%rrvxk zywoB3qf1FNaGiz{8&(KP0_7#Vi+V`>v1Y99YDl|gINjs-k5#Q6c?)m9y3ItuE5VVq z@|fQ<&3;9J^bU@o7@|rViBY3SQT3#VRS2zU(SteJaj;JH(j<*zw*lNmZXEJRzXy;0 zb;qclrLt^7QahOnTYasV0F7jXhf=sUC5g8CO+17*1%9i9QMKc4;;umN3$*R2 zb}wuadZ`$%Oa*@cVg{a*0PPW46kG#?ii=K&u~I_2nD>Bz`)(m{$dj-=_4e6|Cw#Iw z3g`yuhM;Xv$nd}Y62YnxCF~O$_78F$m2188Peu8w__&0K@3lb(Y03S?7rxn{w15)T z11jL<3nxqrCGaUb9D-Cy1k5*k0@a}p^}Skgp(af7*q>$O^uoFZsBOPCz|wiNOt>pWnU3m_YYsoi~yhrzsx>QLdhT9BXa7t_4|3YCL~Hwc~TMGI8 z#4BlhI7ZlTxqLFd(jJv=Zb_!oJWImGNbsrYvnMg|UyF(@wvv7I;Csk5w*MH#8&CdB z-?G_j?}Hpw+rg9!xp~Nv+CR2v=&MMN0ft09!YRL^+yoH%;p%bOBW1X1KHH||n}ei@ zEH*B@@XMpjX$Cp_{{9@FU-f}aOySW~AxkxEn}8Kod}7f*&q=stn5G6prnh=DU zN&L8A`stNYs-oAXl}^PsH2~&f+;8RYNxmEAqbGszKgi{nxPEw$!_vyfSVB?Nrez`5xV$|6i_h{*D)Q^h6Z-~$bp(PDKaKVonGyG{zY zyAi~7>mkx`k6AIcr1$W)^RxN6k~oo-=DDq?p=LjX=9c2oK@1Y-st0LNe}|LKjtMtb zu&qPCB}34$53|-3@7gBcSa4#DxO(!3l{%MCCIwS&?x!u1ZyreO@S*@<6%jqc5kKW{ z2fsM8pihs-o!Rs13o+#m%q>W2*b>K&Ry!>(0^>%4#K%*bN_L>9)X`f=o+vG_2_r8^lqrKr8SZ zA*SCkP(rUlKkIiFYF&Lp4!|{`>dl$ie`wbFDL%3oK3$HByJG(RRnkXY`n+TjN|h`k z5PGMKN*Ms~u>RchhGqHl#q4-$`ABwm|KwkoboUR|1w^{l(PYW?-iz32*tYN~^a$#~ zi(HppZ~=^hBx%Sf*+JXEXg=AlyDM9>;bpac42j@z*PfIxH@M^V&tEGRD0hdOz@~_d zq4pMJ)M!cId4c}<3!%r{;DYrl&o|^@#bf)q%byWRo~RCag6X>}lgGdh#9EGo4}ir% z2Op=4pJU46So=gzz3}Jggn*lu@M!?D z>1*+@EA(0q^`Zi+Q+>TY{%{hj7dmdXQo(6OC3bM<=4{*TejY!!_(#Ox|A$^L33)Q5>IRd zE)7uL+$+v+4|&6Ys>qn1qkrmgiXAIv#xR|MyqP!8;@pZRGwC!yf&JHOHv*eFVI+h= zpIJaSJ6!3_3kh%*q2WWa&1A<2%?Lab5dIV7)a!xEFIqcqY(u7HO9-69u({K24mI6d zy*qX#%;mIh@Z;&Xx2e|PcL$~X-~tGuHKhH`;qAYj6}cvwt~IZia^1$mTj^BK+Yzg2 zIyMWT<6Nd^K zRneVphOv9Blh*@tjB8r9h~g^_6fHzmo)m^>6p=GXbS~S@vO72}EBz!deVrR~Q4PI% z7o!+A!x<56ECM!U&f_4MiyfYA9W47x+VjM4vEi)@_?<$)6Xguo;rv4$avCiqz=+zm z`$FR1?_4-~nzX2YoGlU$@_B&6^u@_ni|*ftrp{Mu-traweK%72%i!=nz)pkxpiIDe z^-I>%90tl=Ap>eniZ398bRmgFBD_jVwvmGnDj$2d^r^db8oUB+!hd#2b%wc`RfOyd z+1Fh6zgsinF50^_fUgBBH3=O)#lc0BIpu4731pe0* zTfJ|xKl(3lAW=w7*TM`#!+PrG(9t$j5y6{a+Klnf#JRNuWk)`7N)H*S*Tw-qe`7`SDd%;QSk6|d_#22%s23@*f_?npZ9zd= z*!XMnM>ku49`2ueU3XW;A7|q9Rq0%Y{M)mVJ+XbxvC`KH z8Uw=9ruDc40F;SL#P%;J?#cbF$`K2h*W*^V_XI61I4hj3;vvfJR^#^>jn;!^-4nP@4|#I1oYv`TWORoWT% z)&ft2bNPY^{Peboe;cO%1-5y+`{%sL$M6YH?#xEulP+{y{hf5iE=6Y@dQcknS#~t* za$<#TE#=9+#ZfPbI`SFKrL|{oC}HOaP|CEx;$I9dG>&$R&kV$8x) z=}_KZ0(&>x0LF@o%6Z&`J?pTXSY&Lix2(fWnUe+ z)^eMy{`7ZlH#m<<2LS+&hkj54a=xCtk$=Mc=Q|C4$uH``SJc`9>S-4b7_5%oKg#`i z60Jr}8TE-0pAfg<#g!daG0uGP>zCk#7WkY=7MPL-x0f)&ZWsp#Fmi?}NO>vx)9cs4 zzF90;!EXOI)k;L7QLzyj9@EeOOTjJ)fNDIeM}TUgKmEx<=Nt65!k+Q$n0XcS zZWMCC{hB~R1AA30v2VjHH6T7+=t(wAxpE+;E9dh4w=;vo>}{pTqp*5a-EdfCMA+z{ zd;ihqYaIB-WHyqZjIfr7Ot??_Z|FTN21OAv;#wp*DY>FyiH7C;U?WQ=j@7{12*IA? zC$z3ALr~ve!^QQ9@$EH))>PL4P8Hsd=iht~v*zQ|b2E%p-ub}JSu9XV$>a+wby1yn zc=wW^Q?Jl>&@S`o_{9f}M58g{Yf!|qRzALcM!MKGu{ov6yag`2{`Zl&9q^^T({Sg= z$jK9fO=3_YFtG(1v9ktaR&<MIu?pbrS@iPN$zf+N&;sQPRLs zM9Gs6_mYgqu(UFChrCQ+TnwxO+Hev6jHg)(XBws_F8osQYk$am^R;bo>|bM+K_B|s zNH5u6*7HB3@uzw{OZjUf(aC?Gf0NX85CCcdWh#E?D?9(|{h5y^X8hesI(@M(%*|P> zBzT5yJ?6oJh9=_TPJm0!FxxUAX-w=QZ4 z03RwG?N~??x2a1v(B$~gexMn>xztDZr;;K1#Yay*0S(d_^vk)TzzsPhEc;U@>91%r zcVO8(_?(FbH$d?K-7_=e$Cing!4GeTu9BurV@DrFZExOJv$|c=qH9-M$Ed zHGN_M~r++Fy{q=)tLQ1e>Cvla6#v8bv@nw9`+L(@^%m?%_8or zG3!i2-=i+0Lyn`Y!<*N2J^O%AUE1r=9z$*x03QM`Z(0)orv>f^Qrk&`tv}EZQL2eh zvynHLLg#R>k9C@7lIJHD=YwOA#RCkM&0t@Lsg}GQt<68NHEG0PjVY)3SCt&T2M?kO z^pH`i&mS&M!X=}KPk=)IuB^ql?pC&$V7byI{6l zQ<^6ZDNeIz2e6S1PH%VENNBh6Wu)Rg?&~?(pp6`oiNm~MB47;1zVMaj3{z=w7T`B{ zDWWi3_A;;U{Ff8NtFc!=D<(t-YYtBdtf)aA>?QyLf@zh)&!SEOlm4FI8toH1Fs{jj z&ZhD{FT>oKrS>8<6n$aY3)1gjOkXGxfa8&9gU@9rQ^7>{YS1F z5b8^{*`31*cTF`XhVv%{k3s15{m)rr6~AXd05X5aV8ZE*ROclE?HbxhS7uX^+f?FP z!~(2wes5avXqOjL1**$M%D-nmW;LH`s<$mFL)$wc?`Vys`9pmugD@(Y5G7wC|B=46 z+rty4Z%SUsn(xbw+FQDusYr1mW4y0s%08pUkAcwV*|)!Rspx=aJ5_|Sex}s#Dl-Qd z7GiY$+~x}I=Mb)4Gw=dSKVW=M>33ea_d@t1TxB68&7Gw_s;_ykXiB)szr}2(i3KG~ zRQe>kZ-UyS#%0VTDm4Xi;Vbd_-0|8%hSb|$05+|3*t;+%(O%fkUQ<9%kgu)WKu3S* zc9V0}UlT@@2}m7SnvjA)J9;t&Io!W+wqTNAdEO6N4CQHdpta-rv->G)<>3RCiPIRm zmr}f<lhUSFFk6Z+bx`-%D3){_y@Sv`enI8^{XUH?Y6HoL*S< z8KH>y_PSVs?l`QA=Ew`bP_-6^H9Xf@x2{<%BFPGLoT^D)#~fxPQ?|s&~~qEf>7U&*i@ZZZgXzyz7FAh{`j2r z1?ogq_I5+w_#KX=%ej)RKIS6pM2W<<9|qenetE@9PW)a!nGFgFk2BKt~t2b&c{a4PPylfYS{){(g_v%A8O-2mgY%}>9=0wo2ro3uQr`1h3fzQ zJ{Cm;ck7JyW}jel{{1kyA<~S3A(4K9q=rEWiU7k>KZwbtvgd%tDnefDF5qN>E?stu~$&BU_?lN$C2uv`jh509dW`cDn%b`Cp4P>-osu`fZCX z;O1+(AOfkS*m4Hh&4KOh0&uh5wxTviHwaA431$4ylLZaiBM@_K+GUN7zREhxoezL8 zhiDa5i0+VmdgYe!D}}6Q{hg;bI{3|RP9V8nWW#h0EVoh<3Kjs&tZG7?-;K2k;5>ad zn+T90o8`MLF_?n|f7eI4q+{;JV2@PMLL@X?82-*}SnEIsXvXxM6)bL!Lh(Qb!i?$= z$@;zb_ZojX=yy~0zzU? z3N-+nl$EpXTvbHjC6|Q^^G*6{%}fpT_tv^qDJ6qjnf7tK#+S)CqJ6k4@r1fwX^B1d zGQb8PV9^mZ5=&c}Za204(;UYTnmnTRBdQF?yTEeqr-{ z1~MYzJuf)C!IRld{i1|6c_7Cd?8f z6+|;XcVGu;!`l8?|IY=e?We#=8`<>q@`9XB#!XCFJjE>A7M%^Xr>`_cgj}_nI0p8A z3_IB!=?!1M7+*}ZsHh6DL7U-y+l%?gYKe#wd?a+Cp@(Cl)f|=k^i)^p1ckK`mLmv1 zryJke_&_91@bhhH!mAvG^VYM}M>2?ZAvp3Gi1|Z(=$nN1xHYj>CE2-&{B|VOPpm+2 z{`jsuv=IJn6SoSR#}$M>4Wlnnf-D&HtW4J9!sIYKx`zG4qAxCf^APqS)K($Ne*-$n zg$9TW+96Yi=^hX6)O2N+0XF%dF99hy^s4m~z}}>CWCaClcZ2v#o!~R#~n;uHiu7Hg@e1L0S0_ICE}#W+RG^9a?#FLcQf_8UAXH zGl92e`F?ye<9u&0;w=GiPg!rfgsb`Zkt(%O@u5VP?%79AmgV@7e3r-6(iX$%yUy{r z8T`cU&EfXtV5hH8II|li!8e=tOcmfHnxhqk`LGifRaT=Ngcm@gu5{Q0QBdWH-*I$D$mLf1XsG8 zB(q@qpHeWm_`r57!nOg-;G7&@y}M4Q2#B^I96Kx+el_}~5eG2&6kSV(P{2gkWdkN~ zi)8K#O3ZZS-xt=Ncy+y9>i_`e{!Z(1GBw)D7WHrP0G_6Y{3#ObfZdgL22M-k1SeoRAmegk#Eo@tVj`VOz-~#b_J$iy8v{s~uT#L%{0XdmeuA``p%ZUg;lw zTvUC$8K#R8bNQ4Sa%c+jhOS{BAgAi|-mxBb}tSlTo=%Q9&$Fa6asV}<2} zSGjrVL^UERN0J1Icm-LBi_8V)9)sqO7m?}s1I#GC-=*e8Z1H?Xr8J_O&*J&m7_ASuqPO1~Tnd<}0>bkJOIcf`x98R~ke~sQ})TDbH{foL`=R;xmuULXsC$Y#wb& z9@$E6;qMa~Z30kcketx?w?$R7d0XF!Cn68OAR+}+z~0u+CEzc<;oWseTM5iGUF!7R zI{-9`ktI!c_xK-4Qf<%fQw55H@V`_+mI8Mfq=Q#b9Prr*1S+4#vx(j5$ObWN8!pnx zmjQ(5ylgaR47%52`!&>%iRs)yyvFdz7{CZmZ^ZR`$DLVDIJr{;lTe5iB#Mz1==-2F z<{>cP=kK~ULk@5oA2f&1``|xZL?y3o3qo(Ty|MO-^qfMi05z|Q?ptedcmhp0QS^{&vZR9@j)2HX9KK}qcFO3QChm?4X-Yl0)!i~!D`xq{V zlZ*tPD*ALz8B00kFkCyrRo?P=hJCww()g0Nz@) zN&F8@R~^;l19sm9-Hk|>bR#7&Qb58$N|2G#Affa|NQ0DgNhuA|QbUjs1f&s^?gnYL zefxdi`Tp72-tBBVJMW(NdG5W>y-?mKye}sOiJ@Hhw}nVLUrV`)S7Xw#$g zMZN98mMLhfZ^7uQ==Vtf-O>6(GyEI`)lrThQt!orLz#UBwFob@_SfCfYQ5k;H@RN9 zS|PZ6PH&5c!j7Pyakx@G57U87-rnBhtd#<`dft)|`~-n6{8k4}DcZZKEZpCDCcN3h z9yMlU^6#eLi(O9U=h@u7tE5p}ngUS{5@czWBQPx0V3l9(&j(M4hDx3eHNMX~#e0PO zHVpdtz~M$Cz|v`3Q0dX*)y%s2mlMtCv;LkqP?#!AnhN04ggnqzN3xr7qPAoI`)|Yf zV(gsdo0RP0S-SLR}PGhFOSVYmUv`I*K1OqQ_$%ky2&iBw*aVRua0 zm)TBSV?~ka?-|sxXLc4dq zogc&2xlZpUBk&XPDG6-im2qK#+4BO3g}S!4lQIl?kZYW^YU{Ygv1R8t9VL_LI)%lR zrFxrqpZHPej4h^9HGRUzqk1Boj5QAbv$QaKOBFZx(yai;l;2r6qgMh)mgpk0aa@)&n#>((y%s~T0z zlNX%`#w!9Q$(su4MYhk%YszjsMgN!>Jf^y+Qo8(4Z#Tm(18kJpkAvyb@6-S}fQQ7F zho|uFGlGn=X)4AAc)pjA`%4MW0W)#&J#H3~I0g1nlBp+4$A*PP{PnJ^jOE0@9L)kK zQajXB_pxau)TWr))UD}kr)SR1)zXZnt@&@>11H_u-~6Oj(+%!|NHUKK{C}v92p@Xv zKEK-{;nJ`*R%qvon@)m+%az?z@oXUx2SbBcbY@=f-=?YPltKLtl+?!+tzhPFr03<* zg2i;H)-PiPx)`Dm03>G0$ajT+&Qur$of(~%XR(mDmvHTtNT$ErWNFZ@!SS89N zGyx0bNamLZc?>=4&3JSvoveSgXg1@MSSl$hjGAYq1*;OgZ;6!WSb1At2ol&psaSC$ zWx9HQxd-N^=7`mA1~*|%-&!7ILJ}VAZ&dZalt1&i*LXk!Xsx{uw*RhZoT|g+uNvYQ zil28PiWQ1>w>_V2ZvTR0ZQsm<7+`eAx>X?uTWHe4$PXNco!e514K zz*(dxIAY7itt2JWsU1Z_a0^xuwuy$N5HAz{c>E77GJgEYat-X3|-O(F*~*Mp3TnUP%c$VNy2Qg!%ko)>)e4l4E~e*4mQ z)OGy9E}_MGP5+YU+NH*QwA!f7v8b_mN^ozNUMwY8b|zY?WB4urFh%2M9Ht^;P9J7K zz_6PH3Kp4&V1F_=TeH6idO9gxfr7=i4js9$qugp**E&k=#(j|9wD^o4PzMjTK zr+A(XXXGYR_mU;QVt+04!6wq0qWV{{+u!b`>hk^q=bA+LfLf8ZTP?rvvL-+qD7VzB z<#^}kV6~2JLzOnO?%OSeFFJdQyT)Z7&us#e_~TUYUM{CmvQ`DZ>r_+#OlZ~lEkZ(A5rKj0T?n_sSLFMnUD_%% z-TlJp=K*W^3;CZf6&M-4iojCBkP#Y6vj&dda#;|&D(z<;9r(q_(W#F&n85kQz2 z7_ecWqwwj85eGbQDnOwxVDZvI!-cM1v$J-+dP>I6fg(?Jd{p?zAj((dgy+piL4k+ls(n zFNh+k^zJg<{gvzzvCHjR7RAVqxFZWrOVnqf@BYka6vQuc&rE+Czd5KyfYsIEkE+6 z47MtjB_2w*lm@P!PBPLyJ6By!lDNXFk&v@&q~s{b-}ozf&)Ruf z0AaZJ9lFZsyX-u#T66EWy)<82u+JbHyiJ7Qr);N|2V(r(fOkGVtT#MWy;?5F6Ps z4U&U-m*+8U(?RzyF`0ged3^cJc@Vl}q}2!a(NQFI*_^8+)8~m$CXFZ10oWDf05@RR z-lhE-QfBqI6p)r9|IuWOVR`8D_>*aC$NzHje>>-bA^|ft8lH40pRrnM5PiX5M({lF z^+7Gx36L?q%P2C_Qhj;q0|Y(Tc%Ty!Wo8O`L?;Y_msv;SFb2Al#mKoSY{Vd9rc4`i z7v}?UZ;=f*p2jxpScZIlj&1S4ws_$g--dj@hha_NZ zm=ixExEWq!S1{Y6wJ8hFpx)2&S%#e_aOHA|*89-0>~&FBFT#X-J(LnP`JeI;=Mq5w zIezh_rr{inpx(bu9Sc{xc5y&t3U-olKWksA6w}waYrsc@Z&&ugU`rw(^etMvvN|$R$buQXsmZww*aldy zL^TL~(M0SZO(tma(l9=}r|HzB?zf}w2W1^fMkc6cWXOof(jEy?vgzyk?SqxYz2}(E zHVk)0{1`qd2cFCQ&Twp%$h`-3$RZ~zxHH7P!2tGVVP+qa>JC%|9OYAhR7=7!A3~%{ zzc3{=4-~2a0DPC~0NjX{Fb4RGe!vIzAp1d8;KYgSQ&|A-AqmA^@QM-HCnya}4K9jw zVZT!V@HBj$nAPN8-+4!`{++RRW)Z8&RCa8JzHkLm-%oWMi2-gz=C33iy}KYk zCJwbS0$fSh^&(GV0egGJ#kS>#GJK_$V7W7!ppD~0a;4L5W!5jBB8(3MXM)P2+a66B z(W^nXTqBu|&axTtKi)or2+=lrmr zbXvRKabtl3`lQ<#vyJ~MWW5?DH&JP7Y^)s7YjRe7-6kCmM(+%qzE^mw*lVdX1|(jI zdps(>S|l}>>?}b-&3jrij2jOq3K6H#YX$+$+z0z}wmD1qgU2>T{Z%7J3h%3$MBcL? zn5s8Xs>lY(e+CQ{$!E5Si%F}fsuQyNXpSFEbyf)<4K5HqcGI1N$PhcCY zVU#nPO}<+TLPfExya7h9gu_WZkZ|j=T$tz)ogk56NYpD;PVcf(Z9z> zmzE02B}MguWi920)M%X(%LN7|j>o|++MMi5`Ca!T;$N_slnPZ1++fM(H)O?cT$Z-1 z*p(rb<}~B|WfE@|u5y_+jBej1>0!s(bZ*Aym3}`HxO(-|9x#h+7z&W;RQeWYg z)!qA(G^1=-hdr|v|ABtah3$cSxWTCn=OQK&ZzJWm@>S<6d%j2oHP(c zm9$iv8q*&BT5)!%DI9-l?)z!(Zd}OU_-GcEp+*9lJDnC2b4h>EeV2a9y4iORwLT96 z?s>Uiz+djk-v5)<>!++$aS)WniJvX2=g6dhdq#@J{a)&bloa+5 zlqz7(B-=0tbp(CNYg$xlm?!#2L-$8`L6d5jKk=kp9l}J8UNFbUI`3o$l-aEO zf~n%~Lml$Q{p)YoWEzG2C9k2ejpjy!i}ruJI#0|-*)ET+mCdiT#+b)W75!IQA%|xJ z%KW?H;vKvD*>5cCt-e=pR!yDU{3VB(&IwyC1|3%`pRg%27yzhvTDfKrjGny$73>tY`ZvL}4Om77To1Gee~EM6|AD3F>EhF!4}WoeKZ zKFa<2t$Z?esmW{@vypmus3xg~37h9)3yk5we!SUe*;#aGK`g{{Ar{8`=z4lu4|5h% zFC!h7%Eur=KwFXK3vSzG>J7p~i1|PCWRJ!E%6VQrHHC;}4Fx|DlakBDU+095H-~Ar zvE_L-)Tk%J2yP_)MI-l0oA_PXLjuSC3@aMV2*qE&oEJJyDkoRVSc4X{#2!AebG;Ii zg;$F0Gd@Gx_a6~?o&78D(+nQ}YfCq&V^=|rXSX(y{NAO((YjIZ*$~UXrA|PIAGHL8 z*|lHp>jeqpGdCx&_$*XFEJ3@vKA5ZL;#FH?higSV7mMPxgT!}|WDPBfz+*}L%I1xM?kN zTtG>*n)d}goIZ&0TOm$s%t%E^PljUQ)3CR|b^bUtgTZyDJC<}$W!`V1ZTPg`I*v+&=kGbmgx^jJQ75X95mkFi-DRZw0l zfdWUvSP;;k*LKJx*m~>*pniT7t!&$z!=_5SZM9rzsCY=>dVPMKNjI}lPFqRVR@2Gn zvleNm>Q$5kVE6!bC2DrB!1I<`E#%qUk2X`>(Z*t2m4X0Gz5hDe`~L40_vwHtEo4c= z_pYL5u~@kcbmX$P$1UPZBBE<9Kj9q@Ha6*yZGp9MC%;+6N)tiic*4MNplrNy=sNm6 z=&XCz`rcM2?YZ0Y1QAsv_u6uOYtTXq zvE4W@Jz(CYcsYw{+C#=1O`zsDVe6Hv84p#?+8e*7+2_1RT};bQ?CHI2F#+*eCwi=z z#Zdd3@fYb!M!mYhGLW-_|F?sB`y8L~w4r3l2W=-$>~XFCW^%~7Jj>cV&&huBUU=vv zFi4l72InoHW29aU?`2eTiWBtIxtGE&8#ln6z%Mden`ZlvW`6~CjgcFIM|KMsGadz>Lqqwj*mWPiw(gBjP7gESW@Hs84!+K{ac5?2sEHdn%h#w~ zuw=Z-Kf{k=$JTcQ^?&W6IG5b>Q!Q{$*{?2m6e@H-8A?v{owm4PN!D{@19|GVXPtsG zM4w}LrS#=k$i_vJKTRxroST2>%R=*mLrf7*fs{k75J_nXIQFOKtt-?kR*X<{=1mNRk+Fqvf+_N@3~9BZIL7 zng;fRMk4}7FIC1E#ZvHV56>bKye-d!OMJR+24db@zS&4(!~8&uXe#191%S2RLrn@K z-UEmG;mANJNz8wJ)^#8!tjs;-77z)oD0yi0B0d2RmG0NbLSGeBJ3%Ke^?Bywk`yOy5cqDm^m);Bli761w|n zjQ$VL%yz?^+V3yl;+&d4*>#nA-OF9RTJUr|x@9TLU%2>JCSyWG$L5_MzAGa}$lkIi z!Qfkh`TAtyc@3JdKW0BmEv_`YJK>%}@3PA$M!LewB%=%q{I%twGadYeO&|N+p$2W? zpTu)Gdcg(7oWWX`Kwp|8y%ASGUiUoR+wg9R*m#fmP@IRR+Z}n$<$5Fa#FzruV|81q zk0@C^@!WU^qWg)uu|@gHy9P?UVTFUgMYeRoq5sRxW8!UY`7GHL|DP`dj3K1F?^O;QdZ8euh=0bHa zh2^FOA;{)8KrBhX+ z?OIa7d-IQ8;+RRNOmHys`V-(aCsI{#FOVO{MF~*}ssF_`J;QZOnHaodTW)OLoMqXt zWy&yS&l+oXg5G_7;51#1m=uS}-kAZmIM$SL%W_F;i0Wlba)=Z?3w3aKz0&8X5>Y&M z2I*_gq8K1?RNznD^S0b{*XcN$;x^wAt)xFqx^bdx(r?^?dpkFyKW*j}6=GOfWfyjU zT#pXQjixv}%zJf&d z{xOZb?P2;md5@Z6e=W2G2`Rf>ti8&4dGB6;%dA=N@Z*iEF+E@!Y3S>i0e6DP;Z7nRFXbUp22koiB>_-c8W~dt5=wE7 z24FUvFvfD6iqhc&zPY>u5%35g`EbD&X?BW5ai(uOFS!N9GgMylWoBp8%q+oU&)!wul;ImfpRk{S686hC!kSvDFb z>^JNpZGPOhD{tU>{#4!;iTX$zqNUPp1?GK~%B3=47OEEmy*ncrDD;7f#y`t|SCaD+ zPX<5f1|^Brtx7MUq*b8s&RL36;()?)XetvMH(E8c(pN9$n|cVrApkVQRXG-KiFBKZ$LKF+}D8pl3hHAW-@?Wc!SFeaFNZW>S(+b9#cH6AYk~ zW8Jb#vi6yT0PX9WRD7`I+X9{BN#`>xXV^Wa96}F^4~96h zyjBWFr_tZ_V#hwo5S{2UW5zmb)DIv`Tf3ru|A_$Zh^wy;;?(3$=f>^>T_M(XNMO#X z^w(mJF`6Oz5(3Cb3COa`BKd!@@>iHp&8LIQ*VgAFIC-9{nn}2B*p7$OI$9fXs*!hR z2+?|YOuSrhR4kW>%ztWPdHU&590ph?fP`M zPJ(1CG~QV|n6F-UajNdV--9`R`xbo(Eq^rkB88pc)8L!80@y%b5VV(FI(KtI+igSP zyWy*sOhrYJA znQD-$My~S@p&H(DtwrmyH+VvZ67BfHSv=pAa+{1 z`ug48m01=y&SvYDh5u1?B>9k~VKO2<%#-5^gA%&3)Vadg=T=~>`0*aOPIaX{K#Z(NhWY(sFMrHj!N*w4 zNnui6frUNDhOqxR{N(mqz((N*<$cC*K%6hh(CF*Ky9YT*ZKJZE#~-}kWC`@Qswz+a zOp=N)&4#*0;Lg8do%gS^9i=|<%zo5uZYm0T_nPldMZ8z8ZQ`C_=|G!5|Kde@&$@df zlvRu)MljKX6fc@|IJNA=J~GSjsi$M>Vd5&XwdBCw_?hfIZRmHYWSyjOS#4UDA7R{z z2@5l^OD3;tB=<&NWW9KT^KCPk;-ZwLT7ii1ps*QDPV|c z1b!9KFM#+%XKrIDbaI{KvF?YMM?`#SMBLv64o!lo3eXqsZNaxIcc0IrYp~X{i{FOL z3n-M&`m#~~ytL#V`mn#@p8o2oHA+2a|9bUVi)ZDMOR_&Ip`9X~O-L9^S;kBlz&60CxdC5CmJSCj-PXj#%Mo8I)YuFU+ zUykJqo3~#ifAd$EWA16yOi~)GyJ`xTD9zN11L0 zBw8ID=fzjzacpN}GN0ZbZ9}y8H?RAsV59D2?vw%h{O@Y>(^^*oNl8CiVmCur^wv!w zV9kOJ`ljN0jjZv8&vlw=cZ)KI=MK%M?R(S)z6(28C;#ftY%4LY$52bu)Uz~8P0lUU zhWyw~Ws(*ny16-NbmGpxhW;dR`}PonQ}*FMI`96%AxBGc998Q=lHjf&TAD~Z0baV) zLBA%q10n6Y`H3y!QocO?S5zyY2M#$&4q-K|`D6~SH7t0zgDwH1l?fiSde_+)Gv6lD&ZR?;N|=Fcb$&(tAr?8%hhZ0BJOg^tbL3<7O- zUH91p_DQ1vqfNGZ^6#2K7AgjiapLorvfY|V>fg1|zd1@}K)s~uHYgYlkaqR6V#TA9*jU*TgK1)Ir z$-Wd`Til(%amiAT`_`OI&)n16x|A1`$#X)8b-Cs*P(!Wk0Gu2}OPut|k=;9}`>~zd zFg~m|mD9p(Y5b|JBRlV(fKF=eiGAy=X{LwF1gd0WI*XjdZK6M2v-W)GF_>cH-+lS% zzwUgcaH>z*KjD$d7S;j%Oz7x@vun6~4~Zc+R^Z4Yo^xp2Ak9W+1a!Q-^ZMg?d=$j$ zl#Kd@rxr%Se#B}N`V9*15<8mhS#@q!mUPt)&bnfiJD8z z=2OF}GK19RjEl)W{75TP?UzRwcl%G72YyYVf z0AY`vw=(sJ`32BJK1MhI?%y%k`inoWlg+25Ham@<=kkv3xx92uH4-G^<_-b>K-!j2 zK(*94Xh;c3#Nf5@S1!kM8?RQwwZT?meYP}l+(I0%J3Pfx0+sjs=Q95c)~P-3c-y61 zUf%Yf|I>m+#?8%7Z=b0O*3G;}E<{$yp-G@g&qYJI{Ol5JC`kY<-5?QLzaP^5 zPMbC90EiTs#~>g_6t3E{+1ay!#gS1D} zOacJBn_|hK4-E1k)x<5J2`9Xr=nCN~@c)e#Mj{UFMNnAXVN6UiR(=QlD(j5k!Q)`5 zdd%7MRS(qszDE036`e3r-w0bB6~@NOy#zZjJlT@ck;X*LA#`kbyonx&XGg%-GCDOZYo}~yF{(Z6He{3 zUpVVJTr~>sO~BV0fY^+7wj;nvqxJy=W$AZ2i449)-@(7^CvM4)|Ex~gUTf#QPLdrt zvb{T)e-|HJX82?1{9Xzr=QW6{5I6g;4ALZy6I@^{Z#W4yEhXY4M_GDC7$#=V&GFym zM5Q%Q10Lc-dAdA_T4rNeNuzVMB*c|!aVpSTW3Suy0R*W(AUech#JwQvo4$nS^1+Ul z>y+04?>@Z&R0!E8KL47nOd1gzCnF}}iXS=GKpJlC9)8~%yL`QVNf9c4x{%go7T`2Q zXigyavshY-aD|gnhRgvOzN)G~8Xg7E0D+tZgy(pl3)(Gc#$hI8?6g`swKo2CARW2H zqbb107s5_S+=`T{)Y1loNT5-^+Q?*fQ@$hswbluoYJvg6Ku{D1dB+ASpmFZl?eoH_ zx~9S$TAAbl2)V|^n}PF%Em8Pt0PN( zd$nuj7o~`LJPZi_V`=fd?4>)Nm@FtJY>u5CglOj#ib?8alW6VVTX*EdbWEM`+xs5@a9?F*D9(6l+uqsbnE3ZA z#;4*I}BDQ}7 znI|V+>nrzrY%BjH#>3Z+EP0DO`iA;F`sP+;Yh|K0Wn>C2YTrHe5ez`60|CH7A~-XG zd;Cs>r__lbLjsGx+NAgG#UVqtvPNH|K?Cn=%3+ITlc}#%Vl=#cq`Gk*q97B{@jLOh zI$TK(y(cB)E+d7XD(=1u4boM>Ku{;o%W7T*TWosiNNV@2(ISzAgn3C~RO|pXUb;mJ ze<3~qSQ#2ZV2oOXp_3x>gk>OZ6P=WB&)Fw?jYO$XtE`v1DD6pHU`MEi>U^c@Dxr}E zHM|rD!m5HZ$nJ(K99N7ytO+_?HvW5)`ebVnFEtJn;zBU;2(>6v*3R3`Yu*>@#I{0anQ2md2DGjMc#QUTSM3EnSA}t2>5X(ly40dJ!_L4 z2X%mWNX)9nG25eelW&agQikWBy|2No4RgSlW#+=!-|M6t6O}IKIU)0Q|{?2u&JK@It(hs|J6OmvNnNbPl z>SV6SJ&mHsy~a7K&0bZb8h*wFKiiH!4{Ap~v>GX{E((vsp1luAVBu{(kYs0!AxcP< zaxz(|{g4zOxxZ08O*b9VXXM<%Ax!ccFiu?>1uxAgQBq))4Dqk2Llr4O+bsQ6N7>Z) z=Toqt%k~CxDl&2SsL1CmoD&gV0q-&XXXwuAX?RWWDno?r))(|!_q(Q@=+>n43$~Gb zi-Fw|fW25yva_2C}eogu@W|?-=fXs&j55 zs=Cb#UBx$t9mxU?KjHSWO`*=tE!7ll6*|{c-~+lZ*Bk}PK9(Wlbpn25>Z4pz>0K6t zC>=3UwH_xAD;ucA4SB)i$0ffJn;9Or55NBM-BZgqyLrul;xw;0gaq{aEPWd~PxpfW zM^Q)zQ`nIgSHn=Z=j>f}oD1IAN52oAft32@F4}U@GB99al?S9^C_$JLEeh+%`wyW& z73To}4tC{{=drs`h+Hga{;`*5AlmU3{Wfgh-T~2r$JTOrRY4q|-ATyFm9&WdSaMN= zJ-oav#cNvGWDp>b^_^a(*y&v{Abz#PrXO6eTEA@dni@_DOL;PK5uuH2VS~v}-vN%$ z0089%0I5DL0EkKf0I|Bs`B&W(a1MJeTxq)^)%@w*XV|U$SRYtGFe4Fgr&7cj5&uG1){0*=2P}sUa7`3X8OC4`(U#y-=MrT&@6EGX`IF%ZWXFzy2rfZ+Q}(3Ch#cmny{cI3f+XH&DnTYezl-Su}8$yo0cbjLiYrE5?d(*>p0 zP~1i~Ka11igJA1|)OuBJO?+qw=o0Kqm^AykmpmxQS+)``1(~Z7@y{%<)g^~!jU1Ak z>O>ytRG?}CR0S0XL<0FX?~@jDcr;M+eQAvw>6+e*U#SHS4+J60 zl7Qp;A*j7%K!wA6M*1p0q#zCBzwcvR*ml|YDhuAP^2*zAL#Mt zBIM)%fVon`8uOgr@R$*itf}gLIj1VH7^S=f!;#wmXw*hYL*u5qgu-^YK%{6+IJ5ehE=95 z_0!HM2GOhKTj5e#*(H@-Ae2~#AD zA~<2s>SAiks^6GZ6x}fVDAt?m_NE|Tn#Njt%M2w$dg*F^=eeiWz*5~K3X=df!3b)A z(W4v)nr2V1o1df8nCnU$hn#Z~&(6KAu7IvQkCTPdYkdA8;2$U+o#lG}8<7QRaw;<> zQ29)2)U@p-vtO8JEB^<;sLCNsOQgG3oxaJ{IIH@=q)t9kH;mZu*bY&0rqX1geqTz8 zY9zSiTjnO{=FKA)zZ{R2Hd}f|dVHusVIr6k_9Jnu@}mWc-@!rekyxlo zn59^YnZ4cJ_2~Udpw$Xc7i8lVnNY$^B<)fVGQB*RG9C6*&f90d559grFlA#~FOC326$l(6EvSmwYV;=$DT+{ph!eL2TGU@F?6DsrRM_0tOLRj(11Q|M9qwytd?LV+SC40j^{!3KxF)=xw$vvy;3b1|DQP7n=WFwc^1X0p%T zhasw9l`0Wduz8^_aq;s(t7jcwS6htz&5*L@R!2y1B@~;*ac$GrcePG2ijPaUbHC#R zr#O1>q;xtVE!%X3V2?jI9aV$`i7pVsx~zE@&tP)m?N@qKkW1aDRB9wG!6xUe_+N2# zv4UhBr`<2lQmBa@B&4KZ1LFyK`Q%_vrc^U$HZe?#2LdnkaTIEXXOEB66O34r3( zLE_P&+IztuF^bpilW5$vS=opM`~KCDa_)V^^IddUDokhx58G&VtH-m;Mu4q%{AVn< z+hw{Mo=(Ut;neNQb_szo-)5I`?0_+_UxcGRrVG*;9iGO&G0<`i1_4VSmMW95_DmQr`^BFex7V(2Pend`lq-`a1*l0wfv}HSC=P8u$MJBh7+g$*=2J)UREN}_ z!8q|Wr~7?B!)sIcmz~s%M)bp-H{KbThwFq0fP#rbg52Yko4~USb#Y28{10RvM^w)r62ooZ@8VV;Lfpj|$xG}H1}Q1{HU3E- z4X z#3A|ax4PrXWGe-j@lekd_Tb8;h4z`KL^p_L-+TDz2um%AO z%J*IFI(_83>@XjOG@x@fGmzpAck(IsfDkl<;mAZx!zccj71 z#T3mwb1acYreM?qHV5mV@P&_u(yr)J(Z+uZN=&?<>luvCe3B2sPgG09AYRemb+dj` z5d?T?gAI2`6P>`3kN&rHumS@aEY$y@C>Q_rkA6}9^;lfLxHMaKlV81xcyQANVAPhB zQ%CY$kCZKN<)!)}KY2}=^*J|o;^+0^qZYX6>Y*9YVi3*pkX@J)fZ$i@)jaNCfnl6X zu`BX-i=`(}1x{D`J+l`Lu=4S%j{w~GyYMO79bdLRrn-$z=-WNXhtzkD1LuFN1r6yx za(8tQ_blWq6Xh6`-68;ZDSVywea^;)xurfohL_RZId9QftCu$&D38mY(f(ABV)j~9 z&PBC;xr|tg1e8wdS*-o$8?B!tkEfB@T4m~RW~qmrs;q>g0}wTHU5}3kXA>aK3;T_x zZb?tt3l`Hi9Nc5DI~N(SQvoBbDM={CBuR)<$d`qb1T{jS`5OE^Y&mRU(WbN^9gpjD z5nJ`eF+3n$B+Nt+7PlftTLTlkB=#kU?g&n~1f^aH^oqQWWk9MgczFcQ#g3kL+)sZt zB*_nVR7m_>uYjKvuKNa<=3Mg>>Fe+R=;Pydc>9Q;&iZ*LC+P80Xd(qhqwXL-)J6FN zE$~DYMaT~&W!|<9yb%miLfuoZjzqU7+<%xnM5W+uRNRuLbycFdRs_ zW$;cmDu7_Jh>38dIH#EJz4~vY3m@EJP3+ud(ezY0%SkKj`tNNX9iri6O_%C@bRw0b zxOsCa6M!VZSbS=TBUXp$l2Kk~mVd_AdZF6$n$j3Ts7;y={cKDI$KPZDwoNt=N;uVI zER^s8=memq+aQetwT%X>P`9mD&NEH|Mv=u#ZRw374n@mCguA-1Gj0O5z>DO2B0;|! zP;T?zH!$f7r;BDLHHrRf=XCFzZtZOU-bn=hI}2Hf9@ntJc&H2LK>+i^V1NXQ%IOa! zKr#30nqi*D*pwY~Jsp<6yjb-GVY^)wmz2p+nb2E-JyYAjhsgWoSKN^O6A93tSV!wc8vKm6(zZxrwm39 z2BAL!NLb?8C%rKQz%o!pP?8Kb&7@Q-!xvA}N;F2lgj^C7 zvEAQ2mDr=s%DAl*<`-iJmc_~_XN{TG!p+a;$WTh}P)an;2ES`!;JGjzs=&-nVnc%J z^K%eQ3VRjc+0h3mmBEJ9V=NAtO(<^`hl*iGl9+Dyl>5aWht+lN#TDyk5V>aYlX1+^ z(%%`kRlz68gmZRB{Ok1pR+G>HDn(3g>;upnB0^(mvIP3HLBLR=F{t{X1k#HgI{HEaKcE!ia+7= zB?G1}V#B3mkMPCxP=jHKwy-R*4?T}{$zk|@z@pU8n0+wIJiV&_du>KIf0cwK5(j8{ zqO-8Xo&ODDut|o3r`fP91 z2dP^$cG3Er!s29<|KeR?s_o{LfyJ6s4yM(7_q(#vzaLd>4v3ZC0saPUr$e}Z4f_X# z#~(?AM}-_HF0#`&hn_MbWZM_4JIyL4M_#TD)@@c~PYXrhJcsGcAR~UdcaS3L=+_M; z*t2Q$Xvy}X({Sf1wvH6D>w5OqJOpbpeE+hB=PKVVpsUOlZMVmGAu%$CyIiV!7~uU4 zPyvh5s@@PRE&hA|OmMeG&2wMJ6!D(&NUG@SiK~)$p5p4@^unu(PE}&m!IqcU;V<%n zFVC&SAt=YP z6a8^qr=Y3F=lhll+|mz@Sb^K699ltQK&h2=aLL4I+)?*_nYu)gaD8-2be!`YGM9`y zxrt;#>i7}5uz}*VRH&YtkNDxoIhMbHV~UsPMY97feeVWc@iYOSk%pY5FlhBNEx9*8<`l8x3D8=owIvc#NOtj?bJ zHbM75>WV<%m}Ou#-cTnW_~kP46`xj~W5M_sF?2GSGW7}kX~H#;K_sXz6Frisle$n!Q)4GfDj*OLju=B{0~i68P??g z_3w?*9nwfQN(+LpfgmkNhm>?Fii8pyB_L9Qgh;4}fV7mv^+xyY}Ynd(QcsPuzU9szKbNatYr%kdmkl&SE6-L>SS6CI-A3uOGp$VBw3$1hY4| zkr!i*6_XKg*VeX_$BDp&wA|xy+dGcR+tPR!*bVv6lD^K=TfLhMv5+?x zLEdY;y=E6{5}(OjmwyAiNd?~(TIqw5f*FY%H@M-K?ihBX8}SttlBV?6=Cc>x+B`@m zT}L{P(i_s@-VC@c@@m9%gw7>j-;rnVdi+_x8)5>*k4d46LTJ%SnR=4KI4=`MY$6jQ zrn0eIH+53VI^_7=Hp}~vzR8jKMhsmDSpamXlinj#T-5SlwA)j`&nE#){y%ia<|!mX zcy6B-!Ph26IHg2Ua1>tQ&VmT@IT6D;G?*qZ$W~b4b2VgAc&Tz%c_bK8#KqkAl%4(R zen+BR{%wB8juH{p9Ff%oJN5eIbnU|H`p0+(W-2OMgdghtj06@C(*|jkC0HBLkRbZB zWI7iw763DG%D#*3E-lPceQ2>3lznMwxJDCtbblf6tNwM6x>hHm?jq|Nuhg((By3Y< zd9^~23w|i3tB~GM@Q@hNu-NLkbduI2>y!=a%N6C|8Lm#8OQYD#A2~riW-9C_Yi!V& z8u}!@q$!Tse<+m!4Bi{8KLQCh0EqA--e{6V&d6CYaGB^E$OGzJ3E3-Hq?8`v^V{R9 zHz#2qV;_Z&_xz>oQKVNr>($mXwwFC)1pve0i}agaT%SH*ABEQ7O(^BaIL)T?tH+b{UDqS!P;=1}Vn41p} zaAkMhPRFWMxc=pb5b4(aK|xhZL{K?UNGYwltEgM=b#%hhooMHPGA;9Mbv9WHd}K#B z)ig;{d#ac|$;Tfb>l^~i2kN1gprcL{f_I=WH%L@JshAiwMLM7<@73iBsX8v8-Va9T zR6M0?6`f0CtUJSu;)_3fKri86+un$-M#hd&YVw%AYf&-wmJ{P(~@LOQ^XY z^JWyEPa|cyIh{$Vky9%-LN9eWgdJ^~i}AmS^2(T@^!|dk0G_%`q45=~D5x2jTaInJ1Q8MtVBiPVDR3nBpi3oDpvtOe6nLJBoBDCV)>U=P zOIi*-K5*kwR=j<-$d$hSxqjurz<-T;zBQPZ(-lt(1o25*eX3~~dQvy*N3eN*CQX)W zv72%Lpt{o4vTdlSF%o@d(j40dZ*Hd z{Stkw{O|IzrsRsJPkvh>v%s?3CGALNuEW7>F@tK`lEP~?9${$ydNNl+-7VLXQz+m2uHR7gJbU zi+cVGKs+6e=foUD(0w*zLg@`cR=rW)`lyu~gGo$ZEK#xxXo{XR(JvONiZT&KLSPa`w=%)V?pqbmG9*R_4JG*Sd* z(5YuC&|eSq`ICd^MVGU1<{dkte34=C&c znq?dR0OEk;a+_y*_g`}6xtf7GBQx&1iUUJDU($`AKGfYczSslbpg`9`-Vz#I4udI0 z#_0$8=!k@pR^m)JqqIQ{AZ09lSg9hy(W&`D1)8RK0NWB(bcAYOdA;K(sj)WCHski5 z)V1=PTiX0w)12R+RG`_UT%Mtn8^1(wnDTJco2k$ALI|_bZJ$}~k-U-RzP8!Xcazq0 ztfjc@H>ocm{9#bU^Q(aAb2mVUR<{d7S~a|~Zrl^zXdo*GYpwo{IbnnSdlp%;jU1&c z)B-}ZB0u|4QlN%X{yYXpdQG5MVHRVpvB3yz0i<|Z?tB1y1Vx;!j(qxtak!(dMJ6L( z_dvOUT8#2`QJM@_TklF9g@8>2@3b)wPEhV)W!GbBg(^QVa< znoq!$vQdJz07eu-L?ZpQnJ~O;sesurS#|~tD6HcWr(}4o%;C*uT`Gj|T#?zVGG_v2 z6HkJ!5!#Rd$s3WTuD~NbP*drPd+a;3$hcx|B(y+H3S<&zt|&p{>1Y#XPAfg zoAX$^bn@Nq^tiOU@s zV6zWr{)n!Pk3@gF%KTIm2C&gJ7#DE);=#$*ga>zSj$nN^8(O!3g|}7$L`ZlJ8xYt@#H* zgXfdUrz*|rOQKPuZ?&&s3Va@J_BA$CKFO7roHzH5y_=o*dq9Gx-sw|ez_SwHtG=qE z4Yb#rOo$)TqsgoD%~!Lhl1VISf_xD^o_5bTyjt#51yM<7?xp_uHcoB!ocGRvR{LTH zCcvdSBk>at;t5?o4-@em&2^QJjb9F-OQQLFwyHIP=21A(apD;})1XM*jmMjXn3E04 z%b{E`{5gnCb}#kFzqT5yD<0N@6%_wJCq@Xa1$7VzAK6z z+g3@k@Z=^3hL56Jn#13oc50GgCdTWAfV1l@rmoNv0SQz|5&G@cA}$K)-m|pHe?+$% zIe8uMpZ(B1zkg0NBTD1D%d{mB5p1B_&cw)INkUPfJbh;(9>q}ti9s7@Q<%uU>2xKF zWF$IrPBv@{K+K1o#XAI~I;xhbWtf@xQvMZudaeuf7Ce$;D%@{Xy*qNP`EM_DxS`k& z3^Q9zhQn!qhqIshBfp{}qI2(`%f9dw_Iu>Dc(KgI8XW$u&j2Qb7?Esj6xJ2u>yg?_eDzwlLN88? zC4V2OLr;Z!i8rP-w&7`GUdoYajVDaE{)iW)y^Aq?(25t&bvwa3yA-aSE9+7gB= z=D~Y`xYG`}zEWW1e`JngT0*2iS-~}ILHs=Q*n{BFwS{aaQq5*J=@A@Q@>^KmY#ixp zF!WugaLXG461FyMV2ym*V7NoQ&rAlssU;9`HyaC2(oJ~8`CZlka&2lq(OOz7D6T8jx+}8fbIZM1+-pT%F7-F2
cPQBh98phz|s zaj@6e)L#z*D4LebNkw{TQ2&}4rt&M@VyESR_E2~*xK-=n*rIxCc&`aF7d|szFeQh7 zj@W&)gWjg)3c?rkW!u6488xOt2Q$oX69`bRhf4I&Ag%1h(h-iU5ckubN*!DA3uwDq% zLodKzAJZq1>M!x8rcFiOXLSjGSo|oiZJjXT(nu3nrl`nkz(9rJYyFAhOqhA8fmLVl z!>S_!2`cP2J9|{k-f>@P@JbNuzjGdT_^;c{U{d5%p@EY*LrC$;(n!pQ<*Pm>!lS%W zrKUmc%AZX&5zpl!3Sk#EAwrR`B{5bglYYj#i+XoP*K<;YZM8|HAeuF*&5cN}JJRx) zoe6VURhdY2s9>5jHMDe)>oWPqJ(ot=Bxg;|Y0aa3HUWr0VL|IgQjWm@#dQh&fnv9n z)~R<%)Kx0HFLJa-BGqr5W5%cdZMru#Fbk8g^DU=C#D+MYa#Q@EdihoU_BYPtib8wM zpPqLlenW4wyCIO*c|f1opVu#5oILO^qNaI~s?hEoxQ>1pvQbu`w-q^~JA?)UC7&9W z@p_Z91BU_#`ao(d3f=f=p%&%s4ZNSHST+%YY6<}+m1HvZRys4}FASh%XHdg3vg~d) zK2Hwo6wW2jbl|t*zV}u8)3JfNv0s!P9}1Wghksgb+hI-u5*zUSw6vjUg$FUoZZ=E1 zY`YQZxwe zP>!A~bnQGEnI%b2Fqwq|PDB3|^EwyZavXC6p8pe(Km6=9VBSIaUJloHM`}#+0jzh3ALXEe__}&e~DS_JK)VK3tw3-!U*?^LJpa^tVa= zmL1Z^)lrJ#Z+*{!EK@|kVDkF*@mbCJuh)V7yIXgC`n+ZA|4A45KtK$}Sb*#zQUIH^ zd_eQEaff>Dl7tyfUa13|6*`KuqGG<-AfP|oDPxN8ceOK;!Dy)QJ) zR-Y^7IecX5S<$<9s1TL2ocyYTgF8}Hfhsfv=IzNcys11*S*Sr_Ys`^h#bp-$;Wrd~ zm@ivv)$v3jvyNnvWzoZocH{v57N6A#oL7LYOsGOB#7Z+)9CoJhjU)iwf`6sd(nb9k z_+8!|sYZ9QSDQ8fy$q7TjWot#oS(s0Ou^TO=+n9LQ`{~#@+O7yfv}JNM6R@UK&WcG zVXBN8T23yFM{;Q^4w=}CJO}QO#o-R=^~qb2LO7SlTY>+)l#r>&hX97A*V6wVRSb;t zwV$r-5VkB>B7|g+jeH8arkp1|HQ2tA2u+V z()!JLiY<=B7=?l<`}cpfV&OEtIw)F{U8#^j#Zxd3AR@-AVaQRuRFAUBwVv?3|^sk z3^)5l9(tWflT*7y*71O!Nr?Gxfgn0%2@Lsi`dOS45BXz*tk4h_d}$Ix|MSx3GrC}8 zVO^%mkNF?@zV3~12q58xPsH$wiNkQcmEozpmL%+i3#Zmc6rM@kb*gl`^~Rxpiw+uT zr7aSD)Z1-4utG;P`!;W#PbLN#Z_MSb3>NzL7p4(=ke9Wq`gpsDle9z-YO?7R+7!E0w8WFpU5sB~B|>!7rOnHhr$G5c8F;S=&0M0LJaKLfTo_u}zx?kWt>b_0EX z)$A}rZFAX`KO7L0_Bx!Z;_fzi{u%i$^&F^E%V}>c#=)ySA5&L`jK^9xdR6RSb9xQ~ za!}P_<4;J0q=>KT_s{vAE~f;l(1u6k^0y0%_{8#|eelmqV@%m$6&lsUaOqu%>4qq~ zQC)VUz9QSSI!+nKWUwLqznXh>DT3_Js9D`foJEHX3+HLCDsi}ez0DDdVb;F)ih?1+ zFI-IvVWfyEeu>bUE~CJ9d87K?5g8yghVRKJmkK-*GD;9o0F`sF{-&fy`9+A(S(Arhx|UBO1buI)t*LQRJ5VpXa4r*Ioga{ke935e2^DY zVWEHeesVxY%}O za<_4Xd{8-yVnlBBlNP(4$iYEe?U|R%!^%$}i4H=^At`ZI=*=yr03$1Uy5^S?_kNpDYKcVXa8hr}g-YBSFs(3dA)Rv>^ zcvSO`=~2jP?o{YYo2Hks^6x8_!-G5)A*a8ted%>Xh9tGDcp?Knlfx$GbJx~l{9`me zx@+z{+L6ikvwyQN(;)X)d0y(!@DE$n+nmlAR0;NKI)5pW`-lYa(%@zgcj~yFK2TO7 zfW-kq;_g3T_o$B~ttk2n!&D~ZnnT7!T1uTi=H9Jx)A;%;@~VID*XmI6r6by|tL!oJ zaGEzm6TqJdrO_gnAC1ObIOB8Wv5pgVm#0;UnXr!^-L5MzTii`(ok23)DP34Rg^Ec) zqgYYxluKL-zvI3vunPkckV~wb2tT<<57XHfJ1XVs7V6cHtJOSQXMT&Vbz057$s3xAgYxK;x9wtPj!8#m0FA>$DE6EoG10CR4Cp64e(JzfDbR5=_<5s&J)fQY`?I3ZehHN|_ zxE0Vh^il$aHz-G2w)V{aU8^EoPq&tun4X#)3Rn*FdC_|a)?Zv&4~VzYkQC{J(p4d8UJz#XPw1=BNIzn z<;9Iy<)ZbM7E4|ALs*1C5kSs}5kLadMh|{d1ekp-9y5BelMoFSE;v$0M_BZ=@7%OF z(_uI>Ogl>-7%biZ3YTK?z=5v>V#Ak>cgI5z%<+opCy}-NhN~YlxYez#=NcCmnp*gS ze=o@Im}Ptqunl&&HWSRLyqs2)NtG<)*{vUsr{$SEyf(lzJ7XytYU*WE2)lAcSH*vx z9)*T#?Sz^^(>OukY$N;)B6W8PyXVt8a$@kv;Y0&X=XL?XObEp!dKNEUiDJ+2@p4d^ z{M}GGI^EQ7Bx32z8bSa2vGXbYGi3N}v7@67p5vhp+fZUPa|bNJ6^g|~tuTEM(l;JO zM{{+@xl&LJFFWoT4`7IlieL*zQU<9Cq_;1aHjYkP2UE@ZaYO{WX#- z5XkV!-Rgag3nZ_SYwc$HY}HhQz88c(yXPv-Yd5LtDDUS zrE$+SD3%vOQ0HMFBfLStfwlYBD}}D<4$Kr5WcLeGTrVXJ6NGD5zTg|`oOm&6`qssO zH80!GPkrd2=X76Za6-Pu=KZVZ`RXjqq4zeoqUB}oXBcOZYCkM{SXJlzys&lVWF~!- zC1v&6^WYaj&3*K;tc`LrJ`?^!_ZSjP8sJz!Oqzs9a3+}Qrt%+To?h+wQb|bxNRS-X zXBor*nge!?3ad4jc53yJe5o1P>;n(L;ppi$KY9`3E~ZRZH>u9C#M2UZkEAkW)y6vb z2PFe!T9g-?n0mAb3OW*b;QS>pg5Fu+g?TeQnM2rf`Kzsm*L@fN`QA%n$Pk9*Ape0n z77&M1;KB8Z=+he}`d!2@X}>!vV=rGkRee2qG^5(|qbIGyp8cvS4dCf1SMY6V!l3>6 zh2#ufr$r&drUil5gh;}a6~H7395ul)u388SMTF;lMPd+!Fo>$=?eNBvMmPYGe(`|LW(=Wub-fom3t`RxzwmMCS27}17gqrJUu-kGp~ z+$&s%u@usKqS27;o&S%K(yRXw>73rPEP4J19YtsRY@r!KvSAHjOODw0+Yb{akI+Gk z4sUt7NN2u_Z;9Y~!=pn4+CkM3o$Y{>6%SzZ=hVs%o0Tb;ASwOr=BD!jw9IgTjtRS5^&eYnz z##8;z`5RKrhWJ8;ZVz;zcdG=mw1YH-?=^t#_ z+qpkLL^`75!TV)hJsU5Rf*jeC8$sE#cA3H_?wPhEv|cu&WXcaNKI@BwA^Q8I>2UUB zH{biBUrW6lN$BdlQf95f03aEtrw(TR#cIHriG!^o&3pdxR!5!-j&ul z8m*=7?;QikVBUA{)216;-lVMEiUw!QEDJnEme3$6`H8aN*LGT?oI6fp)M>n$X14E5 z#Sibtknb6x{}dG9>A69dPk@Fbf?s&yf^fTOO7nR#-mlL`!**Pla&!a{}YT6E* z5`6qJQDsLEqO4w$k*O-6pdgYrTBQJN0!l>}<>bp=7uq;h ziz*XBo%EOsLI6j889hD3^`|>d4yAbyE-_9E`ofUFbbzWn!z>+!^6R1vgSrz7Tf%kE zBO1o8yt+8GX4!Vg|Nbzgz(4qJ^U7RcDxe{bsZ6A6|Cnlhz~LTL(Rp%uE%fhN0b6gk z3JD9ZaXd_Ufhca%heR~~H$S)!#vOspH+;D{JM*-r!^XI_?z z>tt^~Vdhg>LL9?}SrGdzOhfdGNd>o^a0Ts&lF~?*1l2=zQjv04$FR!#tamN#V!Q5+_c7M{7ES$5<+9i& zpUIcR8PcF3>g*K;N?e-S7Z_#mS@Q`T|T!~0}fyh}^b4`Y`+GGdVr_RP4 zr^qD9rD1eujJAEu8 zY1U~ZzuNEr{^Vu$kk*=0ToXxLOS(2Gis33H|4Y=IAjut_9_Q@a%An#GOzI~5R^KHtuJC2ueV-%e>el?Dk!`!w>soRjvnO|884>QhAKpfgfZN zgtce4zbBxU<`qjhff8F*BCiRv=8cjg9>#Q-%6-^j&ku<~mVhu5pS9JIc(w>-HNLO7 zXYU}%PulSUkB3n5{acvs*9B&S7>J_e3I3&QL5OA^gob$zd61s9o;z}3EOE5hfZNkX zGVjv>zeFH(4wI+%+=9YhVFdffL>FpKY67n2m8&^DUUOo|i5tlApbPj5A&?9ZH@vV_2TyIV zl2gQIaVy6J&FF}gwaOX#Q^7%*tkTYgf9T-R1V{-6Pk5*d4L&mC4YDF-oZmVV$|Np50&Rxe_t%Tj`;9B zTjm;((GeGk{2o@2`rQ`^;1p#k`4dM-<@?4eDQfXE&it(xpl*X>Q+^Jwe7qvHRqlFU z?RPHG8M_gGPPxxA7V5Ej(U2A-@Qvi^k~H@g`IpW5nWq?J5@WgtxIvAZ3Mi*qf-4ou z){V#h&Wy2s9i;%{%*`#Ve~~ARso@bSicNkh$wW#%jCIyki&W0cwK4fN=D2hwt;s_i zrZK6)7AP5PGW}lfdDgKpbZ0=Led=m;ttf^by^s(#EXW08j6vRFf@)F~{bVw*(vx!Z z6Bu{Z{y|Z@N)?S~X1_WZ{aapvW(xPw6S~O=iP9Q7tIF6-S*X&bICHsG4^;aNd_9{; ziHN$EqRuHnj}SWK&46UIiI*`z5T#leaT(JD_y1;deFY6Kw(#4bvdTY6$pU=rR^A&_ z+ME<{-B36piT`mGFD3}R|Hzz(bO3ukOc2Y_vMMMe1E)_MqzQfBmrMD!BBE8O@G4Q} za!Sg6PjUzh`CEWqDp{M!k|r!)Ubj9@%7aj%B-T;hOiYEAaVVD@7<<#^f_$EK)kSF? zIr`fXau!aRp+fRY05bRDO6}#l4fT&nnT^pC9mO4?3l0BDzci4#^vEOLuRiec9COSs z=Tv(4VJu8yVC~`vBTeu<&h!a}jLVZsb?Z~P6a64Vu922#0|4=)_VmAD{?1_IHhAe6 zxxQ<>q64s2*v5WA*3sK{G#IzhmbRedK-X9U&RPHO;Us5%pE8jiHWLFs z5#>keM`Kye{S6-eBdY2#0qW<{eX*ydZ_d$9*V_4EJs_SkY}2^1Tat`!*`qi?m4H1xN`_^|??nb5r(vpDqS~#Y+>XJ`DYuz`8VAOknEL-A@X9B!{Z`I%CW$6f#ZurQp zXz*O&GWXXXwEmtC)v^Uu=wLYM?EceR!YrsE@o_yOYy;tp5eS++R!RSfyHz3JOUZ1& zmS^MX8`A&O=fXyOE%YL7HkjhKJ^6c)T16zsK*vAsDDbUI@soGoAYd70bAAQL)Oz5@ z%tw)Al$6T90VnIK;ZY`K>wcANC}}%LvlH26!i;Bd%OaSin4X|pC()Z{`vzFI$2X@% z4&r!c;;il~n?q0DGXcLgVJ1o3Vl0MX;1`~&OIgCCC@*~}+q>4^Y#$sv8TV;-h;}m3 zf8Z*XlGY*h@7bRmytW~5je+CSt9JVJt{4RSPH3Z;J4pIwFN*@Qq-&)VaXenI(xJMq zsh&k5kqWU`6uNTbWEy%Ww73Cg?pD(xj0AY6(|PYMMId7Zmo0|p5G>35~zM!B?~y@l?&IX^@N z_Y=*DC-Is_b8QC)w7lAT@nq}6EY%$l!L{vYF)2=Uc?X1^708|y81*9&tgxj; zqE-Myya`Fqe7l5=A`O~r&ScH6YZby|mWU3r7#@|-13EwO3Pl*zC&J1^#xqUp7w{~l z^{c^aI5rD{C6tQo?GW$t*s*HW>FY3xpO~k$1j-QNGHzA&nSOoD#!vZ~Us6hdit1*= zU7D7>Z?Y3x>qifICwF}V1m#~3zH=2}<}4P`jXL#_V1G%RDH67CBQvc<2<5 zsGdayI$*zoF5SZ;V3?X3O09br3RP#(FewnbClv20q$VW(;ntgQ2|X6ZdyMx|`84iX zKCup>p}fP#P70~-OzACS%HB$Juhir-Gim69_8;tNM~+RnzG#|R zkhqp{mC_D5HS!2gUWPle-lOkAkHSp!a}G(w6u?6};6*paO4|Nq8~vsj{m$hWC9vZZ zZU8mL*Fd6RF&QO~Twmo1$ULl#V$KR5zITiFHh-Snrl--z7D=uWC~jLqhCu!G-2Cj8 z5RB>vtYq^W!?$mmsDitJs}pDf&j^mduTW(T(R73%2t1v>X?NX5=O<`)-_-SOytUn! zPe}g)KF8h@bWE{2Uw^M|Eu9hPODo{?Ru3&-m;brzQdA!}--n1Skw$+uV?yt&AdlN<)mt!}Z@GDJsTAFUK zcGag0cMU#HKSa`O@WwT7@b>;)POsT$+jr4x3J>^8fKRWHv_0Z}!K^YX6L1kRy}!M9 zJP&q>RbC?h$O`ecl2%zvt;S6eAg3g%`CE%bNlD@7RqzA`9ysmo(h`(mF^6qtYrk;nj`_CJhL)luzL*^c; zPuunyj&m|9lx*yL6uc|6f3hckb=;AH)N09S`F|>U^`vArA(1Y}oF~Ed_ujAmVXf#L zearq=uc(cGINjr_`zJ|?Q)BAx2$iJ5<^20i5W}YYz`fU~ta+^%pB?aRNxy2{i`16_btJL=iG^w8q-aqw;Pfe zc^%2iGULCyl$4c{rM^I~R6-d>+!nfKg2nMFA*&osHf)_tWWw9`u5mxDFOQlUgVyFS zvE5Voz(FY4a*SL>rf!|`CWa*-u>0i(S8Z;9 z&3$e~S7;o?4^DF?R8~qgtIGS!JM=doNk=~Z21hAm1_|UNA7g-oe59@Kwe_J0>JfFE z&S3b~Crx_P2kb5S(n^J&rB5|DG}uk=&5knm+gx%hto_zAE1NRVn*`KXlEVrqQvV2y zIy{V&&bICuxFk6;paobs!Q*ro@Z$@_aC)Wc?82Y~@;ns)B(71OeYa~Y_*xUXlM`jQ zt+Bcf_dzeySG>A_n(ITg!XX5EUDUeEl;fkk4#(KQjqgfr{=2DJ$zdd7LXgS*Cx_K1 z35z(|ba|dhJKcBoh;pUZkCkSomkzVFj9OQZnRVI&|886C3DBN>0>(;;AI zbS+n38B#SeFTa_wo%^S+ny-4ypfD895e!L9@p;FdhelrmHL<)sR`BEk>*&Xec;@6P zO7GWH7mYwv-SPjqBI*;Bb1!~ z=0Lp;C4zgu8{|&5&|h9KoT}%^OyLln7%E8b_b4=9_=Kjw#T^sS)fGxlYi}y(9i2@5 z8Xf4&AC*nBBAMGIS_bs5k4nU!4wrB~bGsten3))btZ?0X#!iYUK$ytU9|t9l}9FqMmpUiG#9x#kNoh^Fo_f9RSd_CKpLWVhh8j>wk7f(5rU|=QeCgLDm zD<^(yIWe*u3WMO!0q`Va6 z7)zWvRXuHe2SEWx?-Ip87gHX|qQ@IXUXN90nxU|PptJ0fJ6f*;X6lY?3fOPg3X(m3B!ei{Ix{G&k^Xs`x zavgQGzeMP~7xF0kG1y(XEDC1oB@;!NDP|7pOH88p{3%+eAxHpS@b<|WZBAvc$Vi!* zs^za*|Ii#LLGlv9eZz#Rx~m(2m^g=-{{)RyntIr|Lw`O~UimSLAL*8-*II3z@{g8P zo=sT&X(iXhjI{?LPH2^|vaif&2wy@q6meeycRs$c`r@l#AOQ~n?oRm+nW8rQ+8T%gw%Xh0nXqvMnUVxA}w1dw-a96?n z3)tqoYwTJ3e$A0st4OYr?;6MZW?cJYOUumKxJhYc+L7saM*yg+(ZflM%gIyc--`cb z=4h0hZS(GU3SonlE~m#?B*;!ieQ+ZIQr&p{<1qKFi?PbAQPU(|?v!1f%@E}jR0w03 zv+4cXG(yxY|BoEKG@_CCWGqDrW!G232$#(tDCFaCc&OCq8C)$>rPdjEHm%YyJp zwI(m5{gr~4hzR4Hy$t$`MaP7}nL=f`pI=*jkCHboNeQ89RyUiebE$s}B>ldzw7Bc) zo4v1LscPc#MMJZ&^8N6LG6^6D1m4z-dMzM>Nz{n9rMO3{p>ZvuXzxC(CuCB-ulOrp zS4nUgW1QyYTj9RCN{Fv<6~NeZZf3pD8wA8Z2Xu4N@#z`Qq7Y>BkfQEyR#Lr39P?@# z&m8jrfu8U`v*eaHbgB;DWD9Z*(kP{Ci2NbJF1!K}83Tm4pGfGNAwt$mUzKRmfb}K9 ztowtlsPDSLpPl`TKir|vr{`os?z-?k3JdysH|dKmDj{A^FB6FGNF_wJF+#e#wU+eb zQLnuLJ{?$0FAFn7SPv*nr7+Rx$5@I{jyA_66bvzwzR7@13otD$pIcpRcEU$AGSuX# z@9<__RsGX2)pfJt_{kxJLVj6m%_YIC$f#tHUvRCkD$3FVl?0(J2@7Nd3_%{Sz6~@MA zSMQ2y+I^q`Lzh#qhc#ySo9IxoAU}slk2^`LW!L+``-<3iE1MrcvSkBJNTM&J&<(g^7oWs82x9;8pw|IXnzDz>^% zyOZaitNW@kO+Xiyh3jc!-qNm|WRuwGCV8pP|hNq_CXiB#VAZBY@io@-xHk?~55J`0hQs z06@HY3fS#k=$1?^q8VnY#uxdvnNvB9o}9myFD)u#jU-$zRinoyo;{|7{9a(C5T6cI z*D>=dF$uOO_LzqInhCRkz<2{B&nHXcvn|9LWWVz3FzW|F#|}@)k%rr#h2VRk8}{|w z2F@rh!4CD2UEou zmpsmi@g*4o&>z=M21+5Qu(md^iRjo-sAGe0^aglxhz?eK(V_WhO(p=iMay-+H(e54 zvoY&KU(heLw$`K69*8^QDj4{}fGcqRf*In6d{{@>X+pI$!X1SWs?U2S1t6V7dPX}v z{qqC9#w}DRP$HWTOvg=69k?iQx1uAIDxO4Y`{DWS2OM^VumaaXh2h~MY(3b{5Vwm|_{qLD@_4sKxza^2LgWhJ z8%U{qIXymlelMHgw;hB850;RU+4y_#ZM=aV;R-70RasmeA=>SiQRa$WZ{Ha_GHkt| z0{P06YGnJ@tD6sliUHGtZ!W5YxowJN1y;HP*p_u+|M`N$_O zf&3byl2~#l{wElC6Z04w*5f1zU#=51O)*kkNAp|d=}}$f@@=|4QwxTSh zk3Jo8MOF%@o>Sz7PR)eqe-W-AIFCWP8m|4tE~{RB`ZgTPD=1X***u(UaW7j8>Z@!t8iA2T^5-r?;|sve+=gkf0eiuI7tpN^5hm&75#BfadKy`SZ=;v zE~_>}xWW$JQ@>nncr2KC?SG~I;P;2`*0)Z1o(2bEJQK}>skY3E?>E3_M>DeJpMCCO z>$zLz@QK9+Qd{090Wo-~ECh|Iwq$sWjz{(Ru`xs1N+IzAOgNdBzkol)8)UE|N=i<0 zj>uiQ$Aq9-Lxg6);xl2l&^Uv12iwq}d6{lQCC%UADgixj=)HD3B$XdY3!ygNtDezi zG5IoeccQwUB%AU;HAnZFuf7Ypnz7#}gnIQV;WfZ}^(J`cJ8@S&A>MWB(kcnR@oNzp zTZ}SDHiAEJdr&ZQj8rT3I=Q#6wNb&UR`od>wn+q(^HQpAPIT)Kt*p|v2t%)wysrZd zDgWyTNOxjK2=89k2P3bI5TwaAf0A+koKF_zdf|jFIYcTXbHBvTPOj>`4%sRhSzhB+ zi>dTqWIO4>o3#NZLV$n6Ezy6}yj~BBW9`F-xJfTVUnT?qrpKo%| z9pq5tn0oi@+5&j8byksTec7esZdX&5 z%W~P~%{a_1DM2u|QT(iG^H!U&CjM3mIEwt)pe0zpAaJ9M%)F|Qo4o$G{@cB0HfZuv z75-Ryh1Ki|Vc6nP@ zF-K|T!%`)t_C~VsUkV2i8dQ{2f50E2B*SR;n<94yPP~6v(fkPIgq-+Yo#x_4QEg1W zbMkp#|3Z)iHvaKcL$5!uGgW z<*y3sIKK5P2;W=UfD?iXM_K$QI;wawyyiCeolQq}a8rNBA#3K$&MfJ`o43#p2dmy4 zdn5DS|3}kTM>YBW?>`H=kraf{pdcmjMqrfEk|KymhjfTYZgi)lh#)21DavS2(x5ve z1x61T+i#!mIlptZ{qdZ$v$O5F@B8(-uIqJOPxpl=pV0Z-(?~EpxT^FEblF~1;v!2C zdB48=jiEpW46wjJExd%SU(qJe5%2LI<5A_|1)R+#Jos7=8zoYD;4hf;^_nv>Khk;; z|8WxIEFJkU2EFNiy^2}x{D;4+1-3Iq3l93>tIDPc@5QJF6&itig+A$EeEuB77TzN8 zT(q6c!eAZcL({jjg5;r;{Jbn>mc@~a{H?r3 z88nTn!y^8TH&#zw*@I{WF5#MsL=+sGAWD#k^7^hR61;i;zgp(+2qCm+q$=u%!+j4& zMQiz3wj{qb#64nstOhI6H%HOV{N&+p|77B1cAeu3fy#l7U`SVxv?UR~@C+v@=@POd zk*vt~-)ZqG!+5GY5%3jS_Y6olXM`x}p)FI+XtrSd<4iwpg6lq#;7gG36cYSjBqE7L z5RAKgZbqYN|SYZtR3t5hPbEody_vx)+7 z5_aa&#-uhk%6Rt`)P>NnUK8I6ym_h6EjH?QI+BGcI-TA(@vPJC1F2!0MvDT4kQ~-c zf)^A7SSpc|l9NKf2H=r!pk|cqPozC0z1Eyrd0@^o-c^nwZ%oB``GI7k7uDB;#FV~* zE()c)8GDqpQ#TZ=S=1XG+L07B7D@H*77A})8yez5z}G|UgbIlMgmL8O;U;st*wk9@ zWM#e6*t{u*@N7p1Kd5~Xs;@c*#IRC!-HzAckALk)E|)T@KI|N0r*f zff(T5%RhjFrvYm3BglTqWIbh_v;jMxL5C zqA^5+Fr9X*+M)W^h3M-T^he{jmwC^Q#8&0+!foxn>Bl<{L2S5?`0XIox>G2zeRmso5VbI zp$IwcIJ7o>t5ZtAogVj>A|7$p+=$;m?s{Bg&6`1SMfD{ssJE6L20|E7zaWnl0+k?D z;OrWR_JCw~wC^pjqdi1O*@bx{>hyn*wAgo{>IzmRroJWXEGZ#dLr0l8TlWXgiE!0c z75wc0AR?agvwi;?5<#T&R)-7oOp6JLV0&RJ%cRvK7bYyu3Nd)GH?Djq-~W+}|d%h80&5p@3e#FnjYB zUHd!XyySLzI<4wDjN5p65^82gR${F7MD$Z}m@#+S4ow&8bPtP6M{tf0TbC`Xu2o(~cb9QY0S^d$MZ)9#VuchIX(DbDiY|4T5vUju zFF4fB)JBOmT~q;$za4gvonl3e<2r6k9_;r)#&7QVP-g@#_$1*(rkl13JH9bii?~cQ z*pN+qg>$;?nXLCt-m8C&0mGy2)wz6GL z!cpwt+H^1dI}pX5M5IG45aj!`&#(W&_WNNg-5INS=?89|@(&F<&Oj)c^MP!yoo+}K zn3iI*B{SG8Lh0anHiI%_hEF%XhHPudqR9IBqWGsxz4+R%qmoDBQuR|?Ua6`-X^nvc!+rK52NJA z?75cT&3fi>oErZ|Ihs~K7L|7TpgWA1*uQDmX9nFt>hQte=xt@!@*=Tv|NTYYjxW7q zd@8>P+Vu{=_jxRuh9HKIS8iWpre-Qz^OXObOAMYc+LYMnF!sNYIhR0qu(-nr=V-F< zN719wyf4hMFB9)I4=`Te#iIXy#x9SK2uw5&D$7zU9ZxzQjcDEyBL_CsH)XF*#8g&p zqPQ@VOVMi)Yw(44HOT8$8qX+0jD=(161d>QDgNg(FRcdZ>C%Uu`%eX|rug!EaKJ=6 z+3RibHYFE!^ys>mcOm5Uk&f_}eQ|cnhYZtp9Y^*K4@Lt)%M@Ex3|L2Q&X2)i_?7Tx zna_11URauLMEM(pb%docft~0m0p7%J(_m`V&OPios-n&C&IQ0^7QuzO$GTngT5A+X zxO=3KX=gZz6l@k44^@wV$qG495umiZk@iOx99Z)#0`EfliBzjwvf$gJNfINqe@wvF zg}2NK)$=sO;0bqSE=+5Wr4lQZ@;@Wk+*Rg6a44e4Oe}P5$nmC#-~mneu#GHI79-46 zd|?$r)2Q2KMU>Af2+i5UP$0HPgXvnPH=@Q+Xg){AKp7#3c@nhD^U9V1uJvaJU*?7O zN)KP#mv$b&_&>$fHp|YiyhhZ~?{VBbG=Za`a}MJq(GIqR?|JdYDVgNk$R9l=3-4(H zf0?01h8`!L5wi>@;*$PC3{!ckE0yl8#C^C~TRZ{@5P~rhIRj*j$Pgh?Ekm@?#t?{A z>mmc`{b21om4->Rs&Hl~40E;>SKgiN zg(eVTH~HBRL}nry!0e)EicEAdDfIbGY-hA+hFcED`vjN2x2g}SBphHU+CjQGcT&GAOf{n?14 z6tq0sMN^_n*4n?hw(rDh$QJQ^Z{b`iFVXO}EEVBBv(HG<2^0UiCmPVVblhE|&N0Th8v@33WVB;uNl?!^Hx1;%mHoXGpkzunR~5{=@(w5&uxE34K@J>E zWw{fQ^BUd=zeEJMk2gD~L(vSRQe7k@UjyIz{YKmnrQEVIM7(cU@yWl_y1kI;xzHx_ zSzfpFx)mn=W)_{}$Yg0GPL{F@&fo<-emvE*A2~fq2Vr~%Ou7UvAv_4<{p6^ZOc(E< zEHV4HAfiDz7{Nrmq73D4^XYXm`nUVVKAw+faEGTiVopnYZCR{=)03+S&*qL=(b;Tc z%EzmL=%uz-vY78grbbxx`QFTb|@=Zlwmv@WfFwVb=NJoOrTNP&eY zf+k!xQ7Sw5769Kq_-TW)j0KzZzJngEXKr;)0vr{#1VTSsb;_9O`A?pN?9iIz{r&U7 z5YiBX#7_`{3`TK1{du%$xD|J~@|{F_!@h z;bt*zioDROn_cTBl4ys!9OZE!P~803)S=xAlf7fn8^!+V))84rO{4L44TIdWKWE;F zA~N<5TNd$Odz;GXn+q!3HR9u)iPKsrh6G7G*=GOp7}+rl_<=dT8k0@{C?g zm+`m&r1$aSw12UGNPRIBPgTSd!BMUw643r2Wkl>E1O9 zgWKPj($g+*H=;}M{nMO;beo$KVnK6yKyCLdHd0W2Yf6xeHq(^neu!M)=2@QmZvh*L z#?y_wnuiFro3yb77G*4=7XPpGzTX60Z$&2VU)AFMo06EVt?lIh3UZGJ9}k08hz2i; z*nt`fBV+26cUM_LBr%y_;9C~Nb#x5)=_PWF54QB!7QkunE4W}Kp9-k!f^6%t>zxD> zz@Y!ScE6eA+tU}hLtz;mN7w6?toWj~>3*e8LMv%PD7Ja=e<(+a?MH!MciCy(IR%M^ z1`|^UAtk^~GJ(cbbFDeD6hhOSj$=gAhl4`6AK$l35&&FhPV|Emt8OgiI8QTJ+j@Mx z6g1`YHP-H{7j!hTEi-g|@p~{X@>RX4iyF4dhzF|GH1mm8kSo z9t^-TRC)`d0k5-8nrldrQ)x^YsQV`4=C`EVvcpbmn?gNo%O2OY`{T%FkV8-xMM#>}z z*Uhzt3E3YhiL}XxT{#sug->4|7kn{+ePk%B$kh0w!CRSrIJWG#hf?wGI)VOL1iLeN zHY!PvPH^=4htIS>(_Iqg3!_e(>)QKba@{@!PRxPH|)zBc!YeuFd`y&ldj|B>WzMf4is89`=Zs*2IJHbX*(5y_l z5joU>W_|~(;#Ob?bt2+WIoYxEaA=#$*a(G8>Epbz;*QNeO-Ynu`_W{g(h~E^4$auI z%UEmM`y4`&BQM*z+J5VCXUN8$lC>iemjbZe zE-k0I2)OAG-g^R(y`wF1Igp<9S>7Z_#DLyvEc8k$<-?z*;{meusfCmi{H_cc?GAYz zhmvmuRB)2fYKRnlyy8V5##*+?_2U45TocI_e@>MG+{FLi@*4h!KY3)Eq_viAZF@vO zTRz!~EB$=`zV=R7RJ-V!H9&QXe?^jpkmArKgL`PhURvcb5IMC*3aH3oZu(``A4Xdy zIelgUZpLxUgb<@FLT;1all}yn>6O4Kn;_pi?mtSsXnExj7@8MPb$~zi!{Oi7{vrB( z@iQ%@2=nR(a!lt>o)H4H%z0Bz50rm7rSv5Us{-|KkU znodp7;=icTN2GzV z07ayw{0QZ_IRG(S(L%>>T#jRD(&(Qg=sy)Pc*>JfmZ@Q)&6`GkR2&v3WM>54X;PEc zRh$?H<|t~OVVt91Xe%Di9~5q!{AUU?v)N;~IBmN##M7Q4qgHKr^ic8@AV!I60&@2x5%)D(XHD~ig<9oL=_ zOBfN5?%d)0oalcs)V>WaEJZ4DfzaonOTyaDSzKpAAPC1?p-hi0E7*{X zI(Jh}10UrpR|_B}h(;J?-W4?%r89HVKe|5-GHg5a7Ey^*hi*6TjvYNN?F%05cA!_$4>5n~^5 za8A{o4o}I#UJ%OK1|&8w7Ts)vS5%l*CFpXb-+>y4e>l)FGaY5GJI8 ze-2Evow`$mM(A=V&8EGwcJG3hwR!J~X~Z3Bwd}?5dpv^2AHtGI)wumA8S!B4Z+_ae zAj*NLOx>BLPgFa`=q08bhVG06Ipaeke#z*A!w>Oq8rIcvsyWphy$mW}SWZTMMjWrSn%ix8E zq{aJ;c19#gA(*w^$MCOW0bdzb0yl&48=EykTa$gy^HElZjWvv6ve0dbO6@dYf@1_A z({GSe8pI*89X?#`a@DeDXnPWlr*Cw?6UwjdSE{!pms?Op`fBU6}`5k z#DQQxLA!61Jg|3S;R}(qj$gdY^eVoZj&lC)XH$aLQ0{LJ2 zc1K9mKc|D0wj+K+2EJpAdP;_&8BOgO105PVEcCcubP7rEkWT0_Vmrx6fxMsmCAFf3Bt~4cbEC~H8j+fHCbsn{Oy771@DlQPbt!QNL6M-vS%;8 zhZpX1bExaKFQ@)wk>Pr1CA9MZ%#IoE$c#RxezbBFCkWi>!rAjjsFenSf9#8 zK%;rPD*iORAJ~Y}v9NhJ{Vca@TPkh^gRrMB_;rqC1tbiqX{iQ5&kDh&9m{*sc5LUJ zYz4%?7l+YslElD6?cu_G&>gCzK!x#o^sPH^v4-;pujCH%&{~U(z7<;vZn1=XiV{Ex zuYuGeXe^9@hffG>bLz~}3Ou2|QF-eynyq<&=xH^9B@O|wCUyot8LC%OMy7i?mGEC2D!RmkfI+kqkpf>whILz1$m;Jtjt60p5h z|7u1ydubQP`IRDk87t7a;ZT=#R3{4j?K{G((7oOGm3!nZ>+V8mqvuaW8#;GtcPt5B zIe5*LWpaH)9gAO5eQ)SRacTsfyeDk+1 z1n0EjrGE<*0U?;`zrCZ&MoFcc7@CX7{$5)6p5UcSGV59XqVGdy%q6FH z6jB2EL%H-tT!DyX8AnQw42Z#cu_Gd#psDDPBkq0cg|ARuN3C21Ukn$V=RK-r*^Qyq@jSzgG0W-ehFDa<3YRwVyP7 zgx$LYK>;nD`%s%Absj}G2{kvj*igPg$={)Vxy$`urG_ITp2d;s$4PZP7m_G0HVC64 z`=ynVO7@Gl>S>(tHIr-goHr4)d?3EN-6zsU;(P8L|P+t z1tWOM?xhiY;l2>8)K#JS?1Mv^EefKPrl~O8u7qJZOMM5AV|9@Ookl}vQnf(=Mj!yf+jSlX0>fgeUty;$r|}aQ z4?J}2tO2vE2HyIXJplPBu8BOa9Ta%@&j7d3&mNWl5Olv!d01aba10iU?-j5UuIu%2n*kYL2%p>6z~x zTpKv4?cbaKa)2=Z4~PGZ#B1%|TvOoU`S4sA#7J}gOQOI;h%lU&>3VZ4#iiGFi6t87>XwkF)!(G-Shi0!_LC<{7s>2n^SgzuX;DC4#sw(>_wpY zjHlptFG(gK*!a4AL*U^0-Psm;hJc+@&-mcv!hDzk#1yQwYh(N~E7Y9-t+0+k9tt!( zv7+}%`M%4f8QjTuuS{IMWAbUoSz8L%gGy9r&Zj!bt)suI(vXbj*N_iH&;ax#KAA8yuTDJCI$QM)appOESw119` zG{}d7N-foPaYDwL&|>vuOFK?ACG|jN#TOl*n!VL_bzFkq%Ror%j{(XfZPqo8TW^{1 zYTUD~=J_7s3^h`*GJFZ;Lmx0fNY3j^G21z@^imaH}O=9qces3vW?xd zD*>xgL?>@{>Bc;kzg;cp?il2gzyRs!guv}Ts)O)0UWDF_0O$pfr2593056;;hd~8D zgMolFpnS%z`FKUf{lSyo9ILUinn%pZA+NUJwemK;57B?do^q*V{p&?RE2k>4*6-@`I7SQ=# ztIgEKLGLUl9Jtns%^1}_!cc9kZiy-oCRF394K6qnaer=@saOHLAQesu)w+ggOin&Zk<;DDvg;q<}vbvRRKsJGHx zG8bcxQzOzevQ8((LV(m=@`{~c-8{Q2K-x{8%A@^=SShC8hQNM5vanV7uzS1M%*HK{ zoNey6Clz7a9GMvCF{KzDDyNGf?bd~|$QuhWWWpF;i_!K^vn5bPOOiYr6nrsFEYrun zxQ4eyEg>vU0-D^M`w!hw6o+4N#Lnt>A0!Ye1HfAg*|~JjdfQiIJLDi=$-UOF*_kn>%v%Y4>^#N0LN4JsU z?_LVt3By0ysv0=hrG=aA`)gA8hkr>5FH~jzWBoOv#w$cjHmdVcy9dgrM|4qW*5lcI z&nEUeR7Brr{>4}@vml>!ByY8u=`hYurSD^?h|yS=lh+I}0QZgqCOW46~)^oX-pMH5T6Nihr*hPO|4vpBEDAOo*t-_5ibdt6l9{#DQ7H>sLo6-6lr8nO9k+cxeKr3)^BO*EorLRKd%5{G zL~^s1A(sk<4{|*cJzC~!`Fv#Q^(S-2&y#L-loM|>s% z{*5}Y`bFGBR@z&ot5rs#eGlgw2#0Lzb$kd{2KcQ1=n%k_(-_v*N+S%=C|db{|4qx& zlWc~FWMUuVSTfA(BHV5`{5oh}6fd%|#w3P)z1BV&AhDnzXMR~(%yC*gEp8;4tVKHt zmp1WRQgsob|9++I&+QZ{FS8yZRQ-)*+`8WN?9>$#%z)Ba=;AHz0Z5w9)q4xDT_I z+vt4Bo1z#$q-b<(OyZ7K?Qh{27?` zEx2p>iONQ7L|AuQA8)G+L_YdODTzgD3EP`BdxA1)5KrNZK3krCF+f(#xr>8`wb4T?9 z(OZ_%znhOz!|7dc-skRFi^TSBubIvveRh$!tJx_GVW!QBU}Q@*!!&Cel6w0IJSf;^@0rk{|K1 z9e%lQQy;XMV=;~R8lDX{StF@)AE+JhOT7AZBmCjJ)x~0|ypi{T>zVk*1D!1L9;UcarU6rxkX7FgT?nT7v-f6DYOdR^kOZZ4fn^7<6G% zya1RPI0}My!vXo_IOg2PD@rc)TZFc;GVtm8y};?Uh;u58y)YqryAHF2H_x8ccAD-<%04;?ra7f+p+U8Zi-qU1rENls=I6d zMulyE-m!e}qxqVmh~bt6JAp1@9z@;7I8tc&Yk-m5yCa;xZ(+@cUsqKG_}{jX0gH`_ zIpV+X%ie|JwS;s&^_7nI?cR^26B!oML;TrqyM9&cyKIBTr|rK#|1$0W&Pr?C)A=R! zIAa*XC8x^XFf{-HKjA4iot=Zxu*PfG=+`%)$<(n?=>6E3Eim=s?DQnAmb z9$GLYOnnViMLPq6qE?LI!h+O}tNNEwl0<*>hxBJM&*x``$Pzu4 z6)PNGwZ>j+fdIkJ(3mA34=sWR8a-?iQyJ$;#Z#jC(^p5BDSU4e1s7sE;UsbDG$qsj zTDq%CrtfU=wBkdfY~fub6fk;B1^|^b0Xtna;+Fntk&-z&7w^`WJj%dcRWFW;sAyh&bZJgAv992&F@h5CWqX zNO0oV^_PujovddGIo_5J@>{UO&xbt9`3DEs-O5r%rzxBG)YFEVn1&Nv&KtvP4E^wK$nkG)RWODnb>Gn0_-QTW$bO+Sh-P$`TM`zb4t`E{9`*$Eyl?0hOoZW;&DYJFgxfK}q2!aUk7hU*5~YQl-&*i;3vAgzdr_Sr0(Qry75-U9hm&mK#~m|U z_2BtjYvE}Gnci{w;lk1J+^sh`-*7SWX%&0>6c<;!L_d!98Y7_E+WtH!dM$v+AjRwc zXQ&vxFjc)qL9}>5dSA`fRqfsz6L9)51US}0iii`vxcE-<%S|ibe5Yn8wQ7 zm&lZ=pq?`XfJ7l5z9FEs=CQ!c?O*scjdO`o88m0&(sSG$MXG21W+TiSJc*`*jmvc;A%3)N=B42 z6eHLLwbe-)Aa>OmU~%oDQCue>9tKg$Lk6Ib0jqb3-&tdM3u#pd$$bTNKRSMG=Izu} zT;Kd$lvMa8$rb^f@w|+k-KnTK_#Ql_aIxUkc08gjUK_p+2b#b&L|@M3U*wIh3{?-T z*S!<%`da&CXSuZHy3ttu@imGLiz0EI>|*go_E8r2pgqh&Uapzc-Y{i}dp#Uf3=~bp z*70ImZ*D9gSJACURdU<5!iAHcXM#gs=yJb%$f-?U4dXC6BN6_6aKYGyAeay9?=w_l zzbI7iUUCt57P(vqw$ZxKGemeVKOd4NzCyFnjbOk)2;=#(kEbN*e}#%*O%Pt~C~+0R z-X7b`$7ISAg?ttY1@4#_p0CE*cQxm!O(iIQXeF-HD#0k>Y|O6v_chcuDMb@xesv4n~Fn!qG3`Gj(G^&4^hEW zt;B}7zbO&&uV6%WN(@8#2OM8EN%)ZxWjo2Y@m$_t&s!v#T!l|KX&;$mBVj0X>`<0J z2^f!E3=$)meFF?^q^MKRd8XLPtS%xc(GQ11b<5br(DGCn-@8WNmQ_^rt*ol*zkJE` zT9H(Xy_oXgI+@ICf>Uu*>HLr|*#?lmoLWJQBvAP#&a{0JnqI5*S|>K9Y|@`XHN^^M_jWg?9byVtwIIH5c@swQ4F0N=l9UW9~l7!bD5zvguW4S+%*gNGF^!=7l9+<<;1vIPDC zdr%QxqZ>2zi20uv!PxrrRKTTW|EzDV@xJ>}gsR$LkrH(f0HE z$+yDKZ+nj?zu~;vPTM{z;_V8%y5nr(AaFYCxS_!5Aw&-&Us&fwPPvaU(9S%dhhe)9 z}`;hge5J*YTe;xfMhQ*f9sFkSwBJF&k0V;BN> zyG|u+)<}tRtLhgqI#(^tK1J+(OYvV-)_L71Yrm+qAnA2?uF&Vl97Xr?UUFg8vY6oT zf#3~dMGsSHZ+p&&=+5c*7w(Is`RHqWo1+O^*@UzxU5%X1?@c<}^Xl0?!Z<$SbSl^? zMHnEb-hIJ)q7L5U%w`_^hChnYq?O^skN}sAgt8DF)$`qj6<+?^R64HiPZXZWc--U? zj7Ep*uz@T&SPmLh*ec1snip+?I!wnTEkY5t*#i&1&z`(?2xOKIVC{(Ax4W{SK-L#q zt*=K^+XsB-H8_Vtg9T$1D|s)wNpnKBX+Mu!w$hh36I>BU2J|zDx`^tjDFFf=k}4Tv z)6Gj}$4X0qy2u%X-MXYC?~O=dp}qWEeGl!C{hfuh&I3J|Dpf++aP>Yij5f?Qtq=F& znWn8NOLC-%%3bdArh0iI&G#h&)yI=OgTbxVLo2tM+%E22%Jq=Q>v9GqH0yPSwdlE= zY=-1Ru*{UcWHvG~7}5G(X2QInPm3TXd6aBi-=2ky>23503*Fn2GTIWq%P)f^Y99>M?Jm1N`^}&zdFp!t%yYsJ=7JEke#JacUZfT8^By zSj74vb%Q%oW#+WaXoZv&Y4Pwq2p^<-ni*KR{BqZcgpV5D|*o{X+{TGmaoZh@%bt{kvZK|iTcBtAV5vmSNY)p zbqD`G!@wzPx76RiU%#~fv{T^E>|x2&(di-WwgRa_`9DcfIB>8$>l_y++reNQ#wDN2U9PpgkhTjj0J!DgjJf9h8BKsffU5A z{Fs$KESnIMn2BBn)S%Q_R2o`hWN9O`6Y}Nb!zUH=RPOHbPS3a^kmAH{?m0IbX+E{T zQWyiNgSUTK?_9EdeBnJXCMtTfBxRPzVPrjx@;>3sf&YIkzzD_#QU7~I0M5t1pnyl{ zxqDw9EDAIqcdrk;xTs>zlug0US`#aSY3_f0Tl>u94r1{*sycb7?AWh$_Y4=n!&@w_ zZ$e*jv;2(2LN-Ua#a_9dpRS5Gg11Qb$tUgz-fG_i zfwW>?r~Km3zkZ#g3R~UHMKN8nTv!+JNNykBZavWiP~=4kz)IcHuPDtv)(E^((gLY~ z-Flx?Jb1Fa_~A@aZwLQlOjIit{GNB?(BXv+>#8sFy|aG81c((aXxb^n zd4h1i;<^K?l_XY9=z#@ctJz4Obdmy=zRWv`Lv+Y7>FRpjh1C+E#lm{U6( z_{!vJ)SN*6j7lz$vafT?CW*hqS-WN9ftJMp#yI_TKh!dZlX$JG{Z*Ty3I$Ma|_zG0MxJ3HI@nDEX<^Kc5yJ z#`5ic&KB1#rP^xtnVl!dH>V!lygwcZEN?0R`1=2TioW>PN$u<}GSt9Tc~ATPV>PvJ zzoZ^mcR95PcURudHI<}`uyX+MON@lw2*kt$HNWFh4(TwW&5rn`7L`B?ux3IXY`|n9 zG2gqyG{kyYRE1+n72Bl$p~?jxBvU?#XXTBx0(X`(kkQhEIy+wyYK|DE9Ze-L0Q$b- zbDP)auob(y&f5iNzCjg9x6sVgA_8V1%d9?o+J2)Q$Ho0;^EV&5iM3Fac3 zNFn+!l_Jm`WGMbyxV8sHrHOou)Jg^RK!$t-L3{l$2L_7iK*H|X@_Fh|`qdtww$a}b-dU+e5 zIVof)<}PUe(6C2Q%$a-686kR8Y-aJ)Q6b8G-Kc5JMTDLX9x2+gXzA$FBe;vfGlKAj z$OIrmsLVq61vfHNPb%alf+^}kjlSj+!8;-fb*c}>&%rA#$LFZI+|u4f(v>BR)I;V__h|e=@TK zTOje-8*u02t#J?;O?yl5s(iKCTk@X7=Fe%rP%%FO9y=)TxUHrTF}Y@|yn|=hm%m7h zgS{9xt>KQhXt{m&ZuI^9w%$vs@aPYHncE3%>TfI*OcYM#P4Ih<+RhUBwu0Td5Yy^A zgd#f~Bfr84NQV>_G$!<=kPk&fs!7D|zLWxCnCrp_u6oVa%6iu?Ocb3!ETc;lP(-u{ zPGtu%GoVL~skkWU&o6k91%jXG{Wo#=4kGdFHY@^ZkjjKyMSx5Tfj`kS<`FYF1_18A zp(P%c6XhVWXjWIsY}VM~#MpVN?l!mRf+}vJq8nkjOO!Zhn`SFlp3Eu%#I`<8W-Rgj zHTmC+3@0boE*H_Ut`SGep3j_!D4oa3LJ(q-YjN*q{KlB~e@Ah&@97HK%Ng&vOk4L} z1)%zu%@1K_JU?BkjJ}pw4z>~joJwwFXiH%o{_qhJ&H}ehmx;5pJiV3@krvJ`B1yBW z0LKeSjduQW`6mG%HCbsi$5ns%=n@`1KB?$AT@|5s`afjnq*@GrOzqn_D$HmFO25dQ zlazQs_UFFlGuCpJzK{G&I+=W$T4W_by-L+`x1nj)^xb|zPSmC&FtKNE>9D1MB9MrA zwmAX{{kr;*E-ivo7gB`U!?p0S@n1Zjd~mL&-R9zVfbTPs`R2FIIn|V)_}{D6`UB-E zknr7t8SJqLAL?UiXn{nOLNm)OqkogDbnIj$V?1^f<#O(h^(^rNy z`MzO48>73sO9TV~35g99q!a{cB&1uUbE8BQq)YM#7D_h~8zJ3FHz*<9gR$-1|9y}5 z%RW8Fo)6o7UH5ffXGHXLZMT^k2jBTyf%q2|9y&GpeayTq`@@tRI;Uyzq$a3k;3?dz zY zx$gHi3SO)TI)bkJ4E%1k8pUbbHT%-4mRv4OE#FG2Z^|L4^PY=!(tM-y_}@qCT&CM$ z1IEoIwh2G*-=(_b^;p-JPb<6LWBV{_GXKTwn0#6F0m>i15x;^KxxFfhL)QbTY&swd z_4gdgGf~$|7e9Yt!bzzS20&~8-mKs~rW~TCbefDd2`-nkxLnEIvAx@eFQfx(wOf%@ zbOcS!F4k6NHYBw-fJ~Ry9f2&`{^&ixEeqgH|KPm5hpMblzZiO<=!p&p8CPt}DFsfUg?vW*2L(=qx<4?R7#5OsAi~*IQCF7m=%PF-Uhlp3 zJXzek{tHkMq}XtC45k^tAlP>q<7B}{mqSi{?q!Y}aIbIr0Yb;GXd=QHP@=Rzb(B33 zqcGD=`71lV?J(l{2D$EAN&JFZFV1?7zaE$nFVsZbd+7Q@J9Qd9F_RZXeg4>Wb~c}Y z%nsBC5kSX(6&ueeX3JjK?p)=ne#1!l=D(n{AR-mG>kEEpA;tlvaz52rGK!2Cu-^IM zB^1lRz(al^A(lzEM=qu+X7Ql9)@z5nbG}xG{9OZ`kzRb}1C368NeDZA4kXQ?KE+Yu zWcPX?OTX8Los4|eh|ON^k;i4i%{A_;0xY`&0AeSWE{VzJA>c?BWlv`G)}>GL$Iks$ z1AML1OTV;@s)AII1#6oZkdzPR zI}-3reUM%Q2?SX3PzbxaQ`JV37Be`bf~#2bqrrZ?C*P!xX8PojIZ^u@sxtkU8p$L? z0vI~VRHeCxnpC?xwYrB%4!#FBt1hAE={M9CJ)Sgc8DN3QzpIKbxAUSquWzu;yr`qM z?|1vKK!>Lku*wNV6!y%Rf~tjI^l?8u2+1k@hKiE9oqt@?l^mbkXU-7ZUO`{QmD1z( z>0(JXNe~`!J8kJ6&Z>njdpMFtidzxXy?#nl*7X!aF}z@AHv!VIKCeqRBq+v+P&>cw zW=H**+IpeiT+zVpzx%iOskkRJR9r5$7ruojR=DJS9e-aIt9%t6{xEj9z-%LS`{ET4 z1}9~$RzHLLBEtk>0j#v<@#^EL@CF2&!x zcAZwN}w00&QLkDihoRg#A9lb@- zKO!k)F-qyk;&a>K1{*R$=Tf&b@0N-g?kF~-hIL+$rSd&Ek|Mf79@5f%AWCCu*>L-t zxB1ud21M}B0CBJSf%Av9x4K?-MDmK5ArFTzSgHChS$8A2`6L*erVcCqY@pP* zK7|)woklo0=kg_<97v3vb4UHP<_vm>aL?zi{0YE zDX@$_M`UG5SeyNo!Ce^<0edr;DjSRV*VK<&Sm2e}>Qxh?B2jQa_&3;!hrn{TZ0D$u zYEK-FKLssy#v<)pYD`vA*9n3NnFSi|?@XeqGeSx6A20MLe~FY?r=O{$kAL9$r1&3` za-~4uP|ALY=T2a49mo4Ej`+IXNuIyIf!hyEt*K#ILS@1#Gh~87np41VWCB}mco@p4 z0vyLV@_xwrJ8Coo=-@y_(?wERkfUUaS+gVIuVNO0IDm35_P}yY?_c$)mj!+&v3fXf zW|(zxW2EcPb?SwJ2X+lx#qpI5tA8yaqm~iqe$M6g5U~_23^aV;wqay(!?2owGu)}!M2by)Fv*PSucUXTzq}q(IuqoxUFXpH9%Wv4 zK80mDG!9D6U?bZ-1H=NorWq{^}pK zuQy4Pc7pP<5jv!EmM^i)HYwzN%+Si%`sJrlsq3{LmlQ$= ztqe_^F{&g~KZ9&7UWWkH58(P9mhl+lzs>q&zg;YSEAMVA1WP~3$9;r~a*S}ow)T_5 z3WRK$H+>g#J;4PLDv|rnFVTUdc6bM=#8=Tv9#=tEJLpJ1#yj`-b@x9-(nbl}-6;|4FoJ~WP>iB?f^m9I*g5Hz4{@=vbZI#`=20r8 zvD5$K7SKzmCdWCeAJuyrWSCX4E1gJJm6z)g+hE?_`nf z;5KK!3%FF&44k!IMLsHS`<*`m5Rgv-Ke072z)uC0rv1M1b-m>8vr2WR0F%*=1`n-p znu+LJl@LBAH;edwwZwnRMc2De&DH4Kj#+;!#y4qbAYd}CjBK~awb3VV2C$`0xuvBA zT5%4Z7|R#NtG2G9On38GNe1zZgRV*L+a`#I%>0$LWcis1~~VY%+=PkrwV1H9DU>?)+tPRDXF7NhV&{Ho=cY()AKIjKnXe% zT&=ZpqV-*^sSWiB`}p1jf7Unk6hcHaWy!&$(QTG6Ss=XGcPwfwGIahhqY-l{ZgqTg z%vjY?H(BWy(G~1}0F3iz z7gM3EHX#=dMi{;N?f?rk^MZj7$WecO%8Z5tbbk&cx%E+7zFijfj5r0v_f8CSeVF=n z$*Gr}nQWMhQ`eeoaVdIbn%H+A5nA21ZuLM;^99ZV_C;ez#_RSp|V2qGr4B8rr& zu)l9*@?~y>m+Rh6jF@b@mvZ!FzPUqgKAwBa0n}gptXprcaD?5c8r1) zIG15SCjow&wKTPlj`&zhndj?v9JZmCHn8D%cYC((d$qal;-4SQ+p{`shMsuEy1;e3 z0A|e0x7KOxzp0_)uJ`RVtU$eYkIoK-_02O`@4T5ej}F2qFjh1?6%{{Ex40455|7wQ z{1dS3qQr&1eAFmLZPZ^DjobF}{Uc_EeuACYmca1#9<#2gOZTjN*>E|&`-K&KX1kF@ zAjU&Sn;EK}EO9@cIJUJ;TKE`83oVS_=<>2(f`4N$ke_ncDkRX6dYt93M4>j9wh|rQ zt3}jbxt`4!yg}x>e~G;N@Qp`~z2x1^LDsp2b|&-;PtRy=_*|grKL&7ZKzVW)Od)@s zov>Z;ngs!3|GkUCTWfvJBYej#o5RBz+VSpC{3r@30m3ajcgO_e3!Mp|yOrWYBQg=_ z?%{1=ldMmHadLYx@G(Xsm->dl{x?hRqWaAr#g7i}HQMcO$ktq^vbIv=l)2FcVEhvM z64xryYAC=Vl?Q=$l_ol;WXd5Q_%E~ClhWz0)7SFK;TT->2Yj{7O7?{wg~xfs*0mu& zT{N6Ni~7&-F63d#745>31wCVD8!xPwj1O|EX&(=~&ADO!KE5h7xh@qx%QUb}MD`4@ zFMw{1;G*}}IEADd=EaeDI&Dpw)!1!#>i(a6}U4hl$Cw&iScx z^9D~PTqHIL?K#mG*^W0Yn85^HPyaVshqo0%lY;Wy9tB=tT;UEZ`g(p}FmIxmvE>ep zD=T}7o+VE+e!orE_0; zYYBt8{xXoKh=9&GL!rFD0X5w>P*-62r*Ke-E}~fqrrr546CeoV`EDc^KW|P=Jxc7r zZM9MbpRDux_#Ibd1{P34kk4BV6eVn)2P`&U52GG%=UN2rHA5Fidd}8*vDdcvWyzUJ zPoAJgp>}%=PU_|+Uu^5SnWULxX(3Qmq3Hg73yN9u^0Jw#Z0w&l6`fW!&HW0W2g))> zHb(J7<$0B7DQ7w$`_u%+MbE$RKCm!?PF@L6kqTaZD+YQ|RU^Fa^F*}C`!_8g&(911 z<_krppt~j2Z8cMkDbeLf!g*?Mzu(m=V z_IuskBckp16sx7)H*e2>6IJApV-zOZ(U$Z;o-Bqp$?X>^kRj;Desd;!7?*Xz^U{s~ z%K!ciZL@kB^B|*Z&Ny9B@c!1n@5ht^!xrefcXmb{<|t5s#`bEjd{fiA4mlN8Ys5?x z84{n3z}lEcIb}i4n=h=hZg)FTd-&pW!`6cNXmOz8m6yZP6k#?mW!}4bbvj|=H*!wB zJJSrWd9_Lye{~$`kpNnW@e5&mcieq`UNzwvl;amlZB2n!lKAzsTY4p?VI6aJzt4R3 z991@is(-Ww;B8bewgMdzzmO%)k@&xaG2k^_Z?~i2UV@I{dK8dns;2`pMm+svJ$C-`+s*txsKPMCSc5aKW5%hSe3e z6q0uY7{76AH}#J#<_@0NiO5L9gJr)`Oo$rGpEA@%`S?q0`p|W2WtwH3;T;{X{#Qvg zG9Nw#&bb?iVkA}q2Q8AYq+DYf9}NY}IX%NM4}LG7LM)*blJ_cH4a>p^bcbw}CqX2k zWH>kDe&{z?%g!Z~1^7 z--nvb@D8jq(kb3x03M<6NfbpB@rHUt*eEGq`Ki=41zi@zuu=~pL|*X`kJd2c)y1jP zyFs_AooV(kL3SEoRJARbj>%40hjOE7H+k@%|3L_&M6^VQZ7Av}V(f9V5D`^$y1w0> zyhF`~jdJNBqC=?#NrULHrCD96C5Itt`T?)vq-c2#k(({C6n-HFw~x06YwVXShr`#& zZ%(tUj;|@D97f9(d=IG=O8+l$q0vya>!1YwD85NEK8c$gK`4R;JtA~gKPqXwWNo5a zS4&5Sz!Lm_-*<~95Q;?K+3mwprZn9vCs3h_QK5|3m@K)OUzdq?sEr-n*QAPu8WU3` zZ^|@X_Poqml@X&b2~}seT1Pjhk1pnHW|S=YDH8qZf7}F_CGl?yJjs(w*zcllC8K`OcfO=dj)AYgA6p9_7ac)lEQdguOjji$@u z#Ac>JnNE4wzYLx1o9zV$?*UkD4Rl8C487Cey3%hwwrYaN950;t%Ts781|O6z7dcYpu+n`wR1o6vsErwn{F zdm9tEVs=j%JKu=emE9xwU~#v~o3>v({`Y6q4|r*TrJP}2z^6x;6&`$ww;dVob+>x8 zT+Qln=kb(Uq3pgCDTOwGQn>k5mwH{F!;|%WYpiL{cux&ENWcdeH>{kn%w-3<&*C z5Qn{6Dt&7)a+P>I=F!?C%eAi?jRd)iny;4R!8H^~J(Fp&T0SjuGbK&pZ62rkh|lNR zOiI0}EowpBt^SyteNiz{-?qkBk-dP)O7am9j{F&uXEp6Yt9+|{L$0E<#TWw7;HGCjMf^p`m-mIZoT?^gv7I)X3024=G(& zWK3c>`c-Prq)363N(f{Bnk(cLO!sX)xsZ7p*Z_#;gPF^e+&M}hqA%x7gS1@3wNhs! zA^5A-HDrEkq+%xuZ#xdIE*b2M-_DUe)c%~>;*sOQTjjydaqIOV5 zf7YIJuX=0r>$l25!o8`ni2c4Hv1KL&tS5{cOS~LWLf!KhqZ3sSpx9FU)YE)(}i8b zLP&o9pwS?J;^_y%?`OSj=L7x-$!oj+#6f9wD)b4&a<(zW+a3&qnv;Yir{1_yS;w#s zl9~LXyIpI|9DI6NqiJVylw(r@Ur3IG?#hZ)RU5-bDf#$7auiKlJeKsfh!;Yz8XC~k z7b-UeN$CKsMDuoa`IF@RBAes!=5I>kKEZe?Gl}KuZYk~U;XgQ8DW#yTBAmV5+@z^} zGtlfYa<)BL_kP^-^82f4D5lhF6gg6B;Gyc#p3uu-jReGGntky66>%e z3`(0A1%N#=^3`;@y9}`TI3dIaDk%lX(nmWSj{*f~P>&8ma-DQsPF(Nvet^-)nCZy< zaP@j|#BMapW2+O@8FqhS)X0<5@{QMRGMnnf+GdFUmH+q~pU@Igt{L{asb!QB5C@c2S5(p{pwj>I}g^r{2s(T-!;Jr0H$0Cin$C zaJnn9+Yq?;DAq#U6ion;m3r&m)u^O)G4sL`jk{Y4B2r3@A2J?%--~fDcX;uc8F{l~ z-yg8E(7bHB(aRp(c4^1;!L4s>6iSA)MNY!881Sv{DBi*EM|DGoU8le}KgRaqH4?Mt z8o<@2uyI!<uKwV93U+ZZax9C|*fseVef_YQ=X;v^W_1=HY1oj~BS@Y^Xzyt^N9 zs?W@4?%G9sToNyu+Hd_saI)>cr)EyOguARA+~jpMDJ&59kVl-H`^ggL@8>)+g@3sl z`O+W|E7la^fw%7aCrw%Z5AkrM2r;?3(#%&7cZ&q~U;xf_^GIr3<7ljLJLUY4>V{RN z2=t528Qb6tn(fl&C*S}El%Epi3h78RIDX2MT5uTjXFdCNSevj=@as2xmHcyhIdaso z1{bGL^KWgdH4F2|A-(g2u!4AA@r&qa1sf3B5f;8K5`*XA6@~YCILL*6=KCdYL?q6y zQ*5xZto<=f^A9ehPEG6~PwXR9o9!j9;}-oj*wBWau9{hGmbIn9@lHB#8aV1##1l}8 zD5Lg6CXhWj!IA<4#n4XStNFqI)>`qLe}=ID#OwUV%J!JI{-1-^3dk*S=`*w(@FJs+ z!?ohS%;*#ATV|a@p($B$&!iHbRXxcI_E(O5Oi!$ii>RB^$N#V_;Z)AO zkat`TrOcf>jH=5`JJn93Gk%@O+P7bwd|*5=6Rgelle{8@FeZc)>fEL!H>fLR60U#o z$YUe+EyA;yWc;lp^EZ&3p3|(1MQx&Usxi^5K7uZqSS*=5>mlKAfeAh-1(^`SfqFq8 zB{QG~v%iFpD4n+dOFcv*b)YD^%bQhWl|<~g)Ee1IG1i4F+k78P)i`D}f}3rmF1 zO^c)g6Mx=pD7JW%=8M_U<^5u+Rwks3y&0`}rhHixfQ}nr#`kApUJIc<6co+(>LupW zybOEQow(80QG>CX2v`?_omsX74jMBiN#uU)5r~DLd_u_O{V%~6y!}mB%w=es;!CCr;^Lxk27JeX z*{$SOob4skGM79JMx1q}{e)@pbe>ULULor9N_^{QJmY1F8U4{p!WsUX@{#C5r-$Ei zXI`&e|J|*%7burImx_R77;khb=uIxZi%3c>Q4M&ji|1`2YW4cscV*J91+y7~LFDMc86dFzVii+R!b?FgOT#}4%f0+2ftiDaf5^wpv<;&XDHRi6+ z^YMp8MbzrG6VdRsXH++`TcAj;o4%+pGMrzs6c|TYD7bIilR$O_5=*@&L6{*-`6y~} zjybX1sW;-nnKF}KhRgBQpwFtL%ik8QO#vFC@G9Md5k438(uO@}TG=%-#H+HpA_2;!ka! zv;V%a>iAuB1J@YLSAmxMB|D=j=Yh2Tn7|X>N6U)iq+>?fWIC|wA}Ulw1{WWNDsV#s zvR78m6(>DXC5Djc(u4I2@vK_g+sQA7gSJV*42Y=lrX+SYwa*lSz2{LW9k2L(`tC%F zJ_GcRpx8fn?wiwvtGKa-{_nJGd=CI3EGcd80cj*9<7fRSC#&%&Qp8gd>3Py?t!`K5 z3`kBf6AA)BfW?XS#T*x`^RNH3`m6#6CZ^sUHLQmm?X)`IwQ>)iaSd(IEtCb0YV~XqCGN0f)CV1 z1JaUJ#qQ|1u=m$XE|`tjoL1~mt?B>6{9}gZh98`DGQax(vW+TkM|DC8kDsgVpOGSt ziMGmX>FGA<8Bk>7PhxoB78DKB0!{QVf`>E7&-+AZ+Ts)l!mCtS2-YSGJLA|n^(O(| zW`_lCk`@bpRgMJg#Ska3>DSpZ?OTN{T>ZACx5XbzVlVQZJWP0a8cnH%Z1*8;@KWhA zLi_-2nY3hLR!C5d3(%I^YYj}{4EM!}&1=txHa0y^=Zq^=k2XUbcriLRY{Gh== zUzk=mcmQnSH{gDEq-{3ZQU#Q^aP_}S`=}xjbr};)_%~`F7OTtX2t!<_{$gJu_hhEx zPNr5H9rw!5t`T6^I?hk8!0IkZg)A5Vv;ajr&O~b!-emHq`3DBwzK`-Vx9Ga(@tl!S z>hG3+A|d}BR2%!=)OSyCOd_6wi8I~{Ij~1)ufm2^FUY(h$?(b zNd=WS7**=qyMyeq^4)=^WGkK%>@xEGSMoh<6-jgy zUvy48CWV|J#cOHS3Uz||&y&BiJ=97`#l<<^+4bR@C9{`%S8lJa`-VmNX?x^w&c@=i zP@{<%F|wuk_dl{%w06@9r>-!frZ0c_7NhO@{=1{@8L2U*9@4jA?${|p%Azw{ZAVz6 zX?MMj{mH#^FaYD}B*q4<~)Ftk>izZ?N3;H-hZ!l*Py++j!<8p%kx6-XdDm z={e9MAM%Ixx^ZVBI^wlGDh=!)a<1j{cpl#P2GEwi)qjTRJ7b1`lvcyOT@A@bkt66s zcGX3s8N)mH`N;KG4N(w_#5APQy#dbNVwCh-lt*qOluGA%x#l=7!nd* z6)hc5!8t-n>HO~cf~0niQ6o5dmHgdvv5%q>rdhiey$En4>>WCE{ETUrVN$fUuE z#fiHFTrfGJ{bHN5>zKl&dpF+ud}}w}bi{{Ft4_M}MqAqoZL2>>#5a7na=ox(oz4+* zf)=M?pTm@Djh#vfF@-DOtHq z0y{-!!7BXN^Nj*f{e?MG^Tn1jk@n+q|E$#QZR+jjI9rtIcm&@vd$GA0z_-F){LBm} zu9iiZm5T$2^RTgbRjc-0tVV;H>UG(P@w)(GvQqs&V=a-W9cB;FrI)mnE@qRD;hb2@ zDNTDbM08*7@QM#fvC*%+`GMq{XBPKZ0d2C;4)dvtVd9N!t`31^X1?b%%XG@|9b!4I zyw$E|h!@--chK*%VsTiQ!X*7j!Ei1MC+4#tY;4`*G0?+adpdJ1A|C(dn}SW31>TRba%YP7v-w3)9i7Q7 z9)f{l>pN+$al7#AV->FH=~(>EJ;22_RFa1j!SXj|AkK#m+h5S!JF-4rOJNS9zFl_zAB&FyN|!8r;dZ1;j`dZpDj6XL%9;boza;r@hzn^)42 z;wLPz)g!iLps#ESZY91YK_{8WKy z)(UA$s0E>rEJu$v7d#f{5x$FaCc(pKr2ScM7$FRff{$qiSNR6yjb5h25|he%ijZx5 zS!;agA6O^>$%%!FlZiB+L%QSQ1Djn%Y4=4aiD@g3Q`Ro5d+#^lwgCL&p?j95ZbBrc zd~;1)Szh+zN1fH&qNHbjwK&5AUN4L&SVl;Jq=<^_fT*7ltiBZf6^y`(UenruhSuM_ z;G4XlRTE2*k}O7rOG_vmsVfi*lk-LWJmqrzX-6}UtMNhi^}>0`j*7b9+~+d`16l%N zcfIo>wX>C@BJ9jJ4x6rt82N5Cz!3QiQQ%c>B*l9Is*urouUC{_G2bP;1l-wpF>NaG z;S{8X3I4B&j7%To=N!fLf#iCjy<8(KjFV%RGj+uIshT0*Qd8I@{r~|N(D;!oakF=h zRyFf%+tm!Mlqsg^6A-gY<|g$x`-PSWux1-GAymL2?z~CTX6pBIQWf6|oZw-h zsIYI44#23|RH=<9RxOs}Y3d?9B;a@RJccfdi$9DQS}WfX9Omj(?Sd?cz*esz{f=*& zNUQ^nu7{GAw)zHM&m?nP5AxIj#o`QhQ?VWx1uCUW@7Jnv`kR^jMLZV~H5V=A6)5tm z4W(Fu5^BI_KSy!}cVEOq<;^bRoC)4%eUG0OxSB@H&Ek9+_)N&}T%!2N2~NEhtU@TW zcF9%dni?Y^lmY|=R}U}T!^bU@oP21xk`H*AkU*EC4(4t9`ZBVnq5C@101A%qk*Rz} z!OFN60i0{ttre>`<8uF+KmE6u1@d=fe^S03KL^K9QHFvER#wL(Z{SObwSC@wOIi+l z{W^+!TktNIiK_t-LyudhV*J>{+Zb9P7ieo`AIBHOmnuxJUBA6;9XSwy_J}&R6@Q6! zLfbf~;&{ottCrFGWvuI|{z#QyR{?1__>?|go|NFs(|Yf7lgvd8`Ovk7$}{1o3!lfE zXjB@g+enET0r^Cc-RlQVuS6ui12>%Z^nl9hJsuOvLr?JHK;XaHh>F2E)D|iJKIhpz z5_wL7t`PS;8lGF^A}+$Ltr@qE?f`?(mnw}p#5K-q?peBoKafRZ;MuHT-QT~;rRj!` zE6nlhd9Jn{pX=NTNSPOlyW6FJ8%8p>SB6h?p1oxFn-6;{@iD3WCn~~hLP>`{Od=Ip zg1O2u($E75Lh70NDUwVFOW61Oa{}v0@jv_oCZ_6=NC=C*@_#~uuV)Z%r0x1)ABTnn zHX}2#uUQdCZF9UOAAwc9EBX(o!~rMvIxw=Yn!xvjai1d!bNQ_$te_28Nw71&3T7wt z21X57NYk*GEB4`6=}5@TwYk2U(FdocdH^~ z5V?MzfO!+wv1Zr#@i(4f%8v8J&i*%??L$qPUpSqjQ_5>kx>ZU3Y6f0Kqu~DUzm}=L zIQesD3TP{_Pl~jk;F{QMOdH{Wgs`NFN(9EG6#B2~s25fb)Ir4E(rbmp>}wh&hGHC@ z^d_qZW@Y%mv4)Q9qh+92M}hU~Eksf$-HLg2CI8 z2uQ;vfpAt+fRy`41FqFR6W~}$oYwnC?*7}u3rqjyp5=Gm{lcpc82Fw5zxS^P|787J zI)wDVCUa-5BZJp3jVqGti4ff7yrKk2OunUQ>qtO0n}sh2p#B;A-v^VX=l4r4z67l0 zrvPuh697+Rn`WDD4AvdDk&@rQfEtwiD2ZZq=pEi0j8Ok%(_V?f7s1KGdRLAr{a+qK zWrHuG`PrJixoKWKUnBe705y_ZHY+ms68zdEDhZxh(;oZHRkDnUPMxzs zkWJar&p&A2hq|ab|J(}D1OU{Hg8lQbJKoPINNL!jOW`3+hey1mc!DW$N(~IFONf$h zK9t%%oeNJ~bhee4-%xh-l`TFJMSmbP-2K~&xf0#ntk&^6Pab}LMzT7>eha>-of%D6z*mTBkpGX9#k1EHPl^~8y4aWFZ zW$(VWQxT!3(|r*3Qadt;g2EKD^5!2L`B<~i+$Y%VTtr&dLG&nu@ki#~ zb2}3S}-6fN&$eRjx#QPA);_Lqx*4CeEC5dWyx{kDUC? zIqlv3YSl_pPECb*4kUh=DD<6Jo_ssKY07pn9_B&XIrAcWfRUSD2bCGseedJ$ee=5qG__h_C)Y1)%Dt({UlDhvv#6;5A%D~?WIku~Ba7I8 z%v69sQ_@_$_LantU|#0m6p>sh^6CURrE-F4uzU>_?tL^lOOIm;(PUm8DV}ua9U>bs>{AyQ4 zs}L-{7W8(;E8rOjc%BYS9Gk3EA_o=QpXgMCU9a-{@TiCemFG~vGHFvi0>d%ZnOtZ; zpz-L#0k`aBvF+@6U0aqmme4;Zj1WItM^+T_ID)9PX^8XYGYCdHorj5G{A*E+WnHHd znqYquig9jc)aD)H*~QyHahMS7=ogOp2gMvA2ht0S4zX#dJB-bKvL;mUbH%{_<>oh& zU=5E%n!X~ppMDzajg2BIq53N~fyK=&Kg+4Sbw9my7m2Y7dc3-|q(WVwZ6Er8yD-Nn zuC#<`34{lvea*h^7Ij+$f}5&rqP|F}QjoGJ8wOe9yPNmo70;$b?}q(!3BD*(mWE%8 zDJpZ`DOc_b3IYm&}$lce*>pi@?16NrG@I$X|@CFb(M6W!KkR2JAa-#5*ko1Od zvX8Ew&UenXz5B#Gn_SD75se62_~30WVN#@sZjzwvvuNjGzrCNwu04D{Uv-`Bu6Rpj z+0VPXvg-S1sHzvoB~4QR>kX$BgPIh2=4U5TJnj~NkE)R6M79^%rM#f4?{B#wY{>`F z`&c#&v=&?<$s^yS`_ZA5!mHmQ1yS&&tj-U8F2x6*nwlighoLjxQSdy8Gfk!5SGIfo z-PKL(N!%lJi4*PPD<7YFcM$R~fE;@Z-|HH?pd%=}D zp@Tvy)O|y2eF1B(#G<=9vB#^yzA-T8fja}%*+2y`rHFGH1H*)A)YE&n*+uwMWM|&J z*8#X>NvR$~PQBbH^#<2_5xB9R&TNeB8t3vs_7w=EhW7%?0*yPCe1!b*`MT% zU}#1Mj&LD{+_#|wUwLS^_S`4N{InthzqDjgqXg!b!wOak_5W5%E%x6#_)y@y_pB9@ z_QmAYDqecFZXxTr9PaP8qPg?B@MWPBmP-k`!Km}nFPD~z6@Nc_hIV23l+3?wE?^|@ z`y^Mau$!%_vLty|Ix6ad^T`g8XAFUb^3*DVIkKnfZ)|y!TN67E+QT+b@&Bru&3E5!h?e3b zcz0|uM_inRsO}@DF znAb2L08V=0tUS@bWW1Wu+vzn+g?%N|FaiO@Ws+dr6L0Tl(X~w|P6Lx5ZO#8$8gpbwAX@5>->52;(NE!!k%W)n*@gLp35fQ;W2iIvcCy?8d82 zs=0}-@p};=`CKOF*p@?+fXh9Mqk#xHzoS#8CIl?-2F2<`Kj+A(3CXMyIC&75X+nnu zzm1Ltg9kfe*e>Y!ApKyS{zCmU9p|E*gKwA1SnN}ir72Z{9ZR~7w!o#J^S6If-~a6t zRt6oYUUI3Y2t{N8pY{NCHxa}aZWucl0eV~%3)|J|`eyKpY@quJRI$8r=mMf5niSZR zYoVA55a#LmQXIb$rkaQ{8vlOANJ@pM7Xf7LV0`%RsE;`y7~c&k@|w4rNTm;SQbDrT zbc+q2qjQ(Sj!i!?V90E>-ORSHx3^(jT3h6~qAzKI7x&9F9i|z|44NT1ssT)kSg#07EK(Iej4arDD0OY)%Qn>N~UD{zO3#`_os=hTO@lRhTX6 z?#=v$@_?>n@r6f)e#OQz2aYT?L?DF!dd2K~e58ycZfB?~8Uc)xfAp-M-f#TFIj~-X z1SfDrUkgpkUv~K(hOZTPs-tk#0HUx0z*j^gaF;VQxs_E)9w~m$){j!}_cQ!K7 z>Y$Avgi+pxWM69d*CXT?{LRrN-{Hfl{B!2sH*!v6K z!DEaMSN*IK0<{U*3i$ZpBDw=VskSp9{||mdEFYP*(sV6L_3$0!^MOhHzw44`FQVz*(07sE0DKYZP>mGB zwP(aoNvTyYQZF!&IP=S(m$Tn)jHL^G+1FtP3A-G49sUi0ue$5%ZXLtQ6HYb;y^)re ztBjK&@t%zOwa>TA9lxts{WfayzZhCv`#&TZJe;yHn7~`^s4`+hivpJ2xlrDLpcPR5 z%}TpE%2-xkS!i-k!V6y26deixKTF8U_S1^n?nYd<8X zVbjAQyWz1?Rhh?`zqlOXfEF)_UD^q!M>!E$G)CHs04W26K$HJ_HZz3d3Y5N@iNNe= z-$;bPxQEUv6CVm#czo0D#ggbFc&4!B4XKlEc}O1lXbX?Vks1;RVsLKd2XG(vp=R*? z4p+z~=R177*}ca}}QgW!w3MR^G1HX@w*xj~f0%6)=LdBo#P@nq%zYT5;Krl3an z;9kJqmvEsnI_CxM@WjtwhxTlZbmvswQF$CYXRE~g#rBoY{in^_s^eFfweXpr4I1mI zC+>^rNs?h@2is?3MM+_?sBcZoqeO_}OZ<06Y4`Il!3%sMP^R>i2=qcqbI`k!za8oXmi6&97U? z%z(WS$38Wkm&a$?1Iim^U)jl`@Lx^n&<5@Dd{XE~)w2{RBuxW3A2p7<+U}%)ipjX+ z8e6;b=GC1|* z3NQ*O6cw8BAC2(WKLQV*vLWWO1fk8>RGn}sAHAlH7a@9_EI#h)RsuUwCOU6SGWblN zN0$s5^}it&lgu#9_^-T;$%)yCZt?`7ihv!j5S_Tm16L`Q!JqJFz8?#~(HQpS@mOw!3tv+cPpyU@Ch5F^idkwvL0y+QZ^<@5|rd?|x_u(h(044m`;yCk z7IKd?zh{>PJOM);hA|$0xzXmGr~doocIw+4E?kNKXqS6}@Msn9*)S6QKrmnS2|h7l z)@lER3O{6%8}lGPuzO^C)C>!~gyl~zy@s-wtuAu%c1J{z}Nx|;C|{)W~t?Zxf2V~lipJ9Ui%GM>3piO2-I zl9mNu0HdYq520!2a#)E@q;xU7lWWCwI9X3!7Rf5!F2Tl1f(KAKDP-q2O_YogD6e)k znnF{Gt4*bed2xh3VNlfhsc{_*FViKFwO~k@&LYCEeS;raMs;;U>*+j0GT_9L^%nrt zjit9*ThUSY#YAnuhG?YK&likg9pbpQVb_Q-9!nQ^h7s$^UOzc5Of`k#9eKm8PQ#2+ z5@DY9Fw%q$6nt!CjOE7V$%8koce3s^*$?zO*Ndb{5A&@F6Y08(8$L588OkbigoS7- z=??1ITbO>W;&nqk!9{$6!GEOXvjAs-iChb@uBj)taVc)xz?#^BOEu^QLZtoLpIAi| zOlLn3p48~P-;QFMr?CV8=NNv$cXz#w0)9lGW(2jxZ%C&ieex2FuvqEN!BJ%%vMb_2 z{IFXPqPVDtsuNX5N%b4|c$ET$xT|JkSM2pmBwX5qB})ni>7BCM*Z~O4w1%kkm#fYH zhoWLzU3{^XZ!Bl+- zwoKOlfkKn$G-imf9f!KjEgO>t_|CG)?L?Wmt+;YI$=pNYIwcZ99Q9UjCFeqP!!RqU zK$lPfxf(+bWIlBqAZ!K$);%neNg@C+k8LiUMxQ(;@cM}D$*w81!%@DQ#{$DHFZ;ct z#eZ-4S9(N^Ge8V}G%;5L5!@t93ShvNrl19)#@&p#(E|XLG$3CYT;epW4^TLs!IVLg zv<1HBYBOcNM-qUUCace{8~u7B-6gzzD|PYY)?3#V#l_k*l=n&A{lO;Wb7G|L6&46z;( z12f;eLb}T-=Il;%e$%m0U1M|kwli^q+Hns)TEl4EaHkfRM$h8y&M1R$EiPl-y$mA;y6_#c!CSt1&{-K0 z>A;^r-g_@L-6vhYp|rwv@6!~e8irzw?SGhLOVVT|iZ!-*96r5xKmAvF|66S? zF>)9B((>{ejmM8a!{|#N;Rrw~mkdFFl!3sM2PEN#6zZw-Wn$Uj~)ML*G^$6Rg?zdbX^>PK$*^w4Ga2xJHjt3PJwq z9@sB`G`|GC;iXp8=;K#UbV=joW8;qWSnw(3)6q4jUV5olMuR>o--*#1vBu?n9BYpVdy974TY^`4X5ckmn`W5}GgGr>Xe-0ME1UhZM<}@ca zv@GzL7`RYc^f7!)FaC91?l)x#EzsMF#4-ss$!%PZTG_n(_oMYc)w6Z}b+@c2j%*)I zl{8i}uTOa`+5>MrL>^*`LsoHwu@bdXe+Rtp?}on&Cz$79x(L?`eNiYiM?2Y>R0nT_ zmpGdcUCMJ=niE~d+%lhSKe9huwvEm<|Z1yMlHGM-_uIhpxLo}~BZy>mt zNAW4;TGhf~O$27wUz~IZa0?d)?g{iisx2Gq2|u)LOb#JpjjbMrjhdVZeHJHF=Q5|$ zbTOpAT`7X!7s5x~t4egSxF|UB3NDFdF22Z-edp}rIaXs9Zaaq1^&q)i3cCl)x37Gh zqmdjvym15f*l#?2vv;?eZ01aR#c$!m&vwR?Pdfx$sgedzRfJ$*#tnx!0JYz!CjfK9 zHUy!TW!X0zt8U=NG7%^PcK4Zgf5*b13WFR=xKO`gbsw>w3;f`eR9mb+F#*0!mG~;KLNV3d^?(8=1liL|vrl+B0^=qK z3f*`q<9npR^C0yU0*=y7Y#gbFeC-S86?@s437Ag1@|XIQYS+Y*xGdcx&{(3Lo)&mc z`!q5Yh>9if`pnnUknppT)B3vKPS9`4QvH*%>tGhY*{c%QN-(hV)*SY798a~}5}}-I zv7+f|ts)pw@8VPAEJB#JR~FHFjp1 zZ(KMs>-Nl+-SnoO8C3hkRj{AmU1|-In`7|teGGIifX6RC5*quQrjV_ShpSusRs6+? zuR9(#G`mF)v7sop8=l?89+12HthYM+^*%ahh7I2b6v}C2cA_0;#@k&&jjf2O@g5>A zNt)6$gZYGK6pP%0W2q~C1-AJXwl(vEVkZQXcU4YC4ZDc zfI-5Qck-@?{k^=kLoj@Nw5ox~t;+0^UJ=XL*?3lD5NWR6T{_>sRn8|pUATzXmLbi(3&@H@I;$mI7yN_JhZFUOl&*wWW;ScOw1uO zi7-Aj{{4sI%lur5U5QJozaup|KO7a$oSugkhqXZ*RutY=QR17tIDgL>!Ta>Xz3sJ8 zid+JyS!0K$O}z9C5vy&GCxm38ehf1b^ncJ}u;Y4j6v%A-;Zfcb&d7PkRU|Z)48Yy8 zbpJzy(|Enj14YXW=?VzjR7bi}VZJc*xo6&2ABqxvqVi(#U)azE#&z>$SyM}yP?H+!LM+iV_WMPY`Gqep zdf?*^i72pN9^6WDh<^GE91x&6JJb8{>)z{%a*4_klMLDGpMUW>57*=iPkZ&~$C9y3 z2F`brC|m`Sxj+KZpn5=`C>__E3Mq`^Vj|))HAsdCN4b%c@;D0A8V+@vA^2h`BQUcp zJUGw+?;9RHdjuDuu8eeI*~Cd7f-AQ2?c8ucMaaeG40~G93p3T;si`#z>UUO0rD>JO z>;1Tg@SAey{(*wkeyK!lVgZvwK;`__}b zANrWQi4Yc;d^?c)y}YlrZ8YgAV)NrpF;?FwORnum&NxR5fXEFI6O4`GWt7XBeDZur zYHQ%ulltKs-<0)#=jJyPL^$LEA*Gne5k1do@eWxK6RSb3s*axkP^iewbkt1xvL4aI;XFHcOhHPUngq0 z@&XJ{ADMRu_rm&5-I(3&%Gr+I7cS4Kefi0d^dh zht)_<6r+CEe7>B9kh?>+p0Y**^6;=tqd6;`VnH&rZ(*?^W;4WS)dV{SL$jnNu%6&w zAb$wc|5e|wUSFT zu41jJoLz+?Wu1qFXWoRBK7+ozs`@w;#C-Db*@4N1wTWpBMm045T4LG&fmqLM&3;mOKSzoGEcWoHt_!ps0(`w0FgT zr18TyKR(?7%}bm~_A&*=Bh*BC+yJH@04>cjsc80zs%oAxqt|ql!{$Q_rTv{osYxZV z%VE!C0|i|rvIjh%>N~gZEeTcpYv=f)xXKAh|7CSGd~y8v#Q*$81@-6ZpE)4Fe3qJ@!MY14#~13c^hz<@J!nh+}e{ESf&1a#BDVsilY3b}?7mx;oe`h@+B z%B?#Dx)w(nf{xV9Ba>)e+Nm)vf)VCwQhuVX;X^*vPxG%N#4T+WecW z?r%YW>%dq*cb;A%cvm)M{56adJLDx1HB2;%NHo(BIS;+4^g3$gY>3@kW8YL@J|m@t z^ylbmndrByDD78Qcp$2s$VmVKddP1UQGhFr6gqT<6B9+SyScPP1>;VhG*c81h@dh8 ziEF^d){owj+dUutxh55Lj^(rn+gRUkeaH8=hifSQNofL_>XIzffAHti-d>{9#vAlO z=;ezd)^4H7fs5K;IvmB&EXb1aLftv+7fxhiu-DK7)&9ACBU=WZ=+fN{emE!Ef8|A^ zlWw-LJ_b*U39k>ZiTbC{xCT-Vx0q<7fN@w6$cti#13Pg`1ZQ?`>|>1PiG020|Na}4 z=%!;>F8(#M+=Ja>7{0|Dqri$GE`l$c-s8}1wp%34<3`j7H*DwdYJJ-aSw-@G*UzbL z_YeBe}_g!kFH6CiA|#8 z%F*?8@H?D8DxZDK%IXNaB}8zl?ng9!2e8s-jDlLKWS^(mO{-8O-Ss4zt|asUJmOdY0lPNZ=A0m-_2 zJ&QecVdgBWz$q(JaY06y6vZq{jVYe#D6}D*^E1J#E2ky{kT_SomzVVYShGKR(x>3e zPIhZj%vMKW;hZo9rmQbD)*$zmVn`tNopAB81;fPF)vmc_D({=;fJ2It^&SZ~yF+gV z!&i+|kEK8NNwawVScNyzQ`gWt7^XIg>5aus(v*CY_Kf)MmJ31sg^<7J_)?k%EN@%W zNoGJuZfT8dN8WD%7aZdAn5opB#rSas0TIh&z#k*<9}hxz?@I@>;Xih^z5WYFK)g@R z;peMuo$ea^gs|Y`Px^u*#8%m>jEUAvZD((QYvX&vZzFHc<9}BY!#TG8MdGb5_9QB- zSj9X0N9MD5<4WC(UI$<{dfY@vF26GLG*c@ZfLFhiVQ9G?3yw}HDq_TnZ3-h;!FZ%H`nVpt$K4oXvb3r6WSk-gT$ z4~h`P$TQ)O4HqO%?(-!l7^k*Y1jjx4`$s?;dE<4*-`(If719&Mi3qm%g0XHm5qv&r zN6=3}d;Ubwa+8W^1D}To+}&*CK*b$&RVD7l7$x57^f2y$-9>KvAi`lUeY)Y|s6!Th z%dmI`>1{kmX`N6!9Qyf7=*WwapNZ7vn3nHYp=trSY6h* z-L^s8fterJ=PQ~#SD_ehHLPyU`%{DQV&=AKL48;!+-6BdglB^k4X zv08Z3NrU^0fU~H`LpC3MLA-QavFE=fTaf(Ul}o`^m&Tr}2r-RdA13{gvQJU>8o!Qr z$bg>x?`*|YJXQf(yC=|;ZvzKK?k68$>}Nyq0bz|CYRP!!TzmAtz;@QYNnbmuGok74GK@gs-^0eJ!s_X=j z;pk~(f?xBU5n|D_Cw7C6gpcmwqlZ_k1v>l&2`=B#_tLV?t|N6aHU?0N4*2pxUNxFH z3C0<`Nr3zO0y)H;#THH2jpH~UExnfDTem7E(~W=&f=tP@wYHgLq|(-WzF*WG_js=g z^$WqzZSNj`?=L3^3dchlRA(^WphB#hPSX81v*-54xQD(M(-%nV`H`x-*c8p#LUlYY=)IY{kyL0wyo+1EH6!N2Z+|ar zMWiBj&}V*p!)MXSfdC4PuAs`f{3MN~e|$`qwwN>7_vf@Qt4qLP&|bQ`cV zRU@HFrWKmmN&@!uNyB4AgsJ^yB*5QD`|n&P3Xpyv=^+8mCeAy=R7sYUg3 zrtQqQ9m>`Z#~F5;ALC85Z>Z+(Cs18J4vtf-rpWwm7b|$sN%aMHLe|#SR*>PnRYuo% zEQHOQ%nz@;lfL`-=4q+DO_bJMQ0bk|7CyKgwj@|hwu4xzZxW#(WhN&%&tBfYn6H$ z^WL6Q`D4&MW^2>S1v0LF4h!(VtrGqlMfH1S!zFp`)Q1a<^D8X<1HB5}VK(RZ`pACC zma232Y!>oeqxwC-ItaYFd@Wi)iLoWK zM|~^+i245Z_F1-_O`WQG(OJzH0ZxB;l2m`w&=WE4~rpQg|YDi za)#Lcks0ESi<0_h;(!5b4?9ALqyD-=ajm|FFnmIat!<4ew@-nyp{`8fjuu#r8Bs!c zf5;c<)IvGh%(rv!osHFd;`hNbeeV{XpmAmC)06AX8*9O>w=0tK-$8V({Y*y{E8~ZR zzFtQ4npKxX4Ufbduk$4s=uvC8ORiyP;SpTis)Z+1TcDq~5~Q>ZDQBd)eEdQ<^!H4d zazN#Plv>VpKD$h!c3zof+jTdNI?!5I6geO3O(O_}Pk#V;bXS360}t2-N6 zl*()AG7$le#31IM!Yj_!5c@;mTn26;E1H}Ei{@oCmIrxv{Hd&JS3 zvm1gaJT$(8rjiCCK40cDVv6DTyyJIm6mQieE9Y&lYvhn3gq_X5Q1aE2t)8gb4QM9v z1pZM7?o4(2`ZJ-`(vJ=_`2+OwMcaq*4<2ng#H;X>w{y!&oojC)-^E?(R_^vxe59hd zbxCz7L5K0Zg_3AU$98&<6lM@(n=JliMeDKjYY1~IRa*|e{r0dsUsU)9y5qiFll>1^ zo@U6|b%>^%gvNZs{Y<9-57DjxN~T^H=+&I2@+(h6l+k15X4T7yAVWd~4i##Be^1Jh z>A`{%%Pl5(7Hutet1bp|WOjrL=bP|AH+h<6y(;UbTa^s8h~3*I={IrGSlTYi0zi!> z)R9Z!Zy5X>{*;fTecvu2hkNP~54S=l_&QWEx(AW(1N2)+ozPO~ZvBeK`PwfL1AD&M zg}_d%K;0=Xf$PwyQRe!$U~Jf9iE%B9;252M0rZV}1aK$1^p}O{7Rwh*!03`W*|!pc zQZOSBk;=`mH{F$G9|6kLD=51};t8Y`Z{Fd8FcIv9qQLM`9-Q;5k?iwo-L500@1HPu z!`z0Vq3c-=boO!4{pV1boZ`jo@|TK^Hi;~AT2F{gEZ&#DbWkRxH^c8u7Hbg~j~G!M zW_|vIQZ}cr-&5IBiA3pw^#DqSa6%BGILcVOY+7@r9tuT*^$;B0jQw+HE5_HH4s^IOm$)bRt5J(XQEqUY0vfPjWIKy1BHUK3_}yX;R5!J^ww4G~N)k zh?*Tw?7nCFb!#I{>E4?yJv?cqH*6Q9bG_Mc07Wu&i(aB>t6qQov%rjJE? z^})bgSvG$d_?|xv*B&N=edh5}uH1;o)oZcg1wBNj;d|evJFZ@}+nW;Y@)Y!1+?JxT zHcS$X40|H}vBxkXRA0;Bhz^d*&8J!G5N>y2CUoLdvsKZ*R%T$6`Kh;`= z$3#;MUxWtn+7cli%+Qv*Ufd8wXyOAr?5c2nzi^=Qn}-tLI-TeJ3aC(r2}c~qhAjL> zU%HA|J76IKYvP%H->8d5aH0)}38KjtB;*{*T-#SIK;!(QQ>}*m#)LhNe(Vyz`g5&q z^VJ|p=lB8425*xEMWOrFUj*FyXni?J+F-~on1KvSAdir|+)AG3qwV%(5pg6WLzl z<~0#9(xI1!g!n!m445}JI*jk!yW{8A|8}0K`6tsOs%q^!41?nB8TQ8qF3FjM-2A3y zxPs9M?j~HapB>7#Zoi(Og!u299eDQ6L~kqf2d8=}5SiZ4P1*=fW^ppOc9Y;%vzN@) zt~l;?JdzGU%?7(a_abDabP6$pchA|eZk%D=POpRW5Q~8oIICdMFs{gDO+8i}_HZrbmC}B)F zI&IM}-x^i;c%?(#GCf_ZCfTQiaIPV8jt3gX3lVlm^RVtqNqy3ww_sZC`9jS)^%IE) z&8ixk5nqw%sS)<%Lq(*(K;1PtZGlNKU~bo**{4hoN+ zA6|q)YEa2}Ti8va3A{{HqBvZYO ztBkl5!5k)P-+yx4^+Kmo6|XqXj@8~2O)I-sfeX=Sy#AHqjHKt4%J0o|t$8O|%_3YB zkjKFuqz7QvB5-@?>9^XJ`>>6(VsDhh6fMT1PKXY}${U-I@;2&`KshFO6*(o^B;x#V zIa!$1fAK2jss|=he3fufzqT;f!gfh)ETCT>?96s9#S0_G&A-J1!lIRZHHE~TBCZaTstmD1gfkUVy1{95g=Em3)Q%^ZZ4#6YZcmJS2-Sbxr9phdK05+_K^YhCyb2{E-3oslj{a4Sgz*TfDDyt zm_^=e=4#dt4(Z|3ELO}y)rINdv$nE!9-B=->!JrSNn$(M=-Ck8hWNZ>ycCqCoXyEw z7De@^5O)!D)Jud@lyBj2nOpj$kIoMH_*h-=8!mtQM7SI<~Sx-C%OMW>+A!um7BbP=C(y4rzu0y+S^F#AE|< zFC{@3bHLk{7tGM3!fEUO>x=%x^%88$?uMP~2gEp&Zox=M%o8pSkLlMK3i+!(NoF5R z{ID7*jLMib$kfGw+$pD7=o-Ng14O*Xc|-Gej+V#OfRvhB6Bx4AR$!l7^{#Awzj)&M z9Whq^cf;72Y?gIyr7SRC@uAoQd-hPWvL=VXJC5P-S}jb-a6g| zodfxB;+(9gxGc_KO(v8!mpUD^BE1Q$bE|81Z^)4&_-Mxr`vW`)b+Z1@$G`4y+jpvQ zw@bmief|TLHHvl3l>lec*611@|Sr@)}uOi%jytgUO$;Zo`OcEE;+< zme^~Kndr*@^--}07BUn=C@p9`)h?jBE6p=NX^d@qVAGv$Ocl7wsk;k?aPyc)^CN|v zn(~<{gHgowg^XA(CCohMe1GC~sOO)rg7r=HQ08DZ1N*z1K)Rh}5_kP=GEcl4d@p=9?oAlZ-Go}e07-8;x<}1y-P=_(J#E7{ zD)kcIiJf;Ql?x4%wm%puR8AsjTfclY9#Uo3MYL<)v_2!qdUWi>TIa7VZyC%G_=g-5 zXAFa_PT@c)Z30)0VW=Y#;=e0@KtU6Esiu$MWZk;`pX({|&#A@%3`O7#ZtwFAtD(D9 zJ4iwmLt%S8_j7)}m7|Kj@u=dm3Xd{W+uPXvHo|jHg^hMMb1XwAr z2gY)J(edZlD`t|*!{_mhCrQjqmg3IFe}`6W%kpc>YMu3GqrNZ7`nXPj1si^>W1xIh z%(MdUBoaQjQ|KhfNo~HoQ%b&?UA}Aj%g^wUpy4CoT5UCc#UfdJ(H0|WUb89W^mJI4 zk~^WlkC1%By-@aDk6#xaQ(#Jl;FUPG|CB^XeNMBNYMV;h|Me#j-|TfZ*|9UmlNZ(U zsqLsz&h52A zRK)cWGBQaJ>zrxS7X(aC#73O~&96k%{2^NdFKeJ3B(wdM=kW7au_MmYxkh`($H}Y+ zgQ5N8D?y1bsk`2Yx-!va^x#Q^IpW;J!n`H%>z~kMHnCJOxO?_Z>BYlZiK&Zx=VZvX zKDj*?btBmGsTd+mtJexxdhIz!is&8f@vL6KwJf3zEvd0~yZ7#<#c%8^N-1FbPNt8& ze63J6%RV7yB5bdx6@I^-Fyr|2T+QkV-kr8OPmLKfTz{u#gf}+%z5|C^sJ_LCR1Oic zfAAUJv>U$YAFk;n#+7r%JycqJv03W2&PWQQz5J2yI8&nH!-kk{_wFNycTv;!Z7J$a zmT|5(xKndT2%o6vwWOl#pkK>zpPk+qg`3=0CVVvz7u*1?geCfj}S>Xu6LTS)kCJqP=* zNq+|H@v?Tc*W5ZpAj}r|&qXq~SysvY{ny_8i@tv>(H;-WJQ(UJo&cNtgpKRvm5N0+ zP99l2RfYpIo*tWV1Z_3RRq>mA3)6`yqsfF>rh0&@fCMQQ+5ik7M(%@|&hx__>mi~? zsd6qj&nGIG`CMyMjz%-Y+5@$h!D#>w=64fD6DR>mBs~n%`eXYi^Kc!78eS|Hy0iW~Fx+ zCDgUf`Ic`^w_gX_q`i5N3}K4pT0I{Ck0fI4yH*^7@%Z1Ie7DLu7LHc?)p5b{7bKL( zuu*o>hT7VbiZK|9oZ;Lcg<1(b=+~PV9~|WZ)s-->?{&Tq0sQ7XF(r7^+jFV=!$e=N zVI@BBkqLe^W9MTwxkUiX;UMj`Hj%{pLbe#JUu#_jM;l$w2~J~1#Auyp7(Y-v*jn4b zFhK?i*s%Jzd3!JDPm9mCx}7%bDnAfJi+yKV;P~egcB|=TH|iRRKNLII2i=TrsI+i$ zS=ZhC^te)WGA&jD8W15>=*%)4DpEHOF*(lu`QoYkZPK@GQnf$c zNY1lQS!AxDwTsA)H%6U=RN2w#`}oYf6E5h{3_bp{a5c2x0@1B*PpWHA*3({gN|nDj z@wuW~UT)^65rhdui+IEExdJA2H5+P+gnK+xR{eO!oe6KCh)$S89$s9t{;=OL!7fO~ z%h@~GTb8APavb8rkI6X*@6`Unf;#zu;Gnm6;)Yg;Zr7k35)pj-sosrAlZm7WqMSB^d{SBwf5otlZ`zrdTT zFqHyoleXXkS)|tcMw90!zjv_AgYN!53$=(cf+IrwO>EYd&1D zvA$9P_Ukh7hnTJ_H##;V-Zt6B3RtmGIRhG+@S|9r*j~jr2p7EqI&ilpAn~84!WQL! zN7?DCg|BLh4A7BZn5D)E-!!F)TkyOB3z>J+TyK+~;eu~Ic1no9gRc`cBbaMzsl}oC=r<@uo~N%$9);SeN^o%Uz1NW z=(2WVLGbDjEV|$VW1~}lJ14oJr9Eui;@xI5YU=3 zvq@TvNURsLn4O}_HB}G+j-6apdxKYkQt46q$+TT}x?aTyJtSFYM$et;U=+NgOkhU_f1kT=h5HEgHf;Tp0zE_Z*tq+st4#AH-vG!J~;Re zEVl?9(+eXhXL|0=dwx(H=KP)N%BfKO?L|PmxV(k{7&sMGxqv+2ppB-CcYv>kaoSd?knF z)J!Dg7Ty>e=e+SBG;%x;yj@3V;9C7tK87%PnGEU*0&cz#LjEI|_UFC4LxRh(oN^qL z9$9P1DIOcCS9fe}k4SAlvqe8Vu#N}-R!^xfH6HSEWH98l9f*I#o&7B6TZgygM>Xgi z3=&vvjA>btsgcC-YesKW?B)%iZ>q6bf$zkRwF_^hi?orCM?4p&LYlK4ogjubSb+#=suQFFJ_VH-5bt;n}bm zP-~=k`B&b_Og`g_LE#fAHPi%zC+lJ4t=7n zJ(I8@m|N)?95^l?7KSI7G{%-V{|0{`V%tn1+oNNSs^IINZabvKjyYNr;_BCF_%@cI zTG=o5j>@YlhmWJkCEfmxb%w*a`MX|De-;uK>3@sAx0Qj5^g5A&;8XzDzlo8%>&r6< zmcM^Tj~4pjzZMOp(dO6AZX7n=Yd(}rPanQJ2tTew7d*msZ;^0?9KmWU@=bAW2=2R0 z@Z@eo;YD~3NNsy3cB8mu%juiWJC(X|A}guv&in+|I=RVvuV+FB@yE(#hTKzE09_3T zOoCArSWl+!do9Ez6S2e;*poF+@Y`o%m!_m|Y|6Ux4{g0gnxrI+ZF~Nx zsCpB8eZUU3~Q<2;0je1L3ctH{rKlW^2$KB7soXNn?`o+sJ8tHc0b=Q z_|cD}q|KLvLfM1>mpwRS96ayu)NTNrX1@4m1m?0Ja(B%`e&a!0)8vd~6e`)1oO`Yy z7-J{JpJO)T_-a7O&pzRfA$yHG5AO;?7}(I7A?S_|Q|up?fK{qF-k_f@mk}oO0hdf4 zU+r&Pl58)XQ{h!}T4Iy9Cx~x`9(8Cxc>fK6n#?VKz0Zt^psc#N)gPx5%E$_m;JsYy zHaQ;XynHvs^kvsp;VAp0UK-u>TzIKFeh2P3T!LkszJO&H!J`nk7>e=dpf1YjIGVqD z#_a?gl?ZBp3o%}(fjuK(4zBv$OrQMuk_xEZJs|yJhiyJQ64;y25IVEH*>l5wS=y_h+w5 zl{bhOPcKkds24Ou;m4e)d6PJMn0Q+AMqIM<>%tg?!55qnJ9Qe-72-tEIAxFQ zo2WYqx=yhBF-KHIkOPZIh(4zUhM0`Fk_~Tz>?!*FetuJEpKrnJMtLhjQBIF7mg*D9 zr(-pp5}wAx!=~TBE4HTlj?Ez@6~DRC8pPJ_ziWD)!s1TDMR8rqNBe+$OCQ|$d2!^) zNliO<;akBybJ)pF?H$b1S+z8vdYQMFO0??|lNorE0<_+4TU&4vSP5DxPaR|*g2C{* zv{Xxy^{lMi=CQW%qm4v1+*Z~z{Y=5OHGVvKZ%3oXx;a7UuIJf4>dXhSVHBUP27K5Q zKA*&~4~Nx(t^4xuskUY!h^2*}3_d?h;sh=4m1Wg_^&U#Tc<>|#e;Vl_Xi{F+KKYqO z`9CdyN-99$PB@?1jCfKA0RYbjG^;9r@)olU?=W_cuSbmr=sAB6VKR`-sb;XSeUIL~ zsi>;mV=m11HN%xTKcCp!te-MgYv9YOpLonzc$CyVpgLqPPm|p;Tp0M-pRRQXA1_HY zg*g;Fn!tzCjE65MJU!YCTu=T9^+qKnxg!)&ckW*OT4q{lBW?K}LUG9cf+bV=@f~&% z(w78vmg%HeT88a&nfi&hgMk_(qRJRZ2O042T&tt)7B1(4qv0pvOUtm)THMks-)8P-~Ji81S|? zpf&18F_u`bEX)e4=WL2IJa^+KKFenw;PK6i_aK4N3tbOmgW{R-^0n?;^;`G<>hn4E zGnQa_<(>DsRHDufJELxl)K6VST180>w(VEkx=e_}CA}4_#Y`irlDCnPPg~*>8E%5# zKR8GQjI2h#NeC{8a(HA_k@vt@Kj|`Dwg9pFAdHM&u?h-lWv1e<+26`pm+bO&1)S?s zcW{KGsF>#rle{BGM>{G|Fmf9lyQ;ppG~#t;enqbH zKI!IxuZwG%SvsJrTJ+- zk{8uicqw^Hedr8P?M|)ie;jRfLiYs0i4|c+Xm>5Xm72R3+=sZ=-?|d$WKgl=jp^?6 z*|gIwcxD4BqGIi`;mqo~cOLDa2h_h@;Qg1(Dtht4Tbb$dqGo39$7zGe3Z<77l?e=z z&P%G6N$0rL#{G$(dX7~&tq@7fOq4Qg$xVa?Ga|O!m>cT?L$e1E=h#498Y$Y~*(_%g z4K+!10xnk`>JYcfvTH_XB0cKVuo*7hK)8hlkP}A|8|U@JqGKo5$m(3x{mDfuvo?=v zu;ss0bG&~LaX%LkDQ6FP;5Z8r7dM1>*v|W|LmzE^UVu~9!}=_~nTFkD3vrlJRwc*n zdU-`Hh$EC7ToNfsw3zQ3G8kj{bJtB=ykW5kiuV9_OhzpR>FR!)&ZetyA<`4>@dP%S z?)p3mzv)(K0CfKeqSTzJBaRxk_4Y)Eq&u`LVG4U zYSlE5ZUX&YHLRbHx|@GmWd2enwrW$)XB_8t*tzkiyyo=q@M}v&@XPdjiuw>z-V`Z0 zu5c*>8iIh{>ML()Xr;)ZM3@xj{@o~U$>H<1UIHy)~ zYRn=nnH(Y}oBSDkt+`StlH^=O7%YeQ4VdPZ6R#}1do-tM$7nhSF?^JmV#@w-W9|dZ zuDWa1bCJXTMjF02%0r1aqWU7=-)v^k`?K{NMe_pDV_0PVWxV(VwpJ9aYcz(ftwqh$ z6Y)J+QfA87c_`Nrk2yy^{&hEF4Bg(keqiV0`DHV6BlA{hvrVAz8xMJ(eGw6bfDI+_ zc3hAb8lLYs(fnhCs#|?O-05fnt#GjtO8GVK0rutq*?>JIC&qc{q+)kLzbJ9NoX=P< zrvgIzy9F)`v*WwBg|Mv{5Q7(TWNudV2d`jWpFbkn_4^C`uQx|7jeCnju-c%v^g8*Y zMAD@TI4-7@OQVm_SD%=1{9oqy7xtudaZdIMsi(->(TEY}_=jt*4V+si9H z7y8||eEQJr$&ZgwF(yx}b>?dP!L?Nkx{;cRs+rCIWQ6{_y!&DN!zWQrJZt*^0)J2&_C9F&G7mS*gVf-N~BVO zG3xcd&wh7(PKrI3S|fU>>gvDd$9=g_7dlEJMa=(^$h<~NkwS$D;yJG%kpl?X(grve zi*hzeMgHI9=WLN!o_7y=fI1=~YrOqtgr63^o7(n~J26j=#!Efj{L zinKmnRX=Y=N@VXZ-!M^&P!}}mp4LD`VlDYc$;=mw*NW<-NDIs;M2YnPCn$d=A8ElL z&4kqhaBQTQ+?XB^Wl6)QrtgnN2pxVsQ;Es1ufLd-H>$M_hC7)Bi|c_S3tkD40^;3P zSDOK_mfezCqM_$CFWR&6VTU^TFo)S65+WwrL6yZ0vO;-4*rY!W&a%~)C%FWWo$OD-J#fbw3F7_&T!og_h{Ag4_DLE0mt>4nG|_4 z2S<;Qk&5Rw2Z0#>9VLHME`8E5#(I2pCh+%%iOt@!%&9|#Q_d6D*%^VA?HA`TqW4dy zaTQF6OqaTtA6OkutsySGfB4bajfraKd&u%>ithgT5*+nAYiR+)Yr9+b#=hXbRdqTQ zo8OsI7Hc}_{usv|b!tcHWSni}_}-xeCskOG!JEW-5_fy8)Hk;RDFCB;|WLxlk%E&f#`mym4sEH4PlF364{P7gs_so!OFy?WQJY!S5z9jK>f zd2Efzu;gJgvlc% zs8R9>dUbxDM{_eTUfl`Zq)nQt_Zv%2quheP{>XL;takTl^MCRxA8l~I&#G=8=(l^T z&EGG1m$T<2(!%_psO(GrHyJA*UefoH<&b2Oy$`K}oZ%Ld9jCv>MBA^V^Vj?ScxEhp_7D(Sr4T z_J2u%Om%G0(;CfE)w0f4uXqtS>T#J@>qq_=BQ}gx7%u(w?L0ve5`Rw}Sy}EG;k$LQ z<%(jos4CLty?=sz7Y-MyP}cAe4>1y<%DTd4yS~{hnl~^_sM2CA1L?lls4jry8EPpy zGp6aW(sGRWt^gi*R`L;&ZPL>G#n*oQ@BSO#iT|VNs-v3z-|rYB1wlF`l@H7W zbf==yjWle4l%zBwB?8hQAkF9$5b5sj9&GIW+vj)A_uuW0ot^V~UeD{f_dfRq6m0j0 z-OFTY63qAbAVIN`A{+fR=w@xYZBFj#xjFlkdZnfRWnVn9^O|eQ@u*L+jE`IUXM1EU zVZs*`P*|>z&!_3i7wv>`qL1dhHg{Yz?~BaiIq3JAIOKkU5C(9VMC;Rdl7F}=f0?|$ z;vd`%W-k}TQP9S-YJs!jB$o5)LjT2|KhXa?S9xUW2=NL47!s1=Z_!m-}t! zu0UD*1w+xz!t=$Jd&IHP$0f^W&E~2UR80ia% z5buC=MweTnlKKdia=$o1?w+|y^Dg~Mjn#;esO{>#F=?Nc`sm~3OGcArFXEw=rX4iT zEMOAmXdZ1+pE%UL>g^&I8|P#B&3sgHH4`&zb9y3jJvLdL#3I)iQ{I;|7+rn3Omw`m zYrXVG%06PM*f0@;OI-tO_QF1-AHW{%LP>@(@kJM~mObp){t?)8>6A~2dsT|6L|VAA zaf4BVD~O-?ks$1D>Nj0Hhj<<5F#{PQOsqokdcx%+37LMmCBYAqPeRt+XA}*;E+l5~ zqU5u@Udg4U{1Y~uY+>&opLblH!Lg>{RhE@i{B_6?44km@xCw;ooRF<>y{LG3lJmEx zAOwi1AjIgCU|QwzXg2-18G~V`DRaVsTc*-nnyp4JbfD4%V$RkmmZPqX-o9N#NBQuX zq{KPRtG%v83UK{fm{Njyi)$`>ll^{2Bt>E*4ex+4sePg!j{RfnZ1rmUVbhgojlZ&V zm{~BU4L&*Q(&hGyvhdkU&=Y>KCtop9PSX7HQBS%2w=JECUxB7J*j}Dzzn{?5RO|6Mdv@Wo!CNt}E35pWDs~#q z1D`iNCb2!Ag?ah^8lKvy85x(Q2qc17BRf+QK)mYL_m#mvsVL;XHJFdE61lpbpJ`NH z@PF`j9<+04je0tt=0}+Kh)sGagiWxEa7m!$~8`@R<3*;%j zU;$OTN%zOBL>&+_1cGX$VznkvIIz_Rfj;iH0m*4uK8hcmFDr{=d{@6B)75yfS*0g1 zUU)~k`BeZvFC0Z*NU}owqx;zkD1NMxn+!g~2)2Sr0xat%P`Wt#j80=R$2{9Xx4yca zQHwta{D)~^yhHc9H_GQXFh9;`Go~Q3OT3aG40F&M5@n679%&d>Znw5>gF7$A0lTKH zZEHylmAfL7soOy+bn=M-s6MjO!YtF9(pQxm;{<|HOXmWL4!}Hn{Li70ZG0+bXhU{< zht(C7Hu$=MT7~)KaLBiBPV`US8HgE%f(guL{?F zFOcKAKhy6jS??keKq?-05jyLL>7h#)Oa-_u+Fe$9HEx|smi=Tz(77J7jIVOumsK*V zVEd02c9tfM=_`cs9kgHg-(g&QXXy3&2k!}&TYlqig37fe7=<~D;0g%NEUbC&Orauh z0fwg*dP$b}7>x-@R(t@@K^YI@gnVfN0p6C+q??sMFb_8U)mG=(k;^g;BfGNYluN2% zqo3MD8E1UAIcD4vmie^*lw`a#)t{Fe#mkLh%N$A?HeBmjo;g(l1Ed1w->#Of^OM&G znvdU&&(&>qy?QVA?@)N?qCbt$c9@LV(iUS^665caKU+>l z@;p5gk|K5)&w`_p7>)f#9;m0!QH{KXK;f6A_0?;u`UkV)1PW$pE}unjse)VS(X>1` zjwC0;tdit(*uEWl+T{$&+gN^E)>DXdLN?t|LY3#(pp~bmk$N-`W{s#Q!({zF_+&P z?D0q$d^JVmspMNhVQJGn9(N{Uyq|~l>!G$42-fN47U=!h!+l6sP}NJv*E^$b5To=N z_On{Z%GU-2%F-X&2byAVgA zgaZuW?uzns&+wQA$jP7UwzrBxV)9MYD%r#!2Yifa&mihwaXQ-=!COO3M9JP*m%VVf zOKluT)eIivCNu)C$Dnd)g= z-J#`_!mkH7CxU4n-Qkl9V{^R`2shFC9}hsPm|K6#Rb+XkyM_m24&s0pQ&sN-R3N_k zmXjU_}U8p`<7KzffXxKcF(!02lK;=LHP>GiPZM_A0Yd+)%Hef1U zNpsiTS7M4-W2pAMV3mkx0wR*`x~#5X2sn)SND~+6HFB%f=?VrkYPPe-=KuLQ@3j*6 zS@?ySd&`P(&o4#%^svt`6wl!`7d=}M3O6$41ixddxRj3+r$7=&td@CX2s_aDOL@5+ z*8$OwHlqdHzEh4!MW~9{j4f72qk>>g1IsfiE3jvk=b|{k7<{!ICj8s`+WmU(<3UvN zGtyxV^-NjHzDXvpg@8DVri83auk$~l4l^~)1P)Fcy)M<*7!%XzQ$;HmT+^~+vY2=w z?L!2S2r6jo5Rpt6*$RF;0GmTeKTTz2yQ|FjX-B7Yix6LdHtBOH>DMUP=)m%$cp`Fk zG>0!-T-srKg`ZboPrpfejNQ9m;llvjIGMIK8&uK=;FWU$?K`);aqxanE&@a&M_ zmH)^!CvH-sHp5a{J>F)Ujr9A`9GD;u933fKy~aCJx$2$cN@3nAHyb#k!QJ6*sdW5J zSz@lu>L=wke@sY@j9#$_T<7g6n=06+z4u65bg6okgT?kZ=k`f-37EV(yYqssl%Z2C zIM-$1M?~969Nx0&!z9pPq&~yGZ>XeIx#Bb+A1&}3zf2xX)eHuyQmkAa5GUZDD6?as z>3w9B6hO?3V@8PM-c;vJ|SFglsGi`y&1p?#@v7dr5Y{2-?9bWm;MJ4ZvOpsR79 zEQ?QBru2PXnZLqOLl0+qYZ&Fd%9Q2YxO4b6kOAf#z;VVCXSI>)pI-&3+ymMQvo)7n z6D_lXxLHnR?%&=}1{9+MHX-s)6F?~fiu0JB6=>WjEP?FW^EBRRyb*bCd9$td0LIiR zw-*n6zcoNxRZuLdCmQ<*mE)GckQ>N&lvJN{cJ@g%>D4EtDU(~jrrE`@*WTXSM{P$} zT(~vc)luWVXUW%9C2jODiFE|s1ep!GUa$fXYJet~UD5dF!%AC0sT}7)!iSpvFv*F}^KY-1Qxct3viT>+j{^pu2;Gnj6u=N&qHVPqN zcdcx@L9p_I&fL%yjXnSJQR{#M5$3dPNyZ;T-&#&NQtWwrU1p@wcQ>Tmp&ZYYRQgyX z-|MkG5;`AvzdF^iP5yD3a%*rDe3}wXwn*c|f{)frmr6+*^%n<`EqZcD*E=%MU_TO0 zp&a$61<`AcwqJ9e2w?>DJuNk@O3Gbyn*EBTe7wPpF|AVTy; z%zlVA5mabq)oB}ZvAJxmV!m~uEbJe;v;xGd0D`;l9>@$yxNo1=nc zqM_O*b5Sxx%lK5-#CMYuUfL~TyvfIy2#SlGH0JvG0vu@-eRiRp2%2{vci?*W`_h3c z0Cz?O&nh<6vhAb};d4I0=$y6ut3`J9p%#5LuMTlLb~?g0zL~t26S&=*ttcpJFiAXB z>ER81>fL!>-}3R_vBAW9?~QApaS`##yZ!Uu7yQUq58Q2@AdktI#ddoIuofmdCb%^9 zJ)Cf&5H|4fotTPm0_`Vi0dV9={Z2tgdN0po>EiD^5&w63zwU z4TjCYW&w${Ie^0f`638jT4IkJLW5W&F9SxJ(SB-7?N5Ggu3>_L%yheK3@%PBL2ieD zWNb@)WhP5hLVfC2q9n=fX77`CXUOUgfYZa2sdTgmt-CQyFvlgUzvv0TBi{A*0Dxkc zw=KP>#c9M3-e0kFHszYa+|XURg`*kzt76~vY$TQl@Zcp{Z9V2ChZVr{Ct?x=8ADjn7 zsf}p)S+cd=`)L+KhgRgi(+mM-E?mNvq3dnA+sim3BVsVm`;&*&>j0K|Gb*^IN8>iM zrQ8u=#D`^f4%)U->x&k>`456N=$lg04C7;Eg?YPLntY!%kfLO!jh>f1N)k*6#46TM zB$)ieN@^tSgVeTt*;@6lf8sPUeUPb)5qJQ5r|LE$bIKOYQBUID2iseLN^V{qSsa

wKY{`2chR(+=F_-I{9Z}L;A0b{6_BjH)TSWxH&c3{615#xk_DQ|G-7)!vP!(n-| zmg$#8>6e<#7Ng=Xq4)*4zCrl)zu7gVmB>wZkNE>_KMq+P0v5r*o63TX#Lt>n50m3v zLxe)l)VAq|bF07E_?)mre3c@#S0122BL9zcfbkH)LuP;5Ru2zJ`#(Ji@xq*U3Mc#!G9wVaIrv!{|YC0 zhT2p!!+m;-EQn`&`XToygnb_lftl1kCFxdjyQf7sps>O1#1eh)p~b_KL5^d zsd3coOE%qhqen9}eSUp@e-r6`l0$=?G%1V;RB-{&a?4kiDe<$*I4{gOBg@AAz9oAS z1TYK?A8(qw2_QKOrZ{2gb9DmH5F`P&4{pzIcYR~qvamhJ^jdv2Ew#Mb?}fip>1(## zH{4vx1a|m(Ip3e^#RREG0d9?$qHO2e8wRTn~#v zfV@RNIwCZg>|5I_D80YwHTH~8H31tEbPv&K5e5}Zf+KU@jkEDntnr{)>nArkW`Oc| zJCuZ%#PNGCtXj9m?(;iL-}5WC%Ihrh#iM@h51c2K#j@687x81ESl?0C z%JQ%MHm+Vgbo~btU)}N5N=anIUt1~5l!E5sV9Zzh7>0A@!+nZ%0*ta-#aIaNpu%Nt z!54d?W9m|Ab9_9FPRO1*Ed`ixY4n;H-E>=rcJXFe8J$@2+;_x&)0mfy4fK zVy4cCz|?Y4#nJ^Tn-%DTCkQ!w+)fn`bNtfyZl-lP-sJYCXL}Vveu4_NT-ZX5A&oSw ztkZxKU_jrTe1<}#cW&Um^RPrH@VO=>T(`gi8!~;CPOOL>JMw2eK%p>D&BuF~^U)9u z!#IhET8+VPfjiGb2O+`3_`w4VqaOm7KWNBLT|0@L4B!V3Lmtv6ku5xjJIL%Kv)x)l zB&O=)Y|75gdxgFy6P2CGl&Y`raYX)7E7N%!n*#5*;j;I*_r^Gj$J7)x*1-87$20lw zm|M^B{!aAbwHhKb>AV{wJza^p_-85>fVPoDTs>8${mne-HEr|6@@#-F{+nkX4R!Ji z#sT;$k^ApYqjkYnQrfYz|$lLuSycZ z3573gk<({40lVo&^k!rm5gm+oJSdaF?0T}?bUL|g!iz&5*}|IqgPY$cH*uHNeL@SB0-dA~m}bIeM0?rlvWT$Z2m(Y=AfKZeU-}0n^84sTJmCT+e~Axi}VU8dQ#6exFuY1^&C6X~1QypCnZ=jTv(Yw;c8cIZ#grLmm2lN=P;U2m)#1&VY4 z5Z905me9mN*vrYO^YN)D{^PxO+TL82_L;qwusxPWMmix>&IfcF4+kg+SZ}n<_C9gT z0r!8%m2|(=<2~4ClH?|O@jop9-AgN~pxi10w(p(4h1Bvm+~s+~P6Ow>kF5Hx$`2fu zm&V#Wx{{oyESJQRibevUg7yT`7QHakt6KzO5A*Rk-cz$hm@q0w-+7IWPfhY{-fAV0 z`7!coh`pBkHtHAYvR!`^ODJG=(NmEmHvUNmAf0l#ZLLSu(|;Mxap$s>(piL2pd(Pc z(iqd~wMSQ^1eg>e6yNbZBPY zGA$^41J-YpDG52axr{r-12{nW)o@_Yh@qUS$kIpXV{ELWS#x;NQKLfxWnS`{6RpJy zCq<6Tsfsr@vfgAPreeN<9``PXHCUf(+Rz4?XZ1|IjVgWJxQ5GuPP5#dI(m3y)R?;T z97lXz_|3l;CH4;eA4Iq{(l_JH@0`9}*3)GsT+zmYLnAq#ei=tVxoK7DwAQ7@*cnLlnfa78|12u zbeNw%7jL~tq)8$R#EC?MI4f%hr7Ngv6@x5OK=e*A+|_n!p#1KV7rnxE#6}g6g#JiD z4We8sgGXvOR)5J>X!#Jnr&~*SEcibpo6oPv_;1r-4y8+TEGQiAM+Oe`$rt_>KRI1f zZkE;!VU^1c5?5=A2)C(_fzgkCLFr>GBV<Ht zMxJjLfGUfKtz?EkE1Jr9Pt^io2OsF!b5VR$FD z^=z}|+=^++x^i&IddjlwA8)QLIk%NjRjPmMU8cgmCe!Z($(D&wOI-7q&DN|@+H2*U zaka2qix*!$DpJE=jB30f>;~Qnx0jc^ojPdzlOfGguIE4wvGJ-smhl)$)mXS$HodKP zvIM^UyCZx3ZE&0`yW?K0F7IzJDNc|v%NMqlAgo-t&({~CNmUsO6*DcCuy4FTTw*|SzMWrWly z6a3pXofl>}sm$MhjSHxbBlJ#kA_MUN3k5r(GTsotmmml01!U?l`*GU(qUAzu?nql% z>AjH_0xo4^yZ>`qns}BZ%n^V3{3kBw``lo{l$^%3n&_`20ZkO+CmV!fcF@8qM*vt~&cw zoN4D`=~Q)LYbdj+x7PB6yty^*EHAAx#M)Y(h5nYFQuR)8g$0T4&}9H~yC+ZCh)J8c zolhL1Td?I3y3?)Df(|nqoStdnAt#g$Fc&81Ha zWnwJ?-q}GLxWD01at%r*G~X1Y=~;DpYgk1KY(6)8oPad$C#L6@!`Essk|D@xabr@x z`CfJ@Q)(9QH%{ANmHtbNuo&lUk4f}SBt)zCv-Wd!FvK@MQWd0ZeJB6ojVL)CAKMpl zp0^}eigMMY>wE3Y$y}Ec6t*gzcC?doD)(Srz}9cea@l)F-+M(d_eJfx(eyP@r0~gu zVEF!;&%<7$(~yIA9k(KxhTh6$Amqc~>JV_4QCi2QJ~^vx1ee%1@%5R3X(!M8n}wfL z?HlC!FMZTIc!l43KDOo|c|t3aLDI&~`DhDB} z4o>pn{_#tdWN{Nl5t9uFB3BScmRAkNHc#X`{G#dRyEvVDr(k7j*Vna8bO(m(6q9F;eX-Y!EgkO&M<&X3x2g z;mg1jWOJ0DrlYnhs@DNEU;Txg$oMWL`nxZ4cO9&6v>u?9X92wvvXl;J!3tCb{vU550b82IjU9G* z)$BcGGIt!1yrf@w-y=df&aXZj@8dn!NmoSiG*o7~Cz|Hf_k`OoK&Gi8=}aDkUPisgpJAftT>nTB(Q0&YeH@OQ`CgG zxW@!fk%)Ci2R~x_NekMl&7Sil=l7vJ4&WxC=C;*|r#@%a*H!8K!{3|MqD?+f7x#5< z&!p6!qdsTM6p0_?g$0Q10XYf;p=QPev%QeFqWA|3zAe80deVnq5`UYHnwvn2YUqA1 zZ88@@irg$?71~4+6VH3KCVD*iYz#C$c7IeZtY+h<-Xpl2?OON2?9`TvuN}3*gPmwi z);U|%5TKo502EgC`VkIi6$9jO2FnsY{Z8D*PWko5IC2mtoDE0sfIur45;^e6ha?Ct z6dC`B@(XAh>!5HWeQVRA`QU;@WcNxC;j|@~BZ99TXOvkV!bj7mfNF!Nl@XVvLx^0j z=U&nHKbEfPojw1lI0C_0qc{@0Y9=G!l$we~gWN6h&r59(r>o|HHF7N#D69ecO0MAY zSF)IqCTDnBe`muJpN9%oFQaGFA1mf*5#~5l$HgOGQp+oWiFf47@@v2ayzuAvDS9|a z93ARn(68iMoaBgOj@Kbn+yqEBJ^kQm(>76(QN?eN8GfpSA8ac>^W)f}N}k`3y2Hkd z;i~B1CG0Dg*jEk9HxlRKaf?ILqmM`^7{R?lSvq)K_z747CZEvZ?%L4oo=ycAsT+x# z37WaL4b-ZX?*F99AHY;Hz4-%^=}YAsU9aVGUcJ6v?p?HD8IgAJjT0CUg0|#b9S4Qf zLrm6`gl2eK-3Z=Y3aLUxXFBq~A;O9|J z*x;WBUPi2$GQUyFC&!PX7J2P^MQMgo+NbGw5iAelMrn=iE_4;!VT!N#UcELU zCKf}qq*9Z~!CBr{ev27u5f|86;fVY0bW5`2cXT7;xlZa6*7v&!J`UIMp2tcd&6 zo6m<_GB5YH-%b_~#n-gi=sU9hj7^az{cwIw_4vKPfz+Wpym5Hcf+a_qu&lv&dd=VG z3o%??tHPSa_tUaP0r1U zHLx>MjKkqQ8P7HK5r0>XQK#22H>jL{sL&jDU48(oJOnPGHHSHJf9C5QSHfL_A_rJ* zh;yV4jEGgYVfXy5#XPM!IxM)8{^g6c9$GSO&H}67^Y9QWq>hs&!+Kx3p-*sJ7s>yY zenKNw!uH^17I`0e*b>Hw`?TMsJmKM}64N92Bj%+kjO*fU)099Cbp1{yr)4Sd3x+XF3zH(5{SP4i2#i&9-01uOK(kmq zG#y{u`dhts?zl6odW7lVe;W-;efsCuuw!q;MTr2~sgm?{!{V{rRdw!h#ZA-gRsG&q zeUNmDrMFAa^~=Lvm?ll#(YHCGX-Odk1t}z!mak+&W8nY;5KzsjJ&_xo6-$U~UDl7~ zTCNsE{7g+E(!Ima8NHTn$piPr3JxFYb5qsqZ#@-~ep9*aQ=UI}{*%W??*@ldO}p}w z)T4K$C9ZY7!xFZAq_m60teQHYJWg*MtC)^!+%t+NKX1zmrmts25{inn+6}3{vZr#a zCl(RlBS)tus;mYcfXaNg?1&r9=Au6Ly>qb7K=`;xU}lR>-5c4GSp5D}bC=K5edNzhfYd)gGgy=r8GdjufVzgAm!c~7#A1}c+ z-k?u!(y%|>g~X{Nz4TH0YtkO>grhOBHp*##rD_N$DaZGiX^mLnJ zEuJPf&Gk!8c*KfSYCGktL7Mb;!2#bVxfd5Avrw1*jtxE1OXO zCzpcgvLUW;<=@%f#V@}Z$MV4f=3*Q=MN{*&gIJZ`#TXPY)!N8=uq1 z3->|WvSZQ5L}FG|a10$RoEQE+IThze&(cp&IL!*PksGV!d_y`=@E%Ch_gS>IyGx^C z9J~?$iB&3(NJPReWaJj+2JsNfJzb}m*|AZl%rEz2v9#vt`myCmOj^z+e!bLgML^LR37s8Z&g zAQwn!{z~wMp@o~$zfV-zOvHcb&8rlh2}8cU{mz)6WjOosBNE^{%uNZpB!<+DPz#P> z-w)>viD4`u&{HQ?QQ@W2{$yzw+82IK*j87zR2B99dV#vk*dMr-bIrIpme7Ds9RN!W zn6xCqfxCRWn{6HATgxEFZ+G6@!x+9z6%wrEr}oo}VBQx_Wz0pkxAp9F>DN{CNCFmV z0XYlSqJ$;TJh4jaj`H#@HZ`^+=`akNSxdfA&MK;%Iv&|bpoTHC|BZj6=hx?~HXCbFX_ms7kD<#pIT$#y$+6u7ml|AauCNxl5_ zmkB1;ReYR}jWTt3@gE+1#j`g{b9}7WOR5kgslwMQ2M0W#$|Aez6i4W8t2}9Bq;79# z)=}E^A#62NUxtIRj+k*0H&k2v*tI`P7Vo<)Lr7cB=eD(dQ}=%ZJ*VEl)-*(+SX=dX zQ@FR;85_CJPA~LdwUfi(`!FEK_iqQk-(GWznKfhuD!`8?i#5f`tv^tP*KQcb&k!m&|dfKQ(Pc4vlA#yHJC`u*OA2m zwG@fDoF188f40puWXC&9G&G^E)$u({)UEKTP^?&>)3WLIVA^an-p|jHcVN`xJ9R79 zR*PA;O7S9zd>|yYo<4B}-z|GDVD~gDd9id^+nK(HAA*5`R| zayomT1ZjcN{K+&5D!cX^&=ZR{*;VPTvi%|B&9ZPL!9be4v;3_H~U z`x)b@PRQuWt-HA%_TNv7KirMVHEf(uOKil%37@z*$dmQkQ+JnxlEUF?)*=)mIgX@8 z&V+OjJX1$f31UTgXdakugxnQYi>IE76Ei?wMLVbu+H}Gh{{zA~;~@?n`;8Yv1ph&7 zCGz*%Q%KnhP&@KB8`HvguK}8HX2c)3LYP zK|=|5YUsmQc)(1`9)m<4GmWJ=%+0sEhXPc={_0>`=2TodN(zFYTy7+TVT65%`U}E$ z!fZ3N%&FvXd~G9+jexG9Oz(stT8Ud^{m#I6A#7`oW%+jM5!c56ucb8|um|iF(6?|V zc$@mrX%Y7Fgyq#X9We&S^_v#GRVNARi}M}d_>bF4=Re+ozo+qCaBQ_k6zhHtSEOXm zmh2U9WZfEOy?EP|nt}KH{RvAZ#<+fBxP%b1E~$)zSr1e_aS7mr06GvLyXfM#ok-kq zhQunm)}MA7jRim}y-Fm1V915-ISC@C#ggkLw(d=Ao~b`eH7Nf%@S)hgLZP^!P{Qep zoF{ebD7HxSb|q5`CTukX{%(E9{Y|rcy(<)s4LiPCvS^C!p}B!$g>H70rH*~BD~O85 z4C9C=5Ua^EE-e0p>~AW3{DGMw7IqfJw!)I@tHVgRfg+e`4Ky8mPdd`-Hf-PIb@ZdC zROE6l+9oJ86b3JwGOK#`;2P1AO>O#nY<~RJZ{E;tB6ganSR4(lvP;3N`m(=2^~HVcitjz=Ne3K^Zcdxm3XDp~xe#Xk&AQfla5=5823I;pDA#}D!cOd%0K>s3 zM(4yv{`?VqMvK~tsEkhckD!to{JEYm>s%9k4(JW&WgS;g8N@Y3kUb8}Om!AK*u+MN z#V%Pdj-o0MAuRF%ht)hQdy9Si@-M#DNVDjRxlpf^YF*{pHzmA>!aIZ#B5G~mHSYjztrh2Fe2 zLREzdmOjf6x* z2$pQ9bRD*!h{-S)?9N@D=}?D#OnIA2u6py}gNDl%lEVi4`8iu|zDQriA{$#(O>4ZF z9AOlwK+A-dCHm93U+{g{tq@!8mq@C=YW*l2>1HqX3v2ZmhLUn8VHfCr=Q<1Q-E3@S z3vz9_^^iTas5SeJ?M^TQ_NfVQ-vw;mLIwtcQV4Z>C!{50X|b6$`(F?$P8HxW}G2&<~pI zdH9;#5~RP)Yis)aHC&3xW@lPnl3X*aJ4JrUr~~HaEoH^uvlX)5^bA*Emj8TzkFK9~ zh7#$xe_SNXOV2IaV-W%*ALio$kySf0>)PxWo<|?L_VlT>EzrcY%-%9;M6%7^HExG{ z$@fS}!3x+Fmwfxn>unGw38u?6nxptiLzJwgC3`{s$&qu2C{CjKAJs?wP|s3)#B+nQU!^Sme;2Yv5 zV4=|ej;Ku3r1t)qMQ+WL4i!%MC>D8QA}xMAZeDPS8K~gw=DF1)T}LuoMG#i0N`6bm z!*K;OH22yoS?n`+E-M+@St!M7T3K==ea`ZwldgLp1_7}qb$8uF-j3)UTGZX`Iys|y z+3ZF1J(|G7y~3{}&yfnd@)HbC3CRzerbO9ztU8@>*A0l}~5)hf{`A`~ytq5Hojg1r&>G{oaJ8 z>pgI+8SwRqz`Wu8zkUC1U9Jdoj+Jo^se2t&W|vH^0z~?IEH@g(bB09;n8WPeK1Ctw z@}Frk*Z_!&hf7P-LnA%sr!9mMBN8;giuKL<*}SCf_5HR}w4#jr#jazfWXejihwtWv z_xZuUnpp|h8x^bDhdQPa<^fVe51YQkAI^1FB#o|xA)O z)Vuf&Thc1$Nw}pYY$ifDgP;9t6GQA2L-{j>+y`Ua1$K62Z|0JfARS|0!^3$W*H4PT zy!c+xyk7l_my|A699&q)@Qa@7pvRGCgt`<`JHmQ{mTb=%Bv%Ivpd%3f&Yhj(@qeN6U0Cx_PGVq(N$5;wMPrUMAk7a`>XSc$*R| zI(k@(scuc@$RWdzb8!7u#Kl+t{Q^peMdW{|rO*X@t`>%%DT}FcjRbdJZW5BeXMj9# zz$*xc1E7N1+?aS|a3wgu_Vi`n3c|XxTT!a;H9(gbG9qx$bWG%D;UjryC{&W3p4A_6 zd-FzeaG&Y2QAYRb!nI#M?q=?dfud~eW!;|2aCf*CH7ni?R`u&;a&t;UHie11C7%y77oN&-I`>l2s&( zWD&mHC&aJ?Xe2T0r7swbmNJ`Du@_fHofVV>{ChBB^My?SU?^-3oxN_wua4ql;pjAo z(@HV$d#bYt_yhxAFGW_-zoA1=vf>UUvmglZA^)1o=QkOz8o$MLCj(u4ylE{6_j45P5J=hUlILYvy z1Yvr&Sr7evhb|>9w67>VXN=2qpSO8pbWuLfY}0NO&CM4Hc2a*3#)oH+Z1nywKJgT9 zpIcc}dh63y--UWVng9GQ`koxJ%AiKnMjQFFUqX9diw2T6W=kJoasMdxrTRr`?D-2Z zHHH)z9v>e4tLj&Eyry|Zl*Gy{RaqW0Q<6fxbln0&5`C$Z^c0Jf&k|Kj@YZnPan5Gg zaKdxk2RI5iuIfmcF)iN5{I*XO^+`zS=~QGYKUQBv#G``M^^p>lUmQV`qM_E!!F#tS zZswE+ICku^G`RD;2e|3P)Tq!(f{ZMmw#dAaNLftTf#C%bL<@Ae3%Cq(~Dk7fS~+{7-W9oeey>m3}}n!0#5I9>n8zE)1kR)fJTUIIZnx%qh}+N+?P9L4$8uR&3BWM zFn!DA+*%zyo37t5lkA)M|7ii-RN-|c>BE*jTBgWHMV~r==d3vc63;{pL>kMp8%0cw zJWn`j{y4q=*X_r!r|2O(N>ISb2~Jjeu`|3m+mIiM!7ydhCX5o0Y&<`4A&LS~LMA4~ z)g1O?@*lR9qXgOxgKXC(v_w-L-^D}qbPIs@ho}%Nph#$)f+2WdmHO)dhQ@yaof=at z0P-m1=#;6q{}P>${U@EYdf-Gp_^T^eg4imqWKL3Ba!4$_Gtc)=$9~8{@!eFJWp3&3 z!pXaN6(Q~7BbIVbA`B5b|CgUA@iG5?h8GUx*3>3Na9AnR4?@hHyq!a`aPVYyk*A@@ z(6_6M8fcW-^rrU$;@i>o)DH}=66JVFkw~eRLBZy^1H~Mji9af%xhMj!{aY{oSB}4e zidtI2YLzDc49>C7f~OXs&>9kR@_1@=+K3MEYv#VZCz6R__C5lpe*zJ?_X!9eZ1e~PtJU|5OzXyZZqT6 zeC)(J?H|J&1e^a%IPl1t=)^;{u)8y{lluI&4)42;p5POQ+Lh^1SfzUqD6kiBXhD0} zOj+Io*F@d-TerrP^z)T=&yvWX+H>;_osXzje>qH+;XPMpDIF7~xQPIf}l{wOEq3i&UPDkGvE7c3aeeGk9%8BO#rVm_Mpc%_{T zffStZ9R-SZ1`aiDzgBKg^bEx@?c1kJ7~zlv5yC^Fr1daWQAWRqlLiJYS=BYgXy z^wVWlgyUXJ}W;jOG7IhS9o6yaMKZtYZhKaTKZgYc5$|I(o)k-A$oMH#=}JY8$4k$mUB;H@1*!mIrKU5vhcfL z;SNiP3O9=OQ_TKfEz6!CQ+^*_J8b1PmaAt?$iK2C)z`l-dnY+{Jfra>je{^`4N3{U z%FlVcP+0f&EIA|TcZG+b-@#E9ebGpTLl#qF+U7qPVd;_DQNH1AuUZm@OXO~y?M`z< zT<^9r+B$iih8i-cocG)~g!FkaOy{<8upPE=Hp<3HX%dsQu^YyEUGywb#gxUv8il`bv+gMwro~B|~ zGPB3lov50A(c;laUv~a}vD#~vt_apYm6@X(d#e5)(LOJxt~35k4tEAK-76_gpPNw8 z_^2PI4)cuxqjle`%5sXZ$nqJVlVR@!E@axjq}7J|q?4lRm6b)qM*W*S>8$(@5`OvO zYnlfMS>pq0pYkrKYV1aM!T<>8d;t;R$~$C>)qjR0^$E_8GQ2*OSuh9X?we0y3jVF_6(R zznF^b4&MKlLLJh5csM_OFFWGvQ=vm}cLp@CXL(|g(Q~_1i-=W-NInrlc*)B~MDB1+ zJ!n#G%LfVB!73j<8$FVE>ts~P6cTg~8`7BwQ8`d9X5*CC#$$b+vS)m!cAcmz<)OQL zyHJs2<9wJ=H0_NjzKn9RVQzL@M+pXfn77M0x@27Dv@$KNU-Iiv0B$EK3m0mIAuVsU ziK*$T+077J$FEI(?{=1+1r4*sZPW{92aFm%k=n=3;CW2Y&P ztU<5dDz6)b5=rAm=6BPmhNNRR=q$+v-ty?;a0`-C7K6;ZweWJ2In?kJOXT&}&hrzA zg-*nF@G1*lC43uxE3px1AWDP06&et>^s5wcvr?>aG9eH2e9 zXZsy1)}+Fpl>$WYji4PP49us|m7W7Wy(!QYmNum7k`t*1!+e8aqu@U4GKP8@-KA`| zTo;;Si3uu1?;j(@NIn3TMyiv?uy%icshbahxXb7ro96}XDs_O}EbxxR5M}u=Xrttq z;BLQ8XFNqGeTML<{r)!9a}OxLuN$hUt0=00 zg>{EN-w;fWEsC^PEVeo>&kkQ5`tR)gp$!DZM47zEPzbT=Et7N(v>q?eT>6FXDt)-y zwzi<@mW1{CQeMBce29I(&_1=prCdP-s6W~T5+da?#(w~FZYpZPt3Aw6;b~xLB1|wZ zQC_!*=!x5WMO$kXs(|(mGgLp{=@0u?zngo$Kx8=VTGHIBb8QL6&)2V+w)W2K%Q@Dl>?an(+dHEl z)Z$qPP6XkZ!->Vjy7c~D-apLr*Q#~+rLKHHzuTJP7FB=clA!yluNrMK#JnGBP|l}6 zvwl1;?#!Kejn!Q6M6@ZbAPCu+dzw@EH%8Jdwh9j4NLJUq`2a1TG*!j35f0sa7xwjW zY#j4%3IiOhmYtxN1QUTs6=FJL2nF^^7=lh39VFfi6odG`)_*drFN+-!!BRt1{?}8d zu>Lsh1VOJMrI`KiTZLt;=H;bJbvp@|WtsEuvx|s`zjS|}!{d7&RJXa5>*u{_S73Wv zM)$rI$Z0)}i_dSm0+#%3K6p=-zE@3sBtFnOUad$b3L$*-DFFgjh1057Bq}p>uRh{z z(IZr4y(<{=z2M~33+?C?JE9h!O%<5ko0~lP)4F}#_vc__WW?Ukz2i7AC?bCBXhHgV zDZ}a7f8;uVOt;$#n51MPD(oj`Qg{26{x;GS%%(xS#$Unu+)TASuTk0$v@wpGkh&&A zCJWCHtvrkx_*dE5xV=_+(Os&!A7z-c)yhBe&hll$U4d?&%xQnj+4L39eXxy}ojl%S z30rUA(|6_ifZeI=7n718Et(^rtHc2)(%9T~2)_1*hT5|)no^f7%PPZFjZ*l@w}qh5 zmd_3(O)r~>x(g`S%+sFA%6c*n@)6obgXWyVaW<(T&phKk*}-&?5S&mWP?x~H^njyr z@JSqPLLnI_@_|n`M}T{69Vq0FApXqqy{o%N^RM@!oh^1^=j+=GW08Z7>xoA{8` zmm}wku7S4gPVo7mO+dEbUr{(ppwv?K_PiN@TBzMR4#!pEJ0Op_0M=xJ=I+~EAc$^W z0ywM-_pVBF@{X(+A2YJaOpgcWR3HhavfPVF*UIU9=-PK_t@rmH`Lx#HdLxjKuUpw6 zu%^9lPy{Z^?s2aTul>oT%R)rNV)c0x#)c0?U}ZE0qs?_THaJZz9Oo7qIM=jla3 zUxMLTeU^H3oin$>EJ$y5Oty852Mbd35(mE2At8mj#W4c$&`Bv8M+M)Gy|ksb3@%RM z)i%|Q{P!03D`<`AUbPXE+H4%Cfa+PEwWm}0j+9ka<3&$)b!^h9pLWJ!`*7MVbS)9K zBJ{)-4V>H96U&wlb0 zxw$?|tIb`Y8{`Un_os@p_u>K@MEvHhv5?wlVpi~%;lEpWu3cc@K6sE6bI1AwYsLNN zn>g}XGu@aJRD}l_`W!uGr1N=Ci!RWOlIYCCN9jHWr`hktIg{zCziTcFv%eQXCAGZn z(7R`^Gl&bQQvZ*pua0W+ao>JMcc*knNDB%|jP6Dy1Q{R#ACQpFjYg!TyChVQlomEx zI#jw*I!2G!_U`+h^ZWDJIeYfc?z-;lzOF8mKmU^U1YI5fj`C3fN@X zO^~&_L_fWgPl>Tz&p8}%hJQ{J^i?9XE&P`k6*9$)pakNHeL`#k{{2T!Rik^34lwwp z$XFyQH`cEXf&$ni%CzmC2N`*)3m)$R8T~I+r{`U2of2 zZN+I|A5sy9u7t+oT*iG1^F8*?z4MiRFB6hbR?D3ENA2dj(pL?COFUd=Fel^QPSe8a z-z}Oa#4QfGje|jb%KB1<5pnYRK*Pu)$nSz-{D9^=5KAZt(*1=G9PB(&&7trjR z{{@U%XmG_g?;a7`zmJzlq4T|`_k(lh7Q;g2uShd}%XNQ)*x8 zy!gAD#X_Jbg5D0evnEzHK40AjgaC-#+ctK<{hZ5gZQk~eZO|!c7B<^^5oBzc`{0;a z_Q?im9<8z2^Qe*WA~M*#YM9~J@n7g@FP>*O*fbXeOtO6__2wor&9ou5(y8S9erB#q zqXSF#)(=nbQ

f%%ioaOU7kUk5E$W+Gzx6w}f(W#Z<}7Q2Zh=?&R&Ea0~tk0Ca} zc2WU?6Aw^mf4OH^#VM$}^B2Vy(xV6PDs_R2)he~ zj@p~vpbZb3eb@~TmFYCQybId`XZ|-VmwB_f%J0OkNPzSJ>%h}t_3Ta?kXAsRr{3F0 zL|@i6Bu+78@*X;Lt1wL9o}dv3I9O^0y?pU)^yloX45btF+<}Cd$^Q1n*W%))3PVV= z!9Wy~8c&uVHlG3DuV5C>=HRYQnYSs;`V+?CwE|1GFQ2_gdf)iwQ-z&qf;NFVnIbV2 zWOm@fdAWhL?03rADv6fl+3)DN_W$k&J$*X;Dzdo60x7i1aaRjbT3dy8^}qDD$B{Q& z1__L~^sb*_KMX%&ct%3ft0G771-=r9o@f+x<6kS1k|zvz6-7gmyx&phWB8Hj?3?U{ zNL$OtWbpP)FBw_G-eq_jM-lvnEx`AB^(2F9b!{}mRVt93?8f-I<8Qma<@V5Z1!oW^ z5pw7k!j%p0b|eYod?z6?oBD+)x>$~0RGeTVcVNSM)2rJue^;S~RCkA#lQ}}aO53hx#hHNnz$^B>kbey);9C>5 z`33j;rVy?Qm!gT*jV1gBwFF3xBxq+Xp1d+OJSQSb71rADQ|2ubvtV)GT z1bIsL!9|-Wz{A4x5%y1gCmO&#=v9~#0Dy-EfDkZfEuM1(wHo3{kOP1WGmccUyt1ey5TKG2smcR#v!Pu`vo}%@@3iSP+f}05w z68gFMNpkJZdOBvr(SYR%D)}-zbd&b3yp*VjeP_V`xJ&ZvMTj45b5RJ@xH;1vCWNan z2$RejMF1%G80|}pR^Q1!J72vgj`G(hKeTkTWFlz!gwB8B0wf8*#1;l|t$SR+l9$Ir zxzz8lPI8|Ze))#9-^555_Q;vSW=aJCy3`eBTT=`F8Ah>PzfZ$`U!{zOlw2lJtpEMl zzSsP<8FEPEO-Va1UOB(6uAY?R-oZ_iM>-fihu=C0wbfEZQ-24LTs}$Qo7x}0L%A+i zAGt*Il4GP~E{f#6omaNQkjLjdL@&nr)+j%=2j8@#J3mH(TPryZB}6%CQM1`G!u@H zLW&}GuxLU(I#~EY%B{NjSJ)!pq^OKQBh!M2Q_q)@8?Mr_n~C`4xfd(0;-wMz z0(X!%s^H6`DVwM!XPRcS39cQs6nmrdsNS`|mD?9&tLqFXORq0c1ofPL8A@SqP zyqz7P)5d7>JTji7(`wC|>D>|D*e>kg=z_oht9_N;CFJdChE z;OJ5Ce&{F+TW!Y0iy{W_eh*v}<8y!#VV}hxNQxKE^Z;tQOuRZgsU(*1(dp%?nY@vr zj@m;M(nM;)6*@yc4|Cq+WEzrI&}v&G;Ecv(%H;&{r0LhxnHu9rNkGyn*1|@69170^ zm&zaLI!L4@7YMD@5h}i|5ze_M@+3w8d3uy=h`t!+y8Eg)gEAR^_Ps6S+8-N=8S{Uf zQN2qW&vKPdY!ll7JxLndOs5FTHnt9&7Wy@Vcto_UQ~Rv1xbkY!SMlvcW;0xR8i&VJ zs(utu6=l#0%KO+g+oIsm4kvjRcRJZ#Iri|^t&UT&*oOl+#*e$n_A1YR!eg&(wf-a^ zsHhKebJl7!8X`%?^rw5N>}Pqfy9jD)q@Flv(*e^L-PBxy8cXX6^g@{xfxVaLuGryZ z13L83qSmnSM@57t+iZ*A^CoN8b1S7eF)oVi+Cb2JX|LST$L|gg2)WtN*yj^t3S+Z= z)wmcHys?d08phVRcuBULbMXq-g$|d`wFgPPI^IXvh%dwI_?woU3zLN83YWS#nVVWl z@A}S=nc$nE`#V@Mrf2?nmh`_r>dh zX?%*t#yP($Ueo;?)nFQtDcH?6eM%T@Rh*BYZ6tk9uod~~>t}#h!VZ3r+5FE5lsEVH z1YjAxQ_N`*Mq5~UPYTRa`$cO0%$D?J!XF+;9PE+rO6;x?Kd`M=a0t1=8aNe36Z(rr zaK4AE4l}y+n%Yvw6A?{LK4kQj-Ui|)SC=zlyvu>`W+T_Oo#X zVuN25;ZiZ-g`937+i%@0E+6}O%tu*3!MYDbOf0P8rRZNyuC$Y%Scp1&uNO;`vYT=9 zIdttE@XzGk5Tw2Qfiw=Pe{&If8(%A_{Fd^PbiVPnbxYL5|sPS8-&;I6wo$ zIA0#W{8LGI_yO7HALXD!5DPu~-*YKa{q1HsJ1nFev%1e@11~v4L9-@xKO`L8XEs93 zLq)5hZr?;mNXoej6q8=wLyk4;4Z?pME_mB6qCZkgxOAZM{TIfIW*25ft-h|#mw(KV zW<-dP{9ISiDvW^XOKLncrkVV^`wkW+25@qdWPjrYws-Bz!Wls+oxCtx8c%*kkaz)( z3#w>(U%n%&a`)z+8LhH8LTw*vjhP9m6 zNx*Ji_X@M$DKW6ou%`D(uX#oOQ%K_J3xc{BZ9+K#Jv{My_9|NQNvyO82a~&FbUel! ze{TCd=Jv1(-rr!m6m!;GJ>Y=7_CTS1ZF?vijSR~d^1X$F2FDSM8BIAZlCgX@9uU+N z6c7@R{lmoN%p5WMuJ8eRu&scMhRjRbg==wE3U=ZklB&!#L@AzLfn(Q!FzG(pI6T*e+C}ZTdup{7b$sCHL9b>ID@a z!_)2hTmP}_dhVc2(n{_`^V|CKq3`G?Xs z@)4~M->3CocP-ppi7Z@EWAQ3mTU}h0ebG$m#{{qi$k51AP-5C@Hp?W?#MSETY@C5V{om~kN7+Gc z9u)z=fladvvR#;#_^ri<(rL2M{71}b+nli+Y_oQ^1HO`Jx~FQ9(Ao=sU%TFh^yVn? zajUKISa+7VL3>=}c6!MsIucQ_`KZDw>;0g`R$VLU&#{9D(uJDYAX|8;O2Z6!9ofe+|RVE2Q#kv zBaa`Cxqeo&_=UWpe3?qcDS>iIu(N(E_H}p|;(RZjm~85CD>GA$&I&(1a3n`fFdYR- z(=7B&_LMDQMn2QY=*5`qW>?N|$qy*7TTa-YS5grC5PZcQ>{ z+NWV;t&JB3lzjsgAC#MZm4U#7xaIV&R-EyMQ}w-_Z}qNTJ={&4A&1jt5gM>Rd|Gm_ zTx2^RGC>|6SII) zvUba3^i|oOX4HTXaAShWGD0NDWsStoks)!pFX_k{PE4nZnyV1%xNLw1R6FA<(MDs_Qcv!NPgfr6UO!TwpndE zSj-OAI5Qb#`*<;DunqU%SzRlOUUIhGyDlbTx(9R|%Fn&)$w3u2Orr9Fk-xc)HO3$e z2jgs>%U4|q)G`JtybMIwpRg|Ulx2!~n%G9m@G}pKt$lzUxaWqc~lU!t>mwyQ!oXh=zIGdnziMjb>=utTbv%HhZdB;SH>ZA%*e`j zRQcaQj>*!l|53W%^o1mReE>5hYj-cM>H6Y#*06^SJfCevbiUqo(qz}zgCBWy2c2QO zO|j@TF!dhXb?7G?|8Jy7&D!SwaRHuT(*m*D#Mq$|c37>#6t)Bbrp?Cl!nq}T8@mvU zXXq@+wC#NTnmZ>QbUsLfeDaKx{W<^e)-QnfAbqI7WIx5&?#7RusjriU*Nt5cZ>{scQ#+)h;~kXD;w# z1o(HcYL*(7kGi}^(5POUiIR#2@qp{L8keXw@Z#07vBTf|;m)=S(x#v%LbL~Ej}70t zO;#jumWw(H@v70W>Y8fjNQ!RNh{&Jt+N2G@0i*`0Cooe{trfwrZ zmF8teo8_gat&>mhWa{aj194YY;l2o#C_g;7s>D;)qgL_O5anZ3rjHxwT{wOLz0J+? zw+{2LW|Coa?mP~2?!hnWdbdYyTQ{NBV4C4G9{lDu@eGQ(ti{&-Tl?W5@HzlTBeRh2 z3OQ8VevCfabA1zb_(M7uO%iS_(e76Ek|Atu(x!#n&$%qP}tCM>t()XNhbW5lV(m(7#`MVol*W zrDMc}z4l(YH8Z=&k#H$Rz5{s6vXrjb*fVv-`)^A{kwfXX^{DO2KzJ zL+wqV`ms@V0O%x|s~&*QmyghEg!7JHLmJ#3vx{bvJ77HY@Z|(p0Idf%*kPU@fLaFT z>}Aa~)Sz&XIQHiS=$#f;PcgZ+lk)a~=6VlQA%=K0h*mGNGonR|p8V@QFL$MVs(4KB zp{FJmbW1Mje(APlo$vfB>+KY{`#=Up!(7Ksgjg$%4hPZq_m{}5QJ1L$tOq}_-8+Ci zDZR}yK23x%4V{h_U|n}?K z`Iie20$;2;_$|OP@7|>_dC{g{9lytj@M@A0&)p*696ZWaE8us3(IR-V3Rm6a7!bnb zE>)N1R^Qf++y1qVjw&yMC5_lXcajjNuY|^>l+H%q4eepnJ-6DMHoD#~GVj zVYkpH@H_D62oosf;Fvo-|7FPNw;&OT31k9W2!;Ijr1}(od}}CKlooH$*_?R%6AHMgeh#ieg#thUC8f$#1MaRwqQLkhiTh5u_k>ca{`v%N(=1x1p8FSF@Q96aQ)Q7@1(b=j`awY$po6_*kxNC{@_` zKQK%>Mgp^D7T~gb1^_nFo<~Dm11m`{suzBU4%)*!LT=#3udLs%g3;0k;8xkem*DLV ziG79c*ccGzELX6TxZmEm%3OK$iFl*?eFu`zy1@K{r2a48DnF2@-)q#_g}ioAAALqJ zpffOZ2^S%iuKpM=^3W%VfI%jakJDT^?qxe~0}G3u1$zvUiZ!hck>oqREWDqe{UyZu zOUnCD2mdL4=@Msyd25y-Runy7^j68&qE3sS&y6adc-`OU{1Gy|j7?h_bH=MH>-3*w zX}WxzrOHu`c~bbRMCkFQy48F-0x zL*0GJY7W6($b9XHC0v_aAMz#3R#zYpSe_35k0wE$_K1L1mchnW5QXV6Dfy}z?4G~$p?xCXC@7*-e^S9_{tXVb5QRCH-Y}`DW6uxiojNy{eFH6l zJS&NZlSqADHgZT^OSbgqL?WVK5W<$Ou0r_s5tptG!W{6kO7hm~!2`O5XHPH-QWJpZ zq4NhUM?9eh*5(Fkj)OjmFhxe^tBYale|9>zjZn^kj9o$m&4~q3)XPY*>IuDTFk)0R zf(JKDPy_fU_^#1)gjf=B6!V&@^6XnNp!@LhGExesALljBae@;ngW*%5%!hk|<*7Gv zpl*F?M&Ej*CEO7kE&h;;o5u(L9jbb)a=URKYhH9F0Xb!uj$ELb2)0S1yvM~CQQ~dw zdm>|vUf-ScebWd^pdll39lsr!h%dCgVA@;S=g<}88N*fmA78L!`q#h@a!gy%&GBw8 z<;N}}+jCnlv3XlzoQXNz9X{ZAB7_fPzRM#UWkl@AL=()Z0XCh?}I1%gfqs(B;{C5vAWjY;U-x)Bsozyq18}GH3 zzl#g&+1FmQ_GWps1@ibapTF|-H%ud-lBT0%7Jd~htvCHx$Ah7Be3$alPvz(!jF7!eMJm`zWn-YPp;Fm)so@%r!4D|aU=z|SB?cD zb2vESr8vQxB0nOQ?VaPJp4|H%(Eb9R6tmj2D*-n;2P;2Fm)e-iNFF6_a?2cM6Jcu% zKG*bVZRtk}5cu#&cC@kn`S))v|C11%%G>9A()}!IHYSSq;_o54)AWI@yQsM^hs-6a zh5PdgXH*U&gM`Ierynp}kNUA8R=8eiTjB@B)e1&1#kBRhgUcWS3ZM`_yp3O(zIU<> ze(mh_f+z%8_Q7jhhpQ*4^LV{0woCpYvS@#WLmUZ?uo1+Eb#Z?7t;&Z))h^TgSW9(D z`z&PrIgY|b7@v$s=XFYyoer7s2a59IJSJAthc*JDHoDUWdb`7~Rdw&D^MBM9vJ)Q9 z;CFwpq0Yo-NTIr2BUH>*?Y+4oP7c%+0IyWQwL;w25p>7R1!0%CaA#*ivyHP|RZWDt z-9VLGNOHWwt;0LNpA8E`t*{riZEN6CjoA>#@e5gNg%eB*8qL@;Pm)%Zr9=hX1`igI z7{pTUc$4GdU6bRr<2Hue#ld$L4xqk}=T*2cPA)iI>UlY_dUB8*zgb8|gl&#KZ(wsW z_*q1V{F_N!^&S;<>bY;Gvi%Hbz4}KfsPz5r%X2*|c;=&qcLP6aHK2hXv#&l>4gARY zHc>M7kq&?K&9VHc|3NklXjA~x^7E`Tf6G-qvmYB28XCigVKy(McHviCc=faUJCI>y zKy0W)oHyQ1ATg#ye2c5){NMNs{?TKlr$1rCPQcLfA{WTh7*@2u@h4Nr5%X%ZZ|4^3 zCJpSq^Hh#rNR+1e2HuMYSp(>4mR1rT{mxiG6nQ02!)-<`A)@h7F88BvOY7yVu6(*1 zL@CrasS%Wf_Fr7 z?(*9#e7}>$d(JaW=FVRc-`pIMW=y!9vF1Kx|>&q@h%LZe@L2?qOD{;JoTG4pLE-b zfi{vN3DXNYTvK4VlMlq!)G!ess`dB44A}%MY5DZTX;i3|^l>{6i>M4(eeiGsTXo75 zi%)XLisgsG47SMJ7#XS?r7!N z88PD{W?Fo*ubS(95}}0r_g7kP#Vw|U@QA1_YMoy27Kef@+-RyB$gF2gY*t}Y4tbK3 zvmczHwp&ksNj&*wu~ofZswy*)le{tgkik%O2jcVmkuJFzJgL2+gquMXy9S|4iD@E< zSL=@(QnE00q&g(~Bo*^|XI1_!=c2)fgY1egYv#9LzHjIm*RJ;`4!K^lk+!N%$Klnk!XjS~6Yv|!o)VHSWTX+~s_Rfq zKmXry)WQ)AwV7U#3}s;MY0e#2=aRN z)*->p9%n*EOvLuIHm7|DbJJs>2q4&1ls~6`UgOJy2h4oEl*X8Sd|~SB1OFyfCH;nR zTtUv_YUMoseg`a_n>z|<MR8BCf3;8cFbi z`T_EujJxS*qoUB$-yKI1NeOMy(k8L_1FB8`r0I^`vDfy;Cb8i#0>EH?;t_{M*Kzw^ z($3$B7aB9m^0m8H#AV5Bt^$aj@%}7H;f6+cv zrWDJ12*QDm+5R<6ot2d@7yiSt7c-!kRk>fs@#C*Su8KK0-;4{y9c+wb+V8N$@!AbP z8wU%gXRxH0s_K&7zhCwaqf7dQp>#^l@Az<_V}AiTG26URYxJ!<6dpc1(N~+=tcjH3y;SVzWiX@r}B z%Au#)5`cZHda<79RHQnKLB}yL+TRRS_Qa_tx!_<54zpMBPo9^579an8MG~v}x%R7W z)eqWrLgxqhajDuY5mIc++Avytv%kWOJ940yZi2OYji0buz}@yyTDhJ$vPf%$lIt4p z2sN5Kxwx9RfBb{x*xfpJ=9Sg6q-gJnftbUp`X*lzCoz0?_>udw%;%f65_k7TX5l$g zg|4Bo8WKEQ^3RaR+5atr78Y}-sDZxE8xhE8vq6!53SJiV*C{$Yj;23Nr{91q%JP_g zjYT!&0P!vlK)o+HjfFRKX=8_4P5Z_OTGN@f^I5#c?}C7uHhq{36U;yK=#g9yprM%+ zs4;R?NXb_J`mu_tscD|Ja2>oFn@s+gOX0{5kJ&f+7=1aDBMZGa@PhuxlYUfJvX7E@ zyH{wwZsZ?T6RBsv*zQz70uTmG__c^a1|I8OIg;!>^{EssPX7r3AtvyUnixv_2V(yf zb&5i|L}6~3mdw1t!8GK>+}1;2zpX0f(7i|z+Zxf_OXBWC%ibLD|8RrA(XnvhyRfjo z`2&Mjkv^eLEOMq?{slx-{7 zlgNLyI{NYUSSg7?#ZT*&nxxy+ngb9}H@!2WUz!5Z7^hAya%ly+l%(MS7V(~vOws9I zQbToxg@jE^ot-8+ifxruyJ_)!*zsz-xrHf&7)wdXLqkp6R&(~$bW6%C20zD>e0{*j zVq+7R`<3LY2s!tXV(}&c2`ip#h?}^;qm11AJxsep{uji3!G$!r;y`k>uxmYo?LnfOxwW&GWj%OVwNmEwHt>8&e*|JWim%`S5Y_h zXp<)gXECn-%KNhw+gR5pk);?l)@ao@Bj>1j3+hkbI2H;+*QS>}9Pw5VV$L+EiA$lw zWUkj-N=RyeUMWCaci?ep=*5HYVl8K5iVnfo7pIhI3Q;v%`}cSP^6LA2i8e-D>N1X?E)0=sK3IT7)`M3bEIE#7KQ*DDx3|#76C#0&0f@0fng5c%25eodMV*P?IBHKp9Z2a3-tc zTJu2G@ZL+0u6kElgf=NJjhUp5unnzQK18RZ!IMIrFrGk8C++8JCR!Ofo>B|z@Myxe z4A9Tl{H$IeD&8-EraL2mpY!pTj3Qu*^RCIk(<%H4km`)mBor?CE#JLeZgh7@_*-`B z2yV5XrhXMQ;QZ#g>UJipz-M))X1)d7i1xO{Oy?UxpX=J|mOY?!J1TrRMeEuc5njFd zALg2FjfD2Ur`-?jRK0B8^%pEb>4n9B{zpU>f1mRB*a-fTNwWf;!c;z}Tj(*0rlw}o zBvACi%IPjGVpRM%6c zaU=l$-`i?b-&UUcQtK_|n6PQUw=TtHLh;*$NFKP2q#@(8T`tm(h7^|AFF1Ml@8y3ad`Fd zl^7rcO5}SzH-SHy<+M5iqPTAqBnZv_>?5>E7gEhG>WH+bVmD!AeC3%&df#-2+fDU-)hOqw)a)0%chZIL=jo7ml8 zy0*%A;r-|K!v}UISn8U7sidfhX|b^>w+TZg2^(3v08e&k;US6f7w9xbq`WUY65pc3 z1&q142}W%?9B&lfGH;HoV&s|7JC1i7)Osg>$=Q%Ir!NkcXYqv@4duU(uD1GuG@mmG zT;R)yJ!{X@~Tp%Dcauv zm{cfLJG#f9_q^=%@Agc*>?HMZ11cJ%3B9etfU@e>TQQ zB0101i*b5InA4`GbNx-+G&a|BtZss>Ch^<1?i1-s&KEdFuLDKdeq1s~JiiD!2P=6uikErMkXmd#4P^ef$uBjC6?9 z{k?XQoLv0iSq6+XZrfulog4;+DvQ52(5Ximh-5m93^N8sV9#~zX(}PpX?* zZ`9iAlWK;9@K;Dc%p7-CYHLF|)=RLaU;M&DHRnY{k1D0AkabDe*q#W#R_Y2ExA5-99;x_V3z1 z2}rlTP!#JA(5FV}S}au&17*C~DnWqD)-U{@FBpNktNZdnmFYEma_D^k)fdkQZnGaw zwj}^8`bt3N1~)6KA1=oG(eJ0zu&vj5%w!t+PXe#--`gLyy=_@3iOWjYx>QtZ+_G(! zi~oej(uapMC-k%g1m!%NU=e)Ms%*_Pj3hpa7-)i6RKdKk<8SgxiG$aC=td67scXMh{4Syf_oD`iEi>21F;d_ zQ51O~?kHvRmV!Yy-Dv!Jmh{qRE@0u3vW#~GDXJPeLahIi^S;OcyrkWX6b8KZLJS)G z!yg!RKO78xOo^(QH^dLVOE-flB#Y^lZYqOk+~#88@CHISdY^2`YeKJe_tMF8oBCDH zs_lFP{q{^rnb3V~Pupbs6?5qR`Yk!!DW`BEe|z?)#9fxc5%HD_?))X+XAf@6LZe-Y z3BDCj*uMFKT?vd)LuYBfCHR4Z7utSfe`|o+gS$p>GE4p=MD4$!=I6<+x6e8ALWUgUo;`!i?$@rb4NwkI2?NgH zuZ2qZO=roy%C})|p_qAvnT&h5;|)v|U!4IPY%K3r(oBL2BI1KY@8_GCGQLSOM)A;e z(W^wz&Rip#gyJbpCj8v!U>U=C6C5--`zLxvEbrvT%n0&JUN07e`IT&x{e;|_gnuJ) zt}X1FN6H;;teAXw96-W@%Mp>wd5@{yC!ZUWK-h;HQaLoqFy1!XaouqF_H;@6PS*RQ zpqKQ;?!Sc=!w*@AwGvlgbT4AG)gvps7fFjl41rTQP(!wf4?{OJ$%~5d&Q*2r3XbF! z2XCjzO)e+xAKlR$-R}E)p1c*b8`?9UT#}=t4#gIsHU^LT%IeJ|8v~Uxzu6>Qj>8gc zoYt_Yzy6Y6?PWO8+g!-YT=Ur0!nJfJ_ZqbiK=_GmZc6mA1Jpt6jA19pn?IRbJ zZ#JYBZ#3y05~3xXSqF#tqRY~27^KU1)hroOnN%OB@Ho!@13k~j?I~+SzvRTbOq;gL zuYJ2?+gc9e1ZEiBTbNNqXEJg)&3b863z|6G-7Is7#^?5*QAoA^`y{rC&hV#P zc?Q&S7q6bu68IG0E4OnO@6#Z&B4*Tu4%?u%6lKc6KW7IeNSrMp?b{*H;;}<;*Ga_2 zOYxA~n<}QeFfWtWqr3y^ZznI3M%|c{jX&5@AiW!zYp7k&@I_fkbQV0|wkXX#xcv5V z@CDZGP`UKf&_LZb+w@{-iR%?Z+ewV{R*fE;ke&_#3jS9e8j+Wbvr&=d>e{bA)OJvZ zcdmYiUD@Ds|6~e$6}3K%wPoEP9M!;beGRSjSn9RG@sQ%Cp|SRZR_9zmX?@Zo_upLl zutr>AWX6j*BEf%`R8y$ZN5@2^zL`RW5+qKqq*!SPX>Mo#% zo~y@;{2v!UX`H9TmCR19M5xsGMVYZ>wec%a6YF9cQel={Jf{a4?!`j?xVZ^6q5_tB zE^TZA4!;!yoJLdb9E~M>7M2bf=)KBN>IiHyk+t80$5zxjm0;4ok6=K4=SAKf$$IG7 z5ZX1|Kle7Wm#OP9-X4CG+1!r;i*0swAeCKue|JxoVD0I5X^I_;%a8>0ql!oaeuA zY8kxXzaFEJWj`eWkF!vS!Oa4cQ1lA8o2A#g7M$rjY_^^Mp1LUP(Iv-RBp3FoAUrh2 zY7Q6op1tL^>d)te?*5KI`~2On33bV0XZ)Y=u7URz)Hsk9qPd+9m9^>D^_&b}w==yk zWz|hJV??|Ggg#J=Jd1fISyuT_nb$DJa{$=HfMKG1q1HY-VVCW{!ozf)^5jB0W{OiH$jRY@epx5jp+n2L} z13R|0t+y)}^?B6->gHFHC+00#(U-6J#~wJ!gHn^jm6>2Eeb!7c)4pj7Tr=QII!n6d z0CFCGWv*NIu>rXIgCFD2C>YkT;q6p?*YjLZp{}f~ZvAEc2e;kx*w?*wpb(!0Uw==5 zD~}@u@7-e2Yai`%>>jHAYNB=jd}9$Tb=x!Z*(kV~FSDoOPu(xz$6*FxN0_FrXzRbB z0`Ea!=fB3qt7G8I;ZZFI8Bs{Ttb5IG@8gzVr3&!o&1EABfa65Ff|;BFb7aG#)5#{%#54b>m*7I^p&li_#Pa5T*UHF z9jonFf|1W7F+Vrb-FT=H5gx3LwGvO`afpE00F#{|iZ`;y6#w0u?oo)+=}$wPighXC z(W|bZa?Fg)3p)B%e~KEMN;HLE;BgTtlUQ6d#c_g}-@iBD?)^yx{6Yq})8sL}b~;Fq zp0aq1oB;IUH}`f33FmHl8h2I~GglJJ3m@gT59TGh3@!WO;xXd;| zkYvLkJWx<{Ed@ZP@LNj2TSIeWcd$3v6)vbtgRAaIwE*M^*T&(a+V#?C^R00Um;R1_M)YD8c0Gu8TZA;^Qe-Y2w84nlzLQ&z1(@wpYm~X#=4Iu~8 z(kINK`deLzoZcCk;sSVHPAHdDP;e%ZQ(o1ZF-8# zQ4REjq|v!8Tg1(Tw=tG+Hr3eNs;{5N6dS#5&3xzTX$sM}*~(-em&{!FpHq%qy)peqn%=WH;o`Y|q!K=w>*_z_=phB;Z{F&IG=(vkg~0HJW_0 zJy!_p?4_!qJGHyZ3bRALl+p!cpepE9-ZL?;O6qNPU%~viDevuWA#s%-9c;m?mjCS& z^LP4-zSYMzIa(7tK$Z&-Uo(m=y{A|9%QK$KUG(VHonB;l)xAyL_A8UmNg_fKA6SPF ztwCP0*}IE-ajvc2esAvr{qem3V3c~RhAW$H4y{vAXYpUzW%w<&B_BE5Ijvp1E7ksbe3X1s-G-+ z4XSaVpzK~d6{i-vw~UQGO8hi=o1LV^rDbH)OV=zFNk!3r@>aW@uxDiF=fu+WEDp}{ zb!_mUJ1sfKOV)t5*WgLnNqRXXbFEF(!dIz)y?=1X$uRWatD@tenogvEevu^caWxeG z3j9tMSR3}P>CLL?B!}P5NVi@Go7?ZU_p3NL<+w)KXz8M_nxui>?Hoc6h}bfQj%ISJ zM$R_}XL3DSjvVu~t>WdROt~B4gh84VsrnVd_GQ@v4E%hKsyc6IBQ;g|;`>=GSjuuJ z=m=aVBba9R&57_w5uULkbV6eN(F0~&6b8V9fBXgyS)TBjLZqr%X#iEt@4bu!`iq(_ zcy;{gyaU}keDq-f*yG0`PD%F@7ltDglc6D}rA5q4=ViNe4-6^d!@U#6H2WI!TAHTZT)o$JRL?LSa5!U-3&!>YMo#$B?w~=tc)b;*8?(FrCi1&jCRocne z%B7&S-qs6hfaXv44|^DZ?8)`WsNR3tSg~6DwV`_Yzh4x8w4=UizcttM;-sSfs@(>Sdu7XF-0RQ6Vp(9&L8W^ zm@IbP^VQouDsD1xKayr;R~^n=7*v;DX*^B~;Tdj6L@!@)T@ zwmeME?COc&#j31;IVAV&h@upO-@OKQ4vnX$Clg-V)HyY`{EU^9?go2F3e5##@lq;Y zo6-qZc;9Et5@24|==Zhxq-o3govN{e`nJe6AH?~N6~DKv^i5R%$6GW7>(ecxqKMQ| zJHeU1Z!No_xqRH@5PMiPN8;ShJ?Gm6yYELJqRm}&h#==Zl#$l!dBmsSkS#$a!WtKg zt4UkQx#a?>%G-b*;t4gAw;Y%74muoRM|+=MT&!1kwG|&%#ecoY@x&1BEHto=9Nm%z z`5)=BNs}K?5alh~K#ps0l#;?{Y<%nkUQPucF7#IWk_^}&P{npP7{dH-91JR1+%Q8# ze%SFcE%Xe8JxWRN(pNen2u_%>*;!g;nv@TvP&}B#rl}_6tif??Km8{de#!3ot4=YC ziv^KFlNB!Haqiot&2yb#@RR$NLMoGhaV{M=QqGelPCdMEnf;Bf?xF2M@#l zdf`b9lytOVE!FX;_2%38C@@;)e>P`VgXlK*1lRvpgEKp7#~F6@#?$WojflQ<7mvgo z`#iB5P_+)55u99UqrSSsuvunhyq*8w7b-;D2O$bE9_Z7VzsJ35P%LG0vwPqFcJX01 z|G=9K5=HTy9N!A%_?{3>CD|{h@gvuswT7~Yyy?noZll|&<;p0VVtWK6H zoboJR+SJeypwblBVQp)iwzQ9Jm0yXqF zHQF*jPWbgVGGn`gV*;2(>E{)6*)>QZMW3)ZH)3Ya>(eWgyMBg-lEO)ro}Fc!-azY1 zM&;RVgS7DSJ_Q+iV-@ybn@D#nrWsdhn#NkF7bsD0PHl+xw)zV9P9SJH~`)c`u|AF z|Lx3U-Xm4|?|(z|KN;Q6Gy3mRnfeEMb_>p{h2UUJfD4|aQuah+=r;+{i4=8p_hT?_ z!qCWx_&csyG<; zME^6Os|SE+p64$0pZl}`{M7$sQ^R!3=(?0q!5D`}Y{VPtX5j@4dt2rmpq>&)$+|PVdFt z#|3vVZW!D2PN;zt(#uWdCZyct=B9@PLT(b$doLs*B#;mi2)*NgF~+zX_kMhOog!)P z-yf1@G&7oWj_qTI`+a`vdFB~uYgb95(Yw~W)`GQb;M9faaG*FLn74EV16=^nT4(9RufSo!o3tuq3%7h6hR@$le3*o+VKlB%eSWOkLs<22XTbEu;ur@YFn z0~gw32LXlcfN(WBqy#_+%o34Negg$cfd4BI|Ib}=2@}V(@W^xb^08arNy?6XHxECD zVpg1smt95QKo3u>exRV^(s&tPeE+u*LU7Yh|BK#%eC1z}iTPp($&K&(4sk2aSAYF! z_8i)obNu;DPxJNPewNR?>+5{@ji2Mczy0o`1OLM+B1Q@P=dW2Q)P}Xlh06-5>Qai* zE9SNg{Bl)NCvB|}%2PQ>?Ycq>p%p@CrG&y(T1cssc9m_KN~D#-l<1h!q$Ms25tkY? zju2WZS4b17ZLJ+!5TyiA8X-N#i&n}5(fO$Xoe&FP;n@3kKC$mLoqcxgX`8y1HO;PF zdDt|BcBE(V2Qn-GskBfCeL>6ZIZ;fd(t=Q0Kr9QX9HGK2fRq+8UdRFnnuOB=S~%MF zT@j>ZX^OD`@+2oMU}+4}9$VsASpZip{nm`>V=j7c+^W7(h=Qa{CtOOchU?2>Ex#E| z@5-cFD#ilX)py>^LA&loL)uT8GPOmBjT`-K6&&uYZrX78>iO^Q1Sqx9 z6;)nJKtC%W<<(xlRp~+y-!)1p0k?vfag=TU1md+v*j8ko719gDo87yvhh9)Bk~ z_+Oa*zk6G@uhu+}+yd+aCbUFftd`LB5n2BuQvV&3@BcAa{{zXl{)gpgt^a`}l0DlD z!&qQQ>BRx?|JAw%2I+V3%-I55$Hj46S`YUyVQfX7^*`&|pGgadqM^1lqa;YXE^$NU zTKfY)@8*Mlm9g$;TmXt#{sUz|mW5F4Y~)HsDa0)3>;cEOlBbhy%f?meD;MV--4{$Wpe^(&fF!kT?EC4d!?_XKgVu{wQ7Bx8*1+CZBsgbu(ttzHtN3eECZ#U%{AYZ{yJO ztC;<|>zMn-H?!=2KE;DKe1JrId;TOxybjUZ1MAkJPdSxbRToT|J&*FLYF0h+07`4` zd}}~x@46f(@GtNq@%xe(Eb<341o)SR!K_6~0NA%}D}7y^6qoF^iNym3z+ldN$|@^a zaNdPf)z_n3m(8pG#qLcTLp>ZR_#erNjvV|02&IT8dP$U2qIKao6{V##)z)&jE0^wG zWz>PIX^$O3z-iGp`Ezy$WpJK zx$r`&Dr)%4BfrZk3_|04_)VWSd(gkgaY8%EBx>VY?Id zPf7j$g_pHbN(reETH&Gn9w?nV+*9r1v1(P<3qUum}HdzrnFT{)rQ|~?>_Z|_wRVeCnn6__Q_J( z($WYi5d8MaaRsL5&maQ8Z<<(+L(0`z7671Joy!97$CQNJ0t}&tV*!B10&Rn@1hBNS zZQ%+}VUWWDz)K4_S}cI8mV9gW-0_#ZKOU>Plo8!6Cq|?&CSP&-Z5RLXi8KC@f2@+M zG6>+qr=9%tr=PIbnKH5VD;HLOw#-K7I|r3jpo4#vgoUW^uTdjeB|wx+z{6%Ekz;WK zc#I=s0lbpk0A5iFfMRki*8h>necL>c)VdGR)rRQpLiGEA`8riDh~Hg-F0VvC|0Gn^ zq8SUd&HfEK!TS#A|HmS66EPwOppnQCSpNZHMUL6Utoui3{RikDXj^X@^0kJPerhD> z8cfmeXq0baF@z%Ry11@G>)}4eHI-%j_Q41I%7q{hpsxsMtSiBFU0hdr-|wkXWKP9!0ra2<&zfxKlCI$ZaLs9?3;D0#keFlO zzkjU}uIqTwhYeFITT2`%_fML9R;s)rQlHoJ;uiWh?~FP$q?8$DOf8>!#O+2Zh9Oxz zcP7=x&F8-u_z!?Y7W{|7Qz7^dwxjE-#s*RijmWk(%w2mi1{0wPWXBmj@Sh!j?2;uk zoid-kef!vc|38a@-O}1xW?X#@%C=ee+u!7Xe}JhMUjo33Kl^b8{AX`!*mTG3R8E*c z<@gC$Wo2Ym7`Z-?H{XbLbaf&&Za~kSS1{M6@e?`gifei5?|;R09i;T^TT*y9Fqf&3 zKg!X8|NJsTMj4NagMWZ2bLLW7QGx3^Y<=PRsOjbQlc#tHX8>rNFp>FZpNkcblj!SX z&0`PK)7}>9VHCiB#M+Mv{0HB5nz)r9DWjEnRpsTRZJX}?+&t}7Mm@@L>5R3JVFD=7 zLJ*IKevf%d08zvpAYwt8oudK&BdQa9dJ776?vD;km#LC>pI+|M|Ns6(;cN7w*~@st zrSGD%r;V@t;*&)NE)M=DjhVs?*L{YRo#OL9x*;c1MOYlyX7|DEoO04)>Z_YM(6(o& zt_#LF=1NC=eIgokccS;~Kuj)-i)&7(s&LPoGR}T{$3Eo+q0myG9ig=$q(TX$9Ib>B zT1lk@QoBNF1GFO*F-)|fNeQhbLgvK-Ksqr6wpPjmxyRxPaLw#*-}|E%zHwS#s&?tm z*WUb<3n%^hYbTF+=71C73g86<6iPc*%{QIRcKJj{>Kmh<= zFu<@IKt=5EPx{hhZ+d3uN4|2wgm3mowJDGY^xqppM6m!yBFEweFcLW$7QnwlPPhW# zL`OWVEb?gGvC%8v_#Bcna?f^*$`oaj%b3w5nc6I=7MgN2C5~p$ap)UNb9h@jFK^jN zTS+}`SvhXyWZe33xb18iHM_YLnPmh_Xo;m$Ixw^WJlr_S@fB9+t@~!{j<60q1>&U48!9gXp$f5p+6hOtO z|Jv3$s)m62j{>O;p$v_-U7<8W3ri~7^ZW0tteV)@*mPCYxlA4Ep!2C0q7DryrZ70E z@+9POiuf;pQ)it-ZFSXg=^t{ze-4Pr0rR=wX?XA-1-1l8P|c0lO--oIPK;f9kbT+z z@8bdfg%r$xyO+*y?XQ24jj|t+=5X#C-i%pN%GSI8%0TO(0#H~xZ92*BZo0N_j~Wty z)!+XfI-M>E99XP=!Hn}N$+pAj?b}e(3q!|N*3@v`wXf%y`|qQ_s{?6z%22Nhj}0J; zjgvo(5rY53zyPjtF${ysx;pxMx^pXs_wqn-EEZ$h{8K@|u8kW=4h+K}2#syUy?=t_ z-~dtxrp;f#NedQ&5VY>z%}Y-`h7$^+b)vw3L`Oqy0(e0ID=pGGI%-Qpbv2Ib(w|7= zl-HO|C|l7T>i`tC3sP&$Qqyw>KzP9cwYQz|3K@wKAabTd7w1$dTBms9DDXf0IJuQ7 z%d0tS(M25YJjkl`Pv!IzkCpJn>%W5(lAC|_ak~0CBE~5W{)G^H;eFqxBworle|KY{ zVj{0;ZB;!01BpW0pAdpG7hK4bYaYz~&p%4=f5b0nIrnn$>#TS0KvY#jZDEF)`010H z)t>GFXIEE;)=ImMP=*jn30L75+6664rR}t-bWA9%P=+g%a8QoaN(ilDwl>m2X<`y- zYixm*%2h%Np_G)^DiaUDAZrgO<_Zw70CHRbNb9%E`~1zn-|)GQbSE3m{o9TY{A7K{ znLmER-2c5NDj;Bim?k(5st5}p%p?c`0^-Ro|?ho`J0yhAFt`0^d?fg)ZNd&w(jTA2Onc&V>PKM(@Ae?#2q^kmj)rwMxThQUV1h|g3=1X7whQ{vB&a3zA+;;Wt-`|}wEq7gQlX~WqrRL+)PL}Nf zWF2YXzX1G8g&-98?^vk+IZS|XsvV-K|KUEf@dC8;{QeONEd#%QH!Tbm`28EAw7q58 z+bGPMh?`8)df$`iD97AkWJ<-f;~MmD_VgB->T8c%|4|?~8qAAKeQ|{K{h|=2^ArJY zLp`dY9@)`}xoa=7H##L(G4P*rv{N>FYu5}5{=;RlSR4c>$7Rt47tuIz653U4S^XTlHm=J7RVNbs z=dW{!&73l8pbu41gQFspheFU?SBKNyPBN8C2rfR>1b`DwX2nj7ZeaF zwA4~*_zUEr~f8(p1`YMc@ix_+Z8*>k6Qh z7Bcjrr==l;ay^SYJ}qAgU1@ft-#h<9|9juA_dRi-Z|cG`C*1jX+SNiDFd`O!X%csw z0u}(aEfHB)gdiZG1(7U(a9c|`*!Hop02qb^5GT&-&i(zl&2^{#r)89$5`D2>nNm|d z_x-@C{PO%@fHQ0EO~s79Uk$qT@9(iE{IZOF1zMas;Aq?cjzmg9Bu-E;z*njpz$-=p zP)tTE_+J40*FT4`)Zl_elDAn^Tq>aSNc%Mnsw&Gkqq2-MCN}Z0)2FiaU?=xJ{1SJp z8KiY$BZJkmaVE{ct{a02Yp()1k-`7+WvJkP!^vn^{{c$Mal6~Qx^%p}KIv-W!t;#> z{9t`fhSKl)ZUFla^>9*4jZfQmGyeBvKHB&3*EH6bvUh){#{jSurV*n4ySah>l&?rI zgu)J`7F0@m`#EU?J*I&n6sF-Rp)J$4Ja~<>zXgWIkIqSkJX&yI$hUT$M zoiU4aIvqcJVBg|>dv-2<>~A|h@aWx%Ej11H(^Kcjl`GDS?+E${sQ)>V7YHyLG_VNu zUuGEqD$mh%q||>GEi(W=)Q9W(u>yi)X%GAZ2&B{@zkiJ(Rp9qObJlAj{rg&zz%a^`= z`>3AWLiNN+^zIEPzD3}59G3*Z+|_M=LwP!YOEAq3;< z>e$=XhVA6~!q=PQ&<^y)yFFHv>w$kk$o%8S2hhbPQc(Wy3HmqkaiUvYarWx~xcA9F z=X5-O#$w)j`TOYZ>*UKn|9FwXqpv-{xW-9*ULF@H%x{1I6mvr4X>(=zzS z7he`iY8RoTXQ0>G5z5xuH4$1Nv~aX?g;b;+Z40RsTE|VP9JEiA)Y7npcF~XqS)z52 z8ZdAL2(tkE|9_Rk0wC8Fz`?i5`$~dWP5sd`z%$ZU5=e5h2IL0>1aOuA_yn+(#0te8 zuq-Uc#g1SBSi`XZTrHqD3&0o!7Qh?Mz3Y;(bql^d%oTq{ie;3(>VmmHYI$hG`*sCo z#aICIn*Z{P)d$}Gq3=BN=y{(#`=p2RQvyb^02;kufRJSY1a1If769Z11DsqWUfW3I zLT(OVLF>wnPh2(ACY z{+i9}xA&(!bwbMaK3Xf38-RWn8FB+Sc&I1G`maKM|2hcLhvyQ|)KHd5`IoZu)BPzw z20)PJ&-=E_5XjF2_tU=be`w#;q-_{XLhpcQy+70e``e(k6FPgn@@CWsi!UHRo7l8mz{I@?3$W+?^^e-vY&tJ#{S!Xerw-{ z9=J2HB-!tAQZv^7JnFxcX68ERJlBE1`fnNrN+AN^9=85x>IT&RU_X!g58j{tP}F~w z&@%1E0tmpraviB1Ei|T7%Jcg_G=9?JR7J&UQRl4t`Hc+jIxw;m9FhvNlJRBZkGS1P zrK!G_nNtd_y`v|&zW%vjK2tm*@E__j+t-lbKa9Jw^;JV1_L2oS3r|5;51mb6q~O1H z>U8R6%%E@oJ`S#aK2JfB{i>fen+eO7lj!JR>pg$X?JKnIy-z&}z_iOQ&mHKPz<)m4 zEL;aZuroHUhdf$%AZ9Gal-YARW%22hR#amHs!q=<@b1Y@55?m0j1|`t0hxkR{)uw$7 zKycv;Z-C5BGZzwqv=jFmbh!Ol!jdi7lk-YQs%CQcEqsl8)^u^C6c~t2Dy(X)_tt zVCdb#!~^7kt7BkvP}1<;d0j1(ACW)X$a`nO1nq{57N%K983b&dOWQF+7A;q5pSy+~zmeAkNKkmxx_%S>d0C?_G;3*T_(paWWJTK1IpPqi}1CB}`c`&0_h8PpZ zoco@r1NmRpBhqyZ?+1>A8HVcOAa3V^ob=YDq`a*}^0 z@)bI%-Qqev3MNU)!253`mbDE$03>WtoD5aN#>qZk8hvOME%c3>vugXq1K=k zt6$ph1p;&w@mMwkKu*xVa7+NL7#Pgb|3CUB#jMGS<~l`bT;n*J!DJA3AX=32m}4p1 zQvmcQpl{IIPNux_wBsoT9OX|H0Gp=fW=>ggIRcF#6){Uw67$>+&>GkE0uaVaN~mjS zV)E4KG>@B9A#~}igZu0YpLwL~nwM6kX6)N#msD36?N#+=3c%GKxEI3nDE74T2$`R@ z&oTu5wuVgLKMClNH?kj3H{<&sW(FXT0rg*l2&n%uc(7&1lu9F{HiQPLT~{iFRE{*1 z!fRw*wnVadE%NaJ`t zTJykv7_8-N2S6nk{QIp!I40O0Dfo}BAB?F>OHt#-p=+y=g9$_`orfnP5MmL~Ja*w? zCM;Xdq1Df`Z{<^v*EX2l=^y(9*r1<3Y-?A&BFDC`cewf(~TZ81|lr_hG|k-Q9)UG1&-s;-`nl=C%s;S^DT>v zU9?yfLd2f-Ho6YCQa@%a<<&JbPnyj1Q|41u-@t(#J91_oD=lUIS?3_6WXp5U76A9+ z;9pQxU(eD@E~BE(d&PVCh1G0W`BXuK_*WYEAF`itGuuX##Bp`h#Q;M}N-T@M!NGza z%VZ@j;Tk`}&n8B_C+xYWCzZ}V;b9W1l z58p-Z{amEMP}iuh8&OdOWrZ|QV^U3py}fII{*;5C(?ST)Xf2Qkgc3q&g@KS>iad=( zN};3_T4|{bw0A2S0^#TNk)}on3Ccw)fnj9hn0V%XGS+<&&UhlE5L#z$eJw=xzVUpc z362|5ptT5mrae&_@7+acA-!W#07_vfEmYVQz%a0s)^4c1D-pslFqHBcJpv)|_VIw3 z7q40h;VN9^&E3@gaR(txkd6{s3y*kV7@iT!KLL*I3L!mGhLLvBQXr)%Y?-wZrQC#` zHSW^Biqhr_qc8X?TMQYSW5cgoyH;j2-L8W$Oc*o}rtbu3sgl@&X7uw%z=5?$>m*G7#kLk(I8D@I1e z6;=S4GFkx;W&H$ zezJer)(xrp#Gp=0np)cB%|i<<5wQ?J_5a+2DJ5EGt^c^5^DAj zM{{wRS}~O>>-YraGo-!pi;wBg ztF#m~ejL=^U&g|E`j^4d{ zSpEI)ggh{_>ksNX$s}f38IAK!M#d}-t$sdt{80Uz>Et0x5mA=2mI$yClndKN+G$jM zVURBHlmM}KoLDT56)&Nyv)y~S^%VvlWkyC@APeznB=`>w4EFW0YtsgL+S*XIjqAGX zSoacxeZ4uCV(Pq8Xc#|%)Zid5J^6TE;8PLx1qde1n$5!VFCbQ08l*Ph#YY}KHt?TU zp1aP1qWqSl3jTuv!%3q`N+MkW04&o)2tgt*9)R$b00V9>TBz*3lLP!k=G=M5!jpr1KGTD9Ua|mJoN0}=^OCUx6YY*DmVY<_ZUd@as8KH$3UY0h`@hy{W!k! z@!N=5ajGk70KwX=tGvuXc}-2jjr@w<3t?ZZ5_`aXt~(XjsK+|NZSNB<0RrKc0oJQj>xYqpR=m@PFG_L>9TS_v(r zMhh5Yvi~*OR}yHAkcOwW$ee2FIWk}hjqBMuqzK9tj<@E_`jzVn zgwR2IsX&{;t1A#ffi#51kQpUFK;$u{BCQdI5L%c<#(hfoE|o4WhM#iKa9tcv>49Mw zp8Kjs5HrB_EJ@OKaYL79+y47rUUbsCE|bDIjsb*1<89wYU4(1e(TG4;4HYwb*6#Y@ zv*B{X^nkSKKO@aN`-?7tDwUi15Fk(hbf;S6W2-+`IcL)SsXzf>rx1Y>Anrmkfe4fU zRlwnXL}?`qbR(Q0lmNpi0M>)3FLJCUZ$DoFun|NUvpyc$KBq{ZH+}(;2^esk<%B5! z^cRXh@*ek}TfTt1d$SkFx%U>Hn^irvMmb>py@oiq`+&__P`Hl++~tcK7d|UszYy zG_Iz$4%=}_rX3`n&weWHV%r`IpuE(ixv|U#{#k21Xpaq`J7=qO!UM*9Z2Fqp)pFI;}~jHHoBVFzJ1#ZBHp+2<@5TeK!RmC1n-m)HgOUX8c4E zFR83g^fQ0wrvA&GeXQrgO=}X9+YdTo(&SjH6*p9Hy-Yxxp7lSH`tSc4E2)K6J`|C% zkoqqWTFNZ-UxILuGWd;38TkE&ssB>Bj&yBpXu~jEM;orKjr~(+T$-wkPWjjN(7#9? zIPy?1b+I}omK{H8{wXu3(NJ?N5j=*LV(I?EKzwLl|L}HDa2&vYXj_++p~jDe+G@n0 zrw9n6%ffg2Y{_8jA;vE~ovMkGn0)p*n589jY}xE-(+~(LS@EgQ5U;Lg)px%||GvB| zz!3nld;1QiU3NKj(@$d8BM;+-Df!14{AUjK_d`VmI>Isso;!e)5a0RI4UPCK2F@^TJrdzscfyNeDQv@@+3 z^UpfR%NT%Q%c|!nt*j&#kNc?uk22t2UU}|1qgI&LcmBd6c8BaI3dIQzxR@wxGhWo= zvoszjZQG>t;sHn@DHRnAxIJj8GxPLKp8gmf5X+s1h+Oxuz>-%6_zz^mjx`zZZ<#TE z_^I1ztR2HmKm9nXH?7PYE4sh%Fkk)fPdRDQ9PWAI4oYIBTzLAGT)O-kI{P}*< zLfA_Wc zApS}M{{rtNq`wc*G`3)FqSP`)Y0R>>we<@vHJ(LYd)G~9t6nY7FaGFB zdq+EGU2rx+N|r8JIx2mdX35m;t$+DhGTogGX<~XtzkmghuK+MDup$%yRWV2axBhd_ zXZQ3hx%`rOU%rn)0wMrm1ppi!3t&EQaESGcqc{toC2v1p0RY8W0Ou6x^9!6f7QhJu z#v`HspObg&Xz2fs{|Q<4G!yGI_ZgDWxucIkOoP}-lUQD2Q1aY*_6{U)8Nd;7R9Qpr z>q2=E>pvU?{hzG$A3Ozs3MmM}3IGca+z(~_w?<(72MxQ^#lW0tFl#bQ90SeuP+9Ip z|4$~9oObplOqx2~pN9_3M@N1F>%Z%299QEi?JGjE?EvB>B~;hc($GAHvhu15J1I{( zxF>PWzaHR&1~@}d z|6L5_NTa*DzNLHoxHl5PlkQu;jqX)ZKFC8$Ovad5HS@To{2SlY!1T%a-e;pHqYnOy z)sJui$RDQ|+h9m`LaC<+5Dj&ZNFb6)a^PQh9sZV9iak#}hL8sJvu0yhF?K!lK&IZ5 z3oc^nMHkbyVLj`A^Q*iQ78*ZP=-O#wl~pv%nTsLREL)I?@LQ!CFB;Y@{f(%>% zinxlzN=opeO$n;&8|Z33jO(h*b;?l!L{DjW@SiikytRj_%~-e?)3P|YV>?}kTXQSq zja^mWz-gCUM%~!4q!S5NKXg9_cWh_IqQxks*#6Rsp|OjArTBZ<@@yZL4|zmtX5e^$*EK%dY0V*M5wRJJxdZ z&pyT_%dckfoE7}?Z{OiS+umY}24GD6c*ZnLhz=BZ#MdZ#&BGRj3z7+tCZf6!0vTf} zOWoFiq}w@=7HI8j8I=H#LJNUs{Z|5MXpNLw2&oOwNQKgdHoe3ZI_wG{P(m6~qg<5F z0+1pUE4T;?09R+cV1l|)EP${pKmiLtj*JDM9ghW|JsXM;t|=U(P?#d^B2f}4Ote4* zRR4el5DT*agg7b|fMJ+gYj2hLEP$Oxv3Pd?^81)^$P^;v5+?)%mDpe%3$2v`7t8$ckAjnE~KpUf$61K6_f>h|u`&YQ1RT9f!bFLWa0rRg=Kh(0j)KA4r=-bG?nE#qj^43 ziN|2-c<+-hWhE{xGZwMOUPv{aI_X- zcoR_nwKjx8OWSrOu9kLM7$Bu`v`o9Yq-}D`n>C^U8QGmZv_C$C^<{`NGOc17rZ_&2 zyOMaE+0&;Sm%gDm_|Hdw*+U}%|3&JD$_mFk67XMGA0bdR)v$O0vZoihZ3lFA7Y7_d zU=I$m_Lo27rCGFC#k0Ur~0!d!BfV8CPA+xTUAF>5kh+ z2mD8@AQzzJfm++f*t!L0?#TtM1F3Fo#PL&2%~^07Th^_?P9_kB1SRpTQQi#lF~ewq ze*p~k^${;CW8CzU*tcyf>0~OWUQm6~tU1hCx(sO=bhRF0&7%*K8XQC#24*ZqqQ5`X zZ;`Y1e-Qi!V)pkDtEwSgBu$PKg0c1W>}zW)Py&?7G8*(a4%_>@=>Gz61FOHE6H<7= zAO%HSK!%Z5GWZABv|}w-eRvt4fA2RrYtcpg`Rh;c-P>>GwtIhEaK7@pX{>GLzu$H< zuIuo*AAAto@m|@#f5$D{`S5SJ_WZYU-jY`_ciI9puxaN@{N<6`xbxxPqI7Pg-kQpK zKKYKX;JOZ9`q@WOS~0W5`<=eLC(6c0&dL4kyS~AaIcM;$FI~mDZO;$6<{`QnS%aur zQO$O5gPK~XtS+cqa`8zM`uBDZ>XfauqqNY%)s|G+QA%Mb0ZN&!veQy&w9>*;;l~}J zL`qI2C?h~9EueC>aP3NSAa>paS52Md=%xwEEva#ZQK4LE zYN2hd(kY>mout}#mx#SPW7Z>kOGK|DakNy9_QrEmCL@4lY1_6VGXfBcK}1FX*U-X9 zYoam&47h!|wR6J{$2Bhe=7?^B2uUWBJo@;f?AW=JnwlCezVIR%B3#c-Kkalr`2G*@ zg`2*>qxU~@w8P~{RmG&Y0uSVuS5h2IgBJ|2E3d2$c=vfrH+<=Cd*h>pQ-;Ne_DLeilASdeO1Yln%8vrdZ`6#3EpYUt|c}Zc8mz)pGPbsaze-*?;6D%{;H*=*B9X%V>oeS@HNtgi2NL6^;Z)ZEBcO{% z$?;D8XBox+iAIw8FG`}kqzx1Oj!*K_KYVxfzI*QM{OWlZUlB75gLK-@3ZPtE$K^n4 z4->{zgd+93KB!sDg8%>^07*naR4v#KpX`6eHkW%T|CEbz6|NsMAPo3}KJYE*rr}xq zU0+GCaff2*ywU$13IS86G_l9M1Vd^nN};OUzp1q!2TEk)K}kIAXfo-=4(J>36azi| z(9;WDz0lnYojsbiPH>0FK48US)YR2eSzSXqofd=reG|Gn`X@YiSLd}4-qn$g#pV9m zdh><33oD;E^|Z=8!b0by01SbD6JJxGpH9$0W=aerC*_|MS|}TVtEIBF6d2M~TDq<_ z_RpGiWmL*Ptu==qSc!Iq)72Krn9{Mw&F^0Tr_P#=b+kDkhwDECtaA`r0hrH%?2&>0 zZ2kQHv*0WY)AFtQ!-4;xzx;W5+q$M2ckx0*PY*_*2!NbAp`k%*oMe_D*mC{_l-Ad? zZ{^c;ZqASL9RUMF^XlEP1Fbb>%}pbypLZsTf&aXX2&i4KD>^zb4v*s^i^ST#F5B6hu8aiayN8InbNLaYSDU1O818iTrhQ$|NOjUh7XIynHJ2$Lj z|MqR9lL-W1S{5g-IE%4Ur-6W7>({a6`R6jAEmrC!+p*Irzu)5t{`1OC5ctP`UyCOP zaAFnsS<4C}W?3}X)^f0;qu^M%QALf@NRQj*jUfbD_~75izd}l18SVL12VMfhg7T3Z z842Dz3dO@n`Ur{+cOK+FZ@G?(mS4qZ-u-nx{7kDOeE*JH`2HQY6#hCR=JKg`eucWK27daNZ?JL4T7-aEljm`$ zeIGsj`S2uHu0H3DteAfu>$a_C!;UpWj#Km`4Ao$`eu^E}8ogy5V!^V4|7uwoH_Ki% zb9~~?b-NH!X|0v(x=Ko+T;(dQr7N{iT4^O+?Ft*EwCmc2R0diLQ)t^Wk!z{6G_=&N z)P^h3riqIyJx6-7l;fpOmgc1P!w8rG61q{T|QiBqP(18-5N1r{W z&%WSXo3RVES$?umMrr1p`A8_k-^pxD$L4fW>YDy8r*ES>czBIYJ^WC0*@o7-lJ=DC zCY0g7Z3Srq0WTwfvW4MCrHSEXFfa_EW3d>HN_*)AV{wh^L*f)UFUG5P-oK`)?v%Zz zVIHyH;+=oFlP}zKBkdjSG&VHixDKDa@w0s8rdxR3wXZ9vf9^Tw^7U`sN_$6pq>|uB z#gy?2&pr7&6CYi7LxwIBqy$V^h`5aoQUV6YlY@vds}L>*DFNeF=dTk^!v}8oW9m#- z#V$95v$D);zv-$uANj|EX}?bosaY6CN;WY-<|NJ$-;e*`w_uuS1^p`*V z_DAPmba_pAMWqMiU4^S$cJJ+C!kBV0U|(g~0NQs4Kx-Q7OOX;B#{>WAw8E5G;IFhF zLqI7M**E|(Q)Am6t$zJ>&FS;}kW>KNPHK-{v30{>x9UQiSQ?qQG^esRvV@D~UF!?Fzo z5K;ulZ9Ac(GxuL1(>C`pvE!fj;-+mnH|JX9j98qBXP(9GhaZYKkKWj3Ss6kI?15|+ zfE>y9l|5SUFLL%mU1#fwmtRI!RijFxGtx>asUI_jwtf3BO_NzC&u8;XFOp6UVEVHV zQhJtQS-=IznQ!5=h6n!uhxhK``3LW3_Gzb6UQ^4AMT}10trH3UgC^-TC2@zrA-pTgOG~M#sGvK-XFh$?WA*Vi%VBr%LPj>XV-yk{OC_#9cG-N!T;HdF6QE8uV&|gm-*>kw;}{o zmQ~YSKb|Mn6c{x9e!PwvYMS}zn{Fg+r@8SbAI`)Z7%BKK@(UPpz9T!^eyv0Ty>lyK z`s{)l=FG-wbN;w``=tZzT1%x7N`OKMr5#*XYcKnrz!ip8%9YA>v=Uk=ZJ^z>sZEJW zr-dQnXlV;YMNHP5hE;Q#E<5R6eaYSp?H$|xrjmC&(NuY; zuezegj$61K0}G(sh>HPIdg0U?r%kWB_FZwa?#k|7VK&qrnE~qC-}^TId+S$u^;NIt z`uDt_xpU^CwdT)v{h5z_^5fLj)NHk|-BUb($)Oe=BRAyRYlD|GekV zKUsd}1ykyqnlf$xd-iv;e9^d!&pQM`0D}~OUbz&|)KJEreO+j!NZSf&h1>wNf*=Nf z^0$@3vJ`sIJH9?TmF_V~RkQMVp`TYY-DQiI%hQ}BcDUHXN-g3Nx z3JMOiw(;Vom)W{&FT3}*X8jBefhZB)k2j8IIY@&}YA=^KU>K5?3FDYGbutU*&SHFX zV;-;%ga2TA2=E`SPpE#dKP33iDjY;kolx7F8r0$i(AkNxeHV0f=k}RXKm1@` zx!|NLu43jj*K+v97fE!q7l40&2`kP7pkvd}r@`j3-LUHh)+c2uHJQ(7-7%y){ zojjjnV#VWBH#E@Q)`n?X%sOQOn_hYWJ28MC2@7e+AeNX>6Q>U)Fflt2k7L-L2&1H=`jnEAMW-Z^v-j`q-}=YBJ$F4gx%OaJb;&{7OYjU>7K9j! zF|y2uC>Fq?X*bUv+j!~Q<5u0}_+*K}1f(kjF>7QPam&^%eDxb&2#WJfB!pt^E=<{uLKQkHwck0touiBA0&Xp@FY{TI|LX8jK&4vd{nUsa9sk4OHw zZDGtR8(URfjZ!Xs{Yg%l-H2rhAM9s?_z9m05CrZ!aIl9x`@2zonm^0(t^Z1A6ah+S z{rTwDJ9Y{yx=*09E3yrQ!8Fr*|Rj2 zP_2_@Rcd+n5L2@#*`MPS0Ae^m@|WlvQg8R1CX{Io_=8+f4KKS{`thS?AUjJ?&^N@d<`pr zbAgLMpP|vGYxH9OdxeHGfm48KpldYUU46W~ZV!(?yM`CHY(*=W(A1^~=by@ff33tx zB{S^>P+H%>(*OPhW-P`FKl(n2j*gsp<#ZXEV{UmqNE{wu7o5j%Z>c1rvJzEV+#xF# zk7K7&IJWJv0vem>>}bcf(_WAnM7IB&bqqbX{HaDikh7(U!G02by%?s+n8{PAX>6i( z?`~E6}w-DD2}>C zhijY}r@IrH#}&8&2-A?Vsl3El*V==3duc!mffhn*AvAs>KBVEjkO)6Dpm!@ujp4m~ zNG&jh)HzuJ90WpRm>xgS3o;D&!G{e$N`Hn;)*rE&pgeiKk+GU_|F@TiosJ%gb)?unwPKNu;&+BGiw<^Fu+m+ee=qVukJ}s zywx(3Pt0h1;DaAMea=so%(->*<^!+U*OQ#^<+wTUqp6dhvGY>`rVK>fJ-TcF7AGzk z;5oc9vH|?tTmWty(W7x_*}58Gy-00ICAW;moKB>)jHUU~rCfIJDtg;@lh{^{T~>}N zDa|SYjy3q-P%;whe}RNR@JOuxPDJd0Bh8RLV*%aGW7Ru;_rs@d>g;H{V)nfGDCP3- zQ#-i$oGEw-<^%u#EO-s}$2C`YKL1*gN-HW#bS4O3;5rbt{woxQR7j~ae)Q|NdrE-O zkfzBC=@LsAeapWm0|`M-pBE3{P&>4?!+|z9*bZ%-Wa0xT*Za7<`Ytd1^5^V*`YCW->Q0)$q8mO; zysC;_4?jfb)~)|`@E;V&?b{GFwP;y{ts(@q&CRs#-HUP@Ow(fK$qU%@(rVmv+5?@a zOqlBY(MALOhfjy=xNKhaEIZe)#ZIL%nMa~JD)HaO><|NBG{Aq+e5JeJefJ! zBbIL2wJy|0wnlALJs*F|O}MVZ7k~N@T-PZ&PQl!Ut20XAKc|kJhHaZ*b|LG?no?ik z&TFnuuRqkLrBqsazW>UR3N18RyQUCIIl>h}D_2M*Y^9Wzu4}la@Ld6Hp|wOvX$u?! zA<~XCVx|&GVB4;+EP={%1yDn<08GFch6R9O(&qlpHEA*XJ#d^N{uYtSimIulW#`?p zzjeyphxh#b_9=~94mOwX8MG`^6bm3`mB};a{N${LiiPiyvh3^bhn?SyAYkIG7k@?wq-N?VDf6vMgTz+Sl{(k9>@##-<_r)mro9(@*iM-~NhQ zzVv09n+n1-MM`DaxVHg+FDR!tm>#qc@0t6idz8_3cXQQ-%!_gz@SbxQth@1Ud;9$x zK5@+jv%Y>?v2p)@H-M4JzcmIxl#G=AzjZZY{WHkZ%ehGkMs_#8!sL?ES^m^|*7vs4 zb9fj1hwDk#HR0y70E)@61pga}LW=YVmw6@t~Q6+N!?Z7A3d|%Gt(1xwLbHRg;KwKTeQJN?1IR%G46f%37&fC6)rjFbQaB>?MeP|{Q>tRzX18qSAV2*B#M*aarEQYUjH}Q%2?<-B$sjjc5tJTR`?DP4Ud+?#Wwfbdj>CA|A zsSr-CYWLOlCVFEe|L*TQ5sT$LB>gd01TeF~v6BDntLk;09;cDNjd3FXX_!NUnBgjt ziTu{p%5a#WSd2(CnzOG=uOwkb>9@LZe5_KUfZ!MbWa{M%Bji7A4|to%e@PfMiOq92 zx{8DT5MTY!kB~}o?MJl9~7P>?sR~#)oKW-<~@V z;J>fDf$EA{etGW?Sf4f$jGFw9@j{pQJ?B*G+6x_RP@n4|7dT~hQ*vAPfE-FFA%&Eh zW@}10S(BBprLCkC$`(RMsVm!(!q#mev5>Y;$wWdKK10J6QsL9ElG4D`EKOMo&Crq9 z$)qAX6u`EXrfDK$mXbCC=zv9LC;+&$0JLdko$`zSZHuaLTB;d63{5kpPMCQ?yZ`+Q zUf=o1PiDkdZVem zAa~z;H^2GaZ`rhY6Gt6+6y4q3B^v;A;XmQD`M;d`@VXBV3&WHm1~{kssboI6&9Y$E z&n?SztQ+-E-!Xn+07n3Y@=U$$VF3FX`_%xD7XB)Pv8w;KZbi)8%QT~m%f>jo1CFu~ z<~d7Q@yEy5-Q7vo_7)=5Em(md$!sG)B9?hA50v;{sqk9;9}T<=1jnAmN1pv#+wCu| ze0s{F!xxiGCb{(wFLUG&XS3ndh-{%O>7<<)y0C&-Z<9=jNf6 zXTGQLw+&N518&#AFsMvo?;=?R$$#Pc&VO#gCWiZTlebLL?9@@!Rfr=OLvJr^+6rA=d038c zv^(y&ot;lU$*gnErRng)@mE$c(6Wndk3GufzyHl;4a*|puK#DZn@ccVwfBYmr~kiw z2YP)2wlDv^6$pn3Ra7w4?|8)o0zqcYU&Q(~uL06|h^0W&6iPTzIk>+AkD-p0{1-aJ z-CJ4%AQ?}Lj9|Z#fA5nUHTm}{E|L5LU`qlrj-~lfGXIOLp}Lx#i3GNXg|^0MBw;0p z$q3k~XG~& zA0QeZ;=2F&6!T{s!Ygk*=Y33edwGU>&864VSkufOAG(Fr8(zrRXXqv~C(UF1_BWh4 zLKaRr>Re7f@@zKkT*qzq|F~d39)l}9u)GG1!iNLd;rZn~3+J2J?g?%nis zZX?<_iD93im}>>U%)1E(?_lvizw2-Iv0ioEtN(5sx|H@ghjaGtzt{h*RWGbOXTicl z35CPl`M_G1ESkV+C(b|#~8PmwtN3Zckck40&=PHQ1jSNm4h{mI5&8HGN0Zqjr_Yq1~SNhh9STsXrO>DfvT>CBac9IcRPlFo}Nq^=pumwExUN_ z=9`9hdD6x_#4mfMU7Y-Tw33e{dy#)|-dEeVVb7W8aoh+hYio%`BFGeBEU&0!`s{<) zw&6{NW5tyt@T0V>3=Uc2-QVONz!yko0f=Wb_>L$49_1yI|5Qb7FhZcpPc)W)4yS7x zjWspw>F`>|64dJxXtlOs2^%!!_z|rfJ+o`4700zk3qp>3J?|{1ecugL9RUi zlQh;g50~4v#Xnd6g`4jDuCt;(2J)ZAGp|0vGp|14d1$HUbL4{Kc-M)SvZrGwKfm)^ zIs0c!oP*Ewv0=yBoWWF<)$m`Je;3=fxbBuuk+e$8L+0^JdDSWL6!O<9ME(J+By3v` zb8|h=eRJz8>;(-~*1El2PHI4BVf8=h7XRDF)PLD1gp8Z5_|OypxvJUM@aw zKII`ZB^2Zk`$ZxL(?3hn@kxZ)@~WQ0ie@3ht=z6 zFci13tUTm?cm=;W(ga`V&M9gzJpa>D^TM>tzj6_Jnfh$o!+L%tp?UfOD(jk&)`&?+ z;0Pm{0(z9e?D-36nlzaWYhSN;^VQuS+qE^i^rUl}e?4)U)|X7!8n)8huKx*vuV>Qa z3%#ay(U$fxyZ%oMHsjMqt!_~=W=)xdmM>1bL~PpL!Yy|{fEBP%S1RY%>FtJ&6KXJ3 z(Q!`?-?{lWeCqN`m_2PWrIG)1Im7j{cMOxPOkVCX1mw{MNdG_cAlJBn+FGcsMeFTD zZQ2Z-T^aRrc||sD%>LjWmuG3tfq9AN@F27I6d?cUKYRCLPMl1#fS8M>>r~a()7{oK zTvpf6$WUaEy)8Qs2Ka>T$`kL>1=vUOUx1N&pBD^^PFjiN|0(jHuH%mmk}%7#t^64A%>TW1S8S_o}(QjS-tM*_2)n^%s4= zD&40vWecebzou+k=?R7M`7FmrN#f}RU|Ukt4Nc}v3z*urm=x}oAN?lpF!G;9RavlN z?)1f<-qkI{gc^&wGR+aL&Vt(upb!QlP+2zoIxmR!z3n{w=tKPYh97apX=fCiv-I@z z@W(s<#O=Soon0-vm^ou6H~;Kr&N=h!eV*$82%*&+J^dSJZrk(3U(;o!gaL%iT>g{x z0>~&VAq-$N_`eheu-~!(6mtK6+VyT)?kX=;{r~BE(dQ(&%x7@+zK`_4BjhLi_)BaT z8a;lU-trn^6;;?OrQzWv{%32hYZZa8i}R!jb6WjBW@ld4@>IFZDwopv97-LV{+u=w zNr`Z;;7f^c+Y^<{>^J?{V8jbRX^3>W7lfX>KYcGLSGxxv&FlR=YUQT2ooAvj!)0Z3 z_e6MYZ7Y+TE2ysYr)Iy3{(%^;zuB5n{8xnh>D7NZ9QQ9hTr@2k5-HAW7_h9MREszC z>cc6Uas~qt#bDH>H&EaoC^R9_g`?2#GZX=zBIs9y1J1vIUlA}Bep6xUPCZ>yfOKU> zP$S!9e$J_r3ZGC}m|=W_Xg7^O`@T;rUdezCiX?h z{P2Xg^!lluhS{A+)fxGd-WCuHz{F-meVvnMITFoF{xi06ME{DA|E!J7k6CRAk9sAL z|8$Rh_ z!uD-jky6s%)k!>>{rz~e9k20uT+w$t`3Ia-k0C#aA`;W-tN_Y`4VaoATUsPkDlScP z{6dEX0!ev(j6ABYzoQ`kc?(^;i@g87@}V0z>$vyu`o>jU{?)U&|EWLm+FLL1!W&O< z=fl57D#@}#PU5ts=dq<_JzHBgdUu-VJ}5TUoO>`&BVWAy+bmtQoVy?UEq{9WSDtmw zKK>#OnX`mj@BcCF-Ft@1k3Z~GuD{s9trUhPh9g*;4Gj*}EJMM_k zhE4pYhNg)W>CYeY50IVeQvsSL@RzW@QB_sNB^O=7oY`~o_OWK|8oqbK_xQ{gKFgC& zKgpCSQ&@i7avJLEx#Lg2XXC~V9DnTb!(zev0^JDuU)%bVzhst;WCH*&vbs?LZ?9L& zb^a;}K0oBk1`vxP(is8zf!H7-SY9|AKnHJMHh`yH+spH`dEIr0{gn;i?Q%LD#`UgO zPqFxaFKm1T(Y6gOU~qAvdeu#^@Pyp*U^yIq>abWc^OwO9r{(_hdt_v4o(0SQ16F(h z=6Y(DgXxDuSHLNk!wDC|gqg+9Y3c+*QyZC`h|}0NNadcL_y_w(@!gC<{4al^Dc7;t zssDHz#sBiG{-+^b`&Yb&H%`BVQ(9Yhwr<_L5zDsd=^Nsv-@eFW&u$rxkDT0G;ba1k zl4L?6?bPbOD}A6B0!8rK zjj_xB{HtA`Y1tXCM+!|^nl@Nb)ihLHd6HK<-TzuWCf9#}so^PzQq1FH#H?wP_KEy& z*}0qF-1`sY1ckgpIX-aj1XO~&LSffSetyTF*}8K?GRIB+Gssp3na?EFBBM_6`q_mA zwE>3z@1E=msIEpVJ_2p&k3XF<&gjEjjSHBHZnhYwdFyBbNEOu2_5dSvlC+| zcQrB_Rdsb4eF$LoK?^W^J}leDmX5&_hG*@$0@}OwWbC(Xi<|HI9$)&|M-ZCE zH$HX~Q}axc#`05_a}VZeWbyoETzK;3w05@elRxF3UC*6*FiI)5w5%U4D+^U{?Nv7* zmE`(cK20JSA0P7XbxhF$j~%1^iApA6+Xl~F=AsEz#-yq;C8ep9FqKk1q%xGmRJQP0 zQu&m`lu6-}mNKO+3_B@Jl1jI2+mM!~DTyYNO0z(-EumXV38gGy>zbydE|N(llyV#z z(@;|7Jqte&@m>3VN%_H}JktY$s>%?nb`0|7?m-5kmgi!VXPCFgvokq(q-gW~(K9uVI-?|ksTT!LyEGblPum@%@hRUqFV#<67SB|(_Pg?{C zNW?P#Wj|z%)8MFcV9#dQ@~YGJf@3r5Xu3oCtD9isD(Kh=OV5Y;DaFt0kh#pTEEOU{!>wD^a`mX#6r^jO5Pi@__ zkz^u)W!XIN@OplG=W8SqNhUOeF$`^Z)jyF;yZtMaEABrV!@6iVf`D6hmp)#lhY^#n zLem^8f}z8~Gjj=iz~_)=({Ky|`@VQRe%?hse~6j$j~dRaPz;6+wUv$$L(>F}&67A} z@lgbW4F^AZU)%MM|D)|ROIqgMDbwDggq9P26mRdM?~RRKO&3MEQBL)K6#gp<1!=CU z9rN*Ro!$KM&ij!y67@bcYEjMoju5E#DeMZHAN}SJ?Ct6%FS*Sj^XctU$^S@wr>GeD zFQN^Q-V#7fHDbvTuLFJO_;7oO5>Md4`I$BRblkyEC_369mqj*Q|tY zDk)7RF>ED#N?|6IGL?-fZDmSZ8PXDlZ7EYqVJKUeQVQKpNF$k)x}8+IOe#$#m1ZlY zClbox9=7v0+caj|N|PxgK-v>kX}SRD6PGMXh-ujl!tZEQ*Oc-6=3cgSMu{cu)Z)JT zdn@hXv!#>jd9-M2Z|4U;x`D;ZmT>iFuBN`efxG{B7f(L?1RwkG$CxxRGY+vVT*jBb z_+=h=@NaZF>lIw?i=U!R~uql6(@)y;S0$) z?B3`QemADfhaGQ@eD(!k-AY*VbmqTAR#u*cC&1cg9b&(IEv$Ob@dEI&oivK}r ztN#g=c|R6f{dey-OyuR)am)-5vUQf4i^!O9Oq0+1bY^rRaR(#W9(;1u(U2YSDW8f*F&W z$84QRBrSe@?}H>w3wfz>QuDnN5e9jwB1W8>et*|UKI>s3;{BXG90ni|BCBM{4uLNqpH^qE;Rcg9?Z{EN*0WtHb4|3&z|m%%}GbYMn@D29rf znw&VzvhoU=r%cDPY;0*GQ(~vW^Vu37@}I4gFmgT~*W`aC`Oklz=`uYsh(AzVcB#Iq zDsSwqPYX~b>QR;gD-Ja4^*nh8{u*RsJiVLbNG z6`XzCMeJzZ!Y}UmZpq|7=ehDefnr644;(A`PygNemS?VDy*}jgFP&1SB&n5uX)0Tp z%2qyUNuRWoY1_)QEZb*EXQX38C4{aN!cJJ4GBq(8 zF94fLBch-D@!Y5Loef>runZrow)D{67spO}W@S92rOkc%N8upZ)6>I8KJgKbJmyGl zzvFf;zVISm`qzux_CL3B?6PAEKGTg2O-Lze*ijBtN}t=XNVHFo05$*1i3F@8{1FjU`hW0FrppA^u*j zSlMvLTdmz%+ISOn7oe5R_I!m*X@Vx#LUKIeXbrs6P*zpPq}hu`=TG3Otm{x;1vM3p zAtewDGHuozYC?_mo4@lIZ4a%>NR8G1>RZJ3=F9wA81;b$!ul8u+5w&V!JF-N1-jy!nz$bT+dA0P6c)4uC-ZdcBRzH3+Z!8y=$oiY!F=H{u> z2vt^+v~6tL&e9n17|Z_!@}H*%uag{a@(+Mggsd2vUU=GN=sL9(`Ck+jMjb&F1}P8{ zkisGUt_-+^UflbG`~xhUva9zQ=bEho?QUZWLI9SfLSN#yFBwzp4r->(G#XB4?@?Y#E_mTVq5RV~R zws{`vJ7!v~s0;;Np#Y|k%23W~zt6UmsVq!s2~$dCN?VwAQklY1deXL>Pyovn3ZO

mS5&9IV?2m>)E6d>a#vP7GP zWkIxrTMwYTyqs7(#t*-D1FydD3SaudmuQ~QT=Y20vbf<#KcJ$bg4wfj)@#NDO&Euq zvG`91xy!P{0J6OR@}UOkjZf2l^61tRu6-za)9;@9?bg0%(;rY&hkYHNIOE_iPyOz@ z{O|wasSW?Q@`ww%bzwc!o2@|H=&V4w?XnhN(( z7DTHqqt>>mOb!tq8pQ1HMvuEz{Bu_SN9q3WE08&$7)G1=FO5>%|4T^^SSn7xf+r7O zAunie-_zIIt3bVLL^IoUF1Vq2?qsE&mK`;Vef% zKaHW-==BBiV|*H#zxZTFLovJcRQkY#0Lm&VnLKp{ z(PwtE>4wLMwf12RMCg8T&6vii37yHo{VStCbz&2Gaq$IDY~Hb(=U-ckIu4jVzT?_& zm<=q2$DezNt-D&tB>&kYJ4+Za{dbsKrMF8Z|K9b<*v{-TANhBWQLCvzEIkr!+0khA zbs1xHb>PMCUE|H&St|L@s8Nuxx@vZIVpzppgvu%_(Xs`+fSGd_AeF$f9sQFu`Bxr; z_&-7Zvk0hn|Dz!Po+BmC{g5h&3=!}Zf0tC2l@auN|9T3bPH#rDh2sG*> z<$fWnQqIL2B@q(=6=6reU|^_!Y(M6ygN|N!0(X4#A%6D7KTw+;!=cJCVB{`L$!XDDAQo9@IXO|DvsrvL6Av zcOZraa_gF!7Ce1cqf)|9QW{EP+9^!{TPag2VM-+oX(`iA2-C8KVcEh++QLYO0$3>iz9(|abe*AOF!o@Y9N=0M&p`-Ew z@CpO?@$;`9`uY0@zWtMjwyx`mOuyf1Q}tYdi*9-aGtF_<1C z{Ou6`^K8eJ`VaEE|AVvopWfDO#FFJ~KlcNiGcee_xu>fWW!uQq>c3KwWKxw(xc$D7 zd27;wO*;ylgKsic!{wNI;l@n^7SA6MqEyNu(&K}%J$_O;Bz`Cc!K&$0)z2WBa4gM( zLog75o&o6YcmDPbLVv{BH#p>!xA#D2AM`~W<3Jj^1`X9vU+tW;5E@lAwNxg;Z2#di zZ2iUKsA86tJZK6uVrcuWQkxH&rZHv0*s=`SQgYWrPoUKZC?O2!9fjo}D&V*GK7f=m zFUigzWg?Ss<#-6V`EL>OpV@YPgF{~Lggo`N+8VT@k3v6o=}2gR#~9rMC~Oqi7xJH7 zDYGr16vkeUAD--SXc}c6;&FbzpGh-jk+3W*TVfA;0puI%_>%w3o&O8Te*q(hC;10Z z;7>%+jp9?UhU)6Pk zO#y@gVXphgj}by}!V#x4W73?0hvi)DBE$XSPd~`#e{vPiy!uG~N~v=mF#xRPusKKa z?i1fn%ibOQ^v~ZYjrGlHX)2=!b zVZPIS=nA5;%+KCI$%fWJ24a?@1>oB6ZNSb&JRycNRE-Cs(I|iT(;rxI`U)<&?0rm{ zIElyp@hB&sbn^Ih0{G4H_f(Zn&$00o;yFVm;*QmiOuz2Q-YpV$YD<Xs1_=35s`d;w) zA?{%)h({eSf;8+T=pI}|+TbrC?zg&vkSz&INgy#mPD?rN|L%R`B>tD}{$DEgMf`8P zR{zuR`C!@t`Y!td|6vn(x~sbjY1=5NhT~zAqj-7xT;If+JYfJz3lnep1g5`uj3+ok zc?)KYe70s1DjhMfx{hbu)9Mr`_Pk# z#wCfQv(j(bV9Da)`ARuPgux-`?1eoY&fkHEQyvb$qz1<;035-xs;XLi{XvFynb;*5 z+=$}eB{%89y!O2iTvkm zf)HqX_MnyE)#K#_0MOJtiC|4_DilCEhR<{;z`@#VZ2yrY&S(sE>~BHokPl_W}6UZJ#5WD6Y*h7RCSE zMoQR`=Q%3Yj@NxVjKMx=_f|X(o;<4_O*52~ra~A>2~$aBN=ul^5{9yrA(NO=VoF<@ zQVK&Rg<;#uNZ86qCN*7HO0yGEm$u^tkVq&k?FEqTC;Lq%HBDIBth0)p>c0c3s)D@P zGDur*tf&`2Aq*Bz6jK!2cWmeSZ+)G^jy{}gum1{%EINcoAAE#cZ~hfCrq3wez-S?~ z2`d)fa*Vqu?b+-V2JoF1cE9g)4<#Obv-6bK;&%CEK7Ht)Q_EHz^PQ8;rQbih@<*30 zJ$=_@OHbOS3+t6V-3u=U?`!}=cJ&+}anS5%;@SS9JI3ctn1QFV+8mECfbo;}9>F^z z1fW#3ZbihSXo%9a>W2EEryUlb4m;Onk{C1KtVqr{#8LD=XxT`(fE#9DBy7M9E0Jjc zhz>el0NDtZWr_vnL%@e02r7x+w$Obpa$d~+zYz9S{BN}G|NArbU-tg&)&GofR$^U# zEuRTj#&7QK>cX;;!*S<>#ec&`#^}}o@Du_R#2P+|9`qs-`7vt}G`rqbv3<}3NUy?o z^a$Eg(;*qU1MSQ(yvy*uTtra#P8+#tcZM zc=Y*~5fg>uQlAHl8W#~Z_n&^jK4Cs+&4T+Me=0>7^T+yU@@xrT+dkn^6%BxsK~!(19{rb+&OmgU*toH-LA1>lQEF-q_P zsI90#&m#y3f;zn!Y|SD67GS3q{bhRPUu1Xzj3z5U(bfN~-Fv%RdEt$xncOs;Q ze3leGDTOH$%Cr*7OvaTdE!$91=vGo1N-8a`94`PVl&0(vK|mX&Nn6uomLQ;QD=i|= zKUfhc5=i^+frjcZEj=-|cMLHUw{sR&O4S00M8$A6v(Z2)#WVkUmJfaW!yJ3kaoqR7 zU-{1~{*zapdzl-*eqouX6-(zV*}#)1p?zb-J+rvAF($vALS&!M}SLzyUV^j4J-W z4Kc5YkSLM?AR8?kprS6*{U4xjuS43a8lCrkSrr^}0UUW&=8uKx_k0s>nvMVfAOJ~3 zK~xv!7y!CkAv>jQsKOBeEagEB`q5GNYzx!2FycLE*(>|Q7=`bMuzeLg>Wyn^U1AJKM5^nxA3 z(;#37ou=Uaoez`+15{NOQSZ!yH`Z^atGf?%eBm$R2dDgiPagG2Zaeoj=G4w9Soc6c z9;;|;?_~8`8;X#BFOuzDKeK|DVZe+0i{az)k^g=2PN=QLSavk}(xVYI)mgkVi!QqR z$5nA3$$!2+_10EOL0MIm=j1Wy4=}NQ0z-Zu(W(lpU;sI+6jy}&=kV9jlK)%+>`^+- z6TtylI+7bpb&@Qwva`sxv|XMCxBUJ3x+>%XpA~uVa9l z@A@79AAI*`voaYJCjS9{kn2DCQ!FdVFYfv-&Gl2*uzjuPp*by;#Ar*YGg4{x|9sbH+1uU9PyhVQlKSy@5{izcv~$`I*h;rkf`CFgf`Cb-bR`j%QbK7;2 zpD(gO2-Ur^<^6xYcIA%cx2$@3&h-zrp7rIwL~qMw(vL&t8R(Md0Z_XO@L3;G|1o=HamU6{k$oz)Leu zsgXEtfGw}ViVrwOfYvSG55eLy91*}`LW2NF3n3M{0wXTb+=O~x-T!^$y8q{e>pHzH z;(rCMO`+BQjCyv;Vw@uD$*h!u=UvHzPu-(h*T3HXlRz+B=JyBak2qwxrbtwo&v2CN zrISvZf3AdA*1-qg1qU6nm}K=i1oW{P7Ja5et{-`RB#bi>g>b3y6Deq#a~`G+-F>p$4DYl3xy)Z6$CDeVb*VzVZiie=iiFO z5Rb#Q7DqU7{WfT6&mEIxJBqe$2qDmHA6CC0o=l*W;+PeuVweW)d$-Zvy^Dl3NPSg3 z`hK=wPMXj-W{cJftKUSc6v#RGf7F*xTaK-4ZhZbm0!Dz_&by8G-1VL@_PC#L5NH(| z|627bhc7s26y!gfl#k3`riv+GcsV1_?KkfsD`*D-e+%e{k%d5WDP>(`??yE86_$oYT9j@-TbNd5&tZ!bn7j^!)-QqVMwP(=lizT6kU)TW8F_jF-NNjwxl zmWMHiV(76r+S^6`y_@~FBmcRTM@RnC@JEM;nL(^%;nji4vN8rD5#o8`)+)_^{OZ@A#$2s<}6`Z#0eEzxeFL^t2cXRc{ z|IL)9>HO+1HxlrN5JIqV$D4(|jN)T-RV_}IGi%J5>a2n;KjI7kKL6t@7>IiOu;%S& zyvhG4tLzK;Por%&G)#oDOll^4x)wNjW<&I^>sq8lYG_jF!cr1bX~MQGq!7xsgffMt zS(c^@C56NmdICyFq z|9rWVQAQMw2{R`IIe%#*Km5z~Q5{!R9%Nfbgs#B^%{4)MS@sIym<5WqGZ=BwOP7L& zA99Rx&;R~SRCc>XY#iIy+ z5cQFRkA3m_RXuxO-us{DUNq<0-{osFVFxA~BKDA>CpPs&C*RQ%ol*rTf!yHJ2ETjS ztRLQV_T1}+{eC9_TO*Z zyLz#eA|XW1Vy`EB0f&%pc?~AdgU%w~`cOZte-UOLHevusCcrBlx?w`n6}R2j0k1s@ zOV4+_19SscKMqqDK(Yj_fmnQaNk$m1r#}%xWPDQ*$PNuGB>q?ILWO{0A@K)F{I3w) z?*Ar*&(jB-`W{}bnZSQM|7heFwrx)ig~ANQ93om*nQ6?)Ms20z%AR)7-`fMf`e!p= zT=sElb+u1-cwH47HWyZ`|AgES7-TQ{bFqQ$l>MAqxdk zD`&5HH2V~3Bt{Mo_+kDGSTG$p5h6p5A>hr;ux1nNDWYvAgh11DDyyrRyWmi4+h+3A zSy+}ue@{29rKxUg7V&||5F57bL>^c8 zzPS3xtGVj_tBBii;&z;bok;a9_~??4^2arQWH2#^CCAlkZFCSI50f{oy`qYcP&E2G!Al{niFlPfzX`-Q&sF zDnLRrHigGWFETAKySuTPitAmJRaO$|@6T}o5}L;J36t2kdpo+Wqw5A%d6{Dfhzy}; z=atGKczMovH00ldhz>p1*vWtPdFCFIdp@4$9gh>L3e#W203d+c zsw(z$ba?L9(5Tg$Xt#Gb;Q(5yPfa+X04{+yp$fC%eIfs8{PLb3aO`0#xbpl@r3?Ut z+c;#-65e;lhiL6=;a7jXk$0bTDF7SXd6zQ|8#y=}DyO!xo}F#^bMzJ`%egh?O+7fZ zOK{&)f8@C}PZn!soJe``gU2E+m|Lfm?^z+Xtw$ZaB&SW^K~3e>D|^b4J9_)klr3## z3MHfz!Uknap;?X*!1ignW{V`!R+cF=O$yzXM$(YBP)Z7+G|)ssX_g)x`C}}E|v;?uZB2dDD(Rt^b$LXh?KCY_%V@23ke;$STFaZ8w zzw+sW_e2skmjF2ifT2OepWe8uDITx-c+l+l=GRVb{QaA~AGl-Xh7V7u5gYp6d;FE% z02PVCS91r5sbie{ZUixBoI~`l2l2K26ZW5h0~!J_mKX?4M@dPENiduY0PWjg+Z!-x zUTN>W?mbXZ>kxPVEAB1sXZRqICET{{4fxy7;n}<3@4s+92g)47LNN@*GBWw*#~4C} z3yJ?_xc{e?__N*r^WmK&{+G4@NG*T6i;tn@%!_%yQnA&81N|taNF*IXUnu_G?}Nr# z$J#0Ye;~*eSAQOx0DHSf=ZfWp`7<1s`!u3)#}F`j2n^j(-LG)nCsM-wPs6u=>lg>J z(eGP<+K=({J%yX}K4pBd8_#uW>}wk2ye zY;r#5kmgMCpG)S`+oh8K-1;NMu6@HpNN;`8a^NXfVZDkLronaUl1!{Vc9kkh0-;WmE|NFYOzDXjPvmrz312p zork+ZDdb<|Ua0?_X9vh0h{p_L zEacw{t2e&HsyF||ylD%WlOodjn(>={zW&jlp=mnbzU_;|;?dz_vJC(^_ltmQF8w<9 zeE%7aI@mkSN^!F6{SB_&@+z@-l#ZS@Zv4Yni!_qmOli}av5^0<&X_WXSK9Y105RBy z==2Cd65v01R)Z2aX#pJ_07E({0u3dVXr;0&vun-^D+B=rP;RI^@cp>}&u%U73$U zIt-u?in;mkOBld`)&Ur|8GkA6|D(lI9v4T~Q3**)P^YBjxfzGR8&5hZ`)mv9r@-DF zg^x)q{u`!qOfmrh57KS=y;t^=aYuL%oOf-g90p1-F1B`&&;&MM>pHe>IB$Rq_x}hP z27qGj|GrV`0=Tii#s3ofN&GLn9beWvY1(Z1-*+`1x$Bq7uMG6}omEy|frZB2ZikHe z^B8mmP#K1BKycQjSJN(#r9-OwBhXmwxZ#fl#~tdl)0axaJ2(UtCCgo=k;?Kd zpt217hGX1Fr1(`L`b&W;nvLNFX=;*@DLHBTa$Ofb;fLw8pveLdam>1aWv1UL*` zClm}&77kJtO8pCm2ze0wriR*4ow^&Fwzr^_3uImX3-aaTzRXvj9GO_Y|B&}{&$@d6 zxMtZkeD>kb^75XS0hnDgo2w4Limg3cx%Jgsk*;_oUFg_qjLMOvq6xH+##@`Vvh0XM zGl+F+YZPR@wEEeEC9g0bB4?`*`5zgC$Suku|L$$k(16y^;CKYAdkfXmn=?jNC*E`R ztc`r6*^6MSp&^WDlw`2@L^V`iPCV*uk(@bk3Tw8kN4E@gU31+3H4UlhP+5U252Fu8 z(1slGjsH*n^Pi_Tbo=+ZF)2*>4r zcu7IQu!6QZ_ywjfs)%7n>U){*SP;uA) zJRgb{7vGa@V@91D*WdBhDv+g-fpC{l@KOM z*h(p>B(~BtTS{Tegl$`zW~sO`h0m54nyn?2VF*peb)`&+(rl%hwkDOPl#>=vXj;k( zz!D7}(%i){wIRra8b6!%MCj^w<~EuTOs)%H=z^&Y0e0+-F||HGMM!5_W02PFI0;MA zP~~H9PlAJ{lu;QrSi60Yf#}FQWLsO5AKkZuge5Wcv8|&TrcQfLoT0cydiI=g-Gvx- zAC-jRPQiu%~qof4%=c?!E6`-dg__zq{>rPFZnE(c^>=zD0AdICcHrTZ)DO zTsrUFJHOf6_Jv5i@rNIMJbAe$?43$!wYD^lKnUH`V|Ol{_=_(eKJnIQ6hzq=R?geE zBc@LCK5pH}+j7)+ip(&8ae?!*JT7hS_Yi>VUH9~8{m59tFHrHh3hE=dpd|ANE!x7 zzmDy%#?v>jRPn!3xTEQ@3SX-DU%t=#iZO}*xmW*-%%!A`2vw8(z~}keUB9rm_U!HZ zM7XS67=}S-pA!=wE-=qte%3`ST6`3CmaxN647Tlo`YNa`XVkyEKA%H~?|aHg9VrzI z3_;oGjMEwL`=F^7I(wXSeBgK&+Wz<(fyX;jpH|_|mao;#<#t3xE@+ok)GSp1a<>YfNJ;{iHxnldRped8A-?E1NVI zBmds@$=EKG?$6bCzWV7AWU~7b$5_}qA#Dhdds?yAZ$S0;yRL{A`7c6!^OEM=GQF#d zJNHFcSyoP2FibQVM>ljdO+yIB2!{Zr>sXZ)h_W!o;1D7j&CMf! z0LZ@=@{|93eeX~5U%cHM@}K&@FA+sI{n*LEKU_Z3q&yU2V8}a#jUh}bL^b_ZSL(ZT z-lgawl?gzQs|c7H%@{@h@)c}p*$BXdth7q*ZWhcul*`Zg1YLa{eDAkk20+&hW=%eb zjXTy38#=wne<%>4-P=_iBtlq327;WZ3|4zwr!cRZ9p1S1V@qzQ+~06EC4>P0TzhoW?Ki#l z{OXRuMHkyjpQLGaOTZZX+tiwW{rv+A&uxj7jZ9z%`w?aJsQM1LZsnVY4%*F!ef^y3 zUuUGZ{52DxztbUM;KcSXI2JU0qzoK#zjbxtF-)H42m%%p_-yS&CX&Pq zA5lXP*L7^e^thqM+5I0}1iw^;zw~iqbpPL1@xRfm{%4CD*ft`aLqgM0@BJ9JKXAM3 zXx-L-Z7>w}`FwtQ1{}ru3Xf|&ecoX#JN3P(m$Z}q&MgorCG6>NR`Dk{Kwy+{{0%iu zW`O5kPYvI4EWCk|!^}L0gK$>d{ib6GNb`axUxs<}=P~!FX=tjji+o8Bt6*GgokBoE zQv+If4oX_XaY{-;UqAHpIi3=oJY!Q4h<5EMX{1e zl9o+R{{TJx1H;F?v}QfWE?&fir=K{AaSMi`F$M;PpgDiNYnENZH=g+h=gm8h$F@Gk z&1c=rSDyF^wzB!?;*WC0{Z|av{oX0xLDIa67c&{6GayRcm6Q^rwIAS^~b4R3i&TyKbwfUw~CX0_u+*N6#B$w z^oh;Lws!2d)}wm+a?dFbnaw7pIiEb;k_B25mrqHjC-&v#B4hi23rE*pvxs0s!^hV@`ZILh;9IwTp56gRY;#)kEc~W_I0Hbwk$vituhLvUg?k?V9WSnZ z#&ay1&@#NGGV6FfW23})k^f>Hzg^_Nz)(cnPE^w*@MlgEwW@&OKWa*K;`yB&QYr&9 zpC&}g13=iejU|M#rBJ3VG+SuGRyL+Ggd~a7HDxDInv!Umt#sYelnN+iCoBzJpn;`? zKTnWgel%A3xasdZ0qE>YaNNPw{Q2oNUf(*v!l`9!*d1ZjM#p&j#2ekrpIpWrPwWA} zGz2r6LcFnUkOx;ex*OZtqnx#*j@usDJ=&qvV-Ry@76el-w*H@Cu`&e5FnLGg|wxk1>kzv+}A|uI(AhBR(&lp6m->bZ~TAqpXYFoDqhb91g!*G2}Im949c?= zfHV5ms1kK3%gF{HEF2kiB@j|UDw9q6(oJeja=AZ^L!wPD{uCyTb-D?~Nl4TFQG*xq`N?-Q4*5EWgs!cdrSJo4FgFtP=lN+JKFvWe^u@?W&|QT8*c6Uv2@h@IY(-M}%^YDB>FD~TadhP0)jY)olm zDqEUTD$|zAw54rGX&YF|z_N9cxoH6{U1=F<0ns!tM$Il?+%RJN+}#zYzH)RzeWoFJ z_RSHRxn|oS3#XTlesWp>x~`K*N}@^SWbjO_O6G_GmH;VXC^o+AUn#|^msjy$*M5nG zix+Xxr5CY%`!>FL-8WhD@*Di_w%fVzf(yq){sDv#{-fr9@WYadi7t#|-0-;O0pnz}z zMMb^XQ7&8+MQK+NufV+sqFgJW5SmIALJNcvNC@dYn`D#hX8UQ=et*n4yL0BuIcK&c z;P-c5k4Lg+KJ)3*KCk!ZU79~=>YlVh)g#|9O;PQW6Tc5C?JsR^J|*u~oR@Hb>-!-e z{Aa+RXaF3I@P8SUR$x5w79Y$QPp40I^%()c$SKfv5V{BXF2~%!>jtg+wQ+t6x;ppGxDkb7ufv=D|BGy_mcB@ zudLBc30m4< z{P4nN1x_rR4+jogJKkUkB+5N$e-yqfKE*N#*s~ud&6-bnMK!ydQcM_OX$pKCper>b zlnDs4cb;|K+VS6a5cVFh{v}gZ7{PoYHidvt0Q|D0rWXoWAstJDpqE;8CQ}megr8Vk zA|6v|X;V?t(w3Ua3ipb0+UX^S&8_K$M;@WXw-iOF4W-IaCjYYV={SD*fB z&+(b&R@gnv{{Xu#> z2U=PfJtD17kvKWv#*7$$wA31js|{ zkn8F&_U%JkzX7we%TZ5ZR+~F_wtm?lx3{C!)KCn8PzYI3^7_vhSzFHs+c%;36m&&G z5(1Hl4`-8uWm-3VKD3H*L|F++XE!1icjU+(%>R*pw={S14+3H_g5{OOx{5n1tt=~} zGZxG17%ZYh=~UZD>2d2?%EGcI6WFvkdJRbnh6NNbe&iJHxaI+V{)Zd+-Cyr<&0{~P zs~X0+OFvCK8RON}&*x;BIBFW7|Cevj*4e@>zqvN6j*02;dz*Ky%e`j=1Op*{_{BSs zgv5{T`xf2t?0vUP?h8-7k_FRFARLTv-}0Z?G7J*=FP3MJ$p4_wjy^d3E12bQ6K3ad zD2-;P2NWrId_z_2xh+kSVd$nT`*hRLB||7emwb{Cnu)0x2)`kr8?vbzy6|a=q)U#l zfO^W56cvJ;mLxUEpI_AKDBzLslKM@qk0{p|eK*zof- zJ$#OdG*lMayFR)5k74ETTV>&<-Lg+;EiDbxI<@L=J-GIF-vCZqGU88J67<0|1IULJ ze0;+J9#Ip38;^k0Bsd9Eevd?3C$CgT`9!{a!zaRyHM!|~Hp2X~EJC2GFl!ksI0sU3 z%cg)#gA+ePk!`oE?i{1jLJ?}2TLzpu{!GU!q5cRP{n{dv@!|9R{;SYZTb z9n0>DTCRNl;nYvNIy+`XN=iwo5{FfoIQuxtD{8T}P~7VfX(0fB-KSG$H>}u*u6hn>!4p44E28uDinvfO*3?Gg>Y#7GA{iy5LV|I2rYIL^gf&AOj zmDa-~JqQ56(gNsebGMJFC@Uu%2wF}|bsvUoBAK|7|EzhJMgUGbEu2LnuN4kx#^* zA8`*(H47o;Lh@rtgR=182>^7%QvKKUTrdCj>GkXkFe%V=Ge;ZM3l23O;_)Y+VEGfv zd4J9O)YaB>=w zrFnUeesdu+fd6{ygJauL4dgo; zpLX2!((Bv4vh~SLx1Y3R#Gjr9D;mIHn*sbYh6DUad;s(}^udHVnEOA#Y^)@;Wgp86 z2>@Ps*gd_u5&r&5>-T}3)^C5vau%5Aws!m7psBF(F$jb$;X&Nx+uPa%Puyt<65^fN z{sIc&oeijoBwdQ1HlLr?K#1;|C~6kr@1ytsVj2KpayH0|BA@d=r+79;{ok9`>QQn2 zSFFBK<7mI|YOa3le(k%R9qnh9l$IjP3U919~RkSDDx%FxD^=P~Hpl{lUnQ=VnO8&EwvfFl$ z4YREsq3f6)R(YXFB(DGfV0d*MoA>TQR#X&O#*`(5S zc*2!P_KE!G@;&!@ypn%sHn*a=ojUsDKXcR_BNQno)?Hi+prWjdj_&TfS^z;QOjs)+ zrgwp4A|zq?s>uielx#D$9M4j=-#hnh<(fOLZ8Ea3|gN1y;I_nG@!5 z=^0<-P-_#n|L*%)<$51I!3|&dIpJW0yC1%p?TwpqGvy93Pl5})kpE(&+)L$yLH<29 z*_U=iR|m8nvZ4amv&fS0FBx4G|Lex2Foj~6rcYq%rY?M@Kr?ky*95vx6`CRAlMPch zkQ8AET~|?5$uvyWG=ipNT3P_6VFocx&BQd+r0655Eha=O2A_*Mq%8G)O;HG{W>~kR zuA zlRu2*2f&F_Mt`;Az1^37r!>^Ov%`-lOXV(-TlXU>hGGsR8o)oJAApa{31A_tDDY0I zti_BDL3`?TUO8qg`$B<2?zX%k6}SF*LDJm;Z@=owV8y${ghab6bI7mI8m%N2sKD^~ zvu}uxTK&H#y`RqipzrGcN5c6ZWUK!h5<(cg$7NB}%f7{p&pc?n+|tys#4t*a2dT89 zy`9x>zRv15Unf#h%FKBSS#ZKKCQO;$BM8ViSr%Bk(E_lW*muTY$CW=gho4>Z0N=XoMvgsZ8NXWobJlHr7e)3nf7)?edG6PlHtrbqH#hRN zpIk=Lu@D+NViI4x;M;U`w{g?`*W^sYkZ286<<-2uX_akKtUm!?fFFMG7f6!KP4`=M zIP(CUf6`?vn05jicC6)rr)2QG6P<;rlT~hhmNV)sueiUW^9~TT*0B|Ji|MOup zh`LdjBgUg`Ur%gnBY&7amTNs0|5##cBgWdTw8;w1ik}0K5)PM?kqrKmsQ){i{}s!d zPyIhr)~Wtq2m^Kgmw^v*;w?%N=9!=2rKE1IFq0kf>X&@e_ii_5w6}76D$ca-u1;y? zOV6|NrRS-rs%F;wMa(^J3ByJ-SP>>n>z^!HJN8MFw4Imr{@%LBvSXh;vGA_D5ODSh z@axB*t;;Ig(dA8pARneLI2}onF?G%ITaYHchG~TcoHahzso_A84s*%YU9fgDtl0z| zo#`EZ-TGTqQ_ILPtx13?!u?2@-MdjYY{bl{Z@Vt!oGbHe5~*}`dlCQ$ zAQ%o4&#NjfsEbyyzx5Ehs#sb8LLeb~BL7(#6rUvsD2*U>bRj2`>1{Y+FX~p~5g`A$ zs{eUk{vQ|epZ+Vw;wXU-YO*-d=+OembKWln3F)Q8^iG6if-DfGr3oN}nRfc(q6Ls= z?%v<@78hQ-lv}>~OBT;OkpX^s^X8VO(G=SluRAn z^x47!YNjkHnkM{02;GoP%`hZg(uJ-I)6h&)H&savp&N!INx@(=JbU`*j&Ib4Ox-dF zN^AuNmvbmfg5lLc_8hWI-a-KxAs~?|?l9RaI%7$Kl0?8KkVLOWPG;vn#~Gk$`<(}> zCP=1C0v_yNFTU_%F8G%VsH)84u{aM}4!7{gV~;Xn!o)t6%Lhdco;GaA(%|0a6^UYb z>jUp;05Kl|wJ@RX>Oho~_2%hrN8}R%3>J<=IKX@u3_k!zOatIXPp`VZVGh6)%=%Fn zl{F-O_Yx2NXgHq>1@iga{`lkZmxu|8R#~CRAK*ZFl=k{+lD=sE3wt!x|9hPN*@OqW z+3V#$!@+a_*+u>TNMaD2|2cR6?MSBcDItvcXR2!qgSEgP_H8Bl;hW5E-p}!|PL6AB zIaKn}(@*l!(@#=2Yy>msE##O5#}Tcpv`DIH?N$eT5Vw6ly5q3oT^Lhu2?G3icJ;$S zIPXOGZCXaE8_?dB&naNx_d#XN2!@ZHhOSzSE~7@DiPjWPTEdBm4F#+5gqC*Lyc0I= zuy*>}JA2jnomPE@VX)|gWyli9KFe93gky()kO{vXrU_lP4XZ--|Am~@^=J*G7_b1q z4I7#_aM{euxaHMbm{>KDyH;7dT(Xe)^1Lr|@go=WjfLOfuD9;$@h8xpY-iE%MSS;! z@3L~wN@mv1xF|)YhtgAWP(aeAT@AY~6_x&&2K_pbly^sEs&6y|ygF*hiWEl|ox4-WO+7U06 zkmuPc-e}L;xN!$m*MZ1hwD>30M3VL8VWX*2GYwObkQ7rAKGQ@qP2tmZbRmRh3R5v8 zNzpKMNzru-NtabqR)lGkln*PNJN42N>Z_-pSN4PkTs*m))m!_k;O&m??iA$}0U~}GMUr|ho87D@pEE#PhMeo&9mA6V zpscj4PyLO>Vm$oF!`yYx-3SCf`0fqG3wePlN)}J}!P37pujrBNW&8kix|jiEPyyr% z2UrLhGXSR_054_$M=~5>KHSKW^8;|yO#u39|8K{X`4}I*P3piFTGnjkmkX!z-NESF z(Z&Z`G2Y(5VOimTtk4*WaG<=Fu1F1fmim7;I3xcYDfRzMdMb{j>j(pj)T>D(BaZ0V zsn6`(hcJT*X3E-7766$wq^$Igp~pdBfsKui%K4wGOxFkKx#xYrsByH78pn%9<-R;b4+Pi0B)80Ki_rxQN8atk8$IN5e?0JMjVRXZKS37OVGTH!(X27s) z)4Cpvs)Hr7;l;GpRZ_Lg0YZI?Zo||CXJ9&FBg+yfO0U{|Qwx-r!cdzhdoK@dXE$uv z4%_!wW9sa(5q>wPeOTHNeg$f3hcbEUICMk9)Q-#!zZ;S&9BzZwc1WdqKfX0p?r!{x zIjbwlgbwVaPg*-(@srnof?u{S`u5iCEF8X&S9ib4Pfz(N_q}@`-KlO)7)k*nHk-e1lQtqYy%{vu$VLhSOiQvJz`h`N_W<$xfeh zojW(1`Xc#zdw{KBTbp+BFZ97DxF}L&tLUh1by)@8rk#U6YqAPZ~V~fQ>uX_2ls>es28IoyfAn zEx*2&w$9$=y}g}tmtMlLGncV>_lMm7_|M%t;x;rdT)D_KbS>k#odOSmN4Pzw#R?S7 zmFF7uKusVWXvC-+nUg8FWK3oEgYU%*AsIq471JY*k8dsk+l2}q_{ID=T`OA*tm3xF?n#58XWx+7vfPy5Mm}cSk zm)#klEitF=SV9mrvdugD-A}_{<(n&c^sz_z+tYu?Fbyudnb7%lCC0B zNu+v-(&I-kwzh<^Wq#^qi4s{MsOyl_NThUPhdS85^#D6w-@xuRNGJ-1FMwVWKo69o zr+rmf<4}491Q|Hh|NDZ$cK+u?X7}Ha(tjOV0-0mQhjHv#tT7DM`rw|8tL0&v*O_x$ z4jRYp+O~P#&aIn$PcMI%ag(MpdFC-pm^#DNxk^_Yo_)h|{5NT&Mfjb5Xik_7JNLns zUFkA0%kiD;ae*>?%ru77jY8LQx0n11q@-Srj*UB^JZyQ$_Y7faG<0?6x8e8utUCR& z_0Kdx*9>MaK57S?^S3R3W6sbyywUhZR{raczn+_4y_vXX5e2{O?=boK#)T&@rWKr#(PB7x~4{<5MdD2jrX?|}sBhE%g<&kl4gtpy-S2w|o-h(({t ze^ySvf?gR#S9RphE+ktN376cqW8r@C|8ep!0Ag_hB~juYoB;;>enNo&@nn9Lfv8eL z%;>US?y_n9b!q`%;&cR1n8fCpDd)W^ByRlDF9`U9+)>ilmpe&iIMd-DmNU-hJGJ42$iT=TC#Lf18Zc<Vp}HRAY#QMkR~1r*S46bE?S^TX3P`#sgn}@ArXgv%j!#IY zW(ZT!G)bwh99BAG+G)oOub)0U5C|$5pc@*JAz?};2Qj> zp4{DYyk%dEpDo`-$S;vd85pL?5C6E0x(Yvgo2~bgED0We;~>@LeyU1+{Nbg2sG2)B z`}YU7cFIq2>|l7dZX=q zQOy3|D>j3elm0zs3TD$TjK-}bT6c5!&o6P?7tZEa0iUN0@Q(!^dXD7YLo`bYjeZ|H z$|CHqsi(bugv0y41I5(;{dqJ4GO(-vYbpX6l5r$8fpXbo7LTrAX*A6IkdH|sD=3sZ zPMQLrTY}o$!REa!y#LAuUU~dIHk3w4hN7g(!f1hV^puXN%ZMI{v~^nKxwQkTJZN%BlFZckr{?Vb+Y#{f zngZxLyuTS1P6I_0-xvZY4Z|77TA>Sj+qKgDie=A_Vb!f`y{i4?L+Ys+HV&ij(SG`b zWXhVa_D*ZJ-?h0+1c0h+>9(EhWw8c35fV^SSz&qHK6K;-xk)|A_g?&7R$4R|r6tzV zbL^9ROsSs2buV1klXk+W6S(J{d#Ed^qcT*+T8{}yLZI}6qzdA$b8?m6SC{i;~T*Fza--uHwNFB(P%q%pl(=?5la*xkpel9 zK=U8~0LvMm)|p>1vAS{yn|5utB({bLHZ1_J7ED25??(dh8{I=ZYQ=?b#Y(Isp7 zRuzsdPjVyJ;kB+!h*Q|gavGBi4h6N z42=c|2ONv`9_p|(o$9VMdN7=A(0}Z1Zxa6WsxZu1C z7&CgbYnjHqjRXP#s)yuJUG)edq}tQx{d(#%?_TslCe0ZR&}jw`^C2o!%)vAR7z_+n zI6%7}fE#f)1MspgFNC9N0x%Hu|2dB1x>1-@=b<%jqw9nBS^JN-`R_9p@tvc!i#QOx zw+a2PuhJ|@?DP597KpI3s+xl%>WJs;{yW0|6+&Os|1}knj3X^9r}m`DTwWdFTt(?$ zL(lT^iv1tX^;8p#xX5P?T%ZX@!wnv)ltha-}LcN5{8RUgZmz}`lcI}Frd80DWLm%XWX>Kl$2GWY5BcB zWc(ClvUGM^w)->278tk#)5pR3ZI+Wiu)brFu%)S>Yq|4n7zUG%InjFqeS~3Hkr!G! zARf0g6P!-bhu2!B2p?|geW6xGZBiBCwpeo~q>3U_Ups_-dzu|#vW^Z`?peuK7krg1 zhqtg|=L%-j&fvA(ul1atGjtBS+jo=D5`1IfH~9G*KlfCx*ew`6Vi=Mn=aBN=Stv~A z3;9m4lV)3if^(gnr$ByN-wO9};MxiOj$8l;Ny0a7EWR;g(01$~_2GKVM7+2D-s(_d zF*J`VnEqgpcmV-`EJ;+BmeZc-#^?88DzarKp6<7k6S$FoCslBg;GUmpjR29-kUP5| zk#OX3vf=DT+^F@xyz+k@G&Z7a2EVGLj_s*#FD2 z!i`_L6GirM+y7oiOZy?$=FdFtlbkf~6YSWxh5H`;Y2MECd08lM-p#IgiY66n*!7<7 zPdmj&*td4Pjak~i3%z!@WkYC#Z){aa8D0_A_OO~nAxMN zt4Gv_f?;$`N7HmPO+%7pBwa?9G;~=YbO}jFj4Z>m0N|eijR!laEAug|B1FjF>+sLb zvMcK=W-|jQq!o}zT3W`62kVKZ0|)rZH@?CftKJ|QjdJc;=kk+Ve!`q%W*5~wcyYyx z{Qa4yx$=rDS-Wm6AFNx;@L|Kb`Nks9N^1`Q03ZNKL_t(Og!q{AE@)cV(S0)W1rM3 zHWnySrmUhUJ%n??v4NcnmMA+7iH90D>*Z_SO3vQB{S6z};#{`;GR_!(1^_`N zNLR{o0vC`2{OH6VamC|TP!X(POvM=9-CyWamWB%Kh3ThEv=Nrf$~9X}U1a@lC#`Oz z8L|r(@uuH%*th(>ea!A%cE9K&`N!F*y!V46TjBf&kOaQ5V^JDLqi)}Zx^W|BX2(2J zq=4PG6Mhe&ooXtFaCmn+x~8G)K5HS~yV7*&r^}dnld|R}`&y)b_RYD zGm{nXKEuq9v2-jYIGlrq_gI|7?q?+_b{ymJ#tqxs79NdFhKRTzr!0`w3=Gp?M47?r0}`6)^``vzqNP1SGO1BlUP4VYK)@%biGA<-OfWDr z0DxHBTS&kmRaJ}}F@mc;cNHftU5ZaB?!CC9ql4#Oc#gk6^LJi;^%Y)Q`5KECF5;{+ z&*F^J&gfG=Gw{o$Cj%br5ep;Z2jKM&epvF(fy-tk;^kvaIS>_w+FBOe^Uk+Vo0%hI zfLt?xd^nPR0FE~LzdZd2?f)|vGX-F!7P#n&$+I&CbA2imtIfy3>X z|M^?my5sCu{A>>d*jN^2N8NCm$4?~|twbM)`hO<;Uq1L$L`uhZ%>phRS;2QC!2p8E z6-UrdF1r|QOrE!lKp^CqWC#6LNW6?}WzA;G457rMKY(x$ z&OZr$^SE`K(yXWjrB01y(_r$PlYl-x_<3NMmgYozr)2}DYq^?q!)q)7%B%?xRMHI_ zy%7LR(rX z_O{tuV34#ET&`8ZuXvucK_>rc1WYxD z8014~I7~}>JGxW7$%b-y2yvqeGouAyfSEQ05cY@wu0k&NG38H%o9_QMA8vb(KR^FK zo-(~9Cp1h2VAHM-8Cf@)t1kF99o=o*bpN*WhQ)r5Us;c-D6;1XbNg9fxqv=|X7J%Y2sE@$zu0f7Z>;lt-y)7QXaP$*f8rvuj zD~zp)P#IQ`C3+%f^gQVW-q*q&XQO~K*jPePR^nmPM^U)rCwCOh*V@|3)6YG_-=6*( zufF~&0LLvpj`8EhbM`0B<~!dk5JuPo6v;Px?wIdYzq9?O9)EpKGXN)?;Q;@%_Rn>j z51;%=RWChTHrPy3-Z_Dc%e6h9w^qHG>g z%l^?L=qih%my|m=X?LE=To5L|34o>|k};%3^)&qW1RiautTFq3Q0|7--r3s|Dmvl|GudI=R<#X|Lw=Rnmrc7K-fQvJ@wi& z1_H7$j#(1k`l&Bh{QgVdufBTmsruzD&8zNw=80dw`odF>q_%GS5LL~71@1lAyGsx0 zo%Z%z_4Y_vC1a;7==0kl80dZIR1MzzAh+%u*k)q#XqY#(_qe^w(p0dcqGkluLmT?o zvs|c}Wd_mI09vxytex_BEAT7>gVvvE_W~9IamYb4pK0PNF)jp`m7NMfzMZ1Oeskc-v(|eZe-8Fj6BdzS2C5=GZ&I3;t2vFZ?Qy$ z5R?@03E`K51dI^EFw^8;SXuxE*1eRuolLj&o%;+I;-AS>f`^{_b&tc*?3%KP@T5`G zFbtiodp2`~Cf9aOS$Hm|EI5b8gS+^jzue~DH*Z5IFrGdyABq&q z9&^#!-R`}t11|&WYdiU#ivrLz#6g$6QvszXPN<8P)znEs4rrQ+rl!zT6-`%BH5FY; zp=m0ru3{J(nwGM(kTeb5&@l`X(=^a^oyk=u0}OlaZ8*Bge?7kIh}0cRYBV0`q&6C4 zTwR#5uuYxUW(JT!W=)cb`UB z!B4GC=+WyWN!wByZu-Kw`lqMf_6ce1-51I8?_MTNs1B?@!7!DH|JZij%^iOC+q`wZ zm40An{>Q*+lI}zy&e|8)IrNQr>Kw=uanux42h;xFjxkd(OZ*u7bQ1AyTDGlc+fN_l zwlAH>*A`CY_>Y56fbET#|M@#w+q>8=DQxxo`5;othMHRTG)$nab{wgaGK^FL;k+V! zRsVM)9z#mTk-jpUQzs1Jc1fad!9NEP)5kFVksG-6h6lLs^)0Nb)My!E&{bZE3K*Uo z1m;u!9}MSz{e)yA^NLTwP5oc7?f&<4InxJ4v9_<%m@p%BaNM-u-xZm^ceQH4H(z;s z=F2ajnW#O7H&n2ZmvVLG0{?RMPs;x$X8(9|uz!z?XJF znC}kjiuZnOE6d9It`1IbepwdGpFV|`SHFjuFnc0xd{od3jrW`0?>SyJW*NVH=a=3J z$3ScmoUn8*vd#Wq*#65$V4bVad~=tz`;N0{h8*QI>}biuZ#2AI&$^q^ZPM|_z@`;(b0vJ;X=msE1yXKuqV4Sw*;uMkhhax&#~%}ZZBjM**O+cY@F z+^4?urJd{oeQPJrb5X1k0dmtWw3=LB0Osftp}y0J99NMw1x?YBbrm(0LXmxFvO-Ex zQ5;$Tx?x2m(KQW85(ptt=7*tSgMG0huLW?Vux@)ZB|({qwP8k7h6u_c&pLt}?VoHj z0B<%rvACeDv~Lu#tGkOwmOsLie|?I#-gyhZ-_J=)PvRGM{DM=KolHq2d++cQr=Q8j zO&d@()sy)^A%uNZr_jeu@f+V*J8yq%+C!LTTS?&H*Up%9;}dhL|0kZvgaf2E9N^W* zPkrxaukHS3XJW*I?`^x}+9f0Y)Gt+!VrBsUEPep~X?+0LF=`yG%BMk+*n3i*rEN z=%}nAi9;*jzJp&({eMuL{|!+6-!Kq%75vQZzoq`)yZdh!7=UFe4%Wjc83+SYAcJ8d z%A!*8ct#=^9*Fr+N4A=l&RDnIN3fZhlI*<{1JIyf9RcNQz&S`BXjC-iHGM+{GHda`(? z3|0XKoV0jhQ36ZW??MjsZ1g8z{`6lra$cM?d(%#E)}OzRF8#9qFKkrMzUcO%ZICrI zkNJH*f-`0ywr}^O9uD9O1c(p_VV*B1*Xqt|07|7<4BmY?kE~MD>`=PoLJ()u8 z=z^qW`tbi7@}Exh>E6u%{5~H6zn^3QK~G37#i#nwv?M|jAd8-e0H#EGkS4+u=}VuF zoD}Vj+myN{46hkQBvi`YgR8jaUw=e*yptc^`*mx~F6~_R+1scpujavLf5p2S-tgF& z;(g6?#}pVq|HyLD-g;`M_?Y|Fj`uOULer2AHe%E_dT}IPVS-t>dL&20yOjBoijm&{vCi*|2FMzhLB)j%^FllHB(?*st zq%@Ef654JCP(ZUEpeLVIu#g!5l$Cn#$EH0fi`0rwP5$iFGwUC8m6vA1 z0agQ3DxZCK)xOV%R_wmEVabR;ZL;S(8sPvxPUxQrz{kM;--%Jg{O1x$$nm=gWU@80VzC)1jwEwrmP5oa@tNmZUfG>=$=086Ui>2!FH4H(+5NZWbCa@VcK;Q?Fl=A5 zv;p#MeaAfg z(-ZkGp5MV9vwme0W&3ZD-6c^tzmrV%O+ewupWCpbO_gXd4BY_3%psn(QRR#;>#T5=ai(S8KhCS&GuHt>dUYjw^^hF9oxC3k zx3+DS=9bH4s?I!lcf^Y<(wzrc<8&p1*@;p-K_KjXSFJo!IAo9jN<{^j!m|HQn*)IL zTVw>Lq_2_7JH0>TztD;CBQ0C8#WR*tT~Ws!fA|6Wn;Tu{XX%{NIb-qp>^-=PyB@m9 zwKF*>#riAAx&J(LyASOYt-X)!c(?!_#_V>G?=~+~PbQnxv>RdMl0aiZ30hE~=_gOGTE|QwQJ&uU2kRyuEcO2k`TyE%J~^y{>+$v~KdSI4$Txh33tKxeo>|L_ z0Fp#&w2G7hhU8`rFbL}ZvV?H8Wl!(^yCvrxLxFRaT7RzdKLv;OL0bJkL--9Kv->ZR zEp$*E#|@K0%_Bye|E3nw?66vfKP_XayVoQ`ug^Vpr+vX zS>A7YGi^?gL0$Eb{Djp0!7ic>e&*6+S$pqRcpW&gKO_8z@d}tp_?Oc&!kX;4a3{^h z$baGdnYrsd%=~uQefP9up1n{qO_S}r_ONm5R`%@M$DVynw6?d?9ZwL8$5CXNU?4zg zNrbxUA&jW6XVi${%$hods)~x7F=amlUivtA+6j^@dv@%pDBeExWsy?a5}lZOS_=TP zH#}T+2Xp(Ila_rg^QAfINA7z?AcB63U=<`&NFAL>$vjdu`#fc(yQI0LxR6da^6wm{ zvy|JZtZ}-u`Jge31~041Ri&F$?N1st}NC{a36htMS>Z319|VO?KKu~?)(79vLh z#49OuPZF+qCN)?Q0AyL=?GIn$(HDR3T1`o~jO(xb38ras)33ixESVb@&gItWPj`!E z@ZOH?suyd>)7*L+koN_j^XcnLUmV#q6>(@EX6=aVe3C$&8bNud6J4^%zoIG*EdaI0 z7l2|Yu37+wVIT>eDMMtMx^+7BkIkM|QLNk1LU$~|?1pk?kB(AZ=0ld!J1d2@`-R9_ zxb@2nAYl&^ogWb33g<;-I3iNAa^g7-DN_CA(_s zInXek&iW}N!(|v%!2&l&VL^Ttoa+CYinwYj$B(YyCk(*RE8Ztsk-{^y>{$C8T zdxaOWYzYyhbX&5FVbgsxQ)vf-vclxK^4`gFxn0*1((BKynXz%b?~>PEd}hR7etTc& zoQp1F@kys)8fm96M&Di*vILJN86W zEqC|6KTu?AxBuYbUN;BtZm>e&oVLJQ9SJqt2Ua+giHhlwkoGKuvhz0#AIhRx(|Pl? zb(qsl7&5@Y9!(qsu}X0Aaf=u^Y$#6R>q%YSLw+aWEj-s`&o#C@ncsG1mj0vZI`6Dm z%ZsnA?_ z3+K${v?WUz+b}A70i5rC$m*B9dtS{a^3RKxH%84ctnG_l=u=A3-|s{-RAf~_Q#52vMN<`YMMYCoQfjX+09n?vA_5qijv-4( zrbN&O^Xg&6ZUaMnY?rq^IM^Cz{f=hF)I?Y?wt}&>5kh|1_PXz#$s=I~5RaRl1OTHO zMl*KISf2mK^GuoKT-^1-G)>m5UBk04JjZj-Kg;@!8z?O)B@&Ks?m6f3AK$s2ii$jO zpFO~*gilT;`EkG*65RzsxpRGIs@7GVG!qUGAnrrZ0VUO#)ra7aTY)~}NcsUdS~w~K zfPpvw><>nb!<_m_bZUu(%g`I&Cwce~on0Lq{_9Hi{q;3Q&z{IJ3uiEC#u%z1;r^+| z>pE=Sh5p(a5-Zoz9!t_8Nwi1`O+FvHeLi*uOW7T*WM9oN+9ph+t8z42j<i^Dj zMZ*8t)&Er$v9OMsiM9OvGuGGfsgDOeFTzY!t8j#m)Tc(IQ=Bv-?*8?Qz^_V%#X1+ z&ITRC6M{%M#Kq^FiIcWvk=s71%R5ixo4b4t^$N{(R__F~cXaXiGtct(7hk5Mvx7)^ zHN&Qz#xdjOQ9EWX;qu})uW9JC9oSCO*0=IWQ`6!A!6ixwzWPu}zS?sf0=^m)4b+)ln{qrdG4NG6e54q^9(6` z+}k)H@^AISH)+YVAJx3M<%R=2V@M!y*)Tn0;tfwe{K2noxbBUepZNDh4Sy?C@9R7M zBm808C#vOSmv-9JtM}2q)rgem*7Iu=AZw498^X_z{emHilvKLny1QB3NC4FBCxd((5|Ygm@COwF6^+ zGy48!)J?lctlLI+JVm!8=tR(}_&KD=H2Hk&4Mf;iQbyB|I$G*R&^clZshXi^l!B|n zKRdedtO4L8|J@zPXU^g0vP5sMKODX0BH$; zYC0%X5%qsNj+FC1C$gRYDgAQ(C&_Y;5JI-qn<;Ci5Rz#MWCcU&6)woO|0hff9~eI) z^w+k-`U@{Se(;Q6{rr{-Mvj>fI{U&)89Q+bnr;aK1l}INNHFbjU$@>&FRX%#PJxm@ z(V~E53J@KCV$ZRvfp3rqu_ReSfCDYPLW(WB;h|^Y!jmm$hDFiy(d{20&0g_a=SoW= zTz1}>-1p#Pumb3R;De)w=fT`(^2IM)L?j%x4b8<~Jqz#M;z{7v$a~EI4$tN6-kh}>rY%@}D?s7FKoPF!tSQJGm8VR5z96<enQlu3EJZWnc8%KdU zwl{8Kd*de8`#cgV<@=xi82~rke+}JyOq{3w{uEC?`wXwV_6qTMoaxi1bNQv0aq7vZGHvR# ztg@$`dI9vRLMz(>7QpJ>NDpyzp}Z*Cnf%H@{}L{@VwEtc7x>yprY#N5d9S( zmf9}yr|4togF!-{1puZ8X9FLF{l6P(8!&4d(95bY^)cx0y+LZvI=UJU(%jv}-gtr? zdWxE@ds)Awk!lPo43jb-f=Ni0@GA1iun3m&Wi*%zEEB#np@$(u;3W@+Gnlv_xv87`iJ%V>sP{QHm~O2yB*Fu6>j?-vPVxzm(JYU)mRd zeOaGz{^wNxFFFEHzD|4q!X48UQy!`5Fr~{_-Yj{ToYk*boiIbKv zZ|3y8W3rQ>9M$_wjvNx4IaSAFZ(>DRSuif z0l*(BWx~QwGGW05G;Vy2wa?$f&A+&lzrOGfzV*ecXc#dfXB@qqw$EMWw__ZcR9iWx z?R^GP9~W6(oCXRY5)6^jwf~R2^NyFJI`97XOxeEo>Ne@BA_;XNAtWIXRfvvFvB3qf zu}z5MI3~q*+;AM@*zmd~PVBfPj@ui@J+_H)p$ia2s3L?ALa1ETtK0Ur-JO|p-alsd z?(FXD?(EgQ66F2y;cEBHnNwzFXXf{u=lMNI>9|61x%im8V~l5FWv6|-$iG`$TB}g5 zq7gSvDV;&|rAG3XmN!$*QcLR;&&hwDRa-7Q1Qp1ZPv?F$1rWh5CIvN+jK%0qrK;A6 z>l4VTVRz+Ux;g+Ok`G>6XujiWmz(cA>O_T|K6vZhw6{*<*N^^)C$>HmbhoPglwE@X z8Z9fT)v?dDHM)Lk&#=CJg3sBnPSt7x#PA>@bsW`L9P_54I@wtfv{y4Yx{YmTF)STv zghspooV*TzV_`U^D*&k5NKMCfG&Dy;3LQ;4gmsO@?IxDY^2&f&_x*4@F)(cL=;i}N zbXY#Kku?ijIlVnjSTEe$icd-5Ti*NzW0(yfQ(rp3pa1gb-1X^CGCVZQg%@1N-{18q zuDJ9H+S}VJ?z8%w)vSB)u@fc#07N6L=L0{lSrK^uvJ19*zklV~&1ZG?FZ^3ag|7sa z(S`L$*y#UGL{Dvr8mUffNXfR@LsrWt|G48bv)0bP_bsm{9e_&6*(dp-=$ZFB3?16@PheFqm^@>jgt(@B3k$#5uw-Q0*BsbT=AhS9qJ z*MdpOYQEREDkuKuehe=DXG_oOKh?$m0HjhvD_Q;5B!Uw62is$;IBjmU`?kND{;eIG zQunWa=*3(9{soWw=$1zuUZ`EQ-o<^k* zq{3?n321I`WA-7J#%~Ng8U!kL+LN zSP!Q&eC@m6=aDC$qIKFLu6ftjX`QiTERKplgkajj3z@dy0$$m89~=MY%iQsyzvX?m zy@Q*sedEYHsvWzk+5kR(OHuDlF=*C+L@YsPstYL z`%aGc9_7npj~2amD{E1H-VeY!kz>aSR*V&V>pX297k)r9$QINlGb{kVH(4Wm7}w2ea%- z>2+mB8839D(yZIuK{Bj!)~p6DUEIQgDGA~st?WK_(!v0;?z>iy!}Id)m-)*N{S|M$ z@vVIF<9E^85=^{EtJ5Q`8Vo(MCX+z~(E-TgaB8uB@200em9Z0d>YDXrGIa2cs}|hz z`^B@qKB5*HwNQx$6rF7T{4)=3*x!HYmM{GNrRASpJHHx_uZUBj18_I~LV%;exQ76o z?D&6hV>Z0s=K{<`O`C~on~Yj?7S4_iti3xJKDv)ossppHo9OTm(M+0{Z4u2%!pb3} zY)qxla+Vco7&uyptQIC636TyZNJrwNV~u1^Z^dq$hTYhVlWasrqNqp=l^&{o4C;yh z_aa7N1w1o^cH<&$Gjsw*WxJ3PUV7Cf{{U}T3;*%c!uDVN0si7P*TuT6*~lp@I=1Ye8rXpW8w} zOQRd!(3iXW9_xm0{Sw}D9kf(%g)4sCQvRUzZmU5^ONn2|FuC)#xAFOJf1ktu)rowY zg40iUs$+*;Abuv8Iduvj`qOt~=z2{8TT0d{#j6*^w~rK7CjW&4TTa0Ij&;Z3qkQ_y zU*X8HPFB3}Z&qH| z{rFvX<*3^OAm9sHA{OIl&vB$9kxIG3aD@RC{uc4Oa-v&AXp6{$Usqs=Q&#PUp9l1W_)H+eC;?6k*ElqQ8Z*2giMpHRoP&m z35_@n^vhm^6eB4Cg`Oi7rG{BQFMx_<>`1~&!Ijx z?L5lF#xN^pHE{8Q7UoY*l89(%npQ02SwiwlAsE{*fOHyaWC;b}(BVTUrTEO>-%UfZ zq4o|QShmHMty?*J#md^1t3X4acFkE|pYhO+_wUP>Wz&dc1eL!B=EDH;+wa}<^rx~; z{I+D|;O%!^Fzr|Q@)+Pr6g7g|&$(>>-48j>4_NKXDOt$>|3wGjlxG2W^duVyrsWI) zbikt3IQw>B#rhC0?_j9A6aDxg=Fm}$z6`pZMYpX2hl*+_!eE4OLX9{RqBzNE*pUR% zY(dS;x%mS`V!=*anft#_{C^Pl|49iV6C1ca=yAxSw+|+G2$5lcH^b8QmtfxP!uKT$ z;E(GH--UoP<`up-Pk@0&3{g$|&x`RC|5Fk-HKJZ{{~uZX*LBccqlEIzXT^CFb}wJu@|ktN?_9BC z%cfg)Zrjqnbmci*u=YyAu_$Q=bm1STpNzRi0LMKh{AL~8{zlh0P!2(VWKH3lfXS_{ z5x~KHuBEdO9>cqlz%>FW2|c-xh3*u5<7aTk_0V1^NvwB}p3lW()!R=Ax%DA(`SNHa z%!h7&2mkcFAJOrnqo^AcjN>A8U~C3)pJ3LEX?*prV1vcry3G?SLaux&QJvz1I@?FW*=!SgB$Wh(!^@ zY1bNk-kn)PhF8?LSgzD|b?@9}Riv3hS&)SiLIJ3(M zq_w00VVl^NjjdbQrfVRuZ3DwFupJ%E(QzD!rb(o95W0r0 zG~!`cG&w@T%<|l!G#NcqNV9hmFfeSf@uj2m^bK?Rq!_DCpTIeDnwZrVBOW$J!Yc*k ztNwl%k1&AYOfUn$^0Stch$mS8)OxPE;;NeU_q@7?#~y!-#~y!-C)cmXFby7mXkB2> zfl6p^JNrUlUun5tI>7&a`P*$7JMsRBu~**u!Sm)k5~TfI$KPP0#8eHdD_?dhbpTEU z>U-r55dU8br2>GJaH8@5)zAT=ZJK-F+os`!I}kHwBYV0Kdpfa(2N9VeM1Nl~AB$uV z*e`Boy``q@~0@m{?t<`lanx zI(C&wv-@Y~?mc|s|9pvXqLnM(`)!gf(?)d|#tcGm#@gG7H%;crAK%4aed_P|m(TtK z@o2PUPPytO$D)!EWvmd?V;~WaBc()2h0M9z3gvPBFM9863$AM;{>N+GBb20+n~qx56NeS%z)V?h3Eoy$ta!G1BtbFPn+*V9k&4)yg@ zfpFGpq+&m{&$HHZ1jn8YMzKn;nia>2b)#kM-0HsN8Ut(t$I4=xCXO_*?NSc_>1G6Q z9CTenNgX9~f)$!h)DX;`7$y_jZKabH1~8lv6;o__kxV4{)zAK$sZ*xJUSC|w4Xiv z^Lr84YnR;n`&0;Vs&xRyLF;*i9!M4U5$#6|<-9s$Gf+eQh3#Pj7%U%C-u*vt{C^errT??C2-`+XO7P~o$b1wN;e%~e$J)=u_&Z+ZuYwmz%wtv zxr;shppy!%@f~YRBlM-9JGVlg$-3>2H5wDHm%_1}op&e=U;iom$#pP)W_f)t(HMCw z3rarwyyT10m2EF2DUh5i^-cP`dc{2`Oo_g9_H`A^c5lvlepsj-y@oA z8SRl6bIdyHYC_Q@k9_wpx$B;L`QoSl9y6aRFo-5{)o46f6)RWSWFclS~aSfSA^ZC6A#T5W31`1rTLofIz|9*yqqzFYrO2 zI%Dvf=XV_j7|Ym^<$C+6J?HxR2|njw@VmGB)Q}48=pp3PStT0<&f*5-hJGB!#<6W| z$HuU2EXT&MY-}T^17KNLdKSYlFmwZ3x&nZ%CV)gp2dQZw1ww<6uG8LV(h$*^+MQ)v z#{ivaK_VH&(8tarU^rv*az`I~4)zicX)Kx&XX%Va&O9y2%(fU4Vy3I5GGq~j9OIUiw5~fd| zfn{acxOo#-U3)d3{P4W0HWi9WYAvh&7^W`242M8tFvf6Nma~PW6 %j(CkcL^{>8HZ| zABx5QYPtW*Y=MaTx&N061D5_6D~kU?UE+V>5`HBSQYoPWO4Ed8=R5&~5|(r{fLPqf zuDQDXfg^`An>Rh#bxLMMn6ZaTuv(A3n( z`#$hCmMoa(8Dn)qTE41ZUcY+yg#WPL-5lVA8UQjc=Qd%yLXBL8_zU2p;C zz3sC+@uQFPg|Gc9cm4HW6t}~;pY9zk^d1s;w2juFQYmh!TyJ&q)wG%AGAxq>o7nY!TYJ%dY%0QIEDe{?DwU{ zW$oL}XkKc)`)J2IkdseyMTI<&3zIm{^^F(+9LvJi4VUm6Sq#T?bpT`t({bE-(m`_^ zq?9Pf!O=B@qoH)=iUI|G)4^;Pl>Z|YJx>m5}ei+r8OBMZ0hc+zbf$cBC@VPDut#M-7#|qukdZO zVF1W~UDvX|ncMX6?YEqDWyfG2BHmce z`AT&FP6ftW2jG-z0E{*Ejg!%#4LIWY?p^&)8;FKdzmotMi}ZiCg;+U<3&jZtso(!F z+;BO(^Ty(GO@nY4dQ&i=J}r?b*#q9@sgB{hVf7C0mC zU#DOU0ML{!lu#(C1eT_0ni96sM00bv|ExP!zHl(ybnc;FZ)N=>e`MRnXIQ#?6|?3q zB%OA{MWbPNg*}}C$97lRfA%1}|0alpbyDH#)+5t!jRm{+yWbrLvZ~-^FqTNhKsCdm z+@ryE;M@NVH?DENt3V+D-k0EF!dp~SO8$$8O5yL)1#`LgZ|~&S4?M~rpLiOzS)rCI zI2Zg3jibhK;As$B1ey|Dd&MQZ>B`FpheIV}q-2bq7svnvws!agCC4#X{So2@{NuO& zo!(SGSKs-cB$`g9+eCesz5E*byAJTX-+zr2OP6r?&&~1VOz9fO^`GhQkbI zhh6fo)JP5h_vNz44Z!nHB?9bMHlF0ay#JzW6wf6Ui$W}h8X9&(18lFMvI+sM#D&L+ z{O9)wDW~XVzZMeFXw7T@x-bY6C9Bf8Tt^Ba-JHiGVE`!CAfWjiThHIpkCkvz$bX=I z0u%)y|8k`X}H4W#2>>kgVUP?|zI4g!JFa=A)0g@z!k!{iAenqnrWwM01Fmto)W z40}3z=^AoSnvS7sL?R}pp`mN;|F)D^wj`Z(=pV{3G;Gs9l)=h6#6lV^ag(J}nmBz@ zj9INwrZh!~gmrp`9d>kP=oyv_WF(dYwsfrkrYm7Gu5)Ag_wC`x&ovBMy-{}3$xKPYSiA+m_fFj{Mj+P}&w*t8vPyxM=;`72z}zqh{eM0%(nm#m#H;m4bU(+M0jX`bVE~a!F(Lu{{@ED`O@ThR!_qUI}={y*xC#wwdp7kE^kCxnkGAR zQy$R5_DhN8fi2B5x^@|cXSq9|`@gUFpRR*b{eI(h<*z3GSG14Us34TcW*yxX`&L5P zO2g4~DbZ4`6VHppqs;!Z3mM#VoQ|JwV*R5Juw&aM7N50}Dbr75IPEI;~<5 zf$UJ2ror0t&*j?7*3jD2RM|k`I}bndFT4{BK<4wGYu7JrKR>Sf{`erzZr;M`n?6PJ z)DwHTI2l-a*`Lz6XCq(w`Zrm+Xfe~Kh+^qlB_cfjzH<4q^tW-6b6ugNO}BBM@9Z?lI1ZX|8=uo zzeWOV7>lOIiu?y4<)iPX4)X7T)_Jhp0077{8gO12LU){82!Mrc8JI>c3xJiyGD8@a zg=2)UEE~gcaHNCoxLyD1AhfuoUaKGa50~vaU zojRFe8eKqBL}z-V&g|w86XGF4hH!sxm4pMTh5^)u?Fh1#8VTKf>Y1mw_Y3#3dFvLW zlq_AclpC(So{KNKn3XG5^1y=+@Wp@n68Hc5wb!)&65xPftI#OELygl=9V_3 z5L0 zfB*WW?dLzXH8=CF8?WVtE7tPVrmZ}&aWfsiJqm!+w0d(sC}%VtEZRm|Lhk` zU%ZBStAonPo>~Z@asDm$@axZC$CtnPP5$XKcT+eDxxZBzU}eY}q^=b8cnlc2k&FMA z9zRx5bgByf_?%NuL222kB>z4Qja**}ARa@-CGv z!LIJrUxZjBLTYfZYMr>=K*~Pq>d#0JN^?^JY8Ao&C^~upCX=f&inpq=T>_HWnmg1Y zu@(C%o^#FN)aoY)>h7oP?3`df^_}OU>Vql7U_UBeOdwTz1gA;IN!jSq!M1G-+sS1G zaImF=V`s6YiRD-r(irg;keZGobu>pqX*yC$G$D~fM@WgTyT&Wc^V$tjNyz!IxERI65Cc-QsPKgNln+l)HDoJCv0j&OhLpn=t$XYJeH+_k{GV^YS3d(w z=DYFO|Mc(h&)|gOl)oD^m)@+JZ}z*=gnbaOLK)WQZhy_Au1>3h2lJM^^yTG zQbBn3EB;*8aUI7_@SPw17~4^-y5Zv$=l@znG}+3stMBBQU*5xGPd&|=)vJq-^(Y^q z^?Cr*V*m)5Ax|a%m9qilUNF60LOXsCCtmKcWiL!(tnWkG zHjZZFNE^qov8^nQVY=@BmW4EI96P54;Mh3Qz;PtHu3YjjU2g!PG?d2+K;_))l>#lN zL!b!_T^EE5jfRL@PpVvqQ^~VULjejjjhBvP+4$-p1DX2nyFs9UuC(H@y~D(eA(pj= zIjuEHB4S`_Zaz-04!}qlfTs;1geQ?v<&&MxKx2;2FF9igU;g};E7sk=e;+L^!8CTH zl>GQ-KjCwq{~YI^cYdH0g0-Na@$wa4S#bY`TVC*%`{@AWw+)#Hd{+6Jfo@>a!8@W) zZ2#!8A*X$nl?|%q8%0GtW|zx|K9ljYVQBN&(B&mbhzbjm7~w`t1=dl zwl-s+EBWD}C*n6J+WWuWys&$trlHVKHQoP9+scXmd7()J4n<4;wZ#9V)HF+a#R(lv z*-Gd_X<0|<3bZVynQm-YRXPUcNcvxR1q6hfAk+w%ZaCg~n9c_e(>`@Nv*#})7Ef^2 zxfhJ==QxnfK%ecdE`vEYTzlUiGt)Y`%&t5+ceIF3VScQ1qKVbbX==}d-5I7}=O zAs&y?*3yEZX})CsM7$Hq$LKje-ugwyF!$HzSQL+oD&unh?C&_pV^2TB(#zjRqWQHO z_g@L~SHF#ypZXc!{^9@S;??ICj?@Vdp7Hbm2$`nK0bTbPH%=9*lK&#oMgPW$8j8XIkP4x@ zOG(~r00Qcln+{UC&yQ=}L9F zj>5D#IsKvn)chp!nI0S`?*(9CSO$(6!p@U@$ITL8I~KNWVwy6S63|9U9Vs=W)X{P& z0Tr4{kTsA}q3Q0RN>{~&aDPt%ftFh`Eqksh=o*qd_UZsf2dalMjtK+|If5rUGHg4X z=IrS)rZ-24h6K7+FuQp*0_qI|$XX&7E>XMgteLa9|M&NE{_689);VC^H}ko>KZmZ5&FW2aV&N*_h0=0A9RP4WubWL&F7q=#+V;cty{Su9Wvr%i zY!zDNNaIXAI^sgf-LcT|zrORl)z9Y3UQ0Rv<0%Aq%0vJkt?%(MCiveJ{~rQu8_^nO zV(>l7vHu{PSK@ME*$|8Q*FRZ^h7k=hVwOWJn<1RB(Pcg?;sow1R(~RPcXo^n4@o^Qf4->PE_UcWGwk={#= zo!=OX>;L4w|G^B$Sai`lcs)XB8cQyFFOU83Z+ZObXSitf>bhRq%AgdgP6I%xk*gX^ z)6BX5yYb*2{^zC7K9`U`DXv6jiwSuCgAaxCBgNk9*;`z4?G-oa_nY;dNbx)qF+?H; zgF~p^6vB3V=jl%_%W9SNRlKpv@d6CTLDxe#RXl;b&@_!mD8z84`btGqPts!_ajoY0 zFo25L0Q^o|1=J#z;7f$dN&@^`e6F0DZ3OSf@BUqmo7cP_LpS)zx^GpkRI8DiWAWQw zVfI08GZoKK^__$EBcy}Ybp$!F#91|@W6g@8zmmarEDYPgHXLlr!Zs{d{LiwnP1gg! zwk_94pc^>Sz;+xo-AxH7mHR(ZQd00prC*#Q3hz3=1QfBGJzR9t`UbxfMr zPH$fiyI$VK)@|F^ymd3%p5KP9>0EW?RebsLUt;;P<@Hav3c`9~74Y4l^}o68v4zJ6 z7M+`wiB+}}I!B?+M5#etw>RqA@FVeX-&dOB`*+-M_Fa3s56;jZ?6`Br(Vk^r{D+4- z-u!oKr`l01z}{^HjwDca_ADzaHZM^N5%ymNabcEO>SctXSfH zR|@{^zu@YNPo&kcL1UcA(E-A?B;=&grGqH7!&Hm^FHND>vwOz;-u;vAQBw0u{5I}z zGUf$Go}auZ-PQZWw)v@TXu`eGjFbC+J>q{-DItWWx#E9KXZ!V&%KPV+Kr_kTD9N zyRVPOo_dx=Yu-gDdJ@x-j4@6-^9mY&|26*WzyF(y&pYpg+On()N=8*skH>(n6ZWurmOJ&^ith_>iZZ-fxE;K;+9Y=rE ztTI;Qzg8XJ^Aofmzl*gTOJ=TO<=l(-!9!o6XW)3{rUR1y(Y%O?ieKvOr}~`h?MFL) zxZD5$$VExyu0f=u=iK})9LL1TDgQf;`>!o+OzGg{^Z|6~pyyHoN<&9;BuaBLmPjSh z@?wBBkiW8_;3eQlc<7Zu_H<`!>^;6POoQFMk|TZHoHx6X8Lbf_rdIrVK=J31=R%d- zftjod6smjqrI+*VfBhC;_{T5uy&rzBXxohGGg!HN1@C_6ySU=gE6Vf(#tNDiS(V8k zyh4E0bN~+Ytp2J(pQH=xsaUAz8x7(8PrrHT`(BtHeb!DV3j0JY)ZE3`vnT%G<@D8>|10H^JY020rj9Xl{g8_QAQ!;axY4rd1digv6*uRE~HQ zlN2FoV@O%<30}?pUup>5!|9H0ox5hJv+1+Sb)Gn7P)aoS9%}k*X2|&Z)HA#PpoNim zQX5ut|M#x`YZ6iF3gLDC&+p@P|Ids6DWwZhBK~LR#Q)Oac%u`G&MzH<)!WbT!J}2@ zriURh1NsJE<&VF6mHU7BV>C^ped=^hpTCHCiR)MfxI$O%DTqeGRY|s|F!w14Y4(ts3dVwB((HL{@r|i3AD3@^O5e+ZkbmkV|CA1@ z;;}2K<{6`x^p!9R0gpWS6jDj%ojb~#5?~qv%RaRke1y=LbIzOD^xLm+=*SVK_~cOz z3dgSB9o4DB0HA3aQc0A|#lQlhT>ic2%=r_Ea@YScA^)Phw3O)km6em$I>>*%Km(D8 zL)`TUpf}~ZHkA#rY|ql+m23=P+gOr+zu{~PYV z1u;MkrMofdx-O8CieUhyb5ejM6@S<@NJrmEaQP1a-Ow16Cim~?;-b?VnLjyBJe&&$ z$a^v5;q_>!rUQ@`&=Bl-_=cT_eX@1-$1&@Qr)i z6l~wR*GG} z@)L-%F#1yhrO=0Zk{{T=L2I7AqVuOAft`D10hQhVYZ(u9&j(!pIA+EB+^x zE~G6r#}c}fO6!?Ab)_nn5dffn$18!Il#DneXM@!bLq{Zs4(#L5fqgvw;P22hjVUu` zGV}C#OrL!^v*#|vFl)QX3=TtboSrwXN1Z#l)}{%>Be{-BNO@V2hpd)R*pW&>+~vzj zb75ejs7`(Li!1mU2J&O{5~k8IdgoDmEd0ml9hWGnQ@wsEv&i@P&=c#KG;@55?D~7q1iYU)(f46ZCdmJmy5)H3sw#qEh`M9s%P?{sF=`6&mwL z*fh~K4X4I65Y-a&%WjwWOOXo&AQuK85N=MHk@)CpLkL9vYgG!=Mt~hgO=A6zzaMV8 z;0|JuBtLxkpNsSs>V8SC(NB4!qP!?b#})hW`+)`>OZ95{@x$1q1^~dBpTODB=aPTh z#u!=sw_MeK+sdT@w2_X)wjFfc!Y~XRN0o^Iq6GSg?u7^(24G3WeLDx~95^wB|FMRq z2|}?Le|)ieT_TZ1+}G&%1t0a|C zD+K7p+0(u{*lnQ+vs?l!F9hhtK!2xLp=0kJc*tF8 zoHTVBGv~}_>WrC8nSL6&UVdA0q-z9-j)VV(5ad=m!FC)BLoa?QuNtpjLmL23{rqmT|y`-ah{nGaR$LKSUk>gNkW8A$HeA@Rrc3nL^yt;ost8TcN(c+>dO=N7z2dJ9Jqk3vep11}G~=E#2@LO^mt zf`@kYpp;_ij0O@BSHQ3s!4x{v8P|#F^?<0^d^Qvt0HCrEAV3pP$qV3U&l3ID8-K8{ zJ2Pi(#*W>jl(sNr^nL6j*UaDSYgM421F(<(Jwkw|Lxuub#FtMb z{=XE};{O49hN$h=_d0|lp>F`Gg+~^ls-o2WUr5B!t*5U}_e}T{<0mA4!blIqZr;B! z+c$MZ>Va@f%gT}~#?Sp<_x$yPSNu;XC6sj2{JE)Q3hw{X(llKtEKAdrlv=8_ZI)x2 zWulV9`wwIH57jp@&pfn{tGFMY;BHXTH3meo3FNTGv4b5PKCs`dt7)`Nn#{DBvza<$ zCavvLMw&`z-5j=t<~Fa7(OGq05ZohXS$1VY>Km_4&HANpkHw@}c&hl3=F0WGq`a(X zWXBo?3U7VS=)9eemv=(>7|V~{wik8+&_3rJMgv_FT)ncDXJ6{$r|XWOa%BKvQ=_H9 zF#~661pTmu%)9=Z z`4E777(l3C7_f6X0r`}G(m_`y$|D9Sa@hdTa%oI+tN&6;G)*g8HGg9NFb7^EZvT~_ z2|+_sf(Kvd#?%ChrzePq&7x!MO$S&F>8v0gJGEhPL1F08G97?=@WigW5>Fj}&)I|7 ziRV~OnTvM)XG!WkdFeDU^%Y~_CbHwgir6a&C(SpaZ%_sJ)R z*(!#CQUO3O{ET%Ey~w_|o?CZPp4U9~A4Xa>Ry2%*Kx#TNtW{3`=YElO6ein{YESsI=)=MUHuq#7*Q-~ivbeI?R4;1Zt#qt&&eZHHlJ+^tD z+vlue>jU3n`-?BKYWe6CldWuh;#4XpmK79vS8-KzVrrA(;_H2+q^x4;@1>ZKzxK($ zKY{i91{xBGWO-x29QXqZbD&bl_b=g@s4D^b;i0Du1ScPH&WcIAabs&SPqL+2`GECd`~v$tv@ z`%FA?{5vhlo!hUU{lR^6XKt}K>|JC0^toT&dbDrhLtlRAg|&BIxOn?$#`$^^0<2Ar zUPA(aLF4~xVI~Cuz*_Le|Cb^>I0obK5df?e|L?`#;|!*=bVowe9h@^f3}5;w?AZ_J zuY_A}C_JaSd*DaEfgQVGLL>b7J7Bse{r3Mn1b#CQ<7CkLD5oD{=qNi~mWfX?gd5bg&&~MEozC6aULf)3lQDC8hm2=`2Hg4%9iH zqJJtPrpI#A7bId)60s=LC%X;^nQWH6{y}X@FV}_6^pMwims9QNRf5T5W*tHjc+3gFsV);$%*uROL2et&eclljs0mfVR zVW`+o^*Pslge#DL0BxWLkr_sXOT3?ECUDH-=#Enm0Ca3j#|;HAZ5zw737M`}faBP% z`@iF$90x}^XpV-`boV+{3P(zW(9nd+X;_qxXDF*!x2H}I$5V`kc$j^uG*9j7p)qPQ zr740|G`HGog0|xd>niL9rmhmD&zvT4g^ZhzN%Xl-e&wTpS?jQ20wbLhVH-a@Yq zfL91`=do+vIOMc_Oe4D?tPlJ=89w^VWsAPF`OL?;{dUI4ITuUp=E7||0# zq`DA;eTZlK5yLt1-s_-+W2k7{lO7`JexB8UI^t>9D*zZY{=XDK1OO``AOD{h05lAg z8N%ru;Fb2~`V9bI`ZnBfCA|GQ_}o{ar3tQD<8B)qhS@XV=IdeO^KPbqpMTTccHe{W z`^VtJ?}ecuc-6xXg$AGb7r6bcuBN~TKLfL-!Mxe^jqUlDv4kM2>tys0*|345d8~ca z;{OkCn}3UR^fRipfBM{ctiIqPhKGiD;CH_zmFgSWwrI&xUfS^j%T}Dt8B3S($`287 zrT_pS07*naRPJ3o`Pd^xFHVMGu=a|pnLK4GPd%}YT{{cDDRbv9;7~^gv*yg@tQ9NS zv-@S9T=!^=8JiQ2>}kAZdc6DJL%Qf!VIiebLeq_!?*HCzUibe}@jp%JLOM!FM`=pw zLODuETWCrtk(x4bfztFcCzHXK_PS&sD9T=0z3Y8gjL zQvHLZ1_tR#^|SZo7umIA8@jGDp}CdDre>0jjUX7=w8y z>_2pv$xF^;G*~&efsW&84s;gWo()}a+uA97iNqV(*AYZos2ugK{zLr+07uFZ;VdX2#rScWO5|TuEi1m{MR8f~ zOa0`(*sG+d%u_DPznlR1_nVU_?2|VH^bep)Gy;4^=rgC%#=)%9@lOar*fdGkxPIJp zfDvq!9mxP7lp6|=PYZ~kOb1{THo8%f|3Iv_7KyFcPw8{2GBi!+-IxCjoqdP-{l=e; zl%Kcoa=QADv8!WSmA#9*tT}C;!PkAbEA}INKL#6%-}V|66lmQ?aVF0!E;lrs*)g1# zhmelD!Y_+b0os_ki~y$NVB0yZfP5H$BhfWi3{Xl3scC4!H3leG#WEKLKv5XL`u%CL zug$Rks+iv1z?R*|n9>{}88K;y>V;bl1@2bOGa#K|+zkM>ZL{;GojkYcIW}$C%*IU{ z+4HLFRXTg-EUvuliXa96lF@0afc2&2emVf}T=J$LoYt`ZJIy9CXf^;BvP-(&0zhRU zz8-F3dAWw%eKlP_V0MLu0dl3VN5j|aq!~4;?I??(%G3O+h7T0N=U=x>u zm~t4*WEtx3rTfVv9G?)uiB81P4OFrTC*FV@j-Z$TkvJ;WTzr6QEiLEc|4&2!uvYxP zZlXdFoP%9#YHwy$jUkm`(OkG>wfp(Do8Y$(7YqQ?rxaHFuecDt@dMW@pt%YDunzwE zPheI~lzXu!Xmd-*A)LDd>V^rVv2Djqc_r{A zq`}C%A8D>$ztp(k>q=ij5&VgDG084&y9${v8)NnQr3}masS=qF;+^0fK-RKJ^{1HI zJe7JOfH$ma<2!#SCfRGxZ0422L+m?NoJ1`dGZ;v_27!>Fv1Um#pZ?ER>h3ovk}cCY za_rcs_RZFcS~7v^A1rtT zP;H*2ofW>AN>WV=#t+d@sHOn`AS|L-GK=t}0Tkqo0fn)QsPqORj$`m@C`!&#g*pL> zs_z(plwY;-Elh2l#g~5Z5p2gbu$j8ain$l^@Rnb@LW;HK9H5^-As#; zeK%^|N6HNVfSQ{?y)@_}2595RoFJf`#dbm%j)jyVm+(8%^#ss!8UT(&>3RJUHKO`o zI<7V9$KxzoxQMlDF5zPz{wS-@T^)${=V2Q0vxDjYoYt_u;z=DE zK#(YJ<7?|*Ug^m2TTMOv{Yv}hg#ZH&dJHihLVzdT`Qy=XFc2Kw>$bUXJKC}RX!ARn znbcTwy5Qn@CTAGanFWOX_FXsyE}c)mCD}JL#Pgj)tbckdPj4BZYeoavV&gRVZ; z0Fa17PjBVAt36b*wFRDkvA%Jov+%@b1~r{QBg9}NO4^9xXgW&QQI+EVr9|}Yp7!So zQB_&%t+(FB7e9M9dv@;vAR3Kw*_GE65%hTr7V)W%eh`2s);+?vzW-nR*AKr-CY@&L zwCOZXn83Yve-eP6?rv_n`BwhnlOG$|fAP{Y`N&`XIZ7#BdT|Gz`1I#$8UR3O!##~} z8R$Ixs;O(8dQ{k&N9ftRnxDsr`@g4-*Zp59U06~HuMs%!{%>1oC?y=tjM(w$!m_qg zgJg~#uQBHQ&;xAne2kVm8`O<(C`5Z(Gwp3|e2!&1^rrghO%2eS>gLEn*Y!IZj}wc< z2}dI6hKZE!gKxkF+W~324@phakhw5`a8bOh9|^99{Fm1+-7xZ6=Y1h8G6Yo62FU-d zK+ea?JE64wn%V$me+z9?^G@*gIh=M$x*4u&LiNSc*-3f_EcSO6ljSu_oB5Yt?=LEw zI3a{(ODtRE>NK(Gl@$HM1=1W1X&Aboe|T(`ii~ia!J*M5aLJ6q0ASTA8ko&y5TbDX z=FiKxkbkeS$Wx(=ZkMw7vTpp`j!!Q6uQ*Td^{#0-kAOI;uOF2faK-j~=TzEIp&bp0 z5PBfNuRJ2*FboXTtQQtB24rt86<{t+jPgW;cy$1RU@Tn!Mag-pQ0IjE2~efIc{*=6 z`(_^5dLOSG-Z8SzS*M>zBoyPRoe!4HITlXv=JRjop)LQ-;qC*$h7yE*2RQ|P*L1y2 z2kNJ?>wi(T%rIi89~Da$Z=P6NQUaLiCn4A8=HLhj0cZuQ@?EDXcMkq%Ny z9O#Qj&o#O4^Aj-}YVw~tAU5n2-_dL8P>>8#*H zIHhG-JpaP;Y}~Yo&099{+@_5j=qR`Zo2JRT-f89CO4XrqB zQ*qK3+Qirio-CjE|9W9IB7eA!?Qg$`!woSe*RyZ4$Bn_z-PKVqq=da4?*Bb0$a|6A zay@+F^YD*{OSPA3V^-qq33>-athzU(if#xnmWLD~6cv&=Ntv7X}pRgJ^dMD!kucIUF zg8RR;r6z5mNvX7+sgsu~A<7h@`d@mr?%R>i>#*MjVtS;$h6BJfblRFH(AGQwU_@Nd z)e`8Zr}GFy=?tN87&8>cG)&M6K~kEoBc+>TI2_IoyM(OfOY0*4#iYCS1h{7I~s(}3kjI*w=f&L0krXa$TGW+cJj zP}ivT9gPP-yPMye zU03_^?#ss_K%fX|P*0RfIPAL)QeIDwfrZQXb0UCwCG{d504)fK9Ru=D$$6??VHEvT zx~|HhX&Ucb`tP%poJ`Uk-X zwcq&si>vPHU#hcqbL{K(Zo0?nL*Rj`@ zwrBS)+Qzoq(z?6sal-d??4_x>1%TGJHr{w`aaP+VLy<7SU^S75wY$>Ovp;jaTz1yj zP~BNWJ)P@<4c@3?lFTIp9I^SoB84Flrj)876*1JNDp4C(N#A-L43|AqxOscv2eypTc+U-2}jwKXeESrqr-}%gCay3ZWn!{J={|GLgV6 zgUuhTVbsf907xbi);$plB2E8p1E>Fo!2d}4X?yPTYPJqk1<_E4QdfgHFbJW@Fh_t> zKeN&_pd8x{O;J!4CCkObSyZ8+qG3t{NRa`W5>mUVX&wNj6vh}W@LwvA!*%!V2p4&V z<>a~NFs=Pie);Hki6x?$V)fO{%$~4-dlvrOmOtRD=4FdN8H#P6(%9%A7YeFa~|9;ajEKUGZx0wG^mI1n{W0*Ro znI-}>Q~3-OQ^7P;6vguYm#Kv-MJO3H*6)9Jn*QfXTXTR{clNS&Pnbg*tMGX&E&zc$ z9)LswG#Almm#tXF2S0Kys;V+;#!QYp;wUct_@x|q_>oMRJjJp81@jkh-nr*-{>MJb z|NQjF{NTGIql|B_J83>(TL8!=0?d{T{TKQk-Sp$rh7v7D>xTb0!_*E(2%iw<22Dx4 z=2Q3I*iyIQwJ#of@}}xqB>Q1M5E(#>bP?d)B1IPfgwxLb=33OFMNeheEPGQ>#abwGwspb}A)s!0P~Vq#UZ(O=^c zAd*SXbu&tPA_M+rVu$V6g#ZC(!IZe|G&D zZA$8x4N8XVIH=YMCC1LCV^%+_Qmcu2qCAFXDPh^Be1IPGE5vfxo-R7MjsGm~VQ@&d zq6Qq*%r73@0l?I;0p=VMH{ujT{#jTDxa;|NF+)! zzvoIKnZ#nx7AT5!hw|MxDlss*ogX> zb)i&0g#c6qrLh6(>M#ce5utD@$cZqpaBSN+y3A{Huz} znw`sNYZy=0z@E~*aOiW{JuldwLN8^3q*4vL+1zkyCz(JA_hZ)NSVxWtUu7S$?`@Kbu2+ z^vzm8q;)Jh42P+UW$ofux-wCU05C1SD$M3qk}t1d$A;a!JZB=ORM=!jdio(68wURX z{SH{Lp&o9(5iYxG^cDba`wI!(WYFiQ$6rNHAVAnxO)}dT-buQ*Og#w~VgC~GI39<1 z$fjur2Du9Y9y$96y|7||AUH| zG!=m&q?Dqst#vNsv+;%9?EdFXq;oDfUj)FXygds5xuOU`T}?H0HN$VJX&Uyvl>o50 zKtb64I)nK`jn?aqwFJ=XSjD5s9RZ&vp6ZLfPo{Vdq`{C*01Ay5_6rh2HW!R#MIh9j11K%PDV z%`7hx0D#x+0)SFQ)Eu<&0FZJ60PH*fPHL0_hHlh$xZiH-aW^9Nk9Ns20xmu6D&(8vOgc0d9ZndcJ+}FL~&dKRCAYz9TPYTjzQv1DRvlY2*N^e*G0)PN>N;PtI*kbcfTLS1hrboxjb^|c7770u< z<2E1-15;IyQpLms1ZtKWz|KKPx-_IZ^YA7jF@weHiV$Cok~G$MNb1tYKjTKmw^Xxk z%YJrt#~9z>r>07CZFQP(X$axuoZX`_vxPy0oB!E)lo-M+K9LNX&Y4G2&i7!`6o>j!b1OM4Fu9+jg zbRKukZ06jp>zT0pWg51wz_))NYAjm3|D#C&2#`!#WxRgOhGwFFT*#kIlM%C2896>d zu{dnm;heXw##$^G4cXU&yz5~Gg-Wl-OINUtp87_Hs{QC`^M5D*f73+7BY{)hw9((! zM@^00QzRIyCKR%-$<@@_^HkT=GT3kZ0QB~B)6i6Q)WxzyQavrwuQw+KjN(W+ZT_EI zzL5F9DHTH^bSYI`7fQ6gey&rsLz{LwB@av9L^|h!^F;s@p`eM8@1l-W3Qg#{dV5pH z&Hxr$Is0yUzE6GTN~T;Pke#Dg4p7cMcG9babwZwAS#=fEF&iAEkF#(5aDKa9Zgni4 z-{reD9Je+;YVXs;g9f_1I1f(=v7Y;4v*czSMHvncP-| zVM?A~)yrqj9>?cDFoB7!e&$Z9=B*u-Tlb_T+_#4@EiGl0ky2I!<}2Y0h{j`x^zMJ= zz6+F`8ADm1I4f@{P;7hd>_xL%$$Kx~ZQwtr5VmGC6{WcmZG1bTuEy4Wx*koGKmYW4 z+@Q{5;3aI-Nr&9>x8O ze#=liY%4RRZ8oj-<1F$&hQWW8H^9#yzK&Vr=c6hb%QnB1SM^6v{0!$FdnwJeZTSyO z0bMGS(!b4anzt7yVftU99i_j^Mu3?XIjzR>>CbWl&{I(X^i+62i}^p9NjD4~X_^?i zjv)=CX(CODG-Zav!iokU*gNQcnjG}0RCz}gD&@)HQ)~F~<wZ~Zg*@4s*PMNP3XY4Z7lDWi?C4=M-1q6(GY zx)!lx8QR!g{LHJC&vrlB67*Ad;pu#*?sX>oXBiL12iem%MBkK|#K(+Br|4sol2IT4 z1S=AN&yQJCPyB_otb1)O&mMmmB~9UrNlT;kP2RW_rcZ|deE`O1xyV1h5KcS_>T2On z|FqlzMnkT>op?M+zpskUK#-2wdirYXiFs=IDUM2<)YEDP5Gg+r~%Pf3}2NG zArxzppZb@*(Od8x$~v+G3iqHmH)kc_-*%FBNo2KS&wnt%f2n>70FR2&)PSt3LG}+K zL&FPDS_Kss9>s@ZD5+gjk-`!dfXXZg2=apgjF#Vjsmu<^?%OF@yDe*VRV^31 z=f7CBZ7It(zm!+z_&I0M(Yuqa`_^X&|EjzJZhPe0^hbI)@zAqbzU39-N&5ocdB9*O&6lvkO`A<_eBF@+fZk(JdpcTL{s1>XA2(S^U;_ z_7%!gj0h0mxs5-pUD12t+;F^Qt}d(Q>V`H?N^KTc{9&rlUkqpizpvFc9dsX&MI78n z00(pdU^F5CY+Z}k_bmSL5&opAjFO@G$VCyTXCKX{eJTwPE#Y3nKusp-1)>d;F}yjU zDGmeyU|LiUvZak=e>dUp+{+&xxq;(q1H}mu=gtC8mOfQ}n4R(j7Xp5C4cz!k>q)%i zLvX?SA(*mQ9g4%}u7haQDs$bJhU+;ZXFs{I0VcT!%;)Mj3f2iiFmYTvFXs}F8~{1zm=+#*VR%k4r7ggsRl{*n*YAq3 zepkfutsJ5B@7oN(A!RNAL@VGGF?1axSsvMyuInTdar^;42#fVxD0Wm)@EyuZw*!h1 zfMSPM@}7AI@b7F5Fx-d}Ont|J|Lp!~8cK5$)LR?@W+;qO!Ge%m3jiSm9(*KZ%yK3* z1tPUmn6U;(>6bYiE%09|kHdBM?GzgG!dcHb`Vv${NTd?cwX_4|g-JX%dsi%;b^9ciYOHf5H`SZhRi0D4ez6d`_7C zUTOpNboKA$`BjgybmO8D{juxooUQopbMEt6x*Zqb-_1P&l>Yts3jhMl$<@d;5sL&c zMF2R=36Qc3F!c=kziC=-0H$eT8YZY#6aZCPM1ZC=QBg=5l2Cl~FjixYhuVOB8Z~)L zdG1{uy>^$JXO{PH%N6ArIoAZe>>rHM6G<}3kf@5lEe}AV!bF9<8vph>DY0iYq2H@%$=+nb+a8y}55~-z z4|ON!{Rb%Dk#F?%U$dXL zwZK*XHGF>94EXaeoy%Tyj-B~GTWZ7P@O2 ziPqE&oBunBX(EO~wbP2XV3$AN{l9$orvKsC6HX!!4D!kg&$D9L>$W_9`^%sB)^~3p z7K_q8egZ$c`G(B3cr3;(Km0!5zVS!&_x4g(U(aicU*?Z@-jTVk=fqUZB_4Dm()6^) zBZ<0XOz!hk*}rdU_Cc}FhziMsp-5c{(&qm{s)iv%yuQKF{6Dg#$O1tAJlnOT%lO{L z1pv1b`aS!)XlZJ4w_{!az~*kfXKK#|1X;&xw{GL9S6-qgMY!SBJRCc3E@z*3A|6%C z8hblv#!<%#tP`@4OiumT;3*rpWRK^8uueF1<_!M5=miG5cTn3rkpm@nKCz3Q&@fOI z0-}k0yGY#_`NVPG=A|f#!ra-j%PKci!8fE5mw|93f}$uWia=G=6c0cSh&`C#-;S_H z4*qj>Ntei1$JMtYSE-8n>4d=Yilq`f8cK5`YF!OR-yqsx65YX!x{wGV@Ms#z+_=9E z;=xbcj3P{{?KA;kMm?KJh|{Q+N^sJz%mR*;xVTV8)sHN`mp3-ONPna!@7Z23^#p`a zcw^&>eC~bMQBzgVt^d4+{)ojba^jr#(mlA3O?%(U6#K{tS8&FH5A(-oe##r0UIYP` zo$+;!oO&{^uKN$Wd$uxj+RKZcxYZ+7T<>U`J!C|f$B%$-!t z+MN-Om{!Y-aRGLA#dvvbABEQM61th^ZdFQZtG#shgy>8FrZ!h18bJ=J!dPWU?KmOK^+B!Y+A;pOp8M}JPTi1R z;;%{~(~$sngqnYK>+5@d`|5^I-*M@*D=&q2HxXblDYyVoC<4F@6@QV-ldWqJYnP%- z@8Kt!!X*cz%}PWFIQtkr)YC_J$z~oEUZfJFXA;E6H)Bw25x}Js;s8iXGUXTFJceXs zkikE{%yWlN=I{?3&sigF`#_77aOIDPZSA1P=VOmQ$d0;3_SUsBSQ{jvD9E(=zoY-Z zfiPm;N#(Q|iG;cCs;|({*hDNACF($|)v;#}*L?j;G&VLd(BGE_=r^og! zkc=scG)-Z6G=CycmAAy4=8^&N^^X&V+tXR~HKooyBkr z^z6xcX#i{6A#wDnPoG+6FDzTezh8Zonm~{F*3;yjo+Hs@P*cG-;IQ%ec^>E*&r3Z8YARGJxtlb&rK-XZIP z{XFZWB2a9v+##(H_%GCUp%2(-fPaUo-S*RA!1DF6>n;F19@N%mw0Jjqw7f8nK99%M z0)SWX4HN&Rq5+Uv1duYVr{xxqO9bdJ%%#QY;c-!qn_{`jl~gAyLp&K{OUF9LGAGPF zlVzJ<;$x?LfiVr^ZQ$Rdc{q0F={&#cv5fo9M^3ncGv=Si|33W_R&0F*1k4_PILFR7 zoqHDE%4-{+M*uIcd72}qoy-+yT}^+anx)l!4Fnl)40Mj%uq=_k0ZUClrY?>yDP#CCyvub*K zfSKciEMC{of+;mza!MP2e!c^rN6Fj$Z>sU2Q&62 zJC6nP7vOau*FF&9LHE)Q_dRzJ;M+0pI^z zF?6jwTiTTL_4X9KE=`l3?)^otckds4fRGkNcmjINtV;}vi<)}DbvxI z9N7QC)UmPuODyyMfw65f5&2Afkfudi9dvGeBHLAMPw zX9J2{9rN>-Yn@QMPub%tZ2!BlHYm10F?LKV?QLV(`PQ?{INq&O*~sOwCHuMZ{p0!G zB~#eAXNc!l_0rW}9>{W%c%+}MZOb|Pf{&I}u9Dqxp$3;IKP?0O}pH-peQOh<|^=R&PnI_2Fyi3wLJ< zESPdURlWePto=7&nf;$O?>v70^#AbYwk4TLkC}NIdwX|ez<*knZGMr7tUEac?*~)ImI#CAp=Pv*#U{0#W+%SY`=$JAE@C_3^Z4HpJ2(a7$^nz{xifJNM zi6ISQM){Glr;ZJ9?cJL&rDV;{FhBnE4F3Fl2a%Y;%B>;lgPx4b*eh%Mx$vYmn+qAh zmEyoR$rQg zpas|uUV0*cx?^x+9Z)cQLFabF#7PHt0pK4XE*zyrhXYG(S)puQi%{NRnos49w_6vt z67b>s+_`)zKESN~9klP}Gp+EIJ~%<5M3#tDRj&2)U?C;W2VcHB91 zzYX%+2ho4{M|xBb9bP|MgSBjJ9z#cS3!%D3Yxh5$*D&lq8)*VS5k=V*T%+2X+dU+@>d^aR6pDRtntNU3jvT<91#Ytoe)NT8+sdaf^dx7U;yzldl#*x#3jm3DydtZCflw&3^KUHxSocW?#eN?%2Zhkm z{{iqnl72b>q1=&lCN{KHh^CbfXf)Mb8IR&mnJEh-BEzH(WSG^n{fx7;E0K_Y-Qme9 zSx4FJxXI$G9V=ztq+?NpLeN*uZ4X~dZ)m@*%!#wlX62T}^hbJ9;QvGX?x`Qzz&}7u zRXyE<4!gku{<-*%JoxJGi|SjnPi}_O#kjfh`!B1V;S;65+Y!>p$w8zvFb!!f0vHCm zp<^1l1^o5Y&cA~jfHaNaXaEu`8UTW11#Vm`w}voN&wWyt8T0>gWZC9n9BG)6EgeJ5 zn&9jUeA@g*UM(~1pjTDVO-VSeV;IBXIh;2K@+IMt@~#y4PbQOW+_aJZEPRHCAA5wy z9)FD2-*}x^1!T02B9!(M=YO|3JL#P9U+z42@?{wku6R~NwwPIWj8{a9x#Sb|Ai{&g zW%dppf2Ba~xNP3VqetxZ4wQp76JO-+6T{ZEh{gX#JzC}GLb&47f5*u9F|?d}BIiA} zn2@%cp)CQD{s7j@E$2NSEdsz?@l|2AO&}g0qJL+MZ5Q3ht@mBW*B4CZz}e4MAb0!& z{l9OcN7Lx=`q&bvXH#PvJDbMS+t5r*1GCibziA?3Ito&ZLOg|co(P1h>$1w!rB|`S zFb_|)(&7K4eb?ViN+l`s+5c5lkc>%1N+AGM4+ith|MgIWM0epI9fxVL(*@^TS$Ph6 z2*3)!zX0}hb}~<&l_Je@>U|mnX9El;&|Ek_2=;V!(o|PZV_lsM=m-QTaQN&wJhS*! zc6IJ!V*5B7Na^h9p|-l3fZv}5I`XX(+=F@d`R$!6K@4ac*=!vJ!&!&h94;Vu?tU=D7!qM7At_n3>b2Gj-A=*JYyNFlGgDnkpd;1PDdKc>P|B zJzEi$J3xt@e|wtsry@|CUr|n)Gbqk|F7vd?14;SdKes>jwsSRQWc_piLY4MYsbKfr ztp$K06g26=TTg<3)!SdE zCzNFkD4@BvjhW-;bK4`=@R8#$=hV69^4lkGV(rdcEF#!Hu$Ki>PCyZ2c!9;0E`_oc zFYNI6m1t)aNdJm7Dw1)OXb3ZqGvz;|2B~x)Q$&AOXh40K6Tm3!2A~_Jf~=SW*Tec66+p5|1j%;)Ll7+kZ!TLP_eY^XEdd#s?7sHta6%`>m=9rU?mMVvt&> zb4vn%MFbcukGn7<+qQ4#p+_F##g|@S<*GMrF0p>UpI9tLAQ0g4PkowezHtp6mqet6 zWPIbvv)%xkd2S&hKp~C31XT;1>S+YB?KEzBa?_FfLx)^#nBMo+_;y|ptlKXgD|I2I zhyV-8A`V_8fCFX$P)-DZ?DKs)5DUV5R8!yi{_9S1_AwmQ8e~DJn+ZL;sqNi?C(p#c zOaj1S?d7@%q{9M^okX;4D&5H-8_xRziBIK4v0ajjarMYcP}?@bBdR4}b4 zO_rS|^jQb#L&GrH)v=FUKy3rAHh@tYH0OeU0fdL5)K&-cL31ikbA26tpO^knIFl!l zO!CAFFL2wR?q$Wgb+-IDz0J|FkY3I@X6MgM%x*KgY3F`8mL86t#xC$jC7|4W zJ9z_Gw%Bi%y%H%+7Oi@mp21FA0Rfya`@QVx*~X0ad7L`$Tz>P!4a49+N0%iVo})h4 z#LRIE-0Pb6Tsvs&X6#C~QyKU#SCl~qmrRd>F}BJw>rd_cr_K9|xdE7_#riKz38sl@ z>PVS#2dF@|Xkz4H17mUfBJNP!pr*?H?y8F5l2gZW-?JT*E4pD|N{L~b6@`mUB+9>u z-96oW>1$u&J*U5i-~Ik~G&MGH-8ZiV;E6{bXZMy}Y+JvTH(y`L?YI4ke?9Ry-?;Yb zvfIg(8gI)iw|U#@R{mW#00BY%zJ2fg{-VL}-?#RWal4|&XaFy4`$5fZiwiS#D;IH_`GNzcn@d%@o{!^bOocoG1|uw zG2?XYN}zt?hy3O%AK|=je2i24zM_`n2Tb<&!R0p)eQGg1nuon!A6rx4f9se-*w;9Q zNOg+!-|KS2O9&K@@zOa<%hc&Jc>lQ{rm8AHeM18;JhzaY+qb3K5uA3`*&KQFaU>FP zwr$zWv;TRTNH|0w805s0Pvx1Xo)`@^hQ%~75guvC%x_lqjVl)ZPYNk?X^3<_%Z*d2 zx-OJ(Q-dQf#L%{!xV8CnPzt3K%;At#6$j_DGZOHhPT#(BH`68_GJHL|ywil8!r(tw zku*?F>IPoTQvfu>;j?G6VAgEzxc`3k?%&UZwlO@mXc6H^g!9ihljG(uu+RByI%dNm zCmrp;B6oozyQ8+GOu=mMpKApm9P{T^W^-F8Fm{)I^n8|l`@3vh@*s0g{v_{4S-tQs z#*S&@>{Cy5T}DqPiC17cnTW^ph)dl_cW)1>qM)jZ1^&}f0CK+tWq|*}Ul36s+sHw2 zc0%q~;QuA?4+2#yAJVvW0RU?OAST192mqETT80=9GRQw~SY1qSoyMbVDOk)tfR%t) zyLxUqWR+2b%JH+#ARHUytRp_kum5%Za1;QCKJV<>#NOT=oG|+=*6&{7x}BmLm+DV} zJofAE`dl*E#eG%=d!TJn{)Ndw;VtpS{e9`Rkn;31B4RJQFVv0U%pOD+FM+?Aw7jG|q*JmnjFJ`hzCN%wgiAi z)7iO)zWOF&{$@G;v-`M}(1 zG?dq?k;&f|VqA4Ap?&@Ic)aZORk1Z#!=~nTwzZ9;vvC5Ex+cr-Ur~`1SpYC|_y8nk zY^0y_qmDU_FZ}n_JaFIL^!4^KdFnK#PMeWg0Ql0^ze!8$7@mIoQ4oS7k3N=QFi0dE zqPn_<^FDg988w^f38^U|JHm~N`%yxd;4f^Y;@tTo@06sY}m1beLcOL za^w*XpxH9_G;|%W*E6hz187zRoN@ed-2L#w0Mysi@Wqc^!XabZi}=)M0}p2%?Z6`Y zrk613x8*66KW8wDjvdZ=rT)&DF@s}{IGi`1xsxeJd=P*2LH&Gf1womb=?uU8S*qaQHrtZ}u~Pay38t+qR18kHvLVA@HaI zCFdJuy`h#AA_9~W^rSl?K!7iN^^1&eAIJUo-A{GUPQ!KRoWoeNb`9sAbFM9Y&aBz^ z{eCuW-ZY{G00m#(95xX{6pFg`&0}Uf2ZtQ}`{jR{)*qiZMOQptzo);eF|cFr+{yRs zJGAW|@$685ZseU33BXk-z_iC!jyTRl3iafM3ciVMW$RkRTT4+-^YXRQx!>91)lkkl zj^iF!$kxGrI`;PvYKxFeRAYK|WHA?j(G;H_ld&YnLD=g*s3 z=d+-#kpmjLW7Q_)w|>RYGfU}LReC&L_V@y9tF2{QV+%XmCbPeJEa6}yMh5)nh+!ZK z*(_)PLhl{v>v#E;U*hKLuVd@xO#r;{+TzT$@rO)g?)<~~;uV)>CQOT8dSPS@x)7=B z2Bd&|cKE;ab%*eOAW=~UVLNNqwJKUk1hfJoyH@d8^9SrxdH$7aV?ZT7j%`kKw;1Sl`Agiim!iz zr=*r~yDve;=xBLN zO7rVmw)rK_KjAaXpL{G!H!dpKUcuJg45zDmRKoPX>~;zl5CGD$0x+6#rYE&tj7BfY zfQe>U#D2pe0nVLFrIL?0I+7= zT2{WflINa&HV^y*95&}rRR-@zDrvy?IpULaJhzM;9xt1G0agd=S<%qKs@4f?9ygPH z&0`7IG+So>8Sq~Q=avo#H9jJyPEFHjXllxU|6G|eZ91#pT;Xc6G@4=t9s4c6$Hv+^yJA`G?C#vh&+q#)TXyZ_8!))7d#(mkn5FAB&tk**azesNp_k_g`f7v#39RK5EZvvux{xoUtB1b}W~C z_&heh{wO(8 zG*rck0$@!Ngv}JG)H~#mng{+JDk={Yr~b=(;~mmmga1NDF25B{X$KPg3oP=lO2p&R z4M0`A8Ne^o%>Su>!fD#;;t_Wm>r!>(CAs*mDyfRAcFO8dMpkZp)e-zR)wDSl>x*=g z)DtvkU3Y4ylF6Xc`&qnz3%~!e+9`aWv#&Vv002w~SU&t&TmY8OzmWp{28Ll`>dB0I zfN2`Yl-qz|8kt3bpytBFxeOVM>NM5ZQL`x}{v4D48RG)9)Oj<{*V%q&VzQ%K{)RrfKrG2mi*E zU-~?kT=X#}O`KGgUil(wk2~VKc^g^Tk{t=ajYK_&CsyB4fBnC<9DBFzDJ2(J-`6gP{=gJ4B1Bs)n)C zVE1}RIJ{%c<3T8}e|j^PiUoVicTqE?N-cxy-e~iPZ3$SjgX=;sCnqoJaqc}?5V0{Pfa5o z4K4Jxwi9Y;BJQohFhMx&{HLWL0boiLUucJ!Y%N#ijOeE?u2lWM^g@5 z1c1>1|2YTNp_FXewv!{~9Xfo?fvnCBKCFY;lPB@)(xq(Mvxh0;$LHl=x@I*1Qzwki zG?)#PUVm#f4?p)DiV%F_gCFGZS+j}7Jq@c;-RY;oS*yhColf3CYs zS)e%eU)~$FVn&yS2>ZB=G01A{mj2aHu#6i7XaMy0H{I(GrjXq;hjW@t1YFH zc-rZHxyX}yp^UY*BD%P!B=4CkEbWaGx$^zr<>tSAg`}Rf?;@=UbzZ}wxD z!_5A6H-Pj%GwWQ>Z~@3PA)u593~Id!11?GL61tfeIxreHGxM*Go;XQea^okb@#vB+ zmTem3h1GrB^vP)~SwFx-uUPl#ta&H`+ke}y6e01QPCq_EcmtL|>yJ@B4cQKNoF zLI!4;(lf&}wV4tzCY4=RmBc@Mp3pxhHm`K!@;|Dwh=UUe;D9UuloJ8qNG$XJ?!749 zM$Rs`t@)?HlEYd1%N4s z!_>oJ+iI7(O=IG!&9p_sG==xm8H*CBZOrEZNK0-6fKuW_09Z&=4H>A$XdOqq+K=ID zCegEt@IWs;L;ZBTvYwrbR?wy!w9Xhu`>99LHf;hmQ`+&5YeB0Gq6DiDh5?ZnvOkR6 z(Sf;XC;D4kNG@7VWM3~aMKB~3LLNVT9uM6fKV4N->EMmXv`*>ovR^I<1Z#ewm^8!hmk>&Kct+qq{iv!+iaSXE`8h!p|<0>SYM=CgR! zDjr<8kSi~|fV%1$1fc6C3twBz@^$N&F=-N$#*MSJt{VoAJ^wsQR=r76eLbH(@5793 zX#t?h@8>h;pO4SyClVV%Q&jvue;L*Z*#Ju9IQvWY;tSOAPLz&Kud(#uA94KAM|0@~7nD^tGB{X~#gUOr5*r#S zyBxs2t}ZlBYWH8$P*v61_5c6De;MD3oH|C*Psi_ZZYv;!QqgXoQU-T`rg+h1!rJwR z6d@oPD*!1hrAk2zCu@kZrC_nVK`gr-yLv7v$$RFCw-b(qsHv*sQ>TB8yPvrgQyL(w zaElk5_*o*c5N~dOt&DaG_qi_6$Y;;GmWP-8k;UtuDX8A0)|p&z!spnze-lrw_*<#o zR6Mp$*K@N8(?E$1Vg_@*>Eo+06)Wn3X&71N{#k^8X6m0|AWdtx-;n7@0TR_Tk*NoG zOb`ZKg59Uy=*~;K>HaO5V+s8DAKUP13JKksraiK_izi?2&YXi4_U|VTZo}_Yh$ZZn zUDw^?Y<=ohq=c^C7>6|ZXsPw$^9U-zk8X(oXU>?()G1SW;2(eE+N-b0yFO{+L~5#Q zxb*T*(%9I@`_4L>JAUzN4xMvo**X;xzqfG~kY@_$L>6>Aq&XiI# z0H(m)p(y%#MNKUCdcu!;h<7GUf4y#ars!tXS#cxi>xr~HSE-JrLIG|BF~h};x)AtB zrAic$w>=5~SmysT1nr7K8CxXz(z_R?ALV?lVGKk=(9q_*0MIZN);oN6)8g^LoD*T` zzd*XQ%A7uddc&kS5vOr5Ot5n|0}U2ee`+*^j6o<8*E^pu8~kp3-Ovj3iucB_b*30fKr7y7$k1)k8M}9fU`Z4 z3;EscKj#Pk^E1Yb8Oy^DK7gJT$8?~-pTFMw2X6V*o&5F}KV!wR*GHnZE77AvCc=y> znl_{cl(;F7+0(UL|9@1Kbb#A*_&)`Klu`%~ril`6ZfZwW^BlIKyY?0QL3T5#5+$zN z^N#)kz<~z;ATXuL#w}YoeC}Zmpg9|S*a2+7@8^QE&g3tTKgrMU`!lmAPexT#Htg6= zcxZ@8?c@0P`#&(;x`2Ujg!}&W7&|*Um^EbzpLqW{R8{$HI<_=65gLkc$6xja@D4fTxkd9+on)&g!ui>g6+{p8P z{4!^L?k+TM#cO{DM0$3wW6?cdWAY(~aMLx{6!p8z6)7cyy}hL~I!Hw!15<7G^!4EJ z`_NKW0E%Ln{R`Xu#{MkW((+O(0{>1QBaxGy_r^P<{XYr*3-nWnG(n$xDTh2z#gkb8 zKuVN!BmkSQky6H&S*xg2ACa?pb&npFR6pzH$Cfc<#-|h$V+O zb?&*$nQ#PmFZ?O7#86%x&g~TcZNBI|SJE5mV(0$NT=bsL(^%8Ws_jd7b^U*A`3zI1 zvwt`LSp54!RTXW=p_`=(6uF`d_U11DXaYILkJ*_-s%C}^P&X_ef88{PtpL&{|E7*K zy;fK}GrcHapqMIc)sl^UW#93lk`4Bq&eM_${zpT)`l3i_(h&5}Qsc#|3PjFFL6G&z zN{QnKvJ4`?8?V2C%RhGo=YHUWdB9!>!SC+4llHOg%$Po-tlvMk;?tZX0XRu>^+p4U z(3I#)UM=+d8gIwOQzqQHX@2|tu|PF4{cD>|1h_si?fT!my!w~hdQN+Iuy4#UwGEwe zv?Bq$-SW0B0Hi|z_I4u1`#FgUzQNhj+X1!Bpn0r^I9nRV!rsl$=-^&e-CzOyzI}!3 zo_)Nvz_70jg3bwJ@CSUfB$G5G!UTsxc%otA)L0z%qZ$Fgg%~#G=$B<5VY;RGT^h!@!TkD?vk|AdmtK1W8pTu6l@S9wJ^Z z5nqr{RgiF?nxUFHqQORDfgpyr218Mi8pU_{Z8{er00b};q^F9wDMG6iDqjHDxqTa7 z`Rrv}e&rYW_3!WH=eOL?!j%woxs-S;YzT#@ z$ESpRRU&R0pm?pVeN)QJK6Lv-K*Rf9~u#{NUF%s{|;{ea>=nIs#xPfOPP|e{N$A+S`hWoP758 zGv^Ye`f2s8ym@9h3ji7(;%V|fQ)F<3BL{$!IDJzc^0-JUUa-*pD7T$bzf)zmGyEK^ z-u@at`{&hMbkgVf%zM8DKqMC8-sf)RjmERWx2&J8UMqt9uJK{rwB}?`+Bb6i6<7VoNU8juP$zCg-KgiPgw`Js74% z256=LeVX-um=w@N*Y(VGX_^-J$IKkJ`c1rw!U4eIZ;Nc-H$cFrFut*hx++iB_d5GI z5m|(th3`N@7kE6SU+mLQJ)P(O{X7#g?u&Lg?Ud8ps$Y?)if2}CTCqp~H=I=cwMGwS zt_|-{7(sP@nI`XMv$=ZXot=a8KK+Na_q2Td#P@gQ<{4=ufVVpoVEzKYK@I`9buD7= z4wOSw9AlH0BZJ+bC!l@|bZ0HkC@R!7!7z; z0KRw_Uo?(SkKs$i@d^`7H_=Fazf}!G5g3Y>q}NBn6ChsYB@w75;j1C(^`i%?F*GkG z9?0zY8;JA@fTxf&Yr`!zIP)x zedijsZyPrC+PZlYU;pA~`N#zqbK_5Lwn#~0XdveCi;y><40!x%%#(Hj zps@eHl&TOyA|=91N<|2PnN$>Mnu>xD@tRhcYm}N`M@^DI_v*vPYeOQ;S6IPvf!X=!M10M^;Z z&LBIZP4>9t=$PFnxB2a3IeOL!CmwS&H(z%x-~Z{)`1c*3;?yf{r?z=y?7}0JZ7ZJS z)xUj@3GMCt>gFHP+}K!FdDAorRp@3Eu8=ekVAtL~Xqt-0qoHbQY7t;K1R&u24yDoy zgMU#lEf*BqpPRg#4#1%hD9-;F9eD8XzMrE9{-5-TLnx zkwojov&X+!6sN!4kpL%0@OFd%jD`_v9r@&BWr~#0*J+vgXDwgQ$8EB_2aFV^}0|(!L+>Q!%vwhT=o28fKM-sRc1L52k4%(x(1} zi2Mwrc>jtK0Gg?tZ^e(U2I5`GzVKGf>p*f>rfgWZmV55{Ef;;_Q{3`H`*N2wP5$}! z`_;YZSBmmxrjFt;$1f?BO*0(o$(dCjunB$6gk^WfKBi9|ps~I#tA(72 zdv<%-=F>t@S6z+B$)C`ZJoL;ntXRLEwx%X7`_PAJX>1@H{HG5)d%F4E-~YxyIE)7p`jnqP_o8sRCpdxs zd>!-etFX0s!qG=@+YLY9+duj-PyGC1j=%5+Oj__h4z?J2oYx=yDH~q>8;8%G$1T@? zkDBWI@JOX3)Ypeu$?iWRF#k7AIy(2^t@5FHJa{}F6h*QAWevOI+bi-@M+E-uRbzji z@*2)B^M4Th=k~>|l*0j_Dqcj&(O+bZgiQaHSxV+O5tr1=A%oNHE>*Y^a>4vOE;5xh z)J{*y@JVlYKfU1sfyW*0yBh^Qdi-aot!m&Oul$Y|*FIspwra<)pX(=1`6`|LyIHvE z;gR2?!Y3t@^YTcE67IvSYq4KztpdNm)GZeP8v&r1PO|{NDb3-i0j9(-QY3(;l`f^p z^hT8}{RhWB`>pL^!qM_0v$&D1dj~NMlh#@vlUu6@`m`dCacK|#gf1v|RHT%wTD^+b zm%TwE5ohL%nVfRcDQH^$9`nG!02hDqWBmR%cQIl7gtFSn7J&$yH2L~*&#n6M&O&+O zQG~Cmyv~FN5!JO;nNufyD}2uUZ&@#qOU{V5TW-L8D8LcB0E|XBg4hs3t;gApq)h4E z3ynF!AsX5&^ZsNU!hP0x_5wiDSlFH)vJ!yCb{I1Wp89=d`ZU!LFinEGPE|63M~S*~ zf*!310Hq|&ZLew;g7kuE=m?J&(^qBfDWr+_ghVm2%*{<>n7!Xrtn~D`sv@1hy=fHR zqIXLGXetQR1VupxycmH7LcQG`3pGZ*006LV&1x?B)a6C5Po6UMfGhyS`n!{gCPE&+ zvfo>)hS7u#5v2Y9bIYZ}|4E4$4*w^FAr%oC(=ri7$$Q_UJ3HLWtqNZ%V^SpmW#pfW zg9rY}?VbQBd2`)bPCf2;gkrCw5_9=TEXp7L`A>Ftb~1m)OfG!i+4wwOoWTFyt}gEU z$KQzz4bk4x%KP4P5{FHnp4p|{wtE-1|Mf3Cw`2(yzyAZnt_2L&l{Y3i3lxR>Q8+(Y z`G=F!$JrC~+&*P%mj*g^9kVLT8@qI#d9!D8_b+ebhM(QW3-^7K9jg~|^oPDhpsw=B zAmvEM=GR#I&mS?+wVh9Y>|^}brI(hqyP6hV*9rCaSENH^U;v|n(0>3OU0oQ`#N*L2 z766KBfqx-#o`q}?`KcoY{~|A^129fMD>>>of&ctBI9I9B`&PK zcE%Yz^X5amxaNt1ZOxf*B*)J@iw9o*O-21FTO6P7!tJObhXnv3knI8Fju_IEmIZ)e zfqZG&BLZYB0#fPH^kfzWOw&M0jarYSEg+#Y*(9eu>XYl)9{f-IaCnV)BE-q$V z%{adC?QiniU;Ji7yq1+ruLF_<07FFr$XE~1i4_Xao#H@npaLRY)Y$~%QY@Wg0syf7Egb`m2d&?VYMBglCi_Jhqvap5blQhoW%6M>y;Y zI17|chgWTN6)OX(Lzs%lZvPJuk%owc|C15KVEDh1qB^_w0w+^L4rQN)HhcUbGAC{2 z8L1P%GYbCgK#G9Qu5M1AYGy*sxPvPj}9`8sp{OOUtoiF{2`kgOPJFb@ReDAv~oHuXS_4Ty10E9pafg)_gc1d$Snq;#uyzk)O4lj*ltw`l1t;#I@Oyft`^f8{EOFw~O`BqUC z#bP{%Ij0CE9s)3yJuwP^O_{9VKNreaEYtd(dp*hQ<-lLw?TGZGTqt8Zc9S_yF5ShQ z%Rfg$+d-b+^rwssJ9RgAUi?`OH}B!?{cE%Gk~KNU=RD*%q};Up0Hl)~=RqFxAqT;{ z83p@BG&(@c7eL%8U@T3VG8zuh`X5y?w*pQbKa0JzWuaruJ^1`#W{fLh?)YL#JvxeF zMFfed*(ZNh6JFm8YWRi;rggZMm3Hmk#j3k*W94NldFX+MSTJusnx@g%)W}!A_HTUT z6CdTJ=hxzJBp>bF_ql)K+MBMUx38C?!lGgK-=$X60dM4*zcY*?bPGBJ21>-w-+O(2 z_dwkh5$T?7NbMXDRZ^k}K?LMUO%1*=*1h4EpTF|*hG8=~Oj^h34+Z$X8NeKjzVfFU z5aAF)Kz^Q*GEir8+^JuTO2=5H0bmIL5*+~+S6bh{9vdyJ+UZbHYdH@bE;$`&rbL$! z9HxO94xxl{0Q;jA0pM()q15s;_7SJxot~^ z_Ho+1?P%t^QEg6mwYE86j8G3^;L~@4A>A6SZ1n_JC|1sLV?*QRQBpC>0vR99@ zlho+?ZQD83-p=LcFSVTgC4v7q4@Xa)G#%K$>%YH`=l<&!S`V$~A3yq09{br(M+E+ZJ|F&p zfnk;H@9iD->3=X3;#5luy2F9yaG>crnyR2E!ioZ5XB(V2pJGWV0N5@qBPdQt7wJEe z-%mSmbSA<7Ncx$^kFe=uJUz8nL)pv@*Pd3*v79PYh=K|r9u6?I{GgMuB<}1hwMov6 zn@sC>_U!q!lUyLbc0_tohK8q%oyn{T3$rkm{o8!q;tx^cDd*4Y9>g5NA;gVKK8n{} z%%gApB-u;65Zt}u3rwh-I%GSUA8qCWLyn!@^9lM9c0uWDJ(j9}EF7RTQiK5UQ-3od z9H1%9Xh=X4Q-Z`wD|H)8Ec)LG|HBcJ?FZW__UO!>P{^c8H!eNqFgSs11@}X*8Q~m1 zCx2P}IP>St}kbrfITw-`?CB%0Ld) zT^F=*rXJLXo^n5Y`^e?rdZ%susowdo2aUpyTML_MDk8k0$l3Bwh0eBrcB;N7O+!8R zc<*JKzWu_96|u5i9r-OE3$xrmIE>|Jv}n{d09Fm7OeCDUGudq9?~jK2tA^I&mLHL# z3h0h%0CYB69{pofHWs>DEQwblDJsmmC>~mH=ddF|0-&0pnIW_osC_>o0A#x7%yeS} zG!%G`$pS~}05Fl9g+$yH^r#(OTSLCi3!R?woV|gKs~ykB{^8T?-npILo*w3%w~#4Q zr}O16d>VjjZn%l@6DM)(@F9evaMiWf^Y)wTk{kqo z!D(3b4Mq}W%VTTzoonTps>`%_w@W*H;2$6m2(ahC0nVE}d$5o#fK6jGe(&%JOLOg_ zMGK?F(m&1z8XEZh(|<)(74E(DHYSZ5m(ZEy5BtU)+j(c#PUcLV%9YD5Oz2}geg9|?U+2LIXfCk<-SFy-JIfW+eI+6iN-tNG5qeU&5i4g7KSYF>Ne5%#?H zTPi2argqk)j6LUkDkjWED7mTWhx~oC9N9wCp^co_{R#s;Z4?(3^A8`on^ia7NMW8{ z{!>XxNmr|#BhDPkj=*Ukz|n?!gr?$f=#~k9rlP9R5P)_LJ5!zmWCO(sckJG)gmjVq zBl(Hj0SOxcMQU4#b1OY9g_oqZN3ox2{A5}O?faPx;EQ3Z{pKn-P=tz<(G#PX3?S3# ze};86HBZ*0tlyX%z9u=flYI>GYsdO={`5;ZXY4Hg^2X0FrIE3c2^HsX^Rj!`a`-Kt z+VCp|0;!sZ*}u(oRnxg-_VujU@)*tC8BL;@GG-^RhhVHnia6tZwqF;#_*$=YuDfybN`W_iy zxc+1JF1qv(z}MIHejTZg`;W`VJ{=1M*arXey*Ii)-4`79aBo-j?4r_^!9mG26yRvl zDq!^}*ZIDM0Zf#NM8XIu@ny`MCv`Skj{RDXTk8G(J_trt_`6y_cUhkO2YM_U|Bj~g zIvg(8^QLw0(z{{*I}jWOhyEZEi6TLf5@F_esy$K~DgwaiXfGG_|3S(z24F4@0Ar-6 zNKXkqM;Xoi4Gn8`N8!g5-I4!{8JYk9AOJ~3K~z&qEvK4!W$hZynRYH!)nnMZXBR*H z@qZBxTM~&4Z>?jgc`;*aYeB*zzxp{lx5qu{_VxDg=imQ2sZPH?KbsL5iO}EO99C6& z^aACiw_Iy;SAM4I(QpfLtIvTrbw zZsjq9Mq{$2g8$^oQ?}E&Zs;>?QgZ?SvD3w)4ab>KGmeV#QX7yVlG_#O^-UgE%b|t_ z_8dIK(z)@|G_iyN#ZLLkEHNulRxd>#5M)z)J@`BU;YyJ-Fq*uy!j?C zz3~P+*FMblzdwYgJ1MT3L}BG5yrng0jskRN0j3cl9P$wk4A9$FPhVR-eO*mR)5PU+ zvux2quDi|3maM?KQ}+pSf(@hpY6K`}!^}a_?LXs* z^}k^2kzB(8g05=Zz2fsUcOB=Yolj=Wr>Q!3E&n`?9mjZeXY#3RQ9&s;Exm^$r}lE| zvU{02b~dJz?5y9&vzvZTf1qcGN1ORM59b-hNa^oN696Ct=2$oKWDvtN2Ezf$m{Y)n zuz=ExnE_bZ0+t4gB^Xepr5T_~aO(<-t4%gEi~lvI04Lk}Ie4<0+EN#br<5?Ix&W6$ z8MY=+Dur_V99@0o)qM49UnLL-;BuuK9Iw1|C4YSMPlE!8qsNZ%w>5v`XTSUz3+63g z_N>_>;!_iPT^jF0gaZ7@_N@zik&>^MIqL8J^76VD6YuFFa4cxJFB(jUMgq8I#utA3 z^sYyK@X&jIoAe(SElCRm9}5MTiO0RxEYEoV{R{<|_YP(>LjWd{Dd``rx)L1$mR85@ z{{f7!74oliY*YX+7WQpOuOsM#BT)_Sjz&uhU{CIAa=e}(CITr;q{wr9Io%Ne63I{z zLum<|mNrv_Avwwg1|0w50@bcVaa`}(?$y;D>#M^gvWB-?iH&nr=LPm6h3jwD%>vj5WqTvc0v-53FDgBr{s~b zt`eU^;((=SCnUC+9sFm`pIU!XQW{^@by;Z%x7~Onx7~On{R91M+r5W9`}War@+8NO zzsIpdZ!<6u|NN+`ipS%nrn;KhbEh(S;^mw-XAU!`Pal?Zzo94;4AMVL@BNW*c-Wr* z0h&*p!si>Hu(%N2siQh{G&QOLkP5Cv@*IE>g5req;eg^?z`q?+d9M|Wu%BtmYkvLA zbwfXF0f3@Fjshg1Xh7J~LIYd1O(C)vt=c`F9P*^z7!{n8BlsUqQ$+^#N~pZaH3&bx^ZUv?jhr>@{HZ~c_+fdmu13}biYg4-BVI-Var^RF0YX5{vP z^X{Oscq~79`d=)Kgalf(>{Apty|^6(yt3sfo_PCbOsbmBO-nz)7q9<5KYHe$35M+s zH8PA&PWyyR$<_^}-+pZqwO-`$0K^>n8D6_kG~f@jVfQJD-5T>J6|rb?31wafilRhq|Fcc)?2!O+l}E3*csZ+X zzLlGAzlD20c`tKk&!MEags$!`+S}XNy=ON)Jw4of`z;(jc9hn(R*H&>xaEVl@YR3) z$|wjdl)7x8023ntv=5wfvnE2XrhpCzzrUgmk|P0ZIQlPB0X$mUkQjASJ<5_v zyl;9WIfVjDp=1Go9M)PlV$yVEC`^-6XTfOH*UiTTsPKSH2s8lSr5R*p6` z#=*aUEqnIx_}UjK@_PC7?RQdHTABiy<4jA_lO$8~6e2KYR#X*Ks%@Lt4_a$`2Ih3jR~m@?I;Fis!Rdj1KtE2jvcX8syQ2ii#=2 zQAab;J|;K?OdXfu@sq=ioW4U@l12;s+w@rgi>IzYps?xSx}4iFrNPTPo@D2-jof|7 z=lS~WKjWEqe$V=SFWP=L1u(XB0$0vo#cR8t<#^knj7`***Kzs0TX<#XUpd)vH0j>F zNz0gDw~XD#H}Tt7e?Y{rc9&hp+G*`+F}4NBVl&YUMbIetS4`w)>Z zQcF=@to0yeD`xaW-;@TX5z_)Nk%k!s{1J>nQvrz)a~vq;pdSE<#Kc4u3X8|7^o1g{ z1>QH;Xjv%~F?ns<2{d6cqo$bU=aw^}+>Ne|F3;gS%yB>U$xl&QTFRII?aTD_C!b{( z6&A5@!9u1?p3DcXx|$`6mM~}boKX{`3n3g!#(kyc?fw69BA5K8sTQkB#5Qkb;qGHy zebcJmIQdP_irQ}u0Q_YA;l&-nx?ihG=&5^_U)%n_B@|#rk_ZwGqP66E_Vle`ujaXt z+k+Vlb9A(PHFvduyU20`SX>3iQ~XSHHN%+6mT!P?0Q$2yb8l^c-gY?WJlMA}KVBL; z2q}WFDhNBBM06d~;TRePWeWi~Qp)$F-wA{=l*z~GU_KE53xMoVU?y=O;7ENv)s>ahR8?gLq!|FLrt3_bIBBr1jXSsV)XT3> zUR=zlZ@-h$;^Ji0`xMap!dq{#zy2627B6PetT`#bI?kyC{_yP6)Hj}_C;E}jCZI^~ zhe)b3`B_;14*30e3ks5WOa?e2g~y@6e>#r|&ps!Oi^RDy^!)S`Z*U%g~O4R*X(T8E z-54q107bPMsYojlfFYwG-^4H@NNL&q8-|G?Wi<4kfoVpN(lKZ*5cdNRKa_B)f)x{W z)*cDd7diWc0Fj8vYg>*J2u7GOu8@_pDwsLeOMz3dS9~IF`!7<{qt}^y1DJV40=Vx> zU*yfV-lVRsj%ib;F@5TE>)&b9m@t0AsF@{XqA^u->)20D0sx2Vd(Ur_-eGs|o|*s9 z{MDvg{Ok69`li?R-d7qnJXac~wn9}xPhL6mUq3UtT%TV07Km@yK>AeOj}guC)x%g< zQ)$dZr0zua`Z+Mtx?*I6Ex=wuXr&>uJjz&+mPtKwmcl9Zexc6TP}ysV^+k_7{(Hob-5AA5M{sl%q0$#IS#Z=9of? zh%~HgX_*AX?En46#g$S~+-Yq$CxpEijVENc*-py?W)2zvnK$(D+EX|5>1m_2p-%>w zHmxD0Wb4kI1fpOr7eJcaxTUhbeg8h5difQq%F6icT^~vZ|B3m5-3Jfy%Eq^;s~yix zE3Zu6iKn!=_U*UWeeeLw7cJ)edGl@fO6M__{>J8aS-)j-@>nNbTmPD-$ya{#J%07X zWAVC@08Z>W&SU(M#QT=L^sQu1WZpIrahLH>aO26~6LESXZ$Jxr&8G1_YVC2VcX|4$~JZxi>19Z04P42HBu4CDwpNqUz$iW z>fJx)5HR+y5y6ax1B~6XGzAPyET@5{X#!$!`g&XnDl-Txp5cJF8H-(KXQ`yb?UpZ+XYUVa4= zCrmu;;2*$AX_|>^ro-eZRj)m7N_E=(8+V_ddauCSC52+v`@&TZ2P1`dDn zuV3c;`1xZV8fGB)(@P`8;HOp0wJt~IoG#>n<7{LUV;*)kLCsVM`Qr`%W7ORWF0bVP zFx5OD6Ez)zfDb0m&z*<*Mht%tKMFpf;4jb#J4;TVjYy``__H4 zJHFBZ#%OHllL2Ph?Su_|Fc@U>_8l1kX&S#N;2&T{-4qtin$2hLyo+M5H|3k1oWHfR zlRrKG9EF|&?z#CE6eS`2PZ9_g>^pLV7uLN_U2QG5UiE=NzQW-!n|AHwnb%%s?fSQ9 zZfzwQ{0sU9`uXci$ttLJ;2+>*OEZCBfa>y!M-o8E>o13hYe}}^g0jOzcTGabL0ulW;iA3_Vg!Ff4$jhYHAWu+C zKHxu7+o{~gnj5XP!mjN+`#Bu&&zaExh#B|`7!(4ekA6H%;82aE_dAE?hmpZhXgwt6_mb{SA2*Nlr>*3<&3~Y|tHHLLm(Knmy}mAX zHf&6}W6$q!MmH1q2T%qwxJRolz?4=BQKN1(?#9=L0;TgkKY$!My;2t=T>pS)KV(E4%CF`A2QX3J7uot zyGBHE+>_fm|2vc9& zbJ;nYP6yAq(z@ZjQaRK676l-YN~-(NsboYf4S||- zVDp;X>XQ-#fM9ogu;qlATmPlY~*g8@e&VW%52973dO0mSHZgaC~B2QV~* z5kQy`gke}dd}44cQFx#x_$g4e>?`2=9RUEa>;j@fTSY-S3W=0Vq)UW3V4CRu&XbA} z4lOROo=~1^_^;DK(xk7gNd|j6BSKYrHJ3Q2YR${w4q~tGE5kq``%`U4 z?sq3sqS1Nz%LIBlEpWwsP1M<9RU*Y~Ys1?PaL2`07%^C{uWu1k32 z^|ZM^ZgoAun87r6hjiE3=rv)OB(@a@CZ{EG413Jjz>*vOXTF=4s8C_KrIQ!AKl$G0 zQ|QU+bF=FtBHn-VB?7?px$q;_OPf!s?vsrlo&wJNq{mqhi?r;c8EH-f_|1AL8pj9Ez-JET3DX zc51lV=Y8*o>O8#ojT0=C4$K3IvrRkrd_Kw3@N_vE&M)nG061Ov_qST@F_qOn=imvy zOw}P07lsP4`wo0(&2wSV8s_2lAlo}IRGDKB#RxWdZlR``iTI_{nFYN(ODM9E9wNR4 z{l?J=RCw4*{F+4$peBM>l_z{aF`+6skW$eoED^Ul!2QWG`ayC=5CZ+kr6iN(v)ovR zmmq06Rf4TORkhtEC#{KlYJGb0(HcetJ_QMd z%e22UKD2(*q2L{N6?CAMz@ZQ#6+XQ4tztj)M<++)mk^ng|nvr03zae7o+WD0y zkK~51FVq)W!5#ujL)4VRA!=Au>9xl_oZtYhVi|W%)osd>vvT8-Pf_2MN(;=#X3!M5z*G3zv;@ho*ApnGz(6bn66)9_^0;IE5k z<*SiPoSCsp+~%%JC6uOVGU9vjBe)VBP^t+ltH}%%Ya=WD#U!+pDsmO9AT@MBl>b+z zy^Va3{Li2ANiu#enw4)y;)EqLFHXn5V*WLoRx__T9H#^->V>ruzrsXdXs8mDgmlb|;Qtl=*@_@tM$YWKX4`Py8aT7I;$7&MwQuttoBkA6#8 zOc;DXtBC%)kA#CW!XWzX=F*ZKLzeJq=qR68Y%Y{ucjS_}u(p+VpkG*I?5kY-j17gj zrwWD=%OtLs2*05+2|5D0q2vPh_)UIMNp5TJuCeY0o#YMBJr=TjIBV84Z3A769~m9;XMD6zn!eR)O2yIU$gQ^ zkHb`cqq5|eFS7)OWPFAZ!h2NA1N#IoZl0)7)Kfb~eV8ABgiYXt+)H8zK(f{Z3^r52 z49!{myX)mHJwOoG3kKle&{Qo_l}ceDOT#e|C_btNF!n8$Ve;SK^Xzdav0<9N74j14 zzkSj;H{T4U(w?BVI&7DS-cS=`QN#Y+6HZmNkm&ID2ouTVlQw2{o8wMlzUYwMnb9CS zDkBqPCYLWd%Cx?$v^ShlLi$v#GEp|sOF!@OZ1RLw+s27u)b3QB4@NZN8*C8Sp(`Ra)2vr3@YlD zyBagATL`7<$!e*KS9pQo)o7_301YS%wBb^F6EvA*t8otSXtv8em|-(FTbT{OHu{kC z>984KO4xs7u{jYZ<5#Y$n*C+-1K;c94i|foqsg9= zAXOmq$V2sLF0-Nl`Z+WyfS6dJ+C1kTg2J&FWh_iI=4M9@&BLJC*pU>3GzOVXcQC%MrK9$w#@SvF2J&8 zA5-9K8SUm~PaMS1+I0Jlk{qN+6^R*42LeHlW@o=_Fr8$Sy=FU zyi8El(-dAlyjU`res0+Fvb`X>e7kI$<;I)m*5$WTMyJqst^m>F*pBSFwyQrk?s2%R zOSzI^*Uk6$cEd|U{v_Gy)#V7EVka=Lc5xA_5(IPZ<;2%ftKSM%Ljx#5>~DC5(f2On zJETPK+4oZ=-Sju)zk|O|F+Y<(>Ln$z&H>G@ju89B*x%U!-l;eegg!A@q#7lf8G~qR z-bvkg`!eY;8s2SY;0t|WceoxCF<&CyHEoxbF5=$@!77a($7}DP1u&8DMZO+a1d5e` zG{yd&u@eZZ?$RfXfEVno%AY7|6>h1e#?6}V$)%6p+wVKt_IV>)lP6BW(r`4(Az^mi zeZ4iC>1aby=|t)hyp|q?TGfeMo8imEWN9>-zvY+ciP4SRcSwEq3Gwl^@W9yo`!ILj z)+?PvlDKOaZz|rqjNHQmwj359l8SV`m^uVMG9lWq(pnz9b40QS5npFvW6;{ie zRBT!;T-EJ=szcXG0k?$){(zz5Uf}!I`xAJ5`uF_wf$tWGHNCbyb=AdY*)LI0P^kT) zcJ2AlvuBts;P%e+jse%5#K@JGI^cHZs>-uv{U(k9ug?F;%&k_*7b>9JaqxGXhypk| zk+kEw*Sa9>5uqCRL_Yl}ay^59-0P%crNdS9!~Sr=rH*HC3+S7S>thTHK+yI#f@=snd42pZxBz=Rpvr(Zw-4{wxMJ7t=>Q07Q@T_a@90;Z>8@9e`!WnAOyPu|}5pZ@o zqUx~aqUU!6Pf^EpeLNY~_`4und7~it{6)m~MPhO+x$K*GSq{Ku(0~p6RQigaNK{rG zD!yW_#}g;p7CyZtXKYeXD&|#U_x+2mR%LmOo`!OWZXmbPdw1@0hn~`WWM~-UdsbPq z0Lsv8F!G1EOI$!r^H(P~pMQb7eVVu>x!xg_-wKSgTqvUz*`K0iCBHp_CH_R>70P{5 zKdELUPKe7-FtM|;#ZKJXWLZ+uV$9@B&O7jj273s{!@iHwlW=_NJu%ca`f*d>Z-CuC z2{1{){ED2B@L(~S?F4W>YFVONvnk)-s&`-__O!R^kIgjb`9Wy1axB(!=q(=;{oi{1 zDpwT<-5++uV!jf5x7=t&&};O;55N$h~E z7@^k$0HkqSu1^1%s1PXYkzJA4Uu4)NOYvt_9b`vKb1%Ei%}o8 z$xZyq_qbzg`=9>D{t&N#p7BWOccg>NA`b7|?4O?~jt3zMVk3u=XU~In7$)*(`|=v3 z>n=A|)@L@m2*3}kwCRrUGyILo;0_Dn$3vCneA~TzNdzSuXK<78h@t@Lyk=Zy8Zhs$ z7N@K0PHxRn8!urG2IX=)u6ufZ#>4q~DkJ&Epy^uKX!Bv8;yEF1BWQ%w&!j(hBGXIM zjh1x>kt`4d5Gw2@EXU#I^hHSSKP~Cedi=a`au{T6uSx@Rf3M~-{QD{ z!X2LzJ4EQ?o@`ekg;G{h)jup+KHL75o&O8%<33ai870?SV3s7>2VR0il+2h`^?zD` zmC1$?G6VFmF)cF7xTnVU+R#cf;Z$$;A6j1;>>MNa0{XA1p`@rJwR5G|dS5v)gzwGB zo@YPS1I{j1Pyh!O2Y#1a`A1A((9fJ(D_S){&vVi|m{D-@4GiHub&g~8_?v#+?|$}{ z6_4$$En~(kUwp9=%*~sZyJ_&uKRF>P2Z!sK5o(nmsES5!#eBy8`wHVamj8&iG!q)l z)jwlSBw8-d%GzB&p@e;w(8rE(;h#n;6 zTU)dp!5@WFLA5D32pxJ=>tT3Co-UP#&b~5TMG(*mEkepUv&7OLiHKO0b-ZX$v~r@B zfUjj6p)ew(g0F2Yaw$PmK`)_4`B8JriTsRH=vrkdzMLx8Yi8FTOAl>>41t>7-Mq$1 zOt9ODsSdE%DrR>z)XZ`F%+yfeOm)}gnKkZ7>p<{w_~y}F18BqZ_x(W33^z}qA4y*s zXAWv`${9?5ATTiGVKhUuGQR5eHueRBOlSm$t+ueED;Z=Ya^v zb_R41LJR-yPl#2B%hoDjw1sbGerxoVC7a>itAbdJ(qBBx{S_na1L$#`Uj>)Q-+uFc zQvyq-QM)V7ag!N8Rc7BzkBc}X0KM=b%dfbE*bUOpVh}1S2jM?^wv!xZg%h=a+cJ|& zCZ3xKINjSX`hmC7r>9Av<|)=|r%`jupm4+08M|TGu}IXdx@%`;Y`kg;k2O?={wW4; zpRFeD?|eoA|4jKt1}iKhQ3+j9G6Z&nkvC}U1v4%`z^l@pE*HC<-+G^<$$)3&NVZSG zXZTx6T4VfVUYFIdg8@dHH@HIa4%?Rp`A2R`0ojugOE>##z0H2e`<$jlcU9B*0ni=? z?^>}8gwsHgH=0=7oxnc5x2vvaxBF*7uYmFVW%;ZzjZdBKr!h zjH&Z{UKzAE{OqP6CxcQNn&P5gIvN2MlRqBHA$a4&X=C<-T&M2uBo4RJy|7;PL#X+*ukhEugl|XT0Ir%n(t|}~TuJ3b>uR99|I36v6wUilq?*^(ZNENM_RxYUH3g}VGmRX4+2X^489XqF3kb#I+BUjOgZ zS81B_`q%@;dS7JK5~HIvwakkgfK}AJvB7bWQo}^~Chf&QHiw;Hnxo>O)jt4jH?{Pu^OG;~V-T3hc_=o!KE$R2hSOSTe|lU) zSh(5pdNL%^S8n(Lg0{@#;<0&8xwwQYrBPRbA!|zL%P!V3?Qw08EOS+8DeuY zfWGF6${>HSxwll|ZI5`+xtHRY6IY%UiZoRcmcR#Bu`CzXd+7xqq7Zem@Mx(b`MshC$}CBe+>V z+|tiNVQ};LvLQ|4;GGbOWjUVY&KqJrYWH|aAsz~YNFA)HF~wAkT+4{M-7ANh&TQCbz~HsbY3 z|GZ?Vc+aDPo{Ff7OIkJE=JKR!!pZMmNKKh^2E>Q|$&A_ei22F*_~ z%fV{zkGBIT<|DTCt*m8uEU8@2r3NO^?j2XgC7GrM7Z;(ohXUwHVIDdQPOdYzSv^nh z`rVvniYuC{iIiCRCWkHVwGwE~Z!E=Frg0(EE|qEM+R#nufnQ-`pf8?_W$I0}0^w7s zmfy#%xBbiCtLK9oQDs=)lbcj5X4Y}25t-lIc(7L?Ghfvb%MglZz5vx45D8M}gk~fZ zjLZ4SPA$~=>22d=>;G;M(BC|?5PbWJ9$h9xQdJ}XD}g0}1sz3W!Ha4WF2Q*kvLa{X{KNgQzQoD;4N74l8QBIbE7iJ_#=-T-5|BT|r{5OUaV8>43O=Ad;e zg)um+**DtHg$9Krzhkli6qV_de|pRd)8`9uhIo5Lu(FuMPp9Q2({C*APAiK4b{SbTj?`1i; zr%DYeiNbU5hyoM#zRM3^m-d|Y4P_EmI`ncFrKK57v_h#bRkE2i2~SYfqtO~m9L=6?629%D=d|d zsV4%cDPPAgw|c&RB~wcYLiR-YFn)blY0pL#?{Hmy&CM&L$5^$n9kEUS30Y!fMFuDrLwO_LxPk(?O=_;58^^!@{DOFNPLS zC}+_pH(@qsF*9>GB~4;dZEUe@CYb2iQm9dqcwXzlNW-l1$jA&#|0)@OsA`>;G>aF{ zl&T$j6jVdAPa|uz%1R~1WH|SCz1aI%Q5!!`9Jy8TVIp4lg<#ZQPPz*}{d2pAG{V$? zKFORVs2KxesYl~o&zCunk&(ZB9OLMo%`X%+57tWbU5@LXTN?mvO&0yde68kdRM-q} z$@*q%74CU_L3hAJ*X`G^d_VS9~fZ1Xq1-O-??=-z>MF}E7-n7#&~G!s93|zdG2Jly*#lsnFzj1dWF)7 zbz5v(MpygG1wz@KnBzu(pE4a1)RB_aEDm_8`ATf6&Uk$?ypc$d3hNc81uDFXng?2( zG43ZsT4t#l^lubAH><(I!YljIz+F1ZEy+s# z=?BFuCjB>6W$3aZ#&9Yr#IS;*Z5{Vg6_-fXas?ZA-=Er^nVW~q8l7FGw!MRuu!gLr z1$weGpTEQb5kVT%fFW6A2C6ws$kcvcz~fLul|-y$>Nxqws6HOLnjDfJ*$f$8;%D-z zV~S~7+GHsmG(x_6$VG-@1E zk=MGVy`9~#7%#IsS~Bn(QElfrXBR7<>7WUO02T(X+QAM|Y8%zZhH+V8#Gjm9b;V6z z9hEWF4xD+c1)qBX;p%!jv9z>)d+j6_ddGs+u80eM|N2>aH??Q?1WqhP!N0+1+sG7l zo^=&^yeus4gv6vw71#G=Lm%RdC?i7m1K7HM$CJKo6?e7~B&;dfxF8X*3g=rKvB(El zS`9if1St*{TE1}wnK-MRXY^LnwEr6Nin$vu*Z4dBo5RVWVFI&=91c>hN%z=YKzH7G;p!@LZS zaz=}ub%w#!?q6zq#`lb8N%+FZ&$t{MitOKwUXth~3h1FD7@Y+*e@OQiGF3EikwTdc zD!!8xXTVocF^`7I`{gPMPbPGyFJdH_eGWXwopP~x*%!&*A1lw__Z535GkzZ+K=3E0 zQ8&||)^ByNm_PLNesr3ion7f~uAFaweXX{!X;IwgRx_0Fl|S-K zaM3L0wp_)z)^es0T~0i=gYkuoc{e zVC>5)z98ODOT+Sht-i5F`3~DNL|m`=1+ZJG^D-mOec?LK&pZ6ZTVgF5rLY4*s!qt$CV5AB&voNlZ zaky~cBBp|Aq~9l?DTLA`Lelt7G{A&*!ZFwmYhBhn<*F4HS;Y9I5L?rIwysmE?ozEY z$EbAaMC$satevvMFSBE1v_$%P*IvlX*H<39 zKLlsoNtHCPZ2vuOU6RVbGT6`E`bX>{jj1q`zUz-w{!S*81rEy)z9*FAw*uVm`^5rH za|p=+uGcEI-&bi&V)7mSIFgbF+jH)VltJict}S)!G{w%;@I}d-Q_-k0Tfg^PHm=@F z=sdqSovxm@mF8f`k<_5`m~~U&nbB9pJW?xnCY}mcd!i>^!D>rZ*Ax%%OGF8>+HE#B zdwDxmX$L32-4?mAnl3&|zaK7K$-tr9K%-9%XC&(p2_?Af?IzsbwLILzbuip%yG>gd zf0ZA*GI}#j^O!Trsqt5yD0_WtaFb`NHu#eQHI5O;z)=!pN)$o|3dsV5WAPv)YI6ey zIpOO45I!%1WVR6Ixz+wn)Ha)ICJ@y;NFoM7TUW^k)#|yU`JCg(hL*aR$WoQb{Rw2v zmunM~qWF#(`^~2$no2dPohN9ibaxTYAS+lyXGSZiR$f!9VJh(}>UC4hZ7c~j6fQ)+ zd6>zw4&H`g)@#imJen#fDGA-&B=dQD<#*YIC7tyTs;c@IUu`jUE&#dP7CWkwrktHt zWOHZU?Agt>_z8#WmLSW-8TzQo@DGkDq|9$Hi3xxkF~BF? z{#IdrIc5-oSoHREQqRCT(F zC2es*xmS&E3%`V)gG&7#nAf&e)Sbj`%d1bm6iRDUdbSH_Ys$IlvV08VNx33@@ZrMw z(?3mY&k69nYeqIn(ihoO7#j>b3>(S!-tkw5U=b;$)ZQ{eqZ54XiGM$*&&LdGKm@ev zK_jK|pYSMUlmC`W963g9S`5x#uBW57g|b{^N#X>vV*BeAm`Dm;s=tk@q-c#lsWpaSir zt*I3g69kzY^?%%Bpk4>Xu*oI=wZi7_YVf93muD3L>N>6>4PZmkbbn6)`3Y5Tge!R7KvFOJfD5nTrrkrMP=fzMwQf$yq0 zeoRI&7u6PE^p)U-(3g}9kHsMHJhzsNIdr0mk0>1Gp1?BJvW ze+r~bS&i@TEq`2IIiIrP=er?!8ocWsD(n4qGX8+-cMh-DCKM!5Sk#OoPV-C6eIQ=e z?WL^j6EL&9!O-!GOCgovUu{fppxJv_B<(%Wd~&IZv9qxj`r~B$7GzPB*pS;yU}fFt z{guk(YTHor_fDvo&n`>x=?8}uFfDLAHBGm#;I+3I7Vgl5UR+%Mdjt1w4`4SQ;6`J& z5uG=If^{ItiOE}eg*v;8Q#NU}jdFB*7^arUA6l|psd}Ns@Kk~O+r3NKL6yD$(R7SR zc@R29g}(0!bnV;KddUMh7A-$tezhH0WdB_o@9lQzGLJ?+1pS(l3DKMu2<%uVRax7- zZKwi*#si|Vzco|7Z;e-j*WrN5icgT!ZXTIxFXpmftm~P$foqloVx9|5U zs2?G}e+Q}B;TTSL4>p-GWptV_F6F4v-jz7RUIJ5tE=BdYnzUj^w0*p z=DYbb#6yLMruvq-?VJ+@Fia(O18YCS?&2&tmlA#fU+xK0vW!2*LuM~4y0SuczFr`j z4F14xARi%9&FM8dIF)Gb1Pf~zH(b34R+<3@RDYfpU6qA}%N48|%1AX^7tD$^P$?(< zB};Iw)Ov0Qvn&Yi8qZKxF|=~u8~h=dEo|GeSVIYfj6%7@y=RO1Z&V_ zY(Scx3hp@4Tr}Jj^_!l7z4r_p=y|>A{ssQ|C}C5wa0%zCI8X!u1K`~6je`A+AOwvz z_{EujBHUrEf|M)GCWY2wlKgC`|J4lFM;KxvQd86J_l>|Xm7=oF%KKM-;rq1h+Ck6C zSklrYVq^c^tnH$EBd`Uj(`WcE?6s4cw9U!(w>%$4K7l2;2o31sl!9HsJkwk zGkl38_Du;k);5&%wJ2(2(9en##x+m+lOy{72V&2~H!1?b|K!~anAC~>0Ds9k@av7+ z~cFHwO0c z5&`&E zUO>;In41wF_F7a178&Sm=>`E|PSA7G+q2M3X)DCjR-R5>OI^X&iHlAs-qMEd zVt6dK0ahJalwC-^wl&N-vyy+;x=QX_{1t|GliWF)j6pE9PL>xLi=pVO2WS}DP zprYw5=hGJoCAp#0f1dCwOZa8K*}i*6|4mVZg~lVWe3@98T_VH=%bk-jL0X@frS;_z^snf zp{LP*+P(8lHLnq^9v)lXr6=J%st>*L8j4sFt!K7dbz<&2T4I@o?~Y{Olh#itB5lf% zj;)H+Z~!$#r9PHZQmjT_N`6HJ)uJnZ+{=-*UwOz|Dp{`3^Kev|XI)?0zQ3K>XmJz$ zpnDTBLf6r8vwi1>?;8H}5(w73eN%PJ{+qMX@_wr*@J5X8zw5&)u=%$y-{=U=)H~yx zxsIkF=p`T=KoYGuKNlGG97Ca50wazy$DITxh^-VAT1;UuuNjP02{?{s?1MgzrV6Xo zm$@B~I-U(%R>Y$$_i1dQgqb4&{LN7LB;7)ri_DpN31GJ_lBEng@z5?`B)+^DMWvNZ zzkMk?@E;_5522tMv=O@CHc3=hTV33;OaUJD^(w9L##unKjuNYwWWXyBuzZOTIU2%& ze66JgpH(KsuGR?^3B~d{R&N;g82MdyVJ&EAG=FMI#jHS4pcL3|cE>>VCS=!jFiyGQ zUxcdiEBfyt9V&_uP{L{*9LO@*TwPi!T3D#(dz^0!LY|_Cu+Yt(KSs`?InCt9Ag@bR zJiI~f3{h`+qJ$H_TvA;0Fl#5+6xZOR3iz+V$`Z1tK`Coo?q+{L%|G&+Cz(SFirEB0 zZ8UUXlnl{y*T%BXH!Hs+)AvIudYZbrmaakHarg$zH+OxEDgxl^Cclsa8qPAP#R=U% zTaUrifW^^AniXAPtw(jCz0&4<%F$ckmN!X?=-B_tXjgr$LlRm;ZB8?y#kEtU_f*r` zFPizaJA?bLFhhw4YJw8iWC$RFP~tV{&bR+BY+gcwFd{vNI{L%s$&T+Sd?dilXZRG( z;|W+_wr2#aIA23|-=>3`ss*DG<`Dtg_qTuzI}dXaqN>+%Ly)vkxq@m!HNnSwm}jlN zQ?;tI8W-qK#oZKDc1cb6*q0YYo}PgzV&11e!W7jHCPxeeewX327fkFoTxr#DA+$fEkYkuF%>hL1NWOnzHmc0~?!u@muno zHcr&w*V`;~!lq`5TO|pOrZ7zrq@ZAK76@l+gLbSfMJ!DuK~c(15k2^bA&- zFS_fPvM#$SQz<4X+MF-bPu1t1(xL+bp)P5!wSTy#l15bF0CE_|r4qFNO7HZ)T2Wpt zyV17Te~wvrJ`-?RC1e(KIv6yYp@^0W=b_g`e^yB#mQdg z1C2vm78Hnty6Cm~KP^DZr10&)(n|9*t3kfjGmI6GBx;`+(mHsucj!DxNWQ1ABs$bo z2M)&5&!7HHR<0<9f%)!man)Ew-1TI<(G?1l+qt~f^Xu44zP~+7ZX(Z%lPn^=f^279 zAib&1Oo;fYu9YpZJh#yUe34hlOrK-`6Pd?W7Av+M&04Xiq{bt0pcU(+VY!BX)X6J|_cUJjD#m*}O1hm}sY8sLO+ z)cJ8B*x%vl@$x$L2vq+NvDM?VIEtb`>`*Uo=OI9=dfVw&q8h#SIyRpaGc}sg8EJi| z*rA2d+4CaQ)9_tnG!|jR8nx$+SVCc|NK0#F&$)hV&q~7`#+O#H)a@_xz|WS03(%QO zaF7=X*13#7Sn+a6GwZ7rE;ULU%EMd!E+dwO_L1p`d)xNaS-)vkWLFi6Q1;cq`g`S&X7iJ(MsV8Jm)Z>IA@k`k*bZbz^=M=Se4l z^s|wjKI}dHS#4T0@~@YpZ62JzvNWOjKs;vrZm`k*J$uqZczX$scJ>WoL1%e3K{^Y> ztY7kKD$~d{V&6oauK+^Gb`v0#+Pi5MJ~8|B-tzVzl(OB4g`?Z?=%D}XEK5EeFX9Wx zSP{m9;{K-x9T=ZC75je1>omZvq?{p;%?PBqFeJ5cvsiduEQ_O;aDFIFFGTD=b+;q@ ztah^WidbKTjdgm}7Wu|L2GmhN8DUpMPtq$2dSsY%H?&&v(Ub%X^s={>D0cM#yQwaAicLr5 z_!c+&%%z||k?dEi_$4o_8SR**Z}!Vtiuq9t&*8XdX9*Qx<*?Px&T$J$&t;92M8KgC}(z4%*_K zsE7IEW2Zv4jKj{+!x6@x??*46%h5Mmwgo|F{##bB%L4bXLd*3)yoipc+gX&W{nsYP z;Yy3JFVkzvQ-d0~a7{=-k>Re8Xf+9VK%tEKg2Vvc+p}7UsNKh7!ljD(JnZQ);1^8(x6t~ily$q&_%4! zFLf#Mg+Jykce$e&za1{MU(car^4bYnv5KZV8M)Drx8J}R-1XZ*3boz%cS?S*--sD2 z3Lui8mucpw;XE*sm#8x0VO`Y=wUwLQ_*bznuKSyQn4O$}MV)5P#Lp)`t^^uXH>#h| z<8;Vx5*tqWmO5$SGtzY-RSe?A}Un!eiIb$zw`bUi13 zd=ggXLV=qx2Wv)LbEoeyKzwF8g3B+W^io<*Ac1x5z4KD4stZMsEB*UDonf!C{YbLw z$W5%!*d6EQHA>3|G0U+8dQKB_7=~)qtep~|5VYZ(atc04Ny<}Ud~`@%^I(W1RF}g* z&G-SRASzH`D8Z#N&=pv0wO0Y!#HBX6vLu#%JEMcO+LYN6d2TwDkM@ZMgR5thWw{z%5%TNh1bep8iUb*`g@-zF}oj&S>8^ zonYFCBC4Hi4>DJcmPeeT{=-Y{N8#iyOJ?LWpO8vcPmr74-c)KS9hVVTZv7>rc~H-V zo1-KreZ6-VB9<3AhA&Z|0=Epu-lm`F*D!ufJEQVro*bpK`A6`1vL5`M7mcNK+kzPg zSHYznr}?}_lEeK#ve|v@lc)PY&*t=QW_zh^@1Lh(Wzg4R<(H!eq{a{fs(gt^q~5uo zMvu+~01{hR%~fV@t&%jaR4@amcQ7a*(>19RC^v^xpy+j?k_BCYb2JbSC{2Yeq6IIL zmicf0!2;WR`Ln*72{L&+%n?U(+12Ea*b<1QM{`anSs4t78i}LGkO~

{{XA)XSw08n+l+pw0-^^zF)=ilhRluz?l#Ksus z%rtfKKY;7b(__lLPc1O%#ASEEQFu&KQ=)C)U{Bm=(H+r?@$wl zQqFVCdLKOYzCHp8{#Qr=>#M`pW}kl|F_@kZ-Gc)Xr@ABf3#{!u`E`#fw=Y(|wyNYv zoVmCWR@jI?X?@lN-!*`tBS*0`3^kRjcH&*f19ph(-7wk>ufu#z7xdW^y_|a5NqTPm zoo%m+jR))U$e5oV@t+sSx9^N2WKp$i8vbIyEg23?;LtS{^rqa9MpT|&3|M@MR2P2D zKAq8irry!`K_4n|BE`O8Y0MaDPaGgrLIo)KB6lU3$C#SK9*C%cEG-{uN^y_u6#ptF z-o?~gzKQ#_|HRlMs3P+sVw+SP)gM-^mLbgJMtW>z5bSCpd(I4F0XmOwmL_RR9)^6ZZYJ$~;?Kg{bLJ2Bb$ zWf$Sc(en1E!Yh~h2j@pPF|$U;9zf2{zdn zJrGB>llj5E>9wo!=!f?)k}Cdue)%&ev>&(paQFS?YWVE-?)FtocVDbpv2wpRwdZrg z!?s?}Jqo%N z-ueKo|4vs@f8J|BrHb2EO;|Ez#pJ)!`?m2AFs?pSr zlvgh3a-Ze6CYdQFu?jNp@hH%0lz>ciiE?W|b$8tPQ_fO3aqaZJCrCj5od96{)nSenNVEj%J)Lu35vlvJ z^*Z-hr&W9M9C~zC*V5H1#<>&W$a9^m&&uzn?~&OH@fLii5UmCc{~A0!<_JxO19%cl zb25JWL3X&3j-3w_g_&%!`Bh_f)+#9s98Gv$%ujFP#Af-#;V|S}fcLVHkLC4@K@xj< zzR1lhxKVSXee3b?tyLv&YDWMC>0en2m@_H%f&i`1fGa|u2Tz|W9b?Tyw+xBA7pb-# zQPcy5dl7>E7hlN5(8Zn^4Lsq5@3p+%b!8K@AO5*r|6JRV)EU%qiul!8=!^IrKO+2j zZZZcCo&9%P%E%^bSCA<8U_GMk3lDnuGgFpRM(1TIqcFXsHJuQwiBSm(&Kxx$BW?c6 zztAPHIV=Dohrz=VhZGUF(LMDfC3_i15dm~@*0aO5EkBD zKyG@QuO!&mnX{Rdn#>~9+TeF!C$-0+&zb+CZ+_4)E!O=z6X<)TMPe;7k-G)v?G1Re z+5FZUfB&h^$ze0L_AJMJZmhKj$`#xOYHe=8Mhz2i{QEC9fCrKdGrN&_y0>W987W20 zoZ$~mVO>!P_2*BM$Gi_f0T5U)aJE;S|G~z}zh}?uxb+w4f5!BFi_uGsi+*GfLmg%P zS>g@!Atm|Psa8sbk3PRS#|g1}pIAFMSzWxkx39Ab8}X6lBh-z$zLyJ-&}Uf=x8PIN zQUCb|*5$Lkbo-f>D0w)#Qbj1!lJ$b)>ak@=kNGL~U$@-l!e0R%FH-4APc>B`$t6a5J zAVv8wmGG#+d=lr!J?Ye1JgJ8B7s4@1m^;Eh8&|19c0h+M^{%nus%D^g;VaELNgN<1J1#GV`v zVEG)?R3C>rL&)uI>6RFD++eo&i!rz(T%MNrfXQ8@IM2Kltyw(+RP* zj11v{vwO_dAIff>_)qw`5i5HVo^OQC?d(sEwD=dFpCi(bL2JmH?a!L{`9RJlMnCFC ztel{bi;U@RdGizfAKA&QT6>9AjY}ur%gduh(9oK>6${^<1wv0p3xo{+e9QCHW6lER zrR+(Zd%>Ub2LOq5r@5;Iu*dy6Enp94yEbL^)1 zgP3PdgdWCS8&G((>t4pijRznu`~8O9pByGs-O0&Eii-J-?+g; z|DJj6w;-al9DbonEIRutEJAna^JTjg@U(Sa)@=I7Dm?GSa+>_NPHz~;@|eByX(@oa zoEX%GVWsVoy@3j3fyLU9WZRBh++NR~IqvQ@P45w?e5BFTy@xEEE#0o@i%vDmr3lO+ z-apQ5E%2OU`tJlmb*!!ZvL>URtqTH->-2;lI&a_jIQxotbsHIw5&S1dgP5$w8U7{F zfgek}?#F=2|X=cpcOP4q-u9x`phwpW5!5A@6YKO}dq=5fNw8FQ4B8J+2en zr&BkSo$6yCq{Y#M?$z$q8K_UZ9q?4|J0(A1Pdg!0X;H&F0|5Bm@be?HGzJ6-7w*&)FmS30XuZfJdduLJAy^zGZ}DjaZHKIXMBRt8UqwL43AFESTC;bu;lB>h$P^kj6hj@M5D7ZEx|TVw=`!J(Qz*L$Pl zzF8wH%gn3C9=ZWg;n6BalU)|Zmij=p+-`?^@An~LtqjR1#O=VsO0E5BHY_N>pU-#R zk^YpE0G+&hb3}37z9mUsdBZ6hYCr+S4^m34&{(-)ajcGc-Sk|sO${k)0eLd;okct$ z$NC9+ShynSLiVq93Q(xXDLsvg>TT>Vk=18xi}>r|Fb59gH^f}@EB%;3W^xpn`wBX92m*MP_U zJ-?5_tJ`1T4yFTV=jOuEz5C`CtT@y?iwyCC@(9r7<*retg4AcCgJBDWr07rUFDjuR zH(C#{mev=n%qlQV3OF{kSy3S2>q*J8Y%Z&Fa? z>iW*Gcz4AiCHcyhvfZnHq3h`$qrv5h`2GEAi;@Jzve|7zfE)p;SO2m2`%io_iJ+d< zbV5b{trI?tgX$fbX&}#mWZ}9;9`NlcNA!$p3c}z3z3({Q6iYSrC{$#?lzP68ZX+%P zO&>FBtrAmk8dF0@RVI5u1~L)F|Dhv!?o=i~g^L+uT0(THhFG$B06UfV-?QGNSlGn% z7rMCj@#fwVX{f-@8pxwG3aw$0LkS|c`Jq&>d!yP7C*lNIWd#iEYB$?%Rz9hixJyv= zBusiB{1{4HR5fF(x+pQnbAFPn5Xd4bfd%xNB);{6NsWyDkEW}NYO872L5f@P7I!G_ zF2!Aowzxxa*Wm6@T#8ei;_mK+LUDHw8YDUS{82Gz_`6RNo zz=RP_uJA#AU%S?&zAlR~g2@@@HSuW1=XD3S=+x(e(P}&i;W%4a_=w(!v3=h-Rwq2+ z`bdZgHd!HKB%~!f4`}#V%Y$zEwv5w5hufS!p`X8uuzc3s>5`Jp{ob_2)AUkA;`^TC zz#7bRvG741{~7-Wn|7i0UxEDx=f1N8bq`juX1rtje6=y-@Oiz&9d~T;E-8_Ss0fXZ zuitpnK#kUYO13-Jt>+8^f{R;H zekw^n%VWBztp+9bJ-iB#=c%&s|9$=#6~|zPIFP#UP!)w5oOS3!FG$BVNfN(UBUB=7 zB40>3r#&2AxgQo6_eiJ?r6^nIP2n!5`&tNK=K3QS^17C?Q#~M;^O~`{CZRZ}rq;!A-YK@Kblsmr;-mHBMhk zw_hfQr-)IjFb&YWrWtU2ab_v8U~_f4I}yvKGTmInxTy1YZebZ2h3|W#GLEX4X<)vK zUhk~<-glT68~i|n4cbo;zlkOhpRzIkS(gZ@tu^%lBP)qEw|3{vNvzC=f~afHx|+@j zif#mq>R@1A?DE<0-uk=ws%p+rg}de}J4pQZ+@72&f`nNK zVS;4Tej@xj6w{_ZTd-!6QX00KKi8QKNt$HN$6KM}ZfCqF(ViD3?eB8u5!nGla}1P+4UB@sf{74BF~;ZW~^N+gmh zL_sAUqiNR@mmI<7@)zP1JlcgW-+9ll?{-{J*0Bgww4Lo^F7TC@ZhI!($#UtAbt!Oq*pj@}gN-om@#7(2t^x9fgo$iM0Ezx`7ySAA@Y>}aH^vEM*<7B&peJaAw z(i__`8KbjCYtD&4HE#`%3g9=7%xpWF!`dYmowKsyk&9Eq+lyNUHiWjDhHWCVh$9`9 z=(p3JoOR=mOMnFUh#}{EmJ3b_0@^UZ;kl669)sz3-`L~+X+*4tKV+AMbht3=ZQ?<9 zncHf`;G=TIXHETs;)$dFquX7=pToOR^7xHa1$sOYwJ1d>MH1?a7y`L>m7nsmWg{14 zaz>RpTeE8;8t&9caTJyxanG@+97qiei z0P_Zya zxhU-}Cy_x>&E-9I)opcu%mwPf zusYw>wdjPPSvXPh@|SDV-4iU`2-F1*?}O%pJLFJr5kl}IIKbOK)DxO5CBuk@a`2B5 z+U_otwL(8#CM|dsgFBL?U2@%76z4*&FjORkP4kIsFA_AEO3&4l1)Cb{3JkyZHOZ+j4ytP&gZA5 zeMg>iS8k0Ei6F&9yt=Pax5D!&^q6MXJFM=87@;X54#qe6%uoG;&`E2j7q!=(+yF*; zK38l~S2AUsi->ytle$rSoAkPf^pLjIrGzn0^mgar>oEKPgMF!#wM-0Oq~J%>kopw*4sk*8 zwz4xevV3t;Ge$u-hgCyf=L~;3!t<9@4ffz3!b291-`lx=j$izRHv9`k`ua~ONpxyc zy!P~GWeu45v>11e2R=L1C?i%ZF>&*g_?x!*hfINVXKg%RZPth?@)LKOMs1isW7Q?; zcM(8ZigCfNz2pwJUC*Dss{_r7XV4=fl-bl`OC8;C(9J-U_M7WRb8_#Lh&ezr!dp|g zc~~C(hz%MbBE-9HbZvR>7ZGQq+G)0&O~<8k6iTg4{co{<(F@6^PCb$I3eUXStah6@ zFryy*l&-RL!yBm#^&by}61H&VCoYcQwq^Sl+{G6ML_o151Rc1UYAq$p;i0}6B32`v z+*E|_o3lx-0&;4_Re>EySB_Y%WQQeqYF4{p^ju@W4yT}8@_h#AxGQW<^FK*#ZKyk- zH0^__=b#p0+(G>qoGh@;o0zf^Eqii8*cTX#22Q5gj}@z3(^4Kxj2Ne-3N zjCA($s!sI8< zfk_|Te{r|4@l^|p9ZjMOXevq` z|5j`~cxL1E3A^@C>yH_EXeKx5 z3p@X8C&Nr=<-f0#h!~58dihxo_?XnxQE36xb%epf=^_iOenD3dup6nkDU};T!AKKl zWAxCV$o+GoxB1cJv90Qp?7|+fr$}+ph?2R|FcX=EDMW3c-O)DLb@RrdDetIMYH!DUbqn^wY>+nB16V>`)5s^cAa1m7qZB^YrHPr)x20-ap5^ z8_sylx-}MH`$?bW;j0NjX#1>xf*KICKq`Lrl*axuIRwW}H1OvaaGZJ-hvhe#7AZ#A zI>jzImmyy=Y2UnB=hn%;f4>%AUc%}GLPb;c%xP5s{@U`mzhAG6)~}US$kZrU8pczD zcrD}Y+&N**$GVDsi;?kVRu-vrC{b!>1OJ*6{`HfEAwA6dnNT?N1M=lbjYXo^EB83f z+e(L+=&&R{Q_pc|bKoO$7UF1cgo(0+h>0hk8c-Abl^#{2)>#X>tQ&IgNOr{LDvCcR zzR$Fryl``SRzFL^?Rlel+Ea5YIQW%ndLcV`wdnjxlNOtrIC}P{A~F0I>ceg<=A4@0 z?v0>g$fDlR#rcM?m1Fg6D+i&=Oln6aV`+-6uQ%}r-7h}s9>jiRkf)AH&fr$&oT8dv z7<6H;%pbs~n%YwpRQP{EOeP;S;b3LRHYjGeRHgVGqlWgn->xwC9b6a3d#8(pEF$o1 z+$)CO1&r^Dce3j{TPM?SMSdTLZ*E5~`zZM{0*+B*K!@hVo zt1#}5d80DXUO+a3a!I?b*+_FU4HTt6K{Q?QY>G*%v6666TetWVnrMJ1ObeffJ}bgd zo_NpOeE05oW!W{UPa-Jwh*eofr&ZJ=4|BS4T6rK3B(jpEeiF{oP7WKFGz}oW65$o5RfOh>>x}1@(^eWrm0a`)woR%Hv>Q)+FwtbDw53iWM5Sy#n>C>Y zFdM?*>ySs`QYgrMk;6%)U;MpiLS$a`ZSgrzK$|G0IP8c!SW`SYyX+=4l49I1aGohv zvC2js$5Ifk>qr@TWKWjq89YNBc!qR6lnhbapZ5e@qeb0D)DIeC$bCUD5suo?_tDEt z_E=wxEBVl9h2gsDkD*4?pkg2G-tzt!tN5O5XdX{8R&H*WlV?FX8FvTXIi$!0jbGEv ztSw;3{_Xf)i?fn+EITZqcP-T2FFASc+9>iyBqY?ElygNPestVLs^%+7CI=EZgjd3@y?vWqKG%+`ggSCL8r7V?&n)lQ?_UN(WuZo4LkJ;v2gIPrS1J1|@Y+u05WY)s{tcl(a~!K51(g z_mri3eC1zQ-kKd)VMt>ASy5L-LzsAb*wO4QN`6R7jfme#V}2uW*5X*!P)pv*UGOpu z!ikqYzB(s;&j1A6*rZ)9>D)byDGFf1UJ(09+q3h&iw05%_|vO5t}67KqnF*0@q5MW zZci&w9|aeKjxkZjXN&^|D4*Ix1&m~P7cS_7hf3GOoPbo6T$qz~9HF7ZgU$piJJh6A zen&8w+yoD%SfNtY@@@D8BrEWqHH@pvn_`FF80t6%%(nyqaMh^6gTVj@)T>ZOw*w2ZRwU4-?A$LnKA?#iFqr z!OW|0LgsYCj|vnc)uIOs%1Gh;E<|0ySX`v?>zKoqi}Gs4jgP>YN1^`b6wtWK873S- zXQf=EvtQ!W@Eq@u?OqmLy_b%jCRxY9VqGbL87K4I){f^B*sJd- z7}}007C`h0rbs80@S=DD&xyEnh5FP0MBOkYDULy2)I3)i>uXy)qP@39)x~#MS0I z#=bKAg}fPwkn_Vd;N@CU8U)M_t^+5=<0S&D8wvPCei5*TJ@IMG7O@(Gs&5j=p*I|J zEJ7z2T{%mVonNir%@WWaiX4R;_|>iaMEva!E+WZX7YG&afmDU;Q*6g*ITcOljtecT4>pm0rY%L{g#q$)KkKClu95k;bLpF=k3MD!M?b=I6mOzvHXu1w4mT9Jx82t@$`r7U)|?cByuKP z&;+^CT#MV*GZ*NO8Q@HSoHW09w7}1E}|vOa4k&^gUlZ&=`IkAYiEzZ$L3)^l2$N7<@)tC01Q50XT0bGYL#G(9Q%ifNIp-p>+I*ZYkQ?I9U_6la%9dODIQ8XjEr zamcZox!gPmFkSE3G}hstfa6{>2Zl`L#IOj-cA@|Tr_1C39G~H+Fr_lF zXHmx~Vi@5v5hCcORr!1ZCb46Y`H^tR=IDL(S8zxXrC%-Zg*XucLAArBe@AARm#OKx z8qMIc@=nU@2QFqL>fId<>WX(7xolqd#RW~z88%LWw72bw=5r|Ax)HWmFHs!~6}wXM ze)ZaOrW<&pTZG)E06`^|INKn3mtXth!ZqjCjK$utD?CsPgpEU%fY8U)dWXR+Ccr@L z!;! z?wwYH-l(klA+yH7-UlrHd_R)THNM-4kzRbt13EGbTB38;O|yeUpMPp9I`0%&;!bL& zrZf)}lRa^TUrN5bA@jl`O#_e?EC(L8aN+gt$EDkpf`S>(uYi%Kkn;X3m!Ec6o~_7P ztH*^s1MyM|WB04c=-qM4!>9Z@jSi!H1_lNK-WB06PRQ2Qwy?Q|U_}VTOL=1W#!LclqZk2td#xGqM}h+h#YMe;9w$Bg9|`Yy-%*hA z)70yDpspFMU7Rb)puMc0j3uB0h|%P=e&(6@?6G$D;2t=!c0G0DW_vchH!E{UA8N^>rn`HR)wmpoVf?*X_$}ox@Xq>1HST-?cI-dWz55kiy+4 zG+0a%1WFdpRXv4CR*3c~_Gk*5iiJDK{Rbp|ZKsWC@R!HawV#FxUaRSLf{Y9C``9$1 zl-8V)q#g~#$N0R(&c>6oKkDV!zZwU_e=Xi$-a^%yMsG&P(S<08u;^+lvlcg1p9@oP z_z5L^VWJcQDi5ZTw3sv$ruQxd%Zc%QQrK3P?uU8*;9*^JpV_)VOiQX`7%6$T#{1&T zyt4xD($|d?Dy{{>5DN9~o0>@X`4it_8sg0bZmS!!xXdF;%?he{18`0-%lR{A`6YCE zrB{I~v}$g&rB&^#NLZ1nYffPAO+#%NltXg`d7mnBXRSgFsO$$&^#4%CK;=<%OFyVnoge-5JvZLIM0jO~O zm-$|hOCavvssFj)+;smX#|A>+>1(uegABdsd)h);;IcSyUn6(sPm}F`VZ3}EA9cGQ z1J>_4bm8qzEpy>Rj}&RQlDD=(a!XuBjSkzSkA_I&>EvtGc;4 z-~VvMvewIrlk>D@>=3x?2jzQtexF$72}`dud>q>&D}=iS!eNmWrqgka4ZpMQZw*9j z_3v|Cy?N#O*MTSYIG=oaFt`0ksXSK_yb!g+fr-B$kyehJL}4{>W3<&W?uPV`2u?^V zva_%wrw&sefO~xLtS065c+H);TKqB*bds*AF+`~~=9_xh_^39(gOl>C3pC+>t_ zWel}4sf{fd@q&!(^&y(!zfJRxm!YD$7M^3TQ@w2R(pKCSodD7l@tH~cVmodVrmRw_ zfuaH}G3~!C@gh4&^aLsrJchehhDy;ye@mXQx7&pQPdP&3X#DaOj9J-HNCK8mh7TU} z6*5|;K-Z6aax0Q76c)U*ATOI>5kIXHt4eaCx_>BJO8a4Ax)8&Ii z>+&5ge_>4d@}$hP%-}T7#pcLlAH;P5;ZE`J!(`Lnk#HZzqX)Qh(3(tKihq7mv4z!p zhwi}iP4Gxi{gPhsPpCr);P~~FLX_ailag+6#bt>&g$@$k=ox@VF%O&sY#t(6{^o%x z?sHd8D&U>OG(9aCq;0Jqup2=FC}+ zTpTw?f#Smlg$};m{X~!5%yzOf69uVlcH75Iu z1da3)e6-a^n~rG03>5B|K4Dh}_nN#wtNQK-qx~p7$2gR@HgiZJ=DpW=mf_YN{}}mn zyv7`5p#+LVNtiT>gsoyBB}d7iDAnN1ulf#Cs*N6qed}*x( z=}HokUmq5NCifK1bYYjaD_mZRn0voOAZT_>QgNUVCpj2ypr5i#5Y)*BQ}H}^ zcE}FTh@)E1UrVR(_%{jJLn zzhQTR0*39KGh{P@BEA!u%9mNiqlQ%j|V0+#dN zpvUN*H|5&BGh=(6zToZlR@~@tJW9etm4Uo4iadKjk(}dg7Ljh}>;u;{y^H8Rw?rEn1Obj51mRz*GlS zkONv}V+WNe1Z4>n%)L>>AyL+-2i5cg$w39u4nK18A(VLtoFN(ry;@RC!KewIwErEl z*VAn|7A7hfN^o0@G&!0Y%ZM#3eMDE*M>kW#B11KpxJ+U_+ zooTH5dKMN-$VNZ?0EHy`sIJ+ueSp`4VVHoUa)9@$0Yav9j9tp-tIgQ6mKX1@3MoS6 z4z8WnB8phG>xDD3DH_!XGZiRn{ay#%)hoRv(Kfeet;BD=L$)shMW7&B3~2mJLm8By zd>=7t>$moCg$mH9vGjMWQ<2dqZ#p{YeP11zi|dC>%)*~Y*vO{@xy2=Vd8eTPa#~Q- z-)qt?Yzd^}g~O+1{Df5=lESm7k~FACJ5l9Sy&JY^l#s)jnt*`p{1UJjPm$PLiB>)t zt^PNzL#ud}^7SNCHK)M82QKB;$*nE_HC12KXmr@1v=kL};ao)$49wk;2!aiD6}Z6q z^S6u|@AzPKoYrM-c}Ta>tNma6#k+Lsu;w(R6T34OVVqH}ggE`Zj%f39S;L4t%YC6%!{hKZs zg@&n9$~>pO2PB1lL@X=m-X{PHBYXTM$7+3CAgD(Klo^)|ToIrR5>XV&1HdqW#bl)8 z>l}x@%V8$q3&2yBhFoqdMxyBknE&r}@};iet&p#CbpT8H4|ZQnz@s<+-M9NB^{M6p zLlLJchteyKS1okF#Aim1j;$BHChxZfJ(xq=3pZqE@hi>M+8}X}f&_G??4%z7^HJkp zX`ed|hJ6#3{M+ zib-%BJpJ5hLw3-D7lq9+!<+ewMKd>DEbZN!I!yX1r$`Mg#U<)=A*6&-dt~CkSHLUV z3c@SkNXZ0MRx-v6jO4A^Uf5XAOHR@#O+JuSWXrQDd@KM%~Sf zlVC-l=DunU6~^N*dfIGG>Ju;og)ym~u?`@!a(OtGzmY@bX#z z!Tq+%zqd|NauJwnFavM8u#m3yKwKC+I|F716$GV85BPX~R+4C%IvPpxop=!U>3)aH zBt3D3qA5vTt#;{uxMa(J^e#D4&-1=@9)|2|oW$KQI6vfi;YCNTZ2lH=8jL+M>OYT0 z_whdo#gKkRZ#5o}Qw0#@+ljgNU!2=*OtBk7*fg{6-s!q+Efka%L)CSHsUP)&JrxDU zjF=DBiDZ5 z6Xpfdmlt@jVf(*q#<`~Ci{NH(`9!WOWQ#D=Y~oSh_;enlt2nOd1a zAHl7Q(1#+|H`d5)uJ=N1cbm`ZY}R+I_Qn>AZ=E{b)TBvxCj~>*ZRNsYwm3b8 zX}A(rfjVKx{mJd9zRL%0DR@oahKNjjXG`xGbgUL*9w6$S!e+@D$ z*fWo=#5h+M6|E6hlP($|-8!tYx-S);>J#2v8s6*UR4r^|6IYoPR z?y^yX3OdY{CJ%`{YMA}9Btpx@?29Nh{p}%I(RyHKYnv^Q3;*Z68wdVRu%WOH%4aT#!zM#ylmtK-5S5z>Bi5GxH!E%v@>y82aDo%Tt zh3wFMp2ywr>gx9ufSNiY_1s8^5ju+yxyn)i*I1^1gn&?gg`=Ehlcy#}i`MxlrTtEs zIA=|V14H;x(t$vk)Yt&pav>%6llhZNWXL5BO|jhK{oxe5qE?;=t_K6AqzscG)mHgD|D|Y$k$KBE)CKvYAb2Re&5(^l zWdH#o3>j%ISG9|P!28oDE)fu##5~X9qBwz!h6e7ZlXNK|bzJz!IJj~%wy(nHCr}JS zIki`Ax%u{dvOB%FxjsOl1i(D)@9RQ?*Or)0ouSk^hx3bw_qyY{QR~6Y*4glZ=MJdN zS%9jEFf7{%STou`oqE_P=qU~+r!gX`vrn%t<;t82qvsx!As;+)*tFZ9MOMNmtt;bbN5 z#f$U2Nq={Xf}1dqgMO(8jrFSs{o%q+%0x|V;OPWT0s!?x`W;l!@j==vwS!b;@wYHJ zsMe^D2Ek{C@X*V!Fw;{#Y^dJaa5%c%iYLcdfvyK&dogW3iY>N`Da;%xxh>js;`4MK z{H(bk=`;gg?`-2Z?va?Cx4zkEFWn`I#i85?Lkt1FC7{v_gKhH|7LRJ;|3(ZJSH~CNU(g> zLIZ3@tMl$3zMYGR^V517F`})%P?FlUM)`#k^<2m(sAO{Ed7cM{yX`zQp};#igh3%?2jA*T2?D+A=olFzYF?t4 z(KrinwR4Afkt2$*)KKPH99K`Q7F}+fPX%^yVsNpSzHRv(&lwFnz($ADB>X80F6tmh zL1-$jsUl)!3QZ!{zyU8OKFHW0yggdM2!{iHv8uM3^a^H^UR$71f%rS)n*6^OKr0eH z4Dk!T7B!FkPHhG1QIOr8VWTbnHES>-uh)oE~NseT`rr{etmbCeM0gGEZWDDBF-p9j zh0TbbJMIP#kV>gW9-$OTg5S}Bg8SmPau0@lLi^%JNA+VsM(KrryAGdd+((xj~xFjEWu=tXwiZzfK8hAr?EV~YxPHwG} zqJdf#(`x3kw_j&YI$0x*0cH7u$2`kWPzvxgd5o|wk8=obh-kgu8ayEiPl)pA@^%OS z%IJ8U+s%!Shb1RJST^Pm^emv$WN*r3XNAHza@vU6V)3;Sxg(z#s#>t0Gh$DQ@j_rV zG`kTBJdQs}6y9wN5EbUCL0T@>o~CMASMvStn-BiC$L^)hmW_!AjqdFrT=k}JiGe$* z&;j^V-ybcCvBH>*GTqiWUfv>u2LVRnTucME_)L$g5fT2Q{*Q{1+|kSe7}7k_2g!zb zMYdzs%YR%aW!!yo7k_A4ow2nYe}CGoS-P2S9c(dlUgtUUrbP6^>Z|K@8ous=EI40D zUB_M-481J_gUZwUfRN4~z*X9(i_moLes9vv0B-+t-wJsVP2&K-JOFzj5< z?lnR>U~_Ic!gTUny#yt`W!PBn26vhhfw(fLU@hlM@H_+5X9SGJ00ktE&G7=1nW8gn z74i6sf1=9U!2Q&FHKt}oF7Zswh-AqK=Njv!{^BSEfeKXM5g+Dw3-SE*^AnQ?Fe@q}S41@%J}C|bhBa_#!NVzYYslhK zP{lTGL`r>gTgqH?2`CML5`=Z^U`KYjl8#EN zeJ5$4fE-U#@>BZr8{9=6$?Vk3!y$EyeHhdV*W{G#*~~K(c7De_BbMm!mCtqDuh!&w zO24b!j!p@3hhd%9nK?{kDCuX<-0OSyen7vWzg)GT|E0DaiwY4K_<;R=t&3^zHR~vM z^c|70qL&v@A{3<2(J7>L7 zd&y3S9YDsr0t=(5v~loB@P!8O0Bw{nG7V#;QZj#ecp^hLg9G!8AGlQZMjEffe7x5$ z&k5(vIg!jbk$nB$OKv;2J9lgdh?0MEY_)`U#^{^#Fq^M9;Nc*ZO_WVMC3^1b53M$O zAxxGhhG9Dk2Ll%#U&F);pRYWjz=s)O)!M4Amn}EPtly1|hTZzZGM9P(+JYS7;#JVg zvT1SPg8`_Bn_($oDH1`5W_|9tCNY?qW_?If-$R*O)-Apcr#Dso&{^H|@|@^?%zaE0 z<`zDfnVGs&G+>6DG-hWl6nve%5}ftP$MGD)zBzKLNg{qn4|TQ~2cB$jI)T_@WVPmI zNymXMH9`dha>!sWQfx2ssglh%D4=%i30XBLDR41)y@92pTzcGEVo6!@N3jty?3h2l z6SuTn6B2_q0{d>P#&*aOp-~PmEzYYEx5+4;cOo;jp=!GJ?QJ)o5CnZL1asSO;2pbO z&_%k=*vJDP99MUh5GH5h)0Xdw8Nu~QP=gr_Oov6?5hzt2+Oo@H*hw`u;0Mj~1Oxb; zDZrW<4qpy|ab2=reK!18TBIq;Kza$M9T(5e+~0zI5ciu$&;2Cz`Q`ml$)lL)NVL6q z*U>5O`gJD)t!CuNRlJVS8DjD|U-as>&mun8^?Kv%j&3V7Mz{O*hs?=x09fch;{OqP zoN>7T=sU>s$5eKL~ z|K|$bD)7K%JWm{-@! z)l=Q#}P0idKKRFs%AW?Tlb=-Ds;dj z_HZ(L(|YA?AGoz0DfUn&a`TU7-DmXTo9D3hH}`SNyT=*FQ0kJVGKSrZ2qXq1YEBx0 z7U{Agu96^iTcW}rgt);~ZUvf*r55ymaJ-v+!U+M*uz#1H_^<0347o&g`Y2~zFH^x% z$K_He1~P6P2Mr`aL7yqeLB=ro9RWPjN6W0t2x2R8WIq=vhu^D zbP?@31c`&6O}g8&q1EgFt2FpDtY`er-15KMgz_j3p%Ecv_B>ec0d4>=?VO}+3cY`OP95=<2X52;u1QT zBW>g;F&PBe1o{R2$*y~~6VJ$9nh@_bMOc0-$_X7rcS<<-M*EJSe{{d=13y_E_-*s< z*&ZC*`;5N%Fw?tR$y_(UgAw?)wsqb36*$5GJxHzABR`ioAHw5n1cwRY#IuA|h~htO zbc+A>f0>)4sHzHZ$NqCh_CeTD{CZs%@I~kcMZubz#k@%y1*bmls*|1Bp_eP}`JY+ap~HkF-)Ck-!^X(5Ebhty`Se=f}B?Jz?xA zed4${DL2DQUjNr^e%kQ<5>sx%7%t1vv9OwUCpcmstBnJj6%D2>H^ac21quY`$?2^l zr_Dz=BWMh>e7WYiuP4J++s$DSXw*q8y0r`P_wN3g%Ga^urq^ejK-Xn(xej^zRJS{V z{q4y5cx8Edb4E1xE#wxKvy-|4Sxja5+K>{V7x&c>)SP7u{X_IrSGS>_N-D{hFTlyu zQCawxtnvFKubI_6=e#8!+&drrgQg`E_Lq%VX@ptTK=eMzWT=Vi*JcAcP{Cj(_YAJz zxLfFJMuJn>3uv8271G#^W<`xi*_aGR8?j?bj8tp+oN&mp^|5c<;$Opye*Ve&w96U4 z>p+<~r=8x$>c;(Uy4 zOgIEV+I=7u+q0b;ph6XLc3Hj;#%p>9z`>-)u(XQu?>`L;45u)(fCE5Y=z5^1W$ z;$YOsL=meGV)YU^ytW!Sj4fnK=9!0|aB7|oj|RF^6G&}A7e~!D%&kY{{xGl<$g_3+ znNKDft`04Djb!F?Fr6QTzrJz7f#Twn$++R`12C*ap=$Ru4<6Lz^zXazh)?jTQy*?~ z@1_VgGv8*hirr?Y1~j1Di~diePWs34Bu3Um=7!xO-shi;zSO9)F15&#eRX$wWfFM} zyLxiEP<*;RvI3Eow?NPu?)4X!Hk898<07f!B8q8?I7zuW+`cJ-~&E6(yT8Z`z1n0l`fUvKhXt3Q57{oA*d&$>Y^xN$`Ha`Nk zZ{%8?2cmo6x2GCs528oOnNFcQ$XCVY3KCCYn(_;tn)8kHk$;fQUCdXbIQe<&pb%W6 z3V*10kYX7Y1-NcgX?VhXMnFkYNijy79(rI%Dho1ZcKP+=6*1HR_M?Pgrk~RFbB^W^sJ1_h>JKxGfH*R>e#xJCW8P@X{_7bXQOnGO6)- zyy0IVZ!}mMFz1U!2w(yZ0x#93Z~{JGu2$S=_w5|$!&8I+v;|&x znW3a6`WKN3>2|-hyRR@V7^yCuy;N zznkaa4&qqOJ}F*ztzJF;H>xzIyh#Q7vH*0#$i3=BA%9;CSQl-=xsD268-6K~(VM&Y z5?f4KQ-C)xUq;y4UphL;+s_M(yq5;-t+2TB7tn(8yCJDNE2b7s3?LJRkqD;rVY-|( zo*V;=^bd2Ch${KiH5e%$5^tol142{J1I?HX735o6_GHs{hYhZaT=21kj&iul@hjeC z8MGjM39>9!!Q1$!e46eD?vFH@9gbX()UbbgP;q{V=hlHAhcC6TZ@f~kC;#Tf&BT<+ z!x}O0UiM?Q!oQt%x1jlaI_75UT%oU7(a|5UD{J>SIK_<8t~%HX)uSwQ+U8S4U!V7rK1%4-_D!Cx3j@XliNZNkvGY+I6&R{HU_P(D6`3=15SOIj;O=qW`ENk z1M(L6ACCi9l43sT&_F+9vJr#X$&?f#)Yuxay5?+lSgPZs=q6Cd$c+1*ISP#LRX`3N#BoGVxXS^hG@d_-PD6N(b$`bN^U#cqz`m*WoklRdY=S zunGu3lh8DIM`=Y3KqOuKdGt_S0h4Ownv{wF7~&$zHfT(`27>U#&~q> z?XEuOJ?aicSM&eiCF;T4y9zQSWe>$i(k*ziG6ME@{u6H+-J(~YJoEf4?^C)jGzMfH zCY(4iZZ0Rjv0Buc+532smE1xv;T%PJ+iA6*@LLQP^0SgAA< zCa%u5)~=Y}3B6d+uSVc|Pn46IDw*XJ9cn)sB+qy=mZE$`g8hJ&Y)DWMXm)x-#VCmeIFzrl3maV<*y|&hU79CP!iF)f9c#p>2`QHfnD>szf)xgVI4R z)A#LtOpyVJOCX3*t#`+)g}gC$0n4L6Fiu5+R$(&Mbl(MaBGvvjW~ zNL<(jl^P1?szVKJ9?SYVut13!tb4vk+?-8#uekM#>OssxM7aq?dkx2TjT|ym;*WS_o?@xVqt2 zK^WwC6U~$iG1-A3KKlD?CE=9N&sqJCR&%267309Z#$7>W*p!TSyN3Sl>Qp?am^+X* zdA;D872yBp3W!7o?Z9@E(KPxs|MT{1_nx@m4j0lWR(-jX-vKOT4q|ED8=bBvy!CX^ zTjYLYaY$EgJQ&W<6Ze$@f(7loX8^mGiUzhH$g1jlv9Sw0;5vfMt!*0*HkQY7tr-q} zq@1O;p9&f7*bT*!_*x;(p%ce0HC9iW{1 zKbpQOD6Xyxc7WhcAV_d`cXxL}fWh6}b#Qlg3mSrZg1ZC>F2Oyx`^=s1-uqXbI#1`k zb?v=YukO`vokV5iI7x1*!V>~DLO#pz^Jgo3P;ybEzxLIeYw2hB{=a*ROy<#u=ZLx* zyvFj5+CXZjH)HT?QQZNmri-rCl1c)5L1+sc1*)H)>EmY3TeE6N5*QH;tv~f4c545+ z(K%T&HzrvH)DZ&qLETH3Dx0ELB)Vq;q)T>;&+6STe#a2{Ld+wr7_;}pmUSW>TG9{G z^F#(A)#b}j#$l{69u-AqD0h?m{4s5_PF^xWx6MN)IZQh2ZL!kuLy$+_+edwWApIcP z9bw5_e_D^5nJx^f4A|bMH(tnmD8Z*-Uo5#Z9rIE^4Xk95i}}nZpCi33C8tBG!`nA?-BbTRTYB2259p=O%_u~C^ zwYfd5WXH73)C5SIq6^n%X%-RCbb0yM9(WW4JuaKrRp4xM2qL9Xa_%b%*Y(lySaD;g ztwr|5f{$n7-gI6bgrCKj<$uq^m~_8FG9Iq30s%H}))8ZjFgK%3cWHBbsxoG}x;rk( zpx^@*`;LdwN0*tl_0Ic}ON(~&FQ9Qe+IqdF6#Swal%V(Hsk_8aYybz{ww#)opP6z( zmn_h+6MgM5;YDd{COu3m`w=kF(4-YgowRxa-E&Z^eQ33Ok!oj4E&PaiV;^o_^Oe@Wn>Lysim>^XA5#BU%rWgC!;H zq~C)u=sqRDZYvjmq0^5BcSm1TrZ5%mo@F0WRg9N2_i(t zUXb|EiA^lV6)V2h)6Fl$F0X`}VN74yg;%TBZXRs@gW70tCES&@XR(yK@I6l?aUCa?Z*Wd%CiK-0i=|KXXrXB?9DBSg-82c ziT^@x@4an7R)4>rzFwE4rC!;KHD4RO?umfPwwG%oz97Y(K?R;d?s@V%?ByUyX@@QW#3J)lKpsqJ&cL`T>rHg zLsQg0XIs*<;2k&)!kA!kccU4Q-Hh3aCky@&1!1nHv;J4#OaT+PA>L#3KqrYLH~?0h zl>FgKhIDn<`z?ICl6Y8ZCO#`eUmh)y&K4uDg=dXB94-FGRt`}8A9p~bgj5wU#{&mD zwz!D!7w27frPDJJ@KCKjlD*V|wKk$W++nd$Hw?>kQaR{84Bw&0v(8-jqmM^j20lTY zEQ~tx#xHCk#FRs-7RUVUBFD7$0RyVBL z0#vnVJsf_IdqY%du$NqQ=&smBc1DpCSZN}swx_uvYdN~3 zCx;wJ|C>#P3}EUt{Gj_lpc#gPR1MvFHTY#EGv-uRw=V9qBb;~{v-{|&*KibiQ?M4U zcB8I0>GfDJOlGlJ56_ibE^)@;0qr9rqmBi9lEblsZIBKed8g2eOQ83$D8Q!oTk;zsdR_b*;@yq#bA7xtB@Y|Ut{eLCzQ!bxuzsz`WKdG*_vOEQfKHg$(XJnTcd#%~qB(Us2?e$sr8$JSQ$U(28R4`f7Mk9tBi;}V#p4p*vU2eeQz49Q zOP4EG$21UtR@&`)v~a<9(5pC5B@CJJGfZC_v-0`?hCV?ia%5jRLgCeHa3zWG`3^m# znbD2{BC%|n@dkWx6^SwyeG?(wau@sWTz{KC?HNcSdqPM$>!~!GSIX0I9VVhbM3Tf}VaV9T58KA`VLLm}5+@c@osxH5SNWuRK!usD=$YIR zHgS64j(S;=^7iT|pK2z_3`akL9N%D$_V9-`br?{@84rz(un|e(Ubhe@(Y*`jbzR{5 zF710ZtmPh^hT0H0bk6n$GsneTqIKSxB#`)nc(Qsgi4q~x=K*c@boyx+QlC|=zL&$b zW2blbDF)}`^(}n(Cca`EtFKnfITPR>Qtzf}CH;kq2>&QNqaBI&iVaS1-{d2m#o z-(Bu~6Hs#w6gCE5K)S#tgE0TG*edJ~dVmjllnV-Arp@2Ye-C)X0I)BF z6KKyU!O#-1yzE=PLl&mZ^nR~L01f(oP-E|xf-YZ){NiB{!H^967Jl{E&6Hs6OK)kq zN}74P+eun@`Wy>b9-L%=H^4mbE89Tx_kWmgt^a)Bs~ahy)s<6mNDIu%jT!xH>ky5d zAZzcX_yv>CJ^LrXVVBY)l!^jUS0bFhfVr-nosIrIe;Zmp-Sj(0KLW_{K@S zL9M_y-oiCp#x?F^mEU+ruy?{C%SA=Kv8{b099r1UlVnn{=78I3-4QqQegC4PTRMxySwG4 z?jwyz+LxP?$mFi;(8p~bj7m~>(q*GNQ8ZijOoCl}{hmQ8{|g5D)8sTr?u#Dzjqx?{ z)Mn(}UrsIq!d5K3U!#95xN3ec!KzPC6{x1tR%alLxH&ty~>|ICXJ=5IsjeS^FxS02kA=O7Z~zTZ7VtWAk5ue_=mm@dKLhbwkZ6G z=&wy?+@cKLl}|z}7MWh_4T3M~+2MPWdsHPID?3?l2#JX_A0PUpi=5mHtGlFX=SL_- z_CmYmXlHVAaCAe5x;QGiH_cMz{VqfmsZc~xT0&+ZKUNc8H$8@Jrk z8{YpBJ=_%O99ttX(NDqhM3#z%@$Y^_B7}O|a-JK>F`Dz$E+c1^OOQ-cR6l1f-VFz6 zEVg$+5F{=AOZJ9r_KboKlJQcP*0Hd&(!iM_$i3g&P?_Jh#g}$lugb!M6Z4hG(kHtj zW{zmaQ^N>p#`9WuX6w_oug&Q2b%0Fp(Q_tb`P|A~i8B zZX#Bbqa;P13w^k0Hi4!YL64}e;z<Q_%_9iE^Zepp0M|MUG;sJhi+vr#waT zP{1J8P;3;RKj3qO0;?|;(2xGD@`dv%ukIHT#YO}jk0YsP^tykAA_s~Ii-*6 z0`Hxou|Vq?0mu5ihp2|XI(2-B8w^Ku9BE15c$UANo1KN6Vq&FEcX#6YG9uas$R?BWUMr@jvR+^p2kCjF}b;8m&^Ir z7iWV-d8Y#~hvnA=rw0!#Vch7YU*YDkdJuyKAA`<7id#~k%vpR!0NP+*gYu7jvp&ug z$(O=6^b;nWaB=yQkAWQSKSHOEy2d~nirX>yIqf^KZ-}cy!{<&}d=0YqqG1(;t)E(X2MuCMI@_bq{XjGUw&QqYv#3ynSRSev2 zYJ7Z_4bMKWWnA{qEcGv1LkI`c0s~GSk~lee07!GHv1FSNJO{3!$?1TPNoUVeOUd0q zza!ps*ghIm)d`5t{;D2nL<$Z*mDI(_rg&bx1jaJ2J{l7M5B3<5(I?p0)MXz$cbU-3 zGABU!9!}4VjbQlt7`?CiozE_R8XVQg7)2(IL%Ls1;zy-*!j~%eOQ559lo+3`m=T|k z2?;DKUo9iH%^u*2hyTdUVbXjW%_EQdTL{T`f2&N7i+el5LdN!;RC@k(3X1%9xeN1| zU3p|}c}JJUMySOF--JFC_%juaVT9B6!SI!#=dQE;wr$yXq;t`pjPz}nbRkc4!e*^} z2IUW-?f&Yam!QyB_Sv>{Y4eYD+_Rg1Hw}H|;p6_ooaC3_RU92BADMIznSNhO%DBYE zYQYUb3H~_-q7l_72X5^5D(39`R!@Q5hJws)$g&YC6vJS!v&=+Z%0FNxsB~V#K#E!D zp`wvOX*qGmRtK6}>fCoTKkERYBw$n}E~6Y+1oMEQ%fYum8_DKC4sCH&I|%fUsRLut zos==g;1+}yV8$ALC6#T7{41UFGF#1xTl$TU(yRR)JmTd&@0BR-kTpxfGB8ilM1w>89dWH{*5LXDFU@f5EipHV&Fk!5mvnp9k z14K%2qZ_&q1Irh<^cU&y+UgChxVyxMfMHlhy#FEkMDQ=|h}h>-aPSm_~YbpPzO>ID9i z{5z}+72tM5EQ7UamWkFBJHt#Bj@ut87R7525?$&OIbJh}kB^`O~ooL5I z<9fajI~b<0?}@y3k6OAS+Zuiz(;<*~VS=O(2;~Z{EcWDXwk;};=)1%V_`S1*-(Vp* z2N@-QVoH}}DqC7ppYVp&o%B$_mj;O2gy32}HhDGEx}i#dnMxf-L@#$gZc-Cw^k+WY z?t|*wzUG=t$xWwni`j{X#2E zh8qzFnpy9FC^XuZ=28*Lq)iQJ?hQamv!j8)%3H+vYPDp*4I0YGpbc(M;dduh*nBqr z`TmWXi_3Itdd-I;Pp4>n>d~;MR!6id8BfAKL5Bql9A5S#xjX_M0_0{-jP>050x8g9 zup}wM=U^jb6+)tL6<<%)3ju1VJ18Mhee+0|>XJzC^s``l*?luOJ4f>4ptp)Yi*!a_ z4nI6)a(c^$(MIom0*)k9{B&bZ-s|M={RZ+L?#bXqZBb9l<`q&DRk#ENb<-;)n2kyK zjNHbD<1}k@XTC-rHAdqCHa4O&MGPzyMFYx4HBr}cZG0#3y6%<44wRZuM=^Ft@vSGC z@S%-o%PeI)&=YN5ks}(p2*M%O1!6)3pE~>A=UQ^Jet{0$TyWpBipV|J;o=ECb!QH5 z%Ew#ludgol#BL_?#PhX38$phU9_rC5_`HS2WYB86^4s+65@r>3@_WP^$pC-|X?vQM z9}V!unSAanY-f5C>1xL{?HY|fUSezNR?!(L84{~9t*4a3@F&_aO0{JjWoJKz4(Oo{ zG`EQX#nsCmj*81b1=NI)9GW`;t)Q)P7uGLn({)d$4h~isTuTc*JTMVZb@*bn%dZBk z=RMl;UPG81o|&0Lg`KFq+wq{U0?CHseBr-U$lo&pvo)yImDwYlU$8uK(#uH|ZpgSz z#i*ez5VNJq*OcZZ|Ekb@In*7N;eF{+vqDn>X2YN9mXrT2$@5tt4I};#s*PTwyVwwm zU)vQPn6@D-(3G)ZF68RYl!Lcb2!+o-Q8)NeKcA+e!X4E*{yp@wlXca#>t)8$9Rg6$ z^_KhF_xX zotUMS4!iKv+ASUueZto&2X+{7)F|sq$i$s38#FLMlPGQh-AI6Rb2Dj25u56uqT-RR zjO!w_1{+8Zkv{~xZSuK+EW8VFMTdvCw~LXPr&&5*d{Kk_8t9>g+d6g_=KLJ#F2bkr zY`gyP&nq4$ga(1jY1C6rb6&(VE!m0fyQ`?j@sv0+3Tru1eYw)KQ$kEEij#keCwWNR~V!A!(hm6cH8@4^QUGdPkBp7Lqa*)YfD; z&U58nt!`bJfGaAp!KO)m&d0xjbdT>~R;XC)@#-5{Kvv9kV-x4(*B|>cn=f98s~ssZ z*RF+|FCVrbMb6LDqld@`{J#EH8d1-w*5qF1Yg|Bv$iF9!~3ur;HLjU zTB7@}Mn-3wQqr|#GDLCIXJ-sVsKI)ogqzNy#zd&3v4u)+JuC8M3HYEBoG-_8?Maek z5&R5d{$xHJiwDKzoq*+LZ*sEylI1&M+1GMkD+i$@bg>EbCb41<7Pg}8-PTX9n`Cu+ z8#)1@NnMAN!b`qn6ifqzr^ZNq%b?eKhb@SWMuFISS}&yo-_>oDbJdD1H?H~ZKdw&e z*ZLdVNbZiCcs|!n*Q}4|!}3-*!cS+;o#&00dwvnBpwlehB{Nic@M#T}y5J+)cXmi> zW{6w5T7T} z>Ucr?-Hr_@{JTJSx6S2`m8vA0m**coS&YX_6lkkxGwxANf6+kB>dWFF1GaT^) zMbA@I+df$H>Q-z!@E<7K&x~$w&Sb1ffFQQ1y(Fcs!t25Nhgp>)q1H79@w}u0TtYj$ zc?yCcF3Cm_apCI$R0Q}AV4$g4uG>4P{~37-Iduo1VWPvhyyzWW#T9|GW3G4opsans z%dPP);?^_o*2}*v8zR0S;^Q^#B8@#`n8WH!Kb*yItf>3 zlPG>t_Vr%P{jqd*neirbdhS^?gu?T8M+@3MOMTu_OD{VCoU8i7~nP{-j%oMzaNOSB{G@&s5ege z%}O6FQNRH|=x)OK_?#qQs%Jhu=)755U`blAJip%=xXTp2mFyEB8Vti6H48GZ()CFk zX{AHxMT;cT9%J{#m3~E0gn{60DI&bT#kec58e}`o-k4qsttfIHgy?agbMuW&T(|ua3 zkC$)g-eT{lv}xutDn%`a4%2^KC>|Yp6Tppyu?0O)`o&Z}?A7ayw&)=ezb9%wsWVup z=mq)LYg=Q`39>=JE|YGr1=m*B?N+v8LYByD&7{^cQAFwoXNu6I!o6bt z6^WO$Ie#6KK`jXo5iVSs15{fZRhIVQh-0ALM+7HQF|0HD7{RC`CU(FU*MDww5UbSZ z1^JeZa^iDKHyFEfu)RJw-l1c%|8Y+~d2;(3FTRS7>dz5bN}_Gz>)`-LhwqI zyRtPWVLZw?vZs{oWH;P@gZwHvrjOKY>6ZR(hqIsGCVaMf?*R5U6YQ_E_FDRKNuy&l zwbA=4Z0r4n7a$9r@ceyu$N;tudd>mm4d!ud=RdJNi2@i&`ts++04WIw#f%-Eg&Kh0 zV6VDtAtl*u)J{dAj6Bro6Q##yQ9tGLvJUcQMptC=;e(GQ;s{tJY#yv zpFBuEp*~|$4{N5k@6}5r7dh|$eu)qZS?>Jm!K(jpRv#O?0P4&%&)D|~EZHP)|5x;C zm_m6qy{IJ~!5Mse0@ow9 zr75B4YZ$!_c<(SI2^Bt>4yy{~X5J3$)$i{ZdUJ3d=<^Ua@B2(|K2Zj_T;luMEEkY( zuWr@~ufCIC_Uvx?ocmtxNB#nLtNPk8{MW?(VmtQzY95yHg6sy1ME)b+kFd7<@>mUJ zC&VivJ(1nD42w`IHM2sVC{md)Q(i$~tw~-<%OXD6C3%1+!z*Qur~E2ieGP3qek9HO zml)_99(YBch)Bob`#U+YXuL{!r~l+diy~%H$Nb($7A3XSS#tDw9Ld6=;Secl)}EfbPSW)};JJuKoA05a-?4A5ND6krShllv?Y-oi_u-w&^F&?` zoLfXbatZJbjm^?`LjvG_L9T0lbZz7Ec0Vb9EdVi2Rgx-oZ~z12#2Mk#gySBgMqMt} zB>z1oah7n;&zby1;WE>^Tg85%OdyWuo8M{+Pg%lK<{2J?=JGN8iTcNk60%h0jZA4x zoJ$(o=(cD_>URZ}TI%^vR;gcBPN5|$|1*-tj*De1bB>-O97*^e@R`*S4qJNHPIC1} z_u=k+sTfb+%P|mz3>{CwRl-Vp7e_pH5?Pl08FN$25Rrj4yMvhZhOF-s=I7_4Y9mfY z1{4q;miLyYJGh_5oh)=NBz;1URx9WLRPjYdfGGt6%ph(}HDfG;SIM-e9&SyA#JVl{ zVQNI>YtJ209_{7^unKF&ppl#_>9#wOw23$yf*}GeQCTj-|7rw4ClPP1+c1ShtH3rL z(PN?_yyj%c>KcQx-*6{L!o4NI@s-S!Q^3fG0J>u`SIieNF>6N$z64&)$eq=Ee$Zhx z&|BjhqTH|NRjDmAg?mPzaQQV2*lxS7y{)$ znn*fC1K5#X;S|KSvGKMOEv6})j+&VioRrL5krX8QHgaogt!O(8E%=FJ+`)S)D$3`t zyE^-8kG)(t`fg_qyJSxB$`$to`VZ9IzlX%-(Y<2s+NO82&c3(u?&Q?vm{I<_&il~`DX6Hc7)F_Mf0ne*e)O%z0NUp~j3{w&<%uRFEs z`ofs80IUqBj=@5nhd$gDW$E*g7Hf-)30|XEj11wbofAsFYbr|TG$L~+@q8kguBi-a z<(fuzlo_Vfo+dZq-|e@LK5A7;$`aO$g=g;YaHk}anfRF{r!<)nO|?cxr9&Xu)!dH(BSE9f@c}zB{J=m*X_&kD02O8;@01MopnY%aX=1 zX|{sFfg8g~;Aq-WUhpTAx5Dhaj400)wcx#a&8XaSkX=JlS*-ScNBh4TV{Ty~Kz{A3 z;*MW+3v}t6X5O3Y*dc1x=JfqV6 zHqh9LlV>k&j9nS0I!3$_r2p{NbM|aJscX&Brv3`9dC-z_Gs&6IvQL>x7r+dH6;rLf z)L+s;K}xqpnZfdj#Hvg0s2FM;;G|OFw34@CE-{=OYDC*PY49R4vjWPu+z1oi`lSuN zFTY34fo>BcNAThX=)||=B_TU0bqWV6q)2fkh6zhO1?VGSxQWvoB2sh6+~M+@h-7$p z@?m7_au4g;ic6r{mdd(|hf}Mjl|j*!e)#r#6#$Jks_y`T6FCQzYt_)_X?K((2dn$X3ll@P(03|0 zG}0A0%D;(r$RxQ}_mL62%pj$+xy7=)H5a;9c~vxa4&L9}`}`{7AEt6}SrVmg`>3yb zYKL0n!a}i7lwOr;B%h}DMdoR#s2S$TO?8!XKYjGdzE;nMDoH;ks3?!DE6D0A@bT^( zKE9A4*d(O>=@zufRnm1jQNqvaAQp%HY17H)YKo~rR-E}myniU8`a?wbEj`43(xSmScNGOIEYsU0w997+x zB!>#WA+2KP5(zc@K8k@ze&bmfS+qAAUmbVvJl($J&!%s{t@DytEOq&=PMzgI$m`s( zz2Sj=R%UO4sELrLSZDk*r)IhZx*5?kY`xl;|)`5ZEyVO1!*y4^}Y`w2;$vIV!to6r=61})uG-jV=10+}D;icoK> zHCX2*UdJkIYx#^m*;OecCoq77j)s{ObP`8Z&1bOq*K4k(EL|>A%N82YG!*DyJrgbA zX8fCYW69xc{SWE++SWF@GGW~jMbIi=4zkLSBpZYvx&dp>VDq8!(k^;fRD}N~K`vd~ z9zVq`U7FGWGbC>#&MNP?4mPgr*oWF4@2#d%_LF1a6vGk};d2u++VSe`ef3-)kmhUzB1sZ{ z8-=$Q;^H}^lo@Ck&c@@Ykdgnbptq0h08^|~u)n}5mrX;JojkQEdvM6er@1nd&84VV z9!;=Q`d4$e$)t?mWEN@`%(?#X$L3S?o6hcldotJ6l};){)g_SvhfM14fEw-T(iXk3 z-QUTvesu-7h?lh((MKt4z(UJ-5XZs%P~Cj zp~qE>U<{ND|I>Xv?r$1%+iU<&o#n2KU;1B~4IuLlvJL-OHjMZ^u+KCd09V^s{?}#M zT6d`>a#9V%;w^kFW#CM!IrA?uq3eAvX;$cG(&d)Fp`L$|*Ty8%v@g?XTRXhl%oh1s%hKXKdgF5x z(!s&+NLa^|F)Nu(^qBd&QGJZa5_n=QAuXLk7D5tPmW(J~xK7Ar9=zz+&sG|(u`9`$i>=-*8}p8?o*9S%L>~fqEctS)bROG9TgaLd`oE3Av)G!a84!dz z$HULak#V_SfreO!l2(ete8nkw9;YPycc)+;I!>)Nn1_|gF&e!IkX?JN$N9ZC`P8;9 zQWholuJT21xq-KcUx;HW@OKCSg>){8Lyg^r=HJ|EALEzA94U(AI0e!`bK6+{s&lNU3(mMFUVi6b0~ zc-;ebl-p^)Kjd|V^9~EB!`_p(=c%J>?fHse6mY}zys=c|V&cR0ZjRWo8^3%zJt;O) zPx?-(HIA%m3=+*MdH}x2K3=zO1%Q|xsc4yCgRP`(0M z>Tfat0ym%$C6i%VpBK_zReF@kM3|aHeV;u$GtGwI3Ui_<#jXuWjoOngME~&INZFNJ zQWn+Mlr$)=^0^aluqxu%Q=`)*EpQ_lJ95gUm0~bHAKRdn2dL@GyIYl$HC-Puoymyd zCNq8(_$~f9fnRXVy;8BQTT_wAt78N(+iJ~6=JUAT`M~15_YS$z0Kb2PaMwRnj7Ftn zQL88=h7;{alW?V4y?+7>%me8O&ptHB!>CVJD+0emLq6~!2H4W%FY|#v66#8XKfMww zxa#5Gr$U0g7@?Dz@dfCR=uipT0*xDOn$1cWd+hh-=DSn=cRrS$^}A&zd@s`+_OBuj zRCObb*xza!;2zBqcD?|8Fja^{&FYR;xi;_I>pMp)M~FjZ4xSfdK;Lxf_a}f>k0feu zNPuPc4lo~NK;P(2V$*xk8sO4}_ITb=uul3enwV9+axC@hV*flVDBW_({`m8{PFjAs z<8MYSmI{dHy;g}8%eb~+tqmMj7ZvBSnMMUH1?~WVTJhOj1dAvU{la8TdQ5DWLDZU4vYY2k-=iN0wnUDga={u)gar8nB>8yT-Mq1d#TQ4^ za#@3;GG4A;ftf+Oq=d58#K}$%IpZqIwC*oj@V1H+WpS+Cu_~x|t?FN? zCeZeXXxCi+R6Ij9vhet1p;%FJzhO;|$>$vQB5rM|GOl7klQ(Yg;iWWf~}?8@{F zEwII&0`Ye*TX}-p*;?D}d{3X?1nw@XorNh-ecymf!p%hwCm*hdK6r6Te5d%d-FkpU z1(G79AC&fIrTh@Si-pKZq-XcDi0Xxc9Ih$)iOh@(Vh6pPIbFW7Y+fx49lvw7?B5KE zAk^|~y@A)Mj_PbpxBMx%Bv*`Ml#TzB@;(;=a|b%3ohDQX?zdH#@qB^ z^nbDQy+)*r#+z>T;hBd7pS4WP77<$b+Sn@WxswlDO7XYs_i~?i%7Wn#j0>1K)dZ|l z0$JU@QV*A#Gmr+Tly$W1|4{_jjO$&KGRhaF<;xL1L!~sh_LUSkMfZA7!Wd+kaymDM z383*XxW}8>?XVu6K3M*DxQ_jFo#s+c663D(!H&(}OhF!Y$up1}NMord%OCalFe?Aa zhkL~P=5I$FoKCUxNdiS%!acnYjSHNJx-OL3a?$P4W>@rA^a!$goM^3s~(4{seb6+rc`R?NRV*4%3xp&rN z*9MabBFWI#*u&c#O0as?hSqDc9BMKDqAK<@T7D3vsJJjAJ zvTX(@Z;>D?hZa+;oIpKz2`P!(BT6*<^USl;nFA#_7M86YGKH<8RfELw9ckvCr%`@< zVr+PEV?HzA+)q*su04(kcao=^#|+4)n@wo4ukRUehcxT~4g9^H0%z+NAmcVtgh%`| zNT=C6qhQ-*`J&37Y+{=IPsu!!GD7ZuPsNN0XxB_=i*p@|yHJ>(5loKt+H`Y{2W{b# z!xD>kU2)QyUUeqy1=NVX?wOK>EuCF%PR<=n9{m7h6P+we9=DLBhV97inMgGYILYr= zPC=|gsE=#;PUEUGo4J*8a@E|hVwjn@9!*K*AD&QxVG*D;R0 z>8r@`5FLIf5+Iq~dh;M5^rZ)pG2>z?l$Na^{wY zhb*M>W!e!{u&I+!u#^Jn;|7#`4H{X0%^0K~8c((bvNPocUk+osuxhYN<=@nP3& zYA-r+kC}vN$PX&t7c1HU5#ENuy8@IGLOq@vU^1Nz@hs3`ND!RDU4+<05PZUZauv_Q zh%;b0z!?Q9Ls)-?c!c3}wMXsz;r?KO43;LEUf}2Ngpb{>x{R8-HJN}-zIcY!?&q#+ z3QULlW@Pa`wdP`BbA`#OHiLItZcLGzo5vww^!Zt*$<`tbTVb1nrQ(je z9l~~{{L!p!bt^s}H<9C#TzfSAF)xk_-^{YGEOjWIGok^DcfqlLtXF1NQ!!R4e6YCv zH|@7Jp!{__ag7(N#*J~6|M(wT-bIPnxQNd!+Kuy!47?3#xW`6yYB3eEj$HG44fE01 z1cp+U8@%VjxnqzUBM42HsyDvq&j&_f-ZvyKwM$M?iyJxSZf-Et#Dc9Pcl9glg12Bs z{!3at`f~3p)J5$q8dW`HqfxX)B007m+jwjuW2i`1&Hp20e`^y4;oB5GmL*w?!ZmwE zPFMF_9OPg;pi@d5jynMxD3viLsjf)y=gZ;Yx7g)^jQ3sX3MO{k9Mvd9s_~w{Ke~Nn zIakk`gx2JP#G-nK-QnJT1XWU*UqqbJI1)5fc9E6b^Yf89HC-#UVts}dT4o62c>QTh zB_6*_oGU7ddMoZ^glE#2Fj@~XrAoQnI|`8-`a1@^+>sr&!&P1H_2jKQCVZAW?S111 z?31AQiph%#W|#bh>AN=Rf|XSo3pCA!u2t*Rz{z>{>Pw9HS`4_o0PsK2%5%fcjhjkQ z?W>@l#sH8RHgAaS5HZd_jiPr<0k*_)FNg!A!_A|$5v!xnz7+H8b4K>CtqE?{mZ z5QajsNH*p*l!MyHH6!kaWm-~wMsVvHCE&_HW6f3jRl)Tl4sX{?8m#p3d&as&%Qi>e zFIWcFMNHmvZjn)hg_g2zFHHmCEE*wnG?poNZ98jiR{IQGd{jQ08na4l=$ABX! zr*XKD(JP{wan-PoU+dHwIWlHA8UxT-w6P?yZ`ubA@|V+jCad5m>2^h!SY?yEdBE0J znCiMPN*vFoMDNp(*PQho_XxC)FNEL=_iR;F^4#2k#iKy%b}>J$U0V^N5S&;hwO))^ z#=UYlHK0GQPWC7#^EB717!%!i@#=(Rxd~}AycP|La%(aI)LjuQR?+e0sToFkKXy6*@mk_07RzU7t*N((T# zvknZAo}ja6X60b;kAMaP5Yi%jmsM~rtOH_QfZMagNtTBy+cqSkdq~7%$X>h0 z3Y~)lTdtMV7O4DJ^C^Ve+elDQWL~oyRIi`eSfq$PIpG80I;>R@&F+TI)VvFGL<6iRK$ zA`STnL4gN`?TE+7C7W6DF!Jql{<;7iMD{}m6f#9?g#~5G zpZ9pv*Y(I4+H9c_J)@$}Z0+tB<6;uNS*!4i!9$V5Yrl!vANRM0rki?c7`K`;34As~ zT#5q){%qk4A8vo;7SO+1?|Eg)MCI<_1^~2TT$O3iDB%-=9^ut_@WjA-wH;tX<3TZl z8^br-nZfAFN>{f_fn(d%=wC%I_|#3GCh&oNbwrp=p6I#4-nB?SM3YvVu_}IY)jBv@ zi6*3QnaIwbxlao*-uqNA z>HABUat{Hw^HZlicO4{pgt$dZ2hyR<_ZD#}@7lTb%+6H>dzS|Q55o(5P8b)X9{R!J_}ndJAp%HZW-X7!KeP-H+Q|)_8zcy zw3(|z`1kJ}_nGx3lS_M8PIe=81@${yy^wl&8kN-hFXFtU61*Hx)y9wypU5uqO_VUp z8&q3HGw>rF%p|VxqF+knPgQk3?>K~3i(U^e`=NDB7_M5v;m(=fhL@7$aH!l#GvB^l z(g5l*Iz%PSE9(fb^Yi~QOUinXYC#Fbcr0A;8o#cjU+W8m6adCRe1AQ_ZU(VkbZr0USJ)2!nWW?0Hm(+Uj$x6bwDD>`WZS>CTN+F z8U&ME>;F(S6a82-2Nh1lp~)s>EtQ!}(l$3PWTVA85FJNPRS z#~KkShXGSQ`Br0JGElpcIBnsqs&welvN_6oVl8nwU~aZ0iME-vp4yj$LuMXVRv-c< z_#Q`dB$@qnWV82hece3Dxr>%d;PgYX*63f}&c~(G?%VAT+y95DuZn8>3${*zyF+l- zqQ#2^cPVZ07I(J-MS>M~DQ?AzTd@Mg-Ajv8f?IL7^84(f4H#uk_Xttu&U(f>N=rfh)9^-ehOTe613S(8Ez{h(D>#JOh-VT9v+nsm@Wi%OOv~C99 zg?1C#Q}g8t-IugW-Yo8Ss;n2Amo>E^-xlaq{lmkzi5sbQNc~kys(QLNR#uv&pa@m_ z!{78|uYknJZr3%e}Hs*xl&416Y|# zum!%T$5{PsnYmaj^?LNC zlGc*n@*g(LjkQ!XBaH}c&4E^1l^mrQVFyH3fBwbMs1FPxvAFRsZvK0|x!+OTU$mWF z_GXb{x`w&^?es%^k!snJwl+t-nB+Y5+^3BGfzgHm2&Syq?{*D%q6MLxo6@*pTj8bL zOdrjK((PVjSe4|320_zBPqRQGnL+OGf5`hqwX&KF)%q(9)U-W7rl=hiv;7ZNp@bZ1 zk?1-&a#qKL;H5g;5v}O=#@cPe-AIX>h%KGX9N>hG23f zT;q*sMAwURbh0gNP5hHjnriISCN`}4+)U?*~=CV=8Xi5TLp{vqIJPHY9zvk5JcqjPJC{7a(!^1@#@Xry^7Ug?IKMBm3u5dG-1+tGhQO!NY7zr@SfNftB1U8J z#@6vPz3PX|L*D2=){Ilh#^$}Ak!2kg5@Is3iZZYbzNTM;CMn#fUyz|K4sxzyg6#l4jHQ~LZqIxlhW@Z ztphNiHT+B!e|80M@ad-TnTxGs@V})$>9g_Llq^O8j9Ki^=+#!#RNWii7PBsxq(X5% z>M;)L{o|JKLk5k`tmZmoAgpqoL_ZREc%Z8tysJ*`|8{QlV*yT`PxL$PBTn06Q zAsmsrI_wI{{kl{FS)b6xz8OJ}ByVunm#GkB_qfxE- z)J$5646$GYSBuy)UK8&2(z`Uwmyf}Be+%a7i z{4~_k70CXPChPEgXosP$Qckm*i@7|w`}Sxh51s-4q$&>Y;q0@&k=2RU>p&R52W)d34TXTFhv(CIR2k@)c z+e^|z@;Kg1M2EdZ2(?ab^u^0)mG#T5z>bJ*uf`((VvSxQmU5*ft95D3DK^%=Wcx@J z{Pw<8M>ttumFC(eqiGHy3C&x^@OmXKMetmYfg#yj-3IZD7_@Mq*7g=^k9aDbFSvFJ3xp(Xho#)Xta1{R@^a8Qm1RmwZXIt_zE?3jRZhlJL{RtHVn0%;b|J#@J)vWUMOZLdCRz%2` zP1ImNjhzcrU-@}j0Gy4%x@gsb5g$($lmv|Y9u_%(Gc(a>^hK^-%tac;@XepED-PRS z2~T4$%LjzIl5A%j#ynYd-q?yYO_&`JbTLvZm8yI*wEfmX%L9d9Q~uK@P-^75Ma9TB zxu`Fjv{rAu=2}-bd z{5~?Ngp@O1S=Wtm%R}Cso3KIOitrsU`DI}iOWRYo0&c)dbZKckMoNqVM22d}cu9|{ zq0T$t>vs~oOP|q7%@o49S{TVbBo>u@=sYV6)fBjN>uq^|i$eUKyIYEj?pyJ7m5b{`rr5S>W3306;22S4eaE@WCaVUSM z+o=J^TaNiIaL7GduAn6K(WomTf$3tM^q&D60=dM(%U^G+>jf{6$53lQ?hAGPRo(y3 zkn!Y66!QRLu=Vm$-PjONLv1Zo;TU`lyDjyHcj0$f7d3p2C0p;)-{xt%(Ucl5)JgCW zirtT)Y~{4lP_50pqI4y*PE!WCnK(PXo?fnVra<8{72ZM(ZYMEo=-J3MhLbrM1!#pE zb0_5Z)cwhxG-D2&X?ZMC*z^_I@4t^v%F#SveB8MC@8KvY1>=>2J7aDW4!lCLPz8I~{U^}5LspJ z=iEt%+F(|$8srTbS+E)=%h(($*+@97B#c+)_)_@txmP6U_X772DqlLX=C^B3ziYzo zGcY{Vx7Y_{c9%d~b}K}NN}xi55iYk}zP@!uuUz#nOuyPin{;(KwY~eV{u#wsL4xK@ z-De#aTjX5QYa)Es2<}%GrfM8&(6vDk$`yN=hN50!D~ml{6h>6d-h>?~#5jjsovYN; zX@DplZ4ekY;(E8zqQUk_^hagYXvI%-j@I_CYG`>%s(>tuI#i?yf{uMT3!pC}#hN{D zyZhlbE?m1=a3LU=Sgxh|Sp4`;>)TImp>XmZ>NTE2yG79yZ-_9iLm?HHi|USVy&Un^;JOMipc&npeuxtYEN$?YB4=j(#`P5~;o1*DGc$s-p}An2u%F#$=qx%c;xYEU zA#MB0^IKuB=!>2!L0`uhvauUy!_FiU1`TOHO$Y3$d>2w?*4_`+f&BA4{;rnBHV3BM zb9qQp%AT&2ob3xCG&}ks%--FmK1G+!#Px1Ug&vJQR}|@VACStd zvy2UcOR(7XUD=AGH)w)&6W|d4$75-Nw*GfL1Ag$0Oa09|9eRHv=2@|p$S1M>!-h1J zx2a67bu#8bCTv(wr_*td4<8Q@hd|37!8#@_tTJ&7wme>iHEF9oCZHK3sUpE;BocZY$YTI*}I6@au%I5lCQl zh*3Pe34VbnsSBFpufI4Ir92hjRN(7vf<z$1$AEBv z=bT;|k?e~Dg}_owSU~1Vy)P~yV%SiS(nQ6t@EdP#iO$#C-JvufGo!4baG?v*UwnUV_xjL zklxEsEy}=d!#6(OQy9ftb6e!jd$Dcml6HKRh{wp3-gGiy{xZ^tc46wQR_yPq7$Q7n zX`Ly{zBP7$GtMR0KTclG`ci13)4*b|A9GwZoee)uyiUfr^u=Fe)jxxPeCF-&_^xu9 zpUh;(iE6~twpQf~@f|dceeOeAfDX5Pt>A7E573>++MNOOu0iz~J!?A(`2euqM$o`k zR0xWh6)4|!OG=Fo$k1lLjK!0$4%33m^d0v0Qn zsz(@>guW%p-QC%k%+vOjE6_=KXA7W&MEY-W<#xD}O?6!f{X?u>ww(@ZZ&a9(Y=($f z1@Lktn7oBB(*S8O%KoTGRG^o=em0;Syhr=*VTXtZvXGsnIJMxs=2TO*BsxyYwhH3Z zMA6MgV~Iv9Bqm7R`1N*|0l6KOP>y4^{|SxjH9qH*>ZVr6kRKlfNubaMo~L_ahPo%+ zhg}*46aqJFNHrl8zrItp#EmAh5m#6tt0G#|{{zjSbm6i}`x4kw_6s6P$*Mo1zOObg zI?#@|zp(HoI+pgr)Pq>{9QrSH^QEy$k(weil`MSR%xv$qDzfTs+Kzm!2 z*M3fmPV=tY0F@VLvMEhRy8Tk{2ZpVZvG9E&q)j<$u$@`V<%Cwc#Bl`IGA~sdjU;q4 z!h5gtOo?q1Cd&3iC*D=bN$Xi?lo>AU#+B(fImuV~h&VT5b$_BYa{~=9vM+onADfc# zkQ+K%Mf%rJ-&+fjUmgM$fo8@ho^5#56|}#!=?D9B^fp`rU8+SScnchdH-3@aciqjb z9yw4DNQR)6X6|w*DYCOYePA(`VDRt!({xY{5W`(Y18RI3cZK>PWegv3TbfZ?qa^2r z`_Kiwgo|&NW6wV0X!q?P9vq+cwOu#jcWnj&cvLX@lFU>1(>=_-C8_9yHmvC}dYBpF zL}PQJ6{p!{Q%qC{{Gl&NsfuP3N{?5kf1Gl^FizQyIYeGf5Or5?%IM4G>I3Xy$VJNF7q)U|2}*y**tUe~Y7+KOVn$ z>#88a6;~mmtuzT!aR5l2xS-s(BdCZn&{LqyJ6tK77R@&Pcq&#%ye2F`A#pFN<6u4l zrTs{ig7A3tzVfZLgzawa(+U^4z0=;ydp@LIp9ySd{NEufK(GcMfAIFNMV>0W&7P;$ zq<0sIa&ytJ)^%BRj89t;>uJGF#qWQN76$JCAZ6RfEwcHLuaQ14jmTLbSwEBBz5a2K zCXm3nxuwC8+?PN`C7)$5J z=iZSJ-X~S<-8fE+AYO7=Vgz4bimiw40PIfDkM<*ebyGyYk34Uh6WOwvYj6ynydt&Vqkw0&nhKwCOQ0i$Yw;sI*nNag^@IFOKgP7oCfeZT!|)4052T#)k-<( z%pvA2`$R%K6(%DtU<=cn3&8Zk8Xv%f&CkTMs|F6@rnKZ8xR6vF&a92ArZEZsX+{4k zkJimCA%&4`ptKj+8*se$yM4^vwld*qKycBy|Y9q`i5MsMdvOjAnS)Kwg$!yC$e``npZ3or@FJ8D1-1F4*h7FhdnaM z)FphSJfpe0Er`FZF%HozxMy@ZT@QO+;?*EiKv^7L)CW|C+UGvo=B}}XK%}_+_2uMjhC%R$|t0Uw8Byph<8eabl0WowMd8{ei6cF`AG z#GhjL?MpfSErQKfkk_dL+)aD`&d`(x35>y8vVTmQoVqh5{5n5CdV5&<0V zJq2IpoFyJmKUGZKczP8~(4@NN#DmNR`m6rV)tOZK2$zQyAL)6~wzl$#^AjIaI^$>z zuURMo%beXw!c2k{&#wMfXL#3jkKN#gdgembj)8)Wjt&XCE4cNvcuAhFC{}<7;LFR% z$#RHs1G(-u%30<7ei=uyC%Nc@L1j1)b~_EB0uQn%3vgrZ-`?@l{DZ8n0|&Kkpg&`V zIr2cyGw8X#T6{t6I@{fZ#(KrKGOh#q$W=`32*9hMNLZ{!Pm%p6R#35}*yO`~W~@qR zrKfJ+71WI7wys`tTQ$(XJZ)2gnRPHrAI+jh#F6oS!2=OxasmK&tN^H*d%k^aoAmo< z^He8I(ChXQ)m>bKV0&Go+@g`=j0S!)x3~FyZXWh$ApyqjBOT@+)J{8UMNa=%HFv(Z z=gj-ILd8LxQzWYch;%?G5g-z3ZBog&K>8GuYq~5=VV5jIsx>cM*=pUlyW==ACjKBb z#EE%I+ua&QCo8X!2HQQS&Y|)KQ+M5Q%MBuJ`0V#uRoYRkjV7O;R`Sd7klMSzl|dcVrIZ46?7JSgsWS(1Z`@_;k?AP5C zG^dX=qpI~DV)g6mAkfUo$4q}#X%tK+U?iNGRsZf#E6S*UO@<8RBl0!m>edQ!V?&t* z^ARZsY!5E&qT824XEskfxm2(GYy$a3w+p~6=^k~rCT(Pn3*TWO>zxrYk{3g`_MdK+ zQ0{UZr+Z5?Xd-{YRsXHa=#?Z1n7=4C%Oo#)<0-&3KHuuvcIgY}nG!Gf=*hTJ|8hK&&cSQnh+|AVKl=f83# zE?l?%nptz$b~bz|y=M6R#8mAC)Vk0Lp_yGk4(|a7zv>$@nZazT000`8^oG=Yx@oSP zTUzyr!;#ctfuvaSp(HpSPoo`_ialH!qn(_FcK2|yMY->|7A;Tsc*`s%6%7f%=BW@` zCZz3o1ylK;(0C&?Wp+1m zi0fZawuRTxdp$y+9z$z+eddvFGNG6!V*`HHG}MP*&->?I`s{;j4?>|&Byw&yhFxHA z<`8q@2^W)QWA#S4j6c5UdH_*v=O#!Xby)v>b1ds3+>R z4u_=I&HXX*#o45CxcvwqWc*8dn_xgyfhVB8Qywy&h-Ustg>@JZ{CT|tJ-4+9-J62; z({dPGDsnJ=*2;IsuIyPw<)5|$4QKot)-sQWrOB^w;Ya$DzVkr;GtVIy8!9K^0H$K@ zA);WDgUuHx-x-w`8pS#L8LN(9Yw|erTZPjP47|0E^;08e9SiXJz5;sZ|H z=f}G9>+VN}pVSw{mPOuzVU?iuXS9^CEpV|Uz68zU(an~QBRiX(5A)8&?hSn5zF4Ci z!uKKUuXElV7Gp~#>eP$AptjRCq5|L3c$LI!`C=L&OchkQq~0B3o8MVjvuDRY<9>)V z=&0FXitsS5ysi51C5gE2`)W{-F68W;K}Y@DMSW9kxTrrLLtz|Y{JG(%TNtkQyE97R zn5PxrY|)norlkpC(eid=#;^^~jCjg>QSM2&{JRUEYmw)(&gjq0ANU{3m*Ug^1fhUu$#czds3Rx&ZBQY}nF z5MH+Gpg~k={ryF7ddj*&uo{OFW=}4i07h|=rx`;W5dTbeDJ z?4HkG$ebBE;X{)vQO}5Y1OA7V5h4_6~DtJ4)DnIMCJ{RbhyW+g@;?OGCH2Wg}=w~r2;(mJCly^bGafXXS!HZ z+hd*ohXIP8UNR|Il*6FF;M3nVM_!bgV;C-Kqds?t8-;jGgMzS-k z=SO4C=GvB>Z z1Bgu-(N(JXE?_iV{&3w`&9AvL=En@|IPa%ljoL#ztKU7Kv~F27_dY(MQB&S3>Yp!0 z{XrS7!Nc+9j!XTjr}dL#brqS|fI93EN%K}3SM)vOh#U1)k2O=+xMmP{_BM44_S56@ zh~zc4l30v%Z;0r7>3{ewU%P8C=Bnl)4y5=0r8M_fF2sIL4&f)4AwD#T=}>>Hzn&}d zBd;WrP>HZlBfbEI_9Rc8#i?Y$=G=Q^u!{;uOmJZc8%c!3vnDg3GQ|Vu)-Goo%9{dz z_W({V7s#Yj%INS68i8WTs+Ts7SXqB>eo)7lpkY_V27n5*2gov9Q2=*Oyd`tQKYdn6 zq7-ylHz_dg`I?6zn=3j09mH&6P;v^QI2!(DjB(%55LtM+lUjOC>uLNH59!K(KQqzx zg|*RX)$!<)6Y6~(Tc=b0VZUY$j??^v2VkJ|=?CUWjW{Kk`9VsX{aL7hrXEHB>1q2l zruNgBC;U|oS4G$F8LEq@4t%Uh`#%e>@|@1C-q(i1vh{W?s!ot<6J9`vFL3>7EpPEv zBLQ@_o1%3c?#J;Jhd{J-t5?0Q_a;Is8)8T)?;gU0K`wZqPh5bo@QQE&E%Jz*ayDB` z+SI2`fBtHntg{8C1NX+R|DayKn;^Rj(8nPUAkcb=_p}0KzCZjB=S~`l2JA55?c8wf z?fvoxY}$c!Fpn>_Z#q`cMD>9M6TjXI`%3<(o@cuk;~&k7@g4#we&;#)%rfekWc??y zGyRN%XKiVMr_I*jIV=;zYqPb(B}?ejde7%Q!1^O6VLVF4Piip)_u~WNI9+UKLE92> z$DzwB`m&R{axs+q&Z`ZApJc`ldyfMT+VW&o01~m*&2YJpfK}?jGIPBZ3BWy zm}q-e^=R75UN_J818G(49hW#fzE>IfL}6^Pu2tNNcXHWc z^+SGZY1P#g8E=8EBpmOjjGE%w!-jW;%I0}g63b`z#C4<#k;L5c;1UNCk+A9D-1E`B zc{w5kVld9Ox1VQ(;87Ggm1Pkt;p7535!07m4Huh=m0{oj#&|1T9h~!szLL;*@LSZ>98xwOzLGS^nPXMR9C_h2ZeX7LeWJ z6FL3F=`+Ly7$v|XY3YB;5q|6 z73$*!0sr&z2V4)y8!V;|K7MCEx>5W)^enBO-BpBIW!=S&kd~kj8shM+A8s$4JmwLP z%nUTBKYefrvGF@ALAA%qWFRaa@#Vn1ZR_=!O(_t^hu(0>)GDG+CuqwInpZduasSq> zx(NN54u0#A`GQa{u(mH;WN_4(BT6^_wBU!@YLVUu!b0sq|Gn>^C8=ib$(=D;7?mP? zoSoO184wXse0HCUOnq;VC-wflY`}h4IYVl?fF#Wz@^SY^Tssebq$D<@-tMN8c=04f ztqnh_pJVzD#XKb;h&45xU0Lo$A69r$p|cwiD?4@4ZpdPeSN31F)*`^9a{qw+;4^(;{*?`&@M10Xo~HD2K-acdoH5Pw-P zVM9|@%uSiw8L3M$$~2La(T?nl#8JJ$?7xAscXW3qP0m501R;DsF263BIu(bNpS2%) z>UgB}ZF!+uPcEhD1$xmZgZDSfTI5_ML1DoA9T-f=2L+B zNpBx9B~I&m#R*Hnxq|nj^vIZCI89D|Iza0w_<*Wc_uX~4LtB0?x=YMufw1iBhk<@Z ztGB|#6^;RT1sYFK$&(zP zQEZgr5)NF?jg13T*s$qynyea{2P3I#q3ksH_%dzJs<`-?TR$8TxCIZtm)drAF^FPq z$=UDOt%>6oH<3h~zqcT9kGoI|ch;gwoS6RiWufpDvLihgAOAwiVCkQNp5FO3HIW88X~0#dmahW-oGPV$-uh?gqq9sx zobB1))Esv=mUxQ4F(AOQ9FxoQz^i}}qeXaPWL@YT{j-c+quX@b@fOO)xa5mXf z%I=LyOjXfJ&z!284-^McX^$yD#;7SDC4fqqv*Ao!l*vL$l4cfqk?Hm6oCG8BJf7Vs z7Em81Hue$KAY#04K1643)02GF!t&qO5ui?#$@2guI{*Rt-77FM{ZDDPRLb`##?$?L zY1lmWO|HZmCCbNtArF`9%pyY3oN5An5^hmGFrGvLe-zDq)7h}-Yj(y10{Lb&I4x6V zns7J$7%^sgkN1On&HKFaV#r7V0S-o|3xggZ`{mPk&jQ@#=CNWJW%?x38$bxk^;mU+ zD!-^dt$)vBV;y*doqM+d9f0qXvX!wD-J&x*f^;gy0pGC8+;0jf|HR%AKK-8-panC{ z=DxtbiL&vu(995Tz^OKjFPwK&iFU8$h9zjRMf&o~Xgy`7I6<}STq}wWx|^9oa%%PV z$KiHQ{NQ^ggr1pyvc<30lVzbpt(*Qt9^p1spu(Vw)9dKFj_LQo9ZU7MME*W2P0EDK^rm+t=aoBW_}1adQQht@8?c_d>^v15YtX zE`+eJm#sSC+M?B!owOF1HR~j)k9Q*SZs)Bj$|4Kmri?FiD8n|%Mm1}8DJ95y?H)=6 z$X-Zvzzye@8yiO>KEyKC86;)DemH+T-nyI1X}X^{g>MlWxO`#WqRjPl0weAh3Gs2u z8(R8>w*Urn8*(hXmfkryu2%;*_rk|6lI?RI%dg(}z6Z%v6DL+j<+EI3Qh6t3wHd}b z`LW3X+MPk-{{pc#oTw;>Lo>(Y*G1}j=vV0!6lGFgd=gk{CR0s@yr=;HxJ|wwS_R4T zPym_Upm3w4YqTQq58=yD)GRO5*$#N{>?8f~7xlj(o>Pl4AG%xJ+qcQcd=E4^2qdEi ziWoIs$8aVLCo#a1U_C(v^pV-d{J&eM=DLiN@Vy|&PpM{&-Bzjr zBage3zZ%f|ng%m$!+&I#?P2(CG%vx6h|IpiK5TwO$^e83hmUsf9S1wKl+}H3J}G|% zCnQ)_w&QV{0q+h31khc#Af1(oS=i)s76-j^H2Epugnu3r_=>O{GdKoto8|`N7P@yq6 zwNEW396*d&WL?r`pyPc(03wu|ncp0&D6d9phtNyfn%?lih@x3+OSjSQ1GN6TUzq47 zcL&-9gSDcOwh3PvvH$v75;CCn2IH{j*JCHjBtMGN#&37$V`4DtI`PNyNMwvcqmznL zpWeuAT!xby#b=)%o~+%Sy!QzK7<4$0B#hVLy_aGZOM*~fVxYej+TuFF_2Amb(*fClC8q+X zV)&N8m^;`*Y=-^S>?w|AeGSf*qd%eR2fTJ?G}60&Q#SaDpjius7ofJzFI#K84B(md z<+>waz8{v@j&B!V{_i~M=?u~$$-Upm9bd+SM`+3+1PF1Fpi7EH`kWy*FYMW1f|M5q zqQkY+pEn-Umy!L;ojkIbueR^1LA@24CBPBG<)lnqO+eUNcpEp%g93pq%A`ueFZXa= zokS9c#v2S}Yuyj8_z|q z&Av!VZ~v%(n`&m3sK>s%cBls?q@-lY!4iwCSw&3{THl5I&rK26Odo=-RVsXg3B~dx zYrAe}-8yJ|;h)1)_FAa8ks}p_ItR0!^8YD@qewFjQ)DcNkZckw^0HaqWw>p2({_B^ zSn*j6d6OW4UjQFbW_U%DM23bq9hMpDUh}5-=`*JZ+czoy`Ch5Utz&iH=?InD+-~x_ z<*K-aq?>^CQ=Q0xWD-;f6U+lWE!QkJ)WRPB?Eey-AEcXmUNF^pY)dsN0kmNT*zi*J zEi`k{<$bYH15z_G+q=a+SfvV30tpBb4tK)zTie|hEalt&;Yw+T505gw5L8iHlZfxV zOykGvR6}Jfe&t(JNNUDhzkxa+k{fIay!+EcQ0$2qZ}YVP7jz#{x4m=QgrZFP?r(PY z(XYYBYJ&^=rDw?p+gbPW0S2!(U!r_p;!rn;q6N$^c$m=|co6||fHyWLTqh@JM<-~G z#=zZcX0lbhoe}(!2qk_VW&Z3hZdQ+UGyxlUUJg{t^RkAHl26XN)lK%~hl6HJ$<#_=X+>>F;&;`jdFq+7?Iw zEKK@@6zi@q!0iT=GR31cC!23Td*XY|C`fL z*qB6`J0zTY?%_z4@*e>VA{1{+x|G6>!x(4P=nf9PY%5}$BO7UKAH`!ukZr%s{~Cm> z>Nb9x3q@;U#x}V=Ym6c$EXo3Y1&nvyc7^|Krr30?eH2{1Z?bK$o#wz~Tx={wp?@B+ zFARs}`+wk0*(61Kn)HT7)YdYbJpLK?J^3uZQ%M3!C~teHY?@g<9QNsc1Phf(kd-m3 zT3v`^Xuu)y%m|JL-52+KHJv(HPdSrP8UIy*O=QkUJ~dLiellSZEH(Eu0#jP278 zD?w!;{MhIqBSN@L2U%fIc1`Mo?%kRs@2gTYDQ8|WU)^m6v6uP1W901U?1C`yPPh8n6q@-(8O54I@99P%&1?+557uHik94v$!!C)wU*4MLs5RE5KEFheU(7 z9X)RjxTh8B@q%?*p%Jj<^kupnDSWk+`n5sMv7z@(OMi#HvLB0$^JYOKi**0q*iD30c(1yr z2h**O93}{@A%RQ!(gA>ty6%rAmd{*KjuQ12{1Nh__IHi$8jhMt-(<50U-09eX1o?? zU??)HPT&FR6`I|Y?Oj!D0SdS&f(g zh!22JgUb6Ia&XCVNts@Cn0>g?A(pu(4LJq3!NxZYsesSD{(%M>OcOD9W|UV z;4ZA(tUp4e^Wu=G^E7bS;=St&4%QJHvZq71{#hSRq?y+cwK_aL3Xarz>CTJXZWk1G zjw97T$g3-Yb~zz@FWPYFtc2`;?crrSi)4VnmUr-JD1HXV<`04(w}_`bqN^jVc)Ngk z`lsiPQzdn=xJ1*BOPz;5;>O%C@x8wLn3>rDq((pd!}^!IRJ$-z0ws(5b8RB*FTE^( zAXr2k*N0^IW39e}47s~`OIY?$3kA&)_cdu$*cTu-)HsIW5v<{!G;W69xf=3%v1^!g z?2&vX?Nql?QZc5|QlRdf;cJRXnsFY)3CBlEXeK^yY2vm=(~Du|G&{X&Z)-h0qLf?2WL?H&JVa$YBvejw@3U5> zL7r)B!));B%t&;N4A^x2DakyfAw-GG8F(wAGvBEUsE%|Oxpmk-L6hhEu7hE4#AWw< z#5jD*B-KcfT*MhyLUN{Rh}!rPl#NS22eZVbE9*nUem&Q-vum9u2V@`$6&hw%^q74jqaYSL1YS6j6Fz@@<+G26f=cNkZN*W12uEu_=Rk<0@M>r z4$G1}sP%7>Bt9TpE$5mz>_(_o58G`>yT?9Q4yj&|yTUNwa^45Px?GBF9JklMc&XzU(VQ3t<`8%AGlGll2l_f zj)5`fdW7O3v$=0=h_3?S*V&Kj>%Eb`IGygtr#GrTq#pn5)f=I|!=(eBjpXq4B7V`k z6Ad%>=Y&78zh;yz#3+mI;5GHX->4=LjX@iZ;jLG`S)&1KbQbf}dJD(1%|D0ll~Qn~ znQLw>3$a~sWnXH1`}swPndfyyEbg$V`Sgr`edWOck7({?!cT`ihVH;M-g!Pq#iO_< zAQz>c-GSjj0?@{F)p{M=d<{94M$fhdkLA=ss1B7K+UVyw8^gi|+LNw*lgZwXd@@RQ#+Spd4&8K(SpJ2*i;=_*FLmQGqoh{o zCVq=HaP&Qmu9uX)9rvzJ2DtVjq>RCBSGA{IJfrWOK1ehWW3irm-wEZ0X6E+5HFHZ+ zw%kc}KLLX%P4|p_%dO0MK#B@n)0<;}_u2o(x`$tarPQnu-C{3NTdfk!YKyn-<*}0% zdz&7sqOnzU3uMPgh>|D!i~nU^Qj9TxD;?zJrts#So_Fzp#!CoxaH#wFTWTGCIvzZ1JwxIxXdU!-N<H@O(x0d) zZPa4M@w4bJOsoI?Vn&qSkWNc!|3^p0k92R;ZSIFIP=81fambGFrwbsYDZLvFyxlm1 zG4M(u0)!%MT7`~JkHUH`4gM@)0l;+h%0hI*Wgk}BKW7LKz|erSw0U5#WN5-~Yz>^$ zk+ZBZj3r+Y>ebJcV_7~Iu4wJO8vOW{f6A_T0G}Tb0_v3p8`Mz13}EPhPe(`z%*+r+ z-ud0u$N~Gzd+BupadrSmiK*$}D*Jix#qWM*`=_0yHdtW&^P|QDj+YgV93<=xA+e_LZNRM`@|Ws4hjp4Q{-} z8|k;Viog$5*9dFmbejd9CF8c?_6XuB%t1VMU@#vDS)R^k{_haL1X5LD2-M{Eom<~P zd($-kv6>wK9>RX7jwlEtMmvSgS~`1)TT%LMtHLgB0mDwHUj<;w-7`(k(CwG7#rPiE zI*`i~TapT}Ypur?@#*G{q?LT!5g%Bk_q%eE`;&fO1?QP<)0wKOSShZrwrWoYYG46+ zVI*ai^;mhf`&HCPi1oW9B?U|s!`@^nPa)f1Q*6ThqN9{WZ$^LNm$_?Z$FRLCqBR?W z9?IF_O0$l}{vIxIFeZHa4$Zcty%Ln$py+oojcG1;i}CJVp&jR$$!uN1W&1dOEjF?N zCcyUmBELMK=jR>p&X?Y3V3(Nk4{~AGfRa^1;p6kE4Bd*B$>)rZS6lg}E(N3LCTcOQ zF2{X4PTfEaPpr8EVFA*oJFJ-WNWV@b?f&05Uok7q(2x9lzwcI*pZ6V1 zLy9(J?Xn}@RR}L0L7SX3c&yraFHALkmn8p0=7{Kb9FTem{$1Z#y-7J}5gP%T#GFGd~utu&Mz-RAw=EnMAEb(Q8R z+VaeaP)L3h!;qnzB6l%7+Ae*?tz3q_L$pw32{d;Pp&I_W%&ZBrzyb_xB{{>5Hd)h)`Px54f9 z=+-Bcs5>l?%H{F&9IkqQ{Sn$w-_e*d*U8MK^GrE zYBARWbh@JSHb0Opb;4>rm?epD9uWPSFns(gh|7eq_UqHo$8v6V`0~^ZS!uwEH<=B$p7cPp$%qhzJ^COG(6bd?I3fbLJLda{lX~$lv?8&z zjs>6dej0_TkD7VK-RAhfZM62B>f;DB=xgr0(giH~MRtAA8ZlDe6zmU0=zh46@o~YE z4mdu*jNH0gnnry7`?q2Byu96}&a@lMUf>jg<+SX@&|xsdf-ipG`p}UMf!9>n@19$3 z%UFglrE;plJGomvX zu6>DzzO)gvC|i3xbin)9yce#QhWwNl1%^X#`A8r?w+A3<7HlmplYR2UDG%W~DM)2- z15TlVqY{UoJxhoI9+aU#h4XwD-?5C0z_}BmfM=9Tq6JikCoZGMuXeTLLN?!Tb0pvu z+rjd^s8m(7zTO4aUbdtB;Sm0m88VjvQad7oL_3rDF*%cB_uu2#H)19uqeXWMre@xc zbgNqz8z(PZ1_%P*%^=+A$&c3(*4J*|{QI#XWOI@(Qb3V%pkVp0A?gm~wVjmQy#yKgbw;qo ztMRps14R$q90kNIu~ht?FL`?Yho`Ubit2yiZf(y4SyBdDl!$1Yt< zODUm(Ac%x?cS%c1cX#*x_Vb+ceg1@d&fNFRylU7Jgwz`zekWtm>X>|(tzBWkHPrjT z2nY!%*M@?+-@ua2W%}eWf2%7*i;W(huw!RUl(Q&NhLdzM_pOSNY<7yLL4dRUiwlm& zeDUEalCWK#X(n66Z9GtgwKerCNmYAh64e#N5I9IUNfnndDjqk!Lb$1M@ASpol8Wx% zmX%oQQqe9fW%;dXDsQ5KiER9+?_H-9>?rbe{6sh)e%QGBg)X$=z=u>>x0~}b#ni;@ zQF(ke5m~6^+_697iL8!O-wGNR&R*Zzp>1PA)$$L!|LXfTLHs%Ajyip_G7&ZRP{3Xj zq$InJW;ZwqEXB5a@{{j6Zl-5L??k(oCDd(EtDnNfE)KfbccDNUaU+o+?jR zLk7wky<)6I^5!gLJuUup4VyJlM^nB?p-?}N$&jI75lZJRgw8sESxJPub@70TC~i`4 zkc$l&`RX+Q1_Z3Ymh-$urTj871oT_6R?Lo5GW4QH`?B<{f9;8@86XNhFv14OcA8fY zzYCd)GT&t04PoL4lL^H8dcv92?IOjEI@8B!h$ZH~hT1`U6A~)?vWd5|K}k}_CORbJ zPcqBk&l(BRwBC)Q_S1|fnsHh@Zk;#J7u$&w^z#CTtEOk&cn@%6SIAnkL0>33vzS#d zuI3L4(%e;y%qhkKsPU7u>`0_};-y~h%Q$N=i(Gc={JMS%2pU(B;!ld0do^mLuA=_P z7#X;Ed*1D@bTRdPw-;|%2N6I-?ahXDrLP3ibctq-M9Jwn4 z!A{73mSs3drE7w6i;KzAfa&-5QFKtyB=uvleUdE^`g}ztD6Vv38P`y*O2?tYv!J6* zY~8aZkZD{el{??QCi}T4W6`yj#x{NaWyrw+DKbu3bQjvQaVp`m+A|c?|9!=%C6F;I zi_NF^t50S9Osr#x1kvb^@P>m0Fu!oQc$vaO42^{AkA3ukT$85fIM+FUq~0f>Y)%L2 zd>_$V54+7Xk~;NlNAz!FZAS2>?2V6%j)f?)22pCHZDeYQfeGW|;w*E6tVo(dLc~AF z+5gUQh6W!lxZvy*{XG8XSjr&C6x(%l3BM;W^Ge54*D|fApl&(Ma&F+*&-5mIy6jS? zvt6oa^%zj%dL20=AKwu04Uy&NE;1P${C-Ws`i&xA`L$XC+=dXkxdD9ns>-9{#?viZ zwVR_(hzl%P1#_N)oSiYK0j(l#m+apR2saMJwLuG!l@3i;{WQs*bPkd+*UKUWVK!Sa zS!qrHK$?==A1r$hmG^yvi?c$=tur{ov;G=Sf2FA5o8G@KK0O{^JZRs{zL9=ttb5dQ zV({gCEpb7Z@)5TaR^as^DkR6w>9q@u^~joZ4#9GD8jdW}1aB!+m4HSujYo;G#FO#r zPlT55@P_XwdcFFR^I?W|pQzM-<@0c;isAUf0nSwRbvX!dW`{|4aH`2JHZIeFn`?(E zPCso!R;}e|;auF{B`QEHCE)S80y!+}&2U;bhqji(n_;dRVv6!8^=GEScjcR?d(gg%}o#ScF&zroaH6U#U2O#N%Iu^vxsqDwD20JW@}= zSflS07uwy+I&`a#1zRO~rM=GJ^1Pf2d-Rl5R5W#d@AB;sUu#v3G3?7#nMT=bxy>xI zt}T9QvJXZy-QJYhxnLS*k0Ylnc45A+3{sBD>4ub_$KqVhx6m|rUQ$9)MXal`C6>vL zsou4YjC4L~pAEV*d+dJI2XEHu=|z#^#5>mCU*{7CeNm&gAKx%Y$J&%)V_7;#r4s6P z_WuNGCBcww-W5=^6`niW*6PS0B-+~AZu2^*#f(zK*c}$fL<&pYp7eXW%s%zs)UXWR zOeeLP5zY<7#>lmIoeJL~B$T-Qa_p^kXz;T^szGz11N}IE_pmH;_GS25%Xi7$a$SQ`yjhFDwXrNFHy#yV6^oE=Cr^nBr;d$pjJ59jSRNS69%1oUPZtM!Y197Ar z1U`bjPp;KxvOU@K-f3lW@clki6zqBiXx?`@G>+`bxQm^6HEju{CY z^24>NHZSFO8OkJ6-pzG)7Wb;)m94n?&0z2D0_9VH|T8skh|FFcywJe zZsXAE1ivMdxhQvYzV~oE>R`IZ-0$1Ff4Ne7(BWV+wD(r(V%oFuPTf%sEow4)=^|o3 zSk%cD|E?!nI)J?Ex1lrHCi=6pVL6LY#y4QeWFxS~%>_#O*fX!AIEMNYEhpywrlX1&s8r2W{YsL`mwIqzU4EnZ;E1dFp??cdfM# zso(2t*?(9(U5Sb|sMp>M-p+l*=u=*9e;G0*Ao~jokfLO!P=k$V2lL2DRs&p?)p)n! ztjPc)@yL*Cdfp$P04LOW+g8UT!7y0S3K||v!?EAGk1-_SQS|F0Q?7Ng6agmkk#)M- ziz1LTs8?NJI|oBI9BkE|wW!1GOA#@>=NxU=`k0YI4(JP7K(LB0~FtD;s5__ zG8*OZQ04V49gDkp>)R{i22WCVg{A9FGqgep>BGo|G6_hF zxO3pNtc0TUGB$-za;PmXM;mU5fz!{QS=7iZ=9?L)n^qaBclKnQnLF-Lg|T$UodkkQ zF;kZDSQQSKLf^6Au9x!(P`n!SY4{@_js?n;K-pA53#9q&C1wvHF!rb$Li=`i^xqgB z@FRNa%hY^WIt9Nr_k9aDx?2y2C@4J;wDvjzxH0;&G$M!r=%rdqAP50=uoD1Du#=!*4lEhKBAFP(ZjAAEXJi%L`}^SQnFww_xKF>R=KzH1Ky5Mr169VqE5 zW*P5MCGq>b%!z@pVk(HZ&X{BZJ$oT zwzih>^ehoY#z;{;N%j<RWeJ&M98f0oj??pH-LW+! ztV?NdbZzhF!3D4AHaSssiW2(>{*#>2!)++)UzQ0nuxM>@LuzrySyIYMrSQyBQs!>q zl9fJc$*<*x65SV;I=^cydrIy|zINTSov3gmx= zYk0Bon2ASi_@(A$3F1FnYXP`x=IvXKx7DRXPB z6%zN2H3%t;sY!x^V+%E=rLkv4M|nOt5H0@EfT~q-Qv|MA8|@~jLT=LaqP=`lU@E^_ zygJwMc9J@|0(>(590{6q?qb?kBm7w~bQ2li01Tv(%FPl=NEtGPQ&RVuPk2}5He_>E ztJV)Zu(dj{mGY(Lk85L!Xj4yHaMKe?{$JEX*ET94aFrpR*SQKTVl-$kQD=L z_{Bkn4pn7)^=~DMT8{*4w?`~%eQRlgx0Yl{gua2#!pSAOKXMm=0GKo3);3NNPmruM zcBUtp^NFjK5FmB(m?R3s$%vEb^ZQyet{cIbgDL5Yz;Z(nOr|&`)|O&oW4d=ICWyQD zz4>b*0K*Eo9@Bor-TDqHdS>j-&kF0}M1H*8(PH*l(-l~V64O<7?A5Sp@798Kv$-35wOH9$gD2%)s1&?^FP zQOXE)!?uMX>@=4eoT#pTe9;wLF7sU|mGHI-l9bQ9LnKbpI#$oX1VPRfK@!V&!=b+cCy*=_UV==x~e z%&F@}bg1>!X7;meRUs0>Z@D$p=wX{Jcj2PRuiOn4SS-Cxad$Zkk4wGq6lZvpS>^jg zKo;dMK0c?p-($s8RdtSA#RRrmxFs6RsH+2t8J|AY@h8$|y%wyN;=)8X?5`UF`AYEg zq~-x|w=My_`iHCZuK=?Rn3XkHl?*O~!M0*0B+J>v&C;4KkBuA68cN<~3~k&WPC`}2 zQ{;3eM!bI6Q!@EAy)!m2g4VI{*r|N=c>zR>(!gXoWQa!lx9(25R56 z^)OA3-*3m}-t3tO=YCTgn-?Y0b)eJUWOtwX2fZpL*fXlFGdALIy7o^`0xh{B7^RTlmX}92azo4{ z)d~27t#<@=D#ViWUySqo-Hh}hZCs{~{=JlY{G?e;ts(Ik=1r~7rT`h@5m~VRT7N5! z0Co`%LL~=eSPIbd99>nwti~VX-)#$5EU3sDSJIhHk78gF(r!k&V9};A*OEikE{J%m zwPAPw%w*+A1!t~ml*PzRs^}^EH{IkB?~0OBlXfdnzB+Qm7MBx{U<;@QC07|?h{lqj zgH9Dc3AN%vMHAXUZ7{-2D91p0wYEEMm5J#TS%m&_m~ayEaR!-7jh9SX@p|D)2W_w`3)N!s(DMI zzm!qJl;PW>#`X#O%5@KoMqM7iTvsH**&#*8wv7#~J_-1!5RA zfgo>{zs{)7vKU4dV1KR*r_&@nL0IGEUDU7!6~Kfty(R>Pos^I+olra-HKjQaWKJ0u z#sZ;-QZk=je*}IfX15B4Dasot&jeJo%k@Y}7d@rLTX+qZgqwU^8qBCVcS%3( z2;`mFFJyco>hF?k?V{)D6cOg_>clX`STwqw=T2NmupZa&E;X# z6^?u&uKjSPM3XGqU|cYU6+auIE&hg!BmCwyTfNl#brzJ5Fwt5I{UswNVaz-nAPHbm zzYuR;9oEZZV(!iW#Nu7BS+Ox7q|{L83r!4{sL$O%TX!t5YVH>D@~v?Un6XZ;sNsZa zC@;6W>3goA;xB177Nx%pQbR{2;YAnKH${^PdXxMZ8U@6U?5na;Vz?dTYoZtw(j+2{ ze`#$8ENeJYwE)0}(!$M1eq#z3(u>Q<)V%ap!yrpQPHx;vyJKmc4_Ql7Fp``D< z8#{>1pPogE=uPEiD9dL!K=bPCtguh6$b|4ZlI$u)!h8)17D{f;o*IQs?q<>K8$j5G z*g3>wHRx$wDj3>mj^BBq)DYsiXSXx{CTgAO*_H0(ax2jII3nZ1lpiT6krgE?4F6bA zN@{h#x?{wQikY5qjV>jcTceB#?7GWaYg%QlYx4Zco$y%)$AQ<)M>X)j$_S6mo~rO#-ew#;BFP#<|S)UG8_{G!_tp5QpZ;>W^;IDhHF@_Yw86GK24A8B+vi1*y;s$=s>X#`6Ds+_ahx?FRH6o z=yI;W_LEbaAOBUmaq`>;7E2w}9@`p*BhE5Gz)?>RW611!J9SBeK+gnxG*bdVEGH%& z+bV*)Av5*$MyDUCRCW)yhs^tUaHw_w8CXCzZ@zmt zJNELQjP^d!Ych=l>o4g=S?@c6y?@9*Q#n1)Y^(=x3Y3$pz8EeK>)>A9L`8P~iDvi@G&^q~yoU$dDvq zH|&ImICD71QO0M)m==cp@b8k`UHfc+M?$2RcGxLQm|n4WSy9`Cb<3TN=cgg}zUFH{ zw;xYUURk%v9hw5T4oN_@=KzgXNgcJRevMMi(3dCY7KlFJF~@VhIwFRpFmgHw0PO(M@{T2NyCd~TF@vlhY(>~O z2J+yVtSs(sBWT=?EOMLq4fOFJFngrKkWR^oSxwe8W?n!h^txus`&e?_*vdHRRQ^@5 zDodHeJ0|hX^uw$)&qe_K5RRjbGgh!wLfMUh!tUz#3=oKFjk0~Uu$v*4%vI0?E;jlI zK$BpH(CfRk!h!*G3PyJ1@-lAVJ)BPX@#C)!w2$7@q8|92xkRKGao##ML1?0Ewp~Qa z0`F}akK_q_eS^a`GcIO%MS7wsMbQF$bD?4zzc`^2Cy#l}(jvLZA90B&h47kBw=E0< z@87n29QrXy2~ejBn%J1+|7xJq*chyUu5P1C+>xv57CwKw5TOn~xXt4%%$U$NdlvZa zcA@ENG|Njq2|A88eGe8Hun(?J!SC3pvoIQ^S)}#CG^BCVuGVQxJ*c&WBwAeM1tb4Ixu$$}cvP zN!SERwF*&Y96Fn2h3NI)*){022eZ4 zl2i(05jrBzKT=I3)cpBqArA=2iJ@tK$O(!Ux{?ywTKZ;|^ux^X% zx#p&4#H8T2yN$KWxejtk;sWYSvQ<PK@T1KcaoIRQlX$K^dE zk8QDsWH;&iPyU;Mk@b>%>C%38)6wi2&V%36R;Vu*Q0+cH97^ui}gq4dc_y!_@N-P)DfL)#5zZ<; z@S8j2H8s4MVKeU0GOvf|ao1%ae!K=gSIXMq*BtBTMg+}9q6A{GL@VYY(pTF~&0$TP zSwVEe&4lJKYdjb)F$mbOf6J0}z#2(I`5YPbz%I(jRB+xwwGK}H3{@0+(af3LPo)c* z#;`ipmrTd_Qxc>1A*E{vy45%Av&uUI;jI37_b z&23^6vKZR*SW+;`!az759*UVIp~jEGG9)otuDY<%mHV}q%ucC2sf#GJrGoO>$PRCJ zlE3q{Q1ts!52`E&7u`$^L_yA-8R`8t2MTK=BmQnS6AhO;wJ&?$?mx_iEv~k0rQdtE zj31y<4twl5|2b!O-LXVEQhcz`9}y--S7bt=zm*fCPML+^=*}N zYs4VLcNY%Js#d?xY-gAw%a+dtnryAyjZ>-uWK^vBi;IT#Pw6f%4X$ujl0GtjiQI)} z6Sex^28T4&PU;0c6F^BZ_NQXd6Im4&TW#VzkZT2;+22ilB5-+{Hd61w#<(>n>~rq% z9Xynh4UhUbM5R ziH(}KccmKTe^Z5gD@GLEtKK~*HBOGk?_a1G(e4xlH3Wk1maUnyf$DcSah72Ev;j07 zK*FQI5odXaH)Bj;n}lR3AjkY5*quo^qI-;L9an97#oERy0oI2X69LH3xlGA?v#Re} z=~NZ5NIor$4*Bk0yI%Q)`s)O_D@qb8SRQAAHM4Tx01AoMmfZd5(aKj2 z+353V``_h|xq z?fUzD8a>ZqV}i`qQCHJwJ;ik7n3iPU$(?0RAZ-$Kxv^sCk9c##cdXgVy|!Dl%o0uQ z9IwX*Qdr(!^~7AH&D^)#-JLF0Pq}|@5!p0;&L@`Bv8HzYI063I+UMfdn&daR-FIMw zf#MnpB!2~hLBXV8QoP7k5)CJmekj9_jhewJF}ys|W93e_CK@j4`qj%9gVUBeN8L zf6Xh_lDl&u|LWx~u^M9h-of0UJj2I1 ztv4|mtU>%8vm*@KS^wobg$p=uX3>3pBPny=*KqkX$1* z(P}9?KsxvERlkGv^+|@fvlR)Q7-N~zgMm`}_p}n2RLN=^PR;UE%S>bhqc4NBbldU% zNB=cTgIAdqo-7zaxYZxtXgN)~X8&tRV&_)Qwv9mCZGPSym4E0@a=HD5(fy@2Lf3z1 ztNq#`Cw3L)bLte@&c^enOnptoQmJkL}J4)D@vN1 z;_<(AP>nqTa+k%ky|-bF4zDYxSb99Kv)BX&i{H+RwAdT@>Ag2oeU-6hnG{_rtq}=+ zp`HCxVXCZiyW`-@_BRb{ndnz*(>$2I!@-O!<2h&4a^3&502M8JwG#VU!`j{ z?R?z)+;;gg?te}X9@?Bw2|lykbw^e}CK)geq}J(yG|V%rLf);8&^~n#w$%fBer5*o z^><+14gxbLvT5AuuxUV1H-%8>qb$+&~XKtqSp& z&DwIxaHvBN)@J*(_tEl}@F$`L?JP6-wr%d}yu0JAdXk*O4iyF zAty-{8TLoh1F}!Kb>F$XYBA_T=^V4lC~DhLA{m}?_OLMu6p)L-H$<LT+K=0t`g%UJvky-VAdx@%;vM|%#Kr!52SobssT(x^lHNE#jfm+wy z#-G;wX@|0DsA0q3n=^A2Ha?G#yhH!lAB_X_ZP zJ;zxSX;E4u^KDP@fG&8b2wHe#&SukJazLWl~YCv4u z%frR0(;N*y+n=SHkb_fjUrfS7;jL$8^`@E>v3UValzaC$M7=gb469sfRf=Yq~z2Uc+pY>Vt zS}S0TOwz)4d+DnDXQ?F7hZ@Y5yY*AF0^{$FaPiBD&>2a=|0FjH3s&9qr-`T=U#1}m zKak`zm7^04oc&}Q;6++=#n7jC^ju)!_p74Phf)0`=UHY_UkfFAb!VfCvpqm5>FAk6 zIn8;q`Ql(7b!SUQD&`vd+#S=rTF}(!G$Tvsx8E={gXiyc_#;QKLk3noCYTK*%k+P9NkaV?&woqIMR=ka!%TAnX;ujw4d|#Wv%oU}0A-WV%pyyvx_bMb4E|XXi4`k5@)!j<<4_ zU7z}C>Fj@foIZ14WO&r|=5%P`3TE|AF|kr0f^1fAeFvUfULSDytsb+9s5zCZJW|_0 z=Ed7Oz+_+bxe{opW3lzQsek)tsT9C@bv6At*lSndWx(*@)>A^R@NleS$dI1?yPH;` zD-}<(^#p)^B(?AI!|YX6?EwmGt6adNgj)Wn9JrUjipdkqrjuK5D*EyXp6lRbn4`(u zk$J3>Z_Av)Ship=aM^*_Z3=cROZ3;E8ApgTyLXw1S|V~YGL5%NdmkZBG9m> zDD>!VU9eP6+mm|@^_-@|#BrlzUH9lRqDCRzwJ(_!g(b@fsEOlZ$0 z!gt_)@u~gzgtfAH)_R@(2Fl+~YViP-9fEV*4fRB!Nn85ad##W~BWr8m2L|V(HrI}) ze2hxh>eFoNU8y)@3CFUxO|OkZ0f;n<9N30@SkZ>t3Bb1F0)$9hI0nWtq1{-vBuHVF z0q%qWh_EtLJa@e0GfxIO@wh_i`B@h2XQAHB$hXmdNu9YrO-exS2CLhAdZwoM{ETb^ z?pc*SsZYLgM20?@@v&ld`NAp0Ds0^;P@K(TAUG_qVf9Yo6fY7T2ifg zib#Kaw9Wtv!Fsh{P2KWqyZNV7+(M~E%hulFQ1L(6gKe{4FuTu#Hp}XsJwuzR#NkvH z)X(+dn_{1t>Mk;>e=#+CUccc7tW+?LoL8xyh4CdNF+HV$eW|6ek{JN~80^*!_(IM% zf-@-$_Ov3-OSC>}7VaewFS27WAR=pY!IXli*trw78TpZ{F=~G&2zO}qk$cue@Z8zKik!BH(?G(!JG{lmzgl#&>G|HM>=~5qx6&}k$aHfZS;`EcL0jokr#OiP> z5SL86#I;cRBxk}}7(G9?1A(WXV`;>6iryFKwKe)YnQm$zwzVyf`meG9?Zp9iBI+gCJ0(QH=R1ekvxEeAOgTLp>QzVi z6{^s-hr$!Zgr+6b(2_#bRxbL99$RwRJfKA%a~b1tZ3Loa3I3o7RV(~8CLlBqrdoIT zdz3-52|ub;^CagZ08NG7+VNmI4~2EAsv_~anH7H%+6IeKJfB&c(DGh>bygXNedU8L4ow0k+l37HqOf3EZnvmMN% zrpcaPnj3xfoWHsz|NM~N5`iZ!&30Dqm3bwJ7@lvkUPXBlX5H*gKIk#FoL0qd-uI|E zn(kMQ3aPQzc5s7m>FqIL!t}%=FX)Cp1prj+vR>7n)-C4=3ImAq>e!5#F&(LeikC%F zd#loWAbgn7L(-2DYvVkhcLXg%o*vS)#+XTt?i9lO4W-ZOX@q!+tgm>OGX=Dpp$L}N zdQ7?mgM?Y)+(OdC5nODUQ_;DL2vo%3P*IrD&J-ICu?*3w-=&SQ?#R#Dk)0CQ&lV7- zfd{UUK3ih;8`+>JakxMbl9iG3+R8aWpZOu1Affj}AYpFQ6FevMcmnOIj~KwT_lIjD zw(B36JatNOw*_r}`5LlNr?B6wL8h~9XI(~9STF6AkYC%iv6H`*L%R`n^5;L*`tNo^ z*UdIuvh)F(?eMn09e5B-;S5rZ1R4~FusSzLwd1Rd?T3R`x#NcMbigCOZWP9R8v4kK zvDLJ4V)rEuaVw(r_n*~)#VX{Q>_i;pH4cJC^bU<9HAxHUlmpk7z6`ZX(ml5BkE08+ zXOazg+<<@R5*(6nkfDD>gSy*f93S@;hFkDkpkpyi+aXSC`>=-!)Q7rx3YP!rL6O3} zf1&dian|%P8$(^3rS(N?^Qd`#{^Xha#X2~AVIHo4+gKm)Ow!j+XZv)yl9G4n^o8el zkF(a*-=1{m>>@-!m!-=X?4f{r+w!I+wByF<-Psx!0PT~}bwvb+fZ0-W0cK&2JoId$ z^@ppXl88q@)Fv~MSA^7|6HV_jrV*ZqKbdDI3m+q$D4Gv)cCz}>B0JvXRS8aGoMKK<=(BtE zvfS?3*@>-P+8>3qxKmdcF3@0k9RfN5k%S)QPw#Ph3jl3tOf3(lPPG4nDD(FQng98f zo=}p7;HQbO;*T#r#_#}n9wX!u*I9($Zo9wtNaGr7095UqFU-bHbT0>~AI__sWEP~| zceFq+-x>^+fR~N|2DNCc8NIwN)26s z1b+Ec@a^Zmb33fH&!8rbV5=$5%DdZ|qbAw8P^U?wHrBA)d5Nb(@+JU?09nWa4sLefWarkF7IWYL9 zIdNioYUhq!?}^G2T-DybA7Vdq>)XNt*jV^SSpR-nkj@ru@A!inlznpLTz)Oo7O8vv zD9H!-+W|@^3{HJw2@|E~XU8be#uTnX?#kRY(7A|f<@9L4B zzc=NW&#+>Ok@&-X^|bvDAMXyAjCpN*DSp1y3Vugv{RAEN?!)Jk$vH*#DL4ZR|GtJxw%FBh@KZ*=7J|_GZ{uVedWCIxM8F8fOo_d7 z@RyM9gO~ru6-Q8k!+(_<81L=157-{8>V+3^dG~A=m}T=)-O5%pH=_$4htY4q^|Ga@ z07tg|^o9HR`Pb?qeA{KAgPYSFm;2krc&}_11(KNKt=w>7IvQ8Zr9pM-Y0sc|~kwN4^nl{79%RnX=Lca9U8M}=pGMxk_ zvdx5NL&n(+CN%?1E*qmb~Cf+UKk={$|wh{e#gBj96Ip1`A z6VUeKa3Yn|$z1bPzsKYIOriH%sM4`2nU`u3A14{caVX1*DeKp5-(ZE;$SBArg==9H zLSX`1>W^`Y1})uDU3kRKeL&D#CwSi9C;5GR93K_+A!I+a=bGzQEx+C9gI+$6O4Xbj zWTO7&UgbD2b*}Q4E?1<@N2U=>Z0{mE*28sH1*HXzg%h-Q+4GwYoa5Gg-#C7$CHj2S zkh(zcV?8xtNsHw7-VmG3&biOFo%Gxk52ChcTCm@Z;)!ev=^P%3cp1CX-BL6&<444mQ4t zmB%Q4uXhh;XZ>S3#I;jA!gMl-Y}9@tHn#%?Oyr>h;|pTl`k< zJZ%efA1ITaaBj60|EfmbXZ60xIYwG)uNd?v z`)v5rT?nXNbP5xuNG25C-U(q#zEaTkWreA$-?`vE5?#)rIUUAwVG*GK(n&PS_^=Ro z&fTg&f)(!1e@BnSd>J-OlXhK-oZl*k6~8g~W91$``h-5x$TOl6f693Lkf?_~+qiu* zdiS@=6vK<>$@&O25zhP~J0Z?DMRuJO5>$qDRGyNowt-&m1FQ7721U7~N;DHZjftVf zJ)uzcfvW&!l^CI%xty#7&u4gmEs&ZMw7l-HL{9twq4wPCVrY4weYgoib=LSBj4%+| z3>$hc`cv_$L^!KUg-?XXr7+#mzfk-H`tlMV2xj|mEJ_hN`;2rUtNola`(fwOk}>j; z3Kb&`b1BHGzU+WR6~K5U0?-R^w>BG=!HClv$$K)h^mz3bo)ZRPl|qSJdedCCb@W3-4M3s;D)JTect zm*tVl=r)k)chkHW!s&!*F6KcN^W{Ee#_jn@JZv5>7iA(V_BSyJLz5jtpFutcKGSP! z-f)){;%C0dxbG2AECcyhd=vYlQ%*Ith7Bunj|2 zCQLkUIaaLRc_r$(arrxr>Xv`fI&8n9`P^RmZsSAAuo)k2FXp(>(@S6rK|!V@&OQTZ zZ}u6``WOI*2rGW0{p~0URC!oH!ePuL`~lg9dE$QlRHvC+n@0)opK|D4FcvSA@xc>{ zXbU9{VUro>mZLx1R?d?2Ojo&_Y%dPSetDgJxwiKpd)-d(<5y98#;fW3_^#Ef0|u|w z!{epN;Xo>x`0GoLA3P;>dm?*IPCcu`(w9$#fLb(!hW4`Y2ydy=y8K5z`-FeYy4#e< zIM%c$3|GQMj7soCc1OsA5uD_Jh)^31xe&TJK){$_aquQoJQ*CJb`d2E5~W9o15ZoP zu9K8n62N`Snakgw!Ldsqj71pw9UGjMQGz+b4oeRN7g3BkT;nLzOOdHV-ied0@Ciui z>KlEmT~2&rotgA#P}~fLOEP$dOF7HROB^f zl@R^VKu#%?9r2jjDGf(HBepYByjzi8I*Vc2b%FXQgb9v6W#RfL?sKyVRrm*Bv56qc zEHH!x`;6xiz58|9&)-zHJD*0(XOZParmz34<~HH-dRor*!M?lik97DiS!KQ7E&3Td;CI2!<_eE02c|CudIRL^lD^ zl32Vq(D9#B27H5i334UBLMKHNJO@^K25El8l7CNF_y3Rgc0xxFk~-pnNZEp^eJwi+ zi8ynIbUqgx>Y}F%rhj=?rEovYCr=n(dYl(}zc<5q`c4XQa4<^P72#EEhMX}KWb|>z zQC7*#*x%3*QkAVfU?5=Wr$_nw9(pH+(*(ME#TzHVl~Rtr{(PbAQHA5RcrG$y8nHht zik5v^b?LF8{=NF!tSMRkmH#AOst1i>_OY_gMJhe%Ex{Z992Ckl9DAkn6UlIj%f&Wi zUeSGWHOcU-?4WXtImP-Cm(^#esipTXr^OynHJ& z2B1+{OEi`#*LS}rwcPWS_XA14IWY|bTYfQ9(zAQ+s22VIqv@)`qU@se(B0iFEhr^9 zNOzZX3P?9d3`jS^(A_27At~J;-5}lFGiUyDo^v@@bF=oh*PEMOTn2Fx@n8*rfHo-y zj~9ejSEPVHZUl-9lG1?XTV?PAwcy1k#dQoL++-LTzlwh?yxL{kIlZ+)CjW|2UXO-m zO+~n@81)YTTd{26^&`~%0@YiC%Sw~SD4Ko2=XK~t(efWj+Np!p$XF9Ci|TiMhz`RD z85r@^2;aAY^IE4z)JR>plm1!1@umnvo(KV^IyAZf?qBj&U5J4I+{2LPS)NaH+<{5v zX1`vcr@y_jC}p!Bpw-7Ytqp?Tnnnf3nkk(J@q%M}2T4DjGLTYZd$(Th#<_PPV8>nd zYzyzW0C$4mg6n!I`S~YP3OPnbM-p{bvb;Q*y>vxEx8tXO)|c1SYiU5nDNPmC)fMO2 zN7YjTeqA~-JdGs_+@J8VTom(CK)?61Ut6t$Bp-Q@0IE_*fd)E8jdMw+viTMeba%Yi zei4!HuMMey=Tj!&=JhvDIMe}pfXa8f>(a)ixogJ*#i>Has z^C6sT5O%yXBcY|u(Q-)TaqT)aGr8$IJh*h{wrM^$dEV6+xNIt_vIqar3y>wvB4k~- zt+k}SOm82p7vgz~(j|9zluG*1(7j`gvKrO7w&bUzvV*$-mpP*}1Pj4|_dO*;JL5uFRqVTt47vs=zdWnrny`&zX9#5N&7n_Az(7NdVDJDg4NoSD4_3+Hs06q&!px(?hyL`R+2 zDu5g99rM^6EtF{jrs@NcfIvLt_|Es_9NAmTIR}D;W}*&64h@V@g0oOL7e>khVD|$d ziBV?=#(TZKig`}IU5faU$N<`{?H$FG**SuL>7_WUc7B++NRr;mtbp{6n4-|;SC};R(&{vv*Zl91h=(BF;)dWd{c+S?_ zwl`_lHNlPvRFDBJlP)z=B{jT|NSpFkRq1aZIMG-)(n^O6TBv5M&&Ln|M(&=J2pR*| z-4Gd%{6?tfph}7_9$+`POA*k?w;*{$;QISM1#4E$fO0Ls7gziXZ>cJrt0LTrAc=+= z3T?T3LfeMcc?Pb{o?agwvVvmcGH{keb4B9o2gS6ph6P&EU`nq7hcfVleBvTsZO5#oAb&rZRn9uXDdC>hZ^mxF!ry3rpqoO)Ncz zOuW3_knFmWi9BwJfk$gwiB|sZC4d4KO`0+LaeX#Ga{JH&!-t)LyDYa!zvq{s@`~$^ zBIFZ?JawLPV7-)#)=5n%2pl;%yNyFtj^NXjSY_T%h6i(F253XL)v~)6=123UAo=!h zigcY{Q9sqSZXZ{+-E_T>l2Y#@IDv$33=Ejha<3s!hd9{R^5tUambd0q8; z@{{XeAS{3S0K7tkMVX{o2QsY2ymy&W)$Y)%$hWSD`2lI8p{w`!0vL`~l;b~MtshwX zHEj~T8d#?7i7Ehjy+UFY!^8k7+9qP5qjlL}9eDeyCU{$nAWj!v1WYr$@L@$#bAqJIbz#%6>878k{&#`{Z4JEm2PJK|Ev-~Q z2mzQ2r?`?hrQ!!F_7e>#EA-BV`oq6+W+*G~-|6R>mdj8fk^`De+131PEiCtKavXZ= z-8U3&&c?CW`$u)yr=7!C%6S7_D09EoiE)w#^dueN4RKg=JIFnZnBcbm`Y|RHR@nVh z&x0V?ZdpFe zA!+lSbLg&W56qA3bu2PQkLT5~qrNDOdiuOq7{4Ev`6GGm+;y1_P<0vg55bV|Qw{0I zV1U#yoP98_5)v)%%3p;JSU623+klmFF`_w{Q({I$x4WZw!zX_#4V(+O1}e{Vm%k9w z&CR{aOs2h#orV?WTZpW`aj3KFICHi=y%B(tWgv5fs6#v{@{my6@m!N|2Ucv#Q+DsE z1_9IMqK5qZAF&h%u7_&Cv+{?6z!c&k$+;w6KvDI`37^lHfq?VtBPzlh-FM$1IV8>f z#2pH!wVrUGE1hvJ1|n(6p94j_*4Yuz`JH8TDd9DaDLMYwC|XB4_7m6b%lJ!^O7JT~ zS@rcL1nR+G@+D4bLYIbqn{+7t7C-h+T@eW@qD&BPg&`&*+p(K5ugA`6fInB4fuF|X*&?mAD=tdA+&U#mNC0A#yO?kJT$Rw=aNUz!1OvhIh z1cYAB*SIdeJ!l$zk$00sfJMdAyPtMQ1Q+JDoqx?y8GHTw?jRnjeF#z7WzvoFa+5ij zy$5I}fdWGWpuV;^VU2N&8pThIawQwlVAMR%0@|N8tkN2HG*}uIEKHbHA=^@N3L&xZ zbkn1eIqs;Q8W!^C`N<#ul)Y~Gtnb8K3`}5%g<^t}ThKzBJJ@u!b-K=Jq|bn$8lHfY z6X72>Y_fe#=ZMDT_912w1seeXNv2Rh!~F&i34jAh;EmJE$dd;pmcIB+1m5E)mJ;+Z zVKqV;VQ=Al+2LYEHq5ckG1>-Jf_H|XmSR8J z?)VNW;eJsihNIl$Ug@BHS7+wT2CvkNi4h?k14cDb-~EsQ^H<9IvUuY5l3t@Jetm~i9*Sk-#%?=i6iJ=(BS-24V5g`2g4nHIb zRLJWzz}A-cf``e?AfJ|2>(jDo?g7`P?|a{e`>!U}*EM$(`d`{A(yem^ z6&$K^$7&2G3y?feStCMrPuG_FZ@3zHJ`$!s3t7uU@J!n=?G>$?vK6km5alE_)VE98 z2m80g+inw0s7R@>XEu4VAW>ghDfgaiMO2>&l5cTp@;3M;N2AUc>ETBMiK2lkt0Pt=2IlUzp%GK$@sO$a~01p1HJ*1^^IYFjRZE8wBy zbx0L7x+wNELS{5q9x|rArn?=FLVAyF*+}S{s)S?31luK()~l5TMw4ltU~#!pBB->+ zBbO#Xtq2KF*Q80NB_D|&rXfMvOvoaRVQXW?BFoO&7VoOTl8hXwqY*=K(D=vi;xUi= zSYX0gSd_C>3Hqb`_y)pC`32IKza8GKo9dnaTa25uoWBoE?ht+@fQJB}RFDSPQlj+w ziYF;<#kug}cyQAFf`{`!xy=CkyqSG{2S|&)I9>6}tm>?>tMtCESY0seoJ-=EqK?*z zbUIyoSunMnT!idJLatW19AD{rXzu;mzOVM6Y>>Bfp1|3T{(&GVXM$eh=AGC^6h5uu z2M#zN$yWdXrJvEoS#5wJOa5H*H~4GpOr=$8b{>Jp-R*JRPuE;e-!9B<;RvkSQ5X2k z+t@z_l+WS9kB5wfdbUlMV2I+-8v}K;v1Wc!|B&pz#X>rI1$J+3r3Un6wPB6_-l5#@ zcI5O>JlHl^i|Qz*1MWz&ep(0?^2TgBL0w2Ph!ks1p4LmN#f?!Mi5Th++%8z$EnTI_ zEA5Kw$`C}PIN&y3m0R2M{FsD^;GlYiJxmDCk%}$;nXZTa4S;7uc}^uX{p~13FK2vv zQ6h2lA%k?NzGu%*nuGS^p)W#Ui_m?omIV6|?tSAm2#+doskIFNJ6*e>3w!v7QeUN- z@%5R9nz2ed6)W%qc|#cxQBeu1>>KGqnnM>xM?w`b;K)Cj3k>$yl!|t{Xr6cGqzo1y z2WAPY&jyvt`~2+R8-4-i!=5ZA%wirw#hw4a{~+3*k&(<%`Q`i02&n#TI~=Fh*-Z4p zXUfNZ*)`_ne06V_evd=!L5E*Jx6aXs{pJ2{dRZ`|scU~<0k(~)HLFZDxN2ii2u$v6 z18I8d`GNw&yEf`XGz_)(_A=~rW)_79^Cb~FAN&u@SEC$Oh0(%y8k==oCIxSn8f~d@ zL>qHSa)3IoLSy0(q`pW%t@fm-*ww%89-`s{jnSt|EnQy|9spxLxTMB6qRy1Da-Fz3 zu@f4~orYTLW4UY>7MK*#f$j~3%UN!YRkmB4Rm-f|OX$nZ@k@NFs^T!J1vnSvblu$K z@=#;nBzHr7_j&nCUY`BMHvHf2)&hp8-0$x{wzRb^)s`}a;F8Yv=sXpOciAuz4CI%} zL!v1;V2@f}2jrY)No;@uAAjcGzE@;M0(hhVOckz7SQr%)^C?lfwNSyhaX-b;8VOl= zSOF|p)^==4jX|G>A9CC{9|mafNSOtkq)=ZW&kgH26uLOroG%dXTO3f1!8+0HW2A*F zm^UP+31BJ`W)?+;0oZs`t|mR)Bd&7JbX@TdFs`t(SY=vl=&mQOoYoTvNN~{kfdh8M zQ26YK6j-JWB@uJG6mF?%^S0Ijny7(1ch@?)8||EAp^s4}udYM!5NGGdl@ke_Hy}pU zP*H7j@UJLFKY_E8@4MFBAGu#6RSgYag4do@QeikoY8ey2TtT?CEgB)JYQ~}J91gbU zczE2CaT8U(Xv1Vqyu6m}*h48}(Se7cfj)8+OybPr6*AMsg#R-IPW4ajqhmtIi2&`ST-`^Y8EEqR&R)WZ89rT?8(79#Y?Pq>Rp0I z%gWhl=gnmi>B9fFW(X{U_Ai&-;lGt8ZnuB!Dpt1bvVaLzL8w3v1*DqnONoeG*CxH> zve~i}=asYeoEs6a{Uw6qa_Vx#qM~B3-|$N#V$Y8Cbh^;Hf5ZE6vRRLvYU_LXE)1byjIE+#}6xO-sY$M5;J+i&;rVck7Rcu(LuyVf2|(|HnILQsZ=j*d@u zt8|UDZ`U|GJY9+kgX242){oqBzh6l=pKnZ{ICTj|zm`rf%)*OrZkgu5(c;JMuqRrB z+I#js)>%9u18P*NI>!HX6T(oEDqs0t)%&G+p^sS~0Y!*_Y^}gXK;D8xA)f>p0em2T z93XF2f{iXYQGzujKiOFWNdrDmzg?n+mj+-rmV(RfE=;z=7%J*}~ z(OOhLg0}W=bpiDkEp)*7_r&LO3%{}5-3LdSp`8!JaoAT~+X2Kh8!CUfmyhnR6T73T zFo^5UUQZ4YAE!V&ng`vHPPsns3J2H#A!$YM;z)%2oZ=kBxC)u zSb&fYfJGNgJnavFR_Y$Y9hzi>URz34XOm!{G$O3Jkkv2{R{X2;nWGx?$VC61HBy9wiK`2IS5LN>#L)!Ql2>|kZWfJ%BH|xWO=F3(7^QG)DF>;4lUnbYO zgn>GzlIf$(-R#V6axR<{jEeRx;lfJ_WV`ZJ1A<?gyT>ebUQwL^2S{UtDhR>{ zN@SuNWUw$}_3T+OfM)k{qpp2*5f2+5~oAzvuE3xq0kOEn9mcq!uMtJJv?FYZwDuk^D-2eiLaUw!Z%Y!Z)`#&5a-Xlz4$7R5W+ zgSxF$<`>2wuu2_IDFlKy{^nPD&+Tgyzg-L1ImTq#_p2?)7*csa2c)y;!`I3o0n)4x zdk$DsS$oWr0oWIxNeyhTN&U((=d!d6ec@6am&by(#Uy@<(a(#Wz5}|np!l}`1eAon zlcnj|lVHY2oeOOipZAu3WUHkh!KI<5B_y|E6bWG_?T5)w6j-|r7O)wQZ-zaMl`Kx% zi_2nWE+5=FCHeP+;rNE&1~Ecghu}sRAIBS}M=!C4f&@&be#DSSEPDVxzLdHH5^Xjf zuajnm7JxR=M!I)rjxXx9?9aP{0|=mNeni=9jiA~2-`z*QhHIgTQhz%2?UYn|+FR~o zHo|#^h(_dsw3q_j$;B)10rKiS@OJfpFGcv`U&#T;YX9K4Lh|`iEJ$%B3Z*~NOWKw< z5i8i{ySM{jQsC@K@2~1Uau@#Qq|NbF8Vb%7(ES*;!Dn6RXr3al4@xF4y<Orm(mv?p>;hM8N2fJ|Ip;RI$mGw)v3wCtsUp!RrS`KLz!rd*%XU~h{ zy;HZcaeuVyipjYAewqO#CwTpIs}4l1k&_)kk4 z*a-)3pnxIlxQE+XzikO>zhl-oclYVF>7L?)97W|lORIa8_ezD{meHVJVKXZmx82qf zkcJoVv@M%tKgV$QM?;oWu9|hRk2|O|!rvfqiQP#D7e#vYkqmHU+5k~@~Vr~i(J3WPWtb*?Ub?9^nEB=DY znRmSo?i=OCRQ9|e9ecB^@X{>(TxQmW>q+>Tito8M5n3X;&Ia&vOgYF^!wNJ(5J;YO z612Q%l?#Ia;|R71r&Z&cen@*i zbYs_ED~bjN(Rq4Pjv31_iVS*xio=ZGZk8aW55jBWZj`YJ?b*|dSi|RJ8l~w$_pVbS z88wM^ZBtLTdehJmM@X}s3{Zd-)u1}_vy>qu&>^N}A_KTD))1iIUqg%O*iU`z+=pLg zb|oEXh%|8MYt;)>n2RZpgw87?p^KdjaZt9qaGyNG*NMo>FbZ*EV$Hyn8%ITmt`}6hY(gdq5UhmNS z??X5_lWopO0c`Np8_pAKanw{hZPxK6LuqsR(z=Tw2U-ffcTPs}4(tJ57b??vvlIb^ zwpr(3GO7{U(-A(M$MrSmIsIdb z*BB%VSYr8u^2k~&l~SG$vHoH=QFGCqi=G?L<#!;=VNeT*AL^%}_6hN&{vH8pJ!_U9 z5=l>}hn+$Jd}mnoC$A@oh?eI}_YtgteoWWsvem;~&Keca7lNB7fqG`Sh{lAcfB~j0 zM#)Pi40DjPr&H5M-E;Tg1sB2T%mFvqL`!L&RP*zjT{PFe@1kHoY(V|ZhJ;qW;nStY zd~r$s{5S@SAQ9;}nR`FUP>V>d@;newD(U;|JheLiP(1_`c0R-TW;8@ybx(b9f|l#DuUBwY)0pBB&6eBxwMW0+ zoMZMmS=ei>X)o+%b0b?&1q56gZ7@c!^sj${EyA$<6sFsI3u(c4Lk@WFBVIPR+eQZR zRl&Kv;ykAPLD@YB_nUg>5l97KB5zo|Lg`%S6!dWepwXQ!m6Vc(2p*ehNUOcAox6=KQre(!Q z9hJO{=3?SDTL6<$Wh8x=*)FM5BORDf0=5knyK6Z(1f@uPk_cQ!$gY(;=vo(b%ZxZx zJO+R*HVyH=pca^+|4pxRDJiS8JZ?audKdb1ZYW@B3X3FFb%#go!vzm>V zWPBQD(VxdhF_|{D-5;!JVvY6>csF-w6H>wEG;@*#><)Xv_~!jI4S*jSBaUa^=PKK) z68Obr_9X^Ww!9px*3wqAQb*vrQrLw4CkIhlyRJkZpOgN`sCH~j{1EIk^zVJp``wNg(etqQUnN#1baRU7Age$7VO>_zh|0R!ICeH8JU1YN=Iy@a zmq}aV!-lhDJGA%Sv;Fz`aoFTldgjARSlCj#uYkb*A-YJn1&XY&u&u5Azd4#`wf1k~ zjKsSqz(+XfeIdC)c#JH1<651RkDm1>H&Chl` zj*jSh9M7z9AM7|k7C?3-uS|T^jNCHXB@)rbY*L0^5zzpU)3Hufw7(}Ce~c6tt)!1g zqPQm_|2B7o}o&y4p0Sk<~BWs_s0j=>E>7V z3uQP})vNFkv_Hknb?^Z2GRzo4*VFHdD|=5T(DvjzDygV~77}P@JoE&;qPRy2CnG&# z{L~cz)0aFA4qYSRiGK{m*W;rCmzuW|e1+3jj*&Q^fBc)2rH<1uE}77}9h4dm=w+@< z#@#~!yDlt`0TX!e9O2l3gBtKWcHw$01$JI@8C~muE0=!dwS)4q=rAoqjB?zxcOPOo zh)1~?S2Q9`0KfFc;Knw4Neaw$^N z&nu2}kis{^i^BSM1Q@q<-Jcmq97gB)m!7mYD?rMG`K5N~bOg#PW<19T^*Pv2tKvU#SmDY>k0Qcjnd!G3f~X|+6yyinz| z*R^?J?)@o|+J2I9Xl`L{S1OH{PuJzBSaJDxWu}oZGus&^w)7GxFPE<}bGf55-QU-j z73E1*+?jVU(JH8uKx47(yE2c0?fv&Yv*@JSWP(SP#%e4D`=F8zk;J$)@MhAa z=Q-BR+eHy2-3&@GX=AllAp^6VZqJ09463}dT3CGYK2bhty?@qzy$v^r9Lx$g*KP_Q zh_+jGZP*51)lYKhufhoj7vi?fSQ}NC3A@SVS!dOyGP#z#D^kO(rhlfy1Y`c;zI$m{I5OxCPw(yRRhPh6Lbov0Y6K zPHpyo;t9Tv0X@G#gj2qt#anC7TX31wJtrNx>TX2gy~TN4Ja2lPJuU;0EF6GOM{ykt z=Hb);^?W=mM~2(GcoW`(ASJk-xng*6K_q}#7;+#1C*smvoSw+IhAz@#cA20GF+WFP zTX71X?mYhcurh>MR0-yMOZO@^MZn$17-|WgR2L?@Vy~c6XP?FXw4Ck(w)T!3;R>9 zWmRTfMW!-|4Ck|53TEt zMs>^8%1KC5vfb#NhX+w-louZtyP-cUeIrnm!&A~;Zp@AA1&@$E7s%s~ z=rRe{RuJ&KxT-2lz@$5@HwYI2A^-JGIq5an6qctM;{_ZJ;QzlD;PS;Ngdy_R2`|>j zHBl^V8+%6>Ws!l5+6()2x-#F7F-4;q&(gTRY#r~iU(&{5u+g)?nSJC_M4072DIycb zAaZ>mX&WR2hlwTaeF;HWd%X9^@=&2rWe$D$X7@&mxNcPJ)1t|WIM27C+XN?$&>w7p zd51DHhvktr49D_N|85}fE`u&_&AG$y6?6dt$_fcB`CrnO*wzOOL^Xzs5umKDerd9l z&uKM5N9gZggFfyWdM|wWVuhr+0e$#==I{kpd%7Qn9D<7(tD?d7z$l?|-NvsR`Qg03 zf`WZ5pYYnmTz^Ap7{qEP|GCY7sf4*kv<^he0|in&b5VsdD$gEmdqYDL;b9m`kuJ#$ zszBDKcI2NJv=Fw*yWjOvBTfvt%nIYiI?`{xjOkwT$%A_LP-1b}P*U9@OEeRxX5ui5 z<~6=T%WKcgk&QP7s``Voe*eP^&@598IlX-~KZ4WD*MjSj@O~V&Ufr2F9*xg#xOx&I z`S$7HG2_|SJh#1iXUqd(7m$UXL=K43 zh9CZOz|xJorN(9cbA%H-3Rba@Lrb-{T(6|)!p+p zGLM*`ai~NEn3MWKtih7cSuS0To0npvE~hDuTIJqc_xW2s3{HVlG{|ky^YQdE;T_P5 zLy1RmCCDULmqq~w9O z^{IEJiH~I|z`UR_u>(GDR%14f)&CBFs}j6t+r;HiQi|xS6BCDn6axX5xmAJdLK-nu z-u@S1f@`k8t+L&)vWhGGIL7*Fx2yW^BGhxN77=pc>lkoTqH{UaAMQGuIi+>26T$|? z7ed_hD`Al6@>cWgzbV@tk~un~vYuFZm$SSUr;{P|@!OnL%6$|@2_|6PSST)+I;3bV zLT2aI6ALe1bqG^5sB!6vb@b;jFXAtB_nDml4@i#6JL0CMy0R*VS+T-iTDw$|)W6Ro zPN3+83@>9}hjz}rHxq8J_qrzT>b*CxSJ7tlcOUkmXR^_i?#ua$rNaEwh5>4cpF1%P zYUMX33Y^_OGj>Y%L2CJ`hAj(S#fE~mt&q|W6$p^9!S>iikC?Eqw+*?Xl4G?#+Mm_v3CFq|&~8$N@?(!P z6rWM&E6ciF>JM~Z-qxosg;&3R))qDK*(_~q`0Jsh3z$yA6WqGWkH<7}cVkq4iCoQ% z+VGOO!GZ1%&eOdAx4mO@&{;K>y2Z>2*8_p<*nR)cMWh1bww(q1&$;H|b-wt5qZR}l%Hhn9uy;UmvH3i!+5FOZWpuAjJerr6s z9|V5p@evohcn9{#p;UvJfqMrEw(x}Y?#UU%4+3PnUy4m`{?x33n{|nfR>sju1I+fRU!GI ze@7X=tP(dSNQ_hmz0bcM8)`q;?}CoXLYSYyz1d<&Ph62;5~_NbFmWh?L@xc4U+}7w z`ES3ZEcM=AZ@=x-VI(884P(r~P9Em|gR#nQpfyQnj+B-WJKOT2LW__#x5~DyK53B$ zLt)ujK?nhC*y7^ws9)y-j*s6A-@=H<+@@k)5n|$mHe6*KfvPGMtv_4hq^mj{M#i$N za^(=+#jK5{QET{O-nZWjl)x1Mi)$QO%HK7b=P6{3@FINmSwNhse1_+!Ij(?#-ZM`E zcG>{sTC2tPIm=zynbmD2c@NN(lNwcB{NaJ#LRq*HUhyoBGI%RBO>V~FD|m`+4a}QT zy(=II8YtkgTZjB)k1pAqgM6D5F7XLU{xh*jXLbglrjO1vqd*JBoh6oFp$pN_w}o5z zrKfG7RSlA~trU8zwQ*d1DxC4DY!7zukjzJJp_*vzzoNetJnzKu5Gl#?hCto9)5A?j zF~2GMbNp#vyM(x+1NNJl?4jhTF>A$5zm{j;@+VBzU$2QYv3X%O(hzg_z#7IZX9V$b zwlG%hKRKR%zGZr7aCd`m_>Btz8p0UDFIs+C(T+bVkT11* zel$7Xz4T`OEbTVs%<>@mB_i-L^@DY`KjWJV*EchD5eZFqa0SF{?WYUllX|r+csKgz zv-#w{qFB0_>1;+mzrIR;ncAsOD7$d#2=}yW3J&L&JSm0ut}Xf1V7%UXbZUX|zR>57 zBmVNCs&2G@|LC7#Dpt!u9FuFayNjnKSU55BL!H@#P=h2s{o8~=q$5Oz{PQ(I!`QoF ziS4AhcYD&<-S3`tC7|#?jG=)bM9iRK0{e^AkzHAS9%>9C>PN-|5Zoa7C`9%)3 z=jq|(>c2K4ZZHdNpz9!F-b;c(6cViOtdRzL-peyTyt6O9}=Ni(|)L6uh zM%cGsWngP-!;VcQ&UcR?vc9vAMh+8- zHOCmu<0n*(Xdz9i#N*I-)ziOK^iR;X+IPzq6mzIY(CGu8O(KDYXaC%79yJjtNQi|I zkcMH#m(fJdR4M1ZL6WDPig ziYpNytsTDycI9`CST&>jucti8WNm=Hmc7 zL!nHv0_xlxm^2KHuIE->upExQsoJt*5tr?o9h%CwU{^G&p${SDyyT693gltg~a(3Kk|r}zW~nc zEt!K<%;2lf5Wh$DltnHxt6g+V+kfjP1Tae#%)-bGeBO4GV;vDy224z7qry4de6z7B z+d=_)6OU<>M`9#G33E35LiWZezSMO_=A1{O+_}SSUO##*(Z$2y!~tWe0_Nn2q8+|- zk|oFX@$o|#i6B^t9Zg94`%c^=dlqwCy}J%{{6uN*Y*9eT`-mUt0v;ShpA>6}eZsKw zzOG|{HDx`iHGlQvknxzW><7Ta@Y{zteDZjubszEsy`=97sz@4Pff>$e$&mLeoo!_0 zHD>&+_w{4mFz1$I_b#?$z+7foO}W`im;c($R`9r!!`_8c2Uhy_-qiRTSIMtU9`2rI zQQy|9<4V;9DqbiW-&RlDA?phITo1Zidj#T6vX;7}L z9$6$7)=-IWOvQ~&;z3%ok*KxVub})QTm_cKGGjwCE zG{XBor3pPV=z;%u21Y?_Xpt&D&t`qmTtq?_f|f*}k6#2qLqqFb=Lqu@52EUC8^7au z{dTu_Jb)(~G_5oAKrGsa&CrDOI9l-bFFY`72!E4WNstVSgH3)&qJADBRqzmc>|VM+ zxH+cJU<$OJ9YT^>`Zq3gKYbAXE387m;S(O2WJKgu<1}rOd_26pZG+bq;Nb$4zz{4u zlAl8c1n0h5V;3b)3USUiFnxhDov-*x?SG5=ThszJy}y_{teks%615TEW%2O9n6s-i zdh({SiuQyB_Rwb`vnM?UaZHE)V>*3@G=qy-}Y8g7KdvoYdZl zm-;;UyKS+b{c)T+o<4D_^zo7m3RxPNkN^fLI#RQ|?hwWK`cK#z|ljR8<86-1_$x ztp(|>+2!bV1t=)>A>7-vkBz=)72?0SqvdpQFoBiEtfXKJCB=5GE}~CGVF<~ z<$8L57`m(rQ_ldHva)t+T9Gi1CMcZV=S8CfQhG-2A2w^L-5cCVYHHBI#_~zFXGAy9qy|Pwp?Uf?C9vmeMQqxyu~o7r6p4XbM<#z31R2` zxO5cU4iq0bHrceXaqBDKY&31m_Aua9Z0HbIkk$Al()8sN(=}MEY#c~gR*6S>KFvDG z;(tDK)3#dAZ5Awwj!Er{WNy2G**}Zzxl2Aw-I8#}rdun*+Lkr_-8~Bz$ct{!W=Ee| zrOrqVgj-xJYqMkB7H4qFxVY8s5$71717TyNOyRG>ii>(F1q~J8r3@u#)%)~0(1DB6cA|1CwPw|f7uBr3*wC= z*sJ2HSe8NqMU(H%-y9*J@}t2y4;^Ajm|qBb zuW@ijE!fq);%2j$nG*1AGi|+d5O?96t$|1J4U}`?bJCEyu;DVqV?c9)<@C7mkh}DK zr0=;@?9ofN3v#G+^A8=+h0g{6U(aU>A&KV+$|nPI>}Au4jakzK<~|%7d}bv*W%KKV zrZJG~%>#OaBJbfZqUsCEu{9OoS4!CMhG?)X^j)Mx!sO5Z?V^X?nA`Q!Xm0KCDk$aL z(Cg~1Pv(TsJTm#hA8an7SD#ujmMx7eLvbel4k!H3vf0MhU)C?`JGKgY1}bR`av`Mq z7vT%xfAkBMW!DW47qxy@Fi1|6%HEhmDx(ml9RGXOBz;L|8F$k_7`V@k%S2lWHvO=a z?$)ke!dX--o@P@Vk^-CH0&pxCp9zoOmI_d1PnS$eDO|F8Tn}b1S`4o2O8K*;*6uI} zGlzj^UC?1k%v}|JRXB7(Q4M4IugVZQ+k_Fpw2$x!_478kKk}Dw_Xt-0C46|K*)V{O;R#ea5*xo9#T#Y&K{>^h}O%729bHP|Da zuOWO23=UQ5B@6r#ORn_LO=1mJv%J`h*x0a+@8`EV0=|AnzsDYDjbur&k{7*K^+?L< z%8ftaJFL;5FWxVZQ=w`6?7Jc*o#djIi7EGky_OyBg^6>i-jYf3I&W`WpEESo5yhLC zp#lNDLl1pOl{`2t-ZFXS+*`(NVTaO_I#oe8nkQU>uo+IfxJ1@L2B9rpLxN4+OCH0EFi~k`aG{4@l55PT(5_^+hW9sbgV=5=*PsArl$F}pK z^NOV;Ssa(Xrbrr{&+&GccMj3jtbJMs{%2+-FdGomnHW^#Ocgk86I@`ie+ZCcZNyOS zL*`JV#lrs_-~FIxYQ%WBPKrZDp(Vi~X^Ds-Cwh3j%H_j$MisRGI63IE{eE?J7QvL9 zB~;E9r)Ugc#l;E67q5k>rPO03kn*!=+V1=SV+Z0MqEP|z8^y_tf@QVi-~c^5Ae9vW zH^DV6PG#qe^{*%-DKyG_r>Ii!4b$ z17t1WY&es`v4ODd# z?QU}stp*Q94X?)hL7MxI$03kag5nyihFXB>SDlM?H*cFo;)316Ea2>viIYzRm!m&8 z*qBCDcd_1Qok^s@9s%i_^4GlK-7Z+bq38)JI7|ds7yZ%HU-;K>#`D&VMrj-mmkl$7P&z4;Xl}#GM-wkvR=INP8(05c5GsA$wSz0Q_eOs z0?@tfB?|t@r+E{Tmgj~1J|1CjJ~TidD=u8fjzpk^WQ5QAuXlg%v?cta-eg43Au)i% zV1unJfzMEvL%ZCG)1>~BfzqL?a>N`dzpoEsn2+m+=Ff1&=x{20s>k_Tbn=%xLmYVs z2^94vY#RBmv*OJ5Qi6%~i7@i)nK*P7z`@d{^o`^2?ygz4IvPpT`cGjs)@UMoeZ?;! z20JJ1ot9Yk9}il5gOmiCiKoGmTNdc*fA*7@5LuY?mz#UI>t_M>2r-5TsaO)ELggBH zN_33+EUV%eitMr|00-3K+q$6L$c7X~Zp)PHKXd%yR}LM~n}LaPr?+Cr4NTB5v+JV= zP;#p9{nhR!sPga=&y#aX>}#sXm!IkyGJ%#2DiBpvaTQ!+&Mf}b=A}iiK*=|*h5{F) z%9Rw0f9UMV3J}&=exxT=C|D7a^ti0r;tXSoUFYZ7TmQ{6-9E(cK6I2<-VnfQbo(#7 zgjaumNd(a)GTnyc74*f@A#u8~`P}}LTwY|%x(oma-yw~^yrN=CmWV>i`z|C6N%`;_~T<;GEk}0Dmmd!jOkZDL8fW4*sEr zNnpmr@s-`O?AQbdAa9h|0#82FD+IJmdbuP93F+;?w_fJnsM&Tf;#wUbowz~9o2*(dP9z(Abz2+Nr9DYCL zP6|E@KsRpoj{W-ue$lj$FD#F?hu+q(SNKPHCjOL%JDa&Yj=A z&;1w9dDdQg?e|@u_n6YWq~tma5Y2n53@`UxyJm?D-*! zMl*iv5?JB`$RB}7?&T8#Rg@W@5061DG`X2MxYCSHV);1zk#$(n8(1+3iS2>wO8*uW z(Io7QK6(~9le6*3J)wwl;v`^X{39AYtWf>0$$r{f?yza4o(@ZP)5(mdiOXWYa;Tam1!gx#-`k6vNqWvy7U*E<7*r#(Y(JQwR*yh90prZDa^B!NG6INR=R zlG^zS_W^+URNZGA!v8gbIo+6r?-@-#wa{|9gyweaJ!(c(1i06W-Ap@LTa*-*m%VvG zqTxBP-}i!ogp?rE^-Gj4P(W!F?xjwOqIt_|Bc}NMR$o70Rw@x&X9r1RhH5UwdAMsQZX|=`(+h>WkH!C zq9M{v9m?3b36k#REMS=Y$W*Hs9jYF+Pac^`Il^d)pbSF zyh1eAFS8I89(X$$E^q2$cKNitwltJl-JP`_ycox7h6F_nF(hH)GFth6@(Z3nv^C zs`Nbo$ivNT>^Pu(B1G(XQQq8oQaLh<4_6fpZ>;q~k$$j(I+ZMU_b;RHdYYntT7kE( z)_y(S}WkXVrK@kX2I&^3Ic`}`FIj#sBd>b3F|qwn>$UC3U@Ojd z$-AU3?$c46Wdv@v%WGWw`>yp({8dvaDPMyY=T$7`V|x5mdl8QTsp>RG5szmcTpFwpTCjp!pFoW%`9s_3*i#06R8j4SYOtm6mNhQsC(7~2Sl zR`N(+2J!;fytE*;{NI0^k{*gvtu8Gsu?q^?_R^<@kJi+Th53XsaA2{sOF>$SA{jW@ z8Lg~p+go-Cpd2d#=dH-%}`!yM` z>AB&LNY==$Uji0r*16u)rHT$imi}+6S2jE;GRyOwJhJ%y%}B4(@FfG(2b z2B~tf_N0P~-!c3Xe_k8dzXftiU6qG~!rmH@L)e`UYL#$5ya#%O9jGbF%GktEoS0h5 z(}tuaGaf)bIe=}Y6|88!=CMhRUuQUjTZfmh$)PxmdCr}chgW9DXh0$T<$ zg8F0NoU6^;agj1Dg;@KXx{l=}pgg0T+DwkT;3uSi1J0u-VQ z5u@6~&B-FCgPds7I3jovIf@n_&JI=r!VuFz2e&9;M`yl8v$es>M4b8-i3ronuYUcW z87U)=6cppvL*0gdN^;!Km&smSHlJQ>0*{`>u3lQZ6$J%bs;W<$Oc>`fr{taA3HD{> z!=wycJQPp2%=(0aGV)qDvpHMB*rr<2WcF##JG0)swu^|69^TH8R4d0_P6ae`|7%&J zcG$~haBMk@)vs&k?Ub5WI|4i{)yv)w)dn2>O6{LqDj7T&WvS%WFo*V^95cz4~H4|{?W1MPqz@M0joiI`=hs#r6ygR%CV!i9vJ?FdHzj9 z$aJL!4J$oT$(Dya2GDd;%xcp9rQ$uM&6ZuNWgmJ-*8a>+?yNMUZCQZ3;v(N3;!%o= zIEUmgztFSTIi)iKieKAsSl$Ck!!a0mw(79b3qOZL z)eUIfN$XwcrpI%?(1%u|d68KE+{iCyOD1Bl#d_IeTQy47q2EHtIEv`g2vFianus1{ zIo0CU*JCjUyhhK1e|!$Ej+N8J`cjI!USDxXfk)B#1gp`|azz*$o*{>8_@lw)Wrvp` z*4f#|^L9J%JlwzD_8O)Z)cDH&8&PX%%4uj<>w$z#zmWhQ7Vepr-jLngqCu)9Q6uIkC~UlAPVn&G zt7}984H{&Q=!+Xt6ea-0mt;h`&JTH1)4i1%B$zh9z#}+6j=;!B7Q>+-O;#=DjVv=u z5idkf5#1T9yjVspoG6~jI}OS|@rJAGXDSzP4_cQa+#Ks8%BT{|09pmMk`fpUrguCn zY7(|4EZ^@eLH30?NTt@2h~fpS)XYkUN_S3X069Nf>Dqw@j_$2N>HGM+E%RY1PwtGa zh@c+HEyk_CLNFmF>b2h0YZ2Ije#J&p%n2dS#^bN%>n+_UaAqg0o9r`mzWP#k?^9mD zPKVkD4_`9XIVc8 zKj9~ubf;nnR9+&Tsx&GOt#l}86Gt%5;=B7I|6ap>S#kz~ zJeFyYWZ2{dBfVva$0m&@q0aF?R<>$bPiy+#@UI9esG06Q7hOw^S|`XAvfNXX*{*VE z)*R<^+%^lOHq#xIpa++Uw45uG>u5^<JJSx>nOWALkBPVG^H z^~9FNM^vqUNFXi#7dF|q6NqXn-wsppAp|Qz5PW!>o9Q#?6H>+Gh?|BmG&D5`mOIG~ z)d!U@)U|kFYuKUjzEQNp%oz1gIK}<|eBsiGm(<{omit%*e(j!-sL8u{c~bNC5*gkD z|2doc^20@}(N33# ziq`@jV0B$|1lc;87oXi|4E64M>gdS@Id@|wf{On3;*7e}+vU{9H9D>yNeT}g*+X~# zSY_kZ2EQU|NZJrE<<+5A;z&qb(UE~hiag`6nN%1KH`l7sryfWtC>cz{(U(QTrBkP< zp&=uIg(T?qYQ@5}wb2auGlddGR#bz_fcJ0x#3@)tf#Y_c0~;a*TNx9QG%*q=cob=d z=ij3_CLMdnk@X4Jd>%Kq8ZE*d-T7N)%xOXvZq7C4FT5i^`IhrMaw@G>qP{LtEk%;bjXTWaYQl>(rQ10Nay%^1?wO9QqD>cWOT-wfGK7)+>~k+G40?-Pl)TYj;V3OFWD zYr7bcPA+Yp=F6h04wJ&37>6zHdeCQS_SE24oxas}LMeOpqYw!#H}wt5TtC zb&34Z;ga}G+{r;z5EuC6V7PThADB?vyrm7+Zs)WK$@&M3HBtAzxE~H1V=sJXz%h0O zdPJt6D^hUEyEA*|sTg%D-Ce(^#aWkj;WW1rLPsw_!^Li^V36X7MAAe4&?_RuY(=^8 zYm&1=PyK4xYolrh(m^}L&lHm1*M^+~Xf(eic8xToJA&|1vBYBJDi>F)z!$&lE})#f zXa#fJvZ|KMJh*AvB$Xcw6{QKfm{!7V)aNNu-Y;`80Ck_6x=GZ_A`oLA#tZO58X6W* zNJDBG35-ZA(LQ?8MkGU~6$>LHi6F(N>qza_CmE(%eqM5H87UjBr7KCpABCWK1T1;E zFGwby$BrTod*2@Cd?b6ME1Ey|e(9X^!T62?&FiZ7Z!d$drv;p<@5_dAh2SG%x~TjY zCjT=DC4{;|U$xfNiL2A9v%=U{e2kc#Y3=9@X1fe{e#jqr1UN3`vb>tLeR_Ixd&fXZ zrd$xa^1?C#w#oeI#pkoxn4ysK;dDblSETRi?o1X{dS<_SCD=$iK@C||h(2x`Psru) z7jfRn`V=yRzvIUB z^C_j5pRZ5EUw!Kq*gx8?>uB7eS*2lam$^g_V9C8HiNbVIuMY@J$y|Rr0O`QUkFR6bta*a2IlD4nwnToJ~i_)E*NO>4)Lu!6>G?|>W zLng^S(qrEJ172AWk;pj@!51B&j^IbqF82k6z}p{eWrmYIO-EzJA`V@*fD4J7!lq_? z*FSdd@{F99?>Tfm-6jo3rJMejlS&T^d3QO~uCQeeN6~ZtzmA+8P9~d1bHEfb_yfEo z&=5je`4OGI3=3Q8N)EdSiH?DKq?774Ti^Kq^3C$DjM_sl+HHKs6p)rU_-b)oLUL=`-hF@`Co|*5T8A|5RXETne%L5s%%|T7b4W^Jc zu!jTJdcS8mZznrcB)Dy%nsU1A?usG_*g5(9WG9359$$v!Cq6QMWMr6yv}JmVc9@9N z7zD<&EY^|HNa=X|S73SRmGK{pMOHKdb~to;PDPR;zPluf3tV>q8+*n5ZK~b#d`U%8d0&152)-ccZKs z`!AQ4iqzx%x1VZRPCBNDPKXax4jH-wnKKD|e~ArvYN*r}O<1v;_Iugq@*F7n3fD%J z>ZlnkP7nVZ!H>@8e)-)OVD=!|(LG(4q+nlpk^*{cdyixxN`VT^^UpGrR=%DY%?6f^$=5Hv)iledGb*8RE6 zgN_7Uz}LaSZEhk$lE9rfSu6y8?r^ro5S%(e;K5%|mY%>PfKXinUD+RNvep_lqYRr~DRZ#0DLz0_L&( z0-y*|WKco`frSz=BZUG3uhW+}j~S;YZq$3{(A}vl3J^YGf*97l@34c)aBT$eF+a@MU;^wC>N78e1CSt21kCgCKUX|b!%RB&h#EuQ}dOF zDR_G#@P2aQIbCX&i!bzM53jPM5&6T z92K%5G9*O^ky@&j>DJiFEO8j{lPNzEgDQv~a)|@KR>{2^LojN(uiQxP{Pi9L_iZ)= zVq}>vMc;p<{PhnF8tQpxfVm1&>N+f5@N}6{>@(l3CkEF=Dv27OAY|wvf!l%g z4dDAygOPob$i3tD*p=u!^&w@qk0>uU`MT?TNjn(6maW?$fP4)ypV+5x2vYvXoye$H zE76&GH?v`fh|p74_5D+4f?v^Wxk~wdszuldEyy32SG%ND=-a=E`Y>V#ELF!(O|Hj_ z=$I@(`aTeL3yzr4Mvr`}Y7|Km!oQ+?j79sY7fprkBVrsw#Ff`m4Q1yW2L-E^C#&0q zR~5nBY1t{a1hKp&%}Fs2LmgEI8)88w8}C{37=Q7$Kx)rzEa8@IUbC0q)t+}tG}TMp z@r&S_er#b{D$HoVy8M_k*_}gAemJt`OQD10!}an0X>=g~^e#M49+9qIdK>Rixhw3< zG(`pB9e(l(=kQ4NeH^9i{u8t#@_`yy>wLZ-ALRt9HD4J$XRsz8N6>OtU!Y!;F2KFkR5mYuG{k5ZMD$Y=f$@b31kT$5D`uj%xCJPikOOpP4l+bVR> zIDTUwyo==Dj1X7sJz_0hrYB82^{+>hCe94`pNp7u1v8WeU3NoP7S5bhxEPwGQ@=Ri zrOD`^ASURFNGDg;mSI${?~&hP0kW|UtG+g#(ajMhM6BJZ#-+y zQPlKsd!c;-ajFn+%b#asL;?Nl+FTUKmVCu5wqC9^h0o8W$~J_7$HRF)d`VaXT~xl= zeA7#wq$ediTBc)>#tPEmMG4n`^(k^YB7A{yZV|>tdtf+(#UDKXerwfxIo z=VjA_x{Pw{R7{5x@y*gB)I*?S_3!YVubE44JTa3R&Iwm)9vO>DX4X;8KR3nFw5QdeW3<*hpYDivUC&(1>HDXyEr+`Aa1rR~=Rt2e& z)lG9IDd3Pm9q$KVEp_k~sJjLmk(4JZ5{}=pasM)aO}&BJRb6Qt*x3N4h9qtBLV@7Z znjF4>&ms$6pM=N)CW^m7mlD4gCKNs9ZGFuhgLV=25gU;^`1OKhLw;2P)q1e%H~HvK zD-T!XtJ{lso8tu>*)8w$cG9fFh=-I!sN@XLQFFL`a)W3A-+zibH^qP}o-;K`Z35tK zCiEj!F9)0#>%)Pd)n^2o!ei{KBHwIiu(>G_`r$wCi#Zg)X$~FElf3UJU zoiNX#A|{vb4ZKMmXpo$T&i?zXP$7%~p)lVN z6a@Letp8mN3~>hps4NM(A9EilstED#Dv(dR@XUV7RL{hs25rhQ<6SN2wB8OV1S57wAPvP^>LMmlf4h-g(eUikl#@<|X}V`~hBZ@w!ku5%W-|fp zH*cg1#_d@|Cm&*qdql2>*$>bYN^6pDW{vPx0NS`Mc&KxlQH4R(Tp3cc zl{3CNWe`gp&coMd$L!+-5iaL)CjxJX^A4wbLR;y8Ms?r-KBhm#agmx|6=(UHD`P8U zhLQeM=(+zkf4V166!J0hcBoH9=pgY*`GIjo&Y5DfG1vC5x?qk{EWgVD?b_B(RE|3t zcxkVD+H6^GC1vWFLR?snxm+I|QvX~Ga>;nS_g%O>La38M4>k$UOAFZhUkIcm->@6fyK$lGBr z_k(NG#B?>VC`p@EkV(IWuJb?dnP5F7v|7gB7rDJW3G%ETJxROM+%z8EExrdD^>g^H z6B~Y&0>iV4l(FP;T0;iNtzX)b=1OGjL(ySsg$nsEc?7aCvQQ~F%`sxGNd_YvB51T? z^qjR$H)OAgE^>0TraWuKeC~dKH6dPCZ=x1xFFdTqWirqO!@g>mn#|?z`VO2p@}@5S zdCaxZr4l=QhXm^SvzQJu=isjKA;(#z{(Rx~}lqpqR+0A?C{+esWVw$6zm;`>*EF8e=v@-ND9RRr=A;ZbRsSGCIEOzVnfO zJNDM?8OOZ!y8>`Gc&fdPuyo^PSt>E`C6CkP`P^$Ch!rM#0-!@3s32P_92qjr@NfH$ajgc!`rN^}!5etI)9qb?z$c+xt{XE?7 zwpBiQ_G{>7Od@-fP8stX!LVfok8DXj8*}3JQ)Y+hGs*l3lGfaFw=2?Oh0CF*ECsnt zu6^dEUDdAhgjC5H_+p1hN-c3Au91u0F1%_SIkSmkOMDdceUWM@S9BUylh-Wh)NM0y zxT2R37|?qaE;cPW+k{g^!$;ymLhfReOp@?p$L2J(^G6V;ZGmn90`_J)@<1Vv9}p`I>sl-LG@X{DCmNHo+Gzo6>KGToG< zYOF|V*&xner`dZ%IohQ--4xo` zm}yG_2k&;**E!;JcijxHJwKlDM`Zi%zjHk>-@JM!c{wOV_)RmXi_dPan+nd^n_`{T zvbhKUSjFH*5p*0H1Zc2#mk|^{(4)QWL`XuUkMrfBTJw>b(BK>9FwzY06kGPnbrMZX z3e#GmoyC9uwu$K}m%pr^2_SUdcMRxa*Fw$O8ROp0Tmib(%4rX_*?WQE5>V^ zP6C%EOM@^wTo+K?>%=b1Lhuj`Kl9;(m`!@3wBCbJL9|*GZ*4Kx-VC?I1hD6Pg1~a53g`?Zv864Yu zQmbm>65T1kd__xV7`dFd$Z2<%Cr>GjzdZpH;Dd3w_Q$++YFpvA+xHNZwXf&P-Qvow`}?041aw2M{_RHVFM!V#yr( zCE@r6n#KBZCdY#%nenJp*S9>bvn``9CLTZV_ezAJ4VZtR^I>_>U7d{?WAtI&Sv@2z zj(jQ@g|nZT-&z*A!;>=_tna)36S+hfu}K2^pz2qhZ`~9;4P1Q;Kd}JDPFe(W2A`lv zYoD?E?1w~&k}HXjnK{sW>8(N9pI0=c9;@XNIRLzz<|*=x*2|8isz{Y0syFDX_66|h zR6~~8g@85Gi>`%tqsF58)|mNpGL2&H45QH)g}rtAaopNuf5tJ>!&vt{v|?wGIb)^^ zXpoZ7D^awuEF-jr-jHx8SftU#6E*2BRBcego(9Pyne806KaHtKHF}NiO=lwps@qeUR$?72Da;d0cqI}dn#zPRlBX5RY{ z{4k&8)b)p#Z}o7+bQ}#@t?_kCk`wl8Pri^@85H(H#IucKp`sP3j_`^5E%OLcQdkT1 zVQo0x-y{C|uiIB%4Gnb3yS*TXQE5he4|JvVy4O6eYx6S_{am&A5#TZ9E(I7Z6e-!> z57I7YKbD7hiRv3Gi6?3qr79Pbe9-gfr;rRxw`1p19!d=7z{eGC%kV8xtlT91te^L7 zpr&D>RLqvpU4UyPX{)NVFpagrs32CpX)Xf=2KzpasKZq zi;~ix5#KFsLM`t9djaC)SU%~agal%263$Onw$cEeae-EMx4_G8XKdJ&xyn;Ffef_! zGpRF2(MQxYc~-1lD-4^Mtts^Kh~mcDc*yL>rXF-9d$s-a3~Djo7KD)Ve0FLWjFYH2 z`oGek9f!OO)0Y2o4H7mbgn6#q?uH^wzAB1!x4DMk1=wQF&=5D{>^MiClV8Ed3ZY~p*MSs(?2-qoN3>Eh>ax;j0@vEQk%78Od&ftXID~CjJ zs^;CF?|4dpIgZ-J zJpCxn*ZaXa@^}iS9>o7Q#6~Urt^8gg<;ds+sY7!PMnDwyj@5^ zNNW=KI%M^M*fqfTf{?9hBvFA&ze{|Qx%JnjBcJSd%dv&drr$m-GcWfLg{z4VY}er+ zBl2ylM19O@GCE3`^5AY=)Souo0BaCKY!*UY5j@^jo=94N8k8SNfLIt$fSDv1B`%xD zCxox3g*&~}r#wANNH#{Y?a0BNA1`ejqpqD$^sFAxzcUNVK{*qi`0yAb`o(P#ex|m1 z=)P$xvFE!0uQM(CZ8-$H{aqYhrQ2qv_WyhMUlciXT7Oe!bGo-~QbKBqPIGg(EuCqe zZ_WW#*XF=KigLa=M|7b)`bD#uN5+rlXN&9%O-)O+HtO+BWQg<@22EH<$XhrA2y=r; zH*7e7igs;t;C#y(c$zf+GQDdqg3w%MuGU-~O)1!6?8p35(~k zo)zIOrx=Cr&clw{^8!?PAj;g3U;QIaQCcfZxm5J~@hHR#N%96XPHqZ9EW61Qr5Nq? zIz5%g&I8H-)OCVo_xl5QNj*}3F|?GiOqJEf09O& z&D?uQ##SWwFVnM$DH^Xs9ro))T2q{l87QdF4qKF^AinS#WB<&~qqlf5#5Dmb>(HS5 zzwc)K;Z05*_9sPO=Lv;=aXG|gropIN0J;VqSv56g+V~XhvY(hCbA8GT$Yhpj3~>;n z$0iJIz@43;!RAMecI$YrGe4)uq1%IugWSWkymyr6V)JG1#TmP?Eg%iSIXNhUJn|or z$CNs&G4%1KfALDqo%184f5Hk(&%Q_gt^t5&MdE(=O9~+f*`ydWzozk_1+=h>^f^+u zL?%jjiHY@Fx;UE;VHs1lD`x@a2(PYjc@l1yEJzgn{|5+S`>?NB^^$If){*ccE!@<1w@HJez)24+M$h zT?u_N{3`nsn)i*>|0YTq{rTo%XJ0=sBspJ>c}!M>^H(wDl-|*oeGt=B+>dW>cO&w!RjxVS6gU>}sa?HZ^kgx;@foX+nPftm7w9)0jlXk333c7mrd2 z>yefrvY@yA6kGaCWw&X8G$yuCQ`4HGEG*uo!c~2FO`39rt&J&5kfAluiz6bOAOII} z#P6X@K)S1{zXz|t#A!XGR7%R-UZo; z)LI!?vnGKV8H7x`oY-(3XES6=32M0>r#Hrn99oAZp8Wayc7}oi`&{&pGULDwuc7Am zl+C_u;$dF$R_tFweg%FY$oQu-tcxRFKAc}ik~SQr?ySjdaH1tTevvotcq_o1U`lZWEY0#{hYKw86e-~WD+WnmV{{l#-BrNK`y~`R~MUw@yRiCh%JSjNIX=>ZTl=-^pk9Qj2aXu`r?`zNYuRLggJzH{hU#lUsw}ew0 zha+v>W-Jg?k_D?iKuSWr#CL&Ad+ObMV#%b?lR&Ng8F{$~gz9%(_Q$E9O~vd)(vRAU znK=l1sFH>t72_60(;;cC@F_DXS3O7su3`j}}M zsoAF`%YKevic2DqxO;!GlmX>zu&fknx z_13Vetg>-}2}`Mbi2hd}q%oRvF5Qn6W388Qhu3#`V2J6iEye!02IgoMlhfYDMDyaB zhD4_RwK^;$O8ueCND)%@F z26GK*2?r<*{QO&K$o&n1*4n+;0?5lKE+e#W>o6k2u@Pv$rF8~UCt^eM8f+36uB#gu zGcbyXvfyR&v_$iwuoskPE&4$`{re3+n3)M?fGUgVfDs`<0Fn-KlQtmBkc+d{t0}Y5 zHmT=)dCVm;17D$+R*vxgs1f!vOt^S$#j&w)|E)AKe|nDRqVbGI+2!si_FGIs!!&t+ z%gwD>#LgRaQ84iM0ZZ97oDJHW*?(n9)hxjyQEOgHGbPu4xY;daN0F<_VdK+wlO^55 z6O}yk#Qebl1mY1P|JkLslnmb)hL*4*fRHu_b&3G;^4ho*hGRe$ogwm)!|E*&>j);k zZQ+v1G+(T!GCd{Jcc>;D^9`ay18cK~-ZLWnkX zNdMrDKqiCZyrbJx^BV)3o_^j5f|PHRG1-_Q6F2J8Bn0_RhU$GoW3!i#?f$>hzM zx*;4qZF|i+tVnM3L-r&>NV=E~hBme#ySyMrS=66eEmd=^Kk#Q~j4TajXUL}CbH&xf z!{tlMh&PfelL3Zc<{4+v>@k!2iXqfB1+3AB`KoBc?12SFfLtS(Xwl@!sOw?1`to*z zX=t@D8PyDY*Y4}JinIpPO24LvloZVM=lQmh;r4J~%oIeCq!wCrKqlJtliAo#FOwFU z=X~f*pu;n`I_ng26-M~pJ~dKh^)m)MOXWAJL8NrZTf%Nu97P!o8xi5AZ~5}n9LXpR zLQQ|yrlsZhMIAEY1^0OUJhEOMlYZ2MpRBadqOCT%n_{uV9%IhmKUb%|Jm0 z@KQlvYBT=XhUkXgmU>2;er{(C+)o}KQ1+)on8CwHLOg!^UpEIn1R?th8^kX2U-&@X z3DV)FLx0&kPfFe6>;z@S@$HfQZ7Z}^F)Fp!J6I;Q06dqQwpQcQV|gKc`SuHj?*=JG z@K^ASFci%`o|VFZ^Z)Q*KnQ^<%3 z?*pgk43$toa;<2fIs?R#Q*-aRHi?P;JI&UQFVlNl8O=hr>g+noK&kkv`Om?kTW}!l zbYF@pNgBT_Mt&m$J455gCLYnUF#1OPK4m3)WAb^$i5hF>*eO|>1rvl>{~sT9qq4`~zLePdxqmO zS7_228DZmwcM`UI=0r_NL+VUV`DMuQf!IT*|^=A=J36e)N*&_RV5{x2Q^nPXAyUopzISS zL*@0i+Ulex8{J-YEj7!c+zkoU5qDDQnya1Qy~d{Ex48r|DijE^a*D!=x8KD6qQ$wckJ-ajpFRKD$y0!4Unoe1KQxpon z0=a#xB1Y@{J5|&XJBe$<#DdBi5c_bSx3iPb2$7o!)@m(2iuOZ>IxKzGH&>JMBzekj z&r`D1scUWinM7VRgDy)Wb=-Q|KX~Z-gC{*-f6=Qi#ub{wx2@4)>BrizpJ_D;_&@5x z?rYZ65cA|ERdnpXikes+SmES#4+YR zF(ho>QI51I$R9cHTeGc9=jzl{1gYid%xp|X(D?6uX9TXHDv{OJKG^|kL5OkO^VOc| znLB0zn;D%ZI^IC%OQFP{{|cVFnY{rnO@J8Qt{|7i@)&B&mKZjMWwKA*Tuu#dW!1)* ziz*`r?90`a4_;^HOdtFzOHKBLCx5_YhS29+s{O7~rNdui-~VH%D*=14FKqdC64-gw z@bIQ3i#m9;Qa~i2*%hTPo0q||xx+iX;U)opef|^Xd=L`6DfKS(T=mn}DV8MTZ`@ub zYH#y#%i8^D+iCXuWfShW++6FptDCuPOB8$@i{0wc+v@YPG;sz!WCZnO#czG(0=WeE;wEG)_$wB%e+X6b!$7^* zX(+N7;yFx^3oCvpb^p8PVZ&Iqr64`O0LQZ~%&3=5AEP$s|3J~7`lx(A&yM-^W%9tk!=bSO<-aY-6Dv(KB|hkq{uSj?TjSX|HVlE_Zc z95@Pbzo!qHwQVN1^zkHL$08=YFbN~ZwE9*2IyHpW^MJ3V?9jFuGCo%w>dMiX+K>BxjB&$+qh7OEcq^6_KqxbjMWJ( zh@FRF|2z$35kPt?OM;-t#!$m9Uyj|AB5D^=V^Y{4tE%K!$Ss>T0!q_@*szFI2X)(7 zHybuyrp-EItTJ|ZkY<@i8s7PjfF#rik zpDPZpHoIY({#XYglpHyMFO}w>!51!)&#!n156_k6!MXEl35VvJ_coG1VPZ{nf!GH1atgh#^^ZM^LF+-Zirv5UpHm!8RFd|XW}*9 z6OwoCYI01laWyyxz)e&K2(|JHUJr@5(G(XJI`&2Fh2?e)#k7*SFsV<_ZvP|{GUKc2 zU@SaDJj6WM&6Ht~1zJWi;mgEEWykZ$h2318pR8(%S#G>+Qr9iYOK@9o={z8$1!*)Y z2hdvX2Z&EmB+;f1O)Y@0i;Ei66IH@e7eYVs{&2mFC&0#xrIxDwIgZzfQ(~Tp1<$)4 z6b{YXD+L-fkva}{#=3!4DT&*AYRTXeN8mW+{^Aq)Q0-4ZN?Z6nLP!=F0#U6mPRUu| zH5OXTh2Qr|bAW+5U~%kGT`sc(N^-dUnLhzK{y?H;b5!sAHCoom)#bD1qDPb-rDjtt z>AF*4eWcaLG=y<@F;CG2;<;~lY|svje>>cN-SR6(?~O3L>7_C-`$*_HT5t`L){l%< zqsPuVJw*gr5<|}&g`fL3ZNa=lJxkm%2h6#r=pCShB5dh*)}THb)Fw^|KElKf9EaKX zoY5&RiQk7`S8*x6zEmVzt|Gws65*zarBQ_!C+l@v>%-)|OC7}t`S7+uyq3u-dHnB4cRF0;5-MO46F(u=VkNSo- zZO3PS46o~?rDxu1S;X=kM%IPO5>qcT<00EizgziqX(3kfIc_i-!x)FZg=4RS=(Bqa z14FV~W>jBZ8sDOGMjr`blKYmuJQR47-@uqUkutfjY*T+D`WJ5tDl!Y@NrCb-Xeoc| z`Ca&Pm$;Y=NHGMiNWmC=DKaIoD6*(BNOZ`Ea!aS5mo}w`)Ck=Fu~ZpL;o^z~{?o@Y z*w~(VGf&UkE3ljrHKwU{9p2731rv%Ah^PGkUK?uKYEx5c2{1-7#ziJYAgxc3Ppdb$pmhM>-(vs$EJq9OyblTu?+cAUbxle(L_@22`s9 z5AqhXPSKIE{)X#hqH~*44X==5Q>Jcv*u8JAg~i{$K@PMXu$t73zf{L(rf(_LMf(2k zc~~rR0*9J}BsHwJu%__V)AUn>d(dXr|DoxtW7>SYub)DpxJz-j0mEgu%V5a(Y%ttm z!^d!Gad(CcmoYXN&R}SfA;V#~%aGyj?c47!d6PD2oiU?@?BrGeX*Cwj(ROdf>$%fiw%pXDe%*m~b3ZSUz79ItG0Y2oOy{Ii zH$cJI2>`1MJHfIRx%5xuf!42kc=}uFg~o!!k(xWnd&Yg^iE@m{mE)VhC(-d;Oaspy9SO$*ub9?) zH!b(CVy+jjw4sl`)Ycs&x`$T9PMfYRnF+azJzNVuH*b?=a2I?Y1m~TS(x$yRn7nwL zg!pP@(nrPSB7a|$Jr_~@T=7s-)@;dfXJU>Kjpoc?Cf=i6CPjhIt9=8^Ym2U%bc~k& z+Er@V1mtkO-3`K^Q7D#w&j?3j8u`3jeZ|1nkE9$f#?~iXjEK)T!d3mNhLslK+&_J_ zv>YK?)c2GaVGRw*Y9<)`;p0CjI?}tTfBY4Zp<>HtEXEk^CaTOh6J1zf_s-br#K7#4 zwe@_fV`8`=`bG(fLcU`9TkAr6HewMN{IJP^pW%5GLw%B9@c?;N-A0glUo3U)5Sz3kmiONJSC8;x&LCA>Y3GN(7^mv7aA!?}atvk+0bmHuj|T(8 zbk@fxLzDwf8}Y-z&r<9q7nQH)h^z-0g>OX%KYT(O#mmadejp|g6ctw!M-c=R=-Qt9 zsgdKhKp^vri&_?ZYG{yC;;cG>GmpVWFgO|6%SeWH9CfsfM$F68mp)RX;z-u07L>@= z^&~slyKzS)tTMrb;Akax#Al`)eQc4-1-TJ|J{%%~pE7>TGK>oHFtbRcP>w8SnuFBr zhwb_0V{3x8jZl4mYjGb}Lf0~@e)l~d9;DvOtK*Hdmu<-Tk^>s|d4Iv)Raczngp4mJ zL@-=wr4rOPc?WlGTK=6_uwzHz>rY=D79JwC3EjLzo=9P)!RYhyxjhk<1 zTdMCRRXj*(DjkLC=tZ>aliPawHAyC5y$N+# zcakILneEm6Pt_-vv=JiDmyl@pSk}Z8o!7{Nt~N}Y=#{2xhT}VQ_3GLIl8Xh02f_e2 zl2#4gsFy?xfED3O0QzsVl~X@131|+wK#d=_L|!+EPrR43$>Jp-u#tO|?emY?t9SNp zd1^vy?E9@E4O8p2(2ooDGyK+azgJJwK-ythwN%#sUkmV>dP+9-@@%U4ffhW2U)nfNiQZK46h9T=_t8)}z)aNIZEV*mXHV!3jZSX|zQ z3uxEjljA3$?>=|AaOR99r5Oy>MTaYe zn`K7tZ?qf*%2gnzyP?WY3%CpmY@#PU!d%f(DYC1i=(_uL6x3RrEpKCaYrfcF^ao91%2eX(3`#7PS z#35bcP_~d7Z8Z!VkQ#QlCY6$sh7!)-hTptzJ@fOj^YZAW4BM}duGL?88D4+TU6?l; zbcb~==U1IP`QYW17clm$N%Z*Re*IjKWayEV+pJMg zvXWhWkA3AOb29a+!u&oZ+HQ7V@VYp5B6n!)V3)D(^E=&N>OR9xyZ>?v4hH77XjMS* z%BX_!M>IGaR}D@0d5XQ%zQMlaIa&~J)yqb_nj=8mcK3bG(@{RS0mdbVy@rXHc#ATO z4=M3_x}Sx~_-zV#EbCy_z=S|H$1#1O?OF|9o4JMfkI5_wB{-OLe}C)f+prm0QiLjq z1TmkmUI94$51-czEN~?<`^pE4ZQLXnTehRPgHK-EwEo4f-SRzJ6p=3M3?h%5d`6#P z{udSDNM^D#@(cN+5o#1bhUdAh+)uWqG}`*Bj{+)WX}W-tlmikm-=C43)1EBs9W|vR zICek*iy`&8m@DVo!s1!WcppCK`fTm>?~kc2GUNzK6sURHQ?wJZ4VZ|>Q-;tOVq0P+ zO8e0$ybw_U7Ml4YUOWZfn5_F= z9x2&;XXH?0%$KkILE*N5ZHS91jxCS@lI9))6iQ7kuq{)BNJ{Cyijg`wT^GrY#>DAF zQBYn-&BcBma9-KY3-hqqM!-lqTaIA>aP0RObt>U@2L;yLVO$-jX=CdtJ4ZAk*!7B1 z5>oazcKC+tE}3n_@}2kC@%BTm?fTM@nQoGF=MIfU71u!i(w*QiI6O}Z{QH#Z6V)Z` z<(Qoa7Sf4-L)QlNuXu8`>+dn@N&{n#cbOz01`y}ggm7z+-MCfvdYgK>2`{@N2tw7lwGfIHwk%st#ibTFU-5V+4H(9k)x^FH292e51OC4 z7e0wi?Cd&5yZM2`Cj0RF*A=t4oNK}cQKDugDN}RTz&lv`70iYAWb??ojZ-9iNMbdr zA|Hk$ZH@a7>`E7mS{OPt6$OzupzuQhJJD^XK@WzJE7-d4ex$r?JYh2pVg!Bvg-X6a zA%wI6?O6x_M2f>De3KGY|5}5`))iJsZY)svdp@01nHD$ibKef`4bqg+CE`D9FjBzI zneSp`Mmpmyome9dJ*g~Vi^dn#a-fI^ts?7~QxnTS7a-^thC)md-huzXUvzy?kjM~| zW9;CQ>Du$xPeHCfom$v*7XN$!PN{uX=p zwGL^jmqDS?IM)4ws^p{XKU3x)S4$GtY-(?`(s{*0 z+wUtI{O)rpvr)ON;`PcEwX;uftzEMCJ_7^Kso-N&I7Yzb0w^&B#LYBCBZxcLYc2s; z3#Qp#wSqKQOE_et72-tcxuT9z9vz+DnAIkw;8<%d>dggM9%wS{HLlAZ#Bw zf6uphURt`nl*i3vq|&i2_Y#}MhNh9Too6mL8wmwUQqnJdlB_2r>6>tRyvVT775Bw= zHkasz31*>m{xuf|Sd+lTvBL`2B|jkteSV6z@k#>f!X1jgJmOWeDAbSP;h-G=wP}A^ zV;8S+V3K)bl1*@u_*I4gf3V-?M%%GiFGj1eMx#BeGO!l?HMg1_*y(5aA91yJ~h1SK@`lT6_Ut={&z!r zh01^`hPS#)Hjz{$Dq<9x_d276>=E^|+wPCY#`^9<(gDawK5zQi3)VH`pV*R5-EaMRZU%c^%=zu!Pzn)(7vkzC^qqgz8OhIZ5~GAj1rv7n z@&Ye8EZ9JBjaL|!w0w=(L=r0)HVN(G%M9(2QTW3v*RwUK{q@HuIE2=RuWpLkS>-4c z9dTc?ho`C-lfC6EiqMbcU&LW)NFEQlhl#Q_5>22I#___)4o=_wNgm6{eWY zm9OKdic1uwe#zsiuYUET1<9#q9Z~mbR3QqI$P6N}j(pwg0P6VNnP>X9U4Fv|)4c~9 zV07n|aSq#i>%Je=J7hOK&yXKx4)Se#C~KBe~XX<;~) zz`pM;B8c#M=blc^|K#-7=%j&kFcb18W#}A3O=^_1i9}fxt3!EckT@XubD#hNAjK}> zxzu|fe3g$?q26SYfhCB*s3a(#$cJ$>l{Urlcr(Qp(kKT>v+A;aAi(D zOy)?^r!;kQ$t-MO9>ww00i(s%AK$*ASC9qh!J?)HQ<)K6}tcN{#5E=-vWl|Bln&>*!%kW zi@)!tHs6@!S+AxbY(ue(UFgIoUMU7Z_YkWQ1x<;ydVn3&S25?W2}+_w1V@E1vmoSf z(+LofDYI{F<7fuDt$M#>vsY4Br%;4*&kE6hUgM6??s)LSWg%(gQ(+~Y3syp8ko~ax zn2WM_ZWSL=A(sBqz40k#@T_dv$47VHJZZdvR+_C`QBi7;rsX2$WjExM1mH_LA_f&) z>E@eTq!s{cFUblIB-Rspzycrz0>rTlOZn3i;!fSO^W71FuCqSM>E1FMD$*fKH#e}4 zOis7nkHF@T6oICoAmN1gKKii;bhg$paQ|tk1nAl*%|{T0u#`Y*=ZHH%H5- zd>!Huob&Z+tAy-V-vZXgMj6p&)5G~MYdKwQ-&{emQe5Y((o_u4qeTjdaq2i<0(MG9 zubRL>{G#|u8N5j3F>9pW%EK2h&^Q@cn^A1n6M!v>tJ=yK*#g$jH{qHWA7x5RWo3bXP!#*1sWjhF7592d*ZCLPBsmj~WRjXb~z#w zx2L}e>HWC+CSzVT6o0s;G1aBA2K?WK65ZQuhKbTvo@er?n>NaxRtzQps>jS!SSW(N zkRl!e0D)S;d;*1dE=(Lhdh}Qe_WdPFXo0;ZYqlRMnlWx0E@(_f!ynH%_=$-4(u!Rk zUgrDDXYid%==1`H*zT$~7l2ZK-Bo5xzF+0J-FHsfXmfKjyK3_OvGe$=wEJDmPKd(I z@Fi1MRhWs^zUUX@lO)*fv9EuB$xV{QLyqAf7vdEWqwjXpO{+Xg6nWUQ+GPlP5ZL`E zZR8p4&;ERt41$n9X=3$lT0VutYUtrmZ=3X~U4aWLb8E!} ztfb)hZH}tWRSR{bLX3$6^d&)sV+_n}~O*aCvzrsD%8y5e5oK=KoXF z6TwO;ax-)ub^5*a_dPTCuqK)*ne~cBJ>Sb(YC}nTR_%YYKQ|goQ|3& z+Q`yzCI3G#s!D#Aj}3(p%yzhrb(YbC$#7C7S{5tQ3T;#-vrW9c#xdfvUAzj&^V7ZX zvpVU;d&c&+UjkZ;>z(Jne$XBr?JXkQoY;}hyINU4D*w1TLBZf}Z$8w)z`K2Tkh46u ziL>duJ>G$YwOqguPAKYphug@>echhjyD9e^mL)tOCpZRcdD$^eHMxD4e=fy2obmYf zUSk3ES-*gU#1rvL>JH^zO8bRqAPM^s6-u3gWb%#i1;W`hFd9acPm5L&2TKIkjPFCrf>ll9vYt?vr1g1m!&IxMp`MAx_Q^{1Sf7M zm$Y*6TUbTnpNx|uZXNuc;TA#EbB#Bu!Qn0aGvZJxWP+7Js(F^q|ilza9Vl(dp@#GSoekwpJOx z%T&3{>WKxr;L*)8YVgmQ=SLN^p&`g|%9nj?=Xhf6?X;=9wT?4OR`7 zwq7_1^ZN1!3~a^ms$@7G6Nbw}2HUV8Qf%;m#;Zn%15y1jOYJF0NAU`T#T8ckyL%$y zWrccOyC*61#!s7=>4Ln?7EXK<77pK;8T=1c%yuo+9S)hM>SwlV3RSI?O+a~%-aNQ9 zHLt7$MUW+EhdyYRLBJ;ElzE2?v3d**1hsBSA{F<2_sNe3^t`MCwLybNW0ZZYPj$kN z?7TXt`^g?KgD*S#h!f6LqC%`{uEmItF4TZX+)oOhu-@`$fGRmstZT?fK7rHOCqp$v z6!E!7G6a?8jB%h=Jvd#Q*7zlZ?kfI=Ibv;53M_3;esV+)IwsCPt8ZxZF+yk0tjKk^ z?7Q}xwOUW_U3rLS3{soPH2>sXmB>AcG5*Pr5VOv;{rSrIjjWT;b=y`KMk~$c&0sv+ zXB4K*A_|1~zS=cJ#iw??m$~jPcsM*XPFN_dLGq^Xs?Jdxu8I%l0@LE8c?4AlQ=7$ID0%s-4P;X($wo7KI{M9H2{=&oF zX`_Jd_k6~UP=0&|wuNMRc^1J`Y@aK|W9O*zZpJNd1_d>t$xuN)_Pg+2mLa7~hORCZ zjAefOaR~=Xwb!mHMSf2|Oz~wI;n9x(S zh{KP-C`^o+4IF>bzw+<1GmzS{th1|5UhkP>oJrJ1qMM8j*vuK0MONIJd&w0ZnVcvD zHWFCI(^#g*Kdpmbv|>O<_-y@_;8=Q%46J8*X=6mp_yiD&0l+zmK;5XGg)EX#DBgQ8 znInGuIj?vmK*;LiBHyt1X7vg$b|BV((WC>KJz|20So`wV5sr#6baly1xb9eIliVyl z7m}Qe`rt}Y|7m+I*2g@?4SDeI`M=<4%xLD2dU5mc#Ygtw zz@5wH%?S%@_l9cg==EWeND;9Chct}8n@qE%uCyW`K`JHl+5Pq(TDe)6xa<`5p|+}~vAKPv0*blEO8^V1VRJw6JVg(th_bq@%;{ro?k4Y>P}PpNnTqFAx_Hw1p|)p zbO+G#JizyF3mpwaCN2Pe(g!<`|Gz%@P*}JnTFPOvv2==kE7<>2Wx{j zV%)gCBZD*#8?}9(_D4RTHvpFj#Y$c8l8N8CZ5vD)7Z;ZZ4=!DsVaj(=Yc#0(<>kB1EPRF>yH%cZix$BHlel666 z|0w-KRTyE1#++v4Qda-E&j^23!%G9qP)+FZgu- zBNuq5^UJ<@?{aJ7L?MI8Z(XltcdOOrwX30l_03+y$e~Gw#GzzE;a4^XgBgXFs+X{` zUDUc{Gr7g#VXxU2i%0>ClLg?9ac3-2{_qO+s;T320X2M*f8bjQc$ ze%maoAK?rY0I#e5HjtL6vZGo(Z~` zjhZ|KT^oFCS_hV(NvSRS>X3KFM=aRSF$hbeQ3|=)iUb;r#9&k7Eh*qra+s88QS+6Wks*@Bw&NiW~|2ww?-&8wBIb zu0C+sz8CZNU?RQwa)u($Yt6<$8TixYmgkCk8!Pm3Q~D(Hj)oCmh#UE6O=~dS&z#=5N4|A-;%|zG4!PqqvK!s;ye^#hZX%t zn)sx!{ET}SO^R{JZFq&b+(8h61pYwO;9%lm$aFC3<9bq8M@K>1 zmcFJc2C6PU{)=kDTe7#kwG3wS^8%mHi#|PL)kD`F)5omU4UF>PZvr{{3eWqls<^X4 zxUPHMxBt=0J$wRf(RX(t7rvf`1&O~;R6tqb7x)G-xi&XpF@%Ym*9s@4M|-#G5NB>vpsfCwiYL(t0GJKI60mj{lP+I^=@S+TE8PQN{pZx zonZ`%=h9&(5%Ehz5kRf2nCEa-ACeHCaEx&#*^Ag~t*!Y>9WXS8X_Xu`l8|n=P}UxA z?I-*p+@$yx<_au#og}?mvX~eE-(;DP_yM2mjB-sO@l{T@h(P?6Kvw5b=qs&l{`$`{ zoDL%%V)?66$48Qqg50X7dNMDUR_K|0T@{Crc~0A|vP%ndACo4cGg6yd-t=lup^ooZ zX6O<=o*S-t&thnqJ%b7Nd&(@JB1%3XExw})_I$tYqC(j00D1@${2v-ZZ1H0Bt-;J* zHqo2wB+picOcV?i4)GMfp&s9$ZKzY!>QbG`Ct}CdfHGrua^oL^ovgY@F|b%|!O2uq zYW#FzuL+b-xg$6Ep)QV!-t)9uCOgXC&4C0e=2{?EEAzTFUr1H*-5|h8{yaownKOi3 z{RuALC*p^bOhiEk?Z7rX=jbGVLT6EOS>J&()kDL6&Y11n$1$KhcJMb4THcRAQY`$H zB3!jf-x(huQT-Jsu;eG}q(=Zaqj)!;gxV>pAo^Isr^~zH{#Ol^TG#5jKCv^#o6(eg z1z(bW0`p@RQOCfq_E@ zNhP#Lb1XP~>@3zA)B|BgB(~w~{9sM3R1dz%(m^BR7ByNEm;I%_A^Ylz;D3qV&0`L( z%(yRWKfTii!uu_-n;+_kSxB|kW2@U+|BNPO*X~8!*H$}mRox-HZlZ>&`*u1}r=Lo8 z@SnxoMhaGYg{U81+w{a5oMcwtSgi;Z(b7NYlMml+pMaw9>(ntq4z z3=>X>#~Id^12WaMX4dE~=4KU+jHZm>D2X-_ihe({f%?y}WbGS9x;J_%rZ)%|CW4j` zY=0)c!9o;QE<=h44seTpce-sE8jFvg8aRH+gfc%#dWCT=Hz%-nuNp13p}r?2)$Js0 zm#<)9h56o<3irO5;)*jK;=_J2p#@pv?w-2e*k$-=$yxbn$6D8?A>C*y@?>C?opCiy z#j`kgvAGeSq0}0CwZ(~Q!uJpW7pOmX-GFIyCr41MfDxCYz#ML0M*~~Bp1+rwZggP^8kPlQN z>#0I1NO@R`6!oZ5SZk<48`xh?TC+t6zD(r;CEKzCY<6tryZ>JckieqYaa(ZBfIEe< zYAb%B;xEC(BFbg`)y9*l0V^fExA3bvqmZV-=lAl*%jnBZY6`rbvgBS>O0tbLd1K)qp&^)FS* zA1wAcW>*61;b?@LC|Dk(0M6uV{-MC~j>U;9IZl+dz)>N%%b9|fT5-f2N6by=LmNnj zPGRQD9T)ABG+-(wW&yN7syq8)V?eI8Itcrwzyf3#jOnP2;m}5KGhm@}boa2VEZz6J zL5%?XD=UlyPw7NZWTS7~nTuE8aAhTM(9vz9wPKX9#cMc`2aB}Uh&nq|UHYronjs&i z0Nj{bkr|Vu%E|_x6~B@pIUb7nmyp@nCcYL-(?b<)h94;kzlbTSq^AtLy=@>X!0^O6oOMAXg$8`L>%1*t~8mV(khg1?B47gUYe z{=7)nU%E8K>jUPCeGc<~mchFkRFt(hyUFY4W=K`X22Sh4|9Q|(Y&s*Hr4tChDrY(A zj^d(F&p*)9E>3#44gApn-2Y&ifOyw#!e9~;1Pq$-*;Ud}Zy4ysnFan1fyuMbSqdzJ z`N#qzd{#mhiU0N`wy3idjGjY|R*cQwC%y5mR`Z9RZ7cHKdV zibJ{M$Y7jsr_ivR;6y`K{WdHD*W$^8U*!U*%ngl26oV$c)1ACK1vy|vgV0u;gA~5r zl7Q>30wUFffp@Co()kfme-gVbnN(&0wa9x*>O0G4SVqQ*Pp}3#ZNb!78i+a4^8dgs zVniQ55mV;iPsz~vuUHF2K-~aHLn=~VkN!l3>lJqAcm1p`*4_{A4=9D7|%eHyd%4OI$~-WO0lIjjInnliVvSKM6f&8ebh-STFyJ1tUH@nKQsb0hYM9Lv<6& z7I{tl>iz4F0DOMLv$n}IN|%W<@Jx2r(qc!)^tyhGEsw4%=V>5yRUoP{T6F^o-TS3` zbVqcw@Ifp4og%_%%%2>6`S$AOEJ(wQRQIfBHys3T{*YP%W**^$E4mj$Pf#u<;!4-C2rIU%9e%emp zQYw@WRABsvd|4kr?4T9x3&se{4;z$ zBk+Wk)Ji6xkdG@l^z>80+vZP#t%^Mp;lyUb(K$?Rz2^{{&3NyNl2sQ(n6i_QgmA3a z;E{Z^3Igq=JelVF2mw^pd%i28BnTUsaFZZt=tRlp@E>fw$eYkNLjdVg#J+t71(nhW zrfOhT#uVWyX@+uwIHJ=p$T8XDBYznu3;rN6#t}~?Fd_Y#U?;h8Ne~fveE?23;YkDW z>Q^D7l%XRYDKn?`5;?K9dA8P)p1vP~E!@PHYp)S&Rr~>IaXUYT&4sEP-(DTe*tYSI z<~3x*cR`<1-<~ME_PI=?3W%(uQS_fn{U%T9Ax%DUfh_AqAhAaB%+AT~qqfIr2RMpL zp0~X5UIU?wH%CPuVMCmv_)1rjQ>dT(x8sYg=MKTfbOAO?jCV5yl@FOr`BKMsOKI&) z3Fze8CZ0Ser_q*?kp=co^yDrxeXjOKFD$)vj2Uwr3b~7d zT($gdN@)?<+}zVRu8vq=ApNfLd!h9Pf)DujK)4;?WmvwBx%ST^LENHF=u_U(FFE~> zsOS;EjGDyG40g%Zmb}*C@}dI!YV4Nld#@Bg657f}IBGWHQsOiACVwA~3|k2vpS%U~ z+~~_#a^L(pDj+2;(M0^Ax0+FkzB7=t4Xl8ssajZO-$8&RtTi&r=^GueFkls(Fk<;v z3)9(p(o)!xvxgm=CaMiq{y$dNN;$HD!kuv7$JM3xw@iLICFM#bNvB5fo_rB}*Hy$; z7i!BRczN3F(9-Arbz9)$yl>zTrdX!*+sn6>_VhBQFO8UKW2}&ssy7?NNZc^C{1VjI zaR;cg?OF|;M_5|VW+VQ?doRZK+K#D@pZI||e+B9I>)>)ow~tEzg;CY9zBw1Xc6-+^ zYE~mN3TK`Nw4t)ek2E)lMWh;Jzb++#SLw>T5(vBQ8+*jkv6W(P66fX$L=%|LJ& z^WL_tf%~D%ruD{4HkdT)2h*+&Yzi0=gUQWV-dVd<>KYT^e8JKuJ)WN(=fzJ~*7A9i zYK%U5y*o|Vx99C!nFiUAB3ftozvhc{(W9j$cumw_nu>Fh(9`8s`;S?eL2Oj!0nhK6 zxq#4JFWQNHQR|Gnt`=JfDwRIrc4W0mfZ=_52Gij5k?~6%AiWc}AOC?)nkdhaQ6z5) z%lpTLBMAX|_P*bSG4H0{7QiE!RYNH>xp@k+G~Td_^1WuB$vA;xQ1#&CG}Oh%q*_{~ zv0y91H7yAqS1WD;E>M=ndXEzMFfvTI9WJJ%hOw%HzNb|)&vZe~$832)LE$e>%+gM) zj;^*lGhH_rvnuu`uZtUnDBa#h_miJyG1Pu0nLK7*dqQYPH@cP1I70Quu`JoAF^6lC zMp1^gez~ihk5Q+$-t0w6O4UqXe!gGAa#($8)Y;%o4PE_vE%JZCWVc6Dncc_?Ml;I2O`0ShK zOwTYau>*l`o1r{+Ks+_&AOQC#N~e8c^=7&*=oRI)FR|l{%!vZA;{fDlS`+>s8?>bH z+DljtSTA2B5@g4$33~UUOEx3(vNrB0*jJtiBNE)eTyw&s4T`SL0BKJX)JVO{2K^fs z{Z5I$dQrXhq}LgrA?c~#ix&CIG0VB`jj*pXOE3XHKh&f40<;H=1qKHhhy^n<83q16 z*<_QQ;Qvj^RTgkC6Y1yr+3)L1LDIOdi3H3zWdC)MofrXN@G=n2?S+Y!)D%`ntF|~s z^Wj=&5-e6GaPotlG;QNW)ihprvvOQrxk`NDd)9il#4+=|&v6w&8j9kPxxGJkYd(|; zJPKP?@qs~H+fiJUE)Uxy#^IgKTS30o`^wPg#B0-EIvG7ps4d+an0odU+y2E%tVK1! zDjM1*kDw>Iz$b(6%^Qb?R{I?er*W-rHTy7QnlA5i@w9737uU9&foFln$`)0<%o;D8o(xihnhSa zO`Rud!FF-X(YssAl7KT}sA8!*Y4NHna?CWb`?TA3>r>TFX}S-diO>jrB+`{46X+ zqpXufN=mZA&b_AVXmI#B(O;7sb^15MwVatfl&H1i>|zw^CeHWx1dszoVlffB!tgLt zpo}`=n;o+qls?06_IAkZ;m86Sw?43WDGYYUqYL;x&K4~B1;c`Wb*@}>cfxLb7E!k? z5>>a0`?}^gQ+V(GQ@!szjbbQ4$p_JJw(*tGQqw0qL6ZJMg>0^YfMHWczX0SN?2!>z+GDcE@cn5qJaxp zt`7lHOcw7wS_Cd>fM{_FSk1-7D3hiMZz|QC+bsmhxOnjZ97pxmJ?9MSq8>}!`(ITP z`Sj0<4tq*~81W0C#m5GOA_xU+=1^g)JXgS3p_{}>@Rk8QaApTQb>g(iiq3M@O51!XZd4{vZ;YzDcCR_gzi#;6LpOSlPe5?Jk%)feg*uVvrZ{iD9$YMH=pMb|Z$8Lv zVrJA@Yn6a~X7wOhNlYd~SM*0cwe^JpScmm99)8o)E8dCRcfVpIoF=3{KwoOK?N1V~ zd+i{f{jZ&C?5J@<&?-u5w2HF2bA!S#d)U70^jXrNG+1E;cKo@nyid2BxI5^rqsB4&8GAfacCO=eY=-05(6Lq;7*7QsD(txl`r z+UfUriK`ZTgU*%MTN^R=rH zRSy`IF+Mh$fosheOW8Q~eIa4@UmA2czgP}u(Xq@;uHDT2fCGtsobb;H);+nkQ)USp zn`Vu}sCZ`IpxC}Flp?7HIWE@fgD%c%w4+i?x?O-KyzZ8Xjwlrz5QYfm~>|(FSiK zT6oeP^DU4J{{e0dT`s0@Wg+9=+7QmvQpFZYIQ>w?BK1$SRQQ)Kdr7!HJLc zgR<9R)jOhr54)(QK*&x!!5Z6n<~n9(JA|0JE_pG(FE?z_!`>cBO~BAME&s?Vm*&__ ztkVvam-_pmx^-ou5M`*&j;)q=1v6~3KE$-$>=ux3yASQ!s1tZ_UQ9x5&jwUIp55#I zJn1X@Gb3ezA<$QX(*1*UV?~=ke?{vw)x|(3^CfGTf++-RZ~v1R%MRvq#PspeaYgl~ zf#QLza)!06Z!j;k(rFUghuC^GW{9)i!643|3Bxd$!KiWA3IAqV7n4rO@Ujs_xO9(G zDBD{{Ryheh^;MPq01sdG@BZgV|eA$**qA~ueR1O#T z`ZHUAPxf%ltcDK?DNPS0Y3zJSHBf%y_`hp})B^x$EwesnkH(}?P}rG8XORoPdSjM} zm=*?DWM-5{Tmcpug60(zaB*k3=-U9=;&#t{t%IYA)M(_BI=SbN6aM z2B|%=NtE&R(K~jn^If*tp^5u1!_@?>F+Y)~(%0X!mSu?d4se2-_NbN`_g+(f<7n8G{u#H(syF;3rIq9lU4wt}tSoK%5F2?(5=Y_ISqpz&o{c@)|r(yOI zdLW0zHKLW#--(eF^7qTv2;^O--_6cVcT`osw8g!mDXKysF+iA;5Xl9WNGng&@sk#@ zyfbt=IYq$oXh0dnsURFKOzt+|IXoBBl2LFfXzhq_H_WeCPZ*GU|5q4(J+y2$Zjns@ z%t_RpXKEF(+3K_7^(KLakq}tP=B5F;W>fy2n}>rolqktY0XBkJMK1FBzPeT)BYC5L!ekC!)Xmz^YrJ25 zMHcUcA6LVEVj4j6$0YUiUjj`as^d3R^oV9cLR?()WS1fTBB5>jV1GXz-Q^PMlr(^S;C=9VRf%<8Sgjg{fk*ioDzc7ch;;N>al2vNNrrt6MIlaYw zF|1~kf6J8eOPGjXArh-T-bf9tCw*_J9vuPL(4Wh*ATaFS0(#pHx2mi-ihS!e8j9+T zTBo};ixhOjdsNR%^>Ei6Swx+Sa?Af?Rs0p23RtRYXmXdldi@Lhf&H~!hWm$JTQA{P zf4aGUq)0Fe*QsGGD{?$Cr4^#0Do~BPsGz8mvj2EH?zf3IK|u7E!m*zOW;-YzR}A;5 zeCp)DU8*(?k?3o=KoO+>BHPW5k7>vvrw`?SYGRK}n*SxQqGcd&fzIWCo(E)i>>K{m zFlD+-r0ZJvpCo+vEV9}Wvp~}4@=>;gEBCtH;W)@-Ci`*FP3HCiLT4R?Ru*}RuP`PN zd3?Wu*$8tPM8{m9M5d7f^aZlNV?t;&0X?sPI$96PvTaQFE&?!H(iG9ev96qYkBO40~3V@ZVfE;`n8ePE|0tXJwYiBv^&jF-HT6afpn#=n11XZ>SKe1YEQ$rQqrD6AMiBaJiV*^;<@?l z7@yRS0`y%|LD*#Y2WzvMvJ$f;Xf9DGQllohFI2dL*KLqM52uKNhC`fbsn~GXjQCCV z-)Me|(4~w+!TFdV9tXS!NQ%I=`+2*>#&&>PB|zZTaq^zMSo44QStbG|*teaRw5cV3 zM}fSo?o4#>aqVUsTQ;c8tCuhj9~$-Jt?Inh`b>nO*mjm~xY_8?j@u-6WALz5b^PA} zQo|lc*98U@uz-z*tIMN7^!mcK6@-ZMoy05j8HTka4g759Kjb3ho}+=L#q1{V_FW|K zvH5{J(C&tGE4VdpPLdomTk z=UQ+kIkYAwP_X&{OW|{;)`Bda3$Nhc^DmI?pudlmEkig@g0Q<-rYA3SIlsA@rx{yy zfBu(e0$`|$Zde`YjwyLI+(wVkT4;Oxi$w=zQ&tZofJc;YZA(dNvlumkC5RdqW6G_(BrE*F|5yQ|cQxgp>MZAt% zruuOea|rN87!{T({<9`NBV$}VoYNZZTf~ML3h~g?@))=7;XW}6Cf0DGG0Ia zNxz1@u3PP?eNTePCh8lLmk7dAw%Uj9r(Xai(7ThgV(ykhs(1h``}aDed%~I3{GWI- zh~56@UN4_dg*}xXvyr)6zgPIde7+3-EOmR05s5>W9t9A-#TZILkOiM)is$-fi;i+3 zJu)S+1|@^)RZkk+`;wChhM+G6l~P|*X$d=Pq)>Hp^JsXk4DN-6-PZ(qb4+RC^v+f) zUCmSX<;TYe9-}wb-&ni`_!SwI|Bt4#3~ICM+IE7wy9RgH0wq|nVmIzk+*;gs2;@Tobf=h8qarffx$(QGy`Tpg{m1O3cz4o$Wt#jz-%NHTZB`fa>zMukmBo>m_ zep;=I0zhjXw}>X}xJdtBDDAnf=dWMg((LcI3qM$nzUFukcRO*!xH?SEf>XPm@qk6A;k(7-{}6|9U{Fhow( zW$Qr+-j?|GBC62Jqkf;~4c72KPI1RfYn2Z`LynL2+|yTSs%XvrbkHgn*N3A4owCq! z>eT}w>?96kDcWW>*aM%U(q@+3Xd=Df~((^(=Pg0K@+pFhDl_&@iSJ{#b7!bsb5qibuk7 zEEU7hRwP{YuS#i74Np{jJHH5Mj<@08)9muG+ck{Vv?+V^Zst1vCmy1 zKPpuSHQI*#05M`bdA9o8c!hqLq+hZ>sQk21n;`98v^Thz)M#ch%5H0yE}pvk$yNaM zKhho_DweDT8PN|l-3%{?fM$erzUK-FKxGzlL)8v2CkseV3s_38n|I^G6k|HkV6`u>BTF$oGg?}Ia1t}IS7yHx>nAr> z>>>5u*h-B9jU1p>C7U%qH2|>S=`Tv9hy~Mkej)yQ{$vU0Lgm8-{vAxmGtRstXT7bw ziSg(7OW;2!;Me#!a1gfbLV}YT*;V&0DF_k%W6_a%5Fk8^g0U>bs;b`vKzRUc_@Y_I zQxmAZNk|>_CS}FtC3hys0h;DE6IYkAqQ*D>RZa~fnWPWs;r;TXvfX^gcER!gvj7xk zopcX1((igrf3)Abdu2WQAV+Kaicyghe~YbO5*GfecTd(t>o3L*ezq_wuBxM#Sn+#5 z&^Qu+!x*%`Kjj$!?h5*CEUF*(&kFw;n`yiI)3uhM%lj#-wSTSE zaUQ+j9w&7yfn>E?M#F-~tQ*-3d#{$)BpwriO6-HDU)E~XB&7G> zi+h4=UYk^M-HP~M^K;+wvW5@;5wCaGp%=dj^UsqGpU=zdp`T1TQ}N*aX6@FI;@nqz zEK{vhtvMw7X(|poD#jjm=zAYLPLe$QTG<=6F$+N zdEg)fj|vHCR0C&N3$dzY`ecegCU3(9aEa7OoT-Hoq(n<;GK0_B3o}Q6jgNbf&41m* z{chO_S)ouNjW_55xP?HHejOYds27kcD$XQ7a+b3XDhRN)Q^PmFI4JVi6w!Mbo*TJa z_$lZ?FQ=!e3IN%G1@*`e@MPBt1dbrOn&;A zykUfRpng8OLkbY> z1i*pZIZEuojPCopul4=5R|l;~#u+^wIzuqZ0aogC%Ly<#1p9glYih+fXq5$j2t5=Y zWEa){-QHG`Mn#-Bf`>JLnG$iB3)FJx?iB{K;s~D}>%V%sdC33sv6^9p5KvnMib5v_ z@^GBP@9-UiYar*ARQ1FllK%6mJH@XT4e)e}mjn+7zl|4YWpD2T~vhv5{F$R6MTMW4i*O0&z*#ECAkSF_KU zb`X`YA;4$s|CVXLd6Ht!^wWXO%k1Y9>A$bj?IvM|Z^(_Y)>dEo-{1GHhtihUfHAdC z0_?_I{`U#jp=EPW8Zj&2MgqU(LnK58u)t5EwP6Ok1*XisG3%FHNZT{Nv0{vxInB1n zn(4({dsaJ^ZpOWP9ilR~LIlWRHqIBnFPLeoX*w^FdmtOC7ISRhfaH0qZ>%Fqzkhcl z{mhN97af;1CRnr8umQ-G{sFu@pWGEXLXWW=1U8gv>a)Pl3-mD#=yH1sKTSry30MW) z=#;8pS-yFY;%mTFf7%i-buUjQzpr~eCW)&N{N9X8ZcHZZHA{^Emm=(f*^KOdU2`|B zkH>KDJUxbIxpCZOYN53mTIHT^mU~;7-WcFzMTeR*s?vua|4GvK4bTdH!@EO&_N^V_ zO5z?6NaHUPL`G=$=|4N#<;M7W2?@$7($~g02Og#Gi z8Md8)?Lo8GGu#lY;qS;;Rr_D}4P&Jlf|}WhLIIa~JnX0&#D+$e>cJH0irt#eRj8xH znS;OvvbYKBHWG{>+?d(rs}%_o!zvhQQ^Yj}?Y*wl3Cby3@XpoV(#=UN&&9E(f4xT> zhxkLy=03yyPeZhQKl+}n4pK$nXRl!sWil+t;iR;Khxtbw(uqh^QS9_UZjG?C#&_6U zDLUe0G0;Qni1&i0w*fM@*R|BXoo1mB8E54gRTk%JYH7DF@bNUyUDvnEF7K`@dMCEF z1SPTX(DWa^S;OPwmQBmxG!B447LtVaxNDnX#TUJ|b`qy#0fic8G_Q z*1xA%OkIZUfZqK9f->xG;*M=DbYW)jHUU&zoj<*eI?K8V~s$K)NMq+ zUp~o!>f;0{CxS8g7P3Ae>>vbQdxHzu*+$jj)B>Y1LTx?+Mc>`O1acyarnodFx8qUQ z!hl(zg*5h7oqO@-)ysmOkqI3+)E-z~i-8<8^9|HApSH&LUi@ZzvYfIiiDwe1E&RW(OWrXbLof zWoe)PaAEru%a(sWo2?ty)|tVF0}P`#ZWb>q8$6{qh6TtyfTC>5YG+s*8znX~p<^u( zxHt*MfA6UGOCqP}0K8?*J=yH&n$dqWs6S=fU^I;bid3l-JO$Hoxkm8b3u$63FEtuy zR^)w#fAAB?jXBT9aN-gBqe%@Py-^!Z=5=I80P4Ga2}3XbbhbX^E}#G5N#4qlU{D-u z9Ps?TPah*-`QYoe^1v>B5`YRSTrrC~yzxF~gxvGDhtP9vTY5bXd5-mNd+ygE$U`Dl zsR@rrDW6Hp<|cY;2t#ED^y|mW;@)aKNoGz;69DSpJyiuf{#Y+Vqry>WphI}0(|mdZ zzruFf$tyqiE^7uyuW74s9cQ?S|2O#J#v0OZa!D2E7YY5Vrpz{CCpp`q_$;X$WHWqC ztd*n*O;g892@b6&*1g33ZmRJPI=`@V;rjj-u4?cAf%kK=zC|!N^!l*2P%KCMS9~`XD9Q}UI4tg z%Psa96<|vgsSXHm5{b`NX0azsp~LSoyM2UUqA_1%}Ts?O3{IZiJe@}@#5tYuLa zXOn2#8iKXxo_w*+YI)dwP-~qT!B%U$G;flnsZY*|LX`Tw&yyb1X~fQKtQs*dr5sTX z%osjz47HDvYAxxf)3e^{^Zq3}1JbxVOGUC4X@F(1W32_Ee))MWw*DyDe(+b%!wga% z4fsRtMKle{`grfeVCP zWFQJ;85Uod+w&O=389F$_5h^mc5!|;wg-HW&^JNvt$RPPZIt)Po#JD4j*cES-eZ_^ zj)D1i-j@0Kq=>jty$S( zY%s8ETZ=N%DvP^SZtj?T)HSLKqHdNg2VRm_#hQx+reXxv@3>TR9#dL_;oRoFw>S5zRt&vAL%xVi zcwc_<_E^Kt+A2?m5b{}QD*on}AA_~Hw^C--pYK#9gQy5L(q?N1zM1^?yz8@~7c%;w zo3G;6Y<&sIrbl>pQhuU8SN-T+ntr`g?LYcR%pT#~=K|f@`51`>iu%DZt~l)3)JXi0 zI+U^?wTS1@FRLbSJ^V(o?urm?7ZEst`^NuS8@aSKerJH>^G80Us!Q=oAhRSmnD1;5 z^>C;Ar@qbNwW|6FVo~McLMwtcqUet|I55@1Ds&e+;`<`g#a{+OUioYb$D+P0Q(YYk zZlNZrXr5%oe($r-TVF#SUPpPBos^xo>5HN(I3=wXjVw^s_L=)rQUpkC+C|N+QQ~f@ zwpwq40SEL64hDGN)3BO(LSQ!1?sx zsLtJl-W_Gh(`QzbxX6J$COfkK`bDJ6Iy3vBgU`->=hY_a) zn5tul-;e5|<_>3J^7w8IyO$<=M2tR)mYnL$;uykf1UXhmG?j_XD@B1CpETeOe7>#O z7b<-x!jJ#x83&Q>y1c3@&Z2b!SgXZ7l*RdLw^2z@v5Q_lVk_Q)o&$vfrk4Y2@tMIFw=v>f&j&qWq}_8<{yJ#w&KYOEUndS&)c)BNBo6kVEw| z_cERDHXG5(3TE!B_9XTsTUlmOLHCQJfMzt`V_vJ%qsx5TH)FF!?^N=zfwL@@Ro@9a zjayh-$L*%n!!pVKMV26~bsc@(v$WIaX@I7`t(Lg6R&{*B&pKJggnYs$Q#MsJp^AMM)e1qS?i zkWrXna7@knBIj*a!jGc@*cUTPy0sQB;V$2o*OF7yu|W`j+HamWJ*N?77sX!~2gi-p zqA~ODWtkiP5TF<5>k$NV(jjo)Smx}mNb8g-YQvo!D&nJC{b+c`eVujdEHc;Oq7sk9 zD+S6Xahuk#b3(g+K;4=3V&=)Gyesj&c9rd|d+^qncP~GB0QM8IkF>V4h<^Og64N8t zCope7V1LacLozfThm_ybeQF^Ea!e3z`nwwzI;L#r?E-_h(>`=`bfR&L;cj-%n&Nc* zSdM7fkZ)7jq|Nes=U$Hb61LKlkxm(8R7{B;0`_@P@i-IgB2)*0j{ zG{pPoW0LA09q8s5rMLfebBAHAaOT~Ra$eOr-?n+weF_v zV#0j=r=y@cnG*-AwL^p?y8_$_3;A#HiQg~)aKj~F8OypK6qag$As9$go#cQg+YL-M z4Bzb`?RheRB{eM zTX6nM#{N9>TQr^$7Rw6{s008!NL-e7ENe5KCL?>G~T>AF!P~}lX(Jd{8+I-?o;L85=zol73*-jRV=zZVt_viBK@4jWEg&8kgA=Tze*)t*! zCO;?kmv)yLkl&r;idTSNVFhGtyuP=IpE{~i@Ey2MnPvh0C+~DjLl9Tc#v6MRw0a(+ z7ojcU!Yhb!>nl|#c7FfprT>v_!h%5#l2Y6z;Juy~Mic?=-4OKx4@u!AHf5n-SP3LW zGz;S6;3cL?iN0|WoSlo0S|i9fC!XtjGZePRevcY~el~wZ=;(-o_MHau^9N}((m!Pg zHHu}p(M~mdUBywNxp;&?$p8aby2~doti;$htg+5Lagi9{m$bB=|Yvuv|Qw1Wj z@N_vi>OxbUyMq(>n@D6uL(NXhPDqW0${C)8g;kP`82F}Wk238 z3j((1I2smkivRHTY&4SA`%mabrVX`k%r4+qyM8D2mql>?z4qCf$@hC6>O&B0`fN`A z&^zxJD;SVgrnvy?KS0i4GU7yEJbx{puRghRjHxjp80uc0zb2R^f&YC~#g_G&T#BH) zXVL5KEIQi8tm_}|9veWA-XPj`5HaDi$s4y2>}Smu;Ftjh5k_-RLQh1W0mcSNpB+EX zmOX$;K;QSZ05(R33ky4A2A|sYOOeHFMtwSxBh65#Q-W1FrC!OkLPN&t) z?vG_H=H$vwDJg88N~0?28EIst4yX&noiGt**59!dW}J>5Y^9U~_Iu#%Ag0vZ{KBuN z^uXaGno2gCcqYcZly&zQ=2{Y`_q$oTe^7B9`G>YleqSU$feRGiz+bbl1U2vTCh%I^ z(kC@Z&j;%J?RKku$pV>Si2S@bL|3xxz1N8@-lf&K40;;kKflsz@Fkwo4toQO^OLcv z+keQ%uI$#??_}ECVaCId%?P~Wv0##ulO~-lOJMm`-!wUhG9S{-x_x;#N0A#ePUad1 z2MsZ<@nh1KHh3DuMK1q2xF7`EkT{POkVVYazeZv9OopaYL{0s%{Z{I}#h^k?b*ths zO;*vvIt0kfXfB$;O8RXc0S7iWmzyQ+D*s74$82(~F?a)5B2#g@1z+}Bs)1^@#|^~f zBT{G3&;`*k)Ib$#xXP^Z8ZH>`yh!>%k{t1^nSMuLRR=+5r_xxV&rUBx^rpFaT$<{n zEUS!PEkZ$Fed81^hFUwmo3*(kA8*I44o@s^qTSc;81XR_=;zY$Atn{X;xgv6>|CI^ z=j30iZw-)Mit!D+0Jj?21h33)F8lS1_kd;zl?oK z76e#F%Wmnq997qSPc}h+JY+xqbiP2?ourk8sm*Jiv~GUsDOx`HnI9oBYw4JV0I!|j zbJv)>Ec*J(q;yP>N1P^uQ@Up#C-bxJ*1d8|EyU&=X7{uUIzKM+?N0_w%(vN`gbgop z;ce*bA~xxA?iEuJjM$RLK&avcP%=Xps*qZPS4gy@hXKI*4fp;G%qBSC5+OP|g`VXP zoi_y`7*D-(1D{sy`zwZ!_sUwpeC-3`;(gx{9_sx-H>yA#W_u8HJNZ>c4)iqipzehX zHLrNy=i7iqc;+R|b>7gp$N?-f!fNP%7{gd7kDl|}rCM7%Iqx^4P+imX8I8AZ zHqyA9smv9)iZX;_70)yC2^Npe{V;QuJD32#e|JAzLe7D7B|34Fv87S5hY`Bhjc1~XsN9&gCi-m5maYB!S0EK^N=yI8sLDIzbZe)BX2rDxA#PR!8iO{cW+e*?AvYc@v@6(NM8_*J*$%r4?E z$1{~l@Vx&;vZ|bPy`pkRVzP}6Qk#?LwCxulQP-Cn#*lY-)YHNc1Zc@H-00ToqDvn8 z>R5%65D*08iYIE@{2j35u~E@7U*vK{dmjU3%)0T}BDb~!0Fa?yvT-WYPntB}ra1kl zhS}4%i(;uS-AChlxG$*{U{rw9DsAlF3HWJ2@uWq^^B}Eu_N8h-=;Bk6!Yk!%4oZeRMr1z9avJ*=m>Ngy)@V#yC8RRFtGw!gPbiG zp*}S_m-AJGP~xn+BY6zSco1AA^x(CR)kKERd0fqQZwlF^($Zynd30dgXxfn-cX$ z45(HYr}dE*%iUS7-1*zI*(VEw^l3?7?vF0z%r;U*RH&k;&YwR{9J;vCce9&D&|xd% zLARnD`_c(W_xf*3^zO77i~t$Wz<2%FGW=-P38w3LL2uS4xb6lOlA3nKh1OvHvWFR z4Klj@+3pzqq**s3rMpEePc;^*5XbmM9_>v6$<1>DKo>N4g2`&{nxK}xT4Ctv5P!Cn zBK3j)11-KBYCl;jid^pSl#;qD3KcOXnk1L51}-zY2R3sJtl1%tEc&7E^yfWN-b-zP3@aLPhZ{p5RWcO79vL-_;}1t4aizFr|PY zrTQ8|lQA)aG{!38HycTxvn^=*irw{@ZHVy*R(wJkZ+#`t&s{$UbdN-3%91jgY^qee zm3Qeq`X$4)of*i=Z+0@|>D{~V_jpv&zkxVI>p1z(Hy%R_4oc3~{WE|XF~8%rB%SZ) zPz8`%52b3kubQniT7Mq4om7q-UJr7lkb0C{QQOU+ougXLb030%KFErN(r@=|qClu0 z%T8#5*Fk4&hgY3_0B?}j>)?CO@D^U?yTI;QBu&4P1Hd)DwQ6Of+Z)@$ zpP+_4&iMgOIcu)K!>8AXAgQ>7d{*Kky+jxl^b>ZH->?2aM8~}T>}R52PhY*uVOwz6 zzgI?oui=ai7ZHSNi+99m|Df*=icgXcx;)t(t=0M}OS?H&zWMTbf6L!h>*olh{ked) zq6=MyYxP(oy;0hH%1*v}KFHQ!s`BZ1EiC!j{wBi;?}zQu-@wGHHGhc}`k$5V{?w@8 zjt?Wd1VXAd}ZfU*z?pvD4S z2I-VSI?qE8LNaY`6iHHtPI<-$LfWFIkL1<+>&kV`-^LFIL)~8y{Qdi_yjqs)iO_6| ztjEIvOo}6f%8RBU&!YHNt{j^WAiQem=mxNp8o)hW+Q8Mz^6RptQs@x{^;#=nQAGm> zRqw?0>j?0r>VSo>cc-n4CT_cljyX+e2+jwXU3e*kOxbPrgr?<5Uuqb9+IHjPCy!n> zry2yEsP8aUGk~f99lvpi`24?&834vOnLInWz>w=FRfTZsl@HjenGS+J3h0Hcx*F+% zB{tTqJsCRYv?aq^HJvAo98+<*X^$C!^z7#Gdo0bqL*M5m1uhGm3pyy0#IF%pPxdHb@O=EY{~zu><;p-rQZso+EB~K^x4*^11QedGHNt@Kil@qC+s+n_*UvQT+dYbf4=u&wE0QzYLP|KUe!Rkc`qJn-Mf)62Wlh+%2|% zy!$}_H6?ld?-kX799WHsr7}Tt4LrGsXC#72myo9Ru^<0dj#P0f= z!t8?v_33S%H$SLh%87SNNrj%ezXE6>rdE3`>WSfrztWH&)+?kXc6xte zI=l=?Vwjjd^{^=@Cwr1wcFd1x1SO_es2(io?pd;H*Jj=rXJeujWEeCrqxIP3kLyK3N7mB8RrkoX1|`P%eNVXs6?7+y3u5}x;) z$~J6A8b>z8Uw*&xO&x*!4OBKuaV>8^|9Q!Vh|w6mlJB`nXqAqUOzsplUrb!u8$XcQ zh#Cqck;#waC{{tqUowt+kKrA2923sS*1oVzB61zEj5u`!@-?=_ZhFbowQHBa5 zAj#_zjbwajV=o_w5AsupHXQ#zKo(z{KQR)b;LX8F z)B8#GAf_l|;(#5ZyhV8c2D@YgsEn-%AHXK^!!AM1BW)~l%lvIbs*9mfEsY%q!+$$q zpu@+nV{q20@idz@@yp1T>(1*+#ZE%)6TwP~6;1+@j78u73cmVDSRbCVHl-LV(Ky-Mf8aKeEq;#f# zYe?HUI$VR;ZUv8s$`HtzW=cy}QmE;`Re`@1O@U^U8IGb#rQs<^lEyXBN-+kCZ@Ko5 zt?d!76nN{5tD4u>X$K7d@-v~e)|Lse*urHO+mH?+5~RA`+}B0~^j9_+g^(psbzL$R zC}=44#BN^O3c#kX44JsUwVo0BThG?ET;_3LJ}~;eFH0O$hF>j}S?lK8XS1wbyVDIL zjG56`232MAo<|^|BFU%^lPtq}WS3Tvszn}A@7hqm<95XTe6iFhfbixOw~d9yPA?qF z**gAf`}LJ(75*-5B4=>U732JWy(^}tmfh=8rjFSSEo>41tON&$IdA;S-gv#$&V?+i zmI0YJfDucfgPnp6+Dv)OSPo1rF5E+&8c;PU+RNQg5#t2*lOOP)%`wf~j7VO8AIqsGQ z6^2Qk>uescs%L6&zjGNHR}l| zYEk~KK1EoTI33Q8BfjxFInH$9mUof7?EPtv0mwAhJ@Kl%FSW|}wN70$covTUQ{@FR zaXiSYnIxZ15Cb@s;9$eNP^?n~DU#X`^L)r0FQ?y7vXL1DJO;_15KHUK&jZC5Fe&20 ztG{=?mjoE1EIcBme~S*G;ucdL@+z7sv+vj4vK;Rb;iG`9`n;)KgA|c{CT8Ai(bJyO z_^xOOV!Y;lpEQ|9tW2mV;GTMTay8EKjgzNgZs*vN@600#f?Hn@tL0RL?Yxo_^1Re`4~uT8#Y$y24nQHJWFe>T zn-|8<5Je_r>zBv~NQFkBXOOroI9f{Nc@QA7WksM{{jy0#gzt@XX`Tjp zS!Fk*AbK(7PrX0Y;TicASC7Xp!6~Pg4q#(}DiO3Q1g~D_Av218i>le2^qS`Y5`rXD(rKhvk1n5BnP1&*VUvUxCjd zG$^A{cc>!u9Qw)V`C4Os{t8C}6$nLY68&?XmQpN8P@ zxXHQ@lu#iVyJZg^JM7V$drK6JMg+nADb|Au4Xh#-<~!IqhR9z+g#2`WH9wa+{rMV# zc(PmxX=LlP;`H_n;SYQW_>JJ88Tf$6f)QW6^+V!7p>kPCjqVMjfOa#vQ?02U<@!^C zdL2e}2TtBv9b*{&n5|rt-?vEOm6^C$T`DpXRAhqZk5{-k?jS0RX(MJ|&s`=T)uEHG z`+dfXGmBP=7;89Mi5ixI1FBe9-HfcQjY^^DZJ=r=IF0aJY&lOacqXmw{>NKg!m9?0 zgR()F8RU**k_%&K4`S01^q<8R%)q4dKhlYL>uA^!IWRUKCO+WMTXaEv3~L|-n#L>~ zYb1MW<((W?%KARP^P=GPhj$mYRP#0IS=XVZE_>Fl8pLcZ&n(CzPl88KR*23rzO_G0 z)vOCr#m1=J<=mGoK>-Z2I=x*!K_?f@MrjBj3LA*PLV?Pch*Sc|nw^P|`G7Tzoy+^f zRvfvvX-eus$_hgENN$CTq{Ft*sQI2?rg=1{f-WGG`?S}V|- zdz@kT{+rBrIk=uUH8RupzLptOT`R*nJK-(ZMFDRWuN0@g<Q}dG}80|$0uHSt)NJ`?4tR}>BB1+VH zNgJL@<7sY$Jmy8a+SwgqMg97)$a)q|%YU$ph)?OO>D8h%u`K6$#W9|~!zu)D_(le5 z5FB|H(7Od|KY(XOy5A{Ce2C$o=^a>sovL(4xw@9WOJBzAuA}^Ml6YU~yftU5t;nbx z_`CEABJtCII|#sr2FnwJz_qqSMBc~G1&u1!-D_MQeM6mhM2+1f7-~i^^t#$)N3QL#MYww?)bc~&_@+YfFS1`%l@0zgyv>^Vabf?Y z`ZX{!#0%93IjU5e|NSmP8O|MGl`EdI91kxQT=6aYZD zh#o{f_lcE?O&?IA>K*RTUn(C?%AxitQg>qv)I%hiYemc z_W`a~#VhKYjMr4)?*mvi%{!oJhF}|wBlisQTx?|Oe=Q!WI4@1UwpNV5TqbDu=nW@I zDq!r55HRc^>6`EB_YKG|XBq9s3_Dz)&I>=W%;Ciu>`@JhqLJ276?fnF>*XAjoF~ROR2#DL|AL6QKcm0AU97U z-9ua2*S#S_9Px*gUly98qm-6i-%6cN@=tFwq06+10o(z21V!ej_d%~-Jtc2tBhWFd zW$pwg;0Hq&Mn>bRZBKcnSmVaA+P*DY!3cot>#6u(TUERzsozx6jmIRx=09@00&zM?3R@YB2_4>Y?UwIxHRkB z%j7l6+zr-bZj5mwH>eX2^o81*nP7u23PN$S^sg`_5e5i7B)QMv~OWAUCOy!)F(}dXAAi`^L8^7_6 zj0hIkFB>GiZz&*YCi&k^H<3AF8WP>-vq4K3%n%{J{CAd-2Il@(7W!4w>|DTTJxtDt zNW0?_Ouau6tX0f7woZ>|;vJ27PR`+_RD}s)u7T{%0otgJn*4Vo*jP zC=F@ySdLiAe^3?CH(f$WR-e88XyrWJf#gWwY04X=jb;jLw#u4#<-9nXPug=RfLPH9 zGh!Ix1NR$^63gEP-hB(xTQoFx5fS|6KR*I|?U5qiw}b+YG#{?cWrv1XH%}bGWAkI# zu7%B|T<@+DQcR1h1pGJT{yr92*y>S|;TBcqOi`LCx_9s(vU?Esnt_f}ieQ8h7wu`R&n|F@+-Ju6^k?jnVT89GVs`VB zyuS?w>8Ni*9~NAE*^kY>V#rH!7g0`Wj3^)+e2a7h@@xQDsvbrP2%c!RnZ1-qOX2-2 zLY*y}xjl-(d|s(rE$b;{DDX8dgi&;3^T(HqtTnCsvN;xWF;c@-J1o2ZewJnf*#%ly z-28}O_+W`bf@77j`LHQ`u-qL49AVI69wFw)5Yv94BV>wl--k=&|3VYCia9m;s$G-A z)SO>5Gvgh^p5D}@tf<^iIQ(!2Oo=0g+AOGXeq{gzIX}5^Lw7y^Fd|6=jqfmL4be@x zy9qTJnpkgROgJQ-%V*!0$mB>;`Dlbahi0`vw8sxqfmd|Yw!c#cdi+5Blb8O#YQMC@ z?oO5-8bWgP0Yddfwq$_pj1;vOJG+^UepQwcJR%$=Qx{FYBI=wejr6~!&e+N%05xm^ zJ!cHz&rCmEZ;wK+*wL5P)`CpxE2b|Un5jW^E9uF$PRV=K^$R&=L!8zOy9^L^nlEpvo6Yn71gf_^0 zHfrXt2>_so9`*w1hdu~p%uhT95rJ@j(s^tSHa%Xfg-Wzz;PYnF4U}tLy|XQ*UG>z1 z4d~ejwhd;YvP5Md(*=TSJe7qX81QDMIjOd>VxlDaK`*?T>D6U?VrrPok0R?!Lcr@T zEZ!WJSb53gMaU+1)NTbsn*z6z)k1N!3xZ4K7X06nyYx%BJ>mzzHk?|$cO&hKIZ=c# z6MxwZ@y>Vq@kU^yEU|8@=AYXA8PA8_w{dcE%mMW~l6WXoqQU{_b_(*B z2vJG%Db*#3^k;+-E!?XEu zO-yirUR*^cD2J`nkOAgb9c`P!+nTFLtjpH%sn9K;#_+pYmo&TzM2AwCd!vSQpY zvRTFpx};t~1#QOu(+BjP<)Uly8@;*jGI2acD0Z;G1Q#j7AEkKMZ;mTkxoLz2pzMSI zqC@$C?KN<;C#S0<3(o14CL|8l%m?9wh1rRUXzL=0+%wG(-ReA zdU17@4=gKJ{qxiNXA^?jx3(j%wNJena32JMQ)DnEg?z@gV|MXjcuU=|Xaf1um)8n| zbLaZw3`fA=@6&(XHyT=gpC@x5+q(7Lza7X0f(4(+yq}+m*4DP8^jX~HybI#kX1^JC z&x_btpxo@Dpr-bb0;bf9eznlbtb|9|pwe-g!@)$cJ&dDY=d#j+V_I$tpgMEa2?gl~ z%a|DlIHiB!s2TsB!TL`HpckS9p?FW^<;{dw7S)6QPEPGZT4WI$@!|K)cf{M@uQ(q6 z#N#Rqq*WRDbpCYKc5nGt`%fRWl$`tDEzYK}YU13pcESufOfP=nbIXPaU{dz!E#2%| zq^mUH7910f&&T#Tz-~_E;y%q*FgxJsG?bAI*9c^tJr!dI&tkvR&O$s1wSx*7nR~JL?HF>oodsfiV7?PA8Ai@MO&x}<206AHEfWP(D5^#?j^}r2(azc@;-OLf?GZ@-9}QOltaaQN`z zTxQDkpf>a?eILi&+GOI zQNlukDt;CoY|m1iCC+^P_=M$@h}5Xl;P|LPN>3nR`r5Mjvwl&rpYUUuhH_y$h0tEu z9-Y+s7(^K71GePlCEhlXK7feAdSMY8Gosdb;cC7Ib+=P5`E@-({f+6nx3Kp#^(B3Q z=i^)j320+gKwlyg)Ztl85r0hF?~hkSjt$CZb*AJLF{DWlATV#42bXmv3R=@Kb( z&;8P$w6ZlNyfDCo0C-%)&G(WBMScVF=69hG%*KVBNE0R8&))HR^7;{@aQ;At znovipn0IoqKh27ye;`1ws+ws8BDJUe>05>OmYIl4>D1h8RO30pScaLL?FMOTw%nu~ zgFGrf6M^?Fc&{eRCo!Y=Uwzc@TYTy~gqm|WnvfcvFfva@21Rzma795>l<2e->oifW z2zeppQAf+baAu>qcaksPzPT;^%hlSy4wOgq{LJq%_MZb0wsjIc6OAEsGm~xL{+sv# zlY$L_ziIE+$|yYz3JK@yp2WHy_s%YMnqLL%uoS>kBiW2?EfWsHuh$wu2$74|z|@JW3pZ0KrZ46i(C)h2G6A zZi;C<* z#fw{UDHKg`cXudOphzk1?!}8kaVzecob2y^&P6Vg+$EXJ%$j#*rD(ljGC?jZ{ivE^ zg^9^P7gJUVXpxdu&_$wZaOpqJs+v1+=QIgD3<{b4Su!$?clJ=wAstB)2wN=JS-I|p zlr?oO&2@-bSGA3ewmhUdTs)D; z!gp1sz#+!hsulTBDH*vDuX*im2aMn-v-t#c7k(k$i($dQAU*M~3<06r6%^>SdplB4 zh3=`WeY|+kH|tkdY)lVaddunOe83jM_c0>yIW`yi+jjD$0xNWVBbFZ0>6L=4H4LS% z_Bq4{Y&hGCwK`U7He0DApH>76Q+Bsyn4`|}u~o61B&$~>%D79k4i7O7Zaq0|?hraI znu6sJxn(PDY>bIanl&mD8%m*YZ3xR6Mq1KDrDR3>obdIo;A_)~L}+iT$@94xJP=~J z>D9E%yG~Nk#Lh1fxKpRv&1N>^QSXqRbgF7ukE>is@eHb>JZ1;EU=Gd@5h1`qNAb)Q zuYX6pIB9@FK`d%9jp)rhqEKTqMS6rci@Xp_RQYhfJ9LV?#2Zb|Uy6I29yfQhV!8k`@LH#5Eq2w{Z zh7U5^lfeEw05(ptPkFWjguqLqz6{Pm97_MU-V|#=CenotllVwL{gkm^5jnhrKyqw5 z;zCSx#^jk9!jJs#LONwG3 z$eDJCgf^B2^2HbKWB7k8zz7y54VOkz9e|SJJiN92w;^o5Y-YLF33ta7`BRoHye?6bL*}UDXe+d5MBAtF&yFom z%sw6rzM4dUn0tc&E!ZqdX;EK}SRkJ8s%!HtOHI!V3NyY}BDDcBR|$6F=paylP&+#a zPpB}p8i5OrY#WESnuP}=k-%6(#-5K#iy_?cnsktJF>l_d5HZ)c>c*Zg z65H8x-5}FC;`4Jdel$M!LpSc%aXyVR`)FzC9PW>!(0)^(R{vDVmL29K;#7Z;G)S)i zG{m4I^dN|wck|Cwn`LIr!KNC72)XqWYx!!;NM0sCq1?#}SCQt^Fisq^TK46&K$tft z!)q7+E{>BZxgI4Q;_fzZWoz2NfH8uwA7u22qQFQU)i6H!PnLg(XSW1%2mu3mFkR(4 zQ(h(V*~te7ApEH?n|fVj<{-&0OzE{pQ|sSQRPNeYi^iA)P@g7J>XdkOm)|wwZ4l68 zZn3uQ^Ks+fchn`Z$5z)8s56l#|7(WD<1qZ*U*;_q4Do93Zzf@g$FW1!pEw_d^htNq zOncvl{ya-7=MFe%Z$X7v-ZO|o3)(OLX-^Jweyr)G)-=BE4t;?Uw{LvfIFs1NuE=u$ zkks;nwFxRvLgWNfh5Yi{?Y1&L85+LsY7WZKywAKj0ZT(AJT{W#25>Uq^%JQO%loqy z3QxcEFSSEp2UBEM-`OkAEGRZWCFRo;!gT7M_e$2zj3j_7rOD@jh|2+S|095tC!DnS zRAh$fw$Oc4mHhth%?ZWLJN%el_g0z?bvtjg214qZZPHUZffGOv7PXWW5n^jg-jNNa zYlft*uC$I0%`v;&l6JUc6zZ!wu`dOs=X-b)L2l>WGJVW9bK+Vwc+?|RPKKJx!6&?K z=k5zvlB9~;$>U0Og*0^|Lin|31gzh_cPO_sThT%KT>ef=3#%8aJznwW);UnUxP65c zg#>^4(oxJ((p?x$5RfO^GPj6$*F|W0mIx4%#4K$2_?r?0sqdec!NbO)6%)OWo~5U3zA5=T6>7pSF_*1uyf+g;oc9yv>@DXB8QGBetjTtGqku|& z5LH+7+2&EuwX}%Y`M4Y~o9&yUY>Va9B0i~lQouJ16D2{kUxF+3_PE+_*LoXbt7!QE zi0E%)J@Gl|kflXsN>5eHITxw1aNTU?6j8X4jlgtKm?2V1PAQ9qx*7lc}_!u7R$4H$jE2DEAdYN8NZ}M(NP>#dqmXWyGie& zbM6Q@JZ{K+T}#Ok8dPnZ@p9`#9|=hnv9GnUFJz(yXi_Yy)BBkkqVcQR7t zdK`>2&3t%_^N#TM@T^+D;WW0;um$WRIa7a>+3QP5d6+p8>?TNyf`)Vox>^H^RiafK zqLHMFqL!Sn$Q_KdkKvXjwdHoEwjqg3lHzu*|2~SxD-@H>(2R*<-qs?=Ku`t*3Tk(r zZ0o)$__Ai+g0zFsuj_ns{`e0tAlW=O-$`UGU)Ye$X1yXzMFLQ?r-$!us(g#YR}>wh z$!_BK>EEk-a%?xS0HGSbZ`yG)8Fc&+;D{3vzrBS^hGwU%!=jA zQSTriANYbLa#4DkGaazTyyOgY9hAsE+6S*GvY146Q%YlU&1(Ig1yHU+U)ElO=Aagd zjTH-x_f0&u&oH6b9$rI{r&4!Hs(Kcfy~Ba7U`OBu>mRX@Urp87&#GJ>xGXDMUb`*@ z?;Qh_#8^bE!VzE9%K5L^Bn%1GU6=9!L}hE9%+OQR?&0ocd)#-2JOqINi_jB>5K?M0 zg`FQ?D%ZA*&&gIQH8A- zeOxrg&WdM2o*C31w}XE~f?HktYpx?O5|!Lvnb28~$D-eT#L2ukA8fi#^-p~><}id{&vN_Ih^l)jBeC~Izl9Ld%y^=%C+0v_Y%3Cn3-dhILU z(ww?>MH8reY|kb-dE0;aO+DxPeVQbI%X7Sv^z`&q0KQZNk_0_qCV4WFZ7_!YXZ*S- zRzxj(P-%;q^74d^@j^5Izx1DKIz|El&|F!hzrn2+-B7Rn+O=0@XvD_)bUju#^dN3? z4YIf=$Aur+R)ORl()F&y6<3SeIr5jLv1z za`@n|iQ~1ip?4NK8?vb3A5d6abHU0mi9_7X>_yf1%^1*u0q!F|!KneXCU{#GoA31$-El`vREG)X@3?sCDa%tlfR2{Ev+EpL)= zOq-D#dtC<8-oOdQM(QCXZYP4IYcO_iR?6#e;YoKo7jDL@Ui8ScvOUFC3idKihQzmv zI5B@?yWyHj%|vBi#4(D)WSV;>+Ov0YigY&gX&!e}0AtGU*WJOTfb_0w@*x+KsPXo@ zZNG#UO2Mx&mxuE*mz$RvW{eq<6EElM8C>~pe5N`*Xs0b&`vF{S!clbWf$l0c`e_i1+nWt87gtj_QvauDLL6oUDo@+ zt?aldlZTyJj%+WD()KEFa@y#N1o0!7;l$$+2C9Xj-u*)Dff}Ps*I_l>aX&CPhz1sp zK}n{5Y~=N_t6@!f!yHhxD)?P#?gIeCkd*77S@X=>T9R5=N7#CbNAj=~ZMZ z3$@B7c-JfJczG9}_ORRW_F^D4Q@HZ&S({tr$;wVF{T@KuX~NfgOuqG&KtVG6P*pjo zi*ByLe*`vdIa+jCr|9?;q5uaEWychPUk+U7uIXU?<7PM^FXeU~yAuQ-1V6JtZ`P*p zK+oD6?e*VS^u2^40(t&s`j3Fm7^U_l`?*HIm_ak`ADSG(f2{~(vzti8?l>_y_~Z7j z{F*+#lqwx;OUbGXV=moT2eE-C@dMu-I z57IDiL_zkl)Op5mt)hwL{w1kV5XJ$n2m56^n;_KJSn9uG5%(FPRM}m0E-JsfImg16 zT^WTc#K9t&d(aRd7DHgV$Rzkt{@~wH%L8T}HOMY3h(wRd>`+u19kR(^h2nS0k$2|wyC=M-D4FfrrG+I(*)96l&IE#A1QL)bejz==Kh`Ed%NLb#Qg88&$1Ru8ld;t^<2Ju1 z4GqpG^_qP!EDcsZB<}WObYJj!AM-hdo+u`w#VsqATpF^`@%D%M4soox)SLd*^Gp$} zUz0-Q1;XrP4QCgrTqdl;aYQP8tz`PnVwp( zEe`bcN1aB|c z-Ws8h&X~!av|(x`hG2yuk@HHzzuudB^W+7$D!!WQG=Z4|+BAK0c)$2p=YX zcrWq+9Z87VdO)YI!@mWc`y~+<0ke{*Ix88dN7m1B2X57?0)F{{o7!p8lN-`me`l#J z_~=nY!P$w&Hf-nKmff`)Cmf zjY~;Y1wly-`;rm9tB*f0!Z3tnxwfy0G1Op&DPXDGr%N)dY6w9Yil(ND4)YN^&2J@^t^;i$g! zY5TUgVHzwe~GgGhd<7_<|TXmfSH<@ z6x!qdgw<6R@)_P_ zOSHcb6VV$@HI|-xNSMxkeG8d5f{`aGK_v*wjYaX#U-SczV#{INxgC}x?Ob$L{v{qT=&NbO&B3g=wMy-R){%y*mkJx0{dug}e$bV{-6 zwE7>H9t}4I{?;>p21aD604|a8^|v{5vu+GQz%rC3G)!E7`RNiRg~e21r|l^xX|fqx zJrymEjG{~><)m3FNe3BLi;^D2&+=oC^w`0%M>~bH;l{!}5kYDzzF-)fonf`dkNz=jBU@IX@kyMj3%+nCMf{E=3s0S!5>ES}@V^S@=sY@^>c6 zu!9Y-kWSv>Ft-fjgW+m5RN> zL1+HTAt=6d79x=<)R`sB5zLEoyOU3!23mdeudEL-@+z*}!z1+O9JhVShDeUcJ1iC! zbT=e6u50c+`e70xd_2-u^l<&nMp1|BV_!uVVcCy#Cf?AZV-vO4)#jyaH?zzS(deGKyC96gh{%-)%>t~!yy=AW2&Xw7-_qSP$ z0_!$kh$e?3h8i0@@0?a~28D6--E5CaXJMnME&^TUZtMHy1(P?mpM zXBeFgx|N0V*@cbTcN&Q5j}oU#?^F`gG3l5MuW%+;z+@-}vHklf%~`-4JVz9E5=EXe zdP_P|#q3#h=SPBT{#JY@=6vww7=GBkGd9VZ>RP^<`mQ)Spak?iJb9IqL9WZrzcA3NX4{}&iEXvw&x z49FjH`ueiqvXj>C(rX)x@7a4$_i*g8DP~sp_}A6-^`wHcB@32N-5WyHew24c*5nBm z-m?Ijy7`0aweeKypkp7Q1=taoA#0qI+|N`Auk7%C#vDMML$%^qg11bYXJxsAYPLhv zH4dU0AN1j6G@sy(FmrRkVK`k6smwFlIy&=AN4OD0r+Yb4fVf zq{W+zGB*n;MlcI+igGX~Ss5xTL+Na;{W9GXxhdjLS)U($AO*c1H#>NrE;-X){ zJN#RKYYwF`ctfM8vF|h?fM7L85CK5zMFR8R!GXUsk>@Ep7DN>KVvDys8u5Z7mVT1W z+%IqHq&?=Pj@$DAfyrFv%omTqw?GDuY_j$g%%~@0lG`h%9Osa? z7+TW-y{< zCV~{6WiUvKmmx~g&b=NMYZfxHAM0p=8*An<8ET$Lo#NO}-K%Pg4b)bd#6rVimPxWP zX6=oxzl;0Sddl@6qt2zp9BwNiL{?7uq%55i@=su^z~xhR-RVsj=l0+8Jk*L@S)Yh* zbQK9vZkn$bo3m4!!It>|fU*C}yNBU_8Hf-9KxQ@^T!8Ju;|>&uRxLTuJcpJ+G?B&^f~Z{;WI~B>095LE0|*L3l(7P(_v0LXM5}XpBr73 z)K39_BfOnD+$vyY&kLeCxB<~=P@~lg_JrvT4`cbm^(KTd7%w~NRD%SuRlnQ4^+(^o z%m8eNH9$llcp^d59KYuGeFrLny2M+B6?4_IV@W3?Ugam>WCVcEcL3&p|M8n~6@YIW znlcpt$cZk1$K$`1rZhKFY(Wa^Y)z+357l|I-swafTQwhL3~D1g}GJCo%)T1?o) zBBeW-rkJHrg?%tUyPsDQwyFECdrk~sBYd1<4$13YG5>2__sc$2MWUY?CVZQ+E__9$ zx*x~{l}ooAz03a0dhFVF!i)Q}e`&ss<&;bO%gLWQStQO{-wyC9J>v_Gd|KR~sc8pM z9`ta6)%SO=B9(L!^;irl=gjYjmxI7$Hue196~FuowE2Ij_~LSCm=qbZgsnRTfQ-~{ z_}6|Sr?pe{eC;G+1IrzQF_k;<3yjv{d{X)zeq-o9e7FAICh^!y7Zv4>rA&4n^2fw9 z(c?+R%XyaylDUR*I!@28^>s;3w=P;sr*`^n5u>1TDMdZi>jjIDKxVYCHWpg28Ffx( z6REwFI+|n-37Q3NZi-qs0ioG+(-s?PYHmuTHLO)dWm1WSV8yCrF&;4&uG7LJKSJb3!=hGqGgATISFNax6WANMZ18G5mG{S z5Qyi1g_x7=ZO)PC)8#*lY}W;SvvwJFz8M)k^KhqhV9uKu@o1X<0G-*P6nC4SI%xO# zTfny0?y3E3@UIJ2*?BUw_$u*wl;g+Qe!W-b;S3Hux6L=aj>!OqY82e&JkRB^roSeP z!tZXvU}G?C%Wh5}0KXJBiSYloS^1eE&uI=`DRb-jS6<1h ziclhiB>l~xBxtqX@pGE1Hiy`!br4efsE!5#CRBBRH!cZ*TZxpK zq$S!wCbgA49zx4_bN~aPr7~WKd#fTOg)1{TR?$^PWk{*+J2AlF{Ak+9P+a*7ti!`L z$Y;*h%bjujzu#?g{Qt>BTZ!gLup2u2?j#u7-M$R;*C}_ay$!xd%ismiQWzr)u%$g5 zK&i~y;K|>YUNN4?p6NxtuOaq!sso1eAR`8V99i1#WQJ%A{-Y8P312uYCiDI+mv8Z~ zHVBeWw(<8tX>w=WdmIFz%Rwzc@y@}gYOfd-sXJ)67zp}X;!7e0y#r^A+|lLOYctA^Iq4;b9?IgG==R8G5hnd;^$z``d97)Fnez%^}Z04zM&r>)<$B$f%iq(I%o9AH6-0wx^bdrVIZefA};XcP8o6 zcZUroVu?Y`*C-{S^m~?mxjJ^)y7U%DE+v1WBN~QRIc5u?Sb*FU*zswE4gV*4_A;WD zh3wU)!leP;#aXZh6pwMsVCPGql}5Dv31#EP+9xU{HgUpV5=)V~VkS%Lf8uLgacQbRV`+VIyhbGIu4W_m z!?@FZ02<7m9sgdC-zG^vNg0^FU)+!2WcY8pr>AOk4%-XvxwHe$T(UaxoWtCbzm zpT9Iett#F>H$gOVUF9=tE0RO9;<6(Ks02|XWt!WS!fn!i1giaU3-DVfM$gH0>|Pkt zV?Lu0ti4CmOCk!F1uID&P$nfy^K#IQ3^vB6`=hyr>>{vP%;T(#aQ_6e^mQx#b8c*g&X&;hbA>sSVNqmK2Z#D<0Np{lr zv&Zk7YGq9Jgjl?Yhr0!>-d;@R#q~V1qI9~1DEaKyCc;J3^zzBzH7o9}+~?&fIQaX_ zjQcpnJ(A)?ro8bX@B)v<=DDoTmgyxL-C6qm zZ#$8LR|g_Z3WiY}(j(PV00$r3xR9&RWsM_sQ3ElmcaEi$|E>Xx`;N(Zd zFpL_T5{&frp$Js@gCGyaeTeSriHxrC!upl!b06#UY8?ucP}l8Bu3RE`azp1R;byuE zbiy2>H+hgj-ike%mqMJ<0XGmMz^dHCBL3QCbwuvlsX7r;Zff zd1nq{*7r6zae?GjvyCzO%>;y$GRT6B4SD31-AdPUnbELqkl!uyq$Q@=8IweRHFqa- z<_(TKH8yg;>mH$iEX;RHgiE%7tmUGlvhJJ7qt1=LihMHhQ0}{1;(?^CVvjQesQUu< zc%-yKr~%{kT=NJSo~5v87P!lN=xETT zs5bVh3*(=}jQOs;)KeWun9Vl@;EOV(0cpN38#n{a30X~qJz4;e!XnJCxHn{5>rnLy zwu@0g`VGNQ;0i`cx8?X14_Etp(Mr~61U<4JSb&= zlHTnB?TZXJD%Fzli0sm9|jrPkUDW}Cv&%YDgN+=lVNEV%dd(2; zhD3+sZlJG~e>UKg4JC?xA*Qv;8RkFuk}aJC6Ac#iNrL4r+f}BN{FRbzxp=6WS?WTp ztqDYc*W^k%84KS!n@hXXR&O>}egz`Uxo+iWI7h^Oj@efi$0v|i>lfo(M^TZz7_}5n zFcQBe?x=rqgFnz@Pq@@G15n<-RJ$DmAb9=43dZqsIPE0WV!sa$oqF9Oa^p4FT5w^{ z=Va5wq$iQxrtm4^Ncf8anVn3bi{ra!Z#Ct|fzJTHcImoOdFv=%iY7<0JdwXrYBMM! zD{^+TDKzz!XRoHah*U9V_yRNy2V$Pc7zYitjYAtXxKGj*fB5aq74=d15glP1sCZ}i zvSXj&-Md()61;miE8!2Zh(Ac2ov8UD6Kycn0Xf^{JD+XSbPljU7(eIxK>! z`1h#nO|sy-?k^&1(_H>(AZyDLJ5r3ExxU;U^F=b7maa(ebMif>C7+Xlg7bW> zOW(f!9oF!8oKm6;hP#65$G-#iVJ6D??BTyc15CFdXn-})VNS6`sh~*h-1Y|m@nGjC z%)>?Am!|VI%qGazw(&5(EgtR(a#Jk|!z7CQA0X=|lC^lUo~R5&s%pSn0n80k5#&rB zoUivvwzJ+>L>13QFox-R-rKIPTqy6o1Z>1%K!LlPZ?k_xyudiLa`c+7=br(RA7BME zcu1Qe+W1_jYb>P9q);;u86CYMdSY^+D{coTX5f|1d@QrHS`->p#>LXxZz7S3+Bon3 zu0(&d?-9Ucn!~au(d@Ed+Mb?Gdk@l-)dXS*5ZY5Q6TwfZAya4rWlL|Y>g$}`G##CS zP?*b*v?p8&@jYO|QjQ8V0~?$Lb0YAhW2+FZ$0v>&BwJw4EofL=|Ob(VBg% z!QmSLzpi>)%jI*&_H)!7n{a`_Av2!jrrBJKs0V#FRb)WFs{jUd9y)~Y2*lT#q5~M4 zH(U7tggb{vIv6RbS=pThH>CBFgu0{E)7zG$nV}?Us(K7HB%&;@*%;3^pZC^Gu4ifr zi$A_zvWpUSa(1IQ$+-kl?n*o>K|zVIgr7U$c*eJO$w%MZC(X*?dfLSf9u3U?ne?+v zSx7yOqqRbM9)$vV14+tfn@vHDbqE})zHeq5)SGHY#$kJ8ZxVFrOI^uo*$w3^Dzgv` ze7;GjYxe7Td>LpxD4hEnp0>IXu7&^aSa0)TxqRnGzeL=QZC+3*yh0UDiSN-KKMPxU zuM9;i5IgcE|1z!g_2#sD^Y+UWoPE36{_Ou8Y`Pt6Sv&Nq5}3y|w5H?}xC{QiUvY1H zZLZ{R|BL{NU60!?o98$NOfQp#vlGf^_&pWmnH7>X?AWVTy~U||V&c=^p}~nI%7!tT zB@W1L05+c9yl=z!SI=1@t)hTyE+R-DWb<~r(55HPa=Nf*S{4+WEf7h92w7SwtLFD3 zjD(Lor(IqY;)x-2(KgViZw{}G)xh3JgZ~XZNhcUW9Bu5(N$RkMN_!hTTU)Dz2@mL6 zjZ{*Sw8Cd8LzHaX)qrT)r%O2&OUxgR|54nuF>0bz&q<6cbKfA1YwrJ(@;irQD9L>w ze*cPy41$k>{u7~Vo?q7={&Jcm3~#jJO21F}{yUDByP}K|o_>#Kz2=+M$AlJKHBxBp z&=ToF=#+}G7{%;WGhP#h`{rgkEge;cH_GZUjQ5RE2MO91|J? zZtZg?F;DbcNGR%pzCMC+k66Q7*QU{yVRWtF_tz5Lg1f^?C0iE{GV+c z%;fjN@3fJnPHj{dc$aQ-f8=p^+u0^9e+0WOJBWyLACPqdG!?JAr@<{RR7*HONI)lM z56)pzoLPHw5EVCNjJsIZcg)D;^sr}0TUO5)anSB(aqHrstG9(V?#F0TefhjuW-!S}| zm>g%AD+pYR^$oQ2;vOq*LmOYiKJewc!nJWR6k+DZo~JNFW%1zb98#&fNI4hIs4eC%T&nWQW& z?3J9wf?qqiJ;@gy=PNPSYIG@%K(*dzkGC?EA)$G&M@JpS)t-hf{a=SI(b3l?x5X@v(sH@o_ zj%q8h6#&&zTyry3W_e>487}Q)I(2DgR~ae0kX1t#jx0i1x?M7=>a7emax7wvmd=TP zLEe*WNP0D+93qAgOs|io@^I~1_+Hy?7*=$DkkLE&TID}50xrA%uDJ`7%Ltq0RmBU=0fOyWDR(c&vs?lJzn za=9=>?0Woyfj^X~w`mpWKzU5QjI8cXqMn`SWslRBPL_W+V~=x-%C6rukf}_C+5gD= z2fh;8i8ud~Y)(Nfy!(WSFUs&x+J6HoW1cLV_mgbnZ12!+eGjP;JyKKlTPZ6bOGQiu z013}rK+wf!IsAGh)nb7F2i|p5SMhtx7gTT)c%j9CI}!*bCP_({9t4BwRTG6`0rPz-=lU% zm4hpJ*REqPdY9W{b3h?+0M%(${C}c+xXG_@OrZhXBl}cpkmRzehY?v~Yt3r{O{?mC zNft;wC*=8^l<32JL0wA#PR()$X03}+{2vaS4Lv{tlB>NOQDClpu5cPug$9;T6e?Kp zPX6_HH;uydF-`MqXM7FoZ|mhW^OWfP#q*en*svO!d?n-Ril9NC*z(6gTlrvXZC`F1 z9gitvHm8oR%U{FBUk(Y+UztyPdU{Kk^OmV`Ig z%~Jqz4M~{=mEd;F&=xG`bZp5w3{X?Lvt<_v+Av2dF8@u!$jd5eXk}Va(Tf769Ewh7JovAD5bp2=b;W*qo<_ z8Epg*jK$^AQ{0n`;$kA~<@WuLcNC$c0DOaw(mU!_buYGtk!8q$0wVK(oa;h^7*A8E znT-i3W<>S&I=Sg0LCZX7aJu|WCfMv^ePYfaXDF@RfldvV@+$yzs4ZC46Ne9_06Xd~ z)$E4fe5!Krmm3h0&`uGU$CEM5c7uy(4RPJ<&S;q%7*LYKX>C}OW0@;R(S`_Z!<*7* zC;3{i6`tm^P5v$8rJ%Aaduik&{q(~*S-{-dfNMZP2+8jZCjY0plfT7@8L%nE7%3`P ztMxI3D??tpi#L|$PY0W+GE)lHO8jTOHj)~|Kl>m4#WZh+?ZF0Gj+N}r*JJYh1Q~JP zA#k;NF+`GxuRTHw9k7k0L>o`U{|nyv)C8F&>>yC4u?Oy?@RfVVPiQOB6_toR^-08{ zE|R>cE_dP&M5D*VtK3nrz$}dB2~D>-c$uTccWkaHZVA7AMtt&VZqDR&uC zsS=;jxYKhog1sj@b*b(!iefSOnJnyufUrC3_$EW4@B2bYS`EH!FAYH z0RWDWxk^C<5H(`=76c%ewdFN&;{u8Jd)i8bXIww*BIoFbWQ&=62O(>cWB1lMB@#(> zkFIvXGh(orG-Sw6(|=Uj-`AMAMnG7e=+NEX6S=IwFz6`eV7u~G>pNy350{EZlLC@!Rnl$0*Bicj@jrx?=7dX zHm){{3HHBq?XooWn*;YpuCch}KgdWH;pqYahk9=^=|8K`K|G`b#fjVk8PxCc2@4HW zk+}|Sc-#pC5H#gK69MdJ5wi7@(IxvH2Y)rrmi6{HGC4sq83r>yGPKMZE2gAStEqnG zDpSPWS=$_2K+nZ={pow}CHB)-^iL{X*%;`8LzHlPkA7MjeqQ1^G709$MOy|AgIC2< ziTiS%=Vs^UZ(C`0%ncHGQh4x(Wqh~*jC|ZGodYcAos@d1A6xRwC)F2! zk|s^o_WF(H_(yUberz3nVl`jdwlL0^n1`v*1UasJuf9XWxXJkaVA~hqf!OLQg*5fz zE%d{PTOO`u8-{4*3+@kfgKY{6y^Q#dRvA2Qg(nTo_ckvIi63?((1yF!xlp!9U~V~X z^&}B$s_;Ae4JTB~xebFP9%Im~3Fc?pM96qztbJ*#7K&|jJJw)igM~5~LyxFxT~GdR zo)|#S+<8IFU+9$HPpeag}Qk!{D4_#L5+oBG<8{4M@S2?EJye>4^VJ)b2Ce+U0-y=%e&#`G>Cz-DZ3u(1~$ zC*1HD5UCGCgfHFW*mR)xa4Dh{WdS8`E{_0`vgV3ty*_YnhUJN+unC*>tRjg)%D#ky}|q zB6Tk&{jNif-mDykdeA6=xbwt8i1!^E(xQLn6NBxxmk;ii>hE7-R@2PxXSNa|P}@UM zs;h!lHSu|lFCp+O^zoH2508D}Gc zdf??}C>-$kR_x8`+;YRw(X_AB(QwQyd!h+bD*r2i~o{f z3I5WbCibKbYxvxy)jKPZ@lgXSZnH%`F&D(EDQY#Y4n_)!lynNiDND*cS~M*F6(IQC z5@#q?&*J!d$h5txjAaS_%Bmk9i5u#?IV$1FuQo1xFO25;oM;qLg&JPSJp5mIe^~Lk@q0R*U z#yWg3WQOO!PLoU{o$zkcOPQB9fTrqxjdZcN@t3@ZzU%wVsttTm*CpCDkps_$%a*<2 z%Uy|_6Ify?jK>PLbNe(}3hUxI*f#kcbaj2E-+DV%v-!{sy=c4`SD0VFZB!xlud2e` z2lpqz&K<71Uuj^d*j&hxH6tI9aj_w>=vJ|mHX-p0X0s;)PVj=Xl05it=OP;J04ktz z2tlkmeynYpL^}$LknI0DB7Lb&)>zdbuTaYV4ssOv8c`;vp^W%&xq~_QVNm)Tkwrba&+K)(*V?^_f=5PkGl`&GG zdG@F0<=M6xurB4=&p1}K2|gt^HChB7z*kHr1!QV`9YAFIWsF!|dwND5E*gn#5H%|! z(%+a{0t`wnlxjlYG+`|Qm*qi7F+$?>E*mm6ogNYZZm4PTHZgfy1$)RWWj?%@Z+Y5E zGABEAKT(>@iiJiASDPU;csqR7nAg?DZhU%EU?&&ByxZ`XAAyMf_S&vTdzpIppAKRR z7p+~k^B)1mXN~aI&(iTJLqo!V#uh&(d}U89-GdJ1V|;xv3eFdNk8$Nf!T=Xw5#TZ{ zZIP8}+4X=+rOP@BZMXpejz>DML>RR<3Nyd!0-vuTFm#pbnIT?mmq6%XWZZ4-$K2(_ zGtPFN8mHxPW(aqeFZw6LSAA)Th$;P0H{Fzrp{E1a>vCA^v6d~?dbkPe#bSnw+yFLl z{EO|2=pGfb^8LbRKv0`J;dwUbosj3gxP=m5)8hw|eYpyki-e?ww|OQMhbO+o9E-{m zHI#@3;;7Y?C{7=lb)+aa5^zMV%wuPeYQYq~tH(2zMp-yx1cnZtPwx(|%8i3_iFOY^ zMJgeCa+9Hyw1c*;q$oQ8kP(N~QadyjT$)c$5@s*MvO4KZBuSB^un+T>1)#pol`^|! z2^+hd>v?OKncb*xN;K;!e+%8*^hCNLH}V`^HA%y`Q#8+W+O5>%sJQF-bP^u`tD0bD z`aSnv*HF{Ver^-jvl>Mlv{Hh5SY>C!{;{>7uzD8hYKfdNJ6XKS-R>9X-r2HB_L{iYo%x z+yk3m*=JA}|M@Ca50m+d>Iu9c{PK?~kLzheg5A%=Cc zK_7~QXzqA-GdfLUBtbs^zVNB0P4uQ9%Z?qy#6pC~Z;31b^N=67OBn}SC8UiH^tOuK zn{G%SjKWq#V5kxuFe1^%D#lBlfrO8&v7b!Ye^}sHy$|V0(g7-3I}EDwY^5Uo$Xk4o zZdrZx8g0o}Ct@eEL%d*NMC1gJaAyR<8L3Q}`Cec&5~jv$bo98i*uJeKoWo0!(3=l4 zECKAeX}tmyrIYWarR4x-g)9IWWg^II328)dN}Wn6!ZgR6W;#2y8ibpcLT3!_1x05s z>0zB>g+d&@ph}SWam+^gZT84Qm3Kf1qfTsT_UwRdD&$+(_4Ms7~_mC1^x9|JJN%C`~+M!_XbX0o!TOefGKsc!<|#GVkV&Tql;{%aXC~SZ{Dx3 zvBm^?HJ|r{hZD8bSATG%jPM3z5{YLu}}5MdID zk?@S5p6kca=LMpGe*Ccvb%rsk_J?`IcOWP;vta5o*cF$Ncc`t!8~Ywmb?wL`%{^57Y@HD`pjSC9U9nNhgx> z&=&jN3M8`L%QO~#lkUP|D9e9mXbrPv1#vOy{8UesYXX?$Y@YvW_iZ9|G%0LZ)@nEw7MUUk zrxv-#xnJi5NRSTdT4R_9U_=-W|U1t1#RD* z2ZZ(8vJHX-q>esUO)3Z;{X!QTWmc|z17^DMx*1e88+rA zqTUgkzJL0EOnqfklmXZ6Gjw-%NC`-nbV!%9)X*UyAzedI)j9N77) z{_2||a?*CUPhYV5jfDY7A$JcCXMDf0nCb&~A=P zJ%;;j&-b5@x(tt8{yGU#%1s~Mo{e8|<49Hf!VfI>cG?&>iK0t`aDctUc7!{;3=PHj zK-RtCeS?#?=t@_#fD?sup@7p5@>UJyTkjDwVL@e6EZW30_S-(n-qEPUm^euYU;z9}q|(uU0a8qgspu)2k27ldtq>%5q9Rj^|pjW6!i$ zC89-AB)Y8ezZv4UB6T+FZtx*j6LE@pWr>WpEuFhX;vDi<{L)A<%6pdID;WbvvFRUQ zFvW&?K~s~d?xBCAC(h|s2-x>~NK}uI$4?YR6(*z_N>&ME)N?fto~^$wFX)%ox-mC9 z|1RDAL2uhWVtq0CT1bb%dn&?t^fSkDyy4o$!6pSUv(ytDwf($=&t`vvH%C11rKQO| z-&nW}o4E5yKqU`DG;h%2&P+v5f>u(sbv%~QsXrzn@GwQOX45y2kGpEw;u15QM85OIWAp7_H%%xFR9jEbm z)Ko*~_>)0JFwp5hb@QwcO>^lDGm0UXtlP|dH&kUPsCXgw01nvJh zAp!gSQ>wLA0AKm=e7`Yn_x{H$P8+tcmc)on`vd+&IYs+6Q34s4%p~)O$X~eL-|SL& z0iL_NpU!`B{N~?%F!E{Bgx&bb$$2Z=?}gb?9Tk!~>Jz zjPa;IUZkAWzL}`wcS8%2ZPM5IN~rys9{F2j@bEaZW?bYjkc|o|H zV&5}zIZ>;LMPCD?O;Ms`LKW&(0m&CqPE}nHKL#%uXZ@N`$5ZJ9?m)5j{CouSW{ANWwG8b?;;Zt9a~zc4%OV7Y10zXXM&xo{MA;}?$^&{pyptUBJ1#&- zm3D#)w^G>I!6}tjL?}06+KOKUf0cj4WRTg(&ru>G-(3uc633R|q=e~azlfeW~Y+PL>4^TnAa57zAD;qN@qEh0>#;7_DfmA$QaIvVAr2vDVvHr2I|q7>wKwX}xF5@*?ZMd*WwiMQX3EFNI@f z!TBuB9?48QFcybD-c5L{M&LG7yV1fQF1~5E$_{VMTadEGaBIUbTH9QeY#(p-24lMZ z^grQ2&t(s_bCoOKi8=!lT9OFBCg1P&61*fApY{H4v#QkxG@&&q}Wm5nwhzr7lIb2v?j=@qfSG z;3M`j$5gV&vlo8^wN~JzHU1o~AJAx3YgjwAd)lsf)X9V^k~qsV$qO9FBF`AL3XlqW zmRh$+q3X@M6qo$>?CoFC#qjz8WXx#aFq=?`uxc*5-PE0qLd2L_48PJoz0#`LUSsvt zZL25-bW@>64fA+1C<`0${tu&o%MM1@cQ{(JcR3d-MQnF9W2@?$?wEMdHp=7S^1s*Q zgEq=GKIh&mh$Y6sD_)l~R>_FcEzQd)Yn#Y6D!yq+j1)TGJjGl$)I1Gce(!>L&HA@sDB1K#iGy)IDYx_R(LXd?A2-FLx$l`;QFut5et)Rhpud{ zZXJ<|Zt0xUo-MM5^>TZfRh3Qa))&NPg0@yM^hwA7-P|fq8lgUeI9^o#g4nMRW!p6- z=g1yEG8ss58iI;qdbnm2A#47458j66g?lC?({l*vyy>*vd}Hj zwcLaJ6ce6SA0dG7;V(QRGp)Jt|uF6Ljw>2>1H4O zC+8L~H;Qd{=YFlE@@ENAT4H2$p0ydjgT}*BUeLy_et7xQP-pn6q3P_0O09+r&vb$? zXVfl4H0X1_h%m~o-{6`auAk!s_&~niHU3L7@Ii{bYEqg%z+wB#B27rR%oX}W*cS_{ z#FF-Qw3c#vCgfsfZaWvNceQMJSMJyQfa$@RsVgRB#62~}plc;oV};qgNaeaD+K6RF zax85f^=Q3yw_<$_oq~sxaST%R$yT{?27(`4Y+Z99ciSDWD{m27R~1}}+v~0O?y|9U zb%CU}^nNn%+v35rt(cWF;-0-11By!<5k)m`K7d2dUe^BVVIZZTi@cUE({cTOuQHNvlt@;sO(oQddu+7(k)|a=)oK09}#Am2CBCsw>oRYnsIvmf3^QZrpN| zdW%^H@6LL8@Dt*wJD|YaK36n&{r3IL*KfBXpQ55_qU5mDu!tzo?Z}CUhtVlT+j5CF z?|;6b^BIBK(^&?q(1X$a(8$SOi^{K%thC9IH1gRUpImJ$v=mhR^gE#NeO1SU`EAJhQa6h6bnPHzMeD`EFnYyKRGnplOV61QjKvnC(kw!i z?63(ZvlxX6lavZYVb6Z6I||b-P}Y%EUm={J>*eK?zs}$F3Gxa6XkfrHn3SCne|P3* z=r+z!)NIyc8a94+9*y^Pi9at~0eM>1OC~3u*i&fE7lxOKhK5rOL@~3rM2wx&jAfyz z%CAOPUu0VM=dq==Cfx|egiWw+)1oL~*-Np;y`gnL6;&D_iZbnVleTF2C*`H=ht4#r z?7!eOR2cg1$k>|=OE28>xyD2SzLeUJUiCDDIt)E;NJQst4)VJiTEG`=I7dJ!H~Dg& z(_fNEspw>{ZZd^8V&^DJ1-)Ne-cih$1`05Q-it-A;ZaP(NZ$@zw|h-rJAM5WFa61E zj`DCu`kR!&#Ch+~*5sHq#yB55HH1tZs zFR`p-fxcGyDXdrlK689Dv(#3aR0^NCe3~*%K+SD%;bV|evl>gWt%o;RD-GKG)0P1x z=Nv&fOmpOFtgK z`Bz!5|5m#z%=;E|sqBDx9uX7zcR9bU29v=3vVUAR+*kZX8HT6ZAmp-YBWG}xlcA4% zFl@wq33O{I3`|fD^M)B0)6^dK*GLeCxXcVfC{1nYK90i?zEJ6e#O*f~&7p|w?`usG zP<0U=-Vk(S@(donE z*MnNZ&@@faQ#Hft@*;Or-1?TzM=nY@`u{Sn^O^= zFB99WKWB_Uak7I<;UdPOkru&;Hv31e5PS}(S>$6OB0yWT7ddxseX0P*ns^bVylbyW z41j&>d?{*cJnB-3y;M^Ej-uyk<8=4LF*GhIsEE(|PJBtqP9wGiXu0TaqVV}P@1TPGM5dAvEl4HV;0UB(|Md_a>esC(`ZpGJ zJ5P_j2=2Ony%ZT(M*q^_aZDR6hJNnf{rXyG?Ip#@uuDsOh$F8TJj&5Yc}i|%KlXjs z67qOoa^5DD#10)k(9r3($Go+gwnA=#vEY&TB?tq!(KV;3HjL42I>D1%5HV>Z_y;nE zMrdQH&noX{DTqiIbe_SWeMt-aO_}cA__Jr>*t|g}3+bQEFOv4Smkhm}aCcvq^dI>| z|4`6GX?=XAIoybF&%ECRN5UAzaZmsyeg_%@;CsC*)za{WYCY_lT!96rT}>8Ccj@KJ zN5Z?heFszY#WoboRwIWEg};9zFl8mU-^iKfzPzOhdv36ZYgH?Emnm`At64ewslbvb zyeF9TMPMNA%Z{~e4ElC$qQ)NVcMWoCp=N!01_0?t6#l`xf%~~#yrY^=b5DW03kUvN z^eYdc#JYS2BEzB5j;~G=rub_y)Q;P*rUsVFk_10P+^-9iQo4t+$BRT}7F(fa zmoyA&duJQxIOgW&XV|RGbpSt+(lfN?)U~x+TgzQdnO18D_+39~w!+Pg{IxwiQ8SN+ zQr2mHuXjk(>Snl1=)!(l-%g)x48o;v`~jwO#bAj1WLMyKNPN9r@p&|}-Wf*9tpsYJcGxwqkvIwd^*8`Mzgmp--2PDgn!JYVV=N_g%hf0Q3&i-*HcRDtYdA( znN*@~2NRlI;POv+3GDwBv^4M~ivJUUemhRTJ`(b-2m{$Qik==2QU|^NdBIudAtWQV z5x5T7R189$C`WHl3hTF5vd(y{pXHFd>M6*@hrMoPcB3neEKNj^U6dmLqUI1G8wbH~ zrh^evZeo1;m$RW~g^!=UGy31Ab;RmN-=zCLLBa6?2Mm+_;Z|sm)wFZ#vx!Re6zU1_ zO$fkB_-($Ut=Wkvx9!x^zaMv%q?hh zYA5rV#FKb9@P{VmrH z20)9JEh-Q~FIPr^6&0pxVU60SzOBnQ516x*MTgb+7GJt}j}&W?hwVn#pa=Y7*roX?;RcruBP1C740Bii}5lkN{0i+_pCZ^ws zJdD_GjL8;@lg9`cY>ZE`nOAt85I=77RX8WfI)NFF7Ai=@fXf`^a6goc59=|+$66_k z)SAMovy3hoEd&f2RHh4#Y;)}b1owLH;_Vrv*htKjZyNOWdU^CLB`&}N$>a2<*awjE zF$kNC7u&R=IAV|6^WJ&MYP3H|T*{;JD4^r>@mTA2+u!C#Nb1BOW8ve$nFKRO#BIT~ z0PN;~k?A0rwO2;(3#1&)38<8#X}GUr4fbF^Dv6&4y)O~^5Z2$GpgOA%VhDg7yGE=b zYpNY2sERLkzD^KB0A1cU6^IW6lJ-cv_S7vj>JtB!wk(Bektg|cjBkr2tNMO9fBQ;j;S zZT0NEbm1jrjSi;2>zc?#w{eH}FGC>MYQw8bEC|lVIFPj&!dUcgIrj8bkY|t<>xj~q z=bxUS3*BAr<1NP~UdKKwOW#)zys>o;sZ8!q9NH2gF6}t%v~Q*CPjvKeUE%$Q&g2Zf zRl%iZh)?=o?!hmT{~XDlVYGsHD8Yqysh>R}_%Si-zuF{(>-;-3h53fvgTlNA#83-b zmJzZNS~o4ugyQ~GY8ZNU%;b&RF)X@P_NkZkB_4Ai!KQ@8h4oZIn zd0*E`U&UxODm5l$;fIy%f`}infdZX%^w*IB;`7|F6}~oJtDDsLRg^!2jlY>$gs7_2 z;2ty1$Hr5gR<{r%=xHcDa0GDmA!>aDudk2IXtLcAmq+g2@2YyGMVz|9E^qB8k8q6w zdaK`RZ|aE&-T(gQaJuH2dpy7U`_Zx%5tA)kD)=--?PuZVZ6-HuSED)Ef5d2k-p4$z zp5(f(IVAXqnI~=U#nsM;#w1e3%aq~Z#Ota@Cp#uNK&O}CX_&hzy7>x-(M-}%jt4#`FuJzw#e3`Gcs>$v<;^`4Kvut`EAjD zA)T|kk*Ew)!&!Da$_9AkMi2X6jq%#PQ|?p%JF6E01Ey7{zr@ zJhm>+RZh5@{99So#?vz*0-sTC4R~~n`A=*K#9vl~T_0U^ic)(D(@E#mn<^Uj6&>t3FA`j7g{-s?XN)@_!fOK4yg7%eI%HDcy~Dq`EJSoE5**7)t>1c7{WU?j ztTbJRTWS=qV_W%^VFcyV%o%RR_#<1?-U2)&mRmMjCF@&%eYwBrBVs_YebMV|ewZ=Z zU8~R&+VwBPf1b*qyMsUoDE^Fe0orSY(-NX?&}moax$tVsLYM-oJ|3pPWnI8hmeei* z8Ql;v$0GH^UOip4%U-?qe{&axo(7!2mukE%y1pZTlPKc*zO$=|2%`YA?%i6w=9LdH zT9k$jklo?@J4JI~6cZKKRXbWHJP1%-Ca|GkwN}|eS7ggtAb$;7CK+i`KB@MWKS#UE zq=1pW9;ZJ80B9{{G8nC9#+&ZxtTW^@*y1;bJEJKs?8Hd+5HXw|)&|D?)mef_zv1GT}5%F+$BD_$M+p?jtZz$r8< zCSwAl&$fPkk_QM^wI`a~Xr1j|q5!$BQi+-A4>!Vme>e1>un$ZtP=Wq-UsV|+Y3}pK z)>o*KDyFzJjezQbRJ)JcWp`w5B4Flwqik|^8w zpZDR4nc*<;7s!s~p&k=w0QqGt;WtYgVm1XV!Va#UNzYH(Zd~_b|>k8{D3ZcYI z3P*Ji4{IW`LoAy4^o5*GMZh;(G2VO$WuKj?T-22XRCh#p!8iNV0hCeAWS(qEDDBam zZ2w*cGlG;+h`5D2q_A-uqIPKz2h)kj)QN%V+#Fb6neFs;9Q|~WQ}RC>29ryb6x^!P zMkBYL(J#LOVN;&OIKP?#J1`$ z0DN`4eS2?O!A>#)U}S!MyhUDe3f3Y*TZ`D1{fG7*<{|Bx?A%Y;J(s<|P4S?u+i$W` zv-s0d29Tj8xSYgMcI@AxMVU43Mj)ot==l9Tm~ypOo5ZC}2nyv0P=D%Kp6QW^l&JUL zzAQdCr~eM*=@WVGYqfCq;n~jJ*FI-o-EVQiwI};ebjf`e#I~&_1*mG=qbg8mNhJ`D z%xsBcr{nlmOYBM{itVi(44bcTN*{a?a7+`esJ+G}kL4RHucECA?nlV!Nzv36aNx(+ z@h*q@w*!K4<-r|a)62}%@M-Y2F!aRK;gp(vy|mv@eT8z(=-`BOAvs-k>cK)_#=N+e{2t{VjAU5WsO+D&u>M=-A`79M*~^Bpw?p)BYT*I@e5kf z2~1$>Eow*5Bq1{68~gIL&kD84^}g|}$ZP^UFYsCQArme-@MV&S=&b3CK@P;hfxjJq z73G#;#H15g&r9n}T~8pre&Z?jwwF=~Pc*W`^t5)dJd#j}CgU~0&y;#D(d{6pN81=- zI%Bzb`)LX6D$YvWGGkME@x_PkN5d zFN#-AMnsm`DUB<*%GuA}M%EWIS6H1(oA1dKj!3`= zRVx{;4wk$!?$g!Dx1UBoRJ9CkH?C*LIpnWz6$yuRjeNzB404!(`#8;$4?%_ClEMg9Q(s)f$oNs z?Z&6q;53OJgiW;j+h(^AhSfy3p!fIx2>VGyXI{c>q?(SQ z?TBc}SyM6GeZF2C_3C*Utnz1<8o@;zNcrFf;-p$H&{`0uNUn{If_Xa&Yu=XtAT~H zmx1TH+OscPb(iDZ4Oj4r`i5RgixzyUIAJD>4>(L3XBBU;a$bXoT&O;sqX5Co z;m3aH!fN;*PQDecd~djhxV*ZQ8^K-t0+9)Nb86vh@w}fV^U*~^nMM&V-lM7gxfQ>A zV1(h@*Fq6Ix(FkOyPVojX}dwU(K1`*cLso!sPvP?P0gb1@58Lj)WzjG^p9CY;fbqE z#^?YNFJBv=B>Ka&NtBu^OzKR|Z%3;)&(6*=KJOui1;rY)>l<;h7NEk*qTyj&eQ3Pi zAa`dQrCFz$Z6uO-5*{iv!ORFSxpP6**g=kZVmL_?f)w8j`vUA;=*)!3`0K?F7bveE zn~$v(zlZjB&UAt1{AC$}t_f|mE3xjOD_eoiQVj>8bpJxSqXLw{O}6MB$ZE3ru|Zki z6ynOZ`77&{xc#=70MY5N8{~oJ<-?O~hec#;z4In+F4ED(W9uu+yVH*>2-5XV>@mm< z6)RbK)61=eA)=Q*F|zc73^LSh`Ljl>c<{~m2bgiwilb9)jfZY8k|O3Y;+vIN4w%!j zbbly6gyeY8cv(_<`+UX7atGpwTqFog6Q8E2bePW*uGKZD_!B{R_HnYo2fgeuEP^CV z2a`|Zk$g{nYV{f@47gsoEB1>FLIDan)(5@y%+dVmbgIle!^t}EmhvP;*TxaZn*+$Z z8(HuJA#jwOiD5U1roe1eC6ei6^aXm^(aK?TB9yt7 z?H&-M_XRo?tT#-5RQk0|DLIDF?rbZoI`_vRA9c(J(qH;76qdLsxAkd@6t5pfJ)FIW z9LLfA2(qp&$3TPsHu+a(9zl%YvPdgkWDyN4oi0BNfgkkV%X)GK{wqb?P`WEFA9P-` zR+xw03Y1XBsC2j<^x_qQula6)c8<*4&MJ&Aoe|xLFY^y|WL>OpUmwy$?0hoOgVnDC3koyXBNV;tY3*ps8-RQnPr z$zNOp=0!ciC4xRQMgG*Vgt_No0y%Q%y1RYC-?5g^&u_+SJg?RIDBqpCz;eSKEiq<*@R6FPbqn>j=KP`2KtI#A67B>oI- zrc=IWLqoPPDh#_g>PV8X-|D5&#kIT(99MK$!Ma}p$bnRT3z6x6OHEnB3@vU4&atLjcOiF^gL{yxRGID`I1Dn9{)T&Y zqn8ru4#9)EBAQOwJj%u(#CsVC^Ra)-LlmRLQom3-+j>l>8hHHG3As_@uu8(@X3sx@ ztMe*Dyt&{jkHT&s;I=hgRqzBXbOq=_556##??0_ezNIh^MERT4Ag2Eg z<&mLRVxe<)+j6`3ho`@BC61ZP;q^`Hiug}K(uNph9=MQLw#e%nSw^Emn!YA0ZS%-} zQk@Y#5KIt)P-;Qk=eQ!>+4HJa7i4Q?-qDBo$gZ93qX)&#bTMbWgP)#CU;cuiDIGa- zw88FL{a!qc!p$#b`#2C|%m{by!`}B_tl+l}{rN0_t~RwCbMthpa}KD*ofd=Oc029O zw7=um{g~?T$RBn)V&qciB^`E^>+Z49#Gs$DJ zQxfkH5L^v4F8ux016$stnF7o{_uXt~GER^ZA%^KkjmrU_3tvFIx%{TA@MbI4Fi+=Z z$@XP+{(9#hz62Q-7M>PdJ?dx`qgP>4n4XtrtxFW8?39Vf%Q(mt~LlByCOWH$m9H_|>BE&ZGH+^+L%@bN>rN|G>i{5C5&L zoPexpY4U{CtZieRP)f}A3+RKRiMoG+iV)O`hSFiL+&Fg9Kb{Wej)D^r_q&ut8c83| zwU9Z9ha1U#^~#OkNG*?Ma4t(5CZFtSR%@M4b9-ORCVqVL4d@2u6%`apJ5DGzC zqba;n`8cI0S2z4oleb#4Rqt=xPGx>I-Fxgd(n9N5v{afce6F?vyAkK^c;y&3w=1G8 zlJcwciB>8hq{nXylWtnyP`SPhcfl;?{`kb_9V+uh=uwtf#uFCZIZq6mbQjz3o&2*= zU8hyON?Rm(b)eJz>%IXzimU<4hArLTD1#~6CAj-TOq90ps2vLkJPzr)Z;*e&Fd9-0CgZfgq`+uT&@~xr?DRa@s^Cwugy2G=tOH%bo5w zW`1yYNvlVC^!c*wM=R=YAsKzY_8ZK}!_c?3{^aGW>Pi{xyRBWQ9!}5y{s_n^v>CUJ zfv2Uo9&$)$=bebkP$UQX*uGiih!D#Jr7!&yWmf(ivtiduSpd~ykl{-eoB{?t_+3-wBYyb+%a z=KDO#t^E`T?&-_Rz~-MbN=sIfi|+z~?zsyK7j6~!Xb&{|TMq^X24T-twZJ7mcGqR| zVg3G@(SH^l^cdQw&Ls&XbB~Hyf4s%*@32;MzQX;kzr4D(zpe;wd49-c4YurJ2e zMy%lR%oLFn`~J%~?9?g!zl9>Dxqw&ii7}P=W?5M7kC*-@bc}y+0Df$Z$(@K3s&#v0-}dSh(Hr`BKgJK5vin;p>m34UfrStghxcyK%77IL|A zJWy;mKsAz~x0W>=-{aAeO_ZHF`{`0!_Dt(|sh>F2^K@xGuAl}YPacMI*4iulRH_*- z!jy5cP6@{VY^(_ug)1PQQy=bjSt@-N3FS)8DCLaMt==qFw#Q8K7aF1IP|cu$ybJ-m zX6xx$3g`3~6?IVGK;jE@A_i_+rflBENIks*)ioY+4Vza}NGH}X{O}bbQs;itreOcc zz(Z+nC<_OaFdJQ=qEBohw3A{&v_;!kuV(9V^J~iyG4_iUOa3;r8Pc z@NjEnT^2ty$FE{%ueYZP+mYuxK-dj)8A`WJ^8AnR2MJOs9{WSGcpQeyT zmiV9=4U6UdY5WuS&mL$O*tIqZ>>o+cyGP31|qz7;|MYveEPZ!y*PEM-_h1SY3uNCg0FX%z$$E>N*>D-x>N2D6kT%R4 zMOUByQ$9i02Eo%^!e6!#>&byo$;6peBRrAmNJ_kvYfT_8*D2K zZ7_E5&Sj`XUyae$eB1pB;@|VFh&EueoBr=YEUl3zq`uES#Q^DrDy{aB zsQfRrh)hY$7VB~PCOA=$*Gk;8v-fW&_ocI+Sa20Vty4XD?6;JowaGFiEy5Il6Yk5) z0Hzo<7v17G8~|`--#thR0|9beoMy!)T!3PZxont1IZ!Wx*3g*5E*PQggI=$?s^m(x z>@*$0oXD*6#!4b5?q7?f*azGcvs^?bG>u=OT1S2-cOOQkPr;V<`@Gjn{XwA$?H-Ao zu?b%MN7BP}AsZjN@63#NwNLFnsKoKHko-jwPfE|9aZGKTUAM_PIYl3#R(gN(Ht8#$ zXY1l}eS>@m3^B_qXgfRty1f}1$}9DeQYk+UNiPYGAMyT-ToU-8Zo&xCT5$WD;Ir@k;`cB=O|_Zl^op4E@t;QzgoZ4ixX$*$BqD_2 z$-W{j&y(uli>0_UKGv1+1KuNk)FSc$HbInAbOS=mt)gPy(uWnS5XKc~ld4GEV}jzp zpzCV4Z=KvRigK?|FENQyS=@pve;29nGvu%deAo1dKAT1?XTyVB(B-dKH{q+bC zZjAMpDwNb0PW^N|xf6k%fniD{{%g5?i4<0&3|pv0C?_z{*;TaQlij}QHk9n(A&w_* z9V%y#i9UYw@B8mFg`lYCx(h9K1aBDwh+E##7Z$4RY5nbmvC z931p^XUgvjW|Zr^;Ez8ksQi|B&7bsf0519GeL-N?E}lhNn0O-NCh%8b}au>e{U*F*>Fz7dorc57eXmdV_f>&1At%gfWIh55v-`Q5bD zuHj8xt_!dNJOAyl9THO>&D5Gmz2c$FNb<4rpYIy9;$7w?kKf?3nd8r z{7LnTt!?u6t-Wd@FP8Sx=rsm%_($~4aF0Rlmn1;bCGg%KMwmA?TMVofLX9zQ0v?h zKKDk*-%UalNZaYzKWOOTuUW0{CChq^i1(D*g}TP`u+vEi+1}hnL|;A+z|Wv=2%36> zQnyd^xothAXy)xeUapq-f$BHUs&+@-U!O2%S*c>9BBjHz2!4uK7l*#+%6r(+D?!dN z?`ZY{it~tYC^J9CLAt5$cC`8$nx2*%>oCkI?{;_le2h^+qnltX7o$6b*ZE3{mc0n8 zi9gb19 zsOg(&VLZT5pVJb@>GSG7Ze3(|!ND0IRsK-(#AJmPgBO=58j~X~lsv|TUN2{A7SmJ? zB#%z;kG1f)VU}llvNZPbn>I4FCOOy&(3Yap+EBzKF=x5>x#=fuznn8#ONGdO8pbWL zQ9Qe0q-qKI{{%a*J!e)#Ihr>6vYEh-UbPefxXnb5A99QTcsKS@4G!9xUtpA*CD`6i z2|>Pg0dWp?H)(P+;5d@_v#1=-;@4LD@DmFY8F%~{3t#lYl^c$-@>6OHM(2S5j&9OJ zQCWT?-=eRN94tHqo+uR4<`@ZX-UM`gE{|X(7E(?BwMK4Y4Fa2|LXJ^Q$giV}^TqP) z(sEx4j2&tJcl)LO0k>e~$wh4O)&OFoDM{MiAb6~5M?A^9fxR)r&?r&!F|$ZD>A@m{ z_*08VAdTDxczSoexeraMlKLr?cW!3}t`hL94|jpt&`+~J~uea%_ph zX;bWkW^y}TkVjbJaM>rI`fWn?M*qq3lHzvs)SJk#g`8XiksW} zZ_9-jO!MRBuxM=QQtOk_@lYd*8VrGFLgqHlP(jal{#1I*GS+`xiq~~F%n7W1TiM(3 z@iV@V#A~od?eElQ$h(l(p?ychXe66;7q+@>Y!hPTee&lcNF@F`ArpCBX`RewfQp3` z!mUX9{dvay48m&O)KsH!PgeG^Xt-a2Ho>Z68o~bYsp!b=M`Gy(-;mt|fKw8OBiC}O zEGQaR%ebCW7jlDoCodi*@Wn=j)^ZI$jcmf# zDkOD9)i*U>YwTjR*-v~?^h$$tc1~pFHFxA2UXNyF)j+ICGP*R3?`Pj7`DL6LU!aHS zoF$AugvV=uyd+U{IkUV5PEOZNwjw)=z-K4uj>o;UW0inZN*Wh>9D#)Pt%epQ`-8&i zLOLZ<!)iz2X6J?G2k{bE5Tki0iGep(pq1pvI)QzSCx2NU?uhSZ<&0)92& zei3td;L}I2{m}MAn#ItBL;v(BkV)6~Mq@Miw(#1||J`Wma`S0GLF=8=FT@Ugsyabk zMErTJ2;;C>mgR?Jc*t^~hct5XJL_)?rm6nZi!K{_L|eLw(PMk<^EbJ5H`k3YJIJ{_ zT%GFqX^3c+Qpa~nOMTg+9@FKJ>n*$Dv2jTLtO#~x7N~MW9OigGcbhr_^YB(!kw95d-BvV;=W2M>C zTf-u3xwx$|`JVQX%Mr7xBO~69^R(i@;y;4hhz$LI%fIJ^3yV3WaIK0`_DDCU4&OPc zc~wSc#I{L9N{TM}Lju|M=oq{Qj$T!vS{8q>pVb2zd?RWKm@;b}sB7Z=@wE<=+*$G2 zY#uz^d#gU+`x}lkzxn;W>iH*SB{fn}J;~L+xm6MXYZfES4%vjY1@fbQdrbLqQeYoA zF)7Sd(MTFC^_|NlsV^*MP*yU(%BnW$eA~4Oi*H0&_M~m*3qK-0883o4eYOM>Y})|V z6$qe8Ad*@UK`BAj%W?Zl;Ts|b-2281K_88D3FE{^Dp$S!Q*drFQ=dPcVRQ&A_t57< z?)iIeO4@e0L6Wi~NRUvMa;hyfS_b$uwd{u3z-o|ynlx%t?7;Qw%kxTkt6!YTYR|*y zRM5EO&GYQ#FHlD@L9e<4$fn@xD+o^oRt5UEkCDz4}Hy(IRQgi)R_LejYWv?0C z4up!nR}J7;chv$yMn|2;TTQrG9FMF;E9YYaYzxy3v5GAR1Um6@U9ye*^!PPdYM}`N z2DpIhf!o5j_%+A6e?cQ0zlDD>hoL3Dmf40nobx6$XR_LT5=op1m>SQ*0;pb~kGbLI z(4y5-k7RrxLyKb3%4O>F;6efrsibIQStwMc_yV+MEc!UbNYDW<4Vy|7jh$+~)oRj7 z^jS`(HPkM#BHAItYxhED&9bG|#Fr+1E(xNB6{Ta5bl2g-@9dZUU!bA#e^3T&_9BK+ z#JFzf0A{8ZTqCbSVGr`zrIzTvi06Q+yQ?A6JYd8pj;*x)^t)t?&Y0}Kq3;!P&j}wp z{gSA!Ixb}s7CYXkmf8A;KJNPeE$<}K$kydB#<}P7I!#2zU=B;3jb=m8GXg^M*2Nhs zc%(3Uk@=v5E5V4Uw9Rh9PnW&*b~od9WI@jz%CFm(zrh%sa zs|BFu*iuOerB~l4@1!JG&!k+=JF92ug`)MP#;h$9wtZz}ArD&s<94#oeVOxOqR~NIS`pSt78$ZUv8I);Xo&#Vqf}sW~X$s~r;|`NmAcjdPg3t`aQr{m99oi7z{(T#@hMCt@=Vu|ELc zO-HbNe8PZsT^;421|P!bazEDWyhA9`YtDR^y-eP=X!$ORoTdM_xpj{C1?M49bpdKd?A9e=G!9lUhq)HwJV z3jEVYF3IL81rsvjp|ezOTZm!`T>R=EyWd48xX=IrP|E0M;oDR!cmtCHN2%;%gl`0r zRk88cs1qpD)rk}wiCtLV^!8DTk_*y2|+a@KFyL0+0lrzs^Nfku0ORK zeA!;$Rp%$j#$ir2Z1=_X-8-?F;m)ptrT;KI`hfFfE97XLe(-$l z?Hkrf#isqqn$57RlgL*qXQuXi&6v)~Erhr2cS6#Q=LLG-=4YCz5TSEP9_5fzUh*dE zYt`Cs-a?|skWknkdx6p$N*~q5V$~?q{(jp*2poq@Q?bFf>(c~^AZ3_{F%HjLU!~s| zt;K}cUzyNn1W?WLdX>g@-N`T9)!xkikXBe|aJezY93xMyRZnv*d!~jp#L1-QSe*1J4X(%)@HTB4 zzisvw?v1hi_m=Z(u1VdaMy6I8+BZAft^@kplAD484*Jj9Feg_t9OXRfh&bJ(v#(B( zwn)!$fSV9?5}OngM@%12+c|aDX`L<6V~Sp5jO5?&ui+-hPaEeUcDuxB!o%@cetILFTnE!5XrW#NISI(AV?I1k7iS_VXZQpg6R5iBysy z2z1MXwtMhvJtJ9$2}9a??;zrStdMy@1nT$hh?v|QC#tT>5g(t=G;skD;p$Y7%UD4sWG+1!18AJ-J7~Pqd8;E0 zD{QgX*3~)*X;7FazmwLvIzLBu!Ocdi z6UbFp9MFon`IhY-!tS zNd6}nH+J)_MlJ#`xR7p2g)eyip9a5z@I*?#=u_yhHhUP4P74UxBR9&I52ME%KRb1O ztXz#fKBhUlt5~HlHO_>QK!uW9D3NO7-Ti`la?335=$i+8)4&D1y9pbMerF7G&i!1D zo;3D{&(xEtzKX~f;|SpdxABCN@x*{d((_JnVx$vm#t`u}E~Sk?*=sJVUHKH>v(}#+xA1 zh4gC4gUNr|XXtqt*WryYy6&nWKE4wFAPup~YQG{O7D=eQWdAuOOd_;;S?6$2m4(;1 z>Z@9RdwxAq^?KU1Hr-DtAdMRx<4qmw$Qkr)aRg9rO*KAQ_EAf1K^OG=Ogeyyx-%S! zCFVxCy7YJO%}Ux(YO(KBq_H9PeW>v#vPB{Hl>CnjjC<4b1}a?!e^5}%Z4s{SS8yc8 z&anCzwLnRZvFZ(rk^1@Q{SzT`&Q{2to+sC^@qwey7U2vNRJpaxp+-)3Ae=>!^G%=e z0m8o>-^xD&qoCpBdx4?R=&VF5U3FU6rAAYY9QN(+A>_37`WL%)o-n${V)teglnBpy zA)Cr$OB;d65j>$fcQ_bnRY#gEiW6hu7Io-|lmqCx|ME zb=-QlTsUZZ2;r^wos{t#`0S-Fi1dXU7gV4A2RDH7C8@Eu-9F{9Ol+%l6-wK9%`;OK zA%_H*F4?l4A%Sspg&uL-&3Ch>_IK~~t8;K!G&+UeKx}Q{Ir>m5eeSi=C} zCd!BD0|4}uZYCuesxEQ>%Aqvv8QOSmk)=ZuDYStJIRQwoNHfVwtB+0HsA22!%qq5w zX;4(qQVr89Y1S5CCe$Dlt&2M7A#(fXINUKed-MiVDJFHLu2lHKf}D&06KS$U z8ELxkM8V562=%Sq_5ecZ@ z8vZ+atVR!byuX$E9KMUp-QT+ma4h@dgw%9Y#Q~KaU!e7c#owA)2chI!px#fKXL#h%l>WDhH$EbFg-F&di8=c+fTY9S3;ulXwift=qEw0BylXox~oJ2pfg z%R3{?3&vD-=B#I4|6c4syj+KD6A|+y_|jHy3Z5}Wm5W5VNSNL-2>c}~V?rg?>t9)a zztf}sHh{|NyQJ@L#_(rCBdt2`t80R13=~`3@0B$=77fLwlEGcCQU@8g9XAu}iES0o za}&#BBcXLH-_3NGPz%>^j;SaTT^d&d3Ze%>)Ru%Ji`Lz7W7IT68jc{c_x$Nk{kA_4 z_XL*)Bk+!C$dm|H%|1@v5aj2Er-6RO*D&5x?sP~;>}c4wa^cpY*=Dtop@}7#9(zb zFo^i=LfZ${Ncp`s46#njrKBXB#yLB)Mt?1dT^O9wQDoAIt?IkTOUaK0VmLq!n?^nRm!(A zDA3y!Y2{`I6Iq4(QXuHXk5|yos&aX+0J%tozYTvpo^NqP*&RdZB!9l+THAk~&Ez2U ze8txkQ;}2N8&cigp=l|M4GjYdDOTM{0qY=OP#**hP>^TL#O@3sLemF^*^jALTGON@ zi?7KW175 z^ngvG(BKvi&FuL7RC0N@yqKQ6H%xrsMzl#J*r22CO>k|nn5y;#oPg|ptVqN@9wEUr zM3ss#H_L2iM6{jBzEg*ziPc(;vH{Sfme&;Fjwog8#Djg|NRnu1-=|P zKQ97@dLc-+^7_*ljBA(4VQYQ+V~XFQP>D6|jquS~30g?NO$5d|C&mcfwc{wqNeBJI z)!Dsr|euP?9?$S}tPh8lBIZZ-+llYg8ehT6cR zeOfDI)TPTZSOVc8K8L@%g^eHMeVmS!g|+Tg{jp1}YkG1`Gt8TIFWb0o>i)quJ-#o5 zJnKVjww@;}&TVB}Z}Ha>T<%HgtC*kPUSH^Tabqi3{DqS>(FXmiWIuqC(T+Uhhbu=5bemaT{hS@;}A#v^3ryCdXo^Xs2N zQGfil&}I1L>m}2<`>XMd+f&%i)tEaPlz~?29))ouKQVEi=M=*3aLjTFc}d&1j_6!> z0|tn5kWarLi@Y;RH*gSFbSomi0%Ob_D@?fD9qT*q>MU+ic|0g$2*Nsc7A?*cJR+kt ziHgGu1G^jVgZyDlW0T5E?hh%!m-Ko4p`FSf`(vMwsxC_TVSQP+{{I`MNPyOnC1F=M% zzY65Aq2l#4T(`U6x>wNHGyp(N^YYbX72xK?4A2Acg(=$Mo+^M5F>1{7;v6j~(HBbj z@pvNPaXVg1#_|`?z3E{)RDJnQ%SkU%OU_O!0ZPp1RQBd%mbedqP`#fp$K-ggh|NnL zc5zCeLd2fiCFAkp;bUJ`#b|U+YK^?S$Ahp>bWbYYAkQ?tX9>h{ZeQkp?5j?ux30A! zU*jT22_(mrmFJ=`fn$rF{T?>$oyx%d;{8ylaN``?@+dS^(PKf7!t&27+nw$00jX3{ zTegTFJ*CZ^$53}uyJ5Map!cvk=iq4y%1Cgn%haNSTg|B~2?)dzdz$ZwgGyrjV|^w+ z6$0D^%z4oY9VqcGpJC(I2gq5FppSLV?V6$VVe*IEshJ`SQrZE!*EE?fAq_FU){q+> z&VF^0vAz;K{=Sb4wBzoWH#i@XlkW{`o`$+!G_FJfFi>r!%W0lZkM4|4MG za-tU|$`?m=$J{tZ zGBTd%1d{|`b0^)hx~swHV$4?GTR&V;Fyc_gwI6SF)7;}{h5Q9=lp>~{fGuI(-M7P= z8YG6=IJ?a-Uxj}tCO-XEpW6k*Sz&s7w|wpw(!_3*d{f!wR8pN+Gja*Z-d}yB>G;+Wj^i**DP1|*!HfW?0?@|_a zzPL^iP0stc{p;P>GA`@b(^$i8$IleSGlM`x%Jdmz4O0NPGF0zuhMHsQ_F^)EBAex9 z9!YqXMA*>AE9e2e|*%0dPs1N3b5CxK&FZYM%;j4Hlv*o5Dm^Ki+rub zT1K4g3>}zY)c*U?$~v5;L>2`g+%ebYB~XeZpw$y(MDjli8;BF|G=*-e+h@rr7?tQKoKht+cH-{?w>m3Aav&oGoUO1xtzK-MB(fj?QU6t!oOBS8gjVT3{Drx*xtC@}Pk_n`4U zH75m%xxSqOUwP!o-%tr~`^Un`Lkp$p2w`YEd8CXgwifmmX0+Y0+V7jI?cjQ?_nWl? zmn3GmGtap&dYd)wixy+1y>6oHQCRKtQ^2wQtdLzNy`ljFNY@m{p_dd%QD1 z`9eJuBHS=%7lLywaX;qpi9XqzObDAbRIVB9A(71^&xgW#o7^Qt3rJ?_%M-cF%$eI^ zFv)bgt2yu$<5BdojNP{hSibW+P-VZLTT(Kax!a0Iye-{4pPBsPrpETLtKWN>!g;^D zMd%n4D`DEn6h8Ir)S{CJoZK~d`QW{itHihavU^J(l~eyhrzKqN)a9u=^8JZ~+$?MQ zH>h?tGqN-GIsSmw6Y_$8_eBt)6_;+pQyVQ zE0caAIO=JKHs({xD9Mx5#A9Ks(kbM**J&9cT;mFEuYXe`wt{#K$Z#PrUOao4>rVKYqSiUFU^U{IPNe z)S_0(KxHqcF?EgO&;I@zuk|L$pGEhXZ79C~m0~kj>!m4kh?*~K14c(1Su(_SaEK0d zmiTV8s%)c5sg-C|NI3ro&qWAjUSBu%V1t{MQi$pq3rF`?>izdtGoU^4OGm7U9&w6l z0ZK9K061PzJ%hj(4yrNSIx8t&f%$wU7j#SSiRB-6Z_2=TJYY5SQw&w7PWzB}6;L)) z@i9=uOGrx*%~ZxBLV$w#@W|ae(|<{WWg74W2>pooOb<=ueDa<%xK9bE%vkUZ)IpZ7 zJbQh;!gv|gpF}|aWjwNop@f=}$;@9AOnJ1>rz%kFh+=V`iLj*W3W%^cC=0|5uzTTI z$2)H1s_`htN2rB0_foQ`I|U!hHVdC&A(lR$$DLB3g=5nB^Gas&Mm0+3`KgRSni&x} z^|tERExv=yI^xKV_ov6ZFcm>Rr|!$RTttsv#rq*6fGbC zS;(qu4{EMFBN#(LBpJB(7X4Uny8XjY+R$Tg$zbkD+8#Vx1wfITWtHbodYigbZIJc7 zx%r8w_LnCIcRa=hzk5IG*-IQAkM*TftNYBT0GElU)W1<(TKWFnWKCCF&czLVswNcu zuI*pi=*8g2);`9rZC93+S7t0nK5Jn{?ka{IR-bvPB6FkZD9uEuSa|w38w^wWtAqmY zXo1LbnxHfI<1E!AMEG5zB#}=0t*ZEB_fp*M+H@(ue9KID%xW`=^S7+~KEex>sJnHF z(=O+4g`LPYS|(Acs04o;s4b7e!NkIns@4&Wj;7=qBf8gV(SER#H4sRi{pzX9oL%31 z*`W2;yu~Q2X%e-ZiVG~gvC8&+(k#k zb#IS~htZx6p^eNv!|J(h-i7UXFeCH?((E&bn{G;e-{zJtwV$8>0_79Df1@_i>)&W{ zA3UX``zdEct3@6v=bc6?Ea@F|4Z?fU6GYcL{=r58y3mJXFs z1_5x`Mm0%*LMSSs*#fj0yiP}p1NBRKtJQRM*tvFSig)2`=*&xjL3&l1Hu`ll7 z<_NBQ|G6TYkKGA<45b7nI^w4H*}ztBBN788YFZ8*~lkHXVA7( za|-w@3k?;THCMbNWzpFVW7Pj9Q{MH4BNzd!l}U7>t;SISelx&KFjV#ABJ}bbcUVjT zYUq=q<&Yo0ngq7QrN+m^wFEiLUA%b2(=H(D^d&m_dmZ!cWjFGRlClk< z=vDG(-(W&$$kp}9ghBk@SN-W?Klrq%ff>osECn1mkjXg}99O&4b^KJL>gv$@Bs7)S zX6;I1{RlM$p@>el53{+NF|4?quXXbWd_{<;l-?;3KqKGfiVN}nF)OC>juW@RHBB>Z zt9+ZaO%aQQ^4l@67A76J6R-^${799Wd`Iyw6_NN@Mw59}eRP!kOaBKbDjT zNKaw0ev^)PmBC@g@&1;cpj=|NA~}cKoF{)-khgAn#*=A>YnZ*{-wr~!{7z032R z+)5iZ9G3SguM&IU6=n`EGxG}1=-+$J+RdAF;AtKEHmxVz7MB&t6X)$5U>gA>StZj3P;AxRsAp736q@&!w7>3yK*AnEDylM+B zHS<+f{<7Bv&oSQ$b!>E4T%|NKHYsg&l013Grj1~VZl?W!m@b+MBzPOg1tLHSqPtt^ zU(7aGyBeNLs6VUUQ2PBwoA+CqMcbPUwf2b~KyxdvTnOT|9>!+$CZylo)!_>(&i;?k zZZIIXoDvOJRqyc2ueMi|Qn=IEmA^Z+9D-Bf*UOnU@V6ltewh*nwLEb2n~6COn@sq1 zTtGN#6Z=ZC}d7pEI7i93jpL2_V znC#2RC1awdLH>0WhH0{L2N*KGN}@?F zE=4aXDIrz~CQ8AE(A$#4W)vioryP&Qdb1d7cyB2F#K`AN z8;>KSC0^qvb2h8LhEtdzGgKfSg6tZi+s|H5Fd4X6xU}9%eWhQ@ydJ? zD==2^m$R;W2|#QB+E~*-Q_~cTRRKA8kvc|zh)Nime|-#(-XvsJ0p@(IqLq-xP3A8E zZ5gZZEJsBIUatV710?8u_$1#(aOrFS5e|%w1&XF4mG;PL#!7C|@G5W;3 zUx=WBX!^M59B2Yfx|X6W5sF}N#eO;u6_BFbnE`Gk=o^x&=QQ* zR=U6TCL=gon|nn4>rYzlC=2%9BWLeNqg&g~irqWfv9J}{99(pC;2e0Lq9#z-i`#wW zMnAomDD$eT43$FO6D6#&#lE&WFecOZQ?I;zB+ZrD5VGtiC`fjF6bs_Qz_6Nssq?qR zUzYQt(CxzQujx7e=V-eY0MR|Ec41v>EF8HxkJIVYc#CACD+F)DLrNg1 za~uy8Oi$+7a)QSm+M<+!%n(|95?i4PI`+sOEKxBl?@_u^o>PmK3QIn;>>;gm#%B^7 z<@E}SRT?$3n5?UNR;WY=Sw@nZ92Ty|7sv1V%=!ho-OLpVB1E&O*uU5oBjUOt7ea(c zx?}~Ks(m+>V!Hy7yFabEg-ndn*o*ljhhA0u8I9gpt8S^z4Y}e;Qqh=f7#dpja}#e_ zZS(KY``IR98b|_ER@+^5gu)vyYmi@EbeFc-3XbW1T+N$=?0bAWJ!M&bB%oD5hbj`G z5&lu%RWMA74295LrKYUAn8l2u1dlHn$GrEWoSA$9F)Fs6(*EH7RVC*&C%SGCR65{B z2!s|NkU}P%1WEu|v5${J**6@vA|>AyiBi6BEh5B2dm0yZ6Mh5-+y0LQSWu-$`{smc z+oiVGt$)hy>>7JqSA;1!rw8a|E4a6n0Ji2#`PVIV9s&4xK=S6f?jk5WOl<{`Z`?vC z&j=VdW}(+Q($reh3D|hK%|fotjFlYh(cfy4xbiaiDb%*0%ag`^0g%1>N|X#x-_dx7 zip*KnS z4ie|`Vx3aq6&$rJqjT^n2MaiG$;(iIU~?&XWxN{R8C-aSYMc(3>>xBPC9@zPx<^wh z85cn3V(;m-46p-5*_NrLjpvpzTbB*Kw>qZwgxBYMZ!O|Hmmx7kfesoFnzvL`{_04P znQvo6U3o!qrQpfugU^Xh_z9=1@Bm4@;opIjz=zFASYBNPjySICKL#teJ;ThWZ8uR3X&#$5G;c#UXkBez! z;=_}MCpdtyNM(``(WyH(r_z>H^vT4HGBi%B*P?S!e6*1B zYQRZ~orIJv6~@QH)xl-#I}gf;&XPccEs;IBrya?z=;rVSZe~}GGHs?+x2U+c66Og#GNRlO7jtu9n_~Gd8(!?WDp6^5DWijmhmE0V72IiA`bqgO zj4c}OPXZrGSQd}by{l109{Qf2!~K~$ZkrJZ5pS3j1abEz$0S$#5xHC<7IFXY;z8#U z1>*!ZdSp|`Bk0$c#g+nlKh+w>58ET#{gK{^T;Mbl82mn9_!{pMi+RgB)$TG(ez^uB z)Zt|H&VDW!w)j{`t(pj8B=e#|BUEOk?yOn{8rBsDbmXEN-m@$?IgiilCQ$dkC_XGQ zRww0(Vy@By;!=zd%FX|i$=a7GhEQJqA# z1$tW>{K6P?acgTQermb@;q1BNd3nAuIfq;#%<#g%Stz;iIgMQF-s9b-umAdw#rBw_ znLLBhG&d6&yn%w)>u{KTy>{{dq$XS2eQtkQqSA~9=b|uFe@w{YwQ-!7k<4<{C!(G| zm(|fcbghjWac+m-zrhJPw53T{FcSM4-_uM?No0||wmvEQd0x{n_UFInJ{?xs^ZS56 z(6tv!+-ZDbzTVzfpE!6)&qChr+!A(E9^1(PvO`1J&}VEFT=`5ywkc>gUl#yt!}yJb zQy}tWedN9p1+ye-_x-D*OUT)mj6!pM^I$(dnM0_Q=RMK!pFh#G$Mw5UEpW#IJI8f@ zfEDq20*HKMGqRX{M!rA~8#koW_veBeyxJ}#4J?5W_b#DM$mOXmCVD5(EZ`vQmyi{; zRx5)C9DAT=3GR4Rn7Lv16M8fiv!UT;acn)E{z{=+N*1(`?##UPskrmulG^bkw!%s&tul?VUfM>$%UNF$xU+dj~qEz$lw#e z2iyF6z3EKTZ@x%Of7T6YKjNzyu7ShbEa)5Ht1Ae_gr!+`3EZ?eG<&yr*(8#pvEQT@ zM?-7*7i2yK^?+7?ek6)brR8p_-u$b749+iy&h3$bSZdJIZQE#%5n`bHF0r;mWV#qV-e_qnG|Ky~bLW$G-u2Rgq2v*J)gQ}bDeRqrv~vt0 zCWIqBYp~l18<*yuknfdJh~vqdfbFMW9z6`9(VrguN*hY?YMuqtAkK$Q6&#~5s@qWR zi(B2iQBgp!gLnp;qf|XdH5UR@RvZGq*T`_Km@8Qp#G8EYU(vj3fxi^rzks(=>h{A}F}{A4^8WX! zNU(<9n0wW&_4W;$al?DA>THA!Z}zqCt7{tUlMGEf>OiEAXH@6(ILUW07F){NAxFJ% z^Y|`dX(Rv6b#u*7~;U`rdkfX-R-UAD%QdPvf)hzsCuJj(aYq!K0_+ z9pfB7GZZH}J|G3M6ZM7E6m3RI$SE z&A3Ms)!?I8y|vQYaGRRTavrE{ITpUV0N-cC70<5dOiRxp{y_Xgo13{t2Jt8TjKZzQ ziFYP~rvXaR;uEFrY_Lz-cl^t;EqzxdM;4@d7pq8P4GddBG+eI^Jnm06uC_HDC-eQ< zA~WFoa)002O;bS-;t)S5W$x;YzI6TQziI(bV8h^p2doByIt}0!ue~(}KJJ9{9lf8Z zn;XunU%$1_$-?6{7Kun(qTaw8yu`!@^XS))j6f;gZ9knJL&qppr(?tnspbE>K1~7o zOx6k|X(UCe+R&v&kduXoZBOXD$jqLLG%!1hTj3Hr`wp`o-J7oVvpoq?(IkEyB_R0$!|+4O zS%mw>LxVu6ptW|n#i^RJBZHR^Fww=5pHIFjqo-#P(k$tVSp;Pb;GAa1+ z)WM$i*^45+)R^dSW*^e+F1%>QX8;K6Sw_HWSOoIe$(%O{?BXK0frW7ZmpCp(NRM+aNcR_oXQU5Lh;8x~()tq9r z=kg}^Q^49jhUX@m(dH7#Sa)d+;^((#l$dK_h~FqZ-=a6F`x(^gv@^Hl{$=;xdnv2jp0~*6zbMiU6M`|uSk-{FGbgk ze8o3w2#FmLan5j;*uF259&zKZpS>IEZV?C`<`VbprplJ`1f2w}Qy)3b;{)P>f3pam zU!G6KclhG*44x8vnPcN6ajZPbymm1` zrn_1%GMjd+ndkdm&7JL~ufFrkZT|gh3U7q$UgwtnI&MP_X{=NBAdPj^drH>#y&tiU zQ>s6V7QEK#^(onq`^^PsNx!Y3vmQogi9x23b3CYqzX|W!LFXOK8NoaDP)HtZKp8cC z-Y_Jg-uGc6UmcS@s<@1Ca&eKIc5^a~%muIgs9*nx1<)zuxin^h zzVQ*^ULf{fqvLr9&Yg=lV(KHjW#-oZdp3K}gohehs>j+kB7*rX&@1l9CL(d>f|dd0K~!ncv%MLVppCC!r6d4YOWo1a0=h^|XY2%66moeu zhm!U{j0yzufkA*KrjbTg5v2>>^R@I+OtTUwD)GyVce$jON}!pQ9rVW}Et4TQIbxk7LgiaVs966G)V zni>Y(x;6}+yJ~r`7uR&ucv{l_kHRaT=R$|e;$1ZFAfhX6JAx5GMH%Sz0xlGQf)qJI zrQ7#z#ZSFgyAADEqid(IhE94PJ`I6@u{H#z>Hdv)(4X0IV}VEg;ZGst1;!8kZr%{b zQAkl^Gy17pz%#e-_>Hh87-4l~jr#;<(_UU%j}YF`#t1^3?b`MNJSh` z$kcm;D?5Cn&4NA6$v+w#mbHADH9Fz1xT|4_NAxm+b{NgiSJ_oWH)~^=|01nyO@RcV z`QbHDj`?U%|Ju^JX$$FEvgNQ~Q>HC87x=ALd>X_^$f?ApBV?~e-%aoNzO#WdQc|q@ zqChuq!C?|^H~d@^xz#Ey^n&NT9;mv$L7VvDR8{g60xjxZR{2wk9D~tdV>+G3-2}5D;H0L164L_B=gh1F__=Z7FOqk{@qa;oa3jvZi`NM7jjC$fBG=t zp7p)ODQr74fAjAeuFA7b0qLfn4=h!iDSPh<`D0vSwsoY3A) zJw^E|gl>Fcwv&Yk2UHO2I0Cf1?4C~bfRt1L?0BYxq4ChupLeH^?FpNjDEmt1n*v^# zwSiL7g8|@zK(c{bW%e;S(B0H(n9L(oA&qmOkG;qOOLq=)3oWcQ^}m1f2jlzB6?v|; z{ti_sdk0c*uwvl6k#YD=>x=nBMb(ZXl2YLL7wpt&-BevN;2nVql+_SKoCJhMD3Ahu(b-XZlc5GKvAH^2*{^~^FQ_L+?DD9U~|rncP+19vGu`FhLkL&z|wodrLK zFuJ`z^ZWkfqxkT2pYl!to*}vw$!jkU7xL%4S-LM8fbh4bNH8OEOc!nWVKJ_b>!&!U zJ#txatf($);rf}4$&8w=#wVJ(pvPb{l=Nq89}^m+GOZ5IY+9&*3jD%|2}6?e-8snm zN30`eM8uiJE{wX`=d6Xoy?3^)z++o4qGIDmMooY7PyQacOzG67SE7|Ucg!aq^?xiz zPkZC+yF6W6>)2O(b>He@RgvW`9B%B0TP^MH8R;g+tlax9U4>)i%WM)Kxqk0M+WMNm z6GHE|9Zo)869D zdBAU}8UIAk-`k_lJ?8Bsc}}=5F|}(-sD^HrG3!aYnrdtwTG`Jznuj7_MT>1lIDi9&`Cyf>9wj;Rl0Ek0h6_zW;H?&ml z!ZLnKyqg>S*I1w8$N}JVDhvAREzs3^VkPJ4O`*8Gt%%318gP&A5^7IYaC{tyOAXM< zp)?)6UCXry;M(0(?O(vbffkzMg>1%j8vX)Pn4`hg^=gjgpPg+ZP^)2r9`KKyMSqXJ zf?)S=nucUmST^S=aIO49iSVy@6iw8r@|*bG*599(|2WwpneN&H`6v?00CHtszjw}e zhlI3q-)Ij%r+exFY2qJC%DR6ty5ZL*keBy+-$i^II$hHIn5ax@x_nnC**E@dSMFip z2n_X6;D#@tDSekyzU6QAOip$}Yg!Bc(sU`Lj)tm^g|$6}vR09vm~n9hd=N(SZZ0nG z8Wa(yrDu%s6i1$4vVTy;uxS3shK^AEOYE9;_CNK@JcbDmZlil9uMNLhV=I3nBXkqB z0b!P1fnx!d4|)buF6d3WgK}2)eKVA=WC^ugM*{qpW7(x6t+%O0+!@jY0pr7p(yd)|ucdH_+!=N>*Al$> zdS=@W>-_pL%nnf#3E`LZdFwAR{AD0!6!#cVEfHtW)giI@R$6H&2ye|dvcq|fc2S^ zKC!EurOv5;(#owxL+L4|C4}Eiw;f}gLq}Ee= zqp3A~-joSL@~;+bOK$nbE6j8k{@85$_YA>8sA`G|cmybe?k2GI3QB-z(C>x0MzppB z@ZPSxssSjS$&3_O0Lmx{uD+w`3KP0HK6~pHfC>2|Ox%xukW&0*N4@uY72WA3SbHrV z-YJH#2zm4rg6_gGKChsC$O>A40NDbwQtjW+Ir**@f)eP0iy;>n!k)<}?*OUGi@KJ2 z@O9KSCJpFHpx6<&$Km?KA4#6v8f zDmsvW%GlQy8@BhBoeR|IOO|o~5(hRbGKZPNLG#qXoPvs-?K0gO8bd^zs*t*6}hJ-4rWgrLS7Jljs_DE%LQ-X zw!*tQ^!X(G7tXVV9MMHjA4s>^$^$ki2sVB{x_4nPKt4>7?;~ew~XW*zbh%SBIG2y zzNi)wbm6uBeyD3|XA)wt$PSWy?Pif^=4+B(eR;3GTk>ovaYkw-NlLcS3A^17c8ioG zRa$1^Ve(8X#*e5gZxKH1l^>ODe#^GqNmn|gq+QUaB1jYHskY=|8^2=dO5fWwHGF>? zWwE%$fryW_jfAz3a@|(0aluJ!s&&p+nV9ovY=y%AP`=UZBo2RLnri3a>W!c0z2lJ~ z!Rn)V#ouYlR4*)nyc$Uu#bZQGVS7JxK54D$ja{X)t2lTfF)o;`&g0DWxV) z7n4q~e1$&NYLAU@*ZQFSi4T}^Sb*i!!rW=&S-05<0Z2_Vy@V}`eagI~e5 z1LnlvumrRhd}#+*FHtXxO7wsU&xPw&xSrex{p#ePrM9i5q& z#+qT8QO|Y zwz1xD6cFu!czT{JgKs*(W4pOnh z<)uj$Gm@L~<+a_}Or)~tiPxd9u|LkNR#$nI+>>8dX}SJDQTHCf@#R;(mCe|xo=V|x zBFzvsMnEo*Ci{egv3BQaZ@C^#@%y7_zTCESHZwHKNH*7}8pNh3=sYbAJKWq|dniHa zd#%;=OS_$_<)Cq+QpY^nq_CZq;2Df;M@NEz0&+rqHN<}^`%i(gaWZ53q;S_Iz;|>I z@;i84fF1D?b^Nsm(M#5`&-F&Ld!zPpnbew(10B2f9PC_~h*RP~D+Ds+{_m4ug80A0 zfpEq=s#*yao|3!MfUVU_c%G>gQc&f7;K1GS%J{8>(A17kGYb2xO%M4Htv5dv7&WZT z+Y*ew(&{Sv-`gB<|E1}=q_E_NE#z0b(X%Fu1UES>_Z3kF_ooX|Y0nyBw{l2Nn`U#EMmN>eGakoFfE`# zZaOK~v`+yKEoAV!eUBY7Z}x4LKbHOy$yHHu-2b{oob?e=fdH5kHX{+5^0@D_A|E|q z9~JbZ2edaEdQvT2aMyod32(TSjl-zvz%+U;*@~xTw2F4P-0)cp_ek`zw(2vg)FZ(Q zS5Gd<%~k}c_m7(=$hEm>g`-ql^G<(Nh9>;+nkQne6 z;IAhaHzp>~{qZlEV4ZA*X%*o&?6sGvu}bJl*TC9u!WTZuI7sB)d^+r6nTHsN70%!j zB=rhwcu23D_!v;i%2!FdkZq5Scr>XPM?kBGr}mBn3xb)0jC*a zy4gnIKi`?h{ly7$wKlHH#!UvNp;w`(ux+*qNpY1ZTCW3qwO7eC=) z`1EHun^vhu1eVFYfV0J_GY>d4%LyDaRxdHQ5D&AX=Xw8#70UCZ8+?ixL382D{)2l= zX(}F#l?NVP4{y$Q9z+?oL;s+zsUHc;U=nWD*Wmi1rIVe1!p!qW08t?Z0-}mvhg_HS zpRdhiZOVn-65NB8{{IUt-X4e{*hNZyNT4I z?a6amG+5;amZF&DZrC*F+r44`E0HP_!-W-+%HQlb{oo> zOu>@oD##H!cSwJXg(OBKY=|6#1}zmk#+g)}R$mFks%T9rpBDQbb8+nry2eYUm?V_| zd9nle6}5Tjnxk|v!R8`-7lE>yqEnjeeIy9J6Mhxx`ovxP%Zu^tqfxi$`eTWDdeh7^ z5yrT3F+GAJ4(D16f=*dX8K5HMH&}c4W%Y+|IpKce|3}kT#x?zTQE#KW8>G8MX&5El zARskL5$OhrjTDgq|zw@B1prCu|4}e&+~t^&v$RWZ+3R?IrrRqxbgp7 zIoG3Xb^v0}Y*Zw*6p*z{fs;5}Jj{;7mM(L;T6#UKJnyp}DLHTf9Lo~p5QU+)C?ihT zT!EP~<|_#;23(iV#ax;cCYI!jYBPC)W5j&J>5pT)vWv^?xa?CV^#0*TF~92Dp3NB{ zZXsX$6}fDk@}0hMcY;ZB)SX1DaBl1gMVZ{)l5hv?rKKorEz-jx_`zsQ6<2r<;uA-<)pIIQXOj-t@y?PdkJJ4FSE9o)lgX@)SvUnow!c3$81xBMtoQp3Ciu^D&q@EE#i=ot zmdCP+NAsP5{EVzBNCW(qg#HHA3!QAA+Nq#pR>RyLpMVW`k^8D&XV83at*)mrDqCd1ldX10 z(iHUY&gs70Yux-1c4d;Y+4@6N*#>%LaN@p@00j@m_kVf{ zho0hem0fKk`r9r%y*zFu{H*-k3~5XOEd<<>{O7Vu3^+Ww8MGjIJG zM5~x?WPag*2>HRU9a&8z4&BoVI#^#kLr78ftaF5^lRbLRB+^018rlVN&v##6F)7iY zT)mKSmex~whw1tg7RI&=aZh|De?_j}I|Zm@U*ta0WyN@OUk?`Cu>|>TE3{pm33~1O zE^a>^m{3}{wc4ayGW$wngUMBF?V6M2ml+;-3KVcbszoIG~ zeBQ1QsPEmj7{-CI(Xv1xZ^=Hn2MZqG%$$p7Ng}bkdiDsS^N$TK6X>V1gZaN6N;>*q zb$X8^vq-T1r$O%}#d?G=n94F=x!<21pssF4LJ%eME(rHqHVi5d?vlU3JqDYMEpr+Y zp)H0Su!XN$hUz}ky`446f%506Ro1V`T}WO#aCMG?Iq4qV2EN~l9A)oko@)Nb035}Q z(o>VmP(o_nyUL1C$ZSNyZ20*G5xckx*&mAaAZ z2dW0{==eWM*=pk%W@{HZ7z{XhQ7YVq2_Z9^jta>RqR}PN(8*^Zy^0Uj?n;yQtlvh% ziSip}u3d#&PwxYfhYx2;T?jCyjlejTZclnwe7H|BGV(r8)5Gfh$#$G1piJc}A1vxy zaT18{WWsY74-x8q$CZdAI1LogJ zu@Jr{LH+?QfxF0>t?e@L?R>ugn6$_1yWily5fqpy<}60r&@NJsmI)}usX80e^d(2l z{@1XT?3CbQHk2v)87t*?U`&Z1e5Jt%-Z*j_R`F7$OFkVjklMZa`=B3u86C1w*pvR90$*F*<2VWDLw~uVje{a zVc!45KD&85w!&}7h6!gO>V}Gi4{!YscWXcYR);B(_wVe%XfRtQVcd7-Caq-O|JAhp z?GhvxoAmhIE8UAPP#3`vB@Rz5Od!?a_c{C>wF5jj_{G*FG)EZyfx>bT5J z$~$ZrBH*gcyh1@N=r&8*5BHN>5KdA;Xy?oSE*|FlPw&)!L;U(Q z(i@R!E+3E6C^DFk%KJHwQ;sa)+}F(VKX1B<3&Ud1R@Q{!s$~>Hs<*(e$5DNHuqd4K zbU-87ulyH4>4h>krs!C-hk3Vln^KbujK;sWFkum;T?+i&ODE+QUn_20&|WUmD9n=m z8^SoIfNto}Y6W+#Jx{tG1uMIVf|PDYdod~(9`-wW8SH=L$+5^m4)qo>JMpL&kr!gl zlMV?ovA|U^I|=pLikoR>6R~%>EB}m<&Sg!-&y~cMpP`<*3~Ne6HTh{1C)&}z(N(h1 zfx4|qQEDVx=Qk8?iA1W?vzR%Qr(XVPQstYP9_pqcYpgRSC!&@XArxX_uTb^nSN3>U z6T);?sEhF`-0AyG7E_{hlpdcz9SWT&h87=51@QA8mMge7qRzLk56@v)2ypxt1cV~y z$(da`a-Xq%&k0S}h3-Rxu#_Zevz%N28gHnTFgr&W6KR?0}Z_g@rcs`3V2!L7=T+6ATAvo^3=3&k}`>*OPJ_)Gtw_dX&#){yOb#v;ocwrLZ_G#-Dyy}^rKdtN{S zz|9~VVlm%{{FEeV9X733=LYfk;F-^AgTzW;e8SwavqiSJ_I|)nal;0|uJQ`M)ixYU zMEX{T;iMVE`FV5@cPpRukFW%&39Hb zp6dfRldj}4HE^Bu2~Akc41+?}8<(E9(#&gw)wY_Hzo-aATyHfP(Hn`Aiq_l+mZhz) z=yAqj<~2|Ys|UpvmL+ybx2 ze=3rfgXI?QF%?RO?rt-40IKA3(#u+|?!&2W3%op2eRKnC@_|5nR~<_#S^E zdcCY8K4zVPdt`jC6H8qJGnUO61W2=$M}1){Y9%ulJ4+7Bqw zr>xDvaXg|ac#zf~6Oa{aR`1GP>QBi2R6?2>fJ;)YG|BZ6pevK3$v^f)Jd3%GyR5R` zJ#q~AT3N(eG-?hzQakk@Vc%uAb5oiwKF1(kaT%AIkl%{5i3a*DZp#fAPT6Skv;>w?o?c zQ0zWvqW=I^BE>D)o4kq^vPcR5+S7Qxw*ik-Y=p(Y<~x??hUFY0Tvx{p(9$EJ;Y>!F zo(bLhgFT#n%Oay$XDxc8(f9Ye&JDB`nv`hcI!-F%voQ9A*Xs7(w>%#xiKwnvJao9b zvB_%vHHK-qox7qGT4dtD@|Rd{5&z!Q@S454^ol@76qHhUBUw-LA3hW8NX{s@(5gQN zpj|uNPFM>F^&qA|aXi7!xp>yc_3YzfnPH;^*+?wIF z`$Ommv{J3inu0&o7l}u1W-+$~;need?L?mVhFN>uOUHnz=6gQQswHDb_FPX+^iKVJ zy7|o?Irwe`RM;v&(azd?x*dtSC{!7X1EY4B?;c`vl4&~lT|(1%>OB5f)s$FpYd?Bt z4!`VOx`EpsfD^jTAl|FJzmA~wmte3gtQ661cX;R$%wnB*8amQdP{Ir z><<>)pjcwieyB}NZca~iIk{JxPc*IhtY%(>D8x5a(-@iMz0mcKv zqXw>NDF}XQ0#uLI$jj!Rw9&c?mq(V%qd1f`6vSgBBb1Qjpfa4GS`YXNfEfsYYf$=CokLWVeO zr7@w|6n3EIN5F!*I<_%>akX)3f8yq+GsNfN6+<<%xIT)3W;44OazYC3vOWn-@@UYu z1%FqA=ESgzQ+3YBwH)XMaS*-d_@(Nfi0P(MdGDs_YHGmf7?5b64@bjQ71cI&Uo zH-fY*X5gD?HSW{RwV83bK)FO-+a9=G0>C=osq;*((f;twM&OLImMls2azoyFi%g1R zAUNuNe|@0j=QM4^?p?uthwaNjAjfS{p4IG}WY!p-mQ2VNAH} zmA;2Gd>+n;i=Tt?_U)nnR4v}Xr3IQX0Rwu^lZRiq?cFKXqqALW!;X_2X=~)pa-Qdh zD53`O?%<3++xA4~qAP3qe>ft)oG~SK9DZ<~yt9p%+6K$sLr#F6b3r=f0DK{uhBnpb zK<4K$*g*=WfLpFULsP)uGOd^iqZkH9B$uvurF2vtet*!by$2n;_IpsI8Yvh}e7zJd zpn5mQN5|A+2lb^w!97bPcI%(XR4PZ7!6GUC8(L>0Vf4itJt5uLBHg#mhfj?RaZ~`#}#i^-U zFJQo69dpI0oP_~}^B;*V#VSx-YmAaOLCSL=z*3XSu7Sn9np`qLrTBR$4+AAzr#cQL z+YUidx|j-w``dg6N+lwOm<7A&G?i#G*OTTe1Kh;?j;*Bqf3|0(X%kJ8r*}2)zd)NN=m}z_})5|&>)qXOcqIsUU`2g!g zKTKcBmOGZGScgtYEjtd2Jdu)I$Plg$Rc?kYG4?@)5gtYTsvtDhl~DKL6Y>wl1<{X8sxNT?9h;3-OG}&B*GiySnqb4ugDfsP~_XnUExw~ zk5MQ(_M~B&box9|B79PE$INFvik0D1nki<$vTD%q4;%ioW)HnV?gz41qdTzSb#LBK zuf-k2^BN4Ek~>fLXEHzW8ZdC4zBPo3-Rb0pw4zPBMy}hw-piRogD#&N3OumBF`YoM zKE<~~KXmn0y+Ut-&Y?k70oXNx#e!;$03g2F3iIS+R1Kmp z7q_t|7LyPFXbJ+=DgN5jyZ=)ofp67VDSIxe%fdU}kwCjXI2*_$bWaEI%5@zo4L{+* z6J@&yZS$0zy+X_(5F-bqDzY&Sjrw&9-Y-(!99~Y)o3-jY47Tz6>1C-yeL# z@UUCeVWnSVxWrOs5fHv^x8GPo>xU+uGu1Y z=w4SO`Qq$CnHKC#Ilz*LD)t}^NH_s(;8LRh#pOpGBtyvtic=9t0}K@a6x%%?_h!%*kUB;F%G92Q2c6sZ z)p0uBnXkSl#zm45{h<#SK}QY>$bSjU|GQ{CEz8tWyH_8BI0fV7Czdi7SYYyalEZ## z?F5Z@@cOQ8oRsoYEaJX1>iYm!7{j{osAvqNdiT!8sOC_CE)e@9jy`Z*Q$NT~D zW+>l}0ByALR%U?4MRUVFt-j#cA$3TI(xt0j3Bz6Z811&u&;32x{ZrXSr2_WfKbX|DYE z^02~uja7}bx90+SJ0Ue?H+>*_ik$1l?Otg7fY_eTd`JRAZwKWcpJ&kFLaTuYMhF%%;$SG9neJW$s;6R881{s)y9TrGAh8XSRk>705YT>=XG+T!Z z@9`sHZv0A?ICdP-II8s8=i0zOWU23ipr5JP(iz>ONy=%){P>lC1SyJeVuBPSTz z6E*0T3r0QQP=ha+3NYd`WHcw((P*cP_{s&NCATc&6jP3F7%#$JAdJw77OhL70Wo!$ z5wc?SD0K{BM^IQ)&#*;vs^O0wiJA-IV=v*Kv}D?9=XI>szUgc+#&hELMr`CN$wgP0 zQ6CB1t1!}TW!+zN7Tyr5;P-@odv;lVH<1*)h|)NVaMa(~yeQZ^U#%S{;rA7p=QY?t zBEr+kU2S*J9-R#XbN-Q-lL)t(FtqZQ&RL*9UTs3{ zbf(oenimTL*yDv6E!ZgFAmnipStijaM4{H&#wgJ&g8AL}6;vaxrmK%F-D>e2L(`3Y|V zDBjU+LQT>i&UB;rTVWc}n{`i+1J!j>L5@yDqT@|S-tH?o{tW_~FBf9%4gyeBLU*rl z(cz9v-Bba%MyPjsP1S?fsDp!stA65;6I>Fz^{79xFg{5cx#g*F}+3pCUfA;tPEG_{NU-N4@b)1vDiW?q-^p?eG;b0i3;W+feq%gdkek#7DIuZ8|m{keG6nOL`A z=l1**oG=Hqs=8#=E=PYeazJJ}_dd4R>GfGgV_Gww`@+p@_|omkKoprx&TXghYA?a+ zb6Y6wQbgVZI`@I~ZI?ejV53U_)^2Eo2d1ZiNzvr;nGhOQgGPsVii#r%i)t8h1x%7& zd|=zyzw>>TiDf>F4M9%H2~6epQZP%MwBzCoaR;Ff*)DMw=Yo zmf5)gi)Kw9<8U9%Psbp3t-QuDM;{`3nsz=)XcrwJK- zqmr^*ctVgONmQ*4($sjt&R&RJ*F%%U=|-+LO8#Mi!v0IOW5QL87qbqGnAsI4iDrRt zyJHSfLvaTGd1ErjHls-a4YXt%z*VteA~?Cuq~+2tX#TL$)7^a|L#?uP+#@$&ggxd{S)suDo;LuBjjHj6GGt@K$O{QZ9nPM1HE2cUTV+wM2ckE3kg1C#($W; z<*{@TK@O6gMXInkDRwchKZ&miEBD_hUzFHNnRCQl6PrQ>`9w*J}Je37XgzO z6X@?36V8qM0eHUGa=lY5zO}_t(}7BWiX*hQY>3pwD6(_B;ILrz(d0epgAlm=--X|` zI}aEW2Ut+ixZm>b^kxE)kvIQmSUmJ99pb&X<{BJolwll8D2kd~;CK8i(Hw?5tftE< z^-+RMF}ZWkR<(E23I&_P!y4|hYrhPBL|pqQ;1oP#b)$!m>i%?gnV4^M_9zXXbuKORBA7>P^33<(UBRIA z3|CG`tuyt{ld<0-X9pJes&?Al;SW2lzGB1`WtY+hQCMz}D{Zcqrw)4f$ zdA+JdgQ}BxMn=n$lusEfPnJp3==10aN1iQ>VFN)BO=IoZ(kBW@6K45#t|mk_-%AhP zFzFafNE^HF;4|jLQDOpF@h<>SLQUFK!1Lz-PZ+Bb5AG$_7dyhNGpx7_KzTVJdjVQN zm!|o<1Awi3YYYI#U(ods)Z|KHryDPcHDHdK2U+Q#V|qNN7M&VlLrsucF@A;!8xT7V zUl3D;l&q)8hw_1JixB|xtWkq$QBF=(E=vvaNY{Qk>7;L#3`5NCxi4{Q1;ZeWr`Q&p zDJs}WY$gZxMk>pi>4hiNR2$QeBm#Dm10S+8KM4yhWkN@5=bg_- z;14+`wpUarnSEt}Z*|hBMM@mD0E{xQ^84i?Lr~B+Jx|~WxAhxHIQ4Mam5S{N@_hAV%Ob}rp zdNr|d%sZqzd2l|2Ujs@X@B|U-*EZH-^vS~HsA8N z$?6tcFlnTccs_@D;Gw7J_KE6CVw3s3Z4mlO7~=2s?~wRrD%>Pm>h0q&$Cj#~wEiyt z7R2zriWT?<;hPOTAh3TRzA+zvtD+6j3O&GwaDaFt;7ym!4G~^1x85-Dji@{IfjJtI zo>~%o)RZ;)yk2N1ezU0Q$R){&91)J;G#wyvTk54)m#^QrznJQNwAD6oied9XQ(D1zcHrN zWSE#!5Rh^az(c)Ly@N3SOhCU$MVUWARi!<65)%?c9$j-BKwpJmq&uT*QeW(vq423A!9aNiJF=OU6m@9n!xwkwOWmI!BHXHqKmAp+W zVan;A;m&^>)o3o>*3p4H6JPz&o|FKg~~Kw$zu?q-N%K-(oo>mCT;)5sF5d+aKZg?s<|CDN50$f5L%9n+Ad4>*WnKJ=-G zmmS%7fI?=3E`4QIgu`5b>?y$G$8&p{fE`O_2#iQEEtIma-Z%v|stv>iDQ^)LC*laJ zb$yK>FBy&7+Q9js`H%i@H;;h;Le}fm5loYdVDEbraS*-8DddS$f5Wq`E(dX5mT>ur zMfmTP5YJ&U-{IHjkl~6Y$6=xH!2752&0EWtvbz-p;xA?Q^REeL;kM&6fws@X$s?n8 z&ZB&L-czSNgLfO-TOYK4Vl|Qd;z5oH_U=Wkf=B&h-<^Kxc%AY6n`12T4K7BtA^{#L zJct$8BFQW3;IGLr4~7A`E#O7PP%Yx~`9;o{-#@Svr^fX@WOx3aZQzA2iSW*C$QKB* zBE16^>q82ZT`w$N>2KtkFLaHTJe|(WoBu7o>fM(R=!Gd12NxYxw!Y=AvJXWDjq|@1 zZhtC3?7x57T@HgnuVpbg#`B>!b)u<$jM?2cg~1i_nx~LkY#kKyovXc_LsgG|Y?L?s zHu;RyE32+q69Lk*LL2vck6`vDb!vLl*pr*qW*Aghf&DCDw+`KD#bXYcndHr$>F6m!q5J8Q_Bb^lBdzdGX;9bn} zefnTY0%SJ>-Y_atwb`v>F9g=FCb7R^QC-?J7(dkTICgN=kV@K2CY5i}Vt*d}gr{Ip zKuyKIZ0L_V#|XFf6Y>s%k{0i1OUIAz=}!+o-6S&Ow)>h=ND6gK?`i{0kzJ91)re5S`?b+`S zJ&Hz11kPR{udl1dr&0;ZslhkDTT_hBYc|p3z44dmu6fK}H~;F{$3y5~{8fhB9Vzjr zcbHQ}P5LCc0{Uqh!atPMi0KDC?#v_Z=qYdD;iqvhG~skAc^Yo(`|k&q_sD)>lA65W z(e~=4wybs?R>3SsG|NVRy7+wiWq~Kn!q1A4Cp(!k+Nvryspg`ZU^h8Z|2PXzGsN|=GM#Aom^}9TpXbV0ce0iWsUX4pXr+= z3dr{Fu<2jzi;qT#?#4IS-mF>g90rJO^?FT?Qd*TD_oSXwlV2vSrWUm~5U<}OeCDAe zk)xLOsRI^u{!!2jEVQwf!J9(@VH53b7n&&O?v|W3wl)QyIj-e|5|3LE)#D#4>f5n7%D4Y1N~_15{-M?zvyHBElL+9xKROlK>_ml>A)NvypCh1ooB3#$aNpzo zV4qoK-8WVforvCCBKSR!N0>5irlSB7dai>E*=Be9!#v$K%OtZ~B-eIXd-0;RToy9h zc>aP_S)1=JJ!)}A?N3{~8|sk#;T=08nk4G7*V6Pcs_N6jv>FC@IcE^zW%RM^3M%7+ z!|8u&+ot|9Gzeo(Cf3I>6!~ie{6YEC6f*>3CP-oRRI^h0;)ahO%%vncLk%^=>1)%9 z?p_z~V?Ct0wCb8tbiz%42juYen9L z)J_HrL*f7B1`<9&W$)mM;SfhENhd`;S&9R2=SRK`jU$K|C1Njb{2Z=K{;SBBOUafW zCO*I+%q~OKr)mHE(bl^*b1wpd6mcSxT zi)2jUsZ+scSmraf6!`GIq)%K0m(rXfHAStbo~`fMmK6uDD}eqZfPlRzlN0E67c${M zP-xM!c4zKpQ;NX_W6vGi{~qk_`VWg|;tW9!?(ryS_NP0#T$Hln&4@PEoVS~*^!~F#RRP;Z)(+%vI0UQDvVYASv0K8_ zqiXQA-RUSwl=-_WQ_FWn+cpQfaAcP}>#g=6Sy z)tCAhTSx?_sPb|x{}L}}$04`x$rJWYq&y`Dv`*NK;g9qZ8=tia9{JyMgwC@iOC8`{ z-?t~ zV??qz`=Edt4oW2|%JHlxDaK3qIC??Vv=U=eR2 zbM3RFZZgNse8iBy^`5XzUzh=^YDiNIx_;bayWn9f#div!nyVDQf8jsk1v|GaIrdjO z_{?5o!h6GtJtlElR-Wq#{j04Qb`*Fs>AktLT%J6?AfMD-!8$&);Eu5a@YBL`AzpeK zlW)mN87$ z40L+(21$HFS4-lr5^MZkQg2kc&BT(Q^NE1_-Ufvt(M0F0&TkHS?zTED=fP+h)t??;LnN0E8~2@ zJ4%9%=Fh9{CGdI%$R2v(o-74Lmi{0rbE3?Me%XkAnSdUDiT>dD#T|{pNM#%JevoUa z5aLC|H!pF`s6_J#x7-|r3X4>8TyWLE=}RX$J>VzO*KYjGxlgf$eBB!Ay^i?uLpbSF znWTgi-q~ui=-5c1wkDAK`(S-?8B)m$Nc$ndo{DzUDG@Cx_>)U8E*QOY&WDnl0BaM zR@b||pk5DTa?1;`AHAg0-x}F^)cTI)oRf#wJw z)09u9cg75m_BoT4JMH1_PZI8#DGO2;3pIM{s5zBLz7pNhVfD2rQspFmmq&)J2du={ zL)gQN9?+vl;n0z0`MZJM|Cqjx_P1yIp;$0a^tMK{(J=#GZ03F;N~>3iyH6v-ALRw&rM_=- zoO+6b&=-7H8laF}K?feXtEn2V^_>f6E#5rYEzUgVvv6MfqQxwGf&J+10cp$iH*hc{ z$Xzll9QiL`D@jA5(%tGfXzyz^W$`h2ozp|8`qL)yn(oLJgFc|dhL-atk6EA)Jn*gr zERghtB%SP%IWcYr4LdoKdcx8A{&=j@92*@?5hm45o`Hjoc~ru;ag2&_02HEK4$=(r9qgOwN?=cYykU*^ADO1BDbckQ_nE|OGk z8nqyMHP1lND%txN?G99MB+Kd#&&NzeD~u0tIv0F2Y}L`eyw;OcAC4VW7ym{&UgvsaT6ZJl;kWZ${`rwUfo`1d9mGxa$!O>Im z?$4L3L}uW@t_*|o_kp2NhmY=YbQb77@iWU@aJ|x7&dhxUF>Ar<-zr4ef>#IG32!IBMa4VlJnJsShJttoCzTV1sJ|>kHAdRF0H^JLAf9 z!v#1t>Nzb^2huL7`TF34{3)FB@ecxwbBXZToSG%RAhUb<`)UdwyHi$m@f*a&IIyg4 z413uBNXbk^FOvhz#@^0v-&{`zyjte#O9-WQ21hohlrB%xeRcW4)(*s z6L_(Fvk6Q)AP%vjYWxfgaU zj)S{+hJntoE@J>}l&D&J2*bqzay&rLfpk&^fldo`->i5g8~erJo*!Pr1)Xu? ziRB0E>|O!uEVFAWZC>nH;g3nMQLb@smL#$@Pscujhli*1kY^{0X7UlSYH25h47Or{)%({aA#us&SHWafogkTL*T;&?bQib`Gxm3khqE>N0P^P2 z$@t%@**L#_%jJB?u8DnH@pKvxP02|OkbiMKJ>s%y1c56)icZwt$&V8a+EDGbBZ-=B(kRkqEr@r>*&W9DF5X z8SrSTupJ)aW*G$egK+!fL*+K7B`Mil*Idj1{;^ax@X9GRs^*?m1OtO>FcVsN7^?am zW$t=!E`li)aN&(PY{1|b5FZaP>1)YLGlSZqsLSOQB#`0wJ6B1QOv<@vz?Mvk=XrSVZlPWo`U3 zh4QJ#6S+jD@A~g1e^cI^*ucoIA3VQZ+pH`OtxWb=V^?3K%jU#lseVhgK z2HWq7#gP7F4WYTB(R_B1D^e<&fu&ILxgc^oHm|xHAT!*q! zSyi0f-;0WjRui#HzeG1$wEA-!^xVPIb~T`A2gsv?oa7!^LypPtRwG z(?&R63a2xKj&FEd{-fNYH?1l&-~e1(o#nJZK#Bi)%YL#i$NVl6yHm^e!np4!?Y`a= zYT&E((ota~A%mb-8d@kzh2dFG5yX zlrI*qDWWPJL#U#kQXCd^w`d5o@V&cA)N_0Ny1b%1Vn)j@w)7aPW`kyU^nb^H86S#Y zp{trPaeS{K!tUsvLIh&<={=dJJsC_ljjib>!`l$75{f~RqF z(O^Ff3@w0sXa3$_W&85z+}vfkftL4YvH;!@(>OWS?kFfu3+DFFTL?KURGcb9(6loR z?_l1XN>Kg8>F^%kXG_9l!ZV=`CmbN|Z6|@L20N;KH}z1ZP}cE#VA+XLzdr+ibt(px zfH>tIn)V#@q-?h4YkQ{@Ngm2GZw3RH+gTX3vuHG@8+D{s2#C*|p0hrQvpOR+wYXk| z=#cNFpNjf;7QVS!Qj@wXi)>Qj;{t%z;@zB4u}|3v#+-x)=@?j~G;rDF7nVQR(qfk{ zuI7#WGTmu^9O-rTxnZ*q@McXq4~taoNqTD44-yAKrA}b@Cl+Zz{SA3BM14uN4_?9B z-<>iKqaTBQl~=S~&04QYuw!rD-z>g%b=ftCwwDOqOh@-S)a-JC?}&94ghpmbKd$he zS0X|aV$~W}xT%LILYOCOSHJ)EOkR8O2)Ri4G!o4owS=+Hi-rfhN!SLUpVpYj@iEV3 z3H15sobY^ZnO36Z|A<(|q>nU@gap6*M5G+RU!Y}4`ovPTKqpR zKnf081zS^|y{sbr3WJlTf_STk^1SL*=)bK^qk(iRG+Sd0swm*pfSx10ZkVQ}{o9q* zw>9(9sbF9AqrGIWYUnoH{;TgUZKcHtkH!4b|W8eC^6GOIQh3_uzrwaNnxg};h}za>zlKi1KBF4M#4 znDPECWT}}Rha!YIp66g)u-@Jjpm*9^^!8|Qqwd64*xUq84FouuISI*8CjjUlX z(ZE{gdm7RC9uMxs2bMp5syo1adMtzxi8@wSx7F@E3k{$|sqQS29#Y>$|d zN7Dex7D^y`{%UdR6uhXBJpy;qUxPL2o3m7a>nE{zwkX+VwZHy|86SuVh~b>vA>_74=Qlx&>zVZ z3Zep63wdqd#^*k&ULzF)e@@IDz}Od0CrkF*1E(JHE(*we56Nmv*tPa1s_Zzp0%5vqOhds4ShwqgUimWouIrFky7~*+>e=^jayWc4rEuMORR2%; zNZKWEO8UlH@$C>@eILdxB9f(~^F8GH79U<677?IYo4%TL0jOdpy{cfv%K}6Lq?3j~89GhYt3==bDnm;cMdmhpDrSin{&2{tO`{ z(jeU>B}lhOH_{;~4FV!1F++)TcZVR|9YZS8f^-bsJv7YBGxu+;|60!rVum&EuItM= zdw=#h*{JkHN)jOTKL??WOBR8pordwV2n}3BAcU(AFfd@Fyeytw588X(Bj(Ix=rF!* z5=U91jq7z~PUC+ha({ni@WPlsAE&muz*Y?_PQ?drn4S-Rj!&{@6IQ)->PaSnuEzw7 z!TDU%LwSot@quM%!|XtJ>xiJJ8x(Yy@e_=J9c-ckCge~;6OD^`l?Zr`YZ`|E&cH^! zK`6IGGlk9Ql9I>%4o%rG`#H|K<-3jV+PjGWxoC!WXdgS!Icx)!wnoFg`wKYlI4W(o z3!Bn21|lPEYk!>j`$ghwEY8=se^`OvD7irb+gF*NA&AabD*4ddmp0hb#+rV==)7FU z3sUU&xL=G-ZwOM;yq(W*S%;N@qSg@7J^nk$%G2+8J^~ivFiAkr*MZvh{lokV#997; z(CwNsLfKNy~XosPOXyy+l4kIrE_!{v{l z5T7%c6{;NXpX+&%XMFj(QX-8^-Tgm58l`|ru{i=q1qw9DzI*0 zYXaAwc#=>dN<&9FeP5^N03a{CU35dAE5)moE@g|<#2LV^=aAgbZH*DV@sHKeZewQy z)}$(jPd0(0zF)I`5q%5_MOkw={O4{{!6nF@Lj)9i9yvdH=f={ARKnj3M>U!ttFC4# zfYbN0T|XeH5|24xwuqb$+%6mbO~AG|hjD#{uhBw_K<3xymw*s5fxe;T?riGirFzrp zJ?#~;g8xf3z0?(T`$hPg($WLBws?WC&a7?d!+(aZ{u99DgUgQ^z!0iw{026szg*{x zk@CW-(G>kRXXYJdJ#EBhexc91(zfMFF5-vI&2Bu31%!OZG}MhAqIfGz-$m=ReR6O=$U zYnY0(P<~&X0zkc_ZVynNhuOy~KjaX^(wAuA4nQZQjMz*qPPk)O*PnA67;irs|9 z_}cLd9K$DD&kn|~I)CRrV~#FLPKo_IF_Ap7GWO;jrFj2-ZwNDX{r(ppFd&$GI;3yZ z7p(-k1VoEvl{ewRFSOTDH3@DenpT9(*J!zF-2c(FJK>;OnVvLdoRS!qZ;D~^Jy1~g z#GC~Y65v0fuUxL5(16w@?jIr`y`N_6FXGGSSQ?0wPQ9@0yS7N1rcpYk%c<|vTF8LR z=at8o5*@ivsGo*`)a$7~G%b(8G+oPxm4|((pV#$!fcb}J!AGBFPqODI-vuYd(4w@I z@qbAos$h2>*mFLPTEWTTY=kY!lcMQvInWP6)cIgU+B);5M(eLpRxV=2ARmb ztjlccg!}6k12l3|P~lj;qm-z3RTR@c12C&P_wMnQdy!38*i`8jZYqMPy9?8YeKv+)s&@tR(?3_3GjZ1kdWs?dx#$4lIw21Zr` zwK8xuhB>_g@WF$%QI>EuX@OCyV9I-N4=(7PI+}0buuUodNfYh;GBrNpP2v}K$hD5N z2cq+SeZ*GXv@wjIdOqnYDga0|P5fwrQV_X=SXpI-FHth0M`qT26TK{=WlZudA|UQH z3RcIcw~(!;2aoBZeQZE56$=kPWq^rUQDjkR)C40nj#UZgHO6oiqrgcNcMBUUI4%`X zk_xD&OsYdA^ppv^Zm4idHae*(LG$yo-NYZbOwh_zl08uAqD1vHB);Sn!IpTh44C3B2cA6XdD1Q7 zF=&nj15rGs;K@ALw%mOAJ3Buxx5mrc@nDY`!A_G-&;MZ(CaMDrlj4!*MTgp61_j;Zxkv?~73>_7|H~ ztu%#Y=e5OD2Zn!~?USHYlM``=!bDQX3d6QhScCOY>5ydS@!yawfk{~58!bz{chvFR zU6s3|9BVQkQSqQ?$N!IXm=~&=zEaQ9Cws~s54BTAv21ijOs_+6nZmv&2t@55 z!^kO>9RoRS8N#ts8uAjRNl=+P)O-s8R+`KtlM>uM$ki9RJ0GE-ex0@N!64m*Qv#G( z%Nd^f-pEldTU~WVk}Z=;g0o$L7kP30_V!YU`DXjMuFD7h-&Kg)9a`1K2`{6$h5qT5 z`YLLv$hsEu@OS~`@%A-&C?obmbT#mc5rOXUWsMXNTk z$Ejn^ms6aao*SVS@=)Cpj(fS7mU3ZtrIn*%nd&t}<#q?^^yFU<@1pP)}iB zHe6u9Zh&QefyNHYlf z46j9j)#a8?e;?^IP1U&Op-763Xwy5}c}}za?uh)so8;E5Lw`3^_B4)4OITza+>E^c z{k*MkEbeVcTt`Fk0s1!z?)gs5Yv-Cr;pfCp^R(|qEb)ZBt2a=#YHG})&m*%@+k>(A zSK*YZMrcfNhJc;8kF=-0RixU3-zRlJ&tp1!0sB9pRYzuG7~0aPTu$7)cPd;=+nia~ zaNzTfVmDX_vHPYhv zC5BpUL}L*3=&X9=n?Q65{ev6crO|pEAgNuS4Bh@^!;x--7cESHXO(C_cf!B?Bh&{p z4_l>~tHIvnZ}pF>`7X)_P--jJe1d*kl|DD+l{}92{+A0m=r|hm zn>G8>ZY{Oj?nA5yEVSCE(fJz&;AI7)Wdn8>K`9p?Wu$229*6<7zU6P~akj6SOH$F- zgyG{c5?Y9c-gez;YnpY2xX$quyTTqWS!6HjnHA7vC+=n5p^-iU2?s5%1cr4&XWK!8P-A$*)281`BR2dBVw zn}d=i1z-Lb34;cjsOqy%(+_cJJ@4-Xg3m;!Nl+Fhj#hg~NgNJfXBc(v`}GdzC@gRg z-2t)H+LC-U6!!V(sPdqMbX*_o9eP)2@mw~9Bd8}{=G=iU;D-M+FA(&HU+L73W6tFC z>n1%q_e&+ucW?5=uD7a|yYh|@eriLW8z};f%Yr0a>g^dwVBi8kaSzT1sl;-IGw! z7z~X-&*yE$yxQhgX|2Hr`65neQprBGMrQ=|ix!jmS`j*KA3ZgZFN41?KMiRjb)F+^ zsh&vG;Fvwy{UpR%9GOW1&yc7KI?eR#$;8*>&zEk>{)nmtt}VbG^yXro;MkBK7h*EyahKIr`rk9^=!%E0tD zHuB~eE8|B!;ilG^dbN`^f^ja3$hROH zD8F9lQ3kd3#H|b!;vdHbZ^V2>aVY#4X5tj^vAz54QuYitG+vCX#FZI=Z*Z9}VtaHT zM%x|3H9Z#}tjlocyMG~AMx5ucO=(>uu&W?)DiN;ww8wh504_7);$C=tLZDE_%Eq|b*_p!XGI zwxnhGnFSy#jkC^STf!Xk{uc*paaaRTRjJ1LUA1e1GB#94KpTfz6ouq%a5)B^IA|Rj zJ=BuXi3?+;I4Yn@1sJ_WkAT->2G)byn5xdQ5 z_#Nv=H)$o2KO72kvv;gNS_m$3+qotV!PjQ;fK5^>#9rT;=LNrT(r)7I>TuF;He>S+MV*>H%Z zRi3LAu&MY5Cop)(j}V_`1{{zF zqjI(E>M2@i97^&I)NI84KFwFDHt0%`ZFagQ780oNHA=aiq0&-GOo}_-R8P46LEPi# zwN=`4lyCa6<;qVFTg;C8^lb!#Qfu0(Mf`z9cm(UlJ)Nn4=Lp?D>5ABETIyF-x}va@ z`sBNH{xaBfL-@+$KcxNH*cJ;{WhYW<&+oMQFfTA7GuR56sDJ^~378!WjCR;04*c*P zPZ3t3Ln4yYrWnhwcy%2+$bZF%5#S$6HI85P9U1_fhQm-Jdf^U%L$QwWd^aRe*oK#fQP%I3n?bY#zd(a;`GWo(zB-2q%>SisX~*) zi}ie7nV6k1l1Zb;XnMhUGuPJSui)o2=b?t56`A6k0SZx39cEbE`S^DPxxElFsZgXM zM3huP^5@V<;IoMNV~O+LOIv0U0{D$a{<7b)PwnroNd-#^b}K&PBA3fOusN)fm)-19 zZ9l~0kH~p8cJ&`W-%bZE)LVc9%4wpPvNP5i)#rpzEc65f7LZY*^Jsz{ytMrt;xqA(k zFpZ~|TO5|oKl+W8x^vvnT`IXA2wZn4mV<`&E<5kZf7RQ}U;I5ZF~>?N2dLHmEsVSt zu0U&QJg7i>jt?=jr7RiwScC%J zh|RkJ_v`DrNheWDXr#0wt_==%2A1ImERW|(^d>iFzi%wY`)|8)>>(#_j$La*AIpomEhjk2J-OZ~2B8waXx>){H zzrT3zVf3D1(MZ#)H^RgqDN<~`ktVh)yk9n4GUHAX>&zoDjOopZ9wh@tGR--oh*zGX zEg*LAa%_-7VK_JY%Z~HE%rQx&E|DPy?6;#mZ}}+_igYL$u`PI~!DKK$kM6th{u#pdA4k>>YVl=`g7QlOEhtd3=g$mE< zt-PGC`@*jt-|L6N8G>afZC4l1Ncth*ZzQ|!iigDgNh?3%DJxZ^m7vz0gm9U^A(<6# zdHYWbu;1-#p9RtV_xSwVGg~^Zvlj}oqOe82{B5{Ji#v`#&xawcT7*J`bgp+3b@yKQ zm&~$SlEV$(i0ko}Pq+W7C;hzh_o3>$2lF-EMEWUEzbchij^3r`$Ath=L+4OUEB&fpChrjAJTb^{_Hov`MqeDw_BwgiY+?X_`L1d ziWHrPWr)>(6!6|q$a^NfKcHt(;?XTDulT`~Xj)`#^$l6<(i^d6VxsiF z6ce(z9u1$#8oo}0j%r2gm;-6(Pd6S95GxQ-Sz-FfR|!JE^KgD6d_|h~u9@>n3HBte zTv4o6))LR6*y4RqqTXuVC(8A#-WohYCGEPAwcV}9)_v!t4HGO*C zkxwA0uuF*ks9G=RQPKAVn(C8*teS~ZqBTK);5_F;ZfSucpF%9mof2Aff0qwFv;chIMNO4c zSqNp(HHjX(U17|;p}suZ+^hF)rWVEGA|7Kn#Dqd`+;_xg$K|oVIbeUUMD~WpwDJS( zzh^RPmLqXgw$M}=F)+(Qbg}ImfV=vneXj>8$@Oxg$iDroOvh_#aDyjBf6t_{i-k2_ zcBy`}xn|7-%jtxDfv3@??e^80HWaM6H$)bwrEjKjGfG}DkPhW+!*4N0vX_oqZ^h|+ zu59kFuOT}KSJP7ApUd@Fw11F(8`O6P`jGW#8S&aPKTU}TQpBYeGN%@Pj22{o^~6r| zl}1bA;7`DH8HM{}w@=H5pdarGIhJho)us0qLl@S1K_FODa6}^-auu?-iiwbzobA3C zlXU?N8aOxp{Sqe8x-$F=>r)MVj^wa~G@`oX{-p)vnC2_nrnlJL*;ec7&idf|v_$>v zXc8UgI&_e~;nLDcZ7z+Vxh1y1`_GBhRTq?k5$D^m-Z`I%GVN1zQs{0)TDemVQ>M6@ z+PT)N3X+|t0NN*ijhy6ve$@(V0%xoqiMA8>+&3jPo6`%98`h&Aghm2bhL|azD!I7O z83+}uQ{Uzf5l_oC8Tjw-Vx5|T{z~l^4W$lYaewO4J${AfH?qrxLV_-eeOxtsT)HNe zR><_*{VahZydNfbxNdgxY#$o}cTAj8f4;e^#b$I{oFAdMet+p!5H9b)b3d=m;9(V@ zUci~u7<&tCZFBL*fuC)|-SFY@a#CCFRA)%pZeE{(M;UFO0uA=3c}5TSBrmn#)mmHs z_*>A;jZ!+=RGs;myuB9mV^r?i<-5*Hmo#!p=y+`7sSz~j&?0}lBHH{nWVXd47Bde$ zCTeTIUnYw=@0L?KaGNq0Dg4QG5pnTotkO3cT-6W-@jdo$Z#C5iD}eexY~E8b7;rHI z=xX!;4*9rKZ63Rnmp5B?jlsC=SFhoN9jybmpclwXI$yX&f3`W!Z(5wPf0gq=mu9|` z*&DgF5uP%*dqK2GrCdROC)dL#!609}fCsocjMjZJ5MEUf#7pOQR_WJ&PWX7%7Eea7 zI@uNQ(p3XPhHnK%PcRI54znnv9NXEL%%*dkK2%@Hegsv(e~c| zIRF$UzL+wjEI2?@B^<@aW7=hYP7%T-N65E3o9UGKqTp5G`&o6p%P1#u>rtE9Ohw*! zrX-G}F@4rpnsP-J-nl{N@~h*cEWm{0xR_Ig?I(wz9jV*6fSoK;7mgF{LW++E0-MS7 z5vKJ;y2)P$G&}8HAb<#{4`jHd@Z{;p0tB9kmuluQEM)51QE+1z^+a4#?~PgJ;hZ5U zfKGCBi{Oj8RNU8A|36A3q|7QhV zw|)@$+ zjK2w;Xsjy|&(C#^XFMXlbYtdZ-a`o21|m!QGm_3MV)h>K+BL`?xl$3iEJazuBTr&{ zk+_jxtINxFyXFRsiT!A!nGTCUX?|xjs^RinS>k*Q7lsZ0#{#rR^UOP?__@*cL5S$Y zP#eCWN>t<%tuB9-f)l+W^jfOK-PcYk(@G8F&2A_6T<>ly0*(r)A>Ev$2RVC~VJH+`B%bhV?^bt zT1;ZKtc}K!-*KthZ?umZx)0(>kNea4ut}KyJ|ee6uiFaBdm&%(v|R#Px63dgvs4+? zV6M2t1QYry(qu8c>(Ime+0uUTMVBgkG4tT-O_3;4@dq7PTqUqu94ubmu1s8(^wVTyH+NYHa=uI*-Rbis4lTy!sh)lPg>+LR zd*#qB8p@Y~oB+-5H$*O{CaMEAYh{Kpkyotdh<}g_!Q(A@F99Wbca}Zmlc~!g3%RJ5 z#}+mI4${r+@&soG#EFUBN^rKG_mDBZYQSsW=Wl`V-o+oYsr|vVOdw6M4xz~AI)|bc zWaHeO^`ub>A5lN~(7CpPk&aS3$?@V|lBoXX^U>~6+d*FCV^$d?yxDOT>n@*`BcJ&k zx{*Uqe$FT7dST*S6GY1B6l<7M7cd}9{V@2$@9RuxumDshLw)3yk8S5M+Ky?C<;HN{ zhe&NuMT1sIkJuyaXL{Dxqz0zvD%%0$3M>=Ghc+5dU^Wl+S7hTk>5_3gWmL930+dg` zHN=pL*cA92>PzIKH`aV+95bR6@JXHijSFY;xt0*?mZ}N(54i1aV|g zT}@qj^bHd^brNraE{kzQY5+H{YdngtY#crDkU&2^nvopQbo+~z@IBsSWRGXdGuvX4 z6DrbTvMw6RuA_xVyiqhFi9r0Jr>3|)y7%zoa(9P&CVGeh;-G@9ix{ppyA<3*zQT~@ zOCj&5deQbQug_>clGxmnbwmk$n90|unM5|l1H&&0gt*%D2`mfQkH^@PH9V5(0IzkZ z>Qo2{6guPHu2*gOeLeoI)of2q=}fFwHnvqe8+<91ZFOy)ynNP4B`k7~TfORkDS>kG zRA|QjO?)N#jX2I-Y4f5sC5KMN^`VISv^PVK%e8Fah=fo(PQr8Y$Qy=YMra$ijUdT5|wiWldnNwfR8+kW?z zJ3E?XJJYd}4)D)H@9+WG=Z}YNGLM0sm|@4})K2u|+avQ&1#G!V)q!pY!QQpT{BIQEiR*5j7X#KCX>LW({zUhhR#| zhpSjAa);?X@5BA8%|@bJXL-GkJtof`V<&tw3tc6aLG%j!RdF^{T}}bGKhlDEO*Mm7 zn-_-9OKf;F$`=3r>S$_*t;KeoOVw^){LUNURFe4?d%G%iaHodcRwywZ0U^#IU$e@{ znA9&2^VBr;r>{RPxX+|ew^VH9n_u6CJ&bPSQ@iDTCHBNbAOWPv$6qBg;fP7HyR)68 z<`d!H>yX%!*3H*xW2Su+y!Q?kF!iVTQ3a<){~A;wH{;_f$#o8)=DB;t%tgRf%e#-7 z@92F%TX++ijmPC+u~|EIJ4qD6(O&3xKb5Gi_vW8~o&b^Btn(|?3a@$@4_+_TqF3cU zKYm+C*$!nWzo9TCml$uVC?^>&<{&kR6`(NvDW6p7l<*S+N$lqtMu;tJxDFjkwtZL% zMs{I7z4Je>Wpw^b?7;sT`$F2pL1=pxs7Aha_KkiiNm{TeaKGm-{+{cC$BZA>Mf44o zQQ-8FUuB%RfpOQFtnEe?hk4z!#{G~H17(K{i^S;*8v@s{h|_j)%8tE}L?&7)eJi8X z6RHbKQcuv2{@p_~;YrhxG*+&K4r{k>=`{?t2~4HWA0x`w>A#Y|o$=vr^QGxs$ZyT! z9pG|SqSo={iuW z8LaT%$^wEVz&6RbG))1Fs7I+h9Yz{7KDH`La$eZ-Pe6>-0uiHYNgtc>8=TkA$K1q) zd9fGXQ@#E~j4}3}WjVOYcsRN&v!a@|jXvOHnPk~#1rw{9OU7*#XTBzaqQ`3UZqD_* z-(J&&&%t=v#VbiuCXdxQ&7*hD>U0qSAmCoi{;LrEXDefhm)NouH7|@4XX<4o3C=ne z>vnOet}+-kFS2W>(9G=}X~NH-%1D;5=i}MRV7mfnEXI^33)ni!C@!|P^DSD!UR#g~ zK(u0US*%P3AFaPyZ$%S_?Z5dpOGZR}8Sy7bs`Wtb>*gxY zV%rG#Nw(&^xTRUZIA8l+mW5_kpV)5?Ec$UW5p$`H?lZ@{OWlD-83!W|p5+Tn zUX4qfo(3-*y5+T7(%5}E=(3He5ha|NsBIO_5qP+Eh8_RnvD-w8qI^lR4!L?rAE|EV zP(Xi*b}D7cbl`k4jDol81%5cLWdXkT%JNk*F?`UK%Ugl~l?c>puaI4=(rJj!;U3`r@?jzLb+m0gCqH@9+!`^cJbn^OJ z(9wsRvHb^IK|oK@N|w>7oWbVs<+VPg_e6`|?@*motljagK0nxEhXbYrd5yL20aH?+ z?RKHu_e^E2mDD0owIA}e*cHU8niFkR4r!X&O7B>RTmGbmK3 z%~`w1r8Or2@Y1XaUR=_RyZ>D?!+#B86z*!24oa^8%syw%>WcfIL$>ZwX)ILxzBX#A z?4C(xE$z=rt)*C`YOP+#Q0 zM0Cg^J1*O`&LNj5Va6>g>Bqw!jjmHc82a5U_5z=-g8PP=RPLg z6EOruBl3=W;c=Vh&lbyz_G(0?Ycn^;eZPLC?Sj0f=Xyz6GXtd#Smf=zSo@2*52v|4 zICuGRqM7gdi{Yn;@70cFN9R&_>R=>Y6804%<7}2I@y!Un{i%YvAybJ&<;T|XlH1DcX&ox^sy)_TG=2dO)q7voNbd;pHaUy zQdF(G)*snjqWNyK+m1Jh`!egReP*r0;jdH#4@KFK=v_Sbow7+U2vHY|R22Wfbw}S? zbxamwq`2yzU`whwCQ*+WJ-9nQZ(T<Uz!jXR_z$I+CmI`x7jF&$5_^1>d+XMUCvXLUP9Y2= z0<{()ADlo}7`-(uGp5Sm8AR-;RsRgMntNTt!fL$(Yl;M_KH0b1ie?a>H!lvHqQL~@ z>H=>-m@?E$;$BjnugD5`a9-C+;ndl1orb;hO&cELGVDUwo+Gs0lJ-49pZU+vgd1{) zS1;R(AC8?kmetK;K?X+>t3b$C~w=P z&S0s~&7hZy0bnmo#i+Bi#w7ox0(cit(sPJ+$O4|MXEKP!*;!5|P5a?QjG1i46Fpu+ zsLMZ!hfk;;k`X3LRKksyp$1SNspWV{E=SJYzTUAsfb&=tr6pt8+;*cn(&3BqkfF=* z$ylrYel0T?>DZ@Xe@^gPK)64?=8jTJ>Odvn)HQz{MiH24@d0%IPudmmj{Qs~WdjKi zSrOYe+xNWU4i#X1zd(qx}Pq~jK@-c;#K2o;y$$nT{3A(KK;#sjsEy1Z*wt%2zI6zn z_FB0HL6fRQL4YC35t?j2DiouD```6~gxga7l3@{>Id57flLgn)Ly423&p5_DGHqLM zFxO_OKB>Ihfi@8~)1YdwOX4dvHtS5!tb&iCDuandSrzOTwq)QjziK}>)Vtzkj@zuB z6Q8T)%RLQ3Kz!}6tWG021))|^j58L!3Z1t)gqU2HQxbQRo({7^nPhimh_%1Zo!c zjrrrWLI_!Kjkg7_>se-_Vo(FcQRXcWRM4#%6!>Rhj0S07L&rtPM|kPE2@~>-d`c zQSMYPxO0@wix55f*&vT=}ec&9?(U(Qb$Bq%5Fp0~TUv}2EMOFbS z?`48-AZ2#hk<9L@6u~|q1bP+J_lXFcGS;$j zvbDN)o$h9{SoEW7^IfgdtjE+LT=e!9k}24vtw_*yx>&m%MP0kOLLU&G9Pj%a`LqOL z`J88Z)=gVBk}q{?{Is~0H`E#wNQAtM)k-c=v7jiFsaqkVo3PA7DCZpn+ng2D9i7r8 z!g#Szde$4Ibx;Sizp5v{d{2_ZOlt3cFL|FKONoj{Z`n_ZP{~0_Q5Ty%c+ar#r#DoL z$Ph;2lIJkD7x#QW_a3*nm4wj$n8M&X?}=2p)Ai)1I~FWnn`+MGdGb zG`0Z|Tv?ULOchRajBj5V3~K%!LgY9MbM}G0*X^V7HjdI#cRtp|g;IA|Kj)V9bIC=& z?-DibMq!SAQ2jOR&hwdhpnO!3*>H4>EZk8zE85n)AOVMH4(s8G(am8!DJBvj9PlWz?xoAkS(|006ZK^*fRPezNY?OTicbY^P}k;ILs3wVHqq+$5`H1~Hd6@UufIH2CruW)efl9cf#!CFtCnFUQNxIob?gOnV1 zP>%3TA4@vn7&k*{Ur1)ydkR@}#;{EUBQ+wP>r+LZckkhTNuYspM8imfHS6D`AEd3T z@@+mdO(HFMy`Xr%e!oQ65BmJy=|KVJ%fi!3!Q^MisqJ|RvYm6Ui1TdfAc>x{`!cC$ zc6ua+G~ybxx7+Eq!yiE#Utt6Pmd!T)#?6xM3^d!hh;kl%@*h#o3YH(T5;`82NZWM} zh5o6&T>k(|reBnV0oo>C8L&b!p~BA@qN zo)W^3ym)e#uSB-4EZeotWq3HCWb2Ssi<_F}FYY)tqXaB>rz#$QW^Wf3Fz0vDvi@S< z^K~QaY(M!q;M`9JUj%^4_a39?MiG%84^{M7bPb~rUobkofADd@HZhVdc!BtV6LyP-ct_C(`Gzt=?Po%f*gSprfV5Id9d2?% z7Si^}7h%?Ga_ke4WZ^3OX~sVl-gAvOyc<5R#{-y<%_NYg5jGL6S=6kWaIpx5BHK}= zhcSA9Sa`IewATY#ynNE)U~v$xgj%{y9I z4qwTuUq6KwaluaED&dE7Eiv_xH!YTqkL`3AyR&Yx)uT%hO=vC`k_?=iG+2 zWzm^MPXxvUs~rf#vz;tXTpB`&%&P?Ft5$3nQ<}m{1#-dpb!!Uiv*-(fV3RbQ zl&IZQ`-LA9&WBP$hKv`9Y=X<4`b{yA?lIsNA=5bLYt6qm{+ znFTDD*4LVQ`Y-4>BXHD(&paY%!)10cO2nt?josGmoQfCy>ez4TZV{*j8oC|T%g#J7 ztXel4u8Wk;fc@DY?Sd~4kZK)%Uu^1=LC>IuRU?L1uCTR3498n0l6A)v_DxhU;7po;9t{@DDS zfY5Nnz7j7}ECT;IN+#kM3ity%EFcY4W3}jzYxLu~blEUZdcm6-;9kB>mT#LUSUXYt zo$E&hi0jTR2o%yz26uLyfAMrykpxO!k_>r=^hrO5<~4vCTct2$lfCfp91(Au1vI)7 z0A*URP`B~)@`){fFp=->17GT2`PD;5;eLFVMf`xj$=dX>n!){wLx9M-5UR z)4t&FIKBQxfCf8tgMMXlX!GG`{1{&P0Z&Ibx4`&9VsHEX z@oeXf7V_r{yZ&cT2O0IF41K3f69>`L? z*QuV#Sz4tDfCLMP(TH)kH`st#)g(BCjD?vPQxCWE>Szue1229*qTrD%Wq_CU+j_}K zM>gPR)N@~DugJO(XG|m+K$XfT-JJx8^Yaiki=>#w|21q;|8=DgimCil8CS^qsao+W zQe30I^h82Y1~kO8`0&_SVL05dbN4$hs%9~Q(`{SIug)KU?3N%c6a0iKPCWj!`Z?^i za0bR1`EUT{SG;N0{1F!*ByDlC&YI6DmRi9Jnr>v`f0hK@0%HAce^T;Z%kMB!>wgsr z*C+0?nt18$m%oyzAZ@22y1O{!cfa}IZ)6@$CLb;nZoIn&7SH4eZg_!6SE^&;a~X=> zdUiqy{JS&%JY!Vj3DRnepU4P}Ubfu`Bw~M4_XUCLed@`5&~+*YI`GPN-M0uzv^}Ed zCZzb)jd&H#pdhs^Ls2L@j3RZ$-P1M&-wG+HxF>x#VlsC={8^avz4+UF)>o&*`79U< z@3hHr`A|KZ4!7gBP_;bE?80o<{Mh54bqKM_X#fsli~PLS>zrP_BNPb^*Q-K#(`g0W z6zBOD=V0W;ZHgdkb^MOx?k|DS+>A;jmzk4?LI})yBHD2n7hmNs?!IXsvc!f~9$ETi zxpY+tTH`xhsBeRegUTCRNsm!GYmbsO3GK==!_LH&KWgL*dS07Q4P`mV zZ@w~t{m9TOB8vQ4E~cc>^>5IasV4xZx#?$Y;N!Pg8;TmpsN(b=E3)xj$jrcVj}(6%@-4I9Lx1lLDBq6kDh1koy>Jk>8C3REg!ABQ#53tNM86n zBHsMUtz&15X{m5kw42BAHW6?CHJ>_% zdI`tuliIq)SGW)vtNyH>!uvgL4^5IiZXNbWL#M+ZyUgWc(C^bp^2|xYM@GkLlMv6e zUp0CU^K3tm91ZHPvL2(z$WmASg}A+f?P2#}Z>`e{`mz_&-rbVEMW53=pdaCAGw+o- zraIS3`-}f1!6%IQL}5L?F2!1SPU2iAh@Zx$3-(`o_N2x2FyB!ddkgW)(R5wffs0g` zu7T#0K-KWC!;fd=R;JETW4S8(Am^0xFNMf%Y~;AtK9VlG{e%%<;$o->RJX4NN%HPm z02^X_%pdOsY9Xe+<33Q-P@x>myIFbXrF}}|S9nl3{0w>xJJy)b37$9m& z?Nh|kx$}3{^~w3CcZ?#^SNLmd>KI?tFdga=W`#wnyhSQRvjc2gvT*@}L8^(tJ=~Lh z%}+}rEBMa0dE-ADTNPj)7!?W=mPsV`jw%2_I`eoIVoSkMw&vnU3=R`za182ssmi*6 zQb6$A!;O;wdO}~AfP&w>n1Oor1*{%#b!2r2C2$heyAr;q*<@IYez(TqbX1Ne%t_WR ze_*;XQ69qOGZ8IQI98k8YqM^bPxG(MG|d0XiXty_@f?r2BbkzhRhWo`C{)J%iFH)W zScGZ?I9YrBs&_P?Y-J5C09gi(O{sALJLw6)veY9UiHy+*n78TSA`Sa4oS$AwO(v*a?YB{~rtReD?tT=~i%ZteDn2AFGq# z9IDocEGz=OsmIZl##)Dz`PogiAN8WVS}N}vskEvkI2l8yM>Kxm6NTT`+3r=;!?Ybo zO!ZSmrs!zGMMIDZu#Y;Cwx%< z1J6yC(XCO?j7(5*j*%JGsv2OD9nW@d0XgJ3#dSbu;djT0?$7i4I_6BQBh&iT|1~ z+h2J%DnY#cKYHK#Ak#d*@$&XrIcJR18gB6UqMud7UPu)%#et-6^4mLRBq8_Dqj>|F zL4mW2W`@r_3dy=?Z1_|!@7Rcf;@tV`$ZTp8E^2aRw*CLq8vS#A1(4+{2h0YSiwt|S zfT>^-xmtWTZOJ1vNJ7Z4{F z7Gxxx+&pp#47=TYo)TNyq7-r}Xby47OgBl+L({6W?=5D>{HHxW0F*XgvFNZw`mpe( zWyLq|=Caj{3GwKn9k!PrmasVr8$7N(#1=!lPI;*-yu3Z43!LXS=>4f0KI{Lss|H)4 zgj{j?>-D$@-!*@WU-muzpO!zZ`MvnyPblKjmUs(4^ZATo$u7&?;1HGSxHZTa61mDV zkLEt-Ik{aI_+q0QdC%D50l_k@H7t{V}S;uTuK5(728QJg>q@_#;c zgS}26`x*9n=t!pK(jp@v+TmGj07&DA5m_!;9r2__d3jdC7MGRA3U`v8t{>L*L>8>e9S~U#&V~fb@104@ity{daLj6m& z3Xe?w@C*U8Lqn+5p}6bUs49FZ1eq{_`_$T)8G`g~k$@p0vX-wBZwY215UuFQPJt`> z2N>dZQ}zTi^rU{Gr3_b=`ly-Pva*>AZ(&07>^+$!w#(a@dIxFy(sxfuy=uJoR1ptu zmw(l6Hs>E{`X@SrerMIwO0tr6O~eQo&%w%nLt<}*ppZ|PFP?pZ15+z`H)}6re6YEB zw9;IQ%nHy0j(*PE?NpE`({(^{K)=bKzR_Q#bp850F6y<%CjF)^nW8oA*+;S_1I&z> zX|N5$bh)Ux+l@$V$YfwMDZ&#M>x2M#J5U$!$3-!>dx#(Hj_^D8`aAx6anX1(zj7RH z&bofa&Q5XJ4FS&~d0Uhz__gz^Eueq}*pT2@9EB1gs=mob1ry>XGg~%eu-P>EEyylS-kOlUEiz&{!{bzs z^kl&pC1I^`$cr@2$x{2kpvaSM$@^wh{#{~tfi+tZu$}>vF=g~crpY-|;ZH*xLjK|^ zV#@+X$aQeUH{nnJkEXATin8t69=bzNLAs?Rq(d6%?nXMLJBF0*ZloLOE~UFcYUoCq zA%>Z6?q_}PFNRpmf_3im+WUxoP=0t!3DuF2xoD}_+pJI@BKIKM34TFu+rn-s6B;Hv zz-S9b*I0WiJz&GR+fH9ydUv4b&-NqMm zoBW+9);i)QzITUE8bU!1lo#{@cG&|*ziIIlNuNb^w)-;dS6bJ}LSb7B7adCfo9Vj9 z;RBr;0`zEhawwKF$jgaaNkTnQXLbP z#tiFVj^hr3Z?7mX*`?Fcftkn+*;m~Y08htq7bXRidNMY;I)7C!kg-eeOZ;47bZbC4 zDse6f*OuIouF*T`Yne0|@dswUhajEHUllACA3dYM0DIe_N+Sb6Rsx1#AVVln$298> z4|=424Xl%bG5q}w?-=Os`j$LBj)8nTeG7hc_*Tr2wviXmmgmsx3*InXLj{F3EP&@O23_@95{R~ZWI>aX3E5Kex zh;*)wdD=HFzcxY3S1V)x@(V)`iyJ-2QSAx#3i@_%%)rKD9;eCg_H_GXSIoNYYDy=e zE0~20sKCxxZ-Jv>_O@a{Rs^OZiOY%H;{VpA?&39kE<4k@%UV?UUIvD)j*Cq#HKMj} zd$DE$n9s>VE+H1KFMIJ}dkNXAy+|h_m2D5h=wL;Mbcp}jkx9>T|Vhr{V?yCUdETU~lU~?3LY}p{?3zGMS zOoHh6Lxe5%k{SgP6TE6Ef`x8LQc4$aOj_(mTnYg2^M_PYIl3&P{OtK#>YJ3qYovT` zMTdwYmCwRR6gI$KF|=vR7GXWB_B*gO;1x9<%&oW#wzZneWk$=l6b?kgkC zOJk}w$C`?$9J&d+&f;CZ^;qTH>}CC{oTGg#_`Y(h?8k8F`_}-0|0RafFj3z?p2biI~0z6sWGgVUG34~Y+m ziJGZ>ueW@+5RC%4Y-@*Z7~6YnHq&}~mJcMPJC`$GaweS4Z#oxU^8cB7PY(b=x08qv zuk$sm&w0XM!Iw5`Eb9wSe!G1iLSXTZo(PYZ4gS_E9i6QHz7oZFgw%TNeC7(^ffB!H z^;MDK354yh1Tyw?cRse@Ndw?a6lvxJ>y*r2HCHmL5Qj|g1ST>9*i zUDc$Rr_fES1!r{Ft|d-sCUO@Pd-fYXrs>{P-KQ7fdcft>KRlI?t{~ke3!ubpRlHT=q1K$f!}%x;uXi=lYkOL z;RAESz8N{P`g}f2LqrFJVX1b5wA+AiBGG3avcCWr$D2C0i@)b?Luc(AvDc-7k9~Y~ zS8LYYKg><;TnzsV@~RMPe0dGrgZfZ^rSgd>Xaxx{*k(E$VN#6RLqnjEYy(o zB@xWZVi6OeX->X;E?Ho0!5{qmrdq0Z)|c3(BwI#ns%RDSGJwKwf~U2H#8!`aR__q* zAdzIwAM{ZumQATBGOshH?)R&V)4_1oC;S-YE2pZSt8gPku_5R_eb7dqvGpYOfqHfz zR}#K>A>e#(u4h?MaFOrvvQ!Rln=*L)Ur%WD_l_TwCQnVR+rUEgooya8*QKeItGbNd zcb8v)FiP0!8wgS?Jw)08oLUzBY#UbV2HR+Xe>F>s#ZS?$0#a3PitkU^wZl%q(c#cS@Fn{nyc zGuD{Pcyp-9I-wX7BrT_W73gpDq^m5vUHb;3P?>ec?RqPNT~J(ND-wCstsDFkZaqfx zXJoBNk)wt+=w?e8?$2lA0_ZXDCkJl~NlpONnfu&DxO8DbHXL&`zwia#46#xrMOs?X zFk20jC?f`qG&X3GH&})|N3+YiO%xT1a9u^CE+{VUF0!VXHV``7vGGjgW=_yqm`Pz0!=Y}%pG~YpnWD?or^>*OEi4--=~c&~?s5NfcwUC)i7R~ZYw7#N?|2tx^;((; z%J7=C80Rx3j%M5Z z{B|n|RuNk9@Y?A23WVF2{Z6^O@2E$dwTwgyH6n}$Zj#P$_bgR>-takeN45DsT#nvg z(Cm&I1dgOp!Zu63N7Q|Z1Vaym_?<6bN5B_kp$zaj?(r=_!pkD&)PkeDLhp&9=b-1ri)_&cvu9*iZz+_V1 zX5%LOLSHC<`g44cP;K-$L6wyqmFgYg6a8$=ft`v=7^sjUW3Q>BK~K zI{1=Qbw9kDjYPJ&KURrEjc$oSM(5>`2Z%{4D%Kd$iP4gL>oyb9&dknS9I=r?;)bgM z%;ti^3M=o3nlW*w(>#b|VCucKCDG!!HrBY5Gq0E1m)xag zsz&y%m6Q5H5R`qJUBNO`>Ceh@R8nS4@P>fQ*4x?J=5a!2OXT5?!M`TDGkprpbheQ^ zZ%p5-omtt7pGn% zcSr%cf^~xR_F?w0J(ObTuyzw887l5@Bu6T*lE1|zc~BT87%Ph*t>p^SJKebTpRmjL*lj=FWnHPFM-RG5G8vNrH@T zF0ZLoUy5KL7v#y;tW5yeo;PUknQAO=Ir{Rh_l2wdURk#VF@0GY=85~Kh|L3~t`7tE zi?i9w71GDZuupiu8{c2|FI8{nPrcS(rpN6wW-&&^$Q5V$3l{zp<~^WpCzS&XTUp~_pa!ky-0?$KZjGT+4-=^&pscFG=-8;D~yU_=`to7bX0fxzdEd>&$ zC?W#*XAJZFJ$GgQ+aBo=OL$lt=O=agSPUOjjqj33lys8 znoT0F8^YOFJjA?1HBNG|(_dXqm*xw?XWDfr+tV++S7T0rt&X?KUA$l1*#R+!9*K+> zgb>Q!%b)O6wK>S0SBCS^VVuzl!Am4w_sy4}t7nzoG#KPs=ka1n=Q@-n@V7ne-s!(j zTn-mZ2If%|%3`noWk5b%de6bR(QHWJv<0B{U@ArhxYCy);ZGD-0eQ5Te4U9$2}OY>wgUVeef^0n=^8VbgwMQnG&W>A$Y&DX!CNOaCU_ zy_RlYimg4Zt*pJQOItX>3%9-}rJI$fRi}Tm{z3guZ~gP#@3ui}nlgy6R-7wX8!LE) zc?|{j>gbpWZDB^^c<%$lIjf6nBBh5NzLLwrz~|6Q<8wI#8`^xiNQ2y@$jsYbsxCz`uQ3+PVZ_;hJB7rtPvjRW_9k&11Z4qU?+7e^id&h43W0j~Ntx8zJ&t zMr98dRuc8A$+w05y<0-iGqEUcE12W7{X$$Gb$nSZnq2Pfo)Q<5v1#Jrlwfl*HOfuS zj&3QEm@?wxJVFtFpWaG25@4TB%tE#bAgC11I8I5$YFAxAYd*I~tCk(k?OK+OE0!(3 zA4!8@TUDm7M3t(k^a)Fl#d0u7gNzQLQUUGQ>v$$4goyLF*1u{++$)#3k1u`eKMb={w zD$a26RyB!}DrI8fSN~D&3VIuQj8f50dU+dNo_^P{NLHPHjfQ@TVClw8g7CQ9oZO!X zkALulI(3+%K-X2#7QLPz?7hP{cpJY{>@$)qP6|2W^}YGQA}+ufpRgw`SD6_P1N|n? zVgwjfHzceH@OXOx{7^I_*1a1BwD@Q2#(#+iI+|Nb;B&tnxb2x>-Lb-1TU#5j61?Y4=MVsw;t6VvgX)_%@k&|MP6>%-A0N-!A9`+Lk66+#T5c!N7hhp zvR+%NKzVc0c!A>zgwNp!m1WZh3_$9Pmpzn}s0tZ6LUVQ6}sj9By@jvUfk{T|I*bynt($FjO%o%D1O%&=zaC%UfaCLG{lqj(`(+Mw~x% zZPDaHb3&A5M3Q6t&%4UwL-B?Pvs9t>%HGw(AaxADY&~-1%LLLPJJLNv&~Ooxk9-hk z1=C^Qf&|7aH312Q;5_!{=Ow_DJm82SU(Vw&H7*}du4 zJ-;8d@foi*uK!`7EX~#Aw}1xY)XT7$P2c@}Ta;PfcZ+4%)EB@_kC-c@nN~Y{NvME zu03-FZmG99c>|S^3IG=%k-2^mxGV*9kOm86PPG6LVLS4*8Xx3t<(Yg3xk#QqTDWx zgyHB+mlm60^`k*Dpw$rN`8tRafGv(#!o;f?>`92BT8*npi{L+cG-ek72Wx#>hdVY1 z3yW;NV5s69qWR+0QQ+@(3yM{z2F2#0_gl-}@6-s;Q`J7ymm&k;jaC_K3I?Q7FpCX2^pkx%1dLvtEn}WotNQrJnP+#FHIBDanuksGzN^eUuR0j50d$? zx+{@!LARoY_fHD#`+b39GA1wLWga|-);RO7zd1` z=!P0EhvT($A3%1D;O9!H!$yw7?`yg4XJYOc% zOQ~j2kjZ4BKX4>ypAz-x#ac25cEaMN%>P=gu=NzJB77G?7}(S}AZrc}Humzzf#kp> zxBIkWdEkEGSEqNhSc`}Hum&SvkuaRKJ9i#A0#i)4ZoOZ4X{q93P&QQWT; zH+CfvGqI?LDvxlsH$PZpeN~+6hm` zUE2W#KQ5tkDtP?2Z*^C0j3@;IJ>Jp3@pTw{XctrY87lvch60rgW`6_yIc!sb-M>(P zyY1G3xJ5I#ozndou#ZP)E8Ajo1DX;m1q?C1rTzqO#=g;(wfIUzfb(D0Y`2(E=nTuZA$|Vjkt!n zLv95Fn@uk9Jp*!%-Dnt9B?f{HGcO%HNI+Y1%`Hr4ySmW zZ*9p>*QLF)>7=MhIEau;y&yD(6_d)FO6OhxgFd$#ID;BineNtF_89-BS^~>}Sa_anh{(j(xX4fB*&o!IpnHAi!^iF}y99V_o~LU0oOK>z2!*0lyhYvSHYD zL8lJYRK|pl{b{kfdL%Y~-$%b6CR-5BJ3`#>lU%~QL~VHE8d%}8c6MnLJYFK8$#A~3 zyf#0=Xa95)5zt!4rz3UX3JWTvnOFa(!UnD&lwe~(4#*b`WTDlMV`nh|*j}0WsS3`~s z#d}@Imc(m!xwVd483T}S271;8unqvxi{AA|VT1)Y2H$fsY>T2&dQw8#)?VB4QRmGV zukgB1paYWtO=8Cd>1TyR#hys`3m)PG?|Nf1b9Cwy*|;$L#ZVmPfrY%sn@h?nI=7Wr_Fm_myKk=ufGpv6 z@d6aQbuv1vp}n0Wg`S=;gM_uKJ(~gGMQQDqb)Oly&BMIF}%d2Ek#gA&ceT zBNmbI6PD+l=jE_4lHZ?*OF#6g@c{AA(%ZAi@_MQSJLWTx#bI;RGn&{8+MalP#r<}#eFxrrt1|(RqP@(i?10syJ z5<6eK3^?$PNhx3QbD*!m*^PZyi~AF;NPwAwm?AC&MXO2(TF9)4Rlh5ZF2M#v>n5IB zl(phkLE-qJSR*IRT@Nso8y+We)%Ih2t?(k{{fWMwr@3%qvbNVg$B#$#J*O>@}{bj^LR|UfK+kI4F;&qEt zN2*`G>x{p)AVEos(oRfL1e?>rqPZuO=lWYP=WBOa7#?xiYihavbDuRBsM!z!Ahv9_ zM_(nY)r5l*so&s=(wefL7sKovN@+w$0UEeFq=^&m6clE$+RQ=l(juokoSnxFjB8~7 zoqX-)eG-!53Wj|mO(enK_=dUGlezowB4BZ&=Mx{uh0%{~qm7_gmkbaJvVzAWVW^&q zb(ulJAW>d!1VG#j>)yz~VJ%X0@YFhq62i-i zmIeu>0jhQ0@^th~`!>NmckxH&M*8T#!gVS6yZq|*XgAMT=Oh>aRd2ZZJ7_z}Q#NRt zk;c0u9+^r)LWnL1jU%!;8*MmvgA5-o7)M8_M3%m}u7HausQ050gS3Z(c?bXnZ)z5T z4!0IO=IT-V&EDL19Too3$(^OR zkcjVWEm-Z;z^VB39~3Xs*?9d%32m(sS*uwqJQx4Yf;+J+WPXOq?J@9b11fTEjI4Xo zrZx>8*Dhzy&|rWz){Z<8bvc2t13)28%q#Z$zGi{x1zhNQ z6ukKUVB;6jl*(No!G0Aho>YzayMp!c7>60PezDW&Zyx9jdcQ#osb@y)jvgCSr3X|o z0JXVd<>1|al2ojPnVd8oXKUxnrECp-%P@R!i=p;NUnHKYX|i=(p)~LIU}$1P*5UY| z-OaM!0Ubc`Q2Teop0toX0ep{22YXLQR;vI>^7%RrzC0c)Li)Z2aY@}>3;pQ-ZEpR@ zM9ZG?-J{dmJq(8R=!A0q6B9a8xM2cZ|DFxK=jg|ZwcLW$r9(*NoD{Ba8reo^S4Rnj!?ax{0mG^*t5TPTZ?3q)K=k4My1g?W=MUn6jLzT{FziQ%ol4kD zBi`&ANOO8BkMfnAU{F&51y$|M9DnNoO>l^>%c;5jf`o;-2DdGB^!(RQF{M1(sJyWN z1ez2nwU&Gj3whomR*zwwWwl1_ab7;mNt`BDOBaTQBu(sW3p~e-wcAaDbgop8Cuz^Imir`dEmP^-W)Lb*Au@GFP!BvgrL!;lXs=Q%eZU3 z0;&3z%UU9-gFt*A4^a(RTYYtM%in}Qo^V8L@{_voo^E6dE*jK@u&*1vP@c;!M&dhU zQktp3cmYfYER^?~CcPp`|BQ1GTH=dDGIz?JKwCPr^ro?S3l-kDCn9w|Mh3e({GqimQ(kh z=@$5!D-#B0dj%18y@xB4jUpSYvOUY0gM4osDZeQM6eR5n*7jcM_{R(M`G4$FQ18WZ zC*A?0kxh+__$T6Um}2sKppq<`>KOM6$nnLXlQGNdH0H4{4ck>$3^qRlp^ zYZLX`63Ts?ECFY%Too76<}^c~nBFHRNPPuRh%io}mSG3_;Y=`wmRImzd{EAry023^ zoG{lsGY5L1f%J~+wpez)v$abR?B{Jvq)8lNNIF&mZefxo^y206%x3gHyj zjsf9$MF5kaA60EdPPTfx7v3FGFZdD^B8S4)Rv=>}CZz!Mt;cno@O4!Xw^7kU@Q+4z ztIY*5YG<9M2L75!aJ_*8D8f_&_7|PsVr{rEsI&-*dgTFOR5W&ihLMO>vZF=#xsmKr z3?9l{M~2#wvPw0!KaU9vQk!*W>DZD7-&m4HM7JcbMn-$27DYCCsB5N zPivi-kyh%mSfVN-vV3K-_Nx86ahqq5o<{U(y(-Ni>@vT9@nm#vMjBTTF>98m!e?~P zPBacP6>q8h%N0mO)ma9U0NDS(Pa`$2-rF07QctVdAK^+3Myu&& zy^XdzaZLlDG|^;DeBU>%KWAJYk2>UDF@rjpR0LVUbnW*$Li%hcb4vm|-JqHP(qYKO zRK~p8@pkhc71TmvBJU*(_JgvB@0Ndmyu;bE*fJk9tF`iJ3;dAwAlqjHc+FOIa>qR;xvAYHYEC zTTxSL&WoC75|fZM{OZ{yvpj0v&8>V(!>ne(!Z02OHJm!G*X4PRp=+Amg#0NArw*R3CeQ?+P_mt=cIY8hZ)jzpwG--t|Gj1%a79lz#85n{&Xh z9~zJQtsbo7>LS}3TluMvH)|u_kIo}b#vB>Lja*BQ1|84@h6gwkr4JvxJUQ2DF=yj3 z3$=3RziS0$Y5|Huy+G?vyNKuA`N#jfZu4ua+jY`10PjezlL$qBpCtqcg;uSDZfM`L z_J*)DrMjgBD^$Bce)gKU+4gI@=~NLlC&>nxp$Yns1a4_Q2L`Zsfo_Rcu)UP2`wQx) zrk?Dse-rMEpWPPpxr;y`VCO#L<66^{@?{-h<2m@^8rlr+ZMi_ zlJ2Oi{PrRGEuArd26b#-!X7-0J3eB!h-h($H(Pd(HxF2`==|uFq#MzR-lDgMiXvmEGDbTwAlz`G$pRLlkj*i{`M)=ntU z!=G1I6zJj-%7}yHyu@@CykXn1d`V-NNo5Sl-0_NQMTVvXLK)QvW*Sksaz&%5#YGn} zx#@Yel?Ze|eoysr1ypt3Va=MQ#+EXgbYw~CCe^x)W(V^bA3pYaR{c&bLQ$GGR14Nr zGGB-Ub_F;rpESZL7T^G;jMuC)_}#_=munfkjFGda6|P#T{P8ZPR?s_$tn_Y}tj3?=+$v_!7KwTT9CRp+p>j+7HVy8SP`hphWRC zoIJwH>t6Vpi|25gpW$dYl_&G|aX;LoRCKf62>V)77Ph|m3POTnLC z@jsaMS^|evZu~VJpkJ0k`9VT6J821qgI`4Us{4_#+hTKu-KL?upiB)OluCA-$JLCd zl|1_nBcvJ0_BDMrMEpM{hka=#d@6H_h}_ixQ;upq%6mF7L#gslRC&UA&H^4MxV{k&Eh4aLh4utI?PYi_pZ?d5%pNnZ<}~y7Fca7DMXtOy(w4b6;v(2F0y&6G zw@m@D|H=~aOb%c^cPJC*jt&Xt*XZ8CZ|=j}I@)qssps zQg78}_OSz4+A9qSRuca#iegXuZrEFSB-B|nlk<`wX!z@AA6&fBNfa?zWY zk_pJGD|t1dFd0Zz29ET#o|(il<(Tc&^}RJb#5~249y8W}^Cr!oneNy>vpz>ABj4;32sE}$#~ z_6#SiVVVL^zQOhfGI(i`#+^`NPrnp=PQfSY$n;k^m|8I&bOiab&x8;7z=&Xx@x25E zh|h5HI$YE{b;f9ZBH>cyvA?0*IWq2%!n83=#s5Nb<1s{lZ1MY8-+ze5$NbJ!bHsMi zhUyi#?FHVj4NPU?K1WrQm@MdA4^#Qv;!N!J6^#N z>w^0?P;iAnD0?&*nAOwDe&k2OPk6QasJKE0Z8zs?1N6)(iU2|tkd{Ye%Yx3s4(Eg5 zE$M1KVx|%Z3EX%N44m*O@TR5Y`m@$}8D30V+4*L@lXv3U7@? z7z*3?CTbOgyt;&mAW~wdM7NxBY5S;Ih>KjpBofVi3gh8JZT_07E17M<5KY#4T8GC& z(64sg@e)X1$U8MCy`-R*hRj%=h7Y(q!qXUi5Q<3vWU7^C!%&(%2*bLO2FwT3gGEd-F|lwyLs_gtN${mrbLZ zASf=BcyN$yQ0+T@g`R52yH8b}tTwVnj5hBH%1NRyq6MWwD)3Gfsc=NFPNkL5#e3cm z`d?*5K2jxzn|2d*S6NjN6njh4@a*2&Auwd(BQhJmsGD@|&fy%8W;n741EHypqkjqM z8vmHw4tr6fkt39f=ynlo{^G4)!Z1gJu8+ovJY5lbUoh3vO@037efPbt$LmeZzb*m3 zSyJv}{O!JHIRD1BJF7!BX|EiJ(${{-C#h_pd^_Qal=+?HuH=uhm{j|7zCFqFxsbUC z$2Qh1^ZUu%nVWkS)Kc`x+(sg5Z{F`tH5w!WBdHiES%Tj%fg<3x^WzIEKPSG;fX)A2 z!EyakIuo~K`d9nPPftJ4zFX}*DEU9*P?|q1X8A)`Ol+UPCpv(|UM6z{I5?t)1fHAX z&s7Xm{gWAV1E=or!~-IK!VCH!stLm-r^7L;+;!ztwfA2Xervf_S(DXq1ZLbc6bBWE zWcex#mwR^8WD!pd%34V^3d2ApG$q5?i;-n!W2lNyMZ4INVL3aTsHS8Rb9KTb>0t{g zhM3wi{uDj)ZvLsPib2;Jer&WLL^yL8Quqvo&Z&N{|JTcD8hcYLMY{) z;Xouv)dyzMlSmo3LulCcAjhUUIWn9%BhaH!2!`2af~TtCN|9 zK^WF!Ed$;*H1h{rYLqp7yCL%(o}rpz)dzx{-(;7Lg0hi=HdzQ)#Snue?Cj{oFr{qe zNu;Hg&_b*T`d<`lT;Re*cPV8BTiopcu?6mwcwYiBx_#fLU`zyfRimg_)ld=8kXQV+ zz}BZl04TP^QsH9TC?oE_L;S_&74Y?1G7&(mR#3?)&YhY23*E<8Jdk25v}F~+2_T`` zu+NN=KypT>8-y#X5T#Zl|I4&c)mcQ=N*za{D3VxFJd~(7iD<~TfEcG?gkF2misUnW zrfGK-o_H;u_Lra;>p|L`+&K{p6?%4yQ|xNhjadC7lY zks@$Wk@B=pDl#ZzlHqbx40fK{CDnBYDJ^{trv3T(@l`3qW!cSS(9igRw@f*6va}7F zrIoWx(0r}XFBuu{nyf>$jXj$`Zr&&S@}yn{SLw@VzH+sOi+1Ue<%9v{b;7WBQC zJ$M)p_jeQ5qryWtMe(cBk0r~=y&;qL8}nD}gc{$}2p!g+_J%|$f?b)MKJ2)we$<2` z9%_*{)#@ssY4O4hv>Ey~<6)s`f2^1ck^TS$gADN+6@=BE&AVYYiicUXNv`Hr^F{Wy zf1K~P`|?(Cu1v66-lRowF?mf%IOZfo=oQ}dKdU}X6c0F6VgrDxic3pC^lkPZRCfM# z0M+_oZ=|e9i{ZrJF)8k*<;AX-^5NvF%tc+LJkF>n*&&W}5B zQI612f8L57%f%YdzaE@c5Dz#XB;^s;PX*Hwhg|DNO0n!?*8Ze}-Lt_i;3CUVSV&9Y z(bk@y4h7e>+wH#%=)ng(FW_m78>Oh{-tTF9FXiY~cvM7LJSh2G5MLe zJ_x}X!Dl7d)`LL)Mq~a$ABqr<*@Cu; zbEXRk2VZxa025{`m@X%n{SRK*cj(;?ua*_G=jTQI67FD^LjQHz=FO7-b;e(#DQ0Q6 zBz*Svx?3CLCRFotJl#MATVqJf!l>SAR+X+C94(%?{g|XK19#zuj}W|HmeLD?6llx- zDRTB1SE3}|A9#oPDf{DqwlEguky`bw;p6bu z2U$4b@gd>8CrvGUW$?TH-=QaG7vC1TruWc{$Q6MDO>QR(T%75((k4*Kb6GCl_Dsug zWr_m+aIJ;I2FFvy!$DxC<+}`IY{?{m?&7=@Vj*Kzw4jCx zVu{{YnSF^kWDbN{&Ci%9D}7%HRcmGy5%)th>lrFarcut`XrLUIeJ{_iBB2Tk=FMfy z%C;h)0^ryMO@=nD>Z1g+>Qo{Z6JW1_R{Z>zs5cL75uS21=@EtPgyCx)=J>gB#OIUw z@a_9Z#Iy)d7Xj)TNW`2&_~DCwCfvJR+!A!&mqv4)+g$fiD^$$XkTTGu33RLT>2j3(g6;d%1vRxh%?nUcqfzl0^nKRzPX zg#LY@YC8PA9QVtL-rb3E!--F9M|H2}Z+Cpb>j6#RLq<#{j|W3Jg%3eFc>n<=a1-t6 z`0tVPiaFR7p2h3@8o<{SaP*LF4oFSGycD?YKC11;R7WmW^9+Ee1;qLuIy6Te&T_#>>n3dLL{!9bF=e}+-z{v+e69p5_egsQ~q zF&-DNA-4p;UQ~#9kM6x49T&05`U%(7vw~Q}$yu<001jHC` zZCObwb;Wgvhm$MnNpVn6FcLAWvU{`jJ+Ne)sao4*=9(NbQcEAG5Ayo2;6>pDZ;lT< z(+r}RUFaK)?qc8WIJ-PZA@MF|j`-Q}QS5@0;TPhcrSMGAJa=9l72$kn`It}PJzam# zk+a>}2+F>E@IS`gQ1~*iKvd_aj8&m(XSPHS#r@6j@JGa7mPl|3jD9I%GYvxaOsSjj z8XqFYEKindW#XsRi2QlaWynMZ|0TGWZu&{M&yPR|RyM)P|ap#JoIs9o~vpP_m zQg*XHsppU>5~tok2%6DPNJi#&r%8z?8$okg{hhJ$F#n=Rg%Bb$j~oR!T?B;6232IY zCgCOmq~7$RU~Gp*%fJ6hg8*PoQ*<1VyZCK|C{GMejt@enJ(a-i=VBk!A^@Cvp618` z$hPS$EP3kkkTX* zC5UTKIqbMURZy#8y(j9nOQNDU>%P__pc%78r$nEI??2a|#HJ?R3%JUvcr4u2j0Gc5 zYW8^V#Zlj8NfEn*;p=f4$NA!9qr|4D?@j;%SS#Tm)+gVGji~UwL-#C{_}wZ)*1ODt!#SH8u+1#RynSBrBiIj_@CX{4WRyUW8`XaV--8*;GiyZ#rC7|EavN>>e>7cXRFi+$ein3hcS?tJjSfM&6_Ah?5kYzblrBL+Knayj5os9G zh=erKAV>%Uq{sH||Gww_@|>NWXCHRXFYf!guXwWfy!Ke}(=5B?x5&+}W#YNVjuf}Q zPFw^cce|{|yX5emMD(t_5L56x*?)f6#!<#hYYC`DRe$3H~x)rI3yZ|Q3!_Dw4_3Wswn+x zg%ej;0CNjmWH&IkhUVL5QrLSt2r;Jow0RWU+gT9pC z7`8fwZhDsV9Py09OpME3&Y7ble@uYmvCgV2`Sr1`!p^Jlb=3OU(QdM?b&+_a+Vc0g zM%8D^OfOJteHF?QE~?*m4hClzPVbnrhHsu4;r@cvGNS4=a5^}7Mv-|{5u^DNDcb#D zI3I-D^j@2qwcO=rxU|z8W$HaW#QOCtcQCKTU`i#y0D_mXM3Dj^xF-NAsw67^ste0@ zD%m^gB1YCE@CIiwPsA$cv{IiKgh4cQb3E=2)Gd`g-3u2I8=l6a(>2L)Wq!Rb#Zi(@ zbyf6Q=)THWSV}Z?#aw*R>q;#yXj0--(f!UgP8)D4CF{WapLm=UW9RRbTj}$!Pe)j| z!}0TFk+GKbjSY;$Hqlrvd_1Q*{i)y{DuHLXL&Co=GVbKNx7fCQjzc}k=~mtSeEBSn z_W|tE{73y80!Qw+@zH^FgxI+1n&7OD!}pu6n@6)xZ096~8n+L|)3B%ET^D88-vaQ8 z)&se3a~GZH)&F+-$xq{VKei7=Z_UTv%I2?z9|)kg>bkdX;9d3WxeMm*{>Ovx5$&YN z!Dh^5=eAtYx{7Du{W_K1td5)N=HrIK@NDthefP_M;$1_I435?>JR+y<@56bp*A#wh zXO1Dl!g4iUl0Ws19@a!8BjLTunuVwJ0ZlPq2AwakcZO~*ObPVoNHd6}7jv#4kHYl7 z%ZX78|E=mQRVBdO1z}m8JcZZNnA6rI_xj@*`jYf2OB|AilRd~T1)O=M`3Y`9-sAj+ zW~SxynYrl7Y+Vl!ORIWfXD>2rtKRnU%e=m{;pH*ousxOydT$fcw86vc!5ZBpbx;cz zj)ODKpK+vY!4EZ;r&4dOMmXLUZN3;4!|e4;xj*>q($m65;MlaDzHssPa!122h?Vl| zxESVNBE`|g2fO~ac3o=8KIaz{jtO3otM8!hlH;u*?wMSs$SfA zbtNMLDd8GuIfzjX+vj;;C39UhpKHuMS! zDMC&vK>1DR>r~*k5Fqj#X698OUa{4E0m=-Gx|7Zii5P)d7j$PY^fnyo^6Z7@ ztLo;QEqCja%jyI}mFHXmKgtu0(jp!N2&`9MG)DZjn$@K;9$-^ml6e(ZHtsxAaJwKC zAeNPSUxSPLva~x+G9CXTW^#0%RXGnhRm^>Q?JAc1vX?f)h)%V+WAqtWys3$~oCC%(o~BQC?UZuc!f$Lf8Hv8UODPfJQmT1SzLAKUO>qg#ru&`>_VIu%-CL2eTy_V76W zT1vWjZM1J=XsDNwaTQN`2f5{W6=r^@nP+&oD0%yf4kZqAY)y-^5?Md_g-cVk$Bf2& z=P0f-^OE@%zs6A{e&@JMsdm8bd+{m7cJ6H&caUTbPI*;$yO0xrTDdzE@IH`KfCCdQ z*0r7ivW&Xxu;%dMq-vLWt{=}b-O*dwX-s1*{CxL8;GB$d+x2m*i_}@i@pR)ty)R^L z6+Tryb|=+&EMiljC2*Jx{cq9H{{W;LFw_BQMW+f^#gVZF;)ux4{(a+V{rC0z!itjC zdUhEVngT6Hea*h{yIU6}9{U_^VK8<6NjVVI^+6aL*+jK4@^|rKhp+hP1%=zA->F5d zE2cA)q|_4BLqBd#l-|4sNvkC>7{=KH!m`^ZS`V&p}d(7+qAYpS2zn9zXZ z_D9Pk1X@%#;us{(&O){J*|!HZ0+P8-8)%wHa~*c4DfRkM8Mz?C>r=2mAlVgFic`F_C1v6*YDJG`SNw*yc# zr0=g1MgUPYcKtjCj^M$*%~G+y+FcZQTk@X9gdW(Ot=XvGm2SOEcVS-5EH=P&{@zsn z`X>z?zRyoz!n!H#a5FXj3}uw_?C-r*^%(#0J1zjGYLk?y(DSfEAV}f-4T!auG4(BT z>LjyJP}AKty~zhFF1yPuNvr(=-<51Xjx=hu$mI0Yz#WXJL2H^`e|z&Y`2sH;d&Nk94XI$Ku~ zic-JBNT1xhS%cWk@W_8-;sKM}f0Ne)&!=BfpcXjN3yvLRpZtAfN!!3H_6$D9%U+EBeJXIYb_#$=i*Ir8H#K!itWA9h72QTl7PWWHn6^kd;EzhVm4jwO*Z7kPtNkC$x zqH6Z`r_X9|Jh94uj&a&XL)gDh-Xaq}_Dr*}gy-cLRAwk%#f&1~zZ!UXy`=4}H6_xo zPrr8$T57A)lg`36<8aU1kZ;P4h~H&WLt%)58I@v}KkM$EyVF+U^D zc9;~0_m$>yh^uuXh+tByh4fCOc475*)$fj9)Wu#vJVDb#G(-biMGr_T)h%Mm87Ig5 zHwZ}1cV|^-@Fp}*fsr&Fixpbh$B+s2hIIT z?J24+`;zJRFcegWK44K;FOUviC>z_(&nXyB?K;e!63p;-dKCSZS?!7GPD%qOH*aecf2iGP?%lA?vsLb0-QQ!AZ+NU|5bQWmtu#NTv z6wUw`sv(UZ(5HlBWo*%pKVIVIYB;&XHqop52If1BE-MZH#)7TH&ive|Er06D?u~J* zygm!x`O5pSLlqKUo_)%*+C$N^1>tdhk zZ0~RCuvka=_O8&P1@Yd8lHtVJQu#A6V%4wIK0SCe9XdJ@*>2M#H+(v=qDR)kS9ZV7 zIBNSiEHxJ>KfL?Z*qiD9Odcn$=hR&>&y6xUi{b|P z7tV?Kk-hF;v9FKjE-GFF`BDBXCx!X?2!k^Xd0L#@ROYQj82c_L?xzwQK5O)T>;t?d z>wDn^`Pj{JlQR3i-FBy?_Lon8+V5VCQrHN8lVUh_Dvs&T8;yZfJu(=-zd)VrjT}vxoY)k z=V(#AKdcwnhKt|+85WkaJ1ZC5pU-P+YgerEjDjd#Y24^2O@d6+te2<;K)M7Lv=+}P zaZg<~9n(jYCR7WwA3;=9wytrpPulWVau%yTOKoO?(3%E;F^LIL$X9#k2fSnT-7qS zO$wqfWd!l@wOu|jLLZQV#h@T!b>uBSYz4odnf}&iaybBx?#6z2w4a@4K`ck1wzw(;FEuxwjG!~$oe>%U9_Fd1+RSJ|1%2j+ZkwSJB z4)#7?;TiwtBCZzoO4tz(5D7jv{&TSZjVbP(;vYp*aP-dvaMm1C!`Dv}-LI{Dgivb4 zmfuZ2`IzQP&@DG!XwMzons~fd@T%yhXC+P(c|9h~o){W=?J61C^n;82_f8g<)|Mc> zeuxpGTdG~YpM#wB`x!{g3=dVNj#R^}*lneJQf3)r`5xl^nnL8-5E-G4yy9HzAbL$9 z`WuoINp4!t#ZbNOEC%BuH0+svt3mnnbpZ3LVnuTnTBDi-Ls4CsSRR)d^OVa1x56qS zWjrg0l^-%A_*Pqo>&pH3I4tX4G$xkqcn4MLSQ9)YIVTdT2GnPkc0Il^gbgF+NiU6c z(JGNA(>snK`yb)v8eO%W!At(uUFYIi9~&h<+M+o4)>f%WSbnb1H-Z5@2~?6~qQP4C z7h^DH>cZbe-&CZ;M&ujgPg*oXBE)Z{pAyyp_z@hso5x^B#zk2mm>8kKZ}r#i*^+5D zRZA~O*WfN1*w0x(*s3UO!qldV`Hnir5%TZNLCS4%&tG6oW$bb|tL5~db7L3y&`$;* z+H^O6>;mUj2Amw=6o(;m4@N;>%P?4;*&q_+nm6p+a2sOSJlFnm}${q{)M@_a-m^*NjEp?FHk|p=@k#z`h2mgiKJJzLO4hZa#Dza ze|v4#XD{LhTheMxtj?w!+GFGA*h83Aqy;_%9^ReyOXU1rS@&D&&rVkiI>g#}IWf@2 zQzRS8BMXw5Mojny~m;xI9SxTu=%5JPGyE3eD-ns)KMm zdb;i_e0*bZctjPppyIsH#UDoT8EQf6K3kd%SpgPXX zOTq%;Z^<7WERn87P!06rn*#tSBGuxqPlzi_Sfh2-a_R-$L&S4hL<#UaGpAoB!D#Lw z)`QiAh?!(1WFI@mZ-lv0A((tNay$M_)fT&ogZaOh|A?ZHdEazn9=LOO?ein-MR>(_ z{IGX)UY4{QRq_QCKi41|;Jp#%qU!e^rl!QUf9#V3z8@e=v1T7whBb*@cGBuS))S6~AHOu0dsW?LQhi<5=$=OJ}L+bT0V zq;e^gj5gN?%jT@kY*b(q-%q5QYHK%hk-jtvKFsuKXlyi~JAe z_n>#3(kuQGzx*#YFVu?Ly@Y zwy>$W{FBH}k$mt7PTF;~f8=Coue>;sqiYUOge8SoBn>A!&e&S;K&g!!VuO+J1J*EjR+}(#p|Bvil@2==jyP^AL(-xmWf;cA`4+O&SoBineyF^}Wnvo^g0=1Bt=-15~ZoQ5Sh z_!1f4LoZL=a=Xx~XbtENsD8BN$#y=f)&_lfsFYx~LXpW=}w&p+Mi zcJD#^3sq8rgANYdS;5N+M@j~xvjiq*=Ex8eD^pR|57<^PrOl6a-kvrDpHV;m7sUMq zv~Bn{MVdkh?^Stx;JbYg5KGo|(k1TX_R9;6s@)%{ZEB0~?dY=UGfyfMWBaeZAtGQ+ zqVugnZIwiA^2Gc$0x$#*-S5JgTw2H0x_2f;*iMQY5OD66Hlm^CQSH???bP;$c;10_f;?XM4F#ox+_!{}SQDL(@yMt^Yu8%z`k&H{>o^wDHqxbaZM8Z44^>c-u zPv;8Dm-f}nCOEX5G|G)v7_I-#qK7&Lf0286q@~Kf{#u{8_)514Ed~Zit0bZ#08zjyj!QMk18_J%Hx&nY+8RSb%OvDx6-CEn!gonPl zv#Tk#UGWPFNv-azDa#Z%YbWvr8Y89AzH;+nrLZCj6(TH>MiA`<3UzQydGh#qhI;;^ zYI2QgLhpu-Vj^LI`@MO0rY2<~h)>AO*Pk_|KmX_`3b?CRz{V|^8XivMe)J%BGR}|p z*8C<3xN1@rw)?V0WF0Smd6WPk z*1-OW1}s8A%Xxo~0FdoLu9#ju2YC1QqKm$)Bn`L_WWHF^P$x?-$T1|0AHO%t7e*w! z;HpLfMB#~;{4-b}0_{QpquPtqU;Ga5_jfeoLL(zmFts-;lYw+O@gfi|li#!;&bJc4 z8zZ72)!Gu?j3t4Xkwu2x{o>=>B*9NwsruMagML*v8+e4`sw9&-bgc&#aOE=-E}0E!5^`Oi2{jddUtMW)L|K_gWn3)Z zR9P?NMeC}~$I11f#L6;-Pz0o-ol?mRmIS-RM3l;GljmCcmEKK`429XPL@mztZ|dVB zH8VjxQP@fXd^J^elv>~KxYjYs3%NuULgdRf{(|%D7tWY3Z0X`#{xg2H>hSGemByZ{ zBQ)cf{DG^4BsT+>USxKnDHTWe_EfOjZ*BnTf5VY-Z{_x=WoyT=H`<+jEDFuY6MrL(&5@HqE2yL0UBPY$LsbKp%>*6*YAij)dCv&Nk1s;SF)LD}LUm2er=gByQ5L?~tU z)*cEs;qEIG9)ys~F;fC|0-(+y59%Uj5RL@|^hZuCTGl7!6g|E*xcj9>J;0cNUsolU zUOV@YwKP$8|BHTZ$Ds0;Ln#UxI|0r)o3x^0`cgTHzdtmU!nnl6)&KpZrlqfgt=zeO zJ3&&EB&wL)bB%QNwMnv+X|j>?rhBdlx!%a1`4C!qUclr zh5cd^YxO6?H0N!Gc&7s}1u6-8YECvfc_C^5C<*@Jc#h^IbdtsSNNhB~Kk$LJMQigL zu#R4StcR_4dazfywbG0HH&5>H-`GLqal9;N6uE&uP*gxTlmUF2`xs3~$<|_hv@sb~ z`o&s`eS!s_H1|!SgRP}LkMSKUWNJmZ7q3|=x7)K3FQh6pWL!tf$byyxPl-Kz zs9mF?*z+Nft;TDr0U5kb+Js_<^LoC^N?sDg{>7vnDb5(@N(ai4|GIS=Ex603a^=v` z6{)};zWwOmzl-eq?Q3t0i$68sId-k@r*FxOt}L&IbuwWiw_jb()^#V{6h_uRN7t*6 z_b`lOSogd)f@YdtU>I>sj(v%7Pbk>Q9D$u=T`^nZV9WzJqrb~=dgUdT7t?tSkY6{g z7GG}ICA_!cniOVH{>+1pe}k`w2>wi<*TV}Xbgs#8)wv?_FEBPRWH(F&xXjA>QuST# z0ReqbV|*$q?bzWg2s~(4ubcMLzBm_fdge3CqB-_Cl;#qn;yQSqkebh2H}@a$n-)n36R3Tq)wygLQ;)HuuMwX8 z)qT6S-|iq-ur)v`w;@g)xx+voIetFO5?1z74zqoF+9jH>$^npf_+P1-J07aF)lRW_ z7L1u__|J?5<}726hhJFp-{Lg3F&P+L0Q*V0pJjj0{xofJ-a@gf)b z*5WV_it-IknzfSK?l?bp4r6^pdv~lYn=p!piWLtwyrC~SC6#%{8)q+RtW|W zIJaTBWMY7k6NJbm{BsDc^VF>O;qp?HEBYECns@TfBjLp34*kRiD}ShZqvBm669R2A zK$tkch!n2}A}Cc1=x{JSXO6kgQlwI?ZSSkH$dW&)>Ms?#XK$J-1L?oUzkI;POITz| z_f(CVh*DzIRbUAdw z1LyYi>G0FO`S~t}iJDW@y23}?YC{C~4*j1rXNh+i0D(;Sh4nV!f#h-6G z7k@+eZv(8z0N{QTXaO zLiLsP++Nh&NFgL;gNZX0qm<9VVNGCb#N+8-SE35cuQZ)Z5(pOM5Q}rsii`M-ew+B% zx0%hfmmJQ84Y*dZa9nSW=`BjHihuNx!71(Y^PrNdI`7%Mz{XGGj8H#UU&C2E%G$-bPz}%OtsYr|yc~dLLr~%9i-X1WEDL9K^#5KAr3jP1 zzYQLw`zTShVuIzMDCq7zstmlHBK~&C{-O(h`>!*ybvp+b<#9Js@g26evl__P@p$;4 zTy0PHJKQNzv3tUUJ#@F`hg$gIP%Pgj^J#NR3^o!dEi-iPc0;Pksvg5#!m+q|ty9|YKXX;zdy$QSef+qqt@Eb) z%u5MWkLP7y4_-RfN0Ua+5{X{^vG0nao0+xD0J<@>s=wK4!KhKLvP~1X$VlYX5$W1C zynok}eGc&8a!RS_5m-gDExoI?ZDzeo0>Ryozx5H$YUL^vQ_G;nXGGr)Ww(g;P3C6e zuARmANT`?#G-HH|bfWCCasdFw`U0lRL@Qd11YOH(b(NBf|VVU@)Omv$Is>qa!H~i%4Xui469_O1|CrX8;)Zt4~xzNi_Xtr@S~xfWGF_st0weMA%Gr?(=`T? z$wksGM^cX!^O?~UZAg9yR<%5;&QIM!O_FI&t}D$w(x{mp(`8puW)kqQ%oDS zOb~cOHJBI={suMuCbVlPJ?T!~>6cs!UEw+@&(g%kP?&-j{nkd~1t8PzRp*jY0lt z!wd+sg>HW4v1d3dpxSb?HZy5Rb=-Sv7l1WC%708p|**>sq{F;@c`z z3i>%%sN_E)ywEvS$$EToE}R|N;c2(&06_f){`9MxVmRhd z6KnD}EeiOiB;Iq-)f7w&^PPX$d%ug?SoFt(%`?9bZfD}eOn(kj6d$JqKh0(Ce?vwX{p^{$6-7Gr=A|*4J(`7 z+?T;W0wEmw>E!BqDZ-)8f>2jcRb6FuHu=2+uYp~5du|3~C}lKI!Hf(up?utaRs^{4 zfck_(AeFqJjes{MDTIVl5=y2JLwmaW;oqZ)y74C`q@MpoM^A+sf1hiQ)@$AB9;HrK zKIWPMlz{_Wh&aG00NJr6DSqZ1Zx3+{wug?y#wIovE_4+>h`f(`&<8X;&NImR`A~DG%{I zV)~T7Am%t>2~aHm9A0Z@>0DfxQO)m!rcH`w(JghheHS;Fby$Io?RkkG7}s^>oeT~V zUP;{j|u>mWtUM~^~~Ugf^OSB$Jx!^f)CS`#DgUypn{WtpR0<;%80 zU-2}mc03y&NIhs0(nTk5y}L3SfBB*Ap?{7{;LN&(S`jTKY07Dk>=1etyjSCn`Bz`U}5D0YM@@Jh$jWz{zqhb8S5Rc zsjLdZ8OAt`_=InjezM7~Rd8>iPCZ6>1{GR5v6PbI*3Uz2Q3}!5okIm z9R!#R#hgY+EI)J_UgBW!VAIU!hdq;_q=D7E+TO=sN%kSEfuddbKwbfB()^p=p!H5* zLilp~$G*RBn;0J`^?m$1?0l;A&rO_?1Td+<$MsVPQmS;#*2ub%#mNi+sj~$JVnje6 z{@Wi7Pz#)fj5GSgLmwy`kvZl+j(Q0VzF`w(xcmH24h z-G*d{T*h)J>H`;8$QOirlHz|OFt>*l+;M`LoI5O#y{0ItEk)3XeV-riH7`o%#e6Kqfqu_?0@FdQdAW2%hF03~~Lt znKvZo?;RKpXYDjoWHtpL7S4gN9sHt3w&^*%N<~YjsTeF(&Mod9cm0u#GXyA*01I+N z{$NDHvk2&*!!x~ea)T$B#Zns=*|Cg6@KS(x`1-EpM$XqHFZzF)nLQ$&&1#_Q>Ni0c zb3Zk8lgYmV{1oZDQgCC^GN;1p8<%0Y$c{C)J7X$ozYy>tHJ+6vk@U4V2yW%BaCm9Y z;!fZi)!jrZ*%-&==SzyFvg2T+gQf$#%=L`s>!%!bOB^4Lt{b^hq#Up`-CZbjY11p| z66VOO*38n#v!>oMF%ZJm_=(5zZK}+XpN+LL9)M$(wjS3e1)=MzS62!Dyu9altMjlq z%-f=OeEGufbo?lfe%pK)&Ua~ii*XNsvi_o16}w%Qiu0^}yJ_!m@5rAQrM6hF_VO57 zA#%y#g%iE~UcP}_peT5uNGm87d8vUlLs0-63wUb(s8%>)TP`cWwUy5nOrzj{UIcb< zZqxUbDw+{#2)t_zEeJHGI8^)JHD3DP8n6E%4Pe#P+S z=i)A$pr3V?`UozsdvOqOj3@~AnG>ey$bAotYqc$|9q)tVt(_s2qj-b>;jd??gDeev zt`GQxH@=6c_WbS#nPtruD{#MiUPY5Z0Tp*mrVcRTaEoi)pR<8Yiv=@s`F`c(YZEXYt((WJU2cfCE@tL(HRu zctZXzWr@x!Mp|KL#sn`%cDL-`(MZ z`<%gX>&!-W5TS)IOs#*_8WG96T2`c{f5OnWrjH+Zqwb)uA|M5?SA2ZJc@m4G6nHLm z#+e%TQ8A?qf)*Js8%^Ek%J61Si2i+fbB2gi>t{cdT#5cc`GyYXNE&P3E$o!IRIP5bBP8MiEB5va~7 z3^Aa?&1N*eT0Ve&G=;!=Avxw_d(?nwKPD7Kvgk1fTt>LvopC*ZMNMV{U-8^YM)d4Y}GFXH|p)&BlgpVNY7w7|Z1& zHZq(zkoa=?EO>5O^J#m2DrO{LP>Km)R3n-Iisl`=YCWjjZ>@_kMH0c?M(W@K1*V*7 z=5SKrgnhNUiDVTj6b&N#b3p%qgK}k$P8|DO<$fZR&vPZ4AM`UoHc$*OQRU<01DVOd z6uCG>Gf4!MI%j$5qyOEE5P{6Dm68WHQ(~b`_?C9y^N5z+iENp3!hO$-Mw`aRI?u7@ zetRK84>MB9szJ!&Vi=5Ib@E@sK#-!eHy5Q2wyolDv72q>g&buS2=NSX)Q4&@DZqC_ z^}zC$ zHND5a%=)oXLx3IR@;jKZQh6C8!)=@Gm!MYUxndD zifBCzY*CltcH!9tje^Y6*y$J}EuD8MM1Xrj!N7Xt*k?uZA<5Sq#Fve9L{dmc(Ys%^ zsz7kg^Q)wEZk`MA(&cNRhgfRV;AJ~zcT?A)eQV2;q+Q&n(EMT(uW?fO_93H!f9+*dFhe_Od6(}8)BHk11iRHF&g<1^Nl+gcPcPC)aU&hUT{t~DEof=A z6d${rgM$DnPK(5GF~Xw@mzhH6a`{g=#Rxp7bZC^%I zaWJNAHAp2uWh|cflE@zIvoh$vGLT9D9Y`ly8&SVW=Y?f0PV*w)nxk6n2CjgKBmdh#j% zRkgmUnYkSu$B^rEbnotM+4OzlwMJe5(Le(#d6Nn)w}1f0UjX(fLX`HP7!et31|e!C z-aJ--M%$|(o$HvDh*Uu;OA8S!vp1x82~%OJ^I9J!h2mG9RnmhYmcpv+Jc4gx@yW}< zdeiZgG!;}Sr%0gQ;2<18LLcRsut3|tY)3y7n1h}Q;IADg)07JysYj?3h0B#UvrNyB z3-NR0$l?8m*NEa_HhVv)|N9;0gTrrrG|A$=efDEw&2a(d#k}s7zvj)n=AAFw)=L2h z5qDQ>F5lY^|F;+F|Ghnxe7QmoP%-= z*EZKIcs7U4Vsr7%#0E(Ul^V`Uc2YfU2Q>2Vus5qSUpL=hG%a%)`o4&aoK}1^F27Wxl;9G-Trt`|76k+a z@!#rI84)rjK=sBUvX1hc_5Rt2MN%Tl-pi8^)FaAojb?B8oM?Fg0LjdbQ+T&ABf)D+ zNdIGlde2ZezK?rlpryny>W0NnXTz-AYGr6-wQ%WJo#-zzu0fI#ghURhael=EaIvrz?5`#ZMf5jK@m@WrTjHBsJyd@8xo{7!3Hu2Agm<^q+U#2Y3X}^jrY9?9wg}1k#3irPfDy+k;X>lb9cEu8Vd0_s;(k#o0+^U_Az(8up4 zkPTcgc;10=!R56%9#G-Ri_zeuFf%SlK4mHWHO@(aE5X^A&a{qmRr#OQ?0GRe$M3;-nTM?NUO zR^untv4VW$Mc|nj>cxl5hi0yx7$nKi!3#aD+!Vz?Dm-$p{S{3rVR=^uYkE zhioa#0Q%7j@$Y7m8f43@&Liom3OFH?)wK|b8C9I%k!q0Yd*-71wpuA#UIo$G!`~|W zIqx|vC^Uf?k7i&)p$xwuv|gRo_lP%DZ0RH&UYCQ15_2r*oTx1kbd;Ipbfyr>s&WwW z9uwLg6;4s!OftPnAeM?^ z@*U+2^7!h6gHT+5JSM=#)JikQx^C^4|LB>U?%84Hk~vGy!;i07_)?f%5NE%52RE?d z4GnyENw-{42rv3xXF{5MVBVK-tN5{_+pbJ4`j7|x4-prlOzdKntESc0C6;+vi}$hu%TuSKA!p`9V9u zXpA5|fvN=WBRC6A#?Q!({v}d0&W$aF0rrQp}JQ#-}vOH*%RE|coR+$2`)+{ zG?q2)Avk=f0;9ID;=3e3d?1UgOq5#^m%ohnkA^$l40Zc<{?~F=$Trad^DW8jN zqV)HT3ZkGU{-RL;fLiJSuG4@E7YGb=MHA}jx>epDzSRwQ%Q^{r;2~oHya&Q4M-6) zno9DzLgU}{msE3VmQ=gB0u6))BS1POv^v(XzW1ZVlE3rV!31@#XG*qgl)aNl2*KWX z%&7{jn4;ha@1(QH!^7Fha7|4CJ&yk${Q-YBhhvtLps*??HV`Efm|oAGQ5AEdhaj8(1aBt^d=f}`Cy#X z_#^w9bcl&ADX5Vrg$R++%(0a)L)9p)(@7oTvNr!z3n8F6M%`b*UNkfSg0pk_i7GU4 z({C9e$DmvK-v_VUqPibZOIr-W3y|GcXI-(&@b2q$-SM|Kag!srwh{W9D}oOF zoz5%%yZ4$I%Q6d9Jx2%%m7biGjMTz|;6VA&)1G6;h%>m4deC9P+xGMKsnhpCwzWYywX{SJ2zT}RoSeDBbY&#G` z%bxWUOOmS9yUKy&=I(gby;lE!jLZ9gPt79k(Z6VQ0vxtd-n2NN@%$muU`oM9Z)DQb0#t()RJ#`#P!9c3X~uk^=~@D|KMZhMCTm=2=Ggl=;@wTfjLPy8IYK` zy1Wu~${kfF%jQ(Z{Dpln`35i?5$=L}6LjrXRzn8vg8_Rv27s}U4*<)tYB8P;qa z>?b;_3;^b-0c$h9|3*j@G@}P_j^P0&mShM{pfP(0#5u54!R%BwxOcv=`#bN*IoB*2 zemQ?Qr6h23c&TU*Gl2Kl@xvAmi~AHNGb~x_PFSHQKaA;11AgAy`zE3Hm7hBBQ5EUy zAdIU)Gx2}`voV#4W(Fn5%^bo#ZZM+C{Q-PlGN9y!JGINH)^kbA>j{E&bqEKP{MLs< zEvp>JK(i!oUEdT%aegIy15;}ds)prKyCD+osNFzJd_D2t4pSBQ=&`*2Q^GbPQm0;|mPbk_ME<%XKB|0L9ph$iw zc7&dK78b*-SIcf@&H(3_eZpQ;_$E=qDyYhFmTU5VXgbTdsJid%p9#7_x{*>uM5H8U zKva;HkOm2nmTqPM6_74LTBREiX&5>rrA1)q?uKFJnfv#A{%_9AnR#VJW@EqZrm!=#;Q8ZAeOj6RLn=J!YpC-ib11<}U^sqO z6Lx%$Kh1g7S1b#(_u@7~#Wai?%&m+iR1>?~zQw)#;8FKAwl9!5?qKzy(jq9^s*Mjc}&i%)Igx8KOlM<;Jq zmEl8+^kG`~Ym{p(OkQ7@?E(2xrks!pqAL|nUPc%`Wq9(m-w-aFzybiN$uIEH`Z!c; zcx_iw+{}e-n0ZTjb$cb)Uvu;7(^F~U=Lkh5T^$Gz8i9;rvCyFgC0_!ERjI^+erwZA zTA9Su1mX-o^S{Qr3pr>HRQGBrA;W(p`nbVYEOdLrb(W=m5rylN0I!O{P3>{0E2XOn z(h{C$$))EHpbvR0btm9`Nk?F~tCmFumBp>j;wp8nL2~6%2zjnPh#PD`kPEn4M12`! zgSw|b5p!3xcq499PEk8>T`btk=dKoclT*lqYyb2I_8b{Yy*x-$+#lj3bC_-U^R>Gc zYj@848kYj5`D35!Uu##&j?ZT@b*q^?sxps^{_K6v+vVt@C1qha(5Wvqx6Ap>iIW~% zCCUkf!`ey`tl_Q5#pS)AyXOKurDn`o@EGQ-)Fy7X7YE&ix4$J33&w-(Y8Twt4xTGz zanBnqw`~b03aDC=OIuCfc`{v`i&}U;S*#Osjog_*aMc2Lf7R-T}Az!?qB=!-D=FA z`gbrQ?T#3goM8Af$bWyk1coi1VN;4B;7e;64NUt8uf z|4EBu`Z7~?E}HQ|4WMSgK9O;;YXc)CZFr6dz3gxiN%y2l$i;E<;g~otQVM62xvz77 zh2ro5JK}IR^>~@F>SWw6pl~G2VSOhgb1$g=XRdDYS47yvQYjYPLefPJaJ7FI7q7b# zwnYy`BJ{B$=(@)lh6Brfz??tcvp3tHGIOS<_8N<;|BooBak%{q0#5%3^*ON|xchTa z1-SoH>U?^Cxprc5mkRyCH35*!j1+3_xg`B5{&T4pa=)kjSqAngzdP@hqm zNt)53OP^)TSs!MHkA2x|X=KlSE7Yz>2+8L~sU#l6d0>1n=p$|>rRAz2u$};9V6z7wO|#0HSzge0@PS-BC(IZA+!WP_ zEf3RGNw;JWr{X;7#wa7*_J`;P=Cw$_!#|g%Zv|biC|nXPt6R1!eB=WE@fVhhCGF~r zQ$ivw!UVugw(>rrZ}#ii{A*7(DNk=6mvnFHZWrB|y`>)_MBC8#q;!wmW6;6V0Ml!2 zc=7VP$AwhrKc#pUzGx>f=~>LQOtc)~+HF}60O_%Y#ds^8Saqh}$e(0MQ&A~Gd z;T~Fd;4Q>bL~c*DbfNV;Xj4o_8it4yv;-f5ECGk;9o8{rSoAUhP6=Q|QdoBUh?Y5? zRGjIyI*I!5my7U(|I&U}(AoYNf9y=26`D`p8Qo@IO7Ze(Er0d((@Vx|q}ofE*5qQC zB@+r(_nS)lB_G^U2q3Z4Y(fwhs~iULlsT$Y}6}eT{?CeaF@%zGB_~P{5EbaTNvgzl(=iI7qXwG?|z&n z$1hvBMZc5RL>1}*tc5;PP-~MwGb2aqMTf;OJ=j~!Q7`i?jwBNwa z+E9(t_@RK%zNISUjdfo?fw&kRJBW^BXDfE!DSA^-CCu+1==%RocX``5?~^$?$713= z)m2^2T(-bjNPNxueF0&WfQ=Rrp!^6v!A-Rxu59k1aUqh6IWeboQ%wIJ*fN?ltnmGF z0sp)5;2w&5;ouF=E_BnxdEMROY=LCEQ?7&Fs!@7VFTQ?gK#Uw;*3x5xqSoD{>RUO_ zt{bnWO$L?%CkGT3A2_otIKmjIQ*^ zfIvD8snr)40wzCM3%{N02q?a3cqkQhApv-ynyJo~Z#x``UYa{SM%`yfJacL1RCv34 zeo>J=wRm)^^i=}Di}qGS8LBg63s``G!f!X;4z3&hN9Tva9F(bhRrU8k0G!6a9^7vP zCJ*bxrzTwA2@4g$4~$74NHOLVv*eJH0KBF+avIc^nfzu-K`0Pq`F5R}3!6d}33JT=-hhV+hs^%6reL^6KU|uHT z%E-G4fmgD{)F1$DT2H_u_uSXwW>mzopqX*8@J^;*>Z#y%R&<^pxxR>F`@&w<9!Frl z%4{c1$_!*l7I=~+oyh?=n~5-bp$E#Ejx;*7RI+*qZ!*e#9r~?1(jdWSoGaL{$>4*V z3Nx_yNDQeIUHH(Bg~8x6Yh2W=dp1N`Y3%R_Q-FjU=y1#zH;`!-eK3|D^<~mx_vf=v zi?NSn&Yx*Ht7V5E)N$7Gu_c|cRC)t~tS|f6yjP+@@N{eI`L+9=;MQW}o8tTN^m9x4 zUJ>SV!nD3QFBB1eX_Nt#6Q#MWxd0Q(fzZ-Bm@wHP#PXp9SFfh!sLXpnvs9(PTuw|n zx-IDat&>Dj8ksjfaef`$McTG-a7j!A{;!93CmL^D(_n_QZ;tr6hPf&}ce-V44BLNz z(2y#ZaSwCRsJ@VuM^gba<+yh!So&V;nEBN3-+f7;^4st%S*uCuNGeBDY2Dt1_Y>NK zhp$>NstisB9viu2SwT}f1urWQP>ZeKb97WUm;I{kX5KlqKhF-&2QZyWp=nd^M(+R_ zM_sR461PuX`ZX&NO*coTEkLJ52E_|2%%7ZAVkF;ZG5Okq#@E@1VOT8cAMU{G!ALw=HA4 zA=qHI1zeth)zy!6*GxY)lJ>_PKGXggBab0r@^#>0(34P{W8g{I+n}?Gi`2*ic|otT zAJ(4t!>G>jt%x(B|0z@%HM z#SfPHs2^G*QPeh$V8v2o@F#8Vm_DEqP7dWW2DE9J3j2%up*#`62o`>2Lq+&~m zc<;|iLz(8$qZLAjf^lZCykPwJ%1IqEjQM@-i!=ENz2>E<(?atxVQ0PC2G3^js8Tys zXE$-QLZFF_MRxxx2EMeYslftZNY%edCj-Kq6GSR!jClMl`U$S?(d4j@ZtAjC@hv)l z+$G%P#jQB);m#N)4qSHgaZF;#-Gz&Dx%DAOb%EsfBZ|3#>eRVY01b7X5EmBp@lS4H z_$_TXoJI+*qyU8`<$Jsz$vvM3bMt~||47Wf*^}Pik9FT4$efu`=MJXWxxPg0%}dt~ z?7Uf%AHJ3yc9>wMw=IPhwH|7eMwdasDAJad-PlfM`d3?LB|bc^^~#o3QDTG@%wG_m zmFA=vC#LoyUm-KM*FWvV4~F^BE_MKJr^5aE*bMge;ODQ<$Jb9|7krk|dK3-!vde_A zk8MguhlgOEZKRj!`?9b9xo`ovlV~x*t+j@Koz)8$Pdl1?(xpUnIHY~L_SH=r7fh^_ zdSs34pOlCk*xpPV!>3>*%`Lu>+e!g?aT#{Gx*XsrlN zah({quYo>L4AxO`9#-pn8p0ds+%bOTc9k!zD67iH$BT zbwBLJiLkKdiRZw{w=D`^Ks6ESvnAkoYj}||XLL>4ZQ;1SaPse-GE$n8M~uTFFW&!< z@?JJCN@7rL$EBVr+;X+8am^k5h;!|Smn6@-f?zc!>v~<3y3_jh`M~#(>FCJb5kj|F zs+CH=-&9X~{a5q89T{aVmQZrkT|J?^_jsH>{wZEkv+5AYCIeIp3AtRF^!gG2tuGgCEQCdfxZD5+$l&j4{}h-Ba2!XN3(j1#)}#>pzbM6c5bH)@6FI}SW8C*kP} zqli}SYPW^mO<%_ClMgayZ>9UEd@{cc2roS629MvS%Np@)JxRlv1qM4;lYiD9EL_g} z{VJ*=(7CRK5kEr|ZY6H^fKLzElWPc?4=ZnVXW}f;(=MqpfU?Tix>{z^;&lpZq@}nT zjj|%p{4~)H9Kvlt5QS9lCga}%L?b*=P)7rPD4aKulNt##Q|f01Clo{5{aXvgY0E~K zX1=P&Gfz5x=Z@|sx37Go{5`(=AI}ZzM#)botfmk_M{TaYQAmXTR27);;+4 znT<-Z$L3bYx8T5pJ^7@>t7PawiVUXM&JsqbZhd3Mw|SPhdBoZz$njm_%!T*xJhBIU zk2cZgif?R_u|z{RV;Xuy#f{keEUdYr=8ia2A+_B^06rNc22U}6WGsGQ`|YTl@?yA%g- zz~9@#TJOkUSGgM+f4-a`z4<*kDbBHfe1q^S+5h-Wa>8;21mEWeIpdgxhO-AD-^gz- zNwS)wL~^bVk%qJuTkg|#Db+f*tO97}sXDN6)O6U?>q{PxSFh;T*2R}JZf3q0eG+Gg zUn8ehQmW8WOQwrFklMosrDN`gr|uUvo)6IP+Z-R2#)v&-ChFW3WgPlI^!%Ag(TjC5 z0Y<`cZgdbyr|R??$WehXC=axR!!_pkGboA-TfT6wr>`AGxLcHO8D3M8&ctu_|PVu zIl?cHfk~|AWY!@e$VEBQd2Gz{-tLhi<^*Uy{^yDj7?Lh1eo0CZHBrd49O>Fidhq(2 z@2Jf^u&BOnnY+EENIYI^vu&m;!7utx^s%m6Jg#ko=;mB3A|2_++JK$6M>==Yg+M1t zXlNUeh1$g=!N5gx%E@)*$AlL-5_jU>kc~gLB$70e$sJAOrkFgbkbGm&tkUvn{Au>( zu={S*;ql|w*j9&cr^7)P5i9cBv%5_g6(pzp?vYg#c5Cq`x@6E3jo%Gg>dZC3-= z$rtxNr6^lgEh%*f%1241TJm_VXM|b;LXw6k0-{l#+mZI z+1xHQID-%Ev#e*ZtN74o@>>s0aivEVQ`H3=4}6T)=BcS{rWTU7YL z7V7nm@05Sj-$A}J$^%a96n@K3xEfe^aPsTFjlUw;aeC~jbuk0UgUx${!+wb>#ZinM z6GH66wP6(|*yjuE__QYaky>LIWEuSYYiWiv<8Mz^4CjK;{0?9|Sv~r$u3xA^e!jm& z3~!xYoJ9%P&{|ZqWu)tz>8}p@uRmP8Q4-d=$5SFPhWP$0NZ)pvle(fwHZRdCzgEn1 zEcl=Ed+lRcSZfdiqC#H&o+-W!zSbin30fFxl=*Q_88DErNA|9DN%QJK48n4caLy`# zUgCEN{J>X7okaPx8Yn8E2y{0bS(w4Br4CiAvqM)6lI?V6WmQN%K0lLN-(zl}GQ}G4 z0{1v*ESmZyL{i0n`A*_^_nAh=#P9u1W8aiv#5ctU*~Q%eY-SItUM0REuofWJHGs-? zM;KVv3>DFL)fqUIT0Rw(SEH>od$8621ytO|f;`txgu_n_l*+Dd9aza)Dm9*Zi!>X{jj;QUDn}9WArG_UMLDuP?&4- z+F$o7{Kcr6okI&q>Vg84NB#9AVUVM-8&!C#QFrzQPW;A`0L-Pb`8+g(lVCI|%>0QF zjAOh2Y2L=F@{11?#MGqx_pm2|$yO;7$rvfdl#+WcL+`2|)ln$PQ>9EX!WmJWhQ#*D zXm3~3;vV%aC@odb2PJx3KUH#iw#IpfWqsUO$c+4N*FuFxGb0}aql0QK4TdEJV$J1F zC+Jw-FnT#M>w9;U!8mb^v=^EISXP|Pme=>}Y{ZN05e$VS*7Bb;eNU8?8&6B>%vo27 zZE5S@C+_#P+T>cV!(Cdce#h0mM7ECE=}@vi_w0BjYfS|@;>ovsbG*Z3v155Tcj*kAZ_mE51xp$ddKR>+o zW;`PTVa|Ck!@3|icBCmG8fH$g0i!^3_Cw*`XqYkUsjZ?hSqjh*EFFDwadvZDpXWE1 zh+>grbJ%_g#f=Eu;2upJc`_a_7tO~JRTlEXJq6LMk~-%DW&ghQGcY}jF_-#37GTfN z!Pv`XKGJ^Mlz`*_Wxk2qOJpm4O8JT@=776>+ed=twS8;6qs*Sr>(aSzae$p57fL`K z?C5Oh|4c?_LHjOkh(kQ!PiZk5{IL~sctYvbT9$09V`;G-yz_U#tvL8AX(oG&`+nB% zr|zFRuPK%_r8|Z+d@ueooJF$#ol8Y^RY3#T>VeIm-}nyG1N|-*Ub3s`S4I4w44o=Z zX%(EMDld=(3NU`d1OEs`!l4GC_y8-<5y`>}z~w0>RmTC~4o&4u;Egxaq4VDRtSkrr z&~%R}4&j1lMdmOPngRK+PgD6GZAsw(QseFob^%l2+&Uz~7V$@K{y_9q*xT(@p=+4z zqlBpmqY4h12=&pT(<+w3?#>B@V5aXp`TWdqg97;|$jKJ@kb#JOSCOk(sg4Vu0fAa2 zsZV+_)QH)VO;vC{jRcQtgsFIKq`F2t_@md2QeKa$PDv zSfr+9E`CDpFgIg2%I*4x_tjGw%W>a4^hn5)%vZbjLUbn1c>e02{MA;Hv7Cr82sEbo z8`-jTyK1cnxg$2d^QteX^geV&Kt>M|h=SfhNPm&Ny-H;PTV9v~cIfP2#r$M@^t(LA zjGlytcQ0~(?{`vLbw(CST4u0h(0lSMJ&mF(aZO-F^Lp%NDg!tCr1~H$-p|D5yW7Kr zS9!FEDl-SqYn?Bxbj#K>Hdt!pTn`987W|L;Gl>EFVkznZQ4>6dCY2Y15|`!jRT zTaqX)S&vVeUYlcQ8*wM`0X{c&*|XKtB2g5NK1gAH4`&FJMHDo-S|1Ozw|sbZy;5dd zdKRh?nV*2m91gff1@C)t5T?dpM}>#gn0yvX@YA{>7XNM^e?%Ov%?PZ|&UNqJ?5ay< z|9rW5CQN`Uzq=u#ez`B%F|mu8r4orIZE&`Q`QK0!P-1)=T!dQ@&%bu9lbO<;EPlVd zSzHF;4AE5C_b!MwVgLh^11d6243U(dm4v;+D%rEtoBGqb{e7y3C0GCKHWskkqC2OI zbq4HopqkGxr(^LL*s{@Ii$yeN11%7U##L(vLg6B1t9PjIxNCk>uxyY-O39B{;^CNS z<-$ z95wMF$e41)4D$VPQguc4Z@`=@6@UX@~rORaTiqu3N0Iw-j9%vR(MCB{GIxtH84Dx zh0BTr>9&zG=$&lsubE0ZLPry)4FTSkta#P?j%0sNO?H4i5pJn7>p3?!Epd1I^e2Uo z=3Vb@K;Y@7A93@BI}ZaXj*Z6LZC1*+-^kS`eB#qBD~SE4Lg9P{5NGbWYgGJ73D2aA z_}0W@(T@gYI#E6~LnWh9J0*pl@`d0ek6a5Tg4AM&(u7Y}@hjB}orfWk^HyCYqmMY@ zftIXrEm0O?P>B{l_>V;!`5mspixF>)aWIdH{u6ppYo<)5f`ue`OcZ}KL)Km5DOdmF&*|G7m(BpDdu1F5~N%7?D;HMZs=<&goz3DHNX zElT0>pew+T83tGB&n{K(KDwjOve+T6($`_0aN@mt;D5Wjq*(IfG#5vt7>`CV}$vt|OMI?3^CnXFaN&IuyZi zFRV?a|8mCB?c>f0{fis1GgfOyOGGUbGj*qiE@oDi?D95qL3l)#`}^Lo-%TrKy(m4( zx8?NKwg&;K$M;Lr2s6D0MUn}gS9hC=ea2B`;Zt7Sh);OHxS}bfm4nEt<37C$A4>z73NOh!-w?m5U!NP7`Yb=1p`7lAU>q38zi*mb9YdF-q?bb+d zZrOGum2Y+8`b4-Frjh%%WTffd-dao!3YFf-GL)SY%EbkuTVLr{)K_hn6dO?<1LZPN z=Ctl??J|Qxm8(MqqPGKORe`2=EZ=7f+>;(t@)s^JPKT@Nvvf)8*#7YSH$;yt*&gnk zh#|fWsU8FQ@qid?WVzsTAxFP76QHTa@J}>uXkciF_3ZrMUzz)K&266f`Usath8jwn zVGmpBgFI&g%I|i+tqOM>8K|sDzpOx^7Wf=xn3uX&UQ}udO`@ zI6V#cQx8-+3WKP}0SeE{Pk{`o6mdxJsiFj0$OJzBSAtU>=qVx3m7zX5HF9G2M|kl! zcaR}HkWI$o5ck@>*fTtPzR;Vzg3Ax2iC3Kuh8t${0wnE zZ!D9~K9WDHjD{)Vwq%4~k&_X74de9swQ26>x z`)O!EE9p+?U4Dv7IuSI@DL)>K2474R{0O4!1(|Ohu~H}med;NubI2(4i5NF*D>1O` zy5!nV8ShyT-jICO^tm0=kaFQqGtqQD=XE`Chq8g}EELFzR^Wpyr9kl$iP5E1iM4E3 zUYkr?9Dw126H#4al))-g3I{) z5(^vqPyAZC64VDSd{mIe2o%n@=L2ddAM05C+py_n^V&kIML^HJn6@gB*LPwq+1Ue!E(|4X5EeMeIEc&s6OO~o7V(8PWFBlTB&>X;Y`xX>m6mQ zUskoSBcayGzY|3vf##QmNx{2vslQ7r1Ic6Or9zu$q2_Y@4@?`)Zd<`p)_-PH^1(}G z{a3F8nwz`B4ie&k>kM3hJ4F2#W*#yf*Gf`XN|9<1at=GG5$I5emi`eMXY<f*ROL4z68ST7VrJ$?#!y0)j zQ(If5575oaVbO~NWsQ`@P88$m18d|JuK_hDF(~YihoRuv1nYWNVFD(~6LetA$+Mt_ zuO;y^^D*6nbQhlUTN4&4&~WBMne;^XULtt~9~9C+b!jcXDv`%gL*U3dIIV>83rhGM zp9ixyR7#4>>R~;dMBzewtMK0M6=f{F`ejPNU6-??#V*Az3_<|n1z}t#Z!!NuK{Lh~ z73lW$)7u}a4H~qF)4fop?^+m83#B7nq0r^o|FVu8g;nr z$=N4wSN9CA=J9m38oc+5-8oF0s;D7gzrNCkPz7L0gqo(i)>Fqv?l@6MTb!jf(3+J| zUX|=!84K}oV!uUQI5;?r`VG@w-gI0xf`1lzVDn_wsO0nT%JEu4Far6c$KBopZQxLU zRVXHPg0@oJe%&)+;Cpo|s367^C|&(_6T6gpd#IR=FLQD~mJe}SpTX9XheWA#=r7IU zeA0_%JdH)TFT&(EaRqsPyA)>TAGRpIB1gnX-p$6Vz1#f<+;SgO!)!^*CIw>htqft# zi&7N<^bhVf*$TIEw%kW>9J3pBgQjq)BDErD{Tz9A=IJ>fl*epAFqDZfI-L^DVX>;e zdNDmFiaK)0>Fc;YW`i|4$=7y$fco(F{IdbBDZ{0Vb8b#G_;Wu4g*zALoJ!7$5Tdhc zHprtpotasxd+A;EV~N+nM)km*2e?A~Idf8g7Y#~4Kkz9|R9e10EvjVv2UP1R)I${v zXA}pZJUKGr@VG78ES>+QMApG_+S0eV8e;?%#~eyY&wdLao@n1n?hUu+u}EC^Opb{C z?Mv8)HS)I^#7hp04qg~PY$1l6H3Bj+{bDGk4=~rIE1`F_AD1rThXh1LJXPPB`1FcS zCW_}H)Amo^<=UXF9rkMk{%)r1FItAAl5o_#onAy?2+AkIaatI&h#Q|0ZJthqd2lHrXPJnE+^ z`s8dV4Idj^s=ZX8e4A49%}&{zd0K!<>*!SV;3RC>_YvqOnaf;^{U(70o(taarxt(K zM5NwyZBtqCY@$#zfz9+o7%Yys254oZ5zx<64*_+B)0N22t}?czXLLU6GG^^2e6bR^ z@=~+av)jjf?hIH6ly)SI+ia4;7vajc#IH@J%# zd;dIQv><;Vuz-5){gWW7^^_+Bv4Pi~(@J6i14?_lbr9-LI{CXE*HY7r9^M@3{^|vd zb$6@B%;;{;YQw5%tAibK;&z$%#dD#(Uh|KL8Vuq22}!A8Mi(NuZPIP61#u4+ttmrN ziSI%kCLt1%T|{RRw-8=vtQHf^N}b*)e%a7aL5iGNt)xX`URj{P!zxnGyXU5N_InBKy>sRn~;284leQA7kf1*UHqPtVyvf>+|DBnYX#@0RoM7oq=RA3(v zby%q0faxyy1oRa{z&_q)>V5a)_@M1))|N=73En3tq8S9RC(kY-Sp0qfsCd@NwBHOo zQyl)wON;2EhA1NIp6Mxi0jboqOhC&wMSe*DDr^&*qzo?PAx)r&Ae1M-n!17PLvVcc zMZG+JMNLJe4Z%t9;3SS-aRB~Mj`*PpToS6Y(SlZ3AI0xI0glqZf#C4t zZ+++bO5F`Qzw#y;*qGigizZ?}@5O%SBw#vkrFs>0%hziA>;4H8Gj{xF_}=9H)%H}y zgQ}PS@8+N$*un1Tx$SW6HAzM0OPEO32)+svFl)FRd%}E>{Sjl+jCJ@Y>Au2Pk$#$O znc3ts!Cb~Q~pvEaWDhmfCb}7PLE&i8m8>e{OS4Vo8J1)GQUAw?_JAr7 z@1W3pMT}g{m8Yb&_@jvBC{{s+X)YPzlpeI+)W1)H{J8h zXvQjFtR^Tr)(?|bOop@Cd)vwPUfD!3mH#{Pp=54$OOgDo$wyN8Bukx$sa)V^r|j$d z7ph{P*!;J_SsGK~Z_fIj_i_xHIDHV7lMOmnYngXG=pq;7q#ymcY7tW=7NFWz{LsO9 zzz%1Kq8JI3LNCPuGs^)9pMi~HLL^$m&_o=$;>K_O6wH*KSSp_r0(}s!8MH8A4-oSz zSn0tnHvf6>fq&o|*WINw@>q~2N~L{o+Xg^7JY4uzb22_~I8T)JCAQ`&l*WCS^upXXxu6lacELxc+F#%M3Hz5x6Ecz|K7>cp$EoohI+B9pZ zI}b}YWw)8|Jnt5en?S9+1J-*FXhiF9mIAN;`7UeS{sf}gC$@q#v(URVQTc*= zIztt7J6V?xgNd~|1wI9Hkt!zvZ7<>yAlyW7zCH+-m|3M`{L}~?BexZapg2~@4MI$D z_+Ea)s0KG^18aTZc5~m~Yo<6a`Q=p@5C86g!yChC{=6Q(%h+4!+i1Eil!F0dJ57it z40IX%P37@b8tAI{8%GzbLUfzZ%ROvl-K`z}SR>YkYraa&xRnyTb(K^VZ3t+LvX$ON zoB-of^_tE6X^MGQWcIW*u_%AtXo; zf=inVLiwa1k6(;%a%?kSFp|8)9a05K`Gs!hd+-?kpeix~k1ndd9MY|X5`(yzQQ#ck!lfLXKg`=$s6xmAP;A5M!EBcgUh z6^Mr2{NP0+@J0A?nkng?@+YsXZ&db=UY=f7XW^oG%3tXP zO65$q)x!}q&WBlZV?9?WoNeuYuScGrp&(kU_4`6G$0y@{7`-}(IvoV%p3qwW4 zj`8;pL*s|nyXVVWpmeX(f}8US^3-EN@1h^~KdM-Hy{Q%UF4=W3%EAwu&A~@9w|L&` z-<5BYh&AxG?(`&uXgz+sSW7jy-p(MXA4{U9f}A6Kr&Yb^k+VF(Lzk5{oW7Z6Ni*Y1 zJX;aB{3w_nw6IyXRaKvH>BoAE@3EDUIL-_D%!K2Lwg%){kCg8XZbFKq&qltsxDT3cH(4B5oW;U8jOKvR|Ueq553 zK0GAxr)jqMx3DxBF#5|%-$6#sD9_g|sB-t#?XAa&xwTTCUpxdvtKz@ueAoK|N`n%I zu%sXz%pWP7RlJVY5vRR<2b5zUb#A|$1g)$g0o~GO{6Tn2+^m^KeCdyN2=hz0wt{Gy z8Ur!PB>I*3rx)FdacTs_V~~;eg38^{w2?N((}WSrKL1b8!IQ#wAd0xhx-a_NJ+O!s2VEe zz_;es!e(4mf)QTX6`2P|`&&lK6x5#t>n)poUAGvCZVtax#QOYNX^pjq;7b1?V(H9q zo`I@OgP7NsCC=AfTk8r5tQMou_cI$tQ=hMA$D#!gRXCbh4yhy2lo|$W6buFGY4H^^ zBQkRx+A_YcKb6f#b+xT>MD_ZFW1J922ElUj?Nl_L;^ifi8Whf8gd%;W(EzQAXi2n^ zoNq{&?&HV0{6z(KQDX14J4y6dxdzjLtb|k4Wy3pS8-A8}a+NiQRUMTYn*13-jh2p}zZ@1=tD_!%F*jVG+I`#B!S&nEe|7}i4UXrahWgW>t#=vIJ@QkpKtID1WMEel+TE!ir zW=VhWR8)gTWgK*0n{=E9I$or$Kx*c=u~hP&JorU2Jnc5}6-h3z1h$aeN+<&Ea!XNn zLV2W~kmuSHxPbrC$E)!p&xybBFoDcPpJ|C#Jxgl3;Y)^xcYl}V15Ry}%)~Vw%zd7z ztUIT_Q#tGvV^0lP{Y?UJsNW+sO4~_sBs#n!7Do$y7WGk;;`^1FfjQ_%d)xwSlehxP zRO@$Zih*q*3}_MsOHzGm0Vb{om@mZ9nx zIXaREZNZ&z+%_vG!~(a?w>N5+KkU!bt=k;c*v8C}F;r|X=!}@VBx7u2t8=aX1FoJh zW2U5>ihiIG6?)94lg6?{9;H|U2~1CQQ>zWa%g$lZ<^2$ru0!8)AK$kA^Ou>@0>XS_ z!M5PPoxRlWi6A;~VSU(#5{wP21ZC)UphmGITqw`oH0FwAwgf6@bwNxj3J5Nuky{nM^z`Cyr9SFfgLy@C zElH>qh^;})Ke)=^EV(egFF;Gdb+{t~!c#A_$6D{pY0}FcSYvFQ2bKWu%B}a}P4KO{ zly;oj#@|FBKuwF_EyIeHZr6vQCJ=>L;H^g_fD(Z=>m!!5t26D*Qv~%Q7qn>xe^V&L_PgcN|`yIu`w~MPMf)>&v zno(~*-DfPBrHb6y$CsY5c6AHoJF+ zLNhqfGmxbXhU%tC@$JD+$>=(a@o(#k(JuHpV^s-7al46eXWYuI81%@F^1{A2;Z1d)Pbeo`6u( zxli!!{9Bu$H-k~EnalUcSRtMLyDq;DBMTmUn9sUZ%?BB|O+(jC@y6UdANw; zh8In^7>b2KTE7T%iJ^84n3{}t%oubbdq_g)oIpWB8bmqk*{DIF6B z9hy0Q>&!9L$a&5gVUJ#yJW`9@avEjQF3mF-C$*M%`hP4yC!Gsk00II=RkUf7;fjRF zwoc`H5$bT7=#HsxlFu^I4it$LEv#7wONJz$5YfLacOPGu9c@ycWn?nXaJKU;Y8#GJ zu|BltEukeY28(Vz$XYScAm@)F@OV9tbNH1=_%4&;6igckC&|RVPd(tSr_|MLZVOF$ zr~qiG&;qa1@Mb#@s>NW!Yy*;<;^T@WRA4L=J{;>w5HRDkIcU9>|L~thKB~7Q7o`!J zo6XDnfR92=d0*u6Mo$GF!o%e&pb<(WE367no6et&e?&=AYD53qEPu?$^d z3vo>Q(FQJ#-&m++CmpsHUqu>Kneo1t3%?U~&is9z(8BEK$e0a3nErH0U6Co5JIEl6 z7d3BmIQdBvgz&+t5?*~J$0SYx25w(q6Fp{1=xmO4_gXbp$-vz;yU>NVc=T*=A4d^? zcHPqYM}ACxO15I@!Zic?^C{mpL*d-;@!p1vLh>q;Hg|HJ(?-`wz1iPhF{a z+$?@q!M@(SzInZg#BKeT7K3nFo7W5L$5B4V1oO8Rzw`t$QDy3rZA^td2s(4z1APR! z-tTesW{~3i%z;-$7jOk-|D6Fpir5>TYk7)TCmZP|vx|6Q=?_KKa!KzF7QIey-nZ_}8JCCLWY(;p4i&CccEghkqgMX#sdI zb4~)Wa!U~xxL6rb9tX=6f*y~>hiqPcB})y1L-D|fmUMqbW1u?!E(}jZ9>p*RY&eb9 z+zXq>ZKVY}$T*&07NQNlZzczIY_C0+cHN>`PnZ(mhHy0@@+E@rF$2NW;o>CZrC%w- zEjgWJl3g7TZztKR;8Q#1)@nmz6$K9NTB)3y19raiepPMFuKQep?hU8x1|v+6k1z7z z#Dqz_GC2&QIg~2DSV`&wmTp1r&iiUVNbtB(ApuiA!jy6?{!$;a1Kmkwyv;|2c=%J5 z)-qRj(NnGEGq>f{c_x9`#2Cacs#@VUS9J)vU?RlmB{&CtrwB}(=>t+CsOZiqrfoVY z3NY0=DAs@Rz4$xP=5M$1Cbb{|I{dVJL|7jQ$bD&Tp@Ch4Ivp)mWwR zS0F4j^%}TnGuY45cyxL+dr+L5dt>L-{+!@O>+^L74>HKW@(b*Q93$D}dbJ*=;fxCj zxqNr}u^?-~YQWvD&b)z&Moo70)GFPU-YZ*D7BPqjlHbF0fv|Wpa-^s8g~g!wUe@(1 z@-iy6M{X5&SSeEV*pF&EK8$&@9KN}ZjUH>8=y8|+g28kK!vd^&g2w=SMLL_0>?$<2 zXP-({V2A2%8=}?}AsCD^Sxf!RdJ*;zRLP4k4;&Mo?QWo5wAp)P|FrpTo_!u@$V{8b zuTGv-vDWT>xBA)msM&wNY=B?`f(uOkFMw~Fd`L|2{^@N{mUPNm%sF#Y-)0kJ)dKZl zqU`yB=R#XDGIndmKX!p=CdkMTj4oO>To_z`dm2Dd`TnvGXXm(-F*m%XEociK2#^fe z6~-^b?)S(KaR7zyx83df8Ddrs!S%uWZok82*O{59ZpkFWCcm?*{wb=LUTokDsj%_E$0}8gyM0=lmEzU~r}bMlWkaQ0-2j z_$R&VLca{tg;dVR0+1%%oM<-76gWj(q?=EL94%OtbKXqGJ)can0z;>gpMEkLu*i6Il-fqy*%k#X*)WE=Y~zKsps_clChiR5x0V&OLVBB zl%pOqMIbk4GX0>r_)tM79zW+pL0hF1qA~?Tiq}LG!@GQl?~szj>F8B3X@`3ANR-z0 z5zDpBDmVN5WZ6*#Z*_P^oQLFd1R=RLHDxe1sO;oZ)%@Qsw2JNFg+<)Enr5P1!YmsV zo4bJ-^?yM?&l zRyxc&5~kTqSQ#5=brO^)X`eMpcRM){P#EjRR@K8B(UQHlhS|5jFd!flpN`Qhcx&0(8=A!H}-hwk816OkmJPO<)9}g)Q)MK zAJig&>_{W;@l6f5Byvob^Kz+yCdJewIf3Q~p!u-b2Ix=Qa9}%*4{uwu`c@N;X%7eX z^_n)*sDPRXqE@Nkt=G_dq#~#u7Q|VzVMovk*jsiHF z-(7sDdr!>?+ayfCP=k$|(LFBM&$z2NiMcqNgD=txTLVNyTXQKC$C{ne!i&WQ6X+M; zyj%&jU#XB6J{f=ecvJp8kpCX82(J4x%)`XlO_a}$(PfX1A?t)b4@}!|0e__~7u1f2 zE^(D5(4utTe7^txXu9gCrvLXlx&>4^Mo703g20eQ8l+pL1*CHfBn9d21_9}A6p)ba zZXDe;Hn!hB-*bNF?413xKX$hJdfxYS?|q)f3$~lD)4fD&OQ{{A^458Olq0CSu{#-N zfO)(1l}!bXmNqjn1F$01oiGlCEHBJ!E53?}a$-vUQndVxuM^J%TX_G6l=0(lVjO0V zJH3l_KMHd74mi56K~oCBVmI~#lJXOX*<17X+f`FL;z=syegtFt<1j|WTM#ep`JHbg ztsxfi15@=1GTT5PR^pMH0n07vUrdF6t@GPXS=2!eoVqMT;z5BF32nRpdE$;eAiN)L z=pu+S=Uu{$2n2PT$z|v(63f zdo==qRY#;4i2oRQDq2ERJ-s^{+XUet&xeB`Khy#5Lr^=-He*I-Uy`^#I%K!AjksTU zb+|v&RFk}2oNH2H0L2hxCsyu6kb0k&o&I?QTaz6%j_*xrSH3*$YJpXA=k@HfbR%=l zLZNky&rk(5@E%D6baBo$aLFK^d`9qPunz4eO}wy-rw(j`hGnOM5g{!?q>r&VI~svs zaY1h;SyFrUBCb|EH9yeKKEXu@Cjl&~ZO0Nua#(f=@?yp+Mvd~bz2taMoS&q>ptGrf zayH8vW(3byfhO)A7`e(RUg-hY)oi>DHMOmARI$SOIMWyV5y!Vk7nZlvq&`SV3JC`CglgOJaCa3h%Fv&x#}{1w`bO41rO znO`_2h{Lm2b~R;)w{p-U{Q%;;6uyMm&8Xf7abGEZRXlUk;4E_6rnyF!6H%rTWTEYX5XgrcR~5w zLzrOluP6&$OMwdVb$GRHufwG^DFnS(BVnTPUx`^^Y(6e8E}Oy2m&q&JY&mK*hOeQ?UGyGkkS7+LUgw_BMG`@L-Awq^ ziHf^#{=-A_@kDBTEL)C()YKpez;Np`M;!myh0OU5*eK0K1?TJd@ zDB`#d9b(&bQ^$NCd`LiYJgM3CJqRUyYx<_GmrKC=C0%kmVEm+RJ`4=wXOf^yB0)zhHcUb;ula@X3M)gP4wh0VXI>Kzy#!+bTvzbM%f0 zw2Q-p4LD;{zLGNl#x(No3&^3k z<+yL9)#K*_xxtUM>G?p)jul{Rm))xhqDe!Z_lyqR9%O4azcQE9E z4F?GrkJ5)DFmA=Ss;&-KR&B1rp~!$8%|GULU~ToPYSf2N#M?VFR0+*BRrN=%5Y!V+ z8<|IrlRN4oBp4|9sKyp8UP$vdmIMD!M5WR+6G{Lh2znvs7pLI#7{|CQR~ z%nhI_GRobD!TQtli>r<(Ye$>r!0tCBq-&!;O=DRJarjkQ?t;!zUUPrdP!RiItQz}nxERkhs#t0D^z8EHTF1;Ad|Ng`=HnA9-}AN$j>&yzaOICP0- znF}#;9ApVC6P>|{IAo0OZ*j;1S3Y? z0eNlJ)3?(xWj9fpPsx9Kas_DyNd<|KNnGh;1wA=<*m_-vkCD&uE8v568W~1HWYl(5 zn7ZvthZva606EU94>BBmZsu38-jr>5iH}7LRpQdwYrWsgAID}Rl(L5TZfH56Kle}N z;==`=Y)-|s zAE*RPMu~sux~{ndB~9rCfhA3LIL6Feld^2hh!&w7#H&yk0oKNYvKz{L`X)ki{0!|c z0xduEGaN3ut*O(v&!MJ^QY#s*AuU$1NNzL_up-ob?mDhFaoM1^zzu{%D|WB1kIwVgCeQ577e_cn4X z2jLIL68>yjXInwnMRb4h;l~?&5x{IS&NW*1qxrEw7iugoBjx~j`d=xQS)xQYbqR;! zbx5YQriWr<%8Pe$0R?b+{*)ummk}4Nl<74d;xf(OgNx$APg){ghg&=nG6qshqkI?r z9ABdlm&;?KA+9@{^?&p0$Th^-erADyftSzHCB=W5_&XVTubn?4;SrPEmOx?a&?9$x z%OT=f|L;T27aBcnPIIZBUzTz{j_r8HG|zB|nbDSE2PsepRbcXe7K_AbXT=vLxnh-j z3NR`JFzKP&#VV=`XI$#frqP|Ju6-zn_X9E3?*Qpvx~w;ylSH_JDEOpOm9JF-t8wqF zx&}D_pkobRh(N^$&svTa=<~HN2vbqhf?g=4=w3m4=cIT|tU)Qs=CJ>KEoryZpH%5G zdA4-nAxxy~z}3W_POrNC?AC7?h!-EP)MQ?6<#t`z5Ml;g-@EaA`+W6Z+bVxqmtTyl zgjVwY9)te*pd^N}5Mh_hPCCl^sm8Uwrs|gVbYq31nOyW%&rjJWam*Ls6BiH}1uK6F|1umeJ?Usr+CR_i^t*u5(;#NShOSBnPy0kb4uf)4$6p18XZS=M7^03gtBai?xt5-y*V9gSSzz!&3Rch7iKX_MzM z$Lc0-1Tx#1>x6gdOK0pPJIp1de_WkhuzYXl)+3>Q4uDJtSG6yB1gT74H{^F0Hst9O zEGGG!$i?RpI!JM=_~fU@^VDA8eNVrC@@%kinEj7q9}6fV_ucH6Q+!#j>C)<#qjngy zV7iYq8uz}SvJvu42IRqW5utE&D`&6?`j-LY`RRY;4;LHd3smX+w}T7+_r2-C0yW#s zs#+AN3+R4?xtxiAayv=@xVXID(;uQwB?9OE z=1Wdbcs#e>c6Bk$JUTz>>`~kqzC+lJ^40G5f{w0SvY~}e{DEgdgSRxdalVebCLJm0 zVGSL~^QjPIDp3z;78^xGcZFwtZt>p*5fwA+>JW^I{Z|d=BRVIo)#xWVT(sUboNtFa zt*hOYg z;-Dfw_kYW4py*p|ZyaV@9MTTcT^gi-v2DUhKFq9*Z>D%`XhvZJ+O;~P-(mJ9#t@9^ zYrg3HVRN~%>!bTiBYNos=_{FHwm`>=QM>N|F!W*$uHBdKEv&$B3#wAUPXF=Y+5)Yc zAv=G_%XrTRp{x4pcG0uy%AR5i?fLx!&&?>F&Bc#fU3b4HII;l~Qg|q&m?=bx-VJ|L z4j3^-kim#b-&@B%V$b@AcaKZWvAl6Ux z4^^=7)kHDI#m{p8zSR4O_Vd&|dKZtP;dZT&>y@|j%!crDxhEneI3}HOynP!U+S5)LVmR*h^03Q2<$X8NWZ%%ey{U5{-dbq$h`tV|(sA z9`!mPj=rOh;X|kf?{!xlJt!S2*ZptuNe3^HvaTR^6z5llfoj8#F>DTnQ$K_pX6-%* z)9R{!m|fhSNVhBeMyp=ujX^|7Mnp)7ec%K?9bI)BKZ|?geRq01O6i56ayty|U-F;e zYZx7unz%y$oBw=qIfEBIMCqxQ8n+4m`t3b3_tl{C`l&(wRk&mWS;Fk&_?s1~99eAb ztMm23V#dO+Z=1nPZ6Dss+!u*FJez-czZiGDfZMXarXaRK0)FfMJB4CAxt;ZIpBfM$SBbP(G+9OcvN#~qnQ_u6L)|c`j0E_$fr}-t*f!l3oF>TDc z>?_XPZR61lu8)JHL>30~q%j+JvnfR=0K+$k571=n=gNoa5FWctR1roXZ&Yq3;%#gngk8?~^%27jX?25@4pK~| z3-pr;Mp{IfMFhiJ6#v5(+b5u&MYleN&I`VtY+!{hwq%#{kx1g+vr*7r>NrgvO2Bj9 zteqXKy!2VJ4bb$Z2bw-%!>$?J3Fv7`5yKrq0sOv>R~BG=o+raxOTj}AKan{&oxbng@>YN?k$AB0`^Mf6`b z=u-9Mia`ed*Qk%khQzj?w8iR$aZ4vysPcW3e->Tqlh<6ULi8S-nD0rIYK)=`35jdo zMzF|)MOQbFv8C*rlIOQRXNUqgV$8qwq~JEd{(;3EHB~hh>2n)A6Q4vvrdjB&5affY z&h5iMftmeU!T`JWqg`1^1ODcpNex_AyTlxw+S?QT)KomukLXVrH(aHO?c7uROs-Y< z_UXq_K~WVZA5o4bwjiH}^7NXG2Mc5IgHnr6=iwju;{hI^l+xcIp%+cGsriDEAnr`g#$$viJJmT4DgFfPcFUmoc3%wfg3-_ z_^Zn&V`eTc|2{V;3)7We_jv}c_|F(q2N8dR zG&dDodWdevO}Z`@A>R=_Q@1T(x=&K3{w?WNkX!3swd()HSTnxe_6Vn3NY%7U;Tumg zb?S#SGe?r{i#BItQx;ow;7<#1fg&$|WBh2$EwmJ`Q31B2otXJ3MfUBFF{ho2nq4T1 z%sjQ=bJBOF)`5;slw7(rAbQTB&eQ`m&2M()9-~!M=b}kZtr4!;B%a#az{K@t&GHw5 z0;9}(7j`Y7=UHWB2WPUL2Qtm98=>0M0!|(klNUPs%vV_>Eq+y}woC}?Hz~;Tm{;Kw zfW?EezwB|jYhM(!tK9FIdtfh+{hlkPS;OlF?oBDx42&rMx$RllK-2hh>n~;RWmV^l zf(&1md{}xiQSHmF4OP$bI7|F!-u+<~Yl;>nrpb6Yetwr(HkkPcE?aHdEiU6{aJA5k z>=96S>kVN&#?Ite+b}0h0#(sl-!UHoS5+5wA>cw}*E`sRcAThU7s%rU%B%z-_Xakh zgeY*?1*P4~-R%M`5zeb({_G1rPpIf$hIga|{3+ywf$}p6&_|n?dibfvVJre`RV;6= zH$`_VYR$XMZdZ9Vg7J57?g9e(AqaswvkKu_!&>y%KP44;h{&x3$lh5zH~STN!Tzg3 z4G_x=)84cDLm!A|u*-^Kw!x}-%#K>}zDmDsBl|)e!gJS_7!uc-J5g{&brc!xt1MTg zPoM1Hy_L{5*B7#&8eEaNd9&&-{_!C1HFkb+{S};#|D@IFq&~3{T!D&cs{vR_@bS91YkbS zGITx_HqBMEFlr`gUEhamO%03Fq~4bwmoA^ol~vM}V>aCNY%LAG1-F37o$^b9z09aU zI}V^6vql=b4H@{zOgM8R(fyWb?^xm|8YL5zg73%Mi#Mw>`1_OI9gn8DN1jo)Dp*y; zlka?uX}j6aK|J51qL^qQ^F}8hTh{U`xEDdTPmVj?&;1ZS>2Jh*%#3J8zcIFqi3-|j z!Q1HEknfTStLI1sQ&Nqs;IZ{gOmgoCt0XeYe6w$o-MzHKPvCpM>Bxj)Jja*s7pfEv zs#Y5{l)1vJX_lMSDPj#rFP-E#XP$Sb%33)9b>S~#%XWMus--@k&^CLOlt{5Eo?Do- zhx3`u2xq6;zfKvMghF22wH@dMx-Y(Tor+IhFDcvYA^XhtuGx7OFXxeKVf`Yt{jgDB zHZ;8?+1ha<)?R=maUjB?)#_dFHgfg`Vtz8pP>_9E7MKSehKnP&iqcI z%q8z*D+Pa8UTD^t)*lgW>bWxRxm-SYSazB}OcKR~#mT%EIm82fvHcU0VJAJp_b#zxUe99Ab{;@z6YODt#im(pP>ISPbT5s=}| z%>#b(0`+ob-sP9HUeCg&0q;b>$NkRI%YdHiR=1|GvP*?WlD@g_GY8Pq8&ZPKBsP?n z+7G+gjlaw&=8LOd!3gl7gth6YFG@kk0tgHc26JF(hrFArAy|1cPRpr zF^06fVnIRGEf=+g0)>TCB5pH}-FdVckKK_0*G4Db;v-@#J^GB1Sjon&-BLvf z9DU%hAqcXb|U;=2U~jLGnqzfEDu)_yEwI7{_mZVM1`mFLHnLXLx9{ka|>oB zI=*SLNI;ux&{@Z_>++5^vx+zRD5^7IzYZqbY~^p0MfaM?NHh1ckzsxqnW@VTbFU`b zRHzmxnT)Loiylw2Uyj}0&S!@lOy3H9#Ff0atcBbjdtq2^%lp7jHa)eqEfG{wrwK}y zHpN|aGkbm|ns(E)C5?Oj)NMD&!WcUO@HLO$U8ZsDx~16k1a-0Xg*eZ#E^TVl6MLr% zr@v$)jiD}oLah2jUqE5GX;auRp*={R`jrtUcE4ijS0gDTl zoKBrQr^?Q59mLoctf||K<96nw{>y3MFc+ig2Ht}up#$U8^Uo$7TeZ9=G@{j3 zJG4TkR*sr4mhps6=!8xp`qzbW^;7vrcAT^gpx+^g`LVju!i=K9SDS;D)$J7K2d@Ed4fIk zWKgxh8~kO-+fmxNz0uF=ucajEfscd{RBaX$TJ2!LYe(ifd;<5a$6Ya%xE?jN)DH^m>c9m`>f*Pb`Y z@HC*+k`63=XUo{}J*Y+b)KFCFwJug{G@2|FZW3JA?5r{*NDW%$#G65dkc{X>4>%l6eUf zn1l=_%J^S`OquihM9_?ti3j@=RZBNvD4>sYe5;jTQ6K-j;VZ_c1`HP2Am*^sax$4% zGD|vH{~X8-gSG*lao?*64|-q#*|9|v;mBWR#xqX9?A%*jUFeQ9s`KyP8>(qLK4Dq> z#w{Xirevda1vN*YkQfnNDxYyq$6 zeX+lq7Feb=eVD8+R<2!cWrg_T9gMd7U4&1b6gT;={E{(Wfo`@Ot49e21Lv(c#Wn;k7Q33!?4_ zpQ*l&@HXP*Q%ky4?wMUW%j7(WxM6u@z91c6$hfZLSMIS^p-_aU@Eu`1ZOV9B{uMSo zB{K5V(WH`C>;;nXt$s+d?8KYa!=%!J+l|ToL8+#HyrFg-c}pB5fm$lYPjA-W7OnpP z(m#dNZ+P-g9)8u46ELtO;cEN5QS)2;Ye@Nop9 zX@)G~L#`^%f;NP#$e1j;Q2+L?H`rhkAHc()-UQJW39djK^tMLU3zonP|4|DUW2tgt=lRM!CjC0Z!3tBEIUv`lOmvLXl)AX?IMlx*u zmuA~3eU_jUCBCZo$5WI&s*CAuqo9){t6F(lE| z0RHMr`kNs&yPZ%#8K=gzSEXCgX5~R%G6kDT42nr1nOvw3It>llpU^3A4-3luge9Xq z8KPj#iEYR~LK+5OU3vGHawIMlr^Kj$vbGj}{KyRdFU+n1tsAq)Si8@m^)G8X zhGGNn*7B=1Hh;Zc17YW4u!`nnAh|d6f*-->XD?W*hGdyH8=;*wCX69sOX{~6WyMLl ztJWEOk4+iHdk+%!b~QuO&aT89)ZMzKFS6xdZ~szemuL4*PX0Sfb5@?y4J&={R56Y_ zLLNR6VYvOpebRL+64<`L?J)9=xa{X|wKM~x@=I9P_18xw3u-|5GKwcUxhV))(CR!`Osh%$1G z#PqC3+6IDN^_}s17xb@COd$)j54yB?g&y$xn*Y*loboG$wKe^1?jV<1XjAZ$`)~KFM6=S{Dy^_{&E+ySuxM7z~Wf z9)>PXoFEb&%mB7Q*mKK+6@-SPmt1YF8>iB-m-tb$MDXZll{opY2+ncHbpZdc)PgSP z)8~1f-d8-WuU2!>GzcLP9w-!To3br~ZPD+z2sw)OWjiDQJaS-udeFv>9GD7whq;P- zP1{OrM_voXP;sWyQ{;X4vd%Z$TBXKF@s(ECk*XE(VioQ5J-@_>B*YL&+#MD{IR6-X zWIqmPI&otZNhA$}oJfgUVhX@saewTb*mLDRA zBnO#&fyJVXV9-b8IczGGjg=7#27uTW8aKPvlfuSiKpddVP0#{d zC2iM0uTZ^$`mUI(@!~bkvcqjoMjYN4*yh>KgsW9Ax=vyXw)+>&k1p!PyO$d>;D@Z?H8e~x==Un+1FIVTBwc{sxTS_fbMUK)ggdaq=Wjdq0;rWzv& zUkJ5)uaV1NBV z8n!Y-@%4S=nRMwmU7K-EbHQm{OKqbv{RJ0D@{{5}KpEFZcrMS?Q@G>{;PTkX`|d_jS6Pamf5U<2r_6hU zl7S~fSmucJ&7O|mdR^sLXX@>c0(5;w6hP2o6q<5dxO`7W<<7!e5>U>g$b44VgqXKn zB4mH{AL(VsW6vEX9$+AR0BHMjH)r*u+b|?DqYA;3vHOClBtQc`$RO!{Zx`;Zgp8~F zKv(h_!_aRpr4tux7XkqHrE!xu1L&SCnBgs$o1l9tDbg9geOH@sCaRMMt45yzy`E|AjnjED#SmHSvhBImUy9!*rTMZorOxGb56juz zQhxPTJozKmyg|^y4E1a39X%5&X$l?;W|qBNHDGrel}^(#Ar$_~$sIPYD9)3Uv>DvERWH9%oZJY( z_k-ql-2{pn7XE#qaa&gfxD8Lgf`hEWEfcvGO$h&BPDixyyv%-3HhFv=w{tfk^%H1R-N$B7uybQ@9JtpYKk@=k+vxti4*1wEgaYE88&- z+m6!8;+2#Q_Z-ZdlVp;RS#Quk;U#sotWW&Pc5^4M!e zc*VG}V6s~l&S~`t8oq}?1Ki>cD|t?h`y1N|7rfd;X2)>+iUiAoH5A*p$#h}=2iPG= z$(!bhS<91kKc2|Tv+g%Pjj(FEm)C#SRP#sPf^MD*i?sk-zA*Ee6A#j3J!9|f^nJ_I zE7+d*?iUAn`FOqM6w8kZeKuZ0z#tG904Q3*S+i_&yO9d~Sd}9zEl}M|l{&Y0^U~)2 zcRVfEb-YB%B81<7px?gKv6Tqm+AK4tKVhvzJ z`DqW?iy^+O{#}oxmcxc$ywOYHz^ac)@9YY2x+(Xw3-FO%0TSIChqx)PT}zP}2T2PI z$iLy4$?3KHCle+*T=Rx?UT$b@Aw1QXrSS#Jp)aG39p5BAmzJn8-P<@)s>Pk|5`P!e zXa!vo$*FT`Q8-O?#WxZEH%}lv7m?F?sEF1VRJo~ocTvBn&i8j&hoINYo`0Bts#f47xkRjLfmDd8? zAiy1NyI`){I4?eV?x|2Q8sIypVJ)VCT8{+TReed3ZQJDj68&9MsdFQsFy*qvOh^=| zJd}h}s(`A69hP<-kiu$fck35XlknHTBkrb}mV+F%`Q|5e9YaQ~E3Up6eY# z3UfP;XELn6N2^}fc@{JqqDI6=^mFx%{Nv32`OJ*oEKtIB&ok|k^wHqVDe+F^c0I8@Ff>zCZh7xmI!Ojvf?u zRJx2fD{89)!}GcAgvhJZbD;Wwsf?7O(Xt4G&nn<7Qr@j$)aX_ebF!|Z*jk_i->ED>VJn`=D z$885N1MH*J6lr*<#3{rkess2&(#;{#HbKq}D54%`EA0}I2EVLA1IIrUe9;3XRHX`e z7mc~iCr|m;X784O=|!)q44#W28vH7E=|om2_`XqOWvm8Xv`xN?cF#SJ+i;-RST($B zlm3EpD#be8lhIQ2=v6=cuH1Ru;JFSV!vhFldK(Y%)hm+t(zkjL{wKdOyFQIL_&yypjYo3^W~} zs0$aw=vR=cXu$G)=%+>d(7M20(xbuT#Z0l;f|25Jr<`a3OzZ zj~0kn3b&Z~Isx=>UGb^vZthR!A`t1j7ui9GbTduUtwwHZ>MNeLdPMXOyc(~_V01cA z>YoF${0k%_Lmhj%7o9qhL-w_xXRkAw-HUVB=k)ZAyvZSU9LTVB^W^&)O@EMEAu_Cb zCXWx9f8>V>SU6Kh8^0i!fEQd5*|(s5Nh&BbES~Yar^Trn!qKPM=ew4G;*6!8h^M$} z)ji5jN+RoY`O|7Y8jFC(irL-!h;DcI*Fo6(VtQXQ``nJd5ii`%MldS;_lWNLl_tU9 z40w!NPsQ3T+!(=-yv6F>6fjGG1ob)p6Ss0>)QYun!N}vN5NCRaEO?BDoe;Ik3YC*iU~ASz>VH81N8-%9AA6^e z64*l#P3*mGCQ+`+RdH7DMA;^^nJ^T=hA~sID5i?+(qn{nPY%(U(O@4cgERTWANSum zuN4wkR(b_%Ez$u*1C3-(Z;JNIwJi&#gKEL~f3&BjgJi8Ss*i$>m>SCK-r`|+v=7hK zmxBWhX*cQi=YJ;XH}V3Or2xDE6t7C)ZF}IwwKFUC-$&-lRI+8?LqC6~pes-3O15t< zyNxv*vr)kA_>F!1$@<-QmASSM-5c{l4$rHIF&ji`r9?~lL;bI5!!rK5o}_!>25a{& zs6d@ue=e1$tK5f}tnicabnJ=>Gi2FCdrh&*qm7S%)}d zpnCNC{L8B_Hh+E7^Tn~9SpSO=@;km|Y3($}V=DEVyOhbRvSgG>h($fSyW5yfnR`UI zas?`?YR4Ok*mzg%NJX_r78imBZNLF?41K*Pl6vEpcuLyEiaMHE7ZBS6Z6MZ*5qFIP z7Ve-~xZIr+k}v_~!FXwrBcm`3S-hy>*oAPJB|(DfxorT;uJ^aY&oJed*5gr2y^m)N z+X@3y`q{6@c&9TjoHIe=kfbI!L2CA!Z{cd;WduX0osQEH0x33B8#NOOYiJ+{a1M%G zj|9Ms!>=Ro^8=c31+mX=cZsgfS6WF!j)L11=8nDZZ+ORZX3i!4WI zhfElHFH6u5GO{%&yqdktM21X+C?KRzR%RJL6aZ4f$6p~1mkr8e#lFW~*5J1F)BgMY zbRG5YtBr7tPnErWq~hOF{!}Jw)x8xRJFY1aPwoVd>nB+c(r}`1GPT>EQ&lnRlck>K z-?9|#*gQOjhNwG2FT14AYY_DdXk}x*e)m|j>WVhCta94knyW-1dDR=QoU8+~YcXV# zdGNY?NwV?Z&hFYN(y0^l{ANcQq++er)`iSU)^vQuTqUaPEHUw$}8emN4fwnve`S z$gW(P$6w*ksMC%7UBL5l)+8_=z1-j>SU zO~+$tAAwq9_u!G&KJOBX?tuN{agfN!c?2kHJNOl3)Js2mCTvsNl0gt#2H(8FNu%RR zBeu&!e;tz9>3F%n3=Tq&G66-S!+HS^z_qGK(N=t>5Zj2S&-ad=#FHwmj%yB{_I0Nr z8;cScdOIUjB)x$UIoCih-QV7=E0xfyQM8JF1sO%b!?KgkI<{GBy!Y~i^eE}KS zELf4{GumylrP|hJmRbA_u~t3|(epWK_dClX%Jt0DQ{1Pt|K@p7tPKjzm7V-;1-3lHm`2do{Z*6fu>xKMyBY?ra>4L zA5z?x^C`IAq}|iKvy&rGuhXi@F}cx+K7a453d)bUhq~WR*q&3-Co-p$RatnSBDK=* zpRqw<&w%GpqMW7Lzd-NT+BbBx7BEYRN zok?3IB+wa8ShC2Gv~||?4RIHR@NRMkpyvLwe+`%?yI_51F61)!m@8lM`j{cny#b52 z?{yjobgF(k39R?#lUi)rSACr~m#vkhMzHAjGkeka)3K*<)dobEoc09KUFLZE>;{;9 z1593t2G0?^?-mV)$)ju6q+SGINC0z}hoH8r+ZKyhbcvj-``(~iV{LL8dzRF*jeKRA#XFq0{f6p-6If;fS zFx5;rE!x_f1_m^XtlQ1-gKqUh_+@l{dV6yQ;GUz9 zB9jkze-#d#Xy?V*%-QW8*-Iw%KlP91Kbm=bz6wJ%se{kJ0~$0RKLjMSn5pJuc{DIG zY5(3(d~ip0fx|SaT`MrM(|<-MBFVy^KO}*9QYBPi-PfLT#Sv+z=<6ZTEsuo`8c0+H z9v8b22004_e*yXG+8k0NvK$aqpTi>ilsxOG7_s6S9`?1CZRL_seMO{xAoImUgg0rW zX*!pvd180<>Q%6a6MIVdh~jxeITD>4GyP9RM_WSy<4Br)WyEkP{ElTiPv9^wI#>R& z$bEt5aHH=wFdlT+)6Iu$uecNVbW4?pVi)~719<|A8z(@!MD}p^IkvJ|lIvV_Gzj*B zWTv#PNBEvd>mNM(NE|VG)oKi>!l&b)6K`&mMe1JAXzjeY=5+SKWV^C*8>bUmwa{ z^MO5?e2!F?FEiJIzYE_F53SL7BTh{HXJa}$XGl7`{yMGF0!Pg8DYq}yA_TT-1E8y9 zEHY@cd3rcMTb%ifPW0tWP%-H%V;fE+2Av1z5w}z>D1-z@q zPsTBaEkwCrFw@CJ^~^}{Y))`uB?#ZWlNbkG4vnuoV1$G*JF#)=R3Y={DFv1?wO_Uz zg};wf0lG70+1Hj~)4Z{20)JYYPG!yrS0kQqaq&!Ja5@1r?DQICxVlEvWj(CJ300MM zHbwsZBB^|tVjk`CZi#>2lj(7ixeM4kiLoZ;;SbA7py*3}zC6abBKYF=X>Y#3OaGzI zji@3@fpuLjgHj?L(hEUo1UkT?pITi8{miVVW)Nzt6(4q=+zU zG1(?1GpKGppWRkb@WyHn2=iCeu1saV7<48025L+~nxn5GYKWAgrZ0N@7aP=?S~+1ucw(Q z9vX6PVfFI0ujha3HJ8&n#+$;@rvw{1?jEeeqW|%itv}NdGj2A__z#J5!|;^4YE%bQ#68UysKevL z`At9Ej!tQ8y5kSSpKJJl7|X5p#mOi$;N{_1TG%)7+4f~Uz6#Wo)6;LkKYj_JMtJ&vj zT;RWxA;m~b53?T>o$Grg>K3)^fa?>haZM>m+Qj-x`U63`t)X|aL`gn4> zfQp5I2685ms81MT@vXBTWPW6nglh9MVO2#u{xrP1ol3c)!!v0SST5StX_55{iv&$_ z&4Jz_Tkx1b(q9#cG2WeBn&>t@ zlQ{((-vgprgRy(B?mpy6rTX{u2!JN;a%FdEky2gX!)nUf98>>_G`vJyraUK=Zi$ME zef!>tp{IIUoasDFkUSV0MzsFa!Mdi8igl812KjwQBvrCC8wu@4#%G0nfd!A=vjq zzl8jkXLp}rXi)dJj1W6dTl$>Wl+m`aE-;-3z4Mar6eRsFVC@w)Fvf=4^RuxP{B^*D zBiU_?jD{N9Svg5&-yDD6V=Zu>Iv(TNj}U__5`$(zJ2&{Y{s!s$7t>CR@beo{9oo(C zDG9tGLJTkT!#BjE&qDPm@6pg&R8=4dZ<@rf;Hp|SdkrUkpiPhnXRUr-cKj&d1TR8WujV-RJOCC zUwXb$7HDl_r`knjU~EUmEm175`YjeCC98gQtEI;Y(sk1O<#q`yv8MHXTj=O|{H8L8 zP^^e#fh4kLRPI5JT4#Tj$)6-B`4nn<+aP zPaXcsk8#Qw(GDHk#cQ?DNxAdV3TDQH$JHc=%ZuWS^%Q3|?<{=LF=G7|p_m~Of)D;d z-Y!h52zPE<+3F%lzWCXPg`{r)=+m&Nb|qE>o|T-Y5N`b))PND62lS6j zs3K~uKei{tV*)5HoXJsJnSJfvGpH6Kre)ROoM^ygi<-IF81Q+3EH@?zF#nD!YiEw3 z2bt9PGgf>fsul_7%*R&eBy@aki?$lo?tTi3|c0e4_8x>*1?Hmc#C9|L4SA$@g=`rpkZ#Em?aL593eP)V6H2 zdER%G)TuEl!(#)xB)TD)1jER^q&5R=Tw&u~X~#aJIjekFlI{%cFL!8d##HufW@KOO zQ!b31-{o&h@LV)07r`aOX+KXos9YIQE=;3)rT=@BQBho#_@ zI>T}Gs7T0#>fqfIE}N&3U)NQ`@z;t66(?r!_o@8&hsR#*F7JUMxX9@|He~UO?#md- zNVe+|8|WKlGDLWG;htx?bm!`jEMC-eSKYe7!da$jWGF&!HImMxMbzu8rYVy><<(Nt zXKLB^*;?#%4KG#4TegxfQ>MEkUF2o~B)Q>1(|)V;O`K9JPtse%v)gMGl^J)}yCMS_ zFUSpSnRJ@lwBk?CF8fbG2Sk?|yQ0sO(o1%y)R*T8o^XU7C;v=8*H! z8IbE=(AlNM82n#yiwXwmleALDvpB6iqys0U3$*ZUI(ge5{9rfB0X!xN$`hKiMILP)2&odP25%x-hw^X7p$veON$uswrGdhOy}`Rv$9Y5u#6hhr z|3MdBn>gPnGo-~`gs#{go3Ozs{>{|kT>Lzy0zk88BA(B6dKfiZNi zrApI!mX}sIP$iJWx3A|P?Sr0Oh#dQ_&p!1o@V$qzqqd!BjauLH>@U5`+F%0jd&9EB z8NlZZAMj7pPd$1SlF#Yo2bc@!>8 zQ>qmd^5cDcI)nPA3qR_h){=kbe=FR*4r}b;PJO4GSDTW*J*@M|7U?dn7~fK$@?~Ox zv^O@+keb8WqpH-KVgP)qh9-CY-smX9$J@brP1ZU6!zoVQ&BC~_$3+h+E&GVF7$wD zueS{n*IjM?i_x0`$LFQ`KgB@PU2_5ck2}91Wd*f(baNX&pD8rZzjB?@)~1eAT^-T; zaCZ6qc~d!$_b3^7`&Tc>`@;y`wSsk|=kK+3zNww_1eQHw3IW>ypM(3;w2z|P@yOx9 zc(~Y0$}%YZknWJ~apvWCdD*AB`$?FWQe848Dhfj3%7I}1dfDN*!^qPsvc^ji#4UF9I_^!+ROTA8V2fVY@><0Cz?M-hhKdC%)B55N>d^ z<#zqXuHHSvR{-~$)sS@#(tgasqT{N{@aE`>A3s$`anlTTGf$JuXsb^A&qJEXf%Gv% zy~3eOJuK#|5@XVm!7y{FX&y+NZ-r2xwzymK(EoR@DIQj1g2-6OCgLV)pmZa@nc+t1 z$Gt;Uws-OU9d`IBaO1CHkWfR~d^GbqAF2dLaG`l;zOPI01Y}>R4y${VyVE73iF-0IQg zz$&_wT+H%g%=b@w(QO;*|D8FuA_n`B-P_JPY-%LvY#{IoW1z|-(o zK{G?A-^734o=$>R@M=kw{CbSV)o%5mpKGQ|>Zs>K?F~KM^t7x|;^{1z{m}lmVb}{f z+6VaD#d8AmvA2)NYweQ+)MHkj3-gm1<^orcJ-t?!E#if+n;#K+JQQMWhhHS}hn7cH z8u6$)>E{IT5>{`g3*~8b*&`oZ9k%eZ|ALzOySk4SM_V-Ji^q`jMEYgap6g1R4q=lq zC7_)4lD({r?x!RWtMNH)=NV63*8!K00?a7(QfNf9#_(6hJb6%fm0;sv#kgY=pp;{{l-QDuBZ z%kYd^NhG%Kzayvqjt{qlx)B#Hf_1Z%CDuU*q`N@<^9D)QmYxoR!CQi*hWSnbfH4Z> z0NV-6f+7Lwf(-K!k{P&k$RH-k0SAe2m%k`O5%_bdndz9LC?!4wRg0HTe@{R@ky=vR zJu={_*A99Gk54zGYhib&s@fR7Hq_M+=};DW*2Ss}cU8S>JbSmd_rjEbr7&<6!uhPP zy=#Nqy~l-OzG3SYwoe!1$BLqi>`e0PvgvhaVVdMQ)oPUl@p20)2ellYQKv^!lqbEJfbB4o9D66KHEqP|m%+NKj&npr zZHnHHbmD;UIPgCbLkh=cZixAMAbrZWbtsz6J8^3~3M82qHm6#J#LSmEi1Xwte6WfI zc`c57rek)rXNOf3gM`)ahO6Fm&I?`2u}pJrY7uZ+B+N! zh5Ef7#Ax>Li&AmIrPKLX?=_F9Am3LBS>7}ZcdKb{ zu?4od!tBUhczn-GlJJe3@^CgCVmH1}E6Z$%_W0;PB0-MHcOQf)E=A_*#%YBE{?Yo` z+@OE|0Vn?&Q*uHzk(W~h?F;vLnvm*bE*@J?H>!=}vPTV1`T0egrSC2sr%PSPWBtc# zyqp$xJH6~Bz>W;*HhG~anH{-stV}n;gx@_l07mZyT>Yxf0d&~oV>~WH0HZKMqY9%@ zRr*JziyqRp#wInkQ0<)njQ|MskG@j?|6pO8i8Aue`MKdABEXU=lAH$M0D=eXxI~Tg zL%x|KqjMq=mHt~JpJeRynJ*IQ z*HUk-AjhI*=(T2D1t5Ev;8P0`)PErrW*5yO*Pl|*Sm2*L8GI-aSw)(grv(VND}ilu zoj;mnmnUj~i>Xf8lqlJhhLGrGZ~rlN|Ng{0%daDxWo^@vA@iggP0*JRFN3t=Lb>%wEYdbP;IwbxF@uHXf(m8ne*pkfYQ?iea8MXTBEK z{Oi}Dmpa=%bqVK-ClHvlQi!fz@u|wizv%o1Qz8nN-WTDUJ83j(JD^9wp!9>CCR2Fn{Q-4^7gvBPuO;Wyn5t=o)xgwOb8jqFj+W zjb(H*SsH~#daD0P3Z&q>^{DfBi7hUM2!GZsTksuMe{B0%<<^8m5by9jIh0b4yX(N= zuQBESaIi3}VPh(MGeyQjbMxnTC^aZi9iwaHDQE~Y67<2dqVn864&NjJE@lW3tGkM|1RuPY0$qq5im@)-kjxZ z=DHCkX79qs>4F~ZFn@7CZ$+MRq=2QP@dwU>M{i?bye%q;km2?!m{s+~{%d+`5tdAx zTsq+f4Bl(aMpx6m50w-e2-YzlH{@bW-RAu3cchnxS*OM6KSZ)oiO|z#BVRi4;zW$e zY%%j&x0|O%%##=~bB#8XexiebN~8p?&3{~|b(TpnC?{nhLK^vC6DJDMDU~$8v>q>A z;a6)Z7=Z6LvgQs+l!fMG0Hw>5a{DzA#_N?oD{k~!jPGCbV$f}C;b)V{l+vWpy|qY| zU4VuHvW0LsJv%>Q{2@V>OqRvC2=VakJbvyh&(7M;mjeri{&e3=)uxQoVT_ybtcBm9 zo=uY#NsPU$w^iXkc$CGP70wiiG!QSfJ8A%a!xt^-Mi zH)H3B8d#izWm;{FIU$3OZqtT^NBuey1^%dUalH>gq*JuPZ1HP#lNfdMJ z@obhy=V|;-#uM_TF-DXh%Llxa8$VvD*P@t>ooP1iELf>LT&FP=7RBL(0YsEA(u{j@ z#Q&f;2NkAk^qm%kaSIU^U(#Y?~5uQmK^<}Mn+C+Lg*weYM$W)=;VIUzx@6brI0dLY=Kj0_l_wyeK zv4On4BM-xfFog9`0qv`v8X9q8WXX9(=L6;!Z+VaX#^g?V`ESY~VinXwxc>?8eD_p+ ziRYrh#y)X34@awcnqXKk>=j>LjAo#6*hB=iPiRlbX8ZNGl7|Wdw-xuE&il2H%kAa; zvvv;xg>?XVUL3#3F1~~FZH%lc;iW%o^>s|Ec%zc&bQmWjuSVLNkOH?T=`rw!L3}D2}n5U^ItUe3c6+y>9&_o0gaA} zN39lfCgJ5uSiCq1zgO%)l)(wjj}iScO#elb@?Sa$39%V4qPhr~VFsc7X4oRCPuX|{ zUDf?Ep7%UAuHRLmeI+tC-yUpTnF46Mm7veBZX;ZbVfph%AtRtXKX_-_%YRY02amCX zja$}9%_~mxcBy2xDJwiNAbc`e)C9xEam@R?Ydl26jOOLWOHqRXzRS${F*+a2PXC~1 z&D{2xUsCeFvRC@wVky@MD&xOT{YKBA5q^H1#qaFzErR(TBM${b!4F;jJG%l3DlsZ2 zE5lKY@}*8jWQixoK@3Br;M>Ca&``YKk4T}ie#>Kb+1|s~P?)HPx2>&hqqPVoZ0{*x zFL_mLf~{^bTWsFT?B2_jlQ1`k-7J+4Px9j4_>CYsR*&i=5soNb&I8cDC0mlq{5L^+ z^CMnX{jEDQbx=M75;1~2D2qW}g+Wk#(j{#aOfy{4ZMh#cI0SL$(vE>IdU4c8k>UF3?adl#dOnz)VSMI+BS#p1Rb6!4k#1KRC z3z5!13zb7$`;~9)hje~!v#;mc4ho~lfk~^%s!|r+mopuYg+hj;s z(A{fo`w_zP>?E{XPhIB zZ@x5BJ;}!(cX#Gx$S8197guLoW1tm|D$!Jqx+n$pCl&0Gq~TYlpQaO*jSfLCJD3Si z;re8UclayEXAKgn@^;aQut_!Zow)BP-Cq8ju!%sc-t0~;Y0Yn+S-55JQWpsGoHp5P zOJ-p`PB3{UnAB!a{s(A;_?&CU2~6IzAx?3&i}lfLqD;mqHwZ3y1u0WZKzl^5v64jH z_$(F@i+T0`UVvt|^^x-e{}Jj3s&9pc0@vfmkK04o(M?*o4f~+6*FV*BMqx9>0`J+> z9qczl_#b(!tbTC>89gLyc4xn%{2bQ8KaifrwD@!a-VPClh27b(Gal4QL~z=B}Y>D+bJFB#wS3Q^T%q-uIW zx8)aW{=rhxv_5MT3%f%E)nDx^!!8<_oDKPzof(fQdqu)NhLawf;Z6+A8TAd(-UoGg z+HVAbWdRF9u6{c%ZKxA*KuZiQ|JGhLKg=O_HA%AhYd5I`-K<*;BW={K%|*_B%bxiu zyNf_+{&c;z=S|CsoOClk6Hu(hsr$fJ2mJGv+H5hSDT z-4P`d%Y7MvYjwY#s{>Ned&%qCU8e}&1qnXAXemU(KmLI~a7~6G=p5%EUrF6k$Uewm z5#B-9UxXbUD8)$aw4}|%Pqm<~n_pXH@x!1IW;|x&8Tir|t+a!&Q2hGZSpKVzIY=J| zC+Q~Tv{oq7`UI2x zmy2`=H$QbQfmX~1^fZuIvZ?EqYUc!|o!^M@`!qN!Mb1W!vXsb)2kLp;Tqs}=70cJ7 zwOV-|?VoP0Rv$S@bI8!0+(qdMjI795lJXDa6+zUmwyPo($?rRN`P(OUD&vuTaKmr# z=GG>0+HqWU8^R%7_X6S*?8(#1e47Y7+4g@uSJv+851v`&&Z32yS8WsXHOKkyt3I^& z>abW^#+Cz01*@fVKF2G#4p=E>L9j~h1Sha+)F~%Sipx8ZS|`o z{c}hhE~37(Qc+?cYv8a--YFNMbsv1d18-{JgV!*TEF1yhxSb*AVCQ8+#Oc2l?(YuvA!5`oQ-&X@h?(q*k~hXDx{w? zB&_Atb!<10V7q#|UH>Pe^{=;xuGw-8(vN8dVxXV&M!{c!<<@hm=0BbVGz;TmoDZ-K z$3cSXM+2^ILd}8?Mnx4R7iwDUw29FRB{>zXuY+#OJBe_6-P-YGLMt1Q*m@d6oWMmz zpQHjKMU_v>OSa42u@_cg(OSIwmQeIl#UL6Rm-;an1V~8<#s+)?H7%9FpXMxuMyC`~ z&#}2`OlW5&P`Ci>3EdGO3@JulkN0r4jVV_(-vjJau2qqxLt0q6k?z{nT~7m9m)Gaj zEw^=wx}`U#7f#D!m+J68PQ3^a-|@K~JpzoOcVae6b$5$Cfh*a|vr=uAArm~d&iefz zA(`13D~@flGhaacoK=S0uuKMr>J0rY1TO2-I}iz)Xw1`vdXT+}zoS$cpj8yvq@9yF zz#nWplF14Jkq3;fH<;!2{JyNtP*t@E-fw~zc_{tmFsxg*f1bLyC$rJJqNXh z^RP(x{<(fw547S8_xBW~u6-_ul@gahfE2G%e5u|t>STX=)69^`ej=|yX0}254 z$?x>h0FrOiUuZG0&4}8`;@*m~6ZnOJl?6+XBDRrI*{jx7u5>W9@B|l6)4ff(+P~H? z9$+;Sbk9rPIVIWViqN^~M30)V1-VU&?hT;I#9(x~JE2N+r0yCS8D-gZn}Q9u-6<%3 zU^laDdFW7)?_rYHsCEpTO1B@|<)rYg5uDgytEZd(b-yKD_pgZ>n)h*{!vT5H;izF; zNWI%cDV!oj0#F0P1yp#6kv{Yd-cuti{L76$b5r7?1&2LXNF6KFhAWKJQ=LdEX}ztD zf_@lw4Ag%f2_^caL!zWm9*fq3c!w?~AR%7L z=Yo6s?~^sc$b4yFH}8g$%(sTG2GJH0V9gr4PaCgF%CMgHhA@!m18StqluYytd^?si ztd?}-Z09&IYTSPHJY05IDryl?`I@hvCbOVg1Y5bIu+B^HwG@Di*7{uPl6TD&t za)k!%NF?(}>=lvJDo@L}%?}x!FIwn6w++8K=2TJ>r0U?JTZ#0&uG}uG9+j!Kh|K+V z+AN9{U<;VW4~zs^n1Pz5u*o|o(Z0!vaZ~N4-cr|pA>LWh+I&<@e!vHRkG~DsI)n}S z#omSRy*^J}epr78>#LrS0h=u8x;M@JqbA$LkD!^DonIw_vdZa`YKY-I^8_S^OuL!Y z&I`6>8=&`#awKoMx`eOOYLAsgNcjFTR(E`yfR1C z7-4OiKOX=!ipKpDZt=o58Sg)18NZh5Jhy2%eY`GNfV03*Cfkud{lf%&oL|QT46Fih zx4+@v$kEdo5wfo4QPL3u0f-N;l`;==zf_|f_a;Q}QX!60bPI58tj4b#%P`peQ_q}t zs9qKm16*-y1H&JK@aDey?^Sv4yp~n|GIf6-7xYv>s9mCGOBeZWv1jk{!Zvdj8l)@Y zn)nP~nC`FQ^RGiE7OZxE7@nzYr;u(kVooj|Y8ee@bYO(;B^t(qisDcYaR?NK%tu4P zmM#EteGJ|Y^+O9-z)3wEUJs_O1$S%{pj147uo)A8(??1u|DcOYfq(c{ba7m#tkN;g z^w=xraAam&SLE}&S}WhIaZ@>k>WTfpX~#+E%6KdRQHVeCQp3cuOSs-@ebC?cM`4}$ z1io@f-{m|hSjxxJj9--sN>{iD%9LeUR>o`8w_0HyI;gVJUg&hgIFWw2rVpS3*`{=R z-PWtUAyn(ob$Wp0G1Gg8Q%X(mMZ!g@a^6@2Pl6HqQcZLU^0M9L`L1A9gv755ZJq*|fZke>PKE00>@PS5Ergf4&pUrQ>LzI5CCMJMp_njMxA3=5=w)~E%22lV&;~cJ!M_gg%zk&( zMs6O9d z!nuk6j=eOH6&qlULuYHRGVbpBqh^NVozUw+)Gs)ZHkU;C^vpt6l z>Xx@B+!$L=*1sX0cO203sP@W9*-&aT9a({T(IPDaARRwuy9azAL&v5+yS^G!fgTz5 zPG7M1ggz)nFm!*;EmT(R{-^-XYeaeHLEHK00>=9b^`kAYX)~-@K4{Tnd@Y~)1zC{w zm!TFL$^!!{`y!zrjp(8*M#;|r8eA+>U&1x_FESI*=eSASi_a3*-pXzdRqil5j63v? z7jr9|U7>5>?!Z@B916U>qak7wp6d_wD&RNK^ zXw!gC2=Oag=Tsg?0Rsc`KKvDuxj7#loW+BVuX|*b9KT5+R|yAW!ge7|$QRc=U%-${ z;JbTSrALZky7N@bs!K;9ge0?T({`}yr`kM>dnSnh%m15&K{BrDoaLY9AHA=>#ZDJY z*0XEy+)=H@SEI1fhstfJ$QOhb$fx~UjE+q4mg9`qqf}*olU7do#^6*a?mLcq-c@G1 zd~GjkB0>T?CPe-d1kfWyMuAQR-g z_g|SBG+DxV0#4uW+RqEPRc>gs5+9xiAHNcstdfx>8DcF&b>O|R*_Jw>KVdH<71S;Z>)Y7+SONQyl@Gf|h0s6uVvLzvP5Yql=dgzl zRlb#(&*xC=YU)72F_l|lAGXxR}>#^pyrtksNV+ftbWw&3@Y9 zovzrph~I#ZgMWC#834pS$N_Nn441Fj8X_-Y`2nfOiP|dqY-%}6aF#2^;)u_IW3wfG zUw}Dn(cwkblDQTd-69`?ybn@aiu}x=y~cn85+I<{m*{@g3$Kk00{`pj*7sS|4K?y3 ziaxN0rUh_3^Qwlf_ZRYXJDt$;Df`2bK!(xvJ*^AD?&kID3fj-kRggV4N7*8` zh&xAxNE$ktv4!5%=Y3l@Vh-#OW+#o)7G3I(V=GXjaBl`IH zVOY<60PEpt{@JDLxN5Chukzbsol*cBJ!vyVWti^kU5kxJzQd4@Ve~gHAO{-zAZWfUhNvg|yh!zq<@)|V&!nz%)~`js<6{bYICnj+ z-p{0Yu3PGo`ey@h1wKM#5?oh(kdqts5*t(>=M5y>AK)Eo6A!5qx;0iN)M_I?r)J&= z{oJ8tMU;5O*r`)O&TY614g(Uv*!05R+rH;c6LHR6G1G)X*O!MaU@jA#q4uklk_AG` zfH7Uv;v6?FkE?lNB4Dl_ivES`i3rVJpn07g7kUtkti6??Nh1v#kjR4ssNco#;S&Mu z>>}-al)+14VVIo-1qP|gM#hFM$c)5_LyCnGld`Vbw^}UshYLaiZTrc)QuZk5$_hT%#wXw0E&sjqK@PR^A&_7qzqk3BtFr5=7}3t}R^`lHGZ~FtmDc-iMxTDsp00NNARy?SSk5`e0K-1F)hssu zt9@aRlilP~T}efCL?c92F)?GqVL{tr9L3=+9&yFt!-CJhU&Yu2B)ILs|7hj-zm(>6~c)gMD&w+))(hA|&_dWhazkIN$ndTOE|K>zMMVN8GoKO$tn@DRa=pkwuQz=kz9rzB9&C|duME) z1|2C)9V>ZWR0nd^z}ADFOH8kywo?CkJ<$}`4aAS6Iu#U;Fz3}=rbop4o?$#W-_9d3CpY@(&0`W6xE+eMB;XQZM zc$X1dJL|uvyuW7w4$N*NrtqIa;xu4=L2$<|*}h-+qWb>Y3xq!*P+XgAklLYHoP6;XbaQGVoICzr>Vw?FIs}rDXzUEh^L7f^V``#PPGw(IR)Q(Cg`3r46FW0?=0I zcMxBT0`fL90+0~R$6ocqKR|*k4yz~1jnguq3UJ^|Xih#3u0IFMQof1{HX~_(9vS{# z!d_h+26@};B6=;ED~Up$lUa? z9AcIgbdcz@RS+B`oyop-!$0b+rK0>@*tvGFj6YRRaOw0r)?vDo79onW`_B(--g=$V z2vIssTB>GXA_v!%tiH$8mtJb^k`IjZ^Px&^i!$6TlufeTe3TLVJJiqK@fH>p^IlQ= z)9EEqRO(8-T+#r+`@UBcGdM8FbvcxLV`Qrm5UAXRrQ9_!$??L=dl<2)^Bi)U?|L2a zoe+MD`G5^KfOvw)ZD!Yx;n2Z~Co&l1$8V_oWe|K*AC{L2g>*=fiBfPQZ2=aEq3b;M zUE63?GB6yM_LGFSBIeRGhQkrv=@A+``=?`2{l@@8y3F17^o9Vz@;I{Vd9tDxILumH zef=k+ZqT26!#Y(DfouHl?ZrY8NR1Y5$UpvqC^Dso@xc6w==mEc;At1|cX1%;w}n9P zsRy@>rV>XTxD;tEvxY*6#*HmRQ5=5{jkQ0z{Wg!_BchB3Q<|5k0|wtpz4QU)-$jc8 z@!q>@%Uz%gro1-2MQN%aX|>RD}o< zGo(+2=Mm(T7oO8|jmW*{`hgX1uUc=9S*WJ{4%6fleZWv7FOzszSt+!0HURq@pT}3X zo~Q#wVZu!!(#Sq@iG>-+j!x%d+N@W27c>zI}x+nr$cW}(tN+x zoo=bwtX$Cj2|6&`AMAYL`Fa>z;WcSKbR3~J3B2e`-Br!z_&rTLlAm(5I9T~hL*q%? z$-aKc69-x9hf3GX{^M=M&CLAPdYdR5F>rh)f7?I{Ym1bLjb8=HYrj|^Sg!PR@G!@S z>2rA8q48-;0PWit`!8+8o-NYPc91>*8;WZjq_ndDxl&7pv~cU;37z2oUlUqOzHK}RPartxS&-YL zG}@%3B?g6rZaEx{(zkz7M>kz0 z*?)B7QV*Bj^BYVZyeU7@@lne^a!7OX)^WA*Rywj~F=V99e=BbK;bDW_tmSo6>NjQi zgA3r>fpsq`2*#;`=Znv=Uys*U-QuT zO?FSJVS>i%kMBDw%Lu48-&HGj`a!uR;NiTb>&!`*#bvi zu|uGg;gblkb)K;^w#MV|Y*0Kj0z?)bEc{{W8h|uSD~+KHdN}Z)kCzv|=MBiiHM4U% z_)4JtJTp9H(yQ}+_S80ud-riM=$vt2O%H)JmhRo>mqiaTdO>G^7e#UZJUQR{11i1W z%V~H#&;06oQWZg?GAkpq!vpu|YnvMQN+9l8;c?PHnxh)34(eYea8H)iT=xzp2+=JR6{fNES>CIE^0WD`xI&oz+srBA zLwE_zr;J?`>d+@0^xXdi>(x(Zj{i4>Le+(F?)bX^az>vl+Ety38E=x(XrBf9f03GvvRMZWX?X?waFfS z%3dm-8_YFC8EnmKh7pPNZ;%uzItsYyj!ulE8IpV(Tvd0_N*E2)^m=}+XK$RMvC$WS zKqq@qeVErNB2Zzkub%9ruXjbbcS5}pj4dznDssAfxsj5|M@#Vc;}~y~RK(+Ywo=ql zM>iaqZ9LMSJ!Pa8CM>ji99=SurkxG3_`?x83CUouen^8P-`de2RuN+}__)QlD&qLr zK}|buRkAY1d(u#my0uE}JZUd)8g4(kLrbZ*WE)1$i=l^dQKmtJa*k*j zzn$9X(CA8sG5=qv(@+15%*T=su#pF*ycL9)cVNX>kKBFH3#64voiRz3LGC2k6;N7P z@EN7;K9k){>$W6!kpSE@qTmqYVOTA{0=zYn_1g3(-P*@SM#}Rsrt8LJnNN2U-}p?N zDt&wbvLM$i{Rwt664F=Fy9_08I`6wqcq8`rcJkC>0u;O|?S%bcjJqC#$^9hrc{UNm>;8mOrlxtR2YZ3-kOnBVRmuPu>f-UI~<-Lt7~%{#|B(l`s+L-HklwrWNfDTiHJ_SGK{C3{yt)cjsk+1Kl> zGqA4bn$QM4eeDeJYdun>yv~^K%1T80e=h)8Q}J?(bjLU%A|B1ObG_XdDJktW|L`od z{ce~SX^PWWg33|mN8|ne{jL1?p4r3xkK<#F$DTivlUuYEwCQ8CNYgR|I2l>V8Qjav_IY;X>umg&UFr!pFIeN}?}VVCG|7rUyj2etBKQ^O zfck`U*I+A*;p{Fjp75JUykuOu-rAH55nv;iJ^sDdCD{JUW-|9YkjiB2ESdI?EvXzYge$Ddmc$St_j&NCM`{0=6C z+`Y}rkRVs~w65ytq!TR7Bi@YRSP~X2hw+c+J zeTtpXBs~t++^-GIm;3K7-Q8D~kDMeS5J&dQ(X%U^M3g4%JpS-Wwt0GzR%EPrLg}k) z;J^xy|8+&V1FsftrU6Hg;i~7cWHyE1y_Hp-2}kF0i(wP{1kt30;?9+~xY+R^^5%`$63K`cQ;SrNqSWqMwr9 z(nT*|OJe#w*m?Gyp^&7>cBvjPpV&HEZ$MrCi`mj)XyQA3Q~S}vE(ON>w@age_FE^c zW{JmmHog3Yto*L;!WoAA9bU5~L-0tO91U`*ST`pD9jxzn(VxJ0p$Pf3@<@hw1XNlE zcjJPKtc|rHz|895*j>+IYxdHAqYlLGQ8HX$X)@n%R5iz53QB3RuH>@<6LviRBb2vE zUnXqiRFgNZXSaaQpMi_$z6BxkkWW<9YHn!+?FB*t0;`f-%oF{Vfz&{&_b^oJE3?6c z-2V(M!V94a;GaTJ;*z%)umY)O%bHtxLZCj%_4w`yGpJa@do?0fT@}!+-+=PY#IsQr z<4+fm^<5{1d7B*>G-5L=b|XSIhS-Uc1Zw%Kr`?MEftq*%ZDHPA1!WwO1q~8t%S^zU z&`EByA0|U88hQ{Tn7vpNI9;?%eY}LVe4%!Fx^n$0q`$@EIC{HRJetDf1EopcNb1=Lk2Nb)OsMegFmvPzz(0 z5#zH7bu`eWhcEmGqp`}c)PYR+(@&MAnkb9xE3r0@6w_bEwDhfUk@^mL zQBALi#==rEN9Oe9+VWmH_P>YFhc%WLUONsZ7K>;7J3S7-T~P1l}< zh;WlqaowTG8rxb4_l>D_<+EzRb*;ux_BE|mW&J}AQZ{LkzT?2|?`XfezKWlwoZK$~ z)A%>cP_bzQk3W^+WwA%OOHF1PqP-e~z-7w(rB%z6xw*S{{jfz#vGW45T6$5MK0e2p zJjU;K@^P8w)aFhg z8reCMD0G9ma?vnyEg`Fx1^!>FV-@<}7J9*gh!|+vl7-1S4&dDixYx2J$=0614~YU) zn+!4MjKryVJVGp&BaYAx#Mb@xka#08c#mAbf=BeJU7cHXj;UKzv}anp`-}q#eSui3 zfNixZ(v0Ttg!QWyi`>NSj~Jq*(c5Zim?b(H*z=PS&$k%BH-Z<7;>kv+?|#^9zKXDd zEe>kroNrYY+PB&?)LpFER5^J+@PGS3zpx+a*Ew~r=qeQoAYaV_kmqoi=ZhnUZ{V>K zBgek7l$CZrZ|j(+&Xv-${#|uf*P~y5@hMFPVY++hEI(CQuS~b8BqHk1l!+8vg=M8K zeU`ia`NVDOT`@`PXJAIoglohZqfPFrE41V)q#je{RMM0@ohU6=B8_-Wz&9sp>7LPU zzluvM!3#?$t<5ia5IJ2vBc(c&_N;lc|G!{KuBH{yHRpH0*A zr#Xc0Zt=+wy1InGsiCSd&XmKV<$LSw+OpQ34~ka5npX3bQ)D1F_m6F3Z=heee zaVL@yY6T1J;iS7;nt2I<+k6|h`Fem4GH*IPR;wTQTd$zU-4*M=zj;W#Wh1_ zz}Ta4qpk~2PE0{F;iS5NU5lzcLf>Jm<+PH`t8=-ZeUAj7ZhxUb1mEXg(W%s<{P==Q zyu=r=g@#CZ=@-41scOClCb+_9w)^$8UZT+#2yX~K#S1H#H#zDV*N@_!p`&MzB9;l( z4LkhcioNrM#_QKN5K=cgTz_p9M4X+~_qc%xk~uTzZ{a8li(9sGZlBz9b06HFGoW5U zV|JlZqC<%lWV`{K2WvIdQ6d7>2&8$_dy&(O1Nrqj=BCk|yh0CwmQ`NjUhQNQ1i6qlaLln*$1Jm%ekMq(? z$_@jNY3JAVj0G+NT)ImsU$XT|>w;L1CZ9palyX*>DJ4xwQHqYc)s=G*dh9+mY+o{Q ze%o;$8irIiBz-HekJ|l?wY{A&R^b&@a{e?ti>&jgngm-vA^?#aLf~$vFy7V;_=eIpj}sUh|6`U*}Hfc^FEsGj6_`(tg+ z`v}>|t;JbA?KIpC8~?CQneh26wO>fE4B4L>jGMQRT=&2^@)K*`Q$VSd=o zYD=;_*8eV!cf`+zJs;$vbvfwQD=M0DmYkaUGrhDJ75ebyo2!0~(OQ>fuDw64w@!A4 z-YRat6}C+7+Ha}%=YkJ=veW-j4zbn^3vgNa>@l~q`ioXCPGq`P{~{v>%N-RMM2{o$ z#&;K9y7LVhus*fuL|UyZ)B$&oPEN864&wDKp^cSX;Azjf#k~(%qk#wC(YkcgI;|wi zkel|(#QqOWR~6J|*L4#J?oM&n;!vDmr9h!bu_DFY-AQnYQ;NH_#kFX0cPlQz-QD@~ zel!0?W-__Vv!A`slCyT%0pv0zt=dOeaGvMn>H77YghlxYh)j0wIrdA4XJwEQDmmfP z^Tp0}C1;P*<5)D~sqgka%-E@N_q=E>Fu1?k(v#fNYLuTgRa-ES3)~j@KJ>Be6E`K> zYttom;l*(iKU!yyC1H!qxwJa#22O$O%WzM7G**c6OLtZDE2o_jp3%AhgBC=IoyIhS z$Gr06V_3f?_T}mN0(Gsu3uSGf2(6bvCt;rTh#@_QdRA$(%AT_jCSQWZi2%6X41z?V z0slzaL^B~tR^p!Zg0$0vYLVRhwyIx6-=rgF5TB)iTHd9KVGcOtxaOSfNWc?6Ot|s~ zxHO$oXoXOfcTI9kzaAZo60yK3fjV5Le?k%~M$R7=cawcHn(!6lPp=6Pa@$E&BUN{! zfWeb_7pQc^yQQYF~653Fk zVlp@FK6+vpGdtT8N-;gIh$Xh}=4xN_MUdSPLkd~Ojr6AuMR~lV);rzH!}@P;i5Co zO|1Ve`c(u(?YU+g;~SDy3e--qNI3N|-ucT5SeEbLOeN|{44rtZdLD&*JPzCMV=4na z3C|2E54w|`6?Tg7(d}x!BUMpZUCnOqt(df+=X^k;TELG@HQ9fTP3#>=2pAu~@x)1@ zx$Dj5djG(Oc_b2)mk>ajd50snxSpu|WNbwX2_27NSf_rteUQPu(zbh@xPT1q3fB}Q z`G)4YH#{#~|Hzr(`e>e80!h7i&2UtEeAs-8A9NcSF?(dBt1k*$|8DX~`G+Ghg=5Qr zMqRDDGmY@k2U{EP)7oXa7`EFFd(>=SC-ESb*H}ma-uYIK{2m0V1vP6q9(|DH9h9Y;J>4D_vxpL3uWxn9F zUJhL@Aw~YdylW%SU|(@aa&Jlc74$CfETJm2#(74v33%@W=y!M0N8!*nUu>IeOqvn4 z7WH*rA)aMV5aBuGsyQw;Z6@ZrvoB#>$WtWF_<)Hdw(EAe9lQOIKQ?1S*+!2kQpl>6 zs&;Piw=eaxcyECDRQ=@p>&@fX_$QfHKg2Z4KtcOrB|Wy!cWfqi0r^^PT%@OM&g7IT zI4%kqn9V=Ndkx_H<4q``!OzYqtI#_ZH7-3m=i}5aZFO&5HkHSw52+9%@9an`Smkft z%th9OpE|8gXRP$s8}19q0vQLCH^FJ29Iyx4rQw~mn*S>;tT@doK+GX>CN>M>oPBDT zny&8VcK-3Q{Mn)5!e#cwjOw22T2O)_3XHkB1V4P=!^uX6v4c}AlgscaEePr2qdQOO ztIpNE%sw2b$-EeCwZ70}Jv`o1dyQ~=$=V*Q`UzW24)?1LfIE`nCdo>7*mqx(g8P)$ zFgwom+u9+BkHky2lQ=rY=}*YGE5~97!unWs{p`Z)j42plA7ApAQ6$R@M)E?J!em~e zRvMDw$M6iYcLuC~qhD<>cR9bl_UNDJxK zH~hA;3DusfiL~CgfXKZosE=xPS;prpxK*9LD>OP*bxi}=-A z|M@(9<>2#c%zZWR!y^%jK7J{+rGxY*Xv@^`Q%wsRl0?uC>xd$cBEMn_KG&0flv`bQ zgtel&g%3DV$dWI&p_&1EDnlO%rf>=@;iC0S0BQu-?}F{6YJdLO___3@!C*uS+#HB= z>H7?D4M&?;mQ%8Ilm2yH+Pky6%9=UNhHJU! z5x}#E(w!#}=U@{pc~ z|98t}(`fo01h;31Mu(vSibA2%cxykSQvc2Nsnh(KL;Keon{TF2slnONkAaKfu!Bv= zjA$?SgNxdoUS($&fpFu+wNdllub2CN{agF?P7&j5jQdAG^w)QQ3Crv;ry3wO-#mN4 zUV5o_B{ww<^(W$LOQHph9Qsr{p@c3?b3JI!kEx*x7@!si73y#%n(ydd#DG6&wtNWRdYbj*Eu zyM+@J->&{x=2!{t&}4RMJ#^}8Jg0E(9hE|dlN67ycV3)syic<7tBq?m60QA#UcIq= zq~|!!ryQv%kf_}{3(xKiK}X@vfwlOj@YFBE0q{156`>QIxKkK3zKz@a@GO&A&zSh~ z!oyDM6nRpM^UeEGXxO>2X;(z?NldQ$0_Q(=s!!$%+(=PiA`=OywV<_t^_m#fM7YdL z2_hF)7O5(MyzVF}{z;G^P+A~;pz`MMM@H*Guh`7PSYTTj)04a{d}G%DyG1Y&(WR4I z((SQ$KO4(H~^JnKu=Thv?X zkF)>@S`z^IEagNk1T96eh|4O{a(rm78<>wF<)(7F_in zY98u`>Xr>k;foEE0v>no{rpxwY1tLjN!PQ)eH78Y%uhr(3#G9oEqhn6QQjl88Tw5x z{nECfI-UKn$oBmOC=Ne_x-a&sJFN63P74CI^XZ|M@YZ~-ntOdJxRYY)CX&ABD-z`9 ztG0(B46(=IHJu`VolGw`;c2^_`_=U4Oh<dD z{|d2m7e@iFj4W|;-?u-o%VswQH_-94r6^ojRSW!AKoGwFZibLklB@iGj*4#)h%rHTfdcw}Mz(j#>BZKqvc2llFlI|65>X!$ zPsFqw>}hCo*Xm^8zTZ6)K(unHWc4Mc?Km6Zq@4f%J@DuvlfLXyH6lU#|^2 z+Z=<<_CX{(ugZn5fc~qonaNC7V%UV-$ZVV79)l)8!y?{;zz}2IW}$hc_-i$bsCexx z>=e=(W{T6mW)tS}R2^0+puNrZiYmrx#g~8aY!!3v_sswJ2W?4KtJfyxNVVj(HFUQqi2bD=y1K^yHfHtyh=V(lkPnLx);sLSj?b%9g0FMy3``Kj;U;~ zDACMC(IQ9reWGXGY@cnBDcXl}u63?I_B35MGR)7oTkup12b%vT=H>WSg?VES^~3j9 z<*d8zdF^MJ3l+YO(9xu{FUj|{HftT2CQ1as0e8ty3ndBYuv{j5 zMZg^1_(vbmjfhwdqinpvuitktmYCpi_N*6O%WxyEU}r?=*lPsJE#g;IuK@H|H+(gD zw7blxPkb9QTyr539RX_fFwATu*p8Z zCML%MqR{M45I}}ZO+3UgdAMqxdwf^!C5rc4oSM@F6|f?A^bvrJjMQk{P)Wl$y3V2Z zkN0iZa(E)T9)H+HXYvZNY@gYF$;=dfZthb)B->Ws_HLH;?MdpJC6fu}2DQa^CH)*g zP2?QL&(e~uOG8_DQ~rap+Gio{H=jC@^ZvllYUHcro--83^Z*FWn3=M^E_WZ!T%5tE zY()QvOXiQ18W0Ap@F}Ljh$}w+sxpc&Cj#hyL~y=zpEdYgi4&mV9ejHx=9zGj1y^J z0NwSE4Jp{ShfT?9WXCAol@Ev-Wd|+KU6q#$C!bF6gZ|`5d^3o>_sM;~h4P%`L*scb z(N9j?029b?Orm??7J^5@Z*vXQj%|D?U+Cv<+%}JMjVgZ}O!+2$<9RZd-VJr1L~pyZ zA{i&r^EC?^H~TDxTF9hq@{5Sw#}%243^a%?n*b~e$_gw>mZ8T|3n(@Mu=;YJk@9E-vwt|9+s3L!R>zFeEX?a5R zyRg6y`evJW39$@jOke3UtwwI>lDg)aN<55n_0DanmhmQ3hzESJ+J3#)ZgFhzi!V29 zm|tis9fbLMay8$o6vTXHl6MVWTHh5>2v}T^Exq`G+lacTtj8ItF|2*~u68FThw6)Z zd*}>@smlZpCfa1i59+QWM^R|btlT3RSDQy(?U!Li$8fil#hLNFW51$)m98=&dWkWy zsS4bJB%C#y(IY!SxFGB`tt=z?M1-K7FUsAkE?NSM)i}3UF}r?gw6~6(OZ-D0$SqFM zWoYvVHyn_*+Ppg1y;Pk?fHB3UaO5PPz*3s8ej%+dB$T5vZR1MpUDx1OK`^V*ef!?q zpMFmgmryTd@o@cDn|KoL%o0e1o5RXF!NN~>tV)DxFQR_2xz5kMv%9j;cH2=NPyzod zw=>z?^0_hh_5KAHZq_4U*PAK@;itW;&ATO0&Hp(EUeW$nKo49(vY^pYj-x`irV(i#)qp&wTz&47mkjBA+WQFS zJ4(K9$xS6|WzkYy7EwQ70yR_U2&K{X)HO9zxT6R3m!S7}qHL`n9fnG7Rtz+!IHLU;xHaf6 z+@qNSy8D0jMSivXoguildfgtfs9lbEU9y;eN{%_udWGAfXpr1kbcTIH_*+K&e#1zc z>X?Y5=vIpZD;Z?_1-ERyT#_g$3|n1Mk`6Vvj7Zu+RY1$i+b;{2Y+kf-UzE$P_qPaS zkd2&>61x_Dmk;|lK1h5SJn|lF#x(+anxM!3aB8l1ClloK>SyOkkgj(Z>~Gud)kU3t z@*op@hmtB1+xmJJiUag-$fgjwE|%A(Vz)eSEPa*;#Yvj3#iZ_fk6sV2*PXeS{Z!Ud4 zJc%CJ2_ZveO6e&H0P2+(+@|REbFZD(Q)^xgQHhmJapOZAyAXdaZz9-P_Kz!)poZq` zzP%Ik1e7oNT7j;8mmuU{7%}XztvS}`&7hH{$n2ML{i!_WL}bIxWTkvy%~u*+d^yA| zI*txT)#2r6PMiyym@wlxj@-D6o7QDN#HwDSEz!BUJB< zS^Z@(?chhsmGI9EkZ9P}w-pC|jySM!@qV7vk$FAj^>fV2)hMaoJ1J-HVkC!PU6-u> zJ|!=C_u$S`m%V$Z_%ZI5(7K5m;T@@Q_U}?73j@XgYf@A<+TVC3I;R&A)EALIxD=bM zhDENO%B|Z=OUW9zuUL38lnQ0(f~1Ny9A^ylAXtAE?p%%LN|gJuUvy0?ouJvgZ$%Xq zXz_7!-85H*s5o&}G#mEHtO(iJ?xm&PS7{#nQw+YAOC?&TX%9j4qrNZ&@X|dbsFO+4 zM)$;Z5s&uTBy@-MF?tDR2PT^#4bzU7!?~O!mlGM5RKX;-z!#D!0|a499n--6yk1xQZ?7M`yrXzgQ;Vf#5Ig+iz-)@Ma=U8F%yGBj|TUs z00{6Cjzxy{TmxxLK$thq@)`2i5Yy^Ux0-sW^A6V;rVFG%`l!Z1#=9u!5Vei4i<)vF zBV5ZOfqAN|{MCKOc(8}X--byZ(*bXfPjq2$GvOD6R zd&krBTXKi;uZQ&X*!8rBu1|O&fcAWKT8-Iahk%*CPpR5nW zG-SJZ+~;k}f@M7(r-`5A1=e${H6ijUcQO{TWJW%I ztgjd6snn)4B!!{_PmkS;^7pbO^@BvikL&8yC&&xnJC-25BdN59Ef80XS zieQB?nrgiEz#dNhMRV3&122SW=xTUD`9W=HNC$ppB?d9fh2!P@77o1M)QM0acI0VJ zXHp`N#RzAM@}#1cUH@>o>(J9N_sq^ha&MV%P{tW2`}#!=~-A zoI8rDhnN+a+C;@RnZNzltnGCQQJb~NmAuNoYaiKwQs=gT1s|K_l774`-<)+UwX@{` zev5%>V#ST=D3^5UlVmH*c?&4v4E@SHqYT-*Kh!=rZm|0y zZqq>8`t079Ef=xEP@}BUn+2&#-W8e8Vty&~mSyfWr^eP$!5w51@6o0ON6Gy0!!Jw9 zpm&^zzwV-z`cv`^D^joQYAfnAQgP-~vAIR-&*4sq6A3G=q1zZ_qHQ$idkASvIG!9R zSRKtSspJ)>)o4?swaz1Pm9a|mg!pW@!bitrRz~g{KTC3R+36LOtw_V_K~#50{$qPQ zpk4L1oG}JE`3jYmt%R2M#TU(q6Y=ldLl3GPb3~8M5^H9Q>@(D9(Eti;o3JD?*Yqr8mMonpWF1 zkbEI5JiRd5EK(Aq@7R?l&$~!Q@MnA*@GEHYd=W)jb^?dPY@7;?zVLNbmD^|5!+zt6 z(y#sS(BIZfLsg}3@}6xDTZz_TP{e^oyje?e7MOnrpI8%q7Eo{dl1U)bs5Pn`d1YEO z&`O?p!dTUOB~De|gU?Mw!JuC1 zJ4)lSx|M-Iiuzj(KWRLPJXK9<^!7pSI|H0_uu{TbPb33*H^L{>5{>tE8Y^Ya-aY7s zffud;DAx^B2LG@aTZ#pA+fW4$d|?!zU=WZadj79MvyC9ARqx$^$?H$27D+W6^ukkp3Hs zlqA@>K)m5{asjcu-Qtkv`6dfV^rquFV2%K748xktGg>S|k4YT=8C=k|ZD_coILJ-w z<=*!zv&ItgSZVzwvg?1-Gtr3)(;=`e?{3Of z`vfnHN!P{6MWsOd&3dS?5xza{p4xj*3^yHRqU2l=O@w;2+O2~@IfV49ja%KiAu#nHyXOs zuW$2L{>AiC(s#j*iRFHZ!uOdVSI^?2A_q4r2h-xxG>>Le$%O>5$T8a31GMdt+R~K? zL!Jo38q{&I6S!oy!WktPIO$Cg8gHu95hY0>Ju^F~JOd-;<`vo`VR$@R@S8a(b0M~=WDP13%$`%cWqqkrhv#HM z{>~kA}4Y6Vpl_|7w8Y#cp-hQ-;p;%YYd$6^jo2Hv+KA-UGCF7bv(<52hld)zK)0 z?eL?N@$;bPFOo`6ONYh8&gPJ#%ZJh^ZdI*hm@Y>vxv(ca7=zTxN^JnPN8nE0MS^=oj4`?X^L`K*gT6yO|KdB#t$_LL5RM`5pn1 zW9Uy(HeJ+HOV?bG)O@@YwY12)Q>}R?!}gbui=B^z`d;n~8>8umkN_?Vg{*{RmXZS6QQou@pMl1P;>*~fNVNBMX-HW6?}|-Y_4+JOR@_& z`Ux`QBLk#^{{uJSzNy8i$RB@WV4N7}cgwJ2)%Wot#B!_&6UF|h+W4GRqnX!tc%UOE z3G)-V`A28{#&D+km1HI%UoMZO(?^bnzz=;60fc#ytvLuO+Xq^@t$oqtF4VQ08YcJd ziAI<2LxmpqV@5O=)nNf!?mxGt6e7eOwCl*&MZMJQtdkz+KMXn zMOXKN!(Ec)Z&8uV16brGr1qz=#8CNZ@zhOFW8(AGf3f9jxvG_JN7;A={vKi{5?D3q zHQXbTQe$v?k8xmwfJZSK9D`(EPY<%=hS2JCUyPonMo4|gs|>_6$Gx<1XhPWPD(#5x$jfHbbnxWC z(1p$SwK|=dFtieO|IJl<7P5+Y3$7&bEqhF3gif_#pd?jVcweQ4!!K8wGhRYVsKobf zH^$2Z;;@D`d$1|*+-4QE`n|}Pbf4ZsUaSOnL!`w3jR#W4mvG_uRyH)~XRb^wrg zTT$q1&xjF-Et~u?sIR%V(q?(_Ro&ru7Gr^85&$SIF^L+m`-vp^ASbDZbPK>~uy$gi zVfd$@bLI=R-3h-NwE z3G{kaT>!CcPHx=sL(T1vGM@Ouh(I%|!FzW~<9``IP50l5q>LKD!@uP)_8O(#t)xGM z4$$e`p|Vp+f90ZG-up^z+(5Fj-8Z3Gm`_)L;lZp|qE4a{r#LD=p0lT2 z*yGXok?18}HvtR@d=}&Dn}&3gRs8G5WWE@wv|CEx5nLYL=rY-ACUw>Gd{%a75Anze z7~;*%J+7c|=|^a**?B;Wc5$^8>Vbt0i4J#B*b3fAkg4p6{9E6Isix`uA&gX|Zwfwb##YxktzA}wjgHUeL#c$i4xJ_XOW(>i8 z%(fKI6nM0)06bQg@ww0_X=gJN&+|NQMJH!fYOpycHO`C+0C(v7H2v}-kx-ZZo$<2f zML$58OG!4}w>l0UvDFhH1DKGYjcDlt7~qrt=%)OO`zfC;Sqqs!Jp>V85N{HxjPcG+kR%G4M_LShpH{Cl(ftkilZIE@(D z;ciF1N)VK7JgA58x5P;P$`9G^Dmdqx;lHYP8EU|Z<`KZa2yWF^YJX~vLLbMaMB$0d z)YBP$q~&A?BFoPz?SyqLnyXsI3uRus$9T$4oTa!ul=wFh0RvwHz;&5tw|DW`sz-;l z)rVkv3Pd)@F7M|%j82P`a1EY~&w z?B&0(xwgbAyGEh#v)p5^@-lMFG~!ETMElkZIq15qWZK&;sx!smn;@(=;cMqB@IK7! z8Ap@i(m3M!XCUr4=H7NuqY7>C>io!ZGilV>4mV=1ITrAc)Z>;wxw%W++BNrOD{GL( z3Jt+bWi6vnFA1i26=!0L{}j(Si6gvl96r+hl(!uU-jY~`EQV63Hzl_puG@25y=xK^ zVp@$Gy9U$bfKhDHI6>@Vk0_4@0eV~Q zzSQv_560i@ZGU%yE`_cwVKBL_88Qn7$Yu1P-!~MD{MXmwiO2GLj9ZxXm;i-eNdQJe zLSJQhhqenKEFG+*PXxd5IhnBAD)WdXjsMNFC(|dxhPz2Kku-jLM}LdOuOdeEyLWv0 zg2Q8==5o@@3*Is)@?@@6WA%3c(DY>nJ-&a~GNpOoIA3sIuG=^DGS0%c zN*}?ujv}vDJaKy>;Xu?*k+^Vc`o4>*w9}m512A~9^8Gf7$jUPXEWLlxQ?8=ywc*VP z#Dt0j`JnLwszlZ!VsP`djo8VC%a6gj1g|4M-*0T;^^=yI zp`!qB=hNEaLo!s;f%*fbzhKVNsI?s8NL#x26VY2l;u!yU`lGQw>42G1wGxRBhhmX5 zW`bliiFMGOcL?ZiKj_g@xpEtT7&{#bo!nDOSn$&T>GAqkWv56(m;OvZLq@*}%TBak zBVyEDL##0w@K?ho%%Srh01WQWE{P^YtFxsSs)M$QHqrIcK+w6(CX@S+=w-;d$cUVz zML)frO(hPyuzal=FOO!=<>N<$vt)=$F6QW|TZ&oq{{)-D z-$wW)D)mV4SHht{)Jr_Z8;)huNs5-|DpOQQgyELsisHXF1b6z1&83_cvBHUH=JdaV zw<4bm#FG8z%GZ@?b*^)mg$nh!Fl|F2wiU0L`;An0O3Tk4yD09NH8tRG2EI@iRjh&IihzhEERtNO%dr)XdQn-y8%KZw1tvCEUp0%%o` z-#ibmoB(l$8N+_!q)Nss$jaV+!;i&B|BOvFsw#SplYp{}zgCWx$=R)hfKU>iX!;Ej z5z;*q_+#Ctm4yz+OSC!g2-)S>wz0kSTYrFW@WMSsTY;KpnTYWP2ttqdeis_^m$pzaq;5ye>oVRWs@T5Y zU%nFOOSy>#nLa0@p~JgIF`ahqE3X79uA0b!u5z{mp9bbB0{AZb&+9DEA$fQPU_q3S z0JQ^(tfb4_Ncpms%;tL=a>0u|e4i#HOT@kJo)(U4BHGX5|7P3E{%Vg3BKu)Q+_0g% zZ|Bk`eNzIV)EVLIWfKJU=|ZN5`kB(%)t#5>59(nT2nP{I8)=m~rn+hd@|Q%XVjL8B z=(?o)K$)5N9riTuvIcUG_p-`DvyX}{nR_YMR0W2(cyiTWi&qh4Lrmo=0U_>YIv+}e z145_$kPwtlMM-2~l_;2(MaA-m>}lsF&(zhA5G&)cXtimOZ&t#1=Pt4V~!dhC@fJ zd+;_wGDasd>%Ql+*C(D{NdJj^>D?)^OV@jlxVJveTIG6J|H-_TH-tRuU5(`LzaYZr z3*`d02Kyh{XLYv`vF!`)nkW>Hs&5P91oQ*CRj~kc zaMvS_okg{KVh$F?dLWnq?@ZPH_=Qri>u^6 z4GyoMMoNEw9W6EfQnn(%UYrV?n8%#>K2RIW=wWxtID}i3j__^gTbq3;ZF~i*QLOoG zWSe1&wwNmoK_bl;-ggA}e|6J!HY7;sU{Be*ibs}uXQd)jY!8XeOtY_}7WmJ)LUeZ- zAMXV7kkJpgd5K==(AFKbSHMPzhdI$_C@gp47q`NY%`db%jEpT{{-nfXwkHy#1P`JY z6iQ{5O70p^NxAvOA>Wy-_T8z)7mU^?M!wKBSJs8i)xk`1@voEv6)i4|s-=gSuCjXA zb&oz*^BJ~K4)xu_?u$3sN^Oug12x1WwKn`#0zE5fj zAaHHap=IKA@sU3CerQ8XiP&(6YHD1mBe<*1^mKQS!6Bu@MWgsq8<5jyJ8OEVo&Wb; zLd`Y1+Ug_D@$B0jWz1OV?Gv8ci`*5jL0LqA><7g8H$eEe9zKM{B~svdK9I(rzT?5U zMou!J%Ly89_ER*P;-^|N$~438pLei#KT)g&5RiBIGzb#XfivH2;UhgihJ1m^rrMSa zh|2>65dvt)o=`_)j&|rBbtIz3PX_V{M9;so3CSu-x8F6bL}N-Cg_ykkTc9w5iE2#@ zj5nM7qk##u!bO=3lYFNXs85Qh74u_&CgQqHx9hDH2Lt|fH7J11mEp4W$7@A_zv7CH!=5R~l!%Z9YGz5pMn zBnLA3vjFZh`mG0#@}i#-_Y5HH$D;I(eu-bCw?DJ)-z@UK)EqZISar#nUP}`byHHBz z#vWFP(SKK+L@7)=1=})~3dFPkikgFp*^>p8ReSl#4H_~j!2~65W6$DJ zPIE>TU;le8C#`0@gR!yG;uQ>_zQ0tR&bPw;1b-n}3rE954foEJSM*0hCs7XQczL5i zC2;fWvz2yBa;Urydgu3wU(Q~)yj@`EUe21t?n_Mj5biC|@TMsQDE>e*iV#@&bu3p^ z;4&m)EArzYRpi=?l(wr+_(?*q!p|%OnkKry_<#ne+aaQ4p`0XBD1vfOa?>ao@Kw9x z7lOy5@W@N=M0HjlyJUdmZpA|0yz#9B$s%g#Em3E-aq6v!IRh3=^Q5F(r({Z)P-}=I z5~21%rl2dkW18@53*nlC&UU6)=(m56?ZU0yQ(GZZXRP*xl@EV60;}bVEIR7FyCSO6 z7x@?$7J-wg-VX~S{2qiVI2@@)b~E%%P_1GhzunwHB-8Nm~xE62E`O744@clYZVb$caIKFincSXrV_X z971~?H@x>9+P;71ybsOveg62@tYOp9gyRC`?Dhq-WO+mkl!2V3boz#C(UXIBzw|up z-<9>vqYJU3xF_ZIhV zNcIytiWf1UGtvQZA9B{DJT;tAZf?}Pfig`^_ z&L9t|U{P3E%v+tHzz3fEAJ6hQkTHVgw~To?h?u$*R{A7e6`O0xG#jb-*axKFF1Xvu ze!`|i-svr&?EnjwoYb--j(Py{3fv$S&T{j`h8era>wt`5%!zJPt_l4xz*Zk2_oRyz zrfi~efsrp0WuEQ#PtDT2($wiHM>5GsU^~xzYTcCopdeL7oj{@;@f}|%I3t&4!b|`2 zonDgz<|d-RGA9W3yo-i?G&{Tsh|t_R)rpxa8dDt|ZBIcyy1Z2mJL-}kpSwU){c|gI zbltP@b3C)#Kl9}F5)>q0&OC7&t4#-UfFI5VOt8zAhQcLtWl$bkt6~jDP0g(}?*HqY zLJU#=J)biMQv}IiJevOVkoZirw*=_prd1gs(-Bs~Y)e|EKB{iyX485^8E$%tGI*QGpX7LWq+``OZI)WYSVGB1HdC8coM*Y2DN$mrM>#jTw2_o?*)?&== zpQiXv9)x-{CwI$qVuk*2T^5<;?(Bp;A}*Vy96}2FAXr(h0x`odY#ywdhC`fBZE$}4 zEnICi-j$^Les3><1o}K+%27#6{%7$Lqq8i?ucFD0%~su-NXT4F(AdfSIeb0;#truR z^XIX1S?VO9(y)hL#*(5cuZsOSTz{B)a;jW!8 zmh)UdJ$GF|9XkD*5Va$FReQ)af=KEH%%?32kDD$oLmwTI6tqa~j_gNd*PL3zhv0*O zj>BT|EhHbh^&r^5OE2<%4Sw_YIPfEbU3Pn@Ou%;ytf60eI3(I(jNn%FL4(=L?#`am zCgD+lm9R`lp>Q;i;PAPgsUTP2yFy;48|bCp_A_qh0{&wOM)Cf@4&hTe#+MH^tmF&0 z&l7$v&;KOz;qA@8i~2jpZ9_MlZM>9cLOyKNL~TnyCky{k_g*giv7h~-A+B$_c}!=f zH@Y%NA75N0=YdlW&@D3IIgFeP2&^zzc-%J3_?b&NnT%Nat`_&q^I&Xs{JHC3&voor z<`Jwlc{_R_&$CsNjC~*XwEiEDMfD$#RV**Um`m|KYfzPbq>bfiwGFE>uD!_lt3EGN zhcbbXVVuU3As6Tn3Pv6`GUL5{=md==7*ip4m4urfHzWOZ=P{L$%B}$KHsVcty_Wh~ z*V+h=V+4;;-sIYy5!rnc_`n3`0+NXV`*SGJc{xd5xL3lRK364mti>k5!w+CQ_)q&9 z`P^|9m76C9`rLZ8sB9{+hTctI`EYNU-=xI1)J4X&6q#p;^ggN3?aVfi#ux@)J!zJocJV#7s+{!%=@Mqa)z zuph>~$9TQG&7IrPjDDu;7~RZ9k4_ali`YX5;<&!rR@*T<|)jU;9; znjj&3#b4D>cUb2_WS8sdL4t^o#}8rJS8VLj$p0FXTVXoB5wCEccXc$>k;@_#lb2jo zpHnVGdYPHfLd6GKIz;ev#PK(E^NNNKs62VsKk(SZ{E+FL;%rqFCJ3yYxcgWDk0^8U zulZ4LKGzq=&uu+c2UR*igj2tOLanz>EX(#7D|9@K9l{RfoJ5be0~|0l{hTt3o1Zv@0QovFMVhbflPLEyfzNVsn-WNo;Z+Qmx2 zvQYEs)mz1<%&^nEd8`SlrO^`+$L2jQ))v<%-aICxxgA>Bm1)0n9cST$M{ir|MZ_Js z~`U1({JfPOWCiKA|eUKxjZJvM^iPQnqH)}{8;X_$6KV3E50z165C-`)F z5puKgoh}DZ8dn|O8b*RQmp=OgZtICuu7d?9r3pz}LE%g=I1r=M`k%9NZrqA*<2}IX9*e0>vo~s@E~=yc z@^WvLK91cWh`{QtKBRocd+XYU3WIEKP!3rVy8w}97e0u;vNUJ~8-1YF48&<7xSyDx z9~eB5V9->eCCPh^H-NKH?Mpb{LLuCp4&WY=m-qm4i0C>__2m<7{TV!Q>a~!aRsReh zM$5`!*S$x==0&h}>EXMoQQI>p+7f&f~cE*fqI!mSXc?fSZ1O^tR+zH9c%^ zNB9oobjPvH-*Y+rr;^`P(=M%3c_tbss5{g+E6~H66x6(rR-Ae?1X*4G(?O&D)5=A; zivJ-+bd90T&$69~h=dBB(M~9%zAX77Z}ua6?o*33OR4VOTd{oG>}}9w{)9vzG>v*m zvnIFRp7q)lBL4V+>XSuahl<0mxxsFC> zq`--xLmN|LO3O9Lwr*K!vf0N1=~3ag4+NhL?-nJboeW75yNoM{f*QaALhn}pT95&t z4Ok!ks!h6uLxxzrNJcHLz&TsJw5If@1!V#uPaj^KdfK}`eX9jH&+iXf@ONCXZrSU6 z6iz64zEo5(()fj!5P1ZP-Q}7x3d3C%z2oO(XSek_Q_7N7xTanXQp@@9%gJ@O-KmxJ zMLED1eVmK>BJ2mIbXC=OLi8R_z4g#>WZXoXetl6-x^&gQx$MN)*2y+cF*7h3 z{6E1{C6#?s=GvkTQ||oqB-qR}getT+-1N1Ra;IMpseim;BXRHWXas6{>8(!`{o{M2 zBSW}9iQTf6b;OXwvB3ypk5;hjj>dWNb)!ITZdrUnFFFolB<+1b;@C{3_8E_)AWnAh z<(rJk3of+x#;K1cNF+Tzam8{djl9M4IU|1*WYKg~MtcaM$vEXW{l)JmbTLDeKz{tA ztb4~1pEL*fqp9&D{N)wSc1=>Kbycrq)LWh_RByVT2)1u!utUMtTlWp`lR>7iN(1-T zj6T)Bdqiz0i#ngmr`No7C0V$4wH{S0l9;Fx^`$ZtoJ`IE2 zx4AL6Z+*s%Q_q_%5MmLFY z*6*KPSBbs{q7D%y^@IK$h#nBg+@i8!1`S$U0{dvG}5RbB_-V;-5pX3NJ)2h_q)&U|9Ox0XbM zq}C`0hTd6&;yn9+a7Wa0%rS?M$ml7v=OkjjC_`!{d~lBXH5p^s`)r=9|t{UB4KNI}UKy z+4ho_87a6Ndb52dGIE=jx6|nB!HwbOdQwGDKZQzhBadg?%SvPQ)y7p)nF?&;h%LF< z3sg4?$8nsz3DLB&u1x1}yTGifEQZXI+{KA@#D1Lj2&5e+dq9Z&NAY6&D^ee}jh}vU zjc-$@DZ{~Nz~|x!y{@P= z@ABKeQ*T~!ZC3)>@oC5-jg61Cc7Uv5(mhSlX)Fc=FVsD zdA3$ljpO)_X{2F%fVIhUD|X8Zw+v0-)`!~fc;TMfkjiB2RdwNYLS2rz zKWdw`XPVE@Po&{=>M8hiN0TNV-7?epYGy~p`&#~6aW!CNM4xHL)`Ek(`IjY1zu*|Z zy#xJ@c<0Tt3Qm(?)ajNTGjxU}VUvP&bQP`+xN+xKg@r(>>8Vfc`LeA)DzVXNzV~r> zvo=G%Z=>UEq6yF9?(y5A;kvkZP=)9MRE)p=phW+|enX#`8W|{a=J8fiTjsQ@lTu!D zJ9_$P$_q)-Z}`=9Cc#JiGnR%J6w6ZoGYut~ZOs$FgY$ryx~D<;ZpmN5wHiSt-Y<)+gO zK+LQhn+0p*KAO?5R>8nU#7f^hTB1lj{{942SI%^ zHPmRG+1iOOE}xZs@Cw;q=zbb`(d=w%4?jt>Cl|v-C5H6jru2qwa{m@+A6GbetWEM% zM91#9vY+GjSyqY08A$eV7PS|=?=A;VrQg$eGoATm-9*Ey$H8=YgifxEKkB3H_rf+L z31%?Va&kBdoH{TlU4~7+T0=bu_Km=ifIGmEh}}4C;uYN?e1uNf%fmekr!hUfJUfj5 zV<^rX|LQ=zwbiv$A#}11Uy)eUWVj1sbZnzs9?~(6R5ve40J_4`I$<7At22Y>Cl z(2<3frdQw`i%%=j67cPyH|mg?ATp5)l@3h<7#Bb<`C&0ZHzSa5M$Dj+?Es$rH{i%; z8PhG1!*LC5G4!+Q$!_yIwL7?!*&}$IE!lVcKz6vaealSPTpmW%DOE-uI8uhZ zE5+Tq9zsGhaS>Q_y`M_HH-j^aq8c1TT(UlM(VRWRd5}`vH8QuI~?em}5dkhNfGeho@&-h_~yB>1`1%Z_?s?F<$ zB@VfE23m5hZiG+A@6hGc{3%}csRpJ7K9o1R3=y0Qk;6B??XV^7%;>z549HQD1azKM zqdmw4dJKIXpRw9K{OYo9ICaC&Pf`6`CUXDMl5!KGYqf>J9Refx{n9ZH*-#PT59fvC zFObomimM^=o-6p&2gnh4PcOv;(3D|gG!SCiI5=3%C0iD=v6RjIAqnlEkghN}#lhu` zywhc|MGJXs|L+#K*-b}cVuTrdEx~e{kfSc&6DwxEpYVX+(cQQOXdycl<~Yna{qb-D z1S0;lp{s0ZHQAEIY=IX{M3$#dDTtn5I`+-u=(1+Hmv;~!eMbL0Ye#`uTA)V9#|`$n z-T4b0qEqS7C_NhpV~k%oHOE1h?#2|#jOjr8stqb4Q8h9@mS~SZPQw0`v)n@qHh3&f z)%$I=oJHgHomDJT(jVkiGZNyc_-Gm9n1@MRk5D~61|gKgl3j|EOvPk1p_3smLS9n+r0O{diDJ=AD(m{;!YbVB#ja&5#WoiS1z1wRan;-=U;F7QsA?OA z0;ghFcA{wdUV5e{iG~3v@w=J7MT0IiTk#}m@;29al>Q!Ka1yb9Lor}y8{XuAP3bw{9L$q z7xcrlumKNwVvc@g^g-PZS{{J%UjJU;k9<-cZ4^laZi;%1A#E9b*|sRMXB&pZWsfm1 zf)bbmdXs+a#|cbD0ZO1so0;INAeio91k@NR&>VAxcAgOEiQ|)IfwXE8W*;1KY@+;R zESWZ~h3Xb#U#hQ=x4+8D8(Cg;2RB8xU(9IPLSbUmd?zpr=a#$gVyhQp_uT6#O*5m3RV7jE#f67MLSB1)o|iW*c9V66iMe*QLRE6aL&S}p!d*E z>HcZ@^SwKF<15AG*EIcX>?_Atg1?25_ewMa#F#STJ4AYwXEfR=Rn~I55;YjILT3g%%pmGKo$aNU0WHvUljdrwS6y5 zrF9>I%IBRALN}QGV6ngr*y1_zS86=~k6;i}r!Fuajx*-Ut%gwrs}Orl-)<0&)G%OE zPspaPnMt3_qkksg@2*ikhganClGC?w13L1OQV-zLFNA8wD6`X~x(Y3XYHbA7lpqoS zt=~glQunzf<~B|+E8pXLEaGWSA^(z(-yor%;R?j$1sxfszZ7+vb)9y?K&`Pf)6b>d zPF9A)*nrN!J{6>FtET-;n(nRX3pn)VyoGYHlZe73tf}>9qB2*7-@Ri=Uuia!*2;_! z?PLh}PyKvyZ{7x8DVgWkAbC0sXgpG;dbvp#z#XS3^pE*M6V-xK3p^{3G%sGOWv#Ny~ACa=F{QytHcQ!UC@xrMyq1j$LI1 zqS}uP;L6LgfRGTw>&8+r^uh`r5q4Z+*eQ}JIYI7v@Ze)EZe--YfV9@QQmnojCC%W&lGBvI|cSGlll*L}Ny7jhEp$ zZb#6OjRBs@-haSsQD1l-r;iySg{?J-wfNL;#k^|uArBLvUNgIc1hACDdv&dur7w0ZO?s^(#sQ;ml_8r-iMg3FZ!}j?ZPb-FxTrTzLBGYOj zz!iDVDEc<}+3C@8#li{_@Zz(4wWn_%LA^fYx#Y3YLI11j7x$v+WRSLx|A{^krHPG| z3^!$D?c}g83f*JvL(F7QGx&bYlHB{8JhdLkG((l;iiT%F%d}UBGC!c5Kg~|^edYUy z8$KT+zlO+S59>CZIHs8gdw@EsB%bXowZ2`Y9_)!-J>#_a@_iqw$wVV6K7J%Y@$NMa z*KB$;@LN?9=|`@}IDEc)jd~o6s-0jfM(kK-u7{;Z!A`!GaIYCJ~)J8aL54mf|r zPg);hn0c)zKcipBTW%|r<@j}Q!S|b8_+w7z-Ea0=Xj3Qb=e^&IUxudYyW+7*GR~3Or&%3o4E>LWrK;v`mW4;_A706AjG$JF6ga;eU5d1c z6HU-R<{@wam(b$^Hfdim1%V2W1z_%g3Dj4wmk-pkm=INkUu^PV?$5-l1ZkrA@+D*Y ze6z#$RaDuR8N~LR;g*GUj~>O!x%$EO$^W;}JB=g8!GB8LcBMJ^wKBRtK!c?H<6-|x zi0G<>k{Drp+=g4`QSbq}Z?6b23F$Mh9>iLGz_ysYc$gO~G9yuGT~v;lPzu~@_akyb zmydLVYnTTiWW3}-Z77Yq8=Po;gbaAkD*Upb8pxd|<3kdl=8p2DOs$K(~c#~a2lmapmn=vq6ZZc*~J8W*BlzfH1~FB%vOoZ>^#+y`%f|vt6?sy|mPvVpJjMmtzq)a#+ zA2A`{myejTk;ww;FBl88f&^9>6Iloh4G;_(X6>xlhUz#Iana1939sV{6&H?v zocf)#FIFB0!u{bKhV>sOSw|8@UgGbyFP4{B>aw~d2sb_Aa^X|Hy`M)iBjxg(K1<1LKYJ#9;Hg8t^UsTUaVagrrjI5s zs%8Zc>k34vz>X{`Qank7MW`iLz2d z88X+(f6es|li(sAOqA&DtJuT`3a=(XWkws*`bY$aUaywYl_zg$${A{ef6RxaHB-dd zxdMD7vK)frB0j94lC1IIxF)LrrmHx~I6Zo7qGYra%zP`jxe`;S_)j?n7pyxgK0zJ_ zWicuq!rM5VeHk}2n2u~);2S0ub|hbW65{`23^G7+p={F!lTU(~m;a=#HmLV!S5m6~ zd}dKCU|-Lld^V^zQRe@@c10m`&`WT82Xv56p{bpg!}5m{e=&T+m&QCphtZez0pi(K zy8NC&CfDR+YAto+Qrj%SQR_HAICBH365NLa6|va;d@tG=8dW9F3mG>n8GeD$L&&!R z_GHapJK7O`f0gKCCcb5Ljm2CjK;Ejj!n?;U%4<^p1Llod2hw~k-;%4Kr`%gi0nA3? zTe%uyck`f0q${wrxBptpyZjeJ_C|(FQ2Vc>i1`N^KC)MgtIy(N`UM9x_hmu@X?e&V zg#Yb~T7<*Q3sYb@KbIf_Th}ss&mIfcZ-RdBA#>=jiCr>0eEd1a*Rm){Iku?mw0%Sj zciErbW!%wc&1=ywm+fs=f2QZ87bd?hWzNXDTWYX3B>J(5w2CJ3gXw|-1LCSE;-Ux< zjI!!)JIJwG>wJg84_`PD`_N}<;6>dKZ1z$18HWi;X3dq+Y@(oruJ;H(<|RCtP2z?3 zmK6iYe_wXFcA zo7+%$Y$EY(T-r?7U-xV19nuf#I0g|7Jq|nXddRvdy8FMc6JKH1p{90LwCkq!JL;Z~}MH9NDC1kPH&xkD0H=t(FhN4=!f^ku7Ck5FB7}{P+#B@)Y%8MB2&S!id8+aiNv)+XhmmK)l#pZ& z<1O^6=^>74g;x1oW{>O;lnO&V0kr@n6FkK8 zeiR1m(a(F`!7eWaRnIuyo>;=ZRRc3v(ZGxa`rpZnZ_xz+Taa|xQApvtDu;x~j-{~F zsi19A2FJI8Z?Txa5fsEn=`viC?@yq9AasQiC4=I8WirPuNG-$_%a34YP#{pme2vme zT5V%^D}GJY?4KXX3#89Q4t;N|Zf2hyat+6KrSq8@!Tfs@5?NDLz=qkmaM!>P5 zNn7LfTPb%s)Q)AR7JT6GLI^NC!4Eh)qDs0A!#Nz9eQmDEx6#>`a(Eu8AjUEbaweH3 zPtpU1;9D$&?MgEm*R(^4CQ>e=ehxJ7q8>IxwM}cviRhkh539e+zOPJKyRV5#L~lyo z!VXyyy)wCP&^~#6F0^^xz=NK>RY{*}Ays8Qs2R@qR|86wy~seex~L=~jU+$s;+mJk z{<_^f-8rI{-38%9aV%5uA$?$lt~wBE713_7La2(uO4A>~Nl@zHj}neCvvd zLTZsheDn=b=q5}yDtJnd4Jvy=eXK;7g{eSt9$Gb0)jICk&AWMgWr}XDC*&j3A2@TH13^cSW*wXdyo%o%xA$HC_ z1N1CXk+$Qzf6&$x6YbXp$@PdrdKO7UpYOcNaZJ5=d`$YeZ_e8^o37%qSUw&4(cR5W zVAg!=%u{0Y?0wWN!D961dD1UQAOe4p_7~52Q60p8xJT19S#u=Dc&7N4`10{Dr-;M{ zO_#1x()Xul4g0p#ny-gf4#l`X&GKMmi#t}C|5H=UH;D~<6Y2HxE6Hsfs1jmLcpqQ+ zILEQxxG7&Y#y7Qi!Y3*!&ZL2ayc!2#=iT?vs}O(f@VlUJf2n?^4*;e#Mw}8Quxk8@ zj))tq_l->+V93CpSyU+Z<2ZEf`Xrftz#$VhJ=Ium=9lGpxNEO;fA`Z~2KbN)o}m5p zBuIOLCaKO1F&6xy|C8paoj=NMrdy~z*ZMC+7%med7P)akqs^|=-zrSNS(t*klTF|4 zEtd1*_#o%SCA29J_H~YPr87^&LGIVdNIr$h!s4tfj6wSVgYZ!`N8>t3^8pR|V_@JJ zxzr4GzZE4NdgU9S|Ir6-zy*G14FUSmcug>96W&u|cpIGKQkImzTAuKXNSJysnrr=0d(79#6OgMFFRK>wQ$r?+@^sgKU9hlAu=bzi(e{FmHb>H&mDXBHagGOLq* zijMxU_4MPgGQuki!lyuldjG%|I#;d+E7YOatBzfpCdkXA0g8KE2|!HY!uKhVLzlhw z8OeTDya`AhHA|#1cT_Rkz`Lrl^ow;X`nko!OKwiv?%qwYU$wOI3T;Hde1f`yUS7&> z{MGJH#V|zJP^2#x+Edt(+HKF>{)E9Oz6xF%*lEK9-`=sn*pzVhGE(T%ng|oh{l**g zeSg_KXr(>PH>NSj0rF`Vi=u}LPi+6V`ZhXD`xDo55N79QOkUP1Kd2WT!3XMHu><3x zkqn}GurwP|70J-9yATnqUu3?s#=-naUML$4?8&kx5^}-L9lhlxVQLSz$#=j1p|E;| zz16gt%G71NP^8byCVCHI)nd*3>-J%;7q{Z)HtGA&x;d*{u-%Ie9uylu`sEbz)Q8mi z-e6LIdkSQS0X81oFUg>fhfY0&tIAk^Q5<1?q+W3?z-gq%?`kS^sX4!Wumr=r(jSk8 z+E8D3;E{w$>;wK*kkx4X5#7kYeL<8QRwvP*fH+mcr=zf0>x*~z2o%j7satXpaXh&M z9_GG#(Pg)$>xG2Az{7-QmwC+1^M79@-^3foU4LR=xU|1}D}OxqBybOKK@AkieGxAqwUl4Qj~kZ!KQRhi{lr$9u@Ef(+@M!&kFhOd-l@Yh{P(% zL!4~Q677TMPo~?em``bim`@|b|92u12vH;noPj+QZW^QoHM52awAOi5(|HRxj$(!< zq8F$lFlT5q#S4cq`qAhC6GfOt&c7{G9SisZCVa|5Qto3Uop$9rP$I>061Ec;N=ju7 zX3iKcyaH+>h(cHC3OBTp{17VX2P7OhJb2`PZx1XN4n>UCRSELWeSakrSd3c{6|m~S zUQlW+oM#1!ndu|zA+OjjScl6Au&y_Br{wN0sdXJx)?!iGy^iyp=GcmQ*;kpjMQY$b zW;mp@dGqhtZJcoBQE*+dFAysld&Jq8K-OzKz=aG;cs28UcO(|n?xDI?j)eDFYZds# z?a%yPM^n8iF6okkxhmGsii906Nd)w1D$g4e1iKOZw-({9IUwn)nrv};IxR{-B%cr% z8;0N1?j0n95(xo&4Um?%WbZo=!qfr~q5==(pwOMT1@wOhBsJ*!04vHp)%td7)a~E} za;K(~ntKI>-`W8hhF=lc;z5~{E?BQkpBgqc!uT@>y98+7Uu3!}q4?F} zTo-CZ94d`@FJPxPZt*xY@A~oH9?G&x(-M*05s=<%9GWdx_3UeprP7Yj4qsK$n4!*M z(Q(Go7TsoE%|-0}c(rMtTX1bIpsk(JVb!$kc$SvCB9J7{$@qn14rAcIhQ3wEPWh#b z-AYE(cG$4Y^?$K;dng=4hbb&yWDQ3=O)QcEKL;`4L;2wB8VpIBLcppIw*WUoc5WB| z7xX8C{&Rp&5ge1GPHR|`RVa27d$_QQU(orZ_OqF2wJmP8|GwPB;^QChYdmBzw=ez+ zPawyv^^4MAlPc;qBa#&lL?Z@!n=Of=Of#ounmYeOQ2@2)h>TKzfDEl!kagk%H zz58?ZxxHcSW;cd6iSpQ`adfa@GU(obe?GSKxl6%m@yQYMXP0^Kmq zb_aAx4+}{#3xL59GiRIwQB{um4tyrDVbzX@XnDz7I`{J{*pD-X^E@S$YG$&rMcbHE z_&`*T4Fq&d6%$nxZc^yEbEpT% z8b>;2JeLhO5b?hMuM#Nk;Ufz4f&_)`<~<5sYXS=0<0MMvMF|iot3?1O{_!kWiwz5Y zW&=jJ$px4X!xfte?_Mc>_!yvd_nQJ-hr5+)5+}nKor2R_;nJ*}z95!XCsT}GLdpAO z!3V#XB_}9`3rj$O5^fC3G~YCz7-C^vOOIsYf;u<#vp#l5HVjU8JHh`*r1>uXEY(06 z!1T2;oXp^l{xiB{7PU0^y1IrqB~mHL^?qQ!NuOUu^{(+i+QHgk{T!urJ!B zciD1xYmCp3rET$LpTz3l5dWea?58{H@-1 zV`MfHp+w6Q=gP;eYTn*J&$4Nq^Z!A13a@3zh#xn}{wr0m{tLz;IFw5Ck9_S(sG+FR zms=>3UeN$No8j`CqBoEuz(=rZO9<%wRJ0t&t*FC>4-+U>zHfi=4;K`^L~!lQp#XRS z3xAR+9QWGqjfHTAGNi7IMz(sF?tdWrrJMq%2aQ6d3g>!yzw$^3?;Z`&Gz$*<&7B7C zC_$=|&{RA5XEqZBP<^a&PsG$ohk~_M#UrfTJ30QHr3qN&%Sle?6ceN1(a(bkiX;5@ zUza>?inmS$-9rhM)$;9Mc%T2^WO6)RnBTbyT~fgN{04=i%2CjkG9l9cgP!6&Mx>I5 zQy)}}*Og%qWaJysy5#?-#*fo-Tk7%nk?PId1%z6o(r~7q6*CjvPRis+hWzoy|2pHH zUBj{^)6?xMh5d>!mQ|ccb+2|lK+MyJ%=7-C7OFEDwl`H`9?C;5v;jhTNQ4iAYEka_ z3bfUV*pxIPE@e8AF^}v7qyPJ{BffYoFEZ>w{R8QO|EmE+D0V1`$Q#>8c2Xe!nX2i0 z0ux#2fv?JFlBYo^0p}^8VC`qXZ8&tEF2$o98!tf zlpM7EqZS$Pvl*>1nHa9*hSJNAuvi z;olBReS7;D^xP-!dOA|6-ZC=a4d+OoHsY0LG$dIS=JVRrg?9_QzI8Uf9p=I2?9*1m zurwTddOW;U;f)ww@)@NuWvoAcs ztP$Y{wA|GivLcF3k3@n~TW_N1)xP^(p_%#SrWwDf|FMKq&$s(oQd<`9TQ~AN-^#+) zjcQKRdP4`T~xIf5e=<79soF!a%w?5j7 z2~aX}sVh>!E_p6OS^ui$dO|76#}C4J3!()~oOXOpX z8)c23H&a(09_~-{4co!IvnDk}V!{E>$sUG?KO+1elxQ9{+xCUm)hO#0V|rs3HAx z7?tttda4Gh8-#S5rsIG3;#C*PFV&vDXcb#UlsFl(coeWX^{-N!ByzeGwaa9Vwk>D- zYN?*u$$f8x#Ef=p*6Pj&Y0j#S%A@i1oFXH-8=F}J9B!TQ6|$KPtKy1rB8R^#G1S3& zG^W!#7eTQ6$&!_ot)s2X_sX-_XO8Lr2Fj0QQ5Ei?qLYuV7gsXV#E*3Eku@duf2EWmT=pNbIqC*L zv=S27_P}?Equ`o}kl=kPP~5U}pfY00Q;+i{<_80gwQd2E$pZE}~+G=R*C~ z!C+Jts0)i7ZTiAnw?F|4E^Z`?UfKFG?fiJkIP@;!kD&3^J~Zs~c)7)Ticbrf+5BKZ ztG;+`4?}Xu_-jkaAJVf=?fJyH^iJqN-Qna$=s5|gIn{KRJ=w`*qW-6@f=Zu-#j|;L z`bjC;jk*0!%f9=Czoxc+(4*Ww@~Qcu4*1-`>eb?d=gEBWKm021GdZuPTfDHlX51+} zRznWT1qZDk-;amK@_8*0F$ejaiLV%*Hu@<3{cXo;9I2HIKq9<~B#OKHFP8YQ!h_=` zb0=@TqN|&u;hfd}tOH1~JK4CMA!IkN(EMQtA`$-)<`;%vzm(BY7661b82C7T@y{=k zkUT)Yta0;PA1M9&Yl6oo-}q08X9m~g)<<*1DAu>5^-IEE!&gqJ_MB@)mPe))rWJQ} zw5K|z+~uJ9g?qKd$jpmqb`Ci?t?MUe3P`Jupe1updo&w)n>Ak8=c5Iifj1L?+IRD+ zamdb>YngpyZ5Vo7mw2Xp{%P`)7}EmEqvYyiU`4|VbU2+WbbOMOps@|F5Fa~uJqmsx zHTg|~9(b4f4A@aYJD;PRt;n2^R==TGN{c(e?rBB*zx(*yz9W)NfAa znr+B&@moeh;|37QERB0omwL5HJ6AEA?8PKdN-Av^Ij(-tzu2?{-9igj$!vO^A=#Lah(C=UbKK-c6ErbNC?+* zm}8O!xt(pBAxlvT<;=lDa$3!`_K1YP>m11K%PJNXP@?mOGrL5~@`<8Bd?lmi-TK_o zoSWr+*3q3-vG%9*cbcxn>t4o++X}_IRE;;b1r67}R}X7cX)qJ2^y>o!dGKKm%;kks z`GniuL%?QvDA#^ixu-GY)L-RdA6P!+DsSoV4T5wEdh<+AmzkxE&+eTJ-rUt_B!76o zZ!-A13pZ8!hqO5$r(2|Zz=X8#Qh(FkLVbfC*jL(o17nL-gO0;+|33~O%N}l=45V{) z=F@zk`arIx`VwVKl{z#q;=MI+7M$DiEpeAYbzWLtQqPMwRf<38pYXu5eo$tKa>>Ew z9LEX5(e^KLhO^AAsV16z!tX`qy$=hu<8GB2>R+ljK0Z#7tKhh=S;in+jiABF7uVZr$+y8XP#ZQZzn7lr<+NLo)+(= z(|5EJ{+M{BGT717KbL<3Or^?2`-&5!u}7_>V$7C6z~bGti= z;5@%`zWvO;r{06vuJ-5t#vA*ZBfY~{TdZr&0dfTJO>=L4WBFcv|7i0nQvG`%%k{yJ zs?+11)=~c2$e#`g%zNOx?K%$CKCMZzkA@|4DRuI?KXl637Ta3JW`xh{V9&cAT07qq zeazma9o@1j8C|pb^b}nD_~H>QYY>VBNNr~`OppT4d1(O=CPJXF4nuNN4|V(}Zow?v zLJ%~bh~M5|2)y`HMTi9o|4C$3uvL%n_ni#mZMr4i4H#%&|3Q;~`pw-#pTcg>`9wq4 z{cvyUn=uFVgqyExq;abSYFT~xnESSbl;_Hco@}ZbP1Gg{X0w$tI)6cjd<9kKU9w}O6d&+i5}OT zIau-MKGt|Un)Eg%h!qnjoJnkreH-1<*;CDbPyO##b>QTl4C`OAu~FLLzb8|_b3eD# zM=jBBQP&%?k8!t=r9{fTOsCRr3M9eD?4D;0L;}rI{@>qBD+V>(5l7XwHwy|@(y-Fv z+aF@X{)b{;{I63R@aZ@+F2*jYlE-Il$jXdQUrj2FZMFQUzkMr1fwS!Pn;Xbvu0-{( z_O+-QZwp2`y2am>UgrO9gK4up()l6_;_6s(AP~{>I_DL@BS=eEZLe9RVTA`j$HNU? z|A#`?Knm(Fp#V%}GGD9)i@)oBDXxexHU2~aM)VRNo8pt*pNO6Yf$%YoJ+7C=x(a{S z;p2+O;$^fAj%Rk%rbMckWkmTd?%PYBc@NtZ_jUQJwg^!}>nb3$>_ajn3Bh%RbFvBL zC&*to@9+i#YM| zd`K4Cx^j*|@(I85xDU%M6-eM(;LL)`#P}5XVF~{a+XGu6{As=0cMn6c-^jzN1udp#|W%^6R_R>5SwoBd8gF=<=-VI+M`8Rj zQMaw|hw~td&KHF2pNuORZGYT!Oc*@&n$|4Bls9pj#}mCJ15iy}=%VeBU=U~_iUKt zYe6G>M{oG*eFcq1L~|!lRP@IV1n9H{25fkeYefcpJ|X$F3lHn9(zf#TXuL9SBoV|& zx)kcuy~3LrqgEo1F0EY|KujVDd3=bRD;;fSW%>ke&_UzHvV7BZtoaH!rh^^T10o#I zWcFN!?*vle#&3y&oQLkT)-@DWyFl^dv>-3J@3%F|mTuj2jmt^Mi<4HMh|X2`SZyl6 z^NknW=+dTDL-VPWY=;In$s($+D=p|zUS|DdgDg1g#Ja3NDp1SHgoE9xHmf?~WbW7f z)ScUVmOuItl+KvOgf?a;UN>gmqtA{jy|;_rMfkynR|ZsUoocLyzi_Q8`4*VHwFu0s z1T*VhKb!uM@axnd>y^wP(EIG*E#u;U*9w*%;m=Cwujn{L`}N7EFlOzH{kgjTmph!m zI7}o0>a+;1rJw-qM0n|s5uf$K)Sp=4X_Bztyk8h~4_n8tHFI%z#d@s)jL6+m0A@9&T0B_NQ zrN<^y)c^2)Qd5AJxZ*|EuOT7-;%Sq;wIls-b*&hY6I{x{KSQnxbnO+~KPpP|D;O8v zjT^yW3@>k?!ebc`$90cJ`FlrCn=kGePmy?(4B5GWnF<}KMw47+LznEUMwj$LW?v!s zlo(y4@b++^XjrKlGKhTDN#a% z0lNnJ9BNSI5AeCS$}@V-*kmMEWVP^EJiF+`ENKM#O>apkv~qI%v3-$5WMuRLq1@~|G8TpSjIUQ4&i&xF-WzQz#iB%S z_CQ*>`k*@I$MuBH_`xKPeznad1+`7C>fr(5nf*xj$zN(F?LQ(+K%4J7x*f9FJ4XUJ zl$DnasB%OHO3pHSY|$mpXF(^F;J9|=>=bUayqGn*+@YP_o1QoBdVU1$8`xLd{;*gH zZ++X;Fw|6j{pE=U;%%u*RJDl1=+yf1PtU}JDBA{m-qJvpHc8G5<=(c6U*h`xGj(@S zOmFE#PBOAUqiH|*ppG!15^on6Gy2nQJFCJ{i(arj>vj87!eZwrSFZf$hG+MxOWsHV z2kfVY?%Sebm6#b*;88~owA`M^SDS{DmLc5dxwfYlYsU%}x@o1gA1n=eV-F52yDxlT zZVb`PN-3$cB=5KYgOU!D3Z88wXmLY3+$BEycomK_~75;#FD2X?X62@@E%sfb)Z?8M7#I>XjR!6=c$a?B!-hJixQ( z{>~MOU4UQe;~IH>Kj6~tI;OqR_FHg)Z5sNCV4#AdN{ZLUn##AfL}~c7Nh+S{&X(_v zP8O4$#nY?@_g>7$Hn5tX6v@@!;&&?MWzgzHK6-Tfi^#%q>gs5}9vvY?cqHK9=mrRa zhkwQq5**op5W>*_X2x=E7bg5X=f9Edz$z^rCIX_##|t?35m?RtC3>2!n+*}n#v>o% zG`H8V-@XwTOAU97Wt_2iW2((%`zs}~T>TswizQo4E5epWY5ZV(4uP-DPMQqv_fL*X zY4k>oCUpGob?vGy_eRX5xcW0b(|dtU4xG>Uk-Fc=^Wm_|JDX|lnMMhxzFL&CG=x|Q zj^QgG7i^N3(M|?e5=d!!Vqoh`!~1TCZJDginiV(2=cRru`SZho*dLi00YFORlD9pD zw;U?`R0+2((%AK9%Q+zW^47=AfMY6js%q(Wx9z0N6rs)HHSUI=*_Iiu5c;!k!Cwd{ z7e6yC-%J(#h$WJM?d7GcJ{Eead;Tx+h98=HVE=(^`SaaFCF`B%&Cpfol%|eEY=F@E z2V|PTE1toVoJjINj^8BcqZ%@bW&!YeaN|^xU&q+QC9ls2)YD=Y42i8V7;@i43 z-I&jOw$H!N=PAqyuSsNucSaOacj{I8=#L09EVpMKYUA^gGw zic-5+*!b|iId*KGUB;5LE0Z;TE24YD;bxI!*K1C~Yq+Nz4Xs(iEu(DNL_ z^(H>jy^0^E$|T*Zf2nl&56QKddlJ3iEpw@V9Q!l~jE14xxy^sc{OktJAEhya7b7{| z3K=>b$6s5t4JWrf4Jjy99{A_+dS01bd%uVM7H7~ad4j`S=I$K1HK&EU8|`;29G3!CJYx0eIKLN)nkzuO-&`2t8_kE7d=^i!PccdG2jPVtJ34~p03*h3$j9YaYKw6_oc}k zY%A0^Hdj3)qmm}7IV6YDVsQKro`7nWI{xUV@xh4=%=`(&Vn9lbV zI4%Y09LoLAasX0XAOH%M+E22Ii=I@6DjeJ?xjfFf1cvSio;&R|%Jc}BW0He-i^{D_ z=Dm%Z?J(;IXM``9CWx)daLS3e?x3tTshuqsz(Sox$88*uep8^m08u&(q{8d9^1c7? ztl(*-Z+m(Z@R2<4_|7g6e$TO{h`d^c2 zbI$u}4t~C@ca-R&w-0G9bIi3=%@DFQ7nS0!FLEHbDPk{=SNJVU1Sqyl1MKl#wGdnv z$RnwNz7e{}Bbqf&bj3)>CTLgvpif1y4O#hvlmC*nZrS)3&B~rotT1c359!@-mS4zk zn*7mY|BCEkdBUXyq$XsG?@Sco@XhgKxh?HVWPg~>q;FIIC?{4blTwYfKGGkl6PdSX z0j6u4c>~N8-#uGeyNJA68o8?_?7!35Xb*WFZcR65ZWIOj_=h7&sF#4UJ161fX%F*4{R3jo3{ zWZ8@6L-^~_R`AMBDz-AbK|%94ma;&o_3$*ZHsvCNa3elVbR8j zrxw$sQ~oF$lPTwI>`!5%@Y@UO_q%In0+T*rJNE%h5qgi`-j-@`_OI)cV{YEn716?kJPwrIw4>+3Jz5fMeV(LpDtq@EM_oho8gYLZVO z1zTA=R0I2u${KieYkREZ@C?7Nng7ciibN=zoTvS(Z=)hHzwm`Z*&babYQ|`aORmy- znN-ZaDAU8`={JLK&?Vg)3NUczEf|(clabxEFJm$kko~fiwH7s=3r9GdXyl)djTrD@ zdqs=vv)4_Y3)9__R^siIlV^8oA2$jrpUlT}6;7gg$cc_!z+)E%IJR&v*n)mcLwnk1 zLY8A&t=ggNf|f_)`$N9Mr;4?cwlmhQ#F4FMnRiDx$s(VL!VE;p?Da!Q_BhMTtqlvF z+7Z7f)k?SDWYd0)ya~eemm+AC_%Bxzz$m!D(sR|&XUGEB0X@f73s?`O019(a^mK?S zrHDc$?NyZTGyH-)#P#;za>=wC<9bXTSCwzTVb$;p-TXA%z$E2o@d$Hc-eo-cPvlr zHbpN~igFImqEh2CY?&Xab`C>SSC@(oVdAMh{$jXSQtP_$Ech2~| zPv4(^_~YaAdB30cGvCkad7d`UtiS$(HOAMjyZSuGHpnL%;&T1By(Vswji~JDn z5H_-)gfwq6Vhj$QfZ!N|3?*4%{&!tp3l0Edo71NIOyz+EXjO6`in3g;V z1AM=w65l5+xBD2_8QMY4yClSH#$Nr7F`JbPOX7E}!~qET?a-Z?D^Hmkd#+YN!#{WX z{dw#wq;w}sF6-wg;{#3}s1$%%(_|ps$?`&CR_UCJcxN zaM#p!wCo3C>|MSUAPrx<=5`VP6|0aZAZ6=pKcS5% zq!1*SM7zwFK76{XRrOA=#71Wrf@X`hFxNV0+cd=`g??nb*tMZ97*RHPWLNZ-(QcZ5-V{Hw7bv3)3H{%l?N;?<$|mssOyVeEi@eRdaB^|#ZAam zk@3#ka9ZC`R^ilGhYNAg6_yb=dezPsKEJXiHc z)yiK44pRrVmrO)fY1Mi|%GiYqG3gYM{ycTU)}75cOw4}L>L2flUv(mWn$!Li^w)d> z^KMq1g^-A}KvW}B&)Sve?Rs;G_$Nl1`F3>taWKklobDfJf5L}yLN&c2P%1!a%ydDd z7&Nq42#?w14yvtpirKDoDc;AM#yjYc9jG@UUaa#<_sS}x8e@PcGttb=bLg&{=SLrB zIrI}{sQ5r|6Bln-Sj)6YV8VFvBj;&W#hur#f--WM4TZf=C$F zj&earfcF)lsXcDZFv_ZmP)*F8X!F1|ayrY8*F|@9-Bf2bDw|I3KQcy>|4^jqwN-8N zs`u_@9$DD@yHxpkj;OoBiH%QPmhTrv68^Stt$v%Orkf$$UQPC%ka}Z3R^Roh*7p17 zOq20GQJ+IzU&2}!y{9iqd1`LCRBETTM<#F)N_Tg3^)|V$L(gB9v~0Yd?>wlKSbjj< zIKemyboim6SGTuOO#svxa~1(%kbQd6dJvXiZ%;mPvB=a>`so|cH%KQ8syM-zk-*?> z-tf51I?w=j$|E;+JMLK0wJ+Jbvb6RObuJoG78Wa|{mZ)D{Nc^+$hD=SY+hTu3^o= z&mOUlW%GW#9CH`5d$^2_;!eLcmh zuba7wv(yL(3b<5Qs!iFcGRC@MX_!|va8rJ}blB4$=bcJ|xX<2r-Xvz{;*LH2Y-F4{>;f=G25^nP#omS<>EdglUch(*gU=yt+`Lu#F1LevEut`$oxvn*fct*1}8v+ zotxxpJt4nU%mvk1(PU(d7iw5puk;*J8BaU7c5LpYSUWm zwpD2?MzdO|Ye)B29D385@KeEkv+_x@dBn<9iT--c^?=CIZrHb8ZfIRPu)rXhyr-L( zm-n1x0V#7mEtm9D5{go&wd&^iCl*Ivu8Ua#cB_ac7xvq;iIUaV88qzzSZ^ifR=tj>-zO(YSsDF) z+WIh*5Q*2<>Cd$cXW~GUm*v%w_SGU&rFL zjeplHe%W#~#kNmQcI{Az6E>_pVuL&c)qahsbi!4y;oZN^LthUp2rH3)cwRIg2zi}N z%k)6|_GZTf-Cr_s*4M7DVie&WUFyJBOo$18+(K39YKH&egQGX-H;$pNdU3&dJzUED zhTirl?5TrLQ7Y_j*sg4pfIY$f407!{QQ}4V zGFv`+yPqnHQVq?r^RC=yLFlgT|xPPkv~%)83rfU0bCx zHOu`JUW#2E9;5y!bRF0Aa3J3-B-L>j#x!j-!!Lu#-qv}3UANv``v!r$GNmwsx#`8( zho*=Zy>|5tWb&TKe61k7=;1rARQu!?d|ezU9eB=3y2}}NA6&Q!JHWLz&48T;=|4~% zlX{+s_{QF_m4`Sm%7i-Bvw7R(Pw4eW!*7Bug>Kehj;`-tNzARk?{DJRvMbzpZ`86f zOImcqIxe{lt?*+-k=A0*Yq!?=u63JtuJQ6X-jD>`g}X_yK^cJeQIrdKOX+z-N7>>C0Kht ztSMm7YC+F}@1n6mch>zYg;cfA`oKOVFYvYQDJ(Ia+nFSV5g~s)6FbRxg3W~4# z3!r8XM1bwbWA=j=-}iZZQCR1I4>LTF`rP%&T|MRW^ggfllQPQooFmp3%vwF7|Nfw< zi`aeh_s4e}34a^yuhs`ueIbOzG*sqcIT9; zV!%V&=jmq-tC^!RwMEOt*N?L=c6i?!^px2@D$^pHlP=WZkMnw$EhBtxeWa+HNPfuv zV*NjQ%oni_aJqIt?c$MvT*7rr17YxL$dImcK-r zVEDs}ZT;KzicRX|OIPpo)NB6i&|UYWtd9vX%YzX4Sq*hy`X^Izl;6jv@2{7>?-O9C zUSX}?$ce3Pch$7qiI^0cPhsfsVDhe~K3FeoyH+h{{ulLy%BVKz$Yxh}lS|XOckBE( zYIkCHYOP>@tD|X&$FF)t+8D)cp5Uo!Y2kI*d|zzn&M4qY#k1dh^IoaG3^Cz3HBgo} z)RE&yp%+5tXBCB>>1S@wWms+y(r82G*s{4UU87kVR4e2sa#)^>Z#>haa$?+!Ht79YTGh1 zXTAk4{6^e?q*^*jDYP0KFU$5r%KcJl8*zW}Md>obJ2STfiDB+T=ZyHN1Me3( zWYp#_gq=RE2s;w_HnX6t{8g}5VPFewaq*3Mj6kQnrHGLK`b^usz-adiR#>B{tJtdx zIsyHg8#35@v&3n>KdaP9pN%yc=7NpgTe*kTvfoV0TO6M z6d$psC1IJRHxg(!yR?I%@$VmXj9bE$^-lkMn5!^eN7b15eIMyp(I$F2G*9qm*O`rO ze_WG}+?&eU*+T@L?PS?0N%e*cPkUU2OeWjPf7>W--`e3@x+SnKRe9}gMu&FN4(q5b zrmKtZ0o7P}U8%svhug$7Hnz}AG|HGQASwpA$va||^_hipdwI`wveBb^m?})d1Hcgn z)zGz05IzG934?Ze>yLsA%CGa}v-wM3Z+e?}pCU`6eOP#eVSIYaeK2X``{Pl`eXQ#){O(7bq+noD^>r>jfPrxF*(aO^3;n z)+MLBk;MhaxWvldD;EdFdHMx2aIK+J`%tGrha+3_22)EV=675*NB%5M1rI;$WFe3b z<%&wo$bmC|A^)VmYkLsJ;%&_icyxm6#=DDySfJqRZht+NHA ztVk@806Uss0nCA46ohR<5WCutrDTL_5O(fGE5?~;WjRjf(zXH4@Q=<67&Zrrn#>mY z;5oPY4xd+oW02OQAPWdjP=t(ipr$0MO`f9E{?M_*d@`HfuO>ewet+0~coRdv3D-V0 zC1D6sNFhAY5IF#}@)!h^Fk#W{OETZ5?MM1@lOU1$>i1O(shVBWyCVnQKv^nBpFoG8>${3FXI>~UeVdg70v%D2Na#*l&&5U4tw_q ze8YoTYxXo_1~Lz|jX!vON%vHX2KL$?9rp-A+)c0%hCPyL-|7PeowK0u?tK`9H!**z zE_Ths@+7-=4AR5aq_axDvPDBej*=4}X zKw$cx^QRpgE`ZEb7T&56YbC~+;xJ^Ln+_A&x?rin5Z&gZB+jQTE|KY#I*F4G~fz!kD;!yu$oh#-Ix#FEc1~VjQHzSMLhCdC)kpWQ_%^DJt6wHe) zK$>(_98L^Kzd(CDo_N+-p79v2@sLZbvhCDrjS7=)fIn7e&mM$WP=Tz34&o!Y5#V=M z76N42w-Z4jXf!OU+aAfh{MaPOBmPBC73smRx(CcaorRVJ0W2BN714-vSkH;0Fje8} zh+$43RAgpP4=G!1QQXUS9%wohbLP?X09V^miVeudhogY-2wfdS2!-r|5sk*P-Y1!q zafngC3QjTMR&))KAiP5&H~ttzBg@2GMAJN z{SQ`bJCZnH3?n@{Vc&ZR!O)m$%naxds)5yC2%)bPj-e|7WT-*83$xW!`3ZY{O3yTL1bcxCb58~gr|Qrn5dY2F}aK0_2f!K$EB5L%mQgQW6`t<%rOc#np` zaq75Ep3=t$LQuT6-_%H9po^U>OMvRXXWZzhZ*bgYM^@iFS3L4G<`fIu8Fy(+U(5j< z1BUGKZ;vDs+?nG@IR}0TeP_4d~57V;+;Mh1$ - - - - - - - - - - - - - - All new work is done only on master - - master - - - - - - - - - - - - - diff --git a/doc-assets/lws-relpol-2.svg b/doc-assets/lws-relpol-2.svg deleted file mode 100644 index 397aabb..0000000 --- a/doc-assets/lws-relpol-2.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - master - - - - - - - - - - - - v3.0.0 - v3.0-stable - When a release happens, masteris copied into a release-specific-stable branch and tagged - - - - diff --git a/doc-assets/lws-relpol-3.svg b/doc-assets/lws-relpol-3.svg deleted file mode 100644 index a3ae305..0000000 --- a/doc-assets/lws-relpol-3.svg +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - master - - - - - - - - - - - - v3.0.0 - v3.0-stable - - Work continues on master, and if a fix is madethat is also relevant to the last release,it is also backported on to the -stable branch - - - - - - - - New featuresand APIchanges arenot allowed forbackport - - - diff --git a/doc-assets/lws-relpol-4.svg b/doc-assets/lws-relpol-4.svg deleted file mode 100644 index a50150e..0000000 --- a/doc-assets/lws-relpol-4.svg +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - master - - - - - - - - - - - v3.0.0 - v3.0-stable - - - - - - - - - - - - - - - - - - - - - - - - - v3.0.1 - Periodically new point releases onthe -stable branch are tagged out,with backports that didn'tgenerate any problems on-stable. - - diff --git a/doc-assets/lws-relpol-5.svg b/doc-assets/lws-relpol-5.svg deleted file mode 100644 index aab2649..0000000 --- a/doc-assets/lws-relpol-5.svg +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - master - - - - - - - - - - - - - - - - - - - - - - - - - - - - backport - - - - - - - - - - - - - - - - backport - v3.0.0 - backport - - - - - - - - - - - v3.1.0 - - - - - - - - - - - v3.0.1 - - - - - - - - - - - v3.1.1 - - v3.0-stable - v3.1-stable - critical - - - Occasionally fixes are added on master that fix old, maybecritical bugs that affect more than one release. Thesemay be backported to serveral -stable trees. - - diff --git a/doc-assets/lws-smp-example.png b/doc-assets/lws-smp-example.png deleted file mode 100644 index 8ea23fa96f2f47a78d3667594a878c6cae1811d7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 93289 zcmeEs<9j9D6YU_$#I`xH%`>r$6Wg{=GO=yjwr$(i#I|qV-~E37g8QkT?x%bA-c_qs zt*X64WSG&yD@$ex!vu_5(*tKRjP`Qoym4qRZ63Dit*y`QNX@A#P5}+ep2TDvM#MSZ5 zQ}a>PLfz`^YAk$A)3B+6z;G2xsp^aWAWedi%nm!lHV!#lZoHm7YQKALZN6?g)Zj(& z8eFDuZpliXdU<3tblz8hrqlpaEgpK9fqIy0p#bOaU)Mm!-@gU=7+?*`7?H5Q?lmGp zrWs)Smd&O7zwQQA42W4^`xqLrQF6ZCtyxHhgzIAnuNV|E{TjrQ_5XkR|1{HY+_rCD z=K8t#$?Z%#3T+lCspG7FW*=VB?QpSKWASD6wifb01eU*ZodR)0)X~POhpyXt`4*aX z5#lqhr3_ylVZ=x1PyRzA2A=qb7CoL%G}9o1h(4y=&i+@?gYA}I^FO>o!M(HpyktQ7 zpzq)AKkrF9T?|8g4xgdi z;82UNkTuXOcQr)U{e{4tHO6*0@Qbl3E<^stLJ_qv_%LWPEissj5O57P zG`+)Kg6AIBGZHL}AOD*TooB;#A*5vXqHcvxBMZuNjdH;<9lagZF^b`{56mI6{9f8e zX3I2(Vs8!1ms_}>_AnisGK=Uem4eQ=)hbm3q+bW_gesIS%Qqu9G$T=oq zw@b!HEilMA+V}?PCs%A)<}m>dEmb!P>%se>5PlR$Gq)7P!2?7)3 zW4x1Xb*Ce@cUyHrSVK=_;?zAGE&M2tNEY$MQ~$}l z%|(kDOdJB2IX>00t76_prfyVx)!#q%N}9)dA5vakc6m5(}f%Fc9}M)3t#;(3$*+FWPqWIIhc37r9YFZ zc+TqgdD7#%VGtHdmoJ9>l!;w)0aOgFIK>&*vnX8BL5c#E=Csd_Nzl``=iY@%yaYYA zE4FQx^slYlI-}UI-#@f^Z9G~|x<%3pd(dk}fFSpJiT+2V_z@wkWi!jC4dfNL?aPE? z9xy7Ue`Md2l7>ws2&o5r%_0kh&->#M3JeHNXlm4j4U%*<<^J#7NS$6f^oD_qCjkY9EXtq;~CNIk_XR-3<#<& z5aq1z9f2^#$K0SQs_LkMIsU4jnMe7gh^y zLOv<&?X&Qt?xD8ku`{jxqJafp8G^N+NDB6MIy127Gz-23U@8Chk=3K;6x651x9U|V zg#8s?2XF>SsbAU3mw&u6o*!Own{+Y6#tO0mV@+7&oDJbyZOK>a?3RWYASe{+HeP`yjaNfAMXn$H;5hQ^|_M zNP8sYUr*?y%(_f%WUX=>Bm+iC2WxviQTEtDcOEZ}5$IEf6VDndahC!_woQj|NFerW zpsEHMgydiGeI|-|9b`ncAYm-3O507*4`irxWo-Y_4&H!8sIvQ{eA|DO;VGyJ(!VfG zt@%_8Wc-hV>xO7+-tyC1r{P}A0<#yh(Sv40g#B{S3+(7bO(E5CB4ItBPQp*E!#3Yj z>&G&H_`+g#iKTsX#l<5cQY#|~pfw5P!d3%CA1$nS$AFZ{bO>7%HP;bjohQID^%YQ? zB4OPPT%8I=qm3;cpQEBF0@PG52{0SdBS5aKKuG8rz$mlQg z5-aySof>%L3vb%;Tyz|cz{j}cu0PC31c%!jzy2>w=}>+7eW=>C0pZkET(c}<_DDpu zVxI|)L_$1j1ze6|l8lN9xrHz|sI1oQB<=#ro>wNsxDki~>L$oGrdn>D!O`{Rr_oXI z`e6fLQ(U2I7yT^#mcDro?XQ=EvQueoZ?i{aNy7B+nMXHcxy(`tAjZwt_ovLMes9~? zIi+^H?}(9FfAusG*D(!BQjf17NEUx-=Pws`*P?yOdjvex>zb6YYN_^|w^bu@GH%Dt z9llpZ!M`mf%oKmFi&)9bF2ZNZ?2$`TbHVaR{TvtcJac$T^OjCj2(tMYc>>x1t~uI1 ztjB5Ge4Ko8d$j{EUtgn|z@B^#g(2_W#lVr{v3?V2KY(VqhDLbLDy{*YF?`mU1GvBs zp-@0bn^M@`pO6FG5$wketU5r8-z$E1nb$@C+?_PTq~Mo)wM#T*_tmY=#-SMw>+G>+ ze3BJTHj9?`Nr#dr6jgW9>+9^j2LIi2eDS%tRI2_!yF4-l_uKhB+hV|zugpS@l|re0 zJ>E~5+F4V|cI zV5Ilfo-^t0DxVN8TciLXy)IR)E|!S_V9!+neBKLkKBbT!Guw1}>dpp>^Yop5}YPnS-nUc)}$^Xc_%gL~<+6Rk48Q&22=-nlVn-jYx(u-&L@&3ymHWHUG62w z%ijo~^CHLW+ELVEP`ry!ANY(~#`&?!oM%$mc?;)x^?vN(#R(o%?~7VUQ3xAwoCSSbBAEG`LZU*H z5r!;r@i5BHQ_M`ayY2vj_Xt$cU(Zh9X9O*RQ@x|S(qnnbtiKg$jGwx>ciBJdkEc0= z{>OSba`)a^8N(4$VRD?bvkK*XiR{BA1P!{KX8fsD^O;d(>JoMl*&>dH17$o{j95ZX zy(IE`hHeVmV@0#?8QvcUF~Rw9JziVZs?i{lf#4rF_d0V)Lj4mB*;Gk5Z0Ml^m(uc?@(1&)s#|Hrwc?7E`~O_HX{3}M`6T(HYWn}mO&5& z@EQuK>0%sg@%_r}lkshpZFjW>kxO)T@N?g!so6OO;%0nHaYKu;U6p*!JYZ(M8}4QU z|0-DCdp(Ylrf%zKLjmr7qbNgam5Hk;3e5$_5r`RySH(?&WuRe$&ffZ!BPeoI+N$x* z0~LkFX^gL2*v`gAONeC*CNeNu60_dU8lLXc0%=zxXakXoei+1x6a@1Fs@kZWm`kX1 zif)bOt4^3KU6n@nEGQSWow9sZl6}|;AhD#{A;W}l!}WCT;4cEW@^?{qPf9}CWHorj zDzv=^?cVOk_NG2$9dd~NQ3hgHE{@->K=CwXs(&)qg?F+u|fdDn{; z=0AJ8dO$cJS0X<;$>n6jKX^JB;C^2x+n|GReGSfc6SW<1rD?Ln&#Cmo#Z0)#nt1Nx z#9^-WZy94s84Wl4*_d&)E_q{Y;2buzlU@$%m0bmwq3m_=$h`Mkz0`{ z%00;PlBW+;pvBFiTN`*`=lbbw zNU*fyFm|an4>8e65i*(+x?z?)!01xoT4$v#`u(y4?-^D5o2<2WR7d>0savVWs($VO z%gN6eGPwA{`b(P7hlJ?{5g1)8Vc;O40D8A&1~@ksvougdJ=jYiK}R7N1`8wOYCXCI zk2HU+!MwKn)M)S=Ea*QPm&rZP0j^@Ks6`*3nOl@fhS4bNx=}tLW0Z!cq!dks?I_pd zs93|RZ{Ve{-7g#@RL;(2tj{QM1rd8bOYX{gfAlYJsTp`m`458kq|Iy7qDvl=x5wOb z{q}xpeKPbZA3*DRb_H(2C5@hQ%(-rHNsW1=|Gp}?cFz1|&q|J#OKA;q^0e_y^6nb1 z(1_ZrhiQ=KZduf5cCRM9Jkb0puj?cR$bfvLeLBt(WxH*c!Jls1TstbkT_T8Zd11k1 znO<1SU6wSdD}IdFd{Qpz<{#AOU$8yggQpB^1IB8~Tvn&<4of+y?dfD| zuqS6QkA?c|vB-;BPkk`CtB2LOHH}j`=_)<5S}hoL7$I2+R0^EgiTX;{=~y-)*NduW z2M7`Dc|nvN1-w-^d5R%`=h3G<06M@p(;ICsS1kPy;o}zK5!Sl+D@rdGWrU?BdxV2! zL7eXM@owieXc0j3vewRfb1S&CxK5{8T-tx_TQA_co!4!5@EStbAj-d$Mr27+3MtGS zf3kO+6&_?3h;L5S7t&;3dWKTWllhF@8SRLoGGKlp_|U^}URX#Wg&w;s{Be}!`)_EZc%>bWkQh)rzhB2j{2K8p==3P|_H!&*gD#rKmd>f?s#G^w2Y1Ygw(E zWNxdMXo24v{V7ELRm<bRB^~UUFB6 z0<;fapjP1OZEZzYm|g2KCfxUN`jN)c~zZ`kr9nZ}`jOd;?nd^$-~*2$yKM%cu?_*qV5t!bl5 zguDwIbSo*ZgN!DuF|WF``%|YP9aw3psoXa0AWaF6*f#^c5O{SW_)o(k@AIWIzK#J= zHeL)G%&AsrS9wYS_; zU23sb=nYufp_;QA1`?I9LAyaf^JqZ6`lPs|OwwN*gG&!S2+`@7s&Zjy-Hwx3FpKd%aU`4nZ#3+HWX};_BO{216 zbKhJVUksHfU|pW$UOlF>T=#{d7--u3*w=DB1=z(7=-Ew~+sU$Yv8TRw9Zdw(`zXs^DAP{P}UZg)YQhyvxv;^y!|J?6;r$aZEbE9#HU4Fm{@xA!rv7HS6 z6~-!D>OWO-4d!OynN0_KW3YvPBFRdSAjcVh!dz4d&0CY_I@Xsk6$N;X%98;Iv=MdD zZ3j~YVHGQAXNXfW0{7duhzHa9b|oX4-UO_-2?vPxq5zF)+heG)qJ){z~s+!nZQ4@7ZD*1S6wOP}#` z?3CuP+saq!qG3QM1z6;Qt5BK40Jg+_o^z^#K?#~eSKXo{VjWg+XTwOdQ`d17X_^ui zLEs;GShvtk-}sAG?Q67|lJVm^K&QGy8iav&K}5}$>^#KT$hZg`k`8JBjTL`S%}ZEx zE0aU|cM`H8alX9!1V;b*jqmpN#5P`|nF+sfF-yq5odtT4c?c&xz($BL10uS~F8 zeKPLAz7TUb-yKu+4bpC3oP;YLq=hW4-Nz4l?FWqgxyc?ksnWfrip zLU0EsJ(aKrE`@u7h+)1|eJ8^PSpEYy6wfm{&nY`x&RYGq!ZHPbR3BTfJSCH1j8bY) zNYpdfX`E_N^Czk?23g05J+6k{>Rpkpvgfnn@Z#IA>w(bxhRpUlLO(bdCb2Lfmcbi) z(hyh~0ioLkb9g{Bl-!2OxFUQB7fj;tLUwIBKOI&r&rVnY2N{}0*!C;6IcvR!?P*Qb zUpwvV#iwXUcG_iFpE#H%C6udFW4U5UriQP!bj7sb_DGR*5pS_M+pS}Sfbz2w`uIW# zv4Hl$302FSTa&%0y6C0*#l1yV*yfYq@p0C%U)4?mPja)xM_>Y;r>yMpyaS&v#M~cv zCYY;|s`Ad3uqK_DGZO<|1*tsZ`PxV5sCx|7P!VN$$*#%;cB%m{f+d>|vCZ2+RFsNQ zf;&x%?9B}6dJpxF@XAIPrz>}w1uLa3Lm?ukn_%} zRx#SS4D$)R56BrI}i&_m9d<6agq64#P5i<=_k44$vo=14bgacEoXEN_R<4< zbD|lPV~?+TJo4bN&!{sBOy!BI=(2}N%N!U`|Me4OaBLvCH0rr#)vD+8sC&iCuhD6f z%ix85GFq`4vIW)0SRS0HH(L+L%-q-uZy^;&7#IkgSi5z@GUC%M|2n-z*0tF8X6;Ttp<-H@Cv7QFMyfuq7Z#Jp(HtAju zSDV@l=NTIa8?;XCI8s)iH{$&=D>I&4`-Xr7UQRbk9d6!7YY|+G@k_l$34%(V=Pbmh zP{KiFSRVsjIvv+Gy5cfN=m4h${`eNbJ zNJ3S#hkNqzZ{iCIsREU#)PEn}!qT11i+xEe)!C96bF>~9kq>R0Jm%o5&pP1YOd_cZ zXuB&W#bpYpwXmSk(4ZO-!(dhaw|bBe!fkzgnQ$fhC%VE~gs3WnWUw%yWjBPs2&6wL zy7*wD|1^s|32fi6-@kC9XM~BrpvWEAvE|yB@K-`~Cl}?e%1U614dd1pJ=0~IO-U)R zY7_KG`^+mZAM;F1LbAJwlf?&$bPoNM#mEC#%kRA?)XgKeJk*h?SH(8tu=KAKfj8ol z*24c7RTa6>UFlikcT~-SE~WG7@jvwNs}p?dF}ZdPo$?5TCEiow(xsH*f?0X$(#E^} zYaMgdAV0>*T}^C#V1O$&Wl~yn5e>@^a|sW(CBkavUNjwXlXgPRrbB9 z0eWyhWUXCCsbFGU2OJDKTgCR!yNtg(wN?M2{y;+L3~*ASIHBSyTB3*(2&1|W^hRq; zGitKR>{!^yl2zE+v~Kf4B*wa@GLok`8w|1Q@S#7&18;VK+qzNQnIsbK8Lf_Qprlq@ zD72Q+N(*gBa5gA7GpJ>Xk9?^6v=`SI_ZJCC1WpAXEzl_KJ#X0t~i`l#8zQ^i>? z!5(rDvmyp-tqK*-_OSa^fk}4hqITThzt%%*M>iKq6|X5z);D@GZ$E3gk&NB|FNwN! zKVnOn1_+uynXIELDC}Q%n~d;KhO}%gGbbwQSD;GY>-jEg!lXV*^_sqVhxovWU&4L6 z>bnT5LGs%Nn8$*gk{_AJlE^i~J+eR%sa_vE^a!exEe|6_7VUApwXK~;6Nr+)`%;pafTiggo_Nj^v7<4ImJ z2}K%hXJVhCy509!&DMjn)rOn%ddC?IR+jlEi_b$so#ZZGZ!UO`gd9KGeUBsHjsu?PdI#0V1WtzRVZb76KN%nVLqF}(eIT5qn$ANiHxeS!lyuf0_ z#kZlubDyXPPtG19WgT}r~JdkMImw3OfmL0mdWu9&V*M>avfx?Vj=FqF%Dx%yIHv!S_) zV7w61Racx3-#E)eFz^p+4Fm}Q*I|;$%lw8s>i4iO0q`VyWy;1GKmWpB_Ccv$4wY#-Uym@lBZE3G=DdAi;YE~h=$ly(bY`t7 z=$=%86_BRAFiK_0CXwxthduYwgv1U0-&o2;x+@od+6*IY3Zyl064ux;pIWyV9mUG^_78VaA1l6Twh_^u0{@P#Bz3-c$kRjEm1eM0 z>dyss#f%x1`VVbxU8PYDvO^K(@O3CEkpFdq128n!xc|d7@l;?uQaYI$lbSP^yI!k@ z8S+;$Tz|gb1jms|e#75o{$y$o8cm=IleAJsMLoex zP-HF@NsYSaa>TOkFy(vaDew!uFJeOWV3V}v@(!6!Wx9oMlT_Ot7RS8=SrrVrburcj z&=ax!F_@ztEK!n*&k75Zu@7K&CVIKJwTBB}AEf!dJBSv28ms#Z>F162=b_E!lhGeg z3o<r%( zjna}P@0*QVP6K?3+jV2^KxRa6>?sFNrGp6-Uat2ldTX&#fh-3rEd;(uXXH=3(Uj7H z#pnGD@AJQ&0kB5AelgIraY`-&0tf4l`Je5~P9y07O4XJa7pR6rq2(>DYItOf7gr1# zFbJMmLF<5viplD65}#`GcZ0MB4z2Fm_+a7=OGE5*)p(yUxFJYU%$Kr{!LMwi;STwV zyM#!TIpz^M<35SjDjB4oSGu5ZXf8_~&6fY0&C+z@A}0N2HU+mhb3Uflf6Ge7NufICP^AY^c8ijd`pJb^tNq2Riz$xaMcU< z`an8ad;eLph%huRy%}Bxe^faL9m-Npjq~7CrblYT5xNitx;D~6>L(A@m=R{MhQ-gf zGxEN!&x32t9tmZOf6yu!zF>L12?Fa(BB+-2R|QN#B4~ytv3rFxl*7)sQ;n=e@}sZ@ z%F!RvzmlC;g<1BZwc83XB0n`?wlo&ZbEuLnMw(lN!5jF0j1V>XI;D@*3CftkPIZ@& z98}9@ktBUhjvV0Br>II)pW!V13Z~c;hlDMeh>kt;=Aj>)c0b2uZ-VP1yFHBcVZs`ghff2AeirDWK1-*JIBqPM> zYw4Ju63_cR*g#38_WGCRU{faL>4jYi0-!V&l}EyUd@>xx);Mfqxr;MhspDk9;_GBS zPGX~7cX4#cL4oRUu&=O%UaF0HvT2&f_<1USPrf+}O2TTTU81Pxw>aTUw20*jOMibA ze!RJ}WQ5~YGUqz8#A+zVvGvvF(-@iw=3GKx(lM32C?TyQSR$=Yd0uaIVV)j^*j$&D z5&|VlW2VXx-9T_B z#KjVOu}_5n22M&uI(lQpK0XjU<^R$gq^hm$FH(?x32Lu^q)Zd`9^^Rog5>L!h(UoW z8{vKBjvsD*rF>#96%>tQy_E1c7bNF4ok4oPAApVlr`#PG^m6u}9F(#A-P!H1Jt_p; zJ6>6VUP_1$dTH%};v$Vjox7%cB=D$BZK7Yd^F?1bu{j3Z@PTBEOWo@-fMcFsgX?9VfNIyd)gT~m6<=BkY;WAlSP8Hh+y3D{k zf|Hu5O6ZgKAa|G)oez@RR)C4y!>Umy*_9m2tLKAo9AY|wWI!#yy5tH)G^;Ds(B;52 zw6m4PC=Tre&AjA?C$W1~KU>!WA|ar}cI}%EONKC-*X!sgNBRbS!9he@ilDA7=d*9u zN69;Hb1<T?1% zb&V>YO_-SR_#%9}>L;taSaB-^mRBRL;5hCUDUsIa*Vm;OwztPxJR;X$VnZ=T3vK=t zK`XDw|1W1>`MdRYrA7FAH|qt!VJ?I)vgyBvOM65d85^^xo8 zM{CDtWuw}w%(l@|>d5Y2tqX|F`V+j9Ix@grEY=%1_{?)q<>D7MG2Y8)LkrJ)+0gbK ze0t7FR48vkpjtf>;In*pO{JZ=X0sj=; zwiVM-a43+uA^qot-gy(t;?tKgs?xnI(tP{}Pf)@oXhzD*%6Mnd6F#D`E%oUDPQog= z62}Ra2dkU;i#y%KtnGiO4cJWTRk^!iAt1PRd*HWq?PM;^c4F(13?@K6ejLc+^{O|j zx$Z=MsPdiNad-0KF(90Y#PqLb*V$g?wft&=d)oS$)t*w4vBegHbDu@)QKgc(=UDx! z)#rSV3s{;KxT2zlM&`jEwWq^j4A+W}^WE zO3LVYWWd(t5_!{j1h`=((d`XXals;Kxnm#z-qCGFG<$d-y3i9f94clq;o7mE20EOK zC%*y82Lgh&w_7jqT*BNbe&4a(UU^ybq;#`Yyu3rd@MtAq!+o^VI8yAOfaFI4Ytcn zI`R@IP*&NjVXD5t#dmMDTYv5-IG+TQT?s{!WHhAUR?%G)v#Kva>j6!1^c=pn?+Lw9 z7Nyi-g1|N@T@#%Aa)LaTjAd63WIlyW1Z#W>geJ`5gC#8uXPeV^*$JY69bK{Q(b5}| zd>_HmCU&oT3^1&Be#L9DL(Eq^9}EZ1+j->-nEDDkXISlfZI_>$E)}!A12nD6dCix1 zIOJ-9zNt9)@^uwS2ls=uO;{+GHFf`#{x-% z2hzm56uHsfz^;^ku{hi1!S7WhvGYiyPyIa+$#_M0tTu32fA;WpUNmR_I;8x0h7Jz1 z_6)RnA!ofd5VT$WA-YHb}c9hKPt}C}zMTq_1I%<VRj9Q5tixsRzH(OUH70mOntw5cSmF#NatxE+7lrii2SIrN=obkS-|Eg4&r?Jt?(P!y7(S@$z&7!{(Nm?>b z@J?pIs};83YwaY{lPg?PB5&`(yHiaA-un<&UrY<3S*yT>zj@LM&)E^SG-9>|V*xN3 z$7y}&`^EbPr?(e%{N8=qI(8!Rj)9P{E0RGjsj(C@xyg%@jN>iPl$_gBz1WAb@mw}A zi1ev+HEtEn&ZO5kSEwxaqEhVyT=L~tAi@jWw?&5Z*ZUhy&eSFNuiN-_hJDphe_RvB zGNX~JM~*K_1sfJ5q%y9HWe(Eg%Hx9CCA%!!m%M=Q$R41XkW&hF-~lOPcYPc^K=It* zuL*2AN~Se|-WfyA6-u$4$oy;xZWOW)j13Dee1zx3epSY^cO6??e(C^TN(5DpnQD*p zqjt@700!r;5AWrS2v&IJIGpS}#vodc%dRIk;gcgLCXQh%u63FZiNh2N`+0jjmlEuN zYB$o`2R8W~kboFCUJw?oBecr--;zcYtA6FSD~{0Rf1u3yIjDB|BOKUvS{vNUM|Np& z#szWfxCLi1$0Q?K^hLN_O&ilRw(wuUlIv*tBxwU<^;ef(Aj`lj2<8;bLpeQx5J|F? zZS&BoW*g^YXnc(!@0Mk0gVHl6TM2Wm^0^FF_7;JZoP6IC9kpzVXtNjuvN&aOH;bJV z)^b3{*UpuB z5EAHa&q!XO{*V^Xo@%UWSE(+?K<)zvs6C$=EY($TDnPfVfW!Ier}ozjZNhWh@Uz!y z%4@|c2UGrdMQg|0hnkb_@X7CHl`o?0yQK@(QKuXlQdc4F;s57Q6)&rb)3A!Sct)(#B`r<>x$+R}MT$(eyxESFhlt3d|Ue z6GEdG*pi=|RoP+EqE{#5r`^I>N6Xnpd)nwUicBTS>Rv^#95Je^{Y~UgGl$;=$Q<;f z(@QM{3ExtV1(s#n&^W>OWQ3YF%?LpkxJ2tOFdvN=LzzLk$Tw;F3*kzjlor@8hcZTFY37qKeO$qfQ0-J5|FQ3SF(z@tlGjFSWG?I=NhjpkPd4xCl z#op}6zIwox`(pOTSVh?-*Sg(b$cQE0v3`j_eeDAfE#7?P!U^wh5ISALmiP@ z>>N6^Z3bsz6%GJ0q?&*a+>W}~;^xO6nxR&B3b-!rT@VIellB-;J=?YoR@@>yY<1r!b<`JhhAq4Ql4^qZvj2ACwQtAA;3 z=P2Fm7ws0~9UA0~>sLWFbu_O9>@gh~1Nr*m^yTH06)l=#D-;^z#2Y!y=qJ12`^Zbh zZDR_brMRs{g`K+?v0c+r0?hEwMUUPY#5<=5tCXg#y?v=nSUWyJ9GBrd;he+Y9s}y? zdZauY)0=mri|d!aS~$407RuEz-zkH(D`1dXBojJg6f};j@d?JgKGM8Jz-OpTxpGde z8?A>Z(}mSa0vcHM+18+$vyx%2D{LUwboLh&60W!lg!Q`_n*u{{k!C; zl7pN5*{-g02s%EyJGq7!MDKv!ahy=e1Sy_mSH#<(TMLWJugp^QI-EGSv`WwPuc>nF z)2HJ7vyhR%(aHed{+|;xUv)Sd{^{k5yx1Zp{)B(Nxln_`T0WT#Dq5n5jFnx1NGWdN zs&S3`c9_xL%7a~o=aIXvq=sd-tO^aTI|VN+2-Y01!&)s3Hjcvxy+|FH^U0gJKcj8!HN5Kl! z3}cd9uJWnKfe8OC@e259Mk;XA^WBopf^syN^&qbIK(0sgq_NnSlwopOshTyHrJgIo zmWr%wvf{h6lU$Y{z9KKiWr`A%Cz<7uuy>(!;*>U8|=Vb{Nk z_e}b*I7JlT=`hh1$-|jF)ER8ANCZ1jku^^}#RjgyfI(PK%)d4UT{$WIk&*Vm+lBbi z&n~6R`K)n!enos~M z?3Ito6u&L;VL=Or|2*P!N=q~0bN){xr%dIvFlL5|wt#rz`$|w4neNS?h&B9Ao-4Vh zYj5=HNMNyV!Xh~5JdhilGfv7}J~~1QBF34DEHt;M?$!duFkOTpLmK#gOt64Uf)RBw z9;r8Jwvu?J-hpAIF}&A3_E+{|@zy7!qXJaLShaHRu%72D3fB%Y*&ovbl^V3|n!2>* zK))0w5azN+Tz#Enl`11y+qz=jq3zi=BJ@4oiUL<)zO#-%&Z~} zLnX})Ln~*oQTr!2>o$pIaS%N15^$nMl`R_BCv(F<5y1$LH>jX8Qw=)@jFtT5%FyKz zNhRGpFZ)=J5|6A66E&q80vtNGxj{XNY?Cax8n#(2b}l9p*na_d_LD&EtTB$=f?#G6 z@at`B={OL@5I@Ssl2^}$QHaIm@Qg9y-2B&IdyW<7#j%=SF(Us_%A1zYzBIP@;bg@1 zO%@d3p&}++&?EH0?nUoDMx{pqjYgS&an%;AR{Cuj9mWAG(IwLkCv&!?(P*WS81ZmNg@pKrdFw9<+nkLt_sC6X@u-B&oeYz zarQzkVq{S5Ra2+U3ur6#DkgLaSw27!wLJdMt|-PKv@`l|nSRYf)|jU8-?NY=bIRUt zLrkKh1Ngmu6Ee%4tH}thYRR7K+c{lJC9#9J&m=0-6d__TN!rGm zowvAF#AjR|X&;V2G#J5N6nLaa#HXj&x~D?mP#XC}HnUXGD7>f5ww@JDa)tCYEJ9|| z=PLlO&p&(__qcOuU6bmh1&(gMlG#bSrYMMcSBCKKt>@XKq z{P%h4t02rh5>}2Jq}Iq!DQ(oAzK#B`yy}RT316nzEEEOUva11 z5T4FCYl7V*-CEoun&Ayy^G<^eK~@eD<84Y?eAV{fHg^CGCoQ-g%kU6GIYmj4H6k=L z83Cn)P^1QD$qL}a@*x3dY&hFJ2mznFHlm)@>aKGB#nB5lx|LwYp#+j;x-*TO#!B1f zsBoTAK@4QZeYRq^fm{WXx@K)y$U?OyLi%3ynNjk8F+HKZuQT8Lx_p;DGGdCMcsji@ z8*&aTZ|S{FcV#3jaH4NM>t5aNVK9v4_)0j7fV!p>3|?N!KeJ5{b=*iy?{u? zdf$I5zF!(`o%Ny_Wc~xwdx79(WTKJz98vR(h^PC^I<3Km@t<;caocrjg*WI)z3=>O zj*{{6rA2jX^D5k0?(}*>@Qn=@3cJe?_r`w$hto=}GVy83$y4mIk{i4XegNBvw&-m^ zfPusyKq8S=b$F#V95holOKT+d!;PYXhZ>s7zlDn`D(R(MF zGF~mWhv&0esO`3C@5-qF@1!sO`*QdFmXGft`%d}28Z+d6LsW|x_D zQmS?Dt<+H2YiUL;u5TExe-pOB#loisxJ$sqs?KaC!g;f|G`Pp@L+1TIXZvA?^dePj z4Cv^a=_NWz_xm&efbDy@Fayj%H65cF!vg~h!?oH}wCL&#jSEcbd4bCE&19D*?f871 zQkPn~Wp4g;a8yXv=+FbgTh`7aNLh&rYTqZq8If%It0})rV<`P8(XSpBKo;opN9MaoUw2D+X&Lp&}UC9bdp)nIh zpHTRuybKMBA^63Rmm&>FP#zEl@X?LWf3sH?joMWDP=N;d)i@>t&*dhEyV!OCYlW`o2+{=4JBECb6^8Bsi@Ag*#dV{~{51@+ zhOw5m`kdG@tT7_L>122je4>0@7;pgiw5KHJbwjwpUoK0t`)Ad0E4Q>fxJ(DFJ=QXC z_YW@y)8*)b{qi$Zb>Cv>1dK`Dby7W9q?6g_n9$PTK0|W5dec9eCpxr!P$cKSy^>Pk zDrIu9i6;e><2PzBcu!#p{_Pw~IVWgjoT3s-oK=&7F8E&6weliCl*$RIZ_NJ3(XMZ! z=OS>-Xui5sbqA7AwgDV*C5dQkOu{j9|1yxBNCF&m2L+F(#zb5aU})}R6vziBTNJBj zxt0>lNoG>5BCqz*%)t1Wt{I^i@MM#o-%sjlX)l;OEiZ`&L5r&MUNG!7U}4Spb6rI(iy( zt&GC~1F+EnHYgdEK{*qYhI=MDeF$m1#_5TN;Q?uro-s+gxv%|rh8Lz;K6RU)c$*Pq z`4j)bWMX0_*`w(*4Oj`|Ifgh8w%M#BaQN z=3S)`ZI0dpu*;9(yR|MNBB#j1P+3lJ>Hs;k@eJR{KNWE@LNDyNx=g*6G*&}9d`v5s zejt_1)8=JCiW)Wsce-=)O&(rXQ8s7z*$KlAPFYlHVfj#DK6)^}ASMgHanti19q;?r zdvwS;Ewj5?Gy0Nj8$(qGyfgUu-mfY^4jhD_7EqoTyQD8(sI#V2L+W)jZ_HhpZ`=|g z0LxI3XXckffIr_~sdPAb)m6HN+nIs6R7^b|O3;)MMF#Yen&v-}TRs*DZB`qJ(zl@0*;@B4^O{b)X?wcP^Kz|>dl64= zZphxw^vC^{T)1=K>filz=I-<&9+%jqj_%>{;=Fsyh0(g)nL}7FaA@VAFL*T551#vG z`!InKCO7A7d0}pSc5#W3FT54%R<8I7Ds^iila|uKStvzs^8GU^NCLw!9D@Wh>*cu_ zl7rm6s@*72%153ioSRsv3TEUGQ})U_1qJUM;~~~#xkHcH4t!Z!pFZ2N5B7GZKjnAN z3!gWhw|f+iOKkh^fb+I56$sIp^>}_>{2+S1fUuZ7>NpX%xHYwUD@mw!D zgoRU%tEGTZlHr=gP}Ve>nZf2zPuJ(dgPtCTw~b7XPFF=j{A7}q z5~vVnWy0DPuqEPHMa+f3CPz|Cjlpb$*$@No5caaqk_t4iv0ZHz z+O^h=))uuDS}r%|$YHK1?rC7#0lT`SILG-%7J~+74`|Hs0O2`HHkFlEyE#Z{+QOt3nWcH)7dJJ?403~D z$jj+uX%idkk0Y&7lfYVw5-1ifDpPdQS3!L*?IF9>Otu6qiS{6?urQ1pz+ne1%Wbc^uMrCfGiiJ$un(Z3iXd1 z3W3^A3stbI+09yQlsG%Zbco4NIGhbuyp}Y>WVHR}m%sWqRy?ianH93PGpGJ%ddr!M zh#tjd#;ow&jhcrA|A3+XpVaV-SeVBN@hdt4GuAxlYg`J>-(%L%J-utJ{AHi(yJF9c z8{Ca#h1+w(khHW!Sqp)#FalwryHsjJ`$);9P71^Y#wy=zB#qf@YPji3Ug;{oW+ysF zioKob&+CKC9K~M50}ruT$yO4xu`dVYDA+<-Wsz2*pu>-)RR8h?1zDJj^?9R@atY@< z6mKyJ&aoa^oL$A9+-xo|=eq&Ns8)Qan54nfJL*VgpI$8C8-fW0pRf~e97Os)2 z=AA~jf~8p~cGa_Ob8QbNqgBuCDCO9(w=@0Gy!6ab>_t3|84{sNjzk;C8SRd2QaA8~ zy3)$AK8Nu73ho-S>IEJ`svTQF7yBIF?38cSGrHCEC-UKCE+Tpqk58^v;KvsFNGlKsG9*jXay}&B8v1mg#WowYk*+$KzEmY5Cd7-i14ky?oo!pTeuj z9K~M5qaSK_rGW)}BM{QRfrqRT{Me?8PQgMI%sLJk+S%vCB+XYngG0$_U~gyo!*|7* zi-;b@BOij-P`(CHiOOoxOGY461ye;at>tER%psK3)vKOFpJnEBvbQt+fqR6~qj*e1 z0!!8wrA6HprbmPsT;uzjm)CnLDKS03FTUA+V>DdtuB;|Kd)G>T$R5$mQS3$BHNI)F zIgIcaJ+yZL*%JIrt6ea-RtEk)-@-S{X4CoQ_{e-=C!^hFs~>AwX(?`Ee~wFf_V%75 z^HuG0jm$+vkK(b&A(FY&RGr7=%^9FY1B{mWt{PkL*5_6|0u^cX$vnTv=X#r>wIbmbvD zd(32bNK?vkn0RPd5*k7oZ@PN=fC1N4rEq6d&^FLbRPT6QS3$Rvy_-s zPhdHD!Lz3FUroed8_|mj#u<_vS7Q9;A0^j+d_0o+m0y$Kb1#LD!8y4c)EFlyEBWhq zh)4hJOD}IAP4UtPZ$iYLy~9s`VxFALMZ^h3(OQ@jdMF>MOwT4&z2#0`uX;`gm+yW} zf(eWV45z60tzrWv$H<8Ijef`YO?&Y(r*VplSMZ-cmn7LPB1QaI9L19-;yx(kspR#7 z9-pN7vPS;?Hzx2@uSRQrD{3u1Oby@1z(*5EBOD83VTt=MOn?1KvTdBV{z!s>jzC8_ z;6N?(^l$u~S@@oS%5m7>*Kan)o#*i3cfIuYKkL2mAN{Mvp?da?LQcrx*ymcAi-=>6 zV%1>it$GqCD@ldvs=o+XsTwUm@BN2~nW|Vui{CZSxk$gXt}Ox|g(nbB2dIa5!Lz2H zy@*FI3Wq=clQ3r!IXHcNw$VWxhfO!8MWaKpUcche^(4pB8z@S==sD{je&Aq2FL>Ui3+Lc92>cle9cn&KH&m(e_t2hF$XY4R$cF})4`FL ze(O(K4&VJ9umk1Fs8!I~cE!`nLh2`;@+vit5E8Ka?pPlgWHa&X=@^#>xO^2=gV9h% zdhM%bAABU1$Lns`LPgZV5r`j4S-^0RLW=BvhQ`9$O>x=ob41dgZhfwoxrjKODE3Fy zp(Ir^u9fe9Fu~mEfqE0DZ6$mUfe*jJWQ4rJcqG{T`8%gqGyH#_OW-fCH;1sn#VfvP z_^c;@)p+5(>vxQVt}6+OLMD?ty4Wt|(U^ucXlm3%uENz+$8id}VLJuu3YAl^M8-yE zVd{Q57IBKn7*9Se77mAa%`2Yw$gh2R)!W~vhp^9{Ge_|>intKZta=6~H>nCV&wF2= zn6aAYb)L=JjW&FEB+W-%iijf*%@D%?(;=R9+Y~_}>^F_lEfR190=;vU}0Jv;zxax`Y*(Gxkaq3a*b5KbNwPzte{||t% zG6VI`Dd^%L)CO6iD}z9YDtuhL?2)dNCe?WRd%{0l$N&D5pH&ErgHZ5eUF*oIAl=H< zKVzhkImU`sWsXn78d{j4ZZH{%xK~r4&^fqq%2vUm&=GVkY@}+T)cPx-rl~6EhGHWK z@FQ=0-VeU#)2rV8)1ISsco}nV*L*-P+Y4(SUiH-a?4CJ_%NDU}R=w0Cma)I;8SKbp zcwj?)L`cWh*ZH`N9amchB6NAq^7Cd z5erjzv-@L>$^kkx#LaVHhAN5qR*7i1k1JgYZLdjX1!_ zv+``vK3nFI(@PYjUJ9Wlgs}ovv2pDt?wY!G0`TNP|20P{~AA$N}E$QKk$ zGmaBc!8nt)tr5#yLjLnTDTDqeas+ayA3{gn$NA6NFSe8hSP*jRCqea?$nHS!B zDHzOJ1uHbUOsOnUsYdLX>zt`qV^KG#s2%SBulUaJ6Yq}rh&$UhvF|_na}JAScjBA#x~zMmRLP#0;y3c^Q1=XWp%by1K-1$37)))Iu{y; z0jffDWMTiJ>Hu>Js${83Cb6oQau{VYVBo`4(R2#0;VZ(8SQX?rPE-2Fl6Qk-s;T-X z4JxQ@PLCFzT_b@~rlV-p--SM_f$+vzF!HYej{*OgEuy$+XP@JhIf`=;v0oJX9BkhC zKw<)w&+2uc*su^5B4pqh3=B$7P#pOv8%ziIym0zhj6W@}$Km+eAMZxy(;@ni)j~+< zU-CxaSkHf!#Q-+Y$vFIs)|Flct%7B)n9(7sR>>rZC`ognUXuaV8_|nca{jOSU&0T3 zPecp(6qRxWl24}>R8Rqo92V+UE;U~plQHc;#?FP9juB1}jxi0QB$HQ{I!M8BN_gJ( zW%6;cFl!Y|w5G>1jx*IVS@p-?XN3^%M%n|rb$l_9ItcrmjLb#E0*d<(k*8aqn@U>k za`U|}PvjVwZ)T&l-Rxj>t4W}*r#u^$RC$yDvmx$orhgc1w~$P3%jLv>&Un%UNG(`j z@&0JMruI;s5~<%}^K-A~*gA(=r{pGMTKrm@*{)G7D43~gVj&qTTMpww6pS)djiBgO zB)k=!UZp&hxsvN&6-7~yb=F!K=c-qR@laktz+5pwnC4NTgHS=5%Kag7PSY&Yak5rE zS33(i;Q8C+bzncH|X)y2+m+(BHkqHa}4>NztqkeJNr1WZH>ElbEmHOlGh4-wB zUN)(7p^Nau<&1h=PVi)m-+Ut8e9~9#eAUi{4X;yBU6et{m@3EyMm-KoF>c`m9)}3a0v{ju#coFddmNoN=h0z@w8xK5_DWJ$1+7PO{GmG8YjGC>{k7 zd7xi^5_Z)y+;=|m;0^`ddhGVKkw6;5t*DeD8bklcA#V;m1cp+DMV<0bLFL^(T)%UK zw|`wsE$C%1o}p6AYWO2eDtVkku|6|KUgOIy%q~Xw50Axf`+8yv={%p3L$T7C)G&Nd z;c*a(VOrQuoo7Y+9JNkWLBdlv(xA%20P7pF1nR{%2&MW|uALbHjBQ6?(OMX#CQ5}s z6Umqr?Y?;Z>Q$tEo zr>LVs$993GKAUATgKe0|3Ba^t$ld6zxFwenTrTTalJmvv-rIK^nt&~u6m`1oOl0^ zu>MvB-7cthsJqJwkH=n7BUUij$QwL+x=t6L&X5NfSkcHc;@Ns8ihTHWF@}ntT^QeV zHSgD|pa)Z9;GyuO<7^<~j|05pSHd^HDjJ*a@qiWqIV`!VgyB*N6bLI}FW;dc>o|{i z$FdPgsSB*Fh2aQ+caVD+-V;@Bqxu~G95RGgR=wUn$2CN8ZTKk9+)owvH4Pez%3_9_ zM$xQ#A*&7DVr-z&IIdh&!Hbb^EPMh*e%Q0Y{kN^tzpTMVF3*ymjF**mCsMZkAj(EI zRz8qnEW@%i-LR%>xI6scik&Qcs;GoRx;XF=_)>r8KM()u-;3OQ+%)J-S+@!nS~!7> z94dj?b_Lru8&+3G|E4CId6u(N6>vKAD$PlgrZw3A_TgE(O?Zd|0tM?yR^*;1D zHu=Kgqg4mt@1^(EJSrQ6HzOjy^u?-IvBJFVD`6FG2UTp-f6I`Yn)As&2h_<`3& zWGtvra~k}tE1irgm^+UP8DUdFZ6vvJm?Q2ij53^^l0X?e^rGluIKCs=`(7p4sz0qh zhmu2v@V^0T^9x$I?a!of)f>|1IOVy+N6SVapCD0`<1+b`)k6_}-)31Ne>}TH? zw|{QBnqyY&__eA@+xW&pQH1+TgTRC5$$j6$Uwvozu{T9UA@@t2fD|RLP(;10A4W@{ zS{Q5F-Qmcyk#rUdJ%o2f)m-I+&9VM+ocbIpgx0>?m><9S=N{-D@0mPt`P%2n31X2c zW@&@C#zu*!E4=Lg`SeYVbYJjjVdS9yuho6I6%mI^6Vb)4a^r50D}_&H@ZnHdh*k^O}7TKz!e*wSjCTnn_1`xnF{JGq=LLmwB{3R&_eRYM~5DUemCZv zRodZB}?sm6A+25~7PAT5Hnb_t`m zu~^7Fs#n`;)+h!gMF^Z&jbaWe9qdGeeSCo|)} zcJACKPQ;GAcf{GhMMvv5D)j?+k#_rP7w5G8JW=o8smlx3$?TYJy+sZcxr+BklHCM5 z=fC?q>sNDnETvcf+0jINiuGs$Sy4)QoSv2vT`TEH_UZM;;aK-dG4S57tO|M_5VpW)d}xBSr1NaN7Y4sf!n+&wg1p zgoxH3M6J~2){&mNvy>lPC$lkC&0dLyVi}bbN72ZpNlAf4G@xI9?)qzvXyG*X(4#TY z(>?v4%KOZwf8M&$_5A0MxU`~zEyJRLqQBu>yWM9haxI3H$^f%7SXf?dOCU4~;z&WB z(o?I_C^STYJ+7qz^Ozjr5bSC2W(ScRfnFGlZBgJbgx6x}TnT|%8q#x~v1dFyv;nHB zdj@6*`b0lmfThf0>IY6><8f7~&;y(UhkT(xXhg)=CTUG6zf<~H%Zq*{$-$@XG_OA1 z#VgV0IOzaFlODgbn3t^cwre+Au+>=D#8SMIrm__dEUr!C7rtu!WQKai(;pG;-b|Eui20@hYErWFz~EIQ)>-VSl@fcPtWgj(luAmnS{H6A2>gUbw80_t zLc_60W#JeXB;?*6aOXx@A+XH2Lrf>Dq-V6HPI5|f?i@X!Jt-Jvwy>g+Lypa-o#3eb zzVt_353f%vi-J(8i}L@H)>pcoW1kfW6tuQ(4Z5+=G&DnKD~c;BOv4eHkRsG}wuvUf{yq$ZfUr1Dnk5jRr`=;#4vuE@B}R#Bq!&Y21pXOvEjO{WB1XhpI+ydMHlYjH$IQaA5j$3r#`g)#4WmhgTCcey@-p=LLl5VM#P@Ovlwfug49w_ zZ(3-;!~PP=c5EQjavTM_Gy1?jdo5q=V4rL~nrH$`G0}B;+O?7fM0eV=pg1Y*YZ+P1 z+%b!%j~+{e9C%+e+x;?wn?8{;fjk~~ENfes@vz6_S{OEE;HqpClm>Iv)MP9yY7s|* zUjPMBp9|EGC=Io+%Ib@MT(G1$H+Cu*HSJ*)J{A%zL~phg*cOjur7{}Mt*Zy#5LrGE zo`ol$QzCSpldH*5{N{7cQCZT5e|!D0YxLQ_rZ@azFXBS75D2yYy!^jn@M~v!q!;n5 zYqz&Pf%%WPle7gpNB*6?rf_$aeoXa!9;PI_- zYpS4eYf{t}q9EW3fPp|i2!b&wm(-x{zbLpv^urbwo2;fnU?TW&hepAyZgV5!MRqK* zEE-b?CR{t{dbR3|=SLv&mYIb~`zwUc|E#CG|E4je_Q958gz$OtxbXh+P1Rpv0me_F`;~lS&{I4$)P>{uEr z9>`S6bf8gVp~?h8W1%r@s^HW@-8{^l!O4YDP$1;43h62rR*iz0bd^bI8n6)YJsP_d zcwBr6=Q7QaH@6iV4Q9UR6O{UcKBA&UtXq~KPvoy+7TP>_u7wp2BSeS?_1`-kuSwU>9 zr67beEAlKZb0kI|@%*QIpTr2+Kbyys%9w#iJ#3<(!`uA{4d~*>biBkFKh3;g3sd3H z5NH%k#L?K)@Goco7}utK{x%weK$HOmK|ph|a24|KZ)v(sK|$6|ei}+QzX@#cGE$Mh3Fy#9}WySH$jSq6mD^dg?QObKi^jDiATDFnij4eXMF zN+KoIOdx`KQpvfRB5+8ormOg>J}VoLR#cRs6s%xcP@0ovZ8-5M$QngtEu_mI|7`j&w|N$L76`qv-d z`hMQNl|WpD1GdkNLVgrQ^V6uvvM4V}S*$Ea^A7<(nX)7c@4rXi_pR&y#~<_-&L`bK zI886&DUR>^=2y)@!>S3?QHZ*zHWj>CP$Kfhrj%SmK{UA5RN+D=fP(lRU@IZEa22Av z9>D(TYLOBHVaZ#0Rw{nV8Kro{fDq3b_!SgqyscL#vW(c}S9~!|9(Z-6hO%**y|a=R zTU;MhRKc*4f)USs&8M$>njcN*!;dhB4?U>Kl}A!ZZGIYN&honesC=ZPD&ci23I;FF zu?_O-A#o}e%EAs@@?3hs-&y~?KkO}>Lpp|VnqI`y7yNiV`OWJ|SRay~y{;%10_lvwCnR_lefEs1|G)Erh&(v}{Lskdm39O$ zn-q#7+vWnLfMPIUx1RlE|I?4b%TU0V-b(3COT&`Ov*sfREU7FgE11JHrwkSnCArY4 zxm%ooTi|${b-gmDC94AAG`)zYCXmd{TLj|Qtf|nAf|@o8_AjZp#+SP)h|Wi!9-R36xK?hspWpKW>g?ONR)kt=SQml?$t!)Wt0bS!>F@yWF* z(#)Y>($J-Q&eKobAN;~Q!_AYcrZ}P?8bw`lC@B8r8OxevTsWHIq_z;nai}QhM_;`D z8y|S2>*YD|Svd%&=|w#0Ny5-|*e(2YJ&VeUN>Q*7-ZIVpr6vE=k%`$*B!G}h)ilbQ zLo_Z9Xk@d9YYw@qg5XJteU=t2So7!7&+q@LrZuV+oGzelHOjh)S6xe;m)M#J@4s!) z(4#1&yU)|>UmN`LuZHy{rsUFLxv5|rHwxyIpwUU675sUw@E*)NqCRyD;01WLOo`TaEW#>)(}%1VwXvK9TnOM=?Gj3||cQ4k^) zROXcCHH5$~O}U1D+?%3F%AlgpNlaBm!y!2~-3+^4oKq2}>j4}gQ}&d)-1S)c9GsHW zt&)Hme!2r}2bu~gP%YDxRlF}uG$rCCAWT{`k`QP z*pp9C%!03ug+q6is~-L}t?gzqx+!=?Z81!XVIpE#a>-GO%~@-K5Msf?fk)?q=KNA> z@To&?=M+yG|A1dcamoqB33N#30wL-Y9~BdrLP2ApQ4s!#iv~i}*lNZW`D+0nR46C%o$YfX z^Uzx~Sw=y%ML`rx+C}rRVgiej!2^VuSP0T48CzHhhXa>;`u>;s|ME&$cZE)JDqUsdXN2!ZS-L6!n)MH(b zrO%8h_4Xr)R@0JJ>WN(4DC!#JW~pvT*+5;WlDJe-G&Yr0inF4>n-$G!J-j2uZNRHq zrED7cmLp}!n1MsQt$;1Xw|M6>R*)^Ms1Pi%8ZUcoKp9a=8U#-G9GndNxMb{KQY%Pp z1tT;P9?M1;Mq#Lna1w=pFz~xxrIR10>jCT%C@BBGr}&)DsH1c%EDzcF$~L5*2PUPYslh8c}q@*MiR zU+!Ov=&@V$|NfUoMBt}{IwjgsLtr6|fiy(HvZOF($#TJrNi*8zQl|t^qm)WbBaa?0 z>DGh~Lcziaic1PgGcL?$$^|FX3W|SI4%tG@10IjaA5j1c2VvJsd*agpgbj7Sul2L` z`07%}tI}tYaTVoyZoN4c6+NGON6mCqT6Qpu{m%gvD6>uHfyJ01*v>_Ps@=OHVYQy7bX!dNW+O)~MU z3Qz+xT*4M6Odw7UMzl5}&t=kzvOyFVfaP0|vg& zv9oLlmAZJ)SC^(ojCoprP^sT0`oFqZpFVv~fAVUcy}jTmk>dy0{h1uiolhV{K{r#% zD*Eg#`e+`_+&Q#R>aZuj?iVFTKMQR|SwXhN{ks+oUHX#q^bg+} z{K^|cQB&7FR5CC0S+GgCByAK-M8Q}TWX7@(hT)?wpe98TO^N`$;4Aw!KKc4hhOj8n zyT*l?bdt)o%wbzWsl!+q4#z`Mj^7hF$1EGd!^bGt%X1TO9z+739=ZJ-N&7ot_$ff`8&B1$qCakX&1<}lbdP#XM3QCC^1>;&l zG73iUEae(Eio!5TDHx&zPV0rta+Md91I2=AEGr%i*P5z|$A)XG6?nd05q0pp;7Bmoiidw96?G=eRBA;p1eRg5qDCa2p8|F6h=Dk*dP66V7Y#hl9mG;L{#w z>37_a9|}k7E7PM&U2LD!{z`H;QM~-s=`*ib)6GcYVbke)NPXs&2mfAVz~h)2AIpYA zb6AmUQCgC%xD6KvHVrKL^1%PpEt*g?$MHOLzuv@nN}wr5!9v;qwPN!CZC+7UvV|rf zt(33$y(PNq9An037UVc=AsSFK%PB1=6%Lbz#;Jm+CrQmAI-JBztUusB{UNQ5x_)eZ zTCtXX$4tsma~sk5r4O~wk}^8RYpA*&{29-~KcdMM`BYP;X+Bn(6`|%!C z5#2MUbDlrFXzU$(OlCYL2ES=tHVR6qV4FZ#6ucF}Hc*Y@S_;O@=HUp@_q{0yV~VE2 zHH|otk8m#GZzqO5Q%fV1<5A3=3_bEktYCl=1T)Vs2>c~J;WLrtLzoavW*X;c=|k<) zhl;A}5v*`N^!N29fh4+6t6{tm2yI1$X8iatjM2=Y-EervkVftiHut31^Q-r~9=F+~ zj{Pg8u7tpfYyRQIYHNtuFsY@OTXhyqM>Oiby@2x(zqxGE}7%z;Er7CWP$oDD4s=` z7&EjfEf;(_m*szX7fky)uJ44jI%cx=F>n{Xa z&IDIcPEkf134P>xv~5(s^n<#lPRrg_G=r%c2$?T-u`Jj&qhM|b6a}GLoYTmoYhleH zw2l&%@>a6tURj}VVJ`guRMa@rlp0Yfi;F*!B^uJeTi{*JNR|zu*3VVy_og3}y4>{& z^jTD}&AI!Y;8~Pa3m?X4=R2;NUHj}s8xM|`_q{+TP|!fAoAsO$Xb?hOa$O05xvs%r ziOTvqE#D3tDiZz*N5+odzR}CRCbAr|y?`&vX;9I)q#>Yk$oJ@PyZ*J9(wzSI3$=*e zKt@%yp061d?rXy?84|35e+8wYU?%>d6IN2Og7`SeWO&34U^eu)c5V6>9}d3r8^gNi zV=rT$)yc9Ulzf!vZxj8|uHR{WWyg`vPrcmvZJ$2QQb0XqhBhTDGnfS>_2i#!6ttRl z)k3JKKNf%o5Q3bF3Cu*n82l9c{RB0P)cg>!bVajtZ~6X+>9VCa@Rk#~+#9SKY8Dii zz(RBzD*CEB{V1hB0f%Kx-6r=k9uI#qJe`H*R{t=JIO7J)!x2RR8ga^(qEC!1N_hOX z#Sl(;?G-#_=>S5l->B3N$**VUSGzmc``4$>{&~(Y01ug_4VXdn#h8WoL=i3IX2zMS zX;b5$v9J`kM8RB2CV-_PP=Zp_-Nd3G3Z&V{SUq6#WS1WJp=fhws^nhw=DpArilrE* zk;irh9`~?*-hcB4>4BGqIDa%Y=WD*UkjqgQREWeG2rOy^6Hzc01yRRYs58=VF{EgN z;vDx6VBv)|@`rp5ZA0+rB94Z0ei}n}ArJXXr2_~Nt>0%FN?mS_^wjk^RANozS+7-H z4}QM6|G$cq#VR=CfH!(qo0DH>yd#DG}{WC#nE&nOtz3erUCD6J* zuMY7AB*r>;ATwi$je?mJCK((GfyoX9O&dL9V3U+woBRQdtxy$RzX2^x`^+&NL)fR! zX^C#O>V@aQZ-}=1aG3&{Y5{C4MYfCu2Ba{lAkU(EhETyL3XgmHszH~U`$Au(c^GC5 zN-Cm|{R1{7rBcVzm2{GnF-=PC9B5RR}GFL zC<-R-3W_g#cktk=LYx2yOPg{{MIjc7f~k}wRBWF1Wr4x^^NBcL$|3<9+;UFx_p z_USSmL#Wh6`Hx=`Ugz)ZdNukiHuK#pzJD!pZC_iIYKkpNDhe&yQ1rQ!zDN;H7&?>` z^S^IbdHB1bU^5xj*g#EPHEqqP7zjg|KAWXBg}B|LH~&%aGta9nEY0ORf-}L@PID1p zhOP#>z8w7E*Xt@u%349x@CF}I02QQ3jD<$QoFe&%_Cx>+GjeV2Gw>KWCl9HTTa_(q z(ST>TSJOW*%f!M&I>9NG%)JmSA=6L)Zt#B3x<^HsPcH3Y)Kj2lw|QAbRm zLVN6ya((3<>H(dO*X(SjGYA_3kxN}KLZ6eAw>%|MHg9u^H+WJd4Q1cAO5QNB8Qr7l zTAwk&I*eNx z`7Wb1c3Cy>!w_m3*!)#Zpx}pK4DipC*vMB1Inpo+BB(v-5XJW>aQGI&T7!KvyIh3h zTgXIeYXy5#V_q<qyvRS^woAucv z-9UI$1+~7?$vFEQC%LBKy!(9Ty4a>05>SJOid;>FMV{u(7dt7AC7Qm3{4ZkXr4!HL zd%j6)OIqz6T5oj%k=-22&RaaFATbHw5~GE$O0f_pC`FEBAKL6JZ>5x_7W;5U}t2o|bgKvlG&1L$Bw{Q~Ec>lg)9GjZCXAPTlr&AWdo5M}_WVk&SEOq!ls$vFdy&xwi|hl6XMNVqH4 z;@YulcrsIp4Mh+h4h)W6y!$Etk$?jVHAcs znZLWO_J?*$|UJ}kf%3J7dO30G%&4R!Bd>P*<`UJ)65&LwPVN9O=%s$&W_vRMoV!4l;K zMnSGi8rpO6QWDbppfG`yTS;UO} zs}*e8Xn^)GCD$h3Bg>*Og|4+7LUgiX3?3YH(gu98GQW-C2*I!JR@W2nv+#V)AAjzc zJ-qih!kRJ9;8(R2)Zzi8&{R~sZ=%Kv4HC?^=0sy*0VylqCExIodRufldH0W)+)P2Tsh&kSJ82=F0JI~&qjj?=|WZxDH1 zPrT2n=fP*`)a(*%2uVnwrXdFl;0Nb4*QwBn%{>Nt*j7qrGAac^O+$;n{jE;~KXhN% z_52QlQ3||(q#LAXYF@$Tsto; zj?_<_@x1baaxh==G%dLv;4$!xh`=wNDwx+IYJqU&Sf9`|$a3dlSTS#Y?O z%H3~Hc&MMfMt}arXrIe5p3Mc>ZAEYpeRc=*8BHe;K29{~dg6UnJzEr{2EsOn(gp_D zF|(@n0F6YXM9m7y?hgw~c!_T{owMmi+4bBG9cA1vn-#F6t;O|b)~F2<03#L=<7R?W z1zAK`sD;CV9L1OT4*5ms=Uq>7w}3Q$UMLu?RUZL?M!^K;Zy7`|ilXe(CvqWiF4SpphcmX1!1#;=Q-i^IU%;p$|VA%{=#A2NuQK zkBkOf`phMrK=>#gqG>60S?eoZFG8P{%+x$Bd&9I{H6JVCO*3z~_{R#C+(_hP7%-{$ zbdiw-!O6gKU>$8Bs=GA+T9~6{rmG429zK@vPh2+&+De3w6<`I?7XQ$gcESa#Q80>O zL9Qqm$gkhF<~?XNhXsRbm|Xz{Z8k40m>HgzD2N)fi{YQKu%+PGQ$gUvzbS!3XTO2% zGuE+NH{SA!h&;3H)g1q9Br*>6dk3 zBxD7+mTMzvn1VI&J@Vb!!ocowf_nwp6~G>BXDTZx1B3!Rj-`YaCOBC;U+R$6zQ#d>6 z07A*fh`y5O6KE-QxeeP+_BvaeJ{<--j@|fYb{tIuv)45WqGVxc@QZVnU}D+;0DDkL zQARP?C}|_3WEjBEz@{}RVL8j7EJZV2cjQc3x4Ds#huxNH0#QQ6Pp?@-{7jzgzf z$gqbtJG8i97MKno#9cx-A=Ag)vx@g%Vs35qNsC!5oH^55J^XV} zPzY2~bgP(`r>sBfiY$wYYSThKMUw*vEeeKoJ)*JePjAt7dT#mHI`8EeSV2ijdCqkh z)6EUK8PYes;*sU8;K@uk5H|bur6XN+5;yc^X0KIM>T*|0H}ei=_Ihk91MEbaGR;SF zO|C$Q#zw&aB*Fj^OB-8%+!8Jl3Aly?C12~?T%c)Scd{OR_Io8pt%s7gp5yZK(EXb1 zW~_~W$_%O6a*%Q=D=JGKa4v6bR)~(8EvzakaFFN@pFZ(Ldg_OU5q&nZ`mWDCTi34P9L@_? z5EkB?@R#TuFD;maMljNy_bd0n{}|CwT0IKAd) zdk%NWs_X|RYnxtXwh5=?_qoS%)#tRneJatXyPm-;0e%2a=2An5+Ox#DN)(jB5XuoG z5&zJh){z_uD;im>;8jV{x+Zpf*` zLLsm$DJz*e{5G?kM~fsmD~PwZlHyo2bZN3dbgsS&KF*v6-yTsw1nF)0Yzxns49R@7 z`Hq&w`i=&aW;DVJugM?Lul>yWKlr)c!tLn>LalM%UcQ5~O~Kaj%WVsr(>U$pTK}9< zzeDu5ePT>BbeSAyDL_!KQ+F%Kl}AKv)RaiV2)1%BYfuRa9gv z>7>cpy84c)CYE3CisaUB$+3OtnUn>a4M6$b@Z!aJ2R!{DFuE!0uOQc-Oxm-sn8t0~s zX6x0A0qluqIW~JJz(2Zuxb1f(NmkQE^j+?dRi-Z z<=@ctr0dx8Qv^C@73C;ep%lcWMA2Njp6IE{F;_Dw4>%zR{0?Uaw6;vvZsaSZ7y|Rg z#iDMMDaC+I6oiFI&d4QA0~vc135S(fIC8n+*yK605B1@Hs%Zq)wr<;623a*@ZjQh_ zSXkg!p;%~s5GhqSQc^JHkFR>+dWXxtYB>QADitVo9z~w>rKt@kF^%H8PoWK4+xs27 zJ@@c;)cWZ}cXmDRZS$P{QfKKeY>(siQC&w-sIw3R8VkdeWdek*eT-G`iEz1+S5nIn<6kKs3#qjX zzG4M)C}^?M(pbj~5;}+h^Z!<@B z=rzryZ6_%81NhDEbLNiVUaunh&F1oZo1evAal2lg)y;h>h!rJ@K1t!OCw%ZT>hFJr z?s}MKE638}=!vtXaARl^{=IzjF#$!pt5NOxp*tU0Eb<#&;m2GD5+#SICNfhcZ4m@@dCX5*cTE_lalVJf?EaM$mt29 z|5QdhuTn?5NuSv>I2Yzs2lxHqZ`4&Kzb8vRYbmf$~y{qb)(8C1B^+Rrr!P;lZHB z9EToVFUj-h+RYBuc?HuYguD8&e|D;{_(2Y}PUbg@y-s_EfpBY|`y^raAOE~ zGAbd8=GwI>$!Y~NDG3Ug5dxE)3Q8LZQ>rvM7G5d}JhG|~7N+tNe*IGdehJ0eB;~uH zpD3Z55#5OB-#oJU?!D({wKfWtwS~%&Mj@A5avX{INM6byb1t}Pmhs3F8B8pLnV=Th zaYt<^J@e`8y_-Qnx$5#VEi{8v>e5~}-8PHqX-fSA`~>zI@NT``OY~Zzf6{zR53+64 zYUc;d!(G~nZ3{LLN6op<*?zeXJ|p7&Vwy^}k4h|re41>mxJ3g^X+;A?LyIoBRA~QZ z)muoDT$DHo2?BqHt77>Ll@%N2*!)V65lSEg8@Z-Jj4=wPQW%)Fg3>3~B_wvf5}_{-OS<)1y$^>gbuR@VdA zF95?7qT7jXnS-EZId?xa)!P-6_OB6r{cgSOm2*T-YJJS*_pwigt<}KElYLLNm$PE? zO*NZ%yXAdf74aHavWb{|L~SXKaEL8WHzE!#a-|-V-}OqYKvqD(q+D$O6LBK1Cljs> z@TE~qlbFJoUwGURF81jL!kxyn%zN+7^R@mJqVMT&guCk7wymvTll6VB-7&$Z(UuJt zuX(iZ6;7*NNZBXDqd^n7TStAyv^Z*Z~d#_ zHGdZD?Acub9*&=(z3^KkMc0!&d^F`HWd&UiMKZyRc}r^xqgGuv(po`NqJ~3mWGtfZ zv1)5;fpYmRdj5+eX3rM?oaVLEHH4N$uFDM^#8n2-r$3qA^0ol%jTC;&dO+Gk(b~zh zm1y2Ah{}wzobsH~j7yR;fk_-rCSg1YsSGD!7=>JG%?gf(lou3?$#uG3^A$)p5N^wE zitNmDh<~<(X8P z3XSJpAB!t0p`#pe!J$oeddpm}J}VKnB&Rs1>yea6LtU~-VBIiBvc}Go{R>ltGV+x2 zY69!nQVf1d_F!Y7c^UC1FP>*JhaP^riX7-@(a*do;9UeIlalc7UcRTbJcTlj^?i)rb4)w@Yo5JvJOcg(EsrfDg4 zdGRB>)HJ^JaHs9e?L=>CeasK)YPj{}{cRhx+Tq@dX);>qO6?!D8-sc&w|@WM(pwPL zP1!mKE#~2uP*gnH4S4}8B1f@~g`8$9`td&xx>&zH%ZqCta6(q7tWGFuJmTv`sQs-!yZS=t5()+^J6JWX()a(D^0e=A8%iyp-V4&oxFswFy^`t=a9rG zC?C<@^siA6X2-aMMDduym^%+fH1@(c3jgc_e`7kjvngU%5N;6NGA*sIZ2c)@W&mKmkg`vl%|YlViG}-2$6ms^%{S$~OY6yg zG1&Lzeebgcw{6?e)WS+WqK1M*x#oiHCX?fduJ@oyAhZ;%+1$SWBWKsbUHA2B|6jno zljL2m!q%wSE}OoD)VznLEpJ^}k!4X))ScsqOPEk379zoze4oUTvud>VjM2Z|sqs%4_BOX3DU}eI zS5#D7qoi^gzKp9H!oo0#r?T%HhBhVhon$M^73cJ1*wqfVPp0p!c?rwrwXCQtDVGBC zGTD0|oY4^_#}P%g#njrPE(?DP% z3QkI{`CQHPBES6cpsPvkpT!w$GFi;S9J`Ah_6*U@yR(RlJbC?!mV!bce(nrgNw%T_ z78Yz_iai7GWLjHzo6icajp&6x5x_Pk4Z-u zWJh7C>GwVpbUnpxqKA@a^@RDC)+Bx*2krOxQU#uVK%~w-Ko@=CUC*X{GErzr(A%Asi;%Fs}78 zl=}bn{{FMm){bp`r4k=>LVJ1fQooJp{=H8gZvA*;x&phwzmvDmPg_boO7v`^V0zka zJsc`0@y*75t&Mq84(nCmO~)mT-NaUuL}6A@D#hT(@+B0Df;bWn0(KJ{kidx=rvwfS ztgdHxhLfz``>2k3K}o8b&WBMfODc?lIpy##$4{6Qju>f;7vyU@Y5aXF7tXh=Nz$NFvho}}d{zGTF znXJBuR(H4lYoeE$79iR7o!0mBJF+87S8)Gi`+TR=lZZASzt&$#bmQ<{YyDkBFW9y| zje?i?9=V?N&HKn@TNprGlflmZ7U{>sQ_@T(OpxdwQN)YCCU z!XXM8VAM}TD-P{A^j2Vt=_-rUVQ0)TtCPRlV^MkJ)*szMQ%X|>vx4$Q!Ne#C`6gi; zg_9`MMHq$QBnn17hmZgbhm+efD@SqC_Gj_7;$Sq-iK(f%V|*%xth3iIe>V6laq zN_y0U%_r9kp{*!|e45$IL_Su~l#=U-Scry(okU?->*zZ)LbrIRN!axwb(1J3+v<7{ zryv>Wl9WY7!G;0CZ3@O{rxc?=#FWNEdi)km5_}8+r!FX13;ZE@4l8Jat9E5i)qg9L z_7-&Sot*)+EnSX7>mOC>s@6Zf?>Vc6Upu#sc>dL0k1BO>*ZFGwvr4@fyLxlrbu%o> z>dQCxKr%;RRjJZUSEi{H1q)Ho_?Jpaq>iOARS=Cx%0vn{goUmm5D+-bp>KCR!!wqp z?c}aJ*|zn1uKkZZu8WLpo3f0ulJZ;>loB@z#w`U=M+skrHX1mNF{vuFH92=xuwSaB1sgze}kv68$0CN?kUXH40wZV|_kg zPTqQOPX$jpdvn=$V3;eL+0demk`=53LKJug1wkW2SW=>yz*<4DCk^(ms{1h(dWyz2 z`-c)(6tp1p0BzOvs-2KbitRgfl#}n)?P+5udy?9FQ%~{*4$_i0XTJVzUx$pv%}dI1 z$_lPAqr@nPMq5GPhdQZ;1PF1^b;uu(KccY{ZeN*<4#aR0)3`hN_DXx>>IB7(Aw1F1 z`dLc->8@WjyqVM5Zhg9S&gC5)?k?OZmT${6=hRQ3>1IKW!n$$0lo|y(Lbco|hyn#m zQ4kgicxX)PND4P98d*Z1LjmfwK=GCxcD-7CmKwNKR9w#`a4s)u1=E5FgkgzMFxylR z^&}Av6N+N42Of<*3PuzRxjs%-kVBK{p0-R8dkBx2tL7h6+lQ-ZwEkJ8Ub^eDALep8 zY4QOfTa!A(ne$R`8i4mi&b6a>7-$SMWff&ovx355Y%GL-V6UnbGzAGO@-6zEXQ`k1 zysvChd;eSpHh0@+K{?DT6lLUl3m*yS+J7_$4i&I5s{&z~bBBp3qF`ba%xVHBq9AIL z--th8zpV>tz5+{2d#_tGik(5I)J398rhP~QRxnHrhd?VOs{ z51Er&NA{fl$zt!2aTVp;)?|^lgL8lo{%v6Qsrc3mVZ}F1;h*4_h=O6Mm_V@*E=DDv zqZPgSQ~sTc-(mZlg$!L*tteT+OcYFoL-=PDj732vQ2d)rElg;U6qy2%#VvhQN&R3llXJaXf&3{(=3Yw>{S_S>mcK zChZ+^jwp5mA<vI?OjwzWHD$dDo+vHQAhgvRSF}f|V_#lvPtSRZ{fUw=f8{C^+=GUWl$U zM-;n(Q0swGpX=n-hfgD4*c^CK>&q>|Y5h=h$z|Htzthd$UU^L4fnRl@={#NUdMtg8 z8{PE)4xf=r!)|uC&1}pYF%!0mh zhHH0@>TJrlSFY+iN=><@7%mcJL^;uTDLO80TNqfBRZEybpZzk)7WIhB-5ze5pFC-z zc$b5tLD$2YciLO-;Zf`m!VeHVgXm*uDRsF`$gc9OLJp&EFW*sfgYHPMv!Ez0iK19h zsjs;!xzWTGo!@Z~7N)(0hs$J6zmEgu8@pXkb+0Vt#g3DM?_(4kdR;Hb!ZO{B4-~O8 z2(^9>34!Kg)A-%a+0)uls$RYW zLPeBmIzN+$v)#1MVN$Ks!m0zl&x_VM>ae|*)v*ROcDElH?l_WWNAK37Ip#)uexBVe zK2!PVc=)x`+0L%Dx%Cn7Q|e;VytHIBjfg#mOUTHkxNLoHBzs(6$Tgv0LqoytkxQML zqPWD065ivkbv=nbU1q%X2Z}c$mp3ZQk3isI5@*~co;x{uRvNf%By%f7wagJ86b7}U@p#@+Z?_G@!gu?hIY4$Q+?6516r5=cVQ^z`iPOjW+`y*~He%Id1_>h5}E)vfBz zFHYY+dGp?z=bX$szvZY4JUiuSWr$ega4Pu>=}`NTbK`JZZgC)!5E7@cGh1s*-LnlAL=*}`bA}lBRzu=pw_+q8 zWBHT)TqgfEc9N|^Am_*n|U6 zNXW!QF|&n-JVpcZVLjnD zENdNE$_8V_;Bp9l*C*S4!&c<;$Plr{;Xs~)jKg=4a@(O;(p|BY31kxKz^EJQTk0!W zJSJPN?Gh|ZuN0f74!A|IVf*MYGXdjl?@W~HfBPQcd*~fyw|brW72=;1D$twVF&}V6502z3I4$FQ6iKimgJR;3yfFV9L$xdCpMcLX9)At{I<5^tw%N%o8V5e=?Br|>-#{RP^|iZ2js)CgWs^0 z+JYJTE#OP1V%|XO4!^N7L^L?WaU>!&)|TxUYFQDRqbc9Xwutwqohg`-sW3WkF!o? zIE=7K=HXF~mH^3ft+gvs_noN3ojT!~ntznu+EA^r(H&BdER~xim@e+w`~H4MYvZ4MYxlarGG;8`*5BQZ^W)@rLap ztc?s24GysmM113a`@N5S)#q9aV15MrJcaL;2kCxI2;@oRHiN+f9Ks<{kSj2d?`mt1 zIrxvag1`Ob0$I3ZIr|EFhlnUqNDvnbf!r8JD$vH=!LkSPY$8YSoHAsNuF?YHtQdpzdtEorRYYll3#YdIvq&-|3F36`2~mtd9})~5RSR}ONUA9~gA5K) z5^?o$I8cLnpR^ssH2Tk9P*QLJLX`M1oAHi6%qA6fMkha?ZH;sh5IxU0D(f z6Je!AkJmkZmT*Xxlr4J&mE_}Q$9<)%Q&`d~krUi^g}`H5+Z#<}8ibTfn%a(RJ>}RA zpw{dnB9dJ=*Z9m%L1sIg!^Bpqi%h2f@OdQ#jpUHecA-d3-qr9cWPcU){RUH$p{p)W zx%d|!3T$UnYepUP=`Q(;&I&iloj7xPsdK9N@@vlST)A-j$yaR;79^R)BCWk@5FQ5^ zBCb9T=aIAA#`Du})IW|r50#}Ob}z~0Qc;lBW+e;FWG?$*3yJUkgPMgasw6KxX*-m? zfw^hn5(0DXZZx(xTRU6rorlAngVv|1?TFV_4ch_Ks!YT}>xXGq#A(A+o1%ixK97Z>B(+mk& zfzaKSEkqKYfXgd5JW48#_Bg5TmB&yu5f71^pyB=4>vdaXCGGk<0a5y*Peef!6v%}F zo?@Xus^?R^GUker%7g->@7PX$pZw~mlj~$xNB(Mj^=(fF;~lu*mB`I=q#Rj_iyPZ< z3bH6eJQKGFqP1qwYJ4oU79&H%8i!NM>2pqr=}`{N3`Pk~03gl*nN&t=34w`FH)EkN z={tD2P-_@d<9k0A{PoA8YJ+9At2L~Qt4!BXp1Ztfz1(%FP(^`PpWY4}q&X5YLSVkU z7}_mmesg(GTxHeG@%YQ&5H%4e(?7qeA?K99!w?1K$R&X-7yU6KM<@ysmj*1PtB8XW zFUg};t65m zGsHzLqFNS327yVTM~OsV68xfE`GOp})e3wUcXJ2{k16||+rgX8MYfZySj7SWPvu?t zZ)HSL?k2hZ9tyOu-Ek1O*lcy|1e5L-uNT`c&C06=;mMW3A(ll%TWT<5a?-`$`lv>r ztC-g^jf6(7osxw_LF&6;qg|+E8tgN z=%Wg-Y0m0&f+Z*WAaxD-2!Ri^wj+iJ+W3+K8Ka1P)(mmFcRpy_j%@X`qP>qX`k?8j zKyUH^brs;Yly9^h)UlNzqQN1KFA*nEA<-OM2u(rs5h#Uf%EZ51gOGstfUw6$D3}P1 zKpIPwJIv!LgF}==Jh3<=dbQ2R#xw%85g>_V z)B&RcDPd2uFwqp;uZZhWFNic3No^OM1_*?164_31)m02tm5{@1$8)#m(gz?oGJ#8* z+Z0ktmLtjcu3S#2?N((+`PCh@)>@TjH-x}zN3DDYH4Yc46HdgK!_iL50TE3|aES&( zw?Iz(BMJ)D5L0alVG`QWz>7=lsdEZN!C0zE+8(&{=_-PD9NQVz8Yd}t{hgjmFI@=r z>R)^I_8CvHx!^1#78bSx)oOXRBRF1Ki5^!{@Y*z6o~c>5Xc;0J9O7gUk!a^P`!J(H zbwh0=L%}`>xk6f^eUhReF;DbaNDf)s#ZHb$pvjcqap5}%9CS7UAhMn4>Z;|~dG6hw z>w9nuqg>K!w9Fu$^D^Dl{sFm2mpO zPIrj!?v7(ln<+5=s86+DB&>GiwS}doR+89%lG?P*@CFbc|(oqWb3<&jQyA!M$|7O-#J!w0FnRGXDIlV!F$HMKf zp%9o9NHQcdp(raV3rw+a)-QbHLbu=*#L#M1md;vhwLo|j1!=)M82cYJ2vU#}tt4NRK_VD2I@#$`{W4A0Zy%!W8xg zE%|XPreq}>_nhw}Ju0b;ySYGGIE>+u_RhIBwgOz-u$}gid1ZE<+iCZmx4-j6+cj7T z*#sf|W@p-U4hXG=U2D7y5e*KpkBB3pz9=U>)&W+sx7S*TJa?jHz1&R-81u0$9Bi}@ zHadZ~cjZ&<(DxuD3XX&$=jf*R)B}9r<=$)&rulSW@3i`kzc030D? zS=MQ)@ms#2=lEy@Atay=lo{H@!W^!HW&>yZ&fN$*J^cQiUN!ZdTtlB3#dG*a7o`YV z%MS3Q$u0;V(C=mXT}^Fc#F#JT8aCf!DnrDNu)8nGOVo?b;@+|&pavstSD{uZHvN`+ ziJNl}{Ahfvv+Z|~6i6C~3&h!hyZ-gtyIH{C=tt5wSm@870Q1n)K}ZQ95j3e|z+w1Y z*7-EGB6Rm3#ScL8k@O-3-cf~M%dhBAc>bJEKUT5{LMb;G`{+ztubF>DzR~&XtpB0k zu$Wh^J$k)+i(1bI_$4lJdigl4wKCe@xjUU;&&=J}CHxfHE^TaQ9BF}+EA~vH=fAF( zc?>QT2#J5LerlmFNfJ$o+=a&#sOZdg6Pq+6@c!QoKk*9Q^<~`!<=*!C6=3_yKu~7~ zL2YP0XpOti78LKvl1&h5eQc`Lj9na^xNbZCT9fK2=N5smkoZG+iN=kZh_y<^h11L7 zxj5tQTshq(EEOC%N5-dX^S}694_?VUra_3(A3Dil@EoM%IBIRfL92nywtDEl`PJ~- z|H`6RSd|Fg!x~Ml)+};t2k?i$Uo{?M&+Na=m_Ka5HEp%lSXZ1|Pdc|=mS@QB;f(EY zYFSV!+)TK+a8vHI@$#0p^Kf(LVryrfGhg@)iH2@z#@Hw#%2p>NxKIvbXu67mL|j_c zaN#=G4Ddtm3nzJ8oK;hb!xJ@HMAmPeRvu%&T1x~x2O2T;I zTO~ZG6Ak>No;8l~%Qy*y1iZND<3Z{f!lBF54B^mo@y?$Qf9e~$6;>%|sj+oHyQSyG z=@^i)3L~g>s4Rn!B<0UA_QSx7<-|Xm>5v+Jt1gF{=D7LCaVrJLKB9@(Jd}u5T0?^& zm*a1>n2LN7B|zIo@D{b55SNf~qy;wJ?S_X4+Jv$hL>wKf_dX}lDiJuKpd6*3?2iPz zM5wQ^;Qi0Zu#kvOpn5q**u+Dj?b_8^uIz)5v5UY@YWLdYyK3^SyY`diQQS%-KFTg7 zL>JYf?%9s9*3`O}xw%mA%Q+rxZPQG`K|qX)MLxBmJ}2gAUk;51x4a}GT?%liV#_6U z9u=orE7eV!Z#W8*Oylv}ZiGMbwcW!X8)to#?pKr{@TSOs&WZEAlf7i7YOqNcwtdtx zvJ67T==brbz_UlLtjTvmbV1yT1;}>fC0AmL)i_*TQOmuXy7U|70tLrwg4jN6c>N|*TQ#w zS$CQBjFTxac8E+3Dmm(e$TA2IQBA%RuBV)vo})V0hva4IT&GbJaaFXFxP%QM75}b; zw+SA(1|hvB3u2mcP6<4xPeE1;%?oWDg-|imTvi}0h}mj)oGS{dB@*ohb~G&2%H^js zgsxs%@!3&~z*mkLYYodX2&HT=^}!l{Qt~l&vE1@!cH^%#gBlFkG%bdRNFDYA{4#Z` z9B9`>w4tbQ@1{sO-f-sjc~3FJfRJWJ#MnZ^Nb-@(_xugnCm)SmGY|Swmi!|X`WA6o z6OQ1Q>9C1~2}h#a53!JpGU{cDe?-Bii~GsZ@x-I?94_CR;J_47hWLO-w`+ziMwUSc z%|hVDjy$9{~}`_G(Ka`NO{9{M78YbaonUf^$}dAk%-tViOA*Nm5%9* zwMO;q6VdI|y(?XZJ4BQ>ZR|V|ASn=YL>%`sJQ`rb>)c83p`th2Ba)$hJ(VWu?BDiQ z2?q)^j=m;ZyCnj-W+c-TEI@S63kAPaQ!vp^tbJNS2qcR$^a}8-+wGx95e6Y0>6w!c z6>VIC0{_rDXGfGQN|q7i`pP~C8SB4cDJOqdmu*K~YgP0ZZqav>NPLuCN*Hy*d-I&e zPXI3y?tJ%W$IQWP;eO89ZHJ21>?mwd?ozdWAr(2=u9|3boNM8A=zKb+t=(!P3A~Ax z?dkAQQO+>kzlw52L;D7SLesH8!I5d}Q&3w<*vmEYwPPZ=(?gW0OQF93C+|8rHd^7d zNk#g=TqeRz1v1UKUwg|Z7hAS4=TO_I;Ou z&`3DsE@)T7K|`vUtrmXcR`|ht_(xw2)GV%LZCoi^eLEf z#kth*&y1Nmft+5hS=d#MVPU6cn)|1k*v#=A|1t7oATzgnGPr`&3J@DibUv z{_#V%H6b1PeGS*G9OclAROO_Ts8EH}EY!y;#?Tp#nrHgbu(lZNJy^t^MW~nW`igTs z6*fgkpA7{`s8f|G`thd)QsN))Q;^2E=p#@WIhi_;#-OPY*a;a?u(|K4Y$3T+t2h}6 zvloxt4cfNjTS-|5VF+}GF0W6%v!-CJ8FZQ5%p@}4C0wSlwem#V$z0=5i+^qF_Ng`q zga%X->Sw=15(Sm^Y#C5cXh)Cq6godQ6cixDnuUsm5-!uX7{Ug==eNUu`bFJJa_o4s z?{(O2S_ECH%)M9@rzljMgh0X}B}2E!R|q5)Y9|^3VK-w@2}0KD?0E!RG5-0@BNjwy zpM`O1JJvOk1rRdkk4`*0)%Kcy$3PzSQ`<4T1~;i)d<2&WhZ%#rN<{2&H|2;qQ4p^S zZaW%MgeWfNKANDxO7cNF#ja1N%Qfu?Cxk<$*Ct%ukBdGF=~l~8cYB5HG99IiQ=BZ< zMJtrAf;VO4I+woLj`K)`VQ1PcQKIZ{`7PUtt&A*y5cqXHK0o<}8h*8ol<%sRJ*^(a ztwbUb_$a%SQrEYH!&h=Q6Cn7}xW%>`E@J9s5>K_|oF~8Mty0lUmS$x90S;v!hlUfG zMqnzGlW0mL#Sl7We@)ZDPySx`O>gR2shE-LOuUrM_y|_rQMFc97C(X68TbX6jDs{w2a`FAx;rD zLsRx%0aF%YVUyD5_??f3Z+>-m5y4L=S?OtE*qLP6gl{Wo_MLXKg4jAOeN?N`gllQp z0il#n15X>Du>yE@^1Y1xD)5|kuQ4_SJ8P|l=I?8jAmy{1n_PGN4`?E`560o)%A}hJ z$M{b*cg{9&!NbLNw-A+8><~4W#-6T7+ck4#foY!i9ZJ*i&sah@Bs_EFm|{lVZbVSz z;00ucE(;YAT{K$g7DtCcdl$m_apDJmKr_VPmkp9FFN34i@+vx~3OpYV*#Y4^lJd(L zdmi{NwgahErDSPi<*<=^O@@4QsqY{eoncilmGqQzvyg}cJ}fSi(>aQWv2ZDpR1yNw zg{M4p8tBlNcWvi7 zg;=F9oa(Sjs1r0RII7d`J74nbi&d6mon;?{j1~I-b^1o7yfN9POTc~Gf!CT^4%3bJ zSm-g_f{TP9kx01hXbuoTtL5slQ}=Yh1-MjWF5wXf$sv%FaU?>SqF|xY*+aot|3(c0 zg+zlX3WmCQxQ>Oq*rX7ulzWyGwD!(yT<8|7`pK=SY<$II)SZ6IDf5r9XKV*wYZiI) z^{D31c7H{_;?>hDIl3BShH6AIvRL;}8utJ%F7KLUJ#sV!4gY#We#cWM7#41X;Utkn z8l}6Jx$V-_sx_pB?Et0|V;4*Jn)xT?4ckH0sjV9>U2exFU*kY9L^?!&n6czU>HBOsft;#`e6iYqle* zwOVSqs+B8A+o3E>b7n@gqZ5c~9#bHsiV@Wc%|B%lDOc8~pdMpQKEpy~#6nHPz|{y0 zLt-I2cFi8Px%%@_N zURf9(R;Vn;!pl)>VyzYkOA1azJ}Gb5j`xJ>mA70yr6EL3GnMEGL;?@UIPMF4#Rp!j z<}r1fSg;6wIZ;ruOmmTpK*F^t2g-zmsQS54ZaZ^JpH|MN-V&tw5F%8(r~&-??74Lpe@j3XfgN>JO+p3h1Xxb!|{#}SA;`*ax@8Q zRj8=2Ou;y}1;H^&vw2S-$gNH~Yb`q<1b!WOeyR;M{49$Q=t7wsnw09N=rV=CjJQZ6 zgLD-?e&*`c?E>F_^DrC|K@VvKT&iPht+;%*nsWjVZEw%qq_1BNzDZeicD5Siz5)cT zzSC}wTQ&VJrR`fyZN+5qJwJCi3v2SNkluE6%$FkjKfeZpqgmL68e0xLjp= z`e%9P2cGEJPN3F$XsO^~gJCJDd1EG%e0c%XIz$#hI9@gXR!)E6D%{eSL-R~uN_u7L zifamHWCBfw9Eyl%T*Lz3^it>FU0DwnPTrM#7YVl=?xBhb+Yzjlq6|TE{H>fT%ko*U z*=g;YVnbuC)sP(!O8K<@uSUkq@AX;RrKmMdL_z0(TO||))DoxsX$z^K$g~-No@?M6 zU+VnKYo}mg;Mh)l@p=@YbdUlsimsIaa$&m!^U0m*BZ(*GS=&=1A+SpAdvu&p4;;TX zN@h8qjeAfOBk+}D##(!12ZZyBvHts%GO-=Y@zvX|_EE-mv8N=OE|t+`z|dm0bD2Qx#nbm4TRrBW(F#rJs7i@I#|^1^_Y1sI;FBpnfu8M3)Ecj> zm}@&5;?!W~kj3*nsMb_k{7?TVNjVXWiG0HbTraKGV)XRY{@1aGf*84!Qmvx?z=5vV zoiucG7&aWWTu6N5OP&1>X^#5<1Glmyrv1Ku=`)M!A@6=o?;kwcLlf|ThBgMD%)v$j zO{TIY62H2ID}Lt@ud|>q1}gN+%EY3dv#tufDz~=}JuOacXM5t+upNMsX5o$f^BQ== zslp#Xmxk^C_Z=>$4GM`X9mUj?0eI^ ze2*209dKGNS!PL2x>f>&!(!~B{-1063ftivH~sMwSE-rallXIg^5S9Zp1!&ZLX5y~ zmxVwfk(EXW%rpxLW74ot0l!fiwvTqJ?-%7y zCY>OdDA{*Z3x0E{MO$&L3J6OI9*w{nev^v$XZowN+kAccBT6wu5^eewF`Q+1;nAx* z0)OX|qd1iN{E~vQ+vNh8P;66p6Nn{Zj#z_`d`UBY7-)3Apzx);{8zluXQovnD|2NUH@{+hn#!5zRH1M6jAO6UjyO#4gUWzkJLbKK~ z8ze)l`4{iw)*cNgXp~Hr%RmE~)*5IfKzKL>Yx2#at5@M_$245lcc{G*kP4`g)RYQB zg;baS>cZ7e3H<11Ud+Gvs^{wUW*31i>h_P)#x(*nZK;MIjkGq^6eO4t0%fl&3iJxK zn9di?@U#o>;Ge7SBIV<6u`>8I(tAHos`?+4?+^}!rd>=0WU8LBL}Q`p7`o_kbfyRT*mFAF&`k`19z+RYr1L<=75jplbt<5Li=ib`b?}07f*)r0%ok zJ^_sQ)YR5sYVr*5^?wZ6?UMDEnx;vk?$@cd#PCn_MvCXpAD%A*_OGH67j)HR66;i!*vRp$^!Hya+RL?!*^!xKyeLU<_Q0`jB zkq`wn0%MIs#Xmj9nu27J9%*?``&}Ak|LxKf8ydG+)R`m|6W&1XShP|W z+P15(s5)nmiq*ZoT~ziiKPtquYjdB?1-y zq~e?z<8snauvfBB;ZQ0THkdjybkNbZ`kJe~HpU@v*m&QeY8Oxl%r*a1ovD|V)guZL zAZhGz1}-#GAAoE^H;5~AZ|oI_xPT9xaC=7&sBG|gG)zU-81BZ+VORQSW^31kX*g>KxLHtO02rHN*t z0bx|KP?_vIq$We)z#$g8iiP1ifN)+hT|rioZ{X;HxKheqms8nI0RKP$zacbO)pH#`=(114hy}e#o$Oh(1h!=Q}!(#2BBV%XzUGG*c)PDmt(7e zK(kO$a3f@{+B;Q$V8a=$w!ZIi*{`P5Rg>^p`2uA54yexB@0XMcs3&Qp!bT6eaIVQ zg1R*q8g-dOMhK))sve?XCRKkXbP2uKtZ71l@Zax*y^?Uz5ag6oKBzZztG_@yWW>J? zQ~cW?1a?B(Wtvw^|u7 zURTE54Hq86?|j;F8G~tAwayC9b!~^RSANrW1jkVg+W{DTaPp;$`Fm!hOl-%$Br$eT z|Gzer`;GG6a79KPJ?3PxPeDhcF3}Vukz-hB%~uM~ZZ#ib>BR4rQ5D+xlvL6`cqCgnM2 z1h0u?3Z?qiz^Hxanw>>SP+n5Nh?;od*sfirYB>jzLzRo0e|z5uRajL|z+re$X#Noe zd4Da9u_iH%#6LyE5{l*+mmzE@>!e-V1vpTwx}!3#j7@x^EtJRE$Yqp|U)HXvv)Wn- z5NiD<&@mo0ci)iSb3FX(AH(lH%Epo@+JuR_`^K$S$77kwu!s)XybYI_qc zi}S^X5r&=WQ}Y)a^V(@uKq%$=81sjK_ioz}El-TSiWmgk1|9(Km-27zTX1pU69NYg zW8X!))UVa>Z;zy=pypq0`mX_Di9mI-rl9eOg+ljj67}m&)D0bMY=po2p!51puaZpZ zL7OHc;9Sw6cy7DZoLr%}R3w{C#4REvK`Y^^k}Z8286k~8=rRSoR9m7)!@oo`k9^{2 ztjVV&(Jd4XY4VJwAT4-^slz9iyF`pIra!q8sVGI1sd1IH2dHm<=Zm%@S|Qm4p(fw3 zu1~dnfQ0o`Nw{mHlkXpw+O=^9JPo`r13W`P)Aa_;NTSdb%mx(1E(H@k#(JS*p&pG< za}JqeVS}O3>o!k^Rpt9F?VjVPFkPpUG!+2O%TABs0q}~zCy4=Umy5sj8TQ;GYt~tb zd0noNP$H0wfJYR}g{o(!FH^4SpJ*JC6a~3ro*K2&(+&(-34Sg@7j0KLETGrXwVmi; zVwEmCMD#749Ccc1Y`4(z<~yftJCl{vQbD+ne3%M;$AEmp8cV_Q)-!`-%VlFL@EYJ9 z>4X374L23pA978>-0+WZsA*>?*f)bfsTND^_w*%=4?AeZ@J(i3g~VxL1JQ2q92t5EAWZvcV7wO+hl6Bo-3+ zGzb%oJ@N-5Gy=)-9R$R`hC*N`44GF!gt>lbRcg75t!Gk9^zP(hqo{SvwNwxST|GWK z`G)m{A7c*iY2ag0e&M*gBNQCM-ZucMQ4O>3;NrZAu@4i#%v%+?=EOompaJ0!1rv?E82zzl zaHy>-)o})aA&p_koY|}K{?C$q=CP80qph8;Txd{AG#CoKgns7apKT~e{NP8!e{!i} z7Osehh4gkz%JjFeE!nu{8fL$%S z1X4B_TYK^`=IdONaW{7~aEO~j59v)qv9lF>z{|c~sgcHa@(}l)Ns+}|v z2osINxMU$&ggy(685{-%fv3Wbz8lO@qF=ruB^xf;P&1ah|LGT9Xk1d9QYw(UOs|#7 z*>Lgq{y6;6Cyyr!s}Zvuz{$~+r8e9mwVSg)GiWV5t(u5fJ_u3bVeMq#SL(W+8OdcB zZ=*TB1^8dnJnGEoWq#=5ksnzKMjv&e5ttK8q)atq5GFt3_U2r#aR|L8R*nTRJY;i<$FRzmGwpKQmq{ZmqY zGh>ec?>lm3srKk)@6abU54o3s5fO(iXNoaI8cK{zF>c((cN63YinP|u|Bt~lJnpNVwCv;%@u>9v zKYQ&0D@k_V_x(>*S3j!j&fLe$&h9LCIhH%cBba$8 zw&aA6A29@35~bKgV9J6_+Ok8Cv`37jD2^Z|0bZ;n`KqgL_4`%b)qSV`IDPumd3@(PukZJ4OR1U=N#XPEqLwc8e@(SNOjJ_IuX~y(^|yhBG5?ud$a|nVK#O zI0nA&D^8bx#RSxqqGUnUl-Ai(H+0?T%=KM2;9PZFucHgznJYUkVULL0G&Bnpv#_kk zUf+Naw$nH@E{(nI!Mx$Oyn`<9_RS|REZLx4PPFLa@FEd$2g0%xWq(TD9o5?GCze0a zRIR^r*Rl|IX7^^Uhx;oBs*is~rWeXYJAzY^cT`*>^BTomr2PB7++|^_yKL1Ul;u!N z6+(rGa*2R*`V2THc@n$+!d;<+^eO4RcUr_St)l4_nU*y&;^P7tTd8fn%h zwTgwjiejDSmEGtTT6N6iQ@?YbzwB0w(}f{ot!f7@j5-rrEx;&zPJRk4hD%SU@f38Wy3fC}JJr=%jWhrtZ%DJNPakx7Uy3yEH`*Q9VsbnX3zUv_ju#>uR}5Dg`sW)zg&yh}kY zcv+rj<oXB4U=R zc4R*7Ksc*}xGY2@#MgxQ?NRNM-zc%IR`_&hpI50r3>=U0=lb%C`skkOzF?K7?yQBJ zSf(`R62309&WHyQ$+8g|huoTQ6T!t0_=&GF3)zU0h$PNZJZ02%`Nz56PeCGIhCnh) zM0D8#QLrYo&6?*fzhqKlck36Gv)5jchgR|N`E&OPaq5J(WL z3D|~4AhB@I(D_cQlb_Cie-_i4rm1ws85G3p@M{>Ttp=L)^)0i zt!|A(!K$>$MBF%s22=pU?f!brgLUGtH`g$VSkc7MCh(mFQ|}exx5jtAJ!-)8^x?Kriu>g}XzFqw98#r87W49AW?0B0G|ZS}!I>)=cy5YBq0@G1 z4CXrUKb|;$;?RwmZJMS95K{2;^Lf0Sg`FY`m3GEv{!wx+Il^4<;EciociJd9PP=rQ zNjg{)CaVO?Tq@6vDAs91mNl<3B5o88H^`M?*65gl|& zm$Nj3<4k$cA^@o5IbzIB301ADL!V}#MhV17+c$>IR*a8)L}h*NC@!Gx2aw;1p(ua5SL!th@xv5vEA$+AY2aI_cMI|VOk3u_kPj3n{?~_>IaL#` zj>SxxE;XW#_-Ak)^(crz3exUto~iCJ^jJs(9ieYkO~C57*wd{6GgT+4jj&A-NNv-X zpfylRImuEFX{TYOYPI&mWCXpIq1DK-op?SYK{DM3do}zcwX7)%^!u073CDJBj&d># zXL7@Ct!jZ~sTa^*xUz0A8C9)0$HVO+>bU++0S_Z6$mPEa{F}ugYj^)}RORuoKZRwE zAlxi9MbSkmrmS)-3`b+GPlPCBDeFyOlU>?{IrIAXSD>KJqdJU3a7~RV*v^x~vBwf? zJeHl-sFt}Z%PYDvVqI6!w&ot<2TRQuL?bFY{@DJ_#+tTbF%5*cHE7-7%~Zt0m=45} zf86^V1&kjN;%&hHREhs|kw#U1vETn+2A-R|OiUvm_)bjqX0ZoO=*k|f1n6C)lo)TO z(AcAw6=pa@KMQjTcJi{vWyz+9e+J`lkMcbSa94H&JN0Q@L4JeWGmXI-y1?5i0Y8Kn zjUb}koXJ2CZu}*fU%lw}!j;vcssa$^6kJ~KSikcF{ueQ()CYw4QQ&D_@%_b7Q-N31 zEb!~;>gQh%-g#qzg*;VVo~L;t;KhJN6zm6K(4!z>51ex$Ltu}E4F;htbj}pqseCnz zsy$d#)kbMQrk6XP4^57aajH`kFSUTiS^_OWwC5vX^&)B2M63XWxo-DLMMwzo1AtlV zFdiY#SLgg_DfLla!kwY|DHNQGd=oSrB-OGNvxDWGAA9-l*MJ z`BoI=g&K!mu+~Y}sTC2iLJ)Q}012i3dm%mqe13+Z*MPqZ{O~%x72-Po-yZgS+=|Aj zEch+2h#_YRof8G?RKt}7!hmt;=Pab;q07Q7kz9qgKzq+25H1!0+Xg%irgmN!so#%I z6ArP`V+W|<(l(|DMW^a5ydd)B-1NwRRHCvg^lHPAbl(z05?}A&^|-tvo^6FKOXqP~ z^6EB3je6A{EUhelmW9KrKzMs%>y6n!NU~Szr4au}sehLX76an)G|#7KrSKbg;5DHc zMpCm4*Vtnao+(YiNa&mt@N*DSqF!=!s{(#>%6Iu@P_+fO1qjqpz& zb&pu_#appQg9_udPq_lMnpJyHo_Y~=Ng}QrghE^?hE1jJj_UOtoc_X^eH*18;>SM% zeq%fz)Jn-WQX}7~8c~`_ArR>#VxbwCD3rb)+kig?q#wK5fswB&3wyjg%RrN_5v5eY z;K~$;llGZ5wZq~1)V}QcOW%o~{I@!y20>??ohzSpQ=mqNngh6Iz%=l!2kjFd|LkOu zBlhFL*U|g*BG~m6?o!h#$xca5mgUdpXh|Zj8-$o4kSg_@5bg}7nrm@*kb+YYxPJJl zG5njLmRO&AR}v>uc++&}8uh8`oi6!C!Mi442~9~V)Hy#e5SyCTZ^muFEyZ(V%#fZ3m5C-K zlme+hL%=a`XyR|Z;e6oba#*<2>h!7a?ZC<@m}S{n6ANV*jWq+7sc}eG$TE;fG)!Es zBTn&4|CjSae_%UKdG9%wJg;2sR@EM?MQ=TLO!*5}uFgJW{UG#bo3t^qR)}Wd>lAq3 z+WkLQ~;L1 z0P&gERM$iif&HjgN{7lMXCW;i>s#Xj;qYg^|7f2cWNZ}I+4 zs??J3E2)=KP@|g&SMfqNKYhsIs;7*H{j<~s zB5txMu5o^urZaE@_^NETp;`Ee8%j+LA{-n^p+Z8$0wSv6$Vq3@Q94{kDcUA3OZ@1+ zc7EZNl|;!6R3+?Av?I`*6R(N8IfVNyrJ3-vCt@tD$-Q-VKt>h z!^t37%L6gdQL;gzqmd7)RRV|YRJmIfB;(uqDJWF`DQ5?oc5CRMO`&nyJ8ON=3QYr# zCE^reiv0$D@*g@saeF2f`ek6xk4A5o7nZt-x!O4b8`etfZ@!A~d*MoH{OhTbfPVf& z`uX?1*-fkme#6>Q9A?rK?8nLS3;6V*QsO+Q6>)W5=E#+D%6fTJ=6gUPF=S5&UH8!j zbSx7C7W#8Z;ZNzYNyb95AQ39v?&lLxYs{@3i4T3*`SUNi10L;El|KGGN*Vb_b{?W| z#In#N8H9A)83j{5>r}T8W%YHEnvn)ym($e{s1&v8ReP|t%J{b;_!U)2D31%}Er8#! zG8}@5xH&i!W9l0Mf`HLa!QPPB*q}z5|CN1pj=+KL{gRA59nNI8o#1EkRfzf17CQal zmz`g_;SM^d`V1zFx+q6rRtO|hkPs_%PRM_xP#1{B*lpQqr2J&XJ4Vl?2tv^XUiULg zNw**+5(1$@l4=m1Mfo_Tlcaiuriq8Cz7ik%C(ir-pgXTSUexz#&-|MGc%|D^rtIc< z`7AmxgQ^{xs0@Bs3;%kmB#0+7_S+otjZ;R%%5nI>JbXTVl$Fid_m@M^QW^-EW1yO0 z&tQhph%?olTITh8LRYp09?Al9)nI%yp`tT4gI`E2ln7FdKn?hoLmhplAjL<*Va7{h zA@%%~uRHI%=C1u%b{f=2zJpIx_20Z63srtsvJOl^I_sDyC?SMq-f5^&P3?Y)W(_9+ zA2jt$;m%AZKN`BaWyo748tuByufFWkN*7Qd4@8PijCu>r<_i5>SQ-D;3BRH$3Ey;I z{#)R`9@)0}@EcYShm==EL}KC9oQ3PrC-ybgMzBxy=M<;-$YTyZ5mytsl+v-T0d%N| zf*mxmh~j_l_neQs?9!;FPy^N}-o=y@2S?_gU{jR*j!Q&T^wblLLkf(^IMWJ3(-TD;Db-Nu>eZ*mkFhrCfphC(B4B&?dOh?lFp{vCdY}8=U zST%F z@I!U{>#36cNd~^R5q`s}9EZe0LJp-%$s9x!IkV=HU5xH(OqnG!&M6J2jD`ATaz~$8 z*r6sSVrJ4K1P++WXv$AI;uJCkL#`1#kRH4zyM49I6wSna7^7vN)^MyHi#9~rLC_to zp=s!s4}%X(aa77jW@ zZ$T%RL(#c(q&?R=}SRp%@IEhT-V2?J;$lTGRySex#A}2ls|In12K+>P65ZfcfNn%W;{PXG+hW#l~(-%uq@e7=&H^ z$!^}IAQ!x>KSfFYBpec7H3fk^6E)9$%XJRh?y3)Beabg{v7wbHmZ*sW@UoLm3KV2I z5(VkFW5Qml$ro_$Qz6TlOvFMelL0rxnH25h96hj297CWD$T-6CfXXRI#-^HcGa7< zdWlMhPc`l(*rPv-`A0`=GXJO`^;rvngpN4XsYk(#e3@f@+C?DQp#tSSId$ySVMgwX zH+Vj^tTL@Vi4JHByPGNWp3HJyez0x?X8hZH_!YJ3(RmvDwm=yU!9=_OIJ5^DcXmAdMMmBA0&#=o96 zF)m*K_>ELX#LdCs!Y_!t@4jx;-;hHwW&Xv?!VG=^moo*NYZfvB31AcqUCteWnn2rg z|JO&(?E^Q-D99<4U2DM*1-&e(^MYdd5wqK-&Mn6wJ7?-BWQguOZvLla9Xv`nN4QmIdbkVYUR3PvfS1VO4($Zk+mkg+g@$MEYq zNfbrwIIp5g!!0L7$b@iQX$f-3o_oP2vU8Y^-BrSYV=uX zmVx<*S-NEW~yGe+vAvQr}Z(p-cS!sl&Gpe#6=j96m6QuBC%4tO-rB z2_oLqDJb{8nTQm%h*&0%jWhlc4(UDT6znFP!%xRDg${qx77(lf*0 z0=9r7v;~rIoRidz7?2vP%))@}YYIxXRzP4zL01YYX#Uylan7sxw@6fSFiY!C-Oy__ z7FzPEMf@Y4NeM$}{xyhySxONmx|QIUA&^Ay^K%3e3w0tECa{@;ZO0Kr!A8|f8n32R z+0=g6@5!9Il=1JP!mp@Gf-l9)=~v^T!f#lmOyut6pJR*8!JiC;Rh9WU9V6!RU zDhNSmr00qAfpn+=6RQZqphrOh9ysTM$2j!ZV4dx^MK@WF)0>pW#+glul4KKtDA=_r zwI|&qAjd5EsW_kwaaMeYTcLD@TQL{)o8}yyEn`F_;Vn@(i;<-Iph;1JfN+>H{}_ZC ziUhy3OF=gl84- ze?na6;cr&4meN!@4j0xV^T-p31QRGnTF7rRWS$W>i9M%M-yX>zq*z8F%iSvFe4OW<9E6m&n1YVLp5us;LV!n})eZ=d2XhWQR!7f^lf@<_(ySpSZpE}M%e474KCpYMixH=*T)?7wHsM!P1p!y7e_M$E zh;Ci}d3PCW83lpc3lMYzmEjOf#A|sS|NTev&h>!F**NhYVU` zDox=FPBevBbR$NISf~^zc3sAn5wRCzEu(5zwpXXkRO*)6!95kwk+1iu%qJnQ`HsTvTLq6d=?^# z)wt0V8a%U0hl7k>I*CMR=%&n-bRFAPrjFH-RGPu$|JFfqVfh<#PC-(^q%EuO^CUdf z;7JiC8bU#=Nk)zZsZPG+H1UBXL;D$y$JpdooEA)xCo{hJATlU-tdpb5xbYl_f)#A* z25VbE_$*Mcr+IN$iW-cuks>6l2)Uj@i!GlR2W@!kS?TOL!BLVkK4RYMBy{ox0`2+5 zB&C-uJA9V=GS{8z#AsX9?1os)<)5Ht1I@ZFByzARibfCd0%ENh5x*1cH;)fmq1{}! z+gqfq1Yu6WXG^8y@Yh59$1}W*CIx!cS95G0y)0K4@lTBdXLZ)MUk}rxlw;zh3&dSb z7lpMWW}-_AHIdqFdltJvJesLqIC@-j4EVzW3p>8)#|T2S%wyGnrC=s&-nOmO_JOcK z!P~t`rS4Yk*P1jAhjQp~E+13s0zx4gswc}2%p=OLq~!hC!V$EhOqE7K6oD9jQ)s4 z*G9xDWxWqiO)^A8eE#w=ar7jewBe2VDmHApwPhfD#wpm-I2_I^wOrgG97=`DW#G^= z4k#x+=|94iLc5HO`Z327v_b=hg30^jr)Vj73IxTs)v=%2Z%W9N0J+6PtWXb=qeLP} zktjIEqg71dCF`c+)8t^^D$QCWd!YSmpf53MRbDi!*;Chy62vi{+dFO?zz^XY@B*E7 znpf3;P>2M0{}KRurYYD{hC|Z-ZR}r@r^P0E#mNe0RHG`7&7)KyhE5a>FU`iqpms>K zixg@CHPg1scJ;$Yo-hjEj6+&L!+;|Bix#dM&DlXWqtmSB7Sczb_s*T~pU5EY(!Hmg>zfAZ z#6N{SQ^)IviM=EXAE={iVpS|WRR>pR?))%4+Ot+mr~! zVB1k}cD)wgrzr9H+D)GxKzh22DK(}{fw57B&2jqf#Cu6SlC?H1Bvd-NoL(0PZxQni zZ^GDLeWjm#YG`6bmj{x}2vFoqh=oK!;1ZXq&=&ZGuh<`W*;{7oh=nQ5qKI85%h)0L z;(*+8DbUY9_BcJdUR&G&e;NW$<-uimOD=F05sbye4z{)I6z#UX3eTH!Iu^ucm=FR{ z$FW_*L8HA2uXY+xH6T<<&nx<`_Bb5wD7b)LjqiJm!&sp$r{FL<2NOt#npB=vEyDKC z3Qrj9j0rPE!$6BDDBvs96ikJ8$j8b&cr5KFlIlmq-@kVYN=#g2wo-zhLc%HHTy zrl0{&YJmOad-jLkQ9_76R!3nr7f<2Lz(wCU40z!Yg+*bvmUG}idPGaSVlIe7FCAU) zssl@5E_58nM=zNts-(*#$}zJM>V#$xAxPku$EpEO!IEQley3Ha8W3j6c$V?6rvV)1 z6x?YMy%OK2K>x3-n-qdu=}b6WsV2n051XDScOs$WJvQK?83K67u-Z}O|coFNntwR^LM889I{(W{ORV^Q|Ftop#JPL6qPH z=eTJg2;s*d3hq>`ss~{v!kZ934!qH;$p^pCHgT&5F=rDQo& zx(mf34M=8Wtk4j63Up+N`?QIAB#&aLcYwAcE880vwQ!9ljNttVgaXC0;%_-m7T}h7rQJYM*v0$f(+Zb1C)LMsaRO!I>n6YOFCm zUySbWrH?x1{=#$pdRUIne{VncTZ~#jCZ<&Hn(DIX_N`GtU|--x6My;*d$a|WCoWSk zN)!@CT_n3XDNx;B^p!9UBd&2%{N{;W&T4lWrHAp+!{q2BPgDE*;xG`0p*V~TosaD& zs$LjjJ2KqRI17x!#^YC?d+^HD5hJ20q>c0$}4SznY8&Hjq_J+q{I&+!{y zy85<}O=`@LYtemQ;l#K}5#vanE;jEn(dHK~6(~6Dalvmz08^TUNnTB#X--ecm{h$X zVuUGu%L!~9FUjDibWS6KL?bYya?|#?Gg+oWLueLS0(ApV)1{84Tz$9WHB6Y6oiMPY z6dpNjpp(E=I(?m11g~m07uTcYFisIlgjr5!B=w2VG5MgSjZkY;42xwo{zs{)?^{Cf zJGt7zQ5%PCG_3`#IZnHpWjuS@I1pwcqzUoA1Ao8wnH7fNSGA`bCu5$@?~LzJ|Ib>t z2ml9*;&2v?;PC(jRiVDWH^np|bW9X^N2)QIixgo9X%sD50`LEd{fU=6YHkeAN(IH_ z;5_CO$*x(=LeEoDQ?L{34r$XS5E6jvVky{{s2_XL6B+pxgau3Lwbuk{QorGbLBSVo z6DIwE7I9*4l{oC_=l7sQfr34${xWe3 z2q{tY2O_SfGPU?hb1P*VG54h<{Pb7t551^acurH*O};#5AyF{o)*y!~wT9e>sy(8J z>m{jXt=X`n5e#3eKKu?(yOKGYtt%&@MY#cDHl#)%7&eB$^#+=;jm=}>niVG{7>Oj} zc*I?GLzBoC#Mm>AjRrcr-QFnr?mg!wvg*CqX`(h1ggN=XD+A#Ue#>aaNd8)UFHrcb zb&KAzldc$tBKJ&;axwpuj5p#I#riB3MTK^1O*v6hL*S{>sn0@A!GOb1%oL26f)SIC z5F6xB^klc2#tPS%0-@{GF4?c2+1H)Lp;8li6^rSkuQCOV!gfi{jc&oBoe_Fl>V{rg z9oVnoB-S|m%p3OCV*FR%xDp(;%8DFf<_kK5>LwOLPOCmx)8GXrIoRU7@HEi;yV^Lm z+VCUzHF)9qC@+F-mA0H^Bt+F7Y?U?zggN<&niYOZ-L2aF>Xik_c`yHP|5xLC#Ffw2 zZY6*%%faD5p!;jiP+Jj)1%_puGnju7lZ-kNw}@UuzQIJCoQ`D5&k;zXvL>R^=(=pcHqZ{exMi>E*e2>%zl|TL(O+xiIL!Br zm}e0MQ@syV7D^-BF%ent6+ZM?`!D|+D`8>NsAN~BXaE3VT7u0}-;8;~ueXowO9)~F zQ3XqDZU$m6q^bnr5d7XZ``8`)Ca4z*YC=c+2};M@fLG#s1dK@Fi`K1HS`H2;DR$iyB=|8G zeWoep#6k-4L_yj>LW>=Ea8|wt1N!8*K$(1&qJNjNTyzWBm*i#EiTCVqHi8znXW){B zpZXp9r{BF27H*5g{6n4uhIwYD5^ukJytj`iMHpA+zg^e)-V1KBDA(;~WzKJfssW)8 zNnYH+uQZ8spbSbaYV$^PkAU&J)~!Y|D-H=%#lSOm>a3eWLkx9gw#5|OnSxXhTnLzF zLEg>pcs?`$XvVZ<6Y~xY)H6HWE#_qA17oJ0wm=|c{!zV86y$=(WvXlvPz72B-BQg$ z$AB$Xe|Y`++wTDeC^)=(`9G0Q<{cG7k&-FknD7#9rfuS9{-ymB?|PUpwPQe}g%F-+>r05xs>i2SVFHquM z{U*VtHZu`N>c?AM1a|o+&WYIdk|{_N#rY6ISHy*g@kU_w8Eix>j{!!JtK)i2^8b>p z!O37tGY~RRv;`WHQ!t}xkdu#;Q80s|&)m)6XEO_=Ib7&yqDugMJa7JU2Nm9esZ;eRvm9^SG~rP zQ0n=xn^mu58&nMlCum2$m1{f_Cr6kUqx%Gp*R7j@{yLpyhT*9azH{|~wtfo69N$S% z9^6R*7X(vKGmLUBE5;Z_vbF)!^N8jD=+u7io~H>x*cQxA$sim>!7l$&ZAzDktP=aC z=3mQzO?GX2-3L_Tb*jR7s6sCL_KkR-Q83O}$gLFmsa|p`)e|WRhkx~R_FsIh1e~|b zb?=8*jaff2gGBGuo^ec{PHiUo`O#RWdf|vl!s>Qy%d@GC0O1aPt5aQ^v!oPVi|!LG zP8v7q9UjTCI8g8LeSCx;{uq4L2ic%9)r+h7Lu~~><|n( zp6_S|&{&I?e-1)UVS$1==T9%sn*z3g?g>B#F+W7)@i{YuPl>7P*m0mm!EX{Dh^ikVl6u`?}dy)s9YCgeI{#{~BnU zG`Q73b7f%OYE=e8rD*E;_$S15;0Xmf;EW3ofZtK-`>R^QwyQPq%}mxi<9ifWKWp8h zSiCmm}}aVC9W!-hGrP+9k^OQwruz@e7Yg=c?U0oz3q4q)3=ByxYIaQ2Ew_- z2+Z^+hMN8%qt@_|WJ_BgT6D#y3G;P_+l!qb&eoPQlv~``p>F z5M$nU1Bg~R={w_lF(c~p)~%^HbctI+`zaY?R1O${DN~S$WirOP++zN9S%@yV{VY+$ zXDBKrUyCVdb2+kY2IcnY18?I$**!=d)>R?N^KzP#UT+jrkaE3OvTMq7J>nuEP{l}V zcFNmcUn|cm(Bsf(_-2~o?aqU}JrN}c69nl{zb)K{R=sKuF0_oQ9hjn7D46%WQ?;{O zqvlW`5M_jhSK@m|>B*_NKe^iz1{i^@!#txxkh2X8)L!!QJY!xrrzo$wDH}rY%Tl{- zgVNTjWopO~t{Ox^F!?h0p+G@s3KIEZ=3mU^kT;476!eLOeu|a>FVzJa*Kxhn_bj2C zKKF2o_h+2E#BgKdEHYkkPQKytgI6v+7-pRxmpNm()^@5~wW=MMq;V8f>TcfQhw?bF z)43>|CjB)H3WE7Q5e0*xAqIull4idd-HQaiXx)lvuH`^e_oVsfkN;FN>sHWpRZ_|*C0HGZDYUeq^Sem9pEj4U$(zbBaz+r2xOYo!fawja= zxEI21=t7q7v}$cM2#3`}VE*~{h4?t|TUGnD1x^c;t2 z;m*YjGm7j6;gCNqp@X}Q@65%ZkbE!;nS!01f-QlzV~Y#GK$gfh$m9>n(wXrofJ473S{0#@Kvw!AVfUXYr!_J%rc6C?zlYqon$Efdaxo6I?j z7ccIN&ttu4bZg5hVZ95hFnrQx!G79QE?Xr+4=u1v)ghU)|nYv&bjKh{qy{ca5Se=F@@tzp} za_cxqcwIBVFI(UhKt7W~DJ5db(WQ zDz;v7z0LycY;6*7yhTJ&?nSU7zsi1Ml zi3F;ceZ1F3#F(Fje+$Tu`#!yBY)|Kko1`Vo*tF&z;ss-y z23!imxs5mKB`oUVsX`DwoYukTw9_U^EI0gJ@jV^lf&b6CwV&>A*r!iImuL%u_DB~YvkMc05AdxS~DX4P^!liAZMHIAcVXoZs18F~iH)H3MK=bbv=fS>- zgfOocDAusOezf%Utwlpp_Za%zz{lFhGsVDhO&RpH6BOsq<__V zaJ{L0Cil|iFU=D2$e;C6Fiy_PVKk{{Cm3DdtWR51sBt(|f8_mNSnJBSL}fgS#r1lx zB*dM8Hl@BD_!r|^3lzMa_rF`|S}wfQswa3QzIQ9WcWUfEG54!p>`r6#v)|-3+eB2L z#>vzy)KD}v|C%ORCh8{K#7HHD7vnvbPTqU@7#$Z(+D&< za%90H%em&Q$T$v+N1<`udi8@q;}c=Pdm9fR~i|!%BU$SIPOe0RIJW0{qD#J9n#H$fn5@h}HCN zBVlCG)2-V7w@3FvC4SesN#UZNoUU{(Tfnb+y(?1Nw#zd0tKSY`7x+h4C%a$*Zv_S@ z)=PZzr4uUnDcl4#fmESEElS_Uy&8f#{?G2B|G7wU(h>ohuN>WYm z2!WcxIJEGNcHX9{UeW9-<$jCvJS+O)svgcx^Qw9fA}84p4l{jt>cE}AQE2mJFZAwT zi0=CelujBqMY0kc?lf7S{G(7N9)u=EZlc;ZT|OrGX&}NU-;QmG}_njfFn_(9bRe1^3VAj~uohod|1^i1h$c;8ca zT)!DoeBBXoUHa*7Gan>SDZXj{fqtMF4^*D3yqxNSREQOVv>WJ=v#=&WXBSI2HMDE^ zv%l$lFv9IixOYWgWciIzHk&%UBKp-g7l00qI6>#Kjr zVNpBs%_X@UV~nL8uqdL9Z?y${g;Xs~Le^e*-&Ba2H)}?#rJgKiq{S}n)YDmF5{&|h z=gebI!I${RA5t2DJ@w#+ypU0lNG2f_5~V?yNPV3msuTzk?m|ZoGz{HDIek8ft6uFi ziBT7IxN_=su8{5nYBj6&U{kfxAl#`c)dZsPgdn7)49?15IN{K#w}bi(4`|9K%b2na z_-WPasY0i*88N+{GmaY;0s${AY=vOX89Dq!PCn#?jDlRy{1e(#BoRu@jF3lBBN?P( zCt*@DFGng&s=rh%Yf6V%JZv|rUIxqFk#9C_69|R4&i^6s6gUI^bN+mvQr}&*Yul=r z__3S?kwwNzbr8RPRp4puhGk$MPb&6i8}v9b6Xw=S^#@Kv5U#=$K|0v&=e|w#k&ns} z4O5+ikTTcRh?AOsWP}hHMcNeEB>1TmUZ_8%;dlw8Ld(R%5OqU$zWY1Q5Bxqi&JcSM zHI=D5ZHTr8ggFIC-__spYeM`Q{V8>~Y9BXFVg&n{*4Q($=&=0xA(vY4`;> zTzv@@xoLKa7DSF6Swx%Y1Io|RORhXAPvepz;ouwVGTFxxYBZCHM1Kj zn)UoMgP-E_OZk%%Q7}vq$!;$~=95?>kScv0EyE$O3Rl=F;O zNQp?+G-A>E@+6TDfkIOrO9?~b zvS=4O5P{}ahCnd?vQNQfreH!8l)5682vePie*u@9H4Vayf?mQbWILT0UJBcUDPV?f z)q7U5Y^zW%gJCJJJRQu3tCOd!fSb znzurMMn4W`m#TCL<8+pqVa6Vbt2p)vhYDUv#-kLe(#O|bf0hi5K&2291ydM8Pdz|E zLST@b@0!OfBq+K`cN^Ol91HClzVdsxa=q$J98z=h;$qX9dx+=5ZdUF0mT2=1ydWX6 zCvrRc9HwBd?*!fn{GF=(y=ZDsD6HCt8P!1^ugB}<^ge~@d*;nZ!IY;}yS$X1691$= zowpgs0g+F^7dkIjM6bQN23x}f2#SCybRi)M((F>_W&wnLPC-98&pXMvH4?GV5*mSR z6MHr6?KxC8FmD&47eWgFY^3&HaFcXtXX;gN$EK=c5EAN?dUI(r@1T2<8@w}~mls*% zLWd~HeoG)IJI+?37nA$6kS`fGsa!q|%i8WydYqU9o><|!aojQyto}q!W7G`2CYnbo zq)HPpWgil$2}cx+I64PXCr!ZwLC!*tn}~lprBDi;7bz2W;8>c16inllOf{XUMBgBSCAuIa)R8k( zX&IV!x|R6{W+A~ZAm-7oCd|U*9D$TKO|)wa!aYY+8+-cYIPI!km_s5vw%*Z+yk@6G zRqbVbIIRQ4rbeY6ZnrF~D0=FEILpgx3WTLGZdScF>^OCY;6ZB-I6qT(s_=WF)9ceR zH2-=!h&2(-+RX@PBP!jc8TWwrSL2ZOn)M(9VY2q!8>cYU{7iYJ@|j>%$y` znu5$iN`$?Pg_PW!h0pCf!bFC^mN{uUqUp0Ndvw@i{LMx@FQ|GATcue+`2Vw4F2Isp z<$eE7_w>BF?>?lRyQ|&3%Ss}a1C&iviA%1yQnmxJUD&A<#s$PKft@%uu~Ff~6b}VI zgN>}R0f7S)76w_!I5sv)Oc`VngRN8`V1*JclSNwXYOfx_jb?pOg~Qk=bY)j zJ#%O7ok!2~+jFtcn5RKh?f&mZAlaGX>qDC!9skNI2n<7jp#bjGvp5R zu+(`9+illh$~3Bpf!QDFR&9j307*m#x&7@1H#CvyqG*l>H$<;LJs843oex4s0*3%$ zCuHqNu+U&!ATSaPa{|^(SQz1_5H{Ie+C^%1sBYvPM4^e4CkQ$JmyA8I?U1uXH*V8i zP;j8M-cLUAM4c!YVb~~qtT2%!r_&f5e!uRDp)B65oL7@vjKCEVx!Ys3M54aT&C7x` zgK>B;IA7POWt@h`!&BpMpst5{CnWHrq1gvDf$FBj_O6!C87@!Ag%w&%RV#T%u&C1V z4&dpe#@L;GeVqR@qBFyKV+y9nKalr!cDJ@-hmX)QmVznf4qW;{!~Lk?ii@mm*#i?i zF3FxUqZ$*XLA1mO_%XP7k(WjpidM)n=c7t*TA?NQRY9yb7SorF`7RD-!Eyommg)}vCzf(|gg3W%3Y4pcl zmH~d|1}?5};*#~3OkQzAf)Euzu>=+}+!nGlI;GL`WNzdCaB%(p) zI8AnjT-O`Wl#OPUO9_H>g3*AEJk7&-{hquDX61z4^Y*&0el8b)3u@-P@ zMifSQpH~(N7vmDRKAA@LZp~ia_%Vq)LEalKG-KrtLWuJRX_IqG|4Z6H{mho>1qHiG zh`{2O5~KFi$%{`#L7oa{DlbZP>Ff^=bIwv*9l}CEBgsM*JBhf!p{myy9c1J&dY+jF zX($WT0lru}3z+#t|Br61(*PVcBmGK16-F;IQD|xZ;_5^NFf?>;lkg@|b^Y=dFg4 zd4U|;ku7a5=-6%NRF=b0r;cdN61U3M|Iq*##S@0dU7fICloB~cAX-b|P+eEt@P?0RGFlxpVKf3G+LMCqG z6*WdxG%yO8@LATV!s(zK;_Id@{5yG{PN5vs^yjfk5caot9rD_n>} zKtZ1i5O!ocrnV#wL&phS2MRWvfCyG*!oJru#hcLLh1h@tRUp=hN|J@B*HOyKL7m=z z!J7Zc>?wXook@{gH?rAmEh9g|RYjD+L_4x9GqX7MvDJAEpI!!5G*wH44f=xf?&hDf*72gV5gyzs^#~5y6wTkYUK>}Rl`NcZ7)w7bG@4V zIqW4Z<~=Wzu__~v)F(Zb3J~s1>7xy+ZAlX2W{o+JFVVlN@iL3a#|I!#QLw|wC%PU<{!z@on1W4N zX-Q~B5{C{*Mr1KsVr00^;I)&53W#=*=7D)@bp<^sfh_&?WKBuh?C%tDiimw-}dDgS9Ak^~(I-~n|3CyfaZwq+ySVn{O* zj6|0&&57v0JY(g3W|Pa9{SB$=0~!ZH%asUeZVQr%K47jF3?7`<^>24Z9a*pD6ym;A zDenLZ%};n)?HGYx-oZ?u4Nf%>DBepbtxSSFu4E6AOj}aW+bPqzl5GlyhD2bUktMB1 z5tW#r9CsZo2I>KR8kPvi!w1M3Qm1Bdd8(0QYDFVApfV$0l5*BU05i(zqs898_%QIK zWlofJn!!}t$%}lD-y6B-4-Up{&o+!&LDu0aK)AnzeC^FXJC7@%$RA-C(#JX{9e*Tp z!q{4%phQ#xLMFF~_GGiJ`~>!zNU5@s%f<=`1Zt9nCYG?QDtEebxLlG;i^LL~Q;1dM z5-7n!(cg4HBRCHOasbPkwGoM7Wtr_Bv90ev;^ck6g`{$U;h;rZ9dSixt$IPekyU`O zP*(s>=?NPrXkQ!H#ti27h5_#{E7Qx}1Xg(N>ou~1UbRYc@el@x?o zjFv2mX<}dx1ifEb-Z- zO+dB315CUVoOF^*BmlX6R+q_6XS1chB2-P&Y5{P<@ z(G@_^ac(ros91TQcV-HB-VtQ2roUOQ&mkAGZlS;oLJR&eYIgEIh<&dDg!^6L94`US zbTBv+Nal6q7C@=Cta!4k6|)dR2|Bi75TbNAL&apoEOY1rF$DoXu2>6;gxfY~rwIgl zp&%cqELaQpVF`Q!&x|aMmNYV&&NL?$?iKd90hxMks{=V~oblEXCkQi*fDLJ2)M{tE zSvJ;I3rQ6qER>rxiQzs?miYlEAFLwUkT`5}h87SJiALZsW??98=OvPAWiHs8FvW3MBSg3Vx~{#r%_HOH!~UA?M19D{<&V!b(gGury)j z0>7}%ZiFKa+FF)28QgEHd8?90eI;XIEvXSMviBN$U=76>dfiV6@G zS_m0P&3VV5%0|qsmIModKvul1Sj}MOOVo6-4m{kipLfeSPmX&6oPKB<7;#K&P zg(W6%C@2UPlB6Ku$NMShND4X;0|Hsy+=@T|bq>GC;;0#p1&;Z~)}f|9$wW4Cqf*Vt zEas(~oFJSizCxp^0O6ieH2!lap3hdbBn4r9BteLhn8)b{mgv*hxWid1rl2UffPIvA z%zIS}bwAnMqp6oi3#|9E>CHRN-7YQf01D--kmnu2wyLG-f9ws&L#5$!t68V5hp$tx zSeZEkwHKb@YzPkPMn1ueu1aZUF(h%YJ$EDXPyxb1^H#R+w#Wh#D40F`+#v5w?nSXF zuve|*9sL5U0O8(In4K$QgfRty3XP)XjEPv&vvXD6th4FvcRhRROcGGNmU$R^Qw0e3 zxH82R&wDq8rj@zm%x$e%BQQhN%UL)vG74roh`Oz8!q`_TK)5%RDgWlA(w3lWyKx(Z zQffwn+v_E&EoAPgWdt*&YNp-_%}xt>84G2k`8>no4lSVEFz*OE%Pt}Xtup8B!nt9$J560|oLsielPpvfbP;*qR0NCtRq`tkQAnyQ- zkw->(hdNL#E=o4X6>IZcY&!A011L0#+}7asT9tn2XU^mu-QubMVWGh)<(;FeY#!5_ z`yj!adfpKfDzw-tK)84G9riO5u;U?b-oy)sca`&|Z=pifQr;0r)hmPB+dg@n!CkF( z-a+qL6(HRE+Kq6jjx*TEbZOtS^4|SkR(%*|*lxV1n`(A4@-rM}9iQ6qD(!YZ4x6pP zv&>rFN3$DLfUpqpL5<_4rL59eWwc?%#hqAwG|8-p=Nt^0JH$O-8=a`O&t-)ojAEwqga z5bi1QxjZFMu!WU~qN$h51lWZ}(a$ft__2(#C2mPX9v6SzQ2Yc|Nq}%EFrRJH(*b_e zT|h+3GV=~$ehR{Zkh4_*!ab<1kA~+R(wtRc)ZTA<96zMWXA?=&>-nrzsaBzCnW|OO4~gl-v>&Za&AiCscrNuZd-fy$VsMx249&>s^4QmNba`S?(^3^Le3B^x!{mnIVsi z#WzEfr7n+B!Vl#0A~F~qF3}4Xfl3pSWhToTZ zxCo{e+D1iI*|TE9yDFAhG0n0x!!+}bw9riSncF#4h)NQB>Y-~XD9TD%R%@ETA^2Eg zWNM@_(RoOx-~OhR_a^dGC!~%~onTJOv24ASig!JR3J~sn)hx4anJBB^pDYIsW8MG# zs-zlgdGBSIjBK;W?$;yV#RcW`6#3KCuXY{*(k zYJ4XC7f`LJ_q!ZZaG3b!Uyu*81K#}v5lf78i9_{?%A5ao@3YV>cPrJ>w61Cf)yh+O zs8{noj(w&AgnLb;Nf9_ueBZES&*=W|qqyXv@FNN$F}9PikSOF-(F7wc zovacy!`oK#i(3J7GOb#R= zA`(5PNRIU*3L-(zPKuFY2&alBSa_gBPCy%B-g_G))5tr5Ue#03sv1lWW*edFky#OykNi=Az>!pda8K#fIdSiw zx%oDdKW#YLtZ?Uh(37K7Mx75n=P#eAoRO;*rytW@i!7XQpiw}CdRkq=Bs~n+lZb&{rLiZW2*q+qU$@pP>Ag~t`rZrw85Drs_xq=nKbaE8r7#_Z&MZn^8NmVlhbsHDqpPOYf>-l~ksAXZ4F z(7eX!X>gL<=~t|4;^ZlT8H*`MJs=F@MzF90BFaV}upLn=6qP38;pCzoiWzPo%2Lbm z%GTp+)=Q2!*&dW1&g?fB_W+HI9R}HL?Vr51z}pN}fN&9&hTl_9*`*TcI-NMt7#)hI z&UK&7-<`f~f&gkumJuh)OpsPXs-5wn@frIcUGKlqWtyxh6tVaa7@-|di6T*NF*=}A zKy=)o%c0qdrez^ql~oOEXfY8Z8Gr&I?@|!V>%<1~p}(fnRliF?;1Fe97bS3rt`Zm- z(UF!@K4i`G=zw0vX1c=YT8KDm6{<{!=P!Tx_P&-o?szQkZ7rM%5H6e&+5v%KC=jUh z{PQ+)gh~@fk9MKBJr1FlojqB3K-P@#fXsQ4rtWo)Yi;MaR8&`wdX#RURUi8wicqDGcZR*5{vp&Rl(>y-?gB>a2J zTkI1j=+;|>9Xlpchw3VDm{tM81=ZS`t;s}*Qt>Y_)yw%9IPB9KpB+F)!!mW5Gcyt1 zawo3W7o;zlkcHq@ zSrex%#N$$a@`!v+9b6~2i9k_?T?%?J0@Wl%K_IXtS!k971x<;=X;jx|b@ z`Z%kA7~BRF=@bPNYQh4IN{n{sD(ma31Lqz)wt^Bw#K`64#`fMuRLL@Dw9_gwFQ1X` zS!n`PKYR=4rFdp~K95`YW&F_Q{i?^2RsPx4uOWKG@A9fBxqynkKG?@7spa$nD@3 zPX!3)Dn%@%^>sRZ`u6kZ2h$6L8-}-w7sa(!I8@YBIGk9MQP2nEwjEGGmPgLr$&XHy zRqD$VxQc>1ArxspMCznX{zVd3CL@pzr+~fLWW*W(&>C<04Go^=Dzk2mA|59XzOPA~*Xk5Q8GS9|_ zpyQAH2pLA>lb^IpB??3P@L^h7q8o3d8*ZRljSd`WC_3&p92Ov)xh`I`j~(j*@4x{% zd)7|6&YvG}+d#MkZzy-fVKVse;YQwj9aX%S7rR>buW+u#A1t*u9+#;~C@qjfI5q!Q+n@-Bo*G< zA_X$}yh}lr8WpF1)q_iJ-q;ba`d7M#xDnK}Mt*xypq(MARi$L0w zPudD^FkSB&cy{z?Ljf5l0;*lebC=yOkCZ^nC;^oV$69;*6d=~z(ZvABBbU#>s z#*bUK)0FvW5pek46MR4@@lhD!hav7dg5LPmB=kg@Ml+|j0fZ54giNqdB2a|cyQA9hvu2C%Gi<9- zBCMwpVdE49;pEGi6;alVX~S0hgWmT(`z>#2;Bx{NZk6YC%cUjy@|SN@{Fpc#D8^XLG<70PAwe<#7Rp>tK?cbk(lYTv)Z}DNn$1gU zB9|*4OEU7ld8CinK#l zu5^1#`wt8IZ^!v5!6C)ibDVyFsa~)U<>AAPr2W#R)lrs6^AERt0-csPguZ@yY$Dc{ zEZir9M56EPmE5|6SQmj+7JsG@2u0l%U*JcWprEXHl7%f!tw@xS93HriA5l=Y+H%;} zuURiW=;Xc0S;^3bc6s60-fE^r9nx^BKwv;oAXsRWCLne{w{#aI#BLfVKs9W7D}rCVg3Tf z9H&bG@Xxkwl-I7Uj_yHGb8Sr^aCuqaaCup@q!F7aLn4+W1v3#Jje=mUmerE6KB~Jc zA(@i=tl=*wu2GXy6~tm>$pDUN^g?8|$n_=U^eB!=IpHxHV+w+QzQmr#yCph3+N5Ah zW^lkyA~ zuyCd-K$yRPFax&rdJs4eW=aXkE?yK>{%Obk>%lEt)eOr z1}M+d<8W8&LBkc9HDMT~FovIoQHhI3Qf5@<6fuFuB}TpmN}0cMneM;I5hEqZl386R zoB~iV5+LkSFzS|ye2}6bK--FmsCq1|Ywg70IN}q{S~PjV4g>0=LCf<8G`gLk<6riR zgOT>}pSw*}-ucj(Tn;2*VWlEI3l?Um0)+WXVQi}s1U~VE4VaZm!W79A=P)3Ru>^-0 z3>@OYpwefMDluSrxsmtQ^VB1UInyNT60w+qst*2fLKa27McOo&0Gr7KoIn~->Lk(Y zpR<1dCa0>!9(dOS2Kb<$ECmIl?y)PiV7)k0=Asd}C9w)VkCenJqf2LbpXtb|>3K&m zzTWt|qw?>82X4Rf&Y2)evGDR``^b@f{dhB%mUjS!21`-!!Ug->IUD5b;~6lP9+nnx zsEDXCZ?n1Tx~uE!tJkirUb(Vr+p7t8;pCZT?40+RQ|^BF5Epl!?HrF7#ROwYAPvwc ziFi=!zMMLvAAQd9B+|l&I~W8n0Jc70OdRI{Fb+Sc`{f;@HZ%riINHnTIBB_tIES!xlU zDtp@^E=+xfl5?tF0}&Z*FnZOq)_*_lgt8arb1}x3R0IF&njj(&*j8MWjD(t!g~GTf z(FQ11m>7@f1Phn)q~LtSg!+#?Q8UQq60~{=Iy;~$3PO)QI;$l}vhWk1Soy8rva8j` zt6nw3h4zmM5auHVq&_|V_+v?3WCxSx(1+bw6`E>k< zXr(R-6$M+8e-yLOO<2eU|LTk^jg}^*ARhvinQNzC%vv)0T56^h;Gja%IB6lVfOtqe zpb!>P5Rf5>r3a*!NcTy@p*ikk(X~c{-y0t|GvzTfo8n2fTJ$G>vO4vd?jX;zXT8Ke zQ31laD&Zf11P*~lh9OEtDb=fRxVE;#D@s^6Y@sw(p|fZ0NG4wvC#>t&SGS3fdcnMn zz(SPgr@)~u;UQyVH4`ilnNdj6MF56VAlXBa)1AWx(Q5>K>;UI1_ApQ>w>U6gQV?T1 zaVHuP&yq%$LMjur@k#V^m#kmC(J3(sfXRqDyldDCaOg>&f`XETU|uUhpsL8mx<)1= zbID@b#Ai9G5C9v0R+UYD@{_3<#1%<0t!grzG-D!H{$@E)cR!pB1))FqgU!eFzyr4r z8-M4Wk4?7F8{V+`v5&2M=}R+b?LJWf!ud%t=IN*H5Q$R)DY3ORn{zsPw2Q+L38b{V zypm8ejj_|GZ$E#&>jwjtmIO7qOku9Ox-~GRbLZ?*i2&&nCmLfx@$|WF68ZY+v56@7 zXPHQDzJ$kY#kL@j52?std=-_P)RxU48GblX3>8x&W|}kJ|Lzl5xDCCOs`_ZII)mFk^4DiF33X$GmX@eq zZvcLPT!O%R?y;*?I(ZV$iW&{7)u>XT8*gl=0h8gdpkRh7KsYBg8iGSWAg~9_C?H+G zF0S&?qoPaUaCx~gu4h0lO{^!Mv{j|g)yBr)XQSp`xM2Ifh)RzW%Ja|L3epLlX#^ZX zFF!vZr+oZGmyYkeD0-i2oK&Ax%Zx}6#hW$%q&{fzO$u@evEFq{@|!yjNz`@0ERhC7 z)vH?-APp&%Q-x80QsNNx^^_lMCy-M%LO_(M-GPFrcoKw)h1h$K8$^>0)+FE;tI6B-ovCzm&E6> zV=G9Aqq8u9A1Vp_)GA80ZIA9m;W>)BL8c8MsZ0$bj*i1Vz46%r8K*2MI9IXWPfk@P z_m-fD$90g51O8*YmYK=Hjwf|c;GdRi97MrHKBqPpNgqO`CGbO$G#4P;aMn51Obef7 zMvq*#zW;!eNu+PJTm*}gFX=KKMy&|g7BLvCYllK}HKc11mFiSN1eDFvW1i;T(R<%3 zF7_|{!c-UgEpJ&>kh^}}=A6o9dfn?94?G||-+AYzXJ8Vg0^#RAXWw~e-kaawDnPhE zN?6z@1s>{UPr^$@sjcu!PlVRj>GbK_&!6vk6`m$d zu2|D#TSNg9L?m4-eUwv0qswh-8nZpUn!Z{0BYEvOwZrc9%U$31z?q5XD*h>b`qQx6 zAANKx7T$H&>IXj1eaN0iz@hI`r$Y*diGKh0DF_;+l6})nc^+LMDnPhUN^`64^T{V| z;Abnzw(_sf3HUdPK)CJk)`vqicy|eRy`li4#8YL`B0m8bpOb_9#k>4N+2#U)UOdB< zT_8dv%Oysw4X1t3qF(o7=`*J}Gh9l7R4!6=g9!?j7?n}sqC|a3BVQMJ_BWok{?ln^ z4kyWIG3Xa74e8O<$3G?4wM{dFyZz=ji}!Nhed4_|n>IjLDm5-#pp6YILD#Q~3fjYv z4j-n69$L-&2=}`R5H6w=%mBZng)y>iyV2NuqKZs?T3%i`c5HJDD2Q3f=T>SeKMCI8 z9}6WY-Acst;6sOY84J62eITG>D2DPcnAee|;Ge8Oih@mv!zNLk(d9_gAqx~FI>N|s z9Xc>!c#pi86B4>cgDE2$bxtL$!l=VU$k@?Aoz?bC$?=bk6bUpg$V_B_o*InHg z_n!Bxv|4tnMX+X57(fVp?P~=B7eWOH7f#o%MeFO`XUS4IaUjOF>f%LP(>6bsmNt=@ z5H2myF2S3kro!Q{@yp8%P!R9A)3NhDs%$(R5G8&N-u3Bl0Y$K|gmO?Qe1vcxzJ>FWTwY5}OF~U~Q4Js_meZM_kpUcPB5Y_$ zqc=Zc-S^_zvM?<#+iPEf{K&Q@~dFJNZW_FNlU~5~Fte$R4=px}4aOz0% z0ecvnreI6LPwZV*ni7YOY{!w90Fo@N!7J~e|N0^xC<^X0oy!*s{;3;+&rp7n{F!PR z9n@(fqF;QEy{qGGJmN7Fta03lP4*P7G|nfj^sfXaj^Cw-tT^r5M(S!;2TiTp$g8*46~lz%2zc zNY{mbl}1rsx+Kt>@G_Z8F%Drzjx-YIXhaDLUcbINL#JiM>=bawE}lP@`3Uq;;`{apN^ucE8mW`ipO#ncm5-{hGML3Wqq@ zt5?N^|J>)u^Qet`fFrGtVF<&k!JWT+*+zN84dOX~hy@GxlJ+bJhrw^)m<1u?i2Q>< zIF!rFU4YTHI3)Sb@rLov)#uf#t4EG>-@o#vT&3qKH5w~`Ulu?aNCOK|cbtBJUB29HQ3K%W(4hg(+qQ?YIYHprvmy*#r&38| z5SU6C2rL=1BN1PAely?w)u|nzDBV+a$pjKYiLntC5M4ta2md5dLWwJ1LKH8dlLDb9 zDcFiZ*i@ygxUxdBasv|}g#DT&qYB(o)eI%2;N&0^<7Ar_D{wm-`#iL{_b}_HvPJah=1`H zD_{NUfIENBJ>AA%|MeBevGYEpLK$n1fUu8$KaV7Zl(+2^~1-4@lf_8!AmH`SX5cX2glh|v~W(iX)L_bjcdrQRh6v{NxIn@vw z6K+FEDGw|px=EuluBA(t11gzjDWVS?a=RE5g(BW2`AV|JT}M$6765@Eb#U5-AypWC=o#y$jyt_uXXBq%j~X{oE9h@*kMJ9q`jjgV7ATmMnc#3B z1)=x8w|n6&tMO-lW*{tVfR;%Q?u>QF!DyWas zQ$Ap%+`45>md?QmBc3S`g-arlYJhZ zq1Yxif?g*Y6xQBVhB!>?t#4g9eq7w%4}Q?rby`{?)13F#)SK;VDOi}Hc0CBw6#Uwt z{d{dW+n$zl@5*}%6H7f0@DH%r*r1IK8?RJ-ssU)+DliP_B1u7*ZQGhg*RHJ&be>lF z;jOK$0(ENjfw3i!RtqJZR&E#P4TB{e925Wp5K0zu+2~3BsR4q5oHmFFBFX`gWYcGE z;H34^g-hHhhB3jyK!KJCK2?~&m`=3BsLiO=qSra*r%t;VUuC?Tm^k%LRc_ z#OXy{vY~>&Fv{6*su4K>)v8t`7yas0>*a@>x@BRCj=7kE_#@&WMUgNl2+0VA&l1Lj z!e~R>4^yAXft&FYecdBxruX*jv-W`lau)${PB+}pm<0|$`AOUJs9Ghw6bR+R53f$_ zZLBAdeumeti>H*tP$)y~dJtYFIuh6aG0`{T`oqKdm*_=mjKtx6vL(Ul4I@m?SI3SC zuB@+%dbQfXD+SU}R}@s#SzZYv)6ntWdsn~bdsaZ8W|O}0jn!$wTV7sK&z45RVe;aDVc*|u zXWLx7LKA7%gAmulB}%g6Pmav6gn9RE+e-@x#f=TXPgE5AloZtx>NFY+4BILNr>#m} z-P2Fo>ecZ$fjdm*! z_<-5=-47k+Jro=+995Wtp8nkErm z|KG~Sw+~t3O+?q^U{^A)PgiB*hV(g)EHaV$_}3@k5G>q&OrMfhcj{DQ*eilhH3mpi zZ!*DKfc3xz~=-xWwoZr?PB} zBq@L5Y3soiXRC)$^3RV13t^tLw!|K8Z%q>*R1^dP)rw9iD2R1Sz@eV;>D>0I9+-XZ zhi}_v@P{9tE%}tz*Xh6kQMvnWapi8fL0ro}{Zm`!1Nz?Y6aOa|kZn~*E`22YrEim{|hBpPnc+?eNhrzYbK;;R-t^E79 zxW_~Y6z3a*?J>GheLZ=1os>O=yB3W4pYTPg~+WJN6tYs$~2 zBr9ZU!m{RIzkcw~=YhIWw6S3?Ej7OIg~7eP4_Jy@3Rq&ySH6-P9`J(jxYT1I`D$EO zFsxeb0T^W4U1}zJ_E{T`C{jQ07A5cZ(j{BDDm1!s0AU~hUQ5(Lawj@Kbf|aa^F&pd zDa?4{FczMY?Ps=-wQsox2F?AeAwJKt6Ngiu;rvf(Y9){A$tMM$biHeMc(7x~HXk0a zhbNkTcuD(Kw|zKNAWXP>^yrGhAq@OWDtN$HbbWnwSddBsSKO+T5{KtA!eM>M0&jo~ zP0?2T64eFKl`(rKlg_} zoDGn`xi5YZsKf2Dlg4j;vwPFt^d@mpRo7#Wr>FGSfReD~Id);N4D+tp}`b{GI!p`^}hOrR3E$;fC?8Ms#4XdW= zpC9f=#hFm>KHN^Ce>l&R%0kJjyKq6gCG|+shS!3mtR7yPM(XV;yls!eJ{Brny0ki0 zcxTVrrBWBq$B#GCk?aV?(-Mc!*H2GE#M+X@I2jT=BZ&?8sPqz%JKaki0ix0~j5!Wq zhP=eVEs5BwX5F~-ya=OI()ut4_2E#x zEIfopV&Fc{~Zpg<<4-mOL9oA zMnh?(l{b}TClwl`EfPnSZP;m%7;O|rfepu5#D){VuKNJ$#(@O8X;bu(##^2#) z{xkX4Kn6Gt+^IzPkTF*e9^R`L*eZNH=u~WOVrK`{DxHm+hi81eU>-tkGCFdsHzJqI znPc<-7-x^xUtf1MwzO1iDKMyXK!MRMvUE_b!nKZrH3uJc%E!_c>CaK`svDGMZ7LV8tMsD4)@6mWpO!DP@Yeo*uM(O^;4?+=tcfo>QP~bbm5$aX`@gQ8TC4MZJSN~4cBt#c z2HX_iDvdw-sHQpF3|7pCOzE&pe=o3WNwI-V9TlNVRR%d_YHLlkR7@RBv%sXWIX-1e z$Y}4y`1Ie!*zKO8yU^*h2&d&V&vv;X(|S-k`6=8vj?eJ`TSW?WEh8%w#k=BvV3S-Ovj_05j8diAub zEc2tnh7PZAVM6)n!9w5vuFUZ+)lxm6Aav3aw?f0*#g}4pxWmj!> z4F@RcEo?3n$F~}=m~OM);8n}@*!R<)N+Su;pgD}UsPb-6rMp;{8}>=dwNP#3G6(Ug zAs1Kr=F3<6Qb?M0rH!a_&ZLp(WXQbjwI%kl%9_8=nb@L>BEq0aZI$`NQ+a(?m6cZY7(XCj12P~yG^f9OoT1Q-(2WP6(&4Vd#dD(9Ts*B^t-)D=> z3xF38#JeeI$0*LFQKc=bIn+C*L7dmrP*tDw?VY3Xamoy^5OX=#bIb4DRMw344?l^` z*t?=@YP#xeDt~yeC(HHt&xyGX?z-5lfHfQnLv_N+cZ!#4_&!~pLX$tpg`K{QWs_N1 zKx+`dsqN)Wy5qIS`&^gF884ql2)V@+0nuKuv< z#TI^2($2j9&TcR_e2EMt|4P&WM;$89m&!+fL}N+ALi@Muzb>T=HW{Y#G-Vl()h&K) z{zgtxB@WH;F})=sv{wH;wwIl|MJn)JOzc`C7;C>{*PN10 z`D9xmxksRe`s2pN2NwoA2Vb%m3!|o9k?tBB*7vk3%nlwak7;SgkU~twsjqhdz!r-W z36ErMZQEbttFP_U1G6x<0}qBt^c@)QTLig%`G&$fXm(S+eYSR~TKOa`-cCN8>uxs+)3r;ihTiG^Fq`H;zX&8p#SBa0%^7tjQFTFIa3j8^U=avZ2PP(>C zxMlr)tmCK{;W9i%r^5-r)iDr=7QP#fiKwWH<#ls&Jp0nk?z;)PapB--N!z?$^uF#9 z=PGdB`eu-KvSa5F#8!FJsvK5`GhnT2wGiHZl`^e4TXkzVo z-o=%l>xa?jSxh0RN)eq-)wOCWcNsVU|3(drHoBi=fPuCQjtS zjm1fWGSsg`%qdY>GLYznO<|VBLt(6YHfq%hSL$t11dCi4@s=1gko1eT2%Ap5O>cj|65TK%39Ja)MTCOyXw05S`r|MGQF0{76 zse~LgovX7mh7s?oV)!rXSoM_4{nEcHH7T?5g78ffM$w zB7r7I#$1Rc4)XCetu+3ssWPl8n1tBZjrR5}Q;mE?Jl?tZfGsa<0OuguxpJQf2iQ~d zr|QT{k>DH+l$FyH4Kw~BLD4fGjbSLYpfkU2fuihj$4!@_1^EdGkK|r}gCi`RCo5KA zm*K%{H~8XqjWJild3L9J^x1?el|0Z|2}?trJzK4!Sr8UM{QCjsxWlgRA#TRVX92;9 zf1Dt3qqKbshzC9dyu_k76ia&G)i5zoWJcDN-kARn7*lWbs9 z$S)qw0NCp${TM8mR#-v&)A``sf-{cqCB5|i)9T&G$_rZaM($tQSDvC9aa=p?*Qttn zja3{4-a|TG0u*uSr5~-bE*gruju}{pRgGrnIlv6?fDsJQ`Ja!iY9q9apsKKU`}kzM|e0xmm*^qTY(^(*lZBo{~#0aHWN6AC&j8Atb-%IT(g$PVPNU{tzqqz-x`zU z{lClQy}U{4H7}=eYVv`z{*mU`-J-7&Rf#K*)BQ3*^|h@*UI$md>xhVSYN@oWYce~H z$si`}ss)Idh~2xFb{?hD(g$TpkS$3X5o3;;^ryItNUass4`zzwPUN37j%*T10>9nM z-)&)5qb`|;pOT%n4A_r{h6M?weIvVry&XJOrcd2%6)8%sjaLrFz#098*Am^o<;?S$ z(2NN=k>PCVZB@DrJ+H@$NaXR;?wdo#vQhm$h+}TsS~kY&m*OTAF&6KzPO6dyTz;q- zB@tORb=%ifS8O&O>8L2Lo<^wXj8!hf=nQBS>9`XMh83hJmDVM&{rxEq>YH^8nr8M7 zre@1a09K$pjo)subQOi1sZvZKaXdm!dtww>&qaQvBIM~p_xDg1;-L}V{Jk)0ma)Ey z>7@+Ef58u3A9uU3sNdMy9hD%++VU#(k;CEIMy-qWKu_TWv|*iX%)u>eX60sW9aok3 zx5<&)_xA)i@i8wV9nA|(I8-dtU{&bF>Wo*URExvbK_;kJp zdiFb`&*cv}Rfdi8AsPR|gqLgp;A&x6?|jdd=GH2;=v7NIMjxsRiLn)Gii;|Rj9*q( z^^5i{hzTw_&;-}~gEUFdAt{I;K@L~=66TTU95!3*Ve%}%X~W_+Or<$_88s_TAZMTb z&XM$pqX=Dojej1<1$4hamb6p*|LpT}*rvf|S!J6=Wh>#0YRwX{p7UP+F9-WJLi z?5Nu~_FULRn#9zYGvoG-_nJ3drZ0ooc3=R-4}tgAh4F0lTkqddMUNGAt^$7OrPw#0 z`f5GPdmoG0RTX-T_5FOUA4BQ%VCcWR?Zfr)06Ss=ijx*qUfl;B+e&YeY*)gN-SeTB;^pOIneN_}I~Ro^3vGosR;OKJ zaeM-X1u>#M7K10d+|BM6h+ZQH!Ury&JV*d6sRVYevoA<$6CZB^EFb?x7F zs^N>Y+h|~;!8MZ~%)u}_B8A9@{7=3Hi*-Uxn~X{0^7b}>2G;62{%@W5HRGLk6^F=bIrk$O(tK!>?4I|2gO5_%rN}gNG;mC z?-Wl@ZMasp<(-SYrY@6LgdePYTG!(tV&^}ey$^r3*zNA|6e5glb-&mRFV}3xkyEib zif_8pR;RNwuf~X+^V>YWyvkDc<6QEbB3vhP6h0Mt-)4tST;bDuyBONGVzHG4gegf1 z>q?K2EUmPs6e$P>@Ba-h_?Nb2V&2OX_!4(4`WqWSi*-RyFIzyeCIxIdwAoY1=-iZ^ z(v$md)|h_ic%aF7Um+DQ%6e8~9#;MG5M>dsp}08nrDm0Sx05t7MSe|O{4e|8)In6p zI8lsl_7Tq)WBw3Ah`{}QNCUmk?Rr|t9mOjD>^1a-=fmOw$Mwnch$ay2*?S{;g+Bl( zoA9sjdUYob9%JVDYO?cTm>=UWXlxGlPCIkmfYr~X3aGr-#b#HV#uz8s@Mu8^`B-mP zOA$eji{X%|ge42u=AcLeS3vNj=PBVp?h&ht3on(n(x**yp~pn};;;(n)G(#9&bJjo#Ky|D#Z1>ecnltJ_Dkl}4^zT^Z$vFef3)NkeKxK%LR``GD5*)i;31I0mI zv#dUG0q*lTNWb-yVTx1@&~pa|i)c`mHQ=eYJZYBq+w8z(U}oQ&z|wbkQD_ca?C&)f z%Hwrj&SAPuVGkvA_9c`+nb!6yePiO{&>|h3&df6>b_{JWYuGo>%G;23J)QV+kHd`8 z+C^=QX)-o9cZOkc4_EB&&2#%oqE~u3Unr~}HMq7}H~BJ}q6I$Qqi(@pGJ|ZpeQ%@1 zKP1G{|4Ag)#gxsJ3pN_r-@blRui_?=Qs=j(6F2PZa>VX9>kVlzF}W~kF`wMwTqS5O z>_!H!SYXQX;CJ2#`@X}@H6t2<*(J`XJF#4Qrwh&)mx{*uN+7>5}p~k9q?`LbpUtdo`6^C z7Et!C)wGW4!D5+U(?4>6uU~;r*;KQ15vO{q`=73hGDNQaO7!DRVLUZ9?fK0-`ys4z zphH{ErsZp#Gy;RnVr_W}9JRnfGu5@g9WBE3$w1?r`*AQOrji%<5WTkdrw8fCr#mvx zJ<)BNh)y&vjllW3akX}K7L?K; z6R1B~0nx^+)8s7cU7hV4D&eLAt<$g_Y6TAMO#Tl1w@pZMWl}6yIvn7;+FIpZ*-SnW*dSbYNP?EPZSqX7 zcfS(eJ=h}_(vI67azMQrZ)`LGsl6c1VY0^Q*>yAnaC86b5{FlCbg6`3^jv(-rs+q? zlM5Dp(OS05r~d0ar8jfkl#6z)V@>_Ee4X8=zNSVj1r{BePOv4+E7!^ln}8&J^TNJZ zuxU^-W>#KNa4W=^} zzfCT@H?8;9vsoJcfK|Qer)}zh9P#Cj_L!}$)9=(9A1(^pkyBBoRzt&2$D9ws@!=u5 z!7rYQdL~aIPWeT?`Yonhyi_`-CZOAzurosEPceGbs6(9$G@`~5n%sLOJ#Xwa)61>$hJG^kjJ zxecsA_s0apP2>bn7G~}#X~{)V3RD>n2CXsj9u#KXX6$xO@;z}jWHx|>oJ}uEkQ~wTnRv7Q~je* zpvgoSiSZ+LV%pH-duVFjUuoIZzVq6&CsI;7c!XVe>`OQ}zo*F(1U4e75I1}m4bQ&^ zAXZaf2qgGw#S(O2}cW2 zvG)au$?lfNXB~50T`;b_qf#;&$EU+3?IO%n)?GzkS(6}?UnR#y#GH_GLU+?{bKRdmVAY;%7HdLwl(x9q3U%mGo)g9d; zAj{$A=*(b*mx7n7%}=F3D759y3__?1-Pr5_=R-5vA!5OdUd|{jDsNR9XJ^DH#WT4P zn3K6m;YYHP2eDm7RQt$-^0bzbiN3k4yF~DxYQ5;kwQsQlrr1exT(>Zpa`6?i`wK3l z^RkElhG>1r2e(>pg++CUT41=|+C!~MMF}0W!9J19V$N!1GZCc5^3Q2#N~kv|37uAJ z?Y(6N6LgWWW8}l`nvL=WKepB{vR-ksHJBzApG^(iX-7JmGW3C2lWa@pgWkT)sG$Xy zN0~zN&#(-F&p0qZP~6(~m`Kvmy{1+=m!|Y^70aaVw_QXkfEe-&F6bk%(IVk`GC}#O zhOj6|sZZ&}RhAS|G7J93Jt@bT5%RvF+DN^vKBS=FOPNc=V6p-F)m0N?hMUcxb$^sD zrf4HwiYh)+lKx22mwH`3@O$`H%pC^{0etxq#`NcQZ}{{rqg;V~$dn$zzN1;sGHywt zo=mV8J2FN$ypqx1#xsS0VD5oNphOpuLD ziJVlQx141$y%F=OT)nImntf6(2lT4Q>FWRbpl8tW+14uV%eeU~)gwZ>?k;Z4b(gdz z^J37|?M9zVRjYI5A_p@jxAO#@;QO{3GNhJZ)p>qik$(IYx;ZRj=1ozbTGnebyL2O> z_ix6JxGU31MpA~T!bh{o5oZo#CXjf|%yob$M_IB1a|wl|)R$Eum>~z1b|ad`{^<&H zD-4LRk_kpkrg+2QH!8u&9E*whWY=0g@Ir`?{FXBywZ3knP(at(by`@vs6QKLxXhHO zw4PtwI4|}KDXDjstm|gtSp;%)!NQ;AlDc>dC#S)#g=_U3jN4AgCdPhg=ILHhzI1;g zI!A$51xy*#5|RooOrXXhNkVfd?jTkU?(Td-1;v9xTO%r(9cSPcZEmfILV7JcO~^tt z^NV@gzy$u;#C-VHDTCxQHzM^N1%-jYOyGITxwm6mAzSw z&bV*M=7gMv!x1?R46SLKw57TEJK8btrKq^%rxMECWZFa2FoWPB&$k_wxHrzh00bW= zdO6zcOHe!h^?rZ(Q{rHNvWK9uNA!9pJVz;2Q+rfOnqt4>&D|3p<6cW(BY@p?EW9s< zc#bcJ9M0S^m~2;i(#EIle}|gYlV_*R(sLJ2_$CoJ5MJJS=b0w?8xj2usyl{_>^RTn zV0Vc!FCU;>101drPb;g-s>qJ2coX{CtUEQ8%|gSl6rGr6+p8wG zBcs0%U?U2+Yx|Mxbhgt%*QwWlhhI$fug2k$tcCqd8b#hfHkv>2EoH3cQB~=EUZBqV z?89hLX#-2K`;?!>6iN@Hwf1qiNbR|6-n+NLwFy>e+umH6~lA0K4lx1U?et=mC;r#+ur+tdcw%TyE) znk;^7Y^*#UWsE-08=;;bMe&0f!hvbkXtt<%rNj501h*c+AYVVRPB$}URTU_uQnix$ zgAn- zkX5zr%%hdVp*GVkjyH8 z55Def@zPaxSknly%obv|5s9WQ`YZi{ePt|3`byy z?h^f|3%fhk>PqZm4*Ze_EXrFg9fkhYFq#3pMG%}CXtq-|XpF-XfHoq;{Gi{~a;gVo zMC-JUxE|p71Uz@oFa;zFMA-%WpY^p*7=c0f3`i2=u@E!nn3O*KE~Npq&-_3Hr8{kp zpdbWv7;rj&u-p`P{O1()Gc@R|sGiN{u!#mBv_)`W%J?9DJJxn0jP*5I@FBR+K|#~!^-l*IQQdsIK7~Fd+HJRmz&~cR6kKr@ zf8ffIH~>+8+Hl~D6KKBU5sPn-fyp>_XU2;!+O<+JuN-2PMYdzvyifJxBp2 z`;0|91wo(xgiw_JXjOZ5a)MG6@ckEYFF`fBEt+yk2clrMN)qXg7Q=xzfP|5y@+6Kh zgKuZ6@kuvVKKNv4p?a^@PD)TNS2d~(!)bwCnRMW#qF9)+H@IT$-gG#0H z$*pI52W&}LNEv@msXtGscu?*JQ-T*!JC+YWcMrEe;AlP5^sgYX!bf6t z!gG}sDsh{BpSqoRgJ!j6R~q$3+B$S=5+{hZm;rKV0~gVHUzppcApPbD5n6%iAbMW# zTLm9ORKf#=);r_nL6&`CO%~>Jr;S6%OMFr!j^V&pWXjBBbr`tbM?0?t`E0gIp0md< zl0FN^(E`OBWUrtoIWH122MRMju*^ow%fqeDZhOb96QZq&Fhuz`k*}j9$OSG{q7rYY z72||OUtbvGJS$aY$>3ucBaA+L4kgCJAgy?`yPQu1g{8iHrs-5hKZ#dnMY=P^=2=u= zg;N$c@~1ia9#o&O;GJo&`yO#<0a55hf!0;%Bp9M|JIG&9CyeN;HmO_)u3?^Hs$iH? zU?J2kDre9By8 zJ_a4v4|-X3Bp&>K^S!77Xn{zRBmm_gua3na5b|@tu-E@1Z&TeQZxM@S=%^?tD50Xy zGdH(#V3gmqVki?5K#^1+sth3=iWL}xRxubQKLS612ZR>O^uG`PKY>6I-3nRKiFTGp Qf{!9AsU%S;W)$>)094y9UjP6A diff --git a/doc-assets/lws-smp-ov.png b/doc-assets/lws-smp-ov.png deleted file mode 100644 index 5faf17fad283834976990c9441c84e83ef1c83de..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 72738 zcmdpe^;cBg8}A?j3J9nm4I)ZPigbvA2uODe2uOFQNk}OIA}QS=44u*~-QC??_nG&* z?tgH9x~%0A&YU^1_w#&epBaC7S&3WNWY`D<;+EtqF+~Id{XPPLmVN^hwp8Q3--rLM z+dr37z5zcTH{SZe-#2YuY1ktWc;8X~(2^*rX<;L&gSfhblC`mev%Z}X!r9rG)zr$| z-caAhh}GK8BzjYj41u_hkQ5VDc8OV^a8@TAI<4K=Vy*hfr9dG5Oj%iM{Zaa`Rv=wd z^iL~;0JibmWH2_rT~Yks z{Dok*aBasrpNYwEl&c(hP$C2N^BXju2%g{QxltsegZS@Png$Wy>-Yb+-R~tWnjgFj zFC_N7LOek2O7rO**Bzh#y^V$}=>LyhYl-zd>OyH=WO`hj?{&-QG`P85T^!xS!&~g+ znW{8%{Sgt7c_x`Rq=)p#{PVW;&KF$LzuzB8lL=YF&^Vg7Bky#zw;MJF5X~7_>|NX1+J^ra;b`VWhF82>_U=8u zp@83}a)+8a4-u}*!NDN~KRJD*B3_lJllNFO`zr)VNlCF2hR4R#G}HQ4R%18&Gn9y) znGWUZRQ0isl-ed;W6-H^s+ujzjX*=kWbom1S|7%g8*`xOiWkX41SBOHeq2%@#}_%z zzs9h)*lGS9b^W%ppZ+*)Xc}#dBHLhM2%kmq+9sAie)<%d@l~BIBO{|tg4#1VM%c5w zt{29rwbDsj2D51tl%}#SR685sY0>TnWK*zw!z*miu&ML0_7w z+ykW}S$8I!rwUBEshR>w>#IG_@{u{hXN4x+yM1yZzX!~so|xd()z#h7EM}`Y|IRb% z^3k*}mBVth$SsBAZ3{uM#mHZllJVXIqYBj^(kEYVh*{ZDcP72pNUS$s*ez_h(wj15 z(H?SqhI8{K&BKS+ee$YLv3;he-|#!GHq?E@;`2P^5)~Ci!1YJY&KjH^tYOt&UYwP= z>^$&1J8W!i^&iMm+gpnFo?TgKg?W58kQqK8Sor79@n*$VOK0b!hYvr^)celO%%G8I z&3c_I5aVK^)4mK$fLlXQ2)cx3XFqm3+Uy+C^A7U$#fpoINi(z&POG`;vS>u!4g&*PJ91hF!SuEIRha0p4 z0$La2PEJn7Q(Apx)%p3MTGmzJ2?_WA6c&z@SX0OHJ3e4!^lxYogR2y_u&@|LniHE3 z<)ZHA=3TnELu!eU}xdwB^9x$UR_=nfINe5I;-&)?tQ*y!=&$8TZiVnn>- zRC6>r;7ZQV&&~F%?*j^PXy>#v^7k>L$qbrI;9l&ma3GS#brX5})ORQ+}i(5fKriTU9k)3J*QY{n;*oEoFq! zV75jZOe4{=0whue8wZC-T;T_F1VeFgv6QTAa3VuMZ?&g;V`HN@BV5~N*%DQusva>h zu~Bm{W%zEX!^-zNBqZ;OHv&nYK;ix{YL8%qx31celanvNtgFICtEvN44EZm3l$piV zzlvMCx=F+-vb008g<1Lxk)l!f{E&ZEbGuFst)|Iy-0Jl!iBk}AoJQQJitP= zOa-jp&TE4~n-dl2`9|&c5ZKt*KRJ!Ct*op{OG|C)Z}Hfi?wfuO3oBd8tw0#E=)ZoA zJ62-71UQ=vm*nE+HoLjm1;yS!TB?xr^7h@k_5OG15kH08xdD3~>s41OYAkj}H?Iz4 zp{eJ;L4%F+^Yh9YhsVb*&{m(4l4x03S#c@(e|-3GErL}?3XXqu((R4-DeTD)wT2q6 zPrkl}=H~6Uc*bi}q$3gkRvZL(8txvSo+kFZ+dev?XJrizqnFd{JUTzw3nY7r4O6DA ztxdvXr5(Ny!)H$iCxAxkO_d=>-s2Gxiv30_k!c!8EfP0Au8pAb+*iQFC8;f$^7@*V zM*r>Gw}yrWc8_D5rxR*=p5Z@#lIXfF5FH$K3!mZooS%DGRi7Bg#KhRx*d*95bOXmeuc@UW?|@iWbfFQIX9xr=-2h266Y z3!j66ZUHA4g6 zSR?3UV_I<7DreqQ8#h%Ar zLdU{W&YaLJvrFN0-F@5G+$^y&SyeGRJDZ4Tv+ov4V+csRj)B4GW4ApmihBQIw6!W? zAt^*Sv;UeM2oyCb5n9@$wr)eRGlF~fQumj8UYJf*SE0@er(*W8TZ(mNg1)Wy#aBZ# z*42rcj{Hf1A}4(23a_9r2Z-=>&ICR_zFLuH&NT+DVvB;&YrQ4bdKmK0U%Uw4-nPMz zPnC&Q&G1Midx?dGWmM~fCeM`WK&Ng_Ej&Cl{PvDYP54pLyrCz=AE7yCCOs1isF~jjSrB-<> zHMWn9i>s{l?Dfj&*;!We=4|8FHqZtMUaHUh{ruzsPWngZ)6*GXs-L0#D4BGVhRcZJ zF#H0=oC2-JKt)BhYNA3Yelq)&t^fSmwQK!`bS(F;w28Ey5iaD}x31;YX2OuSs=082djWzF7s8JS506?XFlfX^em za%S|oLq(O#x_5Y}3IhiXGjJ~y3Q|XrrtPbCRV^%6=4KC87`c(GCH%mnpvC*s=TzA>y)c9^|BMh zCLtkVzQqV9@c2l9Ay$R+R@2Z>B+`7S7bt++dJ^{;RG~cK=i9U|w}GndX8vMap6|&` zx-L=H4pUd;-ec44fcr%|h8mV9#L&~5Vk(i7mBkEHa@-t6enk~;^ktE0AFur)F23M4 z0wF0W2})t7M}itH-|fH*nr<1SV7Tc+I=VlWW85Ad9)2MqCS%2x!^6Ydb0H$Cql5jc zPu~5z4;S-VQ$THFJs;$!u+HWB45d)O20NH;$^j zF5Gta_WVOan%mpImX`7s9+BW;R-Y`ABZRNc?PX(l>p(^EIj$0}4dpf0*MEfhDgZWL z-`F@=NsDI+2U$KLCMJf+hmF0xz5R}$2thd8t@blQJ2Nmd&%tG{x(Nsf6kAQSfh+^1 zbjzeG1_iGut+rKjMfL0=2Fm3DNZ<9zDlJP=&Wov^W-59fJL0{4ePvtKXPJU@vs2k6V zNy_h#?v~4)^8~5;#n)HuH1PKA+bD_v?lmwlaGCX|XJBN^*e9KT#OB&6t?ON7=B{JG zpyo+Xo&vid#wR9FVw67?&)eJEX>4* z-A!nG7~d#CS56eaK;z^(olRD`qc?pOBw<@e%~5_n0l*nBu)JYhs+9&B8d|n?*&PI6 z*Y56ab_D*LflL*_?OOE5>iIs#oxd{POFnyssJS>KM;sm=nnkjQjagO5P@eMvAcJqH zFLzvf2Xo_A6=yrwq;G9)eHaI-8p^Nd9oK5-NBGg)1YUxRB|`v>x3ss{zhUopBQu5* zx*e=ykYJ%N&CmY~uTaa=-QO4^K4wPj9ULt9QhUi)WJDDo?e9Mn5QwgFKeAi?M>Cyw z6-_G@0%qWpN_%&D&%5J;A-yO*`&9m( zS3vzh9Q@C3?8qti%`tP4$)v0$EV#d3Tiav6H7657a16XDdDruyqvJJ#RlD>J_tzh) zS&d_3T9%IN3WT3w)P9BtpSG;)tI5jBs#T3|RUJ{mfIZ~k_{L$_wB7Nfo85Y{l59$C z$M|f#%-(0mxRe`86=4{^7;x6ibyrRtAo%TMr7Md4J&tF5p*FsYTpquWp{1dzdmOYH zXKlNdQ?ffBCilm7?j;CjeDy79F92SIiC+NmCU5SIMnOplUdk-LH(R67EnG(X%LM&7+G0!Ij7TqS~q%{j}A^vQTzP+_fN`obEMEWIr*WWprCqz z0R~(sNFeoFUpzcL86Q7>2q^*({!<^$g^k6^K7hPLBC^es$+V;Hy!PjsOWqCSAW2vy12We|I1LKM^+G#h$uIbYlg9C z6>o!2BOoBCh5Q4RLVU!+ZvsNJ5K!uLdcjSKw3_$@V9sGZDTwj_A24uM$5ome8!-~v z1}UXeFP^yVzpFl;#c_01;hF0e+{3N^a%--5%!(HLXr!*2q-6#vj}=9{*QsfcsSgKl zU{H_|?2)ZkGii3je9Rom#KiPKM1&ghmO?u?><$P*xryr3={c$3NXBl+19r#lyEEE1 zHa7U|=5OpRbvJi*1_3TQ@KXXEH?_9j1kL~yfa*_8Pfwpb`D(7F^8WJzzd27wDw(?y za|?tv`6VT300xj0{qA|!($%h^2mWLuD@gPLQ zhKJRkisYzDgL&CGI$DA@L)8E(D1x&CM7<255@HJPd^_9VUwJrc{`T!#n`TPqpGf|n zUS>#5AdzkuuPAUpPmDXJf!qWy_WPjo?PnWq#(5rUybPvj{r$q%&(ANx`|2|MFdn=I z0yUc;zFz-i7u7K#4OM<@(l}*kXjo8EvIK#GQBR^cPuXeU{~=T;_v;MMYeIN*zt1&|!tSm}O;UKxtV#4L}g0c|%D9W+xzcUO~74 zCfZn3-q@I~y1KgZc=qc##DA#dWUe_xt4bkbb<4*G!9{j!WMl+rJ{rm%$!6c!?GAtd zQ42sIKytD5l&pqEl;)brXmuj6GpkOy7-V0rD=CpbxlHdsVrNF2Z#h={duR<%+W6$y7&$N(yuAUUMQ~M^aMn+sKSL6Avezxb2(@|t zz7J5al#cxC*LD9!3QanL!;#&l8;b<;&EK-MN`lMmmu8ojQ9;V)=H}{E(8rJHaAG6K zC2RFO$3A}e!0WV50y!BCFRwb~l#+_;RhL=cYj>fH4D)cK`vxOZDhh;c?d@oDBq4w; zJxLPy0AjWd4$07T6nu7{ggsB?b#-MeEFOcSFaaVRci*Z4ko5#aHRGp4Wt=$o9-};$ zkL}bXSSGMusFne2#$D`+&FZ>z>J~cs2X?OTUTA=+)AGOfc$EA$^DVcnDtBHw#x9ru zPtbwNdPGAb$}$H)`kxhpg4HOsp@D$ydf?J~xCrIZJn;P%la)~@2)sC&dScLU!%+v= zWnp2#tU6+fR;dg!BbVjhzAgagF8e(a0|!9wg6G@y4jZH47iUL%Ewmy3veei#i!CH! z`r&=Aa{~PWWKK&@?+Y9D+L-gU;a|F`Y%D*r_mcRzpZA@1pQOxq z6%5+J2t7%H-UKv1>)s4LhZ%DPX6oN$RZ4w5Q;#o_Y|3{P{|&vG=V>d?^8TDaeVUzY5HT>Jt8SpsZaTtBWZw!Dkp^<48A z(sd7lBsU&t%x288L_t?KI6j^lmD6Z$g75wI{riWI5PV-e%D=6xl2yZM=h;Nwc`o&M zO`4~Wz2>{_8Drv6_{GM?@>Av}GMM2=nwc?qd3jOrJNQA8RcJNA&+oMU%Eg6OBA8+Z zMP|^@JY(I_+?EF8rMA%UnSG;84GsTtbp+r*=}u`7d(i^>qRcqy6Juqjyw>BLITX?u z85x=B?FKXtD@XH#mV#WY0s6ViJg@4ds3;l?h*5vKLbiIr2N+RMjiLqy51yEGWpjly zkZ5V+Q44qII8TTJQw^y82{8r^~ww{)~W%rbcJd}wo ze(J)IiU1SPa&akFMN#oPpse5n1qFrGKd89^|I%CK?u^u01_9m(7%lngRW0}m2&Pb0 zs?aJ40V3pW>-R?#LT-dW*O>TJ*{M&A+6W&!c!1LR5b?LPyaMg^UN>(EjPVSE&J zDpK}fhEa_LuR2c1@Jxukeftn@4N%LfbOv)UPp{j$=HkoCq~E|1sHFokGO)}yvQ%@x zPyQ<~lmOt?V8r)Hi*pMApyGV;WTijjE=04d{o`-4_gx_uDO-wj_X`O4+tl<0l{m4n zu@&xL?!{mI1CI}}|Cg*RX25D-5(04r6xoYh?B4}D1irn{{m4pDQIUa#B?W>xAjvo) zX4UECYT}87SQC0i4VL^SLhG7rsN=O zMjaFLBN`-diAhN}Z{1R1^UJH;#r}Galvd@{ z<(Zip5F8dNf<~D_$Iu2^0}c?gB2SrJc?S7=co)FVzD>u zB**)Ga;|_}>Lpf`sDr~8!!ffKp2G3uv6Ap9c;$77Nl0EfIB;EFUV?Jabz6A^V!0M( z;-#)GRY5@kctVtrN*FNHsB(J>XGl;=lZArQsQT@_nvuo};svr#4c3~L**vvc!M*tkjb_~%WulJ=O7*=q` zw!8C^UY92(@S^&kw>MExW$Wa0IR<`WASGj9S7^xXzM{^yKFf4|4BA5`CaG9YIpAOh zY++$x!QB>G2)Tm!NVwh+e8jwU?UJnJRugLo1jsdKMn+DF5Cb%eFf1v^8z_3spQ+Y$r`@~+j0lY%J#Yh zIwOK0$UV-&Xy~Wxw5u|5gHc+2Y`8r%?a=4iv0E6$MDzFW-=E-8$|w7=lNbW{-PIlA zMQ_kt-ps@nHaqJzLmG>IL7sg&y-q{6fQ==k{M4_oeDhYsnC4kU2E@`a-WO|n&?LIC zt*d5`NNs#^oUTQK3@y*h>$$SBinOm$j_(3z`;o4>=qs5z--RrLZT-`U-85uvO6EB% ztooV1UqFs(A|R4tzOXteELZ)WxtrBWg!Jh*Mx-Gl7n~wYpN9ALDuQWkv@Dr09!yE3 zfu)X*(3J#aWNmRm?yuzJnkOb=0cu|nqxGbl*&Ae*jw{#ek6d?8LGQ^;UF{Ml`iN`3 z_gm}IYJ);`Ck>W!ZCNsME5ea)>i0Pv3wbWMa!OuTNH+N>4~;75bQ-AC`5_(1qhBV? zq{VwBf|fAeTi{7Xu_Uyf+Qr!9WL%`47wL570;8BX(li*EeZYR9v*S5rK%l6T@=E5t zuW5eKN*dB9Idv}*S@Rigvq@g58`B&HpuMT7Y2EqQyf^OGhtTqIoc=5vRh2pk6&=!S zod#wrEsoBbv&IT&AULh<;krglZ0rD*-_0KN%*@*vx!et!Pb?dcG*c&(vty%Sjvk}q z^$lb6wQI8P$_YE)gd|M3zkgSsWtkm=Ds_sPwa`OlKq=86?rFr1)V0t65f-*CBDV2C zGeTx7YpEBk^Ut+)2AdrEQ|KBr6AYrPlrqi6ql`ZL8U53D^ZK+PXa4?`qp07)7A$~^ z8D`}AengsA8RhGno0}i@aT0J`6b%X_<{qIrZhlZ1z?l4ltpCH^qq$+=I6(%BA`*@= z1rhWV5Tjh;c?-Sn?dR$L5!Z_BCBn&euF5>lB(YFF$Rr6=&wBPP;4ZA94E-7{BB1Ad z`+uJW@KDF3f|a2kk&%WbCTa^pWk!t);p14^JNF&T-#0@#`V8za(laxQ{H`L0Crv|m z;UHVT=6z1ELlChHgne5vI`#T>?RL;hr3{f}B%zD?rOuAFO2LB$!gtFK{DqOG8ja7A zXHT+I->;x3YcVgWJJYmBah^@^6RWw$GmDo(KSM-j+$}<#Gf~H*TAQ# zMkaqI81l*0smP>%ARtg7r4v+J$#fY#S znZ3Iw$*1)ipb4M=viqc=wNA6=ud`!^SKY6bk7i@g5Pignm6g!YAe9KAG6GR5qoa*_ zcA+(pgd?%HLzM`f7zEnW8yO+YzrGBOexBIxf1^cy>$auNYIG$*;_Z|emM?`(8lxx) zv39`A%d2c=jHKW(7!e!m&qjKvlV9oQoQ3-bbs~2(P%WD!qfq;XU3W=ZTDk!F^b6*o z=Id+>T9u%?8LdPiXa!CR#LuWIcVbsVc@i}Ds=zOn7rFL5ORzzHE)!k05V)Oj{)waQ| z_lqpFzaC%JkoP@SPn}MhZB5Udt{?SZ)|Bt#s*J#=$KT)vAz}A zyVUj2ZhhOh(9siX>cy&mRdUM1^mYr&jTM1os;(H}TK}Z60%x1l?plGH789f|T=|Hf zDDmZ+V8HtZ%W?67bN5MI=tV6P*?+8+{fzos9V=o-b5Y76CxGRKR~i(WPxY>dJ2{Qg zxH*-Lp`%;1Z`=Cz%Xep&7Ft&~X=bYYHa+jM=1#ti5oj7bi2v@*hz=!j`69KKv-AmK z;%q`nUzEFyxchs)$>(3HF3sf2y`H$Nxt%RtQiex^DXU92&8I@{Se$B0Fnp<6bahZav z_}$swW=ratmNQ+ljy1v~xb8!xLkKj`;~~X6U8ZB`PbS(o&LFe=jISz{<7P5ChsDwr&P@@ zeGhZy4UEllLJHZ{G&MCd7Lr)sHzT=7CUz-QCVU(|*8OWpsSb6B8duK*~7uDv#C7FmhuYUN0*;?0ij9l4ze6S;(*ccp7HkBV+?Ny07fmn-r+QGPKgL_~P*y5#IS zJMFw34V#)7t7O4&)%X!k)Ke`@fpJ1y7V1Uej%AYCbshnIN;t2VteuzSxm4${CE$Og zSLH9ww}g0iyZ>7ckBF~H;k|uI2jWP(u9^9DNwKu|pPU01VqKGZMu#~)&Xvq2FMP+b zYWmFioOP>xKC-R@1J(Y$OwsvigMRmd3?ymNpo3CnIXY# z8XXsLEyhMCHFhU9tsjo7wyxBu^E-=M)XHo+|p#Sl3_sMYO1Hth20u#i5p+dT%Jg zBSaClzbZ50mx=<~^zypw)O+XK!{txhbQnz;v4#tF>>bMQz(Y4HPnNA97lTDTsj|yF zEYV_^6xa3}cbxL>ms)b^Z=9hMko90`X}KdV)z7|-RA;wL){Ur}-X15#_`Kes4Es%6 ztkRq|PDtB~ks!(sE5C8;3o*2`8*Bw{+1egFNZoqqWOe!dFc$0XsQeR$L<@~j zoF@B)x5WmfLrQ*40$JJtx9xwpPfQRY3U2&j^(@=8rMez<+DyAcZCA<XbenkId&rZ%iheGFZisxDMeLZVnYIOPn5Fkhkabm zT7(Utow48%xuh@mPJ8baBGjAlg{OB`=({`k*>hpen}6%-K98>#UiTFnI^}H$a>doV zBH+Hfq%!w*?OW&lLEgq!>inosceJ)Oneu#lfx__8H3})Kr)i^@+DEP><&}ElLPb_%u`K5I?)K9K zn96zi8nD}NtZ|82mJ>|4U&~0l^GZ%gIqN(L#%-1|51w(=AWeJM!}Pr+w|=B#PXaOO z96WbuN{t8&w+)ysp72}ch@jNhOP|v75k}uiPG-O-=CS^Da{XI;q~w$M`{fORqUMI} zn>o^^W4S|mM2JfoA|^zzEyoigH6H6!p#${E>YSFEAMb(SzxB}Gu$+pNo2>r0YbSJx zrth%!xs@Gjs6|?&k~X zl!u@NhFPFUvdSQBdTl6G5z%Wh9qYnvZhFthVNK}UP3KC*72frU9a^YBwdOd7EuL1F z$E-2m5n?xNWzu;UlgjU3&pkiY+d?F#YBn*4dpI!HStg-m!;3R7tOT8Aa$ZjZ{G1mR zeZ@M~-|;N3L7(GB5zE>!E>(`QET2a~KkTF?rn9FFb`$rQS;DXeC;p`v%yChYq221m zaExA#o9kJV(%5Ui%2?yc_K4Kw8JBI&t|d!LB#JCaL| zr;|Qhzx-Uv5u$Hs*xt6aM83zuOeerh^r8&!V^EL=m5QzX(F--zj>e8YpPl2lDvu}1 z%0IIPpGAbq(FKQr-?-WnDdhQHKsZGTxLYCpEo_^?2a$>pm^RBPE@%4`90_a9@`}9g?4x@ z*wI2QoP`gbSRc+Lx6#$vR*0t}P!qgSHM@0-kK`$zE%O@-C#*ROX3M|scJHQ`2pgZB zb$vwp_pS(NZLy(;(x-r1QUTXt%N-}KQ?s8>&$?z1VBb#AmU&?zJZ;gzY3FY{yw zk%FpbGOHRPdaFcW_{K_ zC@1#UVppf$%)(u<5U-Lu1BMhk-j|7(xCh^Cg-Nj_)PV5RwzyXBdLWLEk#(&jALp5Z zKbG=8P8-eY{82Haxvj4leLtBd-pKB7UsNh!7vMxqXOWlyq*p}p!>v@$&!YXpUY0hF zdvGrsh*H;MG#lZIJS+c|3|}*yTs)mGAX(br3clM4Yh1*nZU)X!Vot9vc1~_geRE=> z^7&Bt7zND;9k;+I(s|l>a~0ij34nP%cO^=~TxTA3vO1^ruSqeoR$lk{tu1HU^C;je ztAcKB^JHBV6oft90-~bWBPX@QG`!%Tu^(eav5U{i;+(=+&fBd~wyr*lugWmZhSLwN;^Ly2=9zmQzK|L++em|_0Gt|2zmN}e8_q#-NhOg!&`pKr*eGHLj8ml)SRH8 zJD-A3(;%asTpj|k%cil_Hn+K=w{SYX?tl;!%!-#PDe8BrD?r+(mkD-iCM4J#?RS?R z^{@@7t^M0<^3?mi*3uNdrJxwo?RV3jfo-T@aq08ZRJ~Ya%{ldF48Fh^c3;V(O8>7~ zh0IcUtb)Iyf?vG6r4{hyEvZ94*Ty80%;TrJfPyNKpEl#i-!XS31-7@bYn!Kd>lIy^ z(S8sve2Xb10(E|T>Wd(-Smk!(L$vamREkn^F7CJmCEYZ;i;+-_t!3tVG9uD^_ljN1 z$}Gx~w7zkWit>g(CqqbMsR())U!9&!GOf@U#5-hekE2!bfm^l6q(%?|6B&r z539;>tF~z{I9#OvYJ^FHSXQ6?$KAfAd%sTltw$&So_{^)5&_kT0KCt3CWEF^&MZHy z4;R|2|AiT?nf%*YtgZbZhQAuedg_f}H1c6(J%W=h=Hc33Mvw;e6NP*%TH?KQ*#ZFu z)AI#7tL{Trr`$D{)~tB4xv$HYSgguDMRQCPI503$Srx*E$l0n>9)%AP>*caov}BlW ztWzjtbM=_SNTckMap#fvXFixmN&x{0&hAH9XbPSS#%YDi2mYXj2%yvY;!ltYi|1JI z6#pf!Ush78v09k9&~|!y=B{3l?c-Jn8J3bJ)lg8^p>_uN^dTG96Fi9xnP06HbIcp3 zWlfOtJNnX8<*$H%{Lc?2!*v`^$eA3bGhC;7T02)y6R*uBSelD|nOk_j znM!x~MPB`B%_7m4n7JrOx65oEu4=k-V(Q)Jfu5uaMEB;VtDh0pfWwZx42d zpwLa)(5a`V)z8o_4pjPVA-t3kZ9e$7st}$jn{ewSDwz6&8G*9+GV1s+%k&5HUf6qu z16JyFzd6j-ut=JfSu}b5=Oiu@blyJhi`UWTZpxxd4G7CD-~0Ii(|k=jV6Pxc-25?e zTq5<)&+=zcByH`Ivg1t}Uu{{y^D0g`pZmGu$aq@lR`~%xL2!c3Gj+nxGlk3-P20%{ z&TxFiBn$pF>6fNprk1W+kiBYd+Ps)yNv2Q4ZD^QKmw&@-$LAvt{}d{sB8aKQ-=N*~ z4=x~x(AXU$#Ky5(<~fejT+py7JDF%7bGwzCq4gmn&sIFwYBI9Kv~)BNKvG+~3WQ0v z?bvOe&X*h{$BXq6U=9Jzcxz)5Wp=)Kb?iIKmJgD^euuSr_Xwr0rt^1+s$=*+A z0mjGd!IV3@c-hXniC$(}XSPD+qwz}yi>7w0ald6;@HKs%nwy$}ldyOU*nimXPh)C+ zc4%y_xh3qC!}qOdV!g_>Z0Te_w&Hjvi;tJL+-~e*OG~I*-H(%m=p$V!0XOvHauFENAH() zd2S1w*ZrCrMg)A#62U{o|5+K0Ni=z}L&}K6g3_Cvyv{LzlVFs^ByEM$!j96{?%W;h zd614?eQEhhxO{?>Q3XsD(2b4bQO3Y$mZMn>2cyPM$Sv!GR6RA-*Sedon!ZiSn$*3y z_+T1Im%f{KG=I-1mNz#PUTZtqPkP6t$?rg_xN$c2a-Sx#@0ruZ&MnfVu#vI_^K-3F zwq7e$d+_zBc+<7?r{R3W-3fi+ z1f$h@;f6-9^}dwPvt=GR-{dlzGsB>5^&hiw+Ihg0h`(a$+uAOKPoiao)Fe+VCvQ%P zqU*|k+y|Ch{p3Or=6ZQ_uL&w5G#*2lGC#Upx6JjYoQM9_bRYzcCq%}P6^a;<%%*~s zW^vaWYQ#x6JgsM@C&Sk#tUMOwj;h1Rk}1kYOit!E1i%T1)|8H_JX2|u&ut#8-aV+b ztL)MvQdhKn@Ts&~XG5yR`~jjzFYeDE*LG>*e1qljaS6@JKjXq3Jc&DjbMW{lWyj*6 zv)y3=H0Ob}nltsa5B!i%sb;O<9h`CoKg_NND*kpiUcuTgR;O|s=LY&TT*~kW-yNPs zg@bE^;DNxA@W$jfSvX~nat@H4>UGrBz#I^E|P0(ASw=nBei+?wj5}y$|+J zIX!;)rk`b`M*NcIYl<#7)S2zy#MW^SrvI~MGo8nZ3sdiZbIr!aL4W@G*SUY=yzM^| zNf;Qr>YHnV$g~GjQ(oPWJ`gH1D+-tUol1JnFLrBTd0`}`b~r^jjrq6z5y#sYIqqo1 z(eD|K4OI~=_emp7v@_IO${93Nf4$Y^m4tZ6m(}*E z>ScL!w*U#|9XDgtYd^uGYrm$7uOexWU{Tv?lN zQLkZekV?YD*)hsj4ROgb`a5S^B-FLbfnt^^ML&@tHGsTg)Eh$Zch`eP)@FX)c-EyC z$7HwP*}c~=E@O<2B{TOdm`WR-4*fAdK}fXtJ>rhFQ~gxg7(=Sa9*$i1RNIR}@7dO} zXd7G0CNLGbj;@2}=a`@s_RD9S;^Jz;SGsfGbTN;S3c6t;$knRkfQit*2-jvua_=th z)!6UF=7mMN$Ek=^Yvy?Zfw3X(Zn}g^#Ot-Ls}+OMkzQ@}w3s^P0}OGs+oYq4tBOfm zw4C`pBGR+=h0$lnznbL({~w5z%x-Dxi{g1_U)*r+UfiejQ2TsQObjWiMEq536kD$0 zZohMO1i(`S%84%B+tfcTWOmtIkijK6ML;7-3g*jBupTt%p8xXYTuZstp_`x6RKPu= zkr5+Y5CWlr>+V8l$9cD=Rkb+{b41lEt3!>#sN%u%%22R_Zq2d|@_b+q*@|PoSbTWRCrlHy~jFVd2QH!Co9kM{m_QB$BMSCLzDZ zYCPfeSD@)ys3V_Edh5(Z79-nGpM9<6_2SKJR%^;p%Al9^1+-cWEQ|>fSFJ^*f^*>z z-ot46Br-H?U8dwx>*XM}53G|WJH|!?P%7@*CuFHRw@J%zl-a`joE)Lp@*w4@DezVs z4-7{NElD*<86&Zh+5UFchj`f@WsXIahn$qKt9A_!kE)OcLT;P!L;;) zJ!?S|9j|lpQ?XM$+{e&ahA)chN~{9PBq&Nw$2Q~-;)@O+3PwNhwgN~%501#h$(nq^XT9D&yh7Il10);rV-j<;D$6V! zFM6TS@q&JML_o>bqcK%wOW%6S&%51e-Z*|?`*J|_=zSu?`Tjv+(H193o-qpqns2YV z;)nkn(iSe+q2eM)gFr|>0q-?CJk#l8%X+cTM3s0rFl&lSc5!rM6Omk+u?%b=t znr&?XotW0T9j_NAPE>>Io7nm-BfR$n>#Zt3WmT{dKaq{bka(^wL)=BxI95VbsH+|F zGHGGJBrpdDIuVu~6l$`FC?(Y;&bn-k(f^@YRiE90{H*Nfw+}%=26isG3Wk$G2-7^qFU$>kC8X;!k;bf5J`fz6jf0>Kbksx9?6& zagdyoKAj5-bDF~Hzb-{vuQz>n!yNf3VWp3dm{#NKG!XAdQkAP0Bko0jX(aYYzMef+~uN&m|@O z-Ex^281BO(weYa+?&aAQ`gY4kj*VkRSw%>sa{|Y))4>CwjT`1(y6N0nM_((5CFpq| zziM9>f;GGGgBJS7uI2&!eeg5{4Ob!?gniq)cnw{X-+s(jS?CtNqSV&af{hS--6K}B z1{9Edt=?YeS(9bh@%*oQPt{b8i)%^peYUTkgqZ&q!+T;*`X?0%kb6C`rVN6-Y>{QG zz^YNp%>09|n*EpH*w0zMY$K8AbbYvH8}N++|NCBmk9ay0p3BtEZ13x0dsd`c1-(Cf zny9f^+!sYD(GhRXrQSP|!-anz$LHf+KxWA!fp4YEYzmG7wI~M>6a;1#$laTP_|8Eq z?oWUfW*289ymaXVc)V2@r@yY)KY_dW7fxh<+Ms(mUQP%LI;Xd)eSy~~gw#*?s5S)f z>B@&>N=seCAc$ni5=nlo_If?v)IwwL+sNxcfX-y;BMucR-*l=uSbuxGaLTDDw}Hxt z=HGvM?nh_4td3S=#T7ge{nY#(JeCem=FV+y21iGe|L-%R)9dSjVPQ%s<~2DvIc^tu z?Lt1NFB!P`Z1whkUpp{Vk&68+*Pm5As1YdJxjU1(G-W6<AA}b8P2%hqdTxZpW6Y)1}L8C7OA#eHGl>CoDE1TWht); z;k}|$uuH?iEHx2aXv4vxSZ^@D3@t01MSCsRAL}+YEIz{?m!uC7x8Z-(*~xA``)?bp zO27PXjUBd&C4GZb_P>35-u*w^wZL-qTK~|Zh&@9e>92B<=Uh>7I)XONRaP~BQCD;9 zTW+_UviF{?gpK zNX$ro<2!jfp8gi$vnhq*3)kSGxUG+ozAu!B)1>^H?T>33cV3eWM9iRTJ$1AtoA_op z^7#CXNS@#rmI!qkvn<<+7;9ctNr-Eqd(U`x8JZMBu1TjLiXFSGx8CE%xtNmE%S9il6c-L~y1gPlr0$sCk2>d1V-{0lVj6sM;2-31JTQ~W zDiw5DF^^D+ANH%Wu~ggDW})`*3dI)|>3_3Qb=F$9He0IKK6%dm{w#icxW6&I=TK-V z>a^kI<+%6njIX^9i?{f?=h!SP^Aq%ks&P6_ySaC99BzG|oPsY5QET1&gexVLGRPoM z@*}C0kL1_#Hb$Alga4ami&I_2U zx>m4zer69O5Z_y2sKV$I!QN2m_tNkIRZr|QNcGc&X3>(j@Z0xf2oax)o zM}6HD&ac*EogK6rC-UPrG;`dxCRU3VCIv{?S$S97`F#h<9Ux=H6Rs48&%ya`QjHmLKZ(|Xq1wcOp@jTjyaGj4wERJe<< zI1OKYf)#aZb|s~>W@Ds2r$%~4AN;$ruBi!>vnukYW0uuqn%*iYl-sFCwp+vYO~5(y#UHLZf%u-qzJka|Kab9Pi6!T^MmemW@c&qMZhuv*AC5 z9>ZrAlL{}T&FR}C8v{$LsGTG2yW>mx#(P(a#_MG|zq{&NjHt*eeYN$e@-B-}QD8AH z40orV>gpV#+u2yW!<1F=v`2~Vy3N)WU81~$M4jb?N|(0?UvP$m_(2h&2vw=&cf*RI zD`#BiSZu?z@QPnV4ST0lyZ3c}Z(j$a|UId}zETkC{|yFJ1hIRx_! z(n+)I%0Jo9!NEL|8hDc8TTCl<>7prlbH0EsD-n{-tz54feMtBSVjJ$!68gb+w^24j7D& zC6>bZaTg;}Qfl|Y?=3nQH&0MUNof|B>=r-aBdIr31(^`1e-SCHUHn#i`sX0<-gM`< z<5PJ0J?)%_I19ydWmz0?eLT$R{tEW$#*`1tcQW;>q+t~*WPJ%YS|4v~Mo4K|A2+cH zr}k**X!!d4;5xMHYJYk}{{T4AR|#68k z9_ll;UZun*)a`P%|ceCXExIOIS{Y-FVDN@;`;d-G|83~Jn-4r)C$a4kqcxj|wrQH;fn z??V$sK}`ayd5GDKI1II8sN2|&e~~YE6-u?(;!0`8DeG&WS~F8x6ba#qC7u5MU#N*@ ztrT~xarK()s6Ja4ZwF;ktdd~~0Rof~zQGT)4L{sig&KDkKhk00i$%^v6P);kiV8+` z(CXTJBnRVNq-`eW!xR8$H&D! z3J&yusP!?L|0>Nv4j1igG-Z77ypuK8oaZVknwp%o{M#!fES)FTfo>7oFF6t{I)7#S z(5fwJs6E6xE@C9ZZC>X)Mnd>L`&f;ReIFkgWlL73jVN9rA~X~RmE+Uv+?TKP=3`Kr za{Q_>E^3&>4ehOA-coAJ7rP?*Wuan0DoeNVJLEp}RL!?s$ioTEbhIYm2Cftu>W^qcrcJ806Mh2E$E87_tM*WmJ+*73XoPKIv!i3I?&qCanzBU2F9c1Q zlaY&yS>{o-1%4^$mvpj%cS3f@u;)Bu&X6^zrRp{+12-ybie_&NmH#@sUPsPa5FINN zS=R;|O~36c%@$};re?8p(DY>!9wL;le01sAQ)@FD5?|NMNvc@CI_COxR;2@)tv-{+ z>4lvj!wKJqdwU;U?1D3!s`;17AY%p3rHUD?cMJ>HI5BIP*Q8v{UR$3`0MW1XXNmtr zh!J0JzxBl~!U)XAGOP5PTT?T0c6+uKqLL|5{j`RS4D~YhefO}b=GU*%DQWTQVB}EE zN&{Z+AzZo`?RbCqez{$WApnN#_~{6i&3tdmZ4jB7=P9!7a8Y&dok07NR@jvJ1}OfY zb@&<{x#C-h=6ZgF;ZZ^V)vvRAE;Dz)+uT5r;Ow00S;=;54L z2!Ly;;%`gYa0_Q^aOCpJ6Y^VfU9D#;_|c#z#SB{Df_J)*eJd(d!*bL>^iUbWP@xk7 z$%RP(laF!36opwDM>6LX`0$GjQ?8RdSVZ3zGLZiGE;XJc1b=MNsbs7)E88tLq5) z``HF-7%{(GQ0}gZ>zC|X683?bQD&hQ|Ct;G`L9xA!>IfT)n;P200x{+2dYO%)QZx# z4N_huDdD{})_IWQO6FWr;g6RbS?Wk%Eu>cfb(A=Bxto5b;PlCaa~IjThwAqHR9o@& zVb_WdpMbIqJk*Idsk$BS;?%=^)6XR<7Y*0rDL+GklXCH+o!l+ZJ^#v3QHxJ|>-J^m z)(vIg4ec|mn6$vn8djhC*bv#Ni9%x_;WjKq4W#YG)K`}+{VjPOUfn%=O_ex%qsBa!H(a0F8kU8MTL{T<9z+Iu`J5w4=NX~1l}9fy_26c!cALu z7$^iqYvIbt568`hPZ!>lDkb5eBfRF3-DN$NNc3Uz1f7Cb#-h8nU=< z+~k(R;rUa3cyra1}#T= zNT4@=awE}79;i!v8pmjk>P5IH}`)V$bM7 zc-_tQ9QjiKo0v4o8RHKUdTaD75S@@;KX}$Y9PGKZKD(iCLzK@medzwQiB&CudsuTX zfN9fS*_Z8aWxcmKr;2)Q=jVMF$?9g~#O?+s6Jb&1ZpFuv9EPgH?ehDA(^cgBNgRKL z5Rx3N+&gGvWV=Fd)_T42HZbZ#;$Y)i2<(U^j-X~szga2Y(}NDwuY9I!n(zc|4dHZBVP-InGWM$C zJwNWRe9rq_(VrgTFybXOPyh}siygRJy7F3c#ZQI~E0>Vd{k0O0ZR@DWgEKvef{h9* zb+=^4zc3E?>>nAux?P-8n-l)a*ns$G*%sk^CZhSXuB+`iJ2)UW1=1RX6(tF$Y~8szHl`{)D@N+N0HU87k+e<I7XzUi;`}PT0OJABE$Y}9*p)sxvX)!-SH%5%woOsK1k>~83&RWRnNvPy zV=gPSHhJ9EXXs$U%2$xpPvd|h_KF`|GpM6WBOGXY^9L}Ti)ncE){8ScO1V?9gB(X` z7KRp*fI?drB^u5ZYX(ZPl8myJ0ZyCjyhbxqmeW5S6so zyn9Vhs;^MYud0g|IA=-LQ5kGkrQ_;us@6oB3_!Jl*7Sf)xvWr86sOGLuraNTS5)@| z+!|;oxY$dob4)lg!=gHF+^?FndQN;;Gm^wniw`bA=gM(Vt^#N>)g?jk>*COrD*0-T z%DYv5+eebnZc#Hg+E}VfWWG^AzJi|lbj|*xq_6aOl;mHY&gfM-k28G;)NlgzB1qF6YE1eQir%5G>wLBQdI zDBtroEU|a=;08p_q4sQ_8<$|z!tgAOX?yf-c3Ib7m()z{2B=!1pIh;Caq_)my)8%yKg zV2M?m%6JlOO=^c<@Ua*>yoQg-ex|Y&zlMI&IBy>MNg4a|moeD~K`!=_j}G(GhV{_G@PyWjI`dR@hv^)0w(e$; zd6CWyS=kdEbC&F2(%iT5+fv^Jd;iwG!0#HrL*84G{7{W(k?e&I~O z_+iB3Ynhvzu?(V+4O0z}Mv8*lhm!trM9s+*tgp3Da#I>`Xhr|d9X-x&O#Cux?DtZD zZJiq^)WPAP+sm&VgIeD*PXltqh z4G@)Y=Qrn&^w7vN{gXBGiAZFI?{O|h#hN@ELu(0G=yPRZ8ay0fUA_As87z#(56Ad? zaee~<0nFgPf(y7o^xT8YIP{CI$~j%g3tV2co_oD28N+C4*Tj=`} z9|MY%t4JX?xZ*xAN%VHwB?Ft`tAwW>ZgY#Cu$VIwSB3cD$t4mP@c8?Ox>V>=5_NZvypxsPp8Im ztj;-ZmuYkFL<8Zk@_U8*DPlv%U8i=^n;MZ1z&<-XZmN)!{?9sc<~fYC6;jT0HWnPn z)Zc+{F)=aSzqr?#M=3c|vU9;?pg=+y8xM-0Lhe<~n#9Ie zbL^D%rXPgL6fVbuKFSKwvMpu_=8jKnxfGr>obdANzxGS6V8^h(F{Q6VeqC^=ef?u) zysp%x^pCB2J$Xn1JNkk5$Mt@nOA9u(5*#3bq2|?Ld`j!d(EE3t>`bB3)$H>&MQZCSD zY6`-6c4wYOJ|}4N?;{HOKreJrur@#^OQYS%!Z{y22@E8iNi2=VOH&%0yZQ{!E)*78 zQ+@pAibQbl3`mMe9(exK>cQobgw&OAQ5<)9c)uY9RY%nz-fY>=2o#7wSq#MOsg?Ir z7aCtcs5E8M_9Z#ZB2YZ3J@iLU)TI3{2>u$^L?=%Qh!m#AM&a(Bgao#v%r|HA5{F1? zR?S)V8M3fclVcCSvEC!W3$NwK=O_*IGn)5&V*-I57M!&Y*12eW0(jiNsoz{T%;jZW z{g^n0xKYVn?f`}CwRFP@@wJ^gH4kyxO*aC`k-J$;p+bKZ>P4**KT)&6d11s1ce{S+ z*CI^tJw4s7=YL;K!Y_`P*PR`f1oqLJ>g!h%OJR$w{!*+0)u6Z8cV7T456UuE`VDPt zXI%$gZ`|3_gNZUF(7Qw!5^K5nKRHhx6%|h(e}hfT5w;;>E7T^zL2QF_@uLR(zF-DdOP?#VIJY3E+sDh-tSTkQGtfOgCspXX zCO%ZCK8KCw@qLB}qk%dP`o^*Vf@sxA)-p`^WhwNVSra863?+XTV(8K?z&r1X)*KT7 z?0a$orU~%Fh^=1xea?g>tFkH|s0D7><6NM|bfcq6?*wCCR~rkz-x-O-VVXMnI@{Y~ z6qH!pc0z_MK#0(!1s!nr|J8=S>VHIhmLAK60{cCVSullwA? zN1F=5yQYaInsnb5F-^z85!)->>tu2?PIQV@=5e0Mv(Sf9tQL zx+6f*TcvwmSwRCeOmSs4J-f(6>#*OQue6aa1Enq5%7eyrGkHm?fu}QCX{VrP?bbG= zJ^Ok`Jr_4)$B!*AZk*j$!z`kyd(`wW46XwKIv7Usnnn1^(z$^oWc%6Ab z@H0kk9nIUH9hnILNthp8q0IO%&kpw^+Kn*dUb_Wq$L>zW(;SP~v6>YvQHpyY4MeB; zwWNjsGI_gO!ZScKe|k3YxxB#&))?+SG#~Pf{$yf)cC^!4babeQ_;ib^tDKoo=f0dl zaz1cR!Dw`IQg?AwV0g|lrjldK3mw6IVmzO@20medKPGaKH$T$iw=FIm`m|hd+X-YT zX1W(Mp9+BOhoh}mU`k_+B9f5~5vC6J0R2+9D5~5~l3I*1HeD(Hd{ux@?%9q~*IV;< z%E_DCg+X}N?Pzra7WOIgpJYTQaV$e`^fSjIdXTprRU3#9fdp90K-=+n3mSJAz_0KN zRssw3T9L6dlHpv;M=*(}EkEWpmoGeu zEjg`-c`(LHa=yqbfJeC9chLc@6u(ZAuhca(w)^;&DQ;?~;LkTUgPOU!@HhA|nWJO4 z=p)6FyUy;T$ur)%2)`HimcEz)IpQ~1=H7}`ll4FU`H1{a7QpK0SL|KkoSl<=M4t!; z+Ao>6zm5Is+I&~JFO9`KLtRvV{Y3w{G&Ko)8v;HWnUo{5hr>BDU~xFoP&PUx8XDK5 z*fG1Omf^S1WVWor<3u`y=(QG zg$(Uag0k^bHgso>YIN|Z@1Bhfm;tAQKS>%2**Y6aCmOme|L)qd4k~GSj3Ek5d|C-Z zu)$V{A&?&Vv}1h~dSeF-WvLb5|4eGjSa|FNnJ2srI6x>vzlI4Vqoy&%)(}mtvn>T} zl&t};rFVq7J}HtSiE`=J=ew(^{X%Cih5ho`VDa5bvu5KZquk28f@&G9kGFayzT##8!fo)RCK~G4V+%& z6g@%fO-%Oa40SQjutc%~&fnGD(UuE}ohisafwA@;drJaPP_ICX#;v&KYF7CSR{k^@?txjrd{X97(AHavY}jl`+5#{KHT4`XI}Z+gyT4Gzk<@f@ zMhMsv#b*IAnYIkVdzv5wCl|wnGsskq!oXa615CK6pm6Sw3#>2ixW%)4>{~gIeuhI?3)lVpN5EV{v>3=9)#$O)@wrRw zXg8otNG=?ohUrCtnntGg-BKGsXu~b`uZjz67-OiXOWSA~3(`04O}3||FUmJv3i^Ir z&KwcR&0dP9EJhtrrhB{^q#cvyr3NVk&Df??;5v8?g&Nv^Ned)8^RYH`M)U3|={Mj! zVWc#FXIR-AT6{f{%y0X1v-vfzebW$iot4cX{i=A`^0J=2eJHatwSs7lxW;GhH~`%b z6jh-DRQ_Cw>=f^lVJJ^Ieyf>FyW2Q860%dLZGw|Qp%@c*Tj14luw<)kHpzMr)xWD) zVp>^$xbulXHJ|mzP}*y0%91XjqvKzHy1z&O34X}1r~$s&5)>$Q{8v564+@;L z^d!ezm|`pkYHbXe;QRpnT+3dOb3Sjl1Wb6xqaY?_RT#)#Diy;fqn+lIkq|2O;sw;t zeJf5%-km_qT;0nyJ}9>bxYF5l^U+f)DB{$1LiBr_9U0f3SBVV7I{8Afj{agD$54PT zMlNy31LPF3#a0P4Cin>pafwsAR@Z+toT$sp$(ydkNFk~HjF#)?Zw#958_A#99C=uQu_={rE+OJ=rS_!)Z4!;6kA78VRB zIQVavlS@k<+k=1w%Eg^;@g8?u*7WPj4I)1=J%@IzzefJI$6xxOplwzgF)ungp@AO8 zoZS2~2Y66+Tips*6E^Hvz=qX#ET<8R%5RqHGOL?cg9yI|PIyG3rO)hz6E+5f9%J|T zm;QYQl1jy3LGdp?U=0DqC{5-TJ;pPcZ8@`gz!}KS{>$H-Q!p?bl{JWIbsaiKLo*oO z1INIbxb)AUqOiHI(ghXuGQMhA3~yjDA*T0HZ8#IYrjKb0%Wq_(d>mxEaRuIAz*ncP za4b)stT_P_rBns~C&iM%Y44K4kht7|5KxGK;7ZTkvLQiZ!PR$kenLFdJhotO!IZ>| zM=uLEc9=3Aoi}%V`4!lY$76JwW$eq(Jn+BIkf8{0U4X&poRW8SnCJ|91kY7{_%=Nm zcqnnc9A;^eu~@1l$|%Lk&W7_`UphMqQZi=7LF9b+7ireQg&<`tvym^q)e&X=Wr!db zrh(XGJjr&!xn~j!Gn7F=zTAWAXuF4-^BXMZ7f)=&=FhyvA(Z8^`gY|tIEDHX-1Hq` z#Tf?!7Zc*59cV{Q_H&QR$KItajCe^&XrL|tjt2}??R#26Ed8iuU3awU(b239eyoH zyS3)R^tqoLf{r{nDcQ;fyq{f@IkoK3*cK7hZllVh;9C93$0vQ~vSUQK8%X%y`z^aC zHq@f^5WTLCf-4$A$vh&Kza_ww{qy?7nwWt-{AEW}uVy~2R@Uz}hcN@aXPr~ead$Z4 zFZAOPS!{pfp)byhly{ASu7Pco`Mdo^$8ppX$-KTN14_(Kp`Om%Ixn`N3uFIEPxVr= zpw^C|en7+FZ8Aj)`scR_j$5BVs-l&L?QeLcZSrbjr_b`J;r6Bg1`;R#F+=Y+wu=SK z{)iowTov2fpH;2T>L`)V28=*J1vR*j)-tDDXY?X+l(Pt9*12S*IlQ~JHu)ovH@7Wf z?}sD#6)@~^RkhK2@k?0T*1I2vQs0Mx%LX!@aS+A^^I9OdR z?YKjJg>Wz)Y}_U54rmwvKhFa8z&j325@n|OvpL(pAp2QpZH6q}9SDx5@ zf~=&70$wKT6gEM<&sB-QU1!oPCHSn+HGtVq z-h2O!U^fJ?eIVnOvg3cMa|imhv%nfB(40X$>AsG^tC=!0q}X}U$s9PjdCm2HgN$KL zlGO(MD-gbZ%1`5opc4bcJ5|+Qn=>^Yk(FAb00nKP&$UQLMw7o-JVH19_4VyZlL7=iYZ~~Z zg|$B~u)ky|4dZmqg-TBoE^Gn2EMg_h#JK`-2riTiTJ7FTUe%6e@0IJ*y0}=1Or2zP zmU|=MyCy;T5KH z89V507b`$q=#X_zr=2cfB1DDVim_`_c=+dz2LCOf~uiZ&RFmTT1svzYRg z7XW?DV)B9Zr3Aaktu4t#)Eo$4e*Fom$0Ba0?DA_MK{`f|W&m+;{RVQMT)LtZ28w5H zqtVyzv{sLeH#cq;6p=wh5|pp;8bB7|#ZP>?@3*_oSFM5AegY5!tbanG?1I1)Knq^h z6wsw2Dg_$I+0%{#A6+9+B(-;J<1pwPzmndC^ zlg`vW_j`rJWH)ZM2gpUhclySn4v*=`s7BBaX1icMJ6D8f~)rzE!)i%i0(Jkve#itye!_ebg4V+2V_W^ zh_Pv^(X=^oYGGgj--D1Uw0pa7YtlpiWGj0uS0ydSa`&^Yf!dh`uFI*lF zZ}8`s%Zd2MQO1hQq035k5+8LGsM;tWz|1c{Ua@!HyB*hZ_l7tS;pO2wE{X;;T>y1& zk4>E!XSne|$twhhs>ki(lK7q|7m{>(<-E4m^6T4STnPR`W+*p&e>L1l24tE-H&26sk3W!qHYSSgDcV<*6?H{)gLA=p!lKNgN z5SR%LR}>T61|KPoUcxUAPDFt$=JyCBFWq5z=v|oT8|&sLUSd!VGH$vq`G^=vnqL1h znFcVIp<4HPy)+E^J%VfikPZ+4NEx(w6A(Xc{27ESficSrLWKydrQg1?nRi!~HCS^^ z$teiP<;Og4rdX$!?8m9wEIH3BduHL_8}b*QBSH|zpfpfY-swflSBPjyHCG!g7cKkURaS9oSKVj$*g~2q`H#j; zbw#fI0uMyw>%K28DLo<)J1a@v1}$+IvAj;(g@`gF_M8aJ=rt0Nf>Iz7&{Xp*{%jyt z7UNRKdSiFjasmb(WJrBt@;>mpfb=Wi`c=T^K##efkwt{<0$B8{97BmnA;ts;$R zY!4%3gT@4EYQbe=s&ibn(m;B3B@+3|7iLERQ?pueHBEpCZ#{?iwl~uRFhE}r3k6b7 zGK=2jF+8BGt*1AZ51xPFwMgDQu+iyaNg32&@H-U0aC8vtV(6%}Imh_1YN^-X%EZI_ z&$Iq`(;WKhr5PT1(5mrJVc3jDcW*qReJ+80_hVJbo@Qu)f9nj^1T}i?807A@)_bZOHvsM$ z_x8!TxamQlE&~hcL=Zs0q+F<=ie}$Ngu$~{^xV>V2?zbH=$i)KT2OMf z99_QHCe$1UlD4b)=u6Mv85_LM^kHSULWFe|`5^Rif^Q|f`4g^v+xM5fKLJ6re;e(vR8a~p0 zFBo#~u$IZhoyqCSJ;Ipd9r~W2XBajVu>Agtx`95v%cc&vG%4qDAmH^tKnFhn{^~p2 z?TBGxGTxeq7s(dg3lVWbUbCX0DL=N+R1ONn{=mWs4!;Dca-ZpWH5mxAa6#y6>l|^ zOvGbsg*3wB5BHz36h4ofK{=~vU;*jWm+lX|c238XQV@|2nA0}^&uB0-oPq|bitE}{ z7Y0Vd>9}f>=eZLRRAA)v`4Da3&1$Gt#1044>F9G_jkn@^I0|~62gnjA2!uzEjV)=y zxOESEHZ4UKOi)o7>b=00T{Cs&U4W>3zH`ZGOz!CLjGA}ny+=`1RGXOCAy~d=OYLa$ z{GNs$Uiz3FgssCrgimZJ53IV$XP56F_Y0Nr>=S5a8FM#2Yq)y*?1J+h=#;NchkNv| z3ud5BLHOX-atToqWPUE^c$JjuCg;r7iW09C<)=`7TRihhdh4-5*?1-O7g$_;EHm8z zX=kqahXa0y0}w2L?`e5pr{k*&B2~)KGgo10M+E()8>Y^Wd&dE*Y-DsKFB2aJ&7k0? zRDvk$hq*-DSihHum)1pz-AleGlCL2Vpg0)udGAzY6`e$BwMu*dK}zql5g1}4$X;bU zZM-#P!3C2lPPOi0lxim@YS48r+!2Ma%m_4a&@mjv7UZ5+pd)rZF#);+5(K?KN2SX^ z7Zr|;ZXtSn|NT!478>xz*FyXSN69EU18EsU41C;?E81f_2jzylfNml2g|>+*1>vAt z{Id74;aAo9k6|9yUUD{bI57GITpEM4KByjsIX*ngQ^M42+Z9DHwCg-p$v z?MGT|fhI8P(iotckr5ag3OdI~hToJ{tCEzu5q{(fKQc%9e%^8H>d@9VQDop3g8A_h zCi#oOZ{5WA^CkW5l!eqJ-2*hy<7PJ)sBjt440khr;0^;K)b-eqpRF(e5@v7L4cgQp z!XFy6GGAnpXU+63pos2j#V>kVu>hHdy25;?i_xCC%v3m6-gY?OPCA)HU9H+4{|4lf z_xF)MVzB&@L4qZRem+92F||mfi}Y!AsGj5mcech&3>R3;#E>|2!nMxxH~P0HRJ~?a z2b;yf-*y!I45qFdVl=pT5QpTA0CgTl{Ob1Tkg>sw&J zCgH;Zg${5g5!K$&_P!9HoJGgO_;nQ@E&y5;vJU)jtmP3BQI{eSE zFLCnLHm$~kZA1X;!j_P+!VvU8`v=Xg5&^{#js&D$0S2o?y96zklk)tBclk?L^Z@3e z7Fd@8_6O&XDSMuV9|m(*A2IAf9q@`Ma8TA~Utn_9_(*MIWIjV)Otq2I);C}U_5>6Q zj((t#PKk1LE3|V_+}J9D{yn>a@yBj74 z=S@I@S$6e)KcmB5KFaCnta0P)!2CYjy7jIB4wP*WO4_M1?*T}Uk932kR`@PGU3 zH<7+AmVf4O?zy!ThP5Puu50x$xzCT%(}Mh-BLZofYg1Wnh=YAkT2-(@DO!+!_EwQ09( zxb-O}frj3~>?p5pX|wk6hFllwxaCv$%u{M-=2Lwt{}N}ifDf}97e3fLLCPQ*f~>(r z>kmK_oi@&of)>1ZNkK=Eh92+jO_JW{;Hu?+|MmzEMzr6_TF%%xA60CIgsubb3g~B2 z1K$vEzk9l5jw)THlW~4~l+-}ag3T2meB#ie&-CC`7lHGxPEydK1urME$EKeLGFTh6z7!e-*!s#^&On;LFY96U);L$mnLFd= z-kdY$lP#UU!W=z$OXJ7%>WcoYr30|6Js*_I$t)74%wrV{EIxqf%0^Q-h@yXWJW`y= zqB8xCc(;Y!a}LgQa?EtKc@X_;$sO0g$9Vh0>NX7uv7)H@ai{S9PS~iIT?(gH0YadZ zA&EoZ{3)jBDb8uCi(M5+kFzR~!l}y4 z1Op{nMgrm^F8rLbnk_|<%G+Ix4xB#nuvPLItq;@hv4)T+z>h)O1Iq+N0U>6pl(ALc zoDmqGxV`>)VLx~RiB92gj0xv&68vwF{&uKV1D4+`*mDOwFME)!bL8R(JT<7BClC_0 z0ixrJPuzNaEdO*h{r<`JK5s33NaEWo242Sbe$1hULFBTcxu8_pFUnR8+=;`+Ak>pX zFfDw44LmfeC#Lk#4$jV4kah!nnbT+#Jx%?8BjPUosU1!*LuOlZ!&bE7gQO{CZZPd} zUjoO#YFAhE4e)9`li-8BZ8@LuIX2J_A$FrmY1~U82e~GID_85DiSohn(y!8IN&(!R zE*XDhf!K%{U;qFXTs_PIa-3~%@CBxcqXtC_stPBJo0u?Yn?MSr;9O4iUB}{C{0BCP zfXx9si&HO|Rj@?@$b1QB;E_956W*ZkWfhjjOC^dL)T>c5SgnD@5Vg)t$^(?O530Ic z5fVjDJXb#ON$kwufpP@)G)dTIMR4%0_%5{fNbC`CNN%R!#82T|+d~C>RDqDg((r6X3t|qg zjaQfnfkOE)+}*5ByTiL$E&h(liVgq>gAB+0<%)jY*;-=L!}Yx3@*{cbD>3sV0B1pm z=DM3B5&+uoaQ+5BZZDu`FhL}u@x-@E5bW}K0cKdt(HUT-f)o(iMzgswNDvUU8n6Ik z=&y(?C`NXwsENe_KJ=jazfx!wmTN#rmhJ%(oF3={^Yb!V_TFzhe<(bLcJT9r0uM5W zjAzU&9*3JEF^rZmf{f>1I0)msK%9B^enxMQA_4>>0)-XCeEQ`lbE#BySw`$01o&0G zJ;46IC6LBN!LCTHkkKD3w+BiQ{h2G79zG!&AEQy!$ zHjR}rEZN{%>3^~ScFZ~$acmcX3sl^-3*e-==~!Hrczysn3Kn{$sVt7fh9^^M8F1N! zjGVZ4Mo>*g*yM@VEc3w<1ECQh=sF*kt;%VaJ8NK5P;8a$ipfVB^lS=Dd+PQ9ZB46g z!Y*dR%XX^xW$TJY2>$^Gmch|^7+&V)pqTDfv_noX6hHm_WC`JPAXw92>$sx!!Ve(^ z{4oUGH#M+d;$MZ7u%s_4HR94SI%~6nyYJ=*n^`MAiP7)IQJ$luFpsD`Y6XY;AwY)|5J6RTXUjJ%!_fpEF|E#qhCBwkvdy%&>{0}*t z*|JAqs~^|n$xd$fs2G;h*%O#yMo=|AJs zaDSENcs?S6&1klE z^5>}~v3Gwpil&fAg<9efz#?zup?DK4&G6#wCTodW#!-Q-e~r(K+#nUOv%Dfho=dw- zK|hu0gdf^;!nkldtSkYt>XP6#`?z^C;)VNy+9VzVSp#FJ@&Fzu>BcGyuz$*bedp}b z>U1id#Yhbb6JS(<;@LlBwpwz6Gf;(7n#FWr z-0j}**9BI-eKEu~PL_{<0zXXCMtp4=Um-0a5ae3_39}MBGww2f=x{Y-!)6S3e&9E# z&SS%&xfKMtPX492w&5*oXNXj;%4q}tFhOM|AiLl5f^KFeFVd!$Y`+L);_;y_jeDhI z*e6dqwOG6H%+N==%zN+o+9ojUmJGd1OGdbld%*+&n*i3^Vt+aRkN$!54(mU%##;%S zh7Um4V5w!0i)w!iI&*XpwoRyV9^Uf2?35{J!S}6+8kqkq8+TPkMe;6< z#*slrTJrA6(PbmffW>0g<8lIgQ>Xe!T%OH%b8W`4bz0SbTatGGPIx&RJAAfMO7viv z@CnJguwir6xbj}b;#=&<0hLSbsI4hi@Rkp8pcI!BXQ zPP`I|Ca=?ut-%r2Ek>AWTMie=HT4cVOQV_p`EdF1#LDw|=?ged6CToYjsHg+`tLpX z|In03-%R8FIbO1z(SB8-+lH5u+gr|0HOM;pdndCi<Fg?BCm+Om>SXlC`dLrTL?g|c6o!K$4d>c5VQ`sx)^V*3}2xF$@Qpm0N-whAP zY=bvv{*p`dego@UwKkUB*}Jp1-g2_qjlEXZK*DnF2oWXO9h{WwDr?9%*160teG8(l zNt_o$hncH8;eEbWtojEkQT?myq4(vQHKH1j&Df5z-F zA3jft_7zB|ffplwMT+39#1h=EYzOJz5i>qM?w2TVv)~#Ug+CDNAL#X?iA(w#4U%Jr z&(1z+f6nk!*nghLpWqV|^jad#a1-5MxVu_<)U6ainq6u0*nC7sfHlF^^+CqxczRgh zh4r13v1Vw!XJBK`IL<&A5%q^UXVri5G!uI2LLHk}Z?!(s*n=pmN_5PWMn5obtgm*V zuC+nPk2bYkBpA?n-PRG+>Lk$^+V3RKeMb6!VCzIpXZp00`$I`*y!Cm=z1-O0ICoI1 zf?>A_Sg`g(#$T=Q`FU>NxQVvo;C^paq>G5Cz+Q&R7X@1wNE9t&yBJ8CopSidsCU0RaAImc5le^dnCQmY;w$skel-A zxi30fTj6lWef@9ILCI>Ols2K|94Yl$fW03beS8LZ7)xjGT+wenN*0#a#OPB~6Fhpo zD7(8j4@pi=6ZIYtB#N$4=5 zE5y_u78MAT#QVovRQ%L^)Takn+NhUydb zl);Oi;iYnih=4QKM92lZ;=`!UrsJc1_qfB~{fUIy&tKz5| z=<_sr+sK~k7$L_`k0@2qO8Uq^9j)UGmei$vKX6IFyBymOu;^oY+`ZZ^ePqIG>8KG$ zcvY)=WYa!2`OV&*_;gMwqk%VelXv&!e2KxlOg720($L6be}1&td!AL>dw#=!v&89n zn;++IaIDo|On~*8V+ocr_QIKhg2^CYv&a3oN#U7NHm~!0OETp=ZC^pV16kBTLVD;PHT;1d}<sI`hq}Wf|JV8mHD*!aBm&UiGt#qqj`; zw6`~^Rh!f49BK(0?kfcaN3%t>(c^dADL?lP^?m;2g^d84ThIZ)5)k&w+tRAe0wn!ICy_Ob4kzi{6#YYs$)}Gzqdc*TOeYvx@RG=Tp>#0 z!gRf!D_#&cr^42yyTIkY{mU=J?7<$DvfuLDc8+v9Yrs-*-h~RDBn%aRd?ArS#I6Do6$Iucu}$g~V}qo?9=)Gy+gCQ4dx-&r{Hl*i&1d zy0KZHHw~DgDB_0y z*h?+bR6S|qeXJGXT6Q1A7TlYW`#buEv5%zBIvE;$|tCxY5!!yaAbC-j~iIH+Xqi9F51}!Q8{TV zVz)c0V03ScQ?_&>oMSvm)o%7P5VCO zViaOEI1nQ^nk|fW_Vpe*2CcXoXG_`fxYQ*t%`wJOvnAnTMwZ-o4oPV z{#Sc@?H8s^mkKK@5)!|+5(ig?JjLJQKuZV&ynP?J7={}ocDrD6*ZoF02rNlNC%pcF zknnU-C3UTueiNOFQChrG&vGQe60cX;l*{?QRE9-`#IKS#Mpv4~%hOLzvW4?UQ#cjR z>jnq&MXaBn_)Gx$I&U?Je(&hk|QsV%b>V|wp$d} z1b1g}C%8j!3GSZYHfSKY1PJaHT!L%R2@U~*y9FjNxVvk(JMVkHs#~|tuTypF+$w%B z8}^>v-A_NV*6MCdUNT;4kx%Kn9UWOv)go+UMFjVUeV)P#s7nBqFxady`fF;2zT`Fy z8FPDV;Z8Khxqp*W1#GgKP6uDNu`$%#@zl)6d9K{36i>QRF@dUg5neO2oRqit$FHaR znUm&#j05u6%YK5wB8Y4Irrr}TObYXE#E?K`EZ$FSf%*tFq%%gF~9P zY^niz*aaN&;T$?`ecy4q$tjSQlpmMnN26*ROG(Qi0T$GRNvBt>LB$TLdXTZaTKKI_ zc8mE%SvT(2`$T$9nTTk(%r`PSl1H#pm2L!ou4px2==O@v?jnpVtlM`L|_#zi0>&l$Ym2s^!Aui~Rs;xn@J2p`pIIJqIxTX2L0D&nFP}ZOlC!#k6 zM-pzD{8*@|Ax+)giqznVF(aXC7zy0$T9)0{N+Djk}gIg-BI!ZLol6Wz3SR^JIIXI{UMc{h=9i+}czmSO-x$Fti zy549QwQBfN*R6b=<8^$6FE|*VM)nwrG91=%;aYecbqg7;Dv7MXi;+nsG+NELadRYP`VdQ-b8y5=p0N zmkDS(qBC7z5ubOq&g6b%0G%`AH z{=3P3?@^eS8V^%mY9nk;Xa5}rW(hnQwT*867p%07!<*x0b8>DehqHsY@VE>gfI_3*#R?7{<%8yNb*tOH$Y(|t%=s0o-qQ}pjcQ_OK) z^;s8m9{>u2R2rN`Q>GMQK_?ve>9*#egPEQ2ox!Xc1OJ!jo}na=v{4gU7mX&gWrh|= z&&{wIY!2puH&+&u?Ey5ZT9afgdUw(s^5I7_4cl7S6jX!HdoZSZeFZ(*00jLcp9R^ z^I7?!NhHSGw~eh8)X{pWz>{_QxyvC%P!=cd5bS!CkKZw*az z<{eB7QH|%n$QeY}Yuo8_?=#G0nP2|;o%s;iG}+Pa=8EWo2%(TsBTxv)hxHQ3ei#V- z=a}7CKOVCR*g^YKS+s=JYFhHLSTPBK*+t>8XgbqH<@av6#4!8Ev)3?OMS0?@s0JPu zSKJ8`HVbjU*}c=#+v`wkH&y;E7yae+^j&@q)jPxEL z#Iw)kRiHXvj^Z8oVOL~vWk-7T$17Xb)}>9UqY-e*d^hTMv$P zgh|({ehmRVaBC}{o>AqMl#*vE#pYJplu`|hKc~%^&7FE*+IZL&Wa-ps$dTV1^X6l} zaW9rV{d@Z2k7+1Ek({Jq#);5xlj4{qyx-7pHQxXvKFH{R4Nv5zF-VIf!nLlW*mqA# zuq{&Z$S!A(cx!-v+N4B&saO3I)GaG&7Pz!)0$$SEY0EP8m1 zzy_j~ab9jsu8OK@AuGfVV6^`7?C|0ZqyG0Ajk2<*%e zo!dH5pib-6Gt3O6Oi|%XVl{I}>cOHMLv`aYiX?&7%Z!8w+T-12<%+7TKKzQ~37#=a zmz5A&u2PjBJ>{iXkFS3pS?5pA)<$32=%Y?EEK`a-yW|6nnuKy3(yr;Qrkn>N|466g{B z*WLe~_4U7Z0w1DC-}OFFlM8(8SEVbJ-!d_)d*R6u$QA_c)}o)=Wh`RC$+vf;*IAKO zOjdS?DNcX<&;9r~7&vg5`>5|wbLO|#3fs=SuX;<4#zGa(j7Z7RV8yM~u$66~F7IuOIaxan`Q@uAs&o^jhAjTGeSBaIlnVi1@(z9wzpAaV*L@!2kUqo`Cr z(TWS+c;k-QUuT+BR7{UZdIG0nvxt}e*PqClN_fD5wEY|4qluX}l4V~8jf{(wl$1)%SuKr>-ca0pBQm6?V6R3c`Q;|Ogvw6+ zM=tu+C-|8^&9mzkDwSfi%M;UF3P`HRua~Ax%Uoc6+|IGYRUPw~@`|>TXABziplYANt;an!wG!fVK)U z!uEHEpD%@HIf&)y`6^fxrf;u?^|En27hFzaPlMVtAT@HcD|>zq>@ngOUAjEn<&A66+`qjJicwZO2b-?%fD&_6EhFN?RGCD=&_x>nyVT+gRuP z0<(#DvV7n)W?(Ed3*q3`&X?ERDdl6*jjIL1=d>;^J?ewZ5v#`kWA*hE7>O^_9rt=- zXH%Ve*>4?K@&nzGCBBM`Iq)iSSU_uQ4Vo*s;Ogc}WeMvzhPjm6ydHfFAe$yYKamNX z-+>=(&g07CU<&ff@K?guz+)px6h=+&Y^KrXew`}EEIM8~if-G*Pwv2+ljJ@x9>Pim zk559!{d|qBH2LZaPxn)jPDJdQY28qffqtZ?F{^t`rH+@yw-j;}Yf&{$+ngFlzTCH2 zVLB@ZesL7d%#^d6^Uj#xNiVIH9Ld-} zWF_R!pS|V(Zc4p@FE51`+kS#DA%aQr2I0qr@>)p-!l~bGZqHipG-Ur` zGz995*$JyQ?781Xj3JVPG5&LSIC%No2+2|eLXblz)Gy zSD?>DLr3Q;kklWFKp$ezNyf~ESlfmnblfzQ3(@CVTYI}t4-E3m(Fz-4TEOGh%a+xW zUR~Zxm*awB@l|0&a0GRHo+^Mjn*@n-`|!A4&-dPTo`}@@JU{F$$tcp)cHrIZ(ZOEo zIuQQ2$J}=XJ!Ti%)|pX?`^8hG3HS~(^o(Wp-sbY5f8~b1+a_MyO8I7suO#;MbDGrF z?x;ucu6k;k+>JkQYWa5VCt3feL-U?!LLR#}_|&@Ai=5}*@wAMWn$Yj=EZ2@28F=mn zhipgY|0sSAR)4 z{b8nrh9FA$2%q)iH$3Nf(6b^8`Ny?-SR>r8_u=`pZWCpGbl$p!g_Px^c%7sk!aT62 z3T3=cT?Vn%T6crf*cjeH+XcBD2mmk*YI|uT{PN}X#cKOUTx^>vy>-)291DPLSHhSL zxP{-}FPs(lxej$1zy#o*9?DO1PyS*3bfXz6=b5;4pzQmp4&kYKy6^AbZcQjD>K4E$ z;h6brI&Z)MfUTHO(;0eV5*@?bzAN1IVGIe7D`p4K=+&W|bS~a@KluGb!ljv%z>FoO zgSvajUA@ah@V|V0wq*O@0bXGhF7rH8uKd~I19DF1!paXC?;usWZq>m zLkEYe4WKa+xuP-pdnxL{zv4o&U9b-6=)(+T10~kHP)`#ol?^jrjiFVHmybm}T+{ij z(kX!aB%~`bkb!PKhVT@0ucNHp?}j+mAt(RMkP@`~5}BZ_j@q#rXRmH4LsRc{A!rk3=hoDj=zMQtA z-c1GtpKpc;!e0Gdb?!E0{2g?Y`CG>bBj*zpw`b*62*d^3|DnQUbAZ@7ND9P}L{Uc= zE%ZNHfGHel&}cm6M$_*GISLT#i0`V8go|@v7r~-IGsbr)qI&H-k9D-H4g5a2F4?~L ztzx%<7U&r`jC@Aj%6eEVp>gs?GGmZ#@#RVzmk$v|QMWsl`!v4MM#P3)v&SHRq>mA4>GahwG=ok1BZ^Qi~07WRN!Ql9=vK6+@c8`RE)~pSjg)gg?9w@ zC`F>w(?!gYxfv%|rg=Dq6K^+f5!3%goI9wi31&H1{O9HShaK=nS$_Y-^W*kiz2(3g z60F08;rhb`cwylgPUjzQi%OzlL8y#sNG)J|RNLE=p0jnSP!z!C`niD8LE5IYPTQ@$ zq@EQZBl2M0eHr?uklH88cfrM_BR-1-MA>b4VPI1%z-l{qTfEm0x zt&?1Qz8$@WLNfR!xw;a4SY0{^m*XE#QGv4PVXIV?LF8#dG^CcBCjI96$u^3b-mV(->|5_nDV2#cl{X?KMF70XFv0`}s|U*eCEx^V}IvdLzGa zBANNnzAOsyTY(f+<>$#r+!+P2%h+N=DlxQi98NOTqzW`gN}-d8Eo54SUmey$;A}2Yy@hR5YRcG4Dj;@EKq%0ICoq7}(*`4OvZw zUvB~9SxdM|QLuUW8Bo&-hZwf&o%jUn^s+MJguEJZ@wss#?cd!VcF~YS{|wY^IfKXP zuv!Pvpy#R%3I89mx&Udqw>6Oq;s)UG?)T#-D-A?TrK;}7g)$+>P=-p}R|yKsUE_=l zwTpGc=djW^A*SePt8NzUtta zK;&7ZCx|1D`SH73@=QY1Yv|J0WjIXhnnc{Fr7H1strrjU_pcx6*jT>#F+>I}3YUdt zBU4o=sTTmT#VD{0LoIs|&I?vOGq`*!BnXeWgFLpgkD8z0XHKnN`^ zw~~u1pB|&F`5YNHh7PY^Um=`Ni1H-*9XMjL{@~34kz7|F59ZbtK)py2Q8r< zaUXe5;#~v+eXl0|aO}Qz()&$$^q>}dI;x1n+LQ?_v`N1*k%^6so=4^cWnhNWjSVM# z{K8fX=X;g72o^w}j3=eDC*RFu%fpjav?$6Utyh*C8Ggeh>^!D_x~QHv-XEPl0Dwn2 zh|F^BUUYmEHl6XRjuujJ>_p)9 z2b8^x(N(VJs)A8H=wD`8@Szc}l8_Stj$;^E{IuiyDjqF;{O=akyl;e^;=Vd4_U)fy zzU}nDKX)`smBX8UAL5`1WzQZL{G?i_1<_GHxSV{vxFKdwWDU*C)b(Wx+tWaNvYQAs z={Dmbz`*cFcK8`3#^*r)8G1Oc&bU}~6m+2!wZ#ksAY0w{yQSImmln%>nROSx$fY38 z^S+|=SpRGhfH>BwG)j^V(kp-mu{ysZqi=qU3)7~x83ig!)XOP8C+103LN*HD>*Q#| zvOLz-QlMC&ry9v7i`zSn;Tl15OH-+}gGpS~J43{%MF{-68+goVu{mt>IS~2h74rNW z&=P?0>v;CLEN;*gvWUdtEy@J;3+K8pe%{1>S^ViH2An5oFJ{2cIe*jGaCJ({q)b=so<^Ta8VSOlLJ(cOPNt4JW3h@6x{@3Z|K*y?(A<7cL+LH%d;*?@ zd=n3KJOyr<<=c?RJGR=yR?^!)bTM!d+4qS#NB9>uK$h@$a#&N3eqD!6m)|td zpu4xudBH)1)ya6~o&ac2vHf~TN~&-ttlE@qGA+$LS0bR;2{x<#2om^3{&+C2WiRu_ zCC`K_2fYeFIb?(dfkr;>(fI`4TSvt^ph~Z!CDs^kx2k5ZJ@Pv-BR0FDh5$_KW7~s6 zrd7M0ruQJO1-%h?w=BPy{`zdaVKv?Dyien}tiz+QSa@iiyrcsX!}KcZ`0q-HQ8@~#W!EMd6#=)OY3%O+EW0Vrg#7;Yo(6P zRX8y{hWpW1Arnpig-jlgQudvN)<&IWZGbe01q?Yt#l4~W)$@#sR^e`SWB(!M z5E*rAYu8Md$L>haurskjg3*#l&OLM3*AI~6?kCVDI^mm4UWL3RF9%d0m6IKe57CY%<4-1Fq{C+nlcpi-CHxoucq&_t!tMoV21hf?%__!bmKFW?N3l~G6_O0XY{ zPyYLHgoQ_ng&8f-f3X(ye$`KXCiCWm5Z>)_d}9nq*OZo+xiUPkNkLd-;Ul))hny8x z8Ck4(^AFe7aHSkg(>2*+jgE_IC?=1$qhx5GU>wiR5m*~%!;={vK;eN^*y&fIoIcBf zz`&)BG?_?Sy(8oBD-?Sq_$i8s{`hQ9(`_P->UGDX^WLW4ZFVW_{UtnSa^|ovp)cG>)_Z*Kysu1;R zkok-lXRB-xq2v?I>im15Ts+l)b>#C(GeD6P2l%|Ahl^1j=7VM38DSuaajD&?tmjY@|U*wKAKFRnItDOT$c2^G&7p_d~Nin)hKI5iDct4v`S-#I{y}+Wvva*;x zmzCvRyBsk?o>%D{DPG)8U&kUUtFNNm%d~f_)N)xTQLzy+%sIRLYVP2yaHq~UOYlr) zOFbTLDpDwa{T-^1}2z>)X8YF`nHey8{& zC$LRy%noK&L?r)n*uPv~T?;L)xEK!d2k#+gJUfO24Im_Bh5lZ1y(|J;vx9L6+Rduc zMxWB&{}Kdr>%W{-k!Y|O#v9JnD><(m`SLnhy`ttq3+jFMp~6V!A66obhlr6Vv~dgx zxxWl}narefv?>pWs~Wk5sgy)9sQ5$0^3EK>1`!KKTq~o=>pF?Z{r+>C;&>rklqG<` zHzYa0cUSWG|Ii85#1{cJC933d7`XH&I4`V&(+2cw=M>W=xcN?5tT(|AtIk5q)B9ujl^={A=@^j!JS z=a0Z7Ni76~%JKcwi|j(ZD5m0;v#pc{3rM|M(2ub!2E?cXAfLpWR#i)XG53ZSdU-m? z=fcSqMcmCL&V#i5Ao(f|UCg%=zI?Zzz^F!GJQ#;q`tFUnsyH6IIVbLcMrf0^I-%Ru zWRUzI*2d&ai92=MVeJ8B(4=^Boa;fwyy)L7M=Ra47_Rh}#o9D}>#;Bo)$dEeKx~!6 z>T4BL%LHMflL5QssHL|^cviAs+%MVkpgcTX4lP%0kMZ`!_y@j-pIt9bH-?4*s*l+6 z>QwH^1*o|J8Xyh3`?_KAev}CIf{LZ6VAB|t2q>I>wxuwsg!-P#*{@*|4gFP!AL3_Y zE7@$nw^<5=1!&ER^74v76DSb_AC$r-vt1sD(0Lb@7Tveg@Z1c4Xo!SEU?{6T3TC1o z6~(-HZQx-3bX9~wx4GV?2a6e4n2F7ZjPDYeHRQrSt|dsYVsgci&^{h5mzck~e>h~& z`MdH7q$lzBH*nVP(gzxm-2V?HG{X!E)&j-k0CA~Vc>-bNt2xVIOI(IK>amP&jx)i9(PG45qt88P4 z8e#owz3%GIC+%y4L`2cw(dNqRg7PUvM{M7>kW?gHTuf~Yj-AX`$>ftKB9oKzU%;Gi z#O=Tq3$j~4k--fx-7bGv$`nO<3T1d`PM5TiH60b3N04 zFBM0f{$R>a9Wi@;d^G>`=!N?p2r&X?UYR*6rk@6}_WdWsv?b~eYpa$YndmhQn-q&8 z5mAO-PP&J2fZ*Y z!WGx~9&+r!ka6NOMdv1nf!Ku0N}|@Lu#5n$7>fNe9|>>iJ9P8Z<7Ea+Oce4k zPLn-yr|li(IR&@f+>OZAeMTQ~4%M8u!T!{J5u-41-yvHq9eRZQ1!L=QM~Jb+vg@@iB@y@8xSANX9Lvw4t)76H6#oDvg!BW*3 zv)##zHzBhu`{B#I?W4#!ezkw{L*H0_v9hyke9 zg>zvT8nJFNr14KzWtc?BqF^K7rT>@o5S^h$I z>2;t0m~~&xrrMBBVA&~I@4J61pBcFL=QhH@!s}CiqlQMr?$QfKZS8c$uVWwcx1)AOl&ZKvP0=GgQ%YZGqUcoUCRG4qF=VxSiJo&a|G3y>%tLfEjANxl587e%Mdh|hc?2s-^n zFTa22p$>{%w7+rMm#QMyVxmtnXq^#+uqFcpt_wG?ODZ=Yk?~4N4kmX=W!1XB2e9CW zO<+R0AE+o-3f7DAYA@H#vJ|Z?*;@Am?3Z)}hGC4e0X3B>;ddp9gq+;N z;lx*3D5EMK>bQN`u+&YqOaGT+sNCB19_~W`UJxL#gEb0##zl8`?De{ z&0|RjdREDC_+=LaZQ&u_ielROgnuMK8M&KxxsqSkDt{7TB;rNz1`v$g`qBZo&>c2p z`OnpU@^rzt%~XSJLQ|b#qiifZsAp$_@GX4gU6#l^v0UpKLMHL%M`ddFNpbhO?sIt` z(-Jy~tHeK#^jQTAA4CGNDlC(J<41vCzlzV%vb104FegKgP`wx=VqnZWjOLb8a>!pVMB< z6sw!L!5){?&%$yv?`vJyOQ-LB$1PAq-qap(%WIGeV&yPmL}0$@hizUp{($tW%g!Yfr3+A|vE^?D!{Zf#bS-b4 zalLd^4Y9&m_Ym%uqrIG^b4B<^ZM;v#VJ>e(p@OIcQ!iNA{FnKDb3f{3RW2^acUAn) zLY~r_cG3Go5N85oNePV>YVgaffhQ|!+LTH-{7Mn{=K&iZ3?lP5rsh9RlB^N}&zP>r($V&z8 zxM%IXVJH^R&>?u9ga1~hvr=7^eNsNdN#Oix?TWU2MG};qxlhfZ;j~Q8lC|7aBc-FK ze7{ESjK*1fbA;>C>gF70nCV)x!e7%5@q=9X{5r&$T7@AqW_6JTH(7ri+~(Y+R$nI|E5u1&0HbDK|jQuzCet>z+MRVBsnj z-o)^!mFWo2sYNd&=W?(xaCNg^%KUL&TaU1Gu#iqkP5rvP4D+jd7_992S^W$^U<_Vy z6%#g2FiyD-fLJl0e=CTaN=~AU5db)c$eL^y zq6F#kv~fa#?5%=I_xAN#qXXBW{w`qgh}ev=bJE@~RO+EaKn6-bt@({!ze52#b4o!G z%p_`@Ke7Jtfs5I9OYxX>Lc@SW=vlhP94ER%Z0+x(^@#%Wr0q9(Ji{pdII`g$j;}rM zl#`Wy+^*Pm9f$%7xO9nRFOU^)xm%RsVexX z=O^Bu_2Jbz&B)45-kooV!&!kcrV$0LA|+%WSN%2$tM%0-BC6Tzd%w=`JETfDiQ2@z zvvOQ9D&pAub&o>!O<}YjNN|+O?*95+Mm>ei31sn2*9oU)v$3d+OxL>>ZfRGE+>Kls znox*m=cqj^A12ux>Rl?;jb@D6x(zcFPP&b9Xqg_Iw9A}|+9jeTa&=#Ut44Zs$O~&R zLQ$eL9`@)i4;{jl0Ba;hZ_FxHEiw3U^;?S; z0}WQRYn8cbCMXG_lp<{_0oX(&PO}X$jV4nge;~rTyYBPl-kcIeV_nCFN0)bJ*PG0i znsPgPkbK_;Ay&7AqFQ`VYrE*l+4D+m?y9IRq?Y|>nb4`&bA24yJ*zBplTY4w_G5S8 z`9RmaP9KBd;)_^W4k+RME7A=%j*1e$PcL$rD6eN;f-Z(1CeY3x@QKlc@+jEp5lO3^ z0fhBv!by9prj<6sDpZ^tqblL(R%qb~nV39M1 z{;;0~i4J?rvl@!c1CC%uGHm29=-&F?WI{-$`&VBW`pzNF^&!*qsQC+PK=lfz1;Fq3 zRkbYE=DwN(0J@IJ*ZuZoN^;+T3Lm8B+vdLra3A7Dj{5iUv$NJG#y{{+qY5e`YRrz? zg8-(W#8l8J(LrN3hYoYUvZ;G#d>i6%=X%!cS*cQ`HzP3^i(B@G0|EzBzFQOB4r#IC zu~=17gP+C)U>ctT}aWPm)R9kDHTgy`fDcr9;N7m%w?}u zfew4ND$<||my()~bFC~x>K!14c}Yt@ZJ&g6$$pd93J0jwZC;nD9!U(WNL$~ZNCAew zNqM)#Im|ijc~h81X?}E=pcupu#|-%$u)sb?(2D`p;_2ofbpXOvoZwdDpL&@hOQ2c^ ze%{l(56ttH<{<-WABN1qgxg$?HK|UIdL{gOwPxvS>X$RsFV0I^X8I|8jSc>We+D!E zM+@Kx<8vemWLbT<-WFrsMo(-_!4@xuxvWcHh7*>(OByPyTqTTb;K3!3|D1+EEe?o* zs|{z=24l~owgHl?z4>_(Furn~j;Dsydaw2p)so_&HwU~ru_Uyxn2m=+>#n7%{TVao z)`5&Tx4zdiUjPpAHUJ7Pgo&b4|5Ha*Yy&gP`?u|QGPx*?pgsSct{o~*hFPV#zRaUw zfjTO3@trKJtLr7s%-<4e5m;g5rYrpD^y1#|>*7bF?P$TzAFxj_rIW7u<#@LH9fElnD>DK`e@r?~IlV&oD;y~y@gLn|R6 z$oHq=<2Mi6myjSKq!BYa*ecAq*(|b1o9WpW>#G9pcmogTj~<9tTY8>&>x}~6It9>N zVfY_6Mr*mB)MAC@833N76ug1_NJo!X4|GJWmyQYP{t(>p( z` z4UhLfDC)ltZ$c6N3vA;2AGt_3;DERhzLETj-Q4TTyiKCfNUiC3wZMNQzVw_0aQD>h zUIK$bd2KKU-v5B2XchAs!Ek#s&hQ;(#{Clzr)|Uks6-dOjZV6@E7N(!Rcd`?Mh&Vy z1eBxcda)~jSpFg+VS^KC1^2z4Z=SOk_u(XK`Ajq}e zgn@j!^3$)R_dj$N*yprk{f{13w3RfFQ`itPZp|fA#mL41C^n(l;WNoQZD8j?iP7T+ zw`o!#6PqWjMUZF;!smYC{4o-TX7u9plq9cy2mGR+%lxL_y;O;TZ`=wC`!`H@i6X-7 zQzgg#fY?&RQQ+f1Z;?nF7&y&d&Ur-)&}9;F9AegeFrK8sOiI?Wj}o8m&ogRAQgk1w z$1gfQ5}kr0hkTp^SEU5NQ9^4QfIfIGofwk*S_NGw9YEn5S^+1?O%JS>8}7)0!~gqz zV@-%d?;1HP$=DXac2P6QzHMMn9>_P{S$;s#>wnoN99YplPG0x9FK`YNqxgfKNw+|E zmhhjxb|k@5-d@RerNwt?Aieu`+&HVCNj5((HLVN3CQDv`JiK3!y-(%8V;V*JzoVS} ze`vP<58R$)(G1UDc;zbGW%#|%f%oZm%Oy^H+98C)pn=?ZQNr;Rg2qQ?!uCsLPbd~4 zb;HvowBb28-*kBRo|&~}p%&a8t!cJC4>ta8C1^6?AH#l8?>R_YrTQOjZiN6khZF`z z!bVMnW3@nE7y=yCO8RxS0NihI6#r*pslpG?z^9A$`FwMIl4GN8dnUN5V^%ngLMRBf zZl+TGAMI)d2Yof%y$8&NJ90&8Kf2KTDts6{_Mwl!Wl{krD$Xp7n0otBe`E zuPKceA%H#Tn-SemPC@6tn-P)CLl$abi|v{pp0J<`p|dCGuChnN!|$4xk+f77oP;8y zNAB)926)L^2#VGUB$V5ZAOXL-{K^33HqdDJI#tMVgj{=KvKFA+K2H!tfE*zrTYtSx zX@&(9B|^HXZjNRlx!<3$^x_?eb) zr~^JigD4lFLc+e}a?ALNqPj}s5NJ)R5c3|{H=Aenc<=YJNH!dt8EQPKL>1%f96Q*E zQM=c6$-~loZ7aFGbBrXH7Tev2Y0jtbb{X?F^k{zYdz5&G0$}*>%Xp6d1PD`@iJsXD z2;~8Y;ocU5d3YVd^9QFAZ_jKH&17~$!CXYo7U#RWD~R6N2Ld(F4#Mx}e&R`r2LIL@ zM9DYGtC{?PE$^8X)%z%*U=bdEOXA4dqG1|co^%@^%P>bOc8oBgXQHkjD(de!R<2!e zQ&JKz@#lo9=`u5q_1>&Jw4`Jvg)EF$KT|+X#-!G1J55!|w+qa$x?vhZ6wPH`1pmTG ze`IwmftB@lXbnb*!jWRbzGP#%s)^m7o@KkOgJact-k8HIgK1+1S*#3yZEscpY?)NYX09js(!;pboQ zwp3SB`vPo$U+<2+!zFGoJIh2bdO4zDxIP6o?r6Zd(K(bzptF|y-TqSUZ2Wc_SI4*d zIsO7Wy=X6Swf5Vf@^?WPFb|J8WUQ?#ouM0qz-&Jgjb%K5e1Jd`FmV{9n=}!4Y4Pg9 zlsmO@t2BcNC|DJi-X!SS;3JkquxWbfyaW&s>GwEu0nVxL=qu{kLC^~-#%NNqQ;lgD zGY0lOBsaM)ZAjAY*rlnzSe2Mip9VJEVu{QU!Itm>ra=5!VjZD8i1o=t!x|pgOlj@f z7txnc7h?fvPvAqz_sX(51`1@?cMyit9$GlPK&k=mWu(*(gH%=B-?Z+6^h&Dg#d%+7iMe&E-%~JeoK_sx4uG53$hMu|1K7I(uW;BAg82ijkj%ZhL z@Z9|i7spc*jAZq6ch1br+>=D7pkZWG=_ld7g*GxW;(E2GNg?X>YI}RTyu4h>+M0ot zjcxthd+q!#wVq6o9i?i`JdDFzKa6?1-Z%AFObM}f^{Fm42K;pB$ z)|<}Exd2VeT*6pdT3BX)eaLdo_K%2TZzzAT6AhO_bY%campbf>QRK4O3Vd1{;lgto z0fY~Xv9Z$$Qn>%J#w}UdmD_Py#d4l!-4bO4`b67lZ_CrU3VdZ16-^_f=#34F)YR01 z;^M8lmc9t=$0!^IsekW!?dzE!yE#?(Dm8-~wJvV$qX+^8Zh*2fSy7XYOUh_kRHr@)T$mDC4w_7+KUKe@V_KA$_DOmE@=KAT@MIFSS>&rqFKmbD-p zqR=k_U{1)df|q)q%V8n!?iAy;7waL?d5UbTeKdShAWpyFZ7H$q%Qjsv6$6-cxTmhyX0Z&lr#ql)P}O_!FIT-)*M#+nRSlMNM$MW`91$F%By z4kI?>)o}c3b+EyoYQ}vv4m!hJN-7TB$t?VwMoEf8&wM|WYqsNu6kt*Tr1=JQ%Fm;e* zA1RoTjSv0j%pjGUA(7}fo2sUVv^s)Tgb($=cZo+YUsXx1_RIF|fBY#FA}lIOPD;A4 zo#`jGgHWuND*}9Baamb522Ry64}KER7De@hp{9zjmOHr9Ub4$L)qU$ioD$OG$We=X zs5su&ms?v~o1fpZ(ad!nTx#Yvx+i}XRvtq_OZ*X_FShYfBq^)1PI1?(Jt;GjbS?6C zVpi4xlN1jR&wGfzfh7(t${%NlIn+%gHyx7e4W5lsqj`%{4i|Itw~i2GGtb?}GHk9} zsf&ymeDVc+MdB-#_u@I>n^2?&CUrSz9?sqaJm2|U*?VhiLqTtGFZNkJz@nEtN?LLmgece z+byai~;DA$*HheJE^$iCvEJFL%x#NNj z!1`dC9OlSOv}qAg^G~|eyYeWUiX;`YLqk4%TKN!*^a%}ej|xgGR94ojI5svm%%vqg zz21vSWKR(`j{GC=PGMAr(q3BH!wxWp_WPd<@ITAF9RtzIzrkZhB2NJI+g#Qyl>OB^ zBp@9<$&!<7`blSCZoOd6-~b~`V1}y1OBR>mupZ37>n_`%CuAbop28fWtl&gM7P=>*q7I9&6{siW6b zf;jPlxQb8Yt=>mhp^H~nAFZqm7JtmlJk63EdDU&xs`FyUjczym;XMC4xcG?#{by9z zS5MiHeuWN;9d;#U<HmB(+P1zjxd~~n|ez4TKqmd`mwJk8)Y8&=D$>)U@AZYZc&aRMpy&?5qXwSQ-I9`=yrF-`u<*6n z-Y_N_p}6$xN;LNQE5oYlqA)Kap^}n{fHVjQh|&T|gGiTj z8#G9FcS^S)64KHo(j6k*Al==};+vW0nP2m3p7EDn?>%Rqz1Cjqec!#;I-Ak`Wt?j4 z6kqFB8IkU1TfH%r(hs*GxHP6Tl+OR8Ve3>f(>(D7zsxA$b9M_<^W{zsUlGpl@&;2I zou)VPWQs4jh?11j`?Fc)F?W3eWVdT?^IG_vhb~DyNb>p*r58aE#u+*OW9n(Pnue@Q z`-Ru;aZ|_nW`D|XOIL)`&Z{gjbZoCj$jDbN=HwT+9~*h$=+iLeBe-$R7Qa3|Obz8>6=rQqz4&$#UZ2T5%w=AY{04^IV6VmMEJkw%E1elTGr ze3KjE6{G_XY*!RYhl@_jAN-moZZ^B;Qn~iNs=MkrNhX3~_pM~$*d>9b!%UbThi2j( zn?g>0v>+Sd@m1moc;FP#P5!yb+E0IaG+ry8nLf)IsXmVTVi5Cep@Hl*(~h#T-gY2C zyL$00w1)9e$4~bV2r@COCxhyvhRp}6sMEs`8(5U zwb+d@FHGwtopVo=(FVsCCBvJ7$_@;C9cK2VWAuF{VKZw<9+?eV{;l6r$=GXbSu_Ks zwOxEPgNXF|au45^H{eJ_`^`y92#LI7r{-J@o_TmETJy>)d^%fhXp=#;flP|_ZF9ov zAIr?N*%Mp+#;N=u_vO^i*RVq%Qpmd{XcqfauC!zQP;ZJZb#{bv`d5s@{%rmiiKX7_ zmp|WJI5t^;Z>w0!)9}d8pXjc|>wpFhU zx2W08grsDMQMJqmTns$c*p{HgE%48NYg1l+Xu8`R#6mlFJagDkMPjy-rcyZSwq%Hg zt=A?aF!yV`>}2thk6P)=@2CyWw)mjEA6S*!(OT`Mq%Ou-6mv!IBQS3|zF_lZhb?9lSo!-na^3HhVoaK;+h$!Ph!;t|7vF&{mB*GvXCAuW1&#Z0w zMb^T4k8muJtSDt|cOEZ=k_Hi&H(<($91i=uw^_?M*}un<2Hk8#y9<(`G$d#squ6Pz zRp=Iyy=Y)3dWr&d+V=JMZ56WRo)V^SQ>^R?Ujd>Ax4{9qMWU z=4~NOVKRJj3)U}Irb$(L5`2CTmeIY)D_78@yHnFSYVjlUHi^LXBlU)BG6zN#z2mj~ zY^Eq1aT!UTCne(<`V9&eN1rbT_Mn+&PzmSA`tEEPwm@^Cd40giN88q;ohVG{g#$j$I_qr5pYh&d#Yoxrq#awCM*X5aOtp)2#o)7o=Yc|WDh!J;Z|0!oKNP3aiIuK6N zClFS6wHsEHAw*F;*1tV-ExLWaU1&>1&&bp)Cgi90XGB}9l@_szNuswB`~a6A$~)=( zm#qoE(=h%(?HR{=|Gs_GC5;-WWb3V7CQE{I@ZzDbG5dOEoV}`!C%x(zl@(7%yR)PR zmOaocI{k6wh$I%9TNUIyz?>l{VFIDQnbm*u(6+1!kK`4$a$^ewcN_Iknkft%ZK^{1 zzmtDGoO6eY%=3|75(1nkLdC5JX@&{}rJFDj$7631Qg%4Sn=LE)jn@ggi{(a$Q@AzgIyk^jgcF zqTKaZv)Q!7*g&T_OyH~QNCB<@Cq>x<@LR&Saqi@)&d)Oap5u%$tIvCWPYo6K#z#B} zBWr=)$1Q;sGX=X<3D>JK#CyAK;(6Kvw_(+TC(%FTO(vvpUORQE&Jnqt0qr?VTSHMJ0_ ztX6VYOnUxe<=^kAl*gG-l(uhQ$M9YA)jwp<>cmB5f0*L@tRUe< zp6CD$xU<7TtL~ilot->6P3g!@+l$k0u@;hF9wjvM&bAF$ zQ&l|-`l0-Y+q2^QsAcP$6xBz($ETZ|%$g6QZHTP&<__&yKb=_oaNe%-PvL|^IvVGH zRsIro?r$}a-y?Hk`pUt8DwE(HWnM|~WSMsOmld)u>veJ4*C+f4389mNRuVafgZHZE zDrCIAW1KUOly;F2=PHG*p1TW8({3;sazy0rKgM>OsKUI<3cuGr+HVaBDiQge5GK$X zO70fiQHCy|_$2gEqhG8hp(XryeYv}FBhf5(&r++9C>4X8j9?c@+`w>cwo$jwoPrwX z=J%B+2={r-8dk&pw2xCwDsBgI(XDrt{_RhgxAnFJW!SpjccK@3EnDlv>FPS?nJ!E!>oF=mZzJnKgL)%JDVjP@%)|ylCqfQ#iTX;c>T-8-If|V{f_1U+_Icwm*ey< zC6)O4@{178-w%H=Ic>hcH<=`6OPs8#s$2=-4F8iAvbt{F78){IhMr>zf{XJ-MT2hN z-aomT)=s;bd@Jpr8~G8vdnYR1qUl>%0=eSef-MIHp#)9lf z>(ciV9No2B)&Ac!}bqEX%YMk`5YRP+vQ==aq96eWHww>KiiF8^UJAW zXP?DQ(hzrEw?t5#xO9H;PuaI{<>%;24ie(ELv?nU+8BG)SG@H{hAL(0r`SzXj9d0$dA=ns zJlf|4yV33PPvbxTdj$9IUvJI4Jkb&Ed+@$MOhoNLz1vE9QSa^_1sPb^EP5P<6(#{e zGp-~M$j|DQ@_#hfo^OYZmbC{ofzJXOdaSoxN<%}zK+|$iwoUFzEQU>b*CDia#U>)}pJnrxE(|yaI+4NtRnWpPVZX(E@asftV z-x;^HXNtZHx`#ZevP^2IOhE&`&Wn%?KP=sei&La9mY%LZJy8;p5+3YyVima`0=vEi z6;Xf7JRy8tGS+|c^H2X*8S*LViI}8EHqTbmNqH@FF3;Qx&Dp+8N`J1oq#fcdEk)|7 zrpz(pl%Fy~$cI*nr1HNXEM4Bc@00rnOZkIwSFHn*Hr1lA;lG+~O1I5%|74cGo2^q0 z4l8&%f(?5O*O;sBJBo@rYTkJZFII*zr~EL5rj9nHwYASX=(v9BiwPG>eB}J*;D9TG z*04BbXQ|+>*xq!0>=*rVXFrHVH1lpO<(OGp4(Ckp5s{|B+1bEX${!coZdA4}^+@p_ zzZx}*dox+0EpSkI4xQ1x|6;9fp+ZK&k3{TlnWmxKSm6Y@^U!7a- zPM9xDijj*L$_Uwe9m0k+2hl4FUsSf)DUKRbgoK- zd+m%{*!%Bq#7$>oC8A(QJupM8cr~xE$o%hq!^rpcBH;(ZdBcZqyrw<_{Q zOHmNF8I>^bu{d61U~zg{nrP2MDJB6teI^E4hp4#P^7r@Ehp0J(QAi}^aB+kwW3th2 zJ&}HOJ4b5l{2Vzx)@RC)!aad6)tav@c`E+Ad!zfA-In$CUvgFiLT7F5NeQN9=09d4 zL!-djryU)yuC(16yZ_)J9vA+=&=(U^<*?7yonQ10&Zd8#nAoJZp}O&q2R|`5q_|_~ zrwHi=Ni6eb-NBB9&DJz&waXa-;ppIyUS9n$hMym?_D&<1lr#eO!JWJZ?6MapZ1tSa zo9%db(Dx3bxw8@i134OUC>BkXQ&MM^GDeHW-#tp?Cq0%)`EnA!^e&iW#+~8w+HH}~ zpCb%4q&67?*VZOykd#bKtw)BZ8j5H z1TE(4wc}!Zm*w9v?VC;GOWcW4k@pOYiD@^+|NB=2wK4+!X%+hvu~zc9dTgR;v_oR? z;X+4;#3Ot(gw=gK^_L$Q9IRzggacbS!&f6B!c~-g0e>TYLF>aW2FBK$g)kh}hkV2j zA|h5eZ0Jky?&Fl3Jm_Us^ZWzlMOv)-^wAdk?~XRqqUhFFadBBm*gVhmjoBQZKM4vN z*#EncPTSktUT=%3^zGXUzYYC76r0I?8h$)F(;y;K#$a9{ zgF;B>r8O<$m;ESf@K`;mez|$uY?XBt34V=8P$e3}Jm2{`OOC_7L&!UcDgNt6)(?Mb ztQ>5GD6wb>mWpAUjU{!(vgw@J*p!tv4F+Spd1-aq`fCQ;zrXbFe38-glyoT+%gShC z81w(dg!_8GctII$$Blx*<#K=<+lUyFrXF>goRlnVyL5`tRSNr=UT^%laR%HUhz+jwHvo{!z9x7TrieYK{(&R@` z_#@a(U!RTf$=&+4P+bvQj##qG>BDvT#0QY3PP|zP5_e@pOWg? z{g-0F2${E7OViWhqtyhC$f$y)#xikSyj1&xG_Zaqxt)o@FXLQR<@0EbA_<8ot~sR5 zh>4rpx9hz;%3iovuNzLv2}R-N=PEP)|KWvhnok`EuU5_91^kdq_kGsc1? zuu~U-TR$+=JO)i}`N>*jQhuKEy7F4zLZo|Kwfu8V0_#;wpxj#Aue-ZKd!Fv zLVl$3Ls01hgR_^HE}IcXCnSiTUaW+dPPY(DZDB-XzFdQ52PDSCiy94~onOCJqkTp2 zJb3VGWH7SE)?EdgEaR)r#)^Ld2gm4SDV;0pv)|>@b?QU8yI%)BOHK1DB1L?y|6?h1 zvjq1KyghTDyh%#JIiIo%hxOmFGdGFnf~d4UVU_PoZmMBpv(RkN+Q6)SewdtQ7_hp! zIYHmktn%DDK@| zu}H1`O+A=ke_AUT}Fr|5a;pB_K}5UHxvQQQsC>{B)O<4e)X7OPHdgnKkz8z;sS%u2J6+`2s;kt=DL#!e@Ec)m0MDCz`#7NlJ z42mBGqG2k`?IG$CHN0GD^z3*oVPxsmUvGV^t`3iiMZ>$RJ}lWu{4D|}-k;ZPeOm;9 z;3IPkB}V$!n_T5*csPO;)+S_!hNhuWfrSfnq-nd>t4;pQnu9@I@`>dF2C}kx5TuI; z3@<;Tr@uxAa6dXa&Vpmxj}}#T`vu+=d>fj#5^G@G^$1V!0qXT_u+eJ`fe^pBIo5~I zZoAOF5qv9uU((uocjq_C0U2k()^Eqp`<)*@S=w~sCutQS-sUMc?kAcXu*9`_RoB;# zRt#ZcBq$pZ=Q-tWZ(&)RoAYtGJj^lf`x@nebd!y&E6g_XFNxuB2o*0eP5~mX_?mkTBd_{BG{aq#F!5#pLr_DiJ~4k+0SZO zu(p=zWIlqdm9t9ZeKGOeOb%7p{40}aSnHI2TiQe+`A^3~&)jlbO~%!4QuLK>77fmJ>R;RlZYJf`S)0E_AT3?6{ZMv9LZxl+K6`I6p2R>T zL0RN|HUBzWt*Ib5!`^5yE2tR#s14^&$=aIJ%5wwHP5uQDap4mC z|2VP7h!@b#ibDvhbnj*x!>;=1oE5pRUz62^eP#+bGOO?JpU?3pYy7Shz6X-#9?hNZ z(|7dxdPGN?yxO&w|HJYy)J&=HWPl1E&bJJ<`6XKaa}`Ig9vgf0N(ALJP+lInA29*iB8k&z!jyqoZ~CKjLozKd&X>tW+NSUdU6mbbUzlmDA)G z@AibJ`iDq^!)X1x}K1LeBOmG49jh|M*2bXs?vlu4tkW zDR+F_o`pfe@rf#xRbU|VH1^&$_13rpJ}IWIsp*tg+dxKyPAJa zolo1Wo zN2VKOJosw6yTo;$^SaqS9IySIAJX{GP&rSSMTY<8LG*1jPJ<}0!mW3^GgV+& zG|KrAo>%IRe7VTPAa0d{pV?&v-{P@-a&qW9yPJRg60Eg9!2z6BNq(P_qbV&n^EQ|@ zX=$Hre!Xx2W^Ac4(~v*B0{QYxLU(QcHzv`DEKErtxxfs4`?oPnT6xSh(_M%+A)4 z`1pjDoX4BN54*{6>CNQXrCq$9{MKaESYX88;0Mw%|EOudvNB6kPpw^bM2Uy_&xZN| z?1IpzJ80g}Xxn(}CggGl1R&feGpX?)D9KTJPM(pd5Ni@8cY6k2jV^qYL~VC>Tq#t1T8isBCmbSz;=(11H6DBO+2lDQMOaeIR` z8W>vq-aX{Jd=bg_^wr~IjlVi`B^WN2+^+YH+rdxQ}r(Crn-&a zo)Bhz)7?qpmM(zv-)dZ3W{&`DsDJ6CXWoA`$gMGRU*URocQ=|*CpbMe7P^S|ICh*L zd)@KrkF_i!`t~-tGX0=qBIv&CH}E{4=mvp;>w~EFy_&YrbZF~jpmw059dIER2=b0< zC^`0vmoJ6$)x0L4vkBr!P$16YdXV0o(%IbAwZMFx=R@azZAq?iYY)bZ+dr`8eb~(q z^M}rj4xDC)>~&*Hqq)~Mb{2@Rwx+_TPc>%3zx2y4($GmUS-Yo_b8gj953?InIyRx= z3%GVO;|&k#sAtd-fQh(|u*Kt?BiW}Y$>htN4$`)hA=TGCzu z7t8eam1JhLY{R178XYij`iFvYe*wk)RjJXd4D|}51c zYc0&0_}HZ2z~w&OjYaP?6#|Epq(>vG7pHkMT59TF4$ls~azjI#kDUN2Ssi|iFg#5D zfcYc8Dt?0fsg`$cImcEiSEGwrd#wXbt#iO&Egwe0OZ7GL_fb|k(O=rd-@Zbc^2IXU zvtxQmd8-$;4#Bs|ZXqEa(@@`rv^%Hhb+C4}E~cs(^0m90@KEN<(X3ooH^#d<#~1Mx zj4$~f2`%+3JlX!8@GvvwWl+l2mVHX(t+ax9a~Lc*ZX5HrRdS4V10SAXuAUV*jr%W!j? zmfa^Xk@Wdd&35HAdpZtwU#j_iMg*UX#GET}bIeG$$>L$E_4$Rh_jC3PM|DfJink{B zl=SOr>uw_Ufxo|Pm;@vsvs9Pit$#Rs<#Hn6KTdvM32ZIWjWx?nW=EO=+pn)l^M8q~`ce(*lt(Kzb`jn-d1v(?izFm7Q3Kp}V&$ z-S(&fmt32tVqnY`nLJSZY!e<8*RJ&SHVqA|Zug?=k{H@63 zIREk7ClL~N6UWjv` z28ePhG*siRlGDKY2=)aDXS1y{5giNngBsFDmEVOoTQ*DkX3ti?Z@xpNFwe_O=Cw@d zBT~!CE(oQtUZzZcb$!Q$k@0;(f|ZOc?}LY5w--D5pTB77+AyKso@m3IGX=(5a{qn; zAO5Yil#8de*5AhxvlG#(vvTrp#->ae(}k`U|1{L+bI)sM^I%6U@2 z@)oQf#G1UjU%p1bsLFC|ZRC9>x;O5?wt(GMy3OC_ypy$Cq$@kvk8>`2A2G>k;x5G= z9ldwqZ1RG0yGYlvth>8t1s?wTD2kIvNzg!6N#1h`3u}{SKMVM$k*|+s)T2&Hswa0L zqgAXMC<8*%)pF+J6v|2VFc<1_leULTp`_mzk#VBWuVXzRSzPobc_gH0 z)kM!-&Rmyg?;#;xzT}&&`=G!pqR1KBau6O)sKk#D%=n~o06AB`nge!wi?%F&HW<0??c#u7-rU0? zDIZ*D^M|-;;26c;HEaKzC9O7*dv0P0|RA07{qbGC9EIB;M9N^$=I|#=y z8y;-Pc+N@GmL=1cv9i)omRw+K8|QfNKF^4Ra2c2$Q9O?OIMdiN0tW&0|eIk>Rluf+=9Z>8q z-MEG6uvL0yy2mT)rC-fs4;(r==$(#!h^*UjaJ06Ekg(adg%V09j6O=9uG6ispir!~ zd8Pc?v;EC(2~hmzpR+m`7#Nuy&FCK}9B61%gCF{!0lnF43F4TtWidB@!);&m7aN61 zJLK(O`{wk98%gsGEMv*%``jOpji^Lt9X>uunX3AeHL+>%-v5Dd-|MdKA4==%N2^{S zm)KjJ*(CB|pt$!=)#w|k5`#$cA!;*%6Rphs0u$wU>xL>$V&93VYAu}jj;$eZiGTTB z`crI{a4Yc^*~>sFXyRebh$*8*1_J5M$zB)7hr@7TRRu2?z4gxJ%R6E za{|b=wuo6xAD-3jhjuSqRw$4C`CfV0MqX)m!BtYI8O3FjRqlfVRMPjep!;Y?7di#A z0*D7`ISPqy5{BP#Y}fg*30#fRTHl^L+vH5rtUWOg*`oTMjUM~r(`m)E+7A-fRw{}xhP@7_TqA4!Z9V%GeaTkV)Je!7zzO0Xu+j<$GQ+fIEO4m zLBJ6PTGiecHFmpu9e9d_L_!jpq+s;^;-B6S@QR3ERtp(7^hmrBUaPXUzfa`1%)pRM z&m^p*_TUSzohUFvkj?za%*={_Stkbv^DsS4GaHJZ7Yo~=r1Hx12O9e-&sgUD(aP>P zkM)S6V%lRG6o9$ePg(pRFoH0c{-=iX68-)lmiOPk{#Sca&6hjKoZDhjpKlyxyS~YN z_0PofazHG&HI`KKoaSb`IMcvkypFS^^S8vr{F&tYk{VA57Fo{kXO3xqMS)5j~nfVb7Cvqbm6PDy@B=zr^}TN zvxtvRo*29n)6^ypy*_p$K5InV9IyBa#2PRLIe>ByVukdAD$Hi;i-_4#y^MN1>!X!w zT7<-ffK5|xj{C%2Ux=;UcE#*qWJqr)WPx1qzO+7i9<-l@tz!L?^%Xh3YUc+a8H0ah z<=tbKkpT`av|X(KLAb*WDc2p2;XCM~2L|l|v&$3{onOsY2M!`^D2EHd1Qb3L(|h-9 z%F0AoSXkm59Boe!I7&1$8jK%Il?d$j_Erquqiae@Wv{K+yl3)$-t7JQ#=fB8Jm#f9 z>Lce96w#&lc>7lN#}DZcxDL=T1hMVx4&qtUoBC7$du#DI`xC9MYKRCcsgnRu0LCwQ z$#89$eG7^MpaKPbl~r--e^nOQ5dSyWn~!-g{+q{}3IbB!C;yeYLE#CO5W&qS@c-g| z>39F9)sTRWhv^`x{X}3MS zjsdb0}$PO>Z1B z^}!j*eUwvk3m{i+vaeiSg;)KlrzMdr40s zr~dWTWg!FQD*xqy!fh0kS88fin&sD9uoFs6ovB%_X+HPchs$bFye7sHrtakYykhJ~ zLsPTZbb_Nm?+Fe%t3Ck4TKnRjPJ0DKMa5q;GvosU1DjgPf`SO>@nH&>Z-`^$| z+3)JDtgj;@pt8YoXZF>Xn3!_42j+o$dsdI2o0OrU;igthK)@YBCRGFhL9{JP-nWv{ zQp>d=21OMWu-pG0UibcTU*qzAL`)1SLR>gquuB%HrHI_~uL_NxATj~n~W8q9lga`J0z7eCg8Gf z-@XN(6ScMFSn7`VN{16vR~M(0oMMd1KLiyO@!hNGlI{^b6}GfwBV>WoE>2Ew;-8^_ z#}bWw_x8Sh8Z zPa*i-t{zFnFnPcSqM?rhz&othzktd-@Kr=w4~pmJ_)9GpL?`QANG2-G{Yp#O`Ch(E zJn*V?yXL>Rywv^lDQNZ2ch1#q(7MPftE=@!i*)1Ijj_lCTrv1l!y+T^-;^ae^OGC* zrJx`-MvIYo?Y8jM++f*RSX+B}c_H&(>Y-{>@X_J>PC<`umq)Yio=0 z9NvXqWV`u}i<`S~YKk;Zr7$LLzn8e_>hhe;Y?8~~!Qq93ArI6*UG1k{TNJuo?21v- z((3)|j3#C`!Z`kU)EYt(_ssC_#^xq2F|j{b$c!{y)<0jpLhoc}&ce#-R%)M^s3_`* zGr#w13Sd!aFlev>G6HH~b~@-%e>FBDQHcf%%F2d|zv)XAXzPq-oLgND=zunY8_05s zinsYw`=)C5Pn`=2rPb6PK$|^GG&Hozs;aqIZC51yHygI@)iHT+-5MYj*Wq-InQuVpBtE<>%Rep4AOtk!4nl`2@0na49?5S%2X>Y(!~XG&bG_vwuMwx ziR8XB-^ONj3C8X>5pL;y2mHd)zdO2^Ipz?nbwJY=f+Gh<|AWYLYYRaWXW`{Q!C zUU0cr*DKG!D?t!C@c*;>r<13L=At*5!=VXk&2*M~liRzxkY$e#OqzT#caDxk3$^NI z|NZlsaXrV>cDsC0(K}xDso3%GYSi;Pj!i!;FYg|t)s2Y?nMK;OUmnOBW{&V2 zH^FXnbTln13svF!+m>iXl_HC|*IWA#4T<@kxyW8R-d0gjLBDYRcRi{J<-UPDXDqQ=@18evI=k-hYUAId8zu<13ULr6v-Tu=WIbtiIS z*TDuvVId2I#q{)airpGMw<|tMDypgx@UymBhyDKVGUO1oX2GjH;1b8K_V!#x-EkhK z6XkQscGDi7KvLm&DHK~EJ~L>lmzy+>7VFQ!ByVh(&@(UuFrU`|7E9u`PRq~76cZEU zb2(F7yad-y;&YIv9uB~xqok!pee&c<|L`#6Qq;-GNm&gI3~g;~jRsfJ>FMe0{CpII z^L`JfD(tZT`0<0)uoE8wl@L@p%tC&xd+ks6Xl%D8#}?0Vj2k^s=viRX znL)u~b&#eT`p?7GMOtMgaX~==9G?_mb2+ntnwQ@b6C@B?!Hg}CiL21=2u@YqfGGB+AfC#u-tnRNNT<>fZV%7?q@?8z`$q6xcwh{KdX*K;@fAd> zIH(ZJ%gxmbW?NcZZ1%+>?QF3)KQcvipQ^MJ+PLbAWAlnnOl0>Ed|blE#Pnvd5<<_? z#zr?J3>Zb7{jMjH4!P?IMMZB6v%0XJrLC>e@bK{Dx*s~KBa!vhI$ zm~k*$OniI?6tj)OQ^w2E8_?3ynm`iQTNoZ0F&4Pk@oIktP-kgk*Dxz5IYP3_TZ|!3Vr+b4HS;# zeAQwwH5er;H@CCyYSs(8QooH@A2PhY7aFz^MCZv8ksv}gYisMRni|UmRODax@86FT ze5?ZnEGDai-}LmuV`Giak2V*yW@;UxkaUQiYRtw!$srW6F0r)|Pt@44EbQ8E4Ckv) zo`;5pngA}if2<%Rp~yh_7F4pTiovcitfa^`0Tt0s__CfAwO%UNN9Vv>`4i1mNe z)@m$XY);j1E_2%)N`7C&mmVKVw_XlO|F)hmzoJ;?j53%iw{g4tS^dXu|;mX)b} z{tO+58TApW5T=i>b{E6-Hl0cuP%h{m*x7nC=vQm%#Dycg<~WRF5CK2c<(_cx}J1FqtU2 zbGT^#z<@^-9C&hXTewM#l@9w^;(;NRswpp>TA4{WOo#z(BO#28jAWISMa|5fB4#0z z?(FQi=jJ{^z%<~G!;a_P;vM+DZ(A67MfFTGSR*_+85354*%(9)gdlZY6F^~zvxv2N z5+Na>tr`wCwpS)5CZ$b}!6)$mlS6nnkqeHAi3yK7pUH15`!vG(afp7arnJ1=x3-oq zh0nngif~~p9nO3O(B@Q0Nhz3^%~PGjen;mf2nuQjb*H`Zf)drgU*kw5-@ZkKO%(uG zRfc$UZ-teWV}^9iA%aw0he0Dtguz=od0AQani}5YW`0V_TP|k@uV(69Zb$$^(8Ppk za%!q^VfWon0nBr3fM3|bY>UgwT|doW#sNbOlzmb`+&sT%7+H_zc}hx(#<~Ky3fNv( zU%#p45gr~gMldUip9ua6H(MIDt`s6}+*#>Pei zsX2_h+Gdq95>>fDTFo34B3?Soy+WYkOBop%YHI4VpFi;d0D2`Rl0g2%dHC>dS^>Fo zQ=rPHq13LDUTcc2aZV17rTPl!s6ffgj2RyvkACl-7a%?Ox&@e=wH1eiq^l(fhUD*$ z9)(TNaWxCEld~Mlsle%;J zmc6~b{{aaS0`6O&VEd^n=Q^d?g}fv*G~?ShpXO#^=e-U()oL4tl9Cd5!`%$WsfJ5x zbOUd5f#75JurO?Z7YrrN?co&uVPR;G&v(JX{ey$h0O5kNq}KIk1%w@&t;tjK7RD{- zLO1615MF%@Xdc4MV++O+2FUwVyFR$6h}9c*$pO=lfN~BA$zq`u69(2^Ph|?9=1N>s zL$==1fb8T26Ts;)SN(Zi$J8{$uq%dwf#D9QEhj4(VTd6YyQfc|!f12akIs&_u@M%w zwm|GSS>3Lj;c~M;sdo1EA{pL7r~t_H7}hL|h4`i8^EcAcRl{*#zfwkYP5^V$H8e!w zPsIktOie@cBIkVo)ux@ut5>fU8%3r19t>Lj&xN6J8C3&|iFOqQ99&vn=I-6QIz~pr z6veA+YgUGx&}aY~yiqzvYMcms8>|`>O#Am8d{Ll1fIg8bm7J&I_7*IZ*mgUtYB6V|RZ)4$NA1PR^Ve$9h=B59SvR4h}bK1E#C{-#b;+ zo4EU3CKXjSRkh{vu;6VdX#>bU znTEm7&(8&n0U{Lt=^|c4A51Y7KR+1<2M4IzEV~O~0vzhT0LzSD!UgxME= zc9#P)eWINHrv2Qs)g_#Z2S4ad;{LPv^4`6B5qEll*+zW%a$8EO3oGDexI8>OldL}w z3DTy;<>jqFUlW2~8|dnKKwk_#`yF?6LRf0xPQ{!*^KZ0?ogItf96TVLe&yxmqYD^A zWw*sYsR1y34MA79K5TSU72W5zvJ1IF)*B>!4B$r}_fo2=xDozu5V6tGH2dvu4p7Ic!~(Q#)lN zY6bH<8j>tYu;yb5idP13D3OhFIpO~9zu?fRjj_JghLnB@wj8@+as z*;q%%eE`b8f>`RI^}inuXl;G`=NNzg{slFY17hC|t=6cr@=0{5vXqo|f}S*S9HtMC zwx)tW?R*Sk1Zd>fbf1#}FE7Be*8_XGr|bF?w$5AqmjGdFr&cd9@` z&wR3g8~;c#5Bz$$FSTv(n-m59-So^%?+5HgIwJ*|qxCMlaO>UF>kGeid=pqx5S2CR z9FoO7J|oaD_A0mb`DgmwtAOy zi^DY~=d06YjqzmQ)xUrLzL_FW=|Iuao&Duue>`P}i;wROj`%~Z6cs9hh!DT}`mkwe zXyV`@=jZ2(OvawwM2MaY&gajCfpx=Ya1AsNJ>wD+^+AG#eARTL9^R;0aHL0Gq2;MY zr8`{l0`v)0I2v*5)~(9BL2!EjmN%{plH8m5-Ti|DVUQR{0!XuK;@vJziihrs!>UM2 zPxk<#K|xC^Y9Qzt)8F6!3#4F6;In*=2k7iZ-8aGvToH$qGz8Gk!rI?F%8?-OOvog{ zJexA`zS}Tz0YV9<1Wt1@SiWqQ^TP0F_P5VH)e?g{A3uF+ByNH@k3&G<6BkDeQVBM! zO~kLmHtx@B_yrnOl+R8?gpg4&+<_cGn;)O2n$?KxJl2)9wcnGINm4yhQc_KJGcJBN z+5yk!yMRPA)Ozkh00DxeH za0c|eH{WihpJHiitGBKoKi?3-BP_UJ^`pZP?NSJ4R)sHt<5PG@NlM0rgkT1RhAvGv zz z1Cc60LPljpyaB$J|E?^Mq<;TjS1jndZ{Hf-+?$axh)tQZb_rNKvwTcVO-(ya8>GYT z(a|_09oQMz@WSSw^&N2riDUop&=5f28#%cMZXTWz=z;-+6nLXPLw=z*jI`ER4{cv>HJG45BSgRO&ugKx|uDJjXs${J3h70uQP6Q`QW?-B=Gg@jcH z(bdyKP?LOd;hY6rxWvrCfg4D$F=X+{63Amlz!J=+Yde_F5B|u+L%jMkIH(6I6;y7w z+{^}vRYLJ~a@S$g8i(!ap5cvqDJm&d?Nf4b#oeIyWvk1biNo8skpA@d&(^cIUU6#J zSXq^{8-oXR+yEj|W{t{l7;Z6);6@bz9WV~kF5ve0f;(WHF(pMs10Zgb4otnl57|6Bl!Gyn={do z8V9}E7In+tB|?z{vDIO|@HYSOeDo1${=jwuqR=_SH2j<;GB?Gf#3$YY6$hy%;pa1P z9ciO4vbXbK$kwCwEBjpKBH%9tb^pu7i7`7L#R$cAksi8gb~u6H$;!)8L` zhm=q22M6V|^YVf&T{B%cBYUOPj`F{Ly#?rs(hD8*+#UN`+KC@IIUY$#8hK%{nJz&4 zJYoGdTc^>CBy*YWl3pvw(%HO5KShf;YTNy+%#W~evoF+czyfcG_g#v%$@qhNPPvJy zI*1wggOdnm#cf?Qi)OuCnb0s2B8v0JOKiU;KGpxjTuwR77b1J`8g??PeP`+*aw@fE^+%IJqiFZJZ4Vio%JF zvC^tjCfLCBI=k6}zS)iC!Jx^w>D>7LafkQjZvPK9j=Qgs)y>6o;|Z3f5b#Gr - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NULL - - NULL - - - - - NULL - - - - - prev - - next - lws_dll - - - - - prev - - next - lws_dll2 - - - - - head - lws_dll2_owner - - - count - - - - prev - - - - next - lws_dll2 - NULL - - - - - - owner - - owner - - - - - - - - tail - - - - - - - - prev - - next - lws_dll - - - - - - next - lws_dll - prev - - - - - - (head) - (tail) - - - - diff --git a/doc-assets/lws_sequencer.svg b/doc-assets/lws_sequencer.svg deleted file mode 100644 index c846ae9..0000000 --- a/doc-assets/lws_sequencer.svg +++ /dev/null @@ -1,955 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/doc-assets/lws_struct-overview.svg b/doc-assets/lws_struct-overview.svg deleted file mode 100644 index ba618c9..0000000 --- a/doc-assets/lws_struct-overview.svg +++ /dev/null @@ -1,62 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - sqlite - - C structs - - - - JSON - transit - storage - processing - - - - - - - - - - - - - - - - - - - - lws_struct - - diff --git a/doc-assets/lwsac.svg b/doc-assets/lwsac.svg deleted file mode 100644 index 1a8ba87..0000000 --- a/doc-assets/lwsac.svg +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - - - - - - - - - - - struct lwsac - allocated area - - - struct lwsac *head - nextheadcurr - - ofsalloc_size - - - - - - - - - - ptr aligned - - struct lwsac - allocated area - - - struct lwsac *head - nextheadcurr - - ofsalloc_size - - - - - - - lwsac_use area - - - - ptr aligned - alignment padding - - - lwsac_use area - ptr aligned - alignment padding - - - - - ptr aligned - - struct lwsac - allocated area - - - - - struct lwsac *head - nextheadcurr - - ofsalloc_size - - - - - - - lwsac_use area - - - - alignment padding - - - lwsac_use area - ptr aligned - alignment padding - - - - struct lwsac - allocated area - - nextheadcurr - ofsalloc_size - - - - - - - - - - - lwsac_use area - ptr aligned - alignment padding - - - - - NULL - - NULL - - NULL - - - - empty, generic lwsac - lwsac with 2 "uses" - lwsac with 2 "uses", 3rd requires a new one - - - diff --git a/doc-assets/threadpool-states.svg b/doc-assets/threadpool-states.svg deleted file mode 100644 index 024c03f..0000000 --- a/doc-assets/threadpool-states.svg +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - - - - - queued - - running - - finished - - stopped - - stopping - - - - - - - - - threadpoolworkerthreadtakestask - workerproducesa bufferof output - - - nothingmoreto do - buffersent onand moreto do - problemssending - - - sync - - - free task - - - - sync - worker thread context - lws service thread context - - - wait untilthe lwsservicethreadknows thetask is done - - - - newwsi onmount - - protocol_HTTPcallback - - - enqueue threadpool task - - - - protocolWRITEABLE - cancel service - - - - - protocolWRITEABLE - cancel service - - - - - lws_threadpool_task_sync - lws_threadpool_task_status_wsi - move to"done queue"idlingworker thread - - - - wsi hasunexpect-edly gone - write thebuffer onthe wsi - acknowledgethe task hasended - Threadpool - - - - - - - synchronization with the lws service thread(syncs to the correct service thread for the wsi) - - diff --git a/doc-assets/threadpool.svg b/doc-assets/threadpool.svg deleted file mode 100644 index 08a4f6a..0000000 --- a/doc-assets/threadpool.svg +++ /dev/null @@ -1,2 +0,0 @@ - -Worker threadsTask queueDone queueSYNCLWSServiceThreadreapAll communication with tasks happensin lws service thread context, via theWRITEABLE callbacktasktasktasktasktasktasktasktasktaskwsi (may be detached)task function pointercleanup function pointeruser private pointerThreadpoolenqueue diff --git a/doc-assets/wss2.png b/doc-assets/wss2.png deleted file mode 100644 index 2aa773477af0cfaa0a86e4b07025430de8304ce5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 39101 zcmX_o1z1(V+AbnUcZ2k%k?sZoNfik}>F(~7?(P;)knZm8?k)l8?z+P{_x$S-W9w$k zo;CA*Z;ip9KYl<#Bt(RQfna`I%V{ZykqQN0sUDhV>rg|5~&7Aik<877zaD{k*& zw4^o-i)F^Tv~HJEfe1F?t&Q%|E<(fl2Uwx!PGf7N-2J4{J|b&QWJ_b2n{2E|zFuA1+9YYdy;x#3@eb z?)xAGh2z_(k61Q?TK&LyVZ|j=8_mOw+*o+Inj0^JQ#i6fIrWVa?*dhCTYI zaDC`r#Q#mOJAq$YqcypN*ZpF2{VO{=oe4-1%PYyqfQpKX%-+|UR^MPQ-?ZMlkIlS! z_pZ#2#(Wtu)8h>%XP`TutR4Fnnt;fP4=l&yju&PI+t$gVx%FpcZv*X@%i52p#`5=p zQ)_3r!C)5Y-_tgKypDr;>lrl@1uEi=vldNeWL(+l6;x7psM1zct7h1&G10;btJRN} z7PaFx%MMjbZpcxVIK*#5Ilc;x9E9`a7%e;<&} znr36d_^hTZ_!w|_U-f$0R-fJ!7oQBVn+#5u*I>^dny_9!oSO{Jgfe$jnP|E9jif8B z+GCYC>_=EEwn+ZpIzf-(2+#gNYS5+Oq+??Fw9&zC)Y0KzWkITitOv z+j)0cW=|)V&Znx&C|XvJmY^hiLbBr-mXqpy3?17n@z1W3y%k9 z=N)3zW^o?ZWMI7nsF)5J?2 z+m{`kXq|bP9aM>LTYHF^Dv)beGcsJ9dkB0J$2sUdPmu%)Rftz>9z%6t>WRRPL-x+4 zM!4MzezOn+yC^N*FcuSxwanll#6#7ehy@o~+pP(9Md#T7K)B6NdWg=nF`1ED+^q!YWy~LP zl)&<=IQPf;2~-~&8EuV)Tsi> zR3iv{xx9pQ4;rP;s*~bi2ENLDe+5sDbvv$_ou3(fxwwitXJuiUy^+}Z>j=#YAN|t| zLkY>>Pg8x3qHlEW_JSEI4L1%>keNcYf|f0NO{;a;F8gyRr{T1Sys7-i2*WYqVN}a? zVV9See|@0~KqDRTL%`}A9PBi$CKMZNTQdtoCv3?LuR6ZH5$En+rU55WD3ry1nDOU03hB(L#9`Xhxjp*w8iwW4yk_E>Mm{CU#Yg3L(lCsf+lYIk1V z<0jwZib1xT>u)7u6n>^ph;&rOkCq|y(vQ4nCxOh9_)bd_IVI0A-9E|Z)(pY-I(d&m{ z9c*h&(gvNOz{4BrR<9H2>lLKtl8V>55w0l2V(?<*qMtswT5~1CXqE;H&s=YiL?S(S z2K5@eMMa5(8`>63-A z11x>`AESBb;YkXyY!wtN$;t;2*qWswi|Lk;V=$gxK?@7tDk>}UpNFmRJvveP!o!ni zbMpdUDq(Z$opO((vhsM>*I8HCpZU;UwV59GSL=?A{r&yzhfil7cZqna1qEjplb;+G+LM;cN40NnT+=9RX65`(dP@C)ngK@Z-ztBx$Oh-(j;yict2ud zU{;$ad;j*UJk}L|r_ywu`KVDGJ~?t?*BLH7FmP8yMe0fBd`E|NS{KI8(C&+NIX11c z9-mm;)JU6nw>%FKqb|z8c7fHQmOI)``0ktL)Di+g*xQq9IxXnvsI{A`@09&B8PFZy zk&2h)s>D4zY-Y65^aw30!bq4`Ss5!rCemd{d2!O|ygfvKesScn{|>awwzv^c+s3KoR5M?CH$;%5g z=8$1ap4uEl##_fLvsx7rdb-j3lHXGMC2_FZVOFCzKQBW@Q4wn=-H9Y$DFjc;J$h8= zKFn@}H_*q&r&H)FeSCIJO@b7pBaDDO!jK!_k_gsv5u#n1ruNxrMU~@Ux{8l${5!+G zfh2_Xv)UUJ*q>FOW>}!;1K@79sRZRR(pK=05pkI>&NdVc#C>rw$0b`_6le?#c3mkj z!t+QNbmtd;|Dj7Bv?`(^QM{S=+AiBz9tb-ZcSm&dP-$2sPV?*$8sTpZ?2&XnsnuM0 zGQt@Dyc#2L`XhNp1h=?a4Y@Re#Y%H^NJ?2bxOWp0E3KqVWwV`Z%)RXQFvL!<6AQXq z>r?#Q>hlv)sezYLrdU&tkNynH*Iw40!&Xb^jqk;OEU4oK;By7SZ>VV?fvDrrm0$Y& zZN8vz1)&|b#MCt{cuvdq49Z8q}wL^9>LcJ!8sci(H)&TrY6;ua4Ld%_6J=gPcq&v(E? z?|lC9#Rna_b@dZ1HXp@Hy?l#`^#E!Uz?3vpt?QKWG4TEqo3ZFVqeATE?!mFfEblz|8jHj!sL2r88XSD&Gymq~Ley9A zuOEJ<&uW(MZ48*o+6?@Ig7qgfMSSoK?wCNwqJ9&F6D)y5T;$9gXx!&xK7r3mEuvt9 zNKW?Fr-qCDtJWr5kt@+;e&bXaHdg-glNF;?(<`_-*~&zw?iw?^^1VG@O{6T*19tx9 z)^`&5$T644#YyKAJ7W|+ZHoR~LIWL-$C-KsVQbIIR1`c)BB^a`^O0LksA7>{MaKBV zd09qRLa&cV8lDT|lzdU7p~;cPAitJ)B0|5PEMa%0t(H1QJKmDKvw`hh^udAexF@AZ z@IsCzhlWRkD}?q4Oq# zJJ)Z{EZA9CZe%bb?GLZj@ZFb_PS0qPHhjBQ;^W(8nZ0kva^|QI5E1WsC^)GwP*b78 zk1X3i3@)4Ba(q}l-mk(!$b(g($YOo=7kGGuMaFtRK%FaBeNw39e4U6J7uR#s?OPp2 zloulfpOT`_p{%>){8^EWzt&)KJcXpwHiY6KGn31DTaA?ig^v$rv4%H^m9kRUS0;E# zy{q|}f*9S-AN}uW=BLe3FV8VEa!lxA`8TbwikgUaq9H4=`k2FnDa?n%mB@I;6=9e5 zq!cA&x>2gJaMU=HHzaXIkL8n;IjZy=MT)*6QA&-l)g!MAan6HiZB_30t1>Vs<`cwV z3?LF~b-#$rp{u1SYJ^h%eW&U(aBwaatdaJOENqLRmsuZ>B_n)qUUF+YZ;6Ef{{cO- z=(YTNbzwM@3n_@5Vd5Lbta0PGloUeAh_}Jnv`zO%jqv2ObaXlszohli$|WbuMJ73F z02~$|F#<2$6~QVi=NA`K;f5+GD2S@4;6j}`r)_T=Qbfc5{{6eRy7)t=v%tvFawFKk zP;-ZlV0YO0e0Q)vy>+jus`}@_$jJDstn4I6_Z~R{&6M6VJ5}2nns#+bWW6N8n_r(m z(;XwCEp`2pKBqC%KFdB+WjcDFYzi#HN^t`! zxy%(BThswGuO!W=W)_sb~HR(fNzvJm2+zko>F zNaYjC7~}_Y%i8q3DgszNkuyCu=BL_BqJ&bC`Fc~5{L*c)Z1M25&lF}b%wQt(PQrJ~^~KdEF0d!wD_~Q9 z${12JO7|Z&yvIxz5QyoAfXdHUTwE-0)w_iFrG0{<6yD|VU8x+`9 zhNm0dQ?s*nm(yR_J?<_xXJ&FFK7EQ@G5S$a!S=M@`m_&IyZ5icY?evW?U1uMGEvi& z4)m2%*35^oi3#q{NpjR@=jW|Is{o=R;{DBbJACPTbiV4000!eQ=O7c~H;-J>gfDoX z)&N^r$j}}*_||+i?Y){Zd?lrXMtGulmv|(aE^B)sQiaK?(JOMBab zB4JuM$kk!xN$={G%|5YbuKXw6>Wg5iO6hD}@u;G=+=A(j->w>5HpT@uP90lpN&=?o ziB}dTNzmM{8&B4JlV{%%b^}^@IIDT@A6WRxUq2S7KVFL)@y+mFAW zS?l%Zo}H1s7$?dtR$yun*h1b_j)y3U%EC*jqU&Jgp3%;%(C#FU%zhJ^C7@M-<5-oJze-!uXeHiqys6L(+oET5}lYB z*sV)oU7{CUP+-2=lHTlgoqbjLFTY?QL(uI{Y3Zo38%4DC@k;Z-T>0zg&x*mHY%zoV zz|*tlargOdf3XXmaBl=L2L}ffi@`u#STJsHNbAEE^WC$*zyHG;oG{P!4hPFk0h{ij zrFzTQkHb@4=4B^!`5BBEhJK&4C3x`QetltU|B;+Rh!nbV79%qtC&=m79i6RXgxiI) zu&7*PE?sWxLb4teT=W3HdTR+48{^2U`CLrPuwrGj7yvEy3dxF@_IGvnNcifh%_$YR zKt@$r6y#=G!gI!RW3AI^7@|v!+oCemBFXMhdsBCs%kptY$B?>pzr_B>^D7dXW4B{s zCGFrJ1P+<6AyQMx@J+i@*WI&*VODUv^@Xo>n@8@&~ zzDh91z51_#im;6@32=t#umvH`TNcKq0hgH+Q`k$+C}E`G`sJS$6xz#lI*rZD2I1F` z0y`PiD*QkJv}`(+G#pNGXmWe-S1nfA9!mCIJ@C^)B}dv4ADswrjj$bU_jjU zpvy*u`Rhvsfe8aj(9bnVxjn_w6PG8cdeYU z2G>U6L69SVE(S)L5eoLqhtya}?cmEya!ps9(_IxQ>U+ncdu+m#wHg;G6qIyKnl-_QY~;1N(Ii7phE(v|2N|UJa5!FcG+{R)*|G1wVjprkM9p z5LHl+W5|$wC(}zvEQmQ>ex|K$?Qgg4rx*>)w!M&88QMQ|RPX8p6w+2`TYAhlbdU_) ze2ONZ(ot5Jc!AHjGt z@wYJf6LV_1HoViv3#dQchIdRASzzXqqfUAp#)gGGREkt^c{-NxYb-uk+E~wI?jqo% z?uet?wPOhBN;c~0@88w``-f#zNKM+UGQ38TJ5oStr0CofpM9G}kaJd(Uqn00MBnR% z+*_8J_yYYMy%gtb1=!y#J^}(i&1j2zeQ>MDh6oer5$ZGJ>8FdyuNtED%OXNpr|#aH zCgM~ths2Re41^o~tqGa+3HlXlNF~GwssAQB`Vl!f`V+!NLq75TA2|glMjkqtgcCS) ztCmHY5=kX;jT4lh?w^JNI4`&f-YXOU}q&{#Y!RG~yWqqeZ4 zQHSqzATjITo^6>g^PN~w#mkgiEOI?PUAMkY27nXUvp4>U)-zOM^goZkVrstX*EY-(e?oZml8yFbK zrEnmWaz8qo7#nMM2B3&jU_j-{r}q3C&$$fznQLP2;85;(_zheqx9)uvaymNXdOcw} zLrJVW=_9XG1)<1c8l8>}!8eKD0*WRnkW_u^6b1*x*nGE#wNxXK{DuwZ?j6D&= z{Bun%?BGUzojTYO?d#T2nVFwlTzEHoBS|k7&?MNB_3y6^0j2i`RS;Vu3k=j`GS_B+ zE>9ok#wK_fBM{pjfEU^ZUv57t$&!GkF`=!UPU55AZKIJ|@KGNJ z_Vn15f`h2Erc!iqHBo77=U#azTQBtF(;4wA=ZmZ`Xo9Zts@^BQ&o87)l)iD-Ob&Cj3F z#rqrto_ZDG@7{6Dy4{?-5AMuRw4YYqrSd^#`BFDq?3)FnB1JJymM1Ya1b^hB(cr+= z)bY{Y8%2)LHX;GTj&$)ic{dK^JL2NM_EbukppQhRfyC!?mT_rAMq0XATW%pq(P zKg<=QD`QpZl^A1{i*j=M67*V+PWs8qYNp5>r*pff`!J+dTi>NSiYjL{V`aFbmai+S ze(|^8uYL2D*`;zV`<%RbHD-Dofisix>Dr`j(@=)`(^>$L<=SlP)8!9Q_zBz#AM@uv+zYCw@;&P5msOU$@3DoE`vgs5>9w&o3&P zl9-wJEem#&NDM?WoUj`R5Y~L@K=@KAQST3BZh>$6qmXmr+T76g4QN59 zIQvS3;sOF(q7`UwT|$sL9I$w}-MIS5l!$tIA`rFGj|X(LY%or>1nJ*jXhVPp5t_vB z#Pl-!?MJN7e&`%rTxSQBqiiM<5I#OW=iT3lFI7l)*LwrJN{x+pI>1m`X21Id{3Uoo zcaIK(?`ltu8jmaNc0Tq*l0L^{tKzz0=5fmmSy7JdNh;qqIR1 zSetFX>(Dy$3fb4RhT+b0;y;JOhp~FM!pZ!^|4d5v?aUo#V9!lp6t`T(MNMu(jS@-O+k}PLJ3zB@j+8HO567}xLXMYqh`igLbHh;Ls2Yqep$d%?u zSfm?|5uYghQ>Re&(A`CHIe9X&L=4ObI)BAaei3a{Y}lIZUbW& zos;!`JTAts1$}rm7Q8%`t%3_H@q!WGAiAVaW|aF0WEC3kD-iYbL~LZW==ty0t-ruC zUU9WQi5QvmVEFA@^4MBJ7zZM*hgzJBe! zIo$-T|D~&zJWg7hfvRs|F@4`^Fo>Iyk|G7c1nPjsKjV}hP$h0AGoQrG%otK~$)#h2 zkSYobLqV7P_We63GE3H-DDS_mgI?==(hg^0YC14Sg6I#pYmaWZ^{j@|x@|o?*pr$~ zNmQ~4|5U11s&jxC0o(}~Us3QK*r`!2n68?gPjx*eM2;gFNg}b3-GMV+*V1B(z)OgJO z3J3kl5B)_e{Ho;<9}w`y4;@V1+1XhXM7njSp`igaUpT4-Po+q;{d`mytqp~HsqJrn zEQZ)W=tr;TYcD#W$^cq%_st|&+~?}b5e(PO#ymB;~uHYnU~0x8VQW6p@%jVGE^KMvmBNC6EgXKR%2rC5tN=-p~r;Y0i8U z6>TU5wn%R*E^)A`D{ad`fkzl&x|qUUNpIxQaCQZKS648GtzA~m`}M8F`zC0nuQ3M) zJnKO{vdj%8X3EKIoFX>mWQ6{(&x{cC1EM_!hFIh+$9plbUC7Gh1O<8a_H}OBHokSq znU)eMsz58+XsyV;Ls$^vhZ$0(*Xt`8TD!fuvQJAeu}7OgA69ZBn?}ZjRxJ06nRIG3 zvGM-nBr4X<#}wq?7gEGe6%kpsxAhlYwc3q5jfC-cKUSOW$IwEQRG`|uzuT^t+LWZ^ zGMD*Y{{}-9sw-w}=2i3sQJMX%zf>%ZPru)!?)uDkD=K{CGa&S!xjF;fceytWwdA;H z;cDs^8x4ei0AQ2ZjZgv2={D!eDWLD}?p|_Q^kd-*N^Uf3g?(EogqHw>w4eYwo)+fH> zmU|{|kstm@cwaO$hP&~!1peF?&&pr7y+-@2u0FIqoa%D7n|E1sXEsx$1Bh6f(~3(~ zb@lEb#w&G~t$1~tZk)e=|Nb-~1Pu@9>}96Y^vnJ;3>kP#>QX#!XNsLclYZA3h-L&j zd(+)sA&{>omzRgZ@Q3PbHZR(r9^KN z(t5u8I#Z${%a$yjVDM7V?6%^+#>B@}KP=2cb2rSm(z z^vxG33{;id`_<=>zGzB1z$ieMW(7NP^7szutN<~Elb~hm*p|QESIDC5$ z24&sl%y$BQM@FFQ$Wfb^o9iDgR0pPQWC2SiQs^!yBZI`U@sMkKBt3L+ODqQRk#`GQ zNqNg3PjfApCPN#{R09sunE&l=Ugk(`%jLTz%i0#J>!anOZ`C0Hr-M)2e=uKJzIX_w zq^yjA{Kf^ecGUcE8p;^P&qMSn^v7uWqBB?|$f26VeDf!EIFd>_UQ6lnm zethZTueszBu$ipl#Jj|tDg%|4{E9$}!OrMFk0yZ&s)9nie=GjzC}$Y&?76@;-9nS7 zKNQC3+nwHK{s|LB)n>~t8sgnLEzf8ykpLT_OjXDu^=H!GRis5lTITycM2&Jmk7jPY zEdz%pFPlgj7lxnh^>2$2n1~|$bO+5Zbjdk_EVx!ygk|!T$-BIEQwsUQ@5=6A(&iI% zK@!1m^y983Y$=|AM=k%#28&&(bX4r5QS;ryIsSPje&lrShP`Rhu#f(i?7~U8<81f5 zG)$wjI9kp{{grQP+m)QWb?WrEg>#weQ!?hQ{tS(fAy~Y(Iww!{I~}E7g4&gKvn8*f zWq*n6NB!)K5XdJ|lupxBNZk9Zz)v*>VN@oJ$zjHoG5&cdN2606LF}5)v``#nUj2jH zTRlo-Z}zu%Y{+(^=nsdu0DEZV5dgb4f~%4-ewIO*Jfr-1Z0(Ke34_zHJH}X=PunSGCGD2AlzwFR z$X^r{-)m^3XK;GmUF`by&?1oEtfP7L6{%ISB+I=luV8WKjbIw6xke{uz^-*cE4urp z&)GdObQks)lxV;CxkY2dg?iG-z+n)Nm;2)ISyjpn#j@W6$2J z!$m+1fcoqSx|$tW>3a-tFwn06o5JfCMd3-8T5C{yJ;9aRvWZv3fJBUGuewvhp+(`Go`^8)YwmH=L;VVt3M}arv$u zyaV)YPOIii+!sNizTTy+Xzt;`ovHpW=5qR?EMVkr*GC3tfBVBog@q{d(t9`88}>^! zw-U8R%9K2(qg=xkH_&1IV8}Cx<>ec9H=^w`Al*gLOQercGW1sw5R>V#V=TuOrDY=M7!zfVP^pkk5gA10W}W;rpAik=$s9LnL<2G zYjgy)AitmYKOFj~)L0B-B2z7`47=d{y#(UB6Gkgeofc1=*rC2^hQU48`TF=!rg`%j z3_KBWO`h#6RT_yX09lFS$FBieO_s!qOS<{&pLhCx?Ed*2=>k=W;&zC96K}8=Zy+o; z>{9zR+0{Hz=h=O?<;Zw?6)S$Y(dcRjj0T8Oy+VQ`pVQt#51LA^Mi;!v_4JKf4pFUv zE`PN9hd{RMe)v-sH|U6@>tPl>G;ue9Wk8mEF(_%`ZOoL=uo0^?X@fhBMrMBAA6rAt1mM^}SmewZ# z{J^uOA`EA9InxI)Z-2HlucQPubF{ZaqmgaH6=*BDaP-Fu)eMw}5~cfviJJS0%k1K7rWI!vy7jmy7 z!Czgy11p`q$R6ZaUWBPa&UZ6F-2we92Z$}7Y5mZB0Gix5?3;C}jJZ2+_8%XBT2y8-N$v67!=rfxS6Lab zbh3CEl!m5Qh_oxI8-`dENU8L0lB2_yIUQ?y-Y>46CAL2J4-CkF4gAv3j50m0ez=*@ zy1Kf)IJHxXpQwa|y+qvKi;BL2g@v`Zw;!9EOCm3WNOx?WBGWfDHZ}ssBQ7p(?bP|r z)c0@SLV7p*trtDx(Z$5%rTanx%!TZu|6F2G9E{E_YYoE7i^=}ZbgL-x?(!6!IWCI} z)0cru++VC}k%7TXiMpd-(UOais{M+gp9o`(7jSoVSlgG(Xu6P+;O&VH`u7fvEW}Q_GoW%Q8#w@#PkX13)hwg%@pK( z6hDRAJi#WH3v;D*{Y_3k*oW6)Ga0&fjO!3%>*{#78j&MKq}I%rc-O$#AjXpjgt{Y#@LAgJexy~mJMnKQ~!qU&_atC z{}lK%G=vRDEPNxgV+%Wo>uX>NxepyltjM+2 zF{r(7U7I)RDHCeOlZNh(zFoA*fW4yIeejiW-0Qn{!{*_IN$8)tE{5wg@n@8lx_%_> z^7RUk!rr|~jbak8YFj3Mc-1AmD$-QXqv!FS_1VFCPUq;i)T3d!bd0#8BbO5h41(pP z-R>ir8YlDH*wnOR=R7?QdT`6uKo#*WHZwCan-;(}a=$U(#JrE`12e_n0aH==4I)Bh zf^KCM6)}QtS7T#iB4DrZI~`5IssMR?dV2cq_72HgoT42xo|5lXuDh*r3T|%qQ3w*} z=jZHxl2+)Ii-$9tQ9!~G6chw&#QLay=cOG19T$KsaSBl~bZww!GHNtnODH6<>b*e| zx*>CHOxI^ij$Q|t2+exOMIZxNbbMiH}ZYI7O1@E%jT}$%Tc1g=(|Qd9T)+ zZf4YmFF$fkfN}*!sHUdoizuj;aEV{4nP|%#k{uNv|GQEC4hzvgNSvZhy+jnYh;a}= zWG@3)T<9-0STPW5=j>foNVE&_K?ZGz8s&tYv2Jbcil*!9k^Aoj6PcW!$rY1{7o;Fc z1oE-)RgEXL4R3;K_4U`BsQmm0xwHD<-=F?`o}! znRIC-6e2p!(jLm3S3F)3mXTLb8rBug-FrLJRJA*9PLib9STNA_$&>o?G?U-SZV#mz zE^SDge$3^301ghD(^CHF^5UcMHxXtA>7TTO+xCBl6Om3xxGjIQRaDp5{%niUk9teS z|3)ZPA4!|w!C&l4Tb$d;PO>>h-}@=@@1ivsJcY_$9}&H&9v2OE)%+T-ehQwTpZT_m z&@+gVXd*n{2a-o(WwC5bJ59_l>7Ck}&)kfcIgwU5kde4?S>QBY$v{4=zLtrBfITPhubl z@{gn*uZp};-aFk%*O+xG?(qM#BdOdBq+WR$o*V;-IC)=2p7xJ4Z0NgS-HFeNyKddvAy|NyG;a6m5=Oa>whD>M3)v}H|p)D>UO#NzV zE$$W3=0r(r%4#t0LW)>vDA`3|u`W}d9ol}K&X)WbPZiwa6#BY1=k>tAgeSSvNyP`b zZV?Pq6ARcL;`F=cZcwgNF0KEPu6SSF2WGWk9MZIkJ{?!}5e~J``2F|{b2`%)l&C2i z$`DAr+fx`_(turV_~oia-qu!C`QI;l1rm+_j0_x>-dewQU#)SDwqy5KS3&mpxk}wcq1--N{0EOt{x6e__z2(!x zj`02wbLy}p7(c(`0hD%E5XOtMuML3cYZ$50D2`+~f}J=6H9VPS_Dj^NC*zcW&h@nz zS*G;~S!NKi1hG?~>@!3PUg5i49f(eH0D3!LYel-Xm5ktt2ITS0Q)l3E0X5Cm)|Txm z?+YDx2Zq?&s*)#tBcn~nMj)oqU?WC@EUOJMP_bGzpcyRM&uU#+_#0@8jv!MwIC99hTD+`WwtZzqwstPOk~DZgUEv*gY@Bmc)e+po=YPd`JhFdR{8JFK zULlZD=idHmkwW>l*Ue{Mf#&h;1hL57n2VAkCi2<6vM%eAH{`9r@;d8>x5gOLrR~AS z!{p5Q9tY9XVWJH?j2rn|Mb$OQOrDXP$>av**!UO~`#wXiOPBS<<^p16S(QYNg3#SRN`TLR zWi|`9s#&|(6^!LwHT|chCBs<&NK~)3wzjZwaY29bV;lqm{odr0f!a$MBM=?MqLv$5 z7H!v#+8Rs*M_))l+liL)v*rl{=>nh}0PL0UTQ+g8!-$2%^F~K-`o&jdqb7H5)}&`( zU`>|0dGzG6TMS!lz``6Lz{AJ2D$L_{tC7y@y%APr{E%c=o>Q);x7U z_u+ZGm~?2bbU8N!>t0AuC%4BM>hyJMgjSDVf5(V=FK(~?960>O&Sa;YxtxPG=_j$sBYF?*d=Sx-+P zAYQ$c%H>8UBUNZl`OQu=;jW$Y==5~?ZZfO3_X^6&5@1shahYoanWO<0eFC5mBwY93 zub13{-6kEQ5ycx#=&2~a z3)ZZ5uYIxCoCVQ)($VG-Sj7k!nnYv`oZ{K60Skf`w-KB){;-93w^MY+PM$=keX(P8 zXoq=dWWpzkzY0RC?7jt6eLs0b!+1_Y%d-BauHi^NktREd@WE}L@7bI~LQ>$Ak>lun z(+MI(@no5ZeaZi^7)^@`TS5oW769JjKve_%Q;Isa>G5h2#FupKkWrUCkT4HW@$J z2xYDSk}e2AN*fqZ0i#bmN1?`iKD+jN3`CHjb#QB=VvtD>sHyHxw>#jrxXhYE;MOl_ z1GIMzZtnd-%ygR`f;8~e@S_PFa#C${EGC(21tWP87=b{K575Ez@UXq3LsoM z;(Jk$U|=Ddnwh=CF-aorfKR8NrU&BlfNw$V*42U}CtBj51o#%}@hu1kyi_PC@YwW# z`yc?I597D0prs{s4Jl6WW{~H{itN2zxo$}$|AE#6Y}}XZzzgEX%8ek5&yaiuHREK2 z{}`xRY`TA23Ltuh4OgzacRpc|p zlS*mB4MUmB=(9ola@RM;adV?by4vV*;($6TFgX}`Of+(Hn!NKcs72^}+KnsL?tOGp zzNy}HsiGyIUm66Ar?VBe^rlNg{!}j5liQdEc`*eDJ^f*trz;ots(Qy%zS`gIl-4wf zLBSh`iVtjyMco|GvJL-SbywG>)uY~zTuLN`vK8+idRaowg1y?37?Tas@{ANOHe2vG z$VEa6AcPx!LVM&@6{%er_}|12D|P8G6A+0a=$I;Yu(k6mvg#sMC+ukA+n}RbZQgui zOc?2CaUxxK?IrTG`z%Vxii{CXp5T?{_zdf#T}z(sg*q{vNWO*QUe>ph5lnrIr*;_* zl7_GJKIA5@--ZC5HhQw&`BL1~nq4`8D1ES48+o``3z~Wz*m!V5O%drKW~19+FIWr~pm{ z6f(6M^W=<7gfT^0b@$WmyCHT!irOw;P9J~{VK3tGF)tPX8-R%T$lle+$ja7lM({g7 zoc3N8ojW)QWD1Dze1-#`ox{7l;gB)m&V`D3Z5qoZTb89Nm4 z&~q{jbGSqC2=3M$O5=^Kx7#6^>C{lbW@`9H0gQ9i7I)s4nB}Q! zvun|EIQL55qE+iKV7w8B+U-nl-u%LICSh#REk983Cd-#4|naaQxBc3yS7ez7tcC_yw8kw4Yl}Kj19Q@}; zI-ld)lVK}L1w3MFxjR6uHR8aJwtFF4OWF=MdGg$}O-hfCeBQ8RTFxZjI0BsaVCNJg zZyqVFXPwZCErMt=12Y~83PX`}dX#=WWUV^?wfp#iozA3PWpT{OT=?TJSXl*ZF#8`g zH8lhLr4+D%T4YnNPC)mnNQD7Zv-dHO7wHs;M$X60*B1otfTI0<5lpKlKN7L5F@$u0 zlqJu8QRT&t3!w0xvacKET zAW=8mJ8X0XgGZxSItf^xN5F;sedg0e9ySh6x#cn+z#t*npEWf{fW#cFa|`k#8%32P z&=dKjcW@%0SAYS=QpoYn>Cr@?L9oC^S7UT~7I{$?YT zj*;;#*&7-V!3L$=NYmp|`NdqK#h!R42r^U?6BA)+CcM17VZ{6@PV?~z346MKfT47M z+?ol_v0S?nuUjWY3O^-*Rm5huEeBFyYE{M<0Je|;R4oO$nEwfQ1(3jjGyhAgQxhoR z?WLZV3<->CVs37YB>daFM~Q_6US-{OAE zMU5YKyXH%h;kt)iZ6x`ru`bHno3{1wSW+MZ9vn?0xRQ+%se?@P#fZK=^k^0pZ&p}J zb^Yg(6)v^YM{%U9?-ZBuycmEPXCoBt-DAHgs8;*C4H})afs_|L3B9ylO) z<1Pfk2nhaSr(HYk@m_c_F)?f#yk3W9TAK`7w}{{b`@hRO=lWnIpa{J9w;++!eclAl z8Eq6&V_{-$9J(?|VoQK{!Oc}|t2`}s$m~qTygAR?h(Xt%;J_qUaXeo4wO+t%%x>gY zxg7<;zNjdcu2c>H7i0sFfE;%VoEGlAbD(m$UlwX@z1$T<2U}WNoTXobsF5nKR^80M0G{*5F*vk z&@kpmaYl#;wIF_bjOKOI`DYVFw{}qt94!TTLHvs5l9Gs(l@;=4c4Z}|ZmE?*d?(42 zpln(WZrGd0N_jnSjPxw;>tfxGB~7HqE&X}K2eo0M>7^z{TZw=+1m+TyW$;f<_1?3U zI5o0cg)8(DI7>4@QOWZa&nx`}J!q~UFH1Jn|j^pD&S zWM?X5uIv_q*anqCDmproq`W;>mO0-O*GLPt<&e3OKpAuuro9j5FXRhT43 zB7+zii+~|6V!yz>IhNK#Y8W}rX77*%S((09oJe)z+Aao6E_}AKFIlkoeFtR#O3o4d z(QvaWE(Dp*)|Il(0~YrOEk)5CvR?U!!yD_$F56FMc>DtC~(wM0o2pI=|ZdO z>K9FRr3K>W2cf<;TuT zDXXN<>1b2}?kh7}gykz+BC%xa^9zB`b$CnzpAzqXV9_eQ8XRWJyy4kvWj zs!*>&b&}d9oFZ0KZyYJGV|bk`>uTk(*Gn4H9?pgFqB5*nM%iW5^()|c5ITK-KV z6`eE0G3N@4!Y!puH=W(aAa|m-yIN5MYe`AiN(DIvYp0XW+u1-1(LT|JFe7GidEeOG%xn+)05|er!X*&{rq4+8hU!EkfCeU3c~Y~lCZ@^cG`-2iO%uh z@Vy{wK+loFRm)RVHSGL}CEkZf)OXI`Gz3MQVM>SmljI0-nQbtG`#8AX7@J;A&SQw7 z|NJ#2=jdq8S-i}YH5n=Jyn6}l*sIJ($QQ`nuOg07dpXd9#0humJ{H=;s^sIh$dsu_ zMP*#hC?&#S0$&S@P#YL@^#Q#ay5|cP;dgVnex`8EUByySmX#Z#uthQL>e|}LsVQ;L z_(86+sjvJQGeYQ| zr*eXCUd!gt1qo7+~9CJ4LFkH+`0JR;9!n5s>RCn-zJhSa(Rcy zNbo7?Z{E8imi|BBfV=oq?zzYTd!SY&9Shs00k5Z8Qa_3*?$A@lJxDD z|CCVjsC)V-i(Z$B`Su`5@v?UtOLc6Y0v8W0mFa0MZ@4f2EXGPq8=6uY*e>sJy5IQv z!I@5Sui(jqLzk_8%yTHnK0YlHR^B_G5%zoGE$iJ>EBBw29vk|X)3YW&XjV`jCVScy z@cjpKQ>$?5wyFz{r>9Sm%KT>T=$RPzrgonA&9oxS>cVRmQ*=-;Lyfxcdxh8HHE*8n zu@huYMut)}7Yu1SjShC09BgA`c@nVb*V$tjakS@KLrDhP8L@R?k~IIZ+=I#As0uIZ z3qzs+qzx$F%dD(}UtAdtA|2Ujo&r;BYg1KCmIz7ZQAU5%=q`O-K)i_JczwevUEpEq z)X@>XxU|1!^je^^Zv$f_@vh=faaTCZLiNUGl+bcN+>;F@zy0r?)7f#$pT7!UPx~eX z#pa8wteRnK3VJP&-6kI%9}7MxIvp6#rgsc^Aq2EQ)Uyz7U7FU>)^76JMc&xh$n^R= zT>vsr@@|Az{+gKhR<<-)Gi4w7=+Olp1_NMnuBa&v{B?(L0|j$45OM(Wa3OFu3uLGz zr$2u#w@>T%HXe$_V;X<%L31E9p~8{9&w|N(d$nh?o}{<#p(IuEcUP&m7j7>* zlRP=wr(yA_pR>I+wXCwx&Vlii%xHS(yv9et5WNr)ls~Usg^|9VE26x}m8&zX!|W zb94#;fI^GD+rH#bj%HBT&u7n{`yvbgop4!M8D5~{>Cb2oP%a*jbayRX8rIKZ^LKIp z#fg{3dF05hv`$57=^YT|=XGBKkxEHPiD?%R9**D$>Js}Y(DEH$zSKWH_Rp(61vB!I zS@gc1sXTzHB4T5eR8^@`c~W`y5{-IyH{u#%#B2=K*W=^jUR}>gID3CDv^v-%0VV;% zCN31u23;~lO6pgxNaJ(8*g^D9OimgCDua*#D)KPZ3>o#uj%g!Ww|{J>Vv}Iu7kA0u zfDzfE?;XVVb)`;ojV&#~qIKm()4jfillRWj(bKmVe(?{;LH7c2+p*)vt1Sz$P?%X- z%4dB>RdT_`=5z#?I+)^9Oh#}j;}LN*3v6s`K=YLP`3{_r^*`^8Sc{GLO6ch5s5AJ2 zTfX$g@SkG0KPADk()p}@;g6yeWxb!VP5K-=)nQSuPyXo9u(TCrXP-Iuw-PtWwFjRS zJ)C!h+Q}UB?W6j_+4y0fUx_7S=^&ZaMscDr|GSTa68*Q-ubPi=OCCFV-tD_--R(2( zuC?yvo2BCVjuU@0X%6^*+|uMuI$74Z8Pr_mo$|?NE`Z{hkDB$7B^f^|IGNsYOlk4S zp+*;tKkxX5{WZ(o8%{5!Lk%I;d}GuULEG?gazQ3;-2LMOf<(~GJ$~|}?jZTWkb1|V z;)=DBiZr-vu=K7jOdbO=*`0fn07D_>2ZGXR%8=KMA^AKfhZ1oSn4rt(JuZr|7=O;x zaGmc|m}T`q&q)Y`TUwL}r^J4~8;t<|0Wa3Uo1>{Iuc5I|=bbq;w#gf7OBli@uH}+E z1qb2jxjiB>l4y{_6A* zD?p`%4>SJt>E&$di{9Se==q+7#l_bkR-mN2AjJIq{rkAbj~T!`_))VNqYax_a2|9V zrG&BR#S4GPy)a#WN>*^KLD>48=+uBSeERa`F92kLTh&DMbjE#M3=9pBRt6~=M*we4 zt*uAyKTdyjypS!t#Kja{Z0b*WKA)O1 zIREj1%ZG`?UAeoj=R9b7CRM7~=qoMY?(z8a^1+A0w!TiIA@=TTLzD?;#}0|qKU30l zUyn5S!C&-Hj>Basw8-gccJPUPT3)KM9psFQC&Os3JjxTe$MiF(W6791_kN=6dzl*X z$Ms74uaw7!qxC5I&`)cvO*fU@XXBPs!8HX>gu#u(-b3Q!F*#2$C6@;SKgLz zrUnKgjOriY&Ir~A;|Tl#K}_!0PQ@a2L0kI(s+DhPVG;yHGg~U|T~&#{8Y^T*2lzY% z5GL+IzpxLAT|>P6==rk`r8%JK10>py?3AmTnjd?56!GbOg;w0$+@>=O>41)LRk!5;>*0eF!JoTZ-od8 zux8enpX53RW=id_fANdk+CLx~CMbaC{BC>X)JIyA`1fl;H-gUl*~ofb85#dkCW?=P zgRCAosKt%jlR_ZqZ}->~#G}B58wv*S?>BF10f*^+#{x&~C@^-Z@W}zt{YPEhvthIf zqJJnzfsd%(zb}j-oSvV5+HxFp0pH!|4^yGGofT}HWFO?{)4ZB!x#&8d3O?+N_m=e% zmC#U{fVc|hT2zl6b5=B3V$bl>V2 zb+qOT$SEner!vkj3o^+?@vHqvE{|*v{%QaA`tUEis}9pF@02?49N;;&UF1gR=#V`5I$)ZS-tt7WL)QUc%w0?zoReV&Xsf_u1 zy525`#mp=$Lj1h%ojpY49tb9{D2uDrO)e11kXif_62rD{udkTv@+sUnOQ-34goRY@ zE_H^{Ff{?Nhgh7hT)Con=~9hlVMDxRO@m76?!Kh;agR-Inyj9j&v&4ho^8^D-a0`H z5{d@PLc8TZx3=N+!t#i{<28JqQ23=>Cd=zSr+lHiyBqOE0$A^`o*fvWRJwF2?dj78 zpFUlMuom4Ig1oqtAkg@2zjmA30Ui;IC^IuNLMD%i0~PKbQt#PUhIj59cP^9QGY6&4 z!^^vsz9QZzl~Zs!Qu;+ZqC z`ll4{-!~VC;0g#1rT}u&VJbvut$uwvhQ}bqMMu~?BO~o<7@1%6J2G4d-OJ8HW?)`V zCwoBYpxh@{aqn0b_m%(&=lCh6sqG2HZY2GjjAzSkPBf`hC*EoJa{BG&6T@~hmJ+p2 z$wH&YoOy@hRZ>g)!Jf!;ZTpflS(N(gSGa#miVUm!Le?Ae!A~lBdNJe~&3|plht@Uu zmQJc1=I-;C=e)6zx@yWGV#WHd_u3UN*L^RyG5h(H_xSMHnHF8K^S%G_`ztSpilFjq z=l-zGvafyTSR#42SFo+3wNj|p>!`X*SJ2-6d!9#{1v)1h_Le~`xtq=P5hz70O0B5N zfSifX*3zR?n9b7L_!V(@65@K+k1@;6213j$Ba9V|!0SY_duO@#z$>VlVW_XaO-_Ac zYAVDf?|~z|z7)+Pu458Smm(Opcy~!v4qNLBF`u#jt>t=qBt^y#FP7`rv4HY&2_OfA zzGsxueRl(kYy=kuq$wOouU?%R9I}2?^~B5Dp7LQ(!F7xEt!Qj^4K;eGsbO>M`pLyY z1rHWnm&xsZeN*+OLL&>#D70)+&YRACD;53e)!NK8)^{9MvA+N!r)KOzxU-cija`73nQL-tQc{Y1*5TnSs41rMk1=le` znL^|--JHu^^?M#N-j9p6S?F z^!1lnbCfTC=XULBiJSVCE2nCtJzUm0;8>>qo&4+0^Xt~f<>ao>9Pg`Od+*o1*DmZ) ziL2mc1~TE@1}mC6YyNNjF7v(U;hT_Eev`w*trM{5J8M44`75NpF1kLu>UE{3$W;B0 zy@U5WZwoQ|`9A?GEg&e^3pX}F=s@bCz#xYdx8*N|<-WYluzXY;uo(%KJ#5%E`kt9Y z3YyGhxwK9=$s!IO{cb7zZ-z$$kaI}8OfXLqAc~A=pm3G}Jx$OaJUl$?sLzAyq)}WE zO2$;4k3&OY>}1$eBV%I&nv96ujM$+3Qx&14#0nS|c2|fwR?OybUg_VxP+pF}XV>`J zReQVojT_3KNYD%uNdDq)?LnvULrLzdKX0wsJ209L z2~itW1XpKQSIzp$oS%PLl}Ew#lYUf(4hsuEK|jA0VMtZJ1abu7Woo4jOZEy@d&94P z60D6!7k;+wh7+)z3t<_3!GamdwF&O7Zt`BNhnRDMxAk-lD846iYh9cR_}kI-=)!fg z-AR^$?n_fHt=aKsLO)J@uE~6Vmvjfi=Dfw(?i)I*O(ChdZ4IIox~;hbZp&`!d`ZkQ z9KLQYYiF*G$?VUcjYH3tG=zV`6#o#uo6l^4mGeaK2{0^;-Wx8mTl;!0~K_x{~NJ3Qv z9Tw;Tyt#ha6Af)o3o~B4AVYgtXTZVF9|nRRjTZFP<+JX95F`^b;ZH!z3D`qFYh`= zaHWV3P)1HGno4Kqvz`~&C6Zc=Ik8uHS3Tfu#?tc$H-xtAY+~r@sxxj?%>FkMwz!sx zi5(rEKg;Rp90Ub2KRU#RBCwGrGc|du}p9Reb#TapG>k!azX0H>2yomV1x+JB}f%H@(Uh7AFrJ zH~^Kz#KY*OBK3KZYa9wzs*(ia*Ju8f}3CFTl7#moP; zdy%s+n;}^c;&?;KGvLV5(eNZorq>%lr^Ku)g$iPM(sFBDo^S;#v$F?C?0 zggK<%=gT)v7S`3}{_&5;PP|DNx;AVs^SH)O8P5o^XE_6dkp|rCH?Ig^~`j*4$Xm!DlzH3BO2YiXU%^e(VAg98bcEDpuEF> zA*mbFVzg#$i)i{z0G2fQY+-QtAa%tPcJ?E7o2!qyx7{?F5QMS%A zr}6;GIrDvvX-`^b5^}y428gaUD5Qca4mhf)r8@IWD?kIL|B6Wrwor#%yOJ zlh=JbHo84-Z?3OQ+t^mk<=ElFiUthwFJHcFeKWH?>jHWxz+(mgE26Wj^HOa~Y)!}R z(Z#zc-eKZ9yu2|}HT+&)g2tlp51%Zi6HVnpF`u(Fh{|81VVy(UTzP$tY{-4GkL8I&cW%0@r$odp_e z`Tk}%5SbSB^Ae);>I_ZI&7(t`Q$v=G%h(4n_xc~@ONPK1D3?Q#XRE+@SJqy_o$-=K zG3`GU4$D-M8^>f1|MA#tk7@WcDR)JoX+}x$Q|f1`rFE?wx|c7VDHw%0_S0COm1Mni zV$ZW@6OZz$dX;$Iy0p% zeoT?|ONxI%Ps2ZPh-YHgGueO%jd$yvT&A=IqJz!O&4Hh>eL$6|j9>sf$JF$6QaN>N zF&6RlKQ%Q`FJ*Wi=Q}UlA(7IbBfBJTwI6*tf%hZu<($aX7peH7c7woHbcVg zMHZW6>-_DbuQ%>qDjHv!N!cU!aOO|H-Q|CF-tCtDFk#VakY&A#W%0zC!~u$t81YNY zArD&Z4b!K|50Q@iX#F$jQnR=x<5`Ep)<*P!-6V+*UX;Av#UFP%kX4GVL$PqnfO#R1 zcp^JY7mO{(HLQ+{CQX+b*}FN>{xywU%Ds8Y#Xg&Vh?`7Gf8tK@WwO?-RXxt>zJ=%f zDgB;K_0cjkKFcnrmWwn$x$nnZJN{rW!Dpz;$%I$!O7SgBS%dB^JIT4tiX|EuP9O62 zB;R5?TKA=M%Pl7U@^m&OIm;V6mp8T_9_D#{c!*YyQ_BB&^nC|%U}MOPV32F6Sl%Vw z`sc}$lwgYY*K(NO4IEIaoSGe3+D+ysEz7yrI-_*=j`65tCI71hAYqWrqsq}d$X~?b zG0l8=R}@;%y-y3d>c|B%UElxAmu@ujLz4w{mP`)s0d- z_?pI5KU%-@41GsMO6n?G6W+Jgz*YNox0&3Y5`${vH+4FdH^aP|GC^~zt8Wi}CnR*8 zGyEIbiKeR(=gAIV_kL38vy$NMw0GCg3f05+?`a)AXX_~ZYD;uXa*a^@aIbopL^?$m zK~Zlp4%|8v$bt}%=Nc?Z6HQx@-S(->T|1~A8+*uGgJCXZ$GOYBz&hH zkBWW~$u=|oOBWdA-d;Z`qLbbDV!%=%uRE-`a^m^_c{+w_Co(c-IUhcW&|LZS^t1M> zql_uSU-!h)iyvpD@h`CMH_uX@c;NR*G#fTzEb!4Q zAMLvTQ!!;P?>>B8U=ZdqRyjQJ)97j8ux5OkEjf+w+3Y4?t;isnHb4JVW5I=r^&UTZ*Ud zexL64-qAd4{q*x4o3n}e`=twumwrhLF;hlx-8#htao4P?&}Z-Gmq{59e9 z-;tCge|b7VNqX$-qqn5lFQ0Q6U47cA`{|4{!&^ZlAG zhuNt7x|)R2pP5anI>$AUQc{{7+j;dij(?r%Q*bT!KoW?&qPbsKWaaL@2CT%XofC(S zccXm&*T=o3-MbLV&Kka0GB}RU#_l^HUH`!{5)M55OR}-$8%;3-$ z;T@(Srf=oB5^2@#elCh~4(q;p5LY;K^nNRIgr4)B*()11WxC4?d9?0pI$G~2$`^&T z%2{${4lnE*U8tt^AcO7hMHvaFDtCd$^3If&meZ6gN;DdxJ2doPg5?jERyO_FX}U0> zSoHbFi+g5R zdt!Y;;qv8ebK?!nN_xkE#NNAKrRK5M*Z0roJl!idRzL!5e7r=G`&9DPhlv-g|IV0w zPbME!ynVbnw7GxuXVnBQMsb) z98l{pC`Cca@1f7NBVMGAm6@_7k^IE9Y8h%N_0A5ro!d>#g9Bc6Wf+DTHW*MRTeZCV zU@VveWcxg|q^qyVOWQO5y;jVyoe0D0{QK#jw{COsT$Vi#kk@`%NGN#fn<<0+bnyAj zmE@Fcir23VILhCNOiYy-uVGAeu5QfGGe7r#@uA>71dzV$nl*HnIb*?n95Nx1sIlPfUr!~F}Lca)qqoqYOUMHC-a zDk4yMjjTVJ)xXl8{=fJC;BcU9L}aJ^z5YA@7%)*R8@Hx942s`y7*bij6Y)bMm$^V0 z_5yr;xPLey!Zu6ApZ+uxS&z9a9bNs6@S9_+DbBC3i{mSoKIJika<`3mul@y*SejII zA-?W?hfXXkMJ`X5a3R?wP}R?5(R_8Lc=ysx2ip9wK|A%a)&FxPvSLSkU(`u|8fG^r zq%Y_T=rPZ)un;lw_I%Mwdg0TZT~bVc^Rl}*;+17j?l%hBB^SIajzqiu-aHS8gM6!@ z(DM9QabDVJ8kfy8D6d3K z|L-kNpYkd$z9+HBlo)pYVf|>;dl%8g#B=%6UwuCfN&c|$v1VEeJ=EjyoBd9HhsR9W zy!a|l`QN_>O*b-jVgha>RN)pD&mo)#Ifllp!PT6L4hJs~S%dKHHnq1`ct#C6V_O-s zC0h1>RSA^pr3;gC2y-C#X--b>)SxVhtbTh?IS5RFz@Hnoi0mxhMW(&JV3MDsG5h%O zN`mV6{de53S*>CdG>;ze*gX~;p;LpO92B9Py=2$S~*&E2Es5$gx>@N z1OQ8+-Rs+fZ~PmAcQ(@>QBf>sY<-B-CsUyh-?x_b0#H5{N}(S(a&oT7>wa);M7RBw;+CaII%-Mo37#w@3bTPS ztxK1Shk+;qiLZnzUIlUlLcCQ_(D~_8Exc=D*59`6*|P_i44nv#Bp(eKkv?a;zHCz+ zZMr|Rd-8y&Wq-^}g140Ei=e-f6@OlD)v)hO>Y{hKjfx;~b(jWycKcIV`R z++kYSZrm%j0z>KlZIrW;X!5v0FhX4m29rR$jvm#Gw!y6y6fDHmqsyINT%;@e(Emv7 ztVnza&ZqzumTSfWE$>^iu8uneX@kK4aidh?MLNHHu~*3xrt|I&Kz{n+@WvxcPi`Lw zYd}^)@wEL7f1p{QjM1XqEtkTFS655p>5J!mdGFKqMQa7SR$p+c$i*_Y)>Z|bem znczYHYK=ErsiOYVl5jvRse*;MF#dbAuEF|;Cq`S#4HMU|TfVAG#-_V)>>Io}gck?D z{tui&QG~GvNQ4g}qzT*dy)-Uiw98TadaCHXuIDVi?~RN&Dq!|-e0~StQ?an$2lN2qk$B*-Bc`3v$7`R>Wej4;Q;P=YetVGaURD0C%V)w zutD@fo*^7!Lm(-K&N3w5yZVrmth-z0+*d86J%IN89g(sHNg*JM`*nF{Ld@E*LjX;P zE>oRfT6%+XE1)LIUA~_i6+gRnmBANYzmEe0l(jzJ5fF;p({4(SsS_Ltk7bv}B@_nO zHY)@0P~841ts9oAGgRM7xZ8bY@lVZn@eQHX{Kc#540e;F%*REEaKxP;++qCo^Vy9u z8pLke4|fP4YygEL|D2O^r&7ek!~~HZ0B-Exj7U2`@Kk41qi%zk198KIMHP~Yn~|5w zDz5$bo==wRen9HMx(%JS6Z4(B)mPc51kE0X=2FEfYTX(W{s>h~g*ns>E~lmrn!Ry|1vZ6)ZV~H;3T`*twhPn|%qPaf{$0-U4(# zv~uC4rQ$HZ_>m1`jTx@-(=N0;1UTh!bTmOv<9;w{}^g0{@ znN4`&h?NTsAhhc+7##-r4yg7DvcibGq4-v0Xj^*FFd#JCgHKpo>F#`pCVrAZd$k@PWu8NO^M+ z`T$vMLZg^Y=w=a^^s_=%`mg8C-5}^d_281UUg>WKgUcC6ic>wn(qNAPX81n}Q|6G5 z5TF9^g)@RHG4F>PE)*(;0O)LB?S|YT9~26Q;fL4CIG2UZeVHRL6&xW>m17493kgHy ze~>?DU4VQ70s?5!hzI7fWC{Ka`v)Q}M6Fl}(uRnbdHa^o@H82X;A#;vltcsq>*--U zyAZa0B%ndz2~keTOnE#AZ@{RP$i=|W11b`p zl+*^2P+m`u4XZa!>9D~oc6M>e?=^=CGgzJz&K+(^$*m|KjT$ATdoY{dM7fcY8(JH3 zQ0Ybm>&uMsh=x6#JOMN1K_2Ul@BjX_49$1o$=p3jAIjTI2#1i_Kr0tIV9CwNX;^Cr z7KI=p&))M#{!RDfn8)V02kMYI%R<9^EhOVN+*hA1L8J~|4cL|%Qz6~1x|+%G71L|} zhP!LDa(0vr2=on+fBeW)H{)j!FMV~2oOb@iCzcQzs$SEYUlzmX}qZ=zEyheL}E04l7PFID0Z-sf5ceDazvy@L9&JL_|>&F#21j`EwTQ6 z@5RpEEMQr9FtW+#^Bp-FA4k(_gM4-+IyToo+p)i2P-lQ72}?4;=c2urSpOpfyi$-? zHWRA1U%!wf2jL)aYJAA%a)V@jvLuEEbX+MpIUzSo?6Hd>58x?AE0%1K#$b>AQ~g_w z4<5bjUB!+llxJmShu~L$G5y~FUSh@p%ahLNf(&n^S#Pr%%3s(4))(?TU_m(vX$(Mj zwCVr)dix5gLyrE~v*29zd#HlVyXpe;SMj1&p=zcCt_le#nCiIrc z>^r%0m+JwBaEU?;;Yr=zDwq8Ac1&f!mJq-Y>b9L1aQ z_j4-&D~m8OQ~`*kUR_<)!gaw6TvJbp5>CQ328%N+DxE*?K`!(ffx@7VFc_e|v4ih+ z`TodK#THS`paw;NJS01K80<%{V8|H1Ig{jPk16qO^ln>cngT@7Alv^SThI=b4KCXy zp*vgKJCz5QhozVB7AjE6L0C{Yia0|PtlfA}5YZuO^f)T8jxLwXkaDN&;_jZfFY6)aPI9ghAx8HZ*XrtI}Te@I2r zg}I2%4R*x5|&o) z7Y-a^CxafNVRRS@#{hob# zlM3n)SagtAZ}Y8kJK z;jytzSnn@ky&`<-pxq#A6J$B>46$(fqo}Bdsu@HGnU~iNOqYkQ_1+?F@uFeG2QN5d zrzJl4&o?QoKwz%Y3k##69Q_A76zDKKYZR}qAg01{38_C}B0y*;j^30&6X*y#9K@ke zSJI<*GWs;sfPzCwQ4uk>$aSd06w)rZ^Vxsx*Mc*#W5KJSqM}j?JcsZ%qn1GH>F1cI z1~C&>3%#|k-Ov+rL02HTISY!%5`R3p7Le*+Gt4e5yiYqyyVUVC$Rdcv2tgud21J)nc7~P?^!O1J9`MP-K8Jc1BMa)A2OF;8FuIO*v-s~>0qKrP^Ir}_8mVJDA?QG^PJsMzQNAl{OJ z!h(3S=g%K{)7wI{S~qVFXymb%4FVb1SQ@;vRkmdCBIn4@g>GU4KFz@VT5qkpA~f|& z^LyUR%2glEz{7#5!M{9<>4@^-KW5*5-~iR$Fey(B9i2-uGCPsyh-Y*2i_4SPtQ6PR z`-j&pSw&fT=4Qj3Do=J@WjjLWY26c6qE|Jl`6z8~Aj`RoS}xiwmC8GjV$SS74LO$! zBx?iGZb@(7^+wL9(r(3k<>AAJ%L6Zg3okfB0o+sJvGrmmSw2lF>vL+?Pw36J&32ff zl)_VmhQ!6?9NrUpWM~nfjQm0PbCGoi3jwOSM!0%0RIx&i%&j;g;1%-#{RiNJ(UkgT z4y7yod?f>_@Z({50#-rvHE48DQKJIp-QOHT7rDDk{BCz{h)ew2>lQcu5Njoz6?kd2 zz!drJj_NzE4mb>ff;{aoeFL0|*!^D&|M`%J?FfiI#=j5FD3cDVt(C=6Dek!fS;rXk z%_7hoq@p)O+ek<}hi2Gp+q`v2BAa9<)_qc7symwqz@3hc?qO*Kc5cXI2i=x#qAG|* zF^JX0zptmWvuZN00^%Krudq3e&OBGm2=eg5)`pl*)TclxFkTOJQMT(lJ%H$lJ@7F0 zBb&T&Q;NXf5Q9O~1Qg-Wk6WbJ{eoOdNu=QFXK(&{yMjEG2kN&btZ_r_Nr+CMPrTNw^dd)>pZTmT%=Wlp=(mPch1l7!zy;guLho{Y`=}NRm z%EqJ~_s-sw_2e31JX&y%P&FcFoo z>|@g{tyIOv;N)ZFHmO5EJ@8Z$>R&Fzbh79b2tnS0P_fQbIq=vw|9NeRQv+D2BIDvd zV0_})!KOo*)+ttNc$yh9Q;>^T>R?bnT?Ksu1g4zW*PzL#Vim_5QCKE)iO{p~ok`No z18Bu|1OOVu)9zbqLw1mx;}i|D3-0clkGgHoCe}#zdnf+`4Gy|tVgPd|IeI~mi0lto z@o`U3BEqDlxt@S}8V|FE?mhn|C29$Ywcd8Z`+2 z4ZeL(PcrIq6B1phm(X}pIn5kVV(wa6#(_gPlZA+Mv!Cv7f~;-yR$sn#PSc!smPDTH z(}BH*0|MS|)kt=f-PzZ~U*_ZR>(lAH3+r#w_GYVzVXeegLez|ew8+->@1ya92M=P{ z8AAROedq+bSR^be*0go>jjPB@5AqNA^Y{=!W~ZsqOS?PXGxMhrYW%&Yeo ziu}}AMEtDXMypFxp)QrZ74He5d*4oXtl3gzI?&bl5c;|?M4y_wETFo zMCa|rPNWjB+jk1bx8jLSUgy1<(S@^Mx3(6ig^z~Lxz8^%+-1U^O zSowE@j3;SDDpv|}A0NN-F>_pQXru2qf7a&br1FX zCXg+!w5;L8zYpKOu|s}!f;G)ongf;F3bc$(5cfHbhKLd|o*vnT`zKJL=sFJXdS^NC z0YgvBWsw&dY4Yt_+SKRDkMKuRIY+GM_XJ(9W! z&&Fu}XOjThsJ6QA-;J=w2g|OiVm;H=(t27{6a%{lcDuAmS2+n9vQv_hYN&%CT059U z%4hZUZ9oH?M*_5w4~Ta9)vHR#;pgsi1Jq+H87TizoERBt_?EuVMaHRMVe!@EXeYde zCmTkbp_u@57rddYq;v~y6)`OllZ_i>?a`@n4%4}E<>Pn~$$}K}8JM=3)L8AA^mrm3 zZth-2luZMXfP*s$-lkrXqzkZK_@#l1?f(3N$P@v*a?q;OrrDMM)jbDXx-|A#cm_o4 zgZqPmc?Elmjo*LeR1W4FIH{0kT@qg&Ve8w!LvZ&X1r1eQKtpuY&AaPabp{-C0ZePJ z?@wy(-@m`eed8?bIhZx5vd{%?wCr4f7#zR_6oNl~{J>&%V*2Wo{kb8W4@~SbC_dx~ zJ#aeq5S%P_YJJP2MVL7xxAz}}?4b2(X>A=?*zqJGL0MZnc2+YX-K?JE?cD*XKEzf` z5r|%~9XCBaeS(;cmlm%)?|x1M*$N5OqWS{d0{j}yJobA**0kk~O<_Z{I7FP{i_DA2 z0m6=tCKIE)_tmYPP{?C844#%x1SWx)pW0z->&C(H9w1hLNQ!7`x<55{2YK+& z;aJNBSB?j&^EVuN;zx&E0H(c4vQk&i+2c^=5UCmG_K~TmHjL zAn^>RAt|e=5vfWCt<2!k?C9<`5voQ}2OSXIUSHHDsbEVG`-g+7(S4Zr7ZKhUAdpUz zIfdw2M07W%XJ&9d1?XPPDPtR(a2&FOFPNCFceyWOO{u2Wqr)acYA9oXk% zAgr$Y-1^a|_@cP)kyMH1ycBIuSVtu!>+0goTA& zkpQeatHr%P=(L1H8xcO<*hmKC7d0zpmpm#e3=*^sHY@~kp=KKU}$iXgdmUH&O zid@o4N_)Dxx`=KZZwBsHqG|&(gVx*@4hxVRPz}J{IQVy>7IDY;7Ak-sARNeNE*WS8 zAl3kFK2GoBWDSdi0}{ogLKrI+!d-y)2g_WJL6J>EMg-Ra35UcAF$V_&?m#4sy_Yy@ z0Mrwd(a4TsgqRj$*RGi3sc>RIm_65H7}nX{-2hcBB=p43jlBpnL((z+a}J@%2N>Ju z=kFQh_XN6WYV4C!CtS=WCBSuLot#!qhE2~ig&jIqk4YF48>>w_Ix)cmApVp=OM80* z%tg2$m}UV4xFSW8xclN_!U#v$+?hjc(cBS;EfnHtvmy6HPZY9!=+$F(-S_tb2nif2 zSKtF6KJaLm!;alYcc~`1@feqF_xHOJ-;E*ynIQ}`h#~>rVmmv6!w|@@*w@E<5NIJV zLIOQTZ6_!qQjbFt$_)CTa0FNhuV@um2iTr);>av~aCn(@z{23y6H0&95mtaA;1AJ7 z!yfhI#5Ew5avB<>yLaOU#sPEGJC-5h2^~foCh7qe79(5R2=u+gI)Xt6a}M;)-)xIf zyrU#0Ajc~2-7o|pd;5x}rhRkB$o#wzfDmXPt>N1Ngu0Bw;3^DCZ`#_v4v*>nlIx~D zIXRgI_!kH&ac~WC6Z7-KQ&KpvWd$n~5!kA?w>M(q2gJI8cPe7LxOK}DGcH%Jq786D zF;?fH<$BQvSj=bBKXRygCC8*X-u@aW_#Ej8|f6W@Kaj6`v0hCAR9GEqp3l!*>{Ed z>M0t9t|*CX46k}sWQEB{M|nPcd~F;g;U<+J=aFE_p#0Dq1OON+K?Yf zmH>rs%+4KNwRMK)$6Hq+>!)|t!daagH-M<)KvSI3Re$2UYKEO$SmNfpMBThBe&x7y zoXZ#T9#a}k(Y{GONlRq%pPp9G&@g1CaNFxYwnlkL=?*)MR(?|XdAF^F(>4f7(a;DH z=w7a3R2E3D^K(U-G3#Bb&tdroX68ETqmv>Q1jZy-2ol4lCL$1PqNW zGu;)pj`?SJs7!aBbzp4#r90KH@h7Yef8SG)dK1T(5qi%;w|KQKp;1Qqd9nGwU&5y9 z>g4blfvHS(Nk1FBQhA7t8RRl?%r^SMyJ>yx==_hl?Gx=5WC#+#!*H&kZtr>I?-*?QkpIo7u|-?nl2z54Ld zRzvGwdjhm*l^mEF(N(Q@nyc%u!2Y|W^-fM0xAxt>$;6oZ3$|H?dWXCREcLn{7`jnq zFJ!xvXw6)WGJdo2Zt~}zk?RekQ|~hL`n$h=F$r-gJ3VMtF*CpAaE`ir?oje=?TvI3 zC#UkQ%{9OzSd$F7B!D?fb-fjCzQ`u{?h8{+!G|ULDUxirmcd+I3z5E)4W66w-<;dJ zN}jw)$~KF$?_1e6JXFILr8Bv%S8mm8_$gBUe3f2V?&i^qW!rF)OX8O^YihSP@BSKK zWRUI`1s5(TXxLKD7F6emeH10mcwnvbf{y>HhvXf}%1tNYXltAcJT!(~`y8HL$xNAi zR`YE0<%c6}&)BYzactHQ$H_p0@NdL@klwl%PMV=aJ4W~r_BDe_Hr(b2@)mt`{k8@E z_gJ=wtS{7$mgg3atII1WoI!17XlRISLXz%HVbGddz5X5!9~$&v1@-z$)KN6jWE`?y zN?u3sJ+g59i2weSD~3x8f8ay2=jfjQOMfN3f08s;w+wuwk}NOr*~?y67<_>t`W>q0 z98IFn23H9>a(~bf+F3H2b`-zR9lP}0^4F+uXn3y6s*bx9U+giYJ{QcNqkpP#WaKa^ z8R~P7*N*NFA~dqZ?-@&?=iP>GpqE$eU|m{`k-+)iG_}mnbXjj+5nY0dLSWNP+bwo! zYAzyMk+}WCRa{kc#KkC{QhG%^Ar3laI$q-W`IAJFT>Ah0SLg&H*V1xJO5#x(ze4^d za>D0d)zC_FT>xkX9t+$}lH{mCiX)fUS;GX+oolYF+y>4Dod{YXHhZlR@(Ir) zTK^T7;8(GW13TVE0~8RBb-;M20l);%Zw~Aa^7X(OBt-+$B}cWeBNFurHe1YR@KXp8 zN1Gq_r-&8u_cZu^1;oXbL8~IK9^4d&Od!vo=kVZJ?PHeUpSBzOun#~gs3xM-0Oh3< zRdVkq9gdFpJ~oz*xDOc2f6mO9n40<{`4@*ZuxYhi%e|3;yG1nwR1@Yv#Dsz=K!Xcd z`rEy;Y+B+=|FF}11LO)1(dZj&JcyqL!VLf)%miV=LYcF4zA7#`nK zcpGn`)Vjca0d^>)rXjI|fcM!p|Ln#)Wwovic)oSP33?vlnFA>#+2Ogb8A;Iuumg-e zsCyEXkwHGw=;$bh3SCegt7%JSrY(j9#?Ut8sj#Em^q6NS=)XnFGuYBmL=h6O#zuW3BcFj|vE5iu!rgHH{}Ydj){A zB0NwSy*P#xAC2>dMGUsG$7}lgSunQHwGnwTt;VBpq}Ca~aho1&L^%UAp|QPP&5>FQ zL_JUu!>!E?h*h>f!b$V(<2u(4u01`EPXvHG`m$+&myb_CSQx-6`^l425(*Ak$Z*A1 zOkCUu&e5p8Q}Fs$4XOL$o8(!v(2o)mTS0CR8L5EnCE;`N>C{2&HxZNbzuKCpsJ|G! zV9l}`9$w*lXW5G)@tL@;QpAj~K)Z{||hiOr|y=W`E0mInNR zzigiFf9#W>zdE291GNa7nn!DO^$zro1d)xyPGf=6pv^<%I93@@QGm14aRfAMKltkb z@@Yh@tpN^@tFP)tV$`2Mr{27I1K{J|_9Z;rrklyCzo-f%(}6>Wj({~nhyoHp2!b9F zHaN0*KO-X%^MSeswJ~NaqLh%>L!{71NqOc^3$}}+ZW>26BAy@}XmW% z9Kd|A^Z-1QILHKK4W2#@k`3sdd=4NCe*REUX+kP#Am_oyBV-+VAHwC2G6bzF0T2Oe z%D{5(DBebZb%>)T5DS7NHaDlp=u)zI^6qWWgg=^Jii_ptl8ph_+8V{1q@SJTo$q9d`$Pd~0r@PlS>T(hICJ*az_l zXu}#HwlL7we}IjhcfTQ|mGUMz_mjt z1iLo2IYPWZ#619-IeQk*lN`SVw~v{Wn`?PUs1mR%Gg(ai z{>_WD5G*G+yQT+=9lQmAtFRf$z|V+>fkBVH6%rEwJNZb&(-pNO>{ zmju3n7g1Bn%E|=yjkTMIJ_!pW{OcIQ(D>YTcTd8x2}D%OI}4p|&IVa5X}}(a7o3Zo z=8h6O3kwxwZNUP&ff}F$vjdosd!twydpUr}*w_Pr!7-q!jRc6L22XX^y5BZ|KO^%v z?)pTzOm^~~o>lE@U^1@35c&Jne2h|i;Ea5i5OyLwYCLBhz8FS+T_}C93NtY?<7gzr zNT@MQuDD9zJKKV%z)7BBlGV^4su@ym$cDDz`?#8Ic&J$Wv7gCvzSE>Q8`fZ0`_dzM zXa;RC=HRPOY3f>9MFvA&RZsIn!1;hU$GOpkeHOKGSfNvS@F3F6n88&42bs&r$OMOm zf~X0=Z|D-jc8cZV=T9^ID*Oi&r)m8S4Gn-l|Lx;}x}|0wCu%7*wMd+lGC%*8_8;tL z63Oj6GT7lYHKWuu&mw7}VN_c^w0Y}GU*9FXee62;@$N}szV86#Au~)*PiH!G2-8JK zMeu`eSkw3%DlNjztY3B15KgUX0ozLg^rJJE@JJ6saB~=xee;bn-Ka64;DLzM0 z_yXqmJsEXUC)f=LGgxrIp?uNgDqRnr%U>LN=PvU!nqL3Y7zQRv=NFlG9$(Yd9XvT6 z-91@1K8Iv6+vXv>kC>z+V}O+P`I*s2ct3kwzaEz#GPXcGk<3io=D~4{yC<~cpFS}F z@UE9rm9+eFY3PS@)SNTMsx*G%&2FGcSbKZ?Z{JT?m6-JCYTvi)&^tNw(!;~ja{A_y zN?zXQWsf8w! zDS9)|ZiL)NVor!7J|+0>*d3507-FBo8b+&Tmh!}OEywK}=ACzWSKS}qsV9P5;$g)3 z?lV-Dxb|OD%3(Rv>7vg^bYHW(xc_gpql;VHQlH7T2lUz-ZNrz6oT_ZDw7%E>1K{OV AHUIzs diff --git a/include/libwebsockets.h b/include/libwebsockets.h deleted file mode 100644 index 642f56b..0000000 --- a/include/libwebsockets.h +++ /dev/null @@ -1,592 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -/** @file */ - -#ifndef LIBWEBSOCKET_H_3060898B846849FF9F88F5DB59B5950C -#define LIBWEBSOCKET_H_3060898B846849FF9F88F5DB59B5950C - -#ifdef __cplusplus -#include -#include - -extern "C" { -#else -#include -#endif - -#include -#include - -#include "lws_config.h" - -/* place for one-shot opaque forward references */ - -typedef struct lws_sequencer lws_seq_t; /* opaque */ -typedef struct lws_sorted_usec_list lws_sorted_usec_list_t; /* opaque */ -typedef struct lws_dsh lws_dsh_t; - -/* - * CARE: everything using cmake defines needs to be below here - */ - -#define LWS_US_PER_SEC ((lws_usec_t)1000000) -#define LWS_MS_PER_SEC ((lws_usec_t)1000) -#define LWS_US_PER_MS ((lws_usec_t)1000) -#define LWS_NS_PER_US ((lws_usec_t)1000) - -#define LWS_KI (1024) -#define LWS_MI (LWS_KI * 1024) -#define LWS_GI (LWS_MI * 1024) -#define LWS_TI ((uint64_t)LWS_GI * 1024) -#define LWS_PI ((uint64_t)LWS_TI * 1024) - -#define LWS_US_TO_MS(x) ((x + (LWS_US_PER_MS / 2)) / LWS_US_PER_MS) - -#if defined(LWS_HAS_INTPTR_T) -#include -#define lws_intptr_t intptr_t -#else -typedef unsigned long long lws_intptr_t; -#endif - -#if defined(WIN32) || defined(_WIN32) -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif - -#include -#include -#include -#include -#include -#ifndef _WIN32_WCE -#include -#else -#define _O_RDONLY 0x0000 -#define O_RDONLY _O_RDONLY -#endif - -#define LWS_INLINE __inline -#define LWS_VISIBLE -#define LWS_WARN_UNUSED_RESULT -#define LWS_WARN_DEPRECATED -#define LWS_FORMAT(string_index) - -#if !defined(LWS_EXTERN) -#ifdef LWS_DLL -#ifdef LWS_INTERNAL -#define LWS_EXTERN extern __declspec(dllexport) -#else -#define LWS_EXTERN extern __declspec(dllimport) -#endif -#else -#define LWS_EXTERN -#endif -#endif - -#define LWS_INVALID_FILE INVALID_HANDLE_VALUE -#define LWS_SOCK_INVALID (INVALID_SOCKET) -#define LWS_O_RDONLY _O_RDONLY -#define LWS_O_WRONLY _O_WRONLY -#define LWS_O_CREAT _O_CREAT -#define LWS_O_TRUNC _O_TRUNC - -#ifndef __func__ -#define __func__ __FUNCTION__ -#endif - -#else /* NOT WIN32 */ -#include -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) -#include -#endif - -#if defined(__NetBSD__) || defined(__FreeBSD__) || defined(__QNX__) || defined(__OpenBSD__) -#include -#include -#endif - -#define LWS_INLINE inline -#define LWS_O_RDONLY O_RDONLY -#define LWS_O_WRONLY O_WRONLY -#define LWS_O_CREAT O_CREAT -#define LWS_O_TRUNC O_TRUNC - -#if !defined(LWS_PLAT_OPTEE) && !defined(OPTEE_TA) && !defined(LWS_WITH_ESP32) -#include -#include -#define LWS_INVALID_FILE -1 -#define LWS_SOCK_INVALID (-1) -#else -#define getdtablesize() (30) -#if defined(LWS_WITH_ESP32) -#define LWS_INVALID_FILE NULL -#define LWS_SOCK_INVALID (-1) -#else -#define LWS_INVALID_FILE NULL -#define LWS_SOCK_INVALID (-1) -#endif -#endif - -#if defined(__GNUC__) - -/* warn_unused_result attribute only supported by GCC 3.4 or later */ -#if __GNUC__ >= 4 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) -#define LWS_WARN_UNUSED_RESULT __attribute__((warn_unused_result)) -#else -#define LWS_WARN_UNUSED_RESULT -#endif - -#define LWS_VISIBLE __attribute__((visibility("default"))) -#define LWS_WARN_DEPRECATED __attribute__ ((deprecated)) -#define LWS_FORMAT(string_index) __attribute__ ((format(printf, string_index, string_index+1))) -#else -#define LWS_VISIBLE -#define LWS_WARN_UNUSED_RESULT -#define LWS_WARN_DEPRECATED -#define LWS_FORMAT(string_index) -#endif - -#if defined(__ANDROID__) -#include -#include -#endif - -#endif - -#if defined(LWS_WITH_LIBEV) -#include -#endif /* LWS_WITH_LIBEV */ -#ifdef LWS_WITH_LIBUV -#include -#ifdef LWS_HAVE_UV_VERSION_H -#include -#endif -#ifdef LWS_HAVE_NEW_UV_VERSION_H -#include -#endif -#endif /* LWS_WITH_LIBUV */ -#if defined(LWS_WITH_LIBEVENT) -#include -#endif /* LWS_WITH_LIBEVENT */ - -#ifndef LWS_EXTERN -#define LWS_EXTERN extern -#endif - -#ifdef _WIN32 -#define random rand -#else -#if !defined(LWS_PLAT_OPTEE) -#include -#include -#endif -#endif - -#if defined(LWS_WITH_TLS) - -#ifdef USE_WOLFSSL -#ifdef USE_OLD_CYASSL -#ifdef _WIN32 -/* - * Include user-controlled settings for windows from - * /IDE/WIN/user_settings.h - */ -#include -#include -#else -#include -#endif -#include -#include - -#else -#ifdef _WIN32 -/* - * Include user-controlled settings for windows from - * /IDE/WIN/user_settings.h - */ -#include -#include -#else -#include -#endif -#include -#include -#endif /* not USE_OLD_CYASSL */ -#else -#if defined(LWS_WITH_MBEDTLS) -#if defined(LWS_WITH_ESP32) -/* this filepath is passed to us but without quotes or <> */ -#if !defined(LWS_AMAZON_RTOS) -/* AMAZON RTOS has its own setting via MTK_MBEDTLS_CONFIG_FILE */ -#undef MBEDTLS_CONFIG_FILE -#define MBEDTLS_CONFIG_FILE -#endif -#endif -#include -#include -#include -#else -#include -#if !defined(LWS_WITH_MBEDTLS) -#include -#endif -#endif -#endif /* not USE_WOLFSSL */ -#endif - -/* - * Helpers for pthread mutex in user code... if lws is built for - * multiple service threads, these resolve to pthread mutex - * operations. In the case LWS_MAX_SMP is 1 (the default), they - * are all NOPs and no pthread type or api is referenced. - */ - -#if LWS_MAX_SMP > 1 - -#include - -#define lws_pthread_mutex(name) pthread_mutex_t name; - -static LWS_INLINE void -lws_pthread_mutex_init(pthread_mutex_t *lock) -{ - pthread_mutex_init(lock, NULL); -} - -static LWS_INLINE void -lws_pthread_mutex_destroy(pthread_mutex_t *lock) -{ - pthread_mutex_destroy(lock); -} - -static LWS_INLINE void -lws_pthread_mutex_lock(pthread_mutex_t *lock) -{ - pthread_mutex_lock(lock); -} - -static LWS_INLINE void -lws_pthread_mutex_unlock(pthread_mutex_t *lock) -{ - pthread_mutex_unlock(lock); -} - -#else -#define lws_pthread_mutex(name) -#define lws_pthread_mutex_init(_a) -#define lws_pthread_mutex_destroy(_a) -#define lws_pthread_mutex_lock(_a) -#define lws_pthread_mutex_unlock(_a) -#endif - - -#define CONTEXT_PORT_NO_LISTEN -1 -#define CONTEXT_PORT_NO_LISTEN_SERVER -2 - -#include - - -#include - -#ifndef lws_container_of -#define lws_container_of(P,T,M) ((T *)((char *)(P) - offsetof(T, M))) -#endif - -struct lws; - -/* api change list for user code to test against */ - -#define LWS_FEATURE_SERVE_HTTP_FILE_HAS_OTHER_HEADERS_ARG - -/* the struct lws_protocols has the id field present */ -#define LWS_FEATURE_PROTOCOLS_HAS_ID_FIELD - -/* you can call lws_get_peer_write_allowance */ -#define LWS_FEATURE_PROTOCOLS_HAS_PEER_WRITE_ALLOWANCE - -/* extra parameter introduced in 917f43ab821 */ -#define LWS_FEATURE_SERVE_HTTP_FILE_HAS_OTHER_HEADERS_LEN - -/* File operations stuff exists */ -#define LWS_FEATURE_FOPS - - -#if defined(_WIN32) -#if !defined(LWS_WIN32_HANDLE_TYPES) -typedef SOCKET lws_sockfd_type; -typedef HANDLE lws_filefd_type; -#endif - -struct lws_pollfd { - lws_sockfd_type fd; /**< file descriptor */ - SHORT events; /**< which events to respond to */ - SHORT revents; /**< which events happened */ -}; -#define LWS_POLLHUP (FD_CLOSE) -#define LWS_POLLIN (FD_READ | FD_ACCEPT) -#define LWS_POLLOUT (FD_WRITE) -#else - - -#if defined(LWS_WITH_ESP32) -#include -#else -typedef int lws_sockfd_type; -typedef int lws_filefd_type; -#endif - -#if defined(LWS_PLAT_OPTEE) -#include -struct timeval { - time_t tv_sec; - unsigned int tv_usec; -}; -#if defined(LWS_WITH_NETWORK) -// #include -#define lws_pollfd pollfd - -struct timezone; - -int gettimeofday(struct timeval *tv, struct timezone *tz); - - /* Internet address. */ - struct in_addr { - uint32_t s_addr; /* address in network byte order */ - }; - -typedef unsigned short sa_family_t; -typedef unsigned short in_port_t; -typedef uint32_t socklen_t; - -#include - -#if !defined(TEE_SE_READER_NAME_MAX) - struct addrinfo { - int ai_flags; - int ai_family; - int ai_socktype; - int ai_protocol; - socklen_t ai_addrlen; - struct sockaddr *ai_addr; - char *ai_canonname; - struct addrinfo *ai_next; - }; -#endif - -ssize_t recv(int sockfd, void *buf, size_t len, int flags); -ssize_t send(int sockfd, const void *buf, size_t len, int flags); -ssize_t read(int fd, void *buf, size_t count); -int getsockopt(int sockfd, int level, int optname, - void *optval, socklen_t *optlen); - int setsockopt(int sockfd, int level, int optname, - const void *optval, socklen_t optlen); -int connect(int sockfd, const struct sockaddr *addr, - socklen_t addrlen); - -extern int errno; - -uint16_t ntohs(uint16_t netshort); -uint16_t htons(uint16_t hostshort); - -int bind(int sockfd, const struct sockaddr *addr, - socklen_t addrlen); - - -#define MSG_NOSIGNAL 0x4000 -#define EAGAIN 11 -#define EINTR 4 -#define EWOULDBLOCK EAGAIN -#define EADDRINUSE 98 -#define INADDR_ANY 0 -#define AF_INET 2 -#define SHUT_WR 1 -#define AF_UNSPEC 0 -#define PF_UNSPEC 0 -#define SOCK_STREAM 1 -#define SOCK_DGRAM 2 -# define AI_PASSIVE 0x0001 -#define IPPROTO_UDP 17 -#define SOL_SOCKET 1 -#define SO_SNDBUF 7 -#define EISCONN 106 -#define EALREADY 114 -#define EINPROGRESS 115 -int shutdown(int sockfd, int how); -int close(int fd); -int atoi(const char *nptr); -long long atoll(const char *nptr); - -int socket(int domain, int type, int protocol); - int getaddrinfo(const char *node, const char *service, - const struct addrinfo *hints, - struct addrinfo **res); - - void freeaddrinfo(struct addrinfo *res); - -#if !defined(TEE_SE_READER_NAME_MAX) -struct lws_pollfd -{ - int fd; /* File descriptor to poll. */ - short int events; /* Types of events poller cares about. */ - short int revents; /* Types of events that actually occurred. */ -}; -#endif - -int poll(struct pollfd *fds, int nfds, int timeout); - -#define LWS_POLLHUP (0x18) -#define LWS_POLLIN (1) -#define LWS_POLLOUT (4) -#else -struct lws_pollfd; -struct sockaddr_in; -#endif -#else -#define lws_pollfd pollfd -#define LWS_POLLHUP (POLLHUP | POLLERR) -#define LWS_POLLIN (POLLIN) -#define LWS_POLLOUT (POLLOUT) -#endif -#endif - - -#if (defined(WIN32) || defined(_WIN32)) && !defined(__MINGW32__) -/* ... */ -#define ssize_t SSIZE_T -#endif - -#if defined(WIN32) && defined(LWS_HAVE__STAT32I64) -#include -#include -#endif - -#if defined(LWS_HAVE_STDINT_H) -#include -#else -#if defined(WIN32) || defined(_WIN32) -/* !!! >:-[ */ -typedef __int64 int64_t; -typedef unsigned __int64 uint64_t; -typedef __int32 int32_t; -typedef unsigned __int32 uint32_t; -typedef __int16 int16_t; -typedef unsigned __int16 uint16_t; -typedef unsigned __int8 uint8_t; -#else -typedef unsigned int uint32_t; -typedef unsigned short uint16_t; -typedef unsigned char uint8_t; -#endif -#endif - -typedef int64_t lws_usec_t; -typedef unsigned long long lws_filepos_t; -typedef long long lws_fileofs_t; -typedef uint32_t lws_fop_flags_t; - -#define lws_concat_temp(_t, _l) (_t + sizeof(_t) - _l) -#define lws_concat_used(_t, _l) (sizeof(_t) - _l) - -/** struct lws_pollargs - argument structure for all external poll related calls - * passed in via 'in' */ -struct lws_pollargs { - lws_sockfd_type fd; /**< applicable socket descriptor */ - int events; /**< the new event mask */ - int prev_events; /**< the previous event mask */ -}; - -struct lws_extension; /* needed even with ws exts disabled for create context */ -struct lws_token_limits; -struct lws_context; -struct lws_tokens; -struct lws_vhost; -struct lws; - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#include - -#if defined(LWS_WITH_TLS) - -#if defined(LWS_WITH_MBEDTLS) -#include -#include -#include -#include -#endif - -#include -#include -#include -#include -#include - -#include -#include -#include -#include - -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/libwebsockets/abstract/abstract.h b/include/libwebsockets/abstract/abstract.h deleted file mode 100644 index d8f0228..0000000 --- a/include/libwebsockets/abstract/abstract.h +++ /dev/null @@ -1,123 +0,0 @@ -/* - * libwebsockets - abstract top level header - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -/* - * These are used to optionally pass an array of index = C string, binary array, - * or ulong tokens to the abstract transport or protocol. For example if it's - * raw socket transport, then the DNS address to connect to and the port are - * passed using these when the client created and bound to the transport. - */ - -typedef struct lws_token_map { - union { - const char *value; - uint8_t *bvalue; - unsigned long lvalue; - } u; - short name_index; /* 0 here indicates end of array */ - short length_or_zero; -} lws_token_map_t; - -/* - * The indvidual protocols and transports define their own name_index-es which - * are meaningful to them. Define index 0 globally as the end of an array of - * them, and separate the ones used for protocols and transport so we can - * sanity check they are at least in the correct category. - */ - -enum { - LTMI_END_OF_ARRAY, - - LTMI_PROTOCOL_BASE = 2048, - - LTMI_TRANSPORT_BASE = 4096 -}; - -struct lws_abs_transport; -struct lws_abs_protocol; - -LWS_VISIBLE LWS_EXTERN const lws_token_map_t * -lws_abs_get_token(const lws_token_map_t *token_map, short name_index); - -/* - * the combination of a protocol, transport, and token maps for each - */ - -typedef void lws_abs_transport_inst_t; -typedef void lws_abs_protocol_inst_t; - -typedef struct lws_abs { - void *user; - struct lws_vhost *vh; - - const struct lws_abs_protocol *ap; - const lws_token_map_t *ap_tokens; - const struct lws_abs_transport *at; - const lws_token_map_t *at_tokens; - - lws_seq_t *seq; - void *opaque_user_data; - - /* - * These are filled in by lws_abs_bind_and_create_instance() in the - * instance copy. They do not need to be set when creating the struct - * for use by lws_abs_bind_and_create_instance() - */ - - struct lws_dll2 abstract_instances; - lws_abs_transport_inst_t *ati; - lws_abs_protocol_inst_t *api; -} lws_abs_t; - -/** - * lws_abs_bind_and_create_instance - use an abstract protocol and transport - * - * \param abs: the lws_abs_t describing the combination desired - * - * This instantiates an abstract protocol and abstract transport bound together. - * A single heap allocation is made for the combination and the protocol and - * transport creation ops are called on it. The ap_tokens and at_tokens - * are consulted by the creation ops to decide the details of the protocol and - * transport for the instance. - */ -LWS_VISIBLE LWS_EXTERN lws_abs_t * -lws_abs_bind_and_create_instance(const lws_abs_t *ai); - -/** - * lws_abs_destroy_instance() - destroys an instance - * - * \param ai: pointer to the ai pointer to destroy - * - * This is for destroying an instance created by - * lws_abs_bind_and_create_instance() above. - * - * Calls the protocol and transport destroy operations on the instance, then - * frees the combined allocation in one step. The pointer ai is set to NULL. - */ -LWS_VISIBLE LWS_EXTERN void -lws_abs_destroy_instance(lws_abs_t **ai); - -/* - * bring in all the protocols and transports definitions - */ - -#include -#include diff --git a/include/libwebsockets/abstract/protocols.h b/include/libwebsockets/abstract/protocols.h deleted file mode 100644 index a6f802a..0000000 --- a/include/libwebsockets/abstract/protocols.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * libwebsockets - abstract protocol definitions - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -typedef struct lws_abs_protocol { - const char *name; - int alloc; - - int (*create)(const struct lws_abs *ai); - void (*destroy)(lws_abs_protocol_inst_t **d); - - /* events the transport invokes (handled by abstract protocol) */ - - int (*accept)(lws_abs_protocol_inst_t *d); - int (*rx)(lws_abs_protocol_inst_t *d, uint8_t *buf, size_t len); - int (*writeable)(lws_abs_protocol_inst_t *d, size_t budget); - int (*closed)(lws_abs_protocol_inst_t *d); - int (*heartbeat)(lws_abs_protocol_inst_t *d); -} lws_abs_protocol_t; - -/** - * lws_abs_protocol_get_by_name() - returns a pointer to the named protocol ops - * - * \param name: the name of the abstract protocol - * - * Returns a pointer to the named protocol ops struct if available, otherwise - * NULL. - */ -LWS_VISIBLE LWS_EXTERN const lws_abs_protocol_t * -lws_abs_protocol_get_by_name(const char *name); - -/* - * bring in public api pieces from protocols - */ - -#include diff --git a/include/libwebsockets/abstract/protocols/smtp.h b/include/libwebsockets/abstract/protocols/smtp.h deleted file mode 100644 index 5fb434e..0000000 --- a/include/libwebsockets/abstract/protocols/smtp.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup smtp SMTP related functions - * ##SMTP related functions - * \ingroup lwsapi - * - * These apis let you communicate with a local SMTP server to send email from - * lws. It handles all the SMTP sequencing and protocol actions. - * - * Your system should have postfix, sendmail or another MTA listening on port - * 25 and able to send email using the "mail" commandline app. Usually distro - * MTAs are configured for this by default. - * - * It runs via its own libuv events if initialized (which requires giving it - * a libuv loop to attach to). - * - * It operates using three callbacks, on_next() queries if there is a new email - * to send, on_get_body() asks for the body of the email, and on_sent() is - * called after the email is successfully sent. - * - * To use it - * - * - create an lws_email struct - * - * - initialize data, loop, the email_* strings, max_content_size and - * the callbacks - * - * - call lws_email_init() - * - * When you have at least one email to send, call lws_email_check() to - * schedule starting to send it. - */ -//@{ -#if defined(LWS_WITH_SMTP) - -enum { - LTMI_PSMTP_V_HELO = LTMI_PROTOCOL_BASE, /* u.value */ - LTMI_PSMTP_LV_RETRY_INTERVAL, /* u.lvalue */ - LTMI_PSMTP_LV_DELIVERY_TIMEOUT, /* u.lvalue */ - LTMI_PSMTP_LV_EMAIL_QUEUE_MAX, /* u.lvalue */ - LTMI_PSMTP_LV_MAX_CONTENT_SIZE, /* u.lvalue */ -}; - -typedef struct lws_smtp_client lws_smtp_client_t; -typedef struct lws_abs lws_abs_t; - -typedef struct lws_smtp_email { - struct lws_dll2 list; - - void *data; - void *extra; - - time_t added; - time_t last_try; - - const char *email_from; - const char *email_to; - const char *payload; - - int (*done)(struct lws_smtp_email *e, void *buf, size_t len); - - int tries; -} lws_smtp_email_t; - - -/** - * lws_smtp_client_alloc_email_helper() - Allocates and inits an email object - * - * \param payload: the email payload string, with headers and terminating . - * \param payload_len: size in bytes of the payload string - * \param sender: the sender name and email - * \param recipient: the recipient name and email - * - * Allocates an email object and copies the payload, sender and recipient into - * it and initializes it. Returns NULL if OOM, otherwise the allocated email - * object. - * - * Because it copies the arguments into an allocated buffer, the original - * arguments can be safely destroyed after calling this. - * - * The done() callback must free the email object. It doesn't have to free any - * individual members. - */ -LWS_VISIBLE LWS_EXTERN lws_smtp_email_t * -lws_smtp_client_alloc_email_helper(const char *payload, size_t payload_len, - const char *sender, const char *recipient, - const char *extra, size_t extra_len, void *data, - int (*done)(struct lws_smtp_email *e, - void *buf, size_t len)); - -/** - * lws_smtp_client_add_email() - Add email to the list of ones being sent - * - * \param instance: smtp client + transport - * \param e: email to queue for sending on \p c - * - * Adds an email to the linked-list of emails to send - */ -LWS_VISIBLE LWS_EXTERN int -lws_smtp_client_add_email(lws_abs_t *instance, lws_smtp_email_t *e); - -/** - * lws_smtp_client_kick() - Request check for new email - * - * \param instance: instance to kick - * - * Gives smtp client a chance to move things on - */ -LWS_VISIBLE LWS_EXTERN void -lws_smtp_client_kick(lws_abs_t *instance); - -#endif -//@} diff --git a/include/libwebsockets/abstract/transports.h b/include/libwebsockets/abstract/transports.h deleted file mode 100644 index e0aebc3..0000000 --- a/include/libwebsockets/abstract/transports.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* - * Abstract transport ops - */ - -typedef struct lws_abs_transport { - const char *name; - int alloc; - - int (*create)(struct lws_abs *abs); - void (*destroy)(lws_abs_transport_inst_t **d); - - /* events the abstract protocol invokes (handled by transport) */ - - int (*tx)(lws_abs_transport_inst_t *d, uint8_t *buf, size_t len); - int (*client_conn)(const lws_abs_t *abs); - int (*close)(lws_abs_transport_inst_t *d); - int (*ask_for_writeable)(lws_abs_transport_inst_t *d); - int (*set_timeout)(lws_abs_transport_inst_t *d, int reason, int secs); - int (*state)(lws_abs_transport_inst_t *d); -} lws_abs_transport_t; - -/** - * lws_abs_protocol_get_by_name() - returns a pointer to the named protocol ops - * - * \param name: the name of the abstract protocol - * - * Returns a pointer to the named protocol ops struct if available, otherwise - * NULL. - */ -LWS_VISIBLE LWS_EXTERN const lws_abs_transport_t * -lws_abs_transport_get_by_name(const char *name); - -/* - * bring in public api pieces from transports - */ - -#include -#include diff --git a/include/libwebsockets/abstract/transports/raw-skt.h b/include/libwebsockets/abstract/transports/raw-skt.h deleted file mode 100644 index f35ecaf..0000000 --- a/include/libwebsockets/abstract/transports/raw-skt.h +++ /dev/null @@ -1,26 +0,0 @@ -/* - * libwebsockets - raw-skt abstract transport - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -enum { - LTMI_PEER_V_DNS_ADDRESS = LTMI_TRANSPORT_BASE, /* u.value */ - LTMI_PEER_LV_PORT, /* u.lvalue */ - LTMI_PEER_LV_TLS_FLAGS, /* u.lvalue */ -}; diff --git a/include/libwebsockets/abstract/transports/unit-test.h b/include/libwebsockets/abstract/transports/unit-test.h deleted file mode 100644 index 1527ec8..0000000 --- a/include/libwebsockets/abstract/transports/unit-test.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * libwebsockets include/libwebsockets/abstract/transports/unit-test.c - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is an abstract transport useful for unit testing abstract protocols. - * - * Instead of passing data anywhere, you give the transport a list of packets - * to deliver and packets you expect back from the abstract protocol it's - * bound to. - */ - -enum { - LWS_AUT_EXPECT_TEST_END = (1 << 0), - LWS_AUT_EXPECT_LOCAL_CLOSE = (1 << 1), - LWS_AUT_EXPECT_DO_REMOTE_CLOSE = (1 << 2), - LWS_AUT_EXPECT_TX /* expect this as tx from protocol */ = (1 << 3), - LWS_AUT_EXPECT_RX /* present this as rx to protocol */ = (1 << 4), - LWS_AUT_EXPECT_SHOULD_FAIL = (1 << 5), - LWS_AUT_EXPECT_SHOULD_TIMEOUT = (1 << 6), -}; - -typedef enum { - LPE_CONTINUE, - LPE_SUCCEEDED, - LPE_FAILED, - LPE_FAILED_UNEXPECTED_TIMEOUT, - LPE_FAILED_UNEXPECTED_PASS, - LPE_FAILED_UNEXPECTED_CLOSE, - LPE_SKIPPED, - LPE_CLOSING -} lws_unit_test_packet_disposition; - -typedef int (*lws_unit_test_packet_test_cb)(const void *cb_user, int disposition); -typedef int (*lws_unit_test_packet_cb)(lws_abs_t *instance); - -/* each step in the unit test */ - -typedef struct lws_unit_test_packet { - void *buffer; - lws_unit_test_packet_cb pre; - size_t len; - - uint32_t flags; -} lws_unit_test_packet_t; - -/* each unit test */ - -typedef struct lws_unit_test { - const char * name; /* NULL indicates end of test array */ - lws_unit_test_packet_t * expect_array; - int max_secs; -} lws_unit_test_t; - -enum { - LTMI_PEER_V_EXPECT_TEST = LTMI_TRANSPORT_BASE, /* u.value */ - LTMI_PEER_V_EXPECT_RESULT_CB, /* u.value */ - LTMI_PEER_V_EXPECT_RESULT_CB_ARG, /* u.value */ -}; - -LWS_VISIBLE LWS_EXTERN const char * -lws_unit_test_result_name(int in); - diff --git a/include/libwebsockets/lws-adopt.h b/include/libwebsockets/lws-adopt.h deleted file mode 100644 index 81d2811..0000000 --- a/include/libwebsockets/lws-adopt.h +++ /dev/null @@ -1,185 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup sock-adopt Socket adoption helpers - * ##Socket adoption helpers - * - * When integrating with an external app with its own event loop, these can - * be used to accept connections from someone else's listening socket. - * - * When using lws own event loop, these are not needed. - */ -///@{ - -/** - * lws_adopt_socket() - adopt foreign socket as if listen socket accepted it - * for the default vhost of context. - * - * \param context: lws context - * \param accept_fd: fd of already-accepted socket to adopt - * - * Either returns new wsi bound to accept_fd, or closes accept_fd and - * returns NULL, having cleaned up any new wsi pieces. - * - * LWS adopts the socket in http serving mode, it's ready to accept an upgrade - * to ws or just serve http. - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_adopt_socket(struct lws_context *context, lws_sockfd_type accept_fd); -/** - * lws_adopt_socket_vhost() - adopt foreign socket as if listen socket accepted - * it for vhost - * - * \param vh: lws vhost - * \param accept_fd: fd of already-accepted socket to adopt - * - * Either returns new wsi bound to accept_fd, or closes accept_fd and - * returns NULL, having cleaned up any new wsi pieces. - * - * LWS adopts the socket in http serving mode, it's ready to accept an upgrade - * to ws or just serve http. - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd); - -typedef enum { - LWS_ADOPT_RAW_FILE_DESC = 0, /* convenience constant */ - LWS_ADOPT_HTTP = 1, /* flag: absent implies RAW */ - LWS_ADOPT_SOCKET = 2, /* flag: absent implies file descr */ - LWS_ADOPT_ALLOW_SSL = 4, /* flag: if set requires LWS_ADOPT_SOCKET */ - LWS_ADOPT_FLAG_UDP = 16, /* flag: socket is UDP */ - LWS_ADOPT_FLAG_RAW_PROXY = 32, /* flag: raw proxy */ - - LWS_ADOPT_RAW_SOCKET_UDP = LWS_ADOPT_SOCKET | LWS_ADOPT_FLAG_UDP, -} lws_adoption_type; - -typedef union { - lws_sockfd_type sockfd; - lws_filefd_type filefd; -} lws_sock_file_fd_type; - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) -struct lws_udp { - struct sockaddr sa; - socklen_t salen; - - struct sockaddr sa_pending; - socklen_t salen_pending; -}; -#endif - -/** -* lws_adopt_descriptor_vhost() - adopt foreign socket or file descriptor -* if socket descriptor, should already have been accepted from listen socket -* -* \param vh: lws vhost -* \param type: OR-ed combinations of lws_adoption_type flags -* \param fd: union with either .sockfd or .filefd set -* \param vh_prot_name: NULL or vh protocol name to bind raw connection to -* \param parent: NULL or struct lws to attach new_wsi to as a child -* -* Either returns new wsi bound to accept_fd, or closes accept_fd and -* returns NULL, having cleaned up any new wsi pieces. -* -* If LWS_ADOPT_SOCKET is set, LWS adopts the socket in http serving mode, it's -* ready to accept an upgrade to ws or just serve http. -* -* parent may be NULL, if given it should be an existing wsi that will become the -* parent of the new wsi created by this call. -*/ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_adopt_descriptor_vhost(struct lws_vhost *vh, lws_adoption_type type, - lws_sock_file_fd_type fd, const char *vh_prot_name, - struct lws *parent); - -/** - * lws_adopt_socket_readbuf() - adopt foreign socket and first rx as if listen socket accepted it - * for the default vhost of context. - * \param context: lws context - * \param accept_fd: fd of already-accepted socket to adopt - * \param readbuf: NULL or pointer to data that must be drained before reading from - * accept_fd - * \param len: The length of the data held at \p readbuf - * - * Either returns new wsi bound to accept_fd, or closes accept_fd and - * returns NULL, having cleaned up any new wsi pieces. - * - * LWS adopts the socket in http serving mode, it's ready to accept an upgrade - * to ws or just serve http. - * - * If your external code did not already read from the socket, you can use - * lws_adopt_socket() instead. - * - * This api is guaranteed to use the data at \p readbuf first, before reading from - * the socket. - * - * \p readbuf is limited to the size of the ah rx buf, currently 2048 bytes. - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_adopt_socket_readbuf(struct lws_context *context, lws_sockfd_type accept_fd, - const char *readbuf, size_t len); -/** - * lws_adopt_socket_vhost_readbuf() - adopt foreign socket and first rx as if listen socket - * accepted it for vhost. - * \param vhost: lws vhost - * \param accept_fd: fd of already-accepted socket to adopt - * \param readbuf: NULL or pointer to data that must be drained before reading from accept_fd - * \param len: The length of the data held at \p readbuf - * - * Either returns new wsi bound to accept_fd, or closes accept_fd and - * returns NULL, having cleaned up any new wsi pieces. - * - * LWS adopts the socket in http serving mode, it's ready to accept an upgrade - * to ws or just serve http. - * - * If your external code did not already read from the socket, you can use - * lws_adopt_socket() instead. - * - * This api is guaranteed to use the data at \p readbuf first, before reading from - * the socket. - * - * \p readbuf is limited to the size of the ah rx buf, currently 2048 bytes. - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_adopt_socket_vhost_readbuf(struct lws_vhost *vhost, - lws_sockfd_type accept_fd, const char *readbuf, - size_t len); - -#define LWS_CAUDP_BIND 1 - -/** - * lws_create_adopt_udp() - create, bind and adopt a UDP socket - * - * \param vhost: lws vhost - * \param port: UDP port to bind to, -1 means unbound - * \param flags: 0 or LWS_CAUDP_NO_BIND - * \param protocol_name: Name of protocol on vhost to bind wsi to - * \param parent_wsi: NULL or parent wsi new wsi will be a child of - * - * Either returns new wsi bound to accept_fd, or closes accept_fd and - * returns NULL, having cleaned up any new wsi pieces. - * */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_create_adopt_udp(struct lws_vhost *vhost, int port, int flags, - const char *protocol_name, struct lws *parent_wsi); -///@} diff --git a/include/libwebsockets/lws-callbacks.h b/include/libwebsockets/lws-callbacks.h deleted file mode 100644 index 691f783..0000000 --- a/include/libwebsockets/lws-callbacks.h +++ /dev/null @@ -1,850 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup usercb User Callback - * - * ##User protocol callback - * - * The protocol callback is the primary way lws interacts with - * user code. For one of a list of a few dozen reasons the callback gets - * called at some event to be handled. - * - * All of the events can be ignored, returning 0 is taken as "OK" and returning - * nonzero in most cases indicates that the connection should be closed. - */ -///@{ - -struct lws_ssl_info { - int where; - int ret; -}; - -enum lws_cert_update_state { - LWS_CUS_IDLE, - LWS_CUS_STARTING, - LWS_CUS_SUCCESS, - LWS_CUS_FAILED, - - LWS_CUS_CREATE_KEYS, - LWS_CUS_REG, - LWS_CUS_AUTH, - LWS_CUS_CHALLENGE, - LWS_CUS_CREATE_REQ, - LWS_CUS_REQ, - LWS_CUS_CONFIRM, - LWS_CUS_ISSUE, -}; - -enum { - LWS_TLS_REQ_ELEMENT_COUNTRY, - LWS_TLS_REQ_ELEMENT_STATE, - LWS_TLS_REQ_ELEMENT_LOCALITY, - LWS_TLS_REQ_ELEMENT_ORGANIZATION, - LWS_TLS_REQ_ELEMENT_COMMON_NAME, - LWS_TLS_REQ_ELEMENT_EMAIL, - - LWS_TLS_REQ_ELEMENT_COUNT, - - LWS_TLS_SET_DIR_URL = LWS_TLS_REQ_ELEMENT_COUNT, - LWS_TLS_SET_AUTH_PATH, - LWS_TLS_SET_CERT_PATH, - LWS_TLS_SET_KEY_PATH, - - LWS_TLS_TOTAL_COUNT -}; - -struct lws_acme_cert_aging_args { - struct lws_vhost *vh; - const char *element_overrides[LWS_TLS_TOTAL_COUNT]; /* NULL = use pvo */ -}; - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -/** enum lws_callback_reasons - reason you're getting a protocol callback */ -enum lws_callback_reasons { - - /* --------------------------------------------------------------------- - * ----- Callbacks related to wsi and protocol binding lifecycle ----- - */ - - LWS_CALLBACK_PROTOCOL_INIT = 27, - /**< One-time call per protocol, per-vhost using it, so it can - * do initial setup / allocations etc */ - - LWS_CALLBACK_PROTOCOL_DESTROY = 28, - /**< One-time call per protocol, per-vhost using it, indicating - * this protocol won't get used at all after this callback, the - * vhost is getting destroyed. Take the opportunity to - * deallocate everything that was allocated by the protocol. */ - - LWS_CALLBACK_WSI_CREATE = 29, - /**< outermost (earliest) wsi create notification to protocols[0] */ - - LWS_CALLBACK_WSI_DESTROY = 30, - /**< outermost (latest) wsi destroy notification to protocols[0] */ - - - /* --------------------------------------------------------------------- - * ----- Callbacks related to Server TLS ----- - */ - - LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS = 21, - /**< if configured for - * including OpenSSL support, this callback allows your user code - * to perform extra SSL_CTX_load_verify_locations() or similar - * calls to direct OpenSSL where to find certificates the client - * can use to confirm the remote server identity. user is the - * OpenSSL SSL_CTX* */ - - LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS = 22, - /**< if configured for - * including OpenSSL support, this callback allows your user code - * to load extra certificates into the server which allow it to - * verify the validity of certificates returned by clients. user - * is the server's OpenSSL SSL_CTX* and in is the lws_vhost */ - - LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION = 23, - /**< if the libwebsockets vhost was created with the option - * LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT, then this - * callback is generated during OpenSSL verification of the cert - * sent from the client. It is sent to protocol[0] callback as - * no protocol has been negotiated on the connection yet. - * Notice that the libwebsockets context and wsi are both NULL - * during this callback. See - * http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html - * to understand more detail about the OpenSSL callback that - * generates this libwebsockets callback and the meanings of the - * arguments passed. In this callback, user is the x509_ctx, - * in is the ssl pointer and len is preverify_ok - * Notice that this callback maintains libwebsocket return - * conventions, return 0 to mean the cert is OK or 1 to fail it. - * This also means that if you don't handle this callback then - * the default callback action of returning 0 allows the client - * certificates. */ - - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY = 37, - /**< if configured for including OpenSSL support but no private key - * file has been specified (ssl_private_key_filepath is NULL), this is - * called to allow the user to set the private key directly via - * libopenssl and perform further operations if required; this might be - * useful in situations where the private key is not directly accessible - * by the OS, for example if it is stored on a smartcard. - * user is the server's OpenSSL SSL_CTX* */ - - LWS_CALLBACK_SSL_INFO = 67, - /**< SSL connections only. An event you registered an - * interest in at the vhost has occurred on a connection - * using the vhost. in is a pointer to a - * struct lws_ssl_info containing information about the - * event*/ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to Client TLS ----- - */ - - LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION = 58, - /**< Similar to LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION - * this callback is called during OpenSSL verification of the cert - * sent from the server to the client. It is sent to protocol[0] - * callback as no protocol has been negotiated on the connection yet. - * Notice that the wsi is set because lws_client_connect_via_info was - * successful. - * - * See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html - * to understand more detail about the OpenSSL callback that - * generates this libwebsockets callback and the meanings of the - * arguments passed. In this callback, user is the x509_ctx, - * in is the ssl pointer and len is preverify_ok. - * - * THIS IS NOT RECOMMENDED BUT if a cert validation error shall be - * overruled and cert shall be accepted as ok, - * X509_STORE_CTX_set_error((X509_STORE_CTX*)user, X509_V_OK); must be - * called and return value must be 0 to mean the cert is OK; - * returning 1 will fail the cert in any case. - * - * This also means that if you don't handle this callback then - * the default callback action of returning 0 will not accept the - * certificate in case of a validation error decided by the SSL lib. - * - * This is expected and secure behaviour when validating certificates. - * - * Note: LCCSCF_ALLOW_SELFSIGNED and - * LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK still work without this - * callback being implemented. - */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to HTTP Server ----- - */ - - LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED = 19, - /**< A new client has been accepted by the ws server. This - * callback allows setting any relevant property to it. Because this - * happens immediately after the instantiation of a new client, - * there's no websocket protocol selected yet so this callback is - * issued only to protocol 0. Only wsi is defined, pointing to the - * new client, and the return value is ignored. */ - - LWS_CALLBACK_HTTP = 12, - /**< an http request has come from a client that is not - * asking to upgrade the connection to a websocket - * one. This is a chance to serve http content, - * for example, to send a script to the client - * which will then open the websockets connection. - * in points to the URI path requested and - * lws_serve_http_file() makes it very - * simple to send back a file to the client. - * Normally after sending the file you are done - * with the http connection, since the rest of the - * activity will come by websockets from the script - * that was delivered by http, so you will want to - * return 1; to close and free up the connection. */ - - LWS_CALLBACK_HTTP_BODY = 13, - /**< the next len bytes data from the http - * request body HTTP connection is now available in in. */ - - LWS_CALLBACK_HTTP_BODY_COMPLETION = 14, - /**< the expected amount of http request body has been delivered */ - - LWS_CALLBACK_HTTP_FILE_COMPLETION = 15, - /**< a file requested to be sent down http link has completed. */ - - LWS_CALLBACK_HTTP_WRITEABLE = 16, - /**< you can write more down the http protocol link now. */ - - LWS_CALLBACK_CLOSED_HTTP = 5, - /**< when a HTTP (non-websocket) session ends */ - - LWS_CALLBACK_FILTER_HTTP_CONNECTION = 18, - /**< called when the request has - * been received and parsed from the client, but the response is - * not sent yet. Return non-zero to disallow the connection. - * user is a pointer to the connection user space allocation, - * in is the URI, eg, "/" - * In your handler you can use the public APIs - * lws_hdr_total_length() / lws_hdr_copy() to access all of the - * headers using the header enums lws_token_indexes from - * libwebsockets.h to check for and read the supported header - * presence and content before deciding to allow the http - * connection to proceed or to kill the connection. */ - - LWS_CALLBACK_ADD_HEADERS = 53, - /**< This gives your user code a chance to add headers to a server - * transaction bound to your protocol. `in` points to a - * `struct lws_process_html_args` describing a buffer and length - * you can add headers into using the normal lws apis. - * - * (see LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER to add headers to - * a client transaction) - * - * Only `args->p` and `args->len` are valid, and `args->p` should - * be moved on by the amount of bytes written, if any. Eg - * - * case LWS_CALLBACK_ADD_HEADERS: - * - * struct lws_process_html_args *args = - * (struct lws_process_html_args *)in; - * - * if (lws_add_http_header_by_name(wsi, - * (unsigned char *)"set-cookie:", - * (unsigned char *)cookie, cookie_len, - * (unsigned char **)&args->p, - * (unsigned char *)args->p + args->max_len)) - * return 1; - * - * break; - */ - - LWS_CALLBACK_CHECK_ACCESS_RIGHTS = 51, - /**< This gives the user code a chance to forbid an http access. - * `in` points to a `struct lws_process_html_args`, which - * describes the URL, and a bit mask describing the type of - * authentication required. If the callback returns nonzero, - * the transaction ends with HTTP_STATUS_UNAUTHORIZED. */ - - LWS_CALLBACK_PROCESS_HTML = 52, - /**< This gives your user code a chance to mangle outgoing - * HTML. `in` points to a `struct lws_process_html_args` - * which describes the buffer containing outgoing HTML. - * The buffer may grow up to `.max_len` (currently +128 - * bytes per buffer). - */ - - LWS_CALLBACK_HTTP_BIND_PROTOCOL = 49, - /**< By default, all HTTP handling is done in protocols[0]. - * However you can bind different protocols (by name) to - * different parts of the URL space using callback mounts. This - * callback occurs in the new protocol when a wsi is bound - * to that protocol. Any protocol allocation related to the - * http transaction processing should be created then. - * These specific callbacks are necessary because with HTTP/1.1, - * a single connection may perform at series of different - * transactions at different URLs, thus the lifetime of the - * protocol bind is just for one transaction, not connection. */ - - LWS_CALLBACK_HTTP_DROP_PROTOCOL = 50, - /**< This is called when a transaction is unbound from a protocol. - * It indicates the connection completed its transaction and may - * do something different now. Any protocol allocation related - * to the http transaction processing should be destroyed. */ - - LWS_CALLBACK_HTTP_CONFIRM_UPGRADE = 86, - /**< This is your chance to reject an HTTP upgrade action. The - * name of the protocol being upgraded to is in 'in', and the ah - * is still bound to the wsi, so you can look at the headers. - * - * The default of returning 0 (ie, also if not handled) means the - * upgrade may proceed. Return <0 to just hang up the connection, - * or >0 if you have rejected the connection by returning http headers - * and response code yourself. - * - * There is no need for you to call transaction_completed() as the - * caller will take care of it when it sees you returned >0. - */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to HTTP Client ----- - */ - - LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP = 44, - /**< The HTTP client connection has succeeded, and is now - * connected to the server */ - - LWS_CALLBACK_CLOSED_CLIENT_HTTP = 45, - /**< The HTTP client connection is closing */ - - LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ = 48, - /**< This is generated by lws_http_client_read() used to drain - * incoming data. In the case the incoming data was chunked, it will - * be split into multiple smaller callbacks for each chunk block, - * removing the chunk headers. If not chunked, it will appear all in - * one callback. */ - - LWS_CALLBACK_RECEIVE_CLIENT_HTTP = 46, - /**< This indicates data was received on the HTTP client connection. It - * does NOT actually drain or provide the data, so if you are doing - * http client, you MUST handle this and call lws_http_client_read(). - * Failure to deal with it as in the minimal examples may cause spinning - * around the event loop as it's continuously signalled the same data - * is available for read. The related minimal examples show how to - * handle it. - * - * It's possible to defer calling lws_http_client_read() if you use - * rx flow control to stop further rx handling on the connection until - * you did deal with it. But normally you would call it in the handler. - * - * lws_http_client_read() strips any chunked framing and calls back - * with only payload data to LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ. The - * chunking is the reason this is not just all done in one callback for - * http. - */ - LWS_CALLBACK_COMPLETED_CLIENT_HTTP = 47, - /**< The client transaction completed... at the moment this - * is the same as closing since transaction pipelining on - * client side is not yet supported. */ - - LWS_CALLBACK_CLIENT_HTTP_WRITEABLE = 57, - /**< when doing an HTTP type client connection, you can call - * lws_client_http_body_pending(wsi, 1) from - * LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER to get these callbacks - * sending the HTTP headers. - * - * From this callback, when you have sent everything, you should let - * lws know by calling lws_client_http_body_pending(wsi, 0) - */ - - LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL = 85, - LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL = 76, - - /* --------------------------------------------------------------------- - * ----- Callbacks related to Websocket Server ----- - */ - - LWS_CALLBACK_ESTABLISHED = 0, - /**< (VH) after the server completes a handshake with an incoming - * client. If you built the library with ssl support, in is a - * pointer to the ssl struct associated with the connection or NULL. - * - * b0 of len is set if the connection was made using ws-over-h2 - */ - - LWS_CALLBACK_CLOSED = 4, - /**< when the websocket session ends */ - - LWS_CALLBACK_SERVER_WRITEABLE = 11, - /**< See LWS_CALLBACK_CLIENT_WRITEABLE */ - - LWS_CALLBACK_RECEIVE = 6, - /**< data has appeared for this server endpoint from a - * remote client, it can be found at *in and is - * len bytes long */ - - LWS_CALLBACK_RECEIVE_PONG = 7, - /**< servers receive PONG packets with this callback reason */ - - LWS_CALLBACK_WS_PEER_INITIATED_CLOSE = 38, - /**< The peer has sent an unsolicited Close WS packet. in and - * len are the optional close code (first 2 bytes, network - * order) and the optional additional information which is not - * defined in the standard, and may be a string or non human-readable - * data. - * If you return 0 lws will echo the close and then close the - * connection. If you return nonzero lws will just close the - * connection. */ - - LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION = 20, - /**< called when the handshake has - * been received and parsed from the client, but the response is - * not sent yet. Return non-zero to disallow the connection. - * user is a pointer to the connection user space allocation, - * in is the requested protocol name - * In your handler you can use the public APIs - * lws_hdr_total_length() / lws_hdr_copy() to access all of the - * headers using the header enums lws_token_indexes from - * libwebsockets.h to check for and read the supported header - * presence and content before deciding to allow the handshake - * to proceed or to kill the connection. */ - - LWS_CALLBACK_CONFIRM_EXTENSION_OKAY = 25, - /**< When the server handshake code - * sees that it does support a requested extension, before - * accepting the extension by additing to the list sent back to - * the client it gives this callback just to check that it's okay - * to use that extension. It calls back to the requested protocol - * and with in being the extension name, len is 0 and user is - * valid. Note though at this time the ESTABLISHED callback hasn't - * happened yet so if you initialize user content there, user - * content during this callback might not be useful for anything. */ - - LWS_CALLBACK_WS_SERVER_BIND_PROTOCOL = 77, - LWS_CALLBACK_WS_SERVER_DROP_PROTOCOL = 78, - - /* --------------------------------------------------------------------- - * ----- Callbacks related to Websocket Client ----- - */ - - LWS_CALLBACK_CLIENT_CONNECTION_ERROR = 1, - /**< the request client connection has been unable to complete a - * handshake with the remote server. If in is non-NULL, you can - * find an error string of length len where it points to - * - * Diagnostic strings that may be returned include - * - * "getaddrinfo (ipv6) failed" - * "unknown address family" - * "getaddrinfo (ipv4) failed" - * "set socket opts failed" - * "insert wsi failed" - * "lws_ssl_client_connect1 failed" - * "lws_ssl_client_connect2 failed" - * "Peer hung up" - * "read failed" - * "HS: URI missing" - * "HS: Redirect code but no Location" - * "HS: URI did not parse" - * "HS: Redirect failed" - * "HS: Server did not return 200" - * "HS: OOM" - * "HS: disallowed by client filter" - * "HS: disallowed at ESTABLISHED" - * "HS: ACCEPT missing" - * "HS: ws upgrade response not 101" - * "HS: UPGRADE missing" - * "HS: Upgrade to something other than websocket" - * "HS: CONNECTION missing" - * "HS: UPGRADE malformed" - * "HS: PROTOCOL malformed" - * "HS: Cannot match protocol" - * "HS: EXT: list too big" - * "HS: EXT: failed setting defaults" - * "HS: EXT: failed parsing defaults" - * "HS: EXT: failed parsing options" - * "HS: EXT: Rejects server options" - * "HS: EXT: unknown ext" - * "HS: Accept hash wrong" - * "HS: Rejected by filter cb" - * "HS: OOM" - * "HS: SO_SNDBUF failed" - * "HS: Rejected at CLIENT_ESTABLISHED" - */ - - LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH = 2, - /**< this is the last chance for the client user code to examine the - * http headers and decide to reject the connection. If the - * content in the headers is interesting to the - * client (url, etc) it needs to copy it out at - * this point since it will be destroyed before - * the CLIENT_ESTABLISHED call */ - - LWS_CALLBACK_CLIENT_ESTABLISHED = 3, - /**< after your client connection completed the websocket upgrade - * handshake with the remote server */ - - LWS_CALLBACK_CLIENT_CLOSED = 75, - /**< when a client websocket session ends */ - - LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER = 24, - /**< this callback happens - * when a client handshake is being compiled. user is NULL, - * in is a char **, it's pointing to a char * which holds the - * next location in the header buffer where you can add - * headers, and len is the remaining space in the header buffer, - * which is typically some hundreds of bytes. So, to add a canned - * cookie, your handler code might look similar to: - * - * char **p = (char **)in, *end = (*p) + len; - * - * if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_COOKIE, - * (unsigned char)"a=b", 3, p, end)) - * return -1; - * - * See LWS_CALLBACK_ADD_HEADERS for adding headers to server - * transactions. - */ - - LWS_CALLBACK_CLIENT_RECEIVE = 8, - /**< data has appeared from the server for the client connection, it - * can be found at *in and is len bytes long */ - - LWS_CALLBACK_CLIENT_RECEIVE_PONG = 9, - /**< clients receive PONG packets with this callback reason */ - - LWS_CALLBACK_CLIENT_WRITEABLE = 10, - /**< If you call lws_callback_on_writable() on a connection, you will - * get one of these callbacks coming when the connection socket - * is able to accept another write packet without blocking. - * If it already was able to take another packet without blocking, - * you'll get this callback at the next call to the service loop - * function. Notice that CLIENTs get LWS_CALLBACK_CLIENT_WRITEABLE - * and servers get LWS_CALLBACK_SERVER_WRITEABLE. */ - - LWS_CALLBACK_CLIENT_CONFIRM_EXTENSION_SUPPORTED = 26, - /**< When a ws client - * connection is being prepared to start a handshake to a server, - * each supported extension is checked with protocols[0] callback - * with this reason, giving the user code a chance to suppress the - * claim to support that extension by returning non-zero. If - * unhandled, by default 0 will be returned and the extension - * support included in the header to the server. Notice this - * callback comes to protocols[0]. */ - - LWS_CALLBACK_WS_EXT_DEFAULTS = 39, - /**< Gives client connections an opportunity to adjust negotiated - * extension defaults. `user` is the extension name that was - * negotiated (eg, "permessage-deflate"). `in` points to a - * buffer and `len` is the buffer size. The user callback can - * set the buffer to a string describing options the extension - * should parse. Or just ignore for defaults. */ - - - LWS_CALLBACK_FILTER_NETWORK_CONNECTION = 17, - /**< called when a client connects to - * the server at network level; the connection is accepted but then - * passed to this callback to decide whether to hang up immediately - * or not, based on the client IP. in contains the connection - * socket's descriptor. Since the client connection information is - * not available yet, wsi still pointing to the main server socket. - * Return non-zero to terminate the connection before sending or - * receiving anything. Because this happens immediately after the - * network connection from the client, there's no websocket protocol - * selected yet so this callback is issued only to protocol 0. */ - - LWS_CALLBACK_WS_CLIENT_BIND_PROTOCOL = 79, - LWS_CALLBACK_WS_CLIENT_DROP_PROTOCOL = 80, - - /* --------------------------------------------------------------------- - * ----- Callbacks related to external poll loop integration ----- - */ - - LWS_CALLBACK_GET_THREAD_ID = 31, - /**< lws can accept callback when writable requests from other - * threads, if you implement this callback and return an opaque - * current thread ID integer. */ - - /* external poll() management support */ - LWS_CALLBACK_ADD_POLL_FD = 32, - /**< lws normally deals with its poll() or other event loop - * internally, but in the case you are integrating with another - * server you will need to have lws sockets share a - * polling array with the other server. This and the other - * POLL_FD related callbacks let you put your specialized - * poll array interface code in the callback for protocol 0, the - * first protocol you support, usually the HTTP protocol in the - * serving case. - * This callback happens when a socket needs to be - * added to the polling loop: in points to a struct - * lws_pollargs; the fd member of the struct is the file - * descriptor, and events contains the active events - * - * If you are using the internal lws polling / event loop - * you can just ignore these callbacks. */ - - LWS_CALLBACK_DEL_POLL_FD = 33, - /**< This callback happens when a socket descriptor - * needs to be removed from an external polling array. in is - * again the struct lws_pollargs containing the fd member - * to be removed. If you are using the internal polling - * loop, you can just ignore it. */ - - LWS_CALLBACK_CHANGE_MODE_POLL_FD = 34, - /**< This callback happens when lws wants to modify the events for - * a connection. - * in is the struct lws_pollargs with the fd to change. - * The new event mask is in events member and the old mask is in - * the prev_events member. - * If you are using the internal polling loop, you can just ignore - * it. */ - - LWS_CALLBACK_LOCK_POLL = 35, - /**< These allow the external poll changes driven - * by lws to participate in an external thread locking - * scheme around the changes, so the whole thing is threadsafe. - * These are called around three activities in the library, - * - inserting a new wsi in the wsi / fd table (len=1) - * - deleting a wsi from the wsi / fd table (len=1) - * - changing a wsi's POLLIN/OUT state (len=0) - * Locking and unlocking external synchronization objects when - * len == 1 allows external threads to be synchronized against - * wsi lifecycle changes if it acquires the same lock for the - * duration of wsi dereference from the other thread context. */ - - LWS_CALLBACK_UNLOCK_POLL = 36, - /**< See LWS_CALLBACK_LOCK_POLL, ignore if using lws internal poll */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to CGI serving ----- - */ - - LWS_CALLBACK_CGI = 40, - /**< CGI: CGI IO events on stdin / out / err are sent here on - * protocols[0]. The provided `lws_callback_http_dummy()` - * handles this and the callback should be directed there if - * you use CGI. */ - - LWS_CALLBACK_CGI_TERMINATED = 41, - /**< CGI: The related CGI process ended, this is called before - * the wsi is closed. Used to, eg, terminate chunking. - * The provided `lws_callback_http_dummy()` - * handles this and the callback should be directed there if - * you use CGI. The child PID that terminated is in len. */ - - LWS_CALLBACK_CGI_STDIN_DATA = 42, - /**< CGI: Data is, to be sent to the CGI process stdin, eg from - * a POST body. The provided `lws_callback_http_dummy()` - * handles this and the callback should be directed there if - * you use CGI. */ - - LWS_CALLBACK_CGI_STDIN_COMPLETED = 43, - /**< CGI: no more stdin is coming. The provided - * `lws_callback_http_dummy()` handles this and the callback - * should be directed there if you use CGI. */ - - LWS_CALLBACK_CGI_PROCESS_ATTACH = 70, - /**< CGI: Sent when the CGI process is spawned for the wsi. The - * len parameter is the PID of the child process */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to Generic Sessions ----- - */ - - LWS_CALLBACK_SESSION_INFO = 54, - /**< This is only generated by user code using generic sessions. - * It's used to get a `struct lws_session_info` filled in by - * generic sessions with information about the logged-in user. - * See the messageboard sample for an example of how to use. */ - - LWS_CALLBACK_GS_EVENT = 55, - /**< Indicates an event happened to the Generic Sessions session. - * `in` contains a `struct lws_gs_event_args` describing the event. */ - - LWS_CALLBACK_HTTP_PMO = 56, - /**< per-mount options for this connection, called before - * the normal LWS_CALLBACK_HTTP when the mount has per-mount - * options. - */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to RAW PROXY ----- - */ - - LWS_CALLBACK_RAW_PROXY_CLI_RX = 89, - /**< RAW mode client (outgoing) RX */ - - LWS_CALLBACK_RAW_PROXY_SRV_RX = 90, - /**< RAW mode server (listening) RX */ - - LWS_CALLBACK_RAW_PROXY_CLI_CLOSE = 91, - /**< RAW mode client (outgoing) is closing */ - - LWS_CALLBACK_RAW_PROXY_SRV_CLOSE = 92, - /**< RAW mode server (listening) is closing */ - - LWS_CALLBACK_RAW_PROXY_CLI_WRITEABLE = 93, - /**< RAW mode client (outgoing) may be written */ - - LWS_CALLBACK_RAW_PROXY_SRV_WRITEABLE = 94, - /**< RAW mode server (listening) may be written */ - - LWS_CALLBACK_RAW_PROXY_CLI_ADOPT = 95, - /**< RAW mode client (onward) accepted socket was adopted - * (equivalent to 'wsi created') */ - - LWS_CALLBACK_RAW_PROXY_SRV_ADOPT = 96, - /**< RAW mode server (listening) accepted socket was adopted - * (equivalent to 'wsi created') */ - - LWS_CALLBACK_RAW_PROXY_CLI_BIND_PROTOCOL = 97, - LWS_CALLBACK_RAW_PROXY_SRV_BIND_PROTOCOL = 98, - LWS_CALLBACK_RAW_PROXY_CLI_DROP_PROTOCOL = 99, - LWS_CALLBACK_RAW_PROXY_SRV_DROP_PROTOCOL = 100, - - - /* --------------------------------------------------------------------- - * ----- Callbacks related to RAW sockets ----- - */ - - LWS_CALLBACK_RAW_RX = 59, - /**< RAW mode connection RX */ - - LWS_CALLBACK_RAW_CLOSE = 60, - /**< RAW mode connection is closing */ - - LWS_CALLBACK_RAW_WRITEABLE = 61, - /**< RAW mode connection may be written */ - - LWS_CALLBACK_RAW_ADOPT = 62, - /**< RAW mode connection was adopted (equivalent to 'wsi created') */ - - LWS_CALLBACK_RAW_CONNECTED = 101, - /**< outgoing client RAW mode connection was connected */ - - LWS_CALLBACK_RAW_SKT_BIND_PROTOCOL = 81, - LWS_CALLBACK_RAW_SKT_DROP_PROTOCOL = 82, - - /* --------------------------------------------------------------------- - * ----- Callbacks related to RAW file handles ----- - */ - - LWS_CALLBACK_RAW_ADOPT_FILE = 63, - /**< RAW mode file was adopted (equivalent to 'wsi created') */ - - LWS_CALLBACK_RAW_RX_FILE = 64, - /**< This is the indication the RAW mode file has something to read. - * This doesn't actually do the read of the file and len is always - * 0... your code should do the read having been informed there is - * something to read now. */ - - LWS_CALLBACK_RAW_WRITEABLE_FILE = 65, - /**< RAW mode file is writeable */ - - LWS_CALLBACK_RAW_CLOSE_FILE = 66, - /**< RAW mode wsi that adopted a file is closing */ - - LWS_CALLBACK_RAW_FILE_BIND_PROTOCOL = 83, - LWS_CALLBACK_RAW_FILE_DROP_PROTOCOL = 84, - - /* --------------------------------------------------------------------- - * ----- Callbacks related to generic wsi events ----- - */ - - LWS_CALLBACK_TIMER = 73, - /**< When the time elapsed after a call to - * lws_set_timer_usecs(wsi, usecs) is up, the wsi will get one of - * these callbacks. The deadline can be continuously extended into the - * future by later calls to lws_set_timer_usecs() before the deadline - * expires, or cancelled by lws_set_timer_usecs(wsi, -1); - */ - - LWS_CALLBACK_EVENT_WAIT_CANCELLED = 71, - /**< This is sent to every protocol of every vhost in response - * to lws_cancel_service() or lws_cancel_service_pt(). This - * callback is serialized in the lws event loop normally, even - * if the lws_cancel_service[_pt]() call was from a different - * thread. */ - - LWS_CALLBACK_CHILD_CLOSING = 69, - /**< Sent to parent to notify them a child is closing / being - * destroyed. in is the child wsi. - */ - - /* --------------------------------------------------------------------- - * ----- Callbacks related to TLS certificate management ----- - */ - - LWS_CALLBACK_VHOST_CERT_AGING = 72, - /**< When a vhost TLS cert has its expiry checked, this callback - * is broadcast to every protocol of every vhost in case the - * protocol wants to take some action with this information. - * \p in is a pointer to a struct lws_acme_cert_aging_args, - * and \p len is the number of days left before it expires, as - * a (ssize_t). In the struct lws_acme_cert_aging_args, vh - * points to the vhost the cert aging information applies to, - * and element_overrides[] is an optional way to update information - * from the pvos... NULL in an index means use the information from - * from the pvo for the cert renewal, non-NULL in the array index - * means use that pointer instead for the index. */ - - LWS_CALLBACK_VHOST_CERT_UPDATE = 74, - /**< When a vhost TLS cert is being updated, progress is - * reported to the vhost in question here, including completion - * and failure. in points to optional JSON, and len represents the - * connection state using enum lws_cert_update_state */ - - - /****** add new things just above ---^ ******/ - - LWS_CALLBACK_USER = 1000, - /**< user code can use any including above without fear of clashes */ -}; - - - -/** - * typedef lws_callback_function() - User server actions - * \param wsi: Opaque websocket instance pointer - * \param reason: The reason for the call - * \param user: Pointer to per-session user data allocated by library - * \param in: Pointer used for some callback reasons - * \param len: Length set for some callback reasons - * - * This callback is the way the user controls what is served. All the - * protocol detail is hidden and handled by the library. - * - * For each connection / session there is user data allocated that is - * pointed to by "user". You set the size of this user data area when - * the library is initialized with lws_create_server. - */ -typedef int -lws_callback_function(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len); - -#define LWS_CB_REASON_AUX_BF__CGI 1 -#define LWS_CB_REASON_AUX_BF__PROXY 2 -#define LWS_CB_REASON_AUX_BF__CGI_CHUNK_END 4 -#define LWS_CB_REASON_AUX_BF__CGI_HEADERS 8 -#define LWS_CB_REASON_AUX_BF__PROXY_TRANS_END 16 -#define LWS_CB_REASON_AUX_BF__PROXY_HEADERS 32 -///@} diff --git a/include/libwebsockets/lws-cgi.h b/include/libwebsockets/lws-cgi.h deleted file mode 100644 index 7a5eca2..0000000 --- a/include/libwebsockets/lws-cgi.h +++ /dev/null @@ -1,103 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup cgi cgi handling - * - * ##CGI handling - * - * These functions allow low-level control over stdin/out/err of the cgi. - * - * However for most cases, binding the cgi to http in and out, the default - * lws implementation already does the right thing. - */ - -enum lws_enum_stdinouterr { - LWS_STDIN = 0, - LWS_STDOUT = 1, - LWS_STDERR = 2, -}; - -enum lws_cgi_hdr_state { - LCHS_HEADER, - LCHS_CR1, - LCHS_LF1, - LCHS_CR2, - LCHS_LF2, - LHCS_RESPONSE, - LHCS_DUMP_HEADERS, - LHCS_PAYLOAD, - LCHS_SINGLE_0A, -}; - -struct lws_cgi_args { - struct lws **stdwsi; /**< get fd with lws_get_socket_fd() */ - enum lws_enum_stdinouterr ch; /**< channel index */ - unsigned char *data; /**< for messages with payload */ - enum lws_cgi_hdr_state hdr_state; /**< track where we are in cgi headers */ - int len; /**< length */ -}; - -#ifdef LWS_WITH_CGI -/** - * lws_cgi: spawn network-connected cgi process - * - * \param wsi: connection to own the process - * \param exec_array: array of "exec-name" "arg1" ... "argn" NULL - * \param script_uri_path_len: how many chars on the left of the uri are the - * path to the cgi, or -1 to spawn without URL-related env vars - * \param timeout_secs: seconds script should be allowed to run - * \param mp_cgienv: pvo list with per-vhost cgi options to put in env - */ -LWS_VISIBLE LWS_EXTERN int -lws_cgi(struct lws *wsi, const char * const *exec_array, - int script_uri_path_len, int timeout_secs, - const struct lws_protocol_vhost_options *mp_cgienv); - -/** - * lws_cgi_write_split_stdout_headers: write cgi output accounting for header part - * - * \param wsi: connection to own the process - */ -LWS_VISIBLE LWS_EXTERN int -lws_cgi_write_split_stdout_headers(struct lws *wsi); - -/** - * lws_cgi_kill: terminate cgi process associated with wsi - * - * \param wsi: connection to own the process - */ -LWS_VISIBLE LWS_EXTERN int -lws_cgi_kill(struct lws *wsi); - -/** - * lws_cgi_get_stdwsi: get wsi for stdin, stdout, or stderr - * - * \param wsi: parent wsi that has cgi - * \param ch: which of LWS_STDIN, LWS_STDOUT or LWS_STDERR - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_cgi_get_stdwsi(struct lws *wsi, enum lws_enum_stdinouterr ch); - -#endif -///@} - diff --git a/include/libwebsockets/lws-client.h b/include/libwebsockets/lws-client.h deleted file mode 100644 index 2f1a2df..0000000 --- a/include/libwebsockets/lws-client.h +++ /dev/null @@ -1,244 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup client Client related functions - * ##Client releated functions - * \ingroup lwsapi - * - * */ -///@{ - -/** enum lws_client_connect_ssl_connection_flags - flags that may be used - * with struct lws_client_connect_info ssl_connection member to control if - * and how SSL checks apply to the client connection being created - */ - -enum lws_client_connect_ssl_connection_flags { - LCCSCF_USE_SSL = (1 << 0), - LCCSCF_ALLOW_SELFSIGNED = (1 << 1), - LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK = (1 << 2), - LCCSCF_ALLOW_EXPIRED = (1 << 3), - LCCSCF_ALLOW_INSECURE = (1 << 4), - - LCCSCF_PIPELINE = (1 << 16), - /**< Serialize / pipeline multiple client connections - * on a single connection where possible. - * - * HTTP/1.0: possible if Keep-Alive: yes sent by server - * HTTP/1.1: always possible... uses pipelining - * HTTP/2: always possible... uses parallel streams - * */ -}; - -/** struct lws_client_connect_info - parameters to connect with when using - * lws_client_connect_via_info() */ - -struct lws_client_connect_info { - struct lws_context *context; - /**< lws context to create connection in */ - const char *address; - /**< remote address to connect to */ - int port; - /**< remote port to connect to */ - int ssl_connection; - /**< 0, or a combination of LCCSCF_ flags */ - const char *path; - /**< uri path */ - const char *host; - /**< content of host header */ - const char *origin; - /**< content of origin header */ - const char *protocol; - /**< list of ws protocols we could accept */ - int ietf_version_or_minus_one; - /**< deprecated: currently leave at 0 or -1 */ - void *userdata; - /**< if non-NULL, use this as wsi user_data instead of malloc it */ - const void *client_exts; - /**< UNUSED... provide in info.extensions at context creation time */ - const char *method; - /**< if non-NULL, do this http method instead of ws[s] upgrade. - * use "GET" to be a simple http client connection. "RAW" gets - * you a connected socket that lws itself will leave alone once - * connected. */ - struct lws *parent_wsi; - /**< if another wsi is responsible for this connection, give it here. - * this is used to make sure if the parent closes so do any - * child connections first. */ - const char *uri_replace_from; - /**< if non-NULL, when this string is found in URIs in - * text/html content-encoding, it's replaced with uri_replace_to */ - const char *uri_replace_to; - /**< see uri_replace_from */ - struct lws_vhost *vhost; - /**< vhost to bind to (used to determine related SSL_CTX) */ - struct lws **pwsi; - /**< if not NULL, store the new wsi here early in the connection - * process. Although we return the new wsi, the call to create the - * client connection does progress the connection somewhat and may - * meet an error that will result in the connection being scrubbed and - * NULL returned. While the wsi exists though, he may process a - * callback like CLIENT_CONNECTION_ERROR with his wsi: this gives the - * user callback a way to identify which wsi it is that faced the error - * even before the new wsi is returned and even if ultimately no wsi - * is returned. - */ - const char *iface; - /**< NULL to allow routing on any interface, or interface name or IP - * to bind the socket to */ - const char *local_protocol_name; - /**< NULL: .protocol is used both to select the local protocol handler - * to bind to and as the list of remote ws protocols we could - * accept. - * non-NULL: this protocol name is used to bind the connection to - * the local protocol handler. .protocol is used for the - * list of remote ws protocols we could accept */ - const char *alpn; - /**< NULL: allow lws default ALPN list, from vhost if present or from - * list of roles built into lws - * non-NULL: require one from provided comma-separated list of alpn - * tokens - */ - - lws_seq_t *seq; - /**< NULL, or an lws_seq_t that wants to be given messages about - * this wsi's lifecycle as it connects, errors or closes. - */ - - void *opaque_user_data; - /**< This data has no meaning to lws but is applied to the client wsi - * and can be retrieved by user code with lws_get_opaque_user_data(). - * It's also provided with sequencer messages if the wsi is bound to - * an lws_seq_t. - */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility - * - * The below is to ensure later library versions with new - * members added above will see 0 (default) even if the app - * was not built against the newer headers. - */ - - void *_unused[4]; /**< dummy */ -}; - -/** - * lws_client_connect_via_info() - Connect to another websocket server - * \param ccinfo: pointer to lws_client_connect_info struct - * - * This function creates a connection to a remote server using the - * information provided in ccinfo. - */ -LWS_VISIBLE LWS_EXTERN struct lws * -lws_client_connect_via_info(const struct lws_client_connect_info *ccinfo); - -/** - * lws_init_vhost_client_ssl() - also enable client SSL on an existing vhost - * - * \param info: client ssl related info - * \param vhost: which vhost to initialize client ssl operations on - * - * You only need to call this if you plan on using SSL client connections on - * the vhost. For non-SSL client connections, it's not necessary to call this. - * - * The following members of info are used during the call - * - * - options must have LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT set, - * otherwise the call does nothing - * - provided_client_ssl_ctx must be NULL to get a generated client - * ssl context, otherwise you can pass a prepared one in by setting it - * - ssl_cipher_list may be NULL or set to the client valid cipher list - * - ssl_ca_filepath may be NULL or client cert filepath - * - ssl_cert_filepath may be NULL or client cert filepath - * - ssl_private_key_filepath may be NULL or client cert private key - * - * You must create your vhost explicitly if you want to use this, so you have - * a pointer to the vhost. Create the context first with the option flag - * LWS_SERVER_OPTION_EXPLICIT_VHOSTS and then call lws_create_vhost() with - * the same info struct. - */ -LWS_VISIBLE LWS_EXTERN int -lws_init_vhost_client_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost); -/** - * lws_http_client_read() - consume waiting received http client data - * - * \param wsi: client connection - * \param buf: pointer to buffer pointer - fill with pointer to your buffer - * \param len: pointer to chunk length - fill with max length of buffer - * - * This is called when the user code is notified client http data has arrived. - * The user code may choose to delay calling it to consume the data, for example - * waiting until an onward connection is writeable. - * - * For non-chunked connections, up to len bytes of buf are filled with the - * received content. len is set to the actual amount filled before return. - * - * For chunked connections, the linear buffer content contains the chunking - * headers and it cannot be passed in one lump. Instead, this function will - * call back LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ with in pointing to the - * chunk start and len set to the chunk length. There will be as many calls - * as there are chunks or partial chunks in the buffer. - */ -LWS_VISIBLE LWS_EXTERN int -lws_http_client_read(struct lws *wsi, char **buf, int *len); - -/** - * lws_http_client_http_response() - get last HTTP response code - * - * \param wsi: client connection - * - * Returns the last server response code, eg, 200 for client http connections. - * - * You should capture this during the LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP - * callback, because after that the memory reserved for storing the related - * headers is freed and this value is lost. - */ -LWS_VISIBLE LWS_EXTERN unsigned int -lws_http_client_http_response(struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN void -lws_client_http_body_pending(struct lws *wsi, int something_left_to_send); - -/** - * lws_client_http_body_pending() - control if client connection neeeds to send body - * - * \param wsi: client connection - * \param something_left_to_send: nonzero if need to send more body, 0 (default) - * if nothing more to send - * - * If you will send payload data with your HTTP client connection, eg, for POST, - * when you set the related http headers in - * LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER callback you should also call - * this API with something_left_to_send nonzero, and call - * lws_callback_on_writable(wsi); - * - * After sending the headers, lws will call your callback with - * LWS_CALLBACK_CLIENT_HTTP_WRITEABLE reason when writable. You can send the - * next part of the http body payload, calling lws_callback_on_writable(wsi); - * if there is more to come, or lws_client_http_body_pending(wsi, 0); to - * let lws know the last part is sent and the connection can move on. - */ - -///@} diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h deleted file mode 100644 index bf4710b..0000000 --- a/include/libwebsockets/lws-context-vhost.h +++ /dev/null @@ -1,1069 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup context-and-vhost context and vhost related functions - * ##Context and Vhost releated functions - * \ingroup lwsapi - * - * - * LWS requires that there is one context, in which you may define multiple - * vhosts. Each vhost is a virtual host, with either its own listen port - * or sharing an existing one. Each vhost has its own SSL context that can - * be set up individually or left disabled. - * - * If you don't care about multiple "site" support, you can ignore it and - * lws will create a single default vhost at context creation time. - */ -///@{ - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ - -/** enum lws_context_options - context and vhost options */ -enum lws_context_options { - LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT = (1 << 1) | - (1 << 12), - /**< (VH) Don't allow the connection unless the client has a - * client cert that we recognize; provides - * LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT */ - LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME = (1 << 2), - /**< (CTX) Don't try to get the server's hostname */ - LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT = (1 << 3) | - (1 << 12), - /**< (VH) Allow non-SSL (plaintext) connections on the same - * port as SSL is listening. If combined with - * LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS it will try to - * force http connections on an https listener (eg, http://x.com:443) to - * redirect to an explicit https connection (eg, https://x.com) - */ - LWS_SERVER_OPTION_LIBEV = (1 << 4), - /**< (CTX) Use libev event loop */ - LWS_SERVER_OPTION_DISABLE_IPV6 = (1 << 5), - /**< (VH) Disable IPV6 support */ - LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS = (1 << 6), - /**< (VH) Don't load OS CA certs, you will need to load your - * own CA cert(s) */ - LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED = (1 << 7), - /**< (VH) Accept connections with no valid Cert (eg, selfsigned) */ - LWS_SERVER_OPTION_VALIDATE_UTF8 = (1 << 8), - /**< (VH) Check UT-8 correctness */ - LWS_SERVER_OPTION_SSL_ECDH = (1 << 9) | - (1 << 12), - /**< (VH) initialize ECDH ciphers */ - LWS_SERVER_OPTION_LIBUV = (1 << 10), - /**< (CTX) Use libuv event loop */ - LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS = (1 << 11) | - (1 << 12), - /**< (VH) Use an http redirect to force the client to ask for https. - * Notice if your http server issues the STS header and the client has - * ever seen that, the client will fail the http connection before it - * can actually do the redirect. - * - * Combine with LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS to handle, eg, - * http://x.com:443 -> https://x.com - * - * (deprecated: use mount redirection) */ - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT = (1 << 12), - /**< (CTX) Initialize the SSL library at all */ - LWS_SERVER_OPTION_EXPLICIT_VHOSTS = (1 << 13), - /**< (CTX) Only create the context when calling context - * create api, implies user code will create its own vhosts */ - LWS_SERVER_OPTION_UNIX_SOCK = (1 << 14), - /**< (VH) Use Unix socket */ - LWS_SERVER_OPTION_STS = (1 << 15), - /**< (VH) Send Strict Transport Security header, making - * clients subsequently go to https even if user asked for http */ - LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY = (1 << 16), - /**< (VH) Enable LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE to take effect */ - LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE = (1 << 17), - /**< (VH) if set, only ipv6 allowed on the vhost */ - LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN = (1 << 18), - /**< (CTX) Libuv only: Do not spin on SIGSEGV / SIGFPE. A segfault - * normally makes the lib spin so you can attach a debugger to it - * even if it happened without a debugger in place. You can disable - * that by giving this option. - */ - LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN = (1 << 19), - /**< For backwards-compatibility reasons, by default - * lws prepends "http://" to the origin you give in the client - * connection info struct. If you give this flag when you create - * the context, only the string you give in the client connect - * info for .origin (if any) will be used directly. - */ - LWS_SERVER_OPTION_FALLBACK_TO_RAW /* use below name */ = (1 << 20), - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG= (1 << 20), - /**< (VH) if invalid http is coming in the first line, then abandon - * trying to treat the connection as http, and belatedly apply the - * .listen_accept_role / .listen_accept_protocol info struct members to - * the connection. If they are NULL, for backwards-compatibility the - * connection is bound to "raw-skt" role, and in order of priority: - * 1) the vh protocol with a pvo named "raw", 2) the vh protocol with a - * pvo named "default", or 3) protocols[0]. - * - * Must be combined with LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT - * to work with a socket listening with tls. - */ - - LWS_SERVER_OPTION_LIBEVENT = (1 << 21), - /**< (CTX) Use libevent event loop */ - - LWS_SERVER_OPTION_ONLY_RAW /* Use below name instead */ = (1 << 22), - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG = (1 << 22), - /**< (VH) All connections to this vhost / port are bound to the - * role and protocol given in .listen_accept_role / - * .listen_accept_protocol. - * - * If those explicit user-controlled names are NULL, for backwards- - * compatibility the connection is bound to "raw-skt" role, and in order - * of priority: 1) the vh protocol with a pvo named "raw", 2) the vh - * protocol with a pvo named "default", or 3) protocols[0]. - * - * It's much preferred to specify the role + protocol using the - * .listen_accept_role and .listen_accept_protocol in the info struct. - */ - LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE = (1 << 23), - /**< (VH) Set to allow multiple listen sockets on one interface + - * address + port. The default is to strictly allow only one - * listen socket at a time. This is automatically selected if you - * have multiple service threads. Linux only. - */ - LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX = (1 << 24), - /**< (VH) Force setting up the vhost SSL_CTX, even though the user - * code doesn't explicitly provide a cert in the info struct. It - * implies the user code is going to provide a cert at the - * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback, which - * provides the vhost SSL_CTX * in the user parameter. - */ - LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT = (1 << 25), - /**< (VH) You probably don't want this. It forces this vhost to not - * call LWS_CALLBACK_PROTOCOL_INIT on its protocols. It's used in the - * special case of a temporary vhost bound to a single protocol. - */ - LWS_SERVER_OPTION_IGNORE_MISSING_CERT = (1 << 26), - /**< (VH) Don't fail if the vhost TLS cert or key are missing, just - * continue. The vhost won't be able to serve anything, but if for - * example the ACME plugin was configured to fetch a cert, this lets - * you bootstrap your vhost from having no cert to start with. - */ - LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK = (1 << 27), - /**< (VH) On this vhost, if the connection is being upgraded, insist - * that there's a Host: header and that the contents match the vhost - * name + port (443 / 80 are assumed if no :port given based on if the - * connection is using TLS). - * - * By default, without this flag, on upgrade lws just checks that the - * Host: header was given without checking the contents... this is to - * allow lax hostname mappings like localhost / 127.0.0.1, and CNAME - * mappings like www.mysite.com / mysite.com - */ - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE = (1 << 28), - /**< (VH) Send lws default HTTP headers recommended by Mozilla - * Observatory for security. This is a helper option that sends canned - * headers on each http response enabling a VERY strict Content Security - * Policy. The policy is so strict, for example it won't let the page - * run its own inline JS nor show images or take CSS from a different - * server. In many cases your JS only comes from your server as do the - * image sources and CSS, so that is what you want... attackers hoping - * to inject JS into your DOM are completely out of luck since even if - * they succeed, it will be rejected for execution by the browser - * according to the strict CSP. In other cases you have to deviate from - * the complete strictness, in which case don't use this flag: use the - * .headers member in the vhost init described in struct - * lws_context_creation_info instead to send the adapted headers - * yourself. - */ - - LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER = (1 << 29), - /**< (VH) If you really want to allow HTTP connections on a tls - * listener, you can do it with this combined with - * LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT. But this is allowing - * accidental loss of the security assurances provided by tls depending - * on the client using http when he meant https... it's not - * recommended. - */ - LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND = (1 << 30), - /**< (VH) When instantiating a new vhost and the specified port is - * already in use, a null value shall be return to signal the error. - */ - - LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW = (1 << 31), - /**< (VH) Indicates the connections using this vhost should ignore - * h2 WINDOW_UPDATE from broken peers and fix them up */ - - /****** add new things just above ---^ ******/ -}; - -#define lws_check_opt(c, f) (((c) & (f)) == (f)) - -struct lws_plat_file_ops; - -/** struct lws_context_creation_info - parameters to create context and /or vhost with - * - * This is also used to create vhosts.... if LWS_SERVER_OPTION_EXPLICIT_VHOSTS - * is not given, then for backwards compatibility one vhost is created at - * context-creation time using the info from this struct. - * - * If LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, then no vhosts are created - * at the same time as the context, they are expected to be created afterwards. - */ -struct lws_context_creation_info { - int port; - /**< VHOST: Port to listen on. Use CONTEXT_PORT_NO_LISTEN to suppress - * listening for a client. Use CONTEXT_PORT_NO_LISTEN_SERVER if you are - * writing a server but you are using \ref sock-adopt instead of the - * built-in listener. - * - * You can also set port to 0, in which case the kernel will pick - * a random port that is not already in use. You can find out what - * port the vhost is listening on using lws_get_vhost_listen_port() */ - const char *iface; - /**< VHOST: NULL to bind the listen socket to all interfaces, or the - * interface name, eg, "eth2" - * If options specifies LWS_SERVER_OPTION_UNIX_SOCK, this member is - * the pathname of a UNIX domain socket. you can use the UNIX domain - * sockets in abstract namespace, by prepending an at symbol to the - * socket name. */ - const struct lws_protocols *protocols; - /**< VHOST: Array of structures listing supported protocols and a - * protocol-specific callback for each one. The list is ended with an - * entry that has a NULL callback pointer. SEE ALSO .pprotocols below, - * which gives an alternative way to provide an array of pointers to - * protocol structs. */ - const struct lws_extension *extensions; - /**< VHOST: NULL or array of lws_extension structs listing the - * extensions this context supports. */ - const struct lws_token_limits *token_limits; - /**< CONTEXT: NULL or struct lws_token_limits pointer which is - * initialized with a token length limit for each possible WSI_TOKEN_ */ - const char *ssl_private_key_password; - /**< VHOST: NULL or the passphrase needed for the private key. (For - * backwards compatibility, this can also be used to pass the client - * cert passphrase when setting up a vhost client SSL context, but it is - * preferred to use .client_ssl_private_key_password for that.) */ - const char *ssl_cert_filepath; - /**< VHOST: If libwebsockets was compiled to use ssl, and you want - * to listen using SSL, set to the filepath to fetch the - * server cert from, otherwise NULL for unencrypted. (For backwards - * compatibility, this can also be used to pass the client certificate - * when setting up a vhost client SSL context, but it is preferred to - * use .client_ssl_cert_filepath for that.) - * - * Notice you can alternatively set a single DER or PEM from a memory - * buffer as the vhost tls cert using \p server_ssl_cert_mem and - * \p server_ssl_cert_mem_len. - */ - const char *ssl_private_key_filepath; - /**< VHOST: filepath to private key if wanting SSL mode; - * if this is set to NULL but ssl_cert_filepath is set, the - * OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY callback is called - * to allow setting of the private key directly via openSSL - * library calls. (For backwards compatibility, this can also be used - * to pass the client cert private key filepath when setting up a - * vhost client SSL context, but it is preferred to use - * .client_ssl_private_key_filepath for that.) - * - * Notice you can alternatively set a DER or PEM private key from a - * memory buffer as the vhost tls private key using - * \p server_ssl_private_key_mem and \p server_ssl_private_key_mem_len. - */ - const char *ssl_ca_filepath; - /**< VHOST: CA certificate filepath or NULL. (For backwards - * compatibility, this can also be used to pass the client CA - * filepath when setting up a vhost client SSL context, - * but it is preferred to use .client_ssl_ca_filepath for that.) - * - * Notice you can alternatively set a DER or PEM CA cert from a memory - * buffer using \p server_ssl_ca_mem and \p server_ssl_ca_mem_len. - */ - const char *ssl_cipher_list; - /**< VHOST: List of valid ciphers to use ON TLS1.2 AND LOWER ONLY (eg, - * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" - * or you can leave it as NULL to get "DEFAULT" (For backwards - * compatibility, this can also be used to pass the client cipher - * list when setting up a vhost client SSL context, - * but it is preferred to use .client_ssl_cipher_list for that.) - * SEE .tls1_3_plus_cipher_list and .client_tls_1_3_plus_cipher_list - * for the equivalent for tls1.3. - */ - const char *http_proxy_address; - /**< VHOST: If non-NULL, attempts to proxy via the given address. - * If proxy auth is required, use format - * "username:password\@server:port" */ - unsigned int http_proxy_port; - /**< VHOST: If http_proxy_address was non-NULL, uses this port */ - int gid; - /**< CONTEXT: group id to change to after setting listen socket, - * or -1. See also .username below. */ - int uid; - /**< CONTEXT: user id to change to after setting listen socket, - * or -1. See also .groupname below. */ - unsigned int options; - /**< VHOST + CONTEXT: 0, or LWS_SERVER_OPTION_... bitfields */ - void *user; - /**< VHOST + CONTEXT: optional user pointer that will be associated - * with the context when creating the context (and can be retrieved by - * lws_context_user(context), or with the vhost when creating the vhost - * (and can be retrieved by lws_vhost_user(vhost)). You will need to - * use LWS_SERVER_OPTION_EXPLICIT_VHOSTS and create the vhost separately - * if you care about giving the context and vhost different user pointer - * values. - */ - int ka_time; - /**< CONTEXT: 0 for no TCP keepalive, otherwise apply this keepalive - * timeout to all libwebsocket sockets, client or server */ - int ka_probes; - /**< CONTEXT: if ka_time was nonzero, after the timeout expires how many - * times to try to get a response from the peer before giving up - * and killing the connection */ - int ka_interval; - /**< CONTEXT: if ka_time was nonzero, how long to wait before each ka_probes - * attempt */ -#if defined(LWS_WITH_TLS) && !defined(LWS_WITH_MBEDTLS) - SSL_CTX *provided_client_ssl_ctx; - /**< CONTEXT: If non-null, swap out libwebsockets ssl - * implementation for the one provided by provided_ssl_ctx. - * Libwebsockets no longer is responsible for freeing the context - * if this option is selected. */ -#else /* maintain structure layout either way */ - void *provided_client_ssl_ctx; /**< dummy if ssl disabled */ -#endif - - unsigned short max_http_header_data; - /**< CONTEXT: The max amount of header payload that can be handled - * in an http request (unrecognized header payload is dropped) */ - unsigned short max_http_header_pool; - /**< CONTEXT: The max number of connections with http headers that - * can be processed simultaneously (the corresponding memory is - * allocated and deallocated dynamically as needed). If the pool is - * fully busy new incoming connections must wait for accept until one - * becomes free. 0 = allow as many ah as number of availble fds for - * the process */ - - unsigned int count_threads; - /**< CONTEXT: how many contexts to create in an array, 0 = 1 */ - unsigned int fd_limit_per_thread; - /**< CONTEXT: nonzero means restrict each service thread to this - * many fds, 0 means the default which is divide the process fd - * limit by the number of threads. - * - * Note if this is nonzero, and fd_limit_per_thread multiplied by the - * number of service threads is less than the process ulimit, then lws - * restricts internal lookup table allocation to the smaller size, and - * switches to a less efficient lookup scheme. You should use this to - * trade off speed against memory usage if you know the lws context - * will only use a handful of fds. - * - * Bear in mind lws may use some fds internally, for example for the - * cancel pipe, so you may need to allow for some extras for normal - * operation. - */ - unsigned int timeout_secs; - /**< VHOST: various processes involving network roundtrips in the - * library are protected from hanging forever by timeouts. If - * nonzero, this member lets you set the timeout used in seconds. - * Otherwise a default timeout is used. */ - const char *ecdh_curve; - /**< VHOST: if NULL, defaults to initializing server with - * "prime256v1" */ - const char *vhost_name; - /**< VHOST: name of vhost, must match external DNS name used to - * access the site, like "warmcat.com" as it's used to match - * Host: header and / or SNI name for SSL. */ - const char * const *plugin_dirs; - /**< CONTEXT: NULL, or NULL-terminated array of directories to - * scan for lws protocol plugins at context creation time */ - const struct lws_protocol_vhost_options *pvo; - /**< VHOST: pointer to optional linked list of per-vhost - * options made accessible to protocols */ - int keepalive_timeout; - /**< VHOST: (default = 0 = 5s) seconds to allow remote - * client to hold on to an idle HTTP/1.1 connection */ - const char *log_filepath; - /**< VHOST: filepath to append logs to... this is opened before - * any dropping of initial privileges */ - const struct lws_http_mount *mounts; - /**< VHOST: optional linked list of mounts for this vhost */ - const char *server_string; - /**< CONTEXT: string used in HTTP headers to identify server - * software, if NULL, "libwebsockets". */ - unsigned int pt_serv_buf_size; - /**< CONTEXT: 0 = default of 4096. This buffer is used by - * various service related features including file serving, it - * defines the max chunk of file that can be sent at once. - * At the risk of lws having to buffer failed large sends, it - * can be increased to, eg, 128KiB to improve throughput. */ - unsigned int max_http_header_data2; - /**< CONTEXT: if max_http_header_data is 0 and this - * is nonzero, this will be used in place of the default. It's - * like this for compatibility with the original short version, - * this is unsigned int length. */ - long ssl_options_set; - /**< VHOST: Any bits set here will be set as server SSL options */ - long ssl_options_clear; - /**< VHOST: Any bits set here will be cleared as server SSL options */ - unsigned short ws_ping_pong_interval; - /**< CONTEXT: 0 for none, else interval in seconds between sending - * PINGs on idle websocket connections. When the PING is sent, - * the PONG must come within the normal timeout_secs timeout period - * or the connection will be dropped. - * Any RX or TX traffic on the connection restarts the interval timer, - * so a connection which always sends or receives something at intervals - * less than the interval given here will never send PINGs / expect - * PONGs. Conversely as soon as the ws connection is established, an - * idle connection will do the PING / PONG roundtrip as soon as - * ws_ping_pong_interval seconds has passed without traffic - */ - const struct lws_protocol_vhost_options *headers; - /**< VHOST: pointer to optional linked list of per-vhost - * canned headers that are added to server responses */ - - const struct lws_protocol_vhost_options *reject_service_keywords; - /**< CONTEXT: Optional list of keywords and rejection codes + text. - * - * The keywords are checked for existing in the user agent string. - * - * Eg, "badrobot" "404 Not Found" - */ - void *external_baggage_free_on_destroy; - /**< CONTEXT: NULL, or pointer to something externally malloc'd, that - * should be freed when the context is destroyed. This allows you to - * automatically sync the freeing action to the context destruction - * action, so there is no need for an external free() if the context - * succeeded to create. - */ - - const char *client_ssl_private_key_password; - /**< VHOST: Client SSL context init: NULL or the passphrase needed - * for the private key */ - const char *client_ssl_cert_filepath; - /**< VHOST: Client SSL context init: The certificate the client - * should present to the peer on connection */ - const void *client_ssl_cert_mem; - /**< VHOST: Client SSL context init: client certificate memory buffer or - * NULL... use this to load client cert from memory instead of file */ - unsigned int client_ssl_cert_mem_len; - /**< VHOST: Client SSL context init: length of client_ssl_cert_mem in - * bytes */ - const char *client_ssl_private_key_filepath; - /**< VHOST: Client SSL context init: filepath to client private key - * if this is set to NULL but client_ssl_cert_filepath is set, you - * can handle the LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS - * callback of protocols[0] to allow setting of the private key directly - * via tls library calls */ - const char *client_ssl_ca_filepath; - /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ - const void *client_ssl_ca_mem; - /**< VHOST: Client SSL context init: CA certificate memory buffer or - * NULL... use this to load CA cert from memory instead of file */ - unsigned int client_ssl_ca_mem_len; - /**< VHOST: Client SSL context init: length of client_ssl_ca_mem in - * bytes */ - - const char *client_ssl_cipher_list; - /**< VHOST: Client SSL context init: List of valid ciphers to use (eg, - * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" - * or you can leave it as NULL to get "DEFAULT" */ - - const struct lws_plat_file_ops *fops; - /**< CONTEXT: NULL, or pointer to an array of fops structs, terminated - * by a sentinel with NULL .open. - * - * If NULL, lws provides just the platform file operations struct for - * backwards compatibility. - */ - int simultaneous_ssl_restriction; - /**< CONTEXT: 0 (no limit) or limit of simultaneous SSL sessions - * possible.*/ - const char *socks_proxy_address; - /**< VHOST: If non-NULL, attempts to proxy via the given address. - * If proxy auth is required, use format - * "username:password\@server:port" */ - unsigned int socks_proxy_port; - /**< VHOST: If socks_proxy_address was non-NULL, uses this port */ -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) - cap_value_t caps[4]; - /**< CONTEXT: array holding Linux capabilities you want to - * continue to be available to the server after it transitions - * to a noprivileged user. Usually none are needed but for, eg, - * .bind_iface, CAP_NET_RAW is required. This gives you a way - * to still have the capability but drop root. - */ - char count_caps; - /**< CONTEXT: count of Linux capabilities in .caps[]. 0 means - * no capabilities will be inherited from root (the default) */ -#endif - int bind_iface; - /**< VHOST: nonzero to strictly bind sockets to the interface name in - * .iface (eg, "eth2"), using SO_BIND_TO_DEVICE. - * - * Requires SO_BINDTODEVICE support from your OS and CAP_NET_RAW - * capability. - * - * Notice that common things like access network interface IP from - * your local machine use your lo / loopback interface and will be - * disallowed by this. - */ - int ssl_info_event_mask; - /**< VHOST: mask of ssl events to be reported on LWS_CALLBACK_SSL_INFO - * callback for connections on this vhost. The mask values are of - * the form SSL_CB_ALERT, defined in openssl/ssl.h. The default of - * 0 means no info events will be reported. - */ - unsigned int timeout_secs_ah_idle; - /**< VHOST: seconds to allow a client to hold an ah without using it. - * 0 defaults to 10s. */ - unsigned short ip_limit_ah; - /**< CONTEXT: max number of ah a single IP may use simultaneously - * 0 is no limit. This is a soft limit: if the limit is - * reached, connections from that IP will wait in the ah - * waiting list and not be able to acquire an ah until - * a connection belonging to the IP relinquishes one it - * already has. - */ - unsigned short ip_limit_wsi; - /**< CONTEXT: max number of wsi a single IP may use simultaneously. - * 0 is no limit. This is a hard limit, connections from - * the same IP will simply be dropped once it acquires the - * amount of simultaneous wsi / accepted connections - * given here. - */ - uint32_t http2_settings[7]; - /**< VHOST: if http2_settings[0] is nonzero, the values given in - * http2_settings[1]..[6] are used instead of the lws - * platform default values. - * Just leave all at 0 if you don't care. - */ - const char *error_document_404; - /**< VHOST: If non-NULL, when asked to serve a non-existent file, - * lws attempts to server this url path instead. Eg, - * "/404.html" */ - const char *alpn; - /**< CONTEXT: If non-NULL, default list of advertised alpn, comma- - * separated - * - * VHOST: If non-NULL, per-vhost list of advertised alpn, comma- - * separated - */ - void **foreign_loops; - /**< CONTEXT: This is ignored if the context is not being started with - * an event loop, ie, .options has a flag like - * LWS_SERVER_OPTION_LIBUV. - * - * NULL indicates lws should start its own even loop for - * each service thread, and deal with closing the loops - * when the context is destroyed. - * - * Non-NULL means it points to an array of external - * ("foreign") event loops that are to be used in turn for - * each service thread. In the default case of 1 service - * thread, it can just point to one foreign event loop. - */ - void (*signal_cb)(void *event_lib_handle, int signum); - /**< CONTEXT: NULL: default signal handling. Otherwise this receives - * the signal handler callback. event_lib_handle is the - * native event library signal handle, eg uv_signal_t * - * for libuv. - */ - struct lws_context **pcontext; - /**< CONTEXT: if non-NULL, at the end of context destroy processing, - * the pointer pointed to by pcontext is written with NULL. You can - * use this to let foreign event loops know that lws context destruction - * is fully completed. - */ - void (*finalize)(struct lws_vhost *vh, void *arg); - /**< VHOST: NULL, or pointer to function that will be called back - * when the vhost is just about to be freed. The arg parameter - * will be set to whatever finalize_arg is below. - */ - void *finalize_arg; - /**< VHOST: opaque pointer lws ignores but passes to the finalize - * callback. If you don't care, leave it NULL. - */ - unsigned int max_http_header_pool2; - /**< CONTEXT: if max_http_header_pool is 0 and this - * is nonzero, this will be used in place of the default. It's - * like this for compatibility with the original short version: - * this is unsigned int length. */ - - long ssl_client_options_set; - /**< VHOST: Any bits set here will be set as CLIENT SSL options */ - long ssl_client_options_clear; - /**< VHOST: Any bits set here will be cleared as CLIENT SSL options */ - - const char *tls1_3_plus_cipher_list; - /**< VHOST: List of valid ciphers to use for incoming server connections - * ON TLS1.3 AND ABOVE (eg, "TLS_CHACHA20_POLY1305_SHA256" on this vhost - * or you can leave it as NULL to get "DEFAULT". - * SEE .client_tls_1_3_plus_cipher_list to do the same on the vhost - * client SSL_CTX. - */ - const char *client_tls_1_3_plus_cipher_list; - /**< VHOST: List of valid ciphers to use for outgoing client connections - * ON TLS1.3 AND ABOVE on this vhost (eg, - * "TLS_CHACHA20_POLY1305_SHA256") or you can leave it as NULL to get - * "DEFAULT". - */ - const char *listen_accept_role; - /**< VHOST: NULL for default, or force accepted incoming connections to - * bind to this role. Uses the role names from their ops struct, eg, - * "raw-skt". - */ - const char *listen_accept_protocol; - /**< VHOST: NULL for default, or force accepted incoming connections to - * bind to this vhost protocol name. - */ - const struct lws_protocols **pprotocols; - /**< VHOST: NULL: use .protocols, otherwise ignore .protocols and use - * this array of pointers to protocols structs. The end of the array - * is marked by a NULL pointer. - * - * This is preferred over .protocols, because it allows the protocol - * struct to be opaquely defined elsewhere, with just a pointer to it - * needed to create the context with it. .protocols requires also - * the type of the user data to be known so its size can be given. - */ - - const void *server_ssl_cert_mem; - /**< VHOST: Alternative for \p ssl_cert_filepath that allows setting - * from memory instead of from a file. At most one of - * \p ssl_cert_filepath or \p server_ssl_cert_mem should be non-NULL. */ - unsigned int server_ssl_cert_mem_len; - /**< VHOST: Server SSL context init: length of server_ssl_cert_mem in - * bytes */ - const void *server_ssl_private_key_mem; - /**< VHOST: Alternative for \p ssl_private_key_filepath allowing - * init from a private key in memory instead of a file. At most one - * of \p ssl_private_key_filepath or \p server_ssl_private_key_mem - * should be non-NULL. */ - unsigned int server_ssl_private_key_mem_len; - /**< VHOST: length of \p server_ssl_private_key_mem in memory */ - const void *server_ssl_ca_mem; - /**< VHOST: Alternative for \p ssl_ca_filepath allowing - * init from a CA cert in memory instead of a file. At most one - * of \p ssl_ca_filepath or \p server_ssl_ca_mem should be non-NULL. */ - unsigned int server_ssl_ca_mem_len; - /**< VHOST: length of \p server_ssl_ca_mem in memory */ - const char *username; /**< CONTEXT: string username for post-init - * permissions. Like .uid but takes a string username. */ - const char *groupname; /**< CONTEXT: string groupname for post-init - * permissions. Like .gid but takes a string groupname. */ - const char *unix_socket_perms; /**< VHOST: if your vhost is listening - * on a unix socket, you can give a "username:groupname" string here - * to control the owner:group it's created with. It's always created - * with 0660 mode. */ - const lws_system_ops_t *system_ops; - /**< CONTEXT: hook up lws_system_ apis to system-specific - * implementations */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility - * - * The below is to ensure later library versions with new - * members added above will see 0 (default) even if the app - * was not built against the newer headers. - */ - - void *_unused[4]; /**< dummy */ -}; - -/** - * lws_create_context() - Create the websocket handler - * \param info: pointer to struct with parameters - * - * This function creates the listening socket (if serving) and takes care - * of all initialization in one step. - * - * If option LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, no vhost is - * created; you're expected to create your own vhosts afterwards using - * lws_create_vhost(). Otherwise a vhost named "default" is also created - * using the information in the vhost-related members, for compatibility. - * - * After initialization, it returns a struct lws_context * that - * represents this server. After calling, user code needs to take care - * of calling lws_service() with the context pointer to get the - * server's sockets serviced. This must be done in the same process - * context as the initialization call. - * - * The protocol callback functions are called for a handful of events - * including http requests coming in, websocket connections becoming - * established, and data arriving; it's also called periodically to allow - * async transmission. - * - * HTTP requests are sent always to the FIRST protocol in protocol, since - * at that time websocket protocol has not been negotiated. Other - * protocols after the first one never see any HTTP callback activity. - * - * The server created is a simple http server by default; part of the - * websocket standard is upgrading this http connection to a websocket one. - * - * This allows the same server to provide files like scripts and favicon / - * images or whatever over http and dynamic data over websockets all in - * one place; they're all handled in the user callback. - */ -LWS_VISIBLE LWS_EXTERN struct lws_context * -lws_create_context(const struct lws_context_creation_info *info); - - -/** - * lws_context_destroy() - Destroy the websocket context - * \param context: Websocket context - * - * This function closes any active connections and then frees the - * context. After calling this, any further use of the context is - * undefined. - */ -LWS_VISIBLE LWS_EXTERN void -lws_context_destroy(struct lws_context *context); - -typedef int (*lws_reload_func)(void); - -/** - * lws_context_deprecate() - Deprecate the websocket context - * - * \param context: Websocket context - * \param cb: Callback notified when old context listen sockets are closed - * - * This function is used on an existing context before superceding it - * with a new context. - * - * It closes any listen sockets in the context, so new connections are - * not possible. - * - * And it marks the context to be deleted when the number of active - * connections into it falls to zero. - * - * This is aimed at allowing seamless configuration reloads. - * - * The callback cb will be called after the listen sockets are actually - * closed and may be reopened. In the callback the new context should be - * configured and created. (With libuv, socket close happens async after - * more loop events). - */ -LWS_VISIBLE LWS_EXTERN void -lws_context_deprecate(struct lws_context *context, lws_reload_func cb); - -LWS_VISIBLE LWS_EXTERN int -lws_context_is_deprecated(struct lws_context *context); - -/** - * lws_set_proxy() - Setups proxy to lws_context. - * \param vhost: pointer to struct lws_vhost you want set proxy for - * \param proxy: pointer to c string containing proxy in format address:port - * - * Returns 0 if proxy string was parsed and proxy was setup. - * Returns -1 if proxy is NULL or has incorrect format. - * - * This is only required if your OS does not provide the http_proxy - * environment variable (eg, OSX) - * - * IMPORTANT! You should call this function right after creation of the - * lws_context and before call to connect. If you call this - * function after connect behavior is undefined. - * This function will override proxy settings made on lws_context - * creation with genenv() call. - */ -LWS_VISIBLE LWS_EXTERN int -lws_set_proxy(struct lws_vhost *vhost, const char *proxy); - -/** - * lws_set_socks() - Setup socks to lws_context. - * \param vhost: pointer to struct lws_vhost you want set socks for - * \param socks: pointer to c string containing socks in format address:port - * - * Returns 0 if socks string was parsed and socks was setup. - * Returns -1 if socks is NULL or has incorrect format. - * - * This is only required if your OS does not provide the socks_proxy - * environment variable (eg, OSX) - * - * IMPORTANT! You should call this function right after creation of the - * lws_context and before call to connect. If you call this - * function after connect behavior is undefined. - * This function will override proxy settings made on lws_context - * creation with genenv() call. - */ -LWS_VISIBLE LWS_EXTERN int -lws_set_socks(struct lws_vhost *vhost, const char *socks); - -struct lws_vhost; - -/** - * lws_create_vhost() - Create a vhost (virtual server context) - * \param context: pointer to result of lws_create_context() - * \param info: pointer to struct with parameters - * - * This function creates a virtual server (vhost) using the vhost-related - * members of the info struct. You can create many vhosts inside one context - * if you created the context with the option LWS_SERVER_OPTION_EXPLICIT_VHOSTS - */ -LWS_VISIBLE LWS_EXTERN struct lws_vhost * -lws_create_vhost(struct lws_context *context, - const struct lws_context_creation_info *info); - -/** - * lws_vhost_destroy() - Destroy a vhost (virtual server context) - * - * \param vh: pointer to result of lws_create_vhost() - * - * This function destroys a vhost. Normally, if you just want to exit, - * then lws_destroy_context() will take care of everything. If you want - * to destroy an individual vhost and all connections and allocations, you - * can do it with this. - * - * If the vhost has a listen sockets shared by other vhosts, it will be given - * to one of the vhosts sharing it rather than closed. - * - * The vhost close is staged according to the needs of the event loop, and if - * there are multiple service threads. At the point the vhost itself if - * about to be freed, if you provided a finalize callback and optional arg at - * vhost creation time, it will be called just before the vhost is freed. - */ -LWS_VISIBLE LWS_EXTERN void -lws_vhost_destroy(struct lws_vhost *vh); - -/** - * lwsws_get_config_globals() - Parse a JSON server config file - * \param info: pointer to struct with parameters - * \param d: filepath of the config file - * \param config_strings: storage for the config strings extracted from JSON, - * the pointer is incremented as strings are stored - * \param len: pointer to the remaining length left in config_strings - * the value is decremented as strings are stored - * - * This function prepares a n lws_context_creation_info struct with global - * settings from a file d. - * - * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled - */ -LWS_VISIBLE LWS_EXTERN int -lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, - char **config_strings, int *len); - -/** - * lwsws_get_config_vhosts() - Create vhosts from a JSON server config file - * \param context: pointer to result of lws_create_context() - * \param info: pointer to struct with parameters - * \param d: filepath of the config file - * \param config_strings: storage for the config strings extracted from JSON, - * the pointer is incremented as strings are stored - * \param len: pointer to the remaining length left in config_strings - * the value is decremented as strings are stored - * - * This function creates vhosts into a context according to the settings in - *JSON files found in directory d. - * - * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled - */ -LWS_VISIBLE LWS_EXTERN int -lwsws_get_config_vhosts(struct lws_context *context, - struct lws_context_creation_info *info, const char *d, - char **config_strings, int *len); - -/** - * lws_get_vhost() - return the vhost a wsi belongs to - * - * \param wsi: which connection - */ -LWS_VISIBLE LWS_EXTERN struct lws_vhost * -lws_get_vhost(struct lws *wsi); - -/** - * lws_get_vhost_name() - returns the name of a vhost - * - * \param vhost: which vhost - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_get_vhost_name(struct lws_vhost *vhost); - -/** - * lws_get_vhost_by_name() - returns the vhost with the requested name, or NULL - * - * \param context: the lws_context to look in - * \param name: vhost name we are looking for - * - * Returns NULL, or the vhost with the name \p name - */ -LWS_VISIBLE LWS_EXTERN struct lws_vhost * -lws_get_vhost_by_name(struct lws_context *context, const char *name); - -/** - * lws_get_vhost_port() - returns the port a vhost listens on, or -1 - * - * \param vhost: which vhost - */ -LWS_VISIBLE LWS_EXTERN int -lws_get_vhost_port(struct lws_vhost *vhost); - -/** - * lws_get_vhost_user() - returns the user pointer for the vhost - * - * \param vhost: which vhost - */ -LWS_VISIBLE LWS_EXTERN void * -lws_get_vhost_user(struct lws_vhost *vhost); - -/** - * lws_get_vhost_iface() - returns the binding for the vhost listen socket - * - * \param vhost: which vhost - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_get_vhost_iface(struct lws_vhost *vhost); - -/** - * lws_json_dump_vhost() - describe vhost state and stats in JSON - * - * \param vh: the vhost - * \param buf: buffer to fill with JSON - * \param len: max length of buf - */ -LWS_VISIBLE LWS_EXTERN int -lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len); - -/** - * lws_json_dump_context() - describe context state and stats in JSON - * - * \param context: the context - * \param buf: buffer to fill with JSON - * \param len: max length of buf - * \param hide_vhosts: nonzero to not provide per-vhost mount etc information - * - * Generates a JSON description of vhost state into buf - */ -LWS_VISIBLE LWS_EXTERN int -lws_json_dump_context(const struct lws_context *context, char *buf, int len, - int hide_vhosts); - -/** - * lws_vhost_user() - get the user data associated with the vhost - * \param vhost: Websocket vhost - * - * This returns the optional user pointer that can be attached to - * a vhost when it was created. Lws never dereferences this pointer, it only - * sets it when the vhost is created, and returns it using this api. - */ -LWS_VISIBLE LWS_EXTERN void * -lws_vhost_user(struct lws_vhost *vhost); - -/** - * lws_context_user() - get the user data associated with the context - * \param context: Websocket context - * - * This returns the optional user allocation that can be attached to - * the context the sockets live in at context_create time. It's a way - * to let all sockets serviced in the same context share data without - * using globals statics in the user code. - */ -LWS_VISIBLE LWS_EXTERN void * -lws_context_user(struct lws_context *context); - -/*! \defgroup vhost-mounts Vhost mounts and options - * \ingroup context-and-vhost-creation - * - * ##Vhost mounts and options - */ -///@{ -/** struct lws_protocol_vhost_options - linked list of per-vhost protocol - * name=value options - * - * This provides a general way to attach a linked-list of name=value pairs, - * which can also have an optional child link-list using the options member. - */ -struct lws_protocol_vhost_options { - const struct lws_protocol_vhost_options *next; /**< linked list */ - const struct lws_protocol_vhost_options *options; /**< child linked-list of more options for this node */ - const char *name; /**< name of name=value pair */ - const char *value; /**< value of name=value pair */ -}; - -/** enum lws_mount_protocols - * This specifies the mount protocol for a mountpoint, whether it is to be - * served from a filesystem, or it is a cgi etc. - */ -enum lws_mount_protocols { - LWSMPRO_HTTP = 0, /**< http reverse proxy */ - LWSMPRO_HTTPS = 1, /**< https reverse proxy */ - LWSMPRO_FILE = 2, /**< serve from filesystem directory */ - LWSMPRO_CGI = 3, /**< pass to CGI to handle */ - LWSMPRO_REDIR_HTTP = 4, /**< redirect to http:// url */ - LWSMPRO_REDIR_HTTPS = 5, /**< redirect to https:// url */ - LWSMPRO_CALLBACK = 6, /**< hand by named protocol's callback */ -}; - -/** struct lws_http_mount - * - * arguments for mounting something in a vhost's url namespace - */ -struct lws_http_mount { - const struct lws_http_mount *mount_next; - /**< pointer to next struct lws_http_mount */ - const char *mountpoint; - /**< mountpoint in http pathspace, eg, "/" */ - const char *origin; - /**< path to be mounted, eg, "/var/www/warmcat.com" */ - const char *def; - /**< default target, eg, "index.html" */ - const char *protocol; - /**<"protocol-name" to handle mount */ - - const struct lws_protocol_vhost_options *cgienv; - /**< optional linked-list of cgi options. These are created - * as environment variables for the cgi process - */ - const struct lws_protocol_vhost_options *extra_mimetypes; - /**< optional linked-list of mimetype mappings */ - const struct lws_protocol_vhost_options *interpret; - /**< optional linked-list of files to be interpreted */ - - int cgi_timeout; - /**< seconds cgi is allowed to live, if cgi://mount type */ - int cache_max_age; - /**< max-age for reuse of client cache of files, seconds */ - unsigned int auth_mask; - /**< bits set here must be set for authorized client session */ - - unsigned int cache_reusable:1; /**< set if client cache may reuse this */ - unsigned int cache_revalidate:1; /**< set if client cache should revalidate on use */ - unsigned int cache_intermediaries:1; /**< set if intermediaries are allowed to cache */ - - unsigned char origin_protocol; /**< one of enum lws_mount_protocols */ - unsigned char mountpoint_len; /**< length of mountpoint string */ - - const char *basic_auth_login_file; - /** - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * must be included manually as - * - * #include - * - * if dbus apis needed - */ - -#if !defined(__LWS_DBUS_H__) -#define __LWS_DBUS_H__ - -#include - -/* helper type to simplify implementing methods as individual functions */ -typedef DBusHandlerResult (*lws_dbus_message_handler)(DBusConnection *conn, - DBusMessage *message, DBusMessage **reply, void *d); - -struct lws_dbus_ctx; -typedef void (*lws_dbus_closing_t)(struct lws_dbus_ctx *ctx); - -struct lws_dbus_ctx { - struct lws_dll2_owner owner; /* dbusserver ctx: HEAD of accepted list */ - struct lws_dll2 next; /* dbusserver ctx: HEAD of accepted list */ - struct lws_vhost *vh; /* the vhost we logically bind to in lws */ - int tsi; /* the lws thread service index (0 if only one service - thread as is the default */ - DBusConnection *conn; - DBusServer *dbs; - DBusWatch *w[4]; - DBusPendingCall *pc; - - char hup; - char timeouts; - - /* cb_closing callback will be called after the connection and this - * related ctx struct have effectively gone out of scope. - * - * The callback should close and clean up the connection and free the - * ctx. - */ - lws_dbus_closing_t cb_closing; -}; - -/** - * lws_dbus_connection_setup() - bind dbus connection object to lws event loop - * - * \param ctx: additional information about the connection - * \param conn: the DBusConnection object to bind - * - * This configures a DBusConnection object to use lws for watchers and timeout - * operations. - */ -LWS_VISIBLE LWS_EXTERN int -lws_dbus_connection_setup(struct lws_dbus_ctx *ctx, DBusConnection *conn, - lws_dbus_closing_t cb_closing); - -/** - * lws_dbus_server_listen() - bind dbus connection object to lws event loop - * - * \param ctx: additional information about the connection - * \param ads: the DBUS address to listen on, eg, "unix:abstract=mysocket" - * \param err: a DBusError object to take any extra error information - * \param new_conn: a callback function to prepare new accepted connections - * - * This creates a DBusServer and binds it to the lws event loop, and your - * callback to accept new connections. - */ -LWS_VISIBLE LWS_EXTERN DBusServer * -lws_dbus_server_listen(struct lws_dbus_ctx *ctx, const char *ads, - DBusError *err, DBusNewConnectionFunction new_conn); - -#endif diff --git a/include/libwebsockets/lws-diskcache.h b/include/libwebsockets/lws-diskcache.h deleted file mode 100644 index 8cc97e2..0000000 --- a/include/libwebsockets/lws-diskcache.h +++ /dev/null @@ -1,186 +0,0 @@ -/* - * libwebsockets - disk cache helpers - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup diskcache LWS disk cache - * ## Disk cache API - * - * Lws provides helper apis useful if you need a disk cache containing hashed - * files and need to delete files from it on an LRU basis to keep it below some - * size limit. - * - * The API `lws_diskcache_prepare()` deals with creating the cache dir and - * 256 subdirs, which are used according to the first two chars of the hex - * hash of the cache file. - * - * `lws_diskcache_create()` and `lws_diskcache_destroy()` allocate and free - * an opaque struct that represents the disk cache. - * - * `lws_diskcache_trim()` should be called at eg, 1s intervals to perform the - * cache dir monitoring and LRU autodelete in the background lazily. It can - * be done in its own thread or on a timer... it monitors the directories in a - * stateful way that stats one or more file in the cache per call, and keeps - * a list of the oldest files as it goes. When it completes a scan, if the - * aggregate size is over the limit, it will delete oldest files first to try - * to keep it under the limit. - * - * The cache size monitoring is extremely efficient in time and memory even when - * the cache directory becomes huge. - * - * `lws_diskcache_query()` is used to determine if the file already exists in - * the cache, or if it must be created. If it must be created, then the file - * is opened using a temp name that must be converted to a findable name with - * `lws_diskcache_finalize_name()` when the generation of the file contents are - * complete. Aborted cached files that did not complete generation will be - * flushed by the LRU eventually. If the file already exists, it is 'touched' - * to make it new again and the fd returned. - * - */ -///@{ - -struct lws_diskcache_scan; - -/** - * lws_diskcache_create() - creates an opaque struct representing the disk cache - * - * \param cache_dir_base: The cache dir path, eg `/var/cache/mycache` - * \param cache_size_limit: maximum size on disk the cache is allowed to use - * - * This returns an opaque `struct lws_diskcache_scan *` which represents the - * disk cache, the trim scanning state and so on. You should use - * `lws_diskcache_destroy()` to free it to destroy it. - */ -LWS_VISIBLE LWS_EXTERN struct lws_diskcache_scan * -lws_diskcache_create(const char *cache_dir_base, uint64_t cache_size_limit); - -/** - * lws_diskcache_destroy() - destroys the pointer returned by ...create() - * - * \param lds: pointer to the pointer returned by lws_diskcache_create() - * - * Frees *lds and any allocations it did, and then sets *lds to NULL and - * returns. - */ -LWS_VISIBLE LWS_EXTERN void -lws_diskcache_destroy(struct lws_diskcache_scan **lds); - -/** - * lws_diskcache_prepare() - ensures the cache dir structure exists on disk - * - * \param cache_base_dir: The cache dir path, eg `/var/cache/mycache` - * \param mode: octal dir mode to enforce, like 0700 - * \param uid: uid the cache dir should belong to - * - * This should be called while your app is still privileged. It will create - * the cache directory structure on disk as necessary, enforce the given access - * mode on it and set the given uid as the owner. It won't make any trouble - * if the cache already exists. - * - * Typically the mode is 0700 and the owner is the user that your application - * will transition to use when it drops root privileges. - */ -LWS_VISIBLE LWS_EXTERN int -lws_diskcache_prepare(const char *cache_base_dir, int mode, int uid); - -#define LWS_DISKCACHE_QUERY_NO_CACHE 0 -#define LWS_DISKCACHE_QUERY_EXISTS 1 -#define LWS_DISKCACHE_QUERY_CREATING 2 -#define LWS_DISKCACHE_QUERY_ONGOING 3 /* something else is creating it */ - -/** - * lws_diskcache_query() - ensures the cache dir structure exists on disk - * - * \param lds: The opaque struct representing the disk cache - * \param is_bot: nonzero means the request is from a bot. Don't create new cache contents if so. - * \param hash_hex: hex string representation of the cache object hash - * \param _fd: pointer to the fd to be set - * \param cache: destination string to take the cache filepath - * \param cache_len: length of the buffer at `cache` - * \param extant_cache_len: pointer to a size_t to take any extant cached file size - * - * This function is called when you want to find if the hashed name already - * exists in the cache. The possibilities for the return value are - * - * - LWS_DISKCACHE_QUERY_NO_CACHE: It's not in the cache and you can't create - * it in the cache for whatever reason. - * - LWS_DISKCACHE_QUERY_EXISTS: It exists in the cache. It's open RDONLY and - * *_fd has been set to the file descriptor. *extant_cache_len has been set - * to the size of the cached file in bytes. cache has been set to the - * full filepath of the cached file. Closing _fd is your responsibility. - * - LWS_DISKCACHE_QUERY_CREATING: It didn't exist, but a temp file has been - * created in the cache and *_fd set to a file descriptor opened on it RDWR. - * You should create the contents, and call `lws_diskcache_finalize_name()` - * when it is done. Closing _fd is your responsibility. - * - LWS_DISKCACHE_QUERY_ONGOING: not returned by this api, but you may find it - * desirable to make a wrapper function which can handle another asynchronous - * process that is already creating the cached file. This can be used to - * indicate that situation externally... how to determine the same thing is - * already being generated is out of scope of this api. - */ -LWS_VISIBLE LWS_EXTERN int -lws_diskcache_query(struct lws_diskcache_scan *lds, int is_bot, - const char *hash_hex, int *_fd, char *cache, int cache_len, - size_t *extant_cache_len); - -/** - * lws_diskcache_query() - ensures the cache dir structure exists on disk - * - * \param cache: The cache file temp name returned with LWS_DISKCACHE_QUERY_CREATING - * - * This renames the cache file you are creating to its final name. It should - * be called on the temp name returned by `lws_diskcache_query()` if it gave a - * LWS_DISKCACHE_QUERY_CREATING return, after you have filled the cache file and - * closed it. - */ -LWS_VISIBLE LWS_EXTERN int -lws_diskcache_finalize_name(char *cache); - -/** - * lws_diskcache_trim() - performs one or more file checks in the cache for size management - * - * \param lds: The opaque object representing the cache - * - * This should be called periodically to statefully walk the cache on disk - * collecting the oldest files. When it has visited every file, if the cache - * is oversize it will delete the oldest files until it's back under size again. - * - * Each time it's called, it will look at one or more dir in the cache. If - * called when the cache is oversize, it increases the amount of work done each - * call until it is reduced again. Typically it will take 256 calls before it - * deletes anything, so if called once per second, it will delete files once - * every 4 minutes. Each call is very inexpensive both in memory and time. - */ -LWS_VISIBLE LWS_EXTERN int -lws_diskcache_trim(struct lws_diskcache_scan *lds); - - -/** - * lws_diskcache_secs_to_idle() - see how long to idle before calling trim - * - * \param lds: The opaque object representing the cache - * - * If the cache is undersize, there's no need to monitor it immediately. This - * suggests how long to "sleep" before calling `lws_diskcache_trim()` again. - */ -LWS_VISIBLE LWS_EXTERN int -lws_diskcache_secs_to_idle(struct lws_diskcache_scan *lds); -///@} diff --git a/include/libwebsockets/lws-dsh.h b/include/libwebsockets/lws-dsh.h deleted file mode 100644 index 18b5bcb..0000000 --- a/include/libwebsockets/lws-dsh.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* - * lws_dsh (Disordered Shared Heap) is an opaque abstraction supporting a single - * linear buffer (overallocated at end of the lws_dsh_t) which may contain - * multiple kinds of packets that are retired out of order, and tracked by kind. - * - * Each kind of packet has an lws_dll2 list of its kind of packets and acts as - * a FIFO; packets of a particular type are always retired in order. But there - * is no requirement about the order types are retired matching the original - * order they arrived. - * - * Gaps are tracked as just another kind of "packet" list. - * - * "allocations" (including gaps) are prepended by an lws_dsh_object_t. - * - * dsh may themselves be on an lws_dll2_owner list, and under memory pressure - * allocate into other buffers on the list. - * - * All management structures exist inside the allocated buffer. - */ - -/** - * lws_dsh_create() - Allocate a DSH buffer - * - * \param owner: the owning list this dsh belongs on, or NULL if standalone - * \param buffer_size: the allocation in bytes - * \param count_kinds: how many separately-tracked fifos use the buffer - * - * This makes a single heap allocation that includes internal tracking objects - * in the buffer. Sub-allocated objects are bound to a "kind" index and - * managed via a FIFO for each kind. - * - * Every "kind" of allocation shares the same buffer space. - * - * Multiple buffers may be bound together in an lws_dll2 list, and if an - * allocation cannot be satisfied by the local buffer, space can be borrowed - * from other dsh in the same list (the local dsh FIFO tracks these "foreign" - * allocations as if they were local). - * - * Returns an opaque pointer to the dsh, or NULL if allocation failed. - */ -LWS_VISIBLE LWS_EXTERN lws_dsh_t * -lws_dsh_create(lws_dll2_owner_t *owner, size_t buffer_size, int count_kinds); - -/** - * lws_dsh_destroy() - Destroy a DSH buffer - * - * \param pdsh: pointer to the dsh pointer - * - * Deallocates the DSH and sets *pdsh to NULL. - * - * Before destruction, any foreign buffer usage on the part of this dsh are - * individually freed. All dsh on the same list are walked and checked if they - * have their own foreign allocations on the dsh buffer being destroyed. If so, - * it attempts to migrate the allocation to a dsh that is not currently being - * destroyed. If all else fails (basically the buffer memory is being shrunk) - * unmigratable objects are cleanly destroyed. - */ -LWS_VISIBLE LWS_EXTERN void -lws_dsh_destroy(lws_dsh_t **pdsh); - -/** - * lws_dsh_alloc_tail() - make a suballocation inside a dsh - * - * \param dsh: the dsh tracking the allocation - * \param kind: the kind of allocation - * \param src1: the first source data to copy - * \param size1: the size of the first source data - * \param src2: the second source data to copy (after the first), or NULL - * \param size2: the size of the second source data - * - * Allocates size1 + size2 bytes in a dsh (it prefers the given dsh but will - * borrow space from other dsh on the same list if necessary) and copies size1 - * bytes into it from src1, followed by size2 bytes from src2 if src2 isn't - * NULL. The actual suballocation is a bit larger because of alignment and a - * prepended management header. - * - * The suballocation is added to the kind-specific FIFO at the tail. - */ -LWS_VISIBLE LWS_EXTERN int -lws_dsh_alloc_tail(lws_dsh_t *dsh, int kind, const void *src1, size_t size1, - const void *src2, size_t size2); - -/** - * lws_dsh_free() - free a suballocation from the dsh - * - * \param obj: a pointer to a void * that pointed to the allocated payload - * - * This returns the space used by \p obj in the dsh buffer to the free list - * of the dsh the allocation came from. - */ -LWS_VISIBLE LWS_EXTERN void -lws_dsh_free(void **obj); - -/** - * lws_dsh_get_head() - free a suballocation from the dsh - * - * \param dsh: the dsh tracking the allocation - * \param kind: the kind of allocation - * \param obj: pointer to a void * to be set to the payload - * \param size: set to the size of the allocation - * - * This gets the "next" object in the kind FIFO for the dsh, and returns 0 if - * any. If none, returns nonzero. - * - * This is nondestructive of the fifo or the payload. Use lws_dsh_free on - * obj to remove the entry from the kind fifo and return the payload to the - * free list. - */ -LWS_VISIBLE LWS_EXTERN int -lws_dsh_get_head(lws_dsh_t *dsh, int kind, void **obj, size_t *size); - -/** - * lws_dsh_describe() - DEBUG BUILDS ONLY dump the dsh to the logs - * - * \param dsh: the dsh to dump - * \param desc: text that appears at the top of the dump - * - * Useful information for debugging lws_dsh - */ -LWS_VISIBLE LWS_EXTERN void -lws_dsh_describe(lws_dsh_t *dsh, const char *desc); diff --git a/include/libwebsockets/lws-esp32.h b/include/libwebsockets/lws-esp32.h deleted file mode 100644 index 0350586..0000000 --- a/include/libwebsockets/lws-esp32.h +++ /dev/null @@ -1,250 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -typedef int lws_sockfd_type; -typedef int lws_filefd_type; - -/* - * Later lwip (at least 2.1.12) already defines these in its own headers - * protected by the same test as used here... if POLLIN / POLLOUT already exist - * then assume no need to declare those and struct pollfd. - * - * Older lwip needs these declarations done here. - */ - -#if !defined(POLLIN) && !defined(POLLOUT) - -struct pollfd { - lws_sockfd_type fd; /**< fd related to */ - short events; /**< which POLL... events to respond to */ - short revents; /**< which POLL... events occurred */ -}; -#define POLLIN 0x0001 -#define POLLPRI 0x0002 -#define POLLOUT 0x0004 -#define POLLERR 0x0008 -#define POLLHUP 0x0010 -#define POLLNVAL 0x0020 - -#endif - -#if defined(LWS_AMAZON_RTOS) -#include -#include -#include -#include "timers.h" -#else /* LWS_AMAZON_RTOS */ -#include -#include -#include -#include "esp_wifi.h" -#include "esp_system.h" -#include "esp_event.h" -#include "esp_event_loop.h" -#include "nvs.h" -#include "driver/gpio.h" -#include "esp_spi_flash.h" -#include "freertos/timers.h" -#endif /* LWS_AMAZON_RTOS */ - -#if !defined(CONFIG_FREERTOS_HZ) -#define CONFIG_FREERTOS_HZ 100 -#endif - -typedef TimerHandle_t uv_timer_t; -typedef void uv_cb_t(uv_timer_t *); -typedef void * uv_handle_t; - -struct timer_mapping { - uv_cb_t *cb; - uv_timer_t *t; -}; - -#define UV_VERSION_MAJOR 1 - -#define lws_uv_getloop(a, b) (NULL) - -static LWS_INLINE void uv_timer_init(void *l, uv_timer_t *t) -{ - (void)l; - *t = NULL; -} - -extern void esp32_uvtimer_cb(TimerHandle_t t); - -static LWS_INLINE void uv_timer_start(uv_timer_t *t, uv_cb_t *cb, int first, int rep) -{ - struct timer_mapping *tm = (struct timer_mapping *)malloc(sizeof(*tm)); - - if (!tm) - return; - - tm->t = t; - tm->cb = cb; - - *t = xTimerCreate("x", pdMS_TO_TICKS(first), !!rep, tm, - (TimerCallbackFunction_t)esp32_uvtimer_cb); - xTimerStart(*t, 0); -} - -static LWS_INLINE void uv_timer_stop(uv_timer_t *t) -{ - xTimerStop(*t, 0); -} - -static LWS_INLINE void uv_close(uv_handle_t *h, void *v) -{ - free(pvTimerGetTimerID((uv_timer_t)h)); - xTimerDelete(*(uv_timer_t *)h, 0); -} - - -#if !defined(LWS_AMAZON_RTOS) - -/* ESP32 helper declarations */ - -#include -#include - -#define LWS_PLUGIN_STATIC -#define LWS_MAGIC_REBOOT_TYPE_ADS 0x50001ffc -#define LWS_MAGIC_REBOOT_TYPE_REQ_FACTORY 0xb00bcafe -#define LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY 0xfaceb00b -#define LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY_BUTTON 0xf0cedfac -#define LWS_MAGIC_REBOOT_TYPE_REQ_FACTORY_ERASE_OTA 0xfac0eeee - -/* user code provides these */ - -extern void -lws_esp32_identify_physical_device(void); - -/* lws-plat-esp32 provides these */ - -typedef void (*lws_cb_scan_done)(uint16_t count, wifi_ap_record_t *recs, void *arg); - -enum genled_state { - LWSESP32_GENLED__INIT, - LWSESP32_GENLED__LOST_NETWORK, - LWSESP32_GENLED__NO_NETWORK, - LWSESP32_GENLED__CONN_AP, - LWSESP32_GENLED__GOT_IP, - LWSESP32_GENLED__OK, -}; - -struct lws_group_member { - struct lws_group_member *next; - uint64_t last_seen; - char model[16]; - char role[16]; - char host[32]; - char mac[20]; - int width, height; - struct ip4_addr addr; - struct ip6_addr addrv6; - uint8_t flags; -}; - -#define LWS_SYSTEM_GROUP_MEMBER_ADD 1 -#define LWS_SYSTEM_GROUP_MEMBER_CHANGE 2 -#define LWS_SYSTEM_GROUP_MEMBER_REMOVE 3 - -#define LWS_GROUP_FLAG_SELF 1 - -struct lws_esp32 { - char sta_ip[16]; - char sta_mask[16]; - char sta_gw[16]; - char serial[16]; - char opts[16]; - char model[16]; - char group[16]; - char role[16]; - char ssid[4][64]; - char password[4][64]; - char active_ssid[64]; - char access_pw[16]; - char hostname[32]; - char mac[20]; - char le_dns[64]; - char le_email[64]; - char region; - char inet; - char conn_ap; - - enum genled_state genled; - uint64_t genled_t; - - lws_cb_scan_done scan_consumer; - void *scan_consumer_arg; - struct lws_group_member *first; - int extant_group_members; - - char acme; - char upload; - - volatile char button_is_down; -}; - -struct lws_esp32_image { - uint32_t romfs; - uint32_t romfs_len; - uint32_t json; - uint32_t json_len; -}; - -extern struct lws_esp32 lws_esp32; -struct lws_vhost; - -extern esp_err_t -lws_esp32_event_passthru(void *ctx, system_event_t *event); -extern void -lws_esp32_wlan_config(void); -extern void -lws_esp32_wlan_start_ap(void); -extern void -lws_esp32_wlan_start_station(void); -struct lws_context_creation_info; -extern void -lws_esp32_set_creation_defaults(struct lws_context_creation_info *info); -extern struct lws_context * -lws_esp32_init(struct lws_context_creation_info *, struct lws_vhost **pvh); -extern int -lws_esp32_wlan_nvs_get(int retry); -extern esp_err_t -lws_nvs_set_str(nvs_handle handle, const char* key, const char* value); -extern void -lws_esp32_restart_guided(uint32_t type); -extern const esp_partition_t * -lws_esp_ota_get_boot_partition(void); -extern int -lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i, char *json, int json_len); -extern int -lws_esp32_leds_network_indication(void); - -extern uint32_t lws_esp32_get_reboot_type(void); -extern uint16_t lws_esp32_sine_interp(int n); - -/* required in external code by esp32 plat (may just return if no leds) */ -extern void lws_esp32_leds_timer_cb(TimerHandle_t th); - -#endif /* LWS_AMAZON_RTOS */ diff --git a/include/libwebsockets/lws-fts.h b/include/libwebsockets/lws-fts.h deleted file mode 100644 index 29405bd..0000000 --- a/include/libwebsockets/lws-fts.h +++ /dev/null @@ -1,214 +0,0 @@ -/* - * libwebsockets - fulltext search - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup search Search - * - * ##Full-text search - * - * Lws provides superfast indexing and fulltext searching from index files on - * storage. - */ -///@{ - -struct lws_fts; -struct lws_fts_file; - -/* - * Queries produce their results in an lwsac, using these public API types. - * The first thing in the lwsac is always a struct lws_fts_result (see below) - * containing heads for linked-lists of the other result types. - */ - -/* one filepath's results */ - -struct lws_fts_result_filepath { - struct lws_fts_result_filepath *next; - int matches; /* logical number of matches */ - int matches_length; /* bytes in length table (may be zero) */ - int lines_in_file; - int filepath_length; - - /* - uint32_t line table follows (first for alignment) */ - /* - filepath (of filepath_length) follows */ -}; - -/* autocomplete result */ - -struct lws_fts_result_autocomplete { - struct lws_fts_result_autocomplete *next; - int instances; - int agg_instances; - int ac_length; - char elided; /* children skipped in interest of antecedent children */ - char has_children; - - /* - autocomplete suggestion (of length ac_length) follows */ -}; - -/* - * The results lwsac always starts with this. If no results and / or no - * autocomplete the members may be NULL. This implies the symbol nor any - * suffix on it exists in the trie file. - */ -struct lws_fts_result { - struct lws_fts_result_filepath *filepath_head; - struct lws_fts_result_autocomplete *autocomplete_head; - int duration_ms; - int effective_flags; /* the search flags that were used */ -}; - -/* - * index creation functions - */ - -/** - * lws_fts_create() - Create a new index file - * - * \param fd: The fd opened for write - * - * Inits a new index file, returning a struct lws_fts to represent it - */ -LWS_VISIBLE LWS_EXTERN struct lws_fts * -lws_fts_create(int fd); - -/** - * lws_fts_destroy() - Finalize a new index file / destroy the trie lwsac - * - * \param trie: The previously opened index being finalized - * - * Finalizes an index file that was being created, and frees the memory involved - * *trie is set to NULL afterwards. - */ -LWS_VISIBLE LWS_EXTERN void -lws_fts_destroy(struct lws_fts **trie); - -/** - * lws_fts_file_index() - Create a new entry in the trie file for an input path - * - * \param t: The previously opened index being written - * \param filepath: The filepath (which may be virtual) associated with this file - * \param filepath_len: The number of chars in the filepath - * \param priority: not used yet - * - * Returns an ordinal that represents this new filepath in the index file. - */ -LWS_VISIBLE LWS_EXTERN int -lws_fts_file_index(struct lws_fts *t, const char *filepath, int filepath_len, - int priority); - -/** - * lws_fts_fill() - Process all or a bufferload of input file - * - * \param t: The previously opened index being written - * \param file_index: The ordinal representing this input filepath - * \param buf: A bufferload of data from the input file - * \param len: The number of bytes in buf - * - * Indexes a buffer of data from the input file. - */ -LWS_VISIBLE LWS_EXTERN int -lws_fts_fill(struct lws_fts *t, uint32_t file_index, const char *buf, - size_t len); - -/** - * lws_fts_serialize() - Store the in-memory trie into the index file - * - * \param t: The previously opened index being written - * - * The trie is held in memory where it can be added to... after all the input - * filepaths and data have been processed, this is called to serialize / - * write the trie data into the index file. - */ -LWS_VISIBLE LWS_EXTERN int -lws_fts_serialize(struct lws_fts *t); - -/* - * index search functions - */ - -/** - * lws_fts_open() - Open an existing index file to search it - * - * \param filepath: The filepath to the index file to open - * - * Opening the index file returns an opaque struct lws_fts_file * that is - * used to perform other operations on it, or NULL if it can't be opened. - */ -LWS_VISIBLE LWS_EXTERN struct lws_fts_file * -lws_fts_open(const char *filepath); - -#define LWSFTS_F_QUERY_AUTOCOMPLETE (1 << 0) -#define LWSFTS_F_QUERY_FILES (1 << 1) -#define LWSFTS_F_QUERY_FILE_LINES (1 << 2) -#define LWSFTS_F_QUERY_QUOTE_LINE (1 << 3) - -struct lws_fts_search_params { - /* the actual search term */ - const char *needle; - /* if non-NULL, FILE results for this filepath only */ - const char *only_filepath; - /* will be set to the results lwsac */ - struct lwsac *results_head; - /* combination of LWSFTS_F_QUERY_* flags */ - int flags; - /* maximum number of autocomplete suggestions to return */ - int max_autocomplete; - /* maximum number of filepaths to return */ - int max_files; - /* maximum number of line number results to return per filepath */ - int max_lines; -}; - -/** - * lws_fts_search() - Perform a search operation on an index - * - * \param jtf: The index file struct returned by lws_fts_open - * \param ftsp: The struct lws_fts_search_params filled in by the caller - * - * The caller should memset the ftsp struct to 0 to ensure members that may be - * introduced in later versions contain known values, then set the related - * members to describe the kind of search action required. - * - * ftsp->results_head is the results lwsac, or NULL. It should be freed with - * lwsac_free() when the results are finished with. - * - * Returns a pointer into the results lwsac that is a struct lws_fts_result - * containing the head pointers into linked-lists of results for autocomplete - * and filepath data, along with some sundry information. This does not need - * to be freed since freeing the lwsac will also remove this and everything it - * points to. - */ -LWS_VISIBLE LWS_EXTERN struct lws_fts_result * -lws_fts_search(struct lws_fts_file *jtf, struct lws_fts_search_params *ftsp); - -/** - * lws_fts_close() - Close a previously-opened index file - * - * \param jtf: The pointer returned from the open - * - * Closes the file handle on the index and frees any allocations - */ -LWS_VISIBLE LWS_EXTERN void -lws_fts_close(struct lws_fts_file *jtf); - -///@} diff --git a/include/libwebsockets/lws-genaes.h b/include/libwebsockets/lws-genaes.h deleted file mode 100644 index dfb7de6..0000000 --- a/include/libwebsockets/lws-genaes.h +++ /dev/null @@ -1,168 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup generic AES - * ## Generic AES related functions - * - * Lws provides generic AES functions that abstract the ones - * provided by whatever tls library you are linking against. - * - * It lets you use the same code if you build against mbedtls or OpenSSL - * for example. - */ -///@{ - -#if defined(LWS_WITH_MBEDTLS) -#include -#include -#endif - -enum enum_aes_modes { - LWS_GAESM_CBC, - LWS_GAESM_CFB128, - LWS_GAESM_CFB8, - LWS_GAESM_CTR, - LWS_GAESM_ECB, - LWS_GAESM_OFB, - LWS_GAESM_XTS, /* care... requires double-length key */ - LWS_GAESM_GCM, - LWS_GAESM_KW, -}; - -enum enum_aes_operation { - LWS_GAESO_ENC, - LWS_GAESO_DEC -}; - -enum enum_aes_padding { - LWS_GAESP_NO_PADDING, - LWS_GAESP_WITH_PADDING -}; - -/* include/libwebsockets/lws-jwk.h must be included before this */ - -#define LWS_AES_BLOCKSIZE 128 - -struct lws_genaes_ctx { -#if defined(LWS_WITH_MBEDTLS) - union { - mbedtls_aes_context ctx; -#if defined(MBEDTLS_CIPHER_MODE_XTS) - mbedtls_aes_xts_context ctx_xts; -#endif - mbedtls_gcm_context ctx_gcm; - } u; -#else - EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher; - ENGINE *engine; - char init; -#endif - unsigned char tag[16]; - struct lws_gencrypto_keyelem *k; - enum enum_aes_operation op; - enum enum_aes_modes mode; - enum enum_aes_padding padding; - int taglen; - char underway; -}; - -/** lws_genaes_create() - Create RSA public decrypt context - * - * \param ctx: your struct lws_genaes_ctx - * \param op: LWS_GAESO_ENC or LWS_GAESO_DEC - * \param mode: one of LWS_GAESM_ - * \param el: struct prepared with key element data - * \param padding: 0 = no padding, 1 = padding - * \param engine: if openssl engine used, pass the pointer here - * - * Creates an RSA context with a public key associated with it, formed from - * the key elements in \p el. - * - * Returns 0 for OK or nonzero for error. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genaes_create(struct lws_genaes_ctx *ctx, enum enum_aes_operation op, - enum enum_aes_modes mode, struct lws_gencrypto_keyelem *el, - enum enum_aes_padding padding, void *engine); - -/** lws_genaes_destroy() - Destroy genaes AES context - * - * \param ctx: your struct lws_genaes_ctx - * \param tag: NULL, or, GCM-only: buffer to receive tag - * \param tlen: 0, or, GCM-only: length of tag buffer - * - * Destroys any allocations related to \p ctx. - * - * For GCM only, up to tlen bytes of tag buffer will be set on exit. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen); - -/** lws_genaes_crypt() - Encrypt or decrypt - * - * \param ctx: your struct lws_genaes_ctx - * \param in: input plaintext or ciphertext - * \param len: length of input (which is always length of output) - * \param out: output plaintext or ciphertext - * \param iv_or_nonce_ctr_or_data_unit_16: NULL, iv, nonce_ctr16, or data_unit16 - * \param stream_block_16: pointer to 16-byte stream block for CTR mode only - * \param nc_or_iv_off: NULL or pointer to nc, or iv_off - * \param taglen: length of tag - * - * Encrypts or decrypts using the AES mode set when the ctx was created. - * The last three arguments have different meanings depending on the mode: - * - * KW CBC CFB128 CFB8 CTR ECB OFB XTS - * iv_or_nonce_ct.._unit_16 : iv iv iv iv nonce NULL iv dataunt - * stream_block_16 : NULL NULL NULL NULL stream NULL NULL NULL - * nc_or_iv_off : NULL NULL iv_off NULL nc_off NULL iv_off NULL - * - * For GCM: - * - * iv_or_nonce_ctr_or_data_unit_16 : iv - * stream_block_16 : pointer to tag - * nc_or_iv_off : set pointed-to size_t to iv length - * in : first call: additional data, subsequently - * : input data - * len : first call: add data length, subsequently - * : input / output length - * - * The length of the optional arg is always 16 if used, regardless of the mode. - * - * Returns 0 for OK or nonzero for error. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len, - uint8_t *out, - uint8_t *iv_or_nonce_ctr_or_data_unit_16, - uint8_t *stream_block_16, - size_t *nc_or_iv_off, int taglen); - -///@} diff --git a/include/libwebsockets/lws-gencrypto.h b/include/libwebsockets/lws-gencrypto.h deleted file mode 100644 index d82fb60..0000000 --- a/include/libwebsockets/lws-gencrypto.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* - * These are gencrypto-level constants... they are used by both JOSE and direct - * gencrypto code. However while JWK relies on these, using gencrypto apis has - * no dependency at all on any JOSE type. - */ - -enum lws_gencrypto_kty { - LWS_GENCRYPTO_KTY_UNKNOWN, - - LWS_GENCRYPTO_KTY_OCT, - LWS_GENCRYPTO_KTY_RSA, - LWS_GENCRYPTO_KTY_EC -}; - -/* - * Keytypes where the same element name is reused must all agree to put the - * same-named element at the same e[] index. It's because when used with jwk, - * we parse and store in incoming key data, but we may not be informed of the - * definitive keytype until the end. - */ - -enum lws_gencrypto_oct_tok { - LWS_GENCRYPTO_OCT_KEYEL_K, /* note... same offset as AES K */ - - LWS_GENCRYPTO_OCT_KEYEL_COUNT -}; - -enum lws_gencrypto_rsa_tok { - LWS_GENCRYPTO_RSA_KEYEL_E, - LWS_GENCRYPTO_RSA_KEYEL_N, - LWS_GENCRYPTO_RSA_KEYEL_D, /* note... same offset as EC D */ - LWS_GENCRYPTO_RSA_KEYEL_P, - LWS_GENCRYPTO_RSA_KEYEL_Q, - LWS_GENCRYPTO_RSA_KEYEL_DP, - LWS_GENCRYPTO_RSA_KEYEL_DQ, - LWS_GENCRYPTO_RSA_KEYEL_QI, - - LWS_GENCRYPTO_RSA_KEYEL_COUNT -}; - -enum lws_gencrypto_ec_tok { - LWS_GENCRYPTO_EC_KEYEL_CRV, - LWS_GENCRYPTO_EC_KEYEL_X, - /* note... same offset as RSA D */ - LWS_GENCRYPTO_EC_KEYEL_D = LWS_GENCRYPTO_RSA_KEYEL_D, - LWS_GENCRYPTO_EC_KEYEL_Y, - - LWS_GENCRYPTO_EC_KEYEL_COUNT -}; - -enum lws_gencrypto_aes_tok { - /* note... same offset as OCT K */ - LWS_GENCRYPTO_AES_KEYEL_K = LWS_GENCRYPTO_OCT_KEYEL_K, - - LWS_GENCRYPTO_AES_KEYEL_COUNT -}; - -/* largest number of key elements for any algorithm */ -#define LWS_GENCRYPTO_MAX_KEYEL_COUNT LWS_GENCRYPTO_RSA_KEYEL_COUNT - -/* this "stretchy" type holds individual key element data in binary form. - * It's typcially used in an array with the layout mapping the element index to - * the key element meaning defined by the enums above. An array of these of - * length LWS_GENCRYPTO_MAX_KEYEL_COUNT can define key elements for any key - * type. - */ - -struct lws_gencrypto_keyelem { - uint8_t *buf; - uint32_t len; -}; - - -/** - * lws_gencrypto_bits_to_bytes() - returns rounded up bytes needed for bits - * - * \param bits - * - * Returns the number of bytes needed to store the given number of bits. If - * a byte is partially used, the byte count is rounded up. - */ -LWS_VISIBLE LWS_EXTERN int -lws_gencrypto_bits_to_bytes(int bits); - -/** - * lws_base64_size() - returns estimated size of base64 encoding - * - * \param bytes - * - * Returns a slightly oversize estimate of the size of a base64 encoded version - * of the given amount of unencoded data. - */ -LWS_VISIBLE LWS_EXTERN int -lws_base64_size(int bytes); diff --git a/include/libwebsockets/lws-genec.h b/include/libwebsockets/lws-genec.h deleted file mode 100644 index 7db796e..0000000 --- a/include/libwebsockets/lws-genec.h +++ /dev/null @@ -1,210 +0,0 @@ -/* - * libwebsockets - Generic Elliptic Curve Encryption - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -enum enum_genec_alg { - LEGENEC_UNKNOWN, - - LEGENEC_ECDH, - LEGENEC_ECDSA -}; - -struct lws_genec_ctx { -#if defined(LWS_WITH_MBEDTLS) - union { - mbedtls_ecdh_context *ctx_ecdh; - mbedtls_ecdsa_context *ctx_ecdsa; - } u; -#else - EVP_PKEY_CTX *ctx[2]; -#endif - struct lws_context *context; - const struct lws_ec_curves *curve_table; - enum enum_genec_alg genec_alg; - - char has_private; -}; - -#if defined(LWS_WITH_MBEDTLS) -enum enum_lws_dh_side { - LDHS_OURS = MBEDTLS_ECDH_OURS, - LDHS_THEIRS = MBEDTLS_ECDH_THEIRS -}; -#else -enum enum_lws_dh_side { - LDHS_OURS, - LDHS_THEIRS -}; -#endif - -struct lws_ec_curves { - const char *name; - int tls_lib_nid; - uint16_t key_bytes; -}; - - -/* ECDH-specific apis */ - -/** lws_genecdh_create() - Create a genecdh - * - * \param ctx: your genec context - * \param context: your lws_context (for RNG access) - * \param curve_table: NULL, enabling P-256, P-384 and P-521, or a replacement - * struct lws_ec_curves array, terminated by an entry with - * .name = NULL, of curves you want to whitelist - * - * Initializes a genecdh - */ -LWS_VISIBLE int -lws_genecdh_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table); - -/** lws_genecdh_set_key() - Apply an EC key to our or theirs side - * - * \param ctx: your genecdh context - * \param el: your key elements - * \param side: LDHS_OURS or LDHS_THEIRS - * - * Applies an EC key to one side or the other of an ECDH ctx - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdh_set_key(struct lws_genec_ctx *ctx, struct lws_gencrypto_keyelem *el, - enum enum_lws_dh_side side); - -/** lws_genecdh_new_keypair() - Create a genec with a new public / private key - * - * \param ctx: your genec context - * \param side: LDHS_OURS or LDHS_THEIRS - * \param curve_name: an EC curve name, like "P-256" - * \param el: array pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elems to take the new key - * - * Creates a genecdh with a newly minted EC public / private key - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdh_new_keypair(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, - const char *curve_name, struct lws_gencrypto_keyelem *el); - -LWS_VISIBLE LWS_EXTERN int -lws_genecdh_compute_shared_secret(struct lws_genec_ctx *ctx, uint8_t *ss, - int *ss_len); - - -/* ECDSA-specific apis */ - -/** lws_genecdsa_create() - Create a genecdsa and - * - * \param ctx: your genec context - * \param context: your lws_context (for RNG access) - * \param curve_table: NULL, enabling P-256, P-384 and P-521, or a replacement - * struct lws_ec_curves array, terminated by an entry with - * .name = NULL, of curves you want to whitelist - * - * Initializes a genecdh - */ -LWS_VISIBLE int -lws_genecdsa_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table); - -/** lws_genecdsa_new_keypair() - Create a genecdsa with a new public / private key - * - * \param ctx: your genec context - * \param curve_name: an EC curve name, like "P-256" - * \param el: array pf LWS_GENCRYPTO_EC_KEYEL_COUNT key elements to take the new key - * - * Creates a genecdsa with a newly minted EC public / private key - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_new_keypair(struct lws_genec_ctx *ctx, const char *curve_name, - struct lws_gencrypto_keyelem *el); - -/** lws_genecdsa_set_key() - Apply an EC key to an ecdsa context - * - * \param ctx: your genecdsa context - * \param el: your key elements - * - * Applies an EC key to an ecdsa context - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_set_key(struct lws_genec_ctx *ctx, - struct lws_gencrypto_keyelem *el); - -/** lws_genecdsa_hash_sig_verify_jws() - Verifies a JWS ECDSA signature on a given hash - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: unencrypted payload (usually a recomputed hash) - * \param hash_type: one of LWS_GENHASH_TYPE_ - * \param keybits: number of bits in the crypto key - * \param sig: pointer to the signature we received with the payload - * \param sig_len: length of the signature we are checking in bytes - * - * This just looks at the signed hash... that's why there's no input length - * parameter, it's decided by the choice of hash. It's up to you to confirm - * separately the actual payload matches the hash that was confirmed by this to - * be validly signed. - * - * Returns <0 for error, or 0 if signature matches the hash + key.. - * - * The JWS ECDSA signature verification algorithm differs to generic ECDSA - * signatures and they're not interoperable. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sig_verify_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - const uint8_t *sig, size_t sig_len); - -/** lws_genecdsa_hash_sign_jws() - Creates a JWS ECDSA signature for a hash you provide - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: precomputed hash - * \param hash_type: one of LWS_GENHASH_TYPE_ - * \param keybits: number of bits in the crypto key - * \param sig: pointer to buffer to take signature - * \param sig_len: length of the buffer (must be >= length of key N) - * - * Returns <0 for error, or 0 for success. - * - * This creates a JWS ECDSA signature for a hash you already computed and provide. - * - * The JWS ECDSA signature generation algorithm differs to generic ECDSA - * signatures and they're not interoperable. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sign_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - uint8_t *sig, size_t sig_len); - - -/* Apis that apply to both ECDH and ECDSA */ - -LWS_VISIBLE LWS_EXTERN void -lws_genec_destroy(struct lws_genec_ctx *ctx); - -LWS_VISIBLE LWS_EXTERN void -lws_genec_destroy_elements(struct lws_gencrypto_keyelem *el); - -LWS_VISIBLE LWS_EXTERN int -lws_genec_dump(struct lws_gencrypto_keyelem *el); diff --git a/include/libwebsockets/lws-genhash.h b/include/libwebsockets/lws-genhash.h deleted file mode 100644 index 6fe5dbd..0000000 --- a/include/libwebsockets/lws-genhash.h +++ /dev/null @@ -1,179 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup generichash Generic Hash - * ## Generic Hash related functions - * - * Lws provides generic hash / digest accessors that abstract the ones - * provided by whatever tls library you are linking against. - * - * It lets you use the same code if you build against mbedtls or OpenSSL - * for example. - */ -///@{ - -enum lws_genhash_types { - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHASH_TYPE_MD5, - LWS_GENHASH_TYPE_SHA1, - LWS_GENHASH_TYPE_SHA256, - LWS_GENHASH_TYPE_SHA384, - LWS_GENHASH_TYPE_SHA512, -}; - -enum lws_genhmac_types { - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA256, - LWS_GENHMAC_TYPE_SHA384, - LWS_GENHMAC_TYPE_SHA512, -}; - -#define LWS_GENHASH_LARGEST 64 - -struct lws_genhash_ctx { - uint8_t type; -#if defined(LWS_WITH_MBEDTLS) - union { - mbedtls_md5_context md5; - mbedtls_sha1_context sha1; - mbedtls_sha256_context sha256; - mbedtls_sha512_context sha512; /* 384 also uses this */ - const mbedtls_md_info_t *hmac; - } u; -#else - const EVP_MD *evp_type; - EVP_MD_CTX *mdctx; -#endif -}; - -struct lws_genhmac_ctx { - uint8_t type; -#if defined(LWS_WITH_MBEDTLS) - const mbedtls_md_info_t *hmac; - mbedtls_md_context_t ctx; -#else - const EVP_MD *evp_type; -#if defined(LWS_HAVE_HMAC_CTX_new) - HMAC_CTX *ctx; -#else - HMAC_CTX ctx; -#endif -#endif -}; - -/** lws_genhash_size() - get hash size in bytes - * - * \param type: one of LWS_GENHASH_TYPE_... - * - * Returns number of bytes in this type of hash - */ -LWS_VISIBLE LWS_EXTERN size_t LWS_WARN_UNUSED_RESULT -lws_genhash_size(enum lws_genhash_types type); - -/** lws_genhmac_size() - get hash size in bytes - * - * \param type: one of LWS_GENHASH_TYPE_... - * - * Returns number of bytes in this type of hmac - */ -LWS_VISIBLE LWS_EXTERN size_t LWS_WARN_UNUSED_RESULT -lws_genhmac_size(enum lws_genhmac_types type); - -/** lws_genhash_init() - prepare your struct lws_genhash_ctx for use - * - * \param ctx: your struct lws_genhash_ctx - * \param type: one of LWS_GENHASH_TYPE_... - * - * Initializes the hash context for the type you requested - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type); - -/** lws_genhash_update() - digest len bytes of the buffer starting at in - * - * \param ctx: your struct lws_genhash_ctx - * \param in: start of the bytes to digest - * \param len: count of bytes to digest - * - * Updates the state of your hash context to reflect digesting len bytes from in - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_genhash_update(struct lws_genhash_ctx *ctx, const void *in, size_t len); - -/** lws_genhash_destroy() - copy out the result digest and destroy the ctx - * - * \param ctx: your struct lws_genhash_ctx - * \param result: NULL, or where to copy the result hash - * - * Finalizes the hash and copies out the digest. Destroys any allocations such - * that ctx can safely go out of scope after calling this. - * - * NULL result is supported so that you can destroy the ctx cleanly on error - * conditions, where there is no valid result. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genhash_destroy(struct lws_genhash_ctx *ctx, void *result); - -/** lws_genhmac_init() - prepare your struct lws_genhmac_ctx for use - * - * \param ctx: your struct lws_genhmac_ctx - * \param type: one of LWS_GENHMAC_TYPE_... - * \param key: pointer to the start of the HMAC key - * \param key_len: length of the HMAC key - * - * Initializes the hash context for the type you requested - * - * If the return is nonzero, it failed and there is nothing needing to be - * destroyed. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type, - const uint8_t *key, size_t key_len); - -/** lws_genhmac_update() - digest len bytes of the buffer starting at in - * - * \param ctx: your struct lws_genhmac_ctx - * \param in: start of the bytes to digest - * \param len: count of bytes to digest - * - * Updates the state of your hash context to reflect digesting len bytes from in - * - * If the return is nonzero, it failed and needs destroying. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_genhmac_update(struct lws_genhmac_ctx *ctx, const void *in, size_t len); - -/** lws_genhmac_destroy() - copy out the result digest and destroy the ctx - * - * \param ctx: your struct lws_genhmac_ctx - * \param result: NULL, or where to copy the result hash - * - * Finalizes the hash and copies out the digest. Destroys any allocations such - * that ctx can safely go out of scope after calling this. - * - * NULL result is supported so that you can destroy the ctx cleanly on error - * conditions, where there is no valid result. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result); -///@} diff --git a/include/libwebsockets/lws-genrsa.h b/include/libwebsockets/lws-genrsa.h deleted file mode 100644 index eb91629..0000000 --- a/include/libwebsockets/lws-genrsa.h +++ /dev/null @@ -1,253 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup genericRSA Generic RSA - * ## Generic RSA related functions - * - * Lws provides generic RSA functions that abstract the ones - * provided by whatever OpenSSL library you are linking against. - * - * It lets you use the same code if you build against mbedtls or OpenSSL - * for example. - */ -///@{ - -/* include/libwebsockets/lws-jwk.h must be included before this */ - -enum enum_genrsa_mode { - LGRSAM_PKCS1_1_5, - LGRSAM_PKCS1_OAEP_PSS, - - LGRSAM_COUNT -}; - -struct lws_genrsa_ctx { -#if defined(LWS_WITH_MBEDTLS) - mbedtls_rsa_context *ctx; -#else - BIGNUM *bn[LWS_GENCRYPTO_RSA_KEYEL_COUNT]; - EVP_PKEY_CTX *ctx; - RSA *rsa; -#endif - struct lws_context *context; - enum enum_genrsa_mode mode; -}; - -/** lws_genrsa_public_decrypt_create() - Create RSA public decrypt context - * - * \param ctx: your struct lws_genrsa_ctx - * \param el: struct prepared with key element data - * \param context: lws_context for RNG - * \param mode: RSA mode, one of LGRSAM_ constants - * \param oaep_hashid: the lws genhash id for the hash used in MFG1 hash - * used in OAEP mode - normally, SHA1 - * - * Creates an RSA context with a public key associated with it, formed from - * the key elements in \p el. - * - * Mode LGRSAM_PKCS1_1_5 is in widespread use but has weaknesses. It's - * recommended to use LGRSAM_PKCS1_OAEP_PSS for new implementations. - * - * Returns 0 for OK or nonzero for error. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el, - struct lws_context *context, enum enum_genrsa_mode mode, - enum lws_genhash_types oaep_hashid); - -/** lws_genrsa_destroy_elements() - Free allocations in genrsa_elements - * - * \param el: your struct lws_gencrypto_keyelem - * - * This is a helper for user code making use of struct lws_gencrypto_keyelem - * where the elements are allocated on the heap, it frees any non-NULL - * buf element and sets the buf to NULL. - * - * NB: lws_genrsa_public_... apis do not need this as they take care of the key - * creation and destruction themselves. - */ -LWS_VISIBLE LWS_EXTERN void -lws_genrsa_destroy_elements(struct lws_gencrypto_keyelem *el); - -/** lws_genrsa_new_keypair() - Create new RSA keypair - * - * \param context: your struct lws_context (may be used for RNG) - * \param ctx: your struct lws_genrsa_ctx - * \param mode: RSA mode, one of LGRSAM_ constants - * \param el: struct to get the new key element data allocated into it - * \param bits: key size, eg, 4096 - * - * Creates a new RSA context and generates a new keypair into it, with \p bits - * bits. - * - * Returns 0 for OK or nonzero for error. - * - * Mode LGRSAM_PKCS1_1_5 is in widespread use but has weaknesses. It's - * recommended to use LGRSAM_PKCS1_OAEP_PSS for new implementations. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx, - enum enum_genrsa_mode mode, struct lws_gencrypto_keyelem *el, - int bits); - -/** lws_genrsa_public_encrypt() - Perform RSA public key encryption - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: plaintext input - * \param in_len: length of plaintext input - * \param out: encrypted output - * - * Performs PKCS1 v1.5 Encryption - * - * Returns <0 for error, or length of decrypted data. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out); - -/** lws_genrsa_private_encrypt() - Perform RSA private key encryption - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: plaintext input - * \param in_len: length of plaintext input - * \param out: encrypted output - * - * Performs PKCS1 v1.5 Encryption - * - * Returns <0 for error, or length of decrypted data. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out); - -/** lws_genrsa_public_decrypt() - Perform RSA public key decryption - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: encrypted input - * \param in_len: length of encrypted input - * \param out: decrypted output - * \param out_max: size of output buffer - * - * Performs PKCS1 v1.5 Decryption - * - * Returns <0 for error, or length of decrypted data. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max); - -/** lws_genrsa_private_decrypt() - Perform RSA private key decryption - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: encrypted input - * \param in_len: length of encrypted input - * \param out: decrypted output - * \param out_max: size of output buffer - * - * Performs PKCS1 v1.5 Decryption - * - * Returns <0 for error, or length of decrypted data. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max); - -/** lws_genrsa_hash_sig_verify() - Verifies RSA signature on a given hash - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: input to be hashed - * \param hash_type: one of LWS_GENHASH_TYPE_ - * \param sig: pointer to the signature we received with the payload - * \param sig_len: length of the signature we are checking in bytes - * - * Returns <0 for error, or 0 if signature matches the payload + key. - * - * This just looks at a hash... that's why there's no input length - * parameter, it's decided by the choice of hash. It's up to you to confirm - * separately the actual payload matches the hash that was confirmed by this to - * be validly signed. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, - const uint8_t *sig, size_t sig_len); - -/** lws_genrsa_hash_sign() - Creates an ECDSA signature for a hash you provide - * - * \param ctx: your struct lws_genrsa_ctx - * \param in: input to be hashed and signed - * \param hash_type: one of LWS_GENHASH_TYPE_ - * \param sig: pointer to buffer to take signature - * \param sig_len: length of the buffer (must be >= length of key N) - * - * Returns <0 for error, or 0 for success. - * - * This creates an RSA signature for a hash you already computed and provide. - * You should have created the hash before calling this by iterating over the - * actual payload you need to confirm. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, - uint8_t *sig, size_t sig_len); - -/** lws_genrsa_public_decrypt_destroy() - Destroy RSA public decrypt context - * - * \param ctx: your struct lws_genrsa_ctx - * - * Destroys any allocations related to \p ctx. - * - * This and related APIs operate identically with OpenSSL or mbedTLS backends. - */ -LWS_VISIBLE LWS_EXTERN void -lws_genrsa_destroy(struct lws_genrsa_ctx *ctx); - -/** lws_genrsa_render_pkey_asn1() - Exports public or private key to ASN1/DER - * - * \param ctx: your struct lws_genrsa_ctx - * \param _private: 0 = public part only, 1 = all parts of the key - * \param pkey_asn1: pointer to buffer to take the ASN1 - * \param pkey_asn1_len: max size of the pkey_asn1_len - * - * Returns length of pkey_asn1 written, or -1 for error. - */ -LWS_VISIBLE LWS_EXTERN int -lws_genrsa_render_pkey_asn1(struct lws_genrsa_ctx *ctx, int _private, - uint8_t *pkey_asn1, size_t pkey_asn1_len); -///@} diff --git a/include/libwebsockets/lws-http.h b/include/libwebsockets/lws-http.h deleted file mode 100644 index 913e04c..0000000 --- a/include/libwebsockets/lws-http.h +++ /dev/null @@ -1,776 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* minimal space for typical headers and CSP stuff */ - -#define LWS_RECOMMENDED_MIN_HEADER_SPACE 2048 - -/*! \defgroup http HTTP - - Modules related to handling HTTP -*/ -//@{ - -/*! \defgroup httpft HTTP File transfer - * \ingroup http - - APIs for sending local files in response to HTTP requests -*/ -//@{ - -/** - * lws_get_mimetype() - Determine mimetype to use from filename - * - * \param file: filename - * \param m: NULL, or mount context - * - * This uses a canned list of known filetypes first, if no match and m is - * non-NULL, then tries a list of per-mount file suffix to mimtype mappings. - * - * Returns either NULL or a pointer to the mimetype matching the file. - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_get_mimetype(const char *file, const struct lws_http_mount *m); - -/** - * lws_serve_http_file() - Send a file back to the client using http - * \param wsi: Websocket instance (available from user callback) - * \param file: The file to issue over http - * \param content_type: The http content type, eg, text/html - * \param other_headers: NULL or pointer to header string - * \param other_headers_len: length of the other headers if non-NULL - * - * This function is intended to be called from the callback in response - * to http requests from the client. It allows the callback to issue - * local files down the http link in a single step. - * - * Returning <0 indicates error and the wsi should be closed. Returning - * >0 indicates the file was completely sent and - * lws_http_transaction_completed() called on the wsi (and close if != 0) - * ==0 indicates the file transfer is started and needs more service later, - * the wsi should be left alone. - */ -LWS_VISIBLE LWS_EXTERN int -lws_serve_http_file(struct lws *wsi, const char *file, const char *content_type, - const char *other_headers, int other_headers_len); - -LWS_VISIBLE LWS_EXTERN int -lws_serve_http_file_fragment(struct lws *wsi); -//@} - - -enum http_status { - HTTP_STATUS_CONTINUE = 100, - - HTTP_STATUS_OK = 200, - HTTP_STATUS_NO_CONTENT = 204, - HTTP_STATUS_PARTIAL_CONTENT = 206, - - HTTP_STATUS_MOVED_PERMANENTLY = 301, - HTTP_STATUS_FOUND = 302, - HTTP_STATUS_SEE_OTHER = 303, - HTTP_STATUS_NOT_MODIFIED = 304, - - HTTP_STATUS_BAD_REQUEST = 400, - HTTP_STATUS_UNAUTHORIZED, - HTTP_STATUS_PAYMENT_REQUIRED, - HTTP_STATUS_FORBIDDEN, - HTTP_STATUS_NOT_FOUND, - HTTP_STATUS_METHOD_NOT_ALLOWED, - HTTP_STATUS_NOT_ACCEPTABLE, - HTTP_STATUS_PROXY_AUTH_REQUIRED, - HTTP_STATUS_REQUEST_TIMEOUT, - HTTP_STATUS_CONFLICT, - HTTP_STATUS_GONE, - HTTP_STATUS_LENGTH_REQUIRED, - HTTP_STATUS_PRECONDITION_FAILED, - HTTP_STATUS_REQ_ENTITY_TOO_LARGE, - HTTP_STATUS_REQ_URI_TOO_LONG, - HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE, - HTTP_STATUS_REQ_RANGE_NOT_SATISFIABLE, - HTTP_STATUS_EXPECTATION_FAILED, - - HTTP_STATUS_INTERNAL_SERVER_ERROR = 500, - HTTP_STATUS_NOT_IMPLEMENTED, - HTTP_STATUS_BAD_GATEWAY, - HTTP_STATUS_SERVICE_UNAVAILABLE, - HTTP_STATUS_GATEWAY_TIMEOUT, - HTTP_STATUS_HTTP_VERSION_NOT_SUPPORTED, -}; -/*! \defgroup html-chunked-substitution HTML Chunked Substitution - * \ingroup http - * - * ##HTML chunked Substitution - * - * APIs for receiving chunks of text, replacing a set of variable names via - * a callback, and then prepending and appending HTML chunked encoding - * headers. - */ -//@{ - -struct lws_process_html_args { - char *p; /**< pointer to the buffer containing the data */ - int len; /**< length of the original data at p */ - int max_len; /**< maximum length we can grow the data to */ - int final; /**< set if this is the last chunk of the file */ - int chunked; /**< 0 == unchunked, 1 == produce chunk headers - (incompatible with HTTP/2) */ -}; - -typedef const char *(*lws_process_html_state_cb)(void *data, int index); - -struct lws_process_html_state { - char *start; /**< pointer to start of match */ - char swallow[16]; /**< matched character buffer */ - int pos; /**< position in match */ - void *data; /**< opaque pointer */ - const char * const *vars; /**< list of variable names */ - int count_vars; /**< count of variable names */ - - lws_process_html_state_cb replace; - /**< called on match to perform substitution */ -}; - -/*! lws_chunked_html_process() - generic chunked substitution - * \param args: buffer to process using chunked encoding - * \param s: current processing state - */ -LWS_VISIBLE LWS_EXTERN int -lws_chunked_html_process(struct lws_process_html_args *args, - struct lws_process_html_state *s); -//@} - -/** \defgroup HTTP-headers-read HTTP headers: read - * \ingroup http - * - * ##HTTP header releated functions - * - * In lws the client http headers are temporarily stored in a pool, only for the - * duration of the http part of the handshake. It's because in most cases, - * the header content is ignored for the whole rest of the connection lifetime - * and would then just be taking up space needlessly. - * - * During LWS_CALLBACK_HTTP when the URI path is delivered is the last time - * the http headers are still allocated, you can use these apis then to - * look at and copy out interesting header content (cookies, etc) - * - * Notice that the header total length reported does not include a terminating - * '\0', however you must allocate for it when using the _copy apis. So the - * length reported for a header containing "123" is 3, but you must provide - * a buffer of length 4 so that "123\0" may be copied into it, or the copy - * will fail with a nonzero return code. - * - * In the special case of URL arguments, like ?x=1&y=2, the arguments are - * stored in a token named for the method, eg, WSI_TOKEN_GET_URI if it - * was a GET or WSI_TOKEN_POST_URI if POST. You can check the total - * length to confirm the method. - * - * For URL arguments, each argument is stored urldecoded in a "fragment", so - * you can use the fragment-aware api lws_hdr_copy_fragment() to access each - * argument in turn: the fragments contain urldecoded strings like x=1 or y=2. - * - * As a convenience, lws has an api that will find the fragment with a - * given name= part, lws_get_urlarg_by_name(). - */ -///@{ - -/** struct lws_tokens - * you need these to look at headers that have been parsed if using the - * LWS_CALLBACK_FILTER_CONNECTION callback. If a header from the enum - * list below is absent, .token = NULL and len = 0. Otherwise .token - * points to .len chars containing that header content. - */ -struct lws_tokens { - unsigned char *token; /**< pointer to start of the token */ - int len; /**< length of the token's value */ -}; - -/* enum lws_token_indexes - * these have to be kept in sync with lextable.h / minilex.c - * - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -enum lws_token_indexes { - WSI_TOKEN_GET_URI = 0, - WSI_TOKEN_POST_URI = 1, - WSI_TOKEN_OPTIONS_URI = 2, - WSI_TOKEN_HOST = 3, - WSI_TOKEN_CONNECTION = 4, - WSI_TOKEN_UPGRADE = 5, - WSI_TOKEN_ORIGIN = 6, - WSI_TOKEN_DRAFT = 7, - WSI_TOKEN_CHALLENGE = 8, - WSI_TOKEN_EXTENSIONS = 9, - WSI_TOKEN_KEY1 = 10, - WSI_TOKEN_KEY2 = 11, - WSI_TOKEN_PROTOCOL = 12, - WSI_TOKEN_ACCEPT = 13, - WSI_TOKEN_NONCE = 14, - WSI_TOKEN_HTTP = 15, - WSI_TOKEN_HTTP2_SETTINGS = 16, - WSI_TOKEN_HTTP_ACCEPT = 17, - WSI_TOKEN_HTTP_AC_REQUEST_HEADERS = 18, - WSI_TOKEN_HTTP_IF_MODIFIED_SINCE = 19, - WSI_TOKEN_HTTP_IF_NONE_MATCH = 20, - WSI_TOKEN_HTTP_ACCEPT_ENCODING = 21, - WSI_TOKEN_HTTP_ACCEPT_LANGUAGE = 22, - WSI_TOKEN_HTTP_PRAGMA = 23, - WSI_TOKEN_HTTP_CACHE_CONTROL = 24, - WSI_TOKEN_HTTP_AUTHORIZATION = 25, - WSI_TOKEN_HTTP_COOKIE = 26, - WSI_TOKEN_HTTP_CONTENT_LENGTH = 27, - WSI_TOKEN_HTTP_CONTENT_TYPE = 28, - WSI_TOKEN_HTTP_DATE = 29, - WSI_TOKEN_HTTP_RANGE = 30, - WSI_TOKEN_HTTP_REFERER = 31, - WSI_TOKEN_KEY = 32, - WSI_TOKEN_VERSION = 33, - WSI_TOKEN_SWORIGIN = 34, - - WSI_TOKEN_HTTP_COLON_AUTHORITY = 35, - WSI_TOKEN_HTTP_COLON_METHOD = 36, - WSI_TOKEN_HTTP_COLON_PATH = 37, - WSI_TOKEN_HTTP_COLON_SCHEME = 38, - WSI_TOKEN_HTTP_COLON_STATUS = 39, - - WSI_TOKEN_HTTP_ACCEPT_CHARSET = 40, - WSI_TOKEN_HTTP_ACCEPT_RANGES = 41, - WSI_TOKEN_HTTP_ACCESS_CONTROL_ALLOW_ORIGIN = 42, - WSI_TOKEN_HTTP_AGE = 43, - WSI_TOKEN_HTTP_ALLOW = 44, - WSI_TOKEN_HTTP_CONTENT_DISPOSITION = 45, - WSI_TOKEN_HTTP_CONTENT_ENCODING = 46, - WSI_TOKEN_HTTP_CONTENT_LANGUAGE = 47, - WSI_TOKEN_HTTP_CONTENT_LOCATION = 48, - WSI_TOKEN_HTTP_CONTENT_RANGE = 49, - WSI_TOKEN_HTTP_ETAG = 50, - WSI_TOKEN_HTTP_EXPECT = 51, - WSI_TOKEN_HTTP_EXPIRES = 52, - WSI_TOKEN_HTTP_FROM = 53, - WSI_TOKEN_HTTP_IF_MATCH = 54, - WSI_TOKEN_HTTP_IF_RANGE = 55, - WSI_TOKEN_HTTP_IF_UNMODIFIED_SINCE = 56, - WSI_TOKEN_HTTP_LAST_MODIFIED = 57, - WSI_TOKEN_HTTP_LINK = 58, - WSI_TOKEN_HTTP_LOCATION = 59, - WSI_TOKEN_HTTP_MAX_FORWARDS = 60, - WSI_TOKEN_HTTP_PROXY_AUTHENTICATE = 61, - WSI_TOKEN_HTTP_PROXY_AUTHORIZATION = 62, - WSI_TOKEN_HTTP_REFRESH = 63, - WSI_TOKEN_HTTP_RETRY_AFTER = 64, - WSI_TOKEN_HTTP_SERVER = 65, - WSI_TOKEN_HTTP_SET_COOKIE = 66, - WSI_TOKEN_HTTP_STRICT_TRANSPORT_SECURITY = 67, - WSI_TOKEN_HTTP_TRANSFER_ENCODING = 68, - WSI_TOKEN_HTTP_USER_AGENT = 69, - WSI_TOKEN_HTTP_VARY = 70, - WSI_TOKEN_HTTP_VIA = 71, - WSI_TOKEN_HTTP_WWW_AUTHENTICATE = 72, - - WSI_TOKEN_PATCH_URI = 73, - WSI_TOKEN_PUT_URI = 74, - WSI_TOKEN_DELETE_URI = 75, - - WSI_TOKEN_HTTP_URI_ARGS = 76, - WSI_TOKEN_PROXY = 77, - WSI_TOKEN_HTTP_X_REAL_IP = 78, - WSI_TOKEN_HTTP1_0 = 79, - WSI_TOKEN_X_FORWARDED_FOR = 80, - WSI_TOKEN_CONNECT = 81, - WSI_TOKEN_HEAD_URI = 82, - WSI_TOKEN_TE = 83, - WSI_TOKEN_REPLAY_NONCE = 84, - WSI_TOKEN_COLON_PROTOCOL = 85, - WSI_TOKEN_X_AUTH_TOKEN = 86, - - /****** add new things just above ---^ ******/ - - /* use token storage to stash these internally, not for - * user use */ - - _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, - _WSI_TOKEN_CLIENT_PEER_ADDRESS, - _WSI_TOKEN_CLIENT_URI, - _WSI_TOKEN_CLIENT_HOST, - _WSI_TOKEN_CLIENT_ORIGIN, - _WSI_TOKEN_CLIENT_METHOD, - _WSI_TOKEN_CLIENT_IFACE, - _WSI_TOKEN_CLIENT_ALPN, - - /* always last real token index*/ - WSI_TOKEN_COUNT, - - /* parser state additions, no storage associated */ - WSI_TOKEN_NAME_PART, -#if defined(LWS_WITH_CUSTOM_HEADERS) - WSI_TOKEN_UNKNOWN_VALUE_PART, -#endif - WSI_TOKEN_SKIPPING, - WSI_TOKEN_SKIPPING_SAW_CR, - WSI_PARSING_COMPLETE, - WSI_INIT_TOKEN_MUXURL, -}; - -struct lws_token_limits { - unsigned short token_limit[WSI_TOKEN_COUNT]; /**< max chars for this token */ -}; - -/** - * lws_token_to_string() - returns a textual representation of a hdr token index - * - * \param token: token index - */ -LWS_VISIBLE LWS_EXTERN const unsigned char * -lws_token_to_string(enum lws_token_indexes token); - -/** - * lws_hdr_total_length: report length of all fragments of a header totalled up - * The returned length does not include the space for a - * terminating '\0' - * - * \param wsi: websocket connection - * \param h: which header index we are interested in - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h); - -/** - * lws_hdr_fragment_length: report length of a single fragment of a header - * The returned length does not include the space for a - * terminating '\0' - * - * \param wsi: websocket connection - * \param h: which header index we are interested in - * \param frag_idx: which fragment of h we want to get the length of - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, - int frag_idx); - -/** - * lws_hdr_copy() - copy all fragments of the given header to a buffer - * The buffer length len must include space for an additional - * terminating '\0', or it will fail returning -1. - * - * \param wsi: websocket connection - * \param dest: destination buffer - * \param len: length of destination buffer - * \param h: which header index we are interested in - * - * copies the whole, aggregated header, even if it was delivered in - * several actual headers piece by piece. Returns -1 or length of the whole - * header. - */ -LWS_VISIBLE LWS_EXTERN int -lws_hdr_copy(struct lws *wsi, char *dest, int len, enum lws_token_indexes h); - -/** - * lws_hdr_copy_fragment() - copy a single fragment of the given header to a buffer - * The buffer length len must include space for an additional - * terminating '\0', or it will fail returning -1. - * If the requested fragment index is not present, it fails - * returning -1. - * - * \param wsi: websocket connection - * \param dest: destination buffer - * \param len: length of destination buffer - * \param h: which header index we are interested in - * \param frag_idx: which fragment of h we want to copy - * - * Normally this is only useful - * to parse URI arguments like ?x=1&y=2, token index WSI_TOKEN_HTTP_URI_ARGS - * fragment 0 will contain "x=1" and fragment 1 "y=2" - */ -LWS_VISIBLE LWS_EXTERN int -lws_hdr_copy_fragment(struct lws *wsi, char *dest, int len, - enum lws_token_indexes h, int frag_idx); - -/** - * lws_hdr_custom_length() - return length of a custom header - * - * \param wsi: websocket connection - * \param name: header string (including terminating :) - * \param nlen: length of name - * - * Lws knows about 100 common http headers, and parses them into indexes when - * it recognizes them. When it meets a header that it doesn't know, it stores - * the name and value directly, and you can look them up using - * lws_hdr_custom_length() and lws_hdr_custom_copy(). - * - * This api returns -1, or the length of the value part of the header if it - * exists. Lws must be built with LWS_WITH_CUSTOM_HEADERS (on by default) to - * use this api. - */ -LWS_VISIBLE LWS_EXTERN int -lws_hdr_custom_length(struct lws *wsi, const char *name, int nlen); - -/** - * lws_hdr_custom_copy() - copy value part of a custom header - * - * \param wsi: websocket connection - * \param dst: pointer to buffer to receive the copy - * \param len: number of bytes available at dst - * \param name: header string (including terminating :) - * \param nlen: length of name - * - * Lws knows about 100 common http headers, and parses them into indexes when - * it recognizes them. When it meets a header that it doesn't know, it stores - * the name and value directly, and you can look them up using - * lws_hdr_custom_length() and lws_hdr_custom_copy(). - * - * This api returns -1, or the length of the string it copied into dst if it - * was big enough to contain both the string and an extra terminating NUL. Lws - * must be built with LWS_WITH_CUSTOM_HEADERS (on by default) to use this api. - */ -LWS_VISIBLE LWS_EXTERN int -lws_hdr_custom_copy(struct lws *wsi, char *dst, int len, const char *name, - int nlen); - -/** - * lws_get_urlarg_by_name() - return pointer to arg value if present - * \param wsi: the connection to check - * \param name: the arg name, like "token=" - * \param buf: the buffer to receive the urlarg (including the name= part) - * \param len: the length of the buffer to receive the urlarg - * - * Returns NULL if not found or a pointer inside buf to just after the - * name= part. - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_get_urlarg_by_name(struct lws *wsi, const char *name, char *buf, int len); -///@} - -/*! \defgroup HTTP-headers-create HTTP headers: create - * - * ## HTTP headers: Create - * - * These apis allow you to create HTTP response headers in a way compatible with - * both HTTP/1.x and HTTP/2. - * - * They each append to a buffer taking care about the buffer end, which is - * passed in as a pointer. When data is written to the buffer, the current - * position p is updated accordingly. - * - * All of these apis are LWS_WARN_UNUSED_RESULT as they can run out of space - * and fail with nonzero return. - */ -///@{ - -#define LWSAHH_CODE_MASK ((1 << 16) - 1) -#define LWSAHH_FLAG_NO_SERVER_NAME (1 << 30) - -/** - * lws_add_http_header_status() - add the HTTP response status code - * - * \param wsi: the connection to check - * \param code: an HTTP code like 200, 404 etc (see enum http_status) - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Adds the initial response code, so should be called first. - * - * Code may additionally take OR'd flags: - * - * LWSAHH_FLAG_NO_SERVER_NAME: don't apply server name header this time - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_add_http_header_status(struct lws *wsi, - unsigned int code, unsigned char **p, - unsigned char *end); -/** - * lws_add_http_header_by_name() - append named header and value - * - * \param wsi: the connection to check - * \param name: the hdr name, like "my-header" - * \param value: the value after the = for this header - * \param length: the length of the value - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Appends name: value to the headers - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_add_http_header_by_name(struct lws *wsi, const unsigned char *name, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end); -/** - * lws_add_http_header_by_token() - append given header and value - * - * \param wsi: the connection to check - * \param token: the token index for the hdr - * \param value: the value after the = for this header - * \param length: the length of the value - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Appends name=value to the headers, but is able to take advantage of better - * HTTP/2 coding mechanisms where possible. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_add_http_header_by_token(struct lws *wsi, enum lws_token_indexes token, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end); -/** - * lws_add_http_header_content_length() - append content-length helper - * - * \param wsi: the connection to check - * \param content_length: the content length to use - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Appends content-length: content_length to the headers - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_add_http_header_content_length(struct lws *wsi, - lws_filepos_t content_length, - unsigned char **p, unsigned char *end); -/** - * lws_finalize_http_header() - terminate header block - * - * \param wsi: the connection to check - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Indicates no more headers will be added - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_finalize_http_header(struct lws *wsi, unsigned char **p, - unsigned char *end); - -/** - * lws_finalize_write_http_header() - Helper finializing and writing http headers - * - * \param wsi: the connection to check - * \param start: pointer to the start of headers in the buffer, eg &buf[LWS_PRE] - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Terminates the headers correctly accoring to the protocol in use (h1 / h2) - * and writes the headers. Returns nonzero for error. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_finalize_write_http_header(struct lws *wsi, unsigned char *start, - unsigned char **p, unsigned char *end); - -#define LWS_ILLEGAL_HTTP_CONTENT_LEN ((lws_filepos_t)-1ll) - -/** - * lws_add_http_common_headers() - Helper preparing common http headers - * - * \param wsi: the connection to check - * \param code: an HTTP code like 200, 404 etc (see enum http_status) - * \param content_type: the content type, like "text/html" - * \param content_len: the content length, in bytes - * \param p: pointer to current position in buffer pointer - * \param end: pointer to end of buffer - * - * Adds the initial response code, so should be called first. - * - * Code may additionally take OR'd flags: - * - * LWSAHH_FLAG_NO_SERVER_NAME: don't apply server name header this time - * - * This helper just calls public apis to simplify adding headers that are - * commonly needed. If it doesn't fit your case, or you want to add additional - * headers just call the public apis directly yourself for what you want. - * - * You can miss out the content length header by providing the constant - * LWS_ILLEGAL_HTTP_CONTENT_LEN for the content_len. - * - * It does not call lws_finalize_http_header(), to allow you to add further - * headers after calling this. You will need to call that yourself at the end. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_add_http_common_headers(struct lws *wsi, unsigned int code, - const char *content_type, lws_filepos_t content_len, - unsigned char **p, unsigned char *end); - -/** - * lws_http_get_uri_and_method() - Get information on method and url - * - * \param wsi: the connection to get information on - * \param puri_ptr: points to pointer to set to url - * \param puri_len: points to int to set to uri length - * - * Returns -1 or method index - * - * GET 0 - * POST 1 - * OPTIONS 2 - * PUT 3 - * PATCH 4 - * DELETE 5 - * CONNECT 6 - * HEAD 7 - * :path 8 - * - * If returns method, *puri_ptr is set to the method's URI string and *puri_len - * to its length - */ - -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_http_get_uri_and_method(struct lws *wsi, char **puri_ptr, int *puri_len); - -///@} - -/*! \defgroup urlendec Urlencode and Urldecode - * \ingroup http - * - * ##HTML chunked Substitution - * - * APIs for receiving chunks of text, replacing a set of variable names via - * a callback, and then prepending and appending HTML chunked encoding - * headers. - */ -//@{ - -/** - * lws_urlencode() - like strncpy but with urlencoding - * - * \param escaped: output buffer - * \param string: input buffer ('/0' terminated) - * \param len: output buffer max length - * - * Because urlencoding expands the output string, it's not - * possible to do it in-place, ie, with escaped == string - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_urlencode(char *escaped, const char *string, int len); - -/* - * URLDECODE 1 / 2 - * - * This simple urldecode only operates until the first '\0' and requires the - * data to exist all at once - */ -/** - * lws_urldecode() - like strncpy but with urldecoding - * - * \param string: output buffer - * \param escaped: input buffer ('\0' terminated) - * \param len: output buffer max length - * - * This is only useful for '\0' terminated strings - * - * Since urldecoding only shrinks the output string, it is possible to - * do it in-place, ie, string == escaped - * - * Returns 0 if completed OK or nonzero for urldecode violation (non-hex chars - * where hex required, etc) - */ -LWS_VISIBLE LWS_EXTERN int -lws_urldecode(char *string, const char *escaped, int len); -///@} - -/** - * lws_return_http_status() - Return simple http status - * \param wsi: Websocket instance (available from user callback) - * \param code: Status index, eg, 404 - * \param html_body: User-readable HTML description < 1KB, or NULL - * - * Helper to report HTTP errors back to the client cleanly and - * consistently - */ -LWS_VISIBLE LWS_EXTERN int -lws_return_http_status(struct lws *wsi, unsigned int code, - const char *html_body); - -/** - * lws_http_redirect() - write http redirect out on wsi - * - * \param wsi: websocket connection - * \param code: HTTP response code (eg, 301) - * \param loc: where to redirect to - * \param len: length of loc - * \param p: pointer current position in buffer (updated as we write) - * \param end: pointer to end of buffer - * - * Returns amount written, or < 0 indicating fatal write failure. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_http_redirect(struct lws *wsi, int code, const unsigned char *loc, int len, - unsigned char **p, unsigned char *end); - -/** - * lws_http_transaction_completed() - wait for new http transaction or close - * \param wsi: websocket connection - * - * Returns 1 if the HTTP connection must close now - * Returns 0 and resets connection to wait for new HTTP header / - * transaction if possible - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_http_transaction_completed(struct lws *wsi); - -/** - * lws_http_headers_detach() - drop the associated headers storage and allow - * it to be reused by another connection - * \param wsi: http connection - * - * If the wsi has an ah headers struct attached, detach it. - */ -LWS_VISIBLE LWS_EXTERN int -lws_http_headers_detach(struct lws *wsi); - -/** - * lws_http_mark_sse() - called to indicate this http stream is now doing SSE - * - * \param wsi: http connection - * - * Cancel any timeout on the wsi, and for h2, mark the network connection as - * containing an immortal stream for the duration the SSE stream is open. - */ -LWS_VISIBLE LWS_EXTERN int -lws_http_mark_sse(struct lws *wsi); - -/** - * lws_http_compression_apply() - apply an http compression transform - * - * \param wsi: the wsi to apply the compression transform to - * \param name: NULL, or the name of the compression transform, eg, "deflate" - * \param p: pointer to pointer to headers buffer - * \param end: pointer to end of headers buffer - * \param decomp: 0 = add compressor to wsi, 1 = add decompressor - * - * This allows transparent compression of dynamically generated HTTP. The - * requested compression (eg, "deflate") is only applied if the client headers - * indicated it was supported (and it has support in lws), otherwise it's a NOP. - * - * If the requested compression method is NULL, then the supported compression - * formats are tried, and for non-decompression (server) mode the first that's - * found on the client's accept-encoding header is chosen. - * - * NOTE: the compression transform, same as h2 support, relies on the user - * code using LWS_WRITE_HTTP and then LWS_WRITE_HTTP_FINAL on the last part - * written. The internal lws fileserving code already does this. - * - * If the library was built without the cmake option - * LWS_WITH_HTTP_STREAM_COMPRESSION set, then a NOP is provided for this api, - * allowing user code to build either way and use compression if available. - */ -LWS_VISIBLE int -lws_http_compression_apply(struct lws *wsi, const char *name, - unsigned char **p, unsigned char *end, char decomp); -///@} - diff --git a/include/libwebsockets/lws-jose.h b/include/libwebsockets/lws-jose.h deleted file mode 100644 index fc0fcc0..0000000 --- a/include/libwebsockets/lws-jose.h +++ /dev/null @@ -1,209 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -enum lws_jws_jose_hdr_indexes { - LJJHI_ALG, /* REQUIRED */ - LJJHI_JKU, /* Optional: string */ - LJJHI_JWK, /* Optional: jwk JSON object: public key: */ - LJJHI_KID, /* Optional: string */ - LJJHI_X5U, /* Optional: string: url of public key cert / chain */ - LJJHI_X5C, /* Optional: base64 (NOT -url): actual cert */ - LJJHI_X5T, /* Optional: base64url: SHA-1 of actual cert */ - LJJHI_X5T_S256, /* Optional: base64url: SHA-256 of actual cert */ - LJJHI_TYP, /* Optional: string: media type */ - LJJHI_CTY, /* Optional: string: content media type */ - LJJHI_CRIT, /* Optional for send, REQUIRED: array of strings: - * mustn't contain standardized strings or null set */ - - LJJHI_RECIPS_HDR, - LJJHI_RECIPS_HDR_ALG, - LJJHI_RECIPS_HDR_KID, - LJJHI_RECIPS_EKEY, - - LJJHI_ENC, /* JWE only: Optional: string */ - LJJHI_ZIP, /* JWE only: Optional: string ("DEF" = deflate) */ - - LJJHI_EPK, /* Additional arg for JWE ECDH: ephemeral public key */ - LJJHI_APU, /* Additional arg for JWE ECDH: base64url */ - LJJHI_APV, /* Additional arg for JWE ECDH: base64url */ - LJJHI_IV, /* Additional arg for JWE AES: base64url */ - LJJHI_TAG, /* Additional arg for JWE AES: base64url */ - LJJHI_P2S, /* Additional arg for JWE PBES2: base64url: salt */ - LJJHI_P2C, /* Additional arg for JWE PBES2: integer: count */ - - LWS_COUNT_JOSE_HDR_ELEMENTS -}; - -enum lws_jose_algtype { - LWS_JOSE_ENCTYPE_NONE, - - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, - - LWS_JOSE_ENCTYPE_ECDSA, - LWS_JOSE_ENCTYPE_ECDHES, - - LWS_JOSE_ENCTYPE_AES_CBC, - LWS_JOSE_ENCTYPE_AES_CFB128, - LWS_JOSE_ENCTYPE_AES_CFB8, - LWS_JOSE_ENCTYPE_AES_CTR, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_AES_OFB, - LWS_JOSE_ENCTYPE_AES_XTS, /* care: requires double-length key */ - LWS_JOSE_ENCTYPE_AES_GCM, -}; - -/* there's a table of these defined in lws-gencrypto-common.c */ - -struct lws_jose_jwe_alg { - enum lws_genhash_types hash_type; - enum lws_genhmac_types hmac_type; - enum lws_jose_algtype algtype_signing; /* the signing cipher */ - enum lws_jose_algtype algtype_crypto; /* the encryption cipher */ - const char *alg; /* the JWA enc alg name, eg "ES512" */ - const char *curve_name; /* NULL, or, eg, "P-256" */ - unsigned short keybits_min, keybits_fixed; - unsigned short ivbits; -}; - -/* - * For JWS, "JOSE header" is defined to be the union of... - * - * o JWS Protected Header - * o JWS Unprotected Header - * - * For JWE, the "JOSE header" is the union of... - * - * o JWE Protected Header - * o JWE Shared Unprotected Header - * o JWE Per-Recipient Unprotected Header - */ - -#define LWS_JWS_MAX_RECIPIENTS 3 - -struct lws_jws_recpient { - /* - * JOSE per-recipient unprotected header... for JWS this contains - * protected / header / signature - */ - struct lws_gencrypto_keyelem unprot[LWS_COUNT_JOSE_HDR_ELEMENTS]; - struct lws_jwk jwk_ephemeral; /* recipient ephemeral key if any */ - struct lws_jwk jwk; /* recipient "jwk" key if any */ -}; - -struct lws_jose { - /* JOSE protected and unprotected header elements */ - struct lws_gencrypto_keyelem e[LWS_COUNT_JOSE_HDR_ELEMENTS]; - - struct lws_jws_recpient recipient[LWS_JWS_MAX_RECIPIENTS]; - - /* information from the protected header part */ - const struct lws_jose_jwe_alg *alg; - const struct lws_jose_jwe_alg *enc_alg; - - int recipients; /* count of used recipient[] entries */ -}; - -/** - * lws_jose_init() - prepare a struct lws_jose for use - * - * \param jose: the jose header struct to prepare - */ -LWS_VISIBLE LWS_EXTERN void -lws_jose_init(struct lws_jose *jose); - -/** - * lws_jose_destroy() - retire a struct lws_jose from use - * - * \param jose: the jose header struct to destroy - */ -LWS_VISIBLE LWS_EXTERN void -lws_jose_destroy(struct lws_jose *jose); - -/** - * lws_gencrypto_jws_alg_to_definition() - look up a jws alg name - * - * \param alg: the jws alg name - * \param jose: pointer to the pointer to the info struct to set on success - * - * Returns 0 if *jose set, else nonzero for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_gencrypto_jws_alg_to_definition(const char *alg, - const struct lws_jose_jwe_alg **jose); - -/** - * lws_gencrypto_jwe_alg_to_definition() - look up a jwe alg name - * - * \param alg: the jwe alg name - * \param jose: pointer to the pointer to the info struct to set on success - * - * Returns 0 if *jose set, else nonzero for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_gencrypto_jwe_alg_to_definition(const char *alg, - const struct lws_jose_jwe_alg **jose); - -/** - * lws_gencrypto_jwe_enc_to_definition() - look up a jwe enc name - * - * \param alg: the jwe enc name - * \param jose: pointer to the pointer to the info struct to set on success - * - * Returns 0 if *jose set, else nonzero for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_gencrypto_jwe_enc_to_definition(const char *enc, - const struct lws_jose_jwe_alg **jose); - -/** - * lws_jws_parse_jose() - parse a JWS JOSE header - * - * \param jose: the jose struct to set to parsing results - * \param buf: the raw JOSE header - * \param len: the length of the raw JOSE header - * \param temp: parent-owned buffer to "allocate" elements into - * \param temp_len: amount of space available in temp - * - * returns the amount of temp used, or -1 for error - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_parse_jose(struct lws_jose *jose, - const char *buf, int len, char *temp, int *temp_len); - -/** - * lws_jwe_parse_jose() - parse a JWE JOSE header - * - * \param jose: the jose struct to set to parsing results - * \param buf: the raw JOSE header - * \param len: the length of the raw JOSE header - * \param temp: parent-owned buffer to "allocate" elements into - * \param temp_len: amount of space available in temp - * - * returns the amount of temp used, or -1 for error - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwe_parse_jose(struct lws_jose *jose, - const char *buf, int len, char *temp, int *temp_len); - diff --git a/include/libwebsockets/lws-jwe.h b/include/libwebsockets/lws-jwe.h deleted file mode 100644 index 3798dee..0000000 --- a/include/libwebsockets/lws-jwe.h +++ /dev/null @@ -1,163 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - * - * JWE Compact Serialization consists of - * - * BASE64URL(UTF8(JWE Protected Header)) || '.' || - * BASE64URL(JWE Encrypted Key) || '.' || - * BASE64URL(JWE Initialization Vector) || '.' || - * BASE64URL(JWE Ciphertext) || '.' || - * BASE64URL(JWE Authentication Tag) - */ - -#define LWS_JWE_RFC3394_OVERHEAD_BYTES 8 -#define LWS_JWE_AES_IV_BYTES 16 - -#define LWS_JWE_LIMIT_RSA_KEY_BITS 4096 -#define LWS_JWE_LIMIT_AES_KEY_BITS (512 + 64) /* RFC3394 Key Wrap adds 64b */ -#define LWS_JWE_LIMIT_EC_KEY_BITS 528 /* 521 rounded to byte boundary */ -#define LWS_JWE_LIMIT_HASH_BITS (LWS_GENHASH_LARGEST * 8) - -/* the largest key element for any cipher */ -#define LWS_JWE_LIMIT_KEY_ELEMENT_BYTES (LWS_JWE_LIMIT_RSA_KEY_BITS / 8) - - -struct lws_jwe { - struct lws_jose jose; - struct lws_jws jws; - struct lws_jwk jwk; - - /* - * We have to keep a copy of the CEK so we can reuse it with later - * key encryptions for the multiple recipient case. - */ - uint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; - unsigned int cek_valid:1; - - int recip; -}; - -LWS_VISIBLE LWS_EXTERN void -lws_jwe_init(struct lws_jwe *jwe, struct lws_context *context); - -LWS_VISIBLE LWS_EXTERN void -lws_jwe_destroy(struct lws_jwe *jwe); - -LWS_VISIBLE LWS_EXTERN void -lws_jwe_be64(uint64_t c, uint8_t *p8); - -/* - * JWE Compact Serialization consists of - * - * BASE64URL(UTF8(JWE Protected Header)) || '.' || - * BASE64URL(JWE Encrypted Key) || '.' || - * BASE64URL(JWE Initialization Vector) || '.' || - * BASE64URL(JWE Ciphertext) || '.' || - * BASE64URL(JWE Authentication Tag) - */ - -LWS_VISIBLE LWS_EXTERN int -lws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len); - -LWS_VISIBLE int -lws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len); - -LWS_VISIBLE LWS_EXTERN int -lws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len, - char *temp, int *temp_len); - -/** - * lws_jwe_auth_and_decrypt() - confirm and decrypt JWE - * - * \param jose: jose context - * \param jws: jws / jwe context... .map and .map_b64 must be filled already - * - * This is a high level JWE decrypt api that takes a jws with the maps - * already processed, and if the authentication passes, returns the decrypted - * plaintext in jws.map.buf[LJWE_CTXT] and its length in jws.map.len[LJWE_CTXT]. - * - * In the jws, the following fields must have been set by the caller - * - * .context - * .jwk (the key encryption key) - * .map - * .map_b64 - * - * Having the b64 and decoded maps filled externally makes it flexible where - * the data was picked from, eg, from a Complete JWE JSON serialization, a - * flattened one, or a Compact Serialization. - * - * Returns decrypt length, or -1 for failure. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len); - -/** - * lws_jwe_encrypt() - perform JWE encryption - * - * \param jose: the JOSE header information (encryption types, etc) - * \param jws: the JWE elements, pointer to jwk etc - * \param temp: parent-owned buffer to "allocate" elements into - * \param temp_len: amount of space available in temp - * - * May be called up to LWS_JWS_MAX_RECIPIENTS times to encrypt the same CEK - * multiple ways on the same JWE payload. - * - * returns the amount of temp used, or -1 for error. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len); - -/** - * lws_jwe_create_packet() - add b64 sig to b64 hdr + payload - * - * \param jwe: the struct lws_jwe we are trying to render - * \param payload: unencoded payload JSON - * \param len: length of unencoded payload JSON - * \param nonce: Nonse string to include in protected header - * \param out: buffer to take signed packet - * \param out_len: size of \p out buffer - * \param conext: lws_context to get random from - * - * This creates a "flattened" JWS packet from the jwk and the plaintext - * payload, and signs it. The packet is written into \p out. - * - * This does the whole packet assembly and signing, calling through to - * lws_jws_sign_from_b64() as part of the process. - * - * Returns the length written to \p out, or -1. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwe_create_packet(struct lws_jwe *jwe, - const char *payload, size_t len, const char *nonce, - char *out, size_t out_len, struct lws_context *context); - - -/* only exposed because we have test vectors that need it */ -LWS_VISIBLE LWS_EXTERN int -lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, - uint8_t *aad, int aad_len); - -/* only exposed because we have test vectors that need it */ -LWS_VISIBLE LWS_EXTERN int -lws_jwa_concat_kdf(struct lws_jwe *jwe, int direct, - uint8_t *out, const uint8_t *shared_secret, int sslen); diff --git a/include/libwebsockets/lws-jwk.h b/include/libwebsockets/lws-jwk.h deleted file mode 100644 index f55826a..0000000 --- a/include/libwebsockets/lws-jwk.h +++ /dev/null @@ -1,206 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup jwk JSON Web Keys - * ## JSON Web Keys API - * - * Lws provides an API to parse JSON Web Keys into a struct lws_gencrypto_keyelem. - * - * "oct" and "RSA" type keys are supported. For "oct" keys, they are held in - * the "e" member of the struct lws_gencrypto_keyelem. - * - * Keys elements are allocated on the heap. You must destroy the allocations - * in the struct lws_gencrypto_keyelem by calling - * lws_genrsa_destroy_elements() when you are finished with it. - */ -///@{ - -enum enum_jwk_meta_tok { - JWK_META_KTY, - JWK_META_KID, - JWK_META_USE, - JWK_META_KEY_OPS, - JWK_META_X5C, - JWK_META_ALG, - - LWS_COUNT_JWK_ELEMENTS -}; - -struct lws_jwk { - /* key data elements */ - struct lws_gencrypto_keyelem e[LWS_GENCRYPTO_MAX_KEYEL_COUNT]; - /* generic meta key elements, like KID */ - struct lws_gencrypto_keyelem meta[LWS_COUNT_JWK_ELEMENTS]; - int kty; /**< one of LWS_JWK_ */ - char private_key; /* nonzero = has private key elements */ -}; - -typedef int (*lws_jwk_key_import_callback)(struct lws_jwk *s, void *user); - -struct lws_jwk_parse_state { - struct lws_jwk *jwk; - char b64[(((8192 / 8) * 4) / 3) + 1]; /* enough for 8Kb key */ - lws_jwk_key_import_callback per_key_cb; - void *user; - int pos; - unsigned short possible; -}; - -/** lws_jwk_import() - Create a JSON Web key from the textual representation - * - * \param jwk: the JWK object to create - * \param cb: callback for each jwk-processed key, or NULL if importing a single - * key with no parent "keys" JSON - * \param user: pointer to be passed to the callback, otherwise ignored by lws. - * NULL if importing a single key with no parent "keys" JSON - * \param in: a single JWK JSON stanza in utf-8 - * \param len: the length of the JWK JSON stanza in bytes - * - * Creates an lws_jwk struct filled with data from the JSON representation. - * - * There are two ways to use this... with some protocols a single jwk is - * delivered with no parent "keys": [] array. If you call this with cb and - * user as NULL, then the input will be interpreted like that and the results - * placed in s. - * - * The second case is that you are dealing with a "keys":[] array with one or - * more keys in it. In this case, the function iterates through the keys using - * s as a temporary jwk, and calls the user-provided callback for each key in - * turn while it return 0 (nonzero return from the callback terminates the - * iteration through any further keys). - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_import(struct lws_jwk *jwk, lws_jwk_key_import_callback cb, void *user, - const char *in, size_t len); - -/** lws_jwk_destroy() - Destroy a JSON Web key - * - * \param jwk: the JWK object to destroy - * - * All allocations in the lws_jwk are destroyed - */ -LWS_VISIBLE LWS_EXTERN void -lws_jwk_destroy(struct lws_jwk *jwk); - -/** lws_jwk_dup_oct() - Set a jwk to a dup'd binary OCT key - * - * \param jwk: the JWK object to set - * \param key: the JWK object to destroy - * \param len: the JWK object to destroy - * - * Sets the kty to OCT, allocates len bytes for K and copies len bytes of key - * into the allocation. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_dup_oct(struct lws_jwk *jwk, const void *key, int len); - -/** lws_jwk_export() - Export a JSON Web key to a textual representation - * - * \param jwk: the JWK object to export - * \param _private: 0 = just export public parts, 1 = export everything - * \param p: the buffer to write the exported JWK to - * \param len: the length of the buffer \p p in bytes... reduced by used amount - * - * Returns length of the used part of the buffer if OK, or -1 for error. - * - * Serializes the content of the JWK into a char buffer. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_export(struct lws_jwk *jwk, int _private, char *p, int *len); - -/** lws_jwk_load() - Import a JSON Web key from a file - * - * \param jwk: the JWK object to load into - * \param filename: filename to load from - * \param cb: optional callback for each key - * \param user: opaque user pointer passed to cb if given - * - * Returns 0 for OK or -1 for failure - * - * There are two ways to use this... with some protocols a single jwk is - * delivered with no parent "keys": [] array. If you call this with cb and - * user as NULL, then the input will be interpreted like that and the results - * placed in s. - * - * The second case is that you are dealing with a "keys":[] array with one or - * more keys in it. In this case, the function iterates through the keys using - * s as a temporary jwk, and calls the user-provided callback for each key in - * turn while it return 0 (nonzero return from the callback terminates the - * iteration through any further keys, leaving the last one in s). - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_load(struct lws_jwk *jwk, const char *filename, - lws_jwk_key_import_callback cb, void *user); - -/** lws_jwk_save() - Export a JSON Web key to a file - * - * \param jwk: the JWK object to save from - * \param filename: filename to save to - * - * Returns 0 for OK or -1 for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_save(struct lws_jwk *jwk, const char *filename); - -/** lws_jwk_rfc7638_fingerprint() - jwk to RFC7638 compliant fingerprint - * - * \param jwk: the JWK object to fingerprint - * \param digest32: buffer to take 32-byte digest - * - * Returns 0 for OK or -1 for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_rfc7638_fingerprint(struct lws_jwk *jwk, char *digest32); - -/** lws_jwk_strdup_meta() - allocate a duplicated string meta element - * - * \param jwk: the JWK object to fingerprint - * \param idx: JWK_META_ element index - * \param in: string to copy - * \param len: length of string to copy - * - * Returns 0 for OK or -1 for failure - */ -LWS_VISIBLE LWS_EXTERN int -lws_jwk_strdup_meta(struct lws_jwk *jwk, enum enum_jwk_meta_tok idx, - const char *in, int len); - - -LWS_VISIBLE LWS_EXTERN int -lws_jwk_dump(struct lws_jwk *jwk); - -/** lws_jwk_generate() - create a new key of given type and characteristics - * - * \param context: the struct lws_context used for RNG - * \param jwk: the JWK object to fingerprint - * \param kty: One of the LWS_GENCRYPTO_KTY_ key types - * \param bits: for OCT and RSA keys, the number of bits - * \param curve: for EC keys, the name of the curve - * - * Returns 0 for OK or -1 for failure - */ -LWS_VISIBLE int -lws_jwk_generate(struct lws_context *context, struct lws_jwk *jwk, - enum lws_gencrypto_kty kty, int bits, const char *curve); - -///@} diff --git a/include/libwebsockets/lws-jws.h b/include/libwebsockets/lws-jws.h deleted file mode 100644 index ac01a78..0000000 --- a/include/libwebsockets/lws-jws.h +++ /dev/null @@ -1,404 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup jws JSON Web Signature - * ## JSON Web Signature API - * - * Lws provides an API to check and create RFC7515 JSON Web Signatures - * - * SHA256/384/512 HMAC, and RSA 256/384/512 are supported. - * - * The API uses your TLS library crypto, but works exactly the same no matter - * what your TLS backend is. - */ -///@{ - -/* - * The maps are built to work with both JWS (LJWS_) and JWE (LJWE_), and are - * sized to the slightly larger JWE case. - */ - -enum enum_jws_sig_elements { - - /* JWS block namespace */ - LJWS_JOSE, - LJWS_PYLD, - LJWS_SIG, - LJWS_UHDR, - - /* JWE block namespace */ - LJWE_JOSE = 0, - LJWE_EKEY, - LJWE_IV, - LJWE_CTXT, - LJWE_ATAG, - LJWE_AAD, - - LWS_JWS_MAX_COMPACT_BLOCKS -}; - -struct lws_jws_map { - const char *buf[LWS_JWS_MAX_COMPACT_BLOCKS]; - uint32_t len[LWS_JWS_MAX_COMPACT_BLOCKS]; -}; - -#define LWS_JWS_MAX_SIGS 3 - -struct lws_jws { - struct lws_jwk *jwk; /* the struct lws_jwk containing the signing key */ - struct lws_context *context; /* the lws context (used to get random) */ - struct lws_jws_map map, map_b64; -}; - -/* jws EC signatures do not have ASN.1 in them, meaning they're incompatible - * with generic signatures. - */ - -/** - * lws_jws_init() - initialize a jws for use - * - * \param jws: pointer to the jws to initialize - * \param jwk: the jwk to use with this jws - * \param context: the lws_context to use - */ -LWS_VISIBLE LWS_EXTERN void -lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk, - struct lws_context *context); - -/** - * lws_jws_destroy() - scrub a jws - * - * \param jws: pointer to the jws to destroy - * - * Call before the jws goes out of scope. - * - * Elements defined in the jws are zeroed. - */ -LWS_VISIBLE LWS_EXTERN void -lws_jws_destroy(struct lws_jws *jws); - -/** - * lws_jws_sig_confirm_compact() - check signature - * - * \param map: pointers and lengths for each of the unencoded JWS elements - * \param jwk: public key - * \param context: lws_context - * \param temp: scratchpad - * \param temp_len: length of scratchpad - * - * Confirms the signature on a JWS. Use if you have non-b64 plain JWS elements - * in a map... it'll make a temp b64 version needed for comparison. See below - * for other variants. - * - * Returns 0 on match. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_sig_confirm_compact(struct lws_jws_map *map, struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len); - -LWS_VISIBLE LWS_EXTERN int -lws_jws_sig_confirm_compact_b64_map(struct lws_jws_map *map_b64, - struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len); - -/** - * lws_jws_sig_confirm_compact_b64() - check signature on b64 compact JWS - * - * \param in: pointer to b64 jose.payload[.hdr].sig - * \param len: bytes available at \p in - * \param map: map to take decoded non-b64 content - * \param jwk: public key - * \param context: lws_context - * \param temp: scratchpad - * \param temp_len: size of scratchpad - * - * Confirms the signature on a JWS. Use if you have you have b64 compact layout - * (jose.payload.hdr.sig) as an aggregated string... it'll make a temp plain - * version needed for comparison. - * - * Returns 0 on match. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_sig_confirm_compact_b64(const char *in, size_t len, - struct lws_jws_map *map, - struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len); - -/** - * lws_jws_sig_confirm() - check signature on plain + b64 JWS elements - * - * \param map_b64: pointers and lengths for each of the b64-encoded JWS elements - * \param map: pointers and lengths for each of the unencoded JWS elements - * \param jwk: public key - * \param context: lws_context - * - * Confirms the signature on a JWS. Use if you have you already have both b64 - * compact layout (jose.payload.hdr.sig) and decoded JWS elements in maps. - * - * If you had the b64 string and called lws_jws_compact_decode() on it, you - * will end up with both maps, and can use this api version, saving needlessly - * regenerating any temp map. - * - * Returns 0 on match. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_sig_confirm(struct lws_jws_map *map_b64, /* b64-encoded */ - struct lws_jws_map *map, /* non-b64 */ - struct lws_jwk *jwk, struct lws_context *context); - -/** - * lws_jws_sign_from_b64() - add b64 sig to b64 hdr + payload - * - * \param jose: jose header information - * \param jws: information to include in the signature - * \param b64_sig: output buffer for b64 signature - * \param sig_len: size of \p b64_sig output buffer - * - * This adds a b64-coded JWS signature of the b64-encoded protected header - * and b64-encoded payload, at \p b64_sig. The signature will be as large - * as the N element of the RSA key when the RSA key is used, eg, 512 bytes for - * a 4096-bit key, and then b64-encoding on top. - * - * In some special cases, there is only payload to sign and no header, in that - * case \p b64_hdr may be NULL, and only the payload will be hashed before - * signing. - * - * Returns the length of the encoded signature written to \p b64_sig, or -1. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, char *b64_sig, - size_t sig_len); - -/** - * lws_jws_compact_decode() - converts and maps compact serialization b64 sections - * - * \param in: the incoming compact serialized b64 - * \param len: the length of the incoming compact serialized b64 - * \param map: pointer to the results structure - * \param map_b64: NULL, or pointer to a second results structure taking block - * information about the undecoded b64 - * \param out: buffer to hold decoded results - * \param out_len: size of out in bytes - * - * Returns number of sections (2 if "none", else 3), or -1 if illegal. - * - * map is set to point to the start and hold the length of each decoded block. - * If map_b64 is non-NULL, then it's set with information about the input b64 - * blocks. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map, - struct lws_jws_map *map_b64, char *out, int *out_len); - -LWS_VISIBLE LWS_EXTERN int -lws_jws_compact_encode(struct lws_jws_map *map_b64, /* b64-encoded */ - const struct lws_jws_map *map, /* non-b64 */ - char *buf, int *out_len); - -LWS_VISIBLE LWS_EXTERN int -lws_jws_sig_confirm_json(const char *in, size_t len, - struct lws_jws *jws, struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len); - -/** - * lws_jws_write_flattened_json() - create flattened JSON sig - * - * \param jws: information to include in the signature - * \param flattened: output buffer for JSON - * \param len: size of \p flattened output buffer - * - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len); - -/** - * lws_jws_write_compact() - create flattened JSON sig - * - * \param jws: information to include in the signature - * \param compact: output buffer for compact format - * \param len: size of \p flattened output buffer - * - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len); - - - -/* - * below apis are not normally needed if dealing with whole JWS... they're - * useful for creating from scratch - */ - - -/** - * lws_jws_dup_element() - allocate space for an element and copy data into it - * - * \param map: map to create the element in - * \param idx: index of element in the map to create - * \param temp: space to allocate in - * \param temp_len: available space at temp - * \param in: data to duplicate into element - * \param in_len: length of data to duplicate - * \param actual_alloc: 0 for same as in_len, else actual allocation size - * - * Copies in_len from in to temp, if temp_len is sufficient. - * - * Returns 0 or -1 if not enough space in temp / temp_len. - * - * Over-allocation can be acheived by setting actual_alloc to the real - * allocation desired... in_len will be copied into it. - * - * *temp_len is reduced by actual_alloc if successful. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_dup_element(struct lws_jws_map *map, int idx, - char *temp, int *temp_len, const void *in, size_t in_len, - size_t actual_alloc); - -/** - * lws_jws_randomize_element() - create an element and fill with random - * - * \param context: lws_context used for random - * \param map: map to create the element in - * \param idx: index of element in the map to create - * \param temp: space to allocate in - * \param temp_len: available space at temp - * \param random_len: length of data to fill with random - * \param actual_alloc: 0 for same as random_len, else actual allocation size - * - * Randomize random_len bytes at temp, if temp_len is sufficient. - * - * Returns 0 or -1 if not enough space in temp / temp_len. - * - * Over-allocation can be acheived by setting actual_alloc to the real - * allocation desired... the first random_len will be filled with random. - * - * *temp_len is reduced by actual_alloc if successful. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_randomize_element(struct lws_context *context, - struct lws_jws_map *map, - int idx, char *temp, int *temp_len, size_t random_len, - size_t actual_alloc); - -/** - * lws_jws_alloc_element() - create an element and reserve space for content - * - * \param map: map to create the element in - * \param idx: index of element in the map to create - * \param temp: space to allocate in - * \param temp_len: available space at temp - * \param len: logical length of element - * \param actual_alloc: 0 for same as len, else actual allocation size - * - * Allocate len bytes at temp, if temp_len is sufficient. - * - * Returns 0 or -1 if not enough space in temp / temp_len. - * - * Over-allocation can be acheived by setting actual_alloc to the real - * allocation desired... the element logical length will be set to len. - * - * *temp_len is reduced by actual_alloc if successful. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp, - int *temp_len, size_t len, size_t actual_alloc); - -/** - * lws_jws_encode_b64_element() - create an b64-encoded element - * - * \param map: map to create the element in - * \param idx: index of element in the map to create - * \param temp: space to allocate in - * \param temp_len: available space at temp - * \param in: pointer to unencoded input - * \param in_len: length of unencoded input - * - * Allocate len bytes at temp, if temp_len is sufficient. - * - * Returns 0 or -1 if not enough space in temp / temp_len. - * - * Over-allocation can be acheived by setting actual_alloc to the real - * allocation desired... the element logical length will be set to len. - * - * *temp_len is reduced by actual_alloc if successful. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_encode_b64_element(struct lws_jws_map *map, int idx, - char *temp, int *temp_len, const void *in, - size_t in_len); - - -/** - * lws_jws_b64_compact_map() - find block starts and lengths in compact b64 - * - * \param in: pointer to b64 jose.payload[.hdr].sig - * \param len: bytes available at \p in - * \param map: output struct with pointers and lengths for each JWS element - * - * Scans a jose.payload[.hdr].sig b64 string and notes where the blocks start - * and their length into \p map. - * - * Returns number of blocks if OK. May return <0 if malformed. - * May not fill all map entries. - */ - -LWS_VISIBLE LWS_EXTERN int -lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map); - - -/** - * lws_jws_base64_enc() - encode input data into b64url data - * - * \param in: the incoming plaintext - * \param in_len: the length of the incoming plaintext in bytes - * \param out: the buffer to store the b64url encoded data to - * \param out_max: the length of \p out in bytes - * - * Returns either -1 if problems, or the number of bytes written to \p out. - */ -LWS_VISIBLE LWS_EXTERN int -lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max); - -/** - * lws_jws_encode_section() - encode input data into b64url data, - * prepending . if not first - * - * \param in: the incoming plaintext - * \param in_len: the length of the incoming plaintext in bytes - * \param first: nonzero if the first section - * \param p: the buffer to store the b64url encoded data to - * \param end: just past the end of p - * - * Returns either -1 if problems, or the number of bytes written to \p out. - * If the section is not the first one, '.' is prepended. - */ - -LWS_VISIBLE LWS_EXTERN int -lws_jws_encode_section(const char *in, size_t in_len, int first, char **p, - char *end); -///@} diff --git a/include/libwebsockets/lws-logs.h b/include/libwebsockets/lws-logs.h deleted file mode 100644 index d71f946..0000000 --- a/include/libwebsockets/lws-logs.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup log Logging - * - * ##Logging - * - * Lws provides flexible and filterable logging facilities, which can be - * used inside lws and in user code. - * - * Log categories may be individually filtered bitwise, and directed to built-in - * sinks for syslog-compatible logging, or a user-defined function. - */ -///@{ - -enum lws_log_levels { - LLL_ERR = 1 << 0, - LLL_WARN = 1 << 1, - LLL_NOTICE = 1 << 2, - LLL_INFO = 1 << 3, - LLL_DEBUG = 1 << 4, - LLL_PARSER = 1 << 5, - LLL_HEADER = 1 << 6, - LLL_EXT = 1 << 7, - LLL_CLIENT = 1 << 8, - LLL_LATENCY = 1 << 9, - LLL_USER = 1 << 10, - LLL_THREAD = 1 << 11, - - LLL_COUNT = 12 /* set to count of valid flags */ -}; - -/** - * lwsl_timestamp: generate logging timestamp string - * - * \param level: logging level - * \param p: char * buffer to take timestamp - * \param len: length of p - * - * returns length written in p - */ -LWS_VISIBLE LWS_EXTERN int -lwsl_timestamp(int level, char *p, int len); - -#if defined(LWS_PLAT_OPTEE) && !defined(LWS_WITH_NETWORK) -#define _lws_log(aaa, ...) SMSG(__VA_ARGS__) -#else -LWS_VISIBLE LWS_EXTERN void _lws_log(int filter, const char *format, ...) LWS_FORMAT(2); -LWS_VISIBLE LWS_EXTERN void _lws_logv(int filter, const char *format, va_list vl); -#endif - -/* these guys are unconditionally included */ - -#define lwsl_err(...) _lws_log(LLL_ERR, __VA_ARGS__) -#define lwsl_user(...) _lws_log(LLL_USER, __VA_ARGS__) - -#if !defined(LWS_WITH_NO_LOGS) -/* notice and warn are usually included by being compiled in */ -#define lwsl_warn(...) _lws_log(LLL_WARN, __VA_ARGS__) -#define lwsl_notice(...) _lws_log(LLL_NOTICE, __VA_ARGS__) -#endif -/* - * weaker logging can be deselected by telling CMake to build in RELEASE mode - * that gets rid of the overhead of checking while keeping _warn and _err - * active - */ - -#if defined(_DEBUG) -#if defined(LWS_WITH_NO_LOGS) -/* notice, warn and log are always compiled in */ -#define lwsl_warn(...) _lws_log(LLL_WARN, __VA_ARGS__) -#define lwsl_notice(...) _lws_log(LLL_NOTICE, __VA_ARGS__) -#endif -#define lwsl_info(...) _lws_log(LLL_INFO, __VA_ARGS__) -#define lwsl_debug(...) _lws_log(LLL_DEBUG, __VA_ARGS__) -#define lwsl_parser(...) _lws_log(LLL_PARSER, __VA_ARGS__) -#define lwsl_header(...) _lws_log(LLL_HEADER, __VA_ARGS__) -#define lwsl_ext(...) _lws_log(LLL_EXT, __VA_ARGS__) -#define lwsl_client(...) _lws_log(LLL_CLIENT, __VA_ARGS__) -#define lwsl_latency(...) _lws_log(LLL_LATENCY, __VA_ARGS__) -#define lwsl_thread(...) _lws_log(LLL_THREAD, __VA_ARGS__) - -#else /* no debug */ -#if defined(LWS_WITH_NO_LOGS) -#define lwsl_warn(...) do {} while(0) -#define lwsl_notice(...) do {} while(0) -#endif -#define lwsl_info(...) do {} while(0) -#define lwsl_debug(...) do {} while(0) -#define lwsl_parser(...) do {} while(0) -#define lwsl_header(...) do {} while(0) -#define lwsl_ext(...) do {} while(0) -#define lwsl_client(...) do {} while(0) -#define lwsl_latency(...) do {} while(0) -#define lwsl_thread(...) do {} while(0) - -#endif - - -#define lwsl_hexdump_err(...) lwsl_hexdump_level(LLL_ERR, __VA_ARGS__) -#define lwsl_hexdump_warn(...) lwsl_hexdump_level(LLL_WARN, __VA_ARGS__) -#define lwsl_hexdump_notice(...) lwsl_hexdump_level(LLL_NOTICE, __VA_ARGS__) -#define lwsl_hexdump_info(...) lwsl_hexdump_level(LLL_INFO, __VA_ARGS__) -#define lwsl_hexdump_debug(...) lwsl_hexdump_level(LLL_DEBUG, __VA_ARGS__) - -/** - * lwsl_hexdump_level() - helper to hexdump a buffer at a selected debug level - * - * \param level: one of LLL_ constants - * \param vbuf: buffer start to dump - * \param len: length of buffer to dump - * - * If \p level is visible, does a nice hexdump -C style dump of \p vbuf for - * \p len bytes. This can be extremely convenient while debugging. - */ -LWS_VISIBLE LWS_EXTERN void -lwsl_hexdump_level(int level, const void *vbuf, size_t len); - -/** - * lwsl_hexdump() - helper to hexdump a buffer (DEBUG builds only) - * - * \param buf: buffer start to dump - * \param len: length of buffer to dump - * - * Calls through to lwsl_hexdump_level(LLL_DEBUG, ... for compatability. - * It's better to use lwsl_hexdump_level(level, ... directly so you can control - * the visibility. - */ -LWS_VISIBLE LWS_EXTERN void -lwsl_hexdump(const void *buf, size_t len); - -/** - * lws_is_be() - returns nonzero if the platform is Big Endian - */ -static LWS_INLINE int lws_is_be(void) { - const int probe = ~0xff; - - return *(const char *)&probe; -} - -/** - * lws_set_log_level() - Set the logging bitfield - * \param level: OR together the LLL_ debug contexts you want output from - * \param log_emit_function: NULL to leave it as it is, or a user-supplied - * function to perform log string emission instead of - * the default stderr one. - * - * log level defaults to "err", "warn" and "notice" contexts enabled and - * emission on stderr. If stderr is a tty (according to isatty()) then - * the output is coloured according to the log level using ANSI escapes. - */ -LWS_VISIBLE LWS_EXTERN void -lws_set_log_level(int level, - void (*log_emit_function)(int level, const char *line)); - -/** - * lwsl_emit_syslog() - helper log emit function writes to system log - * - * \param level: one of LLL_ log level indexes - * \param line: log string - * - * You use this by passing the function pointer to lws_set_log_level(), to set - * it as the log emit function, it is not called directly. - */ -LWS_VISIBLE LWS_EXTERN void -lwsl_emit_syslog(int level, const char *line); - -/** - * lwsl_emit_stderr() - helper log emit function writes to stderr - * - * \param level: one of LLL_ log level indexes - * \param line: log string - * - * You use this by passing the function pointer to lws_set_log_level(), to set - * it as the log emit function, it is not called directly. - * - * It prepends a system timestamp like [2018/11/13 07:41:57:3989] - * - * If stderr is a tty, then ansi colour codes are added. - */ -LWS_VISIBLE LWS_EXTERN void -lwsl_emit_stderr(int level, const char *line); - -/** - * lwsl_emit_stderr_notimestamp() - helper log emit function writes to stderr - * - * \param level: one of LLL_ log level indexes - * \param line: log string - * - * You use this by passing the function pointer to lws_set_log_level(), to set - * it as the log emit function, it is not called directly. - * - * If stderr is a tty, then ansi colour codes are added. - */ -LWS_VISIBLE LWS_EXTERN void -lwsl_emit_stderr_notimestamp(int level, const char *line); - -/** - * lwsl_visible() - returns true if the log level should be printed - * - * \param level: one of LLL_ log level indexes - * - * This is useful if you have to do work to generate the log content, you - * can skip the work if the log level used to print it is not actually - * enabled at runtime. - */ -LWS_VISIBLE LWS_EXTERN int -lwsl_visible(int level); - -///@} diff --git a/include/libwebsockets/lws-lwsac.h b/include/libwebsockets/lws-lwsac.h deleted file mode 100644 index 81c3b71..0000000 --- a/include/libwebsockets/lws-lwsac.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * libwebsockets - lws alloc chunk - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup lwsac lwsac - * - * ##Allocated Chunks - * - * If you know you will be allocating a large, unknown number of same or - * differently sized objects, it's certainly possible to do it with libc - * malloc. However the allocation cost in time and memory overhead can - * add up, and deallocation means walking the structure of every object and - * freeing them in turn. - * - * lwsac (LWS Allocated Chunks) allocates chunks intended to be larger - * than your objects (4000 bytes by default) which you linearly allocate from - * using lwsac_use(). - * - * If your next request won't fit in the current chunk, a new chunk is added - * to the chain of chunks and the allocaton done from there. If the request - * is larger than the chunk size, an oversize chunk is created to satisfy it. - * - * When you are finished with the allocations, you call lwsac_free() and - * free all the *chunks*. So you may have thousands of objects in the chunks, - * but they are all destroyed with the chunks without having to deallocate them - * one by one pointlessly. - */ -///@{ - -struct lwsac; -typedef unsigned char * lwsac_cached_file_t; - - -#define lws_list_ptr_container(P,T,M) ((T *)((char *)(P) - offsetof(T, M))) - -/* - * linked-list helper that's commonly useful to manage lists of things - * allocated using lwsac. - * - * These lists point to their corresponding "next" member in the target, NOT - * the original containing struct. To get the containing struct, you must use - * lws_list_ptr_container() to convert. - * - * It's like that because it means we no longer have to have the next pointer - * at the start of the struct, and we can have the same struct on multiple - * linked-lists with everything held in the struct itself. - */ -typedef void * lws_list_ptr; - -/* - * optional sorting callback called by lws_list_ptr_insert() to sort the right - * things inside the opqaue struct being sorted / inserted on the list. - */ -typedef int (*lws_list_ptr_sort_func_t)(lws_list_ptr a, lws_list_ptr b); - -#define lws_list_ptr_advance(_lp) _lp = *((void **)_lp) - -/* sort may be NULL if you don't care about order */ -LWS_VISIBLE LWS_EXTERN void -lws_list_ptr_insert(lws_list_ptr *phead, lws_list_ptr *add, - lws_list_ptr_sort_func_t sort); - - -/** - * lwsac_use - allocate / use some memory from a lwsac - * - * \param head: pointer to the lwsac list object - * \param ensure: the number of bytes we want to use - * \param chunk_size: 0, or the size of the chunk to (over)allocate if - * what we want won't fit in the current tail chunk. If - * 0, the default value of 4000 is used. If ensure is - * larger, it is used instead. - * - * This also serves to init the lwsac if *head is NULL. Basically it does - * whatever is necessary to return you a pointer to ensure bytes of memory - * reserved for the caller. - * - * Returns NULL if OOM. - */ -LWS_VISIBLE LWS_EXTERN void * -lwsac_use(struct lwsac **head, size_t ensure, size_t chunk_size); - -/** - * lwsac_use_zero - allocate / use some memory from a lwsac and zero it - * - * \param head: pointer to the lwsac list object - * \param ensure: the number of bytes we want to use - * \param chunk_size: 0, or the size of the chunk to (over)allocate if - * what we want won't fit in the current tail chunk. If - * 0, the default value of 4000 is used. If ensure is - * larger, it is used instead. - * - * This also serves to init the lwsac if *head is NULL. Basically it does - * whatever is necessary to return you a pointer to ensure bytes of memory - * reserved for the caller. - * - * \p ensure bytes at the return address are zeroed if the allocation succeeded. - * - * Returns NULL if OOM. - */ -LWS_VISIBLE LWS_EXTERN void * -lwsac_use_zero(struct lwsac **head, size_t ensure, size_t chunk_size); - -/** - * lwsac_use - allocate / use some memory from a lwsac - * - * \param head: pointer to the lwsac list object - * \param ensure: the number of bytes we want to use, which must be zeroed - * \param chunk_size: 0, or the size of the chunk to (over)allocate if - * what we want won't fit in the current tail chunk. If - * 0, the default value of 4000 is used. If ensure is - * larger, it is used instead. - * - * Same as lwsac_use(), but \p ensure bytes of memory at the return address - * are zero'd before returning. - * - * Returns NULL if OOM. - */ -LWS_VISIBLE LWS_EXTERN void * -lwsac_use_zeroed(struct lwsac **head, size_t ensure, size_t chunk_size); - -/** - * lwsac_free - deallocate all chunks in the lwsac and set head NULL - * - * \param head: pointer to the lwsac list object - * - * This deallocates all chunks in the lwsac, then sets *head to NULL. All - * lwsac_use() pointers are invalidated in one hit without individual frees. - */ -LWS_VISIBLE LWS_EXTERN void -lwsac_free(struct lwsac **head); - -/* - * Optional helpers useful for where consumers may need to defer destruction - * until all consumers are finished with the lwsac - */ - -/** - * lwsac_detach() - destroy an lwsac unless somebody else is referencing it - * - * \param head: pointer to the lwsac list object - * - * The creator of the lwsac can all this instead of lwsac_free() when it itself - * has finished with the lwsac, but other code may be consuming it. - * - * If there are no other references, the lwsac is destroyed, *head is set to - * NULL and that's the end; however if something else has called - * lwsac_reference() on the lwsac, it simply returns. When lws_unreference() - * is called and no references are left, it will be destroyed then. - */ -LWS_VISIBLE LWS_EXTERN void -lwsac_detach(struct lwsac **head); - -/** - * lwsac_reference() - increase the lwsac reference count - * - * \param head: pointer to the lwsac list object - * - * Increment the reference count on the lwsac to defer destruction. - */ -LWS_VISIBLE LWS_EXTERN void -lwsac_reference(struct lwsac *head); - -/** - * lwsac_reference() - increase the lwsac reference count - * - * \param head: pointer to the lwsac list object - * - * Decrement the reference count on the lwsac... if it reached 0 on a detached - * lwsac then the lwsac is immediately destroyed and *head set to NULL. - */ -LWS_VISIBLE LWS_EXTERN void -lwsac_unreference(struct lwsac **head); - - -/* helpers to keep a file cached in memory */ - -LWS_VISIBLE LWS_EXTERN void -lwsac_use_cached_file_start(lwsac_cached_file_t cache); - -LWS_VISIBLE LWS_EXTERN void -lwsac_use_cached_file_end(lwsac_cached_file_t *cache); - -LWS_VISIBLE LWS_EXTERN void -lwsac_use_cached_file_detach(lwsac_cached_file_t *cache); - -LWS_VISIBLE LWS_EXTERN int -lwsac_cached_file(const char *filepath, lwsac_cached_file_t *cache, - size_t *len); - -/* more advanced helpers */ - -LWS_VISIBLE LWS_EXTERN size_t -lwsac_sizeof(void); - -LWS_VISIBLE LWS_EXTERN size_t -lwsac_get_tail_pos(struct lwsac *lac); - -LWS_VISIBLE LWS_EXTERN struct lwsac * -lwsac_get_next(struct lwsac *lac); - -LWS_VISIBLE LWS_EXTERN size_t -lwsac_align(size_t length); - -LWS_VISIBLE LWS_EXTERN void -lwsac_info(struct lwsac *head); - -LWS_VISIBLE LWS_EXTERN uint64_t -lwsac_total_alloc(struct lwsac *head); - -///@} diff --git a/include/libwebsockets/lws-misc.h b/include/libwebsockets/lws-misc.h deleted file mode 100644 index fe09303..0000000 --- a/include/libwebsockets/lws-misc.h +++ /dev/null @@ -1,926 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup misc Miscellaneous APIs -* ##Miscellaneous APIs -* -* Various APIs outside of other categories -*/ -///@{ - -/** - * lws_start_foreach_ll(): linkedlist iterator helper start - * - * \param type: type of iteration, eg, struct xyz * - * \param it: iterator var name to create - * \param start: start of list - * - * This helper creates an iterator and starts a while (it) { - * loop. The iterator runs through the linked list starting at start and - * ends when it gets a NULL. - * The while loop should be terminated using lws_start_foreach_ll(). - */ -#define lws_start_foreach_ll(type, it, start)\ -{ \ - type it = start; \ - while (it) { - -/** - * lws_end_foreach_ll(): linkedlist iterator helper end - * - * \param it: same iterator var name given when starting - * \param nxt: member name in the iterator pointing to next list element - * - * This helper is the partner for lws_start_foreach_ll() that ends the - * while loop. - */ - -#define lws_end_foreach_ll(it, nxt) \ - it = it->nxt; \ - } \ -} - -/** - * lws_start_foreach_ll_safe(): linkedlist iterator helper start safe against delete - * - * \param type: type of iteration, eg, struct xyz * - * \param it: iterator var name to create - * \param start: start of list - * \param nxt: member name in the iterator pointing to next list element - * - * This helper creates an iterator and starts a while (it) { - * loop. The iterator runs through the linked list starting at start and - * ends when it gets a NULL. - * The while loop should be terminated using lws_end_foreach_ll_safe(). - * Performs storage of next increment for situations where iterator can become invalidated - * during iteration. - */ -#define lws_start_foreach_ll_safe(type, it, start, nxt)\ -{ \ - type it = start; \ - while (it) { \ - type next_##it = it->nxt; - -/** - * lws_end_foreach_ll_safe(): linkedlist iterator helper end (pre increment storage) - * - * \param it: same iterator var name given when starting - * - * This helper is the partner for lws_start_foreach_ll_safe() that ends the - * while loop. It uses the precreated next_ variable already stored during - * start. - */ - -#define lws_end_foreach_ll_safe(it) \ - it = next_##it; \ - } \ -} - -/** - * lws_start_foreach_llp(): linkedlist pointer iterator helper start - * - * \param type: type of iteration, eg, struct xyz ** - * \param it: iterator var name to create - * \param start: start of list - * - * This helper creates an iterator and starts a while (it) { - * loop. The iterator runs through the linked list starting at the - * address of start and ends when it gets a NULL. - * The while loop should be terminated using lws_start_foreach_llp(). - * - * This helper variant iterates using a pointer to the previous linked-list - * element. That allows you to easily delete list members by rewriting the - * previous pointer to the element's next pointer. - */ -#define lws_start_foreach_llp(type, it, start)\ -{ \ - type it = &(start); \ - while (*(it)) { - -#define lws_start_foreach_llp_safe(type, it, start, nxt)\ -{ \ - type it = &(start); \ - type next; \ - while (*(it)) { \ - next = &((*(it))->nxt); \ - -/** - * lws_end_foreach_llp(): linkedlist pointer iterator helper end - * - * \param it: same iterator var name given when starting - * \param nxt: member name in the iterator pointing to next list element - * - * This helper is the partner for lws_start_foreach_llp() that ends the - * while loop. - */ - -#define lws_end_foreach_llp(it, nxt) \ - it = &(*(it))->nxt; \ - } \ -} - -#define lws_end_foreach_llp_safe(it) \ - it = next; \ - } \ -} - -#define lws_ll_fwd_insert(\ - ___new_object, /* pointer to new object */ \ - ___m_list, /* member for next list object ptr */ \ - ___list_head /* list head */ \ - ) {\ - ___new_object->___m_list = ___list_head; \ - ___list_head = ___new_object; \ - } - -#define lws_ll_fwd_remove(\ - ___type, /* type of listed object */ \ - ___m_list, /* member for next list object ptr */ \ - ___target, /* object to remove from list */ \ - ___list_head /* list head */ \ - ) { \ - lws_start_foreach_llp(___type **, ___ppss, ___list_head) { \ - if (*___ppss == ___target) { \ - *___ppss = ___target->___m_list; \ - break; \ - } \ - } lws_end_foreach_llp(___ppss, ___m_list); \ - } - -/* - * doubly linked-list - */ - -#if defined (LWS_WITH_DEPRECATED_LWS_DLL) - -/* - * This is going away in v4.1. You can set the cmake option above to keep it - * around temporarily. Migrate your stuff to the more capable and robust - * lws_dll2 below - */ - -struct lws_dll { - struct lws_dll *prev; - struct lws_dll *next; -}; - -/* - * these all point to the composed list objects... you have to use the - * lws_container_of() helper to recover the start of the containing struct - */ - -#define lws_dll_add_front lws_dll_add_head - -LWS_VISIBLE LWS_EXTERN void -lws_dll_add_head(struct lws_dll *d, struct lws_dll *phead); - -LWS_VISIBLE LWS_EXTERN void -lws_dll_add_tail(struct lws_dll *d, struct lws_dll *phead); - -LWS_VISIBLE LWS_EXTERN void -lws_dll_insert(struct lws_dll *d, struct lws_dll *target, - struct lws_dll *phead, int before); - -static LWS_INLINE struct lws_dll * -lws_dll_get_head(struct lws_dll *phead) { return phead->next; } - -static LWS_INLINE struct lws_dll * -lws_dll_get_tail(struct lws_dll *phead) { return phead->prev; } - -/* - * caution, this doesn't track the tail in the head struct. Use - * lws_dll_remove_track_tail() instead of this if you want tail tracking. Using - * this means you can't use lws_dll_add_tail() amd - */ -LWS_VISIBLE LWS_EXTERN void -lws_dll_remove(struct lws_dll *d) LWS_WARN_DEPRECATED; - -LWS_VISIBLE LWS_EXTERN void -lws_dll_remove_track_tail(struct lws_dll *d, struct lws_dll *phead); - -/* another way to do lws_start_foreach_dll_safe() on a list via a cb */ - -LWS_VISIBLE LWS_EXTERN int -lws_dll_foreach_safe(struct lws_dll *phead, void *user, - int (*cb)(struct lws_dll *d, void *user)); - -#define lws_dll_is_detached(___dll, __head) \ - (!(___dll)->prev && !(___dll)->next && (__head)->prev != (___dll)) - -#endif - -/* - * lws_dll2_owner / lws_dll2 : more capable version of lws_dll. Differences: - * - * - there's an explicit lws_dll2_owner struct which holds head, tail and - * count of members. - * - * - list members all hold a pointer to their owner. So user code does not - * have to track anything about exactly what lws_dll2_owner list the object - * is a member of. - * - * - you can use lws_dll unless you want the member count or the ability to - * not track exactly which list it's on. - * - * - layout is compatible with lws_dll (but lws_dll apis will not update the - * new stuff) - */ - - -struct lws_dll2; -struct lws_dll2_owner; - -typedef struct lws_dll2 { - struct lws_dll2 *prev; - struct lws_dll2 *next; - struct lws_dll2_owner *owner; -} lws_dll2_t; - -typedef struct lws_dll2_owner { - struct lws_dll2 *tail; - struct lws_dll2 *head; - - uint32_t count; -} lws_dll2_owner_t; - -static LWS_INLINE int -lws_dll2_is_detached(const struct lws_dll2 *d) { return !d->owner; } - -static LWS_INLINE const struct lws_dll2_owner * -lws_dll2_owner(const struct lws_dll2 *d) { return d->owner; } - -static LWS_INLINE struct lws_dll2 * -lws_dll2_get_head(struct lws_dll2_owner *owner) { return owner->head; } - -static LWS_INLINE struct lws_dll2 * -lws_dll2_get_tail(struct lws_dll2_owner *owner) { return owner->tail; } - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_add_head(struct lws_dll2 *d, struct lws_dll2_owner *owner); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_add_tail(struct lws_dll2 *d, struct lws_dll2_owner *owner); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_remove(struct lws_dll2 *d); - -LWS_VISIBLE LWS_EXTERN int -lws_dll2_foreach_safe(struct lws_dll2_owner *owner, void *user, - int (*cb)(struct lws_dll2 *d, void *user)); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_clear(struct lws_dll2 *d); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_owner_clear(struct lws_dll2_owner *d); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_add_before(struct lws_dll2 *d, struct lws_dll2 *after); - -LWS_VISIBLE LWS_EXTERN void -lws_dll2_add_sorted(lws_dll2_t *d, lws_dll2_owner_t *own, - int (*compare)(const lws_dll2_t *d, const lws_dll2_t *i)); - -#if defined(_DEBUG) -void -lws_dll2_describe(struct lws_dll2_owner *owner, const char *desc); -#else -#define lws_dll2_describe(x, y) -#endif - -/* - * these are safe against the current container object getting deleted, - * since the hold his next in a temp and go to that next. ___tmp is - * the temp. - */ - -#define lws_start_foreach_dll_safe(___type, ___it, ___tmp, ___start) \ -{ \ - ___type ___it = ___start; \ - while (___it) { \ - ___type ___tmp = (___it)->next; - -#define lws_end_foreach_dll_safe(___it, ___tmp) \ - ___it = ___tmp; \ - } \ -} - -#define lws_start_foreach_dll(___type, ___it, ___start) \ -{ \ - ___type ___it = ___start; \ - while (___it) { - -#define lws_end_foreach_dll(___it) \ - ___it = (___it)->next; \ - } \ -} - -struct lws_buflist; - -/** - * lws_buflist_append_segment(): add buffer to buflist at head - * - * \param head: list head - * \param buf: buffer to stash - * \param len: length of buffer to stash - * - * Returns -1 on OOM, 1 if this was the first segment on the list, and 0 if - * it was a subsequent segment. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_buflist_append_segment(struct lws_buflist **head, const uint8_t *buf, - size_t len); -/** - * lws_buflist_next_segment_len(): number of bytes left in current segment - * - * \param head: list head - * \param buf: if non-NULL, *buf is written with the address of the start of - * the remaining data in the segment - * - * Returns the number of bytes left in the current segment. 0 indicates - * that the buflist is empty (there are no segments on the buflist). - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_buflist_next_segment_len(struct lws_buflist **head, uint8_t **buf); - -/** - * lws_buflist_use_segment(): remove len bytes from the current segment - * - * \param head: list head - * \param len: number of bytes to mark as used - * - * If len is less than the remaining length of the current segment, the position - * in the current segment is simply advanced and it returns. - * - * If len uses up the remaining length of the current segment, then the segment - * is deleted and the list head moves to the next segment if any. - * - * Returns the number of bytes left in the current segment. 0 indicates - * that the buflist is empty (there are no segments on the buflist). - */ -LWS_VISIBLE LWS_EXTERN int -lws_buflist_use_segment(struct lws_buflist **head, size_t len); - -/** - * lws_buflist_destroy_all_segments(): free all segments on the list - * - * \param head: list head - * - * This frees everything on the list unconditionally. *head is always - * NULL after this. - */ -LWS_VISIBLE LWS_EXTERN void -lws_buflist_destroy_all_segments(struct lws_buflist **head); - -void -lws_buflist_describe(struct lws_buflist **head, void *id); - -/** - * lws_ptr_diff(): helper to report distance between pointers as an int - * - * \param head: the pointer with the larger address - * \param tail: the pointer with the smaller address - * - * This helper gives you an int representing the number of bytes further - * forward the first pointer is compared to the second pointer. - */ -#define lws_ptr_diff(head, tail) \ - ((int)((char *)(head) - (char *)(tail))) - -/** - * lws_snprintf(): snprintf that truncates the returned length too - * - * \param str: destination buffer - * \param size: bytes left in destination buffer - * \param format: format string - * \param ...: args for format - * - * This lets you correctly truncate buffers by concatenating lengths, if you - * reach the limit the reported length doesn't exceed the limit. - */ -LWS_VISIBLE LWS_EXTERN int -lws_snprintf(char *str, size_t size, const char *format, ...) LWS_FORMAT(3); - -/** - * lws_strncpy(): strncpy that guarantees NUL on truncated copy - * - * \param dest: destination buffer - * \param src: source buffer - * \param size: bytes left in destination buffer - * - * This lets you correctly truncate buffers by concatenating lengths, if you - * reach the limit the reported length doesn't exceed the limit. - */ -LWS_VISIBLE LWS_EXTERN char * -lws_strncpy(char *dest, const char *src, size_t size); - -/** - * lws_hex_to_byte_array(): convert hex string like 0123456789ab into byte data - * - * \param h: incoming NUL-terminated hex string - * \param dest: array to fill with binary decodes of hex pairs from h - * \param max: maximum number of bytes dest can hold, must be at least half - * the size of strlen(h) - * - * This converts hex strings into an array of 8-bit representations, ie the - * input "abcd" produces two bytes of value 0xab and 0xcd. - * - * Returns number of bytes produced into \p dest, or -1 on error. - * - * Errors include non-hex chars and an odd count of hex chars in the input - * string. - */ -LWS_VISIBLE LWS_EXTERN int -lws_hex_to_byte_array(const char *h, uint8_t *dest, int max); - -/* - * lws_timingsafe_bcmp(): constant time memcmp - * - * \param a: first buffer - * \param b: second buffer - * \param len: count of bytes to compare - * - * Return 0 if the two buffers are the same, else nonzero. - * - * Always compares all of the buffer before returning, so it can't be used as - * a timing oracle. - */ - -LWS_VISIBLE LWS_EXTERN int -lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len); - -/** - * lws_get_random(): fill a buffer with platform random data - * - * \param context: the lws context - * \param buf: buffer to fill - * \param len: how much to fill - * - * Fills buf with len bytes of random. Returns the number of bytes set, if - * not equal to len, then getting the random failed. - */ -LWS_VISIBLE LWS_EXTERN int -lws_get_random(struct lws_context *context, void *buf, int len); -/** - * lws_daemonize(): make current process run in the background - * - * \param _lock_path: the filepath to write the lock file - * - * Spawn lws as a background process, taking care of various things - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_daemonize(const char *_lock_path); -/** - * lws_get_library_version(): return string describing the version of lws - * - * On unix, also includes the git describe - */ -LWS_VISIBLE LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT -lws_get_library_version(void); - -/** - * lws_wsi_user() - get the user data associated with the connection - * \param wsi: lws connection - * - * Not normally needed since it's passed into the callback - */ -LWS_VISIBLE LWS_EXTERN void * -lws_wsi_user(struct lws *wsi); - -/** - * lws_set_wsi_user() - set the user data associated with the client connection - * \param wsi: lws connection - * \param user: user data - * - * By default lws allocates this and it's not legal to externally set it - * yourself. However client connections may have it set externally when the - * connection is created... if so, this api can be used to modify it at - * runtime additionally. - */ -LWS_VISIBLE LWS_EXTERN void -lws_set_wsi_user(struct lws *wsi, void *user); - -/** - * lws_parse_uri: cut up prot:/ads:port/path into pieces - * Notice it does so by dropping '\0' into input string - * and the leading / on the path is consequently lost - * - * \param p: incoming uri string.. will get written to - * \param prot: result pointer for protocol part (https://) - * \param ads: result pointer for address part - * \param port: result pointer for port part - * \param path: result pointer for path part - * - * You may also refer to unix socket addresses, using a '+' at the start of - * the address. In this case, the address should end with ':', which is - * treated as the separator between the address and path (the normal separator - * '/' is a valid part of the socket path). Eg, - * - * http://+/var/run/mysocket:/my/path - * - * If the first character after the + is '@', it's interpreted by lws client - * processing as meaning to use linux abstract namespace sockets, the @ is - * replaced with a '\0' before use. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_parse_uri(char *p, const char **prot, const char **ads, int *port, - const char **path); -/** - * lws_cmdline_option(): simple commandline parser - * - * \param argc: count of argument strings - * \param argv: argument strings - * \param val: string to find - * - * Returns NULL if the string \p val is not found in the arguments. - * - * If it is found, then it returns a pointer to the next character after \p val. - * So if \p val is "-d", then for the commandlines "myapp -d15" and - * "myapp -d 15", in both cases the return will point to the "15". - * - * In the case there is no argument, like "myapp -d", the return will - * either point to the '\\0' at the end of -d, or to the start of the - * next argument, ie, will be non-NULL. - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_cmdline_option(int argc, const char **argv, const char *val); - -/** - * lws_now_secs(): return seconds since 1970-1-1 - */ -LWS_VISIBLE LWS_EXTERN unsigned long -lws_now_secs(void); - -/** - * lws_now_usecs(): return useconds since 1970-1-1 - */ -LWS_VISIBLE LWS_EXTERN lws_usec_t -lws_now_usecs(void); - -/** - * lws_get_context - Allow getting lws_context from a Websocket connection - * instance - * - * With this function, users can access context in the callback function. - * Otherwise users may have to declare context as a global variable. - * - * \param wsi: Websocket connection instance - */ -LWS_VISIBLE LWS_EXTERN struct lws_context * LWS_WARN_UNUSED_RESULT -lws_get_context(const struct lws *wsi); - -/** - * lws_get_vhost_listen_port - Find out the port number a vhost is listening on - * - * In the case you passed 0 for the port number at context creation time, you - * can discover the port number that was actually chosen for the vhost using - * this api. - * - * \param vhost: Vhost to get listen port from - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_get_vhost_listen_port(struct lws_vhost *vhost); - -/** - * lws_get_count_threads(): how many service threads the context uses - * - * \param context: the lws context - * - * By default this is always 1, if you asked for more than lws can handle it - * will clip the number of threads. So you can use this to find out how many - * threads are actually in use. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_get_count_threads(struct lws_context *context); - -/** - * lws_get_parent() - get parent wsi or NULL - * \param wsi: lws connection - * - * Specialized wsi like cgi stdin/out/err are associated to a parent wsi, - * this allows you to get their parent. - */ -LWS_VISIBLE LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT -lws_get_parent(const struct lws *wsi); - -/** - * lws_get_child() - get child wsi or NULL - * \param wsi: lws connection - * - * Allows you to find a related wsi from the parent wsi. - */ -LWS_VISIBLE LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT -lws_get_child(const struct lws *wsi); - -/** - * lws_get_effective_uid_gid() - find out eventual uid and gid while still root - * - * \param context: lws context - * \param uid: pointer to uid result - * \param gid: pointer to gid result - * - * This helper allows you to find out what the uid and gid for the process will - * be set to after the privileges are dropped, beforehand. So while still root, - * eg in LWS_CALLBACK_PROTOCOL_INIT, you can arrange things like cache dir - * and subdir creation / permissions down /var/cache dynamically. - */ -LWS_VISIBLE LWS_EXTERN void -lws_get_effective_uid_gid(struct lws_context *context, int *uid, int *gid); - -/** - * lws_get_udp() - get wsi's udp struct - * - * \param wsi: lws connection - * - * Returns NULL or pointer to the wsi's UDP-specific information - */ -LWS_VISIBLE LWS_EXTERN const struct lws_udp * LWS_WARN_UNUSED_RESULT -lws_get_udp(const struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN void * -lws_get_opaque_parent_data(const struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN void -lws_set_opaque_parent_data(struct lws *wsi, void *data); - -LWS_VISIBLE LWS_EXTERN void * -lws_get_opaque_user_data(const struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN void -lws_set_opaque_user_data(struct lws *wsi, void *data); - -LWS_VISIBLE LWS_EXTERN int -lws_get_child_pending_on_writable(const struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN void -lws_clear_child_pending_on_writable(struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN int -lws_get_close_length(struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN unsigned char * -lws_get_close_payload(struct lws *wsi); - -/** - * lws_get_network_wsi() - Returns wsi that has the tcp connection for this wsi - * - * \param wsi: wsi you have - * - * Returns wsi that has the tcp connection (which may be the incoming wsi) - * - * HTTP/1 connections will always return the incoming wsi - * HTTP/2 connections may return a different wsi that has the tcp connection - */ -LWS_VISIBLE LWS_EXTERN -struct lws *lws_get_network_wsi(struct lws *wsi); - -/** - * lws_set_allocator() - custom allocator support - * - * \param realloc - * - * Allows you to replace the allocator (and deallocator) used by lws - */ -LWS_VISIBLE LWS_EXTERN void -lws_set_allocator(void *(*realloc)(void *ptr, size_t size, const char *reason)); - -enum { - /* - * Flags for enable and disable rxflow with reason bitmap and with - * backwards-compatible single bool - */ - LWS_RXFLOW_REASON_USER_BOOL = (1 << 0), - LWS_RXFLOW_REASON_HTTP_RXBUFFER = (1 << 6), - LWS_RXFLOW_REASON_H2_PPS_PENDING = (1 << 7), - - LWS_RXFLOW_REASON_APPLIES = (1 << 14), - LWS_RXFLOW_REASON_APPLIES_ENABLE_BIT = (1 << 13), - LWS_RXFLOW_REASON_APPLIES_ENABLE = LWS_RXFLOW_REASON_APPLIES | - LWS_RXFLOW_REASON_APPLIES_ENABLE_BIT, - LWS_RXFLOW_REASON_APPLIES_DISABLE = LWS_RXFLOW_REASON_APPLIES, - LWS_RXFLOW_REASON_FLAG_PROCESS_NOW = (1 << 12), - -}; - -/** - * lws_rx_flow_control() - Enable and disable socket servicing for - * received packets. - * - * If the output side of a server process becomes choked, this allows flow - * control for the input side. - * - * \param wsi: Websocket connection instance to get callback for - * \param enable: 0 = disable read servicing for this connection, 1 = enable - * - * If you need more than one additive reason for rxflow control, you can give - * iLWS_RXFLOW_REASON_APPLIES_ENABLE or _DISABLE together with one or more of - * b5..b0 set to idicate which bits to enable or disable. If any bits are - * enabled, rx on the connection is suppressed. - * - * LWS_RXFLOW_REASON_FLAG_PROCESS_NOW flag may also be given to force any change - * in rxflowbstatus to benapplied immediately, this should be used when you are - * changing a wsi flow control state from outside a callback on that wsi. - */ -LWS_VISIBLE LWS_EXTERN int -lws_rx_flow_control(struct lws *wsi, int enable); - -/** - * lws_rx_flow_allow_all_protocol() - Allow all connections with this protocol to receive - * - * When the user server code realizes it can accept more input, it can - * call this to have the RX flow restriction removed from all connections using - * the given protocol. - * \param context: lws_context - * \param protocol: all connections using this protocol will be allowed to receive - */ -LWS_VISIBLE LWS_EXTERN void -lws_rx_flow_allow_all_protocol(const struct lws_context *context, - const struct lws_protocols *protocol); - -/** - * lws_remaining_packet_payload() - Bytes to come before "overall" - * rx fragment is complete - * \param wsi: Websocket instance (available from user callback) - * - * This tracks how many bytes are left in the current ws fragment, according - * to the ws length given in the fragment header. - * - * If the message was in a single fragment, and there is no compression, this - * is the same as "how much data is left to read for this message". - * - * However, if the message is being sent in multiple fragments, this will - * reflect the unread amount of the current **fragment**, not the message. With - * ws, it is legal to not know the length of the message before it completes. - * - * Additionally if the message is sent via the negotiated permessage-deflate - * extension, this number only tells the amount of **compressed** data left to - * be read, since that is the only information available at the ws layer. - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_remaining_packet_payload(struct lws *wsi); - -#if defined(LWS_WITH_DIR) - -typedef enum { - LDOT_UNKNOWN, - LDOT_FILE, - LDOT_DIR, - LDOT_LINK, - LDOT_FIFO, - LDOTT_SOCKET, - LDOT_CHAR, - LDOT_BLOCK -} lws_dir_obj_type_t; - -struct lws_dir_entry { - const char *name; - lws_dir_obj_type_t type; -}; - -typedef int -lws_dir_callback_function(const char *dirpath, void *user, - struct lws_dir_entry *lde); - -/** - * lws_dir() - get a callback for everything in a directory - * - * \param dirpath: the directory to scan - * \param user: pointer to give to callback - * \param cb: callback to receive information on each file or dir - * - * Calls \p cb (with \p user) for every object in dirpath. - * - * This wraps whether it's using POSIX apis, or libuv (as needed for windows, - * since it refuses to support POSIX apis for this). - */ -LWS_VISIBLE LWS_EXTERN int -lws_dir(const char *dirpath, void *user, lws_dir_callback_function cb); -#endif - -/** - * lws_get_allocated_heap() - if the platform supports it, returns amount of - * heap allocated by lws itself - * - * On glibc currently, this reports the total amount of current logical heap - * allocation, found by tracking the amount allocated by lws_malloc() and - * friends and accounting for freed allocations via lws_free(). - * - * This is useful for confirming where processwide heap allocations actually - * come from... this number represents all lws internal allocations, for - * fd tables, wsi allocations, ah, etc combined. It doesn't include allocations - * from user code, since lws_malloc() etc are not exported from the library. - * - * On other platforms, it always returns 0. - */ -size_t lws_get_allocated_heap(void); - -/** - * lws_is_ssl() - Find out if connection is using SSL - * \param wsi: websocket connection to check - * - * Returns 0 if the connection is not using SSL, 1 if using SSL and - * using verified cert, and 2 if using SSL but the cert was not - * checked (appears for client wsi told to skip check on connection) - */ -LWS_VISIBLE LWS_EXTERN int -lws_is_ssl(struct lws *wsi); -/** - * lws_is_cgi() - find out if this wsi is running a cgi process - * - * \param wsi: lws connection - */ -LWS_VISIBLE LWS_EXTERN int -lws_is_cgi(struct lws *wsi); - -/** - * lws_open() - platform-specific wrapper for open that prepares the fd - * - * \param __file: the filepath to open - * \param __oflag: option flags - * - * This is a wrapper around platform open() that sets options on the fd - * according to lws policy. Currently that is FD_CLOEXEC to stop the opened - * fd being available to any child process forked by user code. - */ -LWS_VISIBLE LWS_EXTERN int -lws_open(const char *__file, int __oflag, ...); - -struct lws_wifi_scan { /* generic wlan scan item */ - struct lws_wifi_scan *next; - char ssid[32]; - int32_t rssi; /* divide by .count to get db */ - uint8_t bssid[6]; - uint8_t count; - uint8_t channel; - uint8_t authmode; -}; - -#if defined(LWS_WITH_TLS) && !defined(LWS_WITH_MBEDTLS) -/** - * lws_get_ssl() - Return wsi's SSL context structure - * \param wsi: websocket connection - * - * Returns pointer to the SSL library's context structure - */ -LWS_VISIBLE LWS_EXTERN SSL* -lws_get_ssl(struct lws *wsi); -#endif - -LWS_VISIBLE LWS_EXTERN void -lws_explicit_bzero(void *p, size_t len); - -typedef struct lws_humanize_unit { - const char *name; /* array ends with NULL name */ - uint64_t factor; -} lws_humanize_unit_t; - -LWS_VISIBLE LWS_EXTERN const lws_humanize_unit_t humanize_schema_si[]; -LWS_VISIBLE LWS_EXTERN const lws_humanize_unit_t humanize_schema_si_bytes[]; -LWS_VISIBLE LWS_EXTERN const lws_humanize_unit_t humanize_schema_us[]; - -/** - * lws_humanize() - Convert possibly large number to himan-readable uints - * - * \param buf: result string buffer - * \param len: remaining length in \p buf - * \param value: the uint64_t value to represent - * \param schema: and array of scaling factors and units - * - * This produces a concise string representation of \p value, referening the - * schema \p schema of scaling factors and units to find the smallest way to - * render it. - * - * Three schema are exported from lws for general use, humanize_schema_si, which - * represents as, eg, " 22.130Gi" or " 128 "; humanize_schema_si_bytes - * which is the same but shows, eg, " 22.130GiB", and humanize_schema_us, - * which represents a count of us as a human-readable time like " 14.350min", - * or " 1.500d". - * - * You can produce your own schema. - */ - -LWS_VISIBLE LWS_EXTERN int -lws_humanize(char *buf, int len, uint64_t value, - const lws_humanize_unit_t *schema); - -///@} diff --git a/include/libwebsockets/lws-network-helper.h b/include/libwebsockets/lws-network-helper.h deleted file mode 100644 index b3ad596..0000000 --- a/include/libwebsockets/lws-network-helper.h +++ /dev/null @@ -1,105 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup net Network related helper APIs - * ##Network related helper APIs - * - * These wrap miscellaneous useful network-related functions - */ -///@{ - -/** - * lws_canonical_hostname() - returns this host's hostname - * - * This is typically used by client code to fill in the host parameter - * when making a client connection. You can only call it after the context - * has been created. - * - * \param context: Websocket context - */ -LWS_VISIBLE LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT -lws_canonical_hostname(struct lws_context *context); - -/** - * lws_get_peer_addresses() - Get client address information - * \param wsi: Local struct lws associated with - * \param fd: Connection socket descriptor - * \param name: Buffer to take client address name - * \param name_len: Length of client address name buffer - * \param rip: Buffer to take client address IP dotted quad - * \param rip_len: Length of client address IP buffer - * - * This function fills in name and rip with the name and IP of - * the client connected with socket descriptor fd. Names may be - * truncated if there is not enough room. If either cannot be - * determined, they will be returned as valid zero-length strings. - */ -LWS_VISIBLE LWS_EXTERN void -lws_get_peer_addresses(struct lws *wsi, lws_sockfd_type fd, char *name, - int name_len, char *rip, int rip_len); - -/** - * lws_get_peer_simple() - Get client address information without RDNS - * - * \param wsi: Local struct lws associated with - * \param name: Buffer to take client address name - * \param namelen: Length of client address name buffer - * - * This provides a 123.123.123.123 type IP address in name from the - * peer that has connected to wsi - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_get_peer_simple(struct lws *wsi, char *name, int namelen); - -#define LWS_ITOSA_USABLE 0 -#define LWS_ITOSA_NOT_EXIST -1 -#define LWS_ITOSA_NOT_USABLE -2 -#define LWS_ITOSA_BUSY -3 /* only returned by lws_socket_bind() on - EADDRINUSE */ - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) -/** - * lws_interface_to_sa() - Convert interface name or IP to sockaddr struct - * - * \param ipv6: Allow IPV6 addresses - * \param ifname: Interface name or IP - * \param addr: struct sockaddr_in * to be written - * \param addrlen: Length of addr - * - * This converts a textual network interface name to a sockaddr usable by - * other network functions. - * - * If the network interface doesn't exist, it will return LWS_ITOSA_NOT_EXIST. - * - * If the network interface is not usable, eg ethernet cable is removed, it - * may logically exist but not have any IP address. As such it will return - * LWS_ITOSA_NOT_USABLE. - * - * If the network interface exists and is usable, it will return - * LWS_ITOSA_USABLE. - */ -LWS_VISIBLE LWS_EXTERN int -lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, - size_t addrlen); -#endif -///@} diff --git a/include/libwebsockets/lws-optee.h b/include/libwebsockets/lws-optee.h deleted file mode 100644 index 9b73d30..0000000 --- a/include/libwebsockets/lws-optee.h +++ /dev/null @@ -1,77 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * SPDX-License-Identifier: LGPL-2.1-only - * - * Copyright (C) 2019 Akira Tsukamoto - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -#ifndef __LWS_OPTEE_H -#define __LWS_OPTEE_H - -/* 128-bit IP6 address */ -struct in6_addr { - union { - uint8_t u6_addr8[16]; - uint16_t u6_addr16[8]; - uint32_t u6_addr32[4]; - }; -}; - -#define _SS_MAXSIZE 128U -#define _SS_ALIGNSIZE (sizeof(int64_t)) -#define _SS_PAD1SIZE (_SS_ALIGNSIZE - \ - sizeof(sa_family_t)) -#define _SS_PAD2SIZE (_SS_MAXSIZE - \ - sizeof(sa_family_t) - _SS_PAD1SIZE - _SS_ALIGNSIZE) - -struct sockaddr_storage { - sa_family_t ss_family; /* address family */ - char __ss_pad1[_SS_PAD1SIZE]; - int64_t __ss_align; /* force desired struct alignment */ - char __ss_pad2[_SS_PAD2SIZE]; -}; - -#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */ -struct sockaddr { - sa_family_t sa_family; /* address family */ - uint8_t sa_data[__SOCK_SIZE__ /* address value */ - - sizeof(sa_family_t)]; -}; - -/* 16 bytes */ -struct sockaddr_in { - sa_family_t sin_family; - in_port_t sin_port; - struct in_addr sin_addr; - uint8_t sin_zero[__SOCK_SIZE__ /* padding until 16 bytes */ - - sizeof(sa_family_t) - - sizeof(in_port_t) - - sizeof(struct in_addr)]; -}; - -struct sockaddr_in6 { - sa_family_t sin6_family; /* AF_INET6 */ - in_port_t sin6_port; /* Transport layer port # */ - uint32_t sin6_flowinfo; /* IP6 flow information */ - struct in6_addr sin6_addr; /* IP6 address */ - uint32_t sin6_scope_id; /* scope zone index */ -}; - -#endif /* __LWS_OPTEE_H */ diff --git a/include/libwebsockets/lws-plugin-generic-sessions.h b/include/libwebsockets/lws-plugin-generic-sessions.h deleted file mode 100644 index caf27b7..0000000 --- a/include/libwebsockets/lws-plugin-generic-sessions.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup generic-sessions plugin: generic-sessions - * \ingroup Protocols-and-Plugins - * - * ##Plugin Generic-sessions related - * - * generic-sessions plugin provides a reusable, generic session and login / - * register / forgot password framework including email verification. - */ -///@{ - -#define LWSGS_EMAIL_CONTENT_SIZE 16384 -/**< Maximum size of email we might send */ - -/* SHA-1 binary and hexified versions */ -/** typedef struct lwsgw_hash_bin */ -typedef struct { unsigned char bin[32]; /**< binary representation of hash */} lwsgw_hash_bin; -/** typedef struct lwsgw_hash */ -typedef struct { char id[65]; /**< ascii hex representation of hash */ } lwsgw_hash; - -/** enum lwsgs_auth_bits */ -enum lwsgs_auth_bits { - LWSGS_AUTH_LOGGED_IN = 1, /**< user is logged in as somebody */ - LWSGS_AUTH_ADMIN = 2, /**< logged in as the admin user */ - LWSGS_AUTH_VERIFIED = 4, /**< user has verified his email */ - LWSGS_AUTH_FORGOT_FLOW = 8, /**< just completed "forgot password" */ -}; - -/** struct lws_session_info - information about user session status */ -struct lws_session_info { - char username[32]; /**< username logged in as, or empty string */ - char email[100]; /**< email address associated with login, or empty string */ - char ip[72]; /**< ip address session was started from */ - unsigned int mask; /**< access rights mask associated with session - * see enum lwsgs_auth_bits */ - char session[42]; /**< session id string, usable as opaque uid when not logged in */ -}; - -/** enum lws_gs_event */ -enum lws_gs_event { - LWSGSE_CREATED, /**< a new user was created */ - LWSGSE_DELETED /**< an existing user was deleted */ -}; - -/** struct lws_gs_event_args */ -struct lws_gs_event_args { - enum lws_gs_event event; /**< which event happened */ - const char *username; /**< which username the event happened to */ - const char *email; /**< the email address of that user */ -}; - -///@} diff --git a/include/libwebsockets/lws-protocols-plugins.h b/include/libwebsockets/lws-protocols-plugins.h deleted file mode 100644 index b8d3b61..0000000 --- a/include/libwebsockets/lws-protocols-plugins.h +++ /dev/null @@ -1,228 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup Protocols-and-Plugins Protocols and Plugins - * \ingroup lwsapi - * - * ##Protocol and protocol plugin -related apis - * - * Protocols bind ws protocol names to a custom callback specific to that - * protocol implementaion. - * - * A list of protocols can be passed in at context creation time, but it is - * also legal to leave that NULL and add the protocols and their callback code - * using plugins. - * - * Plugins are much preferable compared to cut and pasting code into an - * application each time, since they can be used standalone. - */ -///@{ -/** struct lws_protocols - List of protocols and handlers client or server - * supports. */ - -struct lws_protocols { - const char *name; - /**< Protocol name that must match the one given in the client - * Javascript new WebSocket(url, 'protocol') name. */ - lws_callback_function *callback; - /**< The service callback used for this protocol. It allows the - * service action for an entire protocol to be encapsulated in - * the protocol-specific callback */ - size_t per_session_data_size; - /**< Each new connection using this protocol gets - * this much memory allocated on connection establishment and - * freed on connection takedown. A pointer to this per-connection - * allocation is passed into the callback in the 'user' parameter */ - size_t rx_buffer_size; - /**< lws allocates this much space for rx data and informs callback - * when something came. Due to rx flow control, the callback may not - * be able to consume it all without having to return to the event - * loop. That is supported in lws. - * - * If .tx_packet_size is 0, this also controls how much may be sent at - * once for backwards compatibility. - */ - unsigned int id; - /**< ignored by lws, but useful to contain user information bound - * to the selected protocol. For example if this protocol was - * called "myprotocol-v2", you might set id to 2, and the user - * code that acts differently according to the version can do so by - * switch (wsi->protocol->id), user code might use some bits as - * capability flags based on selected protocol version, etc. */ - void *user; /**< ignored by lws, but user code can pass a pointer - here it can later access from the protocol callback */ - size_t tx_packet_size; - /**< 0 indicates restrict send() size to .rx_buffer_size for backwards- - * compatibility. - * If greater than zero, a single send() is restricted to this amount - * and any remainder is buffered by lws and sent afterwards also in - * these size chunks. Since that is expensive, it's preferable - * to restrict one fragment you are trying to send to match this - * size. - */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility */ -}; - -/** - * lws_vhost_name_to_protocol() - get vhost's protocol object from its name - * - * \param vh: vhost to search - * \param name: protocol name - * - * Returns NULL or a pointer to the vhost's protocol of the requested name - */ -LWS_VISIBLE LWS_EXTERN const struct lws_protocols * -lws_vhost_name_to_protocol(struct lws_vhost *vh, const char *name); - -/** - * lws_get_protocol() - Returns a protocol pointer from a websocket - * connection. - * \param wsi: pointer to struct websocket you want to know the protocol of - * - * - * Some apis can act on all live connections of a given protocol, - * this is how you can get a pointer to the active protocol if needed. - */ -LWS_VISIBLE LWS_EXTERN const struct lws_protocols * -lws_get_protocol(struct lws *wsi); - -/** lws_protocol_get() - deprecated: use lws_get_protocol */ -LWS_VISIBLE LWS_EXTERN const struct lws_protocols * -lws_protocol_get(struct lws *wsi) LWS_WARN_DEPRECATED; - -/** - * lws_protocol_vh_priv_zalloc() - Allocate and zero down a protocol's per-vhost - * storage - * \param vhost: vhost the instance is related to - * \param prot: protocol the instance is related to - * \param size: bytes to allocate - * - * Protocols often find it useful to allocate a per-vhost struct, this is a - * helper to be called in the per-vhost init LWS_CALLBACK_PROTOCOL_INIT - */ -LWS_VISIBLE LWS_EXTERN void * -lws_protocol_vh_priv_zalloc(struct lws_vhost *vhost, - const struct lws_protocols *prot, int size); - -/** - * lws_protocol_vh_priv_get() - retreive a protocol's per-vhost storage - * - * \param vhost: vhost the instance is related to - * \param prot: protocol the instance is related to - * - * Recover a pointer to the allocated per-vhost storage for the protocol created - * by lws_protocol_vh_priv_zalloc() earlier - */ -LWS_VISIBLE LWS_EXTERN void * -lws_protocol_vh_priv_get(struct lws_vhost *vhost, - const struct lws_protocols *prot); - -/** - * lws_adjust_protocol_psds - change a vhost protocol's per session data size - * - * \param wsi: a connection with the protocol to change - * \param new_size: the new size of the per session data size for the protocol - * - * Returns user_space for the wsi, after allocating - * - * This should not be used except to initalize a vhost protocol's per session - * data size one time, before any connections are accepted. - * - * Sometimes the protocol wraps another protocol and needs to discover and set - * its per session data size at runtime. - */ -LWS_VISIBLE LWS_EXTERN void * -lws_adjust_protocol_psds(struct lws *wsi, size_t new_size); - -/** - * lws_finalize_startup() - drop initial process privileges - * - * \param context: lws context - * - * This is called after the end of the vhost protocol initializations, but - * you may choose to call it earlier - */ -LWS_VISIBLE LWS_EXTERN int -lws_finalize_startup(struct lws_context *context); - -/** - * lws_pvo_search() - helper to find a named pvo in a linked-list - * - * \param pvo: the first pvo in the linked-list - * \param name: the name of the pvo to return if found - * - * Returns NULL, or a pointer to the name pvo in the linked-list - */ -LWS_VISIBLE LWS_EXTERN const struct lws_protocol_vhost_options * -lws_pvo_search(const struct lws_protocol_vhost_options *pvo, const char *name); - -/** - * lws_pvo_get_str() - retreive a string pvo value - * - * \param in: the first pvo in the linked-list - * \param name: the name of the pvo to return if found - * \param result: pointer to a const char * to get the result if any - * - * Returns 0 if found and *result set, or nonzero if not found - */ -LWS_VISIBLE LWS_EXTERN int -lws_pvo_get_str(void *in, const char *name, const char **result); - -LWS_VISIBLE LWS_EXTERN int -lws_protocol_init(struct lws_context *context); - -#ifdef LWS_WITH_PLUGINS - -/* PLUGINS implies LIBUV */ - -#define LWS_PLUGIN_API_MAGIC 180 - -/** struct lws_plugin_capability - how a plugin introduces itself to lws */ -struct lws_plugin_capability { - unsigned int api_magic; /**< caller fills this in, plugin fills rest */ - const struct lws_protocols *protocols; /**< array of supported protocols provided by plugin */ - int count_protocols; /**< how many protocols */ - const struct lws_extension *extensions; /**< array of extensions provided by plugin */ - int count_extensions; /**< how many extensions */ -}; - -typedef int (*lws_plugin_init_func)(struct lws_context *, - struct lws_plugin_capability *); -typedef int (*lws_plugin_destroy_func)(struct lws_context *); - -/** struct lws_plugin */ -struct lws_plugin { - struct lws_plugin *list; /**< linked list */ -#if (UV_VERSION_MAJOR > 0) - uv_lib_t lib; /**< shared library pointer */ -#endif - void *l; /**< so we can compile on ancient libuv */ - char name[64]; /**< name of the plugin */ - struct lws_plugin_capability caps; /**< plugin capabilities */ -}; - -#endif - -///@} diff --git a/include/libwebsockets/lws-purify.h b/include/libwebsockets/lws-purify.h deleted file mode 100644 index 0ae35ce..0000000 --- a/include/libwebsockets/lws-purify.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - - -/*! \defgroup pur Sanitize / purify SQL and JSON helpers - * - * ##Sanitize / purify SQL and JSON helpers - * - * APIs for escaping untrusted JSON and SQL safely before use - */ -//@{ - -/** - * lws_sql_purify() - like strncpy but with escaping for sql quotes - * - * \param escaped: output buffer - * \param string: input buffer ('/0' terminated) - * \param len: output buffer max length - * - * Because escaping expands the output string, it's not - * possible to do it in-place, ie, with escaped == string - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_sql_purify(char *escaped, const char *string, int len); - -/** - * lws_json_purify() - like strncpy but with escaping for json chars - * - * \param escaped: output buffer - * \param string: input buffer ('/0' terminated) - * \param len: output buffer max length - * - * Because escaping expands the output string, it's not - * possible to do it in-place, ie, with escaped == string - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_json_purify(char *escaped, const char *string, int len); - -/** - * lws_filename_purify_inplace() - replace scary filename chars with underscore - * - * \param filename: filename to be purified - * - * Replace scary characters in the filename (it should not be a path) - * with underscore, so it's safe to use. - */ -LWS_VISIBLE LWS_EXTERN void -lws_filename_purify_inplace(char *filename); - -LWS_VISIBLE LWS_EXTERN int -lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf, - int len); -LWS_VISIBLE LWS_EXTERN int -lws_plat_write_file(const char *filename, void *buf, int len); - -LWS_VISIBLE LWS_EXTERN int -lws_plat_read_file(const char *filename, void *buf, int len); - -LWS_VISIBLE LWS_EXTERN int -lws_plat_recommended_rsa_bits(void); -///@} diff --git a/include/libwebsockets/lws-retry.h b/include/libwebsockets/lws-retry.h deleted file mode 100644 index fe058c5..0000000 --- a/include/libwebsockets/lws-retry.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* - * Specifies backoff ranges using a pair of uint32_t in ms for the min, max. - * - * The actual backoff timing is picked randomly within the range. - */ - -typedef struct lws_retry_range { - uint32_t min_ms; - uint32_t max_ms; -} lws_retry_range_t; - -typedef struct lws_retry_bo { - const lws_retry_range_t *retry_ms_table; /* backoff range pair */ - uint16_t retry_ms_table_count; /* ranges in table */ - uint16_t conceal_count; /* max retries to conceal */ -} lws_retry_bo_t; - -/** - * lws_retry_get_delay_ms() - get next delay from backoff table - * - * \param lws_context: the lws context (used for getting random) - * \param retry: the retry backoff table we are using - * \param ctry: pointer to the try counter - * \param conceal: pointer to flag set to nonzero if the try should be concealed - * in terms of creating an error - * - * Increments *\p try and retruns the number of ms that should elapse before the - * next connection retry, according to the backoff table \p retry. *\p conceal is - * set if the number of tries is less than the backoff table conceal_count, or - * is zero if it exceeded it. This lets you conceal a certain number of retries - * before alerting the caller there is a problem. - */ - -LWS_VISIBLE LWS_EXTERN unsigned int -lws_retry_get_delay_ms(struct lws_context *context, const lws_retry_bo_t *retry, - uint16_t *ctry, char *conceal); - diff --git a/include/libwebsockets/lws-ring.h b/include/libwebsockets/lws-ring.h deleted file mode 100644 index 9a5ec2e..0000000 --- a/include/libwebsockets/lws-ring.h +++ /dev/null @@ -1,305 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup lws_ring LWS Ringbuffer APIs - * ##lws_ring: generic ringbuffer struct - * - * Provides an abstract ringbuffer api supporting one head and one or an - * unlimited number of tails. - * - * All of the members are opaque and manipulated by lws_ring_...() apis. - * - * The lws_ring and its buffer is allocated at runtime on the heap, using - * - * - lws_ring_create() - * - lws_ring_destroy() - * - * It may contain any type, the size of the "element" stored in the ring - * buffer and the number of elements is given at creation time. - * - * When you create the ringbuffer, you can optionally provide an element - * destroy callback that frees any allocations inside the element. This is then - * automatically called for elements with no tail behind them, ie, elements - * which don't have any pending consumer are auto-freed. - * - * Whole elements may be inserted into the ringbuffer and removed from it, using - * - * - lws_ring_insert() - * - lws_ring_consume() - * - * You can find out how many whole elements are free or waiting using - * - * - lws_ring_get_count_free_elements() - * - lws_ring_get_count_waiting_elements() - * - * In addition there are special purpose optional byte-centric apis - * - * - lws_ring_next_linear_insert_range() - * - lws_ring_bump_head() - * - * which let you, eg, read() directly into the ringbuffer without needing - * an intermediate bounce buffer. - * - * The accessors understand that the ring wraps, and optimizes insertion and - * consumption into one or two memcpy()s depending on if the head or tail - * wraps. - * - * lws_ring only supports a single head, but optionally multiple tails with - * an API to inform it when the "oldest" tail has moved on. You can give - * NULL where-ever an api asks for a tail pointer, and it will use an internal - * single tail pointer for convenience. - * - * The "oldest tail", which is the only tail if you give it NULL instead of - * some other tail, is used to track which elements in the ringbuffer are - * still unread by anyone. - * - * - lws_ring_update_oldest_tail() - */ -///@{ -struct lws_ring; - -/** - * lws_ring_create(): create a new ringbuffer - * - * \param element_len: the size in bytes of one element in the ringbuffer - * \param count: the number of elements the ringbuffer can contain - * \param destroy_element: NULL, or callback to be called for each element - * that is removed from the ringbuffer due to the - * oldest tail moving beyond it - * - * Creates the ringbuffer and allocates the storage. Returns the new - * lws_ring *, or NULL if the allocation failed. - * - * If non-NULL, destroy_element will get called back for every element that is - * retired from the ringbuffer after the oldest tail has gone past it, and for - * any element still left in the ringbuffer when it is destroyed. It replaces - * all other element destruction code in your user code. - */ -LWS_VISIBLE LWS_EXTERN struct lws_ring * -lws_ring_create(size_t element_len, size_t count, - void (*destroy_element)(void *element)); - -/** - * lws_ring_destroy(): destroy a previously created ringbuffer - * - * \param ring: the struct lws_ring to destroy - * - * Destroys the ringbuffer allocation and the struct lws_ring itself. - */ -LWS_VISIBLE LWS_EXTERN void -lws_ring_destroy(struct lws_ring *ring); - -/** - * lws_ring_get_count_free_elements(): return how many elements can fit - * in the free space - * - * \param ring: the struct lws_ring to report on - * - * Returns how much room is left in the ringbuffer for whole element insertion. - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_get_count_free_elements(struct lws_ring *ring); - -/** - * lws_ring_get_count_waiting_elements(): return how many elements can be consumed - * - * \param ring: the struct lws_ring to report on - * \param tail: a pointer to the tail struct to use, or NULL for single tail - * - * Returns how many elements are waiting to be consumed from the perspective - * of the tail pointer given. - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_get_count_waiting_elements(struct lws_ring *ring, uint32_t *tail); - -/** - * lws_ring_insert(): attempt to insert up to max_count elements from src - * - * \param ring: the struct lws_ring to report on - * \param src: the array of elements to be inserted - * \param max_count: the number of available elements at src - * - * Attempts to insert as many of the elements at src as possible, up to the - * maximum max_count. Returns the number of elements actually inserted. - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_insert(struct lws_ring *ring, const void *src, size_t max_count); - -/** - * lws_ring_consume(): attempt to copy out and remove up to max_count elements - * to src - * - * \param ring: the struct lws_ring to report on - * \param tail: a pointer to the tail struct to use, or NULL for single tail - * \param dest: the array of elements to be inserted. or NULL for no copy - * \param max_count: the number of available elements at src - * - * Attempts to copy out as many waiting elements as possible into dest, from - * the perspective of the given tail, up to max_count. If dest is NULL, the - * copying out is not done but the elements are logically consumed as usual. - * NULL dest is useful in combination with lws_ring_get_element(), where you - * can use the element direct from the ringbuffer and then call this with NULL - * dest to logically consume it. - * - * Increments the tail position according to how many elements could be - * consumed. - * - * Returns the number of elements consumed. - */ -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_consume(struct lws_ring *ring, uint32_t *tail, void *dest, - size_t max_count); - -/** - * lws_ring_get_element(): get a pointer to the next waiting element for tail - * - * \param ring: the struct lws_ring to report on - * \param tail: a pointer to the tail struct to use, or NULL for single tail - * - * Points to the next element that tail would consume, directly in the - * ringbuffer. This lets you write() or otherwise use the element without - * having to copy it out somewhere first. - * - * After calling this, you must call lws_ring_consume(ring, &tail, NULL, 1) - * which will logically consume the element you used up and increment your - * tail (tail may also be NULL there if you use a single tail). - * - * Returns NULL if no waiting element, or a const void * pointing to it. - */ -LWS_VISIBLE LWS_EXTERN const void * -lws_ring_get_element(struct lws_ring *ring, uint32_t *tail); - -/** - * lws_ring_update_oldest_tail(): free up elements older than tail for reuse - * - * \param ring: the struct lws_ring to report on - * \param tail: a pointer to the tail struct to use, or NULL for single tail - * - * If you are using multiple tails, you must use this API to inform the - * lws_ring when none of the tails still need elements in the fifo any more, - * by updating it when the "oldest" tail has moved on. - */ -LWS_VISIBLE LWS_EXTERN void -lws_ring_update_oldest_tail(struct lws_ring *ring, uint32_t tail); - -/** - * lws_ring_get_oldest_tail(): get current oldest available data index - * - * \param ring: the struct lws_ring to report on - * - * If you are initializing a new ringbuffer consumer, you can set its tail to - * this to start it from the oldest ringbuffer entry still available. - */ -LWS_VISIBLE LWS_EXTERN uint32_t -lws_ring_get_oldest_tail(struct lws_ring *ring); - -/** - * lws_ring_next_linear_insert_range(): used to write directly into the ring - * - * \param ring: the struct lws_ring to report on - * \param start: pointer to a void * set to the start of the next ringbuffer area - * \param bytes: pointer to a size_t set to the max length you may use from *start - * - * This provides a low-level, bytewise access directly into the ringbuffer - * allowing direct insertion of data without having to use a bounce buffer. - * - * The api reports the position and length of the next linear range that can - * be written in the ringbuffer, ie, up to the point it would wrap, and sets - * *start and *bytes accordingly. You can then, eg, directly read() into - * *start for up to *bytes, and use lws_ring_bump_head() to update the lws_ring - * with what you have done. - * - * Returns nonzero if no insertion is currently possible. - */ -LWS_VISIBLE LWS_EXTERN int -lws_ring_next_linear_insert_range(struct lws_ring *ring, void **start, - size_t *bytes); - -/** - * lws_ring_bump_head(): used to write directly into the ring - * - * \param ring: the struct lws_ring to operate on - * \param bytes: the number of bytes you inserted at the current head - */ -LWS_VISIBLE LWS_EXTERN void -lws_ring_bump_head(struct lws_ring *ring, size_t bytes); - -LWS_VISIBLE LWS_EXTERN void -lws_ring_dump(struct lws_ring *ring, uint32_t *tail); - -/* - * This is a helper that combines the common pattern of needing to consume - * some ringbuffer elements, move the consumer tail on, and check if that - * has moved any ringbuffer elements out of scope, because it was the last - * consumer that had not already consumed them. - * - * Elements that go out of scope because the oldest tail is now after them - * get garbage-collected by calling the destroy_element callback on them - * defined when the ringbuffer was created. - */ - -#define lws_ring_consume_and_update_oldest_tail(\ - ___ring, /* the lws_ring object */ \ - ___type, /* type of objects with tails */ \ - ___ptail, /* ptr to tail of obj with tail doing consuming */ \ - ___count, /* count of payload objects being consumed */ \ - ___list_head, /* head of list of objects with tails */ \ - ___mtail, /* member name of tail in ___type */ \ - ___mlist /* member name of next list member ptr in ___type */ \ - ) { \ - int ___n, ___m; \ - \ - ___n = lws_ring_get_oldest_tail(___ring) == *(___ptail); \ - lws_ring_consume(___ring, ___ptail, NULL, ___count); \ - if (___n) { \ - uint32_t ___oldest; \ - ___n = 0; \ - ___oldest = *(___ptail); \ - lws_start_foreach_llp(___type **, ___ppss, ___list_head) { \ - ___m = lws_ring_get_count_waiting_elements( \ - ___ring, &(*___ppss)->tail); \ - if (___m >= ___n) { \ - ___n = ___m; \ - ___oldest = (*___ppss)->tail; \ - } \ - } lws_end_foreach_llp(___ppss, ___mlist); \ - \ - lws_ring_update_oldest_tail(___ring, ___oldest); \ - } \ -} - -/* - * This does the same as the lws_ring_consume_and_update_oldest_tail() - * helper, but for the simpler case there is only one consumer, so one - * tail, and that tail is always the oldest tail. - */ - -#define lws_ring_consume_single_tail(\ - ___ring, /* the lws_ring object */ \ - ___ptail, /* ptr to tail of obj with tail doing consuming */ \ - ___count /* count of payload objects being consumed */ \ - ) { \ - lws_ring_consume(___ring, ___ptail, NULL, ___count); \ - lws_ring_update_oldest_tail(___ring, *(___ptail)); \ -} -///@} diff --git a/include/libwebsockets/lws-sequencer.h b/include/libwebsockets/lws-sequencer.h deleted file mode 100644 index 90ba4c3..0000000 --- a/include/libwebsockets/lws-sequencer.h +++ /dev/null @@ -1,232 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - * - * lws_sequencer is intended to help implement sequences that: - * - * - outlive a single connection lifetime, - * - are not associated with a particular protocol, - * - are not associated with a particular vhost, - * - must receive and issue events inside the event loop - * - * lws_sequencer-s are bound to a pt (per-thread) which for the default case of - * one service thread is the same as binding to an lws_context. - */ -/* - * retry backoff table... retry n happens after .retry_ms_table[n] ms, with - * the last entry used if n is greater than the number of entries. - * - * The first .conceal_count retries are concealed, but after that the failures - * are reported. - */ - -typedef enum { - LWSSEQ_CREATED, /* sequencer created */ - LWSSEQ_DESTROYED, /* sequencer destroyed */ - LWSSEQ_TIMED_OUT, /* sequencer timeout */ - LWSSEQ_HEARTBEAT, /* 1Hz callback */ - - LWSSEQ_WSI_CONNECTED, /* wsi we bound to us has connected */ - LWSSEQ_WSI_CONN_FAIL, /* wsi we bound to us has failed to connect */ - LWSSEQ_WSI_CONN_CLOSE, /* wsi we bound to us has closed */ - - LWSSEQ_USER_BASE = 100 /* define your events from here */ -} lws_seq_events_t; - -typedef enum lws_seq_cb_return { - LWSSEQ_RET_CONTINUE, - LWSSEQ_RET_DESTROY -} lws_seq_cb_return_t; - -/* - * handler for this sequencer. Return 0 if OK else nonzero to destroy the - * sequencer. LWSSEQ_DESTROYED will be called back to the handler so it can - * close / destroy any private assets associated with the sequence. - * - * The callback may return either LWSSEQ_RET_CONTINUE for the sequencer to - * resume or LWSSEQ_RET_DESTROY to indicate the sequence is finished. - * - * Event indexes consist of some generic ones but mainly user-defined ones - * starting from LWSSEQ_USER_BASE. - */ -typedef lws_seq_cb_return_t (*lws_seq_event_cb)(struct lws_sequencer *seq, - void *user, int event, void *data, void *aux); - -typedef struct lws_seq_info { - struct lws_context *context; /* lws_context for seq */ - int tsi; /* thread service idx */ - size_t user_size; /* size of user alloc */ - void **puser; /* place ptr to user */ - lws_seq_event_cb cb; /* seq callback */ - const char *name; /* seq name */ - const lws_retry_bo_t *retry; /* retry policy */ -} lws_seq_info_t; - -/** - * lws_seq_create() - create and bind sequencer to a pt - * - * \param info: information about sequencer to create - * - * This binds an abstract sequencer to a per-thread (by default, the single - * event loop of an lws_context). After the event loop starts, the sequencer - * will receive an LWSSEQ_CREATED event on its callback from the event loop - * context, where it can begin its sequence flow. - * - * Lws itself will only call the callback subsequently with LWSSEQ_DESTROYED - * when the sequencer is being destroyed. - * - * pt locking is used to protect the related data structures. - */ -LWS_VISIBLE LWS_EXTERN lws_seq_t * -lws_seq_create(lws_seq_info_t *info); - -/** - * lws_seq_destroy() - destroy the sequencer - * - * \param seq: pointer to the the opaque sequencer pointer returned by - * lws_seq_create() - * - * This proceeds to destroy the sequencer, calling LWSSEQ_DESTROYED and then - * freeing the sequencer object itself. The pointed-to seq pointer will be - * set to NULL. - */ -LWS_VISIBLE LWS_EXTERN void -lws_seq_destroy(lws_seq_t **seq); - -/** - * lws_seq_queue_event() - queue an event on the given sequencer - * - * \param seq: the opaque sequencer pointer returned by lws_seq_create() - * \param e: the event index to queue - * \param data: associated opaque (to lws) data to provide the callback - * \param aux: second opaque data to provide the callback - * - * This queues the event on a given sequencer. Queued events are delivered one - * per sequencer each subsequent time around the event loop, so the cb is called - * from the event loop thread context. - * - * Notice that because the events are delivered in order from the event loop, - * the scope of objects pointed to by \p data or \p aux may exceed the lifetime - * of the thing containing the pointed-to data. So it's usually better to pass - * values here. - */ -LWS_VISIBLE LWS_EXTERN int -lws_seq_queue_event(lws_seq_t *seq, lws_seq_events_t e, void *data, - void *aux); - -/** - * lws_seq_check_wsi() - check if wsi still extant - * - * \param seq: the sequencer interested in the wsi - * \param wsi: the wsi we want to confirm hasn't closed yet - * - * Check if wsi still extant, by peeking in the message queue for a - * LWSSEQ_WSI_CONN_CLOSE message about wsi. (Doesn't need to do the same for - * CONN_FAIL since that will never have produced any messages prior to that). - * - * Use this to avoid trying to perform operations on wsi that have already - * closed but we didn't get to that message yet. - * - * Returns 0 if not closed yet or 1 if it has closed but we didn't process the - * close message yet. - */ -LWS_VISIBLE LWS_EXTERN int -lws_seq_check_wsi(lws_seq_t *seq, struct lws *wsi); - -#define LWSSEQTO_NONE 0 - -/** - * lws_seq_timeout_us() - set a timeout by which the sequence must have - * completed by a different event or inform the - * sequencer - * - * \param seq: The sequencer to set the timeout on - * \param us: How many us in the future to fire the timeout - * LWS_SET_TIMER_USEC_CANCEL = cancel any existing timeout - * - * This api allows the sequencer to ask to be informed if it has not completed - * or disabled its timeout after secs seconds. Lws will send a LWSSEQ_TIMED_OUT - * event to the sequencer if the timeout expires. - * - * Typically the sequencer sets the timeout when starting a step, then waits to - * hear a queued event informing it the step completed or failed. The timeout - * provides a way to deal with the case the step neither completed nor failed - * within the timeout period. - * - * Lws wsi timeouts are not really suitable for this since they are focused on - * short-term protocol timeout protection and may be set and reset many times - * in one transaction. Wsi timeouts also enforce closure of the wsi when they - * trigger, sequencer timeouts have no side effect except to queue the - * LWSSEQ_TIMED_OUT message and leave it to the sequencer to decide how to - * react appropriately. - */ -LWS_VISIBLE LWS_EXTERN int -lws_seq_timeout_us(lws_seq_t *seq, lws_usec_t us); - -/** - * lws_seq_from_user(): get the lws_seq_t pointer from the user ptr - * - * \param u: the sequencer user allocation returned by lws_seq_create() or - * provided in the sequencer callback - * - * This gets the lws_seq_t * from the sequencer user allocation pointer. - * Actually these are allocated at the same time in one step, with the user - * allocation immediately after the lws_seq_t, so lws can compute where - * the lws_seq_t is from having the user allocation pointer. Since the - * size of the lws_seq_t is unknown to user code, this helper does it for - * you. - */ -LWS_VISIBLE LWS_EXTERN lws_seq_t * -lws_seq_from_user(void *u); - -/** - * lws_seq_us_since_creation(): elapsed seconds since sequencer created - * - * \param seq: pointer to the lws_seq_t - * - * Returns the number of us elapsed since the lws_seq_t was - * created. This is useful to calculate sequencer timeouts for the current - * step considering a global sequencer lifetime limit. - */ -LWS_VISIBLE LWS_EXTERN lws_usec_t -lws_seq_us_since_creation(lws_seq_t *seq); - -/** - * lws_seq_name(): get the name of this sequencer - * - * \param seq: pointer to the lws_seq_t - * - * Returns the name given when the sequencer was created. This is useful to - * annotate logging when then are multiple sequencers in play. - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_seq_name(lws_seq_t *seq); - -/** - * lws_seq_get_context(): get the lws_context sequencer was created on - * - * \param seq: pointer to the lws_seq_t - * - * Returns the lws_context. Saves you having to store it if you have a seq - * pointer handy. - */ -LWS_VISIBLE LWS_EXTERN struct lws_context * -lws_seq_get_context(lws_seq_t *seq); diff --git a/include/libwebsockets/lws-service.h b/include/libwebsockets/lws-service.h deleted file mode 100644 index 096e270..0000000 --- a/include/libwebsockets/lws-service.h +++ /dev/null @@ -1,199 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup service Built-in service loop entry - * - * ##Built-in service loop entry - * - * If you're not using libev / libuv, these apis are needed to enter the poll() - * wait in lws and service any connections with pending events. - */ -///@{ - -/** - * lws_service() - Service any pending websocket activity - * \param context: Websocket context - * \param timeout_ms: Set to 0; ignored; for backward compatibility - * - * This function deals with any pending websocket traffic, for three - * kinds of event. It handles these events on both server and client - * types of connection the same. - * - * 1) Accept new connections to our context's server - * - * 2) Call the receive callback for incoming frame data received by - * server or client connections. - * - * Since v3.2 internally the timeout wait is ignored, the lws scheduler is - * smart enough to stay asleep until an event is queued. - */ -LWS_VISIBLE LWS_EXTERN int -lws_service(struct lws_context *context, int timeout_ms); - -/** - * lws_service_tsi() - Service any pending websocket activity - * - * \param context: Websocket context - * \param timeout_ms: Set to 0; ignored; for backwards compatibility - * \param tsi: Thread service index, starting at 0 - * - * Same as lws_service(), but for a specific thread service index. Only needed - * if you are spawning multiple service threads. - */ -LWS_VISIBLE LWS_EXTERN int -lws_service_tsi(struct lws_context *context, int timeout_ms, int tsi); - -/** - * lws_cancel_service_pt() - Cancel servicing of pending socket activity - * on one thread - * \param wsi: Cancel service on the thread this wsi is serviced by - * - * Same as lws_cancel_service(), but targets a single service thread, the one - * the wsi belongs to. You probably want to use lws_cancel_service() instead. - */ -LWS_VISIBLE LWS_EXTERN void -lws_cancel_service_pt(struct lws *wsi); - -/** - * lws_cancel_service() - Cancel wait for new pending socket activity - * \param context: Websocket context - * - * This function creates an immediate "synchronous interrupt" to the lws poll() - * wait or event loop. As soon as possible in the serialzed service sequencing, - * a LWS_CALLBACK_EVENT_WAIT_CANCELLED callback is sent to every protocol on - * every vhost. - * - * lws_cancel_service() may be called from another thread while the context - * exists, and its effect will be immediately serialized. - */ -LWS_VISIBLE LWS_EXTERN void -lws_cancel_service(struct lws_context *context); - -/** - * lws_service_fd() - Service polled socket with something waiting - * \param context: Websocket context - * \param pollfd: The pollfd entry describing the socket fd and which events - * happened - * - * This function takes a pollfd that has POLLIN or POLLOUT activity and - * services it according to the state of the associated - * struct lws. - * - * The one call deals with all "service" that might happen on a socket - * including listen accepts, http files as well as websocket protocol. - * - * If a pollfd says it has something, you can just pass it to - * lws_service_fd() whether it is a socket handled by lws or not. - * If it sees it is a lws socket, the traffic will be handled and - * pollfd->revents will be zeroed now. - * - * If the socket is foreign to lws, it leaves revents alone. So you can - * see if you should service yourself by checking the pollfd revents - * after letting lws try to service it. - * - * lws before v3.2 allowed pollfd to be NULL, to indicate that background - * periodic processing should be done. Since v3.2, lws schedules any items - * that need handling in the future using lws_sul and NULL is no longer valid. - */ -LWS_VISIBLE LWS_EXTERN int -lws_service_fd(struct lws_context *context, struct lws_pollfd *pollfd); - -/** - * lws_service_fd_tsi() - Service polled socket in specific service thread - * \param context: Websocket context - * \param pollfd: The pollfd entry describing the socket fd and which events - * happened. - * \param tsi: thread service index - * - * Same as lws_service_fd() but used with multiple service threads - */ -LWS_VISIBLE LWS_EXTERN int -lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, - int tsi); - -/** - * lws_service_adjust_timeout() - Check for any connection needing forced service - * \param context: Websocket context - * \param timeout_ms: The original poll timeout value. You can just set this - * to 1 if you don't really have a poll timeout. - * \param tsi: thread service index - * - * Under some conditions connections may need service even though there is no - * pending network action on them, this is "forced service". For default - * poll() and libuv / libev, the library takes care of calling this and - * dealing with it for you. But for external poll() integration, you need - * access to the apis. - * - * If anybody needs "forced service", returned timeout is zero. In that case, - * you can call lws_service_tsi() with a timeout of -1 to only service - * guys who need forced service. - */ -LWS_VISIBLE LWS_EXTERN int -lws_service_adjust_timeout(struct lws_context *context, int timeout_ms, int tsi); - -/* Backwards compatibility */ -#define lws_plat_service_tsi lws_service_tsi - -LWS_VISIBLE LWS_EXTERN int -lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd); - -///@} - -/*! \defgroup uv libuv helpers - * - * ##libuv helpers - * - * APIs specific to libuv event loop itegration - */ -///@{ -#ifdef LWS_WITH_LIBUV -/* - * Any direct libuv allocations in lws protocol handlers must participate in the - * lws reference counting scheme. Two apis are provided: - * - * - lws_libuv_static_refcount_add(handle, context) to mark the handle with - * a pointer to the context and increment the global uv object counter - * - * - lws_libuv_static_refcount_del() which should be used as the close callback - * for your own libuv objects declared in the protocol scope. - * - * Using the apis allows lws to detach itself from a libuv loop completely - * cleanly and at the moment all of its libuv objects have completed close. - */ - -LWS_VISIBLE LWS_EXTERN uv_loop_t * -lws_uv_getloop(struct lws_context *context, int tsi); - -LWS_VISIBLE LWS_EXTERN void -lws_libuv_static_refcount_add(uv_handle_t *, struct lws_context *context); - -LWS_VISIBLE LWS_EXTERN void -lws_libuv_static_refcount_del(uv_handle_t *); - -#endif /* LWS_WITH_LIBUV */ - -#if defined(LWS_WITH_ESP32) -#define lws_libuv_static_refcount_add(_a, _b) -#define lws_libuv_static_refcount_del NULL -#endif -///@} diff --git a/include/libwebsockets/lws-sha1-base64.h b/include/libwebsockets/lws-sha1-base64.h deleted file mode 100644 index 5a2bfdb..0000000 --- a/include/libwebsockets/lws-sha1-base64.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup sha SHA and B64 helpers - * ##SHA and B64 helpers - * - * These provide SHA-1 and B64 helper apis - */ -///@{ -#ifdef LWS_SHA1_USE_OPENSSL_NAME -#define lws_SHA1 SHA1 -#else -/** - * lws_SHA1(): make a SHA-1 digest of a buffer - * - * \param d: incoming buffer - * \param n: length of incoming buffer - * \param md: buffer for message digest (must be >= 20 bytes) - * - * Reduces any size buffer into a 20-byte SHA-1 hash. - */ -LWS_VISIBLE LWS_EXTERN unsigned char * -lws_SHA1(const unsigned char *d, size_t n, unsigned char *md); -#endif -/** - * lws_b64_encode_string(): encode a string into base 64 - * - * \param in: incoming buffer - * \param in_len: length of incoming buffer - * \param out: result buffer - * \param out_size: length of result buffer - * - * Encodes a string using b64 - */ -LWS_VISIBLE LWS_EXTERN int -lws_b64_encode_string(const char *in, int in_len, char *out, int out_size); -/** - * lws_b64_encode_string_url(): encode a string into base 64 - * - * \param in: incoming buffer - * \param in_len: length of incoming buffer - * \param out: result buffer - * \param out_size: length of result buffer - * - * Encodes a string using b64 with the "URL" variant (+ -> -, and / -> _) - */ -LWS_VISIBLE LWS_EXTERN int -lws_b64_encode_string_url(const char *in, int in_len, char *out, int out_size); -/** - * lws_b64_decode_string(): decode a string from base 64 - * - * \param in: incoming buffer - * \param out: result buffer - * \param out_size: length of result buffer - * - * Decodes a NUL-terminated string using b64 - */ -LWS_VISIBLE LWS_EXTERN int -lws_b64_decode_string(const char *in, char *out, int out_size); -/** - * lws_b64_decode_string_len(): decode a string from base 64 - * - * \param in: incoming buffer - * \param in_len: length of incoming buffer - * \param out: result buffer - * \param out_size: length of result buffer - * - * Decodes a range of chars using b64 - */ -LWS_VISIBLE LWS_EXTERN int -lws_b64_decode_string_len(const char *in, int in_len, char *out, int out_size); -///@} - diff --git a/include/libwebsockets/lws-spa.h b/include/libwebsockets/lws-spa.h deleted file mode 100644 index 448f2da..0000000 --- a/include/libwebsockets/lws-spa.h +++ /dev/null @@ -1,175 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup form-parsing Form Parsing - * \ingroup http - * ##POSTed form parsing functions - * - * These lws_spa (stateful post arguments) apis let you parse and urldecode - * POSTed form arguments, both using simple urlencoded and multipart transfer - * encoding. - * - * It's capable of handling file uploads as well a named input parsing, - * and the apis are the same for both form upload styles. - * - * You feed it a list of parameter names and it creates pointers to the - * urldecoded arguments: file upload parameters pass the file data in chunks to - * a user-supplied callback as they come. - * - * Since it's stateful, it handles the incoming data needing more than one - * POST_BODY callback and has no limit on uploaded file size. - */ -///@{ - -/** enum lws_spa_fileupload_states */ -enum lws_spa_fileupload_states { - LWS_UFS_CONTENT, - /**< a chunk of file content has arrived */ - LWS_UFS_FINAL_CONTENT, - /**< the last chunk (possibly zero length) of file content has arrived */ - LWS_UFS_OPEN, - /**< a new file is starting to arrive */ - LWS_UFS_CLOSE - /**< the file decode stuff is being destroyed */ -}; - -/** - * lws_spa_fileupload_cb() - callback to receive file upload data - * - * \param data: opt_data pointer set in lws_spa_create - * \param name: name of the form field being uploaded - * \param filename: original filename from client - * \param buf: start of data to receive - * \param len: length of data to receive - * \param state: information about how this call relates to file - * - * Notice name and filename shouldn't be trusted, as they are passed from - * HTTP provided by the client. - */ -typedef int (*lws_spa_fileupload_cb)(void *data, const char *name, - const char *filename, char *buf, int len, - enum lws_spa_fileupload_states state); - -/** struct lws_spa - opaque urldecode parser capable of handling multipart - * and file uploads */ -struct lws_spa; - -/** - * lws_spa_create() - create urldecode parser - * - * \param wsi: lws connection (used to find Content Type) - * \param param_names: array of form parameter names, like "username" - * \param count_params: count of param_names - * \param max_storage: total amount of form parameter values we can store - * \param opt_cb: NULL, or callback to receive file upload data. - * \param opt_data: NULL, or user pointer provided to opt_cb. - * - * Creates a urldecode parser and initializes it. - * - * It's recommended to use the newer api, lws_spa_create_via_info() - * instead. - * - * opt_cb can be NULL if you just want normal name=value parsing, however - * if one or more entries in your form are bulk data (file transfer), you - * can provide this callback and filter on the name callback parameter to - * treat that urldecoded data separately. The callback should return -1 - * in case of fatal error, and 0 if OK. - */ -LWS_VISIBLE LWS_EXTERN struct lws_spa * -lws_spa_create(struct lws *wsi, const char * const *param_names, - int count_params, int max_storage, lws_spa_fileupload_cb opt_cb, - void *opt_data); - -typedef struct lws_spa_create_info { - const char * const *param_names; /* array of form parameter names, like "username" */ - int count_params; /* count of param_names */ - int max_storage; /* total amount of form parameter values we can store */ - lws_spa_fileupload_cb opt_cb; /* NULL, or callback to receive file upload data. */ - void *opt_data; /* NULL, or user pointer provided to opt_cb. */ - size_t param_names_stride; /* 0 if param_names is an array of char *. - Else stride to next char * */ - struct lwsac **ac; /* NULL, or pointer to lwsac * to contain all - related heap allocations */ - size_t ac_chunk_size; /* 0 for default, or ac chunk size */ -} lws_spa_create_info_t; - -/** - * lws_spa_create_via_info() - create urldecode parser - * - * \param wsi: lws connection (used to find Content Type) - * \param info: pointer to struct defining the arguments - * - * Creates a urldecode parser and initializes it. - * - * opt_cb can be NULL if you just want normal name=value parsing, however - * if one or more entries in your form are bulk data (file transfer), you - * can provide this callback and filter on the name callback parameter to - * treat that urldecoded data separately. The callback should return -1 - * in case of fatal error, and 0 if OK. - */ -LWS_VISIBLE LWS_EXTERN struct lws_spa * -lws_spa_create_via_info(struct lws *wsi, const lws_spa_create_info_t *info); - -/** - * lws_spa_process() - parses a chunk of input data - * - * \param spa: the parser object previously created - * \param in: incoming urlencoded data - * \param len: count of bytes valid at \p in - */ -LWS_VISIBLE LWS_EXTERN int -lws_spa_process(struct lws_spa *spa, const char *in, int len); - -/** - * lws_spa_finalize() - indicate incoming data completed - * - * \param spa: the parser object previously created - */ -LWS_VISIBLE LWS_EXTERN int -lws_spa_finalize(struct lws_spa *spa); - -/** - * lws_spa_get_length() - return length of parameter value - * - * \param spa: the parser object previously created - * \param n: parameter ordinal to return length of value for - */ -LWS_VISIBLE LWS_EXTERN int -lws_spa_get_length(struct lws_spa *spa, int n); - -/** - * lws_spa_get_string() - return pointer to parameter value - * \param spa: the parser object previously created - * \param n: parameter ordinal to return pointer to value for - */ -LWS_VISIBLE LWS_EXTERN const char * -lws_spa_get_string(struct lws_spa *spa, int n); - -/** - * lws_spa_destroy() - destroy parser object - * - * \param spa: the parser object previously created - */ -LWS_VISIBLE LWS_EXTERN int -lws_spa_destroy(struct lws_spa *spa); -///@} diff --git a/include/libwebsockets/lws-stats.h b/include/libwebsockets/lws-stats.h deleted file mode 100644 index 58d02de..0000000 --- a/include/libwebsockets/lws-stats.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* - * Stats are all uint64_t numbers that start at 0. - * Index names here have the convention - * - * _C_ counter - * _B_ byte count - * _MS_ millisecond count - */ - -enum { - LWSSTATS_C_CONNECTIONS, /**< count incoming connections */ - LWSSTATS_C_API_CLOSE, /**< count calls to close api */ - LWSSTATS_C_API_READ, /**< count calls to read from socket api */ - LWSSTATS_C_API_LWS_WRITE, /**< count calls to lws_write API */ - LWSSTATS_C_API_WRITE, /**< count calls to write API */ - LWSSTATS_C_WRITE_PARTIALS, /**< count of partial writes */ - LWSSTATS_C_WRITEABLE_CB_REQ, /**< count of writable callback requests */ - LWSSTATS_C_WRITEABLE_CB_EFF_REQ, /**< count of effective writable callback requests */ - LWSSTATS_C_WRITEABLE_CB, /**< count of writable callbacks */ - LWSSTATS_C_SSL_CONNECTIONS_FAILED, /**< count of failed SSL connections */ - LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED, /**< count of accepted SSL connections */ - LWSSTATS_C_SSL_ACCEPT_SPIN, /**< count of SSL_accept() attempts */ - LWSSTATS_C_SSL_CONNS_HAD_RX, /**< count of accepted SSL conns that have had some RX */ - LWSSTATS_C_TIMEOUTS, /**< count of timed-out connections */ - LWSSTATS_C_SERVICE_ENTRY, /**< count of entries to lws service loop */ - LWSSTATS_B_READ, /**< aggregate bytes read */ - LWSSTATS_B_WRITE, /**< aggregate bytes written */ - LWSSTATS_B_PARTIALS_ACCEPTED_PARTS, /**< aggreate of size of accepted write data from new partials */ - LWSSTATS_US_SSL_ACCEPT_LATENCY_AVG, /**< aggregate delay in accepting connection */ - LWSSTATS_US_WRITABLE_DELAY_AVG, /**< aggregate delay between asking for writable and getting cb */ - LWSSTATS_US_WORST_WRITABLE_DELAY, /**< single worst delay between asking for writable and getting cb */ - LWSSTATS_US_SSL_RX_DELAY_AVG, /**< aggregate delay between ssl accept complete and first RX */ - LWSSTATS_C_PEER_LIMIT_AH_DENIED, /**< number of times we would have given an ah but for the peer limit */ - LWSSTATS_C_PEER_LIMIT_WSI_DENIED, /**< number of times we would have given a wsi but for the peer limit */ - LWSSTATS_C_CONNS_CLIENT, /**< attempted client conns */ - LWSSTATS_C_CONNS_CLIENT_FAILED, /**< failed client conns */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility - * - * UPDATE stat_names in stats.c in sync with this! - */ - LWSSTATS_SIZE -}; - -#if defined(LWS_WITH_STATS) - -LWS_VISIBLE LWS_EXTERN uint64_t -lws_stats_get(struct lws_context *context, int index); -LWS_VISIBLE LWS_EXTERN void -lws_stats_log_dump(struct lws_context *context); -#else -static LWS_INLINE uint64_t -lws_stats_get(struct lws_context *context, int index) { (void)context; (void)index; return 0; } -static LWS_INLINE void -lws_stats_log_dump(struct lws_context *context) { (void)context; } -#endif diff --git a/include/libwebsockets/lws-struct.h b/include/libwebsockets/lws-struct.h deleted file mode 100644 index 0d02f59..0000000 --- a/include/libwebsockets/lws-struct.h +++ /dev/null @@ -1,258 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -#if defined(LWS_WITH_STRUCT_SQLITE3) -#include -#endif - -typedef enum { - LSMT_SIGNED, - LSMT_UNSIGNED, - LSMT_BOOLEAN, - LSMT_STRING_CHAR_ARRAY, - LSMT_STRING_PTR, - LSMT_LIST, - LSMT_CHILD_PTR, - LSMT_SCHEMA, - -} lws_struct_map_type_eum; - -typedef struct lejp_collation { - struct lws_dll2 chunks; - int len; - char buf[LEJP_STRING_CHUNK + 1]; -} lejp_collation_t; - -typedef struct lws_struct_map { - const char *colname; - const struct lws_struct_map *child_map; - lejp_callback lejp_cb; - size_t ofs; /* child dll2; points to dll2_owner */ - size_t aux; - size_t ofs_clist; - size_t child_map_size; - lws_struct_map_type_eum type; -} lws_struct_map_t; - -typedef int (*lws_struct_args_cb)(void *obj, void *cb_arg); - -typedef struct lws_struct_args { - const lws_struct_map_t *map_st[LEJP_MAX_PARSING_STACK_DEPTH]; - lws_struct_args_cb cb; - struct lwsac *ac; - void *cb_arg; - void *dest; - - size_t dest_len; - size_t toplevel_dll2_ofs; - size_t map_entries_st[LEJP_MAX_PARSING_STACK_DEPTH]; - size_t ac_block_size; - int subtype; - - /* - * temp ac used to collate unknown possibly huge strings before final - * allocation and copy - */ - struct lwsac *ac_chunks; - struct lws_dll2_owner chunks_owner; - size_t chunks_length; -} lws_struct_args_t; - -#define LSM_SIGNED(type, name, qname) \ - { \ - qname, \ - NULL, \ - NULL, \ - offsetof(type, name), \ - sizeof ((type *)0)->name, \ - 0, \ - 0, \ - LSMT_SIGNED \ - } - -#define LSM_UNSIGNED(type, name, qname) \ - { \ - qname, \ - NULL, \ - NULL, \ - offsetof(type, name), \ - sizeof ((type *)0)->name, \ - 0, \ - 0, \ - LSMT_UNSIGNED \ - } - -#define LSM_BOOLEAN(type, name, qname) \ - { \ - qname, \ - NULL, \ - NULL, \ - offsetof(type, name), \ - sizeof ((type *)0)->name, \ - 0, \ - 0, \ - LSMT_BOOLEAN \ - } - -#define LSM_CARRAY(type, name, qname) \ - { \ - qname, \ - NULL, \ - NULL, \ - offsetof(type, name), \ - sizeof (((type *)0)->name), \ - 0, \ - 0, \ - LSMT_STRING_CHAR_ARRAY \ - } - -#define LSM_STRING_PTR(type, name, qname) \ - { \ - qname, \ - NULL, \ - NULL, \ - offsetof(type, name), \ - sizeof (((type *)0)->name), \ - 0, \ - 0, \ - LSMT_STRING_PTR \ - } - -#define LSM_LIST(ptype, pname, ctype, cname, lejp_cb, cmap, qname) \ - { \ - qname, \ - cmap, \ - lejp_cb, \ - offsetof(ptype, pname), \ - sizeof (ctype), \ - offsetof(ctype, cname), \ - LWS_ARRAY_SIZE(cmap), \ - LSMT_LIST \ - } - -#define LSM_CHILD_PTR(ptype, pname, ctype, lejp_cb, cmap, qname) \ - { \ - qname, \ - cmap, \ - lejp_cb, \ - offsetof(ptype, pname), \ - sizeof (ctype), \ - 0, \ - LWS_ARRAY_SIZE(cmap), \ - LSMT_CHILD_PTR \ - } - -#define LSM_SCHEMA(ctype, lejp_cb, map, schema_name) \ - { \ - schema_name, \ - map, \ - lejp_cb, \ - 0, \ - sizeof (ctype), \ - 0, \ - LWS_ARRAY_SIZE(map), \ - LSMT_SCHEMA \ - } - -#define LSM_SCHEMA_DLL2(ctype, cdll2mem, lejp_cb, map, schema_name) \ - { \ - schema_name, \ - map, \ - lejp_cb, \ - offsetof(ctype, cdll2mem), \ - sizeof (ctype), \ - 0, \ - LWS_ARRAY_SIZE(map), \ - LSMT_SCHEMA \ - } - -typedef struct lws_struct_serialize_st { - const struct lws_dll2 *dllpos; - const lws_struct_map_t *map; - const char *obj; - size_t map_entries; - size_t map_entry; - size_t size; - char subsequent; - char idt; -} lws_struct_serialize_st_t; - -enum { - LSSERJ_FLAG_PRETTY = 1 -}; - -typedef struct lws_struct_serialize { - lws_struct_serialize_st_t st[LEJP_MAX_PARSING_STACK_DEPTH]; - - size_t offset; - size_t remaining; - - int sp; - int flags; -} lws_struct_serialize_t; - -typedef enum { - LSJS_RESULT_CONTINUE, - LSJS_RESULT_FINISH, - LSJS_RESULT_ERROR -} lws_struct_json_serialize_result_t; - -LWS_VISIBLE LWS_EXTERN int -lws_struct_json_init_parse(struct lejp_ctx *ctx, lejp_callback cb, - void *user); - -LWS_VISIBLE LWS_EXTERN signed char -lws_struct_schema_only_lejp_cb(struct lejp_ctx *ctx, char reason); - -LWS_VISIBLE LWS_EXTERN signed char -lws_struct_default_lejp_cb(struct lejp_ctx *ctx, char reason); - -LWS_VISIBLE LWS_EXTERN lws_struct_serialize_t * -lws_struct_json_serialize_create(const lws_struct_map_t *map, - size_t map_entries, int flags, void *ptoplevel); - -LWS_VISIBLE LWS_EXTERN void -lws_struct_json_serialize_destroy(lws_struct_serialize_t **pjs); - -LWS_VISIBLE LWS_EXTERN lws_struct_json_serialize_result_t -lws_struct_json_serialize(lws_struct_serialize_t *js, uint8_t *buf, - size_t len, size_t *written); - -#if defined(LWS_WITH_STRUCT_SQLITE3) - -LWS_VISIBLE LWS_EXTERN int -lws_struct_sq3_deserialize(sqlite3 *pdb, const lws_struct_map_t *schema, - lws_dll2_owner_t *o, struct lwsac **ac, - uint64_t start, int limit); - -LWS_VISIBLE LWS_EXTERN int -lws_struct_sq3_create_table(sqlite3 *pdb, const lws_struct_map_t *schema); - -LWS_VISIBLE LWS_EXTERN int -lws_struct_sq3_open(struct lws_context *context, const char *sqlite3_path, - sqlite3 **pdb); - -LWS_VISIBLE LWS_EXTERN int -lws_struct_sq3_close(sqlite3 **pdb); - -#endif diff --git a/include/libwebsockets/lws-system.h b/include/libwebsockets/lws-system.h deleted file mode 100644 index 6ad2f7a..0000000 --- a/include/libwebsockets/lws-system.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - * - * This provides a clean way to interface lws user code to be able to - * work unchanged on different systems for fetching common system information, - * and performing common system operations like reboot. - * - * An ops struct with the system-specific implementations is set at - * context creation time, and apis are provided that call through to - * those where they exist. - */ - -typedef enum { - LWS_SYSI_HRS_DEVICE_MODEL = 1, - LWS_SYSI_HRS_DEVICE_SERIAL, - LWS_SYSI_HRS_FIRMWARE_VERSION, - - LWS_SYSI_USER_BASE = 100 -} lws_system_item_t; - -typedef union { - const char *hrs; /* human readable string */ - void *data; - time_t t; -} lws_system_arg_t; - -typedef struct lws_system_ops { - int (*get_info)(lws_system_item_t i, lws_system_arg_t arg, size_t *len); - int (*reboot)(void); -} lws_system_ops_t; - -/* wrappers handle NULL members or no ops struct set at all cleanly */ - -/** - * lws_system_get_info() - get standardized system information - * - * \param context: the lws_context - * \param item: which information to fetch - * \param arg: where to place the result - * \param len: incoming: max length of result, outgoing: used length of result - * - * This queries a standardized information-fetching ops struct that can be - * applied to the context... the advantage is it allows you to get common items - * of information like a device serial number writing the code once, even if the - * actual serial number muse be fetched in wildly different ways depending on - * the exact platform it's running on. - * - * Set arg and *len on entry to be the result location and the max length that - * can be used there, on seccessful exit *len is set to the actual length and - * 0 is returned. On error, 1 is returned. - */ -LWS_EXTERN LWS_VISIBLE int -lws_system_get_info(struct lws_context *context, lws_system_item_t item, - lws_system_arg_t arg, size_t *len); - - -/** - * lws_system_reboot() - if provided, use the lws_system ops to reboot - * - * \param context: the lws_context - * - * If possible, the system will reboot. Otherwise returns 1. - */ -LWS_EXTERN LWS_VISIBLE int -lws_system_reboot(struct lws_context *context); diff --git a/include/libwebsockets/lws-test-sequencer.h b/include/libwebsockets/lws-test-sequencer.h deleted file mode 100644 index 45680b0..0000000 --- a/include/libwebsockets/lws-test-sequencer.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - * - * lws_test_sequencer manages running an array of unit tests. - */ - -typedef void (*lws_test_sequence_cb)(const void *cb_user); - -typedef struct lws_test_sequencer_args { - lws_abs_t *abs; /* abstract protocol + unit test txport */ - lws_unit_test_t *tests; /* array of lws_unit_test_t */ - int *results; /* takes result dispositions */ - int results_max; /* max space usable in results */ - int *count_tests; /* count of done tests */ - int *count_passes; /* count of passed tests */ - lws_test_sequence_cb cb; /* completion callback */ - void *cb_user; /* opaque user ptr given to cb */ -} lws_test_sequencer_args_t; - -/** - * lws_abs_unit_test_sequencer() - helper to sequence multiple unit tests - * - * \param args: lws_test_sequencer_args_t prepared with arguments for the tests - * - * This helper sequences one or more unit tests to run and collects the results. - * - * The incoming abs should be set up for the abstract protocol you want to test - * and the lws unit-test transport. - * - * Results are one of - * - * LPE_SUCCEEDED - * LPE_FAILED - * LPE_FAILED_UNEXPECTED_TIMEOUT - * LPE_FAILED_UNEXPECTED_PASS - * LPE_FAILED_UNEXPECTED_CLOSE - * - * The callback args->cb is called when the tests have been done. - */ -LWS_VISIBLE LWS_EXTERN int -lws_abs_unit_test_sequencer(const lws_test_sequencer_args_t *args); diff --git a/include/libwebsockets/lws-threadpool.h b/include/libwebsockets/lws-threadpool.h deleted file mode 100644 index eb6c6e1..0000000 --- a/include/libwebsockets/lws-threadpool.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup threadpool Threadpool related functions - * ##Threadpool - * \ingroup lwsapi - * - * This allows you to create one or more pool of threads which can run tasks - * associated with a wsi. If the pool is busy, tasks wait on a queue. - * - * Tasks don't have to be atomic, if they will take more than a few tens of ms - * they should return back to the threadpool worker with a return of 0. This - * will allow them to abort cleanly. - */ -//@{ - -struct lws_threadpool; -struct lws_threadpool_task; - -enum lws_threadpool_task_status { - LWS_TP_STATUS_QUEUED, - LWS_TP_STATUS_RUNNING, - LWS_TP_STATUS_SYNCING, - LWS_TP_STATUS_STOPPING, - LWS_TP_STATUS_FINISHED, /* lws_threadpool_task_status() frees task */ - LWS_TP_STATUS_STOPPED, /* lws_threadpool_task_status() frees task */ -}; - -enum lws_threadpool_task_return { - /** Still work to do, just confirming not being stopped */ - LWS_TP_RETURN_CHECKING_IN, - /** Still work to do, enter cond_wait until service thread syncs. This - * is used if you have filled your buffer(s) of data to the service - * thread and are blocked until the service thread completes sending at - * least one. - */ - LWS_TP_RETURN_SYNC, - /** No more work to do... */ - LWS_TP_RETURN_FINISHED, - /** Responding to request to stop */ - LWS_TP_RETURN_STOPPED, - - /* OR on to indicate this task wishes to outlive its wsi */ - LWS_TP_RETURN_FLAG_OUTLIVE = 64 -}; - -struct lws_threadpool_create_args { - int threads; - int max_queue_depth; -}; - -struct lws_threadpool_task_args { - struct lws *wsi; /**< user must set to wsi task is bound to */ - void *user; /**< user may set (user-private pointer) */ - const char *name; /**< user may set to describe task */ - char async_task; /**< set to allow the task to shrug off the loss - of the associated wsi and continue to - completion */ - enum lws_threadpool_task_return (*task)(void *user, - enum lws_threadpool_task_status s); - /**< user must set to actual task function */ - void (*cleanup)(struct lws *wsi, void *user); - /**< socket lifecycle may end while task is not stoppable, so the task - * must be able to detach from any wsi and clean itself up when it does - * stop. If NULL, no cleanup necessary, otherwise point to a user- - * supplied function that destroys the stuff in \p user. - * - * wsi may be NULL on entry, indicating the task got detached due to the - * wsi closing before. - */ -}; - -/** - * lws_threadpool_create() - create a pool of worker threads - * - * \param context: the lws_context the threadpool will exist inside - * \param args: argument struct prepared by caller - * \param format: printf-type format for the task name - * \param ...: printf type args for the task name format - * - * Creates a pool of worker threads with \p threads and a queue of up to - * \p max_queue_depth waiting tasks if all the threads are busy. - * - * Returns NULL if OOM, or a struct lws_threadpool pointer that must be - * destroyed by lws_threadpool_destroy(). - */ -LWS_VISIBLE LWS_EXTERN struct lws_threadpool * -lws_threadpool_create(struct lws_context *context, - const struct lws_threadpool_create_args *args, - const char *format, ...) LWS_FORMAT(3); - -/** - * lws_threadpool_finish() - Stop all pending and running tasks - * - * \param tp: the threadpool object - * - * Marks the threadpool as under destruction. Removes everything from the - * pending queue and completes those tasks as LWS_TP_STATUS_STOPPED. - * - * Running tasks will also get LWS_TP_STATUS_STOPPED as soon as they - * "resurface". - * - * This doesn't reap tasks or free the threadpool, the reaping is done by the - * lws_threadpool_task_status() on the done task. - */ -LWS_VISIBLE LWS_EXTERN void -lws_threadpool_finish(struct lws_threadpool *tp); - -/** - * lws_threadpool_destroy() - Destroy a threadpool - * - * \param tp: the threadpool object - * - * Waits for all worker threads to stop, ends the threads and frees the tp. - */ -LWS_VISIBLE LWS_EXTERN void -lws_threadpool_destroy(struct lws_threadpool *tp); - -/** - * lws_threadpool_enqueue() - Queue the task and run it on a worker thread when possible - * - * \param tp: the threadpool to queue / run on - * \param args: information about what to run - * \param format: printf-type format for the task name - * \param ...: printf type args for the task name format - * - * This asks for a task to run ASAP on a worker thread in threadpool \p tp. - * - * The args defines the wsi, a user-private pointer, a timeout in secs and - * a pointer to the task function. - * - * Returns NULL or an opaque pointer to the queued (or running, or completed) - * task. - * - * Once a task is created and enqueued, it can only be destroyed by calling - * lws_threadpool_task_status() on it after it has reached the state - * LWS_TP_STATUS_FINISHED or LWS_TP_STATUS_STOPPED. - */ -LWS_VISIBLE LWS_EXTERN struct lws_threadpool_task * -lws_threadpool_enqueue(struct lws_threadpool *tp, - const struct lws_threadpool_task_args *args, - const char *format, ...) LWS_FORMAT(3); - -/** - * lws_threadpool_dequeue() - Dequeue or try to stop a running task - * - * \param wsi: the wsi whose current task we want to eliminate - * - * Returns 0 is the task was dequeued or already compeleted, or 1 if the task - * has been asked to stop asynchronously. - * - * This doesn't free the task. It only shortcuts it to state - * LWS_TP_STATUS_STOPPED. lws_threadpool_task_status() must be performed on - * the task separately once it is in LWS_TP_STATUS_STOPPED to free the task. - */ -LWS_VISIBLE LWS_EXTERN int -lws_threadpool_dequeue(struct lws *wsi); - -/** - * lws_threadpool_task_status() - Dequeue or try to stop a running task - * - * \param wsi: the wsi to query the current task of - * \param task: receives a pointer to the opaque task - * \param user: receives a void * pointer to the task user data - * - * This is the equivalent of posix waitpid()... it returns the status of the - * task, and if the task is in state LWS_TP_STATUS_FINISHED or - * LWS_TP_STATUS_STOPPED, frees \p task. If in another state, the task - * continues to exist. - * - * This is designed to be called from the service thread. - * - * Its use is to make sure the service thread has seen the state of the task - * before deleting it. - */ -LWS_VISIBLE LWS_EXTERN enum lws_threadpool_task_status -lws_threadpool_task_status_wsi(struct lws *wsi, - struct lws_threadpool_task **task, void **user); - -/** - * lws_threadpool_task_sync() - Indicate to a stalled task it may continue - * - * \param task: the task to unblock - * \param stop: 0 = run after unblock, 1 = when he unblocks, stop him - * - * Inform the task that the service thread has finished with the shared data - * and that the task, if blocked in LWS_TP_RETURN_SYNC, may continue. - * - * If the lws service context determined that the task must be aborted, it - * should still call this but with stop = 1, causing the task to finish. - */ -LWS_VISIBLE LWS_EXTERN void -lws_threadpool_task_sync(struct lws_threadpool_task *task, int stop); - -/** - * lws_threadpool_dump() - dump the state of a threadpool to the log - * - * \param tp: The threadpool to dump - * - * This locks the threadpool and then dumps the pending queue, the worker - * threads and the done queue, together with time information for how long - * the tasks have been in their current state, how long they have occupied a - * thread, etc. - * - * This only does anything on lws builds with CMAKE_BUILD_TYPE=DEBUG, otherwise - * while it still exists, it's a NOP. - */ - -LWS_VISIBLE LWS_EXTERN void -lws_threadpool_dump(struct lws_threadpool *tp); -//@} diff --git a/include/libwebsockets/lws-timeout-timer.h b/include/libwebsockets/lws-timeout-timer.h deleted file mode 100644 index 57e70d4..0000000 --- a/include/libwebsockets/lws-timeout-timer.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup timeout Connection timeouts - - APIs related to setting connection timeouts -*/ -//@{ - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -enum pending_timeout { - NO_PENDING_TIMEOUT = 0, - PENDING_TIMEOUT_AWAITING_PROXY_RESPONSE = 1, - PENDING_TIMEOUT_AWAITING_CONNECT_RESPONSE = 2, - PENDING_TIMEOUT_ESTABLISH_WITH_SERVER = 3, - PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE = 4, - PENDING_TIMEOUT_AWAITING_PING = 5, - PENDING_TIMEOUT_CLOSE_ACK = 6, - PENDING_TIMEOUT_UNUSED1 = 7, - PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE = 8, - PENDING_TIMEOUT_SSL_ACCEPT = 9, - PENDING_TIMEOUT_HTTP_CONTENT = 10, - PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND = 11, - PENDING_FLUSH_STORED_SEND_BEFORE_CLOSE = 12, - PENDING_TIMEOUT_SHUTDOWN_FLUSH = 13, - PENDING_TIMEOUT_CGI = 14, - PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE = 15, - PENDING_TIMEOUT_WS_PONG_CHECK_SEND_PING = 16, - PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG = 17, - PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD = 18, - PENDING_TIMEOUT_AWAITING_SOCKS_GREETING_REPLY = 19, - PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY = 20, - PENDING_TIMEOUT_AWAITING_SOCKS_AUTH_REPLY = 21, - PENDING_TIMEOUT_KILLED_BY_SSL_INFO = 22, - PENDING_TIMEOUT_KILLED_BY_PARENT = 23, - PENDING_TIMEOUT_CLOSE_SEND = 24, - PENDING_TIMEOUT_HOLDING_AH = 25, - PENDING_TIMEOUT_UDP_IDLE = 26, - PENDING_TIMEOUT_CLIENT_CONN_IDLE = 27, - PENDING_TIMEOUT_LAGGING = 28, - PENDING_TIMEOUT_THREADPOOL = 29, - PENDING_TIMEOUT_THREADPOOL_TASK = 30, - PENDING_TIMEOUT_KILLED_BY_PROXY_CLIENT_CLOSE = 31, - PENDING_TIMEOUT_USER_OK = 32, - - /****** add new things just above ---^ ******/ - - PENDING_TIMEOUT_USER_REASON_BASE = 1000 -}; - -#define lws_time_in_microseconds lws_now_usecs - -#define LWS_TO_KILL_ASYNC -1 -/**< If LWS_TO_KILL_ASYNC is given as the timeout sec in a lws_set_timeout() - * call, then the connection is marked to be killed at the next timeout - * check. This is how you should force-close the wsi being serviced if - * you are doing it outside the callback (where you should close by nonzero - * return). - */ -#define LWS_TO_KILL_SYNC -2 -/**< If LWS_TO_KILL_SYNC is given as the timeout sec in a lws_set_timeout() - * call, then the connection is closed before returning (which may delete - * the wsi). This should only be used where the wsi being closed is not the - * wsi currently being serviced. - */ -/** - * lws_set_timeout() - marks the wsi as subject to a timeout some seconds hence - * - * \param wsi: Websocket connection instance - * \param reason: timeout reason - * \param secs: how many seconds. You may set to LWS_TO_KILL_ASYNC to - * force the connection to timeout at the next opportunity, or - * LWS_TO_KILL_SYNC to close it synchronously if you know the - * wsi is not the one currently being serviced. - */ -LWS_VISIBLE LWS_EXTERN void -lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs); - -/** - * lws_set_timeout_us() - marks the wsi as subject to a timeout some us hence - * - * \param wsi: Websocket connection instance - * \param reason: timeout reason - * \param us: 0 removes the timeout, otherwise number of us to wait - * - * Higher-resolution version of lws_set_timeout(). Actual resolution depends - * on platform and load, usually ms. - */ -void -lws_set_timeout_us(struct lws *wsi, enum pending_timeout reason, lws_usec_t us); - -#define LWS_SET_TIMER_USEC_CANCEL ((lws_usec_t)-1ll) -#define LWS_USEC_PER_SEC ((lws_usec_t)1000000) - -/** - * lws_set_timer_usecs() - schedules a callback on the wsi in the future - * - * \param wsi: Websocket connection instance - * \param usecs: LWS_SET_TIMER_USEC_CANCEL removes any existing scheduled - * callback, otherwise number of microseconds in the future - * the callback will occur at. - * - * NOTE: event loop support for this: - * - * default poll() loop: yes - * libuv event loop: yes - * libev: not implemented (patch welcome) - * libevent: not implemented (patch welcome) - * - * After the deadline expires, the wsi will get a callback of type - * LWS_CALLBACK_TIMER and the timer is exhausted. The deadline may be - * continuously deferred by further calls to lws_set_timer_usecs() with a later - * deadline, or cancelled by lws_set_timer_usecs(wsi, -1). - * - * If the timer should repeat, lws_set_timer_usecs() must be called again from - * LWS_CALLBACK_TIMER. - * - * Accuracy depends on the platform and the load on the event loop or system... - * all that's guaranteed is the callback will come after the requested wait - * period. - */ -LWS_VISIBLE LWS_EXTERN void -lws_set_timer_usecs(struct lws *wsi, lws_usec_t usecs); - -/* - * lws_timed_callback_vh_protocol() - calls back a protocol on a vhost after - * the specified delay in seconds - * - * \param vh: the vhost to call back - * \param protocol: the protocol to call back - * \param reason: callback reason - * \param secs: how many seconds in the future to do the callback. - * - * Callback the specified protocol with a fake wsi pointing to the specified - * vhost and protocol, with the specified reason, at the specified time in the - * future. - * - * Returns 0 if OK or 1 on OOM. - * - * In the multithreaded service case, the callback will occur in the same - * service thread context as the call to this api that requested it. If it is - * called from a non-service thread, tsi 0 will handle it. - */ -LWS_VISIBLE LWS_EXTERN int -lws_timed_callback_vh_protocol(struct lws_vhost *vh, - const struct lws_protocols *prot, - int reason, int secs); - -/* - * lws_timed_callback_vh_protocol_us() - calls back a protocol on a vhost after - * the specified delay in us - * - * \param vh: the vhost to call back - * \param protocol: the protocol to call back - * \param reason: callback reason - * \param us: how many us in the future to do the callback. - * - * Callback the specified protocol with a fake wsi pointing to the specified - * vhost and protocol, with the specified reason, at the specified time in the - * future. - * - * Returns 0 if OK or 1 on OOM. - * - * In the multithreaded service case, the callback will occur in the same - * service thread context as the call to this api that requested it. If it is - * called from a non-service thread, tsi 0 will handle it. - */ -LWS_VISIBLE LWS_EXTERN int -lws_timed_callback_vh_protocol_us(struct lws_vhost *vh, - const struct lws_protocols *prot, int reason, - lws_usec_t us); - - -typedef void (*sul_cb_t)(lws_sorted_usec_list_t *sul); - -struct lws_sorted_usec_list { - struct lws_dll2 list; /* simplify the code by keeping this at start */ - sul_cb_t cb; - lws_usec_t us; -}; - - -/* - * lws_sul_schedule() - schedule a callback - * - * \param context: the lws_context - * \param tsi: the thread service index (usually 0) - * \param sul: pointer to the sul element - * \param cb: the scheduled callback - * \param us: the delay before the callback arrives, or - * LWS_SET_TIMER_USEC_CANCEL to cancel it. - * - * Generic callback-at-a-later time function. The callback happens on the - * event loop thread context. - * - * Although the api has us resultion, the actual resolution depends on the - * platform and is commonly 1ms. - * - * This doesn't allocate and doesn't fail. - * - * You can call it again with another us value to change the delay. - */ -LWS_VISIBLE LWS_EXTERN void -lws_sul_schedule(struct lws_context *context, int tsi, - lws_sorted_usec_list_t *sul, sul_cb_t cb, lws_usec_t us); - -///@} diff --git a/include/libwebsockets/lws-tokenize.h b/include/libwebsockets/lws-tokenize.h deleted file mode 100644 index 0e14284..0000000 --- a/include/libwebsockets/lws-tokenize.h +++ /dev/null @@ -1,138 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/* Do not treat - as a terminal character, so "my-token" is one token */ -#define LWS_TOKENIZE_F_MINUS_NONTERM (1 << 0) -/* Separately report aggregate colon-delimited tokens */ -#define LWS_TOKENIZE_F_AGG_COLON (1 << 1) -/* Enforce sequencing for a simple token , token , token ... list */ -#define LWS_TOKENIZE_F_COMMA_SEP_LIST (1 << 2) -/* Allow more characters in the tokens and less delimiters... default is - * only alphanumeric + underscore in tokens */ -#define LWS_TOKENIZE_F_RFC7230_DELIMS (1 << 3) -/* Do not treat . as a terminal character, so "warmcat.com" is one token */ -#define LWS_TOKENIZE_F_DOT_NONTERM (1 << 4) -/* If something starts looking like a float, like 1.2, force to be string token. - * This lets you receive dotted-quads like 192.168.0.1 as string tokens, and - * avoids illegal float format detection like 1.myserver.com */ -#define LWS_TOKENIZE_F_NO_FLOATS (1 << 5) -/* Instead of LWS_TOKZE_INTEGER, report integers as any other string token */ -#define LWS_TOKENIZE_F_NO_INTEGERS (1 << 6) - -typedef enum { - - LWS_TOKZE_ERRS = 5, /* the number of errors defined */ - - LWS_TOKZE_ERR_BROKEN_UTF8 = -5, /* malformed or partial utf8 */ - LWS_TOKZE_ERR_UNTERM_STRING = -4, /* ended while we were in "" */ - LWS_TOKZE_ERR_MALFORMED_FLOAT = -3, /* like 0..1 or 0.1.1 */ - LWS_TOKZE_ERR_NUM_ON_LHS = -2, /* like 123= or 0.1= */ - LWS_TOKZE_ERR_COMMA_LIST = -1, /* like ",tok", or, "tok,," */ - - LWS_TOKZE_ENDED = 0, /* no more content */ - - /* Note: results have ordinal 1+, EOT is 0 and errors are < 0 */ - - LWS_TOKZE_DELIMITER, /* a delimiter appeared */ - LWS_TOKZE_TOKEN, /* a token appeared */ - LWS_TOKZE_INTEGER, /* an integer appeared */ - LWS_TOKZE_FLOAT, /* a float appeared */ - LWS_TOKZE_TOKEN_NAME_EQUALS, /* token [whitespace] = */ - LWS_TOKZE_TOKEN_NAME_COLON, /* token [whitespace] : (only with - LWS_TOKENIZE_F_AGG_COLON flag) */ - LWS_TOKZE_QUOTED_STRING, /* "*", where * may have any char */ - -} lws_tokenize_elem; - -/* - * helper enums to allow caller to enforce legal delimiter sequencing, eg - * disallow "token,,token", "token,", and ",token" - */ - -enum lws_tokenize_delimiter_tracking { - LWSTZ_DT_NEED_FIRST_CONTENT, - LWSTZ_DT_NEED_DELIM, - LWSTZ_DT_NEED_NEXT_CONTENT, -}; - -struct lws_tokenize { - const char *start; /**< set to the start of the string to tokenize */ - const char *token; /**< the start of an identified token or delimiter */ - int len; /**< set to the length of the string to tokenize */ - int token_len; /**< the length of the identied token or delimiter */ - - int flags; /**< optional LWS_TOKENIZE_F_ flags, or 0 */ - int delim; -}; - -/** - * lws_tokenize() - breaks down a string into tokens and delimiters in-place - * - * \param ts: the lws_tokenize struct to init - * \param start: the string to tokenize - * \param flags: LWS_TOKENIZE_F_ option flags - * - * This initializes the tokenize struct to point to the given string, and - * sets the length to 2GiB - 1 (so there must be a terminating NUL)... you can - * override this requirement by setting ts.len yourself before using it. - * - * .delim is also initialized to LWSTZ_DT_NEED_FIRST_CONTENT. - */ - -LWS_VISIBLE LWS_EXTERN void -lws_tokenize_init(struct lws_tokenize *ts, const char *start, int flags); - -/** - * lws_tokenize() - breaks down a string into tokens and delimiters in-place - * - * \param ts: the lws_tokenize struct with information and state on what to do - * - * The \p ts struct should have its start, len and flags members initialized to - * reflect the string to be tokenized and any options. - * - * Then `lws_tokenize()` may be called repeatedly on the struct, returning one - * of `lws_tokenize_elem` each time, and with the struct's `token` and - * `token_len` members set to describe the content of the delimiter or token - * payload each time. - * - * There are no allocations during the process. - * - * returns lws_tokenize_elem that was identified (LWS_TOKZE_ENDED means reached - * the end of the string). - */ - -LWS_VISIBLE LWS_EXTERN lws_tokenize_elem -lws_tokenize(struct lws_tokenize *ts); - -/** - * lws_tokenize_cstr() - copy token string to NUL-terminated buffer - * - * \param ts: pointer to lws_tokenize struct to operate on - * \param str: destination buffer - * \pparam max: bytes in destination buffer - * - * returns 0 if OK or nonzero if the string + NUL won't fit. - */ - -LWS_VISIBLE LWS_EXTERN int -lws_tokenize_cstr(struct lws_tokenize *ts, char *str, int max); diff --git a/include/libwebsockets/lws-vfs.h b/include/libwebsockets/lws-vfs.h deleted file mode 100644 index 1586fec..0000000 --- a/include/libwebsockets/lws-vfs.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup fops file operation wrapping - * - * ##File operation wrapping - * - * Use these helper functions if you want to access a file from the perspective - * of a specific wsi, which is usually the case. If you just want contextless - * file access, use the fops callbacks directly with NULL wsi instead of these - * helpers. - * - * If so, then it calls the platform handler or user overrides where present - * (as defined in info->fops) - * - * The advantage from all this is user code can be portable for file operations - * without having to deal with differences between platforms. - */ -//@{ - -/** struct lws_plat_file_ops - Platform-specific file operations - * - * These provide platform-agnostic ways to deal with filesystem access in the - * library and in the user code. - */ - -#if defined(LWS_WITH_ESP32) -/* sdk preprocessor defs? compiler issue? gets confused with member names */ -#define LWS_FOP_OPEN _open -#define LWS_FOP_CLOSE _close -#define LWS_FOP_SEEK_CUR _seek_cur -#define LWS_FOP_READ _read -#define LWS_FOP_WRITE _write -#else -#define LWS_FOP_OPEN open -#define LWS_FOP_CLOSE close -#define LWS_FOP_SEEK_CUR seek_cur -#define LWS_FOP_READ read -#define LWS_FOP_WRITE write -#endif - -#define LWS_FOP_FLAGS_MASK ((1 << 23) - 1) -#define LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP (1 << 24) -#define LWS_FOP_FLAG_COMPR_IS_GZIP (1 << 25) -#define LWS_FOP_FLAG_MOD_TIME_VALID (1 << 26) -#define LWS_FOP_FLAG_VIRTUAL (1 << 27) - -struct lws_plat_file_ops; - -struct lws_fop_fd { - lws_filefd_type fd; - /**< real file descriptor related to the file... */ - const struct lws_plat_file_ops *fops; - /**< fops that apply to this fop_fd */ - void *filesystem_priv; - /**< ignored by lws; owned by the fops handlers */ - lws_filepos_t pos; - /**< generic "position in file" */ - lws_filepos_t len; - /**< generic "length of file" */ - lws_fop_flags_t flags; - /**< copy of the returned flags */ - uint32_t mod_time; - /**< optional "modification time of file", only valid if .open() - * set the LWS_FOP_FLAG_MOD_TIME_VALID flag */ -}; -typedef struct lws_fop_fd *lws_fop_fd_t; - -struct lws_fops_index { - const char *sig; /* NULL or vfs signature, eg, ".zip/" */ - uint8_t len; /* length of above string */ -}; - -struct lws_plat_file_ops { - lws_fop_fd_t (*LWS_FOP_OPEN)(const struct lws_plat_file_ops *fops, - const char *filename, const char *vpath, - lws_fop_flags_t *flags); - /**< Open file (always binary access if plat supports it) - * vpath may be NULL, or if the fops understands it, the point at which - * the filename's virtual part starts. - * *flags & LWS_FOP_FLAGS_MASK should be set to O_RDONLY or O_RDWR. - * If the file may be gzip-compressed, - * LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP is set. If it actually is - * gzip-compressed, then the open handler should OR - * LWS_FOP_FLAG_COMPR_IS_GZIP on to *flags before returning. - */ - int (*LWS_FOP_CLOSE)(lws_fop_fd_t *fop_fd); - /**< close file AND set the pointer to NULL */ - lws_fileofs_t (*LWS_FOP_SEEK_CUR)(lws_fop_fd_t fop_fd, - lws_fileofs_t offset_from_cur_pos); - /**< seek from current position */ - int (*LWS_FOP_READ)(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len); - /**< Read from file, on exit *amount is set to amount actually read */ - int (*LWS_FOP_WRITE)(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len); - /**< Write to file, on exit *amount is set to amount actually written */ - - struct lws_fops_index fi[3]; - /**< vfs path signatures implying use of this fops */ - - const struct lws_plat_file_ops *next; - /**< NULL or next fops in list */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility */ -}; - -/** - * lws_get_fops() - get current file ops - * - * \param context: context - */ -LWS_VISIBLE LWS_EXTERN struct lws_plat_file_ops * LWS_WARN_UNUSED_RESULT -lws_get_fops(struct lws_context *context); -LWS_VISIBLE LWS_EXTERN void -lws_set_fops(struct lws_context *context, const struct lws_plat_file_ops *fops); -/** - * lws_vfs_tell() - get current file position - * - * \param fop_fd: fop_fd we are asking about - */ -LWS_VISIBLE LWS_EXTERN lws_filepos_t LWS_WARN_UNUSED_RESULT -lws_vfs_tell(lws_fop_fd_t fop_fd); -/** - * lws_vfs_get_length() - get current file total length in bytes - * - * \param fop_fd: fop_fd we are asking about - */ -LWS_VISIBLE LWS_EXTERN lws_filepos_t LWS_WARN_UNUSED_RESULT -lws_vfs_get_length(lws_fop_fd_t fop_fd); -/** - * lws_vfs_get_mod_time() - get time file last modified - * - * \param fop_fd: fop_fd we are asking about - */ -LWS_VISIBLE LWS_EXTERN uint32_t LWS_WARN_UNUSED_RESULT -lws_vfs_get_mod_time(lws_fop_fd_t fop_fd); -/** - * lws_vfs_file_seek_set() - seek relative to start of file - * - * \param fop_fd: fop_fd we are seeking in - * \param offset: offset from start of file - */ -LWS_VISIBLE LWS_EXTERN lws_fileofs_t -lws_vfs_file_seek_set(lws_fop_fd_t fop_fd, lws_fileofs_t offset); -/** - * lws_vfs_file_seek_end() - seek relative to end of file - * - * \param fop_fd: fop_fd we are seeking in - * \param offset: offset from start of file - */ -LWS_VISIBLE LWS_EXTERN lws_fileofs_t -lws_vfs_file_seek_end(lws_fop_fd_t fop_fd, lws_fileofs_t offset); - -extern struct lws_plat_file_ops fops_zip; - -/** - * lws_plat_file_open() - open vfs filepath - * - * \param fops: file ops struct that applies to this descriptor - * \param vfs_path: filename to open - * \param flags: pointer to open flags - * - * The vfs_path is scanned for known fops signatures, and the open directed - * to any matching fops open. - * - * User code should use this api to perform vfs opens. - * - * returns semi-opaque handle - */ -LWS_VISIBLE LWS_EXTERN lws_fop_fd_t LWS_WARN_UNUSED_RESULT -lws_vfs_file_open(const struct lws_plat_file_ops *fops, const char *vfs_path, - lws_fop_flags_t *flags); - -/** - * lws_plat_file_close() - close file - * - * \param fop_fd: file handle to close - */ -static LWS_INLINE int -lws_vfs_file_close(lws_fop_fd_t *fop_fd) -{ - if (*fop_fd && (*fop_fd)->fops) - return (*fop_fd)->fops->LWS_FOP_CLOSE(fop_fd); - - return 0; -} - -/** - * lws_plat_file_seek_cur() - close file - * - * - * \param fop_fd: file handle - * \param offset: position to seek to - */ -static LWS_INLINE lws_fileofs_t -lws_vfs_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - return fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, offset); -} -/** - * lws_plat_file_read() - read from file - * - * \param fop_fd: file handle - * \param amount: how much to read (rewritten by call) - * \param buf: buffer to write to - * \param len: max length - */ -static LWS_INLINE int LWS_WARN_UNUSED_RESULT -lws_vfs_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - return fop_fd->fops->LWS_FOP_READ(fop_fd, amount, buf, len); -} -/** - * lws_plat_file_write() - write from file - * - * \param fop_fd: file handle - * \param amount: how much to write (rewritten by call) - * \param buf: buffer to read from - * \param len: max length - */ -static LWS_INLINE int LWS_WARN_UNUSED_RESULT -lws_vfs_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - return fop_fd->fops->LWS_FOP_WRITE(fop_fd, amount, buf, len); -} - -/* these are the platform file operations implementations... they can - * be called directly and used in fops arrays - */ - -LWS_VISIBLE LWS_EXTERN lws_fop_fd_t -_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, - const char *vpath, lws_fop_flags_t *flags); -LWS_VISIBLE LWS_EXTERN int -_lws_plat_file_close(lws_fop_fd_t *fop_fd); -LWS_VISIBLE LWS_EXTERN lws_fileofs_t -_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset); -LWS_VISIBLE LWS_EXTERN int -_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len); -LWS_VISIBLE LWS_EXTERN int -_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len); - -LWS_VISIBLE LWS_EXTERN int -lws_alloc_vfs_file(struct lws_context *context, const char *filename, - uint8_t **buf, lws_filepos_t *amount); -//@} diff --git a/include/libwebsockets/lws-write.h b/include/libwebsockets/lws-write.h deleted file mode 100644 index f6e464d..0000000 --- a/include/libwebsockets/lws-write.h +++ /dev/null @@ -1,263 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup sending-data Sending data - - APIs related to writing data on a connection -*/ -//@{ -#if !defined(LWS_SIZEOFPTR) -#define LWS_SIZEOFPTR ((int)sizeof (void *)) -#endif - -#if defined(__x86_64__) -#define _LWS_PAD_SIZE 16 /* Intel recommended for best performance */ -#else -#define _LWS_PAD_SIZE LWS_SIZEOFPTR /* Size of a pointer on the target arch */ -#endif -#define _LWS_PAD(n) (((n) % _LWS_PAD_SIZE) ? \ - ((n) + (_LWS_PAD_SIZE - ((n) % _LWS_PAD_SIZE))) : (n)) -/* last 2 is for lws-meta */ -#define LWS_PRE _LWS_PAD(4 + 10 + 2) -/* used prior to 1.7 and retained for backward compatibility */ -#define LWS_SEND_BUFFER_PRE_PADDING LWS_PRE -#define LWS_SEND_BUFFER_POST_PADDING 0 - -#define LWS_WRITE_RAW LWS_WRITE_HTTP - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -enum lws_write_protocol { - LWS_WRITE_TEXT = 0, - /**< Send a ws TEXT message,the pointer must have LWS_PRE valid - * memory behind it. - * - * The receiver expects only valid utf-8 in the payload */ - LWS_WRITE_BINARY = 1, - /**< Send a ws BINARY message, the pointer must have LWS_PRE valid - * memory behind it. - * - * Any sequence of bytes is valid */ - LWS_WRITE_CONTINUATION = 2, - /**< Continue a previous ws message, the pointer must have LWS_PRE valid - * memory behind it */ - LWS_WRITE_HTTP = 3, - /**< Send HTTP content */ - - /* LWS_WRITE_CLOSE is handled by lws_close_reason() */ - LWS_WRITE_PING = 5, - LWS_WRITE_PONG = 6, - - /* Same as write_http but we know this write ends the transaction */ - LWS_WRITE_HTTP_FINAL = 7, - - /* HTTP2 */ - - LWS_WRITE_HTTP_HEADERS = 8, - /**< Send http headers (http2 encodes this payload and LWS_WRITE_HTTP - * payload differently, http 1.x links also handle this correctly. so - * to be compatible with both in the future,header response part should - * be sent using this regardless of http version expected) - */ - LWS_WRITE_HTTP_HEADERS_CONTINUATION = 9, - /**< Continuation of http/2 headers - */ - - /****** add new things just above ---^ ******/ - - /* flags */ - - LWS_WRITE_BUFLIST = 0x20, - /**< Don't actually write it... stick it on the output buflist and - * write it as soon as possible. Useful if you learn you have to - * write something, have the data to write to hand but the timing is - * unrelated as to whether the connection is writable or not, and were - * otherwise going to have to allocate a temp buffer and write it - * later anyway */ - - LWS_WRITE_NO_FIN = 0x40, - /**< This part of the message is not the end of the message */ - - LWS_WRITE_H2_STREAM_END = 0x80, - /**< Flag indicates this packet should go out with STREAM_END if h2 - * STREAM_END is allowed on DATA or HEADERS. - */ - - LWS_WRITE_CLIENT_IGNORE_XOR_MASK = 0x80 - /**< client packet payload goes out on wire unmunged - * only useful for security tests since normal servers cannot - * decode the content if used */ -}; - -/* used with LWS_CALLBACK_CHILD_WRITE_VIA_PARENT */ - -struct lws_write_passthru { - struct lws *wsi; - unsigned char *buf; - size_t len; - enum lws_write_protocol wp; -}; - - -/** - * lws_write() - Apply protocol then write data to client - * - * \param wsi: Websocket instance (available from user callback) - * \param buf: The data to send. For data being sent on a websocket - * connection (ie, not default http), this buffer MUST have - * LWS_PRE bytes valid BEFORE the pointer. - * This is so the protocol header data can be added in-situ. - * \param len: Count of the data bytes in the payload starting from buf - * \param protocol: Use LWS_WRITE_HTTP to reply to an http connection, and one - * of LWS_WRITE_BINARY or LWS_WRITE_TEXT to send appropriate - * data on a websockets connection. Remember to allow the extra - * bytes before and after buf if LWS_WRITE_BINARY or LWS_WRITE_TEXT - * are used. - * - * This function provides the way to issue data back to the client - * for both http and websocket protocols. - * - * IMPORTANT NOTICE! - * - * When sending with websocket protocol - * - * LWS_WRITE_TEXT, - * LWS_WRITE_BINARY, - * LWS_WRITE_CONTINUATION, - * LWS_WRITE_PING, - * LWS_WRITE_PONG, - * - * or sending on http/2, - * - * the send buffer has to have LWS_PRE bytes valid BEFORE the buffer pointer you - * pass to lws_write(). Since you'll probably want to use http/2 before too - * long, it's wise to just always do this with lws_write buffers... LWS_PRE is - * typically 16 bytes it's not going to hurt usually. - * - * start of alloc ptr passed to lws_write end of allocation - * | | | - * v <-- LWS_PRE bytes --> v v - * [---------------- allocated memory ---------------] - * (for lws use) [====== user buffer ======] - * - * This allows us to add protocol info before and after the data, and send as - * one packet on the network without payload copying, for maximum efficiency. - * - * So for example you need this kind of code to use lws_write with a - * 128-byte payload - * - * char buf[LWS_PRE + 128]; - * - * // fill your part of the buffer... for example here it's all zeros - * memset(&buf[LWS_PRE], 0, 128); - * - * lws_write(wsi, &buf[LWS_PRE], 128, LWS_WRITE_TEXT); - * - * LWS_PRE is at least the frame nonce + 2 header + 8 length - * LWS_SEND_BUFFER_POST_PADDING is deprecated, it's now 0 and can be left off. - * The example apps no longer use it. - * - * Pad LWS_PRE to the CPU word size, so that word references - * to the address immediately after the padding won't cause an unaligned access - * error. Sometimes for performance reasons the recommended padding is even - * larger than sizeof(void *). - * - * In the case of sending using websocket protocol, be sure to allocate - * valid storage before and after buf as explained above. This scheme - * allows maximum efficiency of sending data and protocol in a single - * packet while not burdening the user code with any protocol knowledge. - * - * Return may be -1 for a fatal error needing connection close, or the - * number of bytes sent. - * - * Truncated Writes - * ================ - * - * The OS may not accept everything you asked to write on the connection. - * - * Posix defines POLLOUT indication from poll() to show that the connection - * will accept more write data, but it doesn't specifiy how much. It may just - * accept one byte of whatever you wanted to send. - * - * LWS will buffer the remainder automatically, and send it out autonomously. - * - * During that time, WRITABLE callbacks will be suppressed. - * - * This is to handle corner cases where unexpectedly the OS refuses what we - * usually expect it to accept. You should try to send in chunks that are - * almost always accepted in order to avoid the inefficiency of the buffering. - */ -LWS_VISIBLE LWS_EXTERN int -lws_write(struct lws *wsi, unsigned char *buf, size_t len, - enum lws_write_protocol protocol); - -/* helper for case where buffer may be const */ -#define lws_write_http(wsi, buf, len) \ - lws_write(wsi, (unsigned char *)(buf), len, LWS_WRITE_HTTP) - -/** - * lws_write_ws_flags() - Helper for multi-frame ws message flags - * - * \param initial: the lws_write flag to use for the start fragment, eg, - * LWS_WRITE_TEXT - * \param is_start: nonzero if this is the first fragment of the message - * \param is_end: nonzero if this is the last fragment of the message - * - * Returns the correct LWS_WRITE_ flag to use for each fragment of a message - * in turn. - */ -static LWS_INLINE int -lws_write_ws_flags(int initial, int is_start, int is_end) -{ - int r; - - if (is_start) - r = initial; - else - r = LWS_WRITE_CONTINUATION; - - if (!is_end) - r |= LWS_WRITE_NO_FIN; - - return r; -} - -/** - * lws_raw_transaction_completed() - Helper for flushing before close - * - * \param wsi: the struct lws to operate on - * - * Returns -1 if the wsi can close now. However if there is buffered, unsent - * data, the wsi is marked as to be closed when the output buffer data is - * drained, and it returns 0. - * - * For raw cases where the transaction completed without failure, - * `return lws_raw_transaction_completed(wsi)` should better be used than - * return -1. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_raw_transaction_completed(struct lws *wsi); - -///@} diff --git a/include/libwebsockets/lws-writeable.h b/include/libwebsockets/lws-writeable.h deleted file mode 100644 index dd5659c..0000000 --- a/include/libwebsockets/lws-writeable.h +++ /dev/null @@ -1,225 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup callback-when-writeable Callback when writeable - * - * ##Callback When Writeable - * - * lws can only write data on a connection when it is able to accept more - * data without blocking. - * - * So a basic requirement is we should only use the lws_write() apis when the - * connection we want to write on says that he can accept more data. - * - * When lws cannot complete your send at the time, it will buffer the data - * and send it in the background, suppressing any further WRITEABLE callbacks - * on that connection until it completes. So it is important to write new - * things in a new writeable callback. - * - * These apis reflect the various ways we can indicate we would like to be - * called back when one or more connections is writeable. - */ -///@{ - -/** - * lws_callback_on_writable() - Request a callback when this socket - * becomes able to be written to without - * blocking - * - * \param wsi: Websocket connection instance to get callback for - * - * - Which: only this wsi - * - When: when the individual connection becomes writeable - * - What: LWS_CALLBACK_*_WRITEABLE - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_on_writable(struct lws *wsi); - -/** - * lws_callback_on_writable_all_protocol() - Request a callback for all - * connections using the given protocol when it - * becomes possible to write to each socket without - * blocking in turn. - * - * \param context: lws_context - * \param protocol: Protocol whose connections will get callbacks - * - * - Which: connections using this protocol on ANY VHOST - * - When: when the individual connection becomes writeable - * - What: LWS_CALLBACK_*_WRITEABLE - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_on_writable_all_protocol(const struct lws_context *context, - const struct lws_protocols *protocol); - -/** - * lws_callback_on_writable_all_protocol_vhost() - Request a callback for - * all connections on same vhost using the given protocol - * when it becomes possible to write to each socket without - * blocking in turn. - * - * \param vhost: Only consider connections on this lws_vhost - * \param protocol: Protocol whose connections will get callbacks - * - * - Which: connections using this protocol on GIVEN VHOST ONLY - * - When: when the individual connection becomes writeable - * - What: LWS_CALLBACK_*_WRITEABLE - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_on_writable_all_protocol_vhost(const struct lws_vhost *vhost, - const struct lws_protocols *protocol); - -/** - * lws_callback_all_protocol() - Callback all connections using - * the given protocol with the given reason - * - * \param context: lws_context - * \param protocol: Protocol whose connections will get callbacks - * \param reason: Callback reason index - * - * - Which: connections using this protocol on ALL VHOSTS - * - When: before returning - * - What: reason - * - * This isn't normally what you want... normally any update of connection- - * specific information can wait until a network-related callback like rx, - * writable, or close. - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_all_protocol(struct lws_context *context, - const struct lws_protocols *protocol, int reason); - -/** - * lws_callback_all_protocol_vhost() - Callback all connections using - * the given protocol with the given reason. This is - * deprecated since v2.4: use lws_callback_all_protocol_vhost_args - * - * \param vh: Vhost whose connections will get callbacks - * \param protocol: Which protocol to match. NULL means all. - * \param reason: Callback reason index - * - * - Which: connections using this protocol on GIVEN VHOST ONLY - * - When: now - * - What: reason - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_all_protocol_vhost(struct lws_vhost *vh, - const struct lws_protocols *protocol, - int reason) -LWS_WARN_DEPRECATED; - -/** - * lws_callback_all_protocol_vhost_args() - Callback all connections using - * the given protocol with the given reason and args - * - * \param vh: Vhost whose connections will get callbacks - * \param protocol: Which protocol to match. NULL means all. - * \param reason: Callback reason index - * \param argp: Callback "in" parameter - * \param len: Callback "len" parameter - * - * - Which: connections using this protocol on GIVEN VHOST ONLY - * - When: now - * - What: reason - */ -LWS_VISIBLE int -lws_callback_all_protocol_vhost_args(struct lws_vhost *vh, - const struct lws_protocols *protocol, - int reason, void *argp, size_t len); - -/** - * lws_callback_vhost_protocols() - Callback all protocols enabled on a vhost - * with the given reason - * - * \param wsi: wsi whose vhost will get callbacks - * \param reason: Callback reason index - * \param in: in argument to callback - * \param len: len argument to callback - * - * - Which: connections using this protocol on same VHOST as wsi ONLY - * - When: now - * - What: reason - * - * This is deprecated since v2.5, use lws_callback_vhost_protocols_vhost() - * which takes the pointer to the vhost directly without using or needing the - * wsi. - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_vhost_protocols(struct lws *wsi, int reason, void *in, int len) -LWS_WARN_DEPRECATED; - -/** - * lws_callback_vhost_protocols_vhost() - Callback all protocols enabled on a vhost - * with the given reason - * - * \param vh: vhost that will get callbacks - * \param reason: Callback reason index - * \param in: in argument to callback - * \param len: len argument to callback - * - * - Which: connections using this protocol on same VHOST as wsi ONLY - * - When: now - * - What: reason - */ -LWS_VISIBLE LWS_EXTERN int -lws_callback_vhost_protocols_vhost(struct lws_vhost *vh, int reason, void *in, - size_t len); - -LWS_VISIBLE LWS_EXTERN int -lws_callback_http_dummy(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len); - -/** - * lws_get_socket_fd() - returns the socket file descriptor - * - * This is needed to use sendto() on UDP raw sockets - * - * \param wsi: Websocket connection instance - */ -LWS_VISIBLE LWS_EXTERN lws_sockfd_type -lws_get_socket_fd(struct lws *wsi); - -/** - * lws_get_peer_write_allowance() - get the amount of data writeable to peer - * if known - * - * \param wsi: Websocket connection instance - * - * if the protocol does not have any guidance, returns -1. Currently only - * http2 connections get send window information from this API. But your code - * should use it so it can work properly with any protocol. - * - * If nonzero return is the amount of payload data the peer or intermediary has - * reported it has buffer space for. That has NO relationship with the amount - * of buffer space your OS can accept on this connection for a write action. - * - * This number represents the maximum you could send to the peer or intermediary - * on this connection right now without the protocol complaining. - * - * lws manages accounting for send window updates and payload writes - * automatically, so this number reflects the situation at the peer or - * intermediary dynamically. - */ -LWS_VISIBLE LWS_EXTERN lws_fileofs_t -lws_get_peer_write_allowance(struct lws *wsi); -///@} diff --git a/include/libwebsockets/lws-ws-close.h b/include/libwebsockets/lws-ws-close.h deleted file mode 100644 index e207329..0000000 --- a/include/libwebsockets/lws-ws-close.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup wsclose Websocket Close - * - * ##Websocket close frame control - * - * When we close a ws connection, we can send a reason code and a short - * UTF-8 description back with the close packet. - */ -///@{ - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -/** enum lws_close_status - RFC6455 close status codes */ -enum lws_close_status { - LWS_CLOSE_STATUS_NOSTATUS = 0, - LWS_CLOSE_STATUS_NORMAL = 1000, - /**< 1000 indicates a normal closure, meaning that the purpose for - which the connection was established has been fulfilled. */ - LWS_CLOSE_STATUS_GOINGAWAY = 1001, - /**< 1001 indicates that an endpoint is "going away", such as a server - going down or a browser having navigated away from a page. */ - LWS_CLOSE_STATUS_PROTOCOL_ERR = 1002, - /**< 1002 indicates that an endpoint is terminating the connection due - to a protocol error. */ - LWS_CLOSE_STATUS_UNACCEPTABLE_OPCODE = 1003, - /**< 1003 indicates that an endpoint is terminating the connection - because it has received a type of data it cannot accept (e.g., an - endpoint that understands only text data MAY send this if it - receives a binary message). */ - LWS_CLOSE_STATUS_RESERVED = 1004, - /**< Reserved. The specific meaning might be defined in the future. */ - LWS_CLOSE_STATUS_NO_STATUS = 1005, - /**< 1005 is a reserved value and MUST NOT be set as a status code in a - Close control frame by an endpoint. It is designated for use in - applications expecting a status code to indicate that no status - code was actually present. */ - LWS_CLOSE_STATUS_ABNORMAL_CLOSE = 1006, - /**< 1006 is a reserved value and MUST NOT be set as a status code in a - Close control frame by an endpoint. It is designated for use in - applications expecting a status code to indicate that the - connection was closed abnormally, e.g., without sending or - receiving a Close control frame. */ - LWS_CLOSE_STATUS_INVALID_PAYLOAD = 1007, - /**< 1007 indicates that an endpoint is terminating the connection - because it has received data within a message that was not - consistent with the type of the message (e.g., non-UTF-8 [RFC3629] - data within a text message). */ - LWS_CLOSE_STATUS_POLICY_VIOLATION = 1008, - /**< 1008 indicates that an endpoint is terminating the connection - because it has received a message that violates its policy. This - is a generic status code that can be returned when there is no - other more suitable status code (e.g., 1003 or 1009) or if there - is a need to hide specific details about the policy. */ - LWS_CLOSE_STATUS_MESSAGE_TOO_LARGE = 1009, - /**< 1009 indicates that an endpoint is terminating the connection - because it has received a message that is too big for it to - process. */ - LWS_CLOSE_STATUS_EXTENSION_REQUIRED = 1010, - /**< 1010 indicates that an endpoint (client) is terminating the - connection because it has expected the server to negotiate one or - more extension, but the server didn't return them in the response - message of the WebSocket handshake. The list of extensions that - are needed SHOULD appear in the /reason/ part of the Close frame. - Note that this status code is not used by the server, because it - can fail the WebSocket handshake instead */ - LWS_CLOSE_STATUS_UNEXPECTED_CONDITION = 1011, - /**< 1011 indicates that a server is terminating the connection because - it encountered an unexpected condition that prevented it from - fulfilling the request. */ - LWS_CLOSE_STATUS_TLS_FAILURE = 1015, - /**< 1015 is a reserved value and MUST NOT be set as a status code in a - Close control frame by an endpoint. It is designated for use in - applications expecting a status code to indicate that the - connection was closed due to a failure to perform a TLS handshake - (e.g., the server certificate can't be verified). */ - - LWS_CLOSE_STATUS_CLIENT_TRANSACTION_DONE = 2000, - - /****** add new things just above ---^ ******/ - - LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY = 9999, -}; - -/** - * lws_close_reason - Set reason and aux data to send with Close packet - * If you are going to return nonzero from the callback - * requesting the connection to close, you can optionally - * call this to set the reason the peer will be told if - * possible. - * - * \param wsi: The websocket connection to set the close reason on - * \param status: A valid close status from websocket standard - * \param buf: NULL or buffer containing up to 124 bytes of auxiliary data - * \param len: Length of data in \p buf to send - */ -LWS_VISIBLE LWS_EXTERN void -lws_close_reason(struct lws *wsi, enum lws_close_status status, - unsigned char *buf, size_t len); - -///@} diff --git a/include/libwebsockets/lws-ws-ext.h b/include/libwebsockets/lws-ws-ext.h deleted file mode 100644 index 3face4f..0000000 --- a/include/libwebsockets/lws-ws-ext.h +++ /dev/null @@ -1,197 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/*! \defgroup extensions Extension related functions - * ##Extension releated functions - * - * Ws defines optional extensions, lws provides the ability to implement these - * in user code if so desired. - * - * We provide one extensions permessage-deflate. - */ -///@{ - -/* - * NOTE: These public enums are part of the abi. If you want to add one, - * add it at where specified so existing users are unaffected. - */ -enum lws_extension_callback_reasons { - LWS_EXT_CB_CONSTRUCT = 4, - LWS_EXT_CB_CLIENT_CONSTRUCT = 5, - LWS_EXT_CB_DESTROY = 8, - LWS_EXT_CB_PACKET_TX_PRESEND = 12, - LWS_EXT_CB_PAYLOAD_TX = 21, - LWS_EXT_CB_PAYLOAD_RX = 22, - LWS_EXT_CB_OPTION_DEFAULT = 23, - LWS_EXT_CB_OPTION_SET = 24, - LWS_EXT_CB_OPTION_CONFIRM = 25, - LWS_EXT_CB_NAMED_OPTION_SET = 26, - - /****** add new things just above ---^ ******/ -}; - -/** enum lws_ext_options_types */ -enum lws_ext_options_types { - EXTARG_NONE, /**< does not take an argument */ - EXTARG_DEC, /**< requires a decimal argument */ - EXTARG_OPT_DEC /**< may have an optional decimal argument */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility */ -}; - -/** struct lws_ext_options - Option arguments to the extension. These are - * used in the negotiation at ws upgrade time. - * The helper function lws_ext_parse_options() - * uses these to generate callbacks */ -struct lws_ext_options { - const char *name; /**< Option name, eg, "server_no_context_takeover" */ - enum lws_ext_options_types type; /**< What kind of args the option can take */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility */ -}; - -/** struct lws_ext_option_arg */ -struct lws_ext_option_arg { - const char *option_name; /**< may be NULL, option_index used then */ - int option_index; /**< argument ordinal to use if option_name missing */ - const char *start; /**< value */ - int len; /**< length of value */ -}; - -/** - * typedef lws_extension_callback_function() - Hooks to allow extensions to operate - * \param context: Websockets context - * \param ext: This extension - * \param wsi: Opaque websocket instance pointer - * \param reason: The reason for the call - * \param user: Pointer to ptr to per-session user data allocated by library - * \param in: Pointer used for some callback reasons - * \param len: Length set for some callback reasons - * - * Each extension that is active on a particular connection receives - * callbacks during the connection lifetime to allow the extension to - * operate on websocket data and manage itself. - * - * Libwebsockets takes care of allocating and freeing "user" memory for - * each active extension on each connection. That is what is pointed to - * by the user parameter. - * - * LWS_EXT_CB_CONSTRUCT: called when the server has decided to - * select this extension from the list provided by the client, - * just before the server will send back the handshake accepting - * the connection with this extension active. This gives the - * extension a chance to initialize its connection context found - * in user. - * - * LWS_EXT_CB_CLIENT_CONSTRUCT: same as LWS_EXT_CB_CONSTRUCT - * but called when client is instantiating this extension. Some - * extensions will work the same on client and server side and then - * you can just merge handlers for both CONSTRUCTS. - * - * LWS_EXT_CB_DESTROY: called when the connection the extension was - * being used on is about to be closed and deallocated. It's the - * last chance for the extension to deallocate anything it has - * allocated in the user data (pointed to by user) before the - * user data is deleted. This same callback is used whether you - * are in client or server instantiation context. - * - * LWS_EXT_CB_PACKET_TX_PRESEND: this works the same way as - * LWS_EXT_CB_PACKET_RX_PREPARSE above, except it gives the - * extension a chance to change websocket data just before it will - * be sent out. Using the same lws_token pointer scheme in in, - * the extension can change the buffer and the length to be - * transmitted how it likes. Again if it wants to grow the - * buffer safely, it should copy the data into its own buffer and - * set the lws_tokens token pointer to it. - * - * LWS_EXT_CB_ARGS_VALIDATE: - */ -typedef int -lws_extension_callback_function(struct lws_context *context, - const struct lws_extension *ext, struct lws *wsi, - enum lws_extension_callback_reasons reason, - void *user, void *in, size_t len); - -/** struct lws_extension - An extension we support */ -struct lws_extension { - const char *name; /**< Formal extension name, eg, "permessage-deflate" */ - lws_extension_callback_function *callback; /**< Service callback */ - const char *client_offer; /**< String containing exts and options client offers */ - - /* Add new things just above here ---^ - * This is part of the ABI, don't needlessly break compatibility */ -}; - -/** - * lws_set_extension_option(): set extension option if possible - * - * \param wsi: websocket connection - * \param ext_name: name of ext, like "permessage-deflate" - * \param opt_name: name of option, like "rx_buf_size" - * \param opt_val: value to set option to - */ -LWS_VISIBLE LWS_EXTERN int -lws_set_extension_option(struct lws *wsi, const char *ext_name, - const char *opt_name, const char *opt_val); - -/** - * lws_ext_parse_options() - deal with parsing negotiated extension options - * - * \param ext: related extension struct - * \param wsi: websocket connection - * \param ext_user: per-connection extension private data - * \param opts: list of supported options - * \param o: option string to parse - * \param len: length - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ext_parse_options(const struct lws_extension *ext, struct lws *wsi, - void *ext_user, const struct lws_ext_options *opts, - const char *o, int len); - -/** lws_extension_callback_pm_deflate() - extension for RFC7692 - * - * \param context: lws context - * \param ext: related lws_extension struct - * \param wsi: websocket connection - * \param reason: incoming callback reason - * \param user: per-connection extension private data - * \param in: pointer parameter - * \param len: length parameter - * - * Built-in callback implementing RFC7692 permessage-deflate - */ -LWS_EXTERN int -lws_extension_callback_pm_deflate(struct lws_context *context, - const struct lws_extension *ext, - struct lws *wsi, - enum lws_extension_callback_reasons reason, - void *user, void *in, size_t len); - -/* - * The internal exts are part of the public abi - * If we add more extensions, publish the callback here ------v - */ -///@} diff --git a/include/libwebsockets/lws-ws-state.h b/include/libwebsockets/lws-ws-state.h deleted file mode 100644 index 3f65724..0000000 --- a/include/libwebsockets/lws-ws-state.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup wsstatus Websocket status APIs - * ##Websocket connection status APIs - * - * These provide information about ws connection or message status - */ -///@{ -/** - * lws_send_pipe_choked() - tests if socket is writable or not - * \param wsi: lws connection - * - * Allows you to check if you can write more on the socket - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_send_pipe_choked(struct lws *wsi); - -/** - * lws_is_final_fragment() - tests if last part of ws message - * - * \param wsi: lws connection - */ -LWS_VISIBLE LWS_EXTERN int -lws_is_final_fragment(struct lws *wsi); - -/** - * lws_is_first_fragment() - tests if first part of ws message - * - * \param wsi: lws connection - */ -LWS_VISIBLE LWS_EXTERN int -lws_is_first_fragment(struct lws *wsi); - -/** - * lws_get_reserved_bits() - access reserved bits of ws frame - * \param wsi: lws connection - */ -LWS_VISIBLE LWS_EXTERN unsigned char -lws_get_reserved_bits(struct lws *wsi); - -/** - * lws_partial_buffered() - find out if lws buffered the last write - * \param wsi: websocket connection to check - * - * Returns 1 if you cannot use lws_write because the last - * write on this connection is still buffered, and can't be cleared without - * returning to the service loop and waiting for the connection to be - * writeable again. - * - * If you will try to do >1 lws_write call inside a single - * WRITEABLE callback, you must check this after every write and bail if - * set, ask for a new writeable callback and continue writing from there. - * - * This is never set at the start of a writeable callback, but any write - * may set it. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_partial_buffered(struct lws *wsi); - -/** - * lws_frame_is_binary(): true if the current frame was sent in binary mode - * - * \param wsi: the connection we are inquiring about - * - * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if - * it's interested to see if the frame it's dealing with was sent in binary - * mode. - */ -LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_frame_is_binary(struct lws *wsi); -///@} diff --git a/include/libwebsockets/lws-x509.h b/include/libwebsockets/lws-x509.h deleted file mode 100644 index 8b4ec9b..0000000 --- a/include/libwebsockets/lws-x509.h +++ /dev/null @@ -1,278 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -enum lws_tls_cert_info { - LWS_TLS_CERT_INFO_VALIDITY_FROM, - /**< fills .time with the time_t the cert validity started from */ - LWS_TLS_CERT_INFO_VALIDITY_TO, - /**< fills .time with the time_t the cert validity ends at */ - LWS_TLS_CERT_INFO_COMMON_NAME, - /**< fills up to len bytes of .ns.name with the cert common name */ - LWS_TLS_CERT_INFO_ISSUER_NAME, - /**< fills up to len bytes of .ns.name with the cert issuer name */ - LWS_TLS_CERT_INFO_USAGE, - /**< fills verified with a bitfield asserting the valid uses */ - LWS_TLS_CERT_INFO_VERIFIED, - /**< fills .verified with a bool representing peer cert validity, - * call returns -1 if no cert */ - LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY, - /**< the certificate's public key, as an opaque bytestream. These - * opaque bytestreams can only be compared with each other using the - * same tls backend, ie, OpenSSL or mbedTLS. The different backends - * produce different, incompatible representations for the same cert. - */ -}; - -union lws_tls_cert_info_results { - unsigned int verified; - time_t time; - unsigned int usage; - struct { - int len; - /* KEEP LAST... notice the [64] is only there because - * name[] is not allowed in a union. The actual length of - * name[] is arbitrary and is passed into the api using the - * len parameter. Eg - * - * char big[1024]; - * union lws_tls_cert_info_results *buf = - * (union lws_tls_cert_info_results *)big; - * - * lws_tls_peer_cert_info(wsi, type, buf, sizeof(big) - - * sizeof(*buf) + sizeof(buf->ns.name)); - */ - char name[64]; - } ns; -}; - -struct lws_x509_cert; -struct lws_jwk; - -/** - * lws_x509_create() - Allocate an lws_x509_cert object - * - * \param x509: pointer to lws_x509_cert pointer to be set to allocated object - * - * Allocates an lws_x509_cert object and set *x509 to point to it. - */ -LWS_VISIBLE LWS_EXTERN int -lws_x509_create(struct lws_x509_cert **x509); - -/** - * lws_x509_parse_from_pem() - Read one or more x509 certs in PEM format from memory - * - * \param x509: pointer to lws_x509_cert object - * \param pem: pointer to PEM format content - * \param len: length of PEM format content - * - * Parses PEM certificates in memory into a native x509 representation for the - * TLS library. If there are multiple PEM certs concatenated, they are all - * read into the same object and exist as a "chain". - * - * IMPORTANT for compatibility with mbedtls, the last used byte of \p pem - * must be '\0' and the \p len must include it. - * - * Returns 0 if all went OK. - */ -LWS_VISIBLE LWS_EXTERN int -lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len); - -/** - * lws_x509_verify() - Validate signing relationship between one or more certs - * and a trusted CA cert - * - * \param x509: pointer to lws_x509_cert object, may contain multiple - * \param trusted: a single, trusted cert object that we are checking for - * \param common_name: NULL, or required CN (Common Name) of \p x509 - * - * Returns 0 if the cert or certs in \p x509 represent a complete chain that is - * ultimately signed by the cert in \p trusted. Returns nonzero if that's not - * the case. - */ -LWS_VISIBLE LWS_EXTERN int -lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted, - const char *common_name); - -/** - * lws_x509_public_to_jwk() - Copy the public key out of a cert and into a JWK - * - * \param jwk: pointer to the jwk to initialize and set to the public key - * \param x509: pointer to lws_x509_cert object that has the public key - * \param curves: NULL to disallow EC, else a comma-separated list of valid - * curves using the JWA naming, eg, "P-256,P-384,P-521". - * \param rsabits: minimum number of RSA bits required in the cert if RSA - * - * Returns 0 if JWK was set to the certificate public key correctly and the - * curve / the RSA key size was acceptable. Automatically produces an RSA or - * EC JWK depending on what the cert had. - */ -LWS_VISIBLE LWS_EXTERN int -lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, - const char *curves, int rsabits); - -/** - * lws_x509_jwk_privkey_pem() - Copy a private key PEM into a jwk that has the - * public part already - * - * \param jwk: pointer to the jwk to initialize and set to the public key - * \param pem: pointer to PEM private key in memory - * \param len: length of PEM private key in memory - * \param passphrase: NULL or passphrase needed to decrypt private key - * - * IMPORTANT for compatibility with mbedtls, the last used byte of \p pem - * must be '\0' and the \p len must include it. - * - * Returns 0 if the private key was successfully added to the JWK, else - * nonzero if failed. - * - * The PEM image in memory is zeroed down on both successful and failed exits. - * The caller should take care to zero down passphrase if used. - */ -LWS_VISIBLE LWS_EXTERN int -lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len, - const char *passphrase); - -/** - * lws_x509_destroy() - Destroy a previously allocated lws_x509_cert object - * - * \param x509: pointer to lws_x509_cert pointer - * - * Deallocates an lws_x509_cert object and sets its pointer to NULL. - */ -LWS_VISIBLE LWS_EXTERN void -lws_x509_destroy(struct lws_x509_cert **x509); - -LWS_VISIBLE LWS_EXTERN int -lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len); - -/** - * lws_tls_peer_cert_info() - get information from the peer's TLS cert - * - * \param wsi: the connection to query - * \param type: one of LWS_TLS_CERT_INFO_ - * \param buf: pointer to union to take result - * \param len: when result is a string, the true length of buf->ns.name[] - * - * lws_tls_peer_cert_info() lets you get hold of information from the peer - * certificate. - * - * Return 0 if there is a result in \p buf, or -1 indicating there was no cert - * or another problem. - * - * This function works the same no matter if the TLS backend is OpenSSL or - * mbedTLS. - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len); - -/** - * lws_tls_vhost_cert_info() - get information from the vhost's own TLS cert - * - * \param vhost: the vhost to query - * \param type: one of LWS_TLS_CERT_INFO_ - * \param buf: pointer to union to take result - * \param len: when result is a string, the true length of buf->ns.name[] - * - * lws_tls_vhost_cert_info() lets you get hold of information from the vhost - * certificate. - * - * Return 0 if there is a result in \p buf, or -1 indicating there was no cert - * or another problem. - * - * This function works the same no matter if the TLS backend is OpenSSL or - * mbedTLS. - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len); - -/** - * lws_tls_acme_sni_cert_create() - creates a temp selfsigned cert - * and attaches to a vhost - * - * \param vhost: the vhost to acquire the selfsigned cert - * \param san_a: SAN written into the certificate - * \param san_b: second SAN written into the certificate - * - * - * Returns 0 if created and attached to the vhost. Returns -1 if problems and - * frees all allocations before returning. - * - * On success, any allocations are destroyed at vhost destruction automatically. - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a, - const char *san_b); - -/** - * lws_tls_acme_sni_csr_create() - creates a CSR and related private key PEM - * - * \param context: lws_context used for random - * \param elements: array of LWS_TLS_REQ_ELEMENT_COUNT const char * - * \param csr: buffer that will get the b64URL(ASN-1 CSR) - * \param csr_len: max length of the csr buffer - * \param privkey_pem: pointer to pointer allocated to hold the privkey_pem - * \param privkey_len: pointer to size_t set to the length of the privkey_pem - * - * Creates a CSR according to the information in \p elements, and a private - * RSA key used to sign the CSR. - * - * The outputs are the b64URL(ASN-1 CSR) into csr, and the PEM private key into - * privkey_pem. - * - * Notice that \p elements points to an array of const char *s pointing to the - * information listed in the enum above. If an entry is NULL or an empty - * string, the element is set to "none" in the CSR. - * - * Returns 0 on success or nonzero for failure. - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[], - uint8_t *csr, size_t csr_len, char **privkey_pem, - size_t *privkey_len); - -/** - * lws_tls_cert_updated() - update every vhost using the given cert path - * - * \param context: our lws_context - * \param certpath: the filepath to the certificate - * \param keypath: the filepath to the private key of the certificate - * \param mem_cert: copy of the cert in memory - * \param len_mem_cert: length of the copy of the cert in memory - * \param mem_privkey: copy of the private key in memory - * \param len_mem_privkey: length of the copy of the private key in memory - * - * Checks every vhost to see if it is the using certificate described by the - * the given filepaths. If so, it attempts to update the vhost ssl_ctx to use - * the new certificate. - * - * Returns 0 on success or nonzero for failure. - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_cert_updated(struct lws_context *context, const char *certpath, - const char *keypath, - const char *mem_cert, size_t len_mem_cert, - const char *mem_privkey, size_t len_mem_privkey); - diff --git a/lib/.gitignore b/lib/.gitignore new file mode 100644 index 0000000..dbed3ff --- /dev/null +++ b/lib/.gitignore @@ -0,0 +1,8 @@ +#Ignore build files +Makefile +*.o +*.lo +*.la +.libs +.deps + diff --git a/lib/README.md b/lib/README.md deleted file mode 100644 index 2c0c900..0000000 --- a/lib/README.md +++ /dev/null @@ -1,15 +0,0 @@ -## Library sources layout - -Code that goes in the libwebsockets library itself lives down ./lib - -Path|Sources ----|--- -lib/core|Core lws code related to generic fd and wsi servicing and management -lib/event-libs|Code containing optional event-lib specific adaptations -lib/jose|JOSE / JWS / JWK / JWE implementations -lib/misc|Code for various mostly optional miscellaneous features -lib/plat|Platform-specific adaptation code -lib/roles|Code for specific optional wsi roles, eg, http/1, h2, ws, raw, etc -lib/tls|Code supporting the various TLS libraries -libwebsockets.h|Public API header for the whole of lws - diff --git a/lib/abstract/README.md b/lib/abstract/README.md deleted file mode 100644 index 865b698..0000000 --- a/lib/abstract/README.md +++ /dev/null @@ -1,170 +0,0 @@ -# Abstract protocols and transports - -## Overview - -Until now protocol implementations in lws have been done directly -to the network-related apis inside lws. - -In an effort to separate out completely network implementation -details from protocol specification, lws now supports -"abstract protocols" and "abstract transports". - -![lws_abstract overview](/doc-assets/abstract-overview.svg) - -The concept is that the implementation is split into two separate -chunks of code hidden behind "ops" structs... the "abstract protocol" -implementation is responsible for the logical protocol operation -and reads and writes only memory buffers. - -The "abstract transport" implementation is responsible for sending -and receiving buffers on some kind of transport, and again is hidden -behind a standardized ops struct. - -In the system, both the abstract protocols and transports are -found by their name. - -An actual "connection" is created by calling a generic api -`lws_abs_bind_and_create_instance()` to instantiate the -combination of a protocol and a transport. - -This makes it possible to confidently offer the same protocol on -completely different transports, eg, like serial, or to wire -up the protocol implementation to a test jig sending canned -test vectors and confirming the response at buffer level, without -any network. The abstract protocol itself has no relationship -to the transport at all and is completely unchanged by changes -to the transport. - -In addition, generic tokens to control settings in both the -protocol and the transport are passed in at instantiation-time, -eg, controlling the IP address targeted by the transport. - -lws SMTP client support has been rewritten to use the new scheme, -and lws provides a raw socket transport built-in. - -## Public API - -The public api for defining abstract protocols and transports is -found at - - - [abstract.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/abstract/abstract.h) - - [protocols.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/abstract/protocols.h) - - [transports.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/abstract/transports.h) - -### `lws_abs_t` - -The main structure that defines the abstraction is `lws_abs_t`, -this is a name and then pointers to the protocol and transport, -optional tokens to control both the protocol and transport, -and pointers to private allocations for both the -protocol and transport when instantiated. - -The transport is selected using - -``` -LWS_VISIBLE LWS_EXTERN const lws_abs_transport_t * -lws_abs_transport_get_by_name(const char *name); -``` - -and similarly the protocol by - -``` -LWS_VISIBLE LWS_EXTERN const lws_abs_protocol_t * -lws_abs_protocol_get_by_name(const char *name); -``` - -At the moment only "`raw-skt`" is defined as an lws built-in, athough -you can also create your own mock transport the same way for creating -test jigs. - -|transport op|meaning| -|---|---| -|`tx()`|transmit a buffer| -|`client_conn()`|start a connection to a peer| -|`close()`|request to close the connection to a peer| -|`ask_for_writeable()`|request a `writeable()` callback when tx can be used| -|`set_timeout()`|set a timeout that will close the connection if reached| -|`state()`|check if the connection is established and can carry traffic| - -These are called by the protocol to get things done and make queries -through the abstract transport. - -|protocol op|meaning| -|---|---| -|`accept()`|The peer has accepted the transport connection| -|`rx()`|The peer has sent us some payload| -|`writeable()`|The connection to the peer can take more tx| -|`closed()`|The connection to the peer has closed| -|`heartbeat()`|Called periodically even when no network events| - -These are called by the transport to inform the protocol of events -and traffic. - -### Instantiation - -The user fills an lws_abs_t and passes a pointer to it to -`lws_abs_bind_and_create_instance()` to create an instantiation -of the protocol + transport. - -### `lws_token_map_t` - -The abstract protocol has no idea about a network or network addresses -or ports or whatever... it may not even be hooked up to one. - -If the transport it is bound to wants things like that, they are passed -in using an array of `lws_token_map_t` at instantiation time. - -For example this is passed to the raw socket protocol in the smtp client -minimal example to control where it would connect to: - -``` -static const lws_token_map_t smtp_abs_tokens[] = { -{ - .u = { .value = "127.0.0.1" }, - .name_index = LTMI_PEER_DNS_ADDRESS, -}, { - .u = { .lvalue = 25l }, - .name_index = LTMI_PEER_PORT, -}}; -``` - -## Steps for adding new abstract protocols - - - add the public header in `./include/libwebsockets/abstract/protocols/` - - add a directory under `./lib/abstract/protocols/` - - add your protocol sources in the new directory - - in CMakeLists.txt: - - add an `LWS_WITH_xxx` for your protocol - - search for "using any abstract protocol" and add your `LWS_WITH_xxx` to - the if so it also sets `LWS_WITH_ABSTRACT` if any set - - add a clause to append your source to SOURCES if `LWS_WITH_xxx` enabled - - add your `lws_abs_protocol` to the list `available_abs_protocols` in - `./lib/abstract/abstract.c` - -## Steps for adding new abstract transports - - - add the public header in `./include/libwebsockets/abstract/transports/` - - add your transport sources under `./lib/abstract/transports/` - - in CMakeLists.txt append your transport sources to SOURCES if `LWS_WITH_ABSTRACT` - and any other cmake conditionals - - add an extern for your transport `lws_protocols` in `./lib/core-net/private.h` - - add your transport `lws_protocols` to `available_abstract_protocols` in - `./lib/core-net/vhost.c` - - add your `lws_abs_transport` to the list `available_abs_transports` in - `./lib/abstract/abstract.c` - -# Protocol testing - -## unit tests - -lws features an abstract transport designed to facilitate unit testing. This -contains an lws_sequencer that performs the steps of tests involving sending the -protocol test vector buffers and confirming the response of the protocol matches -the test vectors. - -## test-sequencer - -test-sequencer is a helper that sequences running an array of unit tests and -collects the statistics and gives a PASS / FAIL result. - -See the SMTP client api test for an example of how to use. diff --git a/lib/abstract/abstract.c b/lib/abstract/abstract.c deleted file mode 100644 index 0f52869..0000000 --- a/lib/abstract/abstract.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include -#include - -extern const lws_abs_transport_t lws_abs_transport_cli_raw_skt, - lws_abs_transport_cli_unit_test; -#if defined(LWS_WITH_SMTP) -extern const lws_abs_protocol_t lws_abs_protocol_smtp; -#endif - -static const lws_abs_transport_t * const available_abs_transports[] = { - &lws_abs_transport_cli_raw_skt, - &lws_abs_transport_cli_unit_test, -}; - -/* HACK: microsoft compiler can't handle zero length array definition */ -#if defined(LWS_WITH_SMTP) -static const lws_abs_protocol_t * const available_abs_protocols[] = { -#if defined(LWS_WITH_SMTP) - &lws_abs_protocol_smtp, -#endif -}; -#endif - -const lws_abs_transport_t * -lws_abs_transport_get_by_name(const char *name) -{ - int n; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(available_abs_transports); n++) - if (!strcmp(name, available_abs_transports[n]->name)) - return available_abs_transports[n]; - - lwsl_err("%s: cannot find '%s'\n", __func__, name); - - return NULL; -} - -const lws_abs_protocol_t * -lws_abs_protocol_get_by_name(const char *name) -{ -#if defined(LWS_WITH_SMTP) - int n; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(available_abs_protocols); n++) - if (!strcmp(name, available_abs_protocols[n]->name)) - return available_abs_protocols[n]; -#endif - lwsl_err("%s: cannot find '%s'\n", __func__, name); - - return NULL; -} - -const lws_token_map_t * -lws_abs_get_token(const lws_token_map_t *token_map, short name_index) -{ - if (!token_map) - return NULL; - - do { - if (token_map->name_index == name_index) - return token_map; - token_map++; - } while (token_map->name_index); - - return NULL; -} - -void -lws_abs_destroy_instance(lws_abs_t **ai) -{ - lws_abs_t *a = *ai; - - if (a->api) - a->ap->destroy(&a->api); - if (a->ati) - a->at->destroy(&a->ati); - - lws_dll2_remove(&a->abstract_instances); - - *ai = NULL; - free(a); -} - -lws_abs_t * -lws_abs_bind_and_create_instance(const lws_abs_t *abs) -{ - size_t size = sizeof(lws_abs_t) + abs->ap->alloc + abs->at->alloc; - lws_abs_t *ai; - - /* - * since we know we will allocate the lws_abs_t, the protocol's - * instance allocation, and the transport's instance allocation, - * we merge it into a single heap allocation - */ - ai = lws_malloc(size, "abs inst"); - if (!ai) - return NULL; - - *ai = *abs; - ai->ati = NULL; - - ai->api = (char *)ai + sizeof(lws_abs_t); - if (ai->ap->create(ai)) { - ai->api = NULL; - goto bail; - } - - ai->ati = (char *)ai->api + abs->ap->alloc; - if (ai->at->create(ai)) { - ai->ati = NULL; - goto bail; - } - - /* add us to the vhost's dll2 of instances */ - - lws_dll2_clear(&ai->abstract_instances); - lws_dll2_add_head(&ai->abstract_instances, - &ai->vh->abstract_instances_owner); - - return ai; - -bail: - lws_abs_destroy_instance(&ai); - - return NULL; -} diff --git a/lib/abstract/private.h b/lib/abstract/private.h deleted file mode 100644 index a9b1ca2..0000000 --- a/lib/abstract/private.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - - - - diff --git a/lib/abstract/protocols/smtp/smtp.c b/lib/abstract/protocols/smtp/smtp.c deleted file mode 100644 index 668ab19..0000000 --- a/lib/abstract/protocols/smtp/smtp.c +++ /dev/null @@ -1,449 +0,0 @@ -/* - * Abstract SMTP support for libwebsockets - * - * Copyright (C) 2016-2019 Andy Green - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "abstract/private.h" - -/** enum lwsgs_smtp_states - where we are in SMTP protocol sequence */ -typedef enum lwsgs_smtp_states { - LGSSMTP_IDLE, /**< awaiting new email */ - LGSSMTP_CONNECTING, /**< opening tcp connection to MTA */ - LGSSMTP_CONNECTED, /**< tcp connection to MTA is connected */ - LGSSMTP_SENT_HELO, /**< sent the HELO */ - LGSSMTP_SENT_FROM, /**< sent FROM */ - LGSSMTP_SENT_TO, /**< sent TO */ - LGSSMTP_SENT_DATA, /**< sent DATA request */ - LGSSMTP_SENT_BODY, /**< sent the email body */ - LGSSMTP_SENT_QUIT, /**< sent the session quit */ -} lwsgs_smtp_states_t; - -/** struct lws_email - abstract context for performing SMTP operations */ -typedef struct lws_smtp_client { - struct lws_dll2_owner pending_owner; - - const struct lws_abs *abs; - - const char *helo; - - lwsgs_smtp_states_t estate; - time_t email_connect_started; - - time_t retry_interval; - time_t delivery_timeout; - - size_t email_queue_max; - size_t max_content_size; - - unsigned char send_pending:1; -} lws_smtp_client_t; - -static const short retcodes[] = { - 0, /* idle */ - 0, /* connecting */ - 220, /* connected */ - 250, /* helo */ - 250, /* from */ - 250, /* to */ - 354, /* data */ - 250, /* body */ - 221, /* quit */ -}; - -static void -lws_smtp_client_state_transition(lws_smtp_client_t *c, lwsgs_smtp_states_t s) -{ - lwsl_debug("%s: cli %p: state %d -> %d\n", __func__, c, c->estate, s); - c->estate = s; -} - -static void -lws_smtp_client_kick_internal(lws_smtp_client_t *c) -{ - lws_smtp_email_t *e; - lws_dll2_t *d; - char buf[64]; - int n; - - if (c->estate != LGSSMTP_IDLE) - return; - - /* is there something to do? */ - -again: - d = lws_dll2_get_head(&c->pending_owner); - if (!d) - return; - - e = lws_container_of(d, lws_smtp_email_t, list); - - /* do we need to time out this guy? */ - - if ((time_t)lws_now_secs() - e->added > (time_t)c->delivery_timeout) { - lwsl_err("%s: timing out email\n", __func__); - lws_dll2_remove(&e->list); - n = lws_snprintf(buf, sizeof(buf), "0 Timed out retrying send"); - e->done(e, buf, n); - - if (lws_dll2_get_head(&c->pending_owner)) - goto again; - - return; - } - - /* is it time for his retry yet? */ - - if (e->last_try && - (time_t)lws_now_secs() - e->last_try < (time_t)c->retry_interval) { - /* no... send him to the tail */ - lws_dll2_remove(&e->list); - lws_dll2_add_tail(&e->list, &c->pending_owner); - return; - } - - /* ask the transport if we have a connection to the server ongoing */ - - if (c->abs->at->state(c->abs->ati)) { - /* - * there's a connection, it could be still trying to connect - * or established - */ - c->abs->at->ask_for_writeable(c->abs->ati); - - return; - } - - /* there's no existing connection */ - - lws_smtp_client_state_transition(c, LGSSMTP_CONNECTING); - - if (c->abs->at->client_conn(c->abs)) { - lwsl_err("%s: failed to connect\n", __func__); - - return; - } - - e->tries++; - e->last_try = lws_now_secs(); -} - -/* - * we became connected - */ - -static int -lws_smtp_client_abs_accept(lws_abs_protocol_inst_t *api) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)api; - - lws_smtp_client_state_transition(c, LGSSMTP_CONNECTED); - - return 0; -} - -static int -lws_smtp_client_abs_rx(lws_abs_protocol_inst_t *api, uint8_t *buf, size_t len) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)api; - lws_smtp_email_t *e; - lws_dll2_t *pd2; - int n; - - pd2 = lws_dll2_get_head(&c->pending_owner); - if (!pd2) - return 0; - - e = lws_container_of(pd2, lws_smtp_email_t, list); - if (!e) - return 0; - - n = atoi((char *)buf); - if (n != retcodes[c->estate]) { - lwsl_notice("%s: bad response from server: %d (state %d) %.*s\n", - __func__, n, c->estate, (int)len, buf); - - lws_dll2_remove(&e->list); - lws_dll2_add_tail(&e->list, &c->pending_owner); - lws_smtp_client_state_transition(c, LGSSMTP_IDLE); - lws_smtp_client_kick_internal(c); - - return 0; - } - - if (c->estate == LGSSMTP_SENT_QUIT) { - lwsl_debug("%s: done\n", __func__); - lws_smtp_client_state_transition(c, LGSSMTP_IDLE); - - lws_dll2_remove(&e->list); - if (e->done && e->done(e, "sent OK", 7)) - return 1; - - return 1; - } - - c->send_pending = 1; - c->abs->at->ask_for_writeable(c->abs->ati); - - return 0; -} - -static int -lws_smtp_client_abs_writeable(lws_abs_protocol_inst_t *api, size_t budget) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)api; - char b[256 + LWS_PRE], *p = b + LWS_PRE; - lws_smtp_email_t *e; - lws_dll2_t *pd2; - int n; - - pd2 = lws_dll2_get_head(&c->pending_owner); - if (!pd2) - return 0; - - e = lws_container_of(pd2, lws_smtp_email_t, list); - if (!e) - return 0; - - - if (!c->send_pending) - return 0; - - c->send_pending = 0; - - lwsl_debug("%s: writing response for state %d\n", __func__, c->estate); - - switch (c->estate) { - case LGSSMTP_CONNECTED: - n = lws_snprintf(p, sizeof(b) - LWS_PRE, "HELO %s\n", c->helo); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_HELO); - break; - case LGSSMTP_SENT_HELO: - n = lws_snprintf(p, sizeof(b) - LWS_PRE, "MAIL FROM: <%s>\n", - e->email_from); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_FROM); - break; - case LGSSMTP_SENT_FROM: - n = lws_snprintf(p, sizeof(b) - LWS_PRE, - "RCPT TO: <%s>\n", e->email_to); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_TO); - break; - case LGSSMTP_SENT_TO: - n = lws_snprintf(p, sizeof(b) - LWS_PRE, "DATA\n"); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_DATA); - break; - case LGSSMTP_SENT_DATA: - p = (char *)e->payload; - n = strlen(e->payload); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_BODY); - break; - case LGSSMTP_SENT_BODY: - n = lws_snprintf(p, sizeof(b) - LWS_PRE, "quit\n"); - lws_smtp_client_state_transition(c, LGSSMTP_SENT_QUIT); - break; - case LGSSMTP_SENT_QUIT: - return 0; - - default: - return 0; - } - - //puts(p); - c->abs->at->tx(c->abs->ati, (uint8_t *)p, n); - - return 0; -} - -static int -lws_smtp_client_abs_closed(lws_abs_protocol_inst_t *api) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)api; - - if (c) - lws_smtp_client_state_transition(c, LGSSMTP_IDLE); - - return 0; -} - -static int -lws_smtp_client_abs_heartbeat(lws_abs_protocol_inst_t *api) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)api; - - lws_smtp_client_kick_internal(c); - - return 0; -} - -lws_smtp_email_t * -lws_smtp_client_alloc_email_helper(const char *payload, size_t payload_len, - const char *sender, const char *recipient, - const char *extra, size_t extra_len, void *data, - int (*done)(struct lws_smtp_email *e, - void *buf, size_t len)) -{ - size_t ls = strlen(sender), lr = strlen(recipient); - lws_smtp_email_t *em; - char *p; - - em = malloc(sizeof(*em) + payload_len + ls + lr + extra_len + 4); - if (!em) { - lwsl_err("OOM\n"); - return NULL; - } - - p = (char *)&em[1]; - - memset(em, 0, sizeof(*em)); - - em->data = data; - em->done = done; - - em->email_from = p; - memcpy(p, sender, ls + 1); - p += ls + 1; - em->email_to = p; - memcpy(p, recipient, lr + 1); - p += lr + 1; - em->payload = p; - memcpy(p, payload, payload_len + 1); - p += payload_len + 1; - - if (extra) { - em->extra = p; - memcpy(p, extra, extra_len + 1); - } - - return em; -} - -int -lws_smtp_client_add_email(lws_abs_t *instance, lws_smtp_email_t *e) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)instance->api; - - if (c->pending_owner.count > c->email_queue_max) { - lwsl_err("%s: email queue at limit of %d\n", __func__, - (int)c->email_queue_max); - - return 1; - } - - e->added = lws_now_secs(); - e->last_try = 0; - e->tries = 0; - - lws_dll2_clear(&e->list); - lws_dll2_add_tail(&e->list, &c->pending_owner); - - lws_smtp_client_kick_internal(c); - - return 0; -} - -void -lws_smtp_client_kick(lws_abs_t *instance) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)instance->api; - - lws_smtp_client_kick_internal(c); -} -static int -lws_smtp_client_create(const lws_abs_t *ai) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)ai->api; - const lws_token_map_t *tm; - - memset(c, 0, sizeof(*c)); - - c->abs = ai; - - tm = lws_abs_get_token(ai->ap_tokens, LTMI_PSMTP_V_HELO); - if (!tm) { - lwsl_err("%s: LTMI_PSMTP_V_HELO is required\n", __func__); - - return 1; - } - c->helo = tm->u.value; - - c->email_queue_max = 8; - c->retry_interval = 15 * 60; - c->delivery_timeout = 12 * 60 * 60; - - tm = lws_abs_get_token(ai->ap_tokens, LTMI_PSMTP_LV_EMAIL_QUEUE_MAX); - if (tm) - c->email_queue_max = tm->u.lvalue; - tm = lws_abs_get_token(ai->ap_tokens, LTMI_PSMTP_LV_RETRY_INTERVAL); - if (tm) - c->retry_interval = tm->u.lvalue; - tm = lws_abs_get_token(ai->ap_tokens, LTMI_PSMTP_LV_DELIVERY_TIMEOUT); - if (tm) - c->delivery_timeout = tm->u.lvalue; - - lws_smtp_client_state_transition(c, LGSSMTP_IDLE); - - return 0; -} - -static int -cleanup(struct lws_dll2 *d, void *user) -{ - lws_smtp_email_t *e; - - e = lws_container_of(d, lws_smtp_email_t, list); - if (e->done && e->done(e, "destroying", 10)) - return 1; - - return 0; -} - -static void -lws_smtp_client_destroy(lws_abs_protocol_inst_t **_c) -{ - lws_smtp_client_t *c = (lws_smtp_client_t *)*_c; - - if (!c) - return; - - lws_dll2_foreach_safe(&c->pending_owner, NULL, cleanup); - - /* - * We don't free anything because the abstract layer combined our - * allocation with that of the instance, and it will free the whole - * thing after this. - */ - - *_c = NULL; -} - -/* events the transport invokes (handled by abstract protocol) */ - -const lws_abs_protocol_t lws_abs_protocol_smtp = { - .name = "smtp", - .alloc = sizeof(lws_smtp_client_t), - - .create = lws_smtp_client_create, - .destroy = lws_smtp_client_destroy, - - .accept = lws_smtp_client_abs_accept, - .rx = lws_smtp_client_abs_rx, - .writeable = lws_smtp_client_abs_writeable, - .closed = lws_smtp_client_abs_closed, - .heartbeat = lws_smtp_client_abs_heartbeat, -}; diff --git a/lib/abstract/test-sequencer.c b/lib/abstract/test-sequencer.c deleted file mode 100644 index 2872aef..0000000 --- a/lib/abstract/test-sequencer.c +++ /dev/null @@ -1,272 +0,0 @@ -/* - * libwebsockets lib/abstract/test-sequencer.c - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * A helper for running multiple unit tests against abstract protocols. - * - * An lws_seq_t is used to base its actions in the event loop and manage - * the sequencing of multiple tests. A new abstract connection is instantiated - * for each test using te - */ - -#include - -struct lws_seq_test_sequencer { - lws_abs_t original_abs; - - lws_test_sequencer_args_t args; - - struct lws_context *context; - struct lws_vhost *vhost; - lws_seq_t *unit_test_seq; - - /* holds the per-test token for the unit-test transport to consume */ - lws_token_map_t uttt[4]; - - lws_abs_t *instance; - - int state; -}; - -/* sequencer messages specific to this sequencer */ - -enum { - SEQ_MSG_PASS = LWSSEQ_USER_BASE, - SEQ_MSG_FAIL, - SEQ_MSG_FAIL_TIMEOUT, -}; - -/* - * We get called back when the unit test transport has decided if the test - * passed or failed. We get the priv, and report to the sequencer message queue - * what the result was. - */ - -static int -unit_test_result_cb(const void *cb_user, int disposition) -{ - const struct lws_seq_test_sequencer *s = - (const struct lws_seq_test_sequencer *)cb_user; - int r; - - lwsl_debug("%s: disp %d\n", __func__, disposition); - - switch (disposition) { - case LPE_FAILED_UNEXPECTED_PASS: - case LPE_FAILED_UNEXPECTED_CLOSE: - case LPE_FAILED: - r = SEQ_MSG_FAIL; - break; - - case LPE_FAILED_UNEXPECTED_TIMEOUT: - r = SEQ_MSG_FAIL_TIMEOUT; - break; - - case LPE_SUCCEEDED: - r = SEQ_MSG_PASS; - break; - - default: - assert(0); - return -1; - } - - lws_seq_queue_event(s->unit_test_seq, r, NULL, NULL); - - ((struct lws_seq_test_sequencer *)s)->instance = NULL; - - return 0; -} - -/* - * We receive the unit test result callback's messages via the message queue. - * - * We log the results and always move on to the next test until there are no - * more tests. - */ - -static lws_seq_cb_return_t -test_sequencer_cb(struct lws_sequencer *seq, void *user, int event, void *data, - void *aux) -{ - struct lws_seq_test_sequencer *s = - (struct lws_seq_test_sequencer *)user; - lws_unit_test_packet_t *exp = (lws_unit_test_packet_t *) - s->args.tests[s->state].expect_array; - lws_abs_t test_abs; - - switch ((int)event) { - case LWSSEQ_CREATED: /* our sequencer just got started */ - lwsl_notice("%s: %s: created\n", __func__, - lws_seq_name(seq)); - s->state = 0; /* first thing we'll do is the first url */ - goto step; - - case LWSSEQ_DESTROYED: - /* - * We are going down... if we have a child unit test sequencer - * still around inform and destroy it - */ - if (s->instance) { - s->instance->at->close(s->instance); - s->instance = NULL; - } - break; - - case SEQ_MSG_FAIL_TIMEOUT: /* current step timed out */ - if (exp->flags & LWS_AUT_EXPECT_SHOULD_TIMEOUT) { - lwsl_user("%s: test %d got expected timeout\n", - __func__, s->state); - - goto pass; - } - lwsl_user("%s: seq timed out at step %d\n", __func__, s->state); - - s->args.results[s->state] = LPE_FAILED_UNEXPECTED_TIMEOUT; - goto done; /* always move on to the next test */ - - case SEQ_MSG_FAIL: - if (exp->flags & LWS_AUT_EXPECT_SHOULD_FAIL) { - /* - * in this case, we expected to fail like this, it's OK - */ - lwsl_user("%s: test %d failed as expected\n", - __func__, s->state); - - goto pass; /* always move on to the next test */ - } - - lwsl_user("%s: seq failed at step %d\n", __func__, s->state); - - s->args.results[s->state] = LPE_FAILED; - goto done; /* always move on to the next test */ - - case SEQ_MSG_PASS: - if (exp->flags & (LWS_AUT_EXPECT_SHOULD_FAIL | - LWS_AUT_EXPECT_SHOULD_TIMEOUT)) { - /* - * In these specific cases, done would be a failure, - * we expected to timeout or fail - */ - lwsl_user("%s: seq failed at step %d\n", __func__, - s->state); - - s->args.results[s->state] = LPE_FAILED_UNEXPECTED_PASS; - - goto done; /* always move on to the next test */ - } - lwsl_info("%s: seq done test %d\n", __func__, s->state); -pass: - (*s->args.count_passes)++; - s->args.results[s->state] = LPE_SUCCEEDED; - -done: - lws_seq_timeout_us(lws_seq_from_user(s), LWSSEQTO_NONE); - s->state++; -step: - if (!s->args.tests[s->state].name) { - /* the sequence has completed */ - lwsl_user("%s: sequence completed OK\n", __func__); - - if (s->args.cb) - s->args.cb(s->args.cb_user); - - return LWSSEQ_RET_DESTROY; - } - lwsl_info("%s: starting test %d\n", __func__, s->state); - - if (s->state >= s->args.results_max) { - lwsl_err("%s: results array is too small\n", __func__); - - return LWSSEQ_RET_DESTROY; - } - test_abs = s->original_abs; - s->uttt[0].name_index = LTMI_PEER_V_EXPECT_TEST; - s->uttt[0].u.value = (void *)&s->args.tests[s->state]; - s->uttt[1].name_index = LTMI_PEER_V_EXPECT_RESULT_CB; - s->uttt[1].u.value = (void *)unit_test_result_cb; - s->uttt[2].name_index = LTMI_PEER_V_EXPECT_RESULT_CB_ARG; - s->uttt[2].u.value = (void *)s; - /* give the unit test transport the test tokens */ - test_abs.at_tokens = s->uttt; - - s->instance = lws_abs_bind_and_create_instance(&test_abs); - if (!s->instance) { - lwsl_notice("%s: failed to create step %d unit test\n", - __func__, s->state); - - return LWSSEQ_RET_DESTROY; - } - (*s->args.count_tests)++; - break; - - default: - break; - } - - return LWSSEQ_RET_CONTINUE; -} - - -/* - * Creates an lws_sequencer to manage the test sequence - */ - -int -lws_abs_unit_test_sequencer(const lws_test_sequencer_args_t *args) -{ - struct lws_seq_test_sequencer *s; - lws_seq_t *seq; - lws_seq_info_t i; - - memset(&i, 0, sizeof(i)); - i.context = args->abs->vh->context; - i.user_size = sizeof(struct lws_seq_test_sequencer); - i.puser = (void **)&s; - i.cb = test_sequencer_cb; - i.name = "test-seq"; - - /* - * Create a sequencer in the event loop to manage the tests - */ - - seq = lws_seq_create(&i); - if (!seq) { - lwsl_err("%s: unable to create sequencer\n", __func__); - return 1; - } - - /* - * Take a copy of the original lws_abs_t we were passed so we can use - * it as the basis of the lws_abs_t we create the individual tests with - */ - s->original_abs = *args->abs; - - s->args = *args; - - s->context = args->abs->vh->context; - s->vhost = args->abs->vh; - s->unit_test_seq = seq; - - *s->args.count_tests = 0; - *s->args.count_passes = 0; - - return 0; -} diff --git a/lib/abstract/transports/raw-skt.c b/lib/abstract/transports/raw-skt.c deleted file mode 100644 index 74f08ab..0000000 --- a/lib/abstract/transports/raw-skt.c +++ /dev/null @@ -1,356 +0,0 @@ -/* - * libwebsockets lib/abstract/transports/raw-skt.c - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "abstract/private.h" - -typedef struct lws_abstxp_raw_skt_priv { - struct lws_abs *abs; - struct lws *wsi; - - lws_dll2_t same_abs_transport_list; - - uint8_t established:1; - uint8_t connecting:1; -} abs_raw_skt_priv_t; - -struct vhd { - lws_dll2_owner_t owner; -}; - -static int -heartbeat_cb(struct lws_dll2 *d, void *user) -{ - abs_raw_skt_priv_t *priv = lws_container_of(d, abs_raw_skt_priv_t, - same_abs_transport_list); - - if (priv->abs->ap->heartbeat) - priv->abs->ap->heartbeat(priv->abs->api); - - return 0; -} - -static int -callback_abs_client_raw_skt(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)user; - struct vhd *vhd = (struct vhd *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), sizeof(struct vhd)); - if (!vhd) - return 1; - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_USER: - /* - * This comes at 1Hz without a wsi context, so there is no - * valid priv. We need to track the live abstract objects that - * are using our abstract protocol, and pass the heartbeat - * through to the ones that care. - */ - if (!vhd) - break; - - lws_dll2_foreach_safe(&vhd->owner, NULL, heartbeat_cb); - - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_RAW_CONNECTED: - lwsl_debug("LWS_CALLBACK_RAW_CONNECTED\n"); - priv->connecting = 0; - priv->established = 1; - if (priv->abs->ap->accept) - priv->abs->ap->accept(priv->abs->api); - if (wsi->seq) - /* - * we are bound to a sequencer who wants to know about - * our lifecycle events - */ - - lws_seq_queue_event(wsi->seq, LWSSEQ_WSI_CONNECTED, - wsi, NULL); - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_user("CONNECTION_ERROR\n"); - if (in) - lwsl_user(" %s\n", (const char *)in); - - if (wsi->seq) - /* - * we are bound to a sequencer who wants to know about - * our lifecycle events - */ - - lws_seq_queue_event(wsi->seq, LWSSEQ_WSI_CONN_FAIL, - wsi, NULL); - - goto close_path; - - /* fallthru */ - case LWS_CALLBACK_RAW_CLOSE: - if (!user) - break; - - if (wsi->seq) - /* - * we are bound to a sequencer who wants to know about - * our lifecycle events - */ - - lws_seq_queue_event(wsi->seq, LWSSEQ_WSI_CONN_CLOSE, - wsi, NULL); - -close_path: - lwsl_debug("LWS_CALLBACK_RAW_CLOSE\n"); - priv->established = 0; - priv->connecting = 0; - if (priv->abs && priv->abs->ap->closed) - priv->abs->ap->closed(priv->abs->api); - lws_set_wsi_user(wsi, NULL); - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_debug("LWS_CALLBACK_RAW_RX (%d)\n", (int)len); - return !!priv->abs->ap->rx(priv->abs->api, in, len); - - case LWS_CALLBACK_RAW_WRITEABLE: - lwsl_debug("LWS_CALLBACK_RAW_WRITEABLE\n"); - priv->abs->ap->writeable(priv->abs->api, - lws_get_peer_write_allowance(priv->wsi)); - break; - - case LWS_CALLBACK_RAW_SKT_BIND_PROTOCOL: - lws_dll2_add_tail(&priv->same_abs_transport_list, &vhd->owner); - break; - - case LWS_CALLBACK_RAW_SKT_DROP_PROTOCOL: - lws_dll2_remove(&priv->same_abs_transport_list); - break; - - default: - break; - } - - return 0; -} - -static int -lws_atcrs_close(lws_abs_transport_inst_t *ati) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)ati; - struct lws *wsi = priv->wsi; - - if (!priv->wsi) - return 0; - - if (!lws_raw_transaction_completed(priv->wsi)) - return 0; - - priv->wsi = NULL; - lws_set_timeout(wsi, 1, LWS_TO_KILL_SYNC); - - /* priv is destroyed in the CLOSE callback */ - - return 0; -} - - -const struct lws_protocols protocol_abs_client_raw_skt = { - "lws-abs-cli-raw-skt", callback_abs_client_raw_skt, - 0, 1024, 1024, NULL, 0 -}; - -static int -lws_atcrs_tx(lws_abs_transport_inst_t *ati, uint8_t *buf, size_t len) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)ati; - - if (!priv->wsi) { - lwsl_err("%s: NULL priv->wsi\n", __func__); - return 1; - } - - lwsl_debug("%s: priv %p, wsi %p, ro %p\n", __func__, - priv, priv->wsi, priv->wsi->role_ops); - - if (lws_write(priv->wsi, buf, len, LWS_WRITE_RAW) < 0) - lws_atcrs_close(ati); - - return 0; -} - -#if !defined(LWS_WITHOUT_CLIENT) -static int -lws_atcrs_client_conn(const lws_abs_t *abs) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)abs->ati; - struct lws_client_connect_info i; - const lws_token_map_t *tm; - - if (priv->connecting) - return 0; - - if (priv->established) { - lws_set_timeout(priv->wsi, PENDING_TIMEOUT_CLIENT_CONN_IDLE, 5); - - return 0; - } - - memset(&i, 0, sizeof(i)); - - /* address and port are passed-in using the abstract transport tokens */ - - tm = lws_abs_get_token(abs->at_tokens, LTMI_PEER_V_DNS_ADDRESS); - if (!tm) { - lwsl_notice("%s: raw_skt needs LTMI_PEER_V_DNS_ADDRESS\n", - __func__); - - return 1; - } - i.address = tm->u.value; - - tm = lws_abs_get_token(abs->at_tokens, LTMI_PEER_LV_PORT); - if (!tm) { - lwsl_notice("%s: raw_skt needs LTMI_PEER_LV_PORT\n", __func__); - - return 1; - } - i.port = tm->u.lvalue; - - /* optional */ - i.ssl_connection = 0; - tm = lws_abs_get_token(abs->at_tokens, LTMI_PEER_LV_TLS_FLAGS); - if (tm) - i.ssl_connection = tm->u.lvalue; - - - lwsl_debug("%s: raw_skt priv %p connecting to %s:%u %p\n", - __func__, priv, i.address, i.port, abs->vh->context); - - i.path = ""; - i.method = "RAW"; - i.vhost = abs->vh; - i.userdata = priv; - i.host = i.address; - i.pwsi = &priv->wsi; - i.origin = i.address; - i.context = abs->vh->context; - i.local_protocol_name = "lws-abs-cli-raw-skt"; - i.seq = abs->seq; - i.opaque_user_data = abs->opaque_user_data; - - priv->wsi = lws_client_connect_via_info(&i); - if (!priv->wsi) - return 1; - - priv->connecting = 1; - - return 0; -} -#endif - -static int -lws_atcrs_ask_for_writeable(lws_abs_transport_inst_t *ati) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)ati; - - if (!priv->wsi || !priv->established) - return 1; - - lws_callback_on_writable(priv->wsi); - - return 0; -} - -static int -lws_atcrs_create(struct lws_abs *ai) -{ - abs_raw_skt_priv_t *at = (abs_raw_skt_priv_t *)ai->ati; - - memset(at, 0, sizeof(*at)); - at->abs = ai; - - return 0; -} - -static void -lws_atcrs_destroy(lws_abs_transport_inst_t **pati) -{ - /* - * We don't free anything because the abstract layer combined our - * allocation with that of the instance, and it will free the whole - * thing after this. - */ - *pati = NULL; -} - -static int -lws_atcrs_set_timeout(lws_abs_transport_inst_t *ati, int reason, int secs) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)ati; - - lws_set_timeout(priv->wsi, reason, secs); - - return 0; -} - -static int -lws_atcrs_state(lws_abs_transport_inst_t *ati) -{ - abs_raw_skt_priv_t *priv = (abs_raw_skt_priv_t *)ati; - - if (!priv || !priv->wsi || (!priv->established && !priv->connecting)) - return 0; - - return 1; -} - -const lws_abs_transport_t lws_abs_transport_cli_raw_skt = { - .name = "raw_skt", - .alloc = sizeof(abs_raw_skt_priv_t), - - .create = lws_atcrs_create, - .destroy = lws_atcrs_destroy, - - .tx = lws_atcrs_tx, -#if defined(LWS_WITHOUT_CLIENT) - .client_conn = NULL, -#else - .client_conn = lws_atcrs_client_conn, -#endif - .close = lws_atcrs_close, - .ask_for_writeable = lws_atcrs_ask_for_writeable, - .set_timeout = lws_atcrs_set_timeout, - .state = lws_atcrs_state, -}; diff --git a/lib/abstract/transports/unit-test.c b/lib/abstract/transports/unit-test.c deleted file mode 100644 index c891861..0000000 --- a/lib/abstract/transports/unit-test.c +++ /dev/null @@ -1,531 +0,0 @@ -/* - * libwebsockets lib/abstract/transports/unit-test.c - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * An abstract transport that is useful for unit testing an abstract protocol. - * It doesn't actually connect to anything, but checks the protocol's response - * to provided canned packets from an array of test vectors. - */ - -#include "core/private.h" -#include "abstract/private.h" - -/* this is the transport priv instantiated at abs->ati */ - -typedef struct lws_abstxp_unit_test_priv { - char note[128]; - struct lws_abs *abs; - - lws_seq_t *seq; - lws_unit_test_t *current_test; - lws_unit_test_packet_t *expect; - lws_unit_test_packet_test_cb result_cb; - const void *result_cb_arg; - - lws_unit_test_packet_disposition disposition; - /* synthesized protocol timeout */ - time_t timeout; - - uint8_t established:1; - uint8_t connecting:1; -} abs_unit_test_priv_t; - -typedef struct seq_priv { - lws_abs_t *ai; -} seq_priv_t; - -enum { - UTSEQ_MSG_WRITEABLE = LWSSEQ_USER_BASE, - UTSEQ_MSG_CLOSING, - UTSEQ_MSG_TIMEOUT, - UTSEQ_MSG_CONNECTING, - UTSEQ_MSG_POST_TX_KICK, - UTSEQ_MSG_DISPOSITION_KNOWN -}; - -/* - * A definitive result has appeared for the current test - */ - -static lws_unit_test_packet_disposition -lws_unit_test_packet_dispose(abs_unit_test_priv_t *priv, - lws_unit_test_packet_disposition disp, - const char *note) -{ - assert(priv->disposition == LPE_CONTINUE); - - lwsl_info("%s: %d\n", __func__, disp); - - if (note) - lws_strncpy(priv->note, note, sizeof(priv->note)); - - priv->disposition = disp; - - lws_seq_queue_event(priv->seq, UTSEQ_MSG_DISPOSITION_KNOWN, - NULL, NULL); - - return disp; -} - -/* - * start on the next step of the test - */ - -lws_unit_test_packet_disposition -process_expect(abs_unit_test_priv_t *priv) -{ - assert(priv->disposition == LPE_CONTINUE); - - while (priv->expect->flags & LWS_AUT_EXPECT_RX && - priv->disposition == LPE_CONTINUE) { - int f = priv->expect->flags & LWS_AUT_EXPECT_LOCAL_CLOSE, s; - - if (priv->expect->pre) - priv->expect->pre(priv->abs); - - lwsl_info("%s: rx()\n", __func__); - lwsl_hexdump_debug(priv->expect->buffer, priv->expect->len); - s = priv->abs->ap->rx(priv->abs->api, priv->expect->buffer, - priv->expect->len); - - if (!!f != !!s) { - lwsl_notice("%s: expected rx return %d, got %d\n", - __func__, !!f, s); - - return lws_unit_test_packet_dispose(priv, LPE_FAILED, - "rx unexpected return"); - } - - if (priv->expect->flags & LWS_AUT_EXPECT_TEST_END) { - lws_unit_test_packet_dispose(priv, LPE_SUCCEEDED, NULL); - break; - } - - priv->expect++; - } - - return LPE_CONTINUE; -} - -static lws_seq_cb_return_t -unit_test_sequencer_cb(struct lws_sequencer *seq, void *user, int event, - void *data, void *aux) -{ - seq_priv_t *s = (seq_priv_t *)user; - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)s->ai->ati; - time_t now; - - switch ((int)event) { - case LWSSEQ_CREATED: /* our sequencer just got started */ - lwsl_notice("%s: %s: created\n", __func__, - lws_seq_name(seq)); - if (s->ai->at->client_conn(s->ai)) { - lwsl_notice("%s: %s: abstract client conn failed\n", - __func__, lws_seq_name(seq)); - - return LWSSEQ_RET_DESTROY; - } - break; - - case LWSSEQ_DESTROYED: - /* - * This sequencer is about to be destroyed. If we have any - * other assets in play, detach them from us. - */ - - if (priv->abs) - lws_abs_destroy_instance(&priv->abs); - - break; - - case LWSSEQ_HEARTBEAT: - - /* synthesize a wsi-style timeout */ - - if (!priv->timeout) - goto ph; - - time(&now); - - if (now <= priv->timeout) - goto ph; - - if (priv->expect->flags & LWS_AUT_EXPECT_SHOULD_TIMEOUT) { - lwsl_user("%s: test got expected timeout\n", - __func__); - lws_unit_test_packet_dispose(priv, - LPE_FAILED_UNEXPECTED_TIMEOUT, NULL); - - return LWSSEQ_RET_DESTROY; - } - lwsl_user("%s: seq timed out\n", __func__); - -ph: - if (priv->abs->ap->heartbeat) - priv->abs->ap->heartbeat(priv->abs->api); - break; - - case UTSEQ_MSG_DISPOSITION_KNOWN: - - lwsl_info("%s: %s: DISPOSITION_KNOWN %s: %s\n", __func__, - priv->abs->ap->name, - priv->current_test->name, - priv->disposition == LPE_SUCCEEDED ? "OK" : "FAIL"); - - /* - * if the test has a callback, call it back to let it - * know the result - */ - if (priv->result_cb) - priv->result_cb(priv->result_cb_arg, priv->disposition); - - return LWSSEQ_RET_DESTROY; - - case UTSEQ_MSG_CONNECTING: - lwsl_debug("UTSEQ_MSG_CONNECTING\n"); - - if (priv->abs->ap->accept) - priv->abs->ap->accept(priv->abs->api); - - priv->established = 1; - - /* fallthru */ - - case UTSEQ_MSG_POST_TX_KICK: - if (priv->disposition) - break; - - if (process_expect(priv) != LPE_CONTINUE) { - lwsl_notice("%s: UTSEQ_MSG_POST_TX_KICK failed\n", - __func__); - return LWSSEQ_RET_DESTROY; - } - break; - - case UTSEQ_MSG_WRITEABLE: - /* - * inform the protocol our transport is writeable now - */ - priv->abs->ap->writeable(priv->abs->api, 1024); - break; - - case UTSEQ_MSG_CLOSING: - - if (!(priv->expect->flags & LWS_AUT_EXPECT_LOCAL_CLOSE)) { - lwsl_user("%s: got unexpected close\n", __func__); - - lws_unit_test_packet_dispose(priv, - LPE_FAILED_UNEXPECTED_CLOSE, NULL); - goto done; - } - - /* tell the abstract protocol we are closing on them */ - - if (priv->abs && priv->abs->ap->closed) - priv->abs->ap->closed(priv->abs->api); - - goto done; - - case UTSEQ_MSG_TIMEOUT: /* current step timed out */ - - s->ai->at->close(s->ai->ati); - - if (!(priv->expect->flags & LWS_AUT_EXPECT_SHOULD_TIMEOUT)) { - lwsl_user("%s: got unexpected timeout\n", __func__); - - lws_unit_test_packet_dispose(priv, - LPE_FAILED_UNEXPECTED_TIMEOUT, NULL); - return LWSSEQ_RET_DESTROY; - } - goto done; - -done: - lws_seq_timeout_us(lws_seq_from_user(s), - LWSSEQTO_NONE); - priv->expect++; - if (!priv->expect->buffer) { - /* the sequence has completed */ - lwsl_user("%s: sequence completed OK\n", __func__); - - return LWSSEQ_RET_DESTROY; - } - break; - - default: - break; - } - - return LWSSEQ_RET_CONTINUE; -} - -static int -lws_atcut_close(lws_abs_transport_inst_t *ati) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)ati; - - lwsl_notice("%s\n", __func__); - - lws_seq_queue_event(priv->seq, UTSEQ_MSG_CLOSING, NULL, NULL); - - return 0; -} - -static int -lws_atcut_tx(lws_abs_transport_inst_t *ati, uint8_t *buf, size_t len) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)ati; - - assert(priv->disposition == LPE_CONTINUE); - - lwsl_info("%s: received tx\n", __func__); - - if (priv->expect->pre) - priv->expect->pre(priv->abs); - - if (!(priv->expect->flags & LWS_AUT_EXPECT_TX)) { - lwsl_notice("%s: unexpected tx\n", __func__); - lwsl_hexdump_notice(buf, len); - lws_unit_test_packet_dispose(priv, LPE_FAILED, "unexpected tx"); - - return 1; - } - - if (len != priv->expect->len) { - lwsl_notice("%s: unexpected tx len %zu, expected %zu\n", - __func__, len, priv->expect->len); - lws_unit_test_packet_dispose(priv, LPE_FAILED, - "tx len mismatch"); - - return 1; - } - - if (memcmp(buf, priv->expect->buffer, len)) { - lwsl_notice("%s: tx mismatch (exp / actual)\n", __func__); - lwsl_hexdump_debug(priv->expect->buffer, len); - lwsl_hexdump_debug(buf, len); - lws_unit_test_packet_dispose(priv, LPE_FAILED, - "tx data mismatch"); - - return 1; - } - - if (priv->expect->flags & LWS_AUT_EXPECT_TEST_END) { - lws_unit_test_packet_dispose(priv, LPE_SUCCEEDED, NULL); - - return 1; - } - - priv->expect++; - - lws_seq_queue_event(priv->seq, UTSEQ_MSG_POST_TX_KICK, NULL, NULL); - - return 0; -} - -#if !defined(LWS_WITHOUT_CLIENT) -static int -lws_atcut_client_conn(const lws_abs_t *abs) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)abs->ati; - const lws_token_map_t *tm; - - if (priv->established) { - lwsl_err("%s: already established\n", __func__); - return 1; - } - - /* set up the test start pieces... the array of test expects... */ - - tm = lws_abs_get_token(abs->at_tokens, LTMI_PEER_V_EXPECT_TEST); - if (!tm) { - lwsl_notice("%s: unit_test needs LTMI_PEER_V_EXPECT_TEST\n", - __func__); - - return 1; - } - priv->current_test = (lws_unit_test_t *)tm->u.value; - - /* ... and the callback to deliver the result to */ - tm = lws_abs_get_token(abs->at_tokens, LTMI_PEER_V_EXPECT_RESULT_CB); - if (tm) - priv->result_cb = (lws_unit_test_packet_test_cb)tm->u.value; - else - priv->result_cb = NULL; - - /* ... and the arg to deliver it with */ - tm = lws_abs_get_token(abs->at_tokens, - LTMI_PEER_V_EXPECT_RESULT_CB_ARG); - if (tm) - priv->result_cb_arg = tm->u.value; - - priv->expect = priv->current_test->expect_array; - priv->disposition = LPE_CONTINUE; - priv->note[0] = '\0'; - - lws_seq_timeout_us(priv->seq, priv->current_test->max_secs * - LWS_US_PER_SEC); - - lwsl_notice("%s: %s: test '%s': start\n", __func__, abs->ap->name, - priv->current_test->name); - - lws_seq_queue_event(priv->seq, UTSEQ_MSG_CONNECTING, NULL, NULL); - - return 0; -} -#endif - -static int -lws_atcut_ask_for_writeable(lws_abs_transport_inst_t *ati) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)ati; - - if (!priv->established) - return 1; - - /* - * Queue a writeable event... this won't be handled by teh sequencer - * until we have returned to the event loop, just like a real - * callback_on_writable() - */ - lws_seq_queue_event(priv->seq, UTSEQ_MSG_WRITEABLE, NULL, NULL); - - return 0; -} - -/* - * An abstract protocol + transport has been instantiated - */ - -static int -lws_atcut_create(lws_abs_t *ai) -{ - abs_unit_test_priv_t *priv; - lws_seq_t *seq; - lws_seq_info_t i; - seq_priv_t *s; - - memset(&i, 0, sizeof(i)); - i.context = ai->vh->context; - i.user_size = sizeof(*s); - i.puser = (void **)&s; - i.cb = unit_test_sequencer_cb; - i.name = "unit-test-seq"; - - /* - * Create the sequencer for the steps in a single unit test - */ - - seq = lws_seq_create(&i); - if (!seq) { - lwsl_err("%s: unable to create sequencer\n", __func__); - - return 1; - } - - priv = ai->ati; - memset(s, 0, sizeof(*s)); - memset(priv, 0, sizeof(*priv)); - - /* the sequencer priv just points to the lws_abs_t */ - s->ai = ai; - priv->abs = ai; - priv->seq = seq; - - return 0; -} - -static void -lws_atcut_destroy(lws_abs_transport_inst_t **pati) -{ - /* - * We don't free anything because the abstract layer combined our - * allocation with that of the instance, and it will free the whole - * thing after this. - */ - *pati = NULL; -} - -static int -lws_atcut_set_timeout(lws_abs_transport_inst_t *ati, int reason, int secs) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)ati; - time_t now; - - time(&now); - - if (secs) - priv->timeout = now + secs; - else - priv->timeout = 0; - - return 0; -} - -static int -lws_atcut_state(lws_abs_transport_inst_t *ati) -{ - abs_unit_test_priv_t *priv = (abs_unit_test_priv_t *)ati; - - if (!priv || (!priv->established && !priv->connecting)) - return 0; - - return 1; -} - -static const char *dnames[] = { - "INCOMPLETE", - "PASS", - "FAIL", - "FAIL(TIMEOUT)", - "FAIL(UNEXPECTED PASS)", - "FAIL(UNEXPECTED CLOSE)", - "SKIPPED" - "?", - "?" -}; - - -const char * -lws_unit_test_result_name(int in) -{ - if (in < 0 || in > (int)LWS_ARRAY_SIZE(dnames)) - return "unknown"; - - return dnames[in]; -} - -const lws_abs_transport_t lws_abs_transport_cli_unit_test = { - .name = "unit_test", - .alloc = sizeof(abs_unit_test_priv_t), - - .create = lws_atcut_create, - .destroy = lws_atcut_destroy, - - .tx = lws_atcut_tx, -#if defined(LWS_WITHOUT_CLIENT) - .client_conn = NULL, -#else - .client_conn = lws_atcut_client_conn, -#endif - .close = lws_atcut_close, - .ask_for_writeable = lws_atcut_ask_for_writeable, - .set_timeout = lws_atcut_set_timeout, - .state = lws_atcut_state, -}; diff --git a/lib/alloc.c b/lib/alloc.c new file mode 100644 index 0000000..34e7a8a --- /dev/null +++ b/lib/alloc.c @@ -0,0 +1,83 @@ +#include "private-libwebsockets.h" + +#if defined(LWS_PLAT_OPTEE) + +#define TEE_USER_MEM_HINT_NO_FILL_ZERO 0x80000000 + +void *__attribute__((weak)) + TEE_Malloc(uint32_t size, uint32_t hint) +{ + return NULL; +} +void *__attribute__((weak)) + TEE_Realloc(void *buffer, uint32_t newSize) +{ + return NULL; +} +void __attribute__((weak)) + TEE_Free(void *buffer) +{ +} + +void *lws_realloc(void *ptr, size_t size) +{ + return TEE_Realloc(ptr, size); +} + +void *lws_malloc(size_t size) +{ + return TEE_Malloc(size, TEE_USER_MEM_HINT_NO_FILL_ZERO); +} + +void lws_free(void *p) +{ + TEE_Free(p); +} + +void *lws_zalloc(size_t size) +{ + void *ptr = TEE_Malloc(size, TEE_USER_MEM_HINT_NO_FILL_ZERO); + if (ptr) + memset(ptr, 0, size); + return ptr; +} + +void lws_set_allocator(void *(*cb)(void *ptr, size_t size)) +{ + (void)cb; +} +#else + +static void *_realloc(void *ptr, size_t size) +{ + if (size) +#if defined(LWS_PLAT_OPTEE) + return (void *)TEE_Realloc(ptr, size); +#else + return (void *)realloc(ptr, size); +#endif + else if (ptr) + free(ptr); + return NULL; +} + +void *(*_lws_realloc)(void *ptr, size_t size) = _realloc; + +void *lws_realloc(void *ptr, size_t size) +{ + return _lws_realloc(ptr, size); +} + +void *lws_zalloc(size_t size) +{ + void *ptr = _lws_realloc(NULL, size); + if (ptr) + memset(ptr, 0, size); + return ptr; +} + +void lws_set_allocator(void *(*cb)(void *ptr, size_t size)) +{ + _lws_realloc = cb; +} +#endif diff --git a/lib/misc/base64-decode.c b/lib/base64-decode.c similarity index 80% rename from lib/misc/base64-decode.c rename to lib/base64-decode.c index b46a942..c8f11d2 100644 --- a/lib/misc/base64-decode.c +++ b/lib/base64-decode.c @@ -40,26 +40,24 @@ #include #include -#include "core/private.h" +#include "private-libwebsockets.h" -static const char encode_orig[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +static const char encode[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char encode_url[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz0123456789-_"; static const char decode[] = "|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW" "$$$$$$XYZ[\\]^_`abcdefghijklmnopq"; -static int -_lws_b64_encode_string(const char *encode, const char *in, int in_len, - char *out, int out_size) +LWS_VISIBLE int +lws_b64_encode_string(const char *in, int in_len, char *out, int out_size) { unsigned char triple[3]; int i; + int len; int line = 0; int done = 0; while (in_len) { - int len = 0; + len = 0; for (i = 0; i < 3; i++) { if (in_len) { triple[i] = *in++; @@ -91,47 +89,26 @@ _lws_b64_encode_string(const char *encode, const char *in, int in_len, return done; } -LWS_VISIBLE int -lws_b64_encode_string(const char *in, int in_len, char *out, int out_size) -{ - return _lws_b64_encode_string(encode_orig, in, in_len, out, out_size); -} - -LWS_VISIBLE int -lws_b64_encode_string_url(const char *in, int in_len, char *out, int out_size) -{ - return _lws_b64_encode_string(encode_url, in, in_len, out, out_size); -} - /* * returns length of decoded string in out, or -1 if out was too small * according to out_size - * - * Only reads up to in_len chars, otherwise if in_len is -1 on entry reads until - * the first NUL in the input. */ -static int -_lws_b64_decode_string(const char *in, int in_len, char *out, int out_size) +LWS_VISIBLE int +lws_b64_decode_string(const char *in, char *out, int out_size) { int len, i, c = 0, done = 0; unsigned char v, quad[4]; - while (in_len && *in) { + while (*in) { len = 0; - for (i = 0; i < 4 && in_len && *in; i++) { + for (i = 0; i < 4 && *in; i++) { v = 0; c = 0; - while (in_len && *in && !v) { + while (*in && !v) { c = v = *in++; - in_len--; - /* support the url base64 variant too */ - if (v == '-') - c = v = '+'; - if (v == '_') - c = v = '/'; v = (v < 43 || v > 122) ? 0 : decode[v - 43]; if (v) v = (v == '$') ? 0 : v - 61; @@ -144,7 +121,7 @@ _lws_b64_decode_string(const char *in, int in_len, char *out, int out_size) quad[i] = 0; } - if (out_size < (done + len + 1)) + if (out_size < (done + len - 1)) /* out buffer is too small */ return -1; @@ -154,7 +131,7 @@ _lws_b64_decode_string(const char *in, int in_len, char *out, int out_size) * bytes." (wikipedia) */ - if ((!in_len || !*in) && c == '=') + if (!*in && c == '=') len--; if (len >= 2) @@ -175,18 +152,6 @@ _lws_b64_decode_string(const char *in, int in_len, char *out, int out_size) return done; } -LWS_VISIBLE int -lws_b64_decode_string(const char *in, char *out, int out_size) -{ - return _lws_b64_decode_string(in, -1, out, out_size); -} - -LWS_VISIBLE int -lws_b64_decode_string_len(const char *in, int in_len, char *out, int out_size) -{ - return _lws_b64_decode_string(in, in_len, out, out_size); -} - #if 0 int lws_b64_selftest(void) diff --git a/lib/client-handshake.c b/lib/client-handshake.c new file mode 100644 index 0000000..6ae27d2 --- /dev/null +++ b/lib/client-handshake.c @@ -0,0 +1,1045 @@ +#include "private-libwebsockets.h" + +static int +lws_getaddrinfo46(struct lws *wsi, const char *ads, struct addrinfo **result) +{ + struct addrinfo hints; + + memset(&hints, 0, sizeof(hints)); + *result = NULL; + +#ifdef LWS_USE_IPV6 + if (wsi->ipv6) { + +#if !defined(__ANDROID__) + hints.ai_family = AF_INET6; + hints.ai_flags = AI_V4MAPPED; +#endif + } else +#endif + { + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_CANONNAME; + } + + return getaddrinfo(ads, NULL, &hints, result); +} + +struct lws * +lws_client_connect_2(struct lws *wsi) +{ + sockaddr46 sa46; + struct addrinfo *result; + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct lws_pollfd pfd; + const char *cce = "", *iface; + int n, plen = 0, port; + const char *ads; +#ifdef LWS_USE_IPV6 + char ipv6only = lws_check_opt(wsi->vhost->options, + LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY | + LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE); + +#if defined(__ANDROID__) + ipv6only = 0; +#endif +#endif + + lwsl_client("%s\n", __func__); + + if (!wsi->u.hdr.ah) { + cce = "ah was NULL at cc2"; + lwsl_err("%s\n", cce); + goto oom4; + } + + /* + * start off allowing ipv6 on connection if vhost allows it + */ + wsi->ipv6 = LWS_IPV6_ENABLED(wsi->vhost); + + /* Decide what it is we need to connect to: + * + * Priority 1: connect to http proxy */ + + if (wsi->vhost->http_proxy_port) { + plen = sprintf((char *)pt->serv_buf, + "CONNECT %s:%u HTTP/1.0\x0d\x0a" + "User-agent: libwebsockets\x0d\x0a", + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS), + wsi->c_port); + + if (wsi->vhost->proxy_basic_auth_token[0]) + plen += sprintf((char *)pt->serv_buf + plen, + "Proxy-authorization: basic %s\x0d\x0a", + wsi->vhost->proxy_basic_auth_token); + + plen += sprintf((char *)pt->serv_buf + plen, "\x0d\x0a"); + ads = wsi->vhost->http_proxy_address; + port = wsi->vhost->http_proxy_port; + +#if defined(LWS_WITH_SOCKS5) + + /* Priority 2: Connect to SOCK5 Proxy */ + + } else if (wsi->vhost->socks_proxy_port) { + socks_generate_msg(wsi, SOCKS_MSG_GREETING, (size_t *)&plen); + lwsl_client("%s\n", "Sending SOCKS Greeting."); + + ads = wsi->vhost->socks_proxy_address; + port = wsi->vhost->socks_proxy_port; +#endif + } else { + + /* Priority 3: Connect directly */ + + ads = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); + port = wsi->c_port; + } + + /* + * prepare the actual connection + * to whatever we decided to connect to + */ + + lwsl_notice("%s: %p: address %s\n", __func__, wsi, ads); + + n = lws_getaddrinfo46(wsi, ads, &result); + +#ifdef LWS_USE_IPV6 + if (wsi->ipv6) { + + if (n) { + /* lws_getaddrinfo46 failed, there is no usable result */ + lwsl_notice("%s: lws_getaddrinfo46 failed %d\n", + __func__, n); + cce = "ipv6 lws_getaddrinfo46 failed"; + goto oom4; + } + + memset(&sa46, 0, sizeof(sa46)); + + sa46.sa6.sin6_family = AF_INET6; + switch (result->ai_family) { + case AF_INET: + if (ipv6only) + break; + /* map IPv4 to IPv6 */ + bzero((char *)&sa46.sa6.sin6_addr, + sizeof(sa46.sa6.sin6_addr)); + sa46.sa6.sin6_addr.s6_addr[10] = 0xff; + sa46.sa6.sin6_addr.s6_addr[11] = 0xff; + memcpy(&sa46.sa6.sin6_addr.s6_addr[12], + &((struct sockaddr_in *)result->ai_addr)->sin_addr, + sizeof(struct in_addr)); + lwsl_notice("uplevelling AF_INET to AF_INET6\n"); + break; + + case AF_INET6: + memcpy(&sa46.sa6.sin6_addr, + &((struct sockaddr_in6 *)result->ai_addr)->sin6_addr, + sizeof(struct in6_addr)); + sa46.sa6.sin6_scope_id = ((struct sockaddr_in6 *)result->ai_addr)->sin6_scope_id; + sa46.sa6.sin6_flowinfo = ((struct sockaddr_in6 *)result->ai_addr)->sin6_flowinfo; + break; + default: + lwsl_err("Unknown address family\n"); + freeaddrinfo(result); + cce = "unknown address family"; + goto oom4; + } + } else +#endif /* use ipv6 */ + + /* use ipv4 */ + { + void *p = NULL; + + if (!n) { + struct addrinfo *res = result; + + /* pick the first AF_INET (IPv4) result */ + + while (!p && res) { + switch (res->ai_family) { + case AF_INET: + p = &((struct sockaddr_in *)res->ai_addr)->sin_addr; + break; + } + + res = res->ai_next; + } +#if defined(LWS_FALLBACK_GETHOSTBYNAME) + } else if (n == EAI_SYSTEM) { + struct hostent *host; + + lwsl_info("getaddrinfo (ipv4) failed, trying gethostbyname\n"); + host = gethostbyname(ads); + if (host) { + p = host->h_addr; + } else { + lwsl_err("gethostbyname failed\n"); + cce = "gethostbyname (ipv4) failed"; + goto oom4; + } +#endif + } else { + lwsl_err("getaddrinfo failed\n"); + cce = "getaddrinfo failed"; + goto oom4; + } + + if (!p) { + if (result) + freeaddrinfo(result); + lwsl_err("Couldn't identify address\n"); + cce = "unable to lookup address"; + goto oom4; + } + + sa46.sa4.sin_family = AF_INET; + sa46.sa4.sin_addr = *((struct in_addr *)p); + bzero(&sa46.sa4.sin_zero, 8); + } + + if (result) + freeaddrinfo(result); + + /* now we decided on ipv4 or ipv6, set the port */ + + if (!lws_socket_is_valid(wsi->desc.sockfd)) { + +#if defined(LWS_USE_LIBUV) + if (LWS_LIBUV_ENABLED(context)) + if (lws_libuv_check_watcher_active(wsi)) { + lwsl_warn("Waiting for libuv watcher to close\n"); + cce = "waiting for libuv watcher to close"; + goto oom4; + } +#endif + +#ifdef LWS_USE_IPV6 + if (wsi->ipv6) + wsi->desc.sockfd = socket(AF_INET6, SOCK_STREAM, 0); + else +#endif + wsi->desc.sockfd = socket(AF_INET, SOCK_STREAM, 0); + + if (!lws_socket_is_valid(wsi->desc.sockfd)) { + lwsl_warn("Unable to open socket\n"); + cce = "unable to open socket"; + goto oom4; + } + + if (lws_plat_set_socket_options(wsi->vhost, wsi->desc.sockfd)) { + lwsl_err("Failed to set wsi socket options\n"); + compatible_close(wsi->desc.sockfd); + cce = "set socket opts failed"; + goto oom4; + } + + wsi->mode = LWSCM_WSCL_WAITING_CONNECT; + + lws_libev_accept(wsi, wsi->desc); + lws_libuv_accept(wsi, wsi->desc); + lws_libevent_accept(wsi, wsi->desc); + + if (insert_wsi_socket_into_fds(context, wsi)) { + compatible_close(wsi->desc.sockfd); + cce = "insert wsi failed"; + goto oom4; + } + + lws_change_pollfd(wsi, 0, LWS_POLLIN); + + /* + * past here, we can't simply free the structs as error + * handling as oom4 does. We have to run the whole close flow. + */ + + if (!wsi->protocol) + wsi->protocol = &wsi->vhost->protocols[0]; + + wsi->protocol->callback(wsi, LWS_CALLBACK_WSI_CREATE, + wsi->user_space, NULL, 0); + + lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CONNECT_RESPONSE, + AWAITING_TIMEOUT); + + iface = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_IFACE); + + if (iface) { + n = lws_socket_bind(wsi->vhost, wsi->desc.sockfd, 0, iface); + if (n < 0) { + cce = "unable to bind socket"; + goto failed; + } + } + } + +#ifdef LWS_USE_IPV6 + if (wsi->ipv6) { + sa46.sa6.sin6_port = htons(port); + n = sizeof(struct sockaddr_in6); + } else +#endif + { + sa46.sa4.sin_port = htons(port); + n = sizeof(struct sockaddr); + } + + if (connect(wsi->desc.sockfd, (const struct sockaddr *)&sa46, n) == -1 || + LWS_ERRNO == LWS_EISCONN) { + if (LWS_ERRNO == LWS_EALREADY || + LWS_ERRNO == LWS_EINPROGRESS || + LWS_ERRNO == LWS_EWOULDBLOCK +#ifdef _WIN32 + || LWS_ERRNO == WSAEINVAL +#endif + ) { + lwsl_client("nonblocking connect retry (errno = %d)\n", + LWS_ERRNO); + + if (lws_plat_check_connection_error(wsi)) { + cce = "socket connect failed"; + goto failed; + } + + /* + * must do specifically a POLLOUT poll to hear + * about the connect completion + */ + if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { + cce = "POLLOUT set failed"; + goto failed; + } + + return wsi; + } + + if (LWS_ERRNO != LWS_EISCONN) { + lwsl_notice("Connect failed errno=%d\n", LWS_ERRNO); + cce = "connect failed"; + goto failed; + } + } + + lwsl_client("connected\n"); + + /* we are connected to server, or proxy */ + + /* http proxy */ + if (wsi->vhost->http_proxy_port) { + + /* + * OK from now on we talk via the proxy, so connect to that + * + * (will overwrite existing pointer, + * leaving old string/frag there but unreferenced) + */ + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, + wsi->vhost->http_proxy_address)) + goto failed; + wsi->c_port = wsi->vhost->http_proxy_port; + + n = send(wsi->desc.sockfd, (char *)pt->serv_buf, plen, + MSG_NOSIGNAL); + if (n < 0) { + lwsl_debug("ERROR writing to proxy socket\n"); + cce = "proxy write failed"; + goto failed; + } + + lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_PROXY_RESPONSE, + AWAITING_TIMEOUT); + + wsi->mode = LWSCM_WSCL_WAITING_PROXY_REPLY; + + return wsi; + } +#if defined(LWS_WITH_SOCKS5) + /* socks proxy */ + else if (wsi->vhost->socks_proxy_port) { + n = send(wsi->desc.sockfd, (char *)pt->serv_buf, plen, + MSG_NOSIGNAL); + if (n < 0) { + lwsl_debug("ERROR writing greeting to socks proxy" + "socket.\n"); + cce = "socks write failed"; + goto failed; + } + + lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SOCKS_GREETING_REPLY, + AWAITING_TIMEOUT); + + wsi->mode = LWSCM_WSCL_WAITING_SOCKS_GREETING_REPLY; + + return wsi; + } +#endif + + /* + * provoke service to issue the handshake directly + * we need to do it this way because in the proxy case, this is the + * next state and executed only if and when we get a good proxy + * response inside the state machine... but notice in SSL case this + * may not have sent anything yet with 0 return, and won't until some + * many retries from main loop. To stop that becoming endless, + * cover with a timeout. + */ + + lws_set_timeout(wsi, PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE, + AWAITING_TIMEOUT); + + wsi->mode = LWSCM_WSCL_ISSUE_HANDSHAKE; + pfd.fd = wsi->desc.sockfd; + pfd.events = LWS_POLLIN; + pfd.revents = LWS_POLLIN; + + n = lws_service_fd(context, &pfd); + if (n < 0) { + cce = "first service failed"; + goto failed; + } + if (n) /* returns 1 on failure after closing wsi */ + return NULL; + + return wsi; + +oom4: + /* we're closing, losing some rx is OK */ + lws_header_table_force_to_detachable_state(wsi); + + if (wsi->mode == LWSCM_HTTP_CLIENT || + wsi->mode == LWSCM_HTTP_CLIENT_ACCEPTED || + wsi->mode == LWSCM_WSCL_WAITING_CONNECT) { + wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, (void *)cce, strlen(cce)); + wsi->already_did_cce = 1; + } + /* take care that we might be inserted in fds already */ + if (wsi->position_in_fds_table != -1) + goto failed1; + lws_remove_from_timeout_list(wsi); + lws_header_table_detach(wsi, 0); + lws_free(wsi); + + return NULL; + +failed: + wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, (void *)cce, strlen(cce)); + wsi->already_did_cce = 1; +failed1: + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return NULL; +} + +/** + * lws_client_reset() - retarget a connected wsi to start over with a new connection (ie, redirect) + * this only works if still in HTTP, ie, not upgraded yet + * wsi: connection to reset + * address: network address of the new server + * port: port to connect to + * path: uri path to connect to on the new server + * host: host header to send to the new server + */ +LWS_VISIBLE struct lws * +lws_client_reset(struct lws **pwsi, int ssl, const char *address, int port, + const char *path, const char *host) +{ + char origin[300] = "", protocol[300] = "", method[32] = "", iface[16] = "", *p; + struct lws *wsi = *pwsi; + + if (wsi->redirects == 3) { + lwsl_err("%s: Too many redirects\n", __func__); + return NULL; + } + wsi->redirects++; + + p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN); + if (p) + strncpy(origin, p, sizeof(origin) - 1); + + p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); + if (p) + strncpy(protocol, p, sizeof(protocol) - 1); + + p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); + if (p) + strncpy(method, p, sizeof(method) - 1); + + p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_IFACE); + if (p) + strncpy(method, p, sizeof(iface) - 1); + + lwsl_notice("redirect ads='%s', port=%d, path='%s', ssl = %d\n", + address, port, path, ssl); + + /* close the connection by hand */ + +#ifdef LWS_OPENSSL_SUPPORT + lws_ssl_close(wsi); +#endif + +#ifdef LWS_USE_LIBUV + if (LWS_LIBUV_ENABLED(wsi->context)) { + lwsl_debug("%s: lws_libuv_closehandle: wsi %p\n", __func__, wsi); + /* + * libuv has to do his own close handle processing asynchronously + * but once it starts we can do everything else synchronously, + * including trash wsi->desc.sockfd since it took a copy. + * + * When it completes it will call compatible_close() + */ + lws_libuv_closehandle_manually(wsi); + } else +#else + compatible_close(wsi->desc.sockfd); +#endif + + remove_wsi_socket_from_fds(wsi); + +#ifdef LWS_OPENSSL_SUPPORT + wsi->use_ssl = ssl; +#else + if (ssl) { + lwsl_err("%s: not configured for ssl\n", __func__); + return NULL; + } +#endif + + wsi->desc.sockfd = LWS_SOCK_INVALID; + wsi->state = LWSS_CLIENT_UNCONNECTED; + wsi->protocol = NULL; + wsi->pending_timeout = NO_PENDING_TIMEOUT; + wsi->c_port = port; + wsi->hdr_parsing_completed = 0; + _lws_header_table_reset(wsi->u.hdr.ah); + + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, address)) + return NULL; + + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_HOST, host)) + return NULL; + + if (origin[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ORIGIN, + origin)) + return NULL; + if (protocol[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, + protocol)) + return NULL; + if (method[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_METHOD, + method)) + return NULL; + + if (iface[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_IFACE, + iface)) + return NULL; + + origin[0] = '/'; + strncpy(&origin[1], path, sizeof(origin) - 2); + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_URI, origin)) + return NULL; + + *pwsi = lws_client_connect_2(wsi); + + return *pwsi; +} + +#ifdef LWS_WITH_HTTP_PROXY +static hubbub_error +html_parser_cb(const hubbub_token *token, void *pw) +{ + struct lws_rewrite *r = (struct lws_rewrite *)pw; + char buf[1024], *start = buf + LWS_PRE, *p = start, + *end = &buf[sizeof(buf) - 1]; + size_t i; + + switch (token->type) { + case HUBBUB_TOKEN_DOCTYPE: + + p += lws_snprintf(p, end - p, "data.doctype.name.len, + token->data.doctype.name.ptr, + token->data.doctype.force_quirks ? + "(force-quirks) " : ""); + + if (token->data.doctype.public_missing) + lwsl_debug("\tpublic: missing\n"); + else + p += lws_snprintf(p, end - p, "PUBLIC \"%.*s\"\n", + (int) token->data.doctype.public_id.len, + token->data.doctype.public_id.ptr); + + if (token->data.doctype.system_missing) + lwsl_debug("\tsystem: missing\n"); + else + p += lws_snprintf(p, end - p, " \"%.*s\">\n", + (int) token->data.doctype.system_id.len, + token->data.doctype.system_id.ptr); + + break; + case HUBBUB_TOKEN_START_TAG: + p += lws_snprintf(p, end - p, "<%.*s", (int)token->data.tag.name.len, + token->data.tag.name.ptr); + +/* (token->data.tag.self_closing) ? + "(self-closing) " : "", + (token->data.tag.n_attributes > 0) ? + "attributes:" : ""); +*/ + for (i = 0; i < token->data.tag.n_attributes; i++) { + if (!hstrcmp(&token->data.tag.attributes[i].name, "href", 4) || + !hstrcmp(&token->data.tag.attributes[i].name, "action", 6) || + !hstrcmp(&token->data.tag.attributes[i].name, "src", 3)) { + const char *pp = (const char *)token->data.tag.attributes[i].value.ptr; + int plen = (int) token->data.tag.attributes[i].value.len; + + if (strncmp(pp, "http:", 5) && strncmp(pp, "https:", 6)) { + + if (!hstrcmp(&token->data.tag.attributes[i].value, + r->from, r->from_len)) { + pp += r->from_len; + plen -= r->from_len; + } + p += lws_snprintf(p, end - p, " %.*s=\"%s/%.*s\"", + (int) token->data.tag.attributes[i].name.len, + token->data.tag.attributes[i].name.ptr, + r->to, plen, pp); + continue; + } + } + + p += lws_snprintf(p, end - p, " %.*s=\"%.*s\"", + (int) token->data.tag.attributes[i].name.len, + token->data.tag.attributes[i].name.ptr, + (int) token->data.tag.attributes[i].value.len, + token->data.tag.attributes[i].value.ptr); + } + p += lws_snprintf(p, end - p, ">"); + break; + case HUBBUB_TOKEN_END_TAG: + p += lws_snprintf(p, end - p, "data.tag.name.len, + token->data.tag.name.ptr); +/* + (token->data.tag.self_closing) ? + "(self-closing) " : "", + (token->data.tag.n_attributes > 0) ? + "attributes:" : ""); +*/ + for (i = 0; i < token->data.tag.n_attributes; i++) { + p += lws_snprintf(p, end - p, " %.*s='%.*s'\n", + (int) token->data.tag.attributes[i].name.len, + token->data.tag.attributes[i].name.ptr, + (int) token->data.tag.attributes[i].value.len, + token->data.tag.attributes[i].value.ptr); + } + p += lws_snprintf(p, end - p, ">"); + break; + case HUBBUB_TOKEN_COMMENT: + p += lws_snprintf(p, end - p, "\n", + (int) token->data.comment.len, + token->data.comment.ptr); + break; + case HUBBUB_TOKEN_CHARACTER: + if (token->data.character.len == 1) { + if (*token->data.character.ptr == '<') { + p += lws_snprintf(p, end - p, "<"); + break; + } + if (*token->data.character.ptr == '>') { + p += lws_snprintf(p, end - p, ">"); + break; + } + if (*token->data.character.ptr == '&') { + p += lws_snprintf(p, end - p, "&"); + break; + } + } + + p += lws_snprintf(p, end - p, "%.*s", (int) token->data.character.len, + token->data.character.ptr); + break; + case HUBBUB_TOKEN_EOF: + p += lws_snprintf(p, end - p, "\n"); + break; + } + + if (user_callback_handle_rxflow(r->wsi->protocol->callback, + r->wsi, LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ, + r->wsi->user_space, start, p - start)) + return -1; + + return HUBBUB_OK; +} +#endif + +LWS_VISIBLE struct lws * +lws_client_connect_via_info(struct lws_client_connect_info *i) +{ + struct lws *wsi; + int v = SPEC_LATEST_SUPPORTED; + const struct lws_protocols *p; + + if (i->context->requested_kill) + return NULL; + + if (!i->context->protocol_init_done) + lws_protocol_init(i->context); + + wsi = lws_zalloc(sizeof(struct lws)); + if (wsi == NULL) + goto bail; + + wsi->context = i->context; + /* assert the mode and union status (hdr) clearly */ + lws_union_transition(wsi, LWSCM_HTTP_CLIENT); + wsi->desc.sockfd = LWS_SOCK_INVALID; + + /* 1) fill up the wsi with stuff from the connect_info as far as it + * can go. It's because not only is our connection async, we might + * not even be able to get ahold of an ah at this point. + */ + + /* -1 means just use latest supported */ + if (i->ietf_version_or_minus_one != -1 && i->ietf_version_or_minus_one) + v = i->ietf_version_or_minus_one; + + wsi->ietf_spec_revision = v; + wsi->user_space = NULL; + wsi->state = LWSS_CLIENT_UNCONNECTED; + wsi->pending_timeout = NO_PENDING_TIMEOUT; + wsi->position_in_fds_table = -1; + wsi->c_port = i->port; + wsi->vhost = i->vhost; + if (!wsi->vhost) + wsi->vhost = i->context->vhost_list; + + wsi->protocol = &wsi->vhost->protocols[0]; + + /* for http[s] connection, allow protocol selection by name */ + + if (i->method && i->vhost && i->protocol) { + p = lws_vhost_name_to_protocol(i->vhost, i->protocol); + if (p) + wsi->protocol = p; + } + + if (wsi && !wsi->user_space && i->userdata) { + wsi->user_space_externally_allocated = 1; + wsi->user_space = i->userdata; + } else + /* if we stay in http, we can assign the user space now, + * otherwise do it after the protocol negotiated + */ + if (i->method) + if (lws_ensure_user_space(wsi)) + goto bail; + +#ifdef LWS_OPENSSL_SUPPORT + wsi->use_ssl = i->ssl_connection; +#else + if (i->ssl_connection) { + lwsl_err("libwebsockets not configured for ssl\n"); + goto bail; + } +#endif + + /* 2) stash the things from connect_info that we can't process without + * an ah. Because if no ah, we will go on the ah waiting list and + * process those things later (after the connect_info and maybe the + * things pointed to have gone out of scope. + */ + + wsi->u.hdr.stash = lws_malloc(sizeof(*wsi->u.hdr.stash)); + if (!wsi->u.hdr.stash) { + lwsl_err("%s: OOM\n", __func__); + goto bail; + } + + wsi->u.hdr.stash->origin[0] = '\0'; + wsi->u.hdr.stash->protocol[0] = '\0'; + wsi->u.hdr.stash->method[0] = '\0'; + wsi->u.hdr.stash->iface[0] = '\0'; + + strncpy(wsi->u.hdr.stash->address, i->address, + sizeof(wsi->u.hdr.stash->address) - 1); + strncpy(wsi->u.hdr.stash->path, i->path, + sizeof(wsi->u.hdr.stash->path) - 1); + strncpy(wsi->u.hdr.stash->host, i->host, + sizeof(wsi->u.hdr.stash->host) - 1); + if (i->origin) + strncpy(wsi->u.hdr.stash->origin, i->origin, + sizeof(wsi->u.hdr.stash->origin) - 1); + if (i->protocol) + strncpy(wsi->u.hdr.stash->protocol, i->protocol, + sizeof(wsi->u.hdr.stash->protocol) - 1); + if (i->method) + strncpy(wsi->u.hdr.stash->method, i->method, + sizeof(wsi->u.hdr.stash->method) - 1); + if (i->iface) + strncpy(wsi->u.hdr.stash->iface, i->iface, + sizeof(wsi->u.hdr.stash->iface) - 1); + + wsi->u.hdr.stash->address[sizeof(wsi->u.hdr.stash->address) - 1] = '\0'; + wsi->u.hdr.stash->path[sizeof(wsi->u.hdr.stash->path) - 1] = '\0'; + wsi->u.hdr.stash->host[sizeof(wsi->u.hdr.stash->host) - 1] = '\0'; + wsi->u.hdr.stash->origin[sizeof(wsi->u.hdr.stash->origin) - 1] = '\0'; + wsi->u.hdr.stash->protocol[sizeof(wsi->u.hdr.stash->protocol) - 1] = '\0'; + wsi->u.hdr.stash->method[sizeof(wsi->u.hdr.stash->method) - 1] = '\0'; + wsi->u.hdr.stash->iface[sizeof(wsi->u.hdr.stash->iface) - 1] = '\0'; + + if (i->pwsi) + *i->pwsi = wsi; + + /* if we went on the waiting list, no probs just return the wsi + * when we get the ah, now or later, he will call + * lws_client_connect_via_info2() below. + */ + if (lws_header_table_attach(wsi, 0) < 0) { + /* + * if we failed here, the connection is already closed + * and freed. + */ + goto bail1; + } + + if (i->parent_wsi) { + lwsl_info("%s: created child %p of parent %p\n", __func__, + wsi, i->parent_wsi); + wsi->parent = i->parent_wsi; + wsi->sibling_list = i->parent_wsi->child_list; + i->parent_wsi->child_list = wsi; + } +#ifdef LWS_WITH_HTTP_PROXY + if (i->uri_replace_to) + wsi->rw = lws_rewrite_create(wsi, html_parser_cb, + i->uri_replace_from, + i->uri_replace_to); +#endif + + return wsi; + +bail: + lws_free(wsi); + +bail1: + if (i->pwsi) + *i->pwsi = NULL; + + return NULL; +} + +struct lws * +lws_client_connect_via_info2(struct lws *wsi) +{ + struct client_info_stash *stash = wsi->u.hdr.stash; + + if (!stash) + return wsi; + + /* + * we're not necessarily in a position to action these right away, + * stash them... we only need during connect phase so u.hdr is fine + */ + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, + stash->address)) + goto bail1; + + /* these only need u.hdr lifetime as well */ + + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_URI, stash->path)) + goto bail1; + + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_HOST, stash->host)) + goto bail1; + + if (stash->origin[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ORIGIN, + stash->origin)) + goto bail1; + /* + * this is a list of protocols we tell the server we're okay with + * stash it for later when we compare server response with it + */ + if (stash->protocol[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, + stash->protocol)) + goto bail1; + if (stash->method[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_METHOD, + stash->method)) + goto bail1; + if (stash->iface[0]) + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_IFACE, + stash->iface)) + goto bail1; + +#if defined(LWS_WITH_SOCKS5) + if (!wsi->vhost->socks_proxy_port) + lws_free_set_NULL(wsi->u.hdr.stash); +#endif + + /* + * Check with each extension if it is able to route and proxy this + * connection for us. For example, an extension like x-google-mux + * can handle this and then we don't need an actual socket for this + * connection. + */ + + if (lws_ext_cb_all_exts(wsi->context, wsi, + LWS_EXT_CB_CAN_PROXY_CLIENT_CONNECTION, + (void *)stash->address, + wsi->c_port) > 0) { + lwsl_client("lws_client_connect: ext handling conn\n"); + + lws_set_timeout(wsi, + PENDING_TIMEOUT_AWAITING_EXTENSION_CONNECT_RESPONSE, + AWAITING_TIMEOUT); + + wsi->mode = LWSCM_WSCL_WAITING_EXTENSION_CONNECT; + return wsi; + } + lwsl_client("lws_client_connect: direct conn\n"); + wsi->context->count_wsi_allocated++; + + return lws_client_connect_2(wsi); + +bail1: +#if defined(LWS_WITH_SOCKS5) + if (!wsi->vhost->socks_proxy_port) + lws_free_set_NULL(wsi->u.hdr.stash); +#endif + + return NULL; +} + +LWS_VISIBLE struct lws * +lws_client_connect_extended(struct lws_context *context, const char *address, + int port, int ssl_connection, const char *path, + const char *host, const char *origin, + const char *protocol, int ietf_version_or_minus_one, + void *userdata) +{ + struct lws_client_connect_info i; + + memset(&i, 0, sizeof(i)); + + i.context = context; + i.address = address; + i.port = port; + i.ssl_connection = ssl_connection; + i.path = path; + i.host = host; + i.origin = origin; + i.protocol = protocol; + i.ietf_version_or_minus_one = ietf_version_or_minus_one; + i.userdata = userdata; + + return lws_client_connect_via_info(&i); +} + +LWS_VISIBLE struct lws * +lws_client_connect(struct lws_context *context, const char *address, + int port, int ssl_connection, const char *path, + const char *host, const char *origin, + const char *protocol, int ietf_version_or_minus_one) +{ + struct lws_client_connect_info i; + + memset(&i, 0, sizeof(i)); + + i.context = context; + i.address = address; + i.port = port; + i.ssl_connection = ssl_connection; + i.path = path; + i.host = host; + i.origin = origin; + i.protocol = protocol; + i.ietf_version_or_minus_one = ietf_version_or_minus_one; + i.userdata = NULL; + + return lws_client_connect_via_info(&i); +} + +#if defined(LWS_WITH_SOCKS5) +void socks_generate_msg(struct lws *wsi, enum socks_msg_type type, + size_t *msg_len) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + size_t len = 0; + + if (type == SOCKS_MSG_GREETING) { + /* socks version, version 5 only */ + pt->serv_buf[len++] = SOCKS_VERSION_5; + /* number of methods */ + pt->serv_buf[len++] = 2; + /* username password method */ + pt->serv_buf[len++] = SOCKS_AUTH_USERNAME_PASSWORD; + /* no authentication method */ + pt->serv_buf[len++] = SOCKS_AUTH_NO_AUTH; + } + else if (type == SOCKS_MSG_USERNAME_PASSWORD) { + size_t user_len = 0; + size_t passwd_len = 0; + + user_len = strlen(wsi->vhost->socks_user); + passwd_len = strlen(wsi->vhost->socks_password); + + /* the subnegotiation version */ + pt->serv_buf[len++] = SOCKS_SUBNEGOTIATION_VERSION_1; + /* length of the user name */ + pt->serv_buf[len++] = user_len; + /* user name */ + strncpy((char *)&pt->serv_buf[len], wsi->vhost->socks_user, + context->pt_serv_buf_size - len); + len += user_len; + /* length of the password */ + pt->serv_buf[len++] = passwd_len; + /* password */ + strncpy((char *)&pt->serv_buf[len], wsi->vhost->socks_password, + context->pt_serv_buf_size - len); + len += passwd_len; + } + else if (type == SOCKS_MSG_CONNECT) { + size_t len_index = 0; + short net_num = 0; + char *net_buf = (char*)&net_num; + + /* socks version */ + pt->serv_buf[len++] = SOCKS_VERSION_5; + /* socks command */ + pt->serv_buf[len++] = SOCKS_COMMAND_CONNECT; + /* reserved */ + pt->serv_buf[len++] = 0; + /* address type */ + pt->serv_buf[len++] = SOCKS_ATYP_DOMAINNAME; + len_index = len; + len++; + /* the address we tell SOCKS proxy to connect to */ + strncpy((char *)&(pt->serv_buf[len]), wsi->u.hdr.stash->address, + context->pt_serv_buf_size - len); + len += strlen(wsi->u.hdr.stash->address); + net_num = htons((short)wsi->c_port); + /* the port we tell SOCKS proxy to connect to */ + pt->serv_buf[len++] = net_buf[0]; + pt->serv_buf[len++] = net_buf[1]; + /* the length of the address, excluding port */ + pt->serv_buf[len_index] = strlen(wsi->u.hdr.stash->address); + } + + *msg_len = len; +} +#endif diff --git a/lib/client-parser.c b/lib/client-parser.c new file mode 100644 index 0000000..f99592e --- /dev/null +++ b/lib/client-parser.c @@ -0,0 +1,589 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +/* + * parsers.c: lws_rx_sm() needs to be roughly kept in + * sync with changes here, esp related to ext draining + */ + +int lws_client_rx_sm(struct lws *wsi, unsigned char c) +{ + int callback_action = LWS_CALLBACK_CLIENT_RECEIVE; + int handled, n, m, rx_draining_ext = 0; + unsigned short close_code; + struct lws_tokens eff_buf; + unsigned char *pp; + + if (wsi->u.ws.rx_draining_ext) { + assert(!c); + eff_buf.token = NULL; + eff_buf.token_len = 0; + lws_remove_wsi_from_draining_ext_list(wsi); + rx_draining_ext = 1; + lwsl_debug("%s: doing draining flow\n", __func__); + + goto drain_extension; + } + + if (wsi->socket_is_permanently_unusable) + return -1; + + switch (wsi->lws_rx_parse_state) { + case LWS_RXPS_NEW: + /* control frames (PING) may interrupt checkable sequences */ + wsi->u.ws.defeat_check_utf8 = 0; + + switch (wsi->ietf_spec_revision) { + case 13: + wsi->u.ws.opcode = c & 0xf; + /* revisit if an extension wants them... */ + switch (wsi->u.ws.opcode) { + case LWSWSOPC_TEXT_FRAME: + wsi->u.ws.rsv_first_msg = (c & 0x70); + wsi->u.ws.continuation_possible = 1; + wsi->u.ws.check_utf8 = lws_check_opt( + wsi->context->options, + LWS_SERVER_OPTION_VALIDATE_UTF8); + wsi->u.ws.utf8 = 0; + break; + case LWSWSOPC_BINARY_FRAME: + wsi->u.ws.rsv_first_msg = (c & 0x70); + wsi->u.ws.check_utf8 = 0; + wsi->u.ws.continuation_possible = 1; + break; + case LWSWSOPC_CONTINUATION: + if (!wsi->u.ws.continuation_possible) { + lwsl_info("disordered continuation\n"); + return -1; + } + break; + case LWSWSOPC_CLOSE: + wsi->u.ws.check_utf8 = 0; + wsi->u.ws.utf8 = 0; + break; + case 3: + case 4: + case 5: + case 6: + case 7: + case 0xb: + case 0xc: + case 0xd: + case 0xe: + case 0xf: + lwsl_info("illegal opcode\n"); + return -1; + default: + wsi->u.ws.defeat_check_utf8 = 1; + break; + } + wsi->u.ws.rsv = (c & 0x70); + /* revisit if an extension wants them... */ + if ( +#ifndef LWS_NO_EXTENSIONS + !wsi->count_act_ext && +#endif + wsi->u.ws.rsv) { + lwsl_info("illegal rsv bits set\n"); + return -1; + } + wsi->u.ws.final = !!((c >> 7) & 1); + lwsl_ext("%s: This RX frame Final %d\n", __func__, wsi->u.ws.final); + + if (wsi->u.ws.owed_a_fin && + (wsi->u.ws.opcode == LWSWSOPC_TEXT_FRAME || + wsi->u.ws.opcode == LWSWSOPC_BINARY_FRAME)) { + lwsl_info("hey you owed us a FIN\n"); + return -1; + } + if ((!(wsi->u.ws.opcode & 8)) && wsi->u.ws.final) { + wsi->u.ws.continuation_possible = 0; + wsi->u.ws.owed_a_fin = 0; + } + + if ((wsi->u.ws.opcode & 8) && !wsi->u.ws.final) { + lwsl_info("control message cannot be fragmented\n"); + return -1; + } + if (!wsi->u.ws.final) + wsi->u.ws.owed_a_fin = 1; + + switch (wsi->u.ws.opcode) { + case LWSWSOPC_TEXT_FRAME: + case LWSWSOPC_BINARY_FRAME: + wsi->u.ws.frame_is_binary = wsi->u.ws.opcode == + LWSWSOPC_BINARY_FRAME; + break; + } + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; + break; + + default: + lwsl_err("unknown spec version %02d\n", + wsi->ietf_spec_revision); + break; + } + break; + + case LWS_RXPS_04_FRAME_HDR_LEN: + + wsi->u.ws.this_frame_masked = !!(c & 0x80); + + switch (c & 0x7f) { + case 126: + /* control frames are not allowed to have big lengths */ + if (wsi->u.ws.opcode & 8) + goto illegal_ctl_length; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; + break; + case 127: + /* control frames are not allowed to have big lengths */ + if (wsi->u.ws.opcode & 8) + goto illegal_ctl_length; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; + break; + default: + wsi->u.ws.rx_packet_length = c; + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = + LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else { + if (c) + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + else { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + } + break; + } + break; + + case LWS_RXPS_04_FRAME_HDR_LEN16_2: + wsi->u.ws.rx_packet_length = c << 8; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN16_1: + wsi->u.ws.rx_packet_length |= c; + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else { + if (wsi->u.ws.rx_packet_length) + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + else { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + } + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_8: + if (c & 0x80) { + lwsl_warn("b63 of length must be zero\n"); + /* kill the connection */ + return -1; + } +#if defined __LP64__ + wsi->u.ws.rx_packet_length = ((size_t)c) << 56; +#else + wsi->u.ws.rx_packet_length = 0; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_7: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 48; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_6: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 40; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_5: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 32; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_4: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 24; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_3: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 16; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_2: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 8; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_1: + wsi->u.ws.rx_packet_length |= (size_t)c; + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = + LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else { + if (wsi->u.ws.rx_packet_length) + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + else { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + } + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_1: + wsi->u.ws.mask[0] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_2: + wsi->u.ws.mask[1] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_3: + wsi->u.ws.mask[2] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_4: + wsi->u.ws.mask[3] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + + if (wsi->u.ws.rx_packet_length) + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + else { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + break; + + case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED: + + assert(wsi->u.ws.rx_ubuf); + + if (wsi->u.ws.rx_draining_ext) + goto drain_extension; + + if (wsi->u.ws.this_frame_masked && !wsi->u.ws.all_zero_nonce) + c ^= wsi->u.ws.mask[(wsi->u.ws.mask_idx++) & 3]; + + wsi->u.ws.rx_ubuf[LWS_PRE + (wsi->u.ws.rx_ubuf_head++)] = c; + + if (--wsi->u.ws.rx_packet_length == 0) { + /* spill because we have the whole frame */ + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + + /* + * if there's no protocol max frame size given, we are + * supposed to default to context->pt_serv_buf_size + */ + if (!wsi->protocol->rx_buffer_size && + wsi->u.ws.rx_ubuf_head != wsi->context->pt_serv_buf_size) + break; + + if (wsi->protocol->rx_buffer_size && + wsi->u.ws.rx_ubuf_head != wsi->protocol->rx_buffer_size) + break; + + /* spill because we filled our rx buffer */ +spill: + + handled = 0; + + /* + * is this frame a control packet we should take care of at this + * layer? If so service it and hide it from the user callback + */ + + switch (wsi->u.ws.opcode) { + case LWSWSOPC_CLOSE: + pp = (unsigned char *)&wsi->u.ws.rx_ubuf[LWS_PRE]; + if (lws_check_opt(wsi->context->options, + LWS_SERVER_OPTION_VALIDATE_UTF8) && + wsi->u.ws.rx_ubuf_head > 2 && + lws_check_utf8(&wsi->u.ws.utf8, pp + 2, + wsi->u.ws.rx_ubuf_head - 2)) + goto utf8_fail; + + /* is this an acknowledgement of our close? */ + if (wsi->state == LWSS_AWAITING_CLOSE_ACK) { + /* + * fine he has told us he is closing too, let's + * finish our close + */ + lwsl_parser("seen server's close ack\n"); + return -1; + } + + lwsl_parser("client sees server close len = %d\n", + wsi->u.ws.rx_ubuf_head); + if (wsi->u.ws.rx_ubuf_head >= 2) { + close_code = (pp[0] << 8) | pp[1]; + if (close_code < 1000 || + close_code == 1004 || + close_code == 1005 || + close_code == 1006 || + close_code == 1012 || + close_code == 1013 || + close_code == 1014 || + close_code == 1015 || + (close_code >= 1016 && close_code < 3000) + ) { + pp[0] = (LWS_CLOSE_STATUS_PROTOCOL_ERR >> 8) & 0xff; + pp[1] = LWS_CLOSE_STATUS_PROTOCOL_ERR & 0xff; + } + } + if (user_callback_handle_rxflow( + wsi->protocol->callback, wsi, + LWS_CALLBACK_WS_PEER_INITIATED_CLOSE, + wsi->user_space, pp, + wsi->u.ws.rx_ubuf_head)) + return -1; + + if (lws_partial_buffered(wsi)) + /* + * if we're in the middle of something, + * we can't do a normal close response and + * have to just close our end. + */ + wsi->socket_is_permanently_unusable = 1; + else + /* + * parrot the close packet payload back + * we do not care about how it went, we are closing + * immediately afterwards + */ + lws_write(wsi, (unsigned char *)&wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head, + LWS_WRITE_CLOSE); + wsi->state = LWSS_RETURNED_CLOSE_ALREADY; + /* close the connection */ + return -1; + + case LWSWSOPC_PING: + lwsl_info("received %d byte ping, sending pong\n", + wsi->u.ws.rx_ubuf_head); + + /* he set a close reason on this guy, ignore PING */ + if (wsi->u.ws.close_in_ping_buffer_len) + goto ping_drop; + + if (wsi->u.ws.ping_pending_flag) { + /* + * there is already a pending ping payload + * we should just log and drop + */ + lwsl_parser("DROP PING since one pending\n"); + goto ping_drop; + } + + /* control packets can only be < 128 bytes long */ + if (wsi->u.ws.rx_ubuf_head > 128 - 3) { + lwsl_parser("DROP PING payload too large\n"); + goto ping_drop; + } + + /* stash the pong payload */ + memcpy(wsi->u.ws.ping_payload_buf + LWS_PRE, + &wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head); + + wsi->u.ws.ping_payload_len = wsi->u.ws.rx_ubuf_head; + wsi->u.ws.ping_pending_flag = 1; + + /* get it sent as soon as possible */ + lws_callback_on_writable(wsi); +ping_drop: + wsi->u.ws.rx_ubuf_head = 0; + handled = 1; + break; + + case LWSWSOPC_PONG: + lwsl_info("client receied pong\n"); + lwsl_hexdump(&wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head); + + if (wsi->pending_timeout == PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG) { + lwsl_info("received expected PONG on wsi %p\n", wsi); + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + } + + /* issue it */ + callback_action = LWS_CALLBACK_CLIENT_RECEIVE_PONG; + break; + + case LWSWSOPC_CONTINUATION: + case LWSWSOPC_TEXT_FRAME: + case LWSWSOPC_BINARY_FRAME: + break; + + default: + + lwsl_parser("Reserved opc 0x%2X\n", wsi->u.ws.opcode); + + /* + * It's something special we can't understand here. + * Pass the payload up to the extension's parsing + * state machine. + */ + + eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE]; + eff_buf.token_len = wsi->u.ws.rx_ubuf_head; + + if (lws_ext_cb_active(wsi, + LWS_EXT_CB_EXTENDED_PAYLOAD_RX, + &eff_buf, 0) <= 0) { /* not handle or fail */ + + lwsl_ext("Unhandled ext opc 0x%x\n", wsi->u.ws.opcode); + wsi->u.ws.rx_ubuf_head = 0; + + return 0; + } + handled = 1; + break; + } + + /* + * No it's real payload, pass it up to the user callback. + * It's nicely buffered with the pre-padding taken care of + * so it can be sent straight out again using lws_write + */ + if (handled) + goto already_done; + + eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE]; + eff_buf.token_len = wsi->u.ws.rx_ubuf_head; + +drain_extension: + lwsl_ext("%s: passing %d to ext\n", __func__, eff_buf.token_len); + + n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &eff_buf, 0); + lwsl_ext("Ext RX returned %d\n", n); + if (n < 0) { + wsi->socket_is_permanently_unusable = 1; + return -1; + } + + lwsl_ext("post inflate eff_buf len %d\n", eff_buf.token_len); + + if (rx_draining_ext && !eff_buf.token_len) { + lwsl_err(" --- ignoring zero drain result, ending drain\n"); + goto already_done; + } + + if (wsi->u.ws.check_utf8 && !wsi->u.ws.defeat_check_utf8) { + if (lws_check_utf8(&wsi->u.ws.utf8, + (unsigned char *)eff_buf.token, + eff_buf.token_len)) + goto utf8_fail; + + /* we are ending partway through utf-8 character? */ + if (!wsi->u.ws.rx_packet_length && wsi->u.ws.final && + wsi->u.ws.utf8 && !n) { + lwsl_info("FINAL utf8 error\n"); +utf8_fail: lwsl_info("utf8 error\n"); + return -1; + } + } + + if (eff_buf.token_len < 0 && + callback_action != LWS_CALLBACK_CLIENT_RECEIVE_PONG) + goto already_done; + + if (!eff_buf.token) + goto already_done; + + eff_buf.token[eff_buf.token_len] = '\0'; + + if (!wsi->protocol->callback) + goto already_done; + + if (callback_action == LWS_CALLBACK_CLIENT_RECEIVE_PONG) + lwsl_info("Client doing pong callback\n"); + + if (n && eff_buf.token_len) + /* extension had more... main loop will come back + * we want callback to be done with this set, if so, + * because lws_is_final() hides it was final until the + * last chunk + */ + lws_add_wsi_to_draining_ext_list(wsi); + else + lws_remove_wsi_from_draining_ext_list(wsi); + + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY || + wsi->state == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION || + wsi->state == LWSS_AWAITING_CLOSE_ACK) + goto already_done; + + m = wsi->protocol->callback(wsi, + (enum lws_callback_reasons)callback_action, + wsi->user_space, eff_buf.token, eff_buf.token_len); + + /* if user code wants to close, let caller know */ + if (m) + return 1; + +already_done: + wsi->u.ws.rx_ubuf_head = 0; + break; + default: + lwsl_err("client rx illegal state\n"); + return 1; + } + + return 0; + +illegal_ctl_length: + lwsl_warn("Control frame asking for extended length is illegal\n"); + /* kill the connection */ + return -1; +} + + diff --git a/lib/client.c b/lib/client.c new file mode 100755 index 0000000..3c8986c --- /dev/null +++ b/lib/client.c @@ -0,0 +1,1402 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +int +lws_handshake_client(struct lws *wsi, unsigned char **buf, size_t len) +{ + int m; + + switch (wsi->mode) { + case LWSCM_WSCL_WAITING_PROXY_REPLY: + case LWSCM_WSCL_ISSUE_HANDSHAKE: + case LWSCM_WSCL_WAITING_SERVER_REPLY: + case LWSCM_WSCL_WAITING_EXTENSION_CONNECT: + case LWSCM_WS_CLIENT: + while (len) { + /* + * we were accepting input but now we stopped doing so + */ + if (!(wsi->rxflow_change_to & LWS_RXFLOW_ALLOW)) { + lwsl_debug("%s: caching %ld\n", __func__, (long)len); + lws_rxflow_cache(wsi, *buf, 0, len); + return 0; + } + if (wsi->u.ws.rx_draining_ext) { +#if !defined(LWS_NO_CLIENT) + if (wsi->mode == LWSCM_WS_CLIENT) + m = lws_client_rx_sm(wsi, 0); + else +#endif + m = lws_rx_sm(wsi, 0); + if (m < 0) + return -1; + continue; + } + /* account for what we're using in rxflow buffer */ + if (wsi->rxflow_buffer) + wsi->rxflow_pos++; + + if (lws_client_rx_sm(wsi, *(*buf)++)) { + lwsl_debug("client_rx_sm exited\n"); + return -1; + } + len--; + } + lwsl_debug("%s: finished with %ld\n", __func__, (long)len); + return 0; + default: + break; + } + + return 0; +} + +LWS_VISIBLE LWS_EXTERN void +lws_client_http_body_pending(struct lws *wsi, int something_left_to_send) +{ + wsi->client_http_body_pending = !!something_left_to_send; +} + +int +lws_client_socket_service(struct lws_context *context, struct lws *wsi, + struct lws_pollfd *pollfd) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + char *p = (char *)&pt->serv_buf[0]; + const char *cce = NULL; + unsigned char c; + char *sb = p; + int n = 0, len = 0; +#if defined(LWS_WITH_SOCKS5) + char conn_mode = 0, pending_timeout = 0; +#endif + + switch (wsi->mode) { + + case LWSCM_WSCL_WAITING_CONNECT: + + /* + * we are under PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE + * timeout protection set in client-handshake.c + */ + + if (!lws_client_connect_2(wsi)) { + /* closed */ + lwsl_client("closed\n"); + return -1; + } + + /* either still pending connection, or changed mode */ + return 0; + +#if defined(LWS_WITH_SOCKS5) + /* SOCKS Greeting Reply */ + case LWSCM_WSCL_WAITING_SOCKS_GREETING_REPLY: + + /* handle proxy hung up on us */ + + if (pollfd->revents & LWS_POLLHUP) { + + lwsl_warn("SOCKS connection %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + } + + n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); + if (n < 0) { + if (LWS_ERRNO == LWS_EAGAIN) { + lwsl_debug("SOCKS read returned EAGAIN..." + "retrying\n"); + return 0; + } + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR reading from SOCKS socket\n"); + return 0; + } + + /* processing greeting reply */ + if (pt->serv_buf[0] == SOCKS_VERSION_5 + && pt->serv_buf[1] == SOCKS_AUTH_NO_AUTH) + { + lwsl_client("%s\n", "SOCKS greeting reply received " + "- No Authentication Method"); + socks_generate_msg(wsi, SOCKS_MSG_CONNECT, (size_t *)&len); + + conn_mode = LWSCM_WSCL_WAITING_SOCKS_CONNECT_REPLY; + pending_timeout = PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY; + lwsl_client("%s\n", "Sending SOCKS connect command"); + } + else if (pt->serv_buf[0] == SOCKS_VERSION_5 + && pt->serv_buf[1] == SOCKS_AUTH_USERNAME_PASSWORD) + { + lwsl_client("%s\n", "SOCKS greeting reply received " + "- User Name Password Method"); + socks_generate_msg(wsi, SOCKS_MSG_USERNAME_PASSWORD, + (size_t *)&len); + + conn_mode = LWSCM_WSCL_WAITING_SOCKS_AUTH_REPLY; + pending_timeout = PENDING_TIMEOUT_AWAITING_SOCKS_AUTH_REPLY; + lwsl_client("%s\n", "Sending SOCKS user/password"); + } + else + { + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR SOCKS greeting reply failed, method " + "code: %d\n", pt->serv_buf[1]); + return 0; + } + + n = send(wsi->desc.sockfd, (char *)pt->serv_buf, len, + MSG_NOSIGNAL); + if (n < 0) { + lwsl_debug("ERROR writing socks command to socks proxy " + "socket\n"); + return 0; + } + + lws_set_timeout(wsi, pending_timeout, AWAITING_TIMEOUT); + wsi->mode = conn_mode; + + break; + /* SOCKS auth Reply */ + case LWSCM_WSCL_WAITING_SOCKS_AUTH_REPLY: + + /* handle proxy hung up on us */ + + if (pollfd->revents & LWS_POLLHUP) { + + lwsl_warn("SOCKS connection %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + } + + n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); + if (n < 0) { + if (LWS_ERRNO == LWS_EAGAIN) { + lwsl_debug("SOCKS read returned EAGAIN... " + "retrying\n"); + return 0; + } + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR reading from socks socket\n"); + return 0; + } + + /* processing auth reply */ + if (pt->serv_buf[0] == SOCKS_SUBNEGOTIATION_VERSION_1 + && pt->serv_buf[1] == SOCKS_SUBNEGOTIATION_STATUS_SUCCESS) + { + lwsl_client("%s\n", "SOCKS password reply recieved - " + "successful"); + socks_generate_msg(wsi, SOCKS_MSG_CONNECT, (size_t *)&len); + + conn_mode = LWSCM_WSCL_WAITING_SOCKS_CONNECT_REPLY; + pending_timeout = + PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY; + lwsl_client("%s\n", "Sending SOCKS connect command"); + } + else + { + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR : SOCKS user/password reply failed, " + "error code: %d\n", pt->serv_buf[1]); + return 0; + } + + n = send(wsi->desc.sockfd, (char *)pt->serv_buf, len, + MSG_NOSIGNAL); + if (n < 0) { + lwsl_debug("ERROR writing connect command to SOCKS " + "socket\n"); + return 0; + } + + lws_set_timeout(wsi, pending_timeout, AWAITING_TIMEOUT); + wsi->mode = conn_mode; + + break; + + /* SOCKS connect command Reply */ + case LWSCM_WSCL_WAITING_SOCKS_CONNECT_REPLY: + + /* handle proxy hung up on us */ + + if (pollfd->revents & LWS_POLLHUP) { + + lwsl_warn("SOCKS connection %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + } + + n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); + if (n < 0) { + if (LWS_ERRNO == LWS_EAGAIN) { + lwsl_debug("SOCKS read returned EAGAIN... " + "retrying\n"); + return 0; + } + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR reading from socks socket\n"); + return 0; + } + + /* processing connect reply */ + if (pt->serv_buf[0] == SOCKS_VERSION_5 + && pt->serv_buf[1] == SOCKS_REQUEST_REPLY_SUCCESS) + { + lwsl_client("%s\n", "SOCKS connect reply recieved - " + "successful"); + } + else + { + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR SOCKS connect reply failed, error " + "code: %d\n", pt->serv_buf[1]); + return 0; + } + + /* free stash since we are done with it */ + lws_free_set_NULL(wsi->u.hdr.stash); + + if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, + wsi->vhost->socks_proxy_address)) + goto bail3; + wsi->c_port = wsi->vhost->socks_proxy_port; + + /* clear his proxy connection timeout */ + + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + goto start_ws_hanshake; +#endif + case LWSCM_WSCL_WAITING_PROXY_REPLY: + + /* handle proxy hung up on us */ + + if (pollfd->revents & LWS_POLLHUP) { + + lwsl_warn("Proxy connection %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + } + + n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); + if (n < 0) { + if (LWS_ERRNO == LWS_EAGAIN) { + lwsl_debug("Proxy read returned EAGAIN... retrying\n"); + return 0; + } + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR reading from proxy socket\n"); + return 0; + } + + pt->serv_buf[13] = '\0'; + if (strcmp(sb, "HTTP/1.0 200 ") && + strcmp(sb, "HTTP/1.1 200 ")) { + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_err("ERROR proxy: %s\n", sb); + return 0; + } + + /* clear his proxy connection timeout */ + + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + /* fallthru */ + + case LWSCM_WSCL_ISSUE_HANDSHAKE: + + /* + * we are under PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE + * timeout protection set in client-handshake.c + * + * take care of our lws_callback_on_writable + * happening at a time when there's no real connection yet + */ +#if defined(LWS_WITH_SOCKS5) +start_ws_hanshake: +#endif + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) + return -1; + +#ifdef LWS_OPENSSL_SUPPORT + /* we can retry this... just cook the SSL BIO the first time */ + + if (wsi->use_ssl && !wsi->ssl) { + if (lws_ssl_client_bio_create(wsi)) + return -1; + } + + if (wsi->use_ssl) { + n = lws_ssl_client_connect1(wsi); + if (!n) + return 0; + if (n < 0) { + cce = "lws_ssl_client_connect1 failed"; + goto bail3; + } + } else + wsi->ssl = NULL; + + /* fallthru */ + + case LWSCM_WSCL_WAITING_SSL: + + if (wsi->use_ssl) { + n = lws_ssl_client_connect2(wsi); + if (!n) + return 0; + if (n < 0) { + cce = "lws_ssl_client_connect2 failed"; + goto bail3; + } + } else + wsi->ssl = NULL; +#endif + + wsi->mode = LWSCM_WSCL_ISSUE_HANDSHAKE2; + lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND, + context->timeout_secs); + + /* fallthru */ + + case LWSCM_WSCL_ISSUE_HANDSHAKE2: + p = lws_generate_client_handshake(wsi, p); + if (p == NULL) { + if (wsi->mode == LWSCM_RAW) + return 0; + + lwsl_err("Failed to generate handshake for client\n"); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + } + + /* send our request to the server */ + + lws_latency_pre(context, wsi); + + n = lws_ssl_capable_write(wsi, (unsigned char *)sb, p - sb); + lws_latency(context, wsi, "send lws_issue_raw", n, + n == p - sb); + switch (n) { + case LWS_SSL_CAPABLE_ERROR: + lwsl_debug("ERROR writing to client socket\n"); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return 0; + case LWS_SSL_CAPABLE_MORE_SERVICE: + lws_callback_on_writable(wsi); + break; + } + + if (wsi->client_http_body_pending) { + wsi->mode = LWSCM_WSCL_ISSUE_HTTP_BODY; + lws_set_timeout(wsi, PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD, + context->timeout_secs); + /* user code must ask for writable callback */ + break; + } + + goto client_http_body_sent; + + case LWSCM_WSCL_ISSUE_HTTP_BODY: + if (wsi->client_http_body_pending) { + lws_set_timeout(wsi, PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD, + context->timeout_secs); + /* user code must ask for writable callback */ + break; + } +client_http_body_sent: + wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; + wsi->u.hdr.lextable_pos = 0; + wsi->mode = LWSCM_WSCL_WAITING_SERVER_REPLY; + lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE, + context->timeout_secs); + break; + + case LWSCM_WSCL_WAITING_SERVER_REPLY: + + /* handle server hung up on us */ + + if (pollfd->revents & LWS_POLLHUP) { + + lwsl_debug("Server connection %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + cce = "Peer hung up"; + goto bail3; + } + + if (!(pollfd->revents & LWS_POLLIN)) + break; + + /* interpret the server response */ + + /* + * HTTP/1.1 101 Switching Protocols + * Upgrade: websocket + * Connection: Upgrade + * Sec-WebSocket-Accept: me89jWimTRKTWwrS3aRrL53YZSo= + * Sec-WebSocket-Nonce: AQIDBAUGBwgJCgsMDQ4PEC== + * Sec-WebSocket-Protocol: chat + */ + + /* + * we have to take some care here to only take from the + * socket bytewise. The browser may (and has been seen to + * in the case that onopen() performs websocket traffic) + * coalesce both handshake response and websocket traffic + * in one packet, since at that point the connection is + * definitively ready from browser pov. + */ + len = 1; + while (wsi->u.hdr.parser_state != WSI_PARSING_COMPLETE && + len > 0) { + n = lws_ssl_capable_read(wsi, &c, 1); + lws_latency(context, wsi, "send lws_issue_raw", n, + n == 1); + switch (n) { + case 0: + case LWS_SSL_CAPABLE_ERROR: + cce = "read failed"; + goto bail3; + case LWS_SSL_CAPABLE_MORE_SERVICE: + return 0; + } + + if (lws_parse(wsi, c)) { + lwsl_warn("problems parsing header\n"); + goto bail3; + } + } + + /* + * hs may also be coming in multiple packets, there is a 5-sec + * libwebsocket timeout still active here too, so if parsing did + * not complete just wait for next packet coming in this state + */ + + if (wsi->u.hdr.parser_state != WSI_PARSING_COMPLETE) + break; + + /* + * otherwise deal with the handshake. If there's any + * packet traffic already arrived we'll trigger poll() again + * right away and deal with it that way + */ + + return lws_client_interpret_server_handshake(wsi); + +bail3: + lwsl_info("closing conn at LWS_CONNMODE...SERVER_REPLY\n"); + if (cce) + lwsl_info("reason: %s\n", cce); + wsi->protocol->callback(wsi, + LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, (void *)cce, cce ? strlen(cce) : 0); + wsi->already_did_cce = 1; + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return -1; + + case LWSCM_WSCL_WAITING_EXTENSION_CONNECT: + lwsl_ext("LWSCM_WSCL_WAITING_EXTENSION_CONNECT\n"); + break; + + case LWSCM_WSCL_PENDING_CANDIDATE_CHILD: + lwsl_ext("LWSCM_WSCL_PENDING_CANDIDATE_CHILD\n"); + break; + default: + break; + } + + return 0; +} + +/* + * In-place str to lower case + */ + +static void +strtolower(char *s) +{ + while (*s) { +#ifdef LWS_PLAT_OPTEE + int tolower_optee(int c); + *s = tolower_optee((int)*s); +#else + *s = tolower((int)*s); +#endif + s++; + } +} + +int LWS_WARN_UNUSED_RESULT +lws_http_transaction_completed_client(struct lws *wsi) +{ + lwsl_debug("%s: wsi %p\n", __func__, wsi); + /* if we can't go back to accept new headers, drop the connection */ + if (wsi->u.http.connection_type != HTTP_CONNECTION_KEEP_ALIVE) { + lwsl_info("%s: %p: close connection\n", __func__, wsi); + return 1; + } + + /* we don't support chained client connections yet */ + return 1; +#if 0 + /* otherwise set ourselves up ready to go again */ + wsi->state = LWSS_CLIENT_HTTP_ESTABLISHED; + wsi->mode = LWSCM_HTTP_CLIENT_ACCEPTED; + wsi->u.http.content_length = 0; + wsi->hdr_parsing_completed = 0; + + /* He asked for it to stay alive indefinitely */ + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + /* + * As client, nothing new is going to come until we ask for it + * we can drop the ah, if any + */ + if (wsi->u.hdr.ah) { + lws_header_table_force_to_detachable_state(wsi); + lws_header_table_detach(wsi, 0); + } + + /* If we're (re)starting on headers, need other implied init */ + wsi->u.hdr.ues = URIES_IDLE; + + lwsl_info("%s: %p: keep-alive await new transaction\n", __func__, wsi); + + return 0; +#endif +} + +LWS_VISIBLE LWS_EXTERN unsigned int +lws_http_client_http_response(struct lws *wsi) +{ + if (!wsi->u.http.ah) + return 0; + + return wsi->u.http.ah->http_response; +} + +int +lws_client_interpret_server_handshake(struct lws *wsi) +{ + int n, len, okay = 0, port = 0, ssl = 0; + int close_reason = LWS_CLOSE_STATUS_PROTOCOL_ERR; + struct lws_context *context = wsi->context; + const char *pc, *prot, *ads = NULL, *path, *cce = NULL; + struct allocated_headers *ah = NULL; + char *p, *q; + char new_path[300]; +#ifndef LWS_NO_EXTENSIONS + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + char *sb = (char *)&pt->serv_buf[0]; + const struct lws_ext_options *opts; + const struct lws_extension *ext; + char ext_name[128]; + const char *c, *a; + char ignore; + int more = 1; + void *v; +#endif + if (wsi->u.hdr.stash) + lws_free_set_NULL(wsi->u.hdr.stash); + + ah = wsi->u.hdr.ah; + if (!wsi->do_ws) { + /* we are being an http client... + */ + lws_union_transition(wsi, LWSCM_HTTP_CLIENT_ACCEPTED); + wsi->state = LWSS_CLIENT_HTTP_ESTABLISHED; + wsi->u.http.ah = ah; + ah->http_response = 0; + } + + /* + * well, what the server sent looked reasonable for syntax. + * Now let's confirm it sent all the necessary headers + * + * http (non-ws) client will expect something like this + * + * HTTP/1.0.200 + * server:.libwebsockets + * content-type:.text/html + * content-length:.17703 + * set-cookie:.test=LWS_1456736240_336776_COOKIE;Max-Age=360000 + * + * + * + */ + + wsi->u.http.connection_type = HTTP_CONNECTION_KEEP_ALIVE; + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP); + if (wsi->do_ws && !p) { + lwsl_info("no URI\n"); + cce = "HS: URI missing"; + goto bail3; + } + if (!p) { + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP1_0); + wsi->u.http.connection_type = HTTP_CONNECTION_CLOSE; + } + if (!p) { + cce = "HS: URI missing"; + lwsl_info("no URI\n"); + goto bail3; + } + n = atoi(p); + if (ah) + ah->http_response = n; + + if (n == 301 || n == 302 || n == 303 || n == 307 || n == 308) { + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_LOCATION); + if (!p) { + cce = "HS: Redirect code but no Location"; + goto bail3; + } + + /* Relative reference absolute path */ + if (p[0] == '/') + { +#ifdef LWS_OPENSSL_SUPPORT + ssl = wsi->use_ssl; +#endif + ads = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); + port = wsi->c_port; + path = p + 1; /* +1 as lws_client_reset expects leading / to be omitted */ + } + /* Absolute (Full) URI */ + else if (strchr(p, ':')) + { + if (lws_parse_uri(p, &prot, &ads, &port, &path)) { + cce = "HS: URI did not parse"; + goto bail3; + } + + if (!strcmp(prot, "wss") || !strcmp(prot, "https")) + ssl = 1; + } + /* Relative reference relative path */ + else + { + /* This doesn't try to calculate an absolute path, that will be left to the server */ +#ifdef LWS_OPENSSL_SUPPORT + ssl = wsi->use_ssl; +#endif + ads = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); + port = wsi->c_port; + path = new_path + 1; /* +1 as lws_client_reset expects leading / to be omitted */ + strncpy(new_path, lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI), sizeof(new_path)); + new_path[sizeof(new_path) - 1] = '\0'; + q = strrchr(new_path, '/'); + if (q) + { + strncpy(q + 1, p, sizeof(new_path) - (q - new_path) - 1); + new_path[sizeof(new_path) - 1] = '\0'; + } + else + { + path = p; + } + } + +#ifdef LWS_OPENSSL_SUPPORT + if (wsi->use_ssl && !ssl) { + cce = "HS: Redirect attempted SSL downgrade"; + goto bail3; + } +#endif + + if (!lws_client_reset(&wsi, ssl, ads, port, path, ads)) { + /* there are two ways to fail out with NULL return... + * simple, early problem where the wsi is intact, or + * we went through with the reconnect attempt and the + * wsi is already closed. In the latter case, the wsi + * has beet set to NULL additionally. + */ + lwsl_err("Redirect failed\n"); + cce = "HS: Redirect failed"; + if (wsi) + goto bail3; + + return 1; + } + return 0; + } + + if (!wsi->do_ws) { + if (n != 200 && n != 201 && n != 304 && n != 401) { + lwsl_notice("Connection failed with code %d\n", n); + cce = "HS: Server unrecognized response code"; + goto bail2; + } + +#ifdef LWS_WITH_HTTP_PROXY + wsi->perform_rewrite = 0; + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)) { + if (!strncmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE), + "text/html", 9)) + wsi->perform_rewrite = 1; + } +#endif + + /* allocate the per-connection user memory (if any) */ + if (lws_ensure_user_space(wsi)) { + lwsl_err("Problem allocating wsi user mem\n"); + cce = "HS: OOM"; + goto bail2; + } + + /* he may choose to send us stuff in chunked transfer-coding */ + wsi->chunked = 0; + wsi->chunk_remaining = 0; /* ie, next thing is chunk size */ + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_TRANSFER_ENCODING)) { + wsi->chunked = !strcmp(lws_hdr_simple_ptr(wsi, + WSI_TOKEN_HTTP_TRANSFER_ENCODING), + "chunked"); + /* first thing is hex, after payload there is crlf */ + wsi->chunk_parser = ELCP_HEX; + } + + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { + wsi->u.http.content_length = + atoll(lws_hdr_simple_ptr(wsi, + WSI_TOKEN_HTTP_CONTENT_LENGTH)); + lwsl_notice("%s: incoming content length %llu\n", __func__, + (unsigned long long)wsi->u.http.content_length); + wsi->u.http.content_remain = wsi->u.http.content_length; + } else /* can't do 1.1 without a content length or chunked */ + if (!wsi->chunked) + wsi->u.http.connection_type = HTTP_CONNECTION_CLOSE; + + /* + * we seem to be good to go, give client last chance to check + * headers and OK it + */ + if (wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH, + wsi->user_space, NULL, 0)) { + + cce = "HS: disallowed by client filter"; + goto bail2; + } + + /* clear his proxy connection timeout */ + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; + + /* call him back to inform him he is up */ + if (wsi->protocol->callback(wsi, + LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP, + wsi->user_space, NULL, 0)) { + cce = "HS: disallowed at ESTABLISHED"; + goto bail3; + } + + /* free up his parsing allocations */ + lws_header_table_detach(wsi, 0); + + lwsl_notice("%s: client connection up\n", __func__); + + return 0; + } + + if (lws_hdr_total_length(wsi, WSI_TOKEN_ACCEPT) == 0) { + lwsl_info("no ACCEPT\n"); + cce = "HS: ACCEPT missing"; + goto bail3; + } + + if (p && strncmp(p, "101", 3)) { + lwsl_warn( + "lws_client_handshake: got bad HTTP response '%s'\n", p); + cce = "HS: ws upgrade response not 101"; + goto bail3; + } + + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE); + if (!p) { + lwsl_info("no UPGRADE\n"); + cce = "HS: UPGRADE missing"; + goto bail3; + } + strtolower(p); + if (strcmp(p, "websocket")) { + lwsl_warn( + "lws_client_handshake: got bad Upgrade header '%s'\n", p); + cce = "HS: Upgrade to something other than websocket"; + goto bail3; + } + + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_CONNECTION); + if (!p) { + lwsl_info("no Connection hdr\n"); + cce = "HS: CONNECTION missing"; + goto bail3; + } + strtolower(p); + if (strcmp(p, "upgrade")) { + lwsl_warn("lws_client_int_s_hs: bad header %s\n", p); + cce = "HS: UPGRADE malformed"; + goto bail3; + } + + pc = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); + if (!pc) { + lwsl_parser("lws_client_int_s_hs: no protocol list\n"); + } else + lwsl_parser("lws_client_int_s_hs: protocol list '%s'\n", pc); + + /* + * confirm the protocol the server wants to talk was in the list + * of protocols we offered + */ + + len = lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL); + if (!len) { + lwsl_info("lws_client_int_s_hs: WSI_TOKEN_PROTOCOL is null\n"); + /* + * no protocol name to work from, + * default to first protocol + */ + n = 0; + wsi->protocol = &wsi->vhost->protocols[0]; + goto check_extensions; + } + + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL); + len = strlen(p); + + while (pc && *pc && !okay) { + if (!strncmp(pc, p, len) && + (pc[len] == ',' || pc[len] == '\0')) { + okay = 1; + continue; + } + while (*pc && *pc++ != ',') + ; + while (*pc && *pc == ' ') + pc++; + } + + if (!okay) { + lwsl_err("lws_client_int_s_hs: got bad protocol %s\n", p); + cce = "HS: PROTOCOL malformed"; + goto bail2; + } + + /* + * identify the selected protocol struct and set it + */ + n = 0; + wsi->protocol = NULL; + while (wsi->vhost->protocols[n].callback && !wsi->protocol) { + if (strcmp(p, wsi->vhost->protocols[n].name) == 0) { + wsi->protocol = &wsi->vhost->protocols[n]; + break; + } + n++; + } + + if (wsi->protocol == NULL) { + lwsl_err("lws_client_int_s_hs: fail protocol %s\n", p); + cce = "HS: Cannot match protocol"; + goto bail2; + } + +check_extensions: + /* + * stitch protocol choice into the vh protocol linked list + * We always insert ourselves at the start of the list + * + * X <-> B + * X <-> pAn <-> pB + */ + //lwsl_err("%s: pre insert vhost start wsi %p, that wsi prev == %p\n", + // __func__, + // wsi->vhost->same_vh_protocol_list[n], + // wsi->same_vh_protocol_prev); + wsi->same_vh_protocol_prev = /* guy who points to us */ + &wsi->vhost->same_vh_protocol_list[n]; + wsi->same_vh_protocol_next = /* old first guy is our next */ + wsi->vhost->same_vh_protocol_list[n]; + /* we become the new first guy */ + wsi->vhost->same_vh_protocol_list[n] = wsi; + + if (wsi->same_vh_protocol_next) + /* old first guy points back to us now */ + wsi->same_vh_protocol_next->same_vh_protocol_prev = + &wsi->same_vh_protocol_next; + +#ifndef LWS_NO_EXTENSIONS + /* instantiate the accepted extensions */ + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_EXTENSIONS)) { + lwsl_ext("no client extensions allowed by server\n"); + goto check_accept; + } + + /* + * break down the list of server accepted extensions + * and go through matching them or identifying bogons + */ + + if (lws_hdr_copy(wsi, sb, context->pt_serv_buf_size, WSI_TOKEN_EXTENSIONS) < 0) { + lwsl_warn("ext list from server failed to copy\n"); + cce = "HS: EXT: list too big"; + goto bail2; + } + + c = sb; + n = 0; + ignore = 0; + a = NULL; + while (more) { + + if (*c && (*c != ',' && *c != '\t')) { + if (*c == ';') { + ignore = 1; + if (!a) + a = c + 1; + } + if (ignore || *c == ' ') { + c++; + continue; + } + + ext_name[n] = *c++; + if (n < sizeof(ext_name) - 1) + n++; + continue; + } + ext_name[n] = '\0'; + ignore = 0; + if (!*c) + more = 0; + else { + c++; + if (!n) + continue; + } + + /* check we actually support it */ + + lwsl_notice("checking client ext %s\n", ext_name); + + n = 0; + ext = wsi->vhost->extensions; + while (ext && ext->callback) { + if (strcmp(ext_name, ext->name)) { + ext++; + continue; + } + + n = 1; + lwsl_notice("instantiating client ext %s\n", ext_name); + + /* instantiate the extension on this conn */ + + wsi->active_extensions[wsi->count_act_ext] = ext; + + /* allow him to construct his ext instance */ + + if (ext->callback(lws_get_context(wsi), ext, wsi, + LWS_EXT_CB_CLIENT_CONSTRUCT, + (void *)&wsi->act_ext_user[wsi->count_act_ext], + (void *)&opts, 0)) { + lwsl_notice(" ext %s failed construction\n", ext_name); + ext++; + continue; + } + + /* + * allow the user code to override ext defaults if it + * wants to + */ + ext_name[0] = '\0'; + if (user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_WS_EXT_DEFAULTS, + (char *)ext->name, ext_name, + sizeof(ext_name))) { + cce = "HS: EXT: failed setting defaults"; + goto bail2; + } + + if (ext_name[0] && + lws_ext_parse_options(ext, wsi, wsi->act_ext_user[ + wsi->count_act_ext], opts, ext_name, + strlen(ext_name))) { + lwsl_err("%s: unable to parse user defaults '%s'", + __func__, ext_name); + cce = "HS: EXT: failed parsing defaults"; + goto bail2; + } + + /* + * give the extension the server options + */ + if (a && lws_ext_parse_options(ext, wsi, + wsi->act_ext_user[wsi->count_act_ext], + opts, a, c - a)) { + lwsl_err("%s: unable to parse remote def '%s'", + __func__, a); + cce = "HS: EXT: failed parsing options"; + goto bail2; + } + + if (ext->callback(lws_get_context(wsi), ext, wsi, + LWS_EXT_CB_OPTION_CONFIRM, + wsi->act_ext_user[wsi->count_act_ext], + NULL, 0)) { + lwsl_err("%s: ext %s rejects server options %s", + __func__, ext->name, a); + cce = "HS: EXT: Rejects server options"; + goto bail2; + } + + wsi->count_act_ext++; + + ext++; + } + + if (n == 0) { + lwsl_warn("Unknown ext '%s'!\n", ext_name); + cce = "HS: EXT: unknown ext"; + goto bail2; + } + + a = NULL; + n = 0; + } + +check_accept: +#endif + + /* + * Confirm his accept token is the one we precomputed + */ + + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_ACCEPT); + if (strcmp(p, wsi->u.hdr.ah->initial_handshake_hash_base64)) { + lwsl_warn("lws_client_int_s_hs: accept '%s' wrong vs '%s'\n", p, + wsi->u.hdr.ah->initial_handshake_hash_base64); + cce = "HS: Accept hash wrong"; + goto bail2; + } + + /* allocate the per-connection user memory (if any) */ + if (lws_ensure_user_space(wsi)) { + lwsl_err("Problem allocating wsi user mem\n"); + cce = "HS: OOM"; + goto bail2; + } + + /* + * we seem to be good to go, give client last chance to check + * headers and OK it + */ + if (wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH, + wsi->user_space, NULL, 0)) { + cce = "HS: Rejected by filter cb"; + goto bail2; + } + + /* clear his proxy connection timeout */ + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + /* free up his parsing allocations */ + lws_header_table_detach(wsi, 0); + + lws_union_transition(wsi, LWSCM_WS_CLIENT); + wsi->state = LWSS_ESTABLISHED; + lws_restart_ws_ping_pong_timer(wsi); + + wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; + + /* + * create the frame buffer for this connection according to the + * size mentioned in the protocol definition. If 0 there, then + * use a big default for compatibility + */ + n = wsi->protocol->rx_buffer_size; + if (!n) + n = context->pt_serv_buf_size; + n += LWS_PRE; + wsi->u.ws.rx_ubuf = lws_malloc(n + 4 /* 0x0000ffff zlib */); + if (!wsi->u.ws.rx_ubuf) { + lwsl_err("Out of Mem allocating rx buffer %d\n", n); + cce = "HS: OOM"; + goto bail2; + } + wsi->u.ws.rx_ubuf_alloc = n; + lwsl_info("Allocating client RX buffer %d\n", n); + +#if !defined(LWS_WITH_ESP32) + if (setsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_SNDBUF, (const char *)&n, + sizeof n)) { + lwsl_warn("Failed to set SNDBUF to %d", n); + cce = "HS: SO_SNDBUF failed"; + goto bail3; + } +#endif + + lwsl_debug("handshake OK for protocol %s\n", wsi->protocol->name); + + /* call him back to inform him he is up */ + + if (wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_ESTABLISHED, + wsi->user_space, NULL, 0)) { + cce = "HS: Rejected at CLIENT_ESTABLISHED"; + goto bail3; + } +#ifndef LWS_NO_EXTENSIONS + /* + * inform all extensions, not just active ones since they + * already know + */ + ext = wsi->vhost->extensions; + + while (ext && ext->callback) { + v = NULL; + for (n = 0; n < wsi->count_act_ext; n++) + if (wsi->active_extensions[n] == ext) + v = wsi->act_ext_user[n]; + + ext->callback(context, ext, wsi, + LWS_EXT_CB_ANY_WSI_ESTABLISHED, v, NULL, 0); + ext++; + } +#endif + + return 0; + +bail3: + close_reason = LWS_CLOSE_STATUS_NOSTATUS; + +bail2: + if (wsi->protocol) + wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, (void *)cce, + (unsigned int)strlen(cce)); + wsi->already_did_cce = 1; + + lwsl_info("closing connection due to bail2 connection error\n"); + + /* closing will free up his parsing allocations */ + lws_close_free_wsi(wsi, close_reason); + + return 1; +} + + +char * +lws_generate_client_handshake(struct lws *wsi, char *pkt) +{ + char buf[128], hash[20], key_b64[40], *p = pkt; + struct lws_context *context = wsi->context; + const char *meth; + int n; +#ifndef LWS_NO_EXTENSIONS + const struct lws_extension *ext; + int ext_count = 0; +#endif + const char *pp = lws_hdr_simple_ptr(wsi, + _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); + + meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); + if (!meth) { + meth = "GET"; + wsi->do_ws = 1; + } else { + wsi->do_ws = 0; + } + + if (!strcmp(meth, "RAW")) { + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + lwsl_notice("client transition to raw\n"); + + if (pp) { + const struct lws_protocols *pr; + + pr = lws_vhost_name_to_protocol(wsi->vhost, pp); + + if (!pr) { + lwsl_err("protocol %s not enabled on vhost\n", + pp); + return NULL; + } + + lws_bind_protocol(wsi, pr); + } + + if ((wsi->protocol->callback)(wsi, + LWS_CALLBACK_RAW_ADOPT, + wsi->user_space, NULL, 0)) + return NULL; + + lws_header_table_force_to_detachable_state(wsi); + lws_union_transition(wsi, LWSCM_RAW); + lws_header_table_detach(wsi, 1); + + return NULL; + } + + if (wsi->do_ws) { + /* + * create the random key + */ + n = lws_get_random(context, hash, 16); + if (n != 16) { + lwsl_err("Unable to read from random dev %s\n", + SYSTEM_RANDOM_FILEPATH); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return NULL; + } + + lws_b64_encode_string(hash, 16, key_b64, sizeof(key_b64)); + } + + /* + * 04 example client handshake + * + * GET /chat HTTP/1.1 + * Host: server.example.com + * Upgrade: websocket + * Connection: Upgrade + * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== + * Sec-WebSocket-Origin: http://example.com + * Sec-WebSocket-Protocol: chat, superchat + * Sec-WebSocket-Version: 4 + */ + + p += sprintf(p, "%s %s HTTP/1.1\x0d\x0a", meth, + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI)); + + p += sprintf(p, "Pragma: no-cache\x0d\x0a" + "Cache-Control: no-cache\x0d\x0a"); + + p += sprintf(p, "Host: %s\x0d\x0a", + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST)); + + if (lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN)) { + if (lws_check_opt(context->options, LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN)) + p += sprintf(p, "Origin: %s\x0d\x0a", + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN)); + else + p += sprintf(p, "Origin: http://%s\x0d\x0a", + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN)); + } + + if (wsi->do_ws) { + p += sprintf(p, "Upgrade: websocket\x0d\x0a" + "Connection: Upgrade\x0d\x0a" + "Sec-WebSocket-Key: "); + strcpy(p, key_b64); + p += strlen(key_b64); + p += sprintf(p, "\x0d\x0a"); + if (lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS)) + p += sprintf(p, "Sec-WebSocket-Protocol: %s\x0d\x0a", + lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS)); + + /* tell the server what extensions we could support */ + +#ifndef LWS_NO_EXTENSIONS + ext = wsi->vhost->extensions; + while (ext && ext->callback) { + n = lws_ext_cb_all_exts(context, wsi, + LWS_EXT_CB_CHECK_OK_TO_PROPOSE_EXTENSION, + (char *)ext->name, 0); + if (n) { /* an extension vetos us */ + lwsl_ext("ext %s vetoed\n", (char *)ext->name); + ext++; + continue; + } + n = wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_CLIENT_CONFIRM_EXTENSION_SUPPORTED, + wsi->user_space, (char *)ext->name, 0); + + /* + * zero return from callback means + * go ahead and allow the extension, + * it's what we get if the callback is + * unhandled + */ + + if (n) { + ext++; + continue; + } + + /* apply it */ + + if (ext_count) + *p++ = ','; + else + p += sprintf(p, "Sec-WebSocket-Extensions: "); + p += sprintf(p, "%s", ext->client_offer); + ext_count++; + + ext++; + } + if (ext_count) + p += sprintf(p, "\x0d\x0a"); +#endif + + if (wsi->ietf_spec_revision) + p += sprintf(p, "Sec-WebSocket-Version: %d\x0d\x0a", + wsi->ietf_spec_revision); + + /* prepare the expected server accept response */ + + key_b64[39] = '\0'; /* enforce composed length below buf sizeof */ + n = sprintf(buf, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", key_b64); + + lws_SHA1((unsigned char *)buf, n, (unsigned char *)hash); + + lws_b64_encode_string(hash, 20, + wsi->u.hdr.ah->initial_handshake_hash_base64, + sizeof(wsi->u.hdr.ah->initial_handshake_hash_base64)); + } + + /* give userland a chance to append, eg, cookies */ + + wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER, + wsi->user_space, &p, (pkt + context->pt_serv_buf_size) - p - 12); + + p += sprintf(p, "\x0d\x0a"); + + return p; +} + diff --git a/lib/context.c b/lib/context.c new file mode 100644 index 0000000..37219cd --- /dev/null +++ b/lib/context.c @@ -0,0 +1,1458 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2015 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +#ifndef LWS_BUILD_HASH +#define LWS_BUILD_HASH "unknown-build-hash" +#endif + +static const char *library_version = LWS_LIBRARY_VERSION " " LWS_BUILD_HASH; + +/** + * lws_get_library_version: get version and git hash library built from + * + * returns a const char * to a string like "1.1 178d78c" + * representing the library version followed by the git head hash it + * was built from + */ +LWS_VISIBLE const char * +lws_get_library_version(void) +{ + return library_version; +} + +static const char * const mount_protocols[] = { + "http://", + "https://", + "file://", + "cgi://", + ">http://", + ">https://", + "callback://" +}; + +LWS_VISIBLE void * +lws_protocol_vh_priv_zalloc(struct lws_vhost *vhost, const struct lws_protocols *prot, + int size) +{ + int n = 0; + + /* allocate the vh priv array only on demand */ + if (!vhost->protocol_vh_privs) { + vhost->protocol_vh_privs = (void **)lws_zalloc( + vhost->count_protocols * sizeof(void *)); + if (!vhost->protocol_vh_privs) + return NULL; + } + + while (n < vhost->count_protocols && &vhost->protocols[n] != prot) + n++; + + if (n == vhost->count_protocols) { + n = 0; + while (n < vhost->count_protocols && + strcmp(vhost->protocols[n].name, prot->name)) + n++; + + if (n == vhost->count_protocols) + return NULL; + } + + vhost->protocol_vh_privs[n] = lws_zalloc(size); + return vhost->protocol_vh_privs[n]; +} + +LWS_VISIBLE void * +lws_protocol_vh_priv_get(struct lws_vhost *vhost, const struct lws_protocols *prot) +{ + int n = 0; + + if (!vhost->protocol_vh_privs) + return NULL; + + while (n < vhost->count_protocols && &vhost->protocols[n] != prot) + n++; + + if (n == vhost->count_protocols) { + n = 0; + while (n < vhost->count_protocols && + strcmp(vhost->protocols[n].name, prot->name)) + n++; + + if (n == vhost->count_protocols) { + lwsl_err("%s: unknown protocol %p\n", __func__, prot); + return NULL; + } + } + + return vhost->protocol_vh_privs[n]; +} + +static const struct lws_protocol_vhost_options * +lws_vhost_protocol_options(struct lws_vhost *vh, const char *name) +{ + const struct lws_protocol_vhost_options *pvo = vh->pvo; + + while (pvo) { + // lwsl_notice("%s: '%s' '%s'\n", __func__, pvo->name, name); + if (!strcmp(pvo->name, name)) + return pvo; + pvo = pvo->next; + } + + return NULL; +} + +/* + * inform every vhost that hasn't already done it, that + * his protocols are initializing + */ +LWS_VISIBLE int +lws_protocol_init(struct lws_context *context) +{ + struct lws_vhost *vh = context->vhost_list; + const struct lws_protocol_vhost_options *pvo, *pvo1; + struct lws wsi; + int n; + + memset(&wsi, 0, sizeof(wsi)); + wsi.context = context; + + lwsl_info("%s\n", __func__); + + while (vh) { + wsi.vhost = vh; + + /* only do the protocol init once for a given vhost */ + if (vh->created_vhost_protocols) + goto next; + + /* initialize supported protocols on this vhost */ + + for (n = 0; n < vh->count_protocols; n++) { + wsi.protocol = &vh->protocols[n]; + if (!vh->protocols[n].name) + continue; + pvo = lws_vhost_protocol_options(vh, + vh->protocols[n].name); + if (pvo) { + /* + * linked list of options specific to + * vh + protocol + */ + pvo1 = pvo; + pvo = pvo1->options; + + while (pvo) { + lwsl_notice(" vh %s prot %s opt %s\n", + vh->name, + vh->protocols[n].name, + pvo->name); + + if (!strcmp(pvo->name, "default")) { + lwsl_notice("Setting default " + "protocol for vh %s to %s\n", + vh->name, + vh->protocols[n].name); + vh->default_protocol_index = n; + } + if (!strcmp(pvo->name, "raw")) { + lwsl_notice("Setting raw " + "protocol for vh %s to %s\n", + vh->name, + vh->protocols[n].name); + vh->raw_protocol_index = n; + } + pvo = pvo->next; + } + + pvo = pvo1->options; + } + + /* + * inform all the protocols that they are doing their one-time + * initialization if they want to. + * + * NOTE the wsi is all zeros except for the context, vh and + * protocol ptrs so lws_get_context(wsi) etc can work + */ + if (vh->protocols[n].callback(&wsi, + LWS_CALLBACK_PROTOCOL_INIT, NULL, + (void *)pvo, 0)) + return 1; + } + + vh->created_vhost_protocols = 1; +next: + vh = vh->vhost_next; + } + + if (!context->protocol_init_done) + lws_finalize_startup(context); + + context->protocol_init_done = 1; + + return 0; +} + +LWS_VISIBLE int +lws_callback_http_dummy(struct lws *wsi, enum lws_callback_reasons reason, + void *user, void *in, size_t len) +{ +#ifdef LWS_WITH_CGI + struct lws_cgi_args *args; +#endif +#if defined(LWS_WITH_CGI) || defined(LWS_WITH_HTTP_PROXY) + char buf[512]; + int n; +#endif + + + switch (reason) { + case LWS_CALLBACK_HTTP: +#ifndef LWS_NO_SERVER + if (lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL)) + return -1; + + if (lws_http_transaction_completed(wsi)) +#endif + return -1; + break; +#if !defined(LWS_NO_SERVER) + case LWS_CALLBACK_HTTP_FILE_COMPLETION: + if (lws_http_transaction_completed(wsi)) + return -1; + break; +#endif + + case LWS_CALLBACK_HTTP_WRITEABLE: +#ifdef LWS_WITH_CGI + if (wsi->reason_bf & 1) { + if (lws_cgi_write_split_stdout_headers(wsi) < 0) + return -1; + + if (wsi->reason_bf & 8) + wsi->reason_bf &= ~8; + else + wsi->reason_bf &= ~1; + break; + } +#endif +#if defined(LWS_WITH_HTTP_PROXY) + if (wsi->reason_bf & 2) { + char *px = buf + LWS_PRE; + int lenx = sizeof(buf) - LWS_PRE; + /* + * our sink is writeable and our source has something + * to read. So read a lump of source material of + * suitable size to send or what's available, whichever + * is the smaller. + */ + + + wsi->reason_bf &= ~2; + if (!lws_get_child(wsi)) + break; + if (lws_http_client_read(lws_get_child(wsi), &px, &lenx) < 0) + return -1; + break; + } +#endif + break; + +#if defined(LWS_WITH_HTTP_PROXY) + case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: + //lwsl_err("LWS_CALLBACK_RECEIVE_CLIENT_HTTP: wsi %p\n", wsi); + assert(lws_get_parent(wsi)); + if (!lws_get_parent(wsi)) + break; + lws_get_parent(wsi)->reason_bf |= 2; + lws_callback_on_writable(lws_get_parent(wsi)); + break; + + case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: + //lwsl_err("LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ len %d\n", (int)len); + assert(lws_get_parent(wsi)); + n = lws_write(lws_get_parent(wsi), (unsigned char *)in, + len, LWS_WRITE_HTTP); + if (n < 0) + return -1; + break; + + case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: { + unsigned char *p, *end; + char ctype[64], ctlen = 0; + + //lwsl_err("LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP\n"); + + p = (unsigned char *)buf + LWS_PRE; + end = p + sizeof(buf) - LWS_PRE; + + if (lws_add_http_header_status(lws_get_parent(wsi), HTTP_STATUS_OK, &p, end)) + return 1; + if (lws_add_http_header_by_token(lws_get_parent(wsi), + WSI_TOKEN_HTTP_SERVER, + (unsigned char *)"libwebsockets", + 13, &p, end)) + return 1; + + ctlen = lws_hdr_copy(wsi, ctype, sizeof(ctype), WSI_TOKEN_HTTP_CONTENT_TYPE); + if (ctlen > 0) { + if (lws_add_http_header_by_token(lws_get_parent(wsi), + WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)ctype, ctlen, &p, end)) + return 1; + } +#if 0 + if (lws_add_http_header_content_length(lws_get_parent(wsi), + file_len, &p, end)) + return 1; +#endif + if (lws_finalize_http_header(lws_get_parent(wsi), &p, end)) + return 1; + + *p = '\0'; +// lwsl_info("%s\n", buf + LWS_PRE); + + n = lws_write(lws_get_parent(wsi), (unsigned char *)buf + LWS_PRE, + p - ((unsigned char *)buf + LWS_PRE), + LWS_WRITE_HTTP_HEADERS); + if (n < 0) + return -1; + + break; } + +#endif + +#ifdef LWS_WITH_CGI + /* CGI IO events (POLLIN/OUT) appear here, our default policy is: + * + * - POST data goes on subprocess stdin + * - subprocess stdout goes on http via writeable callback + * - subprocess stderr goes to the logs + */ + case LWS_CALLBACK_CGI: + args = (struct lws_cgi_args *)in; + switch (args->ch) { /* which of stdin/out/err ? */ + case LWS_STDIN: + /* TBD stdin rx flow control */ + break; + case LWS_STDOUT: + wsi->reason_bf |= 1; + /* when writing to MASTER would not block */ + lws_callback_on_writable(wsi); + break; + case LWS_STDERR: + n = read(lws_get_socket_fd(args->stdwsi[LWS_STDERR]), + buf, sizeof(buf) - 2); + if (n > 0) { + if (buf[n - 1] != '\n') + buf[n++] = '\n'; + buf[n] = '\0'; + lwsl_notice("CGI-stderr: %s\n", buf); + } + break; + } + break; + + case LWS_CALLBACK_CGI_TERMINATED: + return -1; + + case LWS_CALLBACK_CGI_STDIN_DATA: /* POST body for stdin */ + args = (struct lws_cgi_args *)in; + args->data[args->len] = '\0'; + n = write(lws_get_socket_fd(args->stdwsi[LWS_STDIN]), + args->data, args->len); + if (n < args->len) + lwsl_notice("LWS_CALLBACK_CGI_STDIN_DATA: " + "sent %d only %d went", n, args->len); + return n; +#endif + + case LWS_CALLBACK_SSL_INFO: + { + struct lws_ssl_info *si = in; + + (void)si; + lwsl_notice("LWS_CALLBACK_SSL_INFO: where: 0x%x, ret: 0x%x\n", + si->where, si->ret); + } + break; + + default: + break; + } + + return 0; +} + +/* list of supported protocols and callbacks */ + +static const struct lws_protocols protocols_dummy[] = { + /* first protocol must always be HTTP handler */ + + { + "http-only", /* name */ + lws_callback_http_dummy, /* callback */ + 0, /* per_session_data_size */ + 0, /* max frame size / rx buffer */ + 0, NULL, 0 + }, + /* + * the other protocols are provided by lws plugins + */ + { NULL, NULL, 0, 0, 0, NULL, 0} /* terminator */ +}; + +#ifdef LWS_PLAT_OPTEE +#undef LWS_HAVE_GETENV +#endif + +LWS_VISIBLE struct lws_vhost * +lws_create_vhost(struct lws_context *context, + struct lws_context_creation_info *info) +{ + struct lws_vhost *vh = lws_zalloc(sizeof(*vh)), + **vh1 = &context->vhost_list; + const struct lws_http_mount *mounts; + const struct lws_protocol_vhost_options *pvo; +#ifdef LWS_WITH_PLUGINS + struct lws_plugin *plugin = context->plugin_list; +#endif + struct lws_protocols *lwsp; + int m, f = !info->pvo; +#ifdef LWS_HAVE_GETENV + char *p; +#endif + int n; + + if (!vh) + return NULL; + + if (!info->protocols) + info->protocols = &protocols_dummy[0]; + + vh->context = context; + if (!info->vhost_name) + vh->name = "default"; + else + vh->name = info->vhost_name; + + vh->iface = info->iface; +#if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) && !defined(OPTEE_TA) && !defined(WIN32) + vh->bind_iface = info->bind_iface; +#endif + + for (vh->count_protocols = 0; + info->protocols[vh->count_protocols].callback; + vh->count_protocols++) + ; + + vh->options = info->options; + vh->pvo = info->pvo; + vh->headers = info->headers; + vh->ssl_info_event_mask = info->ssl_info_event_mask; + if (info->keepalive_timeout) + vh->keepalive_timeout = info->keepalive_timeout; + else + vh->keepalive_timeout = 5; + + if (info->timeout_secs_ah_idle) + vh->timeout_secs_ah_idle = info->timeout_secs_ah_idle; + else + vh->timeout_secs_ah_idle = 10; + + /* + * give the vhost a unified list of protocols including the + * ones that came from plugins + */ + lwsp = lws_zalloc(sizeof(struct lws_protocols) * + (vh->count_protocols + + context->plugin_protocol_count + 1)); + if (!lwsp) { + lwsl_err("OOM\n"); + return NULL; + } + + m = vh->count_protocols; + memcpy(lwsp, info->protocols, sizeof(struct lws_protocols) * m); + + /* for compatibility, all protocols enabled on vhost if only + * the default vhost exists. Otherwise only vhosts who ask + * for a protocol get it enabled. + */ + + if (context->options & LWS_SERVER_OPTION_EXPLICIT_VHOSTS) + f = 0; + (void)f; +#ifdef LWS_WITH_PLUGINS + if (plugin) { + + while (plugin) { + for (n = 0; n < plugin->caps.count_protocols; n++) { + /* + * for compatibility's sake, no pvo implies + * allow all protocols + */ + if (f || lws_vhost_protocol_options(vh, + plugin->caps.protocols[n].name)) { + memcpy(&lwsp[m], + &plugin->caps.protocols[n], + sizeof(struct lws_protocols)); + m++; + vh->count_protocols++; + } + } + plugin = plugin->list; + } + } +#endif + + if ( +#ifdef LWS_WITH_PLUGINS + (context->plugin_list) || +#endif + context->options & LWS_SERVER_OPTION_EXPLICIT_VHOSTS) + vh->protocols = lwsp; + else { + vh->protocols = info->protocols; + lws_free(lwsp); + } + + vh->same_vh_protocol_list = (struct lws **) + lws_zalloc(sizeof(struct lws *) * vh->count_protocols); + + vh->mount_list = info->mounts; + +#ifdef LWS_USE_UNIX_SOCK + if (LWS_UNIX_SOCK_ENABLED(context)) { + lwsl_notice("Creating Vhost '%s' path \"%s\", %d protocols\n", + vh->name, info->iface, vh->count_protocols); + } else +#endif + lwsl_notice("Creating Vhost '%s' port %d, %d protocols, IPv6 %s\n", + vh->name, info->port, vh->count_protocols, LWS_IPV6_ENABLED(vh) ? "on" : "off"); + + mounts = info->mounts; + while (mounts) { + (void)mount_protocols[0]; + lwsl_notice(" mounting %s%s to %s\n", + mount_protocols[mounts->origin_protocol], + mounts->origin, mounts->mountpoint); + + /* convert interpreter protocol names to pointers */ + pvo = mounts->interpret; + while (pvo) { + for (n = 0; n < vh->count_protocols; n++) + if (!strcmp(pvo->value, vh->protocols[n].name)) { + ((struct lws_protocol_vhost_options *)pvo)->value = + (const char *)(lws_intptr_t)n; + break; + } + if (n == vh->count_protocols) + lwsl_err("ignoring unknown interpret protocol %s\n", pvo->value); + pvo = pvo->next; + } + + mounts = mounts->mount_next; + } + +#ifndef LWS_NO_EXTENSIONS +#ifdef LWS_WITH_PLUGINS + if (context->plugin_extension_count) { + + m = 0; + while (info->extensions && info->extensions[m].callback) + m++; + + /* + * give the vhost a unified list of extensions including the + * ones that came from plugins + */ + vh->extensions = lws_zalloc(sizeof(struct lws_extension) * + (m + + context->plugin_extension_count + 1)); + if (!vh->extensions) + return NULL; + + memcpy((struct lws_extension *)vh->extensions, info->extensions, + sizeof(struct lws_extension) * m); + plugin = context->plugin_list; + while (plugin) { + memcpy((struct lws_extension *)&vh->extensions[m], + plugin->caps.extensions, + sizeof(struct lws_extension) * + plugin->caps.count_extensions); + m += plugin->caps.count_extensions; + plugin = plugin->list; + } + } else +#endif + vh->extensions = info->extensions; +#endif + + vh->listen_port = info->port; +#if !defined(LWS_WITH_ESP8266) + vh->http_proxy_port = 0; + vh->http_proxy_address[0] = '\0'; +#if defined(LWS_WITH_SOCKS5) + vh->socks_proxy_port = 0; + vh->socks_proxy_address[0] = '\0'; +#endif + + /* either use proxy from info, or try get it from env var */ + + /* http proxy */ + if (info->http_proxy_address) { + /* override for backwards compatibility */ + if (info->http_proxy_port) + vh->http_proxy_port = info->http_proxy_port; + lws_set_proxy(vh, info->http_proxy_address); + } else { +#ifdef LWS_HAVE_GETENV + p = getenv("http_proxy"); + if (p) + lws_set_proxy(vh, p); +#endif + } +#if defined(LWS_WITH_SOCKS5) + /* socks proxy */ + if (info->socks_proxy_address) { + /* override for backwards compatibility */ + if (info->socks_proxy_port) + vh->socks_proxy_port = info->socks_proxy_port; + lws_set_socks(vh, info->socks_proxy_address); + } else { +#ifdef LWS_HAVE_GETENV + p = getenv("socks_proxy"); + if (p) + lws_set_socks(vh, p); +#endif + } +#endif +#endif + + vh->ka_time = info->ka_time; + vh->ka_interval = info->ka_interval; + vh->ka_probes = info->ka_probes; + + if (vh->options & LWS_SERVER_OPTION_STS) + lwsl_notice(" STS enabled\n"); + +#ifdef LWS_WITH_ACCESS_LOG + if (info->log_filepath) { + vh->log_fd = open(info->log_filepath, O_CREAT | O_APPEND | O_RDWR, 0600); + if (vh->log_fd == (int)LWS_INVALID_FILE) { + lwsl_err("unable to open log filepath %s\n", + info->log_filepath); + goto bail; + } +#ifndef WIN32 + if (context->uid != -1) + if (chown(info->log_filepath, context->uid, + context->gid) == -1) + lwsl_err("unable to chown log file %s\n", + info->log_filepath); +#endif + } else + vh->log_fd = (int)LWS_INVALID_FILE; +#endif + if (lws_context_init_server_ssl(info, vh)) + goto bail; + if (lws_context_init_client_ssl(info, vh)) + goto bail; + if (lws_context_init_server(info, vh)) { + lwsl_err("init server failed\n"); + goto bail; + } + + while (1) { + if (!(*vh1)) { + *vh1 = vh; + break; + } + vh1 = &(*vh1)->vhost_next; + }; + /* for the case we are adding a vhost much later, after server init */ + + if (context->protocol_init_done) + lws_protocol_init(context); + + return vh; + +bail: + lws_free(vh); + + return NULL; +} + +LWS_VISIBLE int +lws_init_vhost_client_ssl(const struct lws_context_creation_info *info, + struct lws_vhost *vhost) +{ + struct lws_context_creation_info i; + + memcpy(&i, info, sizeof(i)); + i.port = CONTEXT_PORT_NO_LISTEN; + + return lws_context_init_client_ssl(&i, vhost); +} + +LWS_VISIBLE struct lws_context * +lws_create_context(struct lws_context_creation_info *info) +{ + struct lws_context *context = NULL; + struct lws_plat_file_ops *prev; +#ifndef LWS_NO_DAEMONIZE + int pid_daemon = get_daemonize_pid(); +#endif + int n, m; +#if defined(__ANDROID__) + struct rlimit rt; +#endif + + lwsl_notice("Initial logging level %d\n", log_level); + lwsl_notice("Libwebsockets version: %s\n", library_version); +#if defined(GCC_VER) + lwsl_notice("Compiled with %s\n", GCC_VER); +#endif +#if LWS_POSIX +#ifdef LWS_USE_IPV6 + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DISABLE_IPV6)) + lwsl_notice("IPV6 compiled in and enabled\n"); + else + lwsl_notice("IPV6 compiled in but disabled\n"); +#else + lwsl_notice("IPV6 not compiled in\n"); +#endif +#if !defined(LWS_PLAT_OPTEE) && !defined(LWS_PLAT_ESP32) + lws_feature_status_libev(info); + lws_feature_status_libuv(info); +#endif +#endif + lwsl_info(" LWS_DEF_HEADER_LEN : %u\n", LWS_DEF_HEADER_LEN); + lwsl_info(" LWS_MAX_PROTOCOLS : %u\n", LWS_MAX_PROTOCOLS); + lwsl_info(" LWS_MAX_SMP : %u\n", LWS_MAX_SMP); + lwsl_info(" SPEC_LATEST_SUPPORTED : %u\n", SPEC_LATEST_SUPPORTED); + lwsl_info(" sizeof (*info) : %ld\n", (long)sizeof(*info)); +#if defined(LWS_WITH_STATS) + lwsl_notice(" LWS_WITH_STATS : on\n"); +#endif +#if LWS_POSIX + lwsl_info(" SYSTEM_RANDOM_FILEPATH: '%s'\n", SYSTEM_RANDOM_FILEPATH); +#endif + if (lws_plat_context_early_init()) + return NULL; + + context = lws_zalloc(sizeof(struct lws_context)); + if (!context) { + lwsl_err("No memory for websocket context\n"); + return NULL; + } + if (info->pt_serv_buf_size) + context->pt_serv_buf_size = info->pt_serv_buf_size; + else + context->pt_serv_buf_size = 4096; + + /* default to just the platform fops implementation */ + + context->fops_platform.LWS_FOP_OPEN = _lws_plat_file_open; + context->fops_platform.LWS_FOP_CLOSE = _lws_plat_file_close; + context->fops_platform.LWS_FOP_SEEK_CUR = _lws_plat_file_seek_cur; + context->fops_platform.LWS_FOP_READ = _lws_plat_file_read; + context->fops_platform.LWS_FOP_WRITE = _lws_plat_file_write; + context->fops_platform.fi[0].sig = NULL; + + /* + * arrange a linear linked-list of fops starting from context->fops + * + * platform fops + * [ -> fops_zip (copied into context so .next settable) ] + * [ -> info->fops ] + */ + + context->fops = &context->fops_platform; + prev = (struct lws_plat_file_ops *)context->fops; + +#if defined(LWS_WITH_ZIP_FOPS) + /* make a soft copy so we can set .next */ + context->fops_zip = fops_zip; + prev->next = &context->fops_zip; + prev = (struct lws_plat_file_ops *)prev->next; +#endif + + /* if user provided fops, tack them on the end of the list */ + if (info->fops) + prev->next = info->fops; + + context->reject_service_keywords = info->reject_service_keywords; + if (info->external_baggage_free_on_destroy) + context->external_baggage_free_on_destroy = + info->external_baggage_free_on_destroy; + + context->time_up = time(NULL); + + context->simultaneous_ssl_restriction = info->simultaneous_ssl_restriction; + +#ifndef LWS_NO_DAEMONIZE + if (pid_daemon) { + context->started_with_parent = pid_daemon; + lwsl_notice(" Started with daemon pid %d\n", pid_daemon); + } +#endif +#if defined(__ANDROID__) + n = getrlimit ( RLIMIT_NOFILE,&rt); + if (-1 == n) { + lwsl_err("Get RLIMIT_NOFILE failed!\n"); + return NULL; + } + context->max_fds = rt.rlim_cur; +#else + context->max_fds = getdtablesize(); +#endif + + if (info->count_threads) + context->count_threads = info->count_threads; + else + context->count_threads = 1; + + if (context->count_threads > LWS_MAX_SMP) + context->count_threads = LWS_MAX_SMP; + + context->token_limits = info->token_limits; + + context->options = info->options; + + if (info->timeout_secs) + context->timeout_secs = info->timeout_secs; + else + context->timeout_secs = AWAITING_TIMEOUT; + + context->ws_ping_pong_interval = info->ws_ping_pong_interval; + + lwsl_info(" default timeout (secs): %u\n", context->timeout_secs); + + if (info->max_http_header_data) + context->max_http_header_data = info->max_http_header_data; + else + if (info->max_http_header_data2) + context->max_http_header_data = + info->max_http_header_data2; + else + context->max_http_header_data = LWS_DEF_HEADER_LEN; + if (info->max_http_header_pool) + context->max_http_header_pool = info->max_http_header_pool; + else + context->max_http_header_pool = LWS_DEF_HEADER_POOL; + + /* + * Allocate the per-thread storage for scratchpad buffers, + * and header data pool + */ + for (n = 0; n < context->count_threads; n++) { + context->pt[n].serv_buf = lws_zalloc(context->pt_serv_buf_size); + if (!context->pt[n].serv_buf) { + lwsl_err("OOM\n"); + return NULL; + } + +#ifdef LWS_USE_LIBUV + context->pt[n].context = context; +#endif + context->pt[n].tid = n; + context->pt[n].http_header_data = lws_malloc(context->max_http_header_data * + context->max_http_header_pool); + if (!context->pt[n].http_header_data) + goto bail; + + context->pt[n].ah_pool = lws_zalloc(sizeof(struct allocated_headers) * + context->max_http_header_pool); + for (m = 0; m < context->max_http_header_pool; m++) + context->pt[n].ah_pool[m].data = + (char *)context->pt[n].http_header_data + + (m * context->max_http_header_data); + if (!context->pt[n].ah_pool) + goto bail; + + lws_pt_mutex_init(&context->pt[n]); + } + + if (info->fd_limit_per_thread) + context->fd_limit_per_thread = info->fd_limit_per_thread; + else + context->fd_limit_per_thread = context->max_fds / + context->count_threads; + + lwsl_notice(" Threads: %d each %d fds\n", context->count_threads, + context->fd_limit_per_thread); + + if (!info->ka_interval && info->ka_time > 0) { + lwsl_err("info->ka_interval can't be 0 if ka_time used\n"); + return NULL; + } + +#ifdef LWS_USE_LIBEV + /* (Issue #264) In order to *avoid breaking backwards compatibility*, we + * enable libev mediated SIGINT handling with a default handler of + * lws_sigint_cb. The handler can be overridden or disabled + * by invoking lws_sigint_cfg after creating the context, but + * before invoking lws_initloop: + */ + context->use_ev_sigint = 1; + context->lws_ev_sigint_cb = &lws_ev_sigint_cb; +#endif /* LWS_USE_LIBEV */ +#ifdef LWS_USE_LIBUV + /* (Issue #264) In order to *avoid breaking backwards compatibility*, we + * enable libev mediated SIGINT handling with a default handler of + * lws_sigint_cb. The handler can be overridden or disabled + * by invoking lws_sigint_cfg after creating the context, but + * before invoking lws_initloop: + */ + context->use_ev_sigint = 1; + context->lws_uv_sigint_cb = &lws_uv_sigint_cb; +#endif +#ifdef LWS_USE_LIBEVENT + /* (Issue #264) In order to *avoid breaking backwards compatibility*, we + * enable libev mediated SIGINT handling with a default handler of + * lws_sigint_cb. The handler can be overridden or disabled + * by invoking lws_sigint_cfg after creating the context, but + * before invoking lws_initloop: + */ + context->use_ev_sigint = 1; + context->lws_event_sigint_cb = &lws_event_sigint_cb; +#endif /* LWS_USE_LIBEVENT */ + + lwsl_info(" mem: context: %5lu bytes (%ld ctx + (%ld thr x %d))\n", + (long)sizeof(struct lws_context) + + (context->count_threads * context->pt_serv_buf_size), + (long)sizeof(struct lws_context), + (long)context->count_threads, + context->pt_serv_buf_size); + + lwsl_info(" mem: http hdr rsvd: %5lu bytes (%u thr x (%u + %lu) x %u))\n", + (long)(context->max_http_header_data + + sizeof(struct allocated_headers)) * + context->max_http_header_pool * context->count_threads, + context->count_threads, + context->max_http_header_data, + (long)sizeof(struct allocated_headers), + context->max_http_header_pool); + n = sizeof(struct lws_pollfd) * context->count_threads * + context->fd_limit_per_thread; + context->pt[0].fds = lws_zalloc(n); + if (context->pt[0].fds == NULL) { + lwsl_err("OOM allocating %d fds\n", context->max_fds); + goto bail; + } + lwsl_info(" mem: pollfd map: %5u\n", n); + + if (info->server_string) { + context->server_string = info->server_string; + context->server_string_len = (short) + strlen(context->server_string); + } + +#if LWS_MAX_SMP > 1 + /* each thread serves his own chunk of fds */ + for (n = 1; n < (int)info->count_threads; n++) + context->pt[n].fds = context->pt[n - 1].fds + + context->fd_limit_per_thread; +#endif + + if (lws_plat_init(context, info)) + goto bail; + + lws_context_init_ssl_library(info); + + context->user_space = info->user; + + /* + * if he's not saying he'll make his own vhosts later then act + * compatibly and make a default vhost using the data in the info + */ + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) + if (!lws_create_vhost(context, info)) { + lwsl_err("Failed to create default vhost\n"); + return NULL; + } + + lws_context_init_extensions(info, context); + + lwsl_notice(" mem: per-conn: %5lu bytes + protocol rx buf\n", + (unsigned long)sizeof(struct lws)); + + strcpy(context->canonical_hostname, "unknown"); + lws_server_get_canonical_hostname(context, info); + + context->uid = info->uid; + context->gid = info->gid; + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + memcpy(context->caps, info->caps, sizeof(context->caps)); + context->count_caps = info->count_caps; +#endif + + /* + * drop any root privs for this process + * to listen on port < 1023 we would have needed root, but now we are + * listening, we don't want the power for anything else + */ + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) + lws_plat_drop_app_privileges(info); + + /* + * give all extensions a chance to create any per-context + * allocations they need + */ + if (info->port != CONTEXT_PORT_NO_LISTEN) { + if (lws_ext_cb_all_exts(context, NULL, + LWS_EXT_CB_SERVER_CONTEXT_CONSTRUCT, NULL, 0) < 0) + goto bail; + } else + if (lws_ext_cb_all_exts(context, NULL, + LWS_EXT_CB_CLIENT_CONTEXT_CONSTRUCT, NULL, 0) < 0) + goto bail; + + return context; + +bail: + lws_context_destroy(context); + return NULL; +} + +LWS_VISIBLE LWS_EXTERN void +lws_context_deprecate(struct lws_context *context, lws_reload_func cb) +{ + struct lws_vhost *vh = context->vhost_list, *vh1; + struct lws *wsi; + + /* + * "deprecation" means disable the context from accepting any new + * connections and free up listen sockets to be used by a replacement + * context. + * + * Otherwise the deprecated context remains operational, until its + * number of connected sockets falls to zero, when it is deleted. + */ + + /* for each vhost, close his listen socket */ + + while (vh) { + wsi = vh->lserv_wsi; + if (wsi) { + wsi->socket_is_permanently_unusable = 1; + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + wsi->context->deprecation_pending_listen_close_count++; + /* + * other vhosts can share the listen port, they + * point to the same wsi. So zap those too. + */ + vh1 = context->vhost_list; + while (vh1) { + if (vh1->lserv_wsi == wsi) + vh1->lserv_wsi = NULL; + vh1 = vh1->vhost_next; + } + } + vh = vh->vhost_next; + } + + context->deprecated = 1; + context->deprecation_cb = cb; +} + +LWS_VISIBLE LWS_EXTERN int +lws_context_is_deprecated(struct lws_context *context) +{ + return context->deprecated; +} + +LWS_VISIBLE void +lws_context_destroy2(struct lws_context *context); + + +static void +lws_vhost_destroy1(struct lws_vhost *vh) +{ + const struct lws_protocols *protocol = NULL; + struct lws_context_per_thread *pt; + int n, m = vh->context->count_threads; + struct lws_context *context = vh->context; + struct lws wsi; + + lwsl_notice("%s\n", __func__); + + if (vh->being_destroyed) + return; + + vh->being_destroyed = 1; + + /* + * Are there other vhosts that are piggybacking on our listen socket? + * If so we need to hand the listen socket off to one of the others + * so it will remain open. If not, leave it attached to the closing + * vhost and it will get closed. + */ + + if (vh->lserv_wsi) + lws_start_foreach_ll(struct lws_vhost *, v, context->vhost_list) { + if (v != vh && + !v->being_destroyed && + v->listen_port == vh->listen_port && + ((!v->iface && !vh->iface) || + (v->iface && vh->iface && + !strcmp(v->iface, vh->iface)))) { + /* + * this can only be a listen wsi, which is + * restricted... it has no protocol or other + * bindings or states. So we can simply + * swap it to a vhost that has the same + * iface + port, but is not closing. + */ + assert(v->lserv_wsi == NULL); + v->lserv_wsi = vh->lserv_wsi; + vh->lserv_wsi = NULL; + v->lserv_wsi->vhost = v; + + lwsl_notice("%s: listen skt from %s to %s\n", + __func__, vh->name, v->name); + break; + } + } lws_end_foreach_ll(v, vhost_next); + + /* + * Forcibly close every wsi assoicated with this vhost. That will + * include the listen socket if it is still associated with the closing + * vhost. + */ + + while (m--) { + pt = &context->pt[m]; + + for (n = 0; (unsigned int)n < context->pt[m].fds_count; n++) { + struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); + if (!wsi) + continue; + if (wsi->vhost != vh) + continue; + + lws_close_free_wsi(wsi, + LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY + /* no protocol close */); + n--; + } + } + + /* + * let the protocols destroy the per-vhost protocol objects + */ + + memset(&wsi, 0, sizeof(wsi)); + wsi.context = vh->context; + wsi.vhost = vh; + protocol = vh->protocols; + if (protocol) { + n = 0; + while (n < vh->count_protocols) { + wsi.protocol = protocol; + protocol->callback(&wsi, LWS_CALLBACK_PROTOCOL_DESTROY, + NULL, NULL, 0); + protocol++; + n++; + } + } + + /* + * remove vhost from context list of vhosts + */ + + lws_start_foreach_llp(struct lws_vhost **, pv, context->vhost_list) { + if (*pv == vh) { + *pv = vh->vhost_next; + break; + } + } lws_end_foreach_llp(pv, vhost_next); + + /* add ourselves to the pending destruction list */ + + vh->vhost_next = vh->context->vhost_pending_destruction_list; + vh->context->vhost_pending_destruction_list = vh; +} + +static void +lws_vhost_destroy2(struct lws_vhost *vh) +{ + const struct lws_protocols *protocol = NULL; + struct lws_context *context = vh->context; + struct lws_deferred_free *df; + int n; + + lwsl_notice("%s: %p\n", __func__, vh); + + /* if we are still on deferred free list, remove ourselves */ + + lws_start_foreach_llp(struct lws_deferred_free **, pdf, context->deferred_free_list) { + if ((*pdf)->payload == vh) { + df = *pdf; + *pdf = df->next; + lws_free(df); + break; + } + } lws_end_foreach_llp(pdf, next); + + /* remove ourselves from the pending destruction list */ + + lws_start_foreach_llp(struct lws_vhost **, pv, context->vhost_pending_destruction_list) { + if ((*pv) == vh) { + *pv = (*pv)->vhost_next; + break; + } + } lws_end_foreach_llp(pv, vhost_next); + + /* + * Free all the allocations associated with the vhost + */ + + protocol = vh->protocols; + if (protocol) { + n = 0; + while (n < vh->count_protocols) { + if (vh->protocol_vh_privs && + vh->protocol_vh_privs[n]) { + lws_free(vh->protocol_vh_privs[n]); + vh->protocol_vh_privs[n] = NULL; + } + protocol++; + n++; + } + } + if (vh->protocol_vh_privs) + lws_free(vh->protocol_vh_privs); + lws_ssl_SSL_CTX_destroy(vh); + lws_free(vh->same_vh_protocol_list); +#ifdef LWS_WITH_PLUGINS + if (LWS_LIBUV_ENABLED(context)) { + if (context->plugin_list) + lws_free((void *)vh->protocols); + } else +#endif + { + if (context->options & LWS_SERVER_OPTION_EXPLICIT_VHOSTS) + lws_free((void *)vh->protocols); + } + +#ifdef LWS_WITH_PLUGINS +#ifndef LWS_NO_EXTENSIONS + if (context->plugin_extension_count) + lws_free((void *)vh->extensions); +#endif +#endif +#ifdef LWS_WITH_ACCESS_LOG + if (vh->log_fd != (int)LWS_INVALID_FILE) + close(vh->log_fd); +#endif + + /* + * although async event callbacks may still come for wsi handles with + * pending close in the case of asycn event library like libuv, + * they do not refer to the vhost. So it's safe to free. + */ + + lwsl_notice(" %s: Freeing vhost %p\n", __func__, vh); + + memset(vh, 0, sizeof(*vh)); + free(vh); +} + +int +lws_check_deferred_free(struct lws_context *context, int force) +{ + struct lws_deferred_free *df; + time_t now = lws_now_secs(); + + lws_start_foreach_llp(struct lws_deferred_free **, pdf, context->deferred_free_list) { + if (now > (*pdf)->deadline || force) { + df = *pdf; + *pdf = df->next; + /* finalize vh destruction */ + lwsl_notice("doing deferred vh %p destroy\n", df->payload); + lws_vhost_destroy2(df->payload); + lws_free(df); + continue; /* after deletion we already point to next */ + } + } lws_end_foreach_llp(pdf, next); + + return 0; +} + +LWS_VISIBLE void +lws_vhost_destroy(struct lws_vhost *vh) +{ + struct lws_deferred_free *df = malloc(sizeof(*df)); + + if (!df) + return; + + lws_vhost_destroy1(vh); + + /* part 2 is deferred to allow all the handle closes to complete */ + + df->next = vh->context->deferred_free_list; + df->deadline = lws_now_secs() + 5; + df->payload = vh; + vh->context->deferred_free_list = df; +} + +LWS_VISIBLE void +lws_context_destroy(struct lws_context *context) +{ + struct lws_context_per_thread *pt; + struct lws_vhost *vh = NULL; + struct lws wsi; + int n, m; + + if (!context) { + lwsl_notice("%s: ctx %p\n", __func__, context); + return; + } + if (context->being_destroyed1) { + lwsl_notice("%s: ctx %p: already being destroyed\n", __func__, context); + return; + } + + lwsl_notice("%s: ctx %p\n", __func__, context); + + m = context->count_threads; + context->being_destroyed = 1; + context->being_destroyed1 = 1; + + memset(&wsi, 0, sizeof(wsi)); + wsi.context = context; + +#ifdef LWS_LATENCY + if (context->worst_latency_info[0]) + lwsl_notice("Worst latency: %s\n", context->worst_latency_info); +#endif + + while (m--) { + pt = &context->pt[m]; + + for (n = 0; (unsigned int)n < context->pt[m].fds_count; n++) { + struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); + if (!wsi) + continue; + + lws_close_free_wsi(wsi, + LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY + /* no protocol close */); + n--; + } + lws_pt_mutex_destroy(pt); + } + + /* + * give all extensions a chance to clean up any per-context + * allocations they might have made + */ + + n = lws_ext_cb_all_exts(context, NULL, + LWS_EXT_CB_SERVER_CONTEXT_DESTRUCT, NULL, 0); + + n = lws_ext_cb_all_exts(context, NULL, + LWS_EXT_CB_CLIENT_CONTEXT_DESTRUCT, NULL, 0); + + /* + * inform all the protocols that they are done and will have no more + * callbacks. + * + * We can't free things until after the event loop shuts down. + */ + if (context->protocol_init_done) + vh = context->vhost_list; + while (vh) { + lws_vhost_destroy1(vh); + vh = vh->vhost_next; + } + + for (n = 0; n < context->count_threads; n++) { + pt = &context->pt[n]; + + lws_libev_destroyloop(context, n); + lws_libuv_destroyloop(context, n); + lws_libevent_destroyloop(context, n); + + lws_free_set_NULL(context->pt[n].serv_buf); + if (pt->ah_pool) + lws_free(pt->ah_pool); + if (pt->http_header_data) + lws_free(pt->http_header_data); + } + lws_plat_context_early_destroy(context); + + if (context->pt[0].fds) + lws_free_set_NULL(context->pt[0].fds); + + if (!LWS_LIBUV_ENABLED(context)) + lws_context_destroy2(context); +} + +/* + * call the second one after the event loop has been shut down cleanly + */ + +LWS_VISIBLE void +lws_context_destroy2(struct lws_context *context) +{ + struct lws_vhost *vh = NULL, *vh1; + + lwsl_notice("%s: ctx %p\n", __func__, context); + + /* + * free all the per-vhost allocations + */ + + vh = context->vhost_list; + while (vh) { + vh1 = vh->vhost_next; + lws_vhost_destroy2(vh); + vh = vh1; + } + + /* remove ourselves from the pending destruction list */ + + while (context->vhost_pending_destruction_list) + /* removes itself from list */ + lws_vhost_destroy2(context->vhost_pending_destruction_list); + + + lws_stats_log_dump(context); + + lws_ssl_context_destroy(context); + lws_plat_context_late_destroy(context); + + if (context->external_baggage_free_on_destroy) + free(context->external_baggage_free_on_destroy); + + lws_check_deferred_free(context, 1); + + lws_free(context); +} diff --git a/lib/core-net/adopt.c b/lib/core-net/adopt.c deleted file mode 100644 index 9b84af2..0000000 --- a/lib/core-net/adopt.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -static int -lws_get_idlest_tsi(struct lws_context *context) -{ - unsigned int lowest = ~0; - int n = 0, hit = -1; - - for (; n < context->count_threads; n++) { - if ((unsigned int)context->pt[n].fds_count != - context->fd_limit_per_thread - 1 && - (unsigned int)context->pt[n].fds_count < lowest) { - lowest = context->pt[n].fds_count; - hit = n; - } - } - - return hit; -} - -struct lws * -lws_create_new_server_wsi(struct lws_vhost *vhost, int fixed_tsi) -{ - struct lws *new_wsi; - int n = fixed_tsi; - - if (n < 0) - n = lws_get_idlest_tsi(vhost->context); - - if (n < 0) { - lwsl_err("no space for new conn\n"); - return NULL; - } - - new_wsi = lws_zalloc(sizeof(struct lws), "new server wsi"); - if (new_wsi == NULL) { - lwsl_err("Out of memory for new connection\n"); - return NULL; - } - - new_wsi->wsistate |= LWSIFR_SERVER; - new_wsi->tsi = n; - lwsl_debug("new wsi %p joining vhost %s, tsi %d\n", new_wsi, - vhost->name, new_wsi->tsi); - - lws_vhost_bind_wsi(vhost, new_wsi); - new_wsi->context = vhost->context; - new_wsi->pending_timeout = NO_PENDING_TIMEOUT; - new_wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; - - /* initialize the instance struct */ - - lwsi_set_state(new_wsi, LRS_UNCONNECTED); - new_wsi->hdr_parsing_completed = 0; - -#ifdef LWS_WITH_TLS - new_wsi->tls.use_ssl = LWS_SSL_ENABLED(vhost); -#endif - - /* - * these can only be set once the protocol is known - * we set an un-established connection's protocol pointer - * to the start of the supported list, so it can look - * for matching ones during the handshake - */ - new_wsi->protocol = vhost->protocols; - new_wsi->user_space = NULL; - new_wsi->desc.sockfd = LWS_SOCK_INVALID; - new_wsi->position_in_fds_table = LWS_NO_FDS_POS; - - vhost->context->count_wsi_allocated++; - - /* - * outermost create notification for wsi - * no user_space because no protocol selection - */ - vhost->protocols[0].callback(new_wsi, LWS_CALLBACK_WSI_CREATE, NULL, - NULL, 0); - - return new_wsi; -} - - -/* if not a socket, it's a raw, non-ssl file descriptor */ - -LWS_VISIBLE struct lws * -lws_adopt_descriptor_vhost(struct lws_vhost *vh, lws_adoption_type type, - lws_sock_file_fd_type fd, const char *vh_prot_name, - struct lws *parent) -{ - struct lws_context *context = vh->context; - struct lws_context_per_thread *pt; - struct lws *new_wsi; - int n; - -#if defined(LWS_WITH_PEER_LIMITS) - struct lws_peer *peer = NULL; - - if (type & LWS_ADOPT_SOCKET) { - peer = lws_get_or_create_peer(vh, fd.sockfd); - - if (peer && context->ip_limit_wsi && - peer->count_wsi >= context->ip_limit_wsi) { - lwsl_notice("Peer reached wsi limit %d\n", - context->ip_limit_wsi); - lws_stats_bump(&context->pt[0], - LWSSTATS_C_PEER_LIMIT_WSI_DENIED, - 1); - return NULL; - } - } -#endif - - /* - * Notice that in SMP case, the wsi may be being created on an - * entirely different pt / tsi for load balancing. In that case as - * we initialize it, it may become "live" concurrently unexpectedly... - */ - - n = -1; - if (parent) - n = parent->tsi; - new_wsi = lws_create_new_server_wsi(vh, n); - if (!new_wsi) { - if (type & LWS_ADOPT_SOCKET) - compatible_close(fd.sockfd); - return NULL; - } -#if defined(LWS_WITH_PEER_LIMITS) - if (peer) - lws_peer_add_wsi(context, peer, new_wsi); -#endif - pt = &context->pt[(int)new_wsi->tsi]; - lws_stats_bump(pt, LWSSTATS_C_CONNECTIONS, 1); - - if (parent) { - new_wsi->parent = parent; - new_wsi->sibling_list = parent->child_list; - parent->child_list = new_wsi; - } - - /* enforce that every fd is nonblocking */ - - if (type & LWS_ADOPT_SOCKET) { - if (lws_plat_set_nonblocking(fd.sockfd)) { - lwsl_err("%s: unable to set sockfd nonblocking\n", - __func__); - goto bail; - } - } -#if !defined(WIN32) - else - if (lws_plat_set_nonblocking(fd.filefd)) { - lwsl_err("%s: unable to set filefd nonblocking\n", - __func__); - goto bail; - } -#endif - - new_wsi->desc = fd; - - if (vh_prot_name) { - new_wsi->protocol = lws_vhost_name_to_protocol(new_wsi->vhost, - vh_prot_name); - if (!new_wsi->protocol) { - lwsl_err("Protocol %s not enabled on vhost %s\n", - vh_prot_name, new_wsi->vhost->name); - goto bail; - } - if (lws_ensure_user_space(new_wsi)) { - lwsl_notice("OOM trying to get user_space\n"); - goto bail; - } - } - - if (!LWS_SSL_ENABLED(new_wsi->vhost) || !(type & LWS_ADOPT_SOCKET)) - type &= ~LWS_ADOPT_ALLOW_SSL; - - if (lws_role_call_adoption_bind(new_wsi, type, vh_prot_name)) { - lwsl_err("Unable to find a role that can adopt descriptor type 0x%x\n", type); - goto bail; - } - - /* - * A new connection was accepted. Give the user a chance to - * set properties of the newly created wsi. There's no protocol - * selected yet so we issue this to the vhosts's default protocol, - * itself by default protocols[0] - */ - new_wsi->wsistate |= LWSIFR_SERVER; - n = LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED; - if (new_wsi->role_ops->adoption_cb[lwsi_role_server(new_wsi)]) - n = new_wsi->role_ops->adoption_cb[lwsi_role_server(new_wsi)]; - -#if !defined(LWS_AMAZON_RTOS) - if (context->event_loop_ops->accept) - if (context->event_loop_ops->accept(new_wsi)) - goto fail; -#endif - -#if LWS_MAX_SMP > 1 - /* - * Caution: after this point the wsi is live on its service thread - * which may be concurrent to this. We mark the wsi as still undergoing - * init in another pt so the assigned pt leaves it alone. - */ - new_wsi->undergoing_init_from_other_pt = 1; -#endif - - if (!(type & LWS_ADOPT_ALLOW_SSL)) { - lws_pt_lock(pt, __func__); - if (__insert_wsi_socket_into_fds(context, new_wsi)) { - lws_pt_unlock(pt); - lwsl_err("%s: fail inserting socket\n", __func__); - goto fail; - } - lws_pt_unlock(pt); - } -#if !defined(LWS_WITHOUT_SERVER) - else - if (lws_server_socket_service_ssl(new_wsi, fd.sockfd)) { - lwsl_info("%s: fail ssl negotiation\n", __func__); - goto fail; - } -#endif - - /* - * by deferring callback to this point, after insertion to fds, - * lws_callback_on_writable() can work from the callback - */ - if ((new_wsi->protocol->callback)(new_wsi, n, new_wsi->user_space, - NULL, 0)) - goto fail; - - /* role may need to do something after all adoption completed */ - - lws_role_call_adoption_bind(new_wsi, type | _LWS_ADOPT_FINISH, - vh_prot_name); - -#if LWS_MAX_SMP > 1 - /* its actual pt can service it now */ - - new_wsi->undergoing_init_from_other_pt = 0; -#endif - - lws_cancel_service_pt(new_wsi); - - return new_wsi; - -fail: - if (type & LWS_ADOPT_SOCKET) - lws_close_free_wsi(new_wsi, LWS_CLOSE_STATUS_NOSTATUS, - "adopt skt fail"); - - return NULL; - -bail: - lwsl_notice("%s: exiting on bail\n", __func__); - if (parent) - parent->child_list = new_wsi->sibling_list; - if (new_wsi->user_space) - lws_free(new_wsi->user_space); - - vh->context->count_wsi_allocated--; - - lws_vhost_unbind_wsi(new_wsi); - lws_free(new_wsi); - - compatible_close(fd.sockfd); - - return NULL; -} - -LWS_VISIBLE struct lws * -lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd) -{ - lws_sock_file_fd_type fd; - - fd.sockfd = accept_fd; - return lws_adopt_descriptor_vhost(vh, LWS_ADOPT_SOCKET | - LWS_ADOPT_HTTP | LWS_ADOPT_ALLOW_SSL, fd, NULL, NULL); -} - -LWS_VISIBLE struct lws * -lws_adopt_socket(struct lws_context *context, lws_sockfd_type accept_fd) -{ - return lws_adopt_socket_vhost(context->vhost_list, accept_fd); -} - -/* Common read-buffer adoption for lws_adopt_*_readbuf */ -static struct lws* -adopt_socket_readbuf(struct lws *wsi, const char *readbuf, size_t len) -{ - struct lws_context_per_thread *pt; - struct lws_pollfd *pfd; - int n; - - if (!wsi) - return NULL; - - if (!readbuf || len == 0) - return wsi; - - if (wsi->position_in_fds_table == LWS_NO_FDS_POS) - return wsi; - - pt = &wsi->context->pt[(int)wsi->tsi]; - - n = lws_buflist_append_segment(&wsi->buflist, (const uint8_t *)readbuf, - len); - if (n < 0) - goto bail; - if (n) - lws_dll2_add_head(&wsi->dll_buflist, &pt->dll_buflist_owner); - - /* - * we can't process the initial read data until we can attach an ah. - * - * if one is available, get it and place the data in his ah rxbuf... - * wsi with ah that have pending rxbuf get auto-POLLIN service. - * - * no autoservice because we didn't get a chance to attach the - * readbuf data to wsi or ah yet, and we will do it next if we get - * the ah. - */ - if (wsi->http.ah || !lws_header_table_attach(wsi, 0)) { - - lwsl_notice("%s: calling service on readbuf ah\n", __func__); - - /* - * unlike a normal connect, we have the headers already - * (or the first part of them anyway). - * libuv won't come back and service us without a network - * event, so we need to do the header service right here. - */ - pfd = &pt->fds[wsi->position_in_fds_table]; - pfd->revents |= LWS_POLLIN; - lwsl_err("%s: calling service\n", __func__); - if (lws_service_fd_tsi(wsi->context, pfd, wsi->tsi)) - /* service closed us */ - return NULL; - - return wsi; - } - lwsl_err("%s: deferring handling ah\n", __func__); - - return wsi; - -bail: - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "adopt skt readbuf fail"); - - return NULL; -} - -LWS_EXTERN struct lws * -lws_create_adopt_udp(struct lws_vhost *vhost, int port, int flags, - const char *protocol_name, struct lws *parent_wsi) -{ -#if !defined(LWS_PLAT_OPTEE) - lws_sock_file_fd_type sock; - struct addrinfo h, *r, *rp; - struct lws *wsi = NULL; - char buf[16]; - int n; - - memset(&h, 0, sizeof(h)); - h.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - h.ai_socktype = SOCK_DGRAM; - h.ai_protocol = IPPROTO_UDP; - h.ai_flags = AI_PASSIVE; -#ifdef AI_ADDRCONFIG - h.ai_flags |= AI_ADDRCONFIG; -#endif - - lws_snprintf(buf, sizeof(buf), "%u", port); - n = getaddrinfo(NULL, buf, &h, &r); - if (n) { -#ifndef LWS_WITH_ESP32 - lwsl_info("%s: getaddrinfo error: %s\n", __func__, gai_strerror(n)); -#else - lwsl_info("%s: getaddrinfo error: %s\n", __func__, strerror(n)); -#endif - goto bail; - } - - for (rp = r; rp; rp = rp->ai_next) { - sock.sockfd = socket(rp->ai_family, rp->ai_socktype, - rp->ai_protocol); - if (sock.sockfd != LWS_SOCK_INVALID) - break; - } - if (!rp) { - lwsl_err("%s: unable to create INET socket\n", __func__); - goto bail1; - } - - if ((flags & LWS_CAUDP_BIND) && bind(sock.sockfd, rp->ai_addr, -#if defined(_WIN32) - (int)rp->ai_addrlen -#else - rp->ai_addrlen -#endif - ) == -1) { - lwsl_err("%s: bind failed\n", __func__); - goto bail2; - } - - wsi = lws_adopt_descriptor_vhost(vhost, LWS_ADOPT_RAW_SOCKET_UDP, sock, - protocol_name, parent_wsi); - if (!wsi) - lwsl_err("%s: udp adoption failed\n", __func__); - -bail2: - if (!wsi) - compatible_close((int)sock.sockfd); -bail1: - freeaddrinfo(r); - -bail: - return wsi; -#else - return NULL; -#endif -} - -LWS_VISIBLE struct lws * -lws_adopt_socket_readbuf(struct lws_context *context, lws_sockfd_type accept_fd, - const char *readbuf, size_t len) -{ - return adopt_socket_readbuf(lws_adopt_socket(context, accept_fd), - readbuf, len); -} - -LWS_VISIBLE struct lws * -lws_adopt_socket_vhost_readbuf(struct lws_vhost *vhost, - lws_sockfd_type accept_fd, - const char *readbuf, size_t len) -{ - return adopt_socket_readbuf(lws_adopt_socket_vhost(vhost, accept_fd), - readbuf, len); -} diff --git a/lib/core-net/client.c b/lib/core-net/client.c deleted file mode 100644 index 873478b..0000000 --- a/lib/core-net/client.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -LWS_VISIBLE int -lws_set_proxy(struct lws_vhost *vhost, const char *proxy) -{ - char authstring[96]; - int brackets = 0; - char *p; - - if (!proxy) - return -1; - - /* we have to deal with a possible redundant leading http:// */ - if (!strncmp(proxy, "http://", 7)) - proxy += 7; - - p = strrchr(proxy, '@'); - if (p) { /* auth is around */ - - if ((unsigned int)(p - proxy) > sizeof(authstring) - 1) - goto auth_too_long; - - lws_strncpy(authstring, proxy, p - proxy + 1); - // null termination not needed on input - if (lws_b64_encode_string(authstring, lws_ptr_diff(p, proxy), - vhost->proxy_basic_auth_token, - sizeof vhost->proxy_basic_auth_token) < 0) - goto auth_too_long; - - lwsl_info(" Proxy auth in use\n"); - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - proxy = p + 1; -#endif - } else - vhost->proxy_basic_auth_token[0] = '\0'; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - -#if defined(LWS_WITH_IPV6) - /* - * isolating the address / port is complicated by IPv6 overloading - * the meaning of : in the address. The convention to solve it is to - * put [] around the ipv6 address part, eg, "[::1]:443". This must be - * parsed to "::1" as the address and the port as 443. - * - * IPv4 addresses like myproxy:443 continue to be parsed as normal. - */ - - if (proxy[0] == '[') - brackets = 1; -#endif - - lws_strncpy(vhost->http.http_proxy_address, proxy + brackets, - sizeof(vhost->http.http_proxy_address)); - - p = vhost->http.http_proxy_address; - -#if defined(LWS_WITH_IPV6) - if (brackets) { - /* original is IPv6 format "[::1]:443" */ - - p = strchr(vhost->http.http_proxy_address, ']'); - if (!p) { - lwsl_err("%s: malformed proxy '%s'\n", __func__, proxy); - - return -1; - } - *p++ = '\0'; - } -#endif - - p = strchr(p, ':'); - if (!p && !vhost->http.http_proxy_port) { - lwsl_err("http_proxy needs to be ads:port\n"); - - return -1; - } - if (p) { - *p = '\0'; - vhost->http.http_proxy_port = atoi(p + 1); - } - - lwsl_info(" Proxy %s:%u\n", vhost->http.http_proxy_address, - vhost->http.http_proxy_port); -#endif - - return 0; - -auth_too_long: - lwsl_err("proxy auth too long\n"); - - return -1; -} - diff --git a/lib/core-net/close.c b/lib/core-net/close.c deleted file mode 100644 index 95f2201..0000000 --- a/lib/core-net/close.c +++ /dev/null @@ -1,574 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -void -__lws_free_wsi(struct lws *wsi) -{ - if (!wsi) - return; - - /* - * Protocol user data may be allocated either internally by lws - * or by specified the user. We should only free what we allocated. - */ - if (wsi->protocol && wsi->protocol->per_session_data_size && - wsi->user_space && !wsi->user_space_externally_allocated) - lws_free(wsi->user_space); - - lws_buflist_destroy_all_segments(&wsi->buflist); - lws_buflist_destroy_all_segments(&wsi->buflist_out); - lws_free_set_NULL(wsi->udp); - - if (wsi->vhost && wsi->vhost->lserv_wsi == wsi) - wsi->vhost->lserv_wsi = NULL; -#if !defined(LWS_NO_CLIENT) - if (wsi->vhost) - lws_dll2_remove(&wsi->dll_cli_active_conns); -#endif - wsi->context->count_wsi_allocated--; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - __lws_header_table_detach(wsi, 0); -#endif - __lws_same_vh_protocol_remove(wsi); -#if !defined(LWS_NO_CLIENT) - lws_client_stash_destroy(wsi); - lws_free_set_NULL(wsi->cli_hostname_copy); -#endif - - if (wsi->role_ops->destroy_role) - wsi->role_ops->destroy_role(wsi); - -#if defined(LWS_WITH_PEER_LIMITS) - lws_peer_track_wsi_close(wsi->context, wsi->peer); - wsi->peer = NULL; -#endif - - /* since we will destroy the wsi, make absolutely sure now */ - -#if defined(LWS_WITH_OPENSSL) - __lws_ssl_remove_wsi_from_buffered_list(wsi); -#endif - __lws_wsi_remove_from_sul(wsi); - - if (wsi->context->event_loop_ops->destroy_wsi) - wsi->context->event_loop_ops->destroy_wsi(wsi); - - lws_vhost_unbind_wsi(wsi); - - lwsl_debug("%s: %p, remaining wsi %d\n", __func__, wsi, - wsi->context->count_wsi_allocated); - - lws_free(wsi); -} - - -void -lws_remove_child_from_any_parent(struct lws *wsi) -{ - struct lws **pwsi; - int seen = 0; - - if (!wsi->parent) - return; - - /* detach ourselves from parent's child list */ - pwsi = &wsi->parent->child_list; - while (*pwsi) { - if (*pwsi == wsi) { - lwsl_info("%s: detach %p from parent %p\n", __func__, - wsi, wsi->parent); - - if (wsi->parent->protocol) - wsi->parent->protocol->callback(wsi, - LWS_CALLBACK_CHILD_CLOSING, - wsi->parent->user_space, wsi, 0); - - *pwsi = wsi->sibling_list; - seen = 1; - break; - } - pwsi = &(*pwsi)->sibling_list; - } - if (!seen) - lwsl_err("%s: failed to detach from parent\n", __func__); - - wsi->parent = NULL; -} - -#if !defined(LWS_NO_CLIENT) -static int -lws_close_trans_q_leader(struct lws_dll2 *d, void *user) -{ - struct lws *w = lws_container_of(d, struct lws, dll2_cli_txn_queue); - - __lws_close_free_wsi(w, -1, "trans q leader closing"); - - return 0; -} - -void -lws_inform_client_conn_fail(struct lws *wsi, void *arg, size_t len) -{ - if (wsi->already_did_cce) - return; - - wsi->already_did_cce = 1; - lws_stats_bump(&wsi->context->pt[(int)wsi->tsi], - LWSSTATS_C_CONNS_CLIENT_FAILED, 1); - - if (!wsi->protocol) - return; - - wsi->protocol->callback(wsi, - LWS_CALLBACK_CLIENT_CONNECTION_ERROR, - wsi->user_space, arg, len); -} -#endif - -void -__lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, - const char *caller) -{ - struct lws_context_per_thread *pt; - struct lws *wsi1, *wsi2; - struct lws_context *context; -#if !defined(LWS_NO_CLIENT) - long rl = (long)(int)reason; -#endif - int n; - - lwsl_info("%s: %p: caller: %s\n", __func__, wsi, caller); - - if (!wsi) - return; - - lws_access_log(wsi); - - context = wsi->context; - pt = &context->pt[(int)wsi->tsi]; - lws_stats_bump(pt, LWSSTATS_C_API_CLOSE, 1); - -#if !defined(LWS_NO_CLIENT) - - lws_free_set_NULL(wsi->cli_hostname_copy); - - /* - * if we have wsi in our transaction queue, if we are closing we - * must go through and close all those first - */ - if (wsi->vhost) { - - /* we are no longer an active client connection that can piggyback */ - lws_dll2_remove(&wsi->dll_cli_active_conns); - - if (rl != -1l) - lws_vhost_lock(wsi->vhost); - - lws_dll2_foreach_safe(&wsi->dll2_cli_txn_queue_owner, NULL, - lws_close_trans_q_leader); - - /* - * !!! If we are closing, but we have pending pipelined - * transaction results we already sent headers for, that's going - * to destroy sync for HTTP/1 and leave H2 stream with no live - * swsi.` - * - * However this is normal if we are being closed because the - * transaction queue leader is closing. - */ - lws_dll2_remove(&wsi->dll2_cli_txn_queue); - if (rl != -1l) - lws_vhost_unlock(wsi->vhost); - } -#endif - - /* if we have children, close them first */ - if (wsi->child_list) { - wsi2 = wsi->child_list; - while (wsi2) { - wsi1 = wsi2->sibling_list; - wsi2->parent = NULL; - /* stop it doing shutdown processing */ - wsi2->socket_is_permanently_unusable = 1; - __lws_close_free_wsi(wsi2, reason, - "general child recurse"); - wsi2 = wsi1; - } - wsi->child_list = NULL; - } - - if (wsi->role_ops == &role_ops_raw_file) { - lws_remove_child_from_any_parent(wsi); - __remove_wsi_socket_from_fds(wsi); - if (wsi->protocol) - wsi->protocol->callback(wsi, wsi->role_ops->close_cb[0], - wsi->user_space, NULL, 0); - goto async_close; - } - - wsi->wsistate_pre_close = wsi->wsistate; - -#ifdef LWS_WITH_CGI - if (wsi->role_ops == &role_ops_cgi) { - - // lwsl_debug("%s: closing stdwsi index %d\n", __func__, (int)wsi->cgi_channel); - - /* we are not a network connection, but a handler for CGI io */ - if (wsi->parent && wsi->parent->http.cgi) { - - if (wsi->parent->child_list == wsi && !wsi->sibling_list) - lws_cgi_remove_and_kill(wsi->parent); - - /* end the binding between us and master */ - wsi->parent->http.cgi->stdwsi[(int)wsi->cgi_channel] = - NULL; - } - wsi->socket_is_permanently_unusable = 1; - - goto just_kill_connection; - } - - if (wsi->http.cgi) - lws_cgi_remove_and_kill(wsi); -#endif - -#if !defined(LWS_NO_CLIENT) - lws_client_stash_destroy(wsi); -#endif - - if (wsi->role_ops == &role_ops_raw_skt) { - wsi->socket_is_permanently_unusable = 1; - goto just_kill_connection; - } -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (lwsi_role_http(wsi) && lwsi_role_server(wsi) && - wsi->http.fop_fd != NULL) - lws_vfs_file_close(&wsi->http.fop_fd); -#endif - - if (lwsi_state(wsi) == LRS_DEAD_SOCKET) - return; - - if (wsi->socket_is_permanently_unusable || - reason == LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY || - lwsi_state(wsi) == LRS_SHUTDOWN) - goto just_kill_connection; - - switch (lwsi_state_PRE_CLOSE(wsi)) { - case LRS_DEAD_SOCKET: - return; - - /* we tried the polite way... */ - case LRS_WAITING_TO_SEND_CLOSE: - case LRS_AWAITING_CLOSE_ACK: - case LRS_RETURNED_CLOSE: - goto just_kill_connection; - - case LRS_FLUSHING_BEFORE_CLOSE: - if (lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - || wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) { - lws_callback_on_writable(wsi); - return; - } - lwsl_info("%p: end LRS_FLUSHING_BEFORE_CLOSE\n", wsi); - goto just_kill_connection; - default: - if (lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - || wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) { - lwsl_info("%p: LRS_FLUSHING_BEFORE_CLOSE\n", wsi); - lwsi_set_state(wsi, LRS_FLUSHING_BEFORE_CLOSE); - __lws_set_timeout(wsi, - PENDING_FLUSH_STORED_SEND_BEFORE_CLOSE, 5); - return; - } - break; - } - - if (lwsi_state(wsi) == LRS_WAITING_CONNECT || - lwsi_state(wsi) == LRS_H1C_ISSUE_HANDSHAKE) - goto just_kill_connection; - - if (!wsi->told_user_closed && wsi->user_space && wsi->protocol && - wsi->protocol_bind_balance) { - wsi->protocol->callback(wsi, - wsi->role_ops->protocol_unbind_cb[ - !!lwsi_role_server(wsi)], - wsi->user_space, (void *)__func__, 0); - wsi->protocol_bind_balance = 0; - } - - /* - * signal we are closing, lws_write will - * add any necessary version-specific stuff. If the write fails, - * no worries we are closing anyway. If we didn't initiate this - * close, then our state has been changed to - * LRS_RETURNED_CLOSE and we will skip this. - * - * Likewise if it's a second call to close this connection after we - * sent the close indication to the peer already, we are in state - * LRS_AWAITING_CLOSE_ACK and will skip doing this a second time. - */ - - if (wsi->role_ops->close_via_role_protocol && - wsi->role_ops->close_via_role_protocol(wsi, reason)) - return; - -just_kill_connection: - -#if defined(LWS_WITH_FILE_OPS) && (defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)) - if (lwsi_role_http(wsi) && lwsi_role_server(wsi) && - wsi->http.fop_fd != NULL) - lws_vfs_file_close(&wsi->http.fop_fd); -#endif - -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->http.buflist_post_body) - lws_buflist_destroy_all_segments(&wsi->http.buflist_post_body); -#endif - - if (wsi->role_ops->close_kill_connection) - wsi->role_ops->close_kill_connection(wsi, reason); - - n = 0; - - if (!wsi->told_user_closed && wsi->user_space && - wsi->protocol_bind_balance && wsi->protocol) { - lwsl_debug("%s: %p: DROP_PROTOCOL %s\n", __func__, wsi, - wsi->protocol ? wsi->protocol->name: "NULL"); - if (wsi->protocol) - wsi->protocol->callback(wsi, - wsi->role_ops->protocol_unbind_cb[ - !!lwsi_role_server(wsi)], - wsi->user_space, (void *)__func__, 0); - wsi->protocol_bind_balance = 0; - } - -#if !defined(LWS_NO_CLIENT) - if ((lwsi_state(wsi) == LRS_WAITING_SERVER_REPLY || - lwsi_state(wsi) == LRS_WAITING_CONNECT) && - !wsi->already_did_cce && wsi->protocol) { - static const char _reason[] = "closed before established"; - - lws_inform_client_conn_fail(wsi, - (void *)_reason, sizeof(_reason)); - } -#endif - - /* - * Testing with ab shows that we have to stage the socket close when - * the system is under stress... shutdown any further TX, change the - * state to one that won't emit anything more, and wait with a timeout - * for the POLLIN to show a zero-size rx before coming back and doing - * the actual close. - */ - if (wsi->role_ops != &role_ops_raw_skt && !lwsi_role_client(wsi) && - lwsi_state(wsi) != LRS_SHUTDOWN && - lwsi_state(wsi) != LRS_UNCONNECTED && - reason != LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY && - !wsi->socket_is_permanently_unusable) { - -#if defined(LWS_WITH_TLS) - if (lws_is_ssl(wsi) && wsi->tls.ssl) { - n = 0; - switch (__lws_tls_shutdown(wsi)) { - case LWS_SSL_CAPABLE_DONE: - case LWS_SSL_CAPABLE_ERROR: - case LWS_SSL_CAPABLE_MORE_SERVICE_READ: - case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE: - case LWS_SSL_CAPABLE_MORE_SERVICE: - break; - } - } else -#endif - { - lwsl_info("%s: shutdown conn: %p (sk %d, state 0x%x)\n", - __func__, wsi, (int)(long)wsi->desc.sockfd, - lwsi_state(wsi)); - if (!wsi->socket_is_permanently_unusable && - lws_socket_is_valid(wsi->desc.sockfd)) { - wsi->socket_is_permanently_unusable = 1; - n = shutdown(wsi->desc.sockfd, SHUT_WR); - } - } - if (n) - lwsl_debug("closing: shutdown (state 0x%x) ret %d\n", - lwsi_state(wsi), LWS_ERRNO); - - /* - * This causes problems on WINCE / ESP32 with disconnection - * when the events are half closing connection - */ -#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP32) - /* libuv: no event available to guarantee completion */ - if (!wsi->socket_is_permanently_unusable && - lws_socket_is_valid(wsi->desc.sockfd) && - lwsi_state(wsi) != LRS_SHUTDOWN && - context->event_loop_ops->periodic_events_available) { - __lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); - lwsi_set_state(wsi, LRS_SHUTDOWN); - __lws_set_timeout(wsi, PENDING_TIMEOUT_SHUTDOWN_FLUSH, - context->timeout_secs); - - return; - } -#endif - } - - lwsl_debug("%s: real just_kill_connection: %p (sockfd %d)\n", __func__, - wsi, wsi->desc.sockfd); - -#ifdef LWS_WITH_HUBBUB - if (wsi->http.rw) { - lws_rewrite_destroy(wsi->http.rw); - wsi->http.rw = NULL; - } -#endif - - if (wsi->http.pending_return_headers) - lws_free_set_NULL(wsi->http.pending_return_headers); - - /* - * we won't be servicing or receiving anything further from this guy - * delete socket from the internal poll list if still present - */ - __lws_ssl_remove_wsi_from_buffered_list(wsi); - __lws_wsi_remove_from_sul(wsi); - - //if (wsi->told_event_loop_closed) // cgi std close case (dummy-callback) - // return; - - // lwsl_notice("%s: wsi %p, fd %d\n", __func__, wsi, wsi->desc.sockfd); - - /* checking return redundant since we anyway close */ - if (wsi->desc.sockfd != LWS_SOCK_INVALID) - __remove_wsi_socket_from_fds(wsi); - else - __lws_same_vh_protocol_remove(wsi); - - lwsi_set_state(wsi, LRS_DEAD_SOCKET); - lws_buflist_destroy_all_segments(&wsi->buflist); - lws_dll2_remove(&wsi->dll_buflist); - - if (wsi->role_ops->close_role) - wsi->role_ops->close_role(pt, wsi); - - /* tell the user it's all over for this guy */ - - if ((lwsi_state_est_PRE_CLOSE(wsi) || - /* raw skt adopted but didn't complete tls hs should CLOSE */ - (wsi->role_ops == &role_ops_raw_skt && !lwsi_role_client(wsi)) || - lwsi_state_PRE_CLOSE(wsi) == LRS_WAITING_SERVER_REPLY) && - !wsi->told_user_closed && - wsi->role_ops->close_cb[lwsi_role_server(wsi)]) { - const struct lws_protocols *pro = wsi->protocol; - - if (!wsi->protocol && wsi->vhost && wsi->vhost->protocols) - pro = &wsi->vhost->protocols[0]; - - if (pro && (!wsi->upgraded_to_http2 || !lwsi_role_client(wsi))) - /* - * The network wsi for a client h2 connection shouldn't - * call back for its role: the child stream connections - * own the role. Otherwise h2 will call back closed - * one too many times as the children do it and then - * the closing network stream. - */ - pro->callback(wsi, - wsi->role_ops->close_cb[lwsi_role_server(wsi)], - wsi->user_space, NULL, 0); - wsi->told_user_closed = 1; - } - -async_close: - lws_remove_child_from_any_parent(wsi); - wsi->socket_is_permanently_unusable = 1; - - if (wsi->context->event_loop_ops->wsi_logical_close) - if (wsi->context->event_loop_ops->wsi_logical_close(wsi)) - return; - - __lws_close_free_wsi_final(wsi); -} - -void -__lws_close_free_wsi_final(struct lws *wsi) -{ - int n; - - if (!wsi->shadow && - lws_socket_is_valid(wsi->desc.sockfd) && !lws_ssl_close(wsi)) { - lwsl_debug("%s: wsi %p: fd %d\n", __func__, wsi, wsi->desc.sockfd); - n = compatible_close(wsi->desc.sockfd); - if (n) - lwsl_debug("closing: close ret %d\n", LWS_ERRNO); - - wsi->desc.sockfd = LWS_SOCK_INVALID; - } - - /* outermost destroy notification for wsi (user_space still intact) */ - if (wsi->vhost) - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, - wsi->user_space, NULL, 0); - -#ifdef LWS_WITH_CGI - if (wsi->http.cgi) { - - for (n = 0; n < 3; n++) { - if (wsi->http.cgi->pipe_fds[n][!!(n == 0)] == 0) - lwsl_err("ZERO FD IN CGI CLOSE"); - - if (wsi->http.cgi->pipe_fds[n][!!(n == 0)] >= 0) { - close(wsi->http.cgi->pipe_fds[n][!!(n == 0)]); - wsi->http.cgi->pipe_fds[n][!!(n == 0)] = LWS_SOCK_INVALID; - } - } - - lws_free_set_NULL(wsi->http.cgi); - } -#endif - - __lws_free_wsi(wsi); -} - - -void -lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason, const char *caller) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - __lws_close_free_wsi(wsi, reason, caller); - lws_pt_unlock(pt); -} - - diff --git a/lib/core-net/connect.c b/lib/core-net/connect.c deleted file mode 100644 index 3d01dc8..0000000 --- a/lib/core-net/connect.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -void -lws_client_stash_destroy(struct lws *wsi) -{ - if (!wsi || !wsi->stash) - return; - - lws_free_set_NULL(wsi->stash->address); - lws_free_set_NULL(wsi->stash->path); - lws_free_set_NULL(wsi->stash->host); - lws_free_set_NULL(wsi->stash->origin); - lws_free_set_NULL(wsi->stash->protocol); - lws_free_set_NULL(wsi->stash->method); - lws_free_set_NULL(wsi->stash->iface); - lws_free_set_NULL(wsi->stash->alpn); - - lws_free_set_NULL(wsi->stash); -} - -LWS_VISIBLE struct lws * -lws_client_connect_via_info(const struct lws_client_connect_info *i) -{ - struct lws *wsi, *safe = NULL; - const struct lws_protocols *p; - const char *local = i->protocol; - int tid = 0; -#if LWS_MAX_SMP > 1 - int n; -#endif - - if (i->context->requested_kill) - return NULL; - - if (!i->context->protocol_init_done) - if (lws_protocol_init(i->context)) - return NULL; - - /* - * If we have .local_protocol_name, use it to select the local protocol - * handler to bind to. Otherwise use .protocol if http[s]. - */ - if (i->local_protocol_name) - local = i->local_protocol_name; - - lws_stats_bump(&i->context->pt[tid], LWSSTATS_C_CONNS_CLIENT, 1); - - /* PHASE 1: create a bare wsi */ - - wsi = lws_zalloc(sizeof(struct lws), "client wsi"); - if (wsi == NULL) - goto bail; - - wsi->context = i->context; - wsi->desc.sockfd = LWS_SOCK_INVALID; - wsi->seq = i->seq; - - wsi->vhost = NULL; - if (!i->vhost) - lws_vhost_bind_wsi(i->context->vhost_list, wsi); - else - lws_vhost_bind_wsi(i->vhost, wsi); - - if (!wsi->vhost) { - lwsl_err("%s: No vhost in the context\n", __func__); - - goto bail; - } - -#if LWS_MAX_SMP > 1 - tid = wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_GET_THREAD_ID, - NULL, NULL, 0); -#endif - - /* - * PHASE 2: if SMP, bind the client to whatever tsi the current thread - * represents - */ - -#if LWS_MAX_SMP > 1 - lws_context_lock(i->context, "client find tsi"); - - for (n = 0; n < i->context->count_threads; n++) - if (i->context->pt[n].service_tid == tid) { - lwsl_info("%s: client binds to caller tsi %d\n", - __func__, n); - wsi->tsi = n; - break; - } - - /* - * this binding is sort of provisional, since when we try to insert - * into the pt fds, there may be no space and it will fail - */ - - lws_context_unlock(i->context); -#endif - - /* - * PHASE 3: Choose an initial role for the wsi and do role-specific init - * - * Note the initial role may not reflect the final role, eg, - * we may want ws, but first we have to go through h1 to get that - */ - - if (lws_role_call_client_bind(wsi, i) < 0) { - lwsl_err("%s: unable to bind to role\n", __func__); - - goto bail; - } - lwsl_info("%s: role binding to %s\n", __func__, wsi->role_ops->name); - - /* - * PHASE 4: fill up the wsi with stuff from the connect_info as far as - * it can go. It's uncertain because not only is our connection - * going to complete asynchronously, we might have bound to h1 and not - * even be able to get ahold of an ah immediately. - */ - - wsi->user_space = NULL; - wsi->pending_timeout = NO_PENDING_TIMEOUT; - wsi->position_in_fds_table = LWS_NO_FDS_POS; - wsi->ocport = wsi->c_port = i->port; - - wsi->protocol = &wsi->vhost->protocols[0]; - wsi->client_pipeline = !!(i->ssl_connection & LCCSCF_PIPELINE); - - /* - * PHASE 5: handle external user_space now, generic alloc is done in - * role finalization - */ - - if (!wsi->user_space && i->userdata) { - wsi->user_space_externally_allocated = 1; - wsi->user_space = i->userdata; - } - - if (local) { - lwsl_info("%s: protocol binding to %s\n", __func__, local); - p = lws_vhost_name_to_protocol(wsi->vhost, local); - if (p) - lws_bind_protocol(wsi, p, __func__); - } - - /* - * PHASE 5: handle external user_space now, generic alloc is done in - * role finalization - */ - - if (!wsi->user_space && i->userdata) { - wsi->user_space_externally_allocated = 1; - wsi->user_space = i->userdata; - } - -#if defined(LWS_WITH_TLS) - wsi->tls.use_ssl = i->ssl_connection; -#else - if (i->ssl_connection & LCCSCF_USE_SSL) { - lwsl_err("%s: lws not configured for tls\n", __func__); - goto bail; - } -#endif - - /* - * PHASE 6: stash the things from connect_info that we can't process - * right now, eg, if http binding, without an ah. If h1 and no ah, we - * will go on the ah waiting list and process those things later (after - * the connect_info and maybe the things pointed to have gone out of - * scope) - * - * However these things are stashed in a generic way at this point, - * with no relationship to http or ah - */ - - wsi->stash = lws_zalloc(sizeof(*wsi->stash), "client stash"); - if (!wsi->stash) { - lwsl_err("%s: OOM\n", __func__); - goto bail1; - } - - wsi->stash->address = lws_strdup(i->address); - wsi->stash->path = lws_strdup(i->path); - wsi->stash->host = lws_strdup(i->host); - wsi->stash->opaque_user_data = i->opaque_user_data; - - if (!wsi->stash->address || !wsi->stash->path || !wsi->stash->host) - goto bail1; - - if (i->origin) { - wsi->stash->origin = lws_strdup(i->origin); - if (!wsi->stash->origin) - goto bail1; - } - if (i->protocol) { - wsi->stash->protocol = lws_strdup(i->protocol); - if (!wsi->stash->protocol) - goto bail1; - } - if (i->method) { - wsi->stash->method = lws_strdup(i->method); - if (!wsi->stash->method) - goto bail1; - } - if (i->iface) { - wsi->stash->iface = lws_strdup(i->iface); - if (!wsi->stash->iface) - goto bail1; - } - if (i->alpn) { - wsi->stash->alpn = lws_strdup(i->alpn); - if (!wsi->stash->alpn) - goto bail1; - } - - /* - * at this point user callbacks like - * LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER will be interested to - * know the parent... eg for proxying we can grab extra headers from - * the parent's incoming ah and add them to the child client handshake - */ - - if (i->parent_wsi) { - lwsl_info("%s: created child %p of parent %p\n", __func__, - wsi, i->parent_wsi); - wsi->parent = i->parent_wsi; - safe = wsi->sibling_list = i->parent_wsi->child_list; - i->parent_wsi->child_list = wsi; - } - - /* - * PHASE 7: Do any role-specific finalization processing. We can still - * see important info things via wsi->stash - */ - - if (wsi->role_ops->client_bind) { - int n = wsi->role_ops->client_bind(wsi, NULL); - - if (n && i->parent_wsi) { - /* unpick from parent */ - - i->parent_wsi->child_list = safe; - } - - if (n < 0) - /* we didn't survive, wsi is freed */ - goto bail2; - - if (n) - /* something else failed, wsi needs freeing */ - goto bail; - } - - /* let the caller's optional wsi storage have the wsi we created */ - - if (i->pwsi) - *i->pwsi = wsi; - - /* PHASE 8: notify protocol with role-specific connected callback */ - - lwsl_debug("%s: wsi %p: cb %d to %s %s\n", __func__, - wsi, wsi->role_ops->adoption_cb[0], - wsi->role_ops->name, wsi->protocol->name); - - wsi->protocol->callback(wsi, - wsi->role_ops->adoption_cb[0], - wsi->user_space, NULL, 0); - -#if defined(LWS_WITH_HUBBUB) - if (i->uri_replace_to) - wsi->http.rw = lws_rewrite_create(wsi, html_parser_cb, - i->uri_replace_from, - i->uri_replace_to); -#endif - - if (i->method && !strcmp(i->method, "RAW")) - lws_http_client_connect_via_info2(wsi); - - return wsi; - -bail1: - lws_client_stash_destroy(wsi); - -bail: - lws_free(wsi); -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -bail2: -#endif - if (i->pwsi) - *i->pwsi = NULL; - - lws_stats_bump(&i->context->pt[tid], LWSSTATS_C_CONNS_CLIENT_FAILED, 1); - - return NULL; -} diff --git a/lib/core-net/dummy-callback.c b/lib/core-net/dummy-callback.c deleted file mode 100644 index 097fb03..0000000 --- a/lib/core-net/dummy-callback.c +++ /dev/null @@ -1,824 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#if defined(LWS_WITH_HTTP_PROXY) -static int -proxy_header(struct lws *wsi, struct lws *par, unsigned char *temp, - int temp_len, int index, unsigned char **p, unsigned char *end) -{ - int n = lws_hdr_total_length(par, index); - - if (n < 1) { - lwsl_debug("%s: no index %d:\n", __func__, index); - return 0; - } - - if (lws_hdr_copy(par, (char *)temp, temp_len, index) < 0) - return -1; - - lwsl_debug("%s: index %d: %s\n", __func__, index, (char *)temp); - - if (lws_add_http_header_by_token(wsi, index, temp, n, p, end)) - return -1; - - return 0; -} - -static int -stream_close(struct lws *wsi) -{ - char buf[LWS_PRE + 6], *out = buf + LWS_PRE; - - if (wsi->http.did_stream_close) - return 0; - - wsi->http.did_stream_close = 1; - - if (wsi->http2_substream) { - if (lws_write(wsi, (unsigned char *)buf + LWS_PRE, 0, - LWS_WRITE_HTTP_FINAL) < 0) { - lwsl_info("%s: COMPL_CLIENT_HTTP: h2 fin wr failed\n", - __func__); - - return -1; - } - } else { - *out++ = '0'; - *out++ = '\x0d'; - *out++ = '\x0a'; - *out++ = '\x0d'; - *out++ = '\x0a'; - - if (lws_write(wsi, (unsigned char *)buf + LWS_PRE, 5, - LWS_WRITE_HTTP_FINAL) < 0) { - lwsl_err("%s: COMPL_CLIENT_HTTP: " - "h2 final write failed\n", __func__); - - return -1; - } - } - - return 0; -} - -#endif - -struct lws_proxy_pkt { - struct lws_dll2 pkt_list; - size_t len; - char binary; - char first; - char final; - - /* data follows */ -}; - -#if defined(LWS_WITH_HTTP_PROXY) && defined(LWS_ROLE_WS) -int -lws_callback_ws_proxy(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct lws_proxy_pkt *pkt; - struct lws_dll2 *dll; - - switch (reason) { - - /* h1 ws proxying... child / client / onward */ - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - if (!wsi->h1_ws_proxied || !wsi->parent) - break; - - lws_process_ws_upgrade2(wsi->parent); - -#if defined(LWS_WITH_HTTP2) - if (wsi->parent->http2_substream) - lwsl_info("%s: proxied h2 -> h1 ws established\n", __func__); -#endif - break; - - case LWS_CALLBACK_CLIENT_CONFIRM_EXTENSION_SUPPORTED: - return 1; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - case LWS_CALLBACK_CLIENT_CLOSED: - lwsl_user("%s: client closed: parent %p\n", __func__, wsi->parent); - if (wsi->parent) - lws_set_timeout(wsi->parent, - PENDING_TIMEOUT_KILLED_BY_PROXY_CLIENT_CLOSE, - LWS_TO_KILL_ASYNC); - break; - - case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: - { - unsigned char **p = (unsigned char **)in, *end = (*p) + len, - tmp[128]; - - proxy_header(wsi, wsi->parent, tmp, sizeof(tmp), - WSI_TOKEN_HTTP_ACCEPT_LANGUAGE, p, end); - - proxy_header(wsi, wsi->parent, tmp, sizeof(tmp), - WSI_TOKEN_HTTP_COOKIE, p, end); - - proxy_header(wsi, wsi->parent, tmp, sizeof(tmp), - WSI_TOKEN_HTTP_SET_COOKIE, p, end); - break; - } - - case LWS_CALLBACK_CLIENT_RECEIVE: - wsi->parent->ws->proxy_buffered += len; - if (wsi->parent->ws->proxy_buffered > 10 * 1024 * 1024) { - lwsl_err("%s: proxied ws connection excessive buffering: dropping\n", - __func__); - return -1; - } - pkt = lws_zalloc(sizeof(*pkt) + LWS_PRE + len, __func__); - if (!pkt) - return -1; - - pkt->pkt_list.prev = pkt->pkt_list.next = NULL; - pkt->len = len; - pkt->first = lws_is_first_fragment(wsi); - pkt->final = lws_is_final_fragment(wsi); - pkt->binary = lws_frame_is_binary(wsi); - - memcpy(((uint8_t *)&pkt[1]) + LWS_PRE, in, len); - - lws_dll2_add_tail(&pkt->pkt_list, &wsi->parent->ws->proxy_owner); - lws_callback_on_writable(wsi->parent); - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - dll = lws_dll2_get_tail(&wsi->ws->proxy_owner); - if (!dll) - break; - - pkt = (struct lws_proxy_pkt *)dll; - if (lws_write(wsi, ((unsigned char *)&pkt[1]) + - LWS_PRE, pkt->len, lws_write_ws_flags( - pkt->binary ? LWS_WRITE_BINARY : LWS_WRITE_TEXT, - pkt->first, pkt->final)) < 0) - return -1; - - wsi->parent->ws->proxy_buffered -= pkt->len; - - lws_dll2_remove(dll); - lws_free(pkt); - - if (lws_dll2_get_tail(&wsi->ws->proxy_owner)) - lws_callback_on_writable(wsi); - break; - - /* h1 ws proxying... parent / server / incoming */ - - case LWS_CALLBACK_CONFIRM_EXTENSION_OKAY: - return 1; - - case LWS_CALLBACK_CLOSED: - lwsl_user("%s: closed\n", __func__); - return -1; - - case LWS_CALLBACK_RECEIVE: - pkt = lws_zalloc(sizeof(*pkt) + LWS_PRE + len, __func__); - if (!pkt) - return -1; - - pkt->pkt_list.prev = pkt->pkt_list.next = NULL; - pkt->len = len; - pkt->first = lws_is_first_fragment(wsi); - pkt->final = lws_is_final_fragment(wsi); - pkt->binary = lws_frame_is_binary(wsi); - - memcpy(((uint8_t *)&pkt[1]) + LWS_PRE, in, len); - - lws_dll2_add_tail(&pkt->pkt_list, &wsi->child_list->ws->proxy_owner); - lws_callback_on_writable(wsi->child_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - dll = lws_dll2_get_tail(&wsi->ws->proxy_owner); - if (!dll) - break; - - pkt = (struct lws_proxy_pkt *)dll; - if (lws_write(wsi, ((unsigned char *)&pkt[1]) + - LWS_PRE, pkt->len, lws_write_ws_flags( - pkt->binary ? LWS_WRITE_BINARY : LWS_WRITE_TEXT, - pkt->first, pkt->final)) < 0) - return -1; - - lws_dll2_remove(dll); - lws_free(pkt); - - if (lws_dll2_get_tail(&wsi->ws->proxy_owner)) - lws_callback_on_writable(wsi); - break; - - default: - return 0; - } - - return 0; -} - -const struct lws_protocols lws_ws_proxy = { - "lws-ws-proxy", - lws_callback_ws_proxy, - 0, - 8192, - 8192, NULL, 0 -}; - -#endif - -LWS_VISIBLE int -lws_callback_http_dummy(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct lws_ssl_info *si; -#ifdef LWS_WITH_CGI - struct lws_cgi_args *args; -#endif -#if defined(LWS_WITH_CGI) || defined(LWS_WITH_HTTP_PROXY) - char buf[8192]; - int n; -#endif -#if defined(LWS_WITH_HTTP_PROXY) - unsigned char **p, *end; - struct lws *parent; -#endif - - switch (reason) { -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - case LWS_CALLBACK_HTTP: -#ifndef LWS_NO_SERVER - if (lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL)) - return -1; - - if (lws_http_transaction_completed(wsi)) -#endif - return -1; - break; -#if !defined(LWS_NO_SERVER) - case LWS_CALLBACK_HTTP_BODY_COMPLETION: -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->child_list) { - lwsl_user("%s: LWS_CALLBACK_HTTP_BODY_COMPLETION: %d\n", __func__, (int)len); - break; - } -#endif - /* fallthru */ - case LWS_CALLBACK_HTTP_FILE_COMPLETION: - if (lws_http_transaction_completed(wsi)) - return -1; - break; -#endif - -#if defined(LWS_WITH_HTTP_PROXY) - case LWS_CALLBACK_HTTP_BODY: - if (wsi->child_list) { - lwsl_user("%s: LWS_CALLBACK_HTTP_BODY: stashing %d\n", __func__, (int)len); - if (lws_buflist_append_segment(&wsi->http.buflist_post_body, in, len) < 0) - return -1; - lws_callback_on_writable(wsi->child_list); - } - break; -#endif - - case LWS_CALLBACK_HTTP_WRITEABLE: - // lwsl_err("%s: LWS_CALLBACK_HTTP_WRITEABLE\n", __func__); -#ifdef LWS_WITH_CGI - if (wsi->reason_bf & (LWS_CB_REASON_AUX_BF__CGI_HEADERS | - LWS_CB_REASON_AUX_BF__CGI)) { - n = lws_cgi_write_split_stdout_headers(wsi); - if (n < 0) { - lwsl_debug("AUX_BF__CGI forcing close\n"); - return -1; - } - if (!n && wsi->http.cgi && wsi->http.cgi->stdwsi[LWS_STDOUT]) - lws_rx_flow_control( - wsi->http.cgi->stdwsi[LWS_STDOUT], 1); - - if (wsi->reason_bf & LWS_CB_REASON_AUX_BF__CGI_HEADERS) - wsi->reason_bf &= - ~LWS_CB_REASON_AUX_BF__CGI_HEADERS; - else - wsi->reason_bf &= ~LWS_CB_REASON_AUX_BF__CGI; - - if (wsi->http.cgi && wsi->http.cgi->cgi_transaction_over) - return -1; - break; - } - - if (wsi->reason_bf & LWS_CB_REASON_AUX_BF__CGI_CHUNK_END) { - if (!wsi->http2_substream) { - memcpy(buf + LWS_PRE, "0\x0d\x0a\x0d\x0a", 5); - lwsl_debug("writing chunk term and exiting\n"); - n = lws_write(wsi, (unsigned char *)buf + - LWS_PRE, 5, LWS_WRITE_HTTP); - } else - n = lws_write(wsi, (unsigned char *)buf + - LWS_PRE, 0, - LWS_WRITE_HTTP_FINAL); - - /* always close after sending it */ - if (lws_http_transaction_completed(wsi)) - return -1; - return 0; - } -#endif -#if defined(LWS_WITH_HTTP_PROXY) - - if (wsi->reason_bf & LWS_CB_REASON_AUX_BF__PROXY_HEADERS) { - - wsi->reason_bf &= ~LWS_CB_REASON_AUX_BF__PROXY_HEADERS; - - n = LWS_WRITE_HTTP_HEADERS; - if (!wsi->http.prh_content_length) - n |= LWS_WRITE_H2_STREAM_END; - - lwsl_debug("%s: %p: issuing proxy headers: clen %d\n", - __func__, wsi, (int)wsi->http.prh_content_length); - n = lws_write(wsi, wsi->http.pending_return_headers + - LWS_PRE, - wsi->http.pending_return_headers_len, n); - - lws_free_set_NULL(wsi->http.pending_return_headers); - - if (n < 0) { - lwsl_err("%s: EST_CLIENT_HTTP: write failed\n", - __func__); - return -1; - } - - lws_callback_on_writable(wsi); - break; - } - - if (wsi->reason_bf & LWS_CB_REASON_AUX_BF__PROXY) { - char *px = buf + LWS_PRE; - int lenx = sizeof(buf) - LWS_PRE - 32; - - /* - * our sink is writeable and our source has something - * to read. So read a lump of source material of - * suitable size to send or what's available, whichever - * is the smaller. - */ - wsi->reason_bf &= ~LWS_CB_REASON_AUX_BF__PROXY; - if (!lws_get_child(wsi)) - break; - - /* this causes LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ */ - if (lws_http_client_read(lws_get_child(wsi), &px, - &lenx) < 0) { - lwsl_info("%s: LWS_CB_REASON_AUX_BF__PROXY: " - "client closed\n", __func__); - - stream_close(wsi); - - return -1; - } - break; - } - - if (wsi->reason_bf & LWS_CB_REASON_AUX_BF__PROXY_TRANS_END) { - lwsl_info("%s: LWS_CB_REASON_AUX_BF__PROXY_TRANS_END\n", - __func__); - - wsi->reason_bf &= ~LWS_CB_REASON_AUX_BF__PROXY_TRANS_END; - - if (stream_close(wsi)) - return -1; - - if (lws_http_transaction_completed(wsi)) - return -1; - } -#endif - break; - -#if defined(LWS_WITH_HTTP_PROXY) - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - assert(lws_get_parent(wsi)); - if (!lws_get_parent(wsi)) - break; - lws_get_parent(wsi)->reason_bf |= LWS_CB_REASON_AUX_BF__PROXY; - lws_callback_on_writable(lws_get_parent(wsi)); - break; - - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: { - char *out = buf + LWS_PRE; - - assert(lws_get_parent(wsi)); - - if (wsi->http.proxy_parent_chunked) { - - if (len > sizeof(buf) - LWS_PRE - 16) { - lwsl_err("oversize buf %d %d\n", (int)len, - (int)sizeof(buf) - LWS_PRE - 16); - return -1; - } - - /* - * this only needs dealing with on http/1.1 to allow - * pipelining - */ - n = lws_snprintf(out, 14, "%X\x0d\x0a", (int)len); - out += n; - memcpy(out, in, len); - out += len; - *out++ = '\x0d'; - *out++ = '\x0a'; - - n = lws_write(lws_get_parent(wsi), - (unsigned char *)buf + LWS_PRE, - len + n + 2, LWS_WRITE_HTTP); - } else - n = lws_write(lws_get_parent(wsi), (unsigned char *)in, - len, LWS_WRITE_HTTP); - if (n < 0) - return -1; - break; } - - /* h1 http proxying... */ - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: { - unsigned char *start, *p, *end; - - /* - * We want to proxy these headers, but we are being called - * at the point the onward client was established, which is - * unrelated to the state or writability of our proxy - * connection. - * - * Therefore produce the headers using the onward client ah - * while we have it, and stick them on the output buflist to be - * written on the proxy connection as soon as convenient. - */ - - parent = lws_get_parent(wsi); - - if (!parent) - return 0; - - start = p = (unsigned char *)buf + LWS_PRE; - end = p + sizeof(buf) - LWS_PRE - 256; - - if (lws_add_http_header_status(lws_get_parent(wsi), - lws_http_client_http_response(wsi), &p, end)) - return 1; - - /* - * copy these headers from the client connection to the parent - */ - - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_CONTENT_LENGTH, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_CONTENT_TYPE, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_ETAG, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_ACCEPT_LANGUAGE, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_CONTENT_ENCODING, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_CACHE_CONTROL, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_SET_COOKIE, &p, end); - proxy_header(parent, wsi, end, 256, - WSI_TOKEN_HTTP_LOCATION, &p, end); - - if (!parent->http2_substream) - if (lws_add_http_header_by_token(parent, - WSI_TOKEN_CONNECTION, (unsigned char *)"close", - 5, &p, end)) - return -1; - - /* - * We proxy using h1 only atm, and strip any chunking so it - * can go back out on h2 just fine. - * - * However if we are actually going out on h1, we need to add - * our own chunking since we still don't know the size. - */ - - if (!parent->http2_substream && - !lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { - lwsl_debug("downstream parent chunked\n"); - if (lws_add_http_header_by_token(parent, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - (unsigned char *)"chunked", 7, &p, end)) - return -1; - - wsi->http.proxy_parent_chunked = 1; - } - - if (lws_finalize_http_header(parent, &p, end)) - return 1; - - parent->http.prh_content_length = -1; - if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) - parent->http.prh_content_length = atoll( - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH)); - - parent->http.pending_return_headers_len = lws_ptr_diff(p, start); - parent->http.pending_return_headers = - lws_malloc(parent->http.pending_return_headers_len + - LWS_PRE, "return proxy headers"); - if (!parent->http.pending_return_headers) - return -1; - - memcpy(parent->http.pending_return_headers + LWS_PRE, start, - parent->http.pending_return_headers_len); - - parent->reason_bf |= LWS_CB_REASON_AUX_BF__PROXY_HEADERS; - - lwsl_debug("%s: LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: " - "prepared %d headers (len %d)\n", __func__, - lws_http_client_http_response(wsi), - (int)parent->http.prh_content_length); - - /* - * so at this point, the onward client connection can bear - * traffic. We might be doing a POST and have pending cached - * inbound stuff to send, it can go now. - */ - - lws_callback_on_writable(parent); - - break; } - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_info("%s: COMPLETED_CLIENT_HTTP: %p (parent %p)\n", - __func__, wsi, lws_get_parent(wsi)); - if (!lws_get_parent(wsi)) - break; - lws_get_parent(wsi)->reason_bf |= - LWS_CB_REASON_AUX_BF__PROXY_TRANS_END; - lws_callback_on_writable(lws_get_parent(wsi)); - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - if (!lws_get_parent(wsi)) - break; - lwsl_err("%s: LWS_CALLBACK_CLOSED_CLIENT_HTTP\n", __func__); - lws_set_timeout(lws_get_parent(wsi), - PENDING_TIMEOUT_KILLED_BY_PROXY_CLIENT_CLOSE, - LWS_TO_KILL_ASYNC); - break; - - case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: - parent = lws_get_parent(wsi); - if (!parent) - break; - - p = (unsigned char **)in; - end = (*p) + len; - - /* - * copy these headers from the parent request to the client - * connection's request - */ - - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_ETAG, p, end); - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_IF_MODIFIED_SINCE, p, end); - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_ACCEPT_LANGUAGE, p, end); - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_ACCEPT_ENCODING, p, end); - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_CACHE_CONTROL, p, end); - proxy_header(wsi, parent, (unsigned char *)buf, sizeof(buf), - WSI_TOKEN_HTTP_COOKIE, p, end); - - buf[0] = '\0'; - lws_get_peer_simple(parent, buf, sizeof(buf)); - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_X_FORWARDED_FOR, - (unsigned char *)buf, (int)strlen(buf), p, end)) - return -1; - - break; -#endif - -#ifdef LWS_WITH_CGI - /* CGI IO events (POLLIN/OUT) appear here, our default policy is: - * - * - POST data goes on subprocess stdin - * - subprocess stdout goes on http via writeable callback - * - subprocess stderr goes to the logs - */ - case LWS_CALLBACK_CGI: - args = (struct lws_cgi_args *)in; - switch (args->ch) { /* which of stdin/out/err ? */ - case LWS_STDIN: - /* TBD stdin rx flow control */ - break; - case LWS_STDOUT: - /* quench POLLIN on STDOUT until MASTER got writeable */ - lws_rx_flow_control(args->stdwsi[LWS_STDOUT], 0); - wsi->reason_bf |= LWS_CB_REASON_AUX_BF__CGI; - /* when writing to MASTER would not block */ - lws_callback_on_writable(wsi); - break; - case LWS_STDERR: - n = lws_get_socket_fd(args->stdwsi[LWS_STDERR]); - if (n < 0) - break; - n = read(n, buf, sizeof(buf) - 2); - if (n > 0) { - if (buf[n - 1] != '\n') - buf[n++] = '\n'; - buf[n] = '\0'; - lwsl_notice("CGI-stderr: %s\n", buf); - } - break; - } - break; - - case LWS_CALLBACK_CGI_TERMINATED: - lwsl_debug("LWS_CALLBACK_CGI_TERMINATED: %d %" PRIu64 "\n", - wsi->http.cgi->explicitly_chunked, - (uint64_t)wsi->http.cgi->content_length); - if (!wsi->http.cgi->explicitly_chunked && - !wsi->http.cgi->content_length) { - /* send terminating chunk */ - lwsl_debug("LWS_CALLBACK_CGI_TERMINATED: ending\n"); - wsi->reason_bf |= LWS_CB_REASON_AUX_BF__CGI_CHUNK_END; - lws_callback_on_writable(wsi); - lws_set_timeout(wsi, PENDING_TIMEOUT_CGI, 3); - break; - } - if (lws_http_transaction_completed(wsi)) - return -1; - return 0; - - case LWS_CALLBACK_CGI_STDIN_DATA: /* POST body for stdin */ - args = (struct lws_cgi_args *)in; - args->data[args->len] = '\0'; - if (!args->stdwsi[LWS_STDIN]) - return -1; - n = lws_get_socket_fd(args->stdwsi[LWS_STDIN]); - if (n < 0) - return -1; - -#if defined(LWS_WITH_ZLIB) - if (wsi->http.cgi->gzip_inflate) { - /* gzip handling */ - - if (!wsi->http.cgi->gzip_init) { - lwsl_info("inflating gzip\n"); - - memset(&wsi->http.cgi->inflate, 0, - sizeof(wsi->http.cgi->inflate)); - - if (inflateInit2(&wsi->http.cgi->inflate, - 16 + 15) != Z_OK) { - lwsl_err("%s: iniflateInit failed\n", - __func__); - return -1; - } - - wsi->http.cgi->gzip_init = 1; - } - - wsi->http.cgi->inflate.next_in = args->data; - wsi->http.cgi->inflate.avail_in = args->len; - - do { - - wsi->http.cgi->inflate.next_out = - wsi->http.cgi->inflate_buf; - wsi->http.cgi->inflate.avail_out = - sizeof(wsi->http.cgi->inflate_buf); - - n = inflate(&wsi->http.cgi->inflate, - Z_SYNC_FLUSH); - - switch (n) { - case Z_NEED_DICT: - case Z_STREAM_ERROR: - case Z_DATA_ERROR: - case Z_MEM_ERROR: - inflateEnd(&wsi->http.cgi->inflate); - wsi->http.cgi->gzip_init = 0; - lwsl_err("zlib error inflate %d\n", n); - return -1; - } - - if (wsi->http.cgi->inflate.avail_out != - sizeof(wsi->http.cgi->inflate_buf)) { - int written; - - written = write(args->stdwsi[LWS_STDIN]->desc.filefd, - wsi->http.cgi->inflate_buf, - sizeof(wsi->http.cgi->inflate_buf) - - wsi->http.cgi->inflate.avail_out); - - if (written != (int)( - sizeof(wsi->http.cgi->inflate_buf) - - wsi->http.cgi->inflate.avail_out)) { - lwsl_notice("LWS_CALLBACK_CGI_STDIN_DATA: " - "sent %d only %d went", n, args->len); - } - - if (n == Z_STREAM_END) { - lwsl_err("gzip inflate end\n"); - inflateEnd(&wsi->http.cgi->inflate); - wsi->http.cgi->gzip_init = 0; - break; - } - - } else - break; - - if (wsi->http.cgi->inflate.avail_out) - break; - - } while (1); - - return args->len; - } -#endif /* WITH_ZLIB */ - - n = write(n, args->data, args->len); -// lwsl_hexdump_notice(args->data, args->len); - if (n < args->len) - lwsl_notice("LWS_CALLBACK_CGI_STDIN_DATA: " - "sent %d only %d went", n, args->len); - - if (wsi->http.cgi->post_in_expected && args->stdwsi[LWS_STDIN] && - args->stdwsi[LWS_STDIN]->desc.filefd > 0) { - wsi->http.cgi->post_in_expected -= n; - if (!wsi->http.cgi->post_in_expected) { - struct lws *siwsi = args->stdwsi[LWS_STDIN]; - - lwsl_debug("%s: expected POST in end: " - "closing stdin wsi %p, fd %d\n", - __func__, siwsi, siwsi->desc.sockfd); - - __remove_wsi_socket_from_fds(siwsi); - lwsi_set_state(siwsi, LRS_DEAD_SOCKET); - siwsi->socket_is_permanently_unusable = 1; -// lws_remove_child_from_any_parent(siwsi); - if (wsi->context->event_loop_ops-> - close_handle_manually) { - - wsi->context->event_loop_ops-> - close_handle_manually(siwsi); - siwsi->told_event_loop_closed = 1; - } else { - compatible_close(siwsi->desc.sockfd); - __lws_free_wsi(siwsi); - } - wsi->http.cgi->pipe_fds[LWS_STDIN][1] = -1; - -// args->stdwsi[LWS_STDIN] = NULL; - } - } - - return n; -#endif /* WITH_CGI */ -#endif /* ROLE_ H1 / H2 */ - case LWS_CALLBACK_SSL_INFO: - si = in; - - (void)si; - lwsl_notice("LWS_CALLBACK_SSL_INFO: where: 0x%x, ret: 0x%x\n", - si->where, si->ret); - break; - -#if LWS_MAX_SMP > 1 - case LWS_CALLBACK_GET_THREAD_ID: - return (int)(unsigned long long)pthread_self(); -#endif - - default: - break; - } - - return 0; -} diff --git a/lib/core-net/lws-dsh.c b/lib/core-net/lws-dsh.c deleted file mode 100644 index e03a149..0000000 --- a/lib/core-net/lws-dsh.c +++ /dev/null @@ -1,501 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -struct lws_dsh_search { - size_t required; - int kind; - lws_dsh_obj_t *best; - lws_dsh_t *dsh; - - lws_dsh_t *already_checked; - lws_dsh_t *this_dsh; -}; - -static int -_lws_dsh_alloc_tail(lws_dsh_t *dsh, int kind, const void *src1, size_t size1, - const void *src2, size_t size2, lws_dll2_t *replace); - -static size_t -lws_dsh_align(size_t length) -{ - size_t align = sizeof(int *); - - if (length & (align - 1)) - length += align - (length & (align - 1)); - - return length; -} - -lws_dsh_t * -lws_dsh_create(lws_dll2_owner_t *owner, size_t buf_len, int count_kinds) -{ - size_t oha_len = sizeof(lws_dsh_obj_head_t) * ++count_kinds; - lws_dsh_obj_t *obj; - lws_dsh_t *dsh; - int n; - - assert(buf_len); - assert(count_kinds > 1); - - dsh = lws_malloc(sizeof(lws_dsh_t) + buf_len + oha_len, __func__); - if (!dsh) - return NULL; - - /* set convenience pointers to the overallocated parts */ - - dsh->oha = (lws_dsh_obj_head_t *)&dsh[1]; - dsh->buf = ((uint8_t *)dsh->oha) + oha_len; - dsh->count_kinds = count_kinds; - dsh->buffer_size = buf_len; - dsh->being_destroyed = 0; - - /* clear down the obj heads array */ - - memset(dsh->oha, 0, oha_len); - for (n = 0; n < count_kinds; n++) - dsh->oha[n].kind = n; - - /* initially the whole buffer is on the free kind (0) list */ - - obj = (lws_dsh_obj_t *)dsh->buf; - memset(obj, 0, sizeof(*obj)); - obj->asize = buf_len - sizeof(*obj); - - lws_dll2_add_head(&obj->list, &dsh->oha[0].owner); - - dsh->locally_free = obj->asize; - dsh->locally_in_use = 0; - - lws_dll2_clear(&dsh->list); - if (owner) - lws_dll2_add_head(&dsh->list, owner); - - // lws_dsh_describe(dsh, "post-init"); - - return dsh; -} - -static int -search_best_free(struct lws_dll2 *d, void *user) -{ - struct lws_dsh_search *s = (struct lws_dsh_search *)user; - lws_dsh_obj_t *obj = lws_container_of(d, lws_dsh_obj_t, list); - - lwsl_debug("%s: obj %p, asize %zu (req %zu)\n", __func__, obj, - obj->asize, s->required); - - if (obj->asize >= s->required && - (!s->best || obj->asize < s->best->asize)) { - s->best = obj; - s->dsh = s->this_dsh; - } - - return 0; -} - -static int -try_foreign(struct lws_dll2 *d, void *user) -{ - struct lws_dsh_search *s = (struct lws_dsh_search *)user; - lws_dsh_t *dsh1 = lws_container_of(d, lws_dsh_t, list); - - if (dsh1 == s->already_checked) - return 0; - - if (dsh1->being_destroyed) - return 0; - - if (dsh1->count_kinds < s->kind + 1) - return 0; - - lwsl_debug("%s: actual try_foreign: dsh %p (free list size %d)\n", - __func__, dsh1, dsh1->oha[0].owner.count); - - s->this_dsh = dsh1; - if (lws_dll2_foreach_safe(&dsh1->oha[0].owner, s, search_best_free)) - return 1; - - return 0; -} - -static int -free_foreign(struct lws_dll2 *d, void *user) -{ - lws_dsh_obj_t *obj = lws_container_of(d, lws_dsh_obj_t, list); - lws_dsh_t *dsh = (lws_dsh_t *)user; - void *p = (void *)&obj[1]; - - if (obj->dsh != dsh) - lws_dsh_free(&p); - - return 0; -} - -static int -evict2(struct lws_dll2 *d, void *user) -{ - lws_dsh_obj_t *obj = lws_container_of(d, lws_dsh_obj_t, list); - lws_dsh_t *dsh = (lws_dsh_t *)user; - void *p; - - if (obj->dsh != dsh) - return 0; - - /* - * If we are here, it means obj is a live object that is allocated on - * the dsh being destroyed, from a different dsh. We need to migrate - * the object to a dsh that isn't being destroyed. - */ - - lwsl_debug("%s: migrating object size %zu\n", __func__, obj->size); - - if (_lws_dsh_alloc_tail(dsh, 0, (void *)&obj[1], obj->size, NULL, 0, &obj->list)) { - lwsl_notice("%s: failed to migrate object\n", __func__); - /* - * only thing we can do is drop the logical object - */ - p = (uint8_t *)&obj[1]; - lws_dsh_free(&p); - } - - return 0; -} - -static int -evict1(struct lws_dll2 *d, void *user) -{ - lws_dsh_t *dsh1 = lws_container_of(d, lws_dsh_t, list); - lws_dsh_t *dsh = (lws_dsh_t *)user; - int n; - - if (dsh1->being_destroyed) - return 0; - - /* - * For every dsh that's not being destroyed, send every object to - * evict2 for checking. - */ - - lwsl_debug("%s: checking dsh %p\n", __func__, dsh1); - - for (n = 1; n < dsh1->count_kinds; n++) { - lws_dll2_describe(&dsh1->oha[n].owner, "check dsh1"); - lws_dll2_foreach_safe(&dsh1->oha[n].owner, dsh, evict2); - } - - return 0; -} - -void -lws_dsh_destroy(lws_dsh_t **pdsh) -{ - lws_dsh_t *dsh = *pdsh; - int n; - - if (!dsh) - return; - - lwsl_debug("%s: destroying dsh %p\n", __func__, dsh); - - dsh->being_destroyed = 1; - - /* we need to explicitly free any of our allocations in foreign dsh */ - - for (n = 1; n < dsh->count_kinds; n++) - lws_dll2_foreach_safe(&dsh->oha[n].owner, dsh, free_foreign); - - /* - * We need to have anybody else with allocations in us evict them - * and make a copy in a buffer that isn't being destroyed - */ - - if (dsh->list.owner) - lws_dll2_foreach_safe(dsh->list.owner, dsh, evict1); - - lws_dll2_remove(&dsh->list); - - /* everything else is in one heap allocation */ - - lws_free_set_NULL(*pdsh); -} - -static int -_lws_dsh_alloc_tail(lws_dsh_t *dsh, int kind, const void *src1, size_t size1, - const void *src2, size_t size2, lws_dll2_t *replace) -{ - size_t asize = sizeof(lws_dsh_obj_t) + lws_dsh_align(size1 + size2); - struct lws_dsh_search s; - - assert(kind >= 0); - kind++; - assert(!dsh || kind < dsh->count_kinds); - - /* - * Search our free list looking for the smallest guy who will fit - * what we want to allocate - */ - s.required = asize; - s.kind = kind; - s.best = NULL; - s.already_checked = NULL; - s.this_dsh = dsh; - - if (dsh && !dsh->being_destroyed) - lws_dll2_foreach_safe(&dsh->oha[0].owner, &s, search_best_free); - - if (!s.best) { - /* - * Let's see if any other buffer has room - */ - s.already_checked = dsh; - - if (dsh && dsh->list.owner) - lws_dll2_foreach_safe(dsh->list.owner, &s, try_foreign); - - if (!s.best) { - lwsl_notice("%s: no buffer has space\n", __func__); - - return 1; - } - } - - /* anything coming out of here must be aligned */ - assert(!(((unsigned long)s.best) & (sizeof(int *) - 1))); - - if (s.best->asize < asize + (2 * sizeof(*s.best))) { - /* - * Exact fit, or close enough we can't / don't want to have to - * track the little bit of free area that would be left. - * - * Move the object from the free list to the oha of the - * desired kind - */ - lws_dll2_remove(&s.best->list); - s.best->dsh = s.dsh; - s.best->size = size1 + size2; - memcpy(&s.best[1], src1, size1); - if (src2) - memcpy((uint8_t *)&s.best[1] + size1, src2, size2); - - if (replace) { - s.best->list.prev = replace->prev; - s.best->list.next = replace->next; - s.best->list.owner = replace->owner; - if (replace->prev) - replace->prev->next = &s.best->list; - if (replace->next) - replace->next->prev = &s.best->list; - } else - if (dsh) - lws_dll2_add_tail(&s.best->list, &dsh->oha[kind].owner); - - assert(s.dsh->locally_free >= s.best->asize); - s.dsh->locally_free -= s.best->asize; - s.dsh->locally_in_use += s.best->asize; - assert(s.dsh->locally_in_use <= s.dsh->buffer_size); - } else { - lws_dsh_obj_t *obj; - - /* - * Free area was oversize enough that we need to split it. - * - * Leave the first part of the free area where it is and - * reduce its extent by our asize. Use the latter part of - * the original free area as the allocation. - */ - lwsl_debug("%s: splitting... free reduce %zu -> %zu\n", - __func__, s.best->asize, s.best->asize - asize); - - s.best->asize -= asize; - - /* latter part becomes new object */ - - obj = (lws_dsh_obj_t *)(((uint8_t *)s.best) + s.best->asize); - - lws_dll2_clear(&obj->list); - obj->dsh = s.dsh; - obj->size = size1 + size2; - obj->asize = asize; - - memcpy(&obj[1], src1, size1); - if (src2) - memcpy((uint8_t *)&obj[1] + size1, src2, size2); - - if (replace) { - s.best->list.prev = replace->prev; - s.best->list.next = replace->next; - s.best->list.owner = replace->owner; - if (replace->prev) - replace->prev->next = &s.best->list; - if (replace->next) - replace->next->prev = &s.best->list; - } else - if (dsh) - lws_dll2_add_tail(&obj->list, &dsh->oha[kind].owner); - - assert(s.dsh->locally_free >= asize); - s.dsh->locally_free -= asize; - s.dsh->locally_in_use += asize; - assert(s.dsh->locally_in_use <= s.dsh->buffer_size); - } - - // lws_dsh_describe(dsh, "post-alloc"); - - return 0; -} - -int -lws_dsh_alloc_tail(lws_dsh_t *dsh, int kind, const void *src1, size_t size1, - const void *src2, size_t size2) -{ - return _lws_dsh_alloc_tail(dsh, kind, src1, size1, src2, size2, NULL); -} - -static int -buf_compare(const lws_dll2_t *d, const lws_dll2_t *i) -{ - return (int)lws_ptr_diff(d, i); -} - -void -lws_dsh_free(void **pobj) -{ - lws_dsh_obj_t *_o = (lws_dsh_obj_t *)((uint8_t *)(*pobj) - sizeof(*_o)), - *_o2; - lws_dsh_t *dsh = _o->dsh; - - /* anything coming out of here must be aligned */ - assert(!(((unsigned long)_o) & (sizeof(int *) - 1))); - - /* - * Remove the object from its list and place on the free list of the - * dsh the buffer space belongs to - */ - - lws_dll2_remove(&_o->list); - *pobj = NULL; - - assert(dsh->locally_in_use >= _o->asize); - dsh->locally_free += _o->asize; - dsh->locally_in_use -= _o->asize; - assert(dsh->locally_in_use <= dsh->buffer_size); - - /* - * The free space list is sorted in buffer address order, so detecting - * coalescing opportunities is cheap. Because the free list should be - * continuously tending to reduce by coalescing, the sorting should not - * be expensive to maintain. - */ - _o->size = 0; /* not meaningful when on free list */ - lws_dll2_add_sorted(&_o->list, &_o->dsh->oha[0].owner, buf_compare); - - /* First check for already-free block at the end we can subsume. - * Because the free list is sorted, if there is such a guy he is - * already our list.next */ - - _o2 = (lws_dsh_obj_t *)_o->list.next; - if (_o2 && (uint8_t *)_o + _o->asize == (uint8_t *)_o2) { - /* - * since we are freeing _obj, we can coalesce with a - * free area immediately ahead of it - * - * [ _o (being freed) ][ _o2 (free) ] -> [ larger _o ] - */ - _o->asize += _o2->asize; - - /* guy next to us was absorbed into us */ - lws_dll2_remove(&_o2->list); - } - - /* Then check if we can be subsumed by a free block behind us. - * Because the free list is sorted, if there is such a guy he is - * already our list.prev */ - - _o2 = (lws_dsh_obj_t *)_o->list.prev; - if (_o2 && (uint8_t *)_o2 + _o2->asize == (uint8_t *)_o) { - /* - * since we are freeing obj, we can coalesce it with - * the previous free area that abuts it - * - * [ _o2 (free) ][ _o (being freed) ] -> [ larger _o2 ] - */ - _o2->asize += _o->asize; - - /* we were absorbed! */ - lws_dll2_remove(&_o->list); - } - - // lws_dsh_describe(dsh, "post-alloc"); -} - -int -lws_dsh_get_head(lws_dsh_t *dsh, int kind, void **obj, size_t *size) -{ - lws_dsh_obj_t *_obj = (lws_dsh_obj_t *) - lws_dll2_get_head(&dsh->oha[kind + 1].owner); - - if (!_obj) { - *obj = 0; - *size = 0; - - return 1; /* there is no head */ - } - - *obj = (void *)(&_obj[1]); - *size = _obj->size; - - /* anything coming out of here must be aligned */ - assert(!(((unsigned long)(*obj)) & (sizeof(int *) - 1))); - - return 0; /* we returned the head */ -} - -#if defined(_DEBUG) - -static int -describe_kind(struct lws_dll2 *d, void *user) -{ - lws_dsh_obj_t *obj = lws_container_of(d, lws_dsh_obj_t, list); - - lwsl_info(" _obj %p - %p, dsh %p, size %zu, asize %zu\n", - obj, (uint8_t *)obj + obj->asize, - obj->dsh, obj->size, obj->asize); - - return 0; -} - -void -lws_dsh_describe(lws_dsh_t *dsh, const char *desc) -{ - int n = 0; - - lwsl_info("%s: dsh %p, bufsize %zu, kinds %d, lf: %zu, liu: %zu, %s\n", - __func__, dsh, dsh->buffer_size, dsh->count_kinds, - dsh->locally_free, dsh->locally_in_use, desc); - - for (n = 0; n < dsh->count_kinds; n++) { - lwsl_info(" Kind %d:\n", n); - lws_dll2_foreach_safe(&dsh->oha[n].owner, dsh, describe_kind); - } -} -#endif diff --git a/lib/core-net/network.c b/lib/core-net/network.c deleted file mode 100644 index 8c3fe1a..0000000 --- a/lib/core-net/network.c +++ /dev/null @@ -1,519 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) -static int -interface_to_sa(struct lws_vhost *vh, const char *ifname, - struct sockaddr_in *addr, size_t addrlen, int allow_ipv6) -{ - int ipv6 = 0; -#ifdef LWS_WITH_IPV6 - if (allow_ipv6) - ipv6 = LWS_IPV6_ENABLED(vh); -#endif - (void)vh; - - return lws_interface_to_sa(ipv6, ifname, addr, addrlen); -} -#endif - -#ifndef LWS_PLAT_OPTEE -static int -lws_get_addresses(struct lws_vhost *vh, void *ads, char *name, - int name_len, char *rip, int rip_len) -{ - struct addrinfo ai, *res; - struct sockaddr_in addr4; - - rip[0] = '\0'; - name[0] = '\0'; - addr4.sin_family = AF_UNSPEC; - -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(vh)) { - if (!lws_plat_inet_ntop(AF_INET6, - &((struct sockaddr_in6 *)ads)->sin6_addr, - rip, rip_len)) { - lwsl_err("inet_ntop: %s", strerror(LWS_ERRNO)); - return -1; - } - - // Strip off the IPv4 to IPv6 header if one exists - if (strncmp(rip, "::ffff:", 7) == 0) - memmove(rip, rip + 7, strlen(rip) - 6); - - getnameinfo((struct sockaddr *)ads, sizeof(struct sockaddr_in6), - name, name_len, NULL, 0, 0); - - return 0; - } else -#endif - { - struct addrinfo *result; - - memset(&ai, 0, sizeof ai); - ai.ai_family = PF_UNSPEC; - ai.ai_socktype = SOCK_STREAM; -#if !defined(LWS_WITH_ESP32) - if (getnameinfo((struct sockaddr *)ads, - sizeof(struct sockaddr_in), - name, name_len, NULL, 0, 0)) - return -1; -#endif - - if (getaddrinfo(name, NULL, &ai, &result)) - return -1; - - res = result; - while (addr4.sin_family == AF_UNSPEC && res) { - switch (res->ai_family) { - case AF_INET: - addr4.sin_addr = - ((struct sockaddr_in *)res->ai_addr)->sin_addr; - addr4.sin_family = AF_INET; - break; - } - - res = res->ai_next; - } - freeaddrinfo(result); - } - - if (addr4.sin_family == AF_UNSPEC) - return -1; - - if (lws_plat_inet_ntop(AF_INET, &addr4.sin_addr, rip, rip_len) == NULL) - return -1; - - return 0; -} - - -LWS_VISIBLE const char * -lws_get_peer_simple(struct lws *wsi, char *name, int namelen) -{ - socklen_t len, olen; -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 sin6; -#endif - struct sockaddr_in sin4; - int af = AF_INET; - void *p, *q; - - wsi = lws_get_network_wsi(wsi); - -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(wsi->vhost)) { - len = sizeof(sin6); - p = &sin6; - af = AF_INET6; - q = &sin6.sin6_addr; - } else -#endif - { - len = sizeof(sin4); - p = &sin4; - q = &sin4.sin_addr; - } - - olen = len; - if (getpeername(wsi->desc.sockfd, p, &len) < 0 || len > olen) { - lwsl_warn("getpeername: %s\n", strerror(LWS_ERRNO)); - return NULL; - } - - return lws_plat_inet_ntop(af, q, name, namelen); -} -#endif - -LWS_VISIBLE void -lws_get_peer_addresses(struct lws *wsi, lws_sockfd_type fd, char *name, - int name_len, char *rip, int rip_len) -{ -#ifndef LWS_PLAT_OPTEE - socklen_t len; -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 sin6; -#endif - struct sockaddr_in sin4; - struct lws_context *context = wsi->context; - int ret = -1; - void *p; - - rip[0] = '\0'; - name[0] = '\0'; - - lws_latency_pre(context, wsi); - -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(wsi->vhost)) { - len = sizeof(sin6); - p = &sin6; - } else -#endif - { - len = sizeof(sin4); - p = &sin4; - } - - if (getpeername(fd, p, &len) < 0) { - lwsl_warn("getpeername: %s\n", strerror(LWS_ERRNO)); - goto bail; - } - - ret = lws_get_addresses(wsi->vhost, p, name, name_len, rip, rip_len); - -bail: - lws_latency(context, wsi, "lws_get_peer_addresses", ret, 1); -#endif - (void)wsi; - (void)fd; - (void)name; - (void)name_len; - (void)rip; - (void)rip_len; -} - - - -/* note: this returns a random port, or one of these <= 0 return codes: - * - * LWS_ITOSA_USABLE: the interface is usable, returned if so and sockfd invalid - * LWS_ITOSA_NOT_EXIST: the requested iface does not even exist - * LWS_ITOSA_NOT_USABLE: the requested iface exists but is not usable (eg, no IP) - * LWS_ITOSA_BUSY: the port at the requested iface + port is already in use - */ - -LWS_EXTERN int -lws_socket_bind(struct lws_vhost *vhost, lws_sockfd_type sockfd, int port, - const char *iface, int ipv6_allowed) -{ -#ifdef LWS_WITH_UNIX_SOCK - struct sockaddr_un serv_unix; -#endif -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 serv_addr6; -#endif - struct sockaddr_in serv_addr4; -#ifndef LWS_PLAT_OPTEE - socklen_t len = sizeof(struct sockaddr_storage); -#endif - int n; -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - int m; -#endif - struct sockaddr_storage sin; - struct sockaddr *v; - - memset(&sin, 0, sizeof(sin)); - -#if defined(LWS_WITH_UNIX_SOCK) - if (LWS_UNIX_SOCK_ENABLED(vhost)) { - v = (struct sockaddr *)&serv_unix; - n = sizeof(struct sockaddr_un); - memset(&serv_unix, 0, sizeof(serv_unix)); - serv_unix.sun_family = AF_UNIX; - if (!iface) - return LWS_ITOSA_NOT_EXIST; - if (sizeof(serv_unix.sun_path) <= strlen(iface)) { - lwsl_err("\"%s\" too long for UNIX domain socket\n", - iface); - return LWS_ITOSA_NOT_EXIST; - } - strcpy(serv_unix.sun_path, iface); - if (serv_unix.sun_path[0] == '@') - serv_unix.sun_path[0] = '\0'; - else - unlink(serv_unix.sun_path); - - } else -#endif -#if defined(LWS_WITH_IPV6) && !defined(LWS_WITH_ESP32) - if (ipv6_allowed && LWS_IPV6_ENABLED(vhost)) { - v = (struct sockaddr *)&serv_addr6; - n = sizeof(struct sockaddr_in6); - memset(&serv_addr6, 0, sizeof(serv_addr6)); - if (iface) { - m = interface_to_sa(vhost, iface, - (struct sockaddr_in *)v, n, 1); - if (m == LWS_ITOSA_NOT_USABLE) { - lwsl_info("%s: netif %s: Not usable\n", - __func__, iface); - return m; - } - if (m == LWS_ITOSA_NOT_EXIST) { - lwsl_info("%s: netif %s: Does not exist\n", - __func__, iface); - return m; - } - serv_addr6.sin6_scope_id = lws_get_addr_scope(iface); - } - - serv_addr6.sin6_family = AF_INET6; - serv_addr6.sin6_port = htons(port); - } else -#endif - { - v = (struct sockaddr *)&serv_addr4; - n = sizeof(serv_addr4); - memset(&serv_addr4, 0, sizeof(serv_addr4)); - serv_addr4.sin_addr.s_addr = INADDR_ANY; - serv_addr4.sin_family = AF_INET; - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - if (iface) { - m = interface_to_sa(vhost, iface, - (struct sockaddr_in *)v, n, 0); - if (m == LWS_ITOSA_NOT_USABLE) { - lwsl_info("%s: netif %s: Not usable\n", - __func__, iface); - return m; - } - if (m == LWS_ITOSA_NOT_EXIST) { - lwsl_info("%s: netif %s: Does not exist\n", - __func__, iface); - return m; - } - } -#endif - serv_addr4.sin_port = htons(port); - } /* ipv4 */ - - /* just checking for the interface extant */ - if (sockfd == LWS_SOCK_INVALID) - return LWS_ITOSA_USABLE; - - n = bind(sockfd, v, n); -#ifdef LWS_WITH_UNIX_SOCK - if (n < 0 && LWS_UNIX_SOCK_ENABLED(vhost)) { - lwsl_err("ERROR on binding fd %d to \"%s\" (%d %d)\n", - sockfd, iface, n, LWS_ERRNO); - return LWS_ITOSA_NOT_EXIST; - } else -#endif - if (n < 0) { - lwsl_err("ERROR on binding fd %d to port %d (%d %d)\n", - sockfd, port, n, LWS_ERRNO); - - /* if something already listening, tell caller to fail permanently */ - - if (LWS_ERRNO == LWS_EADDRINUSE) - return LWS_ITOSA_BUSY; - - /* otherwise ask caller to retry later */ - - return LWS_ITOSA_NOT_EXIST; - } - -#if defined(LWS_WITH_UNIX_SOCK) - if (LWS_UNIX_SOCK_ENABLED(vhost)) { - uid_t uid = vhost->context->uid; - gid_t gid = vhost->context->gid; - - if (vhost->unix_socket_perms) { - if (lws_plat_user_colon_group_to_ids( - vhost->unix_socket_perms, &uid, &gid)) { - lwsl_err("%s: Failed to translate %s\n", - __func__, vhost->unix_socket_perms); - return LWS_ITOSA_NOT_EXIST; - } - } - if (uid && gid) { - if (chown(serv_unix.sun_path, uid, gid)) { - lwsl_err("%s: failed to set %s perms %u:%u\n", - __func__, serv_unix.sun_path, - (unsigned int)uid, (unsigned int)gid); - - return LWS_ITOSA_NOT_EXIST; - } - lwsl_notice("%s: vh %s unix skt %s perms %u:%u\n", - __func__, vhost->name, serv_unix.sun_path, - (unsigned int)uid, (unsigned int)gid); - - if (chmod(serv_unix.sun_path, 0660)) { - lwsl_err("%s: failed to set %s to 0600 mode\n", - __func__, serv_unix.sun_path); - - return LWS_ITOSA_NOT_EXIST; - } - } - } -#endif - -#ifndef LWS_PLAT_OPTEE - if (getsockname(sockfd, (struct sockaddr *)&sin, &len) == -1) - lwsl_warn("getsockname: %s\n", strerror(LWS_ERRNO)); - else -#endif -#if defined(LWS_WITH_IPV6) - port = (sin.ss_family == AF_INET6) ? - ntohs(((struct sockaddr_in6 *) &sin)->sin6_port) : - ntohs(((struct sockaddr_in *) &sin)->sin_port); -#else - { - struct sockaddr_in sain; - memcpy(&sain, &sin, sizeof(sain)); - port = ntohs(sain.sin_port); - } -#endif - - return port; -} - -static const lws_retry_range_t default_bo = { 3000, 7000 }; - -unsigned int -lws_retry_get_delay_ms(struct lws_context *context, - const lws_retry_bo_t *retry, uint16_t *ctry, char *conceal) -{ - const lws_retry_range_t *r = &default_bo; - unsigned int ms; - uint16_t ra; - - if (conceal) - *conceal = 0; - - if (retry) { - if (*ctry < retry->retry_ms_table_count) - r = &retry->retry_ms_table[*ctry]; - else - r = &retry->retry_ms_table[ - retry->retry_ms_table_count - 1]; - } - - ms = r->min_ms; - if (lws_get_random(context, &ra, sizeof(ra)) == sizeof(ra)) - ms += ((r->max_ms - ms) * ra) / 65535; - - if (*ctry < 0xffff) - (*ctry)++; - - if (retry && conceal) - *conceal = (int)*ctry <= retry->conceal_count; - - return ms; -} - -#if defined(LWS_WITH_IPV6) -LWS_EXTERN unsigned long -lws_get_addr_scope(const char *ipaddr) -{ - unsigned long scope = 0; - -#ifndef WIN32 - struct ifaddrs *addrs, *addr; - char ip[NI_MAXHOST]; - unsigned int i; - - getifaddrs(&addrs); - for (addr = addrs; addr; addr = addr->ifa_next) { - if (!addr->ifa_addr || - addr->ifa_addr->sa_family != AF_INET6) - continue; - - getnameinfo(addr->ifa_addr, - sizeof(struct sockaddr_in6), - ip, sizeof(ip), - NULL, 0, NI_NUMERICHOST); - - i = 0; - while (ip[i]) - if (ip[i++] == '%') { - ip[i - 1] = '\0'; - break; - } - - if (!strcmp(ip, ipaddr)) { - scope = if_nametoindex(addr->ifa_name); - break; - } - } - freeifaddrs(addrs); -#else - PIP_ADAPTER_ADDRESSES adapter, addrs = NULL; - PIP_ADAPTER_UNICAST_ADDRESS addr; - ULONG size = 0; - DWORD ret; - struct sockaddr_in6 *sockaddr; - char ip[NI_MAXHOST]; - unsigned int i; - int found = 0; - - for (i = 0; i < 5; i++) - { - ret = GetAdaptersAddresses(AF_INET6, GAA_FLAG_INCLUDE_PREFIX, - NULL, addrs, &size); - if ((ret == NO_ERROR) || (ret == ERROR_NO_DATA)) { - break; - } else if (ret == ERROR_BUFFER_OVERFLOW) - { - if (addrs) - free(addrs); - addrs = (IP_ADAPTER_ADDRESSES *)malloc(size); - } else - { - if (addrs) - { - free(addrs); - addrs = NULL; - } - lwsl_err("Failed to get IPv6 address table (%d)", ret); - break; - } - } - - if ((ret == NO_ERROR) && (addrs)) { - adapter = addrs; - while (adapter && !found) { - addr = adapter->FirstUnicastAddress; - while (addr && !found) { - if (addr->Address.lpSockaddr->sa_family == - AF_INET6) { - sockaddr = (struct sockaddr_in6 *) - (addr->Address.lpSockaddr); - - lws_plat_inet_ntop(sockaddr->sin6_family, - &sockaddr->sin6_addr, - ip, sizeof(ip)); - - if (!strcmp(ip, ipaddr)) { - scope = sockaddr->sin6_scope_id; - found = 1; - break; - } - } - addr = addr->Next; - } - adapter = adapter->Next; - } - } - if (addrs) - free(addrs); -#endif - - return scope; -} -#endif - - - diff --git a/lib/core-net/output.c b/lib/core-net/output.c deleted file mode 100644 index bcbc6d5..0000000 --- a/lib/core-net/output.c +++ /dev/null @@ -1,344 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * notice this returns number of bytes consumed, or -1 - */ -int lws_issue_raw(struct lws *wsi, unsigned char *buf, size_t len) -{ - struct lws_context *context = lws_get_context(wsi); - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - size_t real_len = len; - unsigned int n, m; - - // lwsl_notice("%s: len %d\n", __func__, (int)len); - // lwsl_hexdump_level(LLL_NOTICE, buf, len); - - /* - * Detect if we got called twice without going through the - * event loop to handle pending. Since that guarantees extending any - * existing buflist_out it's inefficient. - */ - if (0 && buf && wsi->could_have_pending) { - lwsl_hexdump_level(LLL_INFO, buf, len); - lwsl_info("** %p: vh: %s, prot: %s, role %s: " - "Inefficient back-to-back write of %lu detected...\n", - wsi, wsi->vhost ? wsi->vhost->name : "no vhost", - wsi->protocol->name, wsi->role_ops->name, - (unsigned long)len); - } - - lws_stats_bump(pt, LWSSTATS_C_API_WRITE, 1); - - /* just ignore sends after we cleared the truncation buffer */ - if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE && - !lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - && !wsi->http.comp_ctx.may_have_more -#endif - ) - return (int)len; - - if (buf && lws_has_buffered_out(wsi)) { - lwsl_info("** %p: vh: %s, prot: %s, incr buflist_out by %lu\n", - wsi, wsi->vhost ? wsi->vhost->name : "no vhost", - wsi->protocol->name, (unsigned long)len); - - /* - * already buflist ahead of this, add it on the tail of the - * buflist, then ignore it for now and act like we're flushing - * the buflist... - */ - - if (lws_buflist_append_segment(&wsi->buflist_out, buf, len)) - return -1; - - buf = NULL; - len = 0; - } - - if (wsi->buflist_out) { - /* we have to drain the earliest buflist_out stuff first */ - - len = lws_buflist_next_segment_len(&wsi->buflist_out, &buf); - real_len = len; - - lwsl_debug("%s: draining %d\n", __func__, (int)len); - } - - if (!len || !buf) - return 0; - - if (!wsi->http2_substream && !lws_socket_is_valid(wsi->desc.sockfd)) - lwsl_warn("** error invalid sock but expected to send\n"); - - /* limit sending */ - if (wsi->protocol->tx_packet_size) - n = (int)wsi->protocol->tx_packet_size; - else { - n = (int)wsi->protocol->rx_buffer_size; - if (!n) - n = context->pt_serv_buf_size; - } - n += LWS_PRE + 4; - if (n > len) - n = (int)len; - - /* nope, send it on the socket directly */ - lws_latency_pre(context, wsi); - m = lws_ssl_capable_write(wsi, buf, n); - lws_latency(context, wsi, "send lws_issue_raw", n, n == m); - - lwsl_info("%s: ssl_capable_write (%d) says %d\n", __func__, n, m); - - /* something got written, it can have been truncated now */ - wsi->could_have_pending = 1; - - switch (m) { - case LWS_SSL_CAPABLE_ERROR: - /* we're going to close, let close know sends aren't possible */ - wsi->socket_is_permanently_unusable = 1; - return -1; - case LWS_SSL_CAPABLE_MORE_SERVICE: - /* - * nothing got sent, not fatal. Retry the whole thing later, - * ie, implying treat it was a truncated send so it gets - * retried - */ - m = 0; - break; - } - - if ((int)m < 0) - m = 0; - - /* - * we were sending this from buflist_out? Then not sending everything - * is a small matter of advancing ourselves only by the amount we did - * send in the buflist. - */ - if (lws_has_buffered_out(wsi)) { - if (m) { - lwsl_info("%p partial adv %d (vs %ld)\n", wsi, m, - (long)real_len); - lws_buflist_use_segment(&wsi->buflist_out, m); - } - - if (!lws_has_buffered_out(wsi)) { - lwsl_info("%s: wsi %p: buflist_out flushed\n", - __func__, wsi); - - m = (int)real_len; - if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE) { - lwsl_info("*%p signalling to close now\n", wsi); - return -1; /* retry closing now */ - } - - if (wsi->close_when_buffered_out_drained) { - wsi->close_when_buffered_out_drained = 0; - return -1; - } - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -#if !defined(LWS_WITHOUT_SERVER) - if (wsi->http.deferred_transaction_completed) { - lwsl_notice("%s: partial completed, doing " - "deferred transaction completed\n", - __func__); - wsi->http.deferred_transaction_completed = 0; - return lws_http_transaction_completed(wsi) ? - -1 : (int)real_len; - } -#endif -#endif - } - /* always callback on writeable */ - lws_callback_on_writable(wsi); - - return m; - } - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.comp_ctx.may_have_more) - lws_callback_on_writable(wsi); -#endif - - if (m == real_len) - /* what we just sent went out cleanly */ - return m; - - /* - * We were not able to send everything... and we were not sending from - * an existing buflist_out. So we are starting a fresh buflist_out, by - * buffering the unsent remainder on it. - * (it will get first priority next time the socket is writable). - */ - lwsl_debug("%p new partial sent %d from %lu total\n", wsi, m, - (unsigned long)real_len); - - if (lws_buflist_append_segment(&wsi->buflist_out, buf + m, - real_len - m) < 0) - return -1; - - lws_stats_bump(pt, LWSSTATS_C_WRITE_PARTIALS, 1); - lws_stats_bump(pt, LWSSTATS_B_PARTIALS_ACCEPTED_PARTS, m); - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - if (lws_wsi_is_udp(wsi)) { - /* stash original destination for fulfilling UDP partials */ - wsi->udp->sa_pending = wsi->udp->sa; - wsi->udp->salen_pending = wsi->udp->salen; - } -#endif - - /* since something buffered, force it to get another chance to send */ - lws_callback_on_writable(wsi); - - return (int)real_len; -} - -LWS_VISIBLE int lws_write(struct lws *wsi, unsigned char *buf, size_t len, - enum lws_write_protocol wp) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_stats_bump(pt, LWSSTATS_C_API_LWS_WRITE, 1); - - if ((int)len < 0) { - lwsl_err("%s: suspicious len int %d, ulong %lu\n", __func__, - (int)len, (unsigned long)len); - return -1; - } - - lws_stats_bump(pt, LWSSTATS_B_WRITE, len); - -#ifdef LWS_WITH_ACCESS_LOG - wsi->http.access_log.sent += len; -#endif - if (wsi->vhost) - wsi->vhost->conn_stats.tx += len; - - assert(wsi->role_ops); - if (!wsi->role_ops->write_role_protocol) - return lws_issue_raw(wsi, buf, len); - - return wsi->role_ops->write_role_protocol(wsi, buf, len, &wp); -} - -LWS_VISIBLE int -lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, int len) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int n = 0; - - lws_stats_bump(pt, LWSSTATS_C_API_READ, 1); - - errno = 0; - if (lws_wsi_is_udp(wsi)) { -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - wsi->udp->salen = sizeof(wsi->udp->sa); - n = recvfrom(wsi->desc.sockfd, (char *)buf, len, 0, - &wsi->udp->sa, &wsi->udp->salen); -#endif - } else - n = recv(wsi->desc.sockfd, (char *)buf, len, 0); - - if (n >= 0) { - - if (!n && wsi->unix_skt) - return LWS_SSL_CAPABLE_ERROR; - - /* - * See https://libwebsockets.org/ - * pipermail/libwebsockets/2019-March/007857.html - */ - if (!n) - return LWS_SSL_CAPABLE_ERROR; - - if (wsi->vhost) - wsi->vhost->conn_stats.rx += n; - lws_stats_bump(pt, LWSSTATS_B_READ, n); - - return n; - } - - if (LWS_ERRNO == LWS_EAGAIN || - LWS_ERRNO == LWS_EWOULDBLOCK || - LWS_ERRNO == LWS_EINTR) - return LWS_SSL_CAPABLE_MORE_SERVICE; - - lwsl_info("error on reading from skt : %d\n", LWS_ERRNO); - return LWS_SSL_CAPABLE_ERROR; -} - -LWS_VISIBLE int -lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len) -{ - int n = 0; -#if defined(LWS_PLAT_OPTEE) - ssize_t send(int sockfd, const void *buf, size_t len, int flags); -#endif - - if (lws_wsi_is_udp(wsi)) { -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - if (lws_has_buffered_out(wsi)) - n = sendto(wsi->desc.sockfd, (const char *)buf, - len, 0, &wsi->udp->sa_pending, - wsi->udp->salen_pending); - else - n = sendto(wsi->desc.sockfd, (const char *)buf, - len, 0, &wsi->udp->sa, wsi->udp->salen); -#endif - } else - n = send(wsi->desc.sockfd, (char *)buf, len, MSG_NOSIGNAL); -// lwsl_info("%s: sent len %d result %d", __func__, len, n); - if (n >= 0) - return n; - - if (LWS_ERRNO == LWS_EAGAIN || - LWS_ERRNO == LWS_EWOULDBLOCK || - LWS_ERRNO == LWS_EINTR) { - if (LWS_ERRNO == LWS_EWOULDBLOCK) { - lws_set_blocking_send(wsi); - } - - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - - lwsl_debug("ERROR writing len %d to skt fd %d err %d / errno %d\n", - len, wsi->desc.sockfd, n, LWS_ERRNO); - - return LWS_SSL_CAPABLE_ERROR; -} - -LWS_VISIBLE int -lws_ssl_pending_no_ssl(struct lws *wsi) -{ - (void)wsi; -#if defined(LWS_WITH_ESP32) - return 100; -#else - return 0; -#endif -} diff --git a/lib/core-net/pollfd.c b/lib/core-net/pollfd.c deleted file mode 100644 index 725861c..0000000 --- a/lib/core-net/pollfd.c +++ /dev/null @@ -1,639 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -_lws_change_pollfd(struct lws *wsi, int _and, int _or, struct lws_pollargs *pa) -{ -#if !defined(LWS_WITH_LIBUV) && !defined(LWS_WITH_LIBEV) && !defined(LWS_WITH_LIBEVENT) - volatile struct lws_context_per_thread *vpt; -#endif - struct lws_context_per_thread *pt; - struct lws_context *context; - int ret = 0, pa_events; - struct lws_pollfd *pfd; - int sampled_tid, tid; - - if (!wsi) - return 0; - - assert(wsi->position_in_fds_table == LWS_NO_FDS_POS || - wsi->position_in_fds_table >= 0); - - if (wsi->position_in_fds_table == LWS_NO_FDS_POS) - return 0; - - if (((volatile struct lws *)wsi)->handling_pollout && - !_and && _or == LWS_POLLOUT) { - /* - * Happening alongside service thread handling POLLOUT. - * The danger is when he is finished, he will disable POLLOUT, - * countermanding what we changed here. - * - * Instead of changing the fds, inform the service thread - * what happened, and ask it to leave POLLOUT active on exit - */ - ((volatile struct lws *)wsi)->leave_pollout_active = 1; - /* - * by definition service thread is not in poll wait, so no need - * to cancel service - */ - - lwsl_debug("%s: using leave_pollout_active\n", __func__); - - return 0; - } - - context = wsi->context; - pt = &context->pt[(int)wsi->tsi]; - - assert(wsi->position_in_fds_table < (int)pt->fds_count); - -#if !defined(LWS_WITH_LIBUV) && \ - !defined(LWS_WITH_LIBEV) && \ - !defined(LWS_WITH_LIBEVENT) - /* - * This only applies when we use the default poll() event loop. - * - * BSD can revert pa->events at any time, when the kernel decides to - * exit from poll(). We can't protect against it using locking. - * - * Therefore we must check first if the service thread is in poll() - * wait; if so, we know we must be being called from a foreign thread, - * and we must keep a strictly ordered list of changes we made instead - * of trying to apply them, since when poll() exits, which may happen - * at any time it would revert our changes. - * - * The plat code will apply them when it leaves the poll() wait - * before doing anything else. - */ - - vpt = (volatile struct lws_context_per_thread *)pt; - - vpt->foreign_spinlock = 1; - lws_memory_barrier(); - - if (vpt->inside_poll) { - struct lws_foreign_thread_pollfd *ftp, **ftp1; - /* - * We are certainly a foreign thread trying to change events - * while the service thread is in the poll() wait. - * - * Create a list of changes to be applied after poll() exit, - * instead of trying to apply them now. - */ - ftp = lws_malloc(sizeof(*ftp), "ftp"); - if (!ftp) { - vpt->foreign_spinlock = 0; - lws_memory_barrier(); - ret = -1; - goto bail; - } - - ftp->_and = _and; - ftp->_or = _or; - ftp->fd_index = wsi->position_in_fds_table; - ftp->next = NULL; - - lws_pt_lock(pt, __func__); - - /* place at END of list to maintain order */ - ftp1 = (struct lws_foreign_thread_pollfd **) - &vpt->foreign_pfd_list; - while (*ftp1) - ftp1 = &((*ftp1)->next); - - *ftp1 = ftp; - vpt->foreign_spinlock = 0; - lws_memory_barrier(); - - lws_pt_unlock(pt); - - lws_cancel_service_pt(wsi); - - return 0; - } - - vpt->foreign_spinlock = 0; - lws_memory_barrier(); -#endif - - pfd = &pt->fds[wsi->position_in_fds_table]; - pa->fd = wsi->desc.sockfd; - lwsl_debug("%s: wsi %p: fd %d events %d -> %d\n", __func__, wsi, - pa->fd, pfd->events, (pfd->events & ~_and) | _or); - pa->prev_events = pfd->events; - pa->events = pfd->events = (pfd->events & ~_and) | _or; - - if (wsi->http2_substream) - return 0; - -#if defined(LWS_WITH_EXTERNAL_POLL) - - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, - LWS_CALLBACK_CHANGE_MODE_POLL_FD, - wsi->user_space, (void *)pa, 0)) { - ret = -1; - goto bail; - } -#endif - - if (context->event_loop_ops->io) { - if (_and & LWS_POLLIN) - context->event_loop_ops->io(wsi, - LWS_EV_STOP | LWS_EV_READ); - - if (_or & LWS_POLLIN) - context->event_loop_ops->io(wsi, - LWS_EV_START | LWS_EV_READ); - - if (_and & LWS_POLLOUT) - context->event_loop_ops->io(wsi, - LWS_EV_STOP | LWS_EV_WRITE); - - if (_or & LWS_POLLOUT) - context->event_loop_ops->io(wsi, - LWS_EV_START | LWS_EV_WRITE); - } - - /* - * if we changed something in this pollfd... - * ... and we're running in a different thread context - * than the service thread... - * ... and the service thread is waiting ... - * then cancel it to force a restart with our changed events - */ - pa_events = pa->prev_events != pa->events; - - if (pa_events) { - if (lws_plat_change_pollfd(context, wsi, pfd)) { - lwsl_info("%s failed\n", __func__); - ret = -1; - goto bail; - } - sampled_tid = pt->service_tid; - if (sampled_tid && wsi->vhost) { - tid = wsi->vhost->protocols[0].callback(wsi, - LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); - if (tid == -1) { - ret = -1; - goto bail; - } - if (tid != sampled_tid) - lws_cancel_service_pt(wsi); - } - } - -bail: - return ret; -} - -#ifndef LWS_NO_SERVER -/* - * Enable or disable listen sockets on this pt globally... - * it's modulated according to the pt having space for a new accept. - */ -static void -lws_accept_modulation(struct lws_context *context, - struct lws_context_per_thread *pt, int allow) -{ - struct lws_vhost *vh = context->vhost_list; - struct lws_pollargs pa1; - - while (vh) { - if (vh->lserv_wsi) { - if (allow) - _lws_change_pollfd(vh->lserv_wsi, - 0, LWS_POLLIN, &pa1); - else - _lws_change_pollfd(vh->lserv_wsi, - LWS_POLLIN, 0, &pa1); - } - vh = vh->vhost_next; - } -} -#endif - -#if defined(_DEBUG) -void -__dump_fds(struct lws_context_per_thread *pt, const char *s) -{ - unsigned int n; - - lwsl_warn("%s: fds_count %u, %s\n", __func__, pt->fds_count, s); - - for (n = 0; n < pt->fds_count; n++) { - struct lws *wsi = wsi_from_fd(pt->context, pt->fds[n].fd); - - lwsl_warn(" %d: fd %d, wsi %p, pos_in_fds: %d\n", - n + 1, pt->fds[n].fd, wsi, - wsi ? wsi->position_in_fds_table : -1); - } -} -#else -#define __dump_fds(x, y) -#endif - -int -__insert_wsi_socket_into_fds(struct lws_context *context, struct lws *wsi) -{ -#if defined(LWS_WITH_EXTERNAL_POLL) - struct lws_pollargs pa = { wsi->desc.sockfd, LWS_POLLIN, 0 }; -#endif - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int ret = 0; - -// __dump_fds(pt, "pre insert"); - - lwsl_debug("%s: %p: tsi=%d, sock=%d, pos-in-fds=%d\n", - __func__, wsi, wsi->tsi, wsi->desc.sockfd, pt->fds_count); - - if ((unsigned int)pt->fds_count >= context->fd_limit_per_thread) { - lwsl_err("Too many fds (%d vs %d)\n", context->max_fds, - context->fd_limit_per_thread ); - return 1; - } - -#if !defined(_WIN32) - if (!wsi->context->max_fds_unrelated_to_ulimit && - wsi->desc.sockfd - lws_plat_socket_offset() >= context->max_fds) { - lwsl_err("Socket fd %d is too high (%d) offset %d\n", - wsi->desc.sockfd, context->max_fds, - lws_plat_socket_offset()); - return 1; - } -#endif - - assert(wsi); - assert(wsi->event_pipe || wsi->vhost); - assert(lws_socket_is_valid(wsi->desc.sockfd)); - -#if defined(LWS_WITH_EXTERNAL_POLL) - - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, - wsi->user_space, (void *) &pa, 1)) - return -1; -#endif - - if (insert_wsi(context, wsi)) - return -1; - pt->count_conns++; - wsi->position_in_fds_table = pt->fds_count; - - pt->fds[wsi->position_in_fds_table].fd = wsi->desc.sockfd; - pt->fds[wsi->position_in_fds_table].events = LWS_POLLIN; -#if defined(LWS_WITH_EXTERNAL_POLL) - pa.events = pt->fds[pt->fds_count].events; -#endif - - lws_plat_insert_socket_into_fds(context, wsi); - -#if defined(LWS_WITH_EXTERNAL_POLL) - - /* external POLL support via protocol 0 */ - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_ADD_POLL_FD, - wsi->user_space, (void *) &pa, 0)) - ret = -1; -#endif -#ifndef LWS_NO_SERVER - /* if no more room, defeat accepts on this thread */ - if ((unsigned int)pt->fds_count == context->fd_limit_per_thread - 1) - lws_accept_modulation(context, pt, 0); -#endif - -#if defined(LWS_WITH_EXTERNAL_POLL) - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, - wsi->user_space, (void *)&pa, 1)) - ret = -1; -#endif - -// __dump_fds(pt, "post insert"); - - return ret; -} - -int -__remove_wsi_socket_from_fds(struct lws *wsi) -{ - struct lws_context *context = wsi->context; -#if defined(LWS_WITH_EXTERNAL_POLL) - struct lws_pollargs pa = { wsi->desc.sockfd, 0, 0 }; -#endif - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws *end_wsi; - int v, m, ret = 0; - -// __dump_fds(pt, "pre remove"); - -#if !defined(_WIN32) - if (!wsi->context->max_fds_unrelated_to_ulimit && - wsi->desc.sockfd - lws_plat_socket_offset() > context->max_fds) { - lwsl_err("fd %d too high (%d)\n", wsi->desc.sockfd, - context->max_fds); - - return 1; - } -#endif -#if defined(LWS_WITH_EXTERNAL_POLL) - if (wsi->vhost && wsi->vhost->protocols && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, - wsi->user_space, (void *)&pa, 1)) - return -1; -#endif - - lws_same_vh_protocol_remove(wsi); - - /* the guy who is to be deleted's slot index in pt->fds */ - m = wsi->position_in_fds_table; - - /* these are the only valid possibilities for position_in_fds_table */ - assert(m == LWS_NO_FDS_POS || (m >= 0 && - (unsigned int)m < pt->fds_count)); - - if (context->event_loop_ops->io) - context->event_loop_ops->io(wsi, - LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE | - LWS_EV_PREPARE_DELETION); -/* - lwsl_notice("%s: wsi=%p, skt=%d, fds pos=%d, end guy pos=%d, endfd=%d\n", - __func__, wsi, wsi->desc.sockfd, wsi->position_in_fds_table, - pt->fds_count, pt->fds[pt->fds_count - 1].fd); */ - - if (m != LWS_NO_FDS_POS) { - char fixup = 0; - - assert(pt->fds_count && (unsigned int)m != pt->fds_count); - - /* deletion guy's lws_lookup entry needs nuking */ - delete_from_fd(context, wsi->desc.sockfd); - - if ((unsigned int)m != pt->fds_count - 1) { - /* have the last guy take up the now vacant slot */ - pt->fds[m] = pt->fds[pt->fds_count - 1]; - fixup = 1; - } - - pt->fds[pt->fds_count - 1].fd = -1; - - /* this decrements pt->fds_count */ - lws_plat_delete_socket_from_fds(context, wsi, m); - pt->count_conns--; - if (fixup) { - v = (int) pt->fds[m].fd; - /* old end guy's "position in fds table" is now the - * deletion guy's old one */ - end_wsi = wsi_from_fd(context, v); - if (!end_wsi) { - lwsl_err("no wsi for fd %d pos %d, " - "pt->fds_count=%d\n", - (int)pt->fds[m].fd, m, pt->fds_count); - assert(0); - } else - end_wsi->position_in_fds_table = m; - } - - /* removed wsi has no position any more */ - wsi->position_in_fds_table = LWS_NO_FDS_POS; - } - -#if defined(LWS_WITH_EXTERNAL_POLL) - /* remove also from external POLL support via protocol 0 */ - if (lws_socket_is_valid(wsi->desc.sockfd) && wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_DEL_POLL_FD, - wsi->user_space, (void *) &pa, 0)) - ret = -1; -#endif - -#ifndef LWS_NO_SERVER - if (!context->being_destroyed && - /* if this made some room, accept connects on this thread */ - (unsigned int)pt->fds_count < context->fd_limit_per_thread - 1) - lws_accept_modulation(context, pt, 1); -#endif - -#if defined(LWS_WITH_EXTERNAL_POLL) - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, - wsi->user_space, (void *) &pa, 1)) - ret = -1; -#endif - -// __dump_fds(pt, "post remove"); - - return ret; -} - -int -__lws_change_pollfd(struct lws *wsi, int _and, int _or) -{ - struct lws_context *context; - struct lws_pollargs pa; - int ret = 0; - - if (!wsi || (!wsi->protocol && !wsi->event_pipe) || - wsi->position_in_fds_table == LWS_NO_FDS_POS) - return 0; - - context = lws_get_context(wsi); - if (!context) - return 1; - -#if defined(LWS_WITH_EXTERNAL_POLL) - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, - wsi->user_space, (void *) &pa, 0)) - return -1; -#endif - - ret = _lws_change_pollfd(wsi, _and, _or, &pa); - -#if defined(LWS_WITH_EXTERNAL_POLL) - if (wsi->vhost && - wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, - wsi->user_space, (void *) &pa, 0)) - ret = -1; -#endif - - return ret; -} - -int -lws_change_pollfd(struct lws *wsi, int _and, int _or) -{ - struct lws_context_per_thread *pt; - int ret = 0; - - pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - ret = __lws_change_pollfd(wsi, _and, _or); - lws_pt_unlock(pt); - - return ret; -} - -LWS_VISIBLE int -lws_callback_on_writable(struct lws *wsi) -{ - struct lws_context_per_thread *pt; - - if (lwsi_state(wsi) == LRS_SHUTDOWN) - return 0; - - if (wsi->socket_is_permanently_unusable) - return 0; - - pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_stats_bump(pt, LWSSTATS_C_WRITEABLE_CB_REQ, 1); -#if defined(LWS_WITH_STATS) - if (!wsi->active_writable_req_us) { - wsi->active_writable_req_us = lws_now_usecs(); - lws_stats_bump(pt, LWSSTATS_C_WRITEABLE_CB_EFF_REQ, 1); - } -#endif - - - if (wsi->role_ops->callback_on_writable) { - if (wsi->role_ops->callback_on_writable(wsi)) - return 1; - wsi = lws_get_network_wsi(wsi); - } - - if (wsi->position_in_fds_table == LWS_NO_FDS_POS) { - lwsl_debug("%s: failed to find socket %d\n", __func__, - wsi->desc.sockfd); - return -1; - } - - if (__lws_change_pollfd(wsi, 0, LWS_POLLOUT)) - return -1; - - return 1; -} - - -/* - * stitch protocol choice into the vh protocol linked list - * We always insert ourselves at the start of the list - * - * X <-> B - * X <-> pAn <-> pB - * - * Illegal to attach more than once without detach inbetween - */ -void -lws_same_vh_protocol_insert(struct lws *wsi, int n) -{ - lws_vhost_lock(wsi->vhost); - - lws_dll2_remove(&wsi->same_vh_protocol); - lws_dll2_add_head(&wsi->same_vh_protocol, - &wsi->vhost->same_vh_protocol_owner[n]); - - wsi->bound_vhost_index = n; - - lws_vhost_unlock(wsi->vhost); -} - -void -__lws_same_vh_protocol_remove(struct lws *wsi) -{ - if (wsi->vhost && wsi->vhost->same_vh_protocol_owner) - lws_dll2_remove(&wsi->same_vh_protocol); -} - -void -lws_same_vh_protocol_remove(struct lws *wsi) -{ - if (!wsi->vhost) - return; - - lws_vhost_lock(wsi->vhost); - - __lws_same_vh_protocol_remove(wsi); - - lws_vhost_unlock(wsi->vhost); -} - - -LWS_VISIBLE int -lws_callback_on_writable_all_protocol_vhost(const struct lws_vhost *vhost, - const struct lws_protocols *protocol) -{ - struct lws *wsi; - int n; - - if (protocol < vhost->protocols || - protocol >= (vhost->protocols + vhost->count_protocols)) { - lwsl_err("%s: protocol %p is not from vhost %p (%p - %p)\n", - __func__, protocol, vhost->protocols, vhost, - (vhost->protocols + vhost->count_protocols)); - - return -1; - } - - n = (int)(protocol - vhost->protocols); - - lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1, - lws_dll2_get_head(&vhost->same_vh_protocol_owner[n])) { - wsi = lws_container_of(d, struct lws, same_vh_protocol); - - assert(wsi->protocol == protocol); - lws_callback_on_writable(wsi); - - } lws_end_foreach_dll_safe(d, d1); - - return 0; -} - -LWS_VISIBLE int -lws_callback_on_writable_all_protocol(const struct lws_context *context, - const struct lws_protocols *protocol) -{ - struct lws_vhost *vhost; - int n; - - if (!context) - return 0; - - vhost = context->vhost_list; - - while (vhost) { - for (n = 0; n < vhost->count_protocols; n++) - if (protocol->callback == - vhost->protocols[n].callback && - !strcmp(protocol->name, vhost->protocols[n].name)) - break; - if (n != vhost->count_protocols) - lws_callback_on_writable_all_protocol_vhost( - vhost, &vhost->protocols[n]); - - vhost = vhost->vhost_next; - } - - return 0; -} diff --git a/lib/core-net/private.h b/lib/core-net/private.h deleted file mode 100644 index 326e6ba..0000000 --- a/lib/core-net/private.h +++ /dev/null @@ -1,1168 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#if !defined(__LWS_CORE_NET_PRIVATE_H__) -#define __LWS_CORE_NET_PRIVATE_H__ - -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112L -#endif - -#include "roles/private.h" - -#ifdef LWS_WITH_IPV6 -#if defined(WIN32) || defined(_WIN32) -#include -#else -#include -#endif -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * All lws_tls...() functions must return this type, converting the - * native backend result and doing the extra work to determine which one - * as needed. - * - * Native TLS backend return codes are NOT ALLOWED outside the backend. - * - * Non-SSL mode also uses these types. - */ -enum lws_ssl_capable_status { - LWS_SSL_CAPABLE_ERROR = -1, /* it failed */ - LWS_SSL_CAPABLE_DONE = 0, /* it succeeded */ - LWS_SSL_CAPABLE_MORE_SERVICE_READ = -2, /* retry WANT_READ */ - LWS_SSL_CAPABLE_MORE_SERVICE_WRITE = -3, /* retry WANT_WRITE */ - LWS_SSL_CAPABLE_MORE_SERVICE = -4, /* general retry */ -}; - - -/* - * - * ------ roles ------ - * - */ - -/* null-terminated array of pointers to roles lws built with */ -extern const struct lws_role_ops *available_roles[]; - -#define LWS_FOR_EVERY_AVAILABLE_ROLE_START(xx) { \ - const struct lws_role_ops **ppxx = available_roles; \ - while (*ppxx) { \ - const struct lws_role_ops *xx = *ppxx++; - -#define LWS_FOR_EVERY_AVAILABLE_ROLE_END }} - -/* - * - * ------ event_loop ops ------ - * - */ - -/* enums of socks version */ -enum socks_version { - SOCKS_VERSION_4 = 4, - SOCKS_VERSION_5 = 5 -}; - -/* enums of subnegotiation version */ -enum socks_subnegotiation_version { - SOCKS_SUBNEGOTIATION_VERSION_1 = 1, -}; - -/* enums of socks commands */ -enum socks_command { - SOCKS_COMMAND_CONNECT = 1, - SOCKS_COMMAND_BIND = 2, - SOCKS_COMMAND_UDP_ASSOCIATE = 3 -}; - -/* enums of socks address type */ -enum socks_atyp { - SOCKS_ATYP_IPV4 = 1, - SOCKS_ATYP_DOMAINNAME = 3, - SOCKS_ATYP_IPV6 = 4 -}; - -/* enums of socks authentication methods */ -enum socks_auth_method { - SOCKS_AUTH_NO_AUTH = 0, - SOCKS_AUTH_GSSAPI = 1, - SOCKS_AUTH_USERNAME_PASSWORD = 2 -}; - -/* enums of subnegotiation status */ -enum socks_subnegotiation_status { - SOCKS_SUBNEGOTIATION_STATUS_SUCCESS = 0, -}; - -/* enums of socks request reply */ -enum socks_request_reply { - SOCKS_REQUEST_REPLY_SUCCESS = 0, - SOCKS_REQUEST_REPLY_FAILURE_GENERAL = 1, - SOCKS_REQUEST_REPLY_CONNECTION_NOT_ALLOWED = 2, - SOCKS_REQUEST_REPLY_NETWORK_UNREACHABLE = 3, - SOCKS_REQUEST_REPLY_HOST_UNREACHABLE = 4, - SOCKS_REQUEST_REPLY_CONNECTION_REFUSED = 5, - SOCKS_REQUEST_REPLY_TTL_EXPIRED = 6, - SOCKS_REQUEST_REPLY_COMMAND_NOT_SUPPORTED = 7, - SOCKS_REQUEST_REPLY_ATYP_NOT_SUPPORTED = 8 -}; - -/* enums used to generate socks messages */ -enum socks_msg_type { - /* greeting */ - SOCKS_MSG_GREETING, - /* credential, user name and password */ - SOCKS_MSG_USERNAME_PASSWORD, - /* connect command */ - SOCKS_MSG_CONNECT -}; - -enum { - LWS_RXFLOW_ALLOW = (1 << 0), - LWS_RXFLOW_PENDING_CHANGE = (1 << 1), -}; - -enum lws_parser_return { - LPR_OK = 0, - LPR_FAIL = -1, - LPR_DO_FALLBACK = 2, - LPR_FORBIDDEN = -2 -}; - -enum pmd_return { - PMDR_UNKNOWN, - PMDR_DID_NOTHING, - PMDR_HAS_PENDING, - PMDR_EMPTY_NONFINAL, - PMDR_EMPTY_FINAL, - - PMDR_FAILED = -1 -}; - -typedef union { -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 sa6; -#endif - struct sockaddr_in sa4; -} sockaddr46; - - -#if defined(LWS_WITH_PEER_LIMITS) -struct lws_peer { - struct lws_peer *next; - struct lws_peer *peer_wait_list; - - time_t time_created; - time_t time_closed_all; - - uint8_t addr[32]; - uint32_t hash; - uint32_t count_wsi; - uint32_t total_wsi; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - struct lws_peer_role_http http; -#endif - - uint8_t af; -}; -#endif - -enum { - LWS_EV_READ = (1 << 0), - LWS_EV_WRITE = (1 << 1), - LWS_EV_START = (1 << 2), - LWS_EV_STOP = (1 << 3), - - LWS_EV_PREPARE_DELETION = (1u << 31), -}; - -#ifdef LWS_WITH_IPV6 -#define LWS_IPV6_ENABLED(vh) \ - (!lws_check_opt(vh->context->options, LWS_SERVER_OPTION_DISABLE_IPV6) && \ - !lws_check_opt(vh->options, LWS_SERVER_OPTION_DISABLE_IPV6)) -#else -#define LWS_IPV6_ENABLED(context) (0) -#endif - -#ifdef LWS_WITH_UNIX_SOCK -#define LWS_UNIX_SOCK_ENABLED(vhost) \ - (vhost->options & LWS_SERVER_OPTION_UNIX_SOCK) -#else -#define LWS_UNIX_SOCK_ENABLED(vhost) (0) -#endif - -enum uri_path_states { - URIPS_IDLE, - URIPS_SEEN_SLASH, - URIPS_SEEN_SLASH_DOT, - URIPS_SEEN_SLASH_DOT_DOT, -}; - -enum uri_esc_states { - URIES_IDLE, - URIES_SEEN_PERCENT, - URIES_SEEN_PERCENT_H1, -}; - - -#ifndef LWS_NO_CLIENT -struct client_info_stash { - char *address; - char *path; - char *host; - char *origin; - char *protocol; - char *method; - char *iface; - char *alpn; - void *opaque_user_data; /* not allocated or freed by lws */ -}; -#endif - -#define lws_wsi_is_udp(___wsi) (!!___wsi->udp) - -#define LWS_H2_FRAME_HEADER_LENGTH 9 - -int -__lws_sul_insert(lws_dll2_owner_t *own, lws_sorted_usec_list_t *sul, - lws_usec_t us); - -lws_usec_t -__lws_sul_service_ripe(lws_dll2_owner_t *own, lws_usec_t usnow); - -struct lws_timed_vh_protocol { - struct lws_timed_vh_protocol *next; - lws_sorted_usec_list_t sul; - const struct lws_protocols *protocol; - struct lws_vhost *vhost; /* only used for pending processing */ - int reason; - int tsi_req; -}; - -/* - * lws_dsh -*/ - -typedef struct lws_dsh_obj_head { - lws_dll2_owner_t owner; - int kind; -} lws_dsh_obj_head_t; - -typedef struct lws_dsh_obj { - lws_dll2_t list; /* must be first */ - lws_dsh_t *dsh; /* invalid when on free list */ - size_t size; /* invalid when on free list */ - size_t asize; -} lws_dsh_obj_t; - -struct lws_dsh { - lws_dll2_t list; - uint8_t *buf; - lws_dsh_obj_head_t *oha; /* array of object heads/kind */ - size_t buffer_size; - size_t locally_in_use; - size_t locally_free; - int count_kinds; - uint8_t being_destroyed; - /* - * Overallocations at create: - * - * - the buffer itself - * - the object heads array - */ -}; - -/* - * so we can have n connections being serviced simultaneously, - * these things need to be isolated per-thread. - */ - -struct lws_context_per_thread { -#if LWS_MAX_SMP > 1 - pthread_mutex_t lock_stats; - struct lws_mutex_refcount mr; - pthread_t self; -#endif - struct lws_dll2_owner dll_buflist_owner; /* guys with pending rxflow */ - struct lws_dll2_owner seq_owner; /* list of lws_sequencer-s */ - - struct lws_dll2_owner pt_sul_owner; - -#if defined (LWS_WITH_SEQUENCER) - lws_sorted_usec_list_t sul_seq_heartbeat; -#endif -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - lws_sorted_usec_list_t sul_ah_lifecheck; -#endif -#if defined(LWS_WITH_TLS) && !defined(LWS_NO_SERVER) - lws_sorted_usec_list_t sul_tls; -#endif -#if defined(LWS_PLAT_UNIX) - lws_sorted_usec_list_t sul_plat; -#endif -#if defined(LWS_WITH_STATS) - uint64_t lws_stats[LWSSTATS_SIZE]; - int updated; - lws_sorted_usec_list_t sul_stats; -#endif -#if defined(LWS_WITH_PEER_LIMITS) - lws_sorted_usec_list_t sul_peer_limits; -#endif - -#if defined(LWS_WITH_TLS) - struct lws_pt_tls tls; -#endif - struct lws *fake_wsi; /* used for callbacks where there's no wsi */ - - struct lws_context *context; - - /* - * usable by anything in the service code, but only if the scope - * does not last longer than the service action (since next service - * of any socket can likewise use it and overwrite) - */ - unsigned char *serv_buf; - - struct lws_pollfd *fds; - volatile struct lws_foreign_thread_pollfd * volatile foreign_pfd_list; -#ifdef _WIN32 - WSAEVENT events; - CRITICAL_SECTION interrupt_lock; -#endif - lws_sockfd_type dummy_pipe_fds[2]; - struct lws *pipe_wsi; - - /* --- role based members --- */ - -#if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_pt_role_ws ws; -#endif -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - struct lws_pt_role_http http; -#endif -#if defined(LWS_ROLE_DBUS) - struct lws_pt_role_dbus dbus; -#endif - - /* --- event library based members --- */ - -#if defined(LWS_WITH_LIBEV) - struct lws_pt_eventlibs_libev ev; -#endif -#if defined(LWS_WITH_LIBUV) - struct lws_pt_eventlibs_libuv uv; -#endif -#if defined(LWS_WITH_LIBEVENT) - struct lws_pt_eventlibs_libevent event; -#endif - -#if defined(LWS_WITH_LIBEV) || defined(LWS_WITH_LIBUV) || \ - defined(LWS_WITH_LIBEVENT) - struct lws_signal_watcher w_sigint; -#endif - - /* --- */ - - unsigned long count_conns; - unsigned int fds_count; - - /* - * set to the Thread ID that's doing the service loop just before entry - * to poll indicates service thread likely idling in poll() - * volatile because other threads may check it as part of processing - * for pollfd event change. - */ - volatile int service_tid; - int service_tid_detected; - - volatile unsigned char inside_poll; - volatile unsigned char foreign_spinlock; - - unsigned char tid; - - unsigned char inside_service:1; - unsigned char event_loop_foreign:1; - unsigned char event_loop_destroy_processing_done:1; -#ifdef _WIN32 - unsigned char interrupt_requested:1; -#endif -}; - -struct lws_conn_stats { - unsigned long long rx, tx; - unsigned long h1_conn, h1_trans, h2_trans, ws_upg, h2_alpn, h2_subs, - h2_upg, rejected; -}; - -/* - * virtual host -related context information - * vhostwide SSL context - * vhostwide proxy - * - * hierarchy: - * - * context -> vhost -> wsi - * - * incoming connection non-SSL vhost binding: - * - * listen socket -> wsi -> select vhost after first headers - * - * incoming connection SSL vhost binding: - * - * SSL SNI -> wsi -> bind after SSL negotiation - */ - - -struct lws_vhost { -#if !defined(LWS_WITHOUT_CLIENT) - char proxy_basic_auth_token[128]; -#endif -#if LWS_MAX_SMP > 1 - pthread_mutex_t lock; - char close_flow_vs_tsi[LWS_MAX_SMP]; -#endif - -#if defined(LWS_ROLE_H2) - struct lws_vhost_role_h2 h2; -#endif -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - struct lws_vhost_role_http http; -#endif -#if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_vhost_role_ws ws; -#endif - -#if defined(LWS_WITH_SOCKS5) - char socks_proxy_address[128]; - char socks_user[96]; - char socks_password[96]; -#endif -#if defined(LWS_WITH_LIBEV) - struct lws_io_watcher w_accept; -#endif - struct lws_conn_stats conn_stats; - struct lws_context *context; - struct lws_vhost *vhost_next; - - struct lws *lserv_wsi; - const char *name; - const char *iface; - const char *listen_accept_role; - const char *listen_accept_protocol; - const char *unix_socket_perms; - - void (*finalize)(struct lws_vhost *vh, void *arg); - void *finalize_arg; - -#if !defined(LWS_WITH_ESP32) && !defined(OPTEE_TA) && !defined(WIN32) - int bind_iface; -#endif - const struct lws_protocols *protocols; - void **protocol_vh_privs; - const struct lws_protocol_vhost_options *pvo; - const struct lws_protocol_vhost_options *headers; - struct lws_dll2_owner *same_vh_protocol_owner; - struct lws_vhost *no_listener_vhost_list; - struct lws_dll2_owner abstract_instances_owner; - -#if !defined(LWS_NO_CLIENT) - struct lws_dll2_owner dll_cli_active_conns_owner; -#endif - -#if defined(LWS_WITH_TLS) - struct lws_vhost_tls tls; -#endif - - struct lws_timed_vh_protocol *timed_vh_protocol_list; - void *user; - - int listen_port; - -#if defined(LWS_WITH_SOCKS5) - unsigned int socks_proxy_port; -#endif - unsigned int options; - int count_protocols; - int ka_time; - int ka_probes; - int ka_interval; - int keepalive_timeout; - int timeout_secs_ah_idle; - - int count_bound_wsi; - -#ifdef LWS_WITH_ACCESS_LOG - int log_fd; -#endif - - unsigned int allocated_vhost_protocols:1; - unsigned int created_vhost_protocols:1; - unsigned int being_destroyed:1; - - unsigned char default_protocol_index; - unsigned char raw_protocol_index; -}; - -void -__lws_vhost_destroy2(struct lws_vhost *vh); - -struct lws { - /* structs */ - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - struct _lws_http_mode_related http; -#endif -#if defined(LWS_ROLE_H2) - struct _lws_h2_related h2; -#endif -#if defined(LWS_ROLE_WS) - struct _lws_websocket_related *ws; /* allocated if we upgrade to ws */ - lws_sorted_usec_list_t sul_ping; -#endif -#if defined(LWS_ROLE_DBUS) - struct _lws_dbus_mode_related dbus; -#endif - - - const struct lws_role_ops *role_ops; - lws_wsi_state_t wsistate; - lws_wsi_state_t wsistate_pre_close; - - /* lifetime members */ - -#if defined(LWS_WITH_LIBEV) || defined(LWS_WITH_LIBUV) || \ - defined(LWS_WITH_LIBEVENT) - struct lws_io_watcher w_read; -#endif -#if defined(LWS_WITH_LIBEV) || defined(LWS_WITH_LIBEVENT) - struct lws_io_watcher w_write; -#endif - - lws_sorted_usec_list_t sul_timeout; - lws_sorted_usec_list_t sul_hrtimer; - - /* pointers */ - - struct lws_context *context; - struct lws_vhost *vhost; - struct lws *parent; /* points to parent, if any */ - struct lws *child_list; /* points to first child */ - struct lws *sibling_list; /* subsequent children at same level */ - - const struct lws_protocols *protocol; - struct lws_dll2 same_vh_protocol; - - lws_seq_t *seq; /* associated sequencer if any */ - - struct lws_dll2 dll_buflist; /* guys with pending rxflow */ - -#if defined(LWS_WITH_THREADPOOL) - struct lws_threadpool_task *tp_task; -#endif - -#if defined(LWS_WITH_PEER_LIMITS) - struct lws_peer *peer; -#endif - - struct lws_udp *udp; -#ifndef LWS_NO_CLIENT - struct client_info_stash *stash; - char *cli_hostname_copy; - struct lws_dll2 dll_cli_active_conns; - struct lws_dll2_owner dll2_cli_txn_queue_owner; - struct lws_dll2 dll2_cli_txn_queue; -#endif - void *user_space; - void *opaque_parent_data; - void *opaque_user_data; - - struct lws_buflist *buflist; /* input-side buflist */ - struct lws_buflist *buflist_out; /* output-side buflist */ - -#if defined(LWS_WITH_TLS) - struct lws_lws_tls tls; -#endif - - lws_sock_file_fd_type desc; /* .filefd / .sockfd */ -#if defined(LWS_WITH_STATS) - uint64_t active_writable_req_us; -#if defined(LWS_WITH_TLS) - uint64_t accept_start_us; -#endif -#endif - -#ifdef LWS_LATENCY - unsigned long action_start; - unsigned long latency_start; -#endif - - /* ints */ -#define LWS_NO_FDS_POS (-1) - int position_in_fds_table; - -#ifndef LWS_NO_CLIENT - int chunk_remaining; -#endif - unsigned int cache_secs; - - unsigned int hdr_parsing_completed:1; - unsigned int http2_substream:1; - unsigned int upgraded_to_http2:1; - unsigned int h2_stream_carries_ws:1; - unsigned int h2_stream_carries_sse:1; - unsigned int seen_nonpseudoheader:1; - unsigned int listener:1; - unsigned int user_space_externally_allocated:1; - unsigned int socket_is_permanently_unusable:1; - unsigned int rxflow_change_to:2; - unsigned int conn_stat_done:1; - unsigned int cache_reuse:1; - unsigned int cache_revalidate:1; - unsigned int cache_intermediaries:1; - unsigned int favoured_pollin:1; - unsigned int sending_chunked:1; - unsigned int interpreting:1; - unsigned int already_did_cce:1; - unsigned int told_user_closed:1; - unsigned int told_event_loop_closed:1; - unsigned int waiting_to_send_close_frame:1; - unsigned int close_needs_ack:1; - unsigned int ipv6:1; - unsigned int parent_pending_cb_on_writable:1; - unsigned int cgi_stdout_zero_length:1; - unsigned int seen_zero_length_recv:1; - unsigned int rxflow_will_be_applied:1; - unsigned int event_pipe:1; - unsigned int handling_404:1; - unsigned int protocol_bind_balance:1; - unsigned int unix_skt:1; - unsigned int close_when_buffered_out_drained:1; - unsigned int h1_ws_proxied; - unsigned int proxied_ws_parent; - - unsigned int could_have_pending:1; /* detect back-to-back writes */ - unsigned int outer_will_close:1; - unsigned int shadow:1; /* we do not control fd lifecycle at all */ - -#ifdef LWS_WITH_ACCESS_LOG - unsigned int access_log_pending:1; -#endif -#ifndef LWS_NO_CLIENT - unsigned int do_ws:1; /* whether we are doing http or ws flow */ - unsigned int chunked:1; /* if the clientside connection is chunked */ - unsigned int client_rx_avail:1; - unsigned int client_http_body_pending:1; - unsigned int transaction_from_pipeline_queue:1; - unsigned int keepalive_active:1; - unsigned int keepalive_rejected:1; - unsigned int client_pipeline:1; - unsigned int client_h2_alpn:1; - unsigned int client_h2_substream:1; -#endif - -#ifdef _WIN32 - unsigned int sock_send_blocking:1; -#endif - -#ifndef LWS_NO_CLIENT - unsigned short ocport, c_port; -#endif - - /* chars */ - - char lws_rx_parse_state; /* enum lws_rx_parse_state */ - char rx_frame_type; /* enum lws_write_protocol */ - char pending_timeout; /* enum pending_timeout */ - char tsi; /* thread service index we belong to */ - char protocol_interpret_idx; - char redirects; - uint8_t rxflow_bitmap; - uint8_t bound_vhost_index; -#ifdef LWS_WITH_CGI - char cgi_channel; /* which of stdin/out/err */ - char hdr_state; -#endif -#ifndef LWS_NO_CLIENT - char chunk_parser; /* enum lws_chunk_parser */ -#endif -#if defined(LWS_WITH_CGI) || !defined(LWS_NO_CLIENT) - char reason_bf; /* internal writeable callback reason bitfield */ -#endif -#if defined(LWS_WITH_STATS) && defined(LWS_WITH_TLS) - char seen_rx; -#endif - uint8_t immortal_substream_count; - /* volatile to make sure code is aware other thread can change */ - volatile char handling_pollout; - volatile char leave_pollout_active; -#if LWS_MAX_SMP > 1 - volatile char undergoing_init_from_other_pt; -#endif - -}; - -#define lws_is_flowcontrolled(w) (!!(wsi->rxflow_bitmap)) - -void -lws_service_do_ripe_rxflow(struct lws_context_per_thread *pt); - -const struct lws_role_ops * -lws_role_by_name(const char *name); - -LWS_EXTERN int -lws_socket_bind(struct lws_vhost *vhost, lws_sockfd_type sockfd, int port, - const char *iface, int ipv6_allowed); - -#if defined(LWS_WITH_IPV6) -LWS_EXTERN unsigned long -lws_get_addr_scope(const char *ipaddr); -#endif - -LWS_EXTERN void -lws_close_free_wsi(struct lws *wsi, enum lws_close_status, const char *caller); -LWS_EXTERN void -__lws_close_free_wsi(struct lws *wsi, enum lws_close_status, const char *caller); - -LWS_EXTERN void -__lws_free_wsi(struct lws *wsi); - -#if LWS_MAX_SMP > 1 - -static LWS_INLINE void -lws_pt_mutex_init(struct lws_context_per_thread *pt) -{ - lws_mutex_refcount_init(&pt->mr); - pthread_mutex_init(&pt->lock_stats, NULL); -} - -static LWS_INLINE void -lws_pt_mutex_destroy(struct lws_context_per_thread *pt) -{ - pthread_mutex_destroy(&pt->lock_stats); - lws_mutex_refcount_destroy(&pt->mr); -} - -#define lws_pt_lock(pt, reason) lws_mutex_refcount_lock(&pt->mr, reason) -#define lws_pt_unlock(pt) lws_mutex_refcount_unlock(&pt->mr) - -static LWS_INLINE void -lws_pt_stats_lock(struct lws_context_per_thread *pt) -{ - pthread_mutex_lock(&pt->lock_stats); -} - -static LWS_INLINE void -lws_pt_stats_unlock(struct lws_context_per_thread *pt) -{ - pthread_mutex_unlock(&pt->lock_stats); -} -#endif - -/* - * EXTENSIONS - */ - -#if defined(LWS_WITHOUT_EXTENSIONS) -#define lws_any_extension_handled(_a, _b, _c, _d) (0) -#define lws_ext_cb_active(_a, _b, _c, _d) (0) -#define lws_ext_cb_all_exts(_a, _b, _c, _d, _e) (0) -#define lws_issue_raw_ext_access lws_issue_raw -#define lws_context_init_extensions(_a, _b) -#endif - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_client_interpret_server_handshake(struct lws *wsi); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ws_rx_sm(struct lws *wsi, char already_processed, unsigned char c); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len); - -LWS_EXTERN void -lws_role_transition(struct lws *wsi, enum lwsi_role role, enum lwsi_state state, - const struct lws_role_ops *ops); - -int -lws_http_to_fallback(struct lws *wsi, unsigned char *buf, size_t len); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -user_callback_handle_rxflow(lws_callback_function, struct lws *wsi, - enum lws_callback_reasons reason, void *user, - void *in, size_t len); - -LWS_EXTERN int -lws_plat_set_nonblocking(int fd); - -LWS_EXTERN int -lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, - int unix_skt); - -LWS_EXTERN int -lws_plat_check_connection_error(struct lws *wsi); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_header_table_attach(struct lws *wsi, int autoservice); - -LWS_EXTERN int -lws_header_table_detach(struct lws *wsi, int autoservice); -LWS_EXTERN int -__lws_header_table_detach(struct lws *wsi, int autoservice); - -LWS_EXTERN void -lws_header_table_reset(struct lws *wsi, int autoservice); - -void -__lws_header_table_reset(struct lws *wsi, int autoservice); - -LWS_EXTERN char * LWS_WARN_UNUSED_RESULT -lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h, const char *s); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ensure_user_space(struct lws *wsi); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_change_pollfd(struct lws *wsi, int _and, int _or); - -#ifndef LWS_NO_SERVER - int _lws_vhost_init_server(const struct lws_context_creation_info *info, - struct lws_vhost *vhost); - LWS_EXTERN struct lws_vhost * - lws_select_vhost(struct lws_context *context, int port, const char *servername); - LWS_EXTERN int LWS_WARN_UNUSED_RESULT - lws_parse_ws(struct lws *wsi, unsigned char **buf, size_t len); - LWS_EXTERN void - lws_server_get_canonical_hostname(struct lws_context *context, - const struct lws_context_creation_info *info); -#else - #define _lws_vhost_init_server(_a, _b) (0) - #define lws_parse_ws(_a, _b, _c) (0) - #define lws_server_get_canonical_hostname(_a, _b) -#endif - -LWS_EXTERN int -__remove_wsi_socket_from_fds(struct lws *wsi); - -enum { - LWSRXFC_ERROR = -1, - LWSRXFC_CACHED = 0, - LWSRXFC_ADDITIONAL = 1, - LWSRXFC_TRIMMED = 2, -}; - - -int -_lws_plat_service_forced_tsi(struct lws_context *context, int tsi); - -LWS_EXTERN int -lws_rxflow_cache(struct lws *wsi, unsigned char *buf, int n, int len); - -LWS_EXTERN int -lws_service_flag_pending(struct lws_context *context, int tsi); - -LWS_EXTERN void -lws_client_stash_destroy(struct lws *wsi); - -static LWS_INLINE int -lws_has_buffered_out(struct lws *wsi) { return !!wsi->buflist_out; } - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ws_client_rx_sm(struct lws *wsi, unsigned char c); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_parse(struct lws *wsi, unsigned char *buf, int *len); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_parse_urldecode(struct lws *wsi, uint8_t *_c); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_http_action(struct lws *wsi); - -LWS_EXTERN void -__lws_close_free_wsi_final(struct lws *wsi); -LWS_EXTERN void -lws_libuv_closehandle(struct lws *wsi); -LWS_EXTERN int -lws_libuv_check_watcher_active(struct lws *wsi); - -LWS_VISIBLE LWS_EXTERN int -lws_plat_plugins_init(struct lws_context * context, const char * const *d); - -LWS_VISIBLE LWS_EXTERN int -lws_plat_plugins_destroy(struct lws_context * context); - -LWS_EXTERN void -lws_restart_ws_ping_pong_timer(struct lws *wsi); - -struct lws * -lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd); - -void -lws_vhost_bind_wsi(struct lws_vhost *vh, struct lws *wsi); -void -lws_vhost_unbind_wsi(struct lws *wsi); - -void -__lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs); -int -__lws_change_pollfd(struct lws *wsi, int _and, int _or); - - -int -lws_callback_as_writeable(struct lws *wsi); - -int -lws_role_call_client_bind(struct lws *wsi, - const struct lws_client_connect_info *i); -void -lws_remove_child_from_any_parent(struct lws *wsi); - -char * -lws_generate_client_ws_handshake(struct lws *wsi, char *p, const char *conn1); -int -lws_client_ws_upgrade(struct lws *wsi, const char **cce); -int -lws_create_client_ws_object(const struct lws_client_connect_info *i, - struct lws *wsi); -int -lws_alpn_comma_to_openssl(const char *comma, uint8_t *os, int len); -int -lws_role_call_alpn_negotiated(struct lws *wsi, const char *alpn); -int -lws_tls_server_conn_alpn(struct lws *wsi); - -int -lws_ws_client_rx_sm_block(struct lws *wsi, unsigned char **buf, size_t len); -void -lws_destroy_event_pipe(struct lws *wsi); - -/* socks */ -int -socks_generate_msg(struct lws *wsi, enum socks_msg_type type, ssize_t *msg_len); - - -void -lws_sum_stats(const struct lws_context *ctx, struct lws_conn_stats *cs); - -LWS_EXTERN int -__lws_timed_callback_remove(struct lws_vhost *vh, struct lws_timed_vh_protocol *p); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -__insert_wsi_socket_into_fds(struct lws_context *context, struct lws *wsi); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_issue_raw(struct lws *wsi, unsigned char *buf, size_t len); - -LWS_EXTERN lws_usec_t -__lws_seq_timeout_check(struct lws_context_per_thread *pt, lws_usec_t usnow); - -LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT -lws_client_connect_2(struct lws *wsi); - -LWS_VISIBLE struct lws * LWS_WARN_UNUSED_RESULT -lws_client_reset(struct lws **wsi, int ssl, const char *address, int port, - const char *path, const char *host); - -LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT -lws_create_new_server_wsi(struct lws_vhost *vhost, int fixed_tsi); - -LWS_EXTERN char * LWS_WARN_UNUSED_RESULT -lws_generate_client_handshake(struct lws *wsi, char *pkt); - -LWS_EXTERN int -lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd); - -LWS_EXTERN struct lws * -lws_http_client_connect_via_info2(struct lws *wsi); - - -#ifndef LWS_NO_CLIENT -LWS_EXTERN int lws_client_socket_service(struct lws *wsi, - struct lws_pollfd *pollfd, - struct lws *wsi_conn); -LWS_EXTERN struct lws * -lws_client_wsi_effective(struct lws *wsi); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_http_transaction_completed_client(struct lws *wsi); -#if !defined(LWS_WITH_TLS) - #define lws_context_init_client_ssl(_a, _b) (0) -#endif -LWS_EXTERN void -lws_decode_ssl_error(void); -#else -#define lws_context_init_client_ssl(_a, _b) (0) -#endif - -LWS_EXTERN int -__lws_rx_flow_control(struct lws *wsi); - -LWS_EXTERN int -_lws_change_pollfd(struct lws *wsi, int _and, int _or, struct lws_pollargs *pa); - -#ifndef LWS_NO_SERVER -LWS_EXTERN int -lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len); -#else -#define lws_server_socket_service(_b, _c) (0) -#define lws_handshake_server(_a, _b, _c) (0) -#endif - -#ifdef LWS_WITH_ACCESS_LOG -LWS_EXTERN int -lws_access_log(struct lws *wsi); -LWS_EXTERN void -lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int len, int meth); -#else -#define lws_access_log(_a) -#endif - -LWS_EXTERN int -lws_cgi_kill_terminated(struct lws_context_per_thread *pt); - -LWS_EXTERN void -lws_cgi_remove_and_kill(struct lws *wsi); - -LWS_EXTERN void -lws_plat_delete_socket_from_fds(struct lws_context *context, - struct lws *wsi, int m); -LWS_EXTERN void -lws_plat_insert_socket_into_fds(struct lws_context *context, - struct lws *wsi); - -LWS_EXTERN int -lws_plat_change_pollfd(struct lws_context *context, struct lws *wsi, - struct lws_pollfd *pfd); - - -int -lws_plat_pipe_create(struct lws *wsi); -int -lws_plat_pipe_signal(struct lws *wsi); -void -lws_plat_pipe_close(struct lws *wsi); - -LWS_EXTERN void -lws_add_wsi_to_draining_ext_list(struct lws *wsi); -LWS_EXTERN void -lws_remove_wsi_from_draining_ext_list(struct lws *wsi); -LWS_EXTERN int -lws_poll_listen_fd(struct lws_pollfd *fd); -LWS_EXTERN int -lws_plat_service(struct lws_context *context, int timeout_ms); -LWS_EXTERN LWS_VISIBLE int -_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi); - -LWS_EXTERN int -lws_pthread_self_to_tsi(struct lws_context *context); -LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT -lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_plat_inet_pton(int af, const char *src, void *dst); - -LWS_EXTERN void -lws_same_vh_protocol_remove(struct lws *wsi); -LWS_EXTERN void -__lws_same_vh_protocol_remove(struct lws *wsi); -LWS_EXTERN void -lws_same_vh_protocol_insert(struct lws *wsi, int n); - -void -lws_seq_destroy_all_on_pt(struct lws_context_per_thread *pt); - -LWS_EXTERN int -lws_broadcast(struct lws_context_per_thread *pt, int reason, void *in, size_t len); - -#if defined(LWS_WITH_STATS) - void - lws_stats_bump(struct lws_context_per_thread *pt, int i, uint64_t bump); - void - lws_stats_max(struct lws_context_per_thread *pt, int index, uint64_t val); -#else - static LWS_INLINE uint64_t lws_stats_bump( - struct lws_context_per_thread *pt, int index, uint64_t bump) { - (void)pt; (void)index; (void)bump; return 0; } - static LWS_INLINE uint64_t lws_stats_max( - struct lws_context_per_thread *pt, int index, uint64_t val) { - (void)pt; (void)index; (void)val; return 0; } -#endif - - - -#if defined(LWS_WITH_PEER_LIMITS) -void -lws_peer_track_wsi_close(struct lws_context *context, struct lws_peer *peer); -int -lws_peer_confirm_ah_attach_ok(struct lws_context *context, - struct lws_peer *peer); -void -lws_peer_track_ah_detach(struct lws_context *context, struct lws_peer *peer); -void -lws_peer_cull_peer_wait_list(struct lws_context *context); -struct lws_peer * -lws_get_or_create_peer(struct lws_vhost *vhost, lws_sockfd_type sockfd); -void -lws_peer_add_wsi(struct lws_context *context, struct lws_peer *peer, - struct lws *wsi); -void -lws_peer_dump_from_wsi(struct lws *wsi); -#endif - -#ifdef LWS_WITH_HUBBUB -hubbub_error -html_parser_cb(const hubbub_token *token, void *pw); -#endif - -int -lws_threadpool_tsi_context(struct lws_context *context, int tsi); - -void -__lws_wsi_remove_from_sul(struct lws *wsi); - -int -lws_seq_pt_init(struct lws_context_per_thread *pt); - -int -lws_buflist_aware_read(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_tokens *ebuf); -int -lws_buflist_aware_consume(struct lws *wsi, struct lws_tokens *ebuf, int used, - int buffered); - -extern const struct lws_protocols protocol_abs_client_raw_skt, - protocol_abs_client_unit_test; - -void -lws_inform_client_conn_fail(struct lws *wsi, void *arg, size_t len); - -#ifdef __cplusplus -}; -#endif - -#endif diff --git a/lib/core-net/sequencer.c b/lib/core-net/sequencer.c deleted file mode 100644 index 3ddf009..0000000 --- a/lib/core-net/sequencer.c +++ /dev/null @@ -1,327 +0,0 @@ -/* - * libwebsockets - lib/core-net/sequencer.c - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * per pending event - */ -typedef struct lws_seq_event { - struct lws_dll2 seq_event_list; - - void *data; - void *aux; - lws_seq_events_t e; -} lws_seq_event_t; - -/* - * per sequencer - */ -struct lws_sequencer { - struct lws_dll2 seq_list; - - lws_sorted_usec_list_t sul_timeout; - lws_sorted_usec_list_t sul_pending; - - struct lws_dll2_owner seq_event_owner; - struct lws_context_per_thread *pt; - lws_seq_event_cb cb; - const char *name; - const lws_retry_bo_t *retry; - - lws_usec_t time_created; - lws_usec_t timeout; /* 0 or time we timeout */ - - char going_down; -}; - -#define QUEUE_SANITY_LIMIT 10 - -static void -lws_sul_seq_heartbeat_cb(lws_sorted_usec_list_t *sul) -{ - struct lws_context_per_thread *pt = lws_container_of(sul, - struct lws_context_per_thread, sul_seq_heartbeat); - - /* send every sequencer a heartbeat message... it can ignore it */ - - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - lws_dll2_get_head(&pt->seq_owner)) { - lws_seq_t *s = lws_container_of(p, lws_seq_t, seq_list); - - /* queue the message to inform the sequencer */ - lws_seq_queue_event(s, LWSSEQ_HEARTBEAT, NULL, NULL); - - } lws_end_foreach_dll_safe(p, tp); - - /* schedule the next one */ - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_seq_heartbeat, - LWS_US_PER_SEC); -} - -int -lws_seq_pt_init(struct lws_context_per_thread *pt) -{ - pt->sul_seq_heartbeat.cb = lws_sul_seq_heartbeat_cb; - - /* schedule the first heartbeat */ - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_seq_heartbeat, - LWS_US_PER_SEC); - - return 0; -} - -lws_seq_t * -lws_seq_create(lws_seq_info_t *i) -{ - struct lws_context_per_thread *pt = &i->context->pt[i->tsi]; - lws_seq_t *seq = lws_zalloc(sizeof(*seq) + i->user_size, __func__); - - if (!seq) - return NULL; - - seq->cb = i->cb; - seq->pt = pt; - seq->name = i->name; - seq->retry = i->retry; - - *i->puser = (void *)&seq[1]; - - /* add the sequencer to the pt */ - - lws_pt_lock(pt, __func__); /* ---------------------------------- pt { */ - - lws_dll2_add_tail(&seq->seq_list, &pt->seq_owner); - - lws_pt_unlock(pt); /* } pt ------------------------------------------ */ - - seq->time_created = lws_now_usecs(); - - /* try to queue the creation cb */ - - if (lws_seq_queue_event(seq, LWSSEQ_CREATED, NULL, NULL)) { - lws_dll2_remove(&seq->seq_list); - lws_free(seq); - - return NULL; - } - - return seq; -} - -static int -seq_ev_destroy(struct lws_dll2 *d, void *user) -{ - lws_seq_event_t *seqe = lws_container_of(d, lws_seq_event_t, - seq_event_list); - - lws_dll2_remove(&seqe->seq_event_list); - lws_free(seqe); - - return 0; -} - -void -lws_seq_destroy(lws_seq_t **pseq) -{ - lws_seq_t *seq = *pseq; - - /* defeat another thread racing to add events while we are destroying */ - seq->going_down = 1; - - seq->cb(seq, (void *)&seq[1], LWSSEQ_DESTROYED, NULL, NULL); - - lws_pt_lock(seq->pt, __func__); /* -------------------------- pt { */ - - lws_dll2_remove(&seq->seq_list); - lws_dll2_remove(&seq->sul_timeout.list); - lws_dll2_remove(&seq->sul_pending.list); - /* remove and destroy any pending events */ - lws_dll2_foreach_safe(&seq->seq_event_owner, NULL, seq_ev_destroy); - - lws_pt_unlock(seq->pt); /* } pt ---------------------------------- */ - - - lws_free_set_NULL(seq); -} - -void -lws_seq_destroy_all_on_pt(struct lws_context_per_thread *pt) -{ - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - pt->seq_owner.head) { - lws_seq_t *s = lws_container_of(p, lws_seq_t, - seq_list); - - lws_seq_destroy(&s); - - } lws_end_foreach_dll_safe(p, tp); -} - -static void -lws_seq_sul_pending_cb(lws_sorted_usec_list_t *sul) -{ - lws_seq_t *seq = lws_container_of(sul, lws_seq_t, sul_pending); - lws_seq_event_t *seqe; - struct lws_dll2 *dh; - int n; - - if (!seq->seq_event_owner.count) - return; - - /* events are only added at tail, so no race possible yet... */ - - dh = lws_dll2_get_head(&seq->seq_event_owner); - seqe = lws_container_of(dh, lws_seq_event_t, seq_event_list); - - n = seq->cb(seq, (void *)&seq[1], seqe->e, seqe->data, seqe->aux); - - /* ... have to lock here though, because we will change the list */ - - lws_pt_lock(seq->pt, __func__); /* ----------------------------- pt { */ - - /* detach event from sequencer event list and free it */ - lws_dll2_remove(&seqe->seq_event_list); - lws_free(seqe); - lws_pt_unlock(seq->pt); /* } pt ------------------------------------- */ - - if (n) { - lwsl_info("%s: destroying seq '%s' by request\n", __func__, - seq->name); - lws_seq_destroy(&seq); - } -} - -int -lws_seq_queue_event(lws_seq_t *seq, lws_seq_events_t e, void *data, void *aux) -{ - lws_seq_event_t *seqe; - - if (!seq || seq->going_down) - return 1; - - seqe = lws_zalloc(sizeof(*seqe), __func__); - if (!seqe) - return 1; - - seqe->e = e; - seqe->data = data; - seqe->aux = aux; - - // lwsl_notice("%s: seq %s: event %d\n", __func__, seq->name, e); - - lws_pt_lock(seq->pt, __func__); /* ----------------------------- pt { */ - - if (seq->seq_event_owner.count > QUEUE_SANITY_LIMIT) { - lwsl_err("%s: more than %d events queued\n", __func__, - QUEUE_SANITY_LIMIT); - } - - lws_dll2_add_tail(&seqe->seq_event_list, &seq->seq_event_owner); - - seq->sul_pending.cb = lws_seq_sul_pending_cb; - __lws_sul_insert(&seq->pt->pt_sul_owner, &seq->sul_pending, 1); - - lws_pt_unlock(seq->pt); /* } pt ------------------------------------- */ - - return 0; -} - -/* - * Check if wsi still extant, by peeking in the message queue for a - * LWSSEQ_WSI_CONN_CLOSE message about wsi. (Doesn't need to do the same for - * CONN_FAIL since that will never have produced any messages prior to that). - * - * Use this to avoid trying to perform operations on wsi that have already - * closed but we didn't get to that message yet. - * - * Returns 0 if not closed yet or 1 if it has closed but we didn't process the - * close message yet. - */ - -int -lws_seq_check_wsi(lws_seq_t *seq, struct lws *wsi) -{ - lws_seq_event_t *seqe; - struct lws_dll2 *dh; - - lws_pt_lock(seq->pt, __func__); /* ----------------------------- pt { */ - - dh = lws_dll2_get_head(&seq->seq_event_owner); - while (dh) { - seqe = lws_container_of(dh, lws_seq_event_t, seq_event_list); - - if (seqe->e == LWSSEQ_WSI_CONN_CLOSE && seqe->data == wsi) - break; - - dh = dh->next; - } - - lws_pt_unlock(seq->pt); /* } pt ------------------------------------- */ - - return !!dh; -} - - -static void -lws_seq_sul_timeout_cb(lws_sorted_usec_list_t *sul) -{ - lws_seq_t *s = lws_container_of(sul, lws_seq_t, sul_timeout); - - lws_seq_queue_event(s, LWSSEQ_TIMED_OUT, NULL, NULL); -} - -/* set us to LWS_SET_TIMER_USEC_CANCEL to remove timeout */ - -int -lws_seq_timeout_us(lws_seq_t *seq, lws_usec_t us) -{ - seq->sul_timeout.cb = lws_seq_sul_timeout_cb; - /* list is always at the very top of the sul */ - return __lws_sul_insert(&seq->pt->pt_sul_owner, - (lws_sorted_usec_list_t *)&seq->sul_timeout.list, us); -} - -lws_seq_t * -lws_seq_from_user(void *u) -{ - return &((lws_seq_t *)u)[-1]; -} - -const char * -lws_seq_name(lws_seq_t *seq) -{ - return seq->name; -} - -lws_usec_t -lws_seq_us_since_creation(lws_seq_t *seq) -{ - return lws_now_usecs() - seq->time_created; -} - -struct lws_context * -lws_seq_get_context(lws_seq_t *seq) -{ - return seq->pt->context; -} - diff --git a/lib/core-net/server.c b/lib/core-net/server.c deleted file mode 100644 index e64c034..0000000 --- a/lib/core-net/server.c +++ /dev/null @@ -1,315 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#if defined(LWS_WITH_SERVER_STATUS) - -void -lws_sum_stats(const struct lws_context *ctx, struct lws_conn_stats *cs) -{ - const struct lws_vhost *vh = ctx->vhost_list; - - while (vh) { - - cs->rx += vh->conn_stats.rx; - cs->tx += vh->conn_stats.tx; - cs->h1_conn += vh->conn_stats.h1_conn; - cs->h1_trans += vh->conn_stats.h1_trans; - cs->h2_trans += vh->conn_stats.h2_trans; - cs->ws_upg += vh->conn_stats.ws_upg; - cs->h2_upg += vh->conn_stats.h2_upg; - cs->h2_alpn += vh->conn_stats.h2_alpn; - cs->h2_subs += vh->conn_stats.h2_subs; - cs->rejected += vh->conn_stats.rejected; - - vh = vh->vhost_next; - } -} - -LWS_EXTERN int -lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len) -{ -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - static const char * const prots[] = { - "http://", - "https://", - "file://", - "cgi://", - ">http://", - ">https://", - "callback://" - }; -#endif - char *orig = buf, *end = buf + len - 1, first = 1; - int n = 0; - - if (len < 100) - return 0; - - buf += lws_snprintf(buf, end - buf, - "{\n \"name\":\"%s\",\n" - " \"port\":\"%d\",\n" - " \"use_ssl\":\"%d\",\n" - " \"sts\":\"%d\",\n" - " \"rx\":\"%llu\",\n" - " \"tx\":\"%llu\",\n" - " \"h1_conn\":\"%lu\",\n" - " \"h1_trans\":\"%lu\",\n" - " \"h2_trans\":\"%lu\",\n" - " \"ws_upg\":\"%lu\",\n" - " \"rejected\":\"%lu\",\n" - " \"h2_upg\":\"%lu\",\n" - " \"h2_alpn\":\"%lu\",\n" - " \"h2_subs\":\"%lu\"" - , - vh->name, vh->listen_port, -#if defined(LWS_WITH_TLS) - vh->tls.use_ssl & LCCSCF_USE_SSL, -#else - 0, -#endif - !!(vh->options & LWS_SERVER_OPTION_STS), - vh->conn_stats.rx, vh->conn_stats.tx, - vh->conn_stats.h1_conn, - vh->conn_stats.h1_trans, - vh->conn_stats.h2_trans, - vh->conn_stats.ws_upg, - vh->conn_stats.rejected, - vh->conn_stats.h2_upg, - vh->conn_stats.h2_alpn, - vh->conn_stats.h2_subs - ); -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (vh->http.mount_list) { - const struct lws_http_mount *m = vh->http.mount_list; - - buf += lws_snprintf(buf, end - buf, ",\n \"mounts\":["); - while (m) { - if (!first) - buf += lws_snprintf(buf, end - buf, ","); - buf += lws_snprintf(buf, end - buf, - "\n {\n \"mountpoint\":\"%s\",\n" - " \"origin\":\"%s%s\",\n" - " \"cache_max_age\":\"%d\",\n" - " \"cache_reuse\":\"%d\",\n" - " \"cache_revalidate\":\"%d\",\n" - " \"cache_intermediaries\":\"%d\"\n" - , - m->mountpoint, - prots[m->origin_protocol], - m->origin, - m->cache_max_age, - m->cache_reusable, - m->cache_revalidate, - m->cache_intermediaries); - if (m->def) - buf += lws_snprintf(buf, end - buf, - ",\n \"default\":\"%s\"", - m->def); - buf += lws_snprintf(buf, end - buf, "\n }"); - first = 0; - m = m->mount_next; - } - buf += lws_snprintf(buf, end - buf, "\n ]"); - } -#endif - if (vh->protocols) { - n = 0; - first = 1; - - buf += lws_snprintf(buf, end - buf, ",\n \"ws-protocols\":["); - while (n < vh->count_protocols) { - if (!first) - buf += lws_snprintf(buf, end - buf, ","); - buf += lws_snprintf(buf, end - buf, - "\n {\n \"%s\":{\n" - " \"status\":\"ok\"\n }\n }" - , - vh->protocols[n].name); - first = 0; - n++; - } - buf += lws_snprintf(buf, end - buf, "\n ]"); - } - - buf += lws_snprintf(buf, end - buf, "\n}"); - - return buf - orig; -} - - -LWS_EXTERN LWS_VISIBLE int -lws_json_dump_context(const struct lws_context *context, char *buf, int len, - int hide_vhosts) -{ - char *orig = buf, *end = buf + len - 1, first = 1; - const struct lws_vhost *vh = context->vhost_list; - const struct lws_context_per_thread *pt; - int n, listening = 0, cgi_count = 0, fd; - struct lws_conn_stats cs; - double d = 0; -#ifdef LWS_WITH_CGI - struct lws_cgi * const *pcgi; -#endif - -#ifdef LWS_WITH_LIBUV - uv_uptime(&d); -#endif - - buf += lws_snprintf(buf, end - buf, "{ " - "\"version\":\"%s\",\n" - "\"uptime\":\"%ld\",\n", - lws_get_library_version(), - (long)d); - -#ifdef LWS_HAVE_GETLOADAVG - { - double d[3]; - int m; - - m = getloadavg(d, 3); - for (n = 0; n < m; n++) { - buf += lws_snprintf(buf, end - buf, - "\"l%d\":\"%.2f\",\n", - n + 1, d[n]); - } - } -#endif - - fd = lws_open("/proc/self/statm", LWS_O_RDONLY); - if (fd >= 0) { - char contents[96], pure[96]; - n = read(fd, contents, sizeof(contents) - 1); - if (n > 0) { - contents[n] = '\0'; - if (contents[n - 1] == '\n') - contents[--n] = '\0'; - lws_json_purify(pure, contents, sizeof(pure)); - - buf += lws_snprintf(buf, end - buf, - "\"statm\": \"%s\",\n", pure); - } - close(fd); - } - - buf += lws_snprintf(buf, end - buf, "\"heap\":%lld,\n\"contexts\":[\n", - (long long)lws_get_allocated_heap()); - - buf += lws_snprintf(buf, end - buf, "{ " - "\"context_uptime\":\"%llu\",\n" - "\"cgi_spawned\":\"%d\",\n" - "\"pt_fd_max\":\"%d\",\n" - "\"ah_pool_max\":\"%d\",\n" - "\"deprecated\":\"%d\",\n" - "\"wsi_alive\":\"%d\",\n", - (unsigned long long)(lws_now_usecs() - context->time_up), - context->count_cgi_spawned, - context->fd_limit_per_thread, - context->max_http_header_pool, - context->deprecated, - context->count_wsi_allocated); - - buf += lws_snprintf(buf, end - buf, "\"pt\":[\n "); - for (n = 0; n < context->count_threads; n++) { - pt = &context->pt[n]; - if (n) - buf += lws_snprintf(buf, end - buf, ","); - buf += lws_snprintf(buf, end - buf, - "\n {\n" - " \"fds_count\":\"%d\",\n" - " \"ah_pool_inuse\":\"%d\",\n" - " \"ah_wait_list\":\"%d\"\n" - " }", - pt->fds_count, - pt->http.ah_count_in_use, - pt->http.ah_wait_list_length); - } - - buf += lws_snprintf(buf, end - buf, "]"); - - buf += lws_snprintf(buf, end - buf, ", \"vhosts\":[\n "); - - first = 1; - vh = context->vhost_list; - listening = 0; - cs = context->conn_stats; - lws_sum_stats(context, &cs); - while (vh) { - - if (!hide_vhosts) { - if (!first) - if(buf != end) - *buf++ = ','; - buf += lws_json_dump_vhost(vh, buf, end - buf); - first = 0; - } - if (vh->lserv_wsi) - listening++; - vh = vh->vhost_next; - } - - buf += lws_snprintf(buf, end - buf, - "],\n\"listen_wsi\":\"%d\",\n" - " \"rx\":\"%llu\",\n" - " \"tx\":\"%llu\",\n" - " \"h1_conn\":\"%lu\",\n" - " \"h1_trans\":\"%lu\",\n" - " \"h2_trans\":\"%lu\",\n" - " \"ws_upg\":\"%lu\",\n" - " \"rejected\":\"%lu\",\n" - " \"h2_alpn\":\"%lu\",\n" - " \"h2_subs\":\"%lu\",\n" - " \"h2_upg\":\"%lu\"", - listening, cs.rx, cs.tx, - cs.h1_conn, - cs.h1_trans, - cs.h2_trans, - cs.ws_upg, - cs.rejected, - cs.h2_alpn, - cs.h2_subs, - cs.h2_upg); - -#ifdef LWS_WITH_CGI - for (n = 0; n < context->count_threads; n++) { - pt = &context->pt[n]; - pcgi = &pt->http.cgi_list; - - while (*pcgi) { - pcgi = &(*pcgi)->cgi_list; - - cgi_count++; - } - } -#endif - buf += lws_snprintf(buf, end - buf, ",\n \"cgi_alive\":\"%d\"\n ", - cgi_count); - - buf += lws_snprintf(buf, end - buf, "}"); - - - buf += lws_snprintf(buf, end - buf, "]}\n "); - - return buf - orig; -} - -#endif diff --git a/lib/core-net/service.c b/lib/core-net/service.c deleted file mode 100644 index 05c14e9..0000000 --- a/lib/core-net/service.c +++ /dev/null @@ -1,708 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_callback_as_writeable(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int n, m; - - lws_stats_bump(pt, LWSSTATS_C_WRITEABLE_CB, 1); -#if defined(LWS_WITH_STATS) - if (wsi->active_writable_req_us) { - uint64_t ul = lws_now_usecs() - - wsi->active_writable_req_us; - - lws_stats_bump(pt, LWSSTATS_US_WRITABLE_DELAY_AVG, ul); - lws_stats_max(pt, LWSSTATS_US_WORST_WRITABLE_DELAY, ul); - wsi->active_writable_req_us = 0; - } -#endif - - n = wsi->role_ops->writeable_cb[lwsi_role_server(wsi)]; - - m = user_callback_handle_rxflow(wsi->protocol->callback, - wsi, (enum lws_callback_reasons) n, - wsi->user_space, NULL, 0); - - return m; -} - -LWS_VISIBLE int -lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd) -{ - volatile struct lws *vwsi = (volatile struct lws *)wsi; - int n; - - // lwsl_notice("%s: %p\n", __func__, wsi); - - vwsi->leave_pollout_active = 0; - vwsi->handling_pollout = 1; - /* - * if another thread wants POLLOUT on us, from here on while - * handling_pollout is set, he will only set leave_pollout_active. - * If we are going to disable POLLOUT, we will check that first. - */ - wsi->could_have_pending = 0; /* clear back-to-back write detection */ - - /* - * user callback is lowest priority to get these notifications - * actually, since other pending things cannot be disordered - * - * Priority 1: pending truncated sends are incomplete ws fragments - * If anything else sent first the protocol would be - * corrupted. - * - * These are post- any compression transform - */ - - if (lws_has_buffered_out(wsi)) { - //lwsl_notice("%s: completing partial\n", __func__); - if (lws_issue_raw(wsi, NULL, 0) < 0) { - lwsl_info("%s signalling to close\n", __func__); - goto bail_die; - } - /* leave POLLOUT active either way */ - goto bail_ok; - } else - if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE) { - wsi->socket_is_permanently_unusable = 1; - goto bail_die; /* retry closing now */ - } - - /* Priority 2: pre- compression transform */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more) { - enum lws_write_protocol wp = LWS_WRITE_HTTP; - - lwsl_info("%s: completing comp partial (buflist_comp %p, may %d)\n", - __func__, wsi->http.comp_ctx.buflist_comp, - wsi->http.comp_ctx.may_have_more - ); - - if (wsi->role_ops->write_role_protocol(wsi, NULL, 0, &wp) < 0) { - lwsl_info("%s signalling to close\n", __func__); - goto bail_die; - } - lws_callback_on_writable(wsi); - - goto bail_ok; - } -#endif - -#ifdef LWS_WITH_CGI - /* - * A cgi master's wire protocol remains h1 or h2. He is just getting - * his data from his child cgis. - */ - if (wsi->http.cgi) { - /* also one shot */ - if (pollfd) - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_info("failed at set pollfd\n"); - return 1; - } - goto user_service_go_again; - } -#endif - - /* if we got here, we should have wire protocol ops set on the wsi */ - assert(wsi->role_ops); - - if (!wsi->role_ops->handle_POLLOUT) - goto bail_ok; - - switch ((wsi->role_ops->handle_POLLOUT)(wsi)) { - case LWS_HP_RET_BAIL_OK: - goto bail_ok; - case LWS_HP_RET_BAIL_DIE: - goto bail_die; - case LWS_HP_RET_USER_SERVICE: - break; - default: - assert(0); - } - - /* one shot */ - - if (pollfd) { - int eff = vwsi->leave_pollout_active; - - if (!eff) { - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_info("failed at set pollfd\n"); - goto bail_die; - } - } - - vwsi->handling_pollout = 0; - - /* cannot get leave_pollout_active set after the above */ - if (!eff && wsi->leave_pollout_active) { - /* - * got set inbetween sampling eff and clearing - * handling_pollout, force POLLOUT on - */ - lwsl_debug("leave_pollout_active\n"); - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { - lwsl_info("failed at set pollfd\n"); - goto bail_die; - } - } - - vwsi->leave_pollout_active = 0; - } - - if (lwsi_role_client(wsi) && !wsi->hdr_parsing_completed && - lwsi_state(wsi) != LRS_H2_WAITING_TO_SEND_HEADERS && - lwsi_state(wsi) != LRS_ISSUE_HTTP_BODY) - goto bail_ok; - - -#ifdef LWS_WITH_CGI -user_service_go_again: -#endif - - if (wsi->role_ops->perform_user_POLLOUT) { - if (wsi->role_ops->perform_user_POLLOUT(wsi) == -1) - goto bail_die; - else - goto bail_ok; - } - - lwsl_debug("%s: %p: non mux: wsistate 0x%lx, ops %s\n", __func__, wsi, - (unsigned long)wsi->wsistate, wsi->role_ops->name); - - vwsi = (volatile struct lws *)wsi; - vwsi->leave_pollout_active = 0; - - n = lws_callback_as_writeable(wsi); - vwsi->handling_pollout = 0; - - if (vwsi->leave_pollout_active) - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) - goto bail_die; - - return n; - - /* - * since these don't disable the POLLOUT, they are always doing the - * right thing for leave_pollout_active whether it was set or not. - */ - -bail_ok: - vwsi->handling_pollout = 0; - vwsi->leave_pollout_active = 0; - - return 0; - -bail_die: - vwsi->handling_pollout = 0; - vwsi->leave_pollout_active = 0; - - return -1; -} - -int -lws_rxflow_cache(struct lws *wsi, unsigned char *buf, int n, int len) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - uint8_t *buffered; - size_t blen; - int ret = LWSRXFC_CACHED, m; - - /* his RX is flowcontrolled, don't send remaining now */ - blen = lws_buflist_next_segment_len(&wsi->buflist, &buffered); - if (blen) { - if (buf >= buffered && buf + len <= buffered + blen && - blen != (size_t)len) { - /* - * rxflow while we were spilling prev rxflow - * - * len indicates how much was unused, then... so trim - * the head buflist to match that situation - */ - - lws_buflist_use_segment(&wsi->buflist, blen - len); - lwsl_debug("%s: trim existing rxflow %d -> %d\n", - __func__, (int)blen, (int)len); - - return LWSRXFC_TRIMMED; - } - ret = LWSRXFC_ADDITIONAL; - } - - /* a new rxflow, buffer it and warn caller */ - - m = lws_buflist_append_segment(&wsi->buflist, buf + n, len - n); - - if (m < 0) - return LWSRXFC_ERROR; - if (m) { - lwsl_debug("%s: added %p to rxflow list\n", __func__, wsi); - lws_dll2_add_head(&wsi->dll_buflist, &pt->dll_buflist_owner); - } - - return ret; -} - -/* this is used by the platform service code to stop us waiting for network - * activity in poll() when we have something that already needs service - */ - -LWS_VISIBLE LWS_EXTERN int -lws_service_adjust_timeout(struct lws_context *context, int timeout_ms, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - - /* - * Figure out if we really want to wait in poll()... we only need to - * wait if really nothing already to do and we have to wait for - * something from network - */ -#if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - /* 1) if we know we are draining rx ext, do not wait in poll */ - if (pt->ws.rx_draining_ext_list) - return 0; -#endif - -#if defined(LWS_WITH_TLS) - /* 2) if we know we have non-network pending data, - * do not wait in poll */ - - if (pt->context->tls_ops && - pt->context->tls_ops->fake_POLLIN_for_buffered && - pt->context->tls_ops->fake_POLLIN_for_buffered(pt)) - return 0; -#endif - - /* - * 4) If there is any wsi with rxflow buffered and in a state to process - * it, we should not wait in poll - */ - - lws_start_foreach_dll(struct lws_dll2 *, d, pt->dll_buflist_owner.head) { - struct lws *wsi = lws_container_of(d, struct lws, dll_buflist); - - if (!lws_is_flowcontrolled(wsi) && - lwsi_state(wsi) != LRS_DEFERRING_ACTION) - return 0; - - /* - * 5) If any guys with http compression to spill, we shouldn't wait in - * poll but hurry along and service them - */ - - } lws_end_foreach_dll(d); - - return timeout_ms; -} - -/* - * POLLIN said there is something... we must read it, and either use it; or - * if other material already in the buflist append it and return the buflist - * head material. - */ -int -lws_buflist_aware_read(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_tokens *ebuf) -{ - int n, prior = (int)lws_buflist_next_segment_len(&wsi->buflist, NULL); - - ebuf->token = pt->serv_buf; - ebuf->len = lws_ssl_capable_read(wsi, pt->serv_buf, - wsi->context->pt_serv_buf_size); - - if (ebuf->len == LWS_SSL_CAPABLE_MORE_SERVICE && prior) - goto get_from_buflist; - - if (ebuf->len <= 0) - return 0; - - /* nothing in buflist already? Then just use what we read */ - - if (!prior) - return 0; - - /* stash what we read */ - - n = lws_buflist_append_segment(&wsi->buflist, ebuf->token, - ebuf->len); - if (n < 0) - return -1; - if (n) { - lwsl_debug("%s: added %p to rxflow list\n", __func__, wsi); - lws_dll2_add_head(&wsi->dll_buflist, &pt->dll_buflist_owner); - } - - /* get the first buflist guy in line */ - -get_from_buflist: - - ebuf->len = (int)lws_buflist_next_segment_len(&wsi->buflist, - &ebuf->token); - - return 1; /* came from buflist */ -} - -int -lws_buflist_aware_consume(struct lws *wsi, struct lws_tokens *ebuf, int used, - int buffered) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int m; - - /* it's in the buflist; we didn't use any */ - - if (!used && buffered) - return 0; - - if (used && buffered) { - m = lws_buflist_use_segment(&wsi->buflist, used); - lwsl_info("%s: draining rxflow: used %d, next %d\n", - __func__, used, m); - if (m) - return 0; - - lwsl_info("%s: removed %p from dll_buflist\n", __func__, wsi); - lws_dll2_remove(&wsi->dll_buflist); - - return 0; - } - - /* any remainder goes on the buflist */ - - if (used != ebuf->len) { - m = lws_buflist_append_segment(&wsi->buflist, - ebuf->token + used, - ebuf->len - used); - if (m < 0) - return 1; /* OOM */ - if (m) { - lwsl_debug("%s: added %p to rxflow list\n", - __func__, wsi); - lws_dll2_add_head(&wsi->dll_buflist, - &pt->dll_buflist_owner); - } - } - - return 0; -} - -void -lws_service_do_ripe_rxflow(struct lws_context_per_thread *pt) -{ - struct lws_pollfd pfd; - - if (!pt->dll_buflist_owner.head) - return; - - /* - * service all guys with pending rxflow that reached a state they can - * accept the pending data - */ - - lws_pt_lock(pt, __func__); - - lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1, - pt->dll_buflist_owner.head) { - struct lws *wsi = lws_container_of(d, struct lws, dll_buflist); - - pfd.events = LWS_POLLIN; - pfd.revents = LWS_POLLIN; - pfd.fd = -1; - - lwsl_debug("%s: rxflow processing: %p fc=%d, 0x%lx\n", __func__, - wsi, lws_is_flowcontrolled(wsi), - (unsigned long)wsi->wsistate); - - if (!lws_is_flowcontrolled(wsi) && - lwsi_state(wsi) != LRS_DEFERRING_ACTION && - (wsi->role_ops->handle_POLLIN)(pt, wsi, &pfd) == - LWS_HPI_RET_PLEASE_CLOSE_ME) - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "close_and_handled"); - - } lws_end_foreach_dll_safe(d, d1); - - lws_pt_unlock(pt); -} - -/* - * guys that need POLLIN service again without waiting for network action - * can force POLLIN here if not flowcontrolled, so they will get service. - * - * Return nonzero if anybody got their POLLIN faked - */ -int -lws_service_flag_pending(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - int forced = 0; - - lws_pt_lock(pt, __func__); - - /* - * 1) If there is any wsi with a buflist and in a state to process - * it, we should not wait in poll - */ - - lws_start_foreach_dll(struct lws_dll2 *, d, pt->dll_buflist_owner.head) { - struct lws *wsi = lws_container_of(d, struct lws, dll_buflist); - - if (!lws_is_flowcontrolled(wsi) && - lwsi_state(wsi) != LRS_DEFERRING_ACTION) { - forced = 1; - break; - } - } lws_end_foreach_dll(d); - -#if defined(LWS_ROLE_WS) - forced |= role_ops_ws.service_flag_pending(context, tsi); -#endif - -#if defined(LWS_WITH_TLS) - /* - * 2) For all guys with buffered SSL read data already saved up, if they - * are not flowcontrolled, fake their POLLIN status so they'll get - * service to use up the buffered incoming data, even though their - * network socket may have nothing - */ - lws_start_foreach_dll_safe(struct lws_dll2 *, p, p1, - lws_dll2_get_head(&pt->tls.dll_pending_tls_owner)) { - struct lws *wsi = lws_container_of(p, struct lws, - tls.dll_pending_tls); - - pt->fds[wsi->position_in_fds_table].revents |= - pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN; - if (pt->fds[wsi->position_in_fds_table].revents & LWS_POLLIN) { - forced = 1; - /* - * he's going to get serviced now, take him off the - * list of guys with buffered SSL. If he still has some - * at the end of the service, he'll get put back on the - * list then. - */ - __lws_ssl_remove_wsi_from_buffered_list(wsi); - } - - } lws_end_foreach_dll_safe(p, p1); -#endif - - lws_pt_unlock(pt); - - return forced; -} - -LWS_VISIBLE int -lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, - int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct lws *wsi; - - if (!context || context->being_destroyed1 ) - return -1; - - if (!pollfd) { - /* - * calling with NULL pollfd for periodic background processing - * is no longer needed and is now illegal. - */ - assert(pollfd); - return -1; - } - assert(lws_socket_is_valid(pollfd->fd)); - - /* no, here to service a socket descriptor */ - wsi = wsi_from_fd(context, pollfd->fd); - if (!wsi) - /* not lws connection ... leave revents alone and return */ - return 0; - -#if LWS_MAX_SMP > 1 - if (wsi->undergoing_init_from_other_pt) - /* - * Temporary situation that other service thread is initializing - * this wsi right now for use on our service thread. - */ - return 0; -#endif - - /* - * so that caller can tell we handled, past here we need to - * zero down pollfd->revents after handling - */ - - /* handle session socket closed */ - - if ((!(pollfd->revents & pollfd->events & LWS_POLLIN)) && - (pollfd->revents & LWS_POLLHUP)) { - wsi->socket_is_permanently_unusable = 1; - lwsl_debug("Session Socket %p (fd=%d) dead\n", - (void *)wsi, pollfd->fd); - - goto close_and_handled; - } - -#ifdef _WIN32 - if (pollfd->revents & LWS_POLLOUT) - wsi->sock_send_blocking = FALSE; -#endif - - if ((!(pollfd->revents & pollfd->events & LWS_POLLIN)) && - (pollfd->revents & LWS_POLLHUP)) { - lwsl_debug("pollhup\n"); - wsi->socket_is_permanently_unusable = 1; - goto close_and_handled; - } - -#if defined(LWS_WITH_TLS) - if (lwsi_state(wsi) == LRS_SHUTDOWN && - lws_is_ssl(wsi) && wsi->tls.ssl) { - switch (__lws_tls_shutdown(wsi)) { - case LWS_SSL_CAPABLE_DONE: - case LWS_SSL_CAPABLE_ERROR: - goto close_and_handled; - - case LWS_SSL_CAPABLE_MORE_SERVICE_READ: - case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE: - case LWS_SSL_CAPABLE_MORE_SERVICE: - goto handled; - } - } -#endif - wsi->could_have_pending = 0; /* clear back-to-back write detection */ - - /* okay, what we came here to do... */ - - /* if we got here, we should have wire protocol ops set on the wsi */ - assert(wsi->role_ops); - - // lwsl_notice("%s: %s: wsistate 0x%x\n", __func__, wsi->role_ops->name, - // wsi->wsistate); - - switch ((wsi->role_ops->handle_POLLIN)(pt, wsi, pollfd)) { - case LWS_HPI_RET_WSI_ALREADY_DIED: - return 1; - case LWS_HPI_RET_HANDLED: - break; - case LWS_HPI_RET_PLEASE_CLOSE_ME: -close_and_handled: - lwsl_debug("%p: Close and handled\n", wsi); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "close_and_handled"); -#if defined(_DEBUG) && defined(LWS_WITH_LIBUV) - /* - * confirm close has no problem being called again while - * it waits for libuv service to complete the first async - * close - */ - if (context->event_loop_ops == &event_loop_ops_uv) - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "close_and_handled uv repeat test"); -#endif - /* - * pollfd may point to something else after the close - * due to pollfd swapping scheme on delete on some platforms - * we can't clear revents now because it'd be the wrong guy's - * revents - */ - return 1; - default: - assert(0); - } -#if defined(LWS_WITH_TLS) -handled: -#endif - pollfd->revents = 0; - - if (!context->protocol_init_done) - if (lws_protocol_init(context)) { - lwsl_err("%s: lws_protocol_init failed\n", __func__); - return -1; - } - - return 0; -} - -LWS_VISIBLE int -lws_service_fd(struct lws_context *context, struct lws_pollfd *pollfd) -{ - return lws_service_fd_tsi(context, pollfd, 0); -} - -LWS_VISIBLE int -lws_service(struct lws_context *context, int timeout_ms) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - int n; - - if (!context) - return 1; - - pt->inside_service = 1; - - if (context->event_loop_ops->run_pt) { - /* we are configured for an event loop */ - context->event_loop_ops->run_pt(context, 0); - - pt->inside_service = 0; - - return 1; - } - n = lws_plat_service(context, timeout_ms); - - pt->inside_service = 0; - - return n; -} - -LWS_VISIBLE int -lws_service_tsi(struct lws_context *context, int timeout_ms, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - int n; - - pt->inside_service = 1; -#if LWS_MAX_SMP > 1 - pt->self = pthread_self(); -#endif - - if (context->event_loop_ops->run_pt) { - /* we are configured for an event loop */ - context->event_loop_ops->run_pt(context, tsi); - - pt->inside_service = 0; - - return 1; - } - - n = _lws_plat_service_tsi(context, timeout_ms, tsi); - - pt->inside_service = 0; - - return n; -} diff --git a/lib/core-net/sorted-usec-list.c b/lib/core-net/sorted-usec-list.c deleted file mode 100644 index fcf381c..0000000 --- a/lib/core-net/sorted-usec-list.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static int -sul_compare(const lws_dll2_t *d, const lws_dll2_t *i) -{ - lws_usec_t a = ((lws_sorted_usec_list_t *)d)->us; - lws_usec_t b = ((lws_sorted_usec_list_t *)i)->us; - - /* - * Simply returning (a - b) in an int - * may lead to an integer overflow bug - */ - - if (a > b) - return 1; - if (a < b) - return -1; - - return 0; -} - -int -__lws_sul_insert(lws_dll2_owner_t *own, lws_sorted_usec_list_t *sul, - lws_usec_t us) -{ - lws_usec_t now = lws_now_usecs(); - lws_dll2_remove(&sul->list); - - if (us == LWS_SET_TIMER_USEC_CANCEL) { - /* we are clearing the timeout */ - sul->us = 0; - - return 0; - } - - sul->us = now + us; - assert(sul->cb); - - /* - * we sort the pt's list of sequencers with pending timeouts, so it's - * cheap to check it every second - */ - - lws_dll2_add_sorted(&sul->list, own, sul_compare); - -#if 0 // defined(_DEBUG) - { - lws_usec_t worst = 0; - int n = 1; - - lwsl_info("%s: own %p: count %d\n", __func__, own, own->count); - - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - lws_dll2_get_head(own)) { - lws_sorted_usec_list_t *sul = (lws_sorted_usec_list_t *)p; - lwsl_info("%s: %d: %llu (+%lld)\n", __func__, n++, - (unsigned long long)sul->us, - (long long)(sul->us - now)); - if (sul->us < worst) { - lwsl_err("%s: wrongly sorted sul entry!\n", - __func__); - assert(0); - } - worst = sul->us; - } lws_end_foreach_dll_safe(p, tp); - } -#endif - - return 0; -} - -void -lws_sul_schedule(struct lws_context *context, int tsi, - lws_sorted_usec_list_t *sul, sul_cb_t cb, lws_usec_t us) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - - sul->cb = cb; - - __lws_sul_insert(&pt->pt_sul_owner, sul, us); -} - -lws_usec_t -__lws_sul_service_ripe(lws_dll2_owner_t *own, lws_usec_t usnow) -{ - while (lws_dll2_get_head(own)) { - /* .list is always first member in lws_sorted_usec_list_t */ - lws_sorted_usec_list_t *sul = (lws_sorted_usec_list_t *) - lws_dll2_get_head(own); - assert(sul->us); /* shouldn't be on the list otherwise */ - if (sul->us > usnow) - /* - * No need to look further if we met one later than now: - * the list is sorted in ascending time order - */ - return sul->us - usnow; - - /* his moment has come... remove him from timeout list */ - - lws_dll2_remove(&sul->list); - sul->us = 0; - sul->cb(sul); - /* - * The callback may have done any mixture of delete - * and add sul entries... eg, close a wsi may pull out - * multiple entries making iterating it statefully - * unsafe. Always restart at the current head of list. - */ - } - - /* - * Nothing left to take care of in the list (cannot return 0 otherwise - * because we will service anything equal to usnow rather than return) - */ - - return 0; -} diff --git a/lib/core-net/stats.c b/lib/core-net/stats.c deleted file mode 100644 index e87fc2e..0000000 --- a/lib/core-net/stats.c +++ /dev/null @@ -1,276 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -#if defined(LWS_WITH_STATS) - -LWS_VISIBLE LWS_EXTERN uint64_t -lws_stats_get(struct lws_context *context, int index) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - - if (index >= LWSSTATS_SIZE) - return 0; - - return pt->lws_stats[index]; -} - -static const char * stat_names[] = { - "C_CONNECTIONS", - "C_API_CLOSE", - "C_API_READ", - "C_API_LWS_WRITE", - "C_API_WRITE", - "C_WRITE_PARTIALS", - "C_WRITEABLE_CB_REQ", - "C_WRITEABLE_CB_EFF_REQ", - "C_WRITEABLE_CB", - "C_SSL_CONNECTIONS_FAILED", - "C_SSL_CONNECTIONS_ACCEPTED", - "C_SSL_CONNECTIONS_ACCEPT_SPIN", - "C_SSL_CONNS_HAD_RX", - "C_TIMEOUTS", - "C_SERVICE_ENTRY", - "B_READ", - "B_WRITE", - "B_PARTIALS_ACCEPTED_PARTS", - "US_SSL_ACCEPT_LATENCY_AVG", - "US_WRITABLE_DELAY_AVG", - "US_WORST_WRITABLE_DELAY", - "US_SSL_RX_DELAY_AVG", - "C_PEER_LIMIT_AH_DENIED", - "C_PEER_LIMIT_WSI_DENIED", - "C_CONNECTIONS_CLIENT", - "C_CONNECTIONS_CLIENT_FAILED", -}; - -static int -quantify(struct lws_context *context, int tsi, char *p, int len, int idx, - uint64_t *sum) -{ - const lws_humanize_unit_t *schema = humanize_schema_si; - struct lws_context_per_thread *pt = &context->pt[tsi]; - uint64_t u, u1; - - lws_pt_stats_lock(pt); - u = pt->lws_stats[idx]; - - /* it's supposed to be an average? */ - - switch (idx) { - case LWSSTATS_US_SSL_ACCEPT_LATENCY_AVG: - u1 = pt->lws_stats[LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED]; - if (u1) - u = u / u1; - break; - case LWSSTATS_US_SSL_RX_DELAY_AVG: - u1 = pt->lws_stats[LWSSTATS_C_SSL_CONNS_HAD_RX]; - if (u1) - u = u / u1; - break; - case LWSSTATS_US_WRITABLE_DELAY_AVG: - u1 = pt->lws_stats[LWSSTATS_C_WRITEABLE_CB]; - if (u1) - u = u / u1; - break; - } - lws_pt_stats_unlock(pt); - - *sum += u; - - switch (stat_names[idx][0]) { - case 'U': - schema = humanize_schema_us; - break; - case 'B': - schema = humanize_schema_si_bytes; - break; - } - - return lws_humanize(p, len, u, schema); -} - - -LWS_VISIBLE LWS_EXTERN void -lws_stats_log_dump(struct lws_context *context) -{ - struct lws_vhost *v = context->vhost_list; - uint64_t summary[LWSSTATS_SIZE]; - char bufline[128], *p, *end = bufline + sizeof(bufline) - 1; - int n, m; - - if (!context->updated) - return; - - context->updated = 0; - memset(summary, 0, sizeof(summary)); - - lwsl_notice("\n"); - lwsl_notice("LWS internal statistics dump ----->\n"); - for (n = 0; n < (int)LWS_ARRAY_SIZE(stat_names); n++) { - uint64_t u = 0; - - /* if it's all zeroes, don't report it */ - - for (m = 0; m < context->count_threads; m++) { - struct lws_context_per_thread *pt = &context->pt[m]; - - u |= pt->lws_stats[n]; - } - if (!u) - continue; - - p = bufline; - p += lws_snprintf(p, lws_ptr_diff(end, p), "%28s: ", - stat_names[n]); - - for (m = 0; m < context->count_threads; m++) - quantify(context, m, p, lws_ptr_diff(end, p), n, &summary[n]); - - lwsl_notice("%s\n", bufline); - } - - lwsl_notice("Simultaneous SSL restriction: %8d/%d\n", - context->simultaneous_ssl, - context->simultaneous_ssl_restriction); - - lwsl_notice("Live wsi: %8d\n", - context->count_wsi_allocated); - - context->updated = 1; - - while (v) { - if (v->lserv_wsi && - v->lserv_wsi->position_in_fds_table != LWS_NO_FDS_POS) { - - struct lws_context_per_thread *pt = - &context->pt[(int)v->lserv_wsi->tsi]; - struct lws_pollfd *pfd; - - pfd = &pt->fds[v->lserv_wsi->position_in_fds_table]; - - lwsl_notice(" Listen port %d actual POLLIN: %d\n", - v->listen_port, - (int)pfd->events & LWS_POLLIN); - } - - v = v->vhost_next; - } - - for (n = 0; n < context->count_threads; n++) { - struct lws_context_per_thread *pt = &context->pt[n]; - struct lws *wl; - int m = 0; - - lwsl_notice("PT %d\n", n + 1); - - lws_pt_lock(pt, __func__); - - lwsl_notice(" AH in use / max: %d / %d\n", - pt->http.ah_count_in_use, - context->max_http_header_pool); - - wl = pt->http.ah_wait_list; - while (wl) { - m++; - wl = wl->http.ah_wait_list; - } - - lwsl_notice(" AH wait list count / actual: %d / %d\n", - pt->http.ah_wait_list_length, m); - - lws_pt_unlock(pt); - } - -#if defined(LWS_WITH_PEER_LIMITS) - m = 0; - for (n = 0; n < (int)context->pl_hash_elements; n++) { - lws_start_foreach_llp(struct lws_peer **, peer, - context->pl_hash_table[n]) { - m++; - } lws_end_foreach_llp(peer, next); - } - - lwsl_notice(" Peers: total active %d\n", m); - if (m > 10) { - m = 10; - lwsl_notice(" (showing 10 peers only)\n"); - } - - if (m) { - for (n = 0; n < (int)context->pl_hash_elements; n++) { - char buf[72]; - - lws_start_foreach_llp(struct lws_peer **, peer, - context->pl_hash_table[n]) { - struct lws_peer *df = *peer; - - if (!lws_plat_inet_ntop(df->af, df->addr, buf, - sizeof(buf) - 1)) - strcpy(buf, "unknown"); -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - lwsl_notice(" peer %s: count wsi: %d, count ah: %d\n", - buf, df->count_wsi, - df->http.count_ah); -#else - lwsl_notice(" peer %s: count wsi: %d\n", - buf, df->count_wsi); -#endif - - if (!--m) - break; - } lws_end_foreach_llp(peer, next); - } - } -#endif - - lwsl_notice("\n"); -} - -void -lws_stats_bump(struct lws_context_per_thread *pt, int i, uint64_t bump) -{ - lws_pt_stats_lock(pt); - pt->lws_stats[i] += bump; - if (i != LWSSTATS_C_SERVICE_ENTRY) { - pt->updated = 1; - pt->context->updated = 1; - } - lws_pt_stats_unlock(pt); -} - -void -lws_stats_max(struct lws_context_per_thread *pt, int index, uint64_t val) -{ - lws_pt_stats_lock(pt); - if (val > pt->lws_stats[index]) { - pt->lws_stats[index] = val; - pt->updated = 1; - pt->context->updated = 1; - } - lws_pt_stats_unlock(pt); -} - -#endif - - diff --git a/lib/core-net/vhost.c b/lib/core-net/vhost.c deleted file mode 100644 index 69fe26a..0000000 --- a/lib/core-net/vhost.c +++ /dev/null @@ -1,1318 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -const struct lws_role_ops *available_roles[] = { -#if defined(LWS_ROLE_H2) - &role_ops_h2, -#endif -#if defined(LWS_ROLE_H1) - &role_ops_h1, -#endif -#if defined(LWS_ROLE_WS) - &role_ops_ws, -#endif -#if defined(LWS_ROLE_DBUS) - &role_ops_dbus, -#endif -#if defined(LWS_ROLE_RAW_PROXY) - &role_ops_raw_proxy, -#endif - NULL -}; - -const struct lws_event_loop_ops *available_event_libs[] = { -#if defined(LWS_WITH_POLL) - &event_loop_ops_poll, -#endif -#if defined(LWS_WITH_LIBUV) - &event_loop_ops_uv, -#endif -#if defined(LWS_WITH_LIBEVENT) - &event_loop_ops_event, -#endif -#if defined(LWS_WITH_LIBEV) - &event_loop_ops_ev, -#endif - NULL -}; - -#if defined(LWS_WITH_ABSTRACT) -const struct lws_protocols *available_abstract_protocols[] = { -#if defined(LWS_ROLE_RAW) - &protocol_abs_client_raw_skt, -#endif - NULL -}; -#endif - -static const char * const mount_protocols[] = { - "http://", - "https://", - "file://", - "cgi://", - ">http://", - ">https://", - "callback://" -}; - -const struct lws_role_ops * -lws_role_by_name(const char *name) -{ - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (!strcmp(ar->name, name)) - return ar; - LWS_FOR_EVERY_AVAILABLE_ROLE_END; - - if (!strcmp(name, role_ops_raw_skt.name)) - return &role_ops_raw_skt; - - if (!strcmp(name, role_ops_raw_file.name)) - return &role_ops_raw_file; - - return NULL; -} - -int -lws_role_call_alpn_negotiated(struct lws *wsi, const char *alpn) -{ -#if defined(LWS_WITH_TLS) - if (!alpn) - return 0; - - lwsl_info("%s: '%s'\n", __func__, alpn); - - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (ar->alpn && !strcmp(ar->alpn, alpn) && ar->alpn_negotiated) - return ar->alpn_negotiated(wsi, alpn); - LWS_FOR_EVERY_AVAILABLE_ROLE_END; -#endif - return 0; -} - -//#if !defined(LWS_WITHOUT_SERVER) -int -lws_role_call_adoption_bind(struct lws *wsi, int type, const char *prot) -{ - int n; - - /* - * if the vhost is told to bind accepted sockets to a given role, - * then look it up by name and try to bind to the specific role. - */ - if (lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG) && - wsi->vhost->listen_accept_role) { - const struct lws_role_ops *role = - lws_role_by_name(wsi->vhost->listen_accept_role); - - if (!prot) - prot = wsi->vhost->listen_accept_protocol; - - if (!role) - lwsl_err("%s: can't find role '%s'\n", __func__, - wsi->vhost->listen_accept_role); - - if (role && role->adoption_bind) { - n = role->adoption_bind(wsi, type, prot); - if (n < 0) - return -1; - if (n) /* did the bind */ - return 0; - } - - if (type & _LWS_ADOPT_FINISH) { - lwsl_debug("%s: leaving bound to role %s\n", __func__, - wsi->role_ops->name); - return 0; - } - - - lwsl_warn("%s: adoption bind to role '%s', " - "protocol '%s', type 0x%x, failed\n", __func__, - wsi->vhost->listen_accept_role, prot, type); - } - - /* - * Otherwise ask each of the roles in order of preference if they - * want to bind to this accepted socket - */ - - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (ar->adoption_bind && ar->adoption_bind(wsi, type, prot)) - return 0; - LWS_FOR_EVERY_AVAILABLE_ROLE_END; - - /* fall back to raw socket role if, eg, h1 not configured */ - - if (role_ops_raw_skt.adoption_bind && - role_ops_raw_skt.adoption_bind(wsi, type, prot)) - return 0; - - /* fall back to raw file role if, eg, h1 not configured */ - - if (role_ops_raw_file.adoption_bind && - role_ops_raw_file.adoption_bind(wsi, type, prot)) - return 0; - - return 1; -} -//#endif - -#if !defined(LWS_WITHOUT_CLIENT) -int -lws_role_call_client_bind(struct lws *wsi, - const struct lws_client_connect_info *i) -{ - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (ar->client_bind) { - int m = ar->client_bind(wsi, i); - if (m < 0) - return m; - if (m) - return 0; - } - LWS_FOR_EVERY_AVAILABLE_ROLE_END; - - /* fall back to raw socket role if, eg, h1 not configured */ - - if (role_ops_raw_skt.client_bind && - role_ops_raw_skt.client_bind(wsi, i)) - return 0; - - return 1; -} -#endif - -LWS_VISIBLE void * -lws_protocol_vh_priv_zalloc(struct lws_vhost *vhost, - const struct lws_protocols *prot, int size) -{ - int n = 0; - - /* allocate the vh priv array only on demand */ - if (!vhost->protocol_vh_privs) { - vhost->protocol_vh_privs = (void **)lws_zalloc( - vhost->count_protocols * sizeof(void *), - "protocol_vh_privs"); - if (!vhost->protocol_vh_privs) - return NULL; - } - - while (n < vhost->count_protocols && &vhost->protocols[n] != prot) - n++; - - if (n == vhost->count_protocols) { - n = 0; - while (n < vhost->count_protocols && - strcmp(vhost->protocols[n].name, prot->name)) - n++; - - if (n == vhost->count_protocols) - return NULL; - } - - vhost->protocol_vh_privs[n] = lws_zalloc(size, "vh priv"); - return vhost->protocol_vh_privs[n]; -} - -LWS_VISIBLE void * -lws_protocol_vh_priv_get(struct lws_vhost *vhost, - const struct lws_protocols *prot) -{ - int n = 0; - - if (!vhost || !vhost->protocol_vh_privs || !prot) - return NULL; - - while (n < vhost->count_protocols && &vhost->protocols[n] != prot) - n++; - - if (n == vhost->count_protocols) { - n = 0; - while (n < vhost->count_protocols && - strcmp(vhost->protocols[n].name, prot->name)) - n++; - - if (n == vhost->count_protocols) { - lwsl_err("%s: unknown protocol %p\n", __func__, prot); - return NULL; - } - } - - return vhost->protocol_vh_privs[n]; -} - -const struct lws_protocol_vhost_options * -lws_vhost_protocol_options(struct lws_vhost *vh, const char *name) -{ - const struct lws_protocol_vhost_options *pvo = vh->pvo; - - if (!name) - return NULL; - - while (pvo) { - if (!strcmp(pvo->name, name)) - return pvo; - pvo = pvo->next; - } - - return NULL; -} - -/* - * inform every vhost that hasn't already done it, that - * his protocols are initializing - */ -LWS_VISIBLE int -lws_protocol_init(struct lws_context *context) -{ - struct lws_vhost *vh = context->vhost_list; - const struct lws_protocol_vhost_options *pvo, *pvo1; - struct lws wsi; - int n, any = 0; - - if (context->doing_protocol_init) - return 0; - - context->doing_protocol_init = 1; - - memset(&wsi, 0, sizeof(wsi)); - wsi.context = context; - - lwsl_info("%s\n", __func__); - - while (vh) { - wsi.vhost = vh; - - /* only do the protocol init once for a given vhost */ - if (vh->created_vhost_protocols || - (vh->options & LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT)) - goto next; - - /* initialize supported protocols on this vhost */ - - for (n = 0; n < vh->count_protocols; n++) { - wsi.protocol = &vh->protocols[n]; - if (!vh->protocols[n].name) - continue; - pvo = lws_vhost_protocol_options(vh, - vh->protocols[n].name); - if (pvo) { - /* - * linked list of options specific to - * vh + protocol - */ - pvo1 = pvo; - pvo = pvo1->options; - - while (pvo) { - lwsl_debug( - " vhost \"%s\", " - "protocol \"%s\", " - "option \"%s\"\n", - vh->name, - vh->protocols[n].name, - pvo->name); - - if (!strcmp(pvo->name, "default")) { - lwsl_info("Setting default " - "protocol for vh %s to %s\n", - vh->name, - vh->protocols[n].name); - vh->default_protocol_index = n; - } - if (!strcmp(pvo->name, "raw")) { - lwsl_info("Setting raw " - "protocol for vh %s to %s\n", - vh->name, - vh->protocols[n].name); - vh->raw_protocol_index = n; - } - pvo = pvo->next; - } - - pvo = pvo1->options; - } - -#if defined(LWS_WITH_TLS) - any |= !!vh->tls.ssl_ctx; -#endif - - /* - * inform all the protocols that they are doing their - * one-time initialization if they want to. - * - * NOTE the wsi is all zeros except for the context, vh - * + protocol ptrs so lws_get_context(wsi) etc can work - */ - if (vh->protocols[n].callback(&wsi, - LWS_CALLBACK_PROTOCOL_INIT, NULL, - (void *)pvo, 0)) { - if (vh->protocol_vh_privs[n]) { - lws_free(vh->protocol_vh_privs[n]); - vh->protocol_vh_privs[n] = NULL; - } - lwsl_err("%s: protocol %s failed init\n", - __func__, vh->protocols[n].name); - - return 1; - } - } - - vh->created_vhost_protocols = 1; -next: - vh = vh->vhost_next; - } - - context->doing_protocol_init = 0; - - if (!context->protocol_init_done && lws_finalize_startup(context)) - return 1; - - context->protocol_init_done = 1; - - if (any) - lws_tls_check_all_cert_lifetimes(context); - - return 0; -} - - -/* list of supported protocols and callbacks */ - -static const struct lws_protocols protocols_dummy[] = { - /* first protocol must always be HTTP handler */ - - { - "http-only", /* name */ - lws_callback_http_dummy, /* callback */ - 0, /* per_session_data_size */ - 0, /* rx_buffer_size */ - 0, /* id */ - NULL, /* user */ - 0 /* tx_packet_size */ - }, - /* - * the other protocols are provided by lws plugins - */ - { NULL, NULL, 0, 0, 0, NULL, 0} /* terminator */ -}; - - -#ifdef LWS_PLAT_OPTEE -#undef LWS_HAVE_GETENV -#endif - -LWS_VISIBLE struct lws_vhost * -lws_create_vhost(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - struct lws_vhost *vh = lws_zalloc(sizeof(*vh), "create vhost"), - **vh1 = &context->vhost_list; - const struct lws_http_mount *mounts; - const struct lws_protocols *pcols = info->protocols; -#ifdef LWS_WITH_PLUGINS - struct lws_plugin *plugin = context->plugin_list; -#endif - struct lws_protocols *lwsp; - int m, f = !info->pvo, fx = 0, abs_pcol_count = 0; - char buf[96]; -#if !defined(LWS_WITHOUT_CLIENT) && defined(LWS_HAVE_GETENV) - char *p; -#endif - int n; - - if (!vh) - return NULL; - -#if LWS_MAX_SMP > 1 - pthread_mutex_init(&vh->lock, NULL); -#endif - - if (!pcols && !info->pprotocols) - pcols = &protocols_dummy[0]; - - vh->context = context; - if (!info->vhost_name) - vh->name = "default"; - else - vh->name = info->vhost_name; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - vh->http.error_document_404 = info->error_document_404; -#endif - - if (info->options & LWS_SERVER_OPTION_ONLY_RAW) - lwsl_info("%s set to only support RAW\n", vh->name); - - vh->iface = info->iface; -#if !defined(LWS_WITH_ESP32) && \ - !defined(OPTEE_TA) && !defined(WIN32) - vh->bind_iface = info->bind_iface; -#endif - - /* - * let's figure out how many protocols the user is handing us, using the - * old or new way depending on what he gave us - */ - - if (!pcols) - for (vh->count_protocols = 0; - info->pprotocols[vh->count_protocols]; - vh->count_protocols++) - ; - else - for (vh->count_protocols = 0; - pcols[vh->count_protocols].callback; - vh->count_protocols++) - ; - - vh->options = info->options; - vh->pvo = info->pvo; - vh->headers = info->headers; - vh->user = info->user; - vh->finalize = info->finalize; - vh->finalize_arg = info->finalize_arg; - vh->listen_accept_role = info->listen_accept_role; - vh->listen_accept_protocol = info->listen_accept_protocol; - vh->unix_socket_perms = info->unix_socket_perms; - - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (ar->init_vhost) - if (ar->init_vhost(vh, info)) - return NULL; - LWS_FOR_EVERY_AVAILABLE_ROLE_END; - - - if (info->keepalive_timeout) - vh->keepalive_timeout = info->keepalive_timeout; - else - vh->keepalive_timeout = 5; - - if (info->timeout_secs_ah_idle) - vh->timeout_secs_ah_idle = info->timeout_secs_ah_idle; - else - vh->timeout_secs_ah_idle = 10; - -#if defined(LWS_WITH_TLS) - - vh->tls.alpn = info->alpn; - vh->tls.ssl_info_event_mask = info->ssl_info_event_mask; - - if (info->ecdh_curve) - lws_strncpy(vh->tls.ecdh_curve, info->ecdh_curve, - sizeof(vh->tls.ecdh_curve)); - - /* carefully allocate and take a copy of cert + key paths if present */ - n = 0; - if (info->ssl_cert_filepath) - n += (int)strlen(info->ssl_cert_filepath) + 1; - if (info->ssl_private_key_filepath) - n += (int)strlen(info->ssl_private_key_filepath) + 1; - - if (n) { - vh->tls.key_path = vh->tls.alloc_cert_path = - lws_malloc(n, "vh paths"); - if (info->ssl_cert_filepath) { - n = (int)strlen(info->ssl_cert_filepath) + 1; - memcpy(vh->tls.alloc_cert_path, - info->ssl_cert_filepath, n); - vh->tls.key_path += n; - } - if (info->ssl_private_key_filepath) - memcpy(vh->tls.key_path, info->ssl_private_key_filepath, - strlen(info->ssl_private_key_filepath) + 1); - } -#endif - -#if defined(LWS_WITH_HTTP_PROXY) && defined(LWS_ROLE_WS) - fx = 1; -#endif -#if defined(LWS_WITH_ABSTRACT) - abs_pcol_count = (int)LWS_ARRAY_SIZE(available_abstract_protocols) - 1; -#endif - - /* - * give the vhost a unified list of protocols including: - * - * - internal, abstracted ones - * - the ones that came from plugins - * - his user protocols - */ - lwsp = lws_zalloc(sizeof(struct lws_protocols) * - (vh->count_protocols + - abs_pcol_count + - context->plugin_protocol_count + - fx + 1), - "vhost-specific plugin table"); - if (!lwsp) { - lwsl_err("OOM\n"); - return NULL; - } - - /* - * 1: user protocols (from pprotocols or protocols) - */ - - m = vh->count_protocols; - if (!pcols) { - for (n = 0; n < m; n++) - memcpy(&lwsp[n], info->pprotocols[n], sizeof(lwsp[0])); - } else - memcpy(lwsp, pcols, sizeof(struct lws_protocols) * m); - - /* - * 2: abstract protocols - */ -#if defined(LWS_WITH_ABSTRACT) - for (n = 0; n < abs_pcol_count; n++) { - memcpy(&lwsp[m++], available_abstract_protocols[n], - sizeof(*lwsp)); - vh->count_protocols++; - } -#endif - - /* - * 3: For compatibility, all protocols enabled on vhost if only - * the default vhost exists. Otherwise only vhosts who ask - * for a protocol get it enabled. - */ - - if (context->options & LWS_SERVER_OPTION_EXPLICIT_VHOSTS) - f = 0; - (void)f; -#ifdef LWS_WITH_PLUGINS - if (plugin) { - while (plugin) { - for (n = 0; n < plugin->caps.count_protocols; n++) { - /* - * for compatibility's sake, no pvo implies - * allow all protocols - */ - if (f || lws_vhost_protocol_options(vh, - plugin->caps.protocols[n].name)) { - memcpy(&lwsp[m], - &plugin->caps.protocols[n], - sizeof(struct lws_protocols)); - m++; - vh->count_protocols++; - } - } - plugin = plugin->list; - } - } -#endif - -#if defined(LWS_WITH_HTTP_PROXY) && defined(LWS_ROLE_WS) - memcpy(&lwsp[m++], &lws_ws_proxy, sizeof(*lwsp)); - vh->count_protocols++; -#endif - - vh->protocols = lwsp; - vh->allocated_vhost_protocols = 1; - - vh->same_vh_protocol_owner = (struct lws_dll2_owner *) - lws_zalloc(sizeof(struct lws_dll2_owner) * - vh->count_protocols, "same vh list"); -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - vh->http.mount_list = info->mounts; -#endif - -#ifdef LWS_WITH_UNIX_SOCK - if (LWS_UNIX_SOCK_ENABLED(vh)) { - lwsl_info("Creating Vhost '%s' path \"%s\", %d protocols\n", - vh->name, vh->iface, vh->count_protocols); - } else -#endif - { - switch(info->port) { - case CONTEXT_PORT_NO_LISTEN: - strcpy(buf, "(serving disabled)"); - break; - case CONTEXT_PORT_NO_LISTEN_SERVER: - strcpy(buf, "(no listener)"); - break; - default: - lws_snprintf(buf, sizeof(buf), "port %u", info->port); - break; - } - lwsl_info("Creating Vhost '%s' %s, %d protocols, IPv6 %s\n", - vh->name, buf, vh->count_protocols, - LWS_IPV6_ENABLED(vh) ? "on" : "off"); - } - mounts = info->mounts; - while (mounts) { - (void)mount_protocols[0]; - lwsl_info(" mounting %s%s to %s\n", - mount_protocols[mounts->origin_protocol], - mounts->origin, mounts->mountpoint); - - mounts = mounts->mount_next; - } - - vh->listen_port = info->port; -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - vh->http.http_proxy_port = 0; - vh->http.http_proxy_address[0] = '\0'; -#endif -#if defined(LWS_WITH_SOCKS5) - vh->socks_proxy_port = 0; - vh->socks_proxy_address[0] = '\0'; -#endif - -#if !defined(LWS_WITHOUT_CLIENT) - /* either use proxy from info, or try get it from env var */ -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - /* http proxy */ - if (info->http_proxy_address) { - /* override for backwards compatibility */ - if (info->http_proxy_port) - vh->http.http_proxy_port = info->http_proxy_port; - lws_set_proxy(vh, info->http_proxy_address); - } else -#endif - { -#ifdef LWS_HAVE_GETENV - p = getenv("http_proxy"); - if (p) { - lws_strncpy(buf, p, sizeof(buf)); - - lws_set_proxy(vh, buf); - } -#endif - } -#endif -#if defined(LWS_WITH_SOCKS5) - /* socks proxy */ - if (info->socks_proxy_address) { - /* override for backwards compatibility */ - if (info->socks_proxy_port) - vh->socks_proxy_port = info->socks_proxy_port; - lws_set_socks(vh, info->socks_proxy_address); - } else { -#ifdef LWS_HAVE_GETENV - p = getenv("socks_proxy"); - if (p && strlen(p) > 0 && strlen(p) < 95) - lws_set_socks(vh, p); -#endif - } -#endif - - vh->ka_time = info->ka_time; - vh->ka_interval = info->ka_interval; - vh->ka_probes = info->ka_probes; - - if (vh->options & LWS_SERVER_OPTION_STS) - lwsl_notice(" STS enabled\n"); - -#ifdef LWS_WITH_ACCESS_LOG - if (info->log_filepath) { - vh->log_fd = lws_open(info->log_filepath, - O_CREAT | O_APPEND | O_RDWR, 0600); - if (vh->log_fd == (int)LWS_INVALID_FILE) { - lwsl_err("unable to open log filepath %s\n", - info->log_filepath); - goto bail; - } -#ifndef WIN32 - if (context->uid != -1) - if (chown(info->log_filepath, context->uid, - context->gid) == -1) - lwsl_err("unable to chown log file %s\n", - info->log_filepath); -#endif - } else - vh->log_fd = (int)LWS_INVALID_FILE; -#endif - if (lws_context_init_server_ssl(info, vh)) { - lwsl_err("%s: lws_context_init_server_ssl failed\n", __func__); - goto bail1; - } - if (lws_context_init_client_ssl(info, vh)) { - lwsl_err("%s: lws_context_init_client_ssl failed\n", __func__); - goto bail1; - } - lws_context_lock(context, "create_vhost"); - n = _lws_vhost_init_server(info, vh); - lws_context_unlock(context); - if (n < 0) { - lwsl_err("init server failed\n"); - goto bail1; - } - - while (1) { - if (!(*vh1)) { - *vh1 = vh; - break; - } - vh1 = &(*vh1)->vhost_next; - }; - - /* for the case we are adding a vhost much later, after server init */ - - if (context->protocol_init_done) - if (lws_protocol_init(context)) { - lwsl_err("%s: lws_protocol_init failed\n", __func__); - goto bail1; - } - - return vh; - -bail1: - lws_vhost_destroy(vh); - - return NULL; - -#ifdef LWS_WITH_ACCESS_LOG -bail: - lws_free(vh); -#endif - - return NULL; -} - -LWS_VISIBLE int -lws_init_vhost_client_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost) -{ - struct lws_context_creation_info i; - - memcpy(&i, info, sizeof(i)); - i.port = CONTEXT_PORT_NO_LISTEN; - - return lws_context_init_client_ssl(&i, vhost); -} - -LWS_VISIBLE void -lws_cancel_service_pt(struct lws *wsi) -{ - lws_plat_pipe_signal(wsi); -} - -LWS_VISIBLE void -lws_cancel_service(struct lws_context *context) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - short m = context->count_threads; - - if (context->being_destroyed1) - return; - - lwsl_info("%s\n", __func__); - - while (m--) { - if (pt->pipe_wsi) - lws_plat_pipe_signal(pt->pipe_wsi); - pt++; - } -} - -int -lws_create_event_pipes(struct lws_context *context) -{ - struct lws *wsi; - int n; - - /* - * Create the pt event pipes... these are unique in that they are - * not bound to a vhost or protocol (both are NULL) - */ - - for (n = 0; n < context->count_threads; n++) { - if (context->pt[n].pipe_wsi) - continue; - - wsi = lws_zalloc(sizeof(*wsi), "event pipe wsi"); - if (!wsi) { - lwsl_err("%s: Out of mem\n", __func__); - return 1; - } - wsi->context = context; - lws_role_transition(wsi, 0, LRS_UNCONNECTED, &role_ops_pipe); - wsi->protocol = NULL; - wsi->tsi = n; - wsi->vhost = NULL; - wsi->event_pipe = 1; - wsi->desc.sockfd = LWS_SOCK_INVALID; - context->pt[n].pipe_wsi = wsi; - context->count_wsi_allocated++; - - if (lws_plat_pipe_create(wsi)) - /* - * platform code returns 0 if it actually created pipes - * and initialized pt->dummy_pipe_fds[]. If it used - * some other mechanism outside of signaling in the - * normal event loop, we skip treating the pipe as - * related to dummy_pipe_fds[], adding it to the fds, - * etc. - */ - continue; - - wsi->desc.sockfd = context->pt[n].dummy_pipe_fds[0]; - lwsl_debug("event pipe fd %d\n", wsi->desc.sockfd); - -#if !defined(LWS_AMAZON_RTOS) - if (context->event_loop_ops->accept) - if (context->event_loop_ops->accept(wsi)) - return 1; -#endif - - if (__insert_wsi_socket_into_fds(context, wsi)) - return 1; - } - - return 0; -} - -void -lws_destroy_event_pipe(struct lws *wsi) -{ - lwsl_info("%s\n", __func__); - __remove_wsi_socket_from_fds(wsi); - - if (wsi->context->event_loop_ops->wsi_logical_close) { - wsi->context->event_loop_ops->wsi_logical_close(wsi); - lws_plat_pipe_close(wsi); - return; - } - - if (wsi->context->event_loop_ops->destroy_wsi) - wsi->context->event_loop_ops->destroy_wsi(wsi); - lws_plat_pipe_close(wsi); - wsi->context->count_wsi_allocated--; - lws_free(wsi); -} - - -void -lws_vhost_destroy1(struct lws_vhost *vh) -{ - struct lws_context *context = vh->context; - - lwsl_info("%s\n", __func__); - - lws_context_lock(context, "vhost destroy 1"); /* ---------- context { */ - - if (vh->being_destroyed) - goto out; - - lws_vhost_lock(vh); /* -------------- vh { */ - - vh->being_destroyed = 1; -#if defined(LWS_WITH_NETWORK) - /* - * PHASE 1: take down or reassign any listen wsi - * - * Are there other vhosts that are piggybacking on our listen socket? - * If so we need to hand the listen socket off to one of the others - * so it will remain open. - * - * If not, leave it attached to the closing vhost, the vh being marked - * being_destroyed will defeat any service and it will get closed in - * later phases. - */ - - if (vh->lserv_wsi) - lws_start_foreach_ll(struct lws_vhost *, v, - context->vhost_list) { - if (v != vh && - !v->being_destroyed && - v->listen_port == vh->listen_port && - ((!v->iface && !vh->iface) || - (v->iface && vh->iface && - !strcmp(v->iface, vh->iface)))) { - /* - * this can only be a listen wsi, which is - * restricted... it has no protocol or other - * bindings or states. So we can simply - * swap it to a vhost that has the same - * iface + port, but is not closing. - */ - assert(v->lserv_wsi == NULL); - v->lserv_wsi = vh->lserv_wsi; - - lwsl_notice("%s: listen skt from %s to %s\n", - __func__, vh->name, v->name); - - if (v->lserv_wsi) { - lws_vhost_unbind_wsi(vh->lserv_wsi); - lws_vhost_bind_wsi(v, v->lserv_wsi); - } - - break; - } - } lws_end_foreach_ll(v, vhost_next); - -#endif - - lws_vhost_unlock(vh); /* } vh -------------- */ - - /* - * lws_check_deferred_free() will notice there is a vhost that is - * marked for destruction during the next 1s, for all tsi. - * - * It will start closing all wsi on this vhost. When the last wsi - * is closed, it will trigger lws_vhost_destroy2() - */ - -out: - lws_context_unlock(context); /* --------------------------- context { */ -} - -#if defined(LWS_WITH_ABSTRACT) -static int -destroy_ais(struct lws_dll2 *d, void *user) -{ - lws_abs_t *ai = lws_container_of(d, lws_abs_t, abstract_instances); - - lws_abs_destroy_instance(&ai); - - return 0; -} -#endif - -void -__lws_vhost_destroy2(struct lws_vhost *vh) -{ - const struct lws_protocols *protocol = NULL; - struct lws_context *context = vh->context; - struct lws_deferred_free *df; - struct lws wsi; - int n; - - /* - * destroy any pending timed events - */ - - while (vh->timed_vh_protocol_list) - __lws_timed_callback_remove(vh, vh->timed_vh_protocol_list); - - /* - * let the protocols destroy the per-vhost protocol objects - */ - - memset(&wsi, 0, sizeof(wsi)); - wsi.context = vh->context; - wsi.vhost = vh; /* not a real bound wsi */ - protocol = vh->protocols; - if (protocol && vh->created_vhost_protocols) { - n = 0; - while (n < vh->count_protocols) { - wsi.protocol = protocol; - - if (protocol->callback) - protocol->callback(&wsi, LWS_CALLBACK_PROTOCOL_DESTROY, - NULL, NULL, 0); - protocol++; - n++; - } - } - - /* - * remove vhost from context list of vhosts - */ - - lws_start_foreach_llp(struct lws_vhost **, pv, context->vhost_list) { - if (*pv == vh) { - *pv = vh->vhost_next; - break; - } - } lws_end_foreach_llp(pv, vhost_next); - - /* add ourselves to the pending destruction list */ - - vh->vhost_next = vh->context->vhost_pending_destruction_list; - vh->context->vhost_pending_destruction_list = vh; - - lwsl_info("%s: %p\n", __func__, vh); - - /* if we are still on deferred free list, remove ourselves */ - - lws_start_foreach_llp(struct lws_deferred_free **, pdf, - context->deferred_free_list) { - if ((*pdf)->payload == vh) { - df = *pdf; - *pdf = df->next; - lws_free(df); - break; - } - } lws_end_foreach_llp(pdf, next); - - /* remove ourselves from the pending destruction list */ - - lws_start_foreach_llp(struct lws_vhost **, pv, - context->vhost_pending_destruction_list) { - if ((*pv) == vh) { - *pv = (*pv)->vhost_next; - break; - } - } lws_end_foreach_llp(pv, vhost_next); - - /* - * Free all the allocations associated with the vhost - */ - - protocol = vh->protocols; - if (protocol) { - n = 0; - while (n < vh->count_protocols) { - if (vh->protocol_vh_privs && - vh->protocol_vh_privs[n]) { - lws_free(vh->protocol_vh_privs[n]); - vh->protocol_vh_privs[n] = NULL; - } - protocol++; - n++; - } - } - if (vh->protocol_vh_privs) - lws_free(vh->protocol_vh_privs); - lws_ssl_SSL_CTX_destroy(vh); - lws_free(vh->same_vh_protocol_owner); - - if (context->plugin_list || - (context->options & LWS_SERVER_OPTION_EXPLICIT_VHOSTS) || - vh->allocated_vhost_protocols) - lws_free((void *)vh->protocols); -#if defined(LWS_WITH_NETWORK) - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) - if (ar->destroy_vhost) - ar->destroy_vhost(vh); - LWS_FOR_EVERY_AVAILABLE_ROLE_END; -#endif - -#ifdef LWS_WITH_ACCESS_LOG - if (vh->log_fd != (int)LWS_INVALID_FILE) - close(vh->log_fd); -#endif - -#if defined (LWS_WITH_TLS) - lws_free_set_NULL(vh->tls.alloc_cert_path); -#endif - -#if LWS_MAX_SMP > 1 - pthread_mutex_destroy(&vh->lock); -#endif - -#if defined(LWS_WITH_UNIX_SOCK) - if (LWS_UNIX_SOCK_ENABLED(vh)) { - n = unlink(vh->iface); - if (n) - lwsl_info("Closing unix socket %s: errno %d\n", - vh->iface, errno); - } -#endif - /* - * although async event callbacks may still come for wsi handles with - * pending close in the case of asycn event library like libuv, - * they do not refer to the vhost. So it's safe to free. - */ - - if (vh->finalize) - vh->finalize(vh, vh->finalize_arg); - -#if defined(LWS_WITH_ABSTRACT) - /* - * abstract instances - */ - - lws_dll2_foreach_safe(&vh->abstract_instances_owner, NULL, destroy_ais); -#endif - - lwsl_info(" %s: Freeing vhost %p\n", __func__, vh); - - memset(vh, 0, sizeof(*vh)); - lws_free(vh); -} - -/* - * each service thread calls this once a second or so - */ - -int -lws_check_deferred_free(struct lws_context *context, int tsi, int force) -{ - struct lws_context_per_thread *pt; - int n; - - /* - * If we see a vhost is being destroyed, forcibly close every wsi on - * this tsi associated with this vhost. That will include the listen - * socket if it is still associated with the closing vhost. - * - * For SMP, we do this once per tsi per destroyed vhost. The reference - * counting on the vhost as the bound wsi close will notice that there - * are no bound wsi left, that vhost destruction can complete, - * and perform it. It doesn't matter which service thread does that - * because there is nothing left using the vhost to conflict. - */ - - lws_context_lock(context, "check deferred free"); /* ------ context { */ - - lws_start_foreach_ll_safe(struct lws_vhost *, v, context->vhost_list, vhost_next) { - if (v->being_destroyed -#if LWS_MAX_SMP > 1 - && !v->close_flow_vs_tsi[tsi] -#endif - ) { - - pt = &context->pt[tsi]; - - lws_pt_lock(pt, "vhost removal"); /* -------------- pt { */ - -#if LWS_MAX_SMP > 1 - v->close_flow_vs_tsi[tsi] = 1; -#endif - - for (n = 0; (unsigned int)n < pt->fds_count; n++) { - struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); - if (!wsi) - continue; - if (wsi->vhost != v) - continue; - - __lws_close_free_wsi(wsi, - LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY, - "vh destroy" - /* no protocol close */); - n--; - } - - lws_pt_unlock(pt); /* } pt -------------- */ - } - } lws_end_foreach_ll_safe(v); - - - lws_context_unlock(context); /* } context ------------------- */ - - return 0; -} - - -LWS_VISIBLE void -lws_vhost_destroy(struct lws_vhost *vh) -{ - struct lws_deferred_free *df = lws_malloc(sizeof(*df), "deferred free"); - struct lws_context *context = vh->context; - - if (!df) - return; - - lws_context_lock(context, __func__); /* ------ context { */ - - lws_vhost_destroy1(vh); - - if (!vh->count_bound_wsi) { - /* - * After listen handoff, there are already no wsi bound to this - * vhost by any pt: nothing can be servicing any wsi belonging - * to it any more. - * - * Finalize the vh destruction immediately - */ - __lws_vhost_destroy2(vh); - lws_free(df); - - goto out; - } - - /* part 2 is deferred to allow all the handle closes to complete */ - - df->next = vh->context->deferred_free_list; - df->deadline = lws_now_secs(); - df->payload = vh; - vh->context->deferred_free_list = df; - -out: - lws_context_unlock(context); /* } context ------------------- */ -} - - -LWS_EXTERN void * -lws_vhost_user(struct lws_vhost *vhost) -{ - return vhost->user; -} - -LWS_VISIBLE LWS_EXTERN int -lws_get_vhost_listen_port(struct lws_vhost *vhost) -{ - return vhost->listen_port; -} - - -LWS_VISIBLE LWS_EXTERN void -lws_context_deprecate(struct lws_context *context, lws_reload_func cb) -{ - struct lws_vhost *vh = context->vhost_list, *vh1; - - /* - * "deprecation" means disable the context from accepting any new - * connections and free up listen sockets to be used by a replacement - * context. - * - * Otherwise the deprecated context remains operational, until its - * number of connected sockets falls to zero, when it is deleted. - */ - - /* for each vhost, close his listen socket */ - - while (vh) { - struct lws *wsi = vh->lserv_wsi; - - if (wsi) { - wsi->socket_is_permanently_unusable = 1; - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "ctx deprecate"); - wsi->context->deprecation_pending_listen_close_count++; - /* - * other vhosts can share the listen port, they - * point to the same wsi. So zap those too. - */ - vh1 = context->vhost_list; - while (vh1) { - if (vh1->lserv_wsi == wsi) - vh1->lserv_wsi = NULL; - vh1 = vh1->vhost_next; - } - } - vh = vh->vhost_next; - } - - context->deprecated = 1; - context->deprecation_cb = cb; -} - -#if defined(LWS_WITH_NETWORK) -struct lws_vhost * -lws_get_vhost_by_name(struct lws_context *context, const char *name) -{ - lws_start_foreach_ll(struct lws_vhost *, v, - context->vhost_list) { - if (!strcmp(v->name, name)) - return v; - - } lws_end_foreach_ll(v, vhost_next); - - return NULL; -} -#endif diff --git a/lib/core-net/wsi-timeout.c b/lib/core-net/wsi-timeout.c deleted file mode 100644 index 4dfb1e8..0000000 --- a/lib/core-net/wsi-timeout.c +++ /dev/null @@ -1,269 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -void -__lws_wsi_remove_from_sul(struct lws *wsi) -{ - //struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - //lwsl_notice("%s: wsi %p, to %p, hr %p\n", __func__, wsi, - // &wsi->sul_timeout.list, &wsi->sul_hrtimer.list); - - // lws_dll2_describe(&pt->pt_sul_owner, "pre-remove"); - lws_dll2_remove(&wsi->sul_timeout.list); - lws_dll2_remove(&wsi->sul_hrtimer.list); - // lws_dll2_describe(&pt->pt_sul_owner, "post-remove"); -} - -/* - * hrtimer - */ - -static void -lws_sul_hrtimer_cb(lws_sorted_usec_list_t *sul) -{ - struct lws *wsi = lws_container_of(sul, struct lws, sul_hrtimer); - - if (wsi->protocol && - wsi->protocol->callback(wsi, LWS_CALLBACK_TIMER, - wsi->user_space, NULL, 0)) - __lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "hrtimer cb errored"); -} - -void -__lws_set_timer_usecs(struct lws *wsi, lws_usec_t us) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - wsi->sul_hrtimer.cb = lws_sul_hrtimer_cb; - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_hrtimer, us); -} - -LWS_VISIBLE void -lws_set_timer_usecs(struct lws *wsi, lws_usec_t usecs) -{ - __lws_set_timer_usecs(wsi, usecs); -} - -/* - * wsi timeout - */ - -static void -lws_sul_wsitimeout_cb(lws_sorted_usec_list_t *sul) -{ - struct lws *wsi = lws_container_of(sul, struct lws, sul_timeout); - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - if (wsi->pending_timeout != PENDING_TIMEOUT_USER_OK) - lws_stats_bump(pt, LWSSTATS_C_TIMEOUTS, 1); - - /* no need to log normal idle keepalive timeout */ -// if (wsi->pending_timeout != PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE) -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (wsi->pending_timeout != PENDING_TIMEOUT_USER_OK) - lwsl_info("wsi %p: TIMEDOUT WAITING on %d " - "(did hdr %d, ah %p, wl %d)\n", - (void *)wsi, wsi->pending_timeout, - wsi->hdr_parsing_completed, wsi->http.ah, - pt->http.ah_wait_list_length); -#if defined(LWS_WITH_CGI) - if (wsi->http.cgi) - lwsl_notice("CGI timeout: %s\n", wsi->http.cgi->summary); -#endif -#else - if (wsi->pending_timeout != PENDING_TIMEOUT_USER_OK) - lwsl_info("wsi %p: TIMEDOUT WAITING on %d ", (void *)wsi, - wsi->pending_timeout); -#endif - /* cgi timeout */ - if (wsi->pending_timeout != PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE) - /* - * Since he failed a timeout, he already had a chance to - * do something and was unable to... that includes - * situations like half closed connections. So process - * this "failed timeout" close as a violent death and - * don't try to do protocol cleanup like flush partials. - */ - wsi->socket_is_permanently_unusable = 1; -#if !defined(LWS_NO_CLIENT) - if (lwsi_state(wsi) == LRS_WAITING_SSL) - lws_inform_client_conn_fail(wsi, - (void *)"Timed out waiting SSL", 21); -#endif - - __lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "timeout"); -} - -void -__lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - wsi->sul_timeout.cb = lws_sul_wsitimeout_cb; - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_timeout, - ((lws_usec_t)secs) * LWS_US_PER_SEC); - - lwsl_debug("%s: %p: %d secs, reason %d\n", __func__, wsi, secs, reason); - - wsi->pending_timeout = reason; -} - -void -lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - lws_dll2_remove(&wsi->sul_timeout.list); - lws_pt_unlock(pt); - - if (!secs) - return; - - if (secs == LWS_TO_KILL_SYNC) { - lwsl_debug("synchronously killing %p\n", wsi); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "to sync kill"); - return; - } - - if (secs == LWS_TO_KILL_ASYNC) - secs = 0; - - lws_pt_lock(pt, __func__); - __lws_set_timeout(wsi, reason, secs); - lws_pt_unlock(pt); -} - -void -lws_set_timeout_us(struct lws *wsi, enum pending_timeout reason, lws_usec_t us) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - lws_dll2_remove(&wsi->sul_timeout.list); - lws_pt_unlock(pt); - - if (!us) - return; - - lws_pt_lock(pt, __func__); - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_timeout, us); - - lwsl_notice("%s: %p: %llu us, reason %d\n", __func__, wsi, - (unsigned long long)us, reason); - - wsi->pending_timeout = reason; - lws_pt_unlock(pt); -} - -/* requires context + vh lock */ - -int -__lws_timed_callback_remove(struct lws_vhost *vh, struct lws_timed_vh_protocol *p) -{ - lws_start_foreach_llp_safe(struct lws_timed_vh_protocol **, pt, - vh->timed_vh_protocol_list, next) { - if (*pt == p) { - *pt = p->next; - lws_dll2_remove(&p->sul.list); - lws_free(p); - - return 0; - } - } lws_end_foreach_llp_safe(pt); - - return 1; -} - -void -lws_sul_timed_callback_vh_protocol_cb(lws_sorted_usec_list_t *sul) -{ - struct lws_timed_vh_protocol *tvp = lws_container_of(sul, - struct lws_timed_vh_protocol, sul); - struct lws_context_per_thread *pt = - &tvp->vhost->context->pt[tvp->tsi_req]; - - pt->fake_wsi->context = tvp->vhost->context; - - pt->fake_wsi->vhost = tvp->vhost; /* not a real bound wsi */ - pt->fake_wsi->protocol = tvp->protocol; - - lwsl_debug("%s: timed cb: vh %s, protocol %s, reason %d\n", __func__, - tvp->vhost->name, tvp->protocol->name, tvp->reason); - - tvp->protocol->callback(pt->fake_wsi, tvp->reason, NULL, NULL, 0); - - __lws_timed_callback_remove(tvp->vhost, tvp); -} - -LWS_VISIBLE LWS_EXTERN int -lws_timed_callback_vh_protocol_us(struct lws_vhost *vh, - const struct lws_protocols *prot, int reason, - lws_usec_t us) -{ - struct lws_timed_vh_protocol *p = (struct lws_timed_vh_protocol *) - lws_malloc(sizeof(*p), "timed_vh"); - - if (!p) - return 1; - - memset(p, 0, sizeof(*p)); - - p->tsi_req = lws_pthread_self_to_tsi(vh->context); - if (p->tsi_req < 0) /* not called from a service thread --> tsi 0 */ - p->tsi_req = 0; - - lws_context_lock(vh->context, __func__); /* context ----------------- */ - - p->protocol = prot; - p->reason = reason; - p->vhost = vh; - - p->sul.cb = lws_sul_timed_callback_vh_protocol_cb; - /* list is always at the very top of the sul */ - __lws_sul_insert(&vh->context->pt[p->tsi_req].pt_sul_owner, - (lws_sorted_usec_list_t *)&p->sul.list, us); - - // lwsl_notice("%s: %s.%s %d\n", __func__, vh->name, prot->name, secs); - - lws_vhost_lock(vh); /* vhost ---------------------------------------- */ - p->next = vh->timed_vh_protocol_list; - vh->timed_vh_protocol_list = p; - lws_vhost_unlock(vh); /* -------------------------------------- vhost */ - - lws_context_unlock(vh->context); /* ------------------------- context */ - - return 0; -} - -LWS_VISIBLE LWS_EXTERN int -lws_timed_callback_vh_protocol(struct lws_vhost *vh, - const struct lws_protocols *prot, int reason, - int secs) -{ - return lws_timed_callback_vh_protocol_us(vh, prot, reason, - ((lws_usec_t)secs) * LWS_US_PER_SEC); -} diff --git a/lib/core-net/wsi.c b/lib/core-net/wsi.c deleted file mode 100644 index 3968f62..0000000 --- a/lib/core-net/wsi.c +++ /dev/null @@ -1,887 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#if defined (_DEBUG) -void lwsi_set_role(struct lws *wsi, lws_wsi_state_t role) -{ - wsi->wsistate = (wsi->wsistate & (~LWSI_ROLE_MASK)) | role; - - lwsl_debug("lwsi_set_role(%p, 0x%lx)\n", wsi, - (unsigned long)wsi->wsistate); -} - -void lwsi_set_state(struct lws *wsi, lws_wsi_state_t lrs) -{ - wsi->wsistate = (wsi->wsistate & (~LRS_MASK)) | lrs; - - lwsl_debug("lwsi_set_state(%p, 0x%lx)\n", wsi, - (unsigned long)wsi->wsistate); -} -#endif - - -void -lws_vhost_bind_wsi(struct lws_vhost *vh, struct lws *wsi) -{ - if (wsi->vhost == vh) - return; - lws_context_lock(vh->context, __func__); /* ---------- context { */ - wsi->vhost = vh; - vh->count_bound_wsi++; - lws_context_unlock(vh->context); /* } context ---------- */ - lwsl_info("%s: vh %s: count_bound_wsi %d\n", - __func__, vh->name, vh->count_bound_wsi); - assert(wsi->vhost->count_bound_wsi > 0); -} - -void -lws_vhost_unbind_wsi(struct lws *wsi) -{ - if (!wsi->vhost) - return; - - lws_context_lock(wsi->context, __func__); /* ---------- context { */ - - assert(wsi->vhost->count_bound_wsi > 0); - wsi->vhost->count_bound_wsi--; - lwsl_info("%s: vh %s: count_bound_wsi %d\n", __func__, - wsi->vhost->name, wsi->vhost->count_bound_wsi); - - if (!wsi->vhost->count_bound_wsi && - wsi->vhost->being_destroyed) { - /* - * We have closed all wsi that were bound to this vhost - * by any pt: nothing can be servicing any wsi belonging - * to it any more. - * - * Finalize the vh destruction - */ - __lws_vhost_destroy2(wsi->vhost); - } - wsi->vhost = NULL; - - lws_context_unlock(wsi->context); /* } context ---------- */ -} - -LWS_VISIBLE struct lws * -lws_get_network_wsi(struct lws *wsi) -{ - if (!wsi) - return NULL; - -#if defined(LWS_WITH_HTTP2) - if (!wsi->http2_substream -#if !defined(LWS_NO_CLIENT) - && !wsi->client_h2_substream -#endif - ) - return wsi; - - while (wsi->h2.parent_wsi) - wsi = wsi->h2.parent_wsi; -#endif - - return wsi; -} - - -LWS_VISIBLE LWS_EXTERN const struct lws_protocols * -lws_vhost_name_to_protocol(struct lws_vhost *vh, const char *name) -{ - int n; - - for (n = 0; n < vh->count_protocols; n++) - if (vh->protocols[n].name && !strcmp(name, vh->protocols[n].name)) - return &vh->protocols[n]; - - return NULL; -} - -LWS_VISIBLE int -lws_callback_all_protocol(struct lws_context *context, - const struct lws_protocols *protocol, int reason) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - unsigned int n, m = context->count_threads; - struct lws *wsi; - - while (m--) { - for (n = 0; n < pt->fds_count; n++) { - wsi = wsi_from_fd(context, pt->fds[n].fd); - if (!wsi) - continue; - if (wsi->protocol == protocol) - protocol->callback(wsi, reason, wsi->user_space, - NULL, 0); - } - pt++; - } - - return 0; -} - -LWS_VISIBLE int -lws_callback_all_protocol_vhost_args(struct lws_vhost *vh, - const struct lws_protocols *protocol, int reason, - void *argp, size_t len) -{ - struct lws_context *context = vh->context; - struct lws_context_per_thread *pt = &context->pt[0]; - unsigned int n, m = context->count_threads; - struct lws *wsi; - - while (m--) { - for (n = 0; n < pt->fds_count; n++) { - wsi = wsi_from_fd(context, pt->fds[n].fd); - if (!wsi) - continue; - if (wsi->vhost == vh && (wsi->protocol == protocol || - !protocol)) - wsi->protocol->callback(wsi, reason, - wsi->user_space, argp, len); - } - pt++; - } - - return 0; -} - -LWS_VISIBLE int -lws_callback_all_protocol_vhost(struct lws_vhost *vh, - const struct lws_protocols *protocol, int reason) -{ - return lws_callback_all_protocol_vhost_args(vh, protocol, reason, NULL, 0); -} - -LWS_VISIBLE LWS_EXTERN int -lws_callback_vhost_protocols(struct lws *wsi, int reason, void *in, int len) -{ - int n; - - for (n = 0; n < wsi->vhost->count_protocols; n++) - if (wsi->vhost->protocols[n].callback(wsi, reason, NULL, in, len)) - return 1; - - return 0; -} - -LWS_VISIBLE LWS_EXTERN int -lws_callback_vhost_protocols_vhost(struct lws_vhost *vh, int reason, void *in, - size_t len) -{ - int n; - struct lws *wsi = lws_zalloc(sizeof(*wsi), "fake wsi"); - - if (!wsi) - return 1; - - wsi->context = vh->context; - lws_vhost_bind_wsi(vh, wsi); - - for (n = 0; n < wsi->vhost->count_protocols; n++) { - wsi->protocol = &vh->protocols[n]; - if (wsi->protocol->callback(wsi, reason, NULL, in, len)) { - lws_free(wsi); - return 1; - } - } - - lws_free(wsi); - - return 0; -} - - -LWS_VISIBLE int -lws_rx_flow_control(struct lws *wsi, int _enable) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int en = _enable; - - // h2 ignores rx flow control atm - if (lwsi_role_h2(wsi) || wsi->http2_substream || - lwsi_role_h2_ENCAPSULATION(wsi)) - return 0; // !!! - - lwsl_info("%s: %p 0x%x\n", __func__, wsi, _enable); - - if (!(_enable & LWS_RXFLOW_REASON_APPLIES)) { - /* - * convert user bool style to bitmap style... in user simple - * bool style _enable = 0 = flow control it, = 1 = allow rx - */ - en = LWS_RXFLOW_REASON_APPLIES | LWS_RXFLOW_REASON_USER_BOOL; - if (_enable & 1) - en |= LWS_RXFLOW_REASON_APPLIES_ENABLE_BIT; - } - - lws_pt_lock(pt, __func__); - - /* any bit set in rxflow_bitmap DISABLEs rxflow control */ - if (en & LWS_RXFLOW_REASON_APPLIES_ENABLE_BIT) - wsi->rxflow_bitmap &= ~(en & 0xff); - else - wsi->rxflow_bitmap |= en & 0xff; - - if ((LWS_RXFLOW_PENDING_CHANGE | (!wsi->rxflow_bitmap)) == - wsi->rxflow_change_to) - goto skip; - - wsi->rxflow_change_to = LWS_RXFLOW_PENDING_CHANGE | - (!wsi->rxflow_bitmap); - - lwsl_info("%s: %p: bitmap 0x%x: en 0x%x, ch 0x%x\n", __func__, wsi, - wsi->rxflow_bitmap, en, wsi->rxflow_change_to); - - if (_enable & LWS_RXFLOW_REASON_FLAG_PROCESS_NOW || - !wsi->rxflow_will_be_applied) { - en = __lws_rx_flow_control(wsi); - lws_pt_unlock(pt); - - return en; - } - -skip: - lws_pt_unlock(pt); - - return 0; -} - -LWS_VISIBLE void -lws_rx_flow_allow_all_protocol(const struct lws_context *context, - const struct lws_protocols *protocol) -{ - const struct lws_context_per_thread *pt = &context->pt[0]; - struct lws *wsi; - unsigned int n, m = context->count_threads; - - while (m--) { - for (n = 0; n < pt->fds_count; n++) { - wsi = wsi_from_fd(context, pt->fds[n].fd); - if (!wsi) - continue; - if (wsi->protocol == protocol) - lws_rx_flow_control(wsi, LWS_RXFLOW_ALLOW); - } - pt++; - } -} - -int user_callback_handle_rxflow(lws_callback_function callback_function, - struct lws *wsi, - enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - int n; - - wsi->rxflow_will_be_applied = 1; - n = callback_function(wsi, reason, user, in, len); - wsi->rxflow_will_be_applied = 0; - if (!n) - n = __lws_rx_flow_control(wsi); - - return n; -} - -LWS_EXTERN int -__lws_rx_flow_control(struct lws *wsi) -{ - struct lws *wsic = wsi->child_list; - - // h2 ignores rx flow control atm - if (lwsi_role_h2(wsi) || wsi->http2_substream || - lwsi_role_h2_ENCAPSULATION(wsi)) - return 0; // !!! - - /* if he has children, do those if they were changed */ - while (wsic) { - if (wsic->rxflow_change_to & LWS_RXFLOW_PENDING_CHANGE) - __lws_rx_flow_control(wsic); - - wsic = wsic->sibling_list; - } - - /* there is no pending change */ - if (!(wsi->rxflow_change_to & LWS_RXFLOW_PENDING_CHANGE)) - return 0; - - /* stuff is still buffered, not ready to really accept new input */ - if (lws_buflist_next_segment_len(&wsi->buflist, NULL)) { - /* get ourselves called back to deal with stashed buffer */ - lws_callback_on_writable(wsi); - // return 0; - } - - /* now the pending is cleared, we can change rxflow state */ - - wsi->rxflow_change_to &= ~LWS_RXFLOW_PENDING_CHANGE; - - lwsl_info("rxflow: wsi %p change_to %d\n", wsi, - wsi->rxflow_change_to & LWS_RXFLOW_ALLOW); - - /* adjust the pollfd for this wsi */ - - if (wsi->rxflow_change_to & LWS_RXFLOW_ALLOW) { - lwsl_info("%s: reenable POLLIN\n", __func__); - // lws_buflist_describe(&wsi->buflist, NULL); - if (__lws_change_pollfd(wsi, 0, LWS_POLLIN)) { - lwsl_info("%s: fail\n", __func__); - return -1; - } - } else - if (__lws_change_pollfd(wsi, LWS_POLLIN, 0)) - return -1; - - return 0; -} - - -LWS_VISIBLE const struct lws_protocols * -lws_get_protocol(struct lws *wsi) -{ - return wsi->protocol; -} - - -int -lws_ensure_user_space(struct lws *wsi) -{ - if (!wsi->protocol) - return 0; - - /* allocate the per-connection user memory (if any) */ - - if (wsi->protocol->per_session_data_size && !wsi->user_space) { - wsi->user_space = lws_zalloc( - wsi->protocol->per_session_data_size, "user space"); - if (wsi->user_space == NULL) { - lwsl_err("%s: OOM\n", __func__); - return 1; - } - } else - lwsl_debug("%s: %p protocol pss %lu, user_space=%p\n", __func__, - wsi, (long)wsi->protocol->per_session_data_size, - wsi->user_space); - return 0; -} - -LWS_VISIBLE void * -lws_adjust_protocol_psds(struct lws *wsi, size_t new_size) -{ - ((struct lws_protocols *)lws_get_protocol(wsi))->per_session_data_size = - new_size; - - if (lws_ensure_user_space(wsi)) - return NULL; - - return wsi->user_space; -} - - - -LWS_VISIBLE int -lws_is_ssl(struct lws *wsi) -{ -#if defined(LWS_WITH_TLS) - return wsi->tls.use_ssl & LCCSCF_USE_SSL; -#else - (void)wsi; - return 0; -#endif -} - -#if defined(LWS_WITH_TLS) && !defined(LWS_WITH_MBEDTLS) -LWS_VISIBLE lws_tls_conn* -lws_get_ssl(struct lws *wsi) -{ - return wsi->tls.ssl; -} -#endif - -LWS_VISIBLE int -lws_partial_buffered(struct lws *wsi) -{ - return lws_has_buffered_out(wsi); -} - -LWS_VISIBLE lws_fileofs_t -lws_get_peer_write_allowance(struct lws *wsi) -{ - if (!wsi->role_ops->tx_credit) - return -1; - return wsi->role_ops->tx_credit(wsi); -} - -LWS_VISIBLE void -lws_role_transition(struct lws *wsi, enum lwsi_role role, enum lwsi_state state, - const struct lws_role_ops *ops) -{ -#if defined(_DEBUG) - const char *name = "(unset)"; -#endif - wsi->wsistate = role | state; - if (ops) - wsi->role_ops = ops; -#if defined(_DEBUG) - if (wsi->role_ops) - name = wsi->role_ops->name; - lwsl_debug("%s: %p: wsistate 0x%lx, ops %s\n", __func__, wsi, - (unsigned long)wsi->wsistate, name); -#endif -} - -LWS_VISIBLE LWS_EXTERN int -lws_parse_uri(char *p, const char **prot, const char **ads, int *port, - const char **path) -{ - const char *end; - char unix_skt = 0; - - /* cut up the location into address, port and path */ - *prot = p; - while (*p && (*p != ':' || p[1] != '/' || p[2] != '/')) - p++; - if (!*p) { - end = p; - p = (char *)*prot; - *prot = end; - } else { - *p = '\0'; - p += 3; - } - if (*p == '+') /* unix skt */ - unix_skt = 1; - - *ads = p; - if (!strcmp(*prot, "http") || !strcmp(*prot, "ws")) - *port = 80; - else if (!strcmp(*prot, "https") || !strcmp(*prot, "wss")) - *port = 443; - - if (*p == '[') { - ++(*ads); - while (*p && *p != ']') - p++; - if (*p) - *p++ = '\0'; - } else - while (*p && *p != ':' && (unix_skt || *p != '/')) - p++; - - if (*p == ':') { - *p++ = '\0'; - *port = atoi(p); - while (*p && *p != '/') - p++; - } - *path = "/"; - if (*p) { - *p++ = '\0'; - if (*p) - *path = p; - } - - return 0; -} - -/* ... */ - -LWS_VISIBLE LWS_EXTERN const char * -lws_get_urlarg_by_name(struct lws *wsi, const char *name, char *buf, int len) -{ - int n = 0, sl = (int)strlen(name); - - while (lws_hdr_copy_fragment(wsi, buf, len, - WSI_TOKEN_HTTP_URI_ARGS, n) >= 0) { - - if (!strncmp(buf, name, sl)) - return buf + sl; - - n++; - } - - return NULL; -} - - -#if defined(LWS_WITHOUT_EXTENSIONS) - -/* we need to provide dummy callbacks for internal exts - * so user code runs when faced with a lib compiled with - * extensions disabled. - */ - -LWS_VISIBLE int -lws_extension_callback_pm_deflate(struct lws_context *context, - const struct lws_extension *ext, - struct lws *wsi, - enum lws_extension_callback_reasons reason, - void *user, void *in, size_t len) -{ - (void)context; - (void)ext; - (void)wsi; - (void)reason; - (void)user; - (void)in; - (void)len; - - return 0; -} - -LWS_EXTERN int -lws_set_extension_option(struct lws *wsi, const char *ext_name, - const char *opt_name, const char *opt_val) -{ - return -1; -} -#endif - -LWS_VISIBLE LWS_EXTERN int -lws_is_cgi(struct lws *wsi) { -#ifdef LWS_WITH_CGI - return !!wsi->http.cgi; -#else - return 0; -#endif -} - -const struct lws_protocol_vhost_options * -lws_pvo_search(const struct lws_protocol_vhost_options *pvo, const char *name) -{ - while (pvo) { - if (!strcmp(pvo->name, name)) - break; - - pvo = pvo->next; - } - - return pvo; -} - -int -lws_pvo_get_str(void *in, const char *name, const char **result) -{ - const struct lws_protocol_vhost_options *pv = - lws_pvo_search((const struct lws_protocol_vhost_options *)in, - name); - - if (!pv) - return 1; - - *result = (const char *)pv->value; - - return 0; -} - -int -lws_broadcast(struct lws_context_per_thread *pt, int reason, void *in, size_t len) -{ - struct lws_vhost *v = pt->context->vhost_list; - int n, ret = 0; - - pt->fake_wsi->context = pt->context; - - while (v) { - const struct lws_protocols *p = v->protocols; - pt->fake_wsi->vhost = v; /* not a real bound wsi */ - - for (n = 0; n < v->count_protocols; n++) { - pt->fake_wsi->protocol = p; - if (p->callback && - p->callback(pt->fake_wsi, reason, NULL, in, len)) - ret |= 1; - p++; - } - v = v->vhost_next; - } - - return ret; -} - -LWS_VISIBLE LWS_EXTERN void * -lws_wsi_user(struct lws *wsi) -{ - return wsi->user_space; -} - -LWS_VISIBLE LWS_EXTERN void -lws_set_wsi_user(struct lws *wsi, void *data) -{ - if (wsi->user_space_externally_allocated) - wsi->user_space = data; - else - lwsl_err("%s: Cannot set internally-allocated user_space\n", - __func__); -} - -LWS_VISIBLE LWS_EXTERN struct lws * -lws_get_parent(const struct lws *wsi) -{ - return wsi->parent; -} - -LWS_VISIBLE LWS_EXTERN struct lws * -lws_get_child(const struct lws *wsi) -{ - return wsi->child_list; -} - -LWS_VISIBLE LWS_EXTERN void * -lws_get_opaque_parent_data(const struct lws *wsi) -{ - return wsi->opaque_parent_data; -} - -LWS_VISIBLE LWS_EXTERN void -lws_set_opaque_parent_data(struct lws *wsi, void *data) -{ - wsi->opaque_parent_data = data; -} - -LWS_VISIBLE LWS_EXTERN void * -lws_get_opaque_user_data(const struct lws *wsi) -{ - return wsi->opaque_user_data; -} - -LWS_VISIBLE LWS_EXTERN void -lws_set_opaque_user_data(struct lws *wsi, void *data) -{ - wsi->opaque_user_data = data; -} - -LWS_VISIBLE LWS_EXTERN int -lws_get_child_pending_on_writable(const struct lws *wsi) -{ - return wsi->parent_pending_cb_on_writable; -} - -LWS_VISIBLE LWS_EXTERN void -lws_clear_child_pending_on_writable(struct lws *wsi) -{ - wsi->parent_pending_cb_on_writable = 0; -} - - - -LWS_VISIBLE LWS_EXTERN const char * -lws_get_vhost_name(struct lws_vhost *vhost) -{ - return vhost->name; -} - -LWS_VISIBLE LWS_EXTERN int -lws_get_vhost_port(struct lws_vhost *vhost) -{ - return vhost->listen_port; -} - -LWS_VISIBLE LWS_EXTERN void * -lws_get_vhost_user(struct lws_vhost *vhost) -{ - return vhost->user; -} - -LWS_VISIBLE LWS_EXTERN const char * -lws_get_vhost_iface(struct lws_vhost *vhost) -{ - return vhost->iface; -} - -LWS_VISIBLE lws_sockfd_type -lws_get_socket_fd(struct lws *wsi) -{ - if (!wsi) - return -1; - return wsi->desc.sockfd; -} - - -LWS_VISIBLE struct lws_vhost * -lws_vhost_get(struct lws *wsi) -{ - return wsi->vhost; -} - -LWS_VISIBLE struct lws_vhost * -lws_get_vhost(struct lws *wsi) -{ - return wsi->vhost; -} - -LWS_VISIBLE const struct lws_protocols * -lws_protocol_get(struct lws *wsi) -{ - return wsi->protocol; -} - -LWS_VISIBLE const struct lws_udp * -lws_get_udp(const struct lws *wsi) -{ - return wsi->udp; -} - -LWS_VISIBLE LWS_EXTERN struct lws_context * -lws_get_context(const struct lws *wsi) -{ - return wsi->context; -} - -#ifdef LWS_LATENCY -void -lws_latency(struct lws_context *context, struct lws *wsi, const char *action, - int ret, int completed) -{ - unsigned long long u; - char buf[256]; - - u = lws_now_usecs(); - - if (!action) { - wsi->latency_start = u; - if (!wsi->action_start) - wsi->action_start = u; - return; - } - if (completed) { - if (wsi->action_start == wsi->latency_start) - sprintf(buf, - "Completion first try lat %lluus: %p: ret %d: %s\n", - u - wsi->latency_start, - (void *)wsi, ret, action); - else - sprintf(buf, - "Completion %lluus: lat %lluus: %p: ret %d: %s\n", - u - wsi->action_start, - u - wsi->latency_start, - (void *)wsi, ret, action); - wsi->action_start = 0; - } else - sprintf(buf, "lat %lluus: %p: ret %d: %s\n", - u - wsi->latency_start, (void *)wsi, ret, action); - - if (u - wsi->latency_start > context->worst_latency) { - context->worst_latency = u - wsi->latency_start; - strcpy(context->worst_latency_info, buf); - } - lwsl_latency("%s", buf); -} -#endif - -LWS_VISIBLE int LWS_WARN_UNUSED_RESULT -lws_raw_transaction_completed(struct lws *wsi) -{ - if (lws_has_buffered_out(wsi)) { - /* - * ...so he tried to send something large, but it went out - * as a partial, but he immediately called us to say he wants - * to close the connection. - * - * Defer the close until the last part of the partial is sent. - * - */ - lwsl_debug("%s: %p: deferring due to partial\n", __func__, wsi); - wsi->close_when_buffered_out_drained = 1; - lws_callback_on_writable(wsi); - - return 0; - } - - return -1; -} - -int -lws_bind_protocol(struct lws *wsi, const struct lws_protocols *p, - const char *reason) -{ -// if (wsi->protocol == p) -// return 0; - const struct lws_protocols *vp = wsi->vhost->protocols, *vpo; - - if (wsi->protocol && wsi->protocol_bind_balance) { - wsi->protocol->callback(wsi, - wsi->role_ops->protocol_unbind_cb[!!lwsi_role_server(wsi)], - wsi->user_space, (void *)reason, 0); - wsi->protocol_bind_balance = 0; - } - if (!wsi->user_space_externally_allocated) - lws_free_set_NULL(wsi->user_space); - - lws_same_vh_protocol_remove(wsi); - - wsi->protocol = p; - if (!p) - return 0; - - if (lws_ensure_user_space(wsi)) - return 1; - - if (p > vp && p < &vp[wsi->vhost->count_protocols]) - lws_same_vh_protocol_insert(wsi, (int)(p - vp)); - else { - int n = wsi->vhost->count_protocols; - int hit = 0; - - vpo = vp; - - while (n--) { - if (p->name && vp->name && !strcmp(p->name, vp->name)) { - hit = 1; - lws_same_vh_protocol_insert(wsi, (int)(vp - vpo)); - break; - } - vp++; - } - if (!hit) - lwsl_err("%s: %p is not in vhost '%s' protocols list\n", - __func__, p, wsi->vhost->name); - } - - if (wsi->protocol->callback(wsi, wsi->role_ops->protocol_bind_cb[ - !!lwsi_role_server(wsi)], - wsi->user_space, NULL, 0)) - return 1; - - wsi->protocol_bind_balance = 1; - - return 0; -} - -int -lws_http_mark_sse(struct lws *wsi) -{ - lws_http_headers_detach(wsi); - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - if (wsi->http2_substream) { - struct lws *nwsi = lws_get_network_wsi(wsi); - - wsi->h2_stream_carries_sse = 1; - nwsi->immortal_substream_count++; - if (nwsi->immortal_substream_count == 1) - lws_set_timeout(nwsi, NO_PENDING_TIMEOUT, 0); - } - - return 0; -} diff --git a/lib/core/alloc.c b/lib/core/alloc.c deleted file mode 100644 index 09d8882..0000000 --- a/lib/core/alloc.c +++ /dev/null @@ -1,156 +0,0 @@ -#include "core/private.h" - -#if defined(LWS_HAVE_MALLOC_USABLE_SIZE) - -#include - -/* the heap is processwide */ -static size_t allocated; -#endif - -#if defined(LWS_PLAT_OPTEE) - -#define TEE_USER_MEM_HINT_NO_FILL_ZERO 0x80000000 -#if defined (LWS_WITH_NETWORK) - -/* normal TA apis */ - -void *__attribute__((weak)) - TEE_Malloc(uint32_t size, uint32_t hint) -{ - return NULL; -} -void *__attribute__((weak)) - TEE_Realloc(void *buffer, uint32_t newSize) -{ - return NULL; -} -void __attribute__((weak)) - TEE_Free(void *buffer) -{ -} -#else - -/* in-OP-TEE core apis */ - -void * - TEE_Malloc(uint32_t size, uint32_t hint) -{ - return malloc(size); -} -void * - TEE_Realloc(void *buffer, uint32_t newSize) -{ - return realloc(buffer, newSize); -} -void - TEE_Free(void *buffer) -{ - free(buffer); -} - -#endif - -void *lws_realloc(void *ptr, size_t size, const char *reason) -{ - return TEE_Realloc(ptr, size); -} - -void *lws_malloc(size_t size, const char *reason) -{ - return TEE_Malloc(size, TEE_USER_MEM_HINT_NO_FILL_ZERO); -} - -void lws_free(void *p) -{ - TEE_Free(p); -} - -void *lws_zalloc(size_t size, const char *reason) -{ - void *ptr = TEE_Malloc(size, TEE_USER_MEM_HINT_NO_FILL_ZERO); - if (ptr) - memset(ptr, 0, size); - return ptr; -} - -void lws_set_allocator(void *(*cb)(void *ptr, size_t size, const char *reason)) -{ - (void)cb; -} -#else - -static void * -_realloc(void *ptr, size_t size, const char *reason) -{ - void *v; - - if (size) { -#if defined(LWS_WITH_ESP32) - lwsl_notice("%s: size %lu: %s (free heap %d)\n", __func__, -#if defined(LWS_AMAZON_RTOS) - (unsigned long)size, reason, (unsigned int)xPortGetFreeHeapSize() - (int)size); -#else - (unsigned long)size, reason, (unsigned int)esp_get_free_heap_size() - (int)size); -#endif -#else - lwsl_debug("%s: size %lu: %s\n", __func__, - (unsigned long)size, reason); -#endif - -#if defined(LWS_HAVE_MALLOC_USABLE_SIZE) - if (ptr) - allocated -= malloc_usable_size(ptr); -#endif - -#if defined(LWS_PLAT_OPTEE) - v = (void *)TEE_Realloc(ptr, size); -#else - v = (void *)realloc(ptr, size); -#endif -#if defined(LWS_HAVE_MALLOC_USABLE_SIZE) - allocated += malloc_usable_size(v); -#endif - return v; - } - if (ptr) { -#if defined(LWS_HAVE_MALLOC_USABLE_SIZE) - allocated -= malloc_usable_size(ptr); -#endif - free(ptr); - } - - return NULL; -} - -void *(*_lws_realloc)(void *ptr, size_t size, const char *reason) = _realloc; - -void *lws_realloc(void *ptr, size_t size, const char *reason) -{ - return _lws_realloc(ptr, size, reason); -} - -void *lws_zalloc(size_t size, const char *reason) -{ - void *ptr = _lws_realloc(NULL, size, reason); - - if (ptr) - memset(ptr, 0, size); - - return ptr; -} - -void lws_set_allocator(void *(*cb)(void *ptr, size_t size, const char *reason)) -{ - _lws_realloc = cb; -} - -size_t lws_get_allocated_heap(void) -{ -#if defined(LWS_HAVE_MALLOC_USABLE_SIZE) - return allocated; -#else - return 0; -#endif -} -#endif diff --git a/lib/core/buflist.c b/lib/core/buflist.c deleted file mode 100644 index 75c156f..0000000 --- a/lib/core/buflist.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifdef LWS_HAVE_SYS_TYPES_H -#include -#endif - -/* lws_buflist */ - -int -lws_buflist_append_segment(struct lws_buflist **head, const uint8_t *buf, - size_t len) -{ - struct lws_buflist *nbuf; - int first = !*head; - void *p = *head; - int sanity = 1024; - - assert(buf); - assert(len); - - /* append at the tail */ - while (*head) { - if (!--sanity) { - lwsl_err("%s: buflist reached sanity limit\n", __func__); - return -1; - } - if (*head == (*head)->next) { - lwsl_err("%s: corrupt list points to self\n", __func__); - return -1; - } - head = &((*head)->next); - } - - (void)p; - lwsl_info("%s: len %u first %d %p\n", __func__, (unsigned int)len, - first, p); - - nbuf = (struct lws_buflist *)lws_malloc(sizeof(**head) + len, __func__); - if (!nbuf) { - lwsl_err("%s: OOM\n", __func__); - return -1; - } - - nbuf->len = len; - nbuf->pos = 0; - nbuf->next = NULL; - - p = (void *)nbuf->buf; - memcpy(p, buf, len); - - *head = nbuf; - - return first; /* returns 1 if first segment just created */ -} - -static int -lws_buflist_destroy_segment(struct lws_buflist **head) -{ - struct lws_buflist *old = *head; - - assert(*head); - *head = old->next; - old->next = NULL; - lws_free(old); - - return !*head; /* returns 1 if last segment just destroyed */ -} - -void -lws_buflist_destroy_all_segments(struct lws_buflist **head) -{ - struct lws_buflist *p = *head, *p1; - - while (p) { - p1 = p->next; - p->next = NULL; - lws_free(p); - p = p1; - } - - *head = NULL; -} - -size_t -lws_buflist_next_segment_len(struct lws_buflist **head, uint8_t **buf) -{ - if (!*head) { - if (buf) - *buf = NULL; - - return 0; - } - - if (!(*head)->len && (*head)->next) - lws_buflist_destroy_segment(head); - - if (!*head) { - if (buf) - *buf = NULL; - - return 0; - } - - assert((*head)->pos < (*head)->len); - - if (buf) - *buf = (*head)->buf + (*head)->pos; - - return (*head)->len - (*head)->pos; -} - -int -lws_buflist_use_segment(struct lws_buflist **head, size_t len) -{ - assert(*head); - assert(len); - assert((*head)->pos + len <= (*head)->len); - - (*head)->pos += len; - if ((*head)->pos == (*head)->len) - lws_buflist_destroy_segment(head); - - if (!*head) - return 0; - - return (int)((*head)->len - (*head)->pos); -} - -void -lws_buflist_describe(struct lws_buflist **head, void *id) -{ - struct lws_buflist *old; - int n = 0; - - if (*head == NULL) - lwsl_notice("%p: buflist empty\n", id); - - while (*head) { - lwsl_notice("%p: %d: %llu / %llu (%llu left)\n", id, n, - (unsigned long long)(*head)->pos, - (unsigned long long)(*head)->len, - (unsigned long long)(*head)->len - (*head)->pos); - old = *head; - head = &((*head)->next); - if (*head == old) { - lwsl_err("%s: next points to self\n", __func__); - break; - } - n++; - } -} diff --git a/lib/core/context.c b/lib/core/context.c deleted file mode 100644 index 38aaf3b..0000000 --- a/lib/core/context.c +++ /dev/null @@ -1,880 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifndef LWS_BUILD_HASH -#define LWS_BUILD_HASH "unknown-build-hash" -#endif - - -static const char *library_version = LWS_LIBRARY_VERSION " " LWS_BUILD_HASH; - -/** - * lws_get_library_version: get version and git hash library built from - * - * returns a const char * to a string like "1.1 178d78c" - * representing the library version followed by the git head hash it - * was built from - */ -LWS_VISIBLE const char * -lws_get_library_version(void) -{ - return library_version; -} - -#if defined(LWS_WITH_STATS) -static void -lws_sul_stats_cb(lws_sorted_usec_list_t *sul) -{ - struct lws_context_per_thread *pt = lws_container_of(sul, - struct lws_context_per_thread, sul_stats); - - lws_stats_log_dump(pt->context); - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_stats, 10 * LWS_US_PER_SEC); -} -#endif -#if defined(LWS_WITH_PEER_LIMITS) -static void -lws_sul_peer_limits_cb(lws_sorted_usec_list_t *sul) -{ - struct lws_context_per_thread *pt = lws_container_of(sul, - struct lws_context_per_thread, sul_peer_limits); - - lws_peer_cull_peer_wait_list(pt->context); - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_peer_limits, 10 * LWS_US_PER_SEC); -} -#endif - - -LWS_VISIBLE struct lws_context * -lws_create_context(const struct lws_context_creation_info *info) -{ - struct lws_context *context = NULL; - struct lws_plat_file_ops *prev; -#ifndef LWS_NO_DAEMONIZE - pid_t pid_daemon = get_daemonize_pid(); -#endif -#if defined(LWS_WITH_NETWORK) - int n; -#endif -#if defined(__ANDROID__) - struct rlimit rt; -#endif - - lwsl_info("Initial logging level %d\n", log_level); - lwsl_info("Libwebsockets version: %s\n", library_version); - -#ifdef LWS_WITH_IPV6 - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DISABLE_IPV6)) - lwsl_info("IPV6 compiled in and enabled\n"); - else - lwsl_info("IPV6 compiled in but disabled\n"); -#else - lwsl_info("IPV6 not compiled in\n"); -#endif - - lwsl_info(" LWS_DEF_HEADER_LEN : %u\n", LWS_DEF_HEADER_LEN); - lwsl_info(" LWS_MAX_PROTOCOLS : %u\n", LWS_MAX_PROTOCOLS); - lwsl_info(" LWS_MAX_SMP : %u\n", LWS_MAX_SMP); - lwsl_info(" sizeof (*info) : %ld\n", (long)sizeof(*info)); -#if defined(LWS_WITH_STATS) - lwsl_info(" LWS_WITH_STATS : on\n"); -#endif - lwsl_info(" SYSTEM_RANDOM_FILEPATH: '%s'\n", SYSTEM_RANDOM_FILEPATH); -#if defined(LWS_WITH_HTTP2) - lwsl_info(" HTTP2 support : available\n"); -#else - lwsl_info(" HTTP2 support : not configured\n"); -#endif - if (lws_plat_context_early_init()) - return NULL; - - context = lws_zalloc(sizeof(struct lws_context), "context"); - if (!context) { - lwsl_err("No memory for websocket context\n"); - return NULL; - } - - context->uid = info->uid; - context->gid = info->gid; - context->username = info->username; - context->groupname = info->groupname; - context->system_ops = info->system_ops; - - /* if he gave us names, set the uid / gid */ - if (lws_plat_drop_app_privileges(context, 0)) - goto bail; - -lwsl_info("context created\n"); -#if defined(LWS_WITH_TLS) && defined(LWS_WITH_NETWORK) -#if defined(LWS_WITH_MBEDTLS) - context->tls_ops = &tls_ops_mbedtls; -#else - context->tls_ops = &tls_ops_openssl; -#endif -#endif - - if (info->pt_serv_buf_size) - context->pt_serv_buf_size = info->pt_serv_buf_size; - else - context->pt_serv_buf_size = 4096; - -#if defined(LWS_ROLE_H2) - role_ops_h2.init_context(context, info); -#endif - -#if LWS_MAX_SMP > 1 - lws_mutex_refcount_init(&context->mr); -#endif - -#if defined(LWS_WITH_ESP32) - context->last_free_heap = esp_get_free_heap_size(); -#endif - - /* default to just the platform fops implementation */ - - context->fops_platform.LWS_FOP_OPEN = _lws_plat_file_open; - context->fops_platform.LWS_FOP_CLOSE = _lws_plat_file_close; - context->fops_platform.LWS_FOP_SEEK_CUR = _lws_plat_file_seek_cur; - context->fops_platform.LWS_FOP_READ = _lws_plat_file_read; - context->fops_platform.LWS_FOP_WRITE = _lws_plat_file_write; - context->fops_platform.fi[0].sig = NULL; - - /* - * arrange a linear linked-list of fops starting from context->fops - * - * platform fops - * [ -> fops_zip (copied into context so .next settable) ] - * [ -> info->fops ] - */ - - context->fops = &context->fops_platform; - prev = (struct lws_plat_file_ops *)context->fops; - -#if defined(LWS_WITH_ZIP_FOPS) - /* make a soft copy so we can set .next */ - context->fops_zip = fops_zip; - prev->next = &context->fops_zip; - prev = (struct lws_plat_file_ops *)prev->next; -#endif - - /* if user provided fops, tack them on the end of the list */ - if (info->fops) - prev->next = info->fops; - - context->reject_service_keywords = info->reject_service_keywords; - if (info->external_baggage_free_on_destroy) - context->external_baggage_free_on_destroy = - info->external_baggage_free_on_destroy; -#if defined(LWS_WITH_NETWORK) - context->time_up = lws_now_usecs(); -#endif - context->pcontext_finalize = info->pcontext; - - context->simultaneous_ssl_restriction = - info->simultaneous_ssl_restriction; - - context->options = info->options; - -#ifndef LWS_NO_DAEMONIZE - if (pid_daemon) { - context->started_with_parent = pid_daemon; - lwsl_info(" Started with daemon pid %u\n", (unsigned int)pid_daemon); - } -#endif -#if defined(__ANDROID__) - n = getrlimit(RLIMIT_NOFILE, &rt); - if (n == -1) { - lwsl_err("Get RLIMIT_NOFILE failed!\n"); - - return NULL; - } - context->max_fds = rt.rlim_cur; -#else -#if defined(WIN32) || defined(_WIN32) || defined(LWS_AMAZON_RTOS) - context->max_fds = getdtablesize(); -#else - context->max_fds = sysconf(_SC_OPEN_MAX); -#endif -#endif - - if (context->max_fds < 0) { - lwsl_err("%s: problem getting process max files\n", - __func__); - - return NULL; - } - - if (info->count_threads) - context->count_threads = info->count_threads; - else - context->count_threads = 1; - - if (context->count_threads > LWS_MAX_SMP) - context->count_threads = LWS_MAX_SMP; - - /* - * deal with any max_fds override, if it's reducing (setting it to - * more than ulimit -n is meaningless). The platform init will - * figure out what if this is something it can deal with. - */ - if (info->fd_limit_per_thread) { - int mf = info->fd_limit_per_thread * context->count_threads; - - if (mf < context->max_fds) { - context->max_fds_unrelated_to_ulimit = 1; - context->max_fds = mf; - } - } - - context->token_limits = info->token_limits; - -#if defined(LWS_WITH_NETWORK) - - /* - * set the context event loops ops struct - * - * after this, all event_loop actions use the generic ops - */ - -#if defined(LWS_WITH_POLL) - context->event_loop_ops = &event_loop_ops_poll; -#endif - - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) -#if defined(LWS_WITH_LIBUV) - context->event_loop_ops = &event_loop_ops_uv; -#else - goto fail_event_libs; -#endif - - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEV)) -#if defined(LWS_WITH_LIBEV) - context->event_loop_ops = &event_loop_ops_ev; -#else - goto fail_event_libs; -#endif - - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEVENT)) -#if defined(LWS_WITH_LIBEVENT) - context->event_loop_ops = &event_loop_ops_event; -#else - goto fail_event_libs; -#endif - - if (!context->event_loop_ops) - goto fail_event_libs; - - lwsl_info("Using event loop: %s\n", context->event_loop_ops->name); -#endif - -#if defined(LWS_WITH_TLS) && defined(LWS_WITH_NETWORK) - time(&context->tls.last_cert_check_s); - if (info->alpn) - context->tls.alpn_default = info->alpn; - else { - char *p = context->tls.alpn_discovered, first = 1; - - LWS_FOR_EVERY_AVAILABLE_ROLE_START(ar) { - if (ar->alpn) { - if (!first) - *p++ = ','; - p += lws_snprintf(p, - context->tls.alpn_discovered + - sizeof(context->tls.alpn_discovered) - - 2 - p, "%s", ar->alpn); - first = 0; - } - } LWS_FOR_EVERY_AVAILABLE_ROLE_END; - - context->tls.alpn_default = context->tls.alpn_discovered; - } - - lwsl_info("Default ALPN advertisment: %s\n", context->tls.alpn_default); -#endif - - if (info->timeout_secs) - context->timeout_secs = info->timeout_secs; - else - context->timeout_secs = AWAITING_TIMEOUT; - - context->ws_ping_pong_interval = info->ws_ping_pong_interval; - - lwsl_info(" default timeout (secs): %u\n", context->timeout_secs); - - if (info->max_http_header_data) - context->max_http_header_data = info->max_http_header_data; - else - if (info->max_http_header_data2) - context->max_http_header_data = - info->max_http_header_data2; - else - context->max_http_header_data = LWS_DEF_HEADER_LEN; - - if (info->max_http_header_pool) - context->max_http_header_pool = info->max_http_header_pool; - else - if (info->max_http_header_pool2) - context->max_http_header_pool = - info->max_http_header_pool2; - else - context->max_http_header_pool = context->max_fds; - - if (info->fd_limit_per_thread) - context->fd_limit_per_thread = info->fd_limit_per_thread; - else - context->fd_limit_per_thread = context->max_fds / - context->count_threads; - -#if defined(LWS_WITH_NETWORK) - /* - * Allocate the per-thread storage for scratchpad buffers, - * and header data pool - */ - for (n = 0; n < context->count_threads; n++) { - context->pt[n].serv_buf = lws_malloc( - context->pt_serv_buf_size + sizeof(struct lws), - "pt_serv_buf"); - if (!context->pt[n].serv_buf) { - lwsl_err("OOM\n"); - return NULL; - } - - context->pt[n].context = context; - context->pt[n].tid = n; - - /* - * We overallocated for a fakewsi (can't compose it in the - * pt because size isn't known at that time). point to it - * and zero it down. Fakewsis are needed to make callbacks work - * when the source of the callback is not actually from a wsi - * context. - */ - context->pt[n].fake_wsi = (struct lws *)(context->pt[n].serv_buf + - context->pt_serv_buf_size); - - memset(context->pt[n].fake_wsi, 0, sizeof(struct lws)); - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - context->pt[n].http.ah_list = NULL; - context->pt[n].http.ah_pool_length = 0; -#endif - lws_pt_mutex_init(&context->pt[n]); -#if defined(LWS_WITH_SEQUENCER) - lws_seq_pt_init(&context->pt[n]); -#endif - } - - lwsl_info(" Threads: %d each %d fds\n", context->count_threads, - context->fd_limit_per_thread); - - if (!info->ka_interval && info->ka_time > 0) { - lwsl_err("info->ka_interval can't be 0 if ka_time used\n"); - return NULL; - } - -#if defined(LWS_WITH_PEER_LIMITS) - /* scale the peer hash table according to the max fds for the process, - * so that the max list depth averages 16. Eg, 1024 fd -> 64, - * 102400 fd -> 6400 - */ - - context->pl_hash_elements = - (context->count_threads * context->fd_limit_per_thread) / 16; - context->pl_hash_table = lws_zalloc(sizeof(struct lws_peer *) * - context->pl_hash_elements, "peer limits hash table"); - - context->ip_limit_ah = info->ip_limit_ah; - context->ip_limit_wsi = info->ip_limit_wsi; -#endif - - lwsl_info(" mem: context: %5lu B (%ld ctx + (%ld thr x %d))\n", - (long)sizeof(struct lws_context) + - (context->count_threads * context->pt_serv_buf_size), - (long)sizeof(struct lws_context), - (long)context->count_threads, - context->pt_serv_buf_size); -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - lwsl_info(" mem: http hdr size: (%u + %lu), max count %u\n", - context->max_http_header_data, - (long)sizeof(struct allocated_headers), - context->max_http_header_pool); -#endif - - /* - * fds table contains pollfd structs for as many pollfds as we can - * handle... spread across as many service threads as we have going - */ - n = sizeof(struct lws_pollfd) * context->count_threads * - context->fd_limit_per_thread; - context->pt[0].fds = lws_zalloc(n, "fds table"); - if (context->pt[0].fds == NULL) { - lwsl_err("OOM allocating %d fds\n", context->max_fds); - goto bail; - } - lwsl_info(" mem: pollfd map: %5u B\n", n); -#endif - if (info->server_string) { - context->server_string = info->server_string; - context->server_string_len = (short) - strlen(context->server_string); - } - -#if LWS_MAX_SMP > 1 - /* each thread serves his own chunk of fds */ - for (n = 1; n < (int)context->count_threads; n++) - context->pt[n].fds = context->pt[n - 1].fds + - context->fd_limit_per_thread; -#endif - - if (lws_plat_init(context, info)) - goto bail; - -#if defined(LWS_WITH_NETWORK) - if (context->event_loop_ops->init_context) - if (context->event_loop_ops->init_context(context, info)) - goto bail; - - - if (context->event_loop_ops->init_pt) - for (n = 0; n < context->count_threads; n++) { - void *lp = NULL; - - if (info->foreign_loops) - lp = info->foreign_loops[n]; - - if (context->event_loop_ops->init_pt(context, lp, n)) - goto bail; - } - -#if !defined(LWS_AMAZON_RTOS) - if (lws_create_event_pipes(context)) - goto bail; -#endif -#endif - - lws_context_init_ssl_library(info); - - context->user_space = info->user; -#if defined(LWS_WITH_NETWORK) - /* - * if he's not saying he'll make his own vhosts later then act - * compatibly and make a default vhost using the data in the info - */ - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) - if (!lws_create_vhost(context, info)) { - lwsl_err("Failed to create default vhost\n"); - for (n = 0; n < context->count_threads; n++) - lws_free_set_NULL(context->pt[n].serv_buf); -#if defined(LWS_WITH_PEER_LIMITS) - lws_free_set_NULL(context->pl_hash_table); -#endif - goto fail_clean_pipes; - } - - lws_context_init_extensions(info, context); - - lwsl_info(" mem: per-conn: %5lu bytes + protocol rx buf\n", - (unsigned long)sizeof(struct lws)); -#endif - strcpy(context->canonical_hostname, "unknown"); -#if defined(LWS_WITH_NETWORK) - lws_server_get_canonical_hostname(context, info); -#endif - -#if defined(LWS_WITH_STATS) - context->pt[0].sul_stats.cb = lws_sul_stats_cb; - __lws_sul_insert(&context->pt[0].pt_sul_owner, &context->pt[0].sul_stats, - 10 * LWS_US_PER_SEC); -#endif -#if defined(LWS_WITH_PEER_LIMITS) - context->pt[0].sul_peer_limits.cb = lws_sul_peer_limits_cb; - __lws_sul_insert(&context->pt[0].pt_sul_owner, - &context->pt[0].sul_peer_limits, 10 * LWS_US_PER_SEC); -#endif - -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) - memcpy(context->caps, info->caps, sizeof(context->caps)); - context->count_caps = info->count_caps; -#endif - - /* - * drop any root privs for this process - * to listen on port < 1023 we would have needed root, but now we are - * listening, we don't want the power for anything else - */ - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) - if (lws_plat_drop_app_privileges(context, 1)) - goto bail; - -#if defined(LWS_WITH_NETWORK) - /* expedite post-context init (eg, protocols) */ - lws_cancel_service(context); -#endif - - return context; - -#if defined(LWS_WITH_NETWORK) -fail_clean_pipes: - for (n = 0; n < context->count_threads; n++) - lws_destroy_event_pipe(context->pt[n].pipe_wsi); - - lws_free_set_NULL(context->pt[0].fds); - lws_plat_context_late_destroy(context); - lws_free_set_NULL(context); - - return NULL; -#endif - -bail: - lws_context_destroy(context); - - return NULL; - -#if defined(LWS_WITH_NETWORK) -fail_event_libs: - lwsl_err("Requested event library support not configured, available:\n"); - { - extern const struct lws_event_loop_ops *available_event_libs[]; - const struct lws_event_loop_ops **elops = available_event_libs; - - while (*elops) { - lwsl_err(" - %s\n", (*elops)->name); - elops++; - } - } -#endif - lws_free(context); - - return NULL; -} - -LWS_VISIBLE LWS_EXTERN int -lws_context_is_deprecated(struct lws_context *context) -{ - return context->deprecated; -} - -/* - * When using an event loop, the context destruction is in three separate - * parts. This is to cover both internal and foreign event loops cleanly. - * - * - lws_context_destroy() simply starts a soft close of all wsi and - * related allocations. The event loop continues. - * - * As the closes complete in the event loop, reference counting is used - * to determine when everything is closed. It then calls - * lws_context_destroy2(). - * - * - lws_context_destroy2() cleans up the rest of the higher-level logical - * lws pieces like vhosts. If the loop was foreign, it then proceeds to - * lws_context_destroy3(). If it the loop is internal, it stops the - * internal loops and waits for lws_context_destroy() to be called again - * outside the event loop (since we cannot destroy the loop from - * within the loop). That will cause lws_context_destroy3() to run - * directly. - * - * - lws_context_destroy3() destroys any internal event loops and then - * destroys the context itself, setting what was info.pcontext to NULL. - */ - -/* - * destroy the actual context itself - */ - -static void -lws_context_destroy3(struct lws_context *context) -{ - struct lws_context **pcontext_finalize = context->pcontext_finalize; -#if defined(LWS_WITH_NETWORK) - int n; - - lwsl_debug("%s\n", __func__); - - for (n = 0; n < context->count_threads; n++) { - struct lws_context_per_thread *pt = &context->pt[n]; - (void)pt; -#if defined(LWS_WITH_SEQUENCER) - lws_seq_destroy_all_on_pt(pt); -#endif - - if (context->event_loop_ops->destroy_pt) - context->event_loop_ops->destroy_pt(context, n); - - lws_free_set_NULL(context->pt[n].serv_buf); - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - while (pt->http.ah_list) - _lws_destroy_ah(pt, pt->http.ah_list); -#endif - } - - if (context->pt[0].fds) - lws_free_set_NULL(context->pt[0].fds); -#endif - lws_context_deinit_ssl_library(context); - - lws_free(context); - lwsl_info("%s: ctx %p freed\n", __func__, context); - - if (pcontext_finalize) - *pcontext_finalize = NULL; -} - -/* - * really start destroying things - */ - -void -lws_context_destroy2(struct lws_context *context) -{ -#if defined(LWS_WITH_NETWORK) - struct lws_vhost *vh = NULL, *vh1; -#endif -#if defined(LWS_WITH_PEER_LIMITS) - uint32_t nu; -#endif - - lwsl_info("%s: ctx %p\n", __func__, context); - - lws_context_lock(context, "context destroy 2"); /* ------ context { */ - - context->being_destroyed2 = 1; -#if defined(LWS_WITH_NETWORK) - /* - * free all the per-vhost allocations - */ - - vh = context->vhost_list; - while (vh) { - vh1 = vh->vhost_next; - __lws_vhost_destroy2(vh); - vh = vh1; - } - - lwsl_debug("%p: post vh listl\n", __func__); - - /* remove ourselves from the pending destruction list */ - - while (context->vhost_pending_destruction_list) - /* removes itself from list */ - __lws_vhost_destroy2(context->vhost_pending_destruction_list); -#endif - - lwsl_debug("%p: post pdl\n", __func__); - - lws_stats_log_dump(context); -#if defined(LWS_WITH_NETWORK) - lws_ssl_context_destroy(context); -#endif - lws_plat_context_late_destroy(context); - -#if defined(LWS_WITH_PEER_LIMITS) - for (nu = 0; nu < context->pl_hash_elements; nu++) { - lws_start_foreach_llp(struct lws_peer **, peer, - context->pl_hash_table[nu]) { - struct lws_peer *df = *peer; - *peer = df->next; - lws_free(df); - continue; - } lws_end_foreach_llp(peer, next); - } - lws_free(context->pl_hash_table); -#endif - - lwsl_debug("%p: baggage\n", __func__); - - if (context->external_baggage_free_on_destroy) - free(context->external_baggage_free_on_destroy); - -#if defined(LWS_WITH_NETWORK) - lws_check_deferred_free(context, 0, 1); -#endif - -#if LWS_MAX_SMP > 1 - lws_mutex_refcount_destroy(&context->mr); -#endif -#if defined(LWS_WITH_NETWORK) - if (context->event_loop_ops->destroy_context2) - if (context->event_loop_ops->destroy_context2(context)) { - lws_context_unlock(context); /* } context ----------- */ - context->finalize_destroy_after_internal_loops_stopped = 1; - return; - } - - lwsl_debug("%p: post dc2\n", __func__); - - if (!context->pt[0].event_loop_foreign) { - int n; - for (n = 0; n < context->count_threads; n++) - if (context->pt[n].inside_service) { - lwsl_debug("%p: bailing as inside service\n", __func__); - lws_context_unlock(context); /* } context --- */ - return; - } - } -#endif - lws_context_unlock(context); /* } context ------------------- */ - - lws_context_destroy3(context); -} - -/* - * Begin the context takedown - */ - -LWS_VISIBLE void -lws_context_destroy(struct lws_context *context) -{ -#if defined(LWS_WITH_NETWORK) - volatile struct lws_foreign_thread_pollfd *ftp, *next; - volatile struct lws_context_per_thread *vpt; - struct lws_vhost *vh = NULL; - struct lws wsi; - int n, m; -#endif - - if (!context) - return; -#if defined(LWS_WITH_NETWORK) - if (context->finalize_destroy_after_internal_loops_stopped) { - if (context->event_loop_ops->destroy_context2) - context->event_loop_ops->destroy_context2(context); - lws_context_destroy3(context); - - return; - } -#endif - if (context->being_destroyed1) { - if (!context->being_destroyed2) { - lws_context_destroy2(context); - - return; - } - lwsl_info("%s: ctx %p: already being destroyed\n", - __func__, context); - - lws_context_destroy3(context); - return; - } - - lwsl_info("%s: ctx %p\n", __func__, context); - - context->being_destroyed = 1; - context->being_destroyed1 = 1; - context->requested_kill = 1; - -#if defined(LWS_WITH_NETWORK) - m = context->count_threads; - memset(&wsi, 0, sizeof(wsi)); - wsi.context = context; - -#ifdef LWS_LATENCY - if (context->worst_latency_info[0]) - lwsl_notice("Worst latency: %s\n", context->worst_latency_info); -#endif - - while (m--) { - struct lws_context_per_thread *pt = &context->pt[m]; - vpt = (volatile struct lws_context_per_thread *)pt; - - ftp = vpt->foreign_pfd_list; - while (ftp) { - next = ftp->next; - lws_free((void *)ftp); - ftp = next; - } - vpt->foreign_pfd_list = NULL; - - for (n = 0; (unsigned int)n < context->pt[m].fds_count; n++) { - struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); - if (!wsi) - continue; - - if (wsi->event_pipe) - lws_destroy_event_pipe(wsi); - else - lws_close_free_wsi(wsi, - LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY, - "ctx destroy" - /* no protocol close */); - n--; - } - lws_pt_mutex_destroy(pt); - } - - /* - * inform all the protocols that they are done and will have no more - * callbacks. - * - * We can't free things until after the event loop shuts down. - */ - if (context->protocol_init_done) - vh = context->vhost_list; - while (vh) { - struct lws_vhost *vhn = vh->vhost_next; - lws_vhost_destroy1(vh); - vh = vhn; - } -#endif - - lws_plat_context_early_destroy(context); - -#if defined(LWS_WITH_NETWORK) - - /* - * We face two different needs depending if foreign loop or not. - * - * 1) If foreign loop, we really want to advance the destroy_context() - * past here, and block only for libuv-style async close completion. - * - * 2a) If poll, and we exited by ourselves and are calling a final - * destroy_context() outside of any service already, we want to - * advance all the way in one step. - * - * 2b) If poll, and we are reacting to a SIGINT, service thread(s) may - * be in poll wait or servicing. We can't advance the - * destroy_context() to the point it's freeing things; we have to - * leave that for the final destroy_context() after the service - * thread(s) are finished calling for service. - */ - - if (context->event_loop_ops->destroy_context1) { - context->event_loop_ops->destroy_context1(context); - - return; - } -#endif - -#if defined(LWS_WITH_ESP32) -#if defined(LWS_AMAZON_RTOS) - context->last_free_heap = xPortGetFreeHeapSize(); -#else - context->last_free_heap = esp_get_free_heap_size(); -#endif -#endif - - lws_context_destroy2(context); -} - diff --git a/lib/core/libwebsockets.c b/lib/core/libwebsockets.c deleted file mode 100644 index c425cdc..0000000 --- a/lib/core/libwebsockets.c +++ /dev/null @@ -1,955 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifdef LWS_HAVE_SYS_TYPES_H -#include -#endif - -signed char char_to_hex(const char c) -{ - if (c >= '0' && c <= '9') - return c - '0'; - - if (c >= 'a' && c <= 'f') - return c - 'a' + 10; - - if (c >= 'A' && c <= 'F') - return c - 'A' + 10; - - return -1; -} - -int -lws_hex_to_byte_array(const char *h, uint8_t *dest, int max) -{ - uint8_t *odest = dest; - - while (max-- && *h) { - int t = char_to_hex(*h++), t1; - - if (!*h || t < 0) - return -1; - - t1 = char_to_hex(*h++); - if (t1 < 0) - return -1; - - *dest++ = (t << 4) | t1; - } - - if (max < 0) - return -1; - - return dest - odest; -} - - -#if !defined(LWS_PLAT_OPTEE) - -#if !defined(LWS_AMAZON_RTOS) -int lws_open(const char *__file, int __oflag, ...) -{ - va_list ap; - int n; - - va_start(ap, __oflag); - if (((__oflag & O_CREAT) == O_CREAT) -#if defined(O_TMPFILE) - || ((__oflag & O_TMPFILE) == O_TMPFILE) -#endif - ) - /* last arg is really a mode_t. But windows... */ - n = open(__file, __oflag, va_arg(ap, uint32_t)); - else - n = open(__file, __oflag); - va_end(ap); - - if (n != -1 && lws_plat_apply_FD_CLOEXEC(n)) { - close(n); - - return -1; - } - - return n; -} -#endif -#endif - -int -lws_pthread_self_to_tsi(struct lws_context *context) -{ -#if LWS_MAX_SMP > 1 - pthread_t ps = pthread_self(); - struct lws_context_per_thread *pt = &context->pt[0]; - int n; - - for (n = 0; n < context->count_threads; n++) { - if (pthread_equal(ps, pt->self)) - return n; - pt++; - } - - return -1; -#else - return 0; -#endif -} - -LWS_EXTERN void * -lws_context_user(struct lws_context *context) -{ - return context->user_space; -} - -LWS_VISIBLE void -lws_explicit_bzero(void *p, size_t len) -{ - volatile uint8_t *vp = p; - - while (len--) - *vp++ = 0; -} - -#if !(defined(LWS_PLAT_OPTEE) && !defined(LWS_WITH_NETWORK)) - -/** - * lws_now_secs() - seconds since 1970-1-1 - * - */ -LWS_VISIBLE LWS_EXTERN unsigned long -lws_now_secs(void) -{ - struct timeval tv; - - gettimeofday(&tv, NULL); - - return tv.tv_sec; -} - -#endif -LWS_VISIBLE extern const char * -lws_canonical_hostname(struct lws_context *context) -{ - return (const char *)context->canonical_hostname; -} - -#if defined(LWS_WITH_SOCKS5) -LWS_VISIBLE int -lws_set_socks(struct lws_vhost *vhost, const char *socks) -{ - char *p_at, *p_colon; - char user[96]; - char password[96]; - - if (!socks) - return -1; - - vhost->socks_user[0] = '\0'; - vhost->socks_password[0] = '\0'; - - p_at = strrchr(socks, '@'); - if (p_at) { /* auth is around */ - if ((unsigned int)(p_at - socks) > (sizeof(user) - + sizeof(password) - 2)) { - lwsl_err("Socks auth too long\n"); - goto bail; - } - - p_colon = strchr(socks, ':'); - if (p_colon) { - if ((unsigned int)(p_colon - socks) > (sizeof(user) - - 1) ) { - lwsl_err("Socks user too long\n"); - goto bail; - } - if ((unsigned int)(p_at - p_colon) > (sizeof(password) - - 1) ) { - lwsl_err("Socks password too long\n"); - goto bail; - } - - lws_strncpy(vhost->socks_user, socks, p_colon - socks + 1); - lws_strncpy(vhost->socks_password, p_colon + 1, - p_at - (p_colon + 1) + 1); - } - - lwsl_info(" Socks auth, user: %s, password: %s\n", - vhost->socks_user, vhost->socks_password ); - - socks = p_at + 1; - } - - lws_strncpy(vhost->socks_proxy_address, socks, - sizeof(vhost->socks_proxy_address)); - - p_colon = strchr(vhost->socks_proxy_address, ':'); - if (!p_colon && !vhost->socks_proxy_port) { - lwsl_err("socks_proxy needs to be address:port\n"); - return -1; - } else { - if (p_colon) { - *p_colon = '\0'; - vhost->socks_proxy_port = atoi(p_colon + 1); - } - } - - lwsl_info(" Socks %s:%u\n", vhost->socks_proxy_address, - vhost->socks_proxy_port); - - return 0; - -bail: - return -1; -} -#endif - - - -LWS_VISIBLE LWS_EXTERN int -lws_get_count_threads(struct lws_context *context) -{ - return context->count_threads; -} - -static const unsigned char e0f4[] = { - 0xa0 | ((2 - 1) << 2) | 1, /* e0 */ - 0x80 | ((4 - 1) << 2) | 1, /* e1 */ - 0x80 | ((4 - 1) << 2) | 1, /* e2 */ - 0x80 | ((4 - 1) << 2) | 1, /* e3 */ - 0x80 | ((4 - 1) << 2) | 1, /* e4 */ - 0x80 | ((4 - 1) << 2) | 1, /* e5 */ - 0x80 | ((4 - 1) << 2) | 1, /* e6 */ - 0x80 | ((4 - 1) << 2) | 1, /* e7 */ - 0x80 | ((4 - 1) << 2) | 1, /* e8 */ - 0x80 | ((4 - 1) << 2) | 1, /* e9 */ - 0x80 | ((4 - 1) << 2) | 1, /* ea */ - 0x80 | ((4 - 1) << 2) | 1, /* eb */ - 0x80 | ((4 - 1) << 2) | 1, /* ec */ - 0x80 | ((2 - 1) << 2) | 1, /* ed */ - 0x80 | ((4 - 1) << 2) | 1, /* ee */ - 0x80 | ((4 - 1) << 2) | 1, /* ef */ - 0x90 | ((3 - 1) << 2) | 2, /* f0 */ - 0x80 | ((4 - 1) << 2) | 2, /* f1 */ - 0x80 | ((4 - 1) << 2) | 2, /* f2 */ - 0x80 | ((4 - 1) << 2) | 2, /* f3 */ - 0x80 | ((1 - 1) << 2) | 2, /* f4 */ - - 0, /* s0 */ - 0x80 | ((4 - 1) << 2) | 0, /* s2 */ - 0x80 | ((4 - 1) << 2) | 1, /* s3 */ -}; - -LWS_EXTERN int -lws_check_byte_utf8(unsigned char state, unsigned char c) -{ - unsigned char s = state; - - if (!s) { - if (c >= 0x80) { - if (c < 0xc2 || c > 0xf4) - return -1; - if (c < 0xe0) - return 0x80 | ((4 - 1) << 2); - else - return e0f4[c - 0xe0]; - } - - return s; - } - if (c < (s & 0xf0) || c >= (s & 0xf0) + 0x10 + ((s << 2) & 0x30)) - return -1; - - return e0f4[21 + (s & 3)]; -} - -LWS_EXTERN int -lws_check_utf8(unsigned char *state, unsigned char *buf, size_t len) -{ - unsigned char s = *state; - - while (len--) { - unsigned char c = *buf++; - - if (!s) { - if (c >= 0x80) { - if (c < 0xc2 || c > 0xf4) - return 1; - if (c < 0xe0) - s = 0x80 | ((4 - 1) << 2); - else - s = e0f4[c - 0xe0]; - } - } else { - if (c < (s & 0xf0) || - c >= (s & 0xf0) + 0x10 + ((s << 2) & 0x30)) - return 1; - s = e0f4[21 + (s & 3)]; - } - } - - *state = s; - - return 0; -} - - -char * -lws_strdup(const char *s) -{ - char *d = lws_malloc(strlen(s) + 1, "strdup"); - - if (d) - strcpy(d, s); - - return d; -} - -static const char *hex = "0123456789ABCDEF"; - -LWS_VISIBLE LWS_EXTERN const char * -lws_sql_purify(char *escaped, const char *string, int len) -{ - const char *p = string; - char *q = escaped; - - while (*p && len-- > 2) { - if (*p == '\'') { - *q++ = '\''; - *q++ = '\''; - len --; - p++; - } else - *q++ = *p++; - } - *q = '\0'; - - return escaped; -} - -LWS_VISIBLE LWS_EXTERN const char * -lws_json_purify(char *escaped, const char *string, int len) -{ - const char *p = string; - char *q = escaped; - - if (!p) { - escaped[0] = '\0'; - return escaped; - } - - while (*p && len-- > 6) { - if (*p == '\t') { - p++; - *q++ = '\\'; - *q++ = 't'; - continue; - } - - if (*p == '\n') { - p++; - *q++ = '\\'; - *q++ = 'n'; - continue; - } - - if (*p == '\r') { - p++; - *q++ = '\\'; - *q++ = 'r'; - continue; - } - - if (*p == '\"' || *p == '\\' || *p < 0x20) { - *q++ = '\\'; - *q++ = 'u'; - *q++ = '0'; - *q++ = '0'; - *q++ = hex[((*p) >> 4) & 15]; - *q++ = hex[(*p) & 15]; - len -= 5; - p++; - } else - *q++ = *p++; - } - *q = '\0'; - - return escaped; -} - -LWS_VISIBLE LWS_EXTERN void -lws_filename_purify_inplace(char *filename) -{ - while (*filename) { - - if (*filename == '.' && filename[1] == '.') { - *filename = '_'; - filename[1] = '_'; - } - - if (*filename == ':' || - *filename == '\\' || - *filename == '$' || - *filename == '%') - *filename = '_'; - - filename++; - } -} - -LWS_VISIBLE LWS_EXTERN const char * -lws_urlencode(char *escaped, const char *string, int len) -{ - const char *p = string; - char *q = escaped; - - while (*p && len-- > 3) { - if (*p == ' ') { - *q++ = '+'; - p++; - continue; - } - if ((*p >= '0' && *p <= '9') || - (*p >= 'A' && *p <= 'Z') || - (*p >= 'a' && *p <= 'z')) { - *q++ = *p++; - continue; - } - *q++ = '%'; - *q++ = hex[(*p >> 4) & 0xf]; - *q++ = hex[*p & 0xf]; - - len -= 2; - p++; - } - *q = '\0'; - - return escaped; -} - -LWS_VISIBLE LWS_EXTERN int -lws_urldecode(char *string, const char *escaped, int len) -{ - int state = 0, n; - char sum = 0; - - while (*escaped && len) { - switch (state) { - case 0: - if (*escaped == '%') { - state++; - escaped++; - continue; - } - if (*escaped == '+') { - escaped++; - *string++ = ' '; - len--; - continue; - } - *string++ = *escaped++; - len--; - break; - case 1: - n = char_to_hex(*escaped); - if (n < 0) - return -1; - escaped++; - sum = n << 4; - state++; - break; - - case 2: - n = char_to_hex(*escaped); - if (n < 0) - return -1; - escaped++; - *string++ = sum | n; - len--; - state = 0; - break; - } - - } - *string = '\0'; - - return 0; -} - -LWS_VISIBLE LWS_EXTERN int -lws_finalize_startup(struct lws_context *context) -{ - if (lws_check_opt(context->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) - if (lws_plat_drop_app_privileges(context, 1)) - return 1; - - return 0; -} - -LWS_VISIBLE LWS_EXTERN void -lws_get_effective_uid_gid(struct lws_context *context, int *uid, int *gid) -{ - *uid = context->uid; - *gid = context->gid; -} - -int -lws_snprintf(char *str, size_t size, const char *format, ...) -{ - va_list ap; - int n; - - if (!size) - return 0; - - va_start(ap, format); - n = vsnprintf(str, size, format, ap); - va_end(ap); - - if (n >= (int)size) - return (int)size; - - return n; -} - -char * -lws_strncpy(char *dest, const char *src, size_t size) -{ - strncpy(dest, src, size - 1); - dest[size - 1] = '\0'; - - return dest; -} - -int -lws_timingsafe_bcmp(const void *a, const void *b, uint32_t len) -{ - const uint8_t *pa = a, *pb = b; - uint8_t sum = 0; - - while (len--) - sum |= (*pa++ ^ *pb++); - - return sum; -} - - -typedef enum { - LWS_TOKZS_LEADING_WHITESPACE, - LWS_TOKZS_QUOTED_STRING, - LWS_TOKZS_TOKEN, - LWS_TOKZS_TOKEN_POST_TERMINAL -} lws_tokenize_state; - -#if defined(LWS_AMAZON_RTOS) -lws_tokenize_elem -#else -int -#endif -lws_tokenize(struct lws_tokenize *ts) -{ - const char *rfc7230_delims = "(),/:;<=>?@[\\]{}"; - lws_tokenize_state state = LWS_TOKZS_LEADING_WHITESPACE; - char c, flo = 0, d_minus = '-', d_dot = '.', s_minus = '\0', - s_dot = '\0'; - signed char num = ts->flags & LWS_TOKENIZE_F_NO_INTEGERS ? 0 : -1; - int utf8 = 0; - - /* for speed, compute the effect of the flags outside the loop */ - - if (ts->flags & LWS_TOKENIZE_F_MINUS_NONTERM) { - d_minus = '\0'; - s_minus = '-'; - } - if (ts->flags & LWS_TOKENIZE_F_DOT_NONTERM) { - d_dot = '\0'; - s_dot = '.'; - } - - ts->token = NULL; - ts->token_len = 0; - - while (ts->len) { - c = *ts->start++; - ts->len--; - - utf8 = lws_check_byte_utf8((unsigned char)utf8, c); - if (utf8 < 0) - return LWS_TOKZE_ERR_BROKEN_UTF8; - - if (!c) - break; - - /* whitespace */ - - if (c == ' ' || c == '\t' || c == '\n' || c == '\r' || - c == '\f') { - switch (state) { - case LWS_TOKZS_LEADING_WHITESPACE: - case LWS_TOKZS_TOKEN_POST_TERMINAL: - continue; - case LWS_TOKZS_QUOTED_STRING: - ts->token_len++; - continue; - case LWS_TOKZS_TOKEN: - /* we want to scan forward to look for = */ - - state = LWS_TOKZS_TOKEN_POST_TERMINAL; - continue; - } - } - - /* quoted string */ - - if (c == '\"') { - if (state == LWS_TOKZS_QUOTED_STRING) - return LWS_TOKZE_QUOTED_STRING; - - /* starting a quoted string */ - - if (ts->flags & LWS_TOKENIZE_F_COMMA_SEP_LIST) { - if (ts->delim == LWSTZ_DT_NEED_DELIM) - return LWS_TOKZE_ERR_COMMA_LIST; - ts->delim = LWSTZ_DT_NEED_DELIM; - } - - state = LWS_TOKZS_QUOTED_STRING; - ts->token = ts->start; - ts->token_len = 0; - - continue; - } - - /* token= aggregation */ - - if (c == '=' && (state == LWS_TOKZS_TOKEN_POST_TERMINAL || - state == LWS_TOKZS_TOKEN)) { - if (num == 1) - return LWS_TOKZE_ERR_NUM_ON_LHS; - /* swallow the = */ - return LWS_TOKZE_TOKEN_NAME_EQUALS; - } - - /* optional token: aggregation */ - - if ((ts->flags & LWS_TOKENIZE_F_AGG_COLON) && c == ':' && - (state == LWS_TOKZS_TOKEN_POST_TERMINAL || - state == LWS_TOKZS_TOKEN)) - /* swallow the : */ - return LWS_TOKZE_TOKEN_NAME_COLON; - - /* aggregate . in a number as a float */ - - if (c == '.' && !(ts->flags & LWS_TOKENIZE_F_NO_FLOATS) && - state == LWS_TOKZS_TOKEN && num == 1) { - if (flo) - return LWS_TOKZE_ERR_MALFORMED_FLOAT; - flo = 1; - ts->token_len++; - continue; - } - - /* - * Delimiter... by default anything that: - * - * - isn't matched earlier, or - * - is [A-Z, a-z, 0-9, _], and - * - is not a partial utf8 char - * - * is a "delimiter", it marks the end of a token and is itself - * reported as a single LWS_TOKZE_DELIMITER each time. - * - * However with LWS_TOKENIZE_F_RFC7230_DELIMS flag, tokens may - * contain any noncontrol character that isn't defined in - * rfc7230_delims, and only characters listed there are treated - * as delimiters. - */ - - if (!utf8 && - ((ts->flags & LWS_TOKENIZE_F_RFC7230_DELIMS && - strchr(rfc7230_delims, c) && c > 32) || - ((!(ts->flags & LWS_TOKENIZE_F_RFC7230_DELIMS) && - (c < '0' || c > '9') && (c < 'A' || c > 'Z') && - (c < 'a' || c > 'z') && c != '_') && - c != s_minus && c != s_dot) || - c == d_minus || c == d_dot - )) { - switch (state) { - case LWS_TOKZS_LEADING_WHITESPACE: - if (ts->flags & LWS_TOKENIZE_F_COMMA_SEP_LIST) { - if (c != ',' || - ts->delim != LWSTZ_DT_NEED_DELIM) - return LWS_TOKZE_ERR_COMMA_LIST; - ts->delim = LWSTZ_DT_NEED_NEXT_CONTENT; - } - - ts->token = ts->start - 1; - ts->token_len = 1; - return LWS_TOKZE_DELIMITER; - - case LWS_TOKZS_QUOTED_STRING: - ts->token_len++; - continue; - - case LWS_TOKZS_TOKEN_POST_TERMINAL: - case LWS_TOKZS_TOKEN: - /* report the delimiter next time */ - ts->start--; - ts->len++; - goto token_or_numeric; - } - } - - /* anything that's not whitespace or delimiter is payload */ - - switch (state) { - case LWS_TOKZS_LEADING_WHITESPACE: - - if (ts->flags & LWS_TOKENIZE_F_COMMA_SEP_LIST) { - if (ts->delim == LWSTZ_DT_NEED_DELIM) - return LWS_TOKZE_ERR_COMMA_LIST; - ts->delim = LWSTZ_DT_NEED_DELIM; - } - - state = LWS_TOKZS_TOKEN; - ts->token = ts->start - 1; - ts->token_len = 1; - goto checknum; - - case LWS_TOKZS_QUOTED_STRING: - case LWS_TOKZS_TOKEN: - ts->token_len++; -checknum: - if (!(ts->flags & LWS_TOKENIZE_F_NO_INTEGERS)) { - if (c < '0' || c > '9') - num = 0; - else - if (num < 0) - num = 1; - } - continue; - - case LWS_TOKZS_TOKEN_POST_TERMINAL: - /* report the new token next time */ - ts->start--; - ts->len++; - goto token_or_numeric; - } - } - - /* we ran out of content */ - - if (utf8) /* ended partway through a multibyte char */ - return LWS_TOKZE_ERR_BROKEN_UTF8; - - if (state == LWS_TOKZS_QUOTED_STRING) - return LWS_TOKZE_ERR_UNTERM_STRING; - - if (state != LWS_TOKZS_TOKEN_POST_TERMINAL && - state != LWS_TOKZS_TOKEN) { - if ((ts->flags & LWS_TOKENIZE_F_COMMA_SEP_LIST) && - ts->delim == LWSTZ_DT_NEED_NEXT_CONTENT) - return LWS_TOKZE_ERR_COMMA_LIST; - - return LWS_TOKZE_ENDED; - } - - /* report the pending token */ - -token_or_numeric: - - if (num != 1) - return LWS_TOKZE_TOKEN; - if (flo) - return LWS_TOKZE_FLOAT; - - return LWS_TOKZE_INTEGER; -} - - -LWS_VISIBLE LWS_EXTERN int -lws_tokenize_cstr(struct lws_tokenize *ts, char *str, int max) -{ - if (ts->token_len + 1 >= max) - return 1; - - memcpy(str, ts->token, ts->token_len); - str[ts->token_len] = '\0'; - - return 0; -} - -LWS_VISIBLE LWS_EXTERN void -lws_tokenize_init(struct lws_tokenize *ts, const char *start, int flags) -{ - ts->start = start; - ts->len = 0x7fffffff; - ts->flags = flags; - ts->delim = LWSTZ_DT_NEED_FIRST_CONTENT; -} - -#if LWS_MAX_SMP > 1 - -void -lws_mutex_refcount_init(struct lws_mutex_refcount *mr) -{ - pthread_mutex_init(&mr->lock, NULL); - mr->last_lock_reason = NULL; - mr->lock_depth = 0; - mr->metadata = 0; - mr->lock_owner = 0; -} - -void -lws_mutex_refcount_destroy(struct lws_mutex_refcount *mr) -{ - pthread_mutex_destroy(&mr->lock); -} - -void -lws_mutex_refcount_lock(struct lws_mutex_refcount *mr, const char *reason) -{ - /* if true, this sequence is atomic because our thread has the lock - * - * - if true, only guy who can race to make it untrue is our thread, - * and we are here. - * - * - if false, only guy who could race to make it true is our thread, - * and we are here - * - * - it can be false and change to a different tid that is also false - */ - if (mr->lock_owner == pthread_self()) { - /* atomic because we only change it if we own the lock */ - mr->lock_depth++; - return; - } - - pthread_mutex_lock(&mr->lock); - /* atomic because only we can have the lock */ - mr->last_lock_reason = reason; - mr->lock_owner = pthread_self(); - mr->lock_depth = 1; - //lwsl_notice("tid %d: lock %s\n", mr->tid, reason); -} - -void -lws_mutex_refcount_unlock(struct lws_mutex_refcount *mr) -{ - if (--mr->lock_depth) - /* atomic because only thread that has the lock can unlock */ - return; - - mr->last_lock_reason = "free"; - mr->lock_owner = 0; - //lwsl_notice("tid %d: unlock %s\n", mr->tid, mr->last_lock_reason); - pthread_mutex_unlock(&mr->lock); -} - -#endif /* SMP */ - - -const char * -lws_cmdline_option(int argc, const char **argv, const char *val) -{ - int n = (int)strlen(val), c = argc; - - while (--c > 0) { - - if (!strncmp(argv[c], val, n)) { - if (!*(argv[c] + n) && c < argc - 1) { - /* coverity treats unchecked argv as "tainted" */ - if (!argv[c + 1] || strlen(argv[c + 1]) > 1024) - return NULL; - return argv[c + 1]; - } - - return argv[c] + n; - } - } - - return NULL; -} - - -const lws_humanize_unit_t humanize_schema_si[] = { - { "Pi ", LWS_PI }, { "Ti ", LWS_TI }, { "Gi ", LWS_GI }, - { "Mi ", LWS_MI }, { "Ki ", LWS_KI }, { " ", 1 }, - { NULL, 0 } -}; -const lws_humanize_unit_t humanize_schema_si_bytes[] = { - { "PiB", LWS_PI }, { "TiB", LWS_TI }, { "GiB", LWS_GI }, - { "MiB", LWS_MI }, { "KiB", LWS_KI }, { "B ", 1 }, - { NULL, 0 } -}; -const lws_humanize_unit_t humanize_schema_us[] = { - { "y ", (uint64_t)365 * 24 * 3600 * LWS_US_PER_SEC }, - { "d ", (uint64_t)24 * 3600 * LWS_US_PER_SEC }, - { "hr ", (uint64_t)3600 * LWS_US_PER_SEC }, - { "min", 60 * LWS_US_PER_SEC }, - { "s ", LWS_US_PER_SEC }, - { "ms ", LWS_US_PER_MS }, - { "us ", 1 }, - { NULL, 0 } -}; - -int -lws_humanize(char *p, int len, uint64_t v, const lws_humanize_unit_t *schema) -{ - do { - if (v >= schema->factor || schema->factor == 1) { - if (schema->factor == 1) - return lws_snprintf(p, len, - " %4"PRIu64"%s ", - v / schema->factor, schema->name); - - return lws_snprintf(p, len, " %4"PRIu64".%03"PRIu64"%s", - v / schema->factor, - (v % schema->factor) / (schema->factor / 1000), - schema->name); - } - schema++; - } while (schema->name); - - assert(0); - - return 0; -} - -int -lws_system_get_info(struct lws_context *context, lws_system_item_t item, - lws_system_arg_t arg, size_t *len) -{ - if (!context->system_ops || !context->system_ops->get_info) - return 1; - - return context->system_ops->get_info(item, arg, len); -} - -int -lws_system_reboot(struct lws_context *context) -{ - if (!context->system_ops || !context->system_ops->reboot) - return 1; - - return context->system_ops->reboot(); -} diff --git a/lib/core/logs.c b/lib/core/logs.c deleted file mode 100644 index dbece69..0000000 --- a/lib/core/logs.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifdef LWS_HAVE_SYS_TYPES_H -#include -#endif - -#if defined(LWS_PLAT_OPTEE) -void lwsl_emit_optee(int level, const char *line); -#endif - -int log_level = LLL_ERR | LLL_WARN | LLL_NOTICE; -static void (*lwsl_emit)(int level, const char *line) -#ifndef LWS_PLAT_OPTEE - = lwsl_emit_stderr -#else - = lwsl_emit_optee; -#endif - ; -#ifndef LWS_PLAT_OPTEE -static const char * const log_level_names[] = { - "E", - "W", - "N", - "I", - "D", - "P", - "H", - "EXT", - "C", - "L", - "U", - "T", - "?", - "?" -}; -#endif - -LWS_VISIBLE int -lwsl_timestamp(int level, char *p, int len) -{ -#ifndef LWS_PLAT_OPTEE -#ifndef _WIN32_WCE - time_t o_now = time(NULL); -#endif - unsigned long long now; - struct tm *ptm = NULL; -#ifndef WIN32 - struct tm tm; -#endif - int n; - -#ifndef _WIN32_WCE -#ifdef WIN32 - ptm = localtime(&o_now); -#else - if (localtime_r(&o_now, &tm)) - ptm = &tm; -#endif -#endif - p[0] = '\0'; - for (n = 0; n < LLL_COUNT; n++) { - if (level != (1 << n)) - continue; - now = lws_now_usecs() / 100; - if (ptm) - n = lws_snprintf(p, len, - "[%04d/%02d/%02d %02d:%02d:%02d:%04d] %s: ", - ptm->tm_year + 1900, - ptm->tm_mon + 1, - ptm->tm_mday, - ptm->tm_hour, - ptm->tm_min, - ptm->tm_sec, - (int)(now % 10000), log_level_names[n]); - else - n = lws_snprintf(p, len, "[%llu:%04d] %s: ", - (unsigned long long) now / 10000, - (int)(now % 10000), log_level_names[n]); - return n; - } -#else - p[0] = '\0'; -#endif - - return 0; -} - -#ifndef LWS_PLAT_OPTEE -static const char * const colours[] = { - "[31;1m", /* LLL_ERR */ - "[36;1m", /* LLL_WARN */ - "[35;1m", /* LLL_NOTICE */ - "[32;1m", /* LLL_INFO */ - "[34;1m", /* LLL_DEBUG */ - "[33;1m", /* LLL_PARSER */ - "[33m", /* LLL_HEADER */ - "[33m", /* LLL_EXT */ - "[33m", /* LLL_CLIENT */ - "[33;1m", /* LLL_LATENCY */ - "[30;1m", /* LLL_USER */ - "[31m", /* LLL_THREAD */ -}; - -static char tty; - -LWS_VISIBLE void -lwsl_emit_stderr(int level, const char *line) -{ - char buf[50]; - int n, m = LWS_ARRAY_SIZE(colours) - 1; - - if (!tty) - tty = isatty(2) | 2; - lwsl_timestamp(level, buf, sizeof(buf)); - - if (tty == 3) { - n = 1 << (LWS_ARRAY_SIZE(colours) - 1); - while (n) { - if (level & n) - break; - m--; - n >>= 1; - } - fprintf(stderr, "%c%s%s%s%c[0m", 27, colours[m], buf, line, 27); - } else - fprintf(stderr, "%s%s", buf, line); -} - -LWS_VISIBLE void -lwsl_emit_stderr_notimestamp(int level, const char *line) -{ - int n, m = LWS_ARRAY_SIZE(colours) - 1; - - if (!tty) - tty = isatty(2) | 2; - - if (tty == 3) { - n = 1 << (LWS_ARRAY_SIZE(colours) - 1); - while (n) { - if (level & n) - break; - m--; - n >>= 1; - } - fprintf(stderr, "%c%s%s%c[0m", 27, colours[m], line, 27); - } else - fprintf(stderr, "%s", line); -} - -#endif - -#if !(defined(LWS_PLAT_OPTEE) && !defined(LWS_WITH_NETWORK)) -LWS_VISIBLE void _lws_logv(int filter, const char *format, va_list vl) -{ - static char buf[256]; - int n; - - if (!(log_level & filter)) - return; - - n = vsnprintf(buf, sizeof(buf) - 1, format, vl); - (void)n; - /* vnsprintf returns what it would have written, even if truncated */ - if (n > (int)sizeof(buf) - 1) { - n = sizeof(buf) - 5; - buf[n++] = '.'; - buf[n++] = '.'; - buf[n++] = '.'; - buf[n++] = '\n'; - buf[n] = '\0'; - } - if (n > 0) - buf[n] = '\0'; - lwsl_emit(filter, buf); -} - -LWS_VISIBLE void _lws_log(int filter, const char *format, ...) -{ - va_list ap; - - va_start(ap, format); - _lws_logv(filter, format, ap); - va_end(ap); -} -#endif -LWS_VISIBLE void lws_set_log_level(int level, - void (*func)(int level, const char *line)) -{ - log_level = level; - if (func) - lwsl_emit = func; -} - -LWS_VISIBLE int lwsl_visible(int level) -{ - return log_level & level; -} - -LWS_VISIBLE void -lwsl_hexdump_level(int hexdump_level, const void *vbuf, size_t len) -{ - unsigned char *buf = (unsigned char *)vbuf; - unsigned int n; - - if (!lwsl_visible(hexdump_level)) - return; - - if (!len) { - _lws_log(hexdump_level, "(hexdump: zero length)\n"); - return; - } - - if (!vbuf) { - _lws_log(hexdump_level, "(hexdump: trying to dump %d at NULL)\n", - (int)len); - return; - } - - _lws_log(hexdump_level, "\n"); - - for (n = 0; n < len;) { - unsigned int start = n, m; - char line[80], *p = line; - - p += lws_snprintf(p, 10, "%04X: ", start); - - for (m = 0; m < 16 && n < len; m++) - p += lws_snprintf(p, 5, "%02X ", buf[n++]); - while (m++ < 16) - p += lws_snprintf(p, 5, " "); - - p += lws_snprintf(p, 6, " "); - - for (m = 0; m < 16 && (start + m) < len; m++) { - if (buf[start + m] >= ' ' && buf[start + m] < 127) - *p++ = buf[start + m]; - else - *p++ = '.'; - } - while (m++ < 16) - *p++ = ' '; - - *p++ = '\n'; - *p = '\0'; - _lws_log(hexdump_level, "%s", line); - (void)line; - } - - _lws_log(hexdump_level, "\n"); -} - -LWS_VISIBLE void -lwsl_hexdump(const void *vbuf, size_t len) -{ -#if defined(_DEBUG) - lwsl_hexdump_level(LLL_DEBUG, vbuf, len); -#endif -} diff --git a/lib/core/lws_dll.c b/lib/core/lws_dll.c deleted file mode 100644 index bbb9c2b..0000000 --- a/lib/core/lws_dll.c +++ /dev/null @@ -1,246 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifdef LWS_HAVE_SYS_TYPES_H -#include -#endif - - -void -lws_dll_add_head(struct lws_dll *d, struct lws_dll *phead) -{ - if (!lws_dll_is_detached(d, phead)) { - assert(0); /* only wholly detached things can be added */ - return; - } - - /* our next guy is current first guy, if any */ - if (phead->next != d) - d->next = phead->next; - - /* if there is a next guy, set his prev ptr to our next ptr */ - if (d->next) - d->next->prev = d; - /* there is nobody previous to us, we are the head */ - d->prev = NULL; - - /* set the first guy to be us */ - phead->next = d; - - /* if there was nothing on the list before, we are also now the tail */ - if (!phead->prev) - phead->prev = d; - - assert(d->prev != d); - assert(d->next != d); -} - -void -lws_dll_add_tail(struct lws_dll *d, struct lws_dll *phead) -{ - if (!lws_dll_is_detached(d, phead)) { - assert(0); /* only wholly detached things can be added */ - return; - } - - /* our previous guy is current last guy */ - d->prev = phead->prev; - /* if there is a prev guy, set his next ptr to our prev ptr */ - if (d->prev) - d->prev->next = d; - /* our next ptr is NULL */ - d->next = NULL; - /* set the last guy to be us */ - phead->prev = d; - - /* list head is also us if we're the first */ - if (!phead->next) - phead->next = d; - - assert(d->prev != d); - assert(d->next != d); -} - -void -lws_dll_insert(struct lws_dll *n, struct lws_dll *target, - struct lws_dll *phead, int before) -{ - if (!lws_dll_is_detached(n, phead)) { - assert(0); /* only wholly detached things can be inserted */ - return; - } - if (!target) { - /* - * the case where there's no target identified degenerates to - * a simple add at head or tail - */ - if (before) { - lws_dll_add_head(n, phead); - return; - } - lws_dll_add_tail(n, phead); - return; - } - - /* - * in the case there's a target "cursor", we have to do the work to - * stitch the new guy in appropriately - */ - - if (before) { - /* - * we go before dd - * DDp <-> DD <-> DDn --> DDp <-> us <-> DD <-> DDn - */ - /* we point forward to dd */ - n->next = target; - /* we point back to what dd used to point back to */ - n->prev = target->prev; - /* DDp points forward to us now */ - if (target->prev) - target->prev->next = n; - /* DD points back to us now */ - target->prev = n; - - /* if target was the head, we are now the head */ - if (phead->next == target) - phead->next = n; - - /* since we are before another guy, we cannot become the tail */ - - } else { - /* - * we go after dd - * DDp <-> DD <-> DDn --> DDp <-> DD <-> us <-> DDn - */ - /* we point forward to what dd used to point forward to */ - n->next = target->next; - /* we point back to dd */ - n->prev = target; - /* DDn points back to us */ - if (target->next) - target->next->prev = n; - /* DD points forward to us */ - target->next = n; - - /* if target was the tail, we are now the tail */ - if (phead->prev == target) - phead->prev = n; - - /* since we go after another guy, we cannot become the head */ - } -} - -/* situation is: - * - * HEAD: struct lws_dll * = &entry1 - * - * Entry 1: struct lws_dll .pprev = &HEAD , .next = Entry 2 - * Entry 2: struct lws_dll .pprev = &entry1 , .next = &entry2 - * Entry 3: struct lws_dll .pprev = &entry2 , .next = NULL - * - * Delete Entry1: - * - * - HEAD = &entry2 - * - Entry2: .pprev = &HEAD, .next = &entry3 - * - Entry3: .pprev = &entry2, .next = NULL - * - * Delete Entry2: - * - * - HEAD = &entry1 - * - Entry1: .pprev = &HEAD, .next = &entry3 - * - Entry3: .pprev = &entry1, .next = NULL - * - * Delete Entry3: - * - * - HEAD = &entry1 - * - Entry1: .pprev = &HEAD, .next = &entry2 - * - Entry2: .pprev = &entry1, .next = NULL - * - */ - -void -lws_dll_remove(struct lws_dll *d) -{ - if (!d->prev && !d->next) - return; - - /* - * remove us - * - * USp <-> us <-> USn --> USp <-> USn - */ - - /* if we have a next guy, set his prev to our prev */ - if (d->next) - d->next->prev = d->prev; - - /* set our prev guy to our next guy instead of us */ - if (d->prev) - d->prev->next = d->next; - - /* we're out of the list, we should not point anywhere any more */ - d->prev = NULL; - d->next = NULL; -} - -void -lws_dll_remove_track_tail(struct lws_dll *d, struct lws_dll *phead) -{ - if (lws_dll_is_detached(d, phead)) { - assert(phead->prev != d); - assert(phead->next != d); - return; - } - - /* if we have a next guy, set his prev to our prev */ - if (d->next) - d->next->prev = d->prev; - - /* if we have a previous guy, set his next to our next */ - if (d->prev) - d->prev->next = d->next; - - if (phead->prev == d) - phead->prev = d->prev; - - if (phead->next == d) - phead->next = d->next; - - /* we're out of the list, we should not point anywhere any more */ - d->prev = NULL; - d->next = NULL; -} - - -int -lws_dll_foreach_safe(struct lws_dll *phead, void *user, - int (*cb)(struct lws_dll *d, void *user)) -{ - lws_start_foreach_dll_safe(struct lws_dll *, p, tp, phead->next) { - if (cb(p, user)) - return 1; - } lws_end_foreach_dll_safe(p, tp); - - return 0; -} diff --git a/lib/core/lws_dll2.c b/lib/core/lws_dll2.c deleted file mode 100644 index f3b47f9..0000000 --- a/lib/core/lws_dll2.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#ifdef LWS_HAVE_SYS_TYPES_H -#include -#endif - -int -lws_dll2_foreach_safe(struct lws_dll2_owner *owner, void *user, - int (*cb)(struct lws_dll2 *d, void *user)) -{ - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, owner->head) { - if (cb(p, user)) - return 1; - } lws_end_foreach_dll_safe(p, tp); - - return 0; -} - -void -lws_dll2_add_head(struct lws_dll2 *d, struct lws_dll2_owner *owner) -{ - if (!lws_dll2_is_detached(d)) { - assert(0); /* only wholly detached things can be added */ - return; - } - - /* our next guy is current first guy, if any */ - if (owner->head != d) - d->next = owner->head; - - /* if there is a next guy, set his prev ptr to our next ptr */ - if (d->next) - d->next->prev = d; - /* there is nobody previous to us, we are the head */ - d->prev = NULL; - - /* set the first guy to be us */ - owner->head = d; - - if (!owner->tail) - owner->tail = d; - - d->owner = owner; - owner->count++; -} - -/* - * add us to the list that 'after' is in, just before him - */ - -void -lws_dll2_add_before(struct lws_dll2 *d, struct lws_dll2 *after) -{ - lws_dll2_owner_t *owner = after->owner; - - if (!lws_dll2_is_detached(d)) { - assert(0); /* only wholly detached things can be added */ - return; - } - - if (lws_dll2_is_detached(after)) { - assert(0); /* can't add after something detached */ - return; - } - - d->owner = owner; - - /* we need to point forward to after */ - - d->next = after; - - /* we need to point back to after->prev */ - - d->prev = after->prev; - - /* guy that used to point to after, needs to point to us */ - - if (after->prev) - after->prev->next = d; - else - owner->head = d; - - /* then after needs to point back to us */ - - after->prev = d; - - owner->count++; -} - -void -lws_dll2_add_tail(struct lws_dll2 *d, struct lws_dll2_owner *owner) -{ - if (!lws_dll2_is_detached(d)) { - assert(0); /* only wholly detached things can be added */ - return; - } - - /* our previous guy is current last guy */ - d->prev = owner->tail; - /* if there is a prev guy, set his next ptr to our prev ptr */ - if (d->prev) - d->prev->next = d; - /* our next ptr is NULL */ - d->next = NULL; - /* set the last guy to be us */ - owner->tail = d; - - /* list head is also us if we're the first */ - if (!owner->head) - owner->head = d; - - d->owner = owner; - owner->count++; -} - -void -lws_dll2_remove(struct lws_dll2 *d) -{ - if (lws_dll2_is_detached(d)) - return; - - /* if we have a next guy, set his prev to our prev */ - if (d->next) - d->next->prev = d->prev; - - /* if we have a previous guy, set his next to our next */ - if (d->prev) - d->prev->next = d->next; - - /* if we have phead, track the tail and head if it points to us... */ - - if (d->owner->tail == d) - d->owner->tail = d->prev; - - if (d->owner->head == d) - d->owner->head = d->next; - - d->owner->count--; - - /* we're out of the list, we should not point anywhere any more */ - d->owner = NULL; - d->prev = NULL; - d->next = NULL; -} - -void -lws_dll2_clear(struct lws_dll2 *d) -{ - d->owner = NULL; - d->prev = NULL; - d->next = NULL; -} - -void -lws_dll2_owner_clear(struct lws_dll2_owner *d) -{ - d->head = NULL; - d->tail = NULL; - d->count = 0; -} - -void -lws_dll2_add_sorted(lws_dll2_t *d, lws_dll2_owner_t *own, - int (*compare)(const lws_dll2_t *d, const lws_dll2_t *i)) -{ - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - lws_dll2_get_head(own)) { - assert(p != d); - - if (compare(p, d) >= 0) { - /* drop us in before this guy */ - lws_dll2_add_before(d, p); - - // lws_dll2_describe(own, "post-insert"); - - return; - } - } lws_end_foreach_dll_safe(p, tp); - - /* - * Either nobody on the list yet to compare him to, or he's the - * furthest away timeout... stick him at the tail end - */ - - lws_dll2_add_tail(d, own); -} - -#if defined(_DEBUG) - -void -lws_dll2_describe(lws_dll2_owner_t *owner, const char *desc) -{ - int n = 1; - - lwsl_info("%s: %s: owner %p: count %d, head %p, tail %p\n", - __func__, desc, owner, owner->count, owner->head, owner->tail); - - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - lws_dll2_get_head(owner)) { - lwsl_info("%s: %d: %p: owner %p, prev %p, next %p\n", - __func__, n++, p, p->owner, p->prev, p->next); - } lws_end_foreach_dll_safe(p, tp); -} - -#endif diff --git a/lib/core/private.h b/lib/core/private.h deleted file mode 100644 index 4e03929..0000000 --- a/lib/core/private.h +++ /dev/null @@ -1,621 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "lws_config.h" -#include "lws_config_private.h" - -#if defined(LWS_WITH_CGI) && defined(LWS_HAVE_VFORK) && \ - !defined(NO_GNU_SOURCE_THIS_TIME) - #define _GNU_SOURCE -#endif - -/* -#if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 200112L -#endif -*/ - -#include -#include -#include -#include -#include -#include -#include - -#ifdef LWS_HAVE_INTTYPES_H -#include -#endif - -#include - -#ifdef LWS_HAVE_SYS_TYPES_H - #include -#endif -#if defined(LWS_HAVE_SYS_STAT_H) && !defined(LWS_PLAT_OPTEE) - #include -#endif - -#if LWS_MAX_SMP > 1 - #include -#endif - -#ifndef LWS_DEF_HEADER_LEN -#define LWS_DEF_HEADER_LEN 4096 -#endif -#ifndef LWS_DEF_HEADER_POOL -#define LWS_DEF_HEADER_POOL 4 -#endif -#ifndef LWS_MAX_PROTOCOLS -#define LWS_MAX_PROTOCOLS 5 -#endif -#ifndef LWS_MAX_EXTENSIONS_ACTIVE -#define LWS_MAX_EXTENSIONS_ACTIVE 1 -#endif -#ifndef LWS_MAX_EXT_OFFERS -#define LWS_MAX_EXT_OFFERS 8 -#endif -#ifndef SPEC_LATEST_SUPPORTED -#define SPEC_LATEST_SUPPORTED 13 -#endif -#ifndef AWAITING_TIMEOUT -#define AWAITING_TIMEOUT 20 -#endif -#ifndef CIPHERS_LIST_STRING -#define CIPHERS_LIST_STRING "DEFAULT" -#endif -#ifndef LWS_SOMAXCONN -#define LWS_SOMAXCONN SOMAXCONN -#endif - -#define MAX_WEBSOCKET_04_KEY_LEN 128 - -#ifndef SYSTEM_RANDOM_FILEPATH -#define SYSTEM_RANDOM_FILEPATH "/dev/urandom" -#endif - -#define LWS_H2_RX_SCRATCH_SIZE 512 - -#define lws_socket_is_valid(x) (x != LWS_SOCK_INVALID) - -#ifndef LWS_HAVE_STRERROR - #define strerror(x) "" -#endif - - - /* - * - * ------ private platform defines ------ - * - */ - -#if defined(LWS_WITH_ESP32) - #include "plat/esp32/private.h" -#else - #if defined(WIN32) || defined(_WIN32) - #include "plat/windows/private.h" - #else - #if defined(LWS_PLAT_OPTEE) - #include "plat/optee/private.h" - #else - #include "plat/unix/private.h" - #endif - #endif -#endif - - /* - * - * ------ public api ------ - * - */ - -#include "libwebsockets.h" - -#include "tls/private.h" - -#if defined(WIN32) || defined(_WIN32) - // Visual studio older than 2015 and WIN_CE has only _stricmp - #if (defined(_MSC_VER) && _MSC_VER < 1900) || defined(_WIN32_WCE) - #define strcasecmp _stricmp - #define strncasecmp _strnicmp - #elif !defined(__MINGW32__) - #define strcasecmp stricmp - #define strncasecmp strnicmp - #endif - #define getdtablesize() 30000 -#endif - -#ifndef LWS_ARRAY_SIZE -#define LWS_ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0])) -#endif - -#ifdef __cplusplus -extern "C" { -#endif - - - -#if defined(__clang__) -#define lws_memory_barrier() __sync_synchronize() -#elif defined(__GNUC__) -#define lws_memory_barrier() __sync_synchronize() -#else -#define lws_memory_barrier() -#endif - - -struct lws_ring { - void *buf; - void (*destroy_element)(void *element); - uint32_t buflen; - uint32_t element_len; - uint32_t head; - uint32_t oldest_tail; -}; - -struct lws_protocols; -struct lws; - -#if defined(LWS_WITH_NETWORK) -#include "event-libs/private.h" - - -struct lws_io_watcher { -#ifdef LWS_WITH_LIBEV - struct lws_io_watcher_libev ev; -#endif -#ifdef LWS_WITH_LIBUV - struct lws_io_watcher_libuv uv; -#endif -#ifdef LWS_WITH_LIBEVENT - struct lws_io_watcher_libevent event; -#endif - struct lws_context *context; - - uint8_t actual_events; -}; - -struct lws_signal_watcher { -#ifdef LWS_WITH_LIBEV - struct lws_signal_watcher_libev ev; -#endif -#ifdef LWS_WITH_LIBUV - struct lws_signal_watcher_libuv uv; -#endif -#ifdef LWS_WITH_LIBEVENT - struct lws_signal_watcher_libevent event; -#endif - struct lws_context *context; -}; - -struct lws_foreign_thread_pollfd { - struct lws_foreign_thread_pollfd *next; - int fd_index; - int _and; - int _or; -}; -#endif - -#if LWS_MAX_SMP > 1 - -struct lws_mutex_refcount { - pthread_mutex_t lock; - pthread_t lock_owner; - const char *last_lock_reason; - char lock_depth; - char metadata; -}; - -void -lws_mutex_refcount_init(struct lws_mutex_refcount *mr); - -void -lws_mutex_refcount_destroy(struct lws_mutex_refcount *mr); - -void -lws_mutex_refcount_lock(struct lws_mutex_refcount *mr, const char *reason); - -void -lws_mutex_refcount_unlock(struct lws_mutex_refcount *mr); -#endif - -#if defined(LWS_WITH_NETWORK) -#include "core-net/private.h" -#endif - -struct lws_deferred_free -{ - struct lws_deferred_free *next; - time_t deadline; - void *payload; -}; - -/* - * the rest is managed per-context, that includes - * - * - processwide single fd -> wsi lookup - * - contextwide headers pool - */ - -struct lws_context { - time_t last_ws_ping_pong_check_s; - lws_usec_t time_up; /* monotonic */ - const struct lws_plat_file_ops *fops; - struct lws_plat_file_ops fops_platform; - struct lws_context **pcontext_finalize; - - const struct lws_tls_ops *tls_ops; - - const char *username, *groupname; - -#if defined(LWS_WITH_HTTP2) - struct http2_settings set; -#endif -#if defined(LWS_WITH_ZIP_FOPS) - struct lws_plat_file_ops fops_zip; -#endif -#if defined(LWS_WITH_NETWORK) - struct lws_context_per_thread pt[LWS_MAX_SMP]; - struct lws_conn_stats conn_stats; - struct lws_vhost *vhost_list; - struct lws_vhost *no_listener_vhost_list; - struct lws_vhost *vhost_pending_destruction_list; - struct lws_plugin *plugin_list; -#ifdef _WIN32 -/* different implementation between unix and windows */ - struct lws_fd_hashtable fd_hashtable[FD_HASHTABLE_MODULUS]; -#else - struct lws **lws_lookup; - -#endif -#endif -#if LWS_MAX_SMP > 1 - struct lws_mutex_refcount mr; -#endif - -#if defined(LWS_AMAZON_RTOS) - mbedtls_entropy_context mec; - mbedtls_ctr_drbg_context mcdc; -#endif - - struct lws_deferred_free *deferred_free_list; - -#if defined(LWS_WITH_THREADPOOL) - struct lws_threadpool *tp_list_head; -#endif - -#if defined(LWS_WITH_PEER_LIMITS) - struct lws_peer **pl_hash_table; - struct lws_peer *peer_wait_list; - time_t next_cull; -#endif - - const lws_system_ops_t *system_ops; - void *external_baggage_free_on_destroy; - const struct lws_token_limits *token_limits; - void *user_space; - const struct lws_protocol_vhost_options *reject_service_keywords; - lws_reload_func deprecation_cb; - void (*eventlib_signal_cb)(void *event_lib_handle, int signum); - -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) - cap_value_t caps[4]; - char count_caps; -#endif - -#if defined(LWS_WITH_NETWORK) -#if defined(LWS_WITH_LIBEV) - struct lws_context_eventlibs_libev ev; -#endif -#if defined(LWS_WITH_LIBUV) - struct lws_context_eventlibs_libuv uv; -#endif -#if defined(LWS_WITH_LIBEVENT) - struct lws_context_eventlibs_libevent event; -#endif - struct lws_event_loop_ops *event_loop_ops; -#endif - -#if defined(LWS_WITH_TLS) && defined(LWS_WITH_NETWORK) - struct lws_context_tls tls; -#endif - - char canonical_hostname[128]; - const char *server_string; - -#ifdef LWS_LATENCY - unsigned long worst_latency; - char worst_latency_info[256]; -#endif - -#if defined(LWS_WITH_ESP32) - unsigned long time_last_state_dump; - uint32_t last_free_heap; -#endif - - int max_fds; - int count_event_loop_static_asset_handles; -#if !defined(LWS_NO_DAEMONIZE) - pid_t started_with_parent; -#endif - int uid, gid; - - int fd_random; - - int count_wsi_allocated; - int count_cgi_spawned; - unsigned int options; - unsigned int fd_limit_per_thread; - unsigned int timeout_secs; - unsigned int pt_serv_buf_size; - int max_http_header_data; - int max_http_header_pool; - int simultaneous_ssl_restriction; - int simultaneous_ssl; -#if defined(LWS_WITH_PEER_LIMITS) - uint32_t pl_hash_elements; /* protected by context->lock */ - uint32_t count_peers; /* protected by context->lock */ - unsigned short ip_limit_ah; - unsigned short ip_limit_wsi; -#endif - unsigned int deprecated:1; - unsigned int being_destroyed:1; - unsigned int being_destroyed1:1; - unsigned int being_destroyed2:1; - unsigned int requested_kill:1; - unsigned int protocol_init_done:1; - unsigned int doing_protocol_init:1; - unsigned int done_protocol_destroy_cb:1; - unsigned int finalize_destroy_after_internal_loops_stopped:1; - unsigned int max_fds_unrelated_to_ulimit:1; - - short count_threads; - short plugin_protocol_count; - short plugin_extension_count; - short server_string_len; - unsigned short ws_ping_pong_interval; - unsigned short deprecation_pending_listen_close_count; - - uint8_t max_fi; - -#if defined(LWS_WITH_STATS) - uint8_t updated; -#endif -}; - -int -lws_check_deferred_free(struct lws_context *context, int tsi, int force); - -#define lws_get_context_protocol(ctx, x) ctx->vhost_list->protocols[x] -#define lws_get_vh_protocol(vh, x) vh->protocols[x] - -int -lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max); - -void -lws_vhost_destroy1(struct lws_vhost *vh); - - -#if defined(LWS_WITH_ESP32) -LWS_EXTERN int -lws_find_string_in_file(const char *filename, const char *str, int stringlen); -#endif - - -signed char char_to_hex(const char c); - - -struct lws_buflist { - struct lws_buflist *next; - - size_t len; - size_t pos; - - uint8_t buf[1]; /* true length of this is set by the oversize malloc */ -}; - - -LWS_EXTERN char * -lws_strdup(const char *s); - -LWS_EXTERN int log_level; - - - -#ifndef LWS_LATENCY -static LWS_INLINE void -lws_latency(struct lws_context *context, struct lws *wsi, const char *action, - int ret, int completion) { - do { - (void)context; (void)wsi; (void)action; (void)ret; - (void)completion; - } while (0); -} -static LWS_INLINE void -lws_latency_pre(struct lws_context *context, struct lws *wsi) { - do { (void)context; (void)wsi; } while (0); -} -#else -#define lws_latency_pre(_context, _wsi) lws_latency(_context, _wsi, NULL, 0, 0) -extern void -lws_latency(struct lws_context *context, struct lws *wsi, const char *action, - int ret, int completion); -#endif - - -LWS_EXTERN int -lws_b64_selftest(void); - - - - - -#ifndef LWS_NO_DAEMONIZE - LWS_EXTERN pid_t get_daemonize_pid(); -#else - #define get_daemonize_pid() (0) -#endif - -LWS_EXTERN void lwsl_emit_stderr(int level, const char *line); - -#if !defined(LWS_WITH_TLS) - #define LWS_SSL_ENABLED(context) (0) - #define lws_context_init_server_ssl(_a, _b) (0) - #define lws_ssl_destroy(_a) - #define lws_context_init_alpn(_a) - #define lws_ssl_capable_read lws_ssl_capable_read_no_ssl - #define lws_ssl_capable_write lws_ssl_capable_write_no_ssl - #define lws_ssl_pending lws_ssl_pending_no_ssl - #define lws_server_socket_service_ssl(_b, _c) (0) - #define lws_ssl_close(_a) (0) - #define lws_ssl_context_destroy(_a) - #define lws_ssl_SSL_CTX_destroy(_a) - #define lws_ssl_remove_wsi_from_buffered_list(_a) - #define __lws_ssl_remove_wsi_from_buffered_list(_a) - #define lws_context_init_ssl_library(_a) - #define lws_context_deinit_ssl_library(_a) - #define lws_tls_check_all_cert_lifetimes(_a) - #define lws_tls_acme_sni_cert_destroy(_a) -#endif - - - -#if LWS_MAX_SMP > 1 -#define lws_context_lock(c, reason) lws_mutex_refcount_lock(&c->mr, reason) -#define lws_context_unlock(c) lws_mutex_refcount_unlock(&c->mr) - -static LWS_INLINE void -lws_vhost_lock(struct lws_vhost *vhost) -{ - pthread_mutex_lock(&vhost->lock); -} - -static LWS_INLINE void -lws_vhost_unlock(struct lws_vhost *vhost) -{ - pthread_mutex_unlock(&vhost->lock); -} - - -#else -#define lws_pt_mutex_init(_a) (void)(_a) -#define lws_pt_mutex_destroy(_a) (void)(_a) -#define lws_pt_lock(_a, b) (void)(_a) -#define lws_pt_unlock(_a) (void)(_a) -#define lws_context_lock(_a, _b) (void)(_a) -#define lws_context_unlock(_a) (void)(_a) -#define lws_vhost_lock(_a) (void)(_a) -#define lws_vhost_unlock(_a) (void)(_a) -#define lws_pt_stats_lock(_a) (void)(_a) -#define lws_pt_stats_unlock(_a) (void)(_a) -#endif - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, int len); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len); - -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_pending_no_ssl(struct lws *wsi); - -int -lws_tls_check_cert_lifetime(struct lws_vhost *vhost); - -int lws_jws_selftest(void); -int lws_jwe_selftest(void); - -int -lws_protocol_init(struct lws_context *context); - -int -lws_bind_protocol(struct lws *wsi, const struct lws_protocols *p, - const char *reason); - -const struct lws_protocol_vhost_options * -lws_vhost_protocol_options(struct lws_vhost *vh, const char *name); - -const struct lws_http_mount * -lws_find_mount(struct lws *wsi, const char *uri_ptr, int uri_len); - -/* - * custom allocator - */ -LWS_EXTERN void * -lws_realloc(void *ptr, size_t size, const char *reason); - -LWS_EXTERN void * LWS_WARN_UNUSED_RESULT -lws_zalloc(size_t size, const char *reason); - -#ifdef LWS_PLAT_OPTEE -void *lws_malloc(size_t size, const char *reason); -void lws_free(void *p); -#define lws_free_set_NULL(P) do { lws_free(P); (P) = NULL; } while(0) -#else -#define lws_malloc(S, R) lws_realloc(NULL, S, R) -#define lws_free(P) lws_realloc(P, 0, "lws_free") -#define lws_free_set_NULL(P) do { lws_realloc(P, 0, "free"); (P) = NULL; } while(0) -#endif - -int -lws_create_event_pipes(struct lws_context *context); - -int -lws_plat_apply_FD_CLOEXEC(int n); - -const struct lws_plat_file_ops * -lws_vfs_select_fops(const struct lws_plat_file_ops *fops, const char *vfs_path, - const char **vpath); - -/* lws_plat_ */ - -LWS_EXTERN int -lws_plat_context_early_init(void); -LWS_EXTERN void -lws_plat_context_early_destroy(struct lws_context *context); -LWS_EXTERN void -lws_plat_context_late_destroy(struct lws_context *context); - -LWS_EXTERN int -lws_plat_init(struct lws_context *context, - const struct lws_context_creation_info *info); -LWS_EXTERN int -lws_plat_drop_app_privileges(struct lws_context *context, int actually_drop); - -#if defined(LWS_WITH_UNIX_SOCK) -int -lws_plat_user_colon_group_to_ids(const char *u_colon_g, uid_t *puid, gid_t *pgid); -#endif - -LWS_EXTERN int -lws_check_byte_utf8(unsigned char state, unsigned char c); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_check_utf8(unsigned char *state, unsigned char *buf, size_t len); -LWS_EXTERN int alloc_file(struct lws_context *context, const char *filename, - uint8_t **buf, lws_filepos_t *amount); - -void -lws_context_destroy2(struct lws_context *context); - - -#ifdef __cplusplus -}; -#endif diff --git a/lib/core/vfs.c b/lib/core/vfs.c deleted file mode 100644 index 0f37d90..0000000 --- a/lib/core/vfs.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -LWS_VISIBLE LWS_EXTERN void -lws_set_fops(struct lws_context *context, const struct lws_plat_file_ops *fops) -{ - context->fops = fops; -} - -LWS_VISIBLE LWS_EXTERN lws_filepos_t -lws_vfs_tell(lws_fop_fd_t fop_fd) -{ - return fop_fd->pos; -} - -LWS_VISIBLE LWS_EXTERN lws_filepos_t -lws_vfs_get_length(lws_fop_fd_t fop_fd) -{ - return fop_fd->len; -} - -LWS_VISIBLE LWS_EXTERN uint32_t -lws_vfs_get_mod_time(lws_fop_fd_t fop_fd) -{ - return fop_fd->mod_time; -} - -LWS_VISIBLE lws_fileofs_t -lws_vfs_file_seek_set(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - lws_fileofs_t ofs; - - ofs = fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, offset - fop_fd->pos); - - return ofs; -} - - -LWS_VISIBLE lws_fileofs_t -lws_vfs_file_seek_end(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - return fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, fop_fd->len + - fop_fd->pos + offset); -} - - -const struct lws_plat_file_ops * -lws_vfs_select_fops(const struct lws_plat_file_ops *fops, const char *vfs_path, - const char **vpath) -{ - const struct lws_plat_file_ops *pf; - const char *p = vfs_path; - int n; - - *vpath = NULL; - - /* no non-platform fops, just use that */ - - if (!fops->next) - return fops; - - /* - * scan the vfs path looking for indications we are to be - * handled by a specific fops - */ - - while (p && *p) { - if (*p != '/') { - p++; - continue; - } - /* the first one is always platform fops, so skip */ - pf = fops->next; - while (pf) { - n = 0; - while (n < (int)LWS_ARRAY_SIZE(pf->fi) && pf->fi[n].sig) { - if (p >= vfs_path + pf->fi[n].len) - if (!strncmp(p - (pf->fi[n].len - 1), - pf->fi[n].sig, - pf->fi[n].len - 1)) { - *vpath = p + 1; - return pf; - } - - n++; - } - pf = pf->next; - } - p++; - } - - return fops; -} - -LWS_VISIBLE LWS_EXTERN lws_fop_fd_t LWS_WARN_UNUSED_RESULT -lws_vfs_file_open(const struct lws_plat_file_ops *fops, const char *vfs_path, - lws_fop_flags_t *flags) -{ - const char *vpath = ""; - const struct lws_plat_file_ops *selected; - - selected = lws_vfs_select_fops(fops, vfs_path, &vpath); - - return selected->LWS_FOP_OPEN(fops, vfs_path, vpath, flags); -} - - -LWS_VISIBLE struct lws_plat_file_ops * -lws_get_fops(struct lws_context *context) -{ - return (struct lws_plat_file_ops *)context->fops; -} - diff --git a/lib/misc/daemonize.c b/lib/daemonize.c similarity index 80% rename from lib/misc/daemonize.c rename to lib/daemonize.c index 7378f19..8ec58a3 100644 --- a/lib/misc/daemonize.c +++ b/lib/daemonize.c @@ -9,10 +9,6 @@ * * This version is LGPL2.1+SLE like the rest of libwebsockets and is * Copyright (c)2006 - 2013 Andy Green - * - * - * You're much better advised to use systemd to daemonize stuff without needing - * this kind of support in the app itself. */ #include @@ -26,12 +22,12 @@ #include #include -#include "core/private.h" +#include "private-libwebsockets.h" -pid_t pid_daemon; +int pid_daemon; static char *lock_path; -pid_t get_daemonize_pid() +int get_daemonize_pid() { return pid_daemon; } @@ -39,7 +35,7 @@ pid_t get_daemonize_pid() static void child_handler(int signum) { - int len, sent, fd; + int fd, len, sent; char sz[20]; switch (signum) { @@ -50,27 +46,25 @@ child_handler(int signum) case SIGUSR1: /* positive confirmation we daemonized well */ - if (!lock_path) - exit(0); + if (lock_path) { + /* Create the lock file as the current user */ - /* Create the lock file as the current user */ + fd = open(lock_path, O_TRUNC | O_RDWR | O_CREAT, 0640); + if (fd < 0) { + fprintf(stderr, + "unable to create lock file %s, code=%d (%s)\n", + lock_path, errno, strerror(errno)); + exit(0); + } + len = sprintf(sz, "%u", pid_daemon); + sent = write(fd, sz, len); + if (sent != len) + fprintf(stderr, + "unable to write pid to lock file %s, code=%d (%s)\n", + lock_path, errno, strerror(errno)); - fd = lws_open(lock_path, O_TRUNC | O_RDWR | O_CREAT, 0640); - if (fd < 0) { - fprintf(stderr, - "unable to create lock file %s, code=%d (%s)\n", - lock_path, errno, strerror(errno)); - exit(0); + close(fd); } - len = sprintf(sz, "%u", (unsigned int)pid_daemon); - sent = write(fd, sz, len); - if (sent != len) - fprintf(stderr, - "unable to write pid to lock file %s, code=%d (%s)\n", - lock_path, errno, strerror(errno)); - - close(fd); - exit(0); //!!(sent == len)); @@ -104,39 +98,35 @@ lws_daemonize(const char *_lock_path) { struct sigaction act; pid_t sid, parent; + int n, fd, ret; + char buf[10]; /* already a daemon */ // if (getppid() == 1) // return 1; if (_lock_path) { - int n; - - int fd = lws_open(_lock_path, O_RDONLY); + fd = open(_lock_path, O_RDONLY); if (fd >= 0) { - char buf[10]; - n = read(fd, buf, sizeof(buf)); close(fd); if (n) { - int ret; n = atoi(buf); ret = kill(n, 0); if (ret >= 0) { fprintf(stderr, - "Daemon already running pid %d\n", - n); + "Daemon already running from pid %d\n", n); exit(1); } fprintf(stderr, - "Removing stale lock %s from dead pid %d\n", - _lock_path, n); + "Removing stale lock file %s from dead pid %d\n", + _lock_path, n); unlink(lock_path); } } n = strlen(_lock_path) + 1; - lock_path = lws_malloc(n, "daemonize lock"); + lock_path = lws_malloc(n); if (!lock_path) { fprintf(stderr, "Out of mem in lws_daemonize\n"); return 1; @@ -151,7 +141,7 @@ lws_daemonize(const char *_lock_path) /* Fork off the parent process */ pid_daemon = fork(); - if ((int)pid_daemon < 0) { + if (pid_daemon < 0) { fprintf(stderr, "unable to fork daemon, code=%d (%s)", errno, strerror(errno)); exit(9); diff --git a/lib/event-libs/README.md b/lib/event-libs/README.md deleted file mode 100644 index ccfbb7c..0000000 --- a/lib/event-libs/README.md +++ /dev/null @@ -1,124 +0,0 @@ -## Information for new event lib implementers - -### Introduction - -By default lws has built-in support for POSIX poll() as the event loop. - -However either to get access to epoll() or other platform specific better -poll waits, or to integrate with existing applications already using a -specific event loop, it can be desirable for lws to use another external -event library, like libuv, libevent or libev. - -### Code placement - -The code specific to the event library should live in `./lib/event-libs/**lib name**` - -### Allowing control over enabling event libs - -All event libs should add a cmake define `LWS_WITH_**lib name**` and make its build -dependent on it in CMakeLists.txt. Export the cmakedefine in `./cmake/lws_config.h.in` -as well so user builds can understand if the event lib is available in the lws build it is -trying to bind to. - -If the event lib is disabled in cmake, nothing in its directory is built or referenced. - -### Event loop ops struct - -The event lib support is defined by `struct lws_event_loop_ops` in `lib/event-libs/private.h`, -each event lib support instantiates one of these and fills in the appropriate ops -callbacks to perform its job. By convention that lives in -`./lib/event-libs/**lib name**/**lib_name**.c`. - -### Private event lib declarations - -Truly private declarations for the event lib can go in the event-libs directory as you like. -However when the declarations must be accessible to other things in lws build, eg, -the event lib support adds members to `struct lws` when enabled, they should be in the -event lib supporr directory in a file `private.h`. - -Search for "bring in event libs private declarations" in `./lib/core/private.h -and add your private event lib support file there following the style used for the other -event libs, eg, - -``` -#if defined(LWS_WITH_LIBUV) - #include "event-libs/libuv/private.h" -#endif -``` - -If the event lib support is disabled at cmake, nothing from its private.h should be used anywhere. - -### Integrating event lib assets to lws - -If your event lib needs special storage in lws objects, that's no problem. But to keep -things sane, there are some rules. - - - declare a "container struct" in your private.h for everything, eg, the libuv event - lib support need to add its own assets in the perthread struct, it declares in its private.h - -``` -struct lws_pt_eventlibs_libuv { - uv_loop_t *io_loop; - uv_signal_t signals[8]; - uv_timer_t timeout_watcher; - uv_timer_t hrtimer; - uv_idle_t idle; -}; -``` - - - add your event lib content in one place in the related lws struct, protected by `#if defined(LWS_WITH_**lib name**)`, - eg, again for LWS_WITH_LIBUV - -``` -struct lws_context_per_thread { - -... - -#if defined(LWS_WITH_LIBUV) - struct lws_pt_eventlibs_libuv uv; -#endif - -... -``` - -### Adding to lws available event libs list - -Edit the NULL-terminated array `available_event_libs` at the top of `./lib/context.c` to include -a pointer to your new event lib support's ops struct, following the style already there. - -``` -const struct lws_event_loop_ops *available_event_libs[] = { -#if defined(LWS_WITH_POLL) - &event_loop_ops_poll, -#endif -#if defined(LWS_WITH_LIBUV) - &event_loop_ops_uv, -#endif -... -``` - -This is used to provide a list of avilable configured backends. - -### Enabling event lib adoption - -You need to add a `LWS_SERVER_OPTION...` flag as necessary in `./lib/libwebsockets.h` -`enum lws_context_options`, and follow the existing code in `lws_create_context()` -to convert the flag into binding your ops struct to the context. - -### Implementation of the event lib bindings - -Study eg libuv implementation, using the available ops in the struct lws_event_loop_ops -as a guide. - -### Destruction - -Ending the event loop is generally a bit tricky, because if the event loop is internal -to the lws context, you cannot destroy it while the event loop is running. - -Don't add special exports... we tried that, it's a huge mess. The same user code should be able -work with any of the event loops including poll. - -The solution we found was hide the different processing necessary for the different cases in -lws_destroy_context(). To help with that there are ops available at two different places in -the context destroy processing. - diff --git a/lib/event-libs/libev/libev.c b/lib/event-libs/libev/libev.c deleted file mode 100644 index c244955..0000000 --- a/lib/event-libs/libev/libev.c +++ /dev/null @@ -1,375 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static void -lws_ev_hrtimer_cb(struct ev_loop *loop, struct ev_timer *watcher, int revents) -{ - struct lws_context_per_thread *pt = - (struct lws_context_per_thread *)watcher->data; - lws_usec_t us; - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) { - ev_timer_set(&pt->ev.hrtimer, ((float)us) / 1000000.0, 0); - ev_timer_start(pt->ev.io_loop, &pt->ev.hrtimer); - } - lws_pt_unlock(pt); -} - -static void -lws_ev_idle_cb(struct ev_loop *loop, struct ev_idle *handle, int revents) -{ - struct lws_context_per_thread *pt = lws_container_of(handle, - struct lws_context_per_thread, ev.idle); - lws_usec_t us; - - lws_service_do_ripe_rxflow(pt); - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) - /* -1 timeout means just do forced service */ - _lws_plat_service_forced_tsi(pt->context, pt->tid); - - /* account for hrtimer */ - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) { - ev_timer_set(&pt->ev.hrtimer, ((float)us) / 1000000.0, 0); - ev_timer_start(pt->ev.io_loop, &pt->ev.hrtimer); - } - lws_pt_unlock(pt); - - /* there is nobody who needs service forcing, shut down idle */ - ev_idle_stop(loop, handle); -} - -static void -lws_accept_cb(struct ev_loop *loop, struct ev_io *watcher, int revents) -{ - struct lws_context_per_thread *pt; - struct lws_io_watcher *lws_io = lws_container_of(watcher, - struct lws_io_watcher, ev.watcher); - struct lws_context *context = lws_io->context; - struct lws_pollfd eventfd; - struct lws *wsi; - - if (revents & EV_ERROR) - return; - - eventfd.fd = watcher->fd; - eventfd.events = 0; - eventfd.revents = EV_NONE; - - if (revents & EV_READ) { - eventfd.events |= LWS_POLLIN; - eventfd.revents |= LWS_POLLIN; - } - if (revents & EV_WRITE) { - eventfd.events |= LWS_POLLOUT; - eventfd.revents |= LWS_POLLOUT; - } - - wsi = wsi_from_fd(context, watcher->fd); - pt = &context->pt[(int)wsi->tsi]; - - lws_service_fd_tsi(context, &eventfd, (int)wsi->tsi); - - ev_idle_start(pt->ev.io_loop, &pt->ev.idle); -} - -LWS_VISIBLE void -lws_ev_sigint_cb(struct ev_loop *loop, struct ev_signal *watcher, int revents) -{ - struct lws_context *context = watcher->data; - - if (context->eventlib_signal_cb) { - context->eventlib_signal_cb((void *)watcher, watcher->signum); - - return; - } - ev_break(loop, EVBREAK_ALL); -} - -static int -elops_init_pt_ev(struct lws_context *context, void *_loop, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct ev_signal *w_sigint = &context->pt[tsi].w_sigint.ev.watcher; - struct lws_vhost *vh = context->vhost_list; - const char *backend_name; - struct ev_loop *loop = (struct ev_loop *)_loop; - int status = 0; - int backend; - - lwsl_info("%s: loop %p\n", __func__, _loop); - - if (!loop) - loop = ev_loop_new(0); - else - context->pt[tsi].event_loop_foreign = 1; - - if (!loop) { - lwsl_err("%s: creating event base failed\n", __func__); - - return -1; - } - - pt->ev.io_loop = loop; - - /* - * Initialize the accept w_accept with all the listening sockets - * and register a callback for read operations - */ - while (vh) { - if (vh->lserv_wsi) { - vh->lserv_wsi->w_read.context = context; - vh->w_accept.context = context; - - ev_io_init(&vh->w_accept.ev.watcher, lws_accept_cb, - vh->lserv_wsi->desc.sockfd, EV_READ); - ev_io_start(loop, &vh->w_accept.ev.watcher); - - } - vh = vh->vhost_next; - } - - /* Register the signal watcher unless it's a foreign loop */ - if (!context->pt[tsi].event_loop_foreign) { - ev_signal_init(w_sigint, lws_ev_sigint_cb, SIGINT); - w_sigint->data = context; - ev_signal_start(loop, w_sigint); - } - - backend = ev_backend(loop); - switch (backend) { - case EVBACKEND_SELECT: - backend_name = "select"; - break; - case EVBACKEND_POLL: - backend_name = "poll"; - break; - case EVBACKEND_EPOLL: - backend_name = "epoll"; - break; - case EVBACKEND_KQUEUE: - backend_name = "kqueue"; - break; - case EVBACKEND_DEVPOLL: - backend_name = "/dev/poll"; - break; - case EVBACKEND_PORT: - backend_name = "Solaris 10 \"port\""; - break; - default: - backend_name = "Unknown libev backend"; - break; - } - - lwsl_info(" libev backend: %s\n", backend_name); - (void)backend_name; - - ev_timer_init(&pt->ev.hrtimer, lws_ev_hrtimer_cb, 0, 0); - pt->ev.hrtimer.data = pt; - - ev_idle_init(&pt->ev.idle, lws_ev_idle_cb); - - return status; -} - -static void -elops_destroy_pt_ev(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct lws_vhost *vh = context->vhost_list; - - while (vh) { - if (vh->lserv_wsi) - ev_io_stop(pt->ev.io_loop, &vh->w_accept.ev.watcher); - vh = vh->vhost_next; - } - - /* static assets */ - - ev_timer_stop(pt->ev.io_loop, &pt->ev.hrtimer); - ev_idle_stop(pt->ev.io_loop, &pt->ev.idle); - - if (!pt->event_loop_foreign) { - ev_signal_stop(pt->ev.io_loop, &pt->w_sigint.ev.watcher); - - ev_loop_destroy(pt->ev.io_loop); - } -} - -static int -elops_init_context_ev(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - int n; - - context->eventlib_signal_cb = info->signal_cb; - - for (n = 0; n < context->count_threads; n++) - context->pt[n].w_sigint.context = context; - - return 0; -} - -static int -elops_accept_ev(struct lws *wsi) -{ - int fd; - - if (wsi->role_ops->file_handle) - fd = wsi->desc.filefd; - else - fd = wsi->desc.sockfd; - - wsi->w_read.context = wsi->context; - wsi->w_write.context = wsi->context; - - ev_io_init(&wsi->w_read.ev.watcher, lws_accept_cb, fd, EV_READ); - ev_io_init(&wsi->w_write.ev.watcher, lws_accept_cb, fd, EV_WRITE); - - return 0; -} - -static void -elops_io_ev(struct lws *wsi, int flags) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - if (!pt->ev.io_loop) - return; - - assert((flags & (LWS_EV_START | LWS_EV_STOP)) && - (flags & (LWS_EV_READ | LWS_EV_WRITE))); - - if (flags & LWS_EV_START) { - if (flags & LWS_EV_WRITE) - ev_io_start(pt->ev.io_loop, &wsi->w_write.ev.watcher); - if (flags & LWS_EV_READ) - ev_io_start(pt->ev.io_loop, &wsi->w_read.ev.watcher); - } else { - if (flags & LWS_EV_WRITE) - ev_io_stop(pt->ev.io_loop, &wsi->w_write.ev.watcher); - if (flags & LWS_EV_READ) - ev_io_stop(pt->ev.io_loop, &wsi->w_read.ev.watcher); - } -} - -static void -elops_run_pt_ev(struct lws_context *context, int tsi) -{ - if (context->pt[tsi].ev.io_loop) - ev_run(context->pt[tsi].ev.io_loop, 0); -} - -static int -elops_destroy_context2_ev(struct lws_context *context) -{ - struct lws_context_per_thread *pt; - int n, m; - - lwsl_debug("%s\n", __func__); - - for (n = 0; n < context->count_threads; n++) { - int budget = 1000; - - pt = &context->pt[n]; - - /* only for internal loops... */ - - if (pt->event_loop_foreign || !pt->ev.io_loop) - continue; - - if (!context->finalize_destroy_after_internal_loops_stopped) { - ev_break(pt->ev.io_loop, EVBREAK_ONE); - continue; - } - while (budget-- && - (m = ev_run(pt->ev.io_loop, 0))) - ; - - ev_loop_destroy(pt->ev.io_loop); - } - - return 0; -} - -static int -elops_init_vhost_listen_wsi_ev(struct lws *wsi) -{ - int fd; - - if (!wsi) { - assert(0); - return 0; - } - - wsi->w_read.context = wsi->context; - wsi->w_write.context = wsi->context; - - if (wsi->role_ops->file_handle) - fd = wsi->desc.filefd; - else - fd = wsi->desc.sockfd; - - ev_io_init(&wsi->w_read.ev.watcher, lws_accept_cb, fd, EV_READ); - ev_io_init(&wsi->w_write.ev.watcher, lws_accept_cb, fd, EV_WRITE); - - elops_io_ev(wsi, LWS_EV_START | LWS_EV_READ); - - return 0; -} - -static void -elops_destroy_wsi_ev(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - ev_io_stop(pt->ev.io_loop, &wsi->w_read.ev.watcher); - ev_io_stop(pt->ev.io_loop, &wsi->w_write.ev.watcher); -} - -struct lws_event_loop_ops event_loop_ops_ev = { - /* name */ "libev", - /* init_context */ elops_init_context_ev, - /* destroy_context1 */ NULL, - /* destroy_context2 */ elops_destroy_context2_ev, - /* init_vhost_listen_wsi */ elops_init_vhost_listen_wsi_ev, - /* init_pt */ elops_init_pt_ev, - /* wsi_logical_close */ NULL, - /* check_client_connect_ok */ NULL, - /* close_handle_manually */ NULL, - /* accept */ elops_accept_ev, - /* io */ elops_io_ev, - /* run_pt */ elops_run_pt_ev, - /* destroy_pt */ elops_destroy_pt_ev, - /* destroy wsi */ elops_destroy_wsi_ev, - - /* periodic_events_available */ 0, -}; diff --git a/lib/event-libs/libev/private.h b/lib/event-libs/libev/private.h deleted file mode 100644 index 9359f34..0000000 --- a/lib/event-libs/libev/private.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_LIBEV - */ - -#include - -#define LWS_EV_REFCOUNT_STATIC_HANDLE_NEW(_x, _ctx) \ - { (_x)->data = _ctx; \ - _ctx->count_event_loop_static_asset_handles++; } -#define LWS_EV_REFCOUNT_STATIC_HANDLE_TO_CONTEXT(_x) \ - ((struct lws_context *)(_x)->data))) -#define LWS_EV_REFCOUNT_STATIC_HANDLE_DESTROYED(_x) \ - (--(LWS_UV_REFCOUNT_STATIC_HANDLE_TO_CONTEXT(_x)-> \ - count_event_loop_static_asset_handles)) - -struct lws_pt_eventlibs_libev { - struct ev_loop *io_loop; - struct ev_timer hrtimer; - struct ev_idle idle; -}; - -struct lws_io_watcher_libev { - ev_io watcher; -}; - -struct lws_signal_watcher_libev { - ev_signal watcher; -}; - -struct lws_context_eventlibs_libev { - int placeholder; -}; - -extern struct lws_event_loop_ops event_loop_ops_ev; diff --git a/lib/event-libs/libevent/libevent.c b/lib/event-libs/libevent/libevent.c deleted file mode 100644 index 2c27911..0000000 --- a/lib/event-libs/libevent/libevent.c +++ /dev/null @@ -1,421 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static void -lws_event_hrtimer_cb(int fd, short event, void *p) -{ - struct lws_context_per_thread *pt = (struct lws_context_per_thread *)p; - struct timeval tv; - lws_usec_t us; - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) { - tv.tv_sec = us / LWS_US_PER_SEC; - tv.tv_usec = us - (tv.tv_sec * LWS_US_PER_SEC); - evtimer_add(pt->event.hrtimer, &tv); - } - lws_pt_unlock(pt); -} - -static void -lws_event_idle_timer_cb(int fd, short event, void *p) -{ - struct lws_context_per_thread *pt = (struct lws_context_per_thread *)p; - struct timeval tv; - lws_usec_t us; - - lws_service_do_ripe_rxflow(pt); - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) { - /* -1 timeout means just do forced service */ - _lws_plat_service_forced_tsi(pt->context, pt->tid); - /* still somebody left who wants forced service? */ - if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) { - /* yes... come back again later */ - - tv.tv_sec = 0; - tv.tv_usec = 1000; - evtimer_add(pt->event.idle_timer, &tv); - - return; - } - } - - lwsl_debug("%s: wait\n", __func__); - - /* account for hrtimer */ - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) { - tv.tv_sec = us / LWS_US_PER_SEC; - tv.tv_usec = us - (tv.tv_sec * LWS_US_PER_SEC); - evtimer_add(pt->event.hrtimer, &tv); - } - lws_pt_unlock(pt); -} - -static void -lws_event_cb(evutil_socket_t sock_fd, short revents, void *ctx) -{ - struct lws_io_watcher *lws_io = (struct lws_io_watcher *)ctx; - struct lws_context *context = lws_io->context; - struct lws_context_per_thread *pt; - struct lws_pollfd eventfd; - struct timeval tv; - struct lws *wsi; - - if (revents & EV_TIMEOUT) - return; - - /* !!! EV_CLOSED doesn't exist in libevent2 */ -#if LIBEVENT_VERSION_NUMBER < 0x02000000 - if (revents & EV_CLOSED) { - event_del(lws_io->event.watcher); - event_free(lws_io->event.watcher); - return; - } -#endif - - eventfd.fd = sock_fd; - eventfd.events = 0; - eventfd.revents = 0; - if (revents & EV_READ) { - eventfd.events |= LWS_POLLIN; - eventfd.revents |= LWS_POLLIN; - } - if (revents & EV_WRITE) { - eventfd.events |= LWS_POLLOUT; - eventfd.revents |= LWS_POLLOUT; - } - - wsi = wsi_from_fd(context, sock_fd); - if (!wsi) { - return; - } - pt = &context->pt[(int)wsi->tsi]; - - lws_service_fd_tsi(context, &eventfd, wsi->tsi); - - /* set the idle timer for 1ms ahead */ - - tv.tv_sec = 0; - tv.tv_usec = 1000; - evtimer_add(pt->event.idle_timer, &tv); -} - -LWS_VISIBLE void -lws_event_sigint_cb(evutil_socket_t sock_fd, short revents, void *ctx) -{ - struct lws_context_per_thread *pt = ctx; - struct event *signal = (struct event *)ctx; - - if (pt->context->eventlib_signal_cb) { - pt->context->eventlib_signal_cb((void *)(lws_intptr_t)sock_fd, - event_get_signal(signal)); - - return; - } - if (!pt->event_loop_foreign) - event_base_loopbreak(pt->event.io_loop); -} - - -static int -elops_init_pt_event(struct lws_context *context, void *_loop, int tsi) -{ - struct lws_vhost *vh = context->vhost_list; - struct event_base *loop = (struct event_base *)_loop; - struct lws_context_per_thread *pt = &context->pt[tsi]; - - lwsl_info("%s: loop %p\n", __func__, _loop); - - if (!loop) - loop = event_base_new(); - else - context->pt[tsi].event_loop_foreign = 1; - - if (!loop) { - lwsl_err("%s: creating event base failed\n", __func__); - - return -1; - } - - pt->event.io_loop = loop; - - /* - * Initialize all events with the listening sockets - * and register a callback for read operations - */ - - while (vh) { - if (vh->lserv_wsi) { - vh->lserv_wsi->w_read.context = context; - vh->lserv_wsi->w_read.event.watcher = event_new( - loop, vh->lserv_wsi->desc.sockfd, - (EV_READ | EV_PERSIST), lws_event_cb, - &vh->lserv_wsi->w_read); - event_add(vh->lserv_wsi->w_read.event.watcher, NULL); - } - vh = vh->vhost_next; - } - - /* static event loop objects */ - - pt->event.hrtimer = event_new(loop, -1, EV_PERSIST, - lws_event_hrtimer_cb, pt); - - pt->event.idle_timer = event_new(loop, -1, 0, - lws_event_idle_timer_cb, pt); - - /* Register the signal watcher unless it's a foreign loop */ - - if (pt->event_loop_foreign) - return 0; - - pt->w_sigint.event.watcher = evsignal_new(loop, SIGINT, - lws_event_sigint_cb, pt); - event_add(pt->w_sigint.event.watcher, NULL); - - return 0; -} - -static int -elops_init_context_event(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - int n; - - context->eventlib_signal_cb = info->signal_cb; - - for (n = 0; n < context->count_threads; n++) - context->pt[n].w_sigint.context = context; - - return 0; -} - -static int -elops_accept_event(struct lws *wsi) -{ - struct lws_context *context = lws_get_context(wsi); - struct lws_context_per_thread *pt; - int fd; - - wsi->w_read.context = context; - wsi->w_write.context = context; - - // Initialize the event - pt = &context->pt[(int)wsi->tsi]; - - if (wsi->role_ops->file_handle) - fd = wsi->desc.filefd; - else - fd = wsi->desc.sockfd; - - wsi->w_read.event.watcher = event_new(pt->event.io_loop, fd, - (EV_READ | EV_PERSIST), lws_event_cb, &wsi->w_read); - wsi->w_write.event.watcher = event_new(pt->event.io_loop, fd, - (EV_WRITE | EV_PERSIST), lws_event_cb, &wsi->w_write); - - return 0; -} - -static void -elops_io_event(struct lws *wsi, int flags) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - if (!pt->event.io_loop || wsi->context->being_destroyed) - return; - - assert((flags & (LWS_EV_START | LWS_EV_STOP)) && - (flags & (LWS_EV_READ | LWS_EV_WRITE))); - - if (flags & LWS_EV_START) { - if (flags & LWS_EV_WRITE) - event_add(wsi->w_write.event.watcher, NULL); - - if (flags & LWS_EV_READ) - event_add(wsi->w_read.event.watcher, NULL); - } else { - if (flags & LWS_EV_WRITE) - event_del(wsi->w_write.event.watcher); - - if (flags & LWS_EV_READ) - event_del(wsi->w_read.event.watcher); - } -} - -static void -elops_run_pt_event(struct lws_context *context, int tsi) -{ - /* Run / Dispatch the event_base loop */ - if (context->pt[tsi].event.io_loop) - event_base_dispatch(context->pt[tsi].event.io_loop); -} - -static void -elops_destroy_pt_event(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct lws_vhost *vh = context->vhost_list; - - lwsl_info("%s\n", __func__); - - if (!pt->event.io_loop) - return; - - /* - * Free all events with the listening sockets - */ - while (vh) { - if (vh->lserv_wsi) { - event_free(vh->lserv_wsi->w_read.event.watcher); - vh->lserv_wsi->w_read.event.watcher = NULL; - event_free(vh->lserv_wsi->w_write.event.watcher); - vh->lserv_wsi->w_write.event.watcher = NULL; - } - vh = vh->vhost_next; - } - - event_free(pt->event.hrtimer); - event_free(pt->event.idle_timer); - - if (!pt->event_loop_foreign) { - event_del(pt->w_sigint.event.watcher); - event_free(pt->w_sigint.event.watcher); - - event_base_free(pt->event.io_loop); - } -} - -static void -elops_destroy_wsi_event(struct lws *wsi) -{ - if (!wsi) - return; - - if (wsi->w_read.event.watcher) - event_free(wsi->w_read.event.watcher); - - if (wsi->w_write.event.watcher) - event_free(wsi->w_write.event.watcher); -} - -static int -elops_init_vhost_listen_wsi_event(struct lws *wsi) -{ - struct lws_context_per_thread *pt; - int fd; - - if (!wsi) { - assert(0); - return 0; - } - - wsi->w_read.context = wsi->context; - wsi->w_write.context = wsi->context; - - pt = &wsi->context->pt[(int)wsi->tsi]; - - if (wsi->role_ops->file_handle) - fd = wsi->desc.filefd; - else - fd = wsi->desc.sockfd; - - wsi->w_read.event.watcher = event_new(pt->event.io_loop, fd, - (EV_READ | EV_PERSIST), - lws_event_cb, &wsi->w_read); - wsi->w_write.event.watcher = event_new(pt->event.io_loop, fd, - (EV_WRITE | EV_PERSIST), - lws_event_cb, &wsi->w_write); - - elops_io_event(wsi, LWS_EV_START | LWS_EV_READ); - - return 0; -} - -static int -elops_destroy_context2_event(struct lws_context *context) -{ - struct lws_context_per_thread *pt; - int n, m; - - lwsl_debug("%s: in\n", __func__); - - for (n = 0; n < context->count_threads; n++) { - int budget = 1000; - - pt = &context->pt[n]; - - /* only for internal loops... */ - - if (pt->event_loop_foreign || !pt->event.io_loop) - continue; - - if (!context->finalize_destroy_after_internal_loops_stopped) { - event_base_loopexit(pt->event.io_loop, NULL); - continue; - } - while (budget-- && - (m = event_base_loop(pt->event.io_loop, EVLOOP_NONBLOCK))) - ; -#if 0 - if (m) { - lwsl_err("%s: tsi %d: NOT everything closed\n", - __func__, n); - event_base_dump_events(pt->event.io_loop, stderr); - } else - lwsl_debug("%s: %d: everything closed OK\n", __func__, n); -#endif - event_base_free(pt->event.io_loop); - - } - - lwsl_debug("%s: out\n", __func__); - - return 0; -} - -struct lws_event_loop_ops event_loop_ops_event = { - /* name */ "libevent", - /* init_context */ elops_init_context_event, - /* destroy_context1 */ NULL, - /* destroy_context2 */ elops_destroy_context2_event, - /* init_vhost_listen_wsi */ elops_init_vhost_listen_wsi_event, - /* init_pt */ elops_init_pt_event, - /* wsi_logical_close */ NULL, - /* check_client_connect_ok */ NULL, - /* close_handle_manually */ NULL, - /* accept */ elops_accept_event, - /* io */ elops_io_event, - /* run_pt */ elops_run_pt_event, - /* destroy_pt */ elops_destroy_pt_event, - /* destroy wsi */ elops_destroy_wsi_event, - - /* periodic_events_available */ 0, -}; diff --git a/lib/event-libs/libevent/private.h b/lib/event-libs/libevent/private.h deleted file mode 100644 index 04fbbdf..0000000 --- a/lib/event-libs/libevent/private.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_LIBEVENT - */ - -#include - -struct lws_pt_eventlibs_libevent { - struct event_base *io_loop; - struct event *hrtimer; - struct event *idle_timer; -}; - -struct lws_io_watcher_libevent { - struct event *watcher; -}; - -struct lws_signal_watcher_libevent { - struct event *watcher; -}; - -struct lws_context_eventlibs_libevent { - int placeholder; -}; - -extern struct lws_event_loop_ops event_loop_ops_event; diff --git a/lib/event-libs/libuv/libuv.c b/lib/event-libs/libuv/libuv.c deleted file mode 100644 index 183d146..0000000 --- a/lib/event-libs/libuv/libuv.c +++ /dev/null @@ -1,969 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static void -lws_uv_sultimer_cb(uv_timer_t *timer -#if UV_VERSION_MAJOR == 0 - , int status -#endif -) -{ - struct lws_context_per_thread *pt = lws_container_of(timer, - struct lws_context_per_thread, uv.sultimer); - lws_usec_t us; - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) - uv_timer_start(&pt->uv.sultimer, lws_uv_sultimer_cb, - LWS_US_TO_MS(us), 0); - lws_pt_unlock(pt); -} - -static void -lws_uv_idle(uv_idle_t *handle -#if UV_VERSION_MAJOR == 0 - , int status -#endif -) -{ - struct lws_context_per_thread *pt = lws_container_of(handle, - struct lws_context_per_thread, uv.idle); - lws_usec_t us; - - lws_service_do_ripe_rxflow(pt); - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) - /* -1 timeout means just do forced service */ - _lws_plat_service_forced_tsi(pt->context, pt->tid); - - /* account for sultimer */ - - lws_pt_lock(pt, __func__); - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us) - uv_timer_start(&pt->uv.sultimer, lws_uv_sultimer_cb, - LWS_US_TO_MS(us), 0); - lws_pt_unlock(pt); - - /* there is nobody who needs service forcing, shut down idle */ - uv_idle_stop(handle); -} - -static void -lws_io_cb(uv_poll_t *watcher, int status, int revents) -{ - struct lws *wsi = (struct lws *)((uv_handle_t *)watcher)->data; - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_pollfd eventfd; - -#if defined(WIN32) || defined(_WIN32) - eventfd.fd = watcher->socket; -#else - eventfd.fd = watcher->io_watcher.fd; -#endif - eventfd.events = 0; - eventfd.revents = 0; - - if (status < 0) { - /* - * At this point status will be an UV error, like UV_EBADF, - * we treat all errors as LWS_POLLHUP - * - * You might want to return; instead of servicing the fd in - * some cases */ - if (status == UV_EAGAIN) - return; - - eventfd.events |= LWS_POLLHUP; - eventfd.revents |= LWS_POLLHUP; - } else { - if (revents & UV_READABLE) { - eventfd.events |= LWS_POLLIN; - eventfd.revents |= LWS_POLLIN; - } - if (revents & UV_WRITABLE) { - eventfd.events |= LWS_POLLOUT; - eventfd.revents |= LWS_POLLOUT; - } - } - lws_service_fd_tsi(context, &eventfd, wsi->tsi); - - uv_idle_start(&pt->uv.idle, lws_uv_idle); -} - -/* - * This does not actually stop the event loop. The reason is we have to pass - * libuv handle closures through its event loop. So this tries to close all - * wsi, and set a flag; when all the wsi closures are finalized then we - * actually stop the libuv event loops. - */ -static void -lws_libuv_stop(struct lws_context *context) -{ - struct lws_context_per_thread *pt; - int n, m; - - lwsl_err("%s\n", __func__); - - if (context->requested_kill) { - lwsl_err("%s: ignoring\n", __func__); - return; - } - - context->requested_kill = 1; - - m = context->count_threads; - context->being_destroyed = 1; - - /* - * Phase 1: start the close of every dynamic uv handle - */ - - while (m--) { - pt = &context->pt[m]; - - if (pt->pipe_wsi) { - uv_poll_stop(pt->pipe_wsi->w_read.uv.pwatcher); - lws_destroy_event_pipe(pt->pipe_wsi); - pt->pipe_wsi = NULL; - } - - for (n = 0; (unsigned int)n < context->pt[m].fds_count; n++) { - struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); - - if (!wsi) - continue; - lws_close_free_wsi(wsi, - LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY, - __func__ /* no protocol close */); - n--; - } - } - - lwsl_info("%s: started closing all wsi\n", __func__); - - /* we cannot have completed... there are at least the cancel pipes */ -} - -static void -lws_uv_signal_handler(uv_signal_t *watcher, int signum) -{ - struct lws_context *context = watcher->data; - - if (context->eventlib_signal_cb) { - context->eventlib_signal_cb((void *)watcher, signum); - - return; - } - - lwsl_err("internal signal handler caught signal %d\n", signum); - lws_libuv_stop(watcher->data); -} - -static const int sigs[] = { SIGINT, SIGTERM, SIGSEGV, SIGFPE, SIGHUP }; - -/* - * Closing Phase 2: Close callback for a static UV asset - */ - -static void -lws_uv_close_cb_sa(uv_handle_t *handle) -{ - struct lws_context *context = - LWS_UV_REFCOUNT_STATIC_HANDLE_TO_CONTEXT(handle); - int n; - - lwsl_info("%s: sa left %d: dyn left: %d\n", __func__, - context->count_event_loop_static_asset_handles, - context->count_wsi_allocated); - - /* any static assets left? */ - - if (LWS_UV_REFCOUNT_STATIC_HANDLE_DESTROYED(handle) || - context->count_wsi_allocated) - return; - - /* - * That's it... all wsi were down, and now every - * static asset lws had a UV handle for is down. - * - * Stop the loop so we can get out of here. - */ - - for (n = 0; n < context->count_threads; n++) { - struct lws_context_per_thread *pt = &context->pt[n]; - - if (pt->uv.io_loop && !pt->event_loop_foreign) - uv_stop(pt->uv.io_loop); - } - - if (!context->pt[0].event_loop_foreign) { - lwsl_info("%s: calling lws_context_destroy2\n", __func__); - lws_context_destroy2(context); - } - - lwsl_info("%s: all done\n", __func__); -} - -/* - * These must be called by protocols that want to use libuv objects directly... - * - * .... when the libuv object is created... - */ - -LWS_VISIBLE void -lws_libuv_static_refcount_add(uv_handle_t *h, struct lws_context *context) -{ - LWS_UV_REFCOUNT_STATIC_HANDLE_NEW(h, context); -} - -/* - * ... and in the close callback when the object is closed. - */ - -LWS_VISIBLE void -lws_libuv_static_refcount_del(uv_handle_t *h) -{ - lws_uv_close_cb_sa(h); -} - - -static void lws_uv_close_cb(uv_handle_t *handle) -{ -} - -static void lws_uv_walk_cb(uv_handle_t *handle, void *arg) -{ - if (!uv_is_closing(handle)) - uv_close(handle, lws_uv_close_cb); -} - -LWS_VISIBLE void -lws_close_all_handles_in_loop(uv_loop_t *loop) -{ - uv_walk(loop, lws_uv_walk_cb, NULL); -} - - -LWS_VISIBLE void -lws_libuv_stop_without_kill(const struct lws_context *context, int tsi) -{ - if (context->pt[tsi].uv.io_loop) - uv_stop(context->pt[tsi].uv.io_loop); -} - - - -LWS_VISIBLE uv_loop_t * -lws_uv_getloop(struct lws_context *context, int tsi) -{ - if (context->pt[tsi].uv.io_loop) - return context->pt[tsi].uv.io_loop; - - return NULL; -} - -int -lws_libuv_check_watcher_active(struct lws *wsi) -{ - uv_handle_t *h = (uv_handle_t *)wsi->w_read.uv.pwatcher; - - if (!h) - return 0; - - return uv_is_active(h); -} - - -#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) - -int -lws_uv_plugins_init(struct lws_context *context, const char * const *d) -{ - struct lws_plugin_capability lcaps; - struct lws_plugin *plugin; - lws_plugin_init_func initfunc; - int m, ret = 0; - void *v; - uv_dirent_t dent; - uv_fs_t req; - char path[256]; - uv_lib_t lib; - int pofs = 0; - -#if defined(__MINGW32__) || !defined(WIN32) - pofs = 3; -#endif - - lib.errmsg = NULL; - lib.handle = NULL; - - uv_loop_init(&context->uv.loop); - - lwsl_notice(" Plugins:\n"); - - while (d && *d) { - - lwsl_notice(" Scanning %s\n", *d); - m =uv_fs_scandir(&context->uv.loop, &req, *d, 0, NULL); - if (m < 1) { - lwsl_err("Scandir on %s failed\n", *d); - return 1; - } - - while (uv_fs_scandir_next(&req, &dent) != UV_EOF) { - if (strlen(dent.name) < 7) - continue; - - lwsl_notice(" %s\n", dent.name); - - lws_snprintf(path, sizeof(path) - 1, "%s/%s", *d, - dent.name); - if (uv_dlopen(path, &lib)) { - uv_dlerror(&lib); - lwsl_err("Error loading DSO: %s\n", lib.errmsg); - uv_dlclose(&lib); - goto bail; - } - - /* we could open it, can we get his init function? */ - -#if !defined(WIN32) && !defined(__MINGW32__) - m = lws_snprintf(path, sizeof(path) - 1, "init_%s", - dent.name + pofs /* snip lib... */); - path[m - 3] = '\0'; /* snip the .so */ -#else - m = lws_snprintf(path, sizeof(path) - 1, "init_%s", - dent.name + pofs); - path[m - 4] = '\0'; /* snip the .dll */ -#endif - if (uv_dlsym(&lib, path, &v)) { - uv_dlerror(&lib); - lwsl_err("Failed to get %s on %s: %s", path, - dent.name, lib.errmsg); - uv_dlclose(&lib); - goto bail; - } - initfunc = (lws_plugin_init_func)v; - lcaps.api_magic = LWS_PLUGIN_API_MAGIC; - m = initfunc(context, &lcaps); - if (m) { - lwsl_err("Init %s failed %d\n", dent.name, m); - goto skip; - } - - plugin = lws_malloc(sizeof(*plugin), "plugin"); - if (!plugin) { - uv_dlclose(&lib); - lwsl_err("OOM\n"); - goto bail; - } - plugin->list = context->plugin_list; - context->plugin_list = plugin; - lws_strncpy(plugin->name, dent.name, sizeof(plugin->name)); - plugin->lib = lib; - plugin->caps = lcaps; - context->plugin_protocol_count += lcaps.count_protocols; - context->plugin_extension_count += lcaps.count_extensions; - - continue; - -skip: - uv_dlclose(&lib); - } -bail: - uv_fs_req_cleanup(&req); - d++; - } - - return ret; -} - -int -lws_uv_plugins_destroy(struct lws_context *context) -{ - struct lws_plugin *plugin = context->plugin_list, *p; - lws_plugin_destroy_func func; - char path[256]; - int pofs = 0; - void *v; - int m; - -#if defined(__MINGW32__) || !defined(WIN32) - pofs = 3; -#endif - - if (!plugin) - return 0; - - while (plugin) { - p = plugin; - -#if !defined(WIN32) && !defined(__MINGW32__) - m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", - plugin->name + pofs); - path[m - 3] = '\0'; -#else - m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", - plugin->name + pofs); - path[m - 4] = '\0'; -#endif - - if (uv_dlsym(&plugin->lib, path, &v)) { - uv_dlerror(&plugin->lib); - lwsl_err("Failed to get %s on %s: %s", path, - plugin->name, plugin->lib.errmsg); - } else { - func = (lws_plugin_destroy_func)v; - m = func(context); - if (m) - lwsl_err("Destroying %s failed %d\n", - plugin->name, m); - } - - uv_dlclose(&p->lib); - plugin = p->list; - p->list = NULL; - free(p); - } - - context->plugin_list = NULL; - - while (uv_loop_close(&context->uv.loop)) - ; - - return 0; -} - -#endif - -static int -elops_init_context_uv(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - int n; - - context->eventlib_signal_cb = info->signal_cb; - - for (n = 0; n < context->count_threads; n++) - context->pt[n].w_sigint.context = context; - - return 0; -} - -static int -elops_destroy_context1_uv(struct lws_context *context) -{ - struct lws_context_per_thread *pt; - int n, m = 0; - - for (n = 0; n < context->count_threads; n++) { - int budget = 10000; - pt = &context->pt[n]; - - /* only for internal loops... */ - - if (!pt->event_loop_foreign) { - - while (budget-- && (m = uv_run(pt->uv.io_loop, - UV_RUN_NOWAIT))) - ; - if (m) - lwsl_err("%s: tsi %d: not all closed\n", - __func__, n); - - } - } - - /* call destroy2 if internal loop */ - return !context->pt[0].event_loop_foreign; -} - -static int -elops_destroy_context2_uv(struct lws_context *context) -{ - struct lws_context_per_thread *pt; - int n, internal = 0; - - for (n = 0; n < context->count_threads; n++) { - pt = &context->pt[n]; - - /* only for internal loops... */ - - if (!pt->event_loop_foreign && pt->uv.io_loop) { - internal = 1; - if (!context->finalize_destroy_after_internal_loops_stopped) - uv_stop(pt->uv.io_loop); - else { -#if UV_VERSION_MAJOR > 0 - uv_loop_close(pt->uv.io_loop); -#endif - lws_free_set_NULL(pt->uv.io_loop); - } - } - } - - return internal; -} - -static int -elops_wsi_logical_close_uv(struct lws *wsi) -{ - if (!lws_socket_is_valid(wsi->desc.sockfd)) - return 0; - - if (wsi->listener || wsi->event_pipe) { - lwsl_debug("%s: %p: %d %d stop listener / pipe poll\n", - __func__, wsi, wsi->listener, wsi->event_pipe); - if (wsi->w_read.uv.pwatcher) - uv_poll_stop(wsi->w_read.uv.pwatcher); - } - lwsl_debug("%s: lws_libuv_closehandle: wsi %p\n", __func__, wsi); - /* - * libuv has to do his own close handle processing asynchronously - */ - lws_libuv_closehandle(wsi); - - return 1; /* do not complete the wsi close, uv close cb will do it */ -} - -static int -elops_check_client_connect_ok_uv(struct lws *wsi) -{ - if (lws_libuv_check_watcher_active(wsi)) { - lwsl_warn("Waiting for libuv watcher to close\n"); - return 1; - } - - return 0; -} - -static void -lws_libuv_closewsi_m(uv_handle_t* handle) -{ - lws_sockfd_type sockfd = (lws_sockfd_type)(lws_intptr_t)handle->data; - lwsl_debug("%s: sockfd %d\n", __func__, sockfd); - compatible_close(sockfd); - lws_free(handle); -} - -static void -elops_close_handle_manually_uv(struct lws *wsi) -{ - uv_handle_t *h = (uv_handle_t *)wsi->w_read.uv.pwatcher; - - lwsl_debug("%s: lws_libuv_closehandle: wsi %p\n", __func__, wsi); - - /* - * the "manual" variant only closes the handle itself and the - * related fd. handle->data is the fd. - */ - h->data = (void *)(lws_intptr_t)wsi->desc.sockfd; - - /* - * We take responsibility to close / destroy these now. - * Remove any trace from the wsi. - */ - - wsi->desc.sockfd = LWS_SOCK_INVALID; - wsi->w_read.uv.pwatcher = NULL; - wsi->told_event_loop_closed = 1; - - uv_close(h, lws_libuv_closewsi_m); -} - -static int -elops_accept_uv(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - wsi->w_read.context = wsi->context; - - wsi->w_read.uv.pwatcher = - lws_malloc(sizeof(*wsi->w_read.uv.pwatcher), "uvh"); - if (!wsi->w_read.uv.pwatcher) - return -1; - - if (wsi->role_ops->file_handle) - uv_poll_init(pt->uv.io_loop, wsi->w_read.uv.pwatcher, - (int)(long long)wsi->desc.filefd); - else - uv_poll_init_socket(pt->uv.io_loop, - wsi->w_read.uv.pwatcher, - wsi->desc.sockfd); - - ((uv_handle_t *)wsi->w_read.uv.pwatcher)->data = (void *)wsi; - - return 0; -} - -static void -elops_io_uv(struct lws *wsi, int flags) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws_io_watcher *w = &wsi->w_read; - int current_events = w->actual_events & (UV_READABLE | UV_WRITABLE); - - lwsl_debug("%s: %p: %d\n", __func__, wsi, flags); - - /* w->context is set after the loop is initialized */ - - if (!pt->uv.io_loop || !w->context) { - lwsl_info("%s: no io loop yet\n", __func__); - return; - } - - if (!((flags & (LWS_EV_START | LWS_EV_STOP)) && - (flags & (LWS_EV_READ | LWS_EV_WRITE)))) { - lwsl_err("%s: assert: flags %d", __func__, flags); - assert(0); - } - - if (!w->uv.pwatcher || wsi->told_event_loop_closed) { - lwsl_err("%s: no watcher\n", __func__); - - return; - } - - if (flags & LWS_EV_START) { - if (flags & LWS_EV_WRITE) - current_events |= UV_WRITABLE; - - if (flags & LWS_EV_READ) - current_events |= UV_READABLE; - - uv_poll_start(w->uv.pwatcher, current_events, lws_io_cb); - } else { - if (flags & LWS_EV_WRITE) - current_events &= ~UV_WRITABLE; - - if (flags & LWS_EV_READ) - current_events &= ~UV_READABLE; - - if (!(current_events & (UV_READABLE | UV_WRITABLE))) - uv_poll_stop(w->uv.pwatcher); - else - uv_poll_start(w->uv.pwatcher, current_events, - lws_io_cb); - } - - w->actual_events = current_events; -} - -static int -elops_init_vhost_listen_wsi_uv(struct lws *wsi) -{ - struct lws_context_per_thread *pt; - int n; - - if (!wsi) - return 0; - if (wsi->w_read.context) - return 0; - - pt = &wsi->context->pt[(int)wsi->tsi]; - if (!pt->uv.io_loop) - return 0; - - wsi->w_read.context = wsi->context; - - wsi->w_read.uv.pwatcher = - lws_malloc(sizeof(*wsi->w_read.uv.pwatcher), "uvh"); - if (!wsi->w_read.uv.pwatcher) - return -1; - - n = uv_poll_init_socket(pt->uv.io_loop, wsi->w_read.uv.pwatcher, - wsi->desc.sockfd); - if (n) { - lwsl_err("uv_poll_init failed %d, sockfd=%p\n", n, - (void *)(lws_intptr_t)wsi->desc.sockfd); - - return -1; - } - - ((uv_handle_t *)wsi->w_read.uv.pwatcher)->data = (void *)wsi; - - elops_io_uv(wsi, LWS_EV_START | LWS_EV_READ); - - return 0; -} - -static void -elops_run_pt_uv(struct lws_context *context, int tsi) -{ - if (context->pt[tsi].uv.io_loop) - uv_run(context->pt[tsi].uv.io_loop, 0); -} - -static void -elops_destroy_pt_uv(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - int m, ns; - - lwsl_info("%s: %d\n", __func__, tsi); - - if (!lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) - return; - - if (!pt->uv.io_loop) - return; - - if (pt->event_loop_destroy_processing_done) - return; - - pt->event_loop_destroy_processing_done = 1; - - if (!pt->event_loop_foreign) { - uv_signal_stop(&pt->w_sigint.uv.watcher); - - ns = LWS_ARRAY_SIZE(sigs); - if (lws_check_opt(context->options, - LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN)) - ns = 2; - - for (m = 0; m < ns; m++) { - uv_signal_stop(&pt->uv.signals[m]); - uv_close((uv_handle_t *)&pt->uv.signals[m], - lws_uv_close_cb_sa); - } - } else - lwsl_debug("%s: not closing pt signals\n", __func__); - - uv_timer_stop(&pt->uv.sultimer); - uv_close((uv_handle_t *)&pt->uv.sultimer, lws_uv_close_cb_sa); - - uv_idle_stop(&pt->uv.idle); - uv_close((uv_handle_t *)&pt->uv.idle, lws_uv_close_cb_sa); -} - -/* - * This needs to be called after vhosts have been defined. - * - * If later, after server start, another vhost is added, this must be - * called again to bind the vhost - */ - -LWS_VISIBLE int -elops_init_pt_uv(struct lws_context *context, void *_loop, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct lws_vhost *vh = context->vhost_list; - int status = 0, n, ns, first = 1; - uv_loop_t *loop = (uv_loop_t *)_loop; - - if (!pt->uv.io_loop) { - if (!loop) { - loop = lws_malloc(sizeof(*loop), "libuv loop"); - if (!loop) { - lwsl_err("OOM\n"); - return -1; - } - #if UV_VERSION_MAJOR > 0 - uv_loop_init(loop); - #else - lwsl_err("This libuv is too old to work...\n"); - return 1; - #endif - pt->event_loop_foreign = 0; - } else { - lwsl_notice(" Using foreign event loop...\n"); - pt->event_loop_foreign = 1; - } - - pt->uv.io_loop = loop; - uv_idle_init(loop, &pt->uv.idle); - LWS_UV_REFCOUNT_STATIC_HANDLE_NEW(&pt->uv.idle, context); - - - ns = LWS_ARRAY_SIZE(sigs); - if (lws_check_opt(context->options, - LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN)) - ns = 2; - - if (!pt->event_loop_foreign) { - assert(ns <= (int)LWS_ARRAY_SIZE(pt->uv.signals)); - for (n = 0; n < ns; n++) { - uv_signal_init(loop, &pt->uv.signals[n]); - LWS_UV_REFCOUNT_STATIC_HANDLE_NEW(&pt->uv.signals[n], - context); - pt->uv.signals[n].data = pt->context; - uv_signal_start(&pt->uv.signals[n], - lws_uv_signal_handler, sigs[n]); - } - } - } else - first = 0; - - /* - * Initialize the accept wsi read watcher with all the listening sockets - * and register a callback for read operations - * - * We have to do it here because the uv loop(s) are not - * initialized until after context creation. - */ - while (vh) { - if (elops_init_vhost_listen_wsi_uv(vh->lserv_wsi) == -1) - return -1; - vh = vh->vhost_next; - } - - if (!first) - return status; - - uv_timer_init(pt->uv.io_loop, &pt->uv.sultimer); - LWS_UV_REFCOUNT_STATIC_HANDLE_NEW(&pt->uv.sultimer, context); - - return status; -} - -static void -lws_libuv_closewsi(uv_handle_t* handle) -{ - struct lws *wsi = (struct lws *)handle->data; - struct lws_context *context = lws_get_context(wsi); - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; -#if !defined(LWS_WITHOUT_SERVER) - int lspd = 0; -#endif - - lwsl_info("%s: %p\n", __func__, wsi); - - /* - * We get called back here for every wsi that closes - */ - -#if !defined(LWS_WITHOUT_SERVER) - if (wsi->role_ops == &role_ops_listen && wsi->context->deprecated) { - lspd = 1; - context->deprecation_pending_listen_close_count--; - if (!context->deprecation_pending_listen_close_count) - lspd = 2; - } -#endif - - lws_pt_lock(pt, __func__); - __lws_close_free_wsi_final(wsi); - lws_pt_unlock(pt); - - /* it's our job to close the handle finally */ - lws_free(handle); - -#if !defined(LWS_WITHOUT_SERVER) - if (lspd == 2 && context->deprecation_cb) { - lwsl_notice("calling deprecation callback\n"); - context->deprecation_cb(); - } -#endif - - lwsl_info("%s: sa left %d: dyn left: %d (rk %d)\n", __func__, - context->count_event_loop_static_asset_handles, - context->count_wsi_allocated, context->requested_kill); - - /* - * eventually, we closed all the wsi... - */ - - if (context->requested_kill && !context->count_wsi_allocated) { - struct lws_vhost *vh = context->vhost_list; - int m; - - /* - * Start Closing Phase 2: close of static handles - */ - - lwsl_info("%s: all lws dynamic handles down, closing static\n", - __func__); - - for (m = 0; m < context->count_threads; m++) - elops_destroy_pt_uv(context, m); - - /* protocols may have initialized libuv objects */ - - while (vh) { - lws_vhost_destroy1(vh); - vh = vh->vhost_next; - } - - if (!context->count_event_loop_static_asset_handles && - context->pt[0].event_loop_foreign) { - lwsl_info("%s: call lws_context_destroy2\n", __func__); - lws_context_destroy2(context); - } - } -} - -void -lws_libuv_closehandle(struct lws *wsi) -{ - uv_handle_t* handle; - - if (!wsi->w_read.uv.pwatcher) - return; - - if (wsi->told_event_loop_closed) { - // assert(0); - return; - } - - lwsl_debug("%s: %p\n", __func__, wsi); - - wsi->told_event_loop_closed = 1; - - /* - * The normal close path attaches the related wsi as the - * handle->data. - */ - - handle = (uv_handle_t *)wsi->w_read.uv.pwatcher; - - /* ensure we can only do this once */ - - wsi->w_read.uv.pwatcher = NULL; - - uv_close(handle, lws_libuv_closewsi); -} - -struct lws_event_loop_ops event_loop_ops_uv = { - /* name */ "libuv", - /* init_context */ elops_init_context_uv, - /* destroy_context1 */ elops_destroy_context1_uv, - /* destroy_context2 */ elops_destroy_context2_uv, - /* init_vhost_listen_wsi */ elops_init_vhost_listen_wsi_uv, - /* init_pt */ elops_init_pt_uv, - /* wsi_logical_close */ elops_wsi_logical_close_uv, - /* check_client_connect_ok */ elops_check_client_connect_ok_uv, - /* close_handle_manually */ elops_close_handle_manually_uv, - /* accept */ elops_accept_uv, - /* io */ elops_io_uv, - /* run_pt */ elops_run_pt_uv, - /* destroy_pt */ elops_destroy_pt_uv, - /* destroy wsi */ NULL, - - /* periodic_events_available */ 0, -}; diff --git a/lib/event-libs/libuv/private.h b/lib/event-libs/libuv/private.h deleted file mode 100644 index 815f0f5..0000000 --- a/lib/event-libs/libuv/private.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_LIBUV - */ - -#include - -/* - * libuv's async destroy cb means that asking to close something doesn't mean - * you can destroy it or parent things until after the close completes. - * - * So we must reference-count creation and close completions with libuv. - * - * All "static" (per-pt or per-context) uv handles must - * - * - have their .data set to point to the context - * - * - contribute to context->uv_count_static_asset_handles - * counting - */ -#define LWS_UV_REFCOUNT_STATIC_HANDLE_NEW(_x, _ctx) \ - { uv_handle_t *_uht = (uv_handle_t *)(_x); _uht->data = _ctx; \ - _ctx->count_event_loop_static_asset_handles++; } -#define LWS_UV_REFCOUNT_STATIC_HANDLE_TO_CONTEXT(_x) \ - ((struct lws_context *)((uv_handle_t *)((_x)->data))) -#define LWS_UV_REFCOUNT_STATIC_HANDLE_DESTROYED(_x) \ - (--(LWS_UV_REFCOUNT_STATIC_HANDLE_TO_CONTEXT(_x)-> \ - count_event_loop_static_asset_handles)) - -struct lws_pt_eventlibs_libuv { - uv_loop_t *io_loop; - uv_signal_t signals[8]; - uv_timer_t sultimer; - uv_idle_t idle; -}; - -struct lws_context_eventlibs_libuv { - uv_loop_t loop; -}; - -struct lws_io_watcher_libuv { - uv_poll_t *pwatcher; -}; - -struct lws_signal_watcher_libuv { - uv_signal_t watcher; -}; - -extern struct lws_event_loop_ops event_loop_ops_uv; - -uv_loop_t * -lws_uv_getloop(struct lws_context *context, int tsi); - -int -lws_uv_plugins_init(struct lws_context *context, const char * const *d); - -int -lws_uv_plugins_destroy(struct lws_context *context); diff --git a/lib/event-libs/poll/poll.c b/lib/event-libs/poll/poll.c deleted file mode 100644 index 6fb312f..0000000 --- a/lib/event-libs/poll/poll.c +++ /dev/null @@ -1,43 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_WS - */ - -#include - -struct lws_event_loop_ops event_loop_ops_poll = { - /* name */ "poll", - /* init_context */ NULL, - /* destroy_context1 */ NULL, - /* destroy_context2 */ NULL, - /* init_vhost_listen_wsi */ NULL, - /* init_pt */ NULL, - /* wsi_logical_close */ NULL, - /* check_client_connect_ok */ NULL, - /* close_handle_manually */ NULL, - /* accept */ NULL, - /* io */ NULL, - /* run */ NULL, - /* destroy_pt */ NULL, - /* destroy wsi */ NULL, - - /* periodic_events_available */ 1, -}; diff --git a/lib/event-libs/poll/private.h b/lib/event-libs/poll/private.h deleted file mode 100644 index ca313eb..0000000 --- a/lib/event-libs/poll/private.h +++ /dev/null @@ -1,23 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - */ - -extern struct lws_event_loop_ops event_loop_ops_poll; diff --git a/lib/event-libs/private.h b/lib/event-libs/private.h deleted file mode 100644 index 58bca94..0000000 --- a/lib/event-libs/private.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h - */ - -struct lws_event_loop_ops { - const char *name; - /* event loop-specific context init during context creation */ - int (*init_context)(struct lws_context *context, - const struct lws_context_creation_info *info); - /* called during lws_destroy_context */ - int (*destroy_context1)(struct lws_context *context); - /* called during lws_destroy_context2 */ - int (*destroy_context2)(struct lws_context *context); - /* init vhost listening wsi */ - int (*init_vhost_listen_wsi)(struct lws *wsi); - /* init the event loop for a pt */ - int (*init_pt)(struct lws_context *context, void *_loop, int tsi); - /* called at end of first phase of close_free_wsi() */ - int (*wsi_logical_close)(struct lws *wsi); - /* return nonzero if client connect not allowed */ - int (*check_client_connect_ok)(struct lws *wsi); - /* close handle manually */ - void (*close_handle_manually)(struct lws *wsi); - /* event loop accept processing */ - int (*accept)(struct lws *wsi); - /* control wsi active events */ - void (*io)(struct lws *wsi, int flags); - /* run the event loop for a pt */ - void (*run_pt)(struct lws_context *context, int tsi); - /* called before pt is destroyed */ - void (*destroy_pt)(struct lws_context *context, int tsi); - /* called just before wsi is freed */ - void (*destroy_wsi)(struct lws *wsi); - - unsigned int periodic_events_available:1; -}; - -/* bring in event libs private declarations */ - -#if defined(LWS_WITH_POLL) -#include "event-libs/poll/private.h" -#endif - -#if defined(LWS_WITH_LIBUV) -#include "event-libs/libuv/private.h" -#endif - -#if defined(LWS_WITH_LIBEVENT) -#include "event-libs/libevent/private.h" -#endif - -#if defined(LWS_WITH_LIBEV) -#include "event-libs/libev/private.h" -#endif - diff --git a/lib/extension-permessage-deflate.c b/lib/extension-permessage-deflate.c new file mode 100644 index 0000000..f027e1f --- /dev/null +++ b/lib/extension-permessage-deflate.c @@ -0,0 +1,473 @@ +/* + * ./lib/extension-permessage-deflate.c + * + * Copyright (C) 2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" +#include "extension-permessage-deflate.h" +#include +#include +#include + +#define LWS_ZLIB_MEMLEVEL 8 + +const struct lws_ext_options lws_ext_pm_deflate_options[] = { + /* public RFC7692 settings */ + { "server_no_context_takeover", EXTARG_NONE }, + { "client_no_context_takeover", EXTARG_NONE }, + { "server_max_window_bits", EXTARG_OPT_DEC }, + { "client_max_window_bits", EXTARG_OPT_DEC }, + /* ones only user code can set */ + { "rx_buf_size", EXTARG_DEC }, + { "tx_buf_size", EXTARG_DEC }, + { "compression_level", EXTARG_DEC }, + { "mem_level", EXTARG_DEC }, + { NULL, 0 }, /* sentinel */ +}; + +static void +lws_extension_pmdeflate_restrict_args(struct lws *wsi, + struct lws_ext_pm_deflate_priv *priv) +{ + int n, extra; + + /* cap the RX buf at the nearest power of 2 to protocol rx buf */ + + n = wsi->context->pt_serv_buf_size; + if (wsi->protocol->rx_buffer_size) + n = wsi->protocol->rx_buffer_size; + + extra = 7; + while (n >= 1 << (extra + 1)) + extra++; + + if (extra < priv->args[PMD_RX_BUF_PWR2]) { + priv->args[PMD_RX_BUF_PWR2] = extra; + lwsl_err(" Capping pmd rx to %d\n", 1 << extra); + } +} + +LWS_VISIBLE int +lws_extension_callback_pm_deflate(struct lws_context *context, + const struct lws_extension *ext, + struct lws *wsi, + enum lws_extension_callback_reasons reason, + void *user, void *in, size_t len) +{ + struct lws_ext_pm_deflate_priv *priv = + (struct lws_ext_pm_deflate_priv *)user; + struct lws_tokens *eff_buf = (struct lws_tokens *)in; + static unsigned char trail[] = { 0, 0, 0xff, 0xff }; + int n, ret = 0, was_fin = 0, extra; + struct lws_ext_option_arg *oa; + + switch (reason) { + case LWS_EXT_CB_NAMED_OPTION_SET: + oa = in; + if (!oa->option_name) + break; + for (n = 0; n < ARRAY_SIZE(lws_ext_pm_deflate_options); n++) + if (!strcmp(lws_ext_pm_deflate_options[n].name, oa->option_name)) + break; + + if (n == ARRAY_SIZE(lws_ext_pm_deflate_options)) + break; + oa->option_index = n; + + /* fallthru */ + + case LWS_EXT_CB_OPTION_SET: + oa = in; + lwsl_notice("%s: option set: idx %d, %s, len %d\n", __func__, + oa->option_index, oa->start, oa->len); + if (oa->start) + priv->args[oa->option_index] = atoi(oa->start); + else + priv->args[oa->option_index] = 1; + + if (priv->args[PMD_CLIENT_MAX_WINDOW_BITS] == 8) + priv->args[PMD_CLIENT_MAX_WINDOW_BITS] = 9; + + lws_extension_pmdeflate_restrict_args(wsi, priv); + break; + + case LWS_EXT_CB_OPTION_CONFIRM: + if (priv->args[PMD_SERVER_MAX_WINDOW_BITS] < 8 || + priv->args[PMD_SERVER_MAX_WINDOW_BITS] > 15 || + priv->args[PMD_CLIENT_MAX_WINDOW_BITS] < 8 || + priv->args[PMD_CLIENT_MAX_WINDOW_BITS] > 15) + return -1; + break; + + case LWS_EXT_CB_CLIENT_CONSTRUCT: + case LWS_EXT_CB_CONSTRUCT: + + n = context->pt_serv_buf_size; + if (wsi->protocol->rx_buffer_size) + n = wsi->protocol->rx_buffer_size; + + if (n < 128) { + lwsl_err(" permessage-deflate requires the protocol (%s) to have an RX buffer >= 128\n", + wsi->protocol->name); + return -1; + } + + /* fill in **user */ + priv = lws_zalloc(sizeof(*priv)); + *((void **)user) = priv; + lwsl_ext("%s: LWS_EXT_CB_*CONSTRUCT\n", __func__); + memset(priv, 0, sizeof(*priv)); + + /* fill in pointer to options list */ + if (in) + *((const struct lws_ext_options **)in) = + lws_ext_pm_deflate_options; + + /* fallthru */ + + case LWS_EXT_CB_OPTION_DEFAULT: + + /* set the public, RFC7692 defaults... */ + + priv->args[PMD_SERVER_NO_CONTEXT_TAKEOVER] = 0, + priv->args[PMD_CLIENT_NO_CONTEXT_TAKEOVER] = 0; + priv->args[PMD_SERVER_MAX_WINDOW_BITS] = 15; + priv->args[PMD_CLIENT_MAX_WINDOW_BITS] = 15; + + /* ...and the ones the user code can override */ + + priv->args[PMD_RX_BUF_PWR2] = 10; /* ie, 1024 */ + priv->args[PMD_TX_BUF_PWR2] = 10; /* ie, 1024 */ + priv->args[PMD_COMP_LEVEL] = 1; + priv->args[PMD_MEM_LEVEL] = 8; + + lws_extension_pmdeflate_restrict_args(wsi, priv); + break; + + case LWS_EXT_CB_DESTROY: + lwsl_ext("%s: LWS_EXT_CB_DESTROY\n", __func__); + lws_free(priv->buf_rx_inflated); + lws_free(priv->buf_tx_deflated); + if (priv->rx_init) + (void)inflateEnd(&priv->rx); + if (priv->tx_init) + (void)deflateEnd(&priv->tx); + lws_free(priv); + return ret; + + case LWS_EXT_CB_PAYLOAD_RX: + lwsl_ext(" %s: LWS_EXT_CB_PAYLOAD_RX: in %d, existing in %d\n", + __func__, eff_buf->token_len, priv->rx.avail_in); + if (!(wsi->u.ws.rsv_first_msg & 0x40)) + return 0; + +#if 0 + for (n = 0; n < eff_buf->token_len; n++) { + printf("%02X ", (unsigned char)eff_buf->token[n]); + if ((n & 15) == 15) + printf("\n"); + } + printf("\n"); +#endif + if (!priv->rx_init) + if (inflateInit2(&priv->rx, -priv->args[PMD_SERVER_MAX_WINDOW_BITS]) != Z_OK) { + lwsl_err("%s: iniflateInit failed\n", __func__); + return -1; + } + priv->rx_init = 1; + if (!priv->buf_rx_inflated) + priv->buf_rx_inflated = lws_malloc(LWS_PRE + 7 + 5 + + (1 << priv->args[PMD_RX_BUF_PWR2])); + if (!priv->buf_rx_inflated) { + lwsl_err("%s: OOM\n", __func__); + return -1; + } + + /* + * We have to leave the input stream alone if we didn't + * finish with it yet. The input stream is held in the wsi + * rx buffer by the caller, so this assumption is safe while + * we block new rx while draining the existing rx + */ + if (!priv->rx.avail_in && eff_buf->token && eff_buf->token_len) { + priv->rx.next_in = (unsigned char *)eff_buf->token; + priv->rx.avail_in = eff_buf->token_len; + } + priv->rx.next_out = priv->buf_rx_inflated + LWS_PRE; + eff_buf->token = (char *)priv->rx.next_out; + priv->rx.avail_out = 1 << priv->args[PMD_RX_BUF_PWR2]; + + if (priv->rx_held_valid) { + lwsl_ext("-- RX piling on held byte --\n"); + *(priv->rx.next_out++) = priv->rx_held; + priv->rx.avail_out--; + priv->rx_held_valid = 0; + } + + /* if... + * + * - he has no remaining input content for this message, and + * - and this is the final fragment, and + * - we used everything that could be drained on the input side + * + * ...then put back the 00 00 FF FF the sender stripped as our + * input to zlib + */ + if (!priv->rx.avail_in && wsi->u.ws.final && + !wsi->u.ws.rx_packet_length) { + lwsl_ext("RX APPEND_TRAILER-DO\n"); + was_fin = 1; + priv->rx.next_in = trail; + priv->rx.avail_in = sizeof(trail); + } + + n = inflate(&priv->rx, Z_NO_FLUSH); + lwsl_ext("inflate ret %d, avi %d, avo %d, wsifinal %d\n", n, + priv->rx.avail_in, priv->rx.avail_out, wsi->u.ws.final); + switch (n) { + case Z_NEED_DICT: + case Z_STREAM_ERROR: + case Z_DATA_ERROR: + case Z_MEM_ERROR: + lwsl_info("zlib error inflate %d: %s\n", + n, priv->rx.msg); + return -1; + } + /* + * If we did not already send in the 00 00 FF FF, and he's + * out of input, he did not EXACTLY fill the output buffer + * (which is ambiguous and we will force it to go around + * again by withholding a byte), and he's otherwise working on + * being a FIN fragment, then do the FIN message processing + * of faking up the 00 00 FF FF that the sender stripped. + */ + if (!priv->rx.avail_in && wsi->u.ws.final && + !wsi->u.ws.rx_packet_length && !was_fin && + priv->rx.avail_out /* ambiguous as to if it is the end */ + ) { + lwsl_ext("RX APPEND_TRAILER-DO\n"); + was_fin = 1; + priv->rx.next_in = trail; + priv->rx.avail_in = sizeof(trail); + n = inflate(&priv->rx, Z_SYNC_FLUSH); + lwsl_ext("RX trailer inf returned %d, avi %d, avo %d\n", n, + priv->rx.avail_in, priv->rx.avail_out); + switch (n) { + case Z_NEED_DICT: + case Z_STREAM_ERROR: + case Z_DATA_ERROR: + case Z_MEM_ERROR: + lwsl_info("zlib error inflate %d: %s\n", + n, priv->rx.msg); + return -1; + } + } + /* + * we must announce in our returncode now if there is more + * output to be expected from inflate, so we can decide to + * set the FIN bit on this bufferload or not. However zlib + * is ambiguous when we exactly filled the inflate buffer. It + * does not give us a clue as to whether we should understand + * that to mean he ended on a buffer boundary, or if there is + * more in the pipeline. + * + * So to work around that safely, if it used all output space + * exactly, we ALWAYS say there is more coming and we withhold + * the last byte of the buffer to guarantee that is true. + * + * That still leaves us at least one byte to finish with a FIN + * on, even if actually nothing more is coming from the next + * inflate action itself. + */ + if (!priv->rx.avail_out) { /* he used all available out buf */ + lwsl_ext("-- rx grabbing held --\n"); + /* snip the last byte and hold it for next time */ + priv->rx_held = *(--priv->rx.next_out); + priv->rx_held_valid = 1; + } + + eff_buf->token_len = (char *)priv->rx.next_out - eff_buf->token; + priv->count_rx_between_fin += eff_buf->token_len; + + lwsl_ext(" %s: RX leaving with new effbuff len %d, " + "ret %d, rx.avail_in=%d, TOTAL RX since FIN %lu\n", + __func__, eff_buf->token_len, priv->rx_held_valid, + priv->rx.avail_in, + (unsigned long)priv->count_rx_between_fin); + + if (was_fin) { + priv->count_rx_between_fin = 0; + if (priv->args[PMD_SERVER_NO_CONTEXT_TAKEOVER]) { + (void)inflateEnd(&priv->rx); + priv->rx_init = 0; + } + } +#if 0 + for (n = 0; n < eff_buf->token_len; n++) + putchar(eff_buf->token[n]); + puts("\n"); +#endif + + return priv->rx_held_valid; + + case LWS_EXT_CB_PAYLOAD_TX: + + if (!priv->tx_init) { + n = deflateInit2(&priv->tx, priv->args[PMD_COMP_LEVEL], + Z_DEFLATED, + -priv->args[PMD_SERVER_MAX_WINDOW_BITS + + (wsi->vhost->listen_port <= 0)], + priv->args[PMD_MEM_LEVEL], + Z_DEFAULT_STRATEGY); + if (n != Z_OK) { + lwsl_ext("inflateInit2 failed %d\n", n); + return 1; + } + } + priv->tx_init = 1; + if (!priv->buf_tx_deflated) + priv->buf_tx_deflated = lws_malloc(LWS_PRE + 7 + 5 + + (1 << priv->args[PMD_TX_BUF_PWR2])); + if (!priv->buf_tx_deflated) { + lwsl_err("%s: OOM\n", __func__); + return -1; + } + + if (eff_buf->token) { + lwsl_ext("%s: TX: eff_buf length %d\n", __func__, + eff_buf->token_len); + priv->tx.next_in = (unsigned char *)eff_buf->token; + priv->tx.avail_in = eff_buf->token_len; + } + +#if 0 + for (n = 0; n < eff_buf->token_len; n++) { + printf("%02X ", (unsigned char)eff_buf->token[n]); + if ((n & 15) == 15) + printf("\n"); + } + printf("\n"); +#endif + + priv->tx.next_out = priv->buf_tx_deflated + LWS_PRE + 5; + eff_buf->token = (char *)priv->tx.next_out; + priv->tx.avail_out = 1 << priv->args[PMD_TX_BUF_PWR2]; + + n = deflate(&priv->tx, Z_SYNC_FLUSH); + if (n == Z_STREAM_ERROR) { + lwsl_ext("%s: Z_STREAM_ERROR\n", __func__); + return -1; + } + + if (priv->tx_held_valid) { + priv->tx_held_valid = 0; + if (priv->tx.avail_out == 1 << priv->args[PMD_TX_BUF_PWR2]) + /* + * we can get a situation he took something in + * but did not generate anything out, at the end + * of a message (eg, next thing he sends is 80 + * 00, a zero length FIN, like Authobahn can + * send). + * If we have come back as a FIN, we must not + * place the pending trailer 00 00 FF FF, just + * the 1 byte of live data + */ + *(--eff_buf->token) = priv->tx_held[0]; + else { + /* he generated data, prepend whole pending */ + eff_buf->token -= 5; + for (n = 0; n < 5; n++) + eff_buf->token[n] = priv->tx_held[n]; + + } + } + priv->compressed_out = 1; + eff_buf->token_len = (int)(priv->tx.next_out - + (unsigned char *)eff_buf->token); + + /* + * we must announce in our returncode now if there is more + * output to be expected from inflate, so we can decide to + * set the FIN bit on this bufferload or not. However zlib + * is ambiguous when we exactly filled the inflate buffer. It + * does not give us a clue as to whether we should understand + * that to mean he ended on a buffer boundary, or if there is + * more in the pipeline. + * + * Worse, the guy providing the stuff we are sending may not + * know until after that this was, actually, the last chunk, + * that can happen even if we did not fill the output buf, ie + * he may send after this a zero-length FIN fragment. + * + * This is super difficult because we must snip the last 4 + * bytes in the case this is the last compressed output of the + * message. The only way to deal with it is defer sending the + * last 5 bytes of each frame until the next one, when we will + * be in a position to understand if that has a FIN or not. + */ + + extra = !!(len & LWS_WRITE_NO_FIN) || !priv->tx.avail_out; + + if (eff_buf->token_len >= 4 + extra) { + lwsl_ext("tx held %d\n", 4 + extra); + priv->tx_held_valid = extra; + for (n = 3 + extra; n >= 0; n--) + priv->tx_held[n] = *(--priv->tx.next_out); + eff_buf->token_len -= 4 + extra; + } + lwsl_ext(" TX rewritten with new effbuff len %d, ret %d\n", + eff_buf->token_len, !priv->tx.avail_out); + + return !priv->tx.avail_out; /* 1 == have more tx pending */ + + case LWS_EXT_CB_PACKET_TX_PRESEND: + if (!priv->compressed_out) + break; + priv->compressed_out = 0; + + if ((*(eff_buf->token) & 0x80) && + priv->args[PMD_CLIENT_NO_CONTEXT_TAKEOVER]) { + lwsl_debug("PMD_CLIENT_NO_CONTEXT_TAKEOVER\n"); + (void)deflateEnd(&priv->tx); + priv->tx_init = 0; + } + + n = *(eff_buf->token) & 15; + /* set RSV1, but not on CONTINUATION */ + if (n == LWSWSOPC_TEXT_FRAME || n == LWSWSOPC_BINARY_FRAME) + *eff_buf->token |= 0x40; +#if 0 + for (n = 0; n < eff_buf->token_len; n++) { + printf("%02X ", (unsigned char)eff_buf->token[n]); + if ((n & 15) == 15) + puts("\n"); + } + puts("\n"); +#endif + lwsl_ext("%s: tx opcode 0x%02X\n", __func__, + (unsigned char)*eff_buf->token); + break; + + default: + break; + } + + return 0; +} + diff --git a/lib/roles/ws/ext/extension-permessage-deflate.h b/lib/extension-permessage-deflate.h similarity index 79% rename from lib/roles/ws/ext/extension-permessage-deflate.h rename to lib/extension-permessage-deflate.h index 7c56020..8737736 100644 --- a/lib/roles/ws/ext/extension-permessage-deflate.h +++ b/lib/extension-permessage-deflate.h @@ -1,9 +1,5 @@ -#if defined(LWS_WITH_MINIZ) -#include -#else #include -#endif #define DEFLATE_FRAME_COMPRESSION_LEVEL_SERVER 1 #define DEFLATE_FRAME_COMPRESSION_LEVEL_CLIENT Z_DEFAULT_COMPRESSION @@ -28,19 +24,18 @@ struct lws_ext_pm_deflate_priv { unsigned char *buf_rx_inflated; /* RX inflated output buffer */ unsigned char *buf_tx_deflated; /* TX deflated output buffer */ - unsigned char *buf_tx_holding; - size_t count_rx_between_fin; - size_t count_tx_between_fin; - - size_t len_tx_holding; unsigned char args[PMD_ARG_COUNT]; - - unsigned char tx_first_frame_type; + unsigned char tx_held[5]; + unsigned char rx_held; unsigned char tx_init:1; unsigned char rx_init:1; unsigned char compressed_out:1; + unsigned char rx_held_valid:1; + unsigned char tx_held_valid:1; + unsigned char rx_append_trailer:1; + unsigned char pending_tx_trailer:1; }; diff --git a/lib/roles/ws/ext/extension.c b/lib/extension.c similarity index 70% rename from lib/roles/ws/ext/extension.c rename to lib/extension.c index a8bb1c7..ac28204 100644 --- a/lib/roles/ws/ext/extension.c +++ b/lib/extension.c @@ -1,9 +1,9 @@ -#include "core/private.h" +#include "private-libwebsockets.h" #include "extension-permessage-deflate.h" LWS_VISIBLE void -lws_context_init_extensions(const struct lws_context_creation_info *info, +lws_context_init_extensions(struct lws_context_creation_info *info, struct lws_context *context) { lwsl_info(" LWS_MAX_EXTENSIONS_ACTIVE: %u\n", LWS_MAX_EXTENSIONS_ACTIVE); @@ -54,31 +54,26 @@ lws_ext_parse_options(const struct lws_extension *ext, struct lws *wsi, n = 0; pending_close_quote = 0; while (m) { - if (!(m & 1)) { - m >>= 1; - n++; - continue; - } - lwsl_ext(" m=%d, n=%d, w=%d\n", m, n, w); - - if (*in == opts[n].name[w]) { - if (!opts[n].name[w + 1]) { - oa.option_index = n; - lwsl_ext("hit %d\n", - oa.option_index); - leap = LEAPS_SEEK_VAL; - if (len == 1) - goto set_arg; - break; - } - } else { - match_map &= ~(1 << n); - if (!match_map) { - lwsl_ext("empty match map\n"); - return -1; + if (m & 1) { + lwsl_ext(" m=%d, n=%d, w=%d\n", m, n, w); + + if (*in == opts[n].name[w]) { + if (!opts[n].name[w + 1]) { + oa.option_index = n; + lwsl_ext("hit %d\n", oa.option_index); + leap = LEAPS_SEEK_VAL; + if (len == 1) + goto set_arg; + break; + } + } else { + match_map &= ~(1 << n); + if (!match_map) { + lwsl_ext("empty match map\n"); + return -1; + } } } - m >>= 1; n++; } @@ -126,7 +121,7 @@ lws_ext_parse_options(const struct lws_extension *ext, struct lws *wsi, return -1; leap = LEAPS_SEEK_ARG_TERM; if (oa.start) - oa.len = lws_ptr_diff(in, oa.start); + oa.len = in - oa.start; if (len == 1) oa.len++; @@ -168,21 +163,18 @@ int lws_ext_cb_active(struct lws *wsi, int reason, void *arg, int len) { int n, m, handled = 0; - if (!wsi->ws) - return 0; - - for (n = 0; n < wsi->ws->count_act_ext; n++) { - m = wsi->ws->active_extensions[n]->callback( - lws_get_context(wsi), wsi->ws->active_extensions[n], - wsi, reason, wsi->ws->act_ext_user[n], arg, len); + for (n = 0; n < wsi->count_act_ext; n++) { + m = wsi->active_extensions[n]->callback(lws_get_context(wsi), + wsi->active_extensions[n], wsi, reason, + wsi->act_ext_user[n], arg, len); if (m < 0) { lwsl_ext("Ext '%s' failed to handle callback %d!\n", - wsi->ws->active_extensions[n]->name, reason); + wsi->active_extensions[n]->name, reason); return -1; } /* valgrind... */ if (reason == LWS_EXT_CB_DESTROY) - wsi->ws->act_ext_user[n] = NULL; + wsi->act_ext_user[n] = NULL; if (m > handled) handled = m; } @@ -196,17 +188,17 @@ int lws_ext_cb_all_exts(struct lws_context *context, struct lws *wsi, int n = 0, m, handled = 0; const struct lws_extension *ext; - if (!wsi || !wsi->vhost || !wsi->ws) + if (!wsi || !wsi->vhost) return 0; - ext = wsi->vhost->ws.extensions; + ext = wsi->vhost->extensions; while (ext && ext->callback && !handled) { m = ext->callback(context, ext, wsi, reason, (void *)(lws_intptr_t)n, arg, len); if (m < 0) { lwsl_ext("Ext '%s' failed to handle callback %d!\n", - wsi->ws->active_extensions[n]->name, reason); + wsi->active_extensions[n]->name, reason); return -1; } if (m) @@ -222,11 +214,11 @@ int lws_ext_cb_all_exts(struct lws_context *context, struct lws *wsi, int lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len) { - struct lws_tokens ebuf; + struct lws_tokens eff_buf; int ret, m, n = 0; - ebuf.token = buf; - ebuf.len = (int)len; + eff_buf.token = (char *)buf; + eff_buf.token_len = len; /* * while we have original buf to spill ourselves, or extensions report @@ -241,37 +233,37 @@ lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len) ret = 0; /* show every extension the new incoming data */ - m = lws_ext_cb_active(wsi, LWS_EXT_CB_PACKET_TX_PRESEND, - &ebuf, 0); + m = lws_ext_cb_active(wsi, + LWS_EXT_CB_PACKET_TX_PRESEND, &eff_buf, 0); if (m < 0) return -1; if (m) /* handled */ ret = 1; - if (buf != ebuf.token) + if ((char *)buf != eff_buf.token) /* * extension recreated it: * need to buffer this if not all sent */ - wsi->ws->clean_buffer = 0; + wsi->u.ws.clean_buffer = 0; /* assuming they left us something to send, send it */ - if (ebuf.len) { - n = lws_issue_raw(wsi, ebuf.token, ebuf.len); + if (eff_buf.token_len) { + n = lws_issue_raw(wsi, (unsigned char *)eff_buf.token, + eff_buf.token_len); if (n < 0) { lwsl_info("closing from ext access\n"); return -1; } /* always either sent it all or privately buffered */ - if (wsi->ws->clean_buffer) + if (wsi->u.ws.clean_buffer) len = n; - - lwsl_ext("%s: written %d bytes to client\n", - __func__, n); } + lwsl_parser("written %d bytes to client\n", n); + /* no extension has more to spill? Then we can go */ if (!ret) @@ -279,15 +271,15 @@ lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len) /* we used up what we had */ - ebuf.token = NULL; - ebuf.len = 0; + eff_buf.token = NULL; + eff_buf.token_len = 0; /* * Did that leave the pipe choked? * Or we had to hold on to some of it? */ - if (!lws_send_pipe_choked(wsi) && !lws_has_buffered_out(wsi)) + if (!lws_send_pipe_choked(wsi) && !wsi->trunc_len) /* no we could add more, lets's do that */ continue; @@ -298,11 +290,11 @@ lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len) * when he is ready to send and take care of it there */ lws_callback_on_writable(wsi); - wsi->ws->extension_data_pending = 1; + wsi->extension_data_pending = 1; ret = 0; } - return (int)len; + return len; } int @@ -312,18 +304,15 @@ lws_any_extension_handled(struct lws *wsi, enum lws_extension_callback_reasons r struct lws_context *context = wsi->context; int n, handled = 0; - if (!wsi->ws) - return 0; - /* maybe an extension will take care of it for us */ - for (n = 0; n < wsi->ws->count_act_ext && !handled; n++) { - if (!wsi->ws->active_extensions[n]->callback) + for (n = 0; n < wsi->count_act_ext && !handled; n++) { + if (!wsi->active_extensions[n]->callback) continue; - handled |= wsi->ws->active_extensions[n]->callback(context, - wsi->ws->active_extensions[n], wsi, - r, wsi->ws->act_ext_user[n], v, len); + handled |= wsi->active_extensions[n]->callback(context, + wsi->active_extensions[n], wsi, + r, wsi->act_ext_user[n], v, len); } return handled; @@ -336,15 +325,12 @@ lws_set_extension_option(struct lws *wsi, const char *ext_name, struct lws_ext_option_arg oa; int idx = 0; - if (!wsi->ws) - return 0; - /* first identify if the ext is active on this wsi */ - while (idx < wsi->ws->count_act_ext && - strcmp(wsi->ws->active_extensions[idx]->name, ext_name)) + while (idx < wsi->count_act_ext && + strcmp(wsi->active_extensions[idx]->name, ext_name)) idx++; - if (idx == wsi->ws->count_act_ext) + if (idx == wsi->count_act_ext) return -1; /* request ext not active on this wsi */ oa.option_name = opt_name; @@ -352,8 +338,7 @@ lws_set_extension_option(struct lws *wsi, const char *ext_name, oa.start = opt_val; oa.len = 0; - return wsi->ws->active_extensions[idx]->callback(wsi->context, - wsi->ws->active_extensions[idx], wsi, - LWS_EXT_CB_NAMED_OPTION_SET, wsi->ws->act_ext_user[idx], - &oa, 0); + return wsi->active_extensions[idx]->callback( + wsi->context, wsi->active_extensions[idx], wsi, + LWS_EXT_CB_NAMED_OPTION_SET, wsi->act_ext_user[idx], &oa, 0); } diff --git a/lib/roles/http/server/fops-zip.c b/lib/fops-zip.c similarity index 98% rename from lib/roles/http/server/fops-zip.c rename to lib/fops-zip.c index 5c1d482..45818c7 100644 --- a/lib/roles/http/server/fops-zip.c +++ b/lib/fops-zip.c @@ -51,13 +51,9 @@ * MA 02110-1301 USA */ -#include "core/private.h" +#include "private-libwebsockets.h" -#if defined(LWS_WITH_MINIZ) -#include -#else #include -#endif /* * This code works with zip format containers which may have files compressed @@ -245,13 +241,13 @@ lws_fops_zip_scan(lws_fops_zip_t priv, const char *name, int len) if (priv->hdr.filename_len != len) goto next; - if (len >= (int)sizeof(buf) - 1) + if (len >= sizeof(buf) - 1) return LWS_FZ_ERR_NAME_TOO_LONG; if (priv->zip_fop_fd->fops->LWS_FOP_READ(priv->zip_fop_fd, &amount, buf, len)) return LWS_FZ_ERR_NAME_READ; - if ((int)amount != len) + if (amount != len) return LWS_FZ_ERR_NAME_READ; buf[len] = '\0'; @@ -344,7 +340,7 @@ lws_fops_zip_open(const struct lws_plat_file_ops *fops, const char *vfs_path, * will come pointing at "/index.html" */ - priv = lws_zalloc(sizeof(*priv), "fops_zip priv"); + priv = lws_zalloc(sizeof(*priv)); if (!priv) return NULL; @@ -352,8 +348,9 @@ lws_fops_zip_open(const struct lws_plat_file_ops *fops, const char *vfs_path, m = sizeof(rp) - 1; if ((vpath - vfs_path - 1) < m) - m = lws_ptr_diff(vpath, vfs_path) - 1; - lws_strncpy(rp, vfs_path, m + 1); + m = vpath - vfs_path - 1; + strncpy(rp, vfs_path, m); + rp[m] = '\0'; /* open the zip file itself using the incoming fops, not fops_zip */ @@ -366,7 +363,7 @@ lws_fops_zip_open(const struct lws_plat_file_ops *fops, const char *vfs_path, if (*vpath == '/') vpath++; - m = lws_fops_zip_scan(priv, vpath, (int)strlen(vpath)); + m = lws_fops_zip_scan(priv, vpath, strlen(vpath)); if (m) { lwsl_err("unable to find record matching '%s' %d\n", vpath, m); goto bail2; @@ -568,7 +565,7 @@ spin: switch (ret) { case Z_NEED_DICT: ret = Z_DATA_ERROR; - /* fallthru */ + /* and fall through */ case Z_DATA_ERROR: case Z_MEM_ERROR: diff --git a/lib/misc/getifaddrs.c b/lib/getifaddrs.c similarity index 95% rename from lib/misc/getifaddrs.c rename to lib/getifaddrs.c index 735b899..0783019 100644 --- a/lib/misc/getifaddrs.c +++ b/lib/getifaddrs.c @@ -1,4 +1,9 @@ /* + * downloaded from + * http://ftp.uninett.no/pub/OpenBSD/src/kerberosV/src/lib/roken/getifaddrs.c + */ +#if !LWS_HAVE_GETIFADDRS +/* * Copyright (c) 2000 - 2001 Kungliga Tekniska H�gskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. @@ -29,10 +34,6 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * originally downloaded from - * - * http://ftp.uninett.no/pub/OpenBSD/src/kerberosV/src/lib/roken/getifaddrs.c */ #include @@ -43,7 +44,7 @@ #include #include #include -#include "core/private.h" +#include "private-libwebsockets.h" #ifdef LWS_HAVE_SYS_SOCKIO_H #include @@ -83,7 +84,7 @@ getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, buf_size = 8192; for (;;) { - buf = lws_zalloc(buf_size, "getifaddrs2"); + buf = lws_zalloc(buf_size); if (buf == NULL) { ret = ENOMEM; goto error_out; @@ -135,12 +136,12 @@ getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, goto error_out; } - *end = lws_malloc(sizeof(**end), "getifaddrs"); + *end = lws_malloc(sizeof(**end)); (*end)->ifa_next = NULL; (*end)->ifa_name = strdup(ifr->ifr_name); (*end)->ifa_flags = ifreq.ifr_flags; - (*end)->ifa_addr = lws_malloc(salen, "getifaddrs"); + (*end)->ifa_addr = lws_malloc(salen); memcpy((*end)->ifa_addr, sa, salen); (*end)->ifa_netmask = NULL; @@ -148,12 +149,12 @@ getifaddrs2(struct ifaddrs **ifap, int af, int siocgifconf, int siocgifflags, /* fix these when we actually need them */ if (ifreq.ifr_flags & IFF_BROADCAST) { (*end)->ifa_broadaddr = - lws_malloc(sizeof(ifr->ifr_broadaddr), "getifaddrs"); + lws_malloc(sizeof(ifr->ifr_broadaddr)); memcpy((*end)->ifa_broadaddr, &ifr->ifr_broadaddr, sizeof(ifr->ifr_broadaddr)); } else if (ifreq.ifr_flags & IFF_POINTOPOINT) { (*end)->ifa_dstaddr = - lws_malloc(sizeof(ifr->ifr_dstaddr), "getifaddrs"); + lws_malloc(sizeof(ifr->ifr_dstaddr)); memcpy((*end)->ifa_dstaddr, &ifr->ifr_dstaddr, sizeof(ifr->ifr_dstaddr)); } else @@ -268,3 +269,4 @@ main() return 0; } #endif +#endif diff --git a/lib/misc/getifaddrs.h b/lib/getifaddrs.h similarity index 100% rename from lib/misc/getifaddrs.h rename to lib/getifaddrs.h diff --git a/lib/handshake.c b/lib/handshake.c new file mode 100644 index 0000000..5e897e2 --- /dev/null +++ b/lib/handshake.c @@ -0,0 +1,262 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2015 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +/* + * -04 of the protocol (actually the 80th version) has a radically different + * handshake. The 04 spec gives the following idea + * + * The handshake from the client looks as follows: + * + * GET /chat HTTP/1.1 + * Host: server.example.com + * Upgrade: websocket + * Connection: Upgrade + * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== + * Sec-WebSocket-Origin: http://example.com + * Sec-WebSocket-Protocol: chat, superchat + * Sec-WebSocket-Version: 4 + * + * The handshake from the server looks as follows: + * + * HTTP/1.1 101 Switching Protocols + * Upgrade: websocket + * Connection: Upgrade + * Sec-WebSocket-Accept: me89jWimTRKTWwrS3aRrL53YZSo= + * Sec-WebSocket-Nonce: AQIDBAUGBwgJCgsMDQ4PEC== + * Sec-WebSocket-Protocol: chat + */ + +#ifndef min +#define min(a, b) ((a) < (b) ? (a) : (b)) +#endif + +/* + * We have to take care about parsing because the headers may be split + * into multiple fragments. They may contain unknown headers with arbitrary + * argument lengths. So, we parse using a single-character at a time state + * machine that is completely independent of packet size. + * + * Returns <0 for error or length of chars consumed from buf (up to len) + */ + +LWS_VISIBLE int +lws_read(struct lws *wsi, unsigned char *buf, lws_filepos_t len) +{ + unsigned char *last_char, *oldbuf = buf; + lws_filepos_t body_chunk_len; + size_t n; + + lwsl_debug("%s: incoming len %d state %d\n", __func__, (int)len, wsi->state); + + switch (wsi->state) { +#ifdef LWS_USE_HTTP2 + case LWSS_HTTP2_AWAIT_CLIENT_PREFACE: + case LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS: + case LWSS_HTTP2_ESTABLISHED: + n = 0; + while (n < len) { + /* + * we were accepting input but now we stopped doing so + */ + if (!(wsi->rxflow_change_to & LWS_RXFLOW_ALLOW)) { + lws_rxflow_cache(wsi, buf, n, len); + + return 1; + } + + /* account for what we're using in rxflow buffer */ + if (wsi->rxflow_buffer) + wsi->rxflow_pos++; + if (lws_http2_parser(wsi, buf[n++])) { + lwsl_debug("%s: http2_parser bailed\n", __func__); + goto bail; + } + } + break; +#endif + + case LWSS_HTTP_ISSUING_FILE: + return 0; + + case LWSS_CLIENT_HTTP_ESTABLISHED: + break; + + case LWSS_HTTP: + wsi->hdr_parsing_completed = 0; + /* fallthru */ + + case LWSS_HTTP_HEADERS: + if (!wsi->u.hdr.ah) { + lwsl_err("%s: LWSS_HTTP_HEADERS: NULL ah\n", __func__); + assert(0); + } + lwsl_parser("issuing %d bytes to parser\n", (int)len); + + if (lws_handshake_client(wsi, &buf, (size_t)len)) + goto bail; + + last_char = buf; + if (lws_handshake_server(wsi, &buf, (size_t)len)) + /* Handshake indicates this session is done. */ + goto bail; + + /* we might have transitioned to RAW */ + if (wsi->mode == LWSCM_RAW) + /* we gave the read buffer to RAW handler already */ + goto read_ok; + + /* + * It's possible that we've exhausted our data already, or + * rx flow control has stopped us dealing with this early, + * but lws_handshake_server doesn't update len for us. + * Figure out how much was read, so that we can proceed + * appropriately: + */ + len -= (buf - last_char); + lwsl_debug("%s: thinks we have used %ld\n", __func__, (long)len); + + if (!wsi->hdr_parsing_completed) + /* More header content on the way */ + goto read_ok; + + switch (wsi->state) { + case LWSS_HTTP: + case LWSS_HTTP_HEADERS: + goto read_ok; + case LWSS_HTTP_ISSUING_FILE: + goto read_ok; + case LWSS_HTTP_BODY: + wsi->u.http.content_remain = + wsi->u.http.content_length; + if (wsi->u.http.content_remain) + goto http_postbody; + + /* there is no POST content */ + goto postbody_completion; + default: + break; + } + break; + + case LWSS_HTTP_BODY: +http_postbody: + while (len && wsi->u.http.content_remain) { + /* Copy as much as possible, up to the limit of: + * what we have in the read buffer (len) + * remaining portion of the POST body (content_remain) + */ + body_chunk_len = min(wsi->u.http.content_remain,len); + wsi->u.http.content_remain -= body_chunk_len; + len -= body_chunk_len; +#ifdef LWS_WITH_CGI + if (wsi->cgi) { + struct lws_cgi_args args; + + args.ch = LWS_STDIN; + args.stdwsi = &wsi->cgi->stdwsi[0]; + args.data = buf; + args.len = body_chunk_len; + + /* returns how much used */ + n = user_callback_handle_rxflow( + wsi->protocol->callback, + wsi, LWS_CALLBACK_CGI_STDIN_DATA, + wsi->user_space, + (void *)&args, 0); + if ((int)n < 0) + goto bail; + } else { +#endif + n = wsi->protocol->callback(wsi, + LWS_CALLBACK_HTTP_BODY, wsi->user_space, + buf, (size_t)body_chunk_len); + if (n) + goto bail; + n = (size_t)body_chunk_len; +#ifdef LWS_WITH_CGI + } +#endif + buf += n; + + if (wsi->u.http.content_remain) { + lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_CONTENT, + wsi->context->timeout_secs); + break; + } + /* he sent all the content in time */ +postbody_completion: +#ifdef LWS_WITH_CGI + /* if we're running a cgi, we can't let him off the hook just because he sent his POST data */ + if (wsi->cgi) + lws_set_timeout(wsi, PENDING_TIMEOUT_CGI, wsi->context->timeout_secs); + else +#endif + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); +#ifdef LWS_WITH_CGI + if (!wsi->cgi) +#endif + { + n = wsi->protocol->callback(wsi, + LWS_CALLBACK_HTTP_BODY_COMPLETION, + wsi->user_space, NULL, 0); + if (n) + goto bail; + } + + break; + } + break; + + case LWSS_ESTABLISHED: + case LWSS_AWAITING_CLOSE_ACK: + case LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION: + case LWSS_SHUTDOWN: + if (lws_handshake_client(wsi, &buf, (size_t)len)) + goto bail; + switch (wsi->mode) { + case LWSCM_WS_SERVING: + + if (lws_interpret_incoming_packet(wsi, &buf, (size_t)len) < 0) { + lwsl_info("interpret_incoming_packet has bailed\n"); + goto bail; + } + break; + } + break; + default: + lwsl_err("%s: Unhandled state %d\n", __func__, wsi->state); + break; + } + +read_ok: + /* Nothing more to do for now */ + lwsl_info("%s: read_ok, used %ld\n", __func__, (long)(buf - oldbuf)); + + return buf - oldbuf; + +bail: + //lwsl_notice("closing connection at lws_read bail:\n"); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return -1; +} diff --git a/lib/header.c b/lib/header.c new file mode 100644 index 0000000..6744c67 --- /dev/null +++ b/lib/header.c @@ -0,0 +1,317 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2013 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +#include "lextable-strings.h" + + +const unsigned char *lws_token_to_string(enum lws_token_indexes token) +{ + if ((unsigned int)token >= ARRAY_SIZE(set)) + return NULL; + + return (unsigned char *)set[token]; +} + +int +lws_add_http_header_by_name(struct lws *wsi, const unsigned char *name, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end) +{ +#ifdef LWS_USE_HTTP2 + if (wsi->mode == LWSCM_HTTP2_SERVING) + return lws_add_http2_header_by_name(wsi, name, + value, length, p, end); +#else + (void)wsi; +#endif + if (name) { + while (*p < end && *name) + *((*p)++) = *name++; + if (*p == end) + return 1; + *((*p)++) = ' '; + } + if (*p + length + 3 >= end) + return 1; + + memcpy(*p, value, length); + *p += length; + *((*p)++) = '\x0d'; + *((*p)++) = '\x0a'; + + return 0; +} + +int lws_finalize_http_header(struct lws *wsi, unsigned char **p, + unsigned char *end) +{ +#ifdef LWS_USE_HTTP2 + if (wsi->mode == LWSCM_HTTP2_SERVING) + return 0; +#else + (void)wsi; +#endif + if ((lws_intptr_t)(end - *p) < 3) + return 1; + *((*p)++) = '\x0d'; + *((*p)++) = '\x0a'; + + return 0; +} + +int +lws_add_http_header_by_token(struct lws *wsi, enum lws_token_indexes token, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end) +{ + const unsigned char *name; +#ifdef LWS_USE_HTTP2 + if (wsi->mode == LWSCM_HTTP2_SERVING) + return lws_add_http2_header_by_token(wsi, token, value, length, p, end); +#endif + name = lws_token_to_string(token); + if (!name) + return 1; + return lws_add_http_header_by_name(wsi, name, value, length, p, end); +} + +int lws_add_http_header_content_length(struct lws *wsi, + lws_filepos_t content_length, + unsigned char **p, unsigned char *end) +{ + char b[24]; + int n; + + n = sprintf(b, "%llu", (unsigned long long)content_length); + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, + (unsigned char *)b, n, p, end)) + return 1; + wsi->u.http.content_length = content_length; + wsi->u.http.content_remain = content_length; + + return 0; +} + +STORE_IN_ROM static const char * const err400[] = { + "Bad Request", + "Unauthorized", + "Payment Required", + "Forbidden", + "Not Found", + "Method Not Allowed", + "Not Acceptable", + "Proxy Auth Required", + "Request Timeout", + "Conflict", + "Gone", + "Length Required", + "Precondition Failed", + "Request Entity Too Large", + "Request URI too Long", + "Unsupported Media Type", + "Requested Range Not Satisfiable", + "Expectation Failed" +}; + +STORE_IN_ROM static const char * const err500[] = { + "Internal Server Error", + "Not Implemented", + "Bad Gateway", + "Service Unavailable", + "Gateway Timeout", + "HTTP Version Not Supported" +}; + +int +lws_add_http_header_status(struct lws *wsi, unsigned int _code, + unsigned char **p, unsigned char *end) +{ + STORE_IN_ROM static const char * const hver[] = { + "HTTP/1.0", "HTTP/1.1", "HTTP/2" + }; + const struct lws_protocol_vhost_options *headers; + unsigned int code = _code & LWSAHH_CODE_MASK; + const char *description = "", *p1; + unsigned char code_and_desc[60]; + int n; + +#ifdef LWS_WITH_ACCESS_LOG + wsi->access_log.response = code; +#endif + +#ifdef LWS_USE_HTTP2 + if (wsi->mode == LWSCM_HTTP2_SERVING) + return lws_add_http2_header_status(wsi, code, p, end); +#endif + if (code >= 400 && code < (400 + ARRAY_SIZE(err400))) + description = err400[code - 400]; + if (code >= 500 && code < (500 + ARRAY_SIZE(err500))) + description = err500[code - 500]; + + if (code == 200) + description = "OK"; + + if (code == 304) + description = "Not Modified"; + else + if (code >= 300 && code < 400) + description = "Redirect"; + + if (wsi->u.http.request_version < ARRAY_SIZE(hver)) + p1 = hver[wsi->u.http.request_version]; + else + p1 = hver[0]; + + n = sprintf((char *)code_and_desc, "%s %u %s", p1, code, description); + + if (lws_add_http_header_by_name(wsi, NULL, code_and_desc, n, p, end)) + return 1; + + headers = wsi->vhost->headers; + while (headers) { + if (lws_add_http_header_by_name(wsi, + (const unsigned char *)headers->name, + (unsigned char *)headers->value, + strlen(headers->value), p, end)) + return 1; + + headers = headers->next; + } + + if (wsi->context->server_string && + !(_code & LWSAHH_FLAG_NO_SERVER_NAME)) + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_SERVER, + (unsigned char *)wsi->context->server_string, + wsi->context->server_string_len, p, end)) + return 1; + + if (wsi->vhost->options & LWS_SERVER_OPTION_STS) + if (lws_add_http_header_by_name(wsi, (unsigned char *) + "Strict-Transport-Security:", + (unsigned char *)"max-age=15768000 ; " + "includeSubDomains", 36, p, end)) + return 1; + + return 0; +} + +LWS_VISIBLE int +lws_return_http_status(struct lws *wsi, unsigned int code, + const char *html_body) +{ + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + unsigned char *p = pt->serv_buf + LWS_PRE; + unsigned char *start = p; + unsigned char *end = p + context->pt_serv_buf_size - LWS_PRE; + int n = 0, m, len; + char slen[20]; + + if (!html_body) + html_body = ""; + + if (lws_add_http_header_status(wsi, code, &p, end)) + return 1; + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)"text/html", 9, + &p, end)) + return 1; + + len = 35 + strlen(html_body) + sprintf(slen, "%d", code); + n = sprintf(slen, "%d", len); + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, + (unsigned char *)slen, n, + &p, end)) + return 1; + + if (lws_finalize_http_header(wsi, &p, end)) + return 1; + +#if defined(LWS_USE_HTTP2) + { + unsigned char *body = p + 512; + + m = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS); + if (m != (int)(p - start)) + return 1; + + len = sprintf((char *)body, "

%u

%s", + code, html_body); + + n = len; + m = lws_write(wsi, body, len, LWS_WRITE_HTTP); + } +#else + p += lws_snprintf((char *)p, end - p - 1, + "

%u

%s", + code, html_body); + + n = (int)(p - start); + m = lws_write(wsi, start, n, LWS_WRITE_HTTP); + if (m != n) + return 1; +#endif + + return m != n; +} + +LWS_VISIBLE int +lws_http_redirect(struct lws *wsi, int code, const unsigned char *loc, int len, + unsigned char **p, unsigned char *end) +{ + unsigned char *start = *p; + int n; + + if (lws_add_http_header_status(wsi, code, p, end)) + return -1; + + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_LOCATION, + loc, len, p, end)) + return -1; + /* + * if we're going with http/1.1 and keepalive, + * we have to give fake content metadata so the + * client knows we completed the transaction and + * it can do the redirect... + */ + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)"text/html", 9, + p, end)) + return -1; + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_CONTENT_LENGTH, + (unsigned char *)"0", 1, p, end)) + return -1; + + if (lws_finalize_http_header(wsi, p, end)) + return -1; + + n = lws_write(wsi, start, *p - start, + LWS_WRITE_HTTP_HEADERS); + + return n; +} diff --git a/lib/hpack.c b/lib/hpack.c new file mode 100644 index 0000000..a205cbc --- /dev/null +++ b/lib/hpack.c @@ -0,0 +1,704 @@ +/* + * lib/hpack.c + * + * Copyright (C) 2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +/* + * Official static header table for HPACK + * +-------+-----------------------------+---------------+ + | 1 | :authority | | + | 2 | :method | GET | + | 3 | :method | POST | + | 4 | :path | / | + | 5 | :path | /index.html | + | 6 | :scheme | http | + | 7 | :scheme | https | + | 8 | :status | 200 | + | 9 | :status | 204 | + | 10 | :status | 206 | + | 11 | :status | 304 | + | 12 | :status | 400 | + | 13 | :status | 404 | + | 14 | :status | 500 | + | 15 | accept-charset | | + | 16 | accept-encoding | gzip, deflate | + | 17 | accept-language | | + | 18 | accept-ranges | | + | 19 | accept | | + | 20 | access-control-allow-origin | | + | 21 | age | | + | 22 | allow | | + | 23 | authorization | | + | 24 | cache-control | | + | 25 | content-disposition | | + | 26 | content-encoding | | + | 27 | content-language | | + | 28 | content-length | | + | 29 | content-location | | + | 30 | content-range | | + | 31 | content-type | | + | 32 | cookie | | + | 33 | date | | + | 34 | etag | | + | 35 | expect | | + | 36 | expires | | + | 37 | from | | + | 38 | host | | + | 39 | if-match | | + | 40 | if-modified-since | | + | 41 | if-none-match | | + | 42 | if-range | | + | 43 | if-unmodified-since | | + | 44 | last-modified | | + | 45 | link | | + | 46 | location | | + | 47 | max-forwards | | + | 48 | proxy-authenticate | | + | 49 | proxy-authorization | | + | 50 | range | | + | 51 | referer | | + | 52 | refresh | | + | 53 | retry-after | | + | 54 | server | | + | 55 | set-cookie | | + | 56 | strict-transport-security | | + | 57 | transfer-encoding | | + | 58 | user-agent | | + | 59 | vary | | + | 60 | via | | + | 61 | www-authenticate | | + +-------+-----------------------------+---------------+ +*/ + +static const unsigned char static_token[] = { + 0, + WSI_TOKEN_HTTP_COLON_AUTHORITY, + WSI_TOKEN_HTTP_COLON_METHOD, + WSI_TOKEN_HTTP_COLON_METHOD, + WSI_TOKEN_HTTP_COLON_PATH, + WSI_TOKEN_HTTP_COLON_PATH, + WSI_TOKEN_HTTP_COLON_SCHEME, + WSI_TOKEN_HTTP_COLON_SCHEME, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_COLON_STATUS, + WSI_TOKEN_HTTP_ACCEPT_CHARSET, + WSI_TOKEN_HTTP_ACCEPT_ENCODING, + WSI_TOKEN_HTTP_ACCEPT_LANGUAGE, + WSI_TOKEN_HTTP_ACCEPT_RANGES, + WSI_TOKEN_HTTP_ACCEPT, + WSI_TOKEN_HTTP_ACCESS_CONTROL_ALLOW_ORIGIN, + WSI_TOKEN_HTTP_AGE, + WSI_TOKEN_HTTP_ALLOW, + WSI_TOKEN_HTTP_AUTHORIZATION, + WSI_TOKEN_HTTP_CACHE_CONTROL, + WSI_TOKEN_HTTP_CONTENT_DISPOSITION, + WSI_TOKEN_HTTP_CONTENT_ENCODING, + WSI_TOKEN_HTTP_CONTENT_LANGUAGE, + WSI_TOKEN_HTTP_CONTENT_LENGTH, + WSI_TOKEN_HTTP_CONTENT_LOCATION, + WSI_TOKEN_HTTP_CONTENT_RANGE, + WSI_TOKEN_HTTP_CONTENT_TYPE, + WSI_TOKEN_HTTP_COOKIE, + WSI_TOKEN_HTTP_DATE, + WSI_TOKEN_HTTP_ETAG, + WSI_TOKEN_HTTP_EXPECT, + WSI_TOKEN_HTTP_EXPIRES, + WSI_TOKEN_HTTP_FROM, + WSI_TOKEN_HOST, + WSI_TOKEN_HTTP_IF_MATCH, + WSI_TOKEN_HTTP_IF_MODIFIED_SINCE, + WSI_TOKEN_HTTP_IF_NONE_MATCH, + WSI_TOKEN_HTTP_IF_RANGE, + WSI_TOKEN_HTTP_IF_UNMODIFIED_SINCE, + WSI_TOKEN_HTTP_LAST_MODIFIED, + WSI_TOKEN_HTTP_LINK, + WSI_TOKEN_HTTP_LOCATION, + WSI_TOKEN_HTTP_MAX_FORWARDS, + WSI_TOKEN_HTTP_PROXY_AUTHENTICATE, + WSI_TOKEN_HTTP_PROXY_AUTHORIZATION, + WSI_TOKEN_HTTP_RANGE, + WSI_TOKEN_HTTP_REFERER, + WSI_TOKEN_HTTP_REFRESH, + WSI_TOKEN_HTTP_RETRY_AFTER, + WSI_TOKEN_HTTP_SERVER, + WSI_TOKEN_HTTP_SET_COOKIE, + WSI_TOKEN_HTTP_STRICT_TRANSPORT_SECURITY, + WSI_TOKEN_HTTP_TRANSFER_ENCODING, + WSI_TOKEN_HTTP_USER_AGENT, + WSI_TOKEN_HTTP_VARY, + WSI_TOKEN_HTTP_VIA, + WSI_TOKEN_HTTP_WWW_AUTHENTICATE, +}; + +/* some of the entries imply values as well as header names */ + +static const char * const http2_canned[] = { + "", + "", + "GET", + "POST", + "/", + "/index.html", + "http", + "https", + "200", + "204", + "206", + "304", + "400", + "404", + "500", + "", + "gzip, deflate" +}; + +/* see minihuf.c */ + +#include "huftable.h" + +static int huftable_decode(int pos, char c) +{ + int q = pos + !!c; + + if (lextable_terms[q >> 3] & (1 << (q & 7))) /* terminal */ + return lextable[q] | 0x8000; + + return pos + (lextable[q] << 1); +} + +static int lws_hpack_update_table_size(struct lws *wsi, int idx) +{ + lwsl_info("hpack set table size %d\n", idx); + return 0; +} + +static int lws_frag_start(struct lws *wsi, int hdr_token_idx) +{ + struct allocated_headers * ah = wsi->u.http2.http.ah; + + if (!hdr_token_idx) { + lwsl_err("%s: zero hdr_token_idx\n", __func__); + return 1; + } + + if (ah->nfrag >= ARRAY_SIZE(ah->frag_index)) { + lwsl_err("%s: frag index %d too big\n", __func__, ah->nfrag); + return 1; + } + + ah->frags[ah->nfrag].offset = ah->pos; + ah->frags[ah->nfrag].len = 0; + ah->frags[ah->nfrag].nfrag = 0; + + ah->frag_index[hdr_token_idx] = ah->nfrag; + + return 0; +} + +static int lws_frag_append(struct lws *wsi, unsigned char c) +{ + struct allocated_headers * ah = wsi->u.http2.http.ah; + + ah->data[ah->pos++] = c; + ah->frags[ah->nfrag].len++; + + return ah->pos >= wsi->context->max_http_header_data; +} + +static int lws_frag_end(struct lws *wsi) +{ + if (lws_frag_append(wsi, 0)) + return 1; + + wsi->u.http2.http.ah->nfrag++; + return 0; +} + +static void lws_dump_header(struct lws *wsi, int hdr) +{ + char s[200]; + int len = lws_hdr_copy(wsi, s, sizeof(s) - 1, hdr); + s[len] = '\0'; + lwsl_info(" hdr tok %d (%s) = '%s'\n", hdr, lws_token_to_string(hdr), s); +} + +static int +lws_token_from_index(struct lws *wsi, int index, char **arg, int *len) +{ + struct hpack_dynamic_table *dyn; + + /* dynamic table only belongs to network wsi */ + + wsi = lws_http2_get_network_wsi(wsi); + + dyn = wsi->u.http2.hpack_dyn_table; + + if (index < ARRAY_SIZE(static_token)) + return static_token[index]; + + if (!dyn) + return 0; + + index -= ARRAY_SIZE(static_token); + if (index >= dyn->num_entries) + return 0; + + if (arg && len) { + *arg = dyn->args + dyn->entries[index].arg_offset; + *len = dyn->entries[index].arg_len; + } + + return dyn->entries[index].token; +} + +static int +lws_hpack_add_dynamic_header(struct lws *wsi, int token, char *arg, int len) +{ + struct hpack_dynamic_table *dyn; + int ret = 1; + + wsi = lws_http2_get_network_wsi(wsi); + dyn = wsi->u.http2.hpack_dyn_table; + + if (!dyn) { + dyn = lws_zalloc(sizeof(*dyn)); + if (!dyn) + return 1; + wsi->u.http2.hpack_dyn_table = dyn; + + dyn->args = lws_malloc(1024); + if (!dyn->args) + goto bail1; + dyn->args_length = 1024; + dyn->entries = lws_malloc(sizeof(dyn->entries[0]) * 20); + if (!dyn->entries) + goto bail2; + dyn->num_entries = 20; + } + + if (dyn->next == dyn->num_entries) + return 1; + + if (dyn->args_length - dyn->pos < len) + return 1; + + dyn->entries[dyn->next].token = token; + dyn->entries[dyn->next].arg_offset = dyn->pos; + if (len) + memcpy(dyn->args + dyn->pos, arg, len); + dyn->entries[dyn->next].arg_len = len; + + lwsl_info("%s: added dynamic hdr %d, token %d (%s), len %d\n", + __func__, dyn->next, token, lws_token_to_string(token), len); + + dyn->pos += len; + dyn->next++; + + return 0; + +bail2: + lws_free(dyn->args); +bail1: + lws_free(dyn); + wsi->u.http2.hpack_dyn_table = NULL; + + return ret; +} + +static int lws_write_indexed_hdr(struct lws *wsi, int idx) +{ + const char *p; + int tok = lws_token_from_index(wsi, idx, NULL, 0); + + lwsl_info("writing indexed hdr %d (tok %d '%s')\n", idx, tok, + lws_token_to_string(tok)); + + if (lws_frag_start(wsi, tok)) + return 1; + + if (idx < ARRAY_SIZE(http2_canned)) { + p = http2_canned[idx]; + while (*p) + if (lws_frag_append(wsi, *p++)) + return 1; + } + if (lws_frag_end(wsi)) + return 1; + + lws_dump_header(wsi, tok); + + return 0; +} + +int lws_hpack_interpret(struct lws *wsi, unsigned char c) +{ + unsigned int prev; + unsigned char c1; + int n; + + lwsl_debug(" state %d\n", wsi->u.http2.hpack); + + switch (wsi->u.http2.hpack) { + case HPKS_OPT_PADDING: + wsi->u.http2.padding = c; + lwsl_info("padding %d\n", c); + if (wsi->u.http2.flags & LWS_HTTP2_FLAG_PRIORITY) { + wsi->u.http2.hpack = HKPS_OPT_E_DEPENDENCY; + wsi->u.http2.hpack_m = 4; + } else + wsi->u.http2.hpack = HPKS_TYPE; + break; + case HKPS_OPT_E_DEPENDENCY: + wsi->u.http2.hpack_e_dep <<= 8; + wsi->u.http2.hpack_e_dep |= c; + if (! --wsi->u.http2.hpack_m) { + lwsl_info("hpack_e_dep = 0x%x\n", wsi->u.http2.hpack_e_dep); + wsi->u.http2.hpack = HKPS_OPT_WEIGHT; + } + break; + case HKPS_OPT_WEIGHT: + /* weight */ + wsi->u.http2.hpack = HPKS_TYPE; + break; + + case HPKS_TYPE: + + if (wsi->u.http2.count > (wsi->u.http2.length - wsi->u.http2.padding)) { + lwsl_info("padding eat\n"); + break; + } + + if (c & 0x80) { /* indexed header field only */ + /* just a possibly-extended integer */ + wsi->u.http2.hpack_type = HPKT_INDEXED_HDR_7; + lwsl_debug("HKPS_TYPE setting header_index %d\n", c & 0x7f); + wsi->u.http2.header_index = c & 0x7f; + if ((c & 0x7f) == 0x7f) { + wsi->u.http2.hpack_len = c & 0x7f; + wsi->u.http2.hpack_m = 0; + wsi->u.http2.hpack = HPKS_IDX_EXT; + break; + } + lwsl_debug("HKPS_TYPE: %d\n", c & 0x7f); + if (lws_write_indexed_hdr(wsi, c & 0x7f)) + return 1; + /* stay at same state */ + break; + } + if (c & 0x40) { /* literal header incr idx */ + /* + * [possibly-extended hdr idx (6) | new literal hdr name] + * H + possibly-extended value length + * literal value + */ + lwsl_debug("HKPS_TYPE 2 setting header_index %d\n", 0); + wsi->u.http2.header_index = 0; + if (c == 0x40) { /* literal name */ + wsi->u.http2.hpack_type = HPKT_LITERAL_HDR_VALUE_INCR; + wsi->u.http2.value = 0; + wsi->u.http2.hpack = HPKS_HLEN; + break; + } + /* indexed name */ + wsi->u.http2.hpack_type = HPKT_INDEXED_HDR_6_VALUE_INCR; + if ((c & 0x3f) == 0x3f) { + wsi->u.http2.hpack_len = c & 0x3f; + wsi->u.http2.hpack_m = 0; + wsi->u.http2.hpack = HPKS_IDX_EXT; + break; + } + lwsl_debug("HKPS_TYPE 3 setting header_index %d\n", c & 0x3f); + wsi->u.http2.header_index = c & 0x3f; + wsi->u.http2.value = 1; + wsi->u.http2.hpack = HPKS_HLEN; + break; + } + switch(c & 0xf0) { + case 0x10: /* literal header never index */ + case 0: /* literal header without indexing */ + /* + * follows 0x40 except 4-bit hdr idx + * and don't add to index + */ + if (c == 0) { /* literal name */ + wsi->u.http2.hpack_type = HPKT_LITERAL_HDR_VALUE; + wsi->u.http2.hpack = HPKS_HLEN; + wsi->u.http2.value = 0; + break; + } + //lwsl_debug("indexed\n"); + /* indexed name */ + wsi->u.http2.hpack_type = HPKT_INDEXED_HDR_4_VALUE; + wsi->u.http2.header_index = 0; + if ((c & 0xf) == 0xf) { + wsi->u.http2.hpack_len = c & 0xf; + wsi->u.http2.hpack_m = 0; + wsi->u.http2.hpack = HPKS_IDX_EXT; + break; + } + //lwsl_err("HKPS_TYPE 5 setting header_index %d\n", c & 0xf); + wsi->u.http2.header_index = c & 0xf; + wsi->u.http2.value = 1; + wsi->u.http2.hpack = HPKS_HLEN; + break; + + case 0x20: + case 0x30: /* header table size update */ + /* possibly-extended size value (5) */ + wsi->u.http2.hpack_type = HPKT_SIZE_5; + if ((c & 0x1f) == 0x1f) { + wsi->u.http2.hpack_len = c & 0x1f; + wsi->u.http2.hpack_m = 0; + wsi->u.http2.hpack = HPKS_IDX_EXT; + break; + } + lws_hpack_update_table_size(wsi, c & 0x1f); + /* stay at HPKS_TYPE state */ + break; + } + break; + + case HPKS_IDX_EXT: + wsi->u.http2.hpack_len += (c & 0x7f) << wsi->u.http2.hpack_m; + wsi->u.http2.hpack_m += 7; + if (!(c & 0x80)) { + switch (wsi->u.http2.hpack_type) { + case HPKT_INDEXED_HDR_7: + //lwsl_err("HKPS_IDX_EXT hdr idx %d\n", wsi->u.http2.hpack_len); + if (lws_write_indexed_hdr(wsi, wsi->u.http2.hpack_len)) + return 1; + wsi->u.http2.hpack = HPKS_TYPE; + break; + default: + // lwsl_err("HKPS_IDX_EXT setting header_index %d\n", + // wsi->u.http2.hpack_len); + wsi->u.http2.header_index = wsi->u.http2.hpack_len; + wsi->u.http2.value = 1; + wsi->u.http2.hpack = HPKS_HLEN; + break; + } + } + break; + + case HPKS_HLEN: /* [ H | 7+ ] */ + wsi->u.http2.huff = !!(c & 0x80); + wsi->u.http2.hpack_pos = 0; + wsi->u.http2.hpack_len = c & 0x7f; + if (wsi->u.http2.hpack_len < 0x7f) { +pre_data: + if (wsi->u.http2.value) { + if (wsi->u.http2.header_index) + if (lws_frag_start(wsi, lws_token_from_index(wsi, + wsi->u.http2.header_index, + NULL, NULL))) { + // lwsl_notice("%s: hlen failed\n", __func__); + return 1; + } + } else + wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; + wsi->u.http2.hpack = HPKS_DATA; + break; + } + wsi->u.http2.hpack_m = 0; + wsi->u.http2.hpack = HPKS_HLEN_EXT; + break; + + case HPKS_HLEN_EXT: + wsi->u.http2.hpack_len += (c & 0x7f) << + wsi->u.http2.hpack_m; + wsi->u.http2.hpack_m += 7; + if (!(c & 0x80)) + goto pre_data; + + break; + + case HPKS_DATA: + for (n = 0; n < 8; n++) { + if (wsi->u.http2.huff) { + prev = wsi->u.http2.hpack_pos; + wsi->u.http2.hpack_pos = huftable_decode( + wsi->u.http2.hpack_pos, + (c >> 7) & 1); + c <<= 1; + if (wsi->u.http2.hpack_pos == 0xffff) + return 1; + if (!(wsi->u.http2.hpack_pos & 0x8000)) + continue; + c1 = wsi->u.http2.hpack_pos & 0x7fff; + wsi->u.http2.hpack_pos = 0; + + if (!c1 && prev == HUFTABLE_0x100_PREV) + ; /* EOT */ + } else { + n = 8; + c1 = c; + } + if (wsi->u.http2.value) { /* value */ + if (wsi->u.http2.header_index) + if (lws_frag_append(wsi, c1)) + return 1; + } else { /* name */ + if (lws_parse(wsi, c1)) + return 1; + + } + } + if (--wsi->u.http2.hpack_len == 0) { + + switch (wsi->u.http2.hpack_type) { + case HPKT_LITERAL_HDR_VALUE_INCR: + case HPKT_INDEXED_HDR_6_VALUE_INCR: // !!! + if (lws_hpack_add_dynamic_header(wsi, + lws_token_from_index(wsi, + wsi->u.http2.header_index, + NULL, NULL), NULL, 0)) + return 1; + break; + default: + break; + } + + n = 8; + if (wsi->u.http2.value) { + if (lws_frag_end(wsi)) + return 1; + // lwsl_err("data\n"); + lws_dump_header(wsi, lws_token_from_index( + wsi, wsi->u.http2.header_index, + NULL, NULL)); + if (wsi->u.http2.count + wsi->u.http2.padding == + wsi->u.http2.length) + wsi->u.http2.hpack = HKPS_OPT_DISCARD_PADDING; + else + wsi->u.http2.hpack = HPKS_TYPE; + } else { /* name */ + //if (wsi->u.hdr.parser_state < WSI_TOKEN_COUNT) + + wsi->u.http2.value = 1; + wsi->u.http2.hpack = HPKS_HLEN; + } + } + break; + case HKPS_OPT_DISCARD_PADDING: + lwsl_info("eating padding %x\n", c); + if (! --wsi->u.http2.padding) + wsi->u.http2.hpack = HPKS_TYPE; + break; + } + + return 0; +} + +static int lws_http2_num(int starting_bits, unsigned long num, + unsigned char **p, unsigned char *end) +{ + int mask = (1 << starting_bits) - 1; + + if (num < mask) { + *((*p)++) |= num; + return *p >= end; + } + + *((*p)++) |= mask; + if (*p >= end) + return 1; + + num -= mask; + while (num >= 128) { + *((*p)++) = 0x80 | (num & 0x7f); + if (*p >= end) + return 1; + num >>= 7; + } + + return 0; +} + +int lws_add_http2_header_by_name(struct lws *wsi, + const unsigned char *name, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end) +{ + int len; + + lwsl_info("%s: %p %s:%s\n", __func__, *p, name, value); + + len = strlen((char *)name); + if (len) + if (name[len - 1] == ':') + len--; + + if (end - *p < len + length + 8) + return 1; + + *((*p)++) = 0; /* not indexed, literal name */ + + **p = 0; /* non-HUF */ + if (lws_http2_num(7, len, p, end)) + return 1; + memcpy(*p, name, len); + *p += len; + + *(*p) = 0; /* non-HUF */ + if (lws_http2_num(7, length, p, end)) + return 1; + + memcpy(*p, value, length); + *p += length; + + return 0; +} + +int lws_add_http2_header_by_token(struct lws *wsi, enum lws_token_indexes token, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end) +{ + const unsigned char *name; + + name = lws_token_to_string(token); + if (!name) + return 1; + + return lws_add_http2_header_by_name(wsi, name, value, length, p, end); +} + +int lws_add_http2_header_status(struct lws *wsi, + unsigned int code, unsigned char **p, + unsigned char *end) +{ + unsigned char status[10]; + int n; + + wsi->u.http2.send_END_STREAM = !!(code >= 400); + + n = sprintf((char *)status, "%u", code); + if (lws_add_http2_header_by_token(wsi, WSI_TOKEN_HTTP_COLON_STATUS, + status, n, p, end)) + + return 1; + + return 0; +} diff --git a/lib/http2.c b/lib/http2.c new file mode 100644 index 0000000..0bde700 --- /dev/null +++ b/lib/http2.c @@ -0,0 +1,536 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2013 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + + +#include "private-libwebsockets.h" + +const struct http2_settings lws_http2_default_settings = { { + 0, + /* LWS_HTTP2_SETTINGS__HEADER_TABLE_SIZE */ 4096, + /* LWS_HTTP2_SETTINGS__ENABLE_PUSH */ 1, + /* LWS_HTTP2_SETTINGS__MAX_CONCURRENT_STREAMS */ 100, + /* LWS_HTTP2_SETTINGS__INITIAL_WINDOW_SIZE */ 65535, + /* LWS_HTTP2_SETTINGS__MAX_FRAME_SIZE */ 16384, + /* LWS_HTTP2_SETTINGS__MAX_HEADER_LIST_SIZE */ ~0, +}}; + + +void lws_http2_init(struct http2_settings *settings) +{ + memcpy(settings, lws_http2_default_settings.setting, sizeof(*settings)); +} + +struct lws * +lws_http2_wsi_from_id(struct lws *wsi, unsigned int sid) +{ + do { + if (wsi->u.http2.my_stream_id == sid) + return wsi; + + wsi = wsi->u.http2.next_child_wsi; + } while (wsi); + + return NULL; +} + +struct lws * +lws_create_server_child_wsi(struct lws_vhost *vhost, struct lws *parent_wsi, + unsigned int sid) +{ + struct lws *wsi = lws_create_new_server_wsi(vhost); + + if (!wsi) + return NULL; + + /* no more children allowed by parent */ + if (parent_wsi->u.http2.child_count + 1 == + parent_wsi->u.http2.peer_settings.setting[ + LWS_HTTP2_SETTINGS__MAX_CONCURRENT_STREAMS]) + goto bail; + lws_http2_init(&wsi->u.http2.peer_settings); + lws_http2_init(&wsi->u.http2.my_settings); + wsi->u.http2.stream_id = sid; + wsi->u.http2.my_stream_id = sid; + + wsi->u.http2.parent_wsi = parent_wsi; + wsi->u.http2.next_child_wsi = parent_wsi->u.http2.next_child_wsi; + parent_wsi->u.http2.next_child_wsi = wsi; + parent_wsi->u.http2.child_count++; + + wsi->u.http2.my_priority = 16; + wsi->u.http2.tx_credit = 65535; + + wsi->state = LWSS_HTTP2_ESTABLISHED; + wsi->mode = parent_wsi->mode; + + wsi->protocol = &vhost->protocols[0]; + if (lws_ensure_user_space(wsi)) + goto bail; + + lwsl_info("%s: %p new child %p, sid %d, user_space=%p\n", __func__, + parent_wsi, wsi, sid, wsi->user_space); + + return wsi; + +bail: + vhost->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, + NULL, NULL, 0); + lws_free(wsi); + + return NULL; +} + +int lws_remove_server_child_wsi(struct lws_context *context, struct lws *wsi) +{ + struct lws **w = &wsi->u.http2.parent_wsi; + do { + if (*w == wsi) { + *w = wsi->u.http2.next_child_wsi; + (wsi->u.http2.parent_wsi)->u.http2.child_count--; + return 0; + } + + w = &((*w)->u.http2.next_child_wsi); + } while (*w); + + lwsl_err("%s: can't find %p\n", __func__, wsi); + return 1; +} + +int +lws_http2_interpret_settings_payload(struct http2_settings *settings, + unsigned char *buf, int len) +{ + unsigned int a, b; + + if (!len) + return 0; + + if (len < LWS_HTTP2_SETTINGS_LENGTH) + return 1; + + while (len >= LWS_HTTP2_SETTINGS_LENGTH) { + a = (buf[0] << 8) | buf[1]; + if (a < LWS_HTTP2_SETTINGS__COUNT) { + b = buf[2] << 24 | buf[3] << 16 | buf[4] << 8 | buf[5]; + settings->setting[a] = b; + lwsl_info("http2 settings %d <- 0x%x\n", a, b); + } + len -= LWS_HTTP2_SETTINGS_LENGTH; + buf += LWS_HTTP2_SETTINGS_LENGTH; + } + + if (len) + return 1; + + return 0; +} + +struct lws *lws_http2_get_network_wsi(struct lws *wsi) +{ + while (wsi->u.http2.parent_wsi) + wsi = wsi->u.http2.parent_wsi; + + return wsi; +} + +int lws_http2_frame_write(struct lws *wsi, int type, int flags, + unsigned int sid, unsigned int len, unsigned char *buf) +{ + struct lws *wsi_eff = lws_http2_get_network_wsi(wsi); + unsigned char *p = &buf[-LWS_HTTP2_FRAME_HEADER_LENGTH]; + int n; + + *p++ = len >> 16; + *p++ = len >> 8; + *p++ = len; + *p++ = type; + *p++ = flags; + *p++ = sid >> 24; + *p++ = sid >> 16; + *p++ = sid >> 8; + *p++ = sid; + + lwsl_info("%s: %p (eff %p). type %d, flags 0x%x, sid=%d, len=%d, tx_credit=%d\n", + __func__, wsi, wsi_eff, type, flags, sid, len, + wsi->u.http2.tx_credit); + + if (type == LWS_HTTP2_FRAME_TYPE_DATA) { + if (wsi->u.http2.tx_credit < len) + lwsl_err("%s: %p: sending payload len %d" + " but tx_credit only %d!\n", __func__, wsi, len, + wsi->u.http2.tx_credit); + wsi->u.http2.tx_credit -= len; + } + + n = lws_issue_raw(wsi_eff, &buf[-LWS_HTTP2_FRAME_HEADER_LENGTH], + len + LWS_HTTP2_FRAME_HEADER_LENGTH); + if (n >= LWS_HTTP2_FRAME_HEADER_LENGTH) + return n - LWS_HTTP2_FRAME_HEADER_LENGTH; + + return n; +} + +static void lws_http2_settings_write(struct lws *wsi, int n, unsigned char *buf) +{ + *buf++ = n >> 8; + *buf++ = n; + *buf++ = wsi->u.http2.my_settings.setting[n] >> 24; + *buf++ = wsi->u.http2.my_settings.setting[n] >> 16; + *buf++ = wsi->u.http2.my_settings.setting[n] >> 8; + *buf = wsi->u.http2.my_settings.setting[n]; +} + +static const char * https_client_preface = + "PRI * HTTP/2.0\x0d\x0a\x0d\x0aSM\x0d\x0a\x0d\x0a"; + +int +lws_http2_parser(struct lws *wsi, unsigned char c) +{ + struct lws *swsi; + int n; + + switch (wsi->state) { + case LWSS_HTTP2_AWAIT_CLIENT_PREFACE: + if (https_client_preface[wsi->u.http2.count++] != c) + return 1; + + if (!https_client_preface[wsi->u.http2.count]) { + lwsl_info("http2: %p: established\n", wsi); + wsi->state = LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS; + wsi->u.http2.count = 0; + wsi->u.http2.tx_credit = 65535; + + /* + * we must send a settings frame -- empty one is OK... + * that must be the first thing sent by server + * and the peer must send a SETTINGS with ACK flag... + */ + + lws_set_protocol_write_pending(wsi, + LWS_PPS_HTTP2_MY_SETTINGS); + } + break; + + case LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS: + case LWSS_HTTP2_ESTABLISHED: + if (wsi->u.http2.frame_state == LWS_HTTP2_FRAME_HEADER_LENGTH) { // payload + wsi->u.http2.count++; + wsi->u.http2.stream_wsi->u.http2.count = wsi->u.http2.count; + /* applies to wsi->u.http2.stream_wsi which may be wsi*/ + switch(wsi->u.http2.type) { + case LWS_HTTP2_FRAME_TYPE_SETTINGS: + wsi->u.http2.stream_wsi->u.http2.one_setting[wsi->u.http2.count % LWS_HTTP2_SETTINGS_LENGTH] = c; + if (wsi->u.http2.count % LWS_HTTP2_SETTINGS_LENGTH == LWS_HTTP2_SETTINGS_LENGTH - 1) + if (lws_http2_interpret_settings_payload( + &wsi->u.http2.stream_wsi->u.http2.peer_settings, + wsi->u.http2.one_setting, + LWS_HTTP2_SETTINGS_LENGTH)) + return 1; + break; + case LWS_HTTP2_FRAME_TYPE_CONTINUATION: + case LWS_HTTP2_FRAME_TYPE_HEADERS: + lwsl_info(" %02X\n", c); + if (!wsi->u.http2.stream_wsi->u.hdr.ah) + if (lws_header_table_attach(wsi->u.http2.stream_wsi, 0)) { + lwsl_err("%s: Failed to get ah\n", __func__); + return 1; + } + if (lws_hpack_interpret(wsi->u.http2.stream_wsi, c)) { + lwsl_notice("%s: lws_hpack_interpret failed\n", __func__); + return 1; + } + break; + case LWS_HTTP2_FRAME_TYPE_GOAWAY: + if (wsi->u.http2.count >= 5 && wsi->u.http2.count <= 8) { + wsi->u.http2.hpack_e_dep <<= 8; + wsi->u.http2.hpack_e_dep |= c; + if (wsi->u.http2.count == 8) { + lwsl_info("goaway err 0x%x\n", wsi->u.http2.hpack_e_dep); + } + } + wsi->u.http2.GOING_AWAY = 1; + break; + case LWS_HTTP2_FRAME_TYPE_DATA: + break; + case LWS_HTTP2_FRAME_TYPE_PRIORITY: + break; + case LWS_HTTP2_FRAME_TYPE_RST_STREAM: + break; + case LWS_HTTP2_FRAME_TYPE_PUSH_PROMISE: + break; + case LWS_HTTP2_FRAME_TYPE_PING: + if (wsi->u.http2.flags & LWS_HTTP2_FLAG_SETTINGS_ACK) { // ack + } else { /* they're sending us a ping request */ + if (wsi->u.http2.count > 8) + return 1; + wsi->u.http2.ping_payload[wsi->u.http2.count - 1] = c; + } + break; + case LWS_HTTP2_FRAME_TYPE_WINDOW_UPDATE: + wsi->u.http2.hpack_e_dep <<= 8; + wsi->u.http2.hpack_e_dep |= c; + break; + } + if (wsi->u.http2.count != wsi->u.http2.length) + break; + + /* end of frame */ + + wsi->u.http2.frame_state = 0; + wsi->u.http2.count = 0; + swsi = wsi->u.http2.stream_wsi; + /* set our initial window size */ + if (!wsi->u.http2.initialized) { + wsi->u.http2.tx_credit = wsi->u.http2.peer_settings.setting[LWS_HTTP2_SETTINGS__INITIAL_WINDOW_SIZE]; + lwsl_info("initial tx credit on master conn %p: %d\n", wsi, wsi->u.http2.tx_credit); + wsi->u.http2.initialized = 1; + } + switch (wsi->u.http2.type) { + case LWS_HTTP2_FRAME_TYPE_HEADERS: + /* service the http request itself */ + lwsl_info("servicing initial http request, wsi=%p, stream wsi=%p\n", wsi, wsi->u.http2.stream_wsi); + n = lws_http_action(swsi); + (void)n; + lwsl_info(" action result %d\n", n); + break; + case LWS_HTTP2_FRAME_TYPE_PING: + if (wsi->u.http2.flags & LWS_HTTP2_FLAG_SETTINGS_ACK) { // ack + } else { /* they're sending us a ping request */ + lws_set_protocol_write_pending(wsi, LWS_PPS_HTTP2_PONG); + } + break; + case LWS_HTTP2_FRAME_TYPE_WINDOW_UPDATE: + wsi->u.http2.hpack_e_dep &= ~(1 << 31); + if ((lws_intptr_t)swsi->u.http2.tx_credit + (lws_intptr_t)wsi->u.http2.hpack_e_dep > (~(1 << 31))) + return 1; /* actually need to close swsi not the whole show */ + swsi->u.http2.tx_credit += wsi->u.http2.hpack_e_dep; + if (swsi->u.http2.waiting_tx_credit && swsi->u.http2.tx_credit > 0) { + lwsl_info("%s: %p: waiting_tx_credit -> wait on writeable\n", __func__, wsi); + swsi->u.http2.waiting_tx_credit = 0; + lws_callback_on_writable(swsi); + } + break; + } + break; + } + switch (wsi->u.http2.frame_state++) { + case 0: + wsi->u.http2.length = c; + break; + case 1: + case 2: + wsi->u.http2.length <<= 8; + wsi->u.http2.length |= c; + break; + case 3: + wsi->u.http2.type = c; + break; + case 4: + wsi->u.http2.flags = c; + break; + case 5: + case 6: + case 7: + case 8: + wsi->u.http2.stream_id <<= 8; + wsi->u.http2.stream_id |= c; + break; + } + if (wsi->u.http2.frame_state == LWS_HTTP2_FRAME_HEADER_LENGTH) { /* frame header complete */ + lwsl_info("frame: type 0x%x, flags 0x%x, sid 0x%x, len 0x%x\n", + wsi->u.http2.type, wsi->u.http2.flags, wsi->u.http2.stream_id, wsi->u.http2.length); + wsi->u.http2.count = 0; + + wsi->u.http2.stream_wsi = wsi; + if (wsi->u.http2.stream_id) + wsi->u.http2.stream_wsi = lws_http2_wsi_from_id(wsi, wsi->u.http2.stream_id); + + switch (wsi->u.http2.type) { + case LWS_HTTP2_FRAME_TYPE_SETTINGS: + /* nonzero sid on settings is illegal */ + if (wsi->u.http2.stream_id) + return 1; + + if (wsi->u.http2.flags & LWS_HTTP2_FLAG_SETTINGS_ACK) { // ack + } else + /* non-ACK coming in means we must ACK it */ + lws_set_protocol_write_pending(wsi, LWS_PPS_HTTP2_ACK_SETTINGS); + break; + case LWS_HTTP2_FRAME_TYPE_PING: + if (wsi->u.http2.stream_id) + return 1; + if (wsi->u.http2.length != 8) + return 1; + break; + case LWS_HTTP2_FRAME_TYPE_CONTINUATION: + if (wsi->u.http2.END_HEADERS) + return 1; + goto update_end_headers; + + case LWS_HTTP2_FRAME_TYPE_HEADERS: + lwsl_info("LWS_HTTP2_FRAME_TYPE_HEADERS: stream_id = %d\n", wsi->u.http2.stream_id); + if (!wsi->u.http2.stream_id) + return 1; + if (!wsi->u.http2.stream_wsi) { + wsi->u.http2.stream_wsi = + lws_create_server_child_wsi(wsi->vhost, wsi, wsi->u.http2.stream_id); + wsi->u.http2.stream_wsi->http2_substream = 1; + } + + /* END_STREAM means after servicing this, close the stream */ + wsi->u.http2.END_STREAM = !!(wsi->u.http2.flags & LWS_HTTP2_FLAG_END_STREAM); + lwsl_info("%s: headers END_STREAM = %d\n",__func__, wsi->u.http2.END_STREAM); +update_end_headers: + /* no END_HEADERS means CONTINUATION must come */ + wsi->u.http2.END_HEADERS = !!(wsi->u.http2.flags & LWS_HTTP2_FLAG_END_HEADERS); + + swsi = wsi->u.http2.stream_wsi; + if (!swsi) + return 1; + + + /* prepare the hpack parser at the right start */ + + swsi->u.http2.flags = wsi->u.http2.flags; + swsi->u.http2.length = wsi->u.http2.length; + swsi->u.http2.END_STREAM = wsi->u.http2.END_STREAM; + + if (swsi->u.http2.flags & LWS_HTTP2_FLAG_PADDED) + swsi->u.http2.hpack = HPKS_OPT_PADDING; + else + if (swsi->u.http2.flags & LWS_HTTP2_FLAG_PRIORITY) { + swsi->u.http2.hpack = HKPS_OPT_E_DEPENDENCY; + swsi->u.http2.hpack_m = 4; + } else + swsi->u.http2.hpack = HPKS_TYPE; + lwsl_info("initial hpack state %d\n", swsi->u.http2.hpack); + break; + case LWS_HTTP2_FRAME_TYPE_WINDOW_UPDATE: + if (wsi->u.http2.length != 4) + return 1; + break; + } + if (wsi->u.http2.length == 0) + wsi->u.http2.frame_state = 0; + + } + break; + } + + return 0; +} + +int lws_http2_do_pps_send(struct lws_context *context, struct lws *wsi) +{ + unsigned char settings[LWS_PRE + 6 * LWS_HTTP2_SETTINGS__COUNT]; + struct lws *swsi; + int n, m = 0; + + lwsl_debug("%s: %p: %d\n", __func__, wsi, wsi->pps); + + switch (wsi->pps) { + case LWS_PPS_HTTP2_MY_SETTINGS: + for (n = 1; n < LWS_HTTP2_SETTINGS__COUNT; n++) + if (wsi->u.http2.my_settings.setting[n] != lws_http2_default_settings.setting[n]) { + lws_http2_settings_write(wsi, n, + &settings[LWS_PRE + m]); + m += sizeof(wsi->u.http2.one_setting); + } + n = lws_http2_frame_write(wsi, LWS_HTTP2_FRAME_TYPE_SETTINGS, + 0, LWS_HTTP2_STREAM_ID_MASTER, m, + &settings[LWS_PRE]); + if (n != m) { + lwsl_info("send %d %d\n", n, m); + return 1; + } + break; + case LWS_PPS_HTTP2_ACK_SETTINGS: + /* send ack ... always empty */ + n = lws_http2_frame_write(wsi, LWS_HTTP2_FRAME_TYPE_SETTINGS, + 1, LWS_HTTP2_STREAM_ID_MASTER, 0, + &settings[LWS_PRE]); + if (n) { + lwsl_err("ack tells %d\n", n); + return 1; + } + /* this is the end of the preface dance then? */ + if (wsi->state == LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS) { + wsi->state = LWSS_HTTP2_ESTABLISHED; + + wsi->u.http.fop_fd = NULL; + + if (lws_is_ssl(lws_http2_get_network_wsi(wsi))) { + lwsl_info("skipping nonexistent ssl upgrade headers\n"); + break; + } + + /* + * we need to treat the headers from this upgrade + * as the first job. These need to get + * shifted to stream ID 1 + */ + lwsl_info("%s: setting up sid 1\n", __func__); + + swsi = wsi->u.http2.stream_wsi = + lws_create_server_child_wsi(wsi->vhost, wsi, 1); + /* pass on the initial headers to SID 1 */ + swsi->u.http.ah = wsi->u.http.ah; + wsi->u.http.ah = NULL; + + lwsl_info("%s: inherited headers %p\n", __func__, swsi->u.http.ah); + swsi->u.http2.tx_credit = wsi->u.http2.peer_settings.setting[LWS_HTTP2_SETTINGS__INITIAL_WINDOW_SIZE]; + lwsl_info("initial tx credit on conn %p: %d\n", swsi, swsi->u.http2.tx_credit); + swsi->u.http2.initialized = 1; + /* demanded by HTTP2 */ + swsi->u.http2.END_STREAM = 1; + lwsl_info("servicing initial http request\n"); + return lws_http_action(swsi); + } + break; + case LWS_PPS_HTTP2_PONG: + memcpy(&settings[LWS_PRE], wsi->u.http2.ping_payload, 8); + n = lws_http2_frame_write(wsi, LWS_HTTP2_FRAME_TYPE_PING, + LWS_HTTP2_FLAG_SETTINGS_ACK, + LWS_HTTP2_STREAM_ID_MASTER, 8, + &settings[LWS_PRE]); + if (n != 8) { + lwsl_info("send %d %d\n", n, m); + return 1; + } + break; + default: + break; + } + + return 0; +} + +struct lws * lws_http2_get_nth_child(struct lws *wsi, int n) +{ + do { + wsi = wsi->u.http2.next_child_wsi; + if (!wsi) + return NULL; + } while (n--); + + return wsi; +} diff --git a/lib/roles/h2/huftable.h b/lib/huftable.h similarity index 100% rename from lib/roles/h2/huftable.h rename to lib/huftable.h diff --git a/lib/jose/README.md b/lib/jose/README.md deleted file mode 100644 index b9fd538..0000000 --- a/lib/jose/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# JOSE support - -JOSE is a set of web standards aimed at encapsulating crypto -operations flexibly inside JSON objects. - -Lws provides lightweight apis to performs operations on JWK, JWS and JWE -independent of the tls backend in use. The JSON parsing is handled by the lws -lejp stream parser. - -|Part|RFC|Function| -|---|---|---| -|JWS|[RFC7515](https://tools.ietf.org/html/rfc7515)|JSON Web Signatures| -|JWE|[RFC7516](https://tools.ietf.org/html/rfc7516)|JSON Web Encryption| -|JWK|[RFC7517](https://tools.ietf.org/html/rfc7517)|JSON Web Keys| -|JWA|[RFC7518](https://tools.ietf.org/html/rfc7518)|JSON Web Algorithms| - -JWA is a set of recommendations for which combinations of algorithms -are deemed desirable and secure, which implies what must be done for -useful implementations of JWS, JWE and JWK. - -## Supported algorithms - -### Supported keys - - - All RFC7517 / JWK forms: octet, RSA and EC - - - singleton and keys[] arrays of keys supported - -### Symmetric ciphers - - - All common AES varaiants: CBC, CFB128, CFB8, CTR, EVB, OFB, KW and XTS - -### Asymmetric ciphers - - - RSA - - - EC (P-256, P-384 and P-521 JWA curves) - -### Payload auth and crypt - - - AES_128_CBC_HMAC_SHA_256 - - AES_192_CBC_HMAC_SHA_384 - - AES_256_CBC_HMAC_SHA_512 - - AES_128_GCM - -For the required and recommended asymmetric algorithms, support currently -looks like this - -|JWK kty|JWA|lws| -|---|---|---| -|EC|Recommended+|yes| -|RSA|Required|yes| -|oct|Required|yes| - -|JWE alg|JWA|lws| -|---|---|---| -|RSA1_5|Recommended-|yes| -|RSA-OAEP|Recommended+|no| -|ECDH-ES|Recommended+|no| - -|JWS alg|JWA|lws| -|---|---|---| -|HS256|Required|yes| -|RS256|Recommended+|yes| -|ES256|Recommended|yes| - -## Minimal Example tools - -[JWK](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwk) - -[JWS](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jws) - -[JWE](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/crypto/minimal-crypto-jwe) - -## API tests - -See `./minimal-examples/api-tests/api-test-jose/` for example test code. -The tests are built and confirmed during CI. - diff --git a/lib/jose/jwe/enc/aescbc.c b/lib/jose/jwe/enc/aescbc.c deleted file mode 100644 index 54cabc7..0000000 --- a/lib/jose/jwe/enc/aescbc.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code for payload encrypt / decrypt using aescbc - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - -int -lws_jwe_encrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *cek, - uint8_t *aad, int aad_len) -{ - int n, hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type); - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_gencrypto_keyelem el; - struct lws_genhmac_ctx hmacctx; - struct lws_genaes_ctx aesctx; - uint8_t al[8]; - - /* Caller must have prepared space for the results */ - - if (jwe->jws.map.len[LJWE_ATAG] != (unsigned int)hlen / 2) { - lwsl_notice("%s: expected tag len %d, got %d\n", __func__, - hlen / 2, jwe->jws.map.len[LJWE_ATAG]); - return -1; - } - - if (jwe->jws.map.len[LJWE_IV] != 16) { - lwsl_notice("expected iv len %d, got %d\n", 16, - jwe->jws.map.len[LJWE_IV]); - return -1; - } - - /* first create the authentication hmac */ - - /* JWA Section 5.2.2.1 - * - * 1. The secondary keys MAC_KEY and ENC_KEY are generated from the - * input key K as follows. Each of these two keys is an octet - * string. - * - * MAC_KEY consists of the initial MAC_KEY_LEN octets of K, in - * order. - * ENC_KEY consists of the final ENC_KEY_LEN octets of K, in - * order. - */ - - /* - * 2. The IV used is a 128-bit value generated randomly or - * pseudorandomly for use in the cipher. - */ - lws_get_random(jwe->jws.context, (void *)jwe->jws.map.buf[LJWE_IV], 16); - - /* - * 3. The plaintext is CBC encrypted using PKCS #7 padding using - * ENC_KEY as the key and the IV. We denote the ciphertext output - * from this step as E. - */ - - /* second half is the AES ENC_KEY */ - el.buf = cek + (hlen / 2); - el.len = hlen / 2; - - if (lws_genaes_create(&aesctx, LWS_GAESO_ENC, LWS_GAESM_CBC, &el, - LWS_GAESP_NO_PADDING, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - - return -1; - } - - /* - * the plaintext gets delivered to us in LJWE_CTXT, this replaces - * the plaintext there with the same amount of ciphertext - */ - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_IV], - NULL, NULL, 16); - lws_genaes_destroy(&aesctx, NULL, 0); - if (n) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - return -1; - } - - /* - * 4. The octet string AL is equal to the number of bits in the - * Additional Authenticated Data A expressed as a 64-bit unsigned - * big-endian integer. - */ - lws_jwe_be64(aad_len * 8, al); - - /* first half of the CEK is the MAC key */ - if (lws_genhmac_init(&hmacctx, jwe->jose.enc_alg->hmac_type, - cek, hlen / 2)) - return -1; - - /* - * 5. A message Authentication Tag T is computed by applying HMAC - * [RFC2104] to the following data, in order: - * - * - the Additional Authenticated Data A, - * - the Initialization Vector IV, - * - the ciphertext E computed in the previous step, and - * - the octet string AL defined above. - * - * The string MAC_KEY is used as the MAC key. We denote the output - * of the MAC computed in this step as M. The first T_LEN octets of - * M are used as T. - */ - - if (lws_genhmac_update(&hmacctx, aad, aad_len) || - lws_genhmac_update(&hmacctx, jwe->jws.map.buf[LJWE_IV], - LWS_JWE_AES_IV_BYTES) || - /* since we encrypted it, this is the ciphertext */ - lws_genhmac_update(&hmacctx, - (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT]) || - lws_genhmac_update(&hmacctx, al, 8)) { - lwsl_err("%s: hmac computation failed\n", __func__); - lws_genhmac_destroy(&hmacctx, NULL); - return -1; - } - - if (lws_genhmac_destroy(&hmacctx, digest)) { - lwsl_err("%s: problem destroying hmac\n", __func__); - return -1; - } - - /* create tag */ - memcpy((void *)jwe->jws.map.buf[LJWE_ATAG], digest, hlen / 2); - - return jwe->jws.map.len[LJWE_CTXT]; -} - -int -lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, - uint8_t *aad, int aad_len) -{ - int n, hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type); - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_gencrypto_keyelem el; - struct lws_genhmac_ctx hmacctx; - struct lws_genaes_ctx aesctx; - uint8_t al[8]; - - /* Some sanity checks on what came in */ - - if (jwe->jws.map.len[LJWE_ATAG] != (unsigned int)hlen / 2) { - lwsl_notice("%s: expected tag len %d, got %d\n", __func__, - hlen / 2, jwe->jws.map.len[LJWE_ATAG]); - return -1; - } - - if (jwe->jws.map.len[LJWE_IV] != 16) { - lwsl_notice("expected iv len %d, got %d\n", 16, - jwe->jws.map.len[LJWE_IV]); - return -1; - } - - /* Prepare to check authentication - * - * AAD is the b64 JOSE header. - * - * The octet string AL, which is the number of bits in AAD expressed as - * a big-endian 64-bit unsigned integer is: - * - * [0, 0, 0, 0, 0, 0, 1, 152] - * - * Concatenate the AAD, the Initialization Vector, the ciphertext, and - * the AL value. - * - */ - - lws_jwe_be64(aad_len * 8, al); - - /* first half of enc_cek is the MAC key */ - if (lws_genhmac_init(&hmacctx, jwe->jose.enc_alg->hmac_type, enc_cek, - hlen / 2)) { - lwsl_err("%s: lws_genhmac_init fail\n", __func__); - return -1; - } - - if (lws_genhmac_update(&hmacctx, aad, aad_len) || - lws_genhmac_update(&hmacctx, (uint8_t *)jwe->jws.map.buf[LJWE_IV], - jwe->jws.map.len[LJWE_IV]) || - lws_genhmac_update(&hmacctx, (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT]) || - lws_genhmac_update(&hmacctx, al, 8)) { - lwsl_err("%s: hmac computation failed\n", __func__); - lws_genhmac_destroy(&hmacctx, NULL); - return -1; - } - - if (lws_genhmac_destroy(&hmacctx, digest)) { - lwsl_err("%s: problem destroying hmac\n", __func__); - return -1; - } - - /* first half of digest is the auth tag */ - - if (lws_timingsafe_bcmp(digest, jwe->jws.map.buf[LJWE_ATAG], hlen / 2)) { - lwsl_err("%s: auth failed: hmac tag (%d) != ATAG (%d)\n", - __func__, hlen / 2, jwe->jws.map.len[LJWE_ATAG]); - lwsl_hexdump_notice(jwe->jws.map.buf[LJWE_ATAG], hlen / 2); - lwsl_hexdump_notice(digest, hlen / 2); - return -1; - } - - /* second half of enc cek is the CEK KEY */ - el.buf = enc_cek + (hlen / 2); - el.len = hlen / 2; - - if (lws_genaes_create(&aesctx, LWS_GAESO_DEC, LWS_GAESM_CBC, - &el, LWS_GAESP_NO_PADDING, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - - return -1; - } - - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_IV], NULL, NULL, 16); - n |= lws_genaes_destroy(&aesctx, NULL, 0); - if (n) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - return -1; - } - - return jwe->jws.map.len[LJWE_CTXT]; -} - diff --git a/lib/jose/jwe/enc/aesgcm.c b/lib/jose/jwe/enc/aesgcm.c deleted file mode 100644 index 4e93878..0000000 --- a/lib/jose/jwe/enc/aesgcm.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code related to aes gcm - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - -/* - * NOTICE this is AESGCM content encryption, it's not AES GCM key wrapping - * - * - * This section defines the specifics of performing authenticated - * encryption with AES in Galois/Counter Mode (GCM) ([AES] and - * [NIST.800-38D]). - * - * The CEK is used as the encryption key. - * - * Use of an IV of size 96 bits is REQUIRED with this algorithm. - * - * The requested size of the Authentication Tag output MUST be 128 bits, - * regardless of the key size. - * - * For decrypt: decrypt the KEK, then decrypt the payload - * - * For encrypt: encrypt the payload, then encrypt the KEK - */ - -/* - * encrypting... enc_cek is unencrypted - */ - -int -lws_jwe_encrypt_gcm(struct lws_jwe *jwe, - uint8_t *enc_cek, uint8_t *aad, int aad_len) -{ - struct lws_gencrypto_keyelem el; - struct lws_genaes_ctx aesctx; - size_t ivs = LWS_AESGCM_IV; - int n; - - /* Some sanity checks on what came in */ - - /* MUST be 128-bit for all sizes */ - if (jwe->jws.map.len[LJWE_ATAG] != LWS_AESGCM_TAG) { - lwsl_notice("%s: AESGCM tag size must be 128b, got %d\n", - __func__, jwe->jws.map.len[LJWE_ATAG]); - return -1; - } - - if (jwe->jws.map.len[LJWE_IV] != LWS_AESGCM_IV) { /* MUST be 96-bit */ - lwsl_notice("%s: AESGCM IV must be 128b, got %d\n", __func__, - jwe->jws.map.len[LJWE_IV]); - return -1; - } - - /* EKEY is directly the CEK KEY */ - el.buf = enc_cek; - el.len = jwe->jose.enc_alg->keybits_fixed / 8; - - if (lws_genaes_create(&aesctx, LWS_GAESO_ENC, LWS_GAESM_GCM, - &el, LWS_GAESP_NO_PADDING, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - - return -1; - } - - /* aad */ - - n = lws_genaes_crypt(&aesctx, aad, aad_len, NULL, - (uint8_t *)jwe->jws.map.buf[LJWE_IV], - (uint8_t *)jwe->jws.map.buf[LJWE_ATAG], &ivs, - LWS_AESGCM_TAG); - if (n) { - lwsl_err("%s: lws_genaes_crypt aad failed\n", __func__); - return -1; - } - - /* payload */ - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_IV], - NULL, &ivs, - LWS_AESGCM_TAG); - - n |= lws_genaes_destroy(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_ATAG], - LWS_AESGCM_TAG); - if (n) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - return -1; - } - - return jwe->jws.map.len[LJWE_CTXT]; -} - -int -lws_jwe_auth_and_decrypt_gcm(struct lws_jwe *jwe, - uint8_t *enc_cek, uint8_t *aad, int aad_len) -{ - struct lws_gencrypto_keyelem el; - struct lws_genaes_ctx aesctx; - size_t ivs = LWS_AESGCM_IV; - uint8_t tag[LWS_AESGCM_TAG]; - int n; - - /* Some sanity checks on what came in */ - - /* Tag MUST be 128-bit for all sizes */ - if (jwe->jws.map.len[LJWE_ATAG] != LWS_AESGCM_TAG) { - lwsl_notice("%s: AESGCM tag size must be 128b, got %d\n", - __func__, jwe->jws.map.len[LJWE_ATAG]); - return -1; - } - - if (jwe->jws.map.len[LJWE_IV] != LWS_AESGCM_IV) { /* MUST be 96-bit */ - lwsl_notice("%s: AESGCM IV must be 128b, got %d\n", __func__, - jwe->jws.map.len[LJWE_IV]); - return -1; - } - - /* EKEY is directly the CEK KEY */ - el.buf = enc_cek; - el.len = jwe->jose.enc_alg->keybits_fixed / 8; - - if (lws_genaes_create(&aesctx, LWS_GAESO_DEC, LWS_GAESM_GCM, - &el, LWS_GAESP_NO_PADDING, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - - return -1; - } - - n = lws_genaes_crypt(&aesctx, aad, aad_len, - NULL, - (uint8_t *)jwe->jws.map.buf[LJWE_IV], - (uint8_t *)jwe->jws.map.buf[LJWE_ATAG], &ivs, 16); - if (n) { - lwsl_err("%s: lws_genaes_crypt aad failed\n", __func__); - return -1; - } - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_CTXT], - (uint8_t *)jwe->jws.map.buf[LJWE_IV], - (uint8_t *)jwe->jws.map.buf[LJWE_ATAG], &ivs, 16); - - n |= lws_genaes_destroy(&aesctx, tag, sizeof(tag)); - if (n) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - return -1; - } - - return jwe->jws.map.len[LJWE_CTXT]; -} diff --git a/lib/jose/jwe/enc/aeskw.c b/lib/jose/jwe/enc/aeskw.c deleted file mode 100644 index 7d0b5a7..0000000 --- a/lib/jose/jwe/enc/aeskw.c +++ /dev/null @@ -1,178 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code related to aeskw cbc - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - - -/* - * RFC3394 Key Wrap uses a 128-bit key, and bloats what it is wrapping by - * one 8-byte block. So, if you had a 32 byte plaintext CEK to wrap, after - * wrapping it becomes a 40 byte wrapped, enciphered, key. - * - * The CEK comes in from and goes out in LJWE_EKEY. So LJWE_EKEY length - * increases by 8 from calling this. - */ - -int -lws_jwe_encrypt_aeskw_cbc_hs(struct lws_jwe *jwe, char *temp, int *temp_len) -{ - struct lws_genaes_ctx aesctx; - /* we are wrapping a key, so size for the worst case after wrap */ - uint8_t enc_cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES + - LWS_JWE_RFC3394_OVERHEAD_BYTES]; - int n, m, hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type), - ot = *temp_len; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_OCT) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - /* create a b64 version of the JOSE header, needed for hashing */ - - if (lws_jws_encode_b64_element(&jwe->jws.map_b64, LJWE_JOSE, - temp + (ot - *temp_len), temp_len, - jwe->jws.map.buf[LJWE_JOSE], - jwe->jws.map.len[LJWE_JOSE])) - return -1; - - /* Allocate temp space for ATAG and IV */ - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_ATAG, temp + (ot - *temp_len), - temp_len, hlen / 2, 0)) - return -1; - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_IV, temp + (ot - *temp_len), - temp_len, LWS_JWE_AES_IV_BYTES, 0)) - return -1; - - /* 1) Encrypt the payload... */ - - /* the CEK is 256-bit in the example encrypted with a 128-bit key */ - - n = lws_jwe_encrypt_cbc_hs(jwe, (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt_cbc_hs failed\n", __func__); - return -1; - } - - /* 2) Encrypt the JWE Encrypted Key: RFC3394 Key Wrap uses 64 bit blocks - * and 128-bit input key*/ - - if (lws_genaes_create(&aesctx, LWS_GAESO_ENC, LWS_GAESM_KW, - jwe->jws.jwk->e, 1, NULL)) { - - lwsl_notice("%s: lws_genaes_create\n", __func__); - return -1; - } - - /* tag size is determined by enc cipher key length */ - - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], enc_cek, NULL, NULL, NULL, - lws_gencrypto_bits_to_bytes( - jwe->jose.enc_alg->keybits_fixed)); - m = lws_genaes_destroy(&aesctx, NULL, 0); - if (n < 0) { - lwsl_err("%s: encrypt cek fail\n", __func__); - return -1; - } - if (m < 0) { - lwsl_err("%s: lws_genaes_destroy fail\n", __func__); - return -1; - } - - jwe->jws.map.len[LJWE_EKEY] += LWS_JWE_RFC3394_OVERHEAD_BYTES; - memcpy((uint8_t *)jwe->jws.map.buf[LJWE_EKEY], enc_cek, - jwe->jws.map.len[LJWE_EKEY]); - - return jwe->jws.map.len[LJWE_CTXT]; -} - - -int -lws_jwe_auth_and_decrypt_aeskw_cbc_hs(struct lws_jwe *jwe) -{ - struct lws_genaes_ctx aesctx; - uint8_t enc_cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES + - LWS_JWE_RFC3394_OVERHEAD_BYTES]; - int n, m; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_OCT) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - /* the CEK is 256-bit in the example encrypted with a 128-bit key */ - - if (jwe->jws.map.len[LJWE_EKEY] > sizeof(enc_cek)) - return -1; - - /* 1) Decrypt the JWE Encrypted Key to get the raw MAC / CEK */ - - if (lws_genaes_create(&aesctx, LWS_GAESO_DEC, LWS_GAESM_KW, - jwe->jws.jwk->e, 1, NULL)) { - - lwsl_notice("%s: lws_genaes_create\n", __func__); - return -1; - } - - /* - * Decrypt the CEK into enc_cek - * tag size is determined by enc cipher key length */ - - n = lws_genaes_crypt(&aesctx, (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], enc_cek, NULL, NULL, NULL, - lws_gencrypto_bits_to_bytes( - jwe->jose.enc_alg->keybits_fixed)); - m = lws_genaes_destroy(&aesctx, NULL, 0); - if (n < 0) { - lwsl_err("%s: decrypt CEK fail\n", __func__); - return -1; - } - if (m < 0) { - lwsl_err("%s: lws_genaes_destroy fail\n", __func__); - return -1; - } - - /* 2) Decrypt the payload */ - - n = lws_jwe_auth_and_decrypt_cbc_hs(jwe, enc_cek, - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt_cbc_hs failed\n", - __func__); - return -1; - } - - return jwe->jws.map.len[LJWE_CTXT]; -} - - diff --git a/lib/jose/jwe/jwe-ecdh-es-aeskw.c b/lib/jose/jwe/jwe-ecdh-es-aeskw.c deleted file mode 100644 index 4be1a56..0000000 --- a/lib/jose/jwe/jwe-ecdh-es-aeskw.c +++ /dev/null @@ -1,615 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code related to ecdh-es + Concat KDF and aes kw - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - -/* - * From RFC7518 JWA - * - * 4.6. Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static - * (ECDH-ES) - * - * This section defines the specifics of key agreement with Elliptic - * Curve Diffie-Hellman Ephemeral Static [RFC6090], in combination with - * the Concat KDF, as defined in Section 5.8.1 of [NIST.800-56A]. The - * key agreement result can be used in one of two ways: - * - * 1. directly as the Content Encryption Key (CEK) for the "enc" - * algorithm, in the Direct Key Agreement mode, or - * - * 2. as a symmetric key used to wrap the CEK with the "A128KW", - * "A192KW", or "A256KW" algorithms, in the Key Agreement with Key - * Wrapping mode. - * - * A new ephemeral public key value MUST be generated for each key - * agreement operation. - * - * In Direct Key Agreement mode, the output of the Concat KDF MUST be a - * key of the same length as that used by the "enc" algorithm. In this - * case, the empty octet sequence is used as the JWE Encrypted Key - * value. The "alg" (algorithm) Header Parameter value "ECDH-ES" is - * used in the Direct Key Agreement mode. - * - * In Key Agreement with Key Wrapping mode, the output of the Concat KDF - * MUST be a key of the length needed for the specified key wrapping - * algorithm. In this case, the JWE Encrypted Key is the CEK wrapped - * with the agreed-upon key. - * - * The following "alg" (algorithm) Header Parameter values are used to - * indicate that the JWE Encrypted Key is the result of encrypting the - * CEK using the result of the key agreement algorithm as the key - * encryption key for the corresponding key wrapping algorithm: - * - * +-----------------+-------------------------------------------------+ - * | "alg" Param | Key Management Algorithm | - * | Value | | - * +-----------------+-------------------------------------------------+ - * | ECDH-ES+A128KW | ECDH-ES using Concat KDF and CEK wrapped with | - * | | "A128KW" | - * | ECDH-ES+A192KW | ECDH-ES using Concat KDF and CEK wrapped with | - * | | "A192KW" | - * | ECDH-ES+A256KW | ECDH-ES using Concat KDF and CEK wrapped with | - * | | "A256KW" | - * +-----------------+-------------------------------------------------+ - * - * 4.6.1. Header Parameters Used for ECDH Key Agreement - * - * The following Header Parameter names are used for key agreement as - * defined below. - * - * 4.6.1.1. "epk" (Ephemeral Public Key) Header Parameter - * - * The "epk" (ephemeral public key) value created by the originator for - * the use in key agreement algorithms. This key is represented as a - * JSON Web Key [JWK] public key value. It MUST contain only public key - * parameters and SHOULD contain only the minimum JWK parameters - * necessary to represent the key; other JWK parameters included can be - * checked for consistency and honored, or they can be ignored. This - * Header Parameter MUST be present and MUST be understood and processed - * by implementations when these algorithms are used. - * - * 4.6.1.2. "apu" (Agreement PartyUInfo) Header Parameter - * - * The "apu" (agreement PartyUInfo) value for key agreement algorithms - * using it (such as "ECDH-ES"), represented as a base64url-encoded - * string. When used, the PartyUInfo value contains information about - * the producer. Use of this Header Parameter is OPTIONAL. This Header - * Parameter MUST be understood and processed by implementations when - * these algorithms are used. - * - * 4.6.1.3. "apv" (Agreement PartyVInfo) Header Parameter - * - * The "apv" (agreement PartyVInfo) value for key agreement algorithms - * using it (such as "ECDH-ES"), represented as a base64url encoded - * string. When used, the PartyVInfo value contains information about - * the recipient. Use of this Header Parameter is OPTIONAL. This - * Header Parameter MUST be understood and processed by implementations - * when these algorithms are used. - * - * 4.6.2. Key Derivation for ECDH Key Agreement - * - * The key derivation process derives the agreed-upon key from the - * shared secret Z established through the ECDH algorithm, per - * Section 6.2.2.2 of [NIST.800-56A]. - * - * Key derivation is performed using the Concat KDF, as defined in - * Section 5.8.1 of [NIST.800-56A], where the Digest Method is SHA-256. - * The Concat KDF parameters are set as follows: - * - * Z - * This is set to the representation of the shared secret Z as an - * octet sequence. - * - * keydatalen - * This is set to the number of bits in the desired output key. For - * "ECDH-ES", this is length of the key used by the "enc" algorithm. - * For "ECDH-ES+A128KW", "ECDH-ES+A192KW", and "ECDH-ES+A256KW", this - * is 128, 192, and 256, respectively. - * - * AlgorithmID - * The AlgorithmID value is of the form Datalen || Data, where Data - * is a variable-length string of zero or more octets, and Datalen is - * a fixed-length, big-endian 32-bit counter that indicates the - * length (in octets) of Data. In the Direct Key Agreement case, - * Data is set to the octets of the ASCII representation of the "enc" - * Header Parameter value. In the Key Agreement with Key Wrapping - * case, Data is set to the octets of the ASCII representation of the - * "alg" (algorithm) Header Parameter value. - * - * PartyUInfo - * The PartyUInfo value is of the form Datalen || Data, where Data is - * a variable-length string of zero or more octets, and Datalen is a - * fixed-length, big-endian 32-bit counter that indicates the length - * (in octets) of Data. If an "apu" (agreement PartyUInfo) Header - * Parameter is present, Data is set to the result of base64url - * decoding the "apu" value and Datalen is set to the number of - * octets in Data. Otherwise, Datalen is set to 0 and Data is set to - * the empty octet sequence. - * - * PartyVInfo - * The PartyVInfo value is of the form Datalen || Data, where Data is - * a variable-length string of zero or more octets, and Datalen is a - * fixed-length, big-endian 32-bit counter that indicates the length - * (in octets) of Data. If an "apv" (agreement PartyVInfo) Header - * Parameter is present, Data is set to the result of base64url - * decoding the "apv" value and Datalen is set to the number of - * octets in Data. Otherwise, Datalen is set to 0 and Data is set to - * the empty octet sequence. - * - * SuppPubInfo - * This is set to the keydatalen represented as a 32-bit big-endian - * integer. - * - * SuppPrivInfo - * This is set to the empty octet sequence. - * - * Applications need to specify how the "apu" and "apv" Header - * Parameters are used for that application. The "apu" and "apv" values - * MUST be distinct, when used. Applications wishing to conform to - * [NIST.800-56A] need to provide values that meet the requirements of - * that document, e.g., by using values that identify the producer and - * consumer. Alternatively, applications MAY conduct key derivation in - * a manner similar to "Diffie-Hellman Key Agreement Method" [RFC2631]: - * in that case, the "apu" parameter MAY either be omitted or represent - * a random 512-bit value (analogous to PartyAInfo in Ephemeral-Static - * mode in RFC 2631) and the "apv" parameter SHOULD NOT be present. - * - */ - - -/* - * - ECDH-ES[-variant] comes in the jose "alg" and just covers key agreement. - * The "enc" action is completely separate and handled elsewhere. However - * the key size throughout is determined by the needs of the "enc" action. - * - * - The jwe->jws.jwk is the PEER - the encryption consumer's - public key. - * - * - The public part of the ephemeral key comes out in jose.jwk_ephemeral - * - * - Return shared secret length or < 0 for error - * - * - Unwrapped CEK in EKEY. If any, wrapped CEK in "wrapped". - * - * - Caller responsibility to cleanse EKEY. - */ - -static int -lws_jwe_encrypt_ecdh(struct lws_jwe *jwe, char *temp, int *temp_len, - uint8_t *cek) -{ - uint8_t shared_secret[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES], - derived[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; - int m, n, ret = -1, ot = *temp_len, ss_len = sizeof(shared_secret), - // kw_hlen = lws_genhash_size(jwe->jose.alg->hash_type), - enc_hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type), - ekbytes = 32; //jwe->jose.alg->keybits_fixed / 8; - struct lws_genec_ctx ecctx; - struct lws_jwk *ephem = &jwe->jose.recipient[jwe->recip].jwk_ephemeral; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - ephem->kty = LWS_GENCRYPTO_KTY_EC; - ephem->private_key = 1; - - /* Generate jose.jwk_ephemeral on the peer public key curve */ - - if (lws_genecdh_create(&ecctx, jwe->jws.context, NULL)) - goto bail; - - /* ephemeral context gets random key on same curve as recip pubkey */ - if (lws_genecdh_new_keypair(&ecctx, LDHS_OURS, (const char *) - jwe->jws.jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, - ephem->e)) - goto bail; - - /* peer context gets js->jwk key */ - if (lws_genecdh_set_key(&ecctx, jwe->jws.jwk->e, LDHS_THEIRS)) { - lwsl_err("%s: setting peer pubkey failed\n", __func__); - goto bail; - } - - /* combine our ephemeral key and the peer pubkey to get the secret */ - - if (lws_genecdh_compute_shared_secret(&ecctx, shared_secret, &ss_len)) { - lwsl_notice("%s: lws_genecdh_compute_shared_secret failed\n", - __func__); - - goto bail; - } - - /* - * The private part of the ephemeral key is finished with... - * cleanse and free it. We need to keep the public part around so we - * can publish it with the JWE as "epk". - */ - - lws_explicit_bzero(ephem->e[LWS_GENCRYPTO_EC_KEYEL_D].buf, - ephem->e[LWS_GENCRYPTO_EC_KEYEL_D].len); - lws_free_set_NULL(ephem->e[LWS_GENCRYPTO_EC_KEYEL_D].buf); - ephem->e[LWS_GENCRYPTO_EC_KEYEL_D].len = 0; - ephem->private_key = 0; - - /* - * Derive the CEK from the shared secret... amount of bytes written to - * derived matches bitcount in jwe->jose.enc_alg->keybits_fixed - * - * In Direct Key Agreement mode, the output of the Concat KDF MUST be a - * key of the same length as that used by the "enc" algorithm. - */ - - if (lws_jwa_concat_kdf(jwe, - jwe->jose.alg->algtype_crypto == LWS_JOSE_ENCTYPE_NONE, - derived, shared_secret, ss_len)) { - lwsl_notice("%s: lws_jwa_concat_kdf failed\n", __func__); - - goto bail; - } - - /* in P-521 case, we get a 66-byte shared secret for a 64-byte key */ - if (ss_len < enc_hlen) { - lwsl_err("%s: concat KDF bad derived key len %d\n", __func__, - ss_len); - goto bail; - } - - /* - * For "ECDH-ES", that was it, and we use what we just wrapped in - * wrapped as the CEK without publishing it. - * - * For "ECDH-ES-AES[128,192,256]KW", we generate a new, random CEK and - * then wrap it using the key we just wrapped, and make the wrapped - * version available in EKEY. - */ - - if (jwe->jose.alg->algtype_crypto != LWS_JOSE_ENCTYPE_NONE) { - struct lws_gencrypto_keyelem el; - struct lws_genaes_ctx aesctx; - - /* generate the actual CEK in cek */ - - if (lws_get_random(jwe->jws.context, cek, enc_hlen) != enc_hlen) { - lwsl_err("Problem getting random\n"); - goto bail; - } - - /* wrap with the derived key */ - - el.buf = derived; - el.len = enc_hlen / 2; - - if (lws_genaes_create(&aesctx, LWS_GAESO_ENC, LWS_GAESM_KW, &el, - 1, NULL)) { - - lwsl_notice("%s: lws_genaes_create\n", __func__); - goto bail; - } - - /* wrap CEK into EKEY */ - - n = lws_genaes_crypt(&aesctx, cek, enc_hlen, - (void *)jwe->jws.map.buf[LJWE_EKEY], - NULL, NULL, NULL, 0); - m = lws_genaes_destroy(&aesctx, NULL, 0); - if (n < 0) { - lwsl_err("%s: encrypt cek fail\n", __func__); - goto bail; - } - if (m < 0) { - lwsl_err("%s: lws_genaes_destroy fail\n", __func__); - goto bail; - } - - jwe->jws.map.len[LJWE_EKEY] = enc_hlen + 8; - - /* Wrapped CEK is in EKEY. Random CEK is in cek. */ - - } else /* direct derived CEK is in cek */ - memcpy(cek, derived, enc_hlen); - - /* rewrite the protected JOSE header to have the epk pieces */ - - jwe->jws.map.buf[LJWE_JOSE] = temp + (ot - *temp_len); - - m = n = lws_snprintf(temp + (ot - *temp_len), *temp_len, - "{\"alg\":\"%s\", \"enc\":\"%s\", \"epk\":", - jwe->jose.alg->alg, jwe->jose.enc_alg->alg); - *temp_len -= n; - - n = lws_jwk_export(ephem, 0, temp + (ot - *temp_len), temp_len); - if (n < 0) { - lwsl_err("%s: ephemeral export failed\n", __func__); - goto bail; - } - m += n; - - n = lws_snprintf(temp + (ot - *temp_len), *temp_len, "}"); - *temp_len -= n + 1; - m += n; - jwe->jws.map.len[LJWE_JOSE] = m; - - /* create a b64 version of the JOSE header, needed later for AAD */ - - if (lws_jws_encode_b64_element(&jwe->jws.map_b64, LJWE_JOSE, - temp + (ot - *temp_len), temp_len, - jwe->jws.map.buf[LJWE_JOSE], - jwe->jws.map.len[LJWE_JOSE])) - return -1; - - ret = enc_hlen; - -bail: - lws_genec_destroy(&ecctx); - - /* cleanse the shared secret (watch out for cek at parent too) */ - lws_explicit_bzero(shared_secret, ekbytes); - lws_explicit_bzero(derived, ekbytes); - - return ret; -} - -int -lws_jwe_encrypt_ecdh_cbc_hs(struct lws_jwe *jwe, char *temp, int *temp_len) -{ - int ss_len, // kw_hlen = lws_genhash_size(jwe->jose.alg->hash_type), - enc_hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type); - uint8_t cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; - int ekbytes = jwe->jose.alg->keybits_fixed / 8; - int n, ot = *temp_len, ret = -1; - - /* if we will produce an EKEY, make space for it */ - - if (jwe->jose.alg->algtype_crypto != LWS_JOSE_ENCTYPE_NONE) { - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_EKEY, - temp + (ot - *temp_len), temp_len, - enc_hlen + 8, 0)) - goto bail; - } - - /* decrypt the CEK */ - - ss_len = lws_jwe_encrypt_ecdh(jwe, temp + (ot - *temp_len), temp_len, cek); - if (ss_len < 0) { - lwsl_err("%s: lws_jwe_encrypt_ecdh failed\n", __func__); - return -1; - } - - /* cek contains the unwrapped CEK. EKEY may contain wrapped CEK */ - - /* make space for the payload encryption pieces */ - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_ATAG, - temp + (ot - *temp_len), - temp_len, enc_hlen / 2, 0)) - goto bail; - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_IV, - temp + (ot - *temp_len), - temp_len, LWS_JWE_AES_IV_BYTES, 0)) - goto bail; - - /* Perform the authenticated encryption on CTXT... - * ...the AAD is b64u(protected JOSE header) */ - - n = lws_jwe_encrypt_cbc_hs(jwe, cek, - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_notice("%s: lws_jwe_encrypt_cbc_hs failed\n", __func__); - goto bail; - } - - ret = 0; - -bail: - /* if fail or direct CEK, cleanse and remove EKEY */ - if (ret || jwe->jose.enc_alg->algtype_crypto == LWS_JOSE_ENCTYPE_NONE) { - if (jwe->jws.map.len[LJWE_EKEY]) - lws_explicit_bzero((void *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY]); - jwe->jws.map.len[LJWE_EKEY] = 0; - } - - lws_explicit_bzero(cek, ekbytes); - - return ret; -} - -/* - * jwe->jws.jwk is recipient private key - * - * If kw mode, then EKEY is the wrapped CEK - * - * - */ - -static int -lws_jwe_auth_and_decrypt_ecdh(struct lws_jwe *jwe) -{ - uint8_t shared_secret[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES], - derived[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; - int ekbytes = jwe->jose.enc_alg->keybits_fixed / 8, - enc_hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type); - struct lws_genec_ctx ecctx; - int n, ret = -1, ss_len = sizeof(shared_secret); - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - if (jwe->jose.recipient[jwe->recip].jwk_ephemeral.kty != - LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: missing epk\n", __func__); - - return -1; - } - - /* - * Recompute the shared secret... - * - * - direct: it's the CEK - * - * - aeskw: apply it as AES keywrap to EKEY to get the CEK - */ - - /* Generate jose.jwk_ephemeral on the peer public key curve */ - - if (lws_genecdh_create(&ecctx, jwe->jws.context, NULL)) - goto bail; - - /* Load our private key into our side of the ecdh context */ - - if (lws_genecdh_set_key(&ecctx, jwe->jws.jwk->e, LDHS_OURS)) { - lwsl_err("%s: setting our private key failed\n", __func__); - goto bail; - } - - /* Import the ephemeral public key into the peer side */ - if (lws_genecdh_set_key(&ecctx, - jwe->jose.recipient[jwe->recip].jwk_ephemeral.e, - LDHS_THEIRS)) { - lwsl_err("%s: setting epk pubkey failed\n", __func__); - goto bail; - } - - /* combine their ephemeral key and our private key to get the secret */ - - if (lws_genecdh_compute_shared_secret(&ecctx, shared_secret, &ss_len)) { - lwsl_notice("%s: lws_genecdh_compute_shared_secret failed\n", - __func__); - - goto bail; - } - - lws_genec_destroy(&ecctx); - - if (ss_len < enc_hlen) { - lwsl_err("%s: ss_len %d ekbytes %d\n", __func__, ss_len, enc_hlen); - goto bail; - } - - /* - * Derive the CEK from the shared secret... amount of bytes written to - * cek[] matches bitcount in jwe->jose.enc_alg->keybits_fixed - */ - - if (lws_jwa_concat_kdf(jwe, - jwe->jose.alg->algtype_crypto == LWS_JOSE_ENCTYPE_NONE, - derived, shared_secret, ss_len)) { - lwsl_notice("%s: lws_jwa_concat_kdf failed\n", __func__); - - goto bail; - } - - /* - * "ECDH-ES": derived is the CEK - * "ECDH-ES-AES[128,192,256]KW": wrapped key is in EKEY, - * "derived" contains KEK - */ - - if (jwe->jose.alg->algtype_crypto != LWS_JOSE_ENCTYPE_NONE) { - struct lws_gencrypto_keyelem el; - struct lws_genaes_ctx aesctx; - int m; - - /* Confirm space for EKEY */ - - if (jwe->jws.map.len[LJWE_EKEY] < (unsigned int)enc_hlen) { - lwsl_err("%s: missing EKEY\n", __func__); - - goto bail; - } - - /* unwrap with the KEK we derived */ - - el.buf = derived; - el.len = enc_hlen / 2; - - if (lws_genaes_create(&aesctx, LWS_GAESO_DEC, LWS_GAESM_KW, - &el, 1, NULL)) { - - lwsl_notice("%s: lws_genaes_create\n", __func__); - goto bail; - } - - /* decrypt the EKEY to end up with CEK in "shared_secret" */ - - n = lws_genaes_crypt(&aesctx, - (const uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], - (uint8_t *)shared_secret, - NULL, NULL, NULL, 0); - m = lws_genaes_destroy(&aesctx, NULL, 0); - if (n < 0) { - lwsl_err("%s: decrypt cek fail\n", __func__); - goto bail; - } - if (m < 0) { - lwsl_err("%s: lws_genaes_destroy fail\n", __func__); - goto bail; - } - } else - memcpy(shared_secret, derived, enc_hlen); - - /* either way, the recovered CEK is in shared_secret */ - - if (lws_jwe_auth_and_decrypt_cbc_hs(jwe, shared_secret, - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]) < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt_cbc_hs fail\n", __func__); - goto bail; - } - - /* if all went well, then CTXT is now the plaintext */ - ret = 0; - -bail: - /* cleanse wrapped on stack that contained the CEK / wrapped key */ - lws_explicit_bzero(derived, ekbytes); - /* cleanse the shared secret */ - lws_explicit_bzero(shared_secret, ekbytes); - - return ret; -} - -int -lws_jwe_auth_and_decrypt_ecdh_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len) -{ - /* create a b64 version of the JOSE header, needed later for AAD */ - - if (lws_jws_encode_b64_element(&jwe->jws.map_b64, LJWE_JOSE, - temp, temp_len, - jwe->jws.map.buf[LJWE_JOSE], - jwe->jws.map.len[LJWE_JOSE])) - return -1; - - return lws_jwe_auth_and_decrypt_ecdh(jwe); -} diff --git a/lib/jose/jwe/jwe-rsa-aescbc.c b/lib/jose/jwe/jwe-rsa-aescbc.c deleted file mode 100644 index 7f2f21e..0000000 --- a/lib/jose/jwe/jwe-rsa-aescbc.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code related to rsa + aescbc - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - -/* - * Requirements on entry: - * - * - jwe->jws.map LJWE_JOSE contains the ASCII JOSE header - * - jwe->jws.map LJWE_EKEY contains cek of enc_alg hmac length - * - jwe->jws.map LJWE_CTXT contains the plaintext - * - * On successful exit: - * - * - jwe->jws.map LJWE_ATAG contains the tag - * - jwe->jws.map LJWE_IV contains the new random IV that was used - * - jwe->jws.map LJWE_EKEY contains the encrypted CEK - * - jwe->jws.map LJWE_CTXT contains the ciphertext - * - * Return the amount of temp used, or -1 - */ - -int -lws_jwe_encrypt_rsa_aes_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len) -{ - int n, hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type), ot = *temp_len; - char ekey[LWS_GENHASH_LARGEST]; - struct lws_genrsa_ctx rsactx; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - /* - * Notice that the unencrypted EKEY coming in is smaller than the - * RSA-encrypted EKEY going out, which is going to be the RSA key size - * - * Create a b64 version of the JOSE header, needed as aad - */ - if (lws_jws_encode_b64_element(&jwe->jws.map_b64, LJWE_JOSE, - temp + (ot - *temp_len), temp_len, - jwe->jws.map.buf[LJWE_JOSE], - jwe->jws.map.len[LJWE_JOSE])) - return -1; - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_ATAG, temp + (ot - *temp_len), - temp_len, hlen / 2, 0)) - return -1; - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_IV, temp + (ot - *temp_len), - temp_len, LWS_JWE_AES_IV_BYTES, 0)) - return -1; - - /* - * Without changing the unencrypted CEK in EKEY, reallocate enough - * space to write the RSA-encrypted version in-situ. - */ - if (lws_jws_dup_element(&jwe->jws.map, LJWE_EKEY, temp + (ot - *temp_len), - temp_len, jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], - jwe->jws.jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len)) - return -1; - - /* Encrypt using the raw CEK (treated as MAC KEY | ENC KEY) */ - - n = lws_jwe_encrypt_cbc_hs(jwe, (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt_cbc_hs failed\n", __func__); - return -1; - } - - if (lws_genrsa_create(&rsactx, jwe->jws.jwk->e, jwe->jws.context, - !strcmp(jwe->jose.alg->alg, "RSA-OAEP") ? - LGRSAM_PKCS1_OAEP_PSS : LGRSAM_PKCS1_1_5, - LWS_GENHASH_TYPE_UNKNOWN)) { - lwsl_notice("%s: lws_genrsa_create\n", - __func__); - return -1; - } - - /* encrypt the CEK using RSA, mbedtls can't handle both in and out are - * the EKEY, so copy the unencrypted ekey out temporarily */ - - memcpy(ekey, jwe->jws.map.buf[LJWE_EKEY], hlen); - - n = lws_genrsa_public_encrypt(&rsactx, (uint8_t *)ekey, hlen, - (uint8_t *)jwe->jws.map.buf[LJWE_EKEY]); - lws_genrsa_destroy(&rsactx); - lws_explicit_bzero(ekey, hlen); /* cleanse the temp CEK copy */ - if (n < 0) { - lwsl_err("%s: encrypt cek fail\n", __func__); - return -1; - } - jwe->jws.map.len[LJWE_EKEY] = n; /* update to encrypted EKEY size */ - - /* - * We end up with IV, ATAG, set, EKEY encrypted and CTXT is ciphertext, - * and b64u version of ATAG in map_b64. - */ - - return 0; -} - -int -lws_jwe_auth_and_decrypt_rsa_aes_cbc_hs(struct lws_jwe *jwe) -{ - int n; - struct lws_genrsa_ctx rsactx; - uint8_t enc_cek[512]; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - if (jwe->jws.map.len[LJWE_EKEY] < 40) { - lwsl_err("%s: EKEY length too short %d\n", __func__, - jwe->jws.map.len[LJWE_EKEY]); - - return -1; - } - - /* Decrypt the JWE Encrypted Key to get the raw MAC || CEK */ - - if (lws_genrsa_create(&rsactx, jwe->jws.jwk->e, jwe->jws.context, - !strcmp(jwe->jose.alg->alg, "RSA-OAEP") ? - LGRSAM_PKCS1_OAEP_PSS : LGRSAM_PKCS1_1_5, - LWS_GENHASH_TYPE_UNKNOWN)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - n = lws_genrsa_private_decrypt(&rsactx, - (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], enc_cek, - sizeof(enc_cek)); - lws_genrsa_destroy(&rsactx); - if (n < 0) { - lwsl_err("%s: decrypt cek fail: \n", __func__); - return -1; - } - - n = lws_jwe_auth_and_decrypt_cbc_hs(jwe, enc_cek, - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt_cbc_hs failed\n", - __func__); - return -1; - } - -#if defined(LWS_WITH_MBEDTLS) && defined(LWS_PLAT_OPTEE) - - /* strip padding */ - - n = jwe->jws.map.buf[LJWE_CTXT][jwe->jws.map.len[LJWE_CTXT] - 1]; - if (n > 16) { - lwsl_err("%s: n == %d, plen %d\n", __func__, n, - (int)jwe->jws.map.len[LJWE_CTXT]); - return -1; - } - jwe->jws.map.len[LJWE_CTXT] -= n; -#endif - - return jwe->jws.map.len[LJWE_CTXT]; -} diff --git a/lib/jose/jwe/jwe-rsa-aesgcm.c b/lib/jose/jwe/jwe-rsa-aesgcm.c deleted file mode 100644 index 42eb0b2..0000000 --- a/lib/jose/jwe/jwe-rsa-aesgcm.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * JWE code related to aes gcm - * - */ -#include "core/private.h" -#include "jose/jwe/private.h" - -#define LWS_AESGCM_IV 12 - - -int -lws_jwe_encrypt_rsa_aes_gcm(struct lws_jwe *jwe, char *temp, int *temp_len) -{ - int ekbytes = jwe->jose.enc_alg->keybits_fixed / 8; - struct lws_genrsa_ctx rsactx; - int n, ret = -1, ot = *temp_len; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: wrong kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - /* create the IV + CEK */ - - if (lws_jws_randomize_element(jwe->jws.context, &jwe->jws.map, LJWE_IV, - temp + (ot - *temp_len), temp_len, - LWS_AESGCM_IV, 0)) - return -1; - - if (lws_jws_alloc_element(&jwe->jws.map, LJWE_ATAG, - temp + (ot - *temp_len), - temp_len, LWS_AESGCM_TAG, 0)) - return -1; - - /* create a b64 version of the JOSE header, needed as aad */ - - if (lws_jws_encode_b64_element(&jwe->jws.map_b64, LJWE_JOSE, - temp + (ot - *temp_len), temp_len, - jwe->jws.map.buf[LJWE_JOSE], - jwe->jws.map.len[LJWE_JOSE])) - return -1; - - /* - * If none already, create a new, random CEK in the JWE (so it can be - * reused for other recipients on same payload). If it already exists, - * just reuse it. It will be cleansed in the JWE destroy. - */ - if (!jwe->cek_valid) { - if (lws_get_random(jwe->jws.context, jwe->cek, ekbytes) != - ekbytes) { - lwsl_err("%s: Problem getting random\n", __func__); - return -1; - } - jwe->cek_valid = 1; - } - - if (lws_jws_dup_element(&jwe->jws.map, LJWE_EKEY, - temp + (ot - *temp_len), temp_len, - jwe->cek, ekbytes, 0)) - return -1; - - /* encrypt the payload */ - - n = lws_jwe_encrypt_gcm(jwe, (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt_gcm failed\n", - __func__); - goto bail; - } - - /* Encrypt the CEK into EKEY to make the JWE Encrypted Key */ - - if (lws_genrsa_create(&rsactx, jwe->jws.jwk->e, jwe->jws.context, - !strcmp(jwe->jose.alg->alg, "RSA-OAEP") ? - LGRSAM_PKCS1_OAEP_PSS : LGRSAM_PKCS1_1_5, - LWS_GENHASH_TYPE_SHA1 /* !!! */)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - goto bail; - } - - n = lws_genrsa_public_encrypt(&rsactx, jwe->cek, ekbytes, - (uint8_t *)jwe->jws.map.buf[LJWE_EKEY]); - lws_genrsa_destroy(&rsactx); - if (n < 0) { - lwsl_err("%s: encrypt cek fail: \n", __func__); - goto bail; - } - - /* set the EKEY length to the actual enciphered length */ - jwe->jws.map.len[LJWE_EKEY] = n; - - ret = jwe->jws.map.len[LJWE_CTXT]; - -bail: - - return ret; -} - -int -lws_jwe_auth_and_decrypt_rsa_aes_gcm(struct lws_jwe *jwe) -{ - int n; - struct lws_genrsa_ctx rsactx; - uint8_t enc_cek[LWS_JWE_LIMIT_KEY_ELEMENT_BYTES]; - - if (jwe->jws.jwk->kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwe->jws.jwk->kty); - - return -1; - } - - if (jwe->jws.map.len[LJWE_EKEY] < 32) { - lwsl_err("%s: EKEY length too short %d\n", __func__, - jwe->jws.map.len[LJWE_EKEY]); - - return -1; - } - - /* Decrypt the JWE Encrypted Key to get the direct CEK */ - - if (lws_genrsa_create(&rsactx, jwe->jws.jwk->e, jwe->jws.context, - !strcmp(jwe->jose.alg->alg, "RSA-OAEP") ? - LGRSAM_PKCS1_OAEP_PSS : LGRSAM_PKCS1_1_5, - LWS_GENHASH_TYPE_SHA1 /* !!! */)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - n = lws_genrsa_private_decrypt(&rsactx, - (uint8_t *)jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], enc_cek, - sizeof(enc_cek)); - lws_genrsa_destroy(&rsactx); - if (n < 0) { - lwsl_err("%s: decrypt cek fail: \n", __func__); - return -1; - } - - n = lws_jwe_auth_and_decrypt_gcm(jwe, enc_cek, - (uint8_t *)jwe->jws.map_b64.buf[LJWE_JOSE], - jwe->jws.map_b64.len[LJWE_JOSE]); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt_gcm_hs failed\n", - __func__); - return -1; - } - -#if defined(LWS_WITH_MBEDTLS) && defined(LWS_PLAT_OPTEE) - /* strip padding */ - - n = jwe->jws.map.buf[LJWE_CTXT][jwe->jws.map.len[LJWE_CTXT] - 1]; - if (n > 16) - return -1; - jwe->jws.map.len[LJWE_CTXT] -= n; -#endif - - return jwe->jws.map.len[LJWE_CTXT]; -} diff --git a/lib/jose/jwe/jwe.c b/lib/jose/jwe/jwe.c deleted file mode 100644 index bb8446e..0000000 --- a/lib/jose/jwe/jwe.c +++ /dev/null @@ -1,788 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * This supports RFC7516 JSON Web Encryption - * - */ -#include "core/private.h" -#include "jose/private.h" -#include "jose/jwe/private.h" - -/* - * Currently only support flattened or compact (implicitly single signature) - */ - -static const char * const jwe_json[] = { - "protected", - "iv", - "ciphertext", - "tag", - "encrypted_key" -}; - -enum enum_jwe_complete_tokens { - LWS_EJCT_PROTECTED, - LWS_EJCT_IV, - LWS_EJCT_CIPHERTEXT, - LWS_EJCT_TAG, - LWS_EJCT_RECIP_ENC_KEY, -}; - -/* parse a JWS complete or flattened JSON object */ - -struct jwe_cb_args { - struct lws_jws *jws; - - char *temp; - int *temp_len; -}; - -static signed char -lws_jwe_json_cb(struct lejp_ctx *ctx, char reason) -{ - struct jwe_cb_args *args = (struct jwe_cb_args *)ctx->user; - int n, m; - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - switch (ctx->path_match - 1) { - - /* strings */ - - case LWS_EJCT_PROTECTED: /* base64u: JOSE: must contain 'alg' */ - m = LJWS_JOSE; - goto append_string; - case LWS_EJCT_IV: /* base64u */ - m = LJWE_IV; - goto append_string; - case LWS_EJCT_CIPHERTEXT: /* base64u */ - m = LJWE_CTXT; - goto append_string; - case LWS_EJCT_TAG: /* base64u */ - m = LJWE_ATAG; - goto append_string; - case LWS_EJCT_RECIP_ENC_KEY: /* base64u */ - m = LJWE_EKEY; - goto append_string; - - default: - return -1; - } - - return 0; - -append_string: - - if (*args->temp_len < ctx->npos) { - lwsl_err("%s: out of parsing space\n", __func__); - return -1; - } - - /* - * We keep both b64u and decoded in temp mapped using map / map_b64, - * the jws signature is actually over the b64 content not the plaintext, - * and we can't do it until we see the protected alg. - */ - - if (!args->jws->map_b64.buf[m]) { - args->jws->map_b64.buf[m] = args->temp; - args->jws->map_b64.len[m] = 0; - } - - memcpy(args->temp, ctx->buf, ctx->npos); - args->temp += ctx->npos; - *args->temp_len -= ctx->npos; - args->jws->map_b64.len[m] += ctx->npos; - - if (reason == LEJPCB_VAL_STR_END) { - args->jws->map.buf[m] = args->temp; - - n = lws_b64_decode_string_len( - (const char *)args->jws->map_b64.buf[m], - args->jws->map_b64.len[m], - (char *)args->temp, *args->temp_len); - if (n < 0) { - lwsl_err("%s: b64 decode failed\n", __func__); - return -1; - } - - args->temp += n; - *args->temp_len -= n; - args->jws->map.len[m] = n; - } - - return 0; -} - -int -lws_jwe_json_parse(struct lws_jwe *jwe, const uint8_t *buf, int len, - char *temp, int *temp_len) -{ - struct jwe_cb_args args; - struct lejp_ctx jctx; - int m = 0; - - args.jws = &jwe->jws; - args.temp = temp; - args.temp_len = temp_len; - - lejp_construct(&jctx, lws_jwe_json_cb, &args, jwe_json, - LWS_ARRAY_SIZE(jwe_json)); - - m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)buf, len); - lejp_destruct(&jctx); - if (m < 0) { - lwsl_notice("%s: parse returned %d\n", __func__, m); - return -1; - } - - return 0; -} - -void -lws_jwe_init(struct lws_jwe *jwe, struct lws_context *context) -{ - lws_jose_init(&jwe->jose); - lws_jws_init(&jwe->jws, &jwe->jwk, context); - memset(&jwe->jwk, 0, sizeof(jwe->jwk)); - jwe->recip = 0; - jwe->cek_valid = 0; -} - -void -lws_jwe_destroy(struct lws_jwe *jwe) -{ - lws_jws_destroy(&jwe->jws); - lws_jose_destroy(&jwe->jose); - lws_jwk_destroy(&jwe->jwk); - /* cleanse the CEK we held on to in case of further encryptions of it */ - lws_explicit_bzero(jwe->cek, sizeof(jwe->cek)); - jwe->cek_valid = 0; -} - -static uint8_t * -be32(uint32_t i, uint32_t *p32) -{ - uint8_t *p = (uint8_t *)p32; - - *p++ = (i >> 24) & 0xff; - *p++ = (i >> 16) & 0xff; - *p++ = (i >> 8) & 0xff; - *p++ = i & 0xff; - - return (uint8_t *)p32; -} - -/* - * The key derivation process derives the agreed-upon key from the - * shared secret Z established through the ECDH algorithm, per - * Section 6.2.2.2 of [NIST.800-56A]. - * - * - * Key derivation is performed using the Concat KDF, as defined in - * Section 5.8.1 of [NIST.800-56A], where the Digest Method is SHA-256. - * - * out must be prepared to take at least 32 bytes or the encrypted key size, - * whichever is larger. - */ - -int -lws_jwa_concat_kdf(struct lws_jwe *jwe, int direct, uint8_t *out, - const uint8_t *shared_secret, int sslen) -{ - int hlen = lws_genhash_size(LWS_GENHASH_TYPE_SHA256), aidlen; - struct lws_genhash_ctx hash_ctx; - uint32_t ctr = 1, t; - const char *aid; - - if (!jwe->jose.enc_alg || !jwe->jose.alg) - return -1; - - /* - * Hash - * - * AlgorithmID || PartyUInfo || PartyVInfo - * {|| SuppPubInfo }{|| SuppPrivInfo } - * - * AlgorithmID - * - * The AlgorithmID value is of the form Datalen || Data, where Data - * is a variable-length string of zero or more octets, and Datalen is - * a fixed-length, big-endian 32-bit counter that indicates the - * length (in octets) of Data. In the Direct Key Agreement case, - * Data is set to the octets of the ASCII representation of the "enc" - * Header Parameter value. In the Key Agreement with Key Wrapping - * case, Data is set to the octets of the ASCII representation of the - * "alg" (algorithm) Header Parameter value. - */ - - aid = direct ? jwe->jose.enc_alg->alg : jwe->jose.alg->alg; - aidlen = strlen(aid); - - /* - * PartyUInfo (PartyVInfo is the same deal) - * - * The PartyUInfo value is of the form Datalen || Data, where Data is - * a variable-length string of zero or more octets, and Datalen is a - * fixed-length, big-endian 32-bit counter that indicates the length - * (in octets) of Data. If an "apu" (agreement PartyUInfo) Header - * Parameter is present, Data is set to the result of base64url - * decoding the "apu" value and Datalen is set to the number of - * octets in Data. Otherwise, Datalen is set to 0 and Data is set to - * the empty octet sequence - * - * SuppPubInfo - * - * This is set to the keydatalen represented as a 32-bit big-endian - * integer. - * - * keydatalen - * - * This is set to the number of bits in the desired output key. For - * "ECDH-ES", this is length of the key used by the "enc" algorithm. - * For "ECDH-ES+A128KW", "ECDH-ES+A192KW", and "ECDH-ES+A256KW", this - * is 128, 192, and 256, respectively. - * - * Compute Hash i = H(counter || Z || OtherInfo). - * - * We must iteratively hash over key material that's larger than - * one hash output size (256b for SHA-256) - */ - - while (ctr <= (uint32_t)((jwe->jose.enc_alg->keybits_fixed + (hlen - 1)) / hlen)) { - - /* - * Key derivation is performed using the Concat KDF, as defined - * in Section 5.8.1 of [NIST.800-56A], where the Digest Method - * is SHA-256. - */ - - if (lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256)) - return -1; - - if (/* counter */ - lws_genhash_update(&hash_ctx, be32(ctr++, &t), 4) || - /* Z */ - lws_genhash_update(&hash_ctx, shared_secret, sslen) || - /* other info */ - lws_genhash_update(&hash_ctx, be32(strlen(aid), &t), 4) || - lws_genhash_update(&hash_ctx, aid, aidlen) || - lws_genhash_update(&hash_ctx, - be32(jwe->jose.e[LJJHI_APU].len, &t), 4) || - lws_genhash_update(&hash_ctx, jwe->jose.e[LJJHI_APU].buf, - jwe->jose.e[LJJHI_APU].len) || - lws_genhash_update(&hash_ctx, - be32(jwe->jose.e[LJJHI_APV].len, &t), 4) || - lws_genhash_update(&hash_ctx, jwe->jose.e[LJJHI_APV].buf, - jwe->jose.e[LJJHI_APV].len) || - lws_genhash_update(&hash_ctx, - be32(jwe->jose.enc_alg->keybits_fixed, &t), - 4) || - lws_genhash_destroy(&hash_ctx, out)) { - lwsl_err("%s: fail\n", __func__); - lws_genhash_destroy(&hash_ctx, NULL); - - return -1; - } - - out += hlen; - } - - return 0; -} - -LWS_VISIBLE void -lws_jwe_be64(uint64_t c, uint8_t *p8) -{ - int n; - - for (n = 56; n >= 0; n -= 8) - *p8++ = (uint8_t)((c >> n) & 0xff); -} - -LWS_VISIBLE int -lws_jwe_auth_and_decrypt(struct lws_jwe *jwe, char *temp, int *temp_len) -{ - int valid_aescbc_hmac, valid_aesgcm; - - if (lws_jwe_parse_jose(&jwe->jose, jwe->jws.map.buf[LJWS_JOSE], - jwe->jws.map.len[LJWS_JOSE], - temp, temp_len) < 0) { - lwsl_err("%s: JOSE parse '%.*s' failed\n", __func__, - jwe->jws.map.len[LJWS_JOSE], - jwe->jws.map.buf[LJWS_JOSE]); - return -1; - } - - if (!jwe->jose.alg) { - lwsl_err("%s: no jose.alg: %.*s\n", __func__, - jwe->jws.map.len[LJWS_JOSE], - jwe->jws.map.buf[LJWS_JOSE]); - - return -1; - } - - valid_aescbc_hmac = jwe->jose.enc_alg && - jwe->jose.enc_alg->algtype_crypto == LWS_JOSE_ENCTYPE_AES_CBC && - (jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA256 || - jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA384 || - jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA512); - - valid_aesgcm = jwe->jose.enc_alg && - jwe->jose.enc_alg->algtype_crypto == LWS_JOSE_ENCTYPE_AES_GCM; - - if ((jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5 || - jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP)) { - /* RSA + AESCBC */ - if (valid_aescbc_hmac) - return lws_jwe_auth_and_decrypt_rsa_aes_cbc_hs(jwe); - /* RSA + AESGCM */ - if (valid_aesgcm) - return lws_jwe_auth_and_decrypt_rsa_aes_gcm(jwe); - } - - /* AESKW */ - - if (jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_AES_ECB && - valid_aescbc_hmac) - return lws_jwe_auth_and_decrypt_aeskw_cbc_hs(jwe); - - /* ECDH-ES + AESKW */ - - if (jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_ECDHES && - valid_aescbc_hmac) - return lws_jwe_auth_and_decrypt_ecdh_cbc_hs(jwe, - temp, temp_len); - - lwsl_err("%s: unknown cipher alg combo %s / %s\n", __func__, - jwe->jose.alg->alg, jwe->jose.enc_alg ? - jwe->jose.enc_alg->alg : "NULL"); - - return -1; -} -LWS_VISIBLE int -lws_jwe_encrypt(struct lws_jwe *jwe, char *temp, int *temp_len) -{ - int valid_aescbc_hmac, valid_aesgcm, ot = *temp_len, ret = -1; - - if (jwe->jose.recipients >= (int)LWS_ARRAY_SIZE(jwe->jose.recipient)) { - lwsl_err("%s: max recipients reached\n", __func__); - - return -1; - } - - valid_aesgcm = jwe->jose.enc_alg && - jwe->jose.enc_alg->algtype_crypto == LWS_JOSE_ENCTYPE_AES_GCM; - - if (lws_jwe_parse_jose(&jwe->jose, jwe->jws.map.buf[LJWS_JOSE], - jwe->jws.map.len[LJWS_JOSE], temp, temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - goto bail; - } - - temp += ot - *temp_len; - - valid_aescbc_hmac = jwe->jose.enc_alg && - jwe->jose.enc_alg->algtype_crypto == LWS_JOSE_ENCTYPE_AES_CBC && - (jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA256 || - jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA384 || - jwe->jose.enc_alg->hmac_type == LWS_GENHMAC_TYPE_SHA512); - - if ((jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5 || - jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP)) { - /* RSA + AESCBC */ - if (valid_aescbc_hmac) { - ret = lws_jwe_encrypt_rsa_aes_cbc_hs(jwe, temp, temp_len); - goto bail; - } - /* RSA + AESGCM */ - if (valid_aesgcm) { - ret = lws_jwe_encrypt_rsa_aes_gcm(jwe, temp, temp_len); - goto bail; - } - } - - /* AESKW */ - - if (jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_AES_ECB && - valid_aescbc_hmac) { - ret = lws_jwe_encrypt_aeskw_cbc_hs(jwe, temp, temp_len); - goto bail; - } - - /* ECDH-ES + AESKW */ - - if (jwe->jose.alg->algtype_signing == LWS_JOSE_ENCTYPE_ECDHES && - valid_aescbc_hmac) { - ret = lws_jwe_encrypt_ecdh_cbc_hs(jwe, temp, temp_len); - goto bail; - } - - lwsl_err("%s: unknown cipher alg combo %s / %s\n", __func__, - jwe->jose.alg->alg, jwe->jose.enc_alg ? - jwe->jose.enc_alg->alg : "NULL"); - -bail: - if (ret) - memset(&jwe->jose.recipient[jwe->jose.recipients], 0, - sizeof(jwe->jose.recipient[0])); - else - jwe->jose.recipients++; - - return ret; -} - -/* - * JWE Compact Serialization consists of - * - * BASE64URL(UTF8(JWE Protected Header)) || '.' || - * BASE64URL(JWE Encrypted Key) || '.' || - * BASE64URL(JWE Initialization Vector) || '.' || - * BASE64URL(JWE Ciphertext) || '.' || - * BASE64URL(JWE Authentication Tag) - * - * - * In the JWE Compact Serialization, no JWE Shared Unprotected Header or - * JWE Per-Recipient Unprotected Header are used. In this case, the - * JOSE Header and the JWE Protected Header are the same. - * - * Therefore: - * - * - Everything needed in the header part must go in the protected header - * (it's the only part emitted). We expect the caller did this. - * - * - You can't emit Compact representation if there are multiple recipients - */ - -LWS_VISIBLE int -lws_jwe_render_compact(struct lws_jwe *jwe, char *out, size_t out_len) -{ - size_t orig = out_len; - int n; - - if (jwe->jose.recipients > 1) { - lwsl_notice("%s: can't issue compact representation for" - " multiple recipients (%d)\n", __func__, - jwe->jose.recipients); - - return -1; - } - - n = lws_jws_base64_enc(jwe->jws.map.buf[LJWS_JOSE], - jwe->jws.map.len[LJWS_JOSE], out, out_len); - if (n < 0 || (int)out_len == n) { - lwsl_info("%s: unable to encode JOSE\n", __func__); - return n; - } - - out += n; - *out++ = '.'; - out_len -= n + 1; - - n = lws_jws_base64_enc(jwe->jws.map.buf[LJWE_EKEY], - jwe->jws.map.len[LJWE_EKEY], out, out_len); - if (n < 0 || (int)out_len == n) { - lwsl_info("%s: unable to encode EKEY\n", __func__); - return n; - } - - out += n; - *out++ = '.'; - out_len -= n + 1; - n = lws_jws_base64_enc(jwe->jws.map.buf[LJWE_IV], - jwe->jws.map.len[LJWE_IV], out, out_len); - if (n < 0 || (int)out_len == n) { - lwsl_info("%s: unable to encode IV\n", __func__); - return n; - } - - out += n; - *out++ = '.'; - out_len -= n + 1; - - n = lws_jws_base64_enc(jwe->jws.map.buf[LJWE_CTXT], - jwe->jws.map.len[LJWE_CTXT], out, out_len); - if (n < 0 || (int)out_len == n) { - lwsl_info("%s: unable to encode CTXT\n", __func__); - return n; - } - - out += n; - *out++ = '.'; - out_len -= n + 1; - n = lws_jws_base64_enc(jwe->jws.map.buf[LJWE_ATAG], - jwe->jws.map.len[LJWE_ATAG], out, out_len); - if (n < 0 || (int)out_len == n) { - lwsl_info("%s: unable to encode ATAG\n", __func__); - return n; - } - - out += n; - *out++ = '\0'; - out_len -= n; - - return orig - out_len; -} - -LWS_VISIBLE int -lws_jwe_create_packet(struct lws_jwe *jwe, const char *payload, size_t len, - const char *nonce, char *out, size_t out_len, - struct lws_context *context) -{ - char *buf, *start, *p, *end, *p1, *end1; - struct lws_jws jws; - int n, m; - - lws_jws_init(&jws, &jwe->jwk, context); - - /* - * This buffer is local to the function, the actual output is prepared - * into out. Only the plaintext protected header - * (which contains the public key, 512 bytes for 4096b) goes in - * here temporarily. - */ - n = LWS_PRE + 2048; - buf = malloc(n); - if (!buf) { - lwsl_notice("%s: malloc %d failed\n", __func__, n); - return -1; - } - - p = start = buf + LWS_PRE; - end = buf + n - LWS_PRE - 1; - - /* - * temporary JWS protected header plaintext - */ - - if (!jwe->jose.alg || !jwe->jose.alg->alg) - goto bail; - - p += lws_snprintf(p, end - p, "{\"alg\":\"%s\",\"jwk\":", - jwe->jose.alg->alg); - m = end - p; - n = lws_jwk_export(&jwe->jwk, 0, p, &m); - if (n < 0) { - lwsl_notice("failed to export jwk\n"); - - goto bail; - } - p += n; - p += lws_snprintf(p, end - p, ",\"nonce\":\"%s\"}", nonce); - - /* - * prepare the signed outer JSON with all the parts in - */ - - p1 = out; - end1 = out + out_len - 1; - - p1 += lws_snprintf(p1, end1 - p1, "{\"protected\":\""); - jws.map_b64.buf[LJWS_JOSE] = p1; - n = lws_jws_base64_enc(start, p - start, p1, end1 - p1); - if (n < 0) { - lwsl_notice("%s: failed to encode protected\n", __func__); - goto bail; - } - jws.map_b64.len[LJWS_JOSE] = n; - p1 += n; - - p1 += lws_snprintf(p1, end1 - p1, "\",\"payload\":\""); - jws.map_b64.buf[LJWS_PYLD] = p1; - n = lws_jws_base64_enc(payload, len, p1, end1 - p1); - if (n < 0) { - lwsl_notice("%s: failed to encode payload\n", __func__); - goto bail; - } - jws.map_b64.len[LJWS_PYLD] = n; - p1 += n; - - p1 += lws_snprintf(p1, end1 - p1, "\",\"header\":\""); - jws.map_b64.buf[LJWS_UHDR] = p1; - n = lws_jws_base64_enc(payload, len, p1, end1 - p1); - if (n < 0) { - lwsl_notice("%s: failed to encode payload\n", __func__); - goto bail; - } - jws.map_b64.len[LJWS_UHDR] = n; - - p1 += n; - p1 += lws_snprintf(p1, end1 - p1, "\",\"signature\":\""); - - /* - * taking the b64 protected header and the b64 payload, sign them - * and place the signature into the packet - */ - n = lws_jws_sign_from_b64(&jwe->jose, &jws, p1, end1 - p1); - if (n < 0) { - lwsl_notice("sig gen failed\n"); - - goto bail; - } - jws.map_b64.buf[LJWS_SIG] = p1; - jws.map_b64.len[LJWS_SIG] = n; - - p1 += n; - p1 += lws_snprintf(p1, end1 - p1, "\"}"); - - free(buf); - - return p1 - out; - -bail: - lws_jws_destroy(&jws); - free(buf); - - return -1; -} - -static const char *protected_en[] = { - "encrypted_key", "aad", "iv", "ciphertext", "tag" -}; - -static int protected_idx[] = { - LJWE_EKEY, LJWE_AAD, LJWE_IV, LJWE_CTXT, LJWE_ATAG -}; - -/* - * The complete JWE may look something like this: - * - * { - * "protected": - * "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", - * "unprotected": - * {"jku":"https://server.example.com/keys.jwks"}, - * "recipients":[ - * {"header": - * {"alg":"RSA1_5","kid":"2011-04-29"}, - * "encrypted_key": - * "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0- - * kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx - * GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3 - * YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh - * cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg - * wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A"}, - * {"header": - * {"alg":"A128KW","kid":"7"}, - * "encrypted_key": - * "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ"}], - * "iv": - * "AxY8DCtDaGlsbGljb3RoZQ", - * "ciphertext": - * "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY", - * "tag": - * "Mz-VPPyU4RlcuYv1IwIvzw" - * } - * - * The flattened JWE ends up like this - * - * { - * "protected": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0", - * "unprotected": {"jku":"https://server.example.com/keys.jwks"}, - * "header": {"alg":"A128KW","kid":"7"}, - * "encrypted_key": "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ", - * "iv": "AxY8DCtDaGlsbGljb3RoZQ", - * "ciphertext": "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY", - * "tag": "Mz-VPPyU4RlcuYv1IwIvzw" - * } - * - * { - * "protected":"", - * "unprotected":, - * "header":, - * "encrypted_key":"", - * "aad":"", - * "iv":"", - * "ciphertext":"", - * "tag":"" - * } - */ - -LWS_VISIBLE int -lws_jwe_render_flattened(struct lws_jwe *jwe, char *out, size_t out_len) -{ - char buf[3072], *p1, *end1, protected[128]; - int m, n, jlen, plen; - - jlen = lws_jose_render(&jwe->jose, jwe->jws.jwk, buf, sizeof(buf)); - if (jlen < 0) { - lwsl_err("%s: lws_jose_render failed\n", __func__); - - return -1; - } - - /* - * prepare the JWE JSON with all the parts in - */ - - p1 = out; - end1 = out + out_len - 1; - - /* - * The protected header is b64url encoding of the JOSE header part - */ - - plen = lws_snprintf(protected, sizeof(protected), - "{\"alg\":\"%s\",\"enc\":\"%s\"}", - jwe->jose.alg->alg, jwe->jose.enc_alg->alg); - - p1 += lws_snprintf(p1, end1 - p1, "{\"protected\":\""); - jwe->jws.map_b64.buf[LJWS_JOSE] = p1; - n = lws_jws_base64_enc(protected, plen, p1, end1 - p1); - if (n < 0) { - lwsl_notice("%s: failed to encode protected\n", __func__); - goto bail; - } - jwe->jws.map_b64.len[LJWS_JOSE] = n; - p1 += n; - - /* unprotected not supported atm */ - - p1 += lws_snprintf(p1, end1 - p1, "\",\n\"header\":%.*s", jlen, buf); - - for (m = 0; m < (int)LWS_ARRAY_SIZE(protected_en); m++) - if (jwe->jws.map.buf[protected_idx[m]]) { - p1 += lws_snprintf(p1, end1 - p1, ",\n\"%s\":\"", - protected_en[m]); - //jwe->jws.map_b64.buf[protected_idx[m]] = p1; - n = lws_jws_base64_enc(jwe->jws.map.buf[protected_idx[m]], - jwe->jws.map.len[protected_idx[m]], - p1, end1 - p1); - if (n < 0) { - lwsl_notice("%s: failed to encode %s\n", - __func__, protected_en[m]); - goto bail; - } - //jwe->jws.map_b64.len[protected_idx[m]] = n; - p1 += n; - p1 += lws_snprintf(p1, end1 - p1, "\""); - } - - p1 += lws_snprintf(p1, end1 - p1, "\n}\n"); - - return p1 - out; - -bail: - lws_jws_destroy(&jwe->jws); - - return -1; -} diff --git a/lib/jose/jwe/private.h b/lib/jose/jwe/private.h deleted file mode 100644 index f64a51f..0000000 --- a/lib/jose/jwe/private.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * libwebsockets - JSON Web Encryption support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - */ -#define LWS_AESGCM_IV 12 -#define LWS_AESGCM_TAG 16 - -/* jwe-rsa-aescbc.c */ - -int -lws_jwe_auth_and_decrypt_rsa_aes_cbc_hs(struct lws_jwe *jwe); - - -int -lws_jwe_encrypt_rsa_aes_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len); - -int -lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, - uint8_t *aad, int aad_len); - - -/* jws-rsa-aesgcm.c */ - -int -lws_jwe_auth_and_decrypt_gcm(struct lws_jwe *jwe, uint8_t *enc_cek, - uint8_t *aad, int aad_len); - -int -lws_jwe_auth_and_decrypt_rsa_aes_gcm(struct lws_jwe *jwe); - -int -lws_jwe_encrypt_gcm(struct lws_jwe *jwe, - uint8_t *enc_cek, uint8_t *aad, int aad_len); - -int -lws_jwe_encrypt_rsa_aes_gcm(struct lws_jwe *jwe, - char *temp, int *temp_len); - - - - -/* jwe-rsa-aeskw.c */ - -int -lws_jwe_encrypt_aeskw_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len); - -int -lws_jwe_auth_and_decrypt_aeskw_cbc_hs(struct lws_jwe *jwe); - -/* aescbc.c */ - -int -lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek, - uint8_t *aad, int aad_len); - -int -lws_jwe_encrypt_cbc_hs(struct lws_jwe *jwe, - uint8_t *cek, uint8_t *aad, int aad_len); - -int -lws_jwe_auth_and_decrypt_ecdh_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len); - -int -lws_jwe_encrypt_ecdh_cbc_hs(struct lws_jwe *jwe, - char *temp, int *temp_len); diff --git a/lib/jose/jwk/jwk.c b/lib/jose/jwk/jwk.c deleted file mode 100644 index 35f4723..0000000 --- a/lib/jose/jwk/jwk.c +++ /dev/null @@ -1,903 +0,0 @@ -/* - * libwebsockets - JSON Web Key support - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "jose/private.h" - -#if !defined(LWS_PLAT_OPTEE) && !defined(OPTEE_DEV_KIT) -#include -#endif - -static const char * const kty_names[] = { - "unknown", /* LWS_GENCRYPTO_KTY_UNKNOWN */ - "oct", /* LWS_GENCRYPTO_KTY_OCT */ - "RSA", /* LWS_GENCRYPTO_KTY_RSA */ - "EC" /* LWS_GENCRYPTO_KTY_EC */ -}; - -/* - * These are the entire legal token set for names in jwk. - * - * The first version is used to parse a detached single jwk that don't have any - * parent JSON context. The second version is used to parse full jwk objects - * that has a "keys": [ ] array containing the keys. - */ - -static const char * const jwk_tok[] = { - "keys[]", /* dummy */ - "e", "n", "d", "p", "q", "dp", "dq", "qi", /* RSA */ - "kty", /* generic */ - "k", /* symmetric key data */ - "crv", "x", "y", /* EC (also "D") */ - "kid", /* generic */ - "use" /* mutually exclusive with "key_ops" */, - "key_ops" /* mutually exclusive with "use" */, - "x5c", /* generic */ - "alg" /* generic */ -}, * const jwk_outer_tok[] = { - "keys[]", - "keys[].e", "keys[].n", "keys[].d", "keys[].p", "keys[].q", "keys[].dp", - "keys[].dq", "keys[].qi", - - "keys[].kty", "keys[].k", /* generic */ - "keys[].crv", "keys[].x", "keys[].y", /* EC (also "D") */ - "keys[].kid", "keys[].use" /* mutually exclusive with "key_ops" */, - "keys[].key_ops", /* mutually exclusive with "use" */ - "keys[].x5c", "keys[].alg" -}; - -/* information about each token declared above */ - -#define F_M (1 << 9) /* Mandatory for key type */ -#define F_B64 (1 << 10) /* Base64 coded octets */ -#define F_B64U (1 << 11) /* Base64 Url coded octets */ -#define F_META (1 << 12) /* JWK key metainformation */ -#define F_RSA (1 << 13) /* RSA key */ -#define F_EC (1 << 14) /* Elliptic curve key */ -#define F_OCT (1 << 15) /* octet key */ - -static unsigned short tok_map[] = { - F_RSA | F_EC | F_OCT | F_META | 0xff, - F_RSA | F_B64U | F_M | LWS_GENCRYPTO_RSA_KEYEL_E, - F_RSA | F_B64U | F_M | LWS_GENCRYPTO_RSA_KEYEL_N, - F_RSA | F_EC | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_D, - F_RSA | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_P, - F_RSA | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_Q, - F_RSA | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_DP, - F_RSA | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_DQ, - F_RSA | F_B64U | LWS_GENCRYPTO_RSA_KEYEL_QI, - - F_RSA | F_EC | F_OCT | F_META | F_M | JWK_META_KTY, - F_OCT | F_B64U | F_M | LWS_GENCRYPTO_OCT_KEYEL_K, - - F_EC | F_M | LWS_GENCRYPTO_EC_KEYEL_CRV, - F_EC | F_B64U | F_M | LWS_GENCRYPTO_EC_KEYEL_X, - F_EC | F_B64U | F_M | LWS_GENCRYPTO_EC_KEYEL_Y, - - F_RSA | F_EC | F_OCT | F_META | JWK_META_KID, - F_RSA | F_EC | F_OCT | F_META | JWK_META_USE, - - F_RSA | F_EC | F_OCT | F_META | JWK_META_KEY_OPS, - F_RSA | F_EC | F_OCT | F_META | F_B64 | JWK_META_X5C, - F_RSA | F_EC | F_OCT | F_META | JWK_META_ALG, -}; - -static const char *meta_names[] = { - "kty", "kid", "use", "key_ops", "x5c", "alg" -}; - -struct lexico { - const char *name; - int idx; - char meta; -} lexico_ec[] = { - { "alg", JWK_META_ALG, 1 }, - { "crv", LWS_GENCRYPTO_EC_KEYEL_CRV, 0 }, - { "d", LWS_GENCRYPTO_EC_KEYEL_D, 2 | 0 }, - { "key_ops", JWK_META_KEY_OPS, 1 }, - { "kid", JWK_META_KID, 1 }, - { "kty", JWK_META_KTY, 1 }, - { "use", JWK_META_USE, 1 }, - { "x", LWS_GENCRYPTO_EC_KEYEL_X, 0 }, - { "x5c", JWK_META_X5C, 1 }, - { "y", LWS_GENCRYPTO_EC_KEYEL_Y, 0 } -}, lexico_oct[] = { - { "alg", JWK_META_ALG, 1 }, - { "k", LWS_GENCRYPTO_OCT_KEYEL_K, 0 }, - { "key_ops", JWK_META_KEY_OPS, 1 }, - { "kid", JWK_META_KID, 1 }, - { "kty", JWK_META_KTY, 1 }, - { "use", JWK_META_USE, 1 }, - { "x5c", JWK_META_X5C, 1 } -}, lexico_rsa[] = { - { "alg", JWK_META_ALG, 1 }, - { "d", LWS_GENCRYPTO_RSA_KEYEL_D, 2 | 0 }, - { "dp", LWS_GENCRYPTO_RSA_KEYEL_DP, 2 | 0 }, - { "dq", LWS_GENCRYPTO_RSA_KEYEL_DQ, 2 | 0 }, - { "e", LWS_GENCRYPTO_RSA_KEYEL_E, 0 }, - { "key_ops", JWK_META_KEY_OPS, 1 }, - { "kid", JWK_META_KID, 1 }, - { "kty", JWK_META_KTY, 1 }, - { "n", LWS_GENCRYPTO_RSA_KEYEL_N, 0 }, - { "p", LWS_GENCRYPTO_RSA_KEYEL_P, 2 | 0 }, - { "q", LWS_GENCRYPTO_RSA_KEYEL_Q, 2 | 0 }, - { "qi", LWS_GENCRYPTO_RSA_KEYEL_QI, 2 | 0 }, - { "use", JWK_META_USE, 1 }, - { "x5c", JWK_META_X5C, 1 } -}; - -static const char meta_b64[] = { 0, 0, 0, 0, 1, 0 }; - -static const char *oct_names[] = { - "k" -}; -static const char oct_b64[] = { 1 }; - -static const char *rsa_names[] = { - "e", "n", "d", "p", "q", "dp", "dq", "qi" -}; -static const char rsa_b64[] = { 1, 1, 1, 1, 1, 1, 1, 1 }; - -static const char *ec_names[] = { - "crv", "x", "d", "y", -}; -static const char ec_b64[] = { 0, 1, 1, 1 }; - -LWS_VISIBLE int -lws_jwk_dump(struct lws_jwk *jwk) -{ - const char **enames, *b64; - int elems; - int n; - - (void)enames; - (void)meta_names; - - switch (jwk->kty) { - default: - case LWS_GENCRYPTO_KTY_UNKNOWN: - lwsl_err("%s: jwk %p: unknown type\n", __func__, jwk); - - return 1; - case LWS_GENCRYPTO_KTY_OCT: - elems = LWS_GENCRYPTO_OCT_KEYEL_COUNT; - enames = oct_names; - b64 = oct_b64; - break; - case LWS_GENCRYPTO_KTY_RSA: - elems = LWS_GENCRYPTO_RSA_KEYEL_COUNT; - enames = rsa_names; - b64 = rsa_b64; - break; - case LWS_GENCRYPTO_KTY_EC: - elems = LWS_GENCRYPTO_EC_KEYEL_COUNT; - enames = ec_names; - b64 = ec_b64; - break; - } - - lwsl_info("%s: jwk %p\n", __func__, jwk); - - for (n = 0; n < LWS_COUNT_JWK_ELEMENTS; n++) { - if (jwk->meta[n].buf && meta_b64[n]) { - lwsl_info(" meta: %s\n", meta_names[n]); - lwsl_hexdump_info(jwk->meta[n].buf, jwk->meta[n].len); - } - if (jwk->meta[n].buf && !meta_b64[n]) - lwsl_info(" meta: %s: '%s'\n", meta_names[n], - jwk->meta[n].buf); - } - - for (n = 0; n < elems; n++) { - if (jwk->e[n].buf && b64[n]) { - lwsl_info(" e: %s\n", enames[n]); - lwsl_hexdump_info(jwk->e[n].buf, jwk->e[n].len); - } - if (jwk->e[n].buf && !b64[n]) - lwsl_info(" e: %s: '%s'\n", enames[n], jwk->e[n].buf); - } - - return 0; -} - -static int -_lws_jwk_set_el_jwk(struct lws_gencrypto_keyelem *e, char *in, int len) -{ - e->buf = lws_malloc(len + 1, "jwk"); - if (!e->buf) - return -1; - - memcpy(e->buf, in, len); - e->buf[len] = '\0'; - e->len = len; - - return 0; -} - -static int -_lws_jwk_set_el_jwk_b64(struct lws_gencrypto_keyelem *e, char *in, int len) -{ - int dec_size = lws_base64_size(len), n; - - e->buf = lws_malloc(dec_size, "jwk"); - if (!e->buf) - return -1; - - /* same decoder accepts both url or original styles */ - - n = lws_b64_decode_string_len(in, len, (char *)e->buf, dec_size - 1); - if (n < 0) - return -1; - e->len = n; - - return 0; -} - -static int -_lws_jwk_set_el_jwk_b64u(struct lws_gencrypto_keyelem *e, char *in, int len) -{ - int dec_size = lws_base64_size(len), n; - - e->buf = lws_malloc(dec_size, "jwk"); - if (!e->buf) - return -1; - - /* same decoder accepts both url or original styles */ - - n = lws_b64_decode_string_len(in, len, (char *)e->buf, dec_size - 1); - if (n < 0) - return -1; - e->len = n; - - return 0; -} - -void -lws_jwk_destroy_elements(struct lws_gencrypto_keyelem *el, int m) -{ - int n; - - for (n = 0; n < m; n++) - if (el[n].buf) { - /* wipe all key material when it goes out of scope */ - lws_explicit_bzero(el[n].buf, el[n].len); - lws_free_set_NULL(el[n].buf); - el[n].len = 0; - } -} - -LWS_VISIBLE void -lws_jwk_destroy(struct lws_jwk *jwk) -{ - lws_jwk_destroy_elements(jwk->e, LWS_ARRAY_SIZE(jwk->e)); - lws_jwk_destroy_elements(jwk->meta, LWS_ARRAY_SIZE(jwk->meta)); -} - -static signed char -cb_jwk(struct lejp_ctx *ctx, char reason) -{ - struct lws_jwk_parse_state *jps = (struct lws_jwk_parse_state *)ctx->user; - struct lws_jwk *jwk = jps->jwk; - unsigned int idx, poss, n; - - if (reason == LEJPCB_VAL_STR_START) - jps->pos = 0; - - if (reason == LEJPCB_OBJECT_START && ctx->path_match == 0 + 1) - /* - * new keys[] member is starting - * - * Until we see some JSON names, it could be anything... - * there is no requirement for kty to be given first and eg, - * ACME specifies the keys must be ordered in lexographic - * order - where kty is not first. - */ - jps->possible = F_RSA | F_EC | F_OCT; - - if (reason == LEJPCB_OBJECT_END && ctx->path_match == 0 + 1) { - /* we completed parsing a key */ - if (jps->per_key_cb && jps->possible) { - if (jps->per_key_cb(jps->jwk, jps->user)) { - - lwsl_notice("%s: user cb halts import\n", - __func__); - - return -2; - } - - /* clear it down */ - lws_jwk_destroy(jps->jwk); - jps->possible = 0; - } - } - - if (reason == LEJPCB_COMPLETE) { - - /* - * Now we saw the whole jwk and know the key type, let'jwk insist - * that as a whole, it must be consistent and complete. - * - * The tracking of ->possible bits from even before we know the - * kty already makes certain we cannot have key element members - * defined that are inconsistent with the key type. - */ - - for (n = 0; n < LWS_ARRAY_SIZE(tok_map); n++) - /* - * All mandataory elements for the key type - * must be present - */ - if ((tok_map[n] & jps->possible) && ( - ((tok_map[n] & (F_M | F_META)) == (F_M | F_META) && - !jwk->meta[tok_map[n] & 0xff].buf) || - ((tok_map[n] & (F_M | F_META)) == F_M && - !jwk->e[tok_map[n] & 0xff].buf))) { - lwsl_notice("%s: missing %s\n", __func__, - jwk_tok[n]); - return -3; - } - - /* - * When the key may be public or public + private, ensure the - * intra-key members related to that are consistent. - * - * Only RSA keys need extra care, since EC keys are already - * confirmed by making CRV, X and Y mandatory and only D - * (the singular private part) optional. For RSA, N and E are - * also already known to be present using mandatory checking. - */ - - /* - * If a private key, it must have all D, P and Q. Public key - * must have none of them. - */ - if (jwk->kty == LWS_GENCRYPTO_KTY_RSA && - !(((!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf) && - (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf) && - (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf)) || - (jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf)) - ) { - lwsl_notice("%s: RSA requires D, P and Q for private\n", - __func__); - return -3; - } - - /* - * If the precomputed private key terms appear, they must all - * appear together. - */ - if (jwk->kty == LWS_GENCRYPTO_KTY_RSA && - !(((!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_DP].buf) && - (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_DQ].buf) && - (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_QI].buf)) || - (jwk->e[LWS_GENCRYPTO_RSA_KEYEL_DP].buf && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_DQ].buf && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_QI].buf)) - ) { - lwsl_notice("%s: RSA DP, DQ, QI must all appear " - "or none\n", __func__); - return -3; - } - - /* - * The precomputed private key terms must not appear without - * the private key itself also appearing. - */ - if (jwk->kty == LWS_GENCRYPTO_KTY_RSA && - !jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_DQ].buf) { - lwsl_notice("%s: RSA DP, DQ, QI can appear only with " - "private key\n", __func__); - return -3; - } - - if ((jwk->kty == LWS_GENCRYPTO_KTY_RSA || - jwk->kty == LWS_GENCRYPTO_KTY_EC) && - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf) - jwk->private_key = 1; - } - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - if (ctx->path_match == 0 + 1) - return 0; - - idx = tok_map[ctx->path_match - 1]; - if ((idx & 0xff) == 0xff) - return 0; - - switch (idx) { - /* note: kty is not necessarily first... we have to keep track of - * what could match given which element names have already been - * seen. Once kty comes, we confirm it'jwk still possible (ie, it'jwk - * not trying to tell us that it'jwk RSA now when we saw a "crv" - * earlier) and then reduce the possibilities to just the one that - * kty told. */ - case F_RSA | F_EC | F_OCT | F_META | F_M | JWK_META_KTY: - - if (ctx->npos == 3 && !strncmp(ctx->buf, "oct", 3)) { - if (!(jps->possible & F_OCT)) - goto elements_mismatch; - jwk->kty = LWS_GENCRYPTO_KTY_OCT; - jps->possible = F_OCT; - goto cont; - } - if (ctx->npos == 3 && !strncmp(ctx->buf, "RSA", 3)) { - if (!(jps->possible & F_RSA)) - goto elements_mismatch; - jwk->kty = LWS_GENCRYPTO_KTY_RSA; - jps->possible = F_RSA; - goto cont; - } - if (ctx->npos == 2 && !strncmp(ctx->buf, "EC", 2)) { - if (!(jps->possible & F_EC)) - goto elements_mismatch; - jwk->kty = LWS_GENCRYPTO_KTY_EC; - jps->possible = F_EC; - goto cont; - } - lwsl_err("%s: Unknown KTY '%.*s'\n", __func__, ctx->npos, - ctx->buf); - return -1; - - default: -cont: - if (jps->pos + ctx->npos >= (int)sizeof(jps->b64)) - goto bail; - - memcpy(jps->b64 + jps->pos, ctx->buf, ctx->npos); - jps->pos += ctx->npos; - - if (reason == LEJPCB_VAL_STR_CHUNK) - return 0; - - /* chunking has been collated */ - - poss = idx & (F_RSA | F_EC | F_OCT); - jps->possible &= poss; - if (!jps->possible) - goto elements_mismatch; - - if (idx & F_META) { - if (_lws_jwk_set_el_jwk(&jwk->meta[idx & 0x7f], - jps->b64, jps->pos) < 0) - goto bail; - - break; - } - - if (idx & F_B64U) { - /* key data... do the base64 decode as needed */ - if (_lws_jwk_set_el_jwk_b64u(&jwk->e[idx & 0x7f], - jps->b64, jps->pos) < 0) - goto bail; - - if (jwk->e[idx & 0x7f].len > - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES) { - lwsl_notice("%s: oversize keydata\n", __func__); - goto bail; - } - - return 0; - } - - if (idx & F_B64) { - - /* cert data... do non-urlcoded base64 decode */ - if (_lws_jwk_set_el_jwk_b64(&jwk->e[idx & 0x7f], - jps->b64, jps->pos) < 0) - goto bail; - return 0; - } - - if (_lws_jwk_set_el_jwk(&jwk->e[idx & 0x7f], - jps->b64, jps->pos) < 0) - goto bail; - break; - } - - return 0; - -elements_mismatch: - lwsl_err("%s: jwk elements mismatch\n", __func__); - -bail: - lwsl_err("%s: element failed\n", __func__); - - return -1; -} - -void -lws_jwk_init_jps(struct lejp_ctx *jctx, struct lws_jwk_parse_state *jps, - struct lws_jwk *jwk, lws_jwk_key_import_callback cb, - void *user) -{ - if (jwk) - memset(jwk, 0, sizeof(*jwk)); - - jps->jwk = jwk; - jps->possible = F_RSA | F_EC | F_OCT; - jps->per_key_cb = cb; - jps->user = user; - jps->pos = 0; - - lejp_construct(jctx, cb_jwk, jps, cb ? jwk_outer_tok: jwk_tok, - LWS_ARRAY_SIZE(jwk_tok)); -} - -LWS_VISIBLE int -lws_jwk_dup_oct(struct lws_jwk *jwk, const void *key, int len) -{ - jwk->e[LWS_GENCRYPTO_KTY_OCT].buf = lws_malloc(len, __func__); - if (!jwk->e[LWS_GENCRYPTO_KTY_OCT].buf) - return -1; - - jwk->kty = LWS_GENCRYPTO_KTY_OCT; - jwk->e[LWS_GENCRYPTO_OCT_KEYEL_K].len = len; - - memcpy(jwk->e[LWS_GENCRYPTO_KTY_OCT].buf, key, len); - - return 0; -} - -LWS_VISIBLE int -lws_jwk_generate(struct lws_context *context, struct lws_jwk *jwk, - enum lws_gencrypto_kty kty, int bits, const char *curve) -{ - int n; - - memset(jwk, 0, sizeof(*jwk)); - - jwk->kty = kty; - jwk->private_key = 1; - - switch (kty) { - case LWS_GENCRYPTO_KTY_RSA: - { - struct lws_genrsa_ctx ctx; - - lwsl_notice("%s: generating %d bit RSA key\n", __func__, bits); - n = lws_genrsa_new_keypair(context, &ctx, LGRSAM_PKCS1_1_5, - jwk->e, bits); - lws_genrsa_destroy(&ctx); - if (n) { - lwsl_err("%s: problem generating RSA key\n", __func__); - return 1; - } - } - break; - case LWS_GENCRYPTO_KTY_OCT: - n = lws_gencrypto_bits_to_bytes(bits); - jwk->e[LWS_GENCRYPTO_OCT_KEYEL_K].buf = lws_malloc(n, "oct"); - jwk->e[LWS_GENCRYPTO_OCT_KEYEL_K].len = n; - if (lws_get_random(context, - jwk->e[LWS_GENCRYPTO_OCT_KEYEL_K].buf, n) != n) { - lwsl_err("%s: problem getting random\n", __func__); - return 1; - } - break; - case LWS_GENCRYPTO_KTY_EC: - { - struct lws_genec_ctx ctx; - - if (!curve) { - lwsl_err("%s: must have a named curve\n", __func__); - - return 1; - } - - if (lws_genecdsa_create(&ctx, context, NULL)) - return 1; - - lwsl_notice("%s: generating ECDSA key on curve %s\n", __func__, - curve); - - n = lws_genecdsa_new_keypair(&ctx, curve, jwk->e); - lws_genec_destroy(&ctx); - if (n) { - lwsl_err("%s: problem generating ECDSA key\n", __func__); - return 1; - } - } - break; - - case LWS_GENCRYPTO_KTY_UNKNOWN: - default: - lwsl_err("%s: unknown kty\n", __func__); - return 1; - } - - return 0; -} - -LWS_VISIBLE int -lws_jwk_import(struct lws_jwk *jwk, lws_jwk_key_import_callback cb, void *user, - const char *in, size_t len) -{ - struct lejp_ctx jctx; - struct lws_jwk_parse_state jps; - int m; - - lws_jwk_init_jps(&jctx, &jps, jwk, cb, user); - - m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)in, len); - lejp_destruct(&jctx); - - if (m < 0) { - lwsl_notice("%s: parse got %d\n", __func__, m); - lws_jwk_destroy(jwk); - return -1; - } - - switch (jwk->kty) { - case LWS_GENCRYPTO_KTY_UNKNOWN: - lwsl_notice("%s: missing or unknown kyt\n", __func__); - lws_jwk_destroy(jwk); - return -1; - default: - break; - } - - return 0; -} - - -LWS_VISIBLE int -lws_jwk_export(struct lws_jwk *jwk, int private, char *p, int *len) -{ - char *start = p, *end = &p[*len - 1]; - int n, m, limit, first = 1, asym = 0; - struct lexico *l; - - /* RFC7638 lexicographic order requires - * RSA: e -> kty -> n - * oct: k -> kty - * - * ie, meta and key data elements appear interleaved in name alpha order - */ - - p += lws_snprintf(p, end - p, "{"); - - switch (jwk->kty) { - case LWS_GENCRYPTO_KTY_OCT: - l = lexico_oct; - limit = LWS_ARRAY_SIZE(lexico_oct); - break; - case LWS_GENCRYPTO_KTY_RSA: - l = lexico_rsa; - limit = LWS_ARRAY_SIZE(lexico_rsa); - asym = 1; - break; - case LWS_GENCRYPTO_KTY_EC: - l = lexico_ec; - limit = LWS_ARRAY_SIZE(lexico_ec); - asym = 1; - break; - default: - return -1; - } - - for (n = 0; n < limit; n++) { - const char *q, *q_end; - char tok[12]; - int pos = 0, f = 1; - - if ((l->meta & 1) && (jwk->meta[l->idx].buf || - l->idx == (int)JWK_META_KTY)) { - - switch (l->idx) { - case JWK_META_KTY: - if (!first) - *p++ = ','; - first = 0; - p += lws_snprintf(p, end - p, "\"%s\":\"%s\"", - l->name, kty_names[jwk->kty]); - break; - case JWK_META_KEY_OPS: - if (!first) - *p++ = ','; - first = 0; - q = (const char *)jwk->meta[l->idx].buf; - q_end = q + jwk->meta[l->idx].len; - - p += lws_snprintf(p, end - p, - "\"%s\":[", l->name); - /* - * For the public version, usages that - * require the private part must be - * snipped - */ - - while (q < q_end) { - if (*q != ' ' && pos < (int)sizeof(tok) - 1) { - tok[pos++] = *q++; - if (q != q_end) - continue; - } - tok[pos] = '\0'; - pos = 0; - if (private || !asym || - (strcmp(tok, "sign") && - strcmp(tok, "encrypt"))) { - if (!f) - *p++ = ','; - f = 0; - p += lws_snprintf(p, end - p, - "\"%s\"", tok); - } - q++; - } - - *p++ = ']'; - - break; - - default: - /* both sig and enc require asym private key */ - if (!private && asym && l->idx == (int)JWK_META_USE) - break; - if (!first) - *p++ = ','; - first = 0; - p += lws_snprintf(p, end - p, "\"%s\":\"%.*s\"", - l->name, jwk->meta[l->idx].len, - jwk->meta[l->idx].buf); - break; - } - } - - if ((!(l->meta & 1)) && jwk->e[l->idx].buf && - (private || !(l->meta & 2))) { - if (!first) - *p++ = ','; - first = 0; - - p += lws_snprintf(p, end - p, "\"%s\":\"", l->name); - - if (jwk->kty == LWS_GENCRYPTO_KTY_EC && - l->idx == (int)LWS_GENCRYPTO_EC_KEYEL_CRV) - m = lws_snprintf(p, end - p, "%.*s", - jwk->e[l->idx].len, - (const char *)jwk->e[l->idx].buf); - else - m = lws_jws_base64_enc( - (const char *)jwk->e[l->idx].buf, - jwk->e[l->idx].len, p, end - p - 4); - if (m < 0) { - lwsl_notice("%s: enc failed\n", __func__); - return -1; - } - p += m; - p += lws_snprintf(p, end - p, "\""); - } - - l++; - } - - p += lws_snprintf(p, end - p, "}\n"); - - *len -= p - start; - - return p - start; -} - -LWS_VISIBLE int -lws_jwk_rfc7638_fingerprint(struct lws_jwk *jwk, char *digest32) -{ - struct lws_genhash_ctx hash_ctx; - int tmpsize = 2536, n; - char *tmp; - - tmp = lws_malloc(tmpsize, "rfc7638 tmp"); - - n = lws_jwk_export(jwk, 0, tmp, &tmpsize); - if (n < 0) - goto bail; - - if (lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256)) - goto bail; - - if (lws_genhash_update(&hash_ctx, tmp, n)) { - lws_genhash_destroy(&hash_ctx, NULL); - - goto bail; - } - lws_free(tmp); - - if (lws_genhash_destroy(&hash_ctx, digest32)) - return -1; - - return 0; - -bail: - lws_free(tmp); - - return -1; -} - -LWS_VISIBLE int -lws_jwk_strdup_meta(struct lws_jwk *jwk, enum enum_jwk_meta_tok idx, - const char *in, int len) -{ - jwk->meta[idx].buf = lws_malloc(len, __func__); - if (!jwk->meta[idx].buf) - return 1; - jwk->meta[idx].len = len; - memcpy(jwk->meta[idx].buf, in, len); - - return 0; -} - -LWS_VISIBLE int -lws_jwk_load(struct lws_jwk *jwk, const char *filename, - lws_jwk_key_import_callback cb, void *user) -{ - int buflen = 4096; - char *buf = lws_malloc(buflen, "jwk-load"); - int n; - - if (!buf) - return -1; - - n = lws_plat_read_file(filename, buf, buflen); - if (n < 0) - goto bail; - - n = lws_jwk_import(jwk, cb, user, buf, n); - lws_free(buf); - - return n; -bail: - lws_free(buf); - - return -1; -} - -LWS_VISIBLE int -lws_jwk_save(struct lws_jwk *jwk, const char *filename) -{ - int buflen = 4096; - char *buf = lws_malloc(buflen, "jwk-save"); - int n, m; - - if (!buf) - return -1; - - n = lws_jwk_export(jwk, 1, buf, &buflen); - if (n < 0) - goto bail; - - m = lws_plat_write_file(filename, buf, n); - - lws_free(buf); - if (m) - return -1; - - return 0; - -bail: - lws_free(buf); - - return -1; -} diff --git a/lib/jose/jws/jose.c b/lib/jose/jws/jose.c deleted file mode 100644 index 627fd23..0000000 --- a/lib/jose/jws/jose.c +++ /dev/null @@ -1,602 +0,0 @@ -/* - * libwebsockets - JSON Web Signature support - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * JOSE is actually specified as part of JWS RFC7515. JWE references RFC7515 - * to specify its JOSE JSON object. So it lives in ./lib/jose/jws/jose.c. - */ - -#include "core/private.h" -#include "jose/private.h" - -#include - -static const char * const jws_jose[] = { - "alg", /* REQUIRED */ - "jku", - "jwk", - "kid", - "x5u", - "x5c", - "x5t", - "x5t#S256", - "typ", - "cty", - "crit", - - /* valid for JWE only below here */ - - "recipients[].header", - "recipients[].header.alg", - "recipients[].header.kid", - "recipients[].encrypted_key", - - "enc", - "zip", /* ("DEF" = deflate) */ - - "epk", /* valid for JWE ECDH only */ - "apu", /* valid for JWE ECDH only */ - "apv", /* valid for JWE ECDH only */ - "iv", /* valid for JWE AES only */ - "tag", /* valid for JWE AES only */ - "p2s", /* valid for JWE PBES2 only */ - "p2c" /* valid for JWE PBES2 only */ -}; - -struct jose_cb_args { - struct lws_jose *jose; - - struct lejp_ctx jwk_jctx; /* fake lejp context used to parse epk */ - struct lws_jwk_parse_state jps; /* fake jwk parse state */ - - char *temp; - int *temp_len; - - unsigned int is_jwe; - unsigned int recipients_array; - - int recip; -}; - -/* - * JWE A.4.7 Complete JWE JSON Serialization example - * - * LEJPCB_CONSTRUCTED - * LEJPCB_START - * LEJPCB_OBJECT_START - * - * protected LEJPCB_PAIR_NAME - * protected LEJPCB_VAL_STR_START - * protected LEJPCB_VAL_STR_END - * - * unprotected LEJPCB_PAIR_NAME - * unprotected LEJPCB_OBJECT_START - * unprotected.jku LEJPCB_PAIR_NAME - * unprotected.jku LEJPCB_VAL_STR_START - * unprotected.jku LEJPCB_VAL_STR_END - * unprotected.jku LEJPCB_OBJECT_END - * - * recipients LEJPCB_PAIR_NAME - * recipients[] LEJPCB_ARRAY_START - * - * recipients[] LEJPCB_OBJECT_START - * recipients[].header LEJPCB_PAIR_NAME - * recipients[].header LEJPCB_OBJECT_START - * recipients[].header.alg LEJPCB_PAIR_NAME - * recipients[].header.alg LEJPCB_VAL_STR_START - * recipients[].header.alg LEJPCB_VAL_STR_END - * recipients[].header.kid LEJPCB_PAIR_NAME - * recipients[].header.kid LEJPCB_VAL_STR_START - * recipients[].header.kid LEJPCB_VAL_STR_END - * recipients[] LEJPCB_OBJECT_END - * recipients[].encrypted_key LEJPCB_PAIR_NAME - * recipients[].encrypted_key LEJPCB_VAL_STR_START - * recipients[].encrypted_key LEJPCB_VAL_STR_CHUNK - * recipients[].encrypted_key LEJPCB_VAL_STR_END - * recipients[] LEJPCB_OBJECT_END (ctx->sp = 1) - * - * recipients[] LEJPCB_OBJECT_START - * recipients[].header LEJPCB_PAIR_NAME - * recipients[].header LEJPCB_OBJECT_START - * recipients[].header.alg LEJPCB_PAIR_NAME - * recipients[].header.alg LEJPCB_VAL_STR_START - * recipients[].header.alg LEJPCB_VAL_STR_END - * recipients[].header.kid LEJPCB_PAIR_NAME - * recipients[].header.kid LEJPCB_VAL_STR_START - * recipients[].header.kid LEJPCB_VAL_STR_END - * recipients[] LEJPCB_OBJECT_END - * recipients[].encrypted_key LEJPCB_PAIR_NAME - * recipients[].encrypted_key LEJPCB_VAL_STR_START - * recipients[].encrypted_key LEJPCB_VAL_STR_END - * recipients[] LEJPCB_OBJECT_END (ctx->sp = 1) - * - * recipients[] LEJPCB_ARRAY_END - * - * iv LEJPCB_PAIR_NAME - * iv LEJPCB_VAL_STR_START - * iv LEJPCB_VAL_STR_END - * ciphertext LEJPCB_PAIR_NAME - * ciphertext LEJPCB_VAL_STR_START - * ciphertext LEJPCB_VAL_STR_END - * tag LEJPCB_PAIR_NAME - * tag LEJPCB_VAL_STR_START - * tag LEJPCB_VAL_STR_END - * - * tag LEJPCB_OBJECT_END - * tag LEJPCB_COMPLETE - * tag LEJPCB_DESTRUCTED - * - */ - -/* - * RFC7516 7.2.2 - * - * Note that when using the flattened syntax, just as when using the - * general syntax, any unprotected Header Parameter values can reside in - * either the "unprotected" member or the "header" member, or in both. - */ - -static signed char -lws_jws_jose_cb(struct lejp_ctx *ctx, char reason) -{ - struct jose_cb_args *args = (struct jose_cb_args *)ctx->user; - int n; //, dest; - - /* - * In JOSE JSON, the element "epk" contains a fully-formed JWK. - * - * For JOSE paths beginning "epk.", we pass them through to a JWK - * LEJP subcontext to parse using the JWK parser directly. - */ - - if (args->is_jwe && !strncmp(ctx->path, "epk.", 4)) { - memcpy(args->jwk_jctx.path, ctx->path + 4, - sizeof(ctx->path) - 4); - memcpy(args->jwk_jctx.buf, ctx->buf, ctx->npos); - args->jwk_jctx.npos = ctx->npos; - - if (!ctx->path_match) - args->jwk_jctx.path_match = 0; - lejp_check_path_match(&args->jwk_jctx); - - if (args->jwk_jctx.path_match) - args->jwk_jctx.pst[args->jwk_jctx.pst_sp]. - callback(&args->jwk_jctx, reason); - } - - // lwsl_notice("%s: %s %d (%d)\n", __func__, ctx->path, reason, ctx->sp); - - /* at the end of each recipients[] entry, bump recipients count */ - - if (args->is_jwe && reason == LEJPCB_OBJECT_END && ctx->sp == 1 && - !strcmp(ctx->path, "recipients[]")) - args->jose->recipients++; - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - //dest = ctx->path_match - 1; - - switch (ctx->path_match - 1) { - - /* strings */ - - case LJJHI_ALG: /* REQUIRED */ - - /* - * look up whether we support this alg and point the caller at - * its definition if so - */ - - if (!args->is_jwe && - lws_gencrypto_jws_alg_to_definition(ctx->buf, - &args->jose->alg)) { - lwsl_notice("%s: unknown alg '%s'\n", __func__, - ctx->buf); - - return -1; - } - - if (args->is_jwe && - lws_gencrypto_jwe_alg_to_definition(ctx->buf, - &args->jose->alg)) { - lwsl_notice("%s: unknown JWE alg '%s'\n", __func__, - ctx->buf); - - return -1; - } - - return 0; - - case LJJHI_TYP: /* Optional: string: media type */ - if (strcmp(ctx->buf, "JWT")) - return -1; - break; - - case LJJHI_JKU: /* Optional: string */ - case LJJHI_KID: /* Optional: string */ - case LJJHI_X5U: /* Optional: string: url of public key cert / chain */ - case LJJHI_CTY: /* Optional: string: content media type */ - - /* base64 */ - - case LJJHI_X5C: /* Optional: base64 (NOT -url): actual cert */ - - /* base64-url */ - - case LJJHI_X5T: /* Optional: base64url: SHA-1 of actual cert */ - case LJJHI_X5T_S256: /* Optional: base64url: SHA-256 of actual cert */ - - /* array of strings */ - - case LJJHI_CRIT: /* Optional for send, REQUIRED: array of strings: - * mustn't contain standardized strings or null set */ - break; - - /* jwk child */ - - case LJJHI_JWK: /* Optional: jwk JSON object: public key: */ - - /* past here, JWE only */ - - case LJJHI_RECIPS_HDR: - if (!args->is_jwe) { - lwsl_info("%s: recipients in jws\n", __func__); - return -1; - } - args->recipients_array = 1; - break; - - case LJJHI_RECIPS_HDR_ALG: - case LJJHI_RECIPS_HDR_KID: - break; - - case LJJHI_RECIPS_EKEY: - if (!args->is_jwe) { - lwsl_info("%s: recipients in jws\n", __func__); - return -1; - } - args->recipients_array = 1; - //dest = ; - goto append_string; - - case LJJHI_ENC: /* JWE only: Mandatory: string */ - if (!args->is_jwe) { - lwsl_info("%s: enc in jws\n", __func__); - return -1; - } - if (lws_gencrypto_jwe_enc_to_definition(ctx->buf, - &args->jose->enc_alg)) { - lwsl_notice("%s: unknown enc '%s'\n", __func__, - ctx->buf); - - return -1; - } - break; - - case LJJHI_ZIP: /* JWE only: Optional: string ("DEF" = deflate) */ - if (!args->is_jwe) - return -1; - goto append_string; - - case LJJHI_EPK: /* Additional arg for JWE ECDH */ - if (!args->is_jwe) - return -1; - /* Ephemeral key... this JSON subsection is actually a JWK */ - lwsl_err("LJJHI_EPK\n"); - break; - - case LJJHI_APU: /* Additional arg for JWE ECDH */ - if (!args->is_jwe) - return -1; - /* Agreement Party U */ - goto append_string; - - case LJJHI_APV: /* Additional arg for JWE ECDH */ - if (!args->is_jwe) - return -1; - /* Agreement Party V */ - goto append_string; - - case LJJHI_IV: /* Additional arg for JWE AES */ - if (!args->is_jwe) - return -1; - goto append_string; - - case LJJHI_TAG: /* Additional arg for JWE AES */ - if (!args->is_jwe) - return -1; - goto append_string; - - case LJJHI_P2S: /* Additional arg for JWE PBES2 */ - if (!args->is_jwe) - return -1; - goto append_string; - case LJJHI_P2C: /* Additional arg for JWE PBES2 */ - if (!args->is_jwe) - return -1; - goto append_string; - - /* ignore what we don't understand */ - - default: - return 0; - } - - return 0; - -append_string: - - if (*args->temp_len < ctx->npos) { - lwsl_err("%s: out of parsing space\n", __func__); - return -1; - } - - if (!args->jose->e[ctx->path_match - 1].buf) { - args->jose->e[ctx->path_match - 1].buf = (uint8_t *)args->temp; - args->jose->e[ctx->path_match - 1].len = 0; - } - - memcpy(args->temp, ctx->buf, ctx->npos); - args->temp += ctx->npos; - *args->temp_len -= ctx->npos; - args->jose->e[ctx->path_match - 1].len += ctx->npos; - - if (reason == LEJPCB_VAL_STR_END) { - n = lws_b64_decode_string_len( - (const char *)args->jose->e[ctx->path_match - 1].buf, - args->jose->e[ctx->path_match - 1].len, - (char *)args->jose->e[ctx->path_match - 1].buf, - args->jose->e[ctx->path_match - 1].len + 1); - if (n < 0) { - lwsl_err("%s: b64 decode failed\n", __func__); - return -1; - } - - args->temp -= args->jose->e[ctx->path_match - 1].len - n - 1; - *args->temp_len += - args->jose->e[ctx->path_match - 1].len - n - 1; - - args->jose->e[ctx->path_match - 1].len = n; - } - - return 0; -} - -void -lws_jose_init(struct lws_jose *jose) -{ - memset(jose, 0, sizeof(*jose)); -} - -static void -lws_jose_recip_destroy(struct lws_jws_recpient *r) -{ - lws_jwk_destroy(&r->jwk_ephemeral); - lws_jwk_destroy(&r->jwk); -} - -void -lws_jose_destroy(struct lws_jose *jose) -{ - int n; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(jose->recipient); n++) - lws_jose_recip_destroy(&jose->recipient[n]); -} - - -static int -lws_jose_parse(struct lws_jose *jose, const uint8_t *buf, int n, - char *temp, int *temp_len, int is_jwe) -{ - struct lejp_ctx jctx; - struct jose_cb_args args; - int m; - - if (is_jwe) - /* prepare a context for JOSE epk ephemeral jwk parsing */ - lws_jwk_init_jps(&args.jwk_jctx, &args.jps, - &jose->recipient[jose->recipients].jwk_ephemeral, - NULL, NULL); - - args.is_jwe = is_jwe; - args.temp = temp; - args.temp_len = temp_len; - args.jose = jose; - args.recip = 0; - args.recipients_array = 0; - jose->recipients = 0; - - lejp_construct(&jctx, lws_jws_jose_cb, &args, jws_jose, - LWS_ARRAY_SIZE(jws_jose)); - - m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)buf, n); - lejp_destruct(&jctx); - if (m < 0) { - lwsl_notice("%s: parse %.*s returned %d\n", __func__, n, buf, m); - return -1; - } - - if (!args.recipients_array && jose->recipient[0].unprot[LJJHI_ALG].buf) - /* if no explicit recipients[], we got one */ - jose->recipients++; - - return 0; -} - -int -lws_jws_parse_jose(struct lws_jose *jose, - const char *buf, int len, char *temp, int *temp_len) -{ - return lws_jose_parse(jose, (const uint8_t *)buf, len, - temp, temp_len, 0); -} - -int -lws_jwe_parse_jose(struct lws_jose *jose, - const char *buf, int len, char *temp, int *temp_len) -{ - return lws_jose_parse(jose, - (const uint8_t *)buf, len, temp, temp_len, 1); -} - -int -lws_jose_render(struct lws_jose *jose, struct lws_jwk *aux_jwk, - char *out, size_t out_len) -{ - struct lws_jwk *jwk; - char *end = out + out_len - 1; - int n, m, f, sub = 0, vl; - - /* JOSE requires an alg */ - if (!jose->alg || !jose->alg->alg) - goto bail; - - *out++ = '{'; - - for (n = 0; n < LWS_COUNT_JOSE_HDR_ELEMENTS; n++) { - switch (n) { - - /* strings */ - - case LJJHI_ALG: /* REQUIRED */ - case LJJHI_JKU: /* Optional: string */ - case LJJHI_KID: /* Optional: string */ - case LJJHI_TYP: /* Optional: string: media type */ - case LJJHI_CTY: /* Optional: string: content media type */ - case LJJHI_X5U: /* Optional: string: pubkey cert / chain URL */ - case LJJHI_ENC: /* JWE only: Optional: string */ - case LJJHI_ZIP: /* JWE only: Optional: string ("DEF"=deflate) */ - if (jose->e[n].buf) { - out += lws_snprintf(out, end - out, - "%s\"%s\":\"%s\"", sub ? ",\n" : "", - jws_jose[n], jose->e[n].buf); - sub = 1; - } - break; - - case LJJHI_X5T: /* Optional: base64url: SHA-1 of actual cert */ - case LJJHI_X5T_S256: /* Optional: base64url: SHA-256 of cert */ - case LJJHI_APU: /* Additional arg for JWE ECDH: b64url */ - case LJJHI_APV: /* Additional arg for JWE ECDH: b64url */ - case LJJHI_IV: /* Additional arg for JWE AES: b64url */ - case LJJHI_TAG: /* Additional arg for JWE AES: b64url */ - case LJJHI_P2S: /* Additional arg for JWE PBES2: b64url: salt */ - if (jose->e[n].buf) { - out += lws_snprintf(out, end - out, - "%s\"%s\":\"", sub ? ",\n" : "", - jws_jose[n]); - sub = 1; - m = lws_b64_encode_string_url((const char *) - jose->e[n].buf, jose->e[n].len, - out, end - out); - if (m < 0) - return -1; - out += m; - out += lws_snprintf(out, end - out, "\""); - } - break; - - case LJJHI_P2C: /* Additional arg for JWE PBES2: int: count */ - break; /* don't support atm */ - - case LJJHI_X5C: /* Optional: base64 (NOT -url): actual cert */ - if (jose->e[n].buf) { - out += lws_snprintf(out, end - out, - "%s\"%s\":\"", sub ? ",\n" : "", - jws_jose[n]); - sub = 1; - m = lws_b64_encode_string((const char *) - jose->e[n].buf, jose->e[n].len, - out, end - out); - if (m < 0) - return -1; - out += m; - out += lws_snprintf(out, end - out, "\""); - } - break; - - case LJJHI_EPK: /* Additional arg for JWE ECDH: eph pubkey */ - case LJJHI_JWK: /* Optional: jwk JSON object: public key: */ - - jwk = n == LJJHI_EPK ? &jose->recipient[0].jwk_ephemeral : aux_jwk; - if (!jwk || !jwk->kty) - break; - - out += lws_snprintf(out, end - out, "%s\"%s\":", - sub ? ",\n" : "", jws_jose[n]); - sub = 1; - vl = end - out; - m = lws_jwk_export(jwk, 0, out, &vl); - if (m < 0) { - lwsl_notice("%s: failed to export key\n", - __func__); - - return -1; - } - out += m; - break; - - case LJJHI_CRIT:/* Optional for send, REQUIRED: array of strings: - * mustn't contain standardized strings or null set */ - if (!jose->e[n].buf) - break; - - out += lws_snprintf(out, end - out, - "%s\"%s\":[", sub ? ",\n" : "", jws_jose[n]); - sub = 1; - - m = 0; - f = 1; - while ((unsigned int)m < jose->e[n].len && (end - out) > 1) { - if (jose->e[n].buf[m] == ' ') { - if (!f) - *out++ = '\"'; - - m++; - f = 1; - continue; - } - - if (f) { - if (m) - *out++ = ','; - *out++ = '\"'; - f = 0; - } - - *out++ = jose->e[n].buf[m]; - m++; - } - - break; - } - } - - *out++ = '}'; - - if (out > end - 2) - return -1; - - return out_len - (end - out) - 1; - -bail: - return -1; -} diff --git a/lib/jose/jws/jws.c b/lib/jose/jws/jws.c deleted file mode 100644 index b568104..0000000 --- a/lib/jose/jws/jws.c +++ /dev/null @@ -1,929 +0,0 @@ -/* - * libwebsockets - JSON Web Signature support - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "private.h" - -/* - * Currently only support flattened or compact (implicitly single signature) - */ - -static const char * const jws_json[] = { - "protected", /* base64u */ - "header", /* JSON */ - "payload", /* base64u payload */ - "signature", /* base64u signature */ - - //"signatures[].protected", - //"signatures[].header", - //"signatures[].signature" -}; - -enum lws_jws_json_tok { - LJWSJT_PROTECTED, - LJWSJT_HEADER, - LJWSJT_PAYLOAD, - LJWSJT_SIGNATURE, - - // LJWSJT_SIGNATURES_PROTECTED, - // LJWSJT_SIGNATURES_HEADER, - // LJWSJT_SIGNATURES_SIGNATURE, -}; - -/* parse a JWS complete or flattened JSON object */ - -struct jws_cb_args { - struct lws_jws *jws; - - char *temp; - int *temp_len; -}; - -static signed char -lws_jws_json_cb(struct lejp_ctx *ctx, char reason) -{ - struct jws_cb_args *args = (struct jws_cb_args *)ctx->user; - int n, m; - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - switch (ctx->path_match - 1) { - - /* strings */ - - case LJWSJT_PROTECTED: /* base64u: JOSE: must contain 'alg' */ - m = LJWS_JOSE; - goto append_string; - case LJWSJT_PAYLOAD: /* base64u */ - m = LJWS_PYLD; - goto append_string; - case LJWSJT_SIGNATURE: /* base64u */ - m = LJWS_SIG; - goto append_string; - - case LJWSJT_HEADER: /* unprotected freeform JSON */ - break; - - default: - return -1; - } - - return 0; - -append_string: - - if (*args->temp_len < ctx->npos) { - lwsl_err("%s: out of parsing space\n", __func__); - return -1; - } - - /* - * We keep both b64u and decoded in temp mapped using map / map_b64, - * the jws signature is actually over the b64 content not the plaintext, - * and we can't do it until we see the protected alg. - */ - - if (!args->jws->map_b64.buf[m]) { - args->jws->map_b64.buf[m] = args->temp; - args->jws->map_b64.len[m] = 0; - } - - memcpy(args->temp, ctx->buf, ctx->npos); - args->temp += ctx->npos; - *args->temp_len -= ctx->npos; - args->jws->map_b64.len[m] += ctx->npos; - - if (reason == LEJPCB_VAL_STR_END) { - args->jws->map.buf[m] = args->temp; - - n = lws_b64_decode_string_len( - (const char *)args->jws->map_b64.buf[m], - args->jws->map_b64.len[m], - (char *)args->temp, *args->temp_len); - if (n < 0) { - lwsl_err("%s: b64 decode failed: in len %d, m %d\n", __func__, (int)args->jws->map_b64.len[m], m); - return -1; - } - - args->temp += n; - *args->temp_len -= n; - args->jws->map.len[m] = n; - } - - return 0; -} - -static int -lws_jws_json_parse(struct lws_jws *jws, const uint8_t *buf, int len, - char *temp, int *temp_len) -{ - struct jws_cb_args args; - struct lejp_ctx jctx; - int m = 0; - - args.jws = jws; - args.temp = temp; - args.temp_len = temp_len; - - lejp_construct(&jctx, lws_jws_json_cb, &args, jws_json, - LWS_ARRAY_SIZE(jws_json)); - - m = (int)(signed char)lejp_parse(&jctx, (uint8_t *)buf, len); - lejp_destruct(&jctx); - if (m < 0) { - lwsl_notice("%s: parse returned %d\n", __func__, m); - return -1; - } - - return 0; -} - -LWS_VISIBLE void -lws_jws_init(struct lws_jws *jws, struct lws_jwk *jwk, - struct lws_context *context) -{ - memset(jws, 0, sizeof(*jws)); - jws->context = context; - jws->jwk = jwk; -} - -static void -lws_jws_map_bzero(struct lws_jws_map *map) -{ - int n; - - /* no need to scrub first jose header element (it can be canned then) */ - - for (n = 1; n < LWS_JWS_MAX_COMPACT_BLOCKS; n++) - if (map->buf[n]) - lws_explicit_bzero((void *)map->buf[n], map->len[n]); -} - -LWS_VISIBLE void -lws_jws_destroy(struct lws_jws *jws) -{ - lws_jws_map_bzero(&jws->map); - jws->jwk = NULL; -} - -LWS_VISIBLE int -lws_jws_dup_element(struct lws_jws_map *map, int idx, char *temp, int *temp_len, - const void *in, size_t in_len, size_t actual_alloc) -{ - if (!actual_alloc) - actual_alloc = in_len; - - if ((size_t)*temp_len < actual_alloc) - return -1; - - memcpy(temp, in, in_len); - - map->len[idx] = in_len; - map->buf[idx] = temp; - - *temp_len -= actual_alloc; - - return 0; -} - -LWS_VISIBLE int -lws_jws_encode_b64_element(struct lws_jws_map *map, int idx, - char *temp, int *temp_len, const void *in, - size_t in_len) -{ - int n; - - if (*temp_len < lws_base64_size((int)in_len)) - return -1; - - n = lws_jws_base64_enc(in, in_len, temp, *temp_len); - if (n < 0) - return -1; - - map->len[idx] = n; - map->buf[idx] = temp; - - *temp_len -= n; - - return 0; -} - -LWS_VISIBLE int -lws_jws_randomize_element(struct lws_context *context, struct lws_jws_map *map, - int idx, char *temp, int *temp_len, size_t random_len, - size_t actual_alloc) -{ - if (!actual_alloc) - actual_alloc = random_len; - - if ((size_t)*temp_len < actual_alloc) - return -1; - - map->len[idx] = random_len; - map->buf[idx] = temp; - - if (lws_get_random(context, temp, random_len) != (int)random_len) { - lwsl_err("Problem getting random\n"); - return -1; - } - - *temp_len -= actual_alloc; - - return 0; -} - -LWS_VISIBLE int -lws_jws_alloc_element(struct lws_jws_map *map, int idx, char *temp, - int *temp_len, size_t len, size_t actual_alloc) -{ - if (!actual_alloc) - actual_alloc = len; - - if ((size_t)*temp_len < actual_alloc) - return -1; - - map->len[idx] = len; - map->buf[idx] = temp; - *temp_len -= actual_alloc; - - return 0; -} - -LWS_VISIBLE int -lws_jws_base64_enc(const char *in, size_t in_len, char *out, size_t out_max) -{ - int n; - - n = lws_b64_encode_string_url(in, in_len, out, out_max - 1); - if (n < 0) { - lwsl_notice("%s: in len %d too large for %d out buf\n", - __func__, (int)in_len, (int)out_max); - return n; /* too large for output buffer */ - } - - /* trim the terminal = */ - while (n && out[n - 1] == '=') - n--; - - out[n] = '\0'; - - return n; -} - -LWS_VISIBLE int -lws_jws_b64_compact_map(const char *in, int len, struct lws_jws_map *map) -{ - int me = 0; - - memset(map, 0, sizeof(*map)); - - map->buf[me] = (char *)in; - map->len[me] = 0; - - while (len--) { - if (*in++ == '.') { - if (++me == LWS_JWS_MAX_COMPACT_BLOCKS) - return -1; - map->buf[me] = (char *)in; - map->len[me] = 0; - continue; - } - map->len[me]++; - } - - return me + 1; -} - -/* b64 in, map contains decoded elements, if non-NULL, - * map_b64 set to b64 elements - */ - -LWS_VISIBLE int -lws_jws_compact_decode(const char *in, int len, struct lws_jws_map *map, - struct lws_jws_map *map_b64, char *out, - int *out_len) -{ - int blocks, n, m = 0; - - if (!map_b64) - map_b64 = map; - - memset(map_b64, 0, sizeof(*map_b64)); - memset(map, 0, sizeof(*map)); - - blocks = lws_jws_b64_compact_map(in, len, map_b64); - - if (blocks > LWS_JWS_MAX_COMPACT_BLOCKS) - return -1; - - while (m < blocks) { - n = lws_b64_decode_string_len(map_b64->buf[m], map_b64->len[m], - out, *out_len); - if (n < 0) { - lwsl_err("%s: b64 decode failed\n", __func__); - return -1; - } - /* replace the map entry with the decoded content */ - if (n) - map->buf[m] = out; - else - map->buf[m] = NULL; - map->len[m++] = n; - out += n; - *out_len -= n; - - if (*out_len < 1) - return -1; - } - - return blocks; -} - -static int -lws_jws_compact_decode_map(struct lws_jws_map *map_b64, struct lws_jws_map *map, - char *out, int *out_len) -{ - int n, m = 0; - - for (n = 0; n < LWS_JWS_MAX_COMPACT_BLOCKS; n++) { - n = lws_b64_decode_string_len(map_b64->buf[m], map_b64->len[m], - out, *out_len); - if (n < 0) { - lwsl_err("%s: b64 decode failed\n", __func__); - return -1; - } - /* replace the map entry with the decoded content */ - map->buf[m] = out; - map->len[m++] = n; - out += n; - *out_len -= n; - - if (*out_len < 1) - return -1; - } - - return 0; -} - -LWS_VISIBLE int -lws_jws_encode_section(const char *in, size_t in_len, int first, char **p, - char *end) -{ - int n, len = (end - *p) - 1; - char *p_entry = *p; - - if (len < 3) - return -1; - - if (!first) - *(*p)++ = '.'; - - n = lws_jws_base64_enc(in, in_len, *p, len - 1); - if (n < 0) - return -1; - - *p += n; - - return (*p) - p_entry; -} - -LWS_VISIBLE int -lws_jws_compact_encode(struct lws_jws_map *map_b64, /* b64-encoded */ - const struct lws_jws_map *map, /* non-b64 */ - char *buf, int *len) -{ - int n, m; - - for (n = 0; n < LWS_JWS_MAX_COMPACT_BLOCKS; n++) { - if (!map->buf[n]) { - map_b64->buf[n] = NULL; - map_b64->len[n] = 0; - continue; - } - m = lws_jws_base64_enc(map->buf[n], map->len[n], buf, *len); - if (m < 0) - return -1; - buf += m; - *len -= m; - if (*len < 1) - return -1; - } - - return 0; -} - -/* - * This takes both a base64 -encoded map and a plaintext map. - * - * JWS demands base-64 encoded elements for hash computation and at least for - * the JOSE header and signature, decoded versions too. - */ - -LWS_VISIBLE int -lws_jws_sig_confirm(struct lws_jws_map *map_b64, struct lws_jws_map *map, - struct lws_jwk *jwk, struct lws_context *context) -{ - enum enum_genrsa_mode padding = LGRSAM_PKCS1_1_5; - char temp[256]; - int n, h_len, b = 3, temp_len = sizeof(temp); - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_genhash_ctx hash_ctx; - struct lws_genec_ctx ecdsactx; - struct lws_genrsa_ctx rsactx; - struct lws_genhmac_ctx ctx; - struct lws_jose jose; - - lws_jose_init(&jose); - - /* only valid if no signature or key */ - if (!map_b64->buf[LJWS_SIG] && !map->buf[LJWS_UHDR]) - b = 2; - - if (lws_jws_parse_jose(&jose, map->buf[LJWS_JOSE], map->len[LJWS_JOSE], - temp, &temp_len) < 0 || !jose.alg) { - lwsl_notice("%s: parse failed\n", __func__); - return -1; - } - - if (!strcmp(jose.alg->alg, "none")) { - /* "none" compact serialization has 2 blocks: jose.payload */ - if (b != 2 || jwk) - return -1; - - /* the lack of a key matches the lack of a signature */ - return 0; - } - - /* all other have 3 blocks: jose.payload.sig */ - if (b != 3 || !jwk) { - lwsl_notice("%s: %d blocks\n", __func__, b); - return -1; - } - - switch (jose.alg->algtype_signing) { - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS: - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP: - padding = LGRSAM_PKCS1_OAEP_PSS; - /* fallthru */ - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5: - - /* RSASSA-PKCS1-v1_5 or OAEP using SHA-256/384/512 */ - - if (jwk->kty != LWS_GENCRYPTO_KTY_RSA) - return -1; - - /* 6(RSA): compute the hash of the payload into "digest" */ - - if (lws_genhash_init(&hash_ctx, jose.alg->hash_type)) - return -1; - - /* - * JWS Signing Input value: - * - * BASE64URL(UTF8(JWS Protected Header)) || '.' || - * BASE64URL(JWS Payload) - */ - - if (lws_genhash_update(&hash_ctx, map_b64->buf[LJWS_JOSE], - map_b64->len[LJWS_JOSE]) || - lws_genhash_update(&hash_ctx, ".", 1) || - lws_genhash_update(&hash_ctx, map_b64->buf[LJWS_PYLD], - map_b64->len[LJWS_PYLD]) || - lws_genhash_destroy(&hash_ctx, digest)) { - lws_genhash_destroy(&hash_ctx, NULL); - - return -1; - } - h_len = lws_genhash_size(jose.alg->hash_type); - - if (lws_genrsa_create(&rsactx, jwk->e, context, padding, - LWS_GENHASH_TYPE_UNKNOWN)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - n = lws_genrsa_hash_sig_verify(&rsactx, digest, - jose.alg->hash_type, - (uint8_t *)map->buf[LJWS_SIG], - map->len[LJWS_SIG]); - - lws_genrsa_destroy(&rsactx); - if (n < 0) { - lwsl_notice("%s: decrypt fail\n", __func__); - return -1; - } - - break; - - case LWS_JOSE_ENCTYPE_NONE: /* HSxxx */ - - /* SHA256/384/512 HMAC */ - - h_len = lws_genhmac_size(jose.alg->hmac_type); - - /* 6) compute HMAC over payload */ - - if (lws_genhmac_init(&ctx, jose.alg->hmac_type, - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].buf, - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].len)) - return -1; - - /* - * JWS Signing Input value: - * - * BASE64URL(UTF8(JWS Protected Header)) || '.' || - * BASE64URL(JWS Payload) - */ - - if (lws_genhmac_update(&ctx, map_b64->buf[LJWS_JOSE], - map_b64->len[LJWS_JOSE]) || - lws_genhmac_update(&ctx, ".", 1) || - lws_genhmac_update(&ctx, map_b64->buf[LJWS_PYLD], - map_b64->len[LJWS_PYLD]) || - lws_genhmac_destroy(&ctx, digest)) { - lws_genhmac_destroy(&ctx, NULL); - - return -1; - } - - /* 7) Compare the computed and decoded hashes */ - - if (lws_timingsafe_bcmp(digest, map->buf[2], h_len)) { - lwsl_notice("digest mismatch\n"); - - return -1; - } - - break; - - case LWS_JOSE_ENCTYPE_ECDSA: - - /* ECDSA using SHA-256/384/512 */ - - /* Confirm the key coming in with this makes sense */ - - /* has to be an EC key :-) */ - if (jwk->kty != LWS_GENCRYPTO_KTY_EC) - return -1; - - /* key must state its curve */ - if (!jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) - return -1; - - /* key must match the selected alg curve */ - if (strcmp((const char *)jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, - jose.alg->curve_name)) - return -1; - - /* - * JWS Signing Input value: - * - * BASE64URL(UTF8(JWS Protected Header)) || '.' || - * BASE64URL(JWS Payload) - * - * Validating the JWS Signature is a bit different from the - * previous examples. We need to split the 64 member octet - * sequence of the JWS Signature (which is base64url decoded - * from the value encoded in the JWS representation) into two - * 32 octet sequences, the first representing R and the second - * S. We then pass the public key (x, y), the signature (R, S), - * and the JWS Signing Input (which is the initial substring of - * the JWS Compact Serialization representation up until but not - * including the second period character) to an ECDSA signature - * verifier that has been configured to use the P-256 curve with - * the SHA-256 hash function. - */ - - if (lws_genhash_init(&hash_ctx, jose.alg->hash_type) || - lws_genhash_update(&hash_ctx, map_b64->buf[LJWS_JOSE], - map_b64->len[LJWS_JOSE]) || - lws_genhash_update(&hash_ctx, ".", 1) || - lws_genhash_update(&hash_ctx, map_b64->buf[LJWS_PYLD], - map_b64->len[LJWS_PYLD]) || - lws_genhash_destroy(&hash_ctx, digest)) { - lws_genhash_destroy(&hash_ctx, NULL); - - return -1; - } - - h_len = lws_genhash_size(jose.alg->hash_type); - - if (lws_genecdsa_create(&ecdsactx, context, NULL)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - if (lws_genecdsa_set_key(&ecdsactx, jwk->e)) { - lws_genec_destroy(&ecdsactx); - lwsl_notice("%s: ec key import fail\n", __func__); - return -1; - } - - n = lws_genecdsa_hash_sig_verify_jws(&ecdsactx, digest, - jose.alg->hash_type, - jose.alg->keybits_fixed, - (uint8_t *)map->buf[LJWS_SIG], - map->len[LJWS_SIG]); - lws_genec_destroy(&ecdsactx); - if (n < 0) { - lwsl_notice("%s: verify fail\n", __func__); - return -1; - } - - break; - - default: - lwsl_err("%s: unknown alg from jose\n", __func__); - return -1; - } - - return 0; -} - -/* it's already a b64 map, we will make a temp plain version */ - -LWS_VISIBLE int -lws_jws_sig_confirm_compact_b64_map(struct lws_jws_map *map_b64, - struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len) -{ - struct lws_jws_map map; - int n; - - n = lws_jws_compact_decode_map(map_b64, &map, temp, temp_len); - if (n > 3 || n < 0) - return -1; - - return lws_jws_sig_confirm(map_b64, &map, jwk, context); -} - -/* - * it's already a compact / concatenated b64 string, we will make a temp - * plain version - */ - -LWS_VISIBLE int -lws_jws_sig_confirm_compact_b64(const char *in, size_t len, - struct lws_jws_map *map, struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len) -{ - struct lws_jws_map map_b64; - int n; - - if (lws_jws_b64_compact_map(in, len, &map_b64) < 0) - return -1; - - n = lws_jws_compact_decode(in, len, map, &map_b64, temp, temp_len); - if (n > 3 || n < 0) - return -1; - - return lws_jws_sig_confirm(&map_b64, map, jwk, context); -} - -/* it's already plain, we will make a temp b64 version */ - -LWS_VISIBLE int -lws_jws_sig_confirm_compact(struct lws_jws_map *map, struct lws_jwk *jwk, - struct lws_context *context, char *temp, - int *temp_len) -{ - struct lws_jws_map map_b64; - - if (lws_jws_compact_encode(&map_b64, map, temp, temp_len) < 0) - return -1; - - return lws_jws_sig_confirm(&map_b64, map, jwk, context); -} - -int -lws_jws_sig_confirm_json(const char *in, size_t len, - struct lws_jws *jws, struct lws_jwk *jwk, - struct lws_context *context, - char *temp, int *temp_len) -{ - if (lws_jws_json_parse(jws, (const uint8_t *)in, len, temp, temp_len)) { - lwsl_err("%s: lws_jws_json_parse failed\n", __func__); - - return -1; - } - return lws_jws_sig_confirm(&jws->map_b64, &jws->map, jwk, context); -} - - -int -lws_jws_sign_from_b64(struct lws_jose *jose, struct lws_jws *jws, - char *b64_sig, size_t sig_len) -{ - enum enum_genrsa_mode pad = LGRSAM_PKCS1_1_5; - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_genhash_ctx hash_ctx; - struct lws_genec_ctx ecdsactx; - struct lws_genrsa_ctx rsactx; - uint8_t *buf; - int n, m; - - if (jose->alg->hash_type == LWS_GENHASH_TYPE_UNKNOWN && - jose->alg->hmac_type == LWS_GENHMAC_TYPE_UNKNOWN && - !strcmp(jose->alg->alg, "none")) - return 0; - - if (lws_genhash_init(&hash_ctx, jose->alg->hash_type) || - lws_genhash_update(&hash_ctx, jws->map_b64.buf[LJWS_JOSE], - jws->map_b64.len[LJWS_JOSE]) || - lws_genhash_update(&hash_ctx, ".", 1) || - lws_genhash_update(&hash_ctx, jws->map_b64.buf[LJWS_PYLD], - jws->map_b64.len[LJWS_PYLD]) || - lws_genhash_destroy(&hash_ctx, digest)) { - lws_genhash_destroy(&hash_ctx, NULL); - - return -1; - } - - switch (jose->alg->algtype_signing) { - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS: - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP: - pad = LGRSAM_PKCS1_OAEP_PSS; - /* fallthru */ - case LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5: - - if (jws->jwk->kty != LWS_GENCRYPTO_KTY_RSA) - return -1; - - if (lws_genrsa_create(&rsactx, jws->jwk->e, jws->context, - pad, LWS_GENHASH_TYPE_UNKNOWN)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - n = jws->jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len; - buf = lws_malloc(lws_base64_size(n), "jws sign"); - if (!buf) - return -1; - - n = lws_genrsa_hash_sign(&rsactx, digest, jose->alg->hash_type, - buf, n); - lws_genrsa_destroy(&rsactx); - if (n < 0) { - lwsl_err("%s: lws_genrsa_hash_sign failed\n", __func__); - lws_free(buf); - - return -1; - } - - n = lws_jws_base64_enc((char *)buf, n, b64_sig, sig_len); - lws_free(buf); - if (n < 0) { - lwsl_err("%s: lws_jws_base64_enc failed\n", __func__); - } - - return n; - - case LWS_JOSE_ENCTYPE_NONE: - return lws_jws_base64_enc((char *)digest, - lws_genhash_size(jose->alg->hash_type), - b64_sig, sig_len); - case LWS_JOSE_ENCTYPE_ECDSA: - /* ECDSA using SHA-256/384/512 */ - - /* the key coming in with this makes sense, right? */ - - /* has to be an EC key :-) */ - if (jws->jwk->kty != LWS_GENCRYPTO_KTY_EC) - return -1; - - /* key must state its curve */ - if (!jws->jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) - return -1; - - /* must have all his pieces for a private key */ - if (!jws->jwk->e[LWS_GENCRYPTO_EC_KEYEL_X].buf || - !jws->jwk->e[LWS_GENCRYPTO_EC_KEYEL_Y].buf || - !jws->jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf) - return -1; - - /* key must match the selected alg curve */ - if (strcmp((const char *) - jws->jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, - jose->alg->curve_name)) - return -1; - - if (lws_genecdsa_create(&ecdsactx, jws->context, NULL)) { - lwsl_notice("%s: lws_genrsa_public_decrypt_create\n", - __func__); - return -1; - } - - if (lws_genecdsa_set_key(&ecdsactx, jws->jwk->e)) { - lws_genec_destroy(&ecdsactx); - lwsl_notice("%s: ec key import fail\n", __func__); - return -1; - } - m = lws_gencrypto_bits_to_bytes(jose->alg->keybits_fixed) * 2; - buf = lws_malloc(m, "jws sign"); - if (!buf) - return -1; - - n = lws_genecdsa_hash_sign_jws(&ecdsactx, digest, - jose->alg->hash_type, - jose->alg->keybits_fixed, - (uint8_t *)buf, m); - lws_genec_destroy(&ecdsactx); - if (n < 0) { - lws_free(buf); - lwsl_notice("%s: lws_genecdsa_hash_sign_jws fail\n", - __func__); - return -1; - } - - n = lws_jws_base64_enc((char *)buf, m, b64_sig, sig_len); - lws_free(buf); - - return n; - - default: - break; - } - - /* unknown key type */ - - return -1; -} - -/* - * Flattened JWS JSON: - * - * { - * "payload": "", - * "protected": "", - * "header": , - * "signature": "" - * } - */ - -LWS_VISIBLE int -lws_jws_write_flattened_json(struct lws_jws *jws, char *flattened, size_t len) -{ - size_t n = 0; - - if (len < 1) - return 1; - - n += lws_snprintf(flattened + n, len - n , "{\"payload\": \"%.*s\",\n", - jws->map_b64.len[LJWS_PYLD], - jws->map_b64.buf[LJWS_PYLD]); - - n += lws_snprintf(flattened + n, len - n , " \"protected\": \"%.*s\",\n", - jws->map_b64.len[LJWS_JOSE], - jws->map_b64.buf[LJWS_JOSE]); - - if (jws->map_b64.buf[LJWS_UHDR]) - n += lws_snprintf(flattened + n, len - n , " \"header\": %.*s,\n", - jws->map_b64.len[LJWS_UHDR], jws->map_b64.buf[LJWS_UHDR]); - - n += lws_snprintf(flattened + n, len - n , " \"signature\": \"%.*s\"}\n", - jws->map_b64.len[LJWS_SIG], jws->map_b64.buf[LJWS_SIG]); - - return (n >= len - 1); -} - -LWS_VISIBLE int -lws_jws_write_compact(struct lws_jws *jws, char *compact, size_t len) -{ - size_t n = 0; - - if (len < 1) - return 1; - - n += lws_snprintf(compact + n, len - n , "%.*s", - jws->map_b64.len[LJWS_JOSE], jws->map_b64.buf[LJWS_JOSE]); - n += lws_snprintf(compact + n, len - n , ".%.*s", - jws->map_b64.len[LJWS_PYLD], jws->map_b64.buf[LJWS_PYLD]); - n += lws_snprintf(compact + n, len - n , ".%.*s", - jws->map_b64.len[LJWS_SIG], jws->map_b64.buf[LJWS_SIG]); - - return n >= len - 1; -} diff --git a/lib/jose/jws/private.h b/lib/jose/jws/private.h deleted file mode 100644 index e7113d3..0000000 --- a/lib/jose/jws/private.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * libwebsockets - JSON Web Signature support - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * JOSE is actually specified as part of JWS RFC7515. JWE references RFC7515 - * to specify its JOSE JSON object. So it lives in ./lib/jose/jws/jose.c. - */ - diff --git a/lib/jose/private.h b/lib/jose/private.h deleted file mode 100644 index 5e755f5..0000000 --- a/lib/jose/private.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * libwebsockets - jose private header - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -void -lws_jwk_destroy_elements(struct lws_gencrypto_keyelem *el, int m); - -void -lws_jwk_init_jps(struct lejp_ctx *jctx, struct lws_jwk_parse_state *jps, - struct lws_jwk *jwk, lws_jwk_key_import_callback cb, - void *user); - -int -lws_jose_render(struct lws_jose *jose, struct lws_jwk *aux_jwk, - char *out, size_t out_len); diff --git a/lib/roles/http/server/lejp-conf.c b/lib/lejp-conf.c similarity index 66% rename from lib/roles/http/server/lejp-conf.c rename to lib/lejp-conf.c index e8dfffd..3a1586d 100644 --- a/lib/roles/http/server/lejp-conf.c +++ b/lib/lejp-conf.c @@ -1,7 +1,7 @@ /* * libwebsockets web server application * - * Copyright (C) 2010-2018 Andy Green + * Copyright (C) 2010-2016 Andy Green * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -19,7 +19,8 @@ * MA 02110-1301 USA */ -#include "core/private.h" +#include "private-libwebsockets.h" +#include "lejp.h" #ifndef _WIN32 /* this is needed for Travis CI */ @@ -31,8 +32,6 @@ static const char * const paths_global[] = { "global.uid", "global.gid", - "global.username", - "global.groupname", "global.count-threads", "global.init-ssl", "global.server-string", @@ -41,14 +40,11 @@ static const char * const paths_global[] = { "global.timeout-secs", "global.reject-service-keywords[].*", "global.reject-service-keywords[]", - "global.default-alpn", }; enum lejp_global_paths { LEJPGP_UID, LEJPGP_GID, - LEJPGP_USERNAME, - LEJPGP_GROUPNAME, LEJPGP_COUNT_THREADS, LWJPGP_INIT_SSL, LEJPGP_SERVER_STRING, @@ -56,8 +52,7 @@ enum lejp_global_paths { LWJPGP_PINGPONG_SECS, LWJPGP_TIMEOUT_SECS, LWJPGP_REJECT_SERVICE_KEYWORDS_NAME, - LWJPGP_REJECT_SERVICE_KEYWORDS, - LWJPGP_DEFAULT_ALPN, + LWJPGP_REJECT_SERVICE_KEYWORDS }; static const char * const paths_vhosts[] = { @@ -67,7 +62,6 @@ static const char * const paths_vhosts[] = { "vhosts[].port", "vhosts[].interface", "vhosts[].unix-socket", - "vhosts[].unix-socket-perms", "vhosts[].sts", "vhosts[].host-ssl-key", "vhosts[].host-ssl-cert", @@ -105,26 +99,6 @@ static const char * const paths_vhosts[] = { "vhosts[].client-ssl-cert", "vhosts[].client-ssl-ca", "vhosts[].client-ssl-ciphers", - "vhosts[].onlyraw", - "vhosts[].client-cert-required", - "vhosts[].ignore-missing-cert", - "vhosts[].error-document-404", - "vhosts[].alpn", - "vhosts[].ssl-client-option-set", - "vhosts[].ssl-client-option-clear", - "vhosts[].tls13-ciphers", - "vhosts[].client-tls13-ciphers", - "vhosts[].strict-host-check", - - "vhosts[].listen-accept-role", - "vhosts[].listen-accept-protocol", - "vhosts[].apply-listen-accept", /* deprecates "onlyraw" */ - "vhosts[].fallback-listen-accept", - "vhosts[].allow-non-tls", - "vhosts[].redirect-http", - "vhosts[].allow-http-on-https", - - "vhosts[].disable-no-protocol-ws-upgrades", }; enum lejp_vhost_paths { @@ -134,7 +108,6 @@ enum lejp_vhost_paths { LEJPVP_PORT, LEJPVP_INTERFACE, LEJPVP_UNIXSKT, - LEJPVP_UNIXSKT_PERMS, LEJPVP_STS, LEJPVP_HOST_SSL_KEY, LEJPVP_HOST_SSL_CERT, @@ -172,26 +145,33 @@ enum lejp_vhost_paths { LEJPVP_CLIENT_SSL_CERT, LEJPVP_CLIENT_SSL_CA, LEJPVP_CLIENT_CIPHERS, - LEJPVP_FLAG_ONLYRAW, - LEJPVP_FLAG_CLIENT_CERT_REQUIRED, - LEJPVP_IGNORE_MISSING_CERT, - LEJPVP_ERROR_DOCUMENT_404, - LEJPVP_ALPN, - LEJPVP_SSL_CLIENT_OPTION_SET, - LEJPVP_SSL_CLIENT_OPTION_CLEAR, - LEJPVP_TLS13_CIPHERS, - LEJPVP_CLIENT_TLS13_CIPHERS, - LEJPVP_FLAG_STRICT_HOST_CHECK, - - LEJPVP_LISTEN_ACCEPT_ROLE, - LEJPVP_LISTEN_ACCEPT_PROTOCOL, - LEJPVP_FLAG_APPLY_LISTEN_ACCEPT, - LEJPVP_FLAG_FALLBACK_LISTEN_ACCEPT, - LEJPVP_FLAG_ALLOW_NON_TLS, - LEJPVP_FLAG_REDIRECT_HTTP, - LEJPVP_FLAG_ALLOW_HTTP_ON_HTTPS, - - LEJPVP_FLAG_DISABLE_NO_PROTOCOL_WS_UPGRADES, +}; + +static const char * const parser_errs[] = { + "", + "", + "No opening '{'", + "Expected closing '}'", + "Expected '\"'", + "String underrun", + "Illegal unescaped control char", + "Illegal escape format", + "Illegal hex number", + "Expected ':'", + "Illegal value start", + "Digit required after decimal point", + "Bad number format", + "Bad exponent format", + "Unknown token", + "Too many ']'", + "Mismatched ']'", + "Expected ']'", + "JSON nesting limit exceeded", + "Nesting tracking used up", + "Number too long", + "Comma or block end expected", + "Unknown", + "Parser callback errored (see earlier error)", }; #define MAX_PLUGIN_DIRS 10 @@ -200,7 +180,6 @@ struct jpargs { struct lws_context_creation_info *info; struct lws_context *context; const struct lws_protocols *protocols; - const struct lws_protocols **pprotocols; const struct lws_extension *extensions; char *p, *end, valid; struct lws_http_mount *head, *last; @@ -212,11 +191,9 @@ struct jpargs { const char **plugin_dirs; int count_plugin_dirs; - unsigned int reject_ws_with_no_protocol:1; unsigned int enable_client_ssl:1; unsigned int fresh_mount:1; unsigned int any_vhosts:1; - unsigned int chunk:1; }; static void * @@ -225,8 +202,6 @@ lwsws_align(struct jpargs *a) if ((lws_intptr_t)(a->p) & 15) a->p += 16 - ((lws_intptr_t)(a->p) & 15); - a->chunk = 0; - return a->p; } @@ -239,23 +214,14 @@ arg_to_bool(const char *s) if (n) return 1; - for (n = 0; n < (int)LWS_ARRAY_SIZE(on); n++) + for (n = 0; n < ARRAY_SIZE(on); n++) if (!strcasecmp(s, on[n])) return 1; return 0; } -static void -set_reset_flag(unsigned int *p, const char *state, unsigned int flag) -{ - if (arg_to_bool(state)) - *p |= flag; - else - *p &= ~(flag); -} - -static signed char +static char lejp_globals_cb(struct lejp_ctx *ctx, char reason) { struct jpargs *a = (struct jpargs *)ctx->user; @@ -272,7 +238,7 @@ lejp_globals_cb(struct lejp_ctx *ctx, char reason) rej = lwsws_align(a); a->p += sizeof(*rej); - n = lejp_get_wildcard(ctx, 0, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); rej->next = a->info->reject_service_keywords; a->info->reject_service_keywords = rej; rej->name = a->p; @@ -291,12 +257,6 @@ lejp_globals_cb(struct lejp_ctx *ctx, char reason) case LEJPGP_GID: a->info->gid = atoi(ctx->buf); return 0; - case LEJPGP_USERNAME: - a->info->username = a->p; - break; - case LEJPGP_GROUPNAME: - a->info->groupname = a->p; - break; case LEJPGP_COUNT_THREADS: a->info->count_threads = atoi(ctx->buf); return 0; @@ -323,10 +283,6 @@ lejp_globals_cb(struct lejp_ctx *ctx, char reason) a->info->timeout_secs = atoi(ctx->buf); return 0; - case LWJPGP_DEFAULT_ALPN: - a->info->alpn = a->p; - break; - default: return 0; } @@ -338,7 +294,7 @@ dostring: return 0; } -static signed char +static char lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) { struct jpargs *a = (struct jpargs *)ctx->user; @@ -354,41 +310,20 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) #endif if (reason == LEJPCB_OBJECT_START && ctx->path_match == LEJPVP + 1) { - uint32_t i[4]; - const char *ss; - /* set the defaults for this vhost */ - a->reject_ws_with_no_protocol = 0; a->valid = 1; a->head = NULL; a->last = NULL; - - i[0] = a->info->count_threads; - i[1] = a->info->options & ( - LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME | - LWS_SERVER_OPTION_LIBUV | - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN | - LWS_SERVER_OPTION_LIBEVENT | - LWS_SERVER_OPTION_LIBEV - ); - ss = a->info->server_string; - i[2] = a->info->ws_ping_pong_interval; - i[3] = a->info->timeout_secs; - - memset(a->info, 0, sizeof(*a->info)); - - a->info->count_threads = i[0]; - a->info->options = i[1]; - a->info->server_string = ss; - a->info->ws_ping_pong_interval = i[2]; - a->info->timeout_secs = i[3]; - + a->info->port = 0; + a->info->iface = NULL; a->info->protocols = a->protocols; - a->info->pprotocols = a->pprotocols; a->info->extensions = a->extensions; -#if defined(LWS_WITH_TLS) + a->info->ssl_cert_filepath = NULL; + a->info->ssl_private_key_filepath = NULL; + a->info->ssl_ca_filepath = NULL; + a->info->client_ssl_cert_filepath = NULL; + a->info->client_ssl_private_key_filepath = NULL; + a->info->client_ssl_ca_filepath = NULL; a->info->client_ssl_cipher_list = "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES256-GCM-SHA384:" "DHE-RSA-AES256-GCM-SHA384:" @@ -402,7 +337,7 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) "!DHE-RSA-AES256-SHA256:" "!AES256-GCM-SHA384:" "!AES256-SHA256"; -#endif + a->info->timeout_secs = 5; a->info->ssl_cipher_list = "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES256-GCM-SHA384:" "DHE-RSA-AES256-GCM-SHA384:" @@ -416,7 +351,13 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) "!DHE-RSA-AES256-SHA256:" "!AES256-GCM-SHA384:" "!AES256-SHA256"; + a->info->pvo = NULL; + a->info->headers = NULL; a->info->keepalive_timeout = 5; + a->info->log_filepath = NULL; + a->info->options &= ~(LWS_SERVER_OPTION_UNIX_SOCK | + LWS_SERVER_OPTION_STS); + a->enable_client_ssl = 0; } if (reason == LEJPCB_OBJECT_START && @@ -431,12 +372,12 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) a->pvo = lwsws_align(a); a->p += sizeof(*a->pvo); - n = lejp_get_wildcard(ctx, 0, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); /* ie, enable this protocol, no options yet */ a->pvo->next = a->info->pvo; a->info->pvo = a->pvo; a->pvo->name = a->p; - lwsl_info(" adding protocol %s\n", a->p); + lwsl_notice(" adding protocol %s\n", a->p); a->p += n; a->pvo->value = a->p; a->pvo->options = NULL; @@ -444,31 +385,25 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) } /* this catches, eg, vhosts[].headers[].xxx */ - if ((reason == LEJPCB_VAL_STR_END || reason == LEJPCB_VAL_STR_CHUNK) && + if (reason == LEJPCB_VAL_STR_END && ctx->path_match == LEJPVP_HEADERS_NAME + 1) { + headers = lwsws_align(a); + a->p += sizeof(*headers); - if (!a->chunk) { - headers = lwsws_align(a); - a->p += sizeof(*headers); - - n = lejp_get_wildcard(ctx, 0, a->p, - lws_ptr_diff(a->end, a->p)); - /* ie, add this header */ - headers->next = a->info->headers; - a->info->headers = headers; - headers->name = a->p; - - lwsl_notice(" adding header %s=%s\n", a->p, ctx->buf); - a->p += n - 1; - *(a->p++) = ':'; - if (a->p < a->end) - *(a->p++) = '\0'; - else - *(a->p - 1) = '\0'; - headers->value = a->p; - headers->options = NULL; - } - a->chunk = reason == LEJPCB_VAL_STR_CHUNK; + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); + /* ie, enable this protocol, no options yet */ + headers->next = a->info->headers; + a->info->headers = headers; + headers->name = a->p; + // lwsl_notice(" adding header %s=%s\n", a->p, ctx->buf); + a->p += n - 1; + *(a->p++) = ':'; + if (a->p < a->end) + *(a->p++) = '\0'; + else + *(a->p - 1) = '\0'; + headers->value = a->p; + headers->options = NULL; goto dostring; } @@ -479,9 +414,8 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) struct lws_vhost *vhost; //lwsl_notice("%s\n", ctx->path); - if (!a->info->port && - !(a->info->options & LWS_SERVER_OPTION_UNIX_SOCK)) { - lwsl_err("Port required (eg, 443)\n"); + if (!a->info->port) { + lwsl_err("Port required (eg, 443)"); return 1; } a->valid = 0; @@ -495,33 +429,19 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) } a->any_vhosts = 1; - if (a->reject_ws_with_no_protocol) { - a->reject_ws_with_no_protocol = 0; - - vhost->default_protocol_index = 255; - } - -#if defined(LWS_WITH_TLS) if (a->enable_client_ssl) { - const char *cert_filepath = - a->info->client_ssl_cert_filepath; - const char *private_key_filepath = - a->info->client_ssl_private_key_filepath; - const char *ca_filepath = - a->info->client_ssl_ca_filepath; - const char *cipher_list = - a->info->client_ssl_cipher_list; - + const char *cert_filepath = a->info->client_ssl_cert_filepath; + const char *private_key_filepath = a->info->client_ssl_private_key_filepath; + const char *ca_filepath = a->info->client_ssl_ca_filepath; + const char *cipher_list = a->info->client_ssl_cipher_list; memset(a->info, 0, sizeof(*a->info)); a->info->client_ssl_cert_filepath = cert_filepath; - a->info->client_ssl_private_key_filepath = - private_key_filepath; + a->info->client_ssl_private_key_filepath = private_key_filepath; a->info->client_ssl_ca_filepath = ca_filepath; a->info->client_ssl_cipher_list = cipher_list; a->info->options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; lws_init_vhost_client_ssl(a->info, vhost); } -#endif return 0; } @@ -552,17 +472,17 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) if (a->last) a->last->mount_next = m; - for (n = 0; n < (int)LWS_ARRAY_SIZE(mount_protocols); n++) + for (n = 0; n < ARRAY_SIZE(mount_protocols); n++) if (!strncmp(a->m.origin, mount_protocols[n], strlen(mount_protocols[n]))) { - lwsl_info("----%s\n", a->m.origin); + lwsl_err("----%s\n", a->m.origin); m->origin_protocol = n; m->origin = a->m.origin + strlen(mount_protocols[n]); break; } - if (n == (int)LWS_ARRAY_SIZE(mount_protocols)) { + if (n == ARRAY_SIZE(mount_protocols)) { lwsl_err("unsupported protocol:// %s\n", a->m.origin); return 1; } @@ -595,9 +515,6 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) else a->info->options &= ~(LWS_SERVER_OPTION_UNIX_SOCK); return 0; - case LEJPVP_UNIXSKT_PERMS: - a->info->unix_socket_perms = a->p; - break; case LEJPVP_STS: if (arg_to_bool(ctx->buf)) a->info->options |= LWS_SERVER_OPTION_STS; @@ -654,21 +571,12 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) case LEJPVP_KEEPALIVE_TIMEOUT: a->info->keepalive_timeout = atoi(ctx->buf); return 0; -#if defined(LWS_WITH_TLS) case LEJPVP_CLIENT_CIPHERS: a->info->client_ssl_cipher_list = a->p; break; -#endif case LEJPVP_CIPHERS: a->info->ssl_cipher_list = a->p; break; - case LEJPVP_TLS13_CIPHERS: - a->info->tls1_3_plus_cipher_list = a->p; - break; - case LEJPVP_CLIENT_TLS13_CIPHERS: - a->info->client_tls_1_3_plus_cipher_list = a->p; - break; - case LEJPVP_ECDH_CURVE: a->info->ecdh_curve = a->p; break; @@ -680,13 +588,13 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) mp_cgienv->next = a->m.cgienv; a->m.cgienv = mp_cgienv; - n = lejp_get_wildcard(ctx, 0, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); mp_cgienv->name = a->p; a->p += n; mp_cgienv->value = a->p; mp_cgienv->options = NULL; - //lwsl_notice(" adding pmo / cgi-env '%s' = '%s'\n", - // mp_cgienv->name, mp_cgienv->value); + //lwsl_notice(" adding pmo / cgi-env '%s' = '%s'\n", mp_cgienv->name, + // mp_cgienv->value); goto dostring; case LEJPVP_PROTOCOL_NAME_OPT: @@ -697,7 +605,7 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) pvo = lwsws_align(a); a->p += sizeof(*a->pvo); - n = lejp_get_wildcard(ctx, 1, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 1, a->p, a->end - a->p); /* ie, enable this protocol, no options yet */ pvo->next = a->pvo->options; a->pvo->options = pvo; @@ -711,12 +619,12 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) a->pvo_em = lwsws_align(a); a->p += sizeof(*a->pvo_em); - n = lejp_get_wildcard(ctx, 0, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); /* ie, enable this protocol, no options yet */ a->pvo_em->next = a->m.extra_mimetypes; a->m.extra_mimetypes = a->pvo_em; a->pvo_em->name = a->p; - lwsl_notice(" + extra-mimetypes %s -> %s\n", a->p, ctx->buf); + lwsl_notice(" adding extra-mimetypes %s -> %s\n", a->p, ctx->buf); a->p += n; a->pvo_em->value = a->p; a->pvo_em->options = NULL; @@ -726,7 +634,7 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) a->pvo_int = lwsws_align(a); a->p += sizeof(*a->pvo_int); - n = lejp_get_wildcard(ctx, 0, a->p, lws_ptr_diff(a->end, a->p)); + n = lejp_get_wildcard(ctx, 0, a->p, a->end - a->p); /* ie, enable this protocol, no options yet */ a->pvo_int->next = a->m.interpret; a->m.interpret = a->pvo_int; @@ -741,7 +649,6 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) case LEJPVP_ENABLE_CLIENT_SSL: a->enable_client_ssl = arg_to_bool(ctx->buf); return 0; -#if defined(LWS_WITH_TLS) case LEJPVP_CLIENT_SSL_KEY: a->info->client_ssl_private_key_filepath = a->p; break; @@ -751,44 +658,22 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) case LEJPVP_CLIENT_SSL_CA: a->info->client_ssl_ca_filepath = a->p; break; -#endif case LEJPVP_NOIPV6: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_DISABLE_IPV6); - return 0; - - case LEJPVP_FLAG_ONLYRAW: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG); + if (arg_to_bool(ctx->buf)) + a->info->options |= LWS_SERVER_OPTION_DISABLE_IPV6; + else + a->info->options &= ~(LWS_SERVER_OPTION_DISABLE_IPV6); return 0; case LEJPVP_IPV6ONLY: a->info->options |= LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY; - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE); - return 0; - - case LEJPVP_FLAG_CLIENT_CERT_REQUIRED: if (arg_to_bool(ctx->buf)) - a->info->options |= - LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT; - return 0; - - case LEJPVP_IGNORE_MISSING_CERT: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_IGNORE_MISSING_CERT); - return 0; - - case LEJPVP_FLAG_STRICT_HOST_CHECK: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK); + a->info->options |= LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE; + else + a->info->options &= ~(LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE); return 0; - case LEJPVP_ERROR_DOCUMENT_404: - a->info->error_document_404 = a->p; - break; - case LEJPVP_SSL_OPTION_SET: a->info->ssl_options_set |= atol(ctx->buf); return 0; @@ -796,73 +681,25 @@ lejp_vhosts_cb(struct lejp_ctx *ctx, char reason) a->info->ssl_options_clear |= atol(ctx->buf); return 0; - case LEJPVP_SSL_CLIENT_OPTION_SET: - a->info->ssl_client_options_set |= atol(ctx->buf); - return 0; - case LEJPVP_SSL_CLIENT_OPTION_CLEAR: - a->info->ssl_client_options_clear |= atol(ctx->buf); - return 0; - - case LEJPVP_ALPN: - a->info->alpn = a->p; - break; - - case LEJPVP_LISTEN_ACCEPT_ROLE: - a->info->listen_accept_role = a->p; - break; - case LEJPVP_LISTEN_ACCEPT_PROTOCOL: - a->info->listen_accept_protocol = a->p; - break; - - case LEJPVP_FLAG_APPLY_LISTEN_ACCEPT: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG); - return 0; - case LEJPVP_FLAG_FALLBACK_LISTEN_ACCEPT: - lwsl_notice("vh %s: LEJPVP_FLAG_FALLBACK_LISTEN_ACCEPT: %s\n", - a->info->vhost_name, ctx->buf); - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG); - return 0; - case LEJPVP_FLAG_ALLOW_NON_TLS: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT); - return 0; - case LEJPVP_FLAG_REDIRECT_HTTP: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS); - return 0; - case LEJPVP_FLAG_ALLOW_HTTP_ON_HTTPS: - set_reset_flag(&a->info->options, ctx->buf, - LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER); - return 0; - - case LEJPVP_FLAG_DISABLE_NO_PROTOCOL_WS_UPGRADES: - a->reject_ws_with_no_protocol = 1; - return 0; - default: return 0; } dostring: p = ctx->buf; - p[LEJP_STRING_CHUNK] = '\0'; p1 = strstr(p, ESC_INSTALL_DATADIR); if (p1) { - n = lws_ptr_diff(p1, p); + n = p1 - p; if (n > a->end - a->p) - n = lws_ptr_diff(a->end, a->p); - lws_strncpy(a->p, p, n + 1); + n = a->end - a->p; + strncpy(a->p, p, n); a->p += n; - a->p += lws_snprintf(a->p, a->end - a->p, "%s", - LWS_INSTALL_DATADIR); + a->p += lws_snprintf(a->p, a->end - a->p, "%s", LWS_INSTALL_DATADIR); p += n + strlen(ESC_INSTALL_DATADIR); } a->p += lws_snprintf(a->p, a->end - a->p, "%s", p); - if (reason == LEJPCB_VAL_STR_END) - *(a->p)++ = '\0'; + *(a->p)++ = '\0'; return 0; } @@ -877,9 +714,9 @@ lwsws_get_config(void *user, const char *f, const char * const *paths, { unsigned char buf[128]; struct lejp_ctx ctx; - int n, m = 0, fd; + int n, m, fd; - fd = lws_open(f, O_RDONLY); + fd = open(f, O_RDONLY); if (fd < 0) { lwsl_err("Cannot open %s\n", f); return 2; @@ -901,41 +738,103 @@ lwsws_get_config(void *user, const char *f, const char * const *paths, if (m < 0) { lwsl_err("%s(%u): parsing error %d: %s\n", f, n, m, - lejp_error_to_string(m)); + parser_errs[-m]); return 2; } return 0; } -struct lws_dir_args { - void *user; - const char * const *paths; - int count_paths; - lejp_callback cb; -}; +#if defined(LWS_USE_LIBUV) && UV_VERSION_MAJOR > 0 static int -lwsws_get_config_d_cb(const char *dirpath, void *user, - struct lws_dir_entry *lde) +lwsws_get_config_d(void *user, const char *d, const char * const *paths, + int count_paths, lejp_callback cb) { - struct lws_dir_args *da = (struct lws_dir_args *)user; + uv_dirent_t dent; + uv_fs_t req; char path[256]; + int ret = 0, ir; + uv_loop_t loop; + + ir = uv_loop_init(&loop); + if (ir) { + lwsl_err("%s: loop init failed %d\n", __func__, ir); + } + + if (!uv_fs_scandir(&loop, &req, d, 0, NULL)) { + lwsl_err("Scandir on %s failed\n", d); + return 2; + } + + while (uv_fs_scandir_next(&req, &dent) != UV_EOF) { + lws_snprintf(path, sizeof(path) - 1, "%s/%s", d, dent.name); + ret = lwsws_get_config(user, path, paths, count_paths, cb); + if (ret) + goto bail; + } + +bail: + uv_fs_req_cleanup(&req); + while (uv_loop_close(&loop)) + ; + + return ret; +} + +#else - if (lde->type != LDOT_FILE && lde->type != LDOT_UNKNOWN /* ZFS */) +#ifndef _WIN32 +static int filter(const struct dirent *ent) +{ + if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) return 0; - lws_snprintf(path, sizeof(path) - 1, "%s/%s", dirpath, lde->name); + return 1; +} +#endif + +static int +lwsws_get_config_d(void *user, const char *d, const char * const *paths, + int count_paths, lejp_callback cb) +{ +#ifndef _WIN32 + struct dirent **namelist; + char path[256]; + int n, i, ret = 0; + + n = scandir(d, &namelist, filter, alphasort); + if (n < 0) { + lwsl_err("Scandir on %s failed\n", d); + } - return lwsws_get_config(da->user, path, da->paths, - da->count_paths, da->cb); + for (i = 0; i < n; i++) { + lws_snprintf(path, sizeof(path) - 1, "%s/%s", d, + namelist[i]->d_name); + ret = lwsws_get_config(user, path, paths, count_paths, cb); + if (ret) { + while (i++ < n) + free(namelist[i]); + goto bail; + } + free(namelist[i]); + } + +bail: + free(namelist); + + return ret; +#else + return 0; +#endif } +#endif + int lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, char **cs, int *len) { - struct lws_dir_args da; struct jpargs a; const char * const *old = info->plugin_dirs; char dd[128]; @@ -961,22 +860,17 @@ lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, lws_snprintf(dd, sizeof(dd) - 1, "%s/conf", d); if (lwsws_get_config(&a, dd, paths_global, - LWS_ARRAY_SIZE(paths_global), lejp_globals_cb) > 1) + ARRAY_SIZE(paths_global), lejp_globals_cb) > 1) return 1; lws_snprintf(dd, sizeof(dd) - 1, "%s/conf.d", d); - - da.user = &a; - da.paths = paths_global; - da.count_paths = LWS_ARRAY_SIZE(paths_global), - da.cb = lejp_globals_cb; - - if (lws_dir(dd, &da, lwsws_get_config_d_cb) > 1) + if (lwsws_get_config_d(&a, dd, paths_global, + ARRAY_SIZE(paths_global), lejp_globals_cb) > 1) return 1; a.plugin_dirs[a.count_plugin_dirs] = NULL; *cs = a.p; - *len = lws_ptr_diff(a.end, a.p); + *len = a.end - a.p; return 0; } @@ -986,7 +880,6 @@ lwsws_get_config_vhosts(struct lws_context *context, struct lws_context_creation_info *info, const char *d, char **cs, int *len) { - struct lws_dir_args da; struct jpargs a; char dd[128]; @@ -998,25 +891,19 @@ lwsws_get_config_vhosts(struct lws_context *context, a.valid = 0; a.context = context; a.protocols = info->protocols; - a.pprotocols = info->pprotocols; a.extensions = info->extensions; lws_snprintf(dd, sizeof(dd) - 1, "%s/conf", d); if (lwsws_get_config(&a, dd, paths_vhosts, - LWS_ARRAY_SIZE(paths_vhosts), lejp_vhosts_cb) > 1) + ARRAY_SIZE(paths_vhosts), lejp_vhosts_cb) > 1) return 1; lws_snprintf(dd, sizeof(dd) - 1, "%s/conf.d", d); - - da.user = &a; - da.paths = paths_vhosts; - da.count_paths = LWS_ARRAY_SIZE(paths_vhosts), - da.cb = lejp_vhosts_cb; - - if (lws_dir(dd, &da, lwsws_get_config_d_cb) > 1) + if (lwsws_get_config_d(&a, dd, paths_vhosts, + ARRAY_SIZE(paths_vhosts), lejp_vhosts_cb) > 1) return 1; *cs = a.p; - *len = lws_ptr_diff(a.end, a.p); + *len = a.end - a.p; if (!a.any_vhosts) { lwsl_err("Need at least one vhost\n"); diff --git a/lib/misc/lejp.c b/lib/lejp.c similarity index 66% rename from lib/misc/lejp.c rename to lib/lejp.c index 2190413..50ff4b5 100644 --- a/lib/misc/lejp.c +++ b/lib/lejp.c @@ -1,55 +1,15 @@ /* * Lightweight Embedded JSON Parser * - * Copyright (C) 2013-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA + * Copyright (C) 2013 Andy Green + * This code is licensed under LGPL 2.1 + * http://www.gnu.org/licenses/lgpl-2.1.html */ -#include -#include "core/private.h" #include -#include +#include "lejp.h" -static const char * const parser_errs[] = { - "", - "", - "No opening '{'", - "Expected closing '}'", - "Expected '\"'", - "String underrun", - "Illegal unescaped control char", - "Illegal escape format", - "Illegal hex number", - "Expected ':'", - "Illegal value start", - "Digit required after decimal point", - "Bad number format", - "Bad exponent format", - "Unknown token", - "Too many ']'", - "Mismatched ']'", - "Expected ']'", - "JSON nesting limit exceeded", - "Nesting tracking used up", - "Number too long", - "Comma or block end expected", - "Unknown", - "Parser callback errored (see earlier error)", -}; +#include /** * lejp_construct - prepare a struct lejp_ctx for use @@ -58,14 +18,14 @@ static const char * const parser_errs[] = { * \param callback: your user callback which will received parsed tokens * \param user: optional user data pointer untouched by lejp * \param paths: your array of name elements you are interested in - * \param count_paths: LWS_ARRAY_SIZE() of @paths + * \param count_paths: ARRAY_SIZE() of @paths * * Prepares your context struct for use with lejp */ void lejp_construct(struct lejp_ctx *ctx, - signed char (*callback)(struct lejp_ctx *ctx, char reason), void *user, + char (*callback)(struct lejp_ctx *ctx, char reason), void *user, const char * const *paths, unsigned char count_paths) { ctx->st[0].s = 0; @@ -74,20 +34,15 @@ lejp_construct(struct lejp_ctx *ctx, ctx->st[0].b = 0; ctx->sp = 0; ctx->ipos = 0; + ctx->ppos = 0; ctx->path_match = 0; - ctx->path_stride = 0; ctx->path[0] = '\0'; + ctx->callback = callback; ctx->user = user; + ctx->paths = paths; + ctx->count_paths = count_paths; ctx->line = 1; - - ctx->pst_sp = 0; - ctx->pst[0].callback = callback; - ctx->pst[0].paths = paths; - ctx->pst[0].count_paths = count_paths; - ctx->pst[0].user = NULL; - ctx->pst[0].ppos = 0; - - ctx->pst[0].callback(ctx, LEJPCB_CONSTRUCTED); + ctx->callback(ctx, LEJPCB_CONSTRUCTED); } /** @@ -104,7 +59,7 @@ void lejp_destruct(struct lejp_ctx *ctx) { /* no allocations... just let callback know what it happening */ - ctx->pst[0].callback(ctx, LEJPCB_DESTRUCTED); + ctx->callback(ctx, LEJPCB_DESTRUCTED); } /** @@ -131,31 +86,25 @@ lejp_destruct(struct lejp_ctx *ctx) void lejp_change_callback(struct lejp_ctx *ctx, - signed char (*callback)(struct lejp_ctx *ctx, char reason)) + char (*callback)(struct lejp_ctx *ctx, char reason)) { - ctx->pst[0].callback(ctx, LEJPCB_DESTRUCTED); - ctx->pst[0].callback = callback; - ctx->pst[0].callback(ctx, LEJPCB_CONSTRUCTED); - ctx->pst[0].callback(ctx, LEJPCB_START); + ctx->callback(ctx, LEJPCB_DESTRUCTED); + ctx->callback = callback; + ctx->callback(ctx, LEJPCB_CONSTRUCTED); + ctx->callback(ctx, LEJPCB_START); } -void +static void lejp_check_path_match(struct lejp_ctx *ctx) { const char *p, *q; - int n, s = sizeof(char *); - - if (ctx->path_stride) - s = ctx->path_stride; + int n; /* we only need to check if a match is not active */ - for (n = 0; !ctx->path_match && - n < ctx->pst[ctx->pst_sp].count_paths; n++) { + for (n = 0; !ctx->path_match && n < ctx->count_paths; n++) { ctx->wildcount = 0; p = ctx->path; - - q = *((char **)(((char *)ctx->pst[ctx->pst_sp].paths) + (n * s))); - + q = ctx->paths[n]; while (*p && *q) { if (*q != '*') { if (*p != *q) @@ -164,7 +113,7 @@ lejp_check_path_match(struct lejp_ctx *ctx) q++; continue; } - ctx->wild[ctx->wildcount++] = lws_ptr_diff(p, ctx->path); + ctx->wild[ctx->wildcount++] = p - ctx->path; q++; /* * if * has something after it, match to . @@ -181,7 +130,7 @@ lejp_check_path_match(struct lejp_ctx *ctx) continue; ctx->path_match = n + 1; - ctx->path_match_len = ctx->pst[ctx->pst_sp].ppos; + ctx->path_match_len = ctx->ppos; return; } @@ -199,8 +148,7 @@ lejp_get_wildcard(struct lejp_ctx *ctx, int wildcard, char *dest, int len) n = ctx->wild[wildcard]; - while (--len && n < ctx->pst[ctx->pst_sp].ppos && - (n == ctx->wild[wildcard] || ctx->path[n] != '.')) + while (--len && n < ctx->ppos && (n == ctx->wild[wildcard] || ctx->path[n] != '.')) *dest++ = ctx->path[n++]; *dest = '\0'; @@ -233,11 +181,12 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) static const char esc_tran[] = "\"\\/\b\f\n\r\t"; static const char tokens[] = "rue alse ull "; - if (!ctx->sp && !ctx->pst[ctx->pst_sp].ppos) - ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_START); + if (!ctx->sp && !ctx->ppos) + ctx->callback(ctx, LEJPCB_START); while (len--) { c = *json++; + s = ctx->st[ctx->sp].s; /* skip whitespace unless we should care */ @@ -263,7 +212,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) ret = LEJP_REJECT_IDLE_NO_BRACE; goto reject; } - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_OBJECT_START)) { + if (ctx->callback(ctx, LEJPCB_OBJECT_START)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -289,13 +238,13 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) case LEJP_MP_STRING: if (c == '\"') { - if (!ctx->sp) { /* JSON can't end on quote */ + if (!ctx->sp) { ret = LEJP_REJECT_MP_STRING_UNDERRUN; goto reject; } if (ctx->st[ctx->sp - 1].s != LEJP_MP_DELIM) { ctx->buf[ctx->npos] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, + if (ctx->callback(ctx, LEJPCB_VAL_STR_END) < 0) { ret = LEJP_REJECT_CALLBACK; goto reject; @@ -402,10 +351,10 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) goto reject; } ctx->st[ctx->sp].s = LEJP_MP_VALUE; - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->path[ctx->ppos] = '\0'; lejp_check_path_match(ctx); - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_PAIR_NAME)) { + if (ctx->callback(ctx, LEJPCB_PAIR_NAME)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -426,7 +375,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) c = LEJP_MP_STRING; ctx->npos = 0; ctx->buf[0] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_STR_START)) { + if (ctx->callback(ctx, LEJPCB_VAL_STR_START)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -437,7 +386,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) ctx->st[ctx->sp].s = LEJP_MP_COMMA_OR_END; c = LEJP_MEMBERS; lejp_check_path_match(ctx); - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_OBJECT_START)) { + if (ctx->callback(ctx, LEJPCB_OBJECT_START)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -448,46 +397,20 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) /* push */ ctx->st[ctx->sp].s = LEJP_MP_ARRAY_END; c = LEJP_MP_VALUE; - ctx->path[ctx->pst[ctx->pst_sp].ppos++] = '['; - ctx->path[ctx->pst[ctx->pst_sp].ppos++] = ']'; - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_ARRAY_START)) { + ctx->path[ctx->ppos++] = '['; + ctx->path[ctx->ppos++] = ']'; + ctx->path[ctx->ppos] = '\0'; + if (ctx->callback(ctx, LEJPCB_ARRAY_START)) { ret = LEJP_REJECT_CALLBACK; goto reject; } ctx->i[ctx->ipos++] = 0; - if (ctx->ipos > LWS_ARRAY_SIZE(ctx->i)) { + if (ctx->ipos > ARRAY_SIZE(ctx->i)) { ret = LEJP_REJECT_MP_DELIM_ISTACK; goto reject; } goto add_stack_level; - case ']': - /* pop */ - if (!ctx->sp) { /* JSON can't end on ] */ - ret = LEJP_REJECT_MP_C_OR_E_UNDERF; - goto reject; - } - ctx->sp--; - if (ctx->st[ctx->sp].s != LEJP_MP_ARRAY_END) { - ret = LEJP_REJECT_MP_C_OR_E_NOTARRAY; - goto reject; - } - /* drop the path [n] bit */ - if (ctx->sp) { - ctx->pst[ctx->pst_sp].ppos = ctx->st[ctx->sp - 1].p; - ctx->ipos = ctx->st[ctx->sp - 1].i; - } - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; - if (ctx->path_match && - ctx->pst[ctx->pst_sp].ppos <= ctx->path_match_len) - /* - * we shrank the path to be - * smaller than the matching point - */ - ctx->path_match = 0; - goto array_end; - case 't': /* true */ ctx->uni = 0; ctx->st[ctx->sp].s = LEJP_MP_VALUE_TOK; @@ -514,14 +437,14 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) goto append_npos; } - if (ctx->dcount < 20 && c >= '0' && c <= '9') { + if (ctx->dcount < 10 && c >= '0' && c <= '9') { if (ctx->f & LEJP_SEEN_POINT) ctx->f |= LEJP_SEEN_POST_POINT; ctx->dcount++; goto append_npos; } if (c == '.') { - if (!ctx->dcount || (ctx->f & LEJP_SEEN_POINT)) { + if (ctx->dcount || (ctx->f & LEJP_SEEN_POINT)) { ret = LEJP_REJECT_MP_VAL_NUM_FORMAT; goto reject; } @@ -555,12 +478,12 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) ctx->buf[ctx->npos] = '\0'; if (ctx->f & LEJP_SEEN_POINT) { - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_NUM_FLOAT)) { + if (ctx->callback(ctx, LEJPCB_VAL_NUM_FLOAT)) { ret = LEJP_REJECT_CALLBACK; goto reject; } } else { - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_NUM_INT)) { + if (ctx->callback(ctx, LEJPCB_VAL_NUM_INT)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -591,7 +514,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) case 3: ctx->buf[0] = '1'; ctx->buf[1] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_TRUE)) { + if (ctx->callback(ctx, LEJPCB_VAL_TRUE)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -599,14 +522,14 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) case 8: ctx->buf[0] = '0'; ctx->buf[1] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_FALSE)) { + if (ctx->callback(ctx, LEJPCB_VAL_FALSE)) { ret = LEJP_REJECT_CALLBACK; goto reject; } break; case 12: ctx->buf[0] = '\0'; - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_NULL)) { + if (ctx->callback(ctx, LEJPCB_VAL_NULL)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -616,12 +539,12 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) break; case LEJP_MP_COMMA_OR_END: - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->path[ctx->ppos] = '\0'; if (c == ',') { /* increment this stack level's index */ ctx->st[ctx->sp].s = LEJP_M_P; if (!ctx->sp) { - ctx->pst[ctx->pst_sp].ppos = 0; + ctx->ppos = 0; /* * since we came back to root level, * no path can still match @@ -629,10 +552,10 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) ctx->path_match = 0; break; } - ctx->pst[ctx->pst_sp].ppos = ctx->st[ctx->sp - 1].p; - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->ppos = ctx->st[ctx->sp - 1].p; + ctx->path[ctx->ppos] = '\0'; if (ctx->path_match && - ctx->pst[ctx->pst_sp].ppos <= ctx->path_match_len) + ctx->ppos <= ctx->path_match_len) /* * we shrank the path to be * smaller than the matching point @@ -648,7 +571,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) break; } if (c == ']') { - if (!ctx->sp) { /* JSON can't end on ] */ + if (!ctx->sp) { ret = LEJP_REJECT_MP_C_OR_E_UNDERF; goto reject; } @@ -659,13 +582,11 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) goto reject; } /* drop the path [n] bit */ - if (ctx->sp) { - ctx->pst[ctx->pst_sp].ppos = ctx->st[ctx->sp - 1].p; - ctx->ipos = ctx->st[ctx->sp - 1].i; - } - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->ppos = ctx->st[ctx->sp - 1].p; + ctx->ipos = ctx->st[ctx->sp - 1].i; + ctx->path[ctx->ppos] = '\0'; if (ctx->path_match && - ctx->pst[ctx->pst_sp].ppos <= ctx->path_match_len) + ctx->ppos <= ctx->path_match_len) /* * we shrank the path to be * smaller than the matching point @@ -676,40 +597,30 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) goto redo_character; } if (c == '}') { - if (!ctx->sp) { + if (ctx->sp == 0) { lejp_check_path_match(ctx); - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_OBJECT_END)) { + if (ctx->callback(ctx, LEJPCB_OBJECT_END)) { ret = LEJP_REJECT_CALLBACK; goto reject; } - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_COMPLETE)) - goto reject; - else - /* done, return unused amount */ - return len; + ctx->callback(ctx, LEJPCB_COMPLETE); + /* done, return unused amount */ + return len; } - /* pop */ - ctx->sp--; - if (ctx->sp) { - ctx->pst[ctx->pst_sp].ppos = - ctx->st[ctx->sp].p; - ctx->ipos = ctx->st[ctx->sp].i; - } - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->ppos = ctx->st[ctx->sp - 1].p; + ctx->ipos = ctx->st[ctx->sp - 1].i; + ctx->path[ctx->ppos] = '\0'; if (ctx->path_match && - ctx->pst[ctx->pst_sp].ppos <= - ctx->path_match_len) + ctx->ppos <= ctx->path_match_len) /* * we shrank the path to be * smaller than the matching point */ ctx->path_match = 0; - lejp_check_path_match(ctx); - if (ctx->pst[ctx->pst_sp].callback(ctx, - LEJPCB_OBJECT_END)) { + if (ctx->callback(ctx, LEJPCB_OBJECT_END)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -720,16 +631,15 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len) goto reject; case LEJP_MP_ARRAY_END: -array_end: - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->path[ctx->ppos] = '\0'; if (c == ',') { /* increment this stack level's index */ if (ctx->ipos) ctx->i[ctx->ipos - 1]++; ctx->st[ctx->sp].s = LEJP_MP_VALUE; if (ctx->sp) - ctx->pst[ctx->pst_sp].ppos = ctx->st[ctx->sp - 1].p; - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->ppos = ctx->st[ctx->sp - 1].p; + ctx->path[ctx->ppos] = '\0'; break; } if (c != ']') { @@ -738,7 +648,7 @@ array_end: } ctx->st[ctx->sp].s = LEJP_MP_COMMA_OR_END; - ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_ARRAY_END); + ctx->callback(ctx, LEJPCB_ARRAY_END); break; } @@ -749,7 +659,7 @@ emit_string_char: /* assemble the string value into chunks */ ctx->buf[ctx->npos++] = c; if (ctx->npos == sizeof(ctx->buf) - 1) { - if (ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_VAL_STR_CHUNK)) { + if (ctx->callback(ctx, LEJPCB_VAL_STR_CHUNK)) { ret = LEJP_REJECT_CALLBACK; goto reject; } @@ -758,23 +668,22 @@ emit_string_char: continue; } /* name part of name:value pair */ - ctx->path[ctx->pst[ctx->pst_sp].ppos++] = c; + ctx->path[ctx->ppos++] = c; continue; add_stack_level: /* push on to the object stack */ - if (ctx->pst[ctx->pst_sp].ppos && - ctx->st[ctx->sp].s != LEJP_MP_COMMA_OR_END && - ctx->st[ctx->sp].s != LEJP_MP_ARRAY_END) - ctx->path[ctx->pst[ctx->pst_sp].ppos++] = '.'; + if (ctx->ppos && ctx->st[ctx->sp].s != LEJP_MP_COMMA_OR_END && + ctx->st[ctx->sp].s != LEJP_MP_ARRAY_END) + ctx->path[ctx->ppos++] = '.'; - ctx->st[ctx->sp].p = ctx->pst[ctx->pst_sp].ppos; + ctx->st[ctx->sp].p = ctx->ppos; ctx->st[ctx->sp].i = ctx->ipos; - if (++ctx->sp == LWS_ARRAY_SIZE(ctx->st)) { + if (++ctx->sp == ARRAY_SIZE(ctx->st)) { ret = LEJP_REJECT_STACK_OVERFLOW; goto reject; } - ctx->path[ctx->pst[ctx->pst_sp].ppos] = '\0'; + ctx->path[ctx->ppos] = '\0'; ctx->st[ctx->sp].s = c; ctx->st[ctx->sp].b = 0; continue; @@ -795,65 +704,6 @@ redo_character: return LEJP_CONTINUE; reject: - ctx->pst[ctx->pst_sp].callback(ctx, LEJPCB_FAILED); + ctx->callback(ctx, LEJPCB_FAILED); return ret; } - -int -lejp_parser_push(struct lejp_ctx *ctx, void *user, const char * const *paths, - unsigned char paths_count, lejp_callback lejp_cb) -{ - struct _lejp_parsing_stack *p; - - if (ctx->pst_sp + 1 == LEJP_MAX_PARSING_STACK_DEPTH) - return -1; - - lejp_check_path_match(ctx); - - ctx->pst[ctx->pst_sp].path_match = ctx->path_match; - ctx->pst_sp++; - - p = &ctx->pst[ctx->pst_sp]; - p->user = user; - p->callback = lejp_cb; - p->paths = paths; - p->count_paths = paths_count; - p->ppos = 0; - - ctx->path_match = 0; - lejp_check_path_match(ctx); - - lwsl_debug("%s: pushed parser stack to %d (path %s)\n", __func__, - ctx->pst_sp, ctx->path); - - return 0; -} - -int -lejp_parser_pop(struct lejp_ctx *ctx) -{ - if (!ctx->pst_sp) - return -1; - - ctx->pst_sp--; - lwsl_debug("%s: popped parser stack to %d\n", __func__, ctx->pst_sp); - - ctx->path_match = 0; /* force it to check */ - lejp_check_path_match(ctx); - - return 0; -} - -const char * -lejp_error_to_string(int e) -{ - if (e > 0) - e = 0; - else - e = -e; - - if (e >= (int)LWS_ARRAY_SIZE(parser_errs)) - return "Unknown error"; - - return parser_errs[e]; -} diff --git a/include/libwebsockets/lws-lejp.h b/lib/lejp.h similarity index 64% rename from include/libwebsockets/lws-lejp.h rename to lib/lejp.h index 3fd37dd..7bf7ba7 100644 --- a/include/libwebsockets/lws-lejp.h +++ b/lib/lejp.h @@ -1,37 +1,8 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * included from libwebsockets.h - */ - -/** \defgroup lejp JSON parser - * ##JSON parsing related functions - * \ingroup lwsapi - * - * LEJP is an extremely lightweight JSON stream parser included in lws. - */ -//@{ +#include "libwebsockets.h" struct lejp_ctx; -#if !defined(LWS_ARRAY_SIZE) -#define LWS_ARRAY_SIZE(_x) (sizeof(_x) / sizeof(_x[0])) +#ifndef ARRAY_SIZE +#define ARRAY_SIZE(_x) (sizeof(_x) / sizeof(_x[0])) #endif #define LEJP_FLAG_WS_KEEP 64 #define LEJP_FLAG_WS_COMMENTLINE 32 @@ -106,7 +77,7 @@ enum lejp_callbacks { LEJPCB_ARRAY_END = 15, LEJPCB_OBJECT_START = 16, - LEJPCB_OBJECT_END = 17, + LEJPCB_OBJECT_END = 17 }; /** @@ -169,13 +140,10 @@ enum lejp_callbacks { * * LEJPCB_OBJECT_END: An object ended */ -LWS_EXTERN signed char _lejp_callback(struct lejp_ctx *ctx, char reason); +LWS_EXTERN char _lejp_callback(struct lejp_ctx *ctx, char reason); -typedef signed char (*lejp_callback)(struct lejp_ctx *ctx, char reason); +typedef char (*lejp_callback)(struct lejp_ctx *ctx, char reason); -#ifndef LEJP_MAX_PARSING_STACK_DEPTH -#define LEJP_MAX_PARSING_STACK_DEPTH 5 -#endif #ifndef LEJP_MAX_DEPTH #define LEJP_MAX_DEPTH 12 #endif @@ -187,7 +155,7 @@ typedef signed char (*lejp_callback)(struct lejp_ctx *ctx, char reason); #endif #ifndef LEJP_STRING_CHUNK /* must be >= 30 to assemble floats */ -#define LEJP_STRING_CHUNK 254 +#define LEJP_STRING_CHUNK 255 #endif enum num_flags { @@ -204,62 +172,51 @@ struct _lejp_stack { char b; /* user bitfield */ }; -struct _lejp_parsing_stack { - void *user; /* private to the stack level */ - signed char (*callback)(struct lejp_ctx *ctx, char reason); - const char * const *paths; - uint8_t count_paths; - uint8_t ppos; - uint8_t path_match; -}; - struct lejp_ctx { /* sorted by type for most compact alignment * * pointers */ + + char (*callback)(struct lejp_ctx *ctx, char reason); void *user; + const char * const *paths; /* arrays */ - struct _lejp_parsing_stack pst[LEJP_MAX_PARSING_STACK_DEPTH]; struct _lejp_stack st[LEJP_MAX_DEPTH]; - uint16_t i[LEJP_MAX_INDEX_DEPTH]; /* index array */ - uint16_t wild[LEJP_MAX_INDEX_DEPTH]; /* index array */ + unsigned short i[LEJP_MAX_INDEX_DEPTH]; /* index array */ + unsigned short wild[LEJP_MAX_INDEX_DEPTH]; /* index array */ char path[LEJP_MAX_PATH]; - char buf[LEJP_STRING_CHUNK + 1]; - - /* size_t */ - - size_t path_stride; /* 0 means default ptr size, else stride */ + char buf[LEJP_STRING_CHUNK]; /* int */ - uint32_t line; + unsigned int line; /* short */ - uint16_t uni; + unsigned short uni; /* char */ - uint8_t npos; - uint8_t dcount; - uint8_t f; - uint8_t sp; /* stack head */ - uint8_t ipos; /* index stack depth */ - uint8_t count_paths; - uint8_t path_match; - uint8_t path_match_len; - uint8_t wildcount; - uint8_t pst_sp; /* parsing stack head */ + unsigned char npos; + unsigned char dcount; + unsigned char f; + unsigned char sp; /* stack head */ + unsigned char ipos; /* index stack depth */ + unsigned char ppos; + unsigned char count_paths; + unsigned char path_match; + unsigned char path_match_len; + unsigned char wildcount; }; LWS_VISIBLE LWS_EXTERN void lejp_construct(struct lejp_ctx *ctx, - signed char (*callback)(struct lejp_ctx *ctx, char reason), - void *user, const char * const *paths, unsigned char paths_count); + char (*callback)(struct lejp_ctx *ctx, char reason), void *user, + const char * const *paths, unsigned char paths_count); LWS_VISIBLE LWS_EXTERN void lejp_destruct(struct lejp_ctx *ctx); @@ -269,30 +226,7 @@ lejp_parse(struct lejp_ctx *ctx, const unsigned char *json, int len); LWS_VISIBLE LWS_EXTERN void lejp_change_callback(struct lejp_ctx *ctx, - signed char (*callback)(struct lejp_ctx *ctx, char reason)); - -/* - * push the current paths / paths_count and lejp_cb to a stack in the ctx, and - * start using the new ones - */ -LWS_VISIBLE LWS_EXTERN int -lejp_parser_push(struct lejp_ctx *ctx, void *user, const char * const *paths, - unsigned char paths_count, lejp_callback lejp_cb); - -/* - * pop the previously used paths / paths_count and lejp_cb, and continue - * parsing using those as before - */ -LWS_VISIBLE LWS_EXTERN int -lejp_parser_pop(struct lejp_ctx *ctx); - -/* exported for use when reevaluating a path for use with a subcontext */ -LWS_VISIBLE LWS_EXTERN void -lejp_check_path_match(struct lejp_ctx *ctx); + char (*callback)(struct lejp_ctx *ctx, char reason)); LWS_VISIBLE LWS_EXTERN int lejp_get_wildcard(struct lejp_ctx *ctx, int wildcard, char *dest, int len); - -LWS_VISIBLE LWS_EXTERN const char * -lejp_error_to_string(int e); -//@} diff --git a/lib/roles/http/lextable-strings.h b/lib/lextable-strings.h similarity index 87% rename from lib/roles/http/lextable-strings.h rename to lib/lextable-strings.h index 02d05eb..c9fe6ff 100644 --- a/lib/roles/http/lextable-strings.h +++ b/lib/lextable-strings.h @@ -1,6 +1,10 @@ /* set of parsable strings -- ALL LOWER CASE */ -static const char * const set[] = { +#if !defined(STORE_IN_ROM) +#define STORE_IN_ROM +#endif + +STORE_IN_ROM static const char * const set[] = { "get ", "post ", "options ", @@ -90,14 +94,8 @@ static const char * const set[] = { "x-real-ip:", "http/1.0 ", - "x-forwarded-for:", + "x-forwarded-for", "connect ", - "head ", - "te:", /* http/2 wants it to reject it */ - "replay-nonce:", /* ACME */ - ":protocol", /* defined in mcmanus-httpbis-h2-ws-02 */ - - "x-auth-token:", "", /* not matchable */ diff --git a/lib/lextable.h b/lib/lextable.h new file mode 100644 index 0000000..2f4f079 --- /dev/null +++ b/lib/lextable.h @@ -0,0 +1,796 @@ +/* pos 0000: 0 */ 0x67 /* 'g' */, 0x40, 0x00 /* (to 0x0040 state 1) */, + 0x70 /* 'p' */, 0x42, 0x00 /* (to 0x0045 state 5) */, + 0x6F /* 'o' */, 0x51, 0x00 /* (to 0x0057 state 10) */, + 0x68 /* 'h' */, 0x5D, 0x00 /* (to 0x0066 state 18) */, + 0x63 /* 'c' */, 0x66, 0x00 /* (to 0x0072 state 23) */, + 0x75 /* 'u' */, 0x87, 0x00 /* (to 0x0096 state 34) */, + 0x73 /* 's' */, 0x9D, 0x00 /* (to 0x00AF state 48) */, + 0x0D /* '.' */, 0xD6, 0x00 /* (to 0x00EB state 68) */, + 0x61 /* 'a' */, 0x2E, 0x01 /* (to 0x0146 state 129) */, + 0x69 /* 'i' */, 0x6D, 0x01 /* (to 0x0188 state 163) */, + 0x64 /* 'd' */, 0x16, 0x02 /* (to 0x0234 state 265) */, + 0x72 /* 'r' */, 0x1F, 0x02 /* (to 0x0240 state 270) */, + 0x3A /* ':' */, 0x50, 0x02 /* (to 0x0274 state 299) */, + 0x65 /* 'e' */, 0xDC, 0x02 /* (to 0x0303 state 409) */, + 0x66 /* 'f' */, 0xF8, 0x02 /* (to 0x0322 state 425) */, + 0x6C /* 'l' */, 0x1A, 0x03 /* (to 0x0347 state 458) */, + 0x6D /* 'm' */, 0x3D, 0x03 /* (to 0x036D state 484) */, + 0x74 /* 't' */, 0xAC, 0x03 /* (to 0x03DF state 578) */, + 0x76 /* 'v' */, 0xC7, 0x03 /* (to 0x03FD state 606) */, + 0x77 /* 'w' */, 0xD4, 0x03 /* (to 0x040D state 614) */, + 0x78 /* 'x' */, 0xFB, 0x03 /* (to 0x0437 state 650) */, + 0x08, /* fail */ +/* pos 0040: 1 */ 0xE5 /* 'e' -> */, +/* pos 0041: 2 */ 0xF4 /* 't' -> */, +/* pos 0042: 3 */ 0xA0 /* ' ' -> */, +/* pos 0043: 4 */ 0x00, 0x00 /* - terminal marker 0 - */, +/* pos 0045: 5 */ 0x6F /* 'o' */, 0x0D, 0x00 /* (to 0x0052 state 6) */, + 0x72 /* 'r' */, 0x92, 0x01 /* (to 0x01DA state 211) */, + 0x61 /* 'a' */, 0xD4, 0x03 /* (to 0x041F state 631) */, + 0x75 /* 'u' */, 0xD6, 0x03 /* (to 0x0424 state 635) */, + 0x08, /* fail */ +/* pos 0052: 6 */ 0xF3 /* 's' -> */, +/* pos 0053: 7 */ 0xF4 /* 't' -> */, +/* pos 0054: 8 */ 0xA0 /* ' ' -> */, +/* pos 0055: 9 */ 0x00, 0x01 /* - terminal marker 1 - */, +/* pos 0057: 10 */ 0x70 /* 'p' */, 0x07, 0x00 /* (to 0x005E state 11) */, + 0x72 /* 'r' */, 0x4E, 0x00 /* (to 0x00A8 state 42) */, + 0x08, /* fail */ +/* pos 005e: 11 */ 0xF4 /* 't' -> */, +/* pos 005f: 12 */ 0xE9 /* 'i' -> */, +/* pos 0060: 13 */ 0xEF /* 'o' -> */, +/* pos 0061: 14 */ 0xEE /* 'n' -> */, +/* pos 0062: 15 */ 0xF3 /* 's' -> */, +/* pos 0063: 16 */ 0xA0 /* ' ' -> */, +/* pos 0064: 17 */ 0x00, 0x02 /* - terminal marker 2 - */, +/* pos 0066: 18 */ 0x6F /* 'o' */, 0x07, 0x00 /* (to 0x006D state 19) */, + 0x74 /* 't' */, 0xBC, 0x00 /* (to 0x0125 state 110) */, + 0x08, /* fail */ +/* pos 006d: 19 */ 0xF3 /* 's' -> */, +/* pos 006e: 20 */ 0xF4 /* 't' -> */, +/* pos 006f: 21 */ 0xBA /* ':' -> */, +/* pos 0070: 22 */ 0x00, 0x03 /* - terminal marker 3 - */, +/* pos 0072: 23 */ 0x6F /* 'o' */, 0x07, 0x00 /* (to 0x0079 state 24) */, + 0x61 /* 'a' */, 0x72, 0x01 /* (to 0x01E7 state 217) */, + 0x08, /* fail */ +/* pos 0079: 24 */ 0x6E /* 'n' */, 0x07, 0x00 /* (to 0x0080 state 25) */, + 0x6F /* 'o' */, 0x87, 0x01 /* (to 0x0203 state 243) */, + 0x08, /* fail */ +/* pos 0080: 25 */ 0x6E /* 'n' */, 0x07, 0x00 /* (to 0x0087 state 26) */, + 0x74 /* 't' */, 0x86, 0x01 /* (to 0x0209 state 248) */, + 0x08, /* fail */ +/* pos 0087: 26 */ 0xE5 /* 'e' -> */, +/* pos 0088: 27 */ 0xE3 /* 'c' -> */, +/* pos 0089: 28 */ 0xF4 /* 't' -> */, +/* pos 008a: 29 */ 0x69 /* 'i' */, 0x07, 0x00 /* (to 0x0091 state 30) */, + 0x20 /* ' ' */, 0xCC, 0x03 /* (to 0x0459 state 675) */, + 0x08, /* fail */ +/* pos 0091: 30 */ 0xEF /* 'o' -> */, +/* pos 0092: 31 */ 0xEE /* 'n' -> */, +/* pos 0093: 32 */ 0xBA /* ':' -> */, +/* pos 0094: 33 */ 0x00, 0x04 /* - terminal marker 4 - */, +/* pos 0096: 34 */ 0x70 /* 'p' */, 0x0A, 0x00 /* (to 0x00A0 state 35) */, + 0x73 /* 's' */, 0x59, 0x03 /* (to 0x03F2 state 596) */, + 0x72 /* 'r' */, 0x91, 0x03 /* (to 0x042D state 642) */, + 0x08, /* fail */ +/* pos 00a0: 35 */ 0xE7 /* 'g' -> */, +/* pos 00a1: 36 */ 0xF2 /* 'r' -> */, +/* pos 00a2: 37 */ 0xE1 /* 'a' -> */, +/* pos 00a3: 38 */ 0xE4 /* 'd' -> */, +/* pos 00a4: 39 */ 0xE5 /* 'e' -> */, +/* pos 00a5: 40 */ 0xBA /* ':' -> */, +/* pos 00a6: 41 */ 0x00, 0x05 /* - terminal marker 5 - */, +/* pos 00a8: 42 */ 0xE9 /* 'i' -> */, +/* pos 00a9: 43 */ 0xE7 /* 'g' -> */, +/* pos 00aa: 44 */ 0xE9 /* 'i' -> */, +/* pos 00ab: 45 */ 0xEE /* 'n' -> */, +/* pos 00ac: 46 */ 0xBA /* ':' -> */, +/* pos 00ad: 47 */ 0x00, 0x06 /* - terminal marker 6 - */, +/* pos 00af: 48 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x00B6 state 49) */, + 0x74 /* 't' */, 0x13, 0x03 /* (to 0x03C5 state 553) */, + 0x08, /* fail */ +/* pos 00b6: 49 */ 0x63 /* 'c' */, 0x0A, 0x00 /* (to 0x00C0 state 50) */, + 0x72 /* 'r' */, 0xFC, 0x02 /* (to 0x03B5 state 539) */, + 0x74 /* 't' */, 0xFF, 0x02 /* (to 0x03BB state 544) */, + 0x08, /* fail */ +/* pos 00c0: 50 */ 0xAD /* '-' -> */, +/* pos 00c1: 51 */ 0xF7 /* 'w' -> */, +/* pos 00c2: 52 */ 0xE5 /* 'e' -> */, +/* pos 00c3: 53 */ 0xE2 /* 'b' -> */, +/* pos 00c4: 54 */ 0xF3 /* 's' -> */, +/* pos 00c5: 55 */ 0xEF /* 'o' -> */, +/* pos 00c6: 56 */ 0xE3 /* 'c' -> */, +/* pos 00c7: 57 */ 0xEB /* 'k' -> */, +/* pos 00c8: 58 */ 0xE5 /* 'e' -> */, +/* pos 00c9: 59 */ 0xF4 /* 't' -> */, +/* pos 00ca: 60 */ 0xAD /* '-' -> */, +/* pos 00cb: 61 */ 0x64 /* 'd' */, 0x19, 0x00 /* (to 0x00E4 state 62) */, + 0x65 /* 'e' */, 0x20, 0x00 /* (to 0x00EE state 70) */, + 0x6B /* 'k' */, 0x29, 0x00 /* (to 0x00FA state 81) */, + 0x70 /* 'p' */, 0x38, 0x00 /* (to 0x010C state 88) */, + 0x61 /* 'a' */, 0x3F, 0x00 /* (to 0x0116 state 97) */, + 0x6E /* 'n' */, 0x44, 0x00 /* (to 0x011E state 104) */, + 0x76 /* 'v' */, 0x86, 0x01 /* (to 0x0263 state 284) */, + 0x6F /* 'o' */, 0x8C, 0x01 /* (to 0x026C state 292) */, + 0x08, /* fail */ +/* pos 00e4: 62 */ 0xF2 /* 'r' -> */, +/* pos 00e5: 63 */ 0xE1 /* 'a' -> */, +/* pos 00e6: 64 */ 0xE6 /* 'f' -> */, +/* pos 00e7: 65 */ 0xF4 /* 't' -> */, +/* pos 00e8: 66 */ 0xBA /* ':' -> */, +/* pos 00e9: 67 */ 0x00, 0x07 /* - terminal marker 7 - */, +/* pos 00eb: 68 */ 0x8A /* '.' -> */, +/* pos 00ec: 69 */ 0x00, 0x08 /* - terminal marker 8 - */, +/* pos 00ee: 70 */ 0xF8 /* 'x' -> */, +/* pos 00ef: 71 */ 0xF4 /* 't' -> */, +/* pos 00f0: 72 */ 0xE5 /* 'e' -> */, +/* pos 00f1: 73 */ 0xEE /* 'n' -> */, +/* pos 00f2: 74 */ 0xF3 /* 's' -> */, +/* pos 00f3: 75 */ 0xE9 /* 'i' -> */, +/* pos 00f4: 76 */ 0xEF /* 'o' -> */, +/* pos 00f5: 77 */ 0xEE /* 'n' -> */, +/* pos 00f6: 78 */ 0xF3 /* 's' -> */, +/* pos 00f7: 79 */ 0xBA /* ':' -> */, +/* pos 00f8: 80 */ 0x00, 0x09 /* - terminal marker 9 - */, +/* pos 00fa: 81 */ 0xE5 /* 'e' -> */, +/* pos 00fb: 82 */ 0xF9 /* 'y' -> */, +/* pos 00fc: 83 */ 0x31 /* '1' */, 0x0A, 0x00 /* (to 0x0106 state 84) */, + 0x32 /* '2' */, 0x0A, 0x00 /* (to 0x0109 state 86) */, + 0x3A /* ':' */, 0x5F, 0x01 /* (to 0x0261 state 283) */, + 0x08, /* fail */ +/* pos 0106: 84 */ 0xBA /* ':' -> */, +/* pos 0107: 85 */ 0x00, 0x0A /* - terminal marker 10 - */, +/* pos 0109: 86 */ 0xBA /* ':' -> */, +/* pos 010a: 87 */ 0x00, 0x0B /* - terminal marker 11 - */, +/* pos 010c: 88 */ 0xF2 /* 'r' -> */, +/* pos 010d: 89 */ 0xEF /* 'o' -> */, +/* pos 010e: 90 */ 0xF4 /* 't' -> */, +/* pos 010f: 91 */ 0xEF /* 'o' -> */, +/* pos 0110: 92 */ 0xE3 /* 'c' -> */, +/* pos 0111: 93 */ 0xEF /* 'o' -> */, +/* pos 0112: 94 */ 0xEC /* 'l' -> */, +/* pos 0113: 95 */ 0xBA /* ':' -> */, +/* pos 0114: 96 */ 0x00, 0x0C /* - terminal marker 12 - */, +/* pos 0116: 97 */ 0xE3 /* 'c' -> */, +/* pos 0117: 98 */ 0xE3 /* 'c' -> */, +/* pos 0118: 99 */ 0xE5 /* 'e' -> */, +/* pos 0119: 100 */ 0xF0 /* 'p' -> */, +/* pos 011a: 101 */ 0xF4 /* 't' -> */, +/* pos 011b: 102 */ 0xBA /* ':' -> */, +/* pos 011c: 103 */ 0x00, 0x0D /* - terminal marker 13 - */, +/* pos 011e: 104 */ 0xEF /* 'o' -> */, +/* pos 011f: 105 */ 0xEE /* 'n' -> */, +/* pos 0120: 106 */ 0xE3 /* 'c' -> */, +/* pos 0121: 107 */ 0xE5 /* 'e' -> */, +/* pos 0122: 108 */ 0xBA /* ':' -> */, +/* pos 0123: 109 */ 0x00, 0x0E /* - terminal marker 14 - */, +/* pos 0125: 110 */ 0xF4 /* 't' -> */, +/* pos 0126: 111 */ 0xF0 /* 'p' -> */, +/* pos 0127: 112 */ 0x2F /* '/' */, 0x07, 0x00 /* (to 0x012E state 113) */, + 0x32 /* '2' */, 0x10, 0x00 /* (to 0x013A state 118) */, + 0x08, /* fail */ +/* pos 012e: 113 */ 0xB1 /* '1' -> */, +/* pos 012f: 114 */ 0xAE /* '.' -> */, +/* pos 0130: 115 */ 0x31 /* '1' */, 0x07, 0x00 /* (to 0x0137 state 116) */, + 0x30 /* '0' */, 0x15, 0x03 /* (to 0x0448 state 660) */, + 0x08, /* fail */ +/* pos 0137: 116 */ 0xA0 /* ' ' -> */, +/* pos 0138: 117 */ 0x00, 0x0F /* - terminal marker 15 - */, +/* pos 013a: 118 */ 0xAD /* '-' -> */, +/* pos 013b: 119 */ 0xF3 /* 's' -> */, +/* pos 013c: 120 */ 0xE5 /* 'e' -> */, +/* pos 013d: 121 */ 0xF4 /* 't' -> */, +/* pos 013e: 122 */ 0xF4 /* 't' -> */, +/* pos 013f: 123 */ 0xE9 /* 'i' -> */, +/* pos 0140: 124 */ 0xEE /* 'n' -> */, +/* pos 0141: 125 */ 0xE7 /* 'g' -> */, +/* pos 0142: 126 */ 0xF3 /* 's' -> */, +/* pos 0143: 127 */ 0xBA /* ':' -> */, +/* pos 0144: 128 */ 0x00, 0x10 /* - terminal marker 16 - */, +/* pos 0146: 129 */ 0x63 /* 'c' */, 0x0D, 0x00 /* (to 0x0153 state 130) */, + 0x75 /* 'u' */, 0xAC, 0x00 /* (to 0x01F5 state 230) */, + 0x67 /* 'g' */, 0x7D, 0x01 /* (to 0x02C9 state 358) */, + 0x6C /* 'l' */, 0x7E, 0x01 /* (to 0x02CD state 361) */, + 0x08, /* fail */ +/* pos 0153: 130 */ 0xE3 /* 'c' -> */, +/* pos 0154: 131 */ 0xE5 /* 'e' -> */, +/* pos 0155: 132 */ 0x70 /* 'p' */, 0x07, 0x00 /* (to 0x015C state 133) */, + 0x73 /* 's' */, 0x0E, 0x00 /* (to 0x0166 state 136) */, + 0x08, /* fail */ +/* pos 015c: 133 */ 0xF4 /* 't' -> */, +/* pos 015d: 134 */ 0x3A /* ':' */, 0x07, 0x00 /* (to 0x0164 state 135) */, + 0x2D /* '-' */, 0x59, 0x00 /* (to 0x01B9 state 192) */, + 0x08, /* fail */ +/* pos 0164: 135 */ 0x00, 0x11 /* - terminal marker 17 - */, +/* pos 0166: 136 */ 0xF3 /* 's' -> */, +/* pos 0167: 137 */ 0xAD /* '-' -> */, +/* pos 0168: 138 */ 0xE3 /* 'c' -> */, +/* pos 0169: 139 */ 0xEF /* 'o' -> */, +/* pos 016a: 140 */ 0xEE /* 'n' -> */, +/* pos 016b: 141 */ 0xF4 /* 't' -> */, +/* pos 016c: 142 */ 0xF2 /* 'r' -> */, +/* pos 016d: 143 */ 0xEF /* 'o' -> */, +/* pos 016e: 144 */ 0xEC /* 'l' -> */, +/* pos 016f: 145 */ 0xAD /* '-' -> */, +/* pos 0170: 146 */ 0x72 /* 'r' */, 0x07, 0x00 /* (to 0x0177 state 147) */, + 0x61 /* 'a' */, 0x48, 0x01 /* (to 0x02BB state 345) */, + 0x08, /* fail */ +/* pos 0177: 147 */ 0xE5 /* 'e' -> */, +/* pos 0178: 148 */ 0xF1 /* 'q' -> */, +/* pos 0179: 149 */ 0xF5 /* 'u' -> */, +/* pos 017a: 150 */ 0xE5 /* 'e' -> */, +/* pos 017b: 151 */ 0xF3 /* 's' -> */, +/* pos 017c: 152 */ 0xF4 /* 't' -> */, +/* pos 017d: 153 */ 0xAD /* '-' -> */, +/* pos 017e: 154 */ 0xE8 /* 'h' -> */, +/* pos 017f: 155 */ 0xE5 /* 'e' -> */, +/* pos 0180: 156 */ 0xE1 /* 'a' -> */, +/* pos 0181: 157 */ 0xE4 /* 'd' -> */, +/* pos 0182: 158 */ 0xE5 /* 'e' -> */, +/* pos 0183: 159 */ 0xF2 /* 'r' -> */, +/* pos 0184: 160 */ 0xF3 /* 's' -> */, +/* pos 0185: 161 */ 0xBA /* ':' -> */, +/* pos 0186: 162 */ 0x00, 0x12 /* - terminal marker 18 - */, +/* pos 0188: 163 */ 0xE6 /* 'f' -> */, +/* pos 0189: 164 */ 0xAD /* '-' -> */, +/* pos 018a: 165 */ 0x6D /* 'm' */, 0x0D, 0x00 /* (to 0x0197 state 166) */, + 0x6E /* 'n' */, 0x20, 0x00 /* (to 0x01AD state 181) */, + 0x72 /* 'r' */, 0x9E, 0x01 /* (to 0x032E state 435) */, + 0x75 /* 'u' */, 0xA2, 0x01 /* (to 0x0335 state 441) */, + 0x08, /* fail */ +/* pos 0197: 166 */ 0x6F /* 'o' */, 0x07, 0x00 /* (to 0x019E state 167) */, + 0x61 /* 'a' */, 0x8E, 0x01 /* (to 0x0328 state 430) */, + 0x08, /* fail */ +/* pos 019e: 167 */ 0xE4 /* 'd' -> */, +/* pos 019f: 168 */ 0xE9 /* 'i' -> */, +/* pos 01a0: 169 */ 0xE6 /* 'f' -> */, +/* pos 01a1: 170 */ 0xE9 /* 'i' -> */, +/* pos 01a2: 171 */ 0xE5 /* 'e' -> */, +/* pos 01a3: 172 */ 0xE4 /* 'd' -> */, +/* pos 01a4: 173 */ 0xAD /* '-' -> */, +/* pos 01a5: 174 */ 0xF3 /* 's' -> */, +/* pos 01a6: 175 */ 0xE9 /* 'i' -> */, +/* pos 01a7: 176 */ 0xEE /* 'n' -> */, +/* pos 01a8: 177 */ 0xE3 /* 'c' -> */, +/* pos 01a9: 178 */ 0xE5 /* 'e' -> */, +/* pos 01aa: 179 */ 0xBA /* ':' -> */, +/* pos 01ab: 180 */ 0x00, 0x13 /* - terminal marker 19 - */, +/* pos 01ad: 181 */ 0xEF /* 'o' -> */, +/* pos 01ae: 182 */ 0xEE /* 'n' -> */, +/* pos 01af: 183 */ 0xE5 /* 'e' -> */, +/* pos 01b0: 184 */ 0xAD /* '-' -> */, +/* pos 01b1: 185 */ 0xED /* 'm' -> */, +/* pos 01b2: 186 */ 0xE1 /* 'a' -> */, +/* pos 01b3: 187 */ 0xF4 /* 't' -> */, +/* pos 01b4: 188 */ 0xE3 /* 'c' -> */, +/* pos 01b5: 189 */ 0xE8 /* 'h' -> */, +/* pos 01b6: 190 */ 0xBA /* ':' -> */, +/* pos 01b7: 191 */ 0x00, 0x14 /* - terminal marker 20 - */, +/* pos 01b9: 192 */ 0x65 /* 'e' */, 0x0D, 0x00 /* (to 0x01C6 state 193) */, + 0x6C /* 'l' */, 0x14, 0x00 /* (to 0x01D0 state 202) */, + 0x63 /* 'c' */, 0xEB, 0x00 /* (to 0x02AA state 330) */, + 0x72 /* 'r' */, 0xF1, 0x00 /* (to 0x02B3 state 338) */, + 0x08, /* fail */ +/* pos 01c6: 193 */ 0xEE /* 'n' -> */, +/* pos 01c7: 194 */ 0xE3 /* 'c' -> */, +/* pos 01c8: 195 */ 0xEF /* 'o' -> */, +/* pos 01c9: 196 */ 0xE4 /* 'd' -> */, +/* pos 01ca: 197 */ 0xE9 /* 'i' -> */, +/* pos 01cb: 198 */ 0xEE /* 'n' -> */, +/* pos 01cc: 199 */ 0xE7 /* 'g' -> */, +/* pos 01cd: 200 */ 0xBA /* ':' -> */, +/* pos 01ce: 201 */ 0x00, 0x15 /* - terminal marker 21 - */, +/* pos 01d0: 202 */ 0xE1 /* 'a' -> */, +/* pos 01d1: 203 */ 0xEE /* 'n' -> */, +/* pos 01d2: 204 */ 0xE7 /* 'g' -> */, +/* pos 01d3: 205 */ 0xF5 /* 'u' -> */, +/* pos 01d4: 206 */ 0xE1 /* 'a' -> */, +/* pos 01d5: 207 */ 0xE7 /* 'g' -> */, +/* pos 01d6: 208 */ 0xE5 /* 'e' -> */, +/* pos 01d7: 209 */ 0xBA /* ':' -> */, +/* pos 01d8: 210 */ 0x00, 0x16 /* - terminal marker 22 - */, +/* pos 01da: 211 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x01E1 state 212) */, + 0x6F /* 'o' */, 0x9E, 0x01 /* (to 0x037B state 497) */, + 0x08, /* fail */ +/* pos 01e1: 212 */ 0xE7 /* 'g' -> */, +/* pos 01e2: 213 */ 0xED /* 'm' -> */, +/* pos 01e3: 214 */ 0xE1 /* 'a' -> */, +/* pos 01e4: 215 */ 0xBA /* ':' -> */, +/* pos 01e5: 216 */ 0x00, 0x17 /* - terminal marker 23 - */, +/* pos 01e7: 217 */ 0xE3 /* 'c' -> */, +/* pos 01e8: 218 */ 0xE8 /* 'h' -> */, +/* pos 01e9: 219 */ 0xE5 /* 'e' -> */, +/* pos 01ea: 220 */ 0xAD /* '-' -> */, +/* pos 01eb: 221 */ 0xE3 /* 'c' -> */, +/* pos 01ec: 222 */ 0xEF /* 'o' -> */, +/* pos 01ed: 223 */ 0xEE /* 'n' -> */, +/* pos 01ee: 224 */ 0xF4 /* 't' -> */, +/* pos 01ef: 225 */ 0xF2 /* 'r' -> */, +/* pos 01f0: 226 */ 0xEF /* 'o' -> */, +/* pos 01f1: 227 */ 0xEC /* 'l' -> */, +/* pos 01f2: 228 */ 0xBA /* ':' -> */, +/* pos 01f3: 229 */ 0x00, 0x18 /* - terminal marker 24 - */, +/* pos 01f5: 230 */ 0xF4 /* 't' -> */, +/* pos 01f6: 231 */ 0xE8 /* 'h' -> */, +/* pos 01f7: 232 */ 0xEF /* 'o' -> */, +/* pos 01f8: 233 */ 0xF2 /* 'r' -> */, +/* pos 01f9: 234 */ 0xE9 /* 'i' -> */, +/* pos 01fa: 235 */ 0xFA /* 'z' -> */, +/* pos 01fb: 236 */ 0xE1 /* 'a' -> */, +/* pos 01fc: 237 */ 0xF4 /* 't' -> */, +/* pos 01fd: 238 */ 0xE9 /* 'i' -> */, +/* pos 01fe: 239 */ 0xEF /* 'o' -> */, +/* pos 01ff: 240 */ 0xEE /* 'n' -> */, +/* pos 0200: 241 */ 0xBA /* ':' -> */, +/* pos 0201: 242 */ 0x00, 0x19 /* - terminal marker 25 - */, +/* pos 0203: 243 */ 0xEB /* 'k' -> */, +/* pos 0204: 244 */ 0xE9 /* 'i' -> */, +/* pos 0205: 245 */ 0xE5 /* 'e' -> */, +/* pos 0206: 246 */ 0xBA /* ':' -> */, +/* pos 0207: 247 */ 0x00, 0x1A /* - terminal marker 26 - */, +/* pos 0209: 248 */ 0xE5 /* 'e' -> */, +/* pos 020a: 249 */ 0xEE /* 'n' -> */, +/* pos 020b: 250 */ 0xF4 /* 't' -> */, +/* pos 020c: 251 */ 0xAD /* '-' -> */, +/* pos 020d: 252 */ 0x6C /* 'l' */, 0x10, 0x00 /* (to 0x021D state 253) */, + 0x74 /* 't' */, 0x1E, 0x00 /* (to 0x022E state 260) */, + 0x64 /* 'd' */, 0xC0, 0x00 /* (to 0x02D3 state 366) */, + 0x65 /* 'e' */, 0xCA, 0x00 /* (to 0x02E0 state 378) */, + 0x72 /* 'r' */, 0xE3, 0x00 /* (to 0x02FC state 403) */, + 0x08, /* fail */ +/* pos 021d: 253 */ 0x65 /* 'e' */, 0x0A, 0x00 /* (to 0x0227 state 254) */, + 0x61 /* 'a' */, 0xCA, 0x00 /* (to 0x02EA state 387) */, + 0x6F /* 'o' */, 0xD0, 0x00 /* (to 0x02F3 state 395) */, + 0x08, /* fail */ +/* pos 0227: 254 */ 0xEE /* 'n' -> */, +/* pos 0228: 255 */ 0xE7 /* 'g' -> */, +/* pos 0229: 256 */ 0xF4 /* 't' -> */, +/* pos 022a: 257 */ 0xE8 /* 'h' -> */, +/* pos 022b: 258 */ 0xBA /* ':' -> */, +/* pos 022c: 259 */ 0x00, 0x1B /* - terminal marker 27 - */, +/* pos 022e: 260 */ 0xF9 /* 'y' -> */, +/* pos 022f: 261 */ 0xF0 /* 'p' -> */, +/* pos 0230: 262 */ 0xE5 /* 'e' -> */, +/* pos 0231: 263 */ 0xBA /* ':' -> */, +/* pos 0232: 264 */ 0x00, 0x1C /* - terminal marker 28 - */, +/* pos 0234: 265 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x023B state 266) */, + 0x65 /* 'e' */, 0xF0, 0x01 /* (to 0x0427 state 637) */, + 0x08, /* fail */ +/* pos 023b: 266 */ 0xF4 /* 't' -> */, +/* pos 023c: 267 */ 0xE5 /* 'e' -> */, +/* pos 023d: 268 */ 0xBA /* ':' -> */, +/* pos 023e: 269 */ 0x00, 0x1D /* - terminal marker 29 - */, +/* pos 0240: 270 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x0247 state 271) */, + 0x65 /* 'e' */, 0x0A, 0x00 /* (to 0x024D state 276) */, + 0x08, /* fail */ +/* pos 0247: 271 */ 0xEE /* 'n' -> */, +/* pos 0248: 272 */ 0xE7 /* 'g' -> */, +/* pos 0249: 273 */ 0xE5 /* 'e' -> */, +/* pos 024a: 274 */ 0xBA /* ':' -> */, +/* pos 024b: 275 */ 0x00, 0x1E /* - terminal marker 30 - */, +/* pos 024d: 276 */ 0x66 /* 'f' */, 0x07, 0x00 /* (to 0x0254 state 277) */, + 0x74 /* 't' */, 0x5A, 0x01 /* (to 0x03AA state 529) */, + 0x08, /* fail */ +/* pos 0254: 277 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x025B state 278) */, + 0x72 /* 'r' */, 0x4D, 0x01 /* (to 0x03A4 state 524) */, + 0x08, /* fail */ +/* pos 025b: 278 */ 0xF2 /* 'r' -> */, +/* pos 025c: 279 */ 0xE5 /* 'e' -> */, +/* pos 025d: 280 */ 0xF2 /* 'r' -> */, +/* pos 025e: 281 */ 0xBA /* ':' -> */, +/* pos 025f: 282 */ 0x00, 0x1F /* - terminal marker 31 - */, +/* pos 0261: 283 */ 0x00, 0x20 /* - terminal marker 32 - */, +/* pos 0263: 284 */ 0xE5 /* 'e' -> */, +/* pos 0264: 285 */ 0xF2 /* 'r' -> */, +/* pos 0265: 286 */ 0xF3 /* 's' -> */, +/* pos 0266: 287 */ 0xE9 /* 'i' -> */, +/* pos 0267: 288 */ 0xEF /* 'o' -> */, +/* pos 0268: 289 */ 0xEE /* 'n' -> */, +/* pos 0269: 290 */ 0xBA /* ':' -> */, +/* pos 026a: 291 */ 0x00, 0x21 /* - terminal marker 33 - */, +/* pos 026c: 292 */ 0xF2 /* 'r' -> */, +/* pos 026d: 293 */ 0xE9 /* 'i' -> */, +/* pos 026e: 294 */ 0xE7 /* 'g' -> */, +/* pos 026f: 295 */ 0xE9 /* 'i' -> */, +/* pos 0270: 296 */ 0xEE /* 'n' -> */, +/* pos 0271: 297 */ 0xBA /* ':' -> */, +/* pos 0272: 298 */ 0x00, 0x22 /* - terminal marker 34 - */, +/* pos 0274: 299 */ 0x61 /* 'a' */, 0x0D, 0x00 /* (to 0x0281 state 300) */, + 0x6D /* 'm' */, 0x14, 0x00 /* (to 0x028B state 309) */, + 0x70 /* 'p' */, 0x18, 0x00 /* (to 0x0292 state 315) */, + 0x73 /* 's' */, 0x1A, 0x00 /* (to 0x0297 state 319) */, + 0x08, /* fail */ +/* pos 0281: 300 */ 0xF5 /* 'u' -> */, +/* pos 0282: 301 */ 0xF4 /* 't' -> */, +/* pos 0283: 302 */ 0xE8 /* 'h' -> */, +/* pos 0284: 303 */ 0xEF /* 'o' -> */, +/* pos 0285: 304 */ 0xF2 /* 'r' -> */, +/* pos 0286: 305 */ 0xE9 /* 'i' -> */, +/* pos 0287: 306 */ 0xF4 /* 't' -> */, +/* pos 0288: 307 */ 0xF9 /* 'y' -> */, +/* pos 0289: 308 */ 0x00, 0x23 /* - terminal marker 35 - */, +/* pos 028b: 309 */ 0xE5 /* 'e' -> */, +/* pos 028c: 310 */ 0xF4 /* 't' -> */, +/* pos 028d: 311 */ 0xE8 /* 'h' -> */, +/* pos 028e: 312 */ 0xEF /* 'o' -> */, +/* pos 028f: 313 */ 0xE4 /* 'd' -> */, +/* pos 0290: 314 */ 0x00, 0x24 /* - terminal marker 36 - */, +/* pos 0292: 315 */ 0xE1 /* 'a' -> */, +/* pos 0293: 316 */ 0xF4 /* 't' -> */, +/* pos 0294: 317 */ 0xE8 /* 'h' -> */, +/* pos 0295: 318 */ 0x00, 0x25 /* - terminal marker 37 - */, +/* pos 0297: 319 */ 0x63 /* 'c' */, 0x07, 0x00 /* (to 0x029E state 320) */, + 0x74 /* 't' */, 0x0A, 0x00 /* (to 0x02A4 state 325) */, + 0x08, /* fail */ +/* pos 029e: 320 */ 0xE8 /* 'h' -> */, +/* pos 029f: 321 */ 0xE5 /* 'e' -> */, +/* pos 02a0: 322 */ 0xED /* 'm' -> */, +/* pos 02a1: 323 */ 0xE5 /* 'e' -> */, +/* pos 02a2: 324 */ 0x00, 0x26 /* - terminal marker 38 - */, +/* pos 02a4: 325 */ 0xE1 /* 'a' -> */, +/* pos 02a5: 326 */ 0xF4 /* 't' -> */, +/* pos 02a6: 327 */ 0xF5 /* 'u' -> */, +/* pos 02a7: 328 */ 0xF3 /* 's' -> */, +/* pos 02a8: 329 */ 0x00, 0x27 /* - terminal marker 39 - */, +/* pos 02aa: 330 */ 0xE8 /* 'h' -> */, +/* pos 02ab: 331 */ 0xE1 /* 'a' -> */, +/* pos 02ac: 332 */ 0xF2 /* 'r' -> */, +/* pos 02ad: 333 */ 0xF3 /* 's' -> */, +/* pos 02ae: 334 */ 0xE5 /* 'e' -> */, +/* pos 02af: 335 */ 0xF4 /* 't' -> */, +/* pos 02b0: 336 */ 0xBA /* ':' -> */, +/* pos 02b1: 337 */ 0x00, 0x28 /* - terminal marker 40 - */, +/* pos 02b3: 338 */ 0xE1 /* 'a' -> */, +/* pos 02b4: 339 */ 0xEE /* 'n' -> */, +/* pos 02b5: 340 */ 0xE7 /* 'g' -> */, +/* pos 02b6: 341 */ 0xE5 /* 'e' -> */, +/* pos 02b7: 342 */ 0xF3 /* 's' -> */, +/* pos 02b8: 343 */ 0xBA /* ':' -> */, +/* pos 02b9: 344 */ 0x00, 0x29 /* - terminal marker 41 - */, +/* pos 02bb: 345 */ 0xEC /* 'l' -> */, +/* pos 02bc: 346 */ 0xEC /* 'l' -> */, +/* pos 02bd: 347 */ 0xEF /* 'o' -> */, +/* pos 02be: 348 */ 0xF7 /* 'w' -> */, +/* pos 02bf: 349 */ 0xAD /* '-' -> */, +/* pos 02c0: 350 */ 0xEF /* 'o' -> */, +/* pos 02c1: 351 */ 0xF2 /* 'r' -> */, +/* pos 02c2: 352 */ 0xE9 /* 'i' -> */, +/* pos 02c3: 353 */ 0xE7 /* 'g' -> */, +/* pos 02c4: 354 */ 0xE9 /* 'i' -> */, +/* pos 02c5: 355 */ 0xEE /* 'n' -> */, +/* pos 02c6: 356 */ 0xBA /* ':' -> */, +/* pos 02c7: 357 */ 0x00, 0x2A /* - terminal marker 42 - */, +/* pos 02c9: 358 */ 0xE5 /* 'e' -> */, +/* pos 02ca: 359 */ 0xBA /* ':' -> */, +/* pos 02cb: 360 */ 0x00, 0x2B /* - terminal marker 43 - */, +/* pos 02cd: 361 */ 0xEC /* 'l' -> */, +/* pos 02ce: 362 */ 0xEF /* 'o' -> */, +/* pos 02cf: 363 */ 0xF7 /* 'w' -> */, +/* pos 02d0: 364 */ 0xBA /* ':' -> */, +/* pos 02d1: 365 */ 0x00, 0x2C /* - terminal marker 44 - */, +/* pos 02d3: 366 */ 0xE9 /* 'i' -> */, +/* pos 02d4: 367 */ 0xF3 /* 's' -> */, +/* pos 02d5: 368 */ 0xF0 /* 'p' -> */, +/* pos 02d6: 369 */ 0xEF /* 'o' -> */, +/* pos 02d7: 370 */ 0xF3 /* 's' -> */, +/* pos 02d8: 371 */ 0xE9 /* 'i' -> */, +/* pos 02d9: 372 */ 0xF4 /* 't' -> */, +/* pos 02da: 373 */ 0xE9 /* 'i' -> */, +/* pos 02db: 374 */ 0xEF /* 'o' -> */, +/* pos 02dc: 375 */ 0xEE /* 'n' -> */, +/* pos 02dd: 376 */ 0xBA /* ':' -> */, +/* pos 02de: 377 */ 0x00, 0x2D /* - terminal marker 45 - */, +/* pos 02e0: 378 */ 0xEE /* 'n' -> */, +/* pos 02e1: 379 */ 0xE3 /* 'c' -> */, +/* pos 02e2: 380 */ 0xEF /* 'o' -> */, +/* pos 02e3: 381 */ 0xE4 /* 'd' -> */, +/* pos 02e4: 382 */ 0xE9 /* 'i' -> */, +/* pos 02e5: 383 */ 0xEE /* 'n' -> */, +/* pos 02e6: 384 */ 0xE7 /* 'g' -> */, +/* pos 02e7: 385 */ 0xBA /* ':' -> */, +/* pos 02e8: 386 */ 0x00, 0x2E /* - terminal marker 46 - */, +/* pos 02ea: 387 */ 0xEE /* 'n' -> */, +/* pos 02eb: 388 */ 0xE7 /* 'g' -> */, +/* pos 02ec: 389 */ 0xF5 /* 'u' -> */, +/* pos 02ed: 390 */ 0xE1 /* 'a' -> */, +/* pos 02ee: 391 */ 0xE7 /* 'g' -> */, +/* pos 02ef: 392 */ 0xE5 /* 'e' -> */, +/* pos 02f0: 393 */ 0xBA /* ':' -> */, +/* pos 02f1: 394 */ 0x00, 0x2F /* - terminal marker 47 - */, +/* pos 02f3: 395 */ 0xE3 /* 'c' -> */, +/* pos 02f4: 396 */ 0xE1 /* 'a' -> */, +/* pos 02f5: 397 */ 0xF4 /* 't' -> */, +/* pos 02f6: 398 */ 0xE9 /* 'i' -> */, +/* pos 02f7: 399 */ 0xEF /* 'o' -> */, +/* pos 02f8: 400 */ 0xEE /* 'n' -> */, +/* pos 02f9: 401 */ 0xBA /* ':' -> */, +/* pos 02fa: 402 */ 0x00, 0x30 /* - terminal marker 48 - */, +/* pos 02fc: 403 */ 0xE1 /* 'a' -> */, +/* pos 02fd: 404 */ 0xEE /* 'n' -> */, +/* pos 02fe: 405 */ 0xE7 /* 'g' -> */, +/* pos 02ff: 406 */ 0xE5 /* 'e' -> */, +/* pos 0300: 407 */ 0xBA /* ':' -> */, +/* pos 0301: 408 */ 0x00, 0x31 /* - terminal marker 49 - */, +/* pos 0303: 409 */ 0x74 /* 't' */, 0x07, 0x00 /* (to 0x030A state 410) */, + 0x78 /* 'x' */, 0x09, 0x00 /* (to 0x030F state 414) */, + 0x08, /* fail */ +/* pos 030a: 410 */ 0xE1 /* 'a' -> */, +/* pos 030b: 411 */ 0xE7 /* 'g' -> */, +/* pos 030c: 412 */ 0xBA /* ':' -> */, +/* pos 030d: 413 */ 0x00, 0x32 /* - terminal marker 50 - */, +/* pos 030f: 414 */ 0xF0 /* 'p' -> */, +/* pos 0310: 415 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x0317 state 416) */, + 0x69 /* 'i' */, 0x09, 0x00 /* (to 0x031C state 420) */, + 0x08, /* fail */ +/* pos 0317: 416 */ 0xE3 /* 'c' -> */, +/* pos 0318: 417 */ 0xF4 /* 't' -> */, +/* pos 0319: 418 */ 0xBA /* ':' -> */, +/* pos 031a: 419 */ 0x00, 0x33 /* - terminal marker 51 - */, +/* pos 031c: 420 */ 0xF2 /* 'r' -> */, +/* pos 031d: 421 */ 0xE5 /* 'e' -> */, +/* pos 031e: 422 */ 0xF3 /* 's' -> */, +/* pos 031f: 423 */ 0xBA /* ':' -> */, +/* pos 0320: 424 */ 0x00, 0x34 /* - terminal marker 52 - */, +/* pos 0322: 425 */ 0xF2 /* 'r' -> */, +/* pos 0323: 426 */ 0xEF /* 'o' -> */, +/* pos 0324: 427 */ 0xED /* 'm' -> */, +/* pos 0325: 428 */ 0xBA /* ':' -> */, +/* pos 0326: 429 */ 0x00, 0x35 /* - terminal marker 53 - */, +/* pos 0328: 430 */ 0xF4 /* 't' -> */, +/* pos 0329: 431 */ 0xE3 /* 'c' -> */, +/* pos 032a: 432 */ 0xE8 /* 'h' -> */, +/* pos 032b: 433 */ 0xBA /* ':' -> */, +/* pos 032c: 434 */ 0x00, 0x36 /* - terminal marker 54 - */, +/* pos 032e: 435 */ 0xE1 /* 'a' -> */, +/* pos 032f: 436 */ 0xEE /* 'n' -> */, +/* pos 0330: 437 */ 0xE7 /* 'g' -> */, +/* pos 0331: 438 */ 0xE5 /* 'e' -> */, +/* pos 0332: 439 */ 0xBA /* ':' -> */, +/* pos 0333: 440 */ 0x00, 0x37 /* - terminal marker 55 - */, +/* pos 0335: 441 */ 0xEE /* 'n' -> */, +/* pos 0336: 442 */ 0xED /* 'm' -> */, +/* pos 0337: 443 */ 0xEF /* 'o' -> */, +/* pos 0338: 444 */ 0xE4 /* 'd' -> */, +/* pos 0339: 445 */ 0xE9 /* 'i' -> */, +/* pos 033a: 446 */ 0xE6 /* 'f' -> */, +/* pos 033b: 447 */ 0xE9 /* 'i' -> */, +/* pos 033c: 448 */ 0xE5 /* 'e' -> */, +/* pos 033d: 449 */ 0xE4 /* 'd' -> */, +/* pos 033e: 450 */ 0xAD /* '-' -> */, +/* pos 033f: 451 */ 0xF3 /* 's' -> */, +/* pos 0340: 452 */ 0xE9 /* 'i' -> */, +/* pos 0341: 453 */ 0xEE /* 'n' -> */, +/* pos 0342: 454 */ 0xE3 /* 'c' -> */, +/* pos 0343: 455 */ 0xE5 /* 'e' -> */, +/* pos 0344: 456 */ 0xBA /* ':' -> */, +/* pos 0345: 457 */ 0x00, 0x38 /* - terminal marker 56 - */, +/* pos 0347: 458 */ 0x61 /* 'a' */, 0x0A, 0x00 /* (to 0x0351 state 459) */, + 0x69 /* 'i' */, 0x15, 0x00 /* (to 0x035F state 472) */, + 0x6F /* 'o' */, 0x17, 0x00 /* (to 0x0364 state 476) */, + 0x08, /* fail */ +/* pos 0351: 459 */ 0xF3 /* 's' -> */, +/* pos 0352: 460 */ 0xF4 /* 't' -> */, +/* pos 0353: 461 */ 0xAD /* '-' -> */, +/* pos 0354: 462 */ 0xED /* 'm' -> */, +/* pos 0355: 463 */ 0xEF /* 'o' -> */, +/* pos 0356: 464 */ 0xE4 /* 'd' -> */, +/* pos 0357: 465 */ 0xE9 /* 'i' -> */, +/* pos 0358: 466 */ 0xE6 /* 'f' -> */, +/* pos 0359: 467 */ 0xE9 /* 'i' -> */, +/* pos 035a: 468 */ 0xE5 /* 'e' -> */, +/* pos 035b: 469 */ 0xE4 /* 'd' -> */, +/* pos 035c: 470 */ 0xBA /* ':' -> */, +/* pos 035d: 471 */ 0x00, 0x39 /* - terminal marker 57 - */, +/* pos 035f: 472 */ 0xEE /* 'n' -> */, +/* pos 0360: 473 */ 0xEB /* 'k' -> */, +/* pos 0361: 474 */ 0xBA /* ':' -> */, +/* pos 0362: 475 */ 0x00, 0x3A /* - terminal marker 58 - */, +/* pos 0364: 476 */ 0xE3 /* 'c' -> */, +/* pos 0365: 477 */ 0xE1 /* 'a' -> */, +/* pos 0366: 478 */ 0xF4 /* 't' -> */, +/* pos 0367: 479 */ 0xE9 /* 'i' -> */, +/* pos 0368: 480 */ 0xEF /* 'o' -> */, +/* pos 0369: 481 */ 0xEE /* 'n' -> */, +/* pos 036a: 482 */ 0xBA /* ':' -> */, +/* pos 036b: 483 */ 0x00, 0x3B /* - terminal marker 59 - */, +/* pos 036d: 484 */ 0xE1 /* 'a' -> */, +/* pos 036e: 485 */ 0xF8 /* 'x' -> */, +/* pos 036f: 486 */ 0xAD /* '-' -> */, +/* pos 0370: 487 */ 0xE6 /* 'f' -> */, +/* pos 0371: 488 */ 0xEF /* 'o' -> */, +/* pos 0372: 489 */ 0xF2 /* 'r' -> */, +/* pos 0373: 490 */ 0xF7 /* 'w' -> */, +/* pos 0374: 491 */ 0xE1 /* 'a' -> */, +/* pos 0375: 492 */ 0xF2 /* 'r' -> */, +/* pos 0376: 493 */ 0xE4 /* 'd' -> */, +/* pos 0377: 494 */ 0xF3 /* 's' -> */, +/* pos 0378: 495 */ 0xBA /* ':' -> */, +/* pos 0379: 496 */ 0x00, 0x3C /* - terminal marker 60 - */, +/* pos 037b: 497 */ 0xF8 /* 'x' -> */, +/* pos 037c: 498 */ 0xF9 /* 'y' -> */, +/* pos 037d: 499 */ 0x2D /* '-' */, 0x07, 0x00 /* (to 0x0384 state 500) */, + 0x20 /* ' ' */, 0xB5, 0x00 /* (to 0x0435 state 649) */, + 0x08, /* fail */ +/* pos 0384: 500 */ 0xE1 /* 'a' -> */, +/* pos 0385: 501 */ 0xF5 /* 'u' -> */, +/* pos 0386: 502 */ 0xF4 /* 't' -> */, +/* pos 0387: 503 */ 0xE8 /* 'h' -> */, +/* pos 0388: 504 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x038F state 505) */, + 0x6F /* 'o' */, 0x0E, 0x00 /* (to 0x0399 state 514) */, + 0x08, /* fail */ +/* pos 038f: 505 */ 0xEE /* 'n' -> */, +/* pos 0390: 506 */ 0xF4 /* 't' -> */, +/* pos 0391: 507 */ 0xE9 /* 'i' -> */, +/* pos 0392: 508 */ 0xE3 /* 'c' -> */, +/* pos 0393: 509 */ 0xE1 /* 'a' -> */, +/* pos 0394: 510 */ 0xF4 /* 't' -> */, +/* pos 0395: 511 */ 0xE5 /* 'e' -> */, +/* pos 0396: 512 */ 0xBA /* ':' -> */, +/* pos 0397: 513 */ 0x00, 0x3D /* - terminal marker 61 - */, +/* pos 0399: 514 */ 0xF2 /* 'r' -> */, +/* pos 039a: 515 */ 0xE9 /* 'i' -> */, +/* pos 039b: 516 */ 0xFA /* 'z' -> */, +/* pos 039c: 517 */ 0xE1 /* 'a' -> */, +/* pos 039d: 518 */ 0xF4 /* 't' -> */, +/* pos 039e: 519 */ 0xE9 /* 'i' -> */, +/* pos 039f: 520 */ 0xEF /* 'o' -> */, +/* pos 03a0: 521 */ 0xEE /* 'n' -> */, +/* pos 03a1: 522 */ 0xBA /* ':' -> */, +/* pos 03a2: 523 */ 0x00, 0x3E /* - terminal marker 62 - */, +/* pos 03a4: 524 */ 0xE5 /* 'e' -> */, +/* pos 03a5: 525 */ 0xF3 /* 's' -> */, +/* pos 03a6: 526 */ 0xE8 /* 'h' -> */, +/* pos 03a7: 527 */ 0xBA /* ':' -> */, +/* pos 03a8: 528 */ 0x00, 0x3F /* - terminal marker 63 - */, +/* pos 03aa: 529 */ 0xF2 /* 'r' -> */, +/* pos 03ab: 530 */ 0xF9 /* 'y' -> */, +/* pos 03ac: 531 */ 0xAD /* '-' -> */, +/* pos 03ad: 532 */ 0xE1 /* 'a' -> */, +/* pos 03ae: 533 */ 0xE6 /* 'f' -> */, +/* pos 03af: 534 */ 0xF4 /* 't' -> */, +/* pos 03b0: 535 */ 0xE5 /* 'e' -> */, +/* pos 03b1: 536 */ 0xF2 /* 'r' -> */, +/* pos 03b2: 537 */ 0xBA /* ':' -> */, +/* pos 03b3: 538 */ 0x00, 0x40 /* - terminal marker 64 - */, +/* pos 03b5: 539 */ 0xF6 /* 'v' -> */, +/* pos 03b6: 540 */ 0xE5 /* 'e' -> */, +/* pos 03b7: 541 */ 0xF2 /* 'r' -> */, +/* pos 03b8: 542 */ 0xBA /* ':' -> */, +/* pos 03b9: 543 */ 0x00, 0x41 /* - terminal marker 65 - */, +/* pos 03bb: 544 */ 0xAD /* '-' -> */, +/* pos 03bc: 545 */ 0xE3 /* 'c' -> */, +/* pos 03bd: 546 */ 0xEF /* 'o' -> */, +/* pos 03be: 547 */ 0xEF /* 'o' -> */, +/* pos 03bf: 548 */ 0xEB /* 'k' -> */, +/* pos 03c0: 549 */ 0xE9 /* 'i' -> */, +/* pos 03c1: 550 */ 0xE5 /* 'e' -> */, +/* pos 03c2: 551 */ 0xBA /* ':' -> */, +/* pos 03c3: 552 */ 0x00, 0x42 /* - terminal marker 66 - */, +/* pos 03c5: 553 */ 0xF2 /* 'r' -> */, +/* pos 03c6: 554 */ 0xE9 /* 'i' -> */, +/* pos 03c7: 555 */ 0xE3 /* 'c' -> */, +/* pos 03c8: 556 */ 0xF4 /* 't' -> */, +/* pos 03c9: 557 */ 0xAD /* '-' -> */, +/* pos 03ca: 558 */ 0xF4 /* 't' -> */, +/* pos 03cb: 559 */ 0xF2 /* 'r' -> */, +/* pos 03cc: 560 */ 0xE1 /* 'a' -> */, +/* pos 03cd: 561 */ 0xEE /* 'n' -> */, +/* pos 03ce: 562 */ 0xF3 /* 's' -> */, +/* pos 03cf: 563 */ 0xF0 /* 'p' -> */, +/* pos 03d0: 564 */ 0xEF /* 'o' -> */, +/* pos 03d1: 565 */ 0xF2 /* 'r' -> */, +/* pos 03d2: 566 */ 0xF4 /* 't' -> */, +/* pos 03d3: 567 */ 0xAD /* '-' -> */, +/* pos 03d4: 568 */ 0xF3 /* 's' -> */, +/* pos 03d5: 569 */ 0xE5 /* 'e' -> */, +/* pos 03d6: 570 */ 0xE3 /* 'c' -> */, +/* pos 03d7: 571 */ 0xF5 /* 'u' -> */, +/* pos 03d8: 572 */ 0xF2 /* 'r' -> */, +/* pos 03d9: 573 */ 0xE9 /* 'i' -> */, +/* pos 03da: 574 */ 0xF4 /* 't' -> */, +/* pos 03db: 575 */ 0xF9 /* 'y' -> */, +/* pos 03dc: 576 */ 0xBA /* ':' -> */, +/* pos 03dd: 577 */ 0x00, 0x43 /* - terminal marker 67 - */, +/* pos 03df: 578 */ 0xF2 /* 'r' -> */, +/* pos 03e0: 579 */ 0xE1 /* 'a' -> */, +/* pos 03e1: 580 */ 0xEE /* 'n' -> */, +/* pos 03e2: 581 */ 0xF3 /* 's' -> */, +/* pos 03e3: 582 */ 0xE6 /* 'f' -> */, +/* pos 03e4: 583 */ 0xE5 /* 'e' -> */, +/* pos 03e5: 584 */ 0xF2 /* 'r' -> */, +/* pos 03e6: 585 */ 0xAD /* '-' -> */, +/* pos 03e7: 586 */ 0xE5 /* 'e' -> */, +/* pos 03e8: 587 */ 0xEE /* 'n' -> */, +/* pos 03e9: 588 */ 0xE3 /* 'c' -> */, +/* pos 03ea: 589 */ 0xEF /* 'o' -> */, +/* pos 03eb: 590 */ 0xE4 /* 'd' -> */, +/* pos 03ec: 591 */ 0xE9 /* 'i' -> */, +/* pos 03ed: 592 */ 0xEE /* 'n' -> */, +/* pos 03ee: 593 */ 0xE7 /* 'g' -> */, +/* pos 03ef: 594 */ 0xBA /* ':' -> */, +/* pos 03f0: 595 */ 0x00, 0x44 /* - terminal marker 68 - */, +/* pos 03f2: 596 */ 0xE5 /* 'e' -> */, +/* pos 03f3: 597 */ 0xF2 /* 'r' -> */, +/* pos 03f4: 598 */ 0xAD /* '-' -> */, +/* pos 03f5: 599 */ 0xE1 /* 'a' -> */, +/* pos 03f6: 600 */ 0xE7 /* 'g' -> */, +/* pos 03f7: 601 */ 0xE5 /* 'e' -> */, +/* pos 03f8: 602 */ 0xEE /* 'n' -> */, +/* pos 03f9: 603 */ 0xF4 /* 't' -> */, +/* pos 03fa: 604 */ 0xBA /* ':' -> */, +/* pos 03fb: 605 */ 0x00, 0x45 /* - terminal marker 69 - */, +/* pos 03fd: 606 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x0404 state 607) */, + 0x69 /* 'i' */, 0x09, 0x00 /* (to 0x0409 state 611) */, + 0x08, /* fail */ +/* pos 0404: 607 */ 0xF2 /* 'r' -> */, +/* pos 0405: 608 */ 0xF9 /* 'y' -> */, +/* pos 0406: 609 */ 0xBA /* ':' -> */, +/* pos 0407: 610 */ 0x00, 0x46 /* - terminal marker 70 - */, +/* pos 0409: 611 */ 0xE1 /* 'a' -> */, +/* pos 040a: 612 */ 0xBA /* ':' -> */, +/* pos 040b: 613 */ 0x00, 0x47 /* - terminal marker 71 - */, +/* pos 040d: 614 */ 0xF7 /* 'w' -> */, +/* pos 040e: 615 */ 0xF7 /* 'w' -> */, +/* pos 040f: 616 */ 0xAD /* '-' -> */, +/* pos 0410: 617 */ 0xE1 /* 'a' -> */, +/* pos 0411: 618 */ 0xF5 /* 'u' -> */, +/* pos 0412: 619 */ 0xF4 /* 't' -> */, +/* pos 0413: 620 */ 0xE8 /* 'h' -> */, +/* pos 0414: 621 */ 0xE5 /* 'e' -> */, +/* pos 0415: 622 */ 0xEE /* 'n' -> */, +/* pos 0416: 623 */ 0xF4 /* 't' -> */, +/* pos 0417: 624 */ 0xE9 /* 'i' -> */, +/* pos 0418: 625 */ 0xE3 /* 'c' -> */, +/* pos 0419: 626 */ 0xE1 /* 'a' -> */, +/* pos 041a: 627 */ 0xF4 /* 't' -> */, +/* pos 041b: 628 */ 0xE5 /* 'e' -> */, +/* pos 041c: 629 */ 0xBA /* ':' -> */, +/* pos 041d: 630 */ 0x00, 0x48 /* - terminal marker 72 - */, +/* pos 041f: 631 */ 0xF4 /* 't' -> */, +/* pos 0420: 632 */ 0xE3 /* 'c' -> */, +/* pos 0421: 633 */ 0xE8 /* 'h' -> */, +/* pos 0422: 634 */ 0x00, 0x49 /* - terminal marker 73 - */, +/* pos 0424: 635 */ 0xF4 /* 't' -> */, +/* pos 0425: 636 */ 0x00, 0x4A /* - terminal marker 74 - */, +/* pos 0427: 637 */ 0xEC /* 'l' -> */, +/* pos 0428: 638 */ 0xE5 /* 'e' -> */, +/* pos 0429: 639 */ 0xF4 /* 't' -> */, +/* pos 042a: 640 */ 0xE5 /* 'e' -> */, +/* pos 042b: 641 */ 0x00, 0x4B /* - terminal marker 75 - */, +/* pos 042d: 642 */ 0xE9 /* 'i' -> */, +/* pos 042e: 643 */ 0xAD /* '-' -> */, +/* pos 042f: 644 */ 0xE1 /* 'a' -> */, +/* pos 0430: 645 */ 0xF2 /* 'r' -> */, +/* pos 0431: 646 */ 0xE7 /* 'g' -> */, +/* pos 0432: 647 */ 0xF3 /* 's' -> */, +/* pos 0433: 648 */ 0x00, 0x4C /* - terminal marker 76 - */, +/* pos 0435: 649 */ 0x00, 0x4D /* - terminal marker 77 - */, +/* pos 0437: 650 */ 0xAD /* '-' -> */, +/* pos 0438: 651 */ 0x72 /* 'r' */, 0x07, 0x00 /* (to 0x043F state 652) */, + 0x66 /* 'f' */, 0x10, 0x00 /* (to 0x044B state 662) */, + 0x08, /* fail */ +/* pos 043f: 652 */ 0xE5 /* 'e' -> */, +/* pos 0440: 653 */ 0xE1 /* 'a' -> */, +/* pos 0441: 654 */ 0xEC /* 'l' -> */, +/* pos 0442: 655 */ 0xAD /* '-' -> */, +/* pos 0443: 656 */ 0xE9 /* 'i' -> */, +/* pos 0444: 657 */ 0xF0 /* 'p' -> */, +/* pos 0445: 658 */ 0xBA /* ':' -> */, +/* pos 0446: 659 */ 0x00, 0x4E /* - terminal marker 78 - */, +/* pos 0448: 660 */ 0xA0 /* ' ' -> */, +/* pos 0449: 661 */ 0x00, 0x4F /* - terminal marker 79 - */, +/* pos 044b: 662 */ 0xEF /* 'o' -> */, +/* pos 044c: 663 */ 0xF2 /* 'r' -> */, +/* pos 044d: 664 */ 0xF7 /* 'w' -> */, +/* pos 044e: 665 */ 0xE1 /* 'a' -> */, +/* pos 044f: 666 */ 0xF2 /* 'r' -> */, +/* pos 0450: 667 */ 0xE4 /* 'd' -> */, +/* pos 0451: 668 */ 0xE5 /* 'e' -> */, +/* pos 0452: 669 */ 0xE4 /* 'd' -> */, +/* pos 0453: 670 */ 0xAD /* '-' -> */, +/* pos 0454: 671 */ 0xE6 /* 'f' -> */, +/* pos 0455: 672 */ 0xEF /* 'o' -> */, +/* pos 0456: 673 */ 0xF2 /* 'r' -> */, +/* pos 0457: 674 */ 0x00, 0x50 /* - terminal marker 80 - */, +/* pos 0459: 675 */ 0x00, 0x51 /* - terminal marker 81 - */, +/* total size 1115 bytes */ diff --git a/lib/libev.c b/lib/libev.c new file mode 100644 index 0000000..e422d7e --- /dev/null +++ b/lib/libev.c @@ -0,0 +1,233 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +void lws_feature_status_libev(struct lws_context_creation_info *info) +{ + if (lws_check_opt(info->options, LWS_SERVER_OPTION_LIBEV)) + lwsl_notice("libev support compiled in and enabled\n"); + else + lwsl_notice("libev support compiled in but disabled\n"); +} + +static void +lws_accept_cb(struct ev_loop *loop, struct ev_io *watcher, int revents) +{ + struct lws_io_watcher *lws_io = lws_container_of(watcher, + struct lws_io_watcher, ev_watcher); + struct lws_context *context = lws_io->context; + struct lws_pollfd eventfd; + + if (revents & EV_ERROR) + return; + + eventfd.fd = watcher->fd; + eventfd.events = 0; + eventfd.revents = EV_NONE; + if (revents & EV_READ) { + eventfd.events |= LWS_POLLIN; + eventfd.revents |= LWS_POLLIN; + } + if (revents & EV_WRITE) { + eventfd.events |= LWS_POLLOUT; + eventfd.revents |= LWS_POLLOUT; + } + lws_service_fd(context, &eventfd); +} + +LWS_VISIBLE void +lws_ev_sigint_cb(struct ev_loop *loop, struct ev_signal *watcher, int revents) +{ + ev_break(loop, EVBREAK_ALL); +} + +LWS_VISIBLE int +lws_ev_sigint_cfg(struct lws_context *context, int use_ev_sigint, + lws_ev_signal_cb_t *cb) +{ + context->use_ev_sigint = use_ev_sigint; + if (cb) + context->lws_ev_sigint_cb = cb; + else + context->lws_ev_sigint_cb = &lws_ev_sigint_cb; + + return 0; +} + +LWS_VISIBLE int +lws_ev_initloop(struct lws_context *context, struct ev_loop *loop, int tsi) +{ + struct ev_signal *w_sigint = &context->pt[tsi].w_sigint.ev_watcher; + struct ev_io *w_accept = &context->pt[tsi].w_accept.ev_watcher; + struct lws_vhost *vh = context->vhost_list; + const char * backend_name; + int status = 0; + int backend; + + if (!loop) + loop = ev_loop_new(0); + else + context->pt[tsi].ev_loop_foreign = 1; + + context->pt[tsi].io_loop_ev = loop; + + /* + * Initialize the accept w_accept with all the listening sockets + * and register a callback for read operations + */ + while (vh) { + if (vh->lserv_wsi) { + vh->lserv_wsi->w_read.context = context; + ev_io_init(w_accept, lws_accept_cb, vh->lserv_wsi->desc.sockfd, + EV_READ); + } + vh = vh->vhost_next; + } + ev_io_start(context->pt[tsi].io_loop_ev, w_accept); + + /* Register the signal watcher unless the user says not to */ + if (context->use_ev_sigint) { + ev_signal_init(w_sigint, context->lws_ev_sigint_cb, SIGINT); + ev_signal_start(context->pt[tsi].io_loop_ev, w_sigint); + } + backend = ev_backend(loop); + + switch (backend) { + case EVBACKEND_SELECT: + backend_name = "select"; + break; + case EVBACKEND_POLL: + backend_name = "poll"; + break; + case EVBACKEND_EPOLL: + backend_name = "epoll"; + break; + case EVBACKEND_KQUEUE: + backend_name = "kqueue"; + break; + case EVBACKEND_DEVPOLL: + backend_name = "/dev/poll"; + break; + case EVBACKEND_PORT: + backend_name = "Solaris 10 \"port\""; + break; + default: + backend_name = "Unknown libev backend"; + break; + } + + lwsl_notice(" libev backend: %s\n", backend_name); + + return status; +} + +void +lws_libev_destroyloop(struct lws_context *context, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; + + if (!lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEV)) + return; + + if (!pt->io_loop_ev) + return; + + ev_io_stop(pt->io_loop_ev, &pt->w_accept.ev_watcher); + if (context->use_ev_sigint) + ev_signal_stop(pt->io_loop_ev, + &pt->w_sigint.ev_watcher); + if (!pt->ev_loop_foreign) + ev_loop_destroy(pt->io_loop_ev); +} + +LWS_VISIBLE void +lws_libev_accept(struct lws *new_wsi, lws_sock_file_fd_type desc) +{ + struct lws_context *context = lws_get_context(new_wsi); + struct ev_io *r = &new_wsi->w_read.ev_watcher; + struct ev_io *w = &new_wsi->w_write.ev_watcher; + int fd; + + if (!LWS_LIBEV_ENABLED(context)) + return; + + if (new_wsi->mode == LWSCM_RAW_FILEDESC) + fd = desc.filefd; + else + fd = desc.sockfd; + + new_wsi->w_read.context = context; + new_wsi->w_write.context = context; + ev_io_init(r, lws_accept_cb, fd, EV_READ); + ev_io_init(w, lws_accept_cb, fd, EV_WRITE); +} + +LWS_VISIBLE void +lws_libev_io(struct lws *wsi, int flags) +{ + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + + if (!LWS_LIBEV_ENABLED(context)) + return; + + if (!pt->io_loop_ev) + return; + + assert((flags & (LWS_EV_START | LWS_EV_STOP)) && + (flags & (LWS_EV_READ | LWS_EV_WRITE))); + + if (flags & LWS_EV_START) { + if (flags & LWS_EV_WRITE) + ev_io_start(pt->io_loop_ev, &wsi->w_write.ev_watcher); + if (flags & LWS_EV_READ) + ev_io_start(pt->io_loop_ev, &wsi->w_read.ev_watcher); + } else { + if (flags & LWS_EV_WRITE) + ev_io_stop(pt->io_loop_ev, &wsi->w_write.ev_watcher); + if (flags & LWS_EV_READ) + ev_io_stop(pt->io_loop_ev, &wsi->w_read.ev_watcher); + } +} + +LWS_VISIBLE int +lws_libev_init_fd_table(struct lws_context *context) +{ + int n; + + if (!LWS_LIBEV_ENABLED(context)) + return 0; + + for (n = 0; n < context->count_threads; n++) { + context->pt[n].w_accept.context = context; + context->pt[n].w_sigint.context = context; + } + + return 1; +} + +LWS_VISIBLE void +lws_libev_run(const struct lws_context *context, int tsi) +{ + if (context->pt[tsi].io_loop_ev && LWS_LIBEV_ENABLED(context)) + ev_run(context->pt[tsi].io_loop_ev, 0); +} diff --git a/lib/libevent.c b/lib/libevent.c new file mode 100644 index 0000000..bae04b4 --- /dev/null +++ b/lib/libevent.c @@ -0,0 +1,249 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +void lws_feature_status_libevent(struct lws_context_creation_info *info) +{ + if (lws_check_opt(info->options, LWS_SERVER_OPTION_LIBEVENT)) + lwsl_notice("libevent support compiled in and enabled\n"); + else + lwsl_notice("libevent support compiled in but disabled\n"); +} + +static void +lws_event_cb(evutil_socket_t sock_fd, short revents, void *ctx) +{ + struct lws_io_watcher *lws_io = (struct lws_io_watcher *)ctx; + struct lws_context *context = lws_io->context; + struct lws_pollfd eventfd; + + if (revents & EV_TIMEOUT) + return; + + /* !!! EV_CLOSED doesn't exist in libevent2 */ +#if LIBEVENT_VERSION_NUMBER < 0x02000000 + if (revents & EV_CLOSED) + { + event_del(lws_io->event_watcher); + event_free(lws_io->event_watcher); + return; + } +#endif + + eventfd.fd = sock_fd; + eventfd.events = 0; + eventfd.revents = 0; + if (revents & EV_READ) + { + eventfd.events |= LWS_POLLIN; + eventfd.revents |= LWS_POLLIN; + } + if (revents & EV_WRITE) + { + eventfd.events |= LWS_POLLOUT; + eventfd.revents |= LWS_POLLOUT; + } + lws_service_fd(context, &eventfd); +} + +LWS_VISIBLE void +lws_event_sigint_cb(evutil_socket_t sock_fd, short revents, void *ctx) +{ + struct lws_context_per_thread *pt = ctx; + if (!pt->ev_loop_foreign) + event_base_loopbreak(pt->io_loop_event_base); +} + +LWS_VISIBLE int +lws_event_sigint_cfg(struct lws_context *context, int use_event_sigint, + lws_event_signal_cb_t *cb) +{ + context->use_ev_sigint = use_event_sigint; + if (cb) + context->lws_event_sigint_cb = cb; + else + context->lws_event_sigint_cb = &lws_event_sigint_cb; + + return 0; +} + +LWS_VISIBLE int +lws_event_initloop(struct lws_context *context, struct event_base *loop, + int tsi) +{ + if (!loop) + { + context->pt[tsi].io_loop_event_base = event_base_new(); + } + else + { + context->pt[tsi].ev_loop_foreign = 1; + context->pt[tsi].io_loop_event_base = loop; + } + + /* + * Initialize all events with the listening sockets + * and register a callback for read operations + */ + struct lws_vhost *vh = context->vhost_list; + while (vh) + { + if (vh->lserv_wsi) + { + vh->lserv_wsi->w_read.context = context; + vh->lserv_wsi->w_read.event_watcher = event_new( + loop, + vh->lserv_wsi->desc.sockfd, + (EV_READ | EV_PERSIST), + lws_event_cb, + &vh->lserv_wsi->w_read); + event_add(vh->lserv_wsi->w_read.event_watcher, NULL); + } + vh = vh->vhost_next; + } + + /* Register the signal watcher unless the user says not to */ + if (context->use_ev_sigint) + { + struct event *w_sigint = evsignal_new(loop, SIGINT, + context->lws_event_sigint_cb, &context->pt[tsi]); + context->pt[tsi].w_sigint.event_watcher = w_sigint; + event_add(w_sigint, NULL); + } + + return 0; +} + +void +lws_libevent_destroyloop(struct lws_context *context, int tsi) +{ + if (!lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEVENT)) + return; + + struct lws_context_per_thread *pt = &context->pt[tsi]; + if (!pt->io_loop_event_base) + return; + + /* + * Free all events with the listening sockets + */ + struct lws_vhost *vh = context->vhost_list; + while (vh) + { + if (vh->lserv_wsi) + { + event_free(vh->lserv_wsi->w_read.event_watcher); + vh->lserv_wsi->w_read.event_watcher = NULL; + } + vh = vh->vhost_next; + } + + if (context->use_ev_sigint) + event_free(pt->w_sigint.event_watcher); + if (!pt->ev_loop_foreign) + event_base_free(pt->io_loop_event_base); +} + +LWS_VISIBLE void +lws_libevent_accept(struct lws *new_wsi, lws_sock_file_fd_type desc) +{ + struct lws_context *context = lws_get_context(new_wsi); + if (!LWS_LIBEVENT_ENABLED(context)) + return; + + new_wsi->w_read.context = context; + new_wsi->w_write.context = context; + + // Initialize the event + struct lws_context_per_thread *pt = &context->pt[(int)new_wsi->tsi]; + int fd; + if (new_wsi->mode == LWSCM_RAW_FILEDESC) + fd = desc.filefd; + else + fd = desc.sockfd; + new_wsi->w_read.event_watcher = event_new(pt->io_loop_event_base, fd, + (EV_READ | EV_PERSIST), lws_event_cb, &new_wsi->w_read); + new_wsi->w_write.event_watcher = event_new(pt->io_loop_event_base, fd, + (EV_WRITE | EV_PERSIST), lws_event_cb, &new_wsi->w_write); +} + +LWS_VISIBLE void +lws_libevent_io(struct lws *wsi, int flags) +{ + struct lws_context *context = lws_get_context(wsi); + + if (!LWS_LIBEVENT_ENABLED(context)) + return; + + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + if (!pt->io_loop_event_base || context->being_destroyed) + return; + + assert((flags & (LWS_EV_START | LWS_EV_STOP)) && + (flags & (LWS_EV_READ | LWS_EV_WRITE))); + + if (flags & LWS_EV_START) + { + if (flags & LWS_EV_WRITE) + { + event_add(wsi->w_write.event_watcher, NULL); + } + if (flags & LWS_EV_READ) + { + event_add(wsi->w_read.event_watcher, NULL); + } + } + else + { + if (flags & LWS_EV_WRITE) + { + event_del(wsi->w_write.event_watcher); + } + if (flags & LWS_EV_READ) + { + event_del(wsi->w_read.event_watcher); + } + } +} + +LWS_VISIBLE int +lws_libevent_init_fd_table(struct lws_context *context) +{ + if (!LWS_LIBEVENT_ENABLED(context)) + return 0; + + int n; + for (n = 0; n < context->count_threads; n++) + { + context->pt[n].w_sigint.context = context; + } + + return 1; +} + +LWS_VISIBLE void +lws_libevent_run(const struct lws_context *context, int tsi) +{ + // Run/Dispatch the event_base loop + if (context->pt[tsi].io_loop_event_base && LWS_LIBEVENT_ENABLED(context)) + event_base_dispatch(context->pt[tsi].io_loop_event_base); +} diff --git a/lib/libuv.c b/lib/libuv.c new file mode 100644 index 0000000..7d305d7 --- /dev/null +++ b/lib/libuv.c @@ -0,0 +1,723 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +void +lws_feature_status_libuv(struct lws_context_creation_info *info) +{ + if (lws_check_opt(info->options, LWS_SERVER_OPTION_LIBUV)) + lwsl_notice("libuv support compiled in and enabled\n"); + else + lwsl_notice("libuv support compiled in but disabled\n"); +} + +static void +lws_uv_idle(uv_idle_t *handle +#if UV_VERSION_MAJOR == 0 + , int status +#endif +) +{ + struct lws_context_per_thread *pt = lws_container_of(handle, + struct lws_context_per_thread, uv_idle); + +// lwsl_debug("%s\n", __func__); + + /* + * is there anybody with pending stuff that needs service forcing? + */ + if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) { + /* -1 timeout means just do forced service */ + _lws_plat_service_tsi(pt->context, -1, pt->tid); + /* still somebody left who wants forced service? */ + if (!lws_service_adjust_timeout(pt->context, 1, pt->tid)) + /* yes... come back again later */ +// lwsl_debug("%s: done again\n", __func__); + return; + } + + /* there is nobody who needs service forcing, shut down idle */ + uv_idle_stop(handle); + + //lwsl_debug("%s: done stop\n", __func__); +} + +static void +lws_io_cb(uv_poll_t *watcher, int status, int revents) +{ + struct lws_io_watcher *lws_io = lws_container_of(watcher, + struct lws_io_watcher, uv_watcher); + struct lws *wsi = lws_container_of(lws_io, struct lws, w_read); + struct lws_context *context = wsi->context; + struct lws_pollfd eventfd; + +#if defined(WIN32) || defined(_WIN32) + eventfd.fd = watcher->socket; +#else + eventfd.fd = watcher->io_watcher.fd; +#endif + eventfd.events = 0; + eventfd.revents = 0; + + if (status < 0) { + /* at this point status will be an UV error, like UV_EBADF, + we treat all errors as LWS_POLLHUP */ + + /* you might want to return; instead of servicing the fd in some cases */ + if (status == UV_EAGAIN) + return; + + eventfd.events |= LWS_POLLHUP; + eventfd.revents |= LWS_POLLHUP; + } else { + if (revents & UV_READABLE) { + eventfd.events |= LWS_POLLIN; + eventfd.revents |= LWS_POLLIN; + } + if (revents & UV_WRITABLE) { + eventfd.events |= LWS_POLLOUT; + eventfd.revents |= LWS_POLLOUT; + } + } + lws_service_fd(context, &eventfd); + + uv_idle_start(&context->pt[(int)wsi->tsi].uv_idle, lws_uv_idle); +} + +LWS_VISIBLE void +lws_uv_sigint_cb(uv_signal_t *watcher, int signum) +{ + lwsl_err("internal signal handler caught signal %d\n", signum); + lws_libuv_stop(watcher->data); +} + +LWS_VISIBLE int +lws_uv_sigint_cfg(struct lws_context *context, int use_uv_sigint, + uv_signal_cb cb) +{ + context->use_ev_sigint = use_uv_sigint; + if (cb) + context->lws_uv_sigint_cb = cb; + else + context->lws_uv_sigint_cb = &lws_uv_sigint_cb; + + return 0; +} + +static void +lws_uv_timeout_cb(uv_timer_t *timer +#if UV_VERSION_MAJOR == 0 + , int status +#endif +) +{ + struct lws_context_per_thread *pt = lws_container_of(timer, + struct lws_context_per_thread, uv_timeout_watcher); + + if (pt->context->requested_kill) + return; + + lwsl_debug("%s\n", __func__); + + lws_service_fd_tsi(pt->context, NULL, pt->tid); +} + +static const int sigs[] = { SIGINT, SIGTERM, SIGSEGV, SIGFPE, SIGHUP }; + +int +lws_uv_initvhost(struct lws_vhost* vh, struct lws* wsi) +{ + struct lws_context_per_thread *pt; + int n; + + if (!LWS_LIBUV_ENABLED(vh->context)) + return 0; + if (!wsi) + wsi = vh->lserv_wsi; + if (!wsi) + return 0; + if (wsi->w_read.context) + return 0; + + pt = &vh->context->pt[(int)wsi->tsi]; + if (!pt->io_loop_uv) + return 0; + + wsi->w_read.context = vh->context; + n = uv_poll_init_socket(pt->io_loop_uv, + &wsi->w_read.uv_watcher, wsi->desc.sockfd); + if (n) { + lwsl_err("uv_poll_init failed %d, sockfd=%p\n", + n, (void *)(lws_intptr_t)wsi->desc.sockfd); + + return -1; + } + lws_libuv_io(wsi, LWS_EV_START | LWS_EV_READ); + + return 0; +} + +/* + * This needs to be called after vhosts have been defined. + * + * If later, after server start, another vhost is added, this must be + * called again to bind the vhost + */ + +LWS_VISIBLE int +lws_uv_initloop(struct lws_context *context, uv_loop_t *loop, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; + struct lws_vhost *vh = context->vhost_list; + int status = 0, n, ns, first = 1; + + if (!pt->io_loop_uv) { + if (!loop) { + loop = lws_malloc(sizeof(*loop)); + if (!loop) { + lwsl_err("OOM\n"); + return -1; + } + #if UV_VERSION_MAJOR > 0 + uv_loop_init(loop); + #else + lwsl_err("This libuv is too old to work...\n"); + return 1; + #endif + pt->ev_loop_foreign = 0; + } else { + lwsl_notice(" Using foreign event loop...\n"); + pt->ev_loop_foreign = 1; + } + + pt->io_loop_uv = loop; + uv_idle_init(loop, &pt->uv_idle); + + ns = ARRAY_SIZE(sigs); + if (lws_check_opt(context->options, + LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN)) + ns = 2; + + if (pt->context->use_ev_sigint) { + assert(ns <= ARRAY_SIZE(pt->signals)); + for (n = 0; n < ns; n++) { + uv_signal_init(loop, &pt->signals[n]); + pt->signals[n].data = pt->context; + uv_signal_start(&pt->signals[n], + context->lws_uv_sigint_cb, sigs[n]); + } + } + } else + first = 0; + + /* + * Initialize the accept wsi read watcher with all the listening sockets + * and register a callback for read operations + * + * We have to do it here because the uv loop(s) are not + * initialized until after context creation. + */ + while (vh) { + if (lws_uv_initvhost(vh, vh->lserv_wsi) == -1) + return -1; + vh = vh->vhost_next; + } + + if (first) { + uv_timer_init(pt->io_loop_uv, &pt->uv_timeout_watcher); + uv_timer_start(&pt->uv_timeout_watcher, lws_uv_timeout_cb, + 10, 1000); + } + + return status; +} + +static void lws_uv_close_cb(uv_handle_t *handle) +{ + //lwsl_err("%s: handle %p\n", __func__, handle); +} + +static void lws_uv_walk_cb(uv_handle_t *handle, void *arg) +{ + if (!uv_is_closing(handle)) + uv_close(handle, lws_uv_close_cb); +} + +LWS_VISIBLE void +lws_close_all_handles_in_loop(uv_loop_t *loop) +{ + uv_walk(loop, lws_uv_walk_cb, NULL); +} + +void +lws_libuv_destroyloop(struct lws_context *context, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; +// struct lws_context *ctx; + int m, budget = 100, ns; + + if (!lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) + return; + + if (!pt->io_loop_uv) + return; + + lwsl_notice("%s: closing signals + timers context %p\n", __func__, context); + + if (context->use_ev_sigint) { + uv_signal_stop(&pt->w_sigint.uv_watcher); + + ns = ARRAY_SIZE(sigs); + if (lws_check_opt(context->options, LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN)) + ns = 2; + + for (m = 0; m < ns; m++) { + uv_signal_stop(&pt->signals[m]); + uv_close((uv_handle_t *)&pt->signals[m], lws_uv_close_cb); + } + } + + uv_timer_stop(&pt->uv_timeout_watcher); + uv_close((uv_handle_t *)&pt->uv_timeout_watcher, lws_uv_close_cb); + + uv_idle_stop(&pt->uv_idle); + uv_close((uv_handle_t *)&pt->uv_idle, lws_uv_close_cb); + + if (pt->ev_loop_foreign) + return; + + while (budget-- && uv_run(pt->io_loop_uv, UV_RUN_NOWAIT)) + ; + + lwsl_notice("%s: closing all loop handles context %p\n", __func__, context); + + uv_stop(pt->io_loop_uv); + + uv_walk(pt->io_loop_uv, lws_uv_walk_cb, NULL); + + while (uv_run(pt->io_loop_uv, UV_RUN_NOWAIT)) + ; +#if UV_VERSION_MAJOR > 0 + m = uv_loop_close(pt->io_loop_uv); + if (m == UV_EBUSY) + lwsl_err("%s: uv_loop_close: UV_EBUSY\n", __func__); +#endif + lws_free(pt->io_loop_uv); +} + +void +lws_libuv_accept(struct lws *wsi, lws_sock_file_fd_type desc) +{ + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + if (!LWS_LIBUV_ENABLED(context)) + return; + + lwsl_debug("%s: new wsi %p\n", __func__, wsi); + + wsi->w_read.context = context; + if (wsi->mode == LWSCM_RAW_FILEDESC) + uv_poll_init(pt->io_loop_uv, &wsi->w_read.uv_watcher, + (int)desc.filefd); + else + uv_poll_init_socket(pt->io_loop_uv, &wsi->w_read.uv_watcher, + desc.sockfd); +} + +void +lws_libuv_io(struct lws *wsi, int flags) +{ + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; +#if defined(WIN32) || defined(_WIN32) + int current_events = wsi->w_read.uv_watcher.events & + (UV_READABLE | UV_WRITABLE); +#else + int current_events = wsi->w_read.uv_watcher.io_watcher.pevents & + (UV_READABLE | UV_WRITABLE); +#endif + struct lws_io_watcher *w = &wsi->w_read; + + if (!LWS_LIBUV_ENABLED(context)) + return; + + // lwsl_notice("%s: wsi: %p, flags:0x%x\n", __func__, wsi, flags); + + // w->context is set after the loop is initialized + + if (!pt->io_loop_uv || !w->context) { + lwsl_info("%s: no io loop yet\n", __func__); + return; + } + + if (!((flags & (LWS_EV_START | LWS_EV_STOP)) && + (flags & (LWS_EV_READ | LWS_EV_WRITE)))) { + lwsl_err("%s: assert: flags %d", __func__, flags); + assert(0); + } + + if (flags & LWS_EV_START) { + if (flags & LWS_EV_WRITE) + current_events |= UV_WRITABLE; + + if (flags & LWS_EV_READ) + current_events |= UV_READABLE; + + uv_poll_start(&w->uv_watcher, current_events, lws_io_cb); + } else { + if (flags & LWS_EV_WRITE) + current_events &= ~UV_WRITABLE; + + if (flags & LWS_EV_READ) + current_events &= ~UV_READABLE; + + if (!(current_events & (UV_READABLE | UV_WRITABLE))) + uv_poll_stop(&w->uv_watcher); + else + uv_poll_start(&w->uv_watcher, current_events, + lws_io_cb); + } +} + +int +lws_libuv_init_fd_table(struct lws_context *context) +{ + int n; + + if (!LWS_LIBUV_ENABLED(context)) + return 0; + + for (n = 0; n < context->count_threads; n++) + context->pt[n].w_sigint.context = context; + + return 1; +} + +LWS_VISIBLE void +lws_libuv_run(const struct lws_context *context, int tsi) +{ + if (context->pt[tsi].io_loop_uv && LWS_LIBUV_ENABLED(context)) + uv_run(context->pt[tsi].io_loop_uv, 0); +} + +LWS_VISIBLE void +lws_libuv_stop_without_kill(const struct lws_context *context, int tsi) +{ + if (context->pt[tsi].io_loop_uv && LWS_LIBUV_ENABLED(context)) + uv_stop(context->pt[tsi].io_loop_uv); +} + +static void +lws_libuv_kill(const struct lws_context *context) +{ + int n; + + lwsl_notice("%s\n", __func__); + + for (n = 0; n < context->count_threads; n++) + if (context->pt[n].io_loop_uv && + LWS_LIBUV_ENABLED(context) )//&& + //!context->pt[n].ev_loop_foreign) + uv_stop(context->pt[n].io_loop_uv); +} + +/* + * This does not actually stop the event loop. The reason is we have to pass + * libuv handle closures through its event loop. So this tries to close all + * wsi, and set a flag; when all the wsi closures are finalized then we + * actually stop the libuv event loops. + */ + +LWS_VISIBLE void +lws_libuv_stop(struct lws_context *context) +{ + struct lws_context_per_thread *pt; + int n, m; + + if (context->requested_kill) + return; + + context->requested_kill = 1; + + m = context->count_threads; + context->being_destroyed = 1; + + while (m--) { + pt = &context->pt[m]; + + for (n = 0; (unsigned int)n < context->pt[m].fds_count; n++) { + struct lws *wsi = wsi_from_fd(context, pt->fds[n].fd); + + if (!wsi) + continue; + lws_close_free_wsi(wsi, + LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY + /* no protocol close */); + n--; + } + } + + lwsl_info("%s: feels everything closed\n", __func__); + if (context->count_wsi_allocated == 0) + lws_libuv_kill(context); +} + +LWS_VISIBLE uv_loop_t * +lws_uv_getloop(struct lws_context *context, int tsi) +{ + if (context->pt[tsi].io_loop_uv && LWS_LIBUV_ENABLED(context)) + return context->pt[tsi].io_loop_uv; + + return NULL; +} + +static void +lws_libuv_closewsi(uv_handle_t* handle) +{ + struct lws *n = NULL, *wsi = (struct lws *)(((char *)handle) - + (char *)(&n->w_read.uv_watcher)); + struct lws_context *context = lws_get_context(wsi); + int lspd = 0; + + if (wsi->mode == LWSCM_SERVER_LISTENER && + wsi->context->deprecated) { + lspd = 1; + context->deprecation_pending_listen_close_count--; + if (!context->deprecation_pending_listen_close_count) + lspd = 2; + } + + lws_close_free_wsi_final(wsi); + + if (lspd == 2 && context->deprecation_cb) { + lwsl_notice("calling deprecation callback\n"); + context->deprecation_cb(); + } + + //lwsl_notice("%s: ctx %p: wsi left %d\n", __func__, context, context->count_wsi_allocated); + + if (context->requested_kill && context->count_wsi_allocated == 0) + lws_libuv_kill(context); +} + +void +lws_libuv_closehandle(struct lws *wsi) +{ + struct lws_context *context = lws_get_context(wsi); + + /* required to defer actual deletion until libuv has processed it */ + uv_close((uv_handle_t*)&wsi->w_read.uv_watcher, lws_libuv_closewsi); + + if (context->requested_kill && context->count_wsi_allocated == 0) + lws_libuv_kill(context); +} + +static void +lws_libuv_closewsi_m(uv_handle_t* handle) +{ + lws_sockfd_type sockfd = (lws_sockfd_type)(lws_intptr_t)handle->data; + + compatible_close(sockfd); +} + +void +lws_libuv_closehandle_manually(struct lws *wsi) +{ + uv_handle_t *h = (void *)&wsi->w_read.uv_watcher; + + h->data = (void *)(lws_intptr_t)wsi->desc.sockfd; + /* required to defer actual deletion until libuv has processed it */ + uv_close((uv_handle_t*)&wsi->w_read.uv_watcher, lws_libuv_closewsi_m); +} + +int +lws_libuv_check_watcher_active(struct lws *wsi) +{ + uv_handle_t *h = (void *)&wsi->w_read.uv_watcher; + + return uv_is_active(h); +} + + +#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) + +LWS_VISIBLE int +lws_plat_plugins_init(struct lws_context *context, const char * const *d) +{ + struct lws_plugin_capability lcaps; + struct lws_plugin *plugin; + lws_plugin_init_func initfunc; + int m, ret = 0; + void *v; + uv_dirent_t dent; + uv_fs_t req; + char path[256]; + uv_lib_t lib; + int pofs = 0; + +#if defined(__MINGW32__) || !defined(WIN32) + pofs = 3; +#endif + + lib.errmsg = NULL; + lib.handle = NULL; + + uv_loop_init(&context->pu_loop); + + lwsl_notice(" Plugins:\n"); + + while (d && *d) { + + lwsl_notice(" Scanning %s\n", *d); + m =uv_fs_scandir(&context->pu_loop, &req, *d, 0, NULL); + if (m < 1) { + lwsl_err("Scandir on %s failed\n", *d); + return 1; + } + + while (uv_fs_scandir_next(&req, &dent) != UV_EOF) { + if (strlen(dent.name) < 7) + continue; + + lwsl_notice(" %s\n", dent.name); + + lws_snprintf(path, sizeof(path) - 1, "%s/%s", *d, dent.name); + if (uv_dlopen(path, &lib)) { + uv_dlerror(&lib); + lwsl_err("Error loading DSO: %s\n", lib.errmsg); + uv_dlclose(&lib); + goto bail; + } + + /* we could open it, can we get his init function? */ + +#if !defined(WIN32) && !defined(__MINGW32__) + m = lws_snprintf(path, sizeof(path) - 1, "init_%s", + dent.name + pofs /* snip lib... */); + path[m - 3] = '\0'; /* snip the .so */ +#else + m = lws_snprintf(path, sizeof(path) - 1, "init_%s", + dent.name + pofs); + path[m - 4] = '\0'; /* snip the .dll */ +#endif + if (uv_dlsym(&lib, path, &v)) { + uv_dlerror(&lib); + lwsl_err("Failed to get %s on %s: %s", path, + dent.name, lib.errmsg); + uv_dlclose(&lib); + goto bail; + } + initfunc = (lws_plugin_init_func)v; + lcaps.api_magic = LWS_PLUGIN_API_MAGIC; + m = initfunc(context, &lcaps); + if (m) { + lwsl_err("Initializing %s failed %d\n", dent.name, m); + goto skip; + } + + plugin = lws_malloc(sizeof(*plugin)); + if (!plugin) { + uv_dlclose(&lib); + lwsl_err("OOM\n"); + goto bail; + } + plugin->list = context->plugin_list; + context->plugin_list = plugin; + strncpy(plugin->name, dent.name, sizeof(plugin->name) - 1); + plugin->name[sizeof(plugin->name) - 1] = '\0'; + plugin->lib = lib; + plugin->caps = lcaps; + context->plugin_protocol_count += lcaps.count_protocols; + context->plugin_extension_count += lcaps.count_extensions; + + continue; + +skip: + uv_dlclose(&lib); + } +bail: + uv_fs_req_cleanup(&req); + d++; + } + + return ret; +} + +LWS_VISIBLE int +lws_plat_plugins_destroy(struct lws_context *context) +{ + struct lws_plugin *plugin = context->plugin_list, *p; + lws_plugin_destroy_func func; + char path[256]; + void *v; + int m; + int pofs = 0; + +#if defined(__MINGW32__) || !defined(WIN32) + pofs = 3; +#endif + + if (!plugin) + return 0; + + // lwsl_notice("%s\n", __func__); + + while (plugin) { + p = plugin; + +#if !defined(WIN32) && !defined(__MINGW32__) + m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", plugin->name + pofs); + path[m - 3] = '\0'; +#else + m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", plugin->name + pofs); + path[m - 4] = '\0'; +#endif + + if (uv_dlsym(&plugin->lib, path, &v)) { + uv_dlerror(&plugin->lib); + lwsl_err("Failed to get %s on %s: %s", path, + plugin->name, plugin->lib.errmsg); + } else { + func = (lws_plugin_destroy_func)v; + m = func(context); + if (m) + lwsl_err("Destroying %s failed %d\n", + plugin->name, m); + } + + uv_dlclose(&p->lib); + plugin = p->list; + p->list = NULL; + free(p); + } + + context->plugin_list = NULL; + + while (uv_loop_close(&context->pu_loop)) + ; + + return 0; +} + +#endif + diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c new file mode 100755 index 0000000..e774b93 --- /dev/null +++ b/lib/libwebsockets.c @@ -0,0 +1,3634 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +#ifdef LWS_HAVE_SYS_TYPES_H +#include +#endif + +#if defined(WIN32) || defined(_WIN32) +#else +#include +#endif + +#ifdef LWS_USE_IPV6 +#if defined(WIN32) || defined(_WIN32) +#include +#else +#include +#endif +#endif + +int log_level = LLL_ERR | LLL_WARN | LLL_NOTICE; +static void (*lwsl_emit)(int level, const char *line) +#ifndef LWS_PLAT_OPTEE + = lwsl_emit_stderr +#endif + ; +#ifndef LWS_PLAT_OPTEE +static const char * const log_level_names[] = { + "ERR", + "WARN", + "NOTICE", + "INFO", + "DEBUG", + "PARSER", + "HEADER", + "EXTENSION", + "CLIENT", + "LATENCY", + "USER", + "?", + "?" +}; +#endif + +void +lws_free_wsi(struct lws *wsi) +{ + struct lws_context_per_thread *pt; + int n; + + if (!wsi) + return; + + pt = &wsi->context->pt[(int)wsi->tsi]; + + /* Protocol user data may be allocated either internally by lws + * or by specified the user. + * We should only free what we allocated. */ + if (wsi->protocol && wsi->protocol->per_session_data_size && + wsi->user_space && !wsi->user_space_externally_allocated) + lws_free(wsi->user_space); + + lws_free_set_NULL(wsi->rxflow_buffer); + lws_free_set_NULL(wsi->trunc_alloc); + + /* we may not have an ah, but may be on the waiting list... */ + lwsl_info("ah det due to close\n"); + /* we're closing, losing some rx is OK */ + lws_header_table_force_to_detachable_state(wsi); + lws_header_table_detach(wsi, 0); + + lws_pt_lock(pt); + for (n = 0; n < wsi->context->max_http_header_pool; n++) { + if (pt->ah_pool[n].in_use && + pt->ah_pool[n].wsi == wsi) { + lwsl_err("%s: ah leak: wsi %p\n", __func__, wsi); + pt->ah_pool[n].in_use = 0; + pt->ah_pool[n].wsi = NULL; + pt->ah_count_in_use--; + } + } + lws_pt_unlock(pt); + + /* since we will destroy the wsi, make absolutely sure now */ + + lws_ssl_remove_wsi_from_buffered_list(wsi); + lws_remove_from_timeout_list(wsi); + + wsi->context->count_wsi_allocated--; + lwsl_debug("%s: %p, remaining wsi %d\n", __func__, wsi, + wsi->context->count_wsi_allocated); + + lws_free(wsi); +} + +void +lws_remove_from_timeout_list(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + + if (!wsi->timeout_list_prev) /* ie, not part of the list */ + return; + + lws_pt_lock(pt); + /* if we have a next guy, set his prev to our prev */ + if (wsi->timeout_list) + wsi->timeout_list->timeout_list_prev = wsi->timeout_list_prev; + /* set our prev guy to our next guy instead of us */ + *wsi->timeout_list_prev = wsi->timeout_list; + + /* we're out of the list, we should not point anywhere any more */ + wsi->timeout_list_prev = NULL; + wsi->timeout_list = NULL; + lws_pt_unlock(pt); +} + +LWS_VISIBLE void +lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + time_t now; + + if (secs == LWS_TO_KILL_SYNC) { + lws_remove_from_timeout_list(wsi); + lwsl_debug("synchronously killing %p\n", wsi); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + return; + } + + lws_pt_lock(pt); + + time(&now); + + if (reason && !wsi->timeout_list_prev) { + /* our next guy is current first guy */ + wsi->timeout_list = pt->timeout_list; + /* if there is a next guy, set his prev ptr to our next ptr */ + if (wsi->timeout_list) + wsi->timeout_list->timeout_list_prev = &wsi->timeout_list; + /* our prev ptr is first ptr */ + wsi->timeout_list_prev = &pt->timeout_list; + /* set the first guy to be us */ + *wsi->timeout_list_prev = wsi; + } + + lwsl_debug("%s: %p: %d secs\n", __func__, wsi, secs); + wsi->pending_timeout_limit = now + secs; + wsi->pending_timeout = reason; + + lws_pt_unlock(pt); + + if (!reason) + lws_remove_from_timeout_list(wsi); +} + +static void +lws_remove_child_from_any_parent(struct lws *wsi) +{ + struct lws **pwsi; + int seen = 0; + + if (!wsi->parent) + return; + + /* detach ourselves from parent's child list */ + pwsi = &wsi->parent->child_list; + while (*pwsi) { + if (*pwsi == wsi) { + lwsl_info("%s: detach %p from parent %p\n", + __func__, wsi, wsi->parent); + + if (wsi->parent->protocol) + wsi->parent->protocol->callback(wsi, + LWS_CALLBACK_CHILD_CLOSING, + wsi->parent->user_space, wsi, 0); + + *pwsi = wsi->sibling_list; + seen = 1; + break; + } + pwsi = &(*pwsi)->sibling_list; + } + if (!seen) + lwsl_err("%s: failed to detach from parent\n", __func__); + + wsi->parent = NULL; +} + +int +lws_bind_protocol(struct lws *wsi, const struct lws_protocols *p) +{ +// if (wsi->protocol == p) +// return 0; + const struct lws_protocols *vp = wsi->vhost->protocols, *vpo; + + if (wsi->protocol) + wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP_DROP_PROTOCOL, + wsi->user_space, NULL, 0); + if (!wsi->user_space_externally_allocated) + lws_free_set_NULL(wsi->user_space); + + lws_same_vh_protocol_remove(wsi); + + wsi->protocol = p; + if (!p) + return 0; + + if (lws_ensure_user_space(wsi)) + return 1; + + if (p > vp && p < &vp[wsi->vhost->count_protocols]) + lws_same_vh_protocol_insert(wsi, p - vp); + else { + int n = wsi->vhost->count_protocols; + int hit = 0; + + vpo = vp; + + while (n--) { + if (p->name && vp->name && !strcmp(p->name, vp->name)) { + hit = 1; + lws_same_vh_protocol_insert(wsi, vp - vpo); + break; + } + vp++; + } + if (!hit) + lwsl_err("%s: protocol %p is not in vhost %s protocols list\n", + __func__, p, wsi->vhost->name); + } + + if (wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP_BIND_PROTOCOL, + wsi->user_space, NULL, 0)) + return 1; + + return 0; +} + +void +lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason) +{ + struct lws_context_per_thread *pt; + struct lws *wsi1, *wsi2; + struct lws_context *context; + struct lws_tokens eff_buf; + int n, m, ret; + + lwsl_debug("%s: %p\n", __func__, wsi); + + if (!wsi) + return; + + lws_access_log(wsi); +#if defined(LWS_WITH_ESP8266) + if (wsi->premature_rx) + lws_free(wsi->premature_rx); + + if (wsi->pending_send_completion && !wsi->close_is_pending_send_completion) { + lwsl_notice("delaying close\n"); + wsi->close_is_pending_send_completion = 1; + return; + } +#endif + + /* we're closing, losing some rx is OK */ + lws_header_table_force_to_detachable_state(wsi); + + context = wsi->context; + pt = &context->pt[(int)wsi->tsi]; + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_API_CLOSE, 1); + + /* if we have children, close them first */ + if (wsi->child_list) { + wsi2 = wsi->child_list; + while (wsi2) { + //lwsl_notice("%s: closing %p: close child %p\n", + // __func__, wsi, wsi2); + wsi1 = wsi2->sibling_list; + //lwsl_notice("%s: closing %p: next sibling %p\n", + // __func__, wsi2, wsi1); + wsi2->parent = NULL; + /* stop it doing shutdown processing */ + wsi2->socket_is_permanently_unusable = 1; + lws_close_free_wsi(wsi2, reason); + wsi2 = wsi1; + } + wsi->child_list = NULL; + } + + if (wsi->mode == LWSCM_RAW_FILEDESC) { + lws_remove_child_from_any_parent(wsi); + remove_wsi_socket_from_fds(wsi); + wsi->protocol->callback(wsi, + LWS_CALLBACK_RAW_CLOSE_FILE, + wsi->user_space, NULL, 0); + goto async_close; + } + +#ifdef LWS_WITH_CGI + if (wsi->mode == LWSCM_CGI) { + /* we are not a network connection, but a handler for CGI io */ + if (wsi->parent && wsi->parent->cgi) + /* end the binding between us and master */ + wsi->parent->cgi->stdwsi[(int)wsi->cgi_channel] = NULL; + wsi->socket_is_permanently_unusable = 1; + + lwsl_debug("------ %s: detected cgi fdhandler wsi %p\n", __func__, wsi); + goto just_kill_connection; + } + + if (wsi->cgi) { + struct lws_cgi **pcgi = &pt->cgi_list; + /* remove us from the cgi list */ + lwsl_debug("%s: remove cgi %p from list\n", __func__, wsi->cgi); + while (*pcgi) { + if (*pcgi == wsi->cgi) { + /* drop us from the pt cgi list */ + *pcgi = (*pcgi)->cgi_list; + break; + } + pcgi = &(*pcgi)->cgi_list; + } + if (wsi->cgi->headers_buf) { + lwsl_debug("close: freed cgi headers\n"); + lws_free_set_NULL(wsi->cgi->headers_buf); + } + /* we have a cgi going, we must kill it */ + wsi->cgi->being_closed = 1; + lws_cgi_kill(wsi); + } +#endif + +#if !defined(LWS_NO_CLIENT) + if (wsi->mode == LWSCM_HTTP_CLIENT || + wsi->mode == LWSCM_WSCL_WAITING_CONNECT || + wsi->mode == LWSCM_WSCL_WAITING_PROXY_REPLY || + wsi->mode == LWSCM_WSCL_ISSUE_HANDSHAKE || + wsi->mode == LWSCM_WSCL_ISSUE_HANDSHAKE2 || + wsi->mode == LWSCM_WSCL_WAITING_SSL || + wsi->mode == LWSCM_WSCL_WAITING_SERVER_REPLY || + wsi->mode == LWSCM_WSCL_WAITING_EXTENSION_CONNECT || + wsi->mode == LWSCM_WSCL_WAITING_SOCKS_GREETING_REPLY || + wsi->mode == LWSCM_WSCL_WAITING_SOCKS_CONNECT_REPLY || + wsi->mode == LWSCM_WSCL_WAITING_SOCKS_AUTH_REPLY) + if (wsi->u.hdr.stash) + lws_free_set_NULL(wsi->u.hdr.stash); +#endif + + if (wsi->mode == LWSCM_RAW) { + wsi->protocol->callback(wsi, + LWS_CALLBACK_RAW_CLOSE, wsi->user_space, NULL, 0); + wsi->socket_is_permanently_unusable = 1; + goto just_kill_connection; + } + + if (wsi->mode == LWSCM_HTTP_SERVING_ACCEPTED && + wsi->u.http.fop_fd != NULL) { + lws_vfs_file_close(&wsi->u.http.fop_fd); + wsi->vhost->protocols->callback(wsi, + LWS_CALLBACK_CLOSED_HTTP, wsi->user_space, NULL, 0); + wsi->told_user_closed = 1; + } + if (wsi->socket_is_permanently_unusable || + reason == LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY || + wsi->state == LWSS_SHUTDOWN) + goto just_kill_connection; + + wsi->state_pre_close = wsi->state; + + switch (wsi->state_pre_close) { + case LWSS_DEAD_SOCKET: + return; + + /* we tried the polite way... */ + case LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION: + case LWSS_AWAITING_CLOSE_ACK: + goto just_kill_connection; + + case LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE: + if (wsi->trunc_len) { + lws_callback_on_writable(wsi); + return; + } + lwsl_info("wsi %p completed LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE\n", wsi); + goto just_kill_connection; + default: + if (wsi->trunc_len) { + lwsl_info("wsi %p entering LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE\n", wsi); + wsi->state = LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE; + lws_set_timeout(wsi, PENDING_FLUSH_STORED_SEND_BEFORE_CLOSE, 5); + return; + } + break; + } + + if (wsi->mode == LWSCM_WSCL_WAITING_CONNECT || + wsi->mode == LWSCM_WSCL_ISSUE_HANDSHAKE) + goto just_kill_connection; + + if (wsi->mode == LWSCM_HTTP_SERVING) { + if (wsi->user_space) + wsi->vhost->protocols->callback(wsi, + LWS_CALLBACK_HTTP_DROP_PROTOCOL, + wsi->user_space, NULL, 0); + wsi->vhost->protocols->callback(wsi, LWS_CALLBACK_CLOSED_HTTP, + wsi->user_space, NULL, 0); + wsi->told_user_closed = 1; + } + if (wsi->mode & LWSCM_FLAG_IMPLIES_CALLBACK_CLOSED_CLIENT_HTTP) { + wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_CLOSED_CLIENT_HTTP, + wsi->user_space, NULL, 0); + wsi->told_user_closed = 1; + } + + /* + * are his extensions okay with him closing? Eg he might be a mux + * parent and just his ch1 aspect is closing? + */ + + if (lws_ext_cb_active(wsi, + LWS_EXT_CB_CHECK_OK_TO_REALLY_CLOSE, NULL, 0) > 0) { + lwsl_ext("extension vetoed close\n"); + return; + } + + /* + * flush any tx pending from extensions, since we may send close packet + * if there are problems with send, just nuke the connection + */ + + do { + ret = 0; + eff_buf.token = NULL; + eff_buf.token_len = 0; + + /* show every extension the new incoming data */ + + m = lws_ext_cb_active(wsi, + LWS_EXT_CB_FLUSH_PENDING_TX, &eff_buf, 0); + if (m < 0) { + lwsl_ext("Extension reports fatal error\n"); + goto just_kill_connection; + } + if (m) + /* + * at least one extension told us he has more + * to spill, so we will go around again after + */ + ret = 1; + + /* assuming they left us something to send, send it */ + + if (eff_buf.token_len) + if (lws_issue_raw(wsi, (unsigned char *)eff_buf.token, + eff_buf.token_len) != + eff_buf.token_len) { + lwsl_debug("close: ext spill failed\n"); + goto just_kill_connection; + } + } while (ret); + + /* + * signal we are closing, lws_write will + * add any necessary version-specific stuff. If the write fails, + * no worries we are closing anyway. If we didn't initiate this + * close, then our state has been changed to + * LWSS_RETURNED_CLOSE_ALREADY and we will skip this. + * + * Likewise if it's a second call to close this connection after we + * sent the close indication to the peer already, we are in state + * LWSS_AWAITING_CLOSE_ACK and will skip doing this a second time. + */ + + if (wsi->state_pre_close == LWSS_ESTABLISHED && + (wsi->u.ws.close_in_ping_buffer_len || /* already a reason */ + (reason != LWS_CLOSE_STATUS_NOSTATUS && + (reason != LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY)))) { + lwsl_debug("sending close indication...\n"); + + /* if no prepared close reason, use 1000 and no aux data */ + if (!wsi->u.ws.close_in_ping_buffer_len) { + wsi->u.ws.close_in_ping_buffer_len = 2; + wsi->u.ws.ping_payload_buf[LWS_PRE] = + (reason >> 8) & 0xff; + wsi->u.ws.ping_payload_buf[LWS_PRE + 1] = + reason & 0xff; + } + +#if defined (LWS_WITH_ESP8266) + wsi->close_is_pending_send_completion = 1; +#endif + + lwsl_debug("waiting for chance to send close\n"); + wsi->waiting_to_send_close_frame = 1; + wsi->state = LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION; + lws_set_timeout(wsi, PENDING_TIMEOUT_CLOSE_SEND, 2); + lws_callback_on_writable(wsi); + + return; + } + +just_kill_connection: + + lws_remove_child_from_any_parent(wsi); + +#if 0 + /* manage the vhost same protocol list entry */ + + if (wsi->same_vh_protocol_prev) { // we are on the vh list + + // make guy who pointed to us, point to what our next was pointing to + *wsi->same_vh_protocol_prev = wsi->same_vh_protocol_next; + + // if we had a next guy... + if (wsi->same_vh_protocol_next) + // have him point back to our prev + wsi->same_vh_protocol_next->same_vh_protocol_prev = + wsi->same_vh_protocol_prev; + } +#endif + +#if LWS_POSIX + /* + * Testing with ab shows that we have to stage the socket close when + * the system is under stress... shutdown any further TX, change the + * state to one that won't emit anything more, and wait with a timeout + * for the POLLIN to show a zero-size rx before coming back and doing + * the actual close. + */ + if (wsi->mode != LWSCM_RAW && + !(wsi->mode & LWSCM_FLAG_IMPLIES_CALLBACK_CLOSED_CLIENT_HTTP) && + wsi->state != LWSS_SHUTDOWN && + wsi->state != LWSS_CLIENT_UNCONNECTED && + reason != LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY && + !wsi->socket_is_permanently_unusable) { +#ifdef LWS_OPENSSL_SUPPORT + if (lws_is_ssl(wsi) && wsi->ssl) + { + lwsl_info("%s: shutting down SSL connection: %p (ssl %p, sock %d, state %d)\n", __func__, wsi, wsi->ssl, (int)(long)wsi->desc.sockfd, wsi->state); + n = SSL_shutdown(wsi->ssl); + if (n == 1) /* If finished the SSL shutdown, then do socket shutdown, else need to retry SSL shutdown */ + n = shutdown(wsi->desc.sockfd, SHUT_WR); + else if (n == 0) + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + else /* n < 0 */ + { + int shutdown_error = SSL_get_error(wsi->ssl, n); + lwsl_debug("SSL_shutdown returned %d, SSL_get_error: %d\n", n, shutdown_error); + if (shutdown_error == SSL_ERROR_WANT_READ) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + } else if (shutdown_error == SSL_ERROR_WANT_WRITE) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLOUT); + n = 0; + } else { // actual error occurred, just close the connection + n = shutdown(wsi->desc.sockfd, SHUT_WR); + } + } + } + else +#endif + { + lwsl_info("%s: shutting down connection: %p (sock %d, state %d)\n", __func__, wsi, (int)(long)wsi->desc.sockfd, wsi->state); + n = shutdown(wsi->desc.sockfd, SHUT_WR); + } + if (n) + lwsl_debug("closing: shutdown (state %d) ret %d\n", wsi->state, LWS_ERRNO); + +// This causes problems with disconnection when the events are half closing connection +// FD_READ | FD_CLOSE (33) +#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP32) + /* libuv: no event available to guarantee completion */ + if (!LWS_LIBUV_ENABLED(context)) { + + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + wsi->state = LWSS_SHUTDOWN; + lws_set_timeout(wsi, PENDING_TIMEOUT_SHUTDOWN_FLUSH, + context->timeout_secs); + + return; + } +#endif + } +#endif + + lwsl_info("%s: real just_kill_connection: %p (sockfd %d)\n", __func__, + wsi, wsi->desc.sockfd); + +#ifdef LWS_WITH_HTTP_PROXY + if (wsi->rw) { + lws_rewrite_destroy(wsi->rw); + wsi->rw = NULL; + } +#endif + /* + * we won't be servicing or receiving anything further from this guy + * delete socket from the internal poll list if still present + */ + lws_ssl_remove_wsi_from_buffered_list(wsi); + + lws_remove_from_timeout_list(wsi); + + /* checking return redundant since we anyway close */ + if (wsi->desc.sockfd != LWS_SOCK_INVALID) + remove_wsi_socket_from_fds(wsi); + else + lws_same_vh_protocol_remove(wsi); + +#if defined(LWS_WITH_ESP8266) + espconn_disconnect(wsi->desc.sockfd); +#endif + + wsi->state = LWSS_DEAD_SOCKET; + + lws_free_set_NULL(wsi->rxflow_buffer); + if (wsi->state_pre_close == LWSS_ESTABLISHED || + wsi->mode == LWSCM_WS_SERVING || + wsi->mode == LWSCM_WS_CLIENT) { + + if (wsi->u.ws.rx_draining_ext) { + struct lws **w = &pt->rx_draining_ext_list; + + wsi->u.ws.rx_draining_ext = 0; + /* remove us from context draining ext list */ + while (*w) { + if (*w == wsi) { + *w = wsi->u.ws.rx_draining_ext_list; + break; + } + w = &((*w)->u.ws.rx_draining_ext_list); + } + wsi->u.ws.rx_draining_ext_list = NULL; + } + + if (wsi->u.ws.tx_draining_ext) { + struct lws **w = &pt->tx_draining_ext_list; + + wsi->u.ws.tx_draining_ext = 0; + /* remove us from context draining ext list */ + while (*w) { + if (*w == wsi) { + *w = wsi->u.ws.tx_draining_ext_list; + break; + } + w = &((*w)->u.ws.tx_draining_ext_list); + } + wsi->u.ws.tx_draining_ext_list = NULL; + } + lws_free_set_NULL(wsi->u.ws.rx_ubuf); + + if (wsi->trunc_alloc) + /* not going to be completed... nuke it */ + lws_free_set_NULL(wsi->trunc_alloc); + + wsi->u.ws.ping_payload_len = 0; + wsi->u.ws.ping_pending_flag = 0; + } + + /* tell the user it's all over for this guy */ + + if (wsi->mode != LWSCM_RAW && wsi->protocol && wsi->protocol->callback && + ((wsi->state_pre_close == LWSS_ESTABLISHED) || + (wsi->state_pre_close == LWSS_RETURNED_CLOSE_ALREADY) || + (wsi->state_pre_close == LWSS_AWAITING_CLOSE_ACK) || + (wsi->state_pre_close == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION) || + (wsi->state_pre_close == LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE) || + (wsi->mode == LWSCM_WS_CLIENT && wsi->state_pre_close == LWSS_HTTP) || + (wsi->mode == LWSCM_WS_SERVING && wsi->state_pre_close == LWSS_HTTP))) { + + if (wsi->user_space) { + lwsl_debug("%s: doing LWS_CALLBACK_HTTP_DROP_PROTOCOL for %p prot %s\n", __func__, wsi, wsi->protocol->name); + wsi->protocol->callback(wsi, + LWS_CALLBACK_HTTP_DROP_PROTOCOL, + wsi->user_space, NULL, 0); + } + lwsl_debug("calling back CLOSED\n"); + wsi->protocol->callback(wsi, LWS_CALLBACK_CLOSED, + wsi->user_space, NULL, 0); + } else if (wsi->mode == LWSCM_HTTP_SERVING_ACCEPTED) { + lwsl_debug("calling back CLOSED_HTTP\n"); + wsi->vhost->protocols->callback(wsi, LWS_CALLBACK_CLOSED_HTTP, + wsi->user_space, NULL, 0 ); + } else if ((wsi->mode == LWSCM_WSCL_WAITING_SERVER_REPLY || + wsi->mode == LWSCM_WSCL_WAITING_CONNECT) && + !wsi->already_did_cce) { + wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, NULL, 0); + } else + lwsl_debug("not calling back closed mode=%d state=%d\n", + wsi->mode, wsi->state_pre_close); + + /* deallocate any active extension contexts */ + + if (lws_ext_cb_active(wsi, LWS_EXT_CB_DESTROY, NULL, 0) < 0) + lwsl_warn("extension destruction failed\n"); + /* + * inform all extensions in case they tracked this guy out of band + * even though not active on him specifically + */ + if (lws_ext_cb_all_exts(context, wsi, + LWS_EXT_CB_DESTROY_ANY_WSI_CLOSING, NULL, 0) < 0) + lwsl_warn("ext destroy wsi failed\n"); + +async_close: + + wsi->socket_is_permanently_unusable = 1; + +#ifdef LWS_USE_LIBUV + if (!wsi->parent_carries_io) + if (LWS_LIBUV_ENABLED(context)) { + if (wsi->listener) { + lwsl_debug("%s: stopping listner libuv poll\n", __func__); + uv_poll_stop(&wsi->w_read.uv_watcher); + } + lwsl_debug("%s: lws_libuv_closehandle: wsi %p\n", __func__, wsi); + /* libuv has to do his own close handle processing asynchronously */ + lws_libuv_closehandle(wsi); + + return; + } +#endif + + lws_close_free_wsi_final(wsi); +} + +void +lws_close_free_wsi_final(struct lws *wsi) +{ + int n; + + if (!lws_ssl_close(wsi) && lws_socket_is_valid(wsi->desc.sockfd)) { +#if LWS_POSIX + //lwsl_err("*** closing sockfd %d\n", wsi->desc.sockfd); + n = compatible_close(wsi->desc.sockfd); + if (n) + lwsl_debug("closing: close ret %d\n", LWS_ERRNO); + +#else + compatible_close(wsi->desc.sockfd); + (void)n; +#endif + wsi->desc.sockfd = LWS_SOCK_INVALID; + } + + /* outermost destroy notification for wsi (user_space still intact) */ + wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, + wsi->user_space, NULL, 0); + +#ifdef LWS_WITH_CGI + if (wsi->cgi) { + for (n = 0; n < 6; n++) { + if (wsi->cgi->pipe_fds[n / 2][n & 1] == 0) + lwsl_err("ZERO FD IN CGI CLOSE"); + + if (wsi->cgi->pipe_fds[n / 2][n & 1] >= 0) + close(wsi->cgi->pipe_fds[n / 2][n & 1]); + } + + lws_free(wsi->cgi); + } +#endif + + lws_free_wsi(wsi); +} + +LWS_VISIBLE LWS_EXTERN const char * +lws_get_urlarg_by_name(struct lws *wsi, const char *name, char *buf, int len) +{ + int n = 0, sl = strlen(name); + + while (lws_hdr_copy_fragment(wsi, buf, len, + WSI_TOKEN_HTTP_URI_ARGS, n) >= 0) { + + if (!strncmp(buf, name, sl)) + return buf + sl; + + n++; + } + + return NULL; +} + +#if LWS_POSIX && !defined(LWS_WITH_ESP32) +LWS_VISIBLE int +interface_to_sa(struct lws_vhost *vh, const char *ifname, struct sockaddr_in *addr, size_t addrlen) +{ + int ipv6 = 0; +#ifdef LWS_USE_IPV6 + ipv6 = LWS_IPV6_ENABLED(vh); +#endif + (void)vh; + + return lws_interface_to_sa(ipv6, ifname, addr, addrlen); +} +#endif + +#ifndef LWS_PLAT_OPTEE +#if LWS_POSIX +static int +lws_get_addresses(struct lws_vhost *vh, void *ads, char *name, + int name_len, char *rip, int rip_len) +{ +#if LWS_POSIX + struct addrinfo ai, *res; + struct sockaddr_in addr4; + + rip[0] = '\0'; + name[0] = '\0'; + addr4.sin_family = AF_UNSPEC; + +#ifdef LWS_USE_IPV6 + if (LWS_IPV6_ENABLED(vh)) { + if (!lws_plat_inet_ntop(AF_INET6, &((struct sockaddr_in6 *)ads)->sin6_addr, rip, rip_len)) { + lwsl_err("inet_ntop: %s", strerror(LWS_ERRNO)); + return -1; + } + + // Strip off the IPv4 to IPv6 header if one exists + if (strncmp(rip, "::ffff:", 7) == 0) + memmove(rip, rip + 7, strlen(rip) - 6); + + getnameinfo((struct sockaddr *)ads, + sizeof(struct sockaddr_in6), name, + name_len, NULL, 0, 0); + + return 0; + } else +#endif + { + struct addrinfo *result; + + memset(&ai, 0, sizeof ai); + ai.ai_family = PF_UNSPEC; + ai.ai_socktype = SOCK_STREAM; + ai.ai_flags = AI_CANONNAME; +#if !defined(LWS_WITH_ESP32) + if (getnameinfo((struct sockaddr *)ads, + sizeof(struct sockaddr_in), + name, name_len, NULL, 0, 0)) + return -1; +#endif + + if (getaddrinfo(name, NULL, &ai, &result)) + return -1; + + res = result; + while (addr4.sin_family == AF_UNSPEC && res) { + switch (res->ai_family) { + case AF_INET: + addr4.sin_addr = ((struct sockaddr_in *)res->ai_addr)->sin_addr; + addr4.sin_family = AF_INET; + break; + } + + res = res->ai_next; + } + freeaddrinfo(result); + } + + if (addr4.sin_family == AF_UNSPEC) + return -1; + + if (lws_plat_inet_ntop(AF_INET, &addr4.sin_addr, rip, rip_len) == NULL) + return -1; + + return 0; +#else + (void)vh; + (void)ads; + (void)name; + (void)name_len; + (void)rip; + (void)rip_len; + + return -1; +#endif +} +#endif + + +LWS_VISIBLE const char * +lws_get_peer_simple(struct lws *wsi, char *name, int namelen) +{ +#if LWS_POSIX + socklen_t len, olen; +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 sin6; +#endif + struct sockaddr_in sin4; + int af = AF_INET; + void *p, *q; + + if (wsi->parent_carries_io) + wsi = wsi->parent; + +#ifdef LWS_USE_IPV6 + if (LWS_IPV6_ENABLED(wsi->vhost)) { + len = sizeof(sin6); + p = &sin6; + af = AF_INET6; + q = &sin6.sin6_addr; + } else +#endif + { + len = sizeof(sin4); + p = &sin4; + q = &sin4.sin_addr; + } + + olen = len; + if (getpeername(wsi->desc.sockfd, p, &len) < 0 || len > olen) { + lwsl_warn("getpeername: %s\n", strerror(LWS_ERRNO)); + return NULL; + } + + return lws_plat_inet_ntop(af, q, name, namelen); +#else +#if defined(LWS_WITH_ESP8266) + return lws_plat_get_peer_simple(wsi, name, namelen); +#else + return NULL; +#endif +#endif +} +#endif + +LWS_VISIBLE void +lws_get_peer_addresses(struct lws *wsi, lws_sockfd_type fd, char *name, + int name_len, char *rip, int rip_len) +{ +#ifndef LWS_PLAT_OPTEE +#if LWS_POSIX + socklen_t len; +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 sin6; +#endif + struct sockaddr_in sin4; + struct lws_context *context = wsi->context; + int ret = -1; + void *p; + + rip[0] = '\0'; + name[0] = '\0'; + + lws_latency_pre(context, wsi); + +#ifdef LWS_USE_IPV6 + if (LWS_IPV6_ENABLED(wsi->vhost)) { + len = sizeof(sin6); + p = &sin6; + } else +#endif + { + len = sizeof(sin4); + p = &sin4; + } + + if (getpeername(fd, p, &len) < 0) { + lwsl_warn("getpeername: %s\n", strerror(LWS_ERRNO)); + goto bail; + } + + ret = lws_get_addresses(wsi->vhost, p, name, name_len, rip, rip_len); + +bail: + lws_latency(context, wsi, "lws_get_peer_addresses", ret, 1); +#endif +#endif + (void)wsi; + (void)fd; + (void)name; + (void)name_len; + (void)rip; + (void)rip_len; + +} + +LWS_EXTERN void * +lws_context_user(struct lws_context *context) +{ + return context->user_space; +} + +LWS_VISIBLE struct lws_vhost * +lws_vhost_get(struct lws *wsi) +{ + return wsi->vhost; +} + +LWS_VISIBLE struct lws_vhost * +lws_get_vhost(struct lws *wsi) +{ + return wsi->vhost; +} + +LWS_VISIBLE const struct lws_protocols * +lws_protocol_get(struct lws *wsi) +{ + return wsi->protocol; +} + +LWS_VISIBLE LWS_EXTERN const struct lws_protocols * +lws_vhost_name_to_protocol(struct lws_vhost *vh, const char *name) +{ + int n; + + for (n = 0; n < vh->count_protocols; n++) + if (!strcmp(name, vh->protocols[n].name)) + return &vh->protocols[n]; + + return NULL; +} + +LWS_VISIBLE int +lws_callback_all_protocol(struct lws_context *context, + const struct lws_protocols *protocol, int reason) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + unsigned int n, m = context->count_threads; + struct lws *wsi; + + while (m--) { + for (n = 0; n < pt->fds_count; n++) { + wsi = wsi_from_fd(context, pt->fds[n].fd); + if (!wsi) + continue; + if (wsi->protocol == protocol) + protocol->callback(wsi, reason, wsi->user_space, + NULL, 0); + } + pt++; + } + + return 0; +} + +LWS_VISIBLE int +lws_callback_all_protocol_vhost(struct lws_vhost *vh, + const struct lws_protocols *protocol, int reason) +{ + struct lws_context *context = vh->context; + struct lws_context_per_thread *pt = &context->pt[0]; + unsigned int n, m = context->count_threads; + struct lws *wsi; + + while (m--) { + for (n = 0; n < pt->fds_count; n++) { + wsi = wsi_from_fd(context, pt->fds[n].fd); + if (!wsi) + continue; + if (wsi->vhost == vh && wsi->protocol == protocol) + protocol->callback(wsi, reason, wsi->user_space, + NULL, 0); + } + pt++; + } + + return 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_callback_vhost_protocols(struct lws *wsi, int reason, void *in, int len) +{ + int n; + + for (n = 0; n < wsi->vhost->count_protocols; n++) + if (wsi->vhost->protocols[n].callback(wsi, reason, NULL, in, len)) + return 1; + + return 0; +} + +LWS_VISIBLE LWS_EXTERN void +lws_set_fops(struct lws_context *context, const struct lws_plat_file_ops *fops) +{ + context->fops = fops; +} + +LWS_VISIBLE LWS_EXTERN lws_filepos_t +lws_vfs_tell(lws_fop_fd_t fop_fd) +{ + return fop_fd->pos; +} + +LWS_VISIBLE LWS_EXTERN lws_filepos_t +lws_vfs_get_length(lws_fop_fd_t fop_fd) +{ + return fop_fd->len; +} + +LWS_VISIBLE LWS_EXTERN uint32_t +lws_vfs_get_mod_time(lws_fop_fd_t fop_fd) +{ + return fop_fd->mod_time; +} + +LWS_VISIBLE lws_fileofs_t +lws_vfs_file_seek_set(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + lws_fileofs_t ofs; + lwsl_debug("%s: seeking to %ld, len %ld\n", __func__, (long)offset, (long)fop_fd->len); + ofs = fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, offset - fop_fd->pos); + lwsl_debug("%s: result %ld, fop_fd pos %ld\n", __func__, (long)ofs, (long)fop_fd->pos); + return ofs; +} + + +LWS_VISIBLE lws_fileofs_t +lws_vfs_file_seek_end(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + return fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, fop_fd->len + fop_fd->pos + offset); +} + + +const struct lws_plat_file_ops * +lws_vfs_select_fops(const struct lws_plat_file_ops *fops, const char *vfs_path, + const char **vpath) +{ + const struct lws_plat_file_ops *pf; + const char *p = vfs_path; + int n; + + *vpath = NULL; + + /* no non-platform fops, just use that */ + + if (!fops->next) + return fops; + + /* + * scan the vfs path looking for indications we are to be + * handled by a specific fops + */ + + while (p && *p) { + if (*p != '/') { + p++; + continue; + } + /* the first one is always platform fops, so skip */ + pf = fops->next; + while (pf) { + n = 0; + while (n < ARRAY_SIZE(pf->fi) && pf->fi[n].sig) { + if (p >= vfs_path + pf->fi[n].len) + if (!strncmp(p - (pf->fi[n].len - 1), + pf->fi[n].sig, + pf->fi[n].len - 1)) { + *vpath = p + 1; + return pf; + } + + n++; + } + pf = pf->next; + } + p++; + } + + return fops; +} + +LWS_VISIBLE LWS_EXTERN lws_fop_fd_t LWS_WARN_UNUSED_RESULT +lws_vfs_file_open(const struct lws_plat_file_ops *fops, const char *vfs_path, + lws_fop_flags_t *flags) +{ + const char *vpath = ""; + const struct lws_plat_file_ops *selected = lws_vfs_select_fops( + fops, vfs_path, &vpath); + + return selected->LWS_FOP_OPEN(fops, vfs_path, vpath, flags); +} + + +/** + * lws_now_secs() - seconds since 1970-1-1 + * + */ +LWS_VISIBLE LWS_EXTERN unsigned long +lws_now_secs(void) +{ + struct timeval tv; + + gettimeofday(&tv, NULL); + + return tv.tv_sec; +} + + +#if LWS_POSIX + +LWS_VISIBLE int +lws_get_socket_fd(struct lws *wsi) +{ + return wsi->desc.sockfd; +} + +#endif + +#ifdef LWS_LATENCY +void +lws_latency(struct lws_context *context, struct lws *wsi, const char *action, + int ret, int completed) +{ + unsigned long long u; + char buf[256]; + + u = time_in_microseconds(); + + if (!action) { + wsi->latency_start = u; + if (!wsi->action_start) + wsi->action_start = u; + return; + } + if (completed) { + if (wsi->action_start == wsi->latency_start) + sprintf(buf, + "Completion first try lat %lluus: %p: ret %d: %s\n", + u - wsi->latency_start, + (void *)wsi, ret, action); + else + sprintf(buf, + "Completion %lluus: lat %lluus: %p: ret %d: %s\n", + u - wsi->action_start, + u - wsi->latency_start, + (void *)wsi, ret, action); + wsi->action_start = 0; + } else + sprintf(buf, "lat %lluus: %p: ret %d: %s\n", + u - wsi->latency_start, (void *)wsi, ret, action); + + if (u - wsi->latency_start > context->worst_latency) { + context->worst_latency = u - wsi->latency_start; + strcpy(context->worst_latency_info, buf); + } + lwsl_latency("%s", buf); +} +#endif + +LWS_VISIBLE int +lws_rx_flow_control(struct lws *wsi, int enable) +{ + if (enable == (wsi->rxflow_change_to & LWS_RXFLOW_ALLOW)) + return 0; + + lwsl_info("%s: (0x%p, %d)\n", __func__, wsi, enable); + wsi->rxflow_change_to = LWS_RXFLOW_PENDING_CHANGE | !!enable; + + return 0; +} + +LWS_VISIBLE void +lws_rx_flow_allow_all_protocol(const struct lws_context *context, + const struct lws_protocols *protocol) +{ + const struct lws_context_per_thread *pt = &context->pt[0]; + struct lws *wsi; + unsigned int n, m = context->count_threads; + + while (m--) { + for (n = 0; n < pt->fds_count; n++) { + wsi = wsi_from_fd(context, pt->fds[n].fd); + if (!wsi) + continue; + if (wsi->protocol == protocol) + lws_rx_flow_control(wsi, LWS_RXFLOW_ALLOW); + } + pt++; + } +} + +LWS_VISIBLE extern const char * +lws_canonical_hostname(struct lws_context *context) +{ + return (const char *)context->canonical_hostname; +} + +int user_callback_handle_rxflow(lws_callback_function callback_function, + struct lws *wsi, + enum lws_callback_reasons reason, void *user, + void *in, size_t len) +{ + int n; + + n = callback_function(wsi, reason, user, in, len); + if (!n) + n = _lws_rx_flow_control(wsi); + + return n; +} + +#if defined(LWS_WITH_ESP8266) +#undef strchr +#define strchr ets_strchr +#endif + +LWS_VISIBLE int +lws_set_proxy(struct lws_vhost *vhost, const char *proxy) +{ +#if !defined(LWS_WITH_ESP8266) + char *p; + char authstring[96]; + + if (!proxy) + return -1; + + /* we have to deal with a possible redundant leading http:// */ + if (!strncmp(proxy, "http://", 7)) + proxy += 7; + + p = strchr(proxy, '@'); + if (p) { /* auth is around */ + + if ((unsigned int)(p - proxy) > sizeof(authstring) - 1) + goto auth_too_long; + + strncpy(authstring, proxy, p - proxy); + // null termination not needed on input + if (lws_b64_encode_string(authstring, (p - proxy), + vhost->proxy_basic_auth_token, + sizeof vhost->proxy_basic_auth_token) < 0) + goto auth_too_long; + + lwsl_info(" Proxy auth in use\n"); + + proxy = p + 1; + } else + vhost->proxy_basic_auth_token[0] = '\0'; + + strncpy(vhost->http_proxy_address, proxy, + sizeof(vhost->http_proxy_address) - 1); + vhost->http_proxy_address[ + sizeof(vhost->http_proxy_address) - 1] = '\0'; + + p = strchr(vhost->http_proxy_address, ':'); + if (!p && !vhost->http_proxy_port) { + lwsl_err("http_proxy needs to be ads:port\n"); + + return -1; + } else { + if (p) { + *p = '\0'; + vhost->http_proxy_port = atoi(p + 1); + } + } + + lwsl_info(" Proxy %s:%u\n", vhost->http_proxy_address, + vhost->http_proxy_port); + + return 0; + +auth_too_long: + lwsl_err("proxy auth too long\n"); +#endif + return -1; +} + +#if defined(LWS_WITH_SOCKS5) +LWS_VISIBLE int +lws_set_socks(struct lws_vhost *vhost, const char *socks) +{ +#if !defined(LWS_WITH_ESP8266) + char *p_at, *p_colon; + char user[96]; + char password[96]; + + if (!socks) + return -1; + + vhost->socks_user[0] = '\0'; + vhost->socks_password[0] = '\0'; + + p_at = strchr(socks, '@'); + if (p_at) { /* auth is around */ + if ((unsigned int)(p_at - socks) > (sizeof(user) + + sizeof(password) - 2)) { + lwsl_err("Socks auth too long\n"); + goto bail; + } + + p_colon = strchr(socks, ':'); + if (p_colon) { + if ((unsigned int)(p_colon - socks) > (sizeof(user) + - 1) ) { + lwsl_err("Socks user too long\n"); + goto bail; + } + if ((unsigned int)(p_at - p_colon) > (sizeof(password) + - 1) ) { + lwsl_err("Socks password too long\n"); + goto bail; + } + } + strncpy(vhost->socks_user, socks, p_colon - socks); + strncpy(vhost->socks_password, p_colon + 1, + p_at - (p_colon + 1)); + + lwsl_info(" Socks auth, user: %s, password: %s\n", + vhost->socks_user, vhost->socks_password ); + + socks = p_at + 1; + } + + strncpy(vhost->socks_proxy_address, socks, + sizeof(vhost->socks_proxy_address) - 1); + vhost->socks_proxy_address[sizeof(vhost->socks_proxy_address) - 1] + = '\0'; + + p_colon = strchr(vhost->socks_proxy_address, ':'); + if (!p_colon && !vhost->socks_proxy_port) { + lwsl_err("socks_proxy needs to be address:port\n"); + return -1; + } else { + if (p_colon) { + *p_colon = '\0'; + vhost->socks_proxy_port = atoi(p_colon + 1); + } + } + + lwsl_info(" Socks %s:%u\n", vhost->socks_proxy_address, + vhost->socks_proxy_port); + + return 0; + +bail: +#endif + return -1; +} +#endif + +LWS_VISIBLE const struct lws_protocols * +lws_get_protocol(struct lws *wsi) +{ + return wsi->protocol; +} + +LWS_VISIBLE int +lws_is_final_fragment(struct lws *wsi) +{ + lwsl_info("%s: final %d, rx pk length %ld, draining %ld\n", __func__, + wsi->u.ws.final, (long)wsi->u.ws.rx_packet_length, + (long)wsi->u.ws.rx_draining_ext); + return wsi->u.ws.final && !wsi->u.ws.rx_packet_length && !wsi->u.ws.rx_draining_ext; +} + +LWS_VISIBLE int +lws_is_first_fragment(struct lws *wsi) +{ + return wsi->u.ws.first_fragment; +} + +LWS_VISIBLE unsigned char +lws_get_reserved_bits(struct lws *wsi) +{ + return wsi->u.ws.rsv; +} + +int +lws_ensure_user_space(struct lws *wsi) +{ + lwsl_info("%s: %p protocol %p\n", __func__, wsi, wsi->protocol); + if (!wsi->protocol) + return 1; + + /* allocate the per-connection user memory (if any) */ + + if (wsi->protocol->per_session_data_size && !wsi->user_space) { + wsi->user_space = lws_zalloc(wsi->protocol->per_session_data_size); + if (wsi->user_space == NULL) { + lwsl_err("Out of memory for conn user space\n"); + return 1; + } + } else + lwsl_info("%s: %p protocol pss %lu, user_space=%p\n", + __func__, wsi, (long)wsi->protocol->per_session_data_size, + wsi->user_space); + return 0; +} + +LWS_VISIBLE int +lwsl_timestamp(int level, char *p, int len) +{ +#ifndef LWS_PLAT_OPTEE + time_t o_now = time(NULL); + unsigned long long now; + struct tm *ptm = NULL; +#ifndef WIN32 + struct tm tm; +#endif + int n; + +#ifndef _WIN32_WCE +#ifdef WIN32 + ptm = localtime(&o_now); +#else + if (localtime_r(&o_now, &tm)) + ptm = &tm; +#endif +#endif + p[0] = '\0'; + for (n = 0; n < LLL_COUNT; n++) { + if (level != (1 << n)) + continue; + now = time_in_microseconds() / 100; + if (ptm) + n = lws_snprintf(p, len, + "[%04d/%02d/%02d %02d:%02d:%02d:%04d] %s: ", + ptm->tm_year + 1900, + ptm->tm_mon + 1, + ptm->tm_mday, + ptm->tm_hour, + ptm->tm_min, + ptm->tm_sec, + (int)(now % 10000), log_level_names[n]); + else + n = lws_snprintf(p, len, "[%llu:%04d] %s: ", + (unsigned long long) now / 10000, + (int)(now % 10000), log_level_names[n]); + return n; + } +#endif + return 0; +} + +#ifndef LWS_PLAT_OPTEE +LWS_VISIBLE void lwsl_emit_stderr(int level, const char *line) +{ +#if !defined(LWS_WITH_ESP8266) + char buf[50]; + + lwsl_timestamp(level, buf, sizeof(buf)); + fprintf(stderr, "%s%s", buf, line); +#endif +} +#endif + +LWS_VISIBLE void _lws_logv(int filter, const char *format, va_list vl) +{ +#if defined(LWS_WITH_ESP8266) + char buf[128]; +#else + char buf[256]; +#endif + int n; + + if (!(log_level & filter)) + return; + + n = vsnprintf(buf, sizeof(buf) - 1, format, vl); + (void)n; +#if defined(LWS_WITH_ESP8266) + buf[sizeof(buf) - 1] = '\0'; +#else + /* vnsprintf returns what it would have written, even if truncated */ + if (n > sizeof(buf) - 1) + n = sizeof(buf) - 1; + if (n > 0) + buf[n] = '\0'; +#endif + + lwsl_emit(filter, buf); +} + +LWS_VISIBLE void _lws_log(int filter, const char *format, ...) +{ + va_list ap; + + va_start(ap, format); + _lws_logv(filter, format, ap); + va_end(ap); +} + +LWS_VISIBLE void lws_set_log_level(int level, + void (*func)(int level, const char *line)) +{ + log_level = level; + if (func) + lwsl_emit = func; +} + +LWS_VISIBLE int lwsl_visible(int level) +{ + return log_level & level; +} + +LWS_VISIBLE int +lws_is_ssl(struct lws *wsi) +{ +#ifdef LWS_OPENSSL_SUPPORT + return wsi->use_ssl; +#else + (void)wsi; + return 0; +#endif +} + +#ifdef LWS_OPENSSL_SUPPORT +LWS_VISIBLE SSL* +lws_get_ssl(struct lws *wsi) +{ + return wsi->ssl; +} +#endif + +LWS_VISIBLE int +lws_partial_buffered(struct lws *wsi) +{ + return !!wsi->trunc_len; +} + +void lws_set_protocol_write_pending(struct lws *wsi, + enum lws_pending_protocol_send pend) +{ + lwsl_info("setting pps %d\n", pend); + + if (wsi->pps) + lwsl_err("pps overwrite\n"); + wsi->pps = pend; + lws_rx_flow_control(wsi, 0); + lws_callback_on_writable(wsi); +} + +LWS_VISIBLE size_t +lws_get_peer_write_allowance(struct lws *wsi) +{ +#ifdef LWS_USE_HTTP2 + /* only if we are using HTTP2 on this connection */ + if (wsi->mode != LWSCM_HTTP2_SERVING) + return -1; + /* user is only interested in how much he can send, or that he can't */ + if (wsi->u.http2.tx_credit <= 0) + return 0; + + return wsi->u.http2.tx_credit; +#else + (void)wsi; + return -1; +#endif +} + +LWS_VISIBLE void +lws_union_transition(struct lws *wsi, enum connection_mode mode) +{ + lwsl_debug("%s: %p: mode %d\n", __func__, wsi, mode); + memset(&wsi->u, 0, sizeof(wsi->u)); + wsi->mode = mode; +} + +LWS_VISIBLE struct lws_plat_file_ops * +lws_get_fops(struct lws_context *context) +{ + return (struct lws_plat_file_ops *)context->fops; +} + +LWS_VISIBLE LWS_EXTERN struct lws_context * +lws_get_context(const struct lws *wsi) +{ + return wsi->context; +} + +LWS_VISIBLE LWS_EXTERN int +lws_get_count_threads(struct lws_context *context) +{ + return context->count_threads; +} + +LWS_VISIBLE LWS_EXTERN void * +lws_wsi_user(struct lws *wsi) +{ + return wsi->user_space; +} + +LWS_VISIBLE LWS_EXTERN void +lws_set_wsi_user(struct lws *wsi, void *data) +{ + if (wsi->user_space_externally_allocated) + wsi->user_space = data; + else + lwsl_err("%s: Cannot set internally-allocated user_space\n", + __func__); +} + +LWS_VISIBLE LWS_EXTERN struct lws * +lws_get_parent(const struct lws *wsi) +{ + return wsi->parent; +} + +LWS_VISIBLE LWS_EXTERN struct lws * +lws_get_child(const struct lws *wsi) +{ + return wsi->child_list; +} + +LWS_VISIBLE LWS_EXTERN void +lws_set_parent_carries_io(struct lws *wsi) +{ + wsi->parent_carries_io = 1; +} + +LWS_VISIBLE LWS_EXTERN void * +lws_get_opaque_parent_data(const struct lws *wsi) +{ + return wsi->opaque_parent_data; +} + +LWS_VISIBLE LWS_EXTERN void +lws_set_opaque_parent_data(struct lws *wsi, void *data) +{ + wsi->opaque_parent_data = data; +} + +LWS_VISIBLE LWS_EXTERN int +lws_get_child_pending_on_writable(const struct lws *wsi) +{ + return wsi->parent_pending_cb_on_writable; +} + +LWS_VISIBLE LWS_EXTERN void +lws_clear_child_pending_on_writable(struct lws *wsi) +{ + wsi->parent_pending_cb_on_writable = 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_get_close_length(struct lws *wsi) +{ + return wsi->u.ws.close_in_ping_buffer_len; +} + +LWS_VISIBLE LWS_EXTERN unsigned char * +lws_get_close_payload(struct lws *wsi) +{ + return &wsi->u.ws.ping_payload_buf[LWS_PRE]; +} + +LWS_VISIBLE LWS_EXTERN void +lws_close_reason(struct lws *wsi, enum lws_close_status status, + unsigned char *buf, size_t len) +{ + unsigned char *p, *start; + int budget = sizeof(wsi->u.ws.ping_payload_buf) - LWS_PRE; + + assert(wsi->mode == LWSCM_WS_SERVING || wsi->mode == LWSCM_WS_CLIENT); + + start = p = &wsi->u.ws.ping_payload_buf[LWS_PRE]; + + *p++ = (((int)status) >> 8) & 0xff; + *p++ = ((int)status) & 0xff; + + if (buf) + while (len-- && p < start + budget) + *p++ = *buf++; + + wsi->u.ws.close_in_ping_buffer_len = p - start; +} + +LWS_EXTERN int +_lws_rx_flow_control(struct lws *wsi) +{ + struct lws *wsic = wsi->child_list; + + /* if he has children, do those if they were changed */ + while (wsic) { + if (wsic->rxflow_change_to & LWS_RXFLOW_PENDING_CHANGE) + _lws_rx_flow_control(wsic); + + wsic = wsic->sibling_list; + } + + /* there is no pending change */ + if (!(wsi->rxflow_change_to & LWS_RXFLOW_PENDING_CHANGE)) { +// lwsl_debug("%s: no pending change\n", __func__); + return 0; + } + + /* stuff is still buffered, not ready to really accept new input */ + if (wsi->rxflow_buffer) { + /* get ourselves called back to deal with stashed buffer */ + lws_callback_on_writable(wsi); + return 0; + } + + /* pending is cleared, we can change rxflow state */ + + wsi->rxflow_change_to &= ~LWS_RXFLOW_PENDING_CHANGE; + + lwsl_info("rxflow: wsi %p change_to %d\n", wsi, + wsi->rxflow_change_to & LWS_RXFLOW_ALLOW); + + /* adjust the pollfd for this wsi */ + + if (wsi->rxflow_change_to & LWS_RXFLOW_ALLOW) { + if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { + lwsl_info("%s: fail\n", __func__); + return -1; + } + } else + if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) + return -1; + + return 0; +} + +LWS_EXTERN int +lws_check_utf8(unsigned char *state, unsigned char *buf, size_t len) +{ + static const unsigned char e0f4[] = { + 0xa0 | ((2 - 1) << 2) | 1, /* e0 */ + 0x80 | ((4 - 1) << 2) | 1, /* e1 */ + 0x80 | ((4 - 1) << 2) | 1, /* e2 */ + 0x80 | ((4 - 1) << 2) | 1, /* e3 */ + 0x80 | ((4 - 1) << 2) | 1, /* e4 */ + 0x80 | ((4 - 1) << 2) | 1, /* e5 */ + 0x80 | ((4 - 1) << 2) | 1, /* e6 */ + 0x80 | ((4 - 1) << 2) | 1, /* e7 */ + 0x80 | ((4 - 1) << 2) | 1, /* e8 */ + 0x80 | ((4 - 1) << 2) | 1, /* e9 */ + 0x80 | ((4 - 1) << 2) | 1, /* ea */ + 0x80 | ((4 - 1) << 2) | 1, /* eb */ + 0x80 | ((4 - 1) << 2) | 1, /* ec */ + 0x80 | ((2 - 1) << 2) | 1, /* ed */ + 0x80 | ((4 - 1) << 2) | 1, /* ee */ + 0x80 | ((4 - 1) << 2) | 1, /* ef */ + 0x90 | ((3 - 1) << 2) | 2, /* f0 */ + 0x80 | ((4 - 1) << 2) | 2, /* f1 */ + 0x80 | ((4 - 1) << 2) | 2, /* f2 */ + 0x80 | ((4 - 1) << 2) | 2, /* f3 */ + 0x80 | ((1 - 1) << 2) | 2, /* f4 */ + + 0, /* s0 */ + 0x80 | ((4 - 1) << 2) | 0, /* s2 */ + 0x80 | ((4 - 1) << 2) | 1, /* s3 */ + }; + unsigned char s = *state; + + while (len--) { + unsigned char c = *buf++; + + if (!s) { + if (c >= 0x80) { + if (c < 0xc2 || c > 0xf4) + return 1; + if (c < 0xe0) + s = 0x80 | ((4 - 1) << 2); + else + s = e0f4[c - 0xe0]; + } + } else { + if (c < (s & 0xf0) || + c >= (s & 0xf0) + 0x10 + ((s << 2) & 0x30)) + return 1; + s = e0f4[21 + (s & 3)]; + } + } + + *state = s; + + return 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_parse_uri(char *p, const char **prot, const char **ads, int *port, + const char **path) +{ + const char *end; + static const char *slash = "/"; + + /* cut up the location into address, port and path */ + *prot = p; + while (*p && (*p != ':' || p[1] != '/' || p[2] != '/')) + p++; + if (!*p) { + end = p; + p = (char *)*prot; + *prot = end; + } else { + *p = '\0'; + p += 3; + } + *ads = p; + if (!strcmp(*prot, "http") || !strcmp(*prot, "ws")) + *port = 80; + else if (!strcmp(*prot, "https") || !strcmp(*prot, "wss")) + *port = 443; + + if (*p == '[') + { + ++(*ads); + while (*p && *p != ']') + p++; + if (*p) + *p++ = '\0'; + } + else + { + while (*p && *p != ':' && *p != '/') + p++; + } + if (*p == ':') { + *p++ = '\0'; + *port = atoi(p); + while (*p && *p != '/') + p++; + } + *path = slash; + if (*p) { + *p++ = '\0'; + if (*p) + *path = p; + } + + return 0; +} + +#ifdef LWS_NO_EXTENSIONS + +/* we need to provide dummy callbacks for internal exts + * so user code runs when faced with a lib compiled with + * extensions disabled. + */ + +int +lws_extension_callback_pm_deflate(struct lws_context *context, + const struct lws_extension *ext, + struct lws *wsi, + enum lws_extension_callback_reasons reason, + void *user, void *in, size_t len) +{ + (void)context; + (void)ext; + (void)wsi; + (void)reason; + (void)user; + (void)in; + (void)len; + + return 0; +} +#endif + +LWS_EXTERN int +lws_socket_bind(struct lws_vhost *vhost, lws_sockfd_type sockfd, int port, + const char *iface) +{ +#if LWS_POSIX +#ifdef LWS_USE_UNIX_SOCK + struct sockaddr_un serv_unix; +#endif +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 serv_addr6; +#endif + struct sockaddr_in serv_addr4; +#ifndef LWS_PLAT_OPTEE + socklen_t len = sizeof(struct sockaddr_storage); +#endif + int n; + struct sockaddr_storage sin; + struct sockaddr *v; + +#ifdef LWS_USE_UNIX_SOCK + if (LWS_UNIX_SOCK_ENABLED(vhost)) { + v = (struct sockaddr *)&serv_unix; + n = sizeof(struct sockaddr_un); + bzero((char *) &serv_unix, sizeof(serv_unix)); + serv_unix.sun_family = AF_UNIX; + if (sizeof(serv_unix.sun_path) <= strlen(iface)) { + lwsl_err("\"%s\" too long for UNIX domain socket\n", + iface); + return -1; + } + strcpy(serv_unix.sun_path, iface); + if (serv_unix.sun_path[0] == '@') + serv_unix.sun_path[0] = '\0'; + + } else +#endif +#if defined(LWS_USE_IPV6) && !defined(LWS_WITH_ESP32) + if (LWS_IPV6_ENABLED(vhost)) { + v = (struct sockaddr *)&serv_addr6; + n = sizeof(struct sockaddr_in6); + bzero((char *) &serv_addr6, sizeof(serv_addr6)); + if (iface) { + if (interface_to_sa(vhost, iface, + (struct sockaddr_in *)v, n) < 0) { + lwsl_err("Unable to find interface %s\n", iface); + return -1; + } + serv_addr6.sin6_scope_id = lws_get_addr_scope(iface); + } + + serv_addr6.sin6_family = AF_INET6; + serv_addr6.sin6_port = htons(port); + } else +#endif + { + v = (struct sockaddr *)&serv_addr4; + n = sizeof(serv_addr4); + bzero((char *) &serv_addr4, sizeof(serv_addr4)); + serv_addr4.sin_addr.s_addr = INADDR_ANY; + serv_addr4.sin_family = AF_INET; +#if !defined(LWS_WITH_ESP32) + + if (iface && + interface_to_sa(vhost, iface, + (struct sockaddr_in *)v, n) < 0) { + lwsl_err("Unable to find interface %s\n", iface); + return -1; + } +#endif + serv_addr4.sin_port = htons(port); + } /* ipv4 */ + + n = bind(sockfd, v, n); +#ifdef LWS_USE_UNIX_SOCK + if (n < 0 && LWS_UNIX_SOCK_ENABLED(vhost)) { + lwsl_err("ERROR on binding fd %d to \"%s\" (%d %d)\n", + sockfd, iface, n, LWS_ERRNO); + return -1; + } else +#endif + if (n < 0) { + lwsl_err("ERROR on binding fd %d to port %d (%d %d)\n", + sockfd, port, n, LWS_ERRNO); + return -1; + } + +#ifndef LWS_PLAT_OPTEE + if (getsockname(sockfd, (struct sockaddr *)&sin, &len) == -1) + lwsl_warn("getsockname: %s\n", strerror(LWS_ERRNO)); + else +#endif +#if defined(LWS_USE_IPV6) + port = (sin.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *) &sin)->sin6_port) : + ntohs(((struct sockaddr_in *) &sin)->sin_port); +#else + port = ntohs(((struct sockaddr_in *) &sin)->sin_port); +#endif +#endif + + return port; +} + +#if defined(LWS_USE_IPV6) +LWS_EXTERN unsigned long +lws_get_addr_scope(const char *ipaddr) +{ + unsigned long scope = 0; + +#ifndef WIN32 + struct ifaddrs *addrs, *addr; + char ip[NI_MAXHOST]; + unsigned int i; + + getifaddrs(&addrs); + for (addr = addrs; addr; addr = addr->ifa_next) { + if (!addr->ifa_addr || + addr->ifa_addr->sa_family != AF_INET6) + continue; + + getnameinfo(addr->ifa_addr, + sizeof(struct sockaddr_in6), + ip, sizeof(ip), + NULL, 0, NI_NUMERICHOST); + + i = 0; + while (ip[i]) + if (ip[i++] == '%') { + ip[i - 1] = '\0'; + break; + } + + if (!strcmp(ip, ipaddr)) { + scope = if_nametoindex(addr->ifa_name); + break; + } + } + freeifaddrs(addrs); +#else + PIP_ADAPTER_ADDRESSES adapter, addrs = NULL; + PIP_ADAPTER_UNICAST_ADDRESS addr; + ULONG size = 0; + DWORD ret; + struct sockaddr_in6 *sockaddr; + char ip[NI_MAXHOST]; + unsigned int i; + int found = 0; + + for (i = 0; i < 5; i++) + { + ret = GetAdaptersAddresses(AF_INET6, GAA_FLAG_INCLUDE_PREFIX, + NULL, addrs, &size); + if ((ret == NO_ERROR) || (ret == ERROR_NO_DATA)) { + break; + } else if (ret == ERROR_BUFFER_OVERFLOW) + { + if (addrs) + free(addrs); + addrs = (IP_ADAPTER_ADDRESSES *) malloc(size); + } else + { + if (addrs) + { + free(addrs); + addrs = NULL; + } + lwsl_err("Failed to get IPv6 address table (%d)", ret); + break; + } + } + + if ((ret == NO_ERROR) && (addrs)) + { + adapter = addrs; + while ((adapter) && (!found)) + { + addr = adapter->FirstUnicastAddress; + while ((addr) && (!found)) + { + if (addr->Address.lpSockaddr->sa_family == AF_INET6) + { + sockaddr = (struct sockaddr_in6 *) (addr->Address.lpSockaddr); + + lws_plat_inet_ntop(sockaddr->sin6_family, &sockaddr->sin6_addr, + ip, sizeof(ip)); + + if (!strcmp(ip, ipaddr)) { + scope = sockaddr->sin6_scope_id; + found = 1; + break; + } + } + addr = addr->Next; + } + adapter = adapter->Next; + } + } + if (addrs) + free(addrs); +#endif + + return scope; +} +#endif + +LWS_EXTERN void +lws_restart_ws_ping_pong_timer(struct lws *wsi) +{ + if (!wsi->context->ws_ping_pong_interval) + return; + if (wsi->state != LWSS_ESTABLISHED) + return; + + wsi->u.ws.time_next_ping_check = (time_t)lws_now_secs() + + wsi->context->ws_ping_pong_interval; +} + +static const char *hex = "0123456789ABCDEF"; + +LWS_VISIBLE LWS_EXTERN const char * +lws_sql_purify(char *escaped, const char *string, int len) +{ + const char *p = string; + char *q = escaped; + + while (*p && len-- > 2) { + if (*p == '\'') { + *q++ = '\''; + *q++ = '\''; + len --; + p++; + } else + *q++ = *p++; + } + *q = '\0'; + + return escaped; +} + +LWS_VISIBLE LWS_EXTERN const char * +lws_json_purify(char *escaped, const char *string, int len) +{ + const char *p = string; + char *q = escaped; + + if (!p) { + escaped[0] = '\0'; + return escaped; + } + + while (*p && len-- > 6) { + if (*p == '\"' || *p == '\\' || *p < 0x20) { + *q++ = '\\'; + *q++ = 'u'; + *q++ = '0'; + *q++ = '0'; + *q++ = hex[((*p) >> 4) & 15]; + *q++ = hex[(*p) & 15]; + len -= 5; + p++; + } else + *q++ = *p++; + } + *q = '\0'; + + return escaped; +} + +LWS_VISIBLE LWS_EXTERN const char * +lws_urlencode(char *escaped, const char *string, int len) +{ + const char *p = string; + char *q = escaped; + + while (*p && len-- > 3) { + if (*p == ' ') { + *q++ = '+'; + p++; + continue; + } + if ((*p >= '0' && *p <= '9') || + (*p >= 'A' && *p <= 'Z') || + (*p >= 'a' && *p <= 'z')) { + *q++ = *p++; + continue; + } + *q++ = '%'; + *q++ = hex[(*p >> 4) & 0xf]; + *q++ = hex[*p & 0xf]; + + len -= 2; + p++; + } + *q = '\0'; + + return escaped; +} + +LWS_VISIBLE LWS_EXTERN int +lws_urldecode(char *string, const char *escaped, int len) +{ + int state = 0, n; + char sum = 0; + + while (*escaped && len) { + switch (state) { + case 0: + if (*escaped == '%') { + state++; + escaped++; + continue; + } + if (*escaped == '+') { + escaped++; + *string++ = ' '; + len--; + continue; + } + *string++ = *escaped++; + len--; + break; + case 1: + n = char_to_hex(*escaped); + if (n < 0) + return -1; + escaped++; + sum = n << 4; + state++; + break; + + case 2: + n = char_to_hex(*escaped); + if (n < 0) + return -1; + escaped++; + *string++ = sum | n; + len--; + state = 0; + break; + } + + } + *string = '\0'; + + return 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_finalize_startup(struct lws_context *context) +{ + struct lws_context_creation_info info; + + info.uid = context->uid; + info.gid = context->gid; + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + memcpy(info.caps, context->caps, sizeof(info.caps)); + info.count_caps = context->count_caps; +#endif + + if (lws_check_opt(context->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) + lws_plat_drop_app_privileges(&info); + + return 0; +} + +int +lws_snprintf(char *str, size_t size, const char *format, ...) +{ + va_list ap; + int n; + + if (!size) + return 0; + + va_start(ap, format); + n = vsnprintf(str, size, format, ap); + va_end(ap); + + if (n >= (int)size) + return size; + + return n; +} + + +LWS_VISIBLE LWS_EXTERN int +lws_is_cgi(struct lws *wsi) { +#ifdef LWS_WITH_CGI + return !!wsi->cgi; +#else + return 0; +#endif +} + +#ifdef LWS_WITH_CGI + +static int +urlencode(const char *in, int inlen, char *out, int outlen) +{ + char *start = out, *end = out + outlen; + + while (inlen-- && out < end - 4) { + if ((*in >= 'A' && *in <= 'Z') || + (*in >= 'a' && *in <= 'z') || + (*in >= '0' && *in <= '9') || + *in == '-' || + *in == '_' || + *in == '.' || + *in == '~') { + *out++ = *in++; + continue; + } + if (*in == ' ') { + *out++ = '+'; + in++; + continue; + } + *out++ = '%'; + *out++ = hex[(*in) >> 4]; + *out++ = hex[(*in++) & 15]; + } + *out = '\0'; + + if (out >= end - 4) + return -1; + + return out - start; +} + +static struct lws * +lws_create_basic_wsi(struct lws_context *context, int tsi) +{ + struct lws *new_wsi; + + if ((unsigned int)context->pt[tsi].fds_count == + context->fd_limit_per_thread - 1) { + lwsl_err("no space for new conn\n"); + return NULL; + } + + new_wsi = lws_zalloc(sizeof(struct lws)); + if (new_wsi == NULL) { + lwsl_err("Out of memory for new connection\n"); + return NULL; + } + + new_wsi->tsi = tsi; + new_wsi->context = context; + new_wsi->pending_timeout = NO_PENDING_TIMEOUT; + new_wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; + + /* initialize the instance struct */ + + new_wsi->state = LWSS_CGI; + new_wsi->mode = LWSCM_CGI; + new_wsi->hdr_parsing_completed = 0; + new_wsi->position_in_fds_table = -1; + + /* + * these can only be set once the protocol is known + * we set an unestablished connection's protocol pointer + * to the start of the defauly vhost supported list, so it can look + * for matching ones during the handshake + */ + new_wsi->protocol = context->vhost_list->protocols; + new_wsi->user_space = NULL; + new_wsi->ietf_spec_revision = 0; + new_wsi->desc.sockfd = LWS_SOCK_INVALID; + context->count_wsi_allocated++; + + return new_wsi; +} + +LWS_VISIBLE LWS_EXTERN int +lws_cgi(struct lws *wsi, const char * const *exec_array, int script_uri_path_len, + int timeout_secs, const struct lws_protocol_vhost_options *mp_cgienv) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + char *env_array[30], cgi_path[400], e[1024], *p = e, + *end = p + sizeof(e) - 1, tok[256], *t; + struct lws_cgi *cgi; + int n, m, i, uritok = -1; + + /* + * give the master wsi a cgi struct + */ + + wsi->cgi = lws_zalloc(sizeof(*wsi->cgi)); + if (!wsi->cgi) { + lwsl_err("%s: OOM\n", __func__); + return -1; + } + + wsi->cgi->response_code = HTTP_STATUS_OK; + + cgi = wsi->cgi; + cgi->wsi = wsi; /* set cgi's owning wsi */ + + /* create pipes for [stdin|stdout] and [stderr] */ + + for (n = 0; n < 3; n++) + if (pipe(cgi->pipe_fds[n]) == -1) + goto bail1; + + /* create cgi wsis for each stdin/out/err fd */ + + for (n = 0; n < 3; n++) { + cgi->stdwsi[n] = lws_create_basic_wsi(wsi->context, wsi->tsi); + if (!cgi->stdwsi[n]) + goto bail2; + cgi->stdwsi[n]->cgi_channel = n; + cgi->stdwsi[n]->vhost = wsi->vhost; + +// lwsl_err("%s: cgi %p: pipe fd %d -> fd %d / %d\n", __func__, wsi, n, +// cgi->pipe_fds[n][!!(n == 0)], cgi->pipe_fds[n][!(n == 0)]); + + /* read side is 0, stdin we want the write side, others read */ + cgi->stdwsi[n]->desc.sockfd = cgi->pipe_fds[n][!!(n == 0)]; + if (fcntl(cgi->pipe_fds[n][!!(n == 0)], F_SETFL, O_NONBLOCK) < 0) { + lwsl_err("%s: setting NONBLOCK failed\n", __func__); + goto bail2; + } + } + + for (n = 0; n < 3; n++) { + lws_libuv_accept(cgi->stdwsi[n], cgi->stdwsi[n]->desc); + if (insert_wsi_socket_into_fds(wsi->context, cgi->stdwsi[n])) + goto bail3; + cgi->stdwsi[n]->parent = wsi; + cgi->stdwsi[n]->sibling_list = wsi->child_list; + wsi->child_list = cgi->stdwsi[n]; + } + + lws_change_pollfd(cgi->stdwsi[LWS_STDIN], LWS_POLLIN, LWS_POLLOUT); + lws_change_pollfd(cgi->stdwsi[LWS_STDOUT], LWS_POLLOUT, LWS_POLLIN); + lws_change_pollfd(cgi->stdwsi[LWS_STDERR], LWS_POLLOUT, LWS_POLLIN); + + lwsl_debug("%s: fds in %d, out %d, err %d\n", __func__, + cgi->stdwsi[LWS_STDIN]->desc.sockfd, + cgi->stdwsi[LWS_STDOUT]->desc.sockfd, + cgi->stdwsi[LWS_STDERR]->desc.sockfd); + + lws_set_timeout(wsi, PENDING_TIMEOUT_CGI, timeout_secs); + + /* the cgi stdout is always sending us http1.x header data first */ + wsi->hdr_state = LCHS_HEADER; + + /* add us to the pt list of active cgis */ + lwsl_debug("%s: adding cgi %p to list\n", __func__, wsi->cgi); + cgi->cgi_list = pt->cgi_list; + pt->cgi_list = cgi; + + /* prepare his CGI env */ + + n = 0; + + if (lws_is_ssl(wsi)) + env_array[n++] = "HTTPS=ON"; + if (wsi->u.hdr.ah) { + static const unsigned char meths[] = { + WSI_TOKEN_GET_URI, + WSI_TOKEN_POST_URI, + WSI_TOKEN_OPTIONS_URI, + WSI_TOKEN_PUT_URI, + WSI_TOKEN_PATCH_URI, + WSI_TOKEN_DELETE_URI, + }; + static const char * const meth_names[] = { + "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", + }; + + for (m = 0; m < ARRAY_SIZE(meths); m++) + if (lws_hdr_total_length(wsi, meths[m]) >= + script_uri_path_len) { + uritok = meths[m]; + break; + } + + if (uritok < 0) + goto bail3; + + lws_snprintf(cgi_path, sizeof(cgi_path) - 1, "REQUEST_URI=%s", + lws_hdr_simple_ptr(wsi, uritok)); + cgi_path[sizeof(cgi_path) - 1] = '\0'; + env_array[n++] = cgi_path; + + env_array[n++] = p; + p += lws_snprintf(p, end - p, "REQUEST_METHOD=%s", + meth_names[m]); + p++; + + env_array[n++] = p; + p += lws_snprintf(p, end - p, "QUERY_STRING="); + /* dump the individual URI Arg parameters */ + m = 0; + while (1) { + i = lws_hdr_copy_fragment(wsi, tok, sizeof(tok), + WSI_TOKEN_HTTP_URI_ARGS, m); + if (i < 0) + break; + t = tok; + while (*t && *t != '=' && p < end - 4) + *p++ = *t++; + if (*t == '=') + *p++ = *t++; + i = urlencode(t, i- (t - tok), p, end - p); + if (i > 0) { + p += i; + *p++ = '&'; + } + m++; + } + if (m) + p--; + *p++ = '\0'; + + env_array[n++] = p; + p += lws_snprintf(p, end - p, "PATH_INFO=%s", + lws_hdr_simple_ptr(wsi, uritok) + + script_uri_path_len); + p++; + } + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_REFERER)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "HTTP_REFERER=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_REFERER)); + p++; + } + if (lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "HTTP_HOST=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)); + p++; + } + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COOKIE)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "HTTP_COOKIE=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COOKIE)); + p++; + } + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_USER_AGENT)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "USER_AGENT=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_USER_AGENT)); + p++; + } + if (uritok == WSI_TOKEN_POST_URI) { + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "CONTENT_TYPE=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)); + p++; + } + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "CONTENT_LENGTH=%s", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)); + p++; + } + } + env_array[n++] = p; + p += lws_snprintf(p, end - p, "SCRIPT_PATH=%s", exec_array[0]) + 1; + + while (mp_cgienv) { + env_array[n++] = p; + p += lws_snprintf(p, end - p, "%s=%s", mp_cgienv->name, + mp_cgienv->value); + lwsl_debug(" Applying mount-specific cgi env '%s'\n", + env_array[n - 1]); + p++; + mp_cgienv = mp_cgienv->next; + } + + env_array[n++] = "SERVER_SOFTWARE=libwebsockets"; + env_array[n++] = "PATH=/bin:/usr/bin:/usr/local/bin:/var/www/cgi-bin"; + env_array[n] = NULL; + +#if 0 + for (m = 0; m < n; m++) + lwsl_err(" %s\n", env_array[m]); +#endif + + /* + * Actually having made the env, as a cgi we don't need the ah + * any more + */ + if (lws_header_table_is_in_detachable_state(wsi)) + lws_header_table_detach(wsi, 0); + + /* we are ready with the redirection pipes... run the thing */ +#if !defined(LWS_HAVE_VFORK) || !defined(LWS_HAVE_EXECVPE) + cgi->pid = fork(); +#else + cgi->pid = vfork(); +#endif + if (cgi->pid < 0) { + lwsl_err("fork failed, errno %d", errno); + goto bail3; + } + +#if defined(__linux__) + prctl(PR_SET_PDEATHSIG, SIGTERM); +#endif + setpgrp(); /* stops on-daemonized main processess getting SIGINT from TTY */ + + if (cgi->pid) { + /* we are the parent process */ + wsi->context->count_cgi_spawned++; + lwsl_debug("%s: cgi %p spawned PID %d\n", __func__, cgi, cgi->pid); + return 0; + } + + /* somewhere we can at least read things and enter it */ + if (chdir("/tmp")) + lwsl_notice("%s: Failed to chdir\n", __func__); + + /* We are the forked process, redirect and kill inherited things. + * + * Because of vfork(), we cannot do anything that changes pages in + * the parent environment. Stuff that changes kernel state for the + * process is OK. Stuff that happens after the execvpe() is OK. + */ + + for (n = 0; n < 3; n++) { + if (dup2(cgi->pipe_fds[n][!(n == 0)], n) < 0) { + lwsl_err("%s: stdin dup2 failed\n", __func__); + goto bail3; + } + close(cgi->pipe_fds[n][!(n == 0)]); + } + +#if !defined(LWS_HAVE_VFORK) || !defined(LWS_HAVE_EXECVPE) + for (m = 0; m < n; m++) { + p = strchr(env_array[m], '='); + *p++ = '\0'; + setenv(env_array[m], p, 1); + } + execvp(exec_array[0], (char * const *)&exec_array[0]); +#else + execvpe(exec_array[0], (char * const *)&exec_array[0], &env_array[0]); +#endif + + exit(1); + +bail3: + /* drop us from the pt cgi list */ + pt->cgi_list = cgi->cgi_list; + + while (--n >= 0) + remove_wsi_socket_from_fds(wsi->cgi->stdwsi[n]); +bail2: + for (n = 0; n < 3; n++) + if (wsi->cgi->stdwsi[n]) + lws_free_wsi(cgi->stdwsi[n]); + +bail1: + for (n = 0; n < 3; n++) { + if (cgi->pipe_fds[n][0]) + close(cgi->pipe_fds[n][0]); + if (cgi->pipe_fds[n][1]) + close(cgi->pipe_fds[n][1]); + } + + lws_free_set_NULL(wsi->cgi); + + lwsl_err("%s: failed\n", __func__); + + return -1; +} + +/* we have to parse out these headers in the CGI output */ + +static const char * const significant_hdr[SIGNIFICANT_HDR_COUNT] = { + "content-length: ", + "location: ", + "status: ", + "transfer-encoding: chunked", +}; + +LWS_VISIBLE LWS_EXTERN int +lws_cgi_write_split_stdout_headers(struct lws *wsi) +{ + int n, m; + unsigned char buf[LWS_PRE + 1024], *start = &buf[LWS_PRE], *p = start, + *end = &buf[sizeof(buf) - 1 - LWS_PRE]; + char c; + + if (!wsi->cgi) + return -1; + + while (wsi->hdr_state != LHCS_PAYLOAD) { + /* we have to separate header / finalize and + * payload chunks, since they need to be + * handled separately + */ + + switch (wsi->hdr_state) { + + case LHCS_RESPONSE: + lwsl_info("LHCS_RESPONSE: issuing response %d\n", + wsi->cgi->response_code); + if (lws_add_http_header_status(wsi, wsi->cgi->response_code, &p, end)) + return 1; + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_CONNECTION, + (unsigned char *)"close", 5, &p, end)) + return 1; + n = lws_write(wsi, start, p - start, + LWS_WRITE_HTTP_HEADERS); + + /* finalize cached headers before dumping them */ + if (lws_finalize_http_header(wsi, + (unsigned char **)&wsi->cgi->headers_pos, + (unsigned char *)wsi->cgi->headers_end)) { + + lwsl_notice("finalize failed\n"); + return -1; + } + + wsi->hdr_state = LHCS_DUMP_HEADERS; + wsi->reason_bf |= 8; + lws_callback_on_writable(wsi); + /* back to the loop for writeability again */ + return 0; + + case LHCS_DUMP_HEADERS: + + n = wsi->cgi->headers_pos - wsi->cgi->headers_dumped; + if (n > 512) + n = 512; + + lwsl_debug("LHCS_DUMP_HEADERS: %d\n", n); + + m = lws_write(wsi, (unsigned char *)wsi->cgi->headers_dumped, + n, LWS_WRITE_HTTP_HEADERS); + if (m < 0) { + lwsl_debug("%s: write says %d\n", __func__, m); + return -1; + } + wsi->cgi->headers_dumped += n; + if (wsi->cgi->headers_dumped == wsi->cgi->headers_pos) { + wsi->hdr_state = LHCS_PAYLOAD; + lws_free_set_NULL(wsi->cgi->headers_buf); + lwsl_debug("freed cgi headers\n"); + } else { + wsi->reason_bf |= 8; + lws_callback_on_writable(wsi); + } + + /* writeability becomes uncertain now we wrote + * something, we must return to the event loop + */ + return 0; + } + + if (!wsi->cgi->headers_buf) { + /* if we don't already have a headers buf, cook one up */ + n = 2048; + wsi->cgi->headers_buf = malloc(n); + if (!wsi->cgi->headers_buf) { + lwsl_err("OOM\n"); + return -1; + } + + lwsl_debug("allocated cgi hdrs\n"); + wsi->cgi->headers_pos = wsi->cgi->headers_buf; + wsi->cgi->headers_dumped = wsi->cgi->headers_pos; + wsi->cgi->headers_end = wsi->cgi->headers_buf + n - 1; + + for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) { + wsi->cgi->match[n] = 0; + wsi->cgi->lp = 0; + } + } + + n = read(lws_get_socket_fd(wsi->cgi->stdwsi[LWS_STDOUT]), &c, 1); + if (n < 0) { + if (errno != EAGAIN) { + lwsl_debug("%s: read says %d\n", __func__, n); + return -1; + } + else + n = 0; + + if (wsi->cgi->headers_pos >= wsi->cgi->headers_end - 4) { + lwsl_notice("CGI headers larger than buffer size\n"); + + return -1; + } + } + if (n) { + lwsl_debug("-- 0x%02X %c %d %d\n", (unsigned char)c, c, wsi->cgi->match[1], wsi->hdr_state); + if (!c) + return -1; + switch (wsi->hdr_state) { + case LCHS_HEADER: + hdr: + for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) { + /* significant headers with numeric decimal payloads */ + if (!significant_hdr[n][wsi->cgi->match[n]] && + (c >= '0' && c <= '9') && + wsi->cgi->lp < sizeof(wsi->cgi->l) - 1) { + wsi->cgi->l[wsi->cgi->lp++] = c; + wsi->cgi->l[wsi->cgi->lp] = '\0'; + switch (n) { + case SIGNIFICANT_HDR_CONTENT_LENGTH: + wsi->cgi->content_length = atoll(wsi->cgi->l); + break; + case SIGNIFICANT_HDR_STATUS: + wsi->cgi->response_code = atol(wsi->cgi->l); + lwsl_debug("Status set to %d\n", wsi->cgi->response_code); + break; + default: + break; + } + } + /* hits up to the NUL are sticky until next hdr */ + if (significant_hdr[n][wsi->cgi->match[n]]) { + if (tolower(c) == significant_hdr[n][wsi->cgi->match[n]]) + wsi->cgi->match[n]++; + else + wsi->cgi->match[n] = 0; + } + } + + /* some cgi only send us \x0a for EOL */ + if (c == '\x0a') { + wsi->hdr_state = LCHS_SINGLE_0A; + *wsi->cgi->headers_pos++ = '\x0d'; + } + *wsi->cgi->headers_pos++ = c; + if (c == '\x0d') + wsi->hdr_state = LCHS_LF1; + + if (wsi->hdr_state != LCHS_HEADER && + !significant_hdr[SIGNIFICANT_HDR_TRANSFER_ENCODING][wsi->cgi->match[SIGNIFICANT_HDR_TRANSFER_ENCODING]]) { + lwsl_debug("cgi produced chunked\n"); + wsi->cgi->explicitly_chunked = 1; + } + + /* presence of Location: mandates 302 retcode */ + if (wsi->hdr_state != LCHS_HEADER && + !significant_hdr[SIGNIFICANT_HDR_LOCATION][wsi->cgi->match[SIGNIFICANT_HDR_LOCATION]]) { + lwsl_debug("CGI: Location hdr seen\n"); + wsi->cgi->response_code = 302; + } + + break; + case LCHS_LF1: + *wsi->cgi->headers_pos++ = c; + if (c == '\x0a') { + wsi->hdr_state = LCHS_CR2; + break; + } + /* we got \r[^\n]... it's unreasonable */ + lwsl_debug("%s: funny CRLF 0x%02X\n", __func__, (unsigned char)c); + return -1; + + case LCHS_CR2: + if (c == '\x0d') { + /* drop the \x0d */ + wsi->hdr_state = LCHS_LF2; + break; + } + wsi->hdr_state = LCHS_HEADER; + for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) + wsi->cgi->match[n] = 0; + wsi->cgi->lp = 0; + goto hdr; + + case LCHS_LF2: + case LCHS_SINGLE_0A: + m = wsi->hdr_state; + if (c == '\x0a') { + lwsl_debug("Content-Length: %lld\n", (unsigned long long)wsi->cgi->content_length); + wsi->hdr_state = LHCS_RESPONSE; + /* drop the \0xa ... finalize will add it if needed */ + break; + } + if (m == LCHS_LF2) + /* we got \r\n\r[^\n]... it's unreasonable */ + return -1; + /* we got \x0anext header, it's reasonable */ + *wsi->cgi->headers_pos++ = c; + wsi->hdr_state = LCHS_HEADER; + for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) + wsi->cgi->match[n] = 0; + wsi->cgi->lp = 0; + break; + case LHCS_PAYLOAD: + break; + } + } + + /* ran out of input, ended the headers, or filled up the headers buf */ + if (!n || wsi->hdr_state == LHCS_PAYLOAD) + return 0; + } + + /* payload processing */ + + n = read(lws_get_socket_fd(wsi->cgi->stdwsi[LWS_STDOUT]), + start, sizeof(buf) - LWS_PRE); + + if (n < 0 && errno != EAGAIN) { + lwsl_debug("%s: stdout read says %d\n", __func__, n); + return -1; + } + if (n > 0) { + m = lws_write(wsi, (unsigned char *)start, n, LWS_WRITE_HTTP); + //lwsl_notice("write %d\n", m); + if (m < 0) { + lwsl_debug("%s: stdout write says %d\n", __func__, m); + return -1; + } + wsi->cgi->content_length_seen += m; + } + + return 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_cgi_kill(struct lws *wsi) +{ + struct lws_cgi_args args; + int status, n; + + lwsl_debug("%s: %p\n", __func__, wsi); + + if (!wsi->cgi) + return 0; + + if (wsi->cgi->pid > 0) { + n = waitpid(wsi->cgi->pid, &status, WNOHANG); + if (n > 0) { + lwsl_debug("%s: PID %d reaped\n", __func__, + wsi->cgi->pid); + goto handled; + } + /* kill the process group */ + n = kill(-wsi->cgi->pid, SIGTERM); + lwsl_debug("%s: SIGTERM child PID %d says %d (errno %d)\n", __func__, + wsi->cgi->pid, n, errno); + if (n < 0) { + /* + * hum seen errno=3 when process is listed in ps, + * it seems we don't always retain process grouping + * + * Direct these fallback attempt to the exact child + */ + n = kill(wsi->cgi->pid, SIGTERM); + if (n < 0) { + n = kill(wsi->cgi->pid, SIGPIPE); + if (n < 0) { + n = kill(wsi->cgi->pid, SIGKILL); + if (n < 0) + lwsl_err("%s: SIGKILL PID %d failed errno %d (maybe zombie)\n", + __func__, wsi->cgi->pid, errno); + } + } + } + /* He could be unkillable because he's a zombie */ + n = 1; + while (n > 0) { + n = waitpid(-wsi->cgi->pid, &status, WNOHANG); + if (n > 0) + lwsl_debug("%s: reaped PID %d\n", __func__, n); + if (n <= 0) { + n = waitpid(wsi->cgi->pid, &status, WNOHANG); + if (n > 0) + lwsl_debug("%s: reaped PID %d\n", __func__, n); + } + } + } + +handled: + args.stdwsi = &wsi->cgi->stdwsi[0]; + + if (wsi->cgi->pid != -1 && user_callback_handle_rxflow( + wsi->protocol->callback, + wsi, LWS_CALLBACK_CGI_TERMINATED, + wsi->user_space, + (void *)&args, 0)) { + wsi->cgi->pid = -1; + if (!wsi->cgi->being_closed) + lws_close_free_wsi(wsi, 0); + } + + return 0; +} + +LWS_EXTERN int +lws_cgi_kill_terminated(struct lws_context_per_thread *pt) +{ + struct lws_cgi **pcgi, *cgi = NULL; + int status, n = 1; + + while (n > 0) { + /* find finished guys but don't reap yet */ + n = waitpid(-1, &status, WNOHANG); + if (n <= 0) + continue; + lwsl_debug("%s: observed PID %d terminated\n", __func__, n); + + pcgi = &pt->cgi_list; + + /* check all the subprocesses on the cgi list */ + while (*pcgi) { + /* get the next one first as list may change */ + cgi = *pcgi; + pcgi = &(*pcgi)->cgi_list; + + if (cgi->pid <= 0) + continue; + + /* finish sending cached headers */ + if (cgi->headers_buf) + continue; + + /* wait for stdout to be drained */ + if (cgi->content_length > cgi->content_length_seen) + continue; + + if (cgi->content_length) { + lwsl_debug("%s: wsi %p: expected content length seen: %lld\n", + __func__, cgi->wsi, (unsigned long long)cgi->content_length_seen); + } + + /* reap it */ + waitpid(n, &status, WNOHANG); + /* + * he's already terminated so no need for kill() + * but we should do the terminated cgi callback + * and close him if he's not already closing + */ + if (n == cgi->pid) { + lwsl_debug("%s: found PID %d on cgi list\n", + __func__, n); + + if (!cgi->content_length && cgi->explicitly_chunked) { + /* + * well, if he sends chunked... give him 5s after the + * cgi terminated to send buffered + */ + cgi->chunked_grace++; + continue; + } + + /* defeat kill() */ + cgi->pid = 0; + lws_cgi_kill(cgi->wsi); + + break; + } + cgi = NULL; + } + /* if not found on the cgi list, as he's one of ours, reap */ + if (!cgi) { + lwsl_debug("%s: reading PID %d although no cgi match\n", + __func__, n); + waitpid(n, &status, WNOHANG); + } + } + +/* disable this to confirm timeout cgi cleanup flow */ +#if 1 + pcgi = &pt->cgi_list; + + /* check all the subprocesses on the cgi list */ + while (*pcgi) { + /* get the next one first as list may change */ + cgi = *pcgi; + pcgi = &(*pcgi)->cgi_list; + + if (cgi->pid <= 0) + continue; + + /* we deferred killing him after reaping his PID */ + if (cgi->chunked_grace) { + cgi->chunked_grace++; + if (cgi->chunked_grace < 5) + continue; + goto finish_him; + } + + /* finish sending cached headers */ + if (cgi->headers_buf) + continue; + + /* wait for stdout to be drained */ + if (cgi->content_length > cgi->content_length_seen) + continue; + + if (cgi->content_length) + lwsl_debug("%s: wsi %p: expected content length seen: %lld\n", + __func__, cgi->wsi, (unsigned long long)cgi->content_length_seen); + + /* reap it */ + if (waitpid(cgi->pid, &status, WNOHANG) > 0) { + + if (!cgi->content_length) { + /* + * well, if he sends chunked... give him 5s after the + * cgi terminated to send buffered + */ + cgi->chunked_grace++; + continue; + } +finish_him: + lwsl_debug("%s: found PID %d on cgi list\n", + __func__, cgi->pid); + /* defeat kill() */ + cgi->pid = 0; + lws_cgi_kill(cgi->wsi); + + break; + } + } +#endif + + /* general anti zombie defence */ +// n = waitpid(-1, &status, WNOHANG); + //if (n > 0) + // lwsl_notice("%s: anti-zombie wait says %d\n", __func__, n); + + return 0; +} +#endif + +#ifdef LWS_NO_EXTENSIONS +LWS_EXTERN int +lws_set_extension_option(struct lws *wsi, const char *ext_name, + const char *opt_name, const char *opt_val) +{ + return -1; +} +#endif + +#ifdef LWS_WITH_ACCESS_LOG +int +lws_access_log(struct lws *wsi) +{ + char *p = wsi->access_log.user_agent, ass[512]; + int l; + + if (!wsi->access_log_pending) + return 0; + + if (!wsi->access_log.header_log) + return 0; + + if (!p) + p = ""; + + l = lws_snprintf(ass, sizeof(ass) - 1, "%s %d %lu %s\n", + wsi->access_log.header_log, + wsi->access_log.response, wsi->access_log.sent, p); + + if (wsi->vhost->log_fd != (int)LWS_INVALID_FILE) { + if (write(wsi->vhost->log_fd, ass, l) != l) + lwsl_err("Failed to write log\n"); + } else + lwsl_err("%s", ass); + + if (wsi->access_log.header_log) { + lws_free(wsi->access_log.header_log); + wsi->access_log.header_log = NULL; + } + if (wsi->access_log.user_agent) { + lws_free(wsi->access_log.user_agent); + wsi->access_log.user_agent = NULL; + } + wsi->access_log_pending = 0; + + return 0; +} +#endif + +void +lws_sum_stats(const struct lws_context *ctx, struct lws_conn_stats *cs) +{ + const struct lws_vhost *vh = ctx->vhost_list; + + while (vh) { + + cs->rx += vh->conn_stats.rx; + cs->tx += vh->conn_stats.tx; + cs->conn += vh->conn_stats.conn; + cs->trans += vh->conn_stats.trans; + cs->ws_upg += vh->conn_stats.ws_upg; + cs->http2_upg += vh->conn_stats.http2_upg; + cs->rejected += vh->conn_stats.rejected; + + vh = vh->vhost_next; + } +} + +#ifdef LWS_WITH_SERVER_STATUS + +LWS_EXTERN int +lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len) +{ + static const char * const prots[] = { + "http://", + "https://", + "file://", + "cgi://", + ">http://", + ">https://", + "callback://" + }; + char *orig = buf, *end = buf + len - 1, first = 1; + int n = 0; + + if (len < 100) + return 0; + + buf += lws_snprintf(buf, end - buf, + "{\n \"name\":\"%s\",\n" + " \"port\":\"%d\",\n" + " \"use_ssl\":\"%d\",\n" + " \"sts\":\"%d\",\n" + " \"rx\":\"%llu\",\n" + " \"tx\":\"%llu\",\n" + " \"conn\":\"%lu\",\n" + " \"trans\":\"%lu\",\n" + " \"ws_upg\":\"%lu\",\n" + " \"rejected\":\"%lu\",\n" + " \"http2_upg\":\"%lu\"" + , + vh->name, vh->listen_port, +#ifdef LWS_OPENSSL_SUPPORT + vh->use_ssl, +#else + 0, +#endif + !!(vh->options & LWS_SERVER_OPTION_STS), + vh->conn_stats.rx, vh->conn_stats.tx, + vh->conn_stats.conn, vh->conn_stats.trans, + vh->conn_stats.ws_upg, + vh->conn_stats.rejected, + vh->conn_stats.http2_upg + ); + + if (vh->mount_list) { + const struct lws_http_mount *m = vh->mount_list; + + buf += lws_snprintf(buf, end - buf, ",\n \"mounts\":["); + while (m) { + if (!first) + buf += lws_snprintf(buf, end - buf, ","); + buf += lws_snprintf(buf, end - buf, + "\n {\n \"mountpoint\":\"%s\",\n" + " \"origin\":\"%s%s\",\n" + " \"cache_max_age\":\"%d\",\n" + " \"cache_reuse\":\"%d\",\n" + " \"cache_revalidate\":\"%d\",\n" + " \"cache_intermediaries\":\"%d\"\n" + , + m->mountpoint, + prots[m->origin_protocol], + m->origin, + m->cache_max_age, + m->cache_reusable, + m->cache_revalidate, + m->cache_intermediaries); + if (m->def) + buf += lws_snprintf(buf, end - buf, + ",\n \"default\":\"%s\"", + m->def); + buf += lws_snprintf(buf, end - buf, "\n }"); + first = 0; + m = m->mount_next; + } + buf += lws_snprintf(buf, end - buf, "\n ]"); + } + + if (vh->protocols) { + n = 0; + first = 1; + + buf += lws_snprintf(buf, end - buf, ",\n \"ws-protocols\":["); + while (n < vh->count_protocols) { + if (!first) + buf += lws_snprintf(buf, end - buf, ","); + buf += lws_snprintf(buf, end - buf, + "\n {\n \"%s\":{\n" + " \"status\":\"ok\"\n }\n }" + , + vh->protocols[n].name); + first = 0; + n++; + } + buf += lws_snprintf(buf, end - buf, "\n ]"); + } + + buf += lws_snprintf(buf, end - buf, "\n}"); + + return buf - orig; +} + + +LWS_EXTERN LWS_VISIBLE int +lws_json_dump_context(const struct lws_context *context, char *buf, int len, + int hide_vhosts) +{ + char *orig = buf, *end = buf + len - 1, first = 1; + const struct lws_vhost *vh = context->vhost_list; + const struct lws_context_per_thread *pt; + time_t t = time(NULL); + int n, listening = 0, cgi_count = 0; + struct lws_conn_stats cs; + double d = 0; +#ifdef LWS_WITH_CGI + struct lws_cgi * const *pcgi; +#endif + +#ifdef LWS_USE_LIBUV + uv_uptime(&d); +#endif + + buf += lws_snprintf(buf, end - buf, "{ " + "\"version\":\"%s\",\n" + "\"uptime\":\"%ld\",\n", + lws_get_library_version(), + (long)d); + +#ifdef LWS_HAVE_GETLOADAVG + { + double d[3]; + int m; + + m = getloadavg(d, 3); + for (n = 0; n < m; n++) { + buf += lws_snprintf(buf, end - buf, + "\"l%d\":\"%.2f\",\n", + n + 1, d[n]); + } + } +#endif + + buf += lws_snprintf(buf, end - buf, "\"contexts\":[\n"); + + buf += lws_snprintf(buf, end - buf, "{ " + "\"context_uptime\":\"%ld\",\n" + "\"cgi_spawned\":\"%d\",\n" + "\"pt_fd_max\":\"%d\",\n" + "\"ah_pool_max\":\"%d\",\n" + "\"deprecated\":\"%d\",\n" + "\"wsi_alive\":\"%d\",\n", + (unsigned long)(t - context->time_up), + context->count_cgi_spawned, + context->fd_limit_per_thread, + context->max_http_header_pool, + context->deprecated, + context->count_wsi_allocated); + + buf += lws_snprintf(buf, end - buf, "\"pt\":[\n "); + for (n = 0; n < context->count_threads; n++) { + pt = &context->pt[n]; + if (n) + buf += lws_snprintf(buf, end - buf, ","); + buf += lws_snprintf(buf, end - buf, + "\n {\n" + " \"fds_count\":\"%d\",\n" + " \"ah_pool_inuse\":\"%d\",\n" + " \"ah_wait_list\":\"%d\"\n" + " }", + pt->fds_count, + pt->ah_count_in_use, + pt->ah_wait_list_length); + } + + buf += lws_snprintf(buf, end - buf, "]"); + + buf += lws_snprintf(buf, end - buf, ", \"vhosts\":[\n "); + + first = 1; + vh = context->vhost_list; + listening = 0; + cs = context->conn_stats; + lws_sum_stats(context, &cs); + while (vh) { + + if (!hide_vhosts) { + if (!first) + if(buf != end) + *buf++ = ','; + buf += lws_json_dump_vhost(vh, buf, end - buf); + first = 0; + } + if (vh->lserv_wsi) + listening++; + vh = vh->vhost_next; + } + + buf += lws_snprintf(buf, end - buf, + "],\n\"listen_wsi\":\"%d\",\n" + " \"rx\":\"%llu\",\n" + " \"tx\":\"%llu\",\n" + " \"conn\":\"%lu\",\n" + " \"trans\":\"%lu\",\n" + " \"ws_upg\":\"%lu\",\n" + " \"rejected\":\"%lu\",\n" + " \"http2_upg\":\"%lu\"", + listening, + cs.rx, cs.tx, cs.conn, cs.trans, + cs.ws_upg, cs.rejected, cs.http2_upg); + +#ifdef LWS_WITH_CGI + for (n = 0; n < context->count_threads; n++) { + pt = &context->pt[n]; + pcgi = &pt->cgi_list; + + while (*pcgi) { + pcgi = &(*pcgi)->cgi_list; + + cgi_count++; + } + } +#endif + buf += lws_snprintf(buf, end - buf, ",\n \"cgi_alive\":\"%d\"\n ", + cgi_count); + + buf += lws_snprintf(buf, end - buf, "}"); + + + buf += lws_snprintf(buf, end - buf, "]}\n "); + + return buf - orig; +} + +#endif + +#if defined(LWS_WITH_STATS) + +LWS_VISIBLE LWS_EXTERN uint64_t +lws_stats_get(struct lws_context *context, int index) +{ + if (index >= LWSSTATS_SIZE) + return 0; + + return context->lws_stats[index]; +} + +LWS_VISIBLE LWS_EXTERN void +lws_stats_log_dump(struct lws_context *context) +{ + struct lws_vhost *v = context->vhost_list; + int n; + + if (!context->updated) + return; + + context->updated = 0; + + lwsl_notice("\n"); + lwsl_notice("LWS internal statistics dump ----->\n"); + lwsl_notice("LWSSTATS_C_CONNECTIONS: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_CONNECTIONS)); + lwsl_notice("LWSSTATS_C_API_CLOSE: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_API_CLOSE)); + lwsl_notice("LWSSTATS_C_API_READ: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_API_READ)); + lwsl_notice("LWSSTATS_C_API_LWS_WRITE: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_API_LWS_WRITE)); + lwsl_notice("LWSSTATS_C_API_WRITE: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_API_WRITE)); + lwsl_notice("LWSSTATS_C_WRITE_PARTIALS: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_WRITE_PARTIALS)); + lwsl_notice("LWSSTATS_C_WRITEABLE_CB_REQ: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_WRITEABLE_CB_REQ)); + lwsl_notice("LWSSTATS_C_WRITEABLE_CB_EFF_REQ: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_WRITEABLE_CB_EFF_REQ)); + lwsl_notice("LWSSTATS_C_WRITEABLE_CB: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_WRITEABLE_CB)); + lwsl_notice("LWSSTATS_C_SSL_CONNECTIONS_FAILED: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_SSL_CONNECTIONS_FAILED)); + lwsl_notice("LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED)); + lwsl_notice("LWSSTATS_C_SSL_CONNS_HAD_RX: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_SSL_CONNS_HAD_RX)); + + lwsl_notice("LWSSTATS_C_TIMEOUTS: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_TIMEOUTS)); + lwsl_notice("LWSSTATS_C_SERVICE_ENTRY: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_C_SERVICE_ENTRY)); + lwsl_notice("LWSSTATS_B_READ: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_B_READ)); + lwsl_notice("LWSSTATS_B_WRITE: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_B_WRITE)); + lwsl_notice("LWSSTATS_B_PARTIALS_ACCEPTED_PARTS: %8llu\n", (unsigned long long)lws_stats_get(context, LWSSTATS_B_PARTIALS_ACCEPTED_PARTS)); + lwsl_notice("LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY: %8llums\n", (unsigned long long)lws_stats_get(context, LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY) / 1000); + if (lws_stats_get(context, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED)) + lwsl_notice(" Avg accept delay: %8llums\n", + (unsigned long long)(lws_stats_get(context, LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY) / + lws_stats_get(context, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED)) / 1000); + lwsl_notice("LWSSTATS_MS_SSL_RX_DELAY: %8llums\n", (unsigned long long)lws_stats_get(context, LWSSTATS_MS_SSL_RX_DELAY) / 1000); + if (lws_stats_get(context, LWSSTATS_C_SSL_CONNS_HAD_RX)) + lwsl_notice(" Avg accept-rx delay: %8llums\n", + (unsigned long long)(lws_stats_get(context, LWSSTATS_MS_SSL_RX_DELAY) / + lws_stats_get(context, LWSSTATS_C_SSL_CONNS_HAD_RX)) / 1000); + + lwsl_notice("LWSSTATS_MS_WRITABLE_DELAY: %8lluus\n", + (unsigned long long)lws_stats_get(context, LWSSTATS_MS_WRITABLE_DELAY)); + lwsl_notice("LWSSTATS_MS_WORST_WRITABLE_DELAY: %8lluus\n", + (unsigned long long)lws_stats_get(context, LWSSTATS_MS_WORST_WRITABLE_DELAY)); + if (lws_stats_get(context, LWSSTATS_C_WRITEABLE_CB)) + lwsl_notice(" Avg writable delay: %8lluus\n", + (unsigned long long)(lws_stats_get(context, LWSSTATS_MS_WRITABLE_DELAY) / + lws_stats_get(context, LWSSTATS_C_WRITEABLE_CB))); + lwsl_notice("Simultaneous SSL restriction: %8d/%d/%d\n", context->simultaneous_ssl, + context->simultaneous_ssl_restriction, context->ssl_gate_accepts); + + lwsl_notice("Live wsi: %8d\n", context->count_wsi_allocated); + +#if defined(LWS_WITH_STATS) + context->updated = 1; +#endif + + while (v) { + if (v->lserv_wsi) { + + struct lws_context_per_thread *pt = &context->pt[(int)v->lserv_wsi->tsi]; + struct lws_pollfd *pfd; + + pfd = &pt->fds[v->lserv_wsi->position_in_fds_table]; + + lwsl_notice(" Listen port %d actual POLLIN: %d\n", + v->listen_port, (int)pfd->events & LWS_POLLIN); + } + + v = v->vhost_next; + } + + for (n = 0; n < context->count_threads; n++) { + struct lws_context_per_thread *pt = &context->pt[n]; + struct lws *wl; + int m = 0; + + lwsl_notice("PT %d\n", n + 1); + + lws_pt_lock(pt); + + lwsl_notice(" AH in use / max: %d / %d\n", + pt->ah_count_in_use, + context->max_http_header_pool); + + wl = pt->ah_wait_list; + while (wl) { + m++; + wl = wl->u.hdr.ah_wait_list; + } + + lwsl_notice(" AH wait list count / actual: %d / %d\n", + pt->ah_wait_list_length, m); + + lws_pt_unlock(pt); + } + + lwsl_notice("\n"); +} + +void +lws_stats_atomic_bump(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t bump) +{ + lws_pt_lock(pt); + context->lws_stats[index] += bump; + if (index != LWSSTATS_C_SERVICE_ENTRY) + context->updated = 1; + lws_pt_unlock(pt); +} + +void +lws_stats_atomic_max(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t val) +{ + lws_pt_lock(pt); + if (val > context->lws_stats[index]) { + context->lws_stats[index] = val; + context->updated = 1; + } + lws_pt_unlock(pt); +} + +#endif diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h new file mode 100644 index 0000000..66ca787 --- /dev/null +++ b/lib/libwebsockets.h @@ -0,0 +1,5184 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +/** @file */ + +#ifndef LIBWEBSOCKET_H_3060898B846849FF9F88F5DB59B5950C +#define LIBWEBSOCKET_H_3060898B846849FF9F88F5DB59B5950C + +#ifdef __cplusplus +#include +#include +# +extern "C" { +#else +#include +#endif + +#include "lws_config.h" + +/* + * CARE: everything using cmake defines needs to be below here + */ + +#if defined(LWS_WITH_ESP8266) +struct sockaddr_in; +#define LWS_POSIX 0 +#else +#define LWS_POSIX 1 +#endif + +#if defined(LWS_HAS_INTPTR_T) +#include +#define lws_intptr_t intptr_t +#else +typedef unsigned long long lws_intptr_t; +#endif + +#if defined(WIN32) || defined(_WIN32) +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif + +#include +#include +#include +#include +#ifndef _WIN32_WCE +#include +#else +#define _O_RDONLY 0x0000 +#define O_RDONLY _O_RDONLY +#endif + +// Visual studio older than 2015 and WIN_CE has only _stricmp +#if (defined(_MSC_VER) && _MSC_VER < 1900) || defined(_WIN32_WCE) +#define strcasecmp _stricmp +#elif !defined(__MINGW32__) +#define strcasecmp stricmp +#endif +#define getdtablesize() 30000 + +#define LWS_INLINE __inline +#define LWS_VISIBLE +#define LWS_WARN_UNUSED_RESULT +#define LWS_WARN_DEPRECATED +#define LWS_FORMAT(string_index) + +#ifdef LWS_DLL +#ifdef LWS_INTERNAL +#define LWS_EXTERN extern __declspec(dllexport) +#else +#define LWS_EXTERN extern __declspec(dllimport) +#endif +#else +#define LWS_EXTERN +#endif + +#define LWS_INVALID_FILE INVALID_HANDLE_VALUE +#define LWS_O_RDONLY _O_RDONLY +#define LWS_O_WRONLY _O_WRONLY +#define LWS_O_CREAT _O_CREAT +#define LWS_O_TRUNC _O_TRUNC + +#if !defined(__MINGW32__) && (!defined(_MSC_VER) || _MSC_VER < 1900) /* Visual Studio 2015 already defines this in */ +#define lws_snprintf _snprintf +#endif + +#ifndef __func__ +#define __func__ __FUNCTION__ +#endif + +#if !defined(__MINGW32__) &&(!defined(_MSC_VER) || _MSC_VER < 1900) && !defined(snprintf) +#define snprintf(buf,len, format,...) _snprintf_s(buf, len,len, format, __VA_ARGS__) +#endif + +#else /* NOT WIN32 */ +#include +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) +#include +#endif + +#if defined(__NetBSD__) || defined(__FreeBSD__) +#include +#endif + +#define LWS_INLINE inline +#define LWS_O_RDONLY O_RDONLY +#define LWS_O_WRONLY O_WRONLY +#define LWS_O_CREAT O_CREAT +#define LWS_O_TRUNC O_TRUNC + +#if !defined(LWS_WITH_ESP8266) && !defined(OPTEE_TA) && !defined(LWS_WITH_ESP32) +#include +#include +#define LWS_INVALID_FILE -1 +#else +#define getdtablesize() (30) +#if defined(LWS_WITH_ESP32) +#define LWS_INVALID_FILE NULL +#else +#define LWS_INVALID_FILE NULL +#endif +#endif + +#if defined(__GNUC__) + +/* warn_unused_result attribute only supported by GCC 3.4 or later */ +#if __GNUC__ >= 4 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) +#define LWS_WARN_UNUSED_RESULT __attribute__((warn_unused_result)) +#else +#define LWS_WARN_UNUSED_RESULT +#endif + +#define LWS_VISIBLE __attribute__((visibility("default"))) +#define LWS_WARN_DEPRECATED __attribute__ ((deprecated)) +#define LWS_FORMAT(string_index) __attribute__ ((format(printf, string_index, string_index+1))) +#else +#define LWS_VISIBLE +#define LWS_WARN_UNUSED_RESULT +#define LWS_WARN_DEPRECATED +#define LWS_FORMAT(string_index) +#endif + +#if defined(__ANDROID__) +#include +#define getdtablesize() sysconf(_SC_OPEN_MAX) +#endif + +#endif + +#ifdef LWS_USE_LIBEV +#include +#endif /* LWS_USE_LIBEV */ +#ifdef LWS_USE_LIBUV +#include +#ifdef LWS_HAVE_UV_VERSION_H +#include +#endif +#endif /* LWS_USE_LIBUV */ +#ifdef LWS_USE_LIBEVENT +#include +#endif /* LWS_USE_LIBEVENT */ + +#ifndef LWS_EXTERN +#define LWS_EXTERN extern +#endif + +#ifdef _WIN32 +#define random rand +#else +#if !defined(OPTEE_TA) +#include +#include +#endif +#endif + +#ifdef LWS_OPENSSL_SUPPORT + +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL +#include +#include +#else +#include +#include +#endif /* not USE_OLD_CYASSL */ +#else +#include +#if !defined(LWS_WITH_ESP32) +#include +#endif +#endif /* not USE_WOLFSSL */ +#endif + + +#define CONTEXT_PORT_NO_LISTEN -1 +#define CONTEXT_PORT_NO_LISTEN_SERVER -2 + +/** \defgroup log Logging + * + * ##Logging + * + * Lws provides flexible and filterable logging facilities, which can be + * used inside lws and in user code. + * + * Log categories may be individually filtered bitwise, and directed to built-in + * sinks for syslog-compatible logging, or a user-defined function. + */ +///@{ + +enum lws_log_levels { + LLL_ERR = 1 << 0, + LLL_WARN = 1 << 1, + LLL_NOTICE = 1 << 2, + LLL_INFO = 1 << 3, + LLL_DEBUG = 1 << 4, + LLL_PARSER = 1 << 5, + LLL_HEADER = 1 << 6, + LLL_EXT = 1 << 7, + LLL_CLIENT = 1 << 8, + LLL_LATENCY = 1 << 9, + LLL_USER = 1 << 10, + + LLL_COUNT = 11 /* set to count of valid flags */ +}; + +LWS_VISIBLE LWS_EXTERN void _lws_log(int filter, const char *format, ...) LWS_FORMAT(2); +LWS_VISIBLE LWS_EXTERN void _lws_logv(int filter, const char *format, va_list vl); +/** + * lwsl_timestamp: generate logging timestamp string + * + * \param level: logging level + * \param p: char * buffer to take timestamp + * \param len: length of p + * + * returns length written in p + */ +LWS_VISIBLE LWS_EXTERN int +lwsl_timestamp(int level, char *p, int len); + +/* these guys are unconditionally included */ + +#define lwsl_err(...) _lws_log(LLL_ERR, __VA_ARGS__) +#define lwsl_user(...) _lws_log(LLL_USER, __VA_ARGS__) + +#if !defined(LWS_WITH_NO_LOGS) +/* notice and warn are usually included by being compiled in */ +#define lwsl_warn(...) _lws_log(LLL_WARN, __VA_ARGS__) +#define lwsl_notice(...) _lws_log(LLL_NOTICE, __VA_ARGS__) +#endif +/* + * weaker logging can be deselected by telling CMake to build in RELEASE mode + * that gets rid of the overhead of checking while keeping _warn and _err + * active + */ + +#if defined(LWS_WITH_ESP8266) +#undef _DEBUG +#endif + +#ifdef _DEBUG +#if defined(LWS_WITH_NO_LOGS) +/* notice, warn and log are always compiled in */ +#define lwsl_warn(...) _lws_log(LLL_WARN, __VA_ARGS__) +#define lwsl_notice(...) _lws_log(LLL_NOTICE, __VA_ARGS__) +#endif +#define lwsl_info(...) _lws_log(LLL_INFO, __VA_ARGS__) +#define lwsl_debug(...) _lws_log(LLL_DEBUG, __VA_ARGS__) +#define lwsl_parser(...) _lws_log(LLL_PARSER, __VA_ARGS__) +#define lwsl_header(...) _lws_log(LLL_HEADER, __VA_ARGS__) +#define lwsl_ext(...) _lws_log(LLL_EXT, __VA_ARGS__) +#define lwsl_client(...) _lws_log(LLL_CLIENT, __VA_ARGS__) +#define lwsl_latency(...) _lws_log(LLL_LATENCY, __VA_ARGS__) +/** + * lwsl_hexdump() - helper to hexdump a buffer (DEBUG builds only) + * + * \param buf: buffer start to dump + * \param len: length of buffer to dump + */ +LWS_VISIBLE LWS_EXTERN void lwsl_hexdump(void *buf, size_t len); + +#else /* no debug */ +#if defined(LWS_WITH_NO_LOGS) +#define lwsl_warn(...) do {} while(0) +#define lwsl_notice(...) do {} while(0) +#endif +#define lwsl_info(...) do {} while(0) +#define lwsl_debug(...) do {} while(0) +#define lwsl_parser(...) do {} while(0) +#define lwsl_header(...) do {} while(0) +#define lwsl_ext(...) do {} while(0) +#define lwsl_client(...) do {} while(0) +#define lwsl_latency(...) do {} while(0) +#define lwsl_hexdump(a, b) + +#endif + +static LWS_INLINE int lws_is_be(void) { + const int probe = ~0xff; + + return *(const char *)&probe; +} + +/** + * lws_set_log_level() - Set the logging bitfield + * \param level: OR together the LLL_ debug contexts you want output from + * \param log_emit_function: NULL to leave it as it is, or a user-supplied + * function to perform log string emission instead of + * the default stderr one. + * + * log level defaults to "err", "warn" and "notice" contexts enabled and + * emission on stderr. + */ +LWS_VISIBLE LWS_EXTERN void +lws_set_log_level(int level, + void (*log_emit_function)(int level, const char *line)); + +/** + * lwsl_emit_syslog() - helper log emit function writes to system log + * + * \param level: one of LLL_ log level indexes + * \param line: log string + * + * You use this by passing the function pointer to lws_set_log_level(), to set + * it as the log emit function, it is not called directly. + */ +LWS_VISIBLE LWS_EXTERN void +lwsl_emit_syslog(int level, const char *line); + +/** + * lwsl_visible() - returns true if the log level should be printed + * + * \param level: one of LLL_ log level indexes + * + * This is useful if you have to do work to generate the log content, you + * can skip the work if the log level used to print it is not actually + * enabled at runtime. + */ +LWS_VISIBLE LWS_EXTERN int +lwsl_visible(int level); + +///@} + + +#include + +#ifndef lws_container_of +#define lws_container_of(P,T,M) ((T *)((char *)(P) - offsetof(T, M))) +#endif + + +struct lws; +#ifndef ARRAY_SIZE +#define ARRAY_SIZE(x) (sizeof(x) / sizeof(x[0])) +#endif + +/* api change list for user code to test against */ + +#define LWS_FEATURE_SERVE_HTTP_FILE_HAS_OTHER_HEADERS_ARG + +/* the struct lws_protocols has the id field present */ +#define LWS_FEATURE_PROTOCOLS_HAS_ID_FIELD + +/* you can call lws_get_peer_write_allowance */ +#define LWS_FEATURE_PROTOCOLS_HAS_PEER_WRITE_ALLOWANCE + +/* extra parameter introduced in 917f43ab821 */ +#define LWS_FEATURE_SERVE_HTTP_FILE_HAS_OTHER_HEADERS_LEN + +/* File operations stuff exists */ +#define LWS_FEATURE_FOPS + + +#if defined(_WIN32) +typedef SOCKET lws_sockfd_type; +typedef HANDLE lws_filefd_type; +#define lws_sockfd_valid(sfd) (!!sfd) +struct lws_pollfd { + lws_sockfd_type fd; /**< file descriptor */ + SHORT events; /**< which events to respond to */ + SHORT revents; /**< which events happened */ +}; +#define LWS_POLLHUP (FD_CLOSE) +#define LWS_POLLIN (FD_READ | FD_ACCEPT) +#define LWS_POLLOUT (FD_WRITE) +#else + + +#if defined(LWS_WITH_ESP8266) + +#include +#include + +typedef struct espconn * lws_sockfd_type; +typedef void * lws_filefd_type; +#define lws_sockfd_valid(sfd) (!!sfd) +struct pollfd { + lws_sockfd_type fd; /**< fd related to */ + short events; /**< which POLL... events to respond to */ + short revents; /**< which POLL... events occurred */ +}; +#define POLLIN 0x0001 +#define POLLPRI 0x0002 +#define POLLOUT 0x0004 +#define POLLERR 0x0008 +#define POLLHUP 0x0010 +#define POLLNVAL 0x0020 + +struct lws_vhost; + +lws_sockfd_type esp8266_create_tcp_listen_socket(struct lws_vhost *vh); +void esp8266_tcp_stream_accept(lws_sockfd_type fd, struct lws *wsi); + +#include +#include +#include "ets_sys.h" + +int ets_snprintf(char *str, size_t size, const char *format, ...) LWS_FORMAT(3); +#define snprintf ets_snprintf + +typedef os_timer_t uv_timer_t; +typedef void uv_cb_t(uv_timer_t *); + +void os_timer_disarm(void *); +void os_timer_setfn(os_timer_t *, os_timer_func_t *, void *); + +void ets_timer_arm_new(os_timer_t *, int, int, int); + +//void os_timer_arm(os_timer_t *, int, int); + +#define UV_VERSION_MAJOR 1 + +#define lws_uv_getloop(a, b) (NULL) + +static inline void uv_timer_init(void *l, uv_timer_t *t) +{ + (void)l; + memset(t, 0, sizeof(*t)); + os_timer_disarm(t); +} + +static inline void uv_timer_start(uv_timer_t *t, uv_cb_t *cb, int first, int rep) +{ + os_timer_setfn(t, (os_timer_func_t *)cb, t); + /* ms, repeat */ + os_timer_arm(t, first, !!rep); +} + +static inline void uv_timer_stop(uv_timer_t *t) +{ + os_timer_disarm(t); +} + +#else +#if defined(LWS_WITH_ESP32) + +typedef int lws_sockfd_type; +typedef int lws_filefd_type; +#define lws_sockfd_valid(sfd) (sfd >= 0) +struct pollfd { + lws_sockfd_type fd; /**< fd related to */ + short events; /**< which POLL... events to respond to */ + short revents; /**< which POLL... events occurred */ +}; +#define POLLIN 0x0001 +#define POLLPRI 0x0002 +#define POLLOUT 0x0004 +#define POLLERR 0x0008 +#define POLLHUP 0x0010 +#define POLLNVAL 0x0020 + +#include +#include +#include +#include "esp_wifi.h" +#include "esp_system.h" +#include "esp_event.h" +#include "esp_event_loop.h" +#include "nvs.h" +#include "driver/gpio.h" +#include "esp_spi_flash.h" +#include "freertos/timers.h" + +#if !defined(CONFIG_FREERTOS_HZ) +#define CONFIG_FREERTOS_HZ 100 +#endif + +typedef TimerHandle_t uv_timer_t; +typedef void uv_cb_t(uv_timer_t *); +typedef void * uv_handle_t; + +struct timer_mapping { + uv_cb_t *cb; + uv_timer_t *t; +}; + +#define UV_VERSION_MAJOR 1 + +#define lws_uv_getloop(a, b) (NULL) + +static inline void uv_timer_init(void *l, uv_timer_t *t) +{ + (void)l; + *t = NULL; +} + +extern void esp32_uvtimer_cb(TimerHandle_t t); + +static inline void uv_timer_start(uv_timer_t *t, uv_cb_t *cb, int first, int rep) +{ + struct timer_mapping *tm = (struct timer_mapping *)malloc(sizeof(*tm)); + + if (!tm) + return; + + tm->t = t; + tm->cb = cb; + + *t = xTimerCreate("x", pdMS_TO_TICKS(first), !!rep, tm, + (TimerCallbackFunction_t)esp32_uvtimer_cb); + xTimerStart(*t, 0); +} + +static inline void uv_timer_stop(uv_timer_t *t) +{ + xTimerStop(*t, 0); +} + +static inline void uv_close(uv_handle_t *h, void *v) +{ + free(pvTimerGetTimerID((uv_timer_t)h)); + xTimerDelete(*(uv_timer_t *)h, 0); +} + +/* ESP32 helper declarations */ + +#include +#include + +#define LWS_PLUGIN_STATIC +#define LWS_MAGIC_REBOOT_TYPE_ADS 0x50001ffc +#define LWS_MAGIC_REBOOT_TYPE_REQ_FACTORY 0xb00bcafe +#define LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY 0xfaceb00b +#define LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY_BUTTON 0xf0cedfac + + +/* user code provides these */ + +extern void +lws_esp32_identify_physical_device(void); + +/* lws-plat-esp32 provides these */ + +typedef void (*lws_cb_scan_done)(uint16_t count, wifi_ap_record_t *recs, void *arg); + +enum genled_state { + LWSESP32_GENLED__INIT, + LWSESP32_GENLED__LOST_NETWORK, + LWSESP32_GENLED__NO_NETWORK, + LWSESP32_GENLED__CONN_AP, + LWSESP32_GENLED__GOT_IP, + LWSESP32_GENLED__OK, +}; + +struct lws_group_member { + struct lws_group_member *next; + uint64_t last_seen; + char model[16]; + char role[16]; + char host[32]; + char mac[20]; + int width, height; + struct ip4_addr addr; + struct ip6_addr addrv6; + uint8_t flags; +}; + +#define LWS_SYSTEM_GROUP_MEMBER_ADD 1 +#define LWS_SYSTEM_GROUP_MEMBER_CHANGE 2 +#define LWS_SYSTEM_GROUP_MEMBER_REMOVE 3 + +#define LWS_GROUP_FLAG_SELF 1 + +struct lws_esp32 { + char sta_ip[16]; + char sta_mask[16]; + char sta_gw[16]; + char serial[16]; + char opts[16]; + char model[16]; + char group[16]; + char role[16]; + char ssid[4][16]; + char password[4][32]; + char active_ssid[32]; + char access_pw[16]; + char hostname[32]; + char mac[20]; + mdns_server_t *mdns; + char region; + char inet; + char conn_ap; + + enum genled_state genled; + uint64_t genled_t; + + lws_cb_scan_done scan_consumer; + void *scan_consumer_arg; + struct lws_group_member *first; + int extant_group_members; +}; + +struct lws_esp32_image { + uint32_t romfs; + uint32_t romfs_len; + uint32_t json; + uint32_t json_len; +}; + +extern struct lws_esp32 lws_esp32; + +extern esp_err_t +lws_esp32_event_passthru(void *ctx, system_event_t *event); +extern void +lws_esp32_wlan_config(void); +extern void +lws_esp32_wlan_start_ap(void); +extern void +lws_esp32_wlan_start_station(void); +struct lws_context_creation_info; +extern void +lws_esp32_set_creation_defaults(struct lws_context_creation_info *info); +extern struct lws_context * +lws_esp32_init(struct lws_context_creation_info *); +extern int +lws_esp32_wlan_nvs_get(int retry); +extern esp_err_t +lws_nvs_set_str(nvs_handle handle, const char* key, const char* value); +extern void +lws_esp32_restart_guided(uint32_t type); +extern const esp_partition_t * +lws_esp_ota_get_boot_partition(void); +extern int +lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i, char *json, int json_len); +extern int +lws_esp32_leds_network_indication(void); + +extern uint32_t lws_esp32_get_reboot_type(void); +extern uint16_t lws_esp32_sine_interp(int n); + +/* required in external code by esp32 plat (may just return if no leds) */ +extern void lws_esp32_leds_timer_cb(TimerHandle_t th); +#else +typedef int lws_sockfd_type; +typedef int lws_filefd_type; +#define lws_sockfd_valid(sfd) (sfd >= 0) +#endif +#endif + +#define lws_pollfd pollfd +#define LWS_POLLHUP (POLLHUP|POLLERR) +#define LWS_POLLIN (POLLIN) +#define LWS_POLLOUT (POLLOUT) +#endif + + +#if (defined(WIN32) || defined(_WIN32)) && !defined(__MINGW32__) +/* ... */ +#define ssize_t SSIZE_T +#endif + +#if defined(WIN32) && defined(LWS_HAVE__STAT32I64) +#include +#include +#endif + +#if defined(LWS_HAVE_STDINT_H) +#include +#else +#if defined(WIN32) || defined(_WIN32) +/* !!! >:-[ */ +typedef unsigned __int32 uint32_t; +typedef unsigned __int16 uint16_t; +typedef unsigned __int8 uint8_t; +#else +typedef unsigned int uint32_t; +typedef unsigned short uint16_t; +typedef unsigned char uint8_t; +#endif +#endif + +typedef unsigned long long lws_filepos_t; +typedef long long lws_fileofs_t; +typedef uint32_t lws_fop_flags_t; + +/** struct lws_pollargs - argument structure for all external poll related calls + * passed in via 'in' */ +struct lws_pollargs { + lws_sockfd_type fd; /**< applicable socket descriptor */ + int events; /**< the new event mask */ + int prev_events; /**< the previous event mask */ +}; + +struct lws_tokens; +struct lws_token_limits; + +/*! \defgroup wsclose Websocket Close + * + * ##Websocket close frame control + * + * When we close a ws connection, we can send a reason code and a short + * UTF-8 description back with the close packet. + */ +///@{ + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +/** enum lws_close_status - RFC6455 close status codes */ +enum lws_close_status { + LWS_CLOSE_STATUS_NOSTATUS = 0, + LWS_CLOSE_STATUS_NORMAL = 1000, + /**< 1000 indicates a normal closure, meaning that the purpose for + which the connection was established has been fulfilled. */ + LWS_CLOSE_STATUS_GOINGAWAY = 1001, + /**< 1001 indicates that an endpoint is "going away", such as a server + going down or a browser having navigated away from a page. */ + LWS_CLOSE_STATUS_PROTOCOL_ERR = 1002, + /**< 1002 indicates that an endpoint is terminating the connection due + to a protocol error. */ + LWS_CLOSE_STATUS_UNACCEPTABLE_OPCODE = 1003, + /**< 1003 indicates that an endpoint is terminating the connection + because it has received a type of data it cannot accept (e.g., an + endpoint that understands only text data MAY send this if it + receives a binary message). */ + LWS_CLOSE_STATUS_RESERVED = 1004, + /**< Reserved. The specific meaning might be defined in the future. */ + LWS_CLOSE_STATUS_NO_STATUS = 1005, + /**< 1005 is a reserved value and MUST NOT be set as a status code in a + Close control frame by an endpoint. It is designated for use in + applications expecting a status code to indicate that no status + code was actually present. */ + LWS_CLOSE_STATUS_ABNORMAL_CLOSE = 1006, + /**< 1006 is a reserved value and MUST NOT be set as a status code in a + Close control frame by an endpoint. It is designated for use in + applications expecting a status code to indicate that the + connection was closed abnormally, e.g., without sending or + receiving a Close control frame. */ + LWS_CLOSE_STATUS_INVALID_PAYLOAD = 1007, + /**< 1007 indicates that an endpoint is terminating the connection + because it has received data within a message that was not + consistent with the type of the message (e.g., non-UTF-8 [RFC3629] + data within a text message). */ + LWS_CLOSE_STATUS_POLICY_VIOLATION = 1008, + /**< 1008 indicates that an endpoint is terminating the connection + because it has received a message that violates its policy. This + is a generic status code that can be returned when there is no + other more suitable status code (e.g., 1003 or 1009) or if there + is a need to hide specific details about the policy. */ + LWS_CLOSE_STATUS_MESSAGE_TOO_LARGE = 1009, + /**< 1009 indicates that an endpoint is terminating the connection + because it has received a message that is too big for it to + process. */ + LWS_CLOSE_STATUS_EXTENSION_REQUIRED = 1010, + /**< 1010 indicates that an endpoint (client) is terminating the + connection because it has expected the server to negotiate one or + more extension, but the server didn't return them in the response + message of the WebSocket handshake. The list of extensions that + are needed SHOULD appear in the /reason/ part of the Close frame. + Note that this status code is not used by the server, because it + can fail the WebSocket handshake instead */ + LWS_CLOSE_STATUS_UNEXPECTED_CONDITION = 1011, + /**< 1011 indicates that a server is terminating the connection because + it encountered an unexpected condition that prevented it from + fulfilling the request. */ + LWS_CLOSE_STATUS_TLS_FAILURE = 1015, + /**< 1015 is a reserved value and MUST NOT be set as a status code in a + Close control frame by an endpoint. It is designated for use in + applications expecting a status code to indicate that the + connection was closed due to a failure to perform a TLS handshake + (e.g., the server certificate can't be verified). */ + + /****** add new things just above ---^ ******/ + + LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY = 9999, +}; + +/** + * lws_close_reason - Set reason and aux data to send with Close packet + * If you are going to return nonzero from the callback + * requesting the connection to close, you can optionally + * call this to set the reason the peer will be told if + * possible. + * + * \param wsi: The websocket connection to set the close reason on + * \param status: A valid close status from websocket standard + * \param buf: NULL or buffer containing up to 124 bytes of auxiliary data + * \param len: Length of data in \param buf to send + */ +LWS_VISIBLE LWS_EXTERN void +lws_close_reason(struct lws *wsi, enum lws_close_status status, + unsigned char *buf, size_t len); + +///@} + +struct lws; +struct lws_context; +/* needed even with extensions disabled for create context */ +struct lws_extension; + +/*! \defgroup lwsmeta lws-meta + * + * ##lws-meta protocol + * + * The protocol wraps other muxed connections inside one tcp connection. + * + * Commands are assigned from 0x41 up (so they are valid unicode) + */ +///@{ + +enum lws_meta_commands { + LWS_META_CMD_OPEN_SUBCHANNEL = 'A', + /**< Client requests to open new subchannel + */ + LWS_META_CMD_OPEN_RESULT, + /**< Result of client request to open new subchannel */ + LWS_META_CMD_CLOSE_NOTIFY, + /**< Notification of subchannel closure */ + LWS_META_CMD_CLOSE_RQ, + /**< client requests to close a subchannel */ + LWS_META_CMD_WRITE, + /**< connection writes something to specific channel index */ + + /****** add new things just above ---^ ******/ +}; + +/* channel numbers are transported offset by 0x20 so they are valid unicode */ + +#define LWS_META_TRANSPORT_OFFSET 0x20 + +///@} + +/*! \defgroup usercb User Callback + * + * ##User protocol callback + * + * The protocol callback is the primary way lws interacts with + * user code. For one of a list of a few dozen reasons the callback gets + * called at some event to be handled. + * + * All of the events can be ignored, returning 0 is taken as "OK" and returning + * nonzero in most cases indicates that the connection should be closed. + */ +///@{ + +struct lws_ssl_info { + int where; + int ret; +}; + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +/** enum lws_callback_reasons - reason you're getting a protocol callback */ +enum lws_callback_reasons { + LWS_CALLBACK_ESTABLISHED = 0, + /**< (VH) after the server completes a handshake with an incoming + * client. If you built the library with ssl support, in is a + * pointer to the ssl struct associated with the connection or NULL.*/ + LWS_CALLBACK_CLIENT_CONNECTION_ERROR = 1, + /**< the request client connection has been unable to complete a + * handshake with the remote server. If in is non-NULL, you can + * find an error string of length len where it points to + * + * Diagnostic strings that may be returned include + * + * "getaddrinfo (ipv6) failed" + * "unknown address family" + * "getaddrinfo (ipv4) failed" + * "set socket opts failed" + * "insert wsi failed" + * "lws_ssl_client_connect1 failed" + * "lws_ssl_client_connect2 failed" + * "Peer hung up" + * "read failed" + * "HS: URI missing" + * "HS: Redirect code but no Location" + * "HS: URI did not parse" + * "HS: Redirect failed" + * "HS: Server did not return 200" + * "HS: OOM" + * "HS: disallowed by client filter" + * "HS: disallowed at ESTABLISHED" + * "HS: ACCEPT missing" + * "HS: ws upgrade response not 101" + * "HS: UPGRADE missing" + * "HS: Upgrade to something other than websocket" + * "HS: CONNECTION missing" + * "HS: UPGRADE malformed" + * "HS: PROTOCOL malformed" + * "HS: Cannot match protocol" + * "HS: EXT: list too big" + * "HS: EXT: failed setting defaults" + * "HS: EXT: failed parsing defaults" + * "HS: EXT: failed parsing options" + * "HS: EXT: Rejects server options" + * "HS: EXT: unknown ext" + * "HS: Accept hash wrong" + * "HS: Rejected by filter cb" + * "HS: OOM" + * "HS: SO_SNDBUF failed" + * "HS: Rejected at CLIENT_ESTABLISHED" + */ + LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH = 2, + /**< this is the last chance for the client user code to examine the + * http headers and decide to reject the connection. If the + * content in the headers is interesting to the + * client (url, etc) it needs to copy it out at + * this point since it will be destroyed before + * the CLIENT_ESTABLISHED call */ + LWS_CALLBACK_CLIENT_ESTABLISHED = 3, + /**< after your client connection completed + * a handshake with the remote server */ + LWS_CALLBACK_CLOSED = 4, + /**< when the websocket session ends */ + LWS_CALLBACK_CLOSED_HTTP = 5, + /**< when a HTTP (non-websocket) session ends */ + LWS_CALLBACK_RECEIVE = 6, + /**< data has appeared for this server endpoint from a + * remote client, it can be found at *in and is + * len bytes long */ + LWS_CALLBACK_RECEIVE_PONG = 7, + /**< servers receive PONG packets with this callback reason */ + LWS_CALLBACK_CLIENT_RECEIVE = 8, + /**< data has appeared from the server for the client connection, it + * can be found at *in and is len bytes long */ + LWS_CALLBACK_CLIENT_RECEIVE_PONG = 9, + /**< clients receive PONG packets with this callback reason */ + LWS_CALLBACK_CLIENT_WRITEABLE = 10, + /**< If you call lws_callback_on_writable() on a connection, you will + * get one of these callbacks coming when the connection socket + * is able to accept another write packet without blocking. + * If it already was able to take another packet without blocking, + * you'll get this callback at the next call to the service loop + * function. Notice that CLIENTs get LWS_CALLBACK_CLIENT_WRITEABLE + * and servers get LWS_CALLBACK_SERVER_WRITEABLE. */ + LWS_CALLBACK_SERVER_WRITEABLE = 11, + /**< See LWS_CALLBACK_CLIENT_WRITEABLE */ + LWS_CALLBACK_HTTP = 12, + /**< an http request has come from a client that is not + * asking to upgrade the connection to a websocket + * one. This is a chance to serve http content, + * for example, to send a script to the client + * which will then open the websockets connection. + * in points to the URI path requested and + * lws_serve_http_file() makes it very + * simple to send back a file to the client. + * Normally after sending the file you are done + * with the http connection, since the rest of the + * activity will come by websockets from the script + * that was delivered by http, so you will want to + * return 1; to close and free up the connection. */ + LWS_CALLBACK_HTTP_BODY = 13, + /**< the next len bytes data from the http + * request body HTTP connection is now available in in. */ + LWS_CALLBACK_HTTP_BODY_COMPLETION = 14, + /**< the expected amount of http request body has been delivered */ + LWS_CALLBACK_HTTP_FILE_COMPLETION = 15, + /**< a file requested to be sent down http link has completed. */ + LWS_CALLBACK_HTTP_WRITEABLE = 16, + /**< you can write more down the http protocol link now. */ + LWS_CALLBACK_FILTER_NETWORK_CONNECTION = 17, + /**< called when a client connects to + * the server at network level; the connection is accepted but then + * passed to this callback to decide whether to hang up immediately + * or not, based on the client IP. in contains the connection + * socket's descriptor. Since the client connection information is + * not available yet, wsi still pointing to the main server socket. + * Return non-zero to terminate the connection before sending or + * receiving anything. Because this happens immediately after the + * network connection from the client, there's no websocket protocol + * selected yet so this callback is issued only to protocol 0. */ + LWS_CALLBACK_FILTER_HTTP_CONNECTION = 18, + /**< called when the request has + * been received and parsed from the client, but the response is + * not sent yet. Return non-zero to disallow the connection. + * user is a pointer to the connection user space allocation, + * in is the URI, eg, "/" + * In your handler you can use the public APIs + * lws_hdr_total_length() / lws_hdr_copy() to access all of the + * headers using the header enums lws_token_indexes from + * libwebsockets.h to check for and read the supported header + * presence and content before deciding to allow the http + * connection to proceed or to kill the connection. */ + LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED = 19, + /**< A new client just had + * been connected, accepted, and instantiated into the pool. This + * callback allows setting any relevant property to it. Because this + * happens immediately after the instantiation of a new client, + * there's no websocket protocol selected yet so this callback is + * issued only to protocol 0. Only wsi is defined, pointing to the + * new client, and the return value is ignored. */ + LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION = 20, + /**< called when the handshake has + * been received and parsed from the client, but the response is + * not sent yet. Return non-zero to disallow the connection. + * user is a pointer to the connection user space allocation, + * in is the requested protocol name + * In your handler you can use the public APIs + * lws_hdr_total_length() / lws_hdr_copy() to access all of the + * headers using the header enums lws_token_indexes from + * libwebsockets.h to check for and read the supported header + * presence and content before deciding to allow the handshake + * to proceed or to kill the connection. */ + LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS = 21, + /**< if configured for + * including OpenSSL support, this callback allows your user code + * to perform extra SSL_CTX_load_verify_locations() or similar + * calls to direct OpenSSL where to find certificates the client + * can use to confirm the remote server identity. user is the + * OpenSSL SSL_CTX* */ + LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS = 22, + /**< if configured for + * including OpenSSL support, this callback allows your user code + * to load extra certifcates into the server which allow it to + * verify the validity of certificates returned by clients. user + * is the server's OpenSSL SSL_CTX* */ + LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION = 23, + /**< if the libwebsockets vhost was created with the option + * LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT, then this + * callback is generated during OpenSSL verification of the cert + * sent from the client. It is sent to protocol[0] callback as + * no protocol has been negotiated on the connection yet. + * Notice that the libwebsockets context and wsi are both NULL + * during this callback. See + * http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html + * to understand more detail about the OpenSSL callback that + * generates this libwebsockets callback and the meanings of the + * arguments passed. In this callback, user is the x509_ctx, + * in is the ssl pointer and len is preverify_ok + * Notice that this callback maintains libwebsocket return + * conventions, return 0 to mean the cert is OK or 1 to fail it. + * This also means that if you don't handle this callback then + * the default callback action of returning 0 allows the client + * certificates. */ + LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER = 24, + /**< this callback happens + * when a client handshake is being compiled. user is NULL, + * in is a char **, it's pointing to a char * which holds the + * next location in the header buffer where you can add + * headers, and len is the remaining space in the header buffer, + * which is typically some hundreds of bytes. So, to add a canned + * cookie, your handler code might look similar to: + * + * char **p = (char **)in; + * + * if (len < 100) + * return 1; + * + * *p += sprintf(*p, "Cookie: a=b\x0d\x0a"); + * + * return 0; + * + * Notice if you add anything, you just have to take care about + * the CRLF on the line you added. Obviously this callback is + * optional, if you don't handle it everything is fine. + * + * Notice the callback is coming to protocols[0] all the time, + * because there is no specific protocol negotiated yet. */ + LWS_CALLBACK_CONFIRM_EXTENSION_OKAY = 25, + /**< When the server handshake code + * sees that it does support a requested extension, before + * accepting the extension by additing to the list sent back to + * the client it gives this callback just to check that it's okay + * to use that extension. It calls back to the requested protocol + * and with in being the extension name, len is 0 and user is + * valid. Note though at this time the ESTABLISHED callback hasn't + * happened yet so if you initialize user content there, user + * content during this callback might not be useful for anything. */ + LWS_CALLBACK_CLIENT_CONFIRM_EXTENSION_SUPPORTED = 26, + /**< When a client + * connection is being prepared to start a handshake to a server, + * each supported extension is checked with protocols[0] callback + * with this reason, giving the user code a chance to suppress the + * claim to support that extension by returning non-zero. If + * unhandled, by default 0 will be returned and the extension + * support included in the header to the server. Notice this + * callback comes to protocols[0]. */ + LWS_CALLBACK_PROTOCOL_INIT = 27, + /**< One-time call per protocol, per-vhost using it, so it can + * do initial setup / allocations etc */ + LWS_CALLBACK_PROTOCOL_DESTROY = 28, + /**< One-time call per protocol, per-vhost using it, indicating + * this protocol won't get used at all after this callback, the + * vhost is getting destroyed. Take the opportunity to + * deallocate everything that was allocated by the protocol. */ + LWS_CALLBACK_WSI_CREATE = 29, + /**< outermost (earliest) wsi create notification to protocols[0] */ + LWS_CALLBACK_WSI_DESTROY = 30, + /**< outermost (latest) wsi destroy notification to protocols[0] */ + LWS_CALLBACK_GET_THREAD_ID = 31, + /**< lws can accept callback when writable requests from other + * threads, if you implement this callback and return an opaque + * current thread ID integer. */ + + /* external poll() management support */ + LWS_CALLBACK_ADD_POLL_FD = 32, + /**< lws normally deals with its poll() or other event loop + * internally, but in the case you are integrating with another + * server you will need to have lws sockets share a + * polling array with the other server. This and the other + * POLL_FD related callbacks let you put your specialized + * poll array interface code in the callback for protocol 0, the + * first protocol you support, usually the HTTP protocol in the + * serving case. + * This callback happens when a socket needs to be + * added to the polling loop: in points to a struct + * lws_pollargs; the fd member of the struct is the file + * descriptor, and events contains the active events + * + * If you are using the internal lws polling / event loop + * you can just ignore these callbacks. */ + LWS_CALLBACK_DEL_POLL_FD = 33, + /**< This callback happens when a socket descriptor + * needs to be removed from an external polling array. in is + * again the struct lws_pollargs containing the fd member + * to be removed. If you are using the internal polling + * loop, you can just ignore it. */ + LWS_CALLBACK_CHANGE_MODE_POLL_FD = 34, + /**< This callback happens when lws wants to modify the events for + * a connection. + * in is the struct lws_pollargs with the fd to change. + * The new event mask is in events member and the old mask is in + * the prev_events member. + * If you are using the internal polling loop, you can just ignore + * it. */ + LWS_CALLBACK_LOCK_POLL = 35, + /**< These allow the external poll changes driven + * by lws to participate in an external thread locking + * scheme around the changes, so the whole thing is threadsafe. + * These are called around three activities in the library, + * - inserting a new wsi in the wsi / fd table (len=1) + * - deleting a wsi from the wsi / fd table (len=1) + * - changing a wsi's POLLIN/OUT state (len=0) + * Locking and unlocking external synchronization objects when + * len == 1 allows external threads to be synchronized against + * wsi lifecycle changes if it acquires the same lock for the + * duration of wsi dereference from the other thread context. */ + LWS_CALLBACK_UNLOCK_POLL = 36, + /**< See LWS_CALLBACK_LOCK_POLL, ignore if using lws internal poll */ + + LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY = 37, + /**< if configured for including OpenSSL support but no private key + * file has been specified (ssl_private_key_filepath is NULL), this is + * called to allow the user to set the private key directly via + * libopenssl and perform further operations if required; this might be + * useful in situations where the private key is not directly accessible + * by the OS, for example if it is stored on a smartcard. + * user is the server's OpenSSL SSL_CTX* */ + LWS_CALLBACK_WS_PEER_INITIATED_CLOSE = 38, + /**< The peer has sent an unsolicited Close WS packet. in and + * len are the optional close code (first 2 bytes, network + * order) and the optional additional information which is not + * defined in the standard, and may be a string or non-human- readable data. + * If you return 0 lws will echo the close and then close the + * connection. If you return nonzero lws will just close the + * connection. */ + + LWS_CALLBACK_WS_EXT_DEFAULTS = 39, + /**< */ + + LWS_CALLBACK_CGI = 40, + /**< */ + LWS_CALLBACK_CGI_TERMINATED = 41, + /**< */ + LWS_CALLBACK_CGI_STDIN_DATA = 42, + /**< */ + LWS_CALLBACK_CGI_STDIN_COMPLETED = 43, + /**< */ + LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP = 44, + /**< */ + LWS_CALLBACK_CLOSED_CLIENT_HTTP = 45, + /**< */ + LWS_CALLBACK_RECEIVE_CLIENT_HTTP = 46, + /**< */ + LWS_CALLBACK_COMPLETED_CLIENT_HTTP = 47, + /**< */ + LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ = 48, + /**< */ + LWS_CALLBACK_HTTP_BIND_PROTOCOL = 49, + /**< */ + LWS_CALLBACK_HTTP_DROP_PROTOCOL = 50, + /**< */ + LWS_CALLBACK_CHECK_ACCESS_RIGHTS = 51, + /**< */ + LWS_CALLBACK_PROCESS_HTML = 52, + /**< */ + LWS_CALLBACK_ADD_HEADERS = 53, + /**< */ + LWS_CALLBACK_SESSION_INFO = 54, + /**< */ + + LWS_CALLBACK_GS_EVENT = 55, + /**< */ + LWS_CALLBACK_HTTP_PMO = 56, + /**< per-mount options for this connection, called before + * the normal LWS_CALLBACK_HTTP when the mount has per-mount + * options + */ + LWS_CALLBACK_CLIENT_HTTP_WRITEABLE = 57, + /**< when doing an HTTP type client connection, you can call + * lws_client_http_body_pending(wsi, 1) from + * LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER to get these callbacks + * sending the HTTP headers. + * + * From this callback, when you have sent everything, you should let + * lws know by calling lws_client_http_body_pending(wsi, 0) + */ + LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION = 58, + /**< Similar to LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION + * this callback is called during OpenSSL verification of the cert + * sent from the server to the client. It is sent to protocol[0] + * callback as no protocol has been negotiated on the connection yet. + * Notice that the wsi is set because lws_client_connect_via_info was + * successful. + * + * See http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html + * to understand more detail about the OpenSSL callback that + * generates this libwebsockets callback and the meanings of the + * arguments passed. In this callback, user is the x509_ctx, + * in is the ssl pointer and len is preverify_ok. + * + * THIS IS NOT RECOMMENDED BUT if a cert validation error shall be + * overruled and cert shall be accepted as ok, + * X509_STORE_CTX_set_error((X509_STORE_CTX*)user, X509_V_OK); must be + * called and return value must be 0 to mean the cert is OK; + * returning 1 will fail the cert in any case. + * + * This also means that if you don't handle this callback then + * the default callback action of returning 0 will not accept the + * certificate in case of a validation error decided by the SSL lib. + * + * This is expected and secure behaviour when validating certificates. + * + * Note: LCCSCF_ALLOW_SELFSIGNED and + * LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK still work without this + * callback being implemented. + */ + LWS_CALLBACK_RAW_RX = 59, + /**< RAW mode connection RX */ + LWS_CALLBACK_RAW_CLOSE = 60, + /**< RAW mode connection is closing */ + LWS_CALLBACK_RAW_WRITEABLE = 61, + /**< RAW mode connection may be written */ + LWS_CALLBACK_RAW_ADOPT = 62, + /**< RAW mode connection was adopted (equivalent to 'wsi created') */ + LWS_CALLBACK_RAW_ADOPT_FILE = 63, + /**< RAW mode file was adopted (equivalent to 'wsi created') */ + LWS_CALLBACK_RAW_RX_FILE = 64, + /**< RAW mode file has something to read */ + LWS_CALLBACK_RAW_WRITEABLE_FILE = 65, + /**< RAW mode file is writeable */ + LWS_CALLBACK_RAW_CLOSE_FILE = 66, + /**< RAW mode wsi that adopted a file is closing */ + LWS_CALLBACK_SSL_INFO = 67, + /**< SSL connections only. An event you registered an + * interest in at the vhost has occurred on a connection + * using the vhost. @in is a pointer to a + * struct lws_ssl_info containing information about the + * event*/ + LWS_CALLBACK_CHILD_WRITE_VIA_PARENT = 68, + /**< Child has been marked with parent_carries_io attribute, so + * lws_write directs the to this callback at the parent, + * @in is a struct lws_write_passthru containing the args + * the lws_write() was called with. + */ + LWS_CALLBACK_CHILD_CLOSING = 69, + /**< Sent to parent to notify them a child is closing / being + * destroyed. @in is the child wsi. + */ + + /****** add new things just above ---^ ******/ + + LWS_CALLBACK_USER = 1000, + /**< user code can use any including above without fear of clashes */ +}; + + + +/** + * typedef lws_callback_function() - User server actions + * \param wsi: Opaque websocket instance pointer + * \param reason: The reason for the call + * \param user: Pointer to per-session user data allocated by library + * \param in: Pointer used for some callback reasons + * \param len: Length set for some callback reasons + * + * This callback is the way the user controls what is served. All the + * protocol detail is hidden and handled by the library. + * + * For each connection / session there is user data allocated that is + * pointed to by "user". You set the size of this user data area when + * the library is initialized with lws_create_server. + */ +typedef int +lws_callback_function(struct lws *wsi, enum lws_callback_reasons reason, + void *user, void *in, size_t len); +///@} + +/*! \defgroup extensions + * + * ##Extension releated functions + * + * Ws defines optional extensions, lws provides the ability to implement these + * in user code if so desired. + * + * We provide one extensions permessage-deflate. + */ +///@{ + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +enum lws_extension_callback_reasons { + LWS_EXT_CB_SERVER_CONTEXT_CONSTRUCT = 0, + LWS_EXT_CB_CLIENT_CONTEXT_CONSTRUCT = 1, + LWS_EXT_CB_SERVER_CONTEXT_DESTRUCT = 2, + LWS_EXT_CB_CLIENT_CONTEXT_DESTRUCT = 3, + LWS_EXT_CB_CONSTRUCT = 4, + LWS_EXT_CB_CLIENT_CONSTRUCT = 5, + LWS_EXT_CB_CHECK_OK_TO_REALLY_CLOSE = 6, + LWS_EXT_CB_CHECK_OK_TO_PROPOSE_EXTENSION = 7, + LWS_EXT_CB_DESTROY = 8, + LWS_EXT_CB_DESTROY_ANY_WSI_CLOSING = 9, + LWS_EXT_CB_ANY_WSI_ESTABLISHED = 10, + LWS_EXT_CB_PACKET_RX_PREPARSE = 11, + LWS_EXT_CB_PACKET_TX_PRESEND = 12, + LWS_EXT_CB_PACKET_TX_DO_SEND = 13, + LWS_EXT_CB_HANDSHAKE_REPLY_TX = 14, + LWS_EXT_CB_FLUSH_PENDING_TX = 15, + LWS_EXT_CB_EXTENDED_PAYLOAD_RX = 16, + LWS_EXT_CB_CAN_PROXY_CLIENT_CONNECTION = 17, + LWS_EXT_CB_1HZ = 18, + LWS_EXT_CB_REQUEST_ON_WRITEABLE = 19, + LWS_EXT_CB_IS_WRITEABLE = 20, + LWS_EXT_CB_PAYLOAD_TX = 21, + LWS_EXT_CB_PAYLOAD_RX = 22, + LWS_EXT_CB_OPTION_DEFAULT = 23, + LWS_EXT_CB_OPTION_SET = 24, + LWS_EXT_CB_OPTION_CONFIRM = 25, + LWS_EXT_CB_NAMED_OPTION_SET = 26, + + /****** add new things just above ---^ ******/ +}; + +/** enum lws_ext_options_types */ +enum lws_ext_options_types { + EXTARG_NONE, /**< does not take an argument */ + EXTARG_DEC, /**< requires a decimal argument */ + EXTARG_OPT_DEC /**< may have an optional decimal argument */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ +}; + +/** struct lws_ext_options - Option arguments to the extension. These are + * used in the negotiation at ws upgrade time. + * The helper function lws_ext_parse_options() + * uses these to generate callbacks */ +struct lws_ext_options { + const char *name; /**< Option name, eg, "server_no_context_takeover" */ + enum lws_ext_options_types type; /**< What kind of args the option can take */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ +}; + +/** struct lws_ext_option_arg */ +struct lws_ext_option_arg { + const char *option_name; /**< may be NULL, option_index used then */ + int option_index; /**< argument ordinal to use if option_name missing */ + const char *start; /**< value */ + int len; /**< length of value */ +}; + +/** + * typedef lws_extension_callback_function() - Hooks to allow extensions to operate + * \param context: Websockets context + * \param ext: This extension + * \param wsi: Opaque websocket instance pointer + * \param reason: The reason for the call + * \param user: Pointer to ptr to per-session user data allocated by library + * \param in: Pointer used for some callback reasons + * \param len: Length set for some callback reasons + * + * Each extension that is active on a particular connection receives + * callbacks during the connection lifetime to allow the extension to + * operate on websocket data and manage itself. + * + * Libwebsockets takes care of allocating and freeing "user" memory for + * each active extension on each connection. That is what is pointed to + * by the user parameter. + * + * LWS_EXT_CB_CONSTRUCT: called when the server has decided to + * select this extension from the list provided by the client, + * just before the server will send back the handshake accepting + * the connection with this extension active. This gives the + * extension a chance to initialize its connection context found + * in user. + * + * LWS_EXT_CB_CLIENT_CONSTRUCT: same as LWS_EXT_CB_CONSTRUCT + * but called when client is instantiating this extension. Some + * extensions will work the same on client and server side and then + * you can just merge handlers for both CONSTRUCTS. + * + * LWS_EXT_CB_DESTROY: called when the connection the extension was + * being used on is about to be closed and deallocated. It's the + * last chance for the extension to deallocate anything it has + * allocated in the user data (pointed to by user) before the + * user data is deleted. This same callback is used whether you + * are in client or server instantiation context. + * + * LWS_EXT_CB_PACKET_RX_PREPARSE: when this extension was active on + * a connection, and a packet of data arrived at the connection, + * it is passed to this callback to give the extension a chance to + * change the data, eg, decompress it. user is pointing to the + * extension's private connection context data, in is pointing + * to an lws_tokens struct, it consists of a char * pointer called + * token, and an int called token_len. At entry, these are + * set to point to the received buffer and set to the content + * length. If the extension will grow the content, it should use + * a new buffer allocated in its private user context data and + * set the pointed-to lws_tokens members to point to its buffer. + * + * LWS_EXT_CB_PACKET_TX_PRESEND: this works the same way as + * LWS_EXT_CB_PACKET_RX_PREPARSE above, except it gives the + * extension a chance to change websocket data just before it will + * be sent out. Using the same lws_token pointer scheme in in, + * the extension can change the buffer and the length to be + * transmitted how it likes. Again if it wants to grow the + * buffer safely, it should copy the data into its own buffer and + * set the lws_tokens token pointer to it. + * + * LWS_EXT_CB_ARGS_VALIDATE: + */ +typedef int +lws_extension_callback_function(struct lws_context *context, + const struct lws_extension *ext, struct lws *wsi, + enum lws_extension_callback_reasons reason, + void *user, void *in, size_t len); + +/** struct lws_extension - An extension we support */ +struct lws_extension { + const char *name; /**< Formal extension name, eg, "permessage-deflate" */ + lws_extension_callback_function *callback; /**< Service callback */ + const char *client_offer; /**< String containing exts and options client offers */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ +}; + +/** + * lws_set_extension_option(): set extension option if possible + * + * \param wsi: websocket connection + * \param ext_name: name of ext, like "permessage-deflate" + * \param opt_name: name of option, like "rx_buf_size" + * \param opt_val: value to set option to + */ +LWS_VISIBLE LWS_EXTERN int +lws_set_extension_option(struct lws *wsi, const char *ext_name, + const char *opt_name, const char *opt_val); + +#ifndef LWS_NO_EXTENSIONS +/* lws_get_internal_extensions() - DEPRECATED + * + * \Deprecated There is no longer a set internal extensions table. The table is provided + * by user code along with application-specific settings. See the test + * client and server for how to do. + */ +static LWS_INLINE LWS_WARN_DEPRECATED const struct lws_extension * +lws_get_internal_extensions(void) { return NULL; } + +/** + * lws_ext_parse_options() - deal with parsing negotiated extension options + * + * \param ext: related extension struct + * \param wsi: websocket connection + * \param ext_user: per-connection extension private data + * \param opts: list of supported options + * \param o: option string to parse + * \param len: length + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ext_parse_options(const struct lws_extension *ext, struct lws *wsi, + void *ext_user, const struct lws_ext_options *opts, + const char *o, int len); +#endif + +/** lws_extension_callback_pm_deflate() - extension for RFC7692 + * + * \param context: lws context + * \param ext: related lws_extension struct + * \param wsi: websocket connection + * \param reason: incoming callback reason + * \param user: per-connection extension private data + * \param in: pointer parameter + * \param len: length parameter + * + * Built-in callback implementing RFC7692 permessage-deflate + */ +LWS_EXTERN +int lws_extension_callback_pm_deflate( + struct lws_context *context, const struct lws_extension *ext, + struct lws *wsi, enum lws_extension_callback_reasons reason, + void *user, void *in, size_t len); + +/* + * The internal exts are part of the public abi + * If we add more extensions, publish the callback here ------v + */ +///@} + +/*! \defgroup Protocols-and-Plugins Protocols and Plugins + * \ingroup lwsapi + * + * ##Protocol and protocol plugin -related apis + * + * Protocols bind ws protocol names to a custom callback specific to that + * protocol implementaion. + * + * A list of protocols can be passed in at context creation time, but it is + * also legal to leave that NULL and add the protocols and their callback code + * using plugins. + * + * Plugins are much preferable compared to cut and pasting code into an + * application each time, since they can be used standalone. + */ +///@{ +/** struct lws_protocols - List of protocols and handlers client or server + * supports. */ + +struct lws_protocols { + const char *name; + /**< Protocol name that must match the one given in the client + * Javascript new WebSocket(url, 'protocol') name. */ + lws_callback_function *callback; + /**< The service callback used for this protocol. It allows the + * service action for an entire protocol to be encapsulated in + * the protocol-specific callback */ + size_t per_session_data_size; + /**< Each new connection using this protocol gets + * this much memory allocated on connection establishment and + * freed on connection takedown. A pointer to this per-connection + * allocation is passed into the callback in the 'user' parameter */ + size_t rx_buffer_size; + /**< lws allocates this much space for rx data and informs callback + * when something came. Due to rx flow control, the callback may not + * be able to consume it all without having to return to the event + * loop. That is supported in lws. + * + * If .tx_packet_size is 0, this also controls how much may be sent at once + * for backwards compatibility. + */ + unsigned int id; + /**< ignored by lws, but useful to contain user information bound + * to the selected protocol. For example if this protocol was + * called "myprotocol-v2", you might set id to 2, and the user + * code that acts differently according to the version can do so by + * switch (wsi->protocol->id), user code might use some bits as + * capability flags based on selected protocol version, etc. */ + void *user; /**< ignored by lws, but user code can pass a pointer + here it can later access from the protocol callback */ + size_t tx_packet_size; + /**< 0 indicates restrict send() size to .rx_buffer_size for backwards- + * compatibility. + * If greater than zero, a single send() is restricted to this amount + * and any remainder is buffered by lws and sent afterwards also in + * these size chunks. Since that is expensive, it's preferable + * to restrict one fragment you are trying to send to match this + * size. + */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ +}; + +struct lws_vhost; + +/** + * lws_vhost_name_to_protocol() - get vhost's protocol object from its name + * + * \param vh: vhost to search + * \param name: protocol name + * + * Returns NULL or a pointer to the vhost's protocol of the requested name + */ +LWS_VISIBLE LWS_EXTERN const struct lws_protocols * +lws_vhost_name_to_protocol(struct lws_vhost *vh, const char *name); + +/** + * lws_get_protocol() - Returns a protocol pointer from a websocket + * connection. + * \param wsi: pointer to struct websocket you want to know the protocol of + * + * + * Some apis can act on all live connections of a given protocol, + * this is how you can get a pointer to the active protocol if needed. + */ +LWS_VISIBLE LWS_EXTERN const struct lws_protocols * +lws_get_protocol(struct lws *wsi); + +/** lws_protocol_get() - deprecated: use lws_get_protocol */ +LWS_VISIBLE LWS_EXTERN const struct lws_protocols * +lws_protocol_get(struct lws *wsi) LWS_WARN_DEPRECATED; + +/** + * lws_protocol_vh_priv_zalloc() - Allocate and zero down a protocol's per-vhost + * storage + * \param vhost: vhost the instance is related to + * \param prot: protocol the instance is related to + * \param size: bytes to allocate + * + * Protocols often find it useful to allocate a per-vhost struct, this is a + * helper to be called in the per-vhost init LWS_CALLBACK_PROTOCOL_INIT + */ +LWS_VISIBLE LWS_EXTERN void * +lws_protocol_vh_priv_zalloc(struct lws_vhost *vhost, const struct lws_protocols *prot, + int size); + +/** + * lws_protocol_vh_priv_get() - retreive a protocol's per-vhost storage + * + * \param vhost: vhost the instance is related to + * \param prot: protocol the instance is related to + * + * Recover a pointer to the allocated per-vhost storage for the protocol created + * by lws_protocol_vh_priv_zalloc() earlier + */ +LWS_VISIBLE LWS_EXTERN void * +lws_protocol_vh_priv_get(struct lws_vhost *vhost, const struct lws_protocols *prot); + +/** + * lws_finalize_startup() - drop initial process privileges + * + * \param context: lws context + * + * This is called after the end of the vhost protocol initializations, but + * you may choose to call it earlier + */ +LWS_VISIBLE LWS_EXTERN int +lws_finalize_startup(struct lws_context *context); + +LWS_VISIBLE LWS_EXTERN int +lws_protocol_init(struct lws_context *context); + +#ifdef LWS_WITH_PLUGINS + +/* PLUGINS implies LIBUV */ + +#define LWS_PLUGIN_API_MAGIC 180 + +/** struct lws_plugin_capability - how a plugin introduces itself to lws */ +struct lws_plugin_capability { + unsigned int api_magic; /**< caller fills this in, plugin fills rest */ + const struct lws_protocols *protocols; /**< array of supported protocols provided by plugin */ + int count_protocols; /**< how many protocols */ + const struct lws_extension *extensions; /**< array of extensions provided by plugin */ + int count_extensions; /**< how many extensions */ +}; + +typedef int (*lws_plugin_init_func)(struct lws_context *, + struct lws_plugin_capability *); +typedef int (*lws_plugin_destroy_func)(struct lws_context *); + +/** struct lws_plugin */ +struct lws_plugin { + struct lws_plugin *list; /**< linked list */ +#if (UV_VERSION_MAJOR > 0) + uv_lib_t lib; /**< shared library pointer */ +#else + void *l; /**< so we can compile on ancient libuv */ +#endif + char name[64]; /**< name of the plugin */ + struct lws_plugin_capability caps; /**< plugin capabilities */ +}; + +#endif + +///@} + + +/*! \defgroup generic-sessions plugin: generic-sessions + * \ingroup Protocols-and-Plugins + * + * ##Plugin Generic-sessions related + * + * generic-sessions plugin provides a reusable, generic session and login / + * register / forgot password framework including email verification. + */ +///@{ + +#define LWSGS_EMAIL_CONTENT_SIZE 16384 +/**< Maximum size of email we might send */ + +/* SHA-1 binary and hexified versions */ +/** typedef struct lwsgw_hash_bin */ +typedef struct { unsigned char bin[20]; /**< binary representation of hash */} lwsgw_hash_bin; +/** typedef struct lwsgw_hash */ +typedef struct { char id[41]; /**< ascii hex representation of hash */ } lwsgw_hash; + +/** enum lwsgs_auth_bits */ +enum lwsgs_auth_bits { + LWSGS_AUTH_LOGGED_IN = 1, /**< user is logged in as somebody */ + LWSGS_AUTH_ADMIN = 2, /**< logged in as the admin user */ + LWSGS_AUTH_VERIFIED = 4, /**< user has verified his email */ + LWSGS_AUTH_FORGOT_FLOW = 8, /**< he just completed "forgot password" flow */ +}; + +/** struct lws_session_info - information about user session status */ +struct lws_session_info { + char username[32]; /**< username logged in as, or empty string */ + char email[100]; /**< email address associated with login, or empty string */ + char ip[72]; /**< ip address session was started from */ + unsigned int mask; /**< access rights mask associated with session + * see enum lwsgs_auth_bits */ + char session[42]; /**< session id string, usable as opaque uid when not logged in */ +}; + +/** enum lws_gs_event */ +enum lws_gs_event { + LWSGSE_CREATED, /**< a new user was created */ + LWSGSE_DELETED /**< an existing user was deleted */ +}; + +/** struct lws_gs_event_args */ +struct lws_gs_event_args { + enum lws_gs_event event; /**< which event happened */ + const char *username; /**< which username the event happened to */ + const char *email; /**< the email address of that user */ +}; + +///@} + + +/*! \defgroup context-and-vhost + * \ingroup lwsapi + * + * ##Context and Vhost releated functions + * + * LWS requires that there is one context, in which you may define multiple + * vhosts. Each vhost is a virtual host, with either its own listen port + * or sharing an existing one. Each vhost has its own SSL context that can + * be set up individually or left disabled. + * + * If you don't care about multiple "site" support, you can ignore it and + * lws will create a single default vhost at context creation time. + */ +///@{ + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ + +/** enum lws_context_options - context and vhost options */ +enum lws_context_options { + LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT = (1 << 1) | + (1 << 12), + /**< (VH) Don't allow the connection unless the client has a + * client cert that we recognize; provides + * LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT */ + LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME = (1 << 2), + /**< (CTX) Don't try to get the server's hostname */ + LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT = (1 << 3) | + (1 << 12), + /**< (VH) Allow non-SSL (plaintext) connections on the same + * port as SSL is listening... undermines the security of SSL; + * provides LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT */ + LWS_SERVER_OPTION_LIBEV = (1 << 4), + /**< (CTX) Use libev event loop */ + LWS_SERVER_OPTION_DISABLE_IPV6 = (1 << 5), + /**< (VH) Disable IPV6 support */ + LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS = (1 << 6), + /**< (VH) Don't load OS CA certs, you will need to load your + * own CA cert(s) */ + LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED = (1 << 7), + /**< (VH) Accept connections with no valid Cert (eg, selfsigned) */ + LWS_SERVER_OPTION_VALIDATE_UTF8 = (1 << 8), + /**< (VH) Check UT-8 correctness */ + LWS_SERVER_OPTION_SSL_ECDH = (1 << 9) | + (1 << 12), + /**< (VH) initialize ECDH ciphers */ + LWS_SERVER_OPTION_LIBUV = (1 << 10), + /**< (CTX) Use libuv event loop */ + LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS = (1 << 11) | + (1 << 12), + /**< (VH) Use http redirect to force http to https + * (deprecated: use mount redirection) */ + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT = (1 << 12), + /**< (CTX) Initialize the SSL library at all */ + LWS_SERVER_OPTION_EXPLICIT_VHOSTS = (1 << 13), + /**< (CTX) Only create the context when calling context + * create api, implies user code will create its own vhosts */ + LWS_SERVER_OPTION_UNIX_SOCK = (1 << 14), + /**< (VH) Use Unix socket */ + LWS_SERVER_OPTION_STS = (1 << 15), + /**< (VH) Send Strict Transport Security header, making + * clients subsequently go to https even if user asked for http */ + LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY = (1 << 16), + /**< (VH) Enable LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE to take effect */ + LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE = (1 << 17), + /**< (VH) if set, only ipv6 allowed on the vhost */ + LWS_SERVER_OPTION_UV_NO_SIGSEGV_SIGFPE_SPIN = (1 << 18), + /**< (CTX) Libuv only: Do not spin on SIGSEGV / SIGFPE. A segfault + * normally makes the lib spin so you can attach a debugger to it + * even if it happened without a debugger in place. You can disable + * that by giving this option. + */ + LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN = (1 << 19), + /**< For backwards-compatibility reasons, by default + * lws prepends "http://" to the origin you give in the client + * connection info struct. If you give this flag when you create + * the context, only the string you give in the client connect + * info for .origin (if any) will be used directly. + */ + LWS_SERVER_OPTION_FALLBACK_TO_RAW = (1 << 20), + /**< (VH) if invalid http is coming in the first line, */ + LWS_SERVER_OPTION_LIBEVENT = (1 << 21), + /**< (CTX) Use libevent event loop */ + LWS_SERVER_OPTION_ONLY_RAW = (1 << 22), + /**< (VH) All connections to this vhost / port are RAW as soon as + * the connection is accepted, no HTTP is going to be coming. + */ + LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE = (1 << 23), + /**< (VH) Set to allow multiple listen sockets on one interface + + * address + port. The default is to strictly allow only one + * listen socket at a time. This is automatically selected if you + * have multiple service threads. + */ + + /****** add new things just above ---^ ******/ +}; + +#define lws_check_opt(c, f) (((c) & (f)) == (f)) + +struct lws_plat_file_ops; + +/** struct lws_context_creation_info - parameters to create context and /or vhost with + * + * This is also used to create vhosts.... if LWS_SERVER_OPTION_EXPLICIT_VHOSTS + * is not given, then for backwards compatibility one vhost is created at + * context-creation time using the info from this struct. + * + * If LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, then no vhosts are created + * at the same time as the context, they are expected to be created afterwards. + */ +struct lws_context_creation_info { + int port; + /**< VHOST: Port to listen on. Use CONTEXT_PORT_NO_LISTEN to suppress + * listening for a client. Use CONTEXT_PORT_NO_LISTEN_SERVER if you are + * writing a server but you are using \ref sock-adopt instead of the + * built-in listener */ + const char *iface; + /**< VHOST: NULL to bind the listen socket to all interfaces, or the + * interface name, eg, "eth2" + * If options specifies LWS_SERVER_OPTION_UNIX_SOCK, this member is + * the pathname of a UNIX domain socket. you can use the UNIX domain + * sockets in abstract namespace, by prepending an at symbol to the + * socket name. */ + const struct lws_protocols *protocols; + /**< VHOST: Array of structures listing supported protocols and a protocol- + * specific callback for each one. The list is ended with an + * entry that has a NULL callback pointer. */ + const struct lws_extension *extensions; + /**< VHOST: NULL or array of lws_extension structs listing the + * extensions this context supports. */ + const struct lws_token_limits *token_limits; + /**< CONTEXT: NULL or struct lws_token_limits pointer which is initialized + * with a token length limit for each possible WSI_TOKEN_ */ + const char *ssl_private_key_password; + /**< VHOST: NULL or the passphrase needed for the private key */ + const char *ssl_cert_filepath; + /**< VHOST: If libwebsockets was compiled to use ssl, and you want + * to listen using SSL, set to the filepath to fetch the + * server cert from, otherwise NULL for unencrypted */ + const char *ssl_private_key_filepath; + /**< VHOST: filepath to private key if wanting SSL mode; + * if this is set to NULL but sll_cert_filepath is set, the + * OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY callback is called + * to allow setting of the private key directly via openSSL + * library calls */ + const char *ssl_ca_filepath; + /**< VHOST: CA certificate filepath or NULL */ + const char *ssl_cipher_list; + /**< VHOST: List of valid ciphers to use (eg, + * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" + * or you can leave it as NULL to get "DEFAULT" */ + const char *http_proxy_address; + /**< VHOST: If non-NULL, attempts to proxy via the given address. + * If proxy auth is required, use format "username:password\@server:port" */ + unsigned int http_proxy_port; + /**< VHOST: If http_proxy_address was non-NULL, uses this port */ + int gid; + /**< CONTEXT: group id to change to after setting listen socket, or -1. */ + int uid; + /**< CONTEXT: user id to change to after setting listen socket, or -1. */ + unsigned int options; + /**< VHOST + CONTEXT: 0, or LWS_SERVER_OPTION_... bitfields */ + void *user; + /**< CONTEXT: optional user pointer that can be recovered via the context + * pointer using lws_context_user */ + int ka_time; + /**< CONTEXT: 0 for no TCP keepalive, otherwise apply this keepalive + * timeout to all libwebsocket sockets, client or server */ + int ka_probes; + /**< CONTEXT: if ka_time was nonzero, after the timeout expires how many + * times to try to get a response from the peer before giving up + * and killing the connection */ + int ka_interval; + /**< CONTEXT: if ka_time was nonzero, how long to wait before each ka_probes + * attempt */ +#ifdef LWS_OPENSSL_SUPPORT + SSL_CTX *provided_client_ssl_ctx; + /**< CONTEXT: If non-null, swap out libwebsockets ssl + * implementation for the one provided by provided_ssl_ctx. + * Libwebsockets no longer is responsible for freeing the context + * if this option is selected. */ +#else /* maintain structure layout either way */ + void *provided_client_ssl_ctx; /**< dummy if ssl disabled */ +#endif + + short max_http_header_data; + /**< CONTEXT: The max amount of header payload that can be handled + * in an http request (unrecognized header payload is dropped) */ + short max_http_header_pool; + /**< CONTEXT: The max number of connections with http headers that + * can be processed simultaneously (the corresponding memory is + * allocated for the lifetime of the context). If the pool is + * busy new incoming connections must wait for accept until one + * becomes free. */ + + unsigned int count_threads; + /**< CONTEXT: how many contexts to create in an array, 0 = 1 */ + unsigned int fd_limit_per_thread; + /**< CONTEXT: nonzero means restrict each service thread to this + * many fds, 0 means the default which is divide the process fd + * limit by the number of threads. */ + unsigned int timeout_secs; + /**< VHOST: various processes involving network roundtrips in the + * library are protected from hanging forever by timeouts. If + * nonzero, this member lets you set the timeout used in seconds. + * Otherwise a default timeout is used. */ + const char *ecdh_curve; + /**< VHOST: if NULL, defaults to initializing server with "prime256v1" */ + const char *vhost_name; + /**< VHOST: name of vhost, must match external DNS name used to + * access the site, like "warmcat.com" as it's used to match + * Host: header and / or SNI name for SSL. */ + const char * const *plugin_dirs; + /**< CONTEXT: NULL, or NULL-terminated array of directories to + * scan for lws protocol plugins at context creation time */ + const struct lws_protocol_vhost_options *pvo; + /**< VHOST: pointer to optional linked list of per-vhost + * options made accessible to protocols */ + int keepalive_timeout; + /**< VHOST: (default = 0 = 60s) seconds to allow remote + * client to hold on to an idle HTTP/1.1 connection */ + const char *log_filepath; + /**< VHOST: filepath to append logs to... this is opened before + * any dropping of initial privileges */ + const struct lws_http_mount *mounts; + /**< VHOST: optional linked list of mounts for this vhost */ + const char *server_string; + /**< CONTEXT: string used in HTTP headers to identify server + * software, if NULL, "libwebsockets". */ + unsigned int pt_serv_buf_size; + /**< CONTEXT: 0 = default of 4096. This buffer is used by + * various service related features including file serving, it + * defines the max chunk of file that can be sent at once. + * At the risk of lws having to buffer failed large sends, it + * can be increased to, eg, 128KiB to improve throughput. */ + unsigned int max_http_header_data2; + /**< CONTEXT: if max_http_header_data is 0 and this + * is nonzero, this will be used in place of the default. It's + * like this for compatibility with the original short version, + * this is unsigned int length. */ + long ssl_options_set; + /**< VHOST: Any bits set here will be set as SSL options */ + long ssl_options_clear; + /**< VHOST: Any bits set here will be cleared as SSL options */ + unsigned short ws_ping_pong_interval; + /**< CONTEXT: 0 for none, else interval in seconds between sending + * PINGs on idle websocket connections. When the PING is sent, + * the PONG must come within the normal timeout_secs timeout period + * or the connection will be dropped. + * Any RX or TX traffic on the connection restarts the interval timer, + * so a connection which always sends or receives something at intervals + * less than the interval given here will never send PINGs / expect + * PONGs. Conversely as soon as the ws connection is established, an + * idle connection will do the PING / PONG roundtrip as soon as + * ws_ping_pong_interval seconds has passed without traffic + */ + const struct lws_protocol_vhost_options *headers; + /**< VHOST: pointer to optional linked list of per-vhost + * canned headers that are added to server responses */ + + const struct lws_protocol_vhost_options *reject_service_keywords; + /**< CONTEXT: Optional list of keywords and rejection codes + text. + * + * The keywords are checked for existing in the user agent string. + * + * Eg, "badrobot" "404 Not Found" + */ + void *external_baggage_free_on_destroy; + /**< CONTEXT: NULL, or pointer to something externally malloc'd, that + * should be freed when the context is destroyed. This allows you to + * automatically sync the freeing action to the context destruction + * action, so there is no need for an external free() if the context + * succeeded to create. + */ + +#ifdef LWS_OPENSSL_SUPPORT + /**< CONTEXT: NULL or struct lws_token_limits pointer which is initialized + * with a token length limit for each possible WSI_TOKEN_ */ + const char *client_ssl_private_key_password; + /**< VHOST: NULL or the passphrase needed for the private key */ + const char *client_ssl_cert_filepath; + /**< VHOST: If libwebsockets was compiled to use ssl, and you want + * to listen using SSL, set to the filepath to fetch the + * server cert from, otherwise NULL for unencrypted */ + const char *client_ssl_private_key_filepath; + /**< VHOST: filepath to private key if wanting SSL mode; + * if this is set to NULL but sll_cert_filepath is set, the + * OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY callback is called + * to allow setting of the private key directly via openSSL + * library calls */ + const char *client_ssl_ca_filepath; + /**< VHOST: CA certificate filepath or NULL */ + const char *client_ssl_cipher_list; + /**< VHOST: List of valid ciphers to use (eg, + * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" + * or you can leave it as NULL to get "DEFAULT" */ +#endif + + const struct lws_plat_file_ops *fops; + /**< CONTEXT: NULL, or pointer to an array of fops structs, terminated + * by a sentinel with NULL .open. + * + * If NULL, lws provides just the platform file operations struct for + * backwards compatibility. + */ + int simultaneous_ssl_restriction; + /**< CONTEXT: 0 (no limit) or limit of simultaneous SSL sessions possible.*/ + const char *socks_proxy_address; + /**< VHOST: If non-NULL, attempts to proxy via the given address. + * If proxy auth is required, use format "username:password\@server:port" */ + unsigned int socks_proxy_port; + /**< VHOST: If socks_proxy_address was non-NULL, uses this port */ +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + cap_value_t caps[4]; + /**< CONTEXT: array holding Linux capabilities you want to + * continue to be available to the server after it transitions + * to a noprivileged user. Usually none are needed but for, eg, + * .bind_iface, CAP_NET_RAW is required. This gives you a way + * to still have the capability but drop root. + */ + char count_caps; + /**< CONTEXT: count of Linux capabilities in .caps[]. 0 means + * no capabilities will be inherited from root (the default) */ +#endif + int bind_iface; + /**< VHOST: nonzero to strictly bind sockets to the interface name in + * .iface (eg, "eth2"), using SO_BIND_TO_DEVICE. + * + * Requires SO_BINDTODEVICE support from your OS and CAP_NET_RAW + * capability. + * + * Notice that common things like access network interface IP from + * your local machine use your lo / loopback interface and will be + * disallowed by this. + */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility + * + * The below is to ensure later library versions with new + * members added above will see 0 (default) even if the app + * was not built against the newer headers. + */ + int ssl_info_event_mask; + /**< VHOST: mask of ssl events to be reported on LWS_CALLBACK_SSL_INFO + * callback for connections on this vhost. The mask values are of + * the form SSL_CB_ALERT, defined in openssl/ssl.h. The default of + * 0 means no info events will be reported. + */ + unsigned int timeout_secs_ah_idle; + /**< VHOST: seconds to allow a client to hold an ah without using it. + * 0 defaults to 10s. */ + + void *_unused[8]; /**< dummy */ +}; + +/** + * lws_create_context() - Create the websocket handler + * \param info: pointer to struct with parameters + * + * This function creates the listening socket (if serving) and takes care + * of all initialization in one step. + * + * If option LWS_SERVER_OPTION_EXPLICIT_VHOSTS is given, no vhost is + * created; you're expected to create your own vhosts afterwards using + * lws_create_vhost(). Otherwise a vhost named "default" is also created + * using the information in the vhost-related members, for compatibility. + * + * After initialization, it returns a struct lws_context * that + * represents this server. After calling, user code needs to take care + * of calling lws_service() with the context pointer to get the + * server's sockets serviced. This must be done in the same process + * context as the initialization call. + * + * The protocol callback functions are called for a handful of events + * including http requests coming in, websocket connections becoming + * established, and data arriving; it's also called periodically to allow + * async transmission. + * + * HTTP requests are sent always to the FIRST protocol in protocol, since + * at that time websocket protocol has not been negotiated. Other + * protocols after the first one never see any HTTP callback activity. + * + * The server created is a simple http server by default; part of the + * websocket standard is upgrading this http connection to a websocket one. + * + * This allows the same server to provide files like scripts and favicon / + * images or whatever over http and dynamic data over websockets all in + * one place; they're all handled in the user callback. + */ +LWS_VISIBLE LWS_EXTERN struct lws_context * +lws_create_context(struct lws_context_creation_info *info); + +/** + * lws_context_destroy() - Destroy the websocket context + * \param context: Websocket context + * + * This function closes any active connections and then frees the + * context. After calling this, any further use of the context is + * undefined. + */ +LWS_VISIBLE LWS_EXTERN void +lws_context_destroy(struct lws_context *context); + +LWS_VISIBLE LWS_EXTERN void +lws_context_destroy2(struct lws_context *context); + +typedef int (*lws_reload_func)(void); + +/** + * lws_context_deprecate() - Deprecate the websocket context + * \param context: Websocket context + * + * This function is used on an existing context before superceding it + * with a new context. + * + * It closes any listen sockets in the context, so new connections are + * not possible. + * + * And it marks the context to be deleted when the number of active + * connections into it falls to zero. + * + * Otherwise if you attach the deprecated context to the replacement + * context when it has been created using lws_context_attach_deprecated() + * both any deprecated and the new context will service their connections. + * + * This is aimed at allowing seamless configuration reloads. + * + * The callback cb will be called after the listen sockets are actually + * closed and may be reopened. In the callback the new context should be + * configured and created. (With libuv, socket close happens async after + * more loop events). + */ +LWS_VISIBLE LWS_EXTERN void +lws_context_deprecate(struct lws_context *context, lws_reload_func cb); + +LWS_VISIBLE LWS_EXTERN int +lws_context_is_deprecated(struct lws_context *context); + +/** + * lws_set_proxy() - Setups proxy to lws_context. + * \param vhost: pointer to struct lws_vhost you want set proxy for + * \param proxy: pointer to c string containing proxy in format address:port + * + * Returns 0 if proxy string was parsed and proxy was setup. + * Returns -1 if proxy is NULL or has incorrect format. + * + * This is only required if your OS does not provide the http_proxy + * environment variable (eg, OSX) + * + * IMPORTANT! You should call this function right after creation of the + * lws_context and before call to connect. If you call this + * function after connect behavior is undefined. + * This function will override proxy settings made on lws_context + * creation with genenv() call. + */ +LWS_VISIBLE LWS_EXTERN int +lws_set_proxy(struct lws_vhost *vhost, const char *proxy); + +/** + * lws_set_socks() - Setup socks to lws_context. + * \param vhost: pointer to struct lws_vhost you want set socks for + * \param socks: pointer to c string containing socks in format address:port + * + * Returns 0 if socks string was parsed and socks was setup. + * Returns -1 if socks is NULL or has incorrect format. + * + * This is only required if your OS does not provide the socks_proxy + * environment variable (eg, OSX) + * + * IMPORTANT! You should call this function right after creation of the + * lws_context and before call to connect. If you call this + * function after connect behavior is undefined. + * This function will override proxy settings made on lws_context + * creation with genenv() call. + */ +LWS_VISIBLE LWS_EXTERN int +lws_set_socks(struct lws_vhost *vhost, const char *socks); + +struct lws_vhost; + +/** + * lws_create_vhost() - Create a vhost (virtual server context) + * \param context: pointer to result of lws_create_context() + * \param info: pointer to struct with parameters + * + * This function creates a virtual server (vhost) using the vhost-related + * members of the info struct. You can create many vhosts inside one context + * if you created the context with the option LWS_SERVER_OPTION_EXPLICIT_VHOSTS + */ +LWS_VISIBLE LWS_EXTERN struct lws_vhost * +lws_create_vhost(struct lws_context *context, + struct lws_context_creation_info *info); + +/** + * lws_destroy_vhost() - Destroy a vhost (virtual server context) + * \param vhost: pointer to result of lws_create_vhost() + * + * This function destroys a vhost. Normally, if you just want to exit, + * then lws_destroy_context() will take care of everything. If you want + * to destroy an individual vhost and all connections and allocations, you + * can do it with this. + */ +LWS_VISIBLE LWS_EXTERN void +lws_vhost_destroy(struct lws_vhost *vh); + +/** + * lwsws_get_config_globals() - Parse a JSON server config file + * \param info: pointer to struct with parameters + * \param d: filepath of the config file + * \param config_strings: storage for the config strings extracted from JSON, + * the pointer is incremented as strings are stored + * \param len: pointer to the remaining length left in config_strings + * the value is decremented as strings are stored + * + * This function prepares a n lws_context_creation_info struct with global + * settings from a file d. + * + * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled + */ +LWS_VISIBLE LWS_EXTERN int +lwsws_get_config_globals(struct lws_context_creation_info *info, const char *d, + char **config_strings, int *len); + +/** + * lwsws_get_config_vhosts() - Create vhosts from a JSON server config file + * \param context: pointer to result of lws_create_context() + * \param info: pointer to struct with parameters + * \param d: filepath of the config file + * \param config_strings: storage for the config strings extracted from JSON, + * the pointer is incremented as strings are stored + * \param len: pointer to the remaining length left in config_strings + * the value is decremented as strings are stored + * + * This function creates vhosts into a context according to the settings in + *JSON files found in directory d. + * + * Requires CMake option LWS_WITH_LEJP_CONF to have been enabled + */ +LWS_VISIBLE LWS_EXTERN int +lwsws_get_config_vhosts(struct lws_context *context, + struct lws_context_creation_info *info, const char *d, + char **config_strings, int *len); + +/** lws_vhost_get() - \deprecated deprecated: use lws_get_vhost() */ +LWS_VISIBLE LWS_EXTERN struct lws_vhost * +lws_vhost_get(struct lws *wsi) LWS_WARN_DEPRECATED; + +/** + * lws_get_vhost() - return the vhost a wsi belongs to + * + * \param wsi: which connection + */ +LWS_VISIBLE LWS_EXTERN struct lws_vhost * +lws_get_vhost(struct lws *wsi); + +/** + * lws_json_dump_vhost() - describe vhost state and stats in JSON + * + * \param vh: the vhost + * \param buf: buffer to fill with JSON + * \param len: max length of buf + */ +LWS_VISIBLE LWS_EXTERN int +lws_json_dump_vhost(const struct lws_vhost *vh, char *buf, int len); + +/** + * lws_json_dump_context() - describe context state and stats in JSON + * + * \param context: the context + * \param buf: buffer to fill with JSON + * \param len: max length of buf + */ +LWS_VISIBLE LWS_EXTERN int +lws_json_dump_context(const struct lws_context *context, char *buf, int len, + int hide_vhosts); + +/** + * lws_context_user() - get the user data associated with the context + * \param context: Websocket context + * + * This returns the optional user allocation that can be attached to + * the context the sockets live in at context_create time. It's a way + * to let all sockets serviced in the same context share data without + * using globals statics in the user code. + */ +LWS_VISIBLE LWS_EXTERN void * +lws_context_user(struct lws_context *context); + +/*! \defgroup vhost-mounts Vhost mounts and options + * \ingroup context-and-vhost-creation + * + * ##Vhost mounts and options + */ +///@{ +/** struct lws_protocol_vhost_options - linked list of per-vhost protocol + * name=value options + * + * This provides a general way to attach a linked-list of name=value pairs, + * which can also have an optional child link-list using the options member. + */ +struct lws_protocol_vhost_options { + const struct lws_protocol_vhost_options *next; /**< linked list */ + const struct lws_protocol_vhost_options *options; /**< child linked-list of more options for this node */ + const char *name; /**< name of name=value pair */ + const char *value; /**< value of name=value pair */ +}; + +/** enum lws_mount_protocols + * This specifies the mount protocol for a mountpoint, whether it is to be + * served from a filesystem, or it is a cgi etc. + */ +enum lws_mount_protocols { + LWSMPRO_HTTP = 0, /**< http reverse proxy */ + LWSMPRO_HTTPS = 1, /**< https reverse proxy */ + LWSMPRO_FILE = 2, /**< serve from filesystem directory */ + LWSMPRO_CGI = 3, /**< pass to CGI to handle */ + LWSMPRO_REDIR_HTTP = 4, /**< redirect to http:// url */ + LWSMPRO_REDIR_HTTPS = 5, /**< redirect to https:// url */ + LWSMPRO_CALLBACK = 6, /**< hand by named protocol's callback */ +}; + +/** struct lws_http_mount + * + * arguments for mounting something in a vhost's url namespace + */ +struct lws_http_mount { + const struct lws_http_mount *mount_next; + /**< pointer to next struct lws_http_mount */ + const char *mountpoint; + /**< mountpoint in http pathspace, eg, "/" */ + const char *origin; + /**< path to be mounted, eg, "/var/www/warmcat.com" */ + const char *def; + /**< default target, eg, "index.html" */ + const char *protocol; + /**<"protocol-name" to handle mount */ + + const struct lws_protocol_vhost_options *cgienv; + /**< optional linked-list of cgi options. These are created + * as environment variables for the cgi process + */ + const struct lws_protocol_vhost_options *extra_mimetypes; + /**< optional linked-list of mimetype mappings */ + const struct lws_protocol_vhost_options *interpret; + /**< optional linked-list of files to be interpreted */ + + int cgi_timeout; + /**< seconds cgi is allowed to live, if cgi://mount type */ + int cache_max_age; + /**< max-age for reuse of client cache of files, seconds */ + unsigned int auth_mask; + /**< bits set here must be set for authorized client session */ + + unsigned int cache_reusable:1; /**< set if client cache may reuse this */ + unsigned int cache_revalidate:1; /**< set if client cache should revalidate on use */ + unsigned int cache_intermediaries:1; /**< set if intermediaries are allowed to cache */ + + unsigned char origin_protocol; /**< one of enum lws_mount_protocols */ + unsigned char mountpoint_len; /**< length of mountpoint string */ + + const char *basic_auth_login_file; + /**revents will be zeroed now. + * + * If the socket is foreign to lws, it leaves revents alone. So you can + * see if you should service yourself by checking the pollfd revents + * after letting lws try to service it. + * + * You should also call this with pollfd = NULL to just allow the + * once-per-second global timeout checks; if less than a second since the last + * check it returns immediately then. + */ +LWS_VISIBLE LWS_EXTERN int +lws_service_fd(struct lws_context *context, struct lws_pollfd *pollfd); + +/** + * lws_service_fd_tsi() - Service polled socket in specific service thread + * \param context: Websocket context + * \param pollfd: The pollfd entry describing the socket fd and which events + * happened. + * \param tsi: thread service index + * + * Same as lws_service_fd() but used with multiple service threads + */ +LWS_VISIBLE LWS_EXTERN int +lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, + int tsi); + +/** + * lws_service_adjust_timeout() - Check for any connection needing forced service + * \param context: Websocket context + * \param timeout_ms: The original poll timeout value. You can just set this + * to 1 if you don't really have a poll timeout. + * \param tsi: thread service index + * + * Under some conditions connections may need service even though there is no + * pending network action on them, this is "forced service". For default + * poll() and libuv / libev, the library takes care of calling this and + * dealing with it for you. But for external poll() integration, you need + * access to the apis. + * + * If anybody needs "forced service", returned timeout is zero. In that case, + * you can call lws_service_tsi() with a timeout of -1 to only service + * guys who need forced service. + */ +LWS_VISIBLE LWS_EXTERN int +lws_service_adjust_timeout(struct lws_context *context, int timeout_ms, int tsi); + +/* Backwards compatibility */ +#define lws_plat_service_tsi lws_service_tsi + +LWS_VISIBLE LWS_EXTERN int +lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd); + +///@} + +/*! \defgroup http HTTP + + Modules related to handling HTTP +*/ +//@{ + +/*! \defgroup httpft HTTP File transfer + * \ingroup http + + APIs for sending local files in response to HTTP requests +*/ +//@{ + +/** + * lws_get_mimetype() - Determine mimetype to use from filename + * + * \param file: filename + * \param m: NULL, or mount context + * + * This uses a canned list of known filetypes first, if no match and m is + * non-NULL, then tries a list of per-mount file suffix to mimtype mappings. + * + * Returns either NULL or a pointer to the mimetype matching the file. + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_get_mimetype(const char *file, const struct lws_http_mount *m); + +/** + * lws_serve_http_file() - Send a file back to the client using http + * \param wsi: Websocket instance (available from user callback) + * \param file: The file to issue over http + * \param content_type: The http content type, eg, text/html + * \param other_headers: NULL or pointer to header string + * \param other_headers_len: length of the other headers if non-NULL + * + * This function is intended to be called from the callback in response + * to http requests from the client. It allows the callback to issue + * local files down the http link in a single step. + * + * Returning <0 indicates error and the wsi should be closed. Returning + * >0 indicates the file was completely sent and + * lws_http_transaction_completed() called on the wsi (and close if != 0) + * ==0 indicates the file transfer is started and needs more service later, + * the wsi should be left alone. + */ +LWS_VISIBLE LWS_EXTERN int +lws_serve_http_file(struct lws *wsi, const char *file, const char *content_type, + const char *other_headers, int other_headers_len); + +LWS_VISIBLE LWS_EXTERN int +lws_serve_http_file_fragment(struct lws *wsi); +//@} + +/*! \defgroup html-chunked-substitution HTML Chunked Substitution + * \ingroup http + * + * ##HTML chunked Substitution + * + * APIs for receiving chunks of text, replacing a set of variable names via + * a callback, and then prepending and appending HTML chunked encoding + * headers. + */ +//@{ + +enum http_status { + HTTP_STATUS_OK = 200, + HTTP_STATUS_NO_CONTENT = 204, + HTTP_STATUS_PARTIAL_CONTENT = 206, + + HTTP_STATUS_MOVED_PERMANENTLY = 301, + HTTP_STATUS_FOUND = 302, + HTTP_STATUS_SEE_OTHER = 303, + HTTP_STATUS_NOT_MODIFIED = 304, + + HTTP_STATUS_BAD_REQUEST = 400, + HTTP_STATUS_UNAUTHORIZED, + HTTP_STATUS_PAYMENT_REQUIRED, + HTTP_STATUS_FORBIDDEN, + HTTP_STATUS_NOT_FOUND, + HTTP_STATUS_METHOD_NOT_ALLOWED, + HTTP_STATUS_NOT_ACCEPTABLE, + HTTP_STATUS_PROXY_AUTH_REQUIRED, + HTTP_STATUS_REQUEST_TIMEOUT, + HTTP_STATUS_CONFLICT, + HTTP_STATUS_GONE, + HTTP_STATUS_LENGTH_REQUIRED, + HTTP_STATUS_PRECONDITION_FAILED, + HTTP_STATUS_REQ_ENTITY_TOO_LARGE, + HTTP_STATUS_REQ_URI_TOO_LONG, + HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE, + HTTP_STATUS_REQ_RANGE_NOT_SATISFIABLE, + HTTP_STATUS_EXPECTATION_FAILED, + + HTTP_STATUS_INTERNAL_SERVER_ERROR = 500, + HTTP_STATUS_NOT_IMPLEMENTED, + HTTP_STATUS_BAD_GATEWAY, + HTTP_STATUS_SERVICE_UNAVAILABLE, + HTTP_STATUS_GATEWAY_TIMEOUT, + HTTP_STATUS_HTTP_VERSION_NOT_SUPPORTED, +}; + +struct lws_process_html_args { + char *p; /**< pointer to the buffer containing the data */ + int len; /**< length of the original data at p */ + int max_len; /**< maximum length we can grow the data to */ + int final; /**< set if this is the last chunk of the file */ +}; + +typedef const char *(*lws_process_html_state_cb)(void *data, int index); + +struct lws_process_html_state { + char *start; /**< pointer to start of match */ + char swallow[16]; /**< matched character buffer */ + int pos; /**< position in match */ + void *data; /**< opaque pointer */ + const char * const *vars; /**< list of variable names */ + int count_vars; /**< count of variable names */ + + lws_process_html_state_cb replace; /**< called on match to perform substitution */ +}; + +/*! lws_chunked_html_process() - generic chunked substitution + * \param args: buffer to process using chunked encoding + * \param s: current processing state + */ +LWS_VISIBLE LWS_EXTERN int +lws_chunked_html_process(struct lws_process_html_args *args, + struct lws_process_html_state *s); +//@} + +/** \defgroup HTTP-headers-read HTTP headers: read + * \ingroup http + * + * ##HTTP header releated functions + * + * In lws the client http headers are temporarily stored in a pool, only for the + * duration of the http part of the handshake. It's because in most cases, + * the header content is ignored for the whole rest of the connection lifetime + * and would then just be taking up space needlessly. + * + * During LWS_CALLBACK_HTTP when the URI path is delivered is the last time + * the http headers are still allocated, you can use these apis then to + * look at and copy out interesting header content (cookies, etc) + * + * Notice that the header total length reported does not include a terminating + * '\0', however you must allocate for it when using the _copy apis. So the + * length reported for a header containing "123" is 3, but you must provide + * a buffer of length 4 so that "123\0" may be copied into it, or the copy + * will fail with a nonzero return code. + * + * In the special case of URL arguments, like ?x=1&y=2, the arguments are + * stored in a token named for the method, eg, WSI_TOKEN_GET_URI if it + * was a GET or WSI_TOKEN_POST_URI if POST. You can check the total + * length to confirm the method. + * + * For URL arguments, each argument is stored urldecoded in a "fragment", so + * you can use the fragment-aware api lws_hdr_copy_fragment() to access each + * argument in turn: the fragments contain urldecoded strings like x=1 or y=2. + * + * As a convenience, lws has an api that will find the fragment with a + * given name= part, lws_get_urlarg_by_name(). + */ +///@{ + +/** struct lws_tokens + * you need these to look at headers that have been parsed if using the + * LWS_CALLBACK_FILTER_CONNECTION callback. If a header from the enum + * list below is absent, .token = NULL and token_len = 0. Otherwise .token + * points to .token_len chars containing that header content. + */ +struct lws_tokens { + char *token; /**< pointer to start of the token */ + int token_len; /**< length of the token's value */ +}; + +/* enum lws_token_indexes + * these have to be kept in sync with lextable.h / minilex.c + * + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +enum lws_token_indexes { + WSI_TOKEN_GET_URI = 0, + WSI_TOKEN_POST_URI = 1, + WSI_TOKEN_OPTIONS_URI = 2, + WSI_TOKEN_HOST = 3, + WSI_TOKEN_CONNECTION = 4, + WSI_TOKEN_UPGRADE = 5, + WSI_TOKEN_ORIGIN = 6, + WSI_TOKEN_DRAFT = 7, + WSI_TOKEN_CHALLENGE = 8, + WSI_TOKEN_EXTENSIONS = 9, + WSI_TOKEN_KEY1 = 10, + WSI_TOKEN_KEY2 = 11, + WSI_TOKEN_PROTOCOL = 12, + WSI_TOKEN_ACCEPT = 13, + WSI_TOKEN_NONCE = 14, + WSI_TOKEN_HTTP = 15, + WSI_TOKEN_HTTP2_SETTINGS = 16, + WSI_TOKEN_HTTP_ACCEPT = 17, + WSI_TOKEN_HTTP_AC_REQUEST_HEADERS = 18, + WSI_TOKEN_HTTP_IF_MODIFIED_SINCE = 19, + WSI_TOKEN_HTTP_IF_NONE_MATCH = 20, + WSI_TOKEN_HTTP_ACCEPT_ENCODING = 21, + WSI_TOKEN_HTTP_ACCEPT_LANGUAGE = 22, + WSI_TOKEN_HTTP_PRAGMA = 23, + WSI_TOKEN_HTTP_CACHE_CONTROL = 24, + WSI_TOKEN_HTTP_AUTHORIZATION = 25, + WSI_TOKEN_HTTP_COOKIE = 26, + WSI_TOKEN_HTTP_CONTENT_LENGTH = 27, + WSI_TOKEN_HTTP_CONTENT_TYPE = 28, + WSI_TOKEN_HTTP_DATE = 29, + WSI_TOKEN_HTTP_RANGE = 30, + WSI_TOKEN_HTTP_REFERER = 31, + WSI_TOKEN_KEY = 32, + WSI_TOKEN_VERSION = 33, + WSI_TOKEN_SWORIGIN = 34, + + WSI_TOKEN_HTTP_COLON_AUTHORITY = 35, + WSI_TOKEN_HTTP_COLON_METHOD = 36, + WSI_TOKEN_HTTP_COLON_PATH = 37, + WSI_TOKEN_HTTP_COLON_SCHEME = 38, + WSI_TOKEN_HTTP_COLON_STATUS = 39, + + WSI_TOKEN_HTTP_ACCEPT_CHARSET = 40, + WSI_TOKEN_HTTP_ACCEPT_RANGES = 41, + WSI_TOKEN_HTTP_ACCESS_CONTROL_ALLOW_ORIGIN = 42, + WSI_TOKEN_HTTP_AGE = 43, + WSI_TOKEN_HTTP_ALLOW = 44, + WSI_TOKEN_HTTP_CONTENT_DISPOSITION = 45, + WSI_TOKEN_HTTP_CONTENT_ENCODING = 46, + WSI_TOKEN_HTTP_CONTENT_LANGUAGE = 47, + WSI_TOKEN_HTTP_CONTENT_LOCATION = 48, + WSI_TOKEN_HTTP_CONTENT_RANGE = 49, + WSI_TOKEN_HTTP_ETAG = 50, + WSI_TOKEN_HTTP_EXPECT = 51, + WSI_TOKEN_HTTP_EXPIRES = 52, + WSI_TOKEN_HTTP_FROM = 53, + WSI_TOKEN_HTTP_IF_MATCH = 54, + WSI_TOKEN_HTTP_IF_RANGE = 55, + WSI_TOKEN_HTTP_IF_UNMODIFIED_SINCE = 56, + WSI_TOKEN_HTTP_LAST_MODIFIED = 57, + WSI_TOKEN_HTTP_LINK = 58, + WSI_TOKEN_HTTP_LOCATION = 59, + WSI_TOKEN_HTTP_MAX_FORWARDS = 60, + WSI_TOKEN_HTTP_PROXY_AUTHENTICATE = 61, + WSI_TOKEN_HTTP_PROXY_AUTHORIZATION = 62, + WSI_TOKEN_HTTP_REFRESH = 63, + WSI_TOKEN_HTTP_RETRY_AFTER = 64, + WSI_TOKEN_HTTP_SERVER = 65, + WSI_TOKEN_HTTP_SET_COOKIE = 66, + WSI_TOKEN_HTTP_STRICT_TRANSPORT_SECURITY = 67, + WSI_TOKEN_HTTP_TRANSFER_ENCODING = 68, + WSI_TOKEN_HTTP_USER_AGENT = 69, + WSI_TOKEN_HTTP_VARY = 70, + WSI_TOKEN_HTTP_VIA = 71, + WSI_TOKEN_HTTP_WWW_AUTHENTICATE = 72, + + WSI_TOKEN_PATCH_URI = 73, + WSI_TOKEN_PUT_URI = 74, + WSI_TOKEN_DELETE_URI = 75, + + WSI_TOKEN_HTTP_URI_ARGS = 76, + WSI_TOKEN_PROXY = 77, + WSI_TOKEN_HTTP_X_REAL_IP = 78, + WSI_TOKEN_HTTP1_0 = 79, + WSI_TOKEN_X_FORWARDED_FOR = 80, + WSI_TOKEN_CONNECT = 81, + /****** add new things just above ---^ ******/ + + /* use token storage to stash these internally, not for + * user use */ + + _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, + _WSI_TOKEN_CLIENT_PEER_ADDRESS, + _WSI_TOKEN_CLIENT_URI, + _WSI_TOKEN_CLIENT_HOST, + _WSI_TOKEN_CLIENT_ORIGIN, + _WSI_TOKEN_CLIENT_METHOD, + _WSI_TOKEN_CLIENT_IFACE, + + /* always last real token index*/ + WSI_TOKEN_COUNT, + + /* parser state additions, no storage associated */ + WSI_TOKEN_NAME_PART, + WSI_TOKEN_SKIPPING, + WSI_TOKEN_SKIPPING_SAW_CR, + WSI_PARSING_COMPLETE, + WSI_INIT_TOKEN_MUXURL, +}; + +struct lws_token_limits { + unsigned short token_limit[WSI_TOKEN_COUNT]; /**< max chars for this token */ +}; + +/** + * lws_token_to_string() - returns a textual representation of a hdr token index + * + * \param: token index + */ +LWS_VISIBLE LWS_EXTERN const unsigned char * +lws_token_to_string(enum lws_token_indexes token); + + +/** + * lws_hdr_total_length: report length of all fragments of a header totalled up + * The returned length does not include the space for a + * terminating '\0' + * + * \param wsi: websocket connection + * \param h: which header index we are interested in + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h); + +/** + * lws_hdr_fragment_length: report length of a single fragment of a header + * The returned length does not include the space for a + * terminating '\0' + * + * \param wsi: websocket connection + * \param h: which header index we are interested in + * \param frag_idx: which fragment of h we want to get the length of + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, int frag_idx); + +/** + * lws_hdr_copy() - copy a single fragment of the given header to a buffer + * The buffer length len must include space for an additional + * terminating '\0', or it will fail returning -1. + * + * \param wsi: websocket connection + * \param dest: destination buffer + * \param len: length of destination buffer + * \param h: which header index we are interested in + * + * copies the whole, aggregated header, even if it was delivered in + * several actual headers piece by piece + */ +LWS_VISIBLE LWS_EXTERN int +lws_hdr_copy(struct lws *wsi, char *dest, int len, enum lws_token_indexes h); + +/** + * lws_hdr_copy_fragment() - copy a single fragment of the given header to a buffer + * The buffer length len must include space for an additional + * terminating '\0', or it will fail returning -1. + * If the requested fragment index is not present, it fails + * returning -1. + * + * \param wsi: websocket connection + * \param dest: destination buffer + * \param len: length of destination buffer + * \param h: which header index we are interested in + * \param frag_idx: which fragment of h we want to copy + * + * Normally this is only useful + * to parse URI arguments like ?x=1&y=2, token index WSI_TOKEN_HTTP_URI_ARGS + * fragment 0 will contain "x=1" and fragment 1 "y=2" + */ +LWS_VISIBLE LWS_EXTERN int +lws_hdr_copy_fragment(struct lws *wsi, char *dest, int len, + enum lws_token_indexes h, int frag_idx); + +/** + * lws_get_urlarg_by_name() - return pointer to arg value if present + * \param wsi: the connection to check + * \param name: the arg name, like "token=" + * \param buf: the buffer to receive the urlarg (including the name= part) + * \param len: the length of the buffer to receive the urlarg + * + * Returns NULL if not found or a pointer inside buf to just after the + * name= part. + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_get_urlarg_by_name(struct lws *wsi, const char *name, char *buf, int len); +///@} + +/*! \defgroup HTTP-headers-create HTTP headers: create + * + * ## HTTP headers: Create + * + * These apis allow you to create HTTP response headers in a way compatible with + * both HTTP/1.x and HTTP/2. + * + * They each append to a buffer taking care about the buffer end, which is + * passed in as a pointer. When data is written to the buffer, the current + * position p is updated accordingly. + * + * All of these apis are LWS_WARN_UNUSED_RESULT as they can run out of space + * and fail with nonzero return. + */ +///@{ + +#define LWSAHH_CODE_MASK ((1 << 16) - 1) +#define LWSAHH_FLAG_NO_SERVER_NAME (1 << 30) + +/** + * lws_add_http_header_status() - add the HTTP response status code + * + * \param wsi: the connection to check + * \param code: an HTTP code like 200, 404 etc (see enum http_status) + * \param p: pointer to current position in buffer pointer + * \param end: pointer to end of buffer + * + * Adds the initial response code, so should be called first. + * + * Code may additionally take OR'd flags: + * + * LWSAHH_FLAG_NO_SERVER_NAME: don't apply server name header this time + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_add_http_header_status(struct lws *wsi, + unsigned int code, unsigned char **p, + unsigned char *end); +/** + * lws_add_http_header_by_name() - append named header and value + * + * \param wsi: the connection to check + * \param name: the hdr name, like "my-header" + * \param value: the value after the = for this header + * \param length: the length of the value + * \param p: pointer to current position in buffer pointer + * \param end: pointer to end of buffer + * + * Appends name: value to the headers + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_add_http_header_by_name(struct lws *wsi, const unsigned char *name, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end); +/** + * lws_add_http_header_by_token() - append given header and value + * + * \param wsi: the connection to check + * \param token: the token index for the hdr + * \param value: the value after the = for this header + * \param length: the length of the value + * \param p: pointer to current position in buffer pointer + * \param end: pointer to end of buffer + * + * Appends name=value to the headers, but is able to take advantage of better + * HTTP/2 coding mechanisms where possible. + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_add_http_header_by_token(struct lws *wsi, enum lws_token_indexes token, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end); +/** + * lws_add_http_header_content_length() - append content-length helper + * + * \param wsi: the connection to check + * \param content_length: the content length to use + * \param p: pointer to current position in buffer pointer + * \param end: pointer to end of buffer + * + * Appends content-length: content_length to the headers + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_add_http_header_content_length(struct lws *wsi, + lws_filepos_t content_length, + unsigned char **p, unsigned char *end); +/** + * lws_finalize_http_header() - terminate header block + * + * \param wsi: the connection to check + * \param p: pointer to current position in buffer pointer + * \param end: pointer to end of buffer + * + * Indicates no more headers will be added + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_finalize_http_header(struct lws *wsi, unsigned char **p, + unsigned char *end); +///@} + +/** \defgroup form-parsing Form Parsing + * \ingroup http + * ##POSTed form parsing functions + * + * These lws_spa (stateful post arguments) apis let you parse and urldecode + * POSTed form arguments, both using simple urlencoded and multipart transfer + * encoding. + * + * It's capable of handling file uploads as well a named input parsing, + * and the apis are the same for both form upload styles. + * + * You feed it a list of parameter names and it creates pointers to the + * urldecoded arguments: file upload parameters pass the file data in chunks to + * a user-supplied callback as they come. + * + * Since it's stateful, it handles the incoming data needing more than one + * POST_BODY callback and has no limit on uploaded file size. + */ +///@{ + +/** enum lws_spa_fileupload_states */ +enum lws_spa_fileupload_states { + LWS_UFS_CONTENT, + /**< a chunk of file content has arrived */ + LWS_UFS_FINAL_CONTENT, + /**< the last chunk (possibly zero length) of file content has arrived */ + LWS_UFS_OPEN + /**< a new file is starting to arrive */ +}; + +/** + * lws_spa_fileupload_cb() - callback to receive file upload data + * + * \param data: opt_data pointer set in lws_spa_create + * \param name: name of the form field being uploaded + * \param filename: original filename from client + * \param buf: start of data to receive + * \param len: length of data to receive + * \param state: information about how this call relates to file + * + * Notice name and filename shouldn't be trusted, as they are passed from + * HTTP provided by the client. + */ +typedef int (*lws_spa_fileupload_cb)(void *data, const char *name, + const char *filename, char *buf, int len, + enum lws_spa_fileupload_states state); + +/** struct lws_spa - opaque urldecode parser capable of handling multipart + * and file uploads */ +struct lws_spa; + +/** + * lws_spa_create() - create urldecode parser + * + * \param wsi: lws connection (used to find Content Type) + * \param param_names: array of form parameter names, like "username" + * \param count_params: count of param_names + * \param max_storage: total amount of form parameter values we can store + * \param opt_cb: NULL, or callback to receive file upload data. + * \param opt_data: NULL, or user pointer provided to opt_cb. + * + * Creates a urldecode parser and initializes it. + * + * opt_cb can be NULL if you just want normal name=value parsing, however + * if one or more entries in your form are bulk data (file transfer), you + * can provide this callback and filter on the name callback parameter to + * treat that urldecoded data separately. The callback should return -1 + * in case of fatal error, and 0 if OK. + */ +LWS_VISIBLE LWS_EXTERN struct lws_spa * +lws_spa_create(struct lws *wsi, const char * const *param_names, + int count_params, int max_storage, lws_spa_fileupload_cb opt_cb, + void *opt_data); + +/** + * lws_spa_process() - parses a chunk of input data + * + * \param spa: the parser object previously created + * \param in: incoming, urlencoded data + * \param len: count of bytes valid at \param in + */ +LWS_VISIBLE LWS_EXTERN int +lws_spa_process(struct lws_spa *spa, const char *in, int len); + +/** + * lws_spa_finalize() - indicate incoming data completed + * + * \param spa: the parser object previously created + */ +LWS_VISIBLE LWS_EXTERN int +lws_spa_finalize(struct lws_spa *spa); + +/** + * lws_spa_get_length() - return length of parameter value + * + * \param spa: the parser object previously created + * \param n: parameter ordinal to return length of value for + */ +LWS_VISIBLE LWS_EXTERN int +lws_spa_get_length(struct lws_spa *spa, int n); + +/** + * lws_spa_get_string() - return pointer to parameter value + * \param spa: the parser object previously created + * \param n: parameter ordinal to return pointer to value for + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_spa_get_string(struct lws_spa *spa, int n); + +/** + * lws_spa_destroy() - destroy parser object + * + * \param spa: the parser object previously created + */ +LWS_VISIBLE LWS_EXTERN int +lws_spa_destroy(struct lws_spa *spa); +///@} + +/*! \defgroup urlendec Urlencode and Urldecode + * \ingroup http + * + * ##HTML chunked Substitution + * + * APIs for receiving chunks of text, replacing a set of variable names via + * a callback, and then prepending and appending HTML chunked encoding + * headers. + */ +//@{ + +/** + * lws_urlencode() - like strncpy but with urlencoding + * + * \param escaped: output buffer + * \param string: input buffer ('/0' terminated) + * \param len: output buffer max length + * + * Because urlencoding expands the output string, it's not + * possible to do it in-place, ie, with escaped == string + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_urlencode(char *escaped, const char *string, int len); + +/* + * URLDECODE 1 / 2 + * + * This simple urldecode only operates until the first '\0' and requires the + * data to exist all at once + */ +/** + * lws_urldecode() - like strncpy but with urldecoding + * + * \param string: output buffer + * \param escaped: input buffer ('\0' terminated) + * \param len: output buffer max length + * + * This is only useful for '\0' terminated strings + * + * Since urldecoding only shrinks the output string, it is possible to + * do it in-place, ie, string == escaped + */ +LWS_VISIBLE LWS_EXTERN int +lws_urldecode(char *string, const char *escaped, int len); +///@} +/** + * lws_return_http_status() - Return simple http status + * \param wsi: Websocket instance (available from user callback) + * \param code: Status index, eg, 404 + * \param html_body: User-readable HTML description < 1KB, or NULL + * + * Helper to report HTTP errors back to the client cleanly and + * consistently + */ +LWS_VISIBLE LWS_EXTERN int +lws_return_http_status(struct lws *wsi, unsigned int code, + const char *html_body); + +/** + * lws_http_redirect() - write http redirect into buffer + * + * \param wsi: websocket connection + * \param code: HTTP response code (eg, 301) + * \param loc: where to redirect to + * \param len: length of loc + * \param p: pointer current position in buffer (updated as we write) + * \param end: pointer to end of buffer + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_http_redirect(struct lws *wsi, int code, const unsigned char *loc, int len, + unsigned char **p, unsigned char *end); + +/** + * lws_http_transaction_completed() - wait for new http transaction or close + * \param wsi: websocket connection + * + * Returns 1 if the HTTP connection must close now + * Returns 0 and resets connection to wait for new HTTP header / + * transaction if possible + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_http_transaction_completed(struct lws *wsi); +///@} + +/*! \defgroup pur Sanitize / purify SQL and JSON helpers + * + * ##Sanitize / purify SQL and JSON helpers + * + * APIs for escaping untrusted JSON and SQL safely before use + */ +//@{ + +/** + * lws_sql_purify() - like strncpy but with escaping for sql quotes + * + * \param escaped: output buffer + * \param string: input buffer ('/0' terminated) + * \param len: output buffer max length + * + * Because escaping expands the output string, it's not + * possible to do it in-place, ie, with escaped == string + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_sql_purify(char *escaped, const char *string, int len); + +/** + * lws_json_purify() - like strncpy but with escaping for json chars + * + * \param escaped: output buffer + * \param string: input buffer ('/0' terminated) + * \param len: output buffer max length + * + * Because escaping expands the output string, it's not + * possible to do it in-place, ie, with escaped == string + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_json_purify(char *escaped, const char *string, int len); +///@} + +/*! \defgroup ev libev helpers + * + * ##libev helpers + * + * APIs specific to libev event loop itegration + */ +///@{ + +#ifdef LWS_USE_LIBEV +typedef void (lws_ev_signal_cb_t)(EV_P_ struct ev_signal *w, int revents); + +LWS_VISIBLE LWS_EXTERN int +lws_ev_sigint_cfg(struct lws_context *context, int use_ev_sigint, + lws_ev_signal_cb_t *cb); + +LWS_VISIBLE LWS_EXTERN int +lws_ev_initloop(struct lws_context *context, struct ev_loop *loop, int tsi); + +LWS_VISIBLE LWS_EXTERN void +lws_ev_sigint_cb(struct ev_loop *loop, struct ev_signal *watcher, int revents); +#endif /* LWS_USE_LIBEV */ + +///@} + +/*! \defgroup uv libuv helpers + * + * ##libuv helpers + * + * APIs specific to libuv event loop itegration + */ +///@{ +#ifdef LWS_USE_LIBUV +LWS_VISIBLE LWS_EXTERN int +lws_uv_sigint_cfg(struct lws_context *context, int use_uv_sigint, + uv_signal_cb cb); + +LWS_VISIBLE LWS_EXTERN void +lws_libuv_run(const struct lws_context *context, int tsi); + +LWS_VISIBLE LWS_EXTERN void +lws_libuv_stop(struct lws_context *context); + +LWS_VISIBLE LWS_EXTERN void +lws_libuv_stop_without_kill(const struct lws_context *context, int tsi); + +LWS_VISIBLE LWS_EXTERN int +lws_uv_initloop(struct lws_context *context, uv_loop_t *loop, int tsi); + +LWS_VISIBLE LWS_EXTERN uv_loop_t * +lws_uv_getloop(struct lws_context *context, int tsi); + +LWS_VISIBLE LWS_EXTERN void +lws_uv_sigint_cb(uv_signal_t *watcher, int signum); + +LWS_VISIBLE LWS_EXTERN void +lws_close_all_handles_in_loop(uv_loop_t *loop); +#endif /* LWS_USE_LIBUV */ +///@} + +/*! \defgroup event libevent helpers + * + * ##libevent helpers + * + * APIs specific to libevent event loop itegration + */ +///@{ + +#ifdef LWS_USE_LIBEVENT +typedef void (lws_event_signal_cb_t) (evutil_socket_t sock_fd, short revents, + void *ctx); + +LWS_VISIBLE LWS_EXTERN int +lws_event_sigint_cfg(struct lws_context *context, int use_event_sigint, + lws_event_signal_cb_t cb); + +LWS_VISIBLE LWS_EXTERN int +lws_event_initloop(struct lws_context *context, struct event_base *loop, + int tsi); + +LWS_VISIBLE LWS_EXTERN void +lws_event_sigint_cb(evutil_socket_t sock_fd, short revents, + void *ctx); +#endif /* LWS_USE_LIBEVENT */ + +///@} + +/*! \defgroup timeout Connection timeouts + + APIs related to setting connection timeouts +*/ +//@{ + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +enum pending_timeout { + NO_PENDING_TIMEOUT = 0, + PENDING_TIMEOUT_AWAITING_PROXY_RESPONSE = 1, + PENDING_TIMEOUT_AWAITING_CONNECT_RESPONSE = 2, + PENDING_TIMEOUT_ESTABLISH_WITH_SERVER = 3, + PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE = 4, + PENDING_TIMEOUT_AWAITING_PING = 5, + PENDING_TIMEOUT_CLOSE_ACK = 6, + PENDING_TIMEOUT_AWAITING_EXTENSION_CONNECT_RESPONSE = 7, + PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE = 8, + PENDING_TIMEOUT_SSL_ACCEPT = 9, + PENDING_TIMEOUT_HTTP_CONTENT = 10, + PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND = 11, + PENDING_FLUSH_STORED_SEND_BEFORE_CLOSE = 12, + PENDING_TIMEOUT_SHUTDOWN_FLUSH = 13, + PENDING_TIMEOUT_CGI = 14, + PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE = 15, + PENDING_TIMEOUT_WS_PONG_CHECK_SEND_PING = 16, + PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG = 17, + PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD = 18, + PENDING_TIMEOUT_AWAITING_SOCKS_GREETING_REPLY = 19, + PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY = 20, + PENDING_TIMEOUT_AWAITING_SOCKS_AUTH_REPLY = 21, + PENDING_TIMEOUT_KILLED_BY_SSL_INFO = 22, + PENDING_TIMEOUT_KILLED_BY_PARENT = 23, + PENDING_TIMEOUT_CLOSE_SEND = 24, + PENDING_TIMEOUT_HOLDING_AH = 25, + + /****** add new things just above ---^ ******/ +}; + +#define LWS_TO_KILL_ASYNC -1 +/**< If LWS_TO_KILL_ASYNC is given as the timeout sec in a lws_set_timeout() + * call, then the connection is marked to be killed at the next timeout + * check. This is how you should force-close the wsi being serviced if + * you are doing it outside the callback (where you should close by nonzero + * return). + */ +#define LWS_TO_KILL_SYNC -2 +/**< If LWS_TO_KILL_SYNC is given as the timeout sec in a lws_set_timeout() + * call, then the connection is closed before returning (which may delete + * the wsi). This should only be used where the wsi being closed is not the + * wsi currently being serviced. + */ +/** + * lws_set_timeout() - marks the wsi as subject to a timeout + * + * You will not need this unless you are doing something special + * + * \param wsi: Websocket connection instance + * \param reason: timeout reason + * \param secs: how many seconds. You may set to LWS_TO_KILL_ASYNC to + * force the connection to timeout at the next opportunity, or + * LWS_TO_KILL_SYNC to close it synchronously if you know the + * wsi is not the one currently being serviced. + */ +LWS_VISIBLE LWS_EXTERN void +lws_set_timeout(struct lws *wsi, enum pending_timeout reason, int secs); +///@} + +/*! \defgroup sending-data Sending data + + APIs related to writing data on a connection +*/ +//@{ +#if !defined(LWS_SIZEOFPTR) +#define LWS_SIZEOFPTR (sizeof (void *)) +#endif +#if !defined(u_int64_t) +#define u_int64_t unsigned long long +#endif + +#if defined(__x86_64__) +#define _LWS_PAD_SIZE 16 /* Intel recommended for best performance */ +#else +#define _LWS_PAD_SIZE LWS_SIZEOFPTR /* Size of a pointer on the target arch */ +#endif +#define _LWS_PAD(n) (((n) % _LWS_PAD_SIZE) ? \ + ((n) + (_LWS_PAD_SIZE - ((n) % _LWS_PAD_SIZE))) : (n)) +/* last 2 is for lws-meta */ +#define LWS_PRE _LWS_PAD(4 + 10 + 2) +/* used prior to 1.7 and retained for backward compatibility */ +#define LWS_SEND_BUFFER_PRE_PADDING LWS_PRE +#define LWS_SEND_BUFFER_POST_PADDING 0 + +/* + * NOTE: These public enums are part of the abi. If you want to add one, + * add it at where specified so existing users are unaffected. + */ +enum lws_write_protocol { + LWS_WRITE_TEXT = 0, + /**< Send a ws TEXT message,the pointer must have LWS_PRE valid + * memory behind it. The receiver expects only valid utf-8 in the + * payload */ + LWS_WRITE_BINARY = 1, + /**< Send a ws BINARY message, the pointer must have LWS_PRE valid + * memory behind it. Any sequence of bytes is valid */ + LWS_WRITE_CONTINUATION = 2, + /**< Continue a previous ws message, the pointer must have LWS_PRE valid + * memory behind it */ + LWS_WRITE_HTTP = 3, + /**< Send HTTP content */ + + /* LWS_WRITE_CLOSE is handled by lws_close_reason() */ + LWS_WRITE_PING = 5, + LWS_WRITE_PONG = 6, + + /* Same as write_http but we know this write ends the transaction */ + LWS_WRITE_HTTP_FINAL = 7, + + /* HTTP2 */ + + LWS_WRITE_HTTP_HEADERS = 8, + /**< Send http headers (http2 encodes this payload and LWS_WRITE_HTTP + * payload differently, http 1.x links also handle this correctly. so + * to be compatible with both in the future,header response part should + * be sent using this regardless of http version expected) + */ + + /****** add new things just above ---^ ******/ + + /* flags */ + + LWS_WRITE_NO_FIN = 0x40, + /**< This part of the message is not the end of the message */ + + LWS_WRITE_CLIENT_IGNORE_XOR_MASK = 0x80 + /**< client packet payload goes out on wire unmunged + * only useful for security tests since normal servers cannot + * decode the content if used */ +}; + +/* used with LWS_CALLBACK_CHILD_WRITE_VIA_PARENT */ + +struct lws_write_passthru { + struct lws *wsi; + unsigned char *buf; + size_t len; + enum lws_write_protocol wp; +}; + + +/** + * lws_write() - Apply protocol then write data to client + * \param wsi: Websocket instance (available from user callback) + * \param buf: The data to send. For data being sent on a websocket + * connection (ie, not default http), this buffer MUST have + * LWS_PRE bytes valid BEFORE the pointer. + * This is so the protocol header data can be added in-situ. + * \param len: Count of the data bytes in the payload starting from buf + * \param protocol: Use LWS_WRITE_HTTP to reply to an http connection, and one + * of LWS_WRITE_BINARY or LWS_WRITE_TEXT to send appropriate + * data on a websockets connection. Remember to allow the extra + * bytes before and after buf if LWS_WRITE_BINARY or LWS_WRITE_TEXT + * are used. + * + * This function provides the way to issue data back to the client + * for both http and websocket protocols. + * + * IMPORTANT NOTICE! + * + * When sending with websocket protocol + * + * LWS_WRITE_TEXT, + * LWS_WRITE_BINARY, + * LWS_WRITE_CONTINUATION, + * LWS_WRITE_PING, + * LWS_WRITE_PONG + * + * the send buffer has to have LWS_PRE bytes valid BEFORE + * the buffer pointer you pass to lws_write(). + * + * This allows us to add protocol info before and after the data, and send as + * one packet on the network without payload copying, for maximum efficiency. + * + * So for example you need this kind of code to use lws_write with a + * 128-byte payload + * + * char buf[LWS_PRE + 128]; + * + * // fill your part of the buffer... for example here it's all zeros + * memset(&buf[LWS_PRE], 0, 128); + * + * lws_write(wsi, &buf[LWS_PRE], 128, LWS_WRITE_TEXT); + * + * When sending HTTP, with + * + * LWS_WRITE_HTTP, + * LWS_WRITE_HTTP_HEADERS + * LWS_WRITE_HTTP_FINAL + * + * there is no protocol data prepended, and don't need to take care about the + * LWS_PRE bytes valid before the buffer pointer. + * + * LWS_PRE is at least the frame nonce + 2 header + 8 length + * LWS_SEND_BUFFER_POST_PADDING is deprecated, it's now 0 and can be left off. + * The example apps no longer use it. + * + * Pad LWS_PRE to the CPU word size, so that word references + * to the address immediately after the padding won't cause an unaligned access + * error. Sometimes for performance reasons the recommended padding is even + * larger than sizeof(void *). + * + * In the case of sending using websocket protocol, be sure to allocate + * valid storage before and after buf as explained above. This scheme + * allows maximum efficiency of sending data and protocol in a single + * packet while not burdening the user code with any protocol knowledge. + * + * Return may be -1 for a fatal error needing connection close, or the + * number of bytes sent. + * + * Truncated Writes + * ================ + * + * The OS may not accept everything you asked to write on the connection. + * + * Posix defines POLLOUT indication from poll() to show that the connection + * will accept more write data, but it doesn't specifiy how much. It may just + * accept one byte of whatever you wanted to send. + * + * LWS will buffer the remainder automatically, and send it out autonomously. + * + * During that time, WRITABLE callbacks will be suppressed. + * + * This is to handle corner cases where unexpectedly the OS refuses what we + * usually expect it to accept. You should try to send in chunks that are + * almost always accepted in order to avoid the inefficiency of the buffering. + */ +LWS_VISIBLE LWS_EXTERN int +lws_write(struct lws *wsi, unsigned char *buf, size_t len, + enum lws_write_protocol protocol); + +/* helper for case where buffer may be const */ +#define lws_write_http(wsi, buf, len) \ + lws_write(wsi, (unsigned char *)(buf), len, LWS_WRITE_HTTP) +///@} + +/** \defgroup callback-when-writeable Callback when writeable + * + * ##Callback When Writeable + * + * lws can only write data on a connection when it is able to accept more + * data without blocking. + * + * So a basic requirement is we should only use the lws_write() apis when the + * connection we want to write on says that he can accept more data. + * + * When lws cannot complete your send at the time, it will buffer the data + * and send it in the background, suppressing any further WRITEABLE callbacks + * on that connection until it completes. So it is important to write new + * things in a new writeable callback. + * + * These apis reflect the various ways we can indicate we would like to be + * called back when one or more connections is writeable. + */ +///@{ + +/** + * lws_callback_on_writable() - Request a callback when this socket + * becomes able to be written to without + * blocking + * + * \param wsi: Websocket connection instance to get callback for + * + * - Which: only this wsi + * - When: when the individual connection becomes writeable + * - What: LWS_CALLBACK_*_WRITEABLE + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_on_writable(struct lws *wsi); + +/** + * lws_callback_on_writable_all_protocol() - Request a callback for all + * connections using the given protocol when it + * becomes possible to write to each socket without + * blocking in turn. + * + * \param context: lws_context + * \param protocol: Protocol whose connections will get callbacks + * + * - Which: connections using this protocol on ANY VHOST + * - When: when the individual connection becomes writeable + * - What: LWS_CALLBACK_*_WRITEABLE + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_on_writable_all_protocol(const struct lws_context *context, + const struct lws_protocols *protocol); + +/** + * lws_callback_on_writable_all_protocol_vhost() - Request a callback for + * all connections on same vhost using the given protocol + * when it becomes possible to write to each socket without + * blocking in turn. + * + * \param vhost: Only consider connections on this lws_vhost + * \param protocol: Protocol whose connections will get callbacks + * + * - Which: connections using this protocol on GIVEN VHOST ONLY + * - When: when the individual connection becomes writeable + * - What: LWS_CALLBACK_*_WRITEABLE + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_on_writable_all_protocol_vhost(const struct lws_vhost *vhost, + const struct lws_protocols *protocol); + +/** + * lws_callback_all_protocol() - Callback all connections using + * the given protocol with the given reason + * + * \param context: lws_context + * \param protocol: Protocol whose connections will get callbacks + * \param reason: Callback reason index + * + * - Which: connections using this protocol on ALL VHOSTS + * - When: before returning + * - What: reason + * + * This isn't normally what you want... normally any update of connection- + * specific information can wait until a network-related callback like rx, + * writable, or close. + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_all_protocol(struct lws_context *context, + const struct lws_protocols *protocol, int reason); + +/** + * lws_callback_all_protocol_vhost() - Callback all connections using + * the given protocol with the given reason + * + * \param vh: Vhost whose connections will get callbacks + * \param protocol: Which protocol to match + * \param reason: Callback reason index + * + * - Which: connections using this protocol on GIVEN VHOST ONLY + * - When: now + * - What: reason + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_all_protocol_vhost(struct lws_vhost *vh, + const struct lws_protocols *protocol, int reason); + +/** + * lws_callback_vhost_protocols() - Callback all protocols enabled on a vhost + * with the given reason + * + * \param wsi: wsi whose vhost will get callbacks + * \param reason: Callback reason index + * \param in: in argument to callback + * \param len: len argument to callback + * + * - Which: connections using this protocol on same VHOST as wsi ONLY + * - When: now + * - What: reason + */ +LWS_VISIBLE LWS_EXTERN int +lws_callback_vhost_protocols(struct lws *wsi, int reason, void *in, int len); + +LWS_VISIBLE LWS_EXTERN int +lws_callback_http_dummy(struct lws *wsi, enum lws_callback_reasons reason, + void *user, void *in, size_t len); + +/** + * lws_get_socket_fd() - returns the socket file descriptor + * + * You will not need this unless you are doing something special + * + * \param wsi: Websocket connection instance + */ +LWS_VISIBLE LWS_EXTERN int +lws_get_socket_fd(struct lws *wsi); + +/** + * lws_get_peer_write_allowance() - get the amount of data writeable to peer + * if known + * + * \param wsi: Websocket connection instance + * + * if the protocol does not have any guidance, returns -1. Currently only + * http2 connections get send window information from this API. But your code + * should use it so it can work properly with any protocol. + * + * If nonzero return is the amount of payload data the peer or intermediary has + * reported it has buffer space for. That has NO relationship with the amount + * of buffer space your OS can accept on this connection for a write action. + * + * This number represents the maximum you could send to the peer or intermediary + * on this connection right now without the protocol complaining. + * + * lws manages accounting for send window updates and payload writes + * automatically, so this number reflects the situation at the peer or + * intermediary dynamically. + */ +LWS_VISIBLE LWS_EXTERN size_t +lws_get_peer_write_allowance(struct lws *wsi); +///@} + +/** + * lws_rx_flow_control() - Enable and disable socket servicing for + * received packets. + * + * If the output side of a server process becomes choked, this allows flow + * control for the input side. + * + * \param wsi: Websocket connection instance to get callback for + * \param enable: 0 = disable read servicing for this connection, 1 = enable + */ +LWS_VISIBLE LWS_EXTERN int +lws_rx_flow_control(struct lws *wsi, int enable); + +/** + * lws_rx_flow_allow_all_protocol() - Allow all connections with this protocol to receive + * + * When the user server code realizes it can accept more input, it can + * call this to have the RX flow restriction removed from all connections using + * the given protocol. + * \param context: lws_context + * \param protocol: all connections using this protocol will be allowed to receive + */ +LWS_VISIBLE LWS_EXTERN void +lws_rx_flow_allow_all_protocol(const struct lws_context *context, + const struct lws_protocols *protocol); + +/** + * lws_remaining_packet_payload() - Bytes to come before "overall" + * rx packet is complete + * \param wsi: Websocket instance (available from user callback) + * + * This function is intended to be called from the callback if the + * user code is interested in "complete packets" from the client. + * libwebsockets just passes through payload as it comes and issues a buffer + * additionally when it hits a built-in limit. The LWS_CALLBACK_RECEIVE + * callback handler can use this API to find out if the buffer it has just + * been given is the last piece of a "complete packet" from the client -- + * when that is the case lws_remaining_packet_payload() will return + * 0. + * + * Many protocols won't care becuse their packets are always small. + */ +LWS_VISIBLE LWS_EXTERN size_t +lws_remaining_packet_payload(struct lws *wsi); + + +/** \defgroup sock-adopt Socket adoption helpers + * ##Socket adoption helpers + * + * When integrating with an external app with its own event loop, these can + * be used to accept connections from someone else's listening socket. + * + * When using lws own event loop, these are not needed. + */ +///@{ + +/** + * lws_adopt_socket() - adopt foreign socket as if listen socket accepted it + * for the default vhost of context. + * \param context: lws context + * \param accept_fd: fd of already-accepted socket to adopt + * + * Either returns new wsi bound to accept_fd, or closes accept_fd and + * returns NULL, having cleaned up any new wsi pieces. + * + * LWS adopts the socket in http serving mode, it's ready to accept an upgrade + * to ws or just serve http. + */ +LWS_VISIBLE LWS_EXTERN struct lws * +lws_adopt_socket(struct lws_context *context, lws_sockfd_type accept_fd); +/** + * lws_adopt_socket_vhost() - adopt foreign socket as if listen socket accepted it + * for vhost + * \param vhost: lws vhost + * \param accept_fd: fd of already-accepted socket to adopt + * + * Either returns new wsi bound to accept_fd, or closes accept_fd and + * returns NULL, having cleaned up any new wsi pieces. + * + * LWS adopts the socket in http serving mode, it's ready to accept an upgrade + * to ws or just serve http. + */ +LWS_VISIBLE LWS_EXTERN struct lws * +lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd); + +typedef enum { + LWS_ADOPT_RAW_FILE_DESC = 0, /* convenience constant */ + LWS_ADOPT_HTTP = 1, /* flag: absent implies RAW */ + LWS_ADOPT_SOCKET = 2, /* flag: absent implies file descr */ + LWS_ADOPT_ALLOW_SSL = 4, /* flag: if set requires LWS_ADOPT_SOCKET */ + LWS_ADOPT_WS_PARENTIO = 8, /* flag: ws mode parent handles IO + * if given must be only flag + * wsi put directly into ws mode + */ +} lws_adoption_type; + +typedef union { + lws_sockfd_type sockfd; + lws_filefd_type filefd; +} lws_sock_file_fd_type; + +/* +* lws_adopt_descriptor_vhost() - adopt foreign socket or file descriptor +* if socket descriptor, should already have been accepted from listen socket +* +* \param vhost: lws vhost +* \param type: OR-ed combinations of lws_adoption_type flags +* \param fd: union with either .sockfd or .filefd set +* \param vh_prot_name: NULL or vh protocol name to bind raw connection to +* \param parent: NULL or struct lws to attach new_wsi to as a child +* +* Either returns new wsi bound to accept_fd, or closes accept_fd and +* returns NULL, having cleaned up any new wsi pieces. +* +* If LWS_ADOPT_SOCKET is set, LWS adopts the socket in http serving mode, it's +* ready to accept an upgrade to ws or just serve http. +* +* parent may be NULL, if given it should be an existing wsi that will become the +* parent of the new wsi created by this call. +*/ +LWS_VISIBLE LWS_EXTERN struct lws * +lws_adopt_descriptor_vhost(struct lws_vhost *vh, lws_adoption_type type, + lws_sock_file_fd_type fd, const char *vh_prot_name, + struct lws *parent); + +/** + * lws_adopt_socket_readbuf() - adopt foreign socket and first rx as if listen socket accepted it + * for the default vhost of context. + * \param context: lws context + * \param accept_fd: fd of already-accepted socket to adopt + * \param readbuf: NULL or pointer to data that must be drained before reading from + * accept_fd + * \param len: The length of the data held at \param readbuf + * + * Either returns new wsi bound to accept_fd, or closes accept_fd and + * returns NULL, having cleaned up any new wsi pieces. + * + * LWS adopts the socket in http serving mode, it's ready to accept an upgrade + * to ws or just serve http. + * + * If your external code did not already read from the socket, you can use + * lws_adopt_socket() instead. + * + * This api is guaranteed to use the data at \param readbuf first, before reading from + * the socket. + * + * readbuf is limited to the size of the ah rx buf, currently 2048 bytes. + */ +LWS_VISIBLE LWS_EXTERN struct lws * +lws_adopt_socket_readbuf(struct lws_context *context, lws_sockfd_type accept_fd, + const char *readbuf, size_t len); +/** + * lws_adopt_socket_vhost_readbuf() - adopt foreign socket and first rx as if listen socket + * accepted it for vhost. + * \param vhost: lws vhost + * \param accept_fd: fd of already-accepted socket to adopt + * \param readbuf: NULL or pointer to data that must be drained before reading from + * accept_fd + * \param len: The length of the data held at \param readbuf + * + * Either returns new wsi bound to accept_fd, or closes accept_fd and + * returns NULL, having cleaned up any new wsi pieces. + * + * LWS adopts the socket in http serving mode, it's ready to accept an upgrade + * to ws or just serve http. + * + * If your external code did not already read from the socket, you can use + * lws_adopt_socket() instead. + * + * This api is guaranteed to use the data at \param readbuf first, before reading from + * the socket. + * + * readbuf is limited to the size of the ah rx buf, currently 2048 bytes. + */ +LWS_VISIBLE LWS_EXTERN struct lws * +lws_adopt_socket_vhost_readbuf(struct lws_vhost *vhost, lws_sockfd_type accept_fd, + const char *readbuf, size_t len); +///@} + +/** \defgroup net Network related helper APIs + * ##Network related helper APIs + * + * These wrap miscellaneous useful network-related functions + */ +///@{ + +/** + * lws_canonical_hostname() - returns this host's hostname + * + * This is typically used by client code to fill in the host parameter + * when making a client connection. You can only call it after the context + * has been created. + * + * \param context: Websocket context + */ +LWS_VISIBLE LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT +lws_canonical_hostname(struct lws_context *context); + +/** + * lws_get_peer_addresses() - Get client address information + * \param wsi: Local struct lws associated with + * \param fd: Connection socket descriptor + * \param name: Buffer to take client address name + * \param name_len: Length of client address name buffer + * \param rip: Buffer to take client address IP dotted quad + * \param rip_len: Length of client address IP buffer + * + * This function fills in name and rip with the name and IP of + * the client connected with socket descriptor fd. Names may be + * truncated if there is not enough room. If either cannot be + * determined, they will be returned as valid zero-length strings. + */ +LWS_VISIBLE LWS_EXTERN void +lws_get_peer_addresses(struct lws *wsi, lws_sockfd_type fd, char *name, + int name_len, char *rip, int rip_len); + +/** + * lws_get_peer_simple() - Get client address information without RDNS + * + * \param wsi: Local struct lws associated with + * \param name: Buffer to take client address name + * \param namelen: Length of client address name buffer + * + * This provides a 123.123.123.123 type IP address in name from the + * peer that has connected to wsi + */ +LWS_VISIBLE LWS_EXTERN const char * +lws_get_peer_simple(struct lws *wsi, char *name, int namelen); +#if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) +/** + * lws_interface_to_sa() - Convert interface name or IP to sockaddr struct + * + * \param ipv6: Allow IPV6 addresses + * \param ifname: Interface name or IP + * \param addr: struct sockaddr_in * to be written + * \param addrlen: Length of addr + * + * This converts a textual network interface name to a sockaddr usable by + * other network functions + */ +LWS_VISIBLE LWS_EXTERN int +lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, + size_t addrlen); +///@} +#endif + +/** \defgroup misc Miscellaneous APIs +* ##Miscellaneous APIs +* +* Various APIs outside of other categories +*/ +///@{ + +/** + * lws_start_foreach_ll(): linkedlist iterator helper start + * + * \param type: type of iteration, eg, struct xyz * + * \param it: iterator var name to create + * \param start: start of list + * + * This helper creates an iterator and starts a while (it) { + * loop. The iterator runs through the linked list starting at start and + * ends when it gets a NULL. + * The while loop should be terminated using lws_start_foreach_ll(). + */ +#define lws_start_foreach_ll(type, it, start)\ +{ \ + type it = start; \ + while (it) { + +/** + * lws_end_foreach_ll(): linkedlist iterator helper end + * + * \param it: same iterator var name given when starting + * \param nxt: member name in the iterator pointing to next list element + * + * This helper is the partner for lws_start_foreach_ll() that ends the + * while loop. + */ + +#define lws_end_foreach_ll(it, nxt) \ + it = it->nxt; \ + } \ +} + +/** + * lws_start_foreach_llp(): linkedlist pointer iterator helper start + * + * \param type: type of iteration, eg, struct xyz ** + * \param it: iterator var name to create + * \param start: start of list + * + * This helper creates an iterator and starts a while (it) { + * loop. The iterator runs through the linked list starting at the + * address of start and ends when it gets a NULL. + * The while loop should be terminated using lws_start_foreach_llp(). + * + * This helper variant iterates using a pointer to the previous linked-list + * element. That allows you to easily delete list members by rewriting the + * previous pointer to the element's next pointer. + */ +#define lws_start_foreach_llp(type, it, start)\ +{ \ + type it = &(start); \ + while (*(it)) { + +/** + * lws_end_foreach_llp(): linkedlist pointer iterator helper end + * + * \param it: same iterator var name given when starting + * \param nxt: member name in the iterator pointing to next list element + * + * This helper is the partner for lws_start_foreach_llp() that ends the + * while loop. + */ + +#define lws_end_foreach_llp(it, nxt) \ + it = &(*(it))->nxt; \ + } \ +} + +/** + * lws_snprintf(): snprintf that truncates the returned length too + * + * \param str: destination buffer + * \param size: bytes left in destination buffer + * \param format: format string + * \param ...: args for format + * + * This lets you correctly truncate buffers by concatenating lengths, if you + * reach the limit the reported length doesn't exceed the limit. + */ +LWS_VISIBLE LWS_EXTERN int +lws_snprintf(char *str, size_t size, const char *format, ...) LWS_FORMAT(3); + +/** + * lws_get_random(): fill a buffer with platform random data + * + * \param context: the lws context + * \param buf: buffer to fill + * \param len: how much to fill + * + * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if + * it's interested to see if the frame it's dealing with was sent in binary + * mode. + */ +LWS_VISIBLE LWS_EXTERN int +lws_get_random(struct lws_context *context, void *buf, int len); +/** + * lws_daemonize(): make current process run in the background + * + * \param _lock_path: the filepath to write the lock file + * + * Spawn lws as a background process, taking care of various things + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_daemonize(const char *_lock_path); +/** + * lws_get_library_version(): return string describing the version of lws + * + * On unix, also includes the git describe + */ +LWS_VISIBLE LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT +lws_get_library_version(void); + +/** + * lws_wsi_user() - get the user data associated with the connection + * \param wsi: lws connection + * + * Not normally needed since it's passed into the callback + */ +LWS_VISIBLE LWS_EXTERN void * +lws_wsi_user(struct lws *wsi); + +/** + * lws_wsi_set_user() - set the user data associated with the client connection + * \param wsi: lws connection + * \param user: user data + * + * By default lws allocates this and it's not legal to externally set it + * yourself. However client connections may have it set externally when the + * connection is created... if so, this api can be used to modify it at + * runtime additionally. + */ +LWS_VISIBLE LWS_EXTERN void +lws_set_wsi_user(struct lws *wsi, void *user); + +/** + * lws_parse_uri: cut up prot:/ads:port/path into pieces + * Notice it does so by dropping '\0' into input string + * and the leading / on the path is consequently lost + * + * \param p: incoming uri string.. will get written to + * \param prot: result pointer for protocol part (https://) + * \param ads: result pointer for address part + * \param port: result pointer for port part + * \param path: result pointer for path part + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_parse_uri(char *p, const char **prot, const char **ads, int *port, + const char **path); + +/** + * lws_now_secs(): return seconds since 1970-1-1 + */ +LWS_VISIBLE LWS_EXTERN unsigned long +lws_now_secs(void); + +/** + * lws_get_context - Allow geting lws_context from a Websocket connection + * instance + * + * With this function, users can access context in the callback function. + * Otherwise users may have to declare context as a global variable. + * + * \param wsi: Websocket connection instance + */ +LWS_VISIBLE LWS_EXTERN struct lws_context * LWS_WARN_UNUSED_RESULT +lws_get_context(const struct lws *wsi); + +/** + * lws_get_count_threads(): how many service threads the context uses + * + * \param context: the lws context + * + * By default this is always 1, if you asked for more than lws can handle it + * will clip the number of threads. So you can use this to find out how many + * threads are actually in use. + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_get_count_threads(struct lws_context *context); + +/** + * lws_get_parent() - get parent wsi or NULL + * \param wsi: lws connection + * + * Specialized wsi like cgi stdin/out/err are associated to a parent wsi, + * this allows you to get their parent. + */ +LWS_VISIBLE LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT +lws_get_parent(const struct lws *wsi); + +/** + * lws_get_child() - get child wsi or NULL + * \param wsi: lws connection + * + * Allows you to find a related wsi from the parent wsi. + */ +LWS_VISIBLE LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT +lws_get_child(const struct lws *wsi); + +/** + * lws_parent_carries_io() - mark wsi as needing to send messages via parent + * + * \param wsi: child lws connection + */ + +LWS_VISIBLE LWS_EXTERN void +lws_set_parent_carries_io(struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN void * +lws_get_opaque_parent_data(const struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN void +lws_set_opaque_parent_data(struct lws *wsi, void *data); + +LWS_VISIBLE LWS_EXTERN int +lws_get_child_pending_on_writable(const struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN void +lws_clear_child_pending_on_writable(struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN int +lws_get_close_length(struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN unsigned char * +lws_get_close_payload(struct lws *wsi); + +/* + * \deprecated DEPRECATED Note: this is not normally needed as a user api. + * It's provided in case it is + * useful when integrating with other app poll loop service code. + */ +LWS_VISIBLE LWS_EXTERN int +lws_read(struct lws *wsi, unsigned char *buf, lws_filepos_t len); + +/** + * lws_set_allocator() - custom allocator support + * + * \param realloc + * + * Allows you to replace the allocator (and deallocator) used by lws + */ +LWS_VISIBLE LWS_EXTERN void +lws_set_allocator(void *(*realloc)(void *ptr, size_t size)); +///@} + +/** \defgroup wsstatus Websocket status APIs + * ##Websocket connection status APIs + * + * These provide information about ws connection or message status + */ +///@{ +/** + * lws_send_pipe_choked() - tests if socket is writable or not + * \param wsi: lws connection + * + * Allows you to check if you can write more on the socket + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_send_pipe_choked(struct lws *wsi); + +/** + * lws_is_final_fragment() - tests if last part of ws message + * + * \param wsi: lws connection + */ +LWS_VISIBLE LWS_EXTERN int +lws_is_final_fragment(struct lws *wsi); + +/** + * lws_is_first_fragment() - tests if first part of ws message + * + * \param wsi: lws connection + */ +LWS_VISIBLE LWS_EXTERN int +lws_is_first_fragment(struct lws *wsi); + +/** + * lws_get_reserved_bits() - access reserved bits of ws frame + * \param wsi: lws connection + */ +LWS_VISIBLE LWS_EXTERN unsigned char +lws_get_reserved_bits(struct lws *wsi); + +/** + * lws_partial_buffered() - find out if lws buffered the last write + * \param wsi: websocket connection to check + * + * Returns 1 if you cannot use lws_write because the last + * write on this connection is still buffered, and can't be cleared without + * returning to the service loop and waiting for the connection to be + * writeable again. + * + * If you will try to do >1 lws_write call inside a single + * WRITEABLE callback, you must check this after every write and bail if + * set, ask for a new writeable callback and continue writing from there. + * + * This is never set at the start of a writeable callback, but any write + * may set it. + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_partial_buffered(struct lws *wsi); + +/** + * lws_frame_is_binary(): true if the current frame was sent in binary mode + * + * \param wsi: the connection we are inquiring about + * + * This is intended to be called from the LWS_CALLBACK_RECEIVE callback if + * it's interested to see if the frame it's dealing with was sent in binary + * mode. + */ +LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_frame_is_binary(struct lws *wsi); + +/** + * lws_is_ssl() - Find out if connection is using SSL + * \param wsi: websocket connection to check + * + * Returns 0 if the connection is not using SSL, 1 if using SSL and + * using verified cert, and 2 if using SSL but the cert was not + * checked (appears for client wsi told to skip check on connection) + */ +LWS_VISIBLE LWS_EXTERN int +lws_is_ssl(struct lws *wsi); +/** + * lws_is_cgi() - find out if this wsi is running a cgi process + * \param wsi: lws connection + */ +LWS_VISIBLE LWS_EXTERN int +lws_is_cgi(struct lws *wsi); + +#ifdef LWS_OPENSSL_SUPPORT +/** + * lws_get_ssl() - Return wsi's SSL context structure + * \param wsi: websocket connection + * + * Returns pointer to the SSL library's context structure + */ +LWS_VISIBLE LWS_EXTERN SSL* +lws_get_ssl(struct lws *wsi); +#endif +///@} + + +/** \defgroup sha SHA and B64 helpers + * ##SHA and B64 helpers + * + * These provide SHA-1 and B64 helper apis + */ +///@{ +#ifdef LWS_SHA1_USE_OPENSSL_NAME +#define lws_SHA1 SHA1 +#else +/** + * lws_SHA1(): make a SHA-1 digest of a buffer + * + * \param d: incoming buffer + * \param n: length of incoming buffer + * \param md: buffer for message digest (must be >= 20 bytes) + * + * Reduces any size buffer into a 20-byte SHA-1 hash. + */ +LWS_VISIBLE LWS_EXTERN unsigned char * +lws_SHA1(const unsigned char *d, size_t n, unsigned char *md); +#endif +/** + * lws_b64_encode_string(): encode a string into base 64 + * + * \param in: incoming buffer + * \param in_len: length of incoming buffer + * \param out: result buffer + * \param out_size: length of result buffer + * + * Encodes a string using b64 + */ +LWS_VISIBLE LWS_EXTERN int +lws_b64_encode_string(const char *in, int in_len, char *out, int out_size); +/** + * lws_b64_decode_string(): decode a string from base 64 + * + * \param in: incoming buffer + * \param out: result buffer + * \param out_size: length of result buffer + * + * Decodes a string using b64 + */ +LWS_VISIBLE LWS_EXTERN int +lws_b64_decode_string(const char *in, char *out, int out_size); +///@} + + +/*! \defgroup cgi cgi handling + * + * ##CGI handling + * + * These functions allow low-level control over stdin/out/err of the cgi. + * + * However for most cases, binding the cgi to http in and out, the default + * lws implementation already does the right thing. + */ +#ifdef LWS_WITH_CGI +enum lws_enum_stdinouterr { + LWS_STDIN = 0, + LWS_STDOUT = 1, + LWS_STDERR = 2, +}; + +enum lws_cgi_hdr_state { + LCHS_HEADER, + LCHS_CR1, + LCHS_LF1, + LCHS_CR2, + LCHS_LF2, + LHCS_RESPONSE, + LHCS_DUMP_HEADERS, + LHCS_PAYLOAD, + LCHS_SINGLE_0A, +}; + +struct lws_cgi_args { + struct lws **stdwsi; /**< get fd with lws_get_socket_fd() */ + enum lws_enum_stdinouterr ch; /**< channel index */ + unsigned char *data; /**< for messages with payload */ + enum lws_cgi_hdr_state hdr_state; /**< track where we are in cgi headers */ + int len; /**< length */ +}; + + +/** + * lws_cgi: spawn network-connected cgi process + * + * \param wsi: connection to own the process + * \param exec_array: array of "exec-name" "arg1" ... "argn" NULL + * \param script_uri_path_len: how many chars on the left of the uri are the path to the cgi + * \param timeout_secs: seconds script should be allowed to run + * \param mp_cgienv: pvo list with per-vhost cgi options to put in env + */ +LWS_VISIBLE LWS_EXTERN int +lws_cgi(struct lws *wsi, const char * const *exec_array, + int script_uri_path_len, int timeout_secs, + const struct lws_protocol_vhost_options *mp_cgienv); + +/** + * lws_cgi_write_split_stdout_headers: write cgi output accounting for header part + * + * \param wsi: connection to own the process + */ +LWS_VISIBLE LWS_EXTERN int +lws_cgi_write_split_stdout_headers(struct lws *wsi); + +/** + * lws_cgi_kill: terminate cgi process associated with wsi + * + * \param wsi: connection to own the process + */ +LWS_VISIBLE LWS_EXTERN int +lws_cgi_kill(struct lws *wsi); +#endif +///@} + + +/*! \defgroup fops file operation wrapping + * + * ##File operation wrapping + * + * Use these helper functions if you want to access a file from the perspective + * of a specific wsi, which is usually the case. If you just want contextless + * file access, use the fops callbacks directly with NULL wsi instead of these + * helpers. + * + * If so, then it calls the platform handler or user overrides where present + * (as defined in info->fops) + * + * The advantage from all this is user code can be portable for file operations + * without having to deal with differences between platforms. + */ +//@{ + +/** struct lws_plat_file_ops - Platform-specific file operations + * + * These provide platform-agnostic ways to deal with filesystem access in the + * library and in the user code. + */ + +#if defined(LWS_WITH_ESP32) +/* sdk preprocessor defs? compiler issue? gets confused with member names */ +#define LWS_FOP_OPEN _open +#define LWS_FOP_CLOSE _close +#define LWS_FOP_SEEK_CUR _seek_cur +#define LWS_FOP_READ _read +#define LWS_FOP_WRITE _write +#else +#define LWS_FOP_OPEN open +#define LWS_FOP_CLOSE close +#define LWS_FOP_SEEK_CUR seek_cur +#define LWS_FOP_READ read +#define LWS_FOP_WRITE write +#endif + +#define LWS_FOP_FLAGS_MASK ((1 << 23) - 1) +#define LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP (1 << 24) +#define LWS_FOP_FLAG_COMPR_IS_GZIP (1 << 25) +#define LWS_FOP_FLAG_MOD_TIME_VALID (1 << 26) +#define LWS_FOP_FLAG_VIRTUAL (1 << 27) + +struct lws_plat_file_ops; + +struct lws_fop_fd { + lws_filefd_type fd; + /**< real file descriptor related to the file... */ + const struct lws_plat_file_ops *fops; + /**< fops that apply to this fop_fd */ + void *filesystem_priv; + /**< ignored by lws; owned by the fops handlers */ + lws_filepos_t pos; + /**< generic "position in file" */ + lws_filepos_t len; + /**< generic "length of file" */ + lws_fop_flags_t flags; + /**< copy of the returned flags */ + uint32_t mod_time; + /**< optional "modification time of file", only valid if .open() + * set the LWS_FOP_FLAG_MOD_TIME_VALID flag */ +}; +typedef struct lws_fop_fd *lws_fop_fd_t; + +struct lws_fops_index { + const char *sig; /* NULL or vfs signature, eg, ".zip/" */ + uint8_t len; /* length of above string */ +}; + +struct lws_plat_file_ops { + lws_fop_fd_t (*LWS_FOP_OPEN)(const struct lws_plat_file_ops *fops, + const char *filename, const char *vpath, + lws_fop_flags_t *flags); + /**< Open file (always binary access if plat supports it) + * vpath may be NULL, or if the fops understands it, the point at which + * the filename's virtual part starts. + * *flags & LWS_FOP_FLAGS_MASK should be set to O_RDONLY or O_RDWR. + * If the file may be gzip-compressed, + * LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP is set. If it actually is + * gzip-compressed, then the open handler should OR + * LWS_FOP_FLAG_COMPR_IS_GZIP on to *flags before returning. + */ + int (*LWS_FOP_CLOSE)(lws_fop_fd_t *fop_fd); + /**< close file AND set the pointer to NULL */ + lws_fileofs_t (*LWS_FOP_SEEK_CUR)(lws_fop_fd_t fop_fd, + lws_fileofs_t offset_from_cur_pos); + /**< seek from current position */ + int (*LWS_FOP_READ)(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len); + /**< Read from file, on exit *amount is set to amount actually read */ + int (*LWS_FOP_WRITE)(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len); + /**< Write to file, on exit *amount is set to amount actually written */ + + struct lws_fops_index fi[3]; + /**< vfs path signatures implying use of this fops */ + + const struct lws_plat_file_ops *next; + /**< NULL or next fops in list */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ +}; + +/** + * lws_get_fops() - get current file ops + * + * \param context: context + */ +LWS_VISIBLE LWS_EXTERN struct lws_plat_file_ops * LWS_WARN_UNUSED_RESULT +lws_get_fops(struct lws_context *context); +LWS_VISIBLE LWS_EXTERN void +lws_set_fops(struct lws_context *context, const struct lws_plat_file_ops *fops); +/** + * lws_vfs_tell() - get current file position + * + * \param fop_fd: fop_fd we are asking about + */ +LWS_VISIBLE LWS_EXTERN lws_filepos_t LWS_WARN_UNUSED_RESULT +lws_vfs_tell(lws_fop_fd_t fop_fd); +/** + * lws_vfs_get_length() - get current file total length in bytes + * + * \param fop_fd: fop_fd we are asking about + */ +LWS_VISIBLE LWS_EXTERN lws_filepos_t LWS_WARN_UNUSED_RESULT +lws_vfs_get_length(lws_fop_fd_t fop_fd); +/** + * lws_vfs_get_mod_time() - get time file last modified + * + * \param fop_fd: fop_fd we are asking about + */ +LWS_VISIBLE LWS_EXTERN uint32_t LWS_WARN_UNUSED_RESULT +lws_vfs_get_mod_time(lws_fop_fd_t fop_fd); +/** + * lws_vfs_file_seek_set() - seek relative to start of file + * + * \param fop_fd: fop_fd we are seeking in + * \param offset: offset from start of file + */ +LWS_VISIBLE LWS_EXTERN lws_fileofs_t +lws_vfs_file_seek_set(lws_fop_fd_t fop_fd, lws_fileofs_t offset); +/** + * lws_vfs_file_seek_end() - seek relative to end of file + * + * \param fop_fd: fop_fd we are seeking in + * \param offset: offset from start of file + */ +LWS_VISIBLE LWS_EXTERN lws_fileofs_t +lws_vfs_file_seek_end(lws_fop_fd_t fop_fd, lws_fileofs_t offset); + +extern struct lws_plat_file_ops fops_zip; + +/** + * lws_plat_file_open() - open vfs filepath + * + * \param fops: file ops struct that applies to this descriptor + * \param vfs_path: filename to open + * \param flags: pointer to open flags + * + * The vfs_path is scanned for known fops signatures, and the open directed + * to any matching fops open. + * + * User code should use this api to perform vfs opens. + * + * returns semi-opaque handle + */ +LWS_VISIBLE LWS_EXTERN lws_fop_fd_t LWS_WARN_UNUSED_RESULT +lws_vfs_file_open(const struct lws_plat_file_ops *fops, const char *vfs_path, + lws_fop_flags_t *flags); + +/** + * lws_plat_file_close() - close file + * + * \param fop_fd: file handle to close + */ +static LWS_INLINE int +lws_vfs_file_close(lws_fop_fd_t *fop_fd) +{ + return (*fop_fd)->fops->LWS_FOP_CLOSE(fop_fd); +} + +/** + * lws_plat_file_seek_cur() - close file + * + * + * \param fop_fd: file handle + * \param offset: position to seek to + */ +static LWS_INLINE lws_fileofs_t +lws_vfs_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + return fop_fd->fops->LWS_FOP_SEEK_CUR(fop_fd, offset); +} +/** + * lws_plat_file_read() - read from file + * + * \param fop_fd: file handle + * \param amount: how much to read (rewritten by call) + * \param buf: buffer to write to + * \param len: max length + */ +static LWS_INLINE int LWS_WARN_UNUSED_RESULT +lws_vfs_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + return fop_fd->fops->LWS_FOP_READ(fop_fd, amount, buf, len); +} +/** + * lws_plat_file_write() - write from file + * + * \param fop_fd: file handle + * \param amount: how much to write (rewritten by call) + * \param buf: buffer to read from + * \param len: max length + */ +static LWS_INLINE int LWS_WARN_UNUSED_RESULT +lws_vfs_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + return fop_fd->fops->LWS_FOP_WRITE(fop_fd, amount, buf, len); +} + +/* these are the platform file operations implementations... they can + * be called directly and used in fops arrays + */ + +LWS_VISIBLE LWS_EXTERN lws_fop_fd_t +_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, + const char *vpath, lws_fop_flags_t *flags); +LWS_VISIBLE LWS_EXTERN int +_lws_plat_file_close(lws_fop_fd_t *fop_fd); +LWS_VISIBLE LWS_EXTERN lws_fileofs_t +_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset); +LWS_VISIBLE LWS_EXTERN int +_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len); +LWS_VISIBLE LWS_EXTERN int +_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len); + +LWS_VISIBLE LWS_EXTERN int +lws_alloc_vfs_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount); +//@} + +/** \defgroup smtp + * \ingroup lwsapi + * ##SMTP related functions + * + * These apis let you communicate with a local SMTP server to send email from + * lws. It handles all the SMTP sequencing and protocol actions. + * + * Your system should have postfix, sendmail or another MTA listening on port + * 25 and able to send email using the "mail" commandline app. Usually distro + * MTAs are configured for this by default. + * + * It runs via its own libuv events if initialized (which requires giving it + * a libuv loop to attach to). + * + * It operates using three callbacks, on_next() queries if there is a new email + * to send, on_get_body() asks for the body of the email, and on_sent() is + * called after the email is successfully sent. + * + * To use it + * + * - create an lws_email struct + * + * - initialize data, loop, the email_* strings, max_content_size and + * the callbacks + * + * - call lws_email_init() + * + * When you have at least one email to send, call lws_email_check() to + * schedule starting to send it. + */ +//@{ +#ifdef LWS_WITH_SMTP + +/** enum lwsgs_smtp_states - where we are in SMTP protocol sequence */ +enum lwsgs_smtp_states { + LGSSMTP_IDLE, /**< awaiting new email */ + LGSSMTP_CONNECTING, /**< opening tcp connection to MTA */ + LGSSMTP_CONNECTED, /**< tcp connection to MTA is connected */ + LGSSMTP_SENT_HELO, /**< sent the HELO */ + LGSSMTP_SENT_FROM, /**< sent FROM */ + LGSSMTP_SENT_TO, /**< sent TO */ + LGSSMTP_SENT_DATA, /**< sent DATA request */ + LGSSMTP_SENT_BODY, /**< sent the email body */ + LGSSMTP_SENT_QUIT, /**< sent the session quit */ +}; + +/** struct lws_email - abstract context for performing SMTP operations */ +struct lws_email { + void *data; + /**< opaque pointer set by user code and available to the callbacks */ + uv_loop_t *loop; + /**< the libuv loop we will work on */ + + char email_smtp_ip[32]; /**< Fill before init, eg, "127.0.0.1" */ + char email_helo[32]; /**< Fill before init, eg, "myserver.com" */ + char email_from[100]; /**< Fill before init or on_next */ + char email_to[100]; /**< Fill before init or on_next */ + + unsigned int max_content_size; + /**< largest possible email body size */ + + /* Fill all the callbacks before init */ + + int (*on_next)(struct lws_email *email); + /**< (Fill in before calling lws_email_init) + * called when idle, 0 = another email to send, nonzero is idle. + * If you return 0, all of the email_* char arrays must be set + * to something useful. */ + int (*on_sent)(struct lws_email *email); + /**< (Fill in before calling lws_email_init) + * called when transfer of the email to the SMTP server was + * successful, your callback would remove the current email + * from its queue */ + int (*on_get_body)(struct lws_email *email, char *buf, int len); + /**< (Fill in before calling lws_email_init) + * called when the body part of the queued email is about to be + * sent to the SMTP server. */ + + + /* private things */ + uv_timer_t timeout_email; /**< private */ + enum lwsgs_smtp_states estate; /**< private */ + uv_connect_t email_connect_req; /**< private */ + uv_tcp_t email_client; /**< private */ + time_t email_connect_started; /**< private */ + char email_buf[256]; /**< private */ + char *content; /**< private */ +}; + +/** + * lws_email_init() - Initialize a struct lws_email + * + * \param email: struct lws_email to init + * \param loop: libuv loop to use + * \param max_content: max email content size + * + * Prepares a struct lws_email for use ending SMTP + */ +LWS_VISIBLE LWS_EXTERN int +lws_email_init(struct lws_email *email, uv_loop_t *loop, int max_content); + +/** + * lws_email_check() - Request check for new email + * + * \param email: struct lws_email context to check + * + * Schedules a check for new emails in 1s... call this when you have queued an + * email for send. + */ +LWS_VISIBLE LWS_EXTERN void +lws_email_check(struct lws_email *email); +/** + * lws_email_destroy() - stop using the struct lws_email + * + * \param email: the struct lws_email context + * + * Stop sending email using email and free allocations + */ +LWS_VISIBLE LWS_EXTERN void +lws_email_destroy(struct lws_email *email); + +#endif +//@} + +/* + * Stats are all uint64_t numbers that start at 0. + * Index names here have the convention + * + * _C_ counter + * _B_ byte count + * _MS_ millisecond count + */ + +enum { + LWSSTATS_C_CONNECTIONS, /**< count incoming connections */ + LWSSTATS_C_API_CLOSE, /**< count calls to close api */ + LWSSTATS_C_API_READ, /**< count calls to read from socket api */ + LWSSTATS_C_API_LWS_WRITE, /**< count calls to lws_write API */ + LWSSTATS_C_API_WRITE, /**< count calls to write API */ + LWSSTATS_C_WRITE_PARTIALS, /**< count of partial writes */ + LWSSTATS_C_WRITEABLE_CB_REQ, /**< count of writable callback requests */ + LWSSTATS_C_WRITEABLE_CB_EFF_REQ, /**< count of effective writable callback requests */ + LWSSTATS_C_WRITEABLE_CB, /**< count of writable callbacks */ + LWSSTATS_C_SSL_CONNECTIONS_FAILED, /**< count of failed SSL connections */ + LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED, /**< count of accepted SSL connections */ + LWSSTATS_C_SSL_CONNS_HAD_RX, /**< count of accepted SSL conns that have had some RX */ + LWSSTATS_C_TIMEOUTS, /**< count of timed-out connections */ + LWSSTATS_C_SERVICE_ENTRY, /**< count of entries to lws service loop */ + LWSSTATS_B_READ, /**< aggregate bytes read */ + LWSSTATS_B_WRITE, /**< aggregate bytes written */ + LWSSTATS_B_PARTIALS_ACCEPTED_PARTS, /**< aggreate of size of accepted write data from new partials */ + LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY, /**< aggregate delay in accepting connection */ + LWSSTATS_MS_WRITABLE_DELAY, /**< aggregate delay between asking for writable and getting cb */ + LWSSTATS_MS_WORST_WRITABLE_DELAY, /**< single worst delay between asking for writable and getting cb */ + LWSSTATS_MS_SSL_RX_DELAY, /**< aggregate delay between ssl accept complete and first RX */ + + /* Add new things just above here ---^ + * This is part of the ABI, don't needlessly break compatibility */ + LWSSTATS_SIZE +}; + +#if defined(LWS_WITH_STATS) + +LWS_VISIBLE LWS_EXTERN uint64_t +lws_stats_get(struct lws_context *context, int index); +LWS_VISIBLE LWS_EXTERN void +lws_stats_log_dump(struct lws_context *context); +#else +static LWS_INLINE uint64_t +lws_stats_get(struct lws_context *context, int index) { return 0; } +static LWS_INLINE void +lws_stats_log_dump(struct lws_context *context) { } +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/lib/plat/esp32/esp32-helpers.c b/lib/lws-plat-esp32.c similarity index 53% rename from lib/plat/esp32/esp32-helpers.c rename to lib/lws-plat-esp32.c index 7ecaf6f..2765416 100644 --- a/lib/plat/esp32/esp32-helpers.c +++ b/lib/lws-plat-esp32.c @@ -1,5 +1,5 @@ /* - * libwebsockets - lib/plat/lws-plat-esp32.c + * libwebsockets - small server side websockets and web server implementation * * Copyright (C) 2010-2017 Andy Green * @@ -19,9 +19,564 @@ * MA 02110-1301 USA */ -#include "core/private.h" +#include "private-libwebsockets.h" +#include "freertos/timers.h" +#include +#include -#include "misc/romfs.h" +/* + * included from libwebsockets.c for unix builds + */ + +unsigned long long time_in_microseconds(void) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + return ((unsigned long long)tv.tv_sec * 1000000LL) + tv.tv_usec; +} + +LWS_VISIBLE int +lws_get_random(struct lws_context *context, void *buf, int len) +{ + uint8_t *pb = buf; + + while (len) { + uint32_t r = esp_random(); + uint8_t *p = (uint8_t *)&r; + int b = 4; + + if (len < b) + b = len; + + len -= b; + + while (b--) + *pb++ = p[b]; + } + + return pb - (uint8_t *)buf; +} + +LWS_VISIBLE int +lws_send_pipe_choked(struct lws *wsi) +{ + fd_set writefds; + struct timeval tv = { 0, 0 }; + + /* treat the fact we got a truncated send pending as if we're choked */ + if (wsi->trunc_len) + return 1; + + FD_ZERO(&writefds); + FD_SET(wsi->desc.sockfd, &writefds); + + if (select(wsi->desc.sockfd + 1, NULL, &writefds, NULL, &tv) < 1) + return 1; + + return 0; +} + +LWS_VISIBLE int +lws_poll_listen_fd(struct lws_pollfd *fd) +{ + fd_set readfds; + struct timeval tv = { 0, 0 }; + + FD_ZERO(&readfds); + FD_SET(fd->fd, &readfds); + + return select(fd->fd + 1, &readfds, NULL, NULL, &tv); +} + +LWS_VISIBLE void +lws_cancel_service_pt(struct lws *wsi) +{ +} + +LWS_VISIBLE void +lws_cancel_service(struct lws_context *context) +{ +} + +LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) +{ + printf("%d: %s", level, line); +} + +LWS_VISIBLE LWS_EXTERN int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + struct lws_context_per_thread *pt; + int n = -1, m, c; + + /* stay dead once we are dead */ + + if (!context || !context->vhost_list) + return 1; + + pt = &context->pt[tsi]; + lws_stats_atomic_bump(context, pt, LWSSTATS_C_SERVICE_ENTRY, 1); + + if (timeout_ms < 0) + goto faked_service; + + if (!context->service_tid_detected) { + struct lws _lws; + + memset(&_lws, 0, sizeof(_lws)); + _lws.context = context; + + context->service_tid_detected = + context->vhost_list->protocols[0].callback( + &_lws, LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); + } + context->service_tid = context->service_tid_detected; + + /* + * is there anybody with pending stuff that needs service forcing? + */ + if (!lws_service_adjust_timeout(context, 1, tsi)) { + /* -1 timeout means just do forced service */ + _lws_plat_service_tsi(context, -1, pt->tid); + /* still somebody left who wants forced service? */ + if (!lws_service_adjust_timeout(context, 1, pt->tid)) + /* yes... come back again quickly */ + timeout_ms = 0; + } + +// n = poll(pt->fds, pt->fds_count, timeout_ms); + { + fd_set readfds, writefds, errfds; + struct timeval tv = { timeout_ms / 1000, + (timeout_ms % 1000) * 1000 }, *ptv = &tv; + int max_fd = 0; + FD_ZERO(&readfds); + FD_ZERO(&writefds); + FD_ZERO(&errfds); + + for (n = 0; n < pt->fds_count; n++) { + pt->fds[n].revents = 0; + if (pt->fds[n].fd >= max_fd) + max_fd = pt->fds[n].fd; + if (pt->fds[n].events & LWS_POLLIN) + FD_SET(pt->fds[n].fd, &readfds); + if (pt->fds[n].events & LWS_POLLOUT) + FD_SET(pt->fds[n].fd, &writefds); + FD_SET(pt->fds[n].fd, &errfds); + } + + n = select(max_fd + 1, &readfds, &writefds, &errfds, ptv); + for (n = 0; n < pt->fds_count; n++) { + if (FD_ISSET(pt->fds[n].fd, &readfds)) + pt->fds[n].revents |= LWS_POLLIN; + if (FD_ISSET(pt->fds[n].fd, &writefds)) + pt->fds[n].revents |= LWS_POLLOUT; + if (FD_ISSET(pt->fds[n].fd, &errfds)) + pt->fds[n].revents |= LWS_POLLHUP; + } + } + + +#ifdef LWS_OPENSSL_SUPPORT + if (!pt->rx_draining_ext_list && + !lws_ssl_anybody_has_buffered_read_tsi(context, tsi) && !n) { +#else + if (!pt->rx_draining_ext_list && !n) /* poll timeout */ { +#endif + lws_service_fd_tsi(context, NULL, tsi); + return 0; + } + +faked_service: + m = lws_service_flag_pending(context, tsi); + if (m) + c = -1; /* unknown limit */ + else + if (n < 0) { + if (LWS_ERRNO != LWS_EINTR) + return -1; + return 0; + } else + c = n; + + /* any socket with events to service? */ + for (n = 0; n < pt->fds_count && c; n++) { + if (!pt->fds[n].revents) + continue; + + c--; + + m = lws_service_fd_tsi(context, &pt->fds[n], tsi); + if (m < 0) + return -1; + /* if something closed, retry this slot */ + if (m) + n--; + } + + return 0; +} + +LWS_VISIBLE int +lws_plat_check_connection_error(struct lws *wsi) +{ + return 0; +} + +LWS_VISIBLE int +lws_plat_service(struct lws_context *context, int timeout_ms) +{ + return _lws_plat_service_tsi(context, timeout_ms, 0); +} + +LWS_VISIBLE int +lws_plat_set_socket_options(struct lws_vhost *vhost, int fd) +{ + int optval = 1; + socklen_t optlen = sizeof(optval); + +#if defined(__APPLE__) || \ + defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ + defined(__NetBSD__) || \ + defined(__OpenBSD__) + struct protoent *tcp_proto; +#endif + + if (vhost->ka_time) { + /* enable keepalive on this socket */ + optval = 1; + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, + (const void *)&optval, optlen) < 0) + return 1; + +#if defined(__APPLE__) || \ + defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ + defined(__NetBSD__) || \ + defined(__CYGWIN__) || defined(__OpenBSD__) || defined (__sun) + + /* + * didn't find a way to set these per-socket, need to + * tune kernel systemwide values + */ +#else + /* set the keepalive conditions we want on it too */ + optval = vhost->ka_time; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, + (const void *)&optval, optlen) < 0) + return 1; + + optval = vhost->ka_interval; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPINTVL, + (const void *)&optval, optlen) < 0) + return 1; + + optval = vhost->ka_probes; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPCNT, + (const void *)&optval, optlen) < 0) + return 1; +#endif + } + + /* Disable Nagle */ + optval = 1; +// if (setsockopt(fd, SOL_TCP, TCP_NODELAY, (const void *)&optval, optlen) < 0) +// return 1; + if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &optval, optlen) < 0) + return 1; + + /* We are nonblocking... */ + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) + return 1; + + return 0; +} + +LWS_VISIBLE void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info) +{ +} + +LWS_VISIBLE int +lws_plat_context_early_init(void) +{ + //signal(SIGPIPE, SIG_IGN); + +// signal(SIGABRT, sigabrt_handler); + + return 0; +} + +LWS_VISIBLE void +lws_plat_context_early_destroy(struct lws_context *context) +{ +} + +LWS_VISIBLE void +lws_plat_context_late_destroy(struct lws_context *context) +{ +#ifdef LWS_WITH_PLUGINS + if (context->plugin_list) + lws_plat_plugins_destroy(context); +#endif + + if (context->lws_lookup) + lws_free(context->lws_lookup); +} + +/* cast a struct sockaddr_in6 * into addr for ipv6 */ + +LWS_VISIBLE int +lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, + size_t addrlen) +{ +#if 0 + int rc = -1; + + struct ifaddrs *ifr; + struct ifaddrs *ifc; +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; +#endif + + getifaddrs(&ifr); + for (ifc = ifr; ifc != NULL && rc; ifc = ifc->ifa_next) { + if (!ifc->ifa_addr) + continue; + + lwsl_info(" interface %s vs %s\n", ifc->ifa_name, ifname); + + if (strcmp(ifc->ifa_name, ifname)) + continue; + + switch (ifc->ifa_addr->sa_family) { + case AF_INET: +#ifdef LWS_USE_IPV6 + if (ipv6) { + /* map IPv4 to IPv6 */ + bzero((char *)&addr6->sin6_addr, + sizeof(struct in6_addr)); + addr6->sin6_addr.s6_addr[10] = 0xff; + addr6->sin6_addr.s6_addr[11] = 0xff; + memcpy(&addr6->sin6_addr.s6_addr[12], + &((struct sockaddr_in *)ifc->ifa_addr)->sin_addr, + sizeof(struct in_addr)); + } else +#endif + memcpy(addr, + (struct sockaddr_in *)ifc->ifa_addr, + sizeof(struct sockaddr_in)); + break; +#ifdef LWS_USE_IPV6 + case AF_INET6: + memcpy(&addr6->sin6_addr, + &((struct sockaddr_in6 *)ifc->ifa_addr)->sin6_addr, + sizeof(struct in6_addr)); + break; +#endif + default: + continue; + } + rc = 0; + } + + freeifaddrs(ifr); + + if (rc == -1) { + /* check if bind to IP address */ +#ifdef LWS_USE_IPV6 + if (inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) + rc = 0; + else +#endif + if (inet_pton(AF_INET, ifname, &addr->sin_addr) == 1) + rc = 0; + } + + return rc; +#endif + + return -1; +} + +LWS_VISIBLE void +lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->fds[pt->fds_count++].revents = 0; +} + +LWS_VISIBLE void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->fds_count--; +} + +LWS_VISIBLE void +lws_plat_service_periodic(struct lws_context *context) +{ +} + +LWS_VISIBLE int +lws_plat_change_pollfd(struct lws_context *context, + struct lws *wsi, struct lws_pollfd *pfd) +{ + return 0; +} + +LWS_VISIBLE const char * +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) +{ + return inet_ntop(af, src, dst, cnt); +} + +LWS_VISIBLE int +lws_plat_inet_pton(int af, const char *src, void *dst) +{ + return 1; // inet_pton(af, src, dst); +} + +LWS_VISIBLE lws_fop_fd_t IRAM_ATTR +_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, + const char *vpath, lws_fop_flags_t *flags) +{ + struct stat stat_buf; + lws_fop_fd_t fop_fd; + int ret = open(filename, *flags, 0664); + + if (ret < 0) + return NULL; + + if (fstat(ret, &stat_buf) < 0) + goto bail; + + fop_fd = malloc(sizeof(*fop_fd)); + if (!fop_fd) + goto bail; + + fop_fd->fops = fops; + fop_fd->fd = ret; + fop_fd->flags = *flags; + fop_fd->filesystem_priv = NULL; /* we don't use it */ + fop_fd->pos = 0; + fop_fd->len = stat_buf.st_size; + + return fop_fd; + +bail: + close(ret); + + return NULL; +} + +LWS_VISIBLE int IRAM_ATTR +_lws_plat_file_close(lws_fop_fd_t *fops_fd) +{ + int fd = (*fops_fd)->fd; + + free(*fops_fd); + *fops_fd = NULL; + + return close(fd); +} + +LWS_VISIBLE lws_fileofs_t IRAM_ATTR +_lws_plat_file_seek_cur(lws_fop_fd_t fops_fd, lws_fileofs_t offset) +{ + return lseek(fops_fd->fd, offset, SEEK_CUR); +} + +LWS_VISIBLE int IRAM_ATTR +_lws_plat_file_read(lws_fop_fd_t fops_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + long n; + + n = read(fops_fd->fd, buf, len); + if (n == -1) { + *amount = 0; + return -1; + } + fops_fd->pos += n; + *amount = n; + + return 0; +} + +LWS_VISIBLE int IRAM_ATTR +_lws_plat_file_write(lws_fop_fd_t fops_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + long n; + + n = write(fops_fd->fd, buf, len); + if (n == -1) { + *amount = 0; + return -1; + } + fops_fd->pos += n; + *amount = n; + + return 0; +} + + +LWS_VISIBLE int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info) +{ + /* master context has the global fd lookup array */ + context->lws_lookup = lws_zalloc(sizeof(struct lws *) * + context->max_fds); + if (context->lws_lookup == NULL) { + lwsl_err("OOM on lws_lookup array for %d connections\n", + context->max_fds); + return 1; + } + + lwsl_notice(" mem: platform fd map: %5lu bytes\n", + (unsigned long)(sizeof(struct lws *) * context->max_fds)); + +#ifdef LWS_WITH_PLUGINS + if (info->plugin_dirs) + lws_plat_plugins_init(context, info->plugin_dirs); +#endif + + return 0; +} + + +LWS_VISIBLE void esp32_uvtimer_cb(TimerHandle_t t) +{ + struct timer_mapping *p = pvTimerGetTimerID(t); + + p->cb(p->t); +} + +void ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + strncpy(buf, "unknown", len); +} + +void ERR_free_strings(void) +{ +} + +char *ERR_error_string(unsigned long e, char *buf) +{ + if (buf) + strcpy(buf, "unknown"); + + return "unknown"; +} + + +/* helper functionality */ + +#include "romfs.h" #include #include #include @@ -32,6 +587,7 @@ struct lws_esp32 lws_esp32 = { .model = CONFIG_LWS_MODEL_NAME, .serial = "unknown", + .region = WIFI_COUNTRY_US, // default to safest option }; /* @@ -39,46 +595,41 @@ struct lws_esp32 lws_esp32 = { */ enum lws_gapss { - LWS_GAPSS_INITIAL, /* just started up, init and move to - * LWS_GAPSS_SCAN */ + LWS_GAPSS_INITIAL, /* just started up, init and move to LWS_GAPSS_SCAN */ LWS_GAPSS_SCAN, /* - * Unconnected, scanning: AP known in one of the - * config slots -> configure it, start timeout + - * LWS_GAPSS_STAT, if no AP already up in same - * group with lower MAC, after a random period - * start up our AP (LWS_GAPSS_AP) + * Unconnected, scanning: AP known in one of the config + * slots -> configure it, start timeout + LWS_GAPSS_STAT, + * if no AP already up in same group with lower MAC, + * after a random period start up our AP (LWS_GAPSS_AP) */ LWS_GAPSS_AP, /* - * Trying to be the group AP... periodically do - * a scan LWS_GAPSS_AP_SCAN, faster and then - * slower + * Trying to be the group AP... periodically do a scan + * LWS_GAPSS_AP_SCAN, faster and then slower */ LWS_GAPSS_AP_SCAN, /* - * doing a scan while trying to be the group - * AP... if we see a lower MAC being the AP for - * the same group AP, abandon being an AP and - * join that AP as a station + * doing a scan while trying to be the group AP... if + * we see a lower MAC being the AP for the same group + * AP, abandon being an AP and join that AP as a + * station */ LWS_GAPSS_STAT_GRP_AP, /* - * We have decided to join another group member - * who is being the AP, as its MAC is lower than - * ours. This is a stable state, but we still - * do periodic scans LWS_GAPSS_STAT_GRP_AP_SCAN - * and will always prefer an AP configured in a - * slot. + * We have decided to join another group member who is + * being the AP, as its MAC is lower than ours. This + * is a stable state, but we still do periodic scans + * (LWS_GAPSS_STAT_GRP_AP_SCAN) and will always prefer + * an AP configured in a slot. */ LWS_GAPSS_STAT_GRP_AP_SCAN, /* - * We have joined a group member who is doing - * the AP job... we want to check every now and - * then if a configured AP has appeared that we - * should better use instead. Otherwise stay in - * LWS_GAPSS_STAT_GRP_AP + * We have joined a group member who is doing the AP + * job... we want to check every now and then if a + * configured AP has appeared that we should better + * use instead. Otherwise stay in LWS_GAPSS_STAT_GRP_AP */ LWS_GAPSS_STAT, /* - * trying to connect to another non-group AP. - * If we don't get an IP within a timeout and - * retries, blacklist it and go back + * trying to connect to another non-group AP. If we + * don't get an IP within a timeout and retries, + * blacklist it and go back */ LWS_GAPSS_STAT_HAPPY, }; @@ -95,15 +646,13 @@ static const char *gapss_str[] = { }; static romfs_t lws_esp32_romfs; -static TimerHandle_t leds_timer, scan_timer, debounce_timer, association_timer +static TimerHandle_t leds_timer, scan_timer, debounce_timer #if !defined(CONFIG_LWS_IS_FACTORY_APPLICATION) , mdns_timer #endif ; static enum lws_gapss gapss = LWS_GAPSS_INITIAL; -#if !defined(CONFIG_LWS_IS_FACTORY_APPLICATION) -static mdns_result_t *mdns_results_head; -#endif +static char bdown; #define GPIO_SW 14 @@ -200,28 +749,6 @@ static void lws_esp32_scan_timer_cb(TimerHandle_t th) lwsl_err("scan start failed %d\n", n); } -static void lws_esp32_assoc_timer_cb(TimerHandle_t th) -{ - int n; - - xTimerStop(association_timer, 0); - - if (gapss == LWS_GAPSS_STAT_HAPPY) { - lwsl_debug("%s: saw we were happy\n", __func__); - - return; - } - - lwsl_notice("%s: forcing rescan\n", __func__); - - lws_gapss_to(LWS_GAPSS_SCAN); - scan_ongoing = 0; - n = esp_wifi_scan_start(&scan_config, false); - if (n != ESP_OK) - lwsl_err("scan start failed %d\n", n); -} - - #if !defined(CONFIG_LWS_IS_FACTORY_APPLICATION) void __attribute__(( weak )) @@ -242,42 +769,57 @@ void lws_group_member_event_call(int e, void *p) } static int -get_txt_param(const mdns_result_t *mr, const char *param, char *result, int len) +get_txt_param(const char *txt, const char *param, char *result, int len) { const char *p; - *result = '\0'; - - p = strstr(mr->txt->key, param); +again: + p = strstr(txt, param); if (!p) { *result = '\0'; return 1; } - lws_strncpy(result, mr->txt->value, len); + p += strlen(param); + if (*p != '=') { + txt = p; + goto again; + } + p++; + while (*p && *p != '&' && --len) + *result++ = *p++; + + *result = '\0'; return 0; } static void lws_esp32_mdns_timer_cb(TimerHandle_t th) { - uint64_t now = lws_now_usecs(); + uint64_t now = time_in_microseconds(); struct lws_group_member *p, **p1; - const mdns_result_t *r = mdns_results_head; + const mdns_result_t *r; + int n, m; + + if (!lws_esp32.mdns) + return; + n = mdns_query_end(lws_esp32.mdns); - while (r) { + for (m = 0; m < n; m++) { char ch = 0, group[16]; - get_txt_param(r, "group", group, sizeof(group)); + r = mdns_result_get(lws_esp32.mdns, m); + + get_txt_param(r->txt, "group", group, sizeof(group)); if (strcmp(group, lws_esp32.group)) /* not our group */ { lwsl_notice("group %s vs %s %s\n", - group, lws_esp32.group, r->txt->value); + group, lws_esp32.group, r->txt); continue; } p = lws_esp32.first; while (p) { - if (strcmp(r->hostname, p->host)) + if (strcmp(r->host, p->host)) goto next; if (memcmp(&r->addr, &p->addr, sizeof(r->addr))) goto next; @@ -289,22 +831,22 @@ next: } if (!p) { /* did not find */ char temp[8]; - - p = lws_malloc(sizeof(*p), "group"); + p = malloc(sizeof(*p)); if (!p) continue; - lws_strncpy(p->host, r->hostname, sizeof(p->host)); + strncpy(p->host, r->host, sizeof(p->host) - 1); + p->host[sizeof(p->host) - 1] = '\0'; - get_txt_param(r, "model", p->model, sizeof(p->model)); - get_txt_param(r, "role", p->role, sizeof(p->role)); - get_txt_param(r, "mac", p->mac, sizeof(p->mac)); - get_txt_param(r, "width", temp, sizeof(temp)); + get_txt_param(r->txt, "model", p->model, sizeof(p->model)); + get_txt_param(r->txt, "role", p->role, sizeof(p->role)); + get_txt_param(r->txt, "mac", p->mac, sizeof(p->mac)); + get_txt_param(r->txt, "width", temp, sizeof(temp)); p->width = atoi(temp); - get_txt_param(r, "height", temp, sizeof(temp)); + get_txt_param(r->txt, "height", temp, sizeof(temp)); p->height = atoi(temp); memcpy(&p->addr, &r->addr, sizeof(p->addr)); -// memcpy(&p->addrv6, &r->addrv6, sizeof(p->addrv6)); + memcpy(&p->addrv6, &r->addrv6, sizeof(p->addrv6)); p->last_seen = now; p->flags = 0; p->next = lws_esp32.first; @@ -317,16 +859,16 @@ next: memcpy(&p->addr, &r->addr, sizeof(p->addr)); ch = 1; } -/* if (memcmp(&p->addrv6, &r->addrv6, sizeof(p->addrv6))) { + if (memcmp(&p->addrv6, &r->addrv6, sizeof(p->addrv6))) { memcpy(&p->addrv6, &r->addrv6, sizeof(p->addrv6)); ch = 1; - } */ + } if (ch) lws_group_member_event_call(LWS_SYSTEM_GROUP_MEMBER_CHANGE, p); } } - mdns_query_results_free(mdns_results_head); + mdns_result_free(lws_esp32.mdns); /* garbage-collect group members not seen for too long */ p1 = &lws_esp32.first; @@ -338,14 +880,13 @@ next: *p1 = p->next; lws_group_member_event_call(LWS_SYSTEM_GROUP_MEMBER_REMOVE, p); - lws_free(p); + free(p); continue; } p1 = &(*p1)->next; } - mdns_query_txt(lws_esp32.group, "_lwsgrmem", "_tcp", 0, - &mdns_results_head); + mdns_query(lws_esp32.mdns, "_lwsgrmem", "_tcp", 0); xTimerStart(mdns_timer, 0); } #endif @@ -358,20 +899,19 @@ lws_esp32_button(int down) void IRAM_ATTR gpio_irq(void *arg) { + bdown ^= 1; gpio_set_intr_type(GPIO_SW, GPIO_INTR_DISABLE); xTimerStart(debounce_timer, 0); + + lws_esp32_button(bdown); } static void lws_esp32_debounce_timer_cb(TimerHandle_t th) { - if (lws_esp32.button_is_down) + if (bdown) gpio_set_intr_type(GPIO_SW, GPIO_INTR_POSEDGE); else gpio_set_intr_type(GPIO_SW, GPIO_INTR_NEGEDGE); - - lws_esp32.button_is_down = gpio_get_level(GPIO_SW); - - lws_esp32_button(lws_esp32.button_is_down); } @@ -404,8 +944,8 @@ end_scan() uint16_t count_ap_records; int n, m; - count_ap_records = LWS_ARRAY_SIZE(ap_records); - if (esp_wifi_scan_get_ap_records(&count_ap_records, ap_records)) { + count_ap_records = ARRAY_SIZE(ap_records); + if (esp_wifi_scan_get_ap_records(&count_ap_records, ap_records) != ESP_OK) { lwsl_err("%s: failed\n", __func__); return; } @@ -414,7 +954,7 @@ end_scan() goto passthru; if (gapss != LWS_GAPSS_SCAN) { - lwsl_info("ignoring scan as gapss %s\n", gapss_str[gapss]); + lwsl_notice("ignoring scan as gapss %s\n", gapss_str[gapss]); goto passthru; } @@ -425,22 +965,20 @@ end_scan() !lws_esp32.ssid[3][0]) goto passthru; - lwsl_info("checking %d scan records\n", count_ap_records); + lwsl_notice("checking %d scan records\n", count_ap_records); for (n = 0; n < 4; n++) { if (!lws_esp32.ssid[(n + try_slot + 1) & 3][0]) continue; - lwsl_debug("looking for %s\n", - lws_esp32.ssid[(n + try_slot + 1) & 3]); + lwsl_notice("looking for %s\n", lws_esp32.ssid[(n + try_slot + 1) & 3]); /* this ssid appears in scan results? */ for (m = 0; m < count_ap_records; m++) { // lwsl_notice(" %s\n", ap_records[m].ssid); - if (!strcmp((char *)ap_records[m].ssid, - lws_esp32.ssid[(n + try_slot + 1) & 3])) + if (strcmp((char *)ap_records[m].ssid, lws_esp32.ssid[(n + try_slot + 1) & 3]) == 0) goto hit; } @@ -449,22 +987,18 @@ end_scan() hit: m = (n + try_slot + 1) & 3; try_slot = m; - lwsl_info("Attempting connection with slot %d: %s:\n", m, + lwsl_notice("Attempting connection with slot %d: %s:\n", m, lws_esp32.ssid[m]); /* set the ssid we last tried to connect to */ - lws_strncpy(lws_esp32.active_ssid, lws_esp32.ssid[m], - sizeof(lws_esp32.active_ssid)); + strncpy(lws_esp32.active_ssid, lws_esp32.ssid[m], + sizeof(lws_esp32.active_ssid) - 1); + lws_esp32.active_ssid[sizeof(lws_esp32.active_ssid) - 1] = '\0'; - lws_strncpy((char *)sta_config.sta.ssid, lws_esp32.ssid[m], - sizeof(sta_config.sta.ssid)); - lws_strncpy((char *)sta_config.sta.password, lws_esp32.password[m], - sizeof(sta_config.sta.password)); + strncpy((char *)sta_config.sta.ssid, lws_esp32.ssid[m], sizeof(sta_config.sta.ssid) - 1); + strncpy((char *)sta_config.sta.password, lws_esp32.password[m], sizeof(sta_config.sta.password) - 1); - tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, - (const char *)&config.ap.ssid[7]); + tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, (const char *)&config.ap.ssid[7]); lws_gapss_to(LWS_GAPSS_STAT); - xTimerStop(association_timer, 0); - xTimerStart(association_timer, 0); esp_wifi_set_config(WIFI_IF_STA, &sta_config); esp_wifi_connect(); @@ -476,15 +1010,14 @@ hit: passthru: if (lws_esp32.scan_consumer) - lws_esp32.scan_consumer(count_ap_records, ap_records, - lws_esp32.scan_consumer_arg); + lws_esp32.scan_consumer(count_ap_records, ap_records, lws_esp32.scan_consumer_arg); } static void lws_set_genled(int n) { - lws_esp32.genled_t = lws_now_usecs(); + lws_esp32.genled_t = time_in_microseconds(); lws_esp32.genled = n; } @@ -494,7 +1027,7 @@ lws_esp32_leds_network_indication(void) uint64_t us, r; int n, fadein = 100, speed = 1199, div = 1, base = 0; - r = lws_now_usecs(); + r = time_in_microseconds(); us = r - lws_esp32.genled_t; switch (lws_esp32.genled) { @@ -543,6 +1076,7 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) struct lws_group_member *mem; int n; #endif + char slot[8]; nvs_handle nvh; uint32_t use; @@ -553,15 +1087,16 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) /* fallthru */ case SYSTEM_EVENT_STA_DISCONNECTED: lwsl_notice("SYSTEM_EVENT_STA_DISCONNECTED\n"); - if (sntp_enabled()) - sntp_stop(); lws_esp32.conn_ap = 0; lws_esp32.inet = 0; lws_esp32.sta_ip[0] = '\0'; lws_esp32.sta_mask[0] = '\0'; lws_esp32.sta_gw[0] = '\0'; lws_gapss_to(LWS_GAPSS_SCAN); - mdns_free(); + if (lws_esp32.mdns) + mdns_service_remove_all(lws_esp32.mdns); + mdns_free(lws_esp32.mdns); + lws_esp32.mdns = NULL; lws_set_genled(LWSESP32_GENLED__LOST_NETWORK); start_scan(); esp_wifi_connect(); @@ -586,8 +1121,6 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) (uint8_t *)&event->event_info.got_ip.ip_info.gw); if (!nvs_open("lws-station", NVS_READWRITE, &nvh)) { - char slot[8]; - lws_snprintf(slot, sizeof(slot) - 1, "%duse", try_slot); use = 0; nvs_get_u32(nvh, slot, &use); @@ -599,37 +1132,35 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) lws_gapss_to(LWS_GAPSS_STAT_HAPPY); #if !defined(CONFIG_LWS_IS_FACTORY_APPLICATION) - n = mdns_init(); + n = mdns_init(TCPIP_ADAPTER_IF_STA, &lws_esp32.mdns); if (!n) { - static mdns_txt_item_t txta[6]; - static char wh[2][6]; + static char *txta[6]; int w, h; - mdns_hostname_set(lws_esp32.hostname); - mdns_instance_name_set(lws_esp32.group); + mdns_set_hostname(lws_esp32.mdns, lws_esp32.hostname); + mdns_set_instance(lws_esp32.mdns, lws_esp32.group); + mdns_service_add(lws_esp32.mdns, "_lwsgrmem", "_tcp", 443); + if (txta[0]) + free(txta[0]); + txta[0] = malloc(32 * ARRAY_SIZE(txta)); + if (!txta[0]) { + lwsl_notice("mdns OOM\n"); + break; + } + txta[1] = &txta[0][32]; + txta[2] = &txta[1][32]; + txta[3] = &txta[2][32]; + txta[4] = &txta[3][32]; + txta[5] = &txta[4][32]; lws_get_iframe_size(&w, &h); - txta[0].key = "model"; - txta[1].key = "group"; - txta[2].key = "role"; - txta[3].key = "mac"; - txta[4].key = "width"; - txta[5].key = "height"; - - txta[0].value = lws_esp32.model; - txta[1].value = lws_esp32.group; - txta[2].value = lws_esp32.role; - txta[3].value = lws_esp32.mac; - txta[4].value = wh[0]; - txta[5].value = wh[1]; - - lws_snprintf(wh[0], 6, "%d", w); - lws_snprintf(wh[1], 6, "%d", h); - - mdns_service_add(lws_esp32.group, - "_lwsgrmem", "_tcp", 443, txta, - LWS_ARRAY_SIZE(txta)); + lws_snprintf(txta[0], 31, "model=%s", lws_esp32.model); + lws_snprintf(txta[1], 31, "group=%s", lws_esp32.group); + lws_snprintf(txta[2], 31, "role=%s", lws_esp32.role); + lws_snprintf(txta[3], 31, "mac=%s", lws_esp32.mac); + lws_snprintf(txta[4], 31, "width=%d", w); + lws_snprintf(txta[5], 31, "height=%d", h); mem = lws_esp32.first; while (mem) { @@ -639,8 +1170,7 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) } if (!mem) { - struct lws_group_member *mem = - lws_malloc(sizeof(*mem), "group"); + struct lws_group_member *mem = malloc(sizeof(*mem)); if (mem) { mem->last_seen = ~(uint64_t)0; strcpy(mem->model, lws_esp32.model); @@ -648,46 +1178,37 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) strcpy(mem->host, lws_esp32.hostname); strcpy(mem->mac, lws_esp32.mac); mem->flags = LWS_GROUP_FLAG_SELF; - lws_get_iframe_size(&mem->width, - &mem->height); - memcpy(&mem->addr, - &event->event_info.got_ip.ip_info.ip, - sizeof(mem->addr)); - memcpy(&mem->addrv6, - &event->event_info.got_ip6.ip6_info.ip, - sizeof(mem->addrv6)); + lws_get_iframe_size(&mem->width, &mem->height); + memcpy(&mem->addr, &event->event_info.got_ip.ip_info.ip, + sizeof(mem->addr)); + memcpy(&mem->addrv6, &event->event_info.got_ip6.ip6_info.ip, + sizeof(mem->addrv6)); mem->next = lws_esp32.first; lws_esp32.first = mem; lws_esp32.extant_group_members++; - lws_group_member_event_call( - LWS_SYSTEM_GROUP_MEMBER_ADD, mem); + lws_group_member_event_call(LWS_SYSTEM_GROUP_MEMBER_ADD, mem); } } else { /* update our IP */ - memcpy(&mem->addr, - &event->event_info.got_ip.ip_info.ip, - sizeof(mem->addr)); - memcpy(&mem->addrv6, - &event->event_info.got_ip6.ip6_info.ip, - sizeof(mem->addrv6)); - lws_group_member_event_call( - LWS_SYSTEM_GROUP_MEMBER_CHANGE, mem); + memcpy(&mem->addr, &event->event_info.got_ip.ip_info.ip, + sizeof(mem->addr)); + memcpy(&mem->addrv6, &event->event_info.got_ip6.ip6_info.ip, + sizeof(mem->addrv6)); + lws_group_member_event_call(LWS_SYSTEM_GROUP_MEMBER_CHANGE, mem); } + + if (mdns_service_txt_set(lws_esp32.mdns, "_lwsgrmem", "_tcp", ARRAY_SIZE(txta), + (const char **)txta)) + lwsl_notice("txt set failed\n"); } else lwsl_err("unable to init mdns on STA: %d\n", n); - mdns_query_txt(lws_esp32.group, "_lwsgrmem", "_tcp", 0, - &mdns_results_head); + mdns_query(lws_esp32.mdns, "_lwsgrmem", "_tcp", 0); xTimerStart(mdns_timer, 0); #endif lwsl_notice(" --- Got IP %s\n", lws_esp32.sta_ip); - if (!sntp_enabled()) { - sntp_setoperatingmode(SNTP_OPMODE_POLL); - sntp_setservername(0, "pool.ntp.org"); - sntp_init(); - } break; case SYSTEM_EVENT_SCAN_DONE: @@ -704,7 +1225,7 @@ esp_err_t lws_esp32_event_passthru(void *ctx, system_event_t *event) static lws_fop_fd_t IRAM_ATTR esp32_lws_fops_open(const struct lws_plat_file_ops *fops, const char *filename, - const char *vfs_path, lws_fop_flags_t *flags) + const char *vfs_path, lws_fop_flags_t *flags) { struct esp32_file *f = malloc(sizeof(*f)); lws_fop_fd_t fop_fd; @@ -727,7 +1248,7 @@ esp32_lws_fops_open(const struct lws_plat_file_ops *fops, const char *filename, fop_fd->mod_time = csum; *flags |= LWS_FOP_FLAG_MOD_TIME_VALID; fop_fd->flags = *flags; - + fop_fd->len = len; fop_fd->pos = 0; @@ -753,7 +1274,7 @@ static lws_fileofs_t IRAM_ATTR esp32_lws_fops_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset_from_cur_pos) { fop_fd->pos += offset_from_cur_pos; - + if (fop_fd->pos > fop_fd->len) fop_fd->pos = fop_fd->len; @@ -798,18 +1319,16 @@ int lws_esp32_wlan_nvs_get(int retry) { nvs_handle nvh; - char lws_esp32_force_ap = 0, slot[12]; + char r[2], lws_esp32_force_ap = 0, slot[12]; size_t s; uint8_t mac[6]; int n; esp_efuse_mac_get_default(mac); mac[5] |= 1; /* match the AP MAC */ - snprintf(lws_esp32.serial, sizeof(lws_esp32.serial) - 1, - "%02X%02X%02X", mac[3], mac[4], mac[5]); - snprintf(lws_esp32.mac, sizeof(lws_esp32.mac) - 1, - "%02X%02X%02X%02X%02X%02X", mac[0], mac[1], mac[2], mac[3], - mac[4], mac[5]); + snprintf(lws_esp32.serial, sizeof(lws_esp32.serial) - 1, "%02X%02X%02X", mac[3], mac[4], mac[5]); + snprintf(lws_esp32.mac, sizeof(lws_esp32.mac) - 1, "%02X%02X%02X%02X%02X%02X", mac[0], + mac[1], mac[2], mac[3], mac[4], mac[5]); ESP_ERROR_CHECK(nvs_open("lws-station", NVS_READWRITE, &nvh)); @@ -838,6 +1357,11 @@ lws_esp32_wlan_nvs_get(int retry) if (nvs_get_str(nvh, "opts", lws_esp32.opts, &s) != ESP_OK) lws_esp32_force_ap = 1; + s = sizeof(r); + if (nvs_get_str(nvh, "region", r, &s) != ESP_OK) + lws_esp32_force_ap = 1; + else + lws_esp32.region = atoi(r); lws_esp32.access_pw[0] = '\0'; nvs_get_str(nvh, "access_pw", lws_esp32.access_pw, &s); @@ -877,8 +1401,6 @@ lws_esp32_wlan_config(void) }; int n; - lwsl_debug("%s\n", __func__); - ledc_timer_config(&ledc_timer); lws_set_genled(LWSESP32_GENLED__INIT); @@ -891,8 +1413,6 @@ lws_esp32_wlan_config(void) (TimerCallbackFunction_t)lws_esp32_scan_timer_cb); debounce_timer = xTimerCreate("lws_db", pdMS_TO_TICKS(100), 0, NULL, (TimerCallbackFunction_t)lws_esp32_debounce_timer_cb); - association_timer = xTimerCreate("lws_assoc", pdMS_TO_TICKS(10000), 0, NULL, - (TimerCallbackFunction_t)lws_esp32_assoc_timer_cb); #if !defined(CONFIG_LWS_IS_FACTORY_APPLICATION) mdns_timer = xTimerCreate("lws_mdns", pdMS_TO_TICKS(5000), 0, NULL, @@ -932,6 +1452,7 @@ lws_esp32_wlan_start_ap(void) ESP_ERROR_CHECK( esp_wifi_init(&cfg)); ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM)); + esp_wifi_set_country(lws_esp32.region); ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_APSTA) ); ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_AP, &config) ); @@ -941,9 +1462,8 @@ lws_esp32_wlan_start_ap(void) esp_wifi_scan_start(&scan_config, false); if (sta_config.sta.ssid[0]) { - tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, - (const char *)&config.ap.ssid[7]); - // esp_wifi_set_auto_connect(1); + tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, (const char *)&config.ap.ssid[7]); + esp_wifi_set_auto_connect(1); ESP_ERROR_CHECK( esp_wifi_connect()); ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &sta_config)); ESP_ERROR_CHECK( esp_wifi_connect()); @@ -957,16 +1477,16 @@ lws_esp32_wlan_start_station(void) ESP_ERROR_CHECK( esp_wifi_init(&cfg)); ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM)); + esp_wifi_set_country(lws_esp32.region); ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA)); ESP_ERROR_CHECK( esp_wifi_set_config(WIFI_IF_STA, &sta_config)); ESP_ERROR_CHECK( esp_wifi_start()); - tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, - (const char *)&config.ap.ssid[7]); - //esp_wifi_set_auto_connect(1); - //ESP_ERROR_CHECK( esp_wifi_connect()); + tcpip_adapter_set_hostname(TCPIP_ADAPTER_IF_STA, (const char *)&config.ap.ssid[7]); + esp_wifi_set_auto_connect(1); + ESP_ERROR_CHECK( esp_wifi_connect()); lws_esp32_scan_timer_cb(NULL); } @@ -974,8 +1494,7 @@ lws_esp32_wlan_start_station(void) const esp_partition_t * lws_esp_ota_get_boot_partition(void) { - const esp_partition_t *part = esp_ota_get_boot_partition(), - *factory_part, *ota; + const esp_partition_t *part = esp_ota_get_boot_partition(), *factory_part, *ota; esp_image_header_t eih, ota_eih; uint32_t *p_force_factory_magic = (uint32_t *)LWS_MAGIC_REBOOT_TYPE_ADS; @@ -990,7 +1509,7 @@ lws_esp_ota_get_boot_partition(void) if (eih.spi_mode == 0xff || *p_force_factory_magic == LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY || *p_force_factory_magic == LWS_MAGIC_REBOOT_TYPE_FORCED_FACTORY_BUTTON - ) { + ) { /* * we believed we were going to boot OTA, but we fell * back to FACTORY in the bootloader when we saw it @@ -999,8 +1518,8 @@ lws_esp_ota_get_boot_partition(void) * factory partition right now. */ part = factory_part; - } - + } + #ifdef CONFIG_LWS_IS_FACTORY_APPLICATION else if (ota_eih.spi_mode != 0xff && @@ -1012,33 +1531,31 @@ lws_esp_ota_get_boot_partition(void) * it means we were just written and need to copy * ourselves into the FACTORY slot. */ - lwsl_notice("Copying FACTORY update into place " - "0x%x len 0x%x\n", factory_part->address, - factory_part->size); - esp_task_wdt_reset(); - if (spi_flash_erase_range(factory_part->address, - factory_part->size)) { + lwsl_notice("Copying FACTORY update into place 0x%x len 0x%x\n", + factory_part->address, factory_part->size); + esp_task_wdt_feed(); + if (spi_flash_erase_range(factory_part->address, factory_part->size) != ESP_OK) { lwsl_err("spi: Failed to erase\n"); goto retry; } for (n = 0; n < factory_part->size; n += sizeof(buf)) { - esp_task_wdt_reset(); - spi_flash_read(part->address + n , buf, - sizeof(buf)); - if (spi_flash_write(factory_part->address + n, - buf, sizeof(buf))) { + esp_task_wdt_feed(); + spi_flash_read(part->address + n , buf, sizeof(buf)); + if (spi_flash_write(factory_part->address + n, buf, sizeof(buf)) != ESP_OK) { lwsl_err("spi: Failed to write\n"); goto retry; } } + /* destroy our OTA image header */ + spi_flash_erase_range(ota->address, 4096); + /* - * We send a message to the bootloader to erase the OTA header, we will come back up in - * factory where the user can reload the OTA image + * with no viable OTA image, we will come back up in factory + * where the user can reload the OTA image */ lwsl_notice(" FACTORY copy successful, rebooting\n"); - lws_esp32_restart_guided(LWS_MAGIC_REBOOT_TYPE_REQ_FACTORY_ERASE_OTA); retry: esp_restart(); } @@ -1060,17 +1577,19 @@ lws_esp32_set_creation_defaults(struct lws_context_creation_info *info) part = lws_esp_ota_get_boot_partition(); (void)part; - info->vhost_name = "default"; info->port = 443; - info->fd_limit_per_thread = 16; - info->max_http_header_pool = 5; + info->fd_limit_per_thread = 30; + info->max_http_header_pool = 3; info->max_http_header_data = 1024; info->pt_serv_buf_size = 4096; info->keepalive_timeout = 30; info->timeout_secs = 30; - info->simultaneous_ssl_restriction = 2; + info->simultaneous_ssl_restriction = 3; info->options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; + + info->ssl_cert_filepath = "ssl-pub.pem"; + info->ssl_private_key_filepath = "ssl-pri.pem"; } int @@ -1084,10 +1603,8 @@ lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i, spi_flash_read(part->address , &eih, sizeof(eih)); hdr = part->address + sizeof(eih); - if (eih.magic != ESP_IMAGE_HEADER_MAGIC) { - lwsl_notice("%s: bad image header magic\n", __func__); + if (eih.magic != ESP_IMAGE_HEADER_MAGIC) return 1; - } eis.data_len = 0; while (eih.segment_count-- && eis.data_len != 0xffffffff) { @@ -1096,12 +1613,7 @@ lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i, } hdr += (~hdr & 15) + 1; - if (eih.hash_appended) - hdr += 0x20; - -// lwsl_notice("romfs estimated at 0x%x\n", hdr); - - i->romfs = hdr + 0x4; + i->romfs = hdr + 4; spi_flash_read(hdr, &i->romfs_len, sizeof(i->romfs_len)); i->json = i->romfs + i->romfs_len + 4; spi_flash_read(i->json - 4, &i->json_len, sizeof(i->json_len)); @@ -1114,165 +1626,35 @@ lws_esp32_get_image_info(const esp_partition_t *part, struct lws_esp32_image *i, return 0; } -static int -_rngf(void *context, unsigned char *buf, size_t len) +struct lws_context * +lws_esp32_init(struct lws_context_creation_info *info) { - if ((size_t)lws_get_random(context, buf, len) == len) - return 0; - - return -1; -} - -int -lws_esp32_selfsigned(struct lws_vhost *vhost) -{ - mbedtls_x509write_cert crt; - char subject[200]; - mbedtls_pk_context mpk; - int buf_size = 4096, n; - uint8_t *buf = malloc(buf_size); /* malloc because given to user code */ - mbedtls_mpi mpi; + const esp_partition_t *part = lws_esp_ota_get_boot_partition(); + struct lws_context *context; + struct lws_esp32_image i; + struct lws_vhost *vhost; nvs_handle nvh; + char buf[512]; size_t s; + int n; - lwsl_notice("%s: %s\n", __func__, vhost->name); - - if (!buf) - return -1; - - if (nvs_open("lws-station", NVS_READWRITE, &nvh)) { - lwsl_notice("%s: can't open nvs\n", __func__); - free(buf); - return 1; - } - + ESP_ERROR_CHECK(nvs_open("lws-station", NVS_READWRITE, &nvh)); n = 0; - if (!nvs_get_blob(nvh, vhost->tls.alloc_cert_path, NULL, &s)) - n |= 1; - if (!nvs_get_blob(nvh, vhost->tls.key_path, NULL, &s)) + s = 1; + if (nvs_get_blob(nvh, "ssl-pub.pem", NULL, &s) == ESP_OK) + n = 1; + s = 1; + if (nvs_get_blob(nvh, "ssl-pri.pem", NULL, &s) == ESP_OK) n |= 2; - nvs_close(nvh); - if (n == 3) { - lwsl_notice("%s: certs exist\n", __func__); - free(buf); - return 0; /* certs already exist */ - } - - lwsl_notice("%s: creating selfsigned initial certs\n", __func__); - - mbedtls_x509write_crt_init(&crt); - - mbedtls_pk_init(&mpk); - if (mbedtls_pk_setup(&mpk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA))) { - lwsl_notice("%s: pk_setup failed\n", __func__); - goto fail; - } - lwsl_notice("%s: generating 2048-bit RSA keypair... " - "this may take a minute or so...\n", __func__); - n = mbedtls_rsa_gen_key(mbedtls_pk_rsa(mpk), _rngf, vhost->context, - 2048, 65537); - if (n) { - lwsl_notice("%s: failed to generate keys\n", __func__); - goto fail1; - } - lwsl_notice("%s: keys done\n", __func__); - - /* subject must be formatted like "C=TW,O=warmcat,CN=myserver" */ - - lws_snprintf(subject, sizeof(subject) - 1, - "C=TW,ST=New Taipei City,L=Taipei,O=warmcat,CN=%s", - lws_esp32.hostname); - - if (mbedtls_x509write_crt_set_subject_name(&crt, subject)) { - lwsl_notice("set SN failed\n"); - goto fail1; - } - mbedtls_x509write_crt_set_subject_key(&crt, &mpk); - if (mbedtls_x509write_crt_set_issuer_name(&crt, subject)) { - lwsl_notice("set IN failed\n"); - goto fail1; - } - mbedtls_x509write_crt_set_issuer_key(&crt, &mpk); - - lws_get_random(vhost->context, &n, sizeof(n)); - lws_snprintf(subject, sizeof(subject), "%d", n); - - mbedtls_mpi_init(&mpi); - mbedtls_mpi_read_string(&mpi, 10, subject); - mbedtls_x509write_crt_set_serial(&crt, &mpi); - mbedtls_mpi_free(&mpi); - - mbedtls_x509write_crt_set_validity(&crt, "20171105235959", - "20491231235959"); - - mbedtls_x509write_crt_set_key_usage(&crt, - MBEDTLS_X509_KU_DIGITAL_SIGNATURE | - MBEDTLS_X509_KU_KEY_ENCIPHERMENT); - - mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256); - - n = mbedtls_x509write_crt_pem(&crt, buf, buf_size, _rngf, - vhost->context); - if (n < 0) { - lwsl_notice("%s: write crt der failed\n", __func__); - goto fail1; - } - - lws_plat_write_cert(vhost, 0, 0, buf, strlen((const char *)buf)); - - if (mbedtls_pk_write_key_pem(&mpk, buf, buf_size)) { - lwsl_notice("write key pem failed\n"); - goto fail1; + if (n != 3) { + /* we are not configured for SSL yet... fall back to port 80 / http */ + info->port = 80; + info->options &= ~LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; + lwsl_notice("No SSL certs... using port 80\n"); } - lws_plat_write_cert(vhost, 1, 0, buf, strlen((const char *)buf)); - - mbedtls_pk_free(&mpk); - mbedtls_x509write_crt_free(&crt); - - lwsl_notice("%s: cert creation complete\n", __func__); - - return n; - -fail1: - mbedtls_pk_free(&mpk); -fail: - mbedtls_x509write_crt_free(&crt); - free(buf); - - nvs_close(nvh); - - return -1; -} - -void -lws_esp32_update_acme_info(void) -{ - int n; - - n = lws_plat_read_file("acme-email", lws_esp32.le_email, - sizeof(lws_esp32.le_email) - 1); - if (n >= 0) - lws_esp32.le_email[n] = '\0'; - - n = lws_plat_read_file("acme-cn", lws_esp32.le_dns, - sizeof(lws_esp32.le_dns) - 1); - if (n >= 0) - lws_esp32.le_dns[n] = '\0'; -} - -struct lws_context * -lws_esp32_init(struct lws_context_creation_info *info, struct lws_vhost **pvh) -{ - const esp_partition_t *part = lws_esp_ota_get_boot_partition(); - struct lws_context *context; - struct lws_esp32_image i; - struct lws_vhost *vhost; - struct lws wsi; - char buf[512]; - context = lws_create_context(info); if (context == NULL) { lwsl_err("Failed to create context\n"); @@ -1280,11 +1662,10 @@ lws_esp32_init(struct lws_context_creation_info *info, struct lws_vhost **pvh) } lws_esp32_get_image_info(part, &i, buf, sizeof(buf) - 1); - + lws_esp32_romfs = (romfs_t)i.romfs; if (!romfs_mount_check(lws_esp32_romfs)) { - lwsl_err("mount error on ROMFS at %p 0x%x\n", lws_esp32_romfs, - i.romfs); + lwsl_err("Failed to mount ROMFS at %p 0x%x\n", lws_esp32_romfs, i.romfs); return NULL; } @@ -1296,31 +1677,13 @@ lws_esp32_init(struct lws_context_creation_info *info, struct lws_vhost **pvh) lws_set_fops(context, &fops); - info->options |= LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX | - LWS_SERVER_OPTION_IGNORE_MISSING_CERT; - vhost = lws_create_vhost(context, info); - if (!vhost) { + if (!vhost) lwsl_err("Failed to create vhost\n"); - return NULL; - } - - lws_esp32_update_acme_info(); - - lws_esp32_selfsigned(vhost); - wsi.context = vhost->context; - wsi.vhost = vhost; - - lws_tls_server_certs_load(vhost, &wsi, info->ssl_cert_filepath, - info->ssl_private_key_filepath, NULL, 0, NULL, 0); - - lws_init_vhost_client_ssl(info, vhost); + else + lws_init_vhost_client_ssl(info, vhost); - if (pvh) - *pvh = vhost; - - if (lws_protocol_init(context)) - return NULL; + lws_protocol_init(context); return context; } @@ -1365,3 +1728,4 @@ uint16_t lws_esp32_sine_interp(int n) return (sine_lu(n >> 4) * (15 - (n & 15)) + sine_lu((n >> 4) + 1) * (n & 15)) / 15; } + diff --git a/lib/lws-plat-esp8266.c b/lib/lws-plat-esp8266.c new file mode 100644 index 0000000..39f6930 --- /dev/null +++ b/lib/lws-plat-esp8266.c @@ -0,0 +1,700 @@ +#include "private-libwebsockets.h" + +#include "ip_addr.h" + +/* forced into this because new espconn accepted callbacks carry no context ptr */ +static struct lws_context *hacky_context; +static unsigned int time_high, ot; + +/* + * included from libwebsockets.c for esp8266 builds + */ + +unsigned long long time_in_microseconds(void) +{ + unsigned int t = system_get_time(); + + if (ot > t) + time_high++; + ot = t; + + return (((long long)time_high) << 32) | t; +} + +int gettimeofday(struct timeval *tv, void *tz) +{ + unsigned long long t = time_in_microseconds(); + + tv->tv_sec = t / 1000000; + tv->tv_usec = t % 1000000; + + return 0; +} + +time_t time(time_t *tloc) +{ + unsigned long long t = time_in_microseconds(); + + if (tloc) + *tloc = t / 1000000; + + return 0; +} + +LWS_VISIBLE int +lws_get_random(struct lws_context *context, void *buf, int len) +{ +// return read(context->fd_random, (char *)buf, len); + return 0; +} + +LWS_VISIBLE int +lws_send_pipe_choked(struct lws *wsi) +{ + return wsi->pending_send_completion; +} + +LWS_VISIBLE struct lws * +wsi_from_fd(const struct lws_context *context, lws_sockfd_type fd) +{ + int n; + + for (n = 0; n < context->max_fds; n++) + if (context->connpool[n] == fd) + return (struct lws *)context->connpool[n + context->max_fds]; + + return NULL; +} + +LWS_VISIBLE int +lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len) +{ + //lwsl_notice("%s: wsi %p: len %d\n", __func__, wsi, len); + + wsi->pending_send_completion++; + espconn_send(wsi->desc.sockfd, buf, len); + + return len; +} + +void abort(void) +{ + while(1) ; +} + +void exit(int n) +{ + abort(); +} + +void _sint(void *s) +{ +} + +LWS_VISIBLE int +insert_wsi(struct lws_context *context, struct lws *wsi) +{ + (void)context; + (void)wsi; + + return 0; +} + +LWS_VISIBLE int +delete_from_fd(struct lws_context *context, lws_sockfd_type fd) +{ + (void)context; + (void)fd; + + return 1; +} + +struct tm *localtime(const time_t *timep) +{ + return NULL; +} +struct tm *localtime_r(const time_t *timep, struct tm *t) +{ + return NULL; +} + +int atoi(const char *s) +{ + int n = 0; + + while (*s && (*s >= '0' && *s <= '9')) + n = (n * 10) + ((*s++) - '0'); + + return n; +} + +#undef isxdigit +int isxdigit(int c) +{ + if (c >= 'A' && c <= 'F') + return 1; + + if (c >= 'a' && c <= 'f') + return 1; + + if (c >= '0' && c <= '9') + return 1; + + return 0; +} + +int strcasecmp(const char *s1, const char *s2) +{ + char a, b; + while (*s1 && *s2) { + a = *s1++; + b = *s2++; + + if (a == b) + continue; + + if (a >= 'a' && a <= 'z') + a -= 'a' - 'A'; + if (b >= 'a' && b <= 'z') + b -= 'a' - 'A'; + + if (a != b) + return 1; + } + + return 0; +} + +LWS_VISIBLE int +lws_poll_listen_fd(struct lws_pollfd *fd) +{ + return 0; +} + +LWS_VISIBLE void +lws_cancel_service_pt(struct lws *wsi) +{ +} + +LWS_VISIBLE void +lws_cancel_service(struct lws_context *context) +{ +} + +LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) +{ + extern void output_redirect(const char *str); + output_redirect(line); +} + +LWS_VISIBLE LWS_EXTERN int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + return 0; +} + +LWS_VISIBLE int +lws_plat_check_connection_error(struct lws *wsi) +{ + return 0; +} + +LWS_VISIBLE int +lws_plat_service(struct lws_context *context, int timeout_ms) +{ +// return _lws_plat_service_tsi(context, timeout_ms, 0); + return 0; +} + +static int +esp8266_find_free_conn(struct lws_context *context) +{ + int n; + + for (n = 0; n < context->max_fds; n++) + if (!context->connpool[n]) { + lwsl_info(" using connpool %d\n", n); + return n; + } + + lwsl_err("%s: no free conns\n", __func__); + + return -1; +} + +lws_sockfd_type +esp8266_create_tcp_listen_socket(struct lws_vhost *vh) +{ + int n = esp8266_find_free_conn(vh->context); + struct espconn *conn; + + if (n < 0) + return NULL; + + conn = lws_zalloc(sizeof *conn); + if (!conn) + return NULL; + + vh->context->connpool[n] = conn; + + conn->type = ESPCONN_TCP; + conn->state = ESPCONN_NONE; + conn->proto.tcp = &vh->tcp; + + return conn; +} + +const char * +lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen) +{ + unsigned char *p = wsi->desc.sockfd->proto.tcp->remote_ip; + + lws_snprintf(name, namelen, "%u.%u.%u.%u", p[0], p[1], p[2], p[3]); + + return name; +} + +LWS_VISIBLE int +lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, int len) +{ + //lwsl_notice("%s\n", __func__); + + if (!wsi->context->rxd) + return 0; + + if (len < wsi->context->rxd_len) + lwsl_err("trunc read (%d vs %d)\n", len, wsi->context->rxd_len); + else + len = wsi->context->rxd_len; + + ets_memcpy(buf, wsi->context->rxd, len); + + wsi->context->rxd = NULL; + + return len; +} + +static void +cb_1Hz(void *arg) +{ + struct lws_context *context = arg; + struct lws_context_per_thread *pt = &context->pt[0]; + struct lws *wsi; + struct lws_pollfd *pollfd; + int n; + + /* Service any ah that has pending rx */ + for (n = 0; n < context->max_http_header_pool; n++) + if (pt->ah_pool[n].rxpos != pt->ah_pool[n].rxlen) { + wsi = pt->ah_pool[n].wsi; + pollfd = &pt->fds[wsi->position_in_fds_table]; + if (pollfd->events & LWS_POLLIN) { + pollfd->revents |= LWS_POLLIN; + lws_service_fd(context, pollfd); + } + } + + /* handle timeouts */ + + lws_service_fd(context, NULL); +} + +static void +esp8266_cb_rx(void *arg, char *data, unsigned short len) +{ + struct espconn *conn = arg; + struct lws *wsi = conn->reverse; + struct lws_context_per_thread *pt = &wsi->context->pt[0]; + struct lws_pollfd pollfd; + int n = 0; + + /* + * if we're doing HTTP headers, and we have no ah, check if there is + * a free ah, if not, have to buffer it + */ + if (!wsi->hdr_parsing_completed && !wsi->u.hdr.ah) { + for (n = 0; n < wsi->context->max_http_header_pool; n++) + if (!pt->ah_pool[n].in_use) + break; + + n = n == wsi->context->max_http_header_pool; + } + + if (!(pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN) || n) { + wsi->premature_rx = realloc(wsi->premature_rx, + wsi->prem_rx_size + len); + if (!wsi->premature_rx) + return; + os_memcpy((char *)wsi->premature_rx + wsi->prem_rx_size, data, len); + wsi->prem_rx_size += len; + // lwsl_notice("%s: wsi %p: len %d BUFFERING\n", __func__, wsi, len); + + if (n) /* we know it will fail, but we will get on the wait list */ + n = lws_header_table_attach(wsi, 0); + + (void)n; + return; + } + + //lwsl_err("%s: wsi %p. len %d\n", __func__, wsi, len); + + pollfd.fd = arg; + pollfd.events = LWS_POLLIN; + pollfd.revents = LWS_POLLIN; + + wsi->context->rxd = data; + wsi->context->rxd_len = len; + + lws_service_fd(lws_get_context(wsi), &pollfd); + +} + +static void +esp8266_cb_sent(void *arg) +{ + struct espconn *conn = arg; + struct lws *wsi = conn->reverse; + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + +// lwsl_err("%s: wsi %p (psc %d) wsi->position_in_fds_table=%d\n", __func__, wsi, wsi->pending_send_completion, wsi->position_in_fds_table); + + wsi->pending_send_completion--; + if (wsi->close_is_pending_send_completion && + !wsi->pending_send_completion && + !lws_partial_buffered(wsi)) { + lwsl_notice("doing delayed close\n"); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + } + + if (pt->fds[wsi->position_in_fds_table].events & LWS_POLLOUT) { + struct lws_pollfd pollfd; + + pollfd.fd = arg; + pollfd.events = LWS_POLLOUT; + pollfd.revents = LWS_POLLOUT; + +// lwsl_notice("informing POLLOUT\n"); + + lws_service_fd(lws_get_context(wsi), &pollfd); + } +} + +static void +esp8266_cb_disconnected(void *arg) +{ + struct espconn *conn = arg; + struct lws *wsi = conn->reverse; + int n; + + lwsl_notice("%s: %p\n", __func__, wsi); + + for (n = 0; n < hacky_context->max_fds; n++) + if (hacky_context->connpool[n] == arg) { + hacky_context->connpool[n] = NULL; + lwsl_info(" freed connpool %d\n", n); + } + + if (wsi) { + conn->reverse = NULL; + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + lwsl_notice("closed ok\n"); + } +} + +static void +esp8266_cb_recon(void *arg, signed char err) +{ + struct espconn *conn = arg; + + lwsl_err("%s: wsi %p. err %d\n", __func__, conn->reverse, err); + + conn->state = ESPCONN_CLOSE; + + esp8266_cb_disconnected(arg); +} + +/* + * there is no reliable indication of which listen socket we were accepted on. + */ + +static void +esp8266_cb_connect(void *arg) +{ + struct espconn *cs = arg; +// struct ip_addr *ipa = (struct ip_addr *)cs->proto.tcp->remote_ip; + struct lws_vhost *vh = hacky_context->vhost_list; +// struct ip_info info; + struct lws *wsi; + int n; + + lwsl_notice("%s: (wsi coming): %p\n", __func__, cs->reverse); +#if 0 + wifi_get_ip_info(0, &info); + if (ip_addr_netcmp(ipa, &info.ip, &info.netmask)) { + /* we are on the same subnet as the AP, ie, connected to AP */ + while (vh && strcmp(vh->name, "ap")) + vh = vh->vhost_next; + } else + while (vh && !strcmp(vh->name, "ap")) + vh = vh->vhost_next; + + if (!vh) + goto bail; +#endif + n = esp8266_find_free_conn(hacky_context); + if (n < 0) + goto bail; + + hacky_context->connpool[n] = cs; + + espconn_recv_hold(cs); + + wsi = lws_adopt_socket_vhost(vh, cs); + if (!wsi) + goto bail; + + lwsl_err("%s: wsi %p (using free_conn %d): vh %s\n", __func__, wsi, n, vh->name); + + espconn_regist_recvcb(cs, esp8266_cb_rx); + espconn_regist_reconcb(cs, esp8266_cb_recon); + espconn_regist_disconcb(cs, esp8266_cb_disconnected); + espconn_regist_sentcb(cs, esp8266_cb_sent); + + espconn_set_opt(cs, ESPCONN_NODELAY | ESPCONN_REUSEADDR); + espconn_regist_time(cs, 7200, 1); + + return; + +bail: + lwsl_err("%s: bailed]n", __func__); + espconn_disconnect(cs); +} + +void +esp8266_tcp_stream_bind(lws_sockfd_type fd, int port, struct lws *wsi) +{ + fd->proto.tcp->local_port = port; + fd->reverse = wsi; + + hacky_context = wsi->context; + + espconn_regist_connectcb(fd, esp8266_cb_connect); + /* hmmm it means, listen() + accept() */ + espconn_accept(fd); + + espconn_tcp_set_max_con_allow(fd, 10); +} + +void +esp8266_tcp_stream_accept(lws_sockfd_type fd, struct lws *wsi) +{ + int n; + + fd->reverse = wsi; + + for (n = 0; n < wsi->context->max_fds ; n++) + if (wsi->context->connpool[n] == wsi->desc.sockfd) + wsi->position_in_fds_table = n; +} + +LWS_VISIBLE int +lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd) +{ + return 0; +} + +LWS_VISIBLE void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info) +{ +} + +LWS_VISIBLE int +lws_plat_context_early_init(void) +{ + espconn_tcp_set_max_con(12); + + return 0; +} + +LWS_VISIBLE void +lws_plat_context_early_destroy(struct lws_context *context) +{ +} + +LWS_VISIBLE void +lws_plat_context_late_destroy(struct lws_context *context) +{ +#if 0 + struct lws_context_per_thread *pt = &context->pt[0]; + int m = context->count_threads; + + if (context->lws_lookup) + lws_free(context->lws_lookup); + + while (m--) { + close(pt->dummy_pipe_fds[0]); + close(pt->dummy_pipe_fds[1]); + pt++; + } +#endif +// close(context->fd_random); +} + +/* cast a struct sockaddr_in6 * into addr for ipv6 */ + +LWS_VISIBLE int +lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, + size_t addrlen) +{ + return 0; +} + +LWS_VISIBLE void +lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + + context->connpool[wsi->position_in_fds_table + context->max_fds] = (lws_sockfd_type)wsi; + wsi->desc.sockfd->reverse = wsi; + pt->fds_count++; +} + +LWS_VISIBLE void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + int n; + + for (n = 0; n < wsi->context->max_fds; n++) + if (wsi->context->connpool[n] == wsi->desc.sockfd) { + wsi->context->connpool[n] = NULL; + wsi->context->connpool[n + wsi->context->max_fds] = NULL; + lwsl_notice(" freed connpool %d\n", n); + } + + wsi->desc.sockfd->reverse = NULL; + pt->fds_count--; +} + +LWS_VISIBLE void +lws_plat_service_periodic(struct lws_context *context) +{ +} + +LWS_VISIBLE int +lws_plat_change_pollfd(struct lws_context *context, + struct lws *wsi, struct lws_pollfd *pfd) +{ + void *p; + + //lwsl_notice("%s: %p: wsi->pift=%d, events %d\n", + // __func__, wsi, wsi->position_in_fds_table, pfd->events); + + if (pfd->events & LWS_POLLIN) { + if (wsi->premature_rx) { + lwsl_notice("replaying buffered rx: wsi %p\n", wsi); + p = wsi->premature_rx; + wsi->premature_rx = NULL; + esp8266_cb_rx(wsi->desc.sockfd, + (char *)p + wsi->prem_rx_pos, + wsi->prem_rx_size - wsi->prem_rx_pos); + wsi->prem_rx_size = 0; + wsi->prem_rx_pos = 0; + lws_free(p); + } + if (espconn_recv_unhold(wsi->desc.sockfd) < 0) + return -1; + } else + if (espconn_recv_hold(wsi->desc.sockfd) < 0) + return -1; + + if (!(pfd->events & LWS_POLLOUT)) + return 0; + + if (!wsi->pending_send_completion) { + pfd->revents |= LWS_POLLOUT; + +// lwsl_notice("doing POLLOUT\n"); + lws_service_fd(lws_get_context(wsi), pfd); + } //else + //lwsl_notice("pending sc\n"); + + return 0; +} + +LWS_VISIBLE const char * +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) +{ +// return inet_ntop(af, src, dst, cnt); + return 0; +} + +LWS_VISIBLE int +lws_plat_inet_pton(int af, const char *src, void *dst) +{ + //return inet_pton(af, src, dst); + return 1; +} + +LWS_VISIBLE int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info) +{ +// struct lws_context_per_thread *pt = &context->pt[0]; +// int n = context->count_threads, fd; + + /* master context has the global fd lookup array */ + context->connpool = lws_zalloc(sizeof(struct espconn *) * + context->max_fds * 2); + if (context->connpool == NULL) { + lwsl_err("OOM on lws_lookup array for %d connections\n", + context->max_fds); + return 1; + } + + lwsl_notice(" mem: platform fd map: %5u bytes\n", + sizeof(struct espconn *) * context->max_fds); +// fd = open(SYSTEM_RANDOM_FILEPATH, O_RDONLY); + +// context->fd_random = fd; +// if (context->fd_random < 0) { +// lwsl_err("Unable to open random device %s %d\n", +// SYSTEM_RANDOM_FILEPATH, context->fd_random); +// return 1; +// } + + os_memset(&context->to_timer, 0, sizeof(os_timer_t)); + os_timer_disarm(&context->to_timer); + os_timer_setfn(&context->to_timer, (os_timer_func_t *)cb_1Hz, context); + os_timer_arm(&context->to_timer, 1000, 1); + + if (!lws_libev_init_fd_table(context) && + !lws_libuv_init_fd_table(context) && + !lws_libevent_init_fd_table(context)) { + /* otherwise libev handled it instead */ +#if 0 + while (n--) { + if (pipe(pt->dummy_pipe_fds)) { + lwsl_err("Unable to create pipe\n"); + return 1; + } + + /* use the read end of pipe as first item */ + pt->fds[0].fd = pt->dummy_pipe_fds[0]; + pt->fds[0].events = LWS_POLLIN; + pt->fds[0].revents = 0; + pt->fds_count = 1; + pt++; + } +#endif + } + + +#ifdef LWS_WITH_PLUGINS + if (info->plugin_dirs) + lws_plat_plugins_init(context, info->plugin_dirs); +#endif + + return 0; +} diff --git a/lib/lws-plat-optee.c b/lib/lws-plat-optee.c new file mode 100644 index 0000000..3006a6d --- /dev/null +++ b/lib/lws-plat-optee.c @@ -0,0 +1,329 @@ +#include "private-libwebsockets.h" + +/* + * included from libwebsockets.c for OPTEE builds + */ + +void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen); + +unsigned long long time_in_microseconds(void) +{ + return ((unsigned long long)time(NULL)) * 1000000; +} +#if 0 +LWS_VISIBLE int +lws_get_random(struct lws_context *context, void *buf, int len) +{ + TEE_GenerateRandom(buf, len); + + return len; +} +#endif +LWS_VISIBLE int +lws_send_pipe_choked(struct lws *wsi) +{ +#if 0 + struct lws_pollfd fds; + + /* treat the fact we got a truncated send pending as if we're choked */ + if (wsi->trunc_len) + return 1; + + fds.fd = wsi->desc.sockfd; + fds.events = POLLOUT; + fds.revents = 0; + + if (poll(&fds, 1, 0) != 1) + return 1; + + if ((fds.revents & POLLOUT) == 0) + return 1; +#endif + /* okay to send another packet without blocking */ + + return 0; +} + +LWS_VISIBLE int +lws_poll_listen_fd(struct lws_pollfd *fd) +{ +// return poll(fd, 1, 0); + + return 0; +} + +LWS_VISIBLE void +lws_cancel_service_pt(struct lws *wsi) +{ +#if 0 + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + char buf = 0; + + if (write(pt->dummy_pipe_fds[1], &buf, sizeof(buf)) != 1) + lwsl_err("Cannot write to dummy pipe"); +#endif +} + +LWS_VISIBLE void +lws_cancel_service(struct lws_context *context) +{ +#if 0 + struct lws_context_per_thread *pt = &context->pt[0]; + char buf = 0, m = context->count_threads; + + while (m--) { + if (write(pt->dummy_pipe_fds[1], &buf, sizeof(buf)) != 1) + lwsl_err("Cannot write to dummy pipe"); + pt++; + } +#endif +} +#if 0 +LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) +{ + IMSG("%d: %s\n", level, line); +} +#endif + +LWS_VISIBLE LWS_EXTERN int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + struct lws_context_per_thread *pt; + int n = -1, m, c; + //char buf; + + /* stay dead once we are dead */ + + if (!context || !context->vhost_list) + return 1; + + pt = &context->pt[tsi]; + + if (timeout_ms < 0) + goto faked_service; + + if (!context->service_tid_detected) { + struct lws _lws; + + memset(&_lws, 0, sizeof(_lws)); + _lws.context = context; + + context->service_tid_detected = + context->vhost_list->protocols[0].callback( + &_lws, LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); + } + context->service_tid = context->service_tid_detected; + + /* + * is there anybody with pending stuff that needs service forcing? + */ + if (!lws_service_adjust_timeout(context, 1, tsi)) { + lwsl_notice("%s: doing forced service\n", __func__); + /* -1 timeout means just do forced service */ + _lws_plat_service_tsi(context, -1, pt->tid); + /* still somebody left who wants forced service? */ + if (!lws_service_adjust_timeout(context, 1, pt->tid)) + /* yes... come back again quickly */ + timeout_ms = 0; + } +#if 1 + n = poll(pt->fds, pt->fds_count, timeout_ms); + +#ifdef LWS_OPENSSL_SUPPORT + if (!pt->rx_draining_ext_list && + !lws_ssl_anybody_has_buffered_read_tsi(context, tsi) && !n) { +#else + if (!pt->rx_draining_ext_list && !n) /* poll timeout */ { +#endif + lws_service_fd_tsi(context, NULL, tsi); + return 0; + } +#endif +faked_service: + m = lws_service_flag_pending(context, tsi); + if (m) + c = -1; /* unknown limit */ + else + if (n < 0) { + if (LWS_ERRNO != LWS_EINTR) + return -1; + return 0; + } else + c = n; + + /* any socket with events to service? */ + for (n = 0; n < pt->fds_count && c; n++) { + if (!pt->fds[n].revents) + continue; + + c--; +#if 0 + if (pt->fds[n].fd == pt->dummy_pipe_fds[0]) { + if (read(pt->fds[n].fd, &buf, 1) != 1) + lwsl_err("Cannot read from dummy pipe."); + continue; + } +#endif + m = lws_service_fd_tsi(context, &pt->fds[n], tsi); + if (m < 0) + return -1; + /* if something closed, retry this slot */ + if (m) + n--; + } + + return 0; +} + +LWS_VISIBLE int +lws_plat_check_connection_error(struct lws *wsi) +{ + return 0; +} + +LWS_VISIBLE int +lws_plat_service(struct lws_context *context, int timeout_ms) +{ + return _lws_plat_service_tsi(context, timeout_ms, 0); +} + +LWS_VISIBLE int +lws_plat_set_socket_options(struct lws_vhost *vhost, int fd) +{ + return 0; +} + +LWS_VISIBLE void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info) +{ +} + +LWS_VISIBLE int +lws_plat_context_early_init(void) +{ + return 0; +} + +LWS_VISIBLE void +lws_plat_context_early_destroy(struct lws_context *context) +{ +} + +LWS_VISIBLE void +lws_plat_context_late_destroy(struct lws_context *context) +{ + if (context->lws_lookup) + lws_free(context->lws_lookup); +} + +/* cast a struct sockaddr_in6 * into addr for ipv6 */ + +LWS_VISIBLE int +lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, + size_t addrlen) +{ + return -1; +} + +LWS_VISIBLE void +lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->fds[pt->fds_count++].revents = 0; +} + +LWS_VISIBLE void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->fds_count--; +} + +LWS_VISIBLE void +lws_plat_service_periodic(struct lws_context *context) +{ +} + +LWS_VISIBLE int +lws_plat_change_pollfd(struct lws_context *context, + struct lws *wsi, struct lws_pollfd *pfd) +{ + return 0; +} + +LWS_VISIBLE const char * +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) +{ + //return inet_ntop(af, src, dst, cnt); + return "lws_plat_inet_ntop"; +} + +LWS_VISIBLE int +lws_plat_inet_pton(int af, const char *src, void *dst) +{ + //return inet_pton(af, src, dst); + return 1; +} + +LWS_VISIBLE lws_fop_fd_t +_lws_plat_file_open(lws_plat_file_open(struct lws_plat_file_ops *fops, + const char *filename, lws_fop_flags_t *flags) +{ + return NULL; +} + +LWS_VISIBLE int +_lws_plat_file_close(lws_fop_fd_t *fop_fd) +{ + return 0; +} + +LWS_VISIBLE lws_fileofs_t +_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + return 0; +} + +LWS_VISIBLE int +_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + + return 0; +} + +LWS_VISIBLE int +_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + + return 0; +} + + +LWS_VISIBLE int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info) +{ + /* master context has the global fd lookup array */ + context->lws_lookup = lws_zalloc(sizeof(struct lws *) * + context->max_fds); + if (context->lws_lookup == NULL) { + lwsl_err("OOM on lws_lookup array for %d connections\n", + context->max_fds); + return 1; + } + + lwsl_notice(" mem: platform fd map: %5lu bytes\n", + (long)sizeof(struct lws *) * context->max_fds); + +#ifdef LWS_WITH_PLUGINS + if (info->plugin_dirs) + lws_plat_plugins_init(context, info->plugin_dirs); +#endif + + return 0; +} diff --git a/lib/lws-plat-unix.c b/lib/lws-plat-unix.c new file mode 100644 index 0000000..28e5bbe --- /dev/null +++ b/lib/lws-plat-unix.c @@ -0,0 +1,828 @@ +#include "private-libwebsockets.h" + +#include +#include + +#ifdef LWS_WITH_PLUGINS +#include +#endif +#include + + +/* + * included from libwebsockets.c for unix builds + */ + +unsigned long long time_in_microseconds(void) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + return ((unsigned long long)tv.tv_sec * 1000000LL) + tv.tv_usec; +} + +LWS_VISIBLE int +lws_get_random(struct lws_context *context, void *buf, int len) +{ + return read(context->fd_random, (char *)buf, len); +} + +LWS_VISIBLE int +lws_send_pipe_choked(struct lws *wsi) +{ + struct lws_pollfd fds; + + /* treat the fact we got a truncated send pending as if we're choked */ + if (wsi->trunc_len) + return 1; + + fds.fd = wsi->desc.sockfd; + fds.events = POLLOUT; + fds.revents = 0; + + if (poll(&fds, 1, 0) != 1) + return 1; + + if ((fds.revents & POLLOUT) == 0) + return 1; + + /* okay to send another packet without blocking */ + + return 0; +} + +LWS_VISIBLE int +lws_poll_listen_fd(struct lws_pollfd *fd) +{ + return poll(fd, 1, 0); +} + +LWS_VISIBLE void +lws_cancel_service_pt(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + char buf = 0; + + if (write(pt->dummy_pipe_fds[1], &buf, sizeof(buf)) != 1) + lwsl_err("Cannot write to dummy pipe"); +} + +LWS_VISIBLE void +lws_cancel_service(struct lws_context *context) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + char buf = 0, m = context->count_threads; + + while (m--) { + if (write(pt->dummy_pipe_fds[1], &buf, sizeof(buf)) != 1) + lwsl_err("Cannot write to dummy pipe"); + pt++; + } +} + +LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) +{ + int syslog_level = LOG_DEBUG; + + switch (level) { + case LLL_ERR: + syslog_level = LOG_ERR; + break; + case LLL_WARN: + syslog_level = LOG_WARNING; + break; + case LLL_NOTICE: + syslog_level = LOG_NOTICE; + break; + case LLL_INFO: + syslog_level = LOG_INFO; + break; + } + syslog(syslog_level, "%s", line); +} + +LWS_VISIBLE LWS_EXTERN int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + struct lws_context_per_thread *pt; + int n = -1, m, c; + char buf; + + /* stay dead once we are dead */ + + if (!context || !context->vhost_list) + return 1; + + pt = &context->pt[tsi]; + + lws_stats_atomic_bump(context, pt, LWSSTATS_C_SERVICE_ENTRY, 1); + + if (timeout_ms < 0) + goto faked_service; + + lws_libev_run(context, tsi); + lws_libuv_run(context, tsi); + lws_libevent_run(context, tsi); + + if (!context->service_tid_detected) { + struct lws _lws; + + memset(&_lws, 0, sizeof(_lws)); + _lws.context = context; + + context->service_tid_detected = + context->vhost_list->protocols[0].callback( + &_lws, LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); + } + context->service_tid = context->service_tid_detected; + + /* + * is there anybody with pending stuff that needs service forcing? + */ + if (!lws_service_adjust_timeout(context, 1, tsi)) { + /* -1 timeout means just do forced service */ + _lws_plat_service_tsi(context, -1, pt->tid); + /* still somebody left who wants forced service? */ + if (!lws_service_adjust_timeout(context, 1, pt->tid)) + /* yes... come back again quickly */ + timeout_ms = 0; + } + + n = poll(pt->fds, pt->fds_count, timeout_ms); + +#ifdef LWS_OPENSSL_SUPPORT + if (!pt->rx_draining_ext_list && + !lws_ssl_anybody_has_buffered_read_tsi(context, tsi) && !n) { +#else + if (!pt->rx_draining_ext_list && !n) /* poll timeout */ { +#endif + lws_service_fd_tsi(context, NULL, tsi); + return 0; + } + +faked_service: + m = lws_service_flag_pending(context, tsi); + if (m) + c = -1; /* unknown limit */ + else + if (n < 0) { + if (LWS_ERRNO != LWS_EINTR) + return -1; + return 0; + } else + c = n; + + /* any socket with events to service? */ + for (n = 0; n < pt->fds_count && c; n++) { + if (!pt->fds[n].revents) + continue; + + c--; + + if (pt->fds[n].fd == pt->dummy_pipe_fds[0]) { + if (read(pt->fds[n].fd, &buf, 1) != 1) + lwsl_err("Cannot read from dummy pipe."); + continue; + } + + m = lws_service_fd_tsi(context, &pt->fds[n], tsi); + if (m < 0) + return -1; + /* if something closed, retry this slot */ + if (m) + n--; + } + + return 0; +} + +LWS_VISIBLE int +lws_plat_check_connection_error(struct lws *wsi) +{ + return 0; +} + +LWS_VISIBLE int +lws_plat_service(struct lws_context *context, int timeout_ms) +{ + return _lws_plat_service_tsi(context, timeout_ms, 0); +} + +LWS_VISIBLE int +lws_plat_set_socket_options(struct lws_vhost *vhost, int fd) +{ + int optval = 1; + socklen_t optlen = sizeof(optval); + +#if defined(__APPLE__) || \ + defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ + defined(__NetBSD__) || \ + defined(__OpenBSD__) + struct protoent *tcp_proto; +#endif + + if (vhost->ka_time) { + /* enable keepalive on this socket */ + optval = 1; + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, + (const void *)&optval, optlen) < 0) + return 1; + +#if defined(__APPLE__) || \ + defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ + defined(__NetBSD__) || \ + defined(__CYGWIN__) || defined(__OpenBSD__) || defined (__sun) + + /* + * didn't find a way to set these per-socket, need to + * tune kernel systemwide values + */ +#else + /* set the keepalive conditions we want on it too */ + optval = vhost->ka_time; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, + (const void *)&optval, optlen) < 0) + return 1; + + optval = vhost->ka_interval; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPINTVL, + (const void *)&optval, optlen) < 0) + return 1; + + optval = vhost->ka_probes; + if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPCNT, + (const void *)&optval, optlen) < 0) + return 1; +#endif + } + +#if defined(SO_BINDTODEVICE) + if (vhost->bind_iface && vhost->iface) { + lwsl_info("binding listen skt to %s using SO_BINDTODEVICE\n", vhost->iface); + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, vhost->iface, + strlen(vhost->iface)) < 0) { + lwsl_warn("Failed to bind to device %s\n", vhost->iface); + return 1; + } + } +#endif + + /* Disable Nagle */ + optval = 1; +#if defined (__sun) + if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (const void *)&optval, optlen) < 0) + return 1; +#elif !defined(__APPLE__) && \ + !defined(__FreeBSD__) && !defined(__FreeBSD_kernel__) && \ + !defined(__NetBSD__) && \ + !defined(__OpenBSD__) + if (setsockopt(fd, SOL_TCP, TCP_NODELAY, (const void *)&optval, optlen) < 0) + return 1; +#else + tcp_proto = getprotobyname("TCP"); + if (setsockopt(fd, tcp_proto->p_proto, TCP_NODELAY, &optval, optlen) < 0) + return 1; +#endif + + /* We are nonblocking... */ + if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) + return 1; + + return 0; +} + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) +static void +_lws_plat_apply_caps(int mode, cap_value_t *cv, int count) +{ + cap_t caps; + + if (!count) + return; + + caps = cap_get_proc(); + + cap_set_flag(caps, mode, count, cv, CAP_SET); + cap_set_proc(caps); + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + cap_free(caps); +} +#endif + +LWS_VISIBLE void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info) +{ +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + int n; +#endif + + if (info->gid != -1) + if (setgid(info->gid)) + lwsl_warn("setgid: %s\n", strerror(LWS_ERRNO)); + + if (info->uid != -1) { + struct passwd *p = getpwuid(info->uid); + + if (p) { + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + _lws_plat_apply_caps(CAP_PERMITTED, info->caps, info->count_caps); +#endif + + initgroups(p->pw_name, info->gid); + if (setuid(info->uid)) + lwsl_warn("setuid: %s\n", strerror(LWS_ERRNO)); + else + lwsl_notice("Set privs to user '%s'\n", p->pw_name); + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + _lws_plat_apply_caps(CAP_EFFECTIVE, info->caps, info->count_caps); + + if (info->count_caps) + for (n = 0; n < info->count_caps; n++) + lwsl_notice(" RETAINING CAPABILITY %d\n", (int)info->caps[n]); +#endif + + } else + lwsl_warn("getpwuid: unable to find uid %d", info->uid); + } +} + +#ifdef LWS_WITH_PLUGINS + +#if defined(LWS_USE_LIBUV) && UV_VERSION_MAJOR > 0 + +/* libuv.c implements these in a cross-platform way */ + +#else + +static int filter(const struct dirent *ent) +{ + if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) + return 0; + + return 1; +} + +LWS_VISIBLE int +lws_plat_plugins_init(struct lws_context * context, const char * const *d) +{ + struct lws_plugin_capability lcaps; + struct lws_plugin *plugin; + lws_plugin_init_func initfunc; + struct dirent **namelist; + int n, i, m, ret = 0; + char path[256]; + void *l; + + lwsl_notice(" Plugins:\n"); + + while (d && *d) { + n = scandir(*d, &namelist, filter, alphasort); + if (n < 0) { + lwsl_err("Scandir on %s failed\n", *d); + return 1; + } + + for (i = 0; i < n; i++) { + if (strlen(namelist[i]->d_name) < 7) + goto inval; + + lwsl_notice(" %s\n", namelist[i]->d_name); + + lws_snprintf(path, sizeof(path) - 1, "%s/%s", *d, + namelist[i]->d_name); + l = dlopen(path, RTLD_NOW); + if (!l) { + lwsl_err("Error loading DSO: %s\n", dlerror()); + while (i++ < n) + free(namelist[i]); + goto bail; + } + /* we could open it, can we get his init function? */ + m = lws_snprintf(path, sizeof(path) - 1, "init_%s", + namelist[i]->d_name + 3 /* snip lib... */); + path[m - 3] = '\0'; /* snip the .so */ + initfunc = dlsym(l, path); + if (!initfunc) { + lwsl_err("Failed to get init on %s: %s", + namelist[i]->d_name, dlerror()); + dlclose(l); + } + lcaps.api_magic = LWS_PLUGIN_API_MAGIC; + m = initfunc(context, &lcaps); + if (m) { + lwsl_err("Initializing %s failed %d\n", + namelist[i]->d_name, m); + dlclose(l); + goto skip; + } + + plugin = lws_malloc(sizeof(*plugin)); + if (!plugin) { + lwsl_err("OOM\n"); + goto bail; + } + plugin->list = context->plugin_list; + context->plugin_list = plugin; + strncpy(plugin->name, namelist[i]->d_name, sizeof(plugin->name) - 1); + plugin->name[sizeof(plugin->name) - 1] = '\0'; + plugin->l = l; + plugin->caps = lcaps; + context->plugin_protocol_count += lcaps.count_protocols; + context->plugin_extension_count += lcaps.count_extensions; + + free(namelist[i]); + continue; + + skip: + dlclose(l); + inval: + free(namelist[i]); + } + free(namelist); + d++; + } + +bail: + free(namelist); + + return ret; +} + +LWS_VISIBLE int +lws_plat_plugins_destroy(struct lws_context * context) +{ + struct lws_plugin *plugin = context->plugin_list, *p; + lws_plugin_destroy_func func; + char path[256]; + int m; + + if (!plugin) + return 0; + + lwsl_notice("%s\n", __func__); + + while (plugin) { + p = plugin; + m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", plugin->name + 3); + path[m - 3] = '\0'; + func = dlsym(plugin->l, path); + if (!func) { + lwsl_err("Failed to get destroy on %s: %s", + plugin->name, dlerror()); + goto next; + } + m = func(context); + if (m) + lwsl_err("Initializing %s failed %d\n", + plugin->name, m); +next: + dlclose(p->l); + plugin = p->list; + p->list = NULL; + free(p); + } + + context->plugin_list = NULL; + + return 0; +} + +#endif +#endif + + +#if 0 +static void +sigabrt_handler(int x) +{ + printf("%s\n", __func__); + //*(char *)0 = 0; +} +#endif + +LWS_VISIBLE int +lws_plat_context_early_init(void) +{ +#if !defined(LWS_AVOID_SIGPIPE_IGN) + signal(SIGPIPE, SIG_IGN); +#endif + +// signal(SIGABRT, sigabrt_handler); + + return 0; +} + +LWS_VISIBLE void +lws_plat_context_early_destroy(struct lws_context *context) +{ +} + +LWS_VISIBLE void +lws_plat_context_late_destroy(struct lws_context *context) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + int m = context->count_threads; + +#ifdef LWS_WITH_PLUGINS + if (context->plugin_list) + lws_plat_plugins_destroy(context); +#endif + + if (context->lws_lookup) + lws_free(context->lws_lookup); + + while (m--) { + if (pt->dummy_pipe_fds[0]) + close(pt->dummy_pipe_fds[0]); + if (pt->dummy_pipe_fds[1]) + close(pt->dummy_pipe_fds[1]); + pt++; + } + if (!context->fd_random) + lwsl_err("ZERO RANDOM FD\n"); + if (context->fd_random != LWS_INVALID_FILE) + close(context->fd_random); +} + +/* cast a struct sockaddr_in6 * into addr for ipv6 */ + +LWS_VISIBLE int +lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, + size_t addrlen) +{ + int rc = -1; + + struct ifaddrs *ifr; + struct ifaddrs *ifc; +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; +#endif + + getifaddrs(&ifr); + for (ifc = ifr; ifc != NULL && rc; ifc = ifc->ifa_next) { + if (!ifc->ifa_addr) + continue; + + lwsl_info(" interface %s vs %s\n", ifc->ifa_name, ifname); + + if (strcmp(ifc->ifa_name, ifname)) + continue; + + switch (ifc->ifa_addr->sa_family) { + case AF_INET: +#ifdef LWS_USE_IPV6 + if (ipv6) { + /* map IPv4 to IPv6 */ + bzero((char *)&addr6->sin6_addr, + sizeof(struct in6_addr)); + addr6->sin6_addr.s6_addr[10] = 0xff; + addr6->sin6_addr.s6_addr[11] = 0xff; + memcpy(&addr6->sin6_addr.s6_addr[12], + &((struct sockaddr_in *)ifc->ifa_addr)->sin_addr, + sizeof(struct in_addr)); + } else +#endif + memcpy(addr, + (struct sockaddr_in *)ifc->ifa_addr, + sizeof(struct sockaddr_in)); + break; +#ifdef LWS_USE_IPV6 + case AF_INET6: + memcpy(&addr6->sin6_addr, + &((struct sockaddr_in6 *)ifc->ifa_addr)->sin6_addr, + sizeof(struct in6_addr)); + break; +#endif + default: + continue; + } + rc = 0; + } + + freeifaddrs(ifr); + + if (rc == -1) { + /* check if bind to IP address */ +#ifdef LWS_USE_IPV6 + if (inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) + rc = 0; + else +#endif + if (inet_pton(AF_INET, ifname, &addr->sin_addr) == 1) + rc = 0; + } + + return rc; +} + +LWS_VISIBLE void +lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + lws_libev_io(wsi, LWS_EV_START | LWS_EV_READ); + lws_libuv_io(wsi, LWS_EV_START | LWS_EV_READ); + lws_libevent_io(wsi, LWS_EV_START | LWS_EV_READ); + + pt->fds[pt->fds_count++].revents = 0; +} + +LWS_VISIBLE void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + lws_libev_io(wsi, LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE); + lws_libuv_io(wsi, LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE); + lws_libevent_io(wsi, LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE); + + pt->fds_count--; +} + +LWS_VISIBLE void +lws_plat_service_periodic(struct lws_context *context) +{ + /* if our parent went down, don't linger around */ + if (context->started_with_parent && + kill(context->started_with_parent, 0) < 0) + kill(getpid(), SIGTERM); +} + +LWS_VISIBLE int +lws_plat_change_pollfd(struct lws_context *context, + struct lws *wsi, struct lws_pollfd *pfd) +{ + return 0; +} + +LWS_VISIBLE const char * +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) +{ + return inet_ntop(af, src, dst, cnt); +} + +LWS_VISIBLE int +lws_plat_inet_pton(int af, const char *src, void *dst) +{ + return inet_pton(af, src, dst); +} + +LWS_VISIBLE lws_fop_fd_t +_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, + const char *vpath, lws_fop_flags_t *flags) +{ + struct stat stat_buf; + int ret = open(filename, (*flags) & LWS_FOP_FLAGS_MASK, 0664); + lws_fop_fd_t fop_fd; + + if (ret < 0) + return NULL; + + if (fstat(ret, &stat_buf) < 0) + goto bail; + + fop_fd = malloc(sizeof(*fop_fd)); + if (!fop_fd) + goto bail; + + fop_fd->fops = fops; + fop_fd->flags = *flags; + fop_fd->fd = ret; + fop_fd->filesystem_priv = NULL; /* we don't use it */ + fop_fd->len = stat_buf.st_size; + fop_fd->pos = 0; + + return fop_fd; + +bail: + close(ret); + return NULL; +} + +LWS_VISIBLE int +_lws_plat_file_close(lws_fop_fd_t *fop_fd) +{ + int fd = (*fop_fd)->fd; + + free(*fop_fd); + *fop_fd = NULL; + + return close(fd); +} + +LWS_VISIBLE lws_fileofs_t +_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + lws_fileofs_t r; + + if (offset > 0 && offset > fop_fd->len - fop_fd->pos) + offset = fop_fd->len - fop_fd->pos; + + if ((lws_fileofs_t)fop_fd->pos + offset < 0) + offset = -fop_fd->pos; + + r = lseek(fop_fd->fd, offset, SEEK_CUR); + + if (r >= 0) + fop_fd->pos = r; + else + lwsl_err("error seeking from cur %ld, offset %ld\n", + (long)fop_fd->pos, (long)offset); + + return r; +} + +LWS_VISIBLE int +_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + long n; + + n = read((int)fop_fd->fd, buf, len); + if (n == -1) { + *amount = 0; + return -1; + } + fop_fd->pos += n; + lwsl_debug("%s: read %ld of req %ld, pos %ld, len %ld\n", __func__, n, + (long)len, (long)fop_fd->pos, (long)fop_fd->len); + *amount = n; + + return 0; +} + +LWS_VISIBLE int +_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + long n; + + n = write((int)fop_fd->fd, buf, len); + if (n == -1) { + *amount = 0; + return -1; + } + + fop_fd->pos += n; + *amount = n; + + return 0; +} + + +LWS_VISIBLE int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + int n = context->count_threads, fd; + + /* master context has the global fd lookup array */ + context->lws_lookup = lws_zalloc(sizeof(struct lws *) * + context->max_fds); + if (context->lws_lookup == NULL) { + lwsl_err("OOM on lws_lookup array for %d connections\n", + context->max_fds); + return 1; + } + + lwsl_notice(" mem: platform fd map: %5lu bytes\n", + (unsigned long)(sizeof(struct lws *) * context->max_fds)); + fd = open(SYSTEM_RANDOM_FILEPATH, O_RDONLY); + + context->fd_random = fd; + if (context->fd_random < 0) { + lwsl_err("Unable to open random device %s %d\n", + SYSTEM_RANDOM_FILEPATH, context->fd_random); + return 1; + } + + if (!lws_libev_init_fd_table(context) && + !lws_libuv_init_fd_table(context) && + !lws_libevent_init_fd_table(context)) { + /* otherwise libev handled it instead */ + + while (n--) { + if (pipe(pt->dummy_pipe_fds)) { + lwsl_err("Unable to create pipe\n"); + return 1; + } + + /* use the read end of pipe as first item */ + pt->fds[0].fd = pt->dummy_pipe_fds[0]; + pt->fds[0].events = LWS_POLLIN; + pt->fds[0].revents = 0; + pt->fds_count = 1; + pt++; + } + } + +#ifdef LWS_WITH_PLUGINS + if (info->plugin_dirs) + lws_plat_plugins_init(context, info->plugin_dirs); +#endif + + return 0; +} diff --git a/lib/lws-plat-win.c b/lib/lws-plat-win.c new file mode 100644 index 0000000..fc4f1fd --- /dev/null +++ b/lib/lws-plat-win.c @@ -0,0 +1,742 @@ +#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS +#define _WINSOCK_DEPRECATED_NO_WARNINGS +#endif +#include "private-libwebsockets.h" + +unsigned long long +time_in_microseconds() +{ +#ifndef DELTA_EPOCH_IN_MICROSECS +#define DELTA_EPOCH_IN_MICROSECS 11644473600000000ULL +#endif + FILETIME filetime; + ULARGE_INTEGER datetime; + +#ifdef _WIN32_WCE + GetCurrentFT(&filetime); +#else + GetSystemTimeAsFileTime(&filetime); +#endif + + /* + * As per Windows documentation for FILETIME, copy the resulting FILETIME structure to a + * ULARGE_INTEGER structure using memcpy (using memcpy instead of direct assignment can + * prevent alignment faults on 64-bit Windows). + */ + memcpy(&datetime, &filetime, sizeof(datetime)); + + /* Windows file times are in 100s of nanoseconds. */ + return (datetime.QuadPart - DELTA_EPOCH_IN_MICROSECS) / 10; +} + +#ifdef _WIN32_WCE +time_t time(time_t *t) +{ + time_t ret = time_in_microseconds() / 1000000; + + if(t != NULL) + *t = ret; + + return ret; +} +#endif + +/* file descriptor hash management */ + +struct lws * +wsi_from_fd(const struct lws_context *context, lws_sockfd_type fd) +{ + int h = LWS_FD_HASH(fd); + int n = 0; + + for (n = 0; n < context->fd_hashtable[h].length; n++) + if (context->fd_hashtable[h].wsi[n]->desc.sockfd == fd) + return context->fd_hashtable[h].wsi[n]; + + return NULL; +} + +int +insert_wsi(struct lws_context *context, struct lws *wsi) +{ + int h = LWS_FD_HASH(wsi->desc.sockfd); + + if (context->fd_hashtable[h].length == (getdtablesize() - 1)) { + lwsl_err("hash table overflow\n"); + return 1; + } + + context->fd_hashtable[h].wsi[context->fd_hashtable[h].length++] = wsi; + + return 0; +} + +int +delete_from_fd(struct lws_context *context, lws_sockfd_type fd) +{ + int h = LWS_FD_HASH(fd); + int n = 0; + + for (n = 0; n < context->fd_hashtable[h].length; n++) + if (context->fd_hashtable[h].wsi[n]->desc.sockfd == fd) { + while (n < context->fd_hashtable[h].length) { + context->fd_hashtable[h].wsi[n] = + context->fd_hashtable[h].wsi[n + 1]; + n++; + } + context->fd_hashtable[h].length--; + + return 0; + } + + lwsl_err("Failed to find fd %d requested for " + "delete in hashtable\n", fd); + return 1; +} + +LWS_VISIBLE int lws_get_random(struct lws_context *context, + void *buf, int len) +{ + int n; + char *p = (char *)buf; + + for (n = 0; n < len; n++) + p[n] = (unsigned char)rand(); + + return n; +} + +LWS_VISIBLE int lws_send_pipe_choked(struct lws *wsi) +{ + /* treat the fact we got a truncated send pending as if we're choked */ + if (wsi->trunc_len) + return 1; + + return (int)wsi->sock_send_blocking; +} + +LWS_VISIBLE int lws_poll_listen_fd(struct lws_pollfd *fd) +{ + fd_set readfds; + struct timeval tv = { 0, 0 }; + + assert((fd->events & LWS_POLLIN) == LWS_POLLIN); + + FD_ZERO(&readfds); + FD_SET(fd->fd, &readfds); + + return select(fd->fd + 1, &readfds, NULL, NULL, &tv); +} + +LWS_VISIBLE void +lws_cancel_service(struct lws_context *context) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + int n = context->count_threads; + + while (n--) { + WSASetEvent(pt->events[0]); + pt++; + } +} + +LWS_VISIBLE void +lws_cancel_service_pt(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + WSASetEvent(pt->events[0]); +} + +LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) +{ + lwsl_emit_stderr(level, line); +} + +LWS_VISIBLE LWS_EXTERN int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + struct lws_context_per_thread *pt; + WSANETWORKEVENTS networkevents; + struct lws_pollfd *pfd; + struct lws *wsi; + unsigned int i; + DWORD ev; + int n, m; + + /* stay dead once we are dead */ + if (context == NULL) + return 1; + + pt = &context->pt[tsi]; + + if (!context->service_tid_detected) { + struct lws _lws; + + memset(&_lws, 0, sizeof(_lws)); + _lws.context = context; + + context->service_tid_detected = context->vhost_list-> + protocols[0].callback(&_lws, LWS_CALLBACK_GET_THREAD_ID, + NULL, NULL, 0); + } + context->service_tid = context->service_tid_detected; + + if (timeout_ms < 0) + { + if (lws_service_flag_pending(context, tsi)) { + /* any socket with events to service? */ + for (n = 0; n < (int)pt->fds_count; n++) { + if (!pt->fds[n].revents) + continue; + + m = lws_service_fd_tsi(context, &pt->fds[n], tsi); + if (m < 0) + return -1; + /* if something closed, retry this slot */ + if (m) + n--; + } + } + return 0; + } + + for (i = 0; i < pt->fds_count; ++i) { + pfd = &pt->fds[i]; + + if (!(pfd->events & LWS_POLLOUT)) + continue; + + wsi = wsi_from_fd(context, pfd->fd); + if (wsi->listener) + continue; + if (!wsi || wsi->sock_send_blocking) + continue; + pfd->revents = LWS_POLLOUT; + n = lws_service_fd(context, pfd); + if (n < 0) + return -1; + /* if something closed, retry this slot */ + if (n) + i--; + } + + /* + * is there anybody with pending stuff that needs service forcing? + */ + if (!lws_service_adjust_timeout(context, 1, tsi)) { + /* -1 timeout means just do forced service */ + _lws_plat_service_tsi(context, -1, pt->tid); + /* still somebody left who wants forced service? */ + if (!lws_service_adjust_timeout(context, 1, pt->tid)) + /* yes... come back again quickly */ + timeout_ms = 0; + } + + ev = WSAWaitForMultipleEvents( 1, pt->events , FALSE, timeout_ms, FALSE); + if (ev == WSA_WAIT_EVENT_0) { + unsigned int eIdx; + + WSAResetEvent(pt->events[0]); + + for (eIdx = 0; eIdx < pt->fds_count; ++eIdx) { + if (WSAEnumNetworkEvents(pt->fds[eIdx].fd, 0, &networkevents) == SOCKET_ERROR) { + lwsl_err("WSAEnumNetworkEvents() failed with error %d\n", LWS_ERRNO); + return -1; + } + + pfd = &pt->fds[eIdx]; + pfd->revents = (short)networkevents.lNetworkEvents; + + if ((networkevents.lNetworkEvents & FD_CONNECT) && + networkevents.iErrorCode[FD_CONNECT_BIT] && + networkevents.iErrorCode[FD_CONNECT_BIT] != LWS_EALREADY && + networkevents.iErrorCode[FD_CONNECT_BIT] != LWS_EINPROGRESS && + networkevents.iErrorCode[FD_CONNECT_BIT] != LWS_EWOULDBLOCK && + networkevents.iErrorCode[FD_CONNECT_BIT] != WSAEINVAL) { + lwsl_debug("Unable to connect errno=%d\n", + networkevents.iErrorCode[FD_CONNECT_BIT]); + pfd->revents = LWS_POLLHUP; + } else + pfd->revents = (short)networkevents.lNetworkEvents; + + if (pfd->revents & LWS_POLLOUT) { + wsi = wsi_from_fd(context, pfd->fd); + if (wsi) + wsi->sock_send_blocking = 0; + } + /* if something closed, retry this slot */ + if (pfd->revents & LWS_POLLHUP) + --eIdx; + + if( pfd->revents != 0 ) { + lws_service_fd_tsi(context, pfd, tsi); + + } + } + } + + context->service_tid = 0; + + if (ev == WSA_WAIT_TIMEOUT) { + lws_service_fd(context, NULL); + } + return 0;; +} + +LWS_VISIBLE int +lws_plat_service(struct lws_context *context, int timeout_ms) +{ + return _lws_plat_service_tsi(context, timeout_ms, 0); +} + +LWS_VISIBLE int +lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd) +{ + int optval = 1; + int optlen = sizeof(optval); + u_long optl = 1; + DWORD dwBytesRet; + struct tcp_keepalive alive; + int protonbr; +#ifndef _WIN32_WCE + struct protoent *tcp_proto; +#endif + + if (vhost->ka_time) { + /* enable keepalive on this socket */ + optval = 1; + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, + (const char *)&optval, optlen) < 0) + return 1; + + alive.onoff = TRUE; + alive.keepalivetime = vhost->ka_time; + alive.keepaliveinterval = vhost->ka_interval; + + if (WSAIoctl(fd, SIO_KEEPALIVE_VALS, &alive, sizeof(alive), + NULL, 0, &dwBytesRet, NULL, NULL)) + return 1; + } + + /* Disable Nagle */ + optval = 1; +#ifndef _WIN32_WCE + tcp_proto = getprotobyname("TCP"); + if (!tcp_proto) { + lwsl_err("getprotobyname() failed with error %d\n", LWS_ERRNO); + return 1; + } + protonbr = tcp_proto->p_proto; +#else + protonbr = 6; +#endif + + setsockopt(fd, protonbr, TCP_NODELAY, (const char *)&optval, optlen); + + /* We are nonblocking... */ + ioctlsocket(fd, FIONBIO, &optl); + + return 0; +} + +LWS_VISIBLE void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info) +{ +} + +LWS_VISIBLE int +lws_plat_context_early_init(void) +{ + WORD wVersionRequested; + WSADATA wsaData; + int err; + + /* Use the MAKEWORD(lowbyte, highbyte) macro from Windef.h */ + wVersionRequested = MAKEWORD(2, 2); + + err = WSAStartup(wVersionRequested, &wsaData); + if (!err) + return 0; + /* + * Tell the user that we could not find a usable + * Winsock DLL + */ + lwsl_err("WSAStartup failed with error: %d\n", err); + + return 1; +} + +LWS_VISIBLE void +lws_plat_context_early_destroy(struct lws_context *context) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + int n = context->count_threads; + + while (n--) { + if (pt->events) { + WSACloseEvent(pt->events[0]); + lws_free(pt->events); + } + pt++; + } +} + +LWS_VISIBLE void +lws_plat_context_late_destroy(struct lws_context *context) +{ + int n; + + for (n = 0; n < FD_HASHTABLE_MODULUS; n++) { + if (context->fd_hashtable[n].wsi) + lws_free(context->fd_hashtable[n].wsi); + } + + WSACleanup(); +} + +LWS_VISIBLE LWS_EXTERN int +lws_interface_to_sa(int ipv6, + const char *ifname, struct sockaddr_in *addr, size_t addrlen) +{ +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; + + if (ipv6) { + if (lws_plat_inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) { + return 0; + } + } +#endif + + long long address = inet_addr(ifname); + + if (address == INADDR_NONE) { + struct hostent *entry = gethostbyname(ifname); + if (entry) + address = ((struct in_addr *)entry->h_addr_list[0])->s_addr; + } + + if (address == INADDR_NONE) + return -1; + + addr->sin_addr.s_addr = (lws_intptr_t)address; + + return 0; +} + +LWS_VISIBLE void +lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->fds[pt->fds_count++].revents = 0; + pt->events[pt->fds_count] = pt->events[0]; + WSAEventSelect(wsi->desc.sockfd, pt->events[0], + LWS_POLLIN | LWS_POLLHUP | FD_CONNECT); +} + +LWS_VISIBLE void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + pt->events[m + 1] = pt->events[pt->fds_count--]; +} + +LWS_VISIBLE void +lws_plat_service_periodic(struct lws_context *context) +{ +} + +LWS_VISIBLE int +lws_plat_check_connection_error(struct lws *wsi) +{ + int optVal; + int optLen = sizeof(int); + + if (getsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_ERROR, + (char*)&optVal, &optLen) != SOCKET_ERROR && optVal && + optVal != LWS_EALREADY && optVal != LWS_EINPROGRESS && + optVal != LWS_EWOULDBLOCK && optVal != WSAEINVAL) { + lwsl_debug("Connect failed SO_ERROR=%d\n", optVal); + return 1; + } + + return 0; +} + +LWS_VISIBLE int +lws_plat_change_pollfd(struct lws_context *context, + struct lws *wsi, struct lws_pollfd *pfd) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + long networkevents = LWS_POLLHUP | FD_CONNECT; + + if ((pfd->events & LWS_POLLIN)) + networkevents |= LWS_POLLIN; + + if ((pfd->events & LWS_POLLOUT)) + networkevents |= LWS_POLLOUT; + + if (WSAEventSelect(wsi->desc.sockfd, + pt->events[0], + networkevents) != SOCKET_ERROR) + return 0; + + lwsl_err("WSAEventSelect() failed with error %d\n", LWS_ERRNO); + + return 1; +} + +LWS_VISIBLE const char * +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) +{ + WCHAR *buffer; + DWORD bufferlen = cnt; + BOOL ok = FALSE; + + buffer = lws_malloc(bufferlen * 2); + if (!buffer) { + lwsl_err("Out of memory\n"); + return NULL; + } + + if (af == AF_INET) { + struct sockaddr_in srcaddr; + bzero(&srcaddr, sizeof(srcaddr)); + srcaddr.sin_family = AF_INET; + memcpy(&(srcaddr.sin_addr), src, sizeof(srcaddr.sin_addr)); + + if (!WSAAddressToStringW((struct sockaddr*)&srcaddr, sizeof(srcaddr), 0, buffer, &bufferlen)) + ok = TRUE; +#ifdef LWS_USE_IPV6 + } else if (af == AF_INET6) { + struct sockaddr_in6 srcaddr; + bzero(&srcaddr, sizeof(srcaddr)); + srcaddr.sin6_family = AF_INET6; + memcpy(&(srcaddr.sin6_addr), src, sizeof(srcaddr.sin6_addr)); + + if (!WSAAddressToStringW((struct sockaddr*)&srcaddr, sizeof(srcaddr), 0, buffer, &bufferlen)) + ok = TRUE; +#endif + } else + lwsl_err("Unsupported type\n"); + + if (!ok) { + int rv = WSAGetLastError(); + lwsl_err("WSAAddressToString() : %d\n", rv); + } else { + if (WideCharToMultiByte(CP_ACP, 0, buffer, bufferlen, dst, cnt, 0, NULL) <= 0) + ok = FALSE; + } + + lws_free(buffer); + return ok ? dst : NULL; +} + +LWS_VISIBLE int +lws_plat_inet_pton(int af, const char *src, void *dst) +{ + WCHAR *buffer; + DWORD bufferlen = strlen(src) + 1; + BOOL ok = FALSE; + + buffer = lws_malloc(bufferlen * 2); + if (!buffer) { + lwsl_err("Out of memory\n"); + return -1; + } + + if (MultiByteToWideChar(CP_ACP, 0, src, bufferlen, buffer, bufferlen) <= 0) { + lwsl_err("Failed to convert multi byte to wide char\n"); + lws_free(buffer); + return -1; + } + + if (af == AF_INET) { + struct sockaddr_in dstaddr; + int dstaddrlen = sizeof(dstaddr); + bzero(&dstaddr, sizeof(dstaddr)); + dstaddr.sin_family = AF_INET; + + if (!WSAStringToAddressW(buffer, af, 0, (struct sockaddr *) &dstaddr, &dstaddrlen)) { + ok = TRUE; + memcpy(dst, &dstaddr.sin_addr, sizeof(dstaddr.sin_addr)); + } +#ifdef LWS_USE_IPV6 + } else if (af == AF_INET6) { + struct sockaddr_in6 dstaddr; + int dstaddrlen = sizeof(dstaddr); + bzero(&dstaddr, sizeof(dstaddr)); + dstaddr.sin6_family = AF_INET6; + + if (!WSAStringToAddressW(buffer, af, 0, (struct sockaddr *) &dstaddr, &dstaddrlen)) { + ok = TRUE; + memcpy(dst, &dstaddr.sin6_addr, sizeof(dstaddr.sin6_addr)); + } +#endif + } else + lwsl_err("Unsupported type\n"); + + if (!ok) { + int rv = WSAGetLastError(); + lwsl_err("WSAAddressToString() : %d\n", rv); + } + + lws_free(buffer); + return ok ? 1 : -1; +} + +LWS_VISIBLE lws_fop_fd_t +_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, + const char *vpath, lws_fop_flags_t *flags) +{ + HANDLE ret; + WCHAR buf[MAX_PATH]; + lws_fop_fd_t fop_fd; + LARGE_INTEGER llFileSize = {0}; + + MultiByteToWideChar(CP_UTF8, 0, filename, -1, buf, ARRAY_SIZE(buf)); + if (((*flags) & 7) == _O_RDONLY) { + ret = CreateFileW(buf, GENERIC_READ, FILE_SHARE_READ, + NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + } else { + ret = CreateFileW(buf, GENERIC_WRITE, 0, NULL, + CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + } + + if (ret == LWS_INVALID_FILE) + goto bail; + + fop_fd = malloc(sizeof(*fop_fd)); + if (!fop_fd) + goto bail; + + fop_fd->fops = fops; + fop_fd->fd = ret; + fop_fd->filesystem_priv = NULL; /* we don't use it */ + fop_fd->flags = *flags; + fop_fd->len = GetFileSize(ret, NULL); + if(GetFileSizeEx(ret, &llFileSize)) + fop_fd->len = llFileSize.QuadPart; + + fop_fd->pos = 0; + + return fop_fd; + +bail: + return NULL; +} + +LWS_VISIBLE int +_lws_plat_file_close(lws_fop_fd_t *fop_fd) +{ + HANDLE fd = (*fop_fd)->fd; + + free(*fop_fd); + *fop_fd = NULL; + + CloseHandle((HANDLE)fd); + + return 0; +} + +LWS_VISIBLE lws_fileofs_t +_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) +{ + LARGE_INTEGER l; + + l.QuadPart = offset; + return SetFilePointerEx((HANDLE)fop_fd->fd, l, NULL, FILE_CURRENT); +} + +LWS_VISIBLE int +_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t *buf, lws_filepos_t len) +{ + DWORD _amount; + + if (!ReadFile((HANDLE)fop_fd->fd, buf, (DWORD)len, &_amount, NULL)) { + *amount = 0; + + return 1; + } + + fop_fd->pos += _amount; + *amount = (unsigned long)_amount; + + return 0; +} + +LWS_VISIBLE int +_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, + uint8_t* buf, lws_filepos_t len) +{ + DWORD _amount; + + if (!WriteFile((HANDLE)fop_fd->fd, buf, (DWORD)len, &_amount, NULL)) { + *amount = 0; + + return 1; + } + + fop_fd->pos += _amount; + *amount = (unsigned long)_amount; + + return 0; +} + +LWS_VISIBLE int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info) +{ + struct lws_context_per_thread *pt = &context->pt[0]; + int i, n = context->count_threads; + + for (i = 0; i < FD_HASHTABLE_MODULUS; i++) { + context->fd_hashtable[i].wsi = + lws_zalloc(sizeof(struct lws*) * context->max_fds); + + if (!context->fd_hashtable[i].wsi) + return -1; + } + + while (n--) { + pt->events = lws_malloc(sizeof(WSAEVENT) * + (context->fd_limit_per_thread + 1)); + if (pt->events == NULL) { + lwsl_err("Unable to allocate events array for %d connections\n", + context->fd_limit_per_thread + 1); + return 1; + } + + pt->fds_count = 0; + pt->events[0] = WSACreateEvent(); + + pt++; + } + + context->fd_random = 0; + +#ifdef LWS_WITH_PLUGINS + if (info->plugin_dirs) + lws_plat_plugins_init(context, info->plugin_dirs); +#endif + + return 0; +} + + +int kill(int pid, int sig) +{ + lwsl_err("Sorry Windows doesn't support kill()."); + exit(0); +} + +int fork(void) +{ + lwsl_err("Sorry Windows doesn't support fork()."); + exit(0); +} + diff --git a/lib/roles/h2/minihuf.c b/lib/minihuf.c similarity index 98% rename from lib/roles/h2/minihuf.c rename to lib/minihuf.c index ee19e37..eaf84e5 100644 --- a/lib/roles/h2/minihuf.c +++ b/lib/minihuf.c @@ -16,7 +16,7 @@ #include #include -#define LWS_ARRAY_SIZE(n) (sizeof(n) / sizeof(n[0])) +#define ARRAY_SIZE(n) (sizeof(n) / sizeof(n[0])) struct huf { unsigned int code; @@ -340,7 +340,7 @@ int main(void) int fails = 0; m = 0; - while (m < LWS_ARRAY_SIZE(state)) { + while (m < ARRAY_SIZE(state)) { for (j = 0; j < PARALLEL; j++) { state[m].state[j] = 0xffff; state[m].terminal = 0; @@ -348,7 +348,7 @@ int main(void) m++; } - while (n < LWS_ARRAY_SIZE(huf_literal)) { + while (n < ARRAY_SIZE(huf_literal)) { m = 0; walk = 0; @@ -474,7 +474,7 @@ again: * Try to parse every legal input string */ - for (n = 0; n < LWS_ARRAY_SIZE(huf_literal); n++) { + for (n = 0; n < ARRAY_SIZE(huf_literal); n++) { walk = 0; m = 0; y = -1; diff --git a/lib/roles/http/minilex.c b/lib/minilex.c similarity index 100% rename from lib/roles/http/minilex.c rename to lib/minilex.c diff --git a/lib/misc/dir.c b/lib/misc/dir.c deleted file mode 100644 index f3d8781..0000000 --- a/lib/misc/dir.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Lws directory scan wrapper - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define NO_GNU_SOURCE_THIS_TIME -#define _DARWIN_C_SOURCE - -#include -#include "core/private.h" -#include -#include - -#if defined(LWS_WITH_LIBUV) && UV_VERSION_MAJOR > 0 - -int -lws_dir(const char *dirpath, void *user, lws_dir_callback_function cb) -{ - struct lws_dir_entry lde; - uv_dirent_t dent; - uv_fs_t req; - int ret = 1, ir; - uv_loop_t loop; - - ir = uv_loop_init(&loop); - if (ir) { - lwsl_err("%s: loop init failed %d\n", __func__, ir); - } - - ir = uv_fs_scandir(&loop, &req, dirpath, 0, NULL); - if (ir < 0) { - lwsl_err("Scandir on %s failed, errno %d\n", dirpath, LWS_ERRNO); - return 2; - } - - while (uv_fs_scandir_next(&req, &dent) != UV_EOF) { - lde.name = dent.name; - lde.type = (int)dent.type; - if (cb(dirpath, user, &lde)) - goto bail; - } - - ret = 0; - -bail: - uv_fs_req_cleanup(&req); - while (uv_loop_close(&loop)) - ; - - return ret; -} - -#else - -#if !defined(_WIN32) && !defined(LWS_WITH_ESP32) - -#include - -static int filter(const struct dirent *ent) -{ - if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) - return 0; - - return 1; -} - -int -lws_dir(const char *dirpath, void *user, lws_dir_callback_function cb) -{ - struct lws_dir_entry lde; - struct dirent **namelist; - int n, i, ret = 1; - - n = scandir((char *)dirpath, &namelist, filter, alphasort); - if (n < 0) { - lwsl_err("Scandir on '%s' failed, errno %d\n", dirpath, LWS_ERRNO); - return 1; - } - - for (i = 0; i < n; i++) { - if (strchr(namelist[i]->d_name, '~')) - goto skip; - lde.name = namelist[i]->d_name; - - /* - * some filesystems don't report this (ZFS) and tell that - * files are LDOT_UNKNOWN - */ - -#if defined(__smartos__) - struct stat s; - stat(namelist[i]->d_name, &s); - switch (s.st_mode) { - case S_IFBLK: - lde.type = LDOT_BLOCK; - break; - case S_IFCHR: - lde.type = LDOT_CHAR; - break; - case S_IFDIR: - lde.type = LDOT_DIR; - break; - case S_IFIFO: - lde.type = LDOT_FIFO; - break; - case S_IFLNK: - lde.type = LDOT_LINK; - break; - case S_IFREG: - lde.type = LDOT_FILE; - break; - default: - lde.type = LDOT_UNKNOWN; - break; - } -#else - switch (namelist[i]->d_type) { - case DT_BLK: - lde.type = LDOT_BLOCK; - break; - case DT_CHR: - lde.type = LDOT_CHAR; - break; - case DT_DIR: - lde.type = LDOT_DIR; - break; - case DT_FIFO: - lde.type = LDOT_FIFO; - break; - case DT_LNK: - lde.type = LDOT_LINK; - break; - case DT_REG: - lde.type = LDOT_FILE; - break; - case DT_SOCK: - lde.type = LDOTT_SOCKET; - break; - default: - lde.type = LDOT_UNKNOWN; - break; - } -#endif - if (cb(dirpath, user, &lde)) { - while (i++ < n) - free(namelist[i]); - goto bail; - } -skip: - free(namelist[i]); - } - - ret = 0; - -bail: - free(namelist); - - return ret; -} - -#else -#error "If you want lws_dir onw windows, you need libuv" -#endif -#endif diff --git a/lib/misc/diskcache.c b/lib/misc/diskcache.c deleted file mode 100644 index 0a31810..0000000 --- a/lib/misc/diskcache.c +++ /dev/null @@ -1,476 +0,0 @@ -/* - * libwebsockets - disk cache helpers - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include - -#include "core/private.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -struct file_entry { - lws_list_ptr sorted; - lws_list_ptr prev; - char name[64]; - time_t modified; - size_t size; -}; - -struct lws_diskcache_scan { - struct file_entry *batch; - const char *cache_dir_base; - lws_list_ptr head; - time_t last_scan_completed; - uint64_t agg_size; - uint64_t cache_size_limit; - uint64_t avg_size; - uint64_t cache_tries; - uint64_t cache_hits; - int cache_subdir; - int batch_in_use; - int agg_file_count; - int secs_waiting; -}; - -#define KIB (1024) -#define MIB (KIB * KIB) - -#define lp_to_fe(p, _n) lws_list_ptr_container(p, struct file_entry, _n) - -static const char *hex = "0123456789abcdef"; - -#define BATCH_COUNT 128 - -static int -fe_modified_sort(lws_list_ptr a, lws_list_ptr b) -{ - struct file_entry *p1 = lp_to_fe(a, sorted), *p2 = lp_to_fe(b, sorted); - - return p2->modified - p1->modified; -} - -struct lws_diskcache_scan * -lws_diskcache_create(const char *cache_dir_base, uint64_t cache_size_limit) -{ - struct lws_diskcache_scan *lds = lws_malloc(sizeof(*lds), "cachescan"); - - if (!lds) - return NULL; - - memset(lds, 0, sizeof(*lds)); - - lds->cache_dir_base = cache_dir_base; - lds->cache_size_limit = cache_size_limit; - - return lds; -} - -void -lws_diskcache_destroy(struct lws_diskcache_scan **lds) -{ - if ((*lds)->batch) - lws_free((*lds)->batch); - lws_free(*lds); - *lds = NULL; -} - -int -lws_diskcache_prepare(const char *cache_base_dir, int mode, int uid) -{ - char dir[256]; - int n, m; - - (void)mkdir(cache_base_dir, mode); - if (chown(cache_base_dir, uid, -1)) - lwsl_err("%s: %s: unable to chown %d\n", __func__, - cache_base_dir, uid); - - for (n = 0; n < 16; n++) { - lws_snprintf(dir, sizeof(dir), "%s/%c", cache_base_dir, hex[n]); - (void)mkdir(dir, mode); - if (chown(dir, uid, -1)) - lwsl_err("%s: %s: unable to chown %d\n", __func__, - dir, uid); - for (m = 0; m < 16; m++) { - lws_snprintf(dir, sizeof(dir), "%s/%c/%c", - cache_base_dir, hex[n], hex[m]); - (void)mkdir(dir, mode); - if (chown(dir, uid, -1)) - lwsl_err("%s: %s: unable to chown %d\n", - __func__, dir, uid); - } - } - - return 0; -} - -/* copies and then truncates the incoming name, and renames the file at the - * untruncated path to have the new truncated name */ - -int -lws_diskcache_finalize_name(char *cache) -{ - char ren[256], *p; - - strncpy(ren, cache, sizeof(ren) - 1); - ren[sizeof(ren) - 1] = '\0'; - p = strchr(cache, '~'); - if (p) { - *p = '\0'; - if (rename(ren, cache)) { - lwsl_err("%s: problem renaming %s to %s\n", __func__, - ren, cache); - return 1; - } - - return 0; - } - - return 1; -} - -int -lws_diskcache_query(struct lws_diskcache_scan *lds, int is_bot, - const char *hash_hex, int *_fd, char *cache, int cache_len, - size_t *extant_cache_len) -{ - struct stat s; - int n; - - /* caching is disabled? */ - if (!lds->cache_dir_base) - return LWS_DISKCACHE_QUERY_NO_CACHE; - - if (!is_bot) - lds->cache_tries++; - - n = lws_snprintf(cache, cache_len, "%s/%c/%c/%s", lds->cache_dir_base, - hash_hex[0], hash_hex[1], hash_hex); - - lwsl_info("%s: job cache %s\n", __func__, cache); - - *_fd = open(cache, O_RDONLY); - if (*_fd >= 0) { - int fd; - - if (!is_bot) - lds->cache_hits++; - - if (fstat(*_fd, &s)) { - close(*_fd); - - return LWS_DISKCACHE_QUERY_NO_CACHE; - } - - *extant_cache_len = (size_t)s.st_size; - - /* "touch" the hit cache file so it's last for LRU now */ - fd = open(cache, O_RDWR); - if (fd >= 0) - close(fd); - - return LWS_DISKCACHE_QUERY_EXISTS; - } - - /* bots are too random to pollute the cache with their antics */ - if (is_bot) - return LWS_DISKCACHE_QUERY_NO_CACHE; - - /* let's create it first with a unique temp name */ - - lws_snprintf(cache + n, cache_len - n, "~%d-%p", (int)getpid(), - extant_cache_len); - - *_fd = open(cache, O_RDWR | O_CREAT | O_TRUNC, 0600); - if (*_fd < 0) { - /* well... ok... we will proceed without cache then... */ - lwsl_notice("%s: Problem creating cache %s: errno %d\n", - __func__, cache, errno); - return LWS_DISKCACHE_QUERY_NO_CACHE; - } - - return LWS_DISKCACHE_QUERY_CREATING; -} - -int -lws_diskcache_secs_to_idle(struct lws_diskcache_scan *lds) -{ - return lds->secs_waiting; -} - -/* - * The goal is to collect the oldest BATCH_COUNT filepaths and filesizes from - * the dirs under the cache dir. Since we don't need or want a full list of - * files in there in memory at once, we restrict the linked-list size to - * BATCH_COUNT entries, and once it is full, simply ignore any further files - * that are newer than the newest one on that list. Files older than the - * newest guy already on the list evict the newest guy already on the list - * and are sorted into the correct order. In this way no matter the number - * of files to be processed the memory requirement is fixed at BATCH_COUNT - * struct file_entry-s. - * - * The oldest subset of BATCH_COUNT files are sorted into the cd->batch - * allocation in more recent -> least recent order. - * - * We want to track the total size of all files we saw as well, so we know if - * we need to actually do anything yet to restrict how much space it's taking - * up. - * - * And we want to do those things statefully and incrementally instead of one - * big atomic operation, since the user may want a huge cache, so we look in - * one cache dir at a time and track state in the repodir struct. - * - * When we have seen everything, we add the doubly-linked prev pointers and then - * if we are over the limit, start deleting up to BATCH_COUNT files working back - * from the end. - */ - -int -lws_diskcache_trim(struct lws_diskcache_scan *lds) -{ - size_t cache_size_limit = lds->cache_size_limit; - char dirpath[132], filepath[132 + 32]; - lws_list_ptr lp, op = NULL; - int files_trimmed = 0; - struct file_entry *p; - int fd, n, ret = -1; - size_t trimmed = 0; - struct dirent *de; - struct stat s; - DIR *dir; - - if (!lds->cache_subdir) { - - if (lds->last_scan_completed + lds->secs_waiting > time(NULL)) - return 0; - - lds->batch = lws_malloc(sizeof(struct file_entry) * - BATCH_COUNT, "cache_trim"); - if (!lds->batch) { - lwsl_err("%s: OOM\n", __func__); - - return 1; - } - lds->agg_size = 0; - lds->head = NULL; - lds->batch_in_use = 0; - lds->agg_file_count = 0; - } - - lws_snprintf(dirpath, sizeof(dirpath), "%s/%c/%c", - lds->cache_dir_base, hex[(lds->cache_subdir >> 4) & 15], - hex[lds->cache_subdir & 15]); - - dir = opendir(dirpath); - if (!dir) { - lwsl_err("Unable to walk repo dir '%s'\n", - lds->cache_dir_base); - return -1; - } - - do { - de = readdir(dir); - if (!de) - break; - - if (de->d_type != DT_REG) - continue; - - lds->agg_file_count++; - - lws_snprintf(filepath, sizeof(filepath), "%s/%s", dirpath, - de->d_name); - - fd = open(filepath, O_RDONLY); - if (fd < 0) { - lwsl_err("%s: cannot open %s\n", __func__, filepath); - - continue; - } - - n = fstat(fd, &s); - close(fd); - if (n) { - lwsl_notice("%s: cannot stat %s\n", __func__, filepath); - continue; - } - - lds->agg_size += s.st_size; - - if (lds->batch_in_use == BATCH_COUNT) { - /* - * once we filled up the batch with candidates, we don't - * need to consider any files newer than the newest guy - * on the list... - */ - if (lp_to_fe(lds->head, sorted)->modified < s.st_mtime) - continue; - - /* - * ... and if we find an older file later, we know it - * will be replacing the newest guy on the list, so use - * that directly... - */ - p = lds->head; - lds->head = p->sorted; - } else - /* we are still accepting anything to fill the batch */ - - p = &lds->batch[lds->batch_in_use++]; - - p->sorted = NULL; - strncpy(p->name, de->d_name, sizeof(p->name) - 1); - p->name[sizeof(p->name) - 1] = '\0'; - p->modified = s.st_mtime; - p->size = s.st_size; - - lws_list_ptr_insert(&lds->head, &p->sorted, fe_modified_sort); - } while (de); - - ret = 0; - - lds->cache_subdir++; - if (lds->cache_subdir != 0x100) - goto done; - - /* we completed the whole scan... */ - - /* if really no guidence, then 256MiB */ - if (!cache_size_limit) - cache_size_limit = 256 * 1024 * 1024; - - if (lds->agg_size > cache_size_limit) { - - /* apply prev pointers to make the list doubly-linked */ - - lp = lds->head; - while (lp) { - p = lp_to_fe(lp, sorted); - - p->prev = op; - op = &p->prev; - lp = p->sorted; - } - - /* - * reverse the list (start from tail, now traverse using - * .prev)... it's oldest-first now... - */ - - lp = op; - - while (lp && lds->agg_size > cache_size_limit) { - p = lp_to_fe(lp, prev); - - lws_snprintf(filepath, sizeof(filepath), "%s/%c/%c/%s", - lds->cache_dir_base, p->name[0], - p->name[1], p->name); - - if (!unlink(filepath)) { - lds->agg_size -= p->size; - trimmed += p->size; - files_trimmed++; - } else - lwsl_notice("%s: Failed to unlink %s\n", - __func__, filepath); - - lp = p->prev; - } - - if (files_trimmed) - lwsl_notice("%s: %s: trimmed %d files totalling " - "%lldKib, leaving %lldMiB\n", __func__, - lds->cache_dir_base, files_trimmed, - ((unsigned long long)trimmed) / KIB, - ((unsigned long long)lds->agg_size) / MIB); - } - - if (lds->agg_size && lds->agg_file_count) - lds->avg_size = lds->agg_size / lds->agg_file_count; - - /* - * estimate how long we can go before scanning again... default we need - * to start again immediately - */ - - lds->last_scan_completed = time(NULL); - lds->secs_waiting = 1; - - if (lds->agg_size < cache_size_limit) { - uint64_t avg = 4096, capacity, projected; - - /* let's use 80% of the real average for margin */ - if (lds->agg_size && lds->agg_file_count) - avg = ((lds->agg_size * 8) / lds->agg_file_count) / 10; - - /* - * if we collected BATCH_COUNT files of the average size, - * how much can we clean up in 256s? - */ - - capacity = avg * BATCH_COUNT; - - /* - * if the cache grew by 10%, would we hit the limit even then? - */ - projected = (lds->agg_size * 11) / 10; - if (projected < cache_size_limit) - /* no... */ - lds->secs_waiting = (256 / 2) * ((cache_size_limit - - projected) / capacity); - - /* - * large waits imply we may not have enough info yet, so - * check once an hour at least. - */ - - if (lds->secs_waiting > 3600) - lds->secs_waiting = 3600; - } else - lds->secs_waiting = 0; - - lwsl_info("%s: cache %s: %lldKiB / %lldKiB, next scan %ds\n", __func__, - lds->cache_dir_base, - (unsigned long long)lds->agg_size / KIB, - (unsigned long long)cache_size_limit / KIB, - lds->secs_waiting); - - lws_free(lds->batch); - lds->batch = NULL; - - lds->cache_subdir = 0; - -done: - closedir(dir); - - return ret; -} diff --git a/lib/misc/fts/README.md b/lib/misc/fts/README.md deleted file mode 100644 index fcb225c..0000000 --- a/lib/misc/fts/README.md +++ /dev/null @@ -1,315 +0,0 @@ -# LWS Full Text Search - -## Introduction - -![lwsac flow](/doc-assets/lws-fts.svg) - -The general approach is to scan one or more UTF-8 input text "files" (they may -only exist in memory) and create an in-memory optimized trie for every token in -the file. - -This can then be serialized out to disk in the form of a single index file (no -matter how many input files were involved or how large they were). - -The implementation is designed to be modest on memory and cpu for both index -creation and querying, and suitable for weak machines with some kind of random -access storage. For searching only memory to hold results is required, the -actual searches and autocomplete suggestions are done very rapidly by seeking -around structures in the on-disk index file. - -Function|Related Link ----|--- -Public API|[include/libwebsockets/lws-fts.h](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-fts.h) -CI test app|[minimal-examples/api-tests/api-test-fts](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/api-tests/api-test-fts) -Demo minimal example|[minimal-examples/http-server/minimal-http-server-fulltext-search](https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/http-server/minimal-http-server-fulltext-search) -Live Demo|[https://libwebsockets.org/ftsdemo/](https://libwebsockets.org/ftsdemo/) - -## Query API overview - -Searching returns a potentially very large lwsac allocated object, with contents -and max size controlled by the members of a struct lws_fts_search_params passed -to the search function. Three kinds of result are possible: - -### Autocomplete suggestions - -These are useful to provide lists of extant results in -realtime as the user types characters that constrain the search. So if the -user has typed 'len', any hits for 'len' itself are reported along with -'length', and whatever else is in the index beginning 'len'.. The results are -selected using and are accompanied by an aggregated count of results down that -path, and the results so the "most likely" results already measured by potential -hits appear first. - -These results are in a linked-list headed by `result.autocomplete_head` and -each is in a `struct lws_fts_result_autocomplete`. - -They're enabled in the search results by giving the flag - `LWSFTS_F_QUERY_AUTOCOMPLETE` in the search parameter flags. - -### Filepath results - -Simply a list of input files containing the search term with some statistics, -one file is mentioned in a `struct lws_fts_result_filepath` result struct. - -This would be useful for creating a selection UI to "drill down" to individual -files when there are many with matches. - -This is enabled by the `LWSFTS_F_QUERY_FILES` search flag. - -### Filepath and line results - -Same as the file path list, but for each filepath, information on the line -numbers and input file offset where the line starts are provided. - -This is enabled by `LWSFTS_F_QUERY_FILE_LINES`... if you additionally give -`LWSFTS_F_QUERY_QUOTE_LINE` flag then the contents of each hit line from the -input file are also provided. - -## Result format inside the lwsac - -A `struct lws_fts_result` at the start of the lwsac contains heads for linked- -lists of autocomplete and filepath results inside the lwsac. - -For autocomplete suggestions, the string itself is immediately after the -`struct lws_fts_result_autocomplete` in memory. For filepath results, after -each `struct lws_fts_result_filepath` is - - - match information depending on the flags given to the search - - the filepath string - -You can always skip the line number table to get the filepath string by adding -.matches_length to the address of the byte after the struct. - -The matches information is either - - - 0 bytes per match - - - 2x int32_t per match (8 bytes) if `LWSFTS_F_QUERY_FILE_LINES` given... the - first is the native-endian line number of the match, the second is the - byte offset in the original file where that line starts - - - 2 x int32_t as above plus a const char * if `LWSFTS_F_QUERY_QUOTE_LINE` is - also given... this points to a NUL terminated string also stored in the - results lwsac that contains up to 255 chars of the line from the original - file. In some cases, the original file was either virtual (you are indexing - a git revision) or is not stored with the index, in that case you can't - usefully use `LWSFTS_F_QUERY_QUOTE_LINE`. - -To facilitate interpreting what is stored per match, the original search flags -that created the result are stored in the `struct lws_fts_result`. - -## Indexing In-memory and serialized to file - -When creating the trie, in-memory structs are used with various optimization -schemes trading off memory usage for speed. While in-memory, it's possible to -add more indexed filepaths to the single index. Once the trie is complete in -terms of having indexed everything, it is serialized to disk. - -These contain many additional housekeeping pointers and trie entries which can -be optimized out. Most in-memory values must be held literally in large types, -whereas most of the values in the serialized file use smaller VLI which use -more or less bytes according to the value. So the peak memory requirements for -large tries are much bigger than the size of the serialized trie file that is -output. - -For the linux kernel at 4.14 and default indexing whitelist on a 2.8GHz AMD -threadripper (using one thread), the stats are: - -Name|Value ----|--- -Files indexed|52932 -Input corpus size|694MiB -Indexing cpu time|50.1s (>1000 files / sec; 13.8MBytes/sec) -Peak alloc|78MiB -Serialization time|202ms -Trie File size|347MiB - -To index libwebsockets master under the same conditions: - -Name|Value ----|--- -Files indexed|489 -Input corpus size|3MiB -Indexing time|123ms -Peak alloc|3MiB -Serialization time|1ms -Trie File size|1.4MiB - - -Once it's generated, querying the trie file is very inexpensive, even when there -are lots of results. - - - trie entry child lists are kept sorted by the character they map to. This - allows discovering there is no match as soon as a character later in the - order than the one being matched is seen - - - for the root trie, in addition to the linked-list child + sibling entries, - a 256-entry pointer table is associated with the root trie, allowing one- - step lookup. But as the table is 2KiB, it's too expensive to use on all - trie entries - -## Structure on disk - -All explicit multibyte numbers are stored in Network (MSB-first) byte order. - - - file header - - filepath line number tables - - filepath information - - filepath map table - - tries, trie instances (hits), trie child tables - -### VLI coding - -VLI (Variable Length Integer) coding works like this - -[b7 EON] [b6 .. b0 DATA] - -If EON = 0, then DATA represents the Least-significant 7 bits of the number. -if EON = 1, DATA represents More-significant 7-bits that should be shifted -left until the byte with EON = 0 is found to terminate the number. - -The VLI used is predicated around 32-bit unsigned integers - -Examples: - - - 0x30 = 48 - - 0x81 30 = 176 - - 0x81 0x80 0x00 = 16384 - -Bytes | Range ----|--- -1|<= 127 -2|<= 16K - 1 -3|<= 2M -1 -4|<= 256M - 1 -5|<= 4G - 1 - -The coding is very efficient if there's a high probabilty the number being -stored is not large. So it's great for line numbers for example, where most -files have less that 16K lines and the VLI for the line number fits in 2 bytes, -but if you meet a huge file, the VLI coding can also handle it. - -All numbers except a few in the headers that are actually written after the -following data are stored using VLI for space- efficiency without limiting -capability. The numbers that are fixed up after the fact have to have a fixed -size and can't use VLI. - -### File header - -The first byte of the file header where the magic is, is "fileoffset" 0. All -the stored "fileoffset"s are relative to that. - -The header has a fixed size of 16 bytes. - -size|function ----|--- -32-bits|Magic 0xCA7A5F75 -32-bits|Fileoffset to root trie entry -32-bits|Size of the trie file when it was created (to detect truncation) -32-bits|Fileoffset to the filepath map -32-bits|Number of filepaths - -### Filepath line tables - -Immediately after the file header are the line length tables. - -As the input files are parsed, line length tables are written for each file... -at that time the rest of the parser data is held in memory so nothing else is -in the file yet. These allow you to map logical line numbers in the file to -file offsets space- and time- efficiently without having to walk through the -file contents. - -The line information is cut into blocks, allowing quick skipping over the VLI -data that doesn't contain the line you want just by following the 8-byte header -part. - -Once you find the block with your line, you have to iteratively add the VLIs -until you hit the one you want. - -For normal text files with average line length below 128, the VLIs will -typically be a single byte. So a block of 200 line lengths is typically -208 bytes long. - -There is a final linetable chunk consisting of all zeros to indicate the end -of the filepath line chunk series for a filepath. - -size|function ----|--- -16-bit|length of this chunk itself in bytes -16-bit|count of lines covered in this chunk -32-bit|count of bytes in the input file this chunk covers -VLI...|for each line in the chunk, the number of bytes in the line - - -### Filepaths - -The single trie in the file may contain information from multiple files, for -example one trie may cover all files in a directory. The "Filepaths" are -listed after the line tables, and referred to by index thereafter. - -For each filepath, one after the other: - -size|function ----|--- -VLI|fileoffset of the start of this filepath's line table -VLI|count of lines in the file -VLI|length of filepath in bytes -...|the filepath (with no NUL) - -### Filepath map - -To facilitate rapid filepath lookup, there's a filepath map table with a 32-bit -fileoffset per filepath. This is the way to convert filepath indexes to -information on the filepath like its name, etc - -size|function ----|--- -32-bit...|fileoffset to filepath table for each filepath - -### Trie entries - -Immediately after that, the trie entries are dumped, for each one a header: - -#### Trie entry header - -size|function ----|--- -VLI|Fileoffset of first file table in this trie entry instance list -VLI|number of child trie entries this trie entry has -VLI|number of instances this trie entry has - -The child list follows immediately after this header - -#### Trie entry instance file - -For each file that has instances of this symbol: - -size|function ----|--- -VLI|Fileoffset of next file table in this trie entry instance list -VLI|filepath index -VLI|count of line number instances following - -#### Trie entry file line number table - -Then for the file mentioned above, a list of all line numbers in the file with -the symbol in them, in ascending order. As a VLI, the median size per entry -will typically be ~15.9 bits due to the probability of line numbers below 16K. - -size|function ----|--- -VLI|line number -... - -#### Trie entry child table - -For each child node - -size|function ----|--- -VLI|file offset of child -VLI|instance count belonging directly to this child -VLI|aggregated number of instances down all descendent paths of child -VLI|aggregated number of children down all descendent paths of child -VLI|match string length -...|the match string diff --git a/lib/misc/fts/private.h b/lib/misc/fts/private.h deleted file mode 100644 index 066c76f..0000000 --- a/lib/misc/fts/private.h +++ /dev/null @@ -1,23 +0,0 @@ -#include - -/* if you need > 2GB trie files */ -//typedef off_t jg2_file_offset; -typedef uint32_t jg2_file_offset; - -struct lws_fts_file { - int fd; - jg2_file_offset root, flen, filepath_table; - int max_direct_hits; - int max_completion_hits; - int filepaths; -}; - - - -#define TRIE_FILE_HDR_SIZE 20 -#define MAX_VLI 5 - -#define LWS_FTS_LINES_PER_CHUNK 200 - -int -rq32(unsigned char *b, uint32_t *d); diff --git a/lib/misc/fts/trie-fd.c b/lib/misc/fts/trie-fd.c deleted file mode 100644 index cdb2e42..0000000 --- a/lib/misc/fts/trie-fd.c +++ /dev/null @@ -1,1001 +0,0 @@ -/* - * libjsongit2 - trie file functions - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "misc/fts/private.h" - -#include -#include -#include -#include -#include -#include - -#define AC_COUNT_STASHED_CHILDREN 8 - -struct ch { - jg2_file_offset ofs; - char name[64]; - int inst; - int child_agg; - int name_length; - int effpos; - int descendents; -}; - -struct wac { - struct ch ch[AC_COUNT_STASHED_CHILDREN]; - - jg2_file_offset self; - jg2_file_offset tifs; - int child_count; - int child; - - int agg; - int desc; - char done_children; - char once; -}; - -struct linetable { - struct linetable *next; - - int chunk_line_number_start; - int chunk_line_number_count; - - off_t chunk_filepos_start; - - off_t vli_ofs_in_index; -}; - -static uint32_t -b32(unsigned char *b) -{ - return (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3]; -} - -static uint16_t -b16(unsigned char *b) -{ - return (b[0] << 8) | b[1]; -} - -static int -lws_fts_filepath(struct lws_fts_file *jtf, int filepath_index, char *result, - size_t len, uint32_t *ofs_linetable, uint32_t *lines) -{ - unsigned char buf[256 + 15]; - uint32_t flen; - int ra, bp = 0; - size_t m; - off_t o; - - if (filepath_index > jtf->filepaths) - return 1; - - if (lseek(jtf->fd, jtf->filepath_table + (4 * filepath_index), - SEEK_SET) < 0) { - lwsl_err("%s: unable to seek\n", __func__); - - return 1; - } - - ra = read(jtf->fd, buf, 4); - if (ra < 0) - return 1; - - o = (unsigned int)b32(buf); - if (lseek(jtf->fd, o, SEEK_SET) < 0) { - lwsl_err("%s: unable to seek\n", __func__); - - return 1; - } - - ra = read(jtf->fd, buf, sizeof(buf)); - if (ra < 0) - return 1; - - if (ofs_linetable) - bp += rq32(&buf[bp], ofs_linetable); - else - bp += rq32(&buf[bp], &flen); - if (lines) - bp += rq32(&buf[bp], lines); - else - bp += rq32(&buf[bp], &flen); - bp += rq32(&buf[bp], &flen); - - m = flen; - if (len - 1 < m) - m = flen - 1; - - strncpy(result, (char *)&buf[bp], m); - result[m] = '\0'; - result[len - 1] = '\0'; - - return 0; -} - -/* - * returns -1 for fail or fd open on the trie file. - * - * *root is set to the position of the root trie entry. - * *flen is set to the length of the whole file - */ - -int -lws_fts_adopt(struct lws_fts_file *jtf) -{ - unsigned char buf[256]; - off_t ot; - - if (read(jtf->fd, buf, TRIE_FILE_HDR_SIZE) != TRIE_FILE_HDR_SIZE) { - lwsl_err("%s: unable to read file header\n", __func__); - goto bail; - } - - if (buf[0] != 0xca || buf[1] != 0x7a || - buf[2] != 0x5f || buf[3] != 0x75) { - lwsl_err("%s: bad magic %02X %02X %02X %02X\n", __func__, - buf[0], buf[1], buf[2], buf[3]); - goto bail; - } - - jtf->root = b32(&buf[4]); - - ot = lseek(jtf->fd, 0, SEEK_END); - if (ot < 0) { - lwsl_err("%s: unable to seek\n", __func__); - - goto bail; - } - jtf->flen = ot; - - if (jtf->flen != b32(&buf[8])) { - lwsl_err("%s: file size doesn't match expected\n", __func__); - - goto bail; - } - - jtf->filepath_table = b32(&buf[12]); - jtf->filepaths = b32(&buf[16]); - - return jtf->fd; - -bail: - return -1; -} - -struct lws_fts_file * -lws_fts_open(const char *filepath) -{ - struct lws_fts_file *jtf; - - jtf = lws_malloc(sizeof(*jtf), "fts open"); - if (!jtf) - goto bail1; - - jtf->fd = open(filepath, O_RDONLY); - if (jtf->fd < 0) { - lwsl_err("%s: unable to open %s\n", __func__, filepath); - goto bail2; - } - - if (lws_fts_adopt(jtf) < 0) - goto bail3; - - return jtf; - -bail3: - close(jtf->fd); -bail2: - lws_free(jtf); -bail1: - return NULL; -} - -void -lws_fts_close(struct lws_fts_file *jtf) -{ - close(jtf->fd); - lws_free(jtf); -} - -#define grab(_pos, _size) { \ - bp = 0; \ - if (lseek(jtf->fd, _pos, SEEK_SET) < 0) { \ - lwsl_err("%s: unable to seek\n", __func__); \ -\ - goto bail; \ - } \ -\ - ra = read(jtf->fd, buf, _size); \ - if (ra < 0) \ - goto bail; \ -} - -static struct linetable * -lws_fts_cache_chunktable(struct lws_fts_file *jtf, uint32_t ofs_linetable, - struct lwsac **linetable_head) -{ - struct linetable *lt, *first = NULL, **prev = NULL; - unsigned char buf[8]; - int line = 1, bp, ra; - off_t cfs = 0; - - *linetable_head = NULL; - - do { - grab(ofs_linetable, sizeof(buf)); - - lt = lwsac_use(linetable_head, sizeof(*lt), 0); - if (!lt) - goto bail; - if (!first) - first = lt; - - lt->next = NULL; - if (prev) - *prev = lt; - prev = <->next; - - lt->chunk_line_number_start = line; - lt->chunk_line_number_count = b16(&buf[bp + 2]); - lt->vli_ofs_in_index = ofs_linetable + 8; - lt->chunk_filepos_start = cfs; - - line += lt->chunk_line_number_count; - - cfs += b32(&buf[bp + 4]); - ofs_linetable += b16(&buf[bp]); - - } while (b16(&buf[bp])); - - return first; - -bail: - lwsac_free(linetable_head); - - return NULL; -} - -static int -lws_fts_getfileoffset(struct lws_fts_file *jtf, struct linetable *ltstart, - int line, off_t *_ofs) -{ - struct linetable *lt = ltstart; - unsigned char buf[LWS_FTS_LINES_PER_CHUNK * 5]; - uint32_t ll; - off_t ofs; - int bp, ra; - - /* first figure out which chunk */ - - do { - if (line >= lt->chunk_line_number_start && - line < lt->chunk_line_number_start + - lt->chunk_line_number_count) - break; - - lt = lt->next; - } while (lt); - - if (!lt) - goto bail; - - /* we know it's in this chunk */ - - ofs = lt->chunk_filepos_start; - line -= lt->chunk_line_number_start; - - grab(lt->vli_ofs_in_index, sizeof(buf)); - - bp = 0; - while (line) { - bp += rq32(&buf[bp], &ll); - ofs += ll; - line--; - } - - /* we know the offset it is at in the original file */ - - *_ofs = ofs; - - return 0; - -bail: - lwsl_info("%s: bail %d\n", __func__, line); - - return 1; -} - -static int -ac_record(struct lws_fts_file *jtf, struct lwsac **results_head, - const char *needle, int pos, struct wac *s, int sp, - uint32_t instances, uint32_t agg_instances, uint32_t children, - struct lws_fts_result_autocomplete ***ppac) -{ - struct lws_fts_result_autocomplete *ac; - int n, m; - char *p; - - if (!instances && !agg_instances) - return 1; - - m = pos; - for (n = 1; n <= sp; n++) - m += s[n].ch[s[n].child - 1].name_length; - - ac = lwsac_use(results_head, sizeof(*ac) + m + 1, 0); - if (!ac) - return -1; - - p = (char *)(ac + 1); - - **ppac = ac; - ac->next = NULL; - *ppac = &ac->next; - ac->instances = instances; - ac->agg_instances = agg_instances; - ac->ac_length = m; - ac->has_children = !!children; - ac->elided = 0; - - memcpy(p, needle, pos); - p += pos; - - for (n = 1; n <= sp; n++) { - int w = s[n].child - 1; - - memcpy(p, s[n].ch[w].name, s[n].ch[w].name_length); - p += s[n].ch[w].name_length; - } - p = (char *)(ac + 1); - p[m] = '\0'; - - /* - * deduct this child's instance weight from his antecdents to track - * relative path attractiveness dynamically, after we already used its - * best results (children are sorted best-first) - */ - for (n = sp; n >= 0; n--) { - s[n].ch[s[n].child - 1].child_agg -= instances; - s[n].agg -= instances; - } - - return 0; -} - -struct lws_fts_result * -lws_fts_search(struct lws_fts_file *jtf, struct lws_fts_search_params *ftsp) -{ - uint32_t children, instances, co, sl, agg, slt, chunk, - fileofs_tif_start, desc, agg_instances; - int pos = 0, n, m, nl, bp, base = 0, ra, palm, budget, sp, ofd = -1; - unsigned long long tf = lws_now_usecs(); - struct lws_fts_result_autocomplete **pac = NULL; - char stasis, nac = 0, credible, needle[32]; - struct lws_fts_result_filepath *fp; - struct lws_fts_result *result; - unsigned char buf[4096]; - off_t o, child_ofs; - struct wac s[128]; - - ftsp->results_head = NULL; - - if (!ftsp->needle) - return NULL; - - nl = (int)strlen(ftsp->needle); - if ((size_t)nl > sizeof(needle) - 2) - return NULL; - - result = lwsac_use(&ftsp->results_head, sizeof(*result), 0); - if (!result) - return NULL; - - /* start with no results... */ - - result->autocomplete_head = NULL; - pac = &result->autocomplete_head; - result->filepath_head = NULL; - result->duration_ms = 0; - result->effective_flags = ftsp->flags; - - palm = 0; - - for (n = 0; n < nl; n++) - needle[n] = tolower(ftsp->needle[n]); - needle[nl] = '\0'; - - o = jtf->root; - do { - bp = 0; - base = 0; - - grab(o, sizeof(buf)); - - child_ofs = o + bp; - bp += rq32(&buf[bp], &fileofs_tif_start); - bp += rq32(&buf[bp], &children); - bp += rq32(&buf[bp], &instances); - bp += rq32(&buf[bp], &agg_instances); - palm = pos; - - /* the children follow here */ - - if (pos == nl) { - - nac = 0; - if (!fileofs_tif_start) - /* - * we matched, but there are no instances of - * this, it's actually an intermediate - */ - - goto autocomp; - - /* we leave with bp positioned at the instance list */ - - o = fileofs_tif_start; - grab(o, sizeof(buf)); - break; - } - - if (ra - bp < 1024) { - - /* - * We don't have enough. So reload the buffer starting - * at where we got to. - */ - - base += bp; - grab(o + base, sizeof(buf)); - } - - /* gets set if any child COULD match needle if it went on */ - - credible = 0; - for (n = 0; (uint32_t)n < children; n++) { - uint32_t inst; - - bp += rq32(&buf[bp], &co); - bp += rq32(&buf[bp], &inst); - bp += rq32(&buf[bp], &agg); - bp += rq32(&buf[bp], &desc); - bp += rq32(&buf[bp], &sl); - - if (sl > (uint32_t)(nl - pos)) { - - /* - * it can't be a match because it's longer than - * our needle string (but that leaves it as a - * perfectly fine autocomplete candidate) - */ - size_t g = nl - pos; - - /* - * "credible" means at least one child matches - * all the chars in needle up to as many as it - * has. If not "credible" this path cannot - * match. - */ - if (!strncmp((char *)&buf[bp], &needle[pos], g)) - credible = 1; - else - /* - * deflate the parent agg using the - * knowledge this child is not on the - * path shown by the remainder of needle - */ - agg_instances -= agg; - - nac = 0; - bp += sl; - slt = 0; - pos = palm; - goto ensure; - } - - /* the comparison string potentially has huge length */ - - slt = sl; - while (slt) { - - /* - * the strategy is to compare whatever we have - * lying around, then bring in more if it didn't - * fail to match yet. That way we don't bring - * in anything we could already have known was - * not needed due to a match fail. - */ - - chunk = ra - bp; - if (chunk > slt) - chunk = slt; - - if ((chunk == 1 && needle[pos] != buf[bp]) || - (chunk != 1 && - memcmp(&needle[pos], &buf[bp], chunk))) { - - /* - * it doesn't match... so nothing can - * autocomplete this... - */ - bp += slt; - slt = 0; - nac = 1; - goto ensure; - } - - slt -= chunk; - pos += chunk; - bp += chunk; - - /* so far, it matches */ - - if (!slt) { - /* we matched the whole thing */ - o = co; - if (!co) - goto bail; - n = (int)children; - credible = 1; - } - -ensure: - /* - * do we have at least buf more to match, or the - * remainder of the string, whichever is less? - * - * bp may exceed sizeof(buf) on no match path - */ - chunk = sizeof(buf); - if (slt < chunk) - chunk = slt; - - if (ra - bp >= (int)chunk) - continue; - - /* - * We don't have enough. So reload buf starting - * at where we got to. - */ - base += bp; - grab(o + base, sizeof(buf)); - - } /* while we are still comparing */ - - } /* for each child */ - - if ((uint32_t)n == children) { - if (!credible) - goto bail; - - nac = 0; - goto autocomp; - } - } while(1); - - result->duration_ms = (int)((lws_now_usecs() - tf) / 1000); - - if (!instances && !children) - return result; - - /* the match list may easily exceed one read buffer load ... */ - - o += bp; - - /* - * Only do the file match list if it was requested in the search flags - */ - - if (!(ftsp->flags & LWSFTS_F_QUERY_FILES)) - goto autocomp; - - do { - uint32_t fi, tot, line, ro, ofs_linetable, lines, fplen, - *u, _o; - struct lwsac *lt_head = NULL; - struct linetable *ltst; - char path[256], *pp; - int footprint; - off_t fo; - - ofd = -1; - grab(o, sizeof(buf)); - - ro = o; - bp += rq32(&buf[bp], &_o); - o = _o; - - assert(!o || o > TRIE_FILE_HDR_SIZE); - - bp += rq32(&buf[bp], &fi); - bp += rq32(&buf[bp], &tot); - - if (lws_fts_filepath(jtf, fi, path, sizeof(path) - 1, - &ofs_linetable, &lines)) { - lwsl_err("can't get filepath index %d\n", fi); - goto bail; - } - - if (ftsp->only_filepath && strcmp(path, ftsp->only_filepath)) - continue; - - ltst = lws_fts_cache_chunktable(jtf, ofs_linetable, <_head); - if (!ltst) - goto bail; - - if (ftsp->flags & LWSFTS_F_QUERY_QUOTE_LINE) { - ofd = open(path, O_RDONLY); - if (ofd < 0) { - lwsac_free(<_head); - goto bail; - } - } - - fplen = (int)strlen(path); - footprint = sizeof(*fp) + fplen + 1; - if (ftsp->flags & LWSFTS_F_QUERY_FILE_LINES) { - /* line number and offset in file */ - footprint += 2 * sizeof(uint32_t) * tot; - - if (ftsp->flags & LWSFTS_F_QUERY_QUOTE_LINE) - /* pointer to quote string */ - footprint += sizeof(void *) * tot; - } - - fp = lwsac_use(&ftsp->results_head, footprint, 0); - if (!fp) { - lwsac_free(<_head); - goto bail; - } - - fp->filepath_length = fplen; - fp->lines_in_file = lines; - fp->matches = tot; - fp->matches_length = footprint - sizeof(*fp) - (fplen + 1); - fp->next = result->filepath_head; - result->filepath_head = fp; - - /* line table first so it can be aligned */ - - u = (uint32_t*)(fp + 1); - - if (ftsp->flags & LWSFTS_F_QUERY_FILE_LINES) { - - /* for each line number */ - - for (n = 0; (uint32_t)n < tot; n++) { - - unsigned char lbuf[256], *p; - char ebuf[384]; - const char **v; - int m; - - if ((ra - bp) < 8) { - base += bp; - grab(ro + base, sizeof(buf)); - } - - bp += rq32(&buf[bp], &line); - *u++ = line; - - if (lws_fts_getfileoffset(jtf, ltst, line, &fo)) - continue; - - *u++ = (uint32_t)fo; - - if (!(ftsp->flags & LWSFTS_F_QUERY_QUOTE_LINE)) - continue; - - if (lseek(ofd, fo, SEEK_SET) < 0) - continue; - - m = read(ofd, lbuf, sizeof(lbuf) - 1); - if (m < 0) - continue; - lbuf[sizeof(lbuf) - 1] = '\0'; - - p = (unsigned char *)strchr((char *)lbuf, '\n'); - if (p) - m = lws_ptr_diff(p, lbuf); - lbuf[m] = '\0'; - p = (unsigned char *)strchr((char *)lbuf, '\r'); - if (p) - m = lws_ptr_diff(p, lbuf); - lbuf[m] = '\0'; - - lws_json_purify(ebuf, (const char *)lbuf, - sizeof(ebuf) - 1); - m = (int)strlen(ebuf); - - p = lwsac_use(&ftsp->results_head, m + 1, 0); - if (!p) { - lwsac_free(<_head); - goto bail; - } - - memcpy(p, ebuf, m); - p[m] = '\0'; - v = (const char **)u; - *v = (const char *)p; - u += sizeof(const char *) / sizeof(uint32_t); - } - } - - pp = ((char *)&fp[1]) + fp->matches_length; - memcpy(pp, path, fplen); - pp[fplen] = '\0'; - - if (ofd >= 0) { - close(ofd); - ofd = -1; - } - - lwsac_free(<_head); - - if (ftsp->only_filepath) - break; - - } while (o); - - /* sort the instance file list by results density */ - - do { - struct lws_fts_result_filepath **prf, *rf1, *rf2; - - stasis = 1; - - /* bubble sort keeps going until nothing changed */ - - prf = &result->filepath_head; - while (*prf) { - - rf1 = *prf; - rf2 = rf1->next; - - if (rf2 && rf1->lines_in_file && rf2->lines_in_file && - ((rf1->matches * 1000) / rf1->lines_in_file) < - ((rf2->matches * 1000) / rf2->lines_in_file)) { - stasis = 0; - - *prf = rf2; - rf1->next = rf2->next; - rf2->next = rf1; - } - - prf = &(*prf)->next; - } - - } while (!stasis); - -autocomp: - - if (!(ftsp->flags & LWSFTS_F_QUERY_AUTOCOMPLETE) || nac) - return result; - - /* - * autocomplete (ie, the descendent paths that yield the most hits) - * - * We actually need to spider the earliest terminal descendents from - * the child we definitely got past, and present the first n terminal - * strings. The descendents are already sorted in order of highest - * aggregated hits in their descendents first, so simply collecting n - * earliest leaf children is enough. - * - * The leaf children may be quite deep down in a stack however. So we - * have to go through all the walking motions collecting and retaining - * child into for when we come back up the walk. - * - * We can completely ignore file instances for this, we just need the - * earliest children. And we can restrict how many children we stash - * in each stack level to eg, 5. - * - * child_ofs comes in pointing at the start of the trie entry that is - * to be the starting point for making suggestions. - */ - - budget = ftsp->max_autocomplete; - base = 0; - bp = 0; - pac = &result->autocomplete_head; - sp = 0; - if (pos > (int)sizeof(s[sp].ch[0].name) - 1) - pos = (int)sizeof(s[sp].ch[0].name) - 1; - - memset(&s[sp], 0, sizeof(s[sp])); - - s[sp].child = 1; - s[sp].tifs = fileofs_tif_start; - s[sp].self = child_ofs; - s[sp].ch[0].effpos = pos; - - if (pos == nl) - n = ac_record(jtf, &ftsp->results_head, needle, pos, s, 0, - instances, agg_instances, children, &pac); - - while (sp >= 0 && budget) { - int nobump = 0; - struct ch *tch = &s[sp].ch[s[sp].child - 1]; - - grab(child_ofs, sizeof(buf)); - - bp += rq32(&buf[bp], &fileofs_tif_start); - bp += rq32(&buf[bp], &children); - bp += rq32(&buf[bp], &instances); - bp += rq32(&buf[bp], &agg_instances); - - if (sp > 0 && s[sp - 1].done_children && - tch->effpos + tch->name_length >= nl && - tch->inst && fileofs_tif_start) { - n = ac_record(jtf, &ftsp->results_head, needle, pos, s, - sp, tch->inst, tch->child_agg, - tch->descendents, &pac); - if (n < 0) - goto bail; - if (!n) - if (--budget == 0) - break; - } - - if (!s[sp].done_children && children) { - s[sp].done_children = 1; - sp++; - memset(&s[sp], 0, sizeof(s[sp])); - s[sp].tifs = fileofs_tif_start; - s[sp].self = child_ofs; - - for (n = 0; n < (int)children && s[sp].child_count < - (int)LWS_ARRAY_SIZE(s[0].ch); n++) { - uint32_t slen, cho, agg, inst; - int i = s[sp].child_count; - struct ch *ch = &s[sp].ch[i]; - size_t max; - - bp += rq32(&buf[bp], &cho); - bp += rq32(&buf[bp], &inst); - bp += rq32(&buf[bp], &agg); - bp += rq32(&buf[bp], &desc); - bp += rq32(&buf[bp], &slen); - - max = slen; - if (max > sizeof(ch->name) - 1) - max = sizeof(ch->name) - 1; - - strncpy(ch->name, (char *)&buf[bp], max); - bp += slen; - - ch->name_length = (int)max; - ch->name[sizeof(ch->name) - 1] = '\0'; - ch->inst = inst; - ch->effpos = - s[sp - 1].ch[s[sp - 1].child - 1].effpos; - - ch->child_agg = agg; - ch->descendents = desc; - - /* - * if we have more needle chars than we matched - * to get this far, we can only allow potential - * matches that are consistent with the - * additional unmatched character(s)... - */ - - m = nl - ch->effpos; - if (m > ch->name_length) - m = ch->name_length; - - if (m > 0 && - strncmp(&needle[ch->effpos], ch->name, m)) - continue; - - ch->effpos += m; - s[sp].ch[s[sp].child_count++].ofs = cho; - } - - } - - while (sp >= 0 && s[sp].child >= s[sp].child_count) { - s[sp].done_children = 0; - sp--; - } - - /* - * Compare parent remaining agg vs parent's next siblings' still - * intact original agg... if the next sibling has more, abandon - * the parent path and go with the sibling... this keeps the - * autocomplete results related to popularity. - */ - - nobump = 0; - n = sp - 1; - while (n >= 0) { - struct lws_fts_result_autocomplete *ac = - (struct lws_fts_result_autocomplete *)pac; - - if (s[n].child < s[n].child_count && - s[n].ch[s[n].child - 1].child_agg < - s[n].ch[s[n].child].child_agg) { - - if (pac) - /* - * mark the autocomplete result that - * there were more children down his - * path that we skipped in these results - */ - ac->elided = 1; - - for (m = n; m < sp + 1; m++) - s[m].done_children = 0; - sp = n; - child_ofs = s[sp].ch[s[sp].child++].ofs; - nobump = 1; - } - - n--; - } - - if (nobump || sp < 0) - continue; - - child_ofs = s[sp].ch[s[sp].child++].ofs; - } - - /* let's do a final sort into agg order */ - - do { - struct lws_fts_result_autocomplete *ac1, *ac2; - - stasis = 1; - - /* bubble sort keeps going until nothing changed */ - - pac = &result->autocomplete_head; - while (*pac) { - - ac1 = *pac; - ac2 = ac1->next; - - if (ac2 && ac1->instances < ac2->instances) { - stasis = 0; - - *pac = ac2; - ac1->next = ac2->next; - ac2->next = ac1; - } - - pac = &(*pac)->next; - } - - } while (!stasis); - - return result; - -bail: - if (ofd >= 0) - close(ofd); - - lwsl_info("%s: search ended up at bail\n", __func__); - - return result; -} diff --git a/lib/misc/fts/trie.c b/lib/misc/fts/trie.c deleted file mode 100644 index d188165..0000000 --- a/lib/misc/fts/trie.c +++ /dev/null @@ -1,1369 +0,0 @@ -/* - * libwebsockets - trie - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * The functions allow - * - * - collecting a concordance of strings from one or more files (eg, a - * directory of files) into a single in-memory, lac-backed trie; - * - * - to optimize and serialize the in-memory trie to an fd; - * - * - to very quickly report any instances of a string in any of the files - * indexed by the trie, by a seeking around a serialized trie fd, without - * having to load it all in memory - */ - -#include "core/private.h" -#include "misc/fts/private.h" - -#include -#include -#include -#include -#include -#include - -struct lws_fts_entry; - -/* notice these are stored in t->lwsac_input_head which has input file scope */ - -struct lws_fts_filepath { - struct lws_fts_filepath *next; - struct lws_fts_filepath *prev; - char filepath[256]; - jg2_file_offset ofs; - jg2_file_offset line_table_ofs; - int filepath_len; - int file_index; - int total_lines; - int priority; -}; - -/* notice these are stored in t->lwsac_input_head which has input file scope */ - -struct lws_fts_lines { - struct lws_fts_lines *lines_next; - /* - * amount of line numbers needs to meet average count for best - * efficiency. - * - * Line numbers are stored in VLI format since if we don't, around half - * the total lac allocation consists of struct lws_fts_lines... - * size chosen to maintain 8-byte struct alignment - */ - uint8_t vli[119]; - char count; -}; - -/* this represents the instances of a symbol inside a given filepath */ - -struct lws_fts_instance_file { - /* linked-list of tifs generated for current file */ - struct lws_fts_instance_file *inst_file_next; - struct lws_fts_entry *owner; - struct lws_fts_lines *lines_list, *lines_tail; - uint32_t file_index; - uint32_t total; - - /* - * optimization for the common case there's only 1 - ~3 matches, so we - * don't have to allocate any lws_fts_lines struct - * - * Using 8 bytes total for this maintains 8-byte struct alignment... - */ - - uint8_t vli[7]; - char count; -}; - -/* - * this is the main trie in-memory allocation object - */ - -struct lws_fts_entry { - struct lws_fts_entry *parent; - - struct lws_fts_entry *child_list; - struct lws_fts_entry *sibling; - - /* - * care... this points to content in t->lwsac_input_head, it goes - * out of scope when the input file being indexed completes - */ - struct lws_fts_instance_file *inst_file_list; - - jg2_file_offset ofs_last_inst_file; - - char *suffix; /* suffix string or NULL if one char (in .c) */ - jg2_file_offset ofs; - uint32_t child_count; - uint32_t instance_count; - uint32_t agg_inst_count; - uint32_t agg_child_count; - uint32_t suffix_len; - unsigned char c; -}; - -/* there's only one of these per trie file */ - -struct lws_fts { - struct lwsac *lwsac_head; - struct lwsac *lwsac_input_head; - struct lws_fts_entry *root; - struct lws_fts_filepath *filepath_list; - struct lws_fts_filepath *fp; - - struct lws_fts_entry *parser; - struct lws_fts_entry *root_lookup[256]; - - /* - * head of linked-list of tifs generated for current file - * care... this points to content in t->lwsac_input_head - */ - struct lws_fts_instance_file *tif_list; - - jg2_file_offset c; /* length of output file so far */ - - uint64_t agg_trie_creation_us; - uint64_t agg_raw_input; - uint64_t worst_lwsac_input_size; - int last_file_index; - int chars_in_line; - jg2_file_offset last_block_len_ofs; - int line_number; - int lines_in_unsealed_linetable; - int next_file_index; - int count_entries; - - int fd; - unsigned int agg_pos; - unsigned int str_match_pos; - - unsigned char aggregate; - unsigned char agg[128]; -}; - -/* since the kernel case allocates >300MB, no point keeping this too low */ - -#define TRIE_LWSAC_BLOCK_SIZE (1024 * 1024) - -#define spill(margin, force) \ - if (bp && ((uint32_t)bp >= (sizeof(buf) - (margin)) || (force))) { \ - if (write(t->fd, buf, bp) != bp) { \ - lwsl_err("%s: write %d failed (%d)\n", __func__, \ - bp, errno); \ - return 1; \ - } \ - t->c += bp; \ - bp = 0; \ - } - -static int -g32(unsigned char *b, uint32_t d) -{ - *b++ = (d >> 24) & 0xff; - *b++ = (d >> 16) & 0xff; - *b++ = (d >> 8) & 0xff; - *b = d & 0xff; - - return 4; -} - -static int -g16(unsigned char *b, int d) -{ - *b++ = (d >> 8) & 0xff; - *b = d & 0xff; - - return 2; -} - -static int -wq32(unsigned char *b, uint32_t d) -{ - unsigned char *ob = b; - - if (d > (1 << 28) - 1) - *b++ = ((d >> 28) | 0x80) & 0xff; - - if (d > (1 << 21) - 1) - *b++ = ((d >> 21) | 0x80) & 0xff; - - if (d > (1 << 14) - 1) - *b++ = ((d >> 14) | 0x80) & 0xff; - - if (d > (1 << 7) - 1) - *b++ = ((d >> 7) | 0x80) & 0xff; - - *b++ = d & 0x7f; - - return (int)(b - ob); -} - - -/* read a VLI, return the number of bytes used */ - -int -rq32(unsigned char *b, uint32_t *d) -{ - unsigned char *ob = b; - uint32_t t = 0; - - t = *b & 0x7f; - if (*(b++) & 0x80) { - t = (t << 7) | (*b & 0x7f); - if (*(b++) & 0x80) { - t = (t << 7) | (*b & 0x7f); - if (*(b++) & 0x80) { - t = (t << 7) | (*b & 0x7f); - if (*(b++) & 0x80) { - t = (t << 7) | (*b & 0x7f); - b++; - } - } - } - } - - *d = t; - - return (int)(b - ob); -} - -struct lws_fts * -lws_fts_create(int fd) -{ - struct lws_fts *t; - struct lwsac *lwsac_head = NULL; - unsigned char buf[TRIE_FILE_HDR_SIZE]; - - t = lwsac_use(&lwsac_head, sizeof(*t), TRIE_LWSAC_BLOCK_SIZE); - if (!t) - return NULL; - - memset(t, 0, sizeof(*t)); - - t->fd = fd; - t->lwsac_head = lwsac_head; - t->root = lwsac_use(&lwsac_head, sizeof(*t->root), - TRIE_LWSAC_BLOCK_SIZE); - if (!t->root) - goto unwind; - - memset(t->root, 0, sizeof(*t->root)); - t->parser = t->root; - t->last_file_index = -1; - t->line_number = 1; - t->filepath_list = NULL; - - memset(t->root_lookup, 0, sizeof(*t->root_lookup)); - - /* write the header */ - - buf[0] = 0xca; - buf[1] = 0x7a; - buf[2] = 0x5f; - buf[3] = 0x75; - - /* (these are filled in with correct data at the end) */ - - /* file offset to root trie entry */ - g32(&buf[4], 0); - /* file length when it was created */ - g32(&buf[8], 0); - /* fileoffset to the filepath table */ - g32(&buf[0xc], 0); - /* count of filepaths */ - g32(&buf[0x10], 0); - - if (write(t->fd, buf, TRIE_FILE_HDR_SIZE) != TRIE_FILE_HDR_SIZE) { - lwsl_err("%s: trie header write failed\n", __func__); - goto unwind; - } - - t->c = TRIE_FILE_HDR_SIZE; - - return t; - -unwind: - lwsac_free(&lwsac_head); - - return NULL; -} - -void -lws_fts_destroy(struct lws_fts **trie) -{ - struct lwsac *lwsac_head = (*trie)->lwsac_head; - lwsac_free(&(*trie)->lwsac_input_head); - lwsac_free(&lwsac_head); - *trie = NULL; -} - -int -lws_fts_file_index(struct lws_fts *t, const char *filepath, int filepath_len, - int priority) -{ - struct lws_fts_filepath *fp = t->filepath_list; -#if 0 - while (fp) { - if (fp->filepath_len == filepath_len && - !strcmp(fp->filepath, filepath)) - return fp->file_index; - - fp = fp->next; - } -#endif - fp = lwsac_use(&t->lwsac_head, sizeof(*fp), TRIE_LWSAC_BLOCK_SIZE); - if (!fp) - return -1; - - fp->next = t->filepath_list; - t->filepath_list = fp; - strncpy(fp->filepath, filepath, sizeof(fp->filepath) - 1); - fp->filepath[sizeof(fp->filepath) - 1] = '\0'; - fp->filepath_len = filepath_len; - fp->file_index = t->next_file_index++; - fp->line_table_ofs = t->c; - fp->priority = priority; - fp->total_lines = 0; - t->fp = fp; - - return fp->file_index; -} - -static struct lws_fts_entry * -lws_fts_entry_child_add(struct lws_fts *t, unsigned char c, - struct lws_fts_entry *parent) -{ - struct lws_fts_entry *e, **pe; - - e = lwsac_use(&t->lwsac_head, sizeof(*e), TRIE_LWSAC_BLOCK_SIZE); - if (!e) - return NULL; - - memset(e, 0, sizeof(*e)); - - e->c = c; - parent->child_count++; - e->parent = parent; - t->count_entries++; - - /* keep the parent child list in ascending sort order for c */ - - pe = &parent->child_list; - while (*pe) { - assert((*pe)->parent == parent); - if ((*pe)->c > c) { - /* add it before */ - e->sibling = *pe; - *pe = e; - break; - } - pe = &(*pe)->sibling; - } - - if (!*pe) { - /* add it at the end */ - e->sibling = NULL; - *pe = e; - } - - return e; -} - -static int -finalize_per_input(struct lws_fts *t) -{ - struct lws_fts_instance_file *tif; - unsigned char buf[8192]; - uint64_t lwsac_input_size; - jg2_file_offset temp; - int bp = 0; - - bp += g16(&buf[bp], 0); - bp += g16(&buf[bp], 0); - bp += g32(&buf[bp], 0); - if (write(t->fd, buf, bp) != bp) - return 1; - t->c += bp; - bp = 0; - - /* - * Write the generated file index + instances (if any) - * - * Notice the next same-parent file instance fileoffset list is - * backwards, so it does not require seeks to fill in. The first - * entry has 0 but the second entry points to the first entry (whose - * fileoffset is known). - * - * After all the file instance structs are finalized, - * .ofs_last_inst_file contains the fileoffset of that child's tif - * list head in the file. - * - * The file instances are written to disk in the order that the files - * were indexed, along with their prev pointers inline. - */ - - tif = t->tif_list; - while (tif) { - struct lws_fts_lines *i; - - spill((3 * MAX_VLI) + tif->count, 0); - - temp = tif->owner->ofs_last_inst_file; - if (tif->total) - tif->owner->ofs_last_inst_file = t->c + bp; - - assert(!temp || (temp > TRIE_FILE_HDR_SIZE && temp < t->c)); - - /* fileoffset of prev instance file for this entry, or 0 */ - bp += wq32(&buf[bp], temp); - bp += wq32(&buf[bp], tif->file_index); - bp += wq32(&buf[bp], tif->total); - - /* remove any pointers into this disposable lac footprint */ - tif->owner->inst_file_list = NULL; - - memcpy(&buf[bp], &tif->vli, tif->count); - bp += tif->count; - - i = tif->lines_list; - while (i) { - spill(i->count, 0); - memcpy(&buf[bp], &i->vli, i->count); - bp += i->count; - - i = i->lines_next; - } - - tif = tif->inst_file_next; - } - - spill(0, 1); - - assert(lseek(t->fd, 0, SEEK_END) == (off_t)t->c); - - if (t->lwsac_input_head) { - lwsac_input_size = lwsac_total_alloc(t->lwsac_input_head); - if (lwsac_input_size > t->worst_lwsac_input_size) - t->worst_lwsac_input_size = lwsac_input_size; - } - - /* - * those per-file allocations are all on a separate lac so we can - * free it cleanly afterwards - */ - lwsac_free(&t->lwsac_input_head); - - /* and lose the pointer into the deallocated lac */ - t->tif_list = NULL; - - return 0; -} - -/* - * 0 = punctuation, whitespace, brackets etc - * 1 = character inside symbol set - * 2 = upper-case character inside symbol set - */ - -static char classify[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0, 0, - 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 0, 0, 0, 0, 1, //1, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, -}; - -#if 0 -static const char * -name_entry(struct lws_fts_entry *e1, char *s, int len) -{ - struct lws_fts_entry *e2; - int n = len; - - s[--n] = '\0'; - - e2 = e1; - while (e2) { - if (e2->suffix) { - if ((int)e2->suffix_len < n) { - n -= e2->suffix_len; - memcpy(&s[n], e2->suffix, e2->suffix_len); - } - } else { - n--; - s[n] = e2->c; - } - - e2 = e2->parent; - } - - return &s[n + 1]; -} -#endif - -/* - * as we parse the input, we create a line length table for the file index. - * Only the file header has been written before we start doing this. - */ - -int -lws_fts_fill(struct lws_fts *t, uint32_t file_index, const char *buf, - size_t len) -{ - unsigned long long tf = lws_now_usecs(); - unsigned char c, linetable[256], vlibuf[8]; - struct lws_fts_entry *e, *e1, *dcl; - struct lws_fts_instance_file *tif; - int bp = 0, sline, chars, m; - char *osuff, skipline = 0; - struct lws_fts_lines *tl; - unsigned int olen, n; - off_t lbh; - - if ((int)file_index != t->last_file_index) { - if (t->last_file_index >= 0) - finalize_per_input(t); - t->last_file_index = file_index; - t->line_number = 1; - t->chars_in_line = 0; - t->lines_in_unsealed_linetable = 0; - } - - t->agg_raw_input += len; - -resume: - - chars = 0; - lbh = t->c; - sline = t->line_number; - bp += g16(&linetable[bp], 0); - bp += g16(&linetable[bp], 0); - bp += g32(&linetable[bp], 0); - - while (len) { - char go_around = 0; - - if (t->lines_in_unsealed_linetable >= LWS_FTS_LINES_PER_CHUNK) - break; - - len--; - - c = (unsigned char)*buf++; - t->chars_in_line++; - if (c == '\n') { - skipline = 0; - t->filepath_list->total_lines++; - t->lines_in_unsealed_linetable++; - t->line_number++; - - bp += wq32(&linetable[bp], t->chars_in_line); - if ((unsigned int)bp > sizeof(linetable) - 6) { - if (write(t->fd, linetable, bp) != bp) { - lwsl_err("%s: linetable write failed\n", - __func__); - return 1; - } - t->c += bp; - bp = 0; - // assert(lseek(t->fd, 0, SEEK_END) == t->c); - } - - chars += t->chars_in_line; - t->chars_in_line = 0; - - /* - * Detect overlength lines and skip them (eg, BASE64 - * in css etc) - */ - - if (len > 200) { - n = 0; - m = 0; - while (n < 200 && m < 80 && buf[n] != '\n') { - if (buf[n] == ' ' || buf[n] == '\t') - m = 0; - n++; - m++; - } - - /* 80 lines no whitespace, or >=200-char line */ - - if (m == 80 || n == 200) - skipline = 1; - } - - goto seal; - } - if (skipline) - continue; - - m = classify[(int)c]; - if (!m) - goto seal; - if (m == 2) - c += 'a' - 'A'; - - if (t->aggregate) { - - /* - * We created a trie entry for an earlier char in this - * symbol already. So we know at the moment, any - * further chars in the symbol are the only children. - * - * Aggregate them and add them as a string suffix to - * the trie symbol at the end (when we know how much to - * allocate). - */ - - if (t->agg_pos < sizeof(t->agg) - 1) - /* symbol is not too long to stash */ - t->agg[t->agg_pos++] = c; - - continue; - } - - if (t->str_match_pos) { - go_around = 1; - goto seal; - } - - /* zeroth-iteration child matching */ - - if (t->parser == t->root) { - e = t->root_lookup[(int)c]; - if (e) { - t->parser = e; - continue; - } - } else { - - /* look for the char amongst the children */ - - e = t->parser->child_list; - while (e) { - - /* since they're alpha ordered... */ - if (e->c > c) { - e = NULL; - break; - } - if (e->c == c) { - t->parser = e; - - if (e->suffix) - t->str_match_pos = 1; - - break; - } - - e = e->sibling; - } - - if (e) - continue; - } - - /* - * we are blazing a new trail, add a new child representing - * the whole suffix that couldn't be matched until now. - */ - - e = lws_fts_entry_child_add(t, c, t->parser); - if (!e) { - lwsl_err("%s: lws_fts_entry_child_add failed\n", - __func__); - return 1; - } - - /* if it's the root node, keep the root_lookup table in sync */ - - if (t->parser == t->root) - t->root_lookup[(int)c] = e; - - /* follow the new path */ - t->parser = e; - - { - struct lws_fts_entry **pe = &e->child_list; - while (*pe) { - assert((*pe)->parent == e); - - pe = &(*pe)->sibling; - } - } - - /* - * If there are any more symbol characters coming, just - * create a suffix string on t->parser instead of what must - * currently be single-child nodes, since we just created e - * as a child with a single character due to no existing match - * on that single character... so if no match on 'h' with this - * guy's parent, we created e that matches on the single char - * 'h'. If the symbol continues ... 'a' 'p' 'p' 'y', then - * instead of creating singleton child nodes under e, - * modify e to match on the whole string suffix "happy". - * - * If later "hoppy" appears, we will remove the suffix on e, - * so it reverts to a char match for 'h', add singleton children - * for 'a' and 'o', and attach a "ppy" suffix child to each of - * those. - * - * We want to do this so we don't have to allocate trie entries - * for every char in the string to save memory and consequently - * time. - * - * Don't try this optimization if the parent is the root node... - * it's not compatible with it's root_lookup table and it's - * highly likely children off the root entry are going to have - * to be fragmented. - */ - - if (e->parent != t->root) { - t->aggregate = 1; - t->agg_pos = 0; - } - - continue; - -seal: - if (t->str_match_pos) { - - /* - * We're partway through matching an elaborated string - * on a child, not just a character. String matches - * only exist when we met a child entry that only had - * one path until now... so we had an 'h', and the - * only child had a string "hello". - * - * We are following the right path and will not need - * to back up, but we may find as we go we have the - * first instance of a second child path, eg, "help". - * - * When we get to the 'p', we have to split what was - * the only string option "hello" into "hel" and then - * two child entries, for "lo" and 'p'. - */ - - if (c == t->parser->suffix[t->str_match_pos++]) { - if (t->str_match_pos < t->parser->suffix_len) - continue; - - /* - * We simply matched everything, continue - * parsing normally from this trie entry. - */ - - t->str_match_pos = 0; - continue; - } - - /* - * So... we hit a mismatch somewhere... it means we - * have to split this string entry. - * - * We know the first char actually matched in order to - * start down this road. So for the current trie entry, - * we need to truncate his suffix at the char before - * this mismatched one, where we diverged (if the - * second char, simply remove the suffix string from the - * current trie entry to turn it back to a 1-char match) - * - * The original entry, which becomes the lhs post-split, - * is t->parser. - */ - - olen = t->parser->suffix_len; - osuff = t->parser->suffix; - - if (t->str_match_pos == 2) - t->parser->suffix = NULL; - else - t->parser->suffix_len = t->str_match_pos - 1; - - /* - * Then we need to create a new child trie entry that - * represents the remainder of the original string - * path that we didn't match. For the "hello" / - * "help" case, this guy will have "lo". - * - * Any instances or children (not siblings...) that were - * attached to the original trie entry must be detached - * first and then migrate to this new guy that completes - * the original string. - */ - - dcl = t->parser->child_list; - m = t->parser->child_count; - - t->parser->child_list = NULL; - t->parser->child_count = 0; - - e = lws_fts_entry_child_add(t, - osuff[t->str_match_pos - 1], t->parser); - if (!e) { - lwsl_err("%s: lws_fts_entry_child_add fail1\n", - __func__); - return 1; - } - - e->child_list = dcl; - e->child_count = m; - /* - * any children we took over must point to us as the - * parent now they appear on our child list - */ - e1 = e->child_list; - while (e1) { - e1->parent = e; - e1 = e1->sibling; - } - - /* - * We detached any children, gave them to the new guy - * and replaced them with just our new guy - */ - t->parser->child_count = 1; - t->parser->child_list = e; - - /* - * any instances that belonged to the original entry we - * are splitting now must be reassigned to the end - * part - */ - - e->inst_file_list = t->parser->inst_file_list; - if (e->inst_file_list) - e->inst_file_list->owner = e; - t->parser->inst_file_list = NULL; - e->instance_count = t->parser->instance_count; - t->parser->instance_count = 0; - - e->ofs_last_inst_file = t->parser->ofs_last_inst_file; - t->parser->ofs_last_inst_file = 0; - - if (t->str_match_pos != olen) { - /* we diverged partway */ - e->suffix = &osuff[t->str_match_pos - 1]; - e->suffix_len = olen - (t->str_match_pos - 1); - } - - /* - * if the current char is a terminal, skip creating a - * new way forward. - */ - - if (classify[(int)c]) { - - /* - * Lastly we need to create a new child trie - * entry that represents the new way forward - * from the point that we diverged. For the - * "hello" / "help" case, this guy will start - * as a child of "hel" with the single - * character match 'p'. - * - * Since he becomes the current parser context, - * more symbol characters may be coming to make - * him into, eg, "helping", in which case he - * will acquire a suffix eventually of "ping" - * via the aggregation stuff - */ - - e = lws_fts_entry_child_add(t, c, t->parser); - if (!e) { - lwsl_err("%s: child_add fail2\n", - __func__); - return 1; - } - } - - /* go on following this path */ - t->parser = e; - - t->aggregate = 1; - t->agg_pos = 0; - - t->str_match_pos = 0; - - if (go_around) - continue; - - /* this is intended to be a seal */ - } - - - /* end of token */ - - if (t->aggregate && t->agg_pos) { - - /* if nothing in agg[]: leave as single char match */ - - /* otherwise copy out the symbol aggregation */ - t->parser->suffix = lwsac_use(&t->lwsac_head, - t->agg_pos + 1, - TRIE_LWSAC_BLOCK_SIZE); - if (!t->parser->suffix) { - lwsl_err("%s: lac for suffix failed\n", - __func__); - return 1; - } - - /* add the first char at the beginning */ - *t->parser->suffix = t->parser->c; - /* and then add the agg buffer stuff */ - memcpy(t->parser->suffix + 1, t->agg, t->agg_pos); - t->parser->suffix_len = t->agg_pos + 1; - } - t->aggregate = 0; - - if (t->parser == t->root) /* multiple terminal chars */ - continue; - - if (!t->parser->inst_file_list || - t->parser->inst_file_list->file_index != file_index) { - tif = lwsac_use(&t->lwsac_input_head, sizeof(*tif), - TRIE_LWSAC_BLOCK_SIZE); - if (!tif) { - lwsl_err("%s: lac for tif failed\n", - __func__); - return 1; - } - - tif->file_index = file_index; - tif->owner = t->parser; - tif->lines_list = NULL; - tif->lines_tail = NULL; - tif->total = 0; - tif->count = 0; - tif->inst_file_next = t->tif_list; - t->tif_list = tif; - - t->parser->inst_file_list = tif; - } - - /* - * A naive allocation strategy for this leads to 50% of the - * total inmem lac allocation being for line numbers... - * - * It's mainly solved by only holding the instance and line - * number tables for the duration of a file being input, as soon - * as one input file is finished it is written to disk. - * - * For the common case of 1 - ~3 matches the line number are - * stored in a small VLI array inside the filepath inst. If the - * next one won't fit, it allocates a line number struct with - * more vli space and continues chaining those if needed. - */ - - n = wq32(vlibuf, t->line_number); - tif = t->parser->inst_file_list; - - if (!tif->lines_list) { - /* we are still trying to use the file inst vli */ - if (LWS_ARRAY_SIZE(tif->vli) - tif->count >= n) { - tif->count += wq32(tif->vli + tif->count, - t->line_number); - goto after; - } - /* we are going to have to allocate */ - } - - /* can we add to an existing line numbers struct? */ - if (tif->lines_tail && - LWS_ARRAY_SIZE(tif->lines_tail->vli) - - tif->lines_tail->count >= n) { - tif->lines_tail->count += wq32(tif->lines_tail->vli + - tif->lines_tail->count, - t->line_number); - goto after; - } - - /* either no existing line numbers struct at tail, or full */ - - /* have to create a(nother) line numbers struct */ - tl = lwsac_use(&t->lwsac_input_head, sizeof(*tl), - TRIE_LWSAC_BLOCK_SIZE); - if (!tl) { - lwsl_err("%s: lac for tl failed\n", __func__); - return 1; - } - tl->lines_next = NULL; - if (tif->lines_tail) - tif->lines_tail->lines_next = tl; - - tif->lines_tail = tl; - if (!tif->lines_list) - tif->lines_list = tl; - - tl->count = wq32(tl->vli, t->line_number); -after: - tif->total++; -#if 0 - { - char s[128]; - const char *ne = name_entry(t->parser, s, sizeof(s)); - - if (!strcmp(ne, "describ")) { - lwsl_err(" %s %d\n", ne, t->str_match_pos); - write(1, buf - 10, 20); - } - } -#endif - t->parser->instance_count++; - t->parser = t->root; - t->str_match_pos = 0; - } - - /* seal off the line length table block */ - - if (bp) { - if (write(t->fd, linetable, bp) != bp) - return 1; - t->c += bp; - bp = 0; - } - - if (lseek(t->fd, lbh, SEEK_SET) < 0) { - lwsl_err("%s: seek to 0x%llx failed\n", __func__, - (unsigned long long)lbh); - return 1; - } - - g16(linetable, t->c - lbh); - g16(linetable + 2, t->line_number - sline); - g32(linetable + 4, chars); - if (write(t->fd, linetable, 8) != 8) { - lwsl_err("%s: write linetable header failed\n", __func__); - return 1; - } - - assert(lseek(t->fd, 0, SEEK_END) == (off_t)t->c); - - if (lseek(t->fd, t->c, SEEK_SET) < 0) { - lwsl_err("%s: end seek failed\n", __func__); - return 1; - } - - bp = 0; - - if (len) { - t->lines_in_unsealed_linetable = 0; - goto resume; - } - - /* dump the collected per-input instance and line data, and free it */ - - t->agg_trie_creation_us += lws_now_usecs() - tf; - - return 0; -} - -/* refer to ./README.md */ - -int -lws_fts_serialize(struct lws_fts *t) -{ - struct lws_fts_filepath *fp = t->filepath_list, *ofp; - unsigned long long tf = lws_now_usecs(); - struct lws_fts_entry *e, *e1, *s[256]; - unsigned char buf[8192], stasis; - int n, bp, sp = 0, do_parent; - - (void)tf; - finalize_per_input(t); - - /* - * Compute aggregated instance counts (parents should know the total - * number of instances below each child path) - * - * - * If we have - * - * (root) -> (c1) -> (c2) - * -> (c3) - * - * we need to visit the nodes in the order - * - * c2, c1, c3, root - */ - - sp = 0; - s[0] = t->root; - do_parent = 0; - while (sp >= 0) { - int n; - - /* aggregate in every antecedent */ - - for (n = 0; n <= sp; n++) { - s[n]->agg_inst_count += s[sp]->instance_count; - s[n]->agg_child_count += s[sp]->child_count; - } - - /* handle any children before the parent */ - - if (s[sp]->child_list) { - if (sp + 1 == LWS_ARRAY_SIZE(s)) { - lwsl_err("Stack too deep\n"); - - goto bail; - } - - s[sp + 1] = s[sp]->child_list; - sp++; - continue; - } - - do { - if (s[sp]->sibling) { - s[sp] = s[sp]->sibling; - break; - } else - sp--; - } while (sp >= 0); - } - - /* dump the filepaths and set prev */ - - fp = t->filepath_list; - ofp = NULL; - bp = 0; - while (fp) { - - fp->ofs = t->c + bp; - n = (int)strlen(fp->filepath); - spill(15 + n, 0); - - bp += wq32(&buf[bp], fp->line_table_ofs); - bp += wq32(&buf[bp], fp->total_lines); - bp += wq32(&buf[bp], n); - memcpy(&buf[bp], fp->filepath, n); - bp += n; - - fp->prev = ofp; - ofp = fp; - fp = fp->next; - } - - spill(0, 1); - - /* record the fileoffset of the filepath map and filepath count */ - - if (lseek(t->fd, 0xc, SEEK_SET) < 0) - goto bail_seek; - - g32(buf, t->c + bp); - g32(buf + 4, t->next_file_index); - if (write(t->fd, buf, 8) != 8) - goto bail; - - if (lseek(t->fd, t->c + bp, SEEK_SET) < 0) - goto bail_seek; - - /* dump the filepath map, starting from index 0, which is at the tail */ - - fp = ofp; - bp = 0; - while (fp) { - spill(5, 0); - g32(buf + bp, fp->ofs); - bp += 4; - fp = fp->prev; - } - spill(0, 1); - - /* - * The trie entries in reverse order... because of the reversal, we have - * always written children first, and marked them with their file offset - * before we come to refer to them. - */ - - bp = 0; - sp = 0; - s[0] = t->root; - do_parent = 0; - while (s[sp]) { - - /* handle any children before the parent */ - - if (!do_parent && s[sp]->child_list) { - - if (sp + 1 == LWS_ARRAY_SIZE(s)) { - lwsl_err("Stack too deep\n"); - - goto bail; - } - - s[sp + 1] = s[sp]->child_list; - sp++; - continue; - } - - /* leaf nodes with no children */ - - e = s[sp]; - e->ofs = t->c + bp; - - /* write the trie entry header */ - - spill((3 * MAX_VLI), 0); - - bp += wq32(&buf[bp], e->ofs_last_inst_file); - bp += wq32(&buf[bp], e->child_count); - bp += wq32(&buf[bp], e->instance_count); - bp += wq32(&buf[bp], e->agg_inst_count); - - /* sort the children in order of highest aggregate hits first */ - - do { - struct lws_fts_entry **pe, *te1, *te2; - - stasis = 1; - - /* bubble sort keeps going until nothing changed */ - - pe = &e->child_list; - while (*pe) { - - te1 = *pe; - te2 = te1->sibling; - - if (te2 && te1->agg_inst_count < - te2->agg_inst_count) { - stasis = 0; - - *pe = te2; - te1->sibling = te2->sibling; - te2->sibling = te1; - } - - pe = &(*pe)->sibling; - } - - } while (!stasis); - - /* write the children */ - - e1 = e->child_list; - while (e1) { - spill((5 * MAX_VLI) + e1->suffix_len + 1, 0); - - bp += wq32(&buf[bp], e1->ofs); - bp += wq32(&buf[bp], e1->instance_count); - bp += wq32(&buf[bp], e1->agg_inst_count); - bp += wq32(&buf[bp], e1->agg_child_count); - - if (e1->suffix) { /* string */ - bp += wq32(&buf[bp], e1->suffix_len); - memmove(&buf[bp], e1->suffix, e1->suffix_len); - bp += e1->suffix_len; - } else { /* char */ - bp += wq32(&buf[bp], 1); - buf[bp++] = e1->c; - } -#if 0 - if (e1->suffix && e1->suffix_len == 3 && - !memcmp(e1->suffix, "cri", 3)) { - struct lws_fts_entry *e2; - - e2 = e1; - while (e2){ - if (e2->suffix) - lwsl_notice("%s\n", e2->suffix); - else - lwsl_notice("%c\n", e2->c); - - e2 = e2->parent; - } - - lwsl_err("*** %c CRI inst %d ch %d\n", e1->parent->c, - e1->instance_count, e1->child_count); - } -#endif - e1 = e1->sibling; - } - - /* if there are siblings, do those next */ - - if (do_parent) { - do_parent = 0; - sp--; - } - - if (s[sp]->sibling) - s[sp] = s[sp]->sibling; - else { - /* if there are no siblings, do the parent */ - do_parent = 1; - s[sp] = s[sp]->parent; - } - } - - spill(0, 1); - - assert(lseek(t->fd, 0, SEEK_END) == (off_t)t->c); - - /* drop the correct root trie offset + file length into the header */ - - if (lseek(t->fd, 4, SEEK_SET) < 0) { - lwsl_err("%s: unable to seek\n", __func__); - - goto bail; - } - - g32(buf, t->root->ofs); - g32(buf + 4, t->c); - if (write(t->fd, buf, 0x8) != 0x8) - goto bail; - - lwsl_notice("%s: index %d files (%uMiB) cpu time %dms, " - "alloc: %dKiB + %dKiB, " - "serialize: %dms, file: %dKiB\n", __func__, - t->next_file_index, - (int)(t->agg_raw_input / (1024 * 1024)), - (int)(t->agg_trie_creation_us / 1000), - (int)(lwsac_total_alloc(t->lwsac_head) / 1024), - (int)(t->worst_lwsac_input_size / 1024), - (int)((lws_now_usecs() - tf) / 1000), - (int)(t->c / 1024)); - - return 0; - -bail_seek: - lwsl_err("%s: problem seekings\n", __func__); - -bail: - return 1; -} - - diff --git a/lib/misc/lws-ring.c b/lib/misc/lws-ring.c deleted file mode 100644 index bbd4df9..0000000 --- a/lib/misc/lws-ring.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - * libwebsockets - lws-ring multi-tail abstract ringbuffer api - * - * Copyright (C) 2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -LWS_VISIBLE LWS_EXTERN struct lws_ring * -lws_ring_create(size_t element_len, size_t count, - void (*destroy_element)(void *)) -{ - struct lws_ring *ring = lws_malloc(sizeof(*ring), "ring create"); - - if (!ring) - return NULL; - - ring->buflen = (uint32_t)(count * element_len); - ring->element_len = (uint32_t)element_len; - ring->head = 0; - ring->oldest_tail = 0; - ring->destroy_element = destroy_element; - - ring->buf = lws_malloc(ring->buflen, "ring buf"); - if (!ring->buf) { - lws_free(ring); - - return NULL; - } - - return ring; -} - -LWS_VISIBLE LWS_EXTERN void -lws_ring_destroy(struct lws_ring *ring) -{ - if (ring->destroy_element) - while (ring->oldest_tail != ring->head) { - ring->destroy_element((uint8_t *)ring->buf + - ring->oldest_tail); - ring->oldest_tail = - (ring->oldest_tail + ring->element_len) % - ring->buflen; - } - if (ring->buf) - lws_free_set_NULL(ring->buf); - - lws_free(ring); -} - -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_get_count_free_elements(struct lws_ring *ring) -{ - int f; - - /* - * possible ringbuf patterns - * - * h == t - * |--------t***h---| - * |**h-----------t*| - * |t**************h| - * |*****ht*********| - */ - if (ring->head == ring->oldest_tail) - f = ring->buflen - ring->element_len; - else - if (ring->head < ring->oldest_tail) - f = (ring->oldest_tail - ring->head) - - ring->element_len; - else - f = (ring->buflen - ring->head) + ring->oldest_tail - - ring->element_len; - - if (f < 2) - return 0; - - return f / ring->element_len; -} - -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_get_count_waiting_elements(struct lws_ring *ring, uint32_t *tail) -{ int f; - - if (!tail) - tail = &ring->oldest_tail; - /* - * possible ringbuf patterns - * - * h == t - * |--------t***h---| - * |**h-----------t*| - * |t**************h| - * |*****ht*********| - */ - if (ring->head == *tail) - f = 0; - else - if (ring->head > *tail) - f = (ring->head - *tail); - else - f = (ring->buflen - *tail) + ring->head; - - return f / ring->element_len; -} - -LWS_VISIBLE LWS_EXTERN int -lws_ring_next_linear_insert_range(struct lws_ring *ring, void **start, - size_t *bytes) -{ - int n; - - /* n is how many bytes the whole fifo can take */ - n = (int)(lws_ring_get_count_free_elements(ring) * ring->element_len); - - if (!n) - return 1; - - if (ring->head + n > ring->buflen) { - *start = (void *)(((uint8_t *)ring->buf) + ring->head); - *bytes = ring->buflen - ring->head; - - return 0; - } - - *start = (void *)(((uint8_t *)ring->buf) + ring->head); - *bytes = n; - - return 0; -} - -LWS_VISIBLE LWS_EXTERN void -lws_ring_bump_head(struct lws_ring *ring, size_t bytes) -{ - ring->head = (ring->head + (uint32_t)bytes) % ring->buflen; -} - -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_insert(struct lws_ring *ring, const void *src, size_t max_count) -{ - const uint8_t *osrc = src; - int m, n; - - /* n is how many bytes the whole fifo can take */ - n = (int)(lws_ring_get_count_free_elements(ring) * ring->element_len); - - /* restrict n to how much we want to insert */ - if ((uint32_t)n > max_count * ring->element_len) - n = (int)(max_count * ring->element_len); - - /* - * n is legal to insert, but as an optimization we can cut the - * insert into one or two memcpys, depending on if it wraps - */ - if (ring->head + n > ring->buflen) { - - /* - * He does wrap. The first memcpy should take us up to - * the end of the buffer - */ - - m = ring->buflen - ring->head; - memcpy(((uint8_t *)ring->buf) + ring->head, src, m); - /* we know it will wrap exactly back to zero */ - ring->head = 0; - - /* adapt the second memcpy for what we already did */ - - src = ((uint8_t *)src) + m; - n -= m; - } - - memcpy(((uint8_t *)ring->buf) + ring->head, src, n); - ring->head = (ring->head + n) % ring->buflen; - - return (((uint8_t *)src + n) - osrc) / ring->element_len; -} - -LWS_VISIBLE LWS_EXTERN size_t -lws_ring_consume(struct lws_ring *ring, uint32_t *tail, void *dest, - size_t max_count) -{ - uint8_t *odest = dest; - void *orig_tail = tail; - uint32_t fake_tail; - int m, n; - - if (!tail) { - fake_tail = ring->oldest_tail; - tail = &fake_tail; - } - - /* n is how many bytes the whole fifo has for us */ - n = (int)(lws_ring_get_count_waiting_elements(ring, tail) * - ring->element_len); - - /* restrict n to how much we want to insert */ - if ((size_t)n > max_count * ring->element_len) - n = (int)(max_count * ring->element_len); - - if (!dest) { - *tail = ((*tail) + n) % ring->buflen; - if (!orig_tail) /* single tail */ - lws_ring_update_oldest_tail(ring, *tail); - - return n / ring->element_len; - } - if (*tail + n > ring->buflen) { - - /* - * He does wrap. The first memcpy should take us up to - * the end of the buffer - */ - - m = ring->buflen - *tail; - memcpy(dest, ((uint8_t *)ring->buf) + *tail, m); - /* we know it will wrap exactly back to zero */ - *tail = 0; - - /* adapt the second memcpy for what we already did */ - - dest = ((uint8_t *)dest) + m; - n -= m; - } - - memcpy(dest, ((uint8_t *)ring->buf) + *tail, n); - - *tail = ((*tail) + n) % ring->buflen; - if (!orig_tail) /* single tail */ - lws_ring_update_oldest_tail(ring, *tail); - - return (((uint8_t *)dest + n) - odest) / ring->element_len; -} - -LWS_VISIBLE LWS_EXTERN const void * -lws_ring_get_element(struct lws_ring *ring, uint32_t *tail) -{ - if (!tail) - tail = &ring->oldest_tail; - - if (*tail == ring->head) - return NULL; - - return ((uint8_t *)ring->buf) + *tail; -} - -LWS_VISIBLE LWS_EXTERN void -lws_ring_update_oldest_tail(struct lws_ring *ring, uint32_t tail) -{ - if (!ring->destroy_element) { - ring->oldest_tail = tail; - return; - } - - while (ring->oldest_tail != tail) { - ring->destroy_element((uint8_t *)ring->buf + ring->oldest_tail); - ring->oldest_tail = (ring->oldest_tail + ring->element_len) % - ring->buflen; - } -} - -LWS_VISIBLE LWS_EXTERN uint32_t -lws_ring_get_oldest_tail(struct lws_ring *ring) -{ - return ring->oldest_tail; -} - -LWS_VISIBLE LWS_EXTERN void -lws_ring_dump(struct lws_ring *ring, uint32_t *tail) -{ - if (tail == NULL) - tail = &ring->oldest_tail; - lwsl_notice("ring %p: buflen %u, elem_len %u, head %u, oldest_tail %u\n" - " free_elems: %u; for tail %u, waiting elements: %u\n", - ring, ring->buflen, ring->element_len, ring->head, - ring->oldest_tail, - (int)lws_ring_get_count_free_elements(ring), *tail, - (int)lws_ring_get_count_waiting_elements(ring, tail)); -} diff --git a/lib/misc/lws-struct-lejp.c b/lib/misc/lws-struct-lejp.c deleted file mode 100644 index af637cc..0000000 --- a/lib/misc/lws-struct-lejp.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - * libwebsockets - lws_struct JSON serialization helpers - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include -#include - -#include - -signed char -lws_struct_schema_only_lejp_cb(struct lejp_ctx *ctx, char reason) -{ - lws_struct_args_t *a = (lws_struct_args_t *)ctx->user; - const lws_struct_map_t *map = a->map_st[ctx->pst_sp]; - int n = a->map_entries_st[ctx->pst_sp]; - lejp_callback cb = map->lejp_cb; - - if (reason != LEJPCB_VAL_STR_END || ctx->path_match != 1) - return 0; - - while (n--) { - if (strcmp(ctx->buf, map->colname)) { - map++; - continue; - } - - a->dest = lwsac_use_zero(&a->ac, map->aux, a->ac_block_size); - if (!a->dest) { - lwsl_err("%s: OOT\n", __func__); - - return 1; - } - a->dest_len = map->aux; - - if (!cb) - cb = lws_struct_default_lejp_cb; - - lejp_parser_push(ctx, a->dest, &map->child_map[0].colname, - (uint8_t)map->child_map_size, cb); - a->map_st[ctx->pst_sp] = map->child_map; - a->map_entries_st[ctx->pst_sp] = map->child_map_size; - - return 0; - } - - lwsl_notice("%s: unknown schema %s\n", __func__, ctx->buf); - - return 1; -} - -static int -lws_struct_lejp_push(struct lejp_ctx *ctx, lws_struct_args_t *args, - const lws_struct_map_t *map, uint8_t *ch) -{ - lejp_callback cb = map->lejp_cb; - - if (!cb) - cb = lws_struct_default_lejp_cb; - - lejp_parser_push(ctx, ch, (const char * const*)map->child_map, - (uint8_t)map->child_map_size, cb); - - args->map_st[ctx->pst_sp] = map->child_map; - args->map_entries_st[ctx->pst_sp] = map->child_map_size; - - return 0; -} - -signed char -lws_struct_default_lejp_cb(struct lejp_ctx *ctx, char reason) -{ - lws_struct_args_t *args = (lws_struct_args_t *)ctx->user; - const lws_struct_map_t *map, *pmap = NULL; - uint8_t *ch; - char *u; - int n; - - if (reason == LEJPCB_ARRAY_END) { - lejp_parser_pop(ctx); - - return 0; - } - - if (reason == LEJPCB_ARRAY_START) { - map = &args->map_st[ctx->pst_sp][ctx->path_match - 1]; - n = args->map_entries_st[ctx->pst_sp]; - - if (map->type == LSMT_LIST) - lws_struct_lejp_push(ctx, args, map, NULL); - - return 0; - } - - if (ctx->pst_sp) - pmap = &args->map_st[ctx->pst_sp - 1] - [ctx->pst[ctx->pst_sp - 1].path_match - 1]; - map = &args->map_st[ctx->pst_sp][ctx->path_match - 1]; - n = args->map_entries_st[ctx->pst_sp]; - - if (reason == LEJPCB_OBJECT_START) { - - if (map->type != LSMT_CHILD_PTR) { - ctx->pst[ctx->pst_sp].user = NULL; - - return 0; - } - pmap = map; - - lws_struct_lejp_push(ctx, args, map, NULL); - map = &args->map_st[ctx->pst_sp][ctx->path_match - 1]; - n = args->map_entries_st[ctx->pst_sp]; - } - - if (reason == LEJPCB_OBJECT_END && pmap && pmap->type == LSMT_CHILD_PTR) - lejp_parser_pop(ctx); - - if (map->type == LSMT_SCHEMA) { - - while (n--) { - if (strcmp(map->colname, ctx->buf)) { - map++; - continue; - } - - /* instantiate the correct toplevel object */ - - ch = lwsac_use_zero(&args->ac, map->aux, - args->ac_block_size); - if (!ch) { - lwsl_err("OOM\n"); - - return 1; - } - - lws_struct_lejp_push(ctx, args, map, ch); - - return 0; - } - lwsl_notice("%s: unknown schema\n", __func__); - - goto cleanup; - } - - if (!ctx->pst[ctx->pst_sp].user) { - struct lws_dll2_owner *owner; - struct lws_dll2 *list; - - /* create list item object if none already */ - - if (!ctx->path_match || !pmap) - return 0; - - map = &args->map_st[ctx->pst_sp - 1][ctx->path_match - 1]; - n = args->map_entries_st[ctx->pst_sp - 1]; - - if (pmap->type != LSMT_LIST && pmap->type != LSMT_CHILD_PTR) - return 1; - - /* we need to create a child or array item object */ - - owner = (struct lws_dll2_owner *) - (((char *)ctx->pst[ctx->pst_sp - 1].user) + pmap->ofs); - - assert(pmap->aux); - - /* instantiate one of the child objects */ - - ctx->pst[ctx->pst_sp].user = lwsac_use_zero(&args->ac, - pmap->aux, args->ac_block_size); - if (!ctx->pst[ctx->pst_sp].user) { - lwsl_err("OOM\n"); - - return 1; - } - lwsl_notice("%s: created child object size %d\n", __func__, - (int)pmap->aux); - - if (pmap->type == LSMT_LIST) { - list = (struct lws_dll2 *)((char *)ctx->pst[ctx->pst_sp].user + - map->ofs_clist); - - lws_dll2_add_tail(list, owner); - } - } - - if (!ctx->path_match) - return 0; - - if (reason == LEJPCB_VAL_STR_CHUNK) { - lejp_collation_t *coll; - - /* don't cache stuff we are going to ignore */ - - if (map->type == LSMT_STRING_CHAR_ARRAY && - args->chunks_length >= map->aux) - return 0; - - coll = lwsac_use_zero(&args->ac_chunks, sizeof(*coll), - sizeof(*coll)); - if (!coll) { - lwsl_err("%s: OOT\n", __func__); - - return 1; - } - coll->chunks.prev = NULL; - coll->chunks.next = NULL; - coll->chunks.owner = NULL; - - coll->len = ctx->npos; - lws_dll2_add_tail(&coll->chunks, &args->chunks_owner); - - memcpy(coll->buf, ctx->buf, ctx->npos); - - args->chunks_length += ctx->npos; - - return 0; - } - - if (reason != LEJPCB_VAL_STR_END && reason != LEJPCB_VAL_NUM_INT && - reason != LEJPCB_VAL_TRUE && reason != LEJPCB_VAL_FALSE) - return 0; - - /* this is the end of the string */ - - if (ctx->pst[ctx->pst_sp].user && pmap && pmap->type == LSMT_CHILD_PTR) { - void **pp = (void **) - (((char *)ctx->pst[ctx->pst_sp - 1].user) + pmap->ofs); - - *pp = ctx->pst[ctx->pst_sp].user; - } - - u = (char *)ctx->pst[ctx->pst_sp].user; - if (!u) - u = (char *)ctx->pst[ctx->pst_sp - 1].user; - - { - char **pp, *s; - size_t lim, b; - long long li; - - switch (map->type) { - case LSMT_SIGNED: - if (map->aux == sizeof(signed char)) { - signed char *pc; - pc = (signed char *)(u + map->ofs); - *pc = atoi(ctx->buf); - break; - } - if (map->aux == sizeof(int)) { - int *pi; - pi = (int *)(u + map->ofs); - *pi = atoi(ctx->buf); - break; - } - if (map->aux == sizeof(long)) { - long *pl; - pl = (long *)(u + map->ofs); - *pl = atol(ctx->buf); - } else { - long long *pll; - pll = (long long *)(u + map->ofs); - *pll = atoll(ctx->buf); - } - break; - - case LSMT_UNSIGNED: - if (map->aux == sizeof(unsigned char)) { - unsigned char *pc; - pc = (unsigned char *)(u + map->ofs); - *pc = atoi(ctx->buf); - break; - } - if (map->aux == sizeof(unsigned int)) { - unsigned int *pi; - pi = (unsigned int *)(u + map->ofs); - *pi = atoi(ctx->buf); - break; - } - if (map->aux == sizeof(unsigned long)) { - unsigned long *pl; - pl = (unsigned long *)(u + map->ofs); - *pl = atol(ctx->buf); - } else { - unsigned long long *pll; - pll = (unsigned long long *)(u + map->ofs); - *pll = atoll(ctx->buf); - } - break; - - case LSMT_BOOLEAN: - li = reason == LEJPCB_VAL_TRUE; - if (map->aux == sizeof(char)) { - char *pc; - pc = (char *)(u + map->ofs); - *pc = (char)li; - break; - } - if (map->aux == sizeof(int)) { - int *pi; - pi = (int *)(u + map->ofs); - *pi = (int)li; - } else { - uint64_t *p64; - p64 = (uint64_t *)(u + map->ofs); - *p64 = li; - } - break; - - case LSMT_STRING_CHAR_ARRAY: - s = (char *)(u + map->ofs); - lim = map->aux - 1; - goto chunk_copy; - - case LSMT_STRING_PTR: - pp = (char **)(u + map->ofs); - lim = args->chunks_length + ctx->npos; - s = lwsac_use(&args->ac, lim + 1, args->ac_block_size); - if (!s) - goto cleanup; - *pp = s; - -chunk_copy: - s[lim] = '\0'; - /* copy up to lim from the string chunk ac first */ - lws_start_foreach_dll_safe(struct lws_dll2 *, p, p1, - args->chunks_owner.head) { - lejp_collation_t *coll = (lejp_collation_t *)p; - - if (lim) { - b = coll->len; - if (b > lim) - b = lim; - memcpy(s, coll->buf, b); - s += b; - lim -= b; - } - } lws_end_foreach_dll_safe(p, p1); - - lwsac_free(&args->ac_chunks); - args->chunks_owner.count = 0; - args->chunks_owner.head = NULL; - args->chunks_owner.tail = NULL; - - if (lim) { - b = ctx->npos; - if (b > lim) - b = lim; - memcpy(s, ctx->buf, b); - } - break; - default: - break; - } - } - - if (args->cb) - args->cb(args->dest, args->cb_arg); - - return 0; - -cleanup: - lwsl_notice("%s: cleanup\n", __func__); - lwsac_free(&args->ac_chunks); - args->chunks_owner.count = 0; - args->chunks_owner.head = NULL; - args->chunks_owner.tail = NULL; - - return 1; -} - -static const char * schema[] = { "schema" }; - -int -lws_struct_json_init_parse(struct lejp_ctx *ctx, lejp_callback cb, void *user) -{ - if (!cb) - cb = lws_struct_schema_only_lejp_cb; - lejp_construct(ctx, cb, user, schema, 1); - - ctx->path_stride = sizeof(lws_struct_map_t); - - return 0; -} - -lws_struct_serialize_t * -lws_struct_json_serialize_create(const lws_struct_map_t *map, - size_t map_entries, int flags, - void *ptoplevel) -{ - lws_struct_serialize_t *js = lws_zalloc(sizeof(*js), __func__); - lws_struct_serialize_st_t *j; - - if (!js) - return NULL; - - js->flags = flags; - - j = &js->st[0]; - j->map = map; - j->map_entries = map_entries; - j->obj = ptoplevel; - j->idt = 0; - - return js; -} - -void -lws_struct_json_serialize_destroy(lws_struct_serialize_t **pjs) -{ - if (!*pjs) - return; - - lws_free(*pjs); - - *pjs = NULL; -} - -static void -lws_struct_pretty(lws_struct_serialize_t *js, uint8_t **pbuf, size_t *plen) -{ - if (js->flags & LSSERJ_FLAG_PRETTY) { - int n; - - *(*pbuf)++ = '\n'; - (*plen)--; - for (n = 0; n < js->st[js->sp].idt; n++) { - *(*pbuf)++ = ' '; - (*plen)--; - } - } -} - -lws_struct_json_serialize_result_t -lws_struct_json_serialize(lws_struct_serialize_t *js, uint8_t *buf, - size_t len, size_t *written) -{ - lws_struct_serialize_st_t *j; - const lws_struct_map_t *map; - size_t budget = 0, olen = len; - struct lws_dll2_owner *o; - unsigned long long uli; - const char *q; - const void *p; - char dbuf[72]; - long long li; - int n; - - *written = 0; - *buf = '\0'; - - while (len > sizeof(dbuf) + 20) { - j = &js->st[js->sp]; - map = &j->map[j->map_entry]; - q = j->obj + map->ofs; - - /* early check if the entry should be elided */ - - switch (map->type) { - case LSMT_STRING_PTR: - case LSMT_CHILD_PTR: - q = (char *)*(char **)q; - if (!q) - goto up; - break; - - case LSMT_LIST: - o = (struct lws_dll2_owner *)q; - p = j->dllpos = lws_dll2_get_head(o); - if (!p) - goto up; - break; - - default: - break; - } - - if (j->subsequent) { - *buf++ = ','; - len--; - lws_struct_pretty(js, &buf, &len); - } - j->subsequent = 1; - - if (map->type != LSMT_SCHEMA && !js->offset) { - n = lws_snprintf((char *)buf, len, "\"%s\":", - map->colname); - buf += n; - len -= n; - if (js->flags & LSSERJ_FLAG_PRETTY) { - *buf++ = ' '; - len--; - } - } - - switch (map->type) { - case LSMT_BOOLEAN: - case LSMT_UNSIGNED: - if (map->aux == sizeof(char)) { - uli = *(unsigned char *)q; - } else { - if (map->aux == sizeof(int)) { - uli = *(unsigned int *)q; - } else { - if (map->aux == sizeof(long)) - uli = *(unsigned long *)q; - else - uli = *(unsigned long long *)q; - } - } - q = dbuf; - - if (map->type == LSMT_BOOLEAN) { - budget = lws_snprintf(dbuf, sizeof(dbuf), - "%s", uli ? "true" : "false"); - } else - budget = lws_snprintf(dbuf, sizeof(dbuf), - "%llu", uli); - break; - - case LSMT_SIGNED: - if (map->aux == sizeof(signed char)) { - li = (long long)*(signed char *)q; - } else { - if (map->aux == sizeof(int)) { - li = (long long)*(int *)q; - } else { - if (map->aux == sizeof(long)) - li = (long long)*(long *)q; - else - li = *(long long *)q; - } - } - q = dbuf; - budget = lws_snprintf(dbuf, sizeof(dbuf), "%lld", li); - break; - - case LSMT_STRING_CHAR_ARRAY: - budget = strlen(q); - if (!js->offset) { - *buf++ = '\"'; - len--; - } - break; - - case LSMT_STRING_PTR: - budget = strlen(q); - if (!js->offset) { - *buf++ = '\"'; - len--; - } - break; - case LSMT_LIST: - *buf++ = '['; - len--; - if (js->sp + 1 == LEJP_MAX_PARSING_STACK_DEPTH) - return LSJS_RESULT_ERROR; - - /* add a stack level to handle parsing array members */ - - o = (struct lws_dll2_owner *)q; - p = j->dllpos = lws_dll2_get_head(o); - - if (!j->dllpos) { - *buf++ = ']'; - len--; - goto up; - } - - n = j->idt; - j = &js->st[++js->sp]; - j->idt = n + 2; - j->map = map->child_map; - j->map_entries = map->child_map_size; - j->size = map->aux; - j->subsequent = 0; - j->map_entry = 0; - lws_struct_pretty(js, &buf, &len); - *buf++ = '{'; - len--; - lws_struct_pretty(js, &buf, &len); - if (p) - j->obj = ((char *)p) - j->map->ofs_clist; - else - j->obj = NULL; - continue; - - case LSMT_CHILD_PTR: - - if (js->sp + 1 == LEJP_MAX_PARSING_STACK_DEPTH) - return LSJS_RESULT_ERROR; - - /* add a stack level tto handle parsing child members */ - - n = j->idt; - j = &js->st[++js->sp]; - j->idt = n + 2; - j->map = map->child_map; - j->map_entries = map->child_map_size; - j->size = map->aux; - j->subsequent = 0; - j->map_entry = 0; - *buf++ = '{'; - len--; - lws_struct_pretty(js, &buf, &len); - j->obj = q; - continue; - - case LSMT_SCHEMA: - q = dbuf; - *buf++ = '{'; - len--; - j = &js->st[++js->sp]; - lws_struct_pretty(js, &buf, &len); - budget = lws_snprintf(dbuf, 15, "\"schema\":"); - if (js->flags & LSSERJ_FLAG_PRETTY) - dbuf[budget++] = ' '; - - budget += lws_snprintf(dbuf + budget, - sizeof(dbuf) - budget, - "\"%s\"", map->colname); - - - if (js->sp != 1) - return LSJS_RESULT_ERROR; - j->map = map->child_map; - j->map_entries = map->child_map_size; - j->size = map->aux; - j->subsequent = 0; - j->map_entry = 0; - j->obj = js->st[js->sp - 1].obj; - j->dllpos = NULL; - /* we're actually at the same level */ - j->subsequent = 1; - j->idt = 1; - break; - } - - q += js->offset; - budget -= js->remaining; - - if (budget > len) { - js->remaining = budget - len; - js->offset = len; - budget = len; - } else { - js->remaining = 0; - js->offset = 0; - } - - memcpy(buf, q, budget); - buf += budget; - *buf = '\0'; - len -= budget; - - switch (map->type) { - case LSMT_STRING_CHAR_ARRAY: - case LSMT_STRING_PTR: - *buf++ = '\"'; - len--; - break; - case LSMT_SCHEMA: - continue; - default: - break; - } - - if (js->remaining) - continue; -up: - if (++j->map_entry < j->map_entries) - continue; - - if (!js->sp) - continue; - js->sp--; - if (!js->sp) { - lws_struct_pretty(js, &buf, &len); - *buf++ = '}'; - len--; - lws_struct_pretty(js, &buf, &len); - break; - } - js->offset = 0; - j = &js->st[js->sp]; - map = &j->map[j->map_entry]; - - if (map->type == LSMT_CHILD_PTR) { - lws_struct_pretty(js, &buf, &len); - *buf++ = '}'; - len--; - - /* we have done the singular child pointer */ - - js->offset = 0; - goto up; - } - - if (map->type != LSMT_LIST) - continue; - /* - * we are coming back up to an array map, it means we should - * advance to the next array member if there is one - */ - - lws_struct_pretty(js, &buf, &len); - *buf++ = '}'; - len--; - - p = j->dllpos = j->dllpos->next; - if (j->dllpos) { - /* - * there was another item in the array to do... let's - * move on to that nd do it - */ - *buf++ = ','; - len--; - lws_struct_pretty(js, &buf, &len); - js->offset = 0; - j = &js->st[++js->sp]; - j->map_entry = 0; - map = &j->map[j->map_entry]; - - *buf++ = '{'; - len--; - lws_struct_pretty(js, &buf, &len); - - j->subsequent = 0; - j->obj = ((char *)p) - j->map->ofs_clist; - continue; - } - - /* there are no further items in the array */ - - js->offset = 0; - lws_struct_pretty(js, &buf, &len); - *buf++ = ']'; - len--; - goto up; - } - - *written = olen - len; - *buf = '\0'; /* convenience, a NUL after the official end */ - - return LSJS_RESULT_FINISH; -} diff --git a/lib/misc/lws-struct-sqlite.c b/lib/misc/lws-struct-sqlite.c deleted file mode 100644 index e89343e..0000000 --- a/lib/misc/lws-struct-sqlite.c +++ /dev/null @@ -1,278 +0,0 @@ -/* - * libwebsockets - lws_struct JSON serialization helpers - * - * Copyright (C) 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include -#include - -#include - -/* - * we get one of these per matching result from the query - */ - -static int -lws_struct_sq3_deser_cb(void *priv, int cols, char **cv, char **cn) -{ - lws_struct_args_t *a = (lws_struct_args_t *)priv; - const lws_struct_map_t *map = a->map_st[0]; - int n, mems = a->map_entries_st[0]; - lws_dll2_owner_t *o = (lws_dll2_owner_t *)a->cb_arg; - char *u = lwsac_use_zero(&a->ac, a->dest_len, a->ac_block_size); - long long li; - size_t lim; - char **pp; - char *s; - - if (!u) { - lwsl_err("OOM\n"); - - return 1; - } - - lws_dll2_add_tail((lws_dll2_t *)((char *)u + a->toplevel_dll2_ofs), o); - - while (mems--) { - for (n = 0; n < cols; n++) { - if (!cv[n] || strcmp(cn[n], map->colname)) - continue; - - switch (map->type) { - case LSMT_SIGNED: - if (map->aux == sizeof(signed char)) { - signed char *pc; - pc = (signed char *)(u + map->ofs); - *pc = atoi(cv[n]); - break; - } - if (map->aux == sizeof(int)) { - int *pi; - pi = (int *)(u + map->ofs); - *pi = atoi(cv[n]); - break; - } - if (map->aux == sizeof(long)) { - long *pl; - pl = (long *)(u + map->ofs); - *pl = atol(cv[n]); - break; - } - { - long long *pll; - pll = (long long *)(u + map->ofs); - *pll = atoll(cv[n]); - } - break; - - case LSMT_UNSIGNED: - if (map->aux == sizeof(unsigned char)) { - unsigned char *pc; - pc = (unsigned char *)(u + map->ofs); - *pc = atoi(cv[n]); - break; - } - if (map->aux == sizeof(unsigned int)) { - unsigned int *pi; - pi = (unsigned int *)(u + map->ofs); - *pi = atoi(cv[n]); - break; - } - if (map->aux == sizeof(unsigned long)) { - unsigned long *pl; - pl = (unsigned long *)(u + map->ofs); - *pl = atol(cv[n]); - break; - } - { - unsigned long long *pll; - pll = (unsigned long long *)(u + map->ofs); - *pll = atoll(cv[n]); - } - break; - - case LSMT_BOOLEAN: - li = 0; - if (!strcmp(cv[n], "true") || - !strcmp(cv[n], "TRUE") || cv[n][0] == '1') - li = 1; - if (map->aux == sizeof(char)) { - char *pc; - pc = (char *)(u + map->ofs); - *pc = (char)li; - break; - } - if (map->aux == sizeof(int)) { - int *pi; - pi = (int *)(u + map->ofs); - *pi = (int)li; - } else { - uint64_t *p64; - p64 = (uint64_t *)(u + map->ofs); - *p64 = li; - } - break; - - case LSMT_STRING_CHAR_ARRAY: - s = (char *)(u + map->ofs); - lim = map->aux - 1; - lws_strncpy(s, cv[n], lim); - break; - - case LSMT_STRING_PTR: - pp = (char **)(u + map->ofs); - lim = strlen(cv[n]); - s = lwsac_use(&a->ac, lim + 1, a->ac_block_size); - if (!s) - return 1; - *pp = s; - memcpy(s, cv[n], lim); - s[lim] = '\0'; - break; - default: - break; - } - } - map++; - } - - return 0; -} - -/* - * Call this with an LSM_SCHEMA map, its colname is the table name and its - * type information describes the toplevel type. Schema is dereferenced and - * put in args before the actual sq3 query, which is given the child map. - */ - -int -lws_struct_sq3_deserialize(sqlite3 *pdb, const lws_struct_map_t *schema, - lws_dll2_owner_t *o, struct lwsac **ac, - uint64_t start, int limit) -{ - char s[150], where[32]; - lws_struct_args_t a; - - memset(&a, 0, sizeof(a)); - a.cb_arg = o; /* lws_dll2_owner tracking query result objects */ - a.map_st[0] = schema->child_map; - a.map_entries_st[0] = schema->child_map_size; - a.dest_len = schema->aux; /* size of toplevel object to allocate */ - a.toplevel_dll2_ofs = schema->ofs; - - lws_dll2_owner_clear(o); - - where[0] = '\0'; - if (start) - lws_snprintf(where, sizeof(where), " where when < %llu ", - (unsigned long long)start); - - lws_snprintf(s, sizeof(s) - 1, "select * " - "from %s %s order by created desc limit %d;", - schema->colname, where, limit); - - if (sqlite3_exec(pdb, s, lws_struct_sq3_deser_cb, &a, NULL) != SQLITE_OK) { - lwsl_err("%s: fail\n", sqlite3_errmsg(pdb)); - lwsac_free(&a.ac); - return -1; - } - - *ac = a.ac; - - return 0; -} - -int -lws_struct_sq3_create_table(sqlite3 *pdb, const lws_struct_map_t *schema) -{ - const lws_struct_map_t *map = schema->child_map; - int map_size = schema->child_map_size, subsequent = 0; - char s[2048], *p = s, *end = &s[sizeof(s) - 1], *pri = "primary key"; - - p += lws_snprintf(p, end - p, "create table if not exists %s (", - schema->colname); - - while (map_size--) { - if (map->type > LSMT_STRING_PTR) { - map++; - continue; - } - if (subsequent && (end - p) > 3) - *p++ = ','; - subsequent = 1; - if (map->type < LSMT_STRING_CHAR_ARRAY) - p += lws_snprintf(p, end - p, "%s integer %s", - map->colname, pri); - else - p += lws_snprintf(p, end - p, "%s varchar %s", - map->colname, pri); - pri = ""; - map++; - } - - p += lws_snprintf(p, end - p, ");"); - - if (sqlite3_exec(pdb, s, NULL, NULL, NULL) != SQLITE_OK) { - lwsl_err("%s: %s: fail\n", __func__, sqlite3_errmsg(pdb)); - - return -1; - } - - return 0; -} - -int -lws_struct_sq3_open(struct lws_context *context, const char *sqlite3_path, - sqlite3 **pdb) -{ - int uid = 0, gid = 0; - - if (sqlite3_open_v2(sqlite3_path, pdb, - SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE, - NULL) != SQLITE_OK) { - lwsl_err("%s: Unable to open db %s: %s\n", - __func__, sqlite3_path, sqlite3_errmsg(*pdb)); - - return 1; - } - - lws_get_effective_uid_gid(context, &uid, &gid); - if (uid) - chown(sqlite3_path, uid, gid); - chmod(sqlite3_path, 0600); - - lwsl_notice("%s: created %s owned by %u:%u mode 0600\n", __func__, - sqlite3_path, (unsigned int)uid, (unsigned int)gid); - - sqlite3_extended_result_codes(*pdb, 1); - - return 0; -} - -int -lws_struct_sq3_close(sqlite3 **pdb) -{ - if (!*pdb) - return 0; - - sqlite3_close(*pdb); - *pdb = NULL; - - return 0; -} diff --git a/lib/misc/lwsac/README.md b/lib/misc/lwsac/README.md deleted file mode 100644 index e33bc8e..0000000 --- a/lib/misc/lwsac/README.md +++ /dev/null @@ -1,106 +0,0 @@ -## LWS Allocated Chunks - -![lwsac flow](/doc-assets/lwsac.svg) - -These apis provide a way to manage a linked-list of allocated chunks... - -[ HEAD alloc ] -> [ next alloc ] -> [ next alloc ] -> [ curr alloc ] - -... and sub-allocate trivially inside the chunks. These sub-allocations are -not tracked by lwsac at all, there is a "used" high-water mark for each chunk -that's simply advanced by the amount sub-allocated. If the allocation size -matches the platform pointer alignment, there is zero overhead to sub-allocate -(otherwise the allocation is padded to the next platform pointer alignment -automatically). - -If you have an unknown amount of relatively little things to allocate, including -strings or other unstructured data, lwsac is significantly more efficient than -individual allocations using malloc or so. - -[lwsac full public api](https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-lwsac.h) - -## lwsac_use() api - -``` -/** - * lwsac_use - allocate / use some memory from a lwsac - * - * \param head: pointer to the lwsac list object - * \param ensure: the number of bytes we want to use - * \param chunk_size: 0, or the size of the chunk to (over)allocate if - * what we want won't fit in the current tail chunk. If - * 0, the default value of 4000 is used. If ensure is - * larger, it is used instead. - * - * This also serves to init the lwsac if *head is NULL. Basically it does - * whatever is necessary to return you a pointer to ensure bytes of memory - * reserved for the caller. - * - * Returns NULL if OOM. - */ -LWS_VISIBLE LWS_EXTERN void * -lwsac_use(struct lwsac **head, size_t ensure, size_t chunk_size); -``` - -When you make an sub-allocation using `lwsac_use()`, you can either -set the `chunk_size` arg to zero, defaulting to 4000, or a specific chunk size. -In the event the requested sub-allocation exceeds the chunk size, the chunk -size is increated to match it automatically for this allocation only. - -Subsequent `lwsac_use()` calls will advance internal pointers to use up the -remaining space inside the current chunk if possible; if not enough remaining -space it is skipped, a new allocation is chained on and the request pointed to -there. - -Lwsac does not store information about sub-allocations. There is really zero -overhead for individual sub-allocations (unless their size is not -pointer-aligned, in which case the actual amount sub-allocated is rounded up to -the next pointer alignment automatically). For structs, which are pointer- -aligned naturally, and a chunk size relatively large for the sub-allocation -size, lwsac is extremely efficient even for huge numbers of small allocations. - -This makes lwsac very effective when the total amount of allocation needed is -not known at the start and may be large... it will simply add on chunks to cope -with whatever happens. - -## lwsac_free() api - -``` -/** - * lwsac_free - deallocate all chunks in the lwsac and set head NULL - * - * \param head: pointer to the lwsac list object - * - * This deallocates all chunks in the lwsac, then sets *head to NULL. All - * lwsac_use() pointers are invalidated in one hit without individual frees. - */ -LWS_VISIBLE LWS_EXTERN void -lwsac_free(struct lwsac **head); -``` - -When you are finished with the lwsac, you simply free the chain of allocated -chunks using lwsac_free() on the lwsac head. There's no tracking or individual -destruction of suballocations - the whole chain of chunks the suballocations -live in are freed and invalidated all together. - -If the structs stored in the lwsac allocated things **outside** the lwsac, then the -user must unwind through them and perform the frees. But the idea of lwsac is -things stored in the lwsac also suballocate into the lwsac, and point into the -lwsac if they need to, avoiding any need to visit them during destroy. It's -like clearing up after a kids' party by gathering up a disposable tablecloth: -no matter what was left on the table, it's all gone in one step. - -## lws_list_ptr helpers - -``` -/* sort may be NULL if you don't care about order */ -LWS_VISIBLE LWS_EXTERN void -lws_list_ptr_insert(lws_list_ptr *phead, lws_list_ptr *add, - lws_list_ptr_sort_func_t sort); -``` - -A common pattern needed with sub-allocated structs is they are on one or more -linked-list. To make that simple to do cleanly, lws_list... apis are provided -along with a generic insertion function that can take a sort callback. These -allow a struct to participate on multiple linked-lists simultaneously. - diff --git a/lib/misc/lwsac/cached-file.c b/lib/misc/lwsac/cached-file.c deleted file mode 100644 index 6598201..0000000 --- a/lib/misc/lwsac/cached-file.c +++ /dev/null @@ -1,206 +0,0 @@ -/* - * libwebsockets - lws alloc chunk live file caching - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#if !defined(LWS_PLAT_OPTEE) && !defined(OPTEE_DEV_KIT) - -#include "core/private.h" -#include "misc/lwsac/private.h" - -/* - * Helper for caching a file in memory in a lac, but also to check at intervals - * no less than 5s if the file is still fresh. - * - * Set *cache to NULL the first time before calling. - * - * You should call this each time before using the cache... if it's - * - * - less than 5s since the last freshness check, and - * - the file is already in memory - * - * it just returns with *cache left alone; this costs very little. You should - * call `lwsac_use_cached_file_start()` and `lwsac_use_cached_file_end()` - * to lock the cache against deletion while you are using it. - * - * If it's - * - * - at least 5s since the last freshness check, and - * - the file timestamp has changed - * - * then - * - * - the file is reloaded into a new lac and *cache set to that - * - * - the old cache lac, if any, is detached (so it will be freed when its - * reference count reaches zero, or immediately if nobody has it) - * - * Note the call can fail due to OOM or filesystem issue at any time. - * - * - * After the LAC header there is stored a `struct cached_file_info` and then - * the raw file contents. * - * - * [LAC header] - * [struct cached_file_info] - * [file contents] <--- *cache is set to here - * - * The api returns a lwsac_cached_file_t type offset to point to the file - * contents. Helpers for reference counting and freeing are also provided - * that take that type and know how to correct it back to operate on the LAC. - */ - -#define cache_file_to_lac(c) ((struct lwsac *)((char *)c - \ - sizeof(struct cached_file_info) - \ - sizeof(struct lwsac))) - -void -lwsac_use_cached_file_start(lwsac_cached_file_t cache) -{ - struct lwsac *lac = cache_file_to_lac(cache); - - lac->refcount++; - // lwsl_debug("%s: html refcount: %d\n", __func__, lac->refcount); -} - -void -lwsac_use_cached_file_end(lwsac_cached_file_t *cache) -{ - struct lwsac *lac; - - if (!cache || !*cache) - return; - - lac = cache_file_to_lac(*cache); - - if (!lac->refcount) - lwsl_err("%s: html refcount zero on entry\n", __func__); - - if (lac->refcount && !--lac->refcount && lac->detached) { - *cache = NULL; /* not usable any more */ - lwsac_free(&lac); - } -} - -void -lwsac_use_cached_file_detach(lwsac_cached_file_t *cache) -{ - struct lwsac *lac = cache_file_to_lac(*cache); - - lac->detached = 1; - if (lac->refcount) - return; - - *cache = NULL; - lwsac_free(&lac); -} - -int -lwsac_cached_file(const char *filepath, lwsac_cached_file_t *cache, size_t *len) -{ - struct cached_file_info *info = NULL; - lwsac_cached_file_t old = *cache; - struct lwsac *lac = NULL; - time_t t = time(NULL); - unsigned char *a; - struct stat s; - size_t all; - ssize_t rd; - int fd; - - if (old) { /* we already have a cached copy of it */ - - info = (struct cached_file_info *)((*cache) - sizeof(*info)); - - if (t - info->last_confirm < 5) - /* we checked it as fresh less than 5s ago, use old */ - return 0; - } - - /* - * ...it's been 5s, we should check again on the filesystem - * that the file hasn't changed - */ - - fd = open(filepath, O_RDONLY); - if (fd < 0) { - lwsl_err("%s: cannot open %s\n", __func__, filepath); - - return 1; - } - - if (fstat(fd, &s)) { - lwsl_err("%s: cannot stat %s\n", __func__, filepath); - - goto bail; - } - - if (old && s.st_mtime == info->s.st_mtime) { - /* it still seems to be the same as our cached one */ - info->last_confirm = t; - - close(fd); - - return 0; - } - - /* - * we either didn't cache it yet, or it has changed since we cached - * it... reload in a new lac and then detach the old lac. - */ - - all = sizeof(*info) + s.st_size + 1; - - info = lwsac_use(&lac, all, all); - if (!info) - goto bail; - - info->s = s; - info->last_confirm = t; - - a = (unsigned char *)(info + 1); - - *len = s.st_size; - a[s.st_size] = '\0'; - - rd = read(fd, a, s.st_size); - if (rd != s.st_size) { - lwsl_err("%s: cannot read %s (%d)\n", __func__, filepath, - (int)rd); - goto bail1; - } - - close(fd); - - *cache = (lwsac_cached_file_t)a; - if (old) - lwsac_use_cached_file_detach(&old); - - return 0; - -bail1: - lwsac_free(&lac); - -bail: - close(fd); - - return 1; -} - -#endif diff --git a/lib/misc/lwsac/lwsac.c b/lib/misc/lwsac/lwsac.c deleted file mode 100644 index 6471c16..0000000 --- a/lib/misc/lwsac/lwsac.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * libwebsockets - lws alloc chunk - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "misc/lwsac/private.h" - -void -lws_list_ptr_insert(lws_list_ptr *head, lws_list_ptr *add, - lws_list_ptr_sort_func_t sort_func) -{ - while (sort_func && *head) { - if (sort_func(add, *head) <= 0) - break; - - head = *head; - } - - *add = *head; - *head = add; -} - -size_t -lwsac_align(size_t length) -{ - size_t align = sizeof(int *); - - if (length & (align - 1)) - length += align - (length & (align - 1)); - - return length; -} - -size_t -lwsac_sizeof(void) -{ - return sizeof(struct lwsac); -} - -size_t -lwsac_get_tail_pos(struct lwsac *lac) -{ - return lac->ofs; -} - -struct lwsac * -lwsac_get_next(struct lwsac *lac) -{ - return lac->next; -} - -void * -lwsac_use(struct lwsac **head, size_t ensure, size_t chunk_size) -{ - struct lwsac *chunk; - size_t ofs, alloc; - - /* ensure there's a chunk and enough space in it for this name */ - - if (!*head || (*head)->curr->alloc_size - (*head)->curr->ofs < ensure) { - - if (!chunk_size) - alloc = LWSAC_CHUNK_SIZE + sizeof(*chunk); - else - alloc = chunk_size + sizeof(*chunk); - - /* - * If we get asked for something outside our expectation, - * allocate to meet it - */ - - if (ensure >= alloc - sizeof(*chunk)) - alloc = ensure + sizeof(*chunk); - - chunk = malloc(alloc); - if (!chunk) { - lwsl_err("%s: OOM trying to alloc %llud\n", __func__, - (unsigned long long)alloc); - return NULL; - } - - if (!*head) { - *head = chunk; - chunk->total_alloc_size = 0; - chunk->total_blocks = 0; - } - else - (*head)->curr->next = chunk; - - (*head)->curr = chunk; - (*head)->curr->head = *head; - - chunk->next = NULL; - chunk->alloc_size = alloc; - chunk->detached = 0; - chunk->refcount = 0; - - (*head)->total_alloc_size += alloc; - (*head)->total_blocks++; - - /* - * belabouring the point... ofs is aligned to the platform's - * generic struct alignment at the start then - */ - (*head)->curr->ofs = sizeof(*chunk); - } - - ofs = (*head)->curr->ofs; - - (*head)->curr->ofs += lwsac_align(ensure); - if ((*head)->curr->ofs >= (*head)->curr->alloc_size) - (*head)->curr->ofs = (*head)->curr->alloc_size; - - return (char *)(*head)->curr + ofs; -} - -void * -lwsac_use_zero(struct lwsac **head, size_t ensure, size_t chunk_size) -{ - void *p = lwsac_use(head, ensure, chunk_size); - - if (p) - memset(p, 0, ensure); - - return p; -} - -void * -lwsac_use_zeroed(struct lwsac **head, size_t ensure, size_t chunk_size) -{ - void *r = lwsac_use(head, ensure, chunk_size); - - if (r) - memset(r, 0, ensure); - - return r; -} - -void -lwsac_free(struct lwsac **head) -{ - struct lwsac *it = *head; - - *head = NULL; - lwsl_debug("%s: head %p\n", __func__, *head); - - while (it) { - struct lwsac *tmp = it->next; - - free(it); - it = tmp; - } -} - -void -lwsac_info(struct lwsac *head) -{ - if (!head) - lwsl_debug("%s: empty\n", __func__); - else - lwsl_debug("%s: lac %p: %dKiB in %d blocks\n", __func__, head, - (int)(head->total_alloc_size >> 10), head->total_blocks); -} - -uint64_t -lwsac_total_alloc(struct lwsac *head) -{ - return head->total_alloc_size; -} - -void -lwsac_reference(struct lwsac *head) -{ - head->refcount++; - lwsl_debug("%s: head %p: (det %d) refcount -> %d\n", - __func__, head, head->detached, head->refcount); -} - -void -lwsac_unreference(struct lwsac **head) -{ - if (!(*head)) - return; - - if (!(*head)->refcount) - lwsl_warn("%s: refcount going below zero\n", __func__); - - (*head)->refcount--; - - lwsl_debug("%s: head %p: (det %d) refcount -> %d\n", - __func__, *head, (*head)->detached, (*head)->refcount); - - if ((*head)->detached && !(*head)->refcount) { - lwsl_debug("%s: head %p: FREED\n", __func__, *head); - lwsac_free(head); - } -} - -void -lwsac_detach(struct lwsac **head) -{ - (*head)->detached = 1; - if (!(*head)->refcount) { - lwsl_debug("%s: head %p: FREED\n", __func__, *head); - lwsac_free(head); - } else - lwsl_debug("%s: head %p: refcount %d: Marked as detached\n", - __func__, *head, (*head)->refcount); -} diff --git a/lib/misc/lwsac/private.h b/lib/misc/lwsac/private.h deleted file mode 100644 index 827906e..0000000 --- a/lib/misc/lwsac/private.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * libwebsockets - lws alloc chunk - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#if !defined(LWS_PLAT_OPTEE) -#include -#endif - -/* under page size of 4096 to allow overhead */ -#define LWSAC_CHUNK_SIZE 4000 - -/* - * the chunk list members all point back to the head themselves so the list - * can be detached from the formal head and free itself when its reference - * count reaches zero. - */ - -struct lwsac { - struct lwsac *next; - struct lwsac *head; /* pointer back to the first chunk */ - struct lwsac *curr; /* applies to head chunk only */ - size_t total_alloc_size; /* applies to head chunk only */ - size_t alloc_size; - size_t ofs; /* next writeable position inside chunk */ - int refcount; /* applies to head chunk only */ - int total_blocks; /* applies to head chunk only */ - char detached; /* if our refcount gets to zero, free the chunk list */ -}; - -#if !defined(LWS_PLAT_OPTEE) -struct cached_file_info { - struct stat s; - time_t last_confirm; -}; -#endif diff --git a/lib/misc/peer-limits.c b/lib/misc/peer-limits.c deleted file mode 100644 index 53d9421..0000000 --- a/lib/misc/peer-limits.c +++ /dev/null @@ -1,290 +0,0 @@ -/* - * libwebsockets - peer limits tracking - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* requires context->lock */ -static void -__lws_peer_remove_from_peer_wait_list(struct lws_context *context, - struct lws_peer *peer) -{ - struct lws_peer *df; - - lws_start_foreach_llp(struct lws_peer **, p, context->peer_wait_list) { - if (*p == peer) { - df = *p; - - *p = df->peer_wait_list; - df->peer_wait_list = NULL; - - return; - } - } lws_end_foreach_llp(p, peer_wait_list); -} - -/* requires context->lock */ -static void -__lws_peer_add_to_peer_wait_list(struct lws_context *context, - struct lws_peer *peer) -{ - __lws_peer_remove_from_peer_wait_list(context, peer); - - peer->peer_wait_list = context->peer_wait_list; - context->peer_wait_list = peer; -} - - -struct lws_peer * -lws_get_or_create_peer(struct lws_vhost *vhost, lws_sockfd_type sockfd) -{ - struct lws_context *context = vhost->context; - socklen_t rlen = 0; - void *q; - uint8_t *q8; - struct lws_peer *peer; - uint32_t hash = 0; - int n, af = AF_INET; - struct sockaddr_storage addr; - - if (vhost->options & LWS_SERVER_OPTION_UNIX_SOCK) - return NULL; - -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(vhost)) { - af = AF_INET6; - } -#endif - rlen = sizeof(addr); - if (getpeername(sockfd, (struct sockaddr*)&addr, &rlen)) - /* eg, udp doesn't have to have a peer */ - return NULL; - -#ifdef LWS_WITH_IPV6 - if (af == AF_INET) -#endif - { - struct sockaddr_in *s = (struct sockaddr_in *)&addr; - q = &s->sin_addr; - rlen = sizeof(s->sin_addr); - } -#ifdef LWS_WITH_IPV6 - else { - struct sockaddr_in6 *s = (struct sockaddr_in6 *)&addr; - q = &s->sin6_addr; - rlen = sizeof(s->sin6_addr); - } -#endif - - q8 = q; - for (n = 0; n < (int)rlen; n++) - hash = (((hash << 4) | (hash >> 28)) * n) ^ q8[n]; - - hash = hash % context->pl_hash_elements; - - lws_context_lock(context, "peer search"); /* <======================= */ - - lws_start_foreach_ll(struct lws_peer *, peerx, - context->pl_hash_table[hash]) { - if (peerx->af == af && !memcmp(q, peerx->addr, rlen)) { - lws_context_unlock(context); /* === */ - return peerx; - } - } lws_end_foreach_ll(peerx, next); - - lwsl_info("%s: creating new peer\n", __func__); - - peer = lws_zalloc(sizeof(*peer), "peer"); - if (!peer) { - lws_context_unlock(context); /* === */ - lwsl_err("%s: OOM for new peer\n", __func__); - return NULL; - } - - context->count_peers++; - peer->next = context->pl_hash_table[hash]; - peer->hash = hash; - peer->af = af; - context->pl_hash_table[hash] = peer; - memcpy(peer->addr, q, rlen); - time(&peer->time_created); - /* - * On creation, the peer has no wsi attached, so is created on the - * wait list. When a wsi is added it is removed from the wait list. - */ - time(&peer->time_closed_all); - __lws_peer_add_to_peer_wait_list(context, peer); - - lws_context_unlock(context); /* ====================================> */ - - return peer; -} - -/* requires context->lock */ -static int -__lws_peer_destroy(struct lws_context *context, struct lws_peer *peer) -{ - lws_start_foreach_llp(struct lws_peer **, p, - context->pl_hash_table[peer->hash]) { - if (*p == peer) { - struct lws_peer *df = *p; - *p = df->next; - lws_free(df); - context->count_peers--; - - return 0; - } - } lws_end_foreach_llp(p, next); - - return 1; -} - -void -lws_peer_cull_peer_wait_list(struct lws_context *context) -{ - struct lws_peer *df; - time_t t; - - time(&t); - - if (context->next_cull && t < context->next_cull) - return; - - lws_context_lock(context, "peer cull"); /* <========================= */ - - context->next_cull = t + 5; - - lws_start_foreach_llp(struct lws_peer **, p, context->peer_wait_list) { - if (t - (*p)->time_closed_all > 10) { - df = *p; - - /* remove us from the peer wait list */ - *p = df->peer_wait_list; - df->peer_wait_list = NULL; - - __lws_peer_destroy(context, df); - continue; /* we already point to next, if any */ - } - } lws_end_foreach_llp(p, peer_wait_list); - - lws_context_unlock(context); /* ====================================> */ -} - -void -lws_peer_add_wsi(struct lws_context *context, struct lws_peer *peer, - struct lws *wsi) -{ - if (!peer) - return; - - lws_context_lock(context, "peer add"); /* <========================== */ - - peer->count_wsi++; - wsi->peer = peer; - __lws_peer_remove_from_peer_wait_list(context, peer); - - lws_context_unlock(context); /* ====================================> */ -} - -void -lws_peer_dump_from_wsi(struct lws *wsi) -{ - struct lws_peer *peer; - - if (!wsi || !wsi->peer) - return; - - peer = wsi->peer; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - lwsl_notice("%s: wsi %p: created %llu: wsi: %d/%d, ah %d/%d\n", - __func__, - wsi, (unsigned long long)peer->time_created, - peer->count_wsi, peer->total_wsi, - peer->http.count_ah, peer->http.total_ah); -#else - lwsl_notice("%s: wsi %p: created %llu: wsi: %d/%d\n", __func__, - wsi, (unsigned long long)peer->time_created, - peer->count_wsi, peer->total_wsi); -#endif -} - -void -lws_peer_track_wsi_close(struct lws_context *context, struct lws_peer *peer) -{ - if (!peer) - return; - - lws_context_lock(context, "peer wsi close"); /* <==================== */ - - assert(peer->count_wsi); - peer->count_wsi--; - - if (!peer->count_wsi -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - && !peer->http.count_ah -#endif - ) { - /* - * in order that we can accumulate peer activity correctly - * allowing for periods when the peer has no connections, - * we don't synchronously destroy the peer when his last - * wsi closes. Instead we mark the time his last wsi - * closed and add him to a peer_wait_list to be reaped - * later if no further activity is coming. - */ - time(&peer->time_closed_all); - __lws_peer_add_to_peer_wait_list(context, peer); - } - - lws_context_unlock(context); /* ====================================> */ -} - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -int -lws_peer_confirm_ah_attach_ok(struct lws_context *context, - struct lws_peer *peer) -{ - if (!peer) - return 0; - - if (context->ip_limit_ah && - peer->http.count_ah >= context->ip_limit_ah) { - lwsl_info("peer reached ah limit %d, deferring\n", - context->ip_limit_ah); - - return 1; - } - - return 0; -} - -void -lws_peer_track_ah_detach(struct lws_context *context, struct lws_peer *peer) -{ - if (!peer) - return; - - lws_context_lock(context, "peer ah detach"); /* <==================== */ - assert(peer->http.count_ah); - peer->http.count_ah--; - lws_context_unlock(context); /* ====================================> */ -} -#endif diff --git a/lib/misc/threadpool/README.md b/lib/misc/threadpool/README.md deleted file mode 100644 index 7b5dece..0000000 --- a/lib/misc/threadpool/README.md +++ /dev/null @@ -1,182 +0,0 @@ -## Threadpool - -### Overview - -![overview](/doc-assets/threadpool.svg) - -An api that lets you create a pool of worker threads, and a queue of tasks that -are bound to a wsi. Tasks in their own thread synchronize communication to the -lws service thread of the wsi via `LWS_CALLBACK_SERVER_WRITEABLE` and friends. - -Tasks can produce some output, then return that they want to "sync" with the -service thread. That causes a `LWS_CALLBACK_SERVER_WRITEABLE` in the service -thread context, where the output can be consumed, and the task told to continue, -or completed tasks be reaped. - -ALL of the details related to thread synchronization and an associated wsi in -the lws service thread context are handled by the threadpool api, without needing -any pthreads in user code. - -### Example - -https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/ws-server/minimal-ws-server-threadpool - -### Lifecycle considerations - -#### Tasks vs wsi - -Although all tasks start out as being associated to a wsi, in fact the lifetime -of a task and that of the wsi are not necessarily linked. - -You may start a long task, eg, that runs atomically in its thread for 30s, and -at any time the client may close the connection, eg, close a browser window. - -There are arrangements that a task can "check in" periodically with lws to see -if it has been asked to stop, allowing the task lifetime to be related to the -wsi lifetime somewhat, but some tasks are going to be atomic and longlived. - -For that reason, at wsi close an ongoing task can detach from the wsi and -continue until it ends or understands it has been asked to stop. To make -that work, the task is created with a `cleanup` callback that performs any -freeing independent of still having a wsi around to do it... the task takes over -responsibility to free the user pointer on destruction when the task is created. - -![Threadpool States](/doc-assets/threadpool-states.svg) - -#### Reaping completed tasks - -Once created, although tasks may run asynchronously, the task itself does not -get destroyed on completion but added to a "done queue". Only when the lws -service thread context queries the task state with `lws_threadpool_task_status()` -may the task be reaped and memory freed. - -This is analogous to unix processes and `wait()`. - -If a task became detached from its wsi, then joining the done queue is enough -to get the task reaped, since there's nobody left any more to synchronize the -reaping with. - -### User interface - -The api is declared at https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-threadpool.h - -#### Threadpool creation / destruction - -The threadpool should be created at program or vhost init using -`lws_threadpool_create()` and destroyed on exit or vhost destruction using -first `lws_threadpool_finish()` and then `lws_threadpool_destroy()`. - -Threadpools should be named, varargs are provided on the create function -to facilite eg, naming the threadpool by the vhost it's associated with. - -Threadpool creation takes an args struct with the following members: - -Member|function ----|--- -threads|The maxiumum number of independent threads in the pool -max_queue_depth|The maximum number of tasks allowed to wait for a place in the pool - -#### Task creation / destruction - -Tasks are created and queued using `lws_threadpool_enqueue()`, this takes an -args struct with the following members - -Member|function ----|--- -wsi|The wsi the task is initially associated with -user|An opaque user-private pointer used for communication with the lws service thread and private state / data -task|A pointer to the function that will run in the pool thread -cleanup|A pointer to a function that will clean up finished or stopped tasks (perhaps freeing user) - -Tasks also should have a name, the creation function again provides varargs -to simplify naming the task with string elements related to who started it -and why. - -#### The task function itself - -The task function receives the task user pointer and the task state. The -possible task states are - -State|Meaning ----|--- -LWS_TP_STATUS_QUEUED|Task is still waiting for a pool thread -LWS_TP_STATUS_RUNNING|Task is supposed to do its work -LWS_TP_STATUS_SYNCING|Task is blocked waiting for sync from lws service thread -LWS_TP_STATUS_STOPPING|Task has been asked to stop but didn't stop yet -LWS_TP_STATUS_FINISHED|Task has reported it has completed -LWS_TP_STATUS_STOPPED|Task has aborted - -The task function will only be told `LWS_TP_STATUS_RUNNING` or -`LWS_TP_STATUS_STOPPING` in its status argument... RUNNING means continue with the -user task and STOPPING means clean up and return `LWS_TP_RETURN_STOPPED`. - -If possible every 100ms or so the task should return `LWS_TP_RETURN_CHECKING_IN` -to allow lws to inform it reasonably quickly that it has been asked to stop -(eg, because the related wsi has closed), or if it can continue. If not -possible, it's okay but eg exiting the application may experience delays -until the running task finishes, and since the wsi may have gone, the work -is wasted. - -The task function may return one of - -Return|Meaning ----|--- -LWS_TP_RETURN_CHECKING_IN|Still wants to run, but confirming nobody asked him to stop. Will be called again immediately with `LWS_TP_STATUS_RUNNING` or `LWS_TP_STATUS_STOPPING` -LWS_TP_RETURN_SYNC|Task wants to trigger a WRITABLE callback and block until lws service thread restarts it with `lws_threadpool_task_sync()` -LWS_TP_RETURN_FINISHED|Task has finished, successfully as far as it goes -LWS_TP_RETURN_STOPPED|Task has finished, aborting in response to a request to stop - -The SYNC or CHECKING_IN return may also have a flag `LWS_TP_RETURN_FLAG_OUTLIVE` -applied to it, which indicates to threadpool that this task wishes to remain -unstopped after the wsi closes. This is useful in the case where the task -understands it will take a long time to complete, and wants to return a -complete status and maybe close the connection, perhaps with a token identifying -the task. The task can then be monitored separately by using the token. - -#### Synchronizing - -The task can choose to "SYNC" with the lws service thread, in other words -cause a WRITABLE callback on the associated wsi in the lws service thread -context and block itself until it hears back from there via -`lws_threadpool_task_sync()` to resume the task. - -This is typically used when, eg, the task has filled its buffer, or ringbuffer, -and needs to pause operations until what's done has been sent and some buffer -space is open again. - -In the WRITABLE callback, in lws service thread context, the buffer can be -sent with `lws_write()` and then `lws_threadpool_task_sync()` to allow the task -to fill another buffer and continue that way. - -If the WRITABLE callback determines that the task should stop, it can just call -`lws_threadpool_task_sync()` with the second argument as 1, to force the task -to stop immediately after it resumes. - -#### The cleanup function - -When a finished task is reaped, or a task that become detached from its initial -wsi completes or is stopped, it calls the `.cleanup` function defined in the -task creation args struct to free anything related to the user pointer. - -With threadpool, responsibility for freeing allocations used by the task belongs -strictly with the task, via the `.cleanup` function, once the task has been -enqueued. That's different from a typical non-threadpool protocol where the -wsi lifecycle controls deallocation. This reflects the fact that the task -may outlive the wsi. - -#### Protecting against WRITABLE and / or SYNC duplication - -Care should be taken than data prepared by the task thread in the user priv -memory should only be sent once. For example, after sending data from a user -priv buffer of a given length stored in the priv, zero down the length. - -Task execution and the SYNC writable callbacks are mutually exclusive, so there -is no danger of collision between the task thread and the lws service thread if -the reason for the callback is a SYNC operation from the task thread. - -### Thread overcommit - -If the tasks running on the threads are ultimately network-bound for all or some -of their processing (via the SYNC with the WRITEABLE callback), it's possible -to overcommit the number of threads in the pool compared to the number of -threads the processor has in hardware to get better occupancy in the CPU. diff --git a/lib/misc/threadpool/threadpool.c b/lib/misc/threadpool/threadpool.c deleted file mode 100644 index de9bab7..0000000 --- a/lib/misc/threadpool/threadpool.c +++ /dev/null @@ -1,1013 +0,0 @@ -/* - * libwebsockets - threadpool api - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include - -#include "core/private.h" - -#include -#include - -struct lws_threadpool; - -struct lws_threadpool_task { - struct lws_threadpool_task *task_queue_next; - - struct lws_threadpool *tp; - char name[32]; - struct lws_threadpool_task_args args; - - lws_usec_t created; - lws_usec_t acquired; - lws_usec_t done; - lws_usec_t entered_state; - - lws_usec_t acc_running; - lws_usec_t acc_syncing; - - pthread_cond_t wake_idle; - - enum lws_threadpool_task_status status; - - int late_sync_retries; - - char wanted_writeable_cb; - char outlive; -}; - -struct lws_pool { - struct lws_threadpool *tp; - pthread_t thread; - pthread_mutex_t lock; /* part of task wake_idle */ - struct lws_threadpool_task *task; - lws_usec_t acquired; - int worker_index; -}; - -struct lws_threadpool { - pthread_mutex_t lock; /* protects all pool lists */ - pthread_cond_t wake_idle; - struct lws_pool *pool_list; - - struct lws_context *context; - struct lws_threadpool *tp_list; /* context list of threadpools */ - - struct lws_threadpool_task *task_queue_head; - struct lws_threadpool_task *task_done_head; - - char name[32]; - - int threads_in_pool; - int queue_depth; - int done_queue_depth; - int max_queue_depth; - int running_tasks; - - unsigned int destroying:1; -}; - -static int -ms_delta(lws_usec_t now, lws_usec_t then) -{ - return (int)((now - then) / 1000); -} - -static void -us_accrue(lws_usec_t *acc, lws_usec_t then) -{ - lws_usec_t now = lws_now_usecs(); - - *acc += now - then; -} - -static int -pc_delta(lws_usec_t now, lws_usec_t then, lws_usec_t us) -{ - lws_usec_t delta = (now - then) + 1; - - return (int)((us * 100) / delta); -} - -static void -__lws_threadpool_task_dump(struct lws_threadpool_task *task, char *buf, int len) -{ - lws_usec_t now = lws_now_usecs(); - char *end = buf + len - 1; - int syncms = 0, runms = 0; - - if (!task->acquired) { - buf += lws_snprintf(buf, end - buf, - "task: %s, QUEUED queued: %dms", - task->name, ms_delta(now, task->created)); - - return; - } - - if (task->acc_running) - runms = task->acc_running; - - if (task->acc_syncing) - syncms = task->acc_syncing; - - if (!task->done) { - buf += lws_snprintf(buf, end - buf, - "task: %s, ONGOING state %d (%dms) alive: %dms " - "(queued %dms, acquired: %dms, " - "run: %d%%, sync: %d%%)", task->name, task->status, - ms_delta(now, task->entered_state), - ms_delta(now, task->created), - ms_delta(task->acquired, task->created), - ms_delta(now, task->acquired), - pc_delta(now, task->acquired, runms), - pc_delta(now, task->acquired, syncms)); - - return; - } - - buf += lws_snprintf(buf, end - buf, - "task: %s, DONE state %d lived: %dms " - "(queued %dms, on thread: %dms, " - "ran: %d%%, synced: %d%%)", task->name, task->status, - ms_delta(task->done, task->created), - ms_delta(task->acquired, task->created), - ms_delta(task->done, task->acquired), - pc_delta(task->done, task->acquired, runms), - pc_delta(task->done, task->acquired, syncms)); -} - -void -lws_threadpool_dump(struct lws_threadpool *tp) -{ -#if defined(_DEBUG) - struct lws_threadpool_task **c; - char buf[160]; - int n, count; - - pthread_mutex_lock(&tp->lock); /* ======================== tpool lock */ - - lwsl_thread("%s: tp: %s, Queued: %d, Run: %d, Done: %d\n", __func__, - tp->name, tp->queue_depth, tp->running_tasks, - tp->done_queue_depth); - - count = 0; - c = &tp->task_queue_head; - while (*c) { - struct lws_threadpool_task *task = *c; - __lws_threadpool_task_dump(task, buf, sizeof(buf)); - lwsl_thread(" - %s\n", buf); - count++; - - c = &(*c)->task_queue_next; - } - - if (count != tp->queue_depth) - lwsl_err("%s: tp says queue depth %d, but actually %d\n", - __func__, tp->queue_depth, count); - - count = 0; - for (n = 0; n < tp->threads_in_pool; n++) { - struct lws_pool *pool = &tp->pool_list[n]; - struct lws_threadpool_task *task = pool->task; - - if (task) { - __lws_threadpool_task_dump(task, buf, sizeof(buf)); - lwsl_thread(" - worker %d: %s\n", n, buf); - count++; - } - } - - if (count != tp->running_tasks) - lwsl_err("%s: tp says %d running_tasks, but actually %d\n", - __func__, tp->running_tasks, count); - - count = 0; - c = &tp->task_done_head; - while (*c) { - struct lws_threadpool_task *task = *c; - __lws_threadpool_task_dump(task, buf, sizeof(buf)); - lwsl_thread(" - %s\n", buf); - count++; - - c = &(*c)->task_queue_next; - } - - if (count != tp->done_queue_depth) - lwsl_err("%s: tp says done_queue_depth %d, but actually %d\n", - __func__, tp->done_queue_depth, count); - - pthread_mutex_unlock(&tp->lock); /* --------------- tp unlock */ -#endif -} - -static void -state_transition(struct lws_threadpool_task *task, - enum lws_threadpool_task_status status) -{ - task->entered_state = lws_now_usecs(); - task->status = status; -} - -static void -lws_threadpool_task_cleanup_destroy(struct lws_threadpool_task *task) -{ - if (task->args.cleanup) - task->args.cleanup(task->args.wsi, task->args.user); - - if (task->args.wsi) - task->args.wsi->tp_task = NULL; - - lwsl_thread("%s: tp %p: cleaned finished task for wsi %p\n", - __func__, task->tp, task->args.wsi); - - lws_free(task); -} - -static void -__lws_threadpool_reap(struct lws_threadpool_task *task) -{ - struct lws_threadpool_task **c, *t = NULL; - struct lws_threadpool *tp = task->tp; - - /* remove the task from the done queue */ - - c = &tp->task_done_head; - - while (*c) { - if ((*c) == task) { - t = *c; - *c = t->task_queue_next; - t->task_queue_next = NULL; - tp->done_queue_depth--; - - lwsl_thread("%s: tp %s: reaped task wsi %p\n", __func__, - tp->name, task->args.wsi); - - break; - } - c = &(*c)->task_queue_next; - } - - if (!t) - lwsl_err("%s: task %p not in done queue\n", __func__, task); - - /* call the task's cleanup and delete the task itself */ - - lws_threadpool_task_cleanup_destroy(task); -} - -/* - * this gets called from each tsi service context after the service was - * cancelled... we need to ask for the writable callback from the matching - * tsi context for any wsis bound to a worked thread that need it - */ - -int -lws_threadpool_tsi_context(struct lws_context *context, int tsi) -{ - struct lws_threadpool_task **c, *task = NULL; - struct lws_threadpool *tp; - struct lws *wsi; - - lws_context_lock(context, __func__); - - tp = context->tp_list_head; - while (tp) { - int n; - - /* for the running (syncing...) tasks... */ - - for (n = 0; n < tp->threads_in_pool; n++) { - struct lws_pool *pool = &tp->pool_list[n]; - - task = pool->task; - if (!task) - continue; - - wsi = task->args.wsi; - if (!wsi || wsi->tsi != tsi || - !task->wanted_writeable_cb) - continue; - - task->wanted_writeable_cb = 0; - lws_memory_barrier(); - - /* - * finally... we can ask for the callback on - * writable from the correct service thread - * context - */ - - lws_callback_on_writable(wsi); - } - - /* for the done tasks... */ - - c = &tp->task_done_head; - - while (*c) { - task = *c; - wsi = task->args.wsi; - - if (wsi && wsi->tsi == tsi && - task->wanted_writeable_cb) { - - task->wanted_writeable_cb = 0; - lws_memory_barrier(); - - /* - * finally... we can ask for the callback on - * writable from the correct service thread - * context - */ - - lws_callback_on_writable(wsi); - } - - c = &task->task_queue_next; - } - - tp = tp->tp_list; - } - - lws_context_unlock(context); - - return 0; -} - -static int -lws_threadpool_worker_sync(struct lws_pool *pool, - struct lws_threadpool_task *task) -{ - enum lws_threadpool_task_status temp; - struct timespec abstime; - struct lws *wsi; - int tries = 15; - - /* block until writable acknowledges */ - lwsl_debug("%s: %p: LWS_TP_RETURN_SYNC in\n", __func__, task); - pthread_mutex_lock(&pool->lock); /* ======================= pool lock */ - - lwsl_info("%s: %s: task %p (%s): syncing with wsi %p\n", __func__, - pool->tp->name, task, task->name, task->args.wsi); - - temp = task->status; - state_transition(task, LWS_TP_STATUS_SYNCING); - while (tries--) { - wsi = task->args.wsi; - - /* - * if the wsi is no longer attached to this task, there is - * nothing we can sync to usefully. Since the work wants to - * sync, it means we should react to the situation by telling - * the task it can't continue usefully by stopping it. - */ - - if (!wsi) { - lwsl_thread("%s: %s: task %p (%s): No longer bound to any " - "wsi to sync to\n", __func__, pool->tp->name, - task, task->name); - - state_transition(task, LWS_TP_STATUS_STOPPING); - goto done; - } - - /* - * So tries times this is the maximum time between SYNC asking - * for a callback on writable and actually getting it we are - * willing to sit still for. - * - * If it is exceeded, we will stop the task. - */ - abstime.tv_sec = time(NULL) + 2; - abstime.tv_nsec = 0; - - task->wanted_writeable_cb = 1; - lws_memory_barrier(); - - /* - * This will cause lws_threadpool_tsi_context() to get called - * from each tsi service context, where we can safely ask for - * a callback on writeable on the wsi we are associated with. - */ - lws_cancel_service(lws_get_context(wsi)); - - /* - * so the danger here is that we asked for a writable callback - * on the wsi, but for whatever reason, we are never going to - * get one. To avoid deadlocking forever, we allow a set time - * for the sync to happen naturally, otherwise the cond wait - * times out and we stop the task. - */ - - if (pthread_cond_timedwait(&task->wake_idle, &pool->lock, - &abstime) == ETIMEDOUT) { - task->late_sync_retries++; - if (!tries) { - lwsl_err("%s: %s: task %p (%s): SYNC timed out " - "(associated wsi %p)\n", - __func__, pool->tp->name, task, - task->name, task->args.wsi); - - state_transition(task, LWS_TP_STATUS_STOPPING); - goto done; - } - - continue; - } else - break; - } - - if (task->status == LWS_TP_STATUS_SYNCING) - state_transition(task, temp); - - lwsl_debug("%s: %p: LWS_TP_RETURN_SYNC out\n", __func__, task); - -done: - pthread_mutex_unlock(&pool->lock); /* ----------------- - pool unlock */ - - return 0; -} - -static void * -lws_threadpool_worker(void *d) -{ - struct lws_threadpool_task **c, **c2, *task; - struct lws_pool *pool = d; - struct lws_threadpool *tp = pool->tp; - char buf[160]; - - while (!tp->destroying) { - - /* we have no running task... wait and get one from the queue */ - - pthread_mutex_lock(&tp->lock); /* =================== tp lock */ - - /* - * if there's no task already waiting in the queue, wait for - * the wake_idle condition to signal us that might have changed - */ - while (!tp->task_queue_head && !tp->destroying) - pthread_cond_wait(&tp->wake_idle, &tp->lock); - - if (tp->destroying) { - pthread_mutex_unlock(&tp->lock); /* ------ tp unlock */ - continue; - } - - c = &tp->task_queue_head; - c2 = NULL; - task = NULL; - pool->task = NULL; - - /* look at the queue tail */ - while (*c) { - c2 = c; - c = &(*c)->task_queue_next; - } - - /* is there a task at the queue tail? */ - if (c2 && *c2) { - pool->task = task = *c2; - task->acquired = pool->acquired = lws_now_usecs(); - /* remove it from the queue */ - *c2 = task->task_queue_next; - task->task_queue_next = NULL; - tp->queue_depth--; - /* mark it as running */ - state_transition(task, LWS_TP_STATUS_RUNNING); - } - - /* someone else got it first... wait and try again */ - if (!task) { - pthread_mutex_unlock(&tp->lock); /* ------ tp unlock */ - continue; - } - - task->wanted_writeable_cb = 0; - - /* we have acquired a new task */ - - __lws_threadpool_task_dump(task, buf, sizeof(buf)); - - lwsl_thread("%s: %s: worker %d ACQUIRING: %s\n", - __func__, tp->name, pool->worker_index, buf); - tp->running_tasks++; - - pthread_mutex_unlock(&tp->lock); /* --------------- tp unlock */ - - /* - * 1) The task can return with LWS_TP_RETURN_CHECKING_IN to - * "resurface" periodically, and get called again with - * cont = 1 immediately to indicate it is picking up where it - * left off if the task is not being "stopped". - * - * This allows long tasks to respond to requests to stop in - * a clean and opaque way. - * - * 2) The task can return with LWS_TP_RETURN_SYNC to register - * a "callback on writable" request on the service thread and - * block until it hears back from the WRITABLE handler. - * - * This allows the work on the thread to be synchronized to the - * previous work being dispatched cleanly. - * - * 3) The task can return with LWS_TP_RETURN_FINISHED to - * indicate its work is completed nicely. - * - * 4) The task can return with LWS_TP_RETURN_STOPPED to indicate - * it stopped and cleaned up after incomplete work. - */ - - do { - lws_usec_t then; - int n; - - if (tp->destroying || !task->args.wsi) { - lwsl_info("%s: stopping on wsi gone\n", __func__); - state_transition(task, LWS_TP_STATUS_STOPPING); - } - - then = lws_now_usecs(); - n = task->args.task(task->args.user, task->status); - lwsl_debug(" %d, status %d\n", n, task->status); - us_accrue(&task->acc_running, then); - if (n & LWS_TP_RETURN_FLAG_OUTLIVE) - task->outlive = 1; - switch (n & 7) { - case LWS_TP_RETURN_CHECKING_IN: - /* if not destroying the tp, continue */ - break; - case LWS_TP_RETURN_SYNC: - if (!task->args.wsi) { - lwsl_debug("%s: task that wants to " - "outlive lost wsi asked " - "to sync: bypassed\n", - __func__); - break; - } - /* block until writable acknowledges */ - then = lws_now_usecs(); - lws_threadpool_worker_sync(pool, task); - us_accrue(&task->acc_syncing, then); - break; - case LWS_TP_RETURN_FINISHED: - state_transition(task, LWS_TP_STATUS_FINISHED); - break; - case LWS_TP_RETURN_STOPPED: - state_transition(task, LWS_TP_STATUS_STOPPED); - break; - } - } while (task->status == LWS_TP_STATUS_RUNNING); - - pthread_mutex_lock(&tp->lock); /* =================== tp lock */ - - tp->running_tasks--; - - if (pool->task->status == LWS_TP_STATUS_STOPPING) - state_transition(task, LWS_TP_STATUS_STOPPED); - - /* move the task to the done queue */ - - pool->task->task_queue_next = tp->task_done_head; - tp->task_done_head = task; - tp->done_queue_depth++; - pool->task->done = lws_now_usecs(); - - if (!pool->task->args.wsi && - (pool->task->status == LWS_TP_STATUS_STOPPED || - pool->task->status == LWS_TP_STATUS_FINISHED)) { - - __lws_threadpool_task_dump(pool->task, buf, sizeof(buf)); - lwsl_thread("%s: %s: worker %d REAPING: %s\n", - __func__, tp->name, pool->worker_index, - buf); - - /* - * there is no longer any wsi attached, so nothing is - * going to take care of reaping us. So we must take - * care of it ourselves. - */ - __lws_threadpool_reap(pool->task); - } else { - - __lws_threadpool_task_dump(pool->task, buf, sizeof(buf)); - lwsl_thread("%s: %s: worker %d DONE: %s\n", - __func__, tp->name, pool->worker_index, - buf); - - /* signal the associated wsi to take a fresh look at - * task status */ - - if (pool->task->args.wsi) { - task->wanted_writeable_cb = 1; - - lws_cancel_service( - lws_get_context(pool->task->args.wsi)); - } - } - - pool->task = NULL; - pthread_mutex_unlock(&tp->lock); /* --------------- tp unlock */ - } - - /* threadpool is being destroyed */ - - pthread_exit(NULL); - - return NULL; -} - -struct lws_threadpool * -lws_threadpool_create(struct lws_context *context, - const struct lws_threadpool_create_args *args, - const char *format, ...) -{ - struct lws_threadpool *tp; - va_list ap; - int n; - - tp = lws_malloc(sizeof(*tp) + (sizeof(struct lws_pool) * args->threads), - "threadpool alloc"); - if (!tp) - return NULL; - - memset(tp, 0, sizeof(*tp) + (sizeof(struct lws_pool) * args->threads)); - tp->pool_list = (struct lws_pool *)(tp + 1); - tp->max_queue_depth = args->max_queue_depth; - - va_start(ap, format); - n = vsnprintf(tp->name, sizeof(tp->name) - 1, format, ap); - va_end(ap); - - lws_context_lock(context, __func__); - - tp->context = context; - tp->tp_list = context->tp_list_head; - context->tp_list_head = tp; - - lws_context_unlock(context); - - pthread_mutex_init(&tp->lock, NULL); - pthread_cond_init(&tp->wake_idle, NULL); - - for (n = 0; n < args->threads; n++) { -#if defined(LWS_HAS_PTHREAD_SETNAME_NP) - char name[16]; -#endif - tp->pool_list[n].tp = tp; - tp->pool_list[n].worker_index = n; - pthread_mutex_init(&tp->pool_list[n].lock, NULL); - if (pthread_create(&tp->pool_list[n].thread, NULL, - lws_threadpool_worker, &tp->pool_list[n])) { - lwsl_err("thread creation failed\n"); - } else { -#if defined(LWS_HAS_PTHREAD_SETNAME_NP) - lws_snprintf(name, sizeof(name), "%s-%d", tp->name, n); - pthread_setname_np(tp->pool_list[n].thread, name); -#endif - tp->threads_in_pool++; - } - } - - return tp; -} - -void -lws_threadpool_finish(struct lws_threadpool *tp) -{ - struct lws_threadpool_task **c, *task; - - pthread_mutex_lock(&tp->lock); /* ======================== tpool lock */ - - /* nothing new can start, running jobs will abort as STOPPED and the - * pool threads will exit ASAP (they are joined in destroy) */ - tp->destroying = 1; - - /* stop everyone in the pending queue and move to the done queue */ - - c = &tp->task_queue_head; - while (*c) { - task = *c; - *c = task->task_queue_next; - task->task_queue_next = tp->task_done_head; - tp->task_done_head = task; - state_transition(task, LWS_TP_STATUS_STOPPED); - tp->queue_depth--; - tp->done_queue_depth++; - task->done = lws_now_usecs(); - - c = &task->task_queue_next; - } - - pthread_mutex_unlock(&tp->lock); /* -------------------- tpool unlock */ - - pthread_cond_broadcast(&tp->wake_idle); -} - -void -lws_threadpool_destroy(struct lws_threadpool *tp) -{ - struct lws_threadpool_task *task, *next; - struct lws_threadpool **ptp; - void *retval; - int n; - - /* remove us from the context list of threadpools */ - - lws_context_lock(tp->context, __func__); - - ptp = &tp->context->tp_list_head; - while (*ptp) { - if (*ptp == tp) { - *ptp = tp->tp_list; - break; - } - ptp = &(*ptp)->tp_list; - } - - lws_context_unlock(tp->context); - - - pthread_mutex_lock(&tp->lock); /* ======================== tpool lock */ - - tp->destroying = 1; - pthread_cond_broadcast(&tp->wake_idle); - pthread_mutex_unlock(&tp->lock); /* -------------------- tpool unlock */ - - lws_threadpool_dump(tp); - - for (n = 0; n < tp->threads_in_pool; n++) { - task = tp->pool_list[n].task; - - /* he could be sitting waiting for SYNC */ - - if (task != NULL) - pthread_cond_broadcast(&task->wake_idle); - - pthread_join(tp->pool_list[n].thread, &retval); - pthread_mutex_destroy(&tp->pool_list[n].lock); - } - lwsl_info("%s: all threadpools exited\n", __func__); - - task = tp->task_done_head; - while (task) { - next = task->task_queue_next; - lws_threadpool_task_cleanup_destroy(task); - tp->done_queue_depth--; - task = next; - } - - pthread_mutex_destroy(&tp->lock); - - lws_free(tp); -} - -/* - * we want to stop and destroy the task and related priv. The wsi may no - * longer exist. - */ - -int -lws_threadpool_dequeue(struct lws *wsi) -{ - struct lws_threadpool *tp; - struct lws_threadpool_task **c, *task; - int n; - - task = wsi->tp_task; - if (!task) - return 0; - - tp = task->tp; - pthread_mutex_lock(&tp->lock); /* ======================== tpool lock */ - - if (task->outlive && !tp->destroying) { - - /* disconnect from wsi, and wsi from task */ - - wsi->tp_task = NULL; - task->args.wsi = NULL; - - goto bail; - } - - - c = &tp->task_queue_head; - - /* is he queued waiting for a chance to run? Mark him as stopped and - * move him on to the done queue */ - - while (*c) { - if ((*c) == task) { - *c = task->task_queue_next; - task->task_queue_next = tp->task_done_head; - tp->task_done_head = task; - state_transition(task, LWS_TP_STATUS_STOPPED); - tp->queue_depth--; - tp->done_queue_depth++; - task->done = lws_now_usecs(); - - lwsl_debug("%s: tp %p: removed queued task wsi %p\n", - __func__, tp, task->args.wsi); - - break; - } - c = &(*c)->task_queue_next; - } - - /* is he on the done queue? */ - - c = &tp->task_done_head; - while (*c) { - if ((*c) == task) { - *c = task->task_queue_next; - task->task_queue_next = NULL; - lws_threadpool_task_cleanup_destroy(task); - tp->done_queue_depth--; - goto bail; - } - c = &(*c)->task_queue_next; - } - - /* he's not in the queue... is he already running on a thread? */ - - for (n = 0; n < tp->threads_in_pool; n++) { - if (!tp->pool_list[n].task || tp->pool_list[n].task != task) - continue; - - /* - * ensure we don't collide with tests or changes in the - * worker thread - */ - pthread_mutex_lock(&tp->pool_list[n].lock); - - /* - * mark him as having been requested to stop... - * the caller will hear about it in his service thread - * context as a request to close - */ - state_transition(task, LWS_TP_STATUS_STOPPING); - - /* disconnect from wsi, and wsi from task */ - - task->args.wsi->tp_task = NULL; - task->args.wsi = NULL; - - pthread_mutex_unlock(&tp->pool_list[n].lock); - - lwsl_debug("%s: tp %p: request stop running task " - "for wsi %p\n", __func__, tp, task->args.wsi); - - break; - } - - if (n == tp->threads_in_pool) { - /* can't find it */ - lwsl_notice("%s: tp %p: no task for wsi %p, decoupling\n", - __func__, tp, task->args.wsi); - task->args.wsi->tp_task = NULL; - task->args.wsi = NULL; - } - -bail: - pthread_mutex_unlock(&tp->lock); /* -------------------- tpool unlock */ - - return 0; -} - -struct lws_threadpool_task * -lws_threadpool_enqueue(struct lws_threadpool *tp, - const struct lws_threadpool_task_args *args, - const char *format, ...) -{ - struct lws_threadpool_task *task = NULL; - va_list ap; - - if (tp->destroying) - return NULL; - - pthread_mutex_lock(&tp->lock); /* ======================== tpool lock */ - - /* - * if there's room on the queue, the job always goes on the queue - * first, then any free thread may pick it up after the wake_idle - */ - - if (tp->queue_depth == tp->max_queue_depth) { - lwsl_notice("%s: queue reached limit %d\n", __func__, - tp->max_queue_depth); - - goto bail; - } - - /* - * create the task object - */ - - task = lws_malloc(sizeof(*task), __func__); - if (!task) - goto bail; - - memset(task, 0, sizeof(*task)); - pthread_cond_init(&task->wake_idle, NULL); - task->args = *args; - task->tp = tp; - task->created = lws_now_usecs(); - - va_start(ap, format); - vsnprintf(task->name, sizeof(task->name) - 1, format, ap); - va_end(ap); - - /* - * add him on the tp task queue - */ - - task->task_queue_next = tp->task_queue_head; - state_transition(task, LWS_TP_STATUS_QUEUED); - tp->task_queue_head = task; - tp->queue_depth++; - - /* - * mark the wsi itself as depending on this tp (so wsi close for - * whatever reason can clean up) - */ - - args->wsi->tp_task = task; - - lwsl_thread("%s: tp %s: enqueued task %p (%s) for wsi %p, depth %d\n", - __func__, tp->name, task, task->name, args->wsi, - tp->queue_depth); - - /* alert any idle thread there's something new on the task list */ - - lws_memory_barrier(); - pthread_cond_signal(&tp->wake_idle); - -bail: - pthread_mutex_unlock(&tp->lock); /* -------------------- tpool unlock */ - - return task; -} - -/* this should be called from the service thread */ - -enum lws_threadpool_task_status -lws_threadpool_task_status_wsi(struct lws *wsi, - struct lws_threadpool_task **task, void **user) -{ - enum lws_threadpool_task_status status; - struct lws_threadpool *tp; - - *task = wsi->tp_task; - if (!*task) - return -1; - - tp = (*task)->tp; - *user = (*task)->args.user; - status = (*task)->status; - - if (status == LWS_TP_STATUS_FINISHED || - status == LWS_TP_STATUS_STOPPED) { - char buf[160]; - - pthread_mutex_lock(&tp->lock); /* ================ tpool lock */ - __lws_threadpool_task_dump(*task, buf, sizeof(buf)); - lwsl_thread("%s: %s: service thread REAPING: %s\n", - __func__, tp->name, buf); - __lws_threadpool_reap(*task); - lws_memory_barrier(); - pthread_mutex_unlock(&tp->lock); /* ------------ tpool unlock */ - } - - return status; -} - -void -lws_threadpool_task_sync(struct lws_threadpool_task *task, int stop) -{ - lwsl_debug("%s\n", __func__); - - if (stop) - state_transition(task, LWS_TP_STATUS_STOPPING); - - pthread_cond_signal(&task->wake_idle); -} diff --git a/lib/output.c b/lib/output.c new file mode 100644 index 0000000..465cb5f --- /dev/null +++ b/lib/output.c @@ -0,0 +1,871 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2015 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +static int +lws_0405_frame_mask_generate(struct lws *wsi) +{ +#if 0 + wsi->u.ws.mask[0] = 0; + wsi->u.ws.mask[1] = 0; + wsi->u.ws.mask[2] = 0; + wsi->u.ws.mask[3] = 0; +#else + int n; + /* fetch the per-frame nonce */ + + n = lws_get_random(lws_get_context(wsi), wsi->u.ws.mask, 4); + if (n != 4) { + lwsl_parser("Unable to read from random device %s %d\n", + SYSTEM_RANDOM_FILEPATH, n); + return 1; + } +#endif + /* start masking from first byte of masking key buffer */ + wsi->u.ws.mask_idx = 0; + + return 0; +} + +#ifdef _DEBUG + +LWS_VISIBLE void lwsl_hexdump(void *vbuf, size_t len) +{ + unsigned char *buf = (unsigned char *)vbuf; + unsigned int n, m, start; + char line[80]; + char *p; + + lwsl_parser("\n"); + + for (n = 0; n < len;) { + start = n; + p = line; + + p += sprintf(p, "%04X: ", start); + + for (m = 0; m < 16 && n < len; m++) + p += sprintf(p, "%02X ", buf[n++]); + while (m++ < 16) + p += sprintf(p, " "); + + p += sprintf(p, " "); + + for (m = 0; m < 16 && (start + m) < len; m++) { + if (buf[start + m] >= ' ' && buf[start + m] < 127) + *p++ = buf[start + m]; + else + *p++ = '.'; + } + while (m++ < 16) + *p++ = ' '; + + *p++ = '\n'; + *p = '\0'; + lwsl_debug("%s", line); + } + lwsl_debug("\n"); +} + +#endif + +/* + * notice this returns number of bytes consumed, or -1 + */ + +int lws_issue_raw(struct lws *wsi, unsigned char *buf, size_t len) +{ + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + size_t real_len = len; + unsigned int n; + int m; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_API_WRITE, 1); + + if (!len) + return 0; + /* just ignore sends after we cleared the truncation buffer */ + if (wsi->state == LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE && + !wsi->trunc_len) + return len; + + if (wsi->trunc_len && (buf < wsi->trunc_alloc || + buf > (wsi->trunc_alloc + wsi->trunc_len + wsi->trunc_offset))) { + char dump[20]; + strncpy(dump, (char *)buf, sizeof(dump) - 1); + dump[sizeof(dump) - 1] = '\0'; +#if defined(LWS_WITH_ESP8266) + lwsl_err("****** %p: Sending new %lu (%s), pending truncated ...\n", + wsi, (unsigned long)len, dump); +#else + lwsl_err("****** %p: Sending new %lu (%s), pending truncated ...\n" + " It's illegal to do an lws_write outside of\n" + " the writable callback: fix your code", + wsi, (unsigned long)len, dump); +#endif + assert(0); + + return -1; + } + + m = lws_ext_cb_active(wsi, LWS_EXT_CB_PACKET_TX_DO_SEND, &buf, len); + if (m < 0) + return -1; + if (m) /* handled */ { + n = m; + goto handle_truncated_send; + } + + if (!lws_socket_is_valid(wsi->desc.sockfd)) + lwsl_warn("** error invalid sock but expected to send\n"); + + /* limit sending */ + if (wsi->protocol->tx_packet_size) + n = wsi->protocol->tx_packet_size; + else { + n = wsi->protocol->rx_buffer_size; + if (!n) + n = context->pt_serv_buf_size; + } + n += LWS_PRE + 4; + if (n > len) + n = len; +#if defined(LWS_WITH_ESP8266) + if (wsi->pending_send_completion) { + n = 0; + goto handle_truncated_send; + } +#endif + + /* nope, send it on the socket directly */ + lws_latency_pre(context, wsi); + n = lws_ssl_capable_write(wsi, buf, n); + lws_latency(context, wsi, "send lws_issue_raw", n, n == len); + + //lwsl_notice("lws_ssl_capable_write: %d\n", n); + + switch (n) { + case LWS_SSL_CAPABLE_ERROR: + /* we're going to close, let close know sends aren't possible */ + wsi->socket_is_permanently_unusable = 1; + return -1; + case LWS_SSL_CAPABLE_MORE_SERVICE: + /* nothing got sent, not fatal, retry the whole thing later */ + n = 0; + break; + } + +handle_truncated_send: + /* + * we were already handling a truncated send? + */ + if (wsi->trunc_len) { + lwsl_info("%p partial adv %d (vs %ld)\n", wsi, n, (long)real_len); + wsi->trunc_offset += n; + wsi->trunc_len -= n; + + if (!wsi->trunc_len) { + lwsl_info("***** %p partial send completed\n", wsi); + /* done with it, but don't free it */ + n = real_len; + if (wsi->state == LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE) { + lwsl_info("***** %p signalling to close now\n", wsi); + return -1; /* retry closing now */ + } + } + /* always callback on writeable */ + lws_callback_on_writable(wsi); + + return n; + } + + if ((unsigned int)n == real_len) + /* what we just sent went out cleanly */ + return n; + + /* + * Newly truncated send. Buffer the remainder (it will get + * first priority next time the socket is writable) + */ + lwsl_debug("%p new partial sent %d from %lu total\n", wsi, n, + (unsigned long)real_len); + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITE_PARTIALS, 1); + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_B_PARTIALS_ACCEPTED_PARTS, n); + + /* + * - if we still have a suitable malloc lying around, use it + * - or, if too small, reallocate it + * - or, if no buffer, create it + */ + if (!wsi->trunc_alloc || real_len - n > wsi->trunc_alloc_len) { + lws_free(wsi->trunc_alloc); + + wsi->trunc_alloc_len = real_len - n; + wsi->trunc_alloc = lws_malloc(real_len - n); + if (!wsi->trunc_alloc) { + lwsl_err("truncated send: unable to malloc %lu\n", + (unsigned long)(real_len - n)); + return -1; + } + } + wsi->trunc_offset = 0; + wsi->trunc_len = real_len - n; + memcpy(wsi->trunc_alloc, buf + n, real_len - n); + + /* since something buffered, force it to get another chance to send */ + lws_callback_on_writable(wsi); + + return real_len; +} + +LWS_VISIBLE int lws_write(struct lws *wsi, unsigned char *buf, size_t len, + enum lws_write_protocol wp) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + int masked7 = (wsi->mode == LWSCM_WS_CLIENT); + unsigned char is_masked_bit = 0; + unsigned char *dropmask = NULL; + struct lws_tokens eff_buf; + int pre = 0, n; + size_t orig_len = len; + + if (wsi->parent_carries_io) { + struct lws_write_passthru pas; + + pas.buf = buf; + pas.len = len; + pas.wp = wp; + pas.wsi = wsi; + + if (wsi->parent->protocol->callback(wsi->parent, + LWS_CALLBACK_CHILD_WRITE_VIA_PARENT, + wsi->parent->user_space, + (void *)&pas, 0)) + return 1; + + return len; + } + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_API_LWS_WRITE, 1); + + if ((int)len < 0) { + lwsl_err("%s: suspicious len int %d, ulong %lu\n", __func__, + (int)len, (unsigned long)len); + return -1; + } + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_B_WRITE, len); + +#ifdef LWS_WITH_ACCESS_LOG + wsi->access_log.sent += len; +#endif + if (wsi->vhost) + wsi->vhost->conn_stats.tx += len; + + if (wsi->state == LWSS_ESTABLISHED && wsi->u.ws.tx_draining_ext) { + /* remove us from the list */ + struct lws **w = &pt->tx_draining_ext_list; + + // lwsl_notice("%s: TX EXT DRAINING: Remove from list\n", __func__); + wsi->u.ws.tx_draining_ext = 0; + /* remove us from context draining ext list */ + while (*w) { + if (*w == wsi) { + *w = wsi->u.ws.tx_draining_ext_list; + break; + } + w = &((*w)->u.ws.tx_draining_ext_list); + } + wsi->u.ws.tx_draining_ext_list = NULL; + wp = (wsi->u.ws.tx_draining_stashed_wp & 0xc0) | + LWS_WRITE_CONTINUATION; + + lwsl_ext("FORCED draining wp to 0x%02X\n", wp); + } + + lws_restart_ws_ping_pong_timer(wsi); + + if (wp == LWS_WRITE_HTTP || + wp == LWS_WRITE_HTTP_FINAL || + wp == LWS_WRITE_HTTP_HEADERS) + goto send_raw; + + /* if not in a state to send stuff, then just send nothing */ + + if (wsi->state != LWSS_ESTABLISHED && + ((wsi->state != LWSS_RETURNED_CLOSE_ALREADY && + wsi->state != LWSS_AWAITING_CLOSE_ACK) || + wp != LWS_WRITE_CLOSE)) + return 0; + + /* if we are continuing a frame that already had its header done */ + + if (wsi->u.ws.inside_frame) { + lwsl_debug("INSIDE FRAME\n"); + goto do_more_inside_frame; + } + + wsi->u.ws.clean_buffer = 1; + + /* + * give a chance to the extensions to modify payload + * the extension may decide to produce unlimited payload erratically + * (eg, compression extension), so we require only that if he produces + * something, it will be a complete fragment of the length known at + * the time (just the fragment length known), and if he has + * more we will come back next time he is writeable and allow him to + * produce more fragments until he's drained. + * + * This allows what is sent each time it is writeable to be limited to + * a size that can be sent without partial sends or blocking, allows + * interleaving of control frames and other connection service. + */ + eff_buf.token = (char *)buf; + eff_buf.token_len = len; + + switch ((int)wp) { + case LWS_WRITE_PING: + case LWS_WRITE_PONG: + case LWS_WRITE_CLOSE: + break; + default: + lwsl_debug("LWS_EXT_CB_PAYLOAD_TX\n"); + n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_TX, &eff_buf, wp); + if (n < 0) + return -1; + + if (n && eff_buf.token_len) { + lwsl_debug("drain len %d\n", (int)eff_buf.token_len); + /* extension requires further draining */ + wsi->u.ws.tx_draining_ext = 1; + wsi->u.ws.tx_draining_ext_list = pt->tx_draining_ext_list; + pt->tx_draining_ext_list = wsi; + /* we must come back to do more */ + lws_callback_on_writable(wsi); + /* + * keep a copy of the write type for the overall + * action that has provoked generation of these + * fragments, so the last guy can use its FIN state. + */ + wsi->u.ws.tx_draining_stashed_wp = wp; + /* this is definitely not actually the last fragment + * because the extension asserted he has more coming + * So make sure this intermediate one doesn't go out + * with a FIN. + */ + wp |= LWS_WRITE_NO_FIN; + } + + if (eff_buf.token_len && wsi->u.ws.stashed_write_pending) { + wsi->u.ws.stashed_write_pending = 0; + wp = (wp &0xc0) | (int)wsi->u.ws.stashed_write_type; + } + } + + /* + * an extension did something we need to keep... for example, if + * compression extension, it has already updated its state according + * to this being issued + */ + if ((char *)buf != eff_buf.token) { + /* + * ext might eat it, but not have anything to issue yet. + * In that case we have to follow his lead, but stash and + * replace the write type that was lost here the first time. + */ + if (len && !eff_buf.token_len) { + if (!wsi->u.ws.stashed_write_pending) + wsi->u.ws.stashed_write_type = (char)wp & 0x3f; + wsi->u.ws.stashed_write_pending = 1; + return len; + } + /* + * extension recreated it: + * need to buffer this if not all sent + */ + wsi->u.ws.clean_buffer = 0; + } + + buf = (unsigned char *)eff_buf.token; + len = eff_buf.token_len; + + lwsl_debug("%p / %d\n", buf, (int)len); + + if (!buf) { + lwsl_err("null buf (%d)\n", (int)len); + return -1; + } + + switch (wsi->ietf_spec_revision) { + case 13: + if (masked7) { + pre += 4; + dropmask = &buf[0 - pre]; + is_masked_bit = 0x80; + } + + switch (wp & 0xf) { + case LWS_WRITE_TEXT: + n = LWSWSOPC_TEXT_FRAME; + break; + case LWS_WRITE_BINARY: + n = LWSWSOPC_BINARY_FRAME; + break; + case LWS_WRITE_CONTINUATION: + n = LWSWSOPC_CONTINUATION; + break; + + case LWS_WRITE_CLOSE: + n = LWSWSOPC_CLOSE; + break; + case LWS_WRITE_PING: + n = LWSWSOPC_PING; + break; + case LWS_WRITE_PONG: + n = LWSWSOPC_PONG; + break; + default: + lwsl_warn("lws_write: unknown write opc / wp\n"); + return -1; + } + + if (!(wp & LWS_WRITE_NO_FIN)) + n |= 1 << 7; + + if (len < 126) { + pre += 2; + buf[-pre] = n; + buf[-pre + 1] = (unsigned char)(len | is_masked_bit); + } else { + if (len < 65536) { + pre += 4; + buf[-pre] = n; + buf[-pre + 1] = 126 | is_masked_bit; + buf[-pre + 2] = (unsigned char)(len >> 8); + buf[-pre + 3] = (unsigned char)len; + } else { + pre += 10; + buf[-pre] = n; + buf[-pre + 1] = 127 | is_masked_bit; +#if defined __LP64__ + buf[-pre + 2] = (len >> 56) & 0x7f; + buf[-pre + 3] = len >> 48; + buf[-pre + 4] = len >> 40; + buf[-pre + 5] = len >> 32; +#else + buf[-pre + 2] = 0; + buf[-pre + 3] = 0; + buf[-pre + 4] = 0; + buf[-pre + 5] = 0; +#endif + buf[-pre + 6] = (unsigned char)(len >> 24); + buf[-pre + 7] = (unsigned char)(len >> 16); + buf[-pre + 8] = (unsigned char)(len >> 8); + buf[-pre + 9] = (unsigned char)len; + } + } + break; + } + +do_more_inside_frame: + + /* + * Deal with masking if we are in client -> server direction and + * the wp demands it + */ + + if (masked7) { + if (!wsi->u.ws.inside_frame) + if (lws_0405_frame_mask_generate(wsi)) { + lwsl_err("frame mask generation failed\n"); + return -1; + } + + /* + * in v7, just mask the payload + */ + if (dropmask) { /* never set if already inside frame */ + for (n = 4; n < (int)len + 4; n++) + dropmask[n] = dropmask[n] ^ wsi->u.ws.mask[ + (wsi->u.ws.mask_idx++) & 3]; + + /* copy the frame nonce into place */ + memcpy(dropmask, wsi->u.ws.mask, 4); + } + } + +send_raw: + switch ((int)wp) { + case LWS_WRITE_CLOSE: +/* lwsl_hexdump(&buf[-pre], len); */ + case LWS_WRITE_HTTP: + case LWS_WRITE_HTTP_FINAL: + case LWS_WRITE_HTTP_HEADERS: + case LWS_WRITE_PONG: + case LWS_WRITE_PING: +#ifdef LWS_USE_HTTP2 + if (wsi->mode == LWSCM_HTTP2_SERVING) { + unsigned char flags = 0; + + n = LWS_HTTP2_FRAME_TYPE_DATA; + if (wp == LWS_WRITE_HTTP_HEADERS) { + n = LWS_HTTP2_FRAME_TYPE_HEADERS; + flags = LWS_HTTP2_FLAG_END_HEADERS; + if (wsi->u.http2.send_END_STREAM) + flags |= LWS_HTTP2_FLAG_END_STREAM; + } + + if ((wp == LWS_WRITE_HTTP || + wp == LWS_WRITE_HTTP_FINAL) && + wsi->u.http.content_length) { + wsi->u.http.content_remain -= len; + lwsl_info("%s: content_remain = %llu\n", __func__, + (unsigned long long)wsi->u.http.content_remain); + if (!wsi->u.http.content_remain) { + lwsl_info("%s: selecting final write mode\n", __func__); + wp = LWS_WRITE_HTTP_FINAL; + } + } + + if (wp == LWS_WRITE_HTTP_FINAL && wsi->u.http2.END_STREAM) { + lwsl_info("%s: setting END_STREAM\n", __func__); + flags |= LWS_HTTP2_FLAG_END_STREAM; + } + + return lws_http2_frame_write(wsi, n, flags, + wsi->u.http2.my_stream_id, len, buf); + } +#endif + return lws_issue_raw(wsi, (unsigned char *)buf - pre, len + pre); + default: + break; + } + + /* + * give any active extensions a chance to munge the buffer + * before send. We pass in a pointer to an lws_tokens struct + * prepared with the default buffer and content length that's in + * there. Rather than rewrite the default buffer, extensions + * that expect to grow the buffer can adapt .token to + * point to their own per-connection buffer in the extension + * user allocation. By default with no extensions or no + * extension callback handling, just the normal input buffer is + * used then so it is efficient. + * + * callback returns 1 in case it wants to spill more buffers + * + * This takes care of holding the buffer if send is incomplete, ie, + * if wsi->u.ws.clean_buffer is 0 (meaning an extension meddled with + * the buffer). If wsi->u.ws.clean_buffer is 1, it will instead + * return to the user code how much OF THE USER BUFFER was consumed. + */ + + n = lws_issue_raw_ext_access(wsi, buf - pre, len + pre); + wsi->u.ws.inside_frame = 1; + if (n <= 0) + return n; + + if (n == (int)len + pre) { + /* everything in the buffer was handled (or rebuffered...) */ + wsi->u.ws.inside_frame = 0; + return orig_len; + } + + /* + * it is how many bytes of user buffer got sent... may be < orig_len + * in which case callback when writable has already been arranged + * and user code can call lws_write() again with the rest + * later. + */ + + return n - pre; +} + +LWS_VISIBLE int lws_serve_http_file_fragment(struct lws *wsi) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct lws_process_html_args args; + lws_filepos_t amount, poss; + unsigned char *p; +#if defined(LWS_WITH_RANGES) + unsigned char finished = 0; +#endif + int n, m; + + // lwsl_notice("%s (trunc len %d)\n", __func__, wsi->trunc_len); + + while (wsi->http2_substream || !lws_send_pipe_choked(wsi)) { + + if (wsi->trunc_len) { + if (lws_issue_raw(wsi, wsi->trunc_alloc + + wsi->trunc_offset, + wsi->trunc_len) < 0) { + lwsl_info("%s: closing\n", __func__); + goto file_had_it; + } + continue; + } + + if (wsi->u.http.filepos == wsi->u.http.filelen) + goto all_sent; + + n = 0; + + p = pt->serv_buf; + +#if defined(LWS_WITH_RANGES) + if (wsi->u.http.range.count_ranges && !wsi->u.http.range.inside) { + + lwsl_notice("%s: doing range start %llu\n", __func__, wsi->u.http.range.start); + + if ((long long)lws_vfs_file_seek_cur(wsi->u.http.fop_fd, + wsi->u.http.range.start - + wsi->u.http.filepos) < 0) + goto file_had_it; + + wsi->u.http.filepos = wsi->u.http.range.start; + + if (wsi->u.http.range.count_ranges > 1) { + n = lws_snprintf((char *)p, context->pt_serv_buf_size, + "_lws\x0d\x0a" + "Content-Type: %s\x0d\x0a" + "Content-Range: bytes %llu-%llu/%llu\x0d\x0a" + "\x0d\x0a", + wsi->u.http.multipart_content_type, + wsi->u.http.range.start, + wsi->u.http.range.end, + wsi->u.http.range.extent); + p += n; + } + + wsi->u.http.range.budget = wsi->u.http.range.end - + wsi->u.http.range.start + 1; + wsi->u.http.range.inside = 1; + } +#endif + + poss = context->pt_serv_buf_size - n; + + /* + * if there is a hint about how much we will do well to send at one time, + * restrict ourselves to only trying to send that. + */ + if (wsi->protocol->tx_packet_size && poss > wsi->protocol->tx_packet_size) + poss = wsi->protocol->tx_packet_size; + +#if defined(LWS_WITH_RANGES) + if (wsi->u.http.range.count_ranges) { + if (wsi->u.http.range.count_ranges > 1) + poss -= 7; /* allow for final boundary */ + if (poss > wsi->u.http.range.budget) + poss = wsi->u.http.range.budget; + } +#endif + if (wsi->sending_chunked) { + /* we need to drop the chunk size in here */ + p += 10; + /* allow for the chunk to grow by 128 in translation */ + poss -= 10 + 128; + } + + if (lws_vfs_file_read(wsi->u.http.fop_fd, &amount, p, poss) < 0) + goto file_had_it; /* caller will close */ + + //lwsl_notice("amount %ld\n", amount); + + if (wsi->sending_chunked) + n = (int)amount; + else + n = (p - pt->serv_buf) + (int)amount; + if (n) { + lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_CONTENT, + context->timeout_secs); + + if (wsi->sending_chunked) { + args.p = (char *)p; + args.len = n; + args.max_len = (unsigned int)poss + 128; + args.final = wsi->u.http.filepos + n == + wsi->u.http.filelen; + if (user_callback_handle_rxflow( + wsi->vhost->protocols[(int)wsi->protocol_interpret_idx].callback, wsi, + LWS_CALLBACK_PROCESS_HTML, + wsi->user_space, &args, 0) < 0) + goto file_had_it; + n = args.len; + p = (unsigned char *)args.p; + } else + p = pt->serv_buf; + +#if defined(LWS_WITH_RANGES) + if (wsi->u.http.range.send_ctr + 1 == + wsi->u.http.range.count_ranges && // last range + wsi->u.http.range.count_ranges > 1 && // was 2+ ranges (ie, multipart) + wsi->u.http.range.budget - amount == 0) {// final part + n += lws_snprintf((char *)pt->serv_buf + n, 6, + "_lws\x0d\x0a"); // append trailing boundary + lwsl_debug("added trailing boundary\n"); + } +#endif + m = lws_write(wsi, p, n, + wsi->u.http.filepos == wsi->u.http.filelen ? + LWS_WRITE_HTTP_FINAL : + LWS_WRITE_HTTP + ); + if (m < 0) + goto file_had_it; + + wsi->u.http.filepos += amount; + +#if defined(LWS_WITH_RANGES) + if (wsi->u.http.range.count_ranges >= 1) { + wsi->u.http.range.budget -= amount; + if (wsi->u.http.range.budget == 0) { + lwsl_notice("range budget exhausted\n"); + wsi->u.http.range.inside = 0; + wsi->u.http.range.send_ctr++; + + if (lws_ranges_next(&wsi->u.http.range) < 1) { + finished = 1; + goto all_sent; + } + } + } +#endif + + if (m != n) { + /* adjust for what was not sent */ + if (lws_vfs_file_seek_cur(wsi->u.http.fop_fd, + m - n) == + (unsigned long)-1) + goto file_had_it; + } + } +all_sent: + if ((!wsi->trunc_len && wsi->u.http.filepos == wsi->u.http.filelen) +#if defined(LWS_WITH_RANGES) + || finished) +#else + ) +#endif + { + wsi->state = LWSS_HTTP; + /* we might be in keepalive, so close it off here */ + lws_vfs_file_close(&wsi->u.http.fop_fd); + + lwsl_debug("file completed\n"); + + if (wsi->protocol->callback) + /* ignore callback returned value */ + if (user_callback_handle_rxflow( + wsi->protocol->callback, wsi, + LWS_CALLBACK_HTTP_FILE_COMPLETION, + wsi->user_space, NULL, 0) < 0) + return -1; + + return 1; /* >0 indicates completed */ + } + } + + lws_callback_on_writable(wsi); + + return 0; /* indicates further processing must be done */ + +file_had_it: + lws_vfs_file_close(&wsi->u.http.fop_fd); + + return -1; +} + +#if LWS_POSIX +LWS_VISIBLE int +lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, int len) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + int n; + + lws_stats_atomic_bump(context, pt, LWSSTATS_C_API_READ, 1); + + n = recv(wsi->desc.sockfd, (char *)buf, len, 0); + if (n >= 0) { + if (wsi->vhost) + wsi->vhost->conn_stats.rx += n; + lws_stats_atomic_bump(context, pt, LWSSTATS_B_READ, n); + lws_restart_ws_ping_pong_timer(wsi); + return n; + } +#if LWS_POSIX + if (LWS_ERRNO == LWS_EAGAIN || + LWS_ERRNO == LWS_EWOULDBLOCK || + LWS_ERRNO == LWS_EINTR) + return LWS_SSL_CAPABLE_MORE_SERVICE; +#endif + lwsl_notice("error on reading from skt : %d\n", LWS_ERRNO); + return LWS_SSL_CAPABLE_ERROR; +} + +LWS_VISIBLE int +lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len) +{ + int n = 0; + +#if LWS_POSIX + n = send(wsi->desc.sockfd, (char *)buf, len, MSG_NOSIGNAL); +// lwsl_info("%s: sent len %d result %d", __func__, len, n); + if (n >= 0) + return n; + + if (LWS_ERRNO == LWS_EAGAIN || + LWS_ERRNO == LWS_EWOULDBLOCK || + LWS_ERRNO == LWS_EINTR) { + if (LWS_ERRNO == LWS_EWOULDBLOCK) { + lws_set_blocking_send(wsi); + } + + return LWS_SSL_CAPABLE_MORE_SERVICE; + } +#else + (void)n; + (void)wsi; + (void)buf; + (void)len; + // !!! +#endif + + lwsl_debug("ERROR writing len %d to skt fd %d err %d / errno %d\n", len, wsi->desc.sockfd, n, LWS_ERRNO); + return LWS_SSL_CAPABLE_ERROR; +} +#endif +LWS_VISIBLE int +lws_ssl_pending_no_ssl(struct lws *wsi) +{ + (void)wsi; +#if defined(LWS_WITH_ESP32) + return 100; +#else + return 0; +#endif +} diff --git a/lib/parsers.c b/lib/parsers.c new file mode 100644 index 0000000..2f4799e --- /dev/null +++ b/lib/parsers.c @@ -0,0 +1,1634 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2013 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +const unsigned char lextable[] = { + #include "lextable.h" +}; + +#define FAIL_CHAR 0x08 + +int LWS_WARN_UNUSED_RESULT +lextable_decode(int pos, char c) +{ + if (c >= 'A' && c <= 'Z') + c += 'a' - 'A'; + + while (1) { + if (lextable[pos] & (1 << 7)) { /* 1-byte, fail on mismatch */ + if ((lextable[pos] & 0x7f) != c) + return -1; + /* fall thru */ + pos++; + if (lextable[pos] == FAIL_CHAR) + return -1; + return pos; + } + + if (lextable[pos] == FAIL_CHAR) + return -1; + + /* b7 = 0, end or 3-byte */ + if (lextable[pos] < FAIL_CHAR) /* terminal marker */ + return pos; + + if (lextable[pos] == c) /* goto */ + return pos + (lextable[pos + 1]) + + (lextable[pos + 2] << 8); + /* fall thru goto */ + pos += 3; + /* continue */ + } +} + +void +_lws_header_table_reset(struct allocated_headers *ah) +{ + /* init the ah to reflect no headers or data have appeared yet */ + memset(ah->frag_index, 0, sizeof(ah->frag_index)); + ah->nfrag = 0; + ah->pos = 0; + ah->http_response = 0; +} + +// doesn't scrub the ah rxbuffer by default, parent must do if needed + +void +lws_header_table_reset(struct lws *wsi, int autoservice) +{ + struct allocated_headers *ah = wsi->u.hdr.ah; + struct lws_context_per_thread *pt; + struct lws_pollfd *pfd; + + /* if we have the idea we're resetting 'our' ah, must be bound to one */ + assert(ah); + /* ah also concurs with ownership */ + assert(ah->wsi == wsi); + + _lws_header_table_reset(ah); + + wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; + wsi->u.hdr.lextable_pos = 0; + + /* since we will restart the ah, our new headers are not completed */ + wsi->hdr_parsing_completed = 0; + + /* while we hold the ah, keep a timeout on the wsi */ + lws_set_timeout(wsi, PENDING_TIMEOUT_HOLDING_AH, + wsi->vhost->timeout_secs_ah_idle); + + /* + * if we inherited pending rx (from socket adoption deferred + * processing), apply and free it. + */ + if (wsi->u.hdr.preamble_rx) { + memcpy(ah->rx, wsi->u.hdr.preamble_rx, + wsi->u.hdr.preamble_rx_len); + ah->rxlen = wsi->u.hdr.preamble_rx_len; + lws_free_set_NULL(wsi->u.hdr.preamble_rx); + + if (autoservice) { + lwsl_notice("%s: calling service on readbuf ah\n", __func__); + + pt = &wsi->context->pt[(int)wsi->tsi]; + + /* unlike a normal connect, we have the headers already + * (or the first part of them anyway) + */ + pfd = &pt->fds[wsi->position_in_fds_table]; + pfd->revents |= LWS_POLLIN; + lwsl_err("%s: calling service\n", __func__); + lws_service_fd_tsi(wsi->context, pfd, wsi->tsi); + } + } +} + +int LWS_WARN_UNUSED_RESULT +lws_header_table_attach(struct lws *wsi, int autoservice) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct lws_pollargs pa; + struct lws **pwsi; + int n; + + lwsl_info("%s: wsi %p: ah %p (tsi %d, count = %d) in\n", __func__, (void *)wsi, + (void *)wsi->u.hdr.ah, wsi->tsi, pt->ah_count_in_use); + + /* if we are already bound to one, just clear it down */ + if (wsi->u.hdr.ah) { + lwsl_info("cleardown\n"); + goto reset; + } + + lws_pt_lock(pt); + pwsi = &pt->ah_wait_list; + while (*pwsi) { + if (*pwsi == wsi) { + /* if already waiting on list, if no new ah just ret */ + if (pt->ah_count_in_use == + context->max_http_header_pool) { + lwsl_notice("%s: no free ah to attach\n", __func__); + goto bail; + } + /* new ah.... remove ourselves from waiting list */ + *pwsi = wsi->u.hdr.ah_wait_list; /* set our prev to our next */ + wsi->u.hdr.ah_wait_list = NULL; /* no next any more */ + pt->ah_wait_list_length--; + break; + } + pwsi = &(*pwsi)->u.hdr.ah_wait_list; + } + /* + * pool is all busy... add us to waiting list and return that we + * weren't able to deliver it right now + */ + if (pt->ah_count_in_use == context->max_http_header_pool) { + lwsl_info("%s: adding %p to ah waiting list\n", __func__, wsi); + wsi->u.hdr.ah_wait_list = pt->ah_wait_list; + pt->ah_wait_list = wsi; + pt->ah_wait_list_length++; + + /* we cannot accept input then */ + + _lws_change_pollfd(wsi, LWS_POLLIN, 0, &pa); + goto bail; + } + + for (n = 0; n < context->max_http_header_pool; n++) + if (!pt->ah_pool[n].in_use) + break; + + /* if the count of in use said something free... */ + assert(n != context->max_http_header_pool); + + wsi->u.hdr.ah = &pt->ah_pool[n]; + wsi->u.hdr.ah->in_use = 1; + pt->ah_pool[n].wsi = wsi; /* mark our owner */ + pt->ah_count_in_use++; + + _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa); + + lwsl_info("%s: did attach wsi %p: ah %p: count %d (on exit)\n", __func__, + (void *)wsi, (void *)wsi->u.hdr.ah, pt->ah_count_in_use); + + lws_pt_unlock(pt); + +reset: + + /* and reset the rx state */ + wsi->u.hdr.ah->rxpos = 0; + wsi->u.hdr.ah->rxlen = 0; + + lws_header_table_reset(wsi, autoservice); + time(&wsi->u.hdr.ah->assigned); + +#ifndef LWS_NO_CLIENT + if (wsi->state == LWSS_CLIENT_UNCONNECTED) + if (!lws_client_connect_via_info2(wsi)) + /* our client connect has failed, the wsi + * has been closed + */ + return -1; +#endif + + return 0; + +bail: + lws_pt_unlock(pt); + + return 1; +} + +void +lws_header_table_force_to_detachable_state(struct lws *wsi) +{ + if (wsi->u.hdr.ah) { + wsi->u.hdr.ah->rxpos = -1; + wsi->u.hdr.ah->rxlen = -1; + wsi->hdr_parsing_completed = 1; + } +} + +int +lws_header_table_is_in_detachable_state(struct lws *wsi) +{ + struct allocated_headers *ah = wsi->u.hdr.ah; + + return ah && ah->rxpos == ah->rxlen && wsi->hdr_parsing_completed; +} + +void +__lws_remove_from_ah_waiting_list(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + struct lws **pwsi =&pt->ah_wait_list; + + if (wsi->u.hdr.ah) + return; + + while (*pwsi) { + if (*pwsi == wsi) { + lwsl_info("%s: wsi %p, remv wait\n", + __func__, wsi); + *pwsi = wsi->u.hdr.ah_wait_list; + wsi->u.hdr.ah_wait_list = NULL; + pt->ah_wait_list_length--; + return; + } + pwsi = &(*pwsi)->u.hdr.ah_wait_list; + } +} + + +int lws_header_table_detach(struct lws *wsi, int autoservice) +{ + struct lws_context *context = wsi->context; + struct allocated_headers *ah = wsi->u.hdr.ah; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct lws_pollargs pa; + struct lws **pwsi; + time_t now; + + lws_pt_lock(pt); + __lws_remove_from_ah_waiting_list(wsi); + lws_pt_unlock(pt); + + if (!ah) + return 0; + + lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__, + (void *)wsi, (void *)ah, wsi->tsi, + pt->ah_count_in_use); + + if (wsi->u.hdr.preamble_rx) + lws_free_set_NULL(wsi->u.hdr.preamble_rx); + + /* may not be detached while he still has unprocessed rx */ + if (!lws_header_table_is_in_detachable_state(wsi)) { + lwsl_err("%s: %p: CANNOT DETACH rxpos:%d, rxlen:%d, wsi->hdr_parsing_completed = %d\n", __func__, wsi, + ah->rxpos, ah->rxlen, wsi->hdr_parsing_completed); + return 0; + } + + lws_pt_lock(pt); + + /* we did have an ah attached */ + time(&now); + if (ah->assigned && now - ah->assigned > 3) { + /* + * we're detaching the ah, but it was held an + * unreasonably long time + */ + lwsl_notice("%s: wsi %p: ah held %ds, " + "ah.rxpos %d, ah.rxlen %d, mode/state %d %d," + "wsi->more_rx_waiting %d\n", __func__, wsi, + (int)(now - ah->assigned), + ah->rxpos, ah->rxlen, wsi->mode, wsi->state, + wsi->more_rx_waiting); + } + + ah->assigned = 0; + + /* if we think we're detaching one, there should be one in use */ + assert(pt->ah_count_in_use > 0); + /* and this specific one should have been in use */ + assert(ah->in_use); + wsi->u.hdr.ah = NULL; + ah->wsi = NULL; /* no owner */ + + pwsi = &pt->ah_wait_list; + + /* oh there is nobody on the waiting list... leave it at that then */ + if (!*pwsi) { + ah->in_use = 0; + pt->ah_count_in_use--; + + goto bail; + } + + /* somebody else on same tsi is waiting, give it to oldest guy */ + + lwsl_info("pt wait list %p\n", *pwsi); + while ((*pwsi)->u.hdr.ah_wait_list) + pwsi = &(*pwsi)->u.hdr.ah_wait_list; + + wsi = *pwsi; + lwsl_info("last wsi in wait list %p\n", wsi); + + wsi->u.hdr.ah = ah; + ah->wsi = wsi; /* new owner */ + /* and reset the rx state */ + ah->rxpos = 0; + ah->rxlen = 0; + lws_header_table_reset(wsi, autoservice); + time(&wsi->u.hdr.ah->assigned); + + /* clients acquire the ah and then insert themselves in fds table... */ + if (wsi->position_in_fds_table != -1) { + lwsl_info("%s: Enabling %p POLLIN\n", __func__, wsi); + + /* he has been stuck waiting for an ah, but now his wait is over, + * let him progress + */ + _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa); + } + + /* point prev guy to next guy in list instead */ + *pwsi = wsi->u.hdr.ah_wait_list; + /* the guy who got one is out of the list */ + wsi->u.hdr.ah_wait_list = NULL; + pt->ah_wait_list_length--; + +#ifndef LWS_NO_CLIENT + if (wsi->state == LWSS_CLIENT_UNCONNECTED) { + lws_pt_unlock(pt); + + if (!lws_client_connect_via_info2(wsi)) { + /* our client connect has failed, the wsi + * has been closed + */ + + return -1; + } + return 0; + } +#endif + + assert(!!pt->ah_wait_list_length == !!(lws_intptr_t)pt->ah_wait_list); +bail: + lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__, + (void *)wsi, (void *)ah, wsi->tsi, + pt->ah_count_in_use); + lws_pt_unlock(pt); + + return 0; +} + +LWS_VISIBLE int +lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, int frag_idx) +{ + int n; + + if (!wsi->u.hdr.ah) + return 0; + + n = wsi->u.hdr.ah->frag_index[h]; + if (!n) + return 0; + do { + if (!frag_idx) + return wsi->u.hdr.ah->frags[n].len; + n = wsi->u.hdr.ah->frags[n].nfrag; + } while (frag_idx-- && n); + + return 0; +} + +LWS_VISIBLE int lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h) +{ + int n; + int len = 0; + + if (!wsi->u.hdr.ah) + return 0; + + n = wsi->u.hdr.ah->frag_index[h]; + if (!n) + return 0; + do { + len += wsi->u.hdr.ah->frags[n].len; + n = wsi->u.hdr.ah->frags[n].nfrag; + } while (n); + + return len; +} + +LWS_VISIBLE int lws_hdr_copy_fragment(struct lws *wsi, char *dst, int len, + enum lws_token_indexes h, int frag_idx) +{ + int n = 0; + int f; + + if (!wsi->u.hdr.ah) + return -1; + + f = wsi->u.hdr.ah->frag_index[h]; + + if (!f) + return -1; + + while (n < frag_idx) { + f = wsi->u.hdr.ah->frags[f].nfrag; + if (!f) + return -1; + n++; + } + + if (wsi->u.hdr.ah->frags[f].len >= len) + return -1; + + memcpy(dst, wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[f].offset, + wsi->u.hdr.ah->frags[f].len); + dst[wsi->u.hdr.ah->frags[f].len] = '\0'; + + return wsi->u.hdr.ah->frags[f].len; +} + +LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len, + enum lws_token_indexes h) +{ + int toklen = lws_hdr_total_length(wsi, h); + int n; + + if (toklen >= len) + return -1; + + if (!wsi->u.hdr.ah) + return -1; + + n = wsi->u.hdr.ah->frag_index[h]; + if (!n) + return 0; + + do { + strcpy(dst, &wsi->u.hdr.ah->data[wsi->u.hdr.ah->frags[n].offset]); + dst += wsi->u.hdr.ah->frags[n].len; + n = wsi->u.hdr.ah->frags[n].nfrag; + } while (n); + + return toklen; +} + +char *lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h) +{ + int n; + + n = wsi->u.hdr.ah->frag_index[h]; + if (!n) + return NULL; + + return wsi->u.hdr.ah->data + wsi->u.hdr.ah->frags[n].offset; +} + +int LWS_WARN_UNUSED_RESULT +lws_pos_in_bounds(struct lws *wsi) +{ + if (wsi->u.hdr.ah->pos < (unsigned int)wsi->context->max_http_header_data) + return 0; + + if (wsi->u.hdr.ah->pos == wsi->context->max_http_header_data) { + lwsl_err("Ran out of header data space\n"); + return 1; + } + + /* + * with these tests everywhere, it should never be able to exceed + * the limit, only meet the limit + */ + + lwsl_err("%s: pos %d, limit %d\n", __func__, wsi->u.hdr.ah->pos, + wsi->context->max_http_header_data); + assert(0); + + return 1; +} + +int LWS_WARN_UNUSED_RESULT +lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h, const char *s) +{ + wsi->u.hdr.ah->nfrag++; + if (wsi->u.hdr.ah->nfrag == ARRAY_SIZE(wsi->u.hdr.ah->frags)) { + lwsl_warn("More hdr frags than we can deal with, dropping\n"); + return -1; + } + + wsi->u.hdr.ah->frag_index[h] = wsi->u.hdr.ah->nfrag; + + wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].offset = wsi->u.hdr.ah->pos; + wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len = 0; + wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].nfrag = 0; + + do { + if (lws_pos_in_bounds(wsi)) + return -1; + + wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = *s; + if (*s) + wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++; + } while (*s++); + + return 0; +} + +signed char char_to_hex(const char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + + if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + + if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + + return -1; +} + +static int LWS_WARN_UNUSED_RESULT +issue_char(struct lws *wsi, unsigned char c) +{ + unsigned short frag_len; + + if (lws_pos_in_bounds(wsi)) + return -1; + + frag_len = wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len; + /* + * If we haven't hit the token limit, just copy the character into + * the header + */ + if (frag_len < wsi->u.hdr.current_token_limit) { + wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = c; + if (c) + wsi->u.hdr.ah->frags[wsi->u.hdr.ah->nfrag].len++; + return 0; + } + + /* Insert a null character when we *hit* the limit: */ + if (frag_len == wsi->u.hdr.current_token_limit) { + if (lws_pos_in_bounds(wsi)) + return -1; + wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos++] = '\0'; + lwsl_warn("header %i exceeds limit %d\n", + wsi->u.hdr.parser_state, + wsi->u.hdr.current_token_limit); + } + + return 1; +} + +int LWS_WARN_UNUSED_RESULT +lws_parse(struct lws *wsi, unsigned char c) +{ + static const unsigned char methods[] = { + WSI_TOKEN_GET_URI, + WSI_TOKEN_POST_URI, + WSI_TOKEN_OPTIONS_URI, + WSI_TOKEN_PUT_URI, + WSI_TOKEN_PATCH_URI, + WSI_TOKEN_DELETE_URI, + WSI_TOKEN_CONNECT, + }; + struct allocated_headers *ah = wsi->u.hdr.ah; + struct lws_context *context = wsi->context; + unsigned int n, m, enc = 0; + + assert(wsi->u.hdr.ah); + + switch (wsi->u.hdr.parser_state) { + default: + + lwsl_parser("WSI_TOK_(%d) '%c'\n", wsi->u.hdr.parser_state, c); + + /* collect into malloc'd buffers */ + /* optional initial space swallow */ + if (!ah->frags[ah->frag_index[wsi->u.hdr.parser_state]].len && + c == ' ') + break; + + for (m = 0; m < ARRAY_SIZE(methods); m++) + if (wsi->u.hdr.parser_state == methods[m]) + break; + if (m == ARRAY_SIZE(methods)) + /* it was not any of the methods */ + goto check_eol; + + /* special URI processing... end at space */ + + if (c == ' ') { + /* enforce starting with / */ + if (!ah->frags[ah->nfrag].len) + if (issue_char(wsi, '/') < 0) + return -1; + + if (wsi->u.hdr.ups == URIPS_SEEN_SLASH_DOT_DOT) { + /* + * back up one dir level if possible + * safe against header fragmentation because + * the method URI can only be in 1 fragment + */ + if (ah->frags[ah->nfrag].len > 2) { + ah->pos--; + ah->frags[ah->nfrag].len--; + do { + ah->pos--; + ah->frags[ah->nfrag].len--; + } while (ah->frags[ah->nfrag].len > 1 && + ah->data[ah->pos] != '/'); + } + } + + /* begin parsing HTTP version: */ + if (issue_char(wsi, '\0') < 0) + return -1; + wsi->u.hdr.parser_state = WSI_TOKEN_HTTP; + goto start_fragment; + } + + /* + * PRIORITY 1 + * special URI processing... convert %xx + */ + + switch (wsi->u.hdr.ues) { + case URIES_IDLE: + if (c == '%') { + wsi->u.hdr.ues = URIES_SEEN_PERCENT; + goto swallow; + } + break; + case URIES_SEEN_PERCENT: + if (char_to_hex(c) < 0) + /* illegal post-% char */ + goto forbid; + + wsi->u.hdr.esc_stash = c; + wsi->u.hdr.ues = URIES_SEEN_PERCENT_H1; + goto swallow; + + case URIES_SEEN_PERCENT_H1: + if (char_to_hex(c) < 0) + /* illegal post-% char */ + goto forbid; + + c = (char_to_hex(wsi->u.hdr.esc_stash) << 4) | + char_to_hex(c); + enc = 1; + wsi->u.hdr.ues = URIES_IDLE; + break; + } + + /* + * PRIORITY 2 + * special URI processing... + * convert /.. or /... or /../ etc to / + * convert /./ to / + * convert // or /// etc to / + * leave /.dir or whatever alone + */ + + switch (wsi->u.hdr.ups) { + case URIPS_IDLE: + if (!c) + return -1; + /* genuine delimiter */ + if ((c == '&' || c == ';') && !enc) { + if (issue_char(wsi, c) < 0) + return -1; + /* swallow the terminator */ + ah->frags[ah->nfrag].len--; + /* link to next fragment */ + ah->frags[ah->nfrag].nfrag = ah->nfrag + 1; + ah->nfrag++; + if (ah->nfrag >= ARRAY_SIZE(ah->frags)) + goto excessive; + /* start next fragment after the & */ + wsi->u.hdr.post_literal_equal = 0; + ah->frags[ah->nfrag].offset = ah->pos; + ah->frags[ah->nfrag].len = 0; + ah->frags[ah->nfrag].nfrag = 0; + goto swallow; + } + /* uriencoded = in the name part, disallow */ + if (c == '=' && enc && + ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] && + !wsi->u.hdr.post_literal_equal) + c = '_'; + + /* after the real =, we don't care how many = */ + if (c == '=' && !enc) + wsi->u.hdr.post_literal_equal = 1; + + /* + to space */ + if (c == '+' && !enc) + c = ' '; + /* issue the first / always */ + if (c == '/' && !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) + wsi->u.hdr.ups = URIPS_SEEN_SLASH; + break; + case URIPS_SEEN_SLASH: + /* swallow subsequent slashes */ + if (c == '/') + goto swallow; + /* track and swallow the first . after / */ + if (c == '.') { + wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT; + goto swallow; + } + wsi->u.hdr.ups = URIPS_IDLE; + break; + case URIPS_SEEN_SLASH_DOT: + /* swallow second . */ + if (c == '.') { + wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT; + goto swallow; + } + /* change /./ to / */ + if (c == '/') { + wsi->u.hdr.ups = URIPS_SEEN_SLASH; + goto swallow; + } + /* it was like /.dir ... regurgitate the . */ + wsi->u.hdr.ups = URIPS_IDLE; + if (issue_char(wsi, '.') < 0) + return -1; + break; + + case URIPS_SEEN_SLASH_DOT_DOT: + + /* /../ or /..[End of URI] --> backup to last / */ + if (c == '/' || c == '?') { + /* + * back up one dir level if possible + * safe against header fragmentation because + * the method URI can only be in 1 fragment + */ + if (ah->frags[ah->nfrag].len > 2) { + ah->pos--; + ah->frags[ah->nfrag].len--; + do { + ah->pos--; + ah->frags[ah->nfrag].len--; + } while (ah->frags[ah->nfrag].len > 1 && + ah->data[ah->pos] != '/'); + } + wsi->u.hdr.ups = URIPS_SEEN_SLASH; + if (ah->frags[ah->nfrag].len > 1) + break; + goto swallow; + } + + /* /..[^/] ... regurgitate and allow */ + + if (issue_char(wsi, '.') < 0) + return -1; + if (issue_char(wsi, '.') < 0) + return -1; + wsi->u.hdr.ups = URIPS_IDLE; + break; + } + + if (c == '?' && !enc && + !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI arguments */ + if (wsi->u.hdr.ues != URIES_IDLE) + goto forbid; + + /* seal off uri header */ + if (issue_char(wsi, '\0') < 0) + return -1; + + /* move to using WSI_TOKEN_HTTP_URI_ARGS */ + ah->nfrag++; + if (ah->nfrag >= ARRAY_SIZE(ah->frags)) + goto excessive; + ah->frags[ah->nfrag].offset = ah->pos; + ah->frags[ah->nfrag].len = 0; + ah->frags[ah->nfrag].nfrag = 0; + + wsi->u.hdr.post_literal_equal = 0; + ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = ah->nfrag; + wsi->u.hdr.ups = URIPS_IDLE; + goto swallow; + } + +check_eol: + /* bail at EOL */ + if (wsi->u.hdr.parser_state != WSI_TOKEN_CHALLENGE && + c == '\x0d') { + if (wsi->u.hdr.ues != URIES_IDLE) + goto forbid; + + c = '\0'; + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; + lwsl_parser("*\n"); + } + + n = issue_char(wsi, c); + if ((int)n < 0) + return -1; + if (n > 0) + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; + +swallow: + /* per-protocol end of headers management */ + + if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) + goto set_parsing_complete; + break; + + /* collecting and checking a name part */ + case WSI_TOKEN_NAME_PART: + lwsl_parser("WSI_TOKEN_NAME_PART '%c' (mode=%d)\n", c, wsi->mode); + + wsi->u.hdr.lextable_pos = + lextable_decode(wsi->u.hdr.lextable_pos, c); + /* + * Server needs to look out for unknown methods... + */ + if (wsi->u.hdr.lextable_pos < 0 && + wsi->mode == LWSCM_HTTP_SERVING) { + /* this is not a header we know about */ + for (m = 0; m < ARRAY_SIZE(methods); m++) + if (ah->frag_index[methods[m]]) { + /* + * already had the method, no idea what + * this crap from the client is, ignore + */ + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; + break; + } + /* + * hm it's an unknown http method from a client in fact, + * it cannot be valid http + */ + if (m == ARRAY_SIZE(methods)) { + /* + * are we set up to accept raw in these cases? + */ + if (lws_check_opt(wsi->vhost->options, + LWS_SERVER_OPTION_FALLBACK_TO_RAW)) + return 2; /* transition to raw */ + + lwsl_info("Unknown method - dropping\n"); + goto forbid; + } + break; + } + /* + * ...otherwise for a client, let him ignore unknown headers + * coming from the server + */ + if (wsi->u.hdr.lextable_pos < 0) { + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; + break; + } + + if (lextable[wsi->u.hdr.lextable_pos] < FAIL_CHAR) { + /* terminal state */ + + n = ((unsigned int)lextable[wsi->u.hdr.lextable_pos] << 8) | + lextable[wsi->u.hdr.lextable_pos + 1]; + + lwsl_parser("known hdr %d\n", n); + for (m = 0; m < ARRAY_SIZE(methods); m++) + if (n == methods[m] && + ah->frag_index[methods[m]]) { + lwsl_warn("Duplicated method\n"); + return -1; + } + + /* + * WSORIGIN is protocol equiv to ORIGIN, + * JWebSocket likes to send it, map to ORIGIN + */ + if (n == WSI_TOKEN_SWORIGIN) + n = WSI_TOKEN_ORIGIN; + + wsi->u.hdr.parser_state = (enum lws_token_indexes) + (WSI_TOKEN_GET_URI + n); + + if (context->token_limits) + wsi->u.hdr.current_token_limit = + context->token_limits->token_limit[ + wsi->u.hdr.parser_state]; + else + wsi->u.hdr.current_token_limit = + wsi->context->max_http_header_data; + + if (wsi->u.hdr.parser_state == WSI_TOKEN_CHALLENGE) + goto set_parsing_complete; + + goto start_fragment; + } + break; + +start_fragment: + ah->nfrag++; +excessive: + if (ah->nfrag == ARRAY_SIZE(ah->frags)) { + lwsl_warn("More hdr frags than we can deal with\n"); + return -1; + } + + ah->frags[ah->nfrag].offset = ah->pos; + ah->frags[ah->nfrag].len = 0; + ah->frags[ah->nfrag].nfrag = 0; + + n = ah->frag_index[wsi->u.hdr.parser_state]; + if (!n) { /* first fragment */ + ah->frag_index[wsi->u.hdr.parser_state] = ah->nfrag; + break; + } + /* continuation */ + while (ah->frags[n].nfrag) + n = ah->frags[n].nfrag; + ah->frags[n].nfrag = ah->nfrag; + + if (issue_char(wsi, ' ') < 0) + return -1; + break; + + /* skipping arg part of a name we didn't recognize */ + case WSI_TOKEN_SKIPPING: + lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c); + + if (c == '\x0d') + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING_SAW_CR; + break; + + case WSI_TOKEN_SKIPPING_SAW_CR: + lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c); + if (wsi->u.hdr.ues != URIES_IDLE) + goto forbid; + if (c == '\x0a') { + wsi->u.hdr.parser_state = WSI_TOKEN_NAME_PART; + wsi->u.hdr.lextable_pos = 0; + } else + wsi->u.hdr.parser_state = WSI_TOKEN_SKIPPING; + break; + /* we're done, ignore anything else */ + + case WSI_PARSING_COMPLETE: + lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c); + break; + } + + return 0; + +set_parsing_complete: + if (wsi->u.hdr.ues != URIES_IDLE) + goto forbid; + if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { + if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION)) + wsi->ietf_spec_revision = + atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION)); + + lwsl_parser("v%02d hdrs completed\n", wsi->ietf_spec_revision); + } + wsi->u.hdr.parser_state = WSI_PARSING_COMPLETE; + wsi->hdr_parsing_completed = 1; + + return 0; + +forbid: + lwsl_notice(" forbidding on uri sanitation\n"); + lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); + return -1; +} + +LWS_VISIBLE int lws_frame_is_binary(struct lws *wsi) +{ + return wsi->u.ws.frame_is_binary; +} + +void +lws_add_wsi_to_draining_ext_list(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + + if (wsi->u.ws.rx_draining_ext) + return; + + lwsl_ext("%s: RX EXT DRAINING: Adding to list\n", __func__); + + wsi->u.ws.rx_draining_ext = 1; + wsi->u.ws.rx_draining_ext_list = pt->rx_draining_ext_list; + pt->rx_draining_ext_list = wsi; +} + +void +lws_remove_wsi_from_draining_ext_list(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + struct lws **w = &pt->rx_draining_ext_list; + + if (!wsi->u.ws.rx_draining_ext) + return; + + lwsl_ext("%s: RX EXT DRAINING: Removing from list\n", __func__); + + wsi->u.ws.rx_draining_ext = 0; + + /* remove us from context draining ext list */ + while (*w) { + if (*w == wsi) { + /* if us, point it instead to who we were pointing to */ + *w = wsi->u.ws.rx_draining_ext_list; + break; + } + w = &((*w)->u.ws.rx_draining_ext_list); + } + wsi->u.ws.rx_draining_ext_list = NULL; +} + +/* + * client-parser.c: lws_client_rx_sm() needs to be roughly kept in + * sync with changes here, esp related to ext draining + */ + +int +lws_rx_sm(struct lws *wsi, unsigned char c) +{ + int callback_action = LWS_CALLBACK_RECEIVE; + int ret = 0, n, rx_draining_ext = 0; + struct lws_tokens eff_buf; + + eff_buf.token = NULL; + eff_buf.token_len = 0; + if (wsi->socket_is_permanently_unusable) + return -1; + + switch (wsi->lws_rx_parse_state) { + case LWS_RXPS_NEW: + if (wsi->u.ws.rx_draining_ext) { + eff_buf.token = NULL; + eff_buf.token_len = 0; + lws_remove_wsi_from_draining_ext_list(wsi); + rx_draining_ext = 1; + lwsl_debug("%s: doing draining flow\n", __func__); + + goto drain_extension; + } + switch (wsi->ietf_spec_revision) { + case 13: + /* + * no prepended frame key any more + */ + wsi->u.ws.all_zero_nonce = 1; + goto handle_first; + + default: + lwsl_warn("lws_rx_sm: unknown spec version %d\n", + wsi->ietf_spec_revision); + break; + } + break; + case LWS_RXPS_04_mask_1: + wsi->u.ws.mask[1] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_04_mask_2; + break; + case LWS_RXPS_04_mask_2: + wsi->u.ws.mask[2] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_04_mask_3; + break; + case LWS_RXPS_04_mask_3: + wsi->u.ws.mask[3] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + + /* + * start from the zero'th byte in the XOR key buffer since + * this is the start of a frame with a new key + */ + + wsi->u.ws.mask_idx = 0; + + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1; + break; + + /* + * 04 logical framing from the spec (all this is masked when incoming + * and has to be unmasked) + * + * We ignore the possibility of extension data because we don't + * negotiate any extensions at the moment. + * + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-------+-+-------------+-------------------------------+ + * |F|R|R|R| opcode|R| Payload len | Extended payload length | + * |I|S|S|S| (4) |S| (7) | (16/63) | + * |N|V|V|V| |V| | (if payload len==126/127) | + * | |1|2|3| |4| | | + * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + + * | Extended payload length continued, if payload len == 127 | + * + - - - - - - - - - - - - - - - +-------------------------------+ + * | | Extension data | + * +-------------------------------+ - - - - - - - - - - - - - - - + + * : : + * +---------------------------------------------------------------+ + * : Application data : + * +---------------------------------------------------------------+ + * + * We pass payload through to userland as soon as we get it, ignoring + * FIN. It's up to userland to buffer it up if it wants to see a + * whole unfragmented block of the original size (which may be up to + * 2^63 long!) + */ + + case LWS_RXPS_04_FRAME_HDR_1: +handle_first: + + wsi->u.ws.opcode = c & 0xf; + wsi->u.ws.rsv = c & 0x70; + wsi->u.ws.final = !!((c >> 7) & 1); + + switch (wsi->u.ws.opcode) { + case LWSWSOPC_TEXT_FRAME: + case LWSWSOPC_BINARY_FRAME: + wsi->u.ws.rsv_first_msg = (c & 0x70); + wsi->u.ws.frame_is_binary = + wsi->u.ws.opcode == LWSWSOPC_BINARY_FRAME; + wsi->u.ws.first_fragment = 1; + break; + case 3: + case 4: + case 5: + case 6: + case 7: + case 0xb: + case 0xc: + case 0xd: + case 0xe: + case 0xf: + lwsl_info("illegal opcode\n"); + return -1; + } + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN: + + wsi->u.ws.this_frame_masked = !!(c & 0x80); + + switch (c & 0x7f) { + case 126: + /* control frames are not allowed to have big lengths */ + if (wsi->u.ws.opcode & 8) + goto illegal_ctl_length; + + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; + break; + case 127: + /* control frames are not allowed to have big lengths */ + if (wsi->u.ws.opcode & 8) + goto illegal_ctl_length; + + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; + break; + default: + wsi->u.ws.rx_packet_length = c & 0x7f; + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = + LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else + if (wsi->u.ws.rx_packet_length) + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + else { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + break; + } + break; + + case LWS_RXPS_04_FRAME_HDR_LEN16_2: + wsi->u.ws.rx_packet_length = c << 8; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN16_1: + wsi->u.ws.rx_packet_length |= c; + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = + LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_8: + if (c & 0x80) { + lwsl_warn("b63 of length must be zero\n"); + /* kill the connection */ + return -1; + } +#if defined __LP64__ + wsi->u.ws.rx_packet_length = ((size_t)c) << 56; +#else + wsi->u.ws.rx_packet_length = 0; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_7: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 48; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_6: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 40; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_5: +#if defined __LP64__ + wsi->u.ws.rx_packet_length |= ((size_t)c) << 32; +#endif + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_4: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 24; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_3: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 16; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_2: + wsi->u.ws.rx_packet_length |= ((size_t)c) << 8; + wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; + break; + + case LWS_RXPS_04_FRAME_HDR_LEN64_1: + wsi->u.ws.rx_packet_length |= ((size_t)c); + if (wsi->u.ws.this_frame_masked) + wsi->lws_rx_parse_state = + LWS_RXPS_07_COLLECT_FRAME_KEY_1; + else + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_1: + wsi->u.ws.mask[0] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_2: + wsi->u.ws.mask[1] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_3: + wsi->u.ws.mask[2] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; + break; + + case LWS_RXPS_07_COLLECT_FRAME_KEY_4: + wsi->u.ws.mask[3] = c; + if (c) + wsi->u.ws.all_zero_nonce = 0; + wsi->lws_rx_parse_state = + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED; + wsi->u.ws.mask_idx = 0; + if (wsi->u.ws.rx_packet_length == 0) { + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + break; + + + case LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED: + assert(wsi->u.ws.rx_ubuf); + + if (wsi->u.ws.rx_draining_ext) + goto drain_extension; + + if (wsi->u.ws.rx_ubuf_head + LWS_PRE >= + wsi->u.ws.rx_ubuf_alloc) { + lwsl_err("Attempted overflow \n"); + return -1; + } + if (wsi->u.ws.all_zero_nonce) + wsi->u.ws.rx_ubuf[LWS_PRE + + (wsi->u.ws.rx_ubuf_head++)] = c; + else + wsi->u.ws.rx_ubuf[LWS_PRE + + (wsi->u.ws.rx_ubuf_head++)] = + c ^ wsi->u.ws.mask[ + (wsi->u.ws.mask_idx++) & 3]; + + if (--wsi->u.ws.rx_packet_length == 0) { + /* spill because we have the whole frame */ + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + goto spill; + } + + /* + * if there's no protocol max frame size given, we are + * supposed to default to context->pt_serv_buf_size + */ + + if (!wsi->protocol->rx_buffer_size && + wsi->u.ws.rx_ubuf_head != wsi->context->pt_serv_buf_size) + break; + else + if (wsi->protocol->rx_buffer_size && + wsi->u.ws.rx_ubuf_head != + wsi->protocol->rx_buffer_size) + break; + + /* spill because we filled our rx buffer */ +spill: + /* + * is this frame a control packet we should take care of at this + * layer? If so service it and hide it from the user callback + */ + + lwsl_parser("spill on %s\n", wsi->protocol->name); + + switch (wsi->u.ws.opcode) { + case LWSWSOPC_CLOSE: + + /* is this an acknowledgement of our close? */ + if (wsi->state == LWSS_AWAITING_CLOSE_ACK) { + /* + * fine he has told us he is closing too, let's + * finish our close + */ + lwsl_parser("seen client close ack\n"); + return -1; + } + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY) + /* if he sends us 2 CLOSE, kill him */ + return -1; + + if (lws_partial_buffered(wsi)) { + /* + * if we're in the middle of something, + * we can't do a normal close response and + * have to just close our end. + */ + wsi->socket_is_permanently_unusable = 1; + lwsl_parser("Closing on peer close due to Pending tx\n"); + return -1; + } + + if (user_callback_handle_rxflow( + wsi->protocol->callback, wsi, + LWS_CALLBACK_WS_PEER_INITIATED_CLOSE, + wsi->user_space, + &wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head)) + return -1; + + lwsl_parser("server sees client close packet\n"); + wsi->state = LWSS_RETURNED_CLOSE_ALREADY; + /* deal with the close packet contents as a PONG */ + wsi->u.ws.payload_is_close = 1; + goto process_as_ping; + + case LWSWSOPC_PING: + lwsl_info("received %d byte ping, sending pong\n", + wsi->u.ws.rx_ubuf_head); + + if (wsi->u.ws.ping_pending_flag) { + /* + * there is already a pending ping payload + * we should just log and drop + */ + lwsl_parser("DROP PING since one pending\n"); + goto ping_drop; + } +process_as_ping: + /* control packets can only be < 128 bytes long */ + if (wsi->u.ws.rx_ubuf_head > 128 - 3) { + lwsl_parser("DROP PING payload too large\n"); + goto ping_drop; + } + + /* stash the pong payload */ + memcpy(wsi->u.ws.ping_payload_buf + LWS_PRE, + &wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head); + + wsi->u.ws.ping_payload_len = wsi->u.ws.rx_ubuf_head; + wsi->u.ws.ping_pending_flag = 1; + + /* get it sent as soon as possible */ + lws_callback_on_writable(wsi); +ping_drop: + wsi->u.ws.rx_ubuf_head = 0; + return 0; + + case LWSWSOPC_PONG: + lwsl_info("received pong\n"); + lwsl_hexdump(&wsi->u.ws.rx_ubuf[LWS_PRE], + wsi->u.ws.rx_ubuf_head); + + if (wsi->pending_timeout == PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG) { + lwsl_info("received expected PONG on wsi %p\n", wsi); + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + } + + /* issue it */ + callback_action = LWS_CALLBACK_RECEIVE_PONG; + break; + + case LWSWSOPC_TEXT_FRAME: + case LWSWSOPC_BINARY_FRAME: + case LWSWSOPC_CONTINUATION: + break; + + default: + lwsl_parser("passing opc %x up to exts\n", + wsi->u.ws.opcode); + /* + * It's something special we can't understand here. + * Pass the payload up to the extension's parsing + * state machine. + */ + + eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE]; + eff_buf.token_len = wsi->u.ws.rx_ubuf_head; + + if (lws_ext_cb_active(wsi, LWS_EXT_CB_EXTENDED_PAYLOAD_RX, + &eff_buf, 0) <= 0) + /* not handle or fail */ + lwsl_ext("ext opc opcode 0x%x unknown\n", + wsi->u.ws.opcode); + + wsi->u.ws.rx_ubuf_head = 0; + return 0; + } + + /* + * No it's real payload, pass it up to the user callback. + * It's nicely buffered with the pre-padding taken care of + * so it can be sent straight out again using lws_write + */ + + eff_buf.token = &wsi->u.ws.rx_ubuf[LWS_PRE]; + eff_buf.token_len = wsi->u.ws.rx_ubuf_head; + +drain_extension: + lwsl_ext("%s: passing %d to ext\n", __func__, eff_buf.token_len); + + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY || + wsi->state == LWSS_AWAITING_CLOSE_ACK) + goto already_done; + + n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &eff_buf, 0); + /* eff_buf may be pointing somewhere completely different now, + * it's the output + */ + wsi->u.ws.first_fragment = 0; + if (n < 0) { + /* + * we may rely on this to get RX, just drop connection + */ + wsi->socket_is_permanently_unusable = 1; + return -1; + } + + if (rx_draining_ext && eff_buf.token_len == 0) + goto already_done; + + if (n && eff_buf.token_len) { + /* extension had more... main loop will come back */ + lws_add_wsi_to_draining_ext_list(wsi); + } else + lws_remove_wsi_from_draining_ext_list(wsi); + + if (eff_buf.token_len > 0 || + callback_action == LWS_CALLBACK_RECEIVE_PONG) { + eff_buf.token[eff_buf.token_len] = '\0'; + + if (wsi->protocol->callback) { + + if (callback_action == LWS_CALLBACK_RECEIVE_PONG) + lwsl_info("Doing pong callback\n"); + + ret = user_callback_handle_rxflow( + wsi->protocol->callback, + wsi, + (enum lws_callback_reasons)callback_action, + wsi->user_space, + eff_buf.token, + eff_buf.token_len); + } + else + lwsl_err("No callback on payload spill!\n"); + } + +already_done: + wsi->u.ws.rx_ubuf_head = 0; + break; + } + + return ret; + +illegal_ctl_length: + + lwsl_warn("Control frame with xtended length is illegal\n"); + /* kill the connection */ + return -1; +} + +LWS_VISIBLE size_t +lws_remaining_packet_payload(struct lws *wsi) +{ + return wsi->u.ws.rx_packet_length; +} + +/* Once we reach LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED, we know how much + * to expect in that state and can deal with it in bulk more efficiently. + */ + +int +lws_payload_until_length_exhausted(struct lws *wsi, unsigned char **buf, + size_t *len) +{ + unsigned char *buffer = *buf, mask[4]; + int buffer_size, n; + unsigned int avail; + char *rx_ubuf; + + if (wsi->protocol->rx_buffer_size) + buffer_size = wsi->protocol->rx_buffer_size; + else + buffer_size = wsi->context->pt_serv_buf_size; + avail = buffer_size - wsi->u.ws.rx_ubuf_head; + + /* do not consume more than we should */ + if (avail > wsi->u.ws.rx_packet_length) + avail = wsi->u.ws.rx_packet_length; + + /* do not consume more than what is in the buffer */ + if (avail > *len) + avail = *len; + + /* we want to leave 1 byte for the parser to handle properly */ + if (avail <= 1) + return 0; + + avail--; + rx_ubuf = wsi->u.ws.rx_ubuf + LWS_PRE + wsi->u.ws.rx_ubuf_head; + if (wsi->u.ws.all_zero_nonce) + memcpy(rx_ubuf, buffer, avail); + else { + + for (n = 0; n < 4; n++) + mask[n] = wsi->u.ws.mask[(wsi->u.ws.mask_idx + n) & 3]; + + /* deal with 4-byte chunks using unwrapped loop */ + n = avail >> 2; + while (n--) { + *(rx_ubuf++) = *(buffer++) ^ mask[0]; + *(rx_ubuf++) = *(buffer++) ^ mask[1]; + *(rx_ubuf++) = *(buffer++) ^ mask[2]; + *(rx_ubuf++) = *(buffer++) ^ mask[3]; + } + /* and the remaining bytes bytewise */ + for (n = 0; n < (int)(avail & 3); n++) + *(rx_ubuf++) = *(buffer++) ^ mask[n]; + + wsi->u.ws.mask_idx = (wsi->u.ws.mask_idx + avail) & 3; + } + + (*buf) += avail; + wsi->u.ws.rx_ubuf_head += avail; + wsi->u.ws.rx_packet_length -= avail; + *len -= avail; + + return avail; +} diff --git a/lib/plat/esp32/esp32-fds.c b/lib/plat/esp32/esp32-fds.c deleted file mode 100644 index a6fc86c..0000000 --- a/lib/plat/esp32/esp32-fds.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -void -lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - pt->fds[pt->fds_count++].revents = 0; -} - -void -lws_plat_delete_socket_from_fds(struct lws_context *context, - struct lws *wsi, int m) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - pt->fds_count--; -} - -int -lws_plat_change_pollfd(struct lws_context *context, - struct lws *wsi, struct lws_pollfd *pfd) -{ - return 0; -} - -int -insert_wsi(const struct lws_context *context, struct lws *wsi) -{ - assert(context->lws_lookup[wsi->desc.sockfd - - lws_plat_socket_offset()] == 0); - - context->lws_lookup[wsi->desc.sockfd - \ - lws_plat_socket_offset()] = wsi; - - return 0; -} \ No newline at end of file diff --git a/lib/plat/esp32/esp32-file.c b/lib/plat/esp32/esp32-file.c deleted file mode 100644 index f2909bb..0000000 --- a/lib/plat/esp32/esp32-file.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int lws_plat_apply_FD_CLOEXEC(int n) -{ - return 0; -} - - -LWS_VISIBLE lws_fop_fd_t IRAM_ATTR -_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, - const char *vpath, lws_fop_flags_t *flags) -{ - struct stat stat_buf; - lws_fop_fd_t fop_fd; - int ret = open(filename, *flags, 0664); - - if (ret < 0) - return NULL; - - if (fstat(ret, &stat_buf) < 0) - goto bail; - - fop_fd = lws_malloc(sizeof(*fop_fd), "fops open"); - if (!fop_fd) - goto bail; - - fop_fd->fops = fops; - fop_fd->fd = ret; - fop_fd->flags = *flags; - fop_fd->filesystem_priv = NULL; /* we don't use it */ - fop_fd->pos = 0; - fop_fd->len = stat_buf.st_size; - - return fop_fd; - -bail: - close(ret); - - return NULL; -} - -LWS_VISIBLE int IRAM_ATTR -_lws_plat_file_close(lws_fop_fd_t *fops_fd) -{ - int fd = (*fops_fd)->fd; - - lws_free(*fops_fd); - *fops_fd = NULL; - - return close(fd); -} - -LWS_VISIBLE lws_fileofs_t IRAM_ATTR -_lws_plat_file_seek_cur(lws_fop_fd_t fops_fd, lws_fileofs_t offset) -{ - return lseek(fops_fd->fd, offset, SEEK_CUR); -} - -LWS_VISIBLE int IRAM_ATTR -_lws_plat_file_read(lws_fop_fd_t fops_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - long n; - - n = read(fops_fd->fd, buf, len); - if (n == -1) { - *amount = 0; - return -1; - } - fops_fd->pos += n; - *amount = n; - - return 0; -} - -LWS_VISIBLE int IRAM_ATTR -_lws_plat_file_write(lws_fop_fd_t fops_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - long n; - - n = write(fops_fd->fd, buf, len); - if (n == -1) { - *amount = 0; - return -1; - } - fops_fd->pos += n; - *amount = n; - - return 0; -} - -#if defined(LWS_AMAZON_RTOS) -int -lws_find_string_in_file(const char *filename, const char *string, int stringlen) -{ - return 0; -} -#else -int -lws_find_string_in_file(const char *filename, const char *string, int stringlen) -{ - nvs_handle nvh; - size_t s; - int n; - char buf[64], result[64]; - const char *p = strchr(string, ':'), *q; - - if (!p) - return 0; - - q = string; - n = 0; - while (n < sizeof(buf) - 1 && q != p) - buf[n++] = *q++; - buf[n] = '\0'; - - ESP_ERROR_CHECK(nvs_open(filename, NVS_READWRITE, &nvh)); - - s = sizeof(result) - 1; - n = nvs_get_str(nvh, buf, result, &s); - nvs_close(nvh); - - if (n != ESP_OK) - return 0; - - return !strcmp(p + 1, result); -} -#endif - -#if !defined(LWS_AMAZON_RTOS) -LWS_VISIBLE int -lws_plat_write_file(const char *filename, void *buf, int len) -{ - nvs_handle nvh; - int n; - - if (nvs_open("lws-station", NVS_READWRITE, &nvh)) { - lwsl_notice("%s: failed to open nvs\n", __func__); - return -1; - } - - n = nvs_set_blob(nvh, filename, buf, len); - if (n >= 0) - nvs_commit(nvh); - - nvs_close(nvh); - - lwsl_notice("%s: wrote %s (%d)\n", __func__, filename, n); - - return n; -} - -/* we write vhostname.cert.pem and vhostname.key.pem, 0 return means OK */ - -LWS_VISIBLE int -lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf, - int len) -{ - const char *name = vhost->tls.alloc_cert_path; - - if (is_key) - name = vhost->tls.key_path; - - return lws_plat_write_file(name, buf, len) < 0; -} - -LWS_VISIBLE int -lws_plat_read_file(const char *filename, void *buf, int len) -{ - nvs_handle nvh; - size_t s = 0; - int n = 0; - - if (nvs_open("lws-station", NVS_READWRITE, &nvh)) { - lwsl_notice("%s: failed to open nvs\n", __func__); - return 1; - } - - ESP_ERROR_CHECK(nvs_open("lws-station", NVS_READWRITE, &nvh)); - if (nvs_get_blob(nvh, filename, NULL, &s) != ESP_OK) - goto bail; - if (s > (size_t)len) - goto bail; - - n = nvs_get_blob(nvh, filename, buf, &s); - - nvs_close(nvh); - - lwsl_notice("%s: read %s (%d)\n", __func__, filename, (int)s); - - if (n) - return -1; - - return (int)s; - -bail: - nvs_close(nvh); - - return -1; -} -#endif /* LWS_AMAZON_RTOS */ diff --git a/lib/plat/esp32/esp32-init.c b/lib/plat/esp32/esp32-init.c deleted file mode 100644 index 2f537d0..0000000 --- a/lib/plat/esp32/esp32-init.c +++ /dev/null @@ -1,112 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_plat_context_early_init(void) -{ - return 0; -} - -void -lws_plat_context_early_destroy(struct lws_context *context) -{ -#if defined(LWS_AMAZON_RTOS) - mbedtls_ctr_drbg_free(&context->mcdc); - mbedtls_entropy_free(&context->mec); -#endif -} - -void -lws_plat_context_late_destroy(struct lws_context *context) -{ -#ifdef LWS_WITH_PLUGINS - if (context->plugin_list) - lws_plat_plugins_destroy(context); -#endif - - if (context->lws_lookup) - lws_free(context->lws_lookup); -} - -#if defined(LWS_WITH_HTTP2) -/* - * These are the default SETTINGS used on this platform. The user - * can selectively modify them for a vhost during vhost creation. - */ -const struct http2_settings lws_h2_defaults_esp32 = { { - 1, - /* H2SET_HEADER_TABLE_SIZE */ 512, - /* H2SET_ENABLE_PUSH */ 0, - /* H2SET_MAX_CONCURRENT_STREAMS */ 8, - /* H2SET_INITIAL_WINDOW_SIZE */ 65535, - /* H2SET_MAX_FRAME_SIZE */ 16384, - /* H2SET_MAX_HEADER_LIST_SIZE */ 512, - /* H2SET_RESERVED7 */ 0, - /* H2SET_ENABLE_CONNECT_PROTOCOL */ 1, -}}; -#endif - -int -lws_plat_init(struct lws_context *context, - const struct lws_context_creation_info *info) -{ -#if defined(LWS_AMAZON_RTOS) - int n; - - /* initialize platform random through mbedtls */ - mbedtls_entropy_init(&context->mec); - mbedtls_ctr_drbg_init(&context->mcdc); - - n = mbedtls_ctr_drbg_seed(&context->mcdc, mbedtls_entropy_func, - &context->mec, NULL, 0); - if (n) { - lwsl_err("%s: mbedtls_ctr_drbg_seed() returned 0x%x\n", - __func__, n); - - return 1; - } -#endif - - /* master context has the global fd lookup array */ - context->lws_lookup = lws_zalloc(sizeof(struct lws *) * - context->max_fds, "esp32 lws_lookup"); - if (context->lws_lookup == NULL) { - lwsl_err("OOM on lws_lookup array for %d connections\n", - context->max_fds); - return 1; - } - - lwsl_notice(" mem: platform fd map: %5lu bytes\n", - (unsigned long)(sizeof(struct lws *) * context->max_fds)); - -#ifdef LWS_WITH_PLUGINS - if (info->plugin_dirs) - lws_plat_plugins_init(context, info->plugin_dirs); -#endif -#if defined(LWS_WITH_HTTP2) - /* override settings */ - context->set = lws_h2_defaults_esp32; -#endif - - return 0; -} diff --git a/lib/plat/esp32/esp32-misc.c b/lib/plat/esp32/esp32-misc.c deleted file mode 100644 index 65de064..0000000 --- a/lib/plat/esp32/esp32-misc.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -lws_usec_t -lws_now_usecs(void) -{ - struct timeval tv; - gettimeofday(&tv, NULL); - return ((unsigned long long)tv.tv_sec * 1000000LL) + tv.tv_usec; -} - -LWS_VISIBLE int -lws_get_random(struct lws_context *context, void *buf, int len) -{ -#if defined(LWS_AMAZON_RTOS) - int n; - - n = mbedtls_ctr_drbg_random(&context->mcdc, buf, len); - if (!n) - return len; - - /* failed */ - - lwsl_err("%s: mbedtls_ctr_drbg_random returned 0x%x\n", __func__, n); - - return 0; -#else - uint8_t *pb = buf; - - while (len) { - uint32_t r = esp_random(); - uint8_t *p = (uint8_t *)&r; - int b = 4; - - if (len < b) - b = len; - - len -= b; - - while (b--) - *pb++ = p[b]; - } - - return pb - (uint8_t *)buf; -#endif -} - - -LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) -{ - lwsl_emit_stderr(level, line); -} - -int -lws_plat_drop_app_privileges(struct lws_context *context, int actually_init) -{ - return 0; -} - -int -lws_plat_recommended_rsa_bits(void) -{ - /* - * 2048-bit key generation takes up to a minute on ESP32, 4096 - * is like 15 minutes + - */ - return 2048; -} - -void esp32_uvtimer_cb(TimerHandle_t t) -{ - struct timer_mapping *p = pvTimerGetTimerID(t); - - p->cb(p->t); -} - diff --git a/lib/plat/esp32/esp32-pipe.c b/lib/plat/esp32/esp32-pipe.c deleted file mode 100644 index c8e11c8..0000000 --- a/lib/plat/esp32/esp32-pipe.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_plat_pipe_create(struct lws *wsi) -{ - return 1; -} - -int -lws_plat_pipe_signal(struct lws *wsi) -{ - return 1; -} - -void -lws_plat_pipe_close(struct lws *wsi) -{ -} diff --git a/lib/plat/esp32/esp32-service.c b/lib/plat/esp32/esp32-service.c deleted file mode 100644 index bb89696..0000000 --- a/lib/plat/esp32/esp32-service.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_plat_service(struct lws_context *context, int timeout_ms) -{ - int n = _lws_plat_service_tsi(context, timeout_ms, 0); - -#if !defined(LWS_AMAZON_RTOS) - esp_task_wdt_reset(); -#endif - - return n; -} - - -LWS_EXTERN int -_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) -{ - struct lws_context_per_thread *pt; - lws_usec_t timeout_us; - int n = -1, m, c, a = 0; - - /* stay dead once we are dead */ - - if (!context || !context->vhost_list) - return 1; - - pt = &context->pt[tsi]; - lws_stats_bump(pt, LWSSTATS_C_SERVICE_ENTRY, 1); - - { - unsigned long m = lws_now_secs(); - - if (m > context->time_last_state_dump) { - context->time_last_state_dump = m; -#if defined(LWS_AMAZON_RTOS) - n = xPortGetFreeHeapSize(); -#else - n = esp_get_free_heap_size(); -#endif - if ((unsigned int)n != context->last_free_heap) { - if ((unsigned int)n > context->last_free_heap) - lwsl_notice(" heap :%ld (+%ld)\n", - (unsigned long)n, - (unsigned long)(n - - context->last_free_heap)); - else - lwsl_notice(" heap :%ld (-%ld)\n", - (unsigned long)n, - (unsigned long)( - context->last_free_heap - - n)); - context->last_free_heap = n; - } - } - } - - if (timeout_ms < 0) - timeout_ms = 0; - else - /* force a default timeout of 23 days */ - timeout_ms = 2000000000; - timeout_us = ((lws_usec_t)timeout_ms) * LWS_US_PER_MS; - - if (!pt->service_tid_detected) { - struct lws *_lws = lws_zalloc(sizeof(*_lws), "tid probe"); - - if (!_lws) - return 1; - _lws->context = context; - - pt->service_tid = context->vhost_list->protocols[0].callback( - _lws, LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); - pt->service_tid_detected = 1; - lws_free(_lws); - } - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (lws_service_adjust_timeout(context, 1, tsi)) { - -again: - a = 0; - if (timeout_us) { - lws_usec_t us; - - lws_pt_lock(pt, __func__); - /* don't stay in poll wait longer than next hr timeout */ - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us && us < timeout_us) - timeout_us = us; - - lws_pt_unlock(pt); - } - - // n = poll(pt->fds, pt->fds_count, timeout_ms); - { - fd_set readfds, writefds, errfds; - struct timeval tv = { timeout_us / LWS_US_PER_SEC, - timeout_us % LWS_US_PER_SEC }, *ptv = &tv; - int max_fd = 0; - FD_ZERO(&readfds); - FD_ZERO(&writefds); - FD_ZERO(&errfds); - - for (n = 0; n < (int)pt->fds_count; n++) { - pt->fds[n].revents = 0; - if (pt->fds[n].fd >= max_fd) - max_fd = pt->fds[n].fd; - if (pt->fds[n].events & LWS_POLLIN) - FD_SET(pt->fds[n].fd, &readfds); - if (pt->fds[n].events & LWS_POLLOUT) - FD_SET(pt->fds[n].fd, &writefds); - FD_SET(pt->fds[n].fd, &errfds); - } - - n = select(max_fd + 1, &readfds, &writefds, &errfds, ptv); - n = 0; - - #if defined(LWS_WITH_DETAILED_LATENCY) - /* - * so we can track how long it took before we actually read a POLLIN - * that was signalled when we last exited poll() - */ - if (context->detailed_latency_cb) - pt->ust_left_poll = lws_now_usecs(); - #endif - - for (m = 0; m < (int)pt->fds_count; m++) { - c = 0; - if (FD_ISSET(pt->fds[m].fd, &readfds)) { - pt->fds[m].revents |= LWS_POLLIN; - c = 1; - } - if (FD_ISSET(pt->fds[m].fd, &writefds)) { - pt->fds[m].revents |= LWS_POLLOUT; - c = 1; - } - if (FD_ISSET(pt->fds[m].fd, &errfds)) { - // lwsl_notice("errfds %d\n", pt->fds[m].fd); - pt->fds[m].revents |= LWS_POLLHUP; - c = 1; - } - - if (c) - n++; - } - } - - m = 0; - - #if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - m |= !!pt->ws.rx_draining_ext_list; - #endif - - if (pt->context->tls_ops && - pt->context->tls_ops->fake_POLLIN_for_buffered) - m |= pt->context->tls_ops->fake_POLLIN_for_buffered(pt); - - if (!m && !n) - return 0; - } else - a = 1; - - m = lws_service_flag_pending(context, tsi); - if (m) - c = -1; /* unknown limit */ - else - if (n < 0) { - if (LWS_ERRNO != LWS_EINTR) - return -1; - return 0; - } else - c = n; - - /* any socket with events to service? */ - for (n = 0; n < (int)pt->fds_count && c; n++) { - if (!pt->fds[n].revents) - continue; - - c--; - - m = lws_service_fd_tsi(context, &pt->fds[n], tsi); - if (m < 0) - return -1; - /* if something closed, retry this slot */ - if (m) - n--; - } - - if (a) - goto again; - - return 0; -} diff --git a/lib/plat/esp32/esp32-sockets.c b/lib/plat/esp32/esp32-sockets.c deleted file mode 100644 index 80b50c8..0000000 --- a/lib/plat/esp32/esp32-sockets.c +++ /dev/null @@ -1,226 +0,0 @@ -/* - * libwebsockets - lib/plat/lws-plat-esp32.c - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_send_pipe_choked(struct lws *wsi) -{ - struct lws *wsi_eff = wsi; - fd_set writefds; - struct timeval tv = { 0, 0 }; - int n; -#if defined(LWS_WITH_HTTP2) - wsi_eff = lws_get_network_wsi(wsi); -#endif - - /* the fact we checked implies we avoided back-to-back writes */ - wsi_eff->could_have_pending = 0; - - /* treat the fact we got a truncated send pending as if we're choked */ - if (lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - || wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) - return 1; - - FD_ZERO(&writefds); - FD_SET(wsi_eff->desc.sockfd, &writefds); - - n = select(wsi_eff->desc.sockfd + 1, NULL, &writefds, NULL, &tv); - if (n < 0) - return 1; /* choked */ - - return !n; /* n = 0 = not writable = choked */ -} - -int -lws_poll_listen_fd(struct lws_pollfd *fd) -{ - fd_set readfds; - struct timeval tv = { 0, 0 }; - - FD_ZERO(&readfds); - FD_SET(fd->fd, &readfds); - - return select(fd->fd + 1, &readfds, NULL, NULL, &tv); -} - -int -lws_plat_check_connection_error(struct lws *wsi) -{ - return 0; -} - -int -lws_plat_set_nonblocking(int fd) -{ - return fcntl(fd, F_SETFL, O_NONBLOCK) < 0; -} - -int -lws_plat_set_socket_options(struct lws_vhost *vhost, int fd, int unix_skt) -{ - int optval = 1; - socklen_t optlen = sizeof(optval); - -#if defined(__APPLE__) || \ - defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ - defined(__NetBSD__) || \ - defined(__OpenBSD__) - struct protoent *tcp_proto; -#endif - - if (vhost->ka_time) { - /* enable keepalive on this socket */ - optval = 1; - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&optval, optlen) < 0) - return 1; - -#if defined(__APPLE__) || \ - defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ - defined(__NetBSD__) || \ - defined(__CYGWIN__) || defined(__OpenBSD__) || defined (__sun) - - /* - * didn't find a way to set these per-socket, need to - * tune kernel systemwide values - */ -#else - /* set the keepalive conditions we want on it too */ - optval = vhost->ka_time; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, - (const void *)&optval, optlen) < 0) - return 1; - - optval = vhost->ka_interval; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPINTVL, - (const void *)&optval, optlen) < 0) - return 1; - - optval = vhost->ka_probes; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPCNT, - (const void *)&optval, optlen) < 0) - return 1; -#endif - } - - /* Disable Nagle */ - optval = 1; - if (setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &optval, optlen) < 0) - return 1; - - return lws_plat_set_nonblocking(fd); -} - -/* cast a struct sockaddr_in6 * into addr for ipv6 */ - -int -lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, - size_t addrlen) -{ -#if 0 - int rc = LWS_ITOSA_NOT_EXIST; - - struct ifaddrs *ifr; - struct ifaddrs *ifc; -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; -#endif - - getifaddrs(&ifr); - for (ifc = ifr; ifc != NULL && rc; ifc = ifc->ifa_next) { - if (!ifc->ifa_addr) - continue; - - lwsl_info(" interface %s vs %s\n", ifc->ifa_name, ifname); - - if (strcmp(ifc->ifa_name, ifname)) - continue; - - switch (ifc->ifa_addr->sa_family) { - case AF_INET: -#ifdef LWS_WITH_IPV6 - if (ipv6) { - /* map IPv4 to IPv6 */ - memset((char *)&addr6->sin6_addr, 0, - sizeof(struct in6_addr)); - addr6->sin6_addr.s6_addr[10] = 0xff; - addr6->sin6_addr.s6_addr[11] = 0xff; - memcpy(&addr6->sin6_addr.s6_addr[12], - &((struct sockaddr_in *)ifc->ifa_addr)->sin_addr, - sizeof(struct in_addr)); - } else -#endif - memcpy(addr, - (struct sockaddr_in *)ifc->ifa_addr, - sizeof(struct sockaddr_in)); - break; -#ifdef LWS_WITH_IPV6 - case AF_INET6: - memcpy(&addr6->sin6_addr, - &((struct sockaddr_in6 *)ifc->ifa_addr)->sin6_addr, - sizeof(struct in6_addr)); - break; -#endif - default: - continue; - } - rc = LWS_ITOSA_USABLE; - } - - freeifaddrs(ifr); - - if (rc == LWS_ITOSA_NOT_EXIST) { - /* check if bind to IP address */ -#ifdef LWS_WITH_IPV6 - if (inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) - rc = LWS_ITOSA_USABLE; - else -#endif - if (inet_pton(AF_INET, ifname, &addr->sin_addr) == 1) - rc = LWS_ITOSA_USABLE; - } - - return rc; -#endif - - return LWS_ITOSA_NOT_EXIST; -} - -const char * -lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) -{ - return inet_ntop(af, src, dst, cnt); -} - -int -lws_plat_inet_pton(int af, const char *src, void *dst) -{ - return 1; // inet_pton(af, src, dst); -} - - - - diff --git a/lib/plat/esp32/esp_attr.h b/lib/plat/esp32/esp_attr.h deleted file mode 100644 index 5bf9a22..0000000 --- a/lib/plat/esp32/esp_attr.h +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef __ESP_ATTR_H__ -#define __ESP_ATTR_H__ - -#define ROMFN_ATTR - -//Normally, the linker script will put all code and rodata in flash, -//and all variables in shared RAM. These macros can be used to redirect -//particular functions/variables to other memory regions. - -// Forces code into IRAM instead of flash. -#define IRAM_ATTR __attribute__((section(".iram1"))) - -// Forces data into DRAM instead of flash -#define DRAM_ATTR __attribute__((section(".dram1"))) - -// Forces data to be 4 bytes aligned -#define WORD_ALIGNED_ATTR __attribute__((aligned(4))) - -// Forces data to be placed to DMA-capable places -#define DMA_ATTR WORD_ALIGNED_ATTR DRAM_ATTR - -// Forces a string into DRAM instead of flash -// Use as ets_printf(DRAM_STR("Hello world!\n")); -#define DRAM_STR(str) (__extension__({static const DRAM_ATTR char __c[] = (str); (const char *)&__c;})) - -// Forces code into RTC fast memory. See "docs/deep-sleep-stub.rst" -#define RTC_IRAM_ATTR __attribute__((section(".rtc.text"))) - -// Forces data into RTC slow memory. See "docs/deep-sleep-stub.rst" -// Any variable marked with this attribute will keep its value -// during a deep sleep / wake cycle. -#define RTC_DATA_ATTR __attribute__((section(".rtc.data"))) - -// Forces read-only data into RTC slow memory. See "docs/deep-sleep-stub.rst" -#define RTC_RODATA_ATTR __attribute__((section(".rtc.rodata"))) - -// Forces data into noinit section to avoid initialization after restart. -#define __NOINIT_ATTR __attribute__((section(".noinit"))) - -// Forces data into RTC slow memory of .noinit section. -// Any variable marked with this attribute will keep its value -// after restart or during a deep sleep / wake cycle. -#define RTC_NOINIT_ATTR __attribute__((section(".rtc_noinit"))) - -#endif /* __ESP_ATTR_H__ */ diff --git a/lib/plat/esp32/private.h b/lib/plat/esp32/private.h deleted file mode 100644 index fa48c51..0000000 --- a/lib/plat/esp32/private.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * Included from lib/core/private.h if LWS_WITH_ESP32 - */ - -#define MSG_NOSIGNAL 0 -#define SOMAXCONN 3 - -#if defined(LWS_AMAZON_RTOS) - int - open(const char *path, int oflag, ...); -#else - #include -#endif - - #include - #include - #include - #include - #include - #include - - #ifndef __cplusplus - #include - #endif - #include - #include -#if defined(LWS_AMAZON_RTOS) -const char * -gai_strerror(int); -#else - #include -#endif - -#if defined(LWS_AMAZON_RTOS) - #include "FreeRTOS.h" - #include "timers.h" - #include -#else - #include "freertos/timers.h" - #include - #include - #include -#endif - -#include "lwip/apps/sntp.h" - -#include - - #if defined(LWS_BUILTIN_GETIFADDRS) - #include "./misc/getifaddrs.h" - #endif - - #define LWS_ERRNO errno - #define LWS_EAGAIN EAGAIN - #define LWS_EALREADY EALREADY - #define LWS_EINPROGRESS EINPROGRESS - #define LWS_EINTR EINTR - #define LWS_EISCONN EISCONN - #define LWS_ENOTCONN ENOTCONN - #define LWS_EWOULDBLOCK EWOULDBLOCK - #define LWS_EADDRINUSE EADDRINUSE - - #define lws_set_blocking_send(wsi) - - #ifndef LWS_NO_FORK - #ifdef LWS_HAVE_SYS_PRCTL_H - #include - #endif - #endif - -#define compatible_close(x) close(x) -#define lws_plat_socket_offset() LWIP_SOCKET_OFFSET -#define wsi_from_fd(A,B) A->lws_lookup[B - lws_plat_socket_offset()] - -struct lws_context; -struct lws; - -int -insert_wsi(const struct lws_context *context, struct lws *wsi); - -#define delete_from_fd(A,B) A->lws_lookup[B - lws_plat_socket_offset()] = 0 - diff --git a/lib/plat/optee/lws-plat-optee.c b/lib/plat/optee/lws-plat-optee.c deleted file mode 100644 index 21307fd..0000000 --- a/lib/plat/optee/lws-plat-optee.c +++ /dev/null @@ -1,213 +0,0 @@ -#include "core/private.h" - -#if !defined(LWS_WITH_NETWORK) -#include -#endif - -int errno; - -#if !defined(LWS_WITH_NETWORK) -char * -strcpy(char *dest, const char *src) -{ - char *desto = dest; - - while (*src) - *(dest++) = *(src++); - - *(dest++) = '\0'; - - return desto; -} - -char *strncpy(char *dest, const char *src, size_t limit) -{ - char *desto = dest; - - while (*src && limit--) - *(dest++) = *(src++); - - if (limit) - *(dest++) = '\0'; - - return desto; -} - -#endif - -int lws_plat_apply_FD_CLOEXEC(int n) -{ - return 0; -} - -void TEE_GenerateRandom(void *randomBuffer, uint32_t randomBufferLen); -#if defined(LWS_WITH_NETWORK) -uint64_t -lws_now_usecs(void) -{ - return ((unsigned long long)time(NULL)) * 1000000; -} -#endif - -int -lws_get_random(struct lws_context *context, void *buf, int len) -{ -#if defined(LWS_WITH_NETWORK) - TEE_GenerateRandom(buf, len); -#else - crypto_rng_read(buf, len); -#endif - - return len; -} - - -static const char * const colours[] = { - "[31;1m", /* LLL_ERR */ - "[36;1m", /* LLL_WARN */ - "[35;1m", /* LLL_NOTICE */ - "[32;1m", /* LLL_INFO */ - "[34;1m", /* LLL_DEBUG */ - "[33;1m", /* LLL_PARSER */ - "[33;1m", /* LLL_HEADER */ - "[33;1m", /* LLL_EXT */ - "[33;1m", /* LLL_CLIENT */ - "[33;1m", /* LLL_LATENCY */ - "[30;1m", /* LLL_USER */ -}; - -void lwsl_emit_optee(int level, const char *line) -{ - char buf[50], linecp[512]; - int n, m = LWS_ARRAY_SIZE(colours) - 1; - - lwsl_timestamp(level, buf, sizeof(buf)); - - n = 1 << (LWS_ARRAY_SIZE(colours) - 1); - while (n) { - if (level & n) - break; - m--; - n >>= 1; - } - n = strlen(line); - if ((unsigned int)n > sizeof(linecp) - 1) - n = sizeof(linecp) - 1; - if (n) { - memcpy(linecp, line, n - 1); - linecp[n - 1] = '\0'; - } else - linecp[0] = '\0'; - EMSG("%c%s%s%s%c[0m", 27, colours[m], buf, linecp, 27); -} - -int -lws_plat_set_nonblocking(int fd) -{ - return 0; -} - -int -lws_plat_drop_app_privileges(struct lws_context *context, int actually_init) -{ - return 0; -} - -int -lws_plat_context_early_init(void) -{ - return 0; -} - -void -lws_plat_context_early_destroy(struct lws_context *context) -{ -} - -void -lws_plat_context_late_destroy(struct lws_context *context) -{ -#if defined(LWS_WITH_NETWORK) - if (context->lws_lookup) - lws_free(context->lws_lookup); -#endif -} - -lws_fop_fd_t -_lws_plat_file_open(const struct lws_plat_file_ops *fops, - const char *filename, const char *vpath, lws_fop_flags_t *flags) -{ - return NULL; -} - -int -_lws_plat_file_close(lws_fop_fd_t *fop_fd) -{ - return 0; -} - -lws_fileofs_t -_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - return 0; -} - - int -_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - - return 0; -} - - int -_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - - return 0; -} - - -int -lws_plat_init(struct lws_context *context, - const struct lws_context_creation_info *info) -{ -#if defined(LWS_WITH_NETWORK) - /* master context has the global fd lookup array */ - context->lws_lookup = lws_zalloc(sizeof(struct lws *) * - context->max_fds, "lws_lookup"); - if (context->lws_lookup == NULL) { - lwsl_err("OOM on lws_lookup array for %d connections\n", - context->max_fds); - return 1; - } - - lwsl_notice(" mem: platform fd map: %5lu bytes\n", - (long)sizeof(struct lws *) * context->max_fds); -#endif -#ifdef LWS_WITH_PLUGINS - if (info->plugin_dirs) - lws_plat_plugins_init(context, info->plugin_dirs); -#endif - - return 0; -} - -int -lws_plat_write_file(const char *filename, void *buf, int len) -{ - return 1; -} - -int -lws_plat_read_file(const char *filename, void *buf, int len) -{ - return -1; -} - -int -lws_plat_recommended_rsa_bits(void) -{ - return 4096; -} diff --git a/lib/plat/optee/network.c b/lib/plat/optee/network.c deleted file mode 100644 index 202d524..0000000 --- a/lib/plat/optee/network.c +++ /dev/null @@ -1,232 +0,0 @@ -#include "core/private.h" - - -int -lws_plat_pipe_create(struct lws *wsi) -{ - return 1; -} - -int -lws_plat_pipe_signal(struct lws *wsi) -{ - return 1; -} - -void -lws_plat_pipe_close(struct lws *wsi) -{ -} - -LWS_VISIBLE int -lws_send_pipe_choked(struct lws *wsi) -{ - struct lws *wsi_eff; - -#if defined(LWS_WITH_HTTP2) - wsi_eff = lws_get_network_wsi(wsi); -#else - wsi_eff = wsi; -#endif - - /* the fact we checked implies we avoided back-to-back writes */ - wsi_eff->could_have_pending = 0; - - /* treat the fact we got a truncated send pending as if we're choked */ - if (lws_has_buffered_out(wsi_eff) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - || wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) - return 1; - - /* okay to send another packet without blocking */ - - return 0; -} - -int -lws_poll_listen_fd(struct lws_pollfd *fd) -{ -// return poll(fd, 1, 0); - - return 0; -} - - -LWS_EXTERN int -_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) -{ - lws_usec_t timeout_us = timeout_ms * LWS_US_PER_MS; - struct lws_context_per_thread *pt; - int n = -1, m, c, a = 0; - //char buf; - - /* stay dead once we are dead */ - - if (!context || !context->vhost_list) - return 1; - - pt = &context->pt[tsi]; - - if (timeout_ms < 0) - timeout_ms = 0; - else - timeout_ms = 2000000000; - - if (!pt->service_tid_detected) { - struct lws _lws; - - memset(&_lws, 0, sizeof(_lws)); - _lws.context = context; - - pt->service_tid = context->vhost_list->protocols[0].callback( - &_lws, LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); - pt->service_tid_detected = 1; - } - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (lws_service_adjust_timeout(context, 1, tsi)) { -again: - a = 0; - if (timeout_us) { - lws_usec_t us; - - lws_pt_lock(pt, __func__); - /* don't stay in poll wait longer than next hr timeout */ - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us && us < timeout_us) - timeout_us = us; - - lws_pt_unlock(pt); - } - - n = poll(pt->fds, pt->fds_count, timeout_us / LWS_US_PER_MS); - - m = 0; - - if (pt->context->tls_ops && - pt->context->tls_ops->fake_POLLIN_for_buffered) - m = pt->context->tls_ops->fake_POLLIN_for_buffered(pt); - - if (/*!pt->ws.rx_draining_ext_list && */!m && !n) /* nothing to do */ - return 0; - } else - a = 1; - - m = lws_service_flag_pending(context, tsi); - if (m) - c = -1; /* unknown limit */ - else - if (n < 0) { - if (LWS_ERRNO != LWS_EINTR) - return -1; - return 0; - } else - c = n; - - /* any socket with events to service? */ - for (n = 0; n < (int)pt->fds_count && c; n++) { - if (!pt->fds[n].revents) - continue; - - c--; -#if 0 - if (pt->fds[n].fd == pt->dummy_pipe_fds[0]) { - if (read(pt->fds[n].fd, &buf, 1) != 1) - lwsl_err("Cannot read from dummy pipe."); - continue; - } -#endif - m = lws_service_fd_tsi(context, &pt->fds[n], tsi); - if (m < 0) - return -1; - /* if something closed, retry this slot */ - if (m) - n--; - } - - if (a) - goto again; - - return 0; -} - -int -lws_plat_check_connection_error(struct lws *wsi) -{ - return 0; -} - -int -lws_plat_service(struct lws_context *context, int timeout_ms) -{ - return _lws_plat_service_tsi(context, timeout_ms, 0); -} - -int -lws_plat_set_socket_options(struct lws_vhost *vhost, int fd, int unix_skt) -{ - return 0; -} - - -int -lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf, - int len) -{ - return 1; -} - - -/* cast a struct sockaddr_in6 * into addr for ipv6 */ - -int -lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, - size_t addrlen) -{ - return -1; -} - -void -lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - pt->fds[pt->fds_count++].revents = 0; -} - -void -lws_plat_delete_socket_from_fds(struct lws_context *context, - struct lws *wsi, int m) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - pt->fds_count--; -} - -int -lws_plat_change_pollfd(struct lws_context *context, - struct lws *wsi, struct lws_pollfd *pfd) -{ - return 0; -} - -const char * -lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) -{ - //return inet_ntop(af, src, dst, cnt); - return "lws_plat_inet_ntop"; -} - -int -lws_plat_inet_pton(int af, const char *src, void *dst) -{ - //return inet_pton(af, src, dst); - return 1; -} - - diff --git a/lib/plat/optee/private.h b/lib/plat/optee/private.h deleted file mode 100644 index 256289f..0000000 --- a/lib/plat/optee/private.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * Included from lib/core/private.h if LWS_WITH_OPTEE - */ - - #include - #include - - #define LWS_ERRNO errno - #define LWS_EAGAIN EAGAIN - #define LWS_EALREADY EALREADY - #define LWS_EINPROGRESS EINPROGRESS - #define LWS_EINTR EINTR - #define LWS_EISCONN EISCONN - #define LWS_ENOTCONN ENOTCONN - #define LWS_EWOULDBLOCK EWOULDBLOCK - #define LWS_EADDRINUSE EADDRINUSE - - #define lws_set_blocking_send(wsi) - -#define compatible_close(x) close(x) -#define lws_plat_socket_offset() (0) -#define wsi_from_fd(A,B) A->lws_lookup[B - lws_plat_socket_offset()] -#define insert_wsi(A,B) assert(A->lws_lookup[B->desc.sockfd - \ - lws_plat_socket_offset()] == 0); \ - A->lws_lookup[B->desc.sockfd - \ - lws_plat_socket_offset()] = B -#define delete_from_fd(A,B) A->lws_lookup[B - lws_plat_socket_offset()] = 0 - diff --git a/lib/plat/unix/private.h b/lib/plat/unix/private.h deleted file mode 100644 index 73fdfbb..0000000 --- a/lib/plat/unix/private.h +++ /dev/null @@ -1,173 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * Included from lib/core/private.h if no explicit platform - */ - -#include -#include -#include - -#include -#include -#include -#include -#include - -#ifndef __cplusplus -#include -#endif -#include -#include - -#include -#include -#include -#include -#include -#include - -#if defined(__APPLE__) -#include -#endif -#if defined(__FreeBSD__) -#include -#endif -#if defined(__linux__) -#include -#endif -#if defined(__QNX__) - #include - #if defined(__LITTLEENDIAN__) - #define BYTE_ORDER __LITTLEENDIAN__ - #define LITTLE_ENDIAN __LITTLEENDIAN__ - #define BIG_ENDIAN 4321 /* to show byte order (taken from gcc); for suppres warning that BIG_ENDIAN is not defined. */ - #endif - #if defined(__BIGENDIAN__) - #define BYTE_ORDER __BIGENDIAN__ - #define LITTLE_ENDIAN 1234 /* to show byte order (taken from gcc); for suppres warning that LITTLE_ENDIAN is not defined. */ - #define BIG_ENDIAN __BIGENDIAN__ - #endif -#endif - -#if defined(__sun) && defined(__GNUC__) - -#include - -#if !defined (BYTE_ORDER) -#define BYTE_ORDER __BYTE_ORDER__ -#endif - -#if !defined(LITTLE_ENDIAN) -#define LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__ -#endif - -#if !defined(BIG_ENDIAN) -#define BIG_ENDIAN __ORDER_BIG_ENDIAN__ -#endif - -#endif /* sun + GNUC */ - -#if !defined(BYTE_ORDER) -#define BYTE_ORDER __BYTE_ORDER -#endif -#if !defined(LITTLE_ENDIAN) -#define LITTLE_ENDIAN __LITTLE_ENDIAN -#endif -#if !defined(BIG_ENDIAN) -#define BIG_ENDIAN __BIG_ENDIAN -#endif - -#if defined(LWS_BUILTIN_GETIFADDRS) -#include "./misc/getifaddrs.h" -#else - -#if defined(__HAIKU__) -#define _BSD_SOURCE -#endif -#include - -#endif - -#if defined (__sun) || defined(__HAIKU__) || defined(__QNX__) || defined(__ANDROID__) -#include - -#if defined(__ANDROID__) -#include -#endif - -#else -#include -#endif - -#ifdef __QNX__ -# include "netinet/tcp_var.h" -# define TCP_KEEPINTVL TCPCTL_KEEPINTVL -# define TCP_KEEPIDLE TCPCTL_KEEPIDLE -# define TCP_KEEPCNT TCPCTL_KEEPCNT -#endif - -#define LWS_ERRNO errno -#define LWS_EAGAIN EAGAIN -#define LWS_EALREADY EALREADY -#define LWS_EINPROGRESS EINPROGRESS -#define LWS_EINTR EINTR -#define LWS_EISCONN EISCONN -#define LWS_ENOTCONN ENOTCONN -#define LWS_EWOULDBLOCK EWOULDBLOCK -#define LWS_EADDRINUSE EADDRINUSE -#define lws_set_blocking_send(wsi) -#define LWS_SOCK_INVALID (-1) - -struct lws_context; - -struct lws * -wsi_from_fd(const struct lws_context *context, int fd); - -int -insert_wsi(const struct lws_context *context, struct lws *wsi); - -void -delete_from_fd(const struct lws_context *context, int fd); - -#ifndef LWS_NO_FORK -#ifdef LWS_HAVE_SYS_PRCTL_H -#include -#endif -#endif - -#define compatible_close(x) close(x) -#define lws_plat_socket_offset() (0) - -/* - * Mac OSX as well as iOS do not define the MSG_NOSIGNAL flag, - * but happily have something equivalent in the SO_NOSIGPIPE flag. - */ -#ifdef __APPLE__ -#define MSG_NOSIGNAL SO_NOSIGPIPE -#endif - -/* - * Solaris 11.X only supports POSIX 2001, MSG_NOSIGNAL appears in - * POSIX 2008. - */ -#if defined(__sun) && !defined(MSG_NOSIGNAL) - #define MSG_NOSIGNAL 0 -#endif diff --git a/lib/plat/unix/unix-caps.c b/lib/plat/unix/unix-caps.c deleted file mode 100644 index 3414e30..0000000 --- a/lib/plat/unix/unix-caps.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -#include -#include - -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) -static void -_lws_plat_apply_caps(int mode, const cap_value_t *cv, int count) -{ - cap_t caps; - - if (!count) - return; - - caps = cap_get_proc(); - - cap_set_flag(caps, mode, count, cv, CAP_SET); - cap_set_proc(caps); - prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); - cap_free(caps); -} -#endif - -int -lws_plat_user_colon_group_to_ids(const char *u_colon_g, uid_t *puid, gid_t *pgid) -{ - char *colon = strchr(u_colon_g, ':'), u[33]; - struct passwd *p; - struct group *g; - int ulen; - - if (!colon) - return 1; - - ulen = lws_ptr_diff(colon, u_colon_g); - if (ulen < 2 || ulen > (int)sizeof(u) - 1) - return 1; - - memcpy(u, u_colon_g, ulen); - u[ulen] = '\0'; - - colon++; - - g = getgrnam(colon); - if (!g) { - lwsl_err("%s: unknown group '%s'\n", __func__, colon); - - return 1; - } - *pgid = g->gr_gid; - - p = getpwnam(u); - if (!p) { - lwsl_err("%s: unknown group '%s'\n", __func__, u); - - return 1; - } - *puid = p->pw_uid; - - return 0; -} - -int -lws_plat_drop_app_privileges(struct lws_context *context, int actually_drop) -{ - struct passwd *p; - struct group *g; - - /* if he gave us the groupname, align gid to match it */ - - if (context->groupname) { - g = getgrnam(context->groupname); - - if (g) { - lwsl_info("%s: group %s -> gid %u\n", __func__, - context->groupname, g->gr_gid); - context->gid = g->gr_gid; - } else { - lwsl_err("%s: unknown groupname '%s'\n", __func__, - context->groupname); - - return 1; - } - } - - /* if he gave us the username, align uid to match it */ - - if (context->username) { - p = getpwnam(context->username); - - if (p) { - context->uid = p->pw_uid; - - lwsl_info("%s: username %s -> uid %u\n", __func__, - context->username, (unsigned int)p->pw_uid); - } else { - lwsl_err("%s: unknown username %s\n", __func__, - context->username); - - return 1; - } - } - - if (!actually_drop) - return 0; - - /* if he gave us the gid or we have it from the groupname, set it */ - - if (context->gid && context->gid != -1) { - g = getgrgid(context->gid); - - if (!g) { - lwsl_err("%s: cannot find name for gid %d\n", - __func__, context->gid); - - return 1; - } - - if (setgid(context->gid)) { - lwsl_err("%s: setgid: %s failed\n", __func__, - strerror(LWS_ERRNO)); - - return 1; - } - - lwsl_notice("%s: effective group '%s'\n", __func__, - g->gr_name); - } else - lwsl_info("%s: not changing group\n", __func__); - - - /* if he gave us the uid or we have it from the username, set it */ - - if (context->uid && context->uid != -1) { - p = getpwuid(context->uid); - - if (!p) { - lwsl_err("%s: getpwuid: unable to find uid %d\n", - __func__, context->uid); - return 1; - } - -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) - _lws_plat_apply_caps(CAP_PERMITTED, context->caps, - context->count_caps); -#endif - - initgroups(p->pw_name, context->gid); - if (setuid(context->uid)) { - lwsl_err("%s: setuid: %s failed\n", __func__, - strerror(LWS_ERRNO)); - - return 1; - } else - lwsl_notice("%s: effective user '%s'\n", - __func__, p->pw_name); - -#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) - _lws_plat_apply_caps(CAP_EFFECTIVE, context->caps, - context->count_caps); - - if (context->count_caps) { - int n; - for (n = 0; n < context->count_caps; n++) - lwsl_notice(" RETAINING CAP %d\n", - (int)context->caps[n]); - } -#endif - } else - lwsl_info("%s: not changing user\n", __func__); - - return 0; -} diff --git a/lib/plat/unix/unix-fds.c b/lib/plat/unix/unix-fds.c deleted file mode 100644 index 221d967..0000000 --- a/lib/plat/unix/unix-fds.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -struct lws * -wsi_from_fd(const struct lws_context *context, int fd) -{ - struct lws **p, **done; - - if (!context->max_fds_unrelated_to_ulimit) - return context->lws_lookup[fd - lws_plat_socket_offset()]; - - /* slow fds handling */ - - p = context->lws_lookup; - done = &p[context->max_fds]; - - while (p != done) { - if (*p && (*p)->desc.sockfd == fd) - return *p; - p++; - } - - return NULL; -} - -int -insert_wsi(const struct lws_context *context, struct lws *wsi) -{ - struct lws **p, **done; - - if (!context->max_fds_unrelated_to_ulimit) { - assert(context->lws_lookup[wsi->desc.sockfd - - lws_plat_socket_offset()] == 0); - - context->lws_lookup[wsi->desc.sockfd - \ - lws_plat_socket_offset()] = wsi; - - return 0; - } - - /* slow fds handling */ - - p = context->lws_lookup; - done = &p[context->max_fds]; - -#if defined(_DEBUG) - - /* confirm it doesn't already exist */ - - while (p != done && *p != wsi) - p++; - - assert(p == done); - p = context->lws_lookup; - - /* confirm fd doesn't already exist */ - - while (p != done && (!*p || (*p && (*p)->desc.sockfd != wsi->desc.sockfd))) - p++; - - if (p != done) { - lwsl_err("%s: wsi %p already says it has fd %d\n", - __func__, *p, wsi->desc.sockfd); - assert(0); - } - p = context->lws_lookup; -#endif - - /* find an empty slot */ - - while (p != done && *p) - p++; - - if (p == done) { - lwsl_err("%s: reached max fds\n", __func__); - return 1; - } - - *p = wsi; - - return 0; -} - -void -delete_from_fd(const struct lws_context *context, int fd) -{ - - struct lws **p, **done; - - if (!context->max_fds_unrelated_to_ulimit) { - context->lws_lookup[fd - lws_plat_socket_offset()] = NULL; - - return; - } - - /* slow fds handling */ - - p = context->lws_lookup; - done = &p[context->max_fds]; - - /* find the match */ - - while (p != done && (!*p || (*p && (*p)->desc.sockfd != fd))) - p++; - - if (p == done) - lwsl_err("%s: fd %d not found\n", __func__, fd); - else - *p = NULL; - -#if defined(_DEBUG) - p = context->lws_lookup; - while (p != done && (!*p || (*p && (*p)->desc.sockfd != fd))) - p++; - - if (p != done) { - lwsl_err("%s: fd %d in lws_lookup again at %d\n", __func__, - fd, (int)(p - context->lws_lookup)); - assert(0); - } -#endif -} - -void -lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - if (context->event_loop_ops->io) - context->event_loop_ops->io(wsi, LWS_EV_START | LWS_EV_READ); - - pt->fds[pt->fds_count++].revents = 0; -} - -void -lws_plat_delete_socket_from_fds(struct lws_context *context, - struct lws *wsi, int m) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - if (context->event_loop_ops->io) - context->event_loop_ops->io(wsi, - LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE); - - pt->fds_count--; -} - -int -lws_plat_change_pollfd(struct lws_context *context, - struct lws *wsi, struct lws_pollfd *pfd) -{ - return 0; -} diff --git a/lib/plat/unix/unix-file.c b/lib/plat/unix/unix-file.c deleted file mode 100644 index bcdc213..0000000 --- a/lib/plat/unix/unix-file.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -#include -#include - -#ifdef LWS_WITH_PLUGINS -#include -#endif -#include - -int lws_plat_apply_FD_CLOEXEC(int n) -{ - if (n == -1) - return 0; - - return fcntl(n, F_SETFD, FD_CLOEXEC); -} - -int -lws_plat_write_file(const char *filename, void *buf, int len) -{ - int m, fd; - - fd = lws_open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); - - if (fd == -1) - return 1; - - m = write(fd, buf, len); - close(fd); - - return m != len; -} - -int -lws_plat_read_file(const char *filename, void *buf, int len) -{ - int n, fd = lws_open(filename, O_RDONLY); - if (fd == -1) - return -1; - - n = read(fd, buf, len); - close(fd); - - return n; -} - -lws_fop_fd_t -_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, - const char *vpath, lws_fop_flags_t *flags) -{ - struct stat stat_buf; - int ret = lws_open(filename, (*flags) & LWS_FOP_FLAGS_MASK, 0664); - lws_fop_fd_t fop_fd; - - if (ret < 0) - return NULL; - - if (fstat(ret, &stat_buf) < 0) - goto bail; - - fop_fd = malloc(sizeof(*fop_fd)); - if (!fop_fd) - goto bail; - - fop_fd->fops = fops; - fop_fd->flags = *flags; - fop_fd->fd = ret; - fop_fd->filesystem_priv = NULL; /* we don't use it */ - fop_fd->len = stat_buf.st_size; - fop_fd->pos = 0; - - return fop_fd; - -bail: - close(ret); - return NULL; -} - -int -_lws_plat_file_close(lws_fop_fd_t *fop_fd) -{ - int fd = (*fop_fd)->fd; - - free(*fop_fd); - *fop_fd = NULL; - - return close(fd); -} - -lws_fileofs_t -_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - lws_fileofs_t r; - - if (offset > 0 && - offset > (lws_fileofs_t)fop_fd->len - (lws_fileofs_t)fop_fd->pos) - offset = fop_fd->len - fop_fd->pos; - - if ((lws_fileofs_t)fop_fd->pos + offset < 0) - offset = -fop_fd->pos; - - r = lseek(fop_fd->fd, offset, SEEK_CUR); - - if (r >= 0) - fop_fd->pos = r; - else - lwsl_err("error seeking from cur %ld, offset %ld\n", - (long)fop_fd->pos, (long)offset); - - return r; -} - -int -_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - long n; - - n = read((int)fop_fd->fd, buf, len); - if (n == -1) { - *amount = 0; - return -1; - } - fop_fd->pos += n; - lwsl_debug("%s: read %ld of req %ld, pos %ld, len %ld\n", __func__, n, - (long)len, (long)fop_fd->pos, (long)fop_fd->len); - *amount = n; - - return 0; -} - -int -_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - long n; - - n = write((int)fop_fd->fd, buf, len); - if (n == -1) { - *amount = 0; - return -1; - } - - fop_fd->pos += n; - *amount = n; - - return 0; -} - diff --git a/lib/plat/unix/unix-init.c b/lib/plat/unix/unix-init.c deleted file mode 100644 index 6204e52..0000000 --- a/lib/plat/unix/unix-init.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -#include -#include - -#ifdef LWS_WITH_PLUGINS -#include -#endif -#include - -#if defined(LWS_HAVE_MALLOC_TRIM) -#include -#endif - -#if defined(LWS_WITH_NETWORK) -static void -lws_sul_plat_unix(lws_sorted_usec_list_t *sul) -{ - struct lws_context_per_thread *pt = - lws_container_of(sul, struct lws_context_per_thread, sul_plat); - struct lws_context *context = pt->context; -#if defined(LWS_ROLE_CGI) || defined(LWS_ROLE_DBUS) - time_t now = time(NULL); -#endif - -#if !defined(LWS_NO_DAEMONIZE) - /* if our parent went down, don't linger around */ - if (pt->context->started_with_parent && - kill(pt->context->started_with_parent, 0) < 0) - kill(getpid(), SIGTERM); -#endif -#if defined(LWS_HAVE_MALLOC_TRIM) - malloc_trim(4 * 1024); -#endif - - if (pt->context->deprecated && !pt->context->count_wsi_allocated) { - lwsl_notice("%s: ending deprecated context\n", __func__); - kill(getpid(), SIGINT); - return; - } - - lws_check_deferred_free(context, 0, 0); - - lws_context_lock(context, "periodic checks"); - lws_start_foreach_llp(struct lws_vhost **, pv, - context->no_listener_vhost_list) { - struct lws_vhost *v = *pv; - lwsl_debug("deferred iface: checking if on vh %s\n", (*pv)->name); - if (_lws_vhost_init_server(NULL, *pv) == 0) { - /* became happy */ - lwsl_notice("vh %s: became connected\n", v->name); - *pv = v->no_listener_vhost_list; - v->no_listener_vhost_list = NULL; - break; - } - } lws_end_foreach_llp(pv, no_listener_vhost_list); - lws_context_unlock(context); - -#if defined(LWS_ROLE_CGI) - role_ops_cgi.periodic_checks(context, 0, now); -#endif -#if defined(LWS_ROLE_DBUS) - role_ops_dbus.periodic_checks(context, 0, now); -#endif - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_plat, 30 * LWS_US_PER_SEC); -} -#endif - -int -lws_plat_init(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - int fd; -#if defined(LWS_WITH_NETWORK) - /* - * master context has the process-global fd lookup array. This can be - * done two different ways now; one or the other is done depending on if - * info->fd_limit_per_thread was snonzero - * - * - default: allocate a worst-case lookup array sized for ulimit -n - * and use the fd directly as an index into it - * - * - slow: allocate context->max_fds entries only (which can be - * forced at context creation time to be - * info->fd_limit_per_thread * the number of threads) - * and search the array to lookup fds - * - * the default way is optimized for server, if you only use one or two - * client wsi the slow way may save a lot of memory. - * - * Both ways allocate an array of struct lws *... one allocates it for - * all possible fd indexes the process could produce and uses it as a - * map, the other allocates for an amount of wsi the lws context is - * expected to use and searches through it to manipulate it. - */ - - context->lws_lookup = lws_zalloc(sizeof(struct lws *) * - context->max_fds, "lws_lookup"); - - if (!context->lws_lookup) { - lwsl_err("%s: OOM on alloc lws_lookup array for %d conn\n", - __func__, context->max_fds); - return 1; - } - - lwsl_info(" mem: platform fd map: %5lu B\n", - (unsigned long)(sizeof(struct lws *) * context->max_fds)); -#endif - fd = lws_open(SYSTEM_RANDOM_FILEPATH, O_RDONLY); - - context->fd_random = fd; - if (context->fd_random < 0) { - lwsl_err("Unable to open random device %s %d\n", - SYSTEM_RANDOM_FILEPATH, context->fd_random); - return 1; - } - -#if defined(LWS_WITH_PLUGINS) - if (info->plugin_dirs) - lws_plat_plugins_init(context, info->plugin_dirs); -#endif - - -#if defined(LWS_WITH_NETWORK) - /* we only need to do this on pt[0] */ - - context->pt[0].sul_plat.cb = lws_sul_plat_unix; - __lws_sul_insert(&context->pt[0].pt_sul_owner, &context->pt[0].sul_plat, - 30 * LWS_US_PER_SEC); -#endif - - return 0; -} - -int -lws_plat_context_early_init(void) -{ -#if !defined(LWS_AVOID_SIGPIPE_IGN) - signal(SIGPIPE, SIG_IGN); -#endif - - return 0; -} - -void -lws_plat_context_early_destroy(struct lws_context *context) -{ -} - -void -lws_plat_context_late_destroy(struct lws_context *context) -{ -#ifdef LWS_WITH_PLUGINS - if (context->plugin_list) - lws_plat_plugins_destroy(context); -#endif -#if defined(LWS_WITH_NETWORK) - if (context->lws_lookup) - lws_free_set_NULL(context->lws_lookup); -#endif - if (!context->fd_random) - lwsl_err("ZERO RANDOM FD\n"); - if (context->fd_random != LWS_INVALID_FILE) - close(context->fd_random); -} diff --git a/lib/plat/unix/unix-misc.c b/lib/plat/unix/unix-misc.c deleted file mode 100644 index 6f8383a..0000000 --- a/lib/plat/unix/unix-misc.c +++ /dev/null @@ -1,93 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -lws_usec_t -lws_now_usecs(void) -{ -#if defined(LWS_HAVE_CLOCK_GETTIME) - struct timespec ts; - - if (clock_gettime(CLOCK_MONOTONIC, &ts)) - return 0; - - return (((lws_usec_t)ts.tv_sec) * LWS_US_PER_SEC) + - ((lws_usec_t)ts.tv_nsec / LWS_NS_PER_US); -#else - struct timeval now; - - gettimeofday(&now, NULL); - return (((lws_usec_t)now.tv_sec) * LWS_US_PER_SEC) + - (lws_usec_t)now.tv_usec; -#endif -} - -LWS_VISIBLE int -lws_get_random(struct lws_context *context, void *buf, int len) -{ - return read(context->fd_random, (char *)buf, len); -} - -LWS_VISIBLE void lwsl_emit_syslog(int level, const char *line) -{ - int syslog_level = LOG_DEBUG; - - switch (level) { - case LLL_ERR: - syslog_level = LOG_ERR; - break; - case LLL_WARN: - syslog_level = LOG_WARNING; - break; - case LLL_NOTICE: - syslog_level = LOG_NOTICE; - break; - case LLL_INFO: - syslog_level = LOG_INFO; - break; - } - syslog(syslog_level, "%s", line); -} - - -int -lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf, - int len) -{ - int n; - - n = write(fd, buf, len); - - fsync(fd); - if (lseek(fd, 0, SEEK_SET) < 0) - return 1; - - return n != len; -} - - -int -lws_plat_recommended_rsa_bits(void) -{ - return 4096; -} diff --git a/lib/plat/unix/unix-pipe.c b/lib/plat/unix/unix-pipe.c deleted file mode 100644 index 64ce253..0000000 --- a/lib/plat/unix/unix-pipe.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - - -int -lws_plat_pipe_create(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - -#if defined(LWS_HAVE_PIPE2) - return pipe2(pt->dummy_pipe_fds, O_NONBLOCK); -#else - return pipe(pt->dummy_pipe_fds); -#endif -} - -int -lws_plat_pipe_signal(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - char buf = 0; - int n; - - n = write(pt->dummy_pipe_fds[1], &buf, 1); - - return n != 1; -} - -void -lws_plat_pipe_close(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - if (pt->dummy_pipe_fds[0] && pt->dummy_pipe_fds[0] != -1) - close(pt->dummy_pipe_fds[0]); - if (pt->dummy_pipe_fds[1] && pt->dummy_pipe_fds[1] != -1) - close(pt->dummy_pipe_fds[1]); - - pt->dummy_pipe_fds[0] = pt->dummy_pipe_fds[1] = -1; -} - diff --git a/lib/plat/unix/unix-plugins.c b/lib/plat/unix/unix-plugins.c deleted file mode 100644 index a56046a..0000000 --- a/lib/plat/unix/unix-plugins.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -#include -#include - -#ifdef LWS_WITH_PLUGINS -#include -#endif -#include - -static int filter(const struct dirent *ent) -{ - if (!strcmp(ent->d_name, ".") || !strcmp(ent->d_name, "..")) - return 0; - - return 1; -} - -int -lws_plat_plugins_init(struct lws_context * context, const char * const *d) -{ - struct lws_plugin_capability lcaps; - struct lws_plugin *plugin; - lws_plugin_init_func initfunc; - struct dirent **namelist; - int n, i, m, ret = 0; - char path[256]; - void *l; - -#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) - return lws_uv_plugins_init(context, d); -#endif - - lwsl_notice(" Plugins:\n"); - - while (d && *d) { - n = scandir(*d, &namelist, filter, alphasort); - if (n < 0) { - lwsl_err("Scandir on %s failed\n", *d); - return 1; - } - - for (i = 0; i < n; i++) { - if (strlen(namelist[i]->d_name) < 7) - goto inval; - - lwsl_notice(" %s\n", namelist[i]->d_name); - - lws_snprintf(path, sizeof(path) - 1, "%s/%s", *d, - namelist[i]->d_name); - l = dlopen(path, RTLD_NOW); - if (!l) { - lwsl_err("Error loading DSO: %s\n", dlerror()); - while (i++ < n) - free(namelist[i]); - goto bail; - } - /* we could open it, can we get his init function? */ - m = lws_snprintf(path, sizeof(path) - 1, "init_%s", - namelist[i]->d_name + 3 /* snip lib... */); - path[m - 3] = '\0'; /* snip the .so */ - initfunc = dlsym(l, path); - if (!initfunc) { - lwsl_err("Failed to get init on %s: %s", - namelist[i]->d_name, dlerror()); - dlclose(l); - } - lcaps.api_magic = LWS_PLUGIN_API_MAGIC; - m = initfunc(context, &lcaps); - if (m) { - lwsl_err("Initializing %s failed %d\n", - namelist[i]->d_name, m); - dlclose(l); - goto skip; - } - - plugin = lws_malloc(sizeof(*plugin), "plugin"); - if (!plugin) { - lwsl_err("OOM\n"); - goto bail; - } - plugin->list = context->plugin_list; - context->plugin_list = plugin; - lws_strncpy(plugin->name, namelist[i]->d_name, - sizeof(plugin->name)); - plugin->l = l; - plugin->caps = lcaps; - context->plugin_protocol_count += lcaps.count_protocols; - context->plugin_extension_count += lcaps.count_extensions; - - free(namelist[i]); - continue; - - skip: - dlclose(l); - inval: - free(namelist[i]); - } - free(namelist); - d++; - } - - return 0; - -bail: - free(namelist); - - return ret; -} - -int -lws_plat_plugins_destroy(struct lws_context * context) -{ - struct lws_plugin *plugin = context->plugin_list, *p; - lws_plugin_destroy_func func; - char path[256]; - int m; - -#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) - return lws_uv_plugins_destroy(context); -#endif - - if (!plugin) - return 0; - - lwsl_notice("%s\n", __func__); - - while (plugin) { - p = plugin; - m = lws_snprintf(path, sizeof(path) - 1, "destroy_%s", - plugin->name + 3); - path[m - 3] = '\0'; - func = dlsym(plugin->l, path); - if (!func) { - lwsl_err("Failed to get destroy on %s: %s", - plugin->name, dlerror()); - goto next; - } - m = func(context); - if (m) - lwsl_err("Initializing %s failed %d\n", - plugin->name, m); -next: - dlclose(p->l); - plugin = p->list; - p->list = NULL; - free(p); - } - - context->plugin_list = NULL; - - return 0; -} diff --git a/lib/plat/unix/unix-service.c b/lib/plat/unix/unix-service.c deleted file mode 100644 index 861ed14..0000000 --- a/lib/plat/unix/unix-service.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -int -lws_poll_listen_fd(struct lws_pollfd *fd) -{ - return poll(fd, 1, 0); -} - -int -_lws_plat_service_forced_tsi(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - int m, n; - - lws_service_flag_pending(context, tsi); - - /* any socket with events to service? */ - for (n = 0; n < (int)pt->fds_count; n++) { - if (!pt->fds[n].revents) - continue; - - m = lws_service_fd_tsi(context, &pt->fds[n], tsi); - if (m < 0) { - lwsl_err("%s: lws_service_fd_tsi returned %d\n", - __func__, m); - return -1; - } - /* if something closed, retry this slot */ - if (m) - n--; - } - - lws_service_do_ripe_rxflow(pt); - - return 0; -} - -#define LWS_POLL_WAIT_LIMIT 2000000000 - -int -_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) -{ - volatile struct lws_foreign_thread_pollfd *ftp, *next; - volatile struct lws_context_per_thread *vpt; - struct lws_context_per_thread *pt; - lws_usec_t timeout_us, us; - int n = -1; -#if (defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS)) || defined(LWS_WITH_TLS) - int m; -#endif - - /* stay dead once we are dead */ - - if (!context || !context->vhost_list) - return 1; - - pt = &context->pt[tsi]; - vpt = (volatile struct lws_context_per_thread *)pt; - - lws_stats_bump(pt, LWSSTATS_C_SERVICE_ENTRY, 1); - - if (timeout_ms < 0) - timeout_ms = 0; - else - /* force a default timeout of 23 days */ - timeout_ms = LWS_POLL_WAIT_LIMIT; - timeout_us = ((lws_usec_t)timeout_ms) * LWS_US_PER_MS; - - if (context->event_loop_ops->run_pt) - context->event_loop_ops->run_pt(context, tsi); - - if (!pt->service_tid_detected) { - struct lws _lws; - - memset(&_lws, 0, sizeof(_lws)); - _lws.context = context; - - pt->service_tid = context->vhost_list->protocols[0].callback( - &_lws, LWS_CALLBACK_GET_THREAD_ID, - NULL, NULL, 0); - pt->service_tid_detected = 1; - } - - us = lws_now_usecs(); - lws_pt_lock(pt, __func__); - /* - * service ripe scheduled events, and limit wait to next expected one - */ - us = __lws_sul_service_ripe(&pt->pt_sul_owner, us); - if (us && us < timeout_us) - timeout_us = us; - - lws_pt_unlock(pt); - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (!lws_service_adjust_timeout(context, 1, tsi)) - timeout_us = 0; - - /* ensure we don't wrap at 2^31 with poll()'s signed int ms */ - - timeout_us /= LWS_US_PER_MS; /* ms now */ - if (timeout_us > LWS_POLL_WAIT_LIMIT) - timeout_us = LWS_POLL_WAIT_LIMIT; - - vpt->inside_poll = 1; - lws_memory_barrier(); - n = poll(pt->fds, pt->fds_count, timeout_us /* ms now */ ); - vpt->inside_poll = 0; - lws_memory_barrier(); - - #if defined(LWS_WITH_DETAILED_LATENCY) - /* - * so we can track how long it took before we actually read a - * POLLIN that was signalled when we last exited poll() - */ - if (context->detailed_latency_cb) - pt->ust_left_poll = lws_now_usecs(); -#endif - - /* Collision will be rare and brief. Spin until it completes */ - while (vpt->foreign_spinlock) - ; - - /* - * At this point we are not inside a foreign thread pollfd - * change, and we have marked ourselves as outside the poll() - * wait. So we are the only guys that can modify the - * lws_foreign_thread_pollfd list on the pt. Drain the list - * and apply the changes to the affected pollfds in the correct - * order. - */ - - lws_pt_lock(pt, __func__); - - ftp = vpt->foreign_pfd_list; - //lwsl_notice("cleared list %p\n", ftp); - while (ftp) { - struct lws *wsi; - struct lws_pollfd *pfd; - - next = ftp->next; - pfd = &vpt->fds[ftp->fd_index]; - if (lws_socket_is_valid(pfd->fd)) { - wsi = wsi_from_fd(context, pfd->fd); - if (wsi) - __lws_change_pollfd(wsi, ftp->_and, - ftp->_or); - } - lws_free((void *)ftp); - ftp = next; - } - vpt->foreign_pfd_list = NULL; - lws_memory_barrier(); - - lws_pt_unlock(pt); - -#if (defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS)) || defined(LWS_WITH_TLS) - m = 0; -#endif -#if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - m |= !!pt->ws.rx_draining_ext_list; -#endif - -#if defined(LWS_WITH_TLS) - if (pt->context->tls_ops && - pt->context->tls_ops->fake_POLLIN_for_buffered) - m |= pt->context->tls_ops->fake_POLLIN_for_buffered(pt); -#endif - - if ( -#if (defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS)) || defined(LWS_WITH_TLS) - !m && -#endif - !n) { /* nothing to do */ - lws_service_do_ripe_rxflow(pt); - - return 0; - } - - if (_lws_plat_service_forced_tsi(context, tsi)) - return -1; - - return 0; -} - -int -lws_plat_check_connection_error(struct lws *wsi) -{ - return 0; -} - -int -lws_plat_service(struct lws_context *context, int timeout_ms) -{ - return _lws_plat_service_tsi(context, timeout_ms, 0); -} diff --git a/lib/plat/unix/unix-sockets.c b/lib/plat/unix/unix-sockets.c deleted file mode 100644 index e356f91..0000000 --- a/lib/plat/unix/unix-sockets.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE -#include "core/private.h" - -#include -#include - - - -int -lws_send_pipe_choked(struct lws *wsi) -{ - struct lws_pollfd fds; - struct lws *wsi_eff; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws && wsi->ws->tx_draining_ext) - return 1; -#endif - -#if defined(LWS_WITH_HTTP2) - wsi_eff = lws_get_network_wsi(wsi); -#else - wsi_eff = wsi; -#endif - - /* the fact we checked implies we avoided back-to-back writes */ - wsi_eff->could_have_pending = 0; - - /* treat the fact we got a truncated send pending as if we're choked */ - if (lws_has_buffered_out(wsi_eff) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - ||wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) - return 1; - - fds.fd = wsi_eff->desc.sockfd; - fds.events = POLLOUT; - fds.revents = 0; - - if (poll(&fds, 1, 0) != 1) - return 1; - - if ((fds.revents & POLLOUT) == 0) - return 1; - - /* okay to send another packet without blocking */ - - return 0; -} - -int -lws_plat_set_nonblocking(int fd) -{ - return fcntl(fd, F_SETFL, O_NONBLOCK) < 0; -} - -int -lws_plat_set_socket_options(struct lws_vhost *vhost, int fd, int unix_skt) -{ - int optval = 1; - socklen_t optlen = sizeof(optval); - -#if defined(__APPLE__) || \ - defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ - defined(__NetBSD__) || \ - defined(__OpenBSD__) || \ - defined(__HAIKU__) - struct protoent *tcp_proto; -#endif - - (void)fcntl(fd, F_SETFD, FD_CLOEXEC); - - if (!unix_skt && vhost->ka_time) { - /* enable keepalive on this socket */ - optval = 1; - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, - (const void *)&optval, optlen) < 0) - return 1; - -#if defined(__APPLE__) || \ - defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || \ - defined(__NetBSD__) || \ - defined(__CYGWIN__) || defined(__OpenBSD__) || defined (__sun) || \ - defined(__HAIKU__) - - /* - * didn't find a way to set these per-socket, need to - * tune kernel systemwide values - */ -#else - /* set the keepalive conditions we want on it too */ - -#if defined(LWS_HAVE_TCP_USER_TIMEOUT) - optval = 1000 * (vhost->ka_time + - (vhost->ka_interval * vhost->ka_probes)); - if (setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, - (const void *)&optval, optlen) < 0) - return 1; -#endif - optval = vhost->ka_time; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPIDLE, - (const void *)&optval, optlen) < 0) - return 1; - - optval = vhost->ka_interval; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPINTVL, - (const void *)&optval, optlen) < 0) - return 1; - - optval = vhost->ka_probes; - if (setsockopt(fd, IPPROTO_TCP, TCP_KEEPCNT, - (const void *)&optval, optlen) < 0) - return 1; -#endif - } - -#if defined(SO_BINDTODEVICE) - if (!unix_skt && vhost->bind_iface && vhost->iface) { - lwsl_info("binding listen skt to %s using SO_BINDTODEVICE\n", vhost->iface); - if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, vhost->iface, - strlen(vhost->iface)) < 0) { - lwsl_warn("Failed to bind to device %s\n", vhost->iface); - return 1; - } - } -#endif - - /* Disable Nagle */ - optval = 1; -#if defined (__sun) || defined(__QNX__) - if (!unix_skt && setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (const void *)&optval, optlen) < 0) - return 1; -#elif !defined(__APPLE__) && \ - !defined(__FreeBSD__) && !defined(__FreeBSD_kernel__) && \ - !defined(__NetBSD__) && \ - !defined(__OpenBSD__) && \ - !defined(__HAIKU__) - if (!unix_skt && setsockopt(fd, SOL_TCP, TCP_NODELAY, (const void *)&optval, optlen) < 0) - return 1; -#else - tcp_proto = getprotobyname("TCP"); - if (!unix_skt && setsockopt(fd, tcp_proto->p_proto, TCP_NODELAY, &optval, optlen) < 0) - return 1; -#endif - - return lws_plat_set_nonblocking(fd); -} - - -/* cast a struct sockaddr_in6 * into addr for ipv6 */ - -int -lws_interface_to_sa(int ipv6, const char *ifname, struct sockaddr_in *addr, - size_t addrlen) -{ - int rc = LWS_ITOSA_NOT_EXIST; - - struct ifaddrs *ifr; - struct ifaddrs *ifc; -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; -#endif - - getifaddrs(&ifr); - for (ifc = ifr; ifc != NULL && rc; ifc = ifc->ifa_next) { - if (!ifc->ifa_addr) - continue; - - lwsl_debug(" interface %s vs %s (fam %d) ipv6 %d\n", - ifc->ifa_name, ifname, - ifc->ifa_addr->sa_family, ipv6); - - if (strcmp(ifc->ifa_name, ifname)) - continue; - - switch (ifc->ifa_addr->sa_family) { -#if defined(AF_PACKET) - case AF_PACKET: - /* interface exists but is not usable */ - rc = LWS_ITOSA_NOT_USABLE; - continue; -#endif - - case AF_INET: -#ifdef LWS_WITH_IPV6 - if (ipv6) { - /* map IPv4 to IPv6 */ - memset((char *)&addr6->sin6_addr, 0, - sizeof(struct in6_addr)); - addr6->sin6_addr.s6_addr[10] = 0xff; - addr6->sin6_addr.s6_addr[11] = 0xff; - memcpy(&addr6->sin6_addr.s6_addr[12], - &((struct sockaddr_in *)ifc->ifa_addr)->sin_addr, - sizeof(struct in_addr)); - lwsl_debug("%s: uplevelling ipv4 bind to ipv6\n", __func__); - } else -#endif - memcpy(addr, - (struct sockaddr_in *)ifc->ifa_addr, - sizeof(struct sockaddr_in)); - break; -#ifdef LWS_WITH_IPV6 - case AF_INET6: - memcpy(&addr6->sin6_addr, - &((struct sockaddr_in6 *)ifc->ifa_addr)->sin6_addr, - sizeof(struct in6_addr)); - break; -#endif - default: - continue; - } - rc = LWS_ITOSA_USABLE; - } - - freeifaddrs(ifr); - - if (rc) { - /* check if bind to IP address */ -#ifdef LWS_WITH_IPV6 - if (inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) - rc = LWS_ITOSA_USABLE; - else -#endif - if (inet_pton(AF_INET, ifname, &addr->sin_addr) == 1) - rc = LWS_ITOSA_USABLE; - } - - return rc; -} - - -const char * -lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) -{ - return inet_ntop(af, src, dst, cnt); -} - -int -lws_plat_inet_pton(int af, const char *src, void *dst) -{ - return inet_pton(af, src, dst); -} diff --git a/lib/plat/windows/private.h b/lib/plat/windows/private.h deleted file mode 100644 index a7756d8..0000000 --- a/lib/plat/windows/private.h +++ /dev/null @@ -1,147 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * Included from lib/core/private.h if defined(WIN32) || defined(_WIN32) - */ - - #ifndef WIN32_LEAN_AND_MEAN - #define WIN32_LEAN_AND_MEAN - #endif - - #if defined(WINVER) && (WINVER < 0x0501) - #undef WINVER - #undef _WIN32_WINNT - #define WINVER 0x0501 - #define _WIN32_WINNT WINVER - #endif - - #define LWS_NO_DAEMONIZE - #define LWS_ERRNO WSAGetLastError() - #define LWS_EAGAIN WSAEWOULDBLOCK - #define LWS_EALREADY WSAEALREADY - #define LWS_EINPROGRESS WSAEINPROGRESS - #define LWS_EINTR WSAEINTR - #define LWS_EISCONN WSAEISCONN - #define LWS_ENOTCONN WSAENOTCONN - #define LWS_EWOULDBLOCK WSAEWOULDBLOCK - #define LWS_EADDRINUSE WSAEADDRINUSE - #define MSG_NOSIGNAL 0 - #define SHUT_RDWR SD_BOTH - #define SOL_TCP IPPROTO_TCP - #define SHUT_WR SD_SEND - - #define compatible_close(fd) closesocket(fd) - #define lws_set_blocking_send(wsi) wsi->sock_send_blocking = 1 - - #include - #include - #include - #include - #ifdef LWS_HAVE_IN6ADDR_H - #include - #endif - #include - #include - - #if !defined(LWS_HAVE_ATOLL) - #if defined(LWS_HAVE__ATOI64) - #define atoll _atoi64 - #else - #warning No atoll or _atoi64 available, using atoi - #define atoll atoi - #endif - #endif - - #ifndef __func__ - #define __func__ __FUNCTION__ - #endif - - #ifdef LWS_HAVE__VSNPRINTF - #define vsnprintf _vsnprintf - #endif - -/* we don't have an implementation for this on windows... */ -int kill(int pid, int sig); -int fork(void); -#ifndef SIGINT -#define SIGINT 2 -#endif - -#include - -#ifndef BIG_ENDIAN - #define BIG_ENDIAN 4321 /* to show byte order (taken from gcc) */ -#endif -#ifndef LITTLE_ENDIAN - #define LITTLE_ENDIAN 1234 -#endif -#ifndef BYTE_ORDER - #define BYTE_ORDER LITTLE_ENDIAN -#endif - -#undef __P -#ifndef __P - #if __STDC__ - #define __P(protos) protos - #else - #define __P(protos) () - #endif -#endif - -#ifdef _WIN32 - #ifndef FD_HASHTABLE_MODULUS - #define FD_HASHTABLE_MODULUS 32 - #endif -#endif - -#define lws_plat_socket_offset() (0) - -struct lws; -struct lws_context; - -#define LWS_FD_HASH(fd) ((fd ^ (fd >> 8) ^ (fd >> 16)) % FD_HASHTABLE_MODULUS) -struct lws_fd_hashtable { - struct lws **wsi; - int length; -}; - - -#ifdef LWS_DLL -#ifdef LWS_INTERNAL -#define LWS_EXTERN extern __declspec(dllexport) -#else -#define LWS_EXTERN extern __declspec(dllimport) -#endif -#else -#define LWS_EXTERN -#endif - -typedef SOCKET lws_sockfd_type; -typedef HANDLE lws_filefd_type; -#define LWS_WIN32_HANDLE_TYPES - -LWS_EXTERN struct lws * -wsi_from_fd(const struct lws_context *context, lws_sockfd_type fd); - -LWS_EXTERN int -insert_wsi(struct lws_context *context, struct lws *wsi); - -LWS_EXTERN int -delete_from_fd(struct lws_context *context, lws_sockfd_type fd); diff --git a/lib/plat/windows/windows-fds.c b/lib/plat/windows/windows-fds.c deleted file mode 100644 index 0d324e8..0000000 --- a/lib/plat/windows/windows-fds.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - -struct lws * -wsi_from_fd(const struct lws_context *context, lws_sockfd_type fd) -{ - int h = LWS_FD_HASH(fd); - int n = 0; - - for (n = 0; n < context->fd_hashtable[h].length; n++) - if (context->fd_hashtable[h].wsi[n]->desc.sockfd == fd) - return context->fd_hashtable[h].wsi[n]; - - return NULL; -} - -int -insert_wsi(struct lws_context *context, struct lws *wsi) -{ - int h = LWS_FD_HASH(wsi->desc.sockfd); - - if (context->fd_hashtable[h].length == (getdtablesize() - 1)) { - lwsl_err("hash table overflow\n"); - return 1; - } - - context->fd_hashtable[h].wsi[context->fd_hashtable[h].length++] = wsi; - - return 0; -} - -int -delete_from_fd(struct lws_context *context, lws_sockfd_type fd) -{ - int h = LWS_FD_HASH(fd); - int n = 0; - - for (n = 0; n < context->fd_hashtable[h].length; n++) - if (context->fd_hashtable[h].wsi[n]->desc.sockfd == fd) { - while (n < context->fd_hashtable[h].length) { - context->fd_hashtable[h].wsi[n] = - context->fd_hashtable[h].wsi[n + 1]; - n++; - } - context->fd_hashtable[h].length--; - - return 0; - } - - lwsl_err("Failed to find fd %d requested for " - "delete in hashtable\n", fd); - return 1; -} diff --git a/lib/plat/windows/windows-file.c b/lib/plat/windows/windows-file.c deleted file mode 100644 index 6516b70..0000000 --- a/lib/plat/windows/windows-file.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - -int lws_plat_apply_FD_CLOEXEC(int n) -{ - return 0; -} - -lws_fop_fd_t -_lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, - const char *vpath, lws_fop_flags_t *flags) -{ - HANDLE ret; - WCHAR buf[MAX_PATH]; - lws_fop_fd_t fop_fd; - LARGE_INTEGER llFileSize = {0}; - - MultiByteToWideChar(CP_UTF8, 0, filename, -1, buf, LWS_ARRAY_SIZE(buf)); - if (((*flags) & 7) == _O_RDONLY) { - ret = CreateFileW(buf, GENERIC_READ, FILE_SHARE_READ, - NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - } else { - ret = CreateFileW(buf, GENERIC_WRITE, 0, NULL, - CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - } - - if (ret == LWS_INVALID_FILE) - goto bail; - - fop_fd = malloc(sizeof(*fop_fd)); - if (!fop_fd) - goto bail; - - fop_fd->fops = fops; - fop_fd->fd = ret; - fop_fd->filesystem_priv = NULL; /* we don't use it */ - fop_fd->flags = *flags; - fop_fd->len = GetFileSize(ret, NULL); - if(GetFileSizeEx(ret, &llFileSize)) - fop_fd->len = llFileSize.QuadPart; - - fop_fd->pos = 0; - - return fop_fd; - -bail: - return NULL; -} - -int -_lws_plat_file_close(lws_fop_fd_t *fop_fd) -{ - HANDLE fd = (*fop_fd)->fd; - - free(*fop_fd); - *fop_fd = NULL; - - CloseHandle((HANDLE)fd); - - return 0; -} - -lws_fileofs_t -_lws_plat_file_seek_cur(lws_fop_fd_t fop_fd, lws_fileofs_t offset) -{ - LARGE_INTEGER l; - - l.QuadPart = offset; - return SetFilePointerEx((HANDLE)fop_fd->fd, l, NULL, FILE_CURRENT); -} - -int -_lws_plat_file_read(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t *buf, lws_filepos_t len) -{ - DWORD _amount; - - if (!ReadFile((HANDLE)fop_fd->fd, buf, (DWORD)len, &_amount, NULL)) { - *amount = 0; - - return 1; - } - - fop_fd->pos += _amount; - *amount = (unsigned long)_amount; - - return 0; -} - -int -_lws_plat_file_write(lws_fop_fd_t fop_fd, lws_filepos_t *amount, - uint8_t* buf, lws_filepos_t len) -{ - DWORD _amount; - - if (!WriteFile((HANDLE)fop_fd->fd, buf, (DWORD)len, &_amount, NULL)) { - *amount = 0; - - return 1; - } - - fop_fd->pos += _amount; - *amount = (unsigned long)_amount; - - return 0; -} - - -int -lws_plat_write_cert(struct lws_vhost *vhost, int is_key, int fd, void *buf, - int len) -{ - int n; - - n = write(fd, buf, len); - - lseek(fd, 0, SEEK_SET); - - return n != len; -} - -int -lws_plat_write_file(const char *filename, void *buf, int len) -{ - int m, fd; - - fd = lws_open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600); - - if (fd == -1) - return -1; - - m = write(fd, buf, len); - close(fd); - - return m != len; -} - -int -lws_plat_read_file(const char *filename, void *buf, int len) -{ - int n, fd = lws_open(filename, O_RDONLY); - if (fd == -1) - return -1; - - n = read(fd, buf, len); - close(fd); - - return n; -} - diff --git a/lib/plat/windows/windows-init.c b/lib/plat/windows/windows-init.c deleted file mode 100644 index 5a2df0d..0000000 --- a/lib/plat/windows/windows-init.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - -int -lws_plat_drop_app_privileges(struct lws_context *context, int actually_set) -{ - return 0; -} - -int -lws_plat_context_early_init(void) -{ - WORD wVersionRequested; - WSADATA wsaData; - int err; - - /* Use the MAKEWORD(lowbyte, highbyte) macro from Windef.h */ - wVersionRequested = MAKEWORD(2, 2); - - err = WSAStartup(wVersionRequested, &wsaData); - if (!err) - return 0; - /* - * Tell the user that we could not find a usable - * Winsock DLL - */ - lwsl_err("WSAStartup failed with error: %d\n", err); - - return 1; -} - -int -lws_plat_init(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - int i, n = context->count_threads; - - for (i = 0; i < FD_HASHTABLE_MODULUS; i++) { - context->fd_hashtable[i].wsi = - lws_zalloc(sizeof(struct lws*) * context->max_fds, - "win hashtable"); - - if (!context->fd_hashtable[i].wsi) - return -1; - } - - while (n--) { - pt->fds_count = 0; - pt->events = WSACreateEvent(); /* the cancel event */ - InitializeCriticalSection(&pt->interrupt_lock); - - pt++; - } - - context->fd_random = 0; - -#ifdef LWS_WITH_PLUGINS - if (info->plugin_dirs) - lws_plat_plugins_init(context, info->plugin_dirs); -#endif - - return 0; -} - -void -lws_plat_context_early_destroy(struct lws_context *context) -{ - struct lws_context_per_thread *pt = &context->pt[0]; - int n = context->count_threads; - - while (n--) { - WSACloseEvent(pt->events); - DeleteCriticalSection(&pt->interrupt_lock); - pt++; - } -} - -void -lws_plat_context_late_destroy(struct lws_context *context) -{ - int n; - - for (n = 0; n < FD_HASHTABLE_MODULUS; n++) { - if (context->fd_hashtable[n].wsi) - lws_free(context->fd_hashtable[n].wsi); - } - - WSACleanup(); -} diff --git a/lib/plat/windows/windows-misc.c b/lib/plat/windows/windows-misc.c deleted file mode 100644 index 9059a73..0000000 --- a/lib/plat/windows/windows-misc.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - - -lws_usec_t -lws_now_usecs(void) -{ -#ifndef DELTA_EPOCH_IN_MICROSECS -#define DELTA_EPOCH_IN_MICROSECS 11644473600000000ULL -#endif - FILETIME filetime; - ULARGE_INTEGER datetime; - -#ifdef _WIN32_WCE - GetCurrentFT(&filetime); -#else - GetSystemTimeAsFileTime(&filetime); -#endif - - /* - * As per Windows documentation for FILETIME, copy the resulting - * FILETIME structure to a ULARGE_INTEGER structure using memcpy - * (using memcpy instead of direct assignment can prevent alignment - * faults on 64-bit Windows). - */ - memcpy(&datetime, &filetime, sizeof(datetime)); - - /* Windows file times are in 100s of nanoseconds. */ - return (datetime.QuadPart / 10) - DELTA_EPOCH_IN_MICROSECS; -} - - -#ifdef _WIN32_WCE -time_t time(time_t *t) -{ - time_t ret = lws_now_usecs() / 1000000; - - if(t != NULL) - *t = ret; - - return ret; -} -#endif - -LWS_VISIBLE int -lws_get_random(struct lws_context *context, void *buf, int len) -{ - int n; - char *p = (char *)buf; - - for (n = 0; n < len; n++) - p[n] = (unsigned char)rand(); - - return n; -} - - -LWS_VISIBLE void -lwsl_emit_syslog(int level, const char *line) -{ - lwsl_emit_stderr(level, line); -} - - -int kill(int pid, int sig) -{ - lwsl_err("Sorry Windows doesn't support kill()."); - exit(0); -} - -int fork(void) -{ - lwsl_err("Sorry Windows doesn't support fork()."); - exit(0); -} - - -int -lws_plat_recommended_rsa_bits(void) -{ - return 4096; -} - - - diff --git a/lib/plat/windows/windows-pipe.c b/lib/plat/windows/windows-pipe.c deleted file mode 100644 index 0953871..0000000 --- a/lib/plat/windows/windows-pipe.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - -int -lws_plat_pipe_create(struct lws *wsi) -{ - return 1; -} - -int -lws_plat_pipe_signal(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - EnterCriticalSection(&pt->interrupt_lock); - pt->interrupt_requested = 1; - LeaveCriticalSection(&pt->interrupt_lock); - WSASetEvent(pt->events); /* trigger the cancel event */ - - return 0; -} - -void -lws_plat_pipe_close(struct lws *wsi) -{ -} diff --git a/lib/plat/windows/windows-plugins.c b/lib/plat/windows/windows-plugins.c deleted file mode 100644 index 7f83524..0000000 --- a/lib/plat/windows/windows-plugins.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - -int -lws_plat_plugins_init(struct lws_context * context, const char * const *d) -{ -#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) - return lws_uv_plugins_init(context, d); -#endif - - return 0; -} - -int -lws_plat_plugins_destroy(struct lws_context * context) -{ -#if defined(LWS_WITH_PLUGINS) && (UV_VERSION_MAJOR > 0) - if (lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV)) - return lws_uv_plugins_destroy(context); -#endif - - return 0; -} diff --git a/lib/plat/windows/windows-service.c b/lib/plat/windows/windows-service.c deleted file mode 100644 index 4036528..0000000 --- a/lib/plat/windows/windows-service.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - - -int -_lws_plat_service_forced_tsi(struct lws_context *context, int tsi) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - int m, n; - - lws_service_flag_pending(context, tsi); - - /* any socket with events to service? */ - for (n = 0; n < (int)pt->fds_count; n++) { - if (!pt->fds[n].revents) - continue; - - m = lws_service_fd_tsi(context, &pt->fds[n], tsi); - if (m < 0) - return -1; - /* if something closed, retry this slot */ - if (m) - n--; - } - - lws_service_do_ripe_rxflow(pt); - - return 0; -} - - -LWS_EXTERN int -_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi) -{ - struct lws_context_per_thread *pt; - WSANETWORKEVENTS networkevents; - struct lws_pollfd *pfd; - lws_usec_t timeout_us; - struct lws *wsi; - unsigned int i; - DWORD ev; - int n; - unsigned int eIdx; - int interrupt_requested; - - /* stay dead once we are dead */ - if (context == NULL || !context->vhost_list) - return 1; - - pt = &context->pt[tsi]; - - if (!pt->service_tid_detected) { - struct lws _lws; - - memset(&_lws, 0, sizeof(_lws)); - _lws.context = context; - - pt->service_tid = context->vhost_list-> - protocols[0].callback(&_lws, LWS_CALLBACK_GET_THREAD_ID, - NULL, NULL, 0); - pt->service_tid_detected = 1; - } - - if (timeout_ms < 0) - timeout_ms = 0; - else - /* force a default timeout of 23 days */ - timeout_ms = 2000000000; - timeout_us = ((lws_usec_t)timeout_ms) * LWS_US_PER_MS; - - if (context->event_loop_ops->run_pt) - context->event_loop_ops->run_pt(context, tsi); - - for (i = 0; i < pt->fds_count; ++i) { - pfd = &pt->fds[i]; - - if (!(pfd->events & LWS_POLLOUT)) - continue; - - wsi = wsi_from_fd(context, pfd->fd); - if (!wsi || wsi->listener) - continue; - if (wsi->sock_send_blocking) - continue; - pfd->revents = LWS_POLLOUT; - n = lws_service_fd(context, pfd); - if (n < 0) - return -1; - - /* - * Force WSAWaitForMultipleEvents() to check events - * and then return immediately. - */ - timeout_us = 0; - - /* if something closed, retry this slot */ - if (n) - i--; - } - - /* - * is there anybody with pending stuff that needs service forcing? - */ - if (!lws_service_adjust_timeout(context, 1, tsi)) - _lws_plat_service_forced_tsi(context, tsi); - - /* - * service pending callbakcs and get maximum wait time - */ - { - lws_usec_t us; - - lws_pt_lock(pt, __func__); - /* don't stay in poll wait longer than next hr timeout */ - us = __lws_sul_service_ripe(&pt->pt_sul_owner, lws_now_usecs()); - if (us && us < timeout_us) - timeout_us = us; - - lws_pt_unlock(pt); - } - - for (n = 0; n < (int)pt->fds_count; n++) - WSAEventSelect(pt->fds[n].fd, pt->events, - FD_READ | (!!(pt->fds[n].events & LWS_POLLOUT) * FD_WRITE) | - FD_OOB | FD_ACCEPT | - FD_CONNECT | FD_CLOSE | FD_QOS | - FD_ROUTING_INTERFACE_CHANGE | - FD_ADDRESS_LIST_CHANGE); - - ev = WSAWaitForMultipleEvents(1, &pt->events, FALSE, - (DWORD)(timeout_us / LWS_US_PER_MS), FALSE); - if (ev == WSA_WAIT_EVENT_0) { - EnterCriticalSection(&pt->interrupt_lock); - interrupt_requested = pt->interrupt_requested; - pt->interrupt_requested = 0; - LeaveCriticalSection(&pt->interrupt_lock); - if (interrupt_requested) { - lws_broadcast(pt, LWS_CALLBACK_EVENT_WAIT_CANCELLED, - NULL, 0); - return 0; - } - -#if defined(LWS_WITH_TLS) - if (pt->context->tls_ops && - pt->context->tls_ops->fake_POLLIN_for_buffered) - pt->context->tls_ops->fake_POLLIN_for_buffered(pt); -#endif - - for (eIdx = 0; eIdx < pt->fds_count; ++eIdx) { - unsigned int err; - - if (WSAEnumNetworkEvents(pt->fds[eIdx].fd, pt->events, - &networkevents) == SOCKET_ERROR) { - lwsl_err("WSAEnumNetworkEvents() failed " - "with error %d\n", LWS_ERRNO); - return -1; - } - - if (!networkevents.lNetworkEvents) - networkevents.lNetworkEvents = LWS_POLLOUT; - - pfd = &pt->fds[eIdx]; - pfd->revents = (short)networkevents.lNetworkEvents; - - err = networkevents.iErrorCode[FD_CONNECT_BIT]; - - if ((networkevents.lNetworkEvents & FD_CONNECT) && - err && err != LWS_EALREADY && - err != LWS_EINPROGRESS && err != LWS_EWOULDBLOCK && - err != WSAEINVAL) { - lwsl_debug("Unable to connect errno=%d\n", err); - pfd->revents |= LWS_POLLHUP; - } - - if (pfd->revents & LWS_POLLOUT) { - wsi = wsi_from_fd(context, pfd->fd); - if (wsi) - wsi->sock_send_blocking = 0; - } - /* if something closed, retry this slot */ - if (pfd->revents & LWS_POLLHUP) - --eIdx; - - if (pfd->revents) { - recv(pfd->fd, NULL, 0, 0); - lws_service_fd_tsi(context, pfd, tsi); - } - } - - return 0; - } - - // if (ev == WSA_WAIT_TIMEOUT) { } - // if (ev == WSA_WAIT_FAILED) - // return 0; - - return 0; -} - -int -lws_plat_service(struct lws_context *context, int timeout_ms) -{ - return _lws_plat_service_tsi(context, timeout_ms, 0); -} diff --git a/lib/plat/windows/windows-sockets.c b/lib/plat/windows/windows-sockets.c deleted file mode 100644 index 38910fc..0000000 --- a/lib/plat/windows/windows-sockets.c +++ /dev/null @@ -1,309 +0,0 @@ -#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS -#define _WINSOCK_DEPRECATED_NO_WARNINGS -#endif -#include "core/private.h" - - -LWS_VISIBLE int -lws_send_pipe_choked(struct lws *wsi) -{ struct lws *wsi_eff; - -#if defined(LWS_WITH_HTTP2) - wsi_eff = lws_get_network_wsi(wsi); -#else - wsi_eff = wsi; -#endif - /* the fact we checked implies we avoided back-to-back writes */ - wsi_eff->could_have_pending = 0; - - /* treat the fact we got a truncated send pending as if we're choked */ - if (lws_has_buffered_out(wsi_eff) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - ||wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) - return 1; - - return (int)wsi_eff->sock_send_blocking; -} - -int -lws_poll_listen_fd(struct lws_pollfd *fd) -{ - fd_set readfds; - struct timeval tv = { 0, 0 }; - - assert((fd->events & LWS_POLLIN) == LWS_POLLIN); - - FD_ZERO(&readfds); - FD_SET(fd->fd, &readfds); - - return select(((int)fd->fd) + 1, &readfds, NULL, NULL, &tv); -} - -int -lws_plat_set_nonblocking(int fd) -{ - u_long optl = 1; - int result = !!ioctlsocket(fd, FIONBIO, &optl); - if (result) - { - int error = LWS_ERRNO; - lwsl_err("ioctlsocket FIONBIO 1 failed with error %d\n", error); - } - return result; -} - -int -lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, - int unix_skt) -{ - int optval = 1; - int optlen = sizeof(optval); - DWORD dwBytesRet; - struct tcp_keepalive alive; - int protonbr; -#ifndef _WIN32_WCE - struct protoent *tcp_proto; -#endif - - if (vhost->ka_time) { - /* enable keepalive on this socket */ - optval = 1; - if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, - (const char *)&optval, optlen) < 0) { - int error = LWS_ERRNO; - lwsl_err("setsockopt SO_KEEPALIVE 1 failed with error %d\n", error); - return 1; - } - - alive.onoff = TRUE; - alive.keepalivetime = vhost->ka_time * 1000; - alive.keepaliveinterval = vhost->ka_interval * 1000; - - if (WSAIoctl(fd, SIO_KEEPALIVE_VALS, &alive, sizeof(alive), - NULL, 0, &dwBytesRet, NULL, NULL)) { - int error = LWS_ERRNO; - lwsl_err("WSAIoctl SIO_KEEPALIVE_VALS 1 %lu %lu failed with error %d\n", alive.keepalivetime, alive.keepaliveinterval, error); - return 1; - } - } - - /* Disable Nagle */ - optval = 1; -#ifndef _WIN32_WCE - tcp_proto = getprotobyname("TCP"); - if (!tcp_proto) { - int error = LWS_ERRNO; - lwsl_warn("getprotobyname(\"TCP\") failed with error, falling back to 6 %d\n", error); - protonbr = 6; /* IPPROTO_TCP */ - } else - protonbr = tcp_proto->p_proto; -#else - protonbr = 6; -#endif - - if (setsockopt(fd, protonbr, TCP_NODELAY, (const char *)&optval, optlen) ) { - int error = LWS_ERRNO; - lwsl_warn("setsockopt TCP_NODELAY 1 failed with error %d\n", error); - } - - - return lws_plat_set_nonblocking(fd); -} - - -LWS_EXTERN int -lws_interface_to_sa(int ipv6, - const char *ifname, struct sockaddr_in *addr, size_t addrlen) -{ -#ifdef LWS_WITH_IPV6 - struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)addr; - - if (ipv6) { - if (lws_plat_inet_pton(AF_INET6, ifname, &addr6->sin6_addr) == 1) { - return LWS_ITOSA_USABLE; - } - } -#endif - - long long address = inet_addr(ifname); - - if (address == INADDR_NONE) { - struct hostent *entry = gethostbyname(ifname); - if (entry) - address = ((struct in_addr *)entry->h_addr_list[0])->s_addr; - } - - if (address == INADDR_NONE) - return LWS_ITOSA_NOT_EXIST; - - addr->sin_addr.s_addr = (unsigned long)(lws_intptr_t)address; - - return LWS_ITOSA_USABLE; -} - -void -lws_plat_insert_socket_into_fds(struct lws_context *context, struct lws *wsi) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int n = LWS_POLLIN | LWS_POLLHUP | FD_CONNECT; - - if (wsi->udp) { - lwsl_info("%s: UDP\n", __func__); - n = LWS_POLLIN; - } - - pt->fds[pt->fds_count++].revents = 0; - WSAEventSelect(wsi->desc.sockfd, pt->events, n); -} - -void -lws_plat_delete_socket_from_fds(struct lws_context *context, - struct lws *wsi, int m) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - - pt->fds_count--; -} - - -int -lws_plat_check_connection_error(struct lws *wsi) -{ - int optVal; - int optLen = sizeof(int); - - if (getsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_ERROR, - (char*)&optVal, &optLen) != SOCKET_ERROR && optVal && - optVal != LWS_EALREADY && optVal != LWS_EINPROGRESS && - optVal != LWS_EWOULDBLOCK && optVal != WSAEINVAL) { - lwsl_debug("Connect failed SO_ERROR=%d\n", optVal); - return 1; - } - - return 0; -} - -int -lws_plat_change_pollfd(struct lws_context *context, - struct lws *wsi, struct lws_pollfd *pfd) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - long e = LWS_POLLHUP | FD_CONNECT; - - if ((pfd->events & LWS_POLLIN)) - e |= LWS_POLLIN; - - if ((pfd->events & LWS_POLLOUT)) - e |= LWS_POLLOUT; - - if (WSAEventSelect(wsi->desc.sockfd, pt->events, e) != SOCKET_ERROR) - return 0; - - lwsl_err("WSAEventSelect() failed with error %d\n", LWS_ERRNO); - - return 1; -} - -const char * -lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt) -{ - WCHAR *buffer; - DWORD bufferlen = cnt; - BOOL ok = FALSE; - - buffer = lws_malloc(bufferlen * 2, "inet_ntop"); - if (!buffer) { - lwsl_err("Out of memory\n"); - return NULL; - } - - if (af == AF_INET) { - struct sockaddr_in srcaddr; - memset(&srcaddr, 0, sizeof(srcaddr)); - srcaddr.sin_family = AF_INET; - memcpy(&(srcaddr.sin_addr), src, sizeof(srcaddr.sin_addr)); - - if (!WSAAddressToStringW((struct sockaddr*)&srcaddr, sizeof(srcaddr), 0, buffer, &bufferlen)) - ok = TRUE; -#ifdef LWS_WITH_IPV6 - } else if (af == AF_INET6) { - struct sockaddr_in6 srcaddr; - memset(&srcaddr, 0, sizeof(srcaddr)); - srcaddr.sin6_family = AF_INET6; - memcpy(&(srcaddr.sin6_addr), src, sizeof(srcaddr.sin6_addr)); - - if (!WSAAddressToStringW((struct sockaddr*)&srcaddr, sizeof(srcaddr), 0, buffer, &bufferlen)) - ok = TRUE; -#endif - } else - lwsl_err("Unsupported type\n"); - - if (!ok) { - int rv = WSAGetLastError(); - lwsl_err("WSAAddressToString() : %d\n", rv); - } else { - if (WideCharToMultiByte(CP_ACP, 0, buffer, bufferlen, dst, cnt, 0, NULL) <= 0) - ok = FALSE; - } - - lws_free(buffer); - return ok ? dst : NULL; -} - -int -lws_plat_inet_pton(int af, const char *src, void *dst) -{ - WCHAR *buffer; - DWORD bufferlen = (int)strlen(src) + 1; - BOOL ok = FALSE; - - buffer = lws_malloc(bufferlen * 2, "inet_pton"); - if (!buffer) { - lwsl_err("Out of memory\n"); - return -1; - } - - if (MultiByteToWideChar(CP_ACP, 0, src, bufferlen, buffer, bufferlen) <= 0) { - lwsl_err("Failed to convert multi byte to wide char\n"); - lws_free(buffer); - return -1; - } - - if (af == AF_INET) { - struct sockaddr_in dstaddr; - int dstaddrlen = sizeof(dstaddr); - - memset(&dstaddr, 0, sizeof(dstaddr)); - dstaddr.sin_family = AF_INET; - - if (!WSAStringToAddressW(buffer, af, 0, (struct sockaddr *) &dstaddr, &dstaddrlen)) { - ok = TRUE; - memcpy(dst, &dstaddr.sin_addr, sizeof(dstaddr.sin_addr)); - } -#ifdef LWS_WITH_IPV6 - } else if (af == AF_INET6) { - struct sockaddr_in6 dstaddr; - int dstaddrlen = sizeof(dstaddr); - - memset(&dstaddr, 0, sizeof(dstaddr)); - dstaddr.sin6_family = AF_INET6; - - if (!WSAStringToAddressW(buffer, af, 0, (struct sockaddr *) &dstaddr, &dstaddrlen)) { - ok = TRUE; - memcpy(dst, &dstaddr.sin6_addr, sizeof(dstaddr.sin6_addr)); - } -#endif - } else - lwsl_err("Unsupported type\n"); - - if (!ok) { - int rv = WSAGetLastError(); - lwsl_err("WSAAddressToString() : %d\n", rv); - } - - lws_free(buffer); - return ok ? 1 : -1; -} diff --git a/lib/pollfd.c b/lib/pollfd.c new file mode 100644 index 0000000..25167dd --- /dev/null +++ b/lib/pollfd.c @@ -0,0 +1,560 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2015 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +int +_lws_change_pollfd(struct lws *wsi, int _and, int _or, struct lws_pollargs *pa) +{ + struct lws_context_per_thread *pt; + struct lws_context *context; + int ret = 0, pa_events = 1; + struct lws_pollfd *pfd; + int sampled_tid, tid; + + if (!wsi || wsi->position_in_fds_table < 0) + return 0; + + if (wsi->handling_pollout && !_and && _or == LWS_POLLOUT) { + /* + * Happening alongside service thread handling POLLOUT. + * The danger is when he is finished, he will disable POLLOUT, + * countermanding what we changed here. + * + * Instead of changing the fds, inform the service thread + * what happened, and ask it to leave POLLOUT active on exit + */ + wsi->leave_pollout_active = 1; + /* + * by definition service thread is not in poll wait, so no need + * to cancel service + */ + + lwsl_debug("%s: using leave_pollout_active\n", __func__); + + return 0; + } + + context = wsi->context; + pt = &context->pt[(int)wsi->tsi]; + assert(wsi->position_in_fds_table >= 0 && + wsi->position_in_fds_table < pt->fds_count); + + pfd = &pt->fds[wsi->position_in_fds_table]; + pa->fd = wsi->desc.sockfd; + pa->prev_events = pfd->events; + pa->events = pfd->events = (pfd->events & ~_and) | _or; + + //lwsl_notice("%s: wsi %p, posin %d. from %d -> %d\n", __func__, wsi, wsi->position_in_fds_table, pa->prev_events, pa->events); + + + if (wsi->http2_substream) + return 0; + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_CHANGE_MODE_POLL_FD, + wsi->user_space, (void *)pa, 0)) { + ret = -1; + goto bail; + } + + if (_and & LWS_POLLIN) { + lws_libev_io(wsi, LWS_EV_STOP | LWS_EV_READ); + lws_libuv_io(wsi, LWS_EV_STOP | LWS_EV_READ); + lws_libevent_io(wsi, LWS_EV_STOP | LWS_EV_READ); + } + if (_or & LWS_POLLIN) { + lws_libev_io(wsi, LWS_EV_START | LWS_EV_READ); + lws_libuv_io(wsi, LWS_EV_START | LWS_EV_READ); + lws_libevent_io(wsi, LWS_EV_START | LWS_EV_READ); + } + if (_and & LWS_POLLOUT) { + lws_libev_io(wsi, LWS_EV_STOP | LWS_EV_WRITE); + lws_libuv_io(wsi, LWS_EV_STOP | LWS_EV_WRITE); + lws_libevent_io(wsi, LWS_EV_STOP | LWS_EV_WRITE); + } + if (_or & LWS_POLLOUT) { + lws_libev_io(wsi, LWS_EV_START | LWS_EV_WRITE); + lws_libuv_io(wsi, LWS_EV_START | LWS_EV_WRITE); + lws_libevent_io(wsi, LWS_EV_START | LWS_EV_WRITE); + } + + /* + * if we changed something in this pollfd... + * ... and we're running in a different thread context + * than the service thread... + * ... and the service thread is waiting ... + * then cancel it to force a restart with our changed events + */ +#if LWS_POSIX + pa_events = pa->prev_events != pa->events; +#endif + + if (pa_events) { + + if (lws_plat_change_pollfd(context, wsi, pfd)) { + lwsl_info("%s failed\n", __func__); + ret = -1; + goto bail; + } + + sampled_tid = context->service_tid; + if (sampled_tid) { + tid = wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_GET_THREAD_ID, NULL, NULL, 0); + if (tid == -1) { + ret = -1; + goto bail; + } + if (tid != sampled_tid) + lws_cancel_service_pt(wsi); + } + } +bail: + return ret; +} + +#ifndef LWS_NO_SERVER +static void +lws_accept_modulation(struct lws_context_per_thread *pt, int allow) +{ +// multithread listen seems broken +#if 0 + struct lws_vhost *vh = context->vhost_list; + struct lws_pollargs pa1; + + while (vh) { + if (allow) + _lws_change_pollfd(pt->wsi_listening, + 0, LWS_POLLIN, &pa1); + else + _lws_change_pollfd(pt->wsi_listening, + LWS_POLLIN, 0, &pa1); + vh = vh->vhost_next; + } +#endif +} +#endif + +int +insert_wsi_socket_into_fds(struct lws_context *context, struct lws *wsi) +{ + struct lws_pollargs pa = { wsi->desc.sockfd, LWS_POLLIN, 0 }; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + int ret = 0; + + + lwsl_debug("%s: %p: tsi=%d, sock=%d, pos-in-fds=%d\n", + __func__, wsi, wsi->tsi, wsi->desc.sockfd, pt->fds_count); + + if ((unsigned int)pt->fds_count >= context->fd_limit_per_thread) { + lwsl_err("Too many fds (%d vs %d)\n", context->max_fds, + context->fd_limit_per_thread ); + return 1; + } + +#if !defined(_WIN32) && !defined(LWS_WITH_ESP8266) + if (wsi->desc.sockfd >= context->max_fds) { + lwsl_err("Socket fd %d is too high (%d)\n", + wsi->desc.sockfd, context->max_fds); + return 1; + } +#endif + + assert(wsi); + assert(wsi->vhost); + assert(lws_socket_is_valid(wsi->desc.sockfd)); + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, + wsi->user_space, (void *) &pa, 1)) + return -1; + + lws_pt_lock(pt); + pt->count_conns++; + insert_wsi(context, wsi); +#if defined(LWS_WITH_ESP8266) + if (wsi->position_in_fds_table == -1) +#endif + wsi->position_in_fds_table = pt->fds_count; + + // lwsl_notice("%s: %p: setting posinfds %d\n", __func__, wsi, wsi->position_in_fds_table); + + pt->fds[wsi->position_in_fds_table].fd = wsi->desc.sockfd; +#if LWS_POSIX + pt->fds[wsi->position_in_fds_table].events = LWS_POLLIN; +#else + pt->fds[wsi->position_in_fds_table].events = 0; // LWS_POLLIN; +#endif + pa.events = pt->fds[pt->fds_count].events; + + lws_plat_insert_socket_into_fds(context, wsi); + + /* external POLL support via protocol 0 */ + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_ADD_POLL_FD, + wsi->user_space, (void *) &pa, 0)) + ret = -1; +#ifndef LWS_NO_SERVER + /* if no more room, defeat accepts on this thread */ + if ((unsigned int)pt->fds_count == context->fd_limit_per_thread - 1) + lws_accept_modulation(pt, 0); +#endif + lws_pt_unlock(pt); + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, + wsi->user_space, (void *)&pa, 1)) + ret = -1; + + return ret; +} + +int +remove_wsi_socket_from_fds(struct lws *wsi) +{ + struct lws_context *context = wsi->context; + struct lws_pollargs pa = { wsi->desc.sockfd, 0, 0 }; +#if !defined(LWS_WITH_ESP8266) + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct lws *end_wsi; + int v; +#endif + int m, ret = 0; + + if (wsi->parent_carries_io) { + lws_same_vh_protocol_remove(wsi); + return 0; + } + +#if !defined(_WIN32) && !defined(LWS_WITH_ESP8266) + if (wsi->desc.sockfd > context->max_fds) { + lwsl_err("fd %d too high (%d)\n", wsi->desc.sockfd, context->max_fds); + return 1; + } +#endif + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, + wsi->user_space, (void *)&pa, 1)) + return -1; + + lws_same_vh_protocol_remove(wsi); + + /* the guy who is to be deleted's slot index in pt->fds */ + m = wsi->position_in_fds_table; + +#if !defined(LWS_WITH_ESP8266) + lws_libev_io(wsi, LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE | LWS_EV_PREPARE_DELETION); + lws_libuv_io(wsi, LWS_EV_STOP | LWS_EV_READ | LWS_EV_WRITE | LWS_EV_PREPARE_DELETION); + + lws_pt_lock(pt); + + lwsl_debug("%s: wsi=%p, sock=%d, fds pos=%d, end guy pos=%d, endfd=%d\n", + __func__, wsi, wsi->desc.sockfd, wsi->position_in_fds_table, + pt->fds_count, pt->fds[pt->fds_count].fd); + + /* have the last guy take up the now vacant slot */ + pt->fds[m] = pt->fds[pt->fds_count - 1]; +#endif + /* this decrements pt->fds_count */ + lws_plat_delete_socket_from_fds(context, wsi, m); +#if !defined(LWS_WITH_ESP8266) + v = (int) pt->fds[m].fd; + /* end guy's "position in fds table" is now the deletion guy's old one */ + end_wsi = wsi_from_fd(context, v); + if (!end_wsi) { + lwsl_err("no wsi found for sock fd %d at pos %d, pt->fds_count=%d\n", (int)pt->fds[m].fd, m, pt->fds_count); + assert(0); + } else + end_wsi->position_in_fds_table = m; + + /* deletion guy's lws_lookup entry needs nuking */ + delete_from_fd(context, wsi->desc.sockfd); + /* removed wsi has no position any more */ + wsi->position_in_fds_table = -1; + + /* remove also from external POLL support via protocol 0 */ + if (lws_socket_is_valid(wsi->desc.sockfd)) + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_DEL_POLL_FD, + wsi->user_space, (void *) &pa, 0)) + ret = -1; +#ifndef LWS_NO_SERVER + if (!context->being_destroyed) + /* if this made some room, accept connects on this thread */ + if ((unsigned int)pt->fds_count < context->fd_limit_per_thread - 1) + lws_accept_modulation(pt, 1); +#endif + lws_pt_unlock(pt); + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, + wsi->user_space, (void *) &pa, 1)) + ret = -1; +#endif + return ret; +} + +int +lws_change_pollfd(struct lws *wsi, int _and, int _or) +{ + struct lws_context_per_thread *pt; + struct lws_context *context; + struct lws_pollargs pa; + int ret = 0; + + if (!wsi || !wsi->protocol || wsi->position_in_fds_table < 0) + return 1; + + context = lws_get_context(wsi); + if (!context) + return 1; + + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_LOCK_POLL, + wsi->user_space, (void *) &pa, 0)) + return -1; + + pt = &context->pt[(int)wsi->tsi]; + + lws_pt_lock(pt); + ret = _lws_change_pollfd(wsi, _and, _or, &pa); + lws_pt_unlock(pt); + if (wsi->vhost->protocols[0].callback(wsi, LWS_CALLBACK_UNLOCK_POLL, + wsi->user_space, (void *) &pa, 0)) + ret = -1; + + return ret; +} + +LWS_VISIBLE int +lws_callback_on_writable(struct lws *wsi) +{ + struct lws_context_per_thread *pt; +#ifdef LWS_USE_HTTP2 + struct lws *network_wsi, *wsi2; + int already; +#endif + + if (wsi->state == LWSS_SHUTDOWN) + return 0; + + if (wsi->socket_is_permanently_unusable) + return 0; + + if (wsi->parent_carries_io) { + int n = lws_callback_on_writable(wsi->parent); + + if (n < 0) + return n; + + wsi->parent_pending_cb_on_writable = 1; + return 1; + } + + pt = &wsi->context->pt[(int)wsi->tsi]; + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITEABLE_CB_REQ, 1); +#if defined(LWS_WITH_STATS) + if (!wsi->active_writable_req_us) { + wsi->active_writable_req_us = time_in_microseconds(); + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITEABLE_CB_EFF_REQ, 1); + } +#endif + +#ifdef LWS_USE_HTTP2 + lwsl_info("%s: %p\n", __func__, wsi); + + if (wsi->mode != LWSCM_HTTP2_SERVING) + goto network_sock; + + if (wsi->u.http2.requested_POLLOUT) { + lwsl_info("already pending writable\n"); + return 1; + } + + if (wsi->u.http2.tx_credit <= 0) { + /* + * other side is not able to cope with us sending + * anything so no matter if we have POLLOUT on our side. + * + * Delay waiting for our POLLOUT until peer indicates he has + * space for more using tx window command in http2 layer + */ + lwsl_info("%s: %p: waiting_tx_credit (%d)\n", __func__, wsi, + wsi->u.http2.tx_credit); + wsi->u.http2.waiting_tx_credit = 1; + return 0; + } + + network_wsi = lws_http2_get_network_wsi(wsi); + already = network_wsi->u.http2.requested_POLLOUT; + + /* mark everybody above him as requesting pollout */ + + wsi2 = wsi; + while (wsi2) { + wsi2->u.http2.requested_POLLOUT = 1; + lwsl_info("mark %p pending writable\n", wsi2); + wsi2 = wsi2->u.http2.parent_wsi; + } + + /* for network action, act only on the network wsi */ + + wsi = network_wsi; + if (already) + return 1; +network_sock: +#endif + + if (lws_ext_cb_active(wsi, LWS_EXT_CB_REQUEST_ON_WRITEABLE, NULL, 0)) + return 1; + + if (wsi->position_in_fds_table < 0) { + lwsl_err("%s: failed to find socket %d\n", __func__, wsi->desc.sockfd); + return -1; + } + + if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) + return -1; + + return 1; +} + +/* + * stitch protocol choice into the vh protocol linked list + * We always insert ourselves at the start of the list + * + * X <-> B + * X <-> pAn <-> pB + * + * Illegal to attach more than once without detach inbetween + */ +void +lws_same_vh_protocol_insert(struct lws *wsi, int n) +{ + //lwsl_err("%s: pre insert vhost start wsi %p, that wsi prev == %p\n", + // __func__, + // wsi->vhost->same_vh_protocol_list[n], + // wsi->same_vh_protocol_prev); + + if (wsi->same_vh_protocol_prev || wsi->same_vh_protocol_next) { + lws_same_vh_protocol_remove(wsi); + lwsl_notice("Attempted to attach wsi twice to same vh prot\n"); + } + + wsi->same_vh_protocol_prev = /* guy who points to us */ + &wsi->vhost->same_vh_protocol_list[n]; + wsi->same_vh_protocol_next = /* old first guy is our next */ + wsi->vhost->same_vh_protocol_list[n]; + /* we become the new first guy */ + wsi->vhost->same_vh_protocol_list[n] = wsi; + + if (wsi->same_vh_protocol_next) + /* old first guy points back to us now */ + wsi->same_vh_protocol_next->same_vh_protocol_prev = + &wsi->same_vh_protocol_next; +} + +void +lws_same_vh_protocol_remove(struct lws *wsi) +{ + /* + * detach ourselves from vh protocol list if we're on one + * A -> B -> C + * A -> C , or, B -> C, or A -> B + * + * OK to call on already-detached wsi + */ + lwsl_info("%s: removing same prot wsi %p\n", __func__, wsi); + + if (wsi->same_vh_protocol_prev) { + assert (*(wsi->same_vh_protocol_prev) == wsi); + lwsl_info("have prev %p, setting him to our next %p\n", + wsi->same_vh_protocol_prev, + wsi->same_vh_protocol_next); + + /* guy who pointed to us should point to our next */ + *(wsi->same_vh_protocol_prev) = wsi->same_vh_protocol_next; + } + + /* our next should point back to our prev */ + if (wsi->same_vh_protocol_next) { + wsi->same_vh_protocol_next->same_vh_protocol_prev = + wsi->same_vh_protocol_prev; + } + + wsi->same_vh_protocol_prev = NULL; + wsi->same_vh_protocol_next = NULL; +} + + +LWS_VISIBLE int +lws_callback_on_writable_all_protocol_vhost(const struct lws_vhost *vhost, + const struct lws_protocols *protocol) +{ + struct lws *wsi; + + if (protocol < vhost->protocols || + protocol >= (vhost->protocols + vhost->count_protocols)) { + + lwsl_err("%s: protocol %p is not from vhost %p (%p - %p)\n", + __func__, protocol, vhost->protocols, vhost, + (vhost->protocols + vhost->count_protocols)); + + return -1; + } + + wsi = vhost->same_vh_protocol_list[protocol - vhost->protocols]; + //lwsl_notice("%s: protocol %p, start wsi %p\n", __func__, protocol, wsi); + while (wsi) { + //lwsl_notice("%s: protocol %p, this wsi %p (wsi->protocol=%p)\n", + // __func__, protocol, wsi, wsi->protocol); + assert(wsi->protocol == protocol); + assert(*wsi->same_vh_protocol_prev == wsi); + if (wsi->same_vh_protocol_next) { + // lwsl_err("my next says %p\n", wsi->same_vh_protocol_next); + // lwsl_err("my next's prev says %p\n", + // wsi->same_vh_protocol_next->same_vh_protocol_prev); + assert(wsi->same_vh_protocol_next->same_vh_protocol_prev == &wsi->same_vh_protocol_next); + } + //lwsl_notice(" apv: %p\n", wsi); + lws_callback_on_writable(wsi); + wsi = wsi->same_vh_protocol_next; + } + + return 0; +} + +LWS_VISIBLE int +lws_callback_on_writable_all_protocol(const struct lws_context *context, + const struct lws_protocols *protocol) +{ + struct lws_vhost *vhost = context->vhost_list; + int n; + + while (vhost) { + for (n = 0; n < vhost->count_protocols; n++) + if (protocol->callback == + vhost->protocols[n].callback && + !strcmp(protocol->name, vhost->protocols[n].name)) + break; + if (n != vhost->count_protocols) + lws_callback_on_writable_all_protocol_vhost( + vhost, &vhost->protocols[n]); + + vhost = vhost->vhost_next; + } + + return 0; +} diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h new file mode 100644 index 0000000..1fd06b1 --- /dev/null +++ b/lib/private-libwebsockets.h @@ -0,0 +1,2270 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010 - 2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "lws_config.h" +#include "lws_config_private.h" + + +#if defined(LWS_WITH_CGI) && defined(LWS_HAVE_VFORK) +#define _GNU_SOURCE +#endif + +#ifdef LWS_HAVE_SYS_TYPES_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#if defined(LWS_WITH_ESP32) +#define MSG_NOSIGNAL 0 +#define SOMAXCONN 3 +#endif + +#if defined(LWS_WITH_ESP8266) +#include +#define assert(n) + +/* rom-provided stdc functions for free, ensure use these instead of libc ones */ + +int ets_vsprintf(char *str, const char *format, va_list argptr); +int ets_vsnprintf(char *buffer, size_t sizeOfBuffer, const char *format, va_list argptr); +int ets_snprintf(char *str, size_t size, const char *format, ...); +int ets_sprintf(char *str, const char *format, ...); +int os_printf_plus(const char *format, ...); +#undef malloc +#undef realloc +#undef free +void *pvPortMalloc(size_t s, const char *f, int line); +#define malloc(s) pvPortMalloc(s, "", 0) +void *pvPortRealloc(void *p, size_t s, const char *f, int line); +#define realloc(p, s) pvPortRealloc(p, s, "", 0) +void vPortFree(void *p, const char *f, int line); +#define free(p) vPortFree(p, "", 0) +#undef memcpy +void *ets_memcpy(void *dest, const void *src, size_t n); +#define memcpy ets_memcpy +void *ets_memset(void *dest, int v, size_t n); +#define memset ets_memset +char *ets_strcpy(char *dest, const char *src); +#define strcpy ets_strcpy +char *ets_strncpy(char *dest, const char *src, size_t n); +#define strncpy ets_strncpy +char *ets_strstr(const char *haystack, const char *needle); +#define strstr ets_strstr +int ets_strcmp(const char *s1, const char *s2); +int ets_strncmp(const char *s1, const char *s2, size_t n); +#define strcmp ets_strcmp +#define strncmp ets_strncmp +size_t ets_strlen(const char *s); +#define strlen ets_strlen +void *ets_memmove(void *dest, const void *src, size_t n); +#define memmove ets_memmove +char *ets_strchr(const char *s, int c); +#define strchr_ets_strchr +#undef _DEBUG +#include + +#else +#define STORE_IN_ROM +#include +#endif +#if LWS_MAX_SMP > 1 +#include +#endif + +#ifdef LWS_HAVE_SYS_STAT_H +#include +#endif + +#if defined(WIN32) || defined(_WIN32) +#if (WINVER < 0x0501) +#undef WINVER +#undef _WIN32_WINNT +#define WINVER 0x0501 +#define _WIN32_WINNT WINVER +#endif +#define LWS_NO_DAEMONIZE +#define LWS_ERRNO WSAGetLastError() +#define LWS_EAGAIN WSAEWOULDBLOCK +#define LWS_EALREADY WSAEALREADY +#define LWS_EINPROGRESS WSAEINPROGRESS +#define LWS_EINTR WSAEINTR +#define LWS_EISCONN WSAEISCONN +#define LWS_EWOULDBLOCK WSAEWOULDBLOCK +#define MSG_NOSIGNAL 0 +#define SHUT_RDWR SD_BOTH +#define SOL_TCP IPPROTO_TCP +#define SHUT_WR SD_SEND + +#define compatible_close(fd) closesocket(fd) +#define lws_set_blocking_send(wsi) wsi->sock_send_blocking = 1 +#define lws_socket_is_valid(x) (!!x) +#define LWS_SOCK_INVALID 0 +#include +#include +#include +#include +#ifdef LWS_HAVE_IN6ADDR_H +#include +#endif +#include +#include + +#if !defined(LWS_HAVE_ATOLL) +#if defined(LWS_HAVE__ATOI64) +#define atoll _atoi64 +#else +#warning No atoll or _atoi64 available, using atoi +#define atoll atoi +#endif +#endif + +#ifndef __func__ +#define __func__ __FUNCTION__ +#endif + +#ifdef LWS_HAVE__VSNPRINTF +#define vsnprintf _vsnprintf +#endif + +/* we don't have an implementation for this on windows... */ +int kill(int pid, int sig); +int fork(void); +#ifndef SIGINT +#define SIGINT 2 +#endif + +#else /* not windows --> */ + +#include +#include +#include +#include + +#ifndef __cplusplus +#include +#endif +#include +#include +#ifdef LWS_WITH_ESP8266 +#include +#define vsnprintf ets_vsnprintf +#define snprintf ets_snprintf +#define sprintf ets_sprintf + +int kill(int pid, int sig); + +#else +#include +#endif +#ifdef LWS_WITH_HTTP_PROXY +#include +#include +#endif +#if defined(LWS_BUILTIN_GETIFADDRS) + #include +#else + #if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) + #include + #endif +#endif +#if defined (__ANDROID__) +#include +#include +#elif defined (__sun) +#include +#else +#if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) +#include +#endif +#endif +#include +#if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) +#include +#include +#include +#include +#include +#include +#endif +#ifdef LWS_USE_LIBEV +#include +#endif +#ifdef LWS_USE_LIBUV +#include +#endif +#ifdef LWS_USE_LIBEVENT +#include +#endif + +#ifndef LWS_NO_FORK +#ifdef LWS_HAVE_SYS_PRCTL_H +#include +#endif +#endif + +#include + +#define LWS_ERRNO errno +#define LWS_EAGAIN EAGAIN +#define LWS_EALREADY EALREADY +#define LWS_EINPROGRESS EINPROGRESS +#define LWS_EINTR EINTR +#define LWS_EISCONN EISCONN +#define LWS_EWOULDBLOCK EWOULDBLOCK + +#define lws_set_blocking_send(wsi) + +#if defined(LWS_WITH_ESP8266) +#define lws_socket_is_valid(x) ((x) != NULL) +#define LWS_SOCK_INVALID (NULL) +struct lws; +const char * +lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen); +#else +#define lws_socket_is_valid(x) (x >= 0) +#define LWS_SOCK_INVALID (-1) +#endif +#endif + +#ifndef LWS_HAVE_BZERO +#ifndef bzero +#define bzero(b, len) (memset((b), '\0', (len)), (void) 0) +#endif +#endif + +#ifndef LWS_HAVE_STRERROR +#define strerror(x) "" +#endif + +#ifdef LWS_OPENSSL_SUPPORT + +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL +#include +#include +#else +#include +#include +#define OPENSSL_NO_TLSEXT +#endif /* not USE_OLD_CYASSL */ +#else +#include +#if !defined(LWS_WITH_ESP32) +#include +#include +#include +#include +#ifdef LWS_HAVE_OPENSSL_ECDH_H +#include +#endif +#include +#endif +#if (OPENSSL_VERSION_NUMBER < 0x0009080afL) +/* later openssl defines this to negate the presence of tlsext... but it was only + * introduced at 0.9.8j. Earlier versions don't know it exists so don't + * define it... making it look like the feature exists... + */ +#define OPENSSL_NO_TLSEXT +#endif +#endif /* not USE_WOLFSSL */ +#endif + +#include "libwebsockets.h" +#if defined(WIN32) || defined(_WIN32) +#else +static inline int compatible_close(int fd) { return close(fd); } +#endif + +#if defined(WIN32) || defined(_WIN32) +#include +#endif + +#if defined(LWS_WITH_ESP8266) +#undef compatible_close +#define compatible_close(fd) { fd->state=ESPCONN_CLOSE; espconn_delete(fd); } +lws_sockfd_type +esp8266_create_tcp_stream_socket(void); +void +esp8266_tcp_stream_bind(lws_sockfd_type fd, int port, struct lws *wsi); +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 /* to show byte order (taken from gcc) */ +#endif +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif +#ifndef BYTE_ORDER +#define BYTE_ORDER LITTLE_ENDIAN +#endif +#endif + + +#if defined(WIN32) || defined(_WIN32) + +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 /* to show byte order (taken from gcc) */ +#endif +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif +#ifndef BYTE_ORDER +#define BYTE_ORDER LITTLE_ENDIAN +#endif +#ifndef u_int64_t +typedef unsigned __int64 u_int64_t; +#endif + +#undef __P +#ifndef __P +#if __STDC__ +#define __P(protos) protos +#else +#define __P(protos) () +#endif +#endif + +#else + +#include +#include + +#if defined(__APPLE__) +#include +#elif defined(__FreeBSD__) +#include +#elif defined(__linux__) +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(__QNX__) + #include + #if defined(__LITTLEENDIAN__) + #define BYTE_ORDER __LITTLEENDIAN__ + #define LITTLE_ENDIAN __LITTLEENDIAN__ + #define BIG_ENDIAN 4321 /* to show byte order (taken from gcc); for suppres warning that BIG_ENDIAN is not defined. */ + #endif + #if defined(__BIGENDIAN__) + #define BYTE_ORDER __BIGENDIAN__ + #define LITTLE_ENDIAN 1234 /* to show byte order (taken from gcc); for suppres warning that LITTLE_ENDIAN is not defined. */ + #define BIG_ENDIAN __BIGENDIAN__ + #endif +#endif + +#if defined(__sun) && defined(__GNUC__) + +#include + +#if !defined (BYTE_ORDER) +# define BYTE_ORDER __BYTE_ORDER__ +#endif + +#if !defined(LITTLE_ENDIAN) +# define LITTLE_ENDIAN __ORDER_LITTLE_ENDIAN__ +#endif + +#if !defined(BIG_ENDIAN) +# define BIG_ENDIAN __ORDER_BIG_ENDIAN__ +#endif + +#endif /* sun + GNUC */ + +#if !defined(BYTE_ORDER) +# define BYTE_ORDER __BYTE_ORDER +#endif +#if !defined(LITTLE_ENDIAN) +# define LITTLE_ENDIAN __LITTLE_ENDIAN +#endif +#if !defined(BIG_ENDIAN) +# define BIG_ENDIAN __BIG_ENDIAN +#endif + +#endif + +/* + * Mac OSX as well as iOS do not define the MSG_NOSIGNAL flag, + * but happily have something equivalent in the SO_NOSIGPIPE flag. + */ +#ifdef __APPLE__ +#define MSG_NOSIGNAL SO_NOSIGPIPE +#endif + +/* + * Solaris 11.X only supports POSIX 2001, MSG_NOSIGNAL appears in + * POSIX 2008. + */ +#ifdef __sun +#define MSG_NOSIGNAL 0 +#endif + +#ifdef _WIN32 +#ifndef FD_HASHTABLE_MODULUS +#define FD_HASHTABLE_MODULUS 32 +#endif +#endif + +#ifndef LWS_DEF_HEADER_LEN +#define LWS_DEF_HEADER_LEN 4096 +#endif +#ifndef LWS_DEF_HEADER_POOL +#define LWS_DEF_HEADER_POOL 4 +#endif +#ifndef LWS_MAX_PROTOCOLS +#define LWS_MAX_PROTOCOLS 5 +#endif +#ifndef LWS_MAX_EXTENSIONS_ACTIVE +#define LWS_MAX_EXTENSIONS_ACTIVE 2 +#endif +#ifndef LWS_MAX_EXT_OFFERS +#define LWS_MAX_EXT_OFFERS 8 +#endif +#ifndef SPEC_LATEST_SUPPORTED +#define SPEC_LATEST_SUPPORTED 13 +#endif +#ifndef AWAITING_TIMEOUT +#define AWAITING_TIMEOUT 20 +#endif +#ifndef CIPHERS_LIST_STRING +#define CIPHERS_LIST_STRING "DEFAULT" +#endif +#ifndef LWS_SOMAXCONN +#define LWS_SOMAXCONN SOMAXCONN +#endif + +#define MAX_WEBSOCKET_04_KEY_LEN 128 + +#ifndef SYSTEM_RANDOM_FILEPATH +#define SYSTEM_RANDOM_FILEPATH "/dev/urandom" +#endif + +enum lws_websocket_opcodes_07 { + LWSWSOPC_CONTINUATION = 0, + LWSWSOPC_TEXT_FRAME = 1, + LWSWSOPC_BINARY_FRAME = 2, + + LWSWSOPC_NOSPEC__MUX = 7, + + /* control extensions 8+ */ + + LWSWSOPC_CLOSE = 8, + LWSWSOPC_PING = 9, + LWSWSOPC_PONG = 0xa, +}; + + +enum lws_connection_states { + LWSS_HTTP, + LWSS_HTTP_ISSUING_FILE, + LWSS_HTTP_HEADERS, + LWSS_HTTP_BODY, + LWSS_DEAD_SOCKET, + LWSS_ESTABLISHED, + LWSS_CLIENT_HTTP_ESTABLISHED, + LWSS_CLIENT_UNCONNECTED, + LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION, + LWSS_RETURNED_CLOSE_ALREADY, + LWSS_AWAITING_CLOSE_ACK, + LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE, + LWSS_SHUTDOWN, + + LWSS_HTTP2_AWAIT_CLIENT_PREFACE, + LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS, + LWSS_HTTP2_ESTABLISHED, + + LWSS_CGI, +}; + +enum http_version { + HTTP_VERSION_1_0, + HTTP_VERSION_1_1, + HTTP_VERSION_2 +}; + +enum http_connection_type { + HTTP_CONNECTION_CLOSE, + HTTP_CONNECTION_KEEP_ALIVE +}; + +enum lws_pending_protocol_send { + LWS_PPS_NONE, + LWS_PPS_HTTP2_MY_SETTINGS, + LWS_PPS_HTTP2_ACK_SETTINGS, + LWS_PPS_HTTP2_PONG, +}; + +enum lws_rx_parse_state { + LWS_RXPS_NEW, + + LWS_RXPS_04_mask_1, + LWS_RXPS_04_mask_2, + LWS_RXPS_04_mask_3, + + LWS_RXPS_04_FRAME_HDR_1, + LWS_RXPS_04_FRAME_HDR_LEN, + LWS_RXPS_04_FRAME_HDR_LEN16_2, + LWS_RXPS_04_FRAME_HDR_LEN16_1, + LWS_RXPS_04_FRAME_HDR_LEN64_8, + LWS_RXPS_04_FRAME_HDR_LEN64_7, + LWS_RXPS_04_FRAME_HDR_LEN64_6, + LWS_RXPS_04_FRAME_HDR_LEN64_5, + LWS_RXPS_04_FRAME_HDR_LEN64_4, + LWS_RXPS_04_FRAME_HDR_LEN64_3, + LWS_RXPS_04_FRAME_HDR_LEN64_2, + LWS_RXPS_04_FRAME_HDR_LEN64_1, + + LWS_RXPS_07_COLLECT_FRAME_KEY_1, + LWS_RXPS_07_COLLECT_FRAME_KEY_2, + LWS_RXPS_07_COLLECT_FRAME_KEY_3, + LWS_RXPS_07_COLLECT_FRAME_KEY_4, + + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED +}; + +#define LWSCM_FLAG_IMPLIES_CALLBACK_CLOSED_CLIENT_HTTP 32 + +enum connection_mode { + LWSCM_HTTP_SERVING, + LWSCM_HTTP_SERVING_ACCEPTED, /* actual HTTP service going on */ + LWSCM_PRE_WS_SERVING_ACCEPT, + + LWSCM_WS_SERVING, + LWSCM_WS_CLIENT, + + LWSCM_HTTP2_SERVING, + + /* transient, ssl delay hiding */ + LWSCM_SSL_ACK_PENDING, + LWSCM_SSL_INIT, + /* as above, but complete into LWSCM_RAW */ + LWSCM_SSL_ACK_PENDING_RAW, + LWSCM_SSL_INIT_RAW, + + /* special internal types */ + LWSCM_SERVER_LISTENER, + LWSCM_CGI, /* stdin, stdout, stderr for another cgi master wsi */ + LWSCM_RAW, /* raw with bulk handling */ + LWSCM_RAW_FILEDESC, /* raw without bulk handling */ + + /* HTTP Client related */ + LWSCM_HTTP_CLIENT = LWSCM_FLAG_IMPLIES_CALLBACK_CLOSED_CLIENT_HTTP, + LWSCM_HTTP_CLIENT_ACCEPTED, /* actual HTTP service going on */ + LWSCM_WSCL_WAITING_CONNECT, + LWSCM_WSCL_WAITING_PROXY_REPLY, + LWSCM_WSCL_ISSUE_HANDSHAKE, + LWSCM_WSCL_ISSUE_HANDSHAKE2, + LWSCM_WSCL_ISSUE_HTTP_BODY, + LWSCM_WSCL_WAITING_SSL, + LWSCM_WSCL_WAITING_SERVER_REPLY, + LWSCM_WSCL_WAITING_EXTENSION_CONNECT, + LWSCM_WSCL_PENDING_CANDIDATE_CHILD, + LWSCM_WSCL_WAITING_SOCKS_GREETING_REPLY, + LWSCM_WSCL_WAITING_SOCKS_CONNECT_REPLY, + LWSCM_WSCL_WAITING_SOCKS_AUTH_REPLY, + + /****** add new things just above ---^ ******/ + + +}; + +/* enums of socks version */ +enum socks_version { + SOCKS_VERSION_4 = 4, + SOCKS_VERSION_5 = 5 +}; + +/* enums of subnegotiation version */ +enum socks_subnegotiation_version { + SOCKS_SUBNEGOTIATION_VERSION_1 = 1, +}; + +/* enums of socks commands */ +enum socks_command { + SOCKS_COMMAND_CONNECT = 1, + SOCKS_COMMAND_BIND = 2, + SOCKS_COMMAND_UDP_ASSOCIATE = 3 +}; + +/* enums of socks address type */ +enum socks_atyp { + SOCKS_ATYP_IPV4 = 1, + SOCKS_ATYP_DOMAINNAME = 3, + SOCKS_ATYP_IPV6 = 4 +}; + +/* enums of socks authentication methods */ +enum socks_auth_method { + SOCKS_AUTH_NO_AUTH = 0, + SOCKS_AUTH_GSSAPI = 1, + SOCKS_AUTH_USERNAME_PASSWORD = 2 +}; + +/* enums of subnegotiation status */ +enum socks_subnegotiation_status { + SOCKS_SUBNEGOTIATION_STATUS_SUCCESS = 0, +}; + +/* enums of socks request reply */ +enum socks_request_reply { + SOCKS_REQUEST_REPLY_SUCCESS = 0, + SOCKS_REQUEST_REPLY_FAILURE_GENERAL = 1, + SOCKS_REQUEST_REPLY_CONNECTION_NOT_ALLOWED = 2, + SOCKS_REQUEST_REPLY_NETWORK_UNREACHABLE = 3, + SOCKS_REQUEST_REPLY_HOST_UNREACHABLE = 4, + SOCKS_REQUEST_REPLY_CONNECTION_REFUSED = 5, + SOCKS_REQUEST_REPLY_TTL_EXPIRED = 6, + SOCKS_REQUEST_REPLY_COMMAND_NOT_SUPPORTED = 7, + SOCKS_REQUEST_REPLY_ATYP_NOT_SUPPORTED = 8 +}; + +/* enums used to generate socks messages */ +enum socks_msg_type { + /* greeting */ + SOCKS_MSG_GREETING, + /* credential, user name and password */ + SOCKS_MSG_USERNAME_PASSWORD, + /* connect command */ + SOCKS_MSG_CONNECT +}; + +enum { + LWS_RXFLOW_ALLOW = (1 << 0), + LWS_RXFLOW_PENDING_CHANGE = (1 << 1), +}; + +/* this is not usable directly by user code any more, lws_close_reason() */ +#define LWS_WRITE_CLOSE 4 + +struct lws_protocols; +struct lws; + +#if defined(LWS_USE_LIBEV) || defined(LWS_USE_LIBUV) || defined(LWS_USE_LIBEVENT) + +struct lws_io_watcher { +#ifdef LWS_USE_LIBEV + ev_io ev_watcher; +#endif +#ifdef LWS_USE_LIBUV + uv_poll_t uv_watcher; +#endif +#ifdef LWS_USE_LIBEVENT + struct event *event_watcher; +#endif + struct lws_context *context; +}; + +struct lws_signal_watcher { +#ifdef LWS_USE_LIBEV + ev_signal ev_watcher; +#endif +#ifdef LWS_USE_LIBUV + uv_signal_t uv_watcher; +#endif +#ifdef LWS_USE_LIBEVENT + struct event *event_watcher; +#endif + struct lws_context *context; +}; +#endif + +#ifdef _WIN32 +#define LWS_FD_HASH(fd) ((fd ^ (fd >> 8) ^ (fd >> 16)) % FD_HASHTABLE_MODULUS) +struct lws_fd_hashtable { + struct lws **wsi; + int length; +}; +#endif + +/* + * This is totally opaque to code using the library. It's exported as a + * forward-reference pointer-only declaration; the user can use the pointer with + * other APIs to get information out of it. + */ + +struct lws_fragments { + unsigned int offset; + unsigned short len; + unsigned char nfrag; /* which ah->frag[] continues this content, or 0 */ +}; + +/* + * these are assigned from a pool held in the context. + * Both client and server mode uses them for http header analysis + */ + +struct allocated_headers { + struct lws *wsi; /* owner */ + char *data; /* prepared by context init to point to dedicated storage */ + /* + * the randomly ordered fragments, indexed by frag_index and + * lws_fragments->nfrag for continuation. + */ + struct lws_fragments frags[WSI_TOKEN_COUNT * 2]; + time_t assigned; + /* + * for each recognized token, frag_index says which frag[] his data + * starts in (0 means the token did not appear) + * the actual header data gets dumped as it comes in, into data[] + */ + unsigned char frag_index[WSI_TOKEN_COUNT]; + unsigned char rx[2048]; + + unsigned int rxpos; + unsigned int rxlen; + unsigned int pos; + + unsigned int http_response; + +#ifndef LWS_NO_CLIENT + char initial_handshake_hash_base64[30]; +#endif + + unsigned char in_use; + unsigned char nfrag; +}; + +/* + * so we can have n connections being serviced simultaneously, + * these things need to be isolated per-thread. + */ + +struct lws_context_per_thread { +#if LWS_MAX_SMP > 1 + pthread_mutex_t lock; +#endif + struct lws_pollfd *fds; +#if defined(LWS_WITH_ESP8266) + struct lws **lws_vs_fds_index; +#endif + struct lws *rx_draining_ext_list; + struct lws *tx_draining_ext_list; + struct lws *timeout_list; +#if defined(LWS_USE_LIBUV) || defined(LWS_USE_LIBEVENT) + struct lws_context *context; +#endif +#ifdef LWS_WITH_CGI + struct lws_cgi *cgi_list; +#endif + void *http_header_data; + struct allocated_headers *ah_pool; + struct lws *ah_wait_list; + int ah_wait_list_length; +#ifdef LWS_OPENSSL_SUPPORT + struct lws *pending_read_list; /* linked list */ +#endif +#if defined(LWS_USE_LIBEV) + struct ev_loop *io_loop_ev; +#endif +#if defined(LWS_USE_LIBUV) + uv_loop_t *io_loop_uv; + uv_signal_t signals[8]; + uv_timer_t uv_timeout_watcher; + uv_idle_t uv_idle; +#endif +#if defined(LWS_USE_LIBEVENT) + struct event_base *io_loop_event_base; +#endif +#if defined(LWS_USE_LIBEV) + struct lws_io_watcher w_accept; +#endif +#if defined(LWS_USE_LIBEV) || defined(LWS_USE_LIBUV) || defined(LWS_USE_LIBEVENT) + struct lws_signal_watcher w_sigint; + unsigned char ev_loop_foreign:1; +#endif + + unsigned long count_conns; + /* + * usable by anything in the service code, but only if the scope + * does not last longer than the service action (since next service + * of any socket can likewise use it and overwrite) + */ + unsigned char *serv_buf; +#ifdef _WIN32 + WSAEVENT *events; +#else + lws_sockfd_type dummy_pipe_fds[2]; +#endif + unsigned int fds_count; + + short ah_count_in_use; + unsigned char tid; + unsigned char lock_depth; +}; + +struct lws_conn_stats { + unsigned long long rx, tx; + unsigned long conn, trans, ws_upg, http2_upg, rejected; +}; + +void +lws_sum_stats(const struct lws_context *ctx, struct lws_conn_stats *cs); + +/* + * virtual host -related context information + * vhostwide SSL context + * vhostwide proxy + * + * hierarchy: + * + * context -> vhost -> wsi + * + * incoming connection non-SSL vhost binding: + * + * listen socket -> wsi -> select vhost after first headers + * + * incoming connection SSL vhost binding: + * + * SSL SNI -> wsi -> bind after SSL negotiation + */ + +struct lws_vhost { +#if !defined(LWS_WITH_ESP8266) + char http_proxy_address[128]; + char proxy_basic_auth_token[128]; +#if defined(LWS_WITH_SOCKS5) + char socks_proxy_address[128]; + char socks_user[96]; + char socks_password[96]; +#endif +#endif +#if defined(LWS_WITH_ESP8266) + /* listen sockets need a place to hang their hat */ + esp_tcp tcp; +#endif + struct lws_conn_stats conn_stats; + struct lws_context *context; + struct lws_vhost *vhost_next; + const struct lws_http_mount *mount_list; + struct lws *lserv_wsi; + const char *name; + const char *iface; +#if !defined(LWS_WITH_ESP8266) && !defined(LWS_WITH_ESP32) && !defined(OPTEE_TA) && !defined(WIN32) + int bind_iface; +#endif + const struct lws_protocols *protocols; + void **protocol_vh_privs; + const struct lws_protocol_vhost_options *pvo; + const struct lws_protocol_vhost_options *headers; + struct lws **same_vh_protocol_list; +#ifdef LWS_OPENSSL_SUPPORT + SSL_CTX *ssl_ctx; + SSL_CTX *ssl_client_ctx; +#endif +#ifndef LWS_NO_EXTENSIONS + const struct lws_extension *extensions; +#endif + + int listen_port; + unsigned int http_proxy_port; +#if defined(LWS_WITH_SOCKS5) + unsigned int socks_proxy_port; +#endif + unsigned int options; + int count_protocols; + int ka_time; + int ka_probes; + int ka_interval; + int keepalive_timeout; + int timeout_secs_ah_idle; + int ssl_info_event_mask; +#ifdef LWS_WITH_ACCESS_LOG + int log_fd; +#endif + +#ifdef LWS_OPENSSL_SUPPORT + int use_ssl; + int allow_non_ssl_on_ssl_port; + unsigned int user_supplied_ssl_ctx:1; +#endif + + unsigned int created_vhost_protocols:1; + unsigned int being_destroyed:1; + + unsigned char default_protocol_index; + unsigned char raw_protocol_index; +}; + +struct lws_deferred_free +{ + struct lws_deferred_free *next; + time_t deadline; + void *payload; +}; + +/* + * the rest is managed per-context, that includes + * + * - processwide single fd -> wsi lookup + * - contextwide headers pool + */ + +struct lws_context { + time_t last_timeout_check_s; + time_t last_ws_ping_pong_check_s; + time_t time_up; + const struct lws_plat_file_ops *fops; + struct lws_plat_file_ops fops_platform; +#if defined(LWS_WITH_ZIP_FOPS) + struct lws_plat_file_ops fops_zip; +#endif + struct lws_context_per_thread pt[LWS_MAX_SMP]; + struct lws_conn_stats conn_stats; +#ifdef _WIN32 +/* different implementation between unix and windows */ + struct lws_fd_hashtable fd_hashtable[FD_HASHTABLE_MODULUS]; +#else +#if defined(LWS_WITH_ESP8266) + struct espconn **connpool; /* .reverse points to the wsi */ + void *rxd; + int rxd_len; + os_timer_t to_timer; +#else + struct lws **lws_lookup; /* fd to wsi */ +#endif +#endif + struct lws_vhost *vhost_list; + struct lws_vhost *vhost_pending_destruction_list; + struct lws_plugin *plugin_list; + struct lws_deferred_free *deferred_free_list; + + void *external_baggage_free_on_destroy; + const struct lws_token_limits *token_limits; + void *user_space; + const char *server_string; + const struct lws_protocol_vhost_options *reject_service_keywords; + lws_reload_func deprecation_cb; + +#if defined(LWS_HAVE_SYS_CAPABILITY_H) && defined(LWS_HAVE_LIBCAP) + cap_value_t caps[4]; + char count_caps; +#endif + +#if defined(LWS_USE_LIBEV) + lws_ev_signal_cb_t * lws_ev_sigint_cb; +#endif +#if defined(LWS_USE_LIBUV) + uv_signal_cb lws_uv_sigint_cb; + uv_loop_t pu_loop; +#endif +#if defined(LWS_USE_LIBEVENT) + lws_event_signal_cb_t * lws_event_sigint_cb; +#endif + char canonical_hostname[128]; +#ifdef LWS_LATENCY + unsigned long worst_latency; + char worst_latency_info[256]; +#endif + +#if defined(LWS_WITH_STATS) + uint64_t lws_stats[LWSSTATS_SIZE]; + uint64_t last_dump; + int updated; +#endif + + int max_fds; +#if defined(LWS_USE_LIBEV) || defined(LWS_USE_LIBUV) || defined(LWS_USE_LIBEVENT) + int use_ev_sigint; +#endif + int started_with_parent; + int uid, gid; + + int fd_random; +#ifdef LWS_OPENSSL_SUPPORT +#define lws_ssl_anybody_has_buffered_read(w) \ + (w->vhost->use_ssl && \ + w->context->pt[(int)w->tsi].pending_read_list) +#define lws_ssl_anybody_has_buffered_read_tsi(c, t) \ + (/*c->use_ssl && */ \ + c->pt[(int)t].pending_read_list) +#else +#define lws_ssl_anybody_has_buffered_read(ctx) (0) +#define lws_ssl_anybody_has_buffered_read_tsi(ctx, t) (0) +#endif + int count_wsi_allocated; + int count_cgi_spawned; + unsigned int options; + unsigned int fd_limit_per_thread; + unsigned int timeout_secs; + unsigned int pt_serv_buf_size; + int max_http_header_data; + int simultaneous_ssl_restriction; + int simultaneous_ssl; + + unsigned int deprecated:1; + unsigned int being_destroyed:1; + unsigned int being_destroyed1:1; + unsigned int requested_kill:1; + unsigned int protocol_init_done:1; + unsigned int ssl_gate_accepts:1; + /* + * set to the Thread ID that's doing the service loop just before entry + * to poll indicates service thread likely idling in poll() + * volatile because other threads may check it as part of processing + * for pollfd event change. + */ + volatile int service_tid; + int service_tid_detected; + + short max_http_header_pool; + short count_threads; + short plugin_protocol_count; + short plugin_extension_count; + short server_string_len; + unsigned short ws_ping_pong_interval; + unsigned short deprecation_pending_listen_close_count; + uint8_t max_fi; +}; + +int +lws_check_deferred_free(struct lws_context *context, int force); + +#define lws_get_context_protocol(ctx, x) ctx->vhost_list->protocols[x] +#define lws_get_vh_protocol(vh, x) vh->protocols[x] + +LWS_EXTERN void +lws_close_free_wsi_final(struct lws *wsi); +LWS_EXTERN void +lws_libuv_closehandle(struct lws *wsi); +LWS_EXTERN void +lws_libuv_closehandle_manually(struct lws *wsi); +LWS_EXTERN int +lws_libuv_check_watcher_active(struct lws *wsi); + +LWS_VISIBLE LWS_EXTERN int +lws_plat_plugins_init(struct lws_context * context, const char * const *d); + +LWS_VISIBLE LWS_EXTERN int +lws_plat_plugins_destroy(struct lws_context * context); + +LWS_EXTERN void +lws_restart_ws_ping_pong_timer(struct lws *wsi); + +struct lws * +lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd); + + +enum { + LWS_EV_READ = (1 << 0), + LWS_EV_WRITE = (1 << 1), + LWS_EV_START = (1 << 2), + LWS_EV_STOP = (1 << 3), + + LWS_EV_PREPARE_DELETION = (1 << 31), +}; + +#if defined(LWS_USE_LIBEV) +LWS_EXTERN void +lws_libev_accept(struct lws *new_wsi, lws_sock_file_fd_type desc); +LWS_EXTERN void +lws_libev_io(struct lws *wsi, int flags); +LWS_EXTERN int +lws_libev_init_fd_table(struct lws_context *context); +LWS_EXTERN void +lws_libev_destroyloop(struct lws_context *context, int tsi); +LWS_EXTERN void +lws_libev_run(const struct lws_context *context, int tsi); +#define LWS_LIBEV_ENABLED(context) lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEV) +LWS_EXTERN void lws_feature_status_libev(struct lws_context_creation_info *info); +#else +#define lws_libev_accept(_a, _b) ((void) 0) +#define lws_libev_io(_a, _b) ((void) 0) +#define lws_libev_init_fd_table(_a) (0) +#define lws_libev_run(_a, _b) ((void) 0) +#define lws_libev_destroyloop(_a, _b) ((void) 0) +#define LWS_LIBEV_ENABLED(context) (0) +#if LWS_POSIX && !defined(LWS_WITH_ESP32) +#define lws_feature_status_libev(_a) \ + lwsl_notice("libev support not compiled in\n") +#else +#define lws_feature_status_libev(_a) +#endif +#endif + +#if defined(LWS_USE_LIBUV) +LWS_EXTERN void +lws_libuv_accept(struct lws *new_wsi, lws_sock_file_fd_type desc); +LWS_EXTERN void +lws_libuv_io(struct lws *wsi, int flags); +LWS_EXTERN int +lws_libuv_init_fd_table(struct lws_context *context); +LWS_EXTERN void +lws_libuv_run(const struct lws_context *context, int tsi); +LWS_EXTERN void +lws_libuv_destroyloop(struct lws_context *context, int tsi); +LWS_EXTERN int +lws_uv_initvhost(struct lws_vhost* vh, struct lws*); +#define LWS_LIBUV_ENABLED(context) lws_check_opt(context->options, LWS_SERVER_OPTION_LIBUV) +LWS_EXTERN void lws_feature_status_libuv(struct lws_context_creation_info *info); +#else +#define lws_libuv_accept(_a, _b) ((void) 0) +#define lws_libuv_io(_a, _b) ((void) 0) +#define lws_libuv_init_fd_table(_a) (0) +#define lws_libuv_run(_a, _b) ((void) 0) +#define lws_libuv_destroyloop(_a, _b) ((void) 0) +#define LWS_LIBUV_ENABLED(context) (0) +#if LWS_POSIX && !defined(LWS_WITH_ESP32) +#define lws_feature_status_libuv(_a) \ + lwsl_notice("libuv support not compiled in\n") +#else +#define lws_feature_status_libuv(_a) +#endif +#endif + +#if defined(LWS_USE_LIBEVENT) +LWS_EXTERN void +lws_libevent_accept(struct lws *new_wsi, lws_sock_file_fd_type desc); +LWS_EXTERN void +lws_libevent_io(struct lws *wsi, int flags); +LWS_EXTERN int +lws_libevent_init_fd_table(struct lws_context *context); +LWS_EXTERN void +lws_libevent_destroyloop(struct lws_context *context, int tsi); +LWS_EXTERN void +lws_libevent_run(const struct lws_context *context, int tsi); +#define LWS_LIBEVENT_ENABLED(context) lws_check_opt(context->options, LWS_SERVER_OPTION_LIBEVENT) +LWS_EXTERN void lws_feature_status_libevent(struct lws_context_creation_info *info); +#else +#define lws_libevent_accept(_a, _b) ((void) 0) +#define lws_libevent_io(_a, _b) ((void) 0) +#define lws_libevent_init_fd_table(_a) (0) +#define lws_libevent_run(_a, _b) ((void) 0) +#define lws_libevent_destroyloop(_a, _b) ((void) 0) +#define LWS_LIBEVENT_ENABLED(context) (0) +#if LWS_POSIX && !defined(LWS_WITH_ESP32) +#define lws_feature_status_libevent(_a) \ + lwsl_notice("libevent support not compiled in\n") +#else +#define lws_feature_status_libevent(_a) +#endif +#endif + + +#ifdef LWS_USE_IPV6 +#define LWS_IPV6_ENABLED(vh) \ + (!lws_check_opt(vh->context->options, LWS_SERVER_OPTION_DISABLE_IPV6) && \ + !lws_check_opt(vh->options, LWS_SERVER_OPTION_DISABLE_IPV6)) +#else +#define LWS_IPV6_ENABLED(context) (0) +#endif + +#ifdef LWS_USE_UNIX_SOCK +#define LWS_UNIX_SOCK_ENABLED(vhost) \ + (vhost->options & LWS_SERVER_OPTION_UNIX_SOCK) +#else +#define LWS_UNIX_SOCK_ENABLED(vhost) (0) +#endif + +typedef union { +#ifdef LWS_USE_IPV6 + struct sockaddr_in6 sa6; +#endif + struct sockaddr_in sa4; +} sockaddr46; + +enum uri_path_states { + URIPS_IDLE, + URIPS_SEEN_SLASH, + URIPS_SEEN_SLASH_DOT, + URIPS_SEEN_SLASH_DOT_DOT, +}; + +enum uri_esc_states { + URIES_IDLE, + URIES_SEEN_PERCENT, + URIES_SEEN_PERCENT_H1, +}; + +/* notice that these union members: + * + * hdr + * http + * http2 + * + * all have a pointer to allocated_headers struct as their first member. + * + * It means for allocated_headers access, the three union paths can all be + * used interchangeably to access the same data + */ + + +#ifndef LWS_NO_CLIENT +struct client_info_stash { + char address[256]; + char path[4096]; + char host[256]; + char origin[256]; + char protocol[256]; + char method[16]; + char iface[16]; +}; +#endif + +struct _lws_header_related { + /* MUST be first in struct */ + struct allocated_headers *ah; + struct lws *ah_wait_list; + unsigned char *preamble_rx; +#ifndef LWS_NO_CLIENT + struct client_info_stash *stash; +#endif + unsigned int preamble_rx_len; + enum uri_path_states ups; + enum uri_esc_states ues; + short lextable_pos; + unsigned int current_token_limit; + + char esc_stash; + char post_literal_equal; + unsigned char parser_state; /* enum lws_token_indexes */ +}; + +#if defined(LWS_WITH_RANGES) +enum range_states { + LWSRS_NO_ACTIVE_RANGE, + LWSRS_BYTES_EQ, + LWSRS_FIRST, + LWSRS_STARTING, + LWSRS_ENDING, + LWSRS_COMPLETED, + LWSRS_SYNTAX, +}; + +struct lws_range_parsing { + unsigned long long start, end, extent, agg, budget; + const char buf[128]; + int pos; + enum range_states state; + char start_valid, end_valid, ctr, count_ranges, did_try, inside, send_ctr; +}; + +int +lws_ranges_init(struct lws *wsi, struct lws_range_parsing *rp, unsigned long long extent); +int +lws_ranges_next(struct lws_range_parsing *rp); +void +lws_ranges_reset(struct lws_range_parsing *rp); +#endif + +struct _lws_http_mode_related { + /* MUST be first in struct */ + struct allocated_headers *ah; /* mirroring _lws_header_related */ + struct lws *ah_wait_list; + unsigned char *preamble_rx; +#ifndef LWS_NO_CLIENT + struct client_info_stash *stash; +#endif + unsigned int preamble_rx_len; + struct lws *new_wsi_list; + lws_filepos_t filepos; + lws_filepos_t filelen; + lws_fop_fd_t fop_fd; + +#if defined(LWS_WITH_RANGES) + struct lws_range_parsing range; + char multipart_content_type[64]; +#endif + + enum http_version request_version; + enum http_connection_type connection_type; + lws_filepos_t content_length; + lws_filepos_t content_remain; +}; + +#ifdef LWS_USE_HTTP2 + +enum lws_http2_settings { + LWS_HTTP2_SETTINGS__HEADER_TABLE_SIZE = 1, + LWS_HTTP2_SETTINGS__ENABLE_PUSH, + LWS_HTTP2_SETTINGS__MAX_CONCURRENT_STREAMS, + LWS_HTTP2_SETTINGS__INITIAL_WINDOW_SIZE, + LWS_HTTP2_SETTINGS__MAX_FRAME_SIZE, + LWS_HTTP2_SETTINGS__MAX_HEADER_LIST_SIZE, + + LWS_HTTP2_SETTINGS__COUNT /* always last */ +}; + +enum lws_http2_wellknown_frame_types { + LWS_HTTP2_FRAME_TYPE_DATA, + LWS_HTTP2_FRAME_TYPE_HEADERS, + LWS_HTTP2_FRAME_TYPE_PRIORITY, + LWS_HTTP2_FRAME_TYPE_RST_STREAM, + LWS_HTTP2_FRAME_TYPE_SETTINGS, + LWS_HTTP2_FRAME_TYPE_PUSH_PROMISE, + LWS_HTTP2_FRAME_TYPE_PING, + LWS_HTTP2_FRAME_TYPE_GOAWAY, + LWS_HTTP2_FRAME_TYPE_WINDOW_UPDATE, + LWS_HTTP2_FRAME_TYPE_CONTINUATION, + + LWS_HTTP2_FRAME_TYPE_COUNT /* always last */ +}; + +enum lws_http2_flags { + LWS_HTTP2_FLAG_END_STREAM = 1, + LWS_HTTP2_FLAG_END_HEADERS = 4, + LWS_HTTP2_FLAG_PADDED = 8, + LWS_HTTP2_FLAG_PRIORITY = 0x20, + + LWS_HTTP2_FLAG_SETTINGS_ACK = 1, +}; + +#define LWS_HTTP2_STREAM_ID_MASTER 0 +#define LWS_HTTP2_FRAME_HEADER_LENGTH 9 +#define LWS_HTTP2_SETTINGS_LENGTH 6 + +struct http2_settings { + unsigned int setting[LWS_HTTP2_SETTINGS__COUNT]; +}; + +enum http2_hpack_state { + + /* optional before first header block */ + HPKS_OPT_PADDING, + HKPS_OPT_E_DEPENDENCY, + HKPS_OPT_WEIGHT, + + /* header block */ + HPKS_TYPE, + + HPKS_IDX_EXT, + + HPKS_HLEN, + HPKS_HLEN_EXT, + + HPKS_DATA, + + /* optional after last header block */ + HKPS_OPT_DISCARD_PADDING, +}; + +enum http2_hpack_type { + HPKT_INDEXED_HDR_7, + HPKT_INDEXED_HDR_6_VALUE_INCR, + HPKT_LITERAL_HDR_VALUE_INCR, + HPKT_INDEXED_HDR_4_VALUE, + HPKT_LITERAL_HDR_VALUE, + HPKT_SIZE_5 +}; + +struct hpack_dt_entry { + int token; /* additions that don't map to a token are ignored */ + int arg_offset; + int arg_len; +}; + +struct hpack_dynamic_table { + struct hpack_dt_entry *entries; + char *args; + int pos; + int next; + int num_entries; + int args_length; +}; + +struct _lws_http2_related { + /* + * having this first lets us also re-use all HTTP union code + * and in turn, http_mode_related has allocated headers in right + * place so we can use the header apis on the wsi directly still + */ + struct _lws_http_mode_related http; /* MUST BE FIRST IN STRUCT */ + + struct http2_settings my_settings; + struct http2_settings peer_settings; + + struct lws *parent_wsi; + struct lws *next_child_wsi; + + struct hpack_dynamic_table *hpack_dyn_table; + struct lws *stream_wsi; + unsigned char ping_payload[8]; + unsigned char one_setting[LWS_HTTP2_SETTINGS_LENGTH]; + + unsigned int count; + unsigned int length; + unsigned int stream_id; + enum http2_hpack_state hpack; + enum http2_hpack_type hpack_type; + unsigned int header_index; + unsigned int hpack_len; + unsigned int hpack_e_dep; + int tx_credit; + unsigned int my_stream_id; + unsigned int child_count; + int my_priority; + + unsigned int END_STREAM:1; + unsigned int END_HEADERS:1; + unsigned int send_END_STREAM:1; + unsigned int GOING_AWAY; + unsigned int requested_POLLOUT:1; + unsigned int waiting_tx_credit:1; + unsigned int huff:1; + unsigned int value:1; + + unsigned short round_robin_POLLOUT; + unsigned short count_POLLOUT_children; + unsigned short hpack_pos; + + unsigned char type; + unsigned char flags; + unsigned char frame_state; + unsigned char padding; + unsigned char hpack_m; + unsigned char initialized; +}; + +#define HTTP2_IS_TOPLEVEL_WSI(wsi) (!wsi->u.http2.parent_wsi) + +#endif + +struct _lws_websocket_related { + /* cheapest way to deal with ah overlap with ws union transition */ + struct _lws_header_related hdr; + char *rx_ubuf; + unsigned int rx_ubuf_alloc; + struct lws *rx_draining_ext_list; + struct lws *tx_draining_ext_list; + time_t time_next_ping_check; + size_t rx_packet_length; + unsigned int rx_ubuf_head; + unsigned char mask[4]; + /* Also used for close content... control opcode == < 128 */ + unsigned char ping_payload_buf[128 - 3 + LWS_PRE]; + + unsigned char ping_payload_len; + unsigned char mask_idx; + unsigned char opcode; + unsigned char rsv; + unsigned char rsv_first_msg; + /* zero if no info, or length including 2-byte close code */ + unsigned char close_in_ping_buffer_len; + unsigned char utf8; + unsigned char stashed_write_type; + unsigned char tx_draining_stashed_wp; + + unsigned int final:1; + unsigned int frame_is_binary:1; + unsigned int all_zero_nonce:1; + unsigned int this_frame_masked:1; + unsigned int inside_frame:1; /* next write will be more of frame */ + unsigned int clean_buffer:1; /* buffer not rewritten by extension */ + unsigned int payload_is_close:1; /* process as PONG, but it is close */ + unsigned int ping_pending_flag:1; + unsigned int continuation_possible:1; + unsigned int owed_a_fin:1; + unsigned int check_utf8:1; + unsigned int defeat_check_utf8:1; + unsigned int pmce_compressed_message:1; + unsigned int stashed_write_pending:1; + unsigned int rx_draining_ext:1; + unsigned int tx_draining_ext:1; + unsigned int send_check_ping:1; + unsigned int first_fragment:1; +}; + +#ifdef LWS_WITH_CGI + +enum { + SIGNIFICANT_HDR_CONTENT_LENGTH, + SIGNIFICANT_HDR_LOCATION, + SIGNIFICANT_HDR_STATUS, + SIGNIFICANT_HDR_TRANSFER_ENCODING, + + SIGNIFICANT_HDR_COUNT +}; + +/* wsi who is master of the cgi points to an lws_cgi */ + +struct lws_cgi { + struct lws_cgi *cgi_list; + struct lws *stdwsi[3]; /* points to the associated stdin/out/err wsis */ + struct lws *wsi; /* owner */ + unsigned char *headers_buf; + unsigned char *headers_pos; + unsigned char *headers_dumped; + unsigned char *headers_end; + lws_filepos_t content_length; + lws_filepos_t content_length_seen; + int pipe_fds[3][2]; + int match[SIGNIFICANT_HDR_COUNT]; + int pid; + int response_code; + int lp; + char l[12]; + + unsigned int being_closed:1; + unsigned int explicitly_chunked:1; + + unsigned char chunked_grace; +}; +#endif + +signed char char_to_hex(const char c); + +#ifndef LWS_NO_CLIENT +enum lws_chunk_parser { + ELCP_HEX, + ELCP_CR, + ELCP_CONTENT, + ELCP_POST_CR, + ELCP_POST_LF, +}; +#endif + +struct lws_rewrite; + +#ifdef LWS_WITH_ACCESS_LOG +struct lws_access_log { + char *header_log; + char *user_agent; + unsigned long sent; + int response; +}; +#endif + +struct lws { + + /* structs */ + /* members with mutually exclusive lifetimes are unionized */ + + union u { + struct _lws_http_mode_related http; +#ifdef LWS_USE_HTTP2 + struct _lws_http2_related http2; +#endif + struct _lws_header_related hdr; + struct _lws_websocket_related ws; + } u; + + /* lifetime members */ + +#if defined(LWS_USE_LIBEV) || defined(LWS_USE_LIBUV) || defined(LWS_USE_LIBEVENT) + struct lws_io_watcher w_read; +#endif +#if defined(LWS_USE_LIBEV) || defined(LWS_USE_LIBEVENT) + struct lws_io_watcher w_write; +#endif + time_t pending_timeout_limit; + + /* pointers */ + + struct lws_context *context; + struct lws_vhost *vhost; + struct lws *parent; /* points to parent, if any */ + struct lws *child_list; /* points to first child */ + struct lws *sibling_list; /* subsequent children at same level */ +#ifdef LWS_WITH_CGI + struct lws_cgi *cgi; /* wsi being cgi master have one of these */ +#endif + const struct lws_protocols *protocol; + struct lws **same_vh_protocol_prev, *same_vh_protocol_next; + struct lws *timeout_list; + struct lws **timeout_list_prev; +#ifdef LWS_WITH_ACCESS_LOG + struct lws_access_log access_log; +#endif + void *user_space; + void *opaque_parent_data; + /* rxflow handling */ + unsigned char *rxflow_buffer; + /* truncated send handling */ + unsigned char *trunc_alloc; /* non-NULL means buffering in progress */ + +#if defined (LWS_WITH_ESP8266) + void *premature_rx; + unsigned short prem_rx_size, prem_rx_pos; +#endif + +#ifndef LWS_NO_EXTENSIONS + const struct lws_extension *active_extensions[LWS_MAX_EXTENSIONS_ACTIVE]; + void *act_ext_user[LWS_MAX_EXTENSIONS_ACTIVE]; +#endif +#ifdef LWS_OPENSSL_SUPPORT + SSL *ssl; + BIO *client_bio; + struct lws *pending_read_list_prev, *pending_read_list_next; +#if defined(LWS_WITH_STATS) + uint64_t accept_start_us; + char seen_rx; +#endif +#endif +#ifdef LWS_WITH_HTTP_PROXY + struct lws_rewrite *rw; +#endif +#ifdef LWS_LATENCY + unsigned long action_start; + unsigned long latency_start; +#endif + lws_sock_file_fd_type desc; /* .filefd / .sockfd */ +#if defined(LWS_WITH_STATS) + uint64_t active_writable_req_us; +#endif + /* ints */ + int position_in_fds_table; + int rxflow_len; + int rxflow_pos; + unsigned int trunc_alloc_len; /* size of malloc */ + unsigned int trunc_offset; /* where we are in terms of spilling */ + unsigned int trunc_len; /* how much is buffered */ +#ifndef LWS_NO_CLIENT + int chunk_remaining; +#endif + unsigned int cache_secs; + + unsigned int hdr_parsing_completed:1; + unsigned int http2_substream:1; + unsigned int listener:1; + unsigned int user_space_externally_allocated:1; + unsigned int socket_is_permanently_unusable:1; + unsigned int rxflow_change_to:2; + unsigned int more_rx_waiting:1; /* has to live here since ah may stick to end */ + unsigned int conn_stat_done:1; + unsigned int cache_reuse:1; + unsigned int cache_revalidate:1; + unsigned int cache_intermediaries:1; + unsigned int favoured_pollin:1; + unsigned int sending_chunked:1; + unsigned int already_did_cce:1; + unsigned int told_user_closed:1; + unsigned int waiting_to_send_close_frame:1; + unsigned int ipv6:1; + unsigned int parent_carries_io:1; + unsigned int parent_pending_cb_on_writable:1; + +#if defined(LWS_WITH_ESP8266) + unsigned int pending_send_completion:3; + unsigned int close_is_pending_send_completion:1; +#endif +#ifdef LWS_WITH_ACCESS_LOG + unsigned int access_log_pending:1; +#endif +#ifndef LWS_NO_CLIENT + unsigned int do_ws:1; /* whether we are doing http or ws flow */ + unsigned int chunked:1; /* if the clientside connection is chunked */ + unsigned int client_rx_avail:1; + unsigned int client_http_body_pending:1; +#endif +#ifdef LWS_WITH_HTTP_PROXY + unsigned int perform_rewrite:1; +#endif +#ifndef LWS_NO_EXTENSIONS + unsigned int extension_data_pending:1; +#endif +#ifdef LWS_OPENSSL_SUPPORT + unsigned int use_ssl:4; +#endif +#ifdef _WIN32 + unsigned int sock_send_blocking:1; +#endif +#ifdef LWS_OPENSSL_SUPPORT + unsigned int redirect_to_https:1; +#endif + + /* volatile to make sure code is aware other thread can change */ + volatile unsigned int handling_pollout:1; + volatile unsigned int leave_pollout_active:1; + +#ifndef LWS_NO_CLIENT + unsigned short c_port; +#endif + + /* chars */ +#ifndef LWS_NO_EXTENSIONS + unsigned char count_act_ext; +#endif + unsigned char ietf_spec_revision; + char mode; /* enum connection_mode */ + char state; /* enum lws_connection_states */ + char state_pre_close; + char lws_rx_parse_state; /* enum lws_rx_parse_state */ + char rx_frame_type; /* enum lws_write_protocol */ + char pending_timeout; /* enum pending_timeout */ + char pps; /* enum lws_pending_protocol_send */ + char tsi; /* thread service index we belong to */ + char protocol_interpret_idx; + char redirects; +#ifdef LWS_WITH_CGI + char cgi_channel; /* which of stdin/out/err */ + char hdr_state; +#endif +#ifndef LWS_NO_CLIENT + char chunk_parser; /* enum lws_chunk_parser */ +#endif +#if defined(LWS_WITH_CGI) || !defined(LWS_NO_CLIENT) + char reason_bf; /* internal writeable callback reason bitfield */ +#endif +}; + +LWS_EXTERN int log_level; + +LWS_EXTERN int +lws_socket_bind(struct lws_vhost *vhost, lws_sockfd_type sockfd, int port, + const char *iface); + +#if defined(LWS_USE_IPV6) +LWS_EXTERN unsigned long +lws_get_addr_scope(const char *ipaddr); +#endif + +LWS_EXTERN void +lws_close_free_wsi(struct lws *wsi, enum lws_close_status); + +LWS_EXTERN int +remove_wsi_socket_from_fds(struct lws *wsi); +LWS_EXTERN int +lws_rxflow_cache(struct lws *wsi, unsigned char *buf, int n, int len); + +#ifndef LWS_LATENCY +static inline void +lws_latency(struct lws_context *context, struct lws *wsi, const char *action, + int ret, int completion) { + do { + (void)context; (void)wsi; (void)action; (void)ret; + (void)completion; + } while (0); +} +static inline void +lws_latency_pre(struct lws_context *context, struct lws *wsi) { + do { (void)context; (void)wsi; } while (0); +} +#else +#define lws_latency_pre(_context, _wsi) lws_latency(_context, _wsi, NULL, 0, 0) +extern void +lws_latency(struct lws_context *context, struct lws *wsi, const char *action, + int ret, int completion); +#endif + +LWS_EXTERN void +lws_set_protocol_write_pending(struct lws *wsi, + enum lws_pending_protocol_send pend); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_client_rx_sm(struct lws *wsi, unsigned char c); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_parse(struct lws *wsi, unsigned char c); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_http_action(struct lws *wsi); + +LWS_EXTERN int +lws_b64_selftest(void); + +LWS_EXTERN int +lws_service_flag_pending(struct lws_context *context, int tsi); + +#if defined(_WIN32) || defined(LWS_WITH_ESP8266) +LWS_EXTERN struct lws * +wsi_from_fd(const struct lws_context *context, lws_sockfd_type fd); + +LWS_EXTERN int +insert_wsi(struct lws_context *context, struct lws *wsi); + +LWS_EXTERN int +delete_from_fd(struct lws_context *context, lws_sockfd_type fd); +#else +#define wsi_from_fd(A,B) A->lws_lookup[B] +#define insert_wsi(A,B) assert(A->lws_lookup[B->desc.sockfd] == 0); A->lws_lookup[B->desc.sockfd]=B +#define delete_from_fd(A,B) A->lws_lookup[B]=0 +#endif + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +insert_wsi_socket_into_fds(struct lws_context *context, struct lws *wsi); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_issue_raw(struct lws *wsi, unsigned char *buf, size_t len); + + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_service_timeout_check(struct lws *wsi, unsigned int sec); + +LWS_EXTERN void +lws_remove_from_timeout_list(struct lws *wsi); + +LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT +lws_client_connect_2(struct lws *wsi); + +LWS_VISIBLE struct lws * LWS_WARN_UNUSED_RESULT +lws_client_reset(struct lws **wsi, int ssl, const char *address, int port, + const char *path, const char *host); + +LWS_EXTERN struct lws * LWS_WARN_UNUSED_RESULT +lws_create_new_server_wsi(struct lws_vhost *vhost); + +LWS_EXTERN char * LWS_WARN_UNUSED_RESULT +lws_generate_client_handshake(struct lws *wsi, char *pkt); + +LWS_EXTERN int +lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd); + +LWS_EXTERN struct lws * +lws_client_connect_via_info2(struct lws *wsi); + +/* + * EXTENSIONS + */ + +#ifndef LWS_NO_EXTENSIONS +LWS_VISIBLE void +lws_context_init_extensions(struct lws_context_creation_info *info, + struct lws_context *context); +LWS_EXTERN int +lws_any_extension_handled(struct lws *wsi, enum lws_extension_callback_reasons r, + void *v, size_t len); + +LWS_EXTERN int +lws_ext_cb_active(struct lws *wsi, int reason, void *buf, int len); +LWS_EXTERN int +lws_ext_cb_all_exts(struct lws_context *context, struct lws *wsi, int reason, + void *arg, int len); + +#else +#define lws_any_extension_handled(_a, _b, _c, _d) (0) +#define lws_ext_cb_active(_a, _b, _c, _d) (0) +#define lws_ext_cb_all_exts(_a, _b, _c, _d, _e) (0) +#define lws_issue_raw_ext_access lws_issue_raw +#define lws_context_init_extensions(_a, _b) +#endif + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_client_interpret_server_handshake(struct lws *wsi); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_rx_sm(struct lws *wsi, unsigned char c); + +LWS_EXTERN int +lws_payload_until_length_exhausted(struct lws *wsi, unsigned char **buf, size_t *len); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_issue_raw_ext_access(struct lws *wsi, unsigned char *buf, size_t len); + +LWS_EXTERN void +lws_union_transition(struct lws *wsi, enum connection_mode mode); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +user_callback_handle_rxflow(lws_callback_function, struct lws *wsi, + enum lws_callback_reasons reason, void *user, + void *in, size_t len); +#ifdef LWS_USE_HTTP2 +LWS_EXTERN struct lws *lws_http2_get_network_wsi(struct lws *wsi); +struct lws * lws_http2_get_nth_child(struct lws *wsi, int n); +LWS_EXTERN int +lws_http2_interpret_settings_payload(struct http2_settings *settings, + unsigned char *buf, int len); +LWS_EXTERN void lws_http2_init(struct http2_settings *settings); +LWS_EXTERN int +lws_http2_parser(struct lws *wsi, unsigned char c); +LWS_EXTERN int lws_http2_do_pps_send(struct lws_context *context, + struct lws *wsi); +LWS_EXTERN int lws_http2_frame_write(struct lws *wsi, int type, int flags, + unsigned int sid, unsigned int len, + unsigned char *buf); +LWS_EXTERN struct lws * +lws_http2_wsi_from_id(struct lws *wsi, unsigned int sid); +LWS_EXTERN int lws_hpack_interpret(struct lws *wsi, + unsigned char c); +LWS_EXTERN int +lws_add_http2_header_by_name(struct lws *wsi, + const unsigned char *name, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end); +LWS_EXTERN int +lws_add_http2_header_by_token(struct lws *wsi, + enum lws_token_indexes token, + const unsigned char *value, int length, + unsigned char **p, unsigned char *end); +LWS_EXTERN int +lws_add_http2_header_status(struct lws *wsi, + unsigned int code, unsigned char **p, + unsigned char *end); +LWS_EXTERN +void lws_http2_configure_if_upgraded(struct lws *wsi); +#else +#define lws_http2_configure_if_upgraded(x) +#endif + +LWS_EXTERN int +lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd); + +LWS_EXTERN int +lws_plat_check_connection_error(struct lws *wsi); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_header_table_attach(struct lws *wsi, int autoservice); + +LWS_EXTERN int +lws_header_table_detach(struct lws *wsi, int autoservice); + +LWS_EXTERN void +lws_header_table_reset(struct lws *wsi, int autoservice); +void +_lws_header_table_reset(struct allocated_headers *ah); + +void +lws_header_table_force_to_detachable_state(struct lws *wsi); +int +lws_header_table_is_in_detachable_state(struct lws *wsi); + +LWS_EXTERN char * LWS_WARN_UNUSED_RESULT +lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h, const char *s); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ensure_user_space(struct lws *wsi); + +LWS_EXTERN int +lws_change_pollfd(struct lws *wsi, int _and, int _or); + +#ifndef LWS_NO_SERVER +int lws_context_init_server(struct lws_context_creation_info *info, + struct lws_vhost *vhost); +LWS_EXTERN struct lws_vhost * +lws_select_vhost(struct lws_context *context, int port, const char *servername); +LWS_EXTERN int +handshake_0405(struct lws_context *context, struct lws *wsi); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_interpret_incoming_packet(struct lws *wsi, unsigned char **buf, size_t len); +LWS_EXTERN void +lws_server_get_canonical_hostname(struct lws_context *context, + struct lws_context_creation_info *info); +#else +#define lws_context_init_server(_a, _b) (0) +#define lws_interpret_incoming_packet(_a, _b, _c) (0) +#define lws_server_get_canonical_hostname(_a, _b) +#endif + +#ifndef LWS_NO_DAEMONIZE +LWS_EXTERN int get_daemonize_pid(); +#else +#define get_daemonize_pid() (0) +#endif + +#if !defined(LWS_WITH_ESP8266) +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +interface_to_sa(struct lws_vhost *vh, const char *ifname, + struct sockaddr_in *addr, size_t addrlen); +#endif +LWS_EXTERN void lwsl_emit_stderr(int level, const char *line); + +enum lws_ssl_capable_status { + LWS_SSL_CAPABLE_ERROR = -1, + LWS_SSL_CAPABLE_MORE_SERVICE = -2, +}; + +#ifndef LWS_OPENSSL_SUPPORT +#define LWS_SSL_ENABLED(context) (0) +#define lws_context_init_server_ssl(_a, _b) (0) +#define lws_ssl_destroy(_a) +#define lws_context_init_http2_ssl(_a) +#define lws_ssl_capable_read lws_ssl_capable_read_no_ssl +#define lws_ssl_capable_write lws_ssl_capable_write_no_ssl +#define lws_ssl_pending lws_ssl_pending_no_ssl +#define lws_server_socket_service_ssl(_b, _c) (0) +#define lws_ssl_close(_a) (0) +#define lws_ssl_context_destroy(_a) +#define lws_ssl_SSL_CTX_destroy(_a) +#define lws_ssl_remove_wsi_from_buffered_list(_a) +#define lws_context_init_ssl_library(_a) +#else +#define LWS_SSL_ENABLED(context) (context->use_ssl) +LWS_EXTERN int openssl_websocket_private_data_index; +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_pending(struct lws *wsi); +LWS_EXTERN int +lws_context_init_ssl_library(struct lws_context_creation_info *info); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_server_socket_service_ssl(struct lws *new_wsi, lws_sockfd_type accept_fd); +LWS_EXTERN int +lws_ssl_close(struct lws *wsi); +LWS_EXTERN void +lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost); +LWS_EXTERN void +lws_ssl_context_destroy(struct lws_context *context); +LWS_VISIBLE void +lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); +LWS_EXTERN int +lws_ssl_client_bio_create(struct lws *wsi); +LWS_EXTERN int +lws_ssl_client_connect1(struct lws *wsi); +LWS_EXTERN int +lws_ssl_client_connect2(struct lws *wsi); +LWS_EXTERN void +lws_ssl_elaborate_error(void); +#ifndef LWS_NO_SERVER +LWS_EXTERN int +lws_context_init_server_ssl(struct lws_context_creation_info *info, + struct lws_vhost *vhost); +#else +#define lws_context_init_server_ssl(_a, _b) (0) +#endif +LWS_EXTERN void +lws_ssl_destroy(struct lws_vhost *vhost); +/* HTTP2-related */ + +#ifdef LWS_USE_HTTP2 +LWS_EXTERN void +lws_context_init_http2_ssl(struct lws_vhost *vhost); +#else +#define lws_context_init_http2_ssl(_a) +#endif +#endif + +#if LWS_MAX_SMP > 1 +static LWS_INLINE void +lws_pt_mutex_init(struct lws_context_per_thread *pt) +{ + pthread_mutex_init(&pt->lock, NULL); +} + +static LWS_INLINE void +lws_pt_mutex_destroy(struct lws_context_per_thread *pt) +{ + pthread_mutex_destroy(&pt->lock); +} + +static LWS_INLINE void +lws_pt_lock(struct lws_context_per_thread *pt) +{ + if (!pt->lock_depth++) + pthread_mutex_lock(&pt->lock); +} + +static LWS_INLINE void +lws_pt_unlock(struct lws_context_per_thread *pt) +{ + if (!(--pt->lock_depth)) + pthread_mutex_unlock(&pt->lock); +} +#else +#define lws_pt_mutex_init(_a) (void)(_a) +#define lws_pt_mutex_destroy(_a) (void)(_a) +#define lws_pt_lock(_a) (void)(_a) +#define lws_pt_unlock(_a) (void)(_a) +#endif + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_capable_read_no_ssl(struct lws *wsi, unsigned char *buf, int len); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_capable_write_no_ssl(struct lws *wsi, unsigned char *buf, int len); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_ssl_pending_no_ssl(struct lws *wsi); + +#ifdef LWS_WITH_HTTP_PROXY +struct lws_rewrite { + hubbub_parser *parser; + hubbub_parser_optparams params; + const char *from, *to; + int from_len, to_len; + unsigned char *p, *end; + struct lws *wsi; +}; +static LWS_INLINE int hstrcmp(hubbub_string *s, const char *p, int len) +{ + if (s->len != len) + return 1; + + return strncmp((const char *)s->ptr, p, len); +} +typedef hubbub_error (*hubbub_callback_t)(const hubbub_token *token, void *pw); +LWS_EXTERN struct lws_rewrite * +lws_rewrite_create(struct lws *wsi, hubbub_callback_t cb, const char *from, const char *to); +LWS_EXTERN void +lws_rewrite_destroy(struct lws_rewrite *r); +LWS_EXTERN int +lws_rewrite_parse(struct lws_rewrite *r, const unsigned char *in, int in_len); +#endif + +#ifndef LWS_NO_CLIENT +LWS_EXTERN int lws_client_socket_service(struct lws_context *context, + struct lws *wsi, + struct lws_pollfd *pollfd); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_http_transaction_completed_client(struct lws *wsi); +#ifdef LWS_OPENSSL_SUPPORT +LWS_EXTERN int +lws_context_init_client_ssl(struct lws_context_creation_info *info, + struct lws_vhost *vhost); + +LWS_EXTERN void +lws_ssl_info_callback(const SSL *ssl, int where, int ret); + +#else + #define lws_context_init_client_ssl(_a, _b) (0) +#endif +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_handshake_client(struct lws *wsi, unsigned char **buf, size_t len); +LWS_EXTERN void +lws_decode_ssl_error(void); +#else +#define lws_context_init_client_ssl(_a, _b) (0) +#define lws_handshake_client(_a, _b, _c) (0) +#endif + +LWS_EXTERN int +_lws_rx_flow_control(struct lws *wsi); + +LWS_EXTERN int +_lws_change_pollfd(struct lws *wsi, int _and, int _or, struct lws_pollargs *pa); + +#ifndef LWS_NO_SERVER +LWS_EXTERN int +lws_server_socket_service(struct lws_context *context, struct lws *wsi, + struct lws_pollfd *pollfd); +LWS_EXTERN int +lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len); +#else +#define lws_server_socket_service(_a, _b, _c) (0) +#define lws_handshake_server(_a, _b, _c) (0) +#endif + +#ifdef LWS_WITH_ACCESS_LOG +LWS_EXTERN int +lws_access_log(struct lws *wsi); +#else +#define lws_access_log(_a) +#endif + +LWS_EXTERN int +lws_cgi_kill_terminated(struct lws_context_per_thread *pt); + +int +lws_protocol_init(struct lws_context *context); + +int +lws_bind_protocol(struct lws *wsi, const struct lws_protocols *p); + +const struct lws_http_mount * +lws_find_mount(struct lws *wsi, const char *uri_ptr, int uri_len); + +/* + * custom allocator + */ +LWS_EXTERN void * +lws_realloc(void *ptr, size_t size); + +LWS_EXTERN void * LWS_WARN_UNUSED_RESULT +lws_zalloc(size_t size); + +#ifdef LWS_PLAT_OPTEE +void *lws_malloc(size_t size); +void lws_free(void *p); +#define lws_free_set_NULL(P) do { lws_free(P); (P) = NULL; } while(0) +#else +#define lws_malloc(S) lws_realloc(NULL, S) +#define lws_free(P) lws_realloc(P, 0) +#define lws_free_set_NULL(P) do { lws_realloc(P, 0); (P) = NULL; } while(0) +#endif + +const struct lws_plat_file_ops * +lws_vfs_select_fops(const struct lws_plat_file_ops *fops, const char *vfs_path, + const char **vpath); + +/* lws_plat_ */ +LWS_EXTERN void +lws_plat_delete_socket_from_fds(struct lws_context *context, + struct lws *wsi, int m); +LWS_EXTERN void +lws_plat_insert_socket_into_fds(struct lws_context *context, + struct lws *wsi); +LWS_EXTERN void +lws_plat_service_periodic(struct lws_context *context); + +LWS_EXTERN int +lws_plat_change_pollfd(struct lws_context *context, struct lws *wsi, + struct lws_pollfd *pfd); +LWS_EXTERN void +lws_add_wsi_to_draining_ext_list(struct lws *wsi); +LWS_EXTERN void +lws_remove_wsi_from_draining_ext_list(struct lws *wsi); +LWS_EXTERN int +lws_plat_context_early_init(void); +LWS_EXTERN void +lws_plat_context_early_destroy(struct lws_context *context); +LWS_EXTERN void +lws_plat_context_late_destroy(struct lws_context *context); +LWS_EXTERN int +lws_poll_listen_fd(struct lws_pollfd *fd); +LWS_EXTERN int +lws_plat_service(struct lws_context *context, int timeout_ms); +LWS_EXTERN LWS_VISIBLE int +_lws_plat_service_tsi(struct lws_context *context, int timeout_ms, int tsi); +LWS_EXTERN int +lws_plat_init(struct lws_context *context, + struct lws_context_creation_info *info); +LWS_EXTERN void +lws_plat_drop_app_privileges(struct lws_context_creation_info *info); +LWS_EXTERN unsigned long long +time_in_microseconds(void); +LWS_EXTERN const char * LWS_WARN_UNUSED_RESULT +lws_plat_inet_ntop(int af, const void *src, char *dst, int cnt); +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_plat_inet_pton(int af, const char *src, void *dst); + +LWS_EXTERN int LWS_WARN_UNUSED_RESULT +lws_check_utf8(unsigned char *state, unsigned char *buf, size_t len); +LWS_EXTERN int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount); +LWS_EXTERN int alloc_pem_to_der_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount); + +LWS_EXTERN void +lws_same_vh_protocol_remove(struct lws *wsi); +LWS_EXTERN void +lws_same_vh_protocol_insert(struct lws *wsi, int n); + +#if defined(LWS_WITH_STATS) +void +lws_stats_atomic_bump(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t bump); +void +lws_stats_atomic_max(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t val); +#else +static inline uint64_t lws_stats_atomic_bump(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t bump) { + (void)context; (void)pt; (void)index; (void)bump; return 0; } +static inline uint64_t lws_stats_atomic_max(struct lws_context * context, + struct lws_context_per_thread *pt, int index, uint64_t val) { + (void)context; (void)pt; (void)index; (void)val; return 0; } +#endif + +/* socks */ +void socks_generate_msg(struct lws *wsi, enum socks_msg_type type, + size_t *msg_len); + +#ifdef __cplusplus +}; +#endif diff --git a/lib/roles/http/server/ranges.c b/lib/ranges.c similarity index 96% rename from lib/roles/http/server/ranges.c rename to lib/ranges.c index 56ba748..4d29540 100644 --- a/lib/roles/http/server/ranges.c +++ b/lib/ranges.c @@ -21,7 +21,7 @@ * MA 02110-1301 USA */ -#include "core/private.h" +#include "private-libwebsockets.h" /* * RFC7233 examples @@ -67,10 +67,11 @@ int lws_ranges_next(struct lws_range_parsing *rp) { static const char * const beq = "bytes="; + char c; while (1) { - char c = rp->buf[rp->pos]; + c = rp->buf[rp->pos]; switch (rp->state) { case LWSRS_SYNTAX: @@ -120,10 +121,7 @@ lws_ranges_next(struct lws_range_parsing *rp) if (c == ',') rp->pos++; - /* - * By the end of this, start and end are - * always valid if the range still is - */ + /* by the end of this, start and end are always valid if the range still is */ if (!rp->start_valid) { /* eg, -500 */ if (rp->end > rp->extent) diff --git a/lib/roles/http/server/rewrite.c b/lib/rewrite.c similarity index 78% rename from lib/roles/http/server/rewrite.c rename to lib/rewrite.c index eca443a..60a813d 100644 --- a/lib/roles/http/server/rewrite.c +++ b/lib/rewrite.c @@ -1,12 +1,10 @@ -#include "core/private.h" +#include "private-libwebsockets.h" -#if defined(LWS_WITH_HUBBUB) LWS_EXTERN struct lws_rewrite * -lws_rewrite_create(struct lws *wsi, hubbub_callback_t cb, const char *from, - const char *to) +lws_rewrite_create(struct lws *wsi, hubbub_callback_t cb, const char *from, const char *to) { - struct lws_rewrite *r = lws_malloc(sizeof(*r), "rewrite"); + struct lws_rewrite *r = lws_malloc(sizeof(*r)); if (!r) { lwsl_err("OOM\n"); @@ -39,7 +37,7 @@ LWS_EXTERN int lws_rewrite_parse(struct lws_rewrite *r, const unsigned char *in, int in_len) { - if (r && hubbub_parser_parse_chunk(r->parser, in, in_len) != HUBBUB_OK) + if (hubbub_parser_parse_chunk(r->parser, in, in_len) != HUBBUB_OK) return -1; return 0; @@ -52,4 +50,3 @@ lws_rewrite_destroy(struct lws_rewrite *r) lws_free(r); } -#endif diff --git a/lib/roles/README.md b/lib/roles/README.md deleted file mode 100644 index 7905cfa..0000000 --- a/lib/roles/README.md +++ /dev/null @@ -1,161 +0,0 @@ -## Information for new role implementers - -### Introduction - -In lws the "role" is the job the wsi is doing in the system, eg, -being an http1 or h2, or ws connection, or being a listen socket, etc. - -This is different than, eg, a new ws protocol or a different callback -for an existing role. A new role is needed when you want to add support for -something completely new, like a completely new wire protocol that -doesn't use http or ws. - -So... what's the point of implementing the protocol inside the lws role framework? - -You inherit all the well-maintained lws core functionality around: - - - connection lifecycle sequencing in a valgrind-clean way - - - proxy support, HTTP and Socks5 - - - tls support working equally on mbedTLS and OpenSSL and derivatives without any code in the role - - - apis for cert lifecycle management and parsing - - - event loop support working on all the lws event loops (poll, libuv , ev, and event) - - - clean connection tracking and closing even on advanced event loops - - - user code follows the same simple callbacks on wsi - - - multi-vhost support - - - core multithreaded service support with usually no locking requirement on the role code - - - direct compatibility with all other lws roles + protocols in the same event loop - - - compatibility with higher-level stuff like lwsws as the server application - -### Code placement - -The code specific to that role should live in `./lib/roles/**role name**` - -If a role is asymmetic between a client and server side, like http is, it -should generally be implemented as a single role. - -### Allowing control over enabling roles - -All roles should add a cmake define `LWS_ROLE_**role name**` and make its build -dependent on it in CMakeLists.txt. Export the cmakedefine in `./cmake/lws_config.h.in` -as well so user builds can understand if the role is available in the lws build it is -trying to bind to. - -If the role is disabled in cmake, nothing in its directory is built. - -### Role ops struct - -The role is defined by `struct lws_role_ops` in `lib/roles/private.h`, -each role instantiates one of these and fills in the appropriate ops -callbacks to perform its job. By convention that lives in -`./lib/roles/**role name**/ops-**role_name**.c`. - -### Private role declarations - -Truly private declarations for the role can go in the role directory as you like. -However when the declarations must be accessible to other things in lws build, eg, -the role adds members to `struct lws` when enabled, they should be in the role -directory in a file `private.h`. - -Search for "bring in role private declarations" in `./lib/roles/private.h -and add your private role file there following the style used for the other roles, -eg, - -``` -#if defined(LWS_ROLE_WS) - #include "roles/ws/private.h" -#else - #define lwsi_role_ws(wsi) (0) -#endif -``` - -If the role is disabled at cmake, nothing from its private.h should be used anywhere. - -### Integrating role assets to lws - -If your role needs special storage in lws objects, that's no problem. But to keep -things sane, there are some rules. - - - declare a "container struct" in your private.h for everything, eg, the ws role wants - to add storage in lws_vhost for enabled extensions, it declares in its private.h - -``` -struct lws_vhost_role_ws { -#if !defined(LWS_WITHOUT_EXTENSIONS) - const struct lws_extension *extensions; -#endif -}; -``` - - - add your role content in one place in the lws struct, protected by `#if defined(LWS_ROLE_**role name**)`, - eg, again for LWS_ROLE_WS - -``` - struct lws_vhost { - -... - -#if defined(LWS_ROLE_WS) - struct lws_vhost_role_ws ws; -#endif - -... -``` - -### Adding to lws available roles list - -Edit the NULL-terminated array `available_roles` at the top of `./lib/core/context.c` to include -a pointer to your new role's ops struct, following the style already there. - -``` -const struct lws_role_ops * available_roles[] = { -#if defined(LWS_ROLE_H2) - &role_ops_h2, -#endif -... -``` - -This makes lws aware that your role exists, and it can auto-generate some things like -ALPN lists, and call your role ops callbacks for things like hooking vhost creation. - -### Enabling role adoption - -The primary way wsi get bound to a specific role is via the lws adoption api -`lws_adopt_descriptor_vhost()`. Add flags as necessary in `./include/libwebsockets/lws-adopt.h` -`enum lws_adoption_type` and follow the existing code in `lws_adopt_descriptor_vhost()` -to bind a wsi with suitable flags to your role ops. - -### Implementation of the role - -After that plumbing-in is completed, the role ops you declare are "live" on a wsi -bound to them via the adoption api. - -The core support for wsis in lws has some generic concepts - - - the wsi holds a pointer member `role_ops` that indicates which role ops the - wsi is bound to - - - the wsi holds a generic uint32 `wsistate` that contains role flags and wsi state - - - role flags are provided (LWSIFR_CLIENT, LWSIFR_SERVER) to differentiate between - client and server connections inside a wsi, along with helpers `lwsi_role_client(wsi)` - and `lwsi_role_server(wsi)`. - - - lws provides around 30 generic states for the wsi starting from 'unconnected' through - various proxy or tunnel states, to 'established', and then various states shutting - down until 'dead socket'. The states have testable flags and helpers to discover if - the wsi state is before establishment `lwsi_state_est(wsi)` and if in the state it is - in, it can handle pollout `lwsi_state_can_handle_POLLOUT(wsi)`. - - - You set the initial binding, role flags and state using `lws_role_transition()`. Afterwards - you can adjust the state using `lwsi_set_state()`. - diff --git a/lib/roles/cgi/cgi-server.c b/lib/roles/cgi/cgi-server.c deleted file mode 100644 index b064aae..0000000 --- a/lib/roles/cgi/cgi-server.c +++ /dev/null @@ -1,1242 +0,0 @@ -/* - * libwebsockets - CGI management - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#define _GNU_SOURCE - -#include "core/private.h" - -#if defined(WIN32) || defined(_WIN32) -#else -#include -#endif - -static const char *hex = "0123456789ABCDEF"; - -static int -urlencode(const char *in, int inlen, char *out, int outlen) -{ - char *start = out, *end = out + outlen; - - while (inlen-- && out < end - 4) { - if ((*in >= 'A' && *in <= 'Z') || - (*in >= 'a' && *in <= 'z') || - (*in >= '0' && *in <= '9') || - *in == '-' || - *in == '_' || - *in == '.' || - *in == '~') { - *out++ = *in++; - continue; - } - if (*in == ' ') { - *out++ = '+'; - in++; - continue; - } - *out++ = '%'; - *out++ = hex[(*in) >> 4]; - *out++ = hex[(*in++) & 15]; - } - *out = '\0'; - - if (out >= end - 4) - return -1; - - return out - start; -} - -static struct lws * -lws_create_basic_wsi(struct lws_context *context, int tsi) -{ - struct lws *new_wsi; - - if (!context->vhost_list) - return NULL; - - if ((unsigned int)context->pt[tsi].fds_count == - context->fd_limit_per_thread - 1) { - lwsl_err("no space for new conn\n"); - return NULL; - } - - new_wsi = lws_zalloc(sizeof(struct lws), "new wsi"); - if (new_wsi == NULL) { - lwsl_err("Out of memory for new connection\n"); - return NULL; - } - - new_wsi->tsi = tsi; - new_wsi->context = context; - new_wsi->pending_timeout = NO_PENDING_TIMEOUT; - new_wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; - - /* initialize the instance struct */ - - lws_role_transition(new_wsi, 0, LRS_ESTABLISHED, &role_ops_cgi); - - new_wsi->hdr_parsing_completed = 0; - new_wsi->position_in_fds_table = LWS_NO_FDS_POS; - - /* - * these can only be set once the protocol is known - * we set an unestablished connection's protocol pointer - * to the start of the defauly vhost supported list, so it can look - * for matching ones during the handshake - */ - new_wsi->protocol = context->vhost_list->protocols; - new_wsi->user_space = NULL; - new_wsi->desc.sockfd = LWS_SOCK_INVALID; - context->count_wsi_allocated++; - - return new_wsi; -} - -LWS_VISIBLE LWS_EXTERN int -lws_cgi(struct lws *wsi, const char * const *exec_array, - int script_uri_path_len, int timeout_secs, - const struct lws_protocol_vhost_options *mp_cgienv) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - char *env_array[30], cgi_path[500], e[1024], *p = e, - *end = p + sizeof(e) - 1, tok[256], *t, *sum, *sumend; - struct lws_cgi *cgi; - int n, m = 0, i, uritok = -1, c; - - /* - * give the master wsi a cgi struct - */ - - wsi->http.cgi = lws_zalloc(sizeof(*wsi->http.cgi), "new cgi"); - if (!wsi->http.cgi) { - lwsl_err("%s: OOM\n", __func__); - return -1; - } - - wsi->http.cgi->response_code = HTTP_STATUS_OK; - - cgi = wsi->http.cgi; - cgi->wsi = wsi; /* set cgi's owning wsi */ - sum = cgi->summary; - sumend = sum + strlen(cgi->summary) - 1; - - for (n = 0; n < 3; n++) { - cgi->pipe_fds[n][0] = -1; - cgi->pipe_fds[n][1] = -1; - } - - /* create pipes for [stdin|stdout] and [stderr] */ - - for (n = 0; n < 3; n++) - if (pipe(cgi->pipe_fds[n]) == -1) - goto bail1; - - /* create cgi wsis for each stdin/out/err fd */ - - for (n = 0; n < 3; n++) { - cgi->stdwsi[n] = lws_create_basic_wsi(wsi->context, wsi->tsi); - if (!cgi->stdwsi[n]) { - lwsl_err("%s: unable to create cgi stdwsi\n", __func__); - goto bail2; - } - cgi->stdwsi[n]->cgi_channel = n; - lws_vhost_bind_wsi(wsi->vhost, cgi->stdwsi[n]); - - lwsl_debug("%s: cgi stdwsi %p: pipe idx %d -> fd %d / %d\n", __func__, - cgi->stdwsi[n], n, cgi->pipe_fds[n][!!(n == 0)], - cgi->pipe_fds[n][!(n == 0)]); - - /* read side is 0, stdin we want the write side, others read */ - cgi->stdwsi[n]->desc.sockfd = cgi->pipe_fds[n][!!(n == 0)]; - if (fcntl(cgi->pipe_fds[n][!!(n == 0)], F_SETFL, - O_NONBLOCK) < 0) { - lwsl_err("%s: setting NONBLOCK failed\n", __func__); - goto bail2; - } - } - - for (n = 0; n < 3; n++) { - if (wsi->context->event_loop_ops->accept) - if (wsi->context->event_loop_ops->accept(cgi->stdwsi[n])) - goto bail3; - - if (__insert_wsi_socket_into_fds(wsi->context, cgi->stdwsi[n])) - goto bail3; - cgi->stdwsi[n]->parent = wsi; - cgi->stdwsi[n]->sibling_list = wsi->child_list; - wsi->child_list = cgi->stdwsi[n]; - } - - if (lws_change_pollfd(cgi->stdwsi[LWS_STDIN], LWS_POLLIN, LWS_POLLOUT)) - goto bail3; - if (lws_change_pollfd(cgi->stdwsi[LWS_STDOUT], LWS_POLLOUT, LWS_POLLIN)) - goto bail3; - if (lws_change_pollfd(cgi->stdwsi[LWS_STDERR], LWS_POLLOUT, LWS_POLLIN)) - goto bail3; - - lwsl_debug("%s: fds in %d, out %d, err %d\n", __func__, - cgi->stdwsi[LWS_STDIN]->desc.sockfd, - cgi->stdwsi[LWS_STDOUT]->desc.sockfd, - cgi->stdwsi[LWS_STDERR]->desc.sockfd); - - if (timeout_secs) - lws_set_timeout(wsi, PENDING_TIMEOUT_CGI, timeout_secs); - - /* the cgi stdout is always sending us http1.x header data first */ - wsi->hdr_state = LCHS_HEADER; - - /* add us to the pt list of active cgis */ - lwsl_debug("%s: adding cgi %p to list\n", __func__, wsi->http.cgi); - cgi->cgi_list = pt->http.cgi_list; - pt->http.cgi_list = cgi; - - sum += lws_snprintf(sum, sumend - sum, "%s ", exec_array[0]); - - if (0) { - char *pct = lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_ENCODING); - - if (pct && !strcmp(pct, "gzip")) - wsi->http.cgi->gzip_inflate = 1; - } - - /* prepare his CGI env */ - - n = 0; - - if (lws_is_ssl(wsi)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTPS=ON"); - p++; - } - - if (wsi->http.ah) { - static const unsigned char meths[] = { - WSI_TOKEN_GET_URI, - WSI_TOKEN_POST_URI, - WSI_TOKEN_OPTIONS_URI, - WSI_TOKEN_PUT_URI, - WSI_TOKEN_PATCH_URI, - WSI_TOKEN_DELETE_URI, - WSI_TOKEN_CONNECT, - WSI_TOKEN_HEAD_URI, - #ifdef LWS_WITH_HTTP2 - WSI_TOKEN_HTTP_COLON_PATH, - #endif - }; - static const char * const meth_names[] = { - "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", - "CONNECT", "HEAD", ":path" - }; - - if (script_uri_path_len >= 0) - for (m = 0; m < (int)LWS_ARRAY_SIZE(meths); m++) - if (lws_hdr_total_length(wsi, meths[m]) >= - script_uri_path_len) { - uritok = meths[m]; - break; - } - - if (script_uri_path_len < 0 && uritok < 0) - goto bail3; -// if (script_uri_path_len < 0) -// uritok = 0; - - if (m >= 0) { - env_array[n++] = p; - if (m < 8) { - p += lws_snprintf(p, end - p, - "REQUEST_METHOD=%s", - meth_names[m]); - sum += lws_snprintf(sum, sumend - sum, "%s ", - meth_names[m]); - } else { - p += lws_snprintf(p, end - p, - "REQUEST_METHOD=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD)); - sum += lws_snprintf(sum, sumend - sum, "%s ", - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_COLON_METHOD)); - } - p++; - } - - if (uritok >= 0) - sum += lws_snprintf(sum, sumend - sum, "%s ", - lws_hdr_simple_ptr(wsi, uritok)); - - env_array[n++] = p; - p += lws_snprintf(p, end - p, "QUERY_STRING="); - /* dump the individual URI Arg parameters */ - m = 0; - while (script_uri_path_len >= 0) { - i = lws_hdr_copy_fragment(wsi, tok, sizeof(tok), - WSI_TOKEN_HTTP_URI_ARGS, m); - if (i < 0) - break; - t = tok; - while (*t && *t != '=' && p < end - 4) - *p++ = *t++; - if (*t == '=') - *p++ = *t++; - i = urlencode(t, i- (t - tok), p, end - p); - if (i > 0) { - p += i; - *p++ = '&'; - } - m++; - } - if (m) - p--; - *p++ = '\0'; - - if (uritok >= 0) { - strcpy(cgi_path, "REQUEST_URI="); - c = lws_hdr_copy(wsi, cgi_path + 12, - sizeof(cgi_path) - 12, uritok); - if (c < 0) - goto bail3; - - cgi_path[sizeof(cgi_path) - 1] = '\0'; - env_array[n++] = cgi_path; - } - - sum += lws_snprintf(sum, sumend - sum, "%s", env_array[n - 1]); - - if (script_uri_path_len >= 0) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "PATH_INFO=%s", - cgi_path + 12 + script_uri_path_len); - p++; - } - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_REFERER)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_REFERER=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_REFERER)); - p++; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_HOST=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)); - p++; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COOKIE)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_COOKIE="); - m = lws_hdr_copy(wsi, p, end - p, WSI_TOKEN_HTTP_COOKIE); - if (m > 0) - p += lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COOKIE); - *p++ = '\0'; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_USER_AGENT)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_USER_AGENT=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_USER_AGENT)); - p++; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_ENCODING)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_CONTENT_ENCODING=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_ENCODING)); - p++; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_ACCEPT)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_ACCEPT=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_ACCEPT)); - p++; - } - if (script_uri_path_len >= 0 && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "HTTP_ACCEPT_ENCODING=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING)); - p++; - } - if (script_uri_path_len >= 0 && - uritok == WSI_TOKEN_POST_URI) { - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "CONTENT_TYPE=%s", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)); - p++; - } - if (!wsi->http.cgi->gzip_inflate && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "CONTENT_LENGTH=%s", - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH)); - p++; - } - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) - wsi->http.cgi->post_in_expected = - atoll(lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH)); - } - - - env_array[n++] = p; - p += lws_snprintf(p, end - p, "PATH=/bin:/usr/bin:/usr/local/bin:/var/www/cgi-bin"); - p++; - - env_array[n++] = p; - p += lws_snprintf(p, end - p, "SCRIPT_PATH=%s", exec_array[0]); - p++; - - while (mp_cgienv) { - env_array[n++] = p; - p += lws_snprintf(p, end - p, "%s=%s", mp_cgienv->name, - mp_cgienv->value); - if (!strcmp(mp_cgienv->name, "GIT_PROJECT_ROOT")) { - wsi->http.cgi->implied_chunked = 1; - wsi->http.cgi->explicitly_chunked = 1; - } - lwsl_info(" Applying mount-specific cgi env '%s'\n", - env_array[n - 1]); - p++; - mp_cgienv = mp_cgienv->next; - } - - env_array[n++] = p; - p += lws_snprintf(p, end - p, "SERVER_SOFTWARE=libwebsockets"); - p++; - - env_array[n] = NULL; - -#if 0 - for (m = 0; m < n; m++) - lwsl_notice(" %s\n", env_array[m]); -#endif - - /* - * Actually having made the env, as a cgi we don't need the ah - * any more - */ - if (script_uri_path_len >= 0) - lws_header_table_detach(wsi, 0); - - /* we are ready with the redirection pipes... run the thing */ -#if !defined(LWS_HAVE_VFORK) || !defined(LWS_HAVE_EXECVPE) - cgi->pid = fork(); -#else - cgi->pid = vfork(); -#endif - if (cgi->pid < 0) { - lwsl_err("fork failed, errno %d", errno); - goto bail3; - } - -#if defined(__linux__) - prctl(PR_SET_PDEATHSIG, SIGTERM); -#endif - if (script_uri_path_len >= 0) - /* stops non-daemonized main processess getting SIGINT - * from TTY */ - setpgrp(); - - if (cgi->pid) { - /* we are the parent process */ - wsi->context->count_cgi_spawned++; - lwsl_info("%s: cgi %p spawned PID %d\n", __func__, - cgi, cgi->pid); - - /* - * close: stdin:r, stdout:w, stderr:w - * hide from other forks: stdin:w, stdout:r, stderr:r - */ - for (n = 0; n < 3; n++) { - lws_plat_apply_FD_CLOEXEC(cgi->pipe_fds[n][!!(n == 0)]); - close(cgi->pipe_fds[n][!(n == 0)]); - } - - /* inform cgi owner of the child PID */ - n = user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_CGI_PROCESS_ATTACH, - wsi->user_space, NULL, cgi->pid); - (void)n; - - return 0; - } - - /* somewhere we can at least read things and enter it */ - if (chdir("/tmp")) - lwsl_notice("%s: Failed to chdir\n", __func__); - - /* We are the forked process, redirect and kill inherited things. - * - * Because of vfork(), we cannot do anything that changes pages in - * the parent environment. Stuff that changes kernel state for the - * process is OK. Stuff that happens after the execvpe() is OK. - */ - - for (m = 0; m < 3; m++) { - if (dup2(cgi->pipe_fds[m][!(m == 0)], m) < 0) { - lwsl_err("%s: stdin dup2 failed\n", __func__); - goto bail3; - } - close(cgi->pipe_fds[m][0]); - close(cgi->pipe_fds[m][1]); - } - -#if !defined(LWS_HAVE_VFORK) || !defined(LWS_HAVE_EXECVPE) - for (m = 0; m < n; m++) { - p = strchr(env_array[m], '='); - *p++ = '\0'; - setenv(env_array[m], p, 1); - } - execvp(exec_array[0], (char * const *)&exec_array[0]); -#else - execvpe(exec_array[0], (char * const *)&exec_array[0], &env_array[0]); -#endif - - exit(1); - -bail3: - /* drop us from the pt cgi list */ - pt->http.cgi_list = cgi->cgi_list; - - while (--n >= 0) - __remove_wsi_socket_from_fds(wsi->http.cgi->stdwsi[n]); -bail2: - for (n = 0; n < 3; n++) - if (wsi->http.cgi->stdwsi[n]) - __lws_free_wsi(cgi->stdwsi[n]); - -bail1: - for (n = 0; n < 3; n++) { - if (cgi->pipe_fds[n][0] >= 0) - close(cgi->pipe_fds[n][0]); - if (cgi->pipe_fds[n][1] >= 0) - close(cgi->pipe_fds[n][1]); - } - - lws_free_set_NULL(wsi->http.cgi); - - lwsl_err("%s: failed\n", __func__); - - return -1; -} - -/* we have to parse out these headers in the CGI output */ - -static const char * const significant_hdr[SIGNIFICANT_HDR_COUNT] = { - "content-length: ", - "location: ", - "status: ", - "transfer-encoding: chunked", - "content-encoding: gzip", -}; - -enum header_recode { - HR_NAME, - HR_WHITESPACE, - HR_ARG, - HR_CRLF, -}; - -LWS_VISIBLE LWS_EXTERN int -lws_cgi_write_split_stdout_headers(struct lws *wsi) -{ - int n, m, cmd; - unsigned char buf[LWS_PRE + 4096], *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - 1 - LWS_PRE], *name, - *value = NULL; - char c, hrs; - - if (!wsi->http.cgi) - return -1; - - while (wsi->hdr_state != LHCS_PAYLOAD) { - /* - * We have to separate header / finalize and payload chunks, - * since they need to be handled separately - */ - switch (wsi->hdr_state) { - case LHCS_RESPONSE: - lwsl_debug("LHCS_RESPONSE: issuing response %d\n", - wsi->http.cgi->response_code); - if (lws_add_http_header_status(wsi, - wsi->http.cgi->response_code, - &p, end)) - return 1; - if (!wsi->http.cgi->explicitly_chunked && - !wsi->http.cgi->content_length && - lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - (unsigned char *)"chunked", 7, &p, end)) - return 1; - if (!(wsi->http2_substream)) - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_CONNECTION, - (unsigned char *)"close", 5, - &p, end)) - return 1; - n = lws_write(wsi, start, p - start, - LWS_WRITE_HTTP_HEADERS | LWS_WRITE_NO_FIN); - - /* - * so we have a bunch of http/1 style ascii headers - * starting from wsi->http.cgi->headers_buf through - * wsi->http.cgi->headers_pos. These are OK for http/1 - * connections, but they're no good for http/2 conns. - * - * Let's redo them at headers_pos forward using the - * correct coding for http/1 or http/2 - */ - if (!wsi->http2_substream) - goto post_hpack_recode; - - p = wsi->http.cgi->headers_start; - wsi->http.cgi->headers_start = - wsi->http.cgi->headers_pos; - wsi->http.cgi->headers_dumped = - wsi->http.cgi->headers_start; - hrs = HR_NAME; - name = buf; - - while (p < wsi->http.cgi->headers_start) { - switch (hrs) { - case HR_NAME: - /* - * in http/2 upper-case header names - * are illegal. So convert to lower- - * case. - */ - if (name - buf > 64) - return -1; - if (*p != ':') { - if (*p >= 'A' && *p <= 'Z') - *name++ = (*p++) + - ('a' - 'A'); - else - *name++ = *p++; - } else { - p++; - *name++ = '\0'; - value = name; - hrs = HR_WHITESPACE; - } - break; - case HR_WHITESPACE: - if (*p == ' ') { - p++; - break; - } - hrs = HR_ARG; - /* fallthru */ - case HR_ARG: - if (name > end - 64) - return -1; - - if (*p != '\x0a' && *p != '\x0d') { - *name++ = *p++; - break; - } - hrs = HR_CRLF; - /* fallthru */ - case HR_CRLF: - if ((*p != '\x0a' && *p != '\x0d') || - p + 1 == wsi->http.cgi->headers_start) { - *name = '\0'; - if ((strcmp((const char *)buf, - "transfer-encoding") - )) { - lwsl_debug("+ %s: %s\n", - buf, value); - if ( - lws_add_http_header_by_name(wsi, buf, - (unsigned char *)value, name - value, - (unsigned char **)&wsi->http.cgi->headers_pos, - (unsigned char *)wsi->http.cgi->headers_end)) - return 1; - hrs = HR_NAME; - name = buf; - break; - } - } - p++; - break; - } - } -post_hpack_recode: - /* finalize cached headers before dumping them */ - if (lws_finalize_http_header(wsi, - (unsigned char **)&wsi->http.cgi->headers_pos, - (unsigned char *)wsi->http.cgi->headers_end)) { - - lwsl_notice("finalize failed\n"); - return -1; - } - - wsi->hdr_state = LHCS_DUMP_HEADERS; - wsi->reason_bf |= LWS_CB_REASON_AUX_BF__CGI_HEADERS; - lws_callback_on_writable(wsi); - /* back to the loop for writeability again */ - return 0; - - case LHCS_DUMP_HEADERS: - - n = wsi->http.cgi->headers_pos - - wsi->http.cgi->headers_dumped; - if (n > 512) - n = 512; - - lwsl_debug("LHCS_DUMP_HEADERS: %d\n", n); - - cmd = LWS_WRITE_HTTP_HEADERS_CONTINUATION; - if (wsi->http.cgi->headers_dumped + n != - wsi->http.cgi->headers_pos) { - lwsl_notice("adding no fin flag\n"); - cmd |= LWS_WRITE_NO_FIN; - } - - m = lws_write(wsi, - (unsigned char *)wsi->http.cgi->headers_dumped, - n, cmd); - if (m < 0) { - lwsl_debug("%s: write says %d\n", __func__, m); - return -1; - } - wsi->http.cgi->headers_dumped += n; - if (wsi->http.cgi->headers_dumped == - wsi->http.cgi->headers_pos) { - wsi->hdr_state = LHCS_PAYLOAD; - lws_free_set_NULL(wsi->http.cgi->headers_buf); - lwsl_debug("freed cgi headers\n"); - } else { - wsi->reason_bf |= - LWS_CB_REASON_AUX_BF__CGI_HEADERS; - lws_callback_on_writable(wsi); - } - - /* writeability becomes uncertain now we wrote - * something, we must return to the event loop - */ - return 0; - } - - if (!wsi->http.cgi->headers_buf) { - /* if we don't already have a headers buf, cook one */ - n = 2048; - if (wsi->http2_substream) - n = 4096; - wsi->http.cgi->headers_buf = lws_malloc(n + LWS_PRE, - "cgi hdr buf"); - if (!wsi->http.cgi->headers_buf) { - lwsl_err("OOM\n"); - return -1; - } - - lwsl_debug("allocated cgi hdrs\n"); - wsi->http.cgi->headers_start = - wsi->http.cgi->headers_buf + LWS_PRE; - wsi->http.cgi->headers_pos = wsi->http.cgi->headers_start; - wsi->http.cgi->headers_dumped = wsi->http.cgi->headers_pos; - wsi->http.cgi->headers_end = - wsi->http.cgi->headers_buf + n - 1; - - for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) { - wsi->http.cgi->match[n] = 0; - wsi->http.cgi->lp = 0; - } - } - - n = lws_get_socket_fd(wsi->http.cgi->stdwsi[LWS_STDOUT]); - if (n < 0) - return -1; - n = read(n, &c, 1); - if (n < 0) { - if (errno != EAGAIN) { - lwsl_debug("%s: read says %d\n", __func__, n); - return -1; - } - else - n = 0; - - if (wsi->http.cgi->headers_pos >= - wsi->http.cgi->headers_end - 4) { - lwsl_notice("CGI hdrs > buf size\n"); - - return -1; - } - } - if (!n) - goto agin; - - lwsl_debug("-- 0x%02X %c %d %d\n", (unsigned char)c, c, - wsi->http.cgi->match[1], wsi->hdr_state); - if (!c) - return -1; - switch (wsi->hdr_state) { - case LCHS_HEADER: - hdr: - for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) { - /* - * significant headers with - * numeric decimal payloads - */ - if (!significant_hdr[n][wsi->http.cgi->match[n]] && - (c >= '0' && c <= '9') && - wsi->http.cgi->lp < (int)sizeof(wsi->http.cgi->l) - 1) { - wsi->http.cgi->l[wsi->http.cgi->lp++] = c; - wsi->http.cgi->l[wsi->http.cgi->lp] = '\0'; - switch (n) { - case SIGNIFICANT_HDR_CONTENT_LENGTH: - wsi->http.cgi->content_length = - atoll(wsi->http.cgi->l); - break; - case SIGNIFICANT_HDR_STATUS: - wsi->http.cgi->response_code = - atol(wsi->http.cgi->l); - lwsl_debug("Status set to %d\n", - wsi->http.cgi->response_code); - break; - default: - break; - } - } - /* hits up to the NUL are sticky until next hdr */ - if (significant_hdr[n][wsi->http.cgi->match[n]]) { - if (tolower(c) == - significant_hdr[n][wsi->http.cgi->match[n]]) - wsi->http.cgi->match[n]++; - else - wsi->http.cgi->match[n] = 0; - } - } - - /* some cgi only send us \x0a for EOL */ - if (c == '\x0a') { - wsi->hdr_state = LCHS_SINGLE_0A; - *wsi->http.cgi->headers_pos++ = '\x0d'; - } - *wsi->http.cgi->headers_pos++ = c; - if (c == '\x0d') - wsi->hdr_state = LCHS_LF1; - - if (wsi->hdr_state != LCHS_HEADER && - !significant_hdr[SIGNIFICANT_HDR_TRANSFER_ENCODING] - [wsi->http.cgi->match[ - SIGNIFICANT_HDR_TRANSFER_ENCODING]]) { - lwsl_info("cgi produced chunked\n"); - wsi->http.cgi->explicitly_chunked = 1; - } - - /* presence of Location: mandates 302 retcode */ - if (wsi->hdr_state != LCHS_HEADER && - !significant_hdr[SIGNIFICANT_HDR_LOCATION][ - wsi->http.cgi->match[SIGNIFICANT_HDR_LOCATION]]) { - lwsl_debug("CGI: Location hdr seen\n"); - wsi->http.cgi->response_code = 302; - } - break; - case LCHS_LF1: - *wsi->http.cgi->headers_pos++ = c; - if (c == '\x0a') { - wsi->hdr_state = LCHS_CR2; - break; - } - /* we got \r[^\n]... it's unreasonable */ - lwsl_debug("%s: funny CRLF 0x%02X\n", __func__, - (unsigned char)c); - return -1; - - case LCHS_CR2: - if (c == '\x0d') { - /* drop the \x0d */ - wsi->hdr_state = LCHS_LF2; - break; - } - wsi->hdr_state = LCHS_HEADER; - for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) - wsi->http.cgi->match[n] = 0; - wsi->http.cgi->lp = 0; - goto hdr; - - case LCHS_LF2: - case LCHS_SINGLE_0A: - m = wsi->hdr_state; - if (c == '\x0a') { - lwsl_debug("Content-Length: %lld\n", - (unsigned long long) - wsi->http.cgi->content_length); - wsi->hdr_state = LHCS_RESPONSE; - /* - * drop the \0xa ... finalize - * will add it if needed (HTTP/1) - */ - break; - } - if (m == LCHS_LF2) - /* we got \r\n\r[^\n]... unreasonable */ - return -1; - /* we got \x0anext header, it's reasonable */ - *wsi->http.cgi->headers_pos++ = c; - wsi->hdr_state = LCHS_HEADER; - for (n = 0; n < SIGNIFICANT_HDR_COUNT; n++) - wsi->http.cgi->match[n] = 0; - wsi->http.cgi->lp = 0; - break; - case LHCS_PAYLOAD: - break; - } - -agin: - /* ran out of input, ended the hdrs, or filled up the hdrs buf */ - if (!n || wsi->hdr_state == LHCS_PAYLOAD) - return 0; - } - - /* payload processing */ - - m = !wsi->http.cgi->implied_chunked && !wsi->http2_substream && - !wsi->http.cgi->explicitly_chunked && - !wsi->http.cgi->content_length; - n = lws_get_socket_fd(wsi->http.cgi->stdwsi[LWS_STDOUT]); - if (n < 0) - return -1; - if (m) { - uint8_t term[LWS_PRE + 6]; - - lwsl_info("%s: zero chunk\n", __func__); - - memcpy(term + LWS_PRE, (uint8_t *)"0\x0d\x0a\x0d\x0a", 5); - - if (lws_write(wsi, term + LWS_PRE, 5, - LWS_WRITE_HTTP_FINAL) != 5) - return -1; - - wsi->http.cgi->cgi_transaction_over = 1; - - return 0; - } - - n = read(n, start, sizeof(buf) - LWS_PRE); - - if (n < 0 && errno != EAGAIN) { - lwsl_debug("%s: stdout read says %d\n", __func__, n); - return -1; - } - if (n > 0) { -/* - if (!wsi->http2_substream && m) { - char chdr[LWS_HTTP_CHUNK_HDR_SIZE]; - m = lws_snprintf(chdr, LWS_HTTP_CHUNK_HDR_SIZE - 3, - "%X\x0d\x0a", n); - memmove(start + m, start, n); - memcpy(start, chdr, m); - memcpy(start + m + n, "\x0d\x0a", 2); - n += m + 2; - } - */ - -#if defined(LWS_WITH_HTTP2) - if (wsi->http2_substream) { - struct lws *nwsi = lws_get_network_wsi(wsi); - - __lws_set_timeout(wsi, - PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, 31); - - if (!nwsi->immortal_substream_count) - __lws_set_timeout(nwsi, - PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, 31); - } -#endif - - cmd = LWS_WRITE_HTTP; - if (wsi->http.cgi->content_length_seen + n == - wsi->http.cgi->content_length) - cmd = LWS_WRITE_HTTP_FINAL; - - m = lws_write(wsi, (unsigned char *)start, n, cmd); - //lwsl_notice("write %d\n", m); - if (m < 0) { - lwsl_debug("%s: stdout write says %d\n", __func__, m); - return -1; - } - wsi->http.cgi->content_length_seen += n; - } else { - if (wsi->cgi_stdout_zero_length) { - lwsl_debug("%s: stdout is POLLHUP'd\n", __func__); - if (wsi->http2_substream) - m = lws_write(wsi, (unsigned char *)start, 0, - LWS_WRITE_HTTP_FINAL); - else - return -1; - return 1; - } - wsi->cgi_stdout_zero_length = 1; - } - return 0; -} - -LWS_VISIBLE LWS_EXTERN int -lws_cgi_kill(struct lws *wsi) -{ - struct lws_cgi_args args; - int status, n; - - lwsl_debug("%s: %p\n", __func__, wsi); - - if (!wsi->http.cgi) - return 0; - - if (wsi->http.cgi->pid > 0) { - n = waitpid(wsi->http.cgi->pid, &status, WNOHANG); - if (n > 0) { - lwsl_debug("%s: PID %d reaped\n", __func__, - wsi->http.cgi->pid); - goto handled; - } - /* kill the process group */ - n = kill(-wsi->http.cgi->pid, SIGTERM); - lwsl_debug("%s: SIGTERM child PID %d says %d (errno %d)\n", - __func__, wsi->http.cgi->pid, n, errno); - if (n < 0) { - /* - * hum seen errno=3 when process is listed in ps, - * it seems we don't always retain process grouping - * - * Direct these fallback attempt to the exact child - */ - n = kill(wsi->http.cgi->pid, SIGTERM); - if (n < 0) { - n = kill(wsi->http.cgi->pid, SIGPIPE); - if (n < 0) { - n = kill(wsi->http.cgi->pid, SIGKILL); - if (n < 0) - lwsl_info("%s: SIGKILL PID %d " - "failed errno %d " - "(maybe zombie)\n", - __func__, - wsi->http.cgi->pid, errno); - } - } - } - /* He could be unkillable because he's a zombie */ - n = 1; - while (n > 0) { - n = waitpid(-wsi->http.cgi->pid, &status, WNOHANG); - if (n > 0) - lwsl_debug("%s: reaped PID %d\n", __func__, n); - if (n <= 0) { - n = waitpid(wsi->http.cgi->pid, &status, WNOHANG); - if (n > 0) - lwsl_debug("%s: reaped PID %d\n", - __func__, n); - } - } - } - -handled: - args.stdwsi = &wsi->http.cgi->stdwsi[0]; - - if (wsi->http.cgi->pid != -1) { - n = user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_CGI_TERMINATED, - wsi->user_space, (void *)&args, - wsi->http.cgi->pid); - wsi->http.cgi->pid = -1; - if (n && !wsi->http.cgi->being_closed) - lws_close_free_wsi(wsi, 0, "lws_cgi_kill"); - } - - return 0; -} - -LWS_EXTERN int -lws_cgi_kill_terminated(struct lws_context_per_thread *pt) -{ - struct lws_cgi **pcgi, *cgi = NULL; - int status, n = 1; - - while (n > 0) { - /* find finished guys but don't reap yet */ - n = waitpid(-1, &status, WNOHANG); - if (n <= 0) - continue; - lwsl_debug("%s: observed PID %d terminated\n", __func__, n); - - pcgi = &pt->http.cgi_list; - - /* check all the subprocesses on the cgi list */ - while (*pcgi) { - /* get the next one first as list may change */ - cgi = *pcgi; - pcgi = &(*pcgi)->cgi_list; - - if (cgi->pid <= 0) - continue; - - /* finish sending cached headers */ - if (cgi->headers_buf) - continue; - - /* wait for stdout to be drained */ - if (cgi->content_length > cgi->content_length_seen) - continue; - - if (cgi->content_length) { - lwsl_debug("%s: wsi %p: expected content " - "length seen: %lld\n", __func__, - cgi->wsi, - (unsigned long long)cgi->content_length_seen); - } - - /* reap it */ - waitpid(n, &status, WNOHANG); - /* - * he's already terminated so no need for kill() - * but we should do the terminated cgi callback - * and close him if he's not already closing - */ - if (n == cgi->pid) { - lwsl_debug("%s: found PID %d on cgi list\n", - __func__, n); - - if (!cgi->content_length) { - /* - * well, if he sends chunked... - * give him 2s after the - * cgi terminated to send buffered - */ - cgi->chunked_grace++; - continue; - } - - /* defeat kill() */ - cgi->pid = 0; - lws_cgi_kill(cgi->wsi); - - break; - } - cgi = NULL; - } - /* if not found on the cgi list, as he's one of ours, reap */ - if (!cgi) { - lwsl_debug("%s: reading PID %d although no cgi match\n", - __func__, n); - waitpid(n, &status, WNOHANG); - } - } - - pcgi = &pt->http.cgi_list; - - /* check all the subprocesses on the cgi list */ - while (*pcgi) { - /* get the next one first as list may change */ - cgi = *pcgi; - pcgi = &(*pcgi)->cgi_list; - - if (cgi->pid <= 0) - continue; - - /* we deferred killing him after reaping his PID */ - if (cgi->chunked_grace) { - cgi->chunked_grace++; - if (cgi->chunked_grace < 2) - continue; - goto finish_him; - } - - /* finish sending cached headers */ - if (cgi->headers_buf) - continue; - - /* wait for stdout to be drained */ - if (cgi->content_length > cgi->content_length_seen) - continue; - - if (cgi->content_length) - lwsl_debug("%s: wsi %p: expected " - "content len seen: %lld\n", __func__, - cgi->wsi, - (unsigned long long)cgi->content_length_seen); - - /* reap it */ - if (waitpid(cgi->pid, &status, WNOHANG) > 0) { - - if (!cgi->content_length) { - /* - * well, if he sends chunked... - * give him 2s after the - * cgi terminated to send buffered - */ - cgi->chunked_grace++; - continue; - } -finish_him: - lwsl_debug("%s: found PID %d on cgi list\n", - __func__, cgi->pid); - - /* defeat kill() */ - cgi->pid = 0; - lws_cgi_kill(cgi->wsi); - - break; - } - } - - return 0; -} - -LWS_VISIBLE LWS_EXTERN struct lws * -lws_cgi_get_stdwsi(struct lws *wsi, enum lws_enum_stdinouterr ch) -{ - if (!wsi->http.cgi) - return NULL; - - return wsi->http.cgi->stdwsi[ch]; -} - -void -lws_cgi_remove_and_kill(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws_cgi **pcgi = &pt->http.cgi_list; - - /* remove us from the cgi list */ - lwsl_debug("%s: remove cgi %p from list\n", __func__, wsi->http.cgi); - while (*pcgi) { - if (*pcgi == wsi->http.cgi) { - /* drop us from the pt cgi list */ - *pcgi = (*pcgi)->cgi_list; - break; - } - pcgi = &(*pcgi)->cgi_list; - } - if (wsi->http.cgi->headers_buf) { - lwsl_debug("close: freed cgi headers\n"); - lws_free_set_NULL(wsi->http.cgi->headers_buf); - } - /* we have a cgi going, we must kill it */ - wsi->http.cgi->being_closed = 1; - lws_cgi_kill(wsi); -} diff --git a/lib/roles/cgi/ops-cgi.c b/lib/roles/cgi/ops-cgi.c deleted file mode 100644 index 4880e21..0000000 --- a/lib/roles/cgi/ops-cgi.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_cgi(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_cgi_args args; - - assert(wsi->role_ops == &role_ops_cgi); - - if (wsi->cgi_channel >= LWS_STDOUT && - !(pollfd->revents & pollfd->events & LWS_POLLIN)) - return LWS_HPI_RET_HANDLED; - - if (wsi->cgi_channel == LWS_STDIN && - !(pollfd->revents & pollfd->events & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - - if (wsi->cgi_channel == LWS_STDIN && - lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_info("failed at set pollfd\n"); - return LWS_HPI_RET_WSI_ALREADY_DIED; - } - - args.ch = wsi->cgi_channel; - args.stdwsi = &wsi->parent->http.cgi->stdwsi[0]; - args.hdr_state = wsi->hdr_state; - - lwsl_debug("CGI LWS_STDOUT %p wsistate 0x%x\n", - wsi->parent, wsi->wsistate); - - if (user_callback_handle_rxflow(wsi->parent->protocol->callback, - wsi->parent, LWS_CALLBACK_CGI, - wsi->parent->user_space, - (void *)&args, 0)) - return 1; - - return LWS_HPI_RET_HANDLED; -} - -static int -rops_handle_POLLOUT_cgi(struct lws *wsi) -{ - return LWS_HP_RET_USER_SERVICE; -} - -static int -rops_periodic_checks_cgi(struct lws_context *context, int tsi, time_t now) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - - lws_cgi_kill_terminated(pt); - - return 0; -} - -static int -rops_destroy_role_cgi(struct lws *wsi) -{ -#if defined(LWS_WITH_ZLIB) - if (!wsi->http.cgi) - return 0; - if (!wsi->http.cgi->gzip_init) - return 0; - - inflateEnd(&wsi->http.cgi->inflate); - wsi->http.cgi->gzip_init = 0; -#endif - - return 0; -} - -struct lws_role_ops role_ops_cgi = { - /* role name */ "cgi", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ rops_periodic_checks_cgi, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_cgi, - /* handle_POLLOUT */ rops_handle_POLLOUT_cgi, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ rops_destroy_role_cgi, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { 0, 0 }, - /* rx_cb clnt, srv */ { 0, 0 }, - /* writeable cb clnt, srv */ { 0, 0 }, - /* close cb clnt, srv */ { 0, 0 }, - /* protocol_bind_cb c,s */ { 0, 0 }, - /* protocol_unbind_cb c,s */ { 0, 0 }, - /* file_handle */ 0, -}; diff --git a/lib/roles/cgi/private.h b/lib/roles/cgi/private.h deleted file mode 100644 index 53e5f72..0000000 --- a/lib/roles/cgi/private.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_WS - */ - -#if defined(LWS_WITH_ZLIB) -#if defined(LWS_WITH_MINIZ) -#include -#else -#include -#endif -#endif - -extern struct lws_role_ops role_ops_cgi; - -#define lwsi_role_cgi(wsi) (wsi->role_ops == &role_ops_cgi) - -#define LWS_HTTP_CHUNK_HDR_SIZE 16 - -enum { - SIGNIFICANT_HDR_CONTENT_LENGTH, /* numeric */ - SIGNIFICANT_HDR_LOCATION, - SIGNIFICANT_HDR_STATUS, /* numeric */ - SIGNIFICANT_HDR_TRANSFER_ENCODING, - SIGNIFICANT_HDR_CONTENT_ENCODING_GZIP, - - SIGNIFICANT_HDR_COUNT -}; - -struct lws; - -/* wsi who is master of the cgi points to an lws_cgi */ - -struct lws_cgi { - struct lws_cgi *cgi_list; - struct lws *stdwsi[3]; /* points to the associated stdin/out/err wsis */ - struct lws *wsi; /* owner */ - unsigned char *headers_buf; - unsigned char *headers_start; - unsigned char *headers_pos; - unsigned char *headers_dumped; - unsigned char *headers_end; - - char summary[128]; -#if defined(LWS_WITH_ZLIB) - z_stream inflate; - uint8_t inflate_buf[1024]; -#endif - - lws_filepos_t post_in_expected; - lws_filepos_t content_length; - lws_filepos_t content_length_seen; - - int pipe_fds[3][2]; - int match[SIGNIFICANT_HDR_COUNT]; - char l[12]; - int pid; - int response_code; - int lp; - - unsigned char being_closed:1; - unsigned char explicitly_chunked:1; - unsigned char cgi_transaction_over:1; - unsigned char implied_chunked:1; - unsigned char gzip_inflate:1; - unsigned char gzip_init:1; - - unsigned char chunked_grace; -}; diff --git a/lib/roles/dbus/README.md b/lib/roles/dbus/README.md deleted file mode 100644 index 7d479da..0000000 --- a/lib/roles/dbus/README.md +++ /dev/null @@ -1,83 +0,0 @@ -# DBUS Role Support - -## DBUS-related distro packages - -Fedora: dbus-devel -Debian / Ubuntu: libdbus-1-dev - -## Enabling for build at cmake - -Fedora example: -``` -$ cmake .. -DLWS_ROLE_DBUS=1 -DLWS_DBUS_INCLUDE2="/usr/lib64/dbus-1.0/include" -``` - -Ubuntu example: -``` -$ cmake .. -DLWS_ROLE_DBUS=1 -DLWS_DBUS_INCLUDE2="/usr/lib/x86_64-linux-gnu/dbus-1.0/include" -``` - -Dbus requires two include paths, which you can force by setting `LWS_DBUS_INCLUDE1` -and `LWS_DBUS_INCLUDE2`. Although INCLUDE1 is usually guessable, both can be -forced to allow cross-build. - -If these are not forced, then lws cmake will try to check some popular places, -for `LWS_DBUS_INCLUDE1`, on both Fedora and Debian / Ubuntu, this is -`/usr/include/dbus-1.0`... if the directory exists, it is used. - -For `LWS_DBUS_INCLUDE2`, it is the arch-specific dbus header which may be -packaged separately than the main dbus headers. On Fedora, this is in -`/usr/lib[64]/dbus-1.0/include`... if not given externally, lws cmake will -try `/usr/lib64/dbus-1.0/include`. On Debian / Ubuntu, the package installs -it in an arch-specific dir like `/usr/lib/x86_64-linux-gnu/dbus-1.0/include`, -you should force the path. - -The library path is usually \[lib\] "dbus-1", but this can also be forced if -you want to build cross or use a special build, via `LWS_DBUS_LIB`. - -## Building against local dbus build - -If you built your own local dbus and installed it in /usr/local, then -this is the incantation to direct lws to use the local version of dbus: - -``` -cmake .. -DLWS_ROLE_DBUS=1 -DLWS_DBUS_INCLUDE1="/usr/local/include/dbus-1.0" -DLWS_DBUS_INCLUDE2="/usr/local/lib/dbus-1.0/include" -DLWS_DBUS_LIB="/usr/local/lib/libdbus-1.so" -``` - -You'll also need to give the loader a helping hand to do what you want if -there's a perfectly good dbus lib already in `/usr/lib[64]` using `LD_PRELOAD` -like this - -``` -LD_PRELOAD=/usr/local/lib/libdbus-1.so.3.24.0 myapp -``` - -## Lws dbus api exports - -Because of the irregular situation with libdbus includes, if lws exports the -dbus helpers, which use dbus types, as usual from `#include ` -then if lws was compiled with dbus role support it forces all users to take -care about the dbus include path mess whether they use dbus themselves or not. - -For that reason, if you need access to the lws dbus apis, you must explicitly -include them by - -``` -#include -``` - -This includes `` and so requires the include paths set up. But -otherwise non-dbus users that don't include `libwebsockets/lws-dbus.h` don't -have to care about it. - -## DBUS and valgrind - -https://cgit.freedesktop.org/dbus/dbus/tree/README.valgrind - -1) One-time 6KiB "Still reachable" caused by abstract unix domain socket + libc -`getgrouplist()` via nss... bug since 2004(!) - -https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=273051 - - - diff --git a/lib/roles/dbus/dbus.c b/lib/roles/dbus/dbus.c deleted file mode 100644 index 0b82125..0000000 --- a/lib/roles/dbus/dbus.c +++ /dev/null @@ -1,530 +0,0 @@ -/* - * libwebsockets - dbus role - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * This role for wrapping dbus fds in a wsi + role is unusual in that the - * wsi it creates and binds to the role do not have control over the related fd - * lifecycle. In fact dbus doesn't inform us directly about the lifecycle of - * the fds it wants to be managed by the lws event loop. - * - * What it does tell us is when it wants to wait on POLLOUT and / or POLLIN, - * and since it should stop any watchers before close, we take the approach to - * create a lightweight "shadow" wsi for any fd from dbus that has a POLLIN or - * POLLOUT wait active. When the dbus fd asks to have no wait active, we - * destroy the wsi, since this is indistinguishable from dbus close path - * behaviour. If it actually stays alive and later asks to wait again, well no - * worries we create a new shadow wsi until it looks like it is closing again. - */ - -#include - -#include - -/* - * retreives existing or creates new shadow wsi for fd owned by dbus stuff. - * - * Requires vhost lock - */ - -static struct lws * -__lws_shadow_wsi(struct lws_dbus_ctx *ctx, DBusWatch *w, int fd, int create_ok) -{ - struct lws *wsi; - - if (fd < 0 || fd >= (int)ctx->vh->context->fd_limit_per_thread) { - lwsl_err("%s: fd %d vs fds_count %d\n", __func__, fd, - (int)ctx->vh->context->fd_limit_per_thread); - assert(0); - - return NULL; - } - - wsi = wsi_from_fd(ctx->vh->context, fd); - if (wsi) { - assert(wsi->opaque_parent_data == ctx); - - return wsi; - } - - if (!create_ok) - return NULL; - - wsi = lws_zalloc(sizeof(*wsi), "shadow wsi"); - if (wsi == NULL) { - lwsl_err("Out of mem\n"); - return NULL; - } - - lwsl_info("%s: creating shadow wsi\n", __func__); - - wsi->context = ctx->vh->context; - wsi->desc.sockfd = fd; - lws_role_transition(wsi, 0, LRS_ESTABLISHED, &role_ops_dbus); - wsi->protocol = ctx->vh->protocols; - wsi->tsi = ctx->tsi; - wsi->shadow = 1; - wsi->opaque_parent_data = ctx; - ctx->w[0] = w; - - lws_vhost_bind_wsi(ctx->vh, wsi); - if (__insert_wsi_socket_into_fds(ctx->vh->context, wsi)) { - lwsl_err("inserting wsi socket into fds failed\n"); - lws_vhost_unbind_wsi(wsi); - lws_free(wsi); - return NULL; - } - - ctx->vh->context->count_wsi_allocated++; - - return wsi; -} - -/* - * Requires vhost lock - */ - -static int -__lws_shadow_wsi_destroy(struct lws_dbus_ctx *ctx, struct lws *wsi) -{ - lwsl_info("%s: destroying shadow wsi\n", __func__); - - if (__remove_wsi_socket_from_fds(wsi)) { - lwsl_err("%s: unable to remove %d from fds\n", __func__, - wsi->desc.sockfd); - - return 1; - } - - ctx->vh->context->count_wsi_allocated--; - lws_vhost_unbind_wsi(wsi); - - lws_free(wsi); - - return 0; -} - - -static void -handle_dispatch_status(DBusConnection *c, DBusDispatchStatus s, void *data) -{ - lwsl_info("%s: new dbus dispatch status: %d\n", __func__, s); -} - -/* - * These are complicated by the fact libdbus can have two separate DBusWatch - * objects for the same fd, to control watching POLLIN and POLLOUT individually. - * - * However we will actually watch using poll(), where the unit is the fd, and - * it has a unified events field with just POLLIN / POLLOUT flags. - * - * So we have to be prepared for one or two watchers coming in any order. - */ - -static dbus_bool_t -lws_dbus_add_watch(DBusWatch *w, void *data) -{ - struct lws_dbus_ctx *ctx = (struct lws_dbus_ctx *)data; - struct lws_context_per_thread *pt = &ctx->vh->context->pt[ctx->tsi]; - unsigned int flags = 0, lws_flags = 0; - struct lws *wsi; - int n; - - lws_pt_lock(pt, __func__); - - wsi = __lws_shadow_wsi(ctx, w, dbus_watch_get_unix_fd(w), 1); - if (!wsi) { - lws_pt_unlock(pt); - lwsl_err("%s: unable to get wsi\n", __func__); - - return FALSE; - } - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (w == ctx->w[n]) - break; - - if (n == (int)LWS_ARRAY_SIZE(ctx->w)) - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (!ctx->w[n]) { - ctx->w[n] = w; - break; - } - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (ctx->w[n]) - flags |= dbus_watch_get_flags(ctx->w[n]); - - if (flags & DBUS_WATCH_READABLE) - lws_flags |= LWS_POLLIN; - if (flags & DBUS_WATCH_WRITABLE) - lws_flags |= LWS_POLLOUT; - - lwsl_info("%s: w %p, fd %d, data %p, flags %d\n", __func__, w, - dbus_watch_get_unix_fd(w), data, lws_flags); - - __lws_change_pollfd(wsi, 0, lws_flags); - - lws_pt_unlock(pt); - - return TRUE; -} - -static int -check_destroy_shadow_wsi(struct lws_dbus_ctx *ctx, struct lws *wsi) -{ - int n; - - if (!wsi) - return 0; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (ctx->w[n]) - return 0; - - __lws_shadow_wsi_destroy(ctx, wsi); - - if (!ctx->conn || !ctx->hup || ctx->timeouts) - return 0; - - if (dbus_connection_get_dispatch_status(ctx->conn) == - DBUS_DISPATCH_DATA_REMAINS) - return 0; - - if (ctx->cb_closing) - ctx->cb_closing(ctx); - - return 1; -} - -static void -lws_dbus_remove_watch(DBusWatch *w, void *data) -{ - struct lws_dbus_ctx *ctx = (struct lws_dbus_ctx *)data; - struct lws_context_per_thread *pt = &ctx->vh->context->pt[ctx->tsi]; - unsigned int flags = 0, lws_flags = 0; - struct lws *wsi; - int n; - - lws_pt_lock(pt, __func__); - - wsi = __lws_shadow_wsi(ctx, w, dbus_watch_get_unix_fd(w), 0); - if (!wsi) - goto bail; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (w == ctx->w[n]) { - ctx->w[n] = NULL; - break; - } - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (ctx->w[n]) - flags |= dbus_watch_get_flags(ctx->w[n]); - - if ((~flags) & DBUS_WATCH_READABLE) - lws_flags |= LWS_POLLIN; - if ((~flags) & DBUS_WATCH_WRITABLE) - lws_flags |= LWS_POLLOUT; - - lwsl_info("%s: w %p, fd %d, data %p, clearing lws flags %d\n", - __func__, w, dbus_watch_get_unix_fd(w), data, lws_flags); - - __lws_change_pollfd(wsi, lws_flags, 0); - -bail: - lws_pt_unlock(pt); -} - -static void -lws_dbus_toggle_watch(DBusWatch *w, void *data) -{ - if (dbus_watch_get_enabled(w)) - lws_dbus_add_watch(w, data); - else - lws_dbus_remove_watch(w, data); -} - - -static dbus_bool_t -lws_dbus_add_timeout(DBusTimeout *t, void *data) -{ - struct lws_dbus_ctx *ctx = (struct lws_dbus_ctx *)data; - struct lws_context_per_thread *pt = &ctx->vh->context->pt[ctx->tsi]; - int ms = dbus_timeout_get_interval(t); - struct lws_role_dbus_timer *dbt; - time_t ti = time(NULL); - - if (!dbus_timeout_get_enabled(t)) - return TRUE; - - if (ms < 1000) - ms = 1000; - - dbt = lws_malloc(sizeof(*dbt), "dbus timer"); - if (!dbt) - return FALSE; - - lwsl_info("%s: adding timeout %dms\n", __func__, - dbus_timeout_get_interval(t)); - - dbt->data = t; - dbt->fire = ti + (ms < 1000); - dbt->timer_list.prev = NULL; - dbt->timer_list.next = NULL; - dbt->timer_list.owner = NULL; - lws_dll2_add_head(&dbt->timer_list, &pt->dbus.timer_list_owner); - - ctx->timeouts++; - - return TRUE; -} - -static void -lws_dbus_remove_timeout(DBusTimeout *t, void *data) -{ - struct lws_dbus_ctx *ctx = (struct lws_dbus_ctx *)data; - struct lws_context_per_thread *pt = &ctx->vh->context->pt[ctx->tsi]; - - lwsl_info("%s: t %p, data %p\n", __func__, t, data); - - lws_start_foreach_dll_safe(struct lws_dll2 *, rdt, nx, - lws_dll2_get_head(&pt->dbus.timer_list_owner)) { - struct lws_role_dbus_timer *r = lws_container_of(rdt, - struct lws_role_dbus_timer, timer_list); - if (t == r->data) { - lws_dll2_remove(rdt); - lws_free(rdt); - ctx->timeouts--; - break; - } - } lws_end_foreach_dll_safe(rdt, nx); -} - -static void -lws_dbus_toggle_timeout(DBusTimeout *t, void *data) -{ - if (dbus_timeout_get_enabled(t)) - lws_dbus_add_timeout(t, data); - else - lws_dbus_remove_timeout(t, data); -} - -/* - * This sets up a connection along the same lines as - * dbus_connection_setup_with_g_main(), but for using the lws event loop. - */ - -int -lws_dbus_connection_setup(struct lws_dbus_ctx *ctx, DBusConnection *conn, - lws_dbus_closing_t cb_closing) -{ - int n; - - ctx->conn = conn; - ctx->cb_closing = cb_closing; - ctx->hup = 0; - ctx->timeouts = 0; - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - ctx->w[n] = NULL; - - if (!dbus_connection_set_watch_functions(conn, lws_dbus_add_watch, - lws_dbus_remove_watch, - lws_dbus_toggle_watch, - ctx, NULL)) { - lwsl_err("%s: dbus_connection_set_watch_functions fail\n", - __func__); - return 1; - } - - if (!dbus_connection_set_timeout_functions(conn, - lws_dbus_add_timeout, - lws_dbus_remove_timeout, - lws_dbus_toggle_timeout, - ctx, NULL)) { - lwsl_err("%s: dbus_connection_set_timeout_functions fail\n", - __func__); - return 1; - } - - dbus_connection_set_dispatch_status_function(conn, - handle_dispatch_status, - ctx, NULL); - - return 0; -} - -/* - * This wraps dbus_server_listen(), additionally taking care of the event loop - * -related setups. - */ - -DBusServer * -lws_dbus_server_listen(struct lws_dbus_ctx *ctx, const char *ads, DBusError *e, - DBusNewConnectionFunction new_conn) -{ - ctx->cb_closing = NULL; - ctx->hup = 0; - ctx->timeouts = 0; - - ctx->dbs = dbus_server_listen(ads, e); - if (!ctx->dbs) - return NULL; - - dbus_server_set_new_connection_function(ctx->dbs, new_conn, ctx, NULL); - - if (!dbus_server_set_watch_functions(ctx->dbs, lws_dbus_add_watch, - lws_dbus_remove_watch, - lws_dbus_toggle_watch, - ctx, NULL)) { - lwsl_err("%s: dbus_connection_set_watch_functions fail\n", - __func__); - goto bail; - } - - if (!dbus_server_set_timeout_functions(ctx->dbs, lws_dbus_add_timeout, - lws_dbus_remove_timeout, - lws_dbus_toggle_timeout, - ctx, NULL)) { - lwsl_err("%s: dbus_connection_set_timeout_functions fail\n", - __func__); - goto bail; - } - - return ctx->dbs; - -bail: - dbus_server_disconnect(ctx->dbs); - dbus_server_unref(ctx->dbs); - - return NULL; -} - - -/* - * There shouldn't be a race here with watcher removal and poll wait, because - * everything including the dbus activity is serialized in one event loop. - * - * If it removes the watcher and we remove the wsi and fd entry before this, - * actually we can no longer map the fd to this invalidated wsi pointer to call - * this. - */ - -static int -rops_handle_POLLIN_dbus(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_dbus_ctx *ctx = - (struct lws_dbus_ctx *)wsi->opaque_parent_data; - unsigned int flags = 0; - int n; - - if (pollfd->revents & LWS_POLLIN) - flags |= DBUS_WATCH_READABLE; - if (pollfd->revents & LWS_POLLOUT) - flags |= DBUS_WATCH_WRITABLE; - - if (pollfd->revents & (LWS_POLLHUP)) - ctx->hup = 1; - - /* - * POLLIN + POLLOUT gets us called here on the corresponding shadow - * wsi. wsi->opaque_parent_data is the watcher handle bound to the wsi - */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(ctx->w); n++) - if (ctx->w[n] && !dbus_watch_handle(ctx->w[n], flags)) - lwsl_err("%s: dbus_watch_handle failed\n", __func__); - - if (ctx->conn) { - lwsl_info("%s: conn: flags %d\n", __func__, flags); - - while (dbus_connection_get_dispatch_status(ctx->conn) == - DBUS_DISPATCH_DATA_REMAINS) - dbus_connection_dispatch(ctx->conn); - - handle_dispatch_status(NULL, DBUS_DISPATCH_DATA_REMAINS, NULL); - - check_destroy_shadow_wsi(ctx, wsi); - } else - if (ctx->dbs) - /* ??? */ - lwsl_debug("%s: dbs: %d\n", __func__, flags); - - return LWS_HPI_RET_HANDLED; -} - -static int -rops_periodic_checks_dbus(struct lws_context *context, int tsi, time_t now) -{ - struct lws_context_per_thread *pt = &context->pt[tsi]; - - /* - * locking shouldn't be needed here, because periodic_checks is called - * from the tsi-specific service thread context, and only the same - * service thread can modify stuff on the same pt. - */ - - lws_start_foreach_dll_safe(struct lws_dll2 *, rdt, nx, - lws_dll2_get_head(&pt->dbus.timer_list_owner)) { - struct lws_role_dbus_timer *r = lws_container_of(rdt, - struct lws_role_dbus_timer, timer_list); - - if (now > r->fire) { - lwsl_notice("%s: firing timer\n", __func__); - dbus_timeout_handle(r->data); - lws_dll2_remove(rdt); - lws_free(rdt); - } - } lws_end_foreach_dll_safe(rdt, nx); - - return 0; -} - -struct lws_role_ops role_ops_dbus = { - /* role name */ "dbus", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ rops_periodic_checks_dbus, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_dbus, - /* handle_POLLOUT */ NULL, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { 0, 0 }, - /* rx_cb clnt, srv */ { 0, 0 }, - /* writeable cb clnt, srv */ { 0, 0 }, - /* close cb clnt, srv */ { 0, 0 }, - /* protocol_bind_cb c,s */ { 0, 0 }, - /* protocol_unbind_cb c,s */ { 0, 0 }, - /* file_handle */ 0, -}; diff --git a/lib/roles/dbus/private.h b/lib/roles/dbus/private.h deleted file mode 100644 index 5d7a9ac..0000000 --- a/lib/roles/dbus/private.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_DBUS - */ - -#include - -extern struct lws_role_ops role_ops_dbus; - -#define lwsi_role_dbus(wsi) (wsi->role_ops == &role_ops_dbus) - -struct lws_role_dbus_timer { - struct lws_dll2 timer_list; - void *data; - time_t fire; -}; - -struct lws_pt_role_dbus { - struct lws_dll2_owner timer_list_owner; -}; - -struct _lws_dbus_mode_related { - DBusConnection *conn; -}; diff --git a/lib/roles/h1/ops-h1.c b/lib/roles/h1/ops-h1.c deleted file mode 100644 index 87228e8..0000000 --- a/lib/roles/h1/ops-h1.c +++ /dev/null @@ -1,1170 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -#ifndef min -#define min(a, b) ((a) < (b) ? (a) : (b)) -#endif - - -/* - * We have to take care about parsing because the headers may be split - * into multiple fragments. They may contain unknown headers with arbitrary - * argument lengths. So, we parse using a single-character at a time state - * machine that is completely independent of packet size. - * - * Returns <0 for error or length of chars consumed from buf (up to len) - */ - -int -lws_read_h1(struct lws *wsi, unsigned char *buf, lws_filepos_t len) -{ - unsigned char *last_char, *oldbuf = buf; - lws_filepos_t body_chunk_len; - size_t n; - - lwsl_debug("%s: h1 path: wsi state 0x%x\n", __func__, lwsi_state(wsi)); - - switch (lwsi_state(wsi)) { - - case LRS_ISSUING_FILE: - return 0; - - case LRS_ESTABLISHED: - - if (lwsi_role_ws(wsi)) - goto ws_mode; - - if (lwsi_role_client(wsi)) - break; - - wsi->hdr_parsing_completed = 0; - - /* fallthru */ - - case LRS_HEADERS: - if (!wsi->http.ah) { - lwsl_err("%s: LRS_HEADERS: NULL ah\n", __func__); - assert(0); - } - lwsl_parser("issuing %d bytes to parser\n", (int)len); -#if defined(LWS_ROLE_WS) && !defined(LWS_NO_CLIENT) - if (lws_ws_handshake_client(wsi, &buf, (size_t)len)) - goto bail; -#endif - last_char = buf; - if (lws_handshake_server(wsi, &buf, (size_t)len)) - /* Handshake indicates this session is done. */ - goto bail; - - /* we might have transitioned to RAW */ - if (wsi->role_ops == &role_ops_raw_skt || - wsi->role_ops == &role_ops_raw_file) - /* we gave the read buffer to RAW handler already */ - goto read_ok; - - /* - * It's possible that we've exhausted our data already, or - * rx flow control has stopped us dealing with this early, - * but lws_handshake_server doesn't update len for us. - * Figure out how much was read, so that we can proceed - * appropriately: - */ - len -= (buf - last_char); - - if (!wsi->hdr_parsing_completed) - /* More header content on the way */ - goto read_ok; - - switch (lwsi_state(wsi)) { - case LRS_ESTABLISHED: - case LRS_HEADERS: - goto read_ok; - case LRS_ISSUING_FILE: - goto read_ok; - case LRS_DISCARD_BODY: - case LRS_BODY: - wsi->http.rx_content_remain = - wsi->http.rx_content_length; - if (wsi->http.rx_content_remain) - goto http_postbody; - - /* there is no POST content */ - goto postbody_completion; - default: - break; - } - break; - - case LRS_DISCARD_BODY: - case LRS_BODY: -http_postbody: - lwsl_debug("%s: http post body: remain %d\n", __func__, - (int)wsi->http.rx_content_remain); - - if (!wsi->http.rx_content_remain) - goto postbody_completion; - - while (len && wsi->http.rx_content_remain) { - /* Copy as much as possible, up to the limit of: - * what we have in the read buffer (len) - * remaining portion of the POST body (content_remain) - */ - body_chunk_len = min(wsi->http.rx_content_remain, len); - wsi->http.rx_content_remain -= body_chunk_len; - // len -= body_chunk_len; -#ifdef LWS_WITH_CGI - if (wsi->http.cgi) { - struct lws_cgi_args args; - - args.ch = LWS_STDIN; - args.stdwsi = &wsi->http.cgi->stdwsi[0]; - args.data = buf; - args.len = body_chunk_len; - - /* returns how much used */ - n = user_callback_handle_rxflow( - wsi->protocol->callback, - wsi, LWS_CALLBACK_CGI_STDIN_DATA, - wsi->user_space, - (void *)&args, 0); - if ((int)n < 0) - goto bail; - } else { -#endif - if (lwsi_state(wsi) != LRS_DISCARD_BODY) { - n = wsi->protocol->callback(wsi, - LWS_CALLBACK_HTTP_BODY, wsi->user_space, - buf, (size_t)body_chunk_len); - if (n) - goto bail; - } - n = (size_t)body_chunk_len; -#ifdef LWS_WITH_CGI - } -#endif - buf += n; - - if (wsi->http.rx_content_remain) { - lws_set_timeout(wsi, - PENDING_TIMEOUT_HTTP_CONTENT, - wsi->context->timeout_secs); - break; - } - /* he sent all the content in time */ -postbody_completion: -#ifdef LWS_WITH_CGI - /* - * If we're running a cgi, we can't let him off the - * hook just because he sent his POST data - */ - if (wsi->http.cgi) - lws_set_timeout(wsi, PENDING_TIMEOUT_CGI, - wsi->context->timeout_secs); - else -#endif - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); -#ifdef LWS_WITH_CGI - if (!wsi->http.cgi) -#endif - { -#if !defined(LWS_NO_SERVER) - if (lwsi_state(wsi) == LRS_DISCARD_BODY) { - /* - * repeat the transaction completed - * that got us into this state, having - * consumed the pending body now - */ - - if (lws_http_transaction_completed(wsi)) - return -1; - break; - } -#endif - lwsl_info("HTTP_BODY_COMPLETION: %p (%s)\n", - wsi, wsi->protocol->name); - - n = wsi->protocol->callback(wsi, - LWS_CALLBACK_HTTP_BODY_COMPLETION, - wsi->user_space, NULL, 0); - if (n) - goto bail; - - if (wsi->http2_substream) - lwsi_set_state(wsi, LRS_ESTABLISHED); - } - - break; - } - break; - - case LRS_RETURNED_CLOSE: - case LRS_AWAITING_CLOSE_ACK: - case LRS_WAITING_TO_SEND_CLOSE: - case LRS_SHUTDOWN: - -ws_mode: -#if !defined(LWS_NO_CLIENT) && defined(LWS_ROLE_WS) - // lwsl_notice("%s: ws_mode\n", __func__); - if (lws_ws_handshake_client(wsi, &buf, (size_t)len)) - goto bail; -#endif -#if defined(LWS_ROLE_WS) - if (lwsi_role_ws(wsi) && lwsi_role_server(wsi) && - /* - * for h2 we are on the swsi - */ - lws_parse_ws(wsi, &buf, (size_t)len) < 0) { - lwsl_info("%s: lws_parse_ws bailed\n", __func__); - goto bail; - } -#endif - // lwsl_notice("%s: ws_mode: buf moved on by %d\n", __func__, - // lws_ptr_diff(buf, oldbuf)); - break; - - case LRS_DEFERRING_ACTION: - lwsl_notice("%s: LRS_DEFERRING_ACTION\n", __func__); - break; - - case LRS_SSL_ACK_PENDING: - break; - - case LRS_DEAD_SOCKET: - lwsl_err("%s: Unhandled state LRS_DEAD_SOCKET\n", __func__); - goto bail; - // assert(0); - /* fallthru */ - - default: - lwsl_err("%s: Unhandled state %d\n", __func__, lwsi_state(wsi)); - assert(0); - goto bail; - } - -read_ok: - /* Nothing more to do for now */ -// lwsl_info("%s: %p: read_ok, used %ld (len %d, state %d)\n", __func__, -// wsi, (long)(buf - oldbuf), (int)len, wsi->state); - - return lws_ptr_diff(buf, oldbuf); - -bail: - /* - * h2 / h2-ws calls us recursively in - * - * lws_read_h1()-> - * lws_h2_parser()-> - * lws_read_h1() - * - * pattern, having stripped the h2 framing in the middle. - * - * When taking down the whole connection, make sure that only the - * outer lws_read() does the wsi close. - */ - if (!wsi->outer_will_close) - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "lws_read_h1 bail"); - - return -1; -} -#if !defined(LWS_NO_SERVER) -static int -lws_h1_server_socket_service(struct lws *wsi, struct lws_pollfd *pollfd) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws_tokens ebuf; - int n, buffered; - - if (lwsi_state(wsi) == LRS_DEFERRING_ACTION) - goto try_pollout; - - /* any incoming data ready? */ - - if (!(pollfd->revents & pollfd->events & LWS_POLLIN)) - goto try_pollout; - - /* - * If we previously just did POLLIN when IN and OUT were signaled - * (because POLLIN processing may have used up the POLLOUT), don't let - * that happen twice in a row... next time we see the situation favour - * POLLOUT - */ - - if (wsi->favoured_pollin && - (pollfd->revents & pollfd->events & LWS_POLLOUT)) { - // lwsl_notice("favouring pollout\n"); - wsi->favoured_pollin = 0; - goto try_pollout; - } - - /* - * We haven't processed that the tunnel is set up yet, so - * defer reading - */ - - if (lwsi_state(wsi) == LRS_SSL_ACK_PENDING) - return LWS_HPI_RET_HANDLED; - - /* these states imply we MUST have an ah attached */ - - if ((lwsi_state(wsi) == LRS_ESTABLISHED || - lwsi_state(wsi) == LRS_ISSUING_FILE || - lwsi_state(wsi) == LRS_HEADERS || - lwsi_state(wsi) == LRS_DISCARD_BODY || - lwsi_state(wsi) == LRS_BODY)) { - - if (!wsi->http.ah && lws_header_table_attach(wsi, 0)) { - lwsl_info("%s: wsi %p: ah not available\n", __func__, - wsi); - goto try_pollout; - } - - /* - * We got here because there was specifically POLLIN... - * regardless of our buflist state, we need to get it, - * and either use it, or append to the buflist and use - * buflist head material. - * - * We will not notice a connection close until the buflist is - * exhausted and we tried to do a read of some kind. - */ - - buffered = lws_buflist_aware_read(pt, wsi, &ebuf); - switch (ebuf.len) { - case 0: - lwsl_info("%s: read 0 len a\n", __func__); - wsi->seen_zero_length_recv = 1; - if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) - goto fail; -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* - * autobahn requires us to win the race between close - * and draining the extensions - */ - if (wsi->ws && - (wsi->ws->rx_draining_ext || - wsi->ws->tx_draining_ext)) - goto try_pollout; -#endif - /* - * normally, we respond to close with logically closing - * our side immediately - */ - goto fail; - - case LWS_SSL_CAPABLE_ERROR: - goto fail; - case LWS_SSL_CAPABLE_MORE_SERVICE: - goto try_pollout; - } - - /* just ignore incoming if waiting for close */ - if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE) { - lwsl_notice("%s: just ignoring\n", __func__); - goto try_pollout; - } - - if (lwsi_state(wsi) == LRS_ISSUING_FILE) { - // lwsl_notice("stashing: wsi %p: bd %d\n", wsi, buffered); - if (lws_buflist_aware_consume(wsi, &ebuf, 0, buffered)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - goto try_pollout; - } - - /* - * Otherwise give it to whoever wants it according to the - * connection state - */ -#if defined(LWS_ROLE_H2) - if (lwsi_role_h2(wsi) && lwsi_state(wsi) != LRS_BODY) - n = lws_read_h2(wsi, ebuf.token, ebuf.len); - else -#endif - n = lws_read_h1(wsi, ebuf.token, ebuf.len); - if (n < 0) /* we closed wsi */ - return LWS_HPI_RET_WSI_ALREADY_DIED; - - lwsl_debug("%s: consumed %d\n", __func__, n); - - if (lws_buflist_aware_consume(wsi, &ebuf, n, buffered)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - /* - * during the parsing our role changed to something non-http, - * so the ah has no further meaning - */ - - if (wsi->http.ah && - !lwsi_role_h1(wsi) && - !lwsi_role_h2(wsi) && - !lwsi_role_cgi(wsi)) - lws_header_table_detach(wsi, 0); - - /* - * He may have used up the writability above, if we will defer - * POLLOUT processing in favour of POLLIN, note it - */ - - if (pollfd->revents & LWS_POLLOUT) - wsi->favoured_pollin = 1; - - return LWS_HPI_RET_HANDLED; - } - - /* - * He may have used up the writability above, if we will defer POLLOUT - * processing in favour of POLLIN, note it - */ - - if (pollfd->revents & LWS_POLLOUT) - wsi->favoured_pollin = 1; - -try_pollout: - - /* this handles POLLOUT for http serving fragments */ - - if (!(pollfd->revents & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - - /* one shot */ - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_notice("%s a\n", __func__); - goto fail; - } - - /* clear back-to-back write detection */ - wsi->could_have_pending = 0; - - if (lwsi_state(wsi) == LRS_DEFERRING_ACTION) { - lwsl_debug("%s: LRS_DEFERRING_ACTION now writable\n", __func__); - - lwsi_set_state(wsi, LRS_ESTABLISHED); - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_info("failed at set pollfd\n"); - goto fail; - } - } - - if (!wsi->hdr_parsing_completed) - return LWS_HPI_RET_HANDLED; - - if (lwsi_state(wsi) != LRS_ISSUING_FILE) { - - if (lws_has_buffered_out(wsi)) { - //lwsl_notice("%s: completing partial\n", __func__); - if (lws_issue_raw(wsi, NULL, 0) < 0) { - lwsl_info("%s signalling to close\n", __func__); - goto fail; - } - return LWS_HPI_RET_HANDLED; - } - - lws_stats_bump(pt, LWSSTATS_C_WRITEABLE_CB, 1); -#if defined(LWS_WITH_STATS) - if (wsi->active_writable_req_us) { - uint64_t ul = lws_now_usecs() - - wsi->active_writable_req_us; - - lws_stats_bump(pt, LWSSTATS_US_WRITABLE_DELAY_AVG, ul); - lws_stats_max(pt, - LWSSTATS_US_WORST_WRITABLE_DELAY, ul); - wsi->active_writable_req_us = 0; - } -#endif - - n = user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_HTTP_WRITEABLE, - wsi->user_space, NULL, 0); - if (n < 0) { - lwsl_info("writeable_fail\n"); - goto fail; - } - - return LWS_HPI_RET_HANDLED; - } - - /* >0 == completion, <0 == error - * - * We'll get a LWS_CALLBACK_HTTP_FILE_COMPLETION callback when - * it's done. That's the case even if we just completed the - * send, so wait for that. - */ - n = lws_serve_http_file_fragment(wsi); - if (n < 0) - goto fail; - - return LWS_HPI_RET_HANDLED; - - -fail: - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "server socket svc fail"); - - return LWS_HPI_RET_WSI_ALREADY_DIED; -} -#endif - -static int -rops_handle_POLLIN_h1(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - if (lwsi_state(wsi) == LRS_IDLING) { - uint8_t buf[1]; - int rlen; - - /* - * h1 staggered spins here in IDLING if we don't close it. - * It shows POLLIN but the tls connection returns ERROR if - * you try to read it. - */ - - // lwsl_notice("%s: %p: wsistate 0x%x %s, revents 0x%x\n", - // __func__, wsi, wsi->wsistate, wsi->role_ops->name, - // pollfd->revents); - - rlen = lws_ssl_capable_read(wsi, buf, sizeof(buf)); - if (rlen == LWS_SSL_CAPABLE_ERROR) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - -#ifdef LWS_WITH_CGI - if (wsi->http.cgi && (pollfd->revents & LWS_POLLOUT)) { - if (lws_handle_POLLOUT_event(wsi, pollfd)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - return LWS_HPI_RET_HANDLED; - } -#endif - -#if 0 - - /* - * !!! lws_serve_http_file_fragment() seems to duplicate most of - * lws_handle_POLLOUT_event() in its own loop... - */ - lwsl_debug("%s: %d %d\n", __func__, (pollfd->revents & LWS_POLLOUT), - lwsi_state_can_handle_POLLOUT(wsi)); - - if ((pollfd->revents & LWS_POLLOUT) && - lwsi_state_can_handle_POLLOUT(wsi) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - lwsi_set_state(wsi, LRS_FLUSHING_BEFORE_CLOSE); - /* the write failed... it's had it */ - wsi->socket_is_permanently_unusable = 1; - - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } -#endif - - - /* Priority 2: pre- compression transform */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more) { - enum lws_write_protocol wp = LWS_WRITE_HTTP; - - lwsl_info("%s: completing comp partial (buflist_comp %p, may %d)\n", - __func__, wsi->http.comp_ctx.buflist_comp, - wsi->http.comp_ctx.may_have_more - ); - - if (wsi->role_ops->write_role_protocol(wsi, NULL, 0, &wp) < 0) { - lwsl_info("%s signalling to close\n", __func__); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - lws_callback_on_writable(wsi); - - if (!wsi->http.comp_ctx.buflist_comp && - !wsi->http.comp_ctx.may_have_more && - wsi->http.deferred_transaction_completed) { - wsi->http.deferred_transaction_completed = 0; - if (lws_http_transaction_completed(wsi)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - return LWS_HPI_RET_HANDLED; - } -#endif - - if (lws_is_flowcontrolled(wsi)) - /* We cannot deal with any kind of new RX because we are - * RX-flowcontrolled. - */ - return LWS_HPI_RET_HANDLED; - -#if !defined(LWS_NO_SERVER) - if (!lwsi_role_client(wsi)) { - int n; - - lwsl_debug("%s: %p: wsistate 0x%x\n", __func__, wsi, - wsi->wsistate); - n = lws_h1_server_socket_service(wsi, pollfd); - if (n != LWS_HPI_RET_HANDLED) - return n; - if (lwsi_state(wsi) != LRS_SSL_INIT) - if (lws_server_socket_service_ssl(wsi, - LWS_SOCK_INVALID)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - return LWS_HPI_RET_HANDLED; - } -#endif - -#ifndef LWS_NO_CLIENT - if ((pollfd->revents & LWS_POLLIN) && - wsi->hdr_parsing_completed && !wsi->told_user_closed) { - - /* - * In SSL mode we get POLLIN notification about - * encrypted data in. - * - * But that is not necessarily related to decrypted - * data out becoming available; in may need to perform - * other in or out before that happens. - * - * simply mark ourselves as having readable data - * and turn off our POLLIN - */ - wsi->client_rx_avail = 1; - if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - //lwsl_notice("calling back %s\n", wsi->protocol->name); - - /* let user code know, he'll usually ask for writeable - * callback and drain / re-enable it there - */ - if (user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_RECEIVE_CLIENT_HTTP, - wsi->user_space, NULL, 0)) { - lwsl_info("RECEIVE_CLIENT_HTTP closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - return LWS_HPI_RET_HANDLED; - } -#endif - -// if (lwsi_state(wsi) == LRS_ESTABLISHED) -// return LWS_HPI_RET_HANDLED; - -#if !defined(LWS_NO_CLIENT) - if ((pollfd->revents & LWS_POLLOUT) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - lwsl_debug("POLLOUT event closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (lws_client_socket_service(wsi, pollfd, NULL)) - return LWS_HPI_RET_WSI_ALREADY_DIED; -#endif - - return LWS_HPI_RET_HANDLED; -} - -static int -rops_handle_POLLOUT_h1(struct lws *wsi) -{ - - if (lwsi_state(wsi) == LRS_ISSUE_HTTP_BODY) { -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->http.proxy_clientside) { - unsigned char *buf, prebuf[LWS_PRE + 1024]; - size_t len = lws_buflist_next_segment_len( - &wsi->parent->http.buflist_post_body, &buf); - int n; - - if (len > sizeof(prebuf) - LWS_PRE) - len = sizeof(prebuf) - LWS_PRE; - - if (len) { - - memcpy(prebuf + LWS_PRE, buf, len); - - lwsl_debug("%s: %p: proxying body %d %d %d %d %d\n", - __func__, wsi, (int)len, - (int)wsi->http.tx_content_length, - (int)wsi->http.tx_content_remain, - (int)wsi->http.rx_content_length, - (int)wsi->http.rx_content_remain - ); - - n = lws_write(wsi, prebuf + LWS_PRE, len, LWS_WRITE_HTTP); - if (n < 0) { - lwsl_err("%s: PROXY_BODY: write %d failed\n", - __func__, (int)len); - return LWS_HP_RET_BAIL_DIE; - } - - lws_buflist_use_segment(&wsi->parent->http.buflist_post_body, len); - } - - if (wsi->parent->http.buflist_post_body) - lws_callback_on_writable(wsi); - else { -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - /* prepare ourselves to do the parsing */ - wsi->http.ah->parser_state = WSI_TOKEN_NAME_PART; - wsi->http.ah->lextable_pos = 0; -#if defined(LWS_WITH_CUSTOM_HEADERS) - wsi->http.ah->unk_pos = 0; -#endif -#endif - lwsi_set_state(wsi, LRS_WAITING_SERVER_REPLY); - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE, - wsi->context->timeout_secs); - } - } -#endif - return LWS_HP_RET_USER_SERVICE; - } - - if (lwsi_role_client(wsi)) - return LWS_HP_RET_USER_SERVICE; - - return LWS_HP_RET_BAIL_OK; -} - -static int -rops_write_role_protocol_h1(struct lws *wsi, unsigned char *buf, size_t len, - enum lws_write_protocol *wp) -{ - size_t olen = len; - int n; - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.lcs && (((*wp) & 0x1f) == LWS_WRITE_HTTP_FINAL || - ((*wp) & 0x1f) == LWS_WRITE_HTTP)) { - unsigned char mtubuf[1400 + LWS_PRE + - LWS_HTTP_CHUNK_HDR_MAX_SIZE + - LWS_HTTP_CHUNK_TRL_MAX_SIZE], - *out = mtubuf + LWS_PRE + - LWS_HTTP_CHUNK_HDR_MAX_SIZE; - size_t o = sizeof(mtubuf) - LWS_PRE - - LWS_HTTP_CHUNK_HDR_MAX_SIZE - - LWS_HTTP_CHUNK_TRL_MAX_SIZE; - - n = lws_http_compression_transform(wsi, buf, len, wp, &out, &o); - if (n) - return n; - - lwsl_info("%s: %p: transformed %d bytes to %d " - "(wp 0x%x, more %d)\n", __func__, wsi, (int)len, - (int)o, (int)*wp, wsi->http.comp_ctx.may_have_more); - - if (!o) - return olen; - - if (wsi->http.comp_ctx.chunking) { - char c[LWS_HTTP_CHUNK_HDR_MAX_SIZE + 2]; - /* - * this only needs dealing with on http/1.1 to allow - * pipelining - */ - n = lws_snprintf(c, sizeof(c), "%X\x0d\x0a", (int)o); - lwsl_info("%s: chunk (%d) %s", __func__, (int)o, c); - out -= n; - o += n; - memcpy(out, c, n); - out[o++] = '\x0d'; - out[o++] = '\x0a'; - - if (((*wp) & 0x1f) == LWS_WRITE_HTTP_FINAL) { - lwsl_info("%s: final chunk\n", __func__); - out[o++] = '0'; - out[o++] = '\x0d'; - out[o++] = '\x0a'; - out[o++] = '\x0d'; - out[o++] = '\x0a'; - } - } - - buf = out; - len = o; - } -#endif - - n = lws_issue_raw(wsi, (unsigned char *)buf, len); - if (n < 0) - return n; - - /* hide there may have been compression */ - - return (int)olen; -} - -static int -rops_alpn_negotiated_h1(struct lws *wsi, const char *alpn) -{ - lwsl_debug("%s: client %d\n", __func__, lwsi_role_client(wsi)); -#if !defined(LWS_NO_CLIENT) - if (lwsi_role_client(wsi)) { - /* - * If alpn asserts it is http/1.1, server support for KA is - * mandatory. - * - * Knowing this lets us proceed with sending pipelined headers - * before we received the first response headers. - */ - wsi->keepalive_active = 1; - } -#endif - - return 0; -} - -static int -rops_destroy_role_h1(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct allocated_headers *ah; - - /* we may not have an ah, but may be on the waiting list... */ - lwsl_info("%s: ah det due to close\n", __func__); - __lws_header_table_detach(wsi, 0); - - ah = pt->http.ah_list; - - while (ah) { - if (ah->in_use && ah->wsi == wsi) { - lwsl_err("%s: ah leak: wsi %p\n", __func__, wsi); - ah->in_use = 0; - ah->wsi = NULL; - pt->http.ah_count_in_use--; - break; - } - ah = ah->next; - } - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - lws_http_compression_destroy(wsi); -#endif - -#ifdef LWS_ROLE_WS - lws_free_set_NULL(wsi->ws); -#endif - return 0; -} - -#if !defined(LWS_NO_SERVER) - -static int -rops_adoption_bind_h1(struct lws *wsi, int type, const char *vh_prot_name) -{ - if (!(type & LWS_ADOPT_HTTP)) - return 0; /* no match */ - - if (type & _LWS_ADOPT_FINISH && !lwsi_role_http(wsi)) - return 0; - - if (type & _LWS_ADOPT_FINISH) { - if (!lws_header_table_attach(wsi, 0)) - lwsl_debug("Attached ah immediately\n"); - else - lwsl_info("%s: waiting for ah\n", __func__); - - return 1; - } - - lws_role_transition(wsi, LWSIFR_SERVER, (type & LWS_ADOPT_ALLOW_SSL) ? - LRS_SSL_INIT : LRS_HEADERS, &role_ops_h1); - - /* - * We have to bind to h1 as a default even when we're actually going to - * replace it as an h2 bind later. So don't take this seriously if the - * default is disabled (ws upgrade caees properly about it) - */ - - if (!vh_prot_name && wsi->vhost->default_protocol_index < - wsi->vhost->count_protocols) - wsi->protocol = &wsi->vhost->protocols[ - wsi->vhost->default_protocol_index]; - else - wsi->protocol = &wsi->vhost->protocols[0]; - - /* the transport is accepted... give him time to negotiate */ - lws_set_timeout(wsi, PENDING_TIMEOUT_ESTABLISH_WITH_SERVER, - wsi->context->timeout_secs); - - return 1; /* bound */ -} - -#endif - -#if !defined(LWS_NO_CLIENT) - -static const char * const http_methods[] = { - "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", "CONNECT" -}; - -static int -rops_client_bind_h1(struct lws *wsi, const struct lws_client_connect_info *i) -{ - int n; - - if (!i) { - /* we are finalizing an already-selected role */ - - /* - * If we stay in http, assuming there wasn't already-set - * external user_space, since we know our initial protocol - * we can assign the user space now, otherwise do it after the - * ws subprotocol negotiated - */ - if (!wsi->user_space && wsi->stash->method) - if (lws_ensure_user_space(wsi)) - return 1; - - /* - * For ws, default to http/1.1 only. If i->alpn had been set - * though, defer to whatever he has set in there (eg, "h2"). - * - * The problem is he has to commit to h2 before he can find - * out if the server has the SETTINGS for ws-over-h2 enabled; - * if not then ws is not possible on that connection. So we - * only try h2 if he assertively said to use h2 alpn, otherwise - * ws implies alpn restriction to h1. - */ - if (!wsi->stash->method && !wsi->stash->alpn) { - wsi->stash->alpn = lws_strdup("http/1.1"); - if (!wsi->stash->alpn) - return 1; - } - - /* if we went on the ah waiting list, it's ok, we can wait. - * - * When we do get the ah, now or later, he will end up at - * lws_http_client_connect_via_info2(). - */ - if (lws_header_table_attach(wsi, 0) -#ifndef LWS_NO_CLIENT - < 0) - /* - * if we failed here, the connection is already closed - * and freed. - */ - return -1; -#else - ) - return 0; -#endif - - return 0; - } - - /* - * Clients that want to be h1, h2, or ws all start out as h1 - * (we don't yet know if the server supports h2 or ws) - */ - - if (!i->method) { /* websockets */ -#if defined(LWS_ROLE_WS) - if (lws_create_client_ws_object(i, wsi)) - goto fail_wsi; -#else - lwsl_err("%s: ws role not configured\n", __func__); - - goto fail_wsi; -#endif - goto bind_h1; - } - - /* if a recognized http method, bind to it */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(http_methods); n++) - if (!strcmp(i->method, http_methods[n])) - goto bind_h1; - - /* other roles may bind to it */ - - return 0; /* no match */ - -bind_h1: - /* assert the mode and union status (hdr) clearly */ - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_UNCONNECTED, &role_ops_h1); - - return 1; /* matched */ - -fail_wsi: - return -1; -} -#endif - -#if 0 -static int -rops_perform_user_POLLOUT_h1(struct lws *wsi) -{ - volatile struct lws *vwsi = (volatile struct lws *)wsi; - int n; - - /* priority 1: post compression-transform buffered output */ - - if (lws_has_buffered_out(wsi)) { - lwsl_debug("%s: completing partial\n", __func__); - if (lws_issue_raw(wsi, NULL, 0) < 0) { - lwsl_info("%s signalling to close\n", __func__); - return -1; - } - n = 0; - vwsi->leave_pollout_active = 1; - goto cleanup; - } - - /* priority 2: pre compression-transform buffered output */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more) { - enum lws_write_protocol wp = LWS_WRITE_HTTP; - - lwsl_info("%s: completing comp partial" - "(buflist_comp %p, may %d)\n", - __func__, wsi->http.comp_ctx.buflist_comp, - wsi->http.comp_ctx.may_have_more); - - if (rops_write_role_protocol_h1(wsi, NULL, 0, &wp) < 0) { - lwsl_info("%s signalling to close\n", __func__); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "comp write fail"); - } - n = 0; - vwsi->leave_pollout_active = 1; - goto cleanup; - } -#endif - - /* priority 3: if no buffered out and waiting for that... */ - - if (lwsi_state(wsi) == LRS_FLUSHING_BEFORE_CLOSE) { - wsi->socket_is_permanently_unusable = 1; - return -1; - } - - /* priority 4: user writeable callback */ - - vwsi = (volatile struct lws *)wsi; - vwsi->leave_pollout_active = 0; - - n = lws_callback_as_writeable(wsi); - -cleanup: - vwsi->handling_pollout = 0; - - if (vwsi->leave_pollout_active) - lws_change_pollfd(wsi, 0, LWS_POLLOUT); - - return n; -} -#endif - -static int -rops_close_kill_connection_h1(struct lws *wsi, enum lws_close_status reason) -{ -#if defined(LWS_WITH_HTTP_PROXY) - struct lws *wsi_eff = lws_client_wsi_effective(wsi); - - if (!wsi_eff->http.proxy_clientside) - return 0; - - wsi_eff->http.proxy_clientside = 0; - - if (user_callback_handle_rxflow(wsi_eff->protocol->callback, wsi_eff, - LWS_CALLBACK_COMPLETED_CLIENT_HTTP, - wsi_eff->user_space, NULL, 0)) - return 0; -#endif - return 0; -} - -int -rops_init_context_h1(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - /* - * We only want to do this once... we will do it if no h2 support - * otherwise let h2 ops do it. - */ -#if !defined(LWS_ROLE_H2) - int n; - - for (n = 0; n < context->count_threads; n++) { - struct lws_context_per_thread *pt = &context->pt[n]; - - pt->sul_ah_lifecheck.cb = lws_sul_http_ah_lifecheck; - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_ah_lifecheck, - 30 * LWS_US_PER_SEC); - } -#endif - - return 0; -} - -struct lws_role_ops role_ops_h1 = { - /* role name */ "h1", - /* alpn id */ "http/1.1", - /* check_upgrades */ NULL, - /* init_context */ rops_init_context_h1, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_h1, - /* handle_POLLOUT */ rops_handle_POLLOUT_h1, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ rops_write_role_protocol_h1, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ rops_alpn_negotiated_h1, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ rops_close_kill_connection_h1, - /* destroy_role */ rops_destroy_role_h1, -#if !defined(LWS_NO_SERVER) - /* adoption_bind */ rops_adoption_bind_h1, -#else - NULL, -#endif -#if !defined(LWS_NO_CLIENT) - /* client_bind */ rops_client_bind_h1, -#else - NULL, -#endif - /* adoption_cb clnt, srv */ { LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED, - LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED }, - /* rx_cb clnt, srv */ { LWS_CALLBACK_RECEIVE_CLIENT_HTTP, - 0 /* may be POST, etc */ }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_CLIENT_HTTP_WRITEABLE, - LWS_CALLBACK_HTTP_WRITEABLE }, - /* close cb clnt, srv */ { LWS_CALLBACK_CLOSED_CLIENT_HTTP, - LWS_CALLBACK_CLOSED_HTTP }, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL, - LWS_CALLBACK_HTTP_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL, - LWS_CALLBACK_HTTP_DROP_PROTOCOL }, - /* file_handle */ 0, -}; diff --git a/lib/roles/h1/private.h b/lib/roles/h1/private.h deleted file mode 100644 index 3f53954..0000000 --- a/lib/roles/h1/private.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_H1 - * - * Most of the h1 business is defined in the h1 / h2 common roles/http dir - */ - -extern struct lws_role_ops role_ops_h1; -#define lwsi_role_h1(wsi) (wsi->role_ops == &role_ops_h1) diff --git a/lib/roles/h2/hpack.c b/lib/roles/h2/hpack.c deleted file mode 100644 index f8b89c3..0000000 --- a/lib/roles/h2/hpack.c +++ /dev/null @@ -1,1416 +0,0 @@ -/* - * lib/hpack.c - * - * Copyright (C) 2014-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * Official static header table for HPACK - * +-------+-----------------------------+---------------+ - | 1 | :authority | | - | 2 | :method | GET | - | 3 | :method | POST | - | 4 | :path | / | - | 5 | :path | /index.html | - | 6 | :scheme | http | - | 7 | :scheme | https | - | 8 | :status | 200 | - | 9 | :status | 204 | - | 10 | :status | 206 | - | 11 | :status | 304 | - | 12 | :status | 400 | - | 13 | :status | 404 | - | 14 | :status | 500 | - | 15 | accept-charset | | - | 16 | accept-encoding | gzip, deflate | - | 17 | accept-language | | - | 18 | accept-ranges | | - | 19 | accept | | - | 20 | access-control-allow-origin | | - | 21 | age | | - | 22 | allow | | - | 23 | authorization | | - | 24 | cache-control | | - | 25 | content-disposition | | - | 26 | content-encoding | | - | 27 | content-language | | - | 28 | content-length | | - | 29 | content-location | | - | 30 | content-range | | - | 31 | content-type | | - | 32 | cookie | | - | 33 | date | | - | 34 | etag | | - | 35 | expect | | - | 36 | expires | | - | 37 | from | | - | 38 | host | | - | 39 | if-match | | - | 40 | if-modified-since | | - | 41 | if-none-match | | - | 42 | if-range | | - | 43 | if-unmodified-since | | - | 44 | last-modified | | - | 45 | link | | - | 46 | location | | - | 47 | max-forwards | | - | 48 | proxy-authenticate | | - | 49 | proxy-authorization | | - | 50 | range | | - | 51 | referer | | - | 52 | refresh | | - | 53 | retry-after | | - | 54 | server | | - | 55 | set-cookie | | - | 56 | strict-transport-security | | - | 57 | transfer-encoding | | - | 58 | user-agent | | - | 59 | vary | | - | 60 | via | | - | 61 | www-authenticate | | - +-------+-----------------------------+---------------+ -*/ - -static const uint8_t static_hdr_len[62] = { - 0, /* starts at 1 */ - 10, 7, 7, 5, 5, 7, 7, 7, 7, 7, - 7, 7, 7, 7, 14, 15, 15, 13, 6, 27, - 3, 5, 13, 13, 19, 16, 16, 14, 16, 13, - 12, 6, 4, 4, 6, 7, 4, 4, 8, 17, - 13, 8, 19, 13, 4, 8, 12, 18, 19, 5, - 7, 7, 11, 6, 10, 25, 17, 10, 4, 3, - 16 -}; - -static const unsigned char static_token[] = { - 0, - WSI_TOKEN_HTTP_COLON_AUTHORITY, - WSI_TOKEN_HTTP_COLON_METHOD, - WSI_TOKEN_HTTP_COLON_METHOD, - WSI_TOKEN_HTTP_COLON_PATH, - WSI_TOKEN_HTTP_COLON_PATH, - WSI_TOKEN_HTTP_COLON_SCHEME, - WSI_TOKEN_HTTP_COLON_SCHEME, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_COLON_STATUS, - WSI_TOKEN_HTTP_ACCEPT_CHARSET, - WSI_TOKEN_HTTP_ACCEPT_ENCODING, - WSI_TOKEN_HTTP_ACCEPT_LANGUAGE, - WSI_TOKEN_HTTP_ACCEPT_RANGES, - WSI_TOKEN_HTTP_ACCEPT, - WSI_TOKEN_HTTP_ACCESS_CONTROL_ALLOW_ORIGIN, - WSI_TOKEN_HTTP_AGE, - WSI_TOKEN_HTTP_ALLOW, - WSI_TOKEN_HTTP_AUTHORIZATION, - WSI_TOKEN_HTTP_CACHE_CONTROL, - WSI_TOKEN_HTTP_CONTENT_DISPOSITION, - WSI_TOKEN_HTTP_CONTENT_ENCODING, - WSI_TOKEN_HTTP_CONTENT_LANGUAGE, - WSI_TOKEN_HTTP_CONTENT_LENGTH, - WSI_TOKEN_HTTP_CONTENT_LOCATION, - WSI_TOKEN_HTTP_CONTENT_RANGE, - WSI_TOKEN_HTTP_CONTENT_TYPE, - WSI_TOKEN_HTTP_COOKIE, - WSI_TOKEN_HTTP_DATE, - WSI_TOKEN_HTTP_ETAG, - WSI_TOKEN_HTTP_EXPECT, - WSI_TOKEN_HTTP_EXPIRES, - WSI_TOKEN_HTTP_FROM, - WSI_TOKEN_HOST, - WSI_TOKEN_HTTP_IF_MATCH, - WSI_TOKEN_HTTP_IF_MODIFIED_SINCE, - WSI_TOKEN_HTTP_IF_NONE_MATCH, - WSI_TOKEN_HTTP_IF_RANGE, - WSI_TOKEN_HTTP_IF_UNMODIFIED_SINCE, - WSI_TOKEN_HTTP_LAST_MODIFIED, - WSI_TOKEN_HTTP_LINK, - WSI_TOKEN_HTTP_LOCATION, - WSI_TOKEN_HTTP_MAX_FORWARDS, - WSI_TOKEN_HTTP_PROXY_AUTHENTICATE, - WSI_TOKEN_HTTP_PROXY_AUTHORIZATION, - WSI_TOKEN_HTTP_RANGE, - WSI_TOKEN_HTTP_REFERER, - WSI_TOKEN_HTTP_REFRESH, - WSI_TOKEN_HTTP_RETRY_AFTER, - WSI_TOKEN_HTTP_SERVER, - WSI_TOKEN_HTTP_SET_COOKIE, - WSI_TOKEN_HTTP_STRICT_TRANSPORT_SECURITY, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - WSI_TOKEN_HTTP_USER_AGENT, - WSI_TOKEN_HTTP_VARY, - WSI_TOKEN_HTTP_VIA, - WSI_TOKEN_HTTP_WWW_AUTHENTICATE, -}; - -/* some of the entries imply values as well as header names */ - -static const char * const http2_canned[] = { - "", - "", - "GET", - "POST", - "/", - "/index.html", - "http", - "https", - "200", - "204", - "206", - "304", - "400", - "404", - "500", - "", - "gzip, deflate" -}; - -/* see minihuf.c */ - -#include "huftable.h" - -static int huftable_decode(int pos, char c) -{ - int q = pos + !!c; - - if (lextable_terms[q >> 3] & (1 << (q & 7))) /* terminal */ - return lextable[q] | 0x8000; - - return pos + (lextable[q] << 1); -} - -static int lws_frag_start(struct lws *wsi, int hdr_token_idx) -{ - struct allocated_headers *ah = wsi->http.ah; - - if (!ah) { - lwsl_notice("%s: no ah\n", __func__); - return 1; - } - - ah->hdr_token_idx = -1; - - lwsl_header("%s: token %d ah->pos = %d, ah->nfrag = %d\n", - __func__, hdr_token_idx, ah->pos, ah->nfrag); - - if (!hdr_token_idx) { - lwsl_err("%s: zero hdr_token_idx\n", __func__); - return 1; - } - - if (ah->nfrag >= LWS_ARRAY_SIZE(ah->frag_index)) { - lwsl_err("%s: frag index %d too big\n", __func__, ah->nfrag); - return 1; - } - - if ((hdr_token_idx == WSI_TOKEN_HTTP_COLON_AUTHORITY || - hdr_token_idx == WSI_TOKEN_HTTP_COLON_METHOD || - hdr_token_idx == WSI_TOKEN_HTTP_COLON_PATH || - hdr_token_idx == WSI_TOKEN_COLON_PROTOCOL || - hdr_token_idx == WSI_TOKEN_HTTP_COLON_SCHEME) && - ah->frag_index[hdr_token_idx]) { - if (!(ah->frags[ah->frag_index[hdr_token_idx]].flags & 1)) { - lws_h2_goaway(lws_get_network_wsi(wsi), - H2_ERR_PROTOCOL_ERROR, - "Duplicated pseudoheader"); - return 1; - } - } - - if (ah->nfrag == 0) - ah->nfrag = 1; - - ah->frags[ah->nfrag].offset = ah->pos; - ah->frags[ah->nfrag].len = 0; - ah->frags[ah->nfrag].nfrag = 0; - ah->frags[ah->nfrag].flags = 2; /* we had reason to set it */ - - ah->hdr_token_idx = hdr_token_idx; - - /* - * Okay, but we could be, eg, the second or subsequent cookie: header - */ - - if (ah->frag_index[hdr_token_idx]) { - int n; - - /* find the last fragment for this header... */ - n = ah->frag_index[hdr_token_idx]; - while (ah->frags[n].nfrag) - n = ah->frags[n].nfrag; - /* and point it to continue in our continuation fragment */ - ah->frags[n].nfrag = ah->nfrag; - - /* cookie continuations need a separator token of ';' */ - if (hdr_token_idx == WSI_TOKEN_HTTP_COOKIE) { - ah->data[ah->pos++] = ';'; - ah->frags[ah->nfrag].len++; - } - } else - ah->frag_index[hdr_token_idx] = ah->nfrag; - - return 0; -} - -static int lws_frag_append(struct lws *wsi, unsigned char c) -{ - struct allocated_headers *ah = wsi->http.ah; - - ah->data[ah->pos++] = c; - ah->frags[ah->nfrag].len++; - - return (int)ah->pos >= wsi->context->max_http_header_data; -} - -static int lws_frag_end(struct lws *wsi) -{ - lwsl_header("%s\n", __func__); - if (lws_frag_append(wsi, 0)) - return 1; - - /* don't account for the terminating NUL in the logical length */ - wsi->http.ah->frags[wsi->http.ah->nfrag].len--; - - wsi->http.ah->nfrag++; - return 0; -} - -int -lws_hdr_extant(struct lws *wsi, enum lws_token_indexes h) -{ - struct allocated_headers *ah = wsi->http.ah; - int n; - - if (!ah) - return 0; - - n = ah->frag_index[h]; - if (!n) - return 0; - - return !!(ah->frags[n].flags & 2); -} - -static void lws_dump_header(struct lws *wsi, int hdr) -{ - char s[200]; - const unsigned char *p; - int len; - - if (hdr == LWS_HPACK_IGNORE_ENTRY) { - lwsl_notice("hdr tok ignored\n"); - return; - } - - (void)p; - - len = lws_hdr_copy(wsi, s, sizeof(s) - 1, hdr); - if (len < 0) - strcpy(s, "(too big to show)"); - else - s[len] = '\0'; - p = lws_token_to_string(hdr); - lwsl_header(" hdr tok %d (%s) = '%s' (len %d)\n", hdr, - p ? (char *)p : (char *)"null", s, len); -} - -/* - * dynamic table - * - * [ 0 .... num_entries - 1] - * - * Starts filling at 0+ - * - * #62 is *most recently entered* - * - * Number of entries is not restricted, but aggregated size of the entry - * payloads is. Unfortunately the way HPACK does this is specific to an - * imagined implementation, and lws implementation is much more efficient - * (ignoring unknown headers and using the lws token index for the header - * name part). - */ - -/* - * returns 0 if dynamic entry (arg and len are filled) - * returns -1 if failure - * returns nonzero token index if actually static token - */ -static int -lws_token_from_index(struct lws *wsi, int index, const char **arg, int *len, - uint32_t *hdr_len) -{ - struct hpack_dynamic_table *dyn; - - if (index == LWS_HPACK_IGNORE_ENTRY) - return LWS_HPACK_IGNORE_ENTRY; - - /* dynamic table only belongs to network wsi */ - wsi = lws_get_network_wsi(wsi); - if (!wsi->h2.h2n) - return -1; - - dyn = &wsi->h2.h2n->hpack_dyn_table; - - if (index < 0) - return -1; - - if (index < (int)LWS_ARRAY_SIZE(static_token)) { - if (arg && index < (int)LWS_ARRAY_SIZE(http2_canned)) { - *arg = http2_canned[index]; - *len = (int)strlen(http2_canned[index]); - } - if (hdr_len) - *hdr_len = static_hdr_len[index]; - - return static_token[index]; - } - - if (!dyn) { - lwsl_notice("no dynamic table\n"); - return -1; - } - - if (index < (int)LWS_ARRAY_SIZE(static_token) || - index >= (int)LWS_ARRAY_SIZE(static_token) + dyn->used_entries) { - lwsl_info(" %s: adjusted index %d >= %d\n", __func__, index, - dyn->used_entries); - lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR, - "index out of range"); - return -1; - } - - index -= (int)LWS_ARRAY_SIZE(static_token); - index = (dyn->pos - 1 - index) % dyn->num_entries; - if (index < 0) - index += dyn->num_entries; - - lwsl_header("%s: dyn index %d, tok %d\n", __func__, index, - dyn->entries[index].lws_hdr_idx); - - if (arg && len) { - *arg = dyn->entries[index].value; - *len = dyn->entries[index].value_len; - } - - if (hdr_len) - *hdr_len = dyn->entries[index].hdr_len; - - return dyn->entries[index].lws_hdr_idx; -} - -static int -lws_h2_dynamic_table_dump(struct lws *wsi) -{ -#if 0 - struct lws *nwsi = lws_get_network_wsi(wsi); - struct hpack_dynamic_table *dyn; - int n, m; - const char *p; - - if (!nwsi->h2.h2n) - return 1; - dyn = &nwsi->h2.h2n->hpack_dyn_table; - - lwsl_header("Dump dyn table for nwsi %p (%d / %d members, pos = %d, " - "start index %d, virt used %d / %d)\n", nwsi, - dyn->used_entries, dyn->num_entries, dyn->pos, - (uint32_t)LWS_ARRAY_SIZE(static_token), - dyn->virtual_payload_usage, dyn->virtual_payload_max); - - for (n = 0; n < dyn->used_entries; n++) { - m = (dyn->pos - 1 - n) % dyn->num_entries; - if (m < 0) - m += dyn->num_entries; - if (dyn->entries[m].lws_hdr_idx != LWS_HPACK_IGNORE_ENTRY) - p = (const char *)lws_token_to_string( - dyn->entries[m].lws_hdr_idx); - else - p = "(ignored)"; - lwsl_header(" %3d: tok %s: (len %d) val '%s'\n", - (int)(n + LWS_ARRAY_SIZE(static_token)), p, - dyn->entries[m].hdr_len, dyn->entries[m].value ? - dyn->entries[m].value : "null"); - } -#endif - return 0; -} - -static void -lws_dynamic_free(struct hpack_dynamic_table *dyn, int idx) -{ - lwsl_header("freeing %d for reuse\n", idx); - dyn->virtual_payload_usage -= dyn->entries[idx].value_len + - dyn->entries[idx].hdr_len; - lws_free_set_NULL(dyn->entries[idx].value); - dyn->entries[idx].value = NULL; - dyn->entries[idx].value_len = 0; - dyn->entries[idx].hdr_len = 0; - dyn->entries[idx].lws_hdr_idx = LWS_HPACK_IGNORE_ENTRY; - dyn->used_entries--; -} - -/* - * There are two address spaces, 1) internal ringbuffer and 2) HPACK indexes. - * - * Internal ringbuffer: - * - * The internal ringbuffer wraps as we keep filling it, dyn->pos points to - * the next index to be written. - * - * HPACK indexes: - * - * The last-written entry becomes entry 0, the previously-last-written entry - * becomes entry 1 etc. - */ - -static int -lws_dynamic_token_insert(struct lws *wsi, int hdr_len, - int lws_hdr_index, char *arg, int len) -{ - struct hpack_dynamic_table *dyn; - int new_index; - - /* dynamic table only belongs to network wsi */ - wsi = lws_get_network_wsi(wsi); - if (!wsi->h2.h2n) - return 1; - dyn = &wsi->h2.h2n->hpack_dyn_table; - - if (!dyn->entries) { - lwsl_err("%s: unsized dyn table\n", __func__); - - return 1; - } - lws_h2_dynamic_table_dump(wsi); - - new_index = (dyn->pos) % dyn->num_entries; - if (dyn->num_entries && dyn->used_entries == dyn->num_entries) { - if (dyn->virtual_payload_usage < dyn->virtual_payload_max) - lwsl_err("Dropping header content before limit!\n"); - /* we have to drop the oldest to make space */ - lws_dynamic_free(dyn, new_index); - } - - /* - * evict guys to make room, allowing for some overage. We have to - * take care about getting a single huge header, and evicting - * everything - */ - - while (dyn->virtual_payload_usage && - dyn->used_entries && - dyn->virtual_payload_usage + hdr_len + len > - dyn->virtual_payload_max + 1024) { - int n = (dyn->pos - dyn->used_entries) % dyn->num_entries; - if (n < 0) - n += dyn->num_entries; - lws_dynamic_free(dyn, n); - } - - if (dyn->used_entries < dyn->num_entries) - dyn->used_entries++; - - dyn->entries[new_index].value_len = 0; - - if (lws_hdr_index != LWS_HPACK_IGNORE_ENTRY) { - if (dyn->entries[new_index].value) - lws_free_set_NULL(dyn->entries[new_index].value); - dyn->entries[new_index].value = - lws_malloc(len + 1, "hpack dyn"); - if (!dyn->entries[new_index].value) - return 1; - - memcpy(dyn->entries[new_index].value, arg, len); - dyn->entries[new_index].value[len] = '\0'; - dyn->entries[new_index].value_len = len; - } else - dyn->entries[new_index].value = NULL; - - dyn->entries[new_index].lws_hdr_idx = lws_hdr_index; - dyn->entries[new_index].hdr_len = hdr_len; - - dyn->virtual_payload_usage += hdr_len + len; - - lwsl_info("%s: index %ld: lws_hdr_index 0x%x, hdr len %d, '%s' len %d\n", - __func__, (long)LWS_ARRAY_SIZE(static_token), - lws_hdr_index, hdr_len, dyn->entries[new_index].value ? - dyn->entries[new_index].value : "null", len); - - dyn->pos = (dyn->pos + 1) % dyn->num_entries; - - lws_h2_dynamic_table_dump(wsi); - - return 0; -} - -int -lws_hpack_dynamic_size(struct lws *wsi, int size) -{ - struct hpack_dynamic_table *dyn; - struct hpack_dt_entry *dte; - struct lws *nwsi; - int min, n = 0, m; - - /* - * "size" here is coming from the http/2 SETTING - * SETTINGS_HEADER_TABLE_SIZE. This is a (virtual, in our case) - * linear buffer containing dynamic header names and values... when it - * is full, old entries are evicted. - * - * We encode the header as an lws_hdr_idx, which is all the rest of - * lws cares about; if there is no matching header we store an empty - * entry in the dyn table as a placeholder. - * - * So to make the two systems work together we keep an accounting of - * what we are using to decide when to evict... we must only evict - * things when the remote peer's accounting also makes him feel he - * should evict something. - */ - - nwsi = lws_get_network_wsi(wsi); - if (!nwsi->h2.h2n) - goto bail; - - dyn = &nwsi->h2.h2n->hpack_dyn_table; - lwsl_info("%s: from %d to %d, lim %d\n", __func__, - (int)dyn->num_entries, size, - nwsi->vhost->h2.set.s[H2SET_HEADER_TABLE_SIZE]); - - if (!size) { - size = dyn->num_entries * 8; - lws_hpack_destroy_dynamic_header(wsi); - } - - if (size > (int)nwsi->vhost->h2.set.s[H2SET_HEADER_TABLE_SIZE]) { - lwsl_info("rejecting hpack dyn size %u vs %u\n", size, - nwsi->vhost->h2.set.s[H2SET_HEADER_TABLE_SIZE]); - - // this seems necessary to work with some browsers - - if (nwsi->vhost->h2.set.s[H2SET_HEADER_TABLE_SIZE] == 65536 && - size == 65537) { /* h2spec */ - lws_h2_goaway(nwsi, H2_ERR_COMPRESSION_ERROR, - "Asked for header table bigger than we told"); - goto bail; - } - - size = nwsi->vhost->h2.set.s[H2SET_HEADER_TABLE_SIZE]; - } - - dyn->virtual_payload_max = size; - - size = size / 8; - min = size; - if (min > dyn->used_entries) - min = dyn->used_entries; - - if (size == dyn->num_entries) - return 0; - - if (dyn->num_entries < min) - min = dyn->num_entries; - - // lwsl_notice("dte requested size %d\n", size); - - dte = lws_zalloc(sizeof(*dte) * (size + 1), "dynamic table entries"); - if (!dte) - goto bail; - - while (dyn->virtual_payload_usage && dyn->used_entries && - dyn->virtual_payload_usage > dyn->virtual_payload_max) { - n = (dyn->pos - dyn->used_entries) % dyn->num_entries; - if (n < 0) - n += dyn->num_entries; - lws_dynamic_free(dyn, n); - } - - if (min > dyn->used_entries) - min = dyn->used_entries; - - if (dyn->entries) { - for (n = 0; n < min; n++) { - m = (dyn->pos - dyn->used_entries + n) % - dyn->num_entries; - if (m < 0) - m += dyn->num_entries; - dte[n] = dyn->entries[m]; - } - - lws_free(dyn->entries); - } - - dyn->entries = dte; - dyn->num_entries = size; - dyn->used_entries = min; - if (size) - dyn->pos = min % size; - else - dyn->pos = 0; - - lws_h2_dynamic_table_dump(wsi); - - return 0; - -bail: - lwsl_info("%s: failed to resize to %d\n", __func__, size); - - return 1; -} - -void -lws_hpack_destroy_dynamic_header(struct lws *wsi) -{ - struct hpack_dynamic_table *dyn; - int n; - - if (!wsi->h2.h2n) - return; - - dyn = &wsi->h2.h2n->hpack_dyn_table; - - if (!dyn->entries) - return; - - for (n = 0; n < dyn->num_entries; n++) - if (dyn->entries[n].value) - lws_free_set_NULL(dyn->entries[n].value); - - lws_free_set_NULL(dyn->entries); -} - -static int -lws_hpack_use_idx_hdr(struct lws *wsi, int idx, int known_token) -{ - const char *arg = NULL; - int len = 0; - const char *p = NULL; - int tok = lws_token_from_index(wsi, idx, &arg, &len, NULL); - - if (tok == LWS_HPACK_IGNORE_ENTRY) { - lwsl_header("%s: lws_token says ignore, returning\n", __func__); - return 0; - } - - if (tok == -1) { - lwsl_info("%s: idx %d mapped to tok %d\n", __func__, idx, tok); - return 1; - } - - if (arg) { - /* dynamic result */ - if (known_token > 0) - tok = known_token; - lwsl_header("%s: dyn: idx %d '%s' tok %d\n", __func__, idx, arg, - tok); - } else - lwsl_header("writing indexed hdr %d (tok %d '%s')\n", idx, tok, - lws_token_to_string(tok)); - - if (tok == LWS_HPACK_IGNORE_ENTRY) - return 0; - - if (arg) - p = arg; - - if (idx < (int)LWS_ARRAY_SIZE(http2_canned)) - p = http2_canned[idx]; - - if (lws_frag_start(wsi, tok)) - return 1; - - if (p) - while (*p && len--) - if (lws_frag_append(wsi, *p++)) - return 1; - - if (lws_frag_end(wsi)) - return 1; - - lws_dump_header(wsi, tok); - - return 0; -} - -static uint8_t lws_header_implies_psuedoheader_map[] = { - 0x07, 0x00, 0x00, 0x00, 0xf8, 0x00, 0x00, 0x00, 0x00 /* <-64 */, - 0x0e /* <- 72 */, 0x04 /* <- 80 */, 0, 0, 0, 0 -}; - -static int -lws_hpack_handle_pseudo_rules(struct lws *nwsi, struct lws *wsi, int m) -{ - if (m == LWS_HPACK_IGNORE_ENTRY || m == -1) - return 0; - - if (wsi->seen_nonpseudoheader && - (lws_header_implies_psuedoheader_map[m >> 3] & (1 << (m & 7)))) { - - lwsl_info("lws tok %d seems to be a pseudoheader\n", m); - - /* - * it's not legal to see a - * pseudoheader after normal - * headers - */ - lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, - "Pseudoheader after normal hdrs"); - return 1; - } - - if (!(lws_header_implies_psuedoheader_map[m >> 3] & (1 << (m & 7)))) - wsi->seen_nonpseudoheader = 1; - - return 0; -} - -int lws_hpack_interpret(struct lws *wsi, unsigned char c) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - struct lws_h2_netconn *h2n = nwsi->h2.h2n; - struct allocated_headers *ah = wsi->http.ah; - unsigned int prev; - unsigned char c1; - int n, m, plen; - - if (!h2n) - return -1; - - /* - * HPKT_INDEXED_HDR_7 1xxxxxxx: just "header field" - * HPKT_INDEXED_HDR_6_VALUE_INCR 01xxxxxx: NEW indexed hdr + val - * HPKT_LITERAL_HDR_VALUE_INCR 01000000: NEW literal hdr + val - * HPKT_INDEXED_HDR_4_VALUE 0000xxxx: indexed hdr + val - * HPKT_INDEXED_HDR_4_VALUE_NEVER 0001xxxx: NEVER NEW indexed hdr + val - * HPKT_LITERAL_HDR_VALUE 00000000: literal hdr + val - * HPKT_LITERAL_HDR_VALUE_NEVER 00010000: NEVER NEW literal hdr + val - */ - switch (h2n->hpack) { - - case HPKS_TYPE: - h2n->is_first_header_char = 1; - h2n->huff_pad = 0; - h2n->zero_huff_padding = 0; - h2n->last_action_dyntable_resize = 0; - h2n->ext_count = 0; - h2n->hpack_hdr_len = 0; - h2n->unknown_header = 0; - ah->parser_state = 255; - - if (c & 0x80) { /* 1.... indexed header field only */ - /* just a possibly-extended integer */ - h2n->hpack_type = HPKT_INDEXED_HDR_7; - lwsl_header("HPKT_INDEXED_HDR_7 hdr %d\n", c & 0x7f); - lws_h2_dynamic_table_dump(wsi); - - h2n->hdr_idx = c & 0x7f; - if ((c & 0x7f) == 0x7f) { - h2n->hpack_len = 0; - h2n->hpack_m = 0x7f; - h2n->hpack = HPKS_IDX_EXT; - break; - } - if (!h2n->hdr_idx) { - lws_h2_goaway(nwsi, H2_ERR_COMPRESSION_ERROR, - "hdr index 0 seen"); - return 1; - } - - m = lws_token_from_index(wsi, h2n->hdr_idx, - NULL, NULL, NULL); - if (lws_hpack_handle_pseudo_rules(nwsi, wsi, m)) - return 1; - - lwsl_header("HPKT_INDEXED_HDR_7: hdr %d\n", c & 0x7f); - if (lws_hpack_use_idx_hdr(wsi, c & 0x7f, -1)) { - lwsl_header("%s: idx hdr wr fail\n", __func__); - return 1; - } - /* stay at same state */ - break; - } - if (c & 0x40) { /* 01.... indexed or literal header incr idx */ - /* - * [possibly-ext hdr idx (6) | new literal hdr name] - * H + possibly-ext value length - * literal value - */ - h2n->hdr_idx = 0; - if (c == 0x40) { /* literal header */ - lwsl_header(" HPKT_LITERAL_HDR_VALUE_INCR\n"); - h2n->hpack_type = HPKT_LITERAL_HDR_VALUE_INCR; - h2n->value = 0; - h2n->hpack_len = 0; - h2n->hpack = HPKS_HLEN; - break; - } - /* indexed header */ - h2n->hpack_type = HPKT_INDEXED_HDR_6_VALUE_INCR; - lwsl_header(" HPKT_INDEXED_HDR_6_VALUE_INCR (hdr %d)\n", - c & 0x3f); - h2n->hdr_idx = c & 0x3f; - if ((c & 0x3f) == 0x3f) { - h2n->hpack_m = 0x3f; - h2n->hpack_len = 0; - h2n->hpack = HPKS_IDX_EXT; - break; - } - - h2n->value = 1; - h2n->hpack = HPKS_HLEN; - if (!h2n->hdr_idx) { - lws_h2_goaway(nwsi, H2_ERR_COMPRESSION_ERROR, - "hdr index 0 seen"); - return 1; - } - break; - } - switch(c & 0xf0) { - case 0x10: /* literal header never index */ - case 0: /* literal header without indexing */ - /* - * follows 0x40 except 4-bit hdr idx - * and don't add to index - */ - if (c == 0) { /* literal name */ - h2n->hpack_type = HPKT_LITERAL_HDR_VALUE; - lwsl_header(" HPKT_LITERAL_HDR_VALUE\n"); - h2n->hpack = HPKS_HLEN; - h2n->value = 0; - break; - } - if (c == 0x10) { /* literal name NEVER */ - h2n->hpack_type = HPKT_LITERAL_HDR_VALUE_NEVER; - lwsl_header(" HPKT_LITERAL_HDR_VALUE_NEVER\n"); - h2n->hpack = HPKS_HLEN; - h2n->value = 0; - break; - } - lwsl_header("indexed\n"); - /* indexed name */ - if (c & 0x10) { - h2n->hpack_type = HPKT_INDEXED_HDR_4_VALUE_NEVER; - lwsl_header("HPKT_LITERAL_HDR_4_VALUE_NEVER\n"); - } else { - h2n->hpack_type = HPKT_INDEXED_HDR_4_VALUE; - lwsl_header(" HPKT_INDEXED_HDR_4_VALUE\n"); - } - h2n->hdr_idx = 0; - if ((c & 0xf) == 0xf) { - h2n->hpack_len = c & 0xf; - h2n->hpack_m = 0xf; - h2n->hpack_len = 0; - h2n->hpack = HPKS_IDX_EXT; - break; - } - h2n->hdr_idx = c & 0xf; - h2n->value = 1; - h2n->hpack = HPKS_HLEN; - break; - - case 0x20: - case 0x30: /* header table size update */ - /* possibly-extended size value (5) */ - lwsl_header("HPKT_SIZE_5 %x\n", c &0x1f); - h2n->hpack_type = HPKT_SIZE_5; - h2n->hpack_len = c & 0x1f; - if (h2n->hpack_len == 0x1f) { - h2n->hpack_m = 0x1f; - h2n->hpack_len = 0; - h2n->hpack = HPKS_IDX_EXT; - break; - } - h2n->last_action_dyntable_resize = 1; - if (lws_hpack_dynamic_size(wsi, h2n->hpack_len)) - return 1; - break; - } - break; - - case HPKS_IDX_EXT: - h2n->hpack_len = h2n->hpack_len | - ((c & 0x7f) << h2n->ext_count); - h2n->ext_count += 7; - if (c & 0x80) /* extended int not complete yet */ - break; - - /* extended integer done */ - h2n->hpack_len += h2n->hpack_m; - lwsl_header("HPKS_IDX_EXT: hpack_len %d\n", h2n->hpack_len); - - switch (h2n->hpack_type) { - case HPKT_INDEXED_HDR_7: - if (lws_hpack_use_idx_hdr(wsi, h2n->hpack_len, - h2n->hdr_idx)) { - lwsl_notice("%s: hd7 use fail\n", __func__); - return 1; - } - h2n->hpack = HPKS_TYPE; - break; - - case HPKT_SIZE_5: - h2n->last_action_dyntable_resize = 1; - if (lws_hpack_dynamic_size(wsi, h2n->hpack_len)) - return 1; - h2n->hpack = HPKS_TYPE; - break; - - default: - h2n->hdr_idx = h2n->hpack_len; - if (!h2n->hdr_idx) { - lws_h2_goaway(nwsi, H2_ERR_COMPRESSION_ERROR, - "extended header index was 0"); - return 1; - } - h2n->value = 1; - h2n->hpack = HPKS_HLEN; - break; - } - break; - - case HPKS_HLEN: /* [ H | 7+ ] */ - h2n->huff = !!(c & 0x80); - h2n->hpack_pos = 0; - h2n->hpack_len = c & 0x7f; - - if (h2n->hpack_len == 0x7f) { - h2n->hpack_m = 0x7f; - h2n->hpack_len = 0; - h2n->ext_count = 0; - h2n->hpack = HPKS_HLEN_EXT; - break; - } -pre_data: - h2n->hpack = HPKS_DATA; - if (!h2n->value || !h2n->hdr_idx) { - ah->parser_state = WSI_TOKEN_NAME_PART; - ah->lextable_pos = 0; - h2n->unknown_header = 0; - break; - } - - if (h2n->hpack_type == HPKT_LITERAL_HDR_VALUE || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_INCR || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_NEVER) { - n = ah->parser_state; - if (n == 255) { - n = -1; - h2n->hdr_idx = -1; - } else - h2n->hdr_idx = 1; - } else { - n = lws_token_from_index(wsi, h2n->hdr_idx, NULL, - NULL, NULL); - lwsl_header(" lws_tok_from_idx(%d) says %d\n", - h2n->hdr_idx, n); - } - - if (n == LWS_HPACK_IGNORE_ENTRY || n == -1) - h2n->hdr_idx = LWS_HPACK_IGNORE_ENTRY; - - switch (h2n->hpack_type) { - /* - * hpack types with literal headers were parsed by the lws - * header SM... on recognition of a known lws header, it does - * the correct lws_frag_start() for us already. Other types - * (ie, indexed header) need us to do it here. - */ - case HPKT_LITERAL_HDR_VALUE_INCR: - case HPKT_LITERAL_HDR_VALUE: - case HPKT_LITERAL_HDR_VALUE_NEVER: - break; - default: - if (n != -1 && n != LWS_HPACK_IGNORE_ENTRY && - lws_frag_start(wsi, n)) { - lwsl_header("%s: frag start failed\n", - __func__); - return 1; - } - break; - } - break; - - case HPKS_HLEN_EXT: - h2n->hpack_len = h2n->hpack_len | - ((c & 0x7f) << h2n->ext_count); - h2n->ext_count += 7; - if (c & 0x80) /* extended integer not complete yet */ - break; - - h2n->hpack_len += h2n->hpack_m; - goto pre_data; - - case HPKS_DATA: - //lwsl_header(" 0x%02X huff %d\n", c, h2n->huff); - c1 = c; - - for (n = 0; n < 8; n++) { - if (h2n->huff) { - char b = (c >> 7) & 1; - prev = h2n->hpack_pos; - h2n->hpack_pos = huftable_decode( - h2n->hpack_pos, b); - c <<= 1; - if (h2n->hpack_pos == 0xffff) { - lwsl_notice("Huffman err\n"); - return 1; - } - if (!(h2n->hpack_pos & 0x8000)) { - if (!b) - h2n->zero_huff_padding = 1; - h2n->huff_pad++; - continue; - } - c1 = h2n->hpack_pos & 0x7fff; - h2n->hpack_pos = 0; - h2n->huff_pad = 0; - h2n->zero_huff_padding = 0; - - /* EOS |11111111|11111111|11111111|111111 */ - if (!c1 && prev == HUFTABLE_0x100_PREV) { - lws_h2_goaway(nwsi, - H2_ERR_COMPRESSION_ERROR, - "Huffman EOT seen"); - return 1; - } - } else - n = 8; - - if (h2n->value) { /* value */ - - if (h2n->hdr_idx && - h2n->hdr_idx != LWS_HPACK_IGNORE_ENTRY) { - - if (ah->hdr_token_idx == - WSI_TOKEN_HTTP_COLON_PATH) { - - switch (lws_parse_urldecode( - wsi, &c1)) { - case LPUR_CONTINUE: - break; - case LPUR_SWALLOW: - goto swallow; - case LPUR_EXCESSIVE: - case LPUR_FORBID: - lws_h2_goaway(nwsi, - H2_ERR_PROTOCOL_ERROR, - "Evil URI"); - return 1; - - default: - return -1; - } - } - if (lws_frag_append(wsi, c1)) { - lwsl_notice( - "%s: frag app fail\n", - __func__); - return 1; - } - } //else - //lwsl_header("ignoring %c\n", c1); - } else { - /* - * Convert name using existing parser, - * If h2n->unknown_header == 0, result is - * in wsi->parser_state - * using WSI_TOKEN_GET_URI. - * - * If unknown header h2n->unknown_header - * will be set. - */ - h2n->hpack_hdr_len++; - if (h2n->is_first_header_char) { - h2n->is_first_header_char = 0; - h2n->first_hdr_char = c1; - } - lwsl_header("parser: %c\n", c1); - /* uppercase header names illegal */ - if (c1 >= 'A' && c1 <= 'Z') { - lws_h2_goaway(nwsi, - H2_ERR_COMPRESSION_ERROR, - "Uppercase literal hpack hdr"); - return 1; - } - plen = 1; - if (!h2n->unknown_header && - lws_parse(wsi, &c1, &plen)) - h2n->unknown_header = 1; - } -swallow: - (void)n; - } // for n - - if (--h2n->hpack_len) - break; - - /* - * The header (h2n->value = 0) or the payload (h2n->value = 1) - * is complete. - */ - - if (h2n->huff && (h2n->huff_pad > 7 || - (h2n->zero_huff_padding && h2n->huff_pad))) { - lwsl_info("zero_huff_padding: %d huff_pad: %d\n", - h2n->zero_huff_padding, h2n->huff_pad); - lws_h2_goaway(nwsi, H2_ERR_COMPRESSION_ERROR, - "Huffman padding excessive or wrong"); - return 1; - } - - if (!h2n->value && ( - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_INCR || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_NEVER)) { - h2n->hdr_idx = LWS_HPACK_IGNORE_ENTRY; - lwsl_header("wsi->parser_state: %d\n", - ah->parser_state); - - if (ah->parser_state == WSI_TOKEN_NAME_PART) { - /* h2 headers come without the colon */ - c1 = ':'; - plen = 1; - n = lws_parse(wsi, &c1, &plen); - (void)n; - } - - if (ah->parser_state == WSI_TOKEN_NAME_PART || -#if defined(LWS_WITH_CUSTOM_HEADERS) - ah->parser_state == WSI_TOKEN_UNKNOWN_VALUE_PART || -#endif - ah->parser_state == WSI_TOKEN_SKIPPING) { - h2n->unknown_header = 1; - ah->parser_state = -1; - wsi->seen_nonpseudoheader = 1; - } - } - - n = 8; - - /* we have the header */ - if (!h2n->value) { - h2n->value = 1; - h2n->hpack = HPKS_HLEN; - h2n->huff_pad = 0; - h2n->zero_huff_padding = 0; - h2n->ext_count = 0; - break; - } - - /* - * we have got both the header and value - */ - - m = -1; - switch (h2n->hpack_type) { - /* - * These are the only two that insert to the dyntable - */ - /* NEW indexed hdr with value */ - case HPKT_INDEXED_HDR_6_VALUE_INCR: - /* header length is determined by known index */ - m = lws_token_from_index(wsi, h2n->hdr_idx, NULL, NULL, - &h2n->hpack_hdr_len); - goto add_it; - /* NEW literal hdr with value */ - case HPKT_LITERAL_HDR_VALUE_INCR: - /* - * hdr is a new literal, so length is already in - * h2n->hpack_hdr_len - */ - m = ah->parser_state; - if (h2n->unknown_header || - ah->parser_state == WSI_TOKEN_NAME_PART || - ah->parser_state == WSI_TOKEN_SKIPPING) { - if (h2n->first_hdr_char == ':') { - lwsl_info("HPKT_LITERAL_HDR_VALUE_INCR:" - " end state %d unk hdr %d\n", - ah->parser_state, - h2n->unknown_header); - /* unknown pseudoheaders are illegal */ - lws_h2_goaway(nwsi, - H2_ERR_PROTOCOL_ERROR, - "Unknown pseudoheader"); - return 1; - } - m = LWS_HPACK_IGNORE_ENTRY; - } -add_it: - /* - * mark us as having been set at the time of dynamic - * token insertion. - */ - ah->frags[ah->nfrag].flags |= 1; - - if (lws_dynamic_token_insert(wsi, h2n->hpack_hdr_len, m, - &ah->data[ah->frags[ah->nfrag].offset], - ah->frags[ah->nfrag].len)) { - lwsl_notice("%s: tok_insert fail\n", __func__); - return 1; - } - break; - - default: - break; - } - - if (h2n->hdr_idx != LWS_HPACK_IGNORE_ENTRY && lws_frag_end(wsi)) - return 1; - - if (h2n->hpack_type != HPKT_INDEXED_HDR_6_VALUE_INCR) { - - if (h2n->hpack_type == HPKT_LITERAL_HDR_VALUE || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_INCR || - h2n->hpack_type == HPKT_LITERAL_HDR_VALUE_NEVER) { - m = ah->parser_state; - if (m == 255) - m = -1; - } else - m = lws_token_from_index(wsi, h2n->hdr_idx, - NULL, NULL, NULL); - } - - if (m != -1 && m != LWS_HPACK_IGNORE_ENTRY) - lws_dump_header(wsi, m); - - if (lws_hpack_handle_pseudo_rules(nwsi, wsi, m)) - return 1; - - h2n->is_first_header_char = 1; - h2n->hpack = HPKS_TYPE; - break; - } - - return 0; -} - - - -static int -lws_h2_num_start(int starting_bits, unsigned long num) -{ - unsigned int mask = (1 << starting_bits) - 1; - - if (num < mask) - return (int)num; - - return mask; -} - -static int -lws_h2_num(int starting_bits, unsigned long num, - unsigned char **p, unsigned char *end) -{ - unsigned int mask = (1 << starting_bits) - 1; - - if (num < mask) - return 0; - - num -= mask; - do { - if (num > 127) - *((*p)++) = 0x80 | (num & 0x7f); - else - *((*p)++) = 0x00 | (num & 0x7f); - if (*p >= end) - return 1; - num >>= 7; - } while (num); - - return 0; -} - -int lws_add_http2_header_by_name(struct lws *wsi, const unsigned char *name, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end) -{ - int len; - - lwsl_header("%s: %p %s:%s\n", __func__, *p, name, value); - - len = (int)strlen((char *)name); - if (len) - if (name[len - 1] == ':') - len--; - - if (wsi->http2_substream && !strncmp((const char *)name, - "transfer-encoding", len)) { - lwsl_header("rejecting %s\n", name); - - return 0; - } - - if (end - *p < len + length + 8) - return 1; - - *((*p)++) = 0; /* literal hdr, literal name, */ - - *((*p)++) = 0 | lws_h2_num_start(7, len); /* non-HUF */ - if (lws_h2_num(7, len, p, end)) - return 1; - - /* upper-case header names are verboten in h2, but OK on h1, so - * they're not illegal per se. Silently convert them for h2... */ - - while(len--) - *((*p)++) = tolower((int)*name++); - - *((*p)++) = 0 | lws_h2_num_start(7, length); /* non-HUF */ - if (lws_h2_num(7, length, p, end)) - return 1; - - memcpy(*p, value, length); - *p += length; - - return 0; -} - -int lws_add_http2_header_by_token(struct lws *wsi, enum lws_token_indexes token, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end) -{ - const unsigned char *name; - - name = lws_token_to_string(token); - if (!name) - return 1; - - return lws_add_http2_header_by_name(wsi, name, value, length, p, end); -} - -int lws_add_http2_header_status(struct lws *wsi, unsigned int code, - unsigned char **p, unsigned char *end) -{ - unsigned char status[10]; - int n; - - wsi->h2.send_END_STREAM = 0; // !!(code >= 400); - - n = sprintf((char *)status, "%u", code); - if (lws_add_http2_header_by_token(wsi, WSI_TOKEN_HTTP_COLON_STATUS, - status, n, p, end)) - - return 1; - - return 0; -} diff --git a/lib/roles/h2/http2.c b/lib/roles/h2/http2.c deleted file mode 100644 index 29cf079..0000000 --- a/lib/roles/h2/http2.c +++ /dev/null @@ -1,2399 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - - -#include "core/private.h" - -/* - * bitmap of control messages that are valid to receive for each http2 state - */ - -static const uint16_t http2_rx_validity[] = { - /* LWS_H2S_IDLE */ - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | -// (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE)| /* ignore */ - (1 << LWS_H2_FRAME_TYPE_HEADERS) | - (1 << LWS_H2_FRAME_TYPE_CONTINUATION), - /* LWS_H2S_RESERVED_LOCAL */ - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | - (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE), - /* LWS_H2S_RESERVED_REMOTE */ - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_HEADERS) | - (1 << LWS_H2_FRAME_TYPE_CONTINUATION) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY), - /* LWS_H2S_OPEN */ - (1 << LWS_H2_FRAME_TYPE_DATA) | - (1 << LWS_H2_FRAME_TYPE_HEADERS) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM) | - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) | - (1 << LWS_H2_FRAME_TYPE_PING) | - (1 << LWS_H2_FRAME_TYPE_GOAWAY) | - (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) | - (1 << LWS_H2_FRAME_TYPE_CONTINUATION), - /* LWS_H2S_HALF_CLOSED_REMOTE */ - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM), - /* LWS_H2S_HALF_CLOSED_LOCAL */ - (1 << LWS_H2_FRAME_TYPE_DATA) | - (1 << LWS_H2_FRAME_TYPE_HEADERS) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM) | - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_PUSH_PROMISE) | - (1 << LWS_H2_FRAME_TYPE_PING) | - (1 << LWS_H2_FRAME_TYPE_GOAWAY) | - (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) | - (1 << LWS_H2_FRAME_TYPE_CONTINUATION), - /* LWS_H2S_CLOSED */ - (1 << LWS_H2_FRAME_TYPE_SETTINGS) | - (1 << LWS_H2_FRAME_TYPE_PRIORITY) | - (1 << LWS_H2_FRAME_TYPE_WINDOW_UPDATE) | - (1 << LWS_H2_FRAME_TYPE_RST_STREAM), -}; - -static const char *preface = "PRI * HTTP/2.0\x0d\x0a\x0d\x0aSM\x0d\x0a\x0d\x0a"; - -static const char * const h2_state_names[] = { - "LWS_H2S_IDLE", - "LWS_H2S_RESERVED_LOCAL", - "LWS_H2S_RESERVED_REMOTE", - "LWS_H2S_OPEN", - "LWS_H2S_HALF_CLOSED_REMOTE", - "LWS_H2S_HALF_CLOSED_LOCAL", - "LWS_H2S_CLOSED", -}; - -#if 0 -static const char * const h2_setting_names[] = { - "", - "H2SET_HEADER_TABLE_SIZE", - "H2SET_ENABLE_PUSH", - "H2SET_MAX_CONCURRENT_STREAMS", - "H2SET_INITIAL_WINDOW_SIZE", - "H2SET_MAX_FRAME_SIZE", - "H2SET_MAX_HEADER_LIST_SIZE", - "reserved", - "H2SET_ENABLE_CONNECT_PROTOCOL" -}; - -void -lws_h2_dump_settings(struct http2_settings *set) -{ - int n; - - for (n = 1; n < H2SET_COUNT; n++) - lwsl_notice(" %30s: %10d\n", h2_setting_names[n], set->s[n]); -} -#else -void -lws_h2_dump_settings(struct http2_settings *set) -{ -} -#endif - -static struct lws_h2_protocol_send * -lws_h2_new_pps(enum lws_h2_protocol_send_type type) -{ - struct lws_h2_protocol_send *pps = lws_malloc(sizeof(*pps), "pps"); - - if (pps) - pps->type = type; - - return pps; -} - -void lws_h2_init(struct lws *wsi) -{ - wsi->h2.h2n->set = wsi->vhost->h2.set; -} - -void -lws_h2_state(struct lws *wsi, enum lws_h2_states s) -{ - if (!wsi) - return; - lwsl_info("%s: wsi %p: state %s -> %s\n", __func__, wsi, - h2_state_names[wsi->h2.h2_state], - h2_state_names[s]); - - (void)h2_state_names; - wsi->h2.h2_state = (uint8_t)s; -} - -struct lws * -lws_wsi_server_new(struct lws_vhost *vh, struct lws *parent_wsi, - unsigned int sid) -{ - struct lws *wsi; - struct lws *nwsi = lws_get_network_wsi(parent_wsi); - struct lws_h2_netconn *h2n = nwsi->h2.h2n; - - /* - * The identifier of a newly established stream MUST be numerically - * greater than all streams that the initiating endpoint has opened or - * reserved. This governs streams that are opened using a HEADERS frame - * and streams that are reserved using PUSH_PROMISE. An endpoint that - * receives an unexpected stream identifier MUST respond with a - * connection error (Section 5.4.1) of type PROTOCOL_ERROR. - */ - if (sid <= h2n->highest_sid_opened) { - lwsl_info("%s: tried to open lower sid %d\n", __func__, sid); - lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, "Bad sid"); - return NULL; - } - - /* no more children allowed by parent */ - if (parent_wsi->h2.child_count + 1 > - parent_wsi->h2.h2n->set.s[H2SET_MAX_CONCURRENT_STREAMS]) { - lwsl_notice("reached concurrent stream limit\n"); - return NULL; - } - wsi = lws_create_new_server_wsi(vh, parent_wsi->tsi); - if (!wsi) { - lwsl_notice("new server wsi failed (vh %p)\n", vh); - return NULL; - } - - h2n->highest_sid_opened = sid; - wsi->h2.my_sid = sid; - wsi->http2_substream = 1; - wsi->seen_nonpseudoheader = 0; - - wsi->h2.parent_wsi = parent_wsi; - wsi->role_ops = parent_wsi->role_ops; - /* new guy's sibling is whoever was the first child before */ - wsi->h2.sibling_list = parent_wsi->h2.child_list; - /* first child is now the new guy */ - parent_wsi->h2.child_list = wsi; - parent_wsi->h2.child_count++; - - wsi->h2.my_priority = 16; - wsi->h2.tx_cr = nwsi->h2.h2n->set.s[H2SET_INITIAL_WINDOW_SIZE]; - wsi->h2.peer_tx_cr_est = - nwsi->vhost->h2.set.s[H2SET_INITIAL_WINDOW_SIZE]; - - lwsi_set_state(wsi, LRS_ESTABLISHED); - lwsi_set_role(wsi, lwsi_role(parent_wsi)); - - wsi->protocol = &vh->protocols[0]; - if (lws_ensure_user_space(wsi)) - goto bail1; - - wsi->vhost->conn_stats.h2_subs++; - - lwsl_info("%s: %p new ch %p, sid %d, usersp=%p, tx cr %d, " - "peer_credit %d (nwsi tx_cr %d)\n", - __func__, parent_wsi, wsi, sid, wsi->user_space, - wsi->h2.tx_cr, wsi->h2.peer_tx_cr_est, nwsi->h2.tx_cr); - - return wsi; - -bail1: - /* undo the insert */ - parent_wsi->h2.child_list = wsi->h2.sibling_list; - parent_wsi->h2.child_count--; - - vh->context->count_wsi_allocated--; - - if (wsi->user_space) - lws_free_set_NULL(wsi->user_space); - vh->protocols[0].callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0); - lws_vhost_unbind_wsi(wsi); - lws_free(wsi); - - return NULL; -} - -struct lws * -lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi) -{ - struct lws *nwsi = lws_get_network_wsi(parent_wsi); - - /* no more children allowed by parent */ - if (parent_wsi->h2.child_count + 1 > - parent_wsi->h2.h2n->set.s[H2SET_MAX_CONCURRENT_STREAMS]) { - lwsl_notice("reached concurrent stream limit\n"); - return NULL; - } - - /* sid is set just before issuing the headers, ensuring monoticity */ - - wsi->seen_nonpseudoheader = 0; -#if !defined(LWS_NO_CLIENT) - wsi->client_h2_substream = 1; -#endif - wsi->h2.initialized = 1; - - wsi->h2.parent_wsi = parent_wsi; - /* new guy's sibling is whoever was the first child before */ - wsi->h2.sibling_list = parent_wsi->h2.child_list; - /* first child is now the new guy */ - parent_wsi->h2.child_list = wsi; - parent_wsi->h2.child_count++; - - wsi->h2.my_priority = 16; - wsi->h2.tx_cr = nwsi->h2.h2n->set.s[H2SET_INITIAL_WINDOW_SIZE]; - wsi->h2.peer_tx_cr_est = - nwsi->vhost->h2.set.s[H2SET_INITIAL_WINDOW_SIZE]; - - if (lws_ensure_user_space(wsi)) - goto bail1; - - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS, - &role_ops_h2); - - lws_callback_on_writable(wsi); - - wsi->vhost->conn_stats.h2_subs++; - - return wsi; - -bail1: - /* undo the insert */ - parent_wsi->h2.child_list = wsi->h2.sibling_list; - parent_wsi->h2.child_count--; - - if (wsi->user_space) - lws_free_set_NULL(wsi->user_space); - wsi->protocol->callback(wsi, LWS_CALLBACK_WSI_DESTROY, NULL, NULL, 0); - lws_free(wsi); - - return NULL; -} - - -int lws_h2_issue_preface(struct lws *wsi) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws_h2_protocol_send *pps; - - if (lws_issue_raw(wsi, (uint8_t *)preface, strlen(preface)) != - (int)strlen(preface)) - return 1; - - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_H2_WAITING_TO_SEND_HEADERS, - &role_ops_h2); - - h2n->count = 0; - wsi->h2.tx_cr = 65535; - - /* - * we must send a settings frame - */ - pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS); - if (!pps) - return 1; - lws_pps_schedule(wsi, pps); - lwsl_info("%s: h2 client sending settings\n", __func__); - - return 0; -} - -struct lws * -lws_h2_wsi_from_id(struct lws *parent_wsi, unsigned int sid) -{ - lws_start_foreach_ll(struct lws *, wsi, parent_wsi->h2.child_list) { - if (wsi->h2.my_sid == sid) - return wsi; - } lws_end_foreach_ll(wsi, h2.sibling_list); - - return NULL; -} - -int lws_remove_server_child_wsi(struct lws_context *context, struct lws *wsi) -{ - lws_start_foreach_llp(struct lws **, w, wsi->h2.child_list) { - if (*w == wsi) { - *w = wsi->h2.sibling_list; - (wsi->h2.parent_wsi)->h2.child_count--; - return 0; - } - } lws_end_foreach_llp(w, h2.sibling_list); - - lwsl_err("%s: can't find %p\n", __func__, wsi); - - return 1; -} - -void -lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pps) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - struct lws_h2_netconn *h2n = nwsi->h2.h2n; - - pps->next = h2n->pps; - h2n->pps = pps; - lws_rx_flow_control(wsi, LWS_RXFLOW_REASON_APPLIES_DISABLE | - LWS_RXFLOW_REASON_H2_PPS_PENDING); - lws_callback_on_writable(wsi); -} - -int -lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws_h2_protocol_send *pps; - - if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) - return 0; - - pps = lws_h2_new_pps(LWS_H2_PPS_GOAWAY); - if (!pps) - return 1; - - lwsl_info("%s: %p: ERR 0x%x, '%s'\n", __func__, wsi, err, reason); - - pps->u.ga.err = err; - pps->u.ga.highest_sid = h2n->highest_sid; - lws_strncpy(pps->u.ga.str, reason, sizeof(pps->u.ga.str)); - lws_pps_schedule(wsi, pps); - - h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */ - - return 0; -} - -int -lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - struct lws_h2_netconn *h2n = nwsi->h2.h2n; - struct lws_h2_protocol_send *pps; - - if (!h2n) - return 0; - - if (!wsi->h2_stream_carries_ws && h2n->type == LWS_H2_FRAME_TYPE_COUNT) - return 0; - - pps = lws_h2_new_pps(LWS_H2_PPS_RST_STREAM); - if (!pps) - return 1; - - lwsl_info("%s: RST_STREAM 0x%x, sid %d, REASON '%s'\n", __func__, err, - wsi->h2.my_sid, reason); - - pps->u.rs.sid = wsi->h2.my_sid; - pps->u.rs.err = err; - - lws_pps_schedule(wsi, pps); - - h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */ - lws_h2_state(wsi, LWS_H2_STATE_CLOSED); - - return 0; -} - -int -lws_h2_settings(struct lws *wsi, struct http2_settings *settings, - unsigned char *buf, int len) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - unsigned int a, b; - - if (!len) - return 0; - - if (len < LWS_H2_SETTINGS_LEN) - return 1; - - while (len >= LWS_H2_SETTINGS_LEN) { - a = (buf[0] << 8) | buf[1]; - if (!a || a >= H2SET_COUNT) - goto skip; - b = buf[2] << 24 | buf[3] << 16 | buf[4] << 8 | buf[5]; - - switch (a) { - case H2SET_HEADER_TABLE_SIZE: - break; - case H2SET_ENABLE_PUSH: - if (b > 1) { - lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, - "ENABLE_PUSH invalid arg"); - return 1; - } - break; - case H2SET_MAX_CONCURRENT_STREAMS: - break; - case H2SET_INITIAL_WINDOW_SIZE: - if (b > 0x7fffffff) { - lws_h2_goaway(nwsi, H2_ERR_FLOW_CONTROL_ERROR, - "Inital Window beyond max"); - return 1; - } - -#if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX) - //FIXME: Workaround for FIRMWARE-4632 until cloud-side issue is fixed. - if (b == 0x7fffffff) { - b = 65535; - lwsl_info("init window size 0x7fffffff\n"); - break; - } - //FIXME: end of FIRMWARE-4632 workaround -#endif - - /* - * In addition to changing the flow-control window for - * streams that are not yet active, a SETTINGS frame - * can alter the initial flow-control window size for - * streams with active flow-control windows (that is, - * streams in the "open" or "half-closed (remote)" - * state). When the value of - * SETTINGS_INITIAL_WINDOW_SIZE changes, a receiver - * MUST adjust the size of all stream flow-control - * windows that it maintains by the difference between - * the new value and the old value. - */ - - lws_start_foreach_ll(struct lws *, w, - nwsi->h2.child_list) { - lwsl_info("%s: adi child tc cr %d +%d -> %d", - __func__, - w->h2.tx_cr, b - settings->s[a], - w->h2.tx_cr + b - settings->s[a]); - w->h2.tx_cr += b - settings->s[a]; - if (w->h2.tx_cr > 0 && - w->h2.tx_cr <= - (int32_t)(b - settings->s[a])) - lws_callback_on_writable(w); - } lws_end_foreach_ll(w, h2.sibling_list); - - break; - case H2SET_MAX_FRAME_SIZE: - if (b < wsi->vhost->h2.set.s[H2SET_MAX_FRAME_SIZE]) { - lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, - "Frame size < initial"); - return 1; - } - if (b > 0x00ffffff) { - lws_h2_goaway(nwsi, H2_ERR_PROTOCOL_ERROR, - "Settings Frame size above max"); - return 1; - } - break; - case H2SET_MAX_HEADER_LIST_SIZE: - break; - } - settings->s[a] = b; - lwsl_info("http2 settings %d <- 0x%x\n", a, b); -skip: - len -= LWS_H2_SETTINGS_LEN; - buf += LWS_H2_SETTINGS_LEN; - } - - if (len) - return 1; - - lws_h2_dump_settings(settings); - - return 0; -} - -/* RFC7640 Sect 6.9 - * - * The WINDOW_UPDATE frame can be specific to a stream or to the entire - * connection. In the former case, the frame's stream identifier - * indicates the affected stream; in the latter, the value "0" indicates - * that the entire connection is the subject of the frame. - * - * ... - * - * Two flow-control windows are applicable: the stream flow-control - * window and the connection flow-control window. The sender MUST NOT - * send a flow-controlled frame with a length that exceeds the space - * available in either of the flow-control windows advertised by the - * receiver. Frames with zero length with the END_STREAM flag set (that - * is, an empty DATA frame) MAY be sent if there is no available space - * in either flow-control window. - */ - -int -lws_h2_tx_cr_get(struct lws *wsi) -{ - int c = wsi->h2.tx_cr; - struct lws *nwsi; - - if (!wsi->http2_substream && !wsi->upgraded_to_http2) - return ~0x80000000; - - nwsi = lws_get_network_wsi(wsi); - - lwsl_info ("%s: %p: own tx credit %d: nwsi credit %d\n", - __func__, wsi, c, nwsi->h2.tx_cr); - - if (nwsi->h2.tx_cr < c) - c = nwsi->h2.tx_cr; - - if (c < 0) - return 0; - - return c; -} - -void -lws_h2_tx_cr_consume(struct lws *wsi, int consumed) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - - wsi->h2.tx_cr -= consumed; - - if (nwsi != wsi) - nwsi->h2.tx_cr -= consumed; -} - -int lws_h2_frame_write(struct lws *wsi, int type, int flags, - unsigned int sid, unsigned int len, unsigned char *buf) -{ - struct lws *nwsi = lws_get_network_wsi(wsi); - unsigned char *p = &buf[-LWS_H2_FRAME_HEADER_LENGTH]; - int n; - - //if (wsi->h2_stream_carries_ws) - // lwsl_hexdump_level(LLL_NOTICE, buf, len); - - *p++ = len >> 16; - *p++ = len >> 8; - *p++ = len; - *p++ = type; - *p++ = flags; - *p++ = sid >> 24; - *p++ = sid >> 16; - *p++ = sid >> 8; - *p++ = sid; - - lwsl_debug("%s: %p (eff %p). typ %d, fl 0x%x, sid=%d, len=%d, " - "txcr=%d, nwsi->txcr=%d\n", __func__, wsi, nwsi, type, flags, - sid, len, wsi->h2.tx_cr, nwsi->h2.tx_cr); - - if (type == LWS_H2_FRAME_TYPE_DATA) { - if (wsi->h2.tx_cr < (int)len) - lwsl_err("%s: %p: sending payload len %d" - " but tx_cr only %d!\n", __func__, wsi, - len, wsi->h2.tx_cr); - lws_h2_tx_cr_consume(wsi, len); - } - - n = lws_issue_raw(nwsi, &buf[-LWS_H2_FRAME_HEADER_LENGTH], - len + LWS_H2_FRAME_HEADER_LENGTH); - if (n < 0) - return n; - - if (n >= LWS_H2_FRAME_HEADER_LENGTH) - return n - LWS_H2_FRAME_HEADER_LENGTH; - - return n; -} - -static void lws_h2_set_bin(struct lws *wsi, int n, unsigned char *buf) -{ - *buf++ = n >> 8; - *buf++ = n; - *buf++ = wsi->h2.h2n->set.s[n] >> 24; - *buf++ = wsi->h2.h2n->set.s[n] >> 16; - *buf++ = wsi->h2.h2n->set.s[n] >> 8; - *buf = wsi->h2.h2n->set.s[n]; -} - -/* we get called on the network connection */ - -int lws_h2_do_pps_send(struct lws *wsi) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws_h2_protocol_send *pps = NULL; - struct lws *cwsi; - uint8_t set[LWS_PRE + 64], *p = &set[LWS_PRE], *q; - int n, m = 0, flags = 0; - - if (!h2n) - return 1; - - /* get the oldest pps */ - - lws_start_foreach_llp(struct lws_h2_protocol_send **, pps1, h2n->pps) { - if ((*pps1)->next == NULL) { /* we are the oldest in the list */ - pps = *pps1; /* remove us from the list */ - *pps1 = NULL; - continue; - } - } lws_end_foreach_llp(pps1, next); - - if (!pps) - return 1; - - lwsl_info("%s: %p: %d\n", __func__, wsi, pps->type); - - switch (pps->type) { - - case LWS_H2_PPS_MY_SETTINGS: - - /* - * if any of our settings varies from h2 "default defaults" - * then we must inform the peer - */ - for (n = 1; n < H2SET_COUNT; n++) - if (h2n->set.s[n] != lws_h2_defaults.s[n]) { - lwsl_debug("sending SETTING %d 0x%x\n", n, - wsi->h2.h2n->set.s[n]); - lws_h2_set_bin(wsi, n, &set[LWS_PRE + m]); - m += sizeof(h2n->one_setting); - } - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS, - flags, LWS_H2_STREAM_ID_MASTER, m, - &set[LWS_PRE]); - if (n != m) { - lwsl_info("send %d %d\n", n, m); - goto bail; - } - break; - - case LWS_H2_PPS_ACK_SETTINGS: - /* send ack ... always empty */ - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_SETTINGS, 1, - LWS_H2_STREAM_ID_MASTER, 0, - &set[LWS_PRE]); - if (n) { - lwsl_err("ack tells %d\n", n); - goto bail; - } - /* this is the end of the preface dance then? */ - if (lwsi_state(wsi) == LRS_H2_AWAIT_SETTINGS) { - lwsi_set_state(wsi, LRS_ESTABLISHED); - wsi->http.fop_fd = NULL; - if (lws_is_ssl(lws_get_network_wsi(wsi))) - break; - /* - * we need to treat the headers from the upgrade as the - * first job. So these need to get shifted to sid 1. - */ - h2n->swsi = lws_wsi_server_new(wsi->vhost, wsi, 1); - if (!h2n->swsi) - goto bail; - - /* pass on the initial headers to SID 1 */ - h2n->swsi->http.ah = wsi->http.ah; - wsi->http.ah = NULL; - - lwsl_info("%s: inherited headers %p\n", __func__, - h2n->swsi->http.ah); - h2n->swsi->h2.tx_cr = - h2n->set.s[H2SET_INITIAL_WINDOW_SIZE]; - lwsl_info("initial tx credit on conn %p: %d\n", - h2n->swsi, h2n->swsi->h2.tx_cr); - h2n->swsi->h2.initialized = 1; - /* demanded by HTTP2 */ - h2n->swsi->h2.END_STREAM = 1; - lwsl_info("servicing initial http request\n"); - - wsi->vhost->conn_stats.h2_trans++; - - if (lws_http_action(h2n->swsi)) - goto bail; - - break; - } - break; - case LWS_H2_PPS_PONG: - lwsl_debug("sending PONG\n"); - memcpy(&set[LWS_PRE], pps->u.ping.ping_payload, 8); - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_PING, - LWS_H2_FLAG_SETTINGS_ACK, - LWS_H2_STREAM_ID_MASTER, 8, - &set[LWS_PRE]); - if (n != 8) { - lwsl_info("send %d %d\n", n, m); - goto bail; - } - break; - - case LWS_H2_PPS_GOAWAY: - lwsl_info("LWS_H2_PPS_GOAWAY\n"); - *p++ = pps->u.ga.highest_sid >> 24; - *p++ = pps->u.ga.highest_sid >> 16; - *p++ = pps->u.ga.highest_sid >> 8; - *p++ = pps->u.ga.highest_sid; - *p++ = pps->u.ga.err >> 24; - *p++ = pps->u.ga.err >> 16; - *p++ = pps->u.ga.err >> 8; - *p++ = pps->u.ga.err; - q = (unsigned char *)pps->u.ga.str; - n = 0; - while (*q && n++ < (int)sizeof(pps->u.ga.str)) - *p++ = *q++; - h2n->we_told_goaway = 1; - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_GOAWAY, 0, - LWS_H2_STREAM_ID_MASTER, - lws_ptr_diff(p, &set[LWS_PRE]), - &set[LWS_PRE]); - if (n != 4) { - lwsl_info("send %d %d\n", n, m); - goto bail; - } - goto bail; - - case LWS_H2_PPS_RST_STREAM: - lwsl_info("LWS_H2_PPS_RST_STREAM\n"); - *p++ = pps->u.rs.err >> 24; - *p++ = pps->u.rs.err >> 16; - *p++ = pps->u.rs.err >> 8; - *p++ = pps->u.rs.err; - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_RST_STREAM, - 0, pps->u.rs.sid, 4, &set[LWS_PRE]); - if (n != 4) { - lwsl_info("send %d %d\n", n, m); - goto bail; - } - cwsi = lws_h2_wsi_from_id(wsi, pps->u.rs.sid); - if (cwsi) { - lwsl_debug("%s: closing cwsi %p %s %s (wsi %p)\n", - __func__, cwsi, cwsi->role_ops->name, - cwsi->protocol->name, wsi); - lws_close_free_wsi(cwsi, 0, "reset stream"); - } - break; - - case LWS_H2_PPS_UPDATE_WINDOW: - lwsl_debug("Issuing LWS_H2_PPS_UPDATE_WINDOW: sid %d: add %d\n", - pps->u.update_window.sid, - pps->u.update_window.credit); - *p++ = pps->u.update_window.credit >> 24; - *p++ = pps->u.update_window.credit >> 16; - *p++ = pps->u.update_window.credit >> 8; - *p++ = pps->u.update_window.credit; - n = lws_h2_frame_write(wsi, LWS_H2_FRAME_TYPE_WINDOW_UPDATE, - 0, pps->u.update_window.sid, 4, - &set[LWS_PRE]); - if (n != 4) { - lwsl_info("send %d %d\n", n, m); - goto bail; - } - break; - - default: - break; - } - - lws_free(pps); - - return 0; - -bail: - lws_free(pps); - - return 1; -} - -/* - * The frame header part has just completely arrived. - * Perform actions for header completion. - */ -static int -lws_h2_parse_frame_header(struct lws *wsi) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws_h2_protocol_send *pps; - int n; - - /* - * We just got the frame header - */ - h2n->count = 0; - h2n->swsi = wsi; - /* b31 is a reserved bit */ - h2n->sid = h2n->sid & 0x7fffffff; - - if (h2n->sid && !(h2n->sid & 1)) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Even Stream ID"); - - return 0; - } - - /* let the network wsi live a bit longer if subs are active */ - - if (!wsi->immortal_substream_count) -#if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX) - lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, wsi->vhost->keepalive_timeout); -#else - lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, 31); -#endif - - if (h2n->sid) - h2n->swsi = lws_h2_wsi_from_id(wsi, h2n->sid); - - lwsl_debug("%p (%p): fr hdr: typ 0x%x, fla 0x%x, sid 0x%x, len 0x%x\n", - wsi, h2n->swsi, h2n->type, h2n->flags, h2n->sid, - h2n->length); - - if (h2n->we_told_goaway && h2n->sid > h2n->highest_sid) - h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */ - - if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) - return 0; - - if (h2n->length > h2n->set.s[H2SET_MAX_FRAME_SIZE]) { - /* - * peer sent us something bigger than we told - * it we would allow - */ - lwsl_info("received oversize frame %d\n", h2n->length); - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "Peer ignored our frame size setting"); - return 1; - } - - if (h2n->swsi) - lwsl_info("%s: wsi %p, State: %s, received cmd %d\n", - __func__, h2n->swsi, - h2_state_names[h2n->swsi->h2.h2_state], h2n->type); - else { - /* if it's data, either way no swsi means CLOSED state */ - if (h2n->type == LWS_H2_FRAME_TYPE_DATA) { - if (h2n->sid <= h2n->highest_sid_opened -#if !defined(LWS_NO_CLIENT) - && wsi->client_h2_alpn -#endif - ) { - lwsl_notice("ignoring straggling data\n"); - /* ie, IGNORE */ - h2n->type = LWS_H2_FRAME_TYPE_COUNT; - } else { - lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, - "Data for nonexistent sid"); - return 0; - } - } - /* if the sid is credible, treat as wsi for it closed */ - if (h2n->sid > h2n->highest_sid_opened && - h2n->type != LWS_H2_FRAME_TYPE_HEADERS && - h2n->type != LWS_H2_FRAME_TYPE_PRIORITY) { - /* if not credible, reject it */ - lwsl_info("%s: wsi %p, No child for sid %d, rxcmd %d\n", - __func__, h2n->swsi, h2n->sid, h2n->type); - lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, - "Data for nonexistent sid"); - return 0; - } - } - - if (h2n->swsi && h2n->sid && - !(http2_rx_validity[h2n->swsi->h2.h2_state] & (1 << h2n->type))) { - lwsl_info("%s: wsi %p, State: %s, ILLEGAL cmdrx %d (OK 0x%x)\n", - __func__, h2n->swsi, - h2_state_names[h2n->swsi->h2.h2_state], h2n->type, - http2_rx_validity[h2n->swsi->h2.h2_state]); - - if (h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED || - h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE) - n = H2_ERR_STREAM_CLOSED; - else - n = H2_ERR_PROTOCOL_ERROR; - lws_h2_goaway(wsi, n, "invalid rx for state"); - - return 0; - } - - if (h2n->cont_exp && (h2n->cont_exp_sid != h2n->sid || - h2n->type != LWS_H2_FRAME_TYPE_CONTINUATION)) { - lwsl_info("%s: expected cont on sid %d (got %d on sid %d)\n", - __func__, h2n->cont_exp_sid, h2n->type, h2n->sid); - h2n->cont_exp = 0; - if (h2n->cont_exp_headers) - n = H2_ERR_COMPRESSION_ERROR; - else - n = H2_ERR_PROTOCOL_ERROR; - lws_h2_goaway(wsi, n, "Continuation hdrs State"); - - return 0; - } - - switch (h2n->type) { - case LWS_H2_FRAME_TYPE_DATA: - lwsl_info("seen incoming LWS_H2_FRAME_TYPE_DATA start\n"); - if (!h2n->sid) { - lwsl_info("DATA: 0 sid\n"); - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "DATA 0 sid"); - break; - } - lwsl_info("Frame header DATA: sid %d\n", h2n->sid); - - if (!h2n->swsi) { - lwsl_notice("DATA: NULL swsi\n"); - break; - } - - lwsl_info("DATA rx on state %d\n", h2n->swsi->h2.h2_state); - - if ( - h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE || - h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) { - lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, "conn closed"); - break; - } - break; - case LWS_H2_FRAME_TYPE_PRIORITY: - lwsl_info("LWS_H2_FRAME_TYPE_PRIORITY complete frame\n"); - if (!h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Priority has 0 sid"); - break; - } - if (h2n->length != 5) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "Priority has length other than 5"); - break; - } - break; - case LWS_H2_FRAME_TYPE_PUSH_PROMISE: - lwsl_info("LWS_H2_FRAME_TYPE_PUSH_PROMISE complete frame\n"); - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Server only"); - break; - - case LWS_H2_FRAME_TYPE_GOAWAY: - lwsl_debug("LWS_H2_FRAME_TYPE_GOAWAY received\n"); - break; - - case LWS_H2_FRAME_TYPE_RST_STREAM: - if (!h2n->sid) - return 1; - if (!h2n->swsi) { - if (h2n->sid <= h2n->highest_sid_opened) - break; - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "crazy sid on RST_STREAM"); - return 1; - } - if (h2n->length != 4) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "RST_STREAM can only be length 4"); - break; - } - lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED); - break; - - case LWS_H2_FRAME_TYPE_SETTINGS: - lwsl_info("LWS_H2_FRAME_TYPE_SETTINGS complete frame\n"); - /* nonzero sid on settings is illegal */ - if (h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Settings has nonzero sid"); - break; - } - - if (!(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) { - if ((!h2n->length) || h2n->length % 6) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "Settings length error"); - break; - } - - if (h2n->type == LWS_H2_FRAME_TYPE_COUNT) - return 0; - - if (wsi->upgraded_to_http2) { - pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS); - if (!pps) - return 1; - lws_pps_schedule(wsi, pps); - } - break; - } - /* came to us with ACK set... not allowed to have payload */ - - if (h2n->length) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "Settings with ACK not allowed payload"); - break; - } - break; - case LWS_H2_FRAME_TYPE_PING: - if (h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Ping has nonzero sid"); - break; - } - if (h2n->length != 8) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "Ping payload can only be 8"); - break; - } - break; - case LWS_H2_FRAME_TYPE_CONTINUATION: - lwsl_info("LWS_H2_FRAME_TYPE_CONTINUATION: sid = %d\n", - h2n->sid); - - if (!h2n->cont_exp || - h2n->cont_exp_sid != h2n->sid || - !h2n->sid || - !h2n->swsi) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "unexpected CONTINUATION"); - break; - } - if (h2n->swsi->h2.END_HEADERS) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "END_HEADERS already seen"); - break; - } - /* END_STREAM is in HEADERS, skip resetting it */ - goto update_end_headers; - - case LWS_H2_FRAME_TYPE_HEADERS: - lwsl_info("HEADERS: frame header: sid = %d\n", h2n->sid); - if (!h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "sid 0"); - return 1; - } - - if (h2n->swsi && !h2n->swsi->h2.END_STREAM && - h2n->swsi->h2.END_HEADERS && - !(h2n->flags & LWS_H2_FLAG_END_STREAM)) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "extra HEADERS together"); - return 1; - } - -#if !defined(LWS_NO_CLIENT) - if (wsi->client_h2_alpn) { - if (h2n->sid) { - h2n->swsi = lws_h2_wsi_from_id(wsi, h2n->sid); - lwsl_info("HEADERS: nwsi %p: sid %d mapped " - "to wsi %p\n", wsi, h2n->sid, - h2n->swsi); - if (!h2n->swsi) - break; - } - goto update_end_headers; - } -#endif - - if (!h2n->swsi) { - /* no more children allowed by parent */ - if (wsi->h2.child_count + 1 > - wsi->h2.h2n->set.s[H2SET_MAX_CONCURRENT_STREAMS]) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Another stream not allowed"); - - return 1; - } - - h2n->swsi = lws_wsi_server_new(wsi->vhost, wsi, - h2n->sid); - if (!h2n->swsi) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "OOM"); - - return 1; - } - - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - goto cleanup_wsi; - pps->u.update_window.sid = h2n->sid; - pps->u.update_window.credit = 4 * 65536; - h2n->swsi->h2.peer_tx_cr_est += - pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - goto cleanup_wsi; - pps->u.update_window.sid = 0; - pps->u.update_window.credit = 4 * 65536; - wsi->h2.peer_tx_cr_est += pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - } - - /* - * ah needs attaching to child wsi, even though - * we only fill it from network wsi - */ - if (!h2n->swsi->http.ah) - if (lws_header_table_attach(h2n->swsi, 0)) { - lwsl_err("%s: Failed to get ah\n", __func__); - return 1; - } - - /* - * The first use of a new stream identifier implicitly closes - * all streams in the "idle" state that might have been - * initiated by that peer with a lower-valued stream identifier. - * - * For example, if a client sends a HEADERS frame on stream 7 - * without ever sending a frame on stream 5, then stream 5 - * transitions to the "closed" state when the first frame for - * stream 7 is sent or received. - */ - lws_start_foreach_ll(struct lws *, w, wsi->h2.child_list) { - if (w->h2.my_sid < h2n->sid && - w->h2.h2_state == LWS_H2_STATE_IDLE) - lws_close_free_wsi(w, 0, "h2 sid close"); - assert(w->h2.sibling_list != w); - } lws_end_foreach_ll(w, h2.sibling_list); - - - /* END_STREAM means after servicing this, close the stream */ - h2n->swsi->h2.END_STREAM = - !!(h2n->flags & LWS_H2_FLAG_END_STREAM); - lwsl_info("%s: hdr END_STREAM = %d\n",__func__, - h2n->swsi->h2.END_STREAM); - - h2n->cont_exp = !(h2n->flags & LWS_H2_FLAG_END_HEADERS); - h2n->cont_exp_sid = h2n->sid; - h2n->cont_exp_headers = 1; - // lws_header_table_reset(h2n->swsi, 0); - -update_end_headers: - /* no END_HEADERS means CONTINUATION must come */ - h2n->swsi->h2.END_HEADERS = - !!(h2n->flags & LWS_H2_FLAG_END_HEADERS); - lwsl_info("%p: END_HEADERS %d\n", h2n->swsi, - h2n->swsi->h2.END_HEADERS); - if (h2n->swsi->h2.END_HEADERS) - h2n->cont_exp = 0; - lwsl_debug("END_HEADERS %d\n", h2n->swsi->h2.END_HEADERS); - break; - -cleanup_wsi: - - return 1; - - case LWS_H2_FRAME_TYPE_WINDOW_UPDATE: - if (h2n->length != 4) { - lws_h2_goaway(wsi, H2_ERR_FRAME_SIZE_ERROR, - "window update frame not 4"); - break; - } - lwsl_info("LWS_H2_FRAME_TYPE_WINDOW_UPDATE\n"); - break; - case LWS_H2_FRAME_TYPE_COUNT: - break; - default: - lwsl_info("%s: ILLEGAL FRAME TYPE %d\n", __func__, h2n->type); - h2n->type = LWS_H2_FRAME_TYPE_COUNT; /* ie, IGNORE */ - break; - } - if (h2n->length == 0) - h2n->frame_state = 0; - - return 0; -} - -static const char * const method_names[] = { - "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", "CONNECT", "HEAD" -}; -static unsigned char method_index[] = { - WSI_TOKEN_GET_URI, - WSI_TOKEN_POST_URI, - WSI_TOKEN_OPTIONS_URI, - WSI_TOKEN_PUT_URI, - WSI_TOKEN_PATCH_URI, - WSI_TOKEN_DELETE_URI, - WSI_TOKEN_CONNECT, - WSI_TOKEN_HEAD_URI, -}; - -/* - * The last byte of the whole frame has been handled. - * Perform actions for frame completion. - * - * This is the crunch time for parsing that may have occured on a network - * wsi with a pending partial send... we may call lws_http_action() to send - * a response, conflicting with the partial. - * - * So in that case we change the wsi state and do the lws_http_action() in the - * WRITABLE handler as a priority. - */ -static int -lws_h2_parse_end_of_frame(struct lws *wsi) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws *eff_wsi = wsi; - const char *p; - int n; - - h2n->frame_state = 0; - h2n->count = 0; - - if (h2n->sid) - h2n->swsi = lws_h2_wsi_from_id(wsi, h2n->sid); - - if (h2n->sid > h2n->highest_sid) - h2n->highest_sid = h2n->sid; - - /* set our initial window size */ - if (!wsi->h2.initialized) { - wsi->h2.tx_cr = h2n->set.s[H2SET_INITIAL_WINDOW_SIZE]; - lwsl_info("initial tx credit on master %p: %d\n", wsi, - wsi->h2.tx_cr); - wsi->h2.initialized = 1; - } - - if (h2n->collected_priority && (h2n->dep & ~(1u << 31)) == h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "depends on own sid"); - return 0; - } - - switch (h2n->type) { - - case LWS_H2_FRAME_TYPE_SETTINGS: - -#if !defined(LWS_NO_CLIENT) - if (wsi->client_h2_alpn && - !(h2n->flags & LWS_H2_FLAG_SETTINGS_ACK)) { - struct lws_h2_protocol_send *pps; - - /* migrate original client ask on to substream 1 */ - - wsi->http.fop_fd = NULL; - - /* - * we need to treat the headers from the upgrade as the - * first job. So these need to get shifted to sid 1. - */ - h2n->swsi = lws_wsi_server_new(wsi->vhost, wsi, 1); - if (!h2n->swsi) - return 1; - h2n->sid = 1; - - assert(lws_h2_wsi_from_id(wsi, 1) == h2n->swsi); - - lws_role_transition(wsi, LWSIFR_CLIENT, - LRS_H2_WAITING_TO_SEND_HEADERS, - &role_ops_h2); - - lws_role_transition(h2n->swsi, LWSIFR_CLIENT, - LRS_H2_WAITING_TO_SEND_HEADERS, - &role_ops_h2); - - /* pass on the initial headers to SID 1 */ - h2n->swsi->http.ah = wsi->http.ah; - h2n->swsi->client_h2_substream = 1; - - h2n->swsi->protocol = wsi->protocol; - if (h2n->swsi->user_space && !h2n->swsi->user_space_externally_allocated) - lws_free(h2n->swsi->user_space); - h2n->swsi->user_space = wsi->user_space; - h2n->swsi->user_space_externally_allocated = - wsi->user_space_externally_allocated; - h2n->swsi->opaque_user_data = wsi->opaque_user_data; - wsi->opaque_user_data = NULL; - - wsi->user_space = NULL; - - if (h2n->swsi->http.ah) - h2n->swsi->http.ah->wsi = h2n->swsi; - wsi->http.ah = NULL; - - lwsl_info("%s: MIGRATING nwsi %p: swsi %p\n", __func__, - wsi, h2n->swsi); - h2n->swsi->h2.tx_cr = - h2n->set.s[H2SET_INITIAL_WINDOW_SIZE]; - lwsl_info("initial tx credit on conn %p: %d\n", - h2n->swsi, h2n->swsi->h2.tx_cr); - h2n->swsi->h2.initialized = 1; - - lws_callback_on_writable(h2n->swsi); - - pps = lws_h2_new_pps(LWS_H2_PPS_ACK_SETTINGS); - if (!pps) - return 1; - lws_pps_schedule(wsi, pps); - lwsl_info("%s: scheduled settings ack PPS\n", __func__); - - /* also attach any queued guys */ - - /* we have a transaction queue that wants to pipeline */ - lws_vhost_lock(wsi->vhost); - lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1, - wsi->dll2_cli_txn_queue_owner.head) { - struct lws *w = lws_container_of(d, struct lws, - dll2_cli_txn_queue); - - if (lwsi_state(w) == LRS_H1C_ISSUE_HANDSHAKE2) { - lwsl_info("%s: cli pipeq %p to be h2\n", - __func__, w); - /* remove ourselves from client queue */ - lws_dll2_remove(&w->dll2_cli_txn_queue); - - /* attach ourselves as an h2 stream */ - lws_wsi_h2_adopt(wsi, w); - } - } lws_end_foreach_dll_safe(d, d1); - lws_vhost_unlock(wsi->vhost); - } -#endif - break; - - case LWS_H2_FRAME_TYPE_CONTINUATION: - case LWS_H2_FRAME_TYPE_HEADERS: - - if (!h2n->swsi) - break; - - /* service the http request itself */ - - if (h2n->last_action_dyntable_resize) { - lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR, - "dyntable resize last in headers"); - break; - } - - if (!h2n->swsi->h2.END_HEADERS) { - /* we are not finished yet */ - lwsl_info("witholding http action for continuation\n"); - break; - } - - /* confirm the hpack stream state is reasonable for finishing */ - - if (h2n->hpack != HPKS_TYPE) { - /* hpack incomplete */ - lwsl_info("hpack incomplete %d (type %d, len %d)\n", - h2n->hpack, h2n->type, h2n->hpack_len); - lws_h2_goaway(wsi, H2_ERR_COMPRESSION_ERROR, - "hpack incomplete"); - break; - } - - /* this is the last part of HEADERS */ - switch (h2n->swsi->h2.h2_state) { - case LWS_H2_STATE_IDLE: - lws_h2_state(h2n->swsi, LWS_H2_STATE_OPEN); - break; - case LWS_H2_STATE_RESERVED_REMOTE: - lws_h2_state(h2n->swsi, LWS_H2_STATE_HALF_CLOSED_LOCAL); - break; - } - - lwsl_info("http req, wsi=%p, h2n->swsi=%p\n", wsi, h2n->swsi); - h2n->swsi->hdr_parsing_completed = 1; - -#if !defined(LWS_NO_CLIENT) - if (h2n->swsi->client_h2_substream) { - if (lws_client_interpret_server_handshake(h2n->swsi)) { - lws_h2_rst_stream(h2n->swsi, - H2_ERR_STREAM_CLOSED, - "protocol CLI_EST closed it"); - break; - } - } -#endif - - if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { - h2n->swsi->http.rx_content_length = atoll( - lws_hdr_simple_ptr(h2n->swsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH)); - h2n->swsi->http.rx_content_remain = - h2n->swsi->http.rx_content_length; - lwsl_info("setting rx_content_length %lld\n", - (long long)h2n->swsi->http.rx_content_length); - } - - { - int n = 0, len; - char buf[256]; - const unsigned char *c; - - do { - c = lws_token_to_string(n); - if (!c) { - n++; - continue; - } - - len = lws_hdr_total_length(h2n->swsi, n); - if (!len || len > (int)sizeof(buf) - 1) { - n++; - continue; - } - - if (lws_hdr_copy(h2n->swsi, buf, sizeof buf, - n) < 0) { - lwsl_info(" %s !oversize!\n", - (char *)c); - } else { - buf[sizeof(buf) - 1] = '\0'; - - lwsl_info(" %s = %s\n", - (char *)c, buf); - } - n++; - } while (c); - } - - if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_REMOTE || - h2n->swsi->h2.h2_state == LWS_H2_STATE_CLOSED) { - lws_h2_goaway(wsi, H2_ERR_STREAM_CLOSED, - "Banning service on CLOSED_REMOTE"); - break; - } - - switch (h2n->swsi->h2.h2_state) { - case LWS_H2_STATE_OPEN: - if (h2n->swsi->h2.END_STREAM) - lws_h2_state(h2n->swsi, - LWS_H2_STATE_HALF_CLOSED_REMOTE); - break; - case LWS_H2_STATE_HALF_CLOSED_LOCAL: - if (h2n->swsi->h2.END_STREAM) - lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED); - break; - } - -#if !defined(LWS_NO_CLIENT) - if (h2n->swsi->client_h2_substream) { - lwsl_info("%s: headers: client path\n", __func__); - break; - } -#endif - - if (!lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_PATH) || - !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD) || - !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_SCHEME) || - lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_STATUS) || - lws_hdr_extant(h2n->swsi, WSI_TOKEN_CONNECTION)) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Pseudoheader checks"); - break; - } - - - if (lws_hdr_extant(h2n->swsi, WSI_TOKEN_TE)) { - n = lws_hdr_total_length(h2n->swsi, WSI_TOKEN_TE); - - if (n != 8 || - strncmp(lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_TE), - "trailers", n)) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Illegal transfer-encoding"); - break; - } - } - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - lws_http_compression_validate(h2n->swsi); -#endif - - wsi->vhost->conn_stats.h2_trans++; - p = lws_hdr_simple_ptr(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD); - /* - * duplicate :path into the individual method uri header - * index, so that it looks the same as h1 in the ah - */ - for (n = 0; n < (int)LWS_ARRAY_SIZE(method_names); n++) - if (!strcasecmp(p, method_names[n])) { - h2n->swsi->http.ah->frag_index[method_index[n]] = - h2n->swsi->http.ah->frag_index[ - WSI_TOKEN_HTTP_COLON_PATH]; - break; - } - - lwsl_debug("%s: setting DEF_ACT from 0x%x\n", __func__, - h2n->swsi->wsistate); - lwsi_set_state(h2n->swsi, LRS_DEFERRING_ACTION); - lws_callback_on_writable(h2n->swsi); - break; - - case LWS_H2_FRAME_TYPE_DATA: - if (!h2n->swsi) - break; - - if (lws_hdr_total_length(h2n->swsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH) && - h2n->swsi->h2.END_STREAM && - h2n->swsi->http.rx_content_length && - h2n->swsi->http.rx_content_remain) { - lws_h2_rst_stream(h2n->swsi, H2_ERR_PROTOCOL_ERROR, - "Not enough rx content"); - break; - } - - if (h2n->swsi->h2.END_STREAM && - h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN) - lws_h2_state(h2n->swsi, - LWS_H2_STATE_HALF_CLOSED_REMOTE); - - if (h2n->swsi->h2.END_STREAM && - h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL) - lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED); - -#if !defined(LWS_NO_CLIENT) - /* - * client... remote END_STREAM implies we weren't going to - * send anything else anyway. - */ - - if (h2n->swsi->client_h2_substream && - h2n->flags & LWS_H2_FLAG_END_STREAM) { - lwsl_info("%s: %p: DATA: end stream\n", - __func__, h2n->swsi); - - if (h2n->swsi->h2.h2_state == LWS_H2_STATE_OPEN) { - lws_h2_state(h2n->swsi, - LWS_H2_STATE_HALF_CLOSED_REMOTE); - // lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR, - // "client done"); - - // if (lws_http_transaction_completed_client(h2n->swsi)) - // lwsl_debug("tx completed returned close\n"); - } - - //if (h2n->swsi->h2.h2_state == LWS_H2_STATE_HALF_CLOSED_LOCAL) - { - lws_h2_state(h2n->swsi, LWS_H2_STATE_CLOSED); - - lws_h2_rst_stream(h2n->swsi, H2_ERR_NO_ERROR, - "client done"); - - if (lws_http_transaction_completed_client(h2n->swsi)) - lwsl_debug("tx completed returned close\n"); - } - } -#endif - break; - - case LWS_H2_FRAME_TYPE_PING: - if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK) { // ack - } else {/* they're sending us a ping request */ - struct lws_h2_protocol_send *pps = - lws_h2_new_pps(LWS_H2_PPS_PONG); - if (!pps) - return 1; - - lwsl_info("rx ping, preparing pong\n"); - - memcpy(pps->u.ping.ping_payload, h2n->ping_payload, 8); - lws_pps_schedule(wsi, pps); - } - - break; - - case LWS_H2_FRAME_TYPE_WINDOW_UPDATE: - h2n->hpack_e_dep &= ~(1u << 31); - lwsl_info("WINDOW_UPDATE: sid %d %u (0x%x)\n", h2n->sid, - h2n->hpack_e_dep, h2n->hpack_e_dep); - - if (h2n->sid) - eff_wsi = h2n->swsi; - - if (!eff_wsi) { - if (h2n->sid > h2n->highest_sid_opened) - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "alien sid"); - break; /* ignore */ - } - - if (eff_wsi->vhost->options & - LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW && - (uint64_t)eff_wsi->h2.tx_cr + (uint64_t)h2n->hpack_e_dep > - (uint64_t)0x7fffffff) - h2n->hpack_e_dep = 0x7fffffff - eff_wsi->h2.tx_cr; - - if ((uint64_t)eff_wsi->h2.tx_cr + (uint64_t)h2n->hpack_e_dep > - (uint64_t)0x7fffffff) { - if (h2n->sid) - lws_h2_rst_stream(h2n->swsi, - H2_ERR_FLOW_CONTROL_ERROR, - "Flow control exceeded max"); - else - lws_h2_goaway(wsi, H2_ERR_FLOW_CONTROL_ERROR, - "Flow control exceeded max"); - break; - } - - if (!h2n->hpack_e_dep) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "Zero length window update"); - break; - } - n = eff_wsi->h2.tx_cr; - eff_wsi->h2.tx_cr += h2n->hpack_e_dep; - - if (n <= 0 && eff_wsi->h2.tx_cr <= 0) - /* it helps, but won't change sendability for anyone */ - break; - - /* - * It did change sendability... for us and any children waiting - * on us... reassess blockage for all children first - */ - lws_start_foreach_ll(struct lws *, w, wsi->h2.child_list) { - lws_callback_on_writable(w); - } lws_end_foreach_ll(w, h2.sibling_list); - - if (eff_wsi->h2.skint && lws_h2_tx_cr_get(eff_wsi)) { - lwsl_info("%s: %p: skint\n", __func__, wsi); - eff_wsi->h2.skint = 0; - lws_callback_on_writable(eff_wsi); - } - break; - - case LWS_H2_FRAME_TYPE_GOAWAY: - lwsl_info("GOAWAY: last sid %d, error 0x%08X, string '%s'\n", - h2n->goaway_last_sid, h2n->goaway_err, - h2n->goaway_str); - wsi->h2.GOING_AWAY = 1; - - return 1; - - case LWS_H2_FRAME_TYPE_RST_STREAM: - lwsl_info("LWS_H2_FRAME_TYPE_RST_STREAM: sid %d: reason 0x%x\n", - h2n->sid, h2n->hpack_e_dep); - break; - - case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */ - break; - } - - return 0; -} - -/* - * This may want to send something on the network wsi, which may be in the - * middle of a partial send. PPS sends are OK because they are queued to - * go through the WRITABLE handler already. - * - * The read parser for the network wsi has no choice but to parse its stream - * anyway, because otherwise it will not be able to get tx credit window - * messages. - * - * Therefore if we will send non-PPS, ie, lws_http_action() for a stream - * wsi, we must change its state and handle it as a priority in the - * POLLOUT handler instead of writing it here. - * - * About closing... for the main network wsi, it should return nonzero to - * close it all. If it needs to close an swsi, it can do it here. - */ -int -lws_h2_parser(struct lws *wsi, unsigned char *in, lws_filepos_t inlen, - lws_filepos_t *inused) -{ - struct lws_h2_netconn *h2n = wsi->h2.h2n; - struct lws_h2_protocol_send *pps; - unsigned char c, *oldin = in; - int n, m; - - if (!h2n) - goto fail; - - while (inlen--) { - - c = *in++; - - // lwsl_notice("%s: 0x%x\n", __func__, c); - - switch (lwsi_state(wsi)) { - case LRS_H2_AWAIT_PREFACE: - if (preface[h2n->count++] != c) - goto fail; - - if (preface[h2n->count]) - break; - - lwsl_info("http2: %p: established\n", wsi); - lwsi_set_state(wsi, LRS_H2_AWAIT_SETTINGS); - h2n->count = 0; - wsi->h2.tx_cr = 65535; - - /* - * we must send a settings frame -- empty one is OK... - * that must be the first thing sent by server - * and the peer must send a SETTINGS with ACK flag... - */ - pps = lws_h2_new_pps(LWS_H2_PPS_MY_SETTINGS); - if (!pps) - goto fail; - lws_pps_schedule(wsi, pps); - break; - - case LRS_H2_WAITING_TO_SEND_HEADERS: - case LRS_ESTABLISHED: - case LRS_H2_AWAIT_SETTINGS: - if (h2n->frame_state != LWS_H2_FRAME_HEADER_LENGTH) - goto try_frame_start; - - /* - * post-header, preamble / payload / padding part - */ - h2n->count++; - - if (h2n->flags & LWS_H2_FLAG_PADDED && - !h2n->pad_length) { - /* - * Get the padding count... actual padding is - * at the end of the frame. - */ - h2n->padding = c; - h2n->pad_length = 1; - h2n->preamble++; - - if (h2n->padding > h2n->length - 1) - lws_h2_goaway(wsi, - H2_ERR_PROTOCOL_ERROR, - "execssive padding"); - break; /* we consumed this */ - } - - if (h2n->flags & LWS_H2_FLAG_PRIORITY && - !h2n->collected_priority) { - /* going to be 5 preamble bytes */ - - lwsl_debug("PRIORITY FLAG: 0x%x\n", c); - - if (h2n->preamble++ - h2n->pad_length < 4) { - h2n->dep = ((h2n->dep) << 8) | c; - break; /* we consumed this */ - } - h2n->weight_temp = c; - h2n->collected_priority = 1; - lwsl_debug("PRI FL: dep 0x%x, weight 0x%02X\n", - h2n->dep, h2n->weight_temp); - break; /* we consumed this */ - } - if (h2n->padding && h2n->count > - (h2n->length - h2n->padding)) { - if (c) { - lws_h2_goaway(wsi, - H2_ERR_PROTOCOL_ERROR, - "nonzero padding"); - break; - } - goto frame_end; - } - - /* applies to wsi->h2.swsi which may be wsi */ - switch(h2n->type) { - - case LWS_H2_FRAME_TYPE_SETTINGS: - n = (h2n->count - 1 - h2n->preamble) % - LWS_H2_SETTINGS_LEN; - h2n->one_setting[n] = c; - if (n != LWS_H2_SETTINGS_LEN - 1) - break; - lws_h2_settings(wsi, &h2n->set, - h2n->one_setting, - LWS_H2_SETTINGS_LEN); - break; - - case LWS_H2_FRAME_TYPE_CONTINUATION: - case LWS_H2_FRAME_TYPE_HEADERS: - if (!h2n->swsi) - break; - if (lws_hpack_interpret(h2n->swsi, c)) { - lwsl_info("%s: hpack failed\n", - __func__); - goto fail; - } - break; - - case LWS_H2_FRAME_TYPE_GOAWAY: - switch (h2n->inside++) { - case 0: - case 1: - case 2: - case 3: - h2n->goaway_last_sid <<= 8; - h2n->goaway_last_sid |= c; - h2n->goaway_str[0] = '\0'; - break; - - case 4: - case 5: - case 6: - case 7: - h2n->goaway_err <<= 8; - h2n->goaway_err |= c; - break; - - default: - if (h2n->inside - 9 < - sizeof(h2n->goaway_str) - 1) - h2n->goaway_str[ - h2n->inside - 9] = c; - h2n->goaway_str[ - sizeof(h2n->goaway_str) - 1] = '\0'; - break; - } - break; - - case LWS_H2_FRAME_TYPE_DATA: - - lwsl_info("%s: LWS_H2_FRAME_TYPE_DATA\n", - __func__); - - /* - * let the network wsi live a bit longer if - * subs are active... our frame may take a long - * time to chew through - */ - if (!wsi->immortal_substream_count) - lws_set_timeout(wsi, - PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, -#if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX) - wsi->vhost->keepalive_timeout); -#else - 31); -#endif - - if (!h2n->swsi) - break; - - if (lws_buflist_next_segment_len( - &h2n->swsi->buflist, NULL)) - lwsl_info("%s: substream has pending\n", - __func__); - - if (lwsi_role_http(h2n->swsi) && - lwsi_state(h2n->swsi) == LRS_ESTABLISHED) { - lwsi_set_state(h2n->swsi, LRS_BODY); - lwsl_info("%s: swsi %p to LRS_BODY\n", - __func__, h2n->swsi); - } - - if (lws_hdr_total_length(h2n->swsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH) && - h2n->swsi->http.rx_content_length && - h2n->swsi->http.rx_content_remain < - inlen + 1 && /* last */ - h2n->inside < h2n->length) { - /* unread data in frame */ - lws_h2_goaway(wsi, - H2_ERR_PROTOCOL_ERROR, - "More rx than content_length told"); - break; - } - - /* - * We operate on a frame. The RX we have at - * hand may exceed the current frame. - */ - - n = (int)inlen + 1; - if (n > (int)(h2n->length - h2n->count + 1)) { - n = h2n->length - h2n->count + 1; - lwsl_debug("---- restricting len to %d vs %ld\n", n, (long)inlen + 1); - } -#if !defined(LWS_NO_CLIENT) - if (h2n->swsi->client_h2_substream) { - - m = user_callback_handle_rxflow( - h2n->swsi->protocol->callback, - h2n->swsi, - LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ, - h2n->swsi->user_space, - in - 1, n); - - in += n - 1; - h2n->inside += n; - h2n->count += n - 1; - inlen -= n - 1; - - if (m) { - lwsl_info("RECEIVE_CLIENT_HTTP " - "closed it\n"); - goto close_swsi_and_return; - } - - break; - } else -#endif - { - - if (lwsi_state(h2n->swsi) == LRS_DEFERRING_ACTION) { - // lwsl_notice("appending because we are in LRS_DEFERRING_ACTION\n"); - m = lws_buflist_append_segment( - &h2n->swsi->buflist, - in - 1, n); - if (m < 0) - return -1; - if (m) { - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - lwsl_debug("%s: added %p to rxflow list\n", __func__, wsi); - lws_dll2_add_head(&h2n->swsi->dll_buflist, &pt->dll_buflist_owner); - } - in += n - 1; - h2n->inside += n; - h2n->count += n - 1; - inlen -= n - 1; - - lwsl_debug("%s: deferred %d\n", __func__, n); - goto do_windows; - } - - h2n->swsi->outer_will_close = 1; - /* - * choose the length for this go so that we end at - * the frame boundary, in the case there is already - * more waiting leave it for next time around - */ - - n = lws_read_h1(h2n->swsi, in - 1, n); - // lwsl_notice("%s: lws_read_h1 %d\n", __func__, n); - h2n->swsi->outer_will_close = 0; - /* - * can return 0 in POST body with - * content len exhausted somehow. - */ - if (n < 0 || - (!n && !lws_buflist_next_segment_len(&wsi->buflist, NULL))) { - lwsl_info("%s: lws_read_h1 told %d %d / %d\n", - __func__, n, h2n->count, h2n->length); - in += h2n->length - h2n->count; - h2n->inside = h2n->length; - h2n->count = h2n->length - 1; - - //if (n < 0) - // goto already_closed_swsi; - goto close_swsi_and_return; - } - - inlen -= n - 1; - in += n - 1; - h2n->inside += n; - h2n->count += n - 1; - } - -do_windows: - /* account for both network and stream wsi windows */ - - wsi->h2.peer_tx_cr_est -= n; - h2n->swsi->h2.peer_tx_cr_est -= n; - - // lwsl_notice(" peer_tx_cr_est %d, parent %d\n", - // h2n->swsi->h2.peer_tx_cr_est, wsi->h2.peer_tx_cr_est); - - if (h2n->swsi->h2.peer_tx_cr_est < (int)(2 * h2n->length) + 65536) { - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - return 1; - pps->u.update_window.sid = h2n->sid; - pps->u.update_window.credit = (2 * h2n->length + 65536); - h2n->swsi->h2.peer_tx_cr_est += pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - } - if (wsi->h2.peer_tx_cr_est < (int)(2 * h2n->length) + 65536) { - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - return 1; - pps->u.update_window.sid = 0; - pps->u.update_window.credit = (2 * h2n->length + 65536); - wsi->h2.peer_tx_cr_est += pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - } - - // lwsl_notice("%s: count %d len %d\n", __func__, (int)h2n->count, (int)h2n->length); - - break; - - case LWS_H2_FRAME_TYPE_PRIORITY: - if (h2n->count <= 4) { - h2n->dep <<= 8; - h2n->dep |= c; - } else { - h2n->weight_temp = c; - lwsl_info("PRIORITY: dep 0x%x, weight 0x%02X\n", - h2n->dep, h2n->weight_temp); - - if ((h2n->dep & ~(1u << 31)) == h2n->sid) { - lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, - "cant depend on own sid"); - break; - } - } - break; - - case LWS_H2_FRAME_TYPE_RST_STREAM: - h2n->hpack_e_dep <<= 8; - h2n->hpack_e_dep |= c; - break; - - case LWS_H2_FRAME_TYPE_PUSH_PROMISE: - break; - - case LWS_H2_FRAME_TYPE_PING: - if (h2n->flags & LWS_H2_FLAG_SETTINGS_ACK) { // ack - } else { /* they're sending us a ping request */ - if (h2n->count > 8) - return 1; - h2n->ping_payload[h2n->count - 1] = c; - } - break; - - case LWS_H2_FRAME_TYPE_WINDOW_UPDATE: - h2n->hpack_e_dep <<= 8; - h2n->hpack_e_dep |= c; - break; - - case LWS_H2_FRAME_TYPE_COUNT: /* IGNORING FRAME */ - break; - - default: - lwsl_notice("%s: unhandled frame type %d\n", - __func__, h2n->type); - - goto fail; - } - -frame_end: - if (h2n->count > h2n->length) { - lwsl_notice("%s: count > length %d %d\n", - __func__, h2n->count, h2n->length); - goto fail; - } - if (h2n->count != h2n->length) - break; - - /* - * end of frame just happened - */ - if (lws_h2_parse_end_of_frame(wsi)) - goto fail; - - break; - -try_frame_start: - if (h2n->frame_state <= 8) { - - switch (h2n->frame_state++) { - case 0: - h2n->pad_length = 0; - h2n->collected_priority = 0; - h2n->padding = 0; - h2n->preamble = 0; - h2n->length = c; - h2n->inside = 0; - break; - case 1: - case 2: - h2n->length <<= 8; - h2n->length |= c; - break; - case 3: - h2n->type = c; - break; - case 4: - h2n->flags = c; - break; - - case 5: - case 6: - case 7: - case 8: - h2n->sid <<= 8; - h2n->sid |= c; - break; - } - } - - if (h2n->frame_state == LWS_H2_FRAME_HEADER_LENGTH) - if (lws_h2_parse_frame_header(wsi)) - goto fail; - break; - - default: - break; - } - } - - *inused = in - oldin; - - return 0; - -close_swsi_and_return: - - lws_close_free_wsi(h2n->swsi, 0, "close_swsi_and_return"); - h2n->swsi = NULL; - h2n->frame_state = 0; - h2n->count = 0; - -// already_closed_swsi: - *inused = in - oldin; - - return 2; - -fail: - *inused = in - oldin; - - return 1; -} - -int -lws_h2_client_handshake(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - uint8_t *buf, *start, *p, *end; - char *meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD), - *uri = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI); - struct lws *nwsi = lws_get_network_wsi(wsi); - struct lws_h2_protocol_send *pps; - int n; - /* - * The identifier of a newly established stream MUST be numerically - * greater than all streams that the initiating endpoint has opened or - * reserved. This governs streams that are opened using a HEADERS frame - * and streams that are reserved using PUSH_PROMISE. An endpoint that - * receives an unexpected stream identifier MUST respond with a - * connection error (Section 5.4.1) of type PROTOCOL_ERROR. - */ - int sid = nwsi->h2.h2n->highest_sid_opened + 2; - - nwsi->h2.h2n->highest_sid_opened = sid; - wsi->h2.my_sid = sid; - - lwsl_info("%s: CLIENT_WAITING_TO_SEND_HEADERS: pollout (sid %d)\n", - __func__, wsi->h2.my_sid); - - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - return 1; - pps->u.update_window.sid = sid; - pps->u.update_window.credit = 4 * 65536; - wsi->h2.peer_tx_cr_est += pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - - pps = lws_h2_new_pps(LWS_H2_PPS_UPDATE_WINDOW); - if (!pps) - return 1; - pps->u.update_window.sid = 0; - pps->u.update_window.credit = 4 * 65536; - wsi->h2.peer_tx_cr_est += pps->u.update_window.credit; - lws_pps_schedule(wsi, pps); - - p = start = buf = pt->serv_buf + LWS_PRE; - end = start + wsi->context->pt_serv_buf_size - LWS_PRE - 1; - - /* it's time for us to send our client stream headers */ - - if (!meth) - meth = "GET"; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_COLON_METHOD, - (unsigned char *)meth, - (int)strlen(meth), &p, end)) - goto fail_length; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_COLON_SCHEME, - (unsigned char *)"https", 4, - &p, end)) - goto fail_length; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_COLON_PATH, - (unsigned char *)uri, - lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_URI), - &p, end)) - goto fail_length; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_COLON_AUTHORITY, - (unsigned char *)lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_ORIGIN), - lws_hdr_total_length(wsi, _WSI_TOKEN_CLIENT_ORIGIN), - &p, end)) - goto fail_length; - - /* give userland a chance to append, eg, cookies */ - - if (wsi->protocol->callback(wsi, - LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER, - wsi->user_space, &p, (end - p) - 12)) - goto fail_length; - - if (lws_finalize_http_header(wsi, &p, end)) - goto fail_length; - - n = lws_write(wsi, start, p - start, - LWS_WRITE_HTTP_HEADERS); - if (n != (p - start)) { - lwsl_err("_write returned %d from %ld\n", n, - (long)(p - start)); - return -1; - } - - lws_h2_state(wsi, LWS_H2_STATE_OPEN); - lwsi_set_state(wsi, LRS_ESTABLISHED); - - return 0; - -fail_length: - lwsl_err("Client hdrs too long: incr context info.pt_serv_buf_size\n"); - - return -1; -} - -int -lws_h2_ws_handshake(struct lws *wsi) -{ - uint8_t buf[LWS_PRE + 2048], *p = buf + LWS_PRE, *start = p, - *end = &buf[sizeof(buf) - 1]; - const struct lws_http_mount *hit; - const char * uri_ptr; - int n, m; - - if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end)) - return -1; - - if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) > 64) - return -1; - - if (wsi->proxied_ws_parent && wsi->child_list) { - if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL)) { - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL, - (uint8_t *)lws_hdr_simple_ptr(wsi, - WSI_TOKEN_PROTOCOL), - (int)strlen(lws_hdr_simple_ptr(wsi, - WSI_TOKEN_PROTOCOL)), - &p, end)) - return -1; - } - } else { - - /* we can only return the protocol header if: - * - one came in, and ... */ - if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) && - /* - it is not an empty string */ - wsi->protocol->name && wsi->protocol->name[0]) { - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL, - (unsigned char *)wsi->protocol->name, - (int)strlen(wsi->protocol->name), - &p, end)) - return -1; - } - } - - if (lws_finalize_http_header(wsi, &p, end)) - return -1; - - m = lws_ptr_diff(p, start); - // lwsl_hexdump_notice(start, m); - n = lws_write(wsi, start, m, LWS_WRITE_HTTP_HEADERS); - if (n != m) { - lwsl_err("_write returned %d from %d\n", n, m); - - return -1; - } - - /* - * alright clean up, set our state to generic ws established, the - * mode / state of the nwsi will get the h2 processing done. - */ - - lwsi_set_state(wsi, LRS_ESTABLISHED); - wsi->lws_rx_parse_state = 0; // ==LWS_RXPS_NEW; - - uri_ptr = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH); - n = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH); - hit = lws_find_mount(wsi, uri_ptr, n); - - if (hit && hit->cgienv && - wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, wsi->user_space, - (void *)hit->cgienv, 0)) - return 1; - - return 0; -} - -int -lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len) -{ - unsigned char *oldbuf = buf; - lws_filepos_t body_chunk_len; - - // lwsl_notice("%s: h2 path: wsistate 0x%x len %d\n", __func__, - // wsi->wsistate, (int)len); - - /* - * wsi here is always the network connection wsi, not a stream - * wsi. Once we unpicked the framing we will find the right - * swsi and make it the target of the frame. - * - * If it's ws over h2, the nwsi will get us here to do the h2 - * processing, and that will call us back with the swsi + - * ESTABLISHED state for the inner payload, handled in a later - * case. - */ - while (len) { - int m; - - /* - * we were accepting input but now we stopped doing so - */ - if (lws_is_flowcontrolled(wsi)) { - lws_rxflow_cache(wsi, buf, 0, (int)len); - buf += len; - len = 0; - break; - } - - /* - * lws_h2_parser() may send something; when it gets the - * whole frame, it will want to perform some action - * involving a reply. But we may be in a partial send - * situation on the network wsi... - * - * Even though we may be in a partial send and unable to - * send anything new, we still have to parse the network - * wsi in order to gain tx credit to send, which is - * potentially necessary to clear the old partial send. - * - * ALL network wsi-specific frames are sent by PPS - * already, these are sent as a priority on the writable - * handler, and so respect partial sends. The only - * problem is when a stream wsi wants to send an, eg, - * reply headers frame in response to the parsing - * we will do now... the *stream wsi* must stall in a - * different state until it is able to do so from a - * priority on the WRITABLE callback, same way that - * file transfers operate. - */ - - m = lws_h2_parser(wsi, buf, len, &body_chunk_len); - if (m && m != 2) { - lwsl_debug("%s: http2_parser bail: %d\n", __func__, m); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "lws_read_h2 bail"); - - return -1; - } - if (m == 2) { - /* swsi has been closed */ - buf += body_chunk_len; - len -= body_chunk_len; - break; - } - - buf += body_chunk_len; - len -= body_chunk_len; - } - - return lws_ptr_diff(buf, oldbuf); -} - diff --git a/lib/roles/h2/ops-h2.c b/lib/roles/h2/ops-h2.c deleted file mode 100644 index eb87fce..0000000 --- a/lib/roles/h2/ops-h2.c +++ /dev/null @@ -1,1247 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -/* - * These are the standardized defaults. - * Override what actually goes in the vhost settings in platform or user code. - * Leave these alone because they are used to determine "what is different - * from the protocol defaults". - */ -const struct http2_settings lws_h2_defaults = { { - 1, - /* H2SET_HEADER_TABLE_SIZE */ 4096, - /* *** This controls how many entries in the dynamic table *** - * Allows the sender to inform the remote endpoint of the maximum - * size of the header compression table used to decode header - * blocks, in octets. The encoder can select any size equal to or - * less than this value by using signaling specific to the header - * compression format inside a header block (see [COMPRESSION]). - * The initial value is 4,096 octets. - */ - /* H2SET_ENABLE_PUSH */ 1, - /* H2SET_MAX_CONCURRENT_STREAMS */ 0x7fffffff, - /* H2SET_INITIAL_WINDOW_SIZE */ 65535, - /* H2SET_MAX_FRAME_SIZE */ 16384, - /* H2SET_MAX_HEADER_LIST_SIZE */ 0x7fffffff, - /*< This advisory setting informs a peer of the maximum size of - * header list that the sender is prepared to accept, in octets. - * The value is based on the uncompressed size of header fields, - * including the length of the name and value in octets plus an - * overhead of 32 octets for each header field. - */ - /* H2SET_RESERVED7 */ 0, - /* H2SET_ENABLE_CONNECT_PROTOCOL */ 0, -}}; - -/* these are the "lws defaults"... they can be overridden in plat */ - -const struct http2_settings lws_h2_stock_settings = { { - 1, - /* H2SET_HEADER_TABLE_SIZE */ 65536, /* ffox */ - /* *** This controls how many entries in the dynamic table *** - * Allows the sender to inform the remote endpoint of the maximum - * size of the header compression table used to decode header - * blocks, in octets. The encoder can select any size equal to or - * less than this value by using signaling specific to the header - * compression format inside a header block (see [COMPRESSION]). - * The initial value is 4,096 octets. - * - * Can't pass h2spec with less than 4096 here... - */ - /* H2SET_ENABLE_PUSH */ 1, - /* H2SET_MAX_CONCURRENT_STREAMS */ 24, - /* H2SET_INITIAL_WINDOW_SIZE */ 65535, - /* H2SET_MAX_FRAME_SIZE */ 16384, - /* H2SET_MAX_HEADER_LIST_SIZE */ 4096, - /*< This advisory setting informs a peer of the maximum size of - * header list that the sender is prepared to accept, in octets. - * The value is based on the uncompressed size of header fields, - * including the length of the name and value in octets plus an - * overhead of 32 octets for each header field. - */ - /* H2SET_RESERVED7 */ 0, - /* H2SET_ENABLE_CONNECT_PROTOCOL */ 1, -}}; - -/* - * The wsi at this level is the network wsi - */ - -static int -rops_handle_POLLIN_h2(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_tokens ebuf; - unsigned int pending = 0; - char buffered = 0; - struct lws *wsi1; - int n, m; - -#ifdef LWS_WITH_CGI - if (wsi->http.cgi && (pollfd->revents & LWS_POLLOUT)) { - if (lws_handle_POLLOUT_event(wsi, pollfd)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - return LWS_HPI_RET_HANDLED; - } -#endif - - lwsl_info("%s: wsistate 0x%x, pollout %d\n", __func__, - wsi->wsistate, pollfd->revents & LWS_POLLOUT); - - /* - * something went wrong with parsing the handshake, and - * we ended up back in the event loop without completing it - */ - if (lwsi_state(wsi) == LRS_PRE_WS_SERVING_ACCEPT) { - wsi->socket_is_permanently_unusable = 1; - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (lwsi_state(wsi) == LRS_WAITING_CONNECT) { -#if !defined(LWS_NO_CLIENT) - if ((pollfd->revents & LWS_POLLOUT) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - lwsl_debug("POLLOUT event closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - n = lws_client_socket_service(wsi, pollfd, NULL); - if (n) - return LWS_HPI_RET_WSI_ALREADY_DIED; -#endif - return LWS_HPI_RET_HANDLED; - } - - /* 1: something requested a callback when it was OK to write */ - - if ((pollfd->revents & LWS_POLLOUT) && - lwsi_state_can_handle_POLLOUT(wsi) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - lwsi_set_state(wsi, LRS_FLUSHING_BEFORE_CLOSE); - /* the write failed... it's had it */ - wsi->socket_is_permanently_unusable = 1; - - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE || - lwsi_state(wsi) == LRS_WAITING_TO_SEND_CLOSE || - lwsi_state(wsi) == LRS_AWAITING_CLOSE_ACK) { - /* - * we stopped caring about anything except control - * packets. Force flow control off, defeat tx - * draining. - */ - lws_rx_flow_control(wsi, 1); -#if defined(LWS_ROLE_WS) && !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws) - wsi->ws->tx_draining_ext = 0; -#endif - } - - if (wsi->http2_substream || wsi->upgraded_to_http2) { - wsi1 = lws_get_network_wsi(wsi); - if (wsi1 && lws_has_buffered_out(wsi1)) - /* - * We cannot deal with any kind of new RX - * because we are dealing with a partial send - * (new RX may trigger new http_action() that - * expect to be able to send) - */ - return LWS_HPI_RET_HANDLED; - } - -read: - /* 3: network wsi buflist needs to be drained */ - - // lws_buflist_describe(&wsi->buflist, wsi); - - ebuf.len = (int)lws_buflist_next_segment_len(&wsi->buflist, - &ebuf.token); - if (ebuf.len) { - lwsl_info("draining buflist (len %d)\n", ebuf.len); - buffered = 1; - goto drain; - } - - if (!lws_ssl_pending(wsi) && - !(pollfd->revents & pollfd->events & LWS_POLLIN)) - return LWS_HPI_RET_HANDLED; - - if (!(lwsi_role_client(wsi) && - (lwsi_state(wsi) != LRS_ESTABLISHED && - lwsi_state(wsi) != LRS_H2_WAITING_TO_SEND_HEADERS))) { - - ebuf.token = pt->serv_buf; - ebuf.len = lws_ssl_capable_read(wsi, - ebuf.token, - wsi->context->pt_serv_buf_size); - switch (ebuf.len) { - case 0: - lwsl_info("%s: zero length read\n", __func__); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - case LWS_SSL_CAPABLE_MORE_SERVICE: - lwsl_info("SSL Capable more service\n"); - return LWS_HPI_RET_HANDLED; - case LWS_SSL_CAPABLE_ERROR: - lwsl_info("%s: LWS_SSL_CAPABLE_ERROR\n", __func__); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - // lwsl_notice("%s: Actual RX %d\n", __func__, ebuf.len); - // if (ebuf.len > 0) - // lwsl_hexdump_notice(ebuf.token, ebuf.len); - } - - if (ebuf.len < 0) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - -drain: -#ifndef LWS_NO_CLIENT - if (lwsi_role_http(wsi) && lwsi_role_client(wsi) && - wsi->hdr_parsing_completed && !wsi->told_user_closed) { - - /* - * In SSL mode we get POLLIN notification about - * encrypted data in. - * - * But that is not necessarily related to decrypted - * data out becoming available; in may need to perform - * other in or out before that happens. - * - * simply mark ourselves as having readable data - * and turn off our POLLIN - */ - wsi->client_rx_avail = 1; - if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - /* let user code know, he'll usually ask for writeable - * callback and drain / re-enable it there - */ - if (user_callback_handle_rxflow( - wsi->protocol->callback, - wsi, LWS_CALLBACK_RECEIVE_CLIENT_HTTP, - wsi->user_space, NULL, 0)) { - lwsl_info("RECEIVE_CLIENT_HTTP closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - return LWS_HPI_RET_HANDLED; - } -#endif - - /* service incoming data */ - - if (ebuf.len) { - n = 0; - if (lwsi_role_h2(wsi) && lwsi_state(wsi) != LRS_BODY && - lwsi_state(wsi) != LRS_DISCARD_BODY) - n = lws_read_h2(wsi, ebuf.token, ebuf.len); - else - n = lws_read_h1(wsi, ebuf.token, ebuf.len); - - if (n < 0) { - /* we closed wsi */ - n = 0; - return LWS_HPI_RET_WSI_ALREADY_DIED; - } - - if (n && buffered) { - m = lws_buflist_use_segment(&wsi->buflist, n); - lwsl_info("%s: draining rxflow: used %d, next %d\n", - __func__, n, m); - if (!m) { - lwsl_notice("%s: removed %p from dll_buflist\n", - __func__, wsi); - lws_dll2_remove(&wsi->dll_buflist); - } - } else - if (n && n != ebuf.len) { - m = lws_buflist_append_segment(&wsi->buflist, - ebuf.token + n, - ebuf.len - n); - if (m < 0) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - if (m) { - lwsl_debug("%s: added %p to rxflow list\n", - __func__, wsi); - lws_dll2_add_head(&wsi->dll_buflist, - &pt->dll_buflist_owner); - } - } - } - - // lws_buflist_describe(&wsi->buflist, wsi); - -#if 0 - - /* - * This seems to be too aggressive... we don't want the ah stuck - * there but eg, WINDOW_UPDATE may come and detach it if we leave - * it like that... it will get detached at stream close - */ - - if (wsi->http.ah -#if !defined(LWS_NO_CLIENT) - && !wsi->client_h2_alpn -#endif - ) { - lwsl_err("xxx\n"); - - lws_header_table_detach(wsi, 0); - } -#endif - - pending = lws_ssl_pending(wsi); - if (pending) { - // lwsl_info("going around\n"); - goto read; - } - - return LWS_HPI_RET_HANDLED; -} - -int rops_handle_POLLOUT_h2(struct lws *wsi) -{ - // lwsl_notice("%s\n", __func__); - - if (lwsi_state(wsi) == LRS_ISSUE_HTTP_BODY) - return LWS_HP_RET_USER_SERVICE; - - /* - * Priority 2: H2 protocol packets - */ - if ((wsi->upgraded_to_http2 -#if !defined(LWS_NO_CLIENT) - || wsi->client_h2_alpn -#endif - ) && wsi->h2.h2n->pps) { - lwsl_info("servicing pps\n"); - /* - * this is called on the network connection, but may close - * substreams... that may affect callers - */ - if (lws_h2_do_pps_send(wsi)) { - wsi->socket_is_permanently_unusable = 1; - return LWS_HP_RET_BAIL_DIE; - } - if (wsi->h2.h2n->pps) - return LWS_HP_RET_BAIL_OK; - - /* we can resume whatever we were doing */ - lws_rx_flow_control(wsi, LWS_RXFLOW_REASON_APPLIES_ENABLE | - LWS_RXFLOW_REASON_H2_PPS_PENDING); - - return LWS_HP_RET_BAIL_OK; /* leave POLLOUT active */ - } - - /* Priority 4: if we are closing, not allowed to send more data frags - * which means user callback or tx ext flush banned now - */ - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - return LWS_HP_RET_USER_SERVICE; - - return LWS_HP_RET_USER_SERVICE; -} - -static int -rops_write_role_protocol_h2(struct lws *wsi, unsigned char *buf, size_t len, - enum lws_write_protocol *wp) -{ - unsigned char flags = 0, base = (*wp) & 0x1f; - size_t olen = len; - int n; -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - unsigned char mtubuf[4096 + LWS_PRE]; -#endif - - /* if not in a state to send stuff, then just send nothing */ - - if (!lwsi_role_ws(wsi) && - base != LWS_WRITE_HTTP && - base != LWS_WRITE_HTTP_FINAL && - base != LWS_WRITE_HTTP_HEADERS_CONTINUATION && - base != LWS_WRITE_HTTP_HEADERS && - ((lwsi_state(wsi) != LRS_RETURNED_CLOSE && - lwsi_state(wsi) != LRS_WAITING_TO_SEND_CLOSE && - lwsi_state(wsi) != LRS_AWAITING_CLOSE_ACK) -#if defined(LWS_ROLE_WS) - || base != LWS_WRITE_CLOSE -#endif - )) { - //assert(0); - lwsl_notice("binning wsistate 0x%x %d\n", wsi->wsistate, *wp); - return 0; - } - - /* compression transform... */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.lcs) { - unsigned char *out = mtubuf + LWS_PRE; - size_t o = sizeof(mtubuf) - LWS_PRE; - - n = lws_http_compression_transform(wsi, buf, len, wp, &out, &o); - if (n) - return n; - - lwsl_info("%s: %p: transformed %d bytes to %d " - "(wp 0x%x, more %d)\n", __func__, - wsi, (int)len, (int)o, (int)*wp, - wsi->http.comp_ctx.may_have_more); - - buf = out; - len = o; - base = (*wp) & 0x1f; - - if (!len) - return olen; - } -#endif - - /* - * ws-over-h2 also ends up here after the ws framing applied - */ - - n = LWS_H2_FRAME_TYPE_DATA; - if (base == LWS_WRITE_HTTP_HEADERS) { - n = LWS_H2_FRAME_TYPE_HEADERS; - if (!((*wp) & LWS_WRITE_NO_FIN)) - flags = LWS_H2_FLAG_END_HEADERS; - if (wsi->h2.send_END_STREAM || - ((*wp) & LWS_WRITE_H2_STREAM_END)) { - flags |= LWS_H2_FLAG_END_STREAM; - wsi->h2.send_END_STREAM = 1; - } - } - - if (base == LWS_WRITE_HTTP_HEADERS_CONTINUATION) { - n = LWS_H2_FRAME_TYPE_CONTINUATION; - if (!((*wp) & LWS_WRITE_NO_FIN)) - flags = LWS_H2_FLAG_END_HEADERS; - if (wsi->h2.send_END_STREAM || - ((*wp) & LWS_WRITE_H2_STREAM_END)) { - flags |= LWS_H2_FLAG_END_STREAM; - wsi->h2.send_END_STREAM = 1; - } - } - - if ((base == LWS_WRITE_HTTP || - base == LWS_WRITE_HTTP_FINAL) && - wsi->http.tx_content_length) { - wsi->http.tx_content_remain -= len; - lwsl_info("%s: wsi %p: tx_content_rem = %llu\n", __func__, wsi, - (unsigned long long)wsi->http.tx_content_remain); - if (!wsi->http.tx_content_remain) { - lwsl_info("%s: selecting final write mode\n", __func__); - base = *wp = LWS_WRITE_HTTP_FINAL; - } - } - - if (base == LWS_WRITE_HTTP_FINAL || ((*wp) & LWS_WRITE_H2_STREAM_END)) { - lwsl_info("%s: %p: setting END_STREAM\n", __func__, wsi); - flags |= LWS_H2_FLAG_END_STREAM; - wsi->h2.send_END_STREAM = 1; - } - - n = lws_h2_frame_write(wsi, n, flags, wsi->h2.my_sid, (int)len, buf); - if (n < 0) - return n; - - /* hide it may have been compressed... */ - - return (int)olen; -} - -static int -rops_check_upgrades_h2(struct lws *wsi) -{ -#if defined(LWS_ROLE_WS) - struct lws *nwsi; - char *p; - - /* - * with H2 there's also a way to upgrade a stream to something - * else... :method is CONNECT and :protocol says the name of - * the new protocol we want to carry. We have to have sent a - * SETTINGS saying that we support it though. - */ - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD); - if (!wsi->vhost->h2.set.s[H2SET_ENABLE_CONNECT_PROTOCOL] || - !wsi->http2_substream || !p || strcmp(p, "CONNECT")) - return LWS_UPG_RET_CONTINUE; - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_COLON_PROTOCOL); - if (!p || strcmp(p, "websocket")) - return LWS_UPG_RET_CONTINUE; - - nwsi = lws_get_network_wsi(wsi); - - wsi->vhost->conn_stats.ws_upg++; - lwsl_info("Upgrade h2 to ws\n"); - wsi->h2_stream_carries_ws = 1; - nwsi->immortal_substream_count++; - if (lws_process_ws_upgrade(wsi)) - return LWS_UPG_RET_BAIL; - - if (nwsi->immortal_substream_count == 1) - lws_set_timeout(nwsi, NO_PENDING_TIMEOUT, 0); - - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - lwsl_info("Upgraded h2 to ws OK\n"); - - return LWS_UPG_RET_DONE; -#else - return LWS_UPG_RET_CONTINUE; -#endif -} - -static int -rops_init_vhost_h2(struct lws_vhost *vh, - const struct lws_context_creation_info *info) -{ - vh->h2.set = vh->context->set; - if (info->http2_settings[0]) { - int n; - - for (n = 1; n < LWS_H2_SETTINGS_LEN; n++) - vh->h2.set.s[n] = info->http2_settings[n]; - } - - return 0; -} - -static int -rops_init_context_h2(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - int n; - - context->set = lws_h2_stock_settings; - - /* - * We only want to do this once... we will do it if we are built - * otherwise h1 ops will do it (or nobody if no http at all) - */ - - for (n = 0; n < context->count_threads; n++) { - struct lws_context_per_thread *pt = &context->pt[n]; - - pt->sul_ah_lifecheck.cb = lws_sul_http_ah_lifecheck; - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_ah_lifecheck, - 30 * LWS_US_PER_SEC); - } - - return 0; -} - -static lws_fileofs_t -rops_tx_credit_h2(struct lws *wsi) -{ - return lws_h2_tx_cr_get(wsi); -} - -static int -rops_destroy_role_h2(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct allocated_headers *ah; - - /* we may not have an ah, but may be on the waiting list... */ - lwsl_info("%s: ah det due to close\n", __func__); - __lws_header_table_detach(wsi, 0); - - ah = pt->http.ah_list; - - while (ah) { - if (ah->in_use && ah->wsi == wsi) { - lwsl_err("%s: ah leak: wsi %p\n", __func__, wsi); - ah->in_use = 0; - ah->wsi = NULL; - pt->http.ah_count_in_use--; - break; - } - ah = ah->next; - } - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - lws_http_compression_destroy(wsi); -#endif - - if (wsi->upgraded_to_http2 || wsi->http2_substream) { - lws_hpack_destroy_dynamic_header(wsi); - - if (wsi->h2.h2n) - lws_free_set_NULL(wsi->h2.h2n); - } - - return 0; -} - -static int -rops_close_kill_connection_h2(struct lws *wsi, enum lws_close_status reason) -{ - struct lws *wsi2; - -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->http.proxy_clientside) { - struct lws *wsi_eff = lws_client_wsi_effective(wsi); - - wsi->http.proxy_clientside = 0; - - if (user_callback_handle_rxflow(wsi_eff->protocol->callback, - wsi_eff, - LWS_CALLBACK_COMPLETED_CLIENT_HTTP, - wsi_eff->user_space, NULL, 0)) - wsi->http.proxy_clientside = 0; - } -#endif - - if (wsi->http2_substream && wsi->h2_stream_carries_ws) - lws_h2_rst_stream(wsi, 0, "none"); - - if (wsi->h2.parent_wsi && lwsl_visible(LLL_INFO)) { - lwsl_info(" wsi: %p, his parent %p: siblings:\n", wsi, - wsi->h2.parent_wsi); - lws_start_foreach_llp(struct lws **, w, - wsi->h2.parent_wsi->h2.child_list) { - lwsl_info(" \\---- child %s %p\n", - (*w)->role_ops ? (*w)->role_ops->name : "?", *w); - } lws_end_foreach_llp(w, h2.sibling_list); - } - - if (wsi->upgraded_to_http2 || wsi->http2_substream -#if !defined(LWS_NO_CLIENT) - || wsi->client_h2_substream -#endif - ) { - lwsl_info("closing %p: parent %p\n", wsi, wsi->h2.parent_wsi); - - if (wsi->h2.child_list && lwsl_visible(LLL_INFO)) { - lwsl_info(" parent %p: closing children: list:\n", wsi); - lws_start_foreach_llp(struct lws **, w, - wsi->h2.child_list) { - lwsl_info(" \\---- child %s %p\n", - (*w)->role_ops ? (*w)->role_ops->name : "?", - *w); - } lws_end_foreach_llp(w, h2.sibling_list); - } - if (wsi->h2.child_list) { - /* trigger closing of all of our http2 children first */ - lws_start_foreach_llp(struct lws **, w, - wsi->h2.child_list) { - lwsl_info(" closing child %p\n", *w); - /* disconnect from siblings */ - wsi2 = (*w)->h2.sibling_list; - (*w)->h2.sibling_list = NULL; - (*w)->socket_is_permanently_unusable = 1; - __lws_close_free_wsi(*w, reason, "h2 child recurse"); - *w = wsi2; - continue; - } lws_end_foreach_llp(w, h2.sibling_list); - } - } - - if (wsi->upgraded_to_http2) { - /* remove pps */ - struct lws_h2_protocol_send *w = wsi->h2.h2n->pps, *w1; - - while (w) { - w1 = w->next; - free(w); - w = w1; - } - wsi->h2.h2n->pps = NULL; - } - - if (( -#if !defined(LWS_NO_CLIENT) - wsi->client_h2_substream || -#endif - wsi->http2_substream) && - wsi->h2.parent_wsi) { - lwsl_info(" %p: disentangling from siblings\n", wsi); - lws_start_foreach_llp(struct lws **, w, - wsi->h2.parent_wsi->h2.child_list) { - /* disconnect from siblings */ - if (*w == wsi) { - wsi2 = (*w)->h2.sibling_list; - (*w)->h2.sibling_list = NULL; - *w = wsi2; - lwsl_info(" %p disentangled from sibling %p\n", - wsi, wsi2); - break; - } - } lws_end_foreach_llp(w, h2.sibling_list); - wsi->h2.parent_wsi->h2.child_count--; - wsi->h2.parent_wsi = NULL; - if (wsi->h2.pending_status_body) - lws_free_set_NULL(wsi->h2.pending_status_body); - } - - if (wsi->h2_stream_carries_ws || wsi->h2_stream_carries_sse) { - struct lws *nwsi = lws_get_network_wsi(wsi); - - nwsi->immortal_substream_count--; - /* if no ws, then put a timeout on the parent wsi */ - if (!nwsi->immortal_substream_count) - __lws_set_timeout(nwsi, - PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE, 31); - } - - return 0; -} - -static int -rops_callback_on_writable_h2(struct lws *wsi) -{ - struct lws *network_wsi, *wsi2; - int already; - - //lwsl_notice("%s: %p (wsistate 0x%x)\n", __func__, wsi, wsi->wsistate); - -// if (!lwsi_role_h2(wsi) && !lwsi_role_h2_ENCAPSULATION(wsi)) -// return 0; - - if (wsi->h2.requested_POLLOUT -#if !defined(LWS_NO_CLIENT) - && !wsi->client_h2_alpn -#endif - ) { - lwsl_debug("already pending writable\n"); - return 1; - } - - /* is this for DATA or for control messages? */ - if (wsi->upgraded_to_http2 && !wsi->h2.h2n->pps && - !lws_h2_tx_cr_get(wsi)) { - /* - * other side is not able to cope with us sending DATA - * anything so no matter if we have POLLOUT on our side if it's - * DATA we want to send. - * - * Delay waiting for our POLLOUT until peer indicates he has - * space for more using tx window command in http2 layer - */ - lwsl_notice("%s: %p: skint (%d)\n", __func__, wsi, - wsi->h2.tx_cr); - wsi->h2.skint = 1; - return 0; - } - - wsi->h2.skint = 0; - network_wsi = lws_get_network_wsi(wsi); - already = network_wsi->h2.requested_POLLOUT; - - /* mark everybody above him as requesting pollout */ - - wsi2 = wsi; - while (wsi2) { - wsi2->h2.requested_POLLOUT = 1; - lwsl_info("mark %p pending writable\n", wsi2); - wsi2 = wsi2->h2.parent_wsi; - } - - /* for network action, act only on the network wsi */ - - if (already -#if !defined(LWS_NO_CLIENT) - && !network_wsi->client_h2_alpn - && !network_wsi->client_h2_substream -#endif - ) - return 1; - - return 0; -} - -static void -lws_h2_dump_waiting_children(struct lws *wsi) -{ -#if defined(_DEBUG) - lwsl_info("%s: %p: children waiting for POLLOUT service:\n", - __func__, wsi); - - wsi = wsi->h2.child_list; - while (wsi) { - lwsl_info(" %c %p %s %s\n", - wsi->h2.requested_POLLOUT ? '*' : ' ', - wsi, wsi->role_ops->name, wsi->protocol->name); - - wsi = wsi->h2.sibling_list; - } -#endif -} - -static int -lws_h2_bind_for_post_before_action(struct lws *wsi) -{ - const char *p; - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD); - if (p && !strcmp(p, "POST")) { - const struct lws_http_mount *hit = - lws_find_mount(wsi, - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_COLON_PATH), - lws_hdr_total_length(wsi, - WSI_TOKEN_HTTP_COLON_PATH)); - - lwsl_debug("%s: %s: hit %p: %s\n", __func__, - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH), - hit, hit ? hit->origin : "null"); - if (hit) { - const struct lws_protocols *pp; - const char *name = hit->origin; - - if (hit->protocol) - name = hit->protocol; - - pp = lws_vhost_name_to_protocol(wsi->vhost, name); - if (!pp) { - lwsl_info("Unable to find protocol '%s'\n", name); - return 1; - } - - if (lws_bind_protocol(wsi, pp, __func__)) - return 1; - } - - lwsl_info("%s: setting LRS_BODY from 0x%x (%s)\n", __func__, - wsi->wsistate, wsi->protocol->name); - lwsi_set_state(wsi, LRS_BODY); - } - - return 0; -} - -/* - * we are the 'network wsi' for potentially many muxed child wsi with - * no network connection of their own, who have to use us for all their - * network actions. So we use a round-robin scheme to share out the - * POLLOUT notifications to our children. - * - * But because any child could exhaust the socket's ability to take - * writes, we can only let one child get notified each time. - * - * In addition children may be closed / deleted / added between POLLOUT - * notifications, so we can't hold pointers - */ - -static int -rops_perform_user_POLLOUT_h2(struct lws *wsi) -{ - struct lws **wsi2, *wsi2a; -#if defined(LWS_ROLE_WS) - int write_type = LWS_WRITE_PONG; -#endif - int n; - - wsi = lws_get_network_wsi(wsi); - - wsi->h2.requested_POLLOUT = 0; - if (!wsi->h2.initialized) { - lwsl_info("pollout on uninitialized http2 conn\n"); - return 0; - } - - lws_h2_dump_waiting_children(wsi); - - wsi2 = &wsi->h2.child_list; - if (!*wsi2) - return 0; - - do { - struct lws *w, **wa; - - wa = &(*wsi2)->h2.sibling_list; - if (!(*wsi2)->h2.requested_POLLOUT) - goto next_child; - - /* - * we're going to do writable callback for this child. - * move him to be the last child - */ - - lwsl_debug("servicing child %p\n", *wsi2); - - w = *wsi2; - while (w) { - if (!w->h2.sibling_list) { /* w is the current last */ - lwsl_debug("w=%p, *wsi2 = %p\n", w, *wsi2); - if (w == *wsi2) /* we are already last */ - break; - /* last points to us as new last */ - w->h2.sibling_list = *wsi2; - /* guy pointing to us until now points to - * our old next */ - *wsi2 = (*wsi2)->h2.sibling_list; - /* we point to nothing because we are last */ - w->h2.sibling_list->h2.sibling_list = NULL; - /* w becomes us */ - w = w->h2.sibling_list; - break; - } - w = w->h2.sibling_list; - } - - if (!w) { - wa = &wsi->h2.child_list; - goto next_child; - } - - w->h2.requested_POLLOUT = 0; - lwsl_info("%s: child %p (wsistate 0x%x)\n", __func__, w, - w->wsistate); - - /* priority 1: post compression-transform buffered output */ - - if (lws_has_buffered_out(w)) { - lwsl_debug("%s: completing partial\n", __func__); - if (lws_issue_raw(w, NULL, 0) < 0) { - lwsl_info("%s signalling to close\n", __func__); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 end stream 1"); - wa = &wsi->h2.child_list; - goto next_child; - } - lws_callback_on_writable(w); - wa = &wsi->h2.child_list; - goto next_child; - } - - /* priority 2: pre compression-transform buffered output */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (w->http.comp_ctx.buflist_comp || - w->http.comp_ctx.may_have_more) { - enum lws_write_protocol wp = LWS_WRITE_HTTP; - - lwsl_info("%s: completing comp partial" - "(buflist_comp %p, may %d)\n", - __func__, w->http.comp_ctx.buflist_comp, - w->http.comp_ctx.may_have_more); - - if (rops_write_role_protocol_h2(w, NULL, 0, &wp) < 0) { - lwsl_info("%s signalling to close\n", __func__); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "comp write fail"); - } - lws_callback_on_writable(w); - wa = &wsi->h2.child_list; - goto next_child; - } -#endif - - /* priority 3: if no buffered out and waiting for that... */ - - if (lwsi_state(w) == LRS_FLUSHING_BEFORE_CLOSE) { - w->socket_is_permanently_unusable = 1; - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 end stream 1"); - wa = &wsi->h2.child_list; - goto next_child; - } - - /* if we arrived here, even by looping, we checked choked */ - w->could_have_pending = 0; - wsi->could_have_pending = 0; - - if (w->h2.pending_status_body) { - w->h2.send_END_STREAM = 1; - n = lws_write(w, (uint8_t *)w->h2.pending_status_body + - LWS_PRE, - strlen(w->h2.pending_status_body + - LWS_PRE), LWS_WRITE_HTTP_FINAL); - lws_free_set_NULL(w->h2.pending_status_body); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 end stream 1"); - wa = &wsi->h2.child_list; - goto next_child; - } - - if (lwsi_state(w) == LRS_H2_WAITING_TO_SEND_HEADERS) { - if (lws_h2_client_handshake(w)) - return -1; - - goto next_child; - } - - if (lwsi_state(w) == LRS_DEFERRING_ACTION) { - - /* - * we had to defer the http_action to the POLLOUT - * handler, because we know it will send something and - * only in the POLLOUT handler do we know for sure - * that there is no partial pending on the network wsi. - */ - - lwsi_set_state(w, LRS_ESTABLISHED); - - lws_h2_bind_for_post_before_action(w); - - lwsl_info(" h2 action start...\n"); - n = lws_http_action(w); - if (n < 0) - lwsl_info (" h2 action result %d\n", n); - else - lwsl_info(" h2 action result %d " - "(wsi->http.rx_content_remain %lld)\n", - n, w->http.rx_content_remain); - - /* - * Commonly we only managed to start a larger transfer - * that will complete asynchronously under its own wsi - * states. In those cases we will hear about - * END_STREAM going out in the POLLOUT handler. - */ - if (n >= 0 && !w->h2.pending_status_body && - (n || w->h2.send_END_STREAM)) { - lwsl_info("closing stream after h2 action\n"); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 end stream"); - wa = &wsi->h2.child_list; - } - - if (n < 0) - wa = &wsi->h2.child_list; - - goto next_child; - } - - if (lwsi_state(w) == LRS_ISSUING_FILE) { - - ((volatile struct lws *)w)->leave_pollout_active = 0; - - /* >0 == completion, <0 == error - * - * We'll get a LWS_CALLBACK_HTTP_FILE_COMPLETION - * callback when it's done. That's the case even if we - * just completed the send, so wait for that. - */ - n = lws_serve_http_file_fragment(w); - lwsl_debug("lws_serve_http_file_fragment says %d\n", n); - - /* - * We will often hear about out having sent the final - * DATA here... if so close the actual wsi - */ - if (n < 0 || w->h2.send_END_STREAM) { - lwsl_debug("Closing POLLOUT child %p\n", w); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 end stream file"); - wa = &wsi->h2.child_list; - goto next_child; - } - if (n > 0) - if (lws_http_transaction_completed(w)) - return -1; - if (!n) { - lws_callback_on_writable(w); - (w)->h2.requested_POLLOUT = 1; - } - - goto next_child; - } - -#if defined(LWS_ROLE_WS) - - /* Notify peer that we decided to close */ - - if (lwsi_role_ws(w) && - lwsi_state(w) == LRS_WAITING_TO_SEND_CLOSE) { - lwsl_debug("sending close packet\n"); - w->waiting_to_send_close_frame = 0; - n = lws_write(w, &w->ws->ping_payload_buf[LWS_PRE], - w->ws->close_in_ping_buffer_len, - LWS_WRITE_CLOSE); - if (n >= 0) { - lwsi_set_state(w, LRS_AWAITING_CLOSE_ACK); - lws_set_timeout(w, PENDING_TIMEOUT_CLOSE_ACK, 5); - lwsl_debug("sent close frame, awaiting ack\n"); - } - - goto next_child; - } - - /* - * Acknowledge receipt of peer's notification he closed, - * then logically close ourself - */ - - if ((lwsi_role_ws(w) && w->ws->ping_pending_flag) || - (lwsi_state(w) == LRS_RETURNED_CLOSE && - w->ws->payload_is_close)) { - - if (w->ws->payload_is_close) - write_type = LWS_WRITE_CLOSE | - LWS_WRITE_H2_STREAM_END; - - n = lws_write(w, &w->ws->ping_payload_buf[LWS_PRE], - w->ws->ping_payload_len, write_type); - if (n < 0) - return -1; - - /* well he is sent, mark him done */ - w->ws->ping_pending_flag = 0; - if (w->ws->payload_is_close) { - /* oh... a close frame... then we are done */ - lwsl_debug("Ack'd peer's close packet\n"); - w->ws->payload_is_close = 0; - lwsi_set_state(w, LRS_RETURNED_CLOSE); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "returned close packet"); - wa = &wsi->h2.child_list; - goto next_child; - } - - lws_callback_on_writable(w); - (w)->h2.requested_POLLOUT = 1; - - /* otherwise for PING, leave POLLOUT active both ways */ - goto next_child; - } -#endif - if (lws_callback_as_writeable(w)) { - lwsl_info("Closing POLLOUT child (end stream %d)\n", - w->h2.send_END_STREAM); - lws_close_free_wsi(w, LWS_CLOSE_STATUS_NOSTATUS, - "h2 pollout handle"); - wa = &wsi->h2.child_list; - } else - if (w->h2.send_END_STREAM) - lws_h2_state(w, LWS_H2_STATE_HALF_CLOSED_LOCAL); - -next_child: - wsi2 = wa; - } while (wsi2 && *wsi2 && !lws_send_pipe_choked(wsi)); - - // lws_h2_dump_waiting_children(wsi); - - wsi2a = wsi->h2.child_list; - while (wsi2a) { - if (wsi2a->h2.requested_POLLOUT) { - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) - return -1; - break; - } - wsi2a = wsi2a->h2.sibling_list; - } - - return 0; -} - -static struct lws * -rops_encapsulation_parent_h2(struct lws *wsi) -{ - if (wsi->h2.parent_wsi) - return wsi->h2.parent_wsi; - - return NULL; -} - -static int -rops_alpn_negotiated_h2(struct lws *wsi, const char *alpn) -{ - struct allocated_headers *ah; - - lwsl_debug("%s: client %d\n", __func__, lwsi_role_client(wsi)); -#if !defined(LWS_NO_CLIENT) - if (lwsi_role_client(wsi)) { - lwsl_info("%s: upgraded to H2\n", __func__); - wsi->client_h2_alpn = 1; - } -#endif - - wsi->upgraded_to_http2 = 1; - wsi->vhost->conn_stats.h2_alpn++; - - /* adopt the header info */ - - ah = wsi->http.ah; - - lws_role_transition(wsi, LWSIFR_SERVER, LRS_H2_AWAIT_PREFACE, - &role_ops_h2); - - /* http2 union member has http union struct at start */ - wsi->http.ah = ah; - - if (!wsi->h2.h2n) - wsi->h2.h2n = lws_zalloc(sizeof(*wsi->h2.h2n), "h2n"); - if (!wsi->h2.h2n) - return 1; - - lws_h2_init(wsi); - - /* HTTP2 union */ - - lws_hpack_dynamic_size(wsi, - wsi->h2.h2n->set.s[H2SET_HEADER_TABLE_SIZE]); - wsi->h2.tx_cr = 65535; - - lwsl_info("%s: wsi %p: configured for h2\n", __func__, wsi); - - return 0; -} - -struct lws_role_ops role_ops_h2 = { - /* role name */ "h2", - /* alpn id */ "h2", - /* check_upgrades */ rops_check_upgrades_h2, - /* init_context */ rops_init_context_h2, - /* init_vhost */ rops_init_vhost_h2, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_h2, - /* handle_POLLOUT */ rops_handle_POLLOUT_h2, - /* perform_user_POLLOUT */ rops_perform_user_POLLOUT_h2, - /* callback_on_writable */ rops_callback_on_writable_h2, - /* tx_credit */ rops_tx_credit_h2, - /* write_role_protocol */ rops_write_role_protocol_h2, - /* encapsulation_parent */ rops_encapsulation_parent_h2, - /* alpn_negotiated */ rops_alpn_negotiated_h2, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ rops_close_kill_connection_h2, - /* destroy_role */ rops_destroy_role_h2, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED, - LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED }, - /* rx cb clnt, srv */ { LWS_CALLBACK_RECEIVE_CLIENT_HTTP, - 0 /* may be POST, etc */ }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_CLIENT_HTTP_WRITEABLE, - LWS_CALLBACK_HTTP_WRITEABLE }, - /* close cb clnt, srv */ { LWS_CALLBACK_CLOSED_CLIENT_HTTP, - LWS_CALLBACK_CLOSED_HTTP }, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_BIND_PROTOCOL, - LWS_CALLBACK_HTTP_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_CLIENT_HTTP_DROP_PROTOCOL, - LWS_CALLBACK_HTTP_DROP_PROTOCOL }, - /* file_handle */ 0, -}; diff --git a/lib/roles/h2/private.h b/lib/roles/h2/private.h deleted file mode 100644 index f649687..0000000 --- a/lib/roles/h2/private.h +++ /dev/null @@ -1,406 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_H2 - */ - -extern struct lws_role_ops role_ops_h2; -#define lwsi_role_h2(wsi) (wsi->role_ops == &role_ops_h2) - -enum lws_h2_settings { - H2SET_HEADER_TABLE_SIZE = 1, - H2SET_ENABLE_PUSH, - H2SET_MAX_CONCURRENT_STREAMS, - H2SET_INITIAL_WINDOW_SIZE, - H2SET_MAX_FRAME_SIZE, - H2SET_MAX_HEADER_LIST_SIZE, - H2SET_RESERVED7, - H2SET_ENABLE_CONNECT_PROTOCOL, /* defined in mcmanus-httpbis-h2-ws-02 */ - - H2SET_COUNT /* always last */ -}; - -struct http2_settings { - uint32_t s[H2SET_COUNT]; -}; - -struct lws_vhost_role_h2 { - struct http2_settings set; -}; - -enum lws_h2_wellknown_frame_types { - LWS_H2_FRAME_TYPE_DATA, - LWS_H2_FRAME_TYPE_HEADERS, - LWS_H2_FRAME_TYPE_PRIORITY, - LWS_H2_FRAME_TYPE_RST_STREAM, - LWS_H2_FRAME_TYPE_SETTINGS, - LWS_H2_FRAME_TYPE_PUSH_PROMISE, - LWS_H2_FRAME_TYPE_PING, - LWS_H2_FRAME_TYPE_GOAWAY, - LWS_H2_FRAME_TYPE_WINDOW_UPDATE, - LWS_H2_FRAME_TYPE_CONTINUATION, - - LWS_H2_FRAME_TYPE_COUNT /* always last */ -}; - -enum lws_h2_flags { - LWS_H2_FLAG_END_STREAM = 1, - LWS_H2_FLAG_END_HEADERS = 4, - LWS_H2_FLAG_PADDED = 8, - LWS_H2_FLAG_PRIORITY = 0x20, - - LWS_H2_FLAG_SETTINGS_ACK = 1, -}; - -enum lws_h2_errors { - H2_ERR_NO_ERROR, /* Graceful shutdown */ - H2_ERR_PROTOCOL_ERROR, /* Protocol error detected */ - H2_ERR_INTERNAL_ERROR, /* Implementation fault */ - H2_ERR_FLOW_CONTROL_ERROR, /* Flow-control limits exceeded */ - H2_ERR_SETTINGS_TIMEOUT, /* Settings not acknowledged */ - H2_ERR_STREAM_CLOSED, /* Frame received for closed stream */ - H2_ERR_FRAME_SIZE_ERROR, /* Frame size incorrect */ - H2_ERR_REFUSED_STREAM, /* Stream not processed */ - H2_ERR_CANCEL, /* Stream cancelled */ - H2_ERR_COMPRESSION_ERROR, /* Compression state not updated */ - H2_ERR_CONNECT_ERROR, /* TCP connection error for CONNECT method */ - H2_ERR_ENHANCE_YOUR_CALM, /* Processing capacity exceeded */ - H2_ERR_INADEQUATE_SECURITY, /* Negotiated TLS parameters not acceptable */ - H2_ERR_HTTP_1_1_REQUIRED, /* Use HTTP/1.1 for the request */ -}; - -enum lws_h2_states { - LWS_H2_STATE_IDLE, - /* - * Send PUSH_PROMISE -> LWS_H2_STATE_RESERVED_LOCAL - * Recv PUSH_PROMISE -> LWS_H2_STATE_RESERVED_REMOTE - * Send HEADERS -> LWS_H2_STATE_OPEN - * Recv HEADERS -> LWS_H2_STATE_OPEN - * - * - Only PUSH_PROMISE + HEADERS valid to send - * - Only HEADERS or PRIORITY valid to receive - */ - LWS_H2_STATE_RESERVED_LOCAL, - /* - * Send RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv RST_STREAM -> LWS_H2_STATE_CLOSED - * Send HEADERS -> LWS_H2_STATE_HALF_CLOSED_REMOTE - * - * - Only HEADERS, RST_STREAM, or PRIORITY valid to send - * - Only RST_STREAM, PRIORITY, or WINDOW_UPDATE valid to receive - */ - LWS_H2_STATE_RESERVED_REMOTE, - /* - * Send RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv HEADERS -> LWS_H2_STATE_HALF_CLOSED_LOCAL - * - * - Only RST_STREAM, WINDOW_UPDATE, or PRIORITY valid to send - * - Only HEADERS, RST_STREAM, or PRIORITY valid to receive - */ - LWS_H2_STATE_OPEN, - /* - * Send RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv RST_STREAM -> LWS_H2_STATE_CLOSED - * Send END_STREAM flag -> LWS_H2_STATE_HALF_CLOSED_LOCAL - * Recv END_STREAM flag -> LWS_H2_STATE_HALF_CLOSED_REMOTE - */ - LWS_H2_STATE_HALF_CLOSED_REMOTE, - /* - * Send RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv RST_STREAM -> LWS_H2_STATE_CLOSED - * Send END_STREAM flag -> LWS_H2_STATE_CLOSED - * - * - Any frame valid to send - * - Only WINDOW_UPDATE, PRIORITY, or RST_STREAM valid to receive - */ - LWS_H2_STATE_HALF_CLOSED_LOCAL, - /* - * Send RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv RST_STREAM -> LWS_H2_STATE_CLOSED - * Recv END_STREAM flag -> LWS_H2_STATE_CLOSED - * - * - Only WINDOW_UPDATE, PRIORITY, and RST_STREAM valid to send - * - Any frame valid to receive - */ - LWS_H2_STATE_CLOSED, - /* - * - Only PRIORITY, WINDOW_UPDATE (IGNORE) and RST_STREAM (IGNORE) - * may be received - * - * - Only PRIORITY valid to send - */ -}; - -void -lws_h2_state(struct lws *wsi, enum lws_h2_states s); - -#define LWS_H2_STREAM_ID_MASTER 0 -#define LWS_H2_SETTINGS_LEN 6 -#define LWS_H2_FLAG_SETTINGS_ACK 1 - -enum http2_hpack_state { - HPKS_TYPE, - - HPKS_IDX_EXT, - - HPKS_HLEN, - HPKS_HLEN_EXT, - - HPKS_DATA, -}; - -/* - * lws general parsimonious header strategy is only store values from known - * headers, and refer to them by index. - * - * That means if we can't map the peer header name to one that lws knows, we - * will drop the content but track the indexing with associated_lws_hdr_idx = - * LWS_HPACK_IGNORE_ENTRY. - */ - -enum http2_hpack_type { - HPKT_INDEXED_HDR_7, /* 1xxxxxxx: just "header field" */ - HPKT_INDEXED_HDR_6_VALUE_INCR, /* 01xxxxxx: NEW indexed hdr with value */ - HPKT_LITERAL_HDR_VALUE_INCR, /* 01000000: NEW literal hdr with value */ - HPKT_INDEXED_HDR_4_VALUE, /* 0000xxxx: indexed hdr with value */ - HPKT_INDEXED_HDR_4_VALUE_NEVER, /* 0001xxxx: indexed hdr with value NEVER NEW */ - HPKT_LITERAL_HDR_VALUE, /* 00000000: literal hdr with value */ - HPKT_LITERAL_HDR_VALUE_NEVER, /* 00010000: literal hdr with value NEVER NEW */ - HPKT_SIZE_5 -}; - -#define LWS_HPACK_IGNORE_ENTRY 0xffff - - -struct hpack_dt_entry { - char *value; /* malloc'd */ - uint16_t value_len; - uint16_t hdr_len; /* virtual, for accounting */ - uint16_t lws_hdr_idx; /* LWS_HPACK_IGNORE_ENTRY = IGNORE */ -}; - -struct hpack_dynamic_table { - struct hpack_dt_entry *entries; /* malloc'd */ - uint32_t virtual_payload_usage; - uint32_t virtual_payload_max; - uint16_t pos; - uint16_t used_entries; - uint16_t num_entries; -}; - -enum lws_h2_protocol_send_type { - LWS_PPS_NONE, - LWS_H2_PPS_MY_SETTINGS, - LWS_H2_PPS_ACK_SETTINGS, - LWS_H2_PPS_PONG, - LWS_H2_PPS_GOAWAY, - LWS_H2_PPS_RST_STREAM, - LWS_H2_PPS_UPDATE_WINDOW, -}; - -struct lws_h2_protocol_send { - struct lws_h2_protocol_send *next; /* linked list */ - enum lws_h2_protocol_send_type type; - - union uu { - struct { - char str[32]; - uint32_t highest_sid; - uint32_t err; - } ga; - struct { - uint32_t sid; - uint32_t err; - } rs; - struct { - uint8_t ping_payload[8]; - } ping; - struct { - uint32_t sid; - uint32_t credit; - } update_window; - } u; -}; - -struct lws_h2_ghost_sid { - struct lws_h2_ghost_sid *next; - uint32_t sid; -}; - -/* - * http/2 connection info that is only used by the root connection that has - * the network connection. - * - * h2 tends to spawn many child connections from one network connection, so - * it's necessary to make members only needed by the network connection - * distinct and only malloc'd on network connections. - * - * There's only one HPACK parser per network connection. - * - * But there is an ah per logical child connection... the network connection - * fills it but it belongs to the logical child. - */ -struct lws_h2_netconn { - struct http2_settings set; - struct hpack_dynamic_table hpack_dyn_table; - uint8_t ping_payload[8]; - uint8_t one_setting[LWS_H2_SETTINGS_LEN]; - char goaway_str[32]; /* for rx */ - struct lws *swsi; - struct lws_h2_protocol_send *pps; /* linked list */ - - enum http2_hpack_state hpack; - enum http2_hpack_type hpack_type; - - unsigned int huff:1; - unsigned int value:1; - unsigned int unknown_header:1; - unsigned int cont_exp:1; - unsigned int cont_exp_headers:1; - unsigned int we_told_goaway:1; - unsigned int pad_length:1; - unsigned int collected_priority:1; - unsigned int is_first_header_char:1; - unsigned int zero_huff_padding:1; - unsigned int last_action_dyntable_resize:1; - - uint32_t hdr_idx; - uint32_t hpack_len; - uint32_t hpack_e_dep; - uint32_t count; - uint32_t preamble; - uint32_t length; - uint32_t sid; - uint32_t inside; - uint32_t highest_sid; - uint32_t highest_sid_opened; - uint32_t cont_exp_sid; - uint32_t dep; - uint32_t goaway_last_sid; - uint32_t goaway_err; - uint32_t hpack_hdr_len; - - uint16_t hpack_pos; - - uint8_t frame_state; - uint8_t type; - uint8_t flags; - uint8_t padding; - uint8_t weight_temp; - uint8_t huff_pad; - char first_hdr_char; - uint8_t hpack_m; - uint8_t ext_count; -}; - -struct _lws_h2_related { - - struct lws_h2_netconn *h2n; /* malloc'd for root net conn */ - struct lws *parent_wsi; - struct lws *child_list; - struct lws *sibling_list; - - char *pending_status_body; - - int tx_cr; - int peer_tx_cr_est; - unsigned int my_sid; - unsigned int child_count; - int my_priority; - uint32_t dependent_on; - - unsigned int END_STREAM:1; - unsigned int END_HEADERS:1; - unsigned int send_END_STREAM:1; - unsigned int GOING_AWAY; - unsigned int requested_POLLOUT:1; - unsigned int skint:1; - - uint16_t round_robin_POLLOUT; - uint16_t count_POLLOUT_children; - - uint8_t h2_state; /* the RFC7540 state of the connection */ - uint8_t weight; - uint8_t initialized; -}; - -#define HTTP2_IS_TOPLEVEL_WSI(wsi) (!wsi->h2.parent_wsi) - -int -lws_h2_rst_stream(struct lws *wsi, uint32_t err, const char *reason); -struct lws * lws_h2_get_nth_child(struct lws *wsi, int n); -LWS_EXTERN void lws_h2_init(struct lws *wsi); -LWS_EXTERN int -lws_h2_settings(struct lws *nwsi, struct http2_settings *settings, - unsigned char *buf, int len); -LWS_EXTERN int -lws_h2_parser(struct lws *wsi, unsigned char *in, lws_filepos_t inlen, - lws_filepos_t *inused); -LWS_EXTERN int -lws_h2_do_pps_send(struct lws *wsi); -LWS_EXTERN int -lws_h2_frame_write(struct lws *wsi, int type, int flags, unsigned int sid, - unsigned int len, unsigned char *buf); -LWS_EXTERN struct lws * -lws_h2_wsi_from_id(struct lws *wsi, unsigned int sid); -LWS_EXTERN int -lws_hpack_interpret(struct lws *wsi, unsigned char c); -LWS_EXTERN int -lws_add_http2_header_by_name(struct lws *wsi, - const unsigned char *name, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end); -LWS_EXTERN int -lws_add_http2_header_by_token(struct lws *wsi, - enum lws_token_indexes token, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end); -LWS_EXTERN int -lws_add_http2_header_status(struct lws *wsi, - unsigned int code, unsigned char **p, - unsigned char *end); -LWS_EXTERN void -lws_hpack_destroy_dynamic_header(struct lws *wsi); -LWS_EXTERN int -lws_hpack_dynamic_size(struct lws *wsi, int size); -LWS_EXTERN int -lws_h2_goaway(struct lws *wsi, uint32_t err, const char *reason); -LWS_EXTERN int -lws_h2_tx_cr_get(struct lws *wsi); -LWS_EXTERN void -lws_h2_tx_cr_consume(struct lws *wsi, int consumed); -LWS_EXTERN int -lws_hdr_extant(struct lws *wsi, enum lws_token_indexes h); -LWS_EXTERN void -lws_pps_schedule(struct lws *wsi, struct lws_h2_protocol_send *pss); - -LWS_EXTERN const struct http2_settings lws_h2_defaults; -LWS_EXTERN int -lws_h2_ws_handshake(struct lws *wsi); -LWS_EXTERN int lws_h2_issue_preface(struct lws *wsi); -LWS_EXTERN int -lws_h2_client_handshake(struct lws *wsi); -LWS_EXTERN struct lws * -lws_wsi_h2_adopt(struct lws *parent_wsi, struct lws *wsi); -int -lws_handle_POLLOUT_event_h2(struct lws *wsi); -int -lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len); diff --git a/lib/roles/http/client/client-handshake.c b/lib/roles/http/client/client-handshake.c deleted file mode 100644 index 1af8ae6..0000000 --- a/lib/roles/http/client/client-handshake.c +++ /dev/null @@ -1,1197 +0,0 @@ -#include "core/private.h" - -static int -lws_getaddrinfo46(struct lws *wsi, const char *ads, struct addrinfo **result) -{ - struct addrinfo hints; - - memset(&hints, 0, sizeof(hints)); - *result = NULL; - - hints.ai_socktype = SOCK_STREAM; - -#ifdef LWS_WITH_IPV6 - if (wsi->ipv6) { - -#if !defined(__ANDROID__) - hints.ai_family = AF_INET6; - hints.ai_flags = AI_V4MAPPED; -#endif - } else -#endif - { - hints.ai_family = PF_UNSPEC; - } - - return getaddrinfo(ads, NULL, &hints, result); -} - - -struct lws * -lws_client_connect_3(struct lws *wsi, struct lws *wsi_piggyback, ssize_t plen) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - const char *meth = NULL; - struct lws_pollfd pfd; - const char *cce = ""; - int n, m, rawish = 0; - - if (wsi->stash) - meth = wsi->stash->method; - else - meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); - - if (meth && !strcmp(meth, "RAW")) - rawish = 1; - - if (wsi_piggyback) - goto send_hs; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - /* we are connected to server, or proxy */ - - /* http proxy */ - if (wsi->vhost->http.http_proxy_port) { - - /* - * OK from now on we talk via the proxy, so connect to that - * - * (will overwrite existing pointer, - * leaving old string/frag there but unreferenced) - */ - if (wsi->stash) { - lws_free(wsi->stash->address); - wsi->stash->address = - lws_strdup(wsi->vhost->http.http_proxy_address); - if (!wsi->stash->address) - goto failed; - } else - if (lws_hdr_simple_create(wsi, - _WSI_TOKEN_CLIENT_PEER_ADDRESS, - wsi->vhost->http.http_proxy_address)) - goto failed; - wsi->c_port = wsi->vhost->http.http_proxy_port; - - n = send(wsi->desc.sockfd, (char *)pt->serv_buf, (int)plen, - MSG_NOSIGNAL); - if (n < 0) { - lwsl_debug("ERROR writing to proxy socket\n"); - cce = "proxy write failed"; - goto failed; - } - - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_PROXY_RESPONSE, - AWAITING_TIMEOUT); - - lwsi_set_state(wsi, LRS_WAITING_PROXY_REPLY); - - return wsi; - } -#endif -#if defined(LWS_WITH_SOCKS5) - /* socks proxy */ - else if (wsi->vhost->socks_proxy_port) { - n = send(wsi->desc.sockfd, (char *)pt->serv_buf, plen, - MSG_NOSIGNAL); - if (n < 0) { - lwsl_debug("ERROR writing socks greeting\n"); - cce = "socks write failed"; - goto failed; - } - - lws_set_timeout(wsi, - PENDING_TIMEOUT_AWAITING_SOCKS_GREETING_REPLY, - AWAITING_TIMEOUT); - - lwsi_set_state(wsi, LRS_WAITING_SOCKS_GREETING_REPLY); - - return wsi; - } -#endif -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -send_hs: - - if (wsi_piggyback && - !lws_dll2_is_detached(&wsi->dll2_cli_txn_queue)) { - /* - * We are pipelining on an already-established connection... - * we can skip tls establishment. - */ - - lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2); - - /* - * we can't send our headers directly, because they have to - * be sent when the parent is writeable. The parent will check - * for anybody on his client transaction queue that is in - * LRS_H1C_ISSUE_HANDSHAKE2, and let them write. - * - * If we are trying to do this too early, before the master - * connection has written his own headers, then it will just - * wait in the queue until it's possible to send them. - */ - lws_callback_on_writable(wsi_piggyback); - lwsl_info("%s: wsi %p: waiting to send hdrs (par state 0x%x)\n", - __func__, wsi, lwsi_state(wsi_piggyback)); - } else { - lwsl_info("%s: wsi %p: %s %s client created own conn (raw %d)\n", - __func__, wsi, wsi->role_ops->name, - wsi->protocol->name, rawish); - - /* we are making our own connection */ - if (!rawish) - lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE); - else { - /* for a method = "RAW" connection, this makes us - * established */ - - /* clear his established timeout */ - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - m = wsi->role_ops->adoption_cb[0]; - if (m) { - n = user_callback_handle_rxflow( - wsi->protocol->callback, wsi, - m, wsi->user_space, NULL, 0); - if (n < 0) { - lwsl_info("LWS_CALLBACK_RAW_PROXY_CLI_ADOPT failed\n"); - goto failed; - } - } - - /* service.c pollout processing wants this */ - wsi->hdr_parsing_completed = 1; - lwsl_info("%s: setting ESTABLISHED\n", __func__); - lwsi_set_state(wsi, LRS_ESTABLISHED); - - return wsi; - } - - /* - * provoke service to issue the handshake directly. - * - * we need to do it this way because in the proxy case, this is - * the next state and executed only if and when we get a good - * proxy response inside the state machine... but notice in - * SSL case this may not have sent anything yet with 0 return, - * and won't until many retries from main loop. To stop that - * becoming endless, cover with a timeout. - */ - - lws_set_timeout(wsi, PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE, - AWAITING_TIMEOUT); - - assert(lws_socket_is_valid(wsi->desc.sockfd)); - - pfd.fd = wsi->desc.sockfd; - pfd.events = LWS_POLLIN; - pfd.revents = LWS_POLLIN; - - n = lws_service_fd(wsi->context, &pfd); - if (n < 0) { - cce = "first service failed"; - goto failed; - } - if (n) /* returns 1 on failure after closing wsi */ - return NULL; - } -#endif - return wsi; - -failed: - lws_inform_client_conn_fail(wsi, (void *)cce, strlen(cce)); - - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "client_connect2"); - - return NULL; -} - -struct lws * -lws_client_connect_2(struct lws *wsi) -{ -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - const char *adsin; - ssize_t plen = 0; -#endif -#if defined(LWS_WITH_UNIX_SOCK) - struct sockaddr_un sau; - char unix_skt = 0; -#endif - int n, port = 0; - const char *cce = "", *iface; - const struct sockaddr *psa; - const char *meth = NULL; - struct addrinfo *result; - const char *ads; - sockaddr46 sa46; - -#ifdef LWS_WITH_IPV6 - char ipv6only = lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY | - LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE); - struct sockaddr_in addr; -#if defined(__ANDROID__) - ipv6only = 0; -#endif -#endif - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (!wsi->http.ah && !wsi->stash) { - cce = "ah was NULL at cc2"; - lwsl_err("%s\n", cce); - goto oom4; - } - - /* we can only piggyback GET or POST */ - - if (wsi->stash) - meth = wsi->stash->method; - else - meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); - - if (meth && strcmp(meth, "GET") && strcmp(meth, "POST")) - goto create_new_conn; - - /* we only pipeline connections that said it was okay */ - - if (!wsi->client_pipeline) - goto create_new_conn; - - /* - * let's take a look first and see if there are any already-active - * client connections we can piggy-back on. - */ - - adsin = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); - - lws_vhost_lock(wsi->vhost); /* ----------------------------------- { */ - - lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1, - lws_dll2_get_head(&wsi->vhost->dll_cli_active_conns_owner)) { - struct lws *w = lws_container_of(d, struct lws, - dll_cli_active_conns); - - lwsl_debug("%s: check %s %s %d %d\n", __func__, adsin, - w->cli_hostname_copy, wsi->c_port, w->c_port); - - if (w != wsi && w->cli_hostname_copy && - !strcmp(adsin, w->cli_hostname_copy) && -#if defined(LWS_WITH_TLS) - (wsi->tls.use_ssl & LCCSCF_USE_SSL) == - (w->tls.use_ssl & LCCSCF_USE_SSL) && -#endif - wsi->c_port == w->c_port) { - - /* someone else is already connected to the right guy */ - - /* do we know for a fact pipelining won't fly? */ - if (w->keepalive_rejected) { - lwsl_info("defeating pipelining due to no " - "keepalive on server\n"); - lws_vhost_unlock(wsi->vhost); /* } ---------- */ - goto create_new_conn; - } -#if defined (LWS_WITH_HTTP2) - /* - * h2: in usable state already: just use it without - * going through the queue - */ - if (w->client_h2_alpn && - (lwsi_state(w) == LRS_H2_WAITING_TO_SEND_HEADERS || - lwsi_state(w) == LRS_ESTABLISHED)) { - - lwsl_info("%s: just join h2 directly\n", - __func__); - - wsi->client_h2_alpn = 1; - lws_wsi_h2_adopt(w, wsi); - lws_vhost_unlock(wsi->vhost); /* } ---------- */ - - return wsi; - } -#endif - - lwsl_info("apply %p to txn queue on %p state 0x%lx\n", - wsi, w, (unsigned long)w->wsistate); - /* - * ...let's add ourselves to his transaction queue... - * we are adding ourselves at the HEAD - */ - lws_dll2_add_head(&wsi->dll2_cli_txn_queue, - &w->dll2_cli_txn_queue_owner); - - /* - * h1: pipeline our headers out on him, - * and wait for our turn at client transaction_complete - * to take over parsing the rx. - */ - lws_vhost_unlock(wsi->vhost); /* } ---------- */ - return lws_client_connect_3(wsi, w, plen); - } - - } lws_end_foreach_dll_safe(d, d1); - - lws_vhost_unlock(wsi->vhost); /* } ---------------------------------- */ - -create_new_conn: -#endif - - /* - * clients who will create their own fresh connection keep a copy of - * the hostname they originally connected to, in case other connections - * want to use it too - */ - - if (!wsi->cli_hostname_copy) { - if (wsi->stash) - wsi->cli_hostname_copy = lws_strdup(wsi->stash->host); - else { - char *pa = lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_PEER_ADDRESS); - if (pa) - wsi->cli_hostname_copy = lws_strdup(pa); - } - } - - /* - * If we made our own connection, and we're doing a method that can take - * a pipeline, we are an "active client connection". - * - * Add ourselves to the vhost list of those so that others can - * piggyback on our transaction queue - */ - - if (meth && (!strcmp(meth, "GET") || !strcmp(meth, "POST")) && - lws_dll2_is_detached(&wsi->dll2_cli_txn_queue) && - lws_dll2_is_detached(&wsi->dll_cli_active_conns)) { - lws_vhost_lock(wsi->vhost); - /* caution... we will have to unpick this on oom4 path */ - lws_dll2_add_head(&wsi->dll_cli_active_conns, - &wsi->vhost->dll_cli_active_conns_owner); - lws_vhost_unlock(wsi->vhost); - } - - /* - * unix socket destination? - */ - - if (wsi->stash) - ads = wsi->stash->address; - else - ads = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); -#if defined(LWS_WITH_UNIX_SOCK) - if (*ads == '+') { - ads++; - memset(&sau, 0, sizeof(sau)); - sau.sun_family = AF_UNIX; - strncpy(sau.sun_path, ads, sizeof(sau.sun_path)); - sau.sun_path[sizeof(sau.sun_path) - 1] = '\0'; - - lwsl_info("%s: Unix skt: %s\n", __func__, ads); - - if (sau.sun_path[0] == '@') - sau.sun_path[0] = '\0'; - - unix_skt = 1; - goto ads_known; - } -#endif - - /* - * start off allowing ipv6 on connection if vhost allows it - */ - wsi->ipv6 = LWS_IPV6_ENABLED(wsi->vhost); -#ifdef LWS_WITH_IPV6 - if (wsi->stash) - iface = wsi->stash->iface; - else - iface = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_IFACE); - - if (wsi->ipv6 && iface && - inet_pton(AF_INET, iface, &addr.sin_addr) == 1) { - lwsl_notice("%s: client connection forced to IPv4\n", __func__); - wsi->ipv6 = 0; - } -#endif - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - - /* Decide what it is we need to connect to: - * - * Priority 1: connect to http proxy */ - - if (wsi->vhost->http.http_proxy_port) { - - lwsl_info("%s: going via proxy\n", __func__); - - plen = lws_snprintf((char *)pt->serv_buf, 256, - "CONNECT %s:%u HTTP/1.0\x0d\x0a" - "Host: %s:%u\x0d\x0a" - "User-agent: libwebsockets\x0d\x0a", - ads, wsi->ocport, ads, wsi->ocport); - - if (wsi->vhost->proxy_basic_auth_token[0]) - plen += lws_snprintf((char *)pt->serv_buf + plen, 256, - "Proxy-authorization: basic %s\x0d\x0a", - wsi->vhost->proxy_basic_auth_token); - - plen += lws_snprintf((char *)pt->serv_buf + plen, 5, "\x0d\x0a"); - ads = wsi->vhost->http.http_proxy_address; - port = wsi->vhost->http.http_proxy_port; -#else - if (0) { -#endif - -#if defined(LWS_WITH_SOCKS5) - - /* Priority 2: Connect to SOCK5 Proxy */ - - } else if (wsi->vhost->socks_proxy_port) { - if (socks_generate_msg(wsi, SOCKS_MSG_GREETING, &plen)) { - cce = "socks msg too large"; - goto oom4; - } - - lwsl_client("Sending SOCKS Greeting\n"); - ads = wsi->vhost->socks_proxy_address; - port = wsi->vhost->socks_proxy_port; -#endif - } else { - - /* Priority 3: Connect directly */ - - /* ads already set */ - port = wsi->c_port; - } - - /* - * prepare the actual connection - * to whatever we decided to connect to - */ - - lwsl_info("%s: %p: address %s:%u\n", __func__, wsi, ads, port); - - n = lws_getaddrinfo46(wsi, ads, &result); - memset(&sa46, 0, sizeof(sa46)); -#ifdef LWS_WITH_IPV6 - if (wsi->ipv6) { - struct sockaddr_in6 *sa6; - - if (n || !result) { - /* lws_getaddrinfo46 failed, there is no usable result */ - lwsl_notice("%s: lws_getaddrinfo46 failed %d\n", - __func__, n); - cce = "ipv6 lws_getaddrinfo46 failed"; - goto oom4; - } - - sa6 = ((struct sockaddr_in6 *)result->ai_addr); - sa46.sa6.sin6_family = AF_INET6; - switch (result->ai_family) { - case AF_INET: - if (ipv6only) - break; - /* map IPv4 to IPv6 */ - memset((char *)&sa46.sa6.sin6_addr, 0, - sizeof(sa46.sa6.sin6_addr)); - sa46.sa6.sin6_addr.s6_addr[10] = 0xff; - sa46.sa6.sin6_addr.s6_addr[11] = 0xff; - memcpy(&sa46.sa6.sin6_addr.s6_addr[12], - &((struct sockaddr_in *)result->ai_addr)->sin_addr, - sizeof(struct in_addr)); - lwsl_notice("uplevelling AF_INET to AF_INET6\n"); - break; - - case AF_INET6: - memcpy(&sa46.sa6.sin6_addr, &sa6->sin6_addr, - sizeof(struct in6_addr)); - sa46.sa6.sin6_scope_id = sa6->sin6_scope_id; - sa46.sa6.sin6_flowinfo = sa6->sin6_flowinfo; - break; - default: - lwsl_err("Unknown address family\n"); - freeaddrinfo(result); - cce = "unknown address family"; - goto oom4; - } - } else -#endif /* use ipv6 */ - - /* use ipv4 */ - { - void *p = NULL; - - if (!n) { - struct addrinfo *res = result; - - /* pick the first AF_INET (IPv4) result */ - - while (!p && res) { - switch (res->ai_family) { - case AF_INET: - p = &((struct sockaddr_in *)res->ai_addr)->sin_addr; - break; - } - - res = res->ai_next; - } -#if defined(LWS_FALLBACK_GETHOSTBYNAME) - } else if (n == EAI_SYSTEM) { - struct hostent *host; - - lwsl_info("ipv4 getaddrinfo err, try gethostbyname\n"); - host = gethostbyname(ads); - if (host) { - p = host->h_addr; - } else { - lwsl_err("gethostbyname failed\n"); - cce = "gethostbyname (ipv4) failed"; - goto oom4; - } -#endif - } else { - lwsl_err("getaddrinfo failed: %d\n", n); - cce = "getaddrinfo failed"; - goto oom4; - } - - if (!p) { - if (result) - freeaddrinfo(result); - lwsl_err("Couldn't identify address\n"); - cce = "unable to lookup address"; - goto oom4; - } - - sa46.sa4.sin_family = AF_INET; - sa46.sa4.sin_addr = *((struct in_addr *)p); - memset(&sa46.sa4.sin_zero, 0, sizeof(sa46.sa4.sin_zero)); - } - - if (result) - freeaddrinfo(result); - -#if defined(LWS_WITH_UNIX_SOCK) -ads_known: -#endif - - /* now we decided on ipv4 or ipv6, set the port */ - - if (!lws_socket_is_valid(wsi->desc.sockfd)) { - - if (wsi->context->event_loop_ops->check_client_connect_ok && - wsi->context->event_loop_ops->check_client_connect_ok(wsi)) { - cce = "waiting for event loop watcher to close"; - goto oom4; - } - -#if defined(LWS_WITH_UNIX_SOCK) - if (unix_skt) { - wsi->unix_skt = 1; - wsi->desc.sockfd = socket(AF_UNIX, SOCK_STREAM, 0); - } else -#endif - { - -#ifdef LWS_WITH_IPV6 - if (wsi->ipv6) - wsi->desc.sockfd = socket(AF_INET6, SOCK_STREAM, 0); - else -#endif - wsi->desc.sockfd = socket(AF_INET, SOCK_STREAM, 0); - } - - if (!lws_socket_is_valid(wsi->desc.sockfd)) { - lwsl_warn("Unable to open socket\n"); - cce = "unable to open socket"; - goto oom4; - } - - if (lws_plat_set_socket_options(wsi->vhost, wsi->desc.sockfd, -#if defined(LWS_WITH_UNIX_SOCK) - unix_skt)) { -#else - 0)) { -#endif - lwsl_err("Failed to set wsi socket options\n"); - compatible_close(wsi->desc.sockfd); - cce = "set socket opts failed"; - goto oom4; - } - - lwsi_set_state(wsi, LRS_WAITING_CONNECT); - -#if !defined(LWS_AMAZON_RTOS) - if (wsi->context->event_loop_ops->accept) - if (wsi->context->event_loop_ops->accept(wsi)) { - compatible_close(wsi->desc.sockfd); - cce = "event loop accept failed"; - goto oom4; - } -#endif - - if (__insert_wsi_socket_into_fds(wsi->context, wsi)) { - compatible_close(wsi->desc.sockfd); - cce = "insert wsi failed"; - goto oom4; - } - - if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { - compatible_close(wsi->desc.sockfd); - cce = "change_pollfd failed"; - goto oom4; - } - - /* - * past here, we can't simply free the structs as error - * handling as oom4 does. We have to run the whole close flow. - */ - - if (!wsi->protocol) - wsi->protocol = &wsi->vhost->protocols[0]; - - wsi->protocol->callback(wsi, LWS_CALLBACK_WSI_CREATE, - wsi->user_space, NULL, 0); - - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CONNECT_RESPONSE, - AWAITING_TIMEOUT); - - if (wsi->stash) - iface = wsi->stash->iface; - else - iface = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_IFACE); - - if (iface) { - n = lws_socket_bind(wsi->vhost, wsi->desc.sockfd, 0, - iface, wsi->ipv6); - if (n < 0) { - cce = "unable to bind socket"; - goto failed; - } - } - } - -#if defined(LWS_WITH_UNIX_SOCK) - if (unix_skt) { - psa = (const struct sockaddr *)&sau; - n = sizeof(sau); - } else -#endif - - { -#ifdef LWS_WITH_IPV6 - if (wsi->ipv6) { - sa46.sa6.sin6_port = htons(port); - n = sizeof(struct sockaddr_in6); - psa = (const struct sockaddr *)&sa46; - } else -#endif - { - sa46.sa4.sin_port = htons(port); - n = sizeof(struct sockaddr); - psa = (const struct sockaddr *)&sa46; - } - } - - if (connect(wsi->desc.sockfd, (const struct sockaddr *)psa, n) == -1 || - LWS_ERRNO == LWS_EISCONN) { - if (LWS_ERRNO == LWS_EALREADY || - LWS_ERRNO == LWS_EINPROGRESS || - LWS_ERRNO == LWS_EWOULDBLOCK -#ifdef _WIN32 - || LWS_ERRNO == WSAEINVAL -#endif - ) { - lwsl_client("nonblocking connect retry (errno = %d)\n", - LWS_ERRNO); - - if (lws_plat_check_connection_error(wsi)) { - cce = "socket connect failed"; - goto failed; - } - - /* - * must do specifically a POLLOUT poll to hear - * about the connect completion - */ - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { - cce = "POLLOUT set failed"; - goto failed; - } - - return wsi; - } - - if (LWS_ERRNO != LWS_EISCONN) { - lwsl_notice("Connect failed errno=%d\n", LWS_ERRNO); - cce = "connect failed"; - goto failed; - } - } - - - - return lws_client_connect_3(wsi, NULL, plen); - - -oom4: - if (lwsi_role_client(wsi) && wsi->protocol /* && lwsi_state_est(wsi) */) - lws_inform_client_conn_fail(wsi,(void *)cce, strlen(cce)); - - /* take care that we might be inserted in fds already */ - if (wsi->position_in_fds_table != LWS_NO_FDS_POS) - goto failed1; - - /* - * We can't be an active client connection any more, if we thought - * that was what we were going to be doing. It should be if we are - * failing by oom4 path, we are still called by - * lws_client_connect_via_info() and will be returning NULL to that, - * so nobody else should have had a chance to queue on us. - */ - { - struct lws_vhost *vhost = wsi->vhost; - - lws_vhost_lock(vhost); - __lws_free_wsi(wsi); - lws_vhost_unlock(vhost); - } - - return NULL; - -failed: - lws_inform_client_conn_fail(wsi, (void *)cce, strlen(cce)); - -failed1: - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "client_connect2"); - - return NULL; -} - - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - -/** - * lws_client_reset() - retarget a connected wsi to start over with a new - * connection (ie, redirect) - * this only works if still in HTTP, ie, not upgraded yet - * wsi: connection to reset - * address: network address of the new server - * port: port to connect to - * path: uri path to connect to on the new server - * host: host header to send to the new server - */ -LWS_VISIBLE struct lws * -lws_client_reset(struct lws **pwsi, int ssl, const char *address, int port, - const char *path, const char *host) -{ - char origin[300] = "", protocol[300] = "", method[32] = "", - iface[16] = "", alpn[32] = "", *p; - struct lws *wsi; - - if (!pwsi) - return NULL; - - wsi = *pwsi; - - if (wsi->redirects == 3) { - lwsl_err("%s: Too many redirects\n", __func__); - return NULL; - } - wsi->redirects++; - - p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN); - if (p) - lws_strncpy(origin, p, sizeof(origin)); - - p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); - if (p) - lws_strncpy(protocol, p, sizeof(protocol)); - - p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); - if (p) - lws_strncpy(method, p, sizeof(method)); - - p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_IFACE); - if (p) - lws_strncpy(iface, p, sizeof(iface)); - - p = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ALPN); - if (p) - lws_strncpy(alpn, p, sizeof(alpn)); - - if (!port) { - port = 443; - ssl = 1; - } - - lwsl_info("redirect ads='%s', port=%d, path='%s', ssl = %d\n", - address, port, path, ssl); - - /* close the connection by hand */ - -#if defined(LWS_WITH_TLS) - lws_ssl_close(wsi); -#endif - - __remove_wsi_socket_from_fds(wsi); - - if (wsi->context->event_loop_ops->close_handle_manually) - wsi->context->event_loop_ops->close_handle_manually(wsi); - else - compatible_close(wsi->desc.sockfd); - -#if defined(LWS_WITH_TLS) - wsi->tls.use_ssl = ssl; -#else - if (ssl) { - lwsl_err("%s: not configured for ssl\n", __func__); - return NULL; - } -#endif - - wsi->desc.sockfd = LWS_SOCK_INVALID; - lwsi_set_state(wsi, LRS_UNCONNECTED); - // wsi->protocol = NULL; - wsi->pending_timeout = NO_PENDING_TIMEOUT; - wsi->c_port = port; - wsi->hdr_parsing_completed = 0; - _lws_header_table_reset(wsi->http.ah); - - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, address)) - return NULL; - - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_HOST, host)) - return NULL; - - if (origin[0]) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ORIGIN, - origin)) - return NULL; - if (protocol[0]) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, - protocol)) - return NULL; - if (method[0]) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_METHOD, - method)) - return NULL; - - if (iface[0]) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_IFACE, - iface)) - return NULL; - if (alpn[0]) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ALPN, - alpn)) - return NULL; - - origin[0] = '/'; - strncpy(&origin[1], path, sizeof(origin) - 2); - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_URI, origin)) - return NULL; - - *pwsi = lws_client_connect_2(wsi); - - return *pwsi; -} - -#if defined(LWS_WITH_HTTP_PROXY) && defined(LWS_WITH_HUBBUB) -hubbub_error -html_parser_cb(const hubbub_token *token, void *pw) -{ - struct lws_rewrite *r = (struct lws_rewrite *)pw; - char buf[1024], *start = buf + LWS_PRE, *p = start, - *end = &buf[sizeof(buf) - 1]; - size_t i; - - switch (token->type) { - case HUBBUB_TOKEN_DOCTYPE: - - p += lws_snprintf(p, end - p, "data.doctype.name.len, - token->data.doctype.name.ptr, - token->data.doctype.force_quirks ? - "(force-quirks) " : ""); - - if (token->data.doctype.public_missing) - lwsl_debug("\tpublic: missing\n"); - else - p += lws_snprintf(p, end - p, "PUBLIC \"%.*s\"\n", - (int) token->data.doctype.public_id.len, - token->data.doctype.public_id.ptr); - - if (token->data.doctype.system_missing) - lwsl_debug("\tsystem: missing\n"); - else - p += lws_snprintf(p, end - p, " \"%.*s\">\n", - (int) token->data.doctype.system_id.len, - token->data.doctype.system_id.ptr); - - break; - case HUBBUB_TOKEN_START_TAG: - p += lws_snprintf(p, end - p, "<%.*s", (int)token->data.tag.name.len, - token->data.tag.name.ptr); - -/* (token->data.tag.self_closing) ? - "(self-closing) " : "", - (token->data.tag.n_attributes > 0) ? - "attributes:" : ""); -*/ - for (i = 0; i < token->data.tag.n_attributes; i++) { - if (!hstrcmp(&token->data.tag.attributes[i].name, "href", 4) || - !hstrcmp(&token->data.tag.attributes[i].name, "action", 6) || - !hstrcmp(&token->data.tag.attributes[i].name, "src", 3)) { - const char *pp = (const char *)token->data.tag.attributes[i].value.ptr; - int plen = (int) token->data.tag.attributes[i].value.len; - - if (strncmp(pp, "http:", 5) && strncmp(pp, "https:", 6)) { - - if (!hstrcmp(&token->data.tag.attributes[i].value, - r->from, r->from_len)) { - pp += r->from_len; - plen -= r->from_len; - } - p += lws_snprintf(p, end - p, " %.*s=\"%s/%.*s\"", - (int) token->data.tag.attributes[i].name.len, - token->data.tag.attributes[i].name.ptr, - r->to, plen, pp); - continue; - } - } - - p += lws_snprintf(p, end - p, " %.*s=\"%.*s\"", - (int) token->data.tag.attributes[i].name.len, - token->data.tag.attributes[i].name.ptr, - (int) token->data.tag.attributes[i].value.len, - token->data.tag.attributes[i].value.ptr); - } - p += lws_snprintf(p, end - p, ">"); - break; - case HUBBUB_TOKEN_END_TAG: - p += lws_snprintf(p, end - p, "data.tag.name.len, - token->data.tag.name.ptr); -/* - (token->data.tag.self_closing) ? - "(self-closing) " : "", - (token->data.tag.n_attributes > 0) ? - "attributes:" : ""); -*/ - for (i = 0; i < token->data.tag.n_attributes; i++) { - p += lws_snprintf(p, end - p, " %.*s='%.*s'\n", - (int) token->data.tag.attributes[i].name.len, - token->data.tag.attributes[i].name.ptr, - (int) token->data.tag.attributes[i].value.len, - token->data.tag.attributes[i].value.ptr); - } - p += lws_snprintf(p, end - p, ">"); - break; - case HUBBUB_TOKEN_COMMENT: - p += lws_snprintf(p, end - p, "\n", - (int) token->data.comment.len, - token->data.comment.ptr); - break; - case HUBBUB_TOKEN_CHARACTER: - if (token->data.character.len == 1) { - if (*token->data.character.ptr == '<') { - p += lws_snprintf(p, end - p, "<"); - break; - } - if (*token->data.character.ptr == '>') { - p += lws_snprintf(p, end - p, ">"); - break; - } - if (*token->data.character.ptr == '&') { - p += lws_snprintf(p, end - p, "&"); - break; - } - } - - p += lws_snprintf(p, end - p, "%.*s", (int) token->data.character.len, - token->data.character.ptr); - break; - case HUBBUB_TOKEN_EOF: - p += lws_snprintf(p, end - p, "\n"); - break; - } - - if (r->wsi->protocol_bind_balance && - user_callback_handle_rxflow(r->wsi->protocol->callback, - r->wsi, LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ, - r->wsi->user_space, start, p - start)) - return -1; - - return HUBBUB_OK; -} -#endif - -#endif - -struct lws * -lws_http_client_connect_via_info2(struct lws *wsi) -{ - struct client_info_stash *stash = wsi->stash; - - lwsl_debug("%s: %p (stash %p)\n", __func__, wsi, stash); - - if (!stash) - return wsi; - - wsi->opaque_user_data = wsi->stash->opaque_user_data; - - if (stash->method && !strcmp(stash->method, "RAW")) - goto no_ah; - - /* - * we're not necessarily in a position to action these right away, - * stash them... we only need during connect phase so into a temp - * allocated stash - */ - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS, - stash->address)) - goto bail1; - - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_URI, stash->path)) - goto bail1; - - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_HOST, stash->host)) - goto bail1; - - if (stash->origin) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ORIGIN, - stash->origin)) - goto bail1; - /* - * this is a list of protocols we tell the server we're okay with - * stash it for later when we compare server response with it - */ - if (stash->protocol) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS, - stash->protocol)) - goto bail1; - if (stash->method) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_METHOD, - stash->method)) - goto bail1; - if (stash->iface) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_IFACE, - stash->iface)) - goto bail1; - if (stash->alpn) - if (lws_hdr_simple_create(wsi, _WSI_TOKEN_CLIENT_ALPN, - stash->alpn)) - goto bail1; - -#if defined(LWS_WITH_SOCKS5) - if (!wsi->vhost->socks_proxy_port) - lws_client_stash_destroy(wsi); -#endif - -no_ah: - wsi->context->count_wsi_allocated++; - - return lws_client_connect_2(wsi); - -bail1: -#if defined(LWS_WITH_SOCKS5) - if (!wsi->vhost->socks_proxy_port) - lws_free_set_NULL(wsi->stash); -#endif - - return NULL; -} - -#if defined(LWS_WITH_SOCKS5) -int -socks_generate_msg(struct lws *wsi, enum socks_msg_type type, ssize_t *msg_len) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - uint8_t *p = pt->serv_buf, *end = &p[context->pt_serv_buf_size]; - ssize_t n, passwd_len; - short net_num; - char *cp; - - switch (type) { - case SOCKS_MSG_GREETING: - if (lws_ptr_diff(end, p) < 4) - return 1; - /* socks version, version 5 only */ - *p++ = SOCKS_VERSION_5; - /* number of methods */ - *p++ = 2; - /* username password method */ - *p++ = SOCKS_AUTH_USERNAME_PASSWORD; - /* no authentication method */ - *p++ = SOCKS_AUTH_NO_AUTH; - break; - - case SOCKS_MSG_USERNAME_PASSWORD: - n = strlen(wsi->vhost->socks_user); - passwd_len = strlen(wsi->vhost->socks_password); - - if (n > 254 || passwd_len > 254) - return 1; - - if (lws_ptr_diff(end, p) < 3 + n + passwd_len) - return 1; - - /* the subnegotiation version */ - *p++ = SOCKS_SUBNEGOTIATION_VERSION_1; - - /* length of the user name */ - *p++ = n; - /* user name */ - memcpy(p, wsi->vhost->socks_user, n); - p += n; - - /* length of the password */ - *p++ = passwd_len; - - /* password */ - memcpy(p, wsi->vhost->socks_password, passwd_len); - p += passwd_len; - break; - - case SOCKS_MSG_CONNECT: - n = strlen(wsi->stash->address); - - if (n > 254 || lws_ptr_diff(end, p) < 5 + n + 2) - return 1; - - cp = (char *)&net_num; - - /* socks version */ - *p++ = SOCKS_VERSION_5; - /* socks command */ - *p++ = SOCKS_COMMAND_CONNECT; - /* reserved */ - *p++ = 0; - /* address type */ - *p++ = SOCKS_ATYP_DOMAINNAME; - /* length of ---> */ - *p++ = n; - - /* the address we tell SOCKS proxy to connect to */ - memcpy(p, wsi->stash->address, n); - p += n; - - net_num = htons(wsi->c_port); - - /* the port we tell SOCKS proxy to connect to */ - *p++ = cp[0]; - *p++ = cp[1]; - - break; - - default: - return 1; - } - - *msg_len = lws_ptr_diff(p, pt->serv_buf); - - return 0; -} -#endif diff --git a/lib/roles/http/client/client.c b/lib/roles/http/client/client.c deleted file mode 100644 index c168fa0..0000000 --- a/lib/roles/http/client/client.c +++ /dev/null @@ -1,1337 +0,0 @@ -/* - * libwebsockets - lib/client/client.c - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -LWS_VISIBLE LWS_EXTERN void -lws_client_http_body_pending(struct lws *wsi, int something_left_to_send) -{ - wsi->client_http_body_pending = !!something_left_to_send; -} - -/* - * return self, or queued client wsi we are acting on behalf of - * - * That is the TAIL of the queue (new queue elements are added at the HEAD) - */ - -struct lws * -lws_client_wsi_effective(struct lws *wsi) -{ - struct lws_dll2 *tail = lws_dll2_get_tail(&wsi->dll2_cli_txn_queue_owner); - - if (!wsi->transaction_from_pipeline_queue || !tail) - return wsi; - - return lws_container_of(tail, struct lws, dll2_cli_txn_queue); -} - -/* - * return self or the guy we are queued under - * - * REQUIRES VHOST LOCK HELD - */ - -static struct lws * -_lws_client_wsi_master(struct lws *wsi) -{ - struct lws_dll2_owner *o = wsi->dll2_cli_txn_queue.owner; - - if (!o) - return wsi; - - return lws_container_of(o, struct lws, dll2_cli_txn_queue_owner); -} - -int -lws_client_socket_service(struct lws *wsi, struct lws_pollfd *pollfd, - struct lws *wsi_conn) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - char *p = (char *)&pt->serv_buf[0]; - struct lws *w; -#if defined(LWS_WITH_TLS) - char ebuf[128]; -#endif - const char *cce = NULL; -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - ssize_t len = 0; - unsigned char c; -#endif - char *sb = p; - int n = 0; -#if defined(LWS_WITH_SOCKS5) - int conn_mode = 0, pending_timeout = 0; -#endif - - if ((pollfd->revents & LWS_POLLOUT) && - wsi->keepalive_active && - wsi->dll2_cli_txn_queue_owner.head) { - struct lws *wfound = NULL; - - lwsl_debug("%s: pollout HANDSHAKE2\n", __func__); - - /* - * We have a transaction queued that wants to pipeline. - * - * We have to allow it to send headers strictly in the order - * that it was queued, ie, tail-first. - */ - lws_vhost_lock(wsi->vhost); - lws_start_foreach_dll_safe(struct lws_dll2 *, d, d1, - wsi->dll2_cli_txn_queue_owner.head) { - struct lws *w = lws_container_of(d, struct lws, - dll2_cli_txn_queue); - - lwsl_debug("%s: %p states 0x%lx\n", __func__, w, - (unsigned long)w->wsistate); - if (lwsi_state(w) == LRS_H1C_ISSUE_HANDSHAKE2) - wfound = w; - } lws_end_foreach_dll_safe(d, d1); - - if (wfound) { - /* - * pollfd has the master sockfd in it... we - * need to use that in HANDSHAKE2 to understand - * which wsi to actually write on - */ - if (lws_client_socket_service(wfound, pollfd, wsi) < 0) { - /* closed */ - - lws_vhost_unlock(wsi->vhost); - - return -1; - } - - lws_callback_on_writable(wsi); - } else - lwsl_debug("%s: didn't find anything in txn q in HS2\n", - __func__); - - lws_vhost_unlock(wsi->vhost); - - return 0; - } - - switch (lwsi_state(wsi)) { - - case LRS_WAITING_CONNECT: - - /* - * we are under PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE - * timeout protection set in client-handshake.c - */ - - if (!lws_client_connect_2(wsi)) { - /* closed */ - lwsl_client("closed\n"); - return -1; - } - - /* either still pending connection, or changed mode */ - return 0; - -#if defined(LWS_WITH_SOCKS5) - /* SOCKS Greeting Reply */ - case LRS_WAITING_SOCKS_GREETING_REPLY: - case LRS_WAITING_SOCKS_AUTH_REPLY: - case LRS_WAITING_SOCKS_CONNECT_REPLY: - - /* handle proxy hung up on us */ - - if (pollfd->revents & LWS_POLLHUP) { - lwsl_warn("SOCKS connection %p (fd=%d) dead\n", - (void *)wsi, pollfd->fd); - cce = "socks conn dead"; - goto bail3; - } - - n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); - if (n < 0) { - if (LWS_ERRNO == LWS_EAGAIN) { - lwsl_debug("SOCKS read EAGAIN, retrying\n"); - return 0; - } - lwsl_err("ERROR reading from SOCKS socket\n"); - cce = "socks recv fail"; - goto bail3; - } - - switch (lwsi_state(wsi)) { - - case LRS_WAITING_SOCKS_GREETING_REPLY: - if (pt->serv_buf[0] != SOCKS_VERSION_5) - goto socks_reply_fail; - - if (pt->serv_buf[1] == SOCKS_AUTH_NO_AUTH) { - lwsl_client("SOCKS GR: No Auth Method\n"); - if (socks_generate_msg(wsi, SOCKS_MSG_CONNECT, &len)) - goto socks_send_msg_fail; - conn_mode = LRS_WAITING_SOCKS_CONNECT_REPLY; - pending_timeout = - PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY; - goto socks_send; - } - - if (pt->serv_buf[1] == SOCKS_AUTH_USERNAME_PASSWORD) { - lwsl_client("SOCKS GR: User/Pw Method\n"); - if (socks_generate_msg(wsi, - SOCKS_MSG_USERNAME_PASSWORD, - &len)) - goto socks_send_msg_fail; - conn_mode = LRS_WAITING_SOCKS_AUTH_REPLY; - pending_timeout = - PENDING_TIMEOUT_AWAITING_SOCKS_AUTH_REPLY; - goto socks_send; - } - goto socks_reply_fail; - - case LRS_WAITING_SOCKS_AUTH_REPLY: - if (pt->serv_buf[0] != SOCKS_SUBNEGOTIATION_VERSION_1 || - pt->serv_buf[1] != - SOCKS_SUBNEGOTIATION_STATUS_SUCCESS) - goto socks_reply_fail; - - lwsl_client("SOCKS password OK, sending connect\n"); - if (socks_generate_msg(wsi, SOCKS_MSG_CONNECT, &len)) { -socks_send_msg_fail: - cce = "socks gen msg fail"; - goto bail3; - } - conn_mode = LRS_WAITING_SOCKS_CONNECT_REPLY; - pending_timeout = - PENDING_TIMEOUT_AWAITING_SOCKS_CONNECT_REPLY; -socks_send: - n = send(wsi->desc.sockfd, (char *)pt->serv_buf, len, - MSG_NOSIGNAL); - if (n < 0) { - lwsl_debug("ERROR writing to socks proxy\n"); - cce = "socks write fail"; - goto bail3; - } - - lws_set_timeout(wsi, pending_timeout, AWAITING_TIMEOUT); - lwsi_set_state(wsi, conn_mode); - break; - -socks_reply_fail: - lwsl_notice("socks reply: v%d, err %d\n", - pt->serv_buf[0], pt->serv_buf[1]); - cce = "socks reply fail"; - goto bail3; - - case LRS_WAITING_SOCKS_CONNECT_REPLY: - if (pt->serv_buf[0] != SOCKS_VERSION_5 || - pt->serv_buf[1] != SOCKS_REQUEST_REPLY_SUCCESS) - goto socks_reply_fail; - - lwsl_client("socks connect OK\n"); - - /* free stash since we are done with it */ - lws_client_stash_destroy(wsi); - if (lws_hdr_simple_create(wsi, - _WSI_TOKEN_CLIENT_PEER_ADDRESS, - wsi->vhost->socks_proxy_address)) { - cce = "socks connect fail"; - goto bail3; - } - - wsi->c_port = wsi->vhost->socks_proxy_port; - - /* clear his proxy connection timeout */ - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - goto start_ws_handshake; - default: - break; - } - break; -#endif - - case LRS_WAITING_PROXY_REPLY: - - /* handle proxy hung up on us */ - - if (pollfd->revents & LWS_POLLHUP) { - - lwsl_warn("Proxy connection %p (fd=%d) dead\n", - (void *)wsi, pollfd->fd); - - cce = "proxy conn dead"; - goto bail3; - } - - n = recv(wsi->desc.sockfd, sb, context->pt_serv_buf_size, 0); - if (n < 0) { - if (LWS_ERRNO == LWS_EAGAIN) { - lwsl_debug("Proxy read EAGAIN... retrying\n"); - return 0; - } - lwsl_err("ERROR reading from proxy socket\n"); - cce = "proxy read err"; - goto bail3; - } - - pt->serv_buf[13] = '\0'; - if (n < 13 || (strncmp(sb, "HTTP/1.0 200 ", 13) && - strncmp(sb, "HTTP/1.1 200 ", 13))) { - lwsl_err("%s: ERROR proxy did not reply with h1\n", - __func__); - /* lwsl_hexdump_notice(sb, n); */ - cce = "proxy not h1"; - goto bail3; - } - - lwsl_info("%s: proxy connection extablished\n", __func__); - - /* clear his proxy connection timeout */ - - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - /* fallthru */ - - case LRS_H1C_ISSUE_HANDSHAKE: - - /* - * we are under PENDING_TIMEOUT_SENT_CLIENT_HANDSHAKE - * timeout protection set in client-handshake.c - * - * take care of our lws_callback_on_writable - * happening at a time when there's no real connection yet - */ -#if defined(LWS_WITH_SOCKS5) -start_ws_handshake: -#endif - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) - return -1; - -#if defined(LWS_WITH_TLS) - /* we can retry this... just cook the SSL BIO the first time */ - - if ((wsi->tls.use_ssl & LCCSCF_USE_SSL) && !wsi->tls.ssl && - lws_ssl_client_bio_create(wsi) < 0) { - cce = "bio_create failed"; - goto bail3; - } - - if (wsi->tls.use_ssl & LCCSCF_USE_SSL) { - n = lws_ssl_client_connect1(wsi); - if (!n) - return 0; - if (n < 0) { - cce = "lws_ssl_client_connect1 failed"; - goto bail3; - } - } else - wsi->tls.ssl = NULL; - - /* fallthru */ - - case LRS_WAITING_SSL: - - if (wsi->tls.use_ssl & LCCSCF_USE_SSL) { - n = lws_ssl_client_connect2(wsi, ebuf, sizeof(ebuf)); - if (!n) - return 0; - if (n < 0) { - cce = ebuf; - goto bail3; - } - } else - wsi->tls.ssl = NULL; -#endif -#if defined (LWS_WITH_HTTP2) - if (wsi->client_h2_alpn) { - /* - * We connected to the server and set up tls, and - * negotiated "h2". - * - * So this is it, we are an h2 master client connection - * now, not an h1 client connection. - */ -#if defined (LWS_WITH_TLS) - lws_tls_server_conn_alpn(wsi); -#endif - - /* send the H2 preface to legitimize the connection */ - if (lws_h2_issue_preface(wsi)) { - cce = "error sending h2 preface"; - goto bail3; - } - - break; - } -#endif - lwsi_set_state(wsi, LRS_H1C_ISSUE_HANDSHAKE2); - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_CLIENT_HS_SEND, - context->timeout_secs); - - /* fallthru */ - - case LRS_H1C_ISSUE_HANDSHAKE2: - p = lws_generate_client_handshake(wsi, p); - if (p == NULL) { - if (wsi->role_ops == &role_ops_raw_skt || - wsi->role_ops == &role_ops_raw_file) - return 0; - - lwsl_err("Failed to generate handshake for client\n"); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "chs"); - return 0; - } - - /* send our request to the server */ - lws_latency_pre(context, wsi); - - w = _lws_client_wsi_master(wsi); - lwsl_info("%s: HANDSHAKE2: %p: sending headers on %p " - "(wsistate 0x%lx 0x%lx), w sock %d, wsi sock %d\n", - __func__, wsi, w, (unsigned long)wsi->wsistate, - (unsigned long)w->wsistate, w->desc.sockfd, - wsi->desc.sockfd); - - n = lws_ssl_capable_write(w, (unsigned char *)sb, (int)(p - sb)); - lws_latency(context, wsi, "send lws_issue_raw", n, - n == p - sb); - switch (n) { - case LWS_SSL_CAPABLE_ERROR: - lwsl_debug("ERROR writing to client socket\n"); - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "cws"); - return 0; - case LWS_SSL_CAPABLE_MORE_SERVICE: - lws_callback_on_writable(wsi); - break; - } - - if (wsi->client_http_body_pending) { - lwsl_debug("body pending\n"); - lwsi_set_state(wsi, LRS_ISSUE_HTTP_BODY); - lws_set_timeout(wsi, - PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD, - context->timeout_secs); -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->http.proxy_clientside) - lws_callback_on_writable(wsi); -#endif - /* user code must ask for writable callback */ - break; - } - - lwsi_set_state(wsi, LRS_WAITING_SERVER_REPLY); - wsi->hdr_parsing_completed = 0; - - if (lwsi_state(w) == LRS_IDLING) { - lwsi_set_state(w, LRS_WAITING_SERVER_REPLY); - w->hdr_parsing_completed = 0; -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - w->http.ah->parser_state = WSI_TOKEN_NAME_PART; - w->http.ah->lextable_pos = 0; -#if defined(LWS_WITH_CUSTOM_HEADERS) - w->http.ah->unk_pos = 0; -#endif - /* If we're (re)starting on hdr, need other implied init */ - wsi->http.ah->ues = URIES_IDLE; -#endif - } - - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE, - wsi->context->timeout_secs); - - lws_callback_on_writable(w); - - goto client_http_body_sent; - - case LRS_ISSUE_HTTP_BODY: -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->http.proxy_clientside) { - lws_callback_on_writable(wsi); - break; - } -#endif - if (wsi->client_http_body_pending) { - //lws_set_timeout(wsi, - // PENDING_TIMEOUT_CLIENT_ISSUE_PAYLOAD, - // context->timeout_secs); - /* user code must ask for writable callback */ - break; - } -client_http_body_sent: -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - /* prepare ourselves to do the parsing */ - wsi->http.ah->parser_state = WSI_TOKEN_NAME_PART; - wsi->http.ah->lextable_pos = 0; -#if defined(LWS_WITH_CUSTOM_HEADERS) - wsi->http.ah->unk_pos = 0; -#endif -#endif - lwsi_set_state(wsi, LRS_WAITING_SERVER_REPLY); - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE, - context->timeout_secs); - break; - - case LRS_WAITING_SERVER_REPLY: - /* - * handle server hanging up on us... - * but if there is POLLIN waiting, handle that first - */ - if ((pollfd->revents & (LWS_POLLIN | LWS_POLLHUP)) == - LWS_POLLHUP) { - - lwsl_debug("Server connection %p (fd=%d) dead\n", - (void *)wsi, pollfd->fd); - cce = "Peer hung up"; - goto bail3; - } - - if (!(pollfd->revents & LWS_POLLIN)) - break; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - /* interpret the server response - * - * HTTP/1.1 101 Switching Protocols - * Upgrade: websocket - * Connection: Upgrade - * Sec-WebSocket-Accept: me89jWimTRKTWwrS3aRrL53YZSo= - * Sec-WebSocket-Nonce: AQIDBAUGBwgJCgsMDQ4PEC== - * Sec-WebSocket-Protocol: chat - * - * we have to take some care here to only take from the - * socket bytewise. The browser may (and has been seen to - * in the case that onopen() performs websocket traffic) - * coalesce both handshake response and websocket traffic - * in one packet, since at that point the connection is - * definitively ready from browser pov. - */ - len = 1; - while (wsi->http.ah->parser_state != WSI_PARSING_COMPLETE && - len > 0) { - int plen = 1; - - n = lws_ssl_capable_read(wsi, &c, 1); - lws_latency(context, wsi, "send lws_issue_raw", n, - n == 1); - switch (n) { - case 0: - case LWS_SSL_CAPABLE_ERROR: - cce = "read failed"; - goto bail3; - case LWS_SSL_CAPABLE_MORE_SERVICE: - return 0; - } - - if (lws_parse(wsi, &c, &plen)) { - lwsl_warn("problems parsing header\n"); - cce = "problems parsing header"; - goto bail3; - } - } - - /* - * hs may also be coming in multiple packets, there is a 5-sec - * libwebsocket timeout still active here too, so if parsing did - * not complete just wait for next packet coming in this state - */ - if (wsi->http.ah->parser_state != WSI_PARSING_COMPLETE) - break; - -#endif - - /* - * otherwise deal with the handshake. If there's any - * packet traffic already arrived we'll trigger poll() again - * right away and deal with it that way - */ - return lws_client_interpret_server_handshake(wsi); - -bail3: - lwsl_info("closing conn at LWS_CONNMODE...SERVER_REPLY\n"); - if (cce) - lwsl_info("reason: %s\n", cce); - lws_inform_client_conn_fail(wsi, (void *)cce, strlen(cce)); - - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "cbail3"); - return -1; - - default: - break; - } - - return 0; -} - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - -int LWS_WARN_UNUSED_RESULT -lws_http_transaction_completed_client(struct lws *wsi) -{ - struct lws *wsi_eff = lws_client_wsi_effective(wsi); - - lwsl_info("%s: wsi: %p, wsi_eff: %p (%s)\n", __func__, wsi, wsi_eff, - wsi_eff->protocol->name); - - if (user_callback_handle_rxflow(wsi_eff->protocol->callback, wsi_eff, - LWS_CALLBACK_COMPLETED_CLIENT_HTTP, - wsi_eff->user_space, NULL, 0)) { - lwsl_debug("%s: Completed call returned nonzero (role 0x%lx)\n", - __func__, (unsigned long)lwsi_role(wsi_eff)); - return -1; - } - - /* - * Are we constitutionally capable of having a queue, ie, we are on - * the "active client connections" list? - * - * If not, that's it for us. - */ - - if (lws_dll2_is_detached(&wsi->dll_cli_active_conns)) - return -1; - - /* if this was a queued guy, close him and remove from queue */ - - if (wsi->transaction_from_pipeline_queue) { - lwsl_debug("closing queued wsi %p\n", wsi_eff); - /* so the close doesn't trigger a CCE */ - wsi_eff->already_did_cce = 1; - __lws_close_free_wsi(wsi_eff, - LWS_CLOSE_STATUS_CLIENT_TRANSACTION_DONE, - "queued client done"); - } - - _lws_header_table_reset(wsi->http.ah); - - /* after the first one, they can only be coming from the queue */ - wsi->transaction_from_pipeline_queue = 1; - - wsi->http.rx_content_length = 0; - wsi->hdr_parsing_completed = 0; - - /* is there a new tail after removing that one? */ - wsi_eff = lws_client_wsi_effective(wsi); - - /* - * Do we have something pipelined waiting? - * it's OK if he hasn't managed to send his headers yet... he's next - * in line to do that... - */ - if (wsi_eff == wsi) { - /* - * Nothing pipelined... we should hang around a bit - * in case something turns up... - */ - lwsl_info("%s: nothing pipelined waiting\n", __func__); - lwsi_set_state(wsi, LRS_IDLING); - - lws_set_timeout(wsi, PENDING_TIMEOUT_CLIENT_CONN_IDLE, 5); - - return 0; - } - - /* - * H1: we can serialize the queued guys into the same ah - * H2: everybody needs their own ah until their own STREAM_END - */ - - /* otherwise set ourselves up ready to go again */ - lwsi_set_state(wsi, LRS_WAITING_SERVER_REPLY); - - wsi->http.ah->parser_state = WSI_TOKEN_NAME_PART; - wsi->http.ah->lextable_pos = 0; -#if defined(LWS_WITH_CUSTOM_HEADERS) - wsi->http.ah->unk_pos = 0; -#endif - - lws_set_timeout(wsi, PENDING_TIMEOUT_AWAITING_SERVER_RESPONSE, - wsi->context->timeout_secs); - - /* If we're (re)starting on headers, need other implied init */ - wsi->http.ah->ues = URIES_IDLE; - - lwsl_info("%s: %p: new queued transaction as %p\n", __func__, wsi, - wsi_eff); - lws_callback_on_writable(wsi); - - return 0; -} - -LWS_VISIBLE LWS_EXTERN unsigned int -lws_http_client_http_response(struct lws *_wsi) -{ - struct lws *wsi; - unsigned int resp; - - if (_wsi->http.ah && _wsi->http.ah->http_response) - return _wsi->http.ah->http_response; - - lws_vhost_lock(_wsi->vhost); - wsi = _lws_client_wsi_master(_wsi); - resp = wsi->http.ah->http_response; - lws_vhost_unlock(_wsi->vhost); - - return resp; -} -#endif - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -int -lws_client_interpret_server_handshake(struct lws *wsi) -{ - int n, port = 0, ssl = 0; - int close_reason = LWS_CLOSE_STATUS_PROTOCOL_ERR; - const char *prot, *ads = NULL, *path, *cce = NULL; - struct allocated_headers *ah; - struct lws *w = lws_client_wsi_effective(wsi); - char *p, *q; - char new_path[300]; - - lws_client_stash_destroy(wsi); - - ah = wsi->http.ah; - if (!wsi->do_ws) { - /* we are being an http client... - */ -#if defined(LWS_ROLE_H2) - if (wsi->client_h2_alpn || wsi->client_h2_substream) { - lwsl_debug("%s: %p: transitioning to h2 client\n", - __func__, wsi); - lws_role_transition(wsi, LWSIFR_CLIENT, - LRS_ESTABLISHED, &role_ops_h2); - } else -#endif - { -#if defined(LWS_ROLE_H1) - { - lwsl_debug("%s: %p: transitioning to h1 client\n", - __func__, wsi); - lws_role_transition(wsi, LWSIFR_CLIENT, - LRS_ESTABLISHED, &role_ops_h1); - } -#else - return -1; -#endif - } - - wsi->http.ah = ah; - ah->http_response = 0; - } - - /* - * well, what the server sent looked reasonable for syntax. - * Now let's confirm it sent all the necessary headers - * - * http (non-ws) client will expect something like this - * - * HTTP/1.0.200 - * server:.libwebsockets - * content-type:.text/html - * content-length:.17703 - * set-cookie:.test=LWS_1456736240_336776_COOKIE;Max-Age=360000 - */ - - wsi->http.conn_type = HTTP_CONNECTION_KEEP_ALIVE; - if (!wsi->client_h2_substream) { - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP); - if (wsi->do_ws && !p) { - lwsl_info("no URI\n"); - cce = "HS: URI missing"; - goto bail3; - } - if (!p) { - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP1_0); - wsi->http.conn_type = HTTP_CONNECTION_CLOSE; - } - if (!p) { - cce = "HS: URI missing"; - lwsl_info("no URI\n"); - goto bail3; - } - } else { - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_STATUS); - if (!p) { - cce = "HS: :status missing"; - lwsl_info("no status\n"); - goto bail3; - } - } - n = atoi(p); - if (ah) - ah->http_response = n; - - if ( -#if defined(LWS_WITH_HTTP_PROXY) - !wsi->http.proxy_clientside && -#endif - (n == 301 || n == 302 || n == 303 || n == 307 || n == 308)) { - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_LOCATION); - if (!p) { - cce = "HS: Redirect code but no Location"; - goto bail3; - } - - /* Relative reference absolute path */ - if (p[0] == '/') { -#if defined(LWS_WITH_TLS) - ssl = wsi->tls.use_ssl & LCCSCF_USE_SSL; -#endif - ads = lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_PEER_ADDRESS); - port = wsi->c_port; - /* +1 as lws_client_reset expects leading / omitted */ - path = p + 1; - } - /* Absolute (Full) URI */ - else if (strchr(p, ':')) { - if (lws_parse_uri(p, &prot, &ads, &port, &path)) { - cce = "HS: URI did not parse"; - goto bail3; - } - - if (!strcmp(prot, "wss") || !strcmp(prot, "https")) - ssl = 1; - } - /* Relative reference relative path */ - else { - /* This doesn't try to calculate an absolute path, - * that will be left to the server */ -#if defined(LWS_WITH_TLS) - ssl = wsi->tls.use_ssl & LCCSCF_USE_SSL; -#endif - ads = lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_PEER_ADDRESS); - port = wsi->c_port; - /* +1 as lws_client_reset expects leading / omitted */ - path = new_path + 1; - if (lws_hdr_simple_ptr(wsi,_WSI_TOKEN_CLIENT_URI)) - lws_strncpy(new_path, lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_URI), sizeof(new_path)); - else { - new_path[0] = '/'; - new_path[1] = '\0'; - } - q = strrchr(new_path, '/'); - if (q) - lws_strncpy(q + 1, p, sizeof(new_path) - - (q - new_path) - 1); - else - path = p; - } - -#if defined(LWS_WITH_TLS) - if ((wsi->tls.use_ssl & LCCSCF_USE_SSL) && !ssl) { - cce = "HS: Redirect attempted SSL downgrade"; - goto bail3; - } -#endif - - if (!ads) /* make coverity happy */ { - cce = "no ads"; - goto bail3; - } - - if (!lws_client_reset(&wsi, ssl, ads, port, path, ads)) { - /* there are two ways to fail out with NULL return... - * simple, early problem where the wsi is intact, or - * we went through with the reconnect attempt and the - * wsi is already closed. In the latter case, the wsi - * has beet set to NULL additionally. - */ - lwsl_err("Redirect failed\n"); - cce = "HS: Redirect failed"; - if (wsi) - goto bail3; - - return 1; - } - return 0; - } - - if (!wsi->do_ws) { - - /* if h1 KA is allowed, enable the queued pipeline guys */ - - if (!wsi->client_h2_alpn && !wsi->client_h2_substream && - w == wsi) { /* ie, coming to this for the first time */ - if (wsi->http.conn_type == HTTP_CONNECTION_KEEP_ALIVE) - wsi->keepalive_active = 1; - else { - /* - * Ugh... now the main http connection has seen - * both sides, we learn the server doesn't - * support keepalive. - * - * That means any guys queued on us are going - * to have to be restarted from connect2 with - * their own connections. - */ - - /* - * stick around telling any new guys they can't - * pipeline to this server - */ - wsi->keepalive_rejected = 1; - - lws_vhost_lock(wsi->vhost); - lws_start_foreach_dll_safe(struct lws_dll2 *, - d, d1, - wsi->dll2_cli_txn_queue_owner.head) { - struct lws *ww = lws_container_of(d, - struct lws, - dll2_cli_txn_queue); - - /* remove him from our queue */ - lws_dll2_remove(&ww->dll2_cli_txn_queue); - /* give up on pipelining */ - ww->client_pipeline = 0; - - /* go back to "trying to connect" state */ - lws_role_transition(ww, LWSIFR_CLIENT, - LRS_UNCONNECTED, -#if defined(LWS_ROLE_H1) - &role_ops_h1); -#else -#if defined (LWS_ROLE_H2) - &role_ops_h2); -#else - &role_ops_raw); -#endif -#endif - ww->user_space = NULL; - } lws_end_foreach_dll_safe(d, d1); - lws_vhost_unlock(wsi->vhost); - } - } - -#ifdef LWS_WITH_HTTP_PROXY - wsi->http.perform_rewrite = 0; - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE)) { - if (!strncmp(lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE), - "text/html", 9)) - wsi->http.perform_rewrite = 0; - } -#endif - - /* allocate the per-connection user memory (if any) */ - if (lws_ensure_user_space(wsi)) { - lwsl_err("Problem allocating wsi user mem\n"); - cce = "HS: OOM"; - goto bail2; - } - - /* he may choose to send us stuff in chunked transfer-coding */ - wsi->chunked = 0; - wsi->chunk_remaining = 0; /* ie, next thing is chunk size */ - if (lws_hdr_total_length(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING)) { - wsi->chunked = !strcmp(lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING), - "chunked"); - /* first thing is hex, after payload there is crlf */ - wsi->chunk_parser = ELCP_HEX; - } - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { - wsi->http.rx_content_length = - atoll(lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH)); - lwsl_info("%s: incoming content length %llu\n", - __func__, (unsigned long long) - wsi->http.rx_content_length); - wsi->http.rx_content_remain = - wsi->http.rx_content_length; - } else /* can't do 1.1 without a content length or chunked */ - if (!wsi->chunked) - wsi->http.conn_type = HTTP_CONNECTION_CLOSE; - - /* - * we seem to be good to go, give client last chance to check - * headers and OK it - */ - if (w->protocol->callback(w, - LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH, - w->user_space, NULL, 0)) { - - cce = "HS: disallowed by client filter"; - goto bail2; - } - - /* clear his proxy connection timeout */ - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; - - /* call him back to inform him he is up */ - if (w->protocol->callback(w, - LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP, - w->user_space, NULL, 0)) { - cce = "HS: disallowed at ESTABLISHED"; - goto bail3; - } - - /* - * for pipelining, master needs to keep his ah... guys who - * queued on him can drop it now though. - */ - - if (w != wsi) - /* free up parsing allocations for queued guy */ - lws_header_table_detach(w, 0); - - lwsl_info("%s: client connection up\n", __func__); - - /* - * Did we get a response from the server with an explicit - * content-length of zero? If so, this transaction is already - * completed at the end of the header processing... - */ - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH) && - !wsi->http.rx_content_length) - return !!lws_http_transaction_completed_client(wsi); - - return 0; - } - -#if defined(LWS_ROLE_WS) - switch (lws_client_ws_upgrade(wsi, &cce)) { - case 2: - goto bail2; - case 3: - goto bail3; - } - - return 0; -#endif - -bail3: - close_reason = LWS_CLOSE_STATUS_NOSTATUS; - -bail2: - if (wsi->protocol) { - n = 0; - if (cce) - n = (int)strlen(cce); - - lws_inform_client_conn_fail(wsi, (void *)cce, (unsigned int)n); - } - - lwsl_info("closing connection (prot %s) " - "due to bail2 connection error: %s\n", wsi->protocol ? - wsi->protocol->name : "unknown", cce); - - /* closing will free up his parsing allocations */ - lws_close_free_wsi(wsi, close_reason, "c hs interp"); - - return 1; -} -#endif - -char * -lws_generate_client_handshake(struct lws *wsi, char *pkt) -{ - char *p = pkt; - const char *meth; - const char *pp = lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); - - meth = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_METHOD); - if (!meth) { - meth = "GET"; - wsi->do_ws = 1; - } else { - wsi->do_ws = 0; - } - - if (!strcmp(meth, "RAW")) { - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - lwsl_notice("client transition to raw\n"); - - if (pp) { - const struct lws_protocols *pr; - - pr = lws_vhost_name_to_protocol(wsi->vhost, pp); - - if (!pr) { - lwsl_err("protocol %s not enabled on vhost\n", - pp); - return NULL; - } - - lws_bind_protocol(wsi, pr, __func__); - } - - if ((wsi->protocol->callback)(wsi, LWS_CALLBACK_RAW_ADOPT, - wsi->user_space, NULL, 0)) - return NULL; - - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_ESTABLISHED, - &role_ops_raw_skt); - lws_header_table_detach(wsi, 1); - - return NULL; - } - - /* - * 04 example client handshake - * - * GET /chat HTTP/1.1 - * Host: server.example.com - * Upgrade: websocket - * Connection: Upgrade - * Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== - * Sec-WebSocket-Origin: http://example.com - * Sec-WebSocket-Protocol: chat, superchat - * Sec-WebSocket-Version: 4 - */ - - p += lws_snprintf(p, 2048, "%s %s HTTP/1.1\x0d\x0a", meth, - lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_URI)); - - p += lws_snprintf(p, 64, "Pragma: no-cache\x0d\x0a" - "Cache-Control: no-cache\x0d\x0a"); - - p += lws_snprintf(p, 128, "Host: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST)); - - if (lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_ORIGIN)) { - if (lws_check_opt(wsi->context->options, - LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN)) - p += lws_snprintf(p, 128, "Origin: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_ORIGIN)); - else - p += lws_snprintf(p, 128, "Origin: http://%s\x0d\x0a", - lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_ORIGIN)); - } - -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->parent && - lws_hdr_total_length(wsi->parent, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { - p += lws_snprintf(p, 128, "Content-Length: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi->parent, WSI_TOKEN_HTTP_CONTENT_LENGTH)); - if (atoi(lws_hdr_simple_ptr(wsi->parent, WSI_TOKEN_HTTP_CONTENT_LENGTH))) - wsi->client_http_body_pending = 1; - } - if (wsi->parent && - lws_hdr_total_length(wsi->parent, WSI_TOKEN_HTTP_AUTHORIZATION)) { - p += lws_snprintf(p, 128, "Authorization: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi->parent, WSI_TOKEN_HTTP_AUTHORIZATION)); - } - if (wsi->parent && - lws_hdr_total_length(wsi->parent, WSI_TOKEN_HTTP_CONTENT_TYPE)) { - p += lws_snprintf(p, 128, "Content-Type: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi->parent, WSI_TOKEN_HTTP_CONTENT_TYPE)); - } -#endif - -#if defined(LWS_ROLE_WS) - if (wsi->do_ws) { - const char *conn1 = ""; - // if (!wsi->client_pipeline) - // conn1 = "close, "; - p = lws_generate_client_ws_handshake(wsi, p, conn1); - } else -#endif - { - if (!wsi->client_pipeline) - p += lws_snprintf(p, 64, "connection: close\x0d\x0a"); - } - - /* give userland a chance to append, eg, cookies */ - - if (wsi->protocol->callback(wsi, - LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER, - wsi->user_space, &p, - (pkt + wsi->context->pt_serv_buf_size) - p - 12)) - return NULL; - - p += lws_snprintf(p, 4, "\x0d\x0a"); - - // puts(pkt); - - return p; -} - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - -LWS_VISIBLE int -lws_http_client_read(struct lws *wsi, char **buf, int *len) -{ - int rlen, n; - - rlen = lws_ssl_capable_read(wsi, (unsigned char *)*buf, *len); - *len = 0; - - // lwsl_notice("%s: rlen %d\n", __func__, rlen); - - /* allow the source to signal he has data again next time */ - if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) - return -1; - - if (rlen == LWS_SSL_CAPABLE_ERROR) { - lwsl_debug("%s: SSL capable error\n", __func__); - return -1; - } - - if (rlen <= 0) - return 0; - - *len = rlen; - wsi->client_rx_avail = 0; - - /* - * server may insist on transfer-encoding: chunked, - * so http client must deal with it - */ -spin_chunks: - while (wsi->chunked && (wsi->chunk_parser != ELCP_CONTENT) && *len) { - switch (wsi->chunk_parser) { - case ELCP_HEX: - if ((*buf)[0] == '\x0d') { - wsi->chunk_parser = ELCP_CR; - break; - } - n = char_to_hex((*buf)[0]); - if (n < 0) { - lwsl_info("%s: chunking failure\n", __func__); - return -1; - } - wsi->chunk_remaining <<= 4; - wsi->chunk_remaining |= n; - break; - case ELCP_CR: - if ((*buf)[0] != '\x0a') { - lwsl_info("%s: chunking failure\n", __func__); - return -1; - } - wsi->chunk_parser = ELCP_CONTENT; - lwsl_info("chunk %d\n", wsi->chunk_remaining); - if (wsi->chunk_remaining) - break; - lwsl_info("final chunk\n"); - goto completed; - - case ELCP_CONTENT: - break; - - case ELCP_POST_CR: - if ((*buf)[0] != '\x0d') { - lwsl_info("%s: chunking failure\n", __func__); - - return -1; - } - - wsi->chunk_parser = ELCP_POST_LF; - break; - - case ELCP_POST_LF: - if ((*buf)[0] != '\x0a') { - lwsl_info("%s: chunking failure\n", __func__); - - return -1; - } - - wsi->chunk_parser = ELCP_HEX; - wsi->chunk_remaining = 0; - break; - } - (*buf)++; - (*len)--; - } - - if (wsi->chunked && !wsi->chunk_remaining) - return 0; - - if (wsi->http.rx_content_remain && - wsi->http.rx_content_remain < (unsigned int)*len) - n = (int)wsi->http.rx_content_remain; - else - n = *len; - - if (wsi->chunked && wsi->chunk_remaining && - wsi->chunk_remaining < n) - n = wsi->chunk_remaining; - -#if defined(LWS_WITH_HTTP_PROXY) && defined(LWS_WITH_HUBBUB) - /* hubbub */ - if (wsi->http.perform_rewrite) - lws_rewrite_parse(wsi->http.rw, (unsigned char *)*buf, n); - else -#endif - { - struct lws *wsi_eff = lws_client_wsi_effective(wsi); - - if ( -#if defined(LWS_WITH_HTTP_PROXY) - !wsi_eff->protocol_bind_balance == - !!wsi_eff->http.proxy_clientside && -#else - !!wsi_eff->protocol_bind_balance && -#endif - user_callback_handle_rxflow(wsi_eff->protocol->callback, - wsi_eff, LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ, - wsi_eff->user_space, *buf, n)) { - lwsl_info("%s: RECEIVE_CLIENT_HTTP_READ returned -1\n", - __func__); - - return -1; - } - } - - if (wsi->chunked && wsi->chunk_remaining) { - (*buf) += n; - wsi->chunk_remaining -= n; - *len -= n; - } - - if (wsi->chunked && !wsi->chunk_remaining) - wsi->chunk_parser = ELCP_POST_CR; - - if (wsi->chunked && *len) - goto spin_chunks; - - if (wsi->chunked) - return 0; - - /* if we know the content length, decrement the content remaining */ - if (wsi->http.rx_content_length > 0) - wsi->http.rx_content_remain -= n; - - // lwsl_notice("rx_content_remain %lld, rx_content_length %lld\n", - // wsi->http.rx_content_remain, wsi->http.rx_content_length); - - if (wsi->http.rx_content_remain || !wsi->http.rx_content_length) - return 0; - -completed: - - if (lws_http_transaction_completed_client(wsi)) { - lwsl_notice("%s: transaction completed says -1\n", __func__); - return -1; - } - - return 0; -} - -#endif diff --git a/lib/roles/http/compression/README.md b/lib/roles/http/compression/README.md deleted file mode 100644 index 8d9d57f..0000000 --- a/lib/roles/http/compression/README.md +++ /dev/null @@ -1,17 +0,0 @@ -HTTP compression ----------------- - -This directory contains generic compression transforms that can be applied to -specifically HTTP content streams, after the header, be it h1 or h2. - -The compression transforms expose an "ops" type struct and a compressor name -as used by `content-encoding`... the ops struct definition can be found in -./private.h. - -Because the compression transform depends on being able to send on its output -before it can process new input, the transform adds a new kind of buflist -`wsi->buflist_comp` that represents pre-compression transform data -("input data" from the perspective of the compression transform) that was -delivered to be processed but couldn't be accepted. - -Currently, zlib 'deflate' and brotli 'br' are supported on the server side. diff --git a/lib/roles/http/compression/brotli/brotli.c b/lib/roles/http/compression/brotli/brotli.c deleted file mode 100644 index 0c977de..0000000 --- a/lib/roles/http/compression/brotli/brotli.c +++ /dev/null @@ -1,122 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - - -static int -lcs_init_compression_brotli(lws_comp_ctx_t *ctx, int decomp) -{ - ctx->is_decompression = decomp; - - if (!decomp) { - ctx->u.br_en = BrotliEncoderCreateInstance(NULL, NULL, NULL); - if (ctx->u.br_en) { - BrotliEncoderSetParameter(ctx->u.br_en, - BROTLI_PARAM_MODE, BROTLI_MODE_TEXT); - BrotliEncoderSetParameter(ctx->u.br_en, - BROTLI_PARAM_QUALITY, BROTLI_MIN_QUALITY); - } - } - else - ctx->u.br_de = BrotliDecoderCreateInstance(NULL, NULL, NULL); - - return !ctx->u.br_de; -} - -static int -lcs_process_brotli(lws_comp_ctx_t *ctx, const void *in, size_t *ilen_iused, - void *out, size_t *olen_oused) -{ - size_t a_in, a_out, t_out; - const uint8_t *n_in; - uint8_t *n_out; - int n; - - n_in = (void *)in; - a_in = *ilen_iused; - a_out = *olen_oused; - n_out = out; - t_out = 0; - - if (!ctx->is_decompression) { - - if (!a_in && !BrotliEncoderHasMoreOutput(ctx->u.br_en)) { - *olen_oused = 0; - - goto bail; - } - - n = BROTLI_OPERATION_PROCESS; - if (!ctx->buflist_comp && ctx->final_on_input_side) - n = BROTLI_OPERATION_FINISH; - - if (BrotliEncoderCompressStream(ctx->u.br_en, n, &a_in, &n_in, - &a_out, &n_out, &t_out) == - BROTLI_FALSE) { - lwsl_err("brotli encode failed\n"); - - return -1; - } - - ctx->may_have_more = !a_out; - - } else { - n = BrotliDecoderDecompressStream(ctx->u.br_de, &a_in, &n_in, - &a_out, &n_out, &t_out); - - switch (n) { - case BROTLI_DECODER_RESULT_ERROR: - lwsl_err("brotli decoder error\n"); - return -1; - } - } - - *ilen_iused -= a_in; - *olen_oused -= a_out; - -bail: - if (!ctx->is_decompression) - return BrotliEncoderIsFinished(ctx->u.br_en); - else - return BrotliDecoderIsFinished(ctx->u.br_de); -} - -static void -lcs_destroy_brotli(lws_comp_ctx_t *ctx) -{ - if (!ctx) - return; - - if (!(*ctx).is_decompression) - BrotliEncoderDestroyInstance((*ctx).u.br_en); - else - BrotliDecoderDestroyInstance((*ctx).u.br_de); - - (*ctx).u.generic_ctx_ptr = NULL; -} - -struct lws_compression_support lcs_brotli = { - /* .encoding_name */ "br", - /* .init_compression */ lcs_init_compression_brotli, - /* .process */ lcs_process_brotli, - /* .destroy */ lcs_destroy_brotli, -}; diff --git a/lib/roles/http/compression/deflate/deflate.c b/lib/roles/http/compression/deflate/deflate.c deleted file mode 100644 index c092ec5..0000000 --- a/lib/roles/http/compression/deflate/deflate.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static int -lcs_init_compression_deflate(lws_comp_ctx_t *ctx, int decomp) -{ - int n; - - ctx->is_decompression = decomp; - ctx->u.deflate = lws_malloc(sizeof(*ctx->u.deflate), __func__); - - if (!ctx->u.deflate) - return 2; - - memset(ctx->u.deflate, 0, sizeof(*ctx->u.deflate)); - - if (!decomp && - (n = deflateInit2(ctx->u.deflate, 1, Z_DEFLATED, -15, 8, - Z_DEFAULT_STRATEGY)) != Z_OK) { - lwsl_err("deflate init failed: %d\n", n); - lws_free_set_NULL(ctx->u.deflate); - - return 1; - } - - if (decomp && - inflateInit2(ctx->u.deflate, 16 + 15) != Z_OK) { - lws_free_set_NULL(ctx->u.deflate); - return 1; - } - - return 0; -} - -static int -lcs_process_deflate(lws_comp_ctx_t *ctx, const void *in, size_t *ilen_iused, - void *out, size_t *olen_oused) -{ - size_t olen_oused_in = *olen_oused; - int n; - - ctx->u.deflate->next_in = (void *)in; - ctx->u.deflate->avail_in = *ilen_iused; - - ctx->u.deflate->next_out = out; - ctx->u.deflate->avail_out = *olen_oused; - - if (!ctx->is_decompression) - n = deflate(ctx->u.deflate, Z_SYNC_FLUSH); - else - n = inflate(ctx->u.deflate, Z_SYNC_FLUSH); - - switch (n) { - case Z_NEED_DICT: - case Z_STREAM_ERROR: - case Z_DATA_ERROR: - case Z_MEM_ERROR: - lwsl_err("zlib error inflate %d\n", n); - return -1; - } - - *ilen_iused -= ctx->u.deflate->avail_in; - *olen_oused -= ctx->u.deflate->avail_out; - - /* it's ambiguous with zlib... */ - ctx->may_have_more = (*olen_oused == olen_oused_in); - - return n == Z_STREAM_END; -} - -static void -lcs_destroy_deflate(lws_comp_ctx_t *ctx) -{ - if (!ctx) - return; - - if (!(*ctx).is_decompression) - deflateEnd((*ctx).u.deflate); - else - inflateEnd((*ctx).u.deflate); - - lws_free_set_NULL(ctx->u.deflate); -} - -struct lws_compression_support lcs_deflate = { - /* .encoding_name */ "deflate", - /* .init_compression */ lcs_init_compression_deflate, - /* .process */ lcs_process_deflate, - /* .destroy */ lcs_destroy_deflate, -}; diff --git a/lib/roles/http/compression/private.h b/lib/roles/http/compression/private.h deleted file mode 100644 index 97b5d7b..0000000 --- a/lib/roles/http/compression/private.h +++ /dev/null @@ -1,84 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_HTTP_STREAM_COMPRESSION - */ - -#if defined(LWS_WITH_MINIZ) -#include -#else -#include -#endif -#if defined(LWS_WITH_HTTP_BROTLI) -#include -#include -#endif - -/* - * struct holding union of all the available compression methods' context data, - * and state if it's compressing or decompressing - */ - -typedef struct lws_compression_ctx { - union { - -#if defined(LWS_WITH_HTTP_BROTLI) - BrotliEncoderState *br_en; - BrotliDecoderState *br_de; -#endif - z_stream *deflate; - void *generic_ctx_ptr; - } u; - - struct lws_buflist *buflist_comp; - - unsigned int is_decompression:1; - unsigned int final_on_input_side:1; - unsigned int may_have_more:1; - unsigned int chunking:1; -} lws_comp_ctx_t; - -/* generic structure defining the interface to a compression method */ - -struct lws_compression_support { - /** compression name as used by, eg, content-ecoding */ - const char *encoding_name; - /** create a compression context for the compression method, or NULL */ - int (*init_compression)(lws_comp_ctx_t *ctx, int decomp); - /** pass data into the context to be processed */ - int (*process)(lws_comp_ctx_t *ctx, const void *in, size_t *ilen_iused, - void *out, size_t *olen_oused); - /** destroy the de/compression context */ - void (*destroy)(lws_comp_ctx_t *ctx); -}; - -extern struct lws_compression_support lcs_deflate; -extern struct lws_compression_support lcs_brotli; - -int -lws_http_compression_validate(struct lws *wsi); - -int -lws_http_compression_transform(struct lws *wsi, unsigned char *buf, - size_t len, enum lws_write_protocol *wp, - unsigned char **outbuf, size_t *olen_oused); - -void -lws_http_compression_destroy(struct lws *wsi); diff --git a/lib/roles/http/compression/stream.c b/lib/roles/http/compression/stream.c deleted file mode 100644 index 7acb58e..0000000 --- a/lib/roles/http/compression/stream.c +++ /dev/null @@ -1,223 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* compression methods listed in order of preference */ - -struct lws_compression_support *lcs_available[] = { -#if defined(LWS_WITH_HTTP_BROTLI) - &lcs_brotli, -#endif - &lcs_deflate, -}; - -/* compute acceptable compression encodings while we still have an ah */ - -int -lws_http_compression_validate(struct lws *wsi) -{ - const char *a; - size_t n; - - wsi->http.comp_accept_mask = 0; - - if (!wsi->http.ah || !lwsi_role_server(wsi)) - return 0; - - a = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING); - if (!a) - return 0; - - for (n = 0; n < LWS_ARRAY_SIZE(lcs_available); n++) - if (strstr(a, lcs_available[n]->encoding_name)) - wsi->http.comp_accept_mask |= 1 << n; - - return 0; -} - -LWS_VISIBLE int -lws_http_compression_apply(struct lws *wsi, const char *name, - unsigned char **p, unsigned char *end, char decomp) -{ - size_t n; - - for (n = 0; n < LWS_ARRAY_SIZE(lcs_available); n++) { - /* if name is non-NULL, choose only that compression method */ - if (name && !strcmp(lcs_available[n]->encoding_name, name)) - continue; - /* - * If we're the server, confirm that the client told us he could - * handle this kind of compression transform... - */ - if (!decomp && !(wsi->http.comp_accept_mask & (1 << n))) - continue; - - /* let's go with this one then... */ - break; - } - - if (n == LWS_ARRAY_SIZE(lcs_available)) - return 1; - - lcs_available[n]->init_compression(&wsi->http.comp_ctx, decomp); - if (!wsi->http.comp_ctx.u.generic_ctx_ptr) { - lwsl_err("%s: init_compression %d failed\n", __func__, (int)n); - return 1; - } - - wsi->http.lcs = lcs_available[n]; - wsi->http.comp_ctx.may_have_more = 0; - wsi->http.comp_ctx.final_on_input_side = 0; - wsi->http.comp_ctx.chunking = 0; - wsi->http.comp_ctx.is_decompression = decomp; - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_ENCODING, - (unsigned char *)lcs_available[n]->encoding_name, - strlen(lcs_available[n]->encoding_name), p, end)) - return -1; - - lwsl_info("%s: wsi %p: applied %s content-encoding\n", __func__, - wsi, lcs_available[n]->encoding_name); - - return 0; -} - -void -lws_http_compression_destroy(struct lws *wsi) -{ - if (!wsi->http.lcs || !wsi->http.comp_ctx.u.generic_ctx_ptr) - return; - - wsi->http.lcs->destroy(&wsi->http.comp_ctx); - - wsi->http.lcs = NULL; -} - -/* - * This manages the compression transform independent of h1 or h2. - * - * wsi->buflist_comp stashes pre-transform input that was not yet compressed - */ - -int -lws_http_compression_transform(struct lws *wsi, unsigned char *buf, - size_t len, enum lws_write_protocol *wp, - unsigned char **outbuf, size_t *olen_oused) -{ - size_t ilen_iused = len; - int n, use = 0, wp1f = (*wp) & 0x1f; - lws_comp_ctx_t *ctx = &wsi->http.comp_ctx; - - ctx->may_have_more = 0; - - if (!wsi->http.lcs || - (wp1f != LWS_WRITE_HTTP && wp1f != LWS_WRITE_HTTP_FINAL)) { - *outbuf = buf; - *olen_oused = len; - - return 0; - } - - if (wp1f == LWS_WRITE_HTTP_FINAL) { - /* - * ...we may get a large buffer that represents the final input - * buffer, but it may form multiple frames after being - * tranformed by compression; only the last of those is actually - * the final frame on the output stream. - * - * Note that we have received the FINAL input, and downgrade it - * to a non-final for now. - */ - ctx->final_on_input_side = 1; - *wp = LWS_WRITE_HTTP | ((*wp) & ~0x1f); - } - - if (ctx->buflist_comp || ctx->may_have_more) { - /* - * we can't send this new stuff when we have old stuff - * buffered and not compressed yet. Add it to the tail - * and switch to trying to process the head. - */ - if (buf && len) { - if (lws_buflist_append_segment( - &ctx->buflist_comp, buf, len) < 0) - return -1; - lwsl_debug("%s: %p: adding %d to comp buflist\n", - __func__,wsi, (int)len); - } - - len = lws_buflist_next_segment_len(&ctx->buflist_comp, &buf); - ilen_iused = len; - use = 1; - lwsl_debug("%s: %p: trying comp buflist %d\n", __func__, wsi, - (int)len); - } - - if (!buf && ilen_iused) - return 0; - - lwsl_debug("%s: %p: pre-process: ilen_iused %d, olen_oused %d\n", - __func__, wsi, (int)ilen_iused, (int)*olen_oused); - - n = wsi->http.lcs->process(ctx, buf, &ilen_iused, *outbuf, olen_oused); - - if (n && n != 1) { - lwsl_err("%s: problem with compression\n", __func__); - - return -1; - } - - if (!ctx->may_have_more && ctx->final_on_input_side) - *wp = LWS_WRITE_HTTP_FINAL | ((*wp) & ~0x1f); - - lwsl_debug("%s: %p: more %d, ilen_iused %d\n", __func__, wsi, - ctx->may_have_more, (int)ilen_iused); - - if (use && ilen_iused) { - /* - * we were flushing stuff from the buflist head... account for - * however much actually got processed by the compression - * transform - */ - lws_buflist_use_segment(&ctx->buflist_comp, ilen_iused); - lwsl_debug("%s: %p: marking %d of comp buflist as used " - "(ctx->buflist_comp %p)\n", __func__, wsi, - (int)len, ctx->buflist_comp); - } - - if (!use && ilen_iused != len) { - /* - * ...we were sending stuff from the caller directly and not - * all of it got processed... stash on the buflist tail - */ - if (lws_buflist_append_segment(&ctx->buflist_comp, - buf + ilen_iused, len - ilen_iused) < 0) - return -1; - - lwsl_debug("%s: buffering %d unused comp input\n", __func__, - (int)(len - ilen_iused)); - } - if (ctx->buflist_comp || ctx->may_have_more) - lws_callback_on_writable(wsi); - - return 0; -} diff --git a/lib/roles/http/header.c b/lib/roles/http/header.c deleted file mode 100644 index d161d78..0000000 --- a/lib/roles/http/header.c +++ /dev/null @@ -1,616 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "lextable-strings.h" - - -const unsigned char * -lws_token_to_string(enum lws_token_indexes token) -{ - if ((unsigned int)token >= LWS_ARRAY_SIZE(set)) - return NULL; - - return (unsigned char *)set[token]; -} - -int -lws_add_http_header_by_name(struct lws *wsi, const unsigned char *name, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end) -{ -#ifdef LWS_WITH_HTTP2 - if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi)) - return lws_add_http2_header_by_name(wsi, name, - value, length, p, end); -#else - (void)wsi; -#endif - if (name) { - while (*p < end && *name) - *((*p)++) = *name++; - if (*p == end) - return 1; - *((*p)++) = ' '; - } - if (*p + length + 3 >= end) - return 1; - - memcpy(*p, value, length); - *p += length; - *((*p)++) = '\x0d'; - *((*p)++) = '\x0a'; - - return 0; -} - -int lws_finalize_http_header(struct lws *wsi, unsigned char **p, - unsigned char *end) -{ -#ifdef LWS_WITH_HTTP2 - if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi)) - return 0; -#else - (void)wsi; -#endif - if ((lws_intptr_t)(end - *p) < 3) - return 1; - *((*p)++) = '\x0d'; - *((*p)++) = '\x0a'; - - return 0; -} - -int -lws_finalize_write_http_header(struct lws *wsi, unsigned char *start, - unsigned char **pp, unsigned char *end) -{ - unsigned char *p; - int len; - - if (lws_finalize_http_header(wsi, pp, end)) - return 1; - - p = *pp; - len = lws_ptr_diff(p, start); - - if (lws_write(wsi, start, len, LWS_WRITE_HTTP_HEADERS) != len) - return 1; - - return 0; -} - -int -lws_add_http_header_by_token(struct lws *wsi, enum lws_token_indexes token, - const unsigned char *value, int length, - unsigned char **p, unsigned char *end) -{ - const unsigned char *name; -#ifdef LWS_WITH_HTTP2 - if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi)) - return lws_add_http2_header_by_token(wsi, token, value, - length, p, end); -#endif - name = lws_token_to_string(token); - if (!name) - return 1; - - return lws_add_http_header_by_name(wsi, name, value, length, p, end); -} - -int -lws_add_http_header_content_length(struct lws *wsi, - lws_filepos_t content_length, - unsigned char **p, unsigned char *end) -{ - char b[24]; - int n; - - n = lws_snprintf(b, sizeof(b) - 1, "%llu", (unsigned long long)content_length); - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, - (unsigned char *)b, n, p, end)) - return 1; - wsi->http.tx_content_length = content_length; - wsi->http.tx_content_remain = content_length; - - lwsl_info("%s: wsi %p: tx_content_length/remain %llu\n", __func__, - wsi, (unsigned long long)content_length); - - return 0; -} - -int -lws_add_http_common_headers(struct lws *wsi, unsigned int code, - const char *content_type, lws_filepos_t content_len, - unsigned char **p, unsigned char *end) -{ - const char *ka[] = { "close", "keep-alive" }; - int types[] = { HTTP_CONNECTION_CLOSE, HTTP_CONNECTION_KEEP_ALIVE }, - t = 0; - - if (lws_add_http_header_status(wsi, code, p, end)) - return 1; - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)content_type, - (int)strlen(content_type), p, end)) - return 1; - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (!wsi->http.lcs && - (!strncmp(content_type, "text/", 5) || - !strcmp(content_type, "application/javascript") || - !strcmp(content_type, "image/svg+xml"))) - lws_http_compression_apply(wsi, NULL, p, end, 0); -#endif - - /* - * if we decided to compress it, we don't know the content length... - * the compressed data will go out chunked on h1 - */ - if ( -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - !wsi->http.lcs && -#endif - content_len != LWS_ILLEGAL_HTTP_CONTENT_LEN) { - if (lws_add_http_header_content_length(wsi, content_len, - p, end)) - return 1; - } else { - /* there was no length... it normally means CONNECTION_CLOSE */ -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - - if (!wsi->http2_substream && wsi->http.lcs) { - /* so... - * - h1 connection - * - http compression transform active - * - did not send content length - * - * then mark as chunked... - */ - wsi->http.comp_ctx.chunking = 1; - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - (unsigned char *)"chunked", 7, p, end)) - return -1; - - /* ... but h1 compression is chunked, if active we can - * still pipeline - */ - if (wsi->http.lcs && - wsi->http.conn_type == HTTP_CONNECTION_KEEP_ALIVE) - t = 1; - } -#endif - if (!wsi->http2_substream) { - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_CONNECTION, - (unsigned char *)ka[t], - (int)strlen(ka[t]), p, end)) - return 1; - - wsi->http.conn_type = types[t]; - } - } - - return 0; -} - -static const char * const err400[] = { - "Bad Request", - "Unauthorized", - "Payment Required", - "Forbidden", - "Not Found", - "Method Not Allowed", - "Not Acceptable", - "Proxy Auth Required", - "Request Timeout", - "Conflict", - "Gone", - "Length Required", - "Precondition Failed", - "Request Entity Too Large", - "Request URI too Long", - "Unsupported Media Type", - "Requested Range Not Satisfiable", - "Expectation Failed" -}; - -static const char * const err500[] = { - "Internal Server Error", - "Not Implemented", - "Bad Gateway", - "Service Unavailable", - "Gateway Timeout", - "HTTP Version Not Supported" -}; - -/* security best practices from Mozilla Observatory */ - -static const -struct lws_protocol_vhost_options pvo_hsbph[] = {{ - NULL, NULL, "referrer-policy:", "no-referrer" -}, { - &pvo_hsbph[0], NULL, "x-frame-options:", "deny" -}, { - &pvo_hsbph[1], NULL, "x-xss-protection:", "1; mode=block" -}, { - &pvo_hsbph[2], NULL, "x-content-type-options:", "nosniff" -}, { - &pvo_hsbph[3], NULL, "content-security-policy:", - "default-src 'none'; img-src 'self' data: ; " - "script-src 'self'; font-src 'self'; " - "style-src 'self'; connect-src 'self'; " - "frame-ancestors 'none'; base-uri 'none';" - "form-action 'self';" -}}; - -int -lws_add_http_header_status(struct lws *wsi, unsigned int _code, - unsigned char **p, unsigned char *end) -{ - static const char * const hver[] = { - "HTTP/1.0", "HTTP/1.1", "HTTP/2" - }; - const struct lws_protocol_vhost_options *headers; - unsigned int code = _code & LWSAHH_CODE_MASK; - const char *description = "", *p1; - unsigned char code_and_desc[60]; - int n; - -#ifdef LWS_WITH_ACCESS_LOG - wsi->http.access_log.response = code; -#endif - -#ifdef LWS_WITH_HTTP2 - if (lwsi_role_h2(wsi) || lwsi_role_h2_ENCAPSULATION(wsi)) { - n = lws_add_http2_header_status(wsi, code, p, end); - if (n) - return n; - } else -#endif - { - if (code >= 400 && code < (400 + LWS_ARRAY_SIZE(err400))) - description = err400[code - 400]; - if (code >= 500 && code < (500 + LWS_ARRAY_SIZE(err500))) - description = err500[code - 500]; - - if (code == 100) - description = "Continue"; - if (code == 200) - description = "OK"; - if (code == 304) - description = "Not Modified"; - else - if (code >= 300 && code < 400) - description = "Redirect"; - - if (wsi->http.request_version < LWS_ARRAY_SIZE(hver)) - p1 = hver[wsi->http.request_version]; - else - p1 = hver[0]; - - n = lws_snprintf((char *)code_and_desc, sizeof(code_and_desc) - 1, "%s %u %s", p1, code, - description); - - if (lws_add_http_header_by_name(wsi, NULL, code_and_desc, n, p, - end)) - return 1; - } - - headers = wsi->vhost->headers; - while (headers) { - if (lws_add_http_header_by_name(wsi, - (const unsigned char *)headers->name, - (unsigned char *)headers->value, - (int)strlen(headers->value), p, end)) - return 1; - - headers = headers->next; - } - - if (wsi->vhost->options & - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE) { - headers = &pvo_hsbph[LWS_ARRAY_SIZE(pvo_hsbph) - 1]; - while (headers) { - if (lws_add_http_header_by_name(wsi, - (const unsigned char *)headers->name, - (unsigned char *)headers->value, - (int)strlen(headers->value), p, end)) - return 1; - - headers = headers->next; - } - } - - if (wsi->context->server_string && - !(_code & LWSAHH_FLAG_NO_SERVER_NAME)) - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_SERVER, - (unsigned char *)wsi->context->server_string, - wsi->context->server_string_len, p, end)) - return 1; - - if (wsi->vhost->options & LWS_SERVER_OPTION_STS) - if (lws_add_http_header_by_name(wsi, (unsigned char *) - "Strict-Transport-Security:", - (unsigned char *)"max-age=15768000 ; " - "includeSubDomains", 36, p, end)) - return 1; - - if (*p >= (end - 2)) { - lwsl_err("%s: reached end of buffer\n", __func__); - - return 1; - } - - return 0; -} - -LWS_VISIBLE int -lws_return_http_status(struct lws *wsi, unsigned int code, - const char *html_body) -{ - struct lws_context *context = lws_get_context(wsi); - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - unsigned char *p = pt->serv_buf + LWS_PRE; - unsigned char *start = p; - unsigned char *end = p + context->pt_serv_buf_size - LWS_PRE; - char *body = (char *)start + context->pt_serv_buf_size - 512; - int n = 0, m = 0, len; - char slen[20]; - - if (!wsi->vhost) { - lwsl_err("%s: wsi not bound to vhost\n", __func__); - - return 1; - } -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (!wsi->handling_404 && - wsi->vhost->http.error_document_404 && - code == HTTP_STATUS_NOT_FOUND) - /* we should do a redirect, and do the 404 there */ - if (lws_http_redirect(wsi, HTTP_STATUS_FOUND, - (uint8_t *)wsi->vhost->http.error_document_404, - (int)strlen(wsi->vhost->http.error_document_404), - &p, end) > 0) - return 0; -#endif - - /* if the redirect failed, just do a simple status */ - p = start; - - if (!html_body) - html_body = ""; - - if (lws_add_http_header_status(wsi, code, &p, end)) - return 1; - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)"text/html", 9, - &p, end)) - return 1; - - len = lws_snprintf(body, 510, "" - "" - "" - "

%u

%s", code, html_body); - - - n = lws_snprintf(slen, 12, "%d", len); - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, - (unsigned char *)slen, n, &p, end)) - return 1; - - if (lws_finalize_http_header(wsi, &p, end)) - return 1; - -#if defined(LWS_WITH_HTTP2) - if (wsi->http2_substream) { - - /* - * for HTTP/2, the headers must be sent separately, since they - * go out in their own frame. That puts us in a bind that - * we won't always be able to get away with two lws_write()s in - * sequence, since the first may use up the writability due to - * the pipe being choked or SSL_WANT_. - * - * However we do need to send the human-readable body, and the - * END_STREAM. - * - * Solve it by writing the headers now... - */ - m = lws_write(wsi, start, lws_ptr_diff(p, start), - LWS_WRITE_HTTP_HEADERS); - if (m != lws_ptr_diff(p, start)) - return 1; - - /* - * ... but stash the body and send it as a priority next - * handle_POLLOUT - */ - wsi->http.tx_content_length = len; - wsi->http.tx_content_remain = len; - - wsi->h2.pending_status_body = lws_malloc(len + LWS_PRE + 1, - "pending status body"); - if (!wsi->h2.pending_status_body) - return -1; - - strcpy(wsi->h2.pending_status_body + LWS_PRE, body); - lws_callback_on_writable(wsi); - - return 0; - } else -#endif - { - /* - * for http/1, we can just append the body after the finalized - * headers and send it all in one go. - */ - - n = lws_ptr_diff(p, start) + len; - memcpy(p, body, len); - m = lws_write(wsi, start, n, LWS_WRITE_HTTP); - if (m != n) - return 1; - } - - return m != n; -} - -LWS_VISIBLE int -lws_http_redirect(struct lws *wsi, int code, const unsigned char *loc, int len, - unsigned char **p, unsigned char *end) -{ - unsigned char *start = *p; - - if (lws_add_http_header_status(wsi, code, p, end)) - return -1; - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_LOCATION, loc, len, - p, end)) - return -1; - /* - * if we're going with http/1.1 and keepalive, we have to give fake - * content metadata so the client knows we completed the transaction and - * it can do the redirect... - */ - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)"text/html", 9, p, - end)) - return -1; - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, - (unsigned char *)"0", 1, p, end)) - return -1; - - if (lws_finalize_http_header(wsi, p, end)) - return -1; - - return lws_write(wsi, start, *p - start, LWS_WRITE_HTTP_HEADERS | - LWS_WRITE_H2_STREAM_END); -} - -#if !defined(LWS_WITH_HTTP_STREAM_COMPRESSION) -LWS_VISIBLE int -lws_http_compression_apply(struct lws *wsi, const char *name, - unsigned char **p, unsigned char *end, char decomp) -{ - (void)wsi; - (void)name; - (void)p; - (void)end; - (void)decomp; - - return 0; -} -#endif - -int -lws_http_headers_detach(struct lws *wsi) -{ - return lws_header_table_detach(wsi, 0); -} - -void -lws_sul_http_ah_lifecheck(lws_sorted_usec_list_t *sul) -{ - struct allocated_headers *ah; - struct lws_context_per_thread *pt = lws_container_of(sul, - struct lws_context_per_thread, sul_ah_lifecheck); - struct lws *wsi; - time_t now; - int m; - - now = time(NULL); - - lws_pt_lock(pt, __func__); - - ah = pt->http.ah_list; - while (ah) { - int len; - char buf[256]; - const unsigned char *c; - - if (!ah->in_use || !ah->wsi || !ah->assigned || - (ah->wsi->vhost && - (now - ah->assigned) < - ah->wsi->vhost->timeout_secs_ah_idle + 360)) { - ah = ah->next; - continue; - } - - /* - * a single ah session somehow got held for - * an unreasonable amount of time. - * - * Dump info on the connection... - */ - wsi = ah->wsi; - buf[0] = '\0'; -#if !defined(LWS_PLAT_OPTEE) - lws_get_peer_simple(wsi, buf, sizeof(buf)); -#else - buf[0] = '\0'; -#endif - lwsl_notice("ah excessive hold: wsi %p\n" - " peer address: %s\n" - " ah pos %lu\n", - wsi, buf, (unsigned long)ah->pos); - buf[0] = '\0'; - m = 0; - do { - c = lws_token_to_string(m); - if (!c) - break; - if (!(*c)) - break; - - len = lws_hdr_total_length(wsi, m); - if (!len || len > (int)sizeof(buf) - 1) { - m++; - continue; - } - - if (lws_hdr_copy(wsi, buf, sizeof buf, m) > 0) { - buf[sizeof(buf) - 1] = '\0'; - - lwsl_notice(" %s = %s\n", - (const char *)c, buf); - } - m++; - } while (1); - - /* explicitly detach the ah */ - lws_header_table_detach(wsi, 0); - - /* ... and then drop the connection */ - - __lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "excessive ah"); - - ah = pt->http.ah_list; - } - - lws_pt_unlock(pt); -} diff --git a/lib/roles/http/lextable.h b/lib/roles/http/lextable.h deleted file mode 100644 index 0bb05c2..0000000 --- a/lib/roles/http/lextable.h +++ /dev/null @@ -1,839 +0,0 @@ -/* pos 0000: 0 */ 0x67 /* 'g' */, 0x40, 0x00 /* (to 0x0040 state 1) */, - 0x70 /* 'p' */, 0x42, 0x00 /* (to 0x0045 state 5) */, - 0x6F /* 'o' */, 0x51, 0x00 /* (to 0x0057 state 10) */, - 0x68 /* 'h' */, 0x5D, 0x00 /* (to 0x0066 state 18) */, - 0x63 /* 'c' */, 0x69, 0x00 /* (to 0x0075 state 23) */, - 0x75 /* 'u' */, 0x8A, 0x00 /* (to 0x0099 state 34) */, - 0x73 /* 's' */, 0xA0, 0x00 /* (to 0x00B2 state 48) */, - 0x0D /* '.' */, 0xD9, 0x00 /* (to 0x00EE state 68) */, - 0x61 /* 'a' */, 0x31, 0x01 /* (to 0x0149 state 129) */, - 0x69 /* 'i' */, 0x70, 0x01 /* (to 0x018B state 163) */, - 0x64 /* 'd' */, 0x19, 0x02 /* (to 0x0237 state 265) */, - 0x72 /* 'r' */, 0x22, 0x02 /* (to 0x0243 state 270) */, - 0x3A /* ':' */, 0x56, 0x02 /* (to 0x027A state 299) */, - 0x65 /* 'e' */, 0xE8, 0x02 /* (to 0x030F state 409) */, - 0x66 /* 'f' */, 0x04, 0x03 /* (to 0x032E state 425) */, - 0x6C /* 'l' */, 0x26, 0x03 /* (to 0x0353 state 458) */, - 0x6D /* 'm' */, 0x49, 0x03 /* (to 0x0379 state 484) */, - 0x74 /* 't' */, 0xB8, 0x03 /* (to 0x03EB state 578) */, - 0x76 /* 'v' */, 0xD9, 0x03 /* (to 0x040F state 606) */, - 0x77 /* 'w' */, 0xE6, 0x03 /* (to 0x041F state 614) */, - 0x78 /* 'x' */, 0x0D, 0x04 /* (to 0x0449 state 650) */, - 0x08, /* fail */ -/* pos 0040: 1 */ 0xE5 /* 'e' -> */, -/* pos 0041: 2 */ 0xF4 /* 't' -> */, -/* pos 0042: 3 */ 0xA0 /* ' ' -> */, -/* pos 0043: 4 */ 0x00, 0x00 /* - terminal marker 0 - */, -/* pos 0045: 5 */ 0x6F /* 'o' */, 0x0D, 0x00 /* (to 0x0052 state 6) */, - 0x72 /* 'r' */, 0x95, 0x01 /* (to 0x01DD state 211) */, - 0x61 /* 'a' */, 0xE6, 0x03 /* (to 0x0431 state 631) */, - 0x75 /* 'u' */, 0xE8, 0x03 /* (to 0x0436 state 635) */, - 0x08, /* fail */ -/* pos 0052: 6 */ 0xF3 /* 's' -> */, -/* pos 0053: 7 */ 0xF4 /* 't' -> */, -/* pos 0054: 8 */ 0xA0 /* ' ' -> */, -/* pos 0055: 9 */ 0x00, 0x01 /* - terminal marker 1 - */, -/* pos 0057: 10 */ 0x70 /* 'p' */, 0x07, 0x00 /* (to 0x005E state 11) */, - 0x72 /* 'r' */, 0x51, 0x00 /* (to 0x00AB state 42) */, - 0x08, /* fail */ -/* pos 005e: 11 */ 0xF4 /* 't' -> */, -/* pos 005f: 12 */ 0xE9 /* 'i' -> */, -/* pos 0060: 13 */ 0xEF /* 'o' -> */, -/* pos 0061: 14 */ 0xEE /* 'n' -> */, -/* pos 0062: 15 */ 0xF3 /* 's' -> */, -/* pos 0063: 16 */ 0xA0 /* ' ' -> */, -/* pos 0064: 17 */ 0x00, 0x02 /* - terminal marker 2 - */, -/* pos 0066: 18 */ 0x6F /* 'o' */, 0x0A, 0x00 /* (to 0x0070 state 19) */, - 0x74 /* 't' */, 0xBF, 0x00 /* (to 0x0128 state 110) */, - 0x65 /* 'e' */, 0x05, 0x04 /* (to 0x0471 state 677) */, - 0x08, /* fail */ -/* pos 0070: 19 */ 0xF3 /* 's' -> */, -/* pos 0071: 20 */ 0xF4 /* 't' -> */, -/* pos 0072: 21 */ 0xBA /* ':' -> */, -/* pos 0073: 22 */ 0x00, 0x03 /* - terminal marker 3 - */, -/* pos 0075: 23 */ 0x6F /* 'o' */, 0x07, 0x00 /* (to 0x007C state 24) */, - 0x61 /* 'a' */, 0x72, 0x01 /* (to 0x01EA state 217) */, - 0x08, /* fail */ -/* pos 007c: 24 */ 0x6E /* 'n' */, 0x07, 0x00 /* (to 0x0083 state 25) */, - 0x6F /* 'o' */, 0x87, 0x01 /* (to 0x0206 state 243) */, - 0x08, /* fail */ -/* pos 0083: 25 */ 0x6E /* 'n' */, 0x07, 0x00 /* (to 0x008A state 26) */, - 0x74 /* 't' */, 0x86, 0x01 /* (to 0x020C state 248) */, - 0x08, /* fail */ -/* pos 008a: 26 */ 0xE5 /* 'e' -> */, -/* pos 008b: 27 */ 0xE3 /* 'c' -> */, -/* pos 008c: 28 */ 0xF4 /* 't' -> */, -/* pos 008d: 29 */ 0x69 /* 'i' */, 0x07, 0x00 /* (to 0x0094 state 30) */, - 0x20 /* ' ' */, 0xDF, 0x03 /* (to 0x046F state 676) */, - 0x08, /* fail */ -/* pos 0094: 30 */ 0xEF /* 'o' -> */, -/* pos 0095: 31 */ 0xEE /* 'n' -> */, -/* pos 0096: 32 */ 0xBA /* ':' -> */, -/* pos 0097: 33 */ 0x00, 0x04 /* - terminal marker 4 - */, -/* pos 0099: 34 */ 0x70 /* 'p' */, 0x0A, 0x00 /* (to 0x00A3 state 35) */, - 0x73 /* 's' */, 0x68, 0x03 /* (to 0x0404 state 596) */, - 0x72 /* 'r' */, 0xA0, 0x03 /* (to 0x043F state 642) */, - 0x08, /* fail */ -/* pos 00a3: 35 */ 0xE7 /* 'g' -> */, -/* pos 00a4: 36 */ 0xF2 /* 'r' -> */, -/* pos 00a5: 37 */ 0xE1 /* 'a' -> */, -/* pos 00a6: 38 */ 0xE4 /* 'd' -> */, -/* pos 00a7: 39 */ 0xE5 /* 'e' -> */, -/* pos 00a8: 40 */ 0xBA /* ':' -> */, -/* pos 00a9: 41 */ 0x00, 0x05 /* - terminal marker 5 - */, -/* pos 00ab: 42 */ 0xE9 /* 'i' -> */, -/* pos 00ac: 43 */ 0xE7 /* 'g' -> */, -/* pos 00ad: 44 */ 0xE9 /* 'i' -> */, -/* pos 00ae: 45 */ 0xEE /* 'n' -> */, -/* pos 00af: 46 */ 0xBA /* ':' -> */, -/* pos 00b0: 47 */ 0x00, 0x06 /* - terminal marker 6 - */, -/* pos 00b2: 48 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x00B9 state 49) */, - 0x74 /* 't' */, 0x1C, 0x03 /* (to 0x03D1 state 553) */, - 0x08, /* fail */ -/* pos 00b9: 49 */ 0x63 /* 'c' */, 0x0A, 0x00 /* (to 0x00C3 state 50) */, - 0x72 /* 'r' */, 0x05, 0x03 /* (to 0x03C1 state 539) */, - 0x74 /* 't' */, 0x08, 0x03 /* (to 0x03C7 state 544) */, - 0x08, /* fail */ -/* pos 00c3: 50 */ 0xAD /* '-' -> */, -/* pos 00c4: 51 */ 0xF7 /* 'w' -> */, -/* pos 00c5: 52 */ 0xE5 /* 'e' -> */, -/* pos 00c6: 53 */ 0xE2 /* 'b' -> */, -/* pos 00c7: 54 */ 0xF3 /* 's' -> */, -/* pos 00c8: 55 */ 0xEF /* 'o' -> */, -/* pos 00c9: 56 */ 0xE3 /* 'c' -> */, -/* pos 00ca: 57 */ 0xEB /* 'k' -> */, -/* pos 00cb: 58 */ 0xE5 /* 'e' -> */, -/* pos 00cc: 59 */ 0xF4 /* 't' -> */, -/* pos 00cd: 60 */ 0xAD /* '-' -> */, -/* pos 00ce: 61 */ 0x64 /* 'd' */, 0x19, 0x00 /* (to 0x00E7 state 62) */, - 0x65 /* 'e' */, 0x20, 0x00 /* (to 0x00F1 state 70) */, - 0x6B /* 'k' */, 0x29, 0x00 /* (to 0x00FD state 81) */, - 0x70 /* 'p' */, 0x38, 0x00 /* (to 0x010F state 88) */, - 0x61 /* 'a' */, 0x3F, 0x00 /* (to 0x0119 state 97) */, - 0x6E /* 'n' */, 0x44, 0x00 /* (to 0x0121 state 104) */, - 0x76 /* 'v' */, 0x89, 0x01 /* (to 0x0269 state 284) */, - 0x6F /* 'o' */, 0x8F, 0x01 /* (to 0x0272 state 292) */, - 0x08, /* fail */ -/* pos 00e7: 62 */ 0xF2 /* 'r' -> */, -/* pos 00e8: 63 */ 0xE1 /* 'a' -> */, -/* pos 00e9: 64 */ 0xE6 /* 'f' -> */, -/* pos 00ea: 65 */ 0xF4 /* 't' -> */, -/* pos 00eb: 66 */ 0xBA /* ':' -> */, -/* pos 00ec: 67 */ 0x00, 0x07 /* - terminal marker 7 - */, -/* pos 00ee: 68 */ 0x8A /* '.' -> */, -/* pos 00ef: 69 */ 0x00, 0x08 /* - terminal marker 8 - */, -/* pos 00f1: 70 */ 0xF8 /* 'x' -> */, -/* pos 00f2: 71 */ 0xF4 /* 't' -> */, -/* pos 00f3: 72 */ 0xE5 /* 'e' -> */, -/* pos 00f4: 73 */ 0xEE /* 'n' -> */, -/* pos 00f5: 74 */ 0xF3 /* 's' -> */, -/* pos 00f6: 75 */ 0xE9 /* 'i' -> */, -/* pos 00f7: 76 */ 0xEF /* 'o' -> */, -/* pos 00f8: 77 */ 0xEE /* 'n' -> */, -/* pos 00f9: 78 */ 0xF3 /* 's' -> */, -/* pos 00fa: 79 */ 0xBA /* ':' -> */, -/* pos 00fb: 80 */ 0x00, 0x09 /* - terminal marker 9 - */, -/* pos 00fd: 81 */ 0xE5 /* 'e' -> */, -/* pos 00fe: 82 */ 0xF9 /* 'y' -> */, -/* pos 00ff: 83 */ 0x31 /* '1' */, 0x0A, 0x00 /* (to 0x0109 state 84) */, - 0x32 /* '2' */, 0x0A, 0x00 /* (to 0x010C state 86) */, - 0x3A /* ':' */, 0x62, 0x01 /* (to 0x0267 state 283) */, - 0x08, /* fail */ -/* pos 0109: 84 */ 0xBA /* ':' -> */, -/* pos 010a: 85 */ 0x00, 0x0A /* - terminal marker 10 - */, -/* pos 010c: 86 */ 0xBA /* ':' -> */, -/* pos 010d: 87 */ 0x00, 0x0B /* - terminal marker 11 - */, -/* pos 010f: 88 */ 0xF2 /* 'r' -> */, -/* pos 0110: 89 */ 0xEF /* 'o' -> */, -/* pos 0111: 90 */ 0xF4 /* 't' -> */, -/* pos 0112: 91 */ 0xEF /* 'o' -> */, -/* pos 0113: 92 */ 0xE3 /* 'c' -> */, -/* pos 0114: 93 */ 0xEF /* 'o' -> */, -/* pos 0115: 94 */ 0xEC /* 'l' -> */, -/* pos 0116: 95 */ 0xBA /* ':' -> */, -/* pos 0117: 96 */ 0x00, 0x0C /* - terminal marker 12 - */, -/* pos 0119: 97 */ 0xE3 /* 'c' -> */, -/* pos 011a: 98 */ 0xE3 /* 'c' -> */, -/* pos 011b: 99 */ 0xE5 /* 'e' -> */, -/* pos 011c: 100 */ 0xF0 /* 'p' -> */, -/* pos 011d: 101 */ 0xF4 /* 't' -> */, -/* pos 011e: 102 */ 0xBA /* ':' -> */, -/* pos 011f: 103 */ 0x00, 0x0D /* - terminal marker 13 - */, -/* pos 0121: 104 */ 0xEF /* 'o' -> */, -/* pos 0122: 105 */ 0xEE /* 'n' -> */, -/* pos 0123: 106 */ 0xE3 /* 'c' -> */, -/* pos 0124: 107 */ 0xE5 /* 'e' -> */, -/* pos 0125: 108 */ 0xBA /* ':' -> */, -/* pos 0126: 109 */ 0x00, 0x0E /* - terminal marker 14 - */, -/* pos 0128: 110 */ 0xF4 /* 't' -> */, -/* pos 0129: 111 */ 0xF0 /* 'p' -> */, -/* pos 012a: 112 */ 0x2F /* '/' */, 0x07, 0x00 /* (to 0x0131 state 113) */, - 0x32 /* '2' */, 0x10, 0x00 /* (to 0x013D state 118) */, - 0x08, /* fail */ -/* pos 0131: 113 */ 0xB1 /* '1' -> */, -/* pos 0132: 114 */ 0xAE /* '.' -> */, -/* pos 0133: 115 */ 0x31 /* '1' */, 0x07, 0x00 /* (to 0x013A state 116) */, - 0x30 /* '0' */, 0x27, 0x03 /* (to 0x045D state 660) */, - 0x08, /* fail */ -/* pos 013a: 116 */ 0xA0 /* ' ' -> */, -/* pos 013b: 117 */ 0x00, 0x0F /* - terminal marker 15 - */, -/* pos 013d: 118 */ 0xAD /* '-' -> */, -/* pos 013e: 119 */ 0xF3 /* 's' -> */, -/* pos 013f: 120 */ 0xE5 /* 'e' -> */, -/* pos 0140: 121 */ 0xF4 /* 't' -> */, -/* pos 0141: 122 */ 0xF4 /* 't' -> */, -/* pos 0142: 123 */ 0xE9 /* 'i' -> */, -/* pos 0143: 124 */ 0xEE /* 'n' -> */, -/* pos 0144: 125 */ 0xE7 /* 'g' -> */, -/* pos 0145: 126 */ 0xF3 /* 's' -> */, -/* pos 0146: 127 */ 0xBA /* ':' -> */, -/* pos 0147: 128 */ 0x00, 0x10 /* - terminal marker 16 - */, -/* pos 0149: 129 */ 0x63 /* 'c' */, 0x0D, 0x00 /* (to 0x0156 state 130) */, - 0x75 /* 'u' */, 0xAC, 0x00 /* (to 0x01F8 state 230) */, - 0x67 /* 'g' */, 0x86, 0x01 /* (to 0x02D5 state 358) */, - 0x6C /* 'l' */, 0x87, 0x01 /* (to 0x02D9 state 361) */, - 0x08, /* fail */ -/* pos 0156: 130 */ 0xE3 /* 'c' -> */, -/* pos 0157: 131 */ 0xE5 /* 'e' -> */, -/* pos 0158: 132 */ 0x70 /* 'p' */, 0x07, 0x00 /* (to 0x015F state 133) */, - 0x73 /* 's' */, 0x0E, 0x00 /* (to 0x0169 state 136) */, - 0x08, /* fail */ -/* pos 015f: 133 */ 0xF4 /* 't' -> */, -/* pos 0160: 134 */ 0x3A /* ':' */, 0x07, 0x00 /* (to 0x0167 state 135) */, - 0x2D /* '-' */, 0x59, 0x00 /* (to 0x01BC state 192) */, - 0x08, /* fail */ -/* pos 0167: 135 */ 0x00, 0x11 /* - terminal marker 17 - */, -/* pos 0169: 136 */ 0xF3 /* 's' -> */, -/* pos 016a: 137 */ 0xAD /* '-' -> */, -/* pos 016b: 138 */ 0xE3 /* 'c' -> */, -/* pos 016c: 139 */ 0xEF /* 'o' -> */, -/* pos 016d: 140 */ 0xEE /* 'n' -> */, -/* pos 016e: 141 */ 0xF4 /* 't' -> */, -/* pos 016f: 142 */ 0xF2 /* 'r' -> */, -/* pos 0170: 143 */ 0xEF /* 'o' -> */, -/* pos 0171: 144 */ 0xEC /* 'l' -> */, -/* pos 0172: 145 */ 0xAD /* '-' -> */, -/* pos 0173: 146 */ 0x72 /* 'r' */, 0x07, 0x00 /* (to 0x017A state 147) */, - 0x61 /* 'a' */, 0x51, 0x01 /* (to 0x02C7 state 345) */, - 0x08, /* fail */ -/* pos 017a: 147 */ 0xE5 /* 'e' -> */, -/* pos 017b: 148 */ 0xF1 /* 'q' -> */, -/* pos 017c: 149 */ 0xF5 /* 'u' -> */, -/* pos 017d: 150 */ 0xE5 /* 'e' -> */, -/* pos 017e: 151 */ 0xF3 /* 's' -> */, -/* pos 017f: 152 */ 0xF4 /* 't' -> */, -/* pos 0180: 153 */ 0xAD /* '-' -> */, -/* pos 0181: 154 */ 0xE8 /* 'h' -> */, -/* pos 0182: 155 */ 0xE5 /* 'e' -> */, -/* pos 0183: 156 */ 0xE1 /* 'a' -> */, -/* pos 0184: 157 */ 0xE4 /* 'd' -> */, -/* pos 0185: 158 */ 0xE5 /* 'e' -> */, -/* pos 0186: 159 */ 0xF2 /* 'r' -> */, -/* pos 0187: 160 */ 0xF3 /* 's' -> */, -/* pos 0188: 161 */ 0xBA /* ':' -> */, -/* pos 0189: 162 */ 0x00, 0x12 /* - terminal marker 18 - */, -/* pos 018b: 163 */ 0xE6 /* 'f' -> */, -/* pos 018c: 164 */ 0xAD /* '-' -> */, -/* pos 018d: 165 */ 0x6D /* 'm' */, 0x0D, 0x00 /* (to 0x019A state 166) */, - 0x6E /* 'n' */, 0x20, 0x00 /* (to 0x01B0 state 181) */, - 0x72 /* 'r' */, 0xA7, 0x01 /* (to 0x033A state 435) */, - 0x75 /* 'u' */, 0xAB, 0x01 /* (to 0x0341 state 441) */, - 0x08, /* fail */ -/* pos 019a: 166 */ 0x6F /* 'o' */, 0x07, 0x00 /* (to 0x01A1 state 167) */, - 0x61 /* 'a' */, 0x97, 0x01 /* (to 0x0334 state 430) */, - 0x08, /* fail */ -/* pos 01a1: 167 */ 0xE4 /* 'd' -> */, -/* pos 01a2: 168 */ 0xE9 /* 'i' -> */, -/* pos 01a3: 169 */ 0xE6 /* 'f' -> */, -/* pos 01a4: 170 */ 0xE9 /* 'i' -> */, -/* pos 01a5: 171 */ 0xE5 /* 'e' -> */, -/* pos 01a6: 172 */ 0xE4 /* 'd' -> */, -/* pos 01a7: 173 */ 0xAD /* '-' -> */, -/* pos 01a8: 174 */ 0xF3 /* 's' -> */, -/* pos 01a9: 175 */ 0xE9 /* 'i' -> */, -/* pos 01aa: 176 */ 0xEE /* 'n' -> */, -/* pos 01ab: 177 */ 0xE3 /* 'c' -> */, -/* pos 01ac: 178 */ 0xE5 /* 'e' -> */, -/* pos 01ad: 179 */ 0xBA /* ':' -> */, -/* pos 01ae: 180 */ 0x00, 0x13 /* - terminal marker 19 - */, -/* pos 01b0: 181 */ 0xEF /* 'o' -> */, -/* pos 01b1: 182 */ 0xEE /* 'n' -> */, -/* pos 01b2: 183 */ 0xE5 /* 'e' -> */, -/* pos 01b3: 184 */ 0xAD /* '-' -> */, -/* pos 01b4: 185 */ 0xED /* 'm' -> */, -/* pos 01b5: 186 */ 0xE1 /* 'a' -> */, -/* pos 01b6: 187 */ 0xF4 /* 't' -> */, -/* pos 01b7: 188 */ 0xE3 /* 'c' -> */, -/* pos 01b8: 189 */ 0xE8 /* 'h' -> */, -/* pos 01b9: 190 */ 0xBA /* ':' -> */, -/* pos 01ba: 191 */ 0x00, 0x14 /* - terminal marker 20 - */, -/* pos 01bc: 192 */ 0x65 /* 'e' */, 0x0D, 0x00 /* (to 0x01C9 state 193) */, - 0x6C /* 'l' */, 0x14, 0x00 /* (to 0x01D3 state 202) */, - 0x63 /* 'c' */, 0xF4, 0x00 /* (to 0x02B6 state 330) */, - 0x72 /* 'r' */, 0xFA, 0x00 /* (to 0x02BF state 338) */, - 0x08, /* fail */ -/* pos 01c9: 193 */ 0xEE /* 'n' -> */, -/* pos 01ca: 194 */ 0xE3 /* 'c' -> */, -/* pos 01cb: 195 */ 0xEF /* 'o' -> */, -/* pos 01cc: 196 */ 0xE4 /* 'd' -> */, -/* pos 01cd: 197 */ 0xE9 /* 'i' -> */, -/* pos 01ce: 198 */ 0xEE /* 'n' -> */, -/* pos 01cf: 199 */ 0xE7 /* 'g' -> */, -/* pos 01d0: 200 */ 0xBA /* ':' -> */, -/* pos 01d1: 201 */ 0x00, 0x15 /* - terminal marker 21 - */, -/* pos 01d3: 202 */ 0xE1 /* 'a' -> */, -/* pos 01d4: 203 */ 0xEE /* 'n' -> */, -/* pos 01d5: 204 */ 0xE7 /* 'g' -> */, -/* pos 01d6: 205 */ 0xF5 /* 'u' -> */, -/* pos 01d7: 206 */ 0xE1 /* 'a' -> */, -/* pos 01d8: 207 */ 0xE7 /* 'g' -> */, -/* pos 01d9: 208 */ 0xE5 /* 'e' -> */, -/* pos 01da: 209 */ 0xBA /* ':' -> */, -/* pos 01db: 210 */ 0x00, 0x16 /* - terminal marker 22 - */, -/* pos 01dd: 211 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x01E4 state 212) */, - 0x6F /* 'o' */, 0xA7, 0x01 /* (to 0x0387 state 497) */, - 0x08, /* fail */ -/* pos 01e4: 212 */ 0xE7 /* 'g' -> */, -/* pos 01e5: 213 */ 0xED /* 'm' -> */, -/* pos 01e6: 214 */ 0xE1 /* 'a' -> */, -/* pos 01e7: 215 */ 0xBA /* ':' -> */, -/* pos 01e8: 216 */ 0x00, 0x17 /* - terminal marker 23 - */, -/* pos 01ea: 217 */ 0xE3 /* 'c' -> */, -/* pos 01eb: 218 */ 0xE8 /* 'h' -> */, -/* pos 01ec: 219 */ 0xE5 /* 'e' -> */, -/* pos 01ed: 220 */ 0xAD /* '-' -> */, -/* pos 01ee: 221 */ 0xE3 /* 'c' -> */, -/* pos 01ef: 222 */ 0xEF /* 'o' -> */, -/* pos 01f0: 223 */ 0xEE /* 'n' -> */, -/* pos 01f1: 224 */ 0xF4 /* 't' -> */, -/* pos 01f2: 225 */ 0xF2 /* 'r' -> */, -/* pos 01f3: 226 */ 0xEF /* 'o' -> */, -/* pos 01f4: 227 */ 0xEC /* 'l' -> */, -/* pos 01f5: 228 */ 0xBA /* ':' -> */, -/* pos 01f6: 229 */ 0x00, 0x18 /* - terminal marker 24 - */, -/* pos 01f8: 230 */ 0xF4 /* 't' -> */, -/* pos 01f9: 231 */ 0xE8 /* 'h' -> */, -/* pos 01fa: 232 */ 0xEF /* 'o' -> */, -/* pos 01fb: 233 */ 0xF2 /* 'r' -> */, -/* pos 01fc: 234 */ 0xE9 /* 'i' -> */, -/* pos 01fd: 235 */ 0xFA /* 'z' -> */, -/* pos 01fe: 236 */ 0xE1 /* 'a' -> */, -/* pos 01ff: 237 */ 0xF4 /* 't' -> */, -/* pos 0200: 238 */ 0xE9 /* 'i' -> */, -/* pos 0201: 239 */ 0xEF /* 'o' -> */, -/* pos 0202: 240 */ 0xEE /* 'n' -> */, -/* pos 0203: 241 */ 0xBA /* ':' -> */, -/* pos 0204: 242 */ 0x00, 0x19 /* - terminal marker 25 - */, -/* pos 0206: 243 */ 0xEB /* 'k' -> */, -/* pos 0207: 244 */ 0xE9 /* 'i' -> */, -/* pos 0208: 245 */ 0xE5 /* 'e' -> */, -/* pos 0209: 246 */ 0xBA /* ':' -> */, -/* pos 020a: 247 */ 0x00, 0x1A /* - terminal marker 26 - */, -/* pos 020c: 248 */ 0xE5 /* 'e' -> */, -/* pos 020d: 249 */ 0xEE /* 'n' -> */, -/* pos 020e: 250 */ 0xF4 /* 't' -> */, -/* pos 020f: 251 */ 0xAD /* '-' -> */, -/* pos 0210: 252 */ 0x6C /* 'l' */, 0x10, 0x00 /* (to 0x0220 state 253) */, - 0x74 /* 't' */, 0x1E, 0x00 /* (to 0x0231 state 260) */, - 0x64 /* 'd' */, 0xC9, 0x00 /* (to 0x02DF state 366) */, - 0x65 /* 'e' */, 0xD3, 0x00 /* (to 0x02EC state 378) */, - 0x72 /* 'r' */, 0xEC, 0x00 /* (to 0x0308 state 403) */, - 0x08, /* fail */ -/* pos 0220: 253 */ 0x65 /* 'e' */, 0x0A, 0x00 /* (to 0x022A state 254) */, - 0x61 /* 'a' */, 0xD3, 0x00 /* (to 0x02F6 state 387) */, - 0x6F /* 'o' */, 0xD9, 0x00 /* (to 0x02FF state 395) */, - 0x08, /* fail */ -/* pos 022a: 254 */ 0xEE /* 'n' -> */, -/* pos 022b: 255 */ 0xE7 /* 'g' -> */, -/* pos 022c: 256 */ 0xF4 /* 't' -> */, -/* pos 022d: 257 */ 0xE8 /* 'h' -> */, -/* pos 022e: 258 */ 0xBA /* ':' -> */, -/* pos 022f: 259 */ 0x00, 0x1B /* - terminal marker 27 - */, -/* pos 0231: 260 */ 0xF9 /* 'y' -> */, -/* pos 0232: 261 */ 0xF0 /* 'p' -> */, -/* pos 0233: 262 */ 0xE5 /* 'e' -> */, -/* pos 0234: 263 */ 0xBA /* ':' -> */, -/* pos 0235: 264 */ 0x00, 0x1C /* - terminal marker 28 - */, -/* pos 0237: 265 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x023E state 266) */, - 0x65 /* 'e' */, 0xFF, 0x01 /* (to 0x0439 state 637) */, - 0x08, /* fail */ -/* pos 023e: 266 */ 0xF4 /* 't' -> */, -/* pos 023f: 267 */ 0xE5 /* 'e' -> */, -/* pos 0240: 268 */ 0xBA /* ':' -> */, -/* pos 0241: 269 */ 0x00, 0x1D /* - terminal marker 29 - */, -/* pos 0243: 270 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x024A state 271) */, - 0x65 /* 'e' */, 0x0A, 0x00 /* (to 0x0250 state 276) */, - 0x08, /* fail */ -/* pos 024a: 271 */ 0xEE /* 'n' -> */, -/* pos 024b: 272 */ 0xE7 /* 'g' -> */, -/* pos 024c: 273 */ 0xE5 /* 'e' -> */, -/* pos 024d: 274 */ 0xBA /* ':' -> */, -/* pos 024e: 275 */ 0x00, 0x1E /* - terminal marker 30 - */, -/* pos 0250: 276 */ 0x66 /* 'f' */, 0x0A, 0x00 /* (to 0x025A state 277) */, - 0x74 /* 't' */, 0x63, 0x01 /* (to 0x03B6 state 529) */, - 0x70 /* 'p' */, 0x23, 0x02 /* (to 0x0479 state 683) */, - 0x08, /* fail */ -/* pos 025a: 277 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x0261 state 278) */, - 0x72 /* 'r' */, 0x53, 0x01 /* (to 0x03B0 state 524) */, - 0x08, /* fail */ -/* pos 0261: 278 */ 0xF2 /* 'r' -> */, -/* pos 0262: 279 */ 0xE5 /* 'e' -> */, -/* pos 0263: 280 */ 0xF2 /* 'r' -> */, -/* pos 0264: 281 */ 0xBA /* ':' -> */, -/* pos 0265: 282 */ 0x00, 0x1F /* - terminal marker 31 - */, -/* pos 0267: 283 */ 0x00, 0x20 /* - terminal marker 32 - */, -/* pos 0269: 284 */ 0xE5 /* 'e' -> */, -/* pos 026a: 285 */ 0xF2 /* 'r' -> */, -/* pos 026b: 286 */ 0xF3 /* 's' -> */, -/* pos 026c: 287 */ 0xE9 /* 'i' -> */, -/* pos 026d: 288 */ 0xEF /* 'o' -> */, -/* pos 026e: 289 */ 0xEE /* 'n' -> */, -/* pos 026f: 290 */ 0xBA /* ':' -> */, -/* pos 0270: 291 */ 0x00, 0x21 /* - terminal marker 33 - */, -/* pos 0272: 292 */ 0xF2 /* 'r' -> */, -/* pos 0273: 293 */ 0xE9 /* 'i' -> */, -/* pos 0274: 294 */ 0xE7 /* 'g' -> */, -/* pos 0275: 295 */ 0xE9 /* 'i' -> */, -/* pos 0276: 296 */ 0xEE /* 'n' -> */, -/* pos 0277: 297 */ 0xBA /* ':' -> */, -/* pos 0278: 298 */ 0x00, 0x22 /* - terminal marker 34 - */, -/* pos 027a: 299 */ 0x61 /* 'a' */, 0x0D, 0x00 /* (to 0x0287 state 300) */, - 0x6D /* 'm' */, 0x14, 0x00 /* (to 0x0291 state 309) */, - 0x70 /* 'p' */, 0x18, 0x00 /* (to 0x0298 state 315) */, - 0x73 /* 's' */, 0x20, 0x00 /* (to 0x02A3 state 319) */, - 0x08, /* fail */ -/* pos 0287: 300 */ 0xF5 /* 'u' -> */, -/* pos 0288: 301 */ 0xF4 /* 't' -> */, -/* pos 0289: 302 */ 0xE8 /* 'h' -> */, -/* pos 028a: 303 */ 0xEF /* 'o' -> */, -/* pos 028b: 304 */ 0xF2 /* 'r' -> */, -/* pos 028c: 305 */ 0xE9 /* 'i' -> */, -/* pos 028d: 306 */ 0xF4 /* 't' -> */, -/* pos 028e: 307 */ 0xF9 /* 'y' -> */, -/* pos 028f: 308 */ 0x00, 0x23 /* - terminal marker 35 - */, -/* pos 0291: 309 */ 0xE5 /* 'e' -> */, -/* pos 0292: 310 */ 0xF4 /* 't' -> */, -/* pos 0293: 311 */ 0xE8 /* 'h' -> */, -/* pos 0294: 312 */ 0xEF /* 'o' -> */, -/* pos 0295: 313 */ 0xE4 /* 'd' -> */, -/* pos 0296: 314 */ 0x00, 0x24 /* - terminal marker 36 - */, -/* pos 0298: 315 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x029F state 316) */, - 0x72 /* 'r' */, 0xEA, 0x01 /* (to 0x0485 state 694) */, - 0x08, /* fail */ -/* pos 029f: 316 */ 0xF4 /* 't' -> */, -/* pos 02a0: 317 */ 0xE8 /* 'h' -> */, -/* pos 02a1: 318 */ 0x00, 0x25 /* - terminal marker 37 - */, -/* pos 02a3: 319 */ 0x63 /* 'c' */, 0x07, 0x00 /* (to 0x02AA state 320) */, - 0x74 /* 't' */, 0x0A, 0x00 /* (to 0x02B0 state 325) */, - 0x08, /* fail */ -/* pos 02aa: 320 */ 0xE8 /* 'h' -> */, -/* pos 02ab: 321 */ 0xE5 /* 'e' -> */, -/* pos 02ac: 322 */ 0xED /* 'm' -> */, -/* pos 02ad: 323 */ 0xE5 /* 'e' -> */, -/* pos 02ae: 324 */ 0x00, 0x26 /* - terminal marker 38 - */, -/* pos 02b0: 325 */ 0xE1 /* 'a' -> */, -/* pos 02b1: 326 */ 0xF4 /* 't' -> */, -/* pos 02b2: 327 */ 0xF5 /* 'u' -> */, -/* pos 02b3: 328 */ 0xF3 /* 's' -> */, -/* pos 02b4: 329 */ 0x00, 0x27 /* - terminal marker 39 - */, -/* pos 02b6: 330 */ 0xE8 /* 'h' -> */, -/* pos 02b7: 331 */ 0xE1 /* 'a' -> */, -/* pos 02b8: 332 */ 0xF2 /* 'r' -> */, -/* pos 02b9: 333 */ 0xF3 /* 's' -> */, -/* pos 02ba: 334 */ 0xE5 /* 'e' -> */, -/* pos 02bb: 335 */ 0xF4 /* 't' -> */, -/* pos 02bc: 336 */ 0xBA /* ':' -> */, -/* pos 02bd: 337 */ 0x00, 0x28 /* - terminal marker 40 - */, -/* pos 02bf: 338 */ 0xE1 /* 'a' -> */, -/* pos 02c0: 339 */ 0xEE /* 'n' -> */, -/* pos 02c1: 340 */ 0xE7 /* 'g' -> */, -/* pos 02c2: 341 */ 0xE5 /* 'e' -> */, -/* pos 02c3: 342 */ 0xF3 /* 's' -> */, -/* pos 02c4: 343 */ 0xBA /* ':' -> */, -/* pos 02c5: 344 */ 0x00, 0x29 /* - terminal marker 41 - */, -/* pos 02c7: 345 */ 0xEC /* 'l' -> */, -/* pos 02c8: 346 */ 0xEC /* 'l' -> */, -/* pos 02c9: 347 */ 0xEF /* 'o' -> */, -/* pos 02ca: 348 */ 0xF7 /* 'w' -> */, -/* pos 02cb: 349 */ 0xAD /* '-' -> */, -/* pos 02cc: 350 */ 0xEF /* 'o' -> */, -/* pos 02cd: 351 */ 0xF2 /* 'r' -> */, -/* pos 02ce: 352 */ 0xE9 /* 'i' -> */, -/* pos 02cf: 353 */ 0xE7 /* 'g' -> */, -/* pos 02d0: 354 */ 0xE9 /* 'i' -> */, -/* pos 02d1: 355 */ 0xEE /* 'n' -> */, -/* pos 02d2: 356 */ 0xBA /* ':' -> */, -/* pos 02d3: 357 */ 0x00, 0x2A /* - terminal marker 42 - */, -/* pos 02d5: 358 */ 0xE5 /* 'e' -> */, -/* pos 02d6: 359 */ 0xBA /* ':' -> */, -/* pos 02d7: 360 */ 0x00, 0x2B /* - terminal marker 43 - */, -/* pos 02d9: 361 */ 0xEC /* 'l' -> */, -/* pos 02da: 362 */ 0xEF /* 'o' -> */, -/* pos 02db: 363 */ 0xF7 /* 'w' -> */, -/* pos 02dc: 364 */ 0xBA /* ':' -> */, -/* pos 02dd: 365 */ 0x00, 0x2C /* - terminal marker 44 - */, -/* pos 02df: 366 */ 0xE9 /* 'i' -> */, -/* pos 02e0: 367 */ 0xF3 /* 's' -> */, -/* pos 02e1: 368 */ 0xF0 /* 'p' -> */, -/* pos 02e2: 369 */ 0xEF /* 'o' -> */, -/* pos 02e3: 370 */ 0xF3 /* 's' -> */, -/* pos 02e4: 371 */ 0xE9 /* 'i' -> */, -/* pos 02e5: 372 */ 0xF4 /* 't' -> */, -/* pos 02e6: 373 */ 0xE9 /* 'i' -> */, -/* pos 02e7: 374 */ 0xEF /* 'o' -> */, -/* pos 02e8: 375 */ 0xEE /* 'n' -> */, -/* pos 02e9: 376 */ 0xBA /* ':' -> */, -/* pos 02ea: 377 */ 0x00, 0x2D /* - terminal marker 45 - */, -/* pos 02ec: 378 */ 0xEE /* 'n' -> */, -/* pos 02ed: 379 */ 0xE3 /* 'c' -> */, -/* pos 02ee: 380 */ 0xEF /* 'o' -> */, -/* pos 02ef: 381 */ 0xE4 /* 'd' -> */, -/* pos 02f0: 382 */ 0xE9 /* 'i' -> */, -/* pos 02f1: 383 */ 0xEE /* 'n' -> */, -/* pos 02f2: 384 */ 0xE7 /* 'g' -> */, -/* pos 02f3: 385 */ 0xBA /* ':' -> */, -/* pos 02f4: 386 */ 0x00, 0x2E /* - terminal marker 46 - */, -/* pos 02f6: 387 */ 0xEE /* 'n' -> */, -/* pos 02f7: 388 */ 0xE7 /* 'g' -> */, -/* pos 02f8: 389 */ 0xF5 /* 'u' -> */, -/* pos 02f9: 390 */ 0xE1 /* 'a' -> */, -/* pos 02fa: 391 */ 0xE7 /* 'g' -> */, -/* pos 02fb: 392 */ 0xE5 /* 'e' -> */, -/* pos 02fc: 393 */ 0xBA /* ':' -> */, -/* pos 02fd: 394 */ 0x00, 0x2F /* - terminal marker 47 - */, -/* pos 02ff: 395 */ 0xE3 /* 'c' -> */, -/* pos 0300: 396 */ 0xE1 /* 'a' -> */, -/* pos 0301: 397 */ 0xF4 /* 't' -> */, -/* pos 0302: 398 */ 0xE9 /* 'i' -> */, -/* pos 0303: 399 */ 0xEF /* 'o' -> */, -/* pos 0304: 400 */ 0xEE /* 'n' -> */, -/* pos 0305: 401 */ 0xBA /* ':' -> */, -/* pos 0306: 402 */ 0x00, 0x30 /* - terminal marker 48 - */, -/* pos 0308: 403 */ 0xE1 /* 'a' -> */, -/* pos 0309: 404 */ 0xEE /* 'n' -> */, -/* pos 030a: 405 */ 0xE7 /* 'g' -> */, -/* pos 030b: 406 */ 0xE5 /* 'e' -> */, -/* pos 030c: 407 */ 0xBA /* ':' -> */, -/* pos 030d: 408 */ 0x00, 0x31 /* - terminal marker 49 - */, -/* pos 030f: 409 */ 0x74 /* 't' */, 0x07, 0x00 /* (to 0x0316 state 410) */, - 0x78 /* 'x' */, 0x09, 0x00 /* (to 0x031B state 414) */, - 0x08, /* fail */ -/* pos 0316: 410 */ 0xE1 /* 'a' -> */, -/* pos 0317: 411 */ 0xE7 /* 'g' -> */, -/* pos 0318: 412 */ 0xBA /* ':' -> */, -/* pos 0319: 413 */ 0x00, 0x32 /* - terminal marker 50 - */, -/* pos 031b: 414 */ 0xF0 /* 'p' -> */, -/* pos 031c: 415 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x0323 state 416) */, - 0x69 /* 'i' */, 0x09, 0x00 /* (to 0x0328 state 420) */, - 0x08, /* fail */ -/* pos 0323: 416 */ 0xE3 /* 'c' -> */, -/* pos 0324: 417 */ 0xF4 /* 't' -> */, -/* pos 0325: 418 */ 0xBA /* ':' -> */, -/* pos 0326: 419 */ 0x00, 0x33 /* - terminal marker 51 - */, -/* pos 0328: 420 */ 0xF2 /* 'r' -> */, -/* pos 0329: 421 */ 0xE5 /* 'e' -> */, -/* pos 032a: 422 */ 0xF3 /* 's' -> */, -/* pos 032b: 423 */ 0xBA /* ':' -> */, -/* pos 032c: 424 */ 0x00, 0x34 /* - terminal marker 52 - */, -/* pos 032e: 425 */ 0xF2 /* 'r' -> */, -/* pos 032f: 426 */ 0xEF /* 'o' -> */, -/* pos 0330: 427 */ 0xED /* 'm' -> */, -/* pos 0331: 428 */ 0xBA /* ':' -> */, -/* pos 0332: 429 */ 0x00, 0x35 /* - terminal marker 53 - */, -/* pos 0334: 430 */ 0xF4 /* 't' -> */, -/* pos 0335: 431 */ 0xE3 /* 'c' -> */, -/* pos 0336: 432 */ 0xE8 /* 'h' -> */, -/* pos 0337: 433 */ 0xBA /* ':' -> */, -/* pos 0338: 434 */ 0x00, 0x36 /* - terminal marker 54 - */, -/* pos 033a: 435 */ 0xE1 /* 'a' -> */, -/* pos 033b: 436 */ 0xEE /* 'n' -> */, -/* pos 033c: 437 */ 0xE7 /* 'g' -> */, -/* pos 033d: 438 */ 0xE5 /* 'e' -> */, -/* pos 033e: 439 */ 0xBA /* ':' -> */, -/* pos 033f: 440 */ 0x00, 0x37 /* - terminal marker 55 - */, -/* pos 0341: 441 */ 0xEE /* 'n' -> */, -/* pos 0342: 442 */ 0xED /* 'm' -> */, -/* pos 0343: 443 */ 0xEF /* 'o' -> */, -/* pos 0344: 444 */ 0xE4 /* 'd' -> */, -/* pos 0345: 445 */ 0xE9 /* 'i' -> */, -/* pos 0346: 446 */ 0xE6 /* 'f' -> */, -/* pos 0347: 447 */ 0xE9 /* 'i' -> */, -/* pos 0348: 448 */ 0xE5 /* 'e' -> */, -/* pos 0349: 449 */ 0xE4 /* 'd' -> */, -/* pos 034a: 450 */ 0xAD /* '-' -> */, -/* pos 034b: 451 */ 0xF3 /* 's' -> */, -/* pos 034c: 452 */ 0xE9 /* 'i' -> */, -/* pos 034d: 453 */ 0xEE /* 'n' -> */, -/* pos 034e: 454 */ 0xE3 /* 'c' -> */, -/* pos 034f: 455 */ 0xE5 /* 'e' -> */, -/* pos 0350: 456 */ 0xBA /* ':' -> */, -/* pos 0351: 457 */ 0x00, 0x38 /* - terminal marker 56 - */, -/* pos 0353: 458 */ 0x61 /* 'a' */, 0x0A, 0x00 /* (to 0x035D state 459) */, - 0x69 /* 'i' */, 0x15, 0x00 /* (to 0x036B state 472) */, - 0x6F /* 'o' */, 0x17, 0x00 /* (to 0x0370 state 476) */, - 0x08, /* fail */ -/* pos 035d: 459 */ 0xF3 /* 's' -> */, -/* pos 035e: 460 */ 0xF4 /* 't' -> */, -/* pos 035f: 461 */ 0xAD /* '-' -> */, -/* pos 0360: 462 */ 0xED /* 'm' -> */, -/* pos 0361: 463 */ 0xEF /* 'o' -> */, -/* pos 0362: 464 */ 0xE4 /* 'd' -> */, -/* pos 0363: 465 */ 0xE9 /* 'i' -> */, -/* pos 0364: 466 */ 0xE6 /* 'f' -> */, -/* pos 0365: 467 */ 0xE9 /* 'i' -> */, -/* pos 0366: 468 */ 0xE5 /* 'e' -> */, -/* pos 0367: 469 */ 0xE4 /* 'd' -> */, -/* pos 0368: 470 */ 0xBA /* ':' -> */, -/* pos 0369: 471 */ 0x00, 0x39 /* - terminal marker 57 - */, -/* pos 036b: 472 */ 0xEE /* 'n' -> */, -/* pos 036c: 473 */ 0xEB /* 'k' -> */, -/* pos 036d: 474 */ 0xBA /* ':' -> */, -/* pos 036e: 475 */ 0x00, 0x3A /* - terminal marker 58 - */, -/* pos 0370: 476 */ 0xE3 /* 'c' -> */, -/* pos 0371: 477 */ 0xE1 /* 'a' -> */, -/* pos 0372: 478 */ 0xF4 /* 't' -> */, -/* pos 0373: 479 */ 0xE9 /* 'i' -> */, -/* pos 0374: 480 */ 0xEF /* 'o' -> */, -/* pos 0375: 481 */ 0xEE /* 'n' -> */, -/* pos 0376: 482 */ 0xBA /* ':' -> */, -/* pos 0377: 483 */ 0x00, 0x3B /* - terminal marker 59 - */, -/* pos 0379: 484 */ 0xE1 /* 'a' -> */, -/* pos 037a: 485 */ 0xF8 /* 'x' -> */, -/* pos 037b: 486 */ 0xAD /* '-' -> */, -/* pos 037c: 487 */ 0xE6 /* 'f' -> */, -/* pos 037d: 488 */ 0xEF /* 'o' -> */, -/* pos 037e: 489 */ 0xF2 /* 'r' -> */, -/* pos 037f: 490 */ 0xF7 /* 'w' -> */, -/* pos 0380: 491 */ 0xE1 /* 'a' -> */, -/* pos 0381: 492 */ 0xF2 /* 'r' -> */, -/* pos 0382: 493 */ 0xE4 /* 'd' -> */, -/* pos 0383: 494 */ 0xF3 /* 's' -> */, -/* pos 0384: 495 */ 0xBA /* ':' -> */, -/* pos 0385: 496 */ 0x00, 0x3C /* - terminal marker 60 - */, -/* pos 0387: 497 */ 0xF8 /* 'x' -> */, -/* pos 0388: 498 */ 0xF9 /* 'y' -> */, -/* pos 0389: 499 */ 0x2D /* '-' */, 0x07, 0x00 /* (to 0x0390 state 500) */, - 0x20 /* ' ' */, 0xBB, 0x00 /* (to 0x0447 state 649) */, - 0x08, /* fail */ -/* pos 0390: 500 */ 0xE1 /* 'a' -> */, -/* pos 0391: 501 */ 0xF5 /* 'u' -> */, -/* pos 0392: 502 */ 0xF4 /* 't' -> */, -/* pos 0393: 503 */ 0xE8 /* 'h' -> */, -/* pos 0394: 504 */ 0x65 /* 'e' */, 0x07, 0x00 /* (to 0x039B state 505) */, - 0x6F /* 'o' */, 0x0E, 0x00 /* (to 0x03A5 state 514) */, - 0x08, /* fail */ -/* pos 039b: 505 */ 0xEE /* 'n' -> */, -/* pos 039c: 506 */ 0xF4 /* 't' -> */, -/* pos 039d: 507 */ 0xE9 /* 'i' -> */, -/* pos 039e: 508 */ 0xE3 /* 'c' -> */, -/* pos 039f: 509 */ 0xE1 /* 'a' -> */, -/* pos 03a0: 510 */ 0xF4 /* 't' -> */, -/* pos 03a1: 511 */ 0xE5 /* 'e' -> */, -/* pos 03a2: 512 */ 0xBA /* ':' -> */, -/* pos 03a3: 513 */ 0x00, 0x3D /* - terminal marker 61 - */, -/* pos 03a5: 514 */ 0xF2 /* 'r' -> */, -/* pos 03a6: 515 */ 0xE9 /* 'i' -> */, -/* pos 03a7: 516 */ 0xFA /* 'z' -> */, -/* pos 03a8: 517 */ 0xE1 /* 'a' -> */, -/* pos 03a9: 518 */ 0xF4 /* 't' -> */, -/* pos 03aa: 519 */ 0xE9 /* 'i' -> */, -/* pos 03ab: 520 */ 0xEF /* 'o' -> */, -/* pos 03ac: 521 */ 0xEE /* 'n' -> */, -/* pos 03ad: 522 */ 0xBA /* ':' -> */, -/* pos 03ae: 523 */ 0x00, 0x3E /* - terminal marker 62 - */, -/* pos 03b0: 524 */ 0xE5 /* 'e' -> */, -/* pos 03b1: 525 */ 0xF3 /* 's' -> */, -/* pos 03b2: 526 */ 0xE8 /* 'h' -> */, -/* pos 03b3: 527 */ 0xBA /* ':' -> */, -/* pos 03b4: 528 */ 0x00, 0x3F /* - terminal marker 63 - */, -/* pos 03b6: 529 */ 0xF2 /* 'r' -> */, -/* pos 03b7: 530 */ 0xF9 /* 'y' -> */, -/* pos 03b8: 531 */ 0xAD /* '-' -> */, -/* pos 03b9: 532 */ 0xE1 /* 'a' -> */, -/* pos 03ba: 533 */ 0xE6 /* 'f' -> */, -/* pos 03bb: 534 */ 0xF4 /* 't' -> */, -/* pos 03bc: 535 */ 0xE5 /* 'e' -> */, -/* pos 03bd: 536 */ 0xF2 /* 'r' -> */, -/* pos 03be: 537 */ 0xBA /* ':' -> */, -/* pos 03bf: 538 */ 0x00, 0x40 /* - terminal marker 64 - */, -/* pos 03c1: 539 */ 0xF6 /* 'v' -> */, -/* pos 03c2: 540 */ 0xE5 /* 'e' -> */, -/* pos 03c3: 541 */ 0xF2 /* 'r' -> */, -/* pos 03c4: 542 */ 0xBA /* ':' -> */, -/* pos 03c5: 543 */ 0x00, 0x41 /* - terminal marker 65 - */, -/* pos 03c7: 544 */ 0xAD /* '-' -> */, -/* pos 03c8: 545 */ 0xE3 /* 'c' -> */, -/* pos 03c9: 546 */ 0xEF /* 'o' -> */, -/* pos 03ca: 547 */ 0xEF /* 'o' -> */, -/* pos 03cb: 548 */ 0xEB /* 'k' -> */, -/* pos 03cc: 549 */ 0xE9 /* 'i' -> */, -/* pos 03cd: 550 */ 0xE5 /* 'e' -> */, -/* pos 03ce: 551 */ 0xBA /* ':' -> */, -/* pos 03cf: 552 */ 0x00, 0x42 /* - terminal marker 66 - */, -/* pos 03d1: 553 */ 0xF2 /* 'r' -> */, -/* pos 03d2: 554 */ 0xE9 /* 'i' -> */, -/* pos 03d3: 555 */ 0xE3 /* 'c' -> */, -/* pos 03d4: 556 */ 0xF4 /* 't' -> */, -/* pos 03d5: 557 */ 0xAD /* '-' -> */, -/* pos 03d6: 558 */ 0xF4 /* 't' -> */, -/* pos 03d7: 559 */ 0xF2 /* 'r' -> */, -/* pos 03d8: 560 */ 0xE1 /* 'a' -> */, -/* pos 03d9: 561 */ 0xEE /* 'n' -> */, -/* pos 03da: 562 */ 0xF3 /* 's' -> */, -/* pos 03db: 563 */ 0xF0 /* 'p' -> */, -/* pos 03dc: 564 */ 0xEF /* 'o' -> */, -/* pos 03dd: 565 */ 0xF2 /* 'r' -> */, -/* pos 03de: 566 */ 0xF4 /* 't' -> */, -/* pos 03df: 567 */ 0xAD /* '-' -> */, -/* pos 03e0: 568 */ 0xF3 /* 's' -> */, -/* pos 03e1: 569 */ 0xE5 /* 'e' -> */, -/* pos 03e2: 570 */ 0xE3 /* 'c' -> */, -/* pos 03e3: 571 */ 0xF5 /* 'u' -> */, -/* pos 03e4: 572 */ 0xF2 /* 'r' -> */, -/* pos 03e5: 573 */ 0xE9 /* 'i' -> */, -/* pos 03e6: 574 */ 0xF4 /* 't' -> */, -/* pos 03e7: 575 */ 0xF9 /* 'y' -> */, -/* pos 03e8: 576 */ 0xBA /* ':' -> */, -/* pos 03e9: 577 */ 0x00, 0x43 /* - terminal marker 67 - */, -/* pos 03eb: 578 */ 0x72 /* 'r' */, 0x07, 0x00 /* (to 0x03F2 state 579) */, - 0x65 /* 'e' */, 0x88, 0x00 /* (to 0x0476 state 681) */, - 0x08, /* fail */ -/* pos 03f2: 579 */ 0xE1 /* 'a' -> */, -/* pos 03f3: 580 */ 0xEE /* 'n' -> */, -/* pos 03f4: 581 */ 0xF3 /* 's' -> */, -/* pos 03f5: 582 */ 0xE6 /* 'f' -> */, -/* pos 03f6: 583 */ 0xE5 /* 'e' -> */, -/* pos 03f7: 584 */ 0xF2 /* 'r' -> */, -/* pos 03f8: 585 */ 0xAD /* '-' -> */, -/* pos 03f9: 586 */ 0xE5 /* 'e' -> */, -/* pos 03fa: 587 */ 0xEE /* 'n' -> */, -/* pos 03fb: 588 */ 0xE3 /* 'c' -> */, -/* pos 03fc: 589 */ 0xEF /* 'o' -> */, -/* pos 03fd: 590 */ 0xE4 /* 'd' -> */, -/* pos 03fe: 591 */ 0xE9 /* 'i' -> */, -/* pos 03ff: 592 */ 0xEE /* 'n' -> */, -/* pos 0400: 593 */ 0xE7 /* 'g' -> */, -/* pos 0401: 594 */ 0xBA /* ':' -> */, -/* pos 0402: 595 */ 0x00, 0x44 /* - terminal marker 68 - */, -/* pos 0404: 596 */ 0xE5 /* 'e' -> */, -/* pos 0405: 597 */ 0xF2 /* 'r' -> */, -/* pos 0406: 598 */ 0xAD /* '-' -> */, -/* pos 0407: 599 */ 0xE1 /* 'a' -> */, -/* pos 0408: 600 */ 0xE7 /* 'g' -> */, -/* pos 0409: 601 */ 0xE5 /* 'e' -> */, -/* pos 040a: 602 */ 0xEE /* 'n' -> */, -/* pos 040b: 603 */ 0xF4 /* 't' -> */, -/* pos 040c: 604 */ 0xBA /* ':' -> */, -/* pos 040d: 605 */ 0x00, 0x45 /* - terminal marker 69 - */, -/* pos 040f: 606 */ 0x61 /* 'a' */, 0x07, 0x00 /* (to 0x0416 state 607) */, - 0x69 /* 'i' */, 0x09, 0x00 /* (to 0x041B state 611) */, - 0x08, /* fail */ -/* pos 0416: 607 */ 0xF2 /* 'r' -> */, -/* pos 0417: 608 */ 0xF9 /* 'y' -> */, -/* pos 0418: 609 */ 0xBA /* ':' -> */, -/* pos 0419: 610 */ 0x00, 0x46 /* - terminal marker 70 - */, -/* pos 041b: 611 */ 0xE1 /* 'a' -> */, -/* pos 041c: 612 */ 0xBA /* ':' -> */, -/* pos 041d: 613 */ 0x00, 0x47 /* - terminal marker 71 - */, -/* pos 041f: 614 */ 0xF7 /* 'w' -> */, -/* pos 0420: 615 */ 0xF7 /* 'w' -> */, -/* pos 0421: 616 */ 0xAD /* '-' -> */, -/* pos 0422: 617 */ 0xE1 /* 'a' -> */, -/* pos 0423: 618 */ 0xF5 /* 'u' -> */, -/* pos 0424: 619 */ 0xF4 /* 't' -> */, -/* pos 0425: 620 */ 0xE8 /* 'h' -> */, -/* pos 0426: 621 */ 0xE5 /* 'e' -> */, -/* pos 0427: 622 */ 0xEE /* 'n' -> */, -/* pos 0428: 623 */ 0xF4 /* 't' -> */, -/* pos 0429: 624 */ 0xE9 /* 'i' -> */, -/* pos 042a: 625 */ 0xE3 /* 'c' -> */, -/* pos 042b: 626 */ 0xE1 /* 'a' -> */, -/* pos 042c: 627 */ 0xF4 /* 't' -> */, -/* pos 042d: 628 */ 0xE5 /* 'e' -> */, -/* pos 042e: 629 */ 0xBA /* ':' -> */, -/* pos 042f: 630 */ 0x00, 0x48 /* - terminal marker 72 - */, -/* pos 0431: 631 */ 0xF4 /* 't' -> */, -/* pos 0432: 632 */ 0xE3 /* 'c' -> */, -/* pos 0433: 633 */ 0xE8 /* 'h' -> */, -/* pos 0434: 634 */ 0x00, 0x49 /* - terminal marker 73 - */, -/* pos 0436: 635 */ 0xF4 /* 't' -> */, -/* pos 0437: 636 */ 0x00, 0x4A /* - terminal marker 74 - */, -/* pos 0439: 637 */ 0xEC /* 'l' -> */, -/* pos 043a: 638 */ 0xE5 /* 'e' -> */, -/* pos 043b: 639 */ 0xF4 /* 't' -> */, -/* pos 043c: 640 */ 0xE5 /* 'e' -> */, -/* pos 043d: 641 */ 0x00, 0x4B /* - terminal marker 75 - */, -/* pos 043f: 642 */ 0xE9 /* 'i' -> */, -/* pos 0440: 643 */ 0xAD /* '-' -> */, -/* pos 0441: 644 */ 0xE1 /* 'a' -> */, -/* pos 0442: 645 */ 0xF2 /* 'r' -> */, -/* pos 0443: 646 */ 0xE7 /* 'g' -> */, -/* pos 0444: 647 */ 0xF3 /* 's' -> */, -/* pos 0445: 648 */ 0x00, 0x4C /* - terminal marker 76 - */, -/* pos 0447: 649 */ 0x00, 0x4D /* - terminal marker 77 - */, -/* pos 0449: 650 */ 0xAD /* '-' -> */, -/* pos 044a: 651 */ 0x72 /* 'r' */, 0x0A, 0x00 /* (to 0x0454 state 652) */, - 0x66 /* 'f' */, 0x13, 0x00 /* (to 0x0460 state 662) */, - 0x61 /* 'a' */, 0x3D, 0x00 /* (to 0x048D state 701) */, - 0x08, /* fail */ -/* pos 0454: 652 */ 0xE5 /* 'e' -> */, -/* pos 0455: 653 */ 0xE1 /* 'a' -> */, -/* pos 0456: 654 */ 0xEC /* 'l' -> */, -/* pos 0457: 655 */ 0xAD /* '-' -> */, -/* pos 0458: 656 */ 0xE9 /* 'i' -> */, -/* pos 0459: 657 */ 0xF0 /* 'p' -> */, -/* pos 045a: 658 */ 0xBA /* ':' -> */, -/* pos 045b: 659 */ 0x00, 0x4E /* - terminal marker 78 - */, -/* pos 045d: 660 */ 0xA0 /* ' ' -> */, -/* pos 045e: 661 */ 0x00, 0x4F /* - terminal marker 79 - */, -/* pos 0460: 662 */ 0xEF /* 'o' -> */, -/* pos 0461: 663 */ 0xF2 /* 'r' -> */, -/* pos 0462: 664 */ 0xF7 /* 'w' -> */, -/* pos 0463: 665 */ 0xE1 /* 'a' -> */, -/* pos 0464: 666 */ 0xF2 /* 'r' -> */, -/* pos 0465: 667 */ 0xE4 /* 'd' -> */, -/* pos 0466: 668 */ 0xE5 /* 'e' -> */, -/* pos 0467: 669 */ 0xE4 /* 'd' -> */, -/* pos 0468: 670 */ 0xAD /* '-' -> */, -/* pos 0469: 671 */ 0xE6 /* 'f' -> */, -/* pos 046a: 672 */ 0xEF /* 'o' -> */, -/* pos 046b: 673 */ 0xF2 /* 'r' -> */, -/* pos 046c: 674 */ 0xBA /* ':' -> */, -/* pos 046d: 675 */ 0x00, 0x50 /* - terminal marker 80 - */, -/* pos 046f: 676 */ 0x00, 0x51 /* - terminal marker 81 - */, -/* pos 0471: 677 */ 0xE1 /* 'a' -> */, -/* pos 0472: 678 */ 0xE4 /* 'd' -> */, -/* pos 0473: 679 */ 0xA0 /* ' ' -> */, -/* pos 0474: 680 */ 0x00, 0x52 /* - terminal marker 82 - */, -/* pos 0476: 681 */ 0xBA /* ':' -> */, -/* pos 0477: 682 */ 0x00, 0x53 /* - terminal marker 83 - */, -/* pos 0479: 683 */ 0xEC /* 'l' -> */, -/* pos 047a: 684 */ 0xE1 /* 'a' -> */, -/* pos 047b: 685 */ 0xF9 /* 'y' -> */, -/* pos 047c: 686 */ 0xAD /* '-' -> */, -/* pos 047d: 687 */ 0xEE /* 'n' -> */, -/* pos 047e: 688 */ 0xEF /* 'o' -> */, -/* pos 047f: 689 */ 0xEE /* 'n' -> */, -/* pos 0480: 690 */ 0xE3 /* 'c' -> */, -/* pos 0481: 691 */ 0xE5 /* 'e' -> */, -/* pos 0482: 692 */ 0xBA /* ':' -> */, -/* pos 0483: 693 */ 0x00, 0x54 /* - terminal marker 84 - */, -/* pos 0485: 694 */ 0xEF /* 'o' -> */, -/* pos 0486: 695 */ 0xF4 /* 't' -> */, -/* pos 0487: 696 */ 0xEF /* 'o' -> */, -/* pos 0488: 697 */ 0xE3 /* 'c' -> */, -/* pos 0489: 698 */ 0xEF /* 'o' -> */, -/* pos 048a: 699 */ 0xEC /* 'l' -> */, -/* pos 048b: 700 */ 0x00, 0x55 /* - terminal marker 85 - */, -/* pos 048d: 701 */ 0xF5 /* 'u' -> */, -/* pos 048e: 702 */ 0xF4 /* 't' -> */, -/* pos 048f: 703 */ 0xE8 /* 'h' -> */, -/* pos 0490: 704 */ 0xAD /* '-' -> */, -/* pos 0491: 705 */ 0xF4 /* 't' -> */, -/* pos 0492: 706 */ 0xEF /* 'o' -> */, -/* pos 0493: 707 */ 0xEB /* 'k' -> */, -/* pos 0494: 708 */ 0xE5 /* 'e' -> */, -/* pos 0495: 709 */ 0xEE /* 'n' -> */, -/* pos 0496: 710 */ 0xBA /* ':' -> */, -/* pos 0497: 711 */ 0x00, 0x56 /* - terminal marker 86 - */, -/* total size 1177 bytes */ diff --git a/lib/roles/http/private.h b/lib/roles/http/private.h deleted file mode 100644 index 1cc9960..0000000 --- a/lib/roles/http/private.h +++ /dev/null @@ -1,306 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if either H1 or H2 roles are - * enabled - */ - -#if defined(LWS_WITH_HUBBUB) - #include - #include - #endif - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) -#include "roles/http/compression/private.h" -#endif - -#define lwsi_role_http(wsi) (lwsi_role_h1(wsi) || lwsi_role_h2(wsi)) - -enum http_version { - HTTP_VERSION_1_0, - HTTP_VERSION_1_1, - HTTP_VERSION_2 -}; - -enum http_conn_type { - HTTP_CONNECTION_CLOSE, - HTTP_CONNECTION_KEEP_ALIVE -}; - -/* - * This is totally opaque to code using the library. It's exported as a - * forward-reference pointer-only declaration; the user can use the pointer with - * other APIs to get information out of it. - */ - -#if defined(LWS_WITH_ESP32) -typedef uint16_t ah_data_idx_t; -#else -typedef uint32_t ah_data_idx_t; -#endif - -struct lws_fragments { - ah_data_idx_t offset; - uint16_t len; - uint8_t nfrag; /* which ah->frag[] continues this content, or 0 */ - uint8_t flags; /* only http2 cares */ -}; - -#if defined(LWS_WITH_RANGES) -enum range_states { - LWSRS_NO_ACTIVE_RANGE, - LWSRS_BYTES_EQ, - LWSRS_FIRST, - LWSRS_STARTING, - LWSRS_ENDING, - LWSRS_COMPLETED, - LWSRS_SYNTAX, -}; - -struct lws_range_parsing { - unsigned long long start, end, extent, agg, budget; - const char buf[128]; - int pos; - enum range_states state; - char start_valid, end_valid, ctr, count_ranges, did_try, inside, send_ctr; -}; - -int -lws_ranges_init(struct lws *wsi, struct lws_range_parsing *rp, - unsigned long long extent); -int -lws_ranges_next(struct lws_range_parsing *rp); -void -lws_ranges_reset(struct lws_range_parsing *rp); -#endif - -/* - * these are assigned from a pool held in the context. - * Both client and server mode uses them for http header analysis - */ - -struct allocated_headers { - struct allocated_headers *next; /* linked list */ - struct lws *wsi; /* owner */ - char *data; /* prepared by context init to point to dedicated storage */ - ah_data_idx_t data_length; - /* - * the randomly ordered fragments, indexed by frag_index and - * lws_fragments->nfrag for continuation. - */ - struct lws_fragments frags[WSI_TOKEN_COUNT]; - time_t assigned; - /* - * for each recognized token, frag_index says which frag[] his data - * starts in (0 means the token did not appear) - * the actual header data gets dumped as it comes in, into data[] - */ - uint8_t frag_index[WSI_TOKEN_COUNT]; - -#ifndef LWS_NO_CLIENT - char initial_handshake_hash_base64[30]; -#endif - int hdr_token_idx; - - ah_data_idx_t pos; - ah_data_idx_t http_response; - ah_data_idx_t current_token_limit; - -#if defined(LWS_WITH_CUSTOM_HEADERS) - ah_data_idx_t unk_pos; /* to undo speculative unknown header */ - ah_data_idx_t unk_value_pos; - - ah_data_idx_t unk_ll_head; - ah_data_idx_t unk_ll_tail; -#endif - - int16_t lextable_pos; - - uint8_t in_use; - uint8_t nfrag; - char /*enum uri_path_states */ ups; - char /*enum uri_esc_states */ ues; - - char esc_stash; - char post_literal_equal; - uint8_t /* enum lws_token_indexes */ parser_state; -}; - - - -#if defined(LWS_WITH_HUBBUB) -struct lws_rewrite { - hubbub_parser *parser; - hubbub_parser_optparams params; - const char *from, *to; - int from_len, to_len; - unsigned char *p, *end; - struct lws *wsi; -}; -static LWS_INLINE int hstrcmp(hubbub_string *s, const char *p, int len) -{ - if ((int)s->len != len) - return 1; - - return strncmp((const char *)s->ptr, p, len); -} -typedef hubbub_error (*hubbub_callback_t)(const hubbub_token *token, void *pw); -LWS_EXTERN struct lws_rewrite * -lws_rewrite_create(struct lws *wsi, hubbub_callback_t cb, const char *from, const char *to); -LWS_EXTERN void -lws_rewrite_destroy(struct lws_rewrite *r); -LWS_EXTERN int -lws_rewrite_parse(struct lws_rewrite *r, const unsigned char *in, int in_len); -#endif - -struct lws_pt_role_http { - struct allocated_headers *ah_list; - struct lws *ah_wait_list; -#ifdef LWS_WITH_CGI - struct lws_cgi *cgi_list; -#endif - int ah_wait_list_length; - uint32_t ah_pool_length; - - int ah_count_in_use; -}; - -struct lws_peer_role_http { - uint32_t count_ah; - uint32_t total_ah; -}; - -struct lws_vhost_role_http { - char http_proxy_address[128]; - const struct lws_http_mount *mount_list; - const char *error_document_404; - unsigned int http_proxy_port; -}; - -#ifdef LWS_WITH_ACCESS_LOG -struct lws_access_log { - char *header_log; - char *user_agent; - char *referrer; - unsigned long sent; - int response; -}; -#endif - -#define LWS_HTTP_CHUNK_HDR_MAX_SIZE (6 + 2) /* 6 hex digits and then CRLF */ -#define LWS_HTTP_CHUNK_TRL_MAX_SIZE (2 + 5) /* CRLF, then maybe 0 CRLF CRLF */ - -struct _lws_http_mode_related { - struct lws *new_wsi_list; - - unsigned char *pending_return_headers; - size_t pending_return_headers_len; - size_t prh_content_length; - -#if defined(LWS_WITH_HTTP_PROXY) - struct lws_rewrite *rw; - struct lws_buflist *buflist_post_body; -#endif - struct allocated_headers *ah; - struct lws *ah_wait_list; - - lws_filepos_t filepos; - lws_filepos_t filelen; - lws_fop_fd_t fop_fd; - -#if defined(LWS_WITH_RANGES) - struct lws_range_parsing range; - char multipart_content_type[64]; -#endif - -#ifdef LWS_WITH_ACCESS_LOG - struct lws_access_log access_log; -#endif -#ifdef LWS_WITH_CGI - struct lws_cgi *cgi; /* wsi being cgi master have one of these */ -#endif -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - struct lws_compression_support *lcs; - lws_comp_ctx_t comp_ctx; - unsigned char comp_accept_mask; -#endif - - enum http_version request_version; - enum http_conn_type conn_type; - lws_filepos_t tx_content_length; - lws_filepos_t tx_content_remain; - lws_filepos_t rx_content_length; - lws_filepos_t rx_content_remain; - -#if defined(LWS_WITH_HTTP_PROXY) - unsigned int perform_rewrite:1; - unsigned int proxy_clientside:1; - unsigned int proxy_parent_chunked:1; -#endif - unsigned int deferred_transaction_completed:1; - unsigned int content_length_explicitly_zero:1; - unsigned int did_stream_close:1; -}; - - -#ifndef LWS_NO_CLIENT -enum lws_chunk_parser { - ELCP_HEX, - ELCP_CR, - ELCP_CONTENT, - ELCP_POST_CR, - ELCP_POST_LF, -}; -#endif - -enum lws_parse_urldecode_results { - LPUR_CONTINUE, - LPUR_SWALLOW, - LPUR_FORBID, - LPUR_EXCESSIVE, -}; - -enum lws_check_basic_auth_results { - LCBA_CONTINUE, - LCBA_FAILED_AUTH, - LCBA_END_TRANSACTION, -}; - -enum lws_check_basic_auth_results -lws_check_basic_auth(struct lws *wsi, const char *basic_auth_login_file); - -int -lws_unauthorised_basic_auth(struct lws *wsi); - -int -lws_read_h1(struct lws *wsi, unsigned char *buf, lws_filepos_t len); - -void -_lws_header_table_reset(struct allocated_headers *ah); - -LWS_EXTERN int -_lws_destroy_ah(struct lws_context_per_thread *pt, struct allocated_headers *ah); - -int -lws_http_proxy_start(struct lws *wsi, const struct lws_http_mount *hit, - char *uri_ptr, char ws); - -void -lws_sul_http_ah_lifecheck(lws_sorted_usec_list_t *sul); diff --git a/lib/roles/http/server/access-log.c b/lib/roles/http/server/access-log.c deleted file mode 100644 index 74ae30e..0000000 --- a/lib/roles/http/server/access-log.c +++ /dev/null @@ -1,197 +0,0 @@ -/* - * libwebsockets - server access log handling - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * Produce Apache-compatible log string for wsi, like this: - * - * 2.31.234.19 - - [27/Mar/2016:03:22:44 +0800] - * "GET /aep-screen.png HTTP/1.1" - * 200 152987 "https://libwebsockets.org/index.html" - * "Mozilla/5.0 (Macint... Chrome/49.0.2623.87 Safari/537.36" - * - */ - -extern const char * const method_names[]; - -static const char * const hver[] = { - "HTTP/1.0", "HTTP/1.1", "HTTP/2" -}; - -void -lws_prepare_access_log_info(struct lws *wsi, char *uri_ptr, int uri_len, int meth) -{ - char da[64], uri[256]; - const char *pa, *me; - time_t t = time(NULL); - int l = 256, m; -#ifdef LWS_WITH_IPV6 - char ads[INET6_ADDRSTRLEN]; -#else - char ads[INET_ADDRSTRLEN]; -#endif - struct tm *tmp; - - if (!wsi->vhost) - return; - - /* only worry about preparing it if we store it */ - if (wsi->vhost->log_fd == (int)LWS_INVALID_FILE) - return; - - if (wsi->access_log_pending) - lws_access_log(wsi); - - wsi->http.access_log.header_log = lws_malloc(l, "access log"); - if (!wsi->http.access_log.header_log) - return; - - tmp = localtime(&t); - if (tmp) - strftime(da, sizeof(da), "%d/%b/%Y:%H:%M:%S %z", tmp); - else - strcpy(da, "01/Jan/1970:00:00:00 +0000"); - - pa = lws_get_peer_simple(wsi, ads, sizeof(ads)); - if (!pa) - pa = "(unknown)"; - - if (wsi->http2_substream) - me = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD); - else - me = method_names[meth]; - if (!me) - me = "(null)"; - - m = uri_len; - if (m > (int)sizeof(uri) - 1) - m = sizeof(uri) - 1; - - strncpy(uri, uri_ptr, m); - uri[m] = '\0'; - - lws_snprintf(wsi->http.access_log.header_log, l, - "%s - - [%s] \"%s %s %s\"", - pa, da, me, uri, hver[wsi->http.request_version]); - - //lwsl_notice("%s\n", wsi->http.access_log.header_log); - - l = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_USER_AGENT); - if (l) { - wsi->http.access_log.user_agent = - lws_malloc(l + 5, "access log"); - if (!wsi->http.access_log.user_agent) { - lwsl_err("OOM getting user agent\n"); - lws_free_set_NULL(wsi->http.access_log.header_log); - return; - } - wsi->http.access_log.user_agent[0] = '\0'; - - if (lws_hdr_copy(wsi, wsi->http.access_log.user_agent, l + 4, - WSI_TOKEN_HTTP_USER_AGENT) >= 0) - for (m = 0; m < l; m++) - if (wsi->http.access_log.user_agent[m] == '\"') - wsi->http.access_log.user_agent[m] = '\''; - } - l = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_REFERER); - if (l) { - wsi->http.access_log.referrer = lws_malloc(l + 5, "referrer"); - if (!wsi->http.access_log.referrer) { - lwsl_err("OOM getting referrer\n"); - lws_free_set_NULL(wsi->http.access_log.user_agent); - lws_free_set_NULL(wsi->http.access_log.header_log); - return; - } - wsi->http.access_log.referrer[0] = '\0'; - if (lws_hdr_copy(wsi, wsi->http.access_log.referrer, - l + 4, WSI_TOKEN_HTTP_REFERER) >= 0) - - for (m = 0; m < l; m++) - if (wsi->http.access_log.referrer[m] == '\"') - wsi->http.access_log.referrer[m] = '\''; - } - wsi->access_log_pending = 1; -} - - -int -lws_access_log(struct lws *wsi) -{ - char *p = wsi->http.access_log.user_agent, ass[512], - *p1 = wsi->http.access_log.referrer; - int l; - - if (!wsi->vhost) - return 0; - - if (wsi->vhost->log_fd == (int)LWS_INVALID_FILE) - return 0; - - if (!wsi->access_log_pending) - return 0; - - if (!wsi->http.access_log.header_log) - return 0; - - if (!p) - p = ""; - - if (!p1) - p1 = ""; - - /* - * We do this in two parts to restrict an oversize referrer such that - * we will always have space left to append an empty useragent, while - * maintaining the structure of the log text - */ - l = lws_snprintf(ass, sizeof(ass) - 7, "%s %d %lu \"%s", - wsi->http.access_log.header_log, - wsi->http.access_log.response, - wsi->http.access_log.sent, p1); - if (strlen(p) > sizeof(ass) - 6 - l) { - p[sizeof(ass) - 6 - l] = '\0'; - l--; - } - l += lws_snprintf(ass + l, sizeof(ass) - 1 - l, "\" \"%s\"\n", p); - - ass[sizeof(ass) - 1] = '\0'; - - if (write(wsi->vhost->log_fd, ass, l) != l) - lwsl_err("Failed to write log\n"); - - if (wsi->http.access_log.header_log) { - lws_free(wsi->http.access_log.header_log); - wsi->http.access_log.header_log = NULL; - } - if (wsi->http.access_log.user_agent) { - lws_free(wsi->http.access_log.user_agent); - wsi->http.access_log.user_agent = NULL; - } - if (wsi->http.access_log.referrer) { - lws_free(wsi->http.access_log.referrer); - wsi->http.access_log.referrer = NULL; - } - wsi->access_log_pending = 0; - - return 0; -} - diff --git a/lib/roles/http/server/lws-spa.c b/lib/roles/http/server/lws-spa.c deleted file mode 100644 index 4e25695..0000000 --- a/lib/roles/http/server/lws-spa.c +++ /dev/null @@ -1,675 +0,0 @@ -/* - * libwebsockets - Stateful urldecode for POST - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#define LWS_MAX_ELEM_NAME 32 - -enum urldecode_stateful { - US_NAME, - US_IDLE, - US_PC1, - US_PC2, - - MT_LOOK_BOUND_IN, - MT_HNAME, - MT_DISP, - MT_TYPE, - MT_IGNORE1, - MT_IGNORE2, - MT_IGNORE3, - MT_COMPLETED, -}; - -static const char * const mp_hdr[] = { - "content-disposition: ", - "content-type: ", - "\x0d\x0a" -}; - -struct lws_spa; - -typedef int (*lws_urldecode_stateful_cb)(struct lws_spa *spa, - const char *name, char **buf, int len, int final); - -struct lws_urldecode_stateful { - char *out; - struct lws_spa *data; - struct lws *wsi; - char name[LWS_MAX_ELEM_NAME]; - char temp[LWS_MAX_ELEM_NAME]; - char content_type[32]; - char content_disp[32]; - char content_disp_filename[256]; - char mime_boundary[128]; - int out_len; - int pos; - int hdr_idx; - int mp; - int sum; - - unsigned int multipart_form_data:1; - unsigned int inside_quote:1; - unsigned int subname:1; - unsigned int boundary_real_crlf:1; - - enum urldecode_stateful state; - - lws_urldecode_stateful_cb output; -}; - -struct lws_spa { - struct lws_urldecode_stateful *s; - lws_spa_create_info_t i; - int *param_length; - char finalized; - char **params; - char *storage; - char *end; -}; - -static struct lws_urldecode_stateful * -lws_urldecode_s_create(struct lws_spa *spa, struct lws *wsi, char *out, - int out_len, lws_urldecode_stateful_cb output) -{ - struct lws_urldecode_stateful *s; - char buf[205], *p; - int m = 0; - - if (spa->i.ac) - s = lwsac_use_zero(spa->i.ac, sizeof(*s), spa->i.ac_chunk_size); - else - s = lws_zalloc(sizeof(*s), "stateful urldecode"); - - if (!s) - return NULL; - - s->out = out; - s->out_len = out_len; - s->output = output; - s->pos = 0; - s->sum = 0; - s->mp = 0; - s->state = US_NAME; - s->name[0] = '\0'; - s->data = spa; - s->wsi = wsi; - - if (lws_hdr_copy(wsi, buf, sizeof(buf), - WSI_TOKEN_HTTP_CONTENT_TYPE) > 0) { - /* multipart/form-data; - * boundary=----WebKitFormBoundarycc7YgAPEIHvgE9Bf */ - - if (!strncmp(buf, "multipart/form-data", 19)) { - s->multipart_form_data = 1; - s->state = MT_LOOK_BOUND_IN; - s->mp = 2; - p = strstr(buf, "boundary="); - if (p) { - p += 9; - s->mime_boundary[m++] = '\x0d'; - s->mime_boundary[m++] = '\x0a'; - s->mime_boundary[m++] = '-'; - s->mime_boundary[m++] = '-'; - while (m < (int)sizeof(s->mime_boundary) - 1 && - *p && *p != ' ') - s->mime_boundary[m++] = *p++; - - s->mime_boundary[m] = '\0'; - - lwsl_info("boundary '%s'\n", s->mime_boundary); - } - } - } - - return s; -} - -static int -lws_urldecode_s_process(struct lws_urldecode_stateful *s, const char *in, - int len) -{ - int n, m, hit = 0; - char c, was_end = 0; - - while (len--) { - if (s->pos == s->out_len - s->mp - 1) { - if (s->output(s->data, s->name, &s->out, s->pos, - LWS_UFS_CONTENT)) - return -1; - - was_end = s->pos; - s->pos = 0; - } - switch (s->state) { - - /* states for url arg style */ - - case US_NAME: - s->inside_quote = 0; - if (*in == '=') { - s->name[s->pos] = '\0'; - s->pos = 0; - s->state = US_IDLE; - in++; - continue; - } - if (*in == '&') { - s->name[s->pos] = '\0'; - if (s->output(s->data, s->name, &s->out, - s->pos, LWS_UFS_FINAL_CONTENT)) - return -1; - s->pos = 0; - s->state = US_IDLE; - in++; - continue; - } - if (s->pos >= (int)sizeof(s->name) - 1) { - lwsl_notice("Name too long\n"); - return -1; - } - s->name[s->pos++] = *in++; - break; - case US_IDLE: - if (*in == '%') { - s->state++; - in++; - continue; - } - if (*in == '&') { - s->out[s->pos] = '\0'; - if (s->output(s->data, s->name, &s->out, - s->pos, LWS_UFS_FINAL_CONTENT)) - return -1; - s->pos = 0; - s->state = US_NAME; - in++; - continue; - } - if (*in == '+') { - in++; - s->out[s->pos++] = ' '; - continue; - } - s->out[s->pos++] = *in++; - break; - case US_PC1: - n = char_to_hex(*in); - if (n < 0) - return -1; - - in++; - s->sum = n << 4; - s->state++; - break; - - case US_PC2: - n = char_to_hex(*in); - if (n < 0) - return -1; - - in++; - s->out[s->pos++] = s->sum | n; - s->state = US_IDLE; - break; - - - /* states for multipart / mime style */ - - case MT_LOOK_BOUND_IN: -retry_as_first: - if (*in == s->mime_boundary[s->mp] && - s->mime_boundary[s->mp]) { - in++; - s->mp++; - if (!s->mime_boundary[s->mp]) { - s->mp = 0; - s->state = MT_IGNORE1; - - if (s->pos || was_end) - if (s->output(s->data, s->name, - &s->out, s->pos, - LWS_UFS_FINAL_CONTENT)) - return -1; - - s->pos = 0; - - s->content_disp[0] = '\0'; - s->name[0] = '\0'; - s->content_disp_filename[0] = '\0'; - s->boundary_real_crlf = 1; - } - continue; - } - if (s->mp) { - n = 0; - if (!s->boundary_real_crlf) - n = 2; - if (s->mp >= n) { - memcpy(s->out + s->pos, - s->mime_boundary + n, s->mp - n); - s->pos += s->mp; - s->mp = 0; - goto retry_as_first; - } - } - - s->out[s->pos++] = *in; - in++; - s->mp = 0; - break; - - case MT_HNAME: - m = 0; - c =*in; - if (c >= 'A' && c <= 'Z') - c += 'a' - 'A'; - for (n = 0; n < (int)LWS_ARRAY_SIZE(mp_hdr); n++) - if (c == mp_hdr[n][s->mp]) { - m++; - hit = n; - } - in++; - if (!m) { - /* Unknown header - ignore it */ - s->state = MT_IGNORE1; - s->mp = 0; - continue; - } - - s->mp++; - if (m != 1) - continue; - - if (mp_hdr[hit][s->mp]) - continue; - - s->mp = 0; - s->temp[0] = '\0'; - s->subname = 0; - - if (hit == 2) - s->state = MT_LOOK_BOUND_IN; - else - s->state += hit + 1; - break; - - case MT_DISP: - /* form-data; name="file"; filename="t.txt" */ - - if (*in == '\x0d') { - if (s->content_disp_filename[0]) - if (s->output(s->data, s->name, - &s->out, s->pos, - LWS_UFS_OPEN)) - return -1; - s->state = MT_IGNORE2; - goto done; - } - if (*in == ';') { - s->subname = 1; - s->temp[0] = '\0'; - s->mp = 0; - goto done; - } - - if (*in == '\"') { - s->inside_quote ^= 1; - goto done; - } - - if (s->subname) { - if (*in == '=') { - s->temp[s->mp] = '\0'; - s->subname = 0; - s->mp = 0; - goto done; - } - if (s->mp < (int)sizeof(s->temp) - 1 && - (*in != ' ' || s->inside_quote)) - s->temp[s->mp++] = *in; - goto done; - } - - if (!s->temp[0]) { - if (s->mp < (int)sizeof(s->content_disp) - 1) - s->content_disp[s->mp++] = *in; - if (s->mp < (int)sizeof(s->content_disp)) - s->content_disp[s->mp] = '\0'; - goto done; - } - - if (!strcmp(s->temp, "name")) { - if (s->mp < (int)sizeof(s->name) - 1) - s->name[s->mp++] = *in; - else - s->mp = (int)sizeof(s->name) - 1; - s->name[s->mp] = '\0'; - goto done; - } - - if (!strcmp(s->temp, "filename")) { - if (s->mp < (int)sizeof(s->content_disp_filename) - 1) - s->content_disp_filename[s->mp++] = *in; - s->content_disp_filename[s->mp] = '\0'; - goto done; - } -done: - in++; - break; - - case MT_TYPE: - if (*in == '\x0d') - s->state = MT_IGNORE2; - else { - if (s->mp < (int)sizeof(s->content_type) - 1) - s->content_type[s->mp++] = *in; - s->content_type[s->mp] = '\0'; - } - in++; - break; - - case MT_IGNORE1: - if (*in == '\x0d') - s->state = MT_IGNORE2; - if (*in == '-') - s->state = MT_IGNORE3; - in++; - break; - - case MT_IGNORE2: - s->mp = 0; - if (*in == '\x0a') - s->state = MT_HNAME; - in++; - break; - - case MT_IGNORE3: - if (*in == '\x0d') - s->state = MT_IGNORE1; - if (*in == '-') { - s->state = MT_COMPLETED; - s->wsi->http.rx_content_remain = 0; - } - in++; - break; - case MT_COMPLETED: - break; - } - } - - return 0; -} - -static int -lws_urldecode_s_destroy(struct lws_spa *spa, struct lws_urldecode_stateful *s) -{ - int ret = 0; - - if (s->state != US_IDLE) - ret = -1; - - if (!ret) - if (s->output(s->data, s->name, &s->out, s->pos, - LWS_UFS_FINAL_CONTENT)) - ret = -1; - - if (s->output(s->data, s->name, NULL, 0, LWS_UFS_CLOSE)) - return -1; - - if (!spa->i.ac) - lws_free(s); - - return ret; -} - -static int -lws_urldecode_spa_lookup(struct lws_spa *spa, const char *name) -{ - const char * const *pp = spa->i.param_names; - int n; - - for (n = 0; n < spa->i.count_params; n++) { - if (!strcmp(*pp, name)) - return n; - - if (spa->i.param_names_stride) - pp = (const char * const *)(((char *)pp) + spa->i.param_names_stride); - else - pp++; - } - - return -1; -} - -static int -lws_urldecode_spa_cb(struct lws_spa *spa, const char *name, char **buf, int len, - int final) -{ - int n; - - if (final == LWS_UFS_CLOSE || spa->s->content_disp_filename[0]) { - if (spa->i.opt_cb) { - n = spa->i.opt_cb(spa->i.opt_data, name, - spa->s->content_disp_filename, - buf ? *buf : NULL, len, final); - - if (n < 0) - return -1; - } - return 0; - } - n = lws_urldecode_spa_lookup(spa, name); - if (n == -1 || !len) /* unrecognized */ - return 0; - - if (!spa->i.ac) { - if (!spa->params[n]) - spa->params[n] = *buf; - - if ((*buf) + len >= spa->end) { - lwsl_info("%s: exceeded storage\n", __func__); - return -1; - } - - /* move it on inside storage */ - (*buf) += len; - *((*buf)++) = '\0'; - - spa->s->out_len -= len + 1; - } else { - spa->params[n] = lwsac_use(spa->i.ac, len + 1, - spa->i.ac_chunk_size); - if (!spa->params[n]) - return -1; - - memcpy(spa->params[n], *buf, len); - spa->params[n][len] = '\0'; - } - - spa->param_length[n] += len; - - return 0; -} - -struct lws_spa * -lws_spa_create_via_info(struct lws *wsi, const lws_spa_create_info_t *i) -{ - struct lws_spa *spa; - - if (i->ac) - spa = lwsac_use_zero(i->ac, sizeof(*spa), i->ac_chunk_size); - else - spa = lws_zalloc(sizeof(*spa), "spa"); - - if (!spa) - return NULL; - - spa->i = *i; - if (!spa->i.max_storage) - spa->i.max_storage = 512; - - if (i->ac) - spa->storage = lwsac_use(i->ac, spa->i.max_storage, - i->ac_chunk_size); - else - spa->storage = lws_malloc(spa->i.max_storage, "spa"); - - if (!spa->storage) - goto bail2; - - spa->end = spa->storage + i->max_storage - 1; - - if (i->count_params) { - if (i->ac) - spa->params = lwsac_use_zero(i->ac, - sizeof(char *) * i->count_params, i->ac_chunk_size); - else - spa->params = lws_zalloc(sizeof(char *) * i->count_params, - "spa params"); - if (!spa->params) - goto bail3; - } - - spa->s = lws_urldecode_s_create(spa, wsi, spa->storage, i->max_storage, - lws_urldecode_spa_cb); - if (!spa->s) - goto bail4; - - if (i->count_params) { - if (i->ac) - spa->param_length = lwsac_use_zero(i->ac, - sizeof(int) * i->count_params, i->ac_chunk_size); - else - spa->param_length = lws_zalloc(sizeof(int) * i->count_params, - "spa param len"); - if (!spa->param_length) - goto bail5; - } - - lwsl_info("%s: Created SPA %p\n", __func__, spa); - - return spa; - -bail5: - lws_urldecode_s_destroy(spa, spa->s); -bail4: - if (!i->ac) - lws_free(spa->params); -bail3: - if (!i->ac) - lws_free(spa->storage); -bail2: - if (!i->ac) - lws_free(spa); - - if (i->ac) - lwsac_free(i->ac); - - return NULL; -} - -struct lws_spa * -lws_spa_create(struct lws *wsi, const char * const *param_names, - int count_params, int max_storage, - lws_spa_fileupload_cb opt_cb, void *opt_data) -{ - lws_spa_create_info_t i; - - memset(&i, 0, sizeof(i)); - i.count_params = count_params; - i.max_storage = max_storage; - i.opt_cb = opt_cb; - i.opt_data = opt_data; - i.param_names = param_names; - - return lws_spa_create_via_info(wsi, &i); -} - -int -lws_spa_process(struct lws_spa *spa, const char *in, int len) -{ - if (!spa) { - lwsl_err("%s: NULL spa\n", __func__); - return -1; - } - /* we reject any junk after the last part arrived and we finalized */ - if (spa->finalized) - return 0; - - return lws_urldecode_s_process(spa->s, in, len); -} - -int -lws_spa_get_length(struct lws_spa *spa, int n) -{ - if (n >= spa->i.count_params) - return 0; - - return spa->param_length[n]; -} - -const char * -lws_spa_get_string(struct lws_spa *spa, int n) -{ - if (n >= spa->i.count_params) - return NULL; - - return spa->params[n]; -} - -int -lws_spa_finalize(struct lws_spa *spa) -{ - if (!spa) - return 0; - - if (spa->s) { - lws_urldecode_s_destroy(spa, spa->s); - spa->s = NULL; - } - - spa->finalized = 1; - - return 0; -} - -int -lws_spa_destroy(struct lws_spa *spa) -{ - int n = 0; - - lwsl_info("%s: destroy spa %p\n", __func__, spa); - - if (spa->s) - lws_urldecode_s_destroy(spa, spa->s); - - if (spa->i.ac) - lwsac_free(spa->i.ac); - else { - lws_free(spa->param_length); - lws_free(spa->params); - lws_free(spa->storage); - lws_free(spa); - } - - return n; -} diff --git a/lib/roles/http/server/parsers.c b/lib/roles/http/server/parsers.c deleted file mode 100644 index 795b53b..0000000 --- a/lib/roles/http/server/parsers.c +++ /dev/null @@ -1,1420 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static const unsigned char lextable[] = { -#if defined(LWS_AMAZON_RTOS) || defined(LWS_AMAZON_LINUX) - #include "roles/http/lextable.h" -#else - #include "../lextable.h" -#endif -}; - -#define FAIL_CHAR 0x08 - -#if defined(LWS_WITH_CUSTOM_HEADERS) - -#define UHO_NLEN 0 -#define UHO_VLEN 2 -#define UHO_LL 4 -#define UHO_NAME 8 - -static uint16_t -lws_un16be_get(const void *_p) -{ - const uint8_t *p = _p; - - return ((uint16_t)p[0] << 8) | p[1]; -} - -static void -lws_un16be_set(void *_p, uint16_t v) -{ - uint8_t *p = _p; - - *p++ = (uint8_t)(v >> 8); - *p++ = (uint8_t)v; -} - -static uint32_t -lws_un32be_get(const void *_p) -{ - const uint8_t *p = _p; - - return (uint32_t)((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); -} - -static void -lws_un32be_set(void *_p, uint32_t v) -{ - uint8_t *p = _p; - - *p++ = (uint8_t)(v >> 24); - *p++ = (uint8_t)(v >> 16); - *p++ = (uint8_t)(v >> 8); - *p = (uint8_t)v; -} -#endif - -static struct allocated_headers * -_lws_create_ah(struct lws_context_per_thread *pt, ah_data_idx_t data_size) -{ - struct allocated_headers *ah = lws_zalloc(sizeof(*ah), "ah struct"); - - if (!ah) - return NULL; - - ah->data = lws_malloc(data_size, "ah data"); - if (!ah->data) { - lws_free(ah); - - return NULL; - } - ah->next = pt->http.ah_list; - pt->http.ah_list = ah; - ah->data_length = data_size; - pt->http.ah_pool_length++; - - lwsl_info("%s: created ah %p (size %d): pool length %ld\n", __func__, - ah, (int)data_size, (unsigned long)pt->http.ah_pool_length); - - return ah; -} - -int -_lws_destroy_ah(struct lws_context_per_thread *pt, struct allocated_headers *ah) -{ - lws_start_foreach_llp(struct allocated_headers **, a, pt->http.ah_list) { - if ((*a) == ah) { - *a = ah->next; - pt->http.ah_pool_length--; - lwsl_info("%s: freed ah %p : pool length %ld\n", - __func__, ah, - (unsigned long)pt->http.ah_pool_length); - if (ah->data) - lws_free(ah->data); - lws_free(ah); - - return 0; - } - } lws_end_foreach_llp(a, next); - - return 1; -} - -void -_lws_header_table_reset(struct allocated_headers *ah) -{ - /* init the ah to reflect no headers or data have appeared yet */ - memset(ah->frag_index, 0, sizeof(ah->frag_index)); - memset(ah->frags, 0, sizeof(ah->frags)); - ah->nfrag = 0; - ah->pos = 0; - ah->http_response = 0; - ah->parser_state = WSI_TOKEN_NAME_PART; - ah->lextable_pos = 0; -#if defined(LWS_WITH_CUSTOM_HEADERS) - ah->unk_pos = 0; - ah->unk_ll_head = 0; - ah->unk_ll_tail = 0; -#endif -} - -// doesn't scrub the ah rxbuffer by default, parent must do if needed - -void -__lws_header_table_reset(struct lws *wsi, int autoservice) -{ - struct allocated_headers *ah = wsi->http.ah; - struct lws_context_per_thread *pt; - struct lws_pollfd *pfd; - - /* if we have the idea we're resetting 'our' ah, must be bound to one */ - assert(ah); - /* ah also concurs with ownership */ - assert(ah->wsi == wsi); - - _lws_header_table_reset(ah); - - /* since we will restart the ah, our new headers are not completed */ - wsi->hdr_parsing_completed = 0; - - /* while we hold the ah, keep a timeout on the wsi */ - __lws_set_timeout(wsi, PENDING_TIMEOUT_HOLDING_AH, - wsi->vhost->timeout_secs_ah_idle); - - time(&ah->assigned); - - if (wsi->position_in_fds_table != LWS_NO_FDS_POS && - lws_buflist_next_segment_len(&wsi->buflist, NULL) && - autoservice) { - lwsl_debug("%s: service on readbuf ah\n", __func__); - - pt = &wsi->context->pt[(int)wsi->tsi]; - /* - * Unlike a normal connect, we have the headers already - * (or the first part of them anyway) - */ - pfd = &pt->fds[wsi->position_in_fds_table]; - pfd->revents |= LWS_POLLIN; - lwsl_err("%s: calling service\n", __func__); - lws_service_fd_tsi(wsi->context, pfd, wsi->tsi); - } -} - -void -lws_header_table_reset(struct lws *wsi, int autoservice) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - - __lws_header_table_reset(wsi, autoservice); - - lws_pt_unlock(pt); -} - -static void -_lws_header_ensure_we_are_on_waiting_list(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws_pollargs pa; - struct lws **pwsi = &pt->http.ah_wait_list; - - while (*pwsi) { - if (*pwsi == wsi) - return; - pwsi = &(*pwsi)->http.ah_wait_list; - } - - lwsl_info("%s: wsi: %p\n", __func__, wsi); - wsi->http.ah_wait_list = pt->http.ah_wait_list; - pt->http.ah_wait_list = wsi; - pt->http.ah_wait_list_length++; - - /* we cannot accept input then */ - - _lws_change_pollfd(wsi, LWS_POLLIN, 0, &pa); -} - -static int -__lws_remove_from_ah_waiting_list(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws **pwsi =&pt->http.ah_wait_list; - - while (*pwsi) { - if (*pwsi == wsi) { - lwsl_info("%s: wsi %p\n", __func__, wsi); - /* point prev guy to our next */ - *pwsi = wsi->http.ah_wait_list; - /* we shouldn't point anywhere now */ - wsi->http.ah_wait_list = NULL; - pt->http.ah_wait_list_length--; - - return 1; - } - pwsi = &(*pwsi)->http.ah_wait_list; - } - - return 0; -} - -int LWS_WARN_UNUSED_RESULT -lws_header_table_attach(struct lws *wsi, int autoservice) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_pollargs pa; - int n; - - lwsl_info("%s: wsi %p: ah %p (tsi %d, count = %d) in\n", __func__, - (void *)wsi, (void *)wsi->http.ah, wsi->tsi, - pt->http.ah_count_in_use); - - if (!lwsi_role_http(wsi)) { - lwsl_err("%s: bad role %s\n", __func__, wsi->role_ops->name); - assert(0); - return -1; - } - - lws_pt_lock(pt, __func__); - - /* if we are already bound to one, just clear it down */ - if (wsi->http.ah) { - lwsl_info("%s: cleardown\n", __func__); - goto reset; - } - - n = pt->http.ah_count_in_use == context->max_http_header_pool; -#if defined(LWS_WITH_PEER_LIMITS) - if (!n) { - n = lws_peer_confirm_ah_attach_ok(context, wsi->peer); - if (n) - lws_stats_bump(pt, LWSSTATS_C_PEER_LIMIT_AH_DENIED, 1); - } -#endif - if (n) { - /* - * Pool is either all busy, or we don't want to give this - * particular guy an ah right now... - * - * Make sure we are on the waiting list, and return that we - * weren't able to provide the ah - */ - _lws_header_ensure_we_are_on_waiting_list(wsi); - - goto bail; - } - - __lws_remove_from_ah_waiting_list(wsi); - - wsi->http.ah = _lws_create_ah(pt, context->max_http_header_data); - if (!wsi->http.ah) { /* we could not create an ah */ - _lws_header_ensure_we_are_on_waiting_list(wsi); - - goto bail; - } - - wsi->http.ah->in_use = 1; - wsi->http.ah->wsi = wsi; /* mark our owner */ - pt->http.ah_count_in_use++; - -#if defined(LWS_WITH_PEER_LIMITS) && (defined(LWS_ROLE_H1) || \ - defined(LWS_ROLE_H2)) - lws_context_lock(context, "ah attach"); /* <========================= */ - if (wsi->peer) - wsi->peer->http.count_ah++; - lws_context_unlock(context); /* ====================================> */ -#endif - - _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa); - - lwsl_info("%s: did attach wsi %p: ah %p: count %d (on exit)\n", __func__, - (void *)wsi, (void *)wsi->http.ah, pt->http.ah_count_in_use); - -reset: - __lws_header_table_reset(wsi, autoservice); - - lws_pt_unlock(pt); - -#ifndef LWS_NO_CLIENT - if (lwsi_role_client(wsi) && lwsi_state(wsi) == LRS_UNCONNECTED) - if (!lws_http_client_connect_via_info2(wsi)) - /* our client connect has failed, the wsi - * has been closed - */ - return -1; -#endif - - return 0; - -bail: - lws_pt_unlock(pt); - - return 1; -} - -int __lws_header_table_detach(struct lws *wsi, int autoservice) -{ - struct lws_context *context = wsi->context; - struct allocated_headers *ah = wsi->http.ah; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_pollargs pa; - struct lws **pwsi, **pwsi_eligible; - time_t now; - - __lws_remove_from_ah_waiting_list(wsi); - - if (!ah) - return 0; - - lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__, - (void *)wsi, (void *)ah, wsi->tsi, - pt->http.ah_count_in_use); - - /* we did have an ah attached */ - time(&now); - if (ah->assigned && now - ah->assigned > 3) { - /* - * we're detaching the ah, but it was held an - * unreasonably long time - */ - lwsl_debug("%s: wsi %p: ah held %ds, role/state 0x%lx 0x%x," - "\n", __func__, wsi, (int)(now - ah->assigned), - (unsigned long)lwsi_role(wsi), lwsi_state(wsi)); - } - - ah->assigned = 0; - - /* if we think we're detaching one, there should be one in use */ - assert(pt->http.ah_count_in_use > 0); - /* and this specific one should have been in use */ - assert(ah->in_use); - memset(&wsi->http.ah, 0, sizeof(wsi->http.ah)); - -#if defined(LWS_WITH_PEER_LIMITS) - if (ah->wsi) - lws_peer_track_ah_detach(context, wsi->peer); -#endif - ah->wsi = NULL; /* no owner */ - - pwsi = &pt->http.ah_wait_list; - - /* oh there is nobody on the waiting list... leave the ah unattached */ - if (!*pwsi) - goto nobody_usable_waiting; - - /* - * at least one wsi on the same tsi is waiting, give it to oldest guy - * who is allowed to take it (if any) - */ - lwsl_info("pt wait list %p\n", *pwsi); - wsi = NULL; - pwsi_eligible = NULL; - - while (*pwsi) { -#if defined(LWS_WITH_PEER_LIMITS) - /* are we willing to give this guy an ah? */ - if (!lws_peer_confirm_ah_attach_ok(context, (*pwsi)->peer)) -#endif - { - wsi = *pwsi; - pwsi_eligible = pwsi; - } -#if defined(LWS_WITH_PEER_LIMITS) - else - if (!(*pwsi)->http.ah_wait_list) - lws_stats_bump(pt, - LWSSTATS_C_PEER_LIMIT_AH_DENIED, 1); -#endif - pwsi = &(*pwsi)->http.ah_wait_list; - } - - if (!wsi) /* everybody waiting already has too many ah... */ - goto nobody_usable_waiting; - - lwsl_info("%s: transferring ah to last eligible wsi in wait list " - "%p (wsistate 0x%lx)\n", __func__, wsi, - (unsigned long)wsi->wsistate); - - wsi->http.ah = ah; - ah->wsi = wsi; /* new owner */ - - __lws_header_table_reset(wsi, autoservice); -#if defined(LWS_WITH_PEER_LIMITS) && (defined(LWS_ROLE_H1) || \ - defined(LWS_ROLE_H2)) - lws_context_lock(context, "ah detach"); /* <========================= */ - if (wsi->peer) - wsi->peer->http.count_ah++; - lws_context_unlock(context); /* ====================================> */ -#endif - - /* clients acquire the ah and then insert themselves in fds table... */ - if (wsi->position_in_fds_table != LWS_NO_FDS_POS) { - lwsl_info("%s: Enabling %p POLLIN\n", __func__, wsi); - - /* he has been stuck waiting for an ah, but now his wait is - * over, let him progress */ - - _lws_change_pollfd(wsi, 0, LWS_POLLIN, &pa); - } - - /* point prev guy to next guy in list instead */ - *pwsi_eligible = wsi->http.ah_wait_list; - /* the guy who got one is out of the list */ - wsi->http.ah_wait_list = NULL; - pt->http.ah_wait_list_length--; - -#ifndef LWS_NO_CLIENT - if (lwsi_role_client(wsi) && lwsi_state(wsi) == LRS_UNCONNECTED) { - lws_pt_unlock(pt); - - if (!lws_http_client_connect_via_info2(wsi)) { - /* our client connect has failed, the wsi - * has been closed - */ - - return -1; - } - return 0; - } -#endif - - assert(!!pt->http.ah_wait_list_length == - !!(lws_intptr_t)pt->http.ah_wait_list); -bail: - lwsl_info("%s: wsi %p: ah %p (tsi=%d, count = %d)\n", __func__, - (void *)wsi, (void *)ah, pt->tid, pt->http.ah_count_in_use); - - return 0; - -nobody_usable_waiting: - lwsl_info("%s: nobody usable waiting\n", __func__); - _lws_destroy_ah(pt, ah); - pt->http.ah_count_in_use--; - - goto bail; -} - -int lws_header_table_detach(struct lws *wsi, int autoservice) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int n; - - lws_pt_lock(pt, __func__); - n = __lws_header_table_detach(wsi, autoservice); - lws_pt_unlock(pt); - - return n; -} - -LWS_VISIBLE int -lws_hdr_fragment_length(struct lws *wsi, enum lws_token_indexes h, int frag_idx) -{ - int n; - - if (!wsi->http.ah) - return 0; - - n = wsi->http.ah->frag_index[h]; - if (!n) - return 0; - do { - if (!frag_idx) - return wsi->http.ah->frags[n].len; - n = wsi->http.ah->frags[n].nfrag; - } while (frag_idx-- && n); - - return 0; -} - -LWS_VISIBLE int lws_hdr_total_length(struct lws *wsi, enum lws_token_indexes h) -{ - int n; - int len = 0; - - if (!wsi->http.ah) - return 0; - - n = wsi->http.ah->frag_index[h]; - if (!n) - return 0; - do { - len += wsi->http.ah->frags[n].len; - n = wsi->http.ah->frags[n].nfrag; - - if (n && h != WSI_TOKEN_HTTP_COOKIE) - ++len; - - } while (n); - - return len; -} - -LWS_VISIBLE int lws_hdr_copy_fragment(struct lws *wsi, char *dst, int len, - enum lws_token_indexes h, int frag_idx) -{ - int n = 0; - int f; - - if (!wsi->http.ah) - return -1; - - f = wsi->http.ah->frag_index[h]; - - if (!f) - return -1; - - while (n < frag_idx) { - f = wsi->http.ah->frags[f].nfrag; - if (!f) - return -1; - n++; - } - - if (wsi->http.ah->frags[f].len >= len) - return -1; - - memcpy(dst, wsi->http.ah->data + wsi->http.ah->frags[f].offset, - wsi->http.ah->frags[f].len); - dst[wsi->http.ah->frags[f].len] = '\0'; - - return wsi->http.ah->frags[f].len; -} - -LWS_VISIBLE int lws_hdr_copy(struct lws *wsi, char *dst, int len, - enum lws_token_indexes h) -{ - int toklen = lws_hdr_total_length(wsi, h); - int n; - int comma; - - *dst = '\0'; - if (!toklen) - return 0; - - if (toklen >= len) - return -1; - - if (!wsi->http.ah) - return -1; - - n = wsi->http.ah->frag_index[h]; - if (!n) - return 0; - - do { - comma = (wsi->http.ah->frags[n].nfrag && - h != WSI_TOKEN_HTTP_COOKIE) ? 1 : 0; - - if (wsi->http.ah->frags[n].len + comma >= len) - return -1; - strncpy(dst, &wsi->http.ah->data[wsi->http.ah->frags[n].offset], - wsi->http.ah->frags[n].len); - dst += wsi->http.ah->frags[n].len; - len -= wsi->http.ah->frags[n].len; - n = wsi->http.ah->frags[n].nfrag; - - if (comma) - *dst++ = ','; - - } while (n); - *dst = '\0'; - - return toklen; -} - -#if defined(LWS_WITH_CUSTOM_HEADERS) -LWS_VISIBLE int -lws_hdr_custom_length(struct lws *wsi, const char *name, int nlen) -{ - ah_data_idx_t ll; - - if (!wsi->http.ah || wsi->http2_substream) - return -1; - - ll = wsi->http.ah->unk_ll_head; - while (ll) { - if (ll >= wsi->http.ah->data_length) - return -1; - if (nlen == lws_un16be_get(&wsi->http.ah->data[ll + UHO_NLEN]) && - !strncmp(name, &wsi->http.ah->data[ll + UHO_NAME], nlen)) - return lws_un16be_get(&wsi->http.ah->data[ll + UHO_VLEN]); - - ll = lws_un32be_get(&wsi->http.ah->data[ll + UHO_LL]); - } - - return -1; -} - -LWS_VISIBLE int -lws_hdr_custom_copy(struct lws *wsi, char *dst, int len, const char *name, - int nlen) -{ - ah_data_idx_t ll; - int n; - - if (!wsi->http.ah || wsi->http2_substream) - return -1; - - *dst = '\0'; - - ll = wsi->http.ah->unk_ll_head; - while (ll) { - if (ll >= wsi->http.ah->data_length) - return -1; - if (nlen == lws_un16be_get(&wsi->http.ah->data[ll + UHO_NLEN]) && - !strncmp(name, &wsi->http.ah->data[ll + UHO_NAME], nlen)) { - n = lws_un16be_get(&wsi->http.ah->data[ll + UHO_VLEN]); - if (n + 1 > len) - return -1; - strncpy(dst, &wsi->http.ah->data[ll + UHO_NAME + nlen], n); - dst[n] = '\0'; - - return n; - } - ll = lws_un32be_get(&wsi->http.ah->data[ll + UHO_LL]); - } - - return -1; -} -#endif - -char *lws_hdr_simple_ptr(struct lws *wsi, enum lws_token_indexes h) -{ - int n; - - if (!wsi->http.ah) - return NULL; - - n = wsi->http.ah->frag_index[h]; - if (!n) - return NULL; - - return wsi->http.ah->data + wsi->http.ah->frags[n].offset; -} - -static int LWS_WARN_UNUSED_RESULT -lws_pos_in_bounds(struct lws *wsi) -{ - if (!wsi->http.ah) - return -1; - - if (wsi->http.ah->pos < - (unsigned int)wsi->context->max_http_header_data) - return 0; - - if ((int)wsi->http.ah->pos == wsi->context->max_http_header_data) { - lwsl_err("Ran out of header data space\n"); - return 1; - } - - /* - * with these tests everywhere, it should never be able to exceed - * the limit, only meet it - */ - lwsl_err("%s: pos %ld, limit %ld\n", __func__, - (unsigned long)wsi->http.ah->pos, - (unsigned long)wsi->context->max_http_header_data); - assert(0); - - return 1; -} - -int LWS_WARN_UNUSED_RESULT -lws_hdr_simple_create(struct lws *wsi, enum lws_token_indexes h, const char *s) -{ - wsi->http.ah->nfrag++; - if (wsi->http.ah->nfrag == LWS_ARRAY_SIZE(wsi->http.ah->frags)) { - lwsl_warn("More hdr frags than we can deal with, dropping\n"); - return -1; - } - - wsi->http.ah->frag_index[h] = wsi->http.ah->nfrag; - - wsi->http.ah->frags[wsi->http.ah->nfrag].offset = wsi->http.ah->pos; - wsi->http.ah->frags[wsi->http.ah->nfrag].len = 0; - wsi->http.ah->frags[wsi->http.ah->nfrag].nfrag = 0; - - do { - if (lws_pos_in_bounds(wsi)) - return -1; - - wsi->http.ah->data[wsi->http.ah->pos++] = *s; - if (*s) - wsi->http.ah->frags[wsi->http.ah->nfrag].len++; - } while (*s++); - - return 0; -} - -static int LWS_WARN_UNUSED_RESULT -issue_char(struct lws *wsi, unsigned char c) -{ - unsigned short frag_len; - - if (lws_pos_in_bounds(wsi)) - return -1; - - frag_len = wsi->http.ah->frags[wsi->http.ah->nfrag].len; - /* - * If we haven't hit the token limit, just copy the character into - * the header - */ - if (!wsi->http.ah->current_token_limit || - frag_len < wsi->http.ah->current_token_limit) { - wsi->http.ah->data[wsi->http.ah->pos++] = c; - if (c) - wsi->http.ah->frags[wsi->http.ah->nfrag].len++; - return 0; - } - - /* Insert a null character when we *hit* the limit: */ - if (frag_len == wsi->http.ah->current_token_limit) { - if (lws_pos_in_bounds(wsi)) - return -1; - - wsi->http.ah->data[wsi->http.ah->pos++] = '\0'; - lwsl_warn("header %li exceeds limit %ld\n", - (long)wsi->http.ah->parser_state, - (long)wsi->http.ah->current_token_limit); - } - - return 1; -} - -int -lws_parse_urldecode(struct lws *wsi, uint8_t *_c) -{ - struct allocated_headers *ah = wsi->http.ah; - unsigned int enc = 0; - uint8_t c = *_c; - - // lwsl_notice("ah->ups %d\n", ah->ups); - - /* - * PRIORITY 1 - * special URI processing... convert %xx - */ - switch (ah->ues) { - case URIES_IDLE: - if (c == '%') { - ah->ues = URIES_SEEN_PERCENT; - goto swallow; - } - break; - case URIES_SEEN_PERCENT: - if (char_to_hex(c) < 0) - /* illegal post-% char */ - goto forbid; - - ah->esc_stash = c; - ah->ues = URIES_SEEN_PERCENT_H1; - goto swallow; - - case URIES_SEEN_PERCENT_H1: - if (char_to_hex(c) < 0) - /* illegal post-% char */ - goto forbid; - - *_c = (char_to_hex(ah->esc_stash) << 4) | - char_to_hex(c); - c = *_c; - enc = 1; - ah->ues = URIES_IDLE; - break; - } - - /* - * PRIORITY 2 - * special URI processing... - * convert /.. or /... or /../ etc to / - * convert /./ to / - * convert // or /// etc to / - * leave /.dir or whatever alone - */ - - switch (ah->ups) { - case URIPS_IDLE: - if (!c) - return -1; - /* genuine delimiter */ - if ((c == '&' || c == ';') && !enc) { - if (issue_char(wsi, '\0') < 0) - return -1; - /* link to next fragment */ - ah->frags[ah->nfrag].nfrag = ah->nfrag + 1; - ah->nfrag++; - if (ah->nfrag >= LWS_ARRAY_SIZE(ah->frags)) - goto excessive; - /* start next fragment after the & */ - ah->post_literal_equal = 0; - ah->frags[ah->nfrag].offset = ++ah->pos; - ah->frags[ah->nfrag].len = 0; - ah->frags[ah->nfrag].nfrag = 0; - goto swallow; - } - /* uriencoded = in the name part, disallow */ - if (c == '=' && enc && - ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] && - !ah->post_literal_equal) { - c = '_'; - *_c =c; - } - - /* after the real =, we don't care how many = */ - if (c == '=' && !enc) - ah->post_literal_equal = 1; - - /* + to space */ - if (c == '+' && !enc) { - c = ' '; - *_c = c; - } - /* issue the first / always */ - if (c == '/' && !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) - ah->ups = URIPS_SEEN_SLASH; - break; - case URIPS_SEEN_SLASH: - /* swallow subsequent slashes */ - if (c == '/') - goto swallow; - /* track and swallow the first . after / */ - if (c == '.') { - ah->ups = URIPS_SEEN_SLASH_DOT; - goto swallow; - } - ah->ups = URIPS_IDLE; - break; - case URIPS_SEEN_SLASH_DOT: - /* swallow second . */ - if (c == '.') { - ah->ups = URIPS_SEEN_SLASH_DOT_DOT; - goto swallow; - } - /* change /./ to / */ - if (c == '/') { - ah->ups = URIPS_SEEN_SLASH; - goto swallow; - } - /* it was like /.dir ... regurgitate the . */ - ah->ups = URIPS_IDLE; - if (issue_char(wsi, '.') < 0) - return -1; - break; - - case URIPS_SEEN_SLASH_DOT_DOT: - - /* /../ or /..[End of URI] --> backup to last / */ - if (c == '/' || c == '?') { - /* - * back up one dir level if possible - * safe against header fragmentation because - * the method URI can only be in 1 fragment - */ - if (ah->frags[ah->nfrag].len > 2) { - ah->pos--; - ah->frags[ah->nfrag].len--; - do { - ah->pos--; - ah->frags[ah->nfrag].len--; - } while (ah->frags[ah->nfrag].len > 1 && - ah->data[ah->pos] != '/'); - } - ah->ups = URIPS_SEEN_SLASH; - if (ah->frags[ah->nfrag].len > 1) - break; - goto swallow; - } - - /* /..[^/] ... regurgitate and allow */ - - if (issue_char(wsi, '.') < 0) - return -1; - if (issue_char(wsi, '.') < 0) - return -1; - ah->ups = URIPS_IDLE; - break; - } - - if (c == '?' && !enc && - !ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS]) { /* start of URI args */ - if (ah->ues != URIES_IDLE) - goto forbid; - - /* seal off uri header */ - if (issue_char(wsi, '\0') < 0) - return -1; - - /* move to using WSI_TOKEN_HTTP_URI_ARGS */ - ah->nfrag++; - if (ah->nfrag >= LWS_ARRAY_SIZE(ah->frags)) - goto excessive; - ah->frags[ah->nfrag].offset = ++ah->pos; - ah->frags[ah->nfrag].len = 0; - ah->frags[ah->nfrag].nfrag = 0; - - ah->post_literal_equal = 0; - ah->frag_index[WSI_TOKEN_HTTP_URI_ARGS] = ah->nfrag; - ah->ups = URIPS_IDLE; - goto swallow; - } - - return LPUR_CONTINUE; - -swallow: - return LPUR_SWALLOW; - -forbid: - return LPUR_FORBID; - -excessive: - return LPUR_EXCESSIVE; -} - -static const unsigned char methods[] = { - WSI_TOKEN_GET_URI, - WSI_TOKEN_POST_URI, - WSI_TOKEN_OPTIONS_URI, - WSI_TOKEN_PUT_URI, - WSI_TOKEN_PATCH_URI, - WSI_TOKEN_DELETE_URI, - WSI_TOKEN_CONNECT, - WSI_TOKEN_HEAD_URI, -}; - -/* - * possible returns:, -1 fail, 0 ok or 2, transition to raw - */ - -int LWS_WARN_UNUSED_RESULT -lws_parse(struct lws *wsi, unsigned char *buf, int *len) -{ - struct allocated_headers *ah = wsi->http.ah; - struct lws_context *context = wsi->context; - unsigned int n, m; - unsigned char c; - int r, pos; - - assert(wsi->http.ah); - - do { - (*len)--; - c = *buf++; - - switch (ah->parser_state) { -#if defined(LWS_WITH_CUSTOM_HEADERS) - case WSI_TOKEN_UNKNOWN_VALUE_PART: - - if (c == '\r') - break; - if (c == '\n') { - lws_un16be_set(&ah->data[ah->unk_pos + 2], - ah->pos - ah->unk_value_pos); - ah->parser_state = WSI_TOKEN_NAME_PART; - ah->unk_pos = 0; - ah->lextable_pos = 0; - break; - } - - /* trim leading whitespace */ - if (ah->pos != ah->unk_value_pos || - (c != ' ' && c != '\t')) { - - if (lws_pos_in_bounds(wsi)) - return -1; - - ah->data[ah->pos++] = c; - } - pos = ah->lextable_pos; - break; -#endif - default: - - lwsl_parser("WSI_TOK_(%d) '%c'\n", ah->parser_state, c); - - /* collect into malloc'd buffers */ - /* optional initial space swallow */ - if (!ah->frags[ah->frag_index[ah->parser_state]].len && - c == ' ') - break; - - for (m = 0; m < LWS_ARRAY_SIZE(methods); m++) - if (ah->parser_state == methods[m]) - break; - if (m == LWS_ARRAY_SIZE(methods)) - /* it was not any of the methods */ - goto check_eol; - - /* special URI processing... end at space */ - - if (c == ' ') { - /* enforce starting with / */ - if (!ah->frags[ah->nfrag].len) - if (issue_char(wsi, '/') < 0) - return -1; - - if (ah->ups == URIPS_SEEN_SLASH_DOT_DOT) { - /* - * back up one dir level if possible - * safe against header fragmentation - * because the method URI can only be - * in 1 fragment - */ - if (ah->frags[ah->nfrag].len > 2) { - ah->pos--; - ah->frags[ah->nfrag].len--; - do { - ah->pos--; - ah->frags[ah->nfrag].len--; - } while (ah->frags[ah->nfrag].len > 1 && - ah->data[ah->pos] != '/'); - } - } - - /* begin parsing HTTP version: */ - if (issue_char(wsi, '\0') < 0) - return -1; - ah->parser_state = WSI_TOKEN_HTTP; - goto start_fragment; - } - - r = lws_parse_urldecode(wsi, &c); - switch (r) { - case LPUR_CONTINUE: - break; - case LPUR_SWALLOW: - goto swallow; - case LPUR_FORBID: - goto forbid; - case LPUR_EXCESSIVE: - goto excessive; - default: - return LPR_FAIL; - } -check_eol: - /* bail at EOL */ - if (ah->parser_state != WSI_TOKEN_CHALLENGE && - c == '\x0d') { - if (ah->ues != URIES_IDLE) - goto forbid; - - c = '\0'; - ah->parser_state = WSI_TOKEN_SKIPPING_SAW_CR; - lwsl_parser("*\n"); - } - - n = issue_char(wsi, c); - if ((int)n < 0) - return LPR_FAIL; - if (n > 0) - ah->parser_state = WSI_TOKEN_SKIPPING; - -swallow: - /* per-protocol end of headers management */ - - if (ah->parser_state == WSI_TOKEN_CHALLENGE) - goto set_parsing_complete; - break; - - /* collecting and checking a name part */ - case WSI_TOKEN_NAME_PART: - lwsl_parser("WSI_TOKEN_NAME_PART '%c' 0x%02X " - "(role=0x%lx) " - "wsi->lextable_pos=%d\n", c, c, - (unsigned long)lwsi_role(wsi), - ah->lextable_pos); - - if (c >= 'A' && c <= 'Z') - c += 'a' - 'A'; - -#if defined(LWS_WITH_CUSTOM_HEADERS) - /* - * ...in case it's an unknown header, speculatively - * store it as the name comes in. If we recognize it as - * a known header, we'll snip this. - */ - - if (!ah->unk_pos) { - ah->unk_pos = ah->pos; - /* - * Prepare new unknown header linked-list entry - * - * - 16-bit BE: name part length - * - 16-bit BE: value part length - * - 32-bit BE: data offset of next, or 0 - */ - for (n = 0; n < 8; n++) - if (!lws_pos_in_bounds(wsi)) - ah->data[ah->pos++] = 0; - } -#endif - - if (lws_pos_in_bounds(wsi)) - return -1; - - ah->data[ah->pos++] = c; - pos = ah->lextable_pos; - -#if defined(LWS_WITH_CUSTOM_HEADERS) - if (pos < 0 && c == ':') { - /* - * process unknown headers - * - * register us in the unknown hdr ll - */ - - if (!ah->unk_ll_head) - ah->unk_ll_head = ah->unk_pos; - - if (ah->unk_ll_tail) - lws_un32be_set(&ah->data[ah->unk_ll_tail + UHO_LL], - ah->unk_pos); - - ah->unk_ll_tail = ah->unk_pos; - - lwsl_debug("%s: unk header %d '%.*s'\n", - __func__, - ah->pos - (ah->unk_pos + UHO_NAME), - ah->pos - (ah->unk_pos + UHO_NAME), - &ah->data[ah->unk_pos + UHO_NAME]); - - /* set the unknown header name part length */ - - lws_un16be_set(&ah->data[ah->unk_pos], - (ah->pos - ah->unk_pos) - UHO_NAME); - - ah->unk_value_pos = ah->pos; - - /* - * collect whatever's coming for the unknown header - * argument until the next CRLF - */ - ah->parser_state = WSI_TOKEN_UNKNOWN_VALUE_PART; - break; - } -#endif - if (pos < 0) - break; - - while (1) { - if (lextable[pos] & (1 << 7)) { - /* 1-byte, fail on mismatch */ - if ((lextable[pos] & 0x7f) != c) { -nope: - ah->lextable_pos = -1; - break; - } - /* fall thru */ - pos++; - if (lextable[pos] == FAIL_CHAR) - goto nope; - - ah->lextable_pos = pos; - break; - } - - if (lextable[pos] == FAIL_CHAR) - goto nope; - - /* b7 = 0, end or 3-byte */ - if (lextable[pos] < FAIL_CHAR) { -#if defined(LWS_WITH_CUSTOM_HEADERS) - /* - * We hit a terminal marker, so we - * recognized this header... drop the - * speculative name part storage - */ - ah->pos = ah->unk_pos; - ah->unk_pos = 0; -#endif - ah->lextable_pos = pos; - break; - } - - if (lextable[pos] == c) { /* goto */ - ah->lextable_pos = pos + - (lextable[pos + 1]) + - (lextable[pos + 2] << 8); - break; - } - - /* fall thru goto */ - pos += 3; - /* continue */ - } - - /* - * If it's h1, server needs to be on the look out for - * unknown methods... - */ - if (ah->lextable_pos < 0 && lwsi_role_h1(wsi) && - lwsi_role_server(wsi)) { - /* - * this is not a header we know about... did - * we get a valid method (GET, POST etc) - * already, or is this the bogus method? - */ - for (m = 0; m < LWS_ARRAY_SIZE(methods); m++) - if (ah->frag_index[methods[m]]) { - /* - * already had the method - */ -#if !defined(LWS_WITH_CUSTOM_HEADERS) - ah->parser_state = WSI_TOKEN_SKIPPING; -#endif - break; - } - - if (m != LWS_ARRAY_SIZE(methods)) -#if defined(LWS_WITH_CUSTOM_HEADERS) - /* - * We have the method, this is just an - * unknown header then - */ - goto unknown_hdr; -#else - break; -#endif - /* - * ...it's an unknown http method from a client - * in fact, it cannot be valid http. - * - * Are we set up to transition to another role - * in these cases? - */ - if (lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG)) { - lwsl_notice("%s: http fail fallback\n", - __func__); - /* transition to other role */ - return LPR_DO_FALLBACK; - } - - lwsl_info("Unknown method - dropping\n"); - goto forbid; - } - if (ah->lextable_pos < 0) { -#if defined(LWS_WITH_CUSTOM_HEADERS) - goto unknown_hdr; -#else - /* - * ...otherwise for a client, let him ignore - * unknown headers coming from the server - */ - ah->parser_state = WSI_TOKEN_SKIPPING; - break; -#endif - } - - if (lextable[ah->lextable_pos] < FAIL_CHAR) { - /* terminal state */ - - n = ((unsigned int)lextable[ah->lextable_pos] << 8) | - lextable[ah->lextable_pos + 1]; - - lwsl_parser("known hdr %d\n", n); - for (m = 0; m < LWS_ARRAY_SIZE(methods); m++) - if (n == methods[m] && - ah->frag_index[methods[m]]) { - lwsl_warn("Duplicated method\n"); - return LPR_FAIL; - } - - /* - * WSORIGIN is protocol equiv to ORIGIN, - * JWebSocket likes to send it, map to ORIGIN - */ - if (n == WSI_TOKEN_SWORIGIN) - n = WSI_TOKEN_ORIGIN; - - ah->parser_state = (enum lws_token_indexes) - (WSI_TOKEN_GET_URI + n); - ah->ups = URIPS_IDLE; - - if (context->token_limits) - ah->current_token_limit = context-> - token_limits->token_limit[ - ah->parser_state]; - else - ah->current_token_limit = - wsi->context->max_http_header_data; - - if (ah->parser_state == WSI_TOKEN_CHALLENGE) - goto set_parsing_complete; - - goto start_fragment; - } - break; - -#if defined(LWS_WITH_CUSTOM_HEADERS) -unknown_hdr: - //ah->parser_state = WSI_TOKEN_SKIPPING; - //break; - break; -#endif - -start_fragment: - ah->nfrag++; -excessive: - if (ah->nfrag == LWS_ARRAY_SIZE(ah->frags)) { - lwsl_warn("More hdr frags than we can deal with\n"); - return LPR_FAIL; - } - - ah->frags[ah->nfrag].offset = ah->pos; - ah->frags[ah->nfrag].len = 0; - ah->frags[ah->nfrag].nfrag = 0; - ah->frags[ah->nfrag].flags = 2; - - n = ah->frag_index[ah->parser_state]; - if (!n) { /* first fragment */ - ah->frag_index[ah->parser_state] = ah->nfrag; - ah->hdr_token_idx = ah->parser_state; - break; - } - /* continuation */ - while (ah->frags[n].nfrag) - n = ah->frags[n].nfrag; - ah->frags[n].nfrag = ah->nfrag; - - if (issue_char(wsi, ' ') < 0) - return LPR_FAIL; - break; - - /* skipping arg part of a name we didn't recognize */ - case WSI_TOKEN_SKIPPING: - lwsl_parser("WSI_TOKEN_SKIPPING '%c'\n", c); - - if (c == '\x0d') - ah->parser_state = WSI_TOKEN_SKIPPING_SAW_CR; - break; - - case WSI_TOKEN_SKIPPING_SAW_CR: - lwsl_parser("WSI_TOKEN_SKIPPING_SAW_CR '%c'\n", c); - if (ah->ues != URIES_IDLE) - goto forbid; - if (c == '\x0a') { - ah->parser_state = WSI_TOKEN_NAME_PART; -#if defined(LWS_WITH_CUSTOM_HEADERS) - ah->unk_pos = 0; -#endif - ah->lextable_pos = 0; - } else - ah->parser_state = WSI_TOKEN_SKIPPING; - break; - /* we're done, ignore anything else */ - - case WSI_PARSING_COMPLETE: - lwsl_parser("WSI_PARSING_COMPLETE '%c'\n", c); - break; - } - - } while (*len); - - return LPR_OK; - -set_parsing_complete: - if (ah->ues != URIES_IDLE) - goto forbid; - - if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { - if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION)) - wsi->rx_frame_type = /* temp for ws version index */ - atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION)); - - lwsl_parser("v%02d hdrs done\n", wsi->rx_frame_type); - } - ah->parser_state = WSI_PARSING_COMPLETE; - wsi->hdr_parsing_completed = 1; - - return LPR_OK; - -forbid: - lwsl_notice(" forbidding on uri sanitation\n"); - lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); - - return LPR_FORBIDDEN; -} - diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c deleted file mode 100644 index 6bec745..0000000 --- a/lib/roles/http/server/server.c +++ /dev/null @@ -1,2995 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -const char * const method_names[] = { - "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", "CONNECT", "HEAD", -#ifdef LWS_WITH_HTTP2 - ":path", -#endif - }; - -static const char * const intermediates[] = { "private", "public" }; - -/* - * return 0: all done - * 1: nonfatal error - * <0: fatal error - * - * REQUIRES CONTEXT LOCK HELD - */ - -#ifndef LWS_NO_SERVER -int -_lws_vhost_init_server(const struct lws_context_creation_info *info, - struct lws_vhost *vhost) -{ - int n, opt = 1, limit = 1; - lws_sockfd_type sockfd; - struct lws_vhost *vh; - struct lws *wsi; - int m = 0, is; - - (void)method_names; - (void)opt; - - if (info) { - vhost->iface = info->iface; - vhost->listen_port = info->port; - } - - /* set up our external listening socket we serve on */ - - if (vhost->listen_port == CONTEXT_PORT_NO_LISTEN || - vhost->listen_port == CONTEXT_PORT_NO_LISTEN_SERVER) - return 0; - - vh = vhost->context->vhost_list; - while (vh) { - if (vh->listen_port == vhost->listen_port) { - if (((!vhost->iface && !vh->iface) || - (vhost->iface && vh->iface && - !strcmp(vhost->iface, vh->iface))) && - vh->lserv_wsi - ) { - lwsl_notice(" using listen skt from vhost %s\n", - vh->name); - return 0; - } - } - vh = vh->vhost_next; - } - - if (vhost->iface) { - /* - * let's check before we do anything else about the disposition - * of the interface he wants to bind to... - */ - is = lws_socket_bind(vhost, LWS_SOCK_INVALID, vhost->listen_port, - vhost->iface, 1); - lwsl_debug("initial if check says %d\n", is); - - if (is == LWS_ITOSA_BUSY) - /* treat as fatal */ - return -1; - -deal: - - lws_start_foreach_llp(struct lws_vhost **, pv, - vhost->context->no_listener_vhost_list) { - if (is >= LWS_ITOSA_USABLE && *pv == vhost) { - /* on the list and shouldn't be: remove it */ - lwsl_debug("deferred iface: removing vh %s\n", - (*pv)->name); - *pv = vhost->no_listener_vhost_list; - vhost->no_listener_vhost_list = NULL; - goto done_list; - } - if (is < LWS_ITOSA_USABLE && *pv == vhost) - goto done_list; - } lws_end_foreach_llp(pv, no_listener_vhost_list); - - /* not on the list... */ - - if (is < LWS_ITOSA_USABLE) { - - /* ... but needs to be: so add it */ - - lwsl_debug("deferred iface: adding vh %s\n", vhost->name); - vhost->no_listener_vhost_list = - vhost->context->no_listener_vhost_list; - vhost->context->no_listener_vhost_list = vhost; - } - -done_list: - - switch (is) { - default: - break; - case LWS_ITOSA_NOT_EXIST: - /* can't add it */ - if (info) /* first time */ - lwsl_err("VH %s: iface %s port %d DOESN'T EXIST\n", - vhost->name, vhost->iface, vhost->listen_port); - else - return -1; - return (info->options & LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND) == LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND? - -1 : 1; - case LWS_ITOSA_NOT_USABLE: - /* can't add it */ - if (info) /* first time */ - lwsl_err("VH %s: iface %s port %d NOT USABLE\n", - vhost->name, vhost->iface, vhost->listen_port); - else - return -1; - return (info->options & LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND) == LWS_SERVER_OPTION_FAIL_UPON_UNABLE_TO_BIND? - -1 : 1; - } - } - - (void)n; -#if defined(__linux__) -#ifdef LWS_WITH_UNIX_SOCK - /* - * A Unix domain sockets cannot be bound for several times, even if we set - * the SO_REUSE* options on. - * However, fortunately, each thread is able to independently listen when - * running on a reasonably new Linux kernel. So we can safely assume - * creating just one listening socket for a multi-threaded environment won't - * fail in most cases. - */ - if (!LWS_UNIX_SOCK_ENABLED(vhost)) -#endif - limit = vhost->context->count_threads; -#endif - - for (m = 0; m < limit; m++) { -#ifdef LWS_WITH_UNIX_SOCK - if (LWS_UNIX_SOCK_ENABLED(vhost)) - sockfd = socket(AF_UNIX, SOCK_STREAM, 0); - else -#endif -#ifdef LWS_WITH_IPV6 - if (LWS_IPV6_ENABLED(vhost)) - sockfd = socket(AF_INET6, SOCK_STREAM, 0); - else -#endif - sockfd = socket(AF_INET, SOCK_STREAM, 0); - - if (sockfd == LWS_SOCK_INVALID) { - lwsl_err("ERROR opening socket\n"); - return 1; - } -#if !defined(LWS_WITH_ESP32) -#if (defined(WIN32) || defined(_WIN32)) && defined(SO_EXCLUSIVEADDRUSE) - /* - * only accept that we are the only listener on the port - * https://msdn.microsoft.com/zh-tw/library/ - * windows/desktop/ms740621(v=vs.85).aspx - * - * for lws, to match Linux, we default to exclusive listen - */ - if (!lws_check_opt(vhost->options, - LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE)) { - if (setsockopt(sockfd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, - (const void *)&opt, sizeof(opt)) < 0) { - lwsl_err("reuseaddr failed\n"); - compatible_close(sockfd); - return -1; - } - } else -#endif - - /* - * allow us to restart even if old sockets in TIME_WAIT - */ - if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, - (const void *)&opt, sizeof(opt)) < 0) { - lwsl_err("reuseaddr failed\n"); - compatible_close(sockfd); - return -1; - } - -#if defined(LWS_WITH_IPV6) && defined(IPV6_V6ONLY) - if (LWS_IPV6_ENABLED(vhost) && - vhost->options & LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY) { - int value = (vhost->options & - LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE) ? 1 : 0; - if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY, - (const void*)&value, sizeof(value)) < 0) { - compatible_close(sockfd); - return -1; - } - } -#endif - -#if defined(__linux__) && defined(SO_REUSEPORT) - /* keep coverity happy */ -#if LWS_MAX_SMP > 1 - n = 1; -#else - n = lws_check_opt(vhost->options, - LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE); -#endif - if (n && vhost->context->count_threads > 1) - if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, - (const void *)&opt, sizeof(opt)) < 0) { - compatible_close(sockfd); - return -1; - } -#endif -#endif - lws_plat_set_socket_options(vhost, sockfd, 0); - - is = lws_socket_bind(vhost, sockfd, vhost->listen_port, vhost->iface, 1); - if (is == LWS_ITOSA_BUSY) { - /* treat as fatal */ - compatible_close(sockfd); - - return -1; - } - - /* - * There is a race where the network device may come up and then - * go away and fail here. So correctly handle unexpected failure - * here despite we earlier confirmed it. - */ - if (is < 0) { - lwsl_info("%s: lws_socket_bind says %d\n", __func__, is); - compatible_close(sockfd); - goto deal; - } - - wsi = lws_zalloc(sizeof(struct lws), "listen wsi"); - if (wsi == NULL) { - lwsl_err("Out of mem\n"); - goto bail; - } - -#ifdef LWS_WITH_UNIX_SOCK - if (!LWS_UNIX_SOCK_ENABLED(vhost)) -#endif - { - wsi->unix_skt = 1; - vhost->listen_port = is; - - lwsl_debug("%s: lws_socket_bind says %d\n", __func__, is); - } - - wsi->context = vhost->context; - wsi->desc.sockfd = sockfd; - lws_role_transition(wsi, 0, LRS_UNCONNECTED, &role_ops_listen); - wsi->protocol = vhost->protocols; - wsi->tsi = m; - lws_vhost_bind_wsi(vhost, wsi); - wsi->listener = 1; - - if (wsi->context->event_loop_ops->init_vhost_listen_wsi) - wsi->context->event_loop_ops->init_vhost_listen_wsi(wsi); - - if (__insert_wsi_socket_into_fds(vhost->context, wsi)) { - lwsl_notice("inserting wsi socket into fds failed\n"); - goto bail; - } - - vhost->context->count_wsi_allocated++; - vhost->lserv_wsi = wsi; - - n = listen(wsi->desc.sockfd, LWS_SOMAXCONN); - if (n < 0) { - lwsl_err("listen failed with error %d\n", LWS_ERRNO); - vhost->lserv_wsi = NULL; - vhost->context->count_wsi_allocated--; - __remove_wsi_socket_from_fds(wsi); - goto bail; - } - } /* for each thread able to independently listen */ - - if (!lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) { -#ifdef LWS_WITH_UNIX_SOCK - if (LWS_UNIX_SOCK_ENABLED(vhost)) - lwsl_info(" Listening on \"%s\"\n", vhost->iface); - else -#endif - lwsl_info(" Listening on port %d\n", vhost->listen_port); - } - - // info->port = vhost->listen_port; - - return 0; - -bail: - compatible_close(sockfd); - - return -1; -} -#endif - -struct lws_vhost * -lws_select_vhost(struct lws_context *context, int port, const char *servername) -{ - struct lws_vhost *vhost = context->vhost_list; - const char *p; - int n, colon; - - n = (int)strlen(servername); - colon = n; - p = strchr(servername, ':'); - if (p) - colon = lws_ptr_diff(p, servername); - - /* Priotity 1: first try exact matches */ - - while (vhost) { - if (port == vhost->listen_port && - !strncmp(vhost->name, servername, colon)) { - lwsl_info("SNI: Found: %s\n", servername); - return vhost; - } - vhost = vhost->vhost_next; - } - - /* - * Priority 2: if no exact matches, try matching *.vhost-name - * unintentional matches are possible but resolve to x.com for *.x.com - * which is reasonable. If exact match exists we already chose it and - * never reach here. SSL will still fail it if the cert doesn't allow - * *.x.com. - */ - vhost = context->vhost_list; - while (vhost) { - int m = (int)strlen(vhost->name); - if (port && port == vhost->listen_port && - m <= (colon - 2) && - servername[colon - m - 1] == '.' && - !strncmp(vhost->name, servername + colon - m, m)) { - lwsl_info("SNI: Found %s on wildcard: %s\n", - servername, vhost->name); - return vhost; - } - vhost = vhost->vhost_next; - } - - /* Priority 3: match the first vhost on our port */ - - vhost = context->vhost_list; - while (vhost) { - if (port && port == vhost->listen_port) { - lwsl_info("%s: vhost match to %s based on port %d\n", - __func__, vhost->name, port); - return vhost; - } - vhost = vhost->vhost_next; - } - - /* no match */ - - return NULL; -} - -static const struct lws_mimetype { - const char *extension; - const char *mimetype; -} server_mimetypes[] = { - { ".html", "text/html" }, - { ".htm", "text/html" }, - { ".js", "text/javascript" }, - { ".css", "text/css" }, - { ".png", "image/png" }, - { ".jpg", "image/jpeg" }, - { ".jpeg", "image/jpeg" }, - { ".ico", "image/x-icon" }, - { ".gif", "image/gif" }, - { ".svg", "image/svg+xml" }, - { ".ttf", "application/x-font-ttf" }, - { ".otf", "application/font-woff" }, - { ".woff", "application/font-woff" }, - { ".woff2", "application/font-woff2" }, - { ".gz", "application/gzip" }, - { ".txt", "text/plain" }, - { ".xml", "application/xml" }, - { ".json", "application/json" }, -}; - -LWS_VISIBLE LWS_EXTERN const char * -lws_get_mimetype(const char *file, const struct lws_http_mount *m) -{ - const struct lws_protocol_vhost_options *pvo; - size_t n = strlen(file), len, i; - const char *fallback_mimetype = NULL; - const struct lws_mimetype *mt; - - /* prioritize user-defined mimetypes */ - for (pvo = m ? m->extra_mimetypes : NULL; pvo; pvo = pvo->next) { - /* ie, match anything */ - if (!fallback_mimetype && pvo->name[0] == '*') { - fallback_mimetype = pvo->value; - continue; - } - - len = strlen(pvo->name); - if (n > len && !strcasecmp(&file[n - len], pvo->name)) { - lwsl_info("%s: match to user mimetype: %s\n", __func__, pvo->value); - return pvo->value; - } - } - - /* fallback to server-defined mimetypes */ - for (i = 0; i < LWS_ARRAY_SIZE(server_mimetypes); ++i) { - mt = &server_mimetypes[i]; - - len = strlen(mt->extension); - if (n > len && !strcasecmp(&file[n - len], mt->extension)) { - lwsl_info("%s: match to server mimetype: %s\n", __func__, mt->mimetype); - return mt->mimetype; - } - } - - /* fallback to '*' if defined */ - if (fallback_mimetype) { - lwsl_info("%s: match to any mimetype: %s\n", __func__, fallback_mimetype); - return fallback_mimetype; - } - - return NULL; -} - -static lws_fop_flags_t -lws_vfs_prepare_flags(struct lws *wsi) -{ - lws_fop_flags_t f = 0; - - if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING)) - return f; - - if (strstr(lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING), - "gzip")) { - lwsl_info("client indicates GZIP is acceptable\n"); - f |= LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP; - } - - return f; -} - -#if !defined(LWS_AMAZON_RTOS) -static int -lws_http_serve(struct lws *wsi, char *uri, const char *origin, - const struct lws_http_mount *m) -{ - const struct lws_protocol_vhost_options *pvo = m->interpret; - struct lws_process_html_args args; - const char *mimetype; -#if !defined(_WIN32_WCE) - const struct lws_plat_file_ops *fops; - const char *vpath; - lws_fop_flags_t fflags = LWS_O_RDONLY; -#if defined(WIN32) && defined(LWS_HAVE__STAT32I64) - struct _stat32i64 st; -#else - struct stat st; -#endif - int spin = 0; -#endif - char path[256], sym[2048]; - unsigned char *p = (unsigned char *)sym + 32 + LWS_PRE, *start = p; - unsigned char *end = p + sizeof(sym) - 32 - LWS_PRE; -#if !defined(WIN32) && !defined(LWS_WITH_ESP32) - size_t len; -#endif - int n; - - wsi->handling_404 = 0; - if (!wsi->vhost) - return -1; - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (wsi->vhost->http.error_document_404 && - !strcmp(uri, wsi->vhost->http.error_document_404)) - wsi->handling_404 = 1; -#endif - - lws_snprintf(path, sizeof(path) - 1, "%s/%s", origin, uri); - -#if !defined(_WIN32_WCE) - - fflags |= lws_vfs_prepare_flags(wsi); - - do { - spin++; - fops = lws_vfs_select_fops(wsi->context->fops, path, &vpath); - - if (wsi->http.fop_fd) - lws_vfs_file_close(&wsi->http.fop_fd); - - wsi->http.fop_fd = fops->LWS_FOP_OPEN(wsi->context->fops, - path, vpath, &fflags); - if (!wsi->http.fop_fd) { - lwsl_info("%s: Unable to open '%s': errno %d\n", - __func__, path, errno); - - return 1; - } - - /* if it can't be statted, don't try */ - if (fflags & LWS_FOP_FLAG_VIRTUAL) - break; -#if defined(LWS_WITH_ESP32) - break; -#endif -#if !defined(WIN32) - if (fstat(wsi->http.fop_fd->fd, &st)) { - lwsl_info("unable to stat %s\n", path); - goto notfound; - } -#else -#if defined(LWS_HAVE__STAT32I64) - if (_stat32i64(path, &st)) { - lwsl_info("unable to stat %s\n", path); - goto notfound; - } -#else - if (stat(path, &st)) { - lwsl_info("unable to stat %s\n", path); - goto notfound; - } -#endif -#endif - - wsi->http.fop_fd->mod_time = (uint32_t)st.st_mtime; - fflags |= LWS_FOP_FLAG_MOD_TIME_VALID; - -#if !defined(WIN32) && !defined(LWS_WITH_ESP32) - if ((S_IFMT & st.st_mode) == S_IFLNK) { - len = readlink(path, sym, sizeof(sym) - 1); - if (len) { - lwsl_err("Failed to read link %s\n", path); - goto notfound; - } - sym[len] = '\0'; - lwsl_debug("symlink %s -> %s\n", path, sym); - lws_snprintf(path, sizeof(path) - 1, "%s", sym); - } -#endif - if ((S_IFMT & st.st_mode) == S_IFDIR) { - lwsl_debug("default filename append to dir\n"); - lws_snprintf(path, sizeof(path) - 1, "%s/%s/index.html", - origin, uri); - } - - } while ((S_IFMT & st.st_mode) != S_IFREG && spin < 5); - - if (spin == 5) - lwsl_err("symlink loop %s \n", path); - - n = sprintf(sym, "%08llX%08lX", - (unsigned long long)lws_vfs_get_length(wsi->http.fop_fd), - (unsigned long)lws_vfs_get_mod_time(wsi->http.fop_fd)); - - /* disable ranges if IF_RANGE token invalid */ - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_IF_RANGE)) - if (strcmp(sym, lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_IF_RANGE))) - /* differs - defeat Range: */ - wsi->http.ah->frag_index[WSI_TOKEN_HTTP_RANGE] = 0; - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_IF_NONE_MATCH)) { - /* - * he thinks he has some version of it already, - * check if the tag matches - */ - if (!strcmp(sym, lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_IF_NONE_MATCH))) { - - char cache_control[50], *cc = "no-store"; - int cclen = 8; - - lwsl_debug("%s: ETAG match %s %s\n", __func__, - uri, origin); - - /* we don't need to send the payload */ - if (lws_add_http_header_status(wsi, - HTTP_STATUS_NOT_MODIFIED, &p, end)) { - lwsl_err("%s: failed adding not modified\n", - __func__); - return -1; - } - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_ETAG, - (unsigned char *)sym, n, &p, end)) - return -1; - - /* but we still need to send cache control... */ - - if (m->cache_max_age && m->cache_reusable) { - if (!m->cache_revalidate) { - cc = cache_control; - cclen = sprintf(cache_control, - "%s, max-age=%u", - intermediates[wsi->cache_intermediaries], - m->cache_max_age); - } else { - cc = cache_control; - cclen = sprintf(cache_control, - "must-revalidate, %s, max-age=%u", - intermediates[wsi->cache_intermediaries], - m->cache_max_age); - } - } - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CACHE_CONTROL, - (unsigned char *)cc, cclen, &p, end)) - return -1; - - if (lws_finalize_http_header(wsi, &p, end)) - return -1; - - n = lws_write(wsi, start, p - start, - LWS_WRITE_HTTP_HEADERS | - LWS_WRITE_H2_STREAM_END); - if (n != (p - start)) { - lwsl_err("_write returned %d from %ld\n", n, - (long)(p - start)); - return -1; - } - - lws_vfs_file_close(&wsi->http.fop_fd); - - if (lws_http_transaction_completed(wsi)) - return -1; - - return 0; - } - } - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_ETAG, - (unsigned char *)sym, n, &p, end)) - return -1; -#endif - - mimetype = lws_get_mimetype(path, m); - if (!mimetype) { - lwsl_info("unknown mimetype for %s\n", path); - if (lws_return_http_status(wsi, - HTTP_STATUS_UNSUPPORTED_MEDIA_TYPE, NULL) || - lws_http_transaction_completed(wsi)) - return -1; - - return 0; - } - if (!mimetype[0]) - lwsl_debug("sending no mimetype for %s\n", path); - - wsi->sending_chunked = 0; - wsi->interpreting = 0; - - /* - * check if this is in the list of file suffixes to be interpreted by - * a protocol - */ - while (pvo) { - n = (int)strlen(path); - if (n > (int)strlen(pvo->name) && - !strcmp(&path[n - strlen(pvo->name)], pvo->name)) { - wsi->interpreting = 1; - if (!wsi->http2_substream) - wsi->sending_chunked = 1; - - wsi->protocol_interpret_idx = (char)( - lws_vhost_name_to_protocol(wsi->vhost, - pvo->value) - - &lws_get_vhost(wsi)->protocols[0]); - - lwsl_debug("want %s interpreted by %s (pcol is %s)\n", path, - wsi->vhost->protocols[ - (int)wsi->protocol_interpret_idx].name, - wsi->protocol->name); - if (lws_bind_protocol(wsi, &wsi->vhost->protocols[ - (int)wsi->protocol_interpret_idx], __func__)) - return -1; - - if (lws_ensure_user_space(wsi)) - return -1; - break; - } - pvo = pvo->next; - } - - if (wsi->sending_chunked) { - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - (unsigned char *)"chunked", 7, - &p, end)) - return -1; - } - - if (m->protocol) { - const struct lws_protocols *pp = lws_vhost_name_to_protocol( - wsi->vhost, m->protocol); - - if (lws_bind_protocol(wsi, pp, __func__)) - return -1; - args.p = (char *)p; - args.max_len = lws_ptr_diff(end, p); - if (pp->callback(wsi, LWS_CALLBACK_ADD_HEADERS, - wsi->user_space, &args, 0)) - return -1; - p = (unsigned char *)args.p; - } - - *p = '\0'; - n = lws_serve_http_file(wsi, path, mimetype, (char *)start, - lws_ptr_diff(p, start)); - - if (n < 0 || ((n > 0) && lws_http_transaction_completed(wsi))) - return -1; /* error or can't reuse connection: close the socket */ - - return 0; - -notfound: - - return 1; -} -#endif - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) -const struct lws_http_mount * -lws_find_mount(struct lws *wsi, const char *uri_ptr, int uri_len) -{ - const struct lws_http_mount *hm, *hit = NULL; - int best = 0; - - hm = wsi->vhost->http.mount_list; - while (hm) { - if (uri_len >= hm->mountpoint_len && - !strncmp(uri_ptr, hm->mountpoint, hm->mountpoint_len) && - (uri_ptr[hm->mountpoint_len] == '\0' || - uri_ptr[hm->mountpoint_len] == '/' || - hm->mountpoint_len == 1) - ) { - if (hm->origin_protocol == LWSMPRO_CALLBACK || - ((hm->origin_protocol == LWSMPRO_CGI || - lws_hdr_total_length(wsi, WSI_TOKEN_GET_URI) || - lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI) || - lws_hdr_total_length(wsi, WSI_TOKEN_HEAD_URI) || - (wsi->http2_substream && - lws_hdr_total_length(wsi, - WSI_TOKEN_HTTP_COLON_PATH)) || - hm->protocol) && - hm->mountpoint_len > best)) { - best = hm->mountpoint_len; - hit = hm; - } - } - hm = hm->mount_next; - } - - return hit; -} -#endif - -#if !defined(LWS_WITH_ESP32) -static int -lws_find_string_in_file(const char *filename, const char *string, int stringlen) -{ - char buf[128]; - int fd, match = 0, pos = 0, n = 0, hit = 0; - - fd = lws_open(filename, O_RDONLY); - if (fd < 0) { - lwsl_err("can't open auth file: %s\n", filename); - return 0; - } - - while (1) { - if (pos == n) { - n = read(fd, buf, sizeof(buf)); - if (n <= 0) { - if (match == stringlen) - hit = 1; - break; - } - pos = 0; - } - - if (match == stringlen) { - if (buf[pos] == '\r' || buf[pos] == '\n') { - hit = 1; - break; - } - match = 0; - } - - if (buf[pos] == string[match]) - match++; - else - match = 0; - - pos++; - } - - close(fd); - - return hit; -} -#endif - -int -lws_unauthorised_basic_auth(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - unsigned char *start = pt->serv_buf + LWS_PRE, - *p = start, *end = p + 2048; - char buf[64]; - int n; - - /* no auth... tell him it is required */ - - if (lws_add_http_header_status(wsi, HTTP_STATUS_UNAUTHORIZED, &p, end)) - return -1; - - n = lws_snprintf(buf, sizeof(buf), "Basic realm=\"lwsws\""); - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_WWW_AUTHENTICATE, - (unsigned char *)buf, n, &p, end)) - return -1; - - if (lws_add_http_header_content_length(wsi, 0, &p, end)) - return -1; - - if (lws_finalize_http_header(wsi, &p, end)) - return -1; - - n = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS | - LWS_WRITE_H2_STREAM_END); - if (n < 0) - return -1; - - return lws_http_transaction_completed(wsi); - -} - -int lws_clean_url(char *p) -{ - if (p[0] == 'h' && p[1] == 't' && p[2] == 't' && p[3] == 'p') { - p += 4; - if (*p == 's') - p++; - if (*p == ':') { - p++; - if (*p == '/') - p++; - } - } - - while (*p) { - if (p[0] == '/' && p[1] == '/') { - char *p1 = p; - while (*p1) { - *p1 = p1[1]; - p1++; - } - continue; - } - p++; - } - - return 0; -} - -static const unsigned char methods[] = { - WSI_TOKEN_GET_URI, - WSI_TOKEN_POST_URI, - WSI_TOKEN_OPTIONS_URI, - WSI_TOKEN_PUT_URI, - WSI_TOKEN_PATCH_URI, - WSI_TOKEN_DELETE_URI, - WSI_TOKEN_CONNECT, - WSI_TOKEN_HEAD_URI, -#ifdef LWS_WITH_HTTP2 - WSI_TOKEN_HTTP_COLON_PATH, -#endif -}; - -int -lws_http_get_uri_and_method(struct lws *wsi, char **puri_ptr, int *puri_len) -{ - int n, count = 0; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(methods); n++) - if (lws_hdr_total_length(wsi, methods[n])) - count++; - if (!count) { - lwsl_warn("Missing URI in HTTP request\n"); - return -1; - } - - if (count != 1 && - !((wsi->http2_substream || wsi->h2_stream_carries_ws) && - lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH))) { - lwsl_warn("multiple methods?\n"); - return -1; - } - - for (n = 0; n < (int)LWS_ARRAY_SIZE(methods); n++) - if (lws_hdr_total_length(wsi, methods[n])) { - *puri_ptr = lws_hdr_simple_ptr(wsi, methods[n]); - *puri_len = lws_hdr_total_length(wsi, methods[n]); - return n; - } - - return -1; -} - -enum lws_check_basic_auth_results -lws_check_basic_auth(struct lws *wsi, const char *basic_auth_login_file) -{ - char b64[160], plain[(sizeof(b64) * 3) / 4], *pcolon; - int m, ml, fi; - - if (!basic_auth_login_file) - return LCBA_CONTINUE; - - /* Did he send auth? */ - ml = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_AUTHORIZATION); - if (!ml) - return LCBA_FAILED_AUTH; - - /* Disallow fragmentation monkey business */ - - fi = wsi->http.ah->frag_index[WSI_TOKEN_HTTP_AUTHORIZATION]; - if (wsi->http.ah->frags[fi].nfrag) { - lwsl_err("fragmented basic auth header not allowed\n"); - return LCBA_FAILED_AUTH; - } - - m = lws_hdr_copy(wsi, b64, sizeof(b64), - WSI_TOKEN_HTTP_AUTHORIZATION); - if (m < 7) { - lwsl_err("b64 auth too long\n"); - return LCBA_END_TRANSACTION; - } - - b64[5] = '\0'; - if (strcasecmp(b64, "Basic")) { - lwsl_err("auth missing basic: %s\n", b64); - return LCBA_END_TRANSACTION; - } - - /* It'll be like Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l */ - - m = lws_b64_decode_string(b64 + 6, plain, sizeof(plain) - 1); - if (m < 0) { - lwsl_err("plain auth too long\n"); - return LCBA_END_TRANSACTION; - } - - plain[m] = '\0'; - pcolon = strchr(plain, ':'); - if (!pcolon) { - lwsl_err("basic auth format broken\n"); - return LCBA_END_TRANSACTION; - } - if (!lws_find_string_in_file(basic_auth_login_file, plain, m)) { - lwsl_err("basic auth lookup failed\n"); - return LCBA_FAILED_AUTH; - } - - /* - * Rewrite WSI_TOKEN_HTTP_AUTHORIZATION so it is just the - * authorized username - */ - - *pcolon = '\0'; - wsi->http.ah->frags[fi].len = lws_ptr_diff(pcolon, plain); - pcolon = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_AUTHORIZATION); - strncpy(pcolon, plain, ml - 1); - pcolon[ml - 1] = '\0'; - lwsl_info("%s: basic auth accepted for %s\n", __func__, - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_AUTHORIZATION)); - - return LCBA_CONTINUE; -} - -#if defined(LWS_WITH_HTTP_PROXY) -/* - * Set up an onward http proxy connection according to the mount this - * uri falls under. Notice this can also be starting the proxying of what was - * originally an incoming h1 upgrade, or an h2 ws "upgrade". - */ -int -lws_http_proxy_start(struct lws *wsi, const struct lws_http_mount *hit, - char *uri_ptr, char ws) -{ - char ads[96], rpath[256], host[96], *pcolon, *pslash, unix_skt = 0; - struct lws_client_connect_info i; - struct lws *cwsi; - int n, na; - - if (ws) - /* - * Neither our inbound ws upgrade request side, nor our onward - * ws client connection on our side can bind to the actual - * protocol that only the remote inbound side and the remote - * onward side understand. - * - * Instead these are both bound to our built-in "lws-ws-proxy" - * protocol, which understands how to proxy between the two - * sides. - * - * We bind the parent, inbound part here and our side of the - * onward client connection is bound to the same handler using - * the .local_protocol_name. - */ - lws_bind_protocol(wsi, &lws_ws_proxy, __func__); - - memset(&i, 0, sizeof(i)); - i.context = lws_get_context(wsi); - - if (hit->origin[0] == '+') - unix_skt = 1; - - pcolon = strchr(hit->origin, ':'); - pslash = strchr(hit->origin, '/'); - if (!pslash) { - lwsl_err("Proxy mount origin '%s' must have /\n", hit->origin); - return -1; - } - - if (unix_skt) { - if (!pcolon) { - lwsl_err("Proxy mount origin for unix skt must " - "have address delimited by :\n"); - - return -1; - } - n = lws_ptr_diff(pcolon, hit->origin); - pslash = pcolon; - } else { - if (pcolon > pslash) - pcolon = NULL; - - if (pcolon) - n = (int)(pcolon - hit->origin); - else - n = (int)(pslash - hit->origin); - - if (n >= (int)sizeof(ads) - 2) - n = sizeof(ads) - 2; - } - - memcpy(ads, hit->origin, n); - ads[n] = '\0'; - - i.address = ads; - i.port = 80; - if (hit->origin_protocol == LWSMPRO_HTTPS) { - i.port = 443; - i.ssl_connection = 1; - } - if (pcolon) - i.port = atoi(pcolon + 1); - - n = lws_snprintf(rpath, sizeof(rpath) - 1, "/%s/%s", - pslash + 1, uri_ptr + hit->mountpoint_len) - 2; - lws_clean_url(rpath); - na = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_URI_ARGS); - if (na) { - char *p = rpath + n; - - if (na >= (int)sizeof(rpath) - n - 2) { - lwsl_info("%s: query string %d longer " - "than we can handle\n", __func__, - na); - - return -1; - } - - *p++ = '?'; - if (lws_hdr_copy(wsi, p, - (int)(&rpath[sizeof(rpath) - 1] - p), - WSI_TOKEN_HTTP_URI_ARGS) > 0) - while (na--) { - if (*p == '\0') - *p = '&'; - p++; - } - *p = '\0'; - } - - i.path = rpath; - - /* incoming may be h1 or h2... if he sends h1 HOST, use that - * directly, otherwise we must convert h2 :authority to h1 - * host */ - - i.host = NULL; - n = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_AUTHORITY); - if (n > 0) - i.host = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_AUTHORITY); - else { - n = lws_hdr_total_length(wsi, WSI_TOKEN_HOST); - if (n > 0) { - i.host = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST); - } - } - -#if 0 - if (i.address[0] != '+' || - !lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)) - i.host = i.address; - else - i.host = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST); -#endif - i.origin = NULL; - if (!ws) { - if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_POST_URI) -#if defined(LWS_WITH_HTTP2) - || ( - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD) && - !strcmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD), "post") - ) -#endif - ) - i.method = "POST"; - else - i.method = "GET"; - } - - if (i.host) - lws_snprintf(host, sizeof(host), "%s:%u", i.host, - wsi->vhost->listen_port); - else - lws_snprintf(host, sizeof(host), "%s:%d", i.address, i.port); - - i.host = host; - - i.alpn = "http/1.1"; - i.parent_wsi = wsi; - i.pwsi = &cwsi; - i.protocol = lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL); - if (ws) - i.local_protocol_name = "lws-ws-proxy"; - -// i.uri_replace_from = hit->origin; -// i.uri_replace_to = hit->mountpoint; - - lwsl_info("proxying to %s port %d url %s, ssl %d, from %s, to %s\n", - i.address, i.port, i.path, i.ssl_connection, - i.uri_replace_from, i.uri_replace_to); - - if (!lws_client_connect_via_info(&i)) { - lwsl_err("proxy connect fail\n"); - - /* - * ... we can't do the proxy action, but we can - * cleanly return him a 503 and a description - */ - - lws_return_http_status(wsi, - HTTP_STATUS_SERVICE_UNAVAILABLE, - "

Service Temporarily Unavailable

" - "The server is temporarily unable to service " - "your request due to maintenance downtime or " - "capacity problems. Please try again later."); - - return 1; - } - - lwsl_info("%s: setting proxy clientside on %p (parent %p)\n", - __func__, cwsi, lws_get_parent(cwsi)); - - cwsi->http.proxy_clientside = 1; - if (ws) { - wsi->proxied_ws_parent = 1; - cwsi->h1_ws_proxied = 1; - if (i.protocol) { - lwsl_debug("%s: (requesting '%s')\n", __func__, i.protocol); - } - } - - return 0; -} -#endif - -static const char * const oprot[] = { - "http://", "https://" -}; - -int -lws_http_action(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - const struct lws_http_mount *hit = NULL; - enum http_version request_version; - struct lws_process_html_args args; - enum http_conn_type conn_type; - char content_length_str[32]; - char http_version_str[12]; - char *uri_ptr = NULL, *s; - int uri_len = 0, meth, m; - char http_conn_str[25]; - int http_version_len; - unsigned int n; - - meth = lws_http_get_uri_and_method(wsi, &uri_ptr, &uri_len); - if (meth < 0 || meth >= (int)LWS_ARRAY_SIZE(method_names)) - goto bail_nuke_ah; - - /* we insist on absolute paths */ - - if (!uri_ptr || uri_ptr[0] != '/') { - lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); - - goto bail_nuke_ah; - } - - lwsl_info("Method: '%s' (%d), request for '%s'\n", method_names[meth], - meth, uri_ptr); - - if (wsi->role_ops && wsi->role_ops->check_upgrades) - switch (wsi->role_ops->check_upgrades(wsi)) { - case LWS_UPG_RET_DONE: - return 0; - case LWS_UPG_RET_CONTINUE: - break; - case LWS_UPG_RET_BAIL: - goto bail_nuke_ah; - } - - if (lws_ensure_user_space(wsi)) - goto bail_nuke_ah; - - /* HTTP header had a content length? */ - - wsi->http.rx_content_length = 0; - wsi->http.content_length_explicitly_zero = 0; - if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI) || - lws_hdr_total_length(wsi, WSI_TOKEN_PATCH_URI) || - lws_hdr_total_length(wsi, WSI_TOKEN_PUT_URI)) - wsi->http.rx_content_length = 100 * 1024 * 1024; - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH) && - lws_hdr_copy(wsi, content_length_str, - sizeof(content_length_str) - 1, - WSI_TOKEN_HTTP_CONTENT_LENGTH) > 0) { - wsi->http.rx_content_remain = wsi->http.rx_content_length = - atoll(content_length_str); - if (!wsi->http.rx_content_length) { - wsi->http.content_length_explicitly_zero = 1; - lwsl_debug("%s: explicit 0 content-length\n", __func__); - } - } - - if (wsi->http2_substream) { - wsi->http.request_version = HTTP_VERSION_2; - } else { - /* http_version? Default to 1.0, override with token: */ - request_version = HTTP_VERSION_1_0; - - /* Works for single digit HTTP versions. : */ - http_version_len = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP); - if (http_version_len > 7 && - lws_hdr_copy(wsi, http_version_str, - sizeof(http_version_str) - 1, - WSI_TOKEN_HTTP) > 0 && - http_version_str[5] == '1' && http_version_str[7] == '1') - request_version = HTTP_VERSION_1_1; - - wsi->http.request_version = request_version; - - /* HTTP/1.1 defaults to "keep-alive", 1.0 to "close" */ - if (request_version == HTTP_VERSION_1_1) - conn_type = HTTP_CONNECTION_KEEP_ALIVE; - else - conn_type = HTTP_CONNECTION_CLOSE; - - /* Override default if http "Connection:" header: */ - if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION) && - lws_hdr_copy(wsi, http_conn_str, sizeof(http_conn_str) - 1, - WSI_TOKEN_CONNECTION) > 0) { - http_conn_str[sizeof(http_conn_str) - 1] = '\0'; - if (!strcasecmp(http_conn_str, "keep-alive")) - conn_type = HTTP_CONNECTION_KEEP_ALIVE; - else - if (!strcasecmp(http_conn_str, "close")) - conn_type = HTTP_CONNECTION_CLOSE; - } - wsi->http.conn_type = conn_type; - } - - n = wsi->protocol->callback(wsi, LWS_CALLBACK_FILTER_HTTP_CONNECTION, - wsi->user_space, uri_ptr, uri_len); - if (n) { - lwsl_info("LWS_CALLBACK_HTTP closing\n"); - - return 1; - } - /* - * if there is content supposed to be coming, - * put a timeout on it having arrived - */ - lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_CONTENT, - wsi->context->timeout_secs); -#ifdef LWS_WITH_TLS - if (wsi->tls.redirect_to_https) { - /* - * we accepted http:// only so we could redirect to - * https://, so issue the redirect. Create the redirection - * URI from the host: header and ignore the path part - */ - unsigned char *start = pt->serv_buf + LWS_PRE, *p = start, - *end = p + wsi->context->pt_serv_buf_size - LWS_PRE; - - n = lws_hdr_total_length(wsi, WSI_TOKEN_HOST); - if (!n || n > 128) - goto bail_nuke_ah; - - p += lws_snprintf((char *)p, lws_ptr_diff(end, p), "https://"); - memcpy(p, lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST), n); - p += n; - *p++ = '/'; - *p = '\0'; - n = lws_ptr_diff(p, start); - - p += LWS_PRE; - n = lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - start, n, &p, end); - if ((int)n < 0) - goto bail_nuke_ah; - - return lws_http_transaction_completed(wsi); - } -#endif - -#ifdef LWS_WITH_ACCESS_LOG - lws_prepare_access_log_info(wsi, uri_ptr, uri_len, meth); -#endif - - /* can we serve it from the mount list? */ - - hit = lws_find_mount(wsi, uri_ptr, uri_len); - if (!hit) { - /* deferred cleanup and reset to protocols[0] */ - - lwsl_info("no hit\n"); - - if (lws_bind_protocol(wsi, &wsi->vhost->protocols[0], - "no mount hit")) - return 1; - - lwsi_set_state(wsi, LRS_DOING_TRANSACTION); - - m = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, - wsi->user_space, uri_ptr, uri_len); - - goto after; - } - - s = uri_ptr + hit->mountpoint_len; - - /* - * if we have a mountpoint like https://xxx.com/yyy - * there is an implied / at the end for our purposes since - * we can only mount on a "directory". - * - * But if we just go with that, the browser cannot understand - * that he is actually looking down one "directory level", so - * even though we give him /yyy/abc.html he acts like the - * current directory level is /. So relative urls like "x.png" - * wrongly look outside the mountpoint. - * - * Therefore if we didn't come in on a url with an explicit - * / at the end, we must redirect to add it so the browser - * understands he is one "directory level" down. - */ - if ((hit->mountpoint_len > 1 || - (hit->origin_protocol == LWSMPRO_REDIR_HTTP || - hit->origin_protocol == LWSMPRO_REDIR_HTTPS)) && - (*s != '/' || - (hit->origin_protocol == LWSMPRO_REDIR_HTTP || - hit->origin_protocol == LWSMPRO_REDIR_HTTPS)) && - (hit->origin_protocol != LWSMPRO_CGI && - hit->origin_protocol != LWSMPRO_CALLBACK)) { - unsigned char *start = pt->serv_buf + LWS_PRE, *p = start, - *end = p + wsi->context->pt_serv_buf_size - - LWS_PRE - 512; - - lwsl_info("Doing 301 '%s' org %s\n", s, hit->origin); - - /* > at start indicates deal with by redirect */ - if (hit->origin_protocol == LWSMPRO_REDIR_HTTP || - hit->origin_protocol == LWSMPRO_REDIR_HTTPS) - n = lws_snprintf((char *)end, 256, "%s%s", - oprot[hit->origin_protocol & 1], - hit->origin); - else { - if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { - if (!lws_hdr_total_length(wsi, - WSI_TOKEN_HTTP_COLON_AUTHORITY)) - goto bail_nuke_ah; - n = lws_snprintf((char *)end, 256, - "%s%s%s/", oprot[!!lws_is_ssl(wsi)], - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_COLON_AUTHORITY), - uri_ptr); - } else - n = lws_snprintf((char *)end, 256, - "%s%s%s/", oprot[!!lws_is_ssl(wsi)], - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST), - uri_ptr); - } - - lws_clean_url((char *)end); - n = lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - end, n, &p, end); - if ((int)n < 0) - goto bail_nuke_ah; - - return lws_http_transaction_completed(wsi); - } - - /* basic auth? */ - - switch(lws_check_basic_auth(wsi, hit->basic_auth_login_file)) { - case LCBA_CONTINUE: - break; - case LCBA_FAILED_AUTH: - return lws_unauthorised_basic_auth(wsi); - case LCBA_END_TRANSACTION: - lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); - return lws_http_transaction_completed(wsi); - } - -#if defined(LWS_WITH_HTTP_PROXY) - /* - * The mount is a reverse proxy? - */ - - // if (hit) - // lwsl_notice("%s: origin_protocol: %d\n", __func__, hit->origin_protocol); - //else - // lwsl_notice("%s: no hit\n", __func__); - - if (hit->origin_protocol == LWSMPRO_HTTPS || - hit->origin_protocol == LWSMPRO_HTTP) { - n = lws_http_proxy_start(wsi, hit, uri_ptr, 0); - // lwsl_notice("proxy start says %d\n", n); - if (n) - return n; - - goto deal_body; - } -#endif - - /* - * A particular protocol callback is mounted here? - * - * For the duration of this http transaction, bind us to the - * associated protocol - */ - if (hit->origin_protocol == LWSMPRO_CALLBACK || hit->protocol) { - const struct lws_protocols *pp; - const char *name = hit->origin; - if (hit->protocol) - name = hit->protocol; - - pp = lws_vhost_name_to_protocol(wsi->vhost, name); - if (!pp) { - n = -1; - lwsl_err("Unable to find plugin '%s'\n", - hit->origin); - return 1; - } - - if (lws_bind_protocol(wsi, pp, "http action CALLBACK bind")) - return 1; - - lwsl_notice("%s: %s, checking access rights for mask 0x%x\n", - __func__, hit->origin, hit->auth_mask); - - args.p = uri_ptr; - args.len = uri_len; - args.max_len = hit->auth_mask; - args.final = 0; /* used to signal callback dealt with it */ - args.chunked = 0; - - n = wsi->protocol->callback(wsi, - LWS_CALLBACK_CHECK_ACCESS_RIGHTS, - wsi->user_space, &args, 0); - if (n) { - lws_return_http_status(wsi, HTTP_STATUS_UNAUTHORIZED, - NULL); - goto bail_nuke_ah; - } - if (args.final) /* callback completely handled it well */ - return 0; - - if (hit->cgienv && wsi->protocol->callback(wsi, - LWS_CALLBACK_HTTP_PMO, - wsi->user_space, (void *)hit->cgienv, 0)) - return 1; - - if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI)) { - m = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, - wsi->user_space, - uri_ptr + hit->mountpoint_len, - uri_len - hit->mountpoint_len); - goto after; - } - } - -#ifdef LWS_WITH_CGI - /* did we hit something with a cgi:// origin? */ - if (hit->origin_protocol == LWSMPRO_CGI) { - const char *cmd[] = { - NULL, /* replace with cgi path */ - NULL - }; - - lwsl_debug("%s: cgi\n", __func__); - cmd[0] = hit->origin; - - n = 5; - if (hit->cgi_timeout) - n = hit->cgi_timeout; - - n = lws_cgi(wsi, cmd, hit->mountpoint_len, n, - hit->cgienv); - if (n) { - lwsl_err("%s: cgi failed\n", __func__); - return -1; - } - - goto deal_body; - } -#endif - - n = uri_len - lws_ptr_diff(s, uri_ptr); // (int)strlen(s); - if (s[0] == '\0' || (n == 1 && s[n - 1] == '/')) - s = (char *)hit->def; - if (!s) - s = "index.html"; - - wsi->cache_secs = hit->cache_max_age; - wsi->cache_reuse = hit->cache_reusable; - wsi->cache_revalidate = hit->cache_revalidate; - wsi->cache_intermediaries = hit->cache_intermediaries; - - m = 1; -#if !defined(LWS_AMAZON_RTOS) - if (hit->origin_protocol == LWSMPRO_FILE) - m = lws_http_serve(wsi, s, hit->origin, hit); -#endif - - if (m > 0) { - /* - * lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL); - */ - if (hit->protocol) { - const struct lws_protocols *pp = - lws_vhost_name_to_protocol( - wsi->vhost, hit->protocol); - - lwsi_set_state(wsi, LRS_DOING_TRANSACTION); - - if (lws_bind_protocol(wsi, pp, "http_action HTTP")) - return 1; - - m = pp->callback(wsi, LWS_CALLBACK_HTTP, - wsi->user_space, - uri_ptr + hit->mountpoint_len, - uri_len - hit->mountpoint_len); - } else - m = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, - wsi->user_space, uri_ptr, uri_len); - } - -after: - if (m) { - lwsl_info("LWS_CALLBACK_HTTP closing\n"); - - return 1; - } - -#if defined(LWS_WITH_CGI) || defined(LWS_WITH_HTTP_PROXY) -deal_body: -#endif - /* - * If we're not issuing a file, check for content_length or - * HTTP keep-alive. No keep-alive header allocation for - * ISSUING_FILE, as this uses HTTP/1.0. - * - * In any case, return 0 and let lws_read decide how to - * proceed based on state - */ - if (lwsi_state(wsi) != LRS_ISSUING_FILE) { - /* Prepare to read body if we have a content length: */ - lwsl_debug("wsi->http.rx_content_length %lld %d %d\n", - (long long)wsi->http.rx_content_length, - wsi->upgraded_to_http2, wsi->http2_substream); - - if (wsi->http.content_length_explicitly_zero && - lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI)) { - - /* - * POST with an explicit content-length of zero - * - * If we don't give the user code the empty HTTP_BODY - * callback, he may become confused to hear the - * HTTP_BODY_COMPLETION (due to, eg, instantiation of - * lws_spa never happened). - * - * HTTP_BODY_COMPLETION is responsible for sending the - * result status code and result body if any, and - * do the transaction complete processing. - */ - if (wsi->protocol->callback(wsi, - LWS_CALLBACK_HTTP_BODY, - wsi->user_space, NULL, 0)) - return 1; - if (wsi->protocol->callback(wsi, - LWS_CALLBACK_HTTP_BODY_COMPLETION, - wsi->user_space, NULL, 0)) - return 1; - - return 0; - } - - if (wsi->http.rx_content_length > 0) { - - if (lwsi_state(wsi) != LRS_DISCARD_BODY) { - lwsi_set_state(wsi, LRS_BODY); - lwsl_info("%s: %p: LRS_BODY state set (0x%x)\n", - __func__, wsi, wsi->wsistate); - } - wsi->http.rx_content_remain = - wsi->http.rx_content_length; - - /* - * At this point we have transitioned from deferred - * action to expecting BODY on the stream wsi, if it's - * in a bundle like h2. So if the stream wsi has its - * own buflist, we need to deal with that first. - */ - - while (1) { - struct lws_tokens ebuf; - int m; - - ebuf.len = (int)lws_buflist_next_segment_len( - &wsi->buflist, - &ebuf.token); - if (!ebuf.len) - break; - lwsl_debug("%s: consuming %d\n", __func__, - (int)ebuf.len); - m = lws_read_h1(wsi, ebuf.token, - ebuf.len); - if (m < 0) - return -1; - - if (lws_buflist_aware_consume(wsi, &ebuf, m, 1)) - return -1; - } - } - } - - return 0; - -bail_nuke_ah: - lws_header_table_detach(wsi, 1); - - return 1; -} - -int -lws_confirm_host_header(struct lws *wsi) -{ - struct lws_tokenize ts; - lws_tokenize_elem e; - char buf[128]; - int port = 80; - - /* - * this vhost wants us to validate what the - * client sent against our vhost name - */ - - if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { - lwsl_info("%s: missing host on upgrade\n", __func__); - - return 1; - } - -#if defined(LWS_WITH_TLS) - if (wsi->tls.ssl) - port = 443; -#endif - - lws_tokenize_init(&ts, buf, LWS_TOKENIZE_F_DOT_NONTERM /* server.com */| - LWS_TOKENIZE_F_NO_FLOATS /* 1.server.com */| - LWS_TOKENIZE_F_MINUS_NONTERM /* a-b.com */); - ts.len = lws_hdr_copy(wsi, buf, sizeof(buf) - 1, WSI_TOKEN_HOST); - if (ts.len <= 0) { - lwsl_info("%s: missing or oversize host header\n", __func__); - return 1; - } - - if (lws_tokenize(&ts) != LWS_TOKZE_TOKEN) - goto bad_format; - - if (strncmp(ts.token, wsi->vhost->name, ts.token_len)) { - buf[(ts.token - buf) + ts.token_len] = '\0'; - lwsl_info("%s: '%s' in host hdr but vhost name %s\n", - __func__, ts.token, wsi->vhost->name); - return 1; - } - - e = lws_tokenize(&ts); - if (e == LWS_TOKZE_DELIMITER && ts.token[0] == ':') { - if (lws_tokenize(&ts) != LWS_TOKZE_INTEGER) - goto bad_format; - else - port = atoi(ts.token); - } else - if (e != LWS_TOKZE_ENDED) - goto bad_format; - - if (wsi->vhost->listen_port != port) { - lwsl_info("%s: host port %d mismatches vhost port %d\n", - __func__, port, wsi->vhost->listen_port); - return 1; - } - - lwsl_debug("%s: host header OK\n", __func__); - - return 0; - -bad_format: - lwsl_info("%s: bad host header format\n", __func__); - - return 1; -} - -#if !defined(LWS_NO_SERVER) -int -lws_http_to_fallback(struct lws *wsi, unsigned char *obuf, size_t olen) -{ - const struct lws_role_ops *role = &role_ops_raw_skt; - const struct lws_protocols *p1, *protocol = - &wsi->vhost->protocols[wsi->vhost->raw_protocol_index]; - char ipbuf[64]; - int n; - - if (wsi->vhost->listen_accept_role && - lws_role_by_name(wsi->vhost->listen_accept_role)) - role = lws_role_by_name(wsi->vhost->listen_accept_role); - - if (wsi->vhost->listen_accept_protocol) { - p1 = lws_vhost_name_to_protocol(wsi->vhost, - wsi->vhost->listen_accept_protocol); - if (p1) - protocol = p1; - } - - lws_bind_protocol(wsi, protocol, __func__); - - lws_role_transition(wsi, LWSIFR_SERVER, LRS_ESTABLISHED, role); - - lws_header_table_detach(wsi, 0); - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - n = LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED; - if (wsi->role_ops->adoption_cb[lwsi_role_server(wsi)]) - n = wsi->role_ops->adoption_cb[lwsi_role_server(wsi)]; - - ipbuf[0] = '\0'; -#if !defined(LWS_PLAT_OPTEE) - lws_get_peer_simple(wsi, ipbuf, sizeof(ipbuf)); -#endif - - lwsl_notice("%s: vh %s, peer: %s, role %s, " - "protocol %s, cb %d, ah %p\n", __func__, wsi->vhost->name, - ipbuf, role->name, protocol->name, n, wsi->http.ah); - - if ((wsi->protocol->callback)(wsi, n, wsi->user_space, NULL, 0)) - return 1; - - n = LWS_CALLBACK_RAW_RX; - if (wsi->role_ops->rx_cb[lwsi_role_server(wsi)]) - n = wsi->role_ops->rx_cb[lwsi_role_server(wsi)]; - if (wsi->protocol->callback(wsi, n, wsi->user_space, obuf, olen)) - return 1; - - return 0; -} - -int -lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len) -{ - struct lws_context *context = lws_get_context(wsi); -#if defined(LWS_WITH_HTTP2) - struct allocated_headers *ah; -#endif - unsigned char *obuf = *buf; -#if defined(LWS_WITH_HTTP2) - char tbuf[128], *p; -#endif - size_t olen = len; - int n = 0, m, i; - - if (len >= 10000000) { - lwsl_err("%s: assert: len %ld\n", __func__, (long)len); - assert(0); - } - - if (!wsi->http.ah) { - lwsl_err("%s: assert: NULL ah\n", __func__); - assert(0); - } - - while (len) { - if (!lwsi_role_server(wsi) || !lwsi_role_http(wsi)) { - lwsl_err("%s: bad wsi role 0x%x\n", __func__, - lwsi_role(wsi)); - goto bail_nuke_ah; - } - - i = (int)len; - m = lws_parse(wsi, *buf, &i); - lwsl_info("%s: parsed count %d\n", __func__, (int)len - i); - (*buf) += (int)len - i; - len = i; - - if (m == LPR_DO_FALLBACK) { - - /* - * http parser went off the rails and - * LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ - * ACCEPT_CONFIG is set on this vhost. - * - * We are transitioning from http with an AH, to - * a backup role (raw-skt, by default). Drop - * the ah, bind to the role with mode as - * ESTABLISHED. - */ -raw_transition: - - if (lws_http_to_fallback(wsi, obuf, olen)) { - lwsl_info("%s: fallback -> close\n", __func__); - goto bail_nuke_ah; - } - - (*buf) = obuf + olen; - - return 0; - } - if (m) { - lwsl_info("lws_parse failed\n"); - goto bail_nuke_ah; - } - - if (wsi->http.ah->parser_state != WSI_PARSING_COMPLETE) - continue; - - lwsl_parser("%s: lws_parse sees parsing complete\n", __func__); - - /* select vhost */ - - if (wsi->vhost->listen_port && - lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { - struct lws_vhost *vhost = lws_select_vhost( - context, wsi->vhost->listen_port, - lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)); - - if (vhost) - lws_vhost_bind_wsi(vhost, wsi); - } else - lwsl_info("no host\n"); - - if (!lwsi_role_h2(wsi) || !lwsi_role_server(wsi)) { - wsi->vhost->conn_stats.h1_trans++; - if (!wsi->conn_stat_done) { - wsi->vhost->conn_stats.h1_conn++; - wsi->conn_stat_done = 1; - } - } - - /* check for unwelcome guests */ - - if (wsi->context->reject_service_keywords) { - const struct lws_protocol_vhost_options *rej = - wsi->context->reject_service_keywords; - char ua[384], *msg = NULL; - - if (lws_hdr_copy(wsi, ua, sizeof(ua) - 1, - WSI_TOKEN_HTTP_USER_AGENT) > 0) { -#ifdef LWS_WITH_ACCESS_LOG - char *uri_ptr = NULL; - int meth, uri_len; -#endif - ua[sizeof(ua) - 1] = '\0'; - while (rej) { - if (!strstr(ua, rej->name)) { - rej = rej->next; - continue; - } - - msg = strchr(rej->value, ' '); - if (msg) - msg++; - lws_return_http_status(wsi, - atoi(rej->value), msg); -#ifdef LWS_WITH_ACCESS_LOG - meth = lws_http_get_uri_and_method(wsi, - &uri_ptr, &uri_len); - if (meth >= 0) - lws_prepare_access_log_info(wsi, - uri_ptr, uri_len, meth); - - /* wsi close will do the log */ -#endif - wsi->vhost->conn_stats.rejected++; - /* - * We don't want anything from - * this rejected guy. Follow - * the close flow, not the - * transaction complete flow. - */ - goto bail_nuke_ah; - } - } - } - - - if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECT)) { - lwsl_info("Changing to RAW mode\n"); - m = 0; - goto raw_transition; - } - - lwsi_set_state(wsi, LRS_PRE_WS_SERVING_ACCEPT); - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { - - const char *up = lws_hdr_simple_ptr(wsi, - WSI_TOKEN_UPGRADE); - - if (strcasecmp(up, "websocket") && - strcasecmp(up, "h2c")) { - lwsl_info("Unknown upgrade '%s'\n", up); - - if (lws_return_http_status(wsi, - HTTP_STATUS_FORBIDDEN, NULL) || - lws_http_transaction_completed(wsi)) - goto bail_nuke_ah; - } - - n = user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, - wsi->user_space, (char *)up, 0); - - /* just hang up? */ - - if (n < 0) - goto bail_nuke_ah; - - /* callback returned headers already, do t_c? */ - - if (n > 0) { - if (lws_http_transaction_completed(wsi)) - goto bail_nuke_ah; - - /* continue on */ - - return 0; - } - - /* callback said 0, it was allowed */ - - if (wsi->vhost->options & - LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK && - lws_confirm_host_header(wsi)) - goto bail_nuke_ah; - - if (!strcasecmp(up, "websocket")) { -#if defined(LWS_ROLE_WS) - wsi->vhost->conn_stats.ws_upg++; - lwsl_info("Upgrade to ws\n"); - goto upgrade_ws; -#endif - } -#if defined(LWS_WITH_HTTP2) - if (!strcasecmp(up, "h2c")) { - wsi->vhost->conn_stats.h2_upg++; - lwsl_info("Upgrade to h2c\n"); - goto upgrade_h2c; - } -#endif - } - - /* no upgrade ack... he remained as HTTP */ - - lwsl_info("%s: %p: No upgrade\n", __func__, wsi); - - lwsi_set_state(wsi, LRS_ESTABLISHED); - wsi->http.fop_fd = NULL; - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - lws_http_compression_validate(wsi); -#endif - - lwsl_debug("%s: wsi %p: ah %p\n", __func__, (void *)wsi, - (void *)wsi->http.ah); - - n = lws_http_action(wsi); - - return n; - -#if defined(LWS_WITH_HTTP2) -upgrade_h2c: - if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP2_SETTINGS)) { - lwsl_info("missing http2_settings\n"); - goto bail_nuke_ah; - } - - lwsl_info("h2c upgrade...\n"); - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP2_SETTINGS); - /* convert the peer's HTTP-Settings */ - n = lws_b64_decode_string(p, tbuf, sizeof(tbuf)); - if (n < 0) { - lwsl_parser("HTTP2_SETTINGS too long\n"); - return 1; - } - - wsi->upgraded_to_http2 = 1; - - /* adopt the header info */ - - ah = wsi->http.ah; - lws_role_transition(wsi, LWSIFR_SERVER, LRS_H2_AWAIT_PREFACE, - &role_ops_h2); - - /* http2 union member has http union struct at start */ - wsi->http.ah = ah; - - if (!wsi->h2.h2n) { - wsi->h2.h2n = lws_zalloc(sizeof(*wsi->h2.h2n), - "h2n"); - if (!wsi->h2.h2n) - return 1; - } - - lws_h2_init(wsi); - - /* HTTP2 union */ - - lws_h2_settings(wsi, &wsi->h2.h2n->set, (unsigned char *)tbuf, n); - - lws_hpack_dynamic_size(wsi, wsi->h2.h2n->set.s[ - H2SET_HEADER_TABLE_SIZE]); - - strcpy(tbuf, "HTTP/1.1 101 Switching Protocols\x0d\x0a" - "Connection: Upgrade\x0d\x0a" - "Upgrade: h2c\x0d\x0a\x0d\x0a"); - m = (int)strlen(tbuf); - n = lws_issue_raw(wsi, (unsigned char *)tbuf, m); - if (n != m) { - lwsl_debug("http2 switch: ERROR writing to socket\n"); - return 1; - } - - return 0; -#endif -#if defined(LWS_ROLE_WS) -upgrade_ws: - if (lws_process_ws_upgrade(wsi)) - goto bail_nuke_ah; - - return 0; -#endif - } /* while all chars are handled */ - - return 0; - -bail_nuke_ah: - /* drop the header info */ - lws_header_table_detach(wsi, 1); - - return 1; -} -#endif - -LWS_VISIBLE int LWS_WARN_UNUSED_RESULT -lws_http_transaction_completed(struct lws *wsi) -{ - int n = NO_PENDING_TIMEOUT; - - if (lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - || wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more -#endif - ) { - /* - * ...so he tried to send something large as the http reply, - * it went as a partial, but he immediately said the - * transaction was completed. - * - * Defer the transaction completed until the last part of the - * partial is sent. - */ - lwsl_debug("%s: %p: deferring due to partial\n", __func__, wsi); - wsi->http.deferred_transaction_completed = 1; - lws_callback_on_writable(wsi); - - return 0; - } - /* - * Are we finishing the transaction before we have consumed any body? - * - * For h1 this would kill keepalive pipelining, and for h2, considering - * it can extend over multiple DATA frames, it would kill the network - * connection. - */ - if (wsi->http.rx_content_length && wsi->http.rx_content_remain) { - /* - * are we already in LRS_DISCARD_BODY and didn't clear the - * remaining before trying to complete the transaction again? - */ - if (lwsi_state(wsi) == LRS_DISCARD_BODY) - return -1; - /* - * let's defer transaction completed processing until we - * discarded the remaining body - */ - lwsi_set_state(wsi, LRS_DISCARD_BODY); - - return 0; - } - - lwsl_info("%s: wsi %p\n", __func__, wsi); - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - lws_http_compression_destroy(wsi); -#endif - lws_access_log(wsi); - - if (!wsi->hdr_parsing_completed) { - char peer[64]; - -#if !defined(LWS_PLAT_OPTEE) - lws_get_peer_simple(wsi, peer, sizeof(peer) - 1); -#else - peer[0] = '\0'; -#endif - peer[sizeof(peer) - 1] = '\0'; - lwsl_notice("%s: (from %s) ignoring, ah parsing incomplete\n", - __func__, peer); - return 0; - } - - /* if we can't go back to accept new headers, drop the connection */ - if (wsi->http2_substream) - return 1; - - if (wsi->seen_zero_length_recv) - return 1; - - if (wsi->http.conn_type != HTTP_CONNECTION_KEEP_ALIVE) { - lwsl_info("%s: %p: close connection\n", __func__, wsi); - return 1; - } - - if (lws_bind_protocol(wsi, &wsi->vhost->protocols[0], __func__)) - return 1; - - /* - * otherwise set ourselves up ready to go again, but because we have no - * idea about the wsi writability, we make put it in a holding state - * until we can verify POLLOUT. The part of this that confirms POLLOUT - * with no partials is in lws_server_socket_service() below. - */ - lwsl_debug("%s: %p: setting DEF_ACT from 0x%x\n", __func__, - wsi, wsi->wsistate); - lwsi_set_state(wsi, LRS_DEFERRING_ACTION); - wsi->http.tx_content_length = 0; - wsi->http.tx_content_remain = 0; - wsi->hdr_parsing_completed = 0; - wsi->sending_chunked = 0; -#ifdef LWS_WITH_ACCESS_LOG - wsi->http.access_log.sent = 0; -#endif - -#if defined(LWS_WITH_FILE_OPS) && (defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2)) - if (lwsi_role_http(wsi) && lwsi_role_server(wsi) && - wsi->http.fop_fd != NULL) - lws_vfs_file_close(&wsi->http.fop_fd); -#endif - - if (wsi->vhost->keepalive_timeout) - n = PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE; - lws_set_timeout(wsi, n, wsi->vhost->keepalive_timeout); - - /* - * We already know we are on http1.1 / keepalive and the next thing - * coming will be another header set. - * - * If there is no pending rx and we still have the ah, drop it and - * reacquire a new ah when the new headers start to arrive. (Otherwise - * we needlessly hog an ah indefinitely.) - * - * However if there is pending rx and we know from the keepalive state - * that is already at least the start of another header set, simply - * reset the existing header table and keep it. - */ - if (wsi->http.ah) { - // lws_buflist_describe(&wsi->buflist, wsi); - if (!lws_buflist_next_segment_len(&wsi->buflist, NULL)) { - lwsl_debug("%s: %p: nothing in buflist, detaching ah\n", - __func__, wsi); - lws_header_table_detach(wsi, 1); -#ifdef LWS_WITH_TLS - /* - * additionally... if we are hogging an SSL instance - * with no pending pipelined headers (or ah now), and - * SSL is scarce, drop this connection without waiting - */ - - if (wsi->vhost->tls.use_ssl && - wsi->context->simultaneous_ssl_restriction && - wsi->context->simultaneous_ssl == - wsi->context->simultaneous_ssl_restriction) { - lwsl_info("%s: simultaneous_ssl_restriction\n", - __func__); - return 1; - } -#endif - } else { - lwsl_info("%s: %p: resetting/keeping ah as pipeline\n", - __func__, wsi); - lws_header_table_reset(wsi, 0); - /* - * If we kept the ah, we should restrict the amount - * of time we are willing to keep it. Otherwise it - * will be bound the whole time the connection remains - * open. - */ - lws_set_timeout(wsi, PENDING_TIMEOUT_HOLDING_AH, - wsi->vhost->keepalive_timeout); - } - /* If we're (re)starting on headers, need other implied init */ - if (wsi->http.ah) - wsi->http.ah->ues = URIES_IDLE; - - //lwsi_set_state(wsi, LRS_ESTABLISHED); // !!! - } else - if (lws_buflist_next_segment_len(&wsi->buflist, NULL)) - if (lws_header_table_attach(wsi, 0)) - lwsl_debug("acquired ah\n"); - - lwsl_debug("%s: %p: keep-alive await new transaction (state 0x%x)\n", - __func__, wsi, wsi->wsistate); - lws_callback_on_writable(wsi); - - return 0; -} - -#if !defined(LWS_AMAZON_RTOS) -LWS_VISIBLE int -lws_serve_http_file(struct lws *wsi, const char *file, const char *content_type, - const char *other_headers, int other_headers_len) -{ - struct lws_context *context = lws_get_context(wsi); - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - unsigned char *response = pt->serv_buf + LWS_PRE; -#if defined(LWS_WITH_RANGES) - struct lws_range_parsing *rp = &wsi->http.range; -#endif - int ret = 0, cclen = 8, n = HTTP_STATUS_OK; - char cache_control[50], *cc = "no-store"; - lws_fop_flags_t fflags = LWS_O_RDONLY; - const struct lws_plat_file_ops *fops; - lws_filepos_t total_content_length; - unsigned char *p = response; - unsigned char *end = p + context->pt_serv_buf_size - LWS_PRE; - const char *vpath; -#if defined(LWS_WITH_RANGES) - int ranges; -#endif - - if (wsi->handling_404) - n = HTTP_STATUS_NOT_FOUND; - - /* - * We either call the platform fops .open with first arg platform fops, - * or we call fops_zip .open with first arg platform fops, and fops_zip - * open will decide whether to switch to fops_zip or stay with fops_def. - * - * If wsi->http.fop_fd is already set, the caller already opened it - */ - if (!wsi->http.fop_fd) { - fops = lws_vfs_select_fops(wsi->context->fops, file, &vpath); - fflags |= lws_vfs_prepare_flags(wsi); - wsi->http.fop_fd = fops->LWS_FOP_OPEN(wsi->context->fops, - file, vpath, &fflags); - if (!wsi->http.fop_fd) { - lwsl_info("%s: Unable to open: '%s': errno %d\n", - __func__, file, errno); - if (lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, - NULL)) - return -1; - return !wsi->http2_substream; - } - } - - /* - * Caution... wsi->http.fop_fd is live from here - */ - - wsi->http.filelen = lws_vfs_get_length(wsi->http.fop_fd); - total_content_length = wsi->http.filelen; - -#if defined(LWS_WITH_RANGES) - ranges = lws_ranges_init(wsi, rp, wsi->http.filelen); - - lwsl_debug("Range count %d\n", ranges); - /* - * no ranges -> 200; - * 1 range -> 206 + Content-Type: normal; Content-Range; - * more -> 206 + Content-Type: multipart/byteranges - * Repeat the true Content-Type in each multipart header - * along with Content-Range - */ - if (ranges < 0) { - /* it means he expressed a range in Range:, but it was illegal */ - lws_return_http_status(wsi, - HTTP_STATUS_REQ_RANGE_NOT_SATISFIABLE, NULL); - if (lws_http_transaction_completed(wsi)) - goto bail; /* <0 means just hang up */ - - lws_vfs_file_close(&wsi->http.fop_fd); - - return 0; /* == 0 means we did the transaction complete */ - } - if (ranges) - n = HTTP_STATUS_PARTIAL_CONTENT; -#endif - - if (lws_add_http_header_status(wsi, n, &p, end)) - goto bail; - - if ((wsi->http.fop_fd->flags & (LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP | - LWS_FOP_FLAG_COMPR_IS_GZIP)) == - (LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP | LWS_FOP_FLAG_COMPR_IS_GZIP)) { - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_ENCODING, - (unsigned char *)"gzip", 4, &p, end)) - goto bail; - lwsl_info("file is being provided in gzip\n"); - } -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - else { - /* - * if we know its very compressible, and we can use - * compression, then use the most preferred compression - * method that the client said he will accept - */ - - if (!wsi->interpreting && ( - !strncmp(content_type, "text/", 5) || - !strcmp(content_type, "application/javascript") || - !strcmp(content_type, "image/svg+xml"))) - lws_http_compression_apply(wsi, NULL, &p, end, 0); - } -#endif - - if ( -#if defined(LWS_WITH_RANGES) - ranges < 2 && -#endif - content_type && content_type[0]) - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)content_type, - (int)strlen(content_type), - &p, end)) - goto bail; - -#if defined(LWS_WITH_RANGES) - if (ranges >= 2) { /* multipart byteranges */ - lws_strncpy(wsi->http.multipart_content_type, content_type, - sizeof(wsi->http.multipart_content_type)); - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *) - "multipart/byteranges; " - "boundary=_lws", - 20, &p, end)) - goto bail; - - /* - * our overall content length has to include - * - * - (n + 1) x "_lws\r\n" - * - n x Content-Type: xxx/xxx\r\n - * - n x Content-Range: bytes xxx-yyy/zzz\r\n - * - n x /r/n - * - the actual payloads (aggregated in rp->agg) - * - * Precompute it for the main response header - */ - - total_content_length = (lws_filepos_t)rp->agg + - 6 /* final _lws\r\n */; - - lws_ranges_reset(rp); - while (lws_ranges_next(rp)) { - n = lws_snprintf(cache_control, sizeof(cache_control), - "bytes %llu-%llu/%llu", - rp->start, rp->end, rp->extent); - - total_content_length += - 6 /* header _lws\r\n */ + - /* Content-Type: xxx/xxx\r\n */ - 14 + strlen(content_type) + 2 + - /* Content-Range: xxxx\r\n */ - 15 + n + 2 + - 2; /* /r/n */ - } - - lws_ranges_reset(rp); - lws_ranges_next(rp); - } - - if (ranges == 1) { - total_content_length = (lws_filepos_t)rp->agg; - n = lws_snprintf(cache_control, sizeof(cache_control), - "bytes %llu-%llu/%llu", - rp->start, rp->end, rp->extent); - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_RANGE, - (unsigned char *)cache_control, - n, &p, end)) - goto bail; - } - - wsi->http.range.inside = 0; - - if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_ACCEPT_RANGES, - (unsigned char *)"bytes", 5, &p, end)) - goto bail; -#endif - - if (!wsi->http2_substream) { - /* for http/1.1 ... */ - if (!wsi->sending_chunked -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - && !wsi->http.lcs -#endif - ) { - /* ... if not already using chunked and not using an - * http compression translation, then send the naive - * content length - */ - if (lws_add_http_header_content_length(wsi, - total_content_length, &p, end)) - goto bail; - } else { - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.lcs) { - - /* ...otherwise, for http 1 it must go chunked. - * For the compression case, the reason is we - * compress on the fly and do not know the - * compressed content-length until it has all - * been sent. Http/1.1 pipelining must be able - * to know where the transaction boundaries are - * ... so chunking... - */ - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_TRANSFER_ENCODING, - (unsigned char *)"chunked", 7, - &p, end)) - goto bail; - - /* - * ...this is fun, isn't it :-) For h1 that is - * using an http compression translation, the - * compressor must chunk its output privately. - * - * h2 doesn't need (or support) any of this - * crap. - */ - lwsl_debug("setting chunking\n"); - wsi->http.comp_ctx.chunking = 1; - } -#endif - } - } - - if (wsi->cache_secs && wsi->cache_reuse) { - if (!wsi->cache_revalidate) { - cc = cache_control; - cclen = sprintf(cache_control, "%s, max-age=%u", - intermediates[wsi->cache_intermediaries], - wsi->cache_secs); - } else { - cc = cache_control; - cclen = sprintf(cache_control, - "must-revalidate, %s, max-age=%u", - intermediates[wsi->cache_intermediaries], - wsi->cache_secs); - - } - } - - /* Only add cache control if its not specified by any other_headers. */ - if (!other_headers || - (!strstr(other_headers, "cache-control") && - !strstr(other_headers, "Cache-Control"))) { - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CACHE_CONTROL, - (unsigned char *)cc, cclen, &p, end)) - goto bail; - } - - if (other_headers) { - if ((end - p) < other_headers_len) - goto bail; - memcpy(p, other_headers, other_headers_len); - p += other_headers_len; - } - - if (lws_finalize_http_header(wsi, &p, end)) - goto bail; - - ret = lws_write(wsi, response, p - response, LWS_WRITE_HTTP_HEADERS); - if (ret != (p - response)) { - lwsl_err("_write returned %d from %ld\n", ret, - (long)(p - response)); - goto bail; - } - - wsi->http.filepos = 0; - lwsi_set_state(wsi, LRS_ISSUING_FILE); - - if (lws_hdr_total_length(wsi, WSI_TOKEN_HEAD_URI)) { - /* we do not emit the body */ - lws_vfs_file_close(&wsi->http.fop_fd); - if (lws_http_transaction_completed(wsi)) - goto bail; - - return 0; - } - - lws_callback_on_writable(wsi); - - return 0; - -bail: - lws_vfs_file_close(&wsi->http.fop_fd); - - return -1; -} -#endif - -LWS_VISIBLE int lws_serve_http_file_fragment(struct lws *wsi) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_process_html_args args; - lws_filepos_t amount, poss; - unsigned char *p, *pstart; -#if defined(LWS_WITH_RANGES) - unsigned char finished = 0; -#endif - int n, m; - - lwsl_debug("wsi->http2_substream %d\n", wsi->http2_substream); - - do { - - /* priority 1: buffered output */ - - if (lws_has_buffered_out(wsi)) { - if (lws_issue_raw(wsi, NULL, 0) < 0) { - lwsl_info("%s: closing\n", __func__); - goto file_had_it; - } - break; - } - - /* priority 2: buffered pre-compression-transform */ - -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - if (wsi->http.comp_ctx.buflist_comp || - wsi->http.comp_ctx.may_have_more) { - enum lws_write_protocol wp = LWS_WRITE_HTTP; - - lwsl_info("%s: completing comp partial (buflist %p, may %d)\n", - __func__, wsi->http.comp_ctx.buflist_comp, - wsi->http.comp_ctx.may_have_more); - - if (wsi->role_ops->write_role_protocol(wsi, NULL, 0, &wp) < 0) { - lwsl_info("%s signalling to close\n", __func__); - goto file_had_it; - } - lws_callback_on_writable(wsi); - - break; - } -#endif - - if (wsi->http.filepos == wsi->http.filelen) - goto all_sent; - - n = 0; - - pstart = pt->serv_buf + LWS_H2_FRAME_HEADER_LENGTH; - - p = pstart; - -#if defined(LWS_WITH_RANGES) - if (wsi->http.range.count_ranges && !wsi->http.range.inside) { - - lwsl_notice("%s: doing range start %llu\n", __func__, - wsi->http.range.start); - - if ((long long)lws_vfs_file_seek_cur(wsi->http.fop_fd, - wsi->http.range.start - - wsi->http.filepos) < 0) - goto file_had_it; - - wsi->http.filepos = wsi->http.range.start; - - if (wsi->http.range.count_ranges > 1) { - n = lws_snprintf((char *)p, - context->pt_serv_buf_size - - LWS_H2_FRAME_HEADER_LENGTH, - "_lws\x0d\x0a" - "Content-Type: %s\x0d\x0a" - "Content-Range: bytes " - "%llu-%llu/%llu\x0d\x0a" - "\x0d\x0a", - wsi->http.multipart_content_type, - wsi->http.range.start, - wsi->http.range.end, - wsi->http.range.extent); - p += n; - } - - wsi->http.range.budget = wsi->http.range.end - - wsi->http.range.start + 1; - wsi->http.range.inside = 1; - } -#endif - - poss = context->pt_serv_buf_size - n - - LWS_H2_FRAME_HEADER_LENGTH; - - if (wsi->http.tx_content_length) - if (poss > wsi->http.tx_content_remain) - poss = wsi->http.tx_content_remain; - - /* - * if there is a hint about how much we will do well to send at - * one time, restrict ourselves to only trying to send that. - */ - if (wsi->protocol->tx_packet_size && - poss > wsi->protocol->tx_packet_size) - poss = wsi->protocol->tx_packet_size; - - if (wsi->role_ops->tx_credit) { - lws_filepos_t txc = wsi->role_ops->tx_credit(wsi); - - if (!txc) { - lwsl_info("%s: came here with no tx credit\n", - __func__); - return 0; - } - if (txc < poss) - poss = txc; - - /* - * consumption of the actual payload amount sent will be - * handled when the role data frame is sent - */ - } - -#if defined(LWS_WITH_RANGES) - if (wsi->http.range.count_ranges) { - if (wsi->http.range.count_ranges > 1) - poss -= 7; /* allow for final boundary */ - if (poss > wsi->http.range.budget) - poss = wsi->http.range.budget; - } -#endif - if (wsi->sending_chunked) { - /* we need to drop the chunk size in here */ - p += 10; - /* allow for the chunk to grow by 128 in translation */ - poss -= 10 + 128; - } - - if (lws_vfs_file_read(wsi->http.fop_fd, &amount, p, poss) < 0) - goto file_had_it; /* caller will close */ - - if (wsi->sending_chunked) - n = (int)amount; - else - n = lws_ptr_diff(p, pstart) + (int)amount; - - lwsl_debug("%s: sending %d\n", __func__, n); - - if (n) { - lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_CONTENT, - context->timeout_secs); - - if (wsi->interpreting) { - args.p = (char *)p; - args.len = n; - args.max_len = (unsigned int)poss + 128; - args.final = wsi->http.filepos + n == - wsi->http.filelen; - args.chunked = wsi->sending_chunked; - if (user_callback_handle_rxflow( - wsi->vhost->protocols[ - (int)wsi->protocol_interpret_idx].callback, - wsi, LWS_CALLBACK_PROCESS_HTML, - wsi->user_space, &args, 0) < 0) - goto file_had_it; - n = args.len; - p = (unsigned char *)args.p; - } else - p = pstart; - -#if defined(LWS_WITH_RANGES) - if (wsi->http.range.send_ctr + 1 == - wsi->http.range.count_ranges && // last range - wsi->http.range.count_ranges > 1 && // was 2+ ranges (ie, multipart) - wsi->http.range.budget - amount == 0) {// final part - n += lws_snprintf((char *)pstart + n, 6, - "_lws\x0d\x0a"); // append trailing boundary - lwsl_debug("added trailing boundary\n"); - } -#endif - m = lws_write(wsi, p, n, wsi->http.filepos + amount == - wsi->http.filelen ? - LWS_WRITE_HTTP_FINAL : LWS_WRITE_HTTP); - if (m < 0) - goto file_had_it; - - wsi->http.filepos += amount; - -#if defined(LWS_WITH_RANGES) - if (wsi->http.range.count_ranges >= 1) { - wsi->http.range.budget -= amount; - if (wsi->http.range.budget == 0) { - lwsl_notice("range budget exhausted\n"); - wsi->http.range.inside = 0; - wsi->http.range.send_ctr++; - - if (lws_ranges_next(&wsi->http.range) < 1) { - finished = 1; - goto all_sent; - } - } - } -#endif - - if (m != n) { - /* adjust for what was not sent */ - if (lws_vfs_file_seek_cur(wsi->http.fop_fd, - m - n) == - (lws_fileofs_t)-1) - goto file_had_it; - } - } - -all_sent: - if ((!lws_has_buffered_out(wsi) -#if defined(LWS_WITH_HTTP_STREAM_COMPRESSION) - && !wsi->http.comp_ctx.buflist_comp && - !wsi->http.comp_ctx.may_have_more -#endif - ) && (wsi->http.filepos >= wsi->http.filelen -#if defined(LWS_WITH_RANGES) - || finished) -#else - ) -#endif - ) { - lwsi_set_state(wsi, LRS_ESTABLISHED); - /* we might be in keepalive, so close it off here */ - lws_vfs_file_close(&wsi->http.fop_fd); - - lwsl_debug("file completed\n"); - - if (wsi->protocol->callback && - user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_HTTP_FILE_COMPLETION, - wsi->user_space, NULL, 0) < 0) { - /* - * For http/1.x, the choices from - * transaction_completed are either - * 0 to use the connection for pipelined - * or nonzero to hang it up. - * - * However for http/2. while we are - * still interested in hanging up the - * nwsi if there was a network-level - * fatal error, simply completing the - * transaction is a matter of the stream - * state, not the root connection at the - * network level - */ - if (wsi->http2_substream) - return 1; - else - return -1; - } - - return 1; /* >0 indicates completed */ - } - /* - * while(1) here causes us to spam the whole file contents into - * a hugely bloated output buffer if it ever can't send the - * whole chunk... - */ - } while (!lws_send_pipe_choked(wsi)); - - lws_callback_on_writable(wsi); - - return 0; /* indicates further processing must be done */ - -file_had_it: - lws_vfs_file_close(&wsi->http.fop_fd); - - return -1; -} - -#ifndef LWS_NO_SERVER -LWS_VISIBLE void -lws_server_get_canonical_hostname(struct lws_context *context, - const struct lws_context_creation_info *info) -{ - if (lws_check_opt(info->options, - LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME)) - return; -#if !defined(LWS_WITH_ESP32) - /* find canonical hostname */ - gethostname((char *)context->canonical_hostname, - sizeof(context->canonical_hostname) - 1); - - lwsl_info(" canonical_hostname = %s\n", context->canonical_hostname); -#else - (void)context; -#endif -} -#endif - -LWS_VISIBLE LWS_EXTERN int -lws_chunked_html_process(struct lws_process_html_args *args, - struct lws_process_html_state *s) -{ - char *sp, buffer[32]; - const char *pc; - int old_len, n; - - /* do replacements */ - sp = args->p; - old_len = args->len; - args->len = 0; - s->start = sp; - while (sp < args->p + old_len) { - - if (args->len + 7 >= args->max_len) { - lwsl_err("Used up interpret padding\n"); - return -1; - } - - if ((!s->pos && *sp == '$') || s->pos) { - int hits = 0, hit = 0; - - if (!s->pos) - s->start = sp; - s->swallow[s->pos++] = *sp; - if (s->pos == sizeof(s->swallow) - 1) - goto skip; - for (n = 0; n < s->count_vars; n++) - if (!strncmp(s->swallow, s->vars[n], s->pos)) { - hits++; - hit = n; - } - if (!hits) { -skip: - s->swallow[s->pos] = '\0'; - memcpy(s->start, s->swallow, s->pos); - args->len++; - s->pos = 0; - sp = s->start + 1; - continue; - } - if (hits == 1 && s->pos == (int)strlen(s->vars[hit])) { - pc = s->replace(s->data, hit); - if (!pc) - pc = "NULL"; - n = (int)strlen(pc); - s->swallow[s->pos] = '\0'; - if (n != s->pos) { - memmove(s->start + n, s->start + s->pos, - old_len - (sp - args->p) - 1); - old_len += (n - s->pos) + 1; - } - memcpy(s->start, pc, n); - args->len++; - sp = s->start + 1; - - s->pos = 0; - } - sp++; - continue; - } - - args->len++; - sp++; - } - - if (args->chunked) { - /* no space left for final chunk trailer */ - if (args->final && args->len + 7 >= args->max_len) - return -1; - - n = sprintf(buffer, "%X\x0d\x0a", args->len); - - args->p -= n; - memcpy(args->p, buffer, n); - args->len += n; - - if (args->final) { - sp = args->p + args->len; - *sp++ = '\x0d'; - *sp++ = '\x0a'; - *sp++ = '0'; - *sp++ = '\x0d'; - *sp++ = '\x0a'; - *sp++ = '\x0d'; - *sp++ = '\x0a'; - args->len += 7; - } else { - sp = args->p + args->len; - *sp++ = '\x0d'; - *sp++ = '\x0a'; - args->len += 2; - } - } - - return 0; -} diff --git a/lib/roles/listen/ops-listen.c b/lib/roles/listen/ops-listen.c deleted file mode 100644 index 2f405c7..0000000 --- a/lib/roles/listen/ops-listen.c +++ /dev/null @@ -1,205 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_listen(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_context *context = wsi->context; - lws_sockfd_type accept_fd = LWS_SOCK_INVALID; - lws_sock_file_fd_type fd; - struct sockaddr_storage cli_addr; - socklen_t clilen; - - /* if our vhost is going down, ignore it */ - - if (wsi->vhost->being_destroyed) - return LWS_HPI_RET_HANDLED; - - /* pollin means a client has connected to us then - * - * pollout is a hack on esp32 for background accepts signalling - * they completed - */ - - do { - struct lws *cwsi; - int opts = LWS_ADOPT_SOCKET | LWS_ADOPT_ALLOW_SSL; - - if (!(pollfd->revents & (LWS_POLLIN | LWS_POLLOUT)) || - !(pollfd->events & LWS_POLLIN)) - break; - -#if defined(LWS_WITH_TLS) - /* - * can we really accept it, with regards to SSL limit? - * another vhost may also have had POLLIN on his - * listener this round and used it up already - */ - if (wsi->vhost->tls.use_ssl && - context->simultaneous_ssl_restriction && - context->simultaneous_ssl == - context->simultaneous_ssl_restriction) - /* - * no... ignore it, he won't come again until - * we are below the simultaneous_ssl_restriction - * limit and POLLIN is enabled on him again - */ - break; -#endif - /* listen socket got an unencrypted connection... */ - - clilen = sizeof(cli_addr); - lws_latency_pre(context, wsi); - - /* - * We cannot identify the peer who is in the listen - * socket connect queue before we accept it; even if - * we could, not accepting it due to PEER_LIMITS would - * block the connect queue for other legit peers. - */ - - accept_fd = accept((int)pollfd->fd, - (struct sockaddr *)&cli_addr, &clilen); - lws_latency(context, wsi, "listener accept", - (int)accept_fd, accept_fd != LWS_SOCK_INVALID); - if (accept_fd == LWS_SOCK_INVALID) { - if (LWS_ERRNO == LWS_EAGAIN || - LWS_ERRNO == LWS_EWOULDBLOCK) { - break; - } - lwsl_err("accept: %s\n", strerror(LWS_ERRNO)); - return LWS_HPI_RET_HANDLED; - } - - if (context->being_destroyed) { - compatible_close(accept_fd); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - lws_plat_set_socket_options(wsi->vhost, accept_fd, 0); - -#if defined(LWS_WITH_IPV6) - lwsl_debug("accepted new conn port %u on fd=%d\n", - ((cli_addr.ss_family == AF_INET6) ? - ntohs(((struct sockaddr_in6 *) &cli_addr)->sin6_port) : - ntohs(((struct sockaddr_in *) &cli_addr)->sin_port)), - accept_fd); -#else - { - struct sockaddr_in sain; - memcpy(&sain, &cli_addr, sizeof(sain)); - lwsl_debug("accepted new conn port %u on fd=%d\n", - ntohs(sain.sin_port), - accept_fd); - } -#endif - - /* - * look at who we connected to and give user code a - * chance to reject based on client IP. There's no - * protocol selected yet so we issue this to - * protocols[0] - */ - if ((wsi->vhost->protocols[0].callback)(wsi, - LWS_CALLBACK_FILTER_NETWORK_CONNECTION, - NULL, - (void *)(lws_intptr_t)accept_fd, 0)) { - lwsl_debug("Callback denied net connection\n"); - compatible_close(accept_fd); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (!(wsi->vhost->options & - LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG)) - opts |= LWS_ADOPT_HTTP; - -#if defined(LWS_WITH_TLS) - if (!wsi->vhost->tls.use_ssl) -#endif - opts &= ~LWS_ADOPT_ALLOW_SSL; - - fd.sockfd = accept_fd; - cwsi = lws_adopt_descriptor_vhost(wsi->vhost, opts, fd, - NULL, NULL); - if (!cwsi) { - lwsl_err("%s: lws_adopt_descriptor_vhost failed\n", - __func__); - /* already closed cleanly as necessary */ - return LWS_HPI_RET_WSI_ALREADY_DIED; - } -/* - if (lws_server_socket_service_ssl(cwsi, accept_fd)) { - lws_close_free_wsi(cwsi, LWS_CLOSE_STATUS_NOSTATUS, - "listen svc fail"); - return LWS_HPI_RET_WSI_ALREADY_DIED; - } - - lwsl_info("%s: new wsi %p: wsistate 0x%lx, role_ops %s\n", - __func__, cwsi, (unsigned long)cwsi->wsistate, - cwsi->role_ops->name); -*/ - - } while (pt->fds_count < context->fd_limit_per_thread - 1 && - wsi->position_in_fds_table != LWS_NO_FDS_POS && - lws_poll_listen_fd(&pt->fds[wsi->position_in_fds_table]) > 0); - - return LWS_HPI_RET_HANDLED; -} - -int rops_handle_POLLOUT_listen(struct lws *wsi) -{ - return LWS_HP_RET_USER_SERVICE; -} - -struct lws_role_ops role_ops_listen = { - /* role name */ "listen", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_listen, - /* handle_POLLOUT */ rops_handle_POLLOUT_listen, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { 0, 0 }, - /* rx_cb clnt, srv */ { 0, 0 }, - /* writeable cb clnt, srv */ { 0, 0 }, - /* close cb clnt, srv */ { 0, 0 }, - /* protocol_bind_cb c,s */ { 0, 0 }, - /* protocol_unbind_cb c,s */ { 0, 0 }, - /* file_handle */ 0, -}; diff --git a/lib/roles/pipe/ops-pipe.c b/lib/roles/pipe/ops-pipe.c deleted file mode 100644 index 012050b..0000000 --- a/lib/roles/pipe/ops-pipe.c +++ /dev/null @@ -1,98 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_pipe(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ -#if !defined(WIN32) && !defined(_WIN32) - char s[100]; - int n; - - /* - * discard the byte(s) that signaled us - * We really don't care about the number of bytes, but coverity - * thinks we should. - */ - n = read(wsi->desc.sockfd, s, sizeof(s)); - (void)n; - if (n < 0) - return LWS_HPI_RET_PLEASE_CLOSE_ME; -#endif - -#if defined(LWS_WITH_THREADPOOL) - /* - * threadpools that need to call for on_writable callbacks do it by - * marking the task as needing one for its wsi, then cancelling service. - * - * Each tsi will call this to perform the actual callback_on_writable - * from the correct service thread context - */ - lws_threadpool_tsi_context(pt->context, pt->tid); -#endif - - /* - * the poll() wait, or the event loop for libuv etc is a - * process-wide resource that we interrupted. So let every - * protocol that may be interested in the pipe event know that - * it happened. - */ - if (lws_broadcast(pt, LWS_CALLBACK_EVENT_WAIT_CANCELLED, NULL, 0)) { - lwsl_info("closed in event cancel\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - return LWS_HPI_RET_HANDLED; -} - -struct lws_role_ops role_ops_pipe = { - /* role name */ "pipe", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_pipe, - /* handle_POLLOUT */ NULL, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { 0, 0 }, - /* rx_cb clnt, srv */ { 0, 0 }, - /* writeable cb clnt, srv */ { 0, 0 }, - /* close cb clnt, srv */ { 0, 0 }, - /* protocol_bind_cb c,s */ { 0, 0 }, - /* protocol_unbind_cb c,s */ { 0, 0 }, - /* file_handle */ 1, -}; diff --git a/lib/roles/private.h b/lib/roles/private.h deleted file mode 100644 index 55d9550..0000000 --- a/lib/roles/private.h +++ /dev/null @@ -1,335 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h - */ - -typedef uint32_t lws_wsi_state_t; - -/* - * The wsi->role_ops pointer decides almost everything about what role the wsi - * will play, h2, raw, ws, etc. - * - * However there are a few additional flags needed that vary, such as if the - * role is a client or server side, if it has that concept. And the connection - * fulfilling the role, has a separate dynamic state. - * - * 31 16 15 0 - * [ role flags ] [ state ] - * - * The role flags part is generally invariant for the lifetime of the wsi, - * although it can change if the connection role itself does, eg, if the - * connection upgrades from H1 -> WS1 the role flags may be changed at that - * point. - * - * The state part reflects the dynamic connection state, and the states are - * reused between roles. - * - * None of the internal role or state representations are made available outside - * of lws internals. Even for lws internals, if you add stuff here, please keep - * the constants inside this header only by adding necessary helpers here and - * use the helpers in the actual code. This is to ease any future refactors. - * - * Notice LWSIFR_ENCAP means we have a parent wsi that actually carries our - * data as a stream inside a different protocol. - */ - -#define _RS 16 - -#define LWSIFR_CLIENT (0x1000 << _RS) /* client side */ -#define LWSIFR_SERVER (0x2000 << _RS) /* server side */ - -#define LWSIFR_P_ENCAP_H2 (0x0100 << _RS) /* we are encapsulated by h2 */ - -enum lwsi_role { - LWSI_ROLE_MASK = (0xffff << _RS), - LWSI_ROLE_ENCAP_MASK = (0x0f00 << _RS), -}; - -#define lwsi_role(wsi) (wsi->wsistate & LWSI_ROLE_MASK) -#if !defined (_DEBUG) -#define lwsi_set_role(wsi, role) wsi->wsistate = \ - (wsi->wsistate & (~LWSI_ROLE_MASK)) | role -#else -void lwsi_set_role(struct lws *wsi, lws_wsi_state_t role); -#endif - -#define lwsi_role_client(wsi) (!!(wsi->wsistate & LWSIFR_CLIENT)) -#define lwsi_role_server(wsi) (!!(wsi->wsistate & LWSIFR_SERVER)) -#define lwsi_role_h2_ENCAPSULATION(wsi) \ - ((wsi->wsistate & LWSI_ROLE_ENCAP_MASK) == LWSIFR_P_ENCAP_H2) - -/* Pollout wants a callback in this state */ -#define LWSIFS_POCB (0x100) -/* Before any protocol connection was established */ -#define LWSIFS_NOT_EST (0x200) - -enum lwsi_state { - - /* Phase 1: pre-transport */ - - LRS_UNCONNECTED = LWSIFS_NOT_EST | 0, - LRS_WAITING_CONNECT = LWSIFS_NOT_EST | 1, - - /* Phase 2: establishing intermediaries on top of transport */ - - LRS_WAITING_PROXY_REPLY = LWSIFS_NOT_EST | 2, - LRS_WAITING_SSL = LWSIFS_NOT_EST | 3, - LRS_WAITING_SOCKS_GREETING_REPLY = LWSIFS_NOT_EST | 4, - LRS_WAITING_SOCKS_CONNECT_REPLY = LWSIFS_NOT_EST | 5, - LRS_WAITING_SOCKS_AUTH_REPLY = LWSIFS_NOT_EST | 6, - - /* Phase 3: establishing tls tunnel */ - - LRS_SSL_INIT = LWSIFS_NOT_EST | 7, - LRS_SSL_ACK_PENDING = LWSIFS_NOT_EST | 8, - LRS_PRE_WS_SERVING_ACCEPT = LWSIFS_NOT_EST | 9, - - /* Phase 4: connected */ - - LRS_WAITING_SERVER_REPLY = LWSIFS_NOT_EST | 10, - LRS_H2_AWAIT_PREFACE = LWSIFS_NOT_EST | 11, - LRS_H2_AWAIT_SETTINGS = LWSIFS_NOT_EST | - LWSIFS_POCB | 12, - - /* Phase 5: protocol logically established */ - - LRS_H2_CLIENT_SEND_SETTINGS = LWSIFS_POCB | 13, - LRS_H2_WAITING_TO_SEND_HEADERS = LWSIFS_POCB | 14, - LRS_DEFERRING_ACTION = LWSIFS_POCB | 15, - LRS_IDLING = 16, - LRS_H1C_ISSUE_HANDSHAKE = 17, - LRS_H1C_ISSUE_HANDSHAKE2 = 18, - LRS_ISSUE_HTTP_BODY = 19, - LRS_ISSUING_FILE = 20, - LRS_HEADERS = 21, - LRS_BODY = 22, - LRS_DISCARD_BODY = 31, - LRS_ESTABLISHED = LWSIFS_POCB | 23, - /* we are established, but we have embarked on serving a single - * transaction. Other transaction input may be pending, but we will - * not service it while we are busy dealing with the current - * transaction. - * - * When we complete the current transaction, we would reset our state - * back to ESTABLISHED and start to process the next transaction. - */ - LRS_DOING_TRANSACTION = LWSIFS_POCB | 24, - - /* Phase 6: finishing */ - - LRS_WAITING_TO_SEND_CLOSE = LWSIFS_POCB | 25, - LRS_RETURNED_CLOSE = LWSIFS_POCB | 26, - LRS_AWAITING_CLOSE_ACK = LWSIFS_POCB | 27, - LRS_FLUSHING_BEFORE_CLOSE = LWSIFS_POCB | 28, - LRS_SHUTDOWN = 29, - - /* Phase 7: dead */ - - LRS_DEAD_SOCKET = 30, - - LRS_MASK = 0xffff -}; - -#define lwsi_state(wsi) ((enum lwsi_state)(wsi->wsistate & LRS_MASK)) -#define lwsi_state_PRE_CLOSE(wsi) \ - ((enum lwsi_state)(wsi->wsistate_pre_close & LRS_MASK)) -#define lwsi_state_est(wsi) (!(wsi->wsistate & LWSIFS_NOT_EST)) -#define lwsi_state_est_PRE_CLOSE(wsi) \ - (!(wsi->wsistate_pre_close & LWSIFS_NOT_EST)) -#define lwsi_state_can_handle_POLLOUT(wsi) (wsi->wsistate & LWSIFS_POCB) -#if !defined (_DEBUG) -#define lwsi_set_state(wsi, lrs) wsi->wsistate = \ - (wsi->wsistate & (~LRS_MASK)) | lrs -#else -void lwsi_set_state(struct lws *wsi, lws_wsi_state_t lrs); -#endif - -#define _LWS_ADOPT_FINISH (1 << 24) - -/* - * internal role-specific ops - */ -struct lws_context_per_thread; -struct lws_role_ops { - const char *name; - const char *alpn; - /* - * After http headers have parsed, this is the last chance for a role - * to upgrade the connection to something else using the headers. - * ws-over-h2 is upgraded from h2 like this. - */ - int (*check_upgrades)(struct lws *wsi); - /* role-specific context init during context creation */ - int (*init_context)(struct lws_context *context, - const struct lws_context_creation_info *info); - /* role-specific per-vhost init during vhost creation */ - int (*init_vhost)(struct lws_vhost *vh, - const struct lws_context_creation_info *info); - /* role-specific per-vhost destructor during vhost destroy */ - int (*destroy_vhost)(struct lws_vhost *vh); - /* generic 1Hz callback for the role itself */ - int (*periodic_checks)(struct lws_context *context, int tsi, - time_t now); - /* chance for the role to force POLLIN without network activity */ - int (*service_flag_pending)(struct lws_context *context, int tsi); - /* an fd using this role has POLLIN signalled */ - int (*handle_POLLIN)(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd); - /* an fd using the role wanted a POLLOUT callback and now has it */ - int (*handle_POLLOUT)(struct lws *wsi); - /* perform user pollout */ - int (*perform_user_POLLOUT)(struct lws *wsi); - /* do effective callback on writeable */ - int (*callback_on_writable)(struct lws *wsi); - /* connection-specific tx credit in bytes */ - lws_fileofs_t (*tx_credit)(struct lws *wsi); - /* role-specific write formatting */ - int (*write_role_protocol)(struct lws *wsi, unsigned char *buf, - size_t len, enum lws_write_protocol *wp); - - /* get encapsulation parent */ - struct lws * (*encapsulation_parent)(struct lws *wsi); - - /* role-specific destructor */ - int (*alpn_negotiated)(struct lws *wsi, const char *alpn); - - /* chance for the role to handle close in the protocol */ - int (*close_via_role_protocol)(struct lws *wsi, - enum lws_close_status reason); - /* role-specific close processing */ - int (*close_role)(struct lws_context_per_thread *pt, struct lws *wsi); - /* role-specific connection close processing */ - int (*close_kill_connection)(struct lws *wsi, - enum lws_close_status reason); - /* role-specific destructor */ - int (*destroy_role)(struct lws *wsi); - - /* role-specific socket-adopt */ - int (*adoption_bind)(struct lws *wsi, int type, const char *prot); - /* role-specific client-bind: - * ret 1 = bound, 0 = not bound, -1 = fail out - * i may be NULL, indicating client_bind is being called after - * a successful bind earlier, to finalize the binding. In that - * case ret 0 = OK, 1 = fail, wsi needs freeing, -1 = fail, wsi freed */ - int (*client_bind)(struct lws *wsi, - const struct lws_client_connect_info *i); - - /* - * the callback reasons for adoption for client, server - * (just client applies if no concept of client or server) - */ - uint16_t adoption_cb[2]; - /* - * the callback reasons for adoption for client, server - * (just client applies if no concept of client or server) - */ - uint16_t rx_cb[2]; - /* - * the callback reasons for WRITEABLE for client, server - * (just client applies if no concept of client or server) - */ - uint16_t writeable_cb[2]; - /* - * the callback reasons for CLOSE for client, server - * (just client applies if no concept of client or server) - */ - uint16_t close_cb[2]; - /* - * the callback reasons for protocol bind for client, server - * (just client applies if no concept of client or server) - */ - uint16_t protocol_bind_cb[2]; - /* - * the callback reasons for protocol unbind for client, server - * (just client applies if no concept of client or server) - */ - uint16_t protocol_unbind_cb[2]; - - unsigned int file_handle:1; /* role operates on files not sockets */ -}; - -/* core roles */ -extern struct lws_role_ops role_ops_raw_skt, role_ops_raw_file, role_ops_listen, - role_ops_pipe; - -/* bring in role private declarations */ - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - #include "roles/http/private.h" -#else - #define lwsi_role_http(wsi) (0) -#endif - -#if defined(LWS_ROLE_H1) - #include "roles/h1/private.h" -#else - #define lwsi_role_h1(wsi) (0) -#endif - -#if defined(LWS_ROLE_H2) - #include "roles/h2/private.h" -#else - #define lwsi_role_h2(wsi) (0) -#endif - -#if defined(LWS_ROLE_WS) - #include "roles/ws/private.h" -#else - #define lwsi_role_ws(wsi) (0) -#endif - -#if defined(LWS_ROLE_CGI) - #include "roles/cgi/private.h" -#else - #define lwsi_role_cgi(wsi) (0) -#endif - -#if defined(LWS_ROLE_DBUS) - #include "roles/dbus/private.h" -#else - #define lwsi_role_dbus(wsi) (0) -#endif - -#if defined(LWS_ROLE_RAW_PROXY) - #include "roles/raw-proxy/private.h" -#else - #define lwsi_role_raw_proxy(wsi) (0) -#endif - -enum { - LWS_HP_RET_BAIL_OK, - LWS_HP_RET_BAIL_DIE, - LWS_HP_RET_USER_SERVICE, - - LWS_HPI_RET_WSI_ALREADY_DIED, /* we closed it */ - LWS_HPI_RET_HANDLED, /* no probs */ - LWS_HPI_RET_PLEASE_CLOSE_ME, /* close it for us */ - - LWS_UPG_RET_DONE, - LWS_UPG_RET_CONTINUE, - LWS_UPG_RET_BAIL -}; - -int -lws_role_call_adoption_bind(struct lws *wsi, int type, const char *prot); - -struct lws * -lws_client_connect_3(struct lws *wsi, struct lws *wsi_piggyback, ssize_t plen); diff --git a/lib/roles/raw-file/ops-raw-file.c b/lib/roles/raw-file/ops-raw-file.c deleted file mode 100644 index e19bd2a..0000000 --- a/lib/roles/raw-file/ops-raw-file.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_raw_file(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - int n; - - if (pollfd->revents & LWS_POLLOUT) { - n = lws_callback_as_writeable(wsi); - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_info("failed at set pollfd\n"); - return LWS_HPI_RET_WSI_ALREADY_DIED; - } - if (n) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (pollfd->revents & LWS_POLLIN) { - if (user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_RAW_RX_FILE, - wsi->user_space, NULL, 0)) { - lwsl_debug("raw rx callback closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - } - - if (pollfd->revents & LWS_POLLHUP) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - return LWS_HPI_RET_HANDLED; -} - -//#if !defined(LWS_NO_SERVER) -static int -rops_adoption_bind_raw_file(struct lws *wsi, int type, const char *vh_prot_name) -{ - /* no socket or http: it can only be a raw file */ - if ((type & LWS_ADOPT_HTTP) || (type & LWS_ADOPT_SOCKET) || - (type & _LWS_ADOPT_FINISH)) - return 0; /* no match */ - - lws_role_transition(wsi, 0, LRS_ESTABLISHED, &role_ops_raw_file); - - if (!vh_prot_name) { - if (wsi->vhost->default_protocol_index >= - wsi->vhost->count_protocols) - return 0; - - wsi->protocol = &wsi->vhost->protocols[ - wsi->vhost->default_protocol_index]; - } - - return 1; /* bound */ -} -//#endif - -struct lws_role_ops role_ops_raw_file = { - /* role name */ "raw-file", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_raw_file, - /* handle_POLLOUT */ NULL, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, -//#if !defined(LWS_NO_SERVER) - /* adoption_bind */ rops_adoption_bind_raw_file, -//#else -// NULL, -//#endif - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { LWS_CALLBACK_RAW_ADOPT_FILE, - LWS_CALLBACK_RAW_ADOPT_FILE }, - /* rx_cb clnt, srv */ { LWS_CALLBACK_RAW_RX_FILE, - LWS_CALLBACK_RAW_RX_FILE }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_RAW_WRITEABLE_FILE, - LWS_CALLBACK_RAW_WRITEABLE_FILE}, - /* close cb clnt, srv */ { LWS_CALLBACK_RAW_CLOSE_FILE, - LWS_CALLBACK_RAW_CLOSE_FILE}, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_RAW_FILE_BIND_PROTOCOL, - LWS_CALLBACK_RAW_FILE_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_RAW_FILE_DROP_PROTOCOL, - LWS_CALLBACK_RAW_FILE_DROP_PROTOCOL }, - /* file_handle */ 1, -}; diff --git a/lib/roles/raw-proxy/ops-raw-proxy.c b/lib/roles/raw-proxy/ops-raw-proxy.c deleted file mode 100644 index 9deb9c1..0000000 --- a/lib/roles/raw-proxy/ops-raw-proxy.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_raw_proxy(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_tokens ebuf; - int n, buffered; - - /* pending truncated sends have uber priority */ - - if (lws_has_buffered_out(wsi)) { - if (!(pollfd->revents & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - - /* drain the output buflist */ - if (lws_issue_raw(wsi, NULL, 0) < 0) - goto fail; - /* - * we can't afford to allow input processing to send - * something new, so spin around he event loop until - * he doesn't have any partials - */ - return LWS_HPI_RET_HANDLED; - } - - if ((pollfd->revents & pollfd->events & LWS_POLLIN) && - /* any tunnel has to have been established... */ - lwsi_state(wsi) != LRS_SSL_ACK_PENDING && - !(wsi->favoured_pollin && - (pollfd->revents & pollfd->events & LWS_POLLOUT))) { - - buffered = lws_buflist_aware_read(pt, wsi, &ebuf); - switch (ebuf.len) { - case 0: - lwsl_info("%s: read 0 len\n", __func__); - wsi->seen_zero_length_recv = 1; - if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) - goto fail; - - /* - * we need to go to fail here, since it's the only - * chance we get to understand that the socket has - * closed - */ - // goto try_pollout; - goto fail; - - case LWS_SSL_CAPABLE_ERROR: - goto fail; - case LWS_SSL_CAPABLE_MORE_SERVICE: - goto try_pollout; - } - n = user_callback_handle_rxflow(wsi->protocol->callback, - wsi, lwsi_role_client(wsi) ? - LWS_CALLBACK_RAW_PROXY_CLI_RX : - LWS_CALLBACK_RAW_PROXY_SRV_RX, - wsi->user_space, ebuf.token, - ebuf.len); - if (n < 0) { - lwsl_info("LWS_CALLBACK_RAW_PROXY_*_RX fail\n"); - goto fail; - } - - if (lws_buflist_aware_consume(wsi, &ebuf, ebuf.len, buffered)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } else - if (wsi->favoured_pollin && - (pollfd->revents & pollfd->events & LWS_POLLOUT)) - /* we balanced the last favouring of pollin */ - wsi->favoured_pollin = 0; - -try_pollout: - - if (!(pollfd->revents & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - - if (lws_handle_POLLOUT_event(wsi, pollfd)) { - lwsl_debug("POLLOUT event closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - -#if !defined(LWS_NO_CLIENT) - if (lws_client_socket_service(wsi, pollfd, NULL)) - return LWS_HPI_RET_WSI_ALREADY_DIED; -#endif - - return LWS_HPI_RET_HANDLED; - -fail: - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "raw svc fail"); - - return LWS_HPI_RET_WSI_ALREADY_DIED; -} - -static int -rops_adoption_bind_raw_proxy(struct lws *wsi, int type, - const char *vh_prot_name) -{ - /* no http but socket... must be raw skt */ - if ((type & LWS_ADOPT_HTTP) || !(type & LWS_ADOPT_SOCKET) || - (!(type & LWS_ADOPT_FLAG_RAW_PROXY)) || (type & _LWS_ADOPT_FINISH)) - return 0; /* no match */ - - if (type & LWS_ADOPT_FLAG_UDP) - /* - * these can be >128 bytes, so just alloc for UDP - */ - wsi->udp = lws_malloc(sizeof(*wsi->udp), "udp struct"); - - lws_role_transition(wsi, LWSIFR_SERVER, (type & LWS_ADOPT_ALLOW_SSL) ? - LRS_SSL_INIT : LRS_ESTABLISHED, - &role_ops_raw_proxy); - - if (vh_prot_name) - lws_bind_protocol(wsi, wsi->protocol, __func__); - else - /* this is the only time he will transition */ - lws_bind_protocol(wsi, - &wsi->vhost->protocols[wsi->vhost->raw_protocol_index], - __func__); - - return 1; /* bound */ -} - -static int -rops_client_bind_raw_proxy(struct lws *wsi, - const struct lws_client_connect_info *i) -{ - if (!i) { - - /* finalize */ - - if (!wsi->user_space && wsi->stash->method) - if (lws_ensure_user_space(wsi)) - return 1; - - return 0; - } - - /* we are a fallback if nothing else matched */ - -// lws_role_transition(wsi, LWSIFR_CLIENT, LRS_UNCONNECTED, -// &role_ops_raw_proxy); - - return 0; -} - -static int -rops_handle_POLLOUT_raw_proxy(struct lws *wsi) -{ - if (lwsi_state(wsi) == LRS_ESTABLISHED) - return LWS_HP_RET_USER_SERVICE; - - if (lwsi_role_client(wsi)) - return LWS_HP_RET_USER_SERVICE; - - return LWS_HP_RET_BAIL_OK; -} - -struct lws_role_ops role_ops_raw_proxy = { - /* role name */ "raw-proxy", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_raw_proxy, - /* handle_POLLOUT */ rops_handle_POLLOUT_raw_proxy, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, - /* adoption_bind */ rops_adoption_bind_raw_proxy, - /* client_bind */ rops_client_bind_raw_proxy, - /* adoption_cb clnt, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_ADOPT, - LWS_CALLBACK_RAW_PROXY_SRV_ADOPT }, - /* rx_cb clnt, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_RX, - LWS_CALLBACK_RAW_PROXY_SRV_RX }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_WRITEABLE, - LWS_CALLBACK_RAW_PROXY_SRV_WRITEABLE, }, - /* close cb clnt, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_CLOSE, - LWS_CALLBACK_RAW_PROXY_SRV_CLOSE }, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_BIND_PROTOCOL, - LWS_CALLBACK_RAW_PROXY_SRV_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_RAW_PROXY_CLI_DROP_PROTOCOL, - LWS_CALLBACK_RAW_PROXY_SRV_DROP_PROTOCOL }, - /* file_handle */ 0, -}; diff --git a/lib/roles/raw-proxy/private.h b/lib/roles/raw-proxy/private.h deleted file mode 100644 index 6f169d9..0000000 --- a/lib/roles/raw-proxy/private.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_RAW_PROXY - */ - -extern struct lws_role_ops role_ops_raw_proxy; - -#define lwsi_role_raw_proxy(wsi) (wsi->role_ops == &role_ops_raw_proxy) - -#if 0 -struct lws_vhost_role_ws { - const struct lws_extension *extensions; -}; - -struct lws_pt_role_ws { - struct lws *rx_draining_ext_list; - struct lws *tx_draining_ext_list; -}; - -struct _lws_raw_proxy_related { - struct lws *wsi_onward; -}; -#endif diff --git a/lib/roles/raw-skt/ops-raw-skt.c b/lib/roles/raw-skt/ops-raw-skt.c deleted file mode 100644 index ab3429c..0000000 --- a/lib/roles/raw-skt/ops-raw-skt.c +++ /dev/null @@ -1,257 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -static int -rops_handle_POLLIN_raw_skt(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - struct lws_tokens ebuf; - int n, buffered; - - /* pending truncated sends have uber priority */ - - if (lws_has_buffered_out(wsi)) { - if (!(pollfd->revents & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - - /* drain the output buflist */ - if (lws_issue_raw(wsi, NULL, 0) < 0) - goto fail; - /* - * we can't afford to allow input processing to send - * something new, so spin around he event loop until - * he doesn't have any partials - */ - return LWS_HPI_RET_HANDLED; - } - - -#if !defined(LWS_NO_SERVER) - if (!lwsi_role_client(wsi) && lwsi_state(wsi) != LRS_ESTABLISHED) { - - lwsl_debug("%s: %p: wsistate 0x%x\n", __func__, wsi, - wsi->wsistate); - - if (lwsi_state(wsi) != LRS_SSL_INIT) - if (lws_server_socket_service_ssl(wsi, - LWS_SOCK_INVALID)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - - return LWS_HPI_RET_HANDLED; - } -#endif - - if ((pollfd->revents & pollfd->events & LWS_POLLIN) && - /* any tunnel has to have been established... */ - lwsi_state(wsi) != LRS_SSL_ACK_PENDING && - !(wsi->favoured_pollin && - (pollfd->revents & pollfd->events & LWS_POLLOUT))) { - - buffered = lws_buflist_aware_read(pt, wsi, &ebuf); - switch (ebuf.len) { - case 0: - lwsl_info("%s: read 0 len\n", __func__); - wsi->seen_zero_length_recv = 1; - if (lws_change_pollfd(wsi, LWS_POLLIN, 0)) - goto fail; - - /* - * we need to go to fail here, since it's the only - * chance we get to understand that the socket has - * closed - */ - // goto try_pollout; - goto fail; - - case LWS_SSL_CAPABLE_ERROR: - goto fail; - case LWS_SSL_CAPABLE_MORE_SERVICE: - goto try_pollout; - } - - n = user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_RAW_RX, - wsi->user_space, ebuf.token, - ebuf.len); - if (n < 0) { - lwsl_info("LWS_CALLBACK_RAW_RX_fail\n"); - goto fail; - } - - if (lws_buflist_aware_consume(wsi, &ebuf, ebuf.len, buffered)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } else - if (wsi->favoured_pollin && - (pollfd->revents & pollfd->events & LWS_POLLOUT)) - /* we balanced the last favouring of pollin */ - wsi->favoured_pollin = 0; - -try_pollout: - - if (!(pollfd->revents & LWS_POLLOUT)) - return LWS_HPI_RET_HANDLED; - -#if !defined(LWS_WITHOUT_CLIENT) - if (lwsi_state(wsi) == LRS_WAITING_CONNECT) - lws_client_connect_3(wsi, NULL, 0); -#endif - - /* one shot */ - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_notice("%s a\n", __func__); - goto fail; - } - - /* clear back-to-back write detection */ - wsi->could_have_pending = 0; - - lws_stats_bump(pt, LWSSTATS_C_WRITEABLE_CB, 1); -#if defined(LWS_WITH_STATS) - if (wsi->active_writable_req_us) { - uint64_t ul = lws_now_usecs() - - wsi->active_writable_req_us; - - lws_stats_bump(pt, LWSSTATS_US_WRITABLE_DELAY_AVG, ul); - lws_stats_max(pt, - LWSSTATS_US_WORST_WRITABLE_DELAY, ul); - wsi->active_writable_req_us = 0; - } -#endif - n = user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_RAW_WRITEABLE, - wsi->user_space, NULL, 0); - if (n < 0) { - lwsl_info("writeable_fail\n"); - goto fail; - } - - return LWS_HPI_RET_HANDLED; - -fail: - lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "raw svc fail"); - - return LWS_HPI_RET_WSI_ALREADY_DIED; -} - -#if !defined(LWS_NO_SERVER) -static int -rops_adoption_bind_raw_skt(struct lws *wsi, int type, const char *vh_prot_name) -{ - /* no http but socket... must be raw skt */ - if ((type & LWS_ADOPT_HTTP) || !(type & LWS_ADOPT_SOCKET) || - (type & _LWS_ADOPT_FINISH)) - return 0; /* no match */ - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) - if (type & LWS_ADOPT_FLAG_UDP) - /* - * these can be >128 bytes, so just alloc for UDP - */ - wsi->udp = lws_malloc(sizeof(*wsi->udp), "udp struct"); -#endif - - lws_role_transition(wsi, 0, (type & LWS_ADOPT_ALLOW_SSL) ? LRS_SSL_INIT : - LRS_ESTABLISHED, &role_ops_raw_skt); - - if (vh_prot_name) - lws_bind_protocol(wsi, wsi->protocol, __func__); - else - /* this is the only time he will transition */ - lws_bind_protocol(wsi, - &wsi->vhost->protocols[wsi->vhost->raw_protocol_index], - __func__); - - return 1; /* bound */ -} -#endif - -#if !defined(LWS_NO_CLIENT) -static int -rops_client_bind_raw_skt(struct lws *wsi, - const struct lws_client_connect_info *i) -{ - if (!i) { - - /* finalize */ - - if (!wsi->user_space && wsi->stash->method) - if (lws_ensure_user_space(wsi)) - return 1; - - return 0; - } - - /* we are a fallback if nothing else matched */ - - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_UNCONNECTED, - &role_ops_raw_skt); - - return 1; /* matched */ -} -#endif - -struct lws_role_ops role_ops_raw_skt = { - /* role name */ "raw-skt", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ NULL, - /* destroy_vhost */ NULL, - /* periodic_checks */ NULL, - /* service_flag_pending */ NULL, - /* handle_POLLIN */ rops_handle_POLLIN_raw_skt, - /* handle_POLLOUT */ NULL, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ NULL, - /* tx_credit */ NULL, - /* write_role_protocol */ NULL, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ NULL, - /* close_role */ NULL, - /* close_kill_connection */ NULL, - /* destroy_role */ NULL, -#if !defined(LWS_NO_SERVER) - /* adoption_bind */ rops_adoption_bind_raw_skt, -#else - NULL, -#endif -#if !defined(LWS_NO_CLIENT) - /* client_bind */ rops_client_bind_raw_skt, -#else - NULL, -#endif - /* adoption_cb clnt, srv */ { LWS_CALLBACK_RAW_CONNECTED, - LWS_CALLBACK_RAW_ADOPT }, - /* rx_cb clnt, srv */ { LWS_CALLBACK_RAW_RX, - LWS_CALLBACK_RAW_RX }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_RAW_WRITEABLE, - LWS_CALLBACK_RAW_WRITEABLE}, - /* close cb clnt, srv */ { LWS_CALLBACK_RAW_CLOSE, - LWS_CALLBACK_RAW_CLOSE }, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_RAW_SKT_BIND_PROTOCOL, - LWS_CALLBACK_RAW_SKT_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_RAW_SKT_DROP_PROTOCOL, - LWS_CALLBACK_RAW_SKT_DROP_PROTOCOL }, - /* file_handle */ 0, -}; diff --git a/lib/roles/ws/client-parser-ws.c b/lib/roles/ws/client-parser-ws.c deleted file mode 100644 index 299ba03..0000000 --- a/lib/roles/ws/client-parser-ws.c +++ /dev/null @@ -1,703 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * parsers.c: lws_ws_rx_sm() needs to be roughly kept in - * sync with changes here, esp related to ext draining - */ - -int lws_ws_client_rx_sm(struct lws *wsi, unsigned char c) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int callback_action = LWS_CALLBACK_CLIENT_RECEIVE; - struct lws_ext_pm_deflate_rx_ebufs pmdrx; - unsigned short close_code; - unsigned char *pp; - int handled, m, n; -#if !defined(LWS_WITHOUT_EXTENSIONS) - int rx_draining_ext = 0; -#endif - - pmdrx.eb_in.token = NULL; - pmdrx.eb_in.len = 0; - pmdrx.eb_out.token = NULL; - pmdrx.eb_out.len = 0; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) { - assert(!c); - - lws_remove_wsi_from_draining_ext_list(wsi); - rx_draining_ext = 1; - lwsl_debug("%s: doing draining flow\n", __func__); - - goto drain_extension; - } -#endif - - if (wsi->socket_is_permanently_unusable) - return -1; - - switch (wsi->lws_rx_parse_state) { - case LWS_RXPS_NEW: - /* control frames (PING) may interrupt checkable sequences */ - wsi->ws->defeat_check_utf8 = 0; - - switch (wsi->ws->ietf_spec_revision) { - case 13: - wsi->ws->opcode = c & 0xf; - /* revisit if an extension wants them... */ - switch (wsi->ws->opcode) { - case LWSWSOPC_TEXT_FRAME: - wsi->ws->rsv_first_msg = (c & 0x70); -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* - * set the expectation that we will have to - * fake up the zlib trailer to the inflator for - * this frame - */ - wsi->ws->pmd_trailer_application = !!(c & 0x40); -#endif - wsi->ws->continuation_possible = 1; - wsi->ws->check_utf8 = lws_check_opt( - wsi->context->options, - LWS_SERVER_OPTION_VALIDATE_UTF8); - wsi->ws->utf8 = 0; - wsi->ws->first_fragment = 1; - break; - case LWSWSOPC_BINARY_FRAME: - wsi->ws->rsv_first_msg = (c & 0x70); -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* - * set the expectation that we will have to - * fake up the zlib trailer to the inflator for - * this frame - */ - wsi->ws->pmd_trailer_application = !!(c & 0x40); -#endif - wsi->ws->check_utf8 = 0; - wsi->ws->continuation_possible = 1; - wsi->ws->first_fragment = 1; - break; - case LWSWSOPC_CONTINUATION: - if (!wsi->ws->continuation_possible) { - lwsl_info("disordered continuation\n"); - return -1; - } - wsi->ws->first_fragment = 0; - break; - case LWSWSOPC_CLOSE: - wsi->ws->check_utf8 = 0; - wsi->ws->utf8 = 0; - break; - case 3: - case 4: - case 5: - case 6: - case 7: - case 0xb: - case 0xc: - case 0xd: - case 0xe: - case 0xf: - lwsl_info("illegal opcode\n"); - return -1; - default: - wsi->ws->defeat_check_utf8 = 1; - break; - } - wsi->ws->rsv = (c & 0x70); - /* revisit if an extension wants them... */ - if ( -#if !defined(LWS_WITHOUT_EXTENSIONS) - !wsi->ws->count_act_ext && -#endif - wsi->ws->rsv) { - lwsl_info("illegal rsv bits set\n"); - return -1; - } - wsi->ws->final = !!((c >> 7) & 1); - lwsl_ext("%s: This RX frame Final %d\n", __func__, - wsi->ws->final); - - if (wsi->ws->owed_a_fin && - (wsi->ws->opcode == LWSWSOPC_TEXT_FRAME || - wsi->ws->opcode == LWSWSOPC_BINARY_FRAME)) { - lwsl_info("hey you owed us a FIN\n"); - return -1; - } - if ((!(wsi->ws->opcode & 8)) && wsi->ws->final) { - wsi->ws->continuation_possible = 0; - wsi->ws->owed_a_fin = 0; - } - - if ((wsi->ws->opcode & 8) && !wsi->ws->final) { - lwsl_info("control msg can't be fragmented\n"); - return -1; - } - if (!wsi->ws->final) - wsi->ws->owed_a_fin = 1; - - switch (wsi->ws->opcode) { - case LWSWSOPC_TEXT_FRAME: - case LWSWSOPC_BINARY_FRAME: - wsi->ws->frame_is_binary = wsi->ws->opcode == - LWSWSOPC_BINARY_FRAME; - break; - } - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; - break; - - default: - lwsl_err("unknown spec version %02d\n", - wsi->ws->ietf_spec_revision); - break; - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN: - - wsi->ws->this_frame_masked = !!(c & 0x80); - - switch (c & 0x7f) { - case 126: - /* control frames are not allowed to have big lengths */ - if (wsi->ws->opcode & 8) - goto illegal_ctl_length; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; - break; - case 127: - /* control frames are not allowed to have big lengths */ - if (wsi->ws->opcode & 8) - goto illegal_ctl_length; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; - break; - default: - wsi->ws->rx_packet_length = c & 0x7f; - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = - LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else { - if (wsi->ws->rx_packet_length) { - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - } else { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - } - break; - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN16_2: - wsi->ws->rx_packet_length = c << 8; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN16_1: - wsi->ws->rx_packet_length |= c; - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else { - if (wsi->ws->rx_packet_length) - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - else { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_8: - if (c & 0x80) { - lwsl_warn("b63 of length must be zero\n"); - /* kill the connection */ - return -1; - } -#if defined __LP64__ - wsi->ws->rx_packet_length = ((size_t)c) << 56; -#else - wsi->ws->rx_packet_length = 0; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_7: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 48; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_6: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 40; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_5: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 32; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_4: - wsi->ws->rx_packet_length |= ((size_t)c) << 24; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_3: - wsi->ws->rx_packet_length |= ((size_t)c) << 16; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_2: - wsi->ws->rx_packet_length |= ((size_t)c) << 8; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_1: - wsi->ws->rx_packet_length |= (size_t)c; - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = - LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else { - if (wsi->ws->rx_packet_length) - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - else { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - } - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_1: - wsi->ws->mask[0] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_2: - wsi->ws->mask[1] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_3: - wsi->ws->mask[2] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_4: - wsi->ws->mask[3] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - - if (wsi->ws->rx_packet_length) - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - else { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - break; - - case LWS_RXPS_WS_FRAME_PAYLOAD: - - assert(wsi->ws->rx_ubuf); -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) - goto drain_extension; -#endif - if (wsi->ws->this_frame_masked && !wsi->ws->all_zero_nonce) - c ^= wsi->ws->mask[(wsi->ws->mask_idx++) & 3]; - - /* - * unmask and collect the payload body in - * rx_ubuf_head + LWS_PRE - */ - - wsi->ws->rx_ubuf[LWS_PRE + (wsi->ws->rx_ubuf_head++)] = c; - - if (--wsi->ws->rx_packet_length == 0) { - /* spill because we have the whole frame */ - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - lwsl_debug("%s: spilling as we have the whole frame\n", - __func__); - goto spill; - } - - /* - * if there's no protocol max frame size given, we are - * supposed to default to context->pt_serv_buf_size - */ - if (!wsi->protocol->rx_buffer_size && - wsi->ws->rx_ubuf_head != wsi->context->pt_serv_buf_size) - break; - - if (wsi->protocol->rx_buffer_size && - wsi->ws->rx_ubuf_head != wsi->protocol->rx_buffer_size) - break; - - /* spill because we filled our rx buffer */ - - lwsl_debug("%s: spilling as we filled our rx buffer\n", - __func__); -spill: - - handled = 0; - - /* - * is this frame a control packet we should take care of at this - * layer? If so service it and hide it from the user callback - */ - - switch (wsi->ws->opcode) { - case LWSWSOPC_CLOSE: - pp = &wsi->ws->rx_ubuf[LWS_PRE]; - if (lws_check_opt(wsi->context->options, - LWS_SERVER_OPTION_VALIDATE_UTF8) && - wsi->ws->rx_ubuf_head > 2 && - lws_check_utf8(&wsi->ws->utf8, pp + 2, - wsi->ws->rx_ubuf_head - 2)) - goto utf8_fail; - - /* is this an acknowledgment of our close? */ - if (lwsi_state(wsi) == LRS_AWAITING_CLOSE_ACK) { - /* - * fine he has told us he is closing too, let's - * finish our close - */ - lwsl_parser("seen server's close ack\n"); - return -1; - } - - lwsl_parser("client sees server close len = %d\n", - wsi->ws->rx_ubuf_head); - if (wsi->ws->rx_ubuf_head >= 2) { - close_code = (pp[0] << 8) | pp[1]; - if (close_code < 1000 || - close_code == 1004 || - close_code == 1005 || - close_code == 1006 || - close_code == 1012 || - close_code == 1013 || - close_code == 1014 || - close_code == 1015 || - (close_code >= 1016 && close_code < 3000) - ) { - pp[0] = (LWS_CLOSE_STATUS_PROTOCOL_ERR >> 8) & 0xff; - pp[1] = LWS_CLOSE_STATUS_PROTOCOL_ERR & 0xff; - } - } - if (user_callback_handle_rxflow( - wsi->protocol->callback, wsi, - LWS_CALLBACK_WS_PEER_INITIATED_CLOSE, - wsi->user_space, pp, - wsi->ws->rx_ubuf_head)) - return -1; - - memcpy(wsi->ws->ping_payload_buf + LWS_PRE, pp, - wsi->ws->rx_ubuf_head); - wsi->ws->close_in_ping_buffer_len = - wsi->ws->rx_ubuf_head; - - lwsl_info("%s: scheduling return close as ack\n", - __func__); - __lws_change_pollfd(wsi, LWS_POLLIN, 0); - lws_set_timeout(wsi, PENDING_TIMEOUT_CLOSE_SEND, 3); - wsi->waiting_to_send_close_frame = 1; - wsi->close_needs_ack = 0; - lwsi_set_state(wsi, LRS_WAITING_TO_SEND_CLOSE); - lws_callback_on_writable(wsi); - handled = 1; - break; - - case LWSWSOPC_PING: - lwsl_info("received %d byte ping, sending pong\n", - wsi->ws->rx_ubuf_head); - - /* he set a close reason on this guy, ignore PING */ - if (wsi->ws->close_in_ping_buffer_len) - goto ping_drop; - - if (wsi->ws->ping_pending_flag) { - /* - * there is already a pending ping payload - * we should just log and drop - */ - lwsl_parser("DROP PING since one pending\n"); - goto ping_drop; - } - - /* control packets can only be < 128 bytes long */ - if (wsi->ws->rx_ubuf_head > 128 - 3) { - lwsl_parser("DROP PING payload too large\n"); - goto ping_drop; - } - - /* stash the pong payload */ - memcpy(wsi->ws->ping_payload_buf + LWS_PRE, - &wsi->ws->rx_ubuf[LWS_PRE], - wsi->ws->rx_ubuf_head); - - wsi->ws->ping_payload_len = wsi->ws->rx_ubuf_head; - wsi->ws->ping_pending_flag = 1; - - /* get it sent as soon as possible */ - lws_callback_on_writable(wsi); -ping_drop: - wsi->ws->rx_ubuf_head = 0; - handled = 1; - break; - - case LWSWSOPC_PONG: - lwsl_info("%s: client %p received pong\n", __func__, wsi); - lwsl_hexdump(&wsi->ws->rx_ubuf[LWS_PRE], - wsi->ws->rx_ubuf_head); - - if (wsi->ws->await_pong) { - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - wsi->ws->await_pong = 0; - - /* - * prepare to send the ping again if nothing - * sent to countermand it - */ - - __lws_sul_insert(&pt->pt_sul_owner, - &wsi->sul_ping, - (lws_usec_t)wsi->context->ws_ping_pong_interval * - LWS_USEC_PER_SEC); - } - /* issue it */ - callback_action = LWS_CALLBACK_CLIENT_RECEIVE_PONG; - break; - - case LWSWSOPC_CONTINUATION: - case LWSWSOPC_TEXT_FRAME: - case LWSWSOPC_BINARY_FRAME: - break; - - default: - /* not handled or failed */ - lwsl_ext("Unhandled ext opc 0x%x\n", wsi->ws->opcode); - wsi->ws->rx_ubuf_head = 0; - - return -1; - } - - /* - * No it's real payload, pass it up to the user callback. - * - * We have been statefully collecting it in the - * LWS_RXPS_WS_FRAME_PAYLOAD clause above. - * - * It's nicely buffered with the pre-padding taken care of - * so it can be sent straight out again using lws_write. - * - * However, now we have a chunk of it, we want to deal with it - * all here. Since this may be input to permessage-deflate and - * there are block limits on that for input and output, we may - * need to iterate. - */ - if (handled) - goto already_done; - - pmdrx.eb_in.token = &wsi->ws->rx_ubuf[LWS_PRE]; - pmdrx.eb_in.len = wsi->ws->rx_ubuf_head; - - /* for the non-pm-deflate case */ - - pmdrx.eb_out = pmdrx.eb_in; - - lwsl_debug("%s: starting disbursal of %d deframed rx\n", - __func__, wsi->ws->rx_ubuf_head); - -#if !defined(LWS_WITHOUT_EXTENSIONS) -drain_extension: -#endif - do { - - // lwsl_notice("%s: pmdrx.eb_in.len: %d\n", __func__, - // (int)pmdrx.eb_in.len); - - n = PMDR_DID_NOTHING; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - lwsl_ext("%s: +++ passing %d %p to ext\n", __func__, - pmdrx.eb_in.len, pmdrx.eb_in.token); - - n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, - &pmdrx, 0); - lwsl_ext("Ext RX returned %d\n", n); - if (n < 0) { - wsi->socket_is_permanently_unusable = 1; - return -1; - } - if (n == PMDR_DID_NOTHING) - break; -#endif - lwsl_ext("%s: post inflate ebuf in len %d / out len %d\n", - __func__, pmdrx.eb_in.len, pmdrx.eb_out.len); - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (rx_draining_ext && !pmdrx.eb_out.len) { - lwsl_debug(" --- ending drain on 0 read result\n"); - goto already_done; - } - - if (n == PMDR_HAS_PENDING) { /* 1 means stuff to drain */ - /* extension had more... main loop will come back */ - lwsl_ext("%s: adding to draining ext list\n", - __func__); - lws_add_wsi_to_draining_ext_list(wsi); - } else { - lwsl_ext("%s: removing from draining ext list\n", - __func__); - lws_remove_wsi_from_draining_ext_list(wsi); - } - rx_draining_ext = wsi->ws->rx_draining_ext; -#endif - - if (wsi->ws->check_utf8 && !wsi->ws->defeat_check_utf8) { - - if (lws_check_utf8(&wsi->ws->utf8, - pmdrx.eb_out.token, - pmdrx.eb_out.len)) { - lws_close_reason(wsi, - LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"bad utf8", 8); - goto utf8_fail; - } - - /* we are ending partway through utf-8 character? */ - if (!wsi->ws->rx_packet_length && - wsi->ws->final && wsi->ws->utf8 -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* if ext not negotiated, going to be UNKNOWN */ - && (n == PMDR_EMPTY_FINAL || n == PMDR_UNKNOWN) -#endif - ) { - lwsl_info("FINAL utf8 error\n"); - lws_close_reason(wsi, - LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"partial utf8", 12); -utf8_fail: - lwsl_info("utf8 error\n"); - lwsl_hexdump_info(pmdrx.eb_out.token, - pmdrx.eb_out.len); - - return -1; - } - } - - if (pmdrx.eb_out.len < 0 && - callback_action != LWS_CALLBACK_CLIENT_RECEIVE_PONG) - goto already_done; - - if (!pmdrx.eb_out.token) - goto already_done; - - pmdrx.eb_out.token[pmdrx.eb_out.len] = '\0'; - - if (!wsi->protocol->callback) - goto already_done; - - if (callback_action == LWS_CALLBACK_CLIENT_RECEIVE_PONG) - lwsl_info("Client doing pong callback\n"); - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (n == PMDR_HAS_PENDING) - /* extension had more... main loop will come back - * we want callback to be done with this set, if so, - * because lws_is_final() hides it was final until the - * last chunk - */ - lws_add_wsi_to_draining_ext_list(wsi); - else - lws_remove_wsi_from_draining_ext_list(wsi); -#endif - - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE || - lwsi_state(wsi) == LRS_WAITING_TO_SEND_CLOSE || - lwsi_state(wsi) == LRS_AWAITING_CLOSE_ACK) - goto already_done; - - /* if pmd not enabled, in == out */ - - if (n == PMDR_DID_NOTHING -#if !defined(LWS_WITHOUT_EXTENSIONS) - || n == PMDR_UNKNOWN -#endif - ) - pmdrx.eb_in.len -= pmdrx.eb_out.len; - - m = wsi->protocol->callback(wsi, - (enum lws_callback_reasons)callback_action, - wsi->user_space, pmdrx.eb_out.token, - pmdrx.eb_out.len); - - wsi->ws->first_fragment = 0; - - lwsl_debug("%s: bulk ws rx: inp used %d, output %d\n", - __func__, wsi->ws->rx_ubuf_head, - pmdrx.eb_out.len); - - /* if user code wants to close, let caller know */ - if (m) - return 1; - - } while (pmdrx.eb_in.len -#if !defined(LWS_WITHOUT_EXTENSIONS) - || rx_draining_ext -#endif - ); - -already_done: - wsi->ws->rx_ubuf_head = 0; - break; - default: - lwsl_err("client rx illegal state\n"); - return 1; - } - - return 0; - -illegal_ctl_length: - lwsl_warn("Control frame asking for extended length is illegal\n"); - - /* kill the connection */ - return -1; -} - - diff --git a/lib/roles/ws/client-ws.c b/lib/roles/ws/client-ws.c deleted file mode 100644 index 17a6036..0000000 --- a/lib/roles/ws/client-ws.c +++ /dev/null @@ -1,687 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -/* - * In-place str to lower case - */ - -static void -strtolower(char *s) -{ - while (*s) { -#ifdef LWS_PLAT_OPTEE - int tolower_optee(int c); - *s = tolower_optee((int)*s); -#else - *s = tolower((int)*s); -#endif - s++; - } -} - -int -lws_create_client_ws_object(const struct lws_client_connect_info *i, - struct lws *wsi) -{ - int v = SPEC_LATEST_SUPPORTED; - - /* allocate the ws struct for the wsi */ - wsi->ws = lws_zalloc(sizeof(*wsi->ws), "client ws struct"); - if (!wsi->ws) { - lwsl_notice("OOM\n"); - return 1; - } - - /* -1 means just use latest supported */ - if (i->ietf_version_or_minus_one != -1 && - i->ietf_version_or_minus_one) - v = i->ietf_version_or_minus_one; - - wsi->ws->ietf_spec_revision = v; - - return 0; -} - -#if !defined(LWS_NO_CLIENT) -int -lws_ws_handshake_client(struct lws *wsi, unsigned char **buf, size_t len) -{ - unsigned char *bufin = *buf; - - if ((lwsi_state(wsi) != LRS_WAITING_PROXY_REPLY) && - (lwsi_state(wsi) != LRS_H1C_ISSUE_HANDSHAKE) && - (lwsi_state(wsi) != LRS_WAITING_SERVER_REPLY) && - !lwsi_role_client(wsi)) - return 0; - - lwsl_debug("%s: hs client feels it has %d in\n", __func__, (int)len); - - while (len) { - /* - * we were accepting input but now we stopped doing so - */ - if (lws_is_flowcontrolled(wsi)) { - lwsl_debug("%s: caching %ld\n", __func__, (long)len); - /* - * Since we cached the remaining available input, we - * can say we "consumed" it. - * - * But what about the case where the available input - * came out of the rxflow cache already? If we are - * effectively "putting it back in the cache", we have - * to place it at the cache head, not the tail as usual. - */ - if (lws_rxflow_cache(wsi, *buf, 0, (int)len) == - LWSRXFC_TRIMMED) { - /* - * we dealt with it by trimming the existing - * rxflow cache HEAD to account for what we used. - * - * indicate we didn't use anything to the caller - * so he doesn't do any consumed processing - */ - lwsl_info("%s: trimming inside rxflow cache\n", - __func__); - *buf = bufin; - } else - *buf += len; - - return 0; - } -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) { - int m; - - lwsl_info("%s: draining ext\n", __func__); - if (lwsi_role_client(wsi)) - m = lws_ws_client_rx_sm(wsi, 0); - else - m = lws_ws_rx_sm(wsi, 0, 0); - if (m < 0) - return -1; - continue; - } -#endif - /* - * caller will account for buflist usage by studying what - * happened to *buf - */ - - if (lws_ws_client_rx_sm(wsi, *(*buf)++)) { - lwsl_notice("%s: client_rx_sm exited, DROPPING %d\n", - __func__, (int)len); - return -1; - } - len--; - } - // lwsl_notice("%s: finished with %ld\n", __func__, (long)len); - - return 0; -} -#endif - -char * -lws_generate_client_ws_handshake(struct lws *wsi, char *p, const char *conn1) -{ - char buf[128], hash[20], key_b64[40]; - int n; -#if !defined(LWS_WITHOUT_EXTENSIONS) - const struct lws_extension *ext; - int ext_count = 0; -#endif - - /* - * create the random key - */ - n = lws_get_random(wsi->context, hash, 16); - if (n != 16) { - lwsl_err("Unable to read from random dev %s\n", - SYSTEM_RANDOM_FILEPATH); - return NULL; - } - - lws_b64_encode_string(hash, 16, key_b64, sizeof(key_b64)); - - p += sprintf(p, "Upgrade: websocket\x0d\x0a" - "Connection: %sUpgrade\x0d\x0a" - "Sec-WebSocket-Key: ", conn1); - strcpy(p, key_b64); - p += strlen(key_b64); - p += sprintf(p, "\x0d\x0a"); - if (lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS)) - p += sprintf(p, "Sec-WebSocket-Protocol: %s\x0d\x0a", - lws_hdr_simple_ptr(wsi, - _WSI_TOKEN_CLIENT_SENT_PROTOCOLS)); - - /* tell the server what extensions we could support */ - -#if !defined(LWS_WITHOUT_EXTENSIONS) - ext = wsi->vhost->ws.extensions; - while (ext && ext->callback) { - - n = wsi->vhost->protocols[0].callback(wsi, - LWS_CALLBACK_CLIENT_CONFIRM_EXTENSION_SUPPORTED, - wsi->user_space, (char *)ext->name, 0); - - /* - * zero return from callback means go ahead and allow - * the extension, it's what we get if the callback is - * unhandled - */ - - if (n) { - ext++; - continue; - } - - /* apply it */ - - if (ext_count) - *p++ = ','; - else - p += sprintf(p, "Sec-WebSocket-Extensions: "); - p += sprintf(p, "%s", ext->client_offer); - ext_count++; - - ext++; - } - if (ext_count) - p += sprintf(p, "\x0d\x0a"); -#endif - - if (wsi->ws->ietf_spec_revision) - p += sprintf(p, "Sec-WebSocket-Version: %d\x0d\x0a", - wsi->ws->ietf_spec_revision); - - /* prepare the expected server accept response */ - - key_b64[39] = '\0'; /* enforce composed length below buf sizeof */ - n = sprintf(buf, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", - key_b64); - - lws_SHA1((unsigned char *)buf, n, (unsigned char *)hash); - - lws_b64_encode_string(hash, 20, - wsi->http.ah->initial_handshake_hash_base64, - sizeof(wsi->http.ah->initial_handshake_hash_base64)); - - return p; -} - -int -lws_client_ws_upgrade(struct lws *wsi, const char **cce) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws_context *context = wsi->context; - struct lws_tokenize ts; - int n, len, okay = 0; - lws_tokenize_elem e; - char *p, buf[64]; - const char *pc; -#if !defined(LWS_WITHOUT_EXTENSIONS) - char *sb = (char *)&pt->serv_buf[0]; - const struct lws_ext_options *opts; - const struct lws_extension *ext; - char ext_name[128]; - const char *c, *a; - int more = 1; - char ignore; -#endif - - if (wsi->client_h2_substream) {/* !!! client ws-over-h2 not there yet */ - lwsl_warn("%s: client ws-over-h2 upgrade not supported yet\n", - __func__); - *cce = "HS: h2 / ws upgrade unsupported"; - goto bail3; - } - - if (wsi->http.ah->http_response == 401) { - lwsl_warn( - "lws_client_handshake: got bad HTTP response '%d'\n", - wsi->http.ah->http_response); - *cce = "HS: ws upgrade unauthorized"; - goto bail3; - } - - if (wsi->http.ah->http_response != 101) { - lwsl_warn( - "lws_client_handshake: got bad HTTP response '%d'\n", - wsi->http.ah->http_response); - *cce = "HS: ws upgrade response not 101"; - goto bail3; - } - - if (lws_hdr_total_length(wsi, WSI_TOKEN_ACCEPT) == 0) { - lwsl_info("no ACCEPT\n"); - *cce = "HS: ACCEPT missing"; - goto bail3; - } - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE); - if (!p) { - lwsl_info("no UPGRADE\n"); - *cce = "HS: UPGRADE missing"; - goto bail3; - } - strtolower(p); - if (strcmp(p, "websocket")) { - lwsl_warn( - "lws_client_handshake: got bad Upgrade header '%s'\n", p); - *cce = "HS: Upgrade to something other than websocket"; - goto bail3; - } - - /* connection: must have "upgrade" */ - - lws_tokenize_init(&ts, buf, LWS_TOKENIZE_F_COMMA_SEP_LIST | - LWS_TOKENIZE_F_MINUS_NONTERM); - ts.len = lws_hdr_copy(wsi, buf, sizeof(buf) - 1, WSI_TOKEN_CONNECTION); - if (ts.len <= 0) /* won't fit, or absent */ - goto bad_conn_format; - - do { - e = lws_tokenize(&ts); - switch (e) { - case LWS_TOKZE_TOKEN: - if (!strncasecmp(ts.token, "upgrade", ts.token_len)) - e = LWS_TOKZE_ENDED; - break; - - case LWS_TOKZE_DELIMITER: - break; - - default: /* includes ENDED found by the tokenizer itself */ -bad_conn_format: - lwsl_info("%s: malfored connection '%s'\n", - __func__, buf); - *cce = "HS: UPGRADE malformed"; - goto bail3; - } - } while (e > 0); - - pc = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_SENT_PROTOCOLS); -#if defined(_DEBUG) - if (!pc) { - lwsl_parser("lws_client_int_s_hs: no protocol list\n"); - } else - lwsl_parser("lws_client_int_s_hs: protocol list '%s'\n", pc); -#endif - - /* - * confirm the protocol the server wants to talk was in the list - * of protocols we offered - */ - - len = lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL); - if (!len) { - lwsl_info("%s: WSI_TOKEN_PROTOCOL is null\n", __func__); - /* - * no protocol name to work from, if we don't already have one - * default to first protocol - */ - - if (wsi->protocol) { - p = (char *)wsi->protocol->name; - goto identify_protocol; - } - - /* no choice but to use the default protocol */ - - n = 0; - wsi->protocol = &wsi->vhost->protocols[0]; - goto check_extensions; - } - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL); - len = (int)strlen(p); - - while (pc && *pc && !okay) { - if (!strncmp(pc, p, len) && - (pc[len] == ',' || pc[len] == '\0')) { - okay = 1; - continue; - } - while (*pc && *pc++ != ',') - ; - while (*pc == ' ') - pc++; - } - - if (!okay) { - lwsl_info("%s: got bad protocol %s\n", __func__, p); - *cce = "HS: PROTOCOL malformed"; - goto bail2; - } - -identify_protocol: - -#if defined(LWS_WITH_HTTP_PROXY) - lws_strncpy(wsi->ws->actual_protocol, p, - sizeof(wsi->ws->actual_protocol)); -#endif - - /* - * identify the selected protocol struct and set it - */ - n = 0; - /* keep client connection pre-bound protocol */ - if (!lwsi_role_client(wsi)) - wsi->protocol = NULL; - - while (wsi->vhost->protocols[n].callback) { - if (!wsi->protocol && - strcmp(p, wsi->vhost->protocols[n].name) == 0) { - wsi->protocol = &wsi->vhost->protocols[n]; - break; - } - n++; - } - - if (!wsi->vhost->protocols[n].callback) { /* no match */ - /* if server, that's already fatal */ - if (!lwsi_role_client(wsi)) { - lwsl_info("%s: fail protocol %s\n", __func__, p); - *cce = "HS: Cannot match protocol"; - goto bail2; - } - - /* for client, find the index of our pre-bound protocol */ - - n = 0; - while (wsi->vhost->protocols[n].callback) { - if (wsi->protocol && strcmp(wsi->protocol->name, - wsi->vhost->protocols[n].name) == 0) { - wsi->protocol = &wsi->vhost->protocols[n]; - break; - } - n++; - } - - if (!wsi->vhost->protocols[n].callback) { - if (wsi->protocol) - lwsl_err("Failed to match protocol %s\n", - wsi->protocol->name); - else - lwsl_err("No protocol on client\n"); - *cce = "ws protocol no match"; - goto bail2; - } - } - - lwsl_debug("Selected protocol %s\n", wsi->protocol->name); - -check_extensions: - /* - * stitch protocol choice into the vh protocol linked list - * We always insert ourselves at the start of the list - * - * X <-> B - * X <-> pAn <-> pB - */ - - lws_same_vh_protocol_insert(wsi, n); - -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* instantiate the accepted extensions */ - - if (!lws_hdr_total_length(wsi, WSI_TOKEN_EXTENSIONS)) { - lwsl_ext("no client extensions allowed by server\n"); - goto check_accept; - } - - /* - * break down the list of server accepted extensions - * and go through matching them or identifying bogons - */ - - if (lws_hdr_copy(wsi, sb, context->pt_serv_buf_size, - WSI_TOKEN_EXTENSIONS) < 0) { - lwsl_warn("ext list from server failed to copy\n"); - *cce = "HS: EXT: list too big"; - goto bail2; - } - - c = sb; - n = 0; - ignore = 0; - a = NULL; - while (more) { - - if (*c && (*c != ',' && *c != '\t')) { - if (*c == ';') { - ignore = 1; - if (!a) - a = c + 1; - } - if (ignore || *c == ' ') { - c++; - continue; - } - - ext_name[n] = *c++; - if (n < (int)sizeof(ext_name) - 1) - n++; - continue; - } - ext_name[n] = '\0'; - ignore = 0; - if (!*c) - more = 0; - else { - c++; - if (!n) - continue; - } - - /* check we actually support it */ - - lwsl_notice("checking client ext %s\n", ext_name); - - n = 0; - ext = wsi->vhost->ws.extensions; - while (ext && ext->callback) { - if (strcmp(ext_name, ext->name)) { - ext++; - continue; - } - - n = 1; - lwsl_notice("instantiating client ext %s\n", ext_name); - - /* instantiate the extension on this conn */ - - wsi->ws->active_extensions[wsi->ws->count_act_ext] = ext; - - /* allow him to construct his ext instance */ - - if (ext->callback(lws_get_context(wsi), ext, wsi, - LWS_EXT_CB_CLIENT_CONSTRUCT, - (void *)&wsi->ws->act_ext_user[ - wsi->ws->count_act_ext], - (void *)&opts, 0)) { - lwsl_info(" ext %s failed construction\n", - ext_name); - ext++; - continue; - } - - /* - * allow the user code to override ext defaults if it - * wants to - */ - ext_name[0] = '\0'; - if (user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_WS_EXT_DEFAULTS, - (char *)ext->name, ext_name, - sizeof(ext_name))) { - *cce = "HS: EXT: failed setting defaults"; - goto bail2; - } - - if (ext_name[0] && - lws_ext_parse_options(ext, wsi, - wsi->ws->act_ext_user[ - wsi->ws->count_act_ext], - opts, ext_name, - (int)strlen(ext_name))) { - lwsl_err("%s: unable to parse user defaults '%s'", - __func__, ext_name); - *cce = "HS: EXT: failed parsing defaults"; - goto bail2; - } - - /* - * give the extension the server options - */ - if (a && lws_ext_parse_options(ext, wsi, - wsi->ws->act_ext_user[ - wsi->ws->count_act_ext], - opts, a, lws_ptr_diff(c, a))) { - lwsl_err("%s: unable to parse remote def '%s'", - __func__, a); - *cce = "HS: EXT: failed parsing options"; - goto bail2; - } - - if (ext->callback(lws_get_context(wsi), ext, wsi, - LWS_EXT_CB_OPTION_CONFIRM, - wsi->ws->act_ext_user[wsi->ws->count_act_ext], - NULL, 0)) { - lwsl_err("%s: ext %s rejects server options %s", - __func__, ext->name, a); - *cce = "HS: EXT: Rejects server options"; - goto bail2; - } - - wsi->ws->count_act_ext++; - - ext++; - } - - if (n == 0) { - lwsl_warn("Unknown ext '%s'!\n", ext_name); - *cce = "HS: EXT: unknown ext"; - goto bail2; - } - - a = NULL; - n = 0; - } - -check_accept: -#endif - - /* - * Confirm his accept token is the one we precomputed - */ - - p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_ACCEPT); - if (strcmp(p, wsi->http.ah->initial_handshake_hash_base64)) { - lwsl_warn("lws_client_int_s_hs: accept '%s' wrong vs '%s'\n", p, - wsi->http.ah->initial_handshake_hash_base64); - *cce = "HS: Accept hash wrong"; - goto bail2; - } - - /* allocate the per-connection user memory (if any) */ - if (lws_ensure_user_space(wsi)) { - lwsl_err("Problem allocating wsi user mem\n"); - *cce = "HS: OOM"; - goto bail2; - } - - /* - * we seem to be good to go, give client last chance to check - * headers and OK it - */ - if (wsi->protocol->callback(wsi, - LWS_CALLBACK_CLIENT_FILTER_PRE_ESTABLISH, - wsi->user_space, NULL, 0)) { - *cce = "HS: Rejected by filter cb"; - goto bail2; - } - - /* clear his proxy connection timeout */ - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - - /* free up his parsing allocations */ - lws_header_table_detach(wsi, 0); - - lws_role_transition(wsi, LWSIFR_CLIENT, LRS_ESTABLISHED, - &role_ops_ws); - - if (wsi->context->ws_ping_pong_interval && !wsi->http2_substream ) { - wsi->sul_ping.cb = lws_sul_wsping_cb; - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_ping, - (lws_usec_t)wsi->context->ws_ping_pong_interval * - LWS_USEC_PER_SEC); - } - - wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; - - /* - * create the frame buffer for this connection according to the - * size mentioned in the protocol definition. If 0 there, then - * use a big default for compatibility - */ - n = (int)wsi->protocol->rx_buffer_size; - if (!n) - n = context->pt_serv_buf_size; - n += LWS_PRE; - wsi->ws->rx_ubuf = lws_malloc(n + 4 /* 0x0000ffff zlib */, - "client frame buffer"); - if (!wsi->ws->rx_ubuf) { - lwsl_err("Out of Mem allocating rx buffer %d\n", n); - *cce = "HS: OOM"; - goto bail2; - } - wsi->ws->rx_ubuf_alloc = n; - lwsl_info("Allocating client RX buffer %d\n", n); - -#if !defined(LWS_WITH_ESP32) - if (setsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_SNDBUF, - (const char *)&n, sizeof n)) { - lwsl_warn("Failed to set SNDBUF to %d", n); - *cce = "HS: SO_SNDBUF failed"; - goto bail3; - } -#endif - - lwsl_debug("handshake OK for protocol %s\n", wsi->protocol->name); - - /* call him back to inform him he is up */ - - if (wsi->protocol->callback(wsi, LWS_CALLBACK_CLIENT_ESTABLISHED, - wsi->user_space, NULL, 0)) { - *cce = "HS: Rejected at CLIENT_ESTABLISHED"; - goto bail3; - } - - return 0; - -bail3: - return 3; - -bail2: - return 2; -} diff --git a/lib/roles/ws/ext/extension-permessage-deflate.c b/lib/roles/ws/ext/extension-permessage-deflate.c deleted file mode 100644 index b18efe1..0000000 --- a/lib/roles/ws/ext/extension-permessage-deflate.c +++ /dev/null @@ -1,553 +0,0 @@ -/* - * ./lib/extension-permessage-deflate.c - * - * Copyright (C) 2016 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "extension-permessage-deflate.h" -#include -#include -#include - -#define LWS_ZLIB_MEMLEVEL 8 - -const struct lws_ext_options lws_ext_pm_deflate_options[] = { - /* public RFC7692 settings */ - { "server_no_context_takeover", EXTARG_NONE }, - { "client_no_context_takeover", EXTARG_NONE }, - { "server_max_window_bits", EXTARG_OPT_DEC }, - { "client_max_window_bits", EXTARG_OPT_DEC }, - /* ones only user code can set */ - { "rx_buf_size", EXTARG_DEC }, - { "tx_buf_size", EXTARG_DEC }, - { "compression_level", EXTARG_DEC }, - { "mem_level", EXTARG_DEC }, - { NULL, 0 }, /* sentinel */ -}; - -static void -lws_extension_pmdeflate_restrict_args(struct lws *wsi, - struct lws_ext_pm_deflate_priv *priv) -{ - int n, extra; - - /* cap the RX buf at the nearest power of 2 to protocol rx buf */ - - n = wsi->context->pt_serv_buf_size; - if (wsi->protocol->rx_buffer_size) - n = (int)wsi->protocol->rx_buffer_size; - - extra = 7; - while (n >= 1 << (extra + 1)) - extra++; - - if (extra < priv->args[PMD_RX_BUF_PWR2]) { - priv->args[PMD_RX_BUF_PWR2] = extra; - lwsl_info(" Capping pmd rx to %d\n", 1 << extra); - } -} - -static unsigned char trail[] = { 0, 0, 0xff, 0xff }; - -LWS_VISIBLE int -lws_extension_callback_pm_deflate(struct lws_context *context, - const struct lws_extension *ext, - struct lws *wsi, - enum lws_extension_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct lws_ext_pm_deflate_priv *priv = - (struct lws_ext_pm_deflate_priv *)user; - struct lws_ext_pm_deflate_rx_ebufs *pmdrx = - (struct lws_ext_pm_deflate_rx_ebufs *)in; - struct lws_ext_option_arg *oa; - int n, ret = 0, was_fin = 0, m; - unsigned int pen = 0; - int penbits = 0; - - switch (reason) { - case LWS_EXT_CB_NAMED_OPTION_SET: - oa = in; - if (!oa->option_name) - break; - lwsl_ext("%s: named option set: %s\n", __func__, - oa->option_name); - for (n = 0; n < (int)LWS_ARRAY_SIZE(lws_ext_pm_deflate_options); - n++) - if (!strcmp(lws_ext_pm_deflate_options[n].name, - oa->option_name)) - break; - - if (n == (int)LWS_ARRAY_SIZE(lws_ext_pm_deflate_options)) - break; - oa->option_index = n; - - /* fallthru */ - - case LWS_EXT_CB_OPTION_SET: - oa = in; - lwsl_ext("%s: option set: idx %d, %s, len %d\n", __func__, - oa->option_index, oa->start, oa->len); - if (oa->start) - priv->args[oa->option_index] = atoi(oa->start); - else - priv->args[oa->option_index] = 1; - - if (priv->args[PMD_CLIENT_MAX_WINDOW_BITS] == 8) - priv->args[PMD_CLIENT_MAX_WINDOW_BITS] = 9; - - lws_extension_pmdeflate_restrict_args(wsi, priv); - break; - - case LWS_EXT_CB_OPTION_CONFIRM: - if (priv->args[PMD_SERVER_MAX_WINDOW_BITS] < 8 || - priv->args[PMD_SERVER_MAX_WINDOW_BITS] > 15 || - priv->args[PMD_CLIENT_MAX_WINDOW_BITS] < 8 || - priv->args[PMD_CLIENT_MAX_WINDOW_BITS] > 15) - return -1; - break; - - case LWS_EXT_CB_CLIENT_CONSTRUCT: - case LWS_EXT_CB_CONSTRUCT: - - n = context->pt_serv_buf_size; - if (wsi->protocol->rx_buffer_size) - n = (int)wsi->protocol->rx_buffer_size; - - if (n < 128) { - lwsl_info(" permessage-deflate requires the protocol " - "(%s) to have an RX buffer >= 128\n", - wsi->protocol->name); - return -1; - } - - /* fill in **user */ - priv = lws_zalloc(sizeof(*priv), "pmd priv"); - *((void **)user) = priv; - lwsl_ext("%s: LWS_EXT_CB_*CONSTRUCT\n", __func__); - memset(priv, 0, sizeof(*priv)); - - /* fill in pointer to options list */ - if (in) - *((const struct lws_ext_options **)in) = - lws_ext_pm_deflate_options; - - /* fallthru */ - - case LWS_EXT_CB_OPTION_DEFAULT: - - /* set the public, RFC7692 defaults... */ - - priv->args[PMD_SERVER_NO_CONTEXT_TAKEOVER] = 0, - priv->args[PMD_CLIENT_NO_CONTEXT_TAKEOVER] = 0; - priv->args[PMD_SERVER_MAX_WINDOW_BITS] = 15; - priv->args[PMD_CLIENT_MAX_WINDOW_BITS] = 15; - - /* ...and the ones the user code can override */ - - priv->args[PMD_RX_BUF_PWR2] = 10; /* ie, 1024 */ - priv->args[PMD_TX_BUF_PWR2] = 10; /* ie, 1024 */ - priv->args[PMD_COMP_LEVEL] = 1; - priv->args[PMD_MEM_LEVEL] = 8; - - lws_extension_pmdeflate_restrict_args(wsi, priv); - break; - - case LWS_EXT_CB_DESTROY: - lwsl_ext("%s: LWS_EXT_CB_DESTROY\n", __func__); - lws_free(priv->buf_rx_inflated); - lws_free(priv->buf_tx_deflated); - if (priv->rx_init) - (void)inflateEnd(&priv->rx); - if (priv->tx_init) - (void)deflateEnd(&priv->tx); - lws_free(priv); - - return ret; - - - case LWS_EXT_CB_PAYLOAD_RX: - lwsl_ext(" %s: LWS_EXT_CB_PAYLOAD_RX: in %d, existing in %d\n", - __func__, pmdrx->eb_in.len, priv->rx.avail_in); - - /* if this frame is not marked as compressed, we ignore it */ - - if (!(wsi->ws->rsv_first_msg & 0x40) || (wsi->ws->opcode & 8)) - return PMDR_DID_NOTHING; - - /* - * we shouldn't come back in here if we already applied the - * trailer for this compressed packet - */ - if (!wsi->ws->pmd_trailer_application) - return PMDR_DID_NOTHING; - - pmdrx->eb_out.len = 0; - - lwsl_ext("%s: LWS_EXT_CB_PAYLOAD_RX: in %d, " - "existing avail in %d, pkt fin: %d\n", __func__, - pmdrx->eb_in.len, priv->rx.avail_in, - wsi->ws->final); - - /* if needed, initialize the inflator */ - - if (!priv->rx_init) { - if (inflateInit2(&priv->rx, - -priv->args[PMD_SERVER_MAX_WINDOW_BITS]) != Z_OK) { - lwsl_err("%s: iniflateInit failed\n", __func__); - return PMDR_FAILED; - } - priv->rx_init = 1; - if (!priv->buf_rx_inflated) - priv->buf_rx_inflated = lws_malloc( - LWS_PRE + 7 + 5 + - (1 << priv->args[PMD_RX_BUF_PWR2]), - "pmd rx inflate buf"); - if (!priv->buf_rx_inflated) { - lwsl_err("%s: OOM\n", __func__); - return PMDR_FAILED; - } - } - -#if 0 - /* - * don't give us new input while we still work through - * the last input - */ - - if (priv->rx.avail_in && pmdrx->eb_in.token && - pmdrx->eb_in.len) { - lwsl_warn("%s: priv->rx.avail_in %d while getting new in\n", - __func__, priv->rx.avail_in); - // assert(0); - } -#endif - if (!priv->rx.avail_in && pmdrx->eb_in.token && pmdrx->eb_in.len) { - priv->rx.next_in = (unsigned char *)pmdrx->eb_in.token; - priv->rx.avail_in = pmdrx->eb_in.len; - } - - priv->rx.next_out = priv->buf_rx_inflated + LWS_PRE; - pmdrx->eb_out.token = priv->rx.next_out; - priv->rx.avail_out = 1 << priv->args[PMD_RX_BUF_PWR2]; - - pen = penbits = 0; - deflatePending(&priv->rx, &pen, &penbits); - pen |= penbits; - - /* so... if... - * - * - he has no remaining input content for this message, and - * - and this is the final fragment, and - * - we used everything that could be drained on the input side - * - * ...then put back the 00 00 FF FF the sender stripped as our - * input to zlib - */ - if (!priv->rx.avail_in && - wsi->ws->final && - !wsi->ws->rx_packet_length && - wsi->ws->pmd_trailer_application) { - lwsl_ext("%s: trailer apply 1\n", __func__); - was_fin = 1; - wsi->ws->pmd_trailer_application = 0; - priv->rx.next_in = trail; - priv->rx.avail_in = sizeof(trail); - } - - /* - * if after all that there's nothing pending and nothing to give - * him right now, bail without having done anything - */ - - if (!priv->rx.avail_in && !pen) - return PMDR_DID_NOTHING; - - n = inflate(&priv->rx, was_fin ? Z_SYNC_FLUSH : Z_NO_FLUSH); - lwsl_ext("inflate ret %d, avi %d, avo %d, wsifinal %d\n", n, - priv->rx.avail_in, priv->rx.avail_out, wsi->ws->final); - switch (n) { - case Z_NEED_DICT: - case Z_STREAM_ERROR: - case Z_DATA_ERROR: - case Z_MEM_ERROR: - lwsl_err("%s: zlib error inflate %d: \"%s\"\n", - __func__, n, priv->rx.msg); - return PMDR_FAILED; - } - - /* - * track how much input was used, and advance it - */ - - pmdrx->eb_in.token = pmdrx->eb_in.token + - (pmdrx->eb_in.len - priv->rx.avail_in); - pmdrx->eb_in.len = priv->rx.avail_in; - - pen = penbits = 0; - deflatePending(&priv->rx, &pen, &penbits); - pen |= penbits; - - lwsl_debug("%s: %d %d %d %d %d %d\n", __func__, - priv->rx.avail_in, - wsi->ws->final, - (int)wsi->ws->rx_packet_length, - was_fin, - wsi->ws->pmd_trailer_application, - pen); - - if (!priv->rx.avail_in && - wsi->ws->final && - !wsi->ws->rx_packet_length && - !was_fin && - wsi->ws->pmd_trailer_application && - !pen - ) { - lwsl_ext("%s: RX trailer apply 2\n", __func__); - - /* we overallocated just for this situation where - * we might issue something */ - priv->rx.avail_out += 5; - - was_fin = 1; - wsi->ws->pmd_trailer_application = 0; - priv->rx.next_in = trail; - priv->rx.avail_in = sizeof(trail); - n = inflate(&priv->rx, Z_SYNC_FLUSH); - lwsl_ext("RX trailer infl ret %d, avi %d, avo %d\n", - n, priv->rx.avail_in, priv->rx.avail_out); - switch (n) { - case Z_NEED_DICT: - case Z_STREAM_ERROR: - case Z_DATA_ERROR: - case Z_MEM_ERROR: - lwsl_info("zlib error inflate %d: %s\n", - n, priv->rx.msg); - return -1; - } - - assert(priv->rx.avail_out); - - pen = penbits = 0; - deflatePending(&priv->rx, &pen, &penbits); - pen |= penbits; - } - - pmdrx->eb_out.len = lws_ptr_diff(priv->rx.next_out, - pmdrx->eb_out.token); - priv->count_rx_between_fin += pmdrx->eb_out.len; - - lwsl_ext(" %s: RX leaving with new effbuff len %d, " - "rx.avail_in=%d, TOTAL RX since FIN %lu\n", - __func__, pmdrx->eb_out.len, priv->rx.avail_in, - (unsigned long)priv->count_rx_between_fin); - - if (was_fin && !pen) { - lwsl_ext("%s: was_fin\n", __func__); - priv->count_rx_between_fin = 0; - if (priv->args[PMD_SERVER_NO_CONTEXT_TAKEOVER]) { - lwsl_ext("PMD_SERVER_NO_CONTEXT_TAKEOVER\n"); - (void)inflateEnd(&priv->rx); - priv->rx_init = 0; - } - - return PMDR_EMPTY_FINAL; - } - - if (pen || priv->rx.avail_in) - return PMDR_HAS_PENDING; - - return PMDR_EMPTY_NONFINAL; - - case LWS_EXT_CB_PAYLOAD_TX: - - /* initialize us if needed */ - - if (!priv->tx_init) { - n = deflateInit2(&priv->tx, priv->args[PMD_COMP_LEVEL], - Z_DEFLATED, - -priv->args[PMD_SERVER_MAX_WINDOW_BITS + - (wsi->vhost->listen_port <= 0)], - priv->args[PMD_MEM_LEVEL], - Z_DEFAULT_STRATEGY); - if (n != Z_OK) { - lwsl_ext("inflateInit2 failed %d\n", n); - return PMDR_FAILED; - } - priv->tx_init = 1; - } - - if (!priv->buf_tx_deflated) - priv->buf_tx_deflated = lws_malloc(LWS_PRE + 7 + 5 + - (1 << priv->args[PMD_TX_BUF_PWR2]), - "pmd tx deflate buf"); - if (!priv->buf_tx_deflated) { - lwsl_err("%s: OOM\n", __func__); - return PMDR_FAILED; - } - - /* hook us up with any deflated input that the caller has */ - - if (pmdrx->eb_in.token) { - - assert(!priv->tx.avail_in); - - priv->count_tx_between_fin += pmdrx->eb_in.len; - lwsl_ext("%s: TX: eb_in length %d, " - "TOTAL TX since FIN: %d\n", __func__, - pmdrx->eb_in.len, - (int)priv->count_tx_between_fin); - priv->tx.next_in = (unsigned char *)pmdrx->eb_in.token; - priv->tx.avail_in = pmdrx->eb_in.len; - } - - priv->tx.next_out = priv->buf_tx_deflated + LWS_PRE + 5; - pmdrx->eb_out.token = priv->tx.next_out; - priv->tx.avail_out = 1 << priv->args[PMD_TX_BUF_PWR2]; - - pen = penbits = 0; - deflatePending(&priv->tx, &pen, &penbits); - pen |= penbits; - - if (!priv->tx.avail_in && (len & LWS_WRITE_NO_FIN)) { - lwsl_ext("%s: no available in, pen: %u\n", __func__, pen); - - if (!pen) - return PMDR_DID_NOTHING; - } - - m = Z_NO_FLUSH; - if (!(len & LWS_WRITE_NO_FIN)) { - lwsl_ext("%s: deflate with SYNC_FLUSH, pkt len %d\n", - __func__, (int)wsi->ws->rx_packet_length); - m = Z_SYNC_FLUSH; - } - - n = deflate(&priv->tx, m); - if (n == Z_STREAM_ERROR) { - lwsl_notice("%s: Z_STREAM_ERROR\n", __func__); - return PMDR_FAILED; - } - - pen = (!priv->tx.avail_out) && n != Z_STREAM_END; - - lwsl_ext("%s: deflate ret %d, len 0x%x\n", __func__, n, - (unsigned int)len); - - if ((len & 0xf) == LWS_WRITE_TEXT) - priv->tx_first_frame_type = LWSWSOPC_TEXT_FRAME; - if ((len & 0xf) == LWS_WRITE_BINARY) - priv->tx_first_frame_type = LWSWSOPC_BINARY_FRAME; - - pmdrx->eb_out.len = lws_ptr_diff(priv->tx.next_out, - pmdrx->eb_out.token); - - if (m == Z_SYNC_FLUSH && !(len & LWS_WRITE_NO_FIN) && !pen && - pmdrx->eb_out.len < 4) { - lwsl_err("%s: FAIL want to trim out length %d\n", - __func__, (int)pmdrx->eb_out.len); - assert(0); - } - - if (!(len & LWS_WRITE_NO_FIN) && - m == Z_SYNC_FLUSH && - !pen && - pmdrx->eb_out.len >= 4) { - // lwsl_err("%s: Trimming 4 from end of write\n", __func__); - priv->tx.next_out -= 4; - priv->tx.avail_out += 4; - priv->count_tx_between_fin = 0; - - assert(priv->tx.next_out[0] == 0x00 && - priv->tx.next_out[1] == 0x00 && - priv->tx.next_out[2] == 0xff && - priv->tx.next_out[3] == 0xff); - } - - - /* - * track how much input was used and advance it - */ - - pmdrx->eb_in.token = pmdrx->eb_in.token + - (pmdrx->eb_in.len - priv->tx.avail_in); - pmdrx->eb_in.len = priv->tx.avail_in; - - priv->compressed_out = 1; - pmdrx->eb_out.len = lws_ptr_diff(priv->tx.next_out, - pmdrx->eb_out.token); - - lwsl_ext(" TX rewritten with new eb_in len %d, " - "eb_out len %d, deflatePending %d\n", - pmdrx->eb_in.len, pmdrx->eb_out.len, pen); - - if (pmdrx->eb_in.len || pen) - return PMDR_HAS_PENDING; - - if (!(len & LWS_WRITE_NO_FIN)) - return PMDR_EMPTY_FINAL; - - return PMDR_EMPTY_NONFINAL; - - case LWS_EXT_CB_PACKET_TX_PRESEND: - if (!priv->compressed_out) - break; - priv->compressed_out = 0; - - /* - * we may have not produced any output for the actual "first" - * write... in that case, we need to fix up the inappropriate - * use of CONTINUATION when the first real write does come. - */ - if (priv->tx_first_frame_type & 0xf) { - *pmdrx->eb_in.token = ((*pmdrx->eb_in.token) & ~0xf) | - (priv->tx_first_frame_type & 0xf); - /* - * We have now written the "first" fragment, only - * do that once - */ - priv->tx_first_frame_type = 0; - } - - n = *(pmdrx->eb_in.token) & 15; - - /* set RSV1, but not on CONTINUATION */ - if (n == LWSWSOPC_TEXT_FRAME || n == LWSWSOPC_BINARY_FRAME) - *pmdrx->eb_in.token |= 0x40; - - lwsl_ext("%s: PRESEND compressed: ws frame 0x%02X, len %d\n", - __func__, ((*pmdrx->eb_in.token) & 0xff), - pmdrx->eb_in.len); - - if (((*pmdrx->eb_in.token) & 0x80) && /* fin */ - priv->args[PMD_CLIENT_NO_CONTEXT_TAKEOVER]) { - lwsl_debug("PMD_CLIENT_NO_CONTEXT_TAKEOVER\n"); - (void)deflateEnd(&priv->tx); - priv->tx_init = 0; - } - - break; - - default: - break; - } - - return 0; -} - diff --git a/lib/roles/ws/ops-ws.c b/lib/roles/ws/ops-ws.c deleted file mode 100644 index b959384..0000000 --- a/lib/roles/ws/ops-ws.c +++ /dev/null @@ -1,2125 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -#define LWS_CPYAPP(ptr, str) { strcpy(ptr, str); ptr += strlen(str); } - -/* - * client-parser.c: lws_ws_client_rx_sm() needs to be roughly kept in - * sync with changes here, esp related to ext draining - */ - -int -lws_ws_rx_sm(struct lws *wsi, char already_processed, unsigned char c) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int callback_action = LWS_CALLBACK_RECEIVE; - struct lws_ext_pm_deflate_rx_ebufs pmdrx; - unsigned short close_code; - unsigned char *pp; - int ret = 0; - int n = 0; -#if !defined(LWS_WITHOUT_EXTENSIONS) - int rx_draining_ext = 0; - int lin; -#endif - - pmdrx.eb_in.token = NULL; - pmdrx.eb_in.len = 0; - pmdrx.eb_out.token = NULL; - pmdrx.eb_out.len = 0; - - if (wsi->socket_is_permanently_unusable) - return -1; - - switch (wsi->lws_rx_parse_state) { - case LWS_RXPS_NEW: -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) { - pmdrx.eb_in.token = NULL; - pmdrx.eb_in.len = 0; - pmdrx.eb_out.token = NULL; - pmdrx.eb_out.len = 0; - lws_remove_wsi_from_draining_ext_list(wsi); - rx_draining_ext = 1; - lwsl_debug("%s: doing draining flow\n", __func__); - - goto drain_extension; - } -#endif - switch (wsi->ws->ietf_spec_revision) { - case 13: - /* - * no prepended frame key any more - */ - wsi->ws->all_zero_nonce = 1; - goto handle_first; - - default: - lwsl_warn("lws_ws_rx_sm: unknown spec version %d\n", - wsi->ws->ietf_spec_revision); - break; - } - break; - case LWS_RXPS_04_mask_1: - wsi->ws->mask[1] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_04_mask_2; - break; - case LWS_RXPS_04_mask_2: - wsi->ws->mask[2] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_04_mask_3; - break; - case LWS_RXPS_04_mask_3: - wsi->ws->mask[3] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - - /* - * start from the zero'th byte in the XOR key buffer since - * this is the start of a frame with a new key - */ - - wsi->ws->mask_idx = 0; - - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_1; - break; - - /* - * 04 logical framing from the spec (all this is masked when incoming - * and has to be unmasked) - * - * We ignore the possibility of extension data because we don't - * negotiate any extensions at the moment. - * - * 0 1 2 3 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - * +-+-+-+-+-------+-+-------------+-------------------------------+ - * |F|R|R|R| opcode|R| Payload len | Extended payload length | - * |I|S|S|S| (4) |S| (7) | (16/63) | - * |N|V|V|V| |V| | (if payload len==126/127) | - * | |1|2|3| |4| | | - * +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + - * | Extended payload length continued, if payload len == 127 | - * + - - - - - - - - - - - - - - - +-------------------------------+ - * | | Extension data | - * +-------------------------------+ - - - - - - - - - - - - - - - + - * : : - * +---------------------------------------------------------------+ - * : Application data : - * +---------------------------------------------------------------+ - * - * We pass payload through to userland as soon as we get it, ignoring - * FIN. It's up to userland to buffer it up if it wants to see a - * whole unfragmented block of the original size (which may be up to - * 2^63 long!) - */ - - case LWS_RXPS_04_FRAME_HDR_1: -handle_first: - - wsi->ws->opcode = c & 0xf; - wsi->ws->rsv = c & 0x70; - wsi->ws->final = !!((c >> 7) & 1); - wsi->ws->defeat_check_utf8 = 0; - - if (((wsi->ws->opcode) & 8) && !wsi->ws->final) { - lws_close_reason(wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"frag ctl", 8); - return -1; - } - - switch (wsi->ws->opcode) { - case LWSWSOPC_TEXT_FRAME: - wsi->ws->check_utf8 = lws_check_opt( - wsi->context->options, - LWS_SERVER_OPTION_VALIDATE_UTF8); - /* fallthru */ - case LWSWSOPC_BINARY_FRAME: - if (wsi->ws->opcode == LWSWSOPC_BINARY_FRAME) - wsi->ws->check_utf8 = 0; - if (wsi->ws->continuation_possible) { - lws_close_reason(wsi, - LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"bad cont", 8); - return -1; - } - wsi->ws->rsv_first_msg = (c & 0x70); -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* - * set the expectation that we will have to - * fake up the zlib trailer to the inflator for this - * frame - */ - wsi->ws->pmd_trailer_application = !!(c & 0x40); -#endif - wsi->ws->frame_is_binary = - wsi->ws->opcode == LWSWSOPC_BINARY_FRAME; - wsi->ws->first_fragment = 1; - wsi->ws->continuation_possible = !wsi->ws->final; - break; - case LWSWSOPC_CONTINUATION: - if (!wsi->ws->continuation_possible) { - lws_close_reason(wsi, - LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"bad cont", 8); - return -1; - } - break; - case LWSWSOPC_CLOSE: - wsi->ws->check_utf8 = 0; - wsi->ws->utf8 = 0; - break; - case 3: - case 4: - case 5: - case 6: - case 7: - case 0xb: - case 0xc: - case 0xd: - case 0xe: - case 0xf: - lws_close_reason(wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"bad opc", 7); - lwsl_info("illegal opcode\n"); - return -1; - } - - if (wsi->ws->owed_a_fin && - (wsi->ws->opcode == LWSWSOPC_TEXT_FRAME || - wsi->ws->opcode == LWSWSOPC_BINARY_FRAME)) { - lwsl_info("hey you owed us a FIN\n"); - lws_close_reason(wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"bad fin", 7); - return -1; - } - if ((!(wsi->ws->opcode & 8)) && wsi->ws->final) { - wsi->ws->continuation_possible = 0; - wsi->ws->owed_a_fin = 0; - } - - if (!wsi->ws->final) - wsi->ws->owed_a_fin = 1; - - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN; - if (wsi->ws->rsv && - ( -#if !defined(LWS_WITHOUT_EXTENSIONS) - !wsi->ws->count_act_ext || -#endif - (wsi->ws->rsv & ~0x40))) { - lws_close_reason(wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, - (uint8_t *)"rsv bits", 8); - return -1; - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN: - - wsi->ws->this_frame_masked = !!(c & 0x80); - - switch (c & 0x7f) { - case 126: - /* control frames are not allowed to have big lengths */ - if (wsi->ws->opcode & 8) - goto illegal_ctl_length; - - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_2; - break; - case 127: - /* control frames are not allowed to have big lengths */ - if (wsi->ws->opcode & 8) - goto illegal_ctl_length; - - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_8; - break; - default: - wsi->ws->rx_packet_length = c & 0x7f; - - - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = - LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else - if (wsi->ws->rx_packet_length) { - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - } else { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - break; - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN16_2: - wsi->ws->rx_packet_length = c << 8; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN16_1; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN16_1: - wsi->ws->rx_packet_length |= c; - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = - LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else { - wsi->lws_rx_parse_state = - LWS_RXPS_WS_FRAME_PAYLOAD; - } - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_8: - if (c & 0x80) { - lwsl_warn("b63 of length must be zero\n"); - /* kill the connection */ - return -1; - } -#if defined __LP64__ - wsi->ws->rx_packet_length = ((size_t)c) << 56; -#else - wsi->ws->rx_packet_length = 0; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_7; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_7: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 48; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_6; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_6: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 40; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_5; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_5: -#if defined __LP64__ - wsi->ws->rx_packet_length |= ((size_t)c) << 32; -#endif - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_4; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_4: - wsi->ws->rx_packet_length |= ((size_t)c) << 24; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_3; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_3: - wsi->ws->rx_packet_length |= ((size_t)c) << 16; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_2; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_2: - wsi->ws->rx_packet_length |= ((size_t)c) << 8; - wsi->lws_rx_parse_state = LWS_RXPS_04_FRAME_HDR_LEN64_1; - break; - - case LWS_RXPS_04_FRAME_HDR_LEN64_1: - wsi->ws->rx_packet_length |= ((size_t)c); - if (wsi->ws->this_frame_masked) - wsi->lws_rx_parse_state = - LWS_RXPS_07_COLLECT_FRAME_KEY_1; - else - wsi->lws_rx_parse_state = LWS_RXPS_WS_FRAME_PAYLOAD; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_1: - wsi->ws->mask[0] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_2; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_2: - wsi->ws->mask[1] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_3; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_3: - wsi->ws->mask[2] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_07_COLLECT_FRAME_KEY_4; - break; - - case LWS_RXPS_07_COLLECT_FRAME_KEY_4: - wsi->ws->mask[3] = c; - if (c) - wsi->ws->all_zero_nonce = 0; - wsi->lws_rx_parse_state = LWS_RXPS_WS_FRAME_PAYLOAD; - wsi->ws->mask_idx = 0; - if (wsi->ws->rx_packet_length == 0) { - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } - break; - - - case LWS_RXPS_WS_FRAME_PAYLOAD: - assert(wsi->ws->rx_ubuf); - - if (wsi->ws->rx_ubuf_head + LWS_PRE >= wsi->ws->rx_ubuf_alloc) { - lwsl_err("Attempted overflow \n"); - return -1; - } - if (!(already_processed & ALREADY_PROCESSED_IGNORE_CHAR)) { - if (wsi->ws->all_zero_nonce) - wsi->ws->rx_ubuf[LWS_PRE + - (wsi->ws->rx_ubuf_head++)] = c; - else - wsi->ws->rx_ubuf[LWS_PRE + - (wsi->ws->rx_ubuf_head++)] = - c ^ wsi->ws->mask[(wsi->ws->mask_idx++) & 3]; - - --wsi->ws->rx_packet_length; - } - - if (!wsi->ws->rx_packet_length) { - lwsl_debug("%s: ws fragment length exhausted\n", - __func__); - /* spill because we have the whole frame */ - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - goto spill; - } -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) { - lwsl_debug("%s: UNTIL_EXHAUSTED draining\n", __func__); - goto drain_extension; - } -#endif - /* - * if there's no protocol max frame size given, we are - * supposed to default to context->pt_serv_buf_size - */ - if (!wsi->protocol->rx_buffer_size && - wsi->ws->rx_ubuf_head != wsi->context->pt_serv_buf_size) - break; - - if (wsi->protocol->rx_buffer_size && - wsi->ws->rx_ubuf_head != wsi->protocol->rx_buffer_size) - break; - - /* spill because we filled our rx buffer */ -spill: - /* - * is this frame a control packet we should take care of at this - * layer? If so service it and hide it from the user callback - */ - - lwsl_parser("spill on %s\n", wsi->protocol->name); - - switch (wsi->ws->opcode) { - case LWSWSOPC_CLOSE: - - if (wsi->ws->peer_has_sent_close) - break; - - wsi->ws->peer_has_sent_close = 1; - - pp = &wsi->ws->rx_ubuf[LWS_PRE]; - if (lws_check_opt(wsi->context->options, - LWS_SERVER_OPTION_VALIDATE_UTF8) && - wsi->ws->rx_ubuf_head > 2 && - lws_check_utf8(&wsi->ws->utf8, pp + 2, - wsi->ws->rx_ubuf_head - 2)) - goto utf8_fail; - - /* is this an acknowledgment of our close? */ - if (lwsi_state(wsi) == LRS_AWAITING_CLOSE_ACK) { - /* - * fine he has told us he is closing too, let's - * finish our close - */ - lwsl_parser("seen client close ack\n"); - return -1; - } - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - /* if he sends us 2 CLOSE, kill him */ - return -1; - - if (lws_partial_buffered(wsi)) { - /* - * if we're in the middle of something, - * we can't do a normal close response and - * have to just close our end. - */ - wsi->socket_is_permanently_unusable = 1; - lwsl_parser("Closing on peer close " - "due to pending tx\n"); - return -1; - } - - if (wsi->ws->rx_ubuf_head >= 2) { - close_code = (pp[0] << 8) | pp[1]; - if (close_code < 1000 || - close_code == 1004 || - close_code == 1005 || - close_code == 1006 || - close_code == 1012 || - close_code == 1013 || - close_code == 1014 || - close_code == 1015 || - (close_code >= 1016 && close_code < 3000) - ) { - pp[0] = (LWS_CLOSE_STATUS_PROTOCOL_ERR >> 8) & 0xff; - pp[1] = LWS_CLOSE_STATUS_PROTOCOL_ERR & 0xff; - } - } - - if (user_callback_handle_rxflow( - wsi->protocol->callback, wsi, - LWS_CALLBACK_WS_PEER_INITIATED_CLOSE, - wsi->user_space, - &wsi->ws->rx_ubuf[LWS_PRE], - wsi->ws->rx_ubuf_head)) - return -1; - - lwsl_parser("server sees client close packet\n"); - lwsi_set_state(wsi, LRS_RETURNED_CLOSE); - /* deal with the close packet contents as a PONG */ - wsi->ws->payload_is_close = 1; - goto process_as_ping; - - case LWSWSOPC_PING: - lwsl_info("received %d byte ping, sending pong\n", - wsi->ws->rx_ubuf_head); - - if (wsi->ws->ping_pending_flag) { - /* - * there is already a pending ping payload - * we should just log and drop - */ - lwsl_parser("DROP PING since one pending\n"); - goto ping_drop; - } -process_as_ping: - /* control packets can only be < 128 bytes long */ - if (wsi->ws->rx_ubuf_head > 128 - 3) { - lwsl_parser("DROP PING payload too large\n"); - goto ping_drop; - } - - /* stash the pong payload */ - memcpy(wsi->ws->ping_payload_buf + LWS_PRE, - &wsi->ws->rx_ubuf[LWS_PRE], - wsi->ws->rx_ubuf_head); - - wsi->ws->ping_payload_len = wsi->ws->rx_ubuf_head; - wsi->ws->ping_pending_flag = 1; - - /* get it sent as soon as possible */ - lws_callback_on_writable(wsi); -ping_drop: - wsi->ws->rx_ubuf_head = 0; - return 0; - - case LWSWSOPC_PONG: - lwsl_info("received pong\n"); - lwsl_hexdump(&wsi->ws->rx_ubuf[LWS_PRE], - wsi->ws->rx_ubuf_head); - - if (wsi->ws->await_pong) { - lwsl_info("received expected PONG on wsi %p\n", - wsi); - lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); - wsi->ws->await_pong = 0; - - /* - * prepare to send the ping again if nothing - * sent to countermand it - */ - - __lws_sul_insert(&pt->pt_sul_owner, - &wsi->sul_ping, - (lws_usec_t)wsi->context->ws_ping_pong_interval * - LWS_USEC_PER_SEC); - } - - /* issue it */ - callback_action = LWS_CALLBACK_RECEIVE_PONG; - break; - - case LWSWSOPC_TEXT_FRAME: - case LWSWSOPC_BINARY_FRAME: - case LWSWSOPC_CONTINUATION: - break; - - default: - lwsl_parser("unknown opc %x\n", wsi->ws->opcode); - - return -1; - } - - /* - * No it's real payload, pass it up to the user callback. - * - * We have been statefully collecting it in the - * LWS_RXPS_WS_FRAME_PAYLOAD clause above. - * - * It's nicely buffered with the pre-padding taken care of - * so it can be sent straight out again using lws_write. - * - * However, now we have a chunk of it, we want to deal with it - * all here. Since this may be input to permessage-deflate and - * there are block limits on that for input and output, we may - * need to iterate. - */ - - pmdrx.eb_in.token = &wsi->ws->rx_ubuf[LWS_PRE]; - pmdrx.eb_in.len = wsi->ws->rx_ubuf_head; - - /* for the non-pm-deflate case */ - - pmdrx.eb_out = pmdrx.eb_in; - - if (wsi->ws->opcode == LWSWSOPC_PONG && !pmdrx.eb_in.len) - goto already_done; -#if !defined(LWS_WITHOUT_EXTENSIONS) -drain_extension: -#endif - - do { - -// lwsl_notice("%s: pmdrx.eb_in.len: %d\n", __func__, -// (int)pmdrx.eb_in.len); - - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE || - lwsi_state(wsi) == LRS_AWAITING_CLOSE_ACK) - goto already_done; - - n = PMDR_DID_NOTHING; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - lin = pmdrx.eb_in.len; - //if (lin) - // lwsl_hexdump_notice(ebuf.token, ebuf.len); - lwsl_ext("%s: +++ passing %d %p to ext\n", __func__, - pmdrx.eb_in.len, pmdrx.eb_in.token); - - n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &pmdrx, 0); - lwsl_debug("%s: ext says %d / ebuf.len %d\n", __func__, - n, pmdrx.eb_out.len); - if (wsi->ws->rx_draining_ext) - already_processed &= ~ALREADY_PROCESSED_NO_CB; -#endif - - /* - * ebuf may be pointing somewhere completely different - * now, it's the output - */ -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (n < 0) { - /* - * we may rely on this to get RX, just drop - * connection - */ - wsi->socket_is_permanently_unusable = 1; - return -1; - } - if (n == PMDR_DID_NOTHING) - break; -#endif - lwsl_debug("%s: post ext ret %d, ebuf in %d / out %d\n", - __func__, n, pmdrx.eb_in.len, - pmdrx.eb_out.len); - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (rx_draining_ext && !pmdrx.eb_out.len) { - lwsl_debug(" --- ending drain on 0 read\n"); - goto already_done; - } - - if (n == PMDR_HAS_PENDING) - /* - * extension had more... - * main loop will come back - */ - lws_add_wsi_to_draining_ext_list(wsi); - else - lws_remove_wsi_from_draining_ext_list(wsi); - - rx_draining_ext = wsi->ws->rx_draining_ext; -#endif - - if (pmdrx.eb_out.len && - wsi->ws->check_utf8 && !wsi->ws->defeat_check_utf8) { - if (lws_check_utf8(&wsi->ws->utf8, - pmdrx.eb_out.token, - pmdrx.eb_out.len)) { - lws_close_reason(wsi, - LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"bad utf8", 8); - goto utf8_fail; - } - - /* we are ending partway through utf-8 character? */ - if (!wsi->ws->rx_packet_length && - wsi->ws->final && wsi->ws->utf8 -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* if ext not negotiated, going to be UNKNOWN */ - && (n == PMDR_EMPTY_FINAL || n == PMDR_UNKNOWN) -#endif - ) { - lwsl_info("FINAL utf8 error\n"); - lws_close_reason(wsi, - LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"partial utf8", 12); -utf8_fail: - lwsl_notice("utf8 error\n"); - lwsl_hexdump_notice(pmdrx.eb_out.token, - pmdrx.eb_out.len); - - return -1; - } - } - - /* if pmd not enabled, in == out */ - - if (n == PMDR_DID_NOTHING -#if !defined(LWS_WITHOUT_EXTENSIONS) - || - n == PMDR_UNKNOWN -#endif - ) - pmdrx.eb_in.len -= pmdrx.eb_out.len; - - if (!wsi->wsistate_pre_close && - (pmdrx.eb_out.len >= 0 || - callback_action == LWS_CALLBACK_RECEIVE_PONG || - n == PMDR_EMPTY_FINAL)) { - if (pmdrx.eb_out.len) - pmdrx.eb_out.token[pmdrx.eb_out.len] = '\0'; - - if (wsi->protocol->callback && - !(already_processed & ALREADY_PROCESSED_NO_CB)) { - if (callback_action == - LWS_CALLBACK_RECEIVE_PONG) - lwsl_info("Doing pong callback\n"); - - ret = user_callback_handle_rxflow( - wsi->protocol->callback, wsi, - (enum lws_callback_reasons) - callback_action, - wsi->user_space, - pmdrx.eb_out.token, - pmdrx.eb_out.len); - } - wsi->ws->first_fragment = 0; - } - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (!lin) - break; -#endif - - } while (pmdrx.eb_in.len -#if !defined(LWS_WITHOUT_EXTENSIONS) - || rx_draining_ext -#endif - ); - -already_done: - wsi->ws->rx_ubuf_head = 0; - break; - } - - return ret; - -illegal_ctl_length: - - lwsl_warn("Control frame with xtended length is illegal\n"); - /* kill the connection */ - return -1; -} - - -LWS_VISIBLE size_t -lws_remaining_packet_payload(struct lws *wsi) -{ - return wsi->ws->rx_packet_length; -} - -LWS_VISIBLE int lws_frame_is_binary(struct lws *wsi) -{ - return wsi->ws->frame_is_binary; -} - -void -lws_add_wsi_to_draining_ext_list(struct lws *wsi) -{ -#if !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - if (wsi->ws->rx_draining_ext) - return; - - lwsl_debug("%s: RX EXT DRAINING: Adding to list\n", __func__); - - wsi->ws->rx_draining_ext = 1; - wsi->ws->rx_draining_ext_list = pt->ws.rx_draining_ext_list; - pt->ws.rx_draining_ext_list = wsi; -#endif -} - -void -lws_remove_wsi_from_draining_ext_list(struct lws *wsi) -{ -#if !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - struct lws **w = &pt->ws.rx_draining_ext_list; - - if (!wsi->ws->rx_draining_ext) - return; - - lwsl_debug("%s: RX EXT DRAINING: Removing from list\n", __func__); - - wsi->ws->rx_draining_ext = 0; - - /* remove us from context draining ext list */ - while (*w) { - if (*w == wsi) { - /* if us, point it instead to who we were pointing to */ - *w = wsi->ws->rx_draining_ext_list; - break; - } - w = &((*w)->ws->rx_draining_ext_list); - } - wsi->ws->rx_draining_ext_list = NULL; -#endif -} - -static int -lws_0405_frame_mask_generate(struct lws *wsi) -{ - int n; - /* fetch the per-frame nonce */ - - n = lws_get_random(lws_get_context(wsi), wsi->ws->mask, 4); - if (n != 4) { - lwsl_parser("Unable to read from random device %s %d\n", - SYSTEM_RANDOM_FILEPATH, n); - return 1; - } - - /* start masking from first byte of masking key buffer */ - wsi->ws->mask_idx = 0; - - return 0; -} - -void -lws_sul_wsping_cb(lws_sorted_usec_list_t *sul) -{ - struct lws *wsi = lws_container_of(sul, struct lws, sul_ping); - - if (!wsi->ws) - return; - - /* - * The sul_ping timer came up... either it's time to send a PING - * (!wsi->ws->send_check_ping), or we didn't get the PONG in time - * (wsi->ws->send_check_ping) - */ - - if (!wsi->ws->send_check_ping) { - lwsl_info("%s: req pp on wsi %p\n", __func__, wsi); - - wsi->ws->send_check_ping = 1; - lws_set_timeout(wsi, PENDING_TIMEOUT_WS_PONG_CHECK_SEND_PING, - wsi->context->timeout_secs); - lws_callback_on_writable(wsi); - - return; - } - - if (wsi->ws->await_pong) { - /* it didn't return the PONG in time */ - - lwsl_info("%s: wsi %p: failed to send PONG\n", __func__, wsi); - __lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, - "PONG timeout"); - } -} - -int -lws_server_init_wsi_for_ws(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int n; - - lwsi_set_state(wsi, LRS_ESTABLISHED); - - if (wsi->context->ws_ping_pong_interval && !wsi->http2_substream ) { - wsi->sul_ping.cb = lws_sul_wsping_cb; - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_ping, - (lws_usec_t)wsi->context->ws_ping_pong_interval * - LWS_USEC_PER_SEC); - } - - /* - * create the frame buffer for this connection according to the - * size mentioned in the protocol definition. If 0 there, use - * a big default for compatibility - */ - - n = (int)wsi->protocol->rx_buffer_size; - if (!n) - n = wsi->context->pt_serv_buf_size; - n += LWS_PRE; - wsi->ws->rx_ubuf = lws_malloc(n + 4 /* 0x0000ffff zlib */, "rx_ubuf"); - if (!wsi->ws->rx_ubuf) { - lwsl_err("Out of Mem allocating rx buffer %d\n", n); - return 1; - } - wsi->ws->rx_ubuf_alloc = n; - lwsl_debug("Allocating RX buffer %d\n", n); - -#if !defined(LWS_WITH_ESP32) - if (!wsi->h2_stream_carries_ws) - if (setsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_SNDBUF, - (const char *)&n, sizeof n)) { - lwsl_warn("Failed to set SNDBUF to %d", n); - return 1; - } -#endif - - /* notify user code that we're ready to roll */ - - if (wsi->protocol->callback) - if (wsi->protocol->callback(wsi, LWS_CALLBACK_ESTABLISHED, - wsi->user_space, -#ifdef LWS_WITH_TLS - wsi->tls.ssl, -#else - NULL, -#endif - wsi->h2_stream_carries_ws)) - return 1; - - lwsl_debug("ws established\n"); - - return 0; -} - - - -LWS_VISIBLE int -lws_is_final_fragment(struct lws *wsi) -{ -#if !defined(LWS_WITHOUT_EXTENSIONS) - lwsl_debug("%s: final %d, rx pk length %ld, draining %ld\n", __func__, - wsi->ws->final, (long)wsi->ws->rx_packet_length, - (long)wsi->ws->rx_draining_ext); - return wsi->ws->final && !wsi->ws->rx_packet_length && - !wsi->ws->rx_draining_ext; -#else - return wsi->ws->final && !wsi->ws->rx_packet_length; -#endif -} - -LWS_VISIBLE int -lws_is_first_fragment(struct lws *wsi) -{ - return wsi->ws->first_fragment; -} - -LWS_VISIBLE unsigned char -lws_get_reserved_bits(struct lws *wsi) -{ - return wsi->ws->rsv; -} - -LWS_VISIBLE LWS_EXTERN int -lws_get_close_length(struct lws *wsi) -{ - return wsi->ws->close_in_ping_buffer_len; -} - -LWS_VISIBLE LWS_EXTERN unsigned char * -lws_get_close_payload(struct lws *wsi) -{ - return &wsi->ws->ping_payload_buf[LWS_PRE]; -} - -LWS_VISIBLE LWS_EXTERN void -lws_close_reason(struct lws *wsi, enum lws_close_status status, - unsigned char *buf, size_t len) -{ - unsigned char *p, *start; - int budget = sizeof(wsi->ws->ping_payload_buf) - LWS_PRE; - - assert(lwsi_role_ws(wsi)); - - start = p = &wsi->ws->ping_payload_buf[LWS_PRE]; - - *p++ = (((int)status) >> 8) & 0xff; - *p++ = ((int)status) & 0xff; - - if (buf) - while (len-- && p < start + budget) - *p++ = *buf++; - - wsi->ws->close_in_ping_buffer_len = lws_ptr_diff(p, start); -} - -static int -lws_is_ws_with_ext(struct lws *wsi) -{ -#if defined(LWS_WITHOUT_EXTENSIONS) - return 0; -#else - return lwsi_role_ws(wsi) && !!wsi->ws->count_act_ext; -#endif -} - -static int -rops_handle_POLLIN_ws(struct lws_context_per_thread *pt, struct lws *wsi, - struct lws_pollfd *pollfd) -{ - unsigned int pending = 0; - struct lws_tokens ebuf; - char buffered = 0; - int n = 0, m; -#if defined(LWS_WITH_HTTP2) - struct lws *wsi1; -#endif - - if (!wsi->ws) { - lwsl_err("ws role wsi with no ws\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - // lwsl_notice("%s: %s\n", __func__, wsi->protocol->name); - - //lwsl_info("%s: wsistate 0x%x, pollout %d\n", __func__, - // wsi->wsistate, pollfd->revents & LWS_POLLOUT); - - /* - * something went wrong with parsing the handshake, and - * we ended up back in the event loop without completing it - */ - if (lwsi_state(wsi) == LRS_PRE_WS_SERVING_ACCEPT) { - wsi->socket_is_permanently_unusable = 1; - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - ebuf.token = NULL; - ebuf.len = 0; - - if (lwsi_state(wsi) == LRS_WAITING_CONNECT) { -#if !defined(LWS_NO_CLIENT) - if ((pollfd->revents & LWS_POLLOUT) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - lwsl_debug("POLLOUT event closed it\n"); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - n = lws_client_socket_service(wsi, pollfd, NULL); - if (n) - return LWS_HPI_RET_WSI_ALREADY_DIED; -#endif - return LWS_HPI_RET_HANDLED; - } - - /* 1: something requested a callback when it was OK to write */ - - if ((pollfd->revents & LWS_POLLOUT) && - lwsi_state_can_handle_POLLOUT(wsi) && - lws_handle_POLLOUT_event(wsi, pollfd)) { - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - lwsi_set_state(wsi, LRS_FLUSHING_BEFORE_CLOSE); - - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE || - lwsi_state(wsi) == LRS_WAITING_TO_SEND_CLOSE) { - /* - * we stopped caring about anything except control - * packets. Force flow control off, defeat tx - * draining. - */ - lws_rx_flow_control(wsi, 1); -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws) - wsi->ws->tx_draining_ext = 0; -#endif - } -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->tx_draining_ext) { - lws_handle_POLLOUT_event(wsi, pollfd); - //lwsl_notice("%s: tx drain\n", __func__); - /* - * We cannot deal with new RX until the TX ext path has - * been drained. It's because new rx will, eg, crap on - * the wsi rx buf that may be needed to retain state. - * - * TX ext drain path MUST go through event loop to avoid - * blocking. - */ - lws_callback_on_writable(wsi); - return LWS_HPI_RET_HANDLED; - } -#endif - if ((pollfd->revents & LWS_POLLIN) && lws_is_flowcontrolled(wsi)) { - /* We cannot deal with any kind of new RX because we are - * RX-flowcontrolled. - */ - lwsl_info("%s: flowcontrolled, ignoring rx\n", __func__); - - if (__lws_change_pollfd(wsi, LWS_POLLIN, 0)) - return -1; - - return LWS_HPI_RET_HANDLED; - } - - if (lws_is_flowcontrolled(wsi)) - return LWS_HPI_RET_HANDLED; - -#if defined(LWS_WITH_HTTP2) - if (wsi->http2_substream || wsi->upgraded_to_http2) { - wsi1 = lws_get_network_wsi(wsi); - if (wsi1 && lws_has_buffered_out(wsi1)) - /* We cannot deal with any kind of new RX - * because we are dealing with a partial send - * (new RX may trigger new http_action() that - * expect to be able to send) - */ - return LWS_HPI_RET_HANDLED; - } -#endif - -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* 2: RX Extension needs to be drained - */ - - if (wsi->ws->rx_draining_ext) { - - lwsl_debug("%s: RX EXT DRAINING: Service\n", __func__); -#ifndef LWS_NO_CLIENT - if (lwsi_role_client(wsi)) { - n = lws_ws_client_rx_sm(wsi, 0); - if (n < 0) - /* we closed wsi */ - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } else -#endif - n = lws_ws_rx_sm(wsi, ALREADY_PROCESSED_IGNORE_CHAR, 0); - - return LWS_HPI_RET_HANDLED; - } - - if (wsi->ws->rx_draining_ext) - /* - * We have RX EXT content to drain, but can't do it - * right now. That means we cannot do anything lower - * priority either. - */ - return LWS_HPI_RET_HANDLED; -#endif - - /* 3: buflist needs to be drained - */ -read: - //lws_buflist_describe(&wsi->buflist, wsi); - ebuf.len = (int)lws_buflist_next_segment_len(&wsi->buflist, - &ebuf.token); - if (ebuf.len) { - lwsl_info("draining buflist (len %d)\n", ebuf.len); - buffered = 1; - goto drain; - } - - if (!(pollfd->revents & pollfd->events & LWS_POLLIN) && !wsi->http.ah) - return LWS_HPI_RET_HANDLED; - - if (lws_is_flowcontrolled(wsi)) { - lwsl_info("%s: %p should be rxflow (bm 0x%x)..\n", - __func__, wsi, wsi->rxflow_bitmap); - return LWS_HPI_RET_HANDLED; - } - - if (!(lwsi_role_client(wsi) && - (lwsi_state(wsi) != LRS_ESTABLISHED && - lwsi_state(wsi) != LRS_AWAITING_CLOSE_ACK && - lwsi_state(wsi) != LRS_H2_WAITING_TO_SEND_HEADERS))) { - /* - * In case we are going to react to this rx by scheduling - * writes, we need to restrict the amount of rx to the size - * the protocol reported for rx buffer. - * - * Otherwise we get a situation we have to absorb possibly a - * lot of reads before we get a chance to drain them by writing - * them, eg, with echo type tests in autobahn. - */ - - buffered = 0; - ebuf.token = pt->serv_buf; - if (lwsi_role_ws(wsi)) - ebuf.len = wsi->ws->rx_ubuf_alloc; - else - ebuf.len = wsi->context->pt_serv_buf_size; - - if ((unsigned int)ebuf.len > wsi->context->pt_serv_buf_size) - ebuf.len = wsi->context->pt_serv_buf_size; - - if ((int)pending > ebuf.len) - pending = ebuf.len; - - ebuf.len = lws_ssl_capable_read(wsi, ebuf.token, - pending ? (int)pending : - ebuf.len); - switch (ebuf.len) { - case 0: - lwsl_info("%s: zero length read\n", - __func__); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - case LWS_SSL_CAPABLE_MORE_SERVICE: - lwsl_info("SSL Capable more service\n"); - return LWS_HPI_RET_HANDLED; - case LWS_SSL_CAPABLE_ERROR: - lwsl_info("%s: LWS_SSL_CAPABLE_ERROR\n", - __func__); - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - /* - * coverity thinks ssl_capable_read() may read over - * 2GB. Dissuade it... - */ - ebuf.len &= 0x7fffffff; - } - -drain: - - /* - * give any active extensions a chance to munge the buffer - * before parse. We pass in a pointer to an lws_tokens struct - * prepared with the default buffer and content length that's in - * there. Rather than rewrite the default buffer, extensions - * that expect to grow the buffer can adapt .token to - * point to their own per-connection buffer in the extension - * user allocation. By default with no extensions or no - * extension callback handling, just the normal input buffer is - * used then so it is efficient. - */ - m = 0; - do { - - /* service incoming data */ - //lws_buflist_describe(&wsi->buflist, wsi); - if (ebuf.len) { -#if defined(LWS_ROLE_H2) - if (lwsi_role_h2(wsi) && lwsi_state(wsi) != LRS_BODY && - lwsi_state(wsi) != LRS_DISCARD_BODY) - n = lws_read_h2(wsi, ebuf.token, - ebuf.len); - else -#endif - n = lws_read_h1(wsi, ebuf.token, - ebuf.len); - - if (n < 0) { - /* we closed wsi */ - n = 0; - return LWS_HPI_RET_WSI_ALREADY_DIED; - } - //lws_buflist_describe(&wsi->buflist, wsi); - //lwsl_notice("%s: consuming %d / %d\n", __func__, n, ebuf.len); - if (lws_buflist_aware_consume(wsi, &ebuf, n, buffered)) - return LWS_HPI_RET_PLEASE_CLOSE_ME; - } - - ebuf.token = NULL; - ebuf.len = 0; - } while (m); - - if (wsi->http.ah -#if !defined(LWS_NO_CLIENT) - && !wsi->client_h2_alpn -#endif - ) { - lwsl_info("%s: %p: detaching ah\n", __func__, wsi); - lws_header_table_detach(wsi, 0); - } - - pending = lws_ssl_pending(wsi); - if (pending) { - if (lws_is_ws_with_ext(wsi)) - pending = pending > wsi->ws->rx_ubuf_alloc ? - wsi->ws->rx_ubuf_alloc : pending; - else - pending = pending > wsi->context->pt_serv_buf_size ? - wsi->context->pt_serv_buf_size : pending; - goto read; - } - - if (buffered && /* were draining, now nothing left */ - !lws_buflist_next_segment_len(&wsi->buflist, NULL)) { - lwsl_info("%s: %p flow buf: drained\n", __func__, wsi); - /* having drained the rxflow buffer, can rearm POLLIN */ -#ifdef LWS_NO_SERVER - n = -#endif - __lws_rx_flow_control(wsi); - /* n ignored, needed for NO_SERVER case */ - } - - /* n = 0 */ - return LWS_HPI_RET_HANDLED; -} - - -int rops_handle_POLLOUT_ws(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - int write_type = LWS_WRITE_PONG; -#if !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_ext_pm_deflate_rx_ebufs pmdrx; - int ret, m; -#endif - int n; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - lwsl_debug("%s: %s: wsi->ws->tx_draining_ext %d\n", __func__, - wsi->protocol->name, wsi->ws->tx_draining_ext); -#endif - - /* Priority 3: pending control packets (pong or close) - * - * 3a: close notification packet requested from close api - */ - - if (lwsi_state(wsi) == LRS_WAITING_TO_SEND_CLOSE) { - lwsl_debug("sending close packet\n"); - lwsl_hexdump_debug(&wsi->ws->ping_payload_buf[LWS_PRE], - wsi->ws->close_in_ping_buffer_len); - wsi->waiting_to_send_close_frame = 0; - n = lws_write(wsi, &wsi->ws->ping_payload_buf[LWS_PRE], - wsi->ws->close_in_ping_buffer_len, - LWS_WRITE_CLOSE); - if (n >= 0) { - if (wsi->close_needs_ack) { - lwsi_set_state(wsi, LRS_AWAITING_CLOSE_ACK); - lws_set_timeout(wsi, PENDING_TIMEOUT_CLOSE_ACK, - 5); - lwsl_debug("sent close, await ack\n"); - - return LWS_HP_RET_BAIL_OK; - } - wsi->close_needs_ack = 0; - lwsi_set_state(wsi, LRS_RETURNED_CLOSE); - } - - return LWS_HP_RET_BAIL_DIE; - } - - /* else, the send failed and we should just hang up */ - - if ((lwsi_role_ws(wsi) && wsi->ws->ping_pending_flag) || - (lwsi_state(wsi) == LRS_RETURNED_CLOSE && - wsi->ws->payload_is_close)) { - - if (wsi->ws->payload_is_close) - write_type = LWS_WRITE_CLOSE; - else { - if (wsi->wsistate_pre_close) { - /* we started close flow, forget pong */ - wsi->ws->ping_pending_flag = 0; - return LWS_HP_RET_BAIL_OK; - } - lwsl_info("issuing pong %d on wsi %p\n", - wsi->ws->ping_payload_len, wsi); - } - - n = lws_write(wsi, &wsi->ws->ping_payload_buf[LWS_PRE], - wsi->ws->ping_payload_len, write_type); - if (n < 0) - return LWS_HP_RET_BAIL_DIE; - - /* well he is sent, mark him done */ - wsi->ws->ping_pending_flag = 0; - if (wsi->ws->payload_is_close) { - // assert(0); - /* oh... a close frame was it... then we are done */ - return LWS_HP_RET_BAIL_DIE; - } - - /* otherwise for PING, leave POLLOUT active either way */ - return LWS_HP_RET_BAIL_OK; - } - - if (!wsi->socket_is_permanently_unusable && - wsi->ws->send_check_ping && wsi->context->ws_ping_pong_interval) { - - lwsl_info("%s: issuing ping on wsi %p: %s %s h2: %d\n", __func__, wsi, - wsi->role_ops->name, wsi->protocol->name, - wsi->http2_substream); - wsi->ws->send_check_ping = 0; - wsi->ws->await_pong = 1; - n = lws_write(wsi, &wsi->ws->ping_payload_buf[LWS_PRE], - 0, LWS_WRITE_PING); - if (n < 0) - return LWS_HP_RET_BAIL_DIE; - - /* give it a few seconds to respond with the PONG */ - - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_ping, - (lws_usec_t)wsi->context->timeout_secs * - LWS_USEC_PER_SEC); - - return LWS_HP_RET_BAIL_OK; - } - - /* Priority 4: if we are closing, not allowed to send more data frags - * which means user callback or tx ext flush banned now - */ - if (lwsi_state(wsi) == LRS_RETURNED_CLOSE) - return LWS_HP_RET_USER_SERVICE; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* Priority 5: Tx path extension with more to send - * - * These are handled as new fragments each time around - * So while we must block new writeable callback to enforce - * payload ordering, but since they are always complete - * fragments control packets can interleave OK. - */ - if (wsi->ws->tx_draining_ext) { - lwsl_ext("SERVICING TX EXT DRAINING\n"); - if (lws_write(wsi, NULL, 0, LWS_WRITE_CONTINUATION) < 0) - return LWS_HP_RET_BAIL_DIE; - /* leave POLLOUT active */ - return LWS_HP_RET_BAIL_OK; - } - - /* Priority 6: extensions - */ - if (!wsi->ws->extension_data_pending && !wsi->ws->tx_draining_ext) { - lwsl_ext("%s: !wsi->ws->extension_data_pending\n", __func__); - return LWS_HP_RET_USER_SERVICE; - } - - /* - * Check in on the active extensions, see if they had pending stuff to - * spill... they need to get the first look-in otherwise sequence will - * be disordered. - * - * coming here with a NULL, zero-length ebuf means just spill pending - */ - - ret = 1; - if (wsi->role_ops == &role_ops_raw_skt || - wsi->role_ops == &role_ops_raw_file) - ret = 0; - - while (ret == 1) { - - /* default to nobody has more to spill */ - - ret = 0; - pmdrx.eb_in.token = NULL; - pmdrx.eb_in.len = 0; - - /* give every extension a chance to spill */ - - m = lws_ext_cb_active(wsi, LWS_EXT_CB_PACKET_TX_PRESEND, - &pmdrx, 0); - if (m < 0) { - lwsl_err("ext reports fatal error\n"); - return LWS_HP_RET_BAIL_DIE; - } - if (m) - /* - * at least one extension told us he has more - * to spill, so we will go around again after - */ - ret = 1; - - /* assuming they gave us something to send, send it */ - - if (pmdrx.eb_in.len) { - n = lws_issue_raw(wsi, (unsigned char *)pmdrx.eb_in.token, - pmdrx.eb_in.len); - if (n < 0) { - lwsl_info("closing from POLLOUT spill\n"); - return LWS_HP_RET_BAIL_DIE; - } - /* - * Keep amount spilled small to minimize chance of this - */ - if (n != pmdrx.eb_in.len) { - lwsl_err("Unable to spill ext %d vs %d\n", - pmdrx.eb_in.len, n); - return LWS_HP_RET_BAIL_DIE; - } - } else - continue; - - /* no extension has more to spill */ - - if (!ret) - continue; - - /* - * There's more to spill from an extension, but we just sent - * something... did that leave the pipe choked? - */ - - if (!lws_send_pipe_choked(wsi)) - /* no we could add more */ - continue; - - lwsl_info("choked in POLLOUT service\n"); - - /* - * Yes, he's choked. Leave the POLLOUT masked on so we will - * come back here when he is unchoked. Don't call the user - * callback to enforce ordering of spilling, he'll get called - * when we come back here and there's nothing more to spill. - */ - - return LWS_HP_RET_BAIL_OK; - } - - wsi->ws->extension_data_pending = 0; -#endif - - return LWS_HP_RET_USER_SERVICE; -} - -static int -rops_service_flag_pending_ws(struct lws_context *context, int tsi) -{ -#if !defined(LWS_WITHOUT_EXTENSIONS) - struct lws_context_per_thread *pt = &context->pt[tsi]; - struct lws *wsi; - int forced = 0; - - /* POLLIN faking (the pt lock is taken by the parent) */ - - /* - * 1) For all guys with already-available ext data to drain, if they are - * not flowcontrolled, fake their POLLIN status - */ - wsi = pt->ws.rx_draining_ext_list; - while (wsi && wsi->position_in_fds_table != LWS_NO_FDS_POS) { - pt->fds[wsi->position_in_fds_table].revents |= - pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN; - if (pt->fds[wsi->position_in_fds_table].revents & LWS_POLLIN) - forced = 1; - - wsi = wsi->ws->rx_draining_ext_list; - } - - return forced; -#else - return 0; -#endif -} - -static int -rops_close_via_role_protocol_ws(struct lws *wsi, enum lws_close_status reason) -{ - if (!wsi->ws) - return 0; - - if (!wsi->ws->close_in_ping_buffer_len && /* already a reason */ - (reason == LWS_CLOSE_STATUS_NOSTATUS || - reason == LWS_CLOSE_STATUS_NOSTATUS_CONTEXT_DESTROY)) - return 0; - - lwsl_debug("%s: sending close indication...\n", __func__); - - /* if no prepared close reason, use 1000 and no aux data */ - - if (!wsi->ws->close_in_ping_buffer_len) { - wsi->ws->close_in_ping_buffer_len = 2; - wsi->ws->ping_payload_buf[LWS_PRE] = (reason >> 8) & 0xff; - wsi->ws->ping_payload_buf[LWS_PRE + 1] = reason & 0xff; - } - - wsi->waiting_to_send_close_frame = 1; - wsi->close_needs_ack = 1; - lwsi_set_state(wsi, LRS_WAITING_TO_SEND_CLOSE); - __lws_set_timeout(wsi, PENDING_TIMEOUT_CLOSE_SEND, 5); - - lws_callback_on_writable(wsi); - - return 1; -} - -static int -rops_close_role_ws(struct lws_context_per_thread *pt, struct lws *wsi) -{ - if (!wsi->ws) - return 0; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - - if (wsi->ws->rx_draining_ext) { - struct lws **w = &pt->ws.rx_draining_ext_list; - - wsi->ws->rx_draining_ext = 0; - /* remove us from context draining ext list */ - while (*w) { - if (*w == wsi) { - *w = wsi->ws->rx_draining_ext_list; - break; - } - w = &((*w)->ws->rx_draining_ext_list); - } - wsi->ws->rx_draining_ext_list = NULL; - } - - if (wsi->ws->tx_draining_ext) { - struct lws **w = &pt->ws.tx_draining_ext_list; - lwsl_ext("%s: CLEARING tx_draining_ext\n", __func__); - wsi->ws->tx_draining_ext = 0; - /* remove us from context draining ext list */ - while (*w) { - if (*w == wsi) { - *w = wsi->ws->tx_draining_ext_list; - break; - } - w = &((*w)->ws->tx_draining_ext_list); - } - wsi->ws->tx_draining_ext_list = NULL; - } -#endif - lws_free_set_NULL(wsi->ws->rx_ubuf); - - wsi->ws->ping_payload_len = 0; - wsi->ws->ping_pending_flag = 0; - - /* deallocate any active extension contexts */ - - if (lws_ext_cb_active(wsi, LWS_EXT_CB_DESTROY, NULL, 0) < 0) - lwsl_warn("extension destruction failed\n"); - - return 0; -} - -static int -rops_write_role_protocol_ws(struct lws *wsi, unsigned char *buf, size_t len, - enum lws_write_protocol *wp) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; -#if !defined(LWS_WITHOUT_EXTENSIONS) - enum lws_write_protocol wpt; -#endif - struct lws_ext_pm_deflate_rx_ebufs pmdrx; - int masked7 = lwsi_role_client(wsi); - unsigned char is_masked_bit = 0; - unsigned char *dropmask = NULL; - size_t orig_len = len; - int pre = 0, n = 0; - - // lwsl_err("%s: wp 0x%x len %d\n", __func__, *wp, (int)len); -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->tx_draining_ext) { - /* remove us from the list */ - struct lws **w = &pt->ws.tx_draining_ext_list; - - lwsl_ext("%s: CLEARING tx_draining_ext\n", __func__); - wsi->ws->tx_draining_ext = 0; - /* remove us from context draining ext list */ - while (*w) { - if (*w == wsi) { - *w = wsi->ws->tx_draining_ext_list; - break; - } - w = &((*w)->ws->tx_draining_ext_list); - } - wsi->ws->tx_draining_ext_list = NULL; - - wpt = *wp; - *wp = (wsi->ws->tx_draining_stashed_wp & 0xc0) | - LWS_WRITE_CONTINUATION; - - /* - * When we are just flushing (len == 0), we can trust the - * stashed wp info completely. Otherwise adjust it to the - * FIN status of the incoming packet. - */ - - if (!(wpt & LWS_WRITE_NO_FIN) && len) - *wp &= ~LWS_WRITE_NO_FIN; - - lwsl_ext("FORCED draining wp to 0x%02X " - "(stashed 0x%02X, incoming 0x%02X)\n", *wp, - wsi->ws->tx_draining_stashed_wp, wpt); - // assert(0); - } -#endif - /* reset the ping wait */ - if (wsi->context->ws_ping_pong_interval) { - wsi->sul_ping.cb = lws_sul_wsping_cb; - __lws_sul_insert(&pt->pt_sul_owner, &wsi->sul_ping, - (lws_usec_t)wsi->context->ws_ping_pong_interval * - LWS_USEC_PER_SEC); - } - if (((*wp) & 0x1f) == LWS_WRITE_HTTP || - ((*wp) & 0x1f) == LWS_WRITE_HTTP_FINAL || - ((*wp) & 0x1f) == LWS_WRITE_HTTP_HEADERS_CONTINUATION || - ((*wp) & 0x1f) == LWS_WRITE_HTTP_HEADERS) - goto send_raw; - - - - /* if we are continuing a frame that already had its header done */ - - if (wsi->ws->inside_frame) { - lwsl_debug("INSIDE FRAME\n"); - goto do_more_inside_frame; - } - - wsi->ws->clean_buffer = 1; - - /* - * give a chance to the extensions to modify payload - * the extension may decide to produce unlimited payload erratically - * (eg, compression extension), so we require only that if he produces - * something, it will be a complete fragment of the length known at - * the time (just the fragment length known), and if he has - * more we will come back next time he is writeable and allow him to - * produce more fragments until he's drained. - * - * This allows what is sent each time it is writeable to be limited to - * a size that can be sent without partial sends or blocking, allows - * interleaving of control frames and other connection service. - */ - - pmdrx.eb_in.token = buf; - pmdrx.eb_in.len = (int)len; - - /* for the non-pm-deflate case */ - - pmdrx.eb_out = pmdrx.eb_in; - - switch ((int)*wp) { - case LWS_WRITE_PING: - case LWS_WRITE_PONG: - case LWS_WRITE_CLOSE: - break; - default: -#if !defined(LWS_WITHOUT_EXTENSIONS) - n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_TX, &pmdrx, *wp); - if (n < 0) - return -1; - lwsl_ext("%s: defl ext ret %d, ext in remaining %d, " - "out %d compressed (wp 0x%x)\n", __func__, n, - (int)pmdrx.eb_in.len, (int)pmdrx.eb_out.len, *wp); - - if (n == PMDR_HAS_PENDING) { - lwsl_ext("%s: HAS PENDING: write drain len %d " - "(wp 0x%x) SETTING tx_draining_ext " - "(remaining in %d)\n", __func__, - (int)pmdrx.eb_out.len, *wp, - (int)pmdrx.eb_in.len); - /* extension requires further draining */ - wsi->ws->tx_draining_ext = 1; - wsi->ws->tx_draining_ext_list = - pt->ws.tx_draining_ext_list; - pt->ws.tx_draining_ext_list = wsi; - /* we must come back to do more */ - lws_callback_on_writable(wsi); - /* - * keep a copy of the write type for the overall - * action that has provoked generation of these - * fragments, so the last guy can use its FIN state. - */ - wsi->ws->tx_draining_stashed_wp = *wp; - /* - * Despite what we may have thought, this is definitely - * NOT the last fragment, because the extension asserted - * he has more coming. For example, the extension may - * be compressing, and has saved up everything until the - * end, where the output is larger than one chunk. - * - * Make sure this intermediate one doesn't actually - * go out with a FIN. - */ - *wp |= LWS_WRITE_NO_FIN; - } -#endif - if (pmdrx.eb_out.len && wsi->ws->stashed_write_pending) { - wsi->ws->stashed_write_pending = 0; - *wp = ((*wp) & 0xc0) | (int)wsi->ws->stashed_write_type; - } - } - - /* - * an extension did something we need to keep... for example, if - * compression extension, it has already updated its state according - * to this being issued - */ - if (buf != pmdrx.eb_out.token) { - /* - * ext might eat it, but not have anything to issue yet. - * In that case we have to follow his lead, but stash and - * replace the write type that was lost here the first time. - */ - if (len && !pmdrx.eb_out.len) { - if (!wsi->ws->stashed_write_pending) - wsi->ws->stashed_write_type = - (char)(*wp) & 0x3f; - wsi->ws->stashed_write_pending = 1; - return (int)len; - } - /* - * extension recreated it: - * need to buffer this if not all sent - */ - wsi->ws->clean_buffer = 0; - } - - buf = pmdrx.eb_out.token; - len = pmdrx.eb_out.len; - - if (!buf) { - lwsl_err("null buf (%d)\n", (int)len); - return -1; - } - - switch (wsi->ws->ietf_spec_revision) { - case 13: - if (masked7) { - pre += 4; - dropmask = &buf[0 - pre]; - is_masked_bit = 0x80; - } - - switch ((*wp) & 0xf) { - case LWS_WRITE_TEXT: - n = LWSWSOPC_TEXT_FRAME; - break; - case LWS_WRITE_BINARY: - n = LWSWSOPC_BINARY_FRAME; - break; - case LWS_WRITE_CONTINUATION: - n = LWSWSOPC_CONTINUATION; - break; - - case LWS_WRITE_CLOSE: - n = LWSWSOPC_CLOSE; - break; - case LWS_WRITE_PING: - n = LWSWSOPC_PING; - break; - case LWS_WRITE_PONG: - n = LWSWSOPC_PONG; - break; - default: - lwsl_warn("lws_write: unknown write opc / wp\n"); - return -1; - } - - if (!((*wp) & LWS_WRITE_NO_FIN)) - n |= 1 << 7; - - if (len < 126) { - pre += 2; - buf[-pre] = n; - buf[-pre + 1] = (unsigned char)(len | is_masked_bit); - } else { - if (len < 65536) { - pre += 4; - buf[-pre] = n; - buf[-pre + 1] = 126 | is_masked_bit; - buf[-pre + 2] = (unsigned char)(len >> 8); - buf[-pre + 3] = (unsigned char)len; - } else { - pre += 10; - buf[-pre] = n; - buf[-pre + 1] = 127 | is_masked_bit; -#if defined __LP64__ - buf[-pre + 2] = (len >> 56) & 0x7f; - buf[-pre + 3] = len >> 48; - buf[-pre + 4] = len >> 40; - buf[-pre + 5] = len >> 32; -#else - buf[-pre + 2] = 0; - buf[-pre + 3] = 0; - buf[-pre + 4] = 0; - buf[-pre + 5] = 0; -#endif - buf[-pre + 6] = (unsigned char)(len >> 24); - buf[-pre + 7] = (unsigned char)(len >> 16); - buf[-pre + 8] = (unsigned char)(len >> 8); - buf[-pre + 9] = (unsigned char)len; - } - } - break; - } - -do_more_inside_frame: - - /* - * Deal with masking if we are in client -> server direction and - * the wp demands it - */ - - if (masked7) { - if (!wsi->ws->inside_frame) - if (lws_0405_frame_mask_generate(wsi)) { - lwsl_err("frame mask generation failed\n"); - return -1; - } - - /* - * in v7, just mask the payload - */ - if (dropmask) { /* never set if already inside frame */ - for (n = 4; n < (int)len + 4; n++) - dropmask[n] = dropmask[n] ^ wsi->ws->mask[ - (wsi->ws->mask_idx++) & 3]; - - /* copy the frame nonce into place */ - memcpy(dropmask, wsi->ws->mask, 4); - } - } - - if (lwsi_role_h2_ENCAPSULATION(wsi)) { - struct lws *encap = lws_get_network_wsi(wsi); - - assert(encap != wsi); - return encap->role_ops->write_role_protocol(wsi, buf - pre, - len + pre, wp); - } - - switch ((*wp) & 0x1f) { - case LWS_WRITE_TEXT: - case LWS_WRITE_BINARY: - case LWS_WRITE_CONTINUATION: - if (!wsi->h2_stream_carries_ws) { - - /* - * give any active extensions a chance to munge the - * buffer before send. We pass in a pointer to an - * lws_tokens struct prepared with the default buffer - * and content length that's in there. Rather than - * rewrite the default buffer, extensions that expect - * to grow the buffer can adapt .token to point to their - * own per-connection buffer in the extension user - * allocation. By default with no extensions or no - * extension callback handling, just the normal input - * buffer is used then so it is efficient. - * - * callback returns 1 in case it wants to spill more - * buffers - * - * This takes care of holding the buffer if send is - * incomplete, ie, if wsi->ws->clean_buffer is 0 - * (meaning an extension meddled with the buffer). If - * wsi->ws->clean_buffer is 1, it will instead return - * to the user code how much OF THE USER BUFFER was - * consumed. - */ - - n = lws_issue_raw_ext_access(wsi, buf - pre, len + pre); - wsi->ws->inside_frame = 1; - if (n <= 0) - return n; - - if (n == (int)len + pre) { - /* everything in the buffer was handled - * (or rebuffered...) */ - wsi->ws->inside_frame = 0; - return (int)orig_len; - } - - /* - * it is how many bytes of user buffer got sent... may - * be < orig_len in which case callback when writable - * has already been arranged and user code can call - * lws_write() again with the rest later. - */ - - return n - pre; - } - break; - default: - break; - } - -send_raw: - return lws_issue_raw(wsi, (unsigned char *)buf - pre, len + pre); -} - -static int -rops_close_kill_connection_ws(struct lws *wsi, enum lws_close_status reason) -{ - lws_dll2_remove(&wsi->sul_ping.list); - /* deal with ws encapsulation in h2 */ -#if defined(LWS_WITH_HTTP2) - if (wsi->http2_substream && wsi->h2_stream_carries_ws) - return role_ops_h2.close_kill_connection(wsi, reason); - - return 0; -#else - return 0; -#endif -} - -static int -rops_callback_on_writable_ws(struct lws *wsi) -{ -#if defined(LWS_WITH_HTTP2) - if (lwsi_role_h2_ENCAPSULATION(wsi)) { - /* we know then that it has an h2 parent */ - struct lws *enc = role_ops_h2.encapsulation_parent(wsi); - - assert(enc); - if (enc->role_ops->callback_on_writable(wsi)) - return 1; - } -#endif - return 0; -} - -static int -rops_init_vhost_ws(struct lws_vhost *vh, - const struct lws_context_creation_info *info) -{ -#if !defined(LWS_WITHOUT_EXTENSIONS) -#ifdef LWS_WITH_PLUGINS - struct lws_plugin *plugin = vh->context->plugin_list; - int m; - - if (vh->context->plugin_extension_count) { - - m = 0; - while (info->extensions && info->extensions[m].callback) - m++; - - /* - * give the vhost a unified list of extensions including the - * ones that came from plugins - */ - vh->ws.extensions = lws_zalloc(sizeof(struct lws_extension) * - (m + vh->context->plugin_extension_count + 1), - "extensions"); - if (!vh->ws.extensions) - return 1; - - memcpy((struct lws_extension *)vh->ws.extensions, info->extensions, - sizeof(struct lws_extension) * m); - plugin = vh->context->plugin_list; - while (plugin) { - memcpy((struct lws_extension *)&vh->ws.extensions[m], - plugin->caps.extensions, - sizeof(struct lws_extension) * - plugin->caps.count_extensions); - m += plugin->caps.count_extensions; - plugin = plugin->list; - } - } else -#endif - vh->ws.extensions = info->extensions; -#endif - - return 0; -} - -static int -rops_destroy_vhost_ws(struct lws_vhost *vh) -{ -#ifdef LWS_WITH_PLUGINS -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (vh->context->plugin_extension_count) - lws_free((void *)vh->ws.extensions); -#endif -#endif - - return 0; -} - -#if defined(LWS_WITH_HTTP_PROXY) -static int -ws_destroy_proxy_buf(struct lws_dll2 *d, void *user) -{ - lws_free(d); - - return 0; -} -#endif - -static int -rops_destroy_role_ws(struct lws *wsi) -{ -#if defined(LWS_WITH_HTTP_PROXY) - lws_dll2_foreach_safe(&wsi->ws->proxy_owner, NULL, ws_destroy_proxy_buf); -#endif - - lws_free_set_NULL(wsi->ws); - - return 0; -} - -struct lws_role_ops role_ops_ws = { - /* role name */ "ws", - /* alpn id */ NULL, - /* check_upgrades */ NULL, - /* init_context */ NULL, - /* init_vhost */ rops_init_vhost_ws, - /* destroy_vhost */ rops_destroy_vhost_ws, - /* periodic_checks */ NULL, - /* service_flag_pending */ rops_service_flag_pending_ws, - /* handle_POLLIN */ rops_handle_POLLIN_ws, - /* handle_POLLOUT */ rops_handle_POLLOUT_ws, - /* perform_user_POLLOUT */ NULL, - /* callback_on_writable */ rops_callback_on_writable_ws, - /* tx_credit */ NULL, - /* write_role_protocol */ rops_write_role_protocol_ws, - /* encapsulation_parent */ NULL, - /* alpn_negotiated */ NULL, - /* close_via_role_protocol */ rops_close_via_role_protocol_ws, - /* close_role */ rops_close_role_ws, - /* close_kill_connection */ rops_close_kill_connection_ws, - /* destroy_role */ rops_destroy_role_ws, - /* adoption_bind */ NULL, - /* client_bind */ NULL, - /* adoption_cb clnt, srv */ { LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED, - LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED }, - /* rx_cb clnt, srv */ { LWS_CALLBACK_CLIENT_RECEIVE, - LWS_CALLBACK_RECEIVE }, - /* writeable cb clnt, srv */ { LWS_CALLBACK_CLIENT_WRITEABLE, - LWS_CALLBACK_SERVER_WRITEABLE }, - /* close cb clnt, srv */ { LWS_CALLBACK_CLIENT_CLOSED, - LWS_CALLBACK_CLOSED }, - /* protocol_bind cb c, srv */ { LWS_CALLBACK_WS_CLIENT_BIND_PROTOCOL, - LWS_CALLBACK_WS_SERVER_BIND_PROTOCOL }, - /* protocol_unbind cb c, srv */ { LWS_CALLBACK_WS_CLIENT_DROP_PROTOCOL, - LWS_CALLBACK_WS_SERVER_DROP_PROTOCOL }, - /* file handles */ 0 -}; diff --git a/lib/roles/ws/private.h b/lib/roles/ws/private.h deleted file mode 100644 index 001b8f1..0000000 --- a/lib/roles/ws/private.h +++ /dev/null @@ -1,191 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_ROLE_WS - */ - -extern struct lws_role_ops role_ops_ws; - -#define lwsi_role_ws(wsi) (wsi->role_ops == &role_ops_ws) - -enum lws_rx_parse_state { - LWS_RXPS_NEW, - - LWS_RXPS_04_mask_1, - LWS_RXPS_04_mask_2, - LWS_RXPS_04_mask_3, - - LWS_RXPS_04_FRAME_HDR_1, - LWS_RXPS_04_FRAME_HDR_LEN, - LWS_RXPS_04_FRAME_HDR_LEN16_2, - LWS_RXPS_04_FRAME_HDR_LEN16_1, - LWS_RXPS_04_FRAME_HDR_LEN64_8, - LWS_RXPS_04_FRAME_HDR_LEN64_7, - LWS_RXPS_04_FRAME_HDR_LEN64_6, - LWS_RXPS_04_FRAME_HDR_LEN64_5, - LWS_RXPS_04_FRAME_HDR_LEN64_4, - LWS_RXPS_04_FRAME_HDR_LEN64_3, - LWS_RXPS_04_FRAME_HDR_LEN64_2, - LWS_RXPS_04_FRAME_HDR_LEN64_1, - - LWS_RXPS_07_COLLECT_FRAME_KEY_1, - LWS_RXPS_07_COLLECT_FRAME_KEY_2, - LWS_RXPS_07_COLLECT_FRAME_KEY_3, - LWS_RXPS_07_COLLECT_FRAME_KEY_4, - - LWS_RXPS_WS_FRAME_PAYLOAD -}; - -enum lws_websocket_opcodes_07 { - LWSWSOPC_CONTINUATION = 0, - LWSWSOPC_TEXT_FRAME = 1, - LWSWSOPC_BINARY_FRAME = 2, - - LWSWSOPC_NOSPEC__MUX = 7, - - /* control extensions 8+ */ - - LWSWSOPC_CLOSE = 8, - LWSWSOPC_PING = 9, - LWSWSOPC_PONG = 0xa, -}; - -/* this is not usable directly by user code any more, lws_close_reason() */ -#define LWS_WRITE_CLOSE 4 - -#define ALREADY_PROCESSED_IGNORE_CHAR 1 -#define ALREADY_PROCESSED_NO_CB 2 - -#if !defined(LWS_WITHOUT_EXTENSIONS) -struct lws_vhost_role_ws { - const struct lws_extension *extensions; -}; - -struct lws_pt_role_ws { - struct lws *rx_draining_ext_list; - struct lws *tx_draining_ext_list; -}; -#endif - -struct _lws_websocket_related { - unsigned char *rx_ubuf; -#if !defined(LWS_WITHOUT_EXTENSIONS) - const struct lws_extension *active_extensions[LWS_MAX_EXTENSIONS_ACTIVE]; - void *act_ext_user[LWS_MAX_EXTENSIONS_ACTIVE]; - struct lws *rx_draining_ext_list; - struct lws *tx_draining_ext_list; -#endif - -#if defined(LWS_WITH_HTTP_PROXY) - struct lws_dll2_owner proxy_owner; - char actual_protocol[16]; - size_t proxy_buffered; -#endif - - /* Also used for close content... control opcode == < 128 */ - uint8_t ping_payload_buf[128 - 3 + LWS_PRE]; - uint8_t mask[4]; - - size_t rx_packet_length; - uint32_t rx_ubuf_head; - uint32_t rx_ubuf_alloc; - - uint8_t ping_payload_len; - uint8_t mask_idx; - uint8_t opcode; - uint8_t rsv; - uint8_t rsv_first_msg; - /* zero if no info, or length including 2-byte close code */ - uint8_t close_in_ping_buffer_len; - uint8_t utf8; - uint8_t stashed_write_type; - uint8_t tx_draining_stashed_wp; - uint8_t ietf_spec_revision; - - unsigned int final:1; - unsigned int frame_is_binary:1; - unsigned int all_zero_nonce:1; - unsigned int this_frame_masked:1; - unsigned int inside_frame:1; /* next write will be more of frame */ - unsigned int clean_buffer:1; /* buffer not rewritten by extension */ - unsigned int payload_is_close:1; /* process as PONG, but it is close */ - unsigned int ping_pending_flag:1; - unsigned int continuation_possible:1; - unsigned int owed_a_fin:1; - unsigned int check_utf8:1; - unsigned int defeat_check_utf8:1; - unsigned int stashed_write_pending:1; - unsigned int send_check_ping:1; - unsigned int first_fragment:1; - unsigned int peer_has_sent_close:1; - unsigned int await_pong; -#if !defined(LWS_WITHOUT_EXTENSIONS) - unsigned int extension_data_pending:1; - unsigned int rx_draining_ext:1; - unsigned int tx_draining_ext:1; - unsigned int pmd_trailer_application:1; - - uint8_t count_act_ext; -#endif -}; - -/* - * we need to separately track what's happening with both compressed rx in - * and with inflated rx out that will be passed to the user code - */ - -struct lws_ext_pm_deflate_rx_ebufs { - struct lws_tokens eb_in; - struct lws_tokens eb_out; -}; - -int -lws_ws_handshake_client(struct lws *wsi, unsigned char **buf, size_t len); - -#if !defined(LWS_WITHOUT_EXTENSIONS) -LWS_VISIBLE void -lws_context_init_extensions(const struct lws_context_creation_info *info, - struct lws_context *context); -LWS_EXTERN int -lws_any_extension_handled(struct lws *wsi, enum lws_extension_callback_reasons r, - void *v, size_t len); - -LWS_EXTERN int -lws_ext_cb_active(struct lws *wsi, int reason, void *buf, int len); -LWS_EXTERN int -lws_ext_cb_all_exts(struct lws_context *context, struct lws *wsi, int reason, - void *arg, int len); -#endif - -int -handshake_0405(struct lws_context *context, struct lws *wsi); -int -lws_process_ws_upgrade(struct lws *wsi); - -int -lws_process_ws_upgrade2(struct lws *wsi); - -extern const struct lws_protocols lws_ws_proxy; - -int -lws_server_init_wsi_for_ws(struct lws *wsi); - -void -lws_sul_wsping_cb(lws_sorted_usec_list_t *sul); diff --git a/lib/roles/ws/server-ws.c b/lib/roles/ws/server-ws.c deleted file mode 100644 index 680c2e6..0000000 --- a/lib/roles/ws/server-ws.c +++ /dev/null @@ -1,1000 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include - -#define LWS_CPYAPP(ptr, str) { strcpy(ptr, str); ptr += strlen(str); } - -#if !defined(LWS_WITHOUT_EXTENSIONS) -static int -lws_extension_server_handshake(struct lws *wsi, char **p, int budget) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - char ext_name[64], *args, *end = (*p) + budget - 1; - const struct lws_ext_options *opts, *po; - const struct lws_extension *ext; - struct lws_ext_option_arg oa; - int n, m, more = 1; - int ext_count = 0; - char ignore; - char *c; - - /* - * Figure out which extensions the client has that we want to - * enable on this connection, and give him back the list - */ - if (!lws_hdr_total_length(wsi, WSI_TOKEN_EXTENSIONS)) - return 0; - - /* - * break down the list of client extensions - * and go through them - */ - - if (lws_hdr_copy(wsi, (char *)pt->serv_buf, context->pt_serv_buf_size, - WSI_TOKEN_EXTENSIONS) < 0) - return 1; - - c = (char *)pt->serv_buf; - lwsl_parser("WSI_TOKEN_EXTENSIONS = '%s'\n", c); - wsi->ws->count_act_ext = 0; - ignore = 0; - n = 0; - args = NULL; - - /* - * We may get a simple request - * - * Sec-WebSocket-Extensions: permessage-deflate - * - * or an elaborated one with requested options - * - * Sec-WebSocket-Extensions: permessage-deflate; \ - * server_no_context_takeover; \ - * client_no_context_takeover - */ - - while (more) { - - if (c >= (char *)pt->serv_buf + 255) - return -1; - - if (*c && (*c != ',' && *c != '\t')) { - if (*c == ';') { - ignore = 1; - if (!args) - args = c + 1; - } - if (ignore || *c == ' ') { - c++; - continue; - } - ext_name[n] = *c++; - if (n < (int)sizeof(ext_name) - 1) - n++; - continue; - } - ext_name[n] = '\0'; - - ignore = 0; - if (!*c) - more = 0; - else { - c++; - if (!n) - continue; - } - - while (args && *args == ' ') - args++; - - /* check a client's extension against our support */ - - ext = wsi->vhost->ws.extensions; - - while (ext && ext->callback) { - - if (strcmp(ext_name, ext->name)) { - ext++; - continue; - } - - /* - * oh, we do support this one he asked for... but let's - * confirm he only gave it once - */ - for (m = 0; m < wsi->ws->count_act_ext; m++) - if (wsi->ws->active_extensions[m] == ext) { - lwsl_info("ext mentioned twice\n"); - return 1; /* shenanigans */ - } - - /* - * ask user code if it's OK to apply it on this - * particular connection + protocol - */ - m = (wsi->protocol->callback)(wsi, - LWS_CALLBACK_CONFIRM_EXTENSION_OKAY, - wsi->user_space, ext_name, 0); - - /* - * zero return from callback means go ahead and allow - * the extension, it's what we get if the callback is - * unhandled - */ - if (m) { - ext++; - continue; - } - - /* apply it */ - - ext_count++; - - /* instantiate the extension on this conn */ - - wsi->ws->active_extensions[wsi->ws->count_act_ext] = ext; - - /* allow him to construct his context */ - - if (ext->callback(lws_get_context(wsi), ext, wsi, - LWS_EXT_CB_CONSTRUCT, - (void *)&wsi->ws->act_ext_user[ - wsi->ws->count_act_ext], - (void *)&opts, 0)) { - lwsl_info("ext %s failed construction\n", - ext_name); - ext_count--; - ext++; - - continue; - } - - if (ext_count > 1) - *(*p)++ = ','; - else - LWS_CPYAPP(*p, - "\x0d\x0aSec-WebSocket-Extensions: "); - *p += lws_snprintf(*p, (end - *p), "%s", ext_name); - - /* - * The client may send a bunch of different option - * sets for the same extension, we are supposed to - * pick one we like the look of. The option sets are - * separated by comma. - * - * Actually we just either accept the first one or - * nothing. - * - * Go through the options trying to apply the - * recognized ones - */ - - lwsl_info("ext args %s\n", args); - - while (args && *args && *args != ',') { - while (*args == ' ') - args++; - po = opts; - while (po->name) { - /* only support arg-less options... */ - if (po->type != EXTARG_NONE || - strncmp(args, po->name, - strlen(po->name))) { - po++; - continue; - } - oa.option_name = NULL; - oa.option_index = (int)(po - opts); - oa.start = NULL; - oa.len = 0; - lwsl_info("setting '%s'\n", po->name); - if (!ext->callback(lws_get_context(wsi), - ext, wsi, - LWS_EXT_CB_OPTION_SET, - wsi->ws->act_ext_user[ - wsi->ws->count_act_ext], - &oa, (end - *p))) { - - *p += lws_snprintf(*p, - (end - *p), - "; %s", po->name); - lwsl_debug("adding option %s\n", - po->name); - } - po++; - } - while (*args && *args != ',' && *args != ';') - args++; - - if (*args == ';') - args++; - } - - wsi->ws->count_act_ext++; - lwsl_parser("cnt_act_ext <- %d\n", - wsi->ws->count_act_ext); - - if (args && *args == ',') - more = 0; - - ext++; - } - - n = 0; - args = NULL; - } - - return 0; -} -#endif - -int -lws_process_ws_upgrade2(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - const struct lws_protocol_vhost_options *pvos = NULL; - const char *ws_prot_basic_auth = NULL; - - /* - * Allow basic auth a look-in now we bound the wsi to the protocol. - * - * For vhost ws basic auth, it is "basic-auth": "path" as usual but - * applied to the protocol's entry in the vhost's "ws-protocols": - * section, as a pvo. - */ - - pvos = lws_vhost_protocol_options(wsi->vhost, wsi->protocol->name); - if (pvos && pvos->options && - !lws_pvo_get_str((void *)pvos->options, "basic-auth", - &ws_prot_basic_auth)) { - lwsl_info("%s: ws upgrade requires basic auth\n", __func__); - switch(lws_check_basic_auth(wsi, ws_prot_basic_auth)) { - case LCBA_CONTINUE: - break; - case LCBA_FAILED_AUTH: - return lws_unauthorised_basic_auth(wsi); - case LCBA_END_TRANSACTION: - lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); - return lws_http_transaction_completed(wsi); - } - } - - /* - * We are upgrading to ws, so http/1.1 + h2 and keepalive + pipelined - * header considerations about keeping the ah around no longer apply. - * - * However it's common for the first ws protocol data to have been - * coalesced with the browser upgrade request and to already be in the - * ah rx buffer. - */ - - lws_pt_lock(pt, __func__); - - if (!wsi->h2_stream_carries_ws) - lws_role_transition(wsi, LWSIFR_SERVER, LRS_ESTABLISHED, - &role_ops_ws); - - lws_pt_unlock(pt); - - /* allocate the ws struct for the wsi */ - - wsi->ws = lws_zalloc(sizeof(*wsi->ws), "ws struct"); - if (!wsi->ws) { - lwsl_notice("OOM\n"); - return 1; - } - - if (lws_hdr_total_length(wsi, WSI_TOKEN_VERSION)) - wsi->ws->ietf_spec_revision = - atoi(lws_hdr_simple_ptr(wsi, WSI_TOKEN_VERSION)); - - /* allocate wsi->user storage */ - if (lws_ensure_user_space(wsi)) { - lwsl_notice("problem with user space\n"); - return 1; - } - - /* - * Give the user code a chance to study the request and - * have the opportunity to deny it - */ - if ((wsi->protocol->callback)(wsi, - LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION, - wsi->user_space, - lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL), 0)) { - lwsl_warn("User code denied connection\n"); - return 1; - } - - /* - * Perform the handshake according to the protocol version the - * client announced - */ - - switch (wsi->ws->ietf_spec_revision) { - default: - lwsl_notice("Unknown client spec version %d\n", - wsi->ws->ietf_spec_revision); - wsi->ws->ietf_spec_revision = 13; - //return 1; - /* fallthru */ - case 13: -#if defined(LWS_WITH_HTTP2) - if (wsi->h2_stream_carries_ws) { - if (lws_h2_ws_handshake(wsi)) { - lwsl_notice("h2 ws handshake failed\n"); - return 1; - } - lws_role_transition(wsi, - LWSIFR_SERVER | LWSIFR_P_ENCAP_H2, - LRS_ESTABLISHED, &role_ops_ws); - } else -#endif - { - lwsl_parser("lws_parse calling handshake_04\n"); - if (handshake_0405(wsi->context, wsi)) { - lwsl_notice("hs0405 has failed the connection\n"); - return 1; - } - } - break; - } - - lws_server_init_wsi_for_ws(wsi); - lwsl_parser("accepted v%02d connection\n", wsi->ws->ietf_spec_revision); - -#if defined(LWS_WITH_ACCESS_LOG) - { - char *uptr = NULL, combo[128]; - int l, meth = lws_http_get_uri_and_method(wsi, &uptr, &l); - - if (wsi->h2_stream_carries_ws) - wsi->http.request_version = HTTP_VERSION_2; - - wsi->http.access_log.response = 101; - - l = lws_snprintf(combo, sizeof(combo), "%.*s (%s)", l, uptr, - wsi->protocol->name); - - lws_prepare_access_log_info(wsi, combo, l, meth); - lws_access_log(wsi); - } -#endif - - lwsl_info("%s: %p: dropping ah on ws upgrade\n", __func__, wsi); - lws_header_table_detach(wsi, 1); - - return 0; -} - -int -lws_process_ws_upgrade(struct lws *wsi) -{ - const struct lws_protocols *pcol = NULL; - char buf[128], name[64]; - struct lws_tokenize ts; - lws_tokenize_elem e; - - if (!wsi->protocol) - lwsl_err("NULL protocol at lws_read\n"); - - /* - * It's either websocket or h2->websocket - * - * If we are on h1, confirm we got the required "connection: upgrade" - * header. h2 / ws-over-h2 does not have this. - */ - -#if defined(LWS_WITH_HTTP2) - if (!wsi->http2_substream) { -#endif - - lws_tokenize_init(&ts, buf, LWS_TOKENIZE_F_COMMA_SEP_LIST | - LWS_TOKENIZE_F_DOT_NONTERM | - LWS_TOKENIZE_F_RFC7230_DELIMS | - LWS_TOKENIZE_F_MINUS_NONTERM); - ts.len = lws_hdr_copy(wsi, buf, sizeof(buf) - 1, - WSI_TOKEN_CONNECTION); - if (ts.len <= 0) - goto bad_conn_format; - - do { - e = lws_tokenize(&ts); - switch (e) { - case LWS_TOKZE_TOKEN: - if (!strncasecmp(ts.token, "upgrade", ts.token_len)) - e = LWS_TOKZE_ENDED; - break; - - case LWS_TOKZE_DELIMITER: - break; - - default: /* includes ENDED */ - bad_conn_format: - lwsl_err("%s: malformed or absent conn hdr\n", - __func__); - - return 1; - } - } while (e > 0); - -#if defined(LWS_WITH_HTTP2) - } -#endif - -#if defined(LWS_WITH_HTTP_PROXY) - { - const struct lws_http_mount *hit; - int uri_len = 0, meth; - char *uri_ptr; - - meth = lws_http_get_uri_and_method(wsi, &uri_ptr, &uri_len); - hit = lws_find_mount(wsi, uri_ptr, uri_len); - - if (hit && (meth == 0 || meth == 8) && - (hit->origin_protocol == LWSMPRO_HTTPS || - hit->origin_protocol == LWSMPRO_HTTP)) - /* - * We are an h1 ws upgrade on a urlpath that corresponds - * to a proxying mount. Don't try to deal with it - * locally, eg, we won't even have the right protocol - * handler since we're not the guy handling it, just a - * conduit. - * - * Instead open the related ongoing h1 connection - * according to the mount configuration and proxy - * whatever that has to say from now on. - */ - return lws_http_proxy_start(wsi, hit, uri_ptr, 1); - } -#endif - - /* - * Select the first protocol we support from the list - * the client sent us. - */ - - lws_tokenize_init(&ts, buf, LWS_TOKENIZE_F_COMMA_SEP_LIST | - LWS_TOKENIZE_F_MINUS_NONTERM | - LWS_TOKENIZE_F_DOT_NONTERM | - LWS_TOKENIZE_F_RFC7230_DELIMS); - ts.len = lws_hdr_copy(wsi, buf, sizeof(buf) - 1, WSI_TOKEN_PROTOCOL); - if (ts.len < 0) { - lwsl_err("%s: protocol list too long\n", __func__); - return 1; - } - if (!ts.len) { - int n = wsi->vhost->default_protocol_index; - /* - * Some clients only have one protocol and do not send the - * protocol list header... allow it and match to the vhost's - * default protocol (which itself defaults to zero). - * - * Setting the vhost default protocol index to -1 or anything - * more than the actual number of protocols on the vhost causes - * these "no protocol" ws connections to be rejected. - */ - - if (n >= wsi->vhost->count_protocols) { - lwsl_notice("%s: rejecting ws upg with no protocol\n", - __func__); - - return 1; - } - - lwsl_info("%s: defaulting to prot handler %d\n", __func__, n); - - lws_bind_protocol(wsi, &wsi->vhost->protocols[n], - "ws upgrade default pcol"); - - goto alloc_ws; - } - - /* otherwise go through the user-provided protocol list */ - - do { - e = lws_tokenize(&ts); - switch (e) { - case LWS_TOKZE_TOKEN: - - if (lws_tokenize_cstr(&ts, name, sizeof(name))) { - lwsl_err("%s: pcol name too long\n", __func__); - - return 1; - } - lwsl_debug("checking %s\n", name); - pcol = lws_vhost_name_to_protocol(wsi->vhost, name); - if (pcol) { - /* if we know it, bind to it and stop looking */ - lws_bind_protocol(wsi, pcol, "ws upg pcol"); - e = LWS_TOKZE_ENDED; - } - break; - - case LWS_TOKZE_DELIMITER: - case LWS_TOKZE_ENDED: - break; - - default: - lwsl_err("%s: malformatted protocol list", __func__); - - return 1; - } - } while (e > 0); - - /* we didn't find a protocol he wanted? */ - - if (!pcol) { - lwsl_notice("No supported protocol \"%s\"\n", buf); - - return 1; - } - -alloc_ws: - - return lws_process_ws_upgrade2(wsi); -} - -int -handshake_0405(struct lws_context *context, struct lws *wsi) -{ - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_process_html_args args; - unsigned char hash[20]; - int n, accept_len; - char *response; - char *p; - - if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST) || - !lws_hdr_total_length(wsi, WSI_TOKEN_KEY)) { - lwsl_info("handshake_04 missing pieces\n"); - /* completed header processing, but missing some bits */ - goto bail; - } - - if (lws_hdr_total_length(wsi, WSI_TOKEN_KEY) >= - MAX_WEBSOCKET_04_KEY_LEN) { - lwsl_warn("Client key too long %d\n", MAX_WEBSOCKET_04_KEY_LEN); - goto bail; - } - - /* - * since key length is restricted above (currently 128), cannot - * overflow - */ - n = sprintf((char *)pt->serv_buf, - "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", - lws_hdr_simple_ptr(wsi, WSI_TOKEN_KEY)); - - lws_SHA1(pt->serv_buf, n, hash); - - accept_len = lws_b64_encode_string((char *)hash, 20, - (char *)pt->serv_buf, context->pt_serv_buf_size); - if (accept_len < 0) { - lwsl_warn("Base64 encoded hash too long\n"); - goto bail; - } - - /* allocate the per-connection user memory (if any) */ - if (lws_ensure_user_space(wsi)) - goto bail; - - /* create the response packet */ - - /* make a buffer big enough for everything */ - - response = (char *)pt->serv_buf + MAX_WEBSOCKET_04_KEY_LEN + - 256 + LWS_PRE; - p = response; - LWS_CPYAPP(p, "HTTP/1.1 101 Switching Protocols\x0d\x0a" - "Upgrade: WebSocket\x0d\x0a" - "Connection: Upgrade\x0d\x0a" - "Sec-WebSocket-Accept: "); - strcpy(p, (char *)pt->serv_buf); - p += accept_len; - - /* we can only return the protocol header if: - * - one came in, and ... */ - if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) && - /* - it is not an empty string */ - wsi->protocol->name && - wsi->protocol->name[0]) { - const char *prot = wsi->protocol->name; - -#if defined(LWS_WITH_HTTP_PROXY) - if (wsi->proxied_ws_parent && wsi->child_list) - prot = wsi->child_list->ws->actual_protocol; -#endif - - LWS_CPYAPP(p, "\x0d\x0aSec-WebSocket-Protocol: "); - p += lws_snprintf(p, 128, "%s", prot); - } - -#if !defined(LWS_WITHOUT_EXTENSIONS) - /* - * Figure out which extensions the client has that we want to - * enable on this connection, and give him back the list. - * - * Give him a limited write bugdet - */ - if (lws_extension_server_handshake(wsi, &p, 192)) - goto bail; -#endif - LWS_CPYAPP(p, "\x0d\x0a"); - - args.p = p; - args.max_len = lws_ptr_diff((char *)pt->serv_buf + - context->pt_serv_buf_size, p); - if (user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_ADD_HEADERS, - wsi->user_space, &args, 0)) - goto bail; - - p = args.p; - - /* end of response packet */ - - LWS_CPYAPP(p, "\x0d\x0a"); - - /* okay send the handshake response accepting the connection */ - - lwsl_parser("issuing resp pkt %d len\n", - lws_ptr_diff(p, response)); -#if defined(DEBUG) - fwrite(response, 1, p - response, stderr); -#endif - n = lws_write(wsi, (unsigned char *)response, p - response, - LWS_WRITE_HTTP_HEADERS); - if (n != (p - response)) { - lwsl_info("%s: ERROR writing to socket %d\n", __func__, n); - goto bail; - } - - /* alright clean up and set ourselves into established state */ - - lwsi_set_state(wsi, LRS_ESTABLISHED); - wsi->lws_rx_parse_state = LWS_RXPS_NEW; - - { - const char * uri_ptr = - lws_hdr_simple_ptr(wsi, WSI_TOKEN_GET_URI); - int uri_len = lws_hdr_total_length(wsi, WSI_TOKEN_GET_URI); - const struct lws_http_mount *hit = - lws_find_mount(wsi, uri_ptr, uri_len); - if (hit && hit->cgienv && - wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, - wsi->user_space, (void *)hit->cgienv, 0)) - return 1; - } - - return 0; - -bail: - /* caller will free up his parsing allocations */ - return -1; -} - - - -/* - * Once we reach LWS_RXPS_WS_FRAME_PAYLOAD, we know how much - * to expect in that state and can deal with it in bulk more efficiently. - */ - -static int -lws_ws_frame_rest_is_payload(struct lws *wsi, uint8_t **buf, size_t len) -{ - struct lws_ext_pm_deflate_rx_ebufs pmdrx; - unsigned int avail = (unsigned int)len; - uint8_t *buffer = *buf, mask[4]; -#if !defined(LWS_WITHOUT_EXTENSIONS) - unsigned int old_packet_length = (int)wsi->ws->rx_packet_length; -#endif - int n = 0; - - /* - * With zlib, we can give it as much input as we like. The pmd - * extension will draw it down in chunks (default 1024). - * - * If we try to restrict how much we give it, because we must go - * back to the event loop each time, we will drop the remainder... - */ - -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (!wsi->ws->count_act_ext) -#endif - { - if (wsi->protocol->rx_buffer_size) - avail = (int)wsi->protocol->rx_buffer_size; - else - avail = wsi->context->pt_serv_buf_size; - } - - /* do not consume more than we should */ - if (avail > wsi->ws->rx_packet_length) - avail = (unsigned int)wsi->ws->rx_packet_length; - - /* do not consume more than what is in the buffer */ - if (avail > len) - avail = (unsigned int)len; - - if (!avail) - return 0; - - pmdrx.eb_in.token = buffer; - pmdrx.eb_in.len = avail; - pmdrx.eb_out.token = buffer; - pmdrx.eb_out.len = avail; - - if (!wsi->ws->all_zero_nonce) { - - for (n = 0; n < 4; n++) - mask[n] = wsi->ws->mask[(wsi->ws->mask_idx + n) & 3]; - - /* deal with 4-byte chunks using unwrapped loop */ - n = avail >> 2; - while (n--) { - *(buffer) = *(buffer) ^ mask[0]; - buffer++; - *(buffer) = *(buffer) ^ mask[1]; - buffer++; - *(buffer) = *(buffer) ^ mask[2]; - buffer++; - *(buffer) = *(buffer) ^ mask[3]; - buffer++; - } - /* and the remaining bytes bytewise */ - for (n = 0; n < (int)(avail & 3); n++) { - *(buffer) = *(buffer) ^ mask[n]; - buffer++; - } - - wsi->ws->mask_idx = (wsi->ws->mask_idx + avail) & 3; - } - - lwsl_info("%s: using %d of raw input (total %d on offer)\n", __func__, - avail, (int)len); - - (*buf) += avail; - len -= avail; - wsi->ws->rx_packet_length -= avail; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - n = lws_ext_cb_active(wsi, LWS_EXT_CB_PAYLOAD_RX, &pmdrx, 0); - lwsl_info("%s: ext says %d / ebuf_out.len %d\n", __func__, n, - pmdrx.eb_out.len); - - /* - * ebuf may be pointing somewhere completely different now, - * it's the output - */ - - if (n < 0) { - /* - * we may rely on this to get RX, just drop connection - */ - lwsl_notice("%s: LWS_EXT_CB_PAYLOAD_RX blew out\n", __func__); - wsi->socket_is_permanently_unusable = 1; - - return -1; - } - - /* - * if we had an rx fragment right at the last compressed byte of the - * message, we can get a zero length inflated output, where no prior - * rx inflated output marked themselves with FIN, since there was - * raw ws payload still to drain at that time. - * - * Then we need to generate a zero length ws rx that can be understood - * as the message completion. - */ - - if (!pmdrx.eb_out.len && /* zero-length inflation output */ - n == PMDR_EMPTY_FINAL && /* nothing to drain from the inflator */ - old_packet_length && /* we gave the inflator new input */ - !wsi->ws->rx_packet_length && /* raw ws packet payload all gone */ - wsi->ws->final && /* the raw ws packet is a FIN guy */ - wsi->protocol->callback && - !wsi->wsistate_pre_close) { - - lwsl_ext("%s: issuing zero length FIN pkt\n", __func__); - - if (user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_RECEIVE, - wsi->user_space, NULL, 0)) - return -1; - - return avail; - } - - /* - * If doing permessage-deflate, above was the only way to get a zero - * length receive. Otherwise we're more willing. - */ - if (wsi->ws->count_act_ext && !pmdrx.eb_out.len) - return avail; - - if (n == PMDR_HAS_PENDING) - /* extension had more... main loop will come back */ - lws_add_wsi_to_draining_ext_list(wsi); - else - lws_remove_wsi_from_draining_ext_list(wsi); -#endif - - if (pmdrx.eb_out.len && - wsi->ws->check_utf8 && !wsi->ws->defeat_check_utf8) { - if (lws_check_utf8(&wsi->ws->utf8, - pmdrx.eb_out.token, - pmdrx.eb_out.len)) { - lws_close_reason(wsi, LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"bad utf8", 8); - goto utf8_fail; - } - - /* we are ending partway through utf-8 character? */ - if (!wsi->ws->rx_packet_length && wsi->ws->final && - wsi->ws->utf8 && !n) { - lwsl_info("FINAL utf8 error\n"); - lws_close_reason(wsi, LWS_CLOSE_STATUS_INVALID_PAYLOAD, - (uint8_t *)"partial utf8", 12); - -utf8_fail: - lwsl_info("utf8 error\n"); - lwsl_hexdump_info(pmdrx.eb_out.token, pmdrx.eb_out.len); - - return -1; - } - } - - if (wsi->protocol->callback && !wsi->wsistate_pre_close) - if (user_callback_handle_rxflow(wsi->protocol->callback, wsi, - LWS_CALLBACK_RECEIVE, - wsi->user_space, - pmdrx.eb_out.token, - pmdrx.eb_out.len)) - return -1; - - wsi->ws->first_fragment = 0; - -#if !defined(LWS_WITHOUT_EXTENSIONS) - lwsl_info("%s: input used %d, output %d, rem len %d, rx_draining_ext %d\n", - __func__, avail, pmdrx.eb_out.len, (int)len, - wsi->ws->rx_draining_ext); -#endif - - return avail; /* how much we used from the input */ -} - - -int -lws_parse_ws(struct lws *wsi, unsigned char **buf, size_t len) -{ - unsigned char *bufin = *buf; - int m, bulk = 0; - - lwsl_debug("%s: received %d byte packet\n", __func__, (int)len); - - //lwsl_hexdump_notice(*buf, len); - - /* let the rx protocol state machine have as much as it needs */ - - while (len) { - /* - * we were accepting input but now we stopped doing so - */ - if (wsi->rxflow_bitmap) { - lwsl_info("%s: doing rxflow, caching %d\n", __func__, - (int)len); - /* - * Since we cached the remaining available input, we - * can say we "consumed" it. - * - * But what about the case where the available input - * came out of the rxflow cache already? If we are - * effectively "putting it back in the cache", we have - * leave it where it is, already pointed to by the head. - */ - if (lws_rxflow_cache(wsi, *buf, 0, (int)len) == - LWSRXFC_TRIMMED) { - /* - * We dealt with it by trimming the existing - * rxflow cache HEAD to account for what we used. - * - * indicate we didn't use anything to the caller - * so he doesn't do any consumed processing - */ - lwsl_info("%s: trimming inside rxflow cache\n", - __func__); - *buf = bufin; - } else - *buf += len; - - return 1; - } -#if !defined(LWS_WITHOUT_EXTENSIONS) - if (wsi->ws->rx_draining_ext) { - lwsl_debug("%s: draining rx ext\n", __func__); - m = lws_ws_rx_sm(wsi, ALREADY_PROCESSED_IGNORE_CHAR, 0); - if (m < 0) - return -1; - continue; - } -#endif - - /* consume payload bytes efficiently */ - while (wsi->lws_rx_parse_state == LWS_RXPS_WS_FRAME_PAYLOAD && - (wsi->ws->opcode == LWSWSOPC_TEXT_FRAME || - wsi->ws->opcode == LWSWSOPC_BINARY_FRAME || - wsi->ws->opcode == LWSWSOPC_CONTINUATION) && - len) { - uint8_t *bin = *buf; - - bulk = 1; - m = lws_ws_frame_rest_is_payload(wsi, buf, len); - assert((int)lws_ptr_diff(*buf, bin) <= (int)len); - len -= lws_ptr_diff(*buf, bin); - - if (!m) { - - break; - } - if (m < 0) { - lwsl_info("%s: rest_is_payload bailed\n", - __func__); - return -1; - } - } - - if (!bulk) { - /* process the byte */ - m = lws_ws_rx_sm(wsi, 0, *(*buf)++); - len--; - } else { - /* - * We already handled this byte in bulk, just deal - * with the ramifications - */ -#if !defined(LWS_WITHOUT_EXTENSIONS) - lwsl_debug("%s: coming out of bulk with len %d, " - "wsi->ws->rx_draining_ext %d\n", - __func__, (int)len, - wsi->ws->rx_draining_ext); -#endif - m = lws_ws_rx_sm(wsi, ALREADY_PROCESSED_IGNORE_CHAR | - ALREADY_PROCESSED_NO_CB, 0); - } - - if (m < 0) { - lwsl_info("%s: lws_ws_rx_sm bailed %d\n", __func__, - bulk); - - return -1; - } - - bulk = 0; - } - - lwsl_debug("%s: exit with %d unused\n", __func__, (int)len); - - return 0; -} diff --git a/lib/misc/romfs.c b/lib/romfs.c similarity index 95% rename from lib/misc/romfs.c rename to lib/romfs.c index 814999a..540382e 100644 --- a/lib/misc/romfs.c +++ b/lib/romfs.c @@ -119,16 +119,15 @@ static romfs_inode_t romfs_lookup(romfs_t romfs, romfs_inode_t start, const char *path) { romfs_inode_t level, i = start, i_in; - const char *p, *cp; + const char *p, *n, *cp; uint32_t next_be; if (start == (romfs_inode_t)romfs) i = skip_and_pad((romfs_inode_t)romfs); level = i; while (i != (romfs_inode_t)romfs) { - const char *n = ((const char *)i) + sizeof(*i); - p = path; + n = ((const char *)i) + sizeof(*i); i_in = i; set_cache(i, sizeof(*i)); @@ -137,16 +136,12 @@ romfs_lookup(romfs_t romfs, romfs_inode_t start, const char *path) cp = (const char *)cache; set_cache((romfs_inode_t)n, RFS_STRING_MAX); - while (*p && *p != '/' && *cp && *p == *cp && - (p - path) < RFS_STRING_MAX) { + while (*p && *p != '/' && *cp && *p == *cp && (p - path) < RFS_STRING_MAX) { p++; n++; cp++; } - while (*p == '/' && p[1] == '/') - p++; - if (!*cp && (!*p || *p == '/') && (ntohl(next_be) & 7) == RFST_HARDLINK) { set_cache(i, sizeof(*i)); @@ -167,9 +162,6 @@ romfs_lookup(romfs_t romfs, romfs_inode_t start, const char *path) if (!*p && *cp == '/') return NULL; - while (*p == '/' && p[1] == '/') - p++; - if (*p == '/' && !*cp) { set_cache(i, sizeof(*i)); switch (ntohl(ci->next) & 7) { diff --git a/lib/misc/romfs.h b/lib/romfs.h similarity index 100% rename from lib/misc/romfs.h rename to lib/romfs.h diff --git a/lib/server-handshake.c b/lib/server-handshake.c new file mode 100644 index 0000000..ec9b14e --- /dev/null +++ b/lib/server-handshake.c @@ -0,0 +1,351 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2013 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +#define LWS_CPYAPP(ptr, str) { strcpy(ptr, str); ptr += strlen(str); } + +#ifndef LWS_NO_EXTENSIONS +static int +lws_extension_server_handshake(struct lws *wsi, char **p, int budget) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + char ext_name[64], *args, *end = (*p) + budget - 1; + const struct lws_ext_options *opts, *po; + const struct lws_extension *ext; + struct lws_ext_option_arg oa; + int n, m, more = 1; + int ext_count = 0; + char ignore; + char *c; + + /* + * Figure out which extensions the client has that we want to + * enable on this connection, and give him back the list + */ + if (!lws_hdr_total_length(wsi, WSI_TOKEN_EXTENSIONS)) + return 0; + + /* + * break down the list of client extensions + * and go through them + */ + + if (lws_hdr_copy(wsi, (char *)pt->serv_buf, context->pt_serv_buf_size, + WSI_TOKEN_EXTENSIONS) < 0) + return 1; + + c = (char *)pt->serv_buf; + lwsl_parser("WSI_TOKEN_EXTENSIONS = '%s'\n", c); + wsi->count_act_ext = 0; + ignore = 0; + n = 0; + args = NULL; + + /* + * We may get a simple request + * + * Sec-WebSocket-Extensions: permessage-deflate + * + * or an elaborated one with requested options + * + * Sec-WebSocket-Extensions: permessage-deflate; \ + * server_no_context_takeover; \ + * client_no_context_takeover + */ + + while (more) { + + if (*c && (*c != ',' && *c != '\t')) { + if (*c == ';') { + ignore = 1; + args = c + 1; + } + if (ignore || *c == ' ') { + c++; + continue; + } + ext_name[n] = *c++; + if (n < sizeof(ext_name) - 1) + n++; + continue; + } + ext_name[n] = '\0'; + + ignore = 0; + if (!*c) + more = 0; + else { + c++; + if (!n) + continue; + } + + while (args && *args && *args == ' ') + args++; + + /* check a client's extension against our support */ + + ext = wsi->vhost->extensions; + + while (ext && ext->callback) { + + if (strcmp(ext_name, ext->name)) { + ext++; + continue; + } + + /* + * oh, we do support this one he asked for... but let's + * confirm he only gave it once + */ + for (m = 0; m < wsi->count_act_ext; m++) + if (wsi->active_extensions[m] == ext) { + lwsl_info("extension mentioned twice\n"); + return 1; /* shenanigans */ + } + + /* + * ask user code if it's OK to apply it on this + * particular connection + protocol + */ + m = (wsi->protocol->callback)(wsi, + LWS_CALLBACK_CONFIRM_EXTENSION_OKAY, + wsi->user_space, ext_name, 0); + + /* + * zero return from callback means go ahead and allow + * the extension, it's what we get if the callback is + * unhandled + */ + if (m) { + ext++; + continue; + } + + /* apply it */ + + ext_count++; + + /* instantiate the extension on this conn */ + + wsi->active_extensions[wsi->count_act_ext] = ext; + + /* allow him to construct his context */ + + if (ext->callback(lws_get_context(wsi), ext, wsi, + LWS_EXT_CB_CONSTRUCT, + (void *)&wsi->act_ext_user[ + wsi->count_act_ext], + (void *)&opts, 0)) { + lwsl_notice("ext %s failed construction\n", + ext_name); + ext_count--; + ext++; + + continue; + } + + if (ext_count > 1) + *(*p)++ = ','; + else + LWS_CPYAPP(*p, + "\x0d\x0aSec-WebSocket-Extensions: "); + *p += lws_snprintf(*p, (end - *p), "%s", ext_name); + + /* + * go through the options trying to apply the + * recognized ones + */ + + lwsl_debug("ext args %s", args); + + while (args && *args && *args != ',') { + while (*args == ' ') + args++; + po = opts; + while (po->name) { + lwsl_debug("'%s' '%s'\n", po->name, args); + /* only support arg-less options... */ + if (po->type == EXTARG_NONE && + !strncmp(args, po->name, + strlen(po->name))) { + oa.option_name = NULL; + oa.option_index = po - opts; + oa.start = NULL; + lwsl_debug("setting %s\n", po->name); + if (!ext->callback( + lws_get_context(wsi), ext, wsi, + LWS_EXT_CB_OPTION_SET, + wsi->act_ext_user[ + wsi->count_act_ext], + &oa, (end - *p))) { + + *p += lws_snprintf(*p, (end - *p), "; %s", po->name); + lwsl_debug("adding option %s\n", po->name); + } + } + po++; + } + while (*args && *args != ',' && *args != ';') + args++; + } + + wsi->count_act_ext++; + lwsl_parser("count_act_ext <- %d\n", + wsi->count_act_ext); + + ext++; + } + + n = 0; + args = NULL; + } + + return 0; +} +#endif +int +handshake_0405(struct lws_context *context, struct lws *wsi) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + unsigned char hash[20]; + int n, accept_len; + char *response; + char *p; + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST) || + !lws_hdr_total_length(wsi, WSI_TOKEN_KEY)) { + lwsl_parser("handshake_04 missing pieces\n"); + /* completed header processing, but missing some bits */ + goto bail; + } + + if (lws_hdr_total_length(wsi, WSI_TOKEN_KEY) >= MAX_WEBSOCKET_04_KEY_LEN) { + lwsl_warn("Client key too long %d\n", MAX_WEBSOCKET_04_KEY_LEN); + goto bail; + } + + /* + * since key length is restricted above (currently 128), cannot + * overflow + */ + n = sprintf((char *)pt->serv_buf, + "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_KEY)); + + lws_SHA1(pt->serv_buf, n, hash); + + accept_len = lws_b64_encode_string((char *)hash, 20, + (char *)pt->serv_buf, context->pt_serv_buf_size); + if (accept_len < 0) { + lwsl_warn("Base64 encoded hash too long\n"); + goto bail; + } + + /* allocate the per-connection user memory (if any) */ + if (lws_ensure_user_space(wsi)) + goto bail; + + /* create the response packet */ + + /* make a buffer big enough for everything */ + + response = (char *)pt->serv_buf + MAX_WEBSOCKET_04_KEY_LEN + LWS_PRE; + p = response; + LWS_CPYAPP(p, "HTTP/1.1 101 Switching Protocols\x0d\x0a" + "Upgrade: WebSocket\x0d\x0a" + "Connection: Upgrade\x0d\x0a" + "Sec-WebSocket-Accept: "); + strcpy(p, (char *)pt->serv_buf); + p += accept_len; + + /* we can only return the protocol header if: + * - one came in, and ... */ + if (lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL) && + /* - it is not an empty string */ + wsi->protocol->name && + wsi->protocol->name[0]) { + LWS_CPYAPP(p, "\x0d\x0aSec-WebSocket-Protocol: "); + p += lws_snprintf(p, 128, "%s", wsi->protocol->name); + } + +#ifndef LWS_NO_EXTENSIONS + /* + * Figure out which extensions the client has that we want to + * enable on this connection, and give him back the list. + * + * Give him a limited write bugdet + */ + if (lws_extension_server_handshake(wsi, &p, 192)) + goto bail; +#endif + + //LWS_CPYAPP(p, "\x0d\x0a""An-unknown-header: blah"); + + /* end of response packet */ + + LWS_CPYAPP(p, "\x0d\x0a\x0d\x0a"); + + if (!lws_any_extension_handled(wsi, LWS_EXT_CB_HANDSHAKE_REPLY_TX, + response, p - response)) { + + /* okay send the handshake response accepting the connection */ + + lwsl_parser("issuing resp pkt %d len\n", (int)(p - response)); +#if defined(DEBUG) && ! defined(LWS_WITH_ESP8266) + fwrite(response, 1, p - response, stderr); +#endif + n = lws_write(wsi, (unsigned char *)response, + p - response, LWS_WRITE_HTTP_HEADERS); + if (n != (p - response)) { + lwsl_debug("handshake_0405: ERROR writing to socket\n"); + goto bail; + } + + } + + /* alright clean up and set ourselves into established state */ + + wsi->state = LWSS_ESTABLISHED; + wsi->lws_rx_parse_state = LWS_RXPS_NEW; + + { + const char * uri_ptr = + lws_hdr_simple_ptr(wsi, WSI_TOKEN_GET_URI); + int uri_len = lws_hdr_total_length(wsi, WSI_TOKEN_GET_URI); + const struct lws_http_mount *hit = + lws_find_mount(wsi, uri_ptr, uri_len); + if (hit && hit->cgienv && + wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP_PMO, + wsi->user_space, (void *)hit->cgienv, 0)) + return 1; + } + + return 0; + + +bail: + /* caller will free up his parsing allocations */ + return -1; +} + diff --git a/lib/server.c b/lib/server.c new file mode 100644 index 0000000..6e7c8b0 --- /dev/null +++ b/lib/server.c @@ -0,0 +1,3507 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + + +#include "private-libwebsockets.h" + +#if defined (LWS_WITH_ESP8266) +#undef memcpy +void *memcpy(void *dest, const void *src, size_t n) +{ + return ets_memcpy(dest, src, n); +} +#endif + +int +lws_context_init_server(struct lws_context_creation_info *info, + struct lws_vhost *vhost) +{ +#if LWS_POSIX + int n, opt = 1, limit = 1; +#endif + lws_sockfd_type sockfd; + struct lws_vhost *vh; + struct lws *wsi; + int m = 0; + + (void)opt; + /* set up our external listening socket we serve on */ + + if (info->port == CONTEXT_PORT_NO_LISTEN || info->port == CONTEXT_PORT_NO_LISTEN_SERVER) + return 0; + + vh = vhost->context->vhost_list; + while (vh) { + if (vh->listen_port == info->port) { + if ((!info->iface && !vh->iface) || + (info->iface && vh->iface && + !strcmp(info->iface, vh->iface))) { + vhost->listen_port = info->port; + vhost->iface = info->iface; + lwsl_notice(" using listen skt from vhost %s\n", + vh->name); + return 0; + } + } + vh = vh->vhost_next; + } + +#if LWS_POSIX + (void)n; +#if defined(__linux__) + limit = vhost->context->count_threads; +#endif + + for (m = 0; m < limit; m++) { +#ifdef LWS_USE_UNIX_SOCK + if (LWS_UNIX_SOCK_ENABLED(vhost)) + sockfd = socket(AF_UNIX, SOCK_STREAM, 0); + else +#endif +#ifdef LWS_USE_IPV6 + if (LWS_IPV6_ENABLED(vhost)) + sockfd = socket(AF_INET6, SOCK_STREAM, 0); + else +#endif + sockfd = socket(AF_INET, SOCK_STREAM, 0); + + if (sockfd == -1) { +#else +#if defined(LWS_WITH_ESP8266) + sockfd = esp8266_create_tcp_listen_socket(vhost); + if (!lws_sockfd_valid(sockfd)) { +#endif +#endif + lwsl_err("ERROR opening socket\n"); + return 1; + } +#if LWS_POSIX && !defined(LWS_WITH_ESP32) + +#if (defined(WIN32) || defined(_WIN32)) && defined(SO_EXCLUSIVEADDRUSE) + /* + * only accept that we are the only listener on the port + * https://msdn.microsoft.com/zh-tw/library/windows/desktop/ms740621(v=vs.85).aspx + * + * for lws, to match Linux, we default to exclusive listen + */ + if (!lws_check_opt(vhost->options, LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE)) { + if (setsockopt(sockfd, SOL_SOCKET, SO_EXCLUSIVEADDRUSE, + (const void *)&opt, sizeof(opt)) < 0) { + lwsl_err("reuseaddr failed\n"); + compatible_close(sockfd); + return 1; + } + } else +#endif + + /* + * allow us to restart even if old sockets in TIME_WAIT + */ + if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, + (const void *)&opt, sizeof(opt)) < 0) { + lwsl_err("reuseaddr failed\n"); + compatible_close(sockfd); + return 1; + } + +#if defined(LWS_USE_IPV6) && defined(IPV6_V6ONLY) + if (LWS_IPV6_ENABLED(vhost)) { + if (vhost->options & LWS_SERVER_OPTION_IPV6_V6ONLY_MODIFY) { + int value = (vhost->options & LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE) ? 1 : 0; + if (setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY, + (const void*)&value, sizeof(value)) < 0) { + compatible_close(sockfd); + return 1; + } + } + } +#endif + +#if defined(__linux__) && defined(SO_REUSEPORT) + n = lws_check_opt(vhost->options, LWS_SERVER_OPTION_ALLOW_LISTEN_SHARE); +#if LWS_MAX_SMP > 1 + n = 1; +#endif + + if (n) + if (vhost->context->count_threads > 1) + if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEPORT, + (const void *)&opt, sizeof(opt)) < 0) { + compatible_close(sockfd); + return 1; + } +#endif +#endif + lws_plat_set_socket_options(vhost, sockfd); + +#if LWS_POSIX + n = lws_socket_bind(vhost, sockfd, info->port, info->iface); + if (n < 0) + goto bail; + info->port = n; +#endif + vhost->listen_port = info->port; + vhost->iface = info->iface; + + wsi = lws_zalloc(sizeof(struct lws)); + if (wsi == NULL) { + lwsl_err("Out of mem\n"); + goto bail; + } + wsi->context = vhost->context; + wsi->desc.sockfd = sockfd; + wsi->mode = LWSCM_SERVER_LISTENER; + wsi->protocol = vhost->protocols; + wsi->tsi = m; + wsi->vhost = vhost; + wsi->listener = 1; + +#ifdef LWS_USE_LIBUV + if (LWS_LIBUV_ENABLED(vhost->context)) + lws_uv_initvhost(vhost, wsi); +#endif + + if (insert_wsi_socket_into_fds(vhost->context, wsi)) + goto bail; + + vhost->context->count_wsi_allocated++; + vhost->lserv_wsi = wsi; + +#if LWS_POSIX + n = listen(wsi->desc.sockfd, LWS_SOMAXCONN); + if (n < 0) { + lwsl_err("listen failed with error %d\n", LWS_ERRNO); + vhost->lserv_wsi = NULL; + vhost->context->count_wsi_allocated--; + remove_wsi_socket_from_fds(wsi); + goto bail; + } + } /* for each thread able to independently listen */ +#else +#if defined(LWS_WITH_ESP8266) + esp8266_tcp_stream_bind(wsi->desc.sockfd, info->port, wsi); +#endif +#endif + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_EXPLICIT_VHOSTS)) { +#ifdef LWS_USE_UNIX_SOCK + if (LWS_UNIX_SOCK_ENABLED(vhost)) + lwsl_notice(" Listening on \"%s\"\n", info->iface); + else +#endif + lwsl_notice(" Listening on port %d\n", info->port); + } + + return 0; + +bail: + compatible_close(sockfd); + + return 1; +} + +#if defined(LWS_WITH_ESP8266) +#undef strchr +#define strchr ets_strchr +#endif + +struct lws_vhost * +lws_select_vhost(struct lws_context *context, int port, const char *servername) +{ + struct lws_vhost *vhost = context->vhost_list; + const char *p; + int n, m, colon; + + n = strlen(servername); + colon = n; + p = strchr(servername, ':'); + if (p) + colon = p - servername; + + /* Priotity 1: first try exact matches */ + + while (vhost) { + if (port == vhost->listen_port && + !strncmp(vhost->name, servername, colon)) { + lwsl_info("SNI: Found: %s\n", servername); + return vhost; + } + vhost = vhost->vhost_next; + } + + /* + * Priority 2: if no exact matches, try matching *.vhost-name + * unintentional matches are possible but resolve to x.com for *.x.com + * which is reasonable. If exact match exists we already chose it and + * never reach here. SSL will still fail it if the cert doesn't allow + * *.x.com. + */ + + vhost = context->vhost_list; + while (vhost) { + m = strlen(vhost->name); + if (port == vhost->listen_port && + m <= (colon - 2) && + servername[colon - m - 1] == '.' && + !strncmp(vhost->name, servername + colon - m, m)) { + lwsl_info("SNI: Found %s on wildcard: %s\n", + servername, vhost->name); + return vhost; + } + vhost = vhost->vhost_next; + } + + /* Priority 3: match the first vhost on our port */ + + vhost = context->vhost_list; + while (vhost) { + if (port == vhost->listen_port) { + lwsl_info("vhost match to %s based on port %d\n", + vhost->name, port); + return vhost; + } + vhost = vhost->vhost_next; + } + + /* no match */ + + return NULL; +} + +LWS_VISIBLE LWS_EXTERN const char * +lws_get_mimetype(const char *file, const struct lws_http_mount *m) +{ + int n = strlen(file); + const struct lws_protocol_vhost_options *pvo = NULL; + + if (m) + pvo = m->extra_mimetypes; + + if (n < 5) + return NULL; + + if (!strcmp(&file[n - 4], ".ico")) + return "image/x-icon"; + + if (!strcmp(&file[n - 4], ".gif")) + return "image/gif"; + + if (!strcmp(&file[n - 3], ".js")) + return "text/javascript"; + + if (!strcmp(&file[n - 4], ".png")) + return "image/png"; + + if (!strcmp(&file[n - 4], ".jpg")) + return "image/jpeg"; + + if (!strcmp(&file[n - 3], ".gz")) + return "application/gzip"; + + if (!strcmp(&file[n - 4], ".JPG")) + return "image/jpeg"; + + if (!strcmp(&file[n - 5], ".html")) + return "text/html"; + + if (!strcmp(&file[n - 4], ".css")) + return "text/css"; + + if (!strcmp(&file[n - 4], ".txt")) + return "text/plain"; + + if (!strcmp(&file[n - 4], ".svg")) + return "image/svg+xml"; + + if (!strcmp(&file[n - 4], ".ttf")) + return "application/x-font-ttf"; + + if (!strcmp(&file[n - 4], ".otf")) + return "application/font-woff"; + + if (!strcmp(&file[n - 5], ".woff")) + return "application/font-woff"; + + if (!strcmp(&file[n - 4], ".xml")) + return "application/xml"; + + while (pvo) { + if (pvo->name[0] == '*') /* ie, match anything */ + return pvo->value; + + if (!strcmp(&file[n - strlen(pvo->name)], pvo->name)) + return pvo->value; + + pvo = pvo->next; + } + + return NULL; +} +static lws_fop_flags_t +lws_vfs_prepare_flags(struct lws *wsi) +{ + lws_fop_flags_t f = 0; + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING)) + return f; + + if (strstr(lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_ACCEPT_ENCODING), + "gzip")) { + lwsl_info("client indicates GZIP is acceptable\n"); + f |= LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP; + } + + return f; +} + +static int +lws_http_serve(struct lws *wsi, char *uri, const char *origin, + const struct lws_http_mount *m) +{ + const struct lws_protocol_vhost_options *pvo = m->interpret; + struct lws_process_html_args args; + const char *mimetype; +#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266) + const struct lws_plat_file_ops *fops; + const char *vpath; + lws_fop_flags_t fflags = LWS_O_RDONLY; +#if defined(WIN32) && defined(LWS_HAVE__STAT32I64) + struct _stat32i64 st; +#else + struct stat st; +#endif + int spin = 0; +#endif + char path[256], sym[512]; + unsigned char *p = (unsigned char *)sym + 32 + LWS_PRE, *start = p; + unsigned char *end = p + sizeof(sym) - 32 - LWS_PRE; +#if !defined(WIN32) && LWS_POSIX && !defined(LWS_WITH_ESP32) + size_t len; +#endif + int n; + + lws_snprintf(path, sizeof(path) - 1, "%s/%s", origin, uri); + +#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266) + + fflags |= lws_vfs_prepare_flags(wsi); + + do { + spin++; + fops = lws_vfs_select_fops(wsi->context->fops, path, &vpath); + + if (wsi->u.http.fop_fd) + lws_vfs_file_close(&wsi->u.http.fop_fd); + + wsi->u.http.fop_fd = fops->LWS_FOP_OPEN(wsi->context->fops, + path, vpath, &fflags); + if (!wsi->u.http.fop_fd) { + lwsl_err("Unable to open '%s'\n", path); + + return -1; + } + + /* if it can't be statted, don't try */ + if (fflags & LWS_FOP_FLAG_VIRTUAL) + break; +#if defined(LWS_WITH_ESP32) + break; +#endif +#if !defined(WIN32) + if (fstat(wsi->u.http.fop_fd->fd, &st)) { + lwsl_info("unable to stat %s\n", path); + goto bail; + } +#else +#if defined(LWS_HAVE__STAT32I64) + if (_stat32i64(path, &st)) { + lwsl_info("unable to stat %s\n", path); + goto bail; + } +#else + if (stat(path, &st)) { + lwsl_info("unable to stat %s\n", path); + goto bail; + } +#endif +#endif + + wsi->u.http.fop_fd->mod_time = (uint32_t)st.st_mtime; + fflags |= LWS_FOP_FLAG_MOD_TIME_VALID; + + lwsl_debug(" %s mode %d\n", path, S_IFMT & st.st_mode); +#if !defined(WIN32) && LWS_POSIX && !defined(LWS_WITH_ESP32) + if ((S_IFMT & st.st_mode) == S_IFLNK) { + len = readlink(path, sym, sizeof(sym) - 1); + if (len) { + lwsl_err("Failed to read link %s\n", path); + goto bail; + } + sym[len] = '\0'; + lwsl_debug("symlink %s -> %s\n", path, sym); + lws_snprintf(path, sizeof(path) - 1, "%s", sym); + } +#endif + if ((S_IFMT & st.st_mode) == S_IFDIR) { + lwsl_debug("default filename append to dir\n"); + lws_snprintf(path, sizeof(path) - 1, "%s/%s/index.html", + origin, uri); + } + + } while ((S_IFMT & st.st_mode) != S_IFREG && spin < 5); + + if (spin == 5) + lwsl_err("symlink loop %s \n", path); + + n = sprintf(sym, "%08llX%08lX", + (unsigned long long)lws_vfs_get_length(wsi->u.http.fop_fd), + (unsigned long)lws_vfs_get_mod_time(wsi->u.http.fop_fd)); + + /* disable ranges if IF_RANGE token invalid */ + + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_IF_RANGE)) + if (strcmp(sym, lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_IF_RANGE))) + /* differs - defeat Range: */ + wsi->u.http.ah->frag_index[WSI_TOKEN_HTTP_RANGE] = 0; + + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_IF_NONE_MATCH)) { + /* + * he thinks he has some version of it already, + * check if the tag matches + */ + if (!strcmp(sym, lws_hdr_simple_ptr(wsi, + WSI_TOKEN_HTTP_IF_NONE_MATCH))) { + + lwsl_debug("%s: ETAG match %s %s\n", __func__, + uri, origin); + + /* we don't need to send the payload */ + if (lws_add_http_header_status(wsi, + HTTP_STATUS_NOT_MODIFIED, &p, end)) + return -1; + + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_ETAG, + (unsigned char *)sym, n, &p, end)) + return -1; + + if (lws_finalize_http_header(wsi, &p, end)) + return -1; + + n = lws_write(wsi, start, p - start, + LWS_WRITE_HTTP_HEADERS); + if (n != (p - start)) { + lwsl_err("_write returned %d from %ld\n", n, + (long)(p - start)); + return -1; + } + + lws_vfs_file_close(&wsi->u.http.fop_fd); + + return lws_http_transaction_completed(wsi); + } + } + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_ETAG, + (unsigned char *)sym, n, &p, end)) + return -1; +#endif + + mimetype = lws_get_mimetype(path, m); + if (!mimetype) { + lwsl_err("unknown mimetype for %s\n", path); + goto bail; + } + if (!mimetype[0]) + lwsl_debug("sending no mimetype for %s\n", path); + + wsi->sending_chunked = 0; + + /* + * check if this is in the list of file suffixes to be interpreted by + * a protocol + */ + while (pvo) { + n = strlen(path); + if (n > (int)strlen(pvo->name) && + !strcmp(&path[n - strlen(pvo->name)], pvo->name)) { + wsi->sending_chunked = 1; + wsi->protocol_interpret_idx = (char)(lws_intptr_t)pvo->value; + lwsl_info("want %s interpreted by %s\n", path, + wsi->vhost->protocols[(int)(lws_intptr_t)(pvo->value)].name); + wsi->protocol = &wsi->vhost->protocols[(int)(lws_intptr_t)(pvo->value)]; + if (lws_ensure_user_space(wsi)) + return -1; + break; + } + pvo = pvo->next; + } + + if (m->protocol) { + const struct lws_protocols *pp = lws_vhost_name_to_protocol( + wsi->vhost, m->protocol); + + if (lws_bind_protocol(wsi, pp)) + return 1; + args.p = (char *)p; + args.max_len = end - p; + if (pp->callback(wsi, LWS_CALLBACK_ADD_HEADERS, + wsi->user_space, &args, 0)) + return -1; + p = (unsigned char *)args.p; + } + + n = lws_serve_http_file(wsi, path, mimetype, (char *)start, p - start); + + if (n < 0 || ((n > 0) && lws_http_transaction_completed(wsi))) + return -1; /* error or can't reuse connection: close the socket */ + + return 0; +bail: + + return -1; +} + +const struct lws_http_mount * +lws_find_mount(struct lws *wsi, const char *uri_ptr, int uri_len) +{ + const struct lws_http_mount *hm, *hit = NULL; + int best = 0; + + hm = wsi->vhost->mount_list; + while (hm) { + if (uri_len >= hm->mountpoint_len && + !strncmp(uri_ptr, hm->mountpoint, hm->mountpoint_len) && + (uri_ptr[hm->mountpoint_len] == '\0' || + uri_ptr[hm->mountpoint_len] == '/' || + hm->mountpoint_len == 1) + ) { + if (hm->origin_protocol == LWSMPRO_CALLBACK || + ((hm->origin_protocol == LWSMPRO_CGI || + lws_hdr_total_length(wsi, WSI_TOKEN_GET_URI) || + hm->protocol) && + hm->mountpoint_len > best)) { + best = hm->mountpoint_len; + hit = hm; + } + } + hm = hm->mount_next; + } + + return hit; +} + +#if LWS_POSIX + +static int +lws_find_string_in_file(const char *filename, const char *string, int stringlen) +{ + char buf[128]; + int fd, match = 0, pos = 0, n = 0, hit = 0; + + fd = open(filename, O_RDONLY); + if (fd < 0) { + lwsl_err("can't open auth file: %s\n", filename); + return 1; + } + + while (1) { + if (pos == n) { + n = read(fd, buf, sizeof(buf)); + if (n <= 0) { + if (match == stringlen) + hit = 1; + break; + } + pos = 0; + } + + if (match == stringlen) { + if (buf[pos] == '\r' || buf[pos] == '\n') { + hit = 1; + break; + } + match = 0; + } + + if (buf[pos] == string[match]) + match++; + else + match = 0; + + pos++; + } + + close(fd); + + return hit; +} + +static int +lws_unauthorised_basic_auth(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + unsigned char *start = pt->serv_buf + LWS_PRE, + *p = start, *end = p + 512; + char buf[64]; + int n; + + /* no auth... tell him it is required */ + + if (lws_add_http_header_status(wsi, HTTP_STATUS_UNAUTHORIZED, &p, end)) + return -1; + + n = lws_snprintf(buf, sizeof(buf), "Basic realm=\"lwsws\""); + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_WWW_AUTHENTICATE, + (unsigned char *)buf, n, &p, end)) + return -1; + + if (lws_finalize_http_header(wsi, &p, end)) + return -1; + + n = lws_write(wsi, start, p - start, LWS_WRITE_HTTP_HEADERS); + if (n < 0) + return -1; + + return lws_http_transaction_completed(wsi); + +} + +#endif + +int lws_clean_url(char *p) +{ + if (p[0] == 'h' && p[1] == 't' && p[2] == 't' && p[3] == 'p') { + p += 4; + if (*p == 's') + p++; + if (*p == ':') { + p++; + if (*p == '/') + p++; + } + } + + while (*p) { + if (p[0] == '/' && p[1] == '/') { + char *p1 = p; + while (*p1) { + *p1 = p1[1]; + p1++; + } + continue; + } + p++; + } + + return 0; +} + +int +lws_http_action(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + enum http_connection_type connection_type; + enum http_version request_version; + char content_length_str[32]; + struct lws_process_html_args args; + const struct lws_http_mount *hit = NULL; + unsigned int n, count = 0; + char http_version_str[10]; + char http_conn_str[20]; + int http_version_len; + char *uri_ptr = NULL, *s; + int uri_len = 0; + int meth = -1; + + static const unsigned char methods[] = { + WSI_TOKEN_GET_URI, + WSI_TOKEN_POST_URI, + WSI_TOKEN_OPTIONS_URI, + WSI_TOKEN_PUT_URI, + WSI_TOKEN_PATCH_URI, + WSI_TOKEN_DELETE_URI, + WSI_TOKEN_CONNECT, +#ifdef LWS_USE_HTTP2 + WSI_TOKEN_HTTP_COLON_PATH, +#endif + }; +#if defined(_DEBUG) || defined(LWS_WITH_ACCESS_LOG) + static const char * const method_names[] = { + "GET", "POST", "OPTIONS", "PUT", "PATCH", "DELETE", "CONNECT", +#ifdef LWS_USE_HTTP2 + ":path", +#endif + }; +#endif + static const char * const oprot[] = { + "http://", "https://" + }; + + /* it's not websocket.... shall we accept it as http? */ + + for (n = 0; n < ARRAY_SIZE(methods); n++) + if (lws_hdr_total_length(wsi, methods[n])) + count++; + if (!count) { + lwsl_warn("Missing URI in HTTP request\n"); + goto bail_nuke_ah; + } + + if (count != 1) { + lwsl_warn("multiple methods?\n"); + goto bail_nuke_ah; + } + + if (lws_ensure_user_space(wsi)) + goto bail_nuke_ah; + + for (n = 0; n < ARRAY_SIZE(methods); n++) + if (lws_hdr_total_length(wsi, methods[n])) { + uri_ptr = lws_hdr_simple_ptr(wsi, methods[n]); + uri_len = lws_hdr_total_length(wsi, methods[n]); + lwsl_info("Method: %s request for '%s'\n", + method_names[n], uri_ptr); + meth = n; + break; + } + + (void)meth; + + /* we insist on absolute paths */ + + if (!uri_ptr || uri_ptr[0] != '/') { + lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL); + + goto bail_nuke_ah; + } + + /* HTTP header had a content length? */ + + wsi->u.http.content_length = 0; + if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI) || + lws_hdr_total_length(wsi, WSI_TOKEN_PATCH_URI) || + lws_hdr_total_length(wsi, WSI_TOKEN_PUT_URI)) + wsi->u.http.content_length = 100 * 1024 * 1024; + + if (lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH)) { + lws_hdr_copy(wsi, content_length_str, + sizeof(content_length_str) - 1, + WSI_TOKEN_HTTP_CONTENT_LENGTH); + wsi->u.http.content_length = atoll(content_length_str); + } + + if (wsi->http2_substream) { + wsi->u.http.request_version = HTTP_VERSION_2; + } else { + /* http_version? Default to 1.0, override with token: */ + request_version = HTTP_VERSION_1_0; + + /* Works for single digit HTTP versions. : */ + http_version_len = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP); + if (http_version_len > 7) { + lws_hdr_copy(wsi, http_version_str, + sizeof(http_version_str) - 1, WSI_TOKEN_HTTP); + if (http_version_str[5] == '1' && http_version_str[7] == '1') + request_version = HTTP_VERSION_1_1; + } + wsi->u.http.request_version = request_version; + + /* HTTP/1.1 defaults to "keep-alive", 1.0 to "close" */ + if (request_version == HTTP_VERSION_1_1) + connection_type = HTTP_CONNECTION_KEEP_ALIVE; + else + connection_type = HTTP_CONNECTION_CLOSE; + + /* Override default if http "Connection:" header: */ + if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECTION)) { + lws_hdr_copy(wsi, http_conn_str, sizeof(http_conn_str) - 1, + WSI_TOKEN_CONNECTION); + http_conn_str[sizeof(http_conn_str) - 1] = '\0'; + if (!strcasecmp(http_conn_str, "keep-alive")) + connection_type = HTTP_CONNECTION_KEEP_ALIVE; + else + if (!strcasecmp(http_conn_str, "close")) + connection_type = HTTP_CONNECTION_CLOSE; + } + wsi->u.http.connection_type = connection_type; + } + + n = wsi->protocol->callback(wsi, LWS_CALLBACK_FILTER_HTTP_CONNECTION, + wsi->user_space, uri_ptr, uri_len); + if (n) { + lwsl_info("LWS_CALLBACK_HTTP closing\n"); + + return 1; + } + /* + * if there is content supposed to be coming, + * put a timeout on it having arrived + */ + lws_set_timeout(wsi, PENDING_TIMEOUT_HTTP_CONTENT, + wsi->context->timeout_secs); +#ifdef LWS_OPENSSL_SUPPORT + if (wsi->redirect_to_https) { + /* + * we accepted http:// only so we could redirect to + * https://, so issue the redirect. Create the redirection + * URI from the host: header and ignore the path part + */ + unsigned char *start = pt->serv_buf + LWS_PRE, *p = start, + *end = p + 512; + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) + goto bail_nuke_ah; + + n = sprintf((char *)end, "https://%s/", + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)); + + n = lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, + end, n, &p, end); + if ((int)n < 0) + goto bail_nuke_ah; + + return lws_http_transaction_completed(wsi); + } +#endif + +#ifdef LWS_WITH_ACCESS_LOG + /* + * Produce Apache-compatible log string for wsi, like this: + * + * 2.31.234.19 - - [27/Mar/2016:03:22:44 +0800] + * "GET /aep-screen.png HTTP/1.1" + * 200 152987 "https://libwebsockets.org/index.html" + * "Mozilla/5.0 (Macint... Chrome/49.0.2623.87 Safari/537.36" + * + */ + { + static const char * const hver[] = { + "http/1.0", "http/1.1", "http/2" + }; +#ifdef LWS_USE_IPV6 + char ads[INET6_ADDRSTRLEN]; +#else + char ads[INET_ADDRSTRLEN]; +#endif + char da[64]; + const char *pa, *me; + struct tm *tmp; + time_t t = time(NULL); + int l = 256; + + if (wsi->access_log_pending) + lws_access_log(wsi); + + wsi->access_log.header_log = lws_malloc(l); + if (wsi->access_log.header_log) { + + tmp = localtime(&t); + if (tmp) + strftime(da, sizeof(da), "%d/%b/%Y:%H:%M:%S %z", tmp); + else + strcpy(da, "01/Jan/1970:00:00:00 +0000"); + + pa = lws_get_peer_simple(wsi, ads, sizeof(ads)); + if (!pa) + pa = "(unknown)"; + + me = method_names[meth]; + + lws_snprintf(wsi->access_log.header_log, l, + "%s - - [%s] \"%s %s %s\"", + pa, da, me, uri_ptr, + hver[wsi->u.http.request_version]); + + l = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_USER_AGENT); + if (l) { + wsi->access_log.user_agent = lws_malloc(l + 2); + if (wsi->access_log.user_agent) + lws_hdr_copy(wsi, wsi->access_log.user_agent, + l + 1, WSI_TOKEN_HTTP_USER_AGENT); + else + lwsl_err("OOM getting user agent\n"); + } + wsi->access_log_pending = 1; + } + } +#endif + + /* can we serve it from the mount list? */ + + hit = lws_find_mount(wsi, uri_ptr, uri_len); + if (!hit) { + /* deferred cleanup and reset to protocols[0] */ + + lwsl_info("no hit\n"); + + if (lws_bind_protocol(wsi, &wsi->vhost->protocols[0])) + return 1; + + n = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, + wsi->user_space, uri_ptr, uri_len); + + goto after; + } + + s = uri_ptr + hit->mountpoint_len; + + /* + * if we have a mountpoint like https://xxx.com/yyy + * there is an implied / at the end for our purposes since + * we can only mount on a "directory". + * + * But if we just go with that, the browser cannot understand + * that he is actually looking down one "directory level", so + * even though we give him /yyy/abc.html he acts like the + * current directory level is /. So relative urls like "x.png" + * wrongly look outside the mountpoint. + * + * Therefore if we didn't come in on a url with an explicit + * / at the end, we must redirect to add it so the browser + * understands he is one "directory level" down. + */ + if ((hit->mountpoint_len > 1 || + (hit->origin_protocol == LWSMPRO_REDIR_HTTP || + hit->origin_protocol == LWSMPRO_REDIR_HTTPS)) && + (*s != '/' || + (hit->origin_protocol == LWSMPRO_REDIR_HTTP || + hit->origin_protocol == LWSMPRO_REDIR_HTTPS)) && + (hit->origin_protocol != LWSMPRO_CGI && + hit->origin_protocol != LWSMPRO_CALLBACK //&& + //hit->protocol == NULL + )) { + unsigned char *start = pt->serv_buf + LWS_PRE, + *p = start, *end = p + 512; + + lwsl_debug("Doing 301 '%s' org %s\n", s, hit->origin); + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) + goto bail_nuke_ah; + + /* > at start indicates deal with by redirect */ + if (hit->origin_protocol == LWSMPRO_REDIR_HTTP || + hit->origin_protocol == LWSMPRO_REDIR_HTTPS) + n = lws_snprintf((char *)end, 256, "%s%s", + oprot[hit->origin_protocol & 1], + hit->origin); + else + n = lws_snprintf((char *)end, 256, + "%s%s%s/", oprot[!!lws_is_ssl(wsi)], + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST), + uri_ptr); + + lwsl_notice("%s\n", end); + lws_clean_url((char *)end); + lwsl_notice("%s\n", end); + + n = lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, + end, n, &p, end); + if ((int)n < 0) + goto bail_nuke_ah; + + return lws_http_transaction_completed(wsi); + } + +#if LWS_POSIX + /* basic auth? */ + + if (hit->basic_auth_login_file) { + char b64[160], plain[(sizeof(b64) * 3) / 4]; + int m; + + /* Did he send auth? */ + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_AUTHORIZATION)) + return lws_unauthorised_basic_auth(wsi); + + n = HTTP_STATUS_FORBIDDEN; + + m = lws_hdr_copy(wsi, b64, sizeof(b64), WSI_TOKEN_HTTP_AUTHORIZATION); + if (m < 7) { + lwsl_err("b64 auth too long\n"); + goto transaction_result_n; + } + + b64[5] = '\0'; + if (strcasecmp(b64, "Basic")) { + lwsl_err("auth missing basic: %s\n", b64); + goto transaction_result_n; + } + + /* It'll be like Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l */ + + m = lws_b64_decode_string(b64 + 6, plain, sizeof(plain)); + if (m < 0) { + lwsl_err("plain auth too long\n"); + goto transaction_result_n; + } + +// lwsl_notice(plain); + + if (!lws_find_string_in_file(hit->basic_auth_login_file, plain, m)) { + lwsl_err("basic auth lookup failed\n"); + return lws_unauthorised_basic_auth(wsi); + } + + lwsl_notice("basic auth accepted\n"); + + /* accept the auth */ + } +#endif + +#if defined(LWS_WITH_HTTP_PROXY) + /* + * The mount is a reverse proxy? + */ + + if (hit->origin_protocol == LWSMPRO_HTTPS || + hit->origin_protocol == LWSMPRO_HTTP) { + struct lws_client_connect_info i; + char ads[96], rpath[256], *pcolon, *pslash, *p; + int n, na; + + memset(&i, 0, sizeof(i)); + i.context = lws_get_context(wsi); + + pcolon = strchr(hit->origin, ':'); + pslash = strchr(hit->origin, '/'); + if (!pslash) { + lwsl_err("Proxy mount origin '%s' must have /\n", hit->origin); + return -1; + } + if (pcolon > pslash) + pcolon = NULL; + + if (pcolon) + n = pcolon - hit->origin; + else + n = pslash - hit->origin; + + if (n >= sizeof(ads) - 2) + n = sizeof(ads) - 2; + + memcpy(ads, hit->origin, n); + ads[n] = '\0'; + + i.address = ads; + i.port = 80; + if (hit->origin_protocol == LWSMPRO_HTTPS) { + i.port = 443; + i.ssl_connection = 1; + } + if (pcolon) + i.port = atoi(pcolon + 1); + + lws_snprintf(rpath, sizeof(rpath) - 1, "/%s/%s", pslash + 1, uri_ptr + hit->mountpoint_len); + lws_clean_url(rpath); + na = lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_URI_ARGS); + if (na) { + p = rpath + strlen(rpath); + *p++ = '?'; + lws_hdr_copy(wsi, p, &rpath[sizeof(rpath) - 1] - p, WSI_TOKEN_HTTP_URI_ARGS); + while (--na) { + if (*p == '\0') + *p = '&'; + p++; + } + } + + + i.path = rpath; + i.host = i.address; + i.origin = NULL; + i.method = "GET"; + i.parent_wsi = wsi; + i.uri_replace_from = hit->origin; + i.uri_replace_to = hit->mountpoint; + + lwsl_notice("proxying to %s port %d url %s, ssl %d, from %s, to %s\n", + i.address, i.port, i.path, i.ssl_connection, i.uri_replace_from, i.uri_replace_to); + + if (!lws_client_connect_via_info(&i)) { + lwsl_err("proxy connect fail\n"); + return 1; + } + + return 0; + } +#endif + + /* + * A particular protocol callback is mounted here? + * + * For the duration of this http transaction, bind us to the + * associated protocol + */ + if (hit->origin_protocol == LWSMPRO_CALLBACK || hit->protocol) { + const struct lws_protocols *pp; + const char *name = hit->origin; + if (hit->protocol) + name = hit->protocol; + + pp = lws_vhost_name_to_protocol(wsi->vhost, name); + if (!pp) { + n = -1; + lwsl_err("Unable to find plugin '%s'\n", + hit->origin); + return 1; + } + + if (lws_bind_protocol(wsi, pp)) + return 1; + + args.p = uri_ptr; + args.len = uri_len; + args.max_len = hit->auth_mask; + args.final = 0; /* used to signal callback dealt with it */ + + n = wsi->protocol->callback(wsi, LWS_CALLBACK_CHECK_ACCESS_RIGHTS, + wsi->user_space, &args, 0); + if (n) { + lws_return_http_status(wsi, HTTP_STATUS_UNAUTHORIZED, + NULL); + goto bail_nuke_ah; + } + if (args.final) /* callback completely handled it well */ + return 0; + + if (hit->cgienv && wsi->protocol->callback(wsi, + LWS_CALLBACK_HTTP_PMO, + wsi->user_space, (void *)hit->cgienv, 0)) + return 1; + + if (lws_hdr_total_length(wsi, WSI_TOKEN_POST_URI)) { + n = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, + wsi->user_space, + uri_ptr + hit->mountpoint_len, + uri_len - hit->mountpoint_len); + goto after; + } + } + +#ifdef LWS_WITH_CGI + /* did we hit something with a cgi:// origin? */ + if (hit->origin_protocol == LWSMPRO_CGI) { + const char *cmd[] = { + NULL, /* replace with cgi path */ + NULL + }; + + lwsl_debug("%s: cgi\n", __func__); + cmd[0] = hit->origin; + + n = 5; + if (hit->cgi_timeout) + n = hit->cgi_timeout; + + n = lws_cgi(wsi, cmd, hit->mountpoint_len, n, + hit->cgienv); + if (n) { + lwsl_err("%s: cgi failed\n", __func__); + return -1; + } + + goto deal_body; + } +#endif + + n = strlen(s); + if (s[0] == '\0' || (n == 1 && s[n - 1] == '/')) + s = (char *)hit->def; + if (!s) + s = "index.html"; + + wsi->cache_secs = hit->cache_max_age; + wsi->cache_reuse = hit->cache_reusable; + wsi->cache_revalidate = hit->cache_revalidate; + wsi->cache_intermediaries = hit->cache_intermediaries; + + n = lws_http_serve(wsi, s, hit->origin, hit); + if (n) { + /* + * lws_return_http_status(wsi, HTTP_STATUS_NOT_FOUND, NULL); + */ + if (hit->protocol) { + const struct lws_protocols *pp = lws_vhost_name_to_protocol( + wsi->vhost, hit->protocol); + + if (lws_bind_protocol(wsi, pp)) + return 1; + + n = pp->callback(wsi, LWS_CALLBACK_HTTP, + wsi->user_space, + uri_ptr + hit->mountpoint_len, + uri_len - hit->mountpoint_len); + } else + n = wsi->protocol->callback(wsi, LWS_CALLBACK_HTTP, + wsi->user_space, uri_ptr, uri_len); + } + +after: + if (n) { + lwsl_info("LWS_CALLBACK_HTTP closing\n"); + + return 1; + } + +#ifdef LWS_WITH_CGI +deal_body: +#endif + /* + * If we're not issuing a file, check for content_length or + * HTTP keep-alive. No keep-alive header allocation for + * ISSUING_FILE, as this uses HTTP/1.0. + * + * In any case, return 0 and let lws_read decide how to + * proceed based on state + */ + if (wsi->state != LWSS_HTTP_ISSUING_FILE) + /* Prepare to read body if we have a content length: */ + if (wsi->u.http.content_length > 0) + wsi->state = LWSS_HTTP_BODY; + + return 0; + +bail_nuke_ah: + /* we're closing, losing some rx is OK */ + lws_header_table_force_to_detachable_state(wsi); + // lwsl_notice("%s: drop1\n", __func__); + lws_header_table_detach(wsi, 1); + + return 1; +#if LWS_POSIX +transaction_result_n: + lws_return_http_status(wsi, n, NULL); + + return lws_http_transaction_completed(wsi); +#endif +} + +static int +lws_server_init_wsi_for_ws(struct lws *wsi) +{ + int n; + + wsi->state = LWSS_ESTABLISHED; + lws_restart_ws_ping_pong_timer(wsi); + + /* + * create the frame buffer for this connection according to the + * size mentioned in the protocol definition. If 0 there, use + * a big default for compatibility + */ + + n = wsi->protocol->rx_buffer_size; + if (!n) + n = wsi->context->pt_serv_buf_size; + n += LWS_PRE; + wsi->u.ws.rx_ubuf = lws_malloc(n + 4 /* 0x0000ffff zlib */); + if (!wsi->u.ws.rx_ubuf) { + lwsl_err("Out of Mem allocating rx buffer %d\n", n); + return 1; + } + wsi->u.ws.rx_ubuf_alloc = n; + lwsl_debug("Allocating RX buffer %d\n", n); + +#if LWS_POSIX && !defined(LWS_WITH_ESP32) + if (!wsi->parent_carries_io) + if (setsockopt(wsi->desc.sockfd, SOL_SOCKET, SO_SNDBUF, + (const char *)&n, sizeof n)) { + lwsl_warn("Failed to set SNDBUF to %d", n); + return 1; + } +#endif + + /* notify user code that we're ready to roll */ + + if (wsi->protocol->callback) + if (wsi->protocol->callback(wsi, LWS_CALLBACK_ESTABLISHED, + wsi->user_space, +#ifdef LWS_OPENSSL_SUPPORT + wsi->ssl, +#else + NULL, +#endif + 0)) + return 1; + + return 0; +} + +int +lws_handshake_server(struct lws *wsi, unsigned char **buf, size_t len) +{ + int protocol_len, n = 0, hit, non_space_char_found = 0, m; + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + struct _lws_header_related hdr; + struct allocated_headers *ah; + unsigned char *obuf = *buf; + char protocol_list[128]; + char protocol_name[64]; + size_t olen = len; + char *p; + + if (len >= 10000000) { + lwsl_err("%s: assert: len %ld\n", __func__, (long)len); + assert(0); + } + + if (!wsi->u.hdr.ah) { + lwsl_err("%s: assert: NULL ah\n", __func__); + assert(0); + } + + while (len--) { + wsi->more_rx_waiting = !!len; + + if (wsi->mode != LWSCM_HTTP_SERVING && + wsi->mode != LWSCM_HTTP_SERVING_ACCEPTED) { + lwsl_err("%s: bad wsi mode %d\n", __func__, wsi->mode); + goto bail_nuke_ah; + } + + m = lws_parse(wsi, *(*buf)++); + if (m) { + if (m == 2) { + /* + * we are transitioning from http with + * an AH, to raw. Drop the ah and set + * the mode. + */ +raw_transition: + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + lws_bind_protocol(wsi, &wsi->vhost->protocols[ + wsi->vhost-> + raw_protocol_index]); + lwsl_info("transition to raw vh %s prot %d\n", + wsi->vhost->name, + wsi->vhost->raw_protocol_index); + if ((wsi->protocol->callback)(wsi, + LWS_CALLBACK_RAW_ADOPT, + wsi->user_space, NULL, 0)) + goto bail_nuke_ah; + + lws_header_table_force_to_detachable_state(wsi); + lws_union_transition(wsi, LWSCM_RAW); + lws_header_table_detach(wsi, 1); + + if (m == 2 && (wsi->protocol->callback)(wsi, + LWS_CALLBACK_RAW_RX, + wsi->user_space, obuf, olen)) + return 1; + + return 0; + } + lwsl_info("lws_parse failed\n"); + goto bail_nuke_ah; + } + + if (wsi->u.hdr.parser_state != WSI_PARSING_COMPLETE) + continue; + + lwsl_parser("%s: lws_parse sees parsing complete\n", __func__); + lwsl_debug("%s: wsi->more_rx_waiting=%d\n", __func__, + wsi->more_rx_waiting); + + /* check for unwelcome guests */ + + if (wsi->context->reject_service_keywords) { + const struct lws_protocol_vhost_options *rej = + wsi->context->reject_service_keywords; + char ua[384], *msg = NULL; + + if (lws_hdr_copy(wsi, ua, sizeof(ua) - 1, + WSI_TOKEN_HTTP_USER_AGENT) > 0) { + ua[sizeof(ua) - 1] = '\0'; + while (rej) { + if (strstr(ua, rej->name)) { + msg = strchr(rej->value, ' '); + if (msg) + msg++; + lws_return_http_status(wsi, atoi(rej->value), msg); + + wsi->vhost->conn_stats.rejected++; + + goto bail_nuke_ah; + } + rej = rej->next; + } + } + } + + /* select vhost */ + + if (lws_hdr_total_length(wsi, WSI_TOKEN_HOST)) { + struct lws_vhost *vhost = lws_select_vhost( + context, wsi->vhost->listen_port, + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HOST)); + + if (vhost) + wsi->vhost = vhost; + } else + lwsl_info("no host\n"); + + wsi->vhost->conn_stats.trans++; + if (!wsi->conn_stat_done) { + wsi->vhost->conn_stats.conn++; + wsi->conn_stat_done = 1; + } + + if (lws_hdr_total_length(wsi, WSI_TOKEN_CONNECT)) { + lwsl_info("Changing to RAW mode\n"); + m = 0; + goto raw_transition; + } + + wsi->mode = LWSCM_PRE_WS_SERVING_ACCEPT; + lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); + + /* is this websocket protocol or normal http 1.0? */ + + if (lws_hdr_total_length(wsi, WSI_TOKEN_UPGRADE)) { + if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE), + "websocket")) { + wsi->vhost->conn_stats.ws_upg++; + lwsl_info("Upgrade to ws\n"); + goto upgrade_ws; + } +#ifdef LWS_USE_HTTP2 + if (!strcasecmp(lws_hdr_simple_ptr(wsi, WSI_TOKEN_UPGRADE), + "h2c")) { + wsi->vhost->conn_stats.http2_upg++; + lwsl_info("Upgrade to h2c\n"); + goto upgrade_h2c; + } +#endif + lwsl_info("Unknown upgrade\n"); + /* dunno what he wanted to upgrade to */ + goto bail_nuke_ah; + } + + /* no upgrade ack... he remained as HTTP */ + + lwsl_info("No upgrade\n"); + ah = wsi->u.hdr.ah; + + lws_union_transition(wsi, LWSCM_HTTP_SERVING_ACCEPTED); + wsi->state = LWSS_HTTP; + wsi->u.http.fop_fd = NULL; + + /* expose it at the same offset as u.hdr */ + wsi->u.http.ah = ah; + lwsl_debug("%s: wsi %p: ah %p\n", __func__, (void *)wsi, + (void *)wsi->u.hdr.ah); + + n = lws_http_action(wsi); + + return n; + +#ifdef LWS_USE_HTTP2 +upgrade_h2c: + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP2_SETTINGS)) { + lwsl_info("missing http2_settings\n"); + goto bail_nuke_ah; + } + + lwsl_info("h2c upgrade...\n"); + + p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP2_SETTINGS); + /* convert the peer's HTTP-Settings */ + n = lws_b64_decode_string(p, protocol_list, + sizeof(protocol_list)); + if (n < 0) { + lwsl_parser("HTTP2_SETTINGS too long\n"); + return 1; + } + + /* adopt the header info */ + + ah = wsi->u.hdr.ah; + + lws_union_transition(wsi, LWSCM_HTTP2_SERVING); + + /* http2 union member has http union struct at start */ + wsi->u.http.ah = ah; + + lws_http2_init(&wsi->u.http2.peer_settings); + lws_http2_init(&wsi->u.http2.my_settings); + + /* HTTP2 union */ + + lws_http2_interpret_settings_payload(&wsi->u.http2.peer_settings, + (unsigned char *)protocol_list, n); + + strcpy(protocol_list, + "HTTP/1.1 101 Switching Protocols\x0d\x0a" + "Connection: Upgrade\x0d\x0a" + "Upgrade: h2c\x0d\x0a\x0d\x0a"); + n = lws_issue_raw(wsi, (unsigned char *)protocol_list, + strlen(protocol_list)); + if (n != strlen(protocol_list)) { + lwsl_debug("http2 switch: ERROR writing to socket\n"); + return 1; + } + + wsi->state = LWSS_HTTP2_AWAIT_CLIENT_PREFACE; + + return 0; +#endif + +upgrade_ws: + if (!wsi->protocol) + lwsl_err("NULL protocol at lws_read\n"); + + /* + * It's websocket + * + * Select the first protocol we support from the list + * the client sent us. + * + * Copy it to remove header fragmentation + */ + + if (lws_hdr_copy(wsi, protocol_list, sizeof(protocol_list) - 1, + WSI_TOKEN_PROTOCOL) < 0) { + lwsl_err("protocol list too long"); + goto bail_nuke_ah; + } + + protocol_len = lws_hdr_total_length(wsi, WSI_TOKEN_PROTOCOL); + protocol_list[protocol_len] = '\0'; + p = protocol_list; + hit = 0; + + while (*p && !hit) { + n = 0; + non_space_char_found = 0; + while (n < sizeof(protocol_name) - 1 && *p && + *p != ',') { + // ignore leading spaces + if (!non_space_char_found && *p == ' ') { + n++; + continue; + } + non_space_char_found = 1; + protocol_name[n++] = *p++; + } + protocol_name[n] = '\0'; + if (*p) + p++; + + lwsl_info("checking %s\n", protocol_name); + + n = 0; + while (wsi->vhost->protocols[n].callback) { + lwsl_info("try %s\n", wsi->vhost->protocols[n].name); + + if (wsi->vhost->protocols[n].name && + !strcmp(wsi->vhost->protocols[n].name, + protocol_name)) { + wsi->protocol = &wsi->vhost->protocols[n]; + hit = 1; + break; + } + + n++; + } + } + + /* we didn't find a protocol he wanted? */ + + if (!hit) { + if (lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL)) { + lwsl_info("No protocol from \"%s\" supported\n", + protocol_list); + goto bail_nuke_ah; + } + /* + * some clients only have one protocol and + * do not send the protocol list header... + * allow it and match to the vhost's default + * protocol (which itself defaults to zero) + */ + lwsl_info("defaulting to prot handler %d\n", + wsi->vhost->default_protocol_index); + n = wsi->vhost->default_protocol_index; + wsi->protocol = &wsi->vhost->protocols[ + (int)wsi->vhost->default_protocol_index]; + } + + /* allocate wsi->user storage */ + if (lws_ensure_user_space(wsi)) + goto bail_nuke_ah; + + /* + * Give the user code a chance to study the request and + * have the opportunity to deny it + */ + if ((wsi->protocol->callback)(wsi, + LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION, + wsi->user_space, + lws_hdr_simple_ptr(wsi, WSI_TOKEN_PROTOCOL), 0)) { + lwsl_warn("User code denied connection\n"); + goto bail_nuke_ah; + } + + /* + * Perform the handshake according to the protocol version the + * client announced + */ + + switch (wsi->ietf_spec_revision) { + case 13: + lwsl_parser("lws_parse calling handshake_04\n"); + if (handshake_0405(context, wsi)) { + lwsl_info("hs0405 has failed the connection\n"); + goto bail_nuke_ah; + } + break; + + default: + lwsl_info("Unknown client spec version %d\n", + wsi->ietf_spec_revision); + goto bail_nuke_ah; + } + + lws_same_vh_protocol_insert(wsi, n); + + /* we are upgrading to ws, so http/1.1 and keepalive + + * pipelined header considerations about keeping the ah around + * no longer apply. However it's common for the first ws + * protocol data to have been coalesced with the browser + * upgrade request and to already be in the ah rx buffer. + */ + + lwsl_info("%s: %p: inheriting ah in ws mode (rxpos:%d, rxlen:%d)\n", + __func__, wsi, wsi->u.hdr.ah->rxpos, + wsi->u.hdr.ah->rxlen); + lws_pt_lock(pt); + hdr = wsi->u.hdr; + + lws_union_transition(wsi, LWSCM_WS_SERVING); + /* + * first service is WS mode will notice this, use the RX and + * then detach the ah (caution: we are not in u.hdr union + * mode any more then... ah_temp member is at start the same + * though) + * + * Because rxpos/rxlen shows something in the ah, we will get + * service guaranteed next time around the event loop + * + * All union members begin with hdr, so we can use it even + * though we transitioned to ws union mode (the ah detach + * code uses it anyway). + */ + wsi->u.hdr = hdr; + lws_pt_unlock(pt); + + lws_server_init_wsi_for_ws(wsi); + lwsl_parser("accepted v%02d connection\n", + wsi->ietf_spec_revision); + + /* !!! drop ah unreservedly after ESTABLISHED */ + if (!wsi->more_rx_waiting) { + lws_header_table_force_to_detachable_state(wsi); + + //lwsl_notice("%p: dropping ah EST\n", wsi); + lws_header_table_detach(wsi, 1); + } + + return 0; + } /* while all chars are handled */ + + return 0; + +bail_nuke_ah: + /* drop the header info */ + /* we're closing, losing some rx is OK */ + lws_header_table_force_to_detachable_state(wsi); + //lwsl_notice("%s: drop2\n", __func__); + lws_header_table_detach(wsi, 1); + + return 1; +} + +static int +lws_get_idlest_tsi(struct lws_context *context) +{ + unsigned int lowest = ~0; + int n = 0, hit = -1; + + for (; n < context->count_threads; n++) { + if ((unsigned int)context->pt[n].fds_count != + context->fd_limit_per_thread - 1 && + (unsigned int)context->pt[n].fds_count < lowest) { + lowest = context->pt[n].fds_count; + hit = n; + } + } + + return hit; +} + +struct lws * +lws_create_new_server_wsi(struct lws_vhost *vhost) +{ + struct lws *new_wsi; + int n = lws_get_idlest_tsi(vhost->context); + + if (n < 0) { + lwsl_err("no space for new conn\n"); + return NULL; + } + + new_wsi = lws_zalloc(sizeof(struct lws)); + if (new_wsi == NULL) { + lwsl_err("Out of memory for new connection\n"); + return NULL; + } + + new_wsi->tsi = n; + lwsl_debug("Accepted wsi %p to context %p, tsi %d\n", new_wsi, + vhost->context, new_wsi->tsi); + + new_wsi->vhost = vhost; + new_wsi->context = vhost->context; + new_wsi->pending_timeout = NO_PENDING_TIMEOUT; + new_wsi->rxflow_change_to = LWS_RXFLOW_ALLOW; + + /* initialize the instance struct */ + + new_wsi->state = LWSS_HTTP; + new_wsi->mode = LWSCM_HTTP_SERVING; + new_wsi->hdr_parsing_completed = 0; + +#ifdef LWS_OPENSSL_SUPPORT + new_wsi->use_ssl = LWS_SSL_ENABLED(vhost); +#endif + + /* + * these can only be set once the protocol is known + * we set an unestablished connection's protocol pointer + * to the start of the supported list, so it can look + * for matching ones during the handshake + */ + new_wsi->protocol = vhost->protocols; + new_wsi->user_space = NULL; + new_wsi->ietf_spec_revision = 0; + new_wsi->desc.sockfd = LWS_SOCK_INVALID; + new_wsi->position_in_fds_table = -1; + + vhost->context->count_wsi_allocated++; + + /* + * outermost create notification for wsi + * no user_space because no protocol selection + */ + vhost->protocols[0].callback(new_wsi, LWS_CALLBACK_WSI_CREATE, + NULL, NULL, 0); + + return new_wsi; +} + +LWS_VISIBLE int LWS_WARN_UNUSED_RESULT +lws_http_transaction_completed(struct lws *wsi) +{ + int n = NO_PENDING_TIMEOUT; + + lws_access_log(wsi); + + if (!wsi->hdr_parsing_completed) { + lwsl_notice("%s: ignoring, ah parsing incomplete\n", __func__); + return 0; + } + + lwsl_debug("%s: wsi %p\n", __func__, wsi); + /* if we can't go back to accept new headers, drop the connection */ + if (wsi->u.http.connection_type != HTTP_CONNECTION_KEEP_ALIVE) { + lwsl_info("%s: %p: close connection\n", __func__, wsi); + return 1; + } + + if (lws_bind_protocol(wsi, &wsi->vhost->protocols[0])) + return 1; + + /* otherwise set ourselves up ready to go again */ + wsi->state = LWSS_HTTP; + wsi->mode = LWSCM_HTTP_SERVING; + wsi->u.http.content_length = 0; + wsi->u.http.content_remain = 0; + wsi->hdr_parsing_completed = 0; +#ifdef LWS_WITH_ACCESS_LOG + wsi->access_log.sent = 0; +#endif + + if (wsi->vhost->keepalive_timeout) + n = PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE; + lws_set_timeout(wsi, n, wsi->vhost->keepalive_timeout); + + /* + * We already know we are on http1.1 / keepalive and the next thing + * coming will be another header set. + * + * If there is no pending rx and we still have the ah, drop it and + * reacquire a new ah when the new headers start to arrive. (Otherwise + * we needlessly hog an ah indefinitely.) + * + * However if there is pending rx and we know from the keepalive state + * that is already at least the start of another header set, simply + * reset the existing header table and keep it. + */ + if (wsi->u.hdr.ah) { + lwsl_info("%s: wsi->more_rx_waiting=%d\n", __func__, + wsi->more_rx_waiting); + + if (!wsi->more_rx_waiting) { + lws_header_table_force_to_detachable_state(wsi); + lws_header_table_detach(wsi, 1); +#ifdef LWS_OPENSSL_SUPPORT + /* + * additionally... if we are hogging an SSL instance + * with no pending pipelined headers (or ah now), and + * SSL is scarce, drop this connection without waiting + */ + + if (wsi->vhost->use_ssl && + wsi->context->simultaneous_ssl_restriction && + wsi->context->simultaneous_ssl == + wsi->context->simultaneous_ssl_restriction) { + lwsl_info("%s: simultaneous_ssl_restriction and nothing pipelined\n", __func__); + return 1; + } +#endif + } else { + lws_header_table_reset(wsi, 1); + /* + * If we kept the ah, we should restrict the amount + * of time we are willing to keep it. Otherwise it + * will be bound the whole time the connection remains + * open. + */ + lws_set_timeout(wsi, PENDING_TIMEOUT_HOLDING_AH, + wsi->vhost->keepalive_timeout); + } + } + + /* If we're (re)starting on headers, need other implied init */ + wsi->u.hdr.ues = URIES_IDLE; + + lwsl_info("%s: %p: keep-alive await new transaction\n", __func__, wsi); + + return 0; +} + +/* if not a socket, it's a raw, non-ssl file descriptor */ + +LWS_VISIBLE struct lws * +lws_adopt_descriptor_vhost(struct lws_vhost *vh, lws_adoption_type type, + lws_sock_file_fd_type fd, const char *vh_prot_name, + struct lws *parent) +{ + struct lws_context *context = vh->context; + struct lws *new_wsi = lws_create_new_server_wsi(vh); + struct lws_context_per_thread *pt; + int n, ssl = 0; + + if (!new_wsi) { + if (type & LWS_ADOPT_SOCKET && !(type & LWS_ADOPT_WS_PARENTIO)) + compatible_close(fd.sockfd); + return NULL; + } + pt = &context->pt[(int)new_wsi->tsi]; + lws_stats_atomic_bump(context, pt, LWSSTATS_C_CONNECTIONS, 1); + + if (parent) { + new_wsi->parent = parent; + new_wsi->sibling_list = parent->child_list; + parent->child_list = new_wsi; + + if (type & LWS_ADOPT_WS_PARENTIO) + new_wsi->parent_carries_io = 1; + } + + new_wsi->desc = fd; + + if (vh_prot_name) { + new_wsi->protocol = lws_vhost_name_to_protocol(new_wsi->vhost, + vh_prot_name); + if (!new_wsi->protocol) { + lwsl_err("Protocol %s not enabled on vhost %s\n", + vh_prot_name, new_wsi->vhost->name); + goto bail; + } + if (lws_ensure_user_space(new_wsi)) { + lwsl_notice("OOM trying to get user_space\n"); + goto bail; + } + if (type & LWS_ADOPT_WS_PARENTIO) { + new_wsi->desc.sockfd = LWS_SOCK_INVALID; + lwsl_debug("binding to %s\n", new_wsi->protocol->name); + lws_bind_protocol(new_wsi, new_wsi->protocol); + lws_union_transition(new_wsi, LWSCM_WS_SERVING); + lws_server_init_wsi_for_ws(new_wsi); + + return new_wsi; + } + } else + if (type & LWS_ADOPT_HTTP) /* he will transition later */ + new_wsi->protocol = + &vh->protocols[vh->default_protocol_index]; + else { /* this is the only time he will transition */ + lws_bind_protocol(new_wsi, + &vh->protocols[vh->raw_protocol_index]); + lws_union_transition(new_wsi, LWSCM_RAW); + } + + if (type & LWS_ADOPT_SOCKET) { /* socket desc */ + lwsl_debug("%s: new wsi %p, sockfd %d\n", __func__, new_wsi, + (int)(lws_intptr_t)fd.sockfd); + + if (type & LWS_ADOPT_HTTP) + /* the transport is accepted... + * give him time to negotiate */ + lws_set_timeout(new_wsi, + PENDING_TIMEOUT_ESTABLISH_WITH_SERVER, + context->timeout_secs); + +#if LWS_POSIX == 0 +#if defined(LWS_WITH_ESP8266) + esp8266_tcp_stream_accept(accept_fd, new_wsi); +#endif +#endif + } else /* file desc */ + lwsl_debug("%s: new wsi %p, filefd %d\n", __func__, new_wsi, + (int)(lws_intptr_t)fd.filefd); + + /* + * A new connection was accepted. Give the user a chance to + * set properties of the newly created wsi. There's no protocol + * selected yet so we issue this to the vhosts's default protocol, + * itself by default protocols[0] + */ + n = LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED; + if (!(type & LWS_ADOPT_HTTP)) { + if (!(type & LWS_ADOPT_SOCKET)) + n = LWS_CALLBACK_RAW_ADOPT_FILE; + else + n = LWS_CALLBACK_RAW_ADOPT; + } + + if (!LWS_SSL_ENABLED(new_wsi->vhost) || !(type & LWS_ADOPT_ALLOW_SSL) || + !(type & LWS_ADOPT_SOCKET)) { + /* non-SSL */ + if (!(type & LWS_ADOPT_HTTP)) { + if (!(type & LWS_ADOPT_SOCKET)) + new_wsi->mode = LWSCM_RAW_FILEDESC; + else + new_wsi->mode = LWSCM_RAW; + } + } else { + /* SSL */ + if (!(type & LWS_ADOPT_HTTP)) + new_wsi->mode = LWSCM_SSL_INIT_RAW; + else + new_wsi->mode = LWSCM_SSL_INIT; + + ssl = 1; + } + + lws_libev_accept(new_wsi, new_wsi->desc); + lws_libuv_accept(new_wsi, new_wsi->desc); + lws_libevent_accept(new_wsi, new_wsi->desc); + + if (!ssl) { + if (insert_wsi_socket_into_fds(context, new_wsi)) { + lwsl_err("%s: fail inserting socket\n", __func__); + goto fail; + } + } else + if (lws_server_socket_service_ssl(new_wsi, fd.sockfd)) { + lwsl_err("%s: fail ssl negotiation\n", __func__); + goto fail; + } + + /* + * by deferring callback to this point, after insertion to fds, + * lws_callback_on_writable() can work from the callback + */ + if ((new_wsi->protocol->callback)( + new_wsi, n, new_wsi->user_space, NULL, 0)) + goto fail; + + if (type & LWS_ADOPT_HTTP) { + if (!lws_header_table_attach(new_wsi, 0)) + lwsl_debug("Attached ah immediately\n"); + else + lwsl_info("%s: waiting for ah\n", __func__); + } + + return new_wsi; + +fail: + if (type & LWS_ADOPT_SOCKET) + lws_close_free_wsi(new_wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return NULL; + +bail: + lwsl_notice("%s: exiting on bail\n", __func__); + if (parent) + parent->child_list = new_wsi->sibling_list; + if (new_wsi->user_space) + lws_free(new_wsi->user_space); + lws_free(new_wsi); + compatible_close(fd.sockfd); + + return NULL; +} + +LWS_VISIBLE struct lws * +lws_adopt_socket_vhost(struct lws_vhost *vh, lws_sockfd_type accept_fd) +{ + lws_sock_file_fd_type fd; + + fd.sockfd = accept_fd; + return lws_adopt_descriptor_vhost(vh, LWS_ADOPT_SOCKET | + LWS_ADOPT_HTTP | LWS_ADOPT_ALLOW_SSL, fd, NULL, NULL); +} + +LWS_VISIBLE struct lws * +lws_adopt_socket(struct lws_context *context, lws_sockfd_type accept_fd) +{ + return lws_adopt_socket_vhost(context->vhost_list, accept_fd); +} + +/* Common read-buffer adoption for lws_adopt_*_readbuf */ +static struct lws* +adopt_socket_readbuf(struct lws *wsi, const char *readbuf, size_t len) +{ + struct lws_context_per_thread *pt; + struct allocated_headers *ah; + struct lws_pollfd *pfd; + + if (!wsi) + return NULL; + + if (!readbuf || len == 0) + return wsi; + + if (len > sizeof(ah->rx)) { + lwsl_err("%s: rx in too big\n", __func__); + goto bail; + } + + /* + * we can't process the initial read data until we can attach an ah. + * + * if one is available, get it and place the data in his ah rxbuf... + * wsi with ah that have pending rxbuf get auto-POLLIN service. + * + * no autoservice because we didn't get a chance to attach the + * readbuf data to wsi or ah yet, and we will do it next if we get + * the ah. + */ + if (wsi->u.hdr.ah || !lws_header_table_attach(wsi, 0)) { + ah = wsi->u.hdr.ah; + memcpy(ah->rx, readbuf, len); + ah->rxpos = 0; + ah->rxlen = len; + + lwsl_notice("%s: calling service on readbuf ah\n", __func__); + pt = &wsi->context->pt[(int)wsi->tsi]; + + /* unlike a normal connect, we have the headers already + * (or the first part of them anyway). + * libuv won't come back and service us without a network + * event, so we need to do the header service right here. + */ + pfd = &pt->fds[wsi->position_in_fds_table]; + pfd->revents |= LWS_POLLIN; + lwsl_err("%s: calling service\n", __func__); + if (lws_service_fd_tsi(wsi->context, pfd, wsi->tsi)) + /* service closed us */ + return NULL; + + return wsi; + } + lwsl_err("%s: deferring handling ah\n", __func__); + /* + * hum if no ah came, we are on the wait list and must defer + * dealing with this until the ah arrives. + * + * later successful lws_header_table_attach() will apply the + * below to the rx buffer (via lws_header_table_reset()). + */ + wsi->u.hdr.preamble_rx = lws_malloc(len); + if (!wsi->u.hdr.preamble_rx) { + lwsl_err("OOM\n"); + goto bail; + } + memcpy(wsi->u.hdr.preamble_rx, readbuf, len); + wsi->u.hdr.preamble_rx_len = len; + + return wsi; + +bail: + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return NULL; +} + +LWS_VISIBLE struct lws * +lws_adopt_socket_readbuf(struct lws_context *context, lws_sockfd_type accept_fd, + const char *readbuf, size_t len) +{ + return adopt_socket_readbuf(lws_adopt_socket(context, accept_fd), readbuf, len); +} + +LWS_VISIBLE struct lws * +lws_adopt_socket_vhost_readbuf(struct lws_vhost *vhost, lws_sockfd_type accept_fd, + const char *readbuf, size_t len) +{ + return adopt_socket_readbuf(lws_adopt_socket_vhost(vhost, accept_fd), readbuf, len); +} + +LWS_VISIBLE int +lws_server_socket_service(struct lws_context *context, struct lws *wsi, + struct lws_pollfd *pollfd) +{ + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + lws_sockfd_type accept_fd = LWS_SOCK_INVALID; + struct allocated_headers *ah; + lws_sock_file_fd_type fd; + int opts = LWS_ADOPT_SOCKET | LWS_ADOPT_ALLOW_SSL; +#if LWS_POSIX + struct sockaddr_storage cli_addr; + socklen_t clilen; +#endif + int n, len; + + // lwsl_notice("%s: mode %d\n", __func__, wsi->mode); + + switch (wsi->mode) { + + case LWSCM_HTTP_SERVING: + case LWSCM_HTTP_SERVING_ACCEPTED: + case LWSCM_HTTP2_SERVING: + case LWSCM_RAW: + + /* handle http headers coming in */ + + /* pending truncated sends have uber priority */ + + if (wsi->trunc_len) { + if (!(pollfd->revents & LWS_POLLOUT)) + break; + + if (lws_issue_raw(wsi, wsi->trunc_alloc + + wsi->trunc_offset, + wsi->trunc_len) < 0) + goto fail; + /* + * we can't afford to allow input processing to send + * something new, so spin around he event loop until + * he doesn't have any partials + */ + break; + } + + /* any incoming data ready? */ + + if (!(pollfd->revents & pollfd->events & LWS_POLLIN)) + goto try_pollout; + + /* + * If we previously just did POLLIN when IN and OUT were + * signalled (because POLLIN processing may have used up + * the POLLOUT), don't let that happen twice in a row... + * next time we see the situation favour POLLOUT + */ +#if !defined(LWS_WITH_ESP8266) + if (wsi->favoured_pollin && + (pollfd->revents & pollfd->events & LWS_POLLOUT)) { + wsi->favoured_pollin = 0; + goto try_pollout; + } +#endif + + /* these states imply we MUST have an ah attached */ + + if (wsi->mode != LWSCM_RAW && (wsi->state == LWSS_HTTP || + wsi->state == LWSS_HTTP_ISSUING_FILE || + wsi->state == LWSS_HTTP_HEADERS)) { + if (!wsi->u.hdr.ah) { + + //lwsl_err("wsi %p: missing ah\n", wsi); + /* no autoservice beacuse we will do it next */ + if (lws_header_table_attach(wsi, 0)) { + lwsl_info("wsi %p: failed to acquire ah\n", wsi); + goto try_pollout; + } + } + ah = wsi->u.hdr.ah; + + //lwsl_notice("%s: %p: rxpos:%d rxlen:%d\n", __func__, wsi, + // ah->rxpos, ah->rxlen); + + /* if nothing in ah rx buffer, get some fresh rx */ + if (ah->rxpos == ah->rxlen) { + ah->rxlen = lws_ssl_capable_read(wsi, ah->rx, + sizeof(ah->rx)); + ah->rxpos = 0; + //lwsl_notice("%s: wsi %p, ah->rxlen = %d\r\n", + // __func__, wsi, ah->rxlen); + switch (ah->rxlen) { + case 0: + lwsl_info("%s: read 0 len\n", __func__); + /* lwsl_info(" state=%d\n", wsi->state); */ +// if (!wsi->hdr_parsing_completed) +// lws_header_table_detach(wsi); + /* fallthru */ + case LWS_SSL_CAPABLE_ERROR: + goto fail; + case LWS_SSL_CAPABLE_MORE_SERVICE: + ah->rxlen = ah->rxpos = 0; + goto try_pollout; + } + + /* + * make sure ah does not get detached if we + * have live data in the rx + */ + if (ah->rxlen) + wsi->more_rx_waiting = 1; + } + + if (!(ah->rxpos != ah->rxlen && ah->rxlen)) { + lwsl_err("%s: assert: rxpos %d, rxlen %d\n", + __func__, ah->rxpos, ah->rxlen); + + assert(0); + } + + /* just ignore incoming if waiting for close */ + if (wsi->state != LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE && + wsi->state != LWSS_HTTP_ISSUING_FILE) { + n = lws_read(wsi, ah->rx + ah->rxpos, + ah->rxlen - ah->rxpos); + if (n < 0) /* we closed wsi */ + return 1; + if (wsi->u.hdr.ah) { + if ( wsi->u.hdr.ah->rxlen) + wsi->u.hdr.ah->rxpos += n; + + lwsl_debug("%s: wsi %p: ah read rxpos %d, rxlen %d\n", __func__, wsi, wsi->u.hdr.ah->rxpos, wsi->u.hdr.ah->rxlen); + + if (lws_header_table_is_in_detachable_state(wsi) && + (wsi->mode != LWSCM_HTTP_SERVING && + wsi->mode != LWSCM_HTTP_SERVING_ACCEPTED && + wsi->mode != LWSCM_HTTP2_SERVING)) + lws_header_table_detach(wsi, 1); + } + break; + } + + goto try_pollout; + } + + len = lws_ssl_capable_read(wsi, pt->serv_buf, + context->pt_serv_buf_size); + lwsl_debug("%s: wsi %p read %d\r\n", __func__, wsi, len); + switch (len) { + case 0: + lwsl_info("%s: read 0 len\n", __func__); + /* lwsl_info(" state=%d\n", wsi->state); */ +// if (!wsi->hdr_parsing_completed) +// lws_header_table_detach(wsi); + /* fallthru */ + case LWS_SSL_CAPABLE_ERROR: + goto fail; + case LWS_SSL_CAPABLE_MORE_SERVICE: + goto try_pollout; + } + + if (wsi->mode == LWSCM_RAW) { + n = user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_RAW_RX, + wsi->user_space, pt->serv_buf, len); + if (n < 0) { + lwsl_info("LWS_CALLBACK_RAW_RX_fail\n"); + goto fail; + } + goto try_pollout; + } + + /* just ignore incoming if waiting for close */ + if (wsi->state != LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE && + wsi->state != LWSS_HTTP_ISSUING_FILE) { + /* + * this may want to send + * (via HTTP callback for example) + */ + n = lws_read(wsi, pt->serv_buf, len); + if (n < 0) /* we closed wsi */ + return 1; + /* + * he may have used up the + * writability above, if we will defer POLLOUT + * processing in favour of POLLIN, note it + */ + if (pollfd->revents & LWS_POLLOUT) + wsi->favoured_pollin = 1; + break; + } + +try_pollout: + + /* this handles POLLOUT for http serving fragments */ + + if (!(pollfd->revents & LWS_POLLOUT)) + break; + + /* one shot */ + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_notice("%s a\n", __func__); + goto fail; + } + + if (wsi->mode == LWSCM_RAW) { + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITEABLE_CB, 1); +#if defined(LWS_WITH_STATS) + { + uint64_t ul = time_in_microseconds() - wsi->active_writable_req_us; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_WRITABLE_DELAY, ul); + lws_stats_atomic_max(wsi->context, pt, LWSSTATS_MS_WORST_WRITABLE_DELAY, ul); + wsi->active_writable_req_us = 0; + } +#endif + n = user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_RAW_WRITEABLE, + wsi->user_space, NULL, 0); + if (n < 0) { + lwsl_info("writeable_fail\n"); + goto fail; + } + break; + } + + if (!wsi->hdr_parsing_completed) + break; + + if (wsi->state != LWSS_HTTP_ISSUING_FILE) { + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITEABLE_CB, 1); +#if defined(LWS_WITH_STATS) + { + uint64_t ul = time_in_microseconds() - wsi->active_writable_req_us; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_WRITABLE_DELAY, ul); + lws_stats_atomic_max(wsi->context, pt, LWSSTATS_MS_WORST_WRITABLE_DELAY, ul); + wsi->active_writable_req_us = 0; + } +#endif + + n = user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_HTTP_WRITEABLE, + wsi->user_space, NULL, 0); + if (n < 0) { + lwsl_info("writeable_fail\n"); + goto fail; + } + break; + } + + /* >0 == completion, <0 == error + * + * We'll get a LWS_CALLBACK_HTTP_FILE_COMPLETION callback when + * it's done. That's the case even if we just completed the + * send, so wait for that. + */ + n = lws_serve_http_file_fragment(wsi); + if (n < 0) + goto fail; + + break; + + case LWSCM_SERVER_LISTENER: + +#if LWS_POSIX + /* pollin means a client has connected to us then */ + + do { + if (!(pollfd->revents & LWS_POLLIN) || !(pollfd->events & LWS_POLLIN)) + break; + +#ifdef LWS_OPENSSL_SUPPORT + /* + * can we really accept it, with regards to SSL limit? + * another vhost may also have had POLLIN on his listener this + * round and used it up already + */ + + if (wsi->vhost->use_ssl && + context->simultaneous_ssl_restriction && + context->simultaneous_ssl == + context->simultaneous_ssl_restriction) + /* no... ignore it, he won't come again until we are + * below the simultaneous_ssl_restriction limit and + * POLLIN is enabled on him again + */ + break; +#endif + /* listen socket got an unencrypted connection... */ + + clilen = sizeof(cli_addr); + lws_latency_pre(context, wsi); + accept_fd = accept(pollfd->fd, (struct sockaddr *)&cli_addr, + &clilen); + lws_latency(context, wsi, "listener accept", accept_fd, + accept_fd >= 0); + if (accept_fd < 0) { + if (LWS_ERRNO == LWS_EAGAIN || + LWS_ERRNO == LWS_EWOULDBLOCK) { +// lwsl_err("accept asks to try again\n"); + break; + } + lwsl_err("ERROR on accept: %s\n", strerror(LWS_ERRNO)); + break; + } + + lws_plat_set_socket_options(wsi->vhost, accept_fd); + +#if defined(LWS_USE_IPV6) + lwsl_debug("accepted new conn port %u on fd=%d\n", + ((cli_addr.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *) &cli_addr)->sin6_port) : + ntohs(((struct sockaddr_in *) &cli_addr)->sin_port)), + accept_fd); +#else + lwsl_debug("accepted new conn port %u on fd=%d\n", + ntohs(((struct sockaddr_in *) &cli_addr)->sin_port), + accept_fd); +#endif + +#else + /* not very beautiful... */ + accept_fd = (lws_sockfd_type)pollfd; +#endif + /* + * look at who we connected to and give user code a chance + * to reject based on client IP. There's no protocol selected + * yet so we issue this to protocols[0] + */ + if ((wsi->vhost->protocols[0].callback)(wsi, + LWS_CALLBACK_FILTER_NETWORK_CONNECTION, + NULL, (void *)(lws_intptr_t)accept_fd, 0)) { + lwsl_debug("Callback denied network connection\n"); + compatible_close(accept_fd); + break; + } + + if (!(wsi->vhost->options & LWS_SERVER_OPTION_ONLY_RAW)) + opts |= LWS_ADOPT_HTTP; + + fd.sockfd = accept_fd; + if (!lws_adopt_descriptor_vhost(wsi->vhost, opts, fd, + NULL, NULL)) + /* already closed cleanly as necessary */ + return 1; + +#if LWS_POSIX + } while (pt->fds_count < context->fd_limit_per_thread - 1 && + lws_poll_listen_fd(&pt->fds[wsi->position_in_fds_table]) > 0); +#endif + return 0; + + default: + break; + } + + if (!lws_server_socket_service_ssl(wsi, accept_fd)) + return 0; + +fail: + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return 1; +} + +LWS_VISIBLE int +lws_serve_http_file(struct lws *wsi, const char *file, const char *content_type, + const char *other_headers, int other_headers_len) +{ + static const char * const intermediates[] = { "private", "public" }; + struct lws_context *context = lws_get_context(wsi); + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; +#if defined(LWS_WITH_RANGES) + struct lws_range_parsing *rp = &wsi->u.http.range; +#endif + char cache_control[50], *cc = "no-store"; + unsigned char *response = pt->serv_buf + LWS_PRE; + unsigned char *p = response; + unsigned char *end = p + context->pt_serv_buf_size - LWS_PRE; + lws_filepos_t computed_total_content_length; + int ret = 0, cclen = 8, n = HTTP_STATUS_OK; + lws_fop_flags_t fflags = LWS_O_RDONLY; +#if defined(LWS_WITH_RANGES) + int ranges; +#endif + const struct lws_plat_file_ops *fops; + const char *vpath; + + /* + * We either call the platform fops .open with first arg platform fops, + * or we call fops_zip .open with first arg platform fops, and fops_zip + * open will decide whether to switch to fops_zip or stay with fops_def. + * + * If wsi->u.http.fop_fd is already set, the caller already opened it + */ + if (!wsi->u.http.fop_fd) { + fops = lws_vfs_select_fops(wsi->context->fops, file, &vpath); + fflags |= lws_vfs_prepare_flags(wsi); + wsi->u.http.fop_fd = fops->LWS_FOP_OPEN(wsi->context->fops, + file, vpath, &fflags); + if (!wsi->u.http.fop_fd) { + lwsl_err("Unable to open '%s'\n", file); + + return -1; + } + } + wsi->u.http.filelen = lws_vfs_get_length(wsi->u.http.fop_fd); + computed_total_content_length = wsi->u.http.filelen; + +#if defined(LWS_WITH_RANGES) + ranges = lws_ranges_init(wsi, rp, wsi->u.http.filelen); + + lwsl_debug("Range count %d\n", ranges); + /* + * no ranges -> 200; + * 1 range -> 206 + Content-Type: normal; Content-Range; + * more -> 206 + Content-Type: multipart/byteranges + * Repeat the true Content-Type in each multipart header + * along with Content-Range + */ + if (ranges < 0) { + /* it means he expressed a range in Range:, but it was illegal */ + lws_return_http_status(wsi, HTTP_STATUS_REQ_RANGE_NOT_SATISFIABLE, NULL); + if (lws_http_transaction_completed(wsi)) + return -1; /* <0 means just hang up */ + + lws_vfs_file_close(&wsi->u.http.fop_fd); + + return 0; /* == 0 means we dealt with the transaction complete */ + } + if (ranges) + n = HTTP_STATUS_PARTIAL_CONTENT; +#endif + + if (lws_add_http_header_status(wsi, n, &p, end)) + return -1; + + if ((wsi->u.http.fop_fd->flags & (LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP | + LWS_FOP_FLAG_COMPR_IS_GZIP)) == + (LWS_FOP_FLAG_COMPR_ACCEPTABLE_GZIP | LWS_FOP_FLAG_COMPR_IS_GZIP)) { + if (lws_add_http_header_by_token(wsi, + WSI_TOKEN_HTTP_CONTENT_ENCODING, + (unsigned char *)"gzip", 4, &p, end)) + return -1; + lwsl_info("file is being provided in gzip\n"); + } + + if ( +#if defined(LWS_WITH_RANGES) + ranges < 2 && +#endif + content_type && content_type[0]) + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)content_type, + strlen(content_type), &p, end)) + return -1; + +#if defined(LWS_WITH_RANGES) + if (ranges >= 2) { /* multipart byteranges */ + strncpy(wsi->u.http.multipart_content_type, content_type, + sizeof(wsi->u.http.multipart_content_type) - 1); + wsi->u.http.multipart_content_type[ + sizeof(wsi->u.http.multipart_content_type) - 1] = '\0'; + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_TYPE, + (unsigned char *)"multipart/byteranges; boundary=_lws", + 20, &p, end)) + return -1; + + /* + * our overall content length has to include + * + * - (n + 1) x "_lws\r\n" + * - n x Content-Type: xxx/xxx\r\n + * - n x Content-Range: bytes xxx-yyy/zzz\r\n + * - n x /r/n + * - the actual payloads (aggregated in rp->agg) + * + * Precompute it for the main response header + */ + + computed_total_content_length = (lws_filepos_t)rp->agg + + 6 /* final _lws\r\n */; + + lws_ranges_reset(rp); + while (lws_ranges_next(rp)) { + n = lws_snprintf(cache_control, sizeof(cache_control), + "bytes %llu-%llu/%llu", + rp->start, rp->end, rp->extent); + + computed_total_content_length += + 6 /* header _lws\r\n */ + + 14 + strlen(content_type) + 2 + /* Content-Type: xxx/xxx\r\n */ + 15 + n + 2 + /* Content-Range: xxxx\r\n */ + 2; /* /r/n */ + } + + lws_ranges_reset(rp); + lws_ranges_next(rp); + } + + if (ranges == 1) { + computed_total_content_length = (lws_filepos_t)rp->agg; + n = lws_snprintf(cache_control, sizeof(cache_control), "bytes %llu-%llu/%llu", + rp->start, rp->end, rp->extent); + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_RANGE, + (unsigned char *)cache_control, + n, &p, end)) + return -1; + } + + wsi->u.http.range.inside = 0; + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_ACCEPT_RANGES, + (unsigned char *)"bytes", 5, &p, end)) + return -1; +#endif + + if (!wsi->sending_chunked) { + if (lws_add_http_header_content_length(wsi, + computed_total_content_length, + &p, end)) + return -1; + } else { + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_TRANSFER_ENCODING, + (unsigned char *)"chunked", + 7, &p, end)) + return -1; + } + + if (wsi->cache_secs && wsi->cache_reuse) { + if (wsi->cache_revalidate) { + cc = cache_control; + cclen = sprintf(cache_control, "%s max-age: %u", + intermediates[wsi->cache_intermediaries], + wsi->cache_secs); + } else { + cc = "no-cache"; + cclen = 8; + } + } + + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CACHE_CONTROL, + (unsigned char *)cc, cclen, &p, end)) + return -1; + + if (wsi->u.http.connection_type == HTTP_CONNECTION_KEEP_ALIVE) + if (lws_add_http_header_by_token(wsi, WSI_TOKEN_CONNECTION, + (unsigned char *)"keep-alive", 10, &p, end)) + return -1; + + if (other_headers) { + if ((end - p) < other_headers_len) + return -1; + memcpy(p, other_headers, other_headers_len); + p += other_headers_len; + } + + if (lws_finalize_http_header(wsi, &p, end)) + return -1; + + ret = lws_write(wsi, response, p - response, LWS_WRITE_HTTP_HEADERS); + if (ret != (p - response)) { + lwsl_err("_write returned %d from %ld\n", ret, (long)(p - response)); + return -1; + } + + wsi->u.http.filepos = 0; + wsi->state = LWSS_HTTP_ISSUING_FILE; + + return lws_serve_http_file_fragment(wsi); +} + +int +lws_interpret_incoming_packet(struct lws *wsi, unsigned char **buf, size_t len) +{ + int m; + + lwsl_parser("%s: received %d byte packet\n", __func__, (int)len); +#if 0 + lwsl_hexdump(*buf, len); +#endif + + /* let the rx protocol state machine have as much as it needs */ + + while (len) { + /* + * we were accepting input but now we stopped doing so + */ + if (!(wsi->rxflow_change_to & LWS_RXFLOW_ALLOW)) { + lws_rxflow_cache(wsi, *buf, 0, len); + lwsl_parser("%s: cached %ld\n", __func__, (long)len); + return 1; + } + + if (wsi->u.ws.rx_draining_ext) { + // lwsl_notice("draining with 0\n"); + m = lws_rx_sm(wsi, 0); + if (m < 0) + return -1; + continue; + } + + /* account for what we're using in rxflow buffer */ + if (wsi->rxflow_buffer) + wsi->rxflow_pos++; + + /* consume payload bytes efficiently */ + if ( + wsi->lws_rx_parse_state == + LWS_RXPS_PAYLOAD_UNTIL_LENGTH_EXHAUSTED) { + m = lws_payload_until_length_exhausted(wsi, buf, &len); + if (wsi->rxflow_buffer) + wsi->rxflow_pos += m; + } + + /* process the byte */ + m = lws_rx_sm(wsi, *(*buf)++); + if (m < 0) + return -1; + len--; + } + + lwsl_parser("%s: exit with %d unused\n", __func__, (int)len); + + return 0; +} + +LWS_VISIBLE void +lws_server_get_canonical_hostname(struct lws_context *context, + struct lws_context_creation_info *info) +{ + if (lws_check_opt(info->options, LWS_SERVER_OPTION_SKIP_SERVER_CANONICAL_NAME)) + return; +#if LWS_POSIX && !defined(LWS_WITH_ESP32) + /* find canonical hostname */ + gethostname((char *)context->canonical_hostname, + sizeof(context->canonical_hostname) - 1); + + lwsl_notice(" canonical_hostname = %s\n", context->canonical_hostname); +#else + (void)context; +#endif +} + +#define LWS_MAX_ELEM_NAME 32 + +enum urldecode_stateful { + US_NAME, + US_IDLE, + US_PC1, + US_PC2, + + MT_LOOK_BOUND_IN, + MT_HNAME, + MT_DISP, + MT_TYPE, + MT_IGNORE1, + MT_IGNORE2, +}; + +static const char * const mp_hdr[] = { + "content-disposition: ", + "content-type: ", + "\x0d\x0a" +}; + +typedef int (*lws_urldecode_stateful_cb)(void *data, + const char *name, char **buf, int len, int final); + +struct lws_urldecode_stateful { + char *out; + void *data; + char name[LWS_MAX_ELEM_NAME]; + char temp[LWS_MAX_ELEM_NAME]; + char content_type[32]; + char content_disp[32]; + char content_disp_filename[256]; + char mime_boundary[128]; + int out_len; + int pos; + int hdr_idx; + int mp; + int sum; + + unsigned int multipart_form_data:1; + unsigned int inside_quote:1; + unsigned int subname:1; + unsigned int boundary_real_crlf:1; + + enum urldecode_stateful state; + + lws_urldecode_stateful_cb output; +}; + +static struct lws_urldecode_stateful * +lws_urldecode_s_create(struct lws *wsi, char *out, int out_len, void *data, + lws_urldecode_stateful_cb output) +{ + struct lws_urldecode_stateful *s = lws_zalloc(sizeof(*s)); + char buf[200], *p; + int m = 0; + + if (!s) + return NULL; + + s->out = out; + s->out_len = out_len; + s->output = output; + s->pos = 0; + s->sum = 0; + s->mp = 0; + s->state = US_NAME; + s->name[0] = '\0'; + s->data = data; + + if (lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_HTTP_CONTENT_TYPE) > 0) { + /* multipart/form-data; boundary=----WebKitFormBoundarycc7YgAPEIHvgE9Bf */ + + if (!strncmp(buf, "multipart/form-data", 19)) { + s->multipart_form_data = 1; + s->state = MT_LOOK_BOUND_IN; + s->mp = 2; + p = strstr(buf, "boundary="); + if (p) { + p += 9; + s->mime_boundary[m++] = '\x0d'; + s->mime_boundary[m++] = '\x0a'; + s->mime_boundary[m++] = '-'; + s->mime_boundary[m++] = '-'; + while (m < sizeof(s->mime_boundary) - 1 && + *p && *p != ' ') + s->mime_boundary[m++] = *p++; + + s->mime_boundary[m] = '\0'; + + lwsl_notice("boundary '%s'\n", s->mime_boundary); + } + } + } + + return s; +} + +static int +lws_urldecode_s_process(struct lws_urldecode_stateful *s, const char *in, int len) +{ + int n, m, hit = 0; + char c, was_end = 0; + + while (len--) { + if (s->pos == s->out_len - s->mp - 1) { + if (s->output(s->data, s->name, &s->out, s->pos, 0)) + return -1; + + was_end = s->pos; + s->pos = 0; + } + switch (s->state) { + + /* states for url arg style */ + + case US_NAME: + s->inside_quote = 0; + if (*in == '=') { + s->name[s->pos] = '\0'; + s->pos = 0; + s->state = US_IDLE; + in++; + continue; + } + if (*in == '&') { + s->name[s->pos] = '\0'; + if (s->output(s->data, s->name, &s->out, s->pos, 1)) + return -1; + s->pos = 0; + s->state = US_IDLE; + in++; + continue; + } + if (s->pos >= sizeof(s->name) - 1) { + lwsl_notice("Name too long\n"); + return -1; + } + s->name[s->pos++] = *in++; + break; + case US_IDLE: + if (*in == '%') { + s->state++; + in++; + continue; + } + if (*in == '&') { + s->out[s->pos] = '\0'; + if (s->output(s->data, s->name, &s->out, s->pos, 1)) + return -1; + s->pos = 0; + s->state = US_NAME; + in++; + continue; + } + if (*in == '+') { + in++; + s->out[s->pos++] = ' '; + continue; + } + s->out[s->pos++] = *in++; + break; + case US_PC1: + n = char_to_hex(*in); + if (n < 0) + return -1; + + in++; + s->sum = n << 4; + s->state++; + break; + + case US_PC2: + n = char_to_hex(*in); + if (n < 0) + return -1; + + in++; + s->out[s->pos++] = s->sum | n; + s->state = US_IDLE; + break; + + + /* states for multipart / mime style */ + + case MT_LOOK_BOUND_IN: +retry_as_first: + if (*in == s->mime_boundary[s->mp] && + s->mime_boundary[s->mp]) { + in++; + s->mp++; + if (!s->mime_boundary[s->mp]) { + s->mp = 0; + s->state = MT_IGNORE1; + + if (s->pos || was_end) + if (s->output(s->data, s->name, + &s->out, s->pos, 1)) + return -1; + + s->pos = 0; + + s->content_disp[0] = '\0'; + s->name[0] = '\0'; + s->content_disp_filename[0] = '\0'; + s->boundary_real_crlf = 1; + } + continue; + } + if (s->mp) { + n = 0; + if (!s->boundary_real_crlf) + n = 2; + + memcpy(s->out + s->pos, s->mime_boundary + n, s->mp - n); + s->pos += s->mp; + s->mp = 0; + goto retry_as_first; + } + + s->out[s->pos++] = *in; + in++; + s->mp = 0; + break; + + case MT_HNAME: + m = 0; + c =*in; + if (c >= 'A' && c <= 'Z') + c += 'a' - 'A'; + for (n = 0; n < ARRAY_SIZE(mp_hdr); n++) + if (c == mp_hdr[n][s->mp]) { + m++; + hit = n; + } + in++; + if (!m) { + s->mp = 0; + continue; + } + + s->mp++; + if (m != 1) + continue; + + if (mp_hdr[hit][s->mp]) + continue; + + s->mp = 0; + s->temp[0] = '\0'; + s->subname = 0; + + if (hit == 2) + s->state = MT_LOOK_BOUND_IN; + else + s->state += hit + 1; + break; + + case MT_DISP: + /* form-data; name="file"; filename="t.txt" */ + + if (*in == '\x0d') { +// lwsl_notice("disp: '%s', '%s', '%s'\n", +// s->content_disp, s->name, +// s->content_disp_filename); + + if (s->content_disp_filename[0]) + if (s->output(s->data, s->name, + &s->out, s->pos, LWS_UFS_OPEN)) + return -1; + s->state = MT_IGNORE2; + goto done; + } + if (*in == ';') { + s->subname = 1; + s->temp[0] = '\0'; + s->mp = 0; + goto done; + } + + if (*in == '\"') { + s->inside_quote ^= 1; + goto done; + } + + if (s->subname) { + if (*in == '=') { + s->temp[s->mp] = '\0'; + s->subname = 0; + s->mp = 0; + goto done; + } + if (s->mp < sizeof(s->temp) - 1 && + (*in != ' ' || s->inside_quote)) + s->temp[s->mp++] = *in; + goto done; + } + + if (!s->temp[0]) { + if (s->mp < sizeof(s->content_disp) - 1) + s->content_disp[s->mp++] = *in; + s->content_disp[s->mp] = '\0'; + goto done; + } + + if (!strcmp(s->temp, "name")) { + if (s->mp < sizeof(s->name) - 1) + s->name[s->mp++] = *in; + s->name[s->mp] = '\0'; + goto done; + } + + if (!strcmp(s->temp, "filename")) { + if (s->mp < sizeof(s->content_disp_filename) - 1) + s->content_disp_filename[s->mp++] = *in; + s->content_disp_filename[s->mp] = '\0'; + goto done; + } +done: + in++; + break; + + case MT_TYPE: + if (*in == '\x0d') + s->state = MT_IGNORE2; + else { + if (s->mp < sizeof(s->content_type) - 1) + s->content_type[s->mp++] = *in; + s->content_type[s->mp] = '\0'; + } + in++; + break; + + case MT_IGNORE1: + if (*in == '\x0d') + s->state = MT_IGNORE2; + in++; + break; + + case MT_IGNORE2: + s->mp = 0; + if (*in == '\x0a') + s->state = MT_HNAME; + in++; + break; + } + } + + return 0; +} + +static int +lws_urldecode_s_destroy(struct lws_urldecode_stateful *s) +{ + int ret = 0; + + if (s->state != US_IDLE) + ret = -1; + + if (!ret) + if (s->output(s->data, s->name, &s->out, s->pos, 1)) + ret = -1; + + lws_free(s); + + return ret; +} + +struct lws_spa { + struct lws_urldecode_stateful *s; + lws_spa_fileupload_cb opt_cb; + const char * const *param_names; + int count_params; + char **params; + int *param_length; + void *opt_data; + + char *storage; + char *end; + int max_storage; + + char finalized; +}; + +static int +lws_urldecode_spa_lookup(struct lws_spa *spa, + const char *name) +{ + int n; + + for (n = 0; n < spa->count_params; n++) + if (!strcmp(spa->param_names[n], name)) + return n; + + return -1; +} + +static int +lws_urldecode_spa_cb(void *data, const char *name, char **buf, int len, + int final) +{ + struct lws_spa *spa = + (struct lws_spa *)data; + int n; + + if (spa->s->content_disp_filename[0]) { + if (spa->opt_cb) { + n = spa->opt_cb(spa->opt_data, name, + spa->s->content_disp_filename, + *buf, len, final); + + if (n < 0) + return -1; + } + return 0; + } + n = lws_urldecode_spa_lookup(spa, name); + + if (n == -1 || !len) /* unrecognized */ + return 0; + + if (!spa->params[n]) + spa->params[n] = *buf; + + if ((*buf) + len >= spa->end) { + lwsl_notice("%s: exceeded storage\n", __func__); + return -1; + } + + spa->param_length[n] += len; + + /* move it on inside storage */ + (*buf) += len; + *((*buf)++) = '\0'; + + spa->s->out_len -= len + 1; + + return 0; +} + +LWS_VISIBLE LWS_EXTERN struct lws_spa * +lws_spa_create(struct lws *wsi, const char * const *param_names, + int count_params, int max_storage, + lws_spa_fileupload_cb opt_cb, void *opt_data) +{ + struct lws_spa *spa = lws_zalloc(sizeof(*spa)); + + if (!spa) + return NULL; + + spa->param_names = param_names; + spa->count_params = count_params; + spa->max_storage = max_storage; + spa->opt_cb = opt_cb; + spa->opt_data = opt_data; + + spa->storage = lws_malloc(max_storage); + if (!spa->storage) + goto bail2; + spa->end = spa->storage + max_storage - 1; + + spa->params = lws_zalloc(sizeof(char *) * count_params); + if (!spa->params) + goto bail3; + + spa->s = lws_urldecode_s_create(wsi, spa->storage, max_storage, spa, + lws_urldecode_spa_cb); + if (!spa->s) + goto bail4; + + spa->param_length = lws_zalloc(sizeof(int) * count_params); + if (!spa->param_length) + goto bail5; + + lwsl_info("%s: Created SPA %p\n", __func__, spa); + + return spa; + +bail5: + lws_urldecode_s_destroy(spa->s); +bail4: + lws_free(spa->params); +bail3: + lws_free(spa->storage); +bail2: + lws_free(spa); + + return NULL; +} + +LWS_VISIBLE LWS_EXTERN int +lws_spa_process(struct lws_spa *ludspa, const char *in, int len) +{ + if (!ludspa) { + lwsl_err("%s: NULL spa\n", __func__); + return -1; + } + /* we reject any junk after the last part arrived and we finalized */ + if (ludspa->finalized) + return 0; + + return lws_urldecode_s_process(ludspa->s, in, len); +} + +LWS_VISIBLE LWS_EXTERN int +lws_spa_get_length(struct lws_spa *ludspa, int n) +{ + if (n >= ludspa->count_params) + return 0; + + return ludspa->param_length[n]; +} + +LWS_VISIBLE LWS_EXTERN const char * +lws_spa_get_string(struct lws_spa *ludspa, int n) +{ + if (n >= ludspa->count_params) + return NULL; + + return ludspa->params[n]; +} + +LWS_VISIBLE LWS_EXTERN int +lws_spa_finalize(struct lws_spa *spa) +{ + if (spa->s) { + lws_urldecode_s_destroy(spa->s); + spa->s = NULL; + } + + spa->finalized = 1; + + return 0; +} + +LWS_VISIBLE LWS_EXTERN int +lws_spa_destroy(struct lws_spa *spa) +{ + int n = 0; + + lwsl_notice("%s: destroy spa %p\n", __func__, spa); + + if (spa->s) + lws_urldecode_s_destroy(spa->s); + + lwsl_debug("%s %p %p %p %p\n", __func__, + spa->param_length, + spa->params, + spa->storage, + spa + ); + + lws_free(spa->param_length); + lws_free(spa->params); + lws_free(spa->storage); + lws_free(spa); + + return n; +} + +#if 0 +LWS_VISIBLE LWS_EXTERN int +lws_spa_destroy(struct lws_spa *spa) +{ + int n = 0; + + lwsl_info("%s: destroy spa %p\n", __func__, spa); + + if (spa->s) + lws_urldecode_s_destroy(spa->s); + + lwsl_debug("%s\n", __func__); + + lws_free(spa->param_length); + lws_free(spa->params); + lws_free(spa->storage); + lws_free(spa); + + return n; +} +#endif +LWS_VISIBLE LWS_EXTERN int +lws_chunked_html_process(struct lws_process_html_args *args, + struct lws_process_html_state *s) +{ + char *sp, buffer[32]; + const char *pc; + int old_len, n; + + /* do replacements */ + sp = args->p; + old_len = args->len; + args->len = 0; + s->start = sp; + while (sp < args->p + old_len) { + + if (args->len + 7 >= args->max_len) { + lwsl_err("Used up interpret padding\n"); + return -1; + } + + if ((!s->pos && *sp == '$') || s->pos) { + int hits = 0, hit = 0; + + if (!s->pos) + s->start = sp; + s->swallow[s->pos++] = *sp; + if (s->pos == sizeof(s->swallow) - 1) + goto skip; + for (n = 0; n < s->count_vars; n++) + if (!strncmp(s->swallow, s->vars[n], s->pos)) { + hits++; + hit = n; + } + if (!hits) { +skip: + s->swallow[s->pos] = '\0'; + memcpy(s->start, s->swallow, s->pos); + args->len++; + s->pos = 0; + sp = s->start + 1; + continue; + } + if (hits == 1 && s->pos == strlen(s->vars[hit])) { + pc = s->replace(s->data, hit); + if (!pc) + pc = "NULL"; + n = strlen(pc); + s->swallow[s->pos] = '\0'; + if (n != s->pos) { + memmove(s->start + n, + s->start + s->pos, + old_len - (sp - args->p)); + old_len += (n - s->pos) + 1; + } + memcpy(s->start, pc, n); + args->len++; + sp = s->start + 1; + + s->pos = 0; + } + sp++; + continue; + } + + args->len++; + sp++; + } + + /* no space left for final chunk trailer */ + if (args->final && args->len + 7 >= args->max_len) + return -1; + + n = sprintf(buffer, "%X\x0d\x0a", args->len); + + args->p -= n; + memcpy(args->p, buffer, n); + args->len += n; + + if (args->final) { + sp = args->p + args->len; + *sp++ = '\x0d'; + *sp++ = '\x0a'; + *sp++ = '0'; + *sp++ = '\x0d'; + *sp++ = '\x0a'; + *sp++ = '\x0d'; + *sp++ = '\x0a'; + args->len += 7; + } else { + sp = args->p + args->len; + *sp++ = '\x0d'; + *sp++ = '\x0a'; + args->len += 2; + } + + return 0; +} diff --git a/lib/service.c b/lib/service.c new file mode 100644 index 0000000..2f703f8 --- /dev/null +++ b/lib/service.c @@ -0,0 +1,1415 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2015 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +static int +lws_calllback_as_writeable(struct lws *wsi) +{ + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + int n; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_WRITEABLE_CB, 1); +#if defined(LWS_WITH_STATS) + { + uint64_t ul = time_in_microseconds() - wsi->active_writable_req_us; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_WRITABLE_DELAY, ul); + lws_stats_atomic_max(wsi->context, pt, LWSSTATS_MS_WORST_WRITABLE_DELAY, ul); + wsi->active_writable_req_us = 0; + } +#endif + + switch (wsi->mode) { + case LWSCM_RAW: + n = LWS_CALLBACK_RAW_WRITEABLE; + break; + case LWSCM_RAW_FILEDESC: + n = LWS_CALLBACK_RAW_WRITEABLE_FILE; + break; + case LWSCM_WS_CLIENT: + n = LWS_CALLBACK_CLIENT_WRITEABLE; + break; + case LWSCM_WSCL_ISSUE_HTTP_BODY: + n = LWS_CALLBACK_CLIENT_HTTP_WRITEABLE; + break; + case LWSCM_WS_SERVING: + n = LWS_CALLBACK_SERVER_WRITEABLE; + break; + default: + n = LWS_CALLBACK_HTTP_WRITEABLE; + break; + } + + return user_callback_handle_rxflow(wsi->protocol->callback, + wsi, (enum lws_callback_reasons) n, + wsi->user_space, NULL, 0); +} + +LWS_VISIBLE int +lws_handle_POLLOUT_event(struct lws *wsi, struct lws_pollfd *pollfd) +{ + int write_type = LWS_WRITE_PONG; + struct lws_tokens eff_buf; +#ifdef LWS_USE_HTTP2 + struct lws *wsi2; +#endif + int ret, m, n; + +// lwsl_err("%s: %p\n", __func__, wsi); + + wsi->leave_pollout_active = 0; + wsi->handling_pollout = 1; + /* + * if another thread wants POLLOUT on us, from here on while + * handling_pollout is set, he will only set leave_pollout_active. + * If we are going to disable POLLOUT, we will check that first. + */ + + /* + * user callback is lowest priority to get these notifications + * actually, since other pending things cannot be disordered + */ + + /* Priority 1: pending truncated sends are incomplete ws fragments + * If anything else sent first the protocol would be + * corrupted. + */ + if (wsi->trunc_len) { + if (lws_issue_raw(wsi, wsi->trunc_alloc + wsi->trunc_offset, + wsi->trunc_len) < 0) { + lwsl_info("%s signalling to close\n", __func__); + goto bail_die; + } + /* leave POLLOUT active either way */ + goto bail_ok; + } else + if (wsi->state == LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE) { + wsi->socket_is_permanently_unusable = 1; + goto bail_die; /* retry closing now */ + } + + if (wsi->mode == LWSCM_WSCL_ISSUE_HTTP_BODY) + goto user_service; + + +#ifdef LWS_USE_HTTP2 + /* Priority 2: protocol packets + */ + if (wsi->pps) { + lwsl_info("servicing pps %d\n", wsi->pps); + switch (wsi->pps) { + case LWS_PPS_HTTP2_MY_SETTINGS: + case LWS_PPS_HTTP2_ACK_SETTINGS: + lws_http2_do_pps_send(lws_get_context(wsi), wsi); + break; + default: + break; + } + wsi->pps = LWS_PPS_NONE; + lws_rx_flow_control(wsi, 1); + + goto bail_ok; /* leave POLLOUT active */ + } +#endif + +#ifdef LWS_WITH_CGI + if (wsi->cgi) { + /* also one shot */ + if (pollfd) + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_info("failed at set pollfd\n"); + return 1; + } + goto user_service_go_again; + } +#endif + + /* Priority 3: pending control packets (pong or close) + * + * 3a: close notification packet requested from close api + */ + + if (wsi->state == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION) { + lwsl_debug("sending close packet\n"); + wsi->waiting_to_send_close_frame = 0; + n = lws_write(wsi, &wsi->u.ws.ping_payload_buf[LWS_PRE], + wsi->u.ws.close_in_ping_buffer_len, + LWS_WRITE_CLOSE); + if (n >= 0) { + wsi->state = LWSS_AWAITING_CLOSE_ACK; + lws_set_timeout(wsi, PENDING_TIMEOUT_CLOSE_ACK, 1); + lwsl_debug("sent close indication, awaiting ack\n"); + + goto bail_ok; + } + + goto bail_die; + } + + /* else, the send failed and we should just hang up */ + + if ((wsi->state == LWSS_ESTABLISHED && + wsi->u.ws.ping_pending_flag) || + (wsi->state == LWSS_RETURNED_CLOSE_ALREADY && + wsi->u.ws.payload_is_close)) { + + if (wsi->u.ws.payload_is_close) + write_type = LWS_WRITE_CLOSE; + + n = lws_write(wsi, &wsi->u.ws.ping_payload_buf[LWS_PRE], + wsi->u.ws.ping_payload_len, write_type); + if (n < 0) + goto bail_die; + + /* well he is sent, mark him done */ + wsi->u.ws.ping_pending_flag = 0; + if (wsi->u.ws.payload_is_close) + /* oh... a close frame was it... then we are done */ + goto bail_die; + + /* otherwise for PING, leave POLLOUT active either way */ + goto bail_ok; + } + + if (wsi->state == LWSS_ESTABLISHED && + !wsi->socket_is_permanently_unusable && + wsi->u.ws.send_check_ping) { + + lwsl_info("issuing ping on wsi %p\n", wsi); + wsi->u.ws.send_check_ping = 0; + n = lws_write(wsi, &wsi->u.ws.ping_payload_buf[LWS_PRE], + 0, LWS_WRITE_PING); + if (n < 0) + goto bail_die; + + /* + * we apparently were able to send the PING in a reasonable time + * now reset the clock on our peer to be able to send the + * PONG in a reasonable time. + */ + + lws_set_timeout(wsi, PENDING_TIMEOUT_WS_PONG_CHECK_GET_PONG, + wsi->context->timeout_secs); + + goto bail_ok; + } + + /* Priority 4: if we are closing, not allowed to send more data frags + * which means user callback or tx ext flush banned now + */ + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY) + goto user_service; + + /* Priority 5: Tx path extension with more to send + * + * These are handled as new fragments each time around + * So while we must block new writeable callback to enforce + * payload ordering, but since they are always complete + * fragments control packets can interleave OK. + */ + if (wsi->state == LWSS_ESTABLISHED && wsi->u.ws.tx_draining_ext) { + lwsl_ext("SERVICING TX EXT DRAINING\n"); + if (lws_write(wsi, NULL, 0, LWS_WRITE_CONTINUATION) < 0) + goto bail_die; + /* leave POLLOUT active */ + goto bail_ok; + } + + /* Priority 6: user can get the callback + */ + m = lws_ext_cb_active(wsi, LWS_EXT_CB_IS_WRITEABLE, NULL, 0); + if (m) + goto bail_die; +#ifndef LWS_NO_EXTENSIONS + if (!wsi->extension_data_pending) + goto user_service; +#endif + /* + * check in on the active extensions, see if they + * had pending stuff to spill... they need to get the + * first look-in otherwise sequence will be disordered + * + * NULL, zero-length eff_buf means just spill pending + */ + + ret = 1; + if (wsi->mode == LWSCM_RAW || wsi->mode == LWSCM_RAW_FILEDESC) + ret = 0; + while (ret == 1) { + + /* default to nobody has more to spill */ + + ret = 0; + eff_buf.token = NULL; + eff_buf.token_len = 0; + + /* give every extension a chance to spill */ + + m = lws_ext_cb_active(wsi, + LWS_EXT_CB_PACKET_TX_PRESEND, + &eff_buf, 0); + if (m < 0) { + lwsl_err("ext reports fatal error\n"); + goto bail_die; + } + if (m) + /* + * at least one extension told us he has more + * to spill, so we will go around again after + */ + ret = 1; + + /* assuming they gave us something to send, send it */ + + if (eff_buf.token_len) { + n = lws_issue_raw(wsi, (unsigned char *)eff_buf.token, + eff_buf.token_len); + if (n < 0) { + lwsl_info("closing from POLLOUT spill\n"); + goto bail_die; + } + /* + * Keep amount spilled small to minimize chance of this + */ + if (n != eff_buf.token_len) { + lwsl_err("Unable to spill ext %d vs %d\n", + eff_buf.token_len, n); + goto bail_die; + } + } else + continue; + + /* no extension has more to spill */ + + if (!ret) + continue; + + /* + * There's more to spill from an extension, but we just sent + * something... did that leave the pipe choked? + */ + + if (!lws_send_pipe_choked(wsi)) + /* no we could add more */ + continue; + + lwsl_info("choked in POLLOUT service\n"); + + /* + * Yes, he's choked. Leave the POLLOUT masked on so we will + * come back here when he is unchoked. Don't call the user + * callback to enforce ordering of spilling, he'll get called + * when we come back here and there's nothing more to spill. + */ + + goto bail_ok; + } +#ifndef LWS_NO_EXTENSIONS + wsi->extension_data_pending = 0; +#endif +user_service: + /* one shot */ + + if (wsi->parent_carries_io) { + wsi->handling_pollout = 0; + wsi->leave_pollout_active = 0; + + return lws_calllback_as_writeable(wsi); + } + + if (pollfd) { + int eff = wsi->leave_pollout_active; + + if (!eff) + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_info("failed at set pollfd\n"); + goto bail_die; + } + + wsi->handling_pollout = 0; + + /* cannot get leave_pollout_active set after the above */ + if (!eff && wsi->leave_pollout_active) + /* got set inbetween sampling eff and clearing + * handling_pollout, force POLLOUT on */ + lws_calllback_as_writeable(wsi); + + wsi->leave_pollout_active = 0; + } + + if (wsi->mode != LWSCM_WSCL_ISSUE_HTTP_BODY && + !wsi->hdr_parsing_completed) + goto bail_ok; + + +#ifdef LWS_WITH_CGI +user_service_go_again: +#endif + +#ifdef LWS_USE_HTTP2 + /* + * we are the 'network wsi' for potentially many muxed child wsi with + * no network connection of their own, who have to use us for all their + * network actions. So we use a round-robin scheme to share out the + * POLLOUT notifications to our children. + * + * But because any child could exhaust the socket's ability to take + * writes, we can only let one child get notified each time. + * + * In addition children may be closed / deleted / added between POLLOUT + * notifications, so we can't hold pointers + */ + + if (wsi->mode != LWSCM_HTTP2_SERVING) { + lwsl_info("%s: non http2\n", __func__); + goto notify; + } + + wsi->u.http2.requested_POLLOUT = 0; + if (!wsi->u.http2.initialized) { + lwsl_info("pollout on uninitialized http2 conn\n"); + goto bail_ok; + } + + lwsl_info("%s: doing children\n", __func__); + + wsi2 = wsi; + do { + wsi2 = wsi2->u.http2.next_child_wsi; + lwsl_info("%s: child %p\n", __func__, wsi2); + if (!wsi2) + continue; + if (!wsi2->u.http2.requested_POLLOUT) + continue; + wsi2->u.http2.requested_POLLOUT = 0; + if (lws_calllback_as_writeable(wsi2)) { + lwsl_debug("Closing POLLOUT child\n"); + lws_close_free_wsi(wsi2, LWS_CLOSE_STATUS_NOSTATUS); + } + wsi2 = wsi; + } while (wsi2 != NULL && !lws_send_pipe_choked(wsi)); + + lwsl_info("%s: completed\n", __func__); + + goto bail_ok; +notify: +#endif + wsi->handling_pollout = 0; + wsi->leave_pollout_active = 0; + + return lws_calllback_as_writeable(wsi); + + /* + * since these don't disable the POLLOUT, they are always doing the + * right thing for leave_pollout_active whether it was set or not. + */ + +bail_ok: + wsi->handling_pollout = 0; + wsi->leave_pollout_active = 0; + + return 0; + +bail_die: + wsi->handling_pollout = 0; + wsi->leave_pollout_active = 0; + + return -1; +} + +int +lws_service_timeout_check(struct lws *wsi, unsigned int sec) +{ +//#if LWS_POSIX + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + int n = 0; +//#endif + + (void)n; + + /* + * if extensions want in on it (eg, we are a mux parent) + * give them a chance to service child timeouts + */ + if (lws_ext_cb_active(wsi, LWS_EXT_CB_1HZ, NULL, sec) < 0) + return 0; + + if (!wsi->pending_timeout) + return 0; + + /* + * if we went beyond the allowed time, kill the + * connection + */ + if ((time_t)sec > wsi->pending_timeout_limit) { +//#if LWS_POSIX + if (wsi->desc.sockfd != LWS_SOCK_INVALID && wsi->position_in_fds_table >= 0) + n = pt->fds[wsi->position_in_fds_table].events; + + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_TIMEOUTS, 1); + + /* no need to log normal idle keepalive timeout */ + if (wsi->pending_timeout != PENDING_TIMEOUT_HTTP_KEEPALIVE_IDLE) + lwsl_notice("wsi %p: TIMEDOUT WAITING on %d (did hdr %d, ah %p, wl %d, pfd events %d) %llu vs %llu\n", + (void *)wsi, wsi->pending_timeout, + wsi->hdr_parsing_completed, wsi->u.hdr.ah, + pt->ah_wait_list_length, n, (unsigned long long)sec, (unsigned long long)wsi->pending_timeout_limit); +//#endif + /* + * Since he failed a timeout, he already had a chance to do + * something and was unable to... that includes situations like + * half closed connections. So process this "failed timeout" + * close as a violent death and don't try to do protocol + * cleanup like flush partials. + */ + wsi->socket_is_permanently_unusable = 1; + if (wsi->mode == LWSCM_WSCL_WAITING_SSL) + wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_CLIENT_CONNECTION_ERROR, + wsi->user_space, (void *)"Timed out waiting SSL", 21); + + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + + return 1; + } + + return 0; +} + +int lws_rxflow_cache(struct lws *wsi, unsigned char *buf, int n, int len) +{ + /* his RX is flowcontrolled, don't send remaining now */ + if (wsi->rxflow_buffer) { + /* rxflow while we were spilling prev rxflow */ + lwsl_info("stalling in existing rxflow buf\n"); + return 1; + } + + /* a new rxflow, buffer it and warn caller */ + lwsl_info("new rxflow input buffer len %d\n", len - n); + wsi->rxflow_buffer = lws_malloc(len - n); + if (!wsi->rxflow_buffer) + return -1; + wsi->rxflow_len = len - n; + wsi->rxflow_pos = 0; + memcpy(wsi->rxflow_buffer, buf + n, len - n); + + return 0; +} + +/* this is used by the platform service code to stop us waiting for network + * activity in poll() when we have something that already needs service + */ + +LWS_VISIBLE LWS_EXTERN int +lws_service_adjust_timeout(struct lws_context *context, int timeout_ms, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; + int n; + + /* Figure out if we really want to wait in poll() + * We only need to wait if really nothing already to do and we have + * to wait for something from network + */ + + /* 1) if we know we are draining rx ext, do not wait in poll */ + if (pt->rx_draining_ext_list) + return 0; + +#ifdef LWS_OPENSSL_SUPPORT + /* 2) if we know we have non-network pending data, do not wait in poll */ + if (lws_ssl_anybody_has_buffered_read_tsi(context, tsi)) { + lwsl_info("ssl buffered read\n"); + return 0; + } +#endif + + /* 3) if any ah has pending rx, do not wait in poll */ + for (n = 0; n < context->max_http_header_pool; n++) + if (pt->ah_pool[n].rxpos != pt->ah_pool[n].rxlen) { + /* any ah with pending rx must be attached to someone */ + if (!pt->ah_pool[n].wsi) { + lwsl_err("%s: assert: no wsi attached to ah\n", __func__); + assert(0); + } + return 0; + } + + return timeout_ms; +} + +/* + * guys that need POLLIN service again without waiting for network action + * can force POLLIN here if not flowcontrolled, so they will get service. + * + * Return nonzero if anybody got their POLLIN faked + */ +int +lws_service_flag_pending(struct lws_context *context, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; +#ifdef LWS_OPENSSL_SUPPORT + struct lws *wsi_next; +#endif + struct lws *wsi; + int forced = 0; + int n; + + /* POLLIN faking */ + + /* + * 1) For all guys with already-available ext data to drain, if they are + * not flowcontrolled, fake their POLLIN status + */ + wsi = pt->rx_draining_ext_list; + while (wsi) { + pt->fds[wsi->position_in_fds_table].revents |= + pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN; + if (pt->fds[wsi->position_in_fds_table].revents & LWS_POLLIN) { + forced = 1; + break; + } + wsi = wsi->u.ws.rx_draining_ext_list; + } + +#ifdef LWS_OPENSSL_SUPPORT + /* + * 2) For all guys with buffered SSL read data already saved up, if they + * are not flowcontrolled, fake their POLLIN status so they'll get + * service to use up the buffered incoming data, even though their + * network socket may have nothing + */ + wsi = pt->pending_read_list; + while (wsi) { + wsi_next = wsi->pending_read_list_next; + pt->fds[wsi->position_in_fds_table].revents |= + pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN; + if (pt->fds[wsi->position_in_fds_table].revents & LWS_POLLIN) { + forced = 1; + /* + * he's going to get serviced now, take him off the + * list of guys with buffered SSL. If he still has some + * at the end of the service, he'll get put back on the + * list then. + */ + lws_ssl_remove_wsi_from_buffered_list(wsi); + } + + wsi = wsi_next; + } +#endif + /* + * 3) For any wsi who have an ah with pending RX who did not + * complete their current headers, and are not flowcontrolled, + * fake their POLLIN status so they will be able to drain the + * rx buffered in the ah + */ + for (n = 0; n < context->max_http_header_pool; n++) + if (pt->ah_pool[n].rxpos != pt->ah_pool[n].rxlen && + !pt->ah_pool[n].wsi->hdr_parsing_completed) { + pt->fds[pt->ah_pool[n].wsi->position_in_fds_table].revents |= + pt->fds[pt->ah_pool[n].wsi->position_in_fds_table].events & + LWS_POLLIN; + if (pt->fds[pt->ah_pool[n].wsi->position_in_fds_table].revents & + LWS_POLLIN) + forced = 1; + } + + return forced; +} + +#ifndef LWS_NO_CLIENT + +LWS_VISIBLE int +lws_http_client_read(struct lws *wsi, char **buf, int *len) +{ + int rlen, n; + + rlen = lws_ssl_capable_read(wsi, (unsigned char *)*buf, *len); + *len = 0; + + /* allow the source to signal he has data again next time */ + lws_change_pollfd(wsi, 0, LWS_POLLIN); + + if (rlen == LWS_SSL_CAPABLE_ERROR) { + lwsl_notice("%s: SSL capable error\n", __func__); + return -1; + } + + if (rlen == 0) + return -1; + + if (rlen < 0) + return 0; + + *len = rlen; + wsi->client_rx_avail = 0; + + /* + * server may insist on transfer-encoding: chunked, + * so http client must deal with it + */ +spin_chunks: + while (wsi->chunked && (wsi->chunk_parser != ELCP_CONTENT) && *len) { + switch (wsi->chunk_parser) { + case ELCP_HEX: + if ((*buf)[0] == '\x0d') { + wsi->chunk_parser = ELCP_CR; + break; + } + n = char_to_hex((*buf)[0]); + if (n < 0) { + lwsl_debug("chunking failure\n"); + return -1; + } + wsi->chunk_remaining <<= 4; + wsi->chunk_remaining |= n; + break; + case ELCP_CR: + if ((*buf)[0] != '\x0a') { + lwsl_debug("chunking failure\n"); + return -1; + } + wsi->chunk_parser = ELCP_CONTENT; + lwsl_info("chunk %d\n", wsi->chunk_remaining); + if (wsi->chunk_remaining) + break; + lwsl_info("final chunk\n"); + goto completed; + + case ELCP_CONTENT: + break; + + case ELCP_POST_CR: + if ((*buf)[0] != '\x0d') { + lwsl_debug("chunking failure\n"); + + return -1; + } + + wsi->chunk_parser = ELCP_POST_LF; + break; + + case ELCP_POST_LF: + if ((*buf)[0] != '\x0a') + return -1; + + wsi->chunk_parser = ELCP_HEX; + wsi->chunk_remaining = 0; + break; + } + (*buf)++; + (*len)--; + } + + if (wsi->chunked && !wsi->chunk_remaining) + return 0; + + if (wsi->u.http.content_remain && + wsi->u.http.content_remain < *len) + n = (int)wsi->u.http.content_remain; + else + n = *len; + + if (wsi->chunked && wsi->chunk_remaining && + wsi->chunk_remaining < n) + n = wsi->chunk_remaining; + +#ifdef LWS_WITH_HTTP_PROXY + /* hubbub */ + if (wsi->perform_rewrite) + lws_rewrite_parse(wsi->rw, (unsigned char *)*buf, n); + else +#endif + if (user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ, + wsi->user_space, *buf, n)) { + lwsl_debug("%s: LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ returned -1\n", __func__); + + return -1; + } + + if (wsi->chunked && wsi->chunk_remaining) { + (*buf) += n; + wsi->chunk_remaining -= n; + *len -= n; + } + + if (wsi->chunked && !wsi->chunk_remaining) + wsi->chunk_parser = ELCP_POST_CR; + + if (wsi->chunked && *len) + goto spin_chunks; + + if (wsi->chunked) + return 0; + + /* if we know the content length, decrement the content remaining */ + if (wsi->u.http.content_length > 0) + wsi->u.http.content_remain -= n; + + if (wsi->u.http.content_remain || !wsi->u.http.content_length) + return 0; + +completed: + if (user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_COMPLETED_CLIENT_HTTP, + wsi->user_space, NULL, 0)) { + lwsl_debug("Completed call returned -1\n"); + return -1; + } + + if (lws_http_transaction_completed_client(wsi)) { + lwsl_notice("%s: transaction completed says -1\n", __func__); + return -1; + } + + return 0; +} +#endif + +static int +lws_is_ws_with_ext(struct lws *wsi) +{ +#if defined(LWS_NO_EXTENSIONS) + return 0; +#else + return wsi->state == LWSS_ESTABLISHED && + !!wsi->count_act_ext; +#endif +} + +LWS_VISIBLE int +lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, int tsi) +{ + struct lws_context_per_thread *pt = &context->pt[tsi]; + lws_sockfd_type our_fd = 0, tmp_fd; + struct lws_tokens eff_buf; + unsigned int pending = 0; + struct lws *wsi, *wsi1; + char draining_flow = 0; + int timed_out = 0; + time_t now; + int n = 0, m; + int more; + + if (!context->protocol_init_done) + lws_protocol_init(context); + + time(&now); + + /* + * handle case that system time was uninitialized when lws started + * at boot, and got initialized a little later + */ + if (context->time_up < 1464083026 && now > 1464083026) + context->time_up = now; + + /* TODO: if using libev, we should probably use timeout watchers... */ + if (context->last_timeout_check_s != now) { + context->last_timeout_check_s = now; + +#if defined(LWS_WITH_STATS) + if (!tsi && now - context->last_dump > 10) { + lws_stats_log_dump(context); + context->last_dump = now; + } +#endif + + lws_plat_service_periodic(context); + + lws_check_deferred_free(context, 0); + + /* retire unused deprecated context */ +#if !defined(LWS_PLAT_OPTEE) && !defined(LWS_WITH_ESP32) +#if LWS_POSIX && !defined(_WIN32) + if (context->deprecated && !context->count_wsi_allocated) { + lwsl_notice("%s: ending deprecated context\n", __func__); + kill(getpid(), SIGINT); + return 0; + } +#endif +#endif + /* global timeout check once per second */ + + if (pollfd) + our_fd = pollfd->fd; + + wsi = context->pt[tsi].timeout_list; + while (wsi) { + /* we have to take copies, because he may be deleted */ + wsi1 = wsi->timeout_list; + tmp_fd = wsi->desc.sockfd; + if (lws_service_timeout_check(wsi, (unsigned int)now)) { + /* he did time out... */ + if (tmp_fd == our_fd) + /* it was the guy we came to service! */ + timed_out = 1; + /* he's gone, no need to mark as handled */ + } + wsi = wsi1; + } +#ifdef LWS_WITH_CGI + lws_cgi_kill_terminated(pt); +#endif +#if 0 + { + char s[300], *p = s; + + for (n = 0; n < context->count_threads; n++) + p += sprintf(p, " %7lu (%5d), ", + context->pt[n].count_conns, + context->pt[n].fds_count); + + lwsl_notice("load: %s\n", s); + } +#endif + } + + /* + * at intervals, check for ws connections needing ping-pong checks + */ + + if (context->ws_ping_pong_interval && + context->last_ws_ping_pong_check_s < now + 10) { + struct lws_vhost *vh = context->vhost_list; + context->last_ws_ping_pong_check_s = now; + + while (vh) { + for (n = 0; n < vh->count_protocols; n++) { + wsi = vh->same_vh_protocol_list[n]; + + while (wsi) { + if (wsi->state == LWSS_ESTABLISHED && + !wsi->socket_is_permanently_unusable && + !wsi->u.ws.send_check_ping && + wsi->u.ws.time_next_ping_check && + wsi->u.ws.time_next_ping_check < now) { + + lwsl_info("requesting ping-pong on wsi %p\n", wsi); + wsi->u.ws.send_check_ping = 1; + lws_set_timeout(wsi, PENDING_TIMEOUT_WS_PONG_CHECK_SEND_PING, + context->timeout_secs); + lws_callback_on_writable(wsi); + wsi->u.ws.time_next_ping_check = now + + wsi->context->ws_ping_pong_interval; + } + wsi = wsi->same_vh_protocol_next; + } + } + vh = vh->vhost_next; + } + } + + /* the socket we came to service timed out, nothing to do */ + if (timed_out) + return 0; + + /* just here for timeout management? */ + if (!pollfd) + return 0; + + /* no, here to service a socket descriptor */ + wsi = wsi_from_fd(context, pollfd->fd); + if (!wsi) + /* not lws connection ... leave revents alone and return */ + return 0; + + /* + * so that caller can tell we handled, past here we need to + * zero down pollfd->revents after handling + */ + +#if LWS_POSIX + /* handle session socket closed */ + + if ((!(pollfd->revents & pollfd->events & LWS_POLLIN)) && + (pollfd->revents & LWS_POLLHUP)) { + wsi->socket_is_permanently_unusable = 1; + lwsl_debug("Session Socket %p (fd=%d) dead\n", + (void *)wsi, pollfd->fd); + + goto close_and_handled; + } + +#ifdef _WIN32 + if (pollfd->revents & LWS_POLLOUT) + wsi->sock_send_blocking = FALSE; +#endif + +#endif + +// lwsl_debug("fd=%d, revents=%d, mode=%d, state=%d\n", pollfd->fd, pollfd->revents, (int)wsi->mode, (int)wsi->state); + if (pollfd->revents & LWS_POLLHUP) { + lwsl_debug("pollhup\n"); + wsi->socket_is_permanently_unusable = 1; + goto close_and_handled; + } + + +#ifdef LWS_OPENSSL_SUPPORT + if ((wsi->state == LWSS_SHUTDOWN) && lws_is_ssl(wsi) && wsi->ssl) + { + n = SSL_shutdown(wsi->ssl); + lwsl_debug("SSL_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); + if (n == 1) + { + n = shutdown(wsi->desc.sockfd, SHUT_WR); + goto close_and_handled; + } + else if (n == 0) + { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + goto handled; + } + else /* n < 0 */ + { + int shutdown_error = SSL_get_error(wsi->ssl, n); + lwsl_debug("SSL_shutdown returned %d, SSL_get_error: %d\n", n, shutdown_error); + if (shutdown_error == SSL_ERROR_WANT_READ) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + goto handled; + } else if (shutdown_error == SSL_ERROR_WANT_WRITE) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLOUT); + n = 0; + goto handled; + } + + // actual error occurred, just close the connection + n = shutdown(wsi->desc.sockfd, SHUT_WR); + goto close_and_handled; + } + } +#endif + + /* okay, what we came here to do... */ + + switch (wsi->mode) { + case LWSCM_HTTP_SERVING: + case LWSCM_HTTP_CLIENT: + case LWSCM_HTTP_SERVING_ACCEPTED: + case LWSCM_SERVER_LISTENER: + case LWSCM_SSL_ACK_PENDING: + case LWSCM_SSL_ACK_PENDING_RAW: + if (wsi->state == LWSS_CLIENT_HTTP_ESTABLISHED) + goto handled; + +#ifdef LWS_WITH_CGI + if (wsi->cgi && (pollfd->revents & LWS_POLLOUT)) { + n = lws_handle_POLLOUT_event(wsi, pollfd); + if (n) + goto close_and_handled; + goto handled; + } +#endif + /* fallthru */ + case LWSCM_RAW: + n = lws_server_socket_service(context, wsi, pollfd); + if (n) /* closed by above */ + return 1; + goto handled; + + case LWSCM_RAW_FILEDESC: + + if (pollfd->revents & LWS_POLLOUT) { + n = lws_calllback_as_writeable(wsi); + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_info("failed at set pollfd\n"); + return 1; + } + if (n) + goto close_and_handled; + } + n = LWS_CALLBACK_RAW_RX; + if (wsi->mode == LWSCM_RAW_FILEDESC) + n = LWS_CALLBACK_RAW_RX_FILE; + + if (pollfd->revents & LWS_POLLIN) { + if (user_callback_handle_rxflow( + wsi->protocol->callback, + wsi, n, + wsi->user_space, NULL, 0)) { + lwsl_debug("raw rx callback closed it\n"); + goto close_and_handled; + } + } + + if (pollfd->revents & LWS_POLLHUP) + goto close_and_handled; + n = 0; + goto handled; + + case LWSCM_WS_SERVING: + case LWSCM_WS_CLIENT: + case LWSCM_HTTP2_SERVING: + case LWSCM_HTTP_CLIENT_ACCEPTED: + + /* 1: something requested a callback when it was OK to write */ + + if (wsi->state == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION) + lwsl_notice("xxx\n"); + + if ((pollfd->revents & LWS_POLLOUT) && + ((wsi->state == LWSS_ESTABLISHED || + wsi->state == LWSS_HTTP2_ESTABLISHED || + wsi->state == LWSS_HTTP2_ESTABLISHED_PRE_SETTINGS || + wsi->state == LWSS_RETURNED_CLOSE_ALREADY || + wsi->state == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION || + wsi->state == LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE)) && + lws_handle_POLLOUT_event(wsi, pollfd)) { + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY) + wsi->state = LWSS_FLUSHING_STORED_SEND_BEFORE_CLOSE; + lwsl_info("lws_service_fd: closing\n"); + goto close_and_handled; + } + + if (wsi->state == LWSS_RETURNED_CLOSE_ALREADY || + wsi->state == LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION || + wsi->state == LWSS_AWAITING_CLOSE_ACK) { + /* + * we stopped caring about anything except control + * packets. Force flow control off, defeat tx + * draining. + */ + lws_rx_flow_control(wsi, 1); + wsi->u.ws.tx_draining_ext = 0; + } + + if (wsi->u.ws.tx_draining_ext) + /* we cannot deal with new RX until the TX ext + * path has been drained. It's because new + * rx will, eg, crap on the wsi rx buf that + * may be needed to retain state. + * + * TX ext drain path MUST go through event loop + * to avoid blocking. + */ + break; + + if (!(wsi->rxflow_change_to & LWS_RXFLOW_ALLOW)) + /* We cannot deal with any kind of new RX + * because we are RX-flowcontrolled. + */ + break; + + /* 2: RX Extension needs to be drained + */ + + if (wsi->state == LWSS_ESTABLISHED && + wsi->u.ws.rx_draining_ext) { + + lwsl_ext("%s: RX EXT DRAINING: Service\n", __func__); +#ifndef LWS_NO_CLIENT + if (wsi->mode == LWSCM_WS_CLIENT) { + n = lws_client_rx_sm(wsi, 0); + if (n < 0) + /* we closed wsi */ + n = 0; + } else +#endif + n = lws_rx_sm(wsi, 0); + + goto handled; + } + + if (wsi->u.ws.rx_draining_ext) + /* + * We have RX EXT content to drain, but can't do it + * right now. That means we cannot do anything lower + * priority either. + */ + break; + + /* 3: RX Flowcontrol buffer needs to be drained + */ + + if (wsi->rxflow_buffer) { + lwsl_info("draining rxflow (len %d)\n", + wsi->rxflow_len - wsi->rxflow_pos + ); + /* well, drain it */ + eff_buf.token = (char *)wsi->rxflow_buffer + + wsi->rxflow_pos; + eff_buf.token_len = wsi->rxflow_len - wsi->rxflow_pos; + draining_flow = 1; + goto drain; + } + + /* 4: any incoming (or ah-stashed incoming rx) data ready? + * notice if rx flow going off raced poll(), rx flow wins + */ + + if (!(pollfd->revents & pollfd->events & LWS_POLLIN)) + break; + +read: + /* all the union members start with hdr, so even in ws mode + * we can deal with the ah via u.hdr + */ + if (wsi->u.hdr.ah) { + lwsl_info("%s: %p: inherited ah rx\n", __func__, wsi); + eff_buf.token_len = wsi->u.hdr.ah->rxlen - + wsi->u.hdr.ah->rxpos; + eff_buf.token = (char *)wsi->u.hdr.ah->rx + + wsi->u.hdr.ah->rxpos; + } else { + if (wsi->mode != LWSCM_HTTP_CLIENT_ACCEPTED) { + /* + * extension may not consume everything (eg, pmd may be constrained + * as to what it can output...) has to go in per-wsi rx buf area. + * Otherwise in large temp serv_buf area. + */ + eff_buf.token = (char *)pt->serv_buf; + if (lws_is_ws_with_ext(wsi)) { + eff_buf.token_len = wsi->u.ws.rx_ubuf_alloc; + } else { + eff_buf.token_len = context->pt_serv_buf_size; + } + + if ((unsigned int)eff_buf.token_len > context->pt_serv_buf_size) + eff_buf.token_len = context->pt_serv_buf_size; + + eff_buf.token_len = lws_ssl_capable_read(wsi, + (unsigned char *)eff_buf.token, pending ? pending : + eff_buf.token_len); + switch (eff_buf.token_len) { + case 0: + lwsl_info("%s: zero length read\n", __func__); + goto close_and_handled; + case LWS_SSL_CAPABLE_MORE_SERVICE: + lwsl_info("SSL Capable more service\n"); + n = 0; + goto handled; + case LWS_SSL_CAPABLE_ERROR: + lwsl_info("Closing when error\n"); + goto close_and_handled; + } + // lwsl_notice("Actual RX %d\n", eff_buf.token_len); + } + } + +drain: +#ifndef LWS_NO_CLIENT + if (wsi->mode == LWSCM_HTTP_CLIENT_ACCEPTED && + !wsi->told_user_closed) { + + /* + * In SSL mode we get POLLIN notification about + * encrypted data in. + * + * But that is not necessarily related to decrypted + * data out becoming available; in may need to perform + * other in or out before that happens. + * + * simply mark ourselves as having readable data + * and turn off our POLLIN + */ + wsi->client_rx_avail = 1; + lws_change_pollfd(wsi, LWS_POLLIN, 0); + + /* let user code know, he'll usually ask for writeable + * callback and drain / re-enable it there + */ + if (user_callback_handle_rxflow( + wsi->protocol->callback, + wsi, LWS_CALLBACK_RECEIVE_CLIENT_HTTP, + wsi->user_space, NULL, 0)) { + lwsl_notice("LWS_CALLBACK_RECEIVE_CLIENT_HTTP closed it\n"); + goto close_and_handled; + } + + n = 0; + goto handled; + } +#endif + /* + * give any active extensions a chance to munge the buffer + * before parse. We pass in a pointer to an lws_tokens struct + * prepared with the default buffer and content length that's in + * there. Rather than rewrite the default buffer, extensions + * that expect to grow the buffer can adapt .token to + * point to their own per-connection buffer in the extension + * user allocation. By default with no extensions or no + * extension callback handling, just the normal input buffer is + * used then so it is efficient. + */ + do { + more = 0; + + m = lws_ext_cb_active(wsi, LWS_EXT_CB_PACKET_RX_PREPARSE, + &eff_buf, 0); + if (m < 0) + goto close_and_handled; + if (m) + more = 1; + + /* service incoming data */ + + if (eff_buf.token_len) { + /* + * if draining from rxflow buffer, not + * critical to track what was used since at the + * use it bumps wsi->rxflow_pos. If we come + * around again it will pick up from where it + * left off. + */ + // lwsl_notice("doing lws_read from pt->serv_buf %p %p for len %d\n", pt->serv_buf, eff_buf.token, (int)eff_buf.token_len); + + n = lws_read(wsi, (unsigned char *)eff_buf.token, + eff_buf.token_len); + if (n < 0) { + /* we closed wsi */ + n = 0; + goto handled; + } + } + + eff_buf.token = NULL; + eff_buf.token_len = 0; + } while (more); + + if (wsi->u.hdr.ah) { + lwsl_notice("%s: %p: detaching\n", + __func__, wsi); + lws_header_table_force_to_detachable_state(wsi); + /* we can run the normal ah detach flow despite + * being in ws union mode, since all union members + * start with hdr */ + lws_header_table_detach(wsi, 0); + } + + pending = lws_ssl_pending(wsi); + if (pending) { + if (lws_is_ws_with_ext(wsi)) + pending = pending > wsi->u.ws.rx_ubuf_alloc ? + wsi->u.ws.rx_ubuf_alloc : pending; + else + pending = pending > context->pt_serv_buf_size ? + context->pt_serv_buf_size : pending; + goto read; + } + + if (draining_flow && wsi->rxflow_buffer && + wsi->rxflow_pos == wsi->rxflow_len) { + lwsl_info("flow buffer: drained\n"); + lws_free_set_NULL(wsi->rxflow_buffer); + /* having drained the rxflow buffer, can rearm POLLIN */ +#ifdef LWS_NO_SERVER + n = +#endif + _lws_rx_flow_control(wsi); + /* n ignored, needed for NO_SERVER case */ + } + + break; +#ifdef LWS_WITH_CGI + case LWSCM_CGI: /* we exist to handle a cgi's stdin/out/err data... + * do the callback on our master wsi + */ + { + struct lws_cgi_args args; + + if (wsi->cgi_channel >= LWS_STDOUT && + !(pollfd->revents & pollfd->events & LWS_POLLIN)) + break; + if (wsi->cgi_channel == LWS_STDIN && + !(pollfd->revents & pollfd->events & LWS_POLLOUT)) + break; + + if (wsi->cgi_channel == LWS_STDIN) + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_info("failed at set pollfd\n"); + return 1; + } + + args.ch = wsi->cgi_channel; + args.stdwsi = &wsi->parent->cgi->stdwsi[0]; + args.hdr_state = wsi->hdr_state; + + //lwsl_err("CGI LWS_STDOUT waiting wsi %p mode %d state %d\n", + // wsi->parent, wsi->parent->mode, wsi->parent->state); + + if (user_callback_handle_rxflow( + wsi->parent->protocol->callback, + wsi->parent, LWS_CALLBACK_CGI, + wsi->parent->user_space, + (void *)&args, 0)) + return 1; + + break; + } +#endif + default: +#ifdef LWS_NO_CLIENT + break; +#else + if ((pollfd->revents & LWS_POLLOUT) && + lws_handle_POLLOUT_event(wsi, pollfd)) { + lwsl_debug("POLLOUT event closed it\n"); + goto close_and_handled; + } + + n = lws_client_socket_service(context, wsi, pollfd); + if (n) + return 1; + goto handled; +#endif + } + + n = 0; + goto handled; + +close_and_handled: + lwsl_debug("%p: Close and handled\n", wsi); + lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS); + /* + * pollfd may point to something else after the close + * due to pollfd swapping scheme on delete on some platforms + * we can't clear revents now because it'd be the wrong guy's revents + */ + return 1; + +handled: + pollfd->revents = 0; + return n; +} + +LWS_VISIBLE int +lws_service_fd(struct lws_context *context, struct lws_pollfd *pollfd) +{ + return lws_service_fd_tsi(context, pollfd, 0); +} + +LWS_VISIBLE int +lws_service(struct lws_context *context, int timeout_ms) +{ + return lws_plat_service(context, timeout_ms); +} + +LWS_VISIBLE int +lws_service_tsi(struct lws_context *context, int timeout_ms, int tsi) +{ + return _lws_plat_service_tsi(context, timeout_ms, tsi); +} + diff --git a/lib/misc/sha-1.c b/lib/sha-1.c similarity index 96% rename from lib/misc/sha-1.c rename to lib/sha-1.c index c17a437..9353fbe 100644 --- a/lib/misc/sha-1.c +++ b/lib/sha-1.c @@ -32,7 +32,7 @@ * implemented by Jun-ichiro itojun Itoh */ -#include "core/private.h" +#include "private-libwebsockets.h" #ifdef LWS_HAVE_SYS_TYPES_H #include @@ -45,7 +45,7 @@ struct sha1_ctxt { } h; union { unsigned char b8[8]; - uint64_t b64[1]; + u_int64_t b64[1]; } c; union { unsigned char b8[64]; @@ -183,7 +183,7 @@ sha1_step(struct sha1_ctxt *ctxt) H(3) = H(3) + d; H(4) = H(4) + e; - memset(&ctxt->m.b8[0], 0, 64); + bzero(&ctxt->m.b8[0], 64); } /*------------------------------------------------------------*/ @@ -191,7 +191,7 @@ sha1_step(struct sha1_ctxt *ctxt) static void _sha1_init(struct sha1_ctxt *ctxt) { - memset(ctxt, 0, sizeof(struct sha1_ctxt)); + bzero(ctxt, sizeof(struct sha1_ctxt)); H(0) = 0x67452301; H(1) = 0xefcdab89; H(2) = 0x98badcfe; @@ -210,14 +210,14 @@ sha1_pad(struct sha1_ctxt *ctxt) padstart = COUNT % 64; padlen = 64 - padstart; if (padlen < 8) { - memset(&ctxt->m.b8[padstart], 0, padlen); + bzero(&ctxt->m.b8[padstart], padlen); COUNT += (unsigned char)padlen; COUNT %= 64; sha1_step(ctxt); padstart = COUNT % 64; /* should be 0 */ padlen = 64 - padstart; /* should be 64 */ } - memset(&ctxt->m.b8[padstart], 0, padlen - 8); + bzero(&ctxt->m.b8[padstart], padlen - 8); COUNT += ((unsigned char)padlen - 8); COUNT %= 64; #if BYTE_ORDER == BIG_ENDIAN @@ -236,14 +236,18 @@ sha1_pad(struct sha1_ctxt *ctxt) void sha1_loop(struct sha1_ctxt *ctxt, const unsigned char *input, size_t len) { + size_t gaplen; + size_t gapstart; size_t off; + size_t copysiz; off = 0; while (off < len) { - size_t gapstart = COUNT % 64, gaplen = 64 - gapstart, - copysiz = (gaplen < len - off) ? gaplen : len - off; + gapstart = COUNT % 64; + gaplen = 64 - gapstart; + copysiz = (gaplen < len - off) ? gaplen : len - off; memcpy(&ctxt->m.b8[gapstart], &input[off], copysiz); COUNT += (unsigned char)copysiz; COUNT %= 64; diff --git a/lib/smtp.c b/lib/smtp.c new file mode 100644 index 0000000..69a4bf0 --- /dev/null +++ b/lib/smtp.c @@ -0,0 +1,241 @@ +/* + * SMTP support for libwebsockets + * + * Copyright (C) 2016 Andy Green + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +static unsigned int +lwsgs_now_secs(void) +{ + struct timeval tv; + + gettimeofday(&tv, NULL); + + return tv.tv_sec; +} + +static void +ccb(uv_handle_t* handle) +{ + +} + +static void +alloc_buffer(uv_handle_t *handle, size_t suggested_size, uv_buf_t *buf) +{ + struct lws_email *email = (struct lws_email *)handle->data; + + *buf = uv_buf_init(email->email_buf, sizeof(email->email_buf) - 1); +} + +static void +on_write_end(uv_write_t *req, int status) { + lwsl_notice("%s\n", __func__); + if (status == -1) { + fprintf(stderr, "error on_write_end"); + return; + } +} + +static void +lwsgs_email_read(struct uv_stream_s *s, ssize_t nread, const uv_buf_t *buf) +{ + struct lws_email *email = (struct lws_email *)s->data; + static const short retcodes[] = { + 0, /* idle */ + 0, /* connecting */ + 220, /* connected */ + 250, /* helo */ + 250, /* from */ + 250, /* to */ + 354, /* data */ + 250, /* body */ + 221, /* quit */ + }; + uv_write_t write_req; + uv_buf_t wbuf; + int n; + + if (nread >= 0) + email->email_buf[nread] = '\0'; + lwsl_notice("%s: %s\n", __func__, buf->base); + if (nread == -1) { + lwsl_err("%s: failed\n", __func__); + return; + } + + n = atoi(buf->base); + if (n != retcodes[email->estate]) { + lwsl_err("%s: bad response from server\n", __func__); + goto close_conn; + } + + switch (email->estate) { + case LGSSMTP_CONNECTED: + n = sprintf(email->content, "HELO %s\n", email->email_helo); + email->estate = LGSSMTP_SENT_HELO; + break; + case LGSSMTP_SENT_HELO: + n = sprintf(email->content, "MAIL FROM: <%s>\n", email->email_from); + email->estate = LGSSMTP_SENT_FROM; + break; + case LGSSMTP_SENT_FROM: + n = sprintf(email->content, "RCPT TO: <%s>\n", email->email_to); + email->estate = LGSSMTP_SENT_TO; + break; + case LGSSMTP_SENT_TO: + n = sprintf(email->content, "DATA\n"); + email->estate = LGSSMTP_SENT_DATA; + break; + case LGSSMTP_SENT_DATA: + if (email->on_get_body(email, email->content, email->max_content_size)) + return; + n = strlen(email->content); + email->estate = LGSSMTP_SENT_BODY; + break; + case LGSSMTP_SENT_BODY: + n = sprintf(email->content, "quit\n"); + email->estate = LGSSMTP_SENT_QUIT; + break; + case LGSSMTP_SENT_QUIT: + lwsl_notice("%s: done\n", __func__); + email->on_sent(email); + email->estate = LGSSMTP_IDLE; + goto close_conn; + default: + return; + } + + puts(email->content); + wbuf = uv_buf_init(email->content, n); + uv_write(&write_req, s, &wbuf, 1, on_write_end); + + return; + +close_conn: + + uv_close((uv_handle_t *)s, ccb); +} + +static void +lwsgs_email_on_connect(uv_connect_t *req, int status) +{ + struct lws_email *email = (struct lws_email *)req->data; + + lwsl_notice("%s\n", __func__); + + if (status == -1) { + lwsl_err("%s: failed\n", __func__); + return; + } + + uv_read_start(req->handle, alloc_buffer, lwsgs_email_read); + email->estate = LGSSMTP_CONNECTED; +} + + +static void +uv_timeout_cb_email(uv_timer_t *w +#if UV_VERSION_MAJOR == 0 + , int status +#endif +) +{ + struct lws_email *email = lws_container_of(w, struct lws_email, + timeout_email); + time_t now = lwsgs_now_secs(); + struct sockaddr_in req_addr; + + switch (email->estate) { + case LGSSMTP_IDLE: + + if (email->on_next(email)) + break; + + email->estate = LGSSMTP_CONNECTING; + + uv_tcp_init(email->loop, &email->email_client); + if (uv_ip4_addr(email->email_smtp_ip, 25, &req_addr)) { + lwsl_err("Unable to convert mailserver ads\n"); + return; + } + + lwsl_notice("LGSSMTP_IDLE: connecting\n"); + + email->email_connect_started = now; + email->email_connect_req.data = email; + email->email_client.data = email; + uv_tcp_connect(&email->email_connect_req, &email->email_client, + (struct sockaddr *)&req_addr, + lwsgs_email_on_connect); + + uv_timer_start(&email->timeout_email, + uv_timeout_cb_email, 5000, 0); + + break; + + case LGSSMTP_CONNECTING: + if (email->email_connect_started - now > 5) { + lwsl_err("mail session timed out\n"); + /* !!! kill the connection */ + uv_close((uv_handle_t *) &email->email_connect_req, ccb); + email->estate = LGSSMTP_IDLE; + } + break; + + default: + break; + } +} + +LWS_VISIBLE LWS_EXTERN int +lws_email_init(struct lws_email *email, uv_loop_t *loop, int max_content) +{ + email->content = lws_malloc(max_content); + if (!email->content) + return 1; + + email->max_content_size = max_content; + uv_timer_init(loop, &email->timeout_email); + + email->loop = loop; + + /* trigger him one time in a bit */ + uv_timer_start(&email->timeout_email, uv_timeout_cb_email, 2000, 0); + + return 0; +} + +LWS_VISIBLE LWS_EXTERN void +lws_email_check(struct lws_email *email) +{ + uv_timer_start(&email->timeout_email, uv_timeout_cb_email, 1000, 0); +} + +LWS_VISIBLE LWS_EXTERN void +lws_email_destroy(struct lws_email *email) +{ + if (email->content) + lws_free_set_NULL(email->content); + + uv_timer_stop(&email->timeout_email); + uv_close((uv_handle_t *)&email->timeout_email, NULL); +} + diff --git a/lib/ssl-client.c b/lib/ssl-client.c new file mode 100644 index 0000000..0c75738 --- /dev/null +++ b/lib/ssl-client.c @@ -0,0 +1,593 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +extern int openssl_websocket_private_data_index, + openssl_SSL_CTX_private_data_index; + +extern void +lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info); + +extern int lws_ssl_get_error(struct lws *wsi, int n); + +#if defined(USE_WOLFSSL) +#else + +static int +OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ +#if defined(LWS_WITH_ESP32) +// long gvr = ssl_pm_get_verify_result( + lwsl_notice("%s\n", __func__); + + return 0; +#else + SSL *ssl; + int n; + struct lws *wsi; + + /* keep old behaviour accepting self-signed server certs */ + if (!preverify_ok) { + int err = X509_STORE_CTX_get_error(x509_ctx); + + if (err != X509_V_OK) { + ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index); + + if ((err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || + err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && + wsi->use_ssl & LCCSCF_ALLOW_SELFSIGNED) { + lwsl_notice("accepting self-signed certificate (verify_callback)\n"); + X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); + return 1; // ok + } else if ((err == X509_V_ERR_CERT_NOT_YET_VALID || + err == X509_V_ERR_CERT_HAS_EXPIRED) && + wsi->use_ssl & LCCSCF_ALLOW_EXPIRED) { + if (err == X509_V_ERR_CERT_NOT_YET_VALID) + lwsl_notice("accepting not yet valid certificate (verify_callback)\n"); + else if (err == X509_V_ERR_CERT_HAS_EXPIRED) + lwsl_notice("accepting expired certificate (verify_callback)\n"); + X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); + return 1; // ok + } + } + } + + ssl = X509_STORE_CTX_get_ex_data(x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); + wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index); + + n = lws_get_context_protocol(wsi->context, 0).callback(wsi, LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION, x509_ctx, ssl, preverify_ok); + + /* keep old behaviour if something wrong with server certs */ + /* if ssl error is overruled in callback and cert is ok, + * X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); must be set and + * return value is 0 from callback */ + if (!preverify_ok) { + int err = X509_STORE_CTX_get_error(x509_ctx); + + if (err != X509_V_OK) { /* cert validation error was not handled in callback */ + int depth = X509_STORE_CTX_get_error_depth(x509_ctx); + const char* msg = X509_verify_cert_error_string(err); + lwsl_err("SSL error: %s (preverify_ok=%d;err=%d;depth=%d)\n", msg, preverify_ok, err, depth); + return preverify_ok; // not ok + } + } + /* convert callback return code from 0 = OK to verify callback return value 1 = OK */ + return !n; +#endif +} +#endif + +int +lws_ssl_client_bio_create(struct lws *wsi) +{ + char hostname[128], *p; + + if (lws_hdr_copy(wsi, hostname, sizeof(hostname), + _WSI_TOKEN_CLIENT_HOST) <= 0) { + lwsl_err("%s: Unable to get hostname\n", __func__); + + return -1; + } + + /* + * remove any :port part on the hostname... necessary for network + * connection but typical certificates do not contain it + */ + p = hostname; + while (*p) { + if (*p == ':') { + *p = '\0'; + break; + } + p++; + } + + wsi->ssl = SSL_new(wsi->vhost->ssl_client_ctx); + if (!wsi->ssl) { + lwsl_err("SSL_new failed: %s\n", + ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); + lws_ssl_elaborate_error(); + return -1; + } + +#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) + if (wsi->vhost->ssl_info_event_mask) + SSL_set_info_callback(wsi->ssl, lws_ssl_info_callback); +#endif + +#if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host + X509_VERIFY_PARAM *param; + (void)param; + + if (!(wsi->use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) { + param = SSL_get0_param(wsi->ssl); + /* Enable automatic hostname checks */ + X509_VERIFY_PARAM_set_hostflags(param, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, hostname, 0); + } + +#endif + +#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) +#ifndef USE_OLD_CYASSL + /* OpenSSL_client_verify_callback will be called @ SSL_connect() */ + SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback); +#endif +#endif + +#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) + SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#endif + /* + * use server name indication (SNI), if supported, + * when establishing connection + */ +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL +#ifdef CYASSL_SNI_HOST_NAME + CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME, hostname, strlen(hostname)); +#endif +#else +#ifdef WOLFSSL_SNI_HOST_NAME + wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME, hostname, strlen(hostname)); +#endif +#endif +#else +#if defined(LWS_WITH_ESP32) +// esp-idf openssl shim does not seem ready for this +// SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback); + SSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, OpenSSL_client_verify_callback); + +#else +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + SSL_set_tlsext_host_name(wsi->ssl, hostname); +#endif +#endif +#endif + +#ifdef USE_WOLFSSL + /* + * wolfSSL/CyaSSL does certificate verification differently + * from OpenSSL. + * If we should ignore the certificate, we need to set + * this before SSL_new and SSL_connect is called. + * Otherwise the connect will simply fail with error code -155 + */ +#ifdef USE_OLD_CYASSL + if (wsi->use_ssl == 2) + CyaSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL); +#else + if (wsi->use_ssl == 2) + wolfSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL); +#endif +#endif /* USE_WOLFSSL */ + +#if !defined(LWS_WITH_ESP32) + wsi->client_bio = BIO_new_socket(wsi->desc.sockfd, BIO_NOCLOSE); + SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio); +#else + SSL_set_fd(wsi->ssl, wsi->desc.sockfd); +#endif + +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL + CyaSSL_set_using_nonblock(wsi->ssl, 1); +#else + wolfSSL_set_using_nonblock(wsi->ssl, 1); +#endif +#else +#if !defined(LWS_WITH_ESP32) + BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */ +#endif +#endif + +#if !defined(LWS_WITH_ESP32) + SSL_set_ex_data(wsi->ssl, openssl_websocket_private_data_index, + wsi); +#endif + + return 0; +} + +#if defined(LWS_WITH_ESP32) +int ERR_get_error(void) +{ + return 0; +} +#endif + +int +lws_ssl_client_connect1(struct lws *wsi) +{ + struct lws_context *context = wsi->context; + int n = 0; + + lws_latency_pre(context, wsi); + + n = SSL_connect(wsi->ssl); + + lws_latency(context, wsi, + "SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0); + + if (n < 0) { + n = lws_ssl_get_error(wsi, n); + + if (n == SSL_ERROR_WANT_READ) + goto some_wait; + + if (n == SSL_ERROR_WANT_WRITE) { + /* + * wants us to retry connect due to + * state of the underlying ssl layer... + * but since it may be stalled on + * blocked write, no incoming data may + * arrive to trigger the retry. + * Force (possibly many times if the SSL + * state persists in returning the + * condition code, but other sockets + * are getting serviced inbetweentimes) + * us to get called back when writable. + */ + lwsl_info("%s: WANT_WRITE... retrying\n", __func__); + lws_callback_on_writable(wsi); +some_wait: + wsi->mode = LWSCM_WSCL_WAITING_SSL; + + return 0; /* no error */ + } + + { + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + char *p = (char *)&pt->serv_buf[0]; + char *sb = p; + + lwsl_err("ssl hs1 error, X509_V_ERR = %d: %s\n", + n, ERR_error_string(n, sb)); + lws_ssl_elaborate_error(); + } + + n = -1; + } + + if (n <= 0) { + /* + * retry if new data comes until we + * run into the connection timeout or win + */ + + unsigned long error = ERR_get_error(); + + if (error != SSL_ERROR_NONE) { + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + char *p = (char *)&pt->serv_buf[0]; + char *sb = p; + lwsl_err("SSL connect error %lu: %s\n", + error, ERR_error_string(error, sb)); + return -1; + } + } + + return 1; +} + +int +lws_ssl_client_connect2(struct lws *wsi) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; + char *p = (char *)&pt->serv_buf[0]; + char *sb = p; + int n = 0; + + if (wsi->mode == LWSCM_WSCL_WAITING_SSL) { + lws_latency_pre(context, wsi); + n = SSL_connect(wsi->ssl); + lwsl_debug("%s: SSL_connect says %d\n", __func__, n); + + lws_latency(context, wsi, + "SSL_connect LWSCM_WSCL_WAITING_SSL", n, n > 0); + + if (n < 0) { + n = lws_ssl_get_error(wsi, n); + + if (n == SSL_ERROR_WANT_READ) { + lwsl_info("SSL_connect WANT_READ... retrying\n"); + + wsi->mode = LWSCM_WSCL_WAITING_SSL; + + return 0; /* no error */ + } + + if (n == SSL_ERROR_WANT_WRITE) { + /* + * wants us to retry connect due to + * state of the underlying ssl layer... + * but since it may be stalled on + * blocked write, no incoming data may + * arrive to trigger the retry. + * Force (possibly many times if the SSL + * state persists in returning the + * condition code, but other sockets + * are getting serviced inbetweentimes) + * us to get called back when writable. + */ + lwsl_info("SSL_connect WANT_WRITE... retrying\n"); + lws_callback_on_writable(wsi); + + wsi->mode = LWSCM_WSCL_WAITING_SSL; + + return 0; /* no error */ + } + + n = -1; + } + + if (n <= 0) { + /* + * retry if new data comes until we + * run into the connection timeout or win + */ + unsigned long error = ERR_get_error(); + if (error != SSL_ERROR_NONE) { + lwsl_err("SSL connect error %lu: %s\n", + error, ERR_error_string(error, sb)); + return -1; + } + } + } + +#if defined(LWS_WITH_ESP32) + { + X509 *peer = SSL_get_peer_certificate(wsi->ssl); + + if (!peer) { + lwsl_notice("peer did not provide cert\n"); + + return -1; + } + lwsl_notice("peer provided cert\n"); + } +#endif + +#ifndef USE_WOLFSSL + /* + * See comment above about wolfSSL certificate + * verification + */ + lws_latency_pre(context, wsi); + n = SSL_get_verify_result(wsi->ssl); + lws_latency(context, wsi, + "SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", n, n > 0); + + lwsl_debug("get_verify says %d\n", n); + + if (n != X509_V_OK) { + if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || + n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && + (wsi->use_ssl & LCCSCF_ALLOW_SELFSIGNED)) { + lwsl_notice("accepting self-signed certificate\n"); + } else if ((n == X509_V_ERR_CERT_NOT_YET_VALID || + n == X509_V_ERR_CERT_HAS_EXPIRED) && + (wsi->use_ssl & LCCSCF_ALLOW_EXPIRED)) { + lwsl_notice("accepting expired certificate\n"); + } else if (n == X509_V_ERR_CERT_NOT_YET_VALID) { + lwsl_notice("Cert is from the future... " + "probably our clock... accepting...\n"); + } else { + lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n", + n, ERR_error_string(n, sb)); + lws_ssl_elaborate_error(); + return -1; + } + } + +#endif /* USE_WOLFSSL */ + + return 1; +} + + +int lws_context_init_client_ssl(struct lws_context_creation_info *info, + struct lws_vhost *vhost) +{ + SSL_METHOD *method = NULL; + struct lws wsi; + unsigned long error; +#if !defined(LWS_WITH_ESP32) + const char *cipher_list = info->ssl_cipher_list; + const char *ca_filepath = info->ssl_ca_filepath; + const char *private_key_filepath = info->ssl_private_key_filepath; + const char *cert_filepath = info->ssl_cert_filepath; + + int n; + + /* + * for backwards-compatibility default to using ssl_... members, but + * if the newer client-specific ones are given, use those + */ + if (info->client_ssl_cipher_list) + cipher_list = info->client_ssl_cipher_list; + if (info->client_ssl_ca_filepath) + ca_filepath = info->client_ssl_ca_filepath; + if (info->client_ssl_cert_filepath) + cert_filepath = info->client_ssl_cert_filepath; + if (info->client_ssl_private_key_filepath) + private_key_filepath = info->client_ssl_private_key_filepath; +#endif + + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) + return 0; + + if (vhost->ssl_client_ctx) + return 0; + + if (info->provided_client_ssl_ctx) { + /* use the provided OpenSSL context if given one */ + vhost->ssl_client_ctx = info->provided_client_ssl_ctx; + /* nothing for lib to delete */ + vhost->user_supplied_ssl_ctx = 1; + + return 0; + } + + /* basic openssl init already happened in context init */ + + /* choose the most recent spin of the api */ +#if defined(LWS_HAVE_TLS_CLIENT_METHOD) + method = (SSL_METHOD *)TLS_client_method(); +#elif defined(LWS_HAVE_TLSV1_2_CLIENT_METHOD) + method = (SSL_METHOD *)TLSv1_2_client_method(); +#else + method = (SSL_METHOD *)SSLv23_client_method(); +#endif + if (!method) { + error = ERR_get_error(); + lwsl_err("problem creating ssl method %lu: %s\n", + error, ERR_error_string(error, + (char *)vhost->context->pt[0].serv_buf)); + return 1; + } + /* create context */ + vhost->ssl_client_ctx = SSL_CTX_new(method); + if (!vhost->ssl_client_ctx) { + error = ERR_get_error(); + lwsl_err("problem creating ssl context %lu: %s\n", + error, ERR_error_string(error, + (char *)vhost->context->pt[0].serv_buf)); + return 1; + } + +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(vhost->ssl_client_ctx, SSL_OP_NO_COMPRESSION); +#endif + +#if !defined(LWS_WITH_ESP32) + SSL_CTX_set_options(vhost->ssl_client_ctx, + SSL_OP_CIPHER_SERVER_PREFERENCE); + + if (cipher_list) + SSL_CTX_set_cipher_list(vhost->ssl_client_ctx, cipher_list); + +#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS)) + /* loads OS default CA certs */ + SSL_CTX_set_default_verify_paths(vhost->ssl_client_ctx); +#endif + + /* openssl init for cert verification (for client sockets) */ + if (!ca_filepath) { + if (!SSL_CTX_load_verify_locations( + vhost->ssl_client_ctx, NULL, + LWS_OPENSSL_CLIENT_CERTS)) + lwsl_err( + "Unable to load SSL Client certs from %s " + "(set by --with-client-cert-dir= " + "in configure) -- client ssl isn't " + "going to work\n", LWS_OPENSSL_CLIENT_CERTS); + } else + if (!SSL_CTX_load_verify_locations( + vhost->ssl_client_ctx, ca_filepath, NULL)) { + lwsl_err( + "Unable to load SSL Client certs " + "file from %s -- client ssl isn't " + "going to work\n", info->client_ssl_ca_filepath); + lws_ssl_elaborate_error(); + } + else + lwsl_info("loaded ssl_ca_filepath\n"); +#endif + /* + * callback allowing user code to load extra verification certs + * helping the client to verify server identity + */ +#if !defined(LWS_WITH_ESP32) + + /* support for client-side certificate authentication */ + if (cert_filepath) { + lwsl_notice("%s: doing cert filepath\n", __func__); + n = SSL_CTX_use_certificate_chain_file(vhost->ssl_client_ctx, + cert_filepath); + if (n < 1) { + lwsl_err("problem %d getting cert '%s'\n", n, + cert_filepath); + lws_ssl_elaborate_error(); + return 1; + } + lwsl_notice("Loaded client cert %s\n", cert_filepath); + } + if (private_key_filepath) { + lwsl_notice("%s: doing private key filepath\n", __func__); + lws_ssl_bind_passphrase(vhost->ssl_client_ctx, info); + /* set the private key from KeyFile */ + if (SSL_CTX_use_PrivateKey_file(vhost->ssl_client_ctx, + private_key_filepath, SSL_FILETYPE_PEM) != 1) { + lwsl_err("use_PrivateKey_file '%s'\n", + private_key_filepath); + lws_ssl_elaborate_error(); + return 1; + } + lwsl_notice("Loaded client cert private key %s\n", + private_key_filepath); + + /* verify private key */ + if (!SSL_CTX_check_private_key(vhost->ssl_client_ctx)) { + lwsl_err("Private SSL key doesn't match cert\n"); + return 1; + } + } +#endif + /* + * give him a fake wsi with context set, so he can use + * lws_get_context() in the callback + */ + memset(&wsi, 0, sizeof(wsi)); + wsi.vhost = vhost; + wsi.context = vhost->context; + + vhost->protocols[0].callback(&wsi, + LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS, + vhost->ssl_client_ctx, NULL, 0); + + return 0; +} diff --git a/lib/ssl-http2.c b/lib/ssl-http2.c new file mode 100644 index 0000000..eb3d208 --- /dev/null +++ b/lib/ssl-http2.c @@ -0,0 +1,154 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2014 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + * + * Some or all of this file is based on code from nghttp2, which has the + * following license. Since it's more liberal than lws license, you're also + * at liberty to get the original code from + * https://github.com/tatsuhiro-t/nghttp2 under his liberal terms alone. + * + * nghttp2 - HTTP/2.0 C Library + * + * Copyright (c) 2012 Tatsuhiro Tsujikawa + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +#include "private-libwebsockets.h" + +#ifndef LWS_NO_SERVER +#ifdef LWS_OPENSSL_SUPPORT + +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + +struct alpn_ctx { + unsigned char *data; + unsigned short len; +}; + +static int +npn_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg) +{ + struct alpn_ctx *alpn_ctx = arg; + + lwsl_info("%s\n", __func__); + *data = alpn_ctx->data; + *len = alpn_ctx->len; + + return SSL_TLSEXT_ERR_OK; +} + +static int +alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg) +{ + struct alpn_ctx *alpn_ctx = arg; + + if (SSL_select_next_proto((unsigned char **)out, outlen, alpn_ctx->data, + alpn_ctx->len, in, inlen) != + OPENSSL_NPN_NEGOTIATED) + return SSL_TLSEXT_ERR_NOACK; + + return SSL_TLSEXT_ERR_OK; +} +#endif + +LWS_VISIBLE void +lws_context_init_http2_ssl(struct lws_vhost *vhost) +{ +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + static struct alpn_ctx protos = { (unsigned char *)"\x02h2" + "\x08http/1.1", 6 + 9 }; + + SSL_CTX_set_next_protos_advertised_cb(vhost->ssl_ctx, npn_cb, &protos); + + // ALPN selection callback + SSL_CTX_set_alpn_select_cb(vhost->ssl_ctx, alpn_cb, &protos); + lwsl_notice(" HTTP2 / ALPN enabled\n"); +#else + lwsl_notice( + " HTTP2 / ALPN configured but not supported by OpenSSL 0x%lx\n", + OPENSSL_VERSION_NUMBER); +#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L +} + +void lws_http2_configure_if_upgraded(struct lws *wsi) +{ +#if OPENSSL_VERSION_NUMBER >= 0x10002000L + struct allocated_headers *ah; + const char *method = "alpn"; + const unsigned char *name; + unsigned len; + + SSL_get0_alpn_selected(wsi->ssl, &name, &len); + + if (!len) { + SSL_get0_next_proto_negotiated(wsi->ssl, &name, &len); + method = "npn"; + } + + if (!len) { + lwsl_info("no npn/alpn upgrade\n"); + return; + } + + (void)method; + lwsl_info("negotiated %s using %s\n", name, method); + wsi->use_ssl = 1; + if (strncmp((char *)name, "http/1.1", 8) == 0) + return; + + /* http2 */ + + /* adopt the header info */ + + ah = wsi->u.hdr.ah; + + lws_union_transition(wsi, LWSCM_HTTP2_SERVING); + wsi->state = LWSS_HTTP2_AWAIT_CLIENT_PREFACE; + + /* http2 union member has http union struct at start */ + wsi->u.http.ah = ah; + + lws_http2_init(&wsi->u.http2.peer_settings); + lws_http2_init(&wsi->u.http2.my_settings); + + /* HTTP2 union */ +#endif +} + +#endif +#endif diff --git a/lib/ssl-server.c b/lib/ssl-server.c new file mode 100644 index 0000000..ea87ee5 --- /dev/null +++ b/lib/ssl-server.c @@ -0,0 +1,439 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2016 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +extern int openssl_websocket_private_data_index, + openssl_SSL_CTX_private_data_index; + +extern void +lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info); + +#if !defined(LWS_WITH_ESP32) +static int +OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + SSL *ssl; + int n; + struct lws *wsi; + + ssl = X509_STORE_CTX_get_ex_data(x509_ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + + /* + * !!! nasty openssl requires the index to come as a library-scope + * static + */ + wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index); + + n = wsi->vhost->protocols[0].callback(wsi, + LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION, + x509_ctx, ssl, preverify_ok); + + /* convert return code from 0 = OK to 1 = OK */ + return !n; +} +#endif + +static int +lws_context_ssl_init_ecdh(struct lws_vhost *vhost) +{ +#ifdef LWS_SSL_SERVER_WITH_ECDH_CERT + EC_KEY *EC_key = NULL; + EVP_PKEY *pkey; + int KeyType; + X509 *x; + + if (!lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_SSL_ECDH)) + return 0; + + lwsl_notice(" Using ECDH certificate support\n"); + + /* Get X509 certificate from ssl context */ + x = sk_X509_value(vhost->ssl_ctx->extra_certs, 0); + if (!x) { + lwsl_err("%s: x is NULL\n", __func__); + return 1; + } + /* Get the public key from certificate */ + pkey = X509_get_pubkey(x); + if (!pkey) { + lwsl_err("%s: pkey is NULL\n", __func__); + + return 1; + } + /* Get the key type */ + KeyType = EVP_PKEY_type(pkey->type); + + if (EVP_PKEY_EC != KeyType) { + lwsl_notice("Key type is not EC\n"); + return 0; + } + /* Get the key */ + EC_key = EVP_PKEY_get1_EC_KEY(pkey); + /* Set ECDH parameter */ + if (!EC_key) { + lwsl_err("%s: ECDH key is NULL \n", __func__); + return 1; + } + SSL_CTX_set_tmp_ecdh(vhost->ssl_ctx, EC_key); + EC_KEY_free(EC_key); +#endif + return 0; +} + +static int +lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, + struct lws_vhost *vhost) +{ +#ifdef LWS_HAVE_OPENSSL_ECDH_H + EC_KEY *ecdh; + int ecdh_nid; + const char *ecdh_curve = "prime256v1"; + + if (info->ecdh_curve) + ecdh_curve = info->ecdh_curve; + + ecdh_nid = OBJ_sn2nid(ecdh_curve); + if (NID_undef == ecdh_nid) { + lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve); + return 1; + } + + ecdh = EC_KEY_new_by_curve_name(ecdh_nid); + if (NULL == ecdh) { + lwsl_err("SSL: Unable to create curve '%s'", ecdh_curve); + return 1; + } + SSL_CTX_set_tmp_ecdh(vhost->ssl_ctx, ecdh); + EC_KEY_free(ecdh); + + SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_SINGLE_ECDH_USE); + + lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve); +#else +#if !defined(LWS_WITH_ESP32) + lwsl_notice(" OpenSSL doesn't support ECDH\n"); +#endif +#endif + return 0; +} + +#ifndef OPENSSL_NO_TLSEXT +static int +lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg) +{ + struct lws_context *context; + struct lws_vhost *vhost, *vh; + const char *servername; + int port; + + if (!ssl) + return SSL_TLSEXT_ERR_NOACK; + + context = (struct lws_context *)SSL_CTX_get_ex_data( + SSL_get_SSL_CTX(ssl), + openssl_SSL_CTX_private_data_index); + + /* + * We can only get ssl accepted connections by using a vhost's ssl_ctx + * find out which listening one took us and only match vhosts on the + * same port. + */ + vh = context->vhost_list; + while (vh) { + if (!vh->being_destroyed && vh->ssl_ctx == SSL_get_SSL_CTX(ssl)) + break; + vh = vh->vhost_next; + } + + assert(vh); /* we cannot get an ssl without using a vhost ssl_ctx */ + port = vh->listen_port; + + servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + + if (servername) { + vhost = lws_select_vhost(context, port, servername); + if (vhost) { + lwsl_debug("SNI: Found: %s (port %d)\n", + servername, port); + SSL_set_SSL_CTX(ssl, vhost->ssl_ctx); + return SSL_TLSEXT_ERR_OK; + } + lwsl_err("SNI: Unknown ServerName: %s\n", servername); + } + + return SSL_TLSEXT_ERR_OK; +} +#endif + +LWS_VISIBLE int +lws_context_init_server_ssl(struct lws_context_creation_info *info, + struct lws_vhost *vhost) +{ + struct lws_context *context = vhost->context; + struct lws wsi; + unsigned long error; + int n; + + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) { + vhost->use_ssl = 0; + return 0; + } + if (info->port != CONTEXT_PORT_NO_LISTEN) { + + vhost->use_ssl = info->ssl_cert_filepath != NULL; + + if (vhost->use_ssl && info->ssl_cipher_list) + lwsl_notice(" SSL ciphers: '%s'\n", info->ssl_cipher_list); + + if (vhost->use_ssl) + lwsl_notice(" Using SSL mode\n"); + else + lwsl_notice(" Using non-SSL mode\n"); + } + + /* + * give him a fake wsi with context + vhost set, so he can use + * lws_get_context() in the callback + */ + memset(&wsi, 0, sizeof(wsi)); + wsi.vhost = vhost; + wsi.context = context; + + (void)n; + (void)error; + + /* + * Firefox insists on SSLv23 not SSLv3 + * Konq disables SSLv2 by default now, SSLv23 works + * + * SSLv23_server_method() is the openssl method for "allow all TLS + * versions", compared to e.g. TLSv1_2_server_method() which only allows + * tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options() + */ +#if !defined(LWS_WITH_ESP32) + { + SSL_METHOD *method; + + method = (SSL_METHOD *)SSLv23_server_method(); + if (!method) { + error = ERR_get_error(); + lwsl_err("problem creating ssl method %lu: %s\n", + error, ERR_error_string(error, + (char *)context->pt[0].serv_buf)); + return 1; + } + vhost->ssl_ctx = SSL_CTX_new(method); /* create context */ + if (!vhost->ssl_ctx) { + error = ERR_get_error(); + lwsl_err("problem creating ssl context %lu: %s\n", + error, ERR_error_string(error, + (char *)context->pt[0].serv_buf)); + return 1; + } + } +#else + { + const SSL_METHOD *method = TLSv1_2_server_method(); + + vhost->ssl_ctx = SSL_CTX_new(method); /* create context */ + if (!vhost->ssl_ctx) { + lwsl_err("problem creating ssl context\n"); + return 1; + } + + } +#endif +#if !defined(LWS_WITH_ESP32) + + /* associate the lws context with the SSL_CTX */ + + SSL_CTX_set_ex_data(vhost->ssl_ctx, + openssl_SSL_CTX_private_data_index, (char *)vhost->context); + /* Disable SSLv2 and SSLv3 */ + SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); +#ifdef SSL_OP_NO_COMPRESSION + SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_NO_COMPRESSION); +#endif + SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_SINGLE_DH_USE); + SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + + if (info->ssl_cipher_list) + SSL_CTX_set_cipher_list(vhost->ssl_ctx, + info->ssl_cipher_list); +#endif + + /* as a server, are we requiring clients to identify themselves? */ + + if (lws_check_opt(info->options, + LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) { + int verify_options = SSL_VERIFY_PEER; + + if (!lws_check_opt(info->options, + LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED)) + verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; + +#if !defined(LWS_WITH_ESP32) + SSL_CTX_set_session_id_context(vhost->ssl_ctx, + (unsigned char *)context, sizeof(void *)); + + /* absolutely require the client cert */ + + SSL_CTX_set_verify(vhost->ssl_ctx, + verify_options, OpenSSL_verify_callback); +#endif + } + +#ifndef OPENSSL_NO_TLSEXT + SSL_CTX_set_tlsext_servername_callback(vhost->ssl_ctx, + lws_ssl_server_name_cb); +#endif + + /* + * give user code a chance to load certs into the server + * allowing it to verify incoming client certs + */ +#if !defined(LWS_WITH_ESP32) + if (info->ssl_ca_filepath && + !SSL_CTX_load_verify_locations(vhost->ssl_ctx, + info->ssl_ca_filepath, NULL)) { + lwsl_err("%s: SSL_CTX_load_verify_locations unhappy\n", __func__); + } +#endif + if (vhost->use_ssl) { + if (lws_context_ssl_init_ecdh_curve(info, vhost)) + return -1; + + vhost->protocols[0].callback(&wsi, + LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS, + vhost->ssl_ctx, NULL, 0); + } + + if (lws_check_opt(info->options, LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT)) + /* Normally SSL listener rejects non-ssl, optionally allow */ + vhost->allow_non_ssl_on_ssl_port = 1; + + if (info->ssl_options_set) + SSL_CTX_set_options(vhost->ssl_ctx, info->ssl_options_set); + +/* SSL_clear_options introduced in 0.9.8m */ +#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL) + if (info->ssl_options_clear) + SSL_CTX_clear_options(vhost->ssl_ctx, info->ssl_options_clear); +#endif + + lwsl_info(" SSL options 0x%lX\n", + SSL_CTX_get_options(vhost->ssl_ctx)); + + if (vhost->use_ssl) { + /* openssl init for server sockets */ +#if !defined(LWS_WITH_ESP32) + /* set the local certificate from CertFile */ + n = SSL_CTX_use_certificate_chain_file(vhost->ssl_ctx, + info->ssl_cert_filepath); + if (n != 1) { + error = ERR_get_error(); + lwsl_err("problem getting cert '%s' %lu: %s\n", + info->ssl_cert_filepath, + error, + ERR_error_string(error, + (char *)context->pt[0].serv_buf)); + return 1; + } + lws_ssl_bind_passphrase(vhost->ssl_ctx, info); +#else + uint8_t *p; + lws_filepos_t flen; + int err; + + if (alloc_pem_to_der_file(vhost->context, info->ssl_cert_filepath, &p, + &flen)) { + lwsl_err("couldn't find cert file %s\n", + info->ssl_cert_filepath); + + return 1; + } + err = SSL_CTX_use_certificate_ASN1(vhost->ssl_ctx, flen, p); + if (!err) { + lwsl_err("Problem loading cert\n"); + return 1; + } + + if (alloc_pem_to_der_file(vhost->context, + info->ssl_private_key_filepath, &p, &flen)) { + lwsl_err("couldn't find cert file %s\n", + info->ssl_cert_filepath); + + return 1; + } + err = SSL_CTX_use_PrivateKey_ASN1(0, vhost->ssl_ctx, p, flen); + if (!err) { + lwsl_err("Problem loading key\n"); + + return 1; + } + +// free(p); +#endif + if (info->ssl_private_key_filepath != NULL) { +#if !defined(LWS_WITH_ESP32) + /* set the private key from KeyFile */ + if (SSL_CTX_use_PrivateKey_file(vhost->ssl_ctx, + info->ssl_private_key_filepath, + SSL_FILETYPE_PEM) != 1) { + error = ERR_get_error(); + lwsl_err("ssl problem getting key '%s' %lu: %s\n", + info->ssl_private_key_filepath, error, + ERR_error_string(error, + (char *)context->pt[0].serv_buf)); + return 1; + } +#endif + } else + if (vhost->protocols[0].callback(&wsi, + LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, + vhost->ssl_ctx, NULL, 0)) { + lwsl_err("ssl private key not set\n"); + + return 1; + } +#if !defined(LWS_WITH_ESP32) + /* verify private key */ + if (!SSL_CTX_check_private_key(vhost->ssl_ctx)) { + lwsl_err("Private SSL key doesn't match cert\n"); + return 1; + } +#endif + if (lws_context_ssl_init_ecdh(vhost)) + return 1; + + /* + * SSL is happy and has a cert it's content with + * If we're supporting HTTP2, initialize that + */ + + lws_context_init_http2_ssl(vhost); + } + + return 0; +} + diff --git a/lib/ssl.c b/lib/ssl.c new file mode 100644 index 0000000..c517267 --- /dev/null +++ b/lib/ssl.c @@ -0,0 +1,892 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2010-2017 Andy Green + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation: + * version 2.1 of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "private-libwebsockets.h" + +/* workaround for mingw */ +#if !defined(ECONNABORTED) +#define ECONNABORTED 103 +#endif + +int lws_alloc_vfs_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount) +{ + lws_filepos_t len; + lws_fop_flags_t flags = LWS_O_RDONLY; + lws_fop_fd_t fops_fd = lws_vfs_file_open( + lws_get_fops(context), filename, &flags); + int ret = 1; + + if (!fops_fd) + return 1; + + len = lws_vfs_get_length(fops_fd); + + *buf = malloc((size_t)len); + if (!*buf) + goto bail; + + if (lws_vfs_file_read(fops_fd, amount, *buf, len)) + goto bail; + + ret = 0; +bail: + lws_vfs_file_close(&fops_fd); + + return ret; +} + +#if defined(LWS_WITH_ESP32) +int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount) +{ + nvs_handle nvh; + size_t s; + int n = 0; + + ESP_ERROR_CHECK(nvs_open("lws-station", NVS_READWRITE, &nvh)); + if (nvs_get_blob(nvh, filename, NULL, &s) != ESP_OK) { + n = 1; + goto bail; + } + *buf = malloc(s); + if (!*buf) { + n = 2; + goto bail; + } + if (nvs_get_blob(nvh, filename, (char *)*buf, &s) != ESP_OK) { + free(*buf); + n = 1; + goto bail; + } + + *amount = s; + +bail: + nvs_close(nvh); + + return n; +} +int alloc_pem_to_der_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount) +{ + uint8_t *pem, *p, *q, *end; + lws_filepos_t len; + int n; + + n = alloc_file(context, filename, &pem, &len); + if (n) + return n; + + /* trim the first line */ + + p = pem; + end = p + len; + if (strncmp((char *)p, "-----", 5)) + goto bail; + p += 5; + while (p < end && *p != '\n' && *p != '-') + p++; + + if (*p != '-') + goto bail; + + while (p < end && *p != '\n') + p++; + + if (p >= end) + goto bail; + + p++; + + /* trim the last line */ + + q = end - 2; + + while (q > pem && *q != '\n') + q--; + + if (*q != '\n') + goto bail; + + *q = '\0'; + + *amount = lws_b64_decode_string((char *)p, (char *)pem, len); + *buf = pem; + + return 0; + +bail: + free(pem); + + return 4; +} +#endif + +int openssl_websocket_private_data_index, + openssl_SSL_CTX_private_data_index; + +int lws_ssl_get_error(struct lws *wsi, int n) +{ + if (!wsi->ssl) + return 99; + lwsl_debug("%s: %p %d\n", __func__, wsi->ssl, n); + return SSL_get_error(wsi->ssl, n); +} + +/* Copies a string describing the code returned by lws_ssl_get_error(), + * which may also contain system error information in the case of SSL_ERROR_SYSCALL, + * into buf up to len. + * Returns a pointer to buf. + * + * Note: the lws_ssl_get_error() code is *not* an error code that can be passed + * to ERR_error_string(), + * + * ret is the return value originally passed to lws_ssl_get_error(), needed to disambiguate + * SYS_ERROR_SYSCALL. + * + * See man page for SSL_get_error(). + * + * Not thread safe, uses strerror() + */ +char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) { + switch (status) { + case SSL_ERROR_NONE: return strncpy(buf, "SSL_ERROR_NONE", len); + case SSL_ERROR_ZERO_RETURN: return strncpy(buf, "SSL_ERROR_ZERO_RETURN", len); + case SSL_ERROR_WANT_READ: return strncpy(buf, "SSL_ERROR_WANT_READ", len); + case SSL_ERROR_WANT_WRITE: return strncpy(buf, "SSL_ERROR_WANT_WRITE", len); + case SSL_ERROR_WANT_CONNECT: return strncpy(buf, "SSL_ERROR_WANT_CONNECT", len); + case SSL_ERROR_WANT_ACCEPT: return strncpy(buf, "SSL_ERROR_WANT_ACCEPT", len); + case SSL_ERROR_WANT_X509_LOOKUP: return strncpy(buf, "SSL_ERROR_WANT_X509_LOOKUP", len); + case SSL_ERROR_SYSCALL: + switch (ret) { + case 0: + lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: EOF"); + return buf; + case -1: +#ifndef LWS_PLAT_OPTEE + lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: %s", strerror(errno)); +#else + lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: %d", errno); +#endif + return buf; + default: + return strncpy(buf, "SSL_ERROR_SYSCALL", len); + } + case SSL_ERROR_SSL: return "SSL_ERROR_SSL"; + default: return "SSL_ERROR_UNKNOWN"; + } +} + +void +lws_ssl_elaborate_error(void) +{ +#if defined(LWS_WITH_ESP32) +#else + char buf[256]; + u_long err; + + while ((err = ERR_get_error()) != 0) { + ERR_error_string_n(err, buf, sizeof(buf)); + lwsl_err("*** %s\n", buf); + } +#endif +} + +#if !defined(LWS_WITH_ESP32) + +static int +lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata) +{ + struct lws_context_creation_info * info = + (struct lws_context_creation_info *)userdata; + + strncpy(buf, info->ssl_private_key_password, size); + buf[size - 1] = '\0'; + + return strlen(buf); +} + +void +lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info) +{ + if (!info->ssl_private_key_password) + return; + /* + * password provided, set ssl callback and user data + * for checking password which will be trigered during + * SSL_CTX_use_PrivateKey_file function + */ + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info); + SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb); +} +#endif + +int +lws_context_init_ssl_library(struct lws_context_creation_info *info) +{ +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL + lwsl_notice(" Compiled with CyaSSL support\n"); +#else + lwsl_notice(" Compiled with wolfSSL support\n"); +#endif +#else +#if defined(LWS_USE_BORINGSSL) + lwsl_notice(" Compiled with BoringSSL support\n"); +#else + lwsl_notice(" Compiled with OpenSSL support\n"); +#endif +#endif + if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) { + lwsl_notice(" SSL disabled: no LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n"); + return 0; + } + + /* basic openssl init */ + + lwsl_notice("Doing SSL library init\n"); + +#if !defined(LWS_WITH_ESP32) + SSL_library_init(); + OpenSSL_add_all_algorithms(); + SSL_load_error_strings(); + + openssl_websocket_private_data_index = + SSL_get_ex_new_index(0, "lws", NULL, NULL, NULL); + + openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0, + NULL, NULL, NULL, NULL); +#endif + + return 0; +} + +LWS_VISIBLE void +lws_ssl_destroy(struct lws_vhost *vhost) +{ + if (!lws_check_opt(vhost->context->options, + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) + return; + + if (vhost->ssl_ctx) + SSL_CTX_free(vhost->ssl_ctx); + if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) + SSL_CTX_free(vhost->ssl_client_ctx); +#if !defined(LWS_WITH_ESP32) + +// after 1.1.0 no need +#if (OPENSSL_VERSION_NUMBER < 0x10100000) +// <= 1.0.1f = old api, 1.0.1g+ = new api +#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL) + ERR_remove_state(0); +#else +#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \ + !defined(LIBRESSL_VERSION_NUMBER) && \ + !defined(OPENSSL_IS_BORINGSSL) + ERR_remove_thread_state(); +#else + ERR_remove_thread_state(NULL); +#endif +#endif + // after 1.1.0 no need +#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000) + SSL_COMP_free_compression_methods(); +#endif + ERR_free_strings(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +#endif +#endif +} + +LWS_VISIBLE void +lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + + if (!wsi->pending_read_list_prev && + !wsi->pending_read_list_next && + pt->pending_read_list != wsi) + /* we are not on the list */ + return; + + /* point previous guy's next to our next */ + if (!wsi->pending_read_list_prev) + pt->pending_read_list = wsi->pending_read_list_next; + else + wsi->pending_read_list_prev->pending_read_list_next = + wsi->pending_read_list_next; + + /* point next guy's previous to our previous */ + if (wsi->pending_read_list_next) + wsi->pending_read_list_next->pending_read_list_prev = + wsi->pending_read_list_prev; + + wsi->pending_read_list_prev = NULL; + wsi->pending_read_list_next = NULL; +} + +LWS_VISIBLE int +lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + int n = 0; +#if !defined(LWS_WITH_ESP32) + int ssl_read_errno = 0; +#endif + + if (!wsi->ssl) + return lws_ssl_capable_read_no_ssl(wsi, buf, len); + + lws_stats_atomic_bump(context, pt, LWSSTATS_C_API_READ, 1); + + errno = 0; + n = SSL_read(wsi->ssl, buf, len); +#if defined(LWS_WITH_ESP32) + if (!n && errno == ENOTCONN) { + lwsl_debug("%p: SSL_read ENOTCONN\n", wsi); + return LWS_SSL_CAPABLE_ERROR; + } +#endif +#if defined(LWS_WITH_STATS) + if (!wsi->seen_rx) { + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_SSL_RX_DELAY, + time_in_microseconds() - wsi->accept_start_us); + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_SSL_CONNS_HAD_RX, 1); + wsi->seen_rx = 1; + } +#endif + + + lwsl_debug("%p: SSL_read says %d\n", wsi, n); + /* manpage: returning 0 means connection shut down */ + if (!n) { + n = lws_ssl_get_error(wsi, n); + lwsl_debug("%p: ssl err %d errno %d\n", wsi, n, errno); + if (n == SSL_ERROR_ZERO_RETURN) + return LWS_SSL_CAPABLE_ERROR; + + if (n == SSL_ERROR_SYSCALL) { +#if !defined(LWS_WITH_ESP32) + int err = ERR_get_error(); + if (err == 0 && (ssl_read_errno == EPIPE || + ssl_read_errno == ECONNABORTED || + ssl_read_errno == 0)) + return LWS_SSL_CAPABLE_ERROR; +#endif + } + + lwsl_err("%s failed: %s\n",__func__, + ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); + lws_ssl_elaborate_error(); + + return LWS_SSL_CAPABLE_ERROR; + } + + if (n < 0) { + n = lws_ssl_get_error(wsi, n); + // lwsl_notice("get_ssl_err result %d\n", n); + if (n == SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) { + lwsl_debug("%s: WANT_READ\n", __func__); + lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); + return LWS_SSL_CAPABLE_MORE_SERVICE; + } + if (n == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->ssl)) { + lwsl_debug("%s: WANT_WRITE\n", __func__); + lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); + return LWS_SSL_CAPABLE_MORE_SERVICE; + } + + + lwsl_err("%s failed2: %s\n",__func__, + ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); + lws_ssl_elaborate_error(); + + return LWS_SSL_CAPABLE_ERROR; + } + + lws_stats_atomic_bump(context, pt, LWSSTATS_B_READ, n); + + if (wsi->vhost) + wsi->vhost->conn_stats.rx += n; + + lws_restart_ws_ping_pong_timer(wsi); + + /* + * if it was our buffer that limited what we read, + * check if SSL has additional data pending inside SSL buffers. + * + * Because these won't signal at the network layer with POLLIN + * and if we don't realize, this data will sit there forever + */ + if (n != len) + goto bail; + if (!wsi->ssl) + goto bail; + + if (!SSL_pending(wsi->ssl)) + goto bail; + + if (wsi->pending_read_list_next) + return n; + if (wsi->pending_read_list_prev) + return n; + if (pt->pending_read_list == wsi) + return n; + + /* add us to the linked list of guys with pending ssl */ + if (pt->pending_read_list) + pt->pending_read_list->pending_read_list_prev = wsi; + + wsi->pending_read_list_next = pt->pending_read_list; + wsi->pending_read_list_prev = NULL; + pt->pending_read_list = wsi; + + return n; +bail: + lws_ssl_remove_wsi_from_buffered_list(wsi); + + return n; +} + +LWS_VISIBLE int +lws_ssl_pending(struct lws *wsi) +{ + if (!wsi->ssl) + return 0; + + return SSL_pending(wsi->ssl); +} + +LWS_VISIBLE int +lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) +{ + int n; +#if !defined(LWS_WITH_ESP32) + int ssl_read_errno = 0; +#endif + + if (!wsi->ssl) + return lws_ssl_capable_write_no_ssl(wsi, buf, len); + + n = SSL_write(wsi->ssl, buf, len); + if (n > 0) + return n; + + n = lws_ssl_get_error(wsi, n); + if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) { + if (n == SSL_ERROR_WANT_WRITE) { + lwsl_debug("%s: WANT_WRITE\n", __func__); + lws_set_blocking_send(wsi); + } + return LWS_SSL_CAPABLE_MORE_SERVICE; + } + + if (n == SSL_ERROR_ZERO_RETURN) + return LWS_SSL_CAPABLE_ERROR; + +#if !defined(LWS_WITH_ESP32) + if (n == SSL_ERROR_SYSCALL) { + + int err = ERR_get_error(); + if (err == 0 + && (ssl_read_errno == EPIPE + || ssl_read_errno == ECONNABORTED + || ssl_read_errno == 0)) + return LWS_SSL_CAPABLE_ERROR; + } +#endif + + lwsl_err("%s failed: %s\n",__func__, + ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); + lws_ssl_elaborate_error(); + + return LWS_SSL_CAPABLE_ERROR; +} + +static int +lws_gate_accepts(struct lws_context *context, int on) +{ + struct lws_vhost *v = context->vhost_list; + + lwsl_info("gating accepts %d\n", on); + context->ssl_gate_accepts = !on; +#if defined(LWS_WITH_STATS) + context->updated = 1; +#endif + + while (v) { + if (v->use_ssl && v->lserv_wsi) /* gate ability to accept incoming connections */ + if (lws_change_pollfd(v->lserv_wsi, (LWS_POLLIN) * !on, (LWS_POLLIN) * on)) + lwsl_err("Unable to set accept POLLIN %d\n", on); + + v = v->vhost_next; + } + + return 0; +} + +void +lws_ssl_info_callback(const SSL *ssl, int where, int ret) +{ + struct lws *wsi; + struct lws_context *context; + struct lws_ssl_info si; + + context = (struct lws_context *)SSL_CTX_get_ex_data( + SSL_get_SSL_CTX(ssl), + openssl_SSL_CTX_private_data_index); + if (!context) + return; + wsi = wsi_from_fd(context, SSL_get_fd(ssl)); + if (!wsi) + return; + + if (!(where & wsi->vhost->ssl_info_event_mask)) + return; + + si.where = where; + si.ret = ret; + + if (user_callback_handle_rxflow(wsi->protocol->callback, + wsi, LWS_CALLBACK_SSL_INFO, + wsi->user_space, &si, 0)) + lws_set_timeout(wsi, PENDING_TIMEOUT_KILLED_BY_SSL_INFO, -1); +} + + +LWS_VISIBLE int +lws_ssl_close(struct lws *wsi) +{ + lws_sockfd_type n; + + if (!wsi->ssl) + return 0; /* not handled */ + +#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) + /* kill ssl callbacks, becausse we will remove the fd from the + * table linking it to the wsi + */ + if (wsi->vhost->ssl_info_event_mask) + SSL_set_info_callback(wsi->ssl, NULL); +#endif + + n = SSL_get_fd(wsi->ssl); + SSL_shutdown(wsi->ssl); + compatible_close(n); + SSL_free(wsi->ssl); + wsi->ssl = NULL; + + if (wsi->context->simultaneous_ssl_restriction && + wsi->context->simultaneous_ssl-- == + wsi->context->simultaneous_ssl_restriction) + /* we made space and can do an accept */ + lws_gate_accepts(wsi->context, 1); +#if defined(LWS_WITH_STATS) + wsi->context->updated = 1; +#endif + + return 1; /* handled */ +} + +/* leave all wsi close processing to the caller */ + +LWS_VISIBLE int +lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) +{ + struct lws_context *context = wsi->context; + struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; + int n, m; +#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) + BIO *bio; +#endif + char buf[256]; + + if (!LWS_SSL_ENABLED(wsi->vhost)) + return 0; + + switch (wsi->mode) { + case LWSCM_SSL_INIT: + case LWSCM_SSL_INIT_RAW: + if (wsi->ssl) + lwsl_err("%s: leaking ssl\n", __func__); + if (accept_fd == LWS_SOCK_INVALID) + assert(0); + if (context->simultaneous_ssl_restriction && + context->simultaneous_ssl >= context->simultaneous_ssl_restriction) { + lwsl_notice("unable to deal with SSL connection\n"); + return 1; + } + errno = 0; + wsi->ssl = SSL_new(wsi->vhost->ssl_ctx); + if (wsi->ssl == NULL) { + lwsl_err("SSL_new failed: %d (errno %d)\n", + lws_ssl_get_error(wsi, 0), errno); + + lws_ssl_elaborate_error(); + if (accept_fd != LWS_SOCK_INVALID) + compatible_close(accept_fd); + goto fail; + } +#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) + if (wsi->vhost->ssl_info_event_mask) + SSL_set_info_callback(wsi->ssl, lws_ssl_info_callback); +#endif + if (context->simultaneous_ssl_restriction && + ++context->simultaneous_ssl == context->simultaneous_ssl_restriction) + /* that was the last allowed SSL connection */ + lws_gate_accepts(context, 0); +#if defined(LWS_WITH_STATS) + context->updated = 1; +#endif + +#if !defined(LWS_WITH_ESP32) + SSL_set_ex_data(wsi->ssl, + openssl_websocket_private_data_index, wsi); +#endif + SSL_set_fd(wsi->ssl, accept_fd); + +#ifdef USE_WOLFSSL +#ifdef USE_OLD_CYASSL + CyaSSL_set_using_nonblock(wsi->ssl, 1); +#else + wolfSSL_set_using_nonblock(wsi->ssl, 1); +#endif +#else +#if defined(LWS_WITH_ESP32) + lws_plat_set_socket_options(wsi->vhost, accept_fd); +#else + SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + bio = SSL_get_rbio(wsi->ssl); + if (bio) + BIO_set_nbio(bio, 1); /* nonblocking */ + else + lwsl_notice("NULL rbio\n"); + bio = SSL_get_wbio(wsi->ssl); + if (bio) + BIO_set_nbio(bio, 1); /* nonblocking */ + else + lwsl_notice("NULL rbio\n"); +#endif +#endif + + /* + * we are not accepted yet, but we need to enter ourselves + * as a live connection. That way we can retry when more + * pieces come if we're not sorted yet + */ + + if (wsi->mode == LWSCM_SSL_INIT) + wsi->mode = LWSCM_SSL_ACK_PENDING; + else + wsi->mode = LWSCM_SSL_ACK_PENDING_RAW; + + if (insert_wsi_socket_into_fds(context, wsi)) { + lwsl_err("%s: failed to insert into fds\n", __func__); + goto fail; + } + + lws_set_timeout(wsi, PENDING_TIMEOUT_SSL_ACCEPT, + context->timeout_secs); + + lwsl_debug("inserted SSL accept into fds, trying SSL_accept\n"); + + /* fallthru */ + + case LWSCM_SSL_ACK_PENDING: + case LWSCM_SSL_ACK_PENDING_RAW: + if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { + lwsl_err("%s: lws_change_pollfd failed\n", __func__); + goto fail; + } + + lws_latency_pre(context, wsi); + + if (wsi->vhost->allow_non_ssl_on_ssl_port) { + + n = recv(wsi->desc.sockfd, (char *)pt->serv_buf, context->pt_serv_buf_size, + MSG_PEEK); + + /* + * optionally allow non-SSL connect on SSL listening socket + * This is disabled by default, if enabled it goes around any + * SSL-level access control (eg, client-side certs) so leave + * it disabled unless you know it's not a problem for you + */ + + if (n >= 1 && pt->serv_buf[0] >= ' ') { + /* + * TLS content-type for Handshake is 0x16, and + * for ChangeCipherSpec Record, it's 0x14 + * + * A non-ssl session will start with the HTTP + * method in ASCII. If we see it's not a legit + * SSL handshake kill the SSL for this + * connection and try to handle as a HTTP + * connection upgrade directly. + */ + wsi->use_ssl = 0; + + SSL_shutdown(wsi->ssl); + SSL_free(wsi->ssl); + wsi->ssl = NULL; + if (lws_check_opt(context->options, + LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS)) + wsi->redirect_to_https = 1; + goto accepted; + } + if (!n) /* + * connection is gone, or nothing to read + * if it's gone, we will timeout on + * PENDING_TIMEOUT_SSL_ACCEPT + */ + break; + if (n < 0 && (LWS_ERRNO == LWS_EAGAIN || + LWS_ERRNO == LWS_EWOULDBLOCK)) { + /* + * well, we get no way to know ssl or not + * so go around again waiting for something + * to come and give us a hint, or timeout the + * connection. + */ + m = SSL_ERROR_WANT_READ; + goto go_again; + } + } + + /* normal SSL connection processing path */ + +#if defined(LWS_WITH_STATS) + if (!wsi->accept_start_us) + wsi->accept_start_us = time_in_microseconds(); +#endif + + n = SSL_accept(wsi->ssl); + lws_latency(context, wsi, + "SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1); + lwsl_info("SSL_accept says %d\n", n); + if (n == 1) + goto accepted; + + m = lws_ssl_get_error(wsi, n); + +#if defined(LWS_WITH_ESP32) + if (m == 5 && errno == 11) + m = SSL_ERROR_WANT_READ; +#endif + +go_again: + if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) { + if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { + lwsl_err("%s: WANT_READ change_pollfd failed\n", __func__); + goto fail; + } + + lwsl_info("SSL_ERROR_WANT_READ\n"); + break; + } + if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->ssl)) { + lwsl_debug("%s: WANT_WRITE\n", __func__); + + if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { + lwsl_err("%s: WANT_WRITE change_pollfd failed\n", __func__); + goto fail; + } + + break; + } + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_SSL_CONNECTIONS_FAILED, 1); + lwsl_err("SSL_accept failed socket %u: %s\n", wsi->desc.sockfd, + lws_ssl_get_error_string(m, n, buf, sizeof(buf))); + lws_ssl_elaborate_error(); + goto fail; + +accepted: + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED, 1); +#if defined(LWS_WITH_STATS) + lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY, time_in_microseconds() - wsi->accept_start_us); + wsi->accept_start_us = time_in_microseconds(); +#endif + + /* OK, we are accepted... give him some time to negotiate */ + lws_set_timeout(wsi, PENDING_TIMEOUT_ESTABLISH_WITH_SERVER, + context->timeout_secs); + + if (wsi->mode == LWSCM_SSL_ACK_PENDING_RAW) + wsi->mode = LWSCM_RAW; + else + wsi->mode = LWSCM_HTTP_SERVING; + + lws_http2_configure_if_upgraded(wsi); + + lwsl_debug("accepted new SSL conn\n"); + break; + } + + return 0; + +fail: + return 1; +} + +void +lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost) +{ + if (vhost->ssl_ctx) + SSL_CTX_free(vhost->ssl_ctx); + + if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) + SSL_CTX_free(vhost->ssl_client_ctx); +} + +void +lws_ssl_context_destroy(struct lws_context *context) +{ + +#if !defined(LWS_WITH_ESP32) + +// after 1.1.0 no need +#if (OPENSSL_VERSION_NUMBER < 0x10100000) +// <= 1.0.1f = old api, 1.0.1g+ = new api +#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL) + ERR_remove_state(0); +#else +#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \ + !defined(LIBRESSL_VERSION_NUMBER) && \ + !defined(OPENSSL_IS_BORINGSSL) + ERR_remove_thread_state(); +#else + ERR_remove_thread_state(NULL); +#endif +#endif + // after 1.1.0 no need +#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000) + SSL_COMP_free_compression_methods(); +#endif + ERR_free_strings(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); +#endif +#endif +} diff --git a/lib/tls/lws-gencrypto-common.c b/lib/tls/lws-gencrypto-common.c deleted file mode 100644 index 468b530..0000000 --- a/lib/tls/lws-gencrypto-common.c +++ /dev/null @@ -1,684 +0,0 @@ -/* - * libwebsockets - generic crypto hiding the backend - common parts - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ -#include "core/private.h" - -/* - * These came from RFC7518 (JSON Web Algorithms) Section 3 - * - * Cryptographic Algorithms for Digital Signatures and MACs - */ - -static const struct lws_jose_jwe_alg lws_gencrypto_jws_alg_map[] = { - - /* - * JWSs MAY also be created that do not provide integrity protection. - * Such a JWS is called an Unsecured JWS. An Unsecured JWS uses the - * "alg" value "none" and is formatted identically to other JWSs, but - * MUST use the empty octet sequence as its JWS Signature value. - * Recipients MUST verify that the JWS Signature value is the empty - * octet sequence. - * - * Implementations that support Unsecured JWSs MUST NOT accept such - * objects as valid unless the application specifies that it is - * acceptable for a specific object to not be integrity protected. - * Implementations MUST NOT accept Unsecured JWSs by default. In order - * to mitigate downgrade attacks, applications MUST NOT signal - * acceptance of Unsecured JWSs at a global level, and SHOULD signal - * acceptance on a per-object basis. See Section 8.5 for security - * considerations associated with using this algorithm. - */ - { /* optional */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_NONE, - "none", NULL, 0, 0, 0 - }, - - /* - * HMAC with SHA-2 Functions - * - * The HMAC SHA-256 MAC for a JWS is validated by computing an HMAC - * value per RFC 2104, using SHA-256 as the hash algorithm "H", using - * the received JWS Signing Input as the "text" value, and using the - * shared key. This computed HMAC value is then compared to the result - * of base64url decoding the received encoded JWS Signature value. The - * comparison of the computed HMAC value to the JWS Signature value MUST - * be done in a constant-time manner to thwart timing attacks. - * - * Alternatively, the computed HMAC value can be base64url encoded and - * compared to the received encoded JWS Signature value (also in a - * constant-time manner), as this comparison produces the same result as - * comparing the unencoded values. In either case, if the values match, - * the HMAC has been validated. - */ - - { /* required: HMAC using SHA-256 */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA256, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_NONE, - "HS256", NULL, 0, 0, 0 - }, - { /* optional: HMAC using SHA-384 */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA384, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_NONE, - "HS384", NULL, 0, 0, 0 - }, - { /* optional: HMAC using SHA-512 */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA512, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_NONE, - "HS512", NULL, 0, 0, 0 - }, - - /* - * Digital Signature with RSASSA-PKCS1-v1_5 - * - * This section defines the use of the RSASSA-PKCS1-v1_5 digital - * signature algorithm as defined in Section 8.2 of RFC 3447 [RFC3447] - * (commonly known as PKCS #1), using SHA-2 [SHS] hash functions. - * - * A key of size 2048 bits or larger MUST be used with these algorithms. - * - * The RSASSA-PKCS1-v1_5 SHA-256 digital signature is generated as - * follows: generate a digital signature of the JWS Signing Input using - * RSASSA-PKCS1-v1_5-SIGN and the SHA-256 hash function with the desired - * private key. This is the JWS Signature value. - * - * The RSASSA-PKCS1-v1_5 SHA-256 digital signature for a JWS is - * validated as follows: submit the JWS Signing Input, the JWS - * Signature, and the public key corresponding to the private key used - * by the signer to the RSASSA-PKCS1-v1_5-VERIFY algorithm using SHA-256 - * as the hash function. - */ - - { /* recommended: RSASSA-PKCS1-v1_5 using SHA-256 */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, - LWS_JOSE_ENCTYPE_NONE, - "RS256", NULL, 2048, 4096, 0 - }, - { /* optional: RSASSA-PKCS1-v1_5 using SHA-384 */ - LWS_GENHASH_TYPE_SHA384, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, - LWS_JOSE_ENCTYPE_NONE, - "RS384", NULL, 2048, 4096, 0 - }, - { /* optional: RSASSA-PKCS1-v1_5 using SHA-512 */ - LWS_GENHASH_TYPE_SHA512, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, - LWS_JOSE_ENCTYPE_NONE, - "RS512", NULL, 2048, 4096, 0 - }, - - /* - * Digital Signature with ECDSA - * - * The ECDSA P-256 SHA-256 digital signature is generated as follows: - * - * 1. Generate a digital signature of the JWS Signing Input using ECDSA - * P-256 SHA-256 with the desired private key. The output will be - * the pair (R, S), where R and S are 256-bit unsigned integers. - * 2. Turn R and S into octet sequences in big-endian order, with each - * array being be 32 octets long. The octet sequence - * representations MUST NOT be shortened to omit any leading zero - * octets contained in the values. - * - * 3. Concatenate the two octet sequences in the order R and then S. - * (Note that many ECDSA implementations will directly produce this - * concatenation as their output.) - * - * 4. The resulting 64-octet sequence is the JWS Signature value. - * - * The ECDSA P-256 SHA-256 digital signature for a JWS is validated as - * follows: - * - * 1. The JWS Signature value MUST be a 64-octet sequence. If it is - * not a 64-octet sequence, the validation has failed. - * - * 2. Split the 64-octet sequence into two 32-octet sequences. The - * first octet sequence represents R and the second S. The values R - * and S are represented as octet sequences using the Integer-to- - * OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] - * (in big-endian octet order). - * 3. Submit the JWS Signing Input, R, S, and the public key (x, y) to - * the ECDSA P-256 SHA-256 validator. - */ - - { /* Recommended+: ECDSA using P-256 and SHA-256 */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDSA, - LWS_JOSE_ENCTYPE_NONE, - "ES256", "P-256", 256, 256, 0 - }, - { /* optional: ECDSA using P-384 and SHA-384 */ - LWS_GENHASH_TYPE_SHA384, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDSA, - LWS_JOSE_ENCTYPE_NONE, - "ES384", "P-384", 384, 384, 0 - }, - { /* optional: ECDSA using P-521 and SHA-512 */ - LWS_GENHASH_TYPE_SHA512, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDSA, - LWS_JOSE_ENCTYPE_NONE, - "ES512", "P-521", 521, 521, 0 - }, -#if 0 - Not yet supported - - /* - * Digital Signature with RSASSA-PSS - * - * A key of size 2048 bits or larger MUST be used with this algorithm. - * - * The RSASSA-PSS SHA-256 digital signature is generated as follows: - * generate a digital signature of the JWS Signing Input using RSASSA- - * PSS-SIGN, the SHA-256 hash function, and the MGF1 mask generation - * function with SHA-256 with the desired private key. This is the JWS - * Signature value. - * - * The RSASSA-PSS SHA-256 digital signature for a JWS is validated as - * follows: submit the JWS Signing Input, the JWS Signature, and the - * public key corresponding to the private key used by the signer to the - * RSASSA-PSS-VERIFY algorithm using SHA-256 as the hash function and - * using MGF1 as the mask generation function with SHA-256. - * - */ - { /* optional: RSASSA-PSS using SHA-256 and MGF1 with SHA-256 */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, - LWS_JOSE_ENCTYPE_NONE, - "PS256", NULL, 2048, 4096, 0 - }, - { /* optional: RSASSA-PSS using SHA-384 and MGF1 with SHA-384 */ - LWS_GENHASH_TYPE_SHA384, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, - LWS_JOSE_ENCTYPE_NONE, - "PS384", NULL, 2048, 4096, 0 - }, - { /* optional: RSASSA-PSS using SHA-512 and MGF1 with SHA-512*/ - LWS_GENHASH_TYPE_SHA512, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_PSS, - LWS_JOSE_ENCTYPE_NONE, - "PS512", NULL, 2048, 4096, 0 - }, -#endif -}; - -/* - * These came from RFC7518 (JSON Web Algorithms) Section 4 - * - * Cryptographic Algorithms for Key Management - * - * JWE uses cryptographic algorithms to encrypt or determine the Content - * Encryption Key (CEK). - */ - -static const struct lws_jose_jwe_alg lws_gencrypto_jwe_alg_map[] = { - - /* - * This section defines the specifics of encrypting a JWE CEK with - * RSAES-PKCS1-v1_5 [RFC3447]. The "alg" (algorithm) Header Parameter - * value "RSA1_5" is used for this algorithm. - * - * A key of size 2048 bits or larger MUST be used with this algorithm. - */ - - { /* recommended-: RSAES-PKCS1-v1_5 */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_1_5, - LWS_JOSE_ENCTYPE_NONE, - "RSA1_5", NULL, 2048, 4096, 0 - }, - { /* recommended+: RSAES OAEP using default parameters */ - LWS_GENHASH_TYPE_SHA1, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP, - LWS_JOSE_ENCTYPE_NONE, - "RSA-OAEP", NULL, 2048, 4096, 0 - }, - { /* recommended+: RSAES OAEP using SHA-256 and MGF1 SHA-256 */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_RSASSA_PKCS1_OAEP, - LWS_JOSE_ENCTYPE_NONE, - "RSA-OAEP-256", NULL, 2048, 4096, 0 - }, - - /* - * Key Wrapping with AES Key Wrap - * - * This section defines the specifics of encrypting a JWE CEK with the - * Advanced Encryption Standard (AES) Key Wrap Algorithm [RFC3394] using - * the default initial value specified in Section 2.2.3.1 of that - * document. - * - * - */ - { /* recommended: AES Key Wrap with AES Key Wrap with defaults - using 128-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A128KW", NULL, 128, 128, 64 - }, - - { /* optional: AES Key Wrap with AES Key Wrap with defaults - using 192-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A192KW", NULL, 192, 192, 64 - }, - - { /* recommended: AES Key Wrap with AES Key Wrap with defaults - using 256-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A256KW", NULL, 256, 256, 64 - }, - - /* - * This section defines the specifics of directly performing symmetric - * key encryption without performing a key wrapping step. In this case, - * the shared symmetric key is used directly as the Content Encryption - * Key (CEK) value for the "enc" algorithm. An empty octet sequence is - * used as the JWE Encrypted Key value. The "alg" (algorithm) Header - * Parameter value "dir" is used in this case. - */ - { /* recommended */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_NONE, - "dir", NULL, 0, 0, 0 - }, - - /* - * Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static - * (ECDH-ES) - * - * This section defines the specifics of key agreement with Elliptic - * Curve Diffie-Hellman Ephemeral Static [RFC6090], in combination with - * the Concat KDF, as defined in Section 5.8.1 of [NIST.800-56A]. The - * key agreement result can be used in one of two ways: - * - * 1. directly as the Content Encryption Key (CEK) for the "enc" - * algorithm, in the Direct Key Agreement mode, or - * - * 2. as a symmetric key used to wrap the CEK with the "A128KW", - * "A192KW", or "A256KW" algorithms, in the Key Agreement with Key - * Wrapping mode. - * - * A new ephemeral public key value MUST be generated for each key - * agreement operation. - * - * In Direct Key Agreement mode, the output of the Concat KDF MUST be a - * key of the same length as that used by the "enc" algorithm. In this - * case, the empty octet sequence is used as the JWE Encrypted Key - * value. The "alg" (algorithm) Header Parameter value "ECDH-ES" is - * used in the Direct Key Agreement mode. - * - * In Key Agreement with Key Wrapping mode, the output of the Concat KDF - * MUST be a key of the length needed for the specified key wrapping - * algorithm. In this case, the JWE Encrypted Key is the CEK wrapped - * with the agreed-upon key. - */ - - { /* recommended+: ECDH Ephemeral Static Key agreement Concat KDF */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDHES, - LWS_JOSE_ENCTYPE_NONE, - "ECDH-ES", NULL, 128, 128, 0 - }, - { /* recommended: ECDH-ES + Concat KDF + wrapped by AES128KW */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDHES, - LWS_JOSE_ENCTYPE_AES_ECB, - "ECDH-ES+A128KW", NULL, 128, 128, 0 - }, - { /* optional: ECDH-ES + Concat KDF + wrapped by AES192KW */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDHES, - LWS_JOSE_ENCTYPE_AES_ECB, - "ECDH-ES+A192KW", NULL, 192, 192, 0 - }, - { /* recommended: ECDH-ES + Concat KDF + wrapped by AES256KW */ - LWS_GENHASH_TYPE_SHA256, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_ECDHES, - LWS_JOSE_ENCTYPE_AES_ECB, - "ECDH-ES+A256KW", NULL, 256, 256, 0 - }, - - /* - * Key Encryption with AES GCM - * - * This section defines the specifics of encrypting a JWE Content - * Encryption Key (CEK) with Advanced Encryption Standard (AES) in - * Galois/Counter Mode (GCM) ([AES] and [NIST.800-38D]). - * - * Use of an Initialization Vector (IV) of size 96 bits is REQUIRED with - * this algorithm. The IV is represented in base64url-encoded form as - * the "iv" (initialization vector) Header Parameter value. - * - * The Additional Authenticated Data value used is the empty octet - * string. - * - * The requested size of the Authentication Tag output MUST be 128 bits, - * regardless of the key size. - * - * The JWE Encrypted Key value is the ciphertext output. - * - * The Authentication Tag output is represented in base64url-encoded - * form as the "tag" (authentication tag) Header Parameter value. - * - * - * "iv" (Initialization Vector) Header Parameter - * - * The "iv" (initialization vector) Header Parameter value is the - * base64url-encoded representation of the 96-bit IV value used for the - * key encryption operation. This Header Parameter MUST be present and - * MUST be understood and processed by implementations when these - * algorithms are used. - * - * "tag" (Authentication Tag) Header Parameter - * - * The "tag" (authentication tag) Header Parameter value is the - * base64url-encoded representation of the 128-bit Authentication Tag - * value resulting from the key encryption operation. This Header - * Parameter MUST be present and MUST be understood and processed by - * implementations when these algorithms are used. - */ - { /* optional: Key wrapping with AES GCM using 128-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A128GCMKW", NULL, 128, 128, 96 - }, - - { /* optional: Key wrapping with AES GCM using 192-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A192GCMKW", NULL, 192, 192, 96 - }, - - { /* optional: Key wrapping with AES GCM using 256-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_AES_ECB, - LWS_JOSE_ENCTYPE_NONE, - "A256GCMKW", NULL, 256, 256, 96 - }, - - /* list terminator */ - { 0, 0, 0, 0, NULL, NULL } -}; - -/* - * The "enc" (encryption algorithm) Header Parameter identifies the - * content encryption algorithm used to perform authenticated encryption - * on the plaintext to produce the ciphertext and the Authentication - * Tag. This algorithm MUST be an AEAD algorithm with a specified key - * length. The encrypted content is not usable if the "enc" value does - * not represent a supported algorithm. "enc" values should either be - * registered in the IANA "JSON Web Signature and Encryption Algorithms" - * registry established by [JWA] or be a value that contains a - * Collision-Resistant Name. The "enc" value is a case-sensitive ASCII - * string containing a StringOrURI value. This Header Parameter MUST be - * present and MUST be understood and processed by implementations. - */ - -static const struct lws_jose_jwe_alg lws_gencrypto_jwe_enc_map[] = { - /* - * AES_128_CBC_HMAC_SHA_256 / 512 - * - * It uses the HMAC message authentication code [RFC2104] with the - * SHA-256 hash function [SHS] to provide message authentication, with - * the HMAC output truncated to 128 bits, corresponding to the - * HMAC-SHA-256-128 algorithm defined in [RFC4868]. For encryption, it - * uses AES in the CBC mode of operation as defined in Section 6.2 of - * [NIST.800-38A], with PKCS #7 padding and a 128-bit IV value. - * - * The AES_CBC_HMAC_SHA2 parameters specific to AES_128_CBC_HMAC_SHA_256 - * are: - * - * The input key K is 32 octets long. - * ENC_KEY_LEN is 16 octets. - * MAC_KEY_LEN is 16 octets. - * The SHA-256 hash algorithm is used for the HMAC. - * The HMAC-SHA-256 output is truncated to T_LEN=16 octets, by - * stripping off the final 16 octets. - */ - { /* required */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA256, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_CBC, - "A128CBC-HS256", NULL, 256, 256, 128 - }, - /* - * AES_192_CBC_HMAC_SHA_384 is based on AES_128_CBC_HMAC_SHA_256, but - * with the following differences: - * - * The input key K is 48 octets long instead of 32. - * ENC_KEY_LEN is 24 octets instead of 16. - * MAC_KEY_LEN is 24 octets instead of 16. - * SHA-384 is used for the HMAC instead of SHA-256. - * The HMAC SHA-384 value is truncated to T_LEN=24 octets instead of 16. - */ - { /* required */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA384, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_CBC, - "A192CBC-HS384", NULL, 384, 384, 192 - }, - /* - * AES_256_CBC_HMAC_SHA_512 is based on AES_128_CBC_HMAC_SHA_256, but - * with the following differences: - * - * The input key K is 64 octets long instead of 32. - * ENC_KEY_LEN is 32 octets instead of 16. - * MAC_KEY_LEN is 32 octets instead of 16. - * SHA-512 is used for the HMAC instead of SHA-256. - * The HMAC SHA-512 value is truncated to T_LEN=32 octets instead of 16. - */ - { /* required */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_SHA512, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_CBC, - "A256CBC-HS512", NULL, 512, 512, 256 - }, - - /* - * The CEK is used as the encryption key. - * - * Use of an IV of size 96 bits is REQUIRED with this algorithm. - * - * The requested size of the Authentication Tag output MUST be 128 bits, - * regardless of the key size. - */ - { /* recommended: AES GCM using 128-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_GCM, - "A128GCM", NULL, 128, 128, 96 - }, - { /* optional: AES GCM using 192-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_GCM, - "A192GCM", NULL, 192, 192, 96 - }, - { /* recommended: AES GCM using 256-bit key */ - LWS_GENHASH_TYPE_UNKNOWN, - LWS_GENHMAC_TYPE_UNKNOWN, - LWS_JOSE_ENCTYPE_NONE, - LWS_JOSE_ENCTYPE_AES_GCM, - "A256GCM", NULL, 256, 256, 96 - }, - { 0, 0, 0, 0, NULL, NULL, 0, 0, 0 } /* sentinel */ -}; - -LWS_VISIBLE int -lws_gencrypto_jws_alg_to_definition(const char *alg, - const struct lws_jose_jwe_alg **jose) -{ - const struct lws_jose_jwe_alg *a = lws_gencrypto_jws_alg_map; - - while (a->alg) { - if (!strcmp(alg, a->alg)) { - *jose = a; - - return 0; - } - a++; - } - - return 1; -} - -LWS_VISIBLE int -lws_gencrypto_jwe_alg_to_definition(const char *alg, - const struct lws_jose_jwe_alg **jose) -{ - const struct lws_jose_jwe_alg *a = lws_gencrypto_jwe_alg_map; - - while (a->alg) { - if (!strcmp(alg, a->alg)) { - *jose = a; - - return 0; - } - a++; - } - - return 1; -} - -LWS_VISIBLE int -lws_gencrypto_jwe_enc_to_definition(const char *enc, - const struct lws_jose_jwe_alg **jose) -{ - const struct lws_jose_jwe_alg *e = lws_gencrypto_jwe_enc_map; - - while (e->alg) { - if (!strcmp(enc, e->alg)) { - *jose = e; - - return 0; - } - e++; - } - - return 1; -} - -size_t -lws_genhash_size(enum lws_genhash_types type) -{ - switch(type) { - case LWS_GENHASH_TYPE_UNKNOWN: - return 0; - case LWS_GENHASH_TYPE_MD5: - return 16; - case LWS_GENHASH_TYPE_SHA1: - return 20; - case LWS_GENHASH_TYPE_SHA256: - return 32; - case LWS_GENHASH_TYPE_SHA384: - return 48; - case LWS_GENHASH_TYPE_SHA512: - return 64; - } - - return 0; -} - -size_t -lws_genhmac_size(enum lws_genhmac_types type) -{ - switch(type) { - case LWS_GENHMAC_TYPE_UNKNOWN: - return 0; - case LWS_GENHMAC_TYPE_SHA256: - return 32; - case LWS_GENHMAC_TYPE_SHA384: - return 48; - case LWS_GENHMAC_TYPE_SHA512: - return 64; - } - - return 0; -} - -int -lws_gencrypto_bits_to_bytes(int bits) -{ - if (bits & 7) - return (bits / 8) + 1; - - return bits / 8; -} - -int -lws_base64_size(int bytes) -{ - return ((bytes * 4) / 3) + 6; -} - -void -lws_gencrypto_destroy_elements(struct lws_gencrypto_keyelem *el, int m) -{ - int n; - - for (n = 0; n < m; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -} diff --git a/lib/tls/lws-genec-common.c b/lib/tls/lws-genec-common.c deleted file mode 100644 index 0df1c8b..0000000 --- a/lib/tls/lws-genec-common.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * libwebsockets - generic EC api hiding the backend - common parts - * - * Copyright (C) 2017 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genec provides an EC abstraction api in lws that works the - * same whether you are using openssl or mbedtls crypto functions underneath. - */ -#include "core/private.h" - -const struct lws_ec_curves * -lws_genec_curve(const struct lws_ec_curves *table, const char *name) -{ - const struct lws_ec_curves *c = lws_ec_curves; - - if (table) - c = table; - - while (c->name) { - if (!strcmp(name, c->name)) - return c; - c++; - } - - return NULL; -} - -//extern const struct lws_ec_curves *lws_ec_curves; - -int -lws_genec_confirm_curve_allowed_by_tls_id(const char *allowed, int id, - struct lws_jwk *jwk) -{ - struct lws_tokenize ts; - lws_tokenize_elem e; - int n, len; - - lws_tokenize_init(&ts, allowed, LWS_TOKENIZE_F_COMMA_SEP_LIST | - LWS_TOKENIZE_F_MINUS_NONTERM); - ts.len = strlen(allowed); - do { - e = lws_tokenize(&ts); - switch (e) { - case LWS_TOKZE_TOKEN: - n = 0; - while (lws_ec_curves[n].name) { - if (id != lws_ec_curves[n].tls_lib_nid) { - n++; - continue; - } - lwsl_info("match curve %s\n", - lws_ec_curves[n].name); - len = strlen(lws_ec_curves[n].name); - jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].len = len; - jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf = - lws_malloc(len + 1, "cert crv"); - if (!jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) { - lwsl_err("%s: OOM\n", __func__); - return 1; - } - memcpy(jwk->e[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, - lws_ec_curves[n].name, len + 1); - return 0; - } - break; - - case LWS_TOKZE_DELIMITER: - break; - - default: /* includes ENDED */ - lwsl_err("%s: malformed or curve name in list\n", - __func__); - - return -1; - } - } while (e > 0); - - lwsl_err("%s: unsupported curve group nid %d\n", __func__, n); - - return -1; -} - -LWS_VISIBLE void -lws_genec_destroy_elements(struct lws_gencrypto_keyelem *el) -{ - int n; - - for (n = 0; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -} - -static const char *enames[] = { "crv", "x", "d", "y" }; - -LWS_VISIBLE int -lws_genec_dump(struct lws_gencrypto_keyelem *el) -{ - int n; - - (void)enames; - - lwsl_info(" genec %p: crv: '%s'\n", el, - !!el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf ? - (char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf: "no curve name"); - - for (n = LWS_GENCRYPTO_EC_KEYEL_X; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; - n++) { - lwsl_info(" e: %s\n", enames[n]); - lwsl_hexdump_info(el[n].buf, el[n].len); - } - - lwsl_info("\n"); - - return 0; -} diff --git a/lib/tls/mbedtls/lws-genaes.c b/lib/tls/mbedtls/lws-genaes.c deleted file mode 100644 index 0e4da81..0000000 --- a/lib/tls/mbedtls/lws-genaes.c +++ /dev/null @@ -1,368 +0,0 @@ -/* - * libwebsockets - generic AES api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genaes provides an abstraction api for AES in lws that works the - * same whether you are using openssl or mbedtls hash functions underneath. - */ -#include "core/private.h" -#include "../../jose/private.h" - -static int operation_map[] = { MBEDTLS_AES_ENCRYPT, MBEDTLS_AES_DECRYPT }; - -LWS_VISIBLE int -lws_genaes_create(struct lws_genaes_ctx *ctx, enum enum_aes_operation op, - enum enum_aes_modes mode, struct lws_gencrypto_keyelem *el, - enum enum_aes_padding padding, void *engine) -{ - int n = 0; - - ctx->mode = mode; - ctx->k = el; - ctx->op = operation_map[op]; - ctx->underway = 0; - - switch (ctx->mode) { - case LWS_GAESM_XTS: -#if defined(MBEDTLS_CIPHER_MODE_XTS) - mbedtls_aes_xts_init(&ctx->u.ctx_xts); - break; -#else - return -1; -#endif - case LWS_GAESM_GCM: - mbedtls_gcm_init(&ctx->u.ctx_gcm); - n = mbedtls_gcm_setkey(&ctx->u.ctx_gcm, MBEDTLS_CIPHER_ID_AES, - ctx->k->buf, ctx->k->len * 8); - if (n) { - lwsl_notice("%s: mbedtls_gcm_setkey: -0x%x\n", - __func__, -n); - return n; - } - return n; - default: - mbedtls_aes_init(&ctx->u.ctx); - break; - } - - switch (op) { - case LWS_GAESO_ENC: - if (ctx->mode == LWS_GAESM_XTS) -#if defined(MBEDTLS_CIPHER_MODE_XTS) - n = mbedtls_aes_xts_setkey_enc(&ctx->u.ctx_xts, - ctx->k->buf, - ctx->k->len * 8); -#else - return -1; -#endif - else - n = mbedtls_aes_setkey_enc(&ctx->u.ctx, ctx->k->buf, - ctx->k->len * 8); - break; - case LWS_GAESO_DEC: - switch (ctx->mode) { - case LWS_GAESM_XTS: -#if defined(MBEDTLS_CIPHER_MODE_XTS) - n = mbedtls_aes_xts_setkey_dec(&ctx->u.ctx_xts, - ctx->k->buf, - ctx->k->len * 8); - break; -#else - return -1; -#endif - - case LWS_GAESM_CFB128: - case LWS_GAESM_CFB8: - case LWS_GAESM_CTR: - case LWS_GAESM_OFB: - n = mbedtls_aes_setkey_enc(&ctx->u.ctx, ctx->k->buf, - ctx->k->len * 8); - break; - default: - n = mbedtls_aes_setkey_dec(&ctx->u.ctx, ctx->k->buf, - ctx->k->len * 8); - break; - } - break; - } - - if (n) - lwsl_notice("%s: setting key: -0x%x\n", __func__, -n); - - return n; -} - -LWS_VISIBLE int -lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen) -{ - int n = 0; - - if (ctx->mode == LWS_GAESM_GCM) { - n = mbedtls_gcm_finish(&ctx->u.ctx_gcm, tag, tlen); - if (n) - lwsl_notice("%s: mbedtls_gcm_finish: -0x%x\n", - __func__, -n); - if (tag && ctx->op == MBEDTLS_AES_DECRYPT && !n) { - if (lws_timingsafe_bcmp(ctx->tag, tag, ctx->taglen)) { - lwsl_err("%s: lws_genaes_crypt tag " - "mismatch (bad first)\n", - __func__); - lwsl_hexdump_notice(tag, tlen); - lwsl_hexdump_notice(ctx->tag, ctx->taglen); - n = -1; - } - } - mbedtls_gcm_free(&ctx->u.ctx_gcm); - return n; - } - if (ctx->mode == LWS_GAESM_XTS) -#if defined(MBEDTLS_CIPHER_MODE_XTS) - mbedtls_aes_xts_free(&ctx->u.ctx_xts); -#else - return -1; -#endif - else - mbedtls_aes_free(&ctx->u.ctx); - - return 0; -} - -static int -lws_genaes_rfc3394_wrap(int wrap, int cek_bits, const uint8_t *kek, - int kek_bits, const uint8_t *in, uint8_t *out) -{ - int n, m, ret = -1, c64 = cek_bits / 64; - mbedtls_aes_context ctx; - uint8_t a[8], b[16]; - - /* - * notice the KEK key used to perform the wrapping or unwrapping is - * always the size of the AES key used, eg, A128KW == 128 bits. The - * key being wrapped or unwrapped may be larger and is set by the - * 'bits' parameter. - * - * If it's larger than the KEK key size bits, we iterate over it - */ - - mbedtls_aes_init(&ctx); - - if (wrap) { - /* - * The inputs to the key wrapping process are the KEK and the - * plaintext to be wrapped. The plaintext consists of n 64-bit - * blocks, containing the key data being wrapped. - * - * Inputs: Plaintext, n 64-bit values {P1, P2, ..., Pn}, - * and Key, K (the KEK). - * Outputs: Ciphertext, (n+1) 64-bit values - * {C0, C1, ..., Cn}. - * - * The default initial value (IV) is defined to be the - * hexadecimal constant: - * - * A[0] = IV = A6A6A6A6A6A6A6A6 - */ - memset(out, 0xa6, 8); - memcpy(out + 8, in, 8 * c64); - n = mbedtls_aes_setkey_enc(&ctx, kek, kek_bits); - } else { - /* - * 2.2.2 Key Unwrap - * - * The inputs to the unwrap process are the KEK and (n+1) - * 64-bit blocks of ciphertext consisting of previously - * wrapped key. It returns n blocks of plaintext consisting - * of the n 64-bit blocks of the decrypted key data. - * - * Inputs: Ciphertext, (n+1) 64-bit values {C0, C1, ..., Cn}, - * and Key, K (the KEK). - * - * Outputs: Plaintext, n 64-bit values {P1, P2, ..., Pn}. - */ - memcpy(a, in, 8); - memcpy(out, in + 8, 8 * c64); - n = mbedtls_aes_setkey_dec(&ctx, kek, kek_bits); - } - - if (n < 0) { - lwsl_err("%s: setkey failed\n", __func__); - goto bail; - } - - if (wrap) { - for (n = 0; n <= 5; n++) { - uint8_t *r = out + 8; - for (m = 1; m <= c64; m++) { - memcpy(b, out, 8); - memcpy(b + 8, r, 8); - if (mbedtls_internal_aes_encrypt(&ctx, b, b)) - goto bail; - - memcpy(out, b, 8); - out[7] ^= c64 * n + m; - memcpy(r, b + 8, 8); - r += 8; - } - } - ret = 0; - } else { - /* - * - */ - for (n = 5; n >= 0; n--) { - uint8_t *r = out + (c64 - 1) * 8; - for (m = c64; m >= 1; m--) { - memcpy(b, a, 8); - b[7] ^= c64 * n + m; - memcpy(b + 8, r, 8); - if (mbedtls_internal_aes_decrypt(&ctx, b, b)) - goto bail; - - memcpy(a, b, 8); - memcpy(r, b + 8, 8); - r -= 8; - } - } - - ret = 0; - for (n = 0; n < 8; n++) - if (a[n] != 0xa6) - ret = -1; - } - -bail: - if (ret) - lwsl_notice("%s: failed\n", __func__); - mbedtls_aes_free(&ctx); - - return ret; -} - -LWS_VISIBLE int -lws_genaes_crypt(struct lws_genaes_ctx *ctx, const uint8_t *in, size_t len, - uint8_t *out, uint8_t *iv_or_nonce_ctr_or_data_unit_16, - uint8_t *stream_block_16, size_t *nc_or_iv_off, int taglen) -{ - uint8_t iv[LWS_JWE_AES_IV_BYTES], sb[16]; - int n = 0; - - switch (ctx->mode) { - case LWS_GAESM_KW: - /* a key of length ctx->k->len is wrapped by a 128-bit KEK */ - n = lws_genaes_rfc3394_wrap(ctx->op == MBEDTLS_AES_ENCRYPT, - ctx->op == MBEDTLS_AES_ENCRYPT ? len * 8 : - (len - 8) * 8, ctx->k->buf, - ctx->k->len * 8, - in, out); - break; - case LWS_GAESM_CBC: - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - n = mbedtls_aes_crypt_cbc(&ctx->u.ctx, ctx->op, len, iv, - in, out); - break; - - case LWS_GAESM_CFB128: - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - n = mbedtls_aes_crypt_cfb128(&ctx->u.ctx, ctx->op, len, - nc_or_iv_off, iv, in, out); - break; - - case LWS_GAESM_CFB8: - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - n = mbedtls_aes_crypt_cfb8(&ctx->u.ctx, ctx->op, len, iv, - in, out); - break; - - case LWS_GAESM_CTR: - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - memcpy(sb, stream_block_16, 16); - n = mbedtls_aes_crypt_ctr(&ctx->u.ctx, len, nc_or_iv_off, - iv, sb, in, out); - memcpy(iv_or_nonce_ctr_or_data_unit_16, iv, 16); - memcpy(stream_block_16, sb, 16); - break; - - case LWS_GAESM_ECB: - n = mbedtls_aes_crypt_ecb(&ctx->u.ctx, ctx->op, in, out); - break; - - case LWS_GAESM_OFB: -#if defined(MBEDTLS_CIPHER_MODE_OFB) - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - n = mbedtls_aes_crypt_ofb(&ctx->u.ctx, len, nc_or_iv_off, iv, - in, out); - break; -#else - return -1; -#endif - - case LWS_GAESM_XTS: -#if defined(MBEDTLS_CIPHER_MODE_XTS) - memcpy(iv, iv_or_nonce_ctr_or_data_unit_16, 16); - n = mbedtls_aes_crypt_xts(&ctx->u.ctx_xts, ctx->op, len, iv, - in, out); - break; -#else - return -1; -#endif - case LWS_GAESM_GCM: - if (!ctx->underway) { - ctx->underway = 1; - - memcpy(ctx->tag, stream_block_16, taglen); - ctx->taglen = taglen; - - /* - * iv: iv_or_nonce_ctr_or_data_unit_16 - * iv_len: *nc_or_iv_off - * stream_block_16: pointer to tag - * additional data: in - * additional data len: len - */ - - n = mbedtls_gcm_starts(&ctx->u.ctx_gcm, ctx->op, - iv_or_nonce_ctr_or_data_unit_16, - *nc_or_iv_off, in, len); - if (n) { - lwsl_notice("%s: mbedtls_gcm_starts: -0x%x\n", - __func__, -n); - - return -1; - } - break; - } - - n = mbedtls_gcm_update(&ctx->u.ctx_gcm, len, in, out); - if (n) { - lwsl_notice("%s: mbedtls_gcm_update: -0x%x\n", - __func__, -n); - - return -1; - } - break; - } - - if (n) { - lwsl_notice("%s: failed: -0x%x, len %d\n", __func__, -n, (int)len); - - return -1; - } - - return 0; -} diff --git a/lib/tls/mbedtls/lws-gencrypto.c b/lib/tls/mbedtls/lws-gencrypto.c deleted file mode 100644 index dd91ad5..0000000 --- a/lib/tls/mbedtls/lws-gencrypto.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * libwebsockets - generic crypto api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws-gencrypto openssl-specific common code - */ - -#include "core/private.h" -#include "tls/mbedtls/private.h" - -mbedtls_md_type_t -lws_gencrypto_mbedtls_hash_to_MD_TYPE(enum lws_genhash_types hash_type) -{ - mbedtls_md_type_t h = -1; - - switch (hash_type) { - case LWS_GENHASH_TYPE_MD5: - h = MBEDTLS_MD_MD5; - break; - case LWS_GENHASH_TYPE_SHA1: - h = MBEDTLS_MD_SHA1; - break; - case LWS_GENHASH_TYPE_SHA256: - h = MBEDTLS_MD_SHA256; - break; - case LWS_GENHASH_TYPE_SHA384: - h = MBEDTLS_MD_SHA384; - break; - case LWS_GENHASH_TYPE_SHA512: - h = MBEDTLS_MD_SHA512; - break; - default: - break; - } - - return h; -} - -int -lws_gencrypto_mbedtls_rngf(void *context, unsigned char *buf, size_t len) -{ - if ((size_t)lws_get_random(context, buf, len) == len) { - // lwsl_hexdump_err(buf, len); - return 0; - } - lwsl_err("%s: rng failed\n", __func__); - return -1; -} diff --git a/lib/tls/mbedtls/lws-genec.c b/lib/tls/mbedtls/lws-genec.c deleted file mode 100644 index f4dad88..0000000 --- a/lib/tls/mbedtls/lws-genec.c +++ /dev/null @@ -1,519 +0,0 @@ -/* - * libwebsockets - generic EC api hiding the backend - mbedtls implementation - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genec provides an EC abstraction api in lws that works the - * same whether you are using openssl or mbedtls crypto functions underneath. - */ -#include "core/private.h" -#include "tls/mbedtls/private.h" - -const struct lws_ec_curves lws_ec_curves[] = { - /* - * These are the curves we are willing to use by default... - * - * The 3 recommended+ (P-256) and optional curves in RFC7518 7.6 - * - * Specific keys lengths from RFC8422 p20 - */ - { "P-256", MBEDTLS_ECP_DP_SECP256R1, 32 }, - { "P-384", MBEDTLS_ECP_DP_SECP384R1, 48 }, - { "P-521", MBEDTLS_ECP_DP_SECP521R1, 66 }, - - { NULL, 0, 0 } -}; - -static int -lws_genec_keypair_import(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, - struct lws_gencrypto_keyelem *el) -{ - const struct lws_ec_curves *curve; - mbedtls_ecp_keypair kp; - int ret = -1; - - if (el[LWS_GENCRYPTO_EC_KEYEL_CRV].len < 4) { - lwsl_notice("%s: crv '%s' (%d)\n", __func__, - el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf ? - (char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf : - "null", - el[LWS_GENCRYPTO_EC_KEYEL_CRV].len); - return -21; - } - - curve = lws_genec_curve(ctx->curve_table, - (char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf); - if (!curve) - return -22; - - /* - * d (the private part) may be missing, otherwise it and everything - * else must match the expected bignum size - */ - - if ((el[LWS_GENCRYPTO_EC_KEYEL_D].len && - el[LWS_GENCRYPTO_EC_KEYEL_D].len != curve->key_bytes) || - el[LWS_GENCRYPTO_EC_KEYEL_X].len != curve->key_bytes || - el[LWS_GENCRYPTO_EC_KEYEL_Y].len != curve->key_bytes) - return -23; - - mbedtls_ecp_keypair_init(&kp); - if (mbedtls_ecp_group_load(&kp.grp, curve->tls_lib_nid)) - goto bail1; - - ctx->has_private = !!el[LWS_GENCRYPTO_EC_KEYEL_D].len; - - /* d (the private key) is directly an mpi */ - - if (ctx->has_private && - mbedtls_mpi_read_binary(&kp.d, el[LWS_GENCRYPTO_EC_KEYEL_D].buf, - el[LWS_GENCRYPTO_EC_KEYEL_D].len)) - goto bail1; - - mbedtls_ecp_set_zero(&kp.Q); - - if (mbedtls_mpi_read_binary(&kp.Q.X, el[LWS_GENCRYPTO_EC_KEYEL_X].buf, - el[LWS_GENCRYPTO_EC_KEYEL_X].len)) - goto bail1; - - if (mbedtls_mpi_read_binary(&kp.Q.Y, el[LWS_GENCRYPTO_EC_KEYEL_Y].buf, - el[LWS_GENCRYPTO_EC_KEYEL_Y].len)) - goto bail1; - - mbedtls_mpi_lset(&kp.Q.Z, 1); - - switch (ctx->genec_alg) { - case LEGENEC_ECDH: - if (mbedtls_ecdh_get_params(ctx->u.ctx_ecdh, &kp, - (mbedtls_ecdh_side)side)) - goto bail1; - /* verify the key is consistent with the claimed curve */ - if (ctx->has_private && - mbedtls_ecp_check_privkey(&ctx->u.ctx_ecdh->grp, - &ctx->u.ctx_ecdh->d)) - goto bail1; - if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp, - &ctx->u.ctx_ecdh->Q)) - goto bail1; - break; - case LEGENEC_ECDSA: - if (mbedtls_ecdsa_from_keypair(ctx->u.ctx_ecdsa, &kp)) - goto bail1; - /* verify the key is consistent with the claimed curve */ - if (ctx->has_private && - mbedtls_ecp_check_privkey(&ctx->u.ctx_ecdsa->grp, - &ctx->u.ctx_ecdsa->d)) - goto bail1; - if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdsa->grp, - &ctx->u.ctx_ecdsa->Q)) - goto bail1; - break; - default: - goto bail1; - } - - ret = 0; - -bail1: - mbedtls_ecp_keypair_free(&kp); - - return ret; -} - -LWS_VISIBLE int -lws_genecdh_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table) -{ - memset(ctx, 0, sizeof(*ctx)); - - ctx->context = context; - ctx->curve_table = curve_table; - ctx->genec_alg = LEGENEC_ECDH; - - ctx->u.ctx_ecdh = lws_zalloc(sizeof(*ctx->u.ctx_ecdh), "genecdh"); - if (!ctx->u.ctx_ecdh) - return 1; - - mbedtls_ecdh_init(ctx->u.ctx_ecdh); - - return 0; -} - -LWS_VISIBLE int -lws_genecdsa_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table) -{ - memset(ctx, 0, sizeof(*ctx)); - - ctx->context = context; - ctx->curve_table = curve_table; - ctx->genec_alg = LEGENEC_ECDSA; - - ctx->u.ctx_ecdsa = lws_zalloc(sizeof(*ctx->u.ctx_ecdsa), "genecdsa"); - if (!ctx->u.ctx_ecdsa) - return 1; - - mbedtls_ecdsa_init(ctx->u.ctx_ecdsa); - - return 0; -} - - -LWS_VISIBLE int -lws_genecdh_set_key(struct lws_genec_ctx *ctx, struct lws_gencrypto_keyelem *el, - enum enum_lws_dh_side side) -{ - if (ctx->genec_alg != LEGENEC_ECDH) - return -1; - - return lws_genec_keypair_import(ctx, side, el); -} - -LWS_VISIBLE int -lws_genecdsa_set_key(struct lws_genec_ctx *ctx, - struct lws_gencrypto_keyelem *el) -{ - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - return lws_genec_keypair_import(ctx, 0, el); -} - -LWS_VISIBLE void -lws_genec_destroy(struct lws_genec_ctx *ctx) -{ - switch (ctx->genec_alg) { - case LEGENEC_ECDH: - if (ctx->u.ctx_ecdh) { - mbedtls_ecdh_free(ctx->u.ctx_ecdh); - lws_free(ctx->u.ctx_ecdh); - ctx->u.ctx_ecdh = NULL; - } - break; - case LEGENEC_ECDSA: - if (ctx->u.ctx_ecdsa) { - mbedtls_ecdsa_free(ctx->u.ctx_ecdsa); - lws_free(ctx->u.ctx_ecdsa); - ctx->u.ctx_ecdsa = NULL; - } - break; - default: - break; - } -} - -LWS_VISIBLE int -lws_genecdh_new_keypair(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, - const char *curve_name, - struct lws_gencrypto_keyelem *el) -{ - const struct lws_ec_curves *curve; - mbedtls_ecdsa_context ecdsa; - mbedtls_ecp_keypair *kp; - mbedtls_mpi *mpi[3]; - int n; - - if (ctx->genec_alg != LEGENEC_ECDH) - return -1; - - curve = lws_genec_curve(ctx->curve_table, curve_name); - if (!curve) { - lwsl_err("%s: curve '%s' not supported\n", - __func__, curve_name); - - return -22; - } - - mbedtls_ecdsa_init(&ecdsa); - n = mbedtls_ecdsa_genkey(&ecdsa, curve->tls_lib_nid, - lws_gencrypto_mbedtls_rngf, - ctx->context); - if (n) { - lwsl_err("mbedtls_ecdsa_genkey failed 0x%x\n", -n); - goto bail1; - } - - kp = (mbedtls_ecp_keypair *)&ecdsa; - - n = mbedtls_ecdh_get_params(ctx->u.ctx_ecdh, kp, - (mbedtls_ecdh_side)side); - if (n) { - lwsl_err("mbedtls_ecdh_get_params failed 0x%x\n", -n); - goto bail1; - } - - /* - * we need to capture the individual element BIGNUMs into - * lws_gencrypto_keyelem, so they can be serialized, used in jwk etc - */ - - mpi[0] = &kp->Q.X; - mpi[1] = &kp->d; - mpi[2] = &kp->Q.Y; - - el[LWS_GENCRYPTO_EC_KEYEL_CRV].len = strlen(curve_name) + 1; - el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf = - lws_malloc(el[LWS_GENCRYPTO_EC_KEYEL_CRV].len, "ec"); - if (!el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) - goto bail1; - strcpy((char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, curve_name); - - for (n = LWS_GENCRYPTO_EC_KEYEL_X; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; - n++) { - el[n].len = curve->key_bytes; - el[n].buf = lws_malloc(curve->key_bytes, "ec"); - if (!el[n].buf) - goto bail2; - - if (mbedtls_mpi_write_binary(mpi[n - 1], el[n].buf, - curve->key_bytes)) - goto bail2; - } - - mbedtls_ecdsa_free(&ecdsa); - - return 0; - -bail2: - for (n = 0; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -bail1: - mbedtls_ecdsa_free(&ecdsa); - - lws_free_set_NULL(ctx->u.ctx_ecdh); - - return -1; -} - -LWS_VISIBLE int -lws_genecdsa_new_keypair(struct lws_genec_ctx *ctx, const char *curve_name, - struct lws_gencrypto_keyelem *el) -{ - const struct lws_ec_curves *curve; - mbedtls_ecp_keypair *kp; - mbedtls_mpi *mpi[3]; - int n; - - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - curve = lws_genec_curve(ctx->curve_table, curve_name); - if (!curve) { - lwsl_err("%s: curve '%s' not supported\n", - __func__, curve_name); - - return -22; - } - - //mbedtls_ecdsa_init(ctx->u.ctx_ecdsa); - n = mbedtls_ecdsa_genkey(ctx->u.ctx_ecdsa, curve->tls_lib_nid, - lws_gencrypto_mbedtls_rngf, ctx->context); - if (n) { - lwsl_err("mbedtls_ecdsa_genkey failed 0x%x\n", -n); - goto bail1; - } - - /* - * we need to capture the individual element BIGNUMs into - * lws_gencrypto_keyelems, so they can be serialized, used in jwk etc - */ - - kp = (mbedtls_ecp_keypair *)ctx->u.ctx_ecdsa; - - mpi[0] = &kp->Q.X; - mpi[1] = &kp->d; - mpi[2] = &kp->Q.Y; - - el[LWS_GENCRYPTO_EC_KEYEL_CRV].len = strlen(curve_name) + 1; - el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf = - lws_malloc(el[LWS_GENCRYPTO_EC_KEYEL_CRV].len, "ec"); - if (!el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) - goto bail1; - strcpy((char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, curve_name); - - for (n = LWS_GENCRYPTO_EC_KEYEL_X; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; - n++) { - el[n].len = curve->key_bytes; - el[n].buf = lws_malloc(curve->key_bytes, "ec"); - if (!el[n].buf) - goto bail2; - - - if (mbedtls_mpi_write_binary(mpi[n - 1], el[n].buf, el[n].len)) { - lwsl_err("%s: mbedtls_mpi_write_binary failed\n", __func__); - goto bail2; - } - } - - return 0; - -bail2: - for (n = 0; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -bail1: - - lws_free_set_NULL(ctx->u.ctx_ecdsa); - - return -1; -} - -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sign_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - uint8_t *sig, size_t sig_len) -{ - int n, keybytes = lws_gencrypto_bits_to_bytes(keybits); - size_t hlen = lws_genhash_size(hash_type); - mbedtls_mpi mpi_r, mpi_s; - size_t slen = sig_len; - - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - /* - * The ECDSA P-256 SHA-256 digital signature is generated as follows: - * - * 1. Generate a digital signature of the JWS Signing Input using ECDSA - * P-256 SHA-256 with the desired private key. The output will be - * the pair (R, S), where R and S are 256-bit unsigned integers. - * - * 2. Turn R and S into octet sequences in big-endian order, with each - * array being be 32 octets long. The octet sequence - * representations MUST NOT be shortened to omit any leading zero - * octets contained in the values. - * - * 3. Concatenate the two octet sequences in the order R and then S. - * (Note that many ECDSA implementations will directly produce this - * concatenation as their output.) - * - * 4. The resulting 64-octet sequence is the JWS Signature value. - */ - - mbedtls_mpi_init(&mpi_r); - mbedtls_mpi_init(&mpi_s); - - n = mbedtls_ecdsa_sign(&ctx->u.ctx_ecdsa->grp, &mpi_r, &mpi_s, - &ctx->u.ctx_ecdsa->d, in, hlen, - lws_gencrypto_mbedtls_rngf, ctx->context); - if (n) { - lwsl_err("%s: mbedtls_ecdsa_sign failed: -0x%x\n", - __func__, -n); - - goto bail2; - } - - if (mbedtls_mpi_write_binary(&mpi_r, sig, keybytes)) - goto bail2; - mbedtls_mpi_free(&mpi_r); - if (mbedtls_mpi_write_binary(&mpi_s, sig + keybytes, keybytes)) - goto bail1; - mbedtls_mpi_free(&mpi_s); - - return (int)slen; - -bail2: - mbedtls_mpi_free(&mpi_r); -bail1: - mbedtls_mpi_free(&mpi_s); - - return -3; -} - -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sig_verify_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - const uint8_t *sig, size_t sig_len) -{ - int n, keybytes = lws_gencrypto_bits_to_bytes(keybits); - size_t hlen = lws_genhash_size(hash_type); - mbedtls_mpi mpi_r, mpi_s; - - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - if ((int)sig_len != keybytes * 2) - return -1; - - /* - * 1. The JWS Signature value MUST be a 64-octet sequence. If it is - * not a 64-octet sequence, the validation has failed. - * - * 2. Split the 64-octet sequence into two 32-octet sequences. The - * first octet sequence represents R and the second S. The values R - * and S are represented as octet sequences using the Integer-to- - * OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] - * (in big-endian octet order). - * - * 3. Submit the JWS Signing Input, R, S, and the public key (x, y) to - * the ECDSA P-256 SHA-256 validator. - */ - - mbedtls_mpi_init(&mpi_r); - mbedtls_mpi_init(&mpi_s); - - if (mbedtls_mpi_read_binary(&mpi_r, sig, keybytes)) - return -1; - if (mbedtls_mpi_read_binary(&mpi_s, sig + keybytes, keybytes)) - goto bail1; - - n = mbedtls_ecdsa_verify(&ctx->u.ctx_ecdsa->grp, in, hlen, - &ctx->u.ctx_ecdsa->Q, &mpi_r, &mpi_s); - - mbedtls_mpi_free(&mpi_s); - mbedtls_mpi_free(&mpi_r); - - if (n) { - lwsl_err("%s: mbedtls_ecdsa_verify failed: -0x%x\n", - __func__, -n); - - goto bail; - } - - return 0; -bail1: - mbedtls_mpi_free(&mpi_r); - -bail: - - return -3; -} - -int -lws_genecdh_compute_shared_secret(struct lws_genec_ctx *ctx, uint8_t *ss, - int *ss_len) -{ - int n; - size_t st; - if (mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp, &ctx->u.ctx_ecdh->Q) || - mbedtls_ecp_check_pubkey(&ctx->u.ctx_ecdh->grp, &ctx->u.ctx_ecdh->Qp)) { - lwsl_err("%s: both sides must be set up\n", __func__); - - return -1; - } - - n = mbedtls_ecdh_calc_secret(ctx->u.ctx_ecdh, &st, ss, *ss_len, - lws_gencrypto_mbedtls_rngf, ctx->context); - if (n) - return -1; - - *ss_len = (int)st; - - return 0; -} diff --git a/lib/tls/mbedtls/lws-genhash.c b/lib/tls/mbedtls/lws-genhash.c deleted file mode 100644 index 7fee589..0000000 --- a/lib/tls/mbedtls/lws-genhash.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * libwebsockets - generic hash and HMAC api hiding the backend - * - * Copyright (C) 2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genhash provides a hash / hmac abstraction api in lws that works the - * same whether you are using openssl or mbedtls hash functions underneath. - */ -#include "libwebsockets.h" -#include - -#if (MBEDTLS_VERSION_NUMBER >= 0x02070000) -#define MBA(fn) fn##_ret -#else -#define MBA(fn) fn -#endif - -int -lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type) -{ - ctx->type = type; - - switch (ctx->type) { - case LWS_GENHASH_TYPE_MD5: - mbedtls_md5_init(&ctx->u.md5); - MBA(mbedtls_md5_starts)(&ctx->u.md5); - break; - case LWS_GENHASH_TYPE_SHA1: - mbedtls_sha1_init(&ctx->u.sha1); - MBA(mbedtls_sha1_starts)(&ctx->u.sha1); - break; - case LWS_GENHASH_TYPE_SHA256: - mbedtls_sha256_init(&ctx->u.sha256); - MBA(mbedtls_sha256_starts)(&ctx->u.sha256, 0); - break; - case LWS_GENHASH_TYPE_SHA384: - mbedtls_sha512_init(&ctx->u.sha512); - MBA(mbedtls_sha512_starts)(&ctx->u.sha512, 1 /* is384 */); - break; - case LWS_GENHASH_TYPE_SHA512: - mbedtls_sha512_init(&ctx->u.sha512); - MBA(mbedtls_sha512_starts)(&ctx->u.sha512, 0); - break; - default: - return 1; - } - - return 0; -} - -int -lws_genhash_update(struct lws_genhash_ctx *ctx, const void *in, size_t len) -{ - if (!len) - return 0; - - switch (ctx->type) { - case LWS_GENHASH_TYPE_MD5: - MBA(mbedtls_md5_update)(&ctx->u.md5, in, len); - break; - case LWS_GENHASH_TYPE_SHA1: - MBA(mbedtls_sha1_update)(&ctx->u.sha1, in, len); - break; - case LWS_GENHASH_TYPE_SHA256: - MBA(mbedtls_sha256_update)(&ctx->u.sha256, in, len); - break; - case LWS_GENHASH_TYPE_SHA384: - MBA(mbedtls_sha512_update)(&ctx->u.sha512, in, len); - break; - case LWS_GENHASH_TYPE_SHA512: - MBA(mbedtls_sha512_update)(&ctx->u.sha512, in, len); - break; - } - - return 0; -} - -int -lws_genhash_destroy(struct lws_genhash_ctx *ctx, void *result) -{ - switch (ctx->type) { - case LWS_GENHASH_TYPE_MD5: - MBA(mbedtls_md5_finish)(&ctx->u.md5, result); - mbedtls_md5_free(&ctx->u.md5); - break; - case LWS_GENHASH_TYPE_SHA1: - MBA(mbedtls_sha1_finish)(&ctx->u.sha1, result); - mbedtls_sha1_free(&ctx->u.sha1); - break; - case LWS_GENHASH_TYPE_SHA256: - MBA(mbedtls_sha256_finish)(&ctx->u.sha256, result); - mbedtls_sha256_free(&ctx->u.sha256); - break; - case LWS_GENHASH_TYPE_SHA384: - MBA(mbedtls_sha512_finish)(&ctx->u.sha512, result); - mbedtls_sha512_free(&ctx->u.sha512); - break; - case LWS_GENHASH_TYPE_SHA512: - MBA(mbedtls_sha512_finish)(&ctx->u.sha512, result); - mbedtls_sha512_free(&ctx->u.sha512); - break; - } - - return 0; -} - -int -lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type, - const uint8_t *key, size_t key_len) -{ - int t; - - ctx->type = type; - - switch (type) { - case LWS_GENHMAC_TYPE_SHA256: - t = MBEDTLS_MD_SHA256; - break; - case LWS_GENHMAC_TYPE_SHA384: - t = MBEDTLS_MD_SHA384; - break; - case LWS_GENHMAC_TYPE_SHA512: - t = MBEDTLS_MD_SHA512; - break; - default: - return -1; - } - - ctx->hmac = mbedtls_md_info_from_type(t); - if (!ctx->hmac) - return -1; - - if (mbedtls_md_init_ctx(&ctx->ctx, ctx->hmac)) - return -1; - - if (mbedtls_md_hmac_starts(&ctx->ctx, key, key_len)) { - mbedtls_md_free(&ctx->ctx); - ctx->hmac = NULL; - - return -1; - } - - return 0; -} - -int -lws_genhmac_update(struct lws_genhmac_ctx *ctx, const void *in, size_t len) -{ - if (!len) - return 0; - - if (mbedtls_md_hmac_update(&ctx->ctx, in, len)) - return -1; - - return 0; -} - -int -lws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result) -{ - int n = 0; - - if (result) - n = mbedtls_md_hmac_finish(&ctx->ctx, result); - - mbedtls_md_free(&ctx->ctx); - ctx->hmac = NULL; - if (n) - return -1; - - return 0; -} diff --git a/lib/tls/mbedtls/lws-genrsa.c b/lib/tls/mbedtls/lws-genrsa.c deleted file mode 100644 index 2589064..0000000 --- a/lib/tls/mbedtls/lws-genrsa.c +++ /dev/null @@ -1,479 +0,0 @@ -/* - * libwebsockets - generic RSA api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genrsa provides an RSA abstraction api in lws that works the - * same whether you are using openssl or mbedtls crypto functions underneath. - */ -#include "core/private.h" -#include "tls/mbedtls/private.h" -#include - -LWS_VISIBLE void -lws_genrsa_destroy_elements(struct lws_gencrypto_keyelem *el) -{ - int n; - - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -} - -static int mode_map[] = { MBEDTLS_RSA_PKCS_V15, MBEDTLS_RSA_PKCS_V21 }; - -LWS_VISIBLE int -lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el, - struct lws_context *context, enum enum_genrsa_mode mode, - enum lws_genhash_types oaep_hashid) -{ - memset(ctx, 0, sizeof(*ctx)); - ctx->ctx = lws_zalloc(sizeof(*ctx->ctx), "genrsa"); - if (!ctx->ctx) - return 1; - - ctx->context = context; - ctx->mode = mode; - - if (mode >= LGRSAM_COUNT) - return -1; - - mbedtls_rsa_init(ctx->ctx, mode_map[mode], 0); - - ctx->ctx->padding = mode_map[mode]; - ctx->ctx->hash_id = lws_gencrypto_mbedtls_hash_to_MD_TYPE(oaep_hashid); - - { - int n; - - mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = { - &ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P, - &ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ, - &ctx->ctx->QP, - }; - - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) - if (el[n].buf && - mbedtls_mpi_read_binary(mpi[n], el[n].buf, - el[n].len)) { - lwsl_notice("mpi load failed\n"); - lws_free_set_NULL(ctx->ctx); - - return -1; - } - - /* mbedtls... compute missing P & Q */ - - if ( el[LWS_GENCRYPTO_RSA_KEYEL_D].len && - !el[LWS_GENCRYPTO_RSA_KEYEL_P].len && - !el[LWS_GENCRYPTO_RSA_KEYEL_Q].len) { - if (mbedtls_rsa_complete(ctx->ctx)) { - lwsl_notice("mbedtls_rsa_complete failed\n"); - lws_free_set_NULL(ctx->ctx); - - return -1; - } - - } - } - - ctx->ctx->len = el[LWS_GENCRYPTO_RSA_KEYEL_N].len; - - return 0; -} - -static int -_rngf(void *context, unsigned char *buf, size_t len) -{ - if ((size_t)lws_get_random(context, buf, len) == len) - return 0; - - return -1; -} - -LWS_VISIBLE int -lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx, - enum enum_genrsa_mode mode, struct lws_gencrypto_keyelem *el, - int bits) -{ - int n; - - memset(ctx, 0, sizeof(*ctx)); - ctx->ctx = lws_zalloc(sizeof(*ctx->ctx), "genrsa"); - if (!ctx->ctx) - return -1; - - ctx->context = context; - ctx->mode = mode; - - if (mode >= LGRSAM_COUNT) - return -1; - - mbedtls_rsa_init(ctx->ctx, mode_map[mode], 0); - - n = mbedtls_rsa_gen_key(ctx->ctx, _rngf, context, bits, 65537); - if (n) { - lwsl_err("mbedtls_rsa_gen_key failed 0x%x\n", -n); - goto cleanup_1; - } - - { - mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = { - &ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P, - &ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ, - &ctx->ctx->QP, - }; - - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) - if (mbedtls_mpi_size(mpi[n])) { - el[n].buf = lws_malloc( - mbedtls_mpi_size(mpi[n]), "genrsakey"); - if (!el[n].buf) - goto cleanup; - el[n].len = mbedtls_mpi_size(mpi[n]); - if (mbedtls_mpi_write_binary(mpi[n], el[n].buf, - el[n].len)) - goto cleanup; - } - } - - return 0; - -cleanup: - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -cleanup_1: - lws_free(ctx->ctx); - - return -1; -} - -LWS_VISIBLE int -lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max) -{ - size_t olen = 0; - int n; - - ctx->ctx->len = in_len; - - mbedtls_rsa_complete(ctx->ctx); - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PUBLIC, - &olen, in, out, - out_max); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsaes_oaep_decrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PUBLIC, - NULL, 0, - &olen, in, out, out_max); - break; - default: - return -1; - } - if (n) { - lwsl_notice("%s: -0x%x\n", __func__, -n); - - return -1; - } - - return olen; -} - -LWS_VISIBLE int -lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max) -{ - size_t olen = 0; - int n; - - ctx->ctx->len = in_len; - - mbedtls_rsa_complete(ctx->ctx); - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PRIVATE, - &olen, in, out, - out_max); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsaes_oaep_decrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PRIVATE, - NULL, 0, - &olen, in, out, out_max); - break; - default: - return -1; - } - if (n) { - lwsl_notice("%s: -0x%x\n", __func__, -n); - - return -1; - } - - return olen; -} - -LWS_VISIBLE int -lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out) -{ - int n; - - mbedtls_rsa_complete(ctx->ctx); - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PUBLIC, - in_len, in, out); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsaes_oaep_encrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PUBLIC, - NULL, 0, - in_len, in, out); - break; - default: - return -1; - } - if (n < 0) { - lwsl_notice("%s: -0x%x: in_len: %d\n", __func__, -n, - (int)in_len); - - return -1; - } - - return mbedtls_mpi_size(&ctx->ctx->N); -} - -LWS_VISIBLE int -lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out) -{ - int n; - - mbedtls_rsa_complete(ctx->ctx); - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PRIVATE, - in_len, in, out); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsaes_oaep_encrypt(ctx->ctx, _rngf, - ctx->context, - MBEDTLS_RSA_PRIVATE, - NULL, 0, - in_len, in, out); - break; - default: - return -1; - } - if (n) { - lwsl_notice("%s: -0x%x: in_len: %d\n", __func__, -n, - (int)in_len); - - return -1; - } - - return mbedtls_mpi_size(&ctx->ctx->N); -} - -LWS_VISIBLE int -lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, const uint8_t *sig, - size_t sig_len) -{ - int n, h = lws_gencrypto_mbedtls_hash_to_MD_TYPE(hash_type); - - if (h < 0) - return -1; - - mbedtls_rsa_complete(ctx->ctx); - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx->ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, - h, 0, in, sig); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsassa_pss_verify(ctx->ctx, NULL, NULL, - MBEDTLS_RSA_PUBLIC, - h, 0, in, sig); - break; - default: - return -1; - } - if (n < 0) { - lwsl_notice("%s: -0x%x\n", __func__, -n); - - return -1; - } - - return n; -} - -LWS_VISIBLE int -lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, uint8_t *sig, - size_t sig_len) -{ - int n, h = lws_gencrypto_mbedtls_hash_to_MD_TYPE(hash_type); - - if (h < 0) - return -1; - - mbedtls_rsa_complete(ctx->ctx); - - /* - * The "sig" buffer must be as large as the size of ctx->N - * (eg. 128 bytes if RSA-1024 is used). - */ - if (sig_len < ctx->ctx->len) - return -1; - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx->ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, - h, 0, in, sig); - break; - case LGRSAM_PKCS1_OAEP_PSS: - n = mbedtls_rsa_rsassa_pss_sign(ctx->ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, - h, 0, in, sig); - break; - default: - return -1; - } - - if (n < 0) { - lwsl_notice("%s: -0x%x\n", __func__, -n); - - return -1; - } - - return ctx->ctx->len; -} - -LWS_VISIBLE int -lws_genrsa_render_pkey_asn1(struct lws_genrsa_ctx *ctx, int _private, - uint8_t *pkey_asn1, size_t pkey_asn1_len) -{ - uint8_t *p = pkey_asn1, *totlen, *end = pkey_asn1 + pkey_asn1_len - 1; - mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT] = { - &ctx->ctx->N, &ctx->ctx->E, &ctx->ctx->D, &ctx->ctx->P, - &ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ, - &ctx->ctx->QP, - }; - int n; - - /* 30 82 - sequence - * 09 29 <-- length(0x0929) less 4 bytes - * 02 01 <- length (1) - * 00 - * 02 82 - * 02 01 <- length (513) N - * ... - * - * 02 03 <- length (3) E - * 01 00 01 - * - * 02 82 - * 02 00 <- length (512) D P Q EXP1 EXP2 COEFF - * - * */ - - *p++ = 0x30; - *p++ = 0x82; - totlen = p; - p += 2; - - *p++ = 0x02; - *p++ = 0x01; - *p++ = 0x00; - - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) { - int m = mbedtls_mpi_size(mpi[n]); - uint8_t *elen; - - *p++ = 0x02; - elen = p; - if (m < 0x7f) - *p++ = m; - else { - *p++ = 0x82; - *p++ = m >> 8; - *p++ = m & 0xff; - } - - if (p + m > end) - return -1; - - if (mbedtls_mpi_write_binary(mpi[n], p, m)) - return -1; - if (p[0] & 0x80) { - p[0] = 0x00; - if (mbedtls_mpi_write_binary(mpi[n], &p[1], m)) - return -1; - m++; - } - if (m < 0x7f) - *elen = m; - else { - *elen++ = 0x82; - *elen++ = m >> 8; - *elen = m & 0xff; - } - p += m; - } - - n = lws_ptr_diff(p, pkey_asn1); - - *totlen++ = (n - 4) >> 8; - *totlen = (n - 4) & 0xff; - - return n; -} - -LWS_VISIBLE void -lws_genrsa_destroy(struct lws_genrsa_ctx *ctx) -{ - if (!ctx->ctx) - return; - mbedtls_rsa_free(ctx->ctx); - lws_free(ctx->ctx); - ctx->ctx = NULL; -} diff --git a/lib/tls/mbedtls/mbedtls-client.c b/lib/tls/mbedtls/mbedtls-client.c deleted file mode 100644 index d3de991..0000000 --- a/lib/tls/mbedtls/mbedtls-client.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - * libwebsockets - mbedtls-specific client TLS code - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -static int -OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) -{ - return 0; -} - -int -lws_ssl_client_bio_create(struct lws *wsi) -{ - char hostname[128], *p; - const char *alpn_comma = wsi->context->tls.alpn_default; - struct alpn_ctx protos; - - if (lws_hdr_copy(wsi, hostname, sizeof(hostname), - _WSI_TOKEN_CLIENT_HOST) <= 0) { - lwsl_err("%s: Unable to get hostname\n", __func__); - - return -1; - } - - /* - * remove any :port part on the hostname... necessary for network - * connection but typical certificates do not contain it - */ - p = hostname; - while (*p) { - if (*p == ':') { - *p = '\0'; - break; - } - p++; - } - - wsi->tls.ssl = SSL_new(wsi->vhost->tls.ssl_client_ctx); - if (!wsi->tls.ssl) { - lwsl_info("%s: SSL_new() failed\n", __func__); - return -1; - } - - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback); - - if (!(wsi->tls.use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) { - X509_VERIFY_PARAM *param = SSL_get0_param(wsi->tls.ssl); - /* Enable automatic hostname checks */ - // X509_VERIFY_PARAM_set_hostflags(param, - // X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - X509_VERIFY_PARAM_set1_host(param, hostname, 0); - } - - if (wsi->vhost->tls.alpn) - alpn_comma = wsi->vhost->tls.alpn; - - if (lws_hdr_copy(wsi, hostname, sizeof(hostname), - _WSI_TOKEN_CLIENT_ALPN) > 0) - alpn_comma = hostname; - - lwsl_info("%s: %p: client conn sending ALPN list '%s'\n", - __func__, wsi, alpn_comma); - - protos.len = lws_alpn_comma_to_openssl(alpn_comma, protos.data, - sizeof(protos.data) - 1); - - /* with mbedtls, protos is not pointed to after exit from this call */ - SSL_set_alpn_select_cb(wsi->tls.ssl, &protos); - - /* - * use server name indication (SNI), if supported, - * when establishing connection - */ - SSL_set_verify(wsi->tls.ssl, SSL_VERIFY_PEER, - OpenSSL_client_verify_callback); - - SSL_set_fd(wsi->tls.ssl, wsi->desc.sockfd); - - return 0; -} - -int ERR_get_error(void) -{ - return 0; -} - -enum lws_ssl_capable_status -lws_tls_client_connect(struct lws *wsi) -{ - int m, n = SSL_connect(wsi->tls.ssl); - const unsigned char *prot; - unsigned int len; - - if (n == 1) { - SSL_get0_alpn_selected(wsi->tls.ssl, &prot, &len); - lws_role_call_alpn_negotiated(wsi, (const char *)prot); - lwsl_info("client connect OK\n"); - return LWS_SSL_CAPABLE_DONE; - } - - m = SSL_get_error(wsi->tls.ssl, n); - - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - - if (!n) /* we don't know what he wants, but he says to retry */ - return LWS_SSL_CAPABLE_MORE_SERVICE; - - return LWS_SSL_CAPABLE_ERROR; -} - -int -lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, int ebuf_len) -{ - int n; - X509 *peer = SSL_get_peer_certificate(wsi->tls.ssl); - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - char *sb = (char *)&pt->serv_buf[0]; - - if (!peer) { - lwsl_info("peer did not provide cert\n"); - lws_snprintf(ebuf, ebuf_len, "no peer cert"); - - return -1; - } - lwsl_info("peer provided cert\n"); - - n = SSL_get_verify_result(wsi->tls.ssl); - lws_latency(wsi->context, wsi, - "SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", n, n > 0); - - lwsl_debug("get_verify says %d\n", n); - - if (n == X509_V_OK) - return 0; - - if (n == X509_V_ERR_HOSTNAME_MISMATCH && - (wsi->tls.use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) { - lwsl_info("accepting certificate for invalid hostname\n"); - return 0; - } - - if (n == X509_V_ERR_INVALID_CA && - (wsi->tls.use_ssl & LCCSCF_ALLOW_SELFSIGNED)) { - lwsl_info("accepting certificate from untrusted CA\n"); - return 0; - } - - if ((n == X509_V_ERR_CERT_NOT_YET_VALID || - n == X509_V_ERR_CERT_HAS_EXPIRED) && - (wsi->tls.use_ssl & LCCSCF_ALLOW_EXPIRED)) { - lwsl_info("accepting expired or not yet valid certificate\n"); - - return 0; - } - lws_snprintf(ebuf, ebuf_len, - "server's cert didn't look good, X509_V_ERR = %d: %s\n", - n, ERR_error_string(n, sb)); - lwsl_info("%s\n", ebuf); - lws_tls_err_describe_clear(); - - return -1; -} - -int -lws_tls_client_create_vhost_context(struct lws_vhost *vh, - const struct lws_context_creation_info *info, - const char *cipher_list, - const char *ca_filepath, - const void *ca_mem, - unsigned int ca_mem_len, - const char *cert_filepath, - const void *cert_mem, - unsigned int cert_mem_len, - const char *private_key_filepath) -{ - X509 *d2i_X509(X509 **cert, const unsigned char *buffer, long len); - SSL_METHOD *method = (SSL_METHOD *)TLS_client_method(); - unsigned long error; - int n; - - if (!method) { - error = ERR_get_error(); - lwsl_err("problem creating ssl method %lu: %s\n", - error, ERR_error_string(error, - (char *)vh->context->pt[0].serv_buf)); - return 1; - } - /* create context */ - vh->tls.ssl_client_ctx = SSL_CTX_new(method); - if (!vh->tls.ssl_client_ctx) { - error = ERR_get_error(); - lwsl_err("problem creating ssl context %lu: %s\n", - error, ERR_error_string(error, - (char *)vh->context->pt[0].serv_buf)); - return 1; - } - - if (!ca_filepath && (!ca_mem || !ca_mem_len)) - return 0; - - if (ca_filepath) { -#if !defined(LWS_PLAT_OPTEE) - uint8_t *buf; - lws_filepos_t len; - - if (alloc_file(vh->context, ca_filepath, &buf, &len)) { - lwsl_err("Load CA cert file %s failed\n", ca_filepath); - return 1; - } - vh->tls.x509_client_CA = d2i_X509(NULL, buf, len); - free(buf); - lwsl_notice("Loading client CA for verification %s\n", ca_filepath); -#endif - } else { - vh->tls.x509_client_CA = d2i_X509(NULL, (uint8_t*)ca_mem, ca_mem_len); - lwsl_notice("%s: using mem client CA cert %d\n", - __func__, ca_mem_len); - } - - if (!vh->tls.x509_client_CA) { - lwsl_err("client CA: x509 parse failed\n"); - return 1; - } - - if (!vh->tls.ssl_ctx) - SSL_CTX_add_client_CA(vh->tls.ssl_client_ctx, vh->tls.x509_client_CA); - else - SSL_CTX_add_client_CA(vh->tls.ssl_ctx, vh->tls.x509_client_CA); - - /* support for client-side certificate authentication */ - if (cert_filepath) { -#if !defined(LWS_PLAT_OPTEE) - uint8_t *buf; - lws_filepos_t amount; - - if (lws_tls_use_any_upgrade_check_extant(cert_filepath) != - LWS_TLS_EXTANT_YES && - (info->options & LWS_SERVER_OPTION_IGNORE_MISSING_CERT)) - return 0; - - lwsl_notice("%s: doing cert filepath %s\n", __func__, - cert_filepath); - - if (alloc_file(vh->context, cert_filepath, &buf, &amount)) - return 1; - - buf[amount++] = '\0'; - - SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx, - buf, amount); - - n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx, - amount, buf); - lws_free(buf); - if (n < 1) { - lwsl_err("problem %d getting cert '%s'\n", n, - cert_filepath); - lws_tls_err_describe_clear(); - return 1; - } - - lwsl_notice("Loaded client cert %s\n", cert_filepath); -#endif - } else if (cert_mem && cert_mem_len) { - // lwsl_hexdump_notice(cert_mem, cert_mem_len - 1); - SSL_CTX_use_PrivateKey_ASN1(0, vh->tls.ssl_client_ctx, - cert_mem, cert_mem_len - 1); - n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx, - cert_mem_len, cert_mem); - if (n < 1) { - lwsl_err("%s: problem interpreting client cert\n", - __func__); - lws_tls_err_describe_clear(); - return 1; - } - lwsl_notice("%s: using mem client cert %d\n", - __func__, cert_mem_len); - } - - return 0; -} diff --git a/lib/tls/mbedtls/mbedtls-server.c b/lib/tls/mbedtls/mbedtls-server.c deleted file mode 100644 index f993a54..0000000 --- a/lib/tls/mbedtls/mbedtls-server.c +++ /dev/null @@ -1,712 +0,0 @@ -/* - * libwebsockets - mbedTLS-specific server functions - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include - -int -lws_tls_server_client_cert_verify_config(struct lws_vhost *vh) -{ - int verify_options = SSL_VERIFY_PEER; - - /* as a server, are we requiring clients to identify themselves? */ - if (!lws_check_opt(vh->options, - LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) { - lwsl_notice("no client cert required\n"); - return 0; - } - - /* - * The wrapper has this messed-up mapping: - * - * else if (ctx->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - * mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - * - * ie the meaning is inverted. So where we should test for ! we don't - */ - if (lws_check_opt(vh->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED)) - verify_options = SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - - lwsl_notice("%s: vh %s requires client cert %d\n", __func__, vh->name, - verify_options); - - SSL_CTX_set_verify(vh->tls.ssl_ctx, verify_options, NULL); - - return 0; -} - -static int -lws_mbedtls_sni_cb(void *arg, mbedtls_ssl_context *mbedtls_ctx, - const unsigned char *servername, size_t len) -{ - SSL *ssl = SSL_SSL_from_mbedtls_ssl_context(mbedtls_ctx); - struct lws_context *context = (struct lws_context *)arg; - struct lws_vhost *vhost, *vh; - - lwsl_notice("%s: %s\n", __func__, servername); - - /* - * We can only get ssl accepted connections by using a vhost's ssl_ctx - * find out which listening one took us and only match vhosts on the - * same port. - */ - vh = context->vhost_list; - while (vh) { - if (!vh->being_destroyed && - vh->tls.ssl_ctx == SSL_get_SSL_CTX(ssl)) - break; - vh = vh->vhost_next; - } - - if (!vh) { - assert(vh); /* can't match the incoming vh? */ - return 0; - } - - vhost = lws_select_vhost(context, vh->listen_port, - (const char *)servername); - if (!vhost) { - lwsl_info("SNI: none: %s:%d\n", servername, vh->listen_port); - - return 0; - } - - lwsl_info("SNI: Found: %s:%d at vhost '%s'\n", servername, - vh->listen_port, vhost->name); - - if (!vhost->tls.ssl_ctx) { - lwsl_err("%s: vhost %s matches SNI but no valid cert\n", - __func__, vh->name); - - return 1; - } - - /* select the ssl ctx from the selected vhost for this conn */ - SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx); - - return 0; -} - -int -lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, - const char *cert, const char *private_key, - const char *mem_cert, size_t mem_cert_len, - const char *mem_privkey, size_t mem_privkey_len) -{ - lws_filepos_t flen; - uint8_t *p = NULL; - long err; - int n; - - if ((!cert || !private_key) && (!mem_cert || !mem_privkey)) { - lwsl_notice("%s: no usable input\n", __func__); - return 0; - } - - n = lws_tls_generic_cert_checks(vhost, cert, private_key); - - if (n == LWS_TLS_EXTANT_NO && (!mem_cert || !mem_privkey)) - return 0; - - /* - * we can't read the root-privs files. But if mem_cert is provided, - * we should use that. - */ - if (n == LWS_TLS_EXTANT_NO) - n = LWS_TLS_EXTANT_ALTERNATIVE; - - if (n == LWS_TLS_EXTANT_ALTERNATIVE && (!mem_cert || !mem_privkey)) - return 1; /* no alternative */ - - if (n == LWS_TLS_EXTANT_ALTERNATIVE) { - /* - * Although we have prepared update certs, we no longer have - * the rights to read our own cert + key we saved. - * - * If we were passed copies in memory buffers, use those - * instead. - * - * The passed memory-buffer cert image is in DER, and the - * memory-buffer private key image is PEM. - */ - cert = NULL; - private_key = NULL; - - if (!mem_cert) - return 1; - } - if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert, - mem_cert_len, &p, &flen)) { - lwsl_err("couldn't find cert file %s\n", cert); - - return 1; - } - - err = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx, flen, p); - lws_free_set_NULL(p); - if (!err) { - lwsl_err("Problem loading cert\n"); - return 1; - } - - if (lws_tls_alloc_pem_to_der_file(vhost->context, private_key, - (char *)mem_privkey, mem_privkey_len, - &p, &flen)) { - lwsl_err("couldn't find private key\n"); - - return 1; - } - - err = SSL_CTX_use_PrivateKey_ASN1(0, vhost->tls.ssl_ctx, p, flen); - lws_free_set_NULL(p); - if (!err) { - lwsl_err("Problem loading key\n"); - - return 1; - } - - if (!private_key && !mem_privkey && vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, - vhost->tls.ssl_ctx, NULL, 0)) { - lwsl_err("ssl private key not set\n"); - - return 1; - } - - vhost->tls.skipped_certs = 0; - - return 0; -} - -int -lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info, - struct lws_vhost *vhost, struct lws *wsi) -{ - const SSL_METHOD *method = TLS_server_method(); - uint8_t *p; - lws_filepos_t flen; - int n; - - vhost->tls.ssl_ctx = SSL_CTX_new(method); /* create context */ - if (!vhost->tls.ssl_ctx) { - lwsl_err("problem creating ssl context\n"); - return 1; - } - - if (!vhost->tls.use_ssl || - (!info->ssl_cert_filepath && !info->server_ssl_cert_mem)) - return 0; - - if (info->ssl_ca_filepath) { - lwsl_notice("%s: vh %s: loading CA filepath %s\n", __func__, - vhost->name, info->ssl_ca_filepath); - if (lws_tls_alloc_pem_to_der_file(vhost->context, - info->ssl_ca_filepath, NULL, 0, &p, &flen)) { - lwsl_err("couldn't find client CA file %s\n", - info->ssl_ca_filepath); - - return 1; - } - - if (SSL_CTX_add_client_CA_ASN1(vhost->tls.ssl_ctx, (int)flen, p) != 1) { - lwsl_err("%s: SSL_CTX_add_client_CA_ASN1 unhappy\n", - __func__); - free(p); - return 1; - } - free(p); - } else { - if (info->server_ssl_ca_mem && info->server_ssl_ca_mem_len && - SSL_CTX_add_client_CA_ASN1(vhost->tls.ssl_ctx, - (int)info->server_ssl_ca_mem_len, - info->server_ssl_ca_mem) != 1) { - lwsl_err("%s: mem SSL_CTX_add_client_CA_ASN1 unhappy\n", - __func__); - return 1; - } - lwsl_notice("%s: vh %s: mem CA OK\n", __func__, vhost->name); - } - - n = lws_tls_server_certs_load(vhost, wsi, info->ssl_cert_filepath, - info->ssl_private_key_filepath, - info->server_ssl_cert_mem, - info->server_ssl_cert_mem_len, - info->server_ssl_private_key_mem, - info->server_ssl_private_key_mem_len); - if (n) - return n; - - return 0; -} - -int -lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd) -{ - errno = 0; - wsi->tls.ssl = SSL_new(wsi->vhost->tls.ssl_ctx); - if (wsi->tls.ssl == NULL) { - lwsl_err("SSL_new failed: errno %d\n", errno); - - lws_tls_err_describe_clear(); - return 1; - } - - SSL_set_fd(wsi->tls.ssl, accept_fd); - - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback); - - SSL_set_sni_callback(wsi->tls.ssl, lws_mbedtls_sni_cb, wsi->context); - - return 0; -} - -#if defined(LWS_AMAZON_RTOS) -enum lws_ssl_capable_status -#else -int -#endif -lws_tls_server_abort_connection(struct lws *wsi) -{ - __lws_tls_shutdown(wsi); - SSL_free(wsi->tls.ssl); - - return 0; -} - -enum lws_ssl_capable_status -lws_tls_server_accept(struct lws *wsi) -{ - union lws_tls_cert_info_results ir; - int m, n; - - n = SSL_accept(wsi->tls.ssl); - if (n == 1) { - - if (strstr(wsi->vhost->name, ".invalid")) { - lwsl_notice("%s: vhost has .invalid, " - "rejecting accept\n", __func__); - - return LWS_SSL_CAPABLE_ERROR; - } - - n = lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_COMMON_NAME, - &ir, sizeof(ir.ns.name)); - if (!n) - lwsl_notice("%s: client cert CN '%s'\n", - __func__, ir.ns.name); - else - lwsl_info("%s: couldn't get client cert CN\n", - __func__); - return LWS_SSL_CAPABLE_DONE; - } - - m = SSL_get_error(wsi->tls.ssl, n); - lwsl_debug("%s: %p: accept SSL_get_error %d errno %d\n", __func__, - wsi, m, errno); - - // mbedtls wrapper only - if (m == SSL_ERROR_SYSCALL && errno == 11) - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - -#if defined(WIN32) - if (m == SSL_ERROR_SYSCALL && errno == 0) - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; -#endif - - if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL) - return LWS_SSL_CAPABLE_ERROR; - - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) { - if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { - lwsl_info("%s: WANT_READ change_pollfd failed\n", - __func__); - return LWS_SSL_CAPABLE_ERROR; - } - - lwsl_info("SSL_ERROR_WANT_READ\n"); - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - } - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_WRITE\n", __func__); - - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { - lwsl_info("%s: WANT_WRITE change_pollfd failed\n", - __func__); - return LWS_SSL_CAPABLE_ERROR; - } - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - } - - return LWS_SSL_CAPABLE_ERROR; -} - -#if defined(LWS_WITH_ACME) -/* - * mbedtls doesn't support SAN for cert creation. So we use a known-good - * tls-sni-01 cert from OpenSSL that worked on Let's Encrypt, and just replace - * the pubkey n part and the signature part. - * - * This will need redoing for tls-sni-02... - */ - -static uint8_t ss_cert_leadin[] = { - 0x30, 0x82, - 0x05, 0x56, /* total length: LEN1 (+2 / +3) (correct for 513 + 512)*/ - - 0x30, 0x82, /* length: LEN2 (+6 / +7) (correct for 513) */ - 0x03, 0x3e, - - /* addition: v3 cert (+5 bytes)*/ - 0xa0, 0x03, - 0x02, 0x01, 0x02, - - 0x02, 0x01, 0x01, - 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3f, - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, - 0x42, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0b, - 0x73, 0x6f, 0x6d, 0x65, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, - 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, 0x74, 0x65, - 0x6d, 0x70, 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x69, 0x6e, 0x76, 0x61, - 0x6c, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, - - /* from 2017-10-29 ... */ - 0x31, 0x37, 0x31, 0x30, 0x32, 0x39, 0x31, 0x31, 0x34, 0x39, 0x34, 0x35, - 0x5a, 0x17, 0x0d, - - /* thru 2049-10-29 we immediately discard the private key, no worries */ - 0x34, 0x39, 0x31, 0x30, 0x32, 0x39, 0x31, 0x32, 0x34, 0x39, 0x34, 0x35, - 0x5a, - - 0x30, 0x3f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, - 0x02, 0x47, 0x42, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, - 0x0c, 0x0b, 0x73, 0x6f, 0x6d, 0x65, 0x63, 0x6f, 0x6d, 0x70, 0x61, 0x6e, - 0x79, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x11, - 0x74, 0x65, 0x6d, 0x70, 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x69, 0x6e, - 0x76, 0x61, 0x6c, 0x69, 0x64, 0x30, - - 0x82, - 0x02, 0x22, /* LEN3 (+C3 / C4) */ - 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, - 0x03, - - 0x82, - 0x02, 0x0f, /* LEN4 (+D6 / D7) */ - - 0x00, 0x30, 0x82, - - 0x02, 0x0a, /* LEN5 (+ DB / DC) */ - - 0x02, 0x82, - - //0x02, 0x01, /* length of n in bytes (including leading 00 if any) */ - }, - - /* 1 + (keybits / 8) bytes N */ - - ss_cert_san_leadin[] = { - /* e - fixed */ - 0x02, 0x03, 0x01, 0x00, 0x01, - - 0xa3, 0x5d, 0x30, 0x5b, 0x30, 0x59, 0x06, 0x03, 0x55, 0x1d, - 0x11, 0x04, 0x52, 0x30, 0x50, /* <-- SAN length + 2 */ - - 0x82, 0x4e, /* <-- SAN length */ - }, - - /* 78 bytes of SAN (tls-sni-01) - 0x61, 0x64, 0x34, 0x31, 0x61, 0x66, 0x62, 0x65, 0x30, 0x63, 0x61, 0x34, - 0x36, 0x34, 0x32, 0x66, 0x30, 0x61, 0x34, 0x34, 0x39, 0x64, 0x39, 0x63, - 0x61, 0x37, 0x36, 0x65, 0x62, 0x61, 0x61, 0x62, 0x2e, 0x32, 0x38, 0x39, - 0x34, 0x64, 0x34, 0x31, 0x36, 0x63, 0x39, 0x38, 0x33, 0x66, 0x31, 0x32, - 0x65, 0x64, 0x37, 0x33, 0x31, 0x61, 0x33, 0x30, 0x66, 0x35, 0x63, 0x34, - 0x34, 0x37, 0x37, 0x66, 0x65, 0x2e, 0x61, 0x63, 0x6d, 0x65, 0x2e, 0x69, - 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, */ - - /* end of LEN2 area */ - - ss_cert_sig_leadin[] = { - /* it's saying that the signature is SHA256 + RSA */ - 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - - 0x82, - 0x02, 0x01, - 0x00, - }; - - /* (keybits / 8) bytes signature to end of LEN1 area */ - -#define SAN_A_LENGTH 78 - -LWS_VISIBLE int -lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a, - const char *san_b) -{ - int buflen = 0x560; - uint8_t *buf = lws_malloc(buflen, "tmp cert buf"), *p = buf, *pkey_asn1; - struct lws_genrsa_ctx ctx; - struct lws_gencrypto_keyelem el; - uint8_t digest[32]; - struct lws_genhash_ctx hash_ctx; - int pkey_asn1_len = 3 * 1024; - int n, m, keybits = lws_plat_recommended_rsa_bits(), adj; - - if (!buf) - return 1; - - n = lws_genrsa_new_keypair(vhost->context, &ctx, &el, keybits); - if (n < 0) { - lws_genrsa_destroy_elements(&el); - goto bail1; - } - - n = sizeof(ss_cert_leadin); - memcpy(p, ss_cert_leadin, n); - p += n; - - adj = (0x0556 - 0x401) + (keybits / 4) + 1; - buf[2] = adj >> 8; - buf[3] = adj & 0xff; - - adj = (0x033e - 0x201) + (keybits / 8) + 1; - buf[6] = adj >> 8; - buf[7] = adj & 0xff; - - adj = (0x0222 - 0x201) + (keybits / 8) + 1; - buf[0xc3] = adj >> 8; - buf[0xc4] = adj & 0xff; - - adj = (0x020f - 0x201) + (keybits / 8) + 1; - buf[0xd6] = adj >> 8; - buf[0xd7] = adj & 0xff; - - adj = (0x020a - 0x201) + (keybits / 8) + 1; - buf[0xdb] = adj >> 8; - buf[0xdc] = adj & 0xff; - - *p++ = ((keybits / 8) + 1) >> 8; - *p++ = ((keybits / 8) + 1) & 0xff; - - /* we need to drop 1 + (keybits / 8) bytes of n in here, 00 + key */ - - *p++ = 0x00; - memcpy(p, el.e[LWS_GENCRYPTO_RSA_KEYEL_N].buf, el.e[LWS_GENCRYPTO_RSA_KEYEL_N].len); - p += el.e[LWS_GENCRYPTO_RSA_KEYEL_N].len; - - memcpy(p, ss_cert_san_leadin, sizeof(ss_cert_san_leadin)); - p += sizeof(ss_cert_san_leadin); - - /* drop in 78 bytes of san_a */ - - memcpy(p, san_a, SAN_A_LENGTH); - p += SAN_A_LENGTH; - memcpy(p, ss_cert_sig_leadin, sizeof(ss_cert_sig_leadin)); - - p[17] = ((keybits / 8) + 1) >> 8; - p[18] = ((keybits / 8) + 1) & 0xff; - - p += sizeof(ss_cert_sig_leadin); - - /* hash the cert plaintext */ - - if (lws_genhash_init(&hash_ctx, LWS_GENHASH_TYPE_SHA256)) - goto bail2; - - if (lws_genhash_update(&hash_ctx, buf, lws_ptr_diff(p, buf))) { - lws_genhash_destroy(&hash_ctx, NULL); - - goto bail2; - } - if (lws_genhash_destroy(&hash_ctx, digest)) - goto bail2; - - /* sign the hash */ - - n = lws_genrsa_hash_sign(&ctx, digest, LWS_GENHASH_TYPE_SHA256, p, - buflen - lws_ptr_diff(p, buf)); - if (n < 0) - goto bail2; - p += n; - - pkey_asn1 = lws_malloc(pkey_asn1_len, "mbed crt tmp"); - if (!pkey_asn1) - goto bail2; - - m = lws_genrsa_render_pkey_asn1(&ctx, 1, pkey_asn1, pkey_asn1_len); - if (m < 0) { - lws_free(pkey_asn1); - goto bail2; - } - -// lwsl_hexdump_level(LLL_DEBUG, buf, lws_ptr_diff(p, buf)); - n = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx, - lws_ptr_diff(p, buf), buf); - if (n != 1) { - lws_free(pkey_asn1); - lwsl_err("%s: generated cert failed to load 0x%x\n", - __func__, -n); - } else { - //lwsl_debug("private key\n"); - //lwsl_hexdump_level(LLL_DEBUG, pkey_asn1, n); - - /* and to use our generated private key */ - n = SSL_CTX_use_PrivateKey_ASN1(0, vhost->tls.ssl_ctx, - pkey_asn1, m); - lws_free(pkey_asn1); - if (n != 1) { - lwsl_err("%s: SSL_CTX_use_PrivateKey_ASN1 failed\n", - __func__); - } - } - - lws_genrsa_destroy(&ctx); - lws_genrsa_destroy_elements(&el); - - lws_free(buf); - - return n != 1; - -bail2: - lws_genrsa_destroy(&ctx); - lws_genrsa_destroy_elements(&el); -bail1: - lws_free(buf); - - return -1; -} - -void -lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost) -{ -} - -#if defined(LWS_WITH_JOSE) -static int -_rngf(void *context, unsigned char *buf, size_t len) -{ - if ((size_t)lws_get_random(context, buf, len) == len) - return 0; - - return -1; -} - -static const char *x5[] = { "C", "ST", "L", "O", "CN" }; - -/* - * CSR is output formatted as b64url(DER) - * Private key is output as a PEM in memory - */ -LWS_VISIBLE LWS_EXTERN int -lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[], - uint8_t *dcsr, size_t csr_len, char **privkey_pem, - size_t *privkey_len) -{ - mbedtls_x509write_csr csr; - mbedtls_pk_context mpk; - int buf_size = 4096, n; - char subject[200], *p = subject, *end = p + sizeof(subject) - 1; - uint8_t *buf = malloc(buf_size); /* malloc because given to user code */ - - if (!buf) - return -1; - - mbedtls_x509write_csr_init(&csr); - - mbedtls_pk_init(&mpk); - if (mbedtls_pk_setup(&mpk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA))) { - lwsl_notice("%s: pk_setup failed\n", __func__); - goto fail; - } - - n = mbedtls_rsa_gen_key(mbedtls_pk_rsa(mpk), _rngf, context, - lws_plat_recommended_rsa_bits(), 65537); - if (n) { - lwsl_notice("%s: failed to generate keys\n", __func__); - - goto fail1; - } - - /* subject must be formatted like "C=TW,O=warmcat,CN=myserver" */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(x5); n++) { - if (p != subject) - *p++ = ','; - if (elements[n]) - p += lws_snprintf(p, end - p, "%s=%s", x5[n], - elements[n]); - } - - if (mbedtls_x509write_csr_set_subject_name(&csr, subject)) - goto fail1; - - mbedtls_x509write_csr_set_key(&csr, &mpk); - mbedtls_x509write_csr_set_md_alg(&csr, MBEDTLS_MD_SHA256); - - /* - * data is written at the end of the buffer! Use the - * return value to determine where you should start - * using the buffer - */ - n = mbedtls_x509write_csr_der(&csr, buf, buf_size, _rngf, context); - if (n < 0) { - lwsl_notice("%s: write csr der failed\n", __func__); - goto fail1; - } - - /* we have it in DER, we need it in b64URL */ - - n = lws_jws_base64_enc((char *)(buf + buf_size) - n, n, - (char *)dcsr, csr_len); - if (n < 0) - goto fail1; - - /* - * okay, the CSR is done, last we need the private key in PEM - * re-use the DER CSR buf as the result buffer since we cn do it in - * one step - */ - - if (mbedtls_pk_write_key_pem(&mpk, buf, buf_size)) { - lwsl_notice("write key pem failed\n"); - goto fail1; - } - - *privkey_pem = (char *)buf; - *privkey_len = strlen((const char *)buf); - - mbedtls_pk_free(&mpk); - mbedtls_x509write_csr_free(&csr); - - return n; - -fail1: - mbedtls_pk_free(&mpk); -fail: - mbedtls_x509write_csr_free(&csr); - free(buf); - - return -1; -} -#endif -#endif diff --git a/lib/tls/mbedtls/private.h b/lib/tls/mbedtls/private.h deleted file mode 100644 index a87a4a4..0000000 --- a/lib/tls/mbedtls/private.h +++ /dev/null @@ -1,34 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * gencrypto mbedtls-specific helper declarations - */ - -#include - -struct lws_x509_cert { - mbedtls_x509_crt cert; /* has a .next for linked-list / chain */ -}; - -mbedtls_md_type_t -lws_gencrypto_mbedtls_hash_to_MD_TYPE(enum lws_genhash_types hash_type); - -int -lws_gencrypto_mbedtls_rngf(void *context, unsigned char *buf, size_t len); diff --git a/lib/tls/mbedtls/ssl.c b/lib/tls/mbedtls/ssl.c deleted file mode 100644 index 4e8d20b..0000000 --- a/lib/tls/mbedtls/ssl.c +++ /dev/null @@ -1,317 +0,0 @@ -/* - * libwebsockets - mbedTLS-specific lws apis - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/mbedtls/private.h" - - -LWS_VISIBLE void -lws_ssl_destroy(struct lws_vhost *vhost) -{ - if (!lws_check_opt(vhost->context->options, - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) - return; - - if (vhost->tls.ssl_ctx) - SSL_CTX_free(vhost->tls.ssl_ctx); - if (!vhost->tls.user_supplied_ssl_ctx && vhost->tls.ssl_client_ctx) - SSL_CTX_free(vhost->tls.ssl_client_ctx); - - if (vhost->tls.x509_client_CA) - X509_free(vhost->tls.x509_client_CA); -} - -LWS_VISIBLE int -lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int n = 0, m; - - if (!wsi->tls.ssl) - return lws_ssl_capable_read_no_ssl(wsi, buf, len); - - lws_stats_bump(pt, LWSSTATS_C_API_READ, 1); - - errno = 0; - n = SSL_read(wsi->tls.ssl, buf, len); -#if defined(LWS_WITH_ESP32) - if (!n && errno == LWS_ENOTCONN) { - lwsl_debug("%p: SSL_read ENOTCONN\n", wsi); - return LWS_SSL_CAPABLE_ERROR; - } -#endif -#if defined(LWS_WITH_STATS) - if (!wsi->seen_rx && wsi->accept_start_us) { - lws_stats_bump(pt, LWSSTATS_US_SSL_RX_DELAY_AVG, - lws_now_usecs() - wsi->accept_start_us); - lws_stats_bump(pt, LWSSTATS_C_SSL_CONNS_HAD_RX, 1); - wsi->seen_rx = 1; - } -#endif - - - lwsl_debug("%p: SSL_read says %d\n", wsi, n); - /* manpage: returning 0 means connection shut down */ - if (!n) { - wsi->socket_is_permanently_unusable = 1; - - return LWS_SSL_CAPABLE_ERROR; - } - - if (n < 0) { - m = SSL_get_error(wsi->tls.ssl, n); - lwsl_debug("%p: ssl err %d errno %d\n", wsi, m, errno); - if (errno == LWS_ENOTCONN) { - /* If the socket isn't connected anymore, bail out. */ - wsi->socket_is_permanently_unusable = 1; - return LWS_SSL_CAPABLE_ERROR; - } - if (m == SSL_ERROR_ZERO_RETURN || - m == SSL_ERROR_SYSCALL) - return LWS_SSL_CAPABLE_ERROR; - - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_READ\n", __func__); - lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_WRITE\n", __func__); - lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - wsi->socket_is_permanently_unusable = 1; - - return LWS_SSL_CAPABLE_ERROR; - } - - lws_stats_bump(pt, LWSSTATS_B_READ, n); - - if (wsi->vhost) - wsi->vhost->conn_stats.rx += n; - - /* - * if it was our buffer that limited what we read, - * check if SSL has additional data pending inside SSL buffers. - * - * Because these won't signal at the network layer with POLLIN - * and if we don't realize, this data will sit there forever - */ - if (n != len) - goto bail; - if (!wsi->tls.ssl) - goto bail; - - if (SSL_pending(wsi->tls.ssl) && - lws_dll2_is_detached(&wsi->tls.dll_pending_tls)) - lws_dll2_add_head(&wsi->tls.dll_pending_tls, - &pt->tls.dll_pending_tls_owner); - - return n; -bail: - lws_ssl_remove_wsi_from_buffered_list(wsi); - - return n; -} - -LWS_VISIBLE int -lws_ssl_pending(struct lws *wsi) -{ - if (!wsi->tls.ssl) - return 0; - - return SSL_pending(wsi->tls.ssl); -} - -LWS_VISIBLE int -lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) -{ - int n, m; - - if (!wsi->tls.ssl) - return lws_ssl_capable_write_no_ssl(wsi, buf, len); - - n = SSL_write(wsi->tls.ssl, buf, len); - if (n > 0) - return n; - - m = SSL_get_error(wsi->tls.ssl, n); - if (m != SSL_ERROR_SYSCALL) { - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) { - lwsl_notice("%s: want read\n", __func__); - - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) { - lws_set_blocking_send(wsi); - lwsl_debug("%s: want write\n", __func__); - - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - } - - lwsl_debug("%s failed: %d\n",__func__, m); - wsi->socket_is_permanently_unusable = 1; - - return LWS_SSL_CAPABLE_ERROR; -} - -int openssl_SSL_CTX_private_data_index; - -void -lws_ssl_info_callback(const SSL *ssl, int where, int ret) -{ - struct lws *wsi; - struct lws_context *context; - struct lws_ssl_info si; - - context = (struct lws_context *)SSL_CTX_get_ex_data( - SSL_get_SSL_CTX(ssl), - openssl_SSL_CTX_private_data_index); - if (!context) - return; - wsi = wsi_from_fd(context, SSL_get_fd(ssl)); - if (!wsi) - return; - - if (!(where & wsi->vhost->tls.ssl_info_event_mask)) - return; - - si.where = where; - si.ret = ret; - - if (user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_SSL_INFO, - wsi->user_space, &si, 0)) - lws_set_timeout(wsi, PENDING_TIMEOUT_KILLED_BY_SSL_INFO, -1); -} - - -LWS_VISIBLE int -lws_ssl_close(struct lws *wsi) -{ - lws_sockfd_type n; - - if (!wsi->tls.ssl) - return 0; /* not handled */ - -#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) - /* kill ssl callbacks, becausse we will remove the fd from the - * table linking it to the wsi - */ - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, NULL); -#endif - - n = SSL_get_fd(wsi->tls.ssl); - if (!wsi->socket_is_permanently_unusable) - SSL_shutdown(wsi->tls.ssl); - compatible_close(n); - SSL_free(wsi->tls.ssl); - wsi->tls.ssl = NULL; - - if (!lwsi_role_client(wsi) && - wsi->context->simultaneous_ssl_restriction && - wsi->context->simultaneous_ssl-- == - wsi->context->simultaneous_ssl_restriction) - /* we made space and can do an accept */ - lws_gate_accepts(wsi->context, 1); - -#if defined(LWS_WITH_STATS) - wsi->context->updated = 1; -#endif - - return 1; /* handled */ -} - -void -lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost) -{ - if (vhost->tls.ssl_ctx) - SSL_CTX_free(vhost->tls.ssl_ctx); - - if (!vhost->tls.user_supplied_ssl_ctx && vhost->tls.ssl_client_ctx) - SSL_CTX_free(vhost->tls.ssl_client_ctx); -#if defined(LWS_WITH_ACME) - lws_tls_acme_sni_cert_destroy(vhost); -#endif -} - -void -lws_ssl_context_destroy(struct lws_context *context) -{ -} - -lws_tls_ctx * -lws_tls_ctx_from_wsi(struct lws *wsi) -{ - if (!wsi->tls.ssl) - return NULL; - - return SSL_get_SSL_CTX(wsi->tls.ssl); -} - -enum lws_ssl_capable_status -__lws_tls_shutdown(struct lws *wsi) -{ - int n = SSL_shutdown(wsi->tls.ssl); - - lwsl_debug("SSL_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); - - switch (n) { - case 1: /* successful completion */ - n = shutdown(wsi->desc.sockfd, SHUT_WR); - return LWS_SSL_CAPABLE_DONE; - - case 0: /* needs a retry */ - __lws_change_pollfd(wsi, 0, LWS_POLLIN); - return LWS_SSL_CAPABLE_MORE_SERVICE; - - default: /* fatal error, or WANT */ - n = SSL_get_error(wsi->tls.ssl, n); - if (n != SSL_ERROR_SYSCALL && n != SSL_ERROR_SSL) { - if (SSL_want_read(wsi->tls.ssl)) { - lwsl_debug("(wants read)\n"); - __lws_change_pollfd(wsi, 0, LWS_POLLIN); - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - } - if (SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("(wants write)\n"); - __lws_change_pollfd(wsi, 0, LWS_POLLOUT); - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - } - } - return LWS_SSL_CAPABLE_ERROR; - } -} - - -static int -tops_fake_POLLIN_for_buffered_mbedtls(struct lws_context_per_thread *pt) -{ - return lws_tls_fake_POLLIN_for_buffered(pt); -} - -const struct lws_tls_ops tls_ops_mbedtls = { - /* fake_POLLIN_for_buffered */ tops_fake_POLLIN_for_buffered_mbedtls, -}; diff --git a/lib/tls/mbedtls/tls.c b/lib/tls/mbedtls/tls.c deleted file mode 100644 index ecb0949..0000000 --- a/lib/tls/mbedtls/tls.c +++ /dev/null @@ -1,46 +0,0 @@ -/* - * libwebsockets - mbedTLS-specific lws apis - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/mbedtls/private.h" - -void -lws_tls_err_describe_clear(void) -{ -} - -int -lws_context_init_ssl_library(const struct lws_context_creation_info *info) -{ - lwsl_info(" Compiled with MbedTLS support\n"); - - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) - lwsl_info(" SSL disabled: no " - "LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n"); - - return 0; -} - -void -lws_context_deinit_ssl_library(struct lws_context *context) -{ - -} diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl3.h b/lib/tls/mbedtls/wrapper/include/internal/ssl3.h deleted file mode 100644 index 007b392..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl3.h +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL3_H_ -#define _SSL3_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -# define SSL3_AD_CLOSE_NOTIFY 0 -# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */ -# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */ -# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */ -# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */ -# define SSL3_AD_NO_CERTIFICATE 41 -# define SSL3_AD_BAD_CERTIFICATE 42 -# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 -# define SSL3_AD_CERTIFICATE_REVOKED 44 -# define SSL3_AD_CERTIFICATE_EXPIRED 45 -# define SSL3_AD_CERTIFICATE_UNKNOWN 46 -# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */ - -# define SSL3_AL_WARNING 1 -# define SSL3_AL_FATAL 2 - -#define SSL3_VERSION 0x0300 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h deleted file mode 100644 index 86cf31a..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_cert.h +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_CERT_H_ -#define _SSL_CERT_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -/** - * @brief create a certification object include private key object according to input certification - * - * @param ic - input certification point - * - * @return certification object point - */ -CERT *__ssl_cert_new(CERT *ic); - -/** - * @brief create a certification object include private key object - * - * @param none - * - * @return certification object point - */ -CERT* ssl_cert_new(void); - -/** - * @brief free a certification object - * - * @param cert - certification object point - * - * @return none - */ -void ssl_cert_free(CERT *cert); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_code.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_code.h deleted file mode 100644 index 80fdbb2..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_code.h +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_CODE_H_ -#define _SSL_CODE_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl3.h" -#include "tls1.h" -#include "x509_vfy.h" - -/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ -# define SSL_SENT_SHUTDOWN 1 -# define SSL_RECEIVED_SHUTDOWN 2 - -# define SSL_VERIFY_NONE 0x00 -# define SSL_VERIFY_PEER 0x01 -# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 -# define SSL_VERIFY_CLIENT_ONCE 0x04 - -/* - * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you - * should not need these - */ -# define SSL_ST_READ_HEADER 0xF0 -# define SSL_ST_READ_BODY 0xF1 -# define SSL_ST_READ_DONE 0xF2 - -# define SSL_NOTHING 1 -# define SSL_WRITING 2 -# define SSL_READING 3 -# define SSL_X509_LOOKUP 4 -# define SSL_ASYNC_PAUSED 5 -# define SSL_ASYNC_NO_JOBS 6 - - -# define SSL_ERROR_NONE 0 -# define SSL_ERROR_SSL 1 -# define SSL_ERROR_WANT_READ 2 -# define SSL_ERROR_WANT_WRITE 3 -# define SSL_ERROR_WANT_X509_LOOKUP 4 -# define SSL_ERROR_SYSCALL 5/* look at error stack/return value/errno */ -# define SSL_ERROR_ZERO_RETURN 6 -# define SSL_ERROR_WANT_CONNECT 7 -# define SSL_ERROR_WANT_ACCEPT 8 -# define SSL_ERROR_WANT_ASYNC 9 -# define SSL_ERROR_WANT_ASYNC_JOB 10 - -/* Message flow states */ -typedef enum { - /* No handshake in progress */ - MSG_FLOW_UNINITED, - /* A permanent error with this connection */ - MSG_FLOW_ERROR, - /* We are about to renegotiate */ - MSG_FLOW_RENEGOTIATE, - /* We are reading messages */ - MSG_FLOW_READING, - /* We are writing messages */ - MSG_FLOW_WRITING, - /* Handshake has finished */ - MSG_FLOW_FINISHED -} MSG_FLOW_STATE; - -/* SSL subsystem states */ -typedef enum { - TLS_ST_BEFORE, - TLS_ST_OK, - DTLS_ST_CR_HELLO_VERIFY_REQUEST, - TLS_ST_CR_SRVR_HELLO, - TLS_ST_CR_CERT, - TLS_ST_CR_CERT_STATUS, - TLS_ST_CR_KEY_EXCH, - TLS_ST_CR_CERT_REQ, - TLS_ST_CR_SRVR_DONE, - TLS_ST_CR_SESSION_TICKET, - TLS_ST_CR_CHANGE, - TLS_ST_CR_FINISHED, - TLS_ST_CW_CLNT_HELLO, - TLS_ST_CW_CERT, - TLS_ST_CW_KEY_EXCH, - TLS_ST_CW_CERT_VRFY, - TLS_ST_CW_CHANGE, - TLS_ST_CW_NEXT_PROTO, - TLS_ST_CW_FINISHED, - TLS_ST_SW_HELLO_REQ, - TLS_ST_SR_CLNT_HELLO, - DTLS_ST_SW_HELLO_VERIFY_REQUEST, - TLS_ST_SW_SRVR_HELLO, - TLS_ST_SW_CERT, - TLS_ST_SW_KEY_EXCH, - TLS_ST_SW_CERT_REQ, - TLS_ST_SW_SRVR_DONE, - TLS_ST_SR_CERT, - TLS_ST_SR_KEY_EXCH, - TLS_ST_SR_CERT_VRFY, - TLS_ST_SR_NEXT_PROTO, - TLS_ST_SR_CHANGE, - TLS_ST_SR_FINISHED, - TLS_ST_SW_SESSION_TICKET, - TLS_ST_SW_CERT_STATUS, - TLS_ST_SW_CHANGE, - TLS_ST_SW_FINISHED -} OSSL_HANDSHAKE_STATE; - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h deleted file mode 100644 index ad32cb9..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_dbg.h +++ /dev/null @@ -1,190 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_DEBUG_H_ -#define _SSL_DEBUG_H_ - -#include "platform/ssl_port.h" - -#ifdef __cplusplus - extern "C" { -#endif - -#ifdef CONFIG_OPENSSL_DEBUG_LEVEL - #define SSL_DEBUG_LEVEL CONFIG_OPENSSL_DEBUG_LEVEL -#else - #define SSL_DEBUG_LEVEL 0 -#endif - -#define SSL_DEBUG_ON (SSL_DEBUG_LEVEL + 1) -#define SSL_DEBUG_OFF (SSL_DEBUG_LEVEL - 1) - -#ifdef CONFIG_OPENSSL_DEBUG - #ifndef SSL_DEBUG_LOG - #error "SSL_DEBUG_LOG is not defined" - #endif - - #ifndef SSL_DEBUG_FL - #define SSL_DEBUG_FL "\n" - #endif - - #define SSL_SHOW_LOCATION() \ - SSL_DEBUG_LOG("SSL assert : %s %d\n", \ - __FILE__, __LINE__) - - #define SSL_DEBUG(level, fmt, ...) \ - { \ - if (level > SSL_DEBUG_LEVEL) { \ - SSL_DEBUG_LOG(fmt SSL_DEBUG_FL, ##__VA_ARGS__); \ - } \ - } -#else /* CONFIG_OPENSSL_DEBUG */ - #define SSL_SHOW_LOCATION() - - #define SSL_DEBUG(level, fmt, ...) -#endif /* CONFIG_OPENSSL_DEBUG */ - -/** - * OpenSSL assert function - * - * if select "CONFIG_OPENSSL_ASSERT_DEBUG", SSL_ASSERT* will show error file name and line - * if select "CONFIG_OPENSSL_ASSERT_EXIT", SSL_ASSERT* will just return error code. - * if select "CONFIG_OPENSSL_ASSERT_DEBUG_EXIT" SSL_ASSERT* will show error file name and line, - * then return error code. - * if select "CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK", SSL_ASSERT* will show error file name and line, - * then block here with "while (1)" - * - * SSL_ASSERT1 may will return "-1", so function's return argument is integer. - * SSL_ASSERT2 may will return "NULL", so function's return argument is a point. - * SSL_ASSERT2 may will return nothing, so function's return argument is "void". - */ -#if defined(CONFIG_OPENSSL_ASSERT_DEBUG) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_EXIT) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - return -1; \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - return NULL; \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - return ; \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_EXIT) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return -1; \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return NULL; \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - return ; \ - } \ - } -#elif defined(CONFIG_OPENSSL_ASSERT_DEBUG_BLOCK) - #define SSL_ASSERT1(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } - - #define SSL_ASSERT2(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } - - #define SSL_ASSERT3(s) \ - { \ - if (!(s)) { \ - SSL_SHOW_LOCATION(); \ - while (1); \ - } \ - } -#else - #define SSL_ASSERT1(s) - #define SSL_ASSERT2(s) - #define SSL_ASSERT3(s) -#endif - -#define SSL_PLATFORM_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_PLATFORM_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_CERT_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_CERT_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_PKEY_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_PKEY_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_X509_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_X509_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_LIB_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_LIB_ERROR_LEVEL SSL_DEBUG_ON - -#define SSL_STACK_DEBUG_LEVEL SSL_DEBUG_OFF -#define SSL_STACK_ERROR_LEVEL SSL_DEBUG_ON - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h deleted file mode 100644 index 42b2de7..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_lib.h +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_LIB_H_ -#define _SSL_LIB_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - - void _ssl_set_alpn_list(const SSL *ssl); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_methods.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_methods.h deleted file mode 100644 index cd2f8c0..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_methods.h +++ /dev/null @@ -1,121 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_METHODS_H_ -#define _SSL_METHODS_H_ - -#include "ssl_types.h" - -#ifdef __cplusplus - extern "C" { -#endif - -/** - * TLS method function implement - */ -#define IMPLEMENT_TLS_METHOD_FUNC(func_name, \ - new, free, \ - handshake, shutdown, clear, \ - read, send, pending, \ - set_fd, get_fd, \ - set_bufflen, \ - get_verify_result, \ - get_state) \ - static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ - new, \ - free, \ - handshake, \ - shutdown, \ - clear, \ - read, \ - send, \ - pending, \ - set_fd, \ - get_fd, \ - set_bufflen, \ - get_verify_result, \ - get_state \ - }; - -#define IMPLEMENT_TLS_METHOD(ver, mode, fun, func_name) \ - const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ - ver, \ - mode, \ - &(fun), \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_SSL_METHOD(ver, mode, fun, func_name) \ - const SSL_METHOD* func_name(void) { \ - static const SSL_METHOD func_name##_data LOCAL_ATRR = { \ - ver, \ - mode, \ - &(fun), \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_X509_METHOD(func_name, \ - new, \ - free, \ - load, \ - show_info) \ - const X509_METHOD* func_name(void) { \ - static const X509_METHOD func_name##_data LOCAL_ATRR = { \ - new, \ - free, \ - load, \ - show_info \ - }; \ - return &func_name##_data; \ - } - -#define IMPLEMENT_PKEY_METHOD(func_name, \ - new, \ - free, \ - load) \ - const PKEY_METHOD* func_name(void) { \ - static const PKEY_METHOD func_name##_data LOCAL_ATRR = { \ - new, \ - free, \ - load \ - }; \ - return &func_name##_data; \ - } - -/** - * @brief get X509 object method - * - * @param none - * - * @return X509 object method point - */ -const X509_METHOD* X509_method(void); - -/** - * @brief get private key object method - * - * @param none - * - * @return private key object method point - */ -const PKEY_METHOD* EVP_PKEY_method(void); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h deleted file mode 100644 index e790fcc..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_pkey.h +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PKEY_H_ -#define _SSL_PKEY_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -/** - * @brief create a private key object according to input private key - * - * @param ipk - input private key point - * - * @return new private key object point - */ -EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk); - -/** - * @brief create a private key object - * - * @param none - * - * @return private key object point - */ -EVP_PKEY* EVP_PKEY_new(void); - -/** - * @brief load a character key context into system context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - * - * @param type - private key type - * @param a - a point pointed to a private key point - * @param pp - a point pointed to the key context memory point - * @param length - key bytes - * - * @return private key object point - */ -EVP_PKEY* d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length); - -/** - * @brief free a private key object - * - * @param pkey - private key object point - * - * @return none - */ -void EVP_PKEY_free(EVP_PKEY *x); - -/** - * @brief load private key into the SSL - * - * @param type - private key type - * @param ssl - SSL point - * @param len - data bytes - * @param d - data point - * - * @return result - * 0 : failed - * 1 : OK - */ - int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len); - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_stack.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_stack.h deleted file mode 100644 index 7a7051a..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_stack.h +++ /dev/null @@ -1,52 +0,0 @@ -#ifndef _SSL_STACK_H_ -#define _SSL_STACK_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" - -#define STACK_OF(type) struct stack_st_##type - -#define SKM_DEFINE_STACK_OF(t1, t2, t3) \ - STACK_OF(t1); \ - static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ - { \ - return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ - } \ - -#define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) - -/** - * @brief create a openssl stack object - * - * @param c - stack function - * - * @return openssl stack object point - */ -OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c); - -/** - * @brief create a NULL function openssl stack object - * - * @param none - * - * @return openssl stack object point - */ -OPENSSL_STACK *OPENSSL_sk_new_null(void); - -/** - * @brief free openssl stack object - * - * @param openssl stack object point - * - * @return none - */ -void OPENSSL_sk_free(OPENSSL_STACK *stack); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_types.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_types.h deleted file mode 100644 index 1f5f948..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_types.h +++ /dev/null @@ -1,311 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_TYPES_H_ -#define _SSL_TYPES_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -//#include "core/private.h" -#include -#if defined(LWS_WITH_ESP32) - /* AMAZON RTOS has its own setting via MTK_MBEDTLS_CONFIG_FILE */ - #if !defined(LWS_AMAZON_RTOS) - #undef MBEDTLS_CONFIG_FILE - #define MBEDTLS_CONFIG_FILE - #endif -#endif - -#include "ssl_code.h" - -typedef void SSL_CIPHER; - -typedef void X509_STORE_CTX; -typedef void X509_STORE; - -typedef void RSA; - -typedef void STACK; -typedef void BIO; - -#if defined(WIN32) || defined(_WIN32) -#define ossl_inline __inline -#else -#define ossl_inline inline -#endif - -#define SSL_METHOD_CALL(f, s, ...) s->method->func->ssl_##f(s, ##__VA_ARGS__) -#define X509_METHOD_CALL(f, x, ...) x->method->x509_##f(x, ##__VA_ARGS__) -#define EVP_PKEY_METHOD_CALL(f, k, ...) k->method->pkey_##f(k, ##__VA_ARGS__) - -typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); - -struct stack_st; -typedef struct stack_st OPENSSL_STACK; - -struct ssl_method_st; -typedef struct ssl_method_st SSL_METHOD; - -struct ssl_method_func_st; -typedef struct ssl_method_func_st SSL_METHOD_FUNC; - -struct record_layer_st; -typedef struct record_layer_st RECORD_LAYER; - -struct ossl_statem_st; -typedef struct ossl_statem_st OSSL_STATEM; - -struct ssl_session_st; -typedef struct ssl_session_st SSL_SESSION; - -struct ssl_ctx_st; -typedef struct ssl_ctx_st SSL_CTX; - -struct ssl_st; -typedef struct ssl_st SSL; - -struct cert_st; -typedef struct cert_st CERT; - -struct x509_st; -typedef struct x509_st X509; - -struct X509_VERIFY_PARAM_st; -typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; - -struct evp_pkey_st; -typedef struct evp_pkey_st EVP_PKEY; - -struct x509_method_st; -typedef struct x509_method_st X509_METHOD; - -struct pkey_method_st; -typedef struct pkey_method_st PKEY_METHOD; - -struct stack_st { - - char **data; - - int num_alloc; - - OPENSSL_sk_compfunc c; -}; - -struct evp_pkey_st { - - void *pkey_pm; - - const PKEY_METHOD *method; -}; - -struct x509_st { - - /* X509 certification platform private point */ - void *x509_pm; - - const X509_METHOD *method; -}; - -struct cert_st { - - int sec_level; - - X509 *x509; - - EVP_PKEY *pkey; - -}; - -struct ossl_statem_st { - - MSG_FLOW_STATE state; - - int hand_state; -}; - -struct record_layer_st { - - int rstate; - - int read_ahead; -}; - -struct ssl_session_st { - - long timeout; - - long time; - - X509 *peer; -}; - -struct X509_VERIFY_PARAM_st { - - int depth; - -}; - -typedef int (*next_proto_cb)(SSL *ssl, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg); - - -struct ssl_ctx_st -{ - int version; - - int references; - - unsigned long options; - - const SSL_METHOD *method; - - CERT *cert; - - X509 *client_CA; - - const char **alpn_protos; - - next_proto_cb alpn_cb; - - int verify_mode; - - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); - - long session_timeout; - - int read_ahead; - - int read_buffer_len; - - X509_VERIFY_PARAM param; -}; - -struct ssl_st -{ - /* protocol version(one of SSL3.0, TLS1.0, etc.) */ - int version; - - unsigned long options; - - /* shut things down(0x01 : sent, 0x02 : received) */ - int shutdown; - - CERT *cert; - - X509 *client_CA; - - SSL_CTX *ctx; - - const SSL_METHOD *method; - - const char **alpn_protos; - - RECORD_LAYER rlayer; - - /* where we are */ - OSSL_STATEM statem; - - SSL_SESSION *session; - - int verify_mode; - - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); - - int rwstate; - int interrupted_remaining_write; - - long verify_result; - - X509_VERIFY_PARAM param; - - int err; - - void (*info_callback) (const SSL *ssl, int type, int val); - - /* SSL low-level system arch point */ - void *ssl_pm; -}; - -struct ssl_method_st { - /* protocol version(one of SSL3.0, TLS1.0, etc.) */ - int version; - - /* SSL mode(client(0) , server(1), not known(-1)) */ - int endpoint; - - const SSL_METHOD_FUNC *func; -}; - -struct ssl_method_func_st { - - int (*ssl_new)(SSL *ssl); - - void (*ssl_free)(SSL *ssl); - - int (*ssl_handshake)(SSL *ssl); - - int (*ssl_shutdown)(SSL *ssl); - - int (*ssl_clear)(SSL *ssl); - - int (*ssl_read)(SSL *ssl, void *buffer, int len); - - int (*ssl_send)(SSL *ssl, const void *buffer, int len); - - int (*ssl_pending)(const SSL *ssl); - - void (*ssl_set_fd)(SSL *ssl, int fd, int mode); - - int (*ssl_get_fd)(const SSL *ssl, int mode); - - void (*ssl_set_bufflen)(SSL *ssl, int len); - - long (*ssl_get_verify_result)(const SSL *ssl); - - OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); -}; - -struct x509_method_st { - - int (*x509_new)(X509 *x, X509 *m_x); - - void (*x509_free)(X509 *x); - - int (*x509_load)(X509 *x, const unsigned char *buf, int len); - - int (*x509_show_info)(X509 *x); -}; - -struct pkey_method_st { - - int (*pkey_new)(EVP_PKEY *pkey, EVP_PKEY *m_pkey); - - void (*pkey_free)(EVP_PKEY *pkey); - - int (*pkey_load)(EVP_PKEY *pkey, const unsigned char *buf, int len); -}; - -#define OPENSSL_NPN_NEGOTIATED 1 - -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_x509.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_x509.h deleted file mode 100644 index 7594d06..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/ssl_x509.h +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_X509_H_ -#define _SSL_X509_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "ssl_types.h" -#include "ssl_stack.h" - -DEFINE_STACK_OF(X509_NAME) - -/** - * @brief create a X509 certification object according to input X509 certification - * - * @param ix - input X509 certification point - * - * @return new X509 certification object point - */ -X509* __X509_new(X509 *ix); - -/** - * @brief create a X509 certification object - * - * @param none - * - * @return X509 certification object point - */ -X509* X509_new(void); - -/** - * @brief load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - * - * @param cert - a point pointed to X509 certification - * @param buffer - a point pointed to the certification context memory point - * @param length - certification bytes - * - * @return X509 certification object point - */ -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len); - -/** - * @brief free a X509 certification object - * - * @param x - X509 certification object point - * - * @return none - */ -void X509_free(X509 *x); - -/** - * @brief set SSL context client CA certification - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return result - * 0 : failed - * 1 : OK - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -/** - * @brief add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - X509 certification point - * - * @return result - * 0 : failed - * 1 : OK - */ -int SSL_add_client_CA(SSL *ssl, X509 *x); - -/** - * @brief load certification into the SSL - * - * @param ssl - SSL point - * @param len - data bytes - * @param d - data point - * - * @return result - * 0 : failed - * 1 : OK - * - */ -int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); - -const char *X509_verify_cert_error_string(long n); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/tls1.h b/lib/tls/mbedtls/wrapper/include/internal/tls1.h deleted file mode 100644 index 7af1b01..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/tls1.h +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _TLS1_H_ -#define _TLS1_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -# define TLS1_AD_DECRYPTION_FAILED 21 -# define TLS1_AD_RECORD_OVERFLOW 22 -# define TLS1_AD_UNKNOWN_CA 48/* fatal */ -# define TLS1_AD_ACCESS_DENIED 49/* fatal */ -# define TLS1_AD_DECODE_ERROR 50/* fatal */ -# define TLS1_AD_DECRYPT_ERROR 51 -# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */ -# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */ -# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */ -# define TLS1_AD_INTERNAL_ERROR 80/* fatal */ -# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */ -# define TLS1_AD_USER_CANCELLED 90 -# define TLS1_AD_NO_RENEGOTIATION 100 -/* codes 110-114 are from RFC3546 */ -# define TLS1_AD_UNSUPPORTED_EXTENSION 110 -# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 -# define TLS1_AD_UNRECOGNIZED_NAME 112 -# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 -# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 -# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ -# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ - -/* Special value for method supporting multiple versions */ -#define TLS_ANY_VERSION 0x10000 - -#define TLS1_VERSION 0x0301 -#define TLS1_1_VERSION 0x0302 -#define TLS1_2_VERSION 0x0303 - -#define SSL_TLSEXT_ERR_OK 0 -#define SSL_TLSEXT_ERR_NOACK 3 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/internal/x509_vfy.h b/lib/tls/mbedtls/wrapper/include/internal/x509_vfy.h deleted file mode 100644 index d5b0d1a..0000000 --- a/lib/tls/mbedtls/wrapper/include/internal/x509_vfy.h +++ /dev/null @@ -1,111 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _X509_VFY_H_ -#define _X509_VFY_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#define X509_V_OK 0 -#define X509_V_ERR_UNSPECIFIED 1 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 -#define X509_V_ERR_UNABLE_TO_GET_CRL 3 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 -#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 -#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 -#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 -#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 -#define X509_V_ERR_CERT_HAS_EXPIRED 10 -#define X509_V_ERR_CRL_NOT_YET_VALID 11 -#define X509_V_ERR_CRL_HAS_EXPIRED 12 -#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 -#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 -#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 -#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 -#define X509_V_ERR_OUT_OF_MEM 17 -#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 -#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 -#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 -#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 -#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 -#define X509_V_ERR_CERT_REVOKED 23 -#define X509_V_ERR_INVALID_CA 24 -#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 -#define X509_V_ERR_INVALID_PURPOSE 26 -#define X509_V_ERR_CERT_UNTRUSTED 27 -#define X509_V_ERR_CERT_REJECTED 28 -/* These are 'informational' when looking for issuer cert */ -#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 -#define X509_V_ERR_AKID_SKID_MISMATCH 30 -#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 -#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 -#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 -#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 -#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 -#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 -#define X509_V_ERR_INVALID_NON_CA 37 -#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 -#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 -#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 -#define X509_V_ERR_INVALID_EXTENSION 41 -#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 -#define X509_V_ERR_NO_EXPLICIT_POLICY 43 -#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 -#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 -#define X509_V_ERR_UNNESTED_RESOURCE 46 -#define X509_V_ERR_PERMITTED_VIOLATION 47 -#define X509_V_ERR_EXCLUDED_VIOLATION 48 -#define X509_V_ERR_SUBTREE_MINMAX 49 -/* The application is not happy */ -#define X509_V_ERR_APPLICATION_VERIFICATION 50 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 -#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 -#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 -#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 -/* Another issuer check debug option */ -#define X509_V_ERR_PATH_LOOP 55 -/* Suite B mode algorithm violation */ -#define X509_V_ERR_SUITE_B_INVALID_VERSION 56 -#define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 -#define X509_V_ERR_SUITE_B_INVALID_CURVE 58 -#define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 -#define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 -#define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 -/* Host, email and IP check errors */ -#define X509_V_ERR_HOSTNAME_MISMATCH 62 -#define X509_V_ERR_EMAIL_MISMATCH 63 -#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 -/* DANE TLSA errors */ -#define X509_V_ERR_DANE_NO_MATCH 65 -/* security level errors */ -#define X509_V_ERR_EE_KEY_TOO_SMALL 66 -#define X509_V_ERR_CA_KEY_TOO_SMALL 67 -#define X509_V_ERR_CA_MD_TOO_WEAK 68 -/* Caller error */ -#define X509_V_ERR_INVALID_CALL 69 -/* Issuer lookup error */ -#define X509_V_ERR_STORE_LOOKUP 70 -/* Certificate transparency */ -#define X509_V_ERR_NO_VALID_SCTS 71 - -#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/openssl/ssl.h b/lib/tls/mbedtls/wrapper/include/openssl/ssl.h deleted file mode 100755 index 9427283..0000000 --- a/lib/tls/mbedtls/wrapper/include/openssl/ssl.h +++ /dev/null @@ -1,1827 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_H_ -#define _SSL_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include -#include "internal/ssl_x509.h" -#include "internal/ssl_pkey.h" - -/* -{ -*/ - -#define SSL_CB_ALERT 0x4000 - -#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT (1 << 0) -#define X509_CHECK_FLAG_NO_WILDCARDS (1 << 1) -#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS (1 << 2) -#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS (1 << 3) -#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS (1 << 4) - - mbedtls_x509_crt * - ssl_ctx_get_mbedtls_x509_crt(SSL_CTX *ssl_ctx); - - mbedtls_x509_crt * - ssl_get_peer_mbedtls_x509_crt(SSL *ssl); - - int SSL_set_sni_callback(SSL *ssl, int(*cb)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), void *param); - - void SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); - - int SSL_CTX_add_client_CA_ASN1(SSL_CTX *ssl, int len, - const unsigned char *d); - - SSL *SSL_SSL_from_mbedtls_ssl_context(mbedtls_ssl_context *msc); - -/** - * @brief create a SSL context - * - * @param method - the SSL context method point - * - * @return the context point - */ -SSL_CTX* SSL_CTX_new(const SSL_METHOD *method); - -/** - * @brief free a SSL context - * - * @param method - the SSL context point - * - * @return none - */ -void SSL_CTX_free(SSL_CTX *ctx); - -/** - * @brief create a SSL - * - * @param ctx - the SSL context point - * - * @return the SSL point - */ -SSL* SSL_new(SSL_CTX *ctx); - -/** - * @brief free the SSL - * - * @param ssl - the SSL point - * - * @return none - */ -void SSL_free(SSL *ssl); - -/** - * @brief connect to the remote SSL server - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_connect(SSL *ssl); - -/** - * @brief accept the remote connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * -1 : failed - */ -int SSL_accept(SSL *ssl); - -/** - * @brief read data from to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the received data buffer point - * @param len - the received data length - * - * @return result - * > 0 : OK, and return received data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_read(SSL *ssl, void *buffer, int len); - -/** - * @brief send the data to remote - * - * @param ssl - the SSL point which has been connected - * @param buffer - the send data buffer point - * @param len - the send data length - * - * @return result - * > 0 : OK, and return sent data bytes - * = 0 : connection is closed - * < 0 : an error catch - */ -int SSL_write(SSL *ssl, const void *buffer, int len); - -/** - * @brief get the verifying result of the SSL certification - * - * @param ssl - the SSL point - * - * @return the result of verifying - */ -long SSL_get_verify_result(const SSL *ssl); - -/** - * @brief shutdown the connection - * - * @param ssl - the SSL point - * - * @return result - * 1 : OK - * 0 : shutdown is not finished - * -1 : an error catch - */ -int SSL_shutdown(SSL *ssl); - -/** - * @brief bind the socket file description into the SSL - * - * @param ssl - the SSL point - * @param fd - socket handle - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_fd(SSL *ssl, int fd); - -/** - * @brief These functions load the private key into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - private key object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); - -/** - * @brief These functions load the certification into the SSL_CTX or SSL object - * - * @param ctx - the SSL context point - * @param pkey - certification object point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV2.3 version SSL context client method - */ -const SSL_METHOD* SSLv23_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.0 version SSL context client method - */ -const SSL_METHOD* TLSv1_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the SSLV1.0 version SSL context client method - */ -const SSL_METHOD* SSLv3_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.1 version SSL context client method - */ -const SSL_METHOD* TLSv1_1_client_method(void); - -/** - * @brief create the target SSL context client method - * - * @param none - * - * @return the TLSV1.2 version SSL context client method - */ -const SSL_METHOD* TLSv1_2_client_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLS any version SSL context client method - */ -const SSL_METHOD* TLS_client_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV2.3 version SSL context server method - */ -const SSL_METHOD* SSLv23_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.1 version SSL context server method - */ -const SSL_METHOD* TLSv1_1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.2 version SSL context server method - */ -const SSL_METHOD* TLSv1_2_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLSV1.0 version SSL context server method - */ -const SSL_METHOD* TLSv1_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the SSLV3.0 version SSL context server method - */ -const SSL_METHOD* SSLv3_server_method(void); - -/** - * @brief create the target SSL context server method - * - * @param none - * - * @return the TLS any version SSL context server method - */ -const SSL_METHOD* TLS_server_method(void); - - -/** - * @brief set the SSL context ALPN select callback function - * - * @param ctx - SSL context point - * @param cb - ALPN select callback function - * @param arg - ALPN select callback function entry private data point - * - * @return none - */ -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, next_proto_cb cb, - void *arg); - -void SSL_set_alpn_select_cb(SSL *ssl, void *arg); - -/** - * @brief set the SSL context ALPN select protocol - * - * @param ctx - SSL context point - * @param protos - ALPN protocol name - * @param protos_len - ALPN protocol name bytes - * - * @return result - * 0 : OK - * 1 : failed - */ -int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned int protos_len); - -/** - * @brief set the SSL context next ALPN select callback function - * - * @param ctx - SSL context point - * @param cb - ALPN select callback function - * @param arg - ALPN select callback function entry private data point - * - * @return none - */ -void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, - int (*cb) (SSL *ssl, - unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, - void *arg), - void *arg); - -void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len); - -void _ssl_set_alpn_list(const SSL *ssl); - -/** - * @brief get SSL error code - * - * @param ssl - SSL point - * @param ret_code - SSL return code - * - * @return SSL error number - */ -int SSL_get_error(const SSL *ssl, int ret_code); - -/** - * @brief clear the SSL error code - * - * @param none - * - * @return none - */ -void ERR_clear_error(void); - -/** - * @brief get the current SSL error code - * - * @param none - * - * @return current SSL error number - */ -int ERR_get_error(void); - -/** - * @brief register the SSL error strings - * - * @param none - * - * @return none - */ -void ERR_load_SSL_strings(void); - -/** - * @brief initialize the SSL library - * - * @param none - * - * @return none - */ -void SSL_library_init(void); - -/** - * @brief generates a human-readable string representing the error code e - * and store it into the "ret" point memory - * - * @param e - error code - * @param ret - memory point to store the string - * - * @return the result string point - */ -char *ERR_error_string(unsigned long e, char *ret); - -/** - * @brief add the SSL context option - * - * @param ctx - SSL context point - * @param opt - new SSL context option - * - * @return the SSL context option - */ -unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt); - -/** - * @brief add the SSL context mode - * - * @param ctx - SSL context point - * @param mod - new SSL context mod - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_mode(SSL_CTX *ctx, int mod); - -/* -} -*/ - -/** - * @brief perform the SSL handshake - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - * -1 : a error catch - */ -int SSL_do_handshake(SSL *ssl); - -/** - * @brief get the SSL current version - * - * @param ssl - SSL point - * - * @return the version string - */ -const char *SSL_get_version(const SSL *ssl); - -/** - * @brief set the SSL context version - * - * @param ctx - SSL context point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); - -/** - * @brief get the bytes numbers which are to be read - * - * @param ssl - SSL point - * - * @return bytes number - */ -int SSL_pending(const SSL *ssl); - -/** - * @brief check if SSL want nothing - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_nothing(const SSL *ssl); - -/** - * @brief check if SSL want to read - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_read(const SSL *ssl); - -/** - * @brief check if SSL want to write - * - * @param ssl - SSL point - * - * @return result - * 0 : false - * 1 : true - */ -int SSL_want_write(const SSL *ssl); - -/** - * @brief get the SSL context current method - * - * @param ctx - SSL context point - * - * @return the SSL context current method - */ -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); - -/** - * @brief get the SSL current method - * - * @param ssl - SSL point - * - * @return the SSL current method - */ -const SSL_METHOD *SSL_get_ssl_method(SSL *ssl); - -/** - * @brief set the SSL method - * - * @param ssl - SSL point - * @param meth - SSL method point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method); - -/** - * @brief add CA client certification into the SSL - * - * @param ssl - SSL point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_add_client_CA(SSL *ssl, X509 *x); - -/** - * @brief add CA client certification into the SSL context - * - * @param ctx - SSL context point - * @param x - CA certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); - -/** - * @brief set the SSL CA certification list - * - * @param ssl - SSL point - * @param name_list - CA certification list - * - * @return none - */ -void SSL_set_client_CA_list(SSL *ssl, STACK_OF(X509_NAME) *name_list); - -/** - * @brief set the SSL context CA certification list - * - * @param ctx - SSL context point - * @param name_list - CA certification list - * - * @return none - */ -void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); - -/** - * @briefget the SSL CA certification list - * - * @param ssl - SSL point - * - * @return CA certification list - */ -STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *ssl); - -/** - * @brief get the SSL context CA certification list - * - * @param ctx - SSL context point - * - * @return CA certification list - */ -STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx); - -/** - * @brief get the SSL certification point - * - * @param ssl - SSL point - * - * @return SSL certification point - */ -X509 *SSL_get_certificate(const SSL *ssl); - -/** - * @brief get the SSL private key point - * - * @param ssl - SSL point - * - * @return SSL private key point - */ -EVP_PKEY *SSL_get_privatekey(const SSL *ssl); - -/** - * @brief set the SSL information callback function - * - * @param ssl - SSL point - * @param cb - information callback function - * - * @return none - */ -void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)); - -/** - * @brief get the SSL state - * - * @param ssl - SSL point - * - * @return SSL state - */ -OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); - -/** - * @brief set the SSL context read buffer length - * - * @param ctx - SSL context point - * @param len - read buffer length - * - * @return none - */ -void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); - -/** - * @brief set the SSL read buffer length - * - * @param ssl - SSL point - * @param len - read buffer length - * - * @return none - */ -void SSL_set_default_read_buffer_len(SSL *ssl, size_t len); - -/** - * @brief set the SSL security level - * - * @param ssl - SSL point - * @param level - security level - * - * @return none - */ -void SSL_set_security_level(SSL *ssl, int level); - -/** - * @brief get the SSL security level - * - * @param ssl - SSL point - * - * @return security level - */ -int SSL_get_security_level(const SSL *ssl); - -/** - * @brief get the SSL verifying mode of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying mode - */ -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); - -/** - * @brief get the SSL verifying depth of the SSL context - * - * @param ctx - SSL context point - * - * @return verifying depth - */ -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); - -/** - * @brief set the SSL context verifying of the SSL context - * - * @param ctx - SSL context point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none - */ -void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); - -/** - * @brief set the SSL verifying of the SSL context - * - * @param ctx - SSL point - * @param mode - verifying mode - * @param verify_callback - verifying callback function - * - * @return none - */ -void SSL_set_verify(SSL *s, int mode, int (*verify_callback)(int, X509_STORE_CTX *)); - -/** - * @brief set the SSL verify depth of the SSL context - * - * @param ctx - SSL context point - * @param depth - verifying depth - * - * @return none - */ -void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); - -/** - * @brief certification verifying callback function - * - * @param preverify_ok - verifying result - * @param x509_ctx - X509 certification point - * - * @return verifying result - */ -int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); - -/** - * @brief set the session timeout time - * - * @param ctx - SSL context point - * @param t - new session timeout time - * - * @return old session timeout time - */ -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); - -/** - * @brief get the session timeout time - * - * @param ctx - SSL context point - * - * @return current session timeout time - */ -long SSL_CTX_get_timeout(const SSL_CTX *ctx); - -/** - * @brief set the SSL context cipher through the list string - * - * @param ctx - SSL context point - * @param str - cipher controller list string - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); - -/** - * @brief set the SSL cipher through the list string - * - * @param ssl - SSL point - * @param str - cipher controller list string - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_set_cipher_list(SSL *ssl, const char *str); - -/** - * @brief get the SSL cipher list string - * - * @param ssl - SSL point - * - * @return cipher controller list string - */ -const char *SSL_get_cipher_list(const SSL *ssl, int n); - -/** - * @brief get the SSL cipher - * - * @param ssl - SSL point - * - * @return current cipher - */ -const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); - -/** - * @brief get the SSL cipher string - * - * @param ssl - SSL point - * - * @return cipher string - */ -const char *SSL_get_cipher(const SSL *ssl); - -/** - * @brief get the SSL context object X509 certification storage - * - * @param ctx - SSL context point - * - * @return x509 certification storage - */ -X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); - -/** - * @brief set the SSL context object X509 certification store - * - * @param ctx - SSL context point - * @param store - X509 certification store - * - * @return none - */ -void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); - -/** - * @brief get the SSL specifical statement - * - * @param ssl - SSL point - * - * @return specifical statement - */ -int SSL_want(const SSL *ssl); - -/** - * @brief check if the SSL is SSL_X509_LOOKUP state - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_want_x509_lookup(const SSL *ssl); - -/** - * @brief reset the SSL - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_clear(SSL *ssl); - -/** - * @brief get the socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_fd(const SSL *ssl); - -/** - * @brief get the read only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_rfd(const SSL *ssl); - -/** - * @brief get the write only socket handle of the SSL - * - * @param ssl - SSL point - * - * @return result - * >= 0 : yes, and return socket handle - * < 0 : a error catch - */ -int SSL_get_wfd(const SSL *ssl); - -/** - * @brief set the SSL if we can read as many as data - * - * @param ssl - SSL point - * @param yes - enable the function - * - * @return none - */ -void SSL_set_read_ahead(SSL *s, int yes); - -/** - * @brief set the SSL context if we can read as many as data - * - * @param ctx - SSL context point - * @param yes - enbale the function - * - * @return none - */ -void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes); - -/** - * @brief get the SSL ahead signal if we can read as many as data - * - * @param ssl - SSL point - * - * @return SSL context ahead signal - */ -int SSL_get_read_ahead(const SSL *ssl); - -/** - * @brief get the SSL context ahead signal if we can read as many as data - * - * @param ctx - SSL context point - * - * @return SSL context ahead signal - */ -long SSL_CTX_get_read_ahead(SSL_CTX *ctx); - -/** - * @brief check if some data can be read - * - * @param ssl - SSL point - * - * @return - * 1 : there are bytes to be read - * 0 : no data - */ -int SSL_has_pending(const SSL *ssl); - -/** - * @brief load the X509 certification into SSL context - * - * @param ctx - SSL context point - * @param x - X509 certification point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);//loads the certificate x into ctx - -/** - * @brief load the ASN1 certification into SSL context - * - * @param ctx - SSL context point - * @param len - certification length - * @param d - data point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); - -/** - * @brief load the certification file into SSL context - * - * @param ctx - SSL context point - * @param file - certification file name - * @param type - certification encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); - -/** - * @brief load the certification chain file into SSL context - * - * @param ctx - SSL context point - * @param file - certification chain file name - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); - - -/** - * @brief load the ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);//adds the private key of type pk stored at memory location d (length len) to ctx - -/** - * @brief load the private key file into SSL context - * - * @param ctx - SSL context point - * @param file - private key file name - * @param type - private key encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); - -/** - * @brief load the RSA private key into SSL context - * - * @param ctx - SSL context point - * @param x - RSA private key point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); - -/** - * @brief load the RSA ASN1 private key into SSL context - * - * @param ctx - SSL context point - * @param d - data point - * @param len - RSA private key length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); - -/** - * @brief load the RSA private key file into SSL context - * - * @param ctx - SSL context point - * @param file - RSA private key file name - * @param type - private key encoding type - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); - - -/** - * @brief check if the private key and certification is matched - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_check_private_key(const SSL_CTX *ctx); - -/** - * @brief set the SSL context server information - * - * @param ctx - SSL context point - * @param serverinfo - server information string - * @param serverinfo_length - server information length - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); - -/** - * @brief load the SSL context server infomation file into SSL context - * - * @param ctx - SSL context point - * @param file - server information file - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); - -/** - * @brief SSL select next function - * - * @param out - point of output data point - * @param outlen - output data length - * @param in - input data - * @param inlen - input data length - * @param client - client data point - * @param client_len -client data length - * - * @return NPN state - * OPENSSL_NPN_UNSUPPORTED : not support - * OPENSSL_NPN_NEGOTIATED : negotiated - * OPENSSL_NPN_NO_OVERLAP : no overlap - */ -int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, - const unsigned char *client, unsigned int client_len); - -/** - * @brief load the extra certification chain into the SSL context - * - * @param ctx - SSL context point - * @param x509 - X509 certification - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *); - -/** - * @brief control the SSL context - * - * @param ctx - SSL context point - * @param cmd - command - * @param larg - parameter length - * @param parg - parameter point - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); - -/** - * @brief get the SSL context cipher - * - * @param ctx - SSL context point - * - * @return SSL context cipher - */ -STACK *SSL_CTX_get_ciphers(const SSL_CTX *ctx); - -/** - * @brief check if the SSL context can read as many as data - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx); - -/** - * @brief get the SSL context extra data - * - * @param ctx - SSL context point - * @param idx - index - * - * @return data point - */ -void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx); - -/** - * @brief get the SSL context quiet shutdown option - * - * @param ctx - SSL context point - * - * @return quiet shutdown option - */ -int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); - -/** - * @brief load the SSL context CA file - * - * @param ctx - SSL context point - * @param CAfile - CA certification file - * @param CApath - CA certification file path - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, const char *CApath); - -/** - * @brief add SSL context reference count by '1' - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_up_ref(SSL_CTX *ctx); - -/** - * @brief set SSL context application private data - * - * @param ctx - SSL context point - * @param arg - private data - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg); - -/** - * @brief set SSL context client certification callback function - * - * @param ctx - SSL context point - * @param cb - callback function - * - * @return none - */ -void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); - -/** - * @brief set the SSL context if we can read as many as data - * - * @param ctx - SSL context point - * @param m - enable the fuction - * - * @return none - */ -void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m); - -/** - * @brief set SSL context default verifying path - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); - -/** - * @brief set SSL context default verifying directory - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); - -/** - * @brief set SSL context default verifying file - * - * @param ctx - SSL context point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); - -/** - * @brief set SSL context extra data - * - * @param ctx - SSL context point - * @param idx - data index - * @param arg - data point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg); - -/** - * @brief clear the SSL context option bit of "op" - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option - */ -unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); - -/** - * @brief get the SSL context option - * - * @param ctx - SSL context point - * @param op - option - * - * @return SSL context option - */ -unsigned long SSL_CTX_get_options(SSL_CTX *ctx); - -/** - * @brief set the SSL context quiet shutdown mode - * - * @param ctx - SSL context point - * @param mode - mode - * - * @return none - */ -void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); - -/** - * @brief get the SSL context X509 certification - * - * @param ctx - SSL context point - * - * @return X509 certification - */ -X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); - -/** - * @brief get the SSL context private key - * - * @param ctx - SSL context point - * - * @return private key - */ -EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); - -/** - * @brief set SSL context PSK identity hint - * - * @param ctx - SSL context point - * @param hint - PSK identity hint - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *hint); - -/** - * @brief set SSL context PSK server callback function - * - * @param ctx - SSL context point - * @param callback - callback function - * - * @return none - */ -void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, - unsigned int (*callback)(SSL *ssl, - const char *identity, - unsigned char *psk, - int max_psk_len)); -/** - * @brief get alert description string - * - * @param value - alert value - * - * @return alert description string - */ -const char *SSL_alert_desc_string(int value); - -/** - * @brief get alert description long string - * - * @param value - alert value - * - * @return alert description long string - */ -const char *SSL_alert_desc_string_long(int value); - -/** - * @brief get alert type string - * - * @param value - alert value - * - * @return alert type string - */ -const char *SSL_alert_type_string(int value); - -/** - * @brief get alert type long string - * - * @param value - alert value - * - * @return alert type long string - */ -const char *SSL_alert_type_string_long(int value); - -/** - * @brief get SSL context of the SSL - * - * @param ssl - SSL point - * - * @return SSL context - */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); - -/** - * @brief get SSL application data - * - * @param ssl - SSL point - * - * @return application data - */ -char *SSL_get_app_data(SSL *ssl); - -/** - * @brief get SSL cipher bits - * - * @param ssl - SSL point - * @param alg_bits - algorithm bits - * - * @return strength bits - */ -int SSL_get_cipher_bits(const SSL *ssl, int *alg_bits); - -/** - * @brief get SSL cipher name - * - * @param ssl - SSL point - * - * @return SSL cipher name - */ -char *SSL_get_cipher_name(const SSL *ssl); - -/** - * @brief get SSL cipher version - * - * @param ssl - SSL point - * - * @return SSL cipher version - */ -char *SSL_get_cipher_version(const SSL *ssl); - -/** - * @brief get SSL extra data - * - * @param ssl - SSL point - * @param idx - data index - * - * @return extra data - */ -char *SSL_get_ex_data(const SSL *ssl, int idx); - -/** - * @brief get index of the SSL extra data X509 storage context - * - * @param none - * - * @return data index - */ -int SSL_get_ex_data_X509_STORE_CTX_idx(void); - -/** - * @brief get peer certification chain - * - * @param ssl - SSL point - * - * @return certification chain - */ -STACK *SSL_get_peer_cert_chain(const SSL *ssl); - -/** - * @brief get peer certification - * - * @param ssl - SSL point - * - * @return certification - */ -X509 *SSL_get_peer_certificate(const SSL *ssl); - -/** - * @brief get SSL quiet shutdown mode - * - * @param ssl - SSL point - * - * @return quiet shutdown mode - */ -int SSL_get_quiet_shutdown(const SSL *ssl); - -/** - * @brief get SSL read only IO handle - * - * @param ssl - SSL point - * - * @return IO handle - */ -BIO *SSL_get_rbio(const SSL *ssl); - -/** - * @brief get SSL shared ciphers - * - * @param ssl - SSL point - * @param buf - buffer to store the ciphers - * @param len - buffer len - * - * @return shared ciphers - */ -char *SSL_get_shared_ciphers(const SSL *ssl, char *buf, int len); - -/** - * @brief get SSL shutdown mode - * - * @param ssl - SSL point - * - * @return shutdown mode - */ -int SSL_get_shutdown(const SSL *ssl); - -/** - * @brief get SSL session time - * - * @param ssl - SSL point - * - * @return session time - */ -long SSL_get_time(const SSL *ssl); - -/** - * @brief get SSL session timeout time - * - * @param ssl - SSL point - * - * @return session timeout time - */ -long SSL_get_timeout(const SSL *ssl); - -/** - * @brief get SSL verifying mode - * - * @param ssl - SSL point - * - * @return verifying mode - */ -int SSL_get_verify_mode(const SSL *ssl); - -/** - * @brief get SSL verify parameters - * - * @param ssl - SSL point - * - * @return verify parameters - */ -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); - -/** - * @brief set expected hostname the peer cert CN should have - * - * @param param - verify parameters from SSL_get0_param() - * - * @param name - the expected hostname - * - * @param namelen - the length of the hostname, or 0 if NUL terminated - * - * @return verify parameters - */ -int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen); - -/** - * @brief set parameters for X509 host verify action - * - * @param param -verify parameters from SSL_get0_param() - * - * @param flags - bitfield of X509_CHECK_FLAG_... parameters to set - * - * @return 1 for success, 0 for failure - */ -int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags); - -/** - * @brief clear parameters for X509 host verify action - * - * @param param -verify parameters from SSL_get0_param() - * - * @param flags - bitfield of X509_CHECK_FLAG_... parameters to clear - * - * @return 1 for success, 0 for failure - */ -int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags); - -/** - * @brief get SSL write only IO handle - * - * @param ssl - SSL point - * - * @return IO handle - */ -BIO *SSL_get_wbio(const SSL *ssl); - -/** - * @brief load SSL client CA certification file - * - * @param file - file name - * - * @return certification loading object - */ -STACK *SSL_load_client_CA_file(const char *file); - -/** - * @brief add SSL reference by '1' - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_up_ref(SSL *ssl); - -/** - * @brief read and put data into buf, but not clear the SSL low-level storage - * - * @param ssl - SSL point - * @param buf - storage buffer point - * @param num - data bytes - * - * @return result - * > 0 : OK, and return read bytes - * = 0 : connect is closed - * < 0 : a error catch - */ -int SSL_peek(SSL *ssl, void *buf, int num); - -/** - * @brief make SSL renegotiate - * - * @param ssl - SSL point - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_renegotiate(SSL *ssl); - -/** - * @brief get the state string where SSL is reading - * - * @param ssl - SSL point - * - * @return state string - */ -const char *SSL_rstate_string(SSL *ssl); - -/** - * @brief get the statement long string where SSL is reading - * - * @param ssl - SSL point - * - * @return statement long string - */ -const char *SSL_rstate_string_long(SSL *ssl); - -/** - * @brief set SSL accept statement - * - * @param ssl - SSL point - * - * @return none - */ -void SSL_set_accept_state(SSL *ssl); - -/** - * @brief set SSL application data - * - * @param ssl - SSL point - * @param arg - SSL application data point - * - * @return none - */ -void SSL_set_app_data(SSL *ssl, char *arg); - -/** - * @brief set SSL BIO - * - * @param ssl - SSL point - * @param rbio - read only IO - * @param wbio - write only IO - * - * @return none - */ -void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); - -/** - * @brief clear SSL option - * - * @param ssl - SSL point - * @param op - clear option - * - * @return SSL option - */ -unsigned long SSL_clear_options(SSL *ssl, unsigned long op); - -/** - * @brief get SSL option - * - * @param ssl - SSL point - * - * @return SSL option - */ -unsigned long SSL_get_options(SSL *ssl); - -/** - * @brief clear SSL option - * - * @param ssl - SSL point - * @param op - setting option - * - * @return SSL option - */ -unsigned long SSL_set_options(SSL *ssl, unsigned long op); - -/** - * @brief set SSL quiet shutdown mode - * - * @param ssl - SSL point - * @param mode - quiet shutdown mode - * - * @return none - */ -void SSL_set_quiet_shutdown(SSL *ssl, int mode); - -/** - * @brief set SSL shutdown mode - * - * @param ssl - SSL point - * @param mode - shutdown mode - * - * @return none - */ -void SSL_set_shutdown(SSL *ssl, int mode); - -/** - * @brief set SSL session time - * - * @param ssl - SSL point - * @param t - session time - * - * @return session time - */ -long SSL_set_time(SSL *ssl, long t); - -/** - * @brief set SSL session timeout time - * - * @param ssl - SSL point - * @param t - session timeout time - * - * @return session timeout time - */ -long SSL_set_timeout(SSL *ssl, long t); - -/** - * @brief get SSL statement string - * - * @param ssl - SSL point - * - * @return SSL statement string - */ -char *SSL_state_string(const SSL *ssl); - -/** - * @brief get SSL statement long string - * - * @param ssl - SSL point - * - * @return SSL statement long string - */ -char *SSL_state_string_long(const SSL *ssl); - -/** - * @brief get SSL renegotiation count - * - * @param ssl - SSL point - * - * @return renegotiation count - */ -long SSL_total_renegotiations(SSL *ssl); - -/** - * @brief get SSL version - * - * @param ssl - SSL point - * - * @return SSL version - */ -int SSL_version(const SSL *ssl); - -/** - * @brief set SSL PSK identity hint - * - * @param ssl - SSL point - * @param hint - identity hint - * - * @return result - * 1 : OK - * 0 : failed - */ -int SSL_use_psk_identity_hint(SSL *ssl, const char *hint); - -/** - * @brief get SSL PSK identity hint - * - * @param ssl - SSL point - * - * @return identity hint - */ -const char *SSL_get_psk_identity_hint(SSL *ssl); - -/** - * @brief get SSL PSK identity - * - * @param ssl - SSL point - * - * @return identity - */ -const char *SSL_get_psk_identity(SSL *ssl); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h b/lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h deleted file mode 100644 index cbbe3aa..0000000 --- a/lib/tls/mbedtls/wrapper/include/platform/ssl_pm.h +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PM_H_ -#define _SSL_PM_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include -#include "ssl_types.h" -#include "ssl_port.h" - -#define LOCAL_ATRR - -int ssl_pm_new(SSL *ssl); -void ssl_pm_free(SSL *ssl); - -int ssl_pm_handshake(SSL *ssl); -int ssl_pm_shutdown(SSL *ssl); -int ssl_pm_clear(SSL *ssl); - -int ssl_pm_read(SSL *ssl, void *buffer, int len); -int ssl_pm_send(SSL *ssl, const void *buffer, int len); -int ssl_pm_pending(const SSL *ssl); - -void ssl_pm_set_fd(SSL *ssl, int fd, int mode); -int ssl_pm_get_fd(const SSL *ssl, int mode); - -OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl); - -void ssl_pm_set_bufflen(SSL *ssl, int len); - -int x509_pm_show_info(X509 *x); -int x509_pm_new(X509 *x, X509 *m_x); -void x509_pm_free(X509 *x); -int x509_pm_load(X509 *x, const unsigned char *buffer, int len); - -int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pk); -void pkey_pm_free(EVP_PKEY *pk); -int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len); - -long ssl_pm_get_verify_result(const SSL *ssl); - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/include/platform/ssl_port.h b/lib/tls/mbedtls/wrapper/include/platform/ssl_port.h deleted file mode 100644 index 74c7634..0000000 --- a/lib/tls/mbedtls/wrapper/include/platform/ssl_port.h +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_PORT_H_ -#define _SSL_PORT_H_ - -#ifdef __cplusplus - extern "C" { -#endif - -#include "string.h" -#include "stdlib.h" -#if defined(LWS_HAVE_MALLOC_H) -#include "malloc.h" -#endif - -void *ssl_mem_zalloc(size_t size); - -#define ssl_mem_malloc malloc -#define ssl_mem_free free - -#define ssl_memcpy memcpy -#define ssl_strlen strlen - -#define ssl_speed_up_enter() -#define ssl_speed_up_exit() - -#define SSL_DEBUG_FL -#define SSL_DEBUG_LOG(fmt, ...) ESP_LOGI("openssl", fmt, ##__VA_ARGS__) - -#ifdef __cplusplus - } -#endif - -#endif diff --git a/lib/tls/mbedtls/wrapper/library/ssl_cert.c b/lib/tls/mbedtls/wrapper/library/ssl_cert.c deleted file mode 100644 index 5c60812..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_cert.c +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_cert.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -/** - * @brief create a certification object according to input certification - */ -CERT *__ssl_cert_new(CERT *ic) -{ - CERT *cert; - - X509 *ix; - EVP_PKEY *ipk; - - cert = ssl_mem_zalloc(sizeof(CERT)); - if (!cert) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "no enough memory > (cert)"); - goto no_mem; - } - - if (ic) { - ipk = ic->pkey; - ix = ic->x509; - } else { - ipk = NULL; - ix = NULL; - } - - cert->pkey = __EVP_PKEY_new(ipk); - if (!cert->pkey) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__EVP_PKEY_new() return NULL"); - goto pkey_err; - } - - cert->x509 = __X509_new(ix); - if (!cert->x509) { - SSL_DEBUG(SSL_CERT_ERROR_LEVEL, "__X509_new() return NULL"); - goto x509_err; - } - - return cert; - -x509_err: - EVP_PKEY_free(cert->pkey); -pkey_err: - ssl_mem_free(cert); -no_mem: - return NULL; -} - -/** - * @brief create a certification object include private key object - */ -CERT *ssl_cert_new(void) -{ - return __ssl_cert_new(NULL); -} - -/** - * @brief free a certification object - */ -void ssl_cert_free(CERT *cert) -{ - SSL_ASSERT3(cert); - - X509_free(cert->x509); - - EVP_PKEY_free(cert->pkey); - - ssl_mem_free(cert); -} diff --git a/lib/tls/mbedtls/wrapper/library/ssl_lib.c b/lib/tls/mbedtls/wrapper/library/ssl_lib.c deleted file mode 100644 index ec46fd8..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_lib.c +++ /dev/null @@ -1,1734 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_lib.h" -#include "ssl_pkey.h" -#include "ssl_x509.h" -#include "ssl_cert.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -#include "core/private.h" - -char * -lws_strncpy(char *dest, const char *src, size_t size); - -#define SSL_SEND_DATA_MAX_LENGTH 1460 - -/** - * @brief create a new SSL session object - */ -static SSL_SESSION* SSL_SESSION_new(void) -{ - SSL_SESSION *session; - - session = ssl_mem_zalloc(sizeof(SSL_SESSION)); - if (!session) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (session)"); - goto failed1; - } - - session->peer = X509_new(); - if (!session->peer) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL"); - goto failed2; - } - - return session; - -failed2: - ssl_mem_free(session); -failed1: - return NULL; -} - -/** - * @brief free a new SSL session object - */ -static void SSL_SESSION_free(SSL_SESSION *session) -{ - X509_free(session->peer); - ssl_mem_free(session); -} - -/** - * @brief Discover whether the current connection is in the error state - */ -int ossl_statem_in_error(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - if (ssl->statem.state == MSG_FLOW_ERROR) - return 1; - - return 0; -} - -/** - * @brief get the SSL specifical statement - */ -int SSL_want(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->rwstate; -} - -/** - * @brief check if SSL want nothing - */ -int SSL_want_nothing(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - if (ssl->err) - return 1; - - return (SSL_want(ssl) == SSL_NOTHING); -} - -/** - * @brief check if SSL want to read - */ -int SSL_want_read(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - if (ssl->err) - return 0; - - return (SSL_want(ssl) == SSL_READING); -} - -/** - * @brief check if SSL want to write - */ -int SSL_want_write(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - if (ssl->err) - return 0; - - return (SSL_want(ssl) == SSL_WRITING); -} - -/** - * @brief check if SSL want to lookup X509 certification - */ -int SSL_want_x509_lookup(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return (SSL_want(ssl) == SSL_WRITING); -} - -/** - * @brief get SSL error code - */ -int SSL_get_error(const SSL *ssl, int ret_code) -{ - int ret = SSL_ERROR_SYSCALL; - - SSL_ASSERT1(ssl); - - if (ret_code > 0) - ret = SSL_ERROR_NONE; - else if (ret_code < 0) - { - if (ssl->err == SSL_ERROR_WANT_READ || SSL_want_read(ssl)) - ret = SSL_ERROR_WANT_READ; - else if (ssl->err == SSL_ERROR_WANT_WRITE || SSL_want_write(ssl)) - ret = SSL_ERROR_WANT_WRITE; - else - ret = SSL_ERROR_SYSCALL; //unknown - } - else // ret_code == 0 - { - if (ssl->shutdown & SSL_RECEIVED_SHUTDOWN) - ret = SSL_ERROR_ZERO_RETURN; - else - ret = SSL_ERROR_SYSCALL; - } - - return ret; -} - -/** - * @brief get the SSL state - */ -OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) -{ - OSSL_HANDSHAKE_STATE state; - - SSL_ASSERT1(ssl); - - state = SSL_METHOD_CALL(get_state, ssl); - - return state; -} - -/** - * @brief create a SSL context - */ -SSL_CTX* SSL_CTX_new(const SSL_METHOD *method) -{ - SSL_CTX *ctx; - CERT *cert; - X509 *client_ca; - - if (!method) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no no_method"); - return NULL; - } - - client_ca = X509_new(); - if (!client_ca) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "X509_new() return NULL"); - goto failed1; - } - - cert = ssl_cert_new(); - if (!cert) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "ssl_cert_new() return NULL"); - goto failed2; - } - - ctx = (SSL_CTX *)ssl_mem_zalloc(sizeof(SSL_CTX)); - if (!ctx) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ctx)"); - goto failed3; - } - - ctx->method = method; - ctx->client_CA = client_ca; - ctx->cert = cert; - - ctx->version = method->version; - - return ctx; - -failed3: - ssl_cert_free(cert); -failed2: - X509_free(client_ca); -failed1: - return NULL; -} - -/** - * @brief free a SSL context - */ -void SSL_CTX_free(SSL_CTX* ctx) -{ - SSL_ASSERT3(ctx); - - ssl_cert_free(ctx->cert); - - X509_free(ctx->client_CA); - - if (ctx->alpn_protos) - ssl_mem_free(ctx->alpn_protos); - - ssl_mem_free(ctx); -} - -/** - * @brief set the SSL context version - */ -int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(meth); - - ctx->method = meth; - - ctx->version = meth->version; - - return 1; -} - -/** - * @brief get the SSL context current method - */ -const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx) -{ - SSL_ASSERT2(ctx); - - return ctx->method; -} - -/** - * @brief create a SSL - */ -SSL *SSL_new(SSL_CTX *ctx) -{ - int ret = 0; - SSL *ssl; - - if (!ctx) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no ctx"); - return NULL; - } - - ssl = (SSL *)ssl_mem_zalloc(sizeof(SSL)); - if (!ssl) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "no enough memory > (ssl)"); - goto failed1; - } - - ssl->session = SSL_SESSION_new(); - if (!ssl->session) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_SESSION_new() return NULL"); - goto failed2; - } - - ssl->cert = __ssl_cert_new(ctx->cert); - if (!ssl->cert) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__ssl_cert_new() return NULL"); - goto failed3; - } - - ssl->client_CA = __X509_new(ctx->client_CA); - if (!ssl->client_CA) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "__X509_new() return NULL"); - goto failed4; - } - - ssl->ctx = ctx; - ssl->method = ctx->method; - - ssl->version = ctx->version; - ssl->options = ctx->options; - - ssl->verify_mode = ctx->verify_mode; - - ret = SSL_METHOD_CALL(new, ssl); - if (ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed5; - } - - _ssl_set_alpn_list(ssl); - - ssl->rwstate = SSL_NOTHING; - - return ssl; - -failed5: - X509_free(ssl->client_CA); -failed4: - ssl_cert_free(ssl->cert); -failed3: - SSL_SESSION_free(ssl->session); -failed2: - ssl_mem_free(ssl); -failed1: - return NULL; -} - -/** - * @brief free the SSL - */ -void SSL_free(SSL *ssl) -{ - SSL_ASSERT3(ssl); - - SSL_METHOD_CALL(free, ssl); - - X509_free(ssl->client_CA); - - ssl_cert_free(ssl->cert); - - SSL_SESSION_free(ssl->session); - - if (ssl->alpn_protos) - ssl_mem_free(ssl->alpn_protos); - - ssl_mem_free(ssl); -} - -/** - * @brief perform the SSL handshake - */ -int SSL_do_handshake(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(handshake, ssl); - - return ret; -} - -/** - * @brief connect to the remote SSL server - */ -int SSL_connect(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_do_handshake(ssl); -} - -/** - * @brief accept the remote connection - */ -int SSL_accept(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_do_handshake(ssl); -} - -/** - * @brief shutdown the connection - */ -int SSL_shutdown(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - if (SSL_get_state(ssl) != TLS_ST_OK) return 1; - - ret = SSL_METHOD_CALL(shutdown, ssl); - - return ret; -} - -/** - * @brief reset the SSL - */ -int SSL_clear(SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_shutdown(ssl); - if (1 != ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret); - goto failed1; - } - - SSL_METHOD_CALL(free, ssl); - - ret = SSL_METHOD_CALL(new, ssl); - if (!ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed1; - } - - return 1; - -failed1: - return ret; -} - -/** - * @brief read data from to remote - */ -int SSL_read(SSL *ssl, void *buffer, int len) -{ - int ret; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(buffer); - SSL_ASSERT1(len); - - ssl->rwstate = SSL_READING; - - ret = SSL_METHOD_CALL(read, ssl, buffer, len); - - if (ret == len) - ssl->rwstate = SSL_NOTHING; - - return ret; -} - -/** - * @brief send the data to remote - */ -int SSL_write(SSL *ssl, const void *buffer, int len) -{ - int ret; - int send_bytes, bytes; - const unsigned char *pbuf; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(buffer); - SSL_ASSERT1(len); - - ssl->rwstate = SSL_WRITING; - - send_bytes = len; - pbuf = (const unsigned char *)buffer; - - do { - if (send_bytes > SSL_SEND_DATA_MAX_LENGTH) - bytes = SSL_SEND_DATA_MAX_LENGTH; - else - bytes = send_bytes; - - if (ssl->interrupted_remaining_write) { - bytes = ssl->interrupted_remaining_write; - ssl->interrupted_remaining_write = 0; - } - - ret = SSL_METHOD_CALL(send, ssl, pbuf, bytes); - //printf("%s: ssl_pm said %d for %d requested (cum %d)\n", __func__, ret, bytes, len -send_bytes); - /* the return is a NEGATIVE OpenSSL error code, or the length sent */ - if (ret > 0) { - pbuf += ret; - send_bytes -= ret; - } else - ssl->interrupted_remaining_write = bytes; - } while (ret > 0 && send_bytes && ret == bytes); - - if (ret >= 0) { - ret = len - send_bytes; - if (!ret) - ssl->rwstate = SSL_NOTHING; - } else { - if (send_bytes == len) - ret = -1; - else - ret = len - send_bytes; - } - - return ret; -} - -/** - * @brief get SSL context of the SSL - */ -SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->ctx; -} - -/** - * @brief get the SSL current method - */ -const SSL_METHOD *SSL_get_ssl_method(SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->method; -} - -/** - * @brief set the SSL method - */ -int SSL_set_ssl_method(SSL *ssl, const SSL_METHOD *method) -{ - int ret; - - SSL_ASSERT1(ssl); - SSL_ASSERT1(method); - - if (ssl->version != method->version) { - - ret = SSL_shutdown(ssl); - if (1 != ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_shutdown return %d", ret); - goto failed1; - } - - SSL_METHOD_CALL(free, ssl); - - ssl->method = method; - - ret = SSL_METHOD_CALL(new, ssl); - if (!ret) { - SSL_DEBUG(SSL_LIB_ERROR_LEVEL, "SSL_METHOD_CALL(new) return %d", ret); - goto failed1; - } - } else { - ssl->method = method; - } - - - return 1; - -failed1: - return ret; -} - -/** - * @brief get SSL shutdown mode - */ -int SSL_get_shutdown(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->shutdown; -} - -/** - * @brief set SSL shutdown mode - */ -void SSL_set_shutdown(SSL *ssl, int mode) -{ - SSL_ASSERT3(ssl); - - ssl->shutdown = mode; -} - - -/** - * @brief get the number of the bytes to be read - */ -int SSL_pending(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(pending, ssl); - - return ret; -} - -/** - * @brief check if some data can be read - */ -int SSL_has_pending(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - if (SSL_pending(ssl)) - ret = 1; - else - ret = 0; - - return ret; -} - -/** - * @brief clear the SSL context option bit of "op" - */ -unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op) -{ - SSL_ASSERT1(ctx); - - return ctx->options &= ~op; -} - -/** - * @brief get the SSL context option - */ -unsigned long SSL_CTX_get_options(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->options; -} - -/** - * @brief set the option of the SSL context - */ -unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long opt) -{ - SSL_ASSERT1(ctx); - - return ctx->options |= opt; -} - -/** - * @brief clear SSL option - */ -unsigned long SSL_clear_options(SSL *ssl, unsigned long op) -{ - SSL_ASSERT1(ssl); - - return ssl->options & ~op; -} - -/** - * @brief get SSL option - */ -unsigned long SSL_get_options(SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->options; -} - -/** - * @brief clear SSL option - */ -unsigned long SSL_set_options(SSL *ssl, unsigned long op) -{ - SSL_ASSERT1(ssl); - - return ssl->options |= op; -} - -/** - * @brief get the socket handle of the SSL - */ -int SSL_get_fd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief get the read only socket handle of the SSL - */ -int SSL_get_rfd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief get the write only socket handle of the SSL - */ -int SSL_get_wfd(const SSL *ssl) -{ - int ret; - - SSL_ASSERT1(ssl); - - ret = SSL_METHOD_CALL(get_fd, ssl, 0); - - return ret; -} - -/** - * @brief bind the socket file description into the SSL - */ -int SSL_set_fd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief bind the read only socket file description into the SSL - */ -int SSL_set_rfd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief bind the write only socket file description into the SSL - */ -int SSL_set_wfd(SSL *ssl, int fd) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(fd >= 0); - - SSL_METHOD_CALL(set_fd, ssl, fd, 0); - - return 1; -} - -/** - * @brief get SSL version - */ -int SSL_version(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->version; -} - -/** - * @brief get the SSL version string - */ -static const char* ssl_protocol_to_string(int version) -{ - const char *str; - - if (version == TLS1_2_VERSION) - str = "TLSv1.2"; - else if (version == TLS1_1_VERSION) - str = "TLSv1.1"; - else if (version == TLS1_VERSION) - str = "TLSv1"; - else if (version == SSL3_VERSION) - str = "SSLv3"; - else - str = "unknown"; - - return str; -} - -/** - * @brief get the SSL current version - */ -const char *SSL_get_version(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl_protocol_to_string(SSL_version(ssl)); -} - -/** - * @brief get alert description string - */ -const char* SSL_alert_desc_string(int value) -{ - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: - str = "CN"; - break; - case SSL3_AD_UNEXPECTED_MESSAGE: - str = "UM"; - break; - case SSL3_AD_BAD_RECORD_MAC: - str = "BM"; - break; - case SSL3_AD_DECOMPRESSION_FAILURE: - str = "DF"; - break; - case SSL3_AD_HANDSHAKE_FAILURE: - str = "HF"; - break; - case SSL3_AD_NO_CERTIFICATE: - str = "NC"; - break; - case SSL3_AD_BAD_CERTIFICATE: - str = "BC"; - break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: - str = "UC"; - break; - case SSL3_AD_CERTIFICATE_REVOKED: - str = "CR"; - break; - case SSL3_AD_CERTIFICATE_EXPIRED: - str = "CE"; - break; - case SSL3_AD_CERTIFICATE_UNKNOWN: - str = "CU"; - break; - case SSL3_AD_ILLEGAL_PARAMETER: - str = "IP"; - break; - case TLS1_AD_DECRYPTION_FAILED: - str = "DC"; - break; - case TLS1_AD_RECORD_OVERFLOW: - str = "RO"; - break; - case TLS1_AD_UNKNOWN_CA: - str = "CA"; - break; - case TLS1_AD_ACCESS_DENIED: - str = "AD"; - break; - case TLS1_AD_DECODE_ERROR: - str = "DE"; - break; - case TLS1_AD_DECRYPT_ERROR: - str = "CY"; - break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "ER"; - break; - case TLS1_AD_PROTOCOL_VERSION: - str = "PV"; - break; - case TLS1_AD_INSUFFICIENT_SECURITY: - str = "IS"; - break; - case TLS1_AD_INTERNAL_ERROR: - str = "IE"; - break; - case TLS1_AD_USER_CANCELLED: - str = "US"; - break; - case TLS1_AD_NO_RENEGOTIATION: - str = "NR"; - break; - case TLS1_AD_UNSUPPORTED_EXTENSION: - str = "UE"; - break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: - str = "CO"; - break; - case TLS1_AD_UNRECOGNIZED_NAME: - str = "UN"; - break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - str = "BR"; - break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: - str = "BH"; - break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - str = "UP"; - break; - default: - str = "UK"; - break; - } - - return str; -} - -/** - * @brief get alert description long string - */ -const char* SSL_alert_desc_string_long(int value) -{ - const char *str; - - switch (value & 0xff) - { - case SSL3_AD_CLOSE_NOTIFY: - str = "close notify"; - break; - case SSL3_AD_UNEXPECTED_MESSAGE: - str = "unexpected_message"; - break; - case SSL3_AD_BAD_RECORD_MAC: - str = "bad record mac"; - break; - case SSL3_AD_DECOMPRESSION_FAILURE: - str = "decompression failure"; - break; - case SSL3_AD_HANDSHAKE_FAILURE: - str = "handshake failure"; - break; - case SSL3_AD_NO_CERTIFICATE: - str = "no certificate"; - break; - case SSL3_AD_BAD_CERTIFICATE: - str = "bad certificate"; - break; - case SSL3_AD_UNSUPPORTED_CERTIFICATE: - str = "unsupported certificate"; - break; - case SSL3_AD_CERTIFICATE_REVOKED: - str = "certificate revoked"; - break; - case SSL3_AD_CERTIFICATE_EXPIRED: - str = "certificate expired"; - break; - case SSL3_AD_CERTIFICATE_UNKNOWN: - str = "certificate unknown"; - break; - case SSL3_AD_ILLEGAL_PARAMETER: - str = "illegal parameter"; - break; - case TLS1_AD_DECRYPTION_FAILED: - str = "decryption failed"; - break; - case TLS1_AD_RECORD_OVERFLOW: - str = "record overflow"; - break; - case TLS1_AD_UNKNOWN_CA: - str = "unknown CA"; - break; - case TLS1_AD_ACCESS_DENIED: - str = "access denied"; - break; - case TLS1_AD_DECODE_ERROR: - str = "decode error"; - break; - case TLS1_AD_DECRYPT_ERROR: - str = "decrypt error"; - break; - case TLS1_AD_EXPORT_RESTRICTION: - str = "export restriction"; - break; - case TLS1_AD_PROTOCOL_VERSION: - str = "protocol version"; - break; - case TLS1_AD_INSUFFICIENT_SECURITY: - str = "insufficient security"; - break; - case TLS1_AD_INTERNAL_ERROR: - str = "internal error"; - break; - case TLS1_AD_USER_CANCELLED: - str = "user canceled"; - break; - case TLS1_AD_NO_RENEGOTIATION: - str = "no renegotiation"; - break; - case TLS1_AD_UNSUPPORTED_EXTENSION: - str = "unsupported extension"; - break; - case TLS1_AD_CERTIFICATE_UNOBTAINABLE: - str = "certificate unobtainable"; - break; - case TLS1_AD_UNRECOGNIZED_NAME: - str = "unrecognized name"; - break; - case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: - str = "bad certificate status response"; - break; - case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: - str = "bad certificate hash value"; - break; - case TLS1_AD_UNKNOWN_PSK_IDENTITY: - str = "unknown PSK identity"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get alert type string - */ -const char *SSL_alert_type_string(int value) -{ - const char *str; - - switch (value >> 8) - { - case SSL3_AL_WARNING: - str = "W"; - break; - case SSL3_AL_FATAL: - str = "F"; - break; - default: - str = "U"; - break; - } - - return str; -} - -/** - * @brief get alert type long string - */ -const char *SSL_alert_type_string_long(int value) -{ - const char *str; - - switch (value >> 8) - { - case SSL3_AL_WARNING: - str = "warning"; - break; - case SSL3_AL_FATAL: - str = "fatal"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get the state string where SSL is reading - */ -const char *SSL_rstate_string(SSL *ssl) -{ - const char *str; - - SSL_ASSERT2(ssl); - - switch (ssl->rlayer.rstate) - { - case SSL_ST_READ_HEADER: - str = "RH"; - break; - case SSL_ST_READ_BODY: - str = "RB"; - break; - case SSL_ST_READ_DONE: - str = "RD"; - break; - default: - str = "unknown"; - break; - } - - return str; -} - -/** - * @brief get the statement long string where SSL is reading - */ -const char *SSL_rstate_string_long(SSL *ssl) -{ - const char *str = "unknown"; - - SSL_ASSERT2(ssl); - - switch (ssl->rlayer.rstate) - { - case SSL_ST_READ_HEADER: - str = "read header"; - break; - case SSL_ST_READ_BODY: - str = "read body"; - break; - case SSL_ST_READ_DONE: - str = "read done"; - break; - default: - break; - } - - return str; -} - -/** - * @brief get SSL statement string - */ -char *SSL_state_string(const SSL *ssl) -{ - char *str = "UNKWN "; - - SSL_ASSERT2(ssl); - - if (ossl_statem_in_error(ssl)) - str = "SSLERR"; - else - { - switch (SSL_get_state(ssl)) - { - case TLS_ST_BEFORE: - str = "PINIT "; - break; - case TLS_ST_OK: - str = "SSLOK "; - break; - case TLS_ST_CW_CLNT_HELLO: - str = "TWCH"; - break; - case TLS_ST_CR_SRVR_HELLO: - str = "TRSH"; - break; - case TLS_ST_CR_CERT: - str = "TRSC"; - break; - case TLS_ST_CR_KEY_EXCH: - str = "TRSKE"; - break; - case TLS_ST_CR_CERT_REQ: - str = "TRCR"; - break; - case TLS_ST_CR_SRVR_DONE: - str = "TRSD"; - break; - case TLS_ST_CW_CERT: - str = "TWCC"; - break; - case TLS_ST_CW_KEY_EXCH: - str = "TWCKE"; - break; - case TLS_ST_CW_CERT_VRFY: - str = "TWCV"; - break; - case TLS_ST_SW_CHANGE: - case TLS_ST_CW_CHANGE: - str = "TWCCS"; - break; - case TLS_ST_SW_FINISHED: - case TLS_ST_CW_FINISHED: - str = "TWFIN"; - break; - case TLS_ST_SR_CHANGE: - case TLS_ST_CR_CHANGE: - str = "TRCCS"; - break; - case TLS_ST_SR_FINISHED: - case TLS_ST_CR_FINISHED: - str = "TRFIN"; - break; - case TLS_ST_SW_HELLO_REQ: - str = "TWHR"; - break; - case TLS_ST_SR_CLNT_HELLO: - str = "TRCH"; - break; - case TLS_ST_SW_SRVR_HELLO: - str = "TWSH"; - break; - case TLS_ST_SW_CERT: - str = "TWSC"; - break; - case TLS_ST_SW_KEY_EXCH: - str = "TWSKE"; - break; - case TLS_ST_SW_CERT_REQ: - str = "TWCR"; - break; - case TLS_ST_SW_SRVR_DONE: - str = "TWSD"; - break; - case TLS_ST_SR_CERT: - str = "TRCC"; - break; - case TLS_ST_SR_KEY_EXCH: - str = "TRCKE"; - break; - case TLS_ST_SR_CERT_VRFY: - str = "TRCV"; - break; - case DTLS_ST_CR_HELLO_VERIFY_REQUEST: - str = "DRCHV"; - break; - case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - str = "DWCHV"; - break; - default: - break; - } - } - - return str; -} - -/** - * @brief get SSL statement long string - */ -char *SSL_state_string_long(const SSL *ssl) -{ - char *str = "UNKWN "; - - SSL_ASSERT2(ssl); - - if (ossl_statem_in_error(ssl)) - str = "SSLERR"; - else - { - switch (SSL_get_state(ssl)) - { - case TLS_ST_BEFORE: - str = "before SSL initialization"; - break; - case TLS_ST_OK: - str = "SSL negotiation finished successfully"; - break; - case TLS_ST_CW_CLNT_HELLO: - str = "SSLv3/TLS write client hello"; - break; - case TLS_ST_CR_SRVR_HELLO: - str = "SSLv3/TLS read server hello"; - break; - case TLS_ST_CR_CERT: - str = "SSLv3/TLS read server certificate"; - break; - case TLS_ST_CR_KEY_EXCH: - str = "SSLv3/TLS read server key exchange"; - break; - case TLS_ST_CR_CERT_REQ: - str = "SSLv3/TLS read server certificate request"; - break; - case TLS_ST_CR_SESSION_TICKET: - str = "SSLv3/TLS read server session ticket"; - break; - case TLS_ST_CR_SRVR_DONE: - str = "SSLv3/TLS read server done"; - break; - case TLS_ST_CW_CERT: - str = "SSLv3/TLS write client certificate"; - break; - case TLS_ST_CW_KEY_EXCH: - str = "SSLv3/TLS write client key exchange"; - break; - case TLS_ST_CW_CERT_VRFY: - str = "SSLv3/TLS write certificate verify"; - break; - case TLS_ST_CW_CHANGE: - case TLS_ST_SW_CHANGE: - str = "SSLv3/TLS write change cipher spec"; - break; - case TLS_ST_CW_FINISHED: - case TLS_ST_SW_FINISHED: - str = "SSLv3/TLS write finished"; - break; - case TLS_ST_CR_CHANGE: - case TLS_ST_SR_CHANGE: - str = "SSLv3/TLS read change cipher spec"; - break; - case TLS_ST_CR_FINISHED: - case TLS_ST_SR_FINISHED: - str = "SSLv3/TLS read finished"; - break; - case TLS_ST_SR_CLNT_HELLO: - str = "SSLv3/TLS read client hello"; - break; - case TLS_ST_SW_HELLO_REQ: - str = "SSLv3/TLS write hello request"; - break; - case TLS_ST_SW_SRVR_HELLO: - str = "SSLv3/TLS write server hello"; - break; - case TLS_ST_SW_CERT: - str = "SSLv3/TLS write certificate"; - break; - case TLS_ST_SW_KEY_EXCH: - str = "SSLv3/TLS write key exchange"; - break; - case TLS_ST_SW_CERT_REQ: - str = "SSLv3/TLS write certificate request"; - break; - case TLS_ST_SW_SESSION_TICKET: - str = "SSLv3/TLS write session ticket"; - break; - case TLS_ST_SW_SRVR_DONE: - str = "SSLv3/TLS write server done"; - break; - case TLS_ST_SR_CERT: - str = "SSLv3/TLS read client certificate"; - break; - case TLS_ST_SR_KEY_EXCH: - str = "SSLv3/TLS read client key exchange"; - break; - case TLS_ST_SR_CERT_VRFY: - str = "SSLv3/TLS read certificate verify"; - break; - case DTLS_ST_CR_HELLO_VERIFY_REQUEST: - str = "DTLS1 read hello verify request"; - break; - case DTLS_ST_SW_HELLO_VERIFY_REQUEST: - str = "DTLS1 write hello verify request"; - break; - default: - break; - } - } - - return str; -} - -/** - * @brief set the SSL context read buffer length - */ -void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len) -{ - SSL_ASSERT3(ctx); - - ctx->read_buffer_len = len; -} - -/** - * @brief set the SSL read buffer length - */ -void SSL_set_default_read_buffer_len(SSL *ssl, size_t len) -{ - SSL_ASSERT3(ssl); - SSL_ASSERT3(len); - - SSL_METHOD_CALL(set_bufflen, ssl, len); -} - -/** - * @brief set the SSL information callback function - */ -void SSL_set_info_callback(SSL *ssl, void (*cb) (const SSL *ssl, int type, int val)) -{ - SSL_ASSERT3(ssl); - - ssl->info_callback = cb; -} - -/** - * @brief add SSL context reference count by '1' - */ -int SSL_CTX_up_ref(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - /** - * no support multi-thread SSL here - */ - ctx->references++; - - return 1; -} - -/** - * @brief set the SSL security level - */ -void SSL_set_security_level(SSL *ssl, int level) -{ - SSL_ASSERT3(ssl); - - ssl->cert->sec_level = level; -} - -/** - * @brief get the SSL security level - */ -int SSL_get_security_level(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->cert->sec_level; -} - -/** - * @brief get the SSL verifying mode of the SSL context - */ -int SSL_CTX_get_verify_mode(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->verify_mode; -} - -/** - * @brief set the session timeout time - */ -long SSL_CTX_set_timeout(SSL_CTX *ctx, long t) -{ - long l; - - SSL_ASSERT1(ctx); - - l = ctx->session_timeout; - ctx->session_timeout = t; - - return l; -} - -/** - * @brief get the session timeout time - */ -long SSL_CTX_get_timeout(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->session_timeout; -} - -/** - * @brief set the SSL if we can read as many as data - */ -void SSL_set_read_ahead(SSL *ssl, int yes) -{ - SSL_ASSERT3(ssl); - - ssl->rlayer.read_ahead = yes; -} - -/** - * @brief set the SSL context if we can read as many as data - */ -void SSL_CTX_set_read_ahead(SSL_CTX *ctx, int yes) -{ - SSL_ASSERT3(ctx); - - ctx->read_ahead = yes; -} - -/** - * @brief get the SSL ahead signal if we can read as many as data - */ -int SSL_get_read_ahead(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->rlayer.read_ahead; -} - -/** - * @brief get the SSL context ahead signal if we can read as many as data - */ -long SSL_CTX_get_read_ahead(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->read_ahead; -} - -/** - * @brief check if the SSL context can read as many as data - */ -long SSL_CTX_get_default_read_ahead(SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->read_ahead; -} - -/** - * @brief set SSL session time - */ -long SSL_set_time(SSL *ssl, long t) -{ - SSL_ASSERT1(ssl); - - ssl->session->time = t; - - return t; -} - -/** - * @brief set SSL session timeout time - */ -long SSL_set_timeout(SSL *ssl, long t) -{ - SSL_ASSERT1(ssl); - - ssl->session->timeout = t; - - return t; -} - -/** - * @brief get the verifying result of the SSL certification - */ -long SSL_get_verify_result(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return SSL_METHOD_CALL(get_verify_result, ssl); -} - -/** - * @brief get the SSL verifying depth of the SSL context - */ -int SSL_CTX_get_verify_depth(const SSL_CTX *ctx) -{ - SSL_ASSERT1(ctx); - - return ctx->param.depth; -} - -/** - * @brief set the SSL verify depth of the SSL context - */ -void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth) -{ - SSL_ASSERT3(ctx); - - ctx->param.depth = depth; -} - -/** - * @brief get the SSL verifying depth of the SSL - */ -int SSL_get_verify_depth(const SSL *ssl) -{ - SSL_ASSERT1(ssl); - - return ssl->param.depth; -} - -/** - * @brief set the SSL verify depth of the SSL - */ -void SSL_set_verify_depth(SSL *ssl, int depth) -{ - SSL_ASSERT3(ssl); - - ssl->param.depth = depth; -} - -/** - * @brief set the SSL context verifying of the SSL context - */ -void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) -{ - SSL_ASSERT3(ctx); - - ctx->verify_mode = mode; - ctx->default_verify_callback = verify_callback; -} - -/** - * @brief set the SSL verifying of the SSL context - */ -void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_CTX *)) -{ - SSL_ASSERT3(ssl); - - ssl->verify_mode = mode; - ssl->verify_callback = verify_callback; -} - -void ERR_error_string_n(unsigned long e, char *buf, size_t len) -{ - lws_strncpy(buf, "unknown", len); -} - -void ERR_free_strings(void) -{ -} - -char *ERR_error_string(unsigned long e, char *buf) -{ - if (!buf) - return "unknown"; - - switch(e) { - case X509_V_ERR_INVALID_CA: - strcpy(buf, "CA is not trusted"); - break; - case X509_V_ERR_HOSTNAME_MISMATCH: - strcpy(buf, "Hostname mismatch"); - break; - case X509_V_ERR_CA_KEY_TOO_SMALL: - strcpy(buf, "CA key too small"); - break; - case X509_V_ERR_CA_MD_TOO_WEAK: - strcpy(buf, "MD key too weak"); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - strcpy(buf, "Cert from the future"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - strcpy(buf, "Cert expired"); - break; - default: - strcpy(buf, "unknown"); - break; - } - - return buf; -} - -void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) -{ - return NULL; -} - -/* - * Openssl wants the valid protocol names supplied like this: - * - * (unsigned char *)"\x02h2\x08http/1.1", 6 + 9 - * - * Mbedtls wants this: - * - * Pointer to a NULL-terminated list of supported protocols, in decreasing - * preference order. The pointer to the list is recorded by the library for - * later reference as required, so the lifetime of the table must be at least - * as long as the lifetime of the SSL configuration structure. - * - * So accept the OpenSSL style and convert to mbedtls style - */ - - -static void -_openssl_alpn_to_mbedtls(struct alpn_ctx *ac, char ***palpn_protos) -{ - unsigned char *p = ac->data, *q; - unsigned char len; - char **alpn_protos; - int count = 0; - - /* find out how many entries he gave us */ - - len = *p++; - while (p - ac->data < ac->len) { - if (len--) { - p++; - continue; - } - count++; - len = *p++; - if (!len) - break; - } - - if (!len) - count++; - - if (!count) - return; - - /* allocate space for count + 1 pointers and the data afterwards */ - - alpn_protos = ssl_mem_zalloc((count + 1) * sizeof(char *) + ac->len + 1); - if (!alpn_protos) - return; - - *palpn_protos = alpn_protos; - - /* convert to mbedtls format */ - - q = (unsigned char *)alpn_protos + (count + 1) * sizeof(char *); - p = ac->data; - count = 0; - - len = *p++; - alpn_protos[count] = (char *)q; - while (p - ac->data < ac->len) { - if (len--) { - *q++ = *p++; - continue; - } - *q++ = '\0'; - count++; - len = *p++; - alpn_protos[count] = (char *)q; - if (!len) - break; - } - if (!len) { - *q++ = '\0'; - count++; - /* len = *p++; */ - alpn_protos[count] = (char *)q; - } - alpn_protos[count] = NULL; /* last pointer ends list with NULL */ -} - -void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, next_proto_cb cb, void *arg) -{ - struct alpn_ctx *ac = arg; - - ctx->alpn_cb = cb; - - _openssl_alpn_to_mbedtls(ac, (char ***)&ctx->alpn_protos); -} - -void SSL_set_alpn_select_cb(SSL *ssl, void *arg) -{ - struct alpn_ctx *ac = arg; - - _openssl_alpn_to_mbedtls(ac, (char ***)&ssl->alpn_protos); - - _ssl_set_alpn_list(ssl); -} diff --git a/lib/tls/mbedtls/wrapper/library/ssl_methods.c b/lib/tls/mbedtls/wrapper/library/ssl_methods.c deleted file mode 100644 index 0002360..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_methods.c +++ /dev/null @@ -1,81 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_methods.h" -#include "ssl_pm.h" - -/** - * TLS method function collection - */ -IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, - ssl_pm_new, ssl_pm_free, - ssl_pm_handshake, ssl_pm_shutdown, ssl_pm_clear, - ssl_pm_read, ssl_pm_send, ssl_pm_pending, - ssl_pm_set_fd, ssl_pm_get_fd, - ssl_pm_set_bufflen, - ssl_pm_get_verify_result, - ssl_pm_get_state); - -/** - * TLS or SSL client method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 0, TLS_method_func, TLS_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 0, TLS_method_func, TLSv1_2_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 0, TLS_method_func, TLSv1_1_client_method); - -IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_client_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, 0, TLS_method_func, SSLv3_client_method); - -/** - * TLS or SSL server method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, 1, TLS_method_func, TLS_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_1_VERSION, 1, TLS_method_func, TLSv1_1_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_2_VERSION, 1, TLS_method_func, TLSv1_2_server_method); - -IMPLEMENT_TLS_METHOD(TLS1_VERSION, 0, TLS_method_func, TLSv1_server_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, 1, TLS_method_func, SSLv3_server_method); - -/** - * TLS or SSL method collection - */ -IMPLEMENT_TLS_METHOD(TLS_ANY_VERSION, -1, TLS_method_func, TLS_method); - -IMPLEMENT_SSL_METHOD(TLS1_2_VERSION, -1, TLS_method_func, TLSv1_2_method); - -IMPLEMENT_SSL_METHOD(TLS1_1_VERSION, -1, TLS_method_func, TLSv1_1_method); - -IMPLEMENT_SSL_METHOD(TLS1_VERSION, -1, TLS_method_func, TLSv1_method); - -IMPLEMENT_SSL_METHOD(SSL3_VERSION, -1, TLS_method_func, SSLv3_method); - -/** - * @brief get X509 object method - */ -IMPLEMENT_X509_METHOD(X509_method, - x509_pm_new, x509_pm_free, - x509_pm_load, x509_pm_show_info); - -/** - * @brief get private key object method - */ -IMPLEMENT_PKEY_METHOD(EVP_PKEY_method, - pkey_pm_new, pkey_pm_free, - pkey_pm_load); diff --git a/lib/tls/mbedtls/wrapper/library/ssl_pkey.c b/lib/tls/mbedtls/wrapper/library/ssl_pkey.c deleted file mode 100644 index 567a33e..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_pkey.c +++ /dev/null @@ -1,239 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_pkey.h" -#include "ssl_methods.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -/** - * @brief create a private key object according to input private key - */ -EVP_PKEY* __EVP_PKEY_new(EVP_PKEY *ipk) -{ - int ret; - EVP_PKEY *pkey; - - pkey = ssl_mem_zalloc(sizeof(EVP_PKEY)); - if (!pkey) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "no enough memory > (pkey)"); - goto no_mem; - } - - if (ipk) { - pkey->method = ipk->method; - } else { - pkey->method = EVP_PKEY_method(); - } - - ret = EVP_PKEY_METHOD_CALL(new, pkey, ipk); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(new) return %d", ret); - goto failed; - } - - return pkey; - -failed: - ssl_mem_free(pkey); -no_mem: - return NULL; -} - -/** - * @brief create a private key object - */ -EVP_PKEY* EVP_PKEY_new(void) -{ - return __EVP_PKEY_new(NULL); -} - -/** - * @brief free a private key object - */ -void EVP_PKEY_free(EVP_PKEY *pkey) -{ - SSL_ASSERT3(pkey); - - EVP_PKEY_METHOD_CALL(free, pkey); - - ssl_mem_free(pkey); -} - -/** - * @brief load a character key context into system context. If '*a' is pointed to the - * private key, then load key into it. Or create a new private key object - */ -EVP_PKEY *d2i_PrivateKey(int type, - EVP_PKEY **a, - const unsigned char **pp, - long length) -{ - int m = 0; - int ret; - EVP_PKEY *pkey; - - SSL_ASSERT2(pp); - SSL_ASSERT2(*pp); - SSL_ASSERT2(length); - - if (a && *a) { - pkey = *a; - } else { - pkey = EVP_PKEY_new();; - if (!pkey) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_new() return NULL"); - goto failed1; - } - - m = 1; - } - - ret = EVP_PKEY_METHOD_CALL(load, pkey, *pp, length); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "EVP_PKEY_METHOD_CALL(load) return %d", ret); - goto failed2; - } - - if (a) - *a = pkey; - - return pkey; - -failed2: - if (m) - EVP_PKEY_free(pkey); -failed1: - return NULL; -} - -/** - * @brief set the SSL context private key - */ -int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(pkey); - - if (ctx->cert->pkey == pkey) - return 1; - - if (ctx->cert->pkey) - EVP_PKEY_free(ctx->cert->pkey); - - ctx->cert->pkey = pkey; - - return 1; -} - -/** - * @brief set the SSL private key - */ -int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(pkey); - - if (ssl->cert->pkey == pkey) - return 1; - - if (ssl->cert->pkey) - EVP_PKEY_free(ssl->cert->pkey); - - ssl->cert->pkey = pkey; - - return 1; -} - -/** - * @brief load private key into the SSL context - */ -int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pk; - - pk = d2i_PrivateKey(0, NULL, &d, len); - if (!pk) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL"); - goto failed1; - } - - ret = SSL_CTX_use_PrivateKey(ctx, pk); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_PrivateKey() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - EVP_PKEY_free(pk); -failed1: - return 0; -} - -/** - * @brief load private key into the SSL - */ -int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, - const unsigned char *d, long len) -{ - int ret; - EVP_PKEY *pk; - - pk = d2i_PrivateKey(0, NULL, &d, len); - if (!pk) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_PrivateKey() return NULL"); - goto failed1; - } - - ret = SSL_use_PrivateKey(ssl, pk); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_PrivateKey() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - EVP_PKEY_free(pk); -failed1: - return 0; -} - -/** - * @brief load the private key file into SSL context - */ -int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - return 0; -} - -/** - * @brief load the private key file into SSL - */ -int SSL_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) -{ - return 0; -} - -/** - * @brief load the RSA ASN1 private key into SSL context - */ -int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len) -{ - return SSL_CTX_use_PrivateKey_ASN1(0, ctx, d, len); -} diff --git a/lib/tls/mbedtls/wrapper/library/ssl_stack.c b/lib/tls/mbedtls/wrapper/library/ssl_stack.c deleted file mode 100644 index da836da..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_stack.c +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_stack.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -#ifndef CONFIG_MIN_NODES - #define MIN_NODES 4 -#else - #define MIN_NODES CONFIG_MIN_NODES -#endif - -/** - * @brief create a openssl stack object - */ -OPENSSL_STACK* OPENSSL_sk_new(OPENSSL_sk_compfunc c) -{ - OPENSSL_STACK *stack; - char **data; - - stack = ssl_mem_zalloc(sizeof(OPENSSL_STACK)); - if (!stack) { - SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (stack)"); - goto no_mem1; - } - - data = ssl_mem_zalloc(sizeof(*data) * MIN_NODES); - if (!data) { - SSL_DEBUG(SSL_STACK_ERROR_LEVEL, "no enough memory > (data)"); - goto no_mem2; - } - - stack->data = data; - stack->num_alloc = MIN_NODES; - stack->c = c; - - return stack; - -no_mem2: - ssl_mem_free(stack); -no_mem1: - return NULL; -} - -/** - * @brief create a NULL function openssl stack object - */ -OPENSSL_STACK *OPENSSL_sk_new_null(void) -{ - return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); -} - -/** - * @brief free openssl stack object - */ -void OPENSSL_sk_free(OPENSSL_STACK *stack) -{ - SSL_ASSERT3(stack); - - ssl_mem_free(stack->data); - ssl_mem_free(stack); -} diff --git a/lib/tls/mbedtls/wrapper/library/ssl_x509.c b/lib/tls/mbedtls/wrapper/library/ssl_x509.c deleted file mode 100644 index ed79150..0000000 --- a/lib/tls/mbedtls/wrapper/library/ssl_x509.c +++ /dev/null @@ -1,354 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_x509.h" -#include "ssl_methods.h" -#include "ssl_dbg.h" -#include "ssl_port.h" - -#include - -/** - * @brief show X509 certification information - */ -int __X509_show_info(X509 *x) -{ - return X509_METHOD_CALL(show_info, x); -} - -/** - * @brief create a X509 certification object according to input X509 certification - */ -X509* __X509_new(X509 *ix) -{ - int ret; - X509 *x; - - x = ssl_mem_zalloc(sizeof(X509)); - if (!x) { - SSL_DEBUG(SSL_X509_ERROR_LEVEL, "no enough memory > (x)"); - goto no_mem; - } - - if (ix) - x->method = ix->method; - else - x->method = X509_method(); - - ret = X509_METHOD_CALL(new, x, ix); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(new) return %d", ret); - goto failed; - } - - return x; - -failed: - ssl_mem_free(x); -no_mem: - return NULL; -} - -/** - * @brief create a X509 certification object - */ -X509* X509_new(void) -{ - return __X509_new(NULL); -} - -/** - * @brief free a X509 certification object - */ -void X509_free(X509 *x) -{ - SSL_ASSERT3(x); - - X509_METHOD_CALL(free, x); - - ssl_mem_free(x); -}; - -/** - * @brief load a character certification context into system context. If '*cert' is pointed to the - * certification, then load certification into it. Or create a new X509 certification object - */ -X509* d2i_X509(X509 **cert, const unsigned char *buffer, long len) -{ - int m = 0; - int ret; - X509 *x; - - SSL_ASSERT2(buffer); - SSL_ASSERT2(len); - - if (cert && *cert) { - x = *cert; - } else { - x = X509_new(); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_new() return NULL"); - goto failed1; - } - m = 1; - } - - ret = X509_METHOD_CALL(load, x, buffer, len); - if (ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "X509_METHOD_CALL(load) return %d", ret); - goto failed2; - } - - return x; - -failed2: - if (m) - X509_free(x); -failed1: - return NULL; -} - -/** - * @brief return SSL X509 verify parameters - */ - -X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl) -{ - return &ssl->param; -} - -/** - * @brief set X509 host verification flags - */ - -int X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags) -{ - /* flags not supported yet */ - return 0; -} - -/** - * @brief clear X509 host verification flags - */ - -int X509_VERIFY_PARAM_clear_hostflags(X509_VERIFY_PARAM *param, - unsigned long flags) -{ - /* flags not supported yet */ - return 0; -} - -/** - * @brief set SSL context client CA certification - */ -int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(x); - assert(ctx); - if (ctx->client_CA == x) - return 1; - - X509_free(ctx->client_CA); - - ctx->client_CA = x; - - return 1; -} - -/** - * @brief add CA client certification into the SSL - */ -int SSL_CTX_add_client_CA_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d) -{ - X509 *x; - - x = d2i_X509(NULL, d, len); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL"); - return 0; - } - SSL_ASSERT1(ctx); - - X509_free(ctx->client_CA); - - ctx->client_CA = x; - - return 1; -} - -/** - * @brief add CA client certification into the SSL - */ -int SSL_add_client_CA(SSL *ssl, X509 *x) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(x); - - if (ssl->client_CA == x) - return 1; - - X509_free(ssl->client_CA); - - ssl->client_CA = x; - - return 1; -} - -/** - * @brief set the SSL context certification - */ -int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) -{ - SSL_ASSERT1(ctx); - SSL_ASSERT1(x); - - if (ctx->cert->x509 == x) - return 1; - - X509_free(ctx->cert->x509); - - ctx->cert->x509 = x; - - return 1; -} - -/** - * @brief set the SSL certification - */ -int SSL_use_certificate(SSL *ssl, X509 *x) -{ - SSL_ASSERT1(ssl); - SSL_ASSERT1(x); - - if (ssl->cert->x509 == x) - return 1; - - X509_free(ssl->cert->x509); - - ssl->cert->x509 = x; - - return 1; -} - -/** - * @brief get the SSL certification point - */ -X509 *SSL_get_certificate(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->cert->x509; -} - -/** - * @brief load certification into the SSL context - */ -int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, - const unsigned char *d) -{ - int ret; - X509 *x; - - x = d2i_X509(NULL, d, len); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL"); - goto failed1; - } - - ret = SSL_CTX_use_certificate(ctx, x); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_CTX_use_certificate() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - X509_free(x); -failed1: - return 0; -} - -/** - * @brief load certification into the SSL - */ -int SSL_use_certificate_ASN1(SSL *ssl, int len, - const unsigned char *d) -{ - int ret; - X509 *x; - - x = d2i_X509(NULL, d, len); - if (!x) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "d2i_X509() return NULL"); - goto failed1; - } - - ret = SSL_use_certificate(ssl, x); - if (!ret) { - SSL_DEBUG(SSL_PKEY_ERROR_LEVEL, "SSL_use_certificate() return %d", ret); - goto failed2; - } - - return 1; - -failed2: - X509_free(x); -failed1: - return 0; -} - -/** - * @brief load the certification file into SSL context - */ -int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) -{ - return 0; -} - -/** - * @brief load the certification file into SSL - */ -int SSL_use_certificate_file(SSL *ssl, const char *file, int type) -{ - return 0; -} - -/** - * @brief get peer certification - */ -X509 *SSL_get_peer_certificate(const SSL *ssl) -{ - SSL_ASSERT2(ssl); - - return ssl->session->peer; -} - -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) -{ - return X509_V_ERR_UNSPECIFIED; -} - -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) -{ - return 0; -} - -const char *X509_verify_cert_error_string(long n) -{ - return "unknown"; -} diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c deleted file mode 100755 index dea6894..0000000 --- a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c +++ /dev/null @@ -1,950 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_pm.h" -#include "ssl_port.h" -#include "ssl_dbg.h" - -/* mbedtls include */ -#include "mbedtls/platform.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/debug.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/error.h" -#include "mbedtls/certs.h" - -#include "core/private.h" - -#define X509_INFO_STRING_LENGTH 8192 - -struct ssl_pm -{ - /* local socket file description */ - mbedtls_net_context fd; - /* remote client socket file description */ - mbedtls_net_context cl_fd; - - mbedtls_ssl_config conf; - - mbedtls_ctr_drbg_context ctr_drbg; - - mbedtls_ssl_context ssl; - - mbedtls_entropy_context entropy; - - SSL *owner; -}; - -struct x509_pm -{ - mbedtls_x509_crt *x509_crt; - - mbedtls_x509_crt *ex_crt; -}; - -struct pkey_pm -{ - mbedtls_pk_context *pkey; - - mbedtls_pk_context *ex_pkey; -}; - -unsigned int max_content_len; - -/*********************************************************************************************/ -/************************************ SSL arch interface *************************************/ - -//#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG - -/* mbedtls debug level */ -#define MBEDTLS_DEBUG_LEVEL 4 - -/** - * @brief mbedtls debug function - */ -static void ssl_platform_debug(void *ctx, int level, - const char *file, int line, - const char *str) -{ - /* Shorten 'file' from the whole file path to just the filename - - This is a bit wasteful because the macros are compiled in with - the full _FILE_ path in each case. - */ -// char *file_sep = rindex(file, '/'); - // if(file_sep) - // file = file_sep + 1; - - printf("%s:%d %s", file, line, str); -} -//#endif - -/** - * @brief create SSL low-level object - */ -int ssl_pm_new(SSL *ssl) -{ - struct ssl_pm *ssl_pm; - int ret; - - const unsigned char pers[] = "OpenSSL PM"; - size_t pers_len = sizeof(pers); - - int endpoint; - int version; - - const SSL_METHOD *method = ssl->method; - - ssl_pm = ssl_mem_zalloc(sizeof(struct ssl_pm)); - if (!ssl_pm) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (ssl_pm)"); - goto no_mem; - } - - ssl_pm->owner = ssl; - - if (!ssl->ctx->read_buffer_len) - ssl->ctx->read_buffer_len = 2048; - - max_content_len = ssl->ctx->read_buffer_len; - // printf("ssl->ctx->read_buffer_len = %d ++++++++++++++++++++\n", ssl->ctx->read_buffer_len); - - mbedtls_net_init(&ssl_pm->fd); - mbedtls_net_init(&ssl_pm->cl_fd); - - mbedtls_ssl_config_init(&ssl_pm->conf); - mbedtls_ctr_drbg_init(&ssl_pm->ctr_drbg); - mbedtls_entropy_init(&ssl_pm->entropy); - mbedtls_ssl_init(&ssl_pm->ssl); - - ret = mbedtls_ctr_drbg_seed(&ssl_pm->ctr_drbg, mbedtls_entropy_func, &ssl_pm->entropy, pers, pers_len); - if (ret) { - lwsl_notice("%s: mbedtls_ctr_drbg_seed() return -0x%x", __func__, -ret); - //goto mbedtls_err1; - } - - if (method->endpoint) { - endpoint = MBEDTLS_SSL_IS_SERVER; - } else { - endpoint = MBEDTLS_SSL_IS_CLIENT; - } - ret = mbedtls_ssl_config_defaults(&ssl_pm->conf, endpoint, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); - if (ret) { - lwsl_err("%s: mbedtls_ssl_config_defaults() return -0x%x", __func__, -ret); - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_config_defaults() return -0x%x", -ret); - goto mbedtls_err2; - } - - if (TLS_ANY_VERSION != ssl->version) { - if (TLS1_2_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_3; - else if (TLS1_1_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_2; - else if (TLS1_VERSION == ssl->version) - version = MBEDTLS_SSL_MINOR_VERSION_1; - else - version = MBEDTLS_SSL_MINOR_VERSION_0; - - mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); - mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); - } else { - mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); - mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); - } - - mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); - -//#ifdef CONFIG_OPENSSL_LOWLEVEL_DEBUG - // mbedtls_debug_set_threshold(MBEDTLS_DEBUG_LEVEL); -// mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL); -//#else - mbedtls_ssl_conf_dbg(&ssl_pm->conf, ssl_platform_debug, NULL); -//#endif - - ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); - if (ret) { - lwsl_err("%s: mbedtls_ssl_setup() return -0x%x", __func__, -ret); - - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_setup() return -0x%x", -ret); - goto mbedtls_err2; - } - - mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - ssl->ssl_pm = ssl_pm; - - return 0; - -mbedtls_err2: - mbedtls_ssl_config_free(&ssl_pm->conf); - mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); -//mbedtls_err1: - mbedtls_entropy_free(&ssl_pm->entropy); - ssl_mem_free(ssl_pm); -no_mem: - return -1; -} - -/** - * @brief free SSL low-level object - */ -void ssl_pm_free(SSL *ssl) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - mbedtls_ctr_drbg_free(&ssl_pm->ctr_drbg); - mbedtls_entropy_free(&ssl_pm->entropy); - mbedtls_ssl_config_free(&ssl_pm->conf); - mbedtls_ssl_free(&ssl_pm->ssl); - - ssl_mem_free(ssl_pm); - ssl->ssl_pm = NULL; -} - -/** - * @brief reload SSL low-level certification object - */ -static int ssl_pm_reload_crt(SSL *ssl) -{ - int ret; - int mode; - struct ssl_pm *ssl_pm = ssl->ssl_pm; - struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm; - - struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; - struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; - - if (ssl->verify_mode == SSL_VERIFY_PEER) - mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE) - mode = MBEDTLS_SSL_VERIFY_UNSET; - else - mode = MBEDTLS_SSL_VERIFY_NONE; - - mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode); - - if (ca_pm->x509_crt) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); - } else if (ca_pm->ex_crt) { - mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->ex_crt, NULL); - } - - if (crt_pm->x509_crt && pkey_pm->pkey) { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); - } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) { - ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey); - } else { - ret = 0; - } - - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_conf_own_cert() return -0x%x", -ret); - ret = -1; - } - - return ret; -} - -/* - * Perform the mbedtls SSL handshake instead of mbedtls_ssl_handshake. - * We can add debug here. - */ -static int mbedtls_handshake( mbedtls_ssl_context *ssl ) -{ - int ret = 0; - - while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ret = mbedtls_ssl_handshake_step(ssl); - - lwsl_info("%s: ssl ret -%x state %d\n", __func__, -ret, ssl->state); - - if (ret != 0) - break; - } - - return ret; -} - -#if !defined(LWS_PLAT_OPTEE) -#include -#endif - -int ssl_pm_handshake(SSL *ssl) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ssl->err = 0; - errno = 0; - - ret = ssl_pm_reload_crt(ssl); - if (ret) { - printf("%s: cert reload failed\n", __func__); - return 0; - } - - if (ssl_pm->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { - ssl_speed_up_enter(); - - /* mbedtls return codes - * 0 = successful, or MBEDTLS_ERR_SSL_WANT_READ/WRITE - * anything else = death - */ - ret = mbedtls_handshake(&ssl_pm->ssl); - ssl_speed_up_exit(); - } else - ret = 0; - - /* - * OpenSSL return codes: - * 0 = did not complete, but may be retried - * 1 = successfully completed - * <0 = death - */ - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) { - ssl->err = ret; - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_handshake() return -0x%x", -ret); - return 0; /* OpenSSL: did not complete but may be retried */ - } - - if (ret == 0) { /* successful */ - struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; - - x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); - return 1; /* openssl successful */ - } - - if (errno == 11) { - ssl->err = ret == MBEDTLS_ERR_SSL_WANT_READ; - - return 0; - } - - lwsl_info("%s: mbedtls_ssl_handshake() returned -0x%x\n", __func__, -ret); - - /* it's had it */ - - ssl->err = SSL_ERROR_SYSCALL; - - return -1; /* openssl death */ -} - -mbedtls_x509_crt * -ssl_ctx_get_mbedtls_x509_crt(SSL_CTX *ssl_ctx) -{ - struct x509_pm *x509_pm = (struct x509_pm *)ssl_ctx->cert->x509->x509_pm; - - if (!x509_pm) - return NULL; - - return x509_pm->x509_crt; -} - -mbedtls_x509_crt * -ssl_get_peer_mbedtls_x509_crt(SSL *ssl) -{ - struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; - - if (!x509_pm) - return NULL; - - return x509_pm->ex_crt; -} - -int ssl_pm_shutdown(SSL *ssl) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_close_notify(&ssl_pm->ssl); - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_close_notify() return -0x%x", -ret); - if (ret == MBEDTLS_ERR_NET_CONN_RESET) - ssl->err = SSL_ERROR_SYSCALL; - ret = -1; /* OpenSSL: "Call SSL_get_error with the return value to find the reason */ - } else { - struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; - - x509_pm->ex_crt = NULL; - ret = 1; /* OpenSSL: "The shutdown was successfully completed" - ...0 means retry */ - } - - return ret; -} - -int ssl_pm_clear(SSL *ssl) -{ - return ssl_pm_shutdown(ssl); -} - - -int ssl_pm_read(SSL *ssl, void *buffer, int len) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len); - if (ret < 0) { - // lwsl_notice("%s: mbedtls_ssl_read says -0x%x\n", __func__, -ret); - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_read() return -0x%x", -ret); - if (ret == MBEDTLS_ERR_NET_CONN_RESET || - ret <= MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE) /* fatal errors */ - ssl->err = SSL_ERROR_SYSCALL; - ret = -1; - } - - return ret; -} - -/* - * This returns -1, or the length sent. - * If -1, then you need to find out if the error was - * fatal or recoverable using SSL_get_error() - */ -int ssl_pm_send(SSL *ssl, const void *buffer, int len) -{ - int ret; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len); - /* - * We can get a positive number, which may be less than len... that - * much was sent successfully and you can call again to send more. - * - * We can get a negative mbedtls error code... if WANT_WRITE or WANT_READ, - * it's nonfatal and means it should be retried as-is. If something else, - * it's fatal actually. - * - * If this function returns something other than a positive value or - * MBEDTLS_ERR_SSL_WANT_READ/WRITE, the ssl context becomes unusable, and - * you should either free it or call mbedtls_ssl_session_reset() on it - * before re-using it for a new connection; the current connection must - * be closed. - * - * When this function returns MBEDTLS_ERR_SSL_WANT_WRITE/READ, it must be - * called later with the same arguments, until it returns a positive value. - */ - - if (ret < 0) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_ssl_write() return -0x%x", -ret); - switch (ret) { - case MBEDTLS_ERR_NET_SEND_FAILED: - case MBEDTLS_ERR_NET_CONN_RESET: - ssl->err = SSL_ERROR_SYSCALL; - break; - case MBEDTLS_ERR_SSL_WANT_WRITE: - ssl->err = SSL_ERROR_WANT_WRITE; - break; - case MBEDTLS_ERR_SSL_WANT_READ: - ssl->err = SSL_ERROR_WANT_READ; - break; - default: - break; - } - - ret = -1; - } - - return ret; -} - -int ssl_pm_pending(const SSL *ssl) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl); -} - -void ssl_pm_set_fd(SSL *ssl, int fd, int mode) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ssl_pm->fd.fd = fd; -} - -int ssl_pm_get_fd(const SSL *ssl, int mode) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - return ssl_pm->fd.fd; -} - -OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) -{ - OSSL_HANDSHAKE_STATE state; - - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - switch (ssl_pm->ssl.state) - { - case MBEDTLS_SSL_CLIENT_HELLO: - state = TLS_ST_CW_CLNT_HELLO; - break; - case MBEDTLS_SSL_SERVER_HELLO: - state = TLS_ST_SW_SRVR_HELLO; - break; - case MBEDTLS_SSL_SERVER_CERTIFICATE: - state = TLS_ST_SW_CERT; - break; - case MBEDTLS_SSL_SERVER_HELLO_DONE: - state = TLS_ST_SW_SRVR_DONE; - break; - case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: - state = TLS_ST_CW_KEY_EXCH; - break; - case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: - state = TLS_ST_CW_CHANGE; - break; - case MBEDTLS_SSL_CLIENT_FINISHED: - state = TLS_ST_CW_FINISHED; - break; - case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: - state = TLS_ST_SW_CHANGE; - break; - case MBEDTLS_SSL_SERVER_FINISHED: - state = TLS_ST_SW_FINISHED; - break; - case MBEDTLS_SSL_CLIENT_CERTIFICATE: - state = TLS_ST_CW_CERT; - break; - case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: - state = TLS_ST_SR_KEY_EXCH; - break; - case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: - state = TLS_ST_SW_SESSION_TICKET; - break; - case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: - state = TLS_ST_SW_CERT_REQ; - break; - case MBEDTLS_SSL_HANDSHAKE_OVER: - state = TLS_ST_OK; - break; - default : - state = TLS_ST_BEFORE; - break; - } - - return state; -} - -int x509_pm_show_info(X509 *x) -{ - int ret; - char *buf; - mbedtls_x509_crt *x509_crt; - struct x509_pm *x509_pm = x->x509_pm; - - if (x509_pm->x509_crt) - x509_crt = x509_pm->x509_crt; - else if (x509_pm->ex_crt) - x509_crt = x509_pm->ex_crt; - else - x509_crt = NULL; - - if (!x509_crt) - return -1; - - buf = ssl_mem_malloc(X509_INFO_STRING_LENGTH); - if (!buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (buf)"); - goto no_mem; - } - - ret = mbedtls_x509_crt_info(buf, X509_INFO_STRING_LENGTH - 1, "", x509_crt); - if (ret <= 0) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_info() return -0x%x", -ret); - goto mbedtls_err1; - } - - buf[ret] = 0; - - ssl_mem_free(buf); - - SSL_DEBUG(SSL_DEBUG_ON, "%s", buf); - - return 0; - -mbedtls_err1: - ssl_mem_free(buf); -no_mem: - return -1; -} - -int x509_pm_new(X509 *x, X509 *m_x) -{ - struct x509_pm *x509_pm; - - x509_pm = ssl_mem_zalloc(sizeof(struct x509_pm)); - if (!x509_pm) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm)"); - goto failed1; - } - - x->x509_pm = x509_pm; - - if (m_x) { - struct x509_pm *m_x509_pm = (struct x509_pm *)m_x->x509_pm; - - x509_pm->ex_crt = m_x509_pm->x509_crt; - } - - return 0; - -failed1: - return -1; -} - -void x509_pm_free(X509 *x) -{ - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - if (x509_pm->x509_crt) { - mbedtls_x509_crt_free(x509_pm->x509_crt); - - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; - } - - ssl_mem_free(x->x509_pm); - x->x509_pm = NULL; -} - -int x509_pm_load(X509 *x, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; - - if (x509_pm->x509_crt) - mbedtls_x509_crt_free(x509_pm->x509_crt); - - if (!x509_pm->x509_crt) { - x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt)); - if (!x509_pm->x509_crt) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)"); - goto no_mem; - } - } - - mbedtls_x509_crt_init(x509_pm->x509_crt); - if (buffer[0] != 0x30) { - load_buf = ssl_mem_malloc(len + 1); - if (!load_buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)"); - goto failed; - } - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1); - ssl_mem_free(load_buf); - } else { - // printf("parsing as der\n"); - - ret = mbedtls_x509_crt_parse_der(x509_pm->x509_crt, buffer, len); - } - - if (ret) { - printf("mbedtls_x509_crt_parse return -0x%x", -ret); - goto failed; - } - - return 0; - -failed: - mbedtls_x509_crt_free(x509_pm->x509_crt); - ssl_mem_free(x509_pm->x509_crt); - x509_pm->x509_crt = NULL; -no_mem: - return -1; -} - -int pkey_pm_new(EVP_PKEY *pk, EVP_PKEY *m_pkey) -{ - struct pkey_pm *pkey_pm; - - pkey_pm = ssl_mem_zalloc(sizeof(struct pkey_pm)); - if (!pkey_pm) - return -1; - - pk->pkey_pm = pkey_pm; - - if (m_pkey) { - struct pkey_pm *m_pkey_pm = (struct pkey_pm *)m_pkey->pkey_pm; - - pkey_pm->ex_pkey = m_pkey_pm->pkey; - } - - return 0; -} - -void pkey_pm_free(EVP_PKEY *pk) -{ - struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; - - if (pkey_pm->pkey) { - mbedtls_pk_free(pkey_pm->pkey); - - ssl_mem_free(pkey_pm->pkey); - pkey_pm->pkey = NULL; - } - - ssl_mem_free(pk->pkey_pm); - pk->pkey_pm = NULL; -} - -int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) -{ - int ret; - unsigned char *load_buf; - struct pkey_pm *pkey_pm = (struct pkey_pm *)pk->pkey_pm; - - if (pkey_pm->pkey) - mbedtls_pk_free(pkey_pm->pkey); - - if (!pkey_pm->pkey) { - pkey_pm->pkey = ssl_mem_malloc(sizeof(mbedtls_pk_context)); - if (!pkey_pm->pkey) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (pkey_pm->pkey)"); - goto no_mem; - } - } - - load_buf = ssl_mem_malloc(len + 1); - if (!load_buf) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)"); - goto failed; - } - - ssl_memcpy(load_buf, buffer, len); - load_buf[len] = '\0'; - - mbedtls_pk_init(pkey_pm->pkey); - - ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, len + 1, NULL, 0); - ssl_mem_free(load_buf); - - if (ret) { - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_pk_parse_key return -0x%x", -ret); - goto failed; - } - - return 0; - -failed: - mbedtls_pk_free(pkey_pm->pkey); - ssl_mem_free(pkey_pm->pkey); - pkey_pm->pkey = NULL; -no_mem: - return -1; -} - - - -void ssl_pm_set_bufflen(SSL *ssl, int len) -{ - max_content_len = len; -} - -long ssl_pm_get_verify_result(const SSL *ssl) -{ - uint32_t ret; - long verify_result; - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl); - if (!ret) - return X509_V_OK; - - if (ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED || - (ret & MBEDTLS_X509_BADCRL_NOT_TRUSTED)) - verify_result = X509_V_ERR_INVALID_CA; - - else if (ret & MBEDTLS_X509_BADCERT_CN_MISMATCH) - verify_result = X509_V_ERR_HOSTNAME_MISMATCH; - - else if ((ret & MBEDTLS_X509_BADCERT_BAD_KEY) || - (ret & MBEDTLS_X509_BADCRL_BAD_KEY)) - verify_result = X509_V_ERR_CA_KEY_TOO_SMALL; - - else if ((ret & MBEDTLS_X509_BADCERT_BAD_MD) || - (ret & MBEDTLS_X509_BADCRL_BAD_MD)) - verify_result = X509_V_ERR_CA_MD_TOO_WEAK; - - else if ((ret & MBEDTLS_X509_BADCERT_FUTURE) || - (ret & MBEDTLS_X509_BADCRL_FUTURE)) - verify_result = X509_V_ERR_CERT_NOT_YET_VALID; - - else if ((ret & MBEDTLS_X509_BADCERT_EXPIRED) || - (ret & MBEDTLS_X509_BADCRL_EXPIRED)) - verify_result = X509_V_ERR_CERT_HAS_EXPIRED; - - else - verify_result = X509_V_ERR_UNSPECIFIED; - - SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, - "mbedtls_ssl_get_verify_result() return 0x%x", ret); - - return verify_result; -} - -/** - * @brief set expected hostname on peer cert CN - */ - -int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, - const char *name, size_t namelen) -{ - SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param)); - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - char *name_cstr = NULL; - - if (namelen) { - name_cstr = malloc(namelen + 1); - if (!name_cstr) - return 0; - memcpy(name_cstr, name, namelen); - name_cstr[namelen] = '\0'; - name = name_cstr; - } - - mbedtls_ssl_set_hostname(&ssl_pm->ssl, name); - - if (namelen) - free(name_cstr); - - return 1; -} - -void _ssl_set_alpn_list(const SSL *ssl) -{ -#if defined(LWS_HAVE_mbedtls_ssl_conf_alpn_protocols) - if (ssl->alpn_protos) { - if (mbedtls_ssl_conf_alpn_protocols(&((struct ssl_pm *)(ssl->ssl_pm))->conf, ssl->alpn_protos)) - fprintf(stderr, "mbedtls_ssl_conf_alpn_protocols failed\n"); - - return; - } - if (!ssl->ctx->alpn_protos) - return; - if (mbedtls_ssl_conf_alpn_protocols(&((struct ssl_pm *)(ssl->ssl_pm))->conf, ssl->ctx->alpn_protos)) - fprintf(stderr, "mbedtls_ssl_conf_alpn_protocols failed\n"); -#endif -} - -void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, - unsigned int *len) -{ -#if defined(LWS_HAVE_mbedtls_ssl_get_alpn_protocol) - const char *alp = mbedtls_ssl_get_alpn_protocol(&((struct ssl_pm *)(ssl->ssl_pm))->ssl); - - *data = (const unsigned char *)alp; - if (alp) - *len = strlen(alp); - else - *len = 0; -#endif -} - -int SSL_set_sni_callback(SSL *ssl, int(*cb)(void *, mbedtls_ssl_context *, - const unsigned char *, size_t), void *param) -{ -#if defined(LWS_HAVE_mbedtls_ssl_conf_sni) - struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; - - mbedtls_ssl_conf_sni(&ssl_pm->conf, cb, param); -#endif - return 0; -} - -SSL *SSL_SSL_from_mbedtls_ssl_context(mbedtls_ssl_context *msc) -{ - struct ssl_pm *ssl_pm = (struct ssl_pm *)((char *)msc - offsetof(struct ssl_pm, ssl)); - - return ssl_pm->owner; -} - -#include "ssl_cert.h" - -void SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) -{ -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_authmode) || \ - defined(LWS_HAVE_mbedtls_ssl_set_hs_ca_chain) || \ - defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - struct ssl_pm *ssl_pm = ssl->ssl_pm; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - struct x509_pm *x509_pm; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_ca_chain) - struct x509_pm *x509_pm_ca; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - struct pkey_pm *pkey_pm; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_authmode) - int mode; -#endif - -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - if (!ctx->cert || !ctx->cert->x509) - return; - x509_pm = (struct x509_pm *)ctx->cert->x509->x509_pm; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_ca_chain) - if (!ctx->client_CA) - return; - x509_pm_ca = (struct x509_pm *)ctx->client_CA->x509_pm; -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - if (!ctx->cert || !ctx->cert->pkey) - return; - pkey_pm = (struct pkey_pm *)ctx->cert->pkey->pkey_pm; -#endif - - - if (ssl->cert) - ssl_cert_free(ssl->cert); - ssl->ctx = ctx; - ssl->cert = __ssl_cert_new(ctx->cert); - -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_authmode) - if (ctx->verify_mode == SSL_VERIFY_PEER) - mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - else if (ctx->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - mode = MBEDTLS_SSL_VERIFY_OPTIONAL; - else if (ctx->verify_mode == SSL_VERIFY_CLIENT_ONCE) - mode = MBEDTLS_SSL_VERIFY_UNSET; - else - mode = MBEDTLS_SSL_VERIFY_NONE; -#endif - - /* apply new ctx cert to ssl */ - - ssl->verify_mode = ctx->verify_mode; -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_ca_chain) - mbedtls_ssl_set_hs_ca_chain(&ssl_pm->ssl, x509_pm_ca->x509_crt, NULL); -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_own_cert) - mbedtls_ssl_set_hs_own_cert(&ssl_pm->ssl, x509_pm->x509_crt, pkey_pm->pkey); -#endif -#if defined(LWS_HAVE_mbedtls_ssl_set_hs_authmode) - mbedtls_ssl_set_hs_authmode(&ssl_pm->ssl, mode); -#endif -} diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_port.c b/lib/tls/mbedtls/wrapper/platform/ssl_port.c deleted file mode 100644 index 8c7a313..0000000 --- a/lib/tls/mbedtls/wrapper/platform/ssl_port.c +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include "ssl_port.h" - -/*********************************************************************************************/ -/********************************* SSL general interface *************************************/ - -void *ssl_mem_zalloc(size_t size) -{ - void *p = malloc(size); - - if (p) - memset(p, 0, size); - - return p; -} - diff --git a/lib/tls/mbedtls/x509.c b/lib/tls/mbedtls/x509.c deleted file mode 100644 index 9c0ac05..0000000 --- a/lib/tls/mbedtls/x509.c +++ /dev/null @@ -1,431 +0,0 @@ -/* - * libwebsockets - mbedTLS-specific lws apis - * - * Copyright (C) 2010-2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/mbedtls/private.h" -#include - -#if defined(LWS_PLAT_OPTEE) || defined(OPTEE_DEV_KIT) -struct tm { -int tm_sec; // seconds [0,61] -int tm_min; // minutes [0,59] -int tm_hour; // hour [0,23] -int tm_mday; // day of month [1,31] -int tm_mon; // month of year [0,11] -int tm_year; // years since 1900 -int tm_wday; // day of week [0,6] (Sunday = 0) -int tm_yday; // day of year [0,365] -int tm_isdst; // daylight savings flag -}; -time_t mktime(struct tm *t) -{ - return (time_t)0; -} -#endif - -static time_t -lws_tls_mbedtls_time_to_unix(mbedtls_x509_time *xtime) -{ - struct tm t; - - if (!xtime || !xtime->year || xtime->year < 0) - return (time_t)(long long)-1; - - memset(&t, 0, sizeof(t)); - - t.tm_year = xtime->year - 1900; - t.tm_mon = xtime->mon - 1; /* mbedtls months are 1+, tm are 0+ */ - t.tm_mday = xtime->day - 1; /* mbedtls days are 1+, tm are 0+ */ - t.tm_hour = xtime->hour; - t.tm_min = xtime->min; - t.tm_sec = xtime->sec; - t.tm_isdst = -1; - - return mktime(&t); -} - -static int -lws_tls_mbedtls_get_x509_name(mbedtls_x509_name *name, - union lws_tls_cert_info_results *buf, size_t len) -{ - while (name) { - if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid)) { - name = name->next; - continue; - } - - if (len - 1 < name->val.len) - return -1; - - memcpy(&buf->ns.name[0], name->val.p, name->val.len); - buf->ns.name[name->val.len] = '\0'; - buf->ns.len = name->val.len; - - return 0; - } - - return -1; -} - -static int -lws_tls_mbedtls_cert_info(mbedtls_x509_crt *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - if (!x509) - return -1; - - switch (type) { - case LWS_TLS_CERT_INFO_VALIDITY_FROM: - buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_from); - if (buf->time == (time_t)(long long)-1) - return -1; - break; - - case LWS_TLS_CERT_INFO_VALIDITY_TO: - buf->time = lws_tls_mbedtls_time_to_unix(&x509->valid_to); - if (buf->time == (time_t)(long long)-1) - return -1; - break; - - case LWS_TLS_CERT_INFO_COMMON_NAME: - return lws_tls_mbedtls_get_x509_name(&x509->subject, buf, len); - - case LWS_TLS_CERT_INFO_ISSUER_NAME: - return lws_tls_mbedtls_get_x509_name(&x509->issuer, buf, len); - - case LWS_TLS_CERT_INFO_USAGE: - buf->usage = x509->key_usage; - break; - - case LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY: - { - char *p = buf->ns.name; - size_t r = len, u; - - switch (mbedtls_pk_get_type(&x509->pk)) { - case MBEDTLS_PK_RSA: - { - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(x509->pk); - - if (mbedtls_mpi_write_string(&rsa->N, 16, p, r, &u)) - return -1; - r -= u; - p += u; - if (mbedtls_mpi_write_string(&rsa->E, 16, p, r, &u)) - return -1; - - p += u; - buf->ns.len = lws_ptr_diff(p, buf->ns.name); - break; - } - case MBEDTLS_PK_ECKEY: - { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(x509->pk); - - if (mbedtls_mpi_write_string(&ecp->Q.X, 16, p, r, &u)) - return -1; - r -= u; - p += u; - if (mbedtls_mpi_write_string(&ecp->Q.Y, 16, p, r, &u)) - return -1; - r -= u; - p += u; - if (mbedtls_mpi_write_string(&ecp->Q.Z, 16, p, r, &u)) - return -1; - p += u; - buf->ns.len = lws_ptr_diff(p, buf->ns.name); - break; - } - default: - lwsl_notice("%s: x509 has unsupported pubkey type %d\n", - __func__, - mbedtls_pk_get_type(&x509->pk)); - - return -1; - } - break; - } - - default: - return -1; - } - - return 0; -} - -#if defined(LWS_WITH_NETWORK) -int -lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - mbedtls_x509_crt *x509; - - x509 = ssl_ctx_get_mbedtls_x509_crt(vhost->tls.ssl_ctx); - - return lws_tls_mbedtls_cert_info(x509, type, buf, len); -} - -int -lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - mbedtls_x509_crt *x509; - - wsi = lws_get_network_wsi(wsi); - - x509 = ssl_get_peer_mbedtls_x509_crt(wsi->tls.ssl); - - if (!x509) - return -1; - - switch (type) { - case LWS_TLS_CERT_INFO_VERIFIED: - buf->verified = SSL_get_verify_result(wsi->tls.ssl) == X509_V_OK; - return 0; - default: - return lws_tls_mbedtls_cert_info(x509, type, buf, len); - } - - return -1; -} -#endif - -int -lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - return lws_tls_mbedtls_cert_info(&x509->cert, type, buf, len); -} - -int -lws_x509_create(struct lws_x509_cert **x509) -{ - *x509 = lws_malloc(sizeof(**x509), __func__); - - return !(*x509); -} - -/* - * Parse one DER-encoded or one or more concatenated PEM-encoded certificates - * and add them to the chained list. - */ - -int -lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len) -{ - int ret; - - mbedtls_x509_crt_init(&x509->cert); - - ret = mbedtls_x509_crt_parse(&x509->cert, pem, len); - if (ret) { - mbedtls_x509_crt_free(&x509->cert); - lwsl_err("%s: unable to parse PEM cert: -0x%x\n", - __func__, -ret); - - return -1; - } - - return 0; -} - -int -lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted, - const char *common_name) -{ - uint32_t flags = 0; - int ret; - - ret = mbedtls_x509_crt_verify_with_profile(&x509->cert, &trusted->cert, - NULL, - &mbedtls_x509_crt_profile_next, - common_name, &flags, NULL, - NULL); - - if (ret) { - lwsl_err("%s: unable to parse PEM cert: -0x%x\n", - __func__, -ret); - - return -1; - } - - return 0; -} - -#if defined(LWS_WITH_JOSE) - -int -lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, - const char *curves, int rsa_min_bits) -{ - int kt = mbedtls_pk_get_type(&x509->cert.pk), n, count = 0, ret = -1; - mbedtls_rsa_context *rsactx; - mbedtls_ecp_keypair *ecpctx; - mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT]; - - memset(jwk, 0, sizeof(*jwk)); - - switch (kt) { - case MBEDTLS_PK_RSA: - lwsl_notice("%s: RSA key\n", __func__); - jwk->kty = LWS_GENCRYPTO_KTY_RSA; - rsactx = mbedtls_pk_rsa(x509->cert.pk); - - mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = &rsactx->E; - mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = &rsactx->N; - mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->D; - mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->P; - mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->Q; - mpi[LWS_GENCRYPTO_RSA_KEYEL_DP] = &rsactx->DP; - mpi[LWS_GENCRYPTO_RSA_KEYEL_DQ] = &rsactx->DQ; - mpi[LWS_GENCRYPTO_RSA_KEYEL_QI] = &rsactx->QP; - - count = LWS_GENCRYPTO_RSA_KEYEL_COUNT; - n = LWS_GENCRYPTO_RSA_KEYEL_E; - break; - - case MBEDTLS_PK_ECKEY: - lwsl_notice("%s: EC key\n", __func__); - jwk->kty = LWS_GENCRYPTO_KTY_EC; - ecpctx = mbedtls_pk_ec(x509->cert.pk); - mpi[LWS_GENCRYPTO_EC_KEYEL_X] = &ecpctx->Q.X; - mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->d; - mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = &ecpctx->Q.Y; - - if (lws_genec_confirm_curve_allowed_by_tls_id(curves, - ecpctx->grp.id, jwk)) - /* already logged */ - goto bail; - - count = LWS_GENCRYPTO_EC_KEYEL_COUNT; - n = LWS_GENCRYPTO_EC_KEYEL_X; - break; - default: - lwsl_err("%s: key type %d not supported\n", __func__, kt); - - return -1; - } - - for (; n < count; n++) { - if (!mbedtls_mpi_size(mpi[n])) - continue; - - jwk->e[n].buf = lws_malloc(mbedtls_mpi_size(mpi[n]), "certjwk"); - if (!jwk->e[n].buf) - goto bail; - jwk->e[n].len = mbedtls_mpi_size(mpi[n]); - mbedtls_mpi_write_binary(mpi[n], jwk->e[n].buf, jwk->e[n].len); - } - - ret = 0; - -bail: - /* jwk destroy will clean up partials */ - if (ret) - lws_jwk_destroy(jwk); - - return ret; -} - -int -lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len, - const char *passphrase) -{ - mbedtls_rsa_context *rsactx; - mbedtls_ecp_keypair *ecpctx; - mbedtls_pk_context pk; - mbedtls_mpi *mpi[LWS_GENCRYPTO_RSA_KEYEL_COUNT]; - int n, ret = -1, count = 0; - - mbedtls_pk_init(&pk); - - n = 0; - if (passphrase) - n = strlen(passphrase); - n = mbedtls_pk_parse_key(&pk, pem, len, (uint8_t *)passphrase, n); - if (n) { - lwsl_err("%s: parse PEM key failed: -0x%x\n", __func__, -n); - - return -1; - } - - /* the incoming private key type */ - switch (mbedtls_pk_get_type(&pk)) { - case MBEDTLS_PK_RSA: - if (jwk->kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: RSA privkey, non-RSA jwk\n", __func__); - goto bail; - } - rsactx = mbedtls_pk_rsa(pk); - mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = &rsactx->D; - mpi[LWS_GENCRYPTO_RSA_KEYEL_P] = &rsactx->P; - mpi[LWS_GENCRYPTO_RSA_KEYEL_Q] = &rsactx->Q; - n = LWS_GENCRYPTO_RSA_KEYEL_D; - count = LWS_GENCRYPTO_RSA_KEYEL_Q + 1; - break; - case MBEDTLS_PK_ECKEY: - if (jwk->kty != LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: EC privkey, non-EC jwk\n", __func__); - goto bail; - } - ecpctx = mbedtls_pk_ec(pk); - mpi[LWS_GENCRYPTO_EC_KEYEL_D] = &ecpctx->d; - n = LWS_GENCRYPTO_EC_KEYEL_D; - count = n + 1; - break; - default: - lwsl_err("%s: unusable key type %d\n", __func__, - mbedtls_pk_get_type(&pk)); - goto bail; - } - - for (; n < count; n++) { - if (!mbedtls_mpi_size(mpi[n])) { - lwsl_err("%s: empty privkey\n", __func__); - goto bail; - } - - jwk->e[n].buf = lws_malloc(mbedtls_mpi_size(mpi[n]), "certjwk"); - if (!jwk->e[n].buf) - goto bail; - jwk->e[n].len = mbedtls_mpi_size(mpi[n]); - mbedtls_mpi_write_binary(mpi[n], jwk->e[n].buf, jwk->e[n].len); - } - - ret = 0; - -bail: - mbedtls_pk_free(&pk); - - return ret; -} -#endif - -void -lws_x509_destroy(struct lws_x509_cert **x509) -{ - if (!*x509) - return; - - mbedtls_x509_crt_free(&(*x509)->cert); - - lws_free_set_NULL(*x509); -} diff --git a/lib/tls/openssl/lws-genaes.c b/lib/tls/openssl/lws-genaes.c deleted file mode 100644 index cf3ac36..0000000 --- a/lib/tls/openssl/lws-genaes.c +++ /dev/null @@ -1,379 +0,0 @@ -/* - * libwebsockets - generic AES api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genaes provides an AES abstraction api in lws that works the - * same whether you are using openssl or mbedtls hash functions underneath. - */ -#include "core/private.h" -#include "../../jose/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -LWS_VISIBLE int -lws_genaes_create(struct lws_genaes_ctx *ctx, enum enum_aes_operation op, - enum enum_aes_modes mode, struct lws_gencrypto_keyelem *el, - enum enum_aes_padding padding, void *engine) -{ - int n = 0; - - ctx->ctx = EVP_CIPHER_CTX_new(); - if (!ctx->ctx) - return -1; - - ctx->mode = mode; - ctx->k = el; - ctx->engine = engine; - ctx->init = 0; - ctx->op = op; - ctx->padding = padding; - - switch (ctx->k->len) { - case 128 / 8: - switch (mode) { - case LWS_GAESM_KW: -#if defined(LWS_HAVE_EVP_aes_128_wrap) - EVP_CIPHER_CTX_set_flags(ctx->ctx, - EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - ctx->cipher = EVP_aes_128_wrap(); - break; -#else - lwsl_err("%s: your OpenSSL lacks AES wrap apis, update it\n", - __func__); - return -1; -#endif - case LWS_GAESM_CBC: - ctx->cipher = EVP_aes_128_cbc(); - break; -#if defined(LWS_HAVE_EVP_aes_128_cfb128) - case LWS_GAESM_CFB128: - ctx->cipher = EVP_aes_128_cfb128(); - break; -#endif -#if defined(LWS_HAVE_EVP_aes_128_cfb8) - case LWS_GAESM_CFB8: - ctx->cipher = EVP_aes_128_cfb8(); - break; -#endif - case LWS_GAESM_CTR: - ctx->cipher = EVP_aes_128_ctr(); - break; - case LWS_GAESM_ECB: - ctx->cipher = EVP_aes_128_ecb(); - break; - case LWS_GAESM_OFB: - ctx->cipher = EVP_aes_128_ofb(); - break; - case LWS_GAESM_XTS: - lwsl_err("%s: AES XTS requires double-length key\n", - __func__); - break; - case LWS_GAESM_GCM: - ctx->cipher = EVP_aes_128_gcm(); - break; - default: - goto bail; - } - break; - - case 192 / 8: - switch (mode) { - case LWS_GAESM_KW: -#if defined(LWS_HAVE_EVP_aes_128_wrap) - EVP_CIPHER_CTX_set_flags(ctx->ctx, - EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - ctx->cipher = EVP_aes_192_wrap(); - break; -#else - lwsl_err("%s: your OpenSSL lacks AES wrap apis, update it\n", - __func__); - return -1; -#endif - case LWS_GAESM_CBC: - ctx->cipher = EVP_aes_192_cbc(); - break; -#if defined(LWS_HAVE_EVP_aes_192_cfb128) - case LWS_GAESM_CFB128: - ctx->cipher = EVP_aes_192_cfb128(); - break; -#endif -#if defined(LWS_HAVE_EVP_aes_192_cfb8) - case LWS_GAESM_CFB8: - ctx->cipher = EVP_aes_192_cfb8(); - break; -#endif - case LWS_GAESM_CTR: - ctx->cipher = EVP_aes_192_ctr(); - break; - case LWS_GAESM_ECB: - ctx->cipher = EVP_aes_192_ecb(); - break; - case LWS_GAESM_OFB: - ctx->cipher = EVP_aes_192_ofb(); - break; - case LWS_GAESM_XTS: - lwsl_err("%s: AES XTS 192 invalid\n", __func__); - goto bail; - case LWS_GAESM_GCM: - ctx->cipher = EVP_aes_192_gcm(); - break; - default: - goto bail; - } - break; - - case 256 / 8: - switch (mode) { - case LWS_GAESM_KW: -#if defined(LWS_HAVE_EVP_aes_128_wrap) - EVP_CIPHER_CTX_set_flags(ctx->ctx, - EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); - ctx->cipher = EVP_aes_256_wrap(); - break; -#else - lwsl_err("%s: your OpenSSL lacks AES wrap apis, update it\n", - __func__); - return -1; -#endif - case LWS_GAESM_CBC: - ctx->cipher = EVP_aes_256_cbc(); - break; -#if defined(LWS_HAVE_EVP_aes_256_cfb128) - case LWS_GAESM_CFB128: - ctx->cipher = EVP_aes_256_cfb128(); - break; -#endif -#if defined(LWS_HAVE_EVP_aes_256_cfb8) - case LWS_GAESM_CFB8: - ctx->cipher = EVP_aes_256_cfb8(); - break; -#endif - case LWS_GAESM_CTR: - ctx->cipher = EVP_aes_256_ctr(); - break; - case LWS_GAESM_ECB: - ctx->cipher = EVP_aes_256_ecb(); - break; - case LWS_GAESM_OFB: - ctx->cipher = EVP_aes_256_ofb(); - break; -#if defined(LWS_HAVE_EVP_aes_128_xts) - case LWS_GAESM_XTS: - ctx->cipher = EVP_aes_128_xts(); - break; -#endif - case LWS_GAESM_GCM: - ctx->cipher = EVP_aes_256_gcm(); - break; - default: - goto bail; - } - break; - - case 512 / 8: - switch (mode) { - case LWS_GAESM_XTS: - ctx->cipher = EVP_aes_256_xts(); - break; - default: - goto bail; - } - break; - - default: - lwsl_err("%s: unsupported AES size %d bits\n", __func__, - ctx->k->len * 8); - goto bail; - } - - switch (ctx->op) { - case LWS_GAESO_ENC: - n = EVP_EncryptInit_ex(ctx->ctx, ctx->cipher, ctx->engine, - NULL, NULL); - EVP_CIPHER_CTX_set_padding(ctx->ctx, padding); - break; - case LWS_GAESO_DEC: - n = EVP_DecryptInit_ex(ctx->ctx, ctx->cipher, ctx->engine, - NULL, NULL); - EVP_CIPHER_CTX_set_padding(ctx->ctx, padding); - break; - } - if (!n) { - lwsl_err("%s: cipher init failed (cipher %p)\n", __func__, - ctx->cipher); - lws_tls_err_describe_clear(); - goto bail; - } - - return 0; -bail: - EVP_CIPHER_CTX_free(ctx->ctx); - ctx->ctx = NULL; - return -1; -} - -LWS_VISIBLE int -lws_genaes_destroy(struct lws_genaes_ctx *ctx, unsigned char *tag, size_t tlen) -{ - int outl = 0, n = 0; - uint8_t buf[256]; - - if (!ctx->ctx) - return 0; - - if (ctx->init) { - switch (ctx->op) { - case LWS_GAESO_ENC: - - if (EVP_EncryptFinal_ex(ctx->ctx, buf, &outl) != 1) { - lwsl_err("%s: enc final failed\n", __func__); - n = -1; - } - - if (ctx->mode == LWS_GAESM_GCM) { - if (EVP_CIPHER_CTX_ctrl(ctx->ctx, - EVP_CTRL_GCM_GET_TAG, - ctx->taglen, tag) != 1) { - lwsl_err("get tag ctrl failed\n"); - //lws_tls_err_describe_clear(); - n = 1; - } - } - break; - case LWS_GAESO_DEC: - if (EVP_DecryptFinal_ex(ctx->ctx, buf, &outl) != 1) { - lwsl_err("%s: dec final failed\n", __func__); - lws_tls_err_describe_clear(); - n = -1; - } - - break; - } - if (outl) - lwsl_debug("%s: final len %d\n", __func__, outl); - } - - ctx->k = NULL; - EVP_CIPHER_CTX_free(ctx->ctx); - ctx->ctx = NULL; - - return n; -} - -LWS_VISIBLE int -lws_genaes_crypt(struct lws_genaes_ctx *ctx, - const uint8_t *in, size_t len, uint8_t *out, - uint8_t *iv_or_nonce_ctr_or_data_unit_16, - uint8_t *stream_block_16, size_t *nc_or_iv_off, int taglen) -{ - int n = 0, outl, olen; - - if (!ctx->init) { - - EVP_CIPHER_CTX_set_key_length(ctx->ctx, ctx->k->len); - - if (ctx->mode == LWS_GAESM_GCM) { - n = EVP_CIPHER_CTX_ctrl(ctx->ctx, EVP_CTRL_GCM_SET_IVLEN, - *nc_or_iv_off, NULL); - if (n != 1) { - lwsl_err("%s: SET_IVLEN failed\n", __func__); - return -1; - } - memcpy(ctx->tag, stream_block_16, taglen); - ctx->taglen = taglen; - } - - switch (ctx->op) { - case LWS_GAESO_ENC: - n = EVP_EncryptInit_ex(ctx->ctx, NULL, NULL, - ctx->k->buf, - iv_or_nonce_ctr_or_data_unit_16); - break; - case LWS_GAESO_DEC: - if (ctx->mode == LWS_GAESM_GCM) - EVP_CIPHER_CTX_ctrl(ctx->ctx, - EVP_CTRL_GCM_SET_TAG, - ctx->taglen, ctx->tag); - n = EVP_DecryptInit_ex(ctx->ctx, NULL, NULL, - ctx->k->buf, - iv_or_nonce_ctr_or_data_unit_16); - break; - } - - if (!n) { - lws_tls_err_describe_clear(); - lwsl_err("%s: init failed (cipher %p)\n", - __func__, ctx->cipher); - - return -1; - } - ctx->init = 1; - } - - if (ctx->mode == LWS_GAESM_GCM && !out) { - /* AAD */ - - if (!len) - return 0; - - switch (ctx->op) { - case LWS_GAESO_ENC: - n = EVP_EncryptUpdate(ctx->ctx, NULL, &olen, in, len); - break; - case LWS_GAESO_DEC: - n = EVP_DecryptUpdate(ctx->ctx, NULL, &olen, in, len); - break; - default: - return -1; - } - if (n != 1) { - lwsl_err("%s: set AAD failed\n", __func__); - lws_tls_err_describe_clear(); - lwsl_hexdump_err(in, len); - return -1; - } - - return 0; - } - - switch (ctx->op) { - case LWS_GAESO_ENC: - n = EVP_EncryptUpdate(ctx->ctx, out, &outl, in, len); - break; - case LWS_GAESO_DEC: - n = EVP_DecryptUpdate(ctx->ctx, out, &outl, in, len); - break; - default: - return -1; - } - - // lwsl_notice("discarding outl %d\n", (int)outl); - - if (!n) { - lwsl_notice("%s: update failed\n", __func__); - lws_tls_err_describe_clear(); - - return -1; - } - - return 0; -} diff --git a/lib/tls/openssl/lws-gencrypto.c b/lib/tls/openssl/lws-gencrypto.c deleted file mode 100644 index dd74149..0000000 --- a/lib/tls/openssl/lws-gencrypto.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * libwebsockets - generic crypto api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws-gencrypto openssl-specific common code - */ - -#include "core/private.h" -#include "tls/openssl/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -int -lws_gencrypto_openssl_hash_to_NID(enum lws_genhash_types hash_type) -{ - int h = -1; - - switch (hash_type) { - case LWS_GENHASH_TYPE_UNKNOWN: - break; - case LWS_GENHASH_TYPE_MD5: - h = NID_md5; - break; - case LWS_GENHASH_TYPE_SHA1: - h = NID_sha1; - break; - case LWS_GENHASH_TYPE_SHA256: - h = NID_sha256; - break; - case LWS_GENHASH_TYPE_SHA384: - h = NID_sha384; - break; - case LWS_GENHASH_TYPE_SHA512: - h = NID_sha512; - break; - } - - return h; -} - -const EVP_MD * -lws_gencrypto_openssl_hash_to_EVP_MD(enum lws_genhash_types hash_type) -{ - const EVP_MD *h = NULL; - - switch (hash_type) { - case LWS_GENHASH_TYPE_UNKNOWN: - break; - case LWS_GENHASH_TYPE_MD5: - h = EVP_md5(); - break; - case LWS_GENHASH_TYPE_SHA1: - h = EVP_sha1(); - break; - case LWS_GENHASH_TYPE_SHA256: - h = EVP_sha256(); - break; - case LWS_GENHASH_TYPE_SHA384: - h = EVP_sha384(); - break; - case LWS_GENHASH_TYPE_SHA512: - h = EVP_sha512(); - break; - } - - return h; -} diff --git a/lib/tls/openssl/lws-genec.c b/lib/tls/openssl/lws-genec.c deleted file mode 100644 index cb62a67..0000000 --- a/lib/tls/openssl/lws-genec.c +++ /dev/null @@ -1,661 +0,0 @@ -/* - * libwebsockets - generic EC api hiding the backend - openssl implementation - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genec provides an EC abstraction api in lws that works the - * same whether you are using openssl or mbedtls crypto functions underneath. - */ -#include "core/private.h" -#include "tls/openssl/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -#if !defined(LWS_HAVE_ECDSA_SIG_set0) -static void -ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -{ - if (pr != NULL) - *pr = sig->r; - if (ps != NULL) - *ps = sig->s; -} - -static int -ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -{ - if (r == NULL || s == NULL) - return 0; - BN_clear_free(sig->r); - BN_clear_free(sig->s); - sig->r = r; - sig->s = s; - - return 1; -} -#endif -#if !defined(LWS_HAVE_BN_bn2binpad) -int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) -{ - int i; - BN_ULONG l; - - bn_check_top(a); - i = BN_num_bytes(a); - - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; - } - while (i--) { - l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; - } - return tolen; -} -#endif - -const struct lws_ec_curves lws_ec_curves[4] = { - /* - * These are the curves we are willing to use by default... - * - * The 3 recommended+ (P-256) and optional curves in RFC7518 7.6 - * - * Specific keys lengths from RFC8422 p20 - */ - { "P-256", NID_X9_62_prime256v1, 32 }, - { "P-384", NID_secp384r1, 48 }, - { "P-521", NID_secp521r1, 66 }, - - { NULL, 0, 0 } -}; - -static int -lws_genec_eckey_import(int nid, EVP_PKEY *pkey, struct lws_gencrypto_keyelem *el) -{ - EC_KEY *ec = EC_KEY_new_by_curve_name(nid); - BIGNUM *bn_d, *bn_x, *bn_y; - int n; - - if (!ec) - return -1; - - /* - * EC_KEY contains - * - * EC_GROUP * group - * EC_POINT * pub_key - * BIGNUM * priv_key (ie, d) - */ - - bn_x = BN_bin2bn(el[LWS_GENCRYPTO_EC_KEYEL_X].buf, - el[LWS_GENCRYPTO_EC_KEYEL_X].len, NULL); - if (!bn_x) { - lwsl_err("%s: BN_bin2bn (x) fail\n", __func__); - goto bail; - } - bn_y = BN_bin2bn(el[LWS_GENCRYPTO_EC_KEYEL_Y].buf, - el[LWS_GENCRYPTO_EC_KEYEL_Y].len, NULL); - if (!bn_y) { - lwsl_err("%s: BN_bin2bn (y) fail\n", __func__); - goto bail1; - } - - n = EC_KEY_set_public_key_affine_coordinates(ec, bn_x, bn_y); - BN_free(bn_x); - BN_free(bn_y); - if (n != 1) { - lwsl_err("%s: EC_KEY_set_public_key_affine_coordinates fail:\n", - __func__); - lws_tls_err_describe_clear(); - goto bail; - } - - if (el[LWS_GENCRYPTO_EC_KEYEL_D].len) { - bn_d = BN_bin2bn(el[LWS_GENCRYPTO_EC_KEYEL_D].buf, - el[LWS_GENCRYPTO_EC_KEYEL_D].len, NULL); - if (!bn_d) { - lwsl_err("%s: BN_bin2bn (d) fail\n", __func__); - goto bail; - } - - n = EC_KEY_set_private_key(ec, bn_d); - BN_clear_free(bn_d); - if (n != 1) { - lwsl_err("%s: EC_KEY_set_private_key fail\n", __func__); - goto bail; - } - } - - /* explicitly confirm the key pieces are consistent */ - - if (EC_KEY_check_key(ec) != 1) { - lwsl_err("%s: EC_KEY_set_private_key fail\n", __func__); - goto bail; - } - - n = EVP_PKEY_assign_EC_KEY(pkey, ec); - if (n != 1) { - lwsl_err("%s: EVP_PKEY_set1_EC_KEY failed\n", __func__); - return -1; - } - - return 0; - -bail1: - BN_free(bn_x); -bail: - EC_KEY_free(ec); - - return -1; -} - -static int -lws_genec_keypair_import(struct lws_genec_ctx *ctx, - const struct lws_ec_curves *curve_table, - EVP_PKEY_CTX **pctx, struct lws_gencrypto_keyelem *el) -{ - EVP_PKEY *pkey = NULL; - const struct lws_ec_curves *curve; - - if (el[LWS_GENCRYPTO_EC_KEYEL_CRV].len < 4) - return -2; - - curve = lws_genec_curve(curve_table, - (char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf); - if (!curve) - return -3; - - if ((el[LWS_GENCRYPTO_EC_KEYEL_D].len && - el[LWS_GENCRYPTO_EC_KEYEL_D].len != curve->key_bytes) || - el[LWS_GENCRYPTO_EC_KEYEL_X].len != curve->key_bytes || - el[LWS_GENCRYPTO_EC_KEYEL_Y].len != curve->key_bytes) - return -4; - - ctx->has_private = !!el[LWS_GENCRYPTO_EC_KEYEL_D].len; - - pkey = EVP_PKEY_new(); - if (!pkey) - return -7; - - if (lws_genec_eckey_import(curve->tls_lib_nid, pkey, el)) { - lwsl_err("%s: lws_genec_eckey_import fail\n", __func__); - goto bail; - } - - *pctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_free(pkey); - pkey = NULL; - - if (!*pctx) - goto bail; - - return 0; - -bail: - if (pkey) - EVP_PKEY_free(pkey); - - if (*pctx) { - EVP_PKEY_CTX_free(*pctx); - *pctx = NULL; - } - - return -9; -} - -LWS_VISIBLE int -lws_genecdh_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table) -{ - ctx->context = context; - ctx->ctx[0] = NULL; - ctx->ctx[1] = NULL; - ctx->curve_table = curve_table; - ctx->genec_alg = LEGENEC_ECDH; - - return 0; -} - -LWS_VISIBLE int -lws_genecdsa_create(struct lws_genec_ctx *ctx, struct lws_context *context, - const struct lws_ec_curves *curve_table) -{ - ctx->context = context; - ctx->ctx[0] = NULL; - ctx->ctx[1] = NULL; - ctx->curve_table = curve_table; - ctx->genec_alg = LEGENEC_ECDSA; - - return 0; -} - -LWS_VISIBLE int -lws_genecdh_set_key(struct lws_genec_ctx *ctx, struct lws_gencrypto_keyelem *el, - enum enum_lws_dh_side side) -{ - if (ctx->genec_alg != LEGENEC_ECDH) - return -1; - - return lws_genec_keypair_import(ctx, ctx->curve_table, &ctx->ctx[side], el); -} - -LWS_VISIBLE int -lws_genecdsa_set_key(struct lws_genec_ctx *ctx, - struct lws_gencrypto_keyelem *el) -{ - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - return lws_genec_keypair_import(ctx, ctx->curve_table, &ctx->ctx[0], el); -} - -static void -lws_genec_keypair_destroy(EVP_PKEY_CTX **pctx) -{ - if (!*pctx) - return; - -// lwsl_err("%p\n", EVP_PKEY_get1_EC_KEY(EVP_PKEY_CTX_get0_pkey(*pctx))); - -// EC_KEY_free(EVP_PKEY_get1_EC_KEY(EVP_PKEY_CTX_get0_pkey(*pctx))); - - EVP_PKEY_CTX_free(*pctx); - *pctx = NULL; -} - -LWS_VISIBLE void -lws_genec_destroy(struct lws_genec_ctx *ctx) -{ - if (ctx->ctx[0]) - lws_genec_keypair_destroy(&ctx->ctx[0]); - if (ctx->ctx[1]) - lws_genec_keypair_destroy(&ctx->ctx[1]); -} - -static int -lws_genec_new_keypair(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, - const char *curve_name, struct lws_gencrypto_keyelem *el) -{ - const struct lws_ec_curves *curve; - const EC_POINT *pubkey; - EVP_PKEY *pkey = NULL; - int ret = -29, n, m; - BIGNUM *bn[3]; - EC_KEY *ec; - - curve = lws_genec_curve(ctx->curve_table, curve_name); - if (!curve) { - lwsl_err("%s: curve '%s' not supported\n", - __func__, curve_name); - - return -22; - } - - ec = EC_KEY_new_by_curve_name(curve->tls_lib_nid); - if (!ec) { - lwsl_err("%s: unknown nid %d\n", __func__, curve->tls_lib_nid); - return -23; - } - - if (EC_KEY_generate_key(ec) != 1) { - lwsl_err("%s: EC_KEY_generate_key failed\n", __func__); - goto bail; - } - - pkey = EVP_PKEY_new(); - if (!pkey) - goto bail; - - if (EVP_PKEY_set1_EC_KEY(pkey, ec) != 1) { - lwsl_err("%s: EVP_PKEY_assign_EC_KEY failed\n", __func__); - goto bail1; - } - - ctx->ctx[side] = EVP_PKEY_CTX_new(pkey, NULL); - if (!ctx->ctx[side]) { - lwsl_err("%s: EVP_PKEY_CTX_new failed\n", __func__); - goto bail1; - } - - /* - * we need to capture the individual element BIGNUMs into - * lws_gencrypto_keyelem, so they can be serialized, used in jwk etc - */ - - pubkey = EC_KEY_get0_public_key(ec); - if (!pubkey) { - lwsl_err("%s: EC_KEY_get0_public_key failed\n", __func__); - goto bail1; - } - - bn[0] = BN_new(); - bn[1] = (BIGNUM *)EC_KEY_get0_private_key(ec); - bn[2] = BN_new(); - -#if defined(LWS_HAVE_EC_POINT_get_affine_coordinates) - if (EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec), -#else - if (EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec), -#endif - pubkey, bn[0], bn[2], NULL) != 1) { - lwsl_err("%s: EC_POINT_get_affine_coordinates_GFp failed\n", - __func__); - goto bail2; - } - - el[LWS_GENCRYPTO_EC_KEYEL_CRV].len = strlen(curve_name) + 1; - el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf = - lws_malloc(el[LWS_GENCRYPTO_EC_KEYEL_CRV].len, "ec"); - if (!el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf) { - lwsl_err("%s: OOM\n", __func__); - goto bail2; - } - - strcpy((char *)el[LWS_GENCRYPTO_EC_KEYEL_CRV].buf, curve_name); - - for (n = LWS_GENCRYPTO_EC_KEYEL_X; n < LWS_GENCRYPTO_EC_KEYEL_COUNT; - n++) { - el[n].len = curve->key_bytes; - el[n].buf = lws_malloc(curve->key_bytes, "ec"); - if (!el[n].buf) - goto bail2; - - m = BN_bn2binpad(bn[n - 1], el[n].buf, el[n].len); - if ((uint32_t)m != el[n].len) - goto bail2; - } - - ctx->has_private = 1; - - ret = 0; - -bail2: - BN_clear_free(bn[0]); - BN_clear_free(bn[2]); -bail1: - EVP_PKEY_free(pkey); -bail: - EC_KEY_free(ec); - - return ret; -} - -LWS_VISIBLE int -lws_genecdh_new_keypair(struct lws_genec_ctx *ctx, enum enum_lws_dh_side side, - const char *curve_name, - struct lws_gencrypto_keyelem *el) -{ - if (ctx->genec_alg != LEGENEC_ECDH) - return -1; - - return lws_genec_new_keypair(ctx, side, curve_name, el); -} - -LWS_VISIBLE int -lws_genecdsa_new_keypair(struct lws_genec_ctx *ctx, const char *curve_name, - struct lws_gencrypto_keyelem *el) -{ - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - return lws_genec_new_keypair(ctx, LDHS_OURS, curve_name, el); -} - -#if 0 -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sign(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, - uint8_t *sig, size_t sig_len) -{ - const EVP_MD *md = lws_gencrypto_openssl_hash_to_EVP_MD(hash_type); - EVP_MD_CTX *mdctx = NULL; - - if (ctx->genec_alg != LEGENEC_ECDSA) - return -1; - - if (!md) - return -1; - - mdctx = EVP_MD_CTX_create(); - if (!mdctx) - goto bail; - - if (EVP_DigestSignInit(mdctx, NULL, md, NULL, - EVP_PKEY_CTX_get0_pkey(ctx->ctx))) { - lwsl_err("%s: EVP_DigestSignInit failed\n", __func__); - - goto bail; - } - if (EVP_DigestSignUpdate(mdctx, in, EVP_MD_size(md))) { - lwsl_err("%s: EVP_DigestSignUpdate failed\n", __func__); - - goto bail; - } - if (EVP_DigestSignFinal(mdctx, sig, &sig_len)) { - lwsl_err("%s: EVP_DigestSignFinal failed\n", __func__); - - goto bail; - } - - EVP_MD_CTX_free(mdctx); - - return (int)sig_len; -bail: - if (mdctx) - EVP_MD_CTX_free(mdctx); - - return -1; -} -#endif - -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sign_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - uint8_t *sig, size_t sig_len) -{ - int ret = -1, n, keybytes = lws_gencrypto_bits_to_bytes(keybits); - const BIGNUM *r = NULL, *s = NULL; - ECDSA_SIG *ecdsasig; - EC_KEY *eckey; - - if (ctx->genec_alg != LEGENEC_ECDSA) { - lwsl_notice("%s: ctx alg %d\n", __func__, ctx->genec_alg); - return -1; - } - - if (!ctx->has_private) - return -1; - - if ((int)sig_len < keybytes * 2) { - lwsl_notice("%s: sig buff %d < %d\n", __func__, - (int)sig_len, keybytes * 2); - return -1; - } - - eckey = EVP_PKEY_get1_EC_KEY(EVP_PKEY_CTX_get0_pkey(ctx->ctx[0])); - - /* - * The ECDSA P-256 SHA-256 digital signature is generated as follows: - * - * 1. Generate a digital signature of the JWS Signing Input using ECDSA - * P-256 SHA-256 with the desired private key. The output will be - * the pair (R, S), where R and S are 256-bit unsigned integers. - * - * 2. Turn R and S into octet sequences in big-endian order, with each - * array being be 32 octets long. The octet sequence - * representations MUST NOT be shortened to omit any leading zero - * octets contained in the values. - * - * 3. Concatenate the two octet sequences in the order R and then S. - * (Note that many ECDSA implementations will directly produce this - * concatenation as their output.) - * - * 4. The resulting 64-octet sequence is the JWS Signature value. - */ - - ecdsasig = ECDSA_do_sign(in, lws_genhash_size(hash_type), eckey); - EC_KEY_free(eckey); - if (!ecdsasig) { - lwsl_notice("%s: ECDSA_do_sign fail\n", __func__); - goto bail; - } - - ECDSA_SIG_get0(ecdsasig, &r, &s); - - /* - * in the 521-bit case, we have to pad the last byte as it only - * generates 65 bytes - */ - - n = BN_bn2binpad(r, sig, keybytes); - if (n != keybytes) { - lwsl_notice("%s: bignum r fail %d %d\n", __func__, n, keybytes); - goto bail; - } - - n = BN_bn2binpad(s, sig + keybytes, keybytes); - if (n != keybytes) { - lwsl_notice("%s: bignum s fail %d %d\n", __func__, n, keybytes); - goto bail; - } - - ret = 0; - -bail: - if (ecdsasig) - ECDSA_SIG_free(ecdsasig); - - return ret; -} - -/* in is the JWS Signing Input hash */ - -LWS_VISIBLE LWS_EXTERN int -lws_genecdsa_hash_sig_verify_jws(struct lws_genec_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, int keybits, - const uint8_t *sig, size_t sig_len) -{ - int ret = -1, n, keybytes = lws_gencrypto_bits_to_bytes(keybits), - hlen = lws_genhash_size(hash_type); - ECDSA_SIG *ecsig = ECDSA_SIG_new(); - BIGNUM *r = NULL, *s = NULL; - EC_KEY *eckey; - - if (!ecsig) - return -1; - - if (ctx->genec_alg != LEGENEC_ECDSA) - goto bail; - - if ((int)sig_len != keybytes * 2) { - lwsl_err("%s: sig buf too small %d vs %d\n", __func__, - (int)sig_len, keybytes * 2); - goto bail; - } - /* - * 1. The JWS Signature value MUST be a 64-octet sequence. If it is - * not a 64-octet sequence, the validation has failed. - * - * 2. Split the 64-octet sequence into two 32-octet sequences. The - * first octet sequence represents R and the second S. The values R - * and S are represented as octet sequences using the Integer-to- - * OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] - * (in big-endian octet order). - * - * 3. Submit the JWS Signing Input, R, S, and the public key (x, y) to - * the ECDSA P-256 SHA-256 validator. - */ - - r = BN_bin2bn(sig, keybytes, NULL); - if (!r) { - lwsl_err("%s: BN_bin2bn (r) fail\n", __func__); - goto bail; - } - - s = BN_bin2bn(sig + keybytes, keybytes, NULL); - if (!s) { - lwsl_err("%s: BN_bin2bn (s) fail\n", __func__); - goto bail1; - } - - if (ECDSA_SIG_set0(ecsig, r, s) != 1) { - lwsl_err("%s: ECDSA_SIG_set0 fail\n", __func__); - goto bail1; - } - - eckey = EVP_PKEY_get1_EC_KEY(EVP_PKEY_CTX_get0_pkey(ctx->ctx[0])); - - n = ECDSA_do_verify(in, hlen, ecsig, eckey); - EC_KEY_free(eckey); - if (n != 1) { - lwsl_err("%s: ECDSA_do_verify fail\n", __func__); - lws_tls_err_describe_clear(); - goto bail; - } - - ret = 0; - goto bail; - -bail1: - if (r) - BN_free(r); - if (s) - BN_free(s); - -bail: - ECDSA_SIG_free(ecsig); - - return ret; -} - -int -lws_genecdh_compute_shared_secret(struct lws_genec_ctx *ctx, uint8_t *ss, - int *ss_len) -{ - int len, ret = -1; - EC_KEY *eckey[2]; - - if (!ctx->ctx[LDHS_OURS] || !ctx->ctx[LDHS_THEIRS]) { - lwsl_err("%s: both sides must be set up\n", __func__); - - return -1; - } - - eckey[LDHS_OURS] = EVP_PKEY_get1_EC_KEY( - EVP_PKEY_CTX_get0_pkey(ctx->ctx[LDHS_OURS])); - eckey[LDHS_THEIRS] = EVP_PKEY_get1_EC_KEY( - EVP_PKEY_CTX_get0_pkey(ctx->ctx[LDHS_THEIRS])); - - len = (EC_GROUP_get_degree(EC_KEY_get0_group(eckey[LDHS_OURS])) + 7) / 8; - if (len <= *ss_len) { - *ss_len = ECDH_compute_key(ss, len, - EC_KEY_get0_public_key(eckey[LDHS_THEIRS]), - eckey[LDHS_OURS], NULL); - ret = -(*ss_len < 0); - } - - EC_KEY_free(eckey[LDHS_OURS]); - EC_KEY_free(eckey[LDHS_THEIRS]); - - return ret; -} diff --git a/lib/tls/openssl/lws-genhash.c b/lib/tls/openssl/lws-genhash.c deleted file mode 100644 index afe98ec..0000000 --- a/lib/tls/openssl/lws-genhash.c +++ /dev/null @@ -1,170 +0,0 @@ -/* - * libwebsockets - generic hash and HMAC api hiding the backend - * - * Copyright (C) 2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genhash provides a hash / hmac abstraction api in lws that works the - * same whether you are using openssl or mbedtls hash functions underneath. - */ -#include "libwebsockets.h" -#include -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -int -lws_genhash_init(struct lws_genhash_ctx *ctx, enum lws_genhash_types type) -{ - ctx->type = type; - ctx->mdctx = EVP_MD_CTX_create(); - if (!ctx->mdctx) - return 1; - - switch (ctx->type) { - case LWS_GENHASH_TYPE_MD5: - ctx->evp_type = EVP_md5(); - break; - case LWS_GENHASH_TYPE_SHA1: - ctx->evp_type = EVP_sha1(); - break; - case LWS_GENHASH_TYPE_SHA256: - ctx->evp_type = EVP_sha256(); - break; - case LWS_GENHASH_TYPE_SHA384: - ctx->evp_type = EVP_sha384(); - break; - case LWS_GENHASH_TYPE_SHA512: - ctx->evp_type = EVP_sha512(); - break; - default: - return 1; - } - - if (EVP_DigestInit_ex(ctx->mdctx, ctx->evp_type, NULL) != 1) { - EVP_MD_CTX_destroy(ctx->mdctx); - - return 1; - } - - return 0; -} - -int -lws_genhash_update(struct lws_genhash_ctx *ctx, const void *in, size_t len) -{ - if (!len) - return 0; - - return EVP_DigestUpdate(ctx->mdctx, in, len) != 1; -} - -int -lws_genhash_destroy(struct lws_genhash_ctx *ctx, void *result) -{ - unsigned int len; - int ret = 0; - - if (result) - ret = EVP_DigestFinal_ex(ctx->mdctx, result, &len) != 1; - - (void)len; - - EVP_MD_CTX_destroy(ctx->mdctx); - - return ret; -} - - -int -lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type, - const uint8_t *key, size_t key_len) -{ -#if defined(LWS_HAVE_HMAC_CTX_new) - ctx->ctx = HMAC_CTX_new(); - if (!ctx->ctx) - return -1; -#else - HMAC_CTX_init(&ctx->ctx); -#endif - - ctx->evp_type = 0; /* coverity unable to see we set this or fail */ - - switch (type) { - case LWS_GENHMAC_TYPE_SHA256: - ctx->evp_type = EVP_sha256(); - break; - case LWS_GENHMAC_TYPE_SHA384: - ctx->evp_type = EVP_sha384(); - break; - case LWS_GENHMAC_TYPE_SHA512: - ctx->evp_type = EVP_sha512(); - break; - default: - lwsl_err("%s: unknown HMAC type %d\n", __func__, type); - goto bail; - } - -#if defined(LWS_HAVE_HMAC_CTX_new) - if (HMAC_Init_ex(ctx->ctx, key, key_len, ctx->evp_type, NULL) != 1) -#else - if (HMAC_Init_ex(&ctx->ctx, key, key_len, ctx->evp_type, NULL) != 1) -#endif - goto bail; - - return 0; - -bail: -#if defined(LWS_HAVE_HMAC_CTX_new) - HMAC_CTX_free(ctx->ctx); -#endif - - return -1; -} - -int -lws_genhmac_update(struct lws_genhmac_ctx *ctx, const void *in, size_t len) -{ -#if defined(LWS_HAVE_HMAC_CTX_new) - if (HMAC_Update(ctx->ctx, in, len) != 1) -#else - if (HMAC_Update(&ctx->ctx, in, len) != 1) -#endif - return -1; - - return 0; -} - -int -lws_genhmac_destroy(struct lws_genhmac_ctx *ctx, void *result) -{ - unsigned int size = lws_genhmac_size(ctx->type); -#if defined(LWS_HAVE_HMAC_CTX_new) - int n = HMAC_Final(ctx->ctx, result, &size); - - HMAC_CTX_free(ctx->ctx); -#else - int n = HMAC_Final(&ctx->ctx, result, &size); -#endif - - if (n != 1) - return -1; - - return 0; -} - diff --git a/lib/tls/openssl/lws-genrsa.c b/lib/tls/openssl/lws-genrsa.c deleted file mode 100644 index ec7bde8..0000000 --- a/lib/tls/openssl/lws-genrsa.c +++ /dev/null @@ -1,404 +0,0 @@ -/* - * libwebsockets - generic RSA api hiding the backend - * - * Copyright (C) 2017 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * lws_genrsa provides an RSA abstraction api in lws that works the - * same whether you are using openssl or mbedtls crypto functions underneath. - */ -#include "core/private.h" -#include "tls/openssl/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -LWS_VISIBLE void -lws_genrsa_destroy_elements(struct lws_gencrypto_keyelem *el) -{ - lws_gencrypto_destroy_elements(el, LWS_GENCRYPTO_RSA_KEYEL_COUNT); -} - -static int mode_map_crypt[] = { RSA_PKCS1_PADDING, RSA_PKCS1_OAEP_PADDING }, - mode_map_sig[] = { RSA_PKCS1_PADDING, RSA_PKCS1_PSS_PADDING }; - -static int -rsa_pkey_wrap(struct lws_genrsa_ctx *ctx, RSA *rsa) -{ - EVP_PKEY *pkey; - - /* we have the RSA object filled up... wrap in a PKEY */ - - pkey = EVP_PKEY_new(); - if (!pkey) - return 1; - - /* bind the PKEY to the RSA key we just prepared */ - - if (EVP_PKEY_assign_RSA(pkey, rsa) != 1) { - lwsl_err("%s: EVP_PKEY_assign_RSA_KEY failed\n", __func__); - goto bail; - } - - /* pepare our PKEY_CTX with the PKEY */ - - ctx->ctx = EVP_PKEY_CTX_new(pkey, NULL); - EVP_PKEY_free(pkey); - pkey = NULL; - if (!ctx->ctx) - goto bail; - - return 0; - -bail: - if (pkey) - EVP_PKEY_free(pkey); - - return 1; -} - -LWS_VISIBLE int -lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_gencrypto_keyelem *el, - struct lws_context *context, enum enum_genrsa_mode mode, - enum lws_genhash_types oaep_hashid) -{ - int n; - - memset(ctx, 0, sizeof(*ctx)); - ctx->context = context; - ctx->mode = mode; - - /* Step 1: - * - * convert the MPI for e and n to OpenSSL BIGNUMs - */ - - for (n = 0; n < 5; n++) { - ctx->bn[n] = BN_bin2bn(el[n].buf, el[n].len, NULL); - if (!ctx->bn[n]) { - lwsl_notice("mpi load failed\n"); - goto bail; - } - } - - /* Step 2: - * - * assemble the OpenSSL RSA from the BIGNUMs - */ - - ctx->rsa = RSA_new(); - if (!ctx->rsa) { - lwsl_notice("Failed to create RSA\n"); - goto bail; - } - -#if defined(LWS_HAVE_RSA_SET0_KEY) - if (RSA_set0_key(ctx->rsa, ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_N], - ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_E], - ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_D]) != 1) { - lwsl_notice("RSA_set0_key failed\n"); - goto bail; - } - RSA_set0_factors(ctx->rsa, ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_P], - ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_Q]); -#else - ctx->rsa->e = ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_E]; - ctx->rsa->n = ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_N]; - ctx->rsa->d = ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_D]; - ctx->rsa->p = ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_P]; - ctx->rsa->q = ctx->bn[LWS_GENCRYPTO_RSA_KEYEL_Q]; -#endif - - if (!rsa_pkey_wrap(ctx, ctx->rsa)) - return 0; - -bail: - for (n = 0; n < 5; n++) - if (ctx->bn[n]) { - BN_clear_free(ctx->bn[n]); - ctx->bn[n] = NULL; - } - - if (ctx->rsa) { - RSA_free(ctx->rsa); - ctx->rsa = NULL; - } - - return 1; -} - -LWS_VISIBLE int -lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx, - enum enum_genrsa_mode mode, struct lws_gencrypto_keyelem *el, - int bits) -{ - BIGNUM *bn; - int n; - - memset(ctx, 0, sizeof(*ctx)); - ctx->context = context; - ctx->mode = mode; - - ctx->rsa = RSA_new(); - if (!ctx->rsa) { - lwsl_notice("Failed to create RSA\n"); - return -1; - } - - bn = BN_new(); - if (!bn) - goto cleanup_1; - if (BN_set_word(bn, RSA_F4) != 1) { - BN_free(bn); - goto cleanup_1; - } - - n = RSA_generate_key_ex(ctx->rsa, bits, bn, NULL); - BN_clear_free(bn); - if (n != 1) - goto cleanup_1; - -#if defined(LWS_HAVE_RSA_SET0_KEY) - { - const BIGNUM *mpi[5]; - - RSA_get0_key(ctx->rsa, &mpi[LWS_GENCRYPTO_RSA_KEYEL_N], - &mpi[LWS_GENCRYPTO_RSA_KEYEL_E], &mpi[LWS_GENCRYPTO_RSA_KEYEL_D]); - RSA_get0_factors(ctx->rsa, &mpi[LWS_GENCRYPTO_RSA_KEYEL_P], - &mpi[LWS_GENCRYPTO_RSA_KEYEL_Q]); -#else - { - BIGNUM *mpi[5] = { ctx->rsa->e, ctx->rsa->n, ctx->rsa->d, - ctx->rsa->p, ctx->rsa->q, }; -#endif - for (n = 0; n < 5; n++) - if (BN_num_bytes(mpi[n])) { - el[n].buf = lws_malloc( - BN_num_bytes(mpi[n]), "genrsakey"); - if (!el[n].buf) - goto cleanup; - el[n].len = BN_num_bytes(mpi[n]); - BN_bn2bin(mpi[n], el[n].buf); - } - } - - if (!rsa_pkey_wrap(ctx, ctx->rsa)) - return 0; - -cleanup: - for (n = 0; n < LWS_GENCRYPTO_RSA_KEYEL_COUNT; n++) - if (el[n].buf) - lws_free_set_NULL(el[n].buf); -cleanup_1: - RSA_free(ctx->rsa); - ctx->rsa = NULL; - - return -1; -} - -/* - * in_len must be less than RSA_size(rsa) - 11 for the PKCS #1 v1.5 - * based padding modes - */ - -LWS_VISIBLE int -lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out) -{ - int n = RSA_public_encrypt((int)in_len, in, out, ctx->rsa, - mode_map_crypt[ctx->mode]); - if (n < 0) { - lwsl_err("%s: RSA_public_encrypt failed\n", __func__); - lws_tls_err_describe_clear(); - return -1; - } - - return n; -} - -LWS_VISIBLE int -lws_genrsa_private_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out) -{ - int n = RSA_private_encrypt((int)in_len, in, out, ctx->rsa, - mode_map_crypt[ctx->mode]); - if (n < 0) { - lwsl_err("%s: RSA_private_encrypt failed\n", __func__); - lws_tls_err_describe_clear(); - return -1; - } - - return n; -} - -LWS_VISIBLE int -lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max) -{ - int n = RSA_public_decrypt((int)in_len, in, out, ctx->rsa, - mode_map_crypt[ctx->mode]); - if (n < 0) { - lwsl_err("%s: RSA_public_decrypt failed\n", __func__); - return -1; - } - - return n; -} - -LWS_VISIBLE int -lws_genrsa_private_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in, - size_t in_len, uint8_t *out, size_t out_max) -{ - int n = RSA_private_decrypt((int)in_len, in, out, ctx->rsa, - mode_map_crypt[ctx->mode]); - if (n < 0) { - lwsl_err("%s: RSA_private_decrypt failed\n", __func__); - lws_tls_err_describe_clear(); - return -1; - } - - return n; -} - -LWS_VISIBLE int -lws_genrsa_hash_sig_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, const uint8_t *sig, - size_t sig_len) -{ - int n = lws_gencrypto_openssl_hash_to_NID(hash_type), - h = (int)lws_genhash_size(hash_type); - const EVP_MD *md = NULL; - - if (n < 0) - return -1; - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - n = RSA_verify(n, in, h, (uint8_t *)sig, (int)sig_len, ctx->rsa); - break; - case LGRSAM_PKCS1_OAEP_PSS: - md = lws_gencrypto_openssl_hash_to_EVP_MD(hash_type); - if (!md) - return -1; - -#if defined(LWS_HAVE_RSA_verify_pss_mgf1) - n = RSA_verify_pss_mgf1(ctx->rsa, in, h, md, NULL, -1, - (uint8_t *)sig, -#else - n = RSA_verify_PKCS1_PSS(ctx->rsa, in, md, (uint8_t *)sig, -#endif - (int)sig_len); - break; - default: - return -1; - } - - if (n != 1) { - lwsl_notice("%s: fail\n", __func__); - lws_tls_err_describe_clear(); - - return -1; - } - - return 0; -} - -LWS_VISIBLE int -lws_genrsa_hash_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in, - enum lws_genhash_types hash_type, uint8_t *sig, - size_t sig_len) -{ - int n = lws_gencrypto_openssl_hash_to_NID(hash_type), - h = (int)lws_genhash_size(hash_type); - unsigned int used = 0; - EVP_MD_CTX *mdctx = NULL; - const EVP_MD *md = NULL; - - if (n < 0) - return -1; - - switch(ctx->mode) { - case LGRSAM_PKCS1_1_5: - if (RSA_sign(n, in, h, sig, &used, ctx->rsa) != 1) { - lwsl_err("%s: RSA_sign failed\n", __func__); - - goto bail; - } - break; - - case LGRSAM_PKCS1_OAEP_PSS: - - md = lws_gencrypto_openssl_hash_to_EVP_MD(hash_type); - if (!md) - return -1; - - if (EVP_PKEY_CTX_set_rsa_padding(ctx->ctx, - mode_map_sig[ctx->mode]) != 1) { - lwsl_err("%s: set_rsa_padding failed\n", __func__); - - goto bail; - } - - mdctx = EVP_MD_CTX_create(); - if (!mdctx) - goto bail; - - if (EVP_DigestSignInit(mdctx, NULL, md, NULL, - EVP_PKEY_CTX_get0_pkey(ctx->ctx))) { - lwsl_err("%s: EVP_DigestSignInit failed\n", __func__); - - goto bail; - } - if (EVP_DigestSignUpdate(mdctx, in, EVP_MD_size(md))) { - lwsl_err("%s: EVP_DigestSignUpdate failed\n", __func__); - - goto bail; - } - if (EVP_DigestSignFinal(mdctx, sig, &sig_len)) { - lwsl_err("%s: EVP_DigestSignFinal failed\n", __func__); - - goto bail; - } - EVP_MD_CTX_free(mdctx); - used = (int)sig_len; - break; - - default: - return -1; - } - - return used; - -bail: - if (mdctx) - EVP_MD_CTX_free(mdctx); - - return -1; -} - -LWS_VISIBLE void -lws_genrsa_destroy(struct lws_genrsa_ctx *ctx) -{ - if (!ctx->ctx) - return; - - EVP_PKEY_CTX_free(ctx->ctx); - ctx->ctx = NULL; - ctx->rsa = NULL; -} diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c deleted file mode 100644 index 12af371..0000000 --- a/lib/tls/openssl/openssl-client.c +++ /dev/null @@ -1,673 +0,0 @@ -/* - * libwebsockets - openSSL-specific client tls code - * - * Copyright (C) 2010-2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#include "tls/openssl/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -int lws_openssl_describe_cipher(struct lws *wsi); - -extern int openssl_websocket_private_data_index, - openssl_SSL_CTX_private_data_index; - -#if !defined(USE_WOLFSSL) - -static int -OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) -{ - SSL *ssl; - int n; - struct lws *wsi; - - /* keep old behaviour accepting self-signed server certs */ - if (!preverify_ok) { - int err = X509_STORE_CTX_get_error(x509_ctx); - - if (err != X509_V_OK) { - ssl = X509_STORE_CTX_get_ex_data(x509_ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); - wsi = SSL_get_ex_data(ssl, - openssl_websocket_private_data_index); - if (!wsi) { - lwsl_err("%s: can't get wsi from ssl privdata\n", - __func__); - - return 0; - } - - if ((err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || - err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && - wsi->tls.use_ssl & LCCSCF_ALLOW_SELFSIGNED) { - lwsl_notice("accepting self-signed " - "certificate (verify_callback)\n"); - X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); - return 1; // ok - } else if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || - err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) && - wsi->tls.use_ssl & LCCSCF_ALLOW_INSECURE) { - lwsl_notice("accepting non-trusted certificate\n"); - X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); - return 1; /* ok */ - } else if ((err == X509_V_ERR_CERT_NOT_YET_VALID || - err == X509_V_ERR_CERT_HAS_EXPIRED) && - wsi->tls.use_ssl & LCCSCF_ALLOW_EXPIRED) { - if (err == X509_V_ERR_CERT_NOT_YET_VALID) - lwsl_notice("accepting not yet valid " - "certificate (verify_" - "callback)\n"); - else if (err == X509_V_ERR_CERT_HAS_EXPIRED) - lwsl_notice("accepting expired " - "certificate (verify_" - "callback)\n"); - X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); - return 1; // ok - } - } - } - - ssl = X509_STORE_CTX_get_ex_data(x509_ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); - wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index); - if (!wsi) { - lwsl_err("%s: can't get wsi from ssl privdata\n", __func__); - - return 0; - } - - n = lws_get_context_protocol(wsi->context, 0).callback(wsi, - LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION, - x509_ctx, ssl, preverify_ok); - - /* keep old behaviour if something wrong with server certs */ - /* if ssl error is overruled in callback and cert is ok, - * X509_STORE_CTX_set_error(x509_ctx, X509_V_OK); must be set and - * return value is 0 from callback */ - if (!preverify_ok) { - int err = X509_STORE_CTX_get_error(x509_ctx); - - if (err != X509_V_OK) { - /* cert validation error was not handled in callback */ - int depth = X509_STORE_CTX_get_error_depth(x509_ctx); - const char *msg = X509_verify_cert_error_string(err); - - lwsl_err("SSL error: %s (preverify_ok=%d;err=%d;" - "depth=%d)\n", msg, preverify_ok, err, depth); - - return preverify_ok; // not ok - } - } - /* - * convert callback return code from 0 = OK to verify callback - * return value 1 = OK - */ - return !n; -} -#endif - - -int -lws_ssl_client_bio_create(struct lws *wsi) -{ - char hostname[128], *p; -#if defined(LWS_HAVE_SSL_set_alpn_protos) && \ - defined(LWS_HAVE_SSL_get0_alpn_selected) - uint8_t openssl_alpn[40]; - const char *alpn_comma = wsi->context->tls.alpn_default; - int n; -#endif - -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (lws_hdr_copy(wsi, hostname, sizeof(hostname), - _WSI_TOKEN_CLIENT_HOST) <= 0) -#endif - { - lwsl_err("%s: Unable to get hostname\n", __func__); - - return -1; - } - - /* - * remove any :port part on the hostname... necessary for network - * connection but typical certificates do not contain it - */ - p = hostname; - while (*p) { - if (*p == ':') { - *p = '\0'; - break; - } - p++; - } - - wsi->tls.ssl = SSL_new(wsi->vhost->tls.ssl_client_ctx); - if (!wsi->tls.ssl) { - lwsl_err("SSL_new failed: %s\n", - ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); - lws_tls_err_describe_clear(); - return -1; - } - -#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback); -#endif - -#if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host - if (!(wsi->tls.use_ssl & LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK)) { - X509_VERIFY_PARAM *param = SSL_get0_param(wsi->tls.ssl); - - /* Enable automatic hostname checks */ - X509_VERIFY_PARAM_set_hostflags(param, - X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - // Handle the case where the hostname is an IP address. - if (!X509_VERIFY_PARAM_set1_ip_asc(param, hostname)) - X509_VERIFY_PARAM_set1_host(param, hostname, 0); - } -#endif - -#if !defined(USE_WOLFSSL) -#ifndef USE_OLD_CYASSL - /* OpenSSL_client_verify_callback will be called @ SSL_connect() */ - SSL_set_verify(wsi->tls.ssl, SSL_VERIFY_PEER, - OpenSSL_client_verify_callback); -#endif -#endif - -#if !defined(USE_WOLFSSL) - SSL_set_mode(wsi->tls.ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); -#endif - /* - * use server name indication (SNI), if supported, - * when establishing connection - */ -#ifdef USE_WOLFSSL -#ifdef USE_OLD_CYASSL -#ifdef CYASSL_SNI_HOST_NAME - CyaSSL_UseSNI(wsi->tls.ssl, CYASSL_SNI_HOST_NAME, hostname, - strlen(hostname)); -#endif -#else -#ifdef WOLFSSL_SNI_HOST_NAME - wolfSSL_UseSNI(wsi->tls.ssl, WOLFSSL_SNI_HOST_NAME, hostname, - strlen(hostname)); -#endif -#endif -#else -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name(wsi->tls.ssl, hostname); -#endif -#endif - -#ifdef USE_WOLFSSL - /* - * wolfSSL/CyaSSL does certificate verification differently - * from OpenSSL. - * If we should ignore the certificate, we need to set - * this before SSL_new and SSL_connect is called. - * Otherwise the connect will simply fail with error code -155 - */ -#ifdef USE_OLD_CYASSL - if (wsi->tls.use_ssl == 2) - CyaSSL_set_verify(wsi->tls.ssl, SSL_VERIFY_NONE, NULL); -#else - if (wsi->tls.use_ssl == 2) - wolfSSL_set_verify(wsi->tls.ssl, SSL_VERIFY_NONE, NULL); -#endif -#endif /* USE_WOLFSSL */ - - wsi->tls.client_bio = BIO_new_socket((int)(long long)wsi->desc.sockfd, - BIO_NOCLOSE); - SSL_set_bio(wsi->tls.ssl, wsi->tls.client_bio, wsi->tls.client_bio); - -#ifdef USE_WOLFSSL -#ifdef USE_OLD_CYASSL - CyaSSL_set_using_nonblock(wsi->tls.ssl, 1); -#else - wolfSSL_set_using_nonblock(wsi->tls.ssl, 1); -#endif -#else - BIO_set_nbio(wsi->tls.client_bio, 1); /* nonblocking */ -#endif - -#if defined(LWS_HAVE_SSL_set_alpn_protos) && \ - defined(LWS_HAVE_SSL_get0_alpn_selected) - if (wsi->vhost->tls.alpn) - alpn_comma = wsi->vhost->tls.alpn; -#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) - if (lws_hdr_copy(wsi, hostname, sizeof(hostname), - _WSI_TOKEN_CLIENT_ALPN) > 0) - alpn_comma = hostname; -#endif - - lwsl_info("client conn using alpn list '%s'\n", alpn_comma); - - n = lws_alpn_comma_to_openssl(alpn_comma, openssl_alpn, - sizeof(openssl_alpn) - 1); - - SSL_set_alpn_protos(wsi->tls.ssl, openssl_alpn, n); -#endif - - SSL_set_ex_data(wsi->tls.ssl, openssl_websocket_private_data_index, - wsi); - - return 0; -} - -enum lws_ssl_capable_status -lws_tls_client_connect(struct lws *wsi) -{ -#if defined(LWS_HAVE_SSL_set_alpn_protos) && \ - defined(LWS_HAVE_SSL_get0_alpn_selected) - const unsigned char *prot; - char a[32]; - unsigned int len; -#endif - int m, n; - - errno = 0; - ERR_clear_error(); - n = SSL_connect(wsi->tls.ssl); - if (n == 1) { -#if defined(LWS_HAVE_SSL_set_alpn_protos) && \ - defined(LWS_HAVE_SSL_get0_alpn_selected) - SSL_get0_alpn_selected(wsi->tls.ssl, &prot, &len); - - if (len >= sizeof(a)) - len = sizeof(a) - 1; - memcpy(a, (const char *)prot, len); - a[len] = '\0'; - - lws_role_call_alpn_negotiated(wsi, (const char *)a); -#endif - lwsl_info("client connect OK\n"); - lws_openssl_describe_cipher(wsi); - return LWS_SSL_CAPABLE_DONE; - } - - m = lws_ssl_get_error(wsi, n); - - if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL) - return LWS_SSL_CAPABLE_ERROR; - - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - - if (!n) /* we don't know what he wants, but he says to retry */ - return LWS_SSL_CAPABLE_MORE_SERVICE; - - return LWS_SSL_CAPABLE_ERROR; -} - -int -lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, int ebuf_len) -{ -#if !defined(USE_WOLFSSL) - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - char *p = (char *)&pt->serv_buf[0]; - char *sb = p; - int n; - - lws_latency_pre(wsi->context, wsi); - errno = 0; - ERR_clear_error(); - n = SSL_get_verify_result(wsi->tls.ssl); - lws_latency(wsi->context, wsi, - "SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", n, n > 0); - - lwsl_debug("get_verify says %d\n", n); - - if (n == X509_V_OK) - return 0; - - if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || - n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && - (wsi->tls.use_ssl & LCCSCF_ALLOW_SELFSIGNED)) { - lwsl_info("accepting self-signed certificate\n"); - - return 0; - } - if ((n == X509_V_ERR_CERT_NOT_YET_VALID || - n == X509_V_ERR_CERT_HAS_EXPIRED) && - (wsi->tls.use_ssl & LCCSCF_ALLOW_EXPIRED)) { - lwsl_info("accepting expired certificate\n"); - return 0; - } - if (n == X509_V_ERR_CERT_NOT_YET_VALID) { - lwsl_info("Cert is from the future... " - "probably our clock... accepting...\n"); - return 0; - } - lws_snprintf(ebuf, ebuf_len, - "server's cert didn't look good, X509_V_ERR = %d: %s\n", - n, ERR_error_string(n, sb)); - lwsl_info("%s\n", ebuf); - lws_tls_err_describe_clear(); - - return -1; - -#else /* USE_WOLFSSL */ - return 0; -#endif -} - -int -lws_tls_client_create_vhost_context(struct lws_vhost *vh, - const struct lws_context_creation_info *info, - const char *cipher_list, - const char *ca_filepath, - const void *ca_mem, - unsigned int ca_mem_len, - const char *cert_filepath, - const void *cert_mem, - unsigned int cert_mem_len, - const char *private_key_filepath) -{ - struct lws_tls_client_reuse *tcr; - const unsigned char *ca_mem_ptr; - X509_STORE *x509_store; - unsigned long error; - SSL_METHOD *method; - EVP_MD_CTX *mdctx; - unsigned int len; - uint8_t hash[32]; - X509 *client_CA; - char c; - int n; - - /* basic openssl init already happened in context init */ - - /* choose the most recent spin of the api */ -#if defined(LWS_HAVE_TLS_CLIENT_METHOD) - method = (SSL_METHOD *)TLS_client_method(); -#elif defined(LWS_HAVE_TLSV1_2_CLIENT_METHOD) - method = (SSL_METHOD *)TLSv1_2_client_method(); -#else - method = (SSL_METHOD *)SSLv23_client_method(); -#endif - - if (!method) { - error = ERR_get_error(); - lwsl_err("problem creating ssl method %lu: %s\n", - error, ERR_error_string(error, - (char *)vh->context->pt[0].serv_buf)); - return 1; - } - - /* - * OpenSSL client contexts are quite expensive, because they bring in - * the system certificate bundle for each one. So if you have multiple - * vhosts, each with a client context, it can add up to several - * megabytes of heap. In the case the client contexts are configured - * identically, they could perfectly well have shared just the one. - * - * For that reason, use a hash to fingerprint the context configuration - * and prefer to reuse an existing one with the same fingerprint if - * possible. - */ - - mdctx = EVP_MD_CTX_create(); - if (!mdctx) - return 1; - - if (EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL) != 1) { - EVP_MD_CTX_destroy(mdctx); - - return 1; - } - - if (info->ssl_client_options_set) - EVP_DigestUpdate(mdctx, &info->ssl_client_options_set, - sizeof(info->ssl_client_options_set)); - -#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL) - if (info->ssl_client_options_clear) - EVP_DigestUpdate(mdctx, &info->ssl_client_options_clear, - sizeof(info->ssl_client_options_clear)); -#endif - - if (cipher_list) - EVP_DigestUpdate(mdctx, cipher_list, strlen(cipher_list)); - -#if defined(LWS_HAVE_SSL_CTX_set_ciphersuites) - if (info->client_tls_1_3_plus_cipher_list) - EVP_DigestUpdate(mdctx, info->client_tls_1_3_plus_cipher_list, - strlen(info->client_tls_1_3_plus_cipher_list)); -#endif - - if (!lws_check_opt(vh->options, LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS)) { - c = 1; - EVP_DigestUpdate(mdctx, &c, 1); - } - - if (ca_filepath) - EVP_DigestUpdate(mdctx, ca_filepath, strlen(ca_filepath)); - - if (cert_filepath) - EVP_DigestUpdate(mdctx, cert_filepath, strlen(cert_filepath)); - - if (private_key_filepath) - EVP_DigestUpdate(mdctx, private_key_filepath, - strlen(private_key_filepath)); - if (ca_mem && ca_mem_len) - EVP_DigestUpdate(mdctx, ca_mem, ca_mem_len); - - if (cert_mem && cert_mem_len) - EVP_DigestUpdate(mdctx, cert_mem, cert_mem_len); - - len = sizeof(hash); - EVP_DigestFinal_ex(mdctx, hash, &len); - EVP_MD_CTX_destroy(mdctx); - - /* look for existing client context with same config already */ - - lws_start_foreach_dll_safe(struct lws_dll2 *, p, tp, - lws_dll2_get_head(&vh->context->tls.cc_owner)) { - tcr = lws_container_of(p, struct lws_tls_client_reuse, cc_list); - - if (!memcmp(hash, tcr->hash, len)) { - - /* it's a match */ - - tcr->refcount++; - vh->tls.ssl_client_ctx = tcr->ssl_client_ctx; - - lwsl_info("%s: vh %s: reusing client ctx %d: use %d\n", - __func__, vh->name, tcr->index, - tcr->refcount); - - return 0; - } - } lws_end_foreach_dll_safe(p, tp); - - /* no existing one the same... create new client SSL_CTX */ - - errno = 0; - ERR_clear_error(); - vh->tls.ssl_client_ctx = SSL_CTX_new(method); - if (!vh->tls.ssl_client_ctx) { - error = ERR_get_error(); - lwsl_err("problem creating ssl context %lu: %s\n", - error, ERR_error_string(error, - (char *)vh->context->pt[0].serv_buf)); - return 1; - } - - tcr = lws_zalloc(sizeof(*tcr), "client ctx tcr"); - if (!tcr) { - SSL_CTX_free(vh->tls.ssl_client_ctx); - return 1; - } - - tcr->ssl_client_ctx = vh->tls.ssl_client_ctx; - tcr->refcount = 1; - memcpy(tcr->hash, hash, len); - tcr->index = vh->context->tls.count_client_contexts++; - lws_dll2_add_head(&tcr->cc_list, &vh->context->tls.cc_owner); - - lwsl_info("%s: vh %s: created new client ctx %d\n", __func__, - vh->name, tcr->index); - - /* bind the tcr to the client context */ - - SSL_CTX_set_ex_data(vh->tls.ssl_client_ctx, - openssl_SSL_CTX_private_data_index, - (char *)tcr); - -#ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(vh->tls.ssl_client_ctx, SSL_OP_NO_COMPRESSION); -#endif - - SSL_CTX_set_options(vh->tls.ssl_client_ctx, - SSL_OP_CIPHER_SERVER_PREFERENCE); - - SSL_CTX_set_mode(vh->tls.ssl_client_ctx, - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | - SSL_MODE_RELEASE_BUFFERS); - - if (info->ssl_client_options_set) - SSL_CTX_set_options(vh->tls.ssl_client_ctx, - info->ssl_client_options_set); - - /* SSL_clear_options introduced in 0.9.8m */ -#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL) - if (info->ssl_client_options_clear) - SSL_CTX_clear_options(vh->tls.ssl_client_ctx, - info->ssl_client_options_clear); -#endif - - if (cipher_list) - SSL_CTX_set_cipher_list(vh->tls.ssl_client_ctx, cipher_list); - -#if defined(LWS_HAVE_SSL_CTX_set_ciphersuites) - if (info->client_tls_1_3_plus_cipher_list) - SSL_CTX_set_ciphersuites(vh->tls.ssl_client_ctx, - info->client_tls_1_3_plus_cipher_list); -#endif - -#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS - if (!lws_check_opt(vh->options, LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS)) - /* loads OS default CA certs */ - SSL_CTX_set_default_verify_paths(vh->tls.ssl_client_ctx); -#endif - - /* openssl init for cert verification (for client sockets) */ - if (!ca_filepath && (!ca_mem || !ca_mem_len)) { - if (!SSL_CTX_load_verify_locations( - vh->tls.ssl_client_ctx, NULL, LWS_OPENSSL_CLIENT_CERTS)) - lwsl_err("Unable to load SSL Client certs from %s " - "(set by LWS_OPENSSL_CLIENT_CERTS) -- " - "client ssl isn't going to work\n", - LWS_OPENSSL_CLIENT_CERTS); - } else if (ca_filepath) { - if (!SSL_CTX_load_verify_locations( - vh->tls.ssl_client_ctx, ca_filepath, NULL)) { - lwsl_err( - "Unable to load SSL Client certs " - "file from %s -- client ssl isn't " - "going to work\n", ca_filepath); - lws_tls_err_describe_clear(); - } - else - lwsl_info("loaded ssl_ca_filepath\n"); - } else { - ca_mem_ptr = (const unsigned char*)ca_mem; - client_CA = d2i_X509(NULL, &ca_mem_ptr, ca_mem_len); - x509_store = X509_STORE_new(); - if (!client_CA || !X509_STORE_add_cert(x509_store, client_CA)) { - X509_STORE_free(x509_store); - lwsl_err("Unable to load SSL Client certs from " - "ssl_ca_mem -- client ssl isn't going to " - "work\n"); - lws_tls_err_describe_clear(); - } else { - /* it doesn't increment x509_store ref counter */ - SSL_CTX_set_cert_store(vh->tls.ssl_client_ctx, - x509_store); - lwsl_info("loaded ssl_ca_mem\n"); - } - if (client_CA) - X509_free(client_CA); - } - - /* - * callback allowing user code to load extra verification certs - * helping the client to verify server identity - */ - - /* support for client-side certificate authentication */ - if (cert_filepath) { - if (lws_tls_use_any_upgrade_check_extant(cert_filepath) != - LWS_TLS_EXTANT_YES && - (info->options & LWS_SERVER_OPTION_IGNORE_MISSING_CERT)) - return 0; - - lwsl_notice("%s: doing cert filepath %s\n", __func__, - cert_filepath); - n = SSL_CTX_use_certificate_chain_file(vh->tls.ssl_client_ctx, - cert_filepath); - if (n < 1) { - lwsl_err("problem %d getting cert '%s'\n", n, - cert_filepath); - lws_tls_err_describe_clear(); - return 1; - } - lwsl_notice("Loaded client cert %s\n", cert_filepath); - } else if (cert_mem && cert_mem_len) { - n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx, - cert_mem_len, cert_mem); - if (n < 1) { - lwsl_err("%s: problem interpreting client cert\n", - __func__); - lws_tls_err_describe_clear(); - return 1; - } - } - if (private_key_filepath) { - lwsl_notice("%s: doing private key filepath\n", __func__); - lws_ssl_bind_passphrase(vh->tls.ssl_client_ctx, 1, info); - /* set the private key from KeyFile */ - if (SSL_CTX_use_PrivateKey_file(vh->tls.ssl_client_ctx, - private_key_filepath, SSL_FILETYPE_PEM) != 1) { - lwsl_err("use_PrivateKey_file '%s'\n", - private_key_filepath); - lws_tls_err_describe_clear(); - return 1; - } - lwsl_notice("Loaded client cert private key %s\n", - private_key_filepath); - - /* verify private key */ - if (!SSL_CTX_check_private_key(vh->tls.ssl_client_ctx)) { - lwsl_err("Private SSL key doesn't match cert\n"); - return 1; - } - } - - return 0; -} diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c deleted file mode 100644 index 917c0ea..0000000 --- a/lib/tls/openssl/openssl-server.c +++ /dev/null @@ -1,1001 +0,0 @@ -/* - * libwebsockets - OpenSSL-specific server functions - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -extern int openssl_websocket_private_data_index, - openssl_SSL_CTX_private_data_index; - -int lws_openssl_describe_cipher(struct lws *wsi); - -static int -OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) -{ - SSL *ssl; - int n; - struct lws *wsi; - union lws_tls_cert_info_results ir; - X509 *topcert = X509_STORE_CTX_get_current_cert(x509_ctx); - - ssl = X509_STORE_CTX_get_ex_data(x509_ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); - - /* - * !!! nasty openssl requires the index to come as a library-scope - * static - */ - wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index); - - n = lws_tls_openssl_cert_info(topcert, LWS_TLS_CERT_INFO_COMMON_NAME, - &ir, sizeof(ir.ns.name)); - if (!n) - lwsl_info("%s: client cert CN '%s'\n", __func__, ir.ns.name); - else - lwsl_info("%s: couldn't get client cert CN\n", __func__); - - n = wsi->vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION, - x509_ctx, ssl, preverify_ok); - - /* convert return code from 0 = OK to 1 = OK */ - return !n; -} - -int -lws_tls_server_client_cert_verify_config(struct lws_vhost *vh) -{ - int verify_options = SSL_VERIFY_PEER; - - /* as a server, are we requiring clients to identify themselves? */ - - if (!lws_check_opt(vh->options, - LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) - return 0; - - if (!lws_check_opt(vh->options, - LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED)) - verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; - - SSL_CTX_set_session_id_context(vh->tls.ssl_ctx, (uint8_t *)vh->context, - sizeof(void *)); - - /* absolutely require the client cert */ - SSL_CTX_set_verify(vh->tls.ssl_ctx, verify_options, - OpenSSL_verify_callback); - - return 0; -} - -#if defined(SSL_TLSEXT_ERR_NOACK) && !defined(OPENSSL_NO_TLSEXT) -static int -lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg) -{ - struct lws_context *context = (struct lws_context *)arg; - struct lws_vhost *vhost, *vh; - const char *servername; - - if (!ssl) - return SSL_TLSEXT_ERR_NOACK; - - /* - * We can only get ssl accepted connections by using a vhost's ssl_ctx - * find out which listening one took us and only match vhosts on the - * same port. - */ - vh = context->vhost_list; - while (vh) { - if (!vh->being_destroyed && - vh->tls.ssl_ctx == SSL_get_SSL_CTX(ssl)) - break; - vh = vh->vhost_next; - } - - if (!vh) { - assert(vh); /* can't match the incoming vh? */ - return SSL_TLSEXT_ERR_OK; - } - - servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (!servername) { - /* the client doesn't know what hostname it wants */ - lwsl_info("SNI: Unknown ServerName\n"); - - return SSL_TLSEXT_ERR_OK; - } - - vhost = lws_select_vhost(context, vh->listen_port, servername); - if (!vhost) { - lwsl_info("SNI: none: %s:%d\n", servername, vh->listen_port); - - return SSL_TLSEXT_ERR_OK; - } - - lwsl_info("SNI: Found: %s:%d\n", servername, vh->listen_port); - - /* select the ssl ctx from the selected vhost for this conn */ - SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx); - - return SSL_TLSEXT_ERR_OK; -} -#endif - -/* - * this may now get called after the vhost creation, when certs become - * available. - */ -int -lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, - const char *cert, const char *private_key, - const char *mem_cert, size_t mem_cert_len, - const char *mem_privkey, size_t mem_privkey_len) -{ -#if !defined(OPENSSL_NO_EC) - const char *ecdh_curve = "prime256v1"; -#if !defined(LWS_WITH_BORINGSSL) && defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS) - STACK_OF(X509) *extra_certs = NULL; -#endif - EC_KEY *ecdh, *EC_key = NULL; - EVP_PKEY *pkey; - X509 *x = NULL; - int ecdh_nid; - int KeyType; -#endif - unsigned long error; - lws_filepos_t flen; - uint8_t *p; - int ret; - - int n = lws_tls_generic_cert_checks(vhost, cert, private_key), m; - - (void)ret; - - if (!cert && !private_key) - n = LWS_TLS_EXTANT_ALTERNATIVE; - - if (n == LWS_TLS_EXTANT_NO && (!mem_cert || !mem_privkey)) - return 0; - if (n == LWS_TLS_EXTANT_NO) - n = LWS_TLS_EXTANT_ALTERNATIVE; - - if (n == LWS_TLS_EXTANT_ALTERNATIVE && (!mem_cert || !mem_privkey)) - return 1; /* no alternative */ - - if (n == LWS_TLS_EXTANT_ALTERNATIVE) { - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - - /* - * Although we have prepared update certs, we no longer have - * the rights to read our own cert + key we saved. - * - * If we were passed copies in memory buffers, use those - * in favour of the filepaths we normally want. - */ - cert = NULL; - private_key = NULL; - } - - /* - * use the multi-cert interface for backwards compatibility in the - * both simple files case - */ - - if (n != LWS_TLS_EXTANT_ALTERNATIVE && cert) { - - /* set the local certificate from CertFile */ - m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert); - if (m != 1) { - error = ERR_get_error(); - lwsl_err("problem getting cert '%s' %lu: %s\n", - cert, error, ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - - return 1; - } - - if (private_key) { - /* set the private key from KeyFile */ - if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key, - SSL_FILETYPE_PEM) != 1) { - error = ERR_get_error(); - lwsl_err("ssl problem getting key '%s' %lu: %s\n", - private_key, error, - ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - return 1; - } - } else { - if (vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, - vhost->tls.ssl_ctx, NULL, 0)) { - lwsl_err("ssl private key not set\n"); - - return 1; - } - } - - return 0; - } - - /* otherwise allow for DER or PEM, file or memory image */ - - if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert, - mem_cert_len, &p, &flen)) { - lwsl_err("%s: couldn't read cert file\n", __func__); - - return 1; - } - -#if !defined(USE_WOLFSSL) - ret = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx, (int)flen, p); -#else - ret = wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx, - (uint8_t *)p, (int)flen, - WOLFSSL_FILETYPE_ASN1); -#endif - lws_free_set_NULL(p); - if (ret != 1) { - lwsl_err("%s: Problem loading cert\n", __func__); - - return 1; - } - - if (lws_tls_alloc_pem_to_der_file(vhost->context, private_key, - mem_privkey, mem_privkey_len, - &p, &flen)) { - lwsl_notice("unable to convert memory privkey\n"); - - return 1; - } - -#if !defined(USE_WOLFSSL) - ret = SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, vhost->tls.ssl_ctx, p, - (long)(long long)flen); - if (ret != 1) { - ret = SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_EC, - vhost->tls.ssl_ctx, p, - (long)(long long)flen); - } -#else - ret = wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p, flen, - WOLFSSL_FILETYPE_ASN1); -#endif - lws_free_set_NULL(p); - if (ret != 1) { - lwsl_notice("unable to use memory privkey\n"); - - return 1; - } - -#else - /* - * Although we have prepared update certs, we no longer have - * the rights to read our own cert + key we saved. - * - * If we were passed copies in memory buffers, use those - * instead. - * - * The passed memory-buffer cert image is in DER, and the - * memory-buffer private key image is PEM. - */ -#ifndef USE_WOLFSSL - if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert, - mem_cert_len, &p, &flen)) { - lwsl_err("%s: couldn't convert pem to der\n", __func__); - return 1; - } - if (SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx, - (int)flen, - (uint8_t *)p) != 1) { -#else - if (wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx, - (uint8_t *)mem_cert, - (int)mem_cert_len, - WOLFSSL_FILETYPE_ASN1) != 1) { - -#endif - lwsl_err("Problem loading update cert\n"); - - return 1; - } - - if (lws_tls_alloc_pem_to_der_file(vhost->context, NULL, - mem_privkey, mem_privkey_len, - &p, &flen)) { - lwsl_notice("unable to convert memory privkey\n"); - - return 1; - } -#ifndef USE_WOLFSSL - if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, - vhost->tls.ssl_ctx, p, - (long)(long long)flen) != 1) { -#else - if (wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p, - flen, WOLFSSL_FILETYPE_ASN1) != 1) { -#endif - lwsl_notice("unable to use memory privkey\n"); - - return 1; - } - - goto check_key; - } - - /* set the local certificate from CertFile */ - m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert); - if (m != 1) { - error = ERR_get_error(); - lwsl_err("problem getting cert '%s' %lu: %s\n", - cert, error, ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - - return 1; - } - - if (n != LWS_TLS_EXTANT_ALTERNATIVE && private_key) { - /* set the private key from KeyFile */ - if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key, - SSL_FILETYPE_PEM) != 1) { - error = ERR_get_error(); - lwsl_err("ssl problem getting key '%s' %lu: %s\n", - private_key, error, - ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - return 1; - } - } else { - if (vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, - vhost->tls.ssl_ctx, NULL, 0)) { - lwsl_err("ssl private key not set\n"); - - return 1; - } - } - -check_key: -#endif - - /* verify private key */ - if (!SSL_CTX_check_private_key(vhost->tls.ssl_ctx)) { - lwsl_err("Private SSL key doesn't match cert\n"); - - return 1; - } - - -#if !defined(OPENSSL_NO_EC) - if (vhost->tls.ecdh_curve[0]) - ecdh_curve = vhost->tls.ecdh_curve; - - ecdh_nid = OBJ_sn2nid(ecdh_curve); - if (NID_undef == ecdh_nid) { - lwsl_err("SSL: Unknown curve name '%s'", ecdh_curve); - return 1; - } - - ecdh = EC_KEY_new_by_curve_name(ecdh_nid); - if (NULL == ecdh) { - lwsl_err("SSL: Unable to create curve '%s'", ecdh_curve); - return 1; - } - SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, ecdh); - EC_KEY_free(ecdh); - - SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_ECDH_USE); - - lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve); - - if (lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_SSL_ECDH)) - lwsl_notice(" Using ECDH certificate support\n"); - - /* Get X509 certificate from ssl context */ -#if !defined(LWS_WITH_BORINGSSL) -#if !defined(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS) - x = sk_X509_value(vhost->tls.ssl_ctx->extra_certs, 0); -#else - SSL_CTX_get_extra_chain_certs_only(vhost->tls.ssl_ctx, &extra_certs); - if (extra_certs) - x = sk_X509_value(extra_certs, 0); - else - lwsl_info("%s: no extra certs\n", __func__); -#endif - if (!x) { - //lwsl_err("%s: x is NULL\n", __func__); - goto post_ecdh; - } -#else - return 0; -#endif - /* Get the public key from certificate */ - pkey = X509_get_pubkey(x); - if (!pkey) { - lwsl_err("%s: pkey is NULL\n", __func__); - - return 1; - } - /* Get the key type */ - KeyType = EVP_PKEY_type(EVP_PKEY_id(pkey)); - - if (EVP_PKEY_EC != KeyType) { - lwsl_notice("Key type is not EC\n"); - return 0; - } - /* Get the key */ - EC_key = EVP_PKEY_get1_EC_KEY(pkey); - /* Set ECDH parameter */ - if (!EC_key) { - lwsl_err("%s: ECDH key is NULL \n", __func__); - return 1; - } - SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, EC_key); - - EC_KEY_free(EC_key); -#else - lwsl_notice(" OpenSSL doesn't support ECDH\n"); -#endif -#if !defined(OPENSSL_NO_EC) && !defined(LWS_WITH_BORINGSSL) -post_ecdh: -#endif - vhost->tls.skipped_certs = 0; - - return 0; -} - -int -lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info, - struct lws_vhost *vhost, struct lws *wsi) -{ - unsigned long error; - SSL_METHOD *method = (SSL_METHOD *)SSLv23_server_method(); - - if (!method) { - error = ERR_get_error(); - lwsl_err("problem creating ssl method %lu: %s\n", - error, ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - return 1; - } - vhost->tls.ssl_ctx = SSL_CTX_new(method); /* create context */ - if (!vhost->tls.ssl_ctx) { - error = ERR_get_error(); - lwsl_err("problem creating ssl context %lu: %s\n", - error, ERR_error_string(error, - (char *)vhost->context->pt[0].serv_buf)); - return 1; - } - - SSL_CTX_set_ex_data(vhost->tls.ssl_ctx, - openssl_SSL_CTX_private_data_index, - (char *)vhost->context); - /* Disable SSLv2 and SSLv3 */ - SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_SSLv2 | - SSL_OP_NO_SSLv3); -#ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_COMPRESSION); -#endif - SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_DH_USE); - SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); - - if (info->ssl_cipher_list) - SSL_CTX_set_cipher_list(vhost->tls.ssl_ctx, info->ssl_cipher_list); - -#if defined(LWS_HAVE_SSL_CTX_set_ciphersuites) - if (info->tls1_3_plus_cipher_list) - SSL_CTX_set_ciphersuites(vhost->tls.ssl_ctx, - info->tls1_3_plus_cipher_list); -#endif - -#if !defined(OPENSSL_NO_TLSEXT) - SSL_CTX_set_tlsext_servername_callback(vhost->tls.ssl_ctx, - lws_ssl_server_name_cb); - SSL_CTX_set_tlsext_servername_arg(vhost->tls.ssl_ctx, vhost->context); -#endif - - if (info->ssl_ca_filepath && - !SSL_CTX_load_verify_locations(vhost->tls.ssl_ctx, - info->ssl_ca_filepath, NULL)) { - lwsl_err("%s: SSL_CTX_load_verify_locations unhappy\n", - __func__); - } - - if (info->ssl_options_set) - SSL_CTX_set_options(vhost->tls.ssl_ctx, info->ssl_options_set); - -/* SSL_clear_options introduced in 0.9.8m */ -#if (OPENSSL_VERSION_NUMBER >= 0x009080df) && !defined(USE_WOLFSSL) - if (info->ssl_options_clear) - SSL_CTX_clear_options(vhost->tls.ssl_ctx, - info->ssl_options_clear); -#endif - - lwsl_info(" SSL options 0x%lX\n", - (unsigned long)SSL_CTX_get_options(vhost->tls.ssl_ctx)); - if (!vhost->tls.use_ssl || - (!info->ssl_cert_filepath && !info->server_ssl_cert_mem)) - return 0; - - lws_ssl_bind_passphrase(vhost->tls.ssl_ctx, 0, info); - - return lws_tls_server_certs_load(vhost, wsi, info->ssl_cert_filepath, - info->ssl_private_key_filepath, - info->server_ssl_cert_mem, - info->server_ssl_cert_mem_len, - info->server_ssl_private_key_mem, - info->server_ssl_private_key_mem_len); -} - -int -lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd) -{ -#if !defined(USE_WOLFSSL) - BIO *bio; -#endif - - errno = 0; - ERR_clear_error(); - wsi->tls.ssl = SSL_new(wsi->vhost->tls.ssl_ctx); - if (wsi->tls.ssl == NULL) { - lwsl_err("SSL_new failed: %d (errno %d)\n", - lws_ssl_get_error(wsi, 0), errno); - - lws_tls_err_describe_clear(); - return 1; - } - - SSL_set_ex_data(wsi->tls.ssl, openssl_websocket_private_data_index, wsi); - SSL_set_fd(wsi->tls.ssl, (int)(long long)accept_fd); - -#ifdef USE_WOLFSSL -#ifdef USE_OLD_CYASSL - CyaSSL_set_using_nonblock(wsi->tls.ssl, 1); -#else - wolfSSL_set_using_nonblock(wsi->tls.ssl, 1); -#endif -#else - - SSL_set_mode(wsi->tls.ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | - SSL_MODE_RELEASE_BUFFERS); - bio = SSL_get_rbio(wsi->tls.ssl); - if (bio) - BIO_set_nbio(bio, 1); /* nonblocking */ - else - lwsl_notice("NULL rbio\n"); - bio = SSL_get_wbio(wsi->tls.ssl); - if (bio) - BIO_set_nbio(bio, 1); /* nonblocking */ - else - lwsl_notice("NULL rbio\n"); -#endif - -#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, lws_ssl_info_callback); -#endif - - return 0; -} - -int -lws_tls_server_abort_connection(struct lws *wsi) -{ - SSL_shutdown(wsi->tls.ssl); - SSL_free(wsi->tls.ssl); - - return 0; -} - -enum lws_ssl_capable_status -lws_tls_server_accept(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - union lws_tls_cert_info_results ir; - int m, n; - - errno = 0; - ERR_clear_error(); - n = SSL_accept(wsi->tls.ssl); - - if (n == 1) { - n = lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_COMMON_NAME, &ir, - sizeof(ir.ns.name)); - if (!n) - lwsl_notice("%s: client cert CN '%s'\n", __func__, - ir.ns.name); - else - lwsl_info("%s: no client cert CN\n", __func__); - - lws_openssl_describe_cipher(wsi); - - if (SSL_pending(wsi->tls.ssl) && - lws_dll2_is_detached(&wsi->tls.dll_pending_tls)) - lws_dll2_add_head(&wsi->tls.dll_pending_tls, - &pt->tls.dll_pending_tls_owner); - - return LWS_SSL_CAPABLE_DONE; - } - - m = lws_ssl_get_error(wsi, n); - lws_tls_err_describe_clear(); - - if (m == SSL_ERROR_SYSCALL || m == SSL_ERROR_SSL) - return LWS_SSL_CAPABLE_ERROR; - - if (m == SSL_ERROR_WANT_READ || - (m != SSL_ERROR_ZERO_RETURN && SSL_want_read(wsi->tls.ssl))) { - if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { - lwsl_info("%s: WANT_READ change_pollfd failed\n", - __func__); - return LWS_SSL_CAPABLE_ERROR; - } - - lwsl_info("SSL_ERROR_WANT_READ: m %d\n", m); - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - } - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_WRITE\n", __func__); - - if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) { - lwsl_info("%s: WANT_WRITE change_pollfd failed\n", - __func__); - return LWS_SSL_CAPABLE_ERROR; - } - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - } - - return LWS_SSL_CAPABLE_ERROR; -} - -#if defined(LWS_WITH_ACME) -static int -lws_tls_openssl_rsa_new_key(RSA **rsa, int bits) -{ - BIGNUM *bn = BN_new(); - int n; - - if (!bn) - return 1; - - if (BN_set_word(bn, RSA_F4) != 1) { - BN_free(bn); - return 1; - } - - *rsa = RSA_new(); - if (!*rsa) { - BN_free(bn); - return 1; - } - - n = RSA_generate_key_ex(*rsa, bits, bn, NULL); - BN_free(bn); - if (n == 1) - return 0; - - RSA_free(*rsa); - *rsa = NULL; - - return 1; -} - -struct lws_tls_ss_pieces { - X509 *x509; - EVP_PKEY *pkey; - RSA *rsa; -}; - -LWS_VISIBLE LWS_EXTERN int -lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a, - const char *san_b) -{ - GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null(); - GENERAL_NAME *gen = NULL; - ASN1_IA5STRING *ia5 = NULL; - X509_NAME *name; - - if (!gens) - return 1; - - vhost->tls.ss = lws_zalloc(sizeof(*vhost->tls.ss), "sni cert"); - if (!vhost->tls.ss) { - GENERAL_NAMES_free(gens); - return 1; - } - - vhost->tls.ss->x509 = X509_new(); - if (!vhost->tls.ss->x509) - goto bail; - - ASN1_INTEGER_set(X509_get_serialNumber(vhost->tls.ss->x509), 1); - X509_gmtime_adj(X509_get_notBefore(vhost->tls.ss->x509), 0); - X509_gmtime_adj(X509_get_notAfter(vhost->tls.ss->x509), 3600); - - vhost->tls.ss->pkey = EVP_PKEY_new(); - if (!vhost->tls.ss->pkey) - goto bail0; - - if (lws_tls_openssl_rsa_new_key(&vhost->tls.ss->rsa, 4096)) - goto bail1; - - if (!EVP_PKEY_assign_RSA(vhost->tls.ss->pkey, vhost->tls.ss->rsa)) - goto bail2; - - X509_set_pubkey(vhost->tls.ss->x509, vhost->tls.ss->pkey); - - name = X509_get_subject_name(vhost->tls.ss->x509); - X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, - (unsigned char *)"GB", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, - (unsigned char *)"somecompany", -1, -1, 0); - if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8, - (unsigned char *)"temp.acme.invalid", - -1, -1, 0) != 1) { - lwsl_notice("failed to add CN\n"); - goto bail2; - } - X509_set_issuer_name(vhost->tls.ss->x509, name); - - /* add the SAN payloads */ - - gen = GENERAL_NAME_new(); - ia5 = ASN1_IA5STRING_new(); - if (!ASN1_STRING_set(ia5, san_a, -1)) { - lwsl_notice("failed to set ia5\n"); - GENERAL_NAME_free(gen); - goto bail2; - } - GENERAL_NAME_set0_value(gen, GEN_DNS, ia5); - sk_GENERAL_NAME_push(gens, gen); - - if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name, - gens, 0, X509V3_ADD_APPEND) != 1) - goto bail2; - - GENERAL_NAMES_free(gens); - - if (san_b && san_b[0]) { - gens = sk_GENERAL_NAME_new_null(); - gen = GENERAL_NAME_new(); - ia5 = ASN1_IA5STRING_new(); - if (!ASN1_STRING_set(ia5, san_a, -1)) { - lwsl_notice("failed to set ia5\n"); - GENERAL_NAME_free(gen); - goto bail2; - } - GENERAL_NAME_set0_value(gen, GEN_DNS, ia5); - sk_GENERAL_NAME_push(gens, gen); - - if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name, - gens, 0, X509V3_ADD_APPEND) != 1) - goto bail2; - - GENERAL_NAMES_free(gens); - } - - /* sign it with our private key */ - if (!X509_sign(vhost->tls.ss->x509, vhost->tls.ss->pkey, EVP_sha256())) - goto bail2; - -#if 0 - {/* useful to take a sample of a working cert for mbedtls to crib */ - FILE *fp = fopen("/tmp/acme-temp-cert", "w+"); - - i2d_X509_fp(fp, vhost->tls.ss->x509); - fclose(fp); - } -#endif - - /* tell the vhost to use our crafted certificate */ - SSL_CTX_use_certificate(vhost->tls.ssl_ctx, vhost->tls.ss->x509); - /* and to use our generated private key */ - SSL_CTX_use_PrivateKey(vhost->tls.ssl_ctx, vhost->tls.ss->pkey); - - return 0; - -bail2: - RSA_free(vhost->tls.ss->rsa); -bail1: - EVP_PKEY_free(vhost->tls.ss->pkey); -bail0: - X509_free(vhost->tls.ss->x509); -bail: - lws_free(vhost->tls.ss); - GENERAL_NAMES_free(gens); - - return 1; -} - -void -lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost) -{ - if (!vhost->tls.ss) - return; - - EVP_PKEY_free(vhost->tls.ss->pkey); - X509_free(vhost->tls.ss->x509); - lws_free_set_NULL(vhost->tls.ss); -} - -static int -lws_tls_openssl_add_nid(X509_NAME *name, int nid, const char *value) -{ - X509_NAME_ENTRY *e; - int n; - - if (!value || value[0] == '\0') - value = "none"; - - e = X509_NAME_ENTRY_create_by_NID(NULL, nid, MBSTRING_ASC, - (unsigned char *)value, -1); - if (!e) - return 1; - n = X509_NAME_add_entry(name, e, -1, 0); - X509_NAME_ENTRY_free(e); - - return n != 1; -} - -static int nid_list[] = { - NID_countryName, /* LWS_TLS_REQ_ELEMENT_COUNTRY */ - NID_stateOrProvinceName, /* LWS_TLS_REQ_ELEMENT_STATE */ - NID_localityName, /* LWS_TLS_REQ_ELEMENT_LOCALITY */ - NID_organizationName, /* LWS_TLS_REQ_ELEMENT_ORGANIZATION */ - NID_commonName, /* LWS_TLS_REQ_ELEMENT_COMMON_NAME */ - NID_organizationalUnitName, /* LWS_TLS_REQ_ELEMENT_EMAIL */ -}; - -LWS_VISIBLE LWS_EXTERN int -lws_tls_acme_sni_csr_create(struct lws_context *context, const char *elements[], - uint8_t *csr, size_t csr_len, char **privkey_pem, - size_t *privkey_len) -{ - uint8_t *csr_in = csr; - RSA *rsakey; - X509_REQ *req; - X509_NAME *subj; - EVP_PKEY *pkey; - char *p, *end; - BIO *bio; - long bio_len; - int n, ret = -1; - - if (lws_tls_openssl_rsa_new_key(&rsakey, 4096)) - return -1; - - pkey = EVP_PKEY_new(); - if (!pkey) - goto bail0; - if (!EVP_PKEY_set1_RSA(pkey, rsakey)) - goto bail1; - - req = X509_REQ_new(); - if (!req) - goto bail1; - - X509_REQ_set_pubkey(req, pkey); - - subj = X509_NAME_new(); - if (!subj) - goto bail2; - - for (n = 0; n < LWS_TLS_REQ_ELEMENT_COUNT; n++) - if (lws_tls_openssl_add_nid(subj, nid_list[n], elements[n])) { - lwsl_notice("%s: failed to add element %d\n", __func__, - n); - goto bail3; - } - - if (X509_REQ_set_subject_name(req, subj) != 1) - goto bail3; - - if (!X509_REQ_sign(req, pkey, EVP_sha256())) - goto bail3; - - /* - * issue the CSR as PEM to a BIO, and translate to b64urlenc without - * headers, trailers, or whitespace - */ - - bio = BIO_new(BIO_s_mem()); - if (!bio) - goto bail3; - - if (PEM_write_bio_X509_REQ(bio, req) != 1) { - BIO_free(bio); - goto bail3; - } - - bio_len = BIO_get_mem_data(bio, &p); - end = p + bio_len; - - /* strip the header line */ - while (p < end && *p != '\n') - p++; - - while (p < end && csr_len) { - if (*p == '\n') { - p++; - continue; - } - - if (*p == '-') - break; - - if (*p == '+') - *csr++ = '-'; - else - if (*p == '/') - *csr++ = '_'; - else - *csr++ = *p; - p++; - csr_len--; - } - BIO_free(bio); - if (!csr_len) { - lwsl_notice("%s: need %ld for CSR\n", __func__, bio_len); - goto bail3; - } - - /* - * Also return the private key as a PEM in memory - * (platform may not have a filesystem) - */ - bio = BIO_new(BIO_s_mem()); - if (!bio) - goto bail3; - - if (PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, 0, NULL) != 1) { - BIO_free(bio); - goto bail3; - } - bio_len = BIO_get_mem_data(bio, &p); - *privkey_pem = malloc(bio_len); /* malloc so user code can own / free */ - *privkey_len = (size_t)bio_len; - if (!*privkey_pem) { - lwsl_notice("%s: need %ld for private key\n", __func__, - bio_len); - BIO_free(bio); - goto bail3; - } - memcpy(*privkey_pem, p, (int)(long long)bio_len); - BIO_free(bio); - - ret = lws_ptr_diff(csr, csr_in); - -bail3: - X509_NAME_free(subj); -bail2: - X509_REQ_free(req); -bail1: - EVP_PKEY_free(pkey); -bail0: - RSA_free(rsakey); - - return ret; -} -#endif diff --git a/lib/tls/openssl/private.h b/lib/tls/openssl/private.h deleted file mode 100644 index bd0b174..0000000 --- a/lib/tls/openssl/private.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * gencrypto openssl-specific helper declarations - */ - -/* - * one of these per different client context - * cc_owner is in lws_context.lws_context_tls - */ - -struct lws_tls_client_reuse { - lws_tls_ctx *ssl_client_ctx; - uint8_t hash[32]; - struct lws_dll2 cc_list; - int refcount; - int index; -}; - -typedef int (*next_proto_cb)(SSL *, const unsigned char **out, - unsigned char *outlen, const unsigned char *in, - unsigned int inlen, void *arg); - -struct lws_x509_cert { - X509 *cert; /* X509 is opaque, this has to be a pointer */ -}; - -int -lws_gencrypto_openssl_hash_to_NID(enum lws_genhash_types hash_type); - -const EVP_MD * -lws_gencrypto_openssl_hash_to_EVP_MD(enum lws_genhash_types hash_type); - -#if !defined(LWS_HAVE_BN_bn2binpad) -int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); -#endif diff --git a/lib/tls/openssl/ssl.c b/lib/tls/openssl/ssl.c deleted file mode 100644 index ad2a76e..0000000 --- a/lib/tls/openssl/ssl.c +++ /dev/null @@ -1,510 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/openssl/private.h" -#include - -int openssl_websocket_private_data_index, - openssl_SSL_CTX_private_data_index; - -/* - * Care: many openssl apis return 1 for success. These are translated to the - * lws convention of 0 for success. - */ - -int lws_openssl_describe_cipher(struct lws *wsi) -{ -#if !defined(LWS_WITH_NO_LOGS) - int np = -1; - SSL *s = wsi->tls.ssl; - - SSL_get_cipher_bits(s, &np); - lwsl_info("%s: wsi %p: %s, %s, %d bits, %s\n", __func__, wsi, - SSL_get_cipher_name(s), SSL_get_cipher(s), np, - SSL_get_cipher_version(s)); -#endif - - return 0; -} - -int lws_ssl_get_error(struct lws *wsi, int n) -{ - int m; - - if (!wsi->tls.ssl) - return 99; - - m = SSL_get_error(wsi->tls.ssl, n); - lwsl_debug("%s: %p %d -> %d (errno %d)\n", __func__, wsi->tls.ssl, n, m, - errno); - - return m; -} - -static int -lws_context_init_ssl_pem_passwd_cb(char *buf, int size, int rwflag, - void *userdata) -{ - struct lws_context_creation_info * info = - (struct lws_context_creation_info *)userdata; - - strncpy(buf, info->ssl_private_key_password, size); - buf[size - 1] = '\0'; - - return (int)strlen(buf); -} - -static int -lws_context_init_ssl_pem_passwd_client_cb(char *buf, int size, int rwflag, - void *userdata) -{ - struct lws_context_creation_info * info = - (struct lws_context_creation_info *)userdata; - const char *p = info->ssl_private_key_password; - - if (info->client_ssl_private_key_password) - p = info->client_ssl_private_key_password; - - strncpy(buf, p, size); - buf[size - 1] = '\0'; - - return (int)strlen(buf); -} - -void -lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, int is_client, - const struct lws_context_creation_info *info) -{ - if (!info->ssl_private_key_password && - !info->client_ssl_private_key_password) - return; - /* - * password provided, set ssl callback and user data - * for checking password which will be trigered during - * SSL_CTX_use_PrivateKey_file function - */ - SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info); - SSL_CTX_set_default_passwd_cb(ssl_ctx, is_client ? - lws_context_init_ssl_pem_passwd_client_cb: - lws_context_init_ssl_pem_passwd_cb); -} - -static void -lws_ssl_destroy_client_ctx(struct lws_vhost *vhost) -{ - struct lws_tls_client_reuse *tcr; - - if (vhost->tls.user_supplied_ssl_ctx || !vhost->tls.ssl_client_ctx) - return; - - tcr = SSL_CTX_get_ex_data(vhost->tls.ssl_client_ctx, - openssl_SSL_CTX_private_data_index); - - if (!tcr || --tcr->refcount) - return; - - SSL_CTX_free(vhost->tls.ssl_client_ctx); - vhost->tls.ssl_client_ctx = NULL; - - vhost->context->tls.count_client_contexts--; - - lws_dll2_remove(&tcr->cc_list); - lws_free(tcr); -} - -LWS_VISIBLE void -lws_ssl_destroy(struct lws_vhost *vhost) -{ - if (!lws_check_opt(vhost->context->options, - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) - return; - - if (vhost->tls.ssl_ctx) - SSL_CTX_free(vhost->tls.ssl_ctx); - - lws_ssl_destroy_client_ctx(vhost); - -// after 1.1.0 no need -#if (OPENSSL_VERSION_NUMBER < 0x10100000) -// <= 1.0.1f = old api, 1.0.1g+ = new api -#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL) - ERR_remove_state(0); -#else -#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \ - !defined(LIBRESSL_VERSION_NUMBER) && \ - !defined(OPENSSL_IS_BORINGSSL) - ERR_remove_thread_state(); -#else - ERR_remove_thread_state(NULL); -#endif -#endif - /* not needed after 1.1.0 */ -#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && \ - (OPENSSL_VERSION_NUMBER <= 0x10100000) - SSL_COMP_free_compression_methods(); -#endif - ERR_free_strings(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); -#endif -} - -LWS_VISIBLE int -lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - int n = 0, m; - - if (!wsi->tls.ssl) - return lws_ssl_capable_read_no_ssl(wsi, buf, len); - - lws_stats_bump(pt, LWSSTATS_C_API_READ, 1); - - errno = 0; - ERR_clear_error(); - n = SSL_read(wsi->tls.ssl, buf, len); -#if defined(LWS_WITH_ESP32) - if (!n && errno == LWS_ENOTCONN) { - lwsl_debug("%p: SSL_read ENOTCONN\n", wsi); - return LWS_SSL_CAPABLE_ERROR; - } -#endif -#if defined(LWS_WITH_STATS) - if (!wsi->seen_rx && wsi->accept_start_us) { - lws_stats_bump(pt, LWSSTATS_US_SSL_RX_DELAY_AVG, - lws_now_usecs() - - wsi->accept_start_us); - lws_stats_bump(pt, LWSSTATS_C_SSL_CONNS_HAD_RX, 1); - wsi->seen_rx = 1; - } -#endif - - - lwsl_debug("%p: SSL_read says %d\n", wsi, n); - /* manpage: returning 0 means connection shut down - * - * 2018-09-10: https://github.com/openssl/openssl/issues/1903 - * - * So, in summary, if you get a 0 or -1 return from SSL_read() / - * SSL_write(), you should call SSL_get_error(): - * - * - If you get back SSL_ERROR_RETURN_ZERO then you know the connection - * has been cleanly shutdown by the peer. To fully close the - * connection you may choose to call SSL_shutdown() to send a - * close_notify back. - * - * - If you get back SSL_ERROR_SSL then some kind of internal or - * protocol error has occurred. More details will be on the SSL error - * queue. You can also call SSL_get_shutdown(). If this indicates a - * state of SSL_RECEIVED_SHUTDOWN then you know a fatal alert has - * been received from the peer (if it had been a close_notify then - * SSL_get_error() would have returned SSL_ERROR_RETURN_ZERO). - * SSL_ERROR_SSL is considered fatal - you should not call - * SSL_shutdown() in this case. - * - * - If you get back SSL_ERROR_SYSCALL then some kind of fatal (i.e. - * non-retryable) error has occurred in a system call. - */ - if (n <= 0) { - m = lws_ssl_get_error(wsi, n); - lwsl_debug("%p: ssl err %d errno %d\n", wsi, m, errno); - if (m == SSL_ERROR_ZERO_RETURN) /* cleanly shut down */ - return LWS_SSL_CAPABLE_ERROR; - - /* hm not retryable.. could be 0 size pkt or error */ - - if (m == SSL_ERROR_SSL || m == SSL_ERROR_SYSCALL || - errno == LWS_ENOTCONN) { - - /* unclean, eg closed conn */ - - wsi->socket_is_permanently_unusable = 1; - - return LWS_SSL_CAPABLE_ERROR; - } - - /* retryable? */ - - if (SSL_want_read(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_READ\n", __func__); - lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - if (SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("%s: WANT_WRITE\n", __func__); - lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi); - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - - /* keep on trucking it seems */ - } - - lws_stats_bump(pt, LWSSTATS_B_READ, n); - - if (wsi->vhost) - wsi->vhost->conn_stats.rx += n; - - // lwsl_hexdump_err(buf, n); - - /* - * if it was our buffer that limited what we read, - * check if SSL has additional data pending inside SSL buffers. - * - * Because these won't signal at the network layer with POLLIN - * and if we don't realize, this data will sit there forever - */ - if (n != len) - goto bail; - if (!wsi->tls.ssl) - goto bail; - - if (SSL_pending(wsi->tls.ssl) && - lws_dll2_is_detached(&wsi->tls.dll_pending_tls)) - lws_dll2_add_head(&wsi->tls.dll_pending_tls, - &pt->tls.dll_pending_tls_owner); - - return n; -bail: - lws_ssl_remove_wsi_from_buffered_list(wsi); - - return n; -} - -LWS_VISIBLE int -lws_ssl_pending(struct lws *wsi) -{ - if (!wsi->tls.ssl) - return 0; - - return SSL_pending(wsi->tls.ssl); -} - -LWS_VISIBLE int -lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) -{ - int n, m; - - if (!wsi->tls.ssl) - return lws_ssl_capable_write_no_ssl(wsi, buf, len); - - errno = 0; - ERR_clear_error(); - n = SSL_write(wsi->tls.ssl, buf, len); - if (n > 0) - return n; - - m = lws_ssl_get_error(wsi, n); - if (m != SSL_ERROR_SYSCALL) { - if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->tls.ssl)) { - lwsl_notice("%s: want read\n", __func__); - - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - - if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->tls.ssl)) { - lws_set_blocking_send(wsi); - - lwsl_debug("%s: want write\n", __func__); - - return LWS_SSL_CAPABLE_MORE_SERVICE; - } - } - - lwsl_debug("%s failed: %s\n",__func__, ERR_error_string(m, NULL)); - lws_tls_err_describe_clear(); - - wsi->socket_is_permanently_unusable = 1; - - return LWS_SSL_CAPABLE_ERROR; -} - -void -lws_ssl_info_callback(const SSL *ssl, int where, int ret) -{ - struct lws *wsi; - struct lws_context *context; - struct lws_ssl_info si; - -#ifndef USE_WOLFSSL - context = (struct lws_context *)SSL_CTX_get_ex_data( - SSL_get_SSL_CTX(ssl), - openssl_SSL_CTX_private_data_index); -#else - context = (struct lws_context *)SSL_CTX_get_ex_data( - SSL_get_SSL_CTX((SSL*) ssl), - openssl_SSL_CTX_private_data_index); -#endif - if (!context) - return; - wsi = wsi_from_fd(context, SSL_get_fd(ssl)); - if (!wsi) - return; - - if (!(where & wsi->vhost->tls.ssl_info_event_mask)) - return; - - si.where = where; - si.ret = ret; - - if (user_callback_handle_rxflow(wsi->protocol->callback, - wsi, LWS_CALLBACK_SSL_INFO, - wsi->user_space, &si, 0)) - lws_set_timeout(wsi, PENDING_TIMEOUT_KILLED_BY_SSL_INFO, -1); -} - - -LWS_VISIBLE int -lws_ssl_close(struct lws *wsi) -{ - lws_sockfd_type n; - - if (!wsi->tls.ssl) - return 0; /* not handled */ - -#if defined (LWS_HAVE_SSL_SET_INFO_CALLBACK) - /* kill ssl callbacks, because we will remove the fd from the - * table linking it to the wsi - */ - if (wsi->vhost->tls.ssl_info_event_mask) - SSL_set_info_callback(wsi->tls.ssl, NULL); -#endif - - n = SSL_get_fd(wsi->tls.ssl); - if (!wsi->socket_is_permanently_unusable) - SSL_shutdown(wsi->tls.ssl); - compatible_close(n); - SSL_free(wsi->tls.ssl); - wsi->tls.ssl = NULL; - - if (wsi->context->simultaneous_ssl_restriction && - wsi->context->simultaneous_ssl-- == - wsi->context->simultaneous_ssl_restriction) - /* we made space and can do an accept */ - lws_gate_accepts(wsi->context, 1); - - // lwsl_notice("%s: ssl restr %d, simul %d\n", __func__, - // wsi->context->simultaneous_ssl_restriction, - // wsi->context->simultaneous_ssl); - -#if defined(LWS_WITH_STATS) - wsi->context->updated = 1; -#endif - - return 1; /* handled */ -} - -void -lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost) -{ - if (vhost->tls.ssl_ctx) - SSL_CTX_free(vhost->tls.ssl_ctx); - - lws_ssl_destroy_client_ctx(vhost); - -#if defined(LWS_WITH_ACME) - lws_tls_acme_sni_cert_destroy(vhost); -#endif -} - -void -lws_ssl_context_destroy(struct lws_context *context) -{ -// after 1.1.0 no need -#if (OPENSSL_VERSION_NUMBER < 0x10100000) -// <= 1.0.1f = old api, 1.0.1g+ = new api -#if (OPENSSL_VERSION_NUMBER <= 0x1000106f) || defined(USE_WOLFSSL) - ERR_remove_state(0); -#else -#if OPENSSL_VERSION_NUMBER >= 0x1010005f && \ - !defined(LIBRESSL_VERSION_NUMBER) && \ - !defined(OPENSSL_IS_BORINGSSL) - ERR_remove_thread_state(); -#else - ERR_remove_thread_state(NULL); -#endif -#endif - // after 1.1.0 no need -#if (OPENSSL_VERSION_NUMBER >= 0x10002000) && (OPENSSL_VERSION_NUMBER <= 0x10100000) - SSL_COMP_free_compression_methods(); -#endif - ERR_free_strings(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); -#endif -} - -lws_tls_ctx * -lws_tls_ctx_from_wsi(struct lws *wsi) -{ - if (!wsi->tls.ssl) - return NULL; - - return SSL_get_SSL_CTX(wsi->tls.ssl); -} - -enum lws_ssl_capable_status -__lws_tls_shutdown(struct lws *wsi) -{ - int n; - - errno = 0; - ERR_clear_error(); - n = SSL_shutdown(wsi->tls.ssl); - lwsl_debug("SSL_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); - switch (n) { - case 1: /* successful completion */ - n = shutdown(wsi->desc.sockfd, SHUT_WR); - return LWS_SSL_CAPABLE_DONE; - - case 0: /* needs a retry */ - __lws_change_pollfd(wsi, 0, LWS_POLLIN); - return LWS_SSL_CAPABLE_MORE_SERVICE; - - default: /* fatal error, or WANT */ - n = SSL_get_error(wsi->tls.ssl, n); - if (n != SSL_ERROR_SYSCALL && n != SSL_ERROR_SSL) { - if (SSL_want_read(wsi->tls.ssl)) { - lwsl_debug("(wants read)\n"); - __lws_change_pollfd(wsi, 0, LWS_POLLIN); - return LWS_SSL_CAPABLE_MORE_SERVICE_READ; - } - if (SSL_want_write(wsi->tls.ssl)) { - lwsl_debug("(wants write)\n"); - __lws_change_pollfd(wsi, 0, LWS_POLLOUT); - return LWS_SSL_CAPABLE_MORE_SERVICE_WRITE; - } - } - return LWS_SSL_CAPABLE_ERROR; - } -} - - -static int -tops_fake_POLLIN_for_buffered_openssl(struct lws_context_per_thread *pt) -{ - return lws_tls_fake_POLLIN_for_buffered(pt); -} - -const struct lws_tls_ops tls_ops_openssl = { - /* fake_POLLIN_for_buffered */ tops_fake_POLLIN_for_buffered_openssl, -}; diff --git a/lib/tls/openssl/tls.c b/lib/tls/openssl/tls.c deleted file mode 100644 index d14cd83..0000000 --- a/lib/tls/openssl/tls.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/openssl/private.h" - -extern int openssl_websocket_private_data_index, -openssl_SSL_CTX_private_data_index; - -char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) { - switch (status) { - case SSL_ERROR_NONE: - return lws_strncpy(buf, "SSL_ERROR_NONE", len); - case SSL_ERROR_ZERO_RETURN: - return lws_strncpy(buf, "SSL_ERROR_ZERO_RETURN", len); - case SSL_ERROR_WANT_READ: - return lws_strncpy(buf, "SSL_ERROR_WANT_READ", len); - case SSL_ERROR_WANT_WRITE: - return lws_strncpy(buf, "SSL_ERROR_WANT_WRITE", len); - case SSL_ERROR_WANT_CONNECT: - return lws_strncpy(buf, "SSL_ERROR_WANT_CONNECT", len); - case SSL_ERROR_WANT_ACCEPT: - return lws_strncpy(buf, "SSL_ERROR_WANT_ACCEPT", len); - case SSL_ERROR_WANT_X509_LOOKUP: - return lws_strncpy(buf, "SSL_ERROR_WANT_X509_LOOKUP", len); - case SSL_ERROR_SYSCALL: - switch (ret) { - case 0: - lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: EOF"); - return buf; - case -1: -#ifndef LWS_PLAT_OPTEE - lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: %s", - strerror(errno)); -#else - lws_snprintf(buf, len, "SSL_ERROR_SYSCALL: %d", errno); -#endif - return buf; - default: - return strncpy(buf, "SSL_ERROR_SYSCALL", len); - } - case SSL_ERROR_SSL: - return "SSL_ERROR_SSL"; - default: - return "SSL_ERROR_UNKNOWN"; - } -} - -void -lws_tls_err_describe_clear(void) -{ - char buf[160]; - unsigned long l; - - do { - l = ERR_get_error(); - if (!l) - break; - - ERR_error_string_n(l, buf, sizeof(buf)); - lwsl_info(" openssl error: %s\n", buf); - } while (l); - lwsl_info("\n"); -} - -#if LWS_MAX_SMP != 1 - -static pthread_mutex_t *openssl_mutexes; - -static void -lws_openssl_lock_callback(int mode, int type, const char *file, int line) -{ - (void)file; - (void)line; - - if (mode & CRYPTO_LOCK) - pthread_mutex_lock(&openssl_mutexes[type]); - else - pthread_mutex_unlock(&openssl_mutexes[type]); -} - -static unsigned long -lws_openssl_thread_id(void) -{ - return (unsigned long)pthread_self(); -} -#endif - - -int -lws_context_init_ssl_library(const struct lws_context_creation_info *info) -{ -#ifdef USE_WOLFSSL -#ifdef USE_OLD_CYASSL - lwsl_info(" Compiled with CyaSSL support\n"); -#else - lwsl_info(" Compiled with wolfSSL support\n"); -#endif -#else -#if defined(LWS_WITH_BORINGSSL) - lwsl_info(" Compiled with BoringSSL support\n"); -#else - lwsl_info(" Compiled with OpenSSL support\n"); -#endif -#endif - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) { - lwsl_info(" SSL disabled: no " - "LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n"); - return 0; - } - - /* basic openssl init */ - - lwsl_info("Doing SSL library init\n"); - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - SSL_library_init(); - OpenSSL_add_all_algorithms(); - SSL_load_error_strings(); -#else - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); -#endif -#if defined(LWS_WITH_NETWORK) - openssl_websocket_private_data_index = - SSL_get_ex_new_index(0, "lws", NULL, NULL, NULL); - - openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0, - NULL, NULL, NULL, NULL); -#endif - -#if LWS_MAX_SMP != 1 - { - int n; - - openssl_mutexes = (pthread_mutex_t *) - OPENSSL_malloc(CRYPTO_num_locks() * - sizeof(openssl_mutexes[0])); - - for (n = 0; n < CRYPTO_num_locks(); n++) - pthread_mutex_init(&openssl_mutexes[n], NULL); - - /* - * These "functions" disappeared in later OpenSSL which is - * already threadsafe. - */ - - (void)lws_openssl_thread_id; - (void)lws_openssl_lock_callback; - - CRYPTO_set_id_callback(lws_openssl_thread_id); - CRYPTO_set_locking_callback(lws_openssl_lock_callback); - } -#endif - - return 0; -} - -void -lws_context_deinit_ssl_library(struct lws_context *context) -{ -#if LWS_MAX_SMP != 1 - int n; - - if (!lws_check_opt(context->options, - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) - return; - - CRYPTO_set_locking_callback(NULL); - - for (n = 0; n < CRYPTO_num_locks(); n++) - pthread_mutex_destroy(&openssl_mutexes[n]); - - OPENSSL_free(openssl_mutexes); -#endif -} diff --git a/lib/tls/openssl/x509.c b/lib/tls/openssl/x509.c deleted file mode 100644 index 64ac64a..0000000 --- a/lib/tls/openssl/x509.c +++ /dev/null @@ -1,664 +0,0 @@ -/* - * libwebsockets - OpenSSL-specific lws apis - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/openssl/private.h" - -#if !defined(LWS_PLAT_OPTEE) -static int -dec(char c) -{ - return c - '0'; -} -#endif - -static time_t -lws_tls_openssl_asn1time_to_unix(ASN1_TIME *as) -{ -#if !defined(LWS_PLAT_OPTEE) - - const char *p = (const char *)as->data; - struct tm t; - - /* [YY]YYMMDDHHMMSSZ */ - - memset(&t, 0, sizeof(t)); - - if (strlen(p) == 13) { - t.tm_year = (dec(p[0]) * 10) + dec(p[1]) + 100; - p += 2; - } else { - t.tm_year = (dec(p[0]) * 1000) + (dec(p[1]) * 100) + - (dec(p[2]) * 10) + dec(p[3]); - p += 4; - } - t.tm_mon = (dec(p[0]) * 10) + dec(p[1]) - 1; - p += 2; - t.tm_mday = (dec(p[0]) * 10) + dec(p[1]) - 1; - p += 2; - t.tm_hour = (dec(p[0]) * 10) + dec(p[1]); - p += 2; - t.tm_min = (dec(p[0]) * 10) + dec(p[1]); - p += 2; - t.tm_sec = (dec(p[0]) * 10) + dec(p[1]); - t.tm_isdst = 0; - - return mktime(&t); -#else - return (time_t)-1; -#endif -} - -int -lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - X509_NAME *xn; -#if !defined(LWS_PLAT_OPTEE) - char *p; -#endif - - if (!x509) - return -1; - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(X509_get_notBefore) -#define X509_get_notBefore(x) X509_getm_notBefore(x) -#define X509_get_notAfter(x) X509_getm_notAfter(x) -#endif - - switch (type) { - case LWS_TLS_CERT_INFO_VALIDITY_FROM: - buf->time = lws_tls_openssl_asn1time_to_unix( - X509_get_notBefore(x509)); - if (buf->time == (time_t)-1) - return -1; - break; - - case LWS_TLS_CERT_INFO_VALIDITY_TO: - buf->time = lws_tls_openssl_asn1time_to_unix( - X509_get_notAfter(x509)); - if (buf->time == (time_t)-1) - return -1; - break; - - case LWS_TLS_CERT_INFO_COMMON_NAME: -#if defined(LWS_PLAT_OPTEE) - return -1; -#else - xn = X509_get_subject_name(x509); - if (!xn) - return -1; - X509_NAME_oneline(xn, buf->ns.name, (int)len - 2); - p = strstr(buf->ns.name, "/CN="); - if (p) - memmove(buf->ns.name, p + 4, strlen(p + 4) + 1); - buf->ns.len = (int)strlen(buf->ns.name); - return 0; -#endif - case LWS_TLS_CERT_INFO_ISSUER_NAME: - xn = X509_get_issuer_name(x509); - if (!xn) - return -1; - X509_NAME_oneline(xn, buf->ns.name, (int)len - 1); - buf->ns.len = (int)strlen(buf->ns.name); - return 0; - - case LWS_TLS_CERT_INFO_USAGE: -#if defined(LWS_HAVE_X509_get_key_usage) - buf->usage = X509_get_key_usage(x509); - break; -#else - return -1; -#endif - - case LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY: - { -#ifndef USE_WOLFSSL - size_t klen = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x509), NULL); - uint8_t *tmp, *ptmp; - - if (!klen || klen > len) - return -1; - - tmp = (uint8_t *)OPENSSL_malloc(klen); - if (!tmp) - return -1; - - ptmp = tmp; - if (i2d_X509_PUBKEY( - X509_get_X509_PUBKEY(x509), &ptmp) != (int)klen || - !ptmp || lws_ptr_diff(ptmp, tmp) != (int)klen) { - lwsl_info("%s: cert public key extraction failed\n", - __func__); - if (ptmp) - OPENSSL_free(tmp); - - return -1; - } - - buf->ns.len = (int)klen; - memcpy(buf->ns.name, tmp, klen); - OPENSSL_free(tmp); -#endif - return 0; - } - default: - return -1; - } - - return 0; -} - -int -lws_x509_info(struct lws_x509_cert *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - return lws_tls_openssl_cert_info(x509->cert, type, buf, len); -} - -#if defined(LWS_WITH_NETWORK) -int -lws_tls_vhost_cert_info(struct lws_vhost *vhost, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ -#if defined(LWS_HAVE_SSL_CTX_get0_certificate) - X509 *x509 = SSL_CTX_get0_certificate(vhost->tls.ssl_ctx); - - return lws_tls_openssl_cert_info(x509, type, buf, len); -#else - lwsl_notice("openssl is too old to support %s\n", __func__); - - return -1; -#endif -} - - - -int -lws_tls_peer_cert_info(struct lws *wsi, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len) -{ - int rc = 0; - X509 *x509; - - wsi = lws_get_network_wsi(wsi); - - x509 = SSL_get_peer_certificate(wsi->tls.ssl); - - if (!x509) { - lwsl_debug("no peer cert\n"); - - return -1; - } - - switch (type) { - case LWS_TLS_CERT_INFO_VERIFIED: - buf->verified = SSL_get_verify_result(wsi->tls.ssl) == - X509_V_OK; - break; - default: - rc = lws_tls_openssl_cert_info(x509, type, buf, len); - } - - X509_free(x509); - - return rc; -} -#endif - -int -lws_x509_create(struct lws_x509_cert **x509) -{ - *x509 = lws_malloc(sizeof(**x509), __func__); - if (*x509) - (*x509)->cert = NULL; - - return !(*x509); -} - -int -lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len) -{ - BIO* bio = BIO_new(BIO_s_mem()); - - BIO_write(bio, pem, (int)len); - x509->cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); - BIO_free(bio); - if (!x509->cert) { - lwsl_err("%s: unable to parse PEM cert\n", __func__); - lws_tls_err_describe_clear(); - - return -1; - } - - return 0; -} - -int -lws_x509_verify(struct lws_x509_cert *x509, struct lws_x509_cert *trusted, - const char *common_name) -{ - char c[32], *p; - int ret; - - if (common_name) { - X509_NAME *xn = X509_get_subject_name(x509->cert); - if (!xn) - return -1; - X509_NAME_oneline(xn, c, (int)sizeof(c) - 2); - p = strstr(c, "/CN="); - if (p) - p = p + 4; - else - p = c; - - if (strcmp(p, common_name)) { - lwsl_err("%s: common name mismatch\n", __func__); - return -1; - } - } - - ret = X509_check_issued(trusted->cert, x509->cert); - if (ret != X509_V_OK) { - lwsl_err("%s: unable to verify cert relationship\n", __func__); - lws_tls_err_describe_clear(); - - return -1; - } - - return 0; -} - -#if defined(LWS_WITH_JOSE) -int -lws_x509_public_to_jwk(struct lws_jwk *jwk, struct lws_x509_cert *x509, - const char *curves, int rsa_min_bits) -{ - int id, n, ret = -1, count; - ASN1_OBJECT *obj = NULL; - const EC_POINT *ecpoint; - const EC_GROUP *ecgroup; - EC_KEY *ecpub = NULL; - X509_PUBKEY *pubkey; - RSA *rsapub = NULL; - BIGNUM *mpi[4]; - EVP_PKEY *pkey; - - memset(jwk, 0, sizeof(*jwk)); - - pubkey = X509_get_X509_PUBKEY(x509->cert); - if (!pubkey) { - lwsl_err("%s: missing pubkey alg in cert\n", __func__); - - goto bail; - } - - if (X509_PUBKEY_get0_param(&obj, NULL, NULL, NULL, pubkey) != 1) { - lwsl_err("%s: missing pubkey alg in cert\n", __func__); - - goto bail; - } - - id = OBJ_obj2nid(obj); - if (id == NID_undef) { - lwsl_err("%s: missing pubkey alg in cert\n", __func__); - - goto bail; - } - - lwsl_debug("%s: key type %d \"%s\"\n", __func__, id, OBJ_nid2ln(id)); - - pkey = X509_get_pubkey(x509->cert); - if (!pkey) { - lwsl_notice("%s: unable to extract pubkey", __func__); - - goto bail; - } - - switch (id) { - case NID_X9_62_id_ecPublicKey: - lwsl_debug("%s: EC key\n", __func__); - jwk->kty = LWS_GENCRYPTO_KTY_EC; - - if (!curves) { - lwsl_err("%s: ec curves not allowed\n", __func__); - - goto bail1; - } - - ecpub = EVP_PKEY_get1_EC_KEY(pkey); - if (!ecpub) { - lwsl_notice("%s: missing EC pubkey\n", __func__); - - goto bail1; - } - - ecpoint = EC_KEY_get0_public_key(ecpub); - if (!ecpoint) { - lwsl_err("%s: EC_KEY_get0_public_key failed\n", __func__); - goto bail2; - } - - ecgroup = EC_KEY_get0_group(ecpub); - if (!ecgroup) { - lwsl_err("%s: EC_KEY_get0_group failed\n", __func__); - goto bail2; - } - - /* validate the curve against ones we allow */ - - if (lws_genec_confirm_curve_allowed_by_tls_id(curves, - EC_GROUP_get_curve_name(ecgroup), jwk)) - /* already logged */ - goto bail2; - - mpi[LWS_GENCRYPTO_EC_KEYEL_CRV] = NULL; - mpi[LWS_GENCRYPTO_EC_KEYEL_X] = BN_new(); /* X */ - mpi[LWS_GENCRYPTO_EC_KEYEL_D] = NULL; - mpi[LWS_GENCRYPTO_EC_KEYEL_Y] = BN_new(); /* Y */ - -#if defined(LWS_HAVE_EC_POINT_get_affine_coordinates) - if (EC_POINT_get_affine_coordinates(ecgroup, ecpoint, -#else - if (EC_POINT_get_affine_coordinates_GFp(ecgroup, ecpoint, -#endif - mpi[LWS_GENCRYPTO_EC_KEYEL_X], - mpi[LWS_GENCRYPTO_EC_KEYEL_Y], - NULL) != 1) { - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); - lwsl_err("%s: EC_POINT_get_aff failed\n", __func__); - goto bail2; - } - count = LWS_GENCRYPTO_EC_KEYEL_COUNT; - n = LWS_GENCRYPTO_EC_KEYEL_X; - break; - - case NID_rsaEncryption: - lwsl_debug("%s: rsa key\n", __func__); - jwk->kty = LWS_GENCRYPTO_KTY_RSA; - - rsapub = EVP_PKEY_get1_RSA(pkey); - if (!rsapub) { - lwsl_notice("%s: missing RSA pubkey\n", __func__); - - goto bail1; - } - - if ((size_t)RSA_size(rsapub) * 8 < (size_t)rsa_min_bits) { - lwsl_err("%s: key bits %d less than minimum %d\n", - __func__, RSA_size(rsapub) * 8, rsa_min_bits); - - goto bail2; - } - -#if defined(LWS_HAVE_RSA_SET0_KEY) - /* we don't need d... but the api wants to write it */ - RSA_get0_key(rsapub, - (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_N], - (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_E], - (const BIGNUM **)&mpi[LWS_GENCRYPTO_RSA_KEYEL_D]); -#else - mpi[LWS_GENCRYPTO_RSA_KEYEL_E] = rsapub->e; - mpi[LWS_GENCRYPTO_RSA_KEYEL_N] = rsapub->n; - mpi[LWS_GENCRYPTO_RSA_KEYEL_D] = NULL; -#endif - count = LWS_GENCRYPTO_RSA_KEYEL_D; - n = LWS_GENCRYPTO_RSA_KEYEL_E; - break; - default: - lwsl_err("%s: unknown NID\n", __func__); - goto bail2; - } - - for (; n < count; n++) { - if (!mpi[n]) - continue; - jwk->e[n].len = BN_num_bytes(mpi[n]); - jwk->e[n].buf = lws_malloc(jwk->e[n].len, "certkeyimp"); - if (!jwk->e[n].buf) { - if (id == NID_X9_62_id_ecPublicKey) { - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); - } - goto bail2; - } - BN_bn2bin(mpi[n], jwk->e[n].buf); - } - - if (id == NID_X9_62_id_ecPublicKey) { - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_X]); - BN_clear_free(mpi[LWS_GENCRYPTO_EC_KEYEL_Y]); - } - - ret = 0; - -bail2: - if (id == NID_X9_62_id_ecPublicKey) - EC_KEY_free(ecpub); - else - RSA_free(rsapub); - -bail1: - EVP_PKEY_free(pkey); -bail: - /* jwk destroy will clean any partial state */ - if (ret) - lws_jwk_destroy(jwk); - - return ret; -} - -static int -lws_x509_jwk_privkey_pem_pp_cb(char *buf, int size, int rwflag, void *u) -{ - const char *pp = (const char *)u; - int n = strlen(pp); - - if (n > size - 1) - return -1; - - memcpy(buf, pp, n + 1); - - return n; -} - -int -lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len, - const char *passphrase) -{ - BIO* bio = BIO_new(BIO_s_mem()); - BIGNUM *mpi, *dummy[6]; - EVP_PKEY *pkey = NULL; - EC_KEY *ecpriv = NULL; - RSA *rsapriv = NULL; - const BIGNUM *cmpi; - int n, m, ret = -1; - - BIO_write(bio, pem, (int)len); - PEM_read_bio_PrivateKey(bio, &pkey, lws_x509_jwk_privkey_pem_pp_cb, - (void *)passphrase); - BIO_free(bio); - lws_explicit_bzero((void *)pem, len); - if (!pkey) { - lwsl_err("%s: unable to parse PEM privkey\n", __func__); - lws_tls_err_describe_clear(); - - return -1; - } - - /* confirm the key type matches the existing jwk situation */ - - switch (jwk->kty) { - case LWS_GENCRYPTO_KTY_EC: - if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_EC) { - lwsl_err("%s: jwk is EC but privkey isn't\n", __func__); - - goto bail; - } - ecpriv = EVP_PKEY_get1_EC_KEY(pkey); - if (!ecpriv) { - lwsl_notice("%s: missing EC key\n", __func__); - - goto bail; - } - - cmpi = EC_KEY_get0_private_key(ecpriv); - - /* quick size check first */ - - n = BN_num_bytes(cmpi); - if (jwk->e[LWS_GENCRYPTO_EC_KEYEL_Y].len != (uint32_t)n) { - lwsl_err("%s: jwk key size doesn't match\n", __func__); - - goto bail1; - } - - /* TODO.. check public curve / group + point */ - - jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].len = n; - jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf = lws_malloc(n, "ec"); - if (!jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf) - goto bail1; - - m = BN_bn2binpad(cmpi, jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].buf, - jwk->e[LWS_GENCRYPTO_EC_KEYEL_D].len); - if ((unsigned int)m != (unsigned int)BN_num_bytes(cmpi)) - goto bail1; - - break; - - case LWS_GENCRYPTO_KTY_RSA: - if (EVP_PKEY_type(EVP_PKEY_id(pkey)) != EVP_PKEY_RSA) { - lwsl_err("%s: RSA jwk, non-RSA privkey\n", __func__); - - goto bail; - } - rsapriv = EVP_PKEY_get1_RSA(pkey); - if (!rsapriv) { - lwsl_notice("%s: missing RSA key\n", __func__); - - goto bail; - } - -#if defined(LWS_HAVE_RSA_SET0_KEY) - RSA_get0_key(rsapriv, (const BIGNUM **)&dummy[0], /* n */ - (const BIGNUM **)&dummy[1], /* e */ - (const BIGNUM **)&mpi); /* d */ - RSA_get0_factors(rsapriv, (const BIGNUM **)&dummy[4], /* p */ - (const BIGNUM **)&dummy[5]); /* q */ -#else - dummy[0] = rsapriv->n; - dummy[1] = rsapriv->e; - dummy[4] = rsapriv->p; - dummy[5] = rsapriv->q; - mpi = rsapriv->d; -#endif - - /* quick size check first */ - - n = BN_num_bytes(mpi); - if (jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len != (uint32_t)n) { - lwsl_err("%s: jwk key size doesn't match\n", __func__); - - goto bail1; - } - - /* then check that n & e match what we got from the cert */ - - dummy[2] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].buf, - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_N].len, - NULL); - dummy[3] = BN_bin2bn(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].buf, - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_E].len, - NULL); - - m = BN_cmp(dummy[2], dummy[0]) | BN_cmp(dummy[3], dummy[1]); - BN_clear_free(dummy[2]); - BN_clear_free(dummy[3]); - if (m) { - lwsl_err("%s: privkey doesn't match jwk pubkey\n", - __func__); - - goto bail1; - } - - /* accept d from the PEM privkey into the JWK */ - - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].len = n; - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf = lws_malloc(n, "privjk"); - if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf) - goto bail1; - - BN_bn2bin(mpi, jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); - - /* accept p and q from the PEM privkey into the JWK */ - - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].len = BN_num_bytes(dummy[4]); - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf = lws_malloc(n, "privjk"); - if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf) { - lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); - goto bail1; - } - BN_bn2bin(dummy[4], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf); - - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].len = BN_num_bytes(dummy[5]); - jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf = lws_malloc(n, "privjk"); - if (!jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf) { - lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_D].buf); - lws_free_set_NULL(jwk->e[LWS_GENCRYPTO_RSA_KEYEL_P].buf); - goto bail1; - } - BN_bn2bin(dummy[5], jwk->e[LWS_GENCRYPTO_RSA_KEYEL_Q].buf); - break; - default: - lwsl_err("%s: JWK has unknown kty %d\n", __func__, jwk->kty); - return -1; - } - - ret = 0; - -bail1: - if (jwk->kty == LWS_GENCRYPTO_KTY_EC) - EC_KEY_free(ecpriv); - else - RSA_free(rsapriv); - -bail: - EVP_PKEY_free(pkey); - - return ret; -} -#endif - -void -lws_x509_destroy(struct lws_x509_cert **x509) -{ - if (!*x509) - return; - - if ((*x509)->cert) { - X509_free((*x509)->cert); - (*x509)->cert = NULL; - } - - lws_free_set_NULL(*x509); -} diff --git a/lib/tls/private-network.h b/lib/tls/private-network.h deleted file mode 100644 index 806b62d..0000000 --- a/lib/tls/private-network.h +++ /dev/null @@ -1,190 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_TLS - */ - -struct lws_context_per_thread; -struct lws_tls_ops { - int (*fake_POLLIN_for_buffered)(struct lws_context_per_thread *pt); -}; - -struct lws_context_tls { - char alpn_discovered[32]; - const char *alpn_default; - time_t last_cert_check_s; - struct lws_dll2_owner cc_owner; - int count_client_contexts; -}; - -struct lws_pt_tls { - struct lws_dll2_owner dll_pending_tls_owner; -}; - -struct lws_tls_ss_pieces; - -struct alpn_ctx { - uint8_t data[23]; - uint8_t len; -}; - -struct lws_vhost_tls { - lws_tls_ctx *ssl_ctx; - lws_tls_ctx *ssl_client_ctx; - const char *alpn; - struct lws_tls_ss_pieces *ss; /* for acme tls certs */ - char *alloc_cert_path; - char *key_path; -#if defined(LWS_WITH_MBEDTLS) - lws_tls_x509 *x509_client_CA; -#endif - char ecdh_curve[16]; - struct alpn_ctx alpn_ctx; - - int use_ssl; - int allow_non_ssl_on_ssl_port; - int ssl_info_event_mask; - - unsigned int user_supplied_ssl_ctx:1; - unsigned int skipped_certs:1; -}; - -struct lws_lws_tls { - lws_tls_conn *ssl; - lws_tls_bio *client_bio; - struct lws_dll2 dll_pending_tls; - unsigned int use_ssl; - unsigned int redirect_to_https:1; -}; - - -LWS_EXTERN void -lws_context_init_alpn(struct lws_vhost *vhost); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_ssl_pending(struct lws *wsi); -LWS_EXTERN int LWS_WARN_UNUSED_RESULT -lws_server_socket_service_ssl(struct lws *new_wsi, lws_sockfd_type accept_fd); -LWS_EXTERN int -lws_ssl_close(struct lws *wsi); -LWS_EXTERN void -lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost); -LWS_EXTERN void -lws_ssl_context_destroy(struct lws_context *context); -void -__lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); -LWS_VISIBLE void -lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); -LWS_EXTERN int -lws_ssl_client_bio_create(struct lws *wsi); -LWS_EXTERN int -lws_ssl_client_connect1(struct lws *wsi); -LWS_EXTERN int -lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len); -LWS_EXTERN int -lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); -LWS_EXTERN int -lws_gate_accepts(struct lws_context *context, int on); -LWS_EXTERN void -lws_ssl_bind_passphrase(lws_tls_ctx *ssl_ctx, int is_client, - const struct lws_context_creation_info *info); -LWS_EXTERN void -lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); -LWS_EXTERN int -lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, - const char *cert, const char *private_key, - const char *mem_cert, size_t len_mem_cert, - const char *mem_privkey, size_t mem_privkey_len); -LWS_EXTERN enum lws_tls_extant -lws_tls_generic_cert_checks(struct lws_vhost *vhost, const char *cert, - const char *private_key); -#if !defined(LWS_NO_SERVER) - LWS_EXTERN int - lws_context_init_server_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost); - void - lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost); -#else - #define lws_context_init_server_ssl(_a, _b) (0) - #define lws_tls_acme_sni_cert_destroy(_a) -#endif - -LWS_EXTERN void -lws_ssl_destroy(struct lws_vhost *vhost); - -/* -* lws_tls_ abstract backend implementations -*/ - -LWS_EXTERN int -lws_tls_server_client_cert_verify_config(struct lws_vhost *vh); -LWS_EXTERN int -lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info, - struct lws_vhost *vhost, struct lws *wsi); -LWS_EXTERN int -lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd); - -LWS_EXTERN enum lws_ssl_capable_status -lws_tls_server_accept(struct lws *wsi); - -LWS_EXTERN enum lws_ssl_capable_status -lws_tls_server_abort_connection(struct lws *wsi); - -LWS_EXTERN enum lws_ssl_capable_status -__lws_tls_shutdown(struct lws *wsi); - -LWS_EXTERN enum lws_ssl_capable_status -lws_tls_client_connect(struct lws *wsi); -LWS_EXTERN int -lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, int ebuf_len); -LWS_EXTERN int -lws_tls_client_create_vhost_context(struct lws_vhost *vh, - const struct lws_context_creation_info *info, - const char *cipher_list, - const char *ca_filepath, - const void *ca_mem, - unsigned int ca_mem_len, - const char *cert_filepath, - const void *cert_mem, - unsigned int cert_mem_len, - const char *private_key_filepath); - -LWS_EXTERN lws_tls_ctx * -lws_tls_ctx_from_wsi(struct lws *wsi); -LWS_EXTERN int -lws_ssl_get_error(struct lws *wsi, int n); - -LWS_EXTERN int -lws_context_init_client_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost); - -LWS_EXTERN void -lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); - -int -lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); - - - - - diff --git a/lib/tls/private.h b/lib/tls/private.h deleted file mode 100644 index 16b7d66..0000000 --- a/lib/tls/private.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * This is included from core/private.h if LWS_WITH_TLS - */ - -#if !defined(__LWS_TLS_PRIVATE_H__) -#define __LWS_TLS_PRIVATE_H__ - - -#if defined(LWS_WITH_TLS) - -#if defined(USE_WOLFSSL) - #if defined(USE_OLD_CYASSL) - #if defined(_WIN32) - #include - #include - #else - #include - #endif - #include - #include - #else - #if defined(_WIN32) - #include - #include - #else - #include - #endif - #include - #include - #define OPENSSL_NO_TLSEXT - #endif /* not USE_OLD_CYASSL */ -#else /* WOLFSSL */ - #if defined(LWS_WITH_ESP32) - #define OPENSSL_NO_TLSEXT - #if !defined(LWS_AMAZON_RTOS) - /* AMAZON RTOS has its own setting via MTK_MBEDTLS_CONFIG_FILE */ - #undef MBEDTLS_CONFIG_FILE - #define MBEDTLS_CONFIG_FILE - #endif - #include - #include - #include - #include - #include "tls/mbedtls/wrapper/include/openssl/ssl.h" /* wrapper !!!! */ - #else /* not esp32 */ - #if defined(LWS_WITH_MBEDTLS) - #include - #include - #include - #include - #include - #include - #include - #include "tls/mbedtls/wrapper/include/openssl/ssl.h" /* wrapper !!!! */ - #else - #include - #include - #include - #include - #include - #include - #include - #include - #ifdef LWS_HAVE_OPENSSL_ECDH_H - #include - #endif - #if !defined(LWS_HAVE_EVP_MD_CTX_free) - #define EVP_MD_CTX_free EVP_MD_CTX_destroy - #endif - #include - #endif /* not mbedtls */ - #if defined(OPENSSL_VERSION_NUMBER) - #if (OPENSSL_VERSION_NUMBER < 0x0009080afL) -/* - * later openssl defines this to negate the presence of tlsext... but it was - * only introduced at 0.9.8j. Earlier versions don't know it exists so don't - * define it... making it look like the feature exists... - */ - #define OPENSSL_NO_TLSEXT - #endif - #endif - #endif /* not ESP32 */ -#endif /* not USE_WOLFSSL */ - -#endif /* LWS_WITH_TLS */ - -enum lws_tls_extant { - LWS_TLS_EXTANT_NO, - LWS_TLS_EXTANT_YES, - LWS_TLS_EXTANT_ALTERNATIVE -}; - - -#if defined(LWS_WITH_TLS) - -typedef SSL lws_tls_conn; -typedef SSL_CTX lws_tls_ctx; -typedef BIO lws_tls_bio; -typedef X509 lws_tls_x509; - -#if defined(LWS_WITH_NETWORK) -#include "tls/private-network.h" -#endif - -LWS_EXTERN int -lws_context_init_ssl_library(const struct lws_context_creation_info *info); -LWS_EXTERN void -lws_context_deinit_ssl_library(struct lws_context *context); -#define LWS_SSL_ENABLED(vh) (vh && vh->tls.use_ssl) - -extern const struct lws_tls_ops tls_ops_openssl, tls_ops_mbedtls; - -struct lws_ec_valid_curves { - int id; - const char *jwa_name; /* list terminates with NULL jwa_name */ -}; - -LWS_EXTERN enum lws_tls_extant -lws_tls_use_any_upgrade_check_extant(const char *name); -LWS_EXTERN int openssl_websocket_private_data_index; - - -LWS_EXTERN void -lws_tls_err_describe_clear(void); - -LWS_EXTERN int -lws_tls_openssl_cert_info(X509 *x509, enum lws_tls_cert_info type, - union lws_tls_cert_info_results *buf, size_t len); -LWS_EXTERN int -lws_tls_check_all_cert_lifetimes(struct lws_context *context); - -LWS_EXTERN int -lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename, - const char *inbuf, lws_filepos_t inlen, - uint8_t **buf, lws_filepos_t *amount); -LWS_EXTERN char * -lws_ssl_get_error_string(int status, int ret, char *buf, size_t len); - -int -lws_gencrypto_bits_to_bytes(int bits); - -void -lws_gencrypto_destroy_elements(struct lws_gencrypto_keyelem *el, int m); - -/* genec */ - -struct lws_gencrypto_keyelem; -struct lws_ec_curves; - -LWS_EXTERN const struct lws_ec_curves lws_ec_curves[4]; -const struct lws_ec_curves * -lws_genec_curve(const struct lws_ec_curves *table, const char *name); -LWS_VISIBLE void -lws_genec_destroy_elements(struct lws_gencrypto_keyelem *el); -int -lws_gencrypto_mbedtls_rngf(void *context, unsigned char *buf, size_t len); - -int -lws_genec_confirm_curve_allowed_by_tls_id(const char *allowed, int id, - struct lws_jwk *jwk); - -#endif -#endif diff --git a/lib/tls/tls-client.c b/lib/tls/tls-client.c deleted file mode 100644 index a94ef30..0000000 --- a/lib/tls/tls-client.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * libwebsockets - client-related ssl code independent of backend - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -int -lws_ssl_client_connect1(struct lws *wsi) -{ - struct lws_context *context = wsi->context; - int n = 0; - - lws_latency_pre(context, wsi); - n = lws_tls_client_connect(wsi); - lws_latency(context, wsi, "SSL_connect hs", n, n > 0); - - switch (n) { - case LWS_SSL_CAPABLE_ERROR: - return -1; - case LWS_SSL_CAPABLE_DONE: - return 1; /* connected */ - case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE: - lws_callback_on_writable(wsi); - /* fallthru */ - case LWS_SSL_CAPABLE_MORE_SERVICE: - case LWS_SSL_CAPABLE_MORE_SERVICE_READ: - lwsi_set_state(wsi, LRS_WAITING_SSL); - break; - } - - return 0; /* retry */ -} - -int -lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len) -{ - int n = 0; - - if (lwsi_state(wsi) == LRS_WAITING_SSL) { - lws_latency_pre(wsi->context, wsi); - - n = lws_tls_client_connect(wsi); - lwsl_debug("%s: SSL_connect says %d\n", __func__, n); - lws_latency(wsi->context, wsi, - "SSL_connect LRS_WAITING_SSL", n, n > 0); - - switch (n) { - case LWS_SSL_CAPABLE_ERROR: - lws_snprintf(errbuf, len, "client connect failed"); - return -1; - case LWS_SSL_CAPABLE_DONE: - break; /* connected */ - case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE: - lws_callback_on_writable(wsi); - /* fallthru */ - case LWS_SSL_CAPABLE_MORE_SERVICE_READ: - lwsi_set_state(wsi, LRS_WAITING_SSL); - /* fallthru */ - case LWS_SSL_CAPABLE_MORE_SERVICE: - return 0; - } - } - - if (lws_tls_client_confirm_peer_cert(wsi, errbuf, len)) - return -1; - - return 1; -} - - -int lws_context_init_client_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost) -{ - const char *private_key_filepath = info->ssl_private_key_filepath; - const char *cert_filepath = info->ssl_cert_filepath; - const char *ca_filepath = info->ssl_ca_filepath; - const char *cipher_list = info->ssl_cipher_list; - struct lws wsi; - - if (vhost->options & LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG) - return 0; - - if (vhost->tls.ssl_ctx) { - cert_filepath = NULL; - private_key_filepath = NULL; - ca_filepath = NULL; - } - - /* - * for backwards-compatibility default to using ssl_... members, but - * if the newer client-specific ones are given, use those - */ - if (info->client_ssl_cipher_list) - cipher_list = info->client_ssl_cipher_list; - if (info->client_ssl_cert_filepath) - cert_filepath = info->client_ssl_cert_filepath; - if (info->client_ssl_private_key_filepath) - private_key_filepath = info->client_ssl_private_key_filepath; - - if (info->client_ssl_ca_filepath) - ca_filepath = info->client_ssl_ca_filepath; - - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) - return 0; - - if (vhost->tls.ssl_client_ctx) - return 0; - - if (info->provided_client_ssl_ctx) { - /* use the provided OpenSSL context if given one */ - vhost->tls.ssl_client_ctx = info->provided_client_ssl_ctx; - /* nothing for lib to delete */ - vhost->tls.user_supplied_ssl_ctx = 1; - - return 0; - } - - if (lws_tls_client_create_vhost_context(vhost, info, cipher_list, - ca_filepath, - info->client_ssl_ca_mem, - info->client_ssl_ca_mem_len, - cert_filepath, - info->client_ssl_cert_mem, - info->client_ssl_cert_mem_len, - private_key_filepath)) - return 1; - - lwsl_info("created client ssl context for %s\n", vhost->name); - - /* - * give him a fake wsi with context set, so he can use - * lws_get_context() in the callback - */ - memset(&wsi, 0, sizeof(wsi)); - wsi.vhost = vhost; /* not a real bound wsi */ - wsi.context = vhost->context; - - vhost->protocols[0].callback(&wsi, - LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS, - vhost->tls.ssl_client_ctx, NULL, 0); - - return 0; -} diff --git a/lib/tls/tls-network.c b/lib/tls/tls-network.c deleted file mode 100644 index 99b5ac8..0000000 --- a/lib/tls/tls-network.c +++ /dev/null @@ -1,252 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -/* - * fakes POLLIN on all tls guys with buffered rx - * - * returns nonzero if any tls guys had POLLIN faked - */ - -int -lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt) -{ - int ret = 0; - - lws_start_foreach_dll_safe(struct lws_dll2 *, p, p1, - lws_dll2_get_head(&pt->tls.dll_pending_tls_owner)) { - struct lws *wsi = lws_container_of(p, struct lws, - tls.dll_pending_tls); - - pt->fds[wsi->position_in_fds_table].revents |= - pt->fds[wsi->position_in_fds_table].events & LWS_POLLIN; - ret |= pt->fds[wsi->position_in_fds_table].revents & LWS_POLLIN; - - } lws_end_foreach_dll_safe(p, p1); - - return !!ret; -} - -void -__lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi) -{ - lws_dll2_remove(&wsi->tls.dll_pending_tls); -} - -void -lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi) -{ - struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; - - lws_pt_lock(pt, __func__); - __lws_ssl_remove_wsi_from_buffered_list(wsi); - lws_pt_unlock(pt); -} - - -int -lws_tls_check_cert_lifetime(struct lws_vhost *v) -{ - time_t now = (time_t)lws_now_secs(), life = 0; - struct lws_acme_cert_aging_args caa; - union lws_tls_cert_info_results ir; - int n; - - if (v->tls.ssl_ctx && !v->tls.skipped_certs) { - - if (now < 1542933698) /* Nov 23 2018 00:42 UTC */ - /* our clock is wrong and we can't judge the certs */ - return -1; - - n = lws_tls_vhost_cert_info(v, LWS_TLS_CERT_INFO_VALIDITY_TO, - &ir, 0); - if (n) - return 1; - - life = (ir.time - now) / (24 * 3600); - lwsl_notice(" vhost %s: cert expiry: %dd\n", v->name, - (int)life); - } else - lwsl_info(" vhost %s: no cert\n", v->name); - - memset(&caa, 0, sizeof(caa)); - caa.vh = v; - lws_broadcast(&v->context->pt[0], LWS_CALLBACK_VHOST_CERT_AGING, (void *)&caa, - (size_t)(ssize_t)life); - - return 0; -} - -int -lws_tls_check_all_cert_lifetimes(struct lws_context *context) -{ - struct lws_vhost *v = context->vhost_list; - - while (v) { - if (lws_tls_check_cert_lifetime(v) < 0) - return -1; - v = v->vhost_next; - } - - return 0; -} - - -/* - * LWS_TLS_EXTANT_NO : skip adding the cert - * LWS_TLS_EXTANT_YES : use the cert and private key paths normally - * LWS_TLS_EXTANT_ALTERNATIVE: normal paths not usable, try alternate if poss - */ -enum lws_tls_extant -lws_tls_generic_cert_checks(struct lws_vhost *vhost, const char *cert, - const char *private_key) -{ - int n, m; - - /* - * The user code can choose to either pass the cert and - * key filepaths using the info members like this, or it can - * leave them NULL; force the vhost SSL_CTX init using the info - * options flag LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX; and - * set up the cert himself using the user callback - * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS, which - * happened just above and has the vhost SSL_CTX * in the user - * parameter. - */ - - if (!cert || !private_key) - return LWS_TLS_EXTANT_NO; - - n = lws_tls_use_any_upgrade_check_extant(cert); - if (n == LWS_TLS_EXTANT_ALTERNATIVE) - return LWS_TLS_EXTANT_ALTERNATIVE; - m = lws_tls_use_any_upgrade_check_extant(private_key); - if (m == LWS_TLS_EXTANT_ALTERNATIVE) - return LWS_TLS_EXTANT_ALTERNATIVE; - - if ((n == LWS_TLS_EXTANT_NO || m == LWS_TLS_EXTANT_NO) && - (vhost->options & LWS_SERVER_OPTION_IGNORE_MISSING_CERT)) { - lwsl_notice("Ignoring missing %s or %s\n", cert, private_key); - vhost->tls.skipped_certs = 1; - - return LWS_TLS_EXTANT_NO; - } - - /* - * the cert + key exist - */ - - return LWS_TLS_EXTANT_YES; -} - -#if !defined(LWS_NO_SERVER) -/* - * update the cert for every vhost using the given path - */ - -LWS_VISIBLE int -lws_tls_cert_updated(struct lws_context *context, const char *certpath, - const char *keypath, - const char *mem_cert, size_t len_mem_cert, - const char *mem_privkey, size_t len_mem_privkey) -{ - struct lws wsi; - - wsi.context = context; - - lws_start_foreach_ll(struct lws_vhost *, v, context->vhost_list) { - wsi.vhost = v; /* not a real bound wsi */ - if (v->tls.alloc_cert_path && v->tls.key_path && - !strcmp(v->tls.alloc_cert_path, certpath) && - !strcmp(v->tls.key_path, keypath)) { - lws_tls_server_certs_load(v, &wsi, certpath, keypath, - mem_cert, len_mem_cert, - mem_privkey, len_mem_privkey); - - if (v->tls.skipped_certs) - lwsl_notice("%s: vhost %s: cert unset\n", - __func__, v->name); - } - } lws_end_foreach_ll(v, vhost_next); - - return 0; -} -#endif - -int -lws_gate_accepts(struct lws_context *context, int on) -{ - struct lws_vhost *v = context->vhost_list; - - lwsl_notice("%s: on = %d\n", __func__, on); - -#if defined(LWS_WITH_STATS) - context->updated = 1; -#endif - - while (v) { - if (v->tls.use_ssl && v->lserv_wsi && - lws_change_pollfd(v->lserv_wsi, (LWS_POLLIN) * !on, - (LWS_POLLIN) * on)) - lwsl_notice("Unable to set accept POLLIN %d\n", on); - - v = v->vhost_next; - } - - return 0; -} - -/* comma-separated alpn list, like "h2,http/1.1" to openssl alpn format */ - -int -lws_alpn_comma_to_openssl(const char *comma, uint8_t *os, int len) -{ - uint8_t *oos = os, *plen = NULL; - - while (*comma && len > 1) { - if (!plen && *comma == ' ') { - comma++; - continue; - } - if (!plen) { - plen = os++; - len--; - } - - if (*comma == ',') { - *plen = lws_ptr_diff(os, plen + 1); - plen = NULL; - comma++; - } else { - *os++ = *comma++; - len--; - } - } - - if (plen) - *plen = lws_ptr_diff(os, plen + 1); - - return lws_ptr_diff(os, oos); -} - - - diff --git a/lib/tls/tls-server.c b/lib/tls/tls-server.c deleted file mode 100644 index db14a6d..0000000 --- a/lib/tls/tls-server.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010-2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" - -#if defined(LWS_WITH_MBEDTLS) || (defined(OPENSSL_VERSION_NUMBER) && \ - OPENSSL_VERSION_NUMBER >= 0x10002000L) -static int -alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, - const unsigned char *in, unsigned int inlen, void *arg) -{ -#if !defined(LWS_WITH_MBEDTLS) - struct alpn_ctx *alpn_ctx = (struct alpn_ctx *)arg; - - if (SSL_select_next_proto((unsigned char **)out, outlen, alpn_ctx->data, - alpn_ctx->len, in, inlen) != - OPENSSL_NPN_NEGOTIATED) - return SSL_TLSEXT_ERR_NOACK; -#endif - - return SSL_TLSEXT_ERR_OK; -} -#endif - -void -lws_context_init_alpn(struct lws_vhost *vhost) -{ -#if defined(LWS_WITH_MBEDTLS) || (defined(OPENSSL_VERSION_NUMBER) && \ - OPENSSL_VERSION_NUMBER >= 0x10002000L) - const char *alpn_comma = vhost->context->tls.alpn_default; - - if (vhost->tls.alpn) - alpn_comma = vhost->tls.alpn; - - lwsl_info(" Server '%s' advertising ALPN: %s\n", - vhost->name, alpn_comma); - vhost->tls.alpn_ctx.len = lws_alpn_comma_to_openssl(alpn_comma, - vhost->tls.alpn_ctx.data, - sizeof(vhost->tls.alpn_ctx.data) - 1); - - SSL_CTX_set_alpn_select_cb(vhost->tls.ssl_ctx, alpn_cb, - &vhost->tls.alpn_ctx); -#else - lwsl_err( - " HTTP2 / ALPN configured but not supported by OpenSSL 0x%lx\n", - OPENSSL_VERSION_NUMBER); -#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L -} - -int -lws_tls_server_conn_alpn(struct lws *wsi) -{ -#if defined(LWS_WITH_MBEDTLS) || (defined(OPENSSL_VERSION_NUMBER) && \ - OPENSSL_VERSION_NUMBER >= 0x10002000L) - const unsigned char *name = NULL; - char cstr[10]; - unsigned len; - - if (!wsi->tls.ssl) - return 0; - - SSL_get0_alpn_selected(wsi->tls.ssl, &name, &len); - if (!len) { - lwsl_info("no ALPN upgrade\n"); - return 0; - } - - if (len > sizeof(cstr) - 1) - len = sizeof(cstr) - 1; - - memcpy(cstr, name, len); - cstr[len] = '\0'; - - lwsl_info("negotiated '%s' using ALPN\n", cstr); - wsi->tls.use_ssl |= LCCSCF_USE_SSL; - - return lws_role_call_alpn_negotiated(wsi, (const char *)cstr); -#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L - - return 0; -} - -#if !defined(LWS_NO_SERVER) - -static void -lws_sul_tls_cb(lws_sorted_usec_list_t *sul) -{ - struct lws_context_per_thread *pt = lws_container_of(sul, - struct lws_context_per_thread, sul_tls); - - lws_tls_check_all_cert_lifetimes(pt->context); - - __lws_sul_insert(&pt->pt_sul_owner, &pt->sul_tls, - (lws_usec_t)24 * 3600 * LWS_US_PER_SEC); -} - -LWS_VISIBLE int -lws_context_init_server_ssl(const struct lws_context_creation_info *info, - struct lws_vhost *vhost) -{ - struct lws_context *context = vhost->context; - struct lws wsi; - - if (!lws_check_opt(info->options, - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) { - vhost->tls.use_ssl = 0; - - return 0; - } - - /* - * If he is giving a server cert, take it as a sign he wants to use - * it on this vhost. User code can leave the cert filepath NULL and - * set the LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX option itself, in - * which case he's expected to set up the cert himself at - * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS, which - * provides the vhost SSL_CTX * in the user parameter. - */ - if (info->ssl_cert_filepath || info->server_ssl_cert_mem) - vhost->options |= LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX; - - if (info->port != CONTEXT_PORT_NO_LISTEN) { - - vhost->tls.use_ssl = lws_check_opt(vhost->options, - LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX); - - if (vhost->tls.use_ssl && info->ssl_cipher_list) - lwsl_notice(" SSL ciphers: '%s'\n", - info->ssl_cipher_list); - - if (vhost->tls.use_ssl) - lwsl_notice(" Using SSL mode\n"); - else - lwsl_notice(" Using non-SSL mode\n"); - } - - /* - * give him a fake wsi with context + vhost set, so he can use - * lws_get_context() in the callback - */ - memset(&wsi, 0, sizeof(wsi)); - wsi.vhost = vhost; /* not a real bound wsi */ - wsi.context = context; - - /* - * as a server, if we are requiring clients to identify themselves - * then set the backend up for it - */ - if (lws_check_opt(info->options, - LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT)) - /* Normally SSL listener rejects non-ssl, optionally allow */ - vhost->tls.allow_non_ssl_on_ssl_port = 1; - - /* - * give user code a chance to load certs into the server - * allowing it to verify incoming client certs - */ - if (vhost->tls.use_ssl) { - if (lws_tls_server_vhost_backend_init(info, vhost, &wsi)) - return -1; - - lws_tls_server_client_cert_verify_config(vhost); - - if (vhost->protocols[0].callback(&wsi, - LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS, - vhost->tls.ssl_ctx, vhost, 0)) - return -1; - } - - if (vhost->tls.use_ssl) - lws_context_init_alpn(vhost); - - /* check certs once a day */ - - context->pt[0].sul_tls.cb = lws_sul_tls_cb; - __lws_sul_insert(&context->pt[0].pt_sul_owner, &context->pt[0].sul_tls, - (lws_usec_t)24 * 3600 * LWS_US_PER_SEC); - - return 0; -} -#endif - -LWS_VISIBLE int -lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) -{ - struct lws_context *context = wsi->context; - struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; - struct lws_vhost *vh; - char buf[256]; - int n; - - (void)buf; - - if (!LWS_SSL_ENABLED(wsi->vhost)) - return 0; - - switch (lwsi_state(wsi)) { - case LRS_SSL_INIT: - - if (wsi->tls.ssl) - lwsl_err("%s: leaking ssl\n", __func__); - if (accept_fd == LWS_SOCK_INVALID) - assert(0); - if (context->simultaneous_ssl_restriction && - context->simultaneous_ssl >= - context->simultaneous_ssl_restriction) { - lwsl_notice("unable to deal with SSL connection\n"); - return 1; - } - - if (lws_tls_server_new_nonblocking(wsi, accept_fd)) { - if (accept_fd != LWS_SOCK_INVALID) - compatible_close(accept_fd); - goto fail; - } - - if (context->simultaneous_ssl_restriction && - ++context->simultaneous_ssl == - context->simultaneous_ssl_restriction) - /* that was the last allowed SSL connection */ - lws_gate_accepts(context, 0); - -#if defined(LWS_WITH_STATS) - context->updated = 1; -#endif - /* - * we are not accepted yet, but we need to enter ourselves - * as a live connection. That way we can retry when more - * pieces come if we're not sorted yet - */ - lwsi_set_state(wsi, LRS_SSL_ACK_PENDING); - - lws_pt_lock(pt, __func__); - if (__insert_wsi_socket_into_fds(context, wsi)) { - lwsl_err("%s: failed to insert into fds\n", __func__); - goto fail; - } - lws_pt_unlock(pt); - - lws_set_timeout(wsi, PENDING_TIMEOUT_SSL_ACCEPT, - context->timeout_secs); - - lwsl_debug("inserted SSL accept into fds, trying SSL_accept\n"); - - /* fallthru */ - - case LRS_SSL_ACK_PENDING: - - if (lws_change_pollfd(wsi, LWS_POLLOUT, 0)) { - lwsl_err("%s: lws_change_pollfd failed\n", __func__); - goto fail; - } - - lws_latency_pre(context, wsi); - - if (wsi->vhost->tls.allow_non_ssl_on_ssl_port) { - - n = recv(wsi->desc.sockfd, (char *)pt->serv_buf, - context->pt_serv_buf_size, MSG_PEEK); - - /* - * We have LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT.. - * this just means don't hang up on him because of no - * tls hello... what happens next is driven by - * additional option flags: - * - * none: fail the connection - * - * LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS: - * Destroy the TLS, issue a redirect using plaintext - * http (this may not be accepted by a client that - * has visited the site before and received an STS - * header). - * - * LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER: - * Destroy the TLS, continue and serve normally - * using http - * - * LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG: - * Destroy the TLS, apply whatever role and protocol - * were told in the vhost info struct - * .listen_accept_role / .listen_accept_protocol and - * continue with that - */ - - if (n >= 1 && pt->serv_buf[0] >= ' ') { - /* - * TLS content-type for Handshake is 0x16, and - * for ChangeCipherSpec Record, it's 0x14 - * - * A non-ssl session will start with the HTTP - * method in ASCII. If we see it's not a legit - * SSL handshake kill the SSL for this - * connection and try to handle as a HTTP - * connection upgrade directly. - */ - wsi->tls.use_ssl = 0; - - lws_tls_server_abort_connection(wsi); - /* - * care... this creates wsi with no ssl when ssl - * is enabled and normally mandatory - */ - wsi->tls.ssl = NULL; - - if (lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS)) { - lwsl_info("%s: redirecting from http " - "to https\n", __func__); - wsi->tls.redirect_to_https = 1; - goto notls_accepted; - } - - if (lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER)) { - lwsl_info("%s: allowing unencrypted " - "http service on tls port\n", - __func__); - goto notls_accepted; - } - - if (lws_check_opt(wsi->vhost->options, - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG)) { - if (lws_http_to_fallback(wsi, NULL, 0)) - goto fail; - lwsl_info("%s: allowing non-tls " - "fallback\n", __func__); - goto notls_accepted; - } - - lwsl_notice("%s: client did not send a valid " - "tls hello (default vhost %s)\n", - __func__, wsi->vhost->name); - goto fail; - } - if (!n) { - /* - * connection is gone, fail out - */ - lwsl_debug("PEEKed 0\n"); - goto fail; - } - if (n < 0 && (LWS_ERRNO == LWS_EAGAIN || - LWS_ERRNO == LWS_EWOULDBLOCK)) { - /* - * well, we get no way to know ssl or not - * so go around again waiting for something - * to come and give us a hint, or timeout the - * connection. - */ - if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) { - lwsl_info("%s: change_pollfd failed\n", - __func__); - return -1; - } - - lwsl_info("SSL_ERROR_WANT_READ\n"); - return 0; - } - } - - /* normal SSL connection processing path */ - -#if defined(LWS_WITH_STATS) - /* only set this the first time around */ - if (!wsi->accept_start_us) - wsi->accept_start_us = lws_now_usecs(); -#endif - errno = 0; - lws_stats_bump(pt, LWSSTATS_C_SSL_ACCEPT_SPIN, 1); - n = lws_tls_server_accept(wsi); - lws_latency(context, wsi, - "SSL_accept LRS_SSL_ACK_PENDING\n", n, n == 1); - lwsl_info("SSL_accept says %d\n", n); - switch (n) { - case LWS_SSL_CAPABLE_DONE: - break; - case LWS_SSL_CAPABLE_ERROR: - lws_stats_bump(pt, LWSSTATS_C_SSL_CONNECTIONS_FAILED, 1); - lwsl_info("SSL_accept failed socket %u: %d\n", - wsi->desc.sockfd, n); - wsi->socket_is_permanently_unusable = 1; - goto fail; - - default: /* MORE_SERVICE */ - return 0; - } - - lws_stats_bump(pt, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED, 1); -#if defined(LWS_WITH_STATS) - if (wsi->accept_start_us) - lws_stats_bump(pt, - LWSSTATS_US_SSL_ACCEPT_LATENCY_AVG, - lws_now_usecs() - - wsi->accept_start_us); - wsi->accept_start_us = lws_now_usecs(); -#endif - - /* adapt our vhost to match the SNI SSL_CTX that was chosen */ - vh = context->vhost_list; - while (vh) { - if (!vh->being_destroyed && wsi->tls.ssl && - vh->tls.ssl_ctx == lws_tls_ctx_from_wsi(wsi)) { - lwsl_info("setting wsi to vh %s\n", vh->name); - lws_vhost_bind_wsi(vh, wsi); - break; - } - vh = vh->vhost_next; - } - - /* OK, we are accepted... give him some time to negotiate */ - lws_set_timeout(wsi, PENDING_TIMEOUT_ESTABLISH_WITH_SERVER, - context->timeout_secs); - - lwsi_set_state(wsi, LRS_ESTABLISHED); - if (lws_tls_server_conn_alpn(wsi)) - goto fail; - lwsl_debug("accepted new SSL conn\n"); - break; - - default: - break; - } - - return 0; - -notls_accepted: - lwsi_set_state(wsi, LRS_ESTABLISHED); - - return 0; - -fail: - return 1; -} - diff --git a/lib/tls/tls.c b/lib/tls/tls.c deleted file mode 100644 index b21b26f..0000000 --- a/lib/tls/tls.c +++ /dev/null @@ -1,336 +0,0 @@ -/* - * libwebsockets - small server side websockets and web server implementation - * - * Copyright (C) 2010 - 2019 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include "core/private.h" -#include "tls/private.h" - -#if !defined(LWS_PLAT_OPTEE) && !defined(OPTEE_DEV_KIT) -#if defined(LWS_WITH_ESP32) && !defined(LWS_AMAZON_RTOS) -int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, - lws_filepos_t *amount) -{ - nvs_handle nvh; - size_t s; - int n = 0; - - ESP_ERROR_CHECK(nvs_open("lws-station", NVS_READWRITE, &nvh)); - if (nvs_get_blob(nvh, filename, NULL, &s) != ESP_OK) { - n = 1; - goto bail; - } - *buf = lws_malloc(s + 1, "alloc_file"); - if (!*buf) { - n = 2; - goto bail; - } - if (nvs_get_blob(nvh, filename, (char *)*buf, &s) != ESP_OK) { - lws_free(*buf); - n = 1; - goto bail; - } - - *amount = s; - (*buf)[s] = '\0'; - - lwsl_notice("%s: nvs: read %s, %d bytes\n", __func__, filename, (int)s); - -bail: - nvs_close(nvh); - - return n; -} -#else -int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, - lws_filepos_t *amount) -{ - FILE *f; - size_t s; - int n = 0; - - f = fopen(filename, "rb"); - if (f == NULL) { - n = 1; - goto bail; - } - - if (fseek(f, 0, SEEK_END) != 0) { - n = 1; - goto bail; - } - - s = ftell(f); - if (s == (size_t)-1) { - n = 1; - goto bail; - } - - if (fseek(f, 0, SEEK_SET) != 0) { - n = 1; - goto bail; - } - - *buf = lws_malloc(s, "alloc_file"); - if (!*buf) { - n = 2; - goto bail; - } - - if (fread(*buf, s, 1, f) != 1) { - lws_free(*buf); - n = 1; - goto bail; - } - - *amount = s; - -bail: - if (f) - fclose(f); - - return n; - -} -#endif - -/* - * filename: NULL means use buffer inbuf length inlen directly, otherwise - * load the file "filename" into an allocated buffer. - * - * Allocates a separate DER output buffer if inbuf / inlen are the input, - * since the - * - * Contents may be PEM or DER: returns with buf pointing to DER and amount - * set to the DER length. - */ - -int -lws_tls_alloc_pem_to_der_file(struct lws_context *context, const char *filename, - const char *inbuf, lws_filepos_t inlen, - uint8_t **buf, lws_filepos_t *amount) -{ - uint8_t *pem = NULL, *p, *end, *opem; - lws_filepos_t len; - uint8_t *q; - int n; - - if (filename) { - n = alloc_file(context, filename, (uint8_t **)&pem, &len); - if (n) - return n; - } else { - pem = (uint8_t *)inbuf; - len = inlen; - } - - opem = p = pem; - end = p + len; - - if (strncmp((char *)p, "-----", 5)) { - - /* take it as being already DER */ - - pem = lws_malloc(inlen, "alloc_der"); - if (!pem) - return 1; - - memcpy(pem, inbuf, inlen); - - *buf = pem; - *amount = inlen; - - return 0; - } - - /* PEM -> DER */ - - if (!filename) { - /* we don't know if it's in const memory... alloc the output */ - pem = lws_malloc((inlen * 3) / 4, "alloc_der"); - if (!pem) { - lwsl_err("a\n"); - return 1; - } - - - } /* else overwrite the allocated, b64 input with decoded DER */ - - /* trim the first line */ - - p += 5; - while (p < end && *p != '\n' && *p != '-') - p++; - - if (*p != '-') { - lwsl_err("b\n"); - goto bail; - } - - while (p < end && *p != '\n') - p++; - - if (p >= end) { - lwsl_err("c\n"); - goto bail; - } - - p++; - - /* trim the last line */ - - q = (uint8_t *)end - 2; - - while (q > opem && *q != '\n') - q--; - - if (*q != '\n') { - lwsl_err("d\n"); - goto bail; - } - - /* we can't write into the input buffer for mem, since it may be in RO - * const segment - */ - if (filename) - *q = '\0'; - - *amount = lws_b64_decode_string_len((char *)p, lws_ptr_diff(q, p), - (char *)pem, (int)(long long)len); - *buf = (uint8_t *)pem; - - return 0; - -bail: - lws_free((uint8_t *)pem); - - return 4; -} - - -#endif - -#if !defined(LWS_WITH_ESP32) && !defined(LWS_PLAT_OPTEE) && !defined(OPTEE_DEV_KIT) - - -static int -lws_tls_extant(const char *name) -{ - /* it exists if we can open it... */ - int fd = open(name, O_RDONLY), n; - char buf[1]; - - if (fd < 0) - return 1; - - /* and we can read at least one byte out of it */ - n = read(fd, buf, 1); - close(fd); - - return n != 1; -} -#endif -/* - * Returns 0 if the filepath "name" exists and can be read from. - * - * In addition, if "name".upd exists, backup "name" to "name.old.1" - * and rename "name".upd to "name" before reporting its existence. - * - * There are four situations and three results possible: - * - * 1) LWS_TLS_EXTANT_NO: There are no certs at all (we are waiting for them to - * be provisioned). We also feel like this if we need privs we don't have - * any more to look in the directory. - * - * 2) There are provisioned certs written (xxx.upd) and we still have root - * privs... in this case we rename any existing cert to have a backup name - * and move the upd cert into place with the correct name. This then becomes - * situation 4 for the caller. - * - * 3) LWS_TLS_EXTANT_ALTERNATIVE: There are provisioned certs written (xxx.upd) - * but we no longer have the privs needed to read or rename them. In this - * case, indicate that the caller should use temp copies if any we do have - * rights to access. This is normal after we have updated the cert. - * - * But if we dropped privs, we can't detect the provisioned xxx.upd cert + - * key, because we can't see in the dir. So we have to upgrade NO to - * ALTERNATIVE when we actually have the in-memory alternative. - * - * 4) LWS_TLS_EXTANT_YES: The certs are present with the correct name and we - * have the rights to read them. - */ -#if !defined(LWS_AMAZON_RTOS) -enum lws_tls_extant -lws_tls_use_any_upgrade_check_extant(const char *name) -{ -#if !defined(LWS_PLAT_OPTEE) - - int n; - -#if !defined(LWS_WITH_ESP32) - char buf[256]; - - lws_snprintf(buf, sizeof(buf) - 1, "%s.upd", name); - if (!lws_tls_extant(buf)) { - /* ah there is an updated file... how about the desired file? */ - if (!lws_tls_extant(name)) { - /* rename the desired file */ - for (n = 0; n < 50; n++) { - lws_snprintf(buf, sizeof(buf) - 1, - "%s.old.%d", name, n); - if (!rename(name, buf)) - break; - } - if (n == 50) { - lwsl_notice("unable to rename %s\n", name); - - return LWS_TLS_EXTANT_ALTERNATIVE; - } - lws_snprintf(buf, sizeof(buf) - 1, "%s.upd", name); - } - /* desired file is out of the way, rename the updated file */ - if (rename(buf, name)) { - lwsl_notice("unable to rename %s to %s\n", buf, name); - - return LWS_TLS_EXTANT_ALTERNATIVE; - } - } - - if (lws_tls_extant(name)) - return LWS_TLS_EXTANT_NO; -#else - nvs_handle nvh; - size_t s = 8192; - - if (nvs_open("lws-station", NVS_READWRITE, &nvh)) { - lwsl_notice("%s: can't open nvs\n", __func__); - return LWS_TLS_EXTANT_NO; - } - - n = nvs_get_blob(nvh, name, NULL, &s); - nvs_close(nvh); - - if (n) - return LWS_TLS_EXTANT_NO; -#endif -#endif - return LWS_TLS_EXTANT_YES; -} -#endif - diff --git a/libwebsockets.dox b/libwebsockets.dox index 4ad1012..e100285 100644 --- a/libwebsockets.dox +++ b/libwebsockets.dox @@ -7,7 +7,7 @@ DOXYFILE_ENCODING = UTF-8 PROJECT_NAME = "libwebsockets" PROJECT_NUMBER = PROJECT_BRIEF = "Lightweight C library for HTML5 websockets" -PROJECT_LOGO = "./test-apps/libwebsockets.org-logo.svg" +PROJECT_LOGO = "./test-server/libwebsockets.org-logo.png" OUTPUT_DIRECTORY = "doc" CREATE_SUBDIRS = NO ALLOW_UNICODE_NAMES = NO @@ -101,83 +101,9 @@ WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- -INPUT = include/libwebsockets.h \ - include/libwebsockets/lws-adopt.h \ - include/libwebsockets/lws-callbacks.h \ - include/libwebsockets/lws-cgi.h \ - include/libwebsockets/lws-client.h \ - include/libwebsockets/lws-context-vhost.h \ - include/libwebsockets/lws-dbus.h \ - include/libwebsockets/lws-diskcache.h \ - include/libwebsockets/lws-dsh.h \ - include/libwebsockets/lws-esp32.h \ - include/libwebsockets/lws-fts.h \ - include/libwebsockets/lws-genaes.h \ - include/libwebsockets/lws-gencrypto.h \ - include/libwebsockets/lws-genec.h \ - include/libwebsockets/lws-genhash.h \ - include/libwebsockets/lws-genrsa.h \ - include/libwebsockets/lws-http.h \ - include/libwebsockets/lws-jose.h \ - include/libwebsockets/lws-jwe.h \ - include/libwebsockets/lws-jwk.h \ - include/libwebsockets/lws-jws.h \ - include/libwebsockets/lws-lejp.h \ - include/libwebsockets/lws-logs.h \ - include/libwebsockets/lws-lwsac.h \ - include/libwebsockets/lws-misc.h \ - include/libwebsockets/lws-network-helper.h \ - include/libwebsockets/lws-plugin-generic-sessions.h \ - include/libwebsockets/lws-protocols-plugins.h \ - include/libwebsockets/lws-purify.h \ - include/libwebsockets/lws-retry.h \ - include/libwebsockets/lws-ring.h \ - include/libwebsockets/lws-sequencer.h \ - include/libwebsockets/lws-service.h \ - include/libwebsockets/lws-sha1-base64.h \ - include/libwebsockets/lws-spa.h \ - include/libwebsockets/lws-stats.h \ - include/libwebsockets/lws-struct.h \ - include/libwebsockets/lws-system.h \ - include/libwebsockets/lws-test-sequencer.h \ - include/libwebsockets/lws-threadpool.h \ - include/libwebsockets/lws-timeout-timer.h \ - include/libwebsockets/lws-tokenize.h \ - include/libwebsockets/lws-vfs.h \ - include/libwebsockets/lws-write.h \ - include/libwebsockets/lws-writeable.h \ - include/libwebsockets/lws-ws-close.h \ - include/libwebsockets/lws-ws-ext.h \ - include/libwebsockets/lws-ws-state.h \ - include/libwebsockets/lws-x509.h \ - plugins/ssh-base/include/lws-plugin-ssh.h \ - ./READMEs/mainpage.md \ - ./READMEs/README.build.md \ - ./READMEs/README.ci.md \ - ./READMEs/README.coding.md \ - ./READMEs/README.content-security-policy.md \ - ./READMEs/README.contributing.md \ - ./READMEs/README.crypto-apis.md \ - ./READMEs/README.esp32.md \ - ./READMEs/README.generic-sessions.md \ - ./READMEs/README.generic-table.md \ - ./READMEs/README.http-fallback.md \ - ./READMEs/README.lws_dll.md \ - ./READMEs/README.lws_sequencer.md \ - ./READMEs/README.lws_struct.md \ - ./READMEs/README.lws_sul.md \ - ./READMEs/README.lwsws.md \ - ./READMEs/README.plugin-sshd-base.md \ - ./READMEs/README.plugin-acme.md \ - ./READMEs/README.porting.md \ - ./READMEs/README.problems.md \ - ./READMEs/README.release-policy.md \ - ./READMEs/README.test-apps.md \ - ./READMEs/README.unix-domain-reverse-proxy.md \ - ./READMEs/README.vulnerability-reporting.md \ - ./doc-assets +INPUT = lib/libwebsockets.h mainpage.md README.build.md README.problems.md README.lwsws.md README.coding.md README.generic-sessions.md README.generic-table.md README.test-apps.md doc-assets INPUT_ENCODING = UTF-8 -FILE_PATTERNS = lib/*.c *.md *.png include/*.h +FILE_PATTERNS = lib/*.c *.md *.png RECURSIVE = NO EXCLUDE = EXCLUDE_SYMLINKS = NO @@ -333,11 +259,11 @@ PERLMOD_MAKEVAR_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- -ENABLE_PREPROCESSING = YES +ENABLE_PREPROCESSING = NO MACRO_EXPANSION = NO EXPAND_ONLY_PREDEF = NO SEARCH_INCLUDES = YES -INCLUDE_PATH = ./include +INCLUDE_PATH = INCLUDE_FILE_PATTERNS = PREDEFINED = EXPAND_AS_DEFINED = diff --git a/libwebsockets.spec b/libwebsockets.spec new file mode 100644 index 0000000..4b7a97d --- /dev/null +++ b/libwebsockets.spec @@ -0,0 +1,91 @@ +Name: libwebsockets +Version: 2.3.0 +Release: 1%{?dist} +Summary: Websocket Server and Client Library + +Group: System Environment/Libraries +License: LGPLv2 with exceptions +URL: https://libwebsockets.org +Source0: %{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +BuildRequires: openssl-devel cmake +Requires: openssl + +%description +Webserver server and client library + +%package devel +Summary: Development files for libwebsockets +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: openssl-devel + +%description devel +Development files for libwebsockets + +%prep +%setup -q + +%build +mkdir -p build +cd build +%cmake .. +make + +%install +rm -rf $RPM_BUILD_ROOT +cd build +make install DESTDIR=$RPM_BUILD_ROOT + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%attr(755,root,root) +/usr/bin/libwebsockets-test-server +/usr/bin/libwebsockets-test-server-extpoll +/usr/bin/libwebsockets-test-server-pthreads +/usr/bin/libwebsockets-test-client +/usr/bin/libwebsockets-test-ping +/usr/bin/libwebsockets-test-echo +/usr/bin/libwebsockets-test-fraggle +/usr/bin/libwebsockets-test-fuzxy +/%{_libdir}/libwebsockets.so.11 +/%{_libdir}/libwebsockets.so +/%{_libdir}/cmake/libwebsockets/LibwebsocketsConfig.cmake +/%{_libdir}/cmake/libwebsockets/LibwebsocketsConfigVersion.cmake +/%{_libdir}/cmake/libwebsockets/LibwebsocketsTargets.cmake +/%{_libdir}/cmake/libwebsockets/LibwebsocketsTargets-release.cmake + +/usr/share/libwebsockets-test-server +%doc +%files devel +%defattr(-,root,root,-) +/usr/include/* +%attr(755,root,root) +/%{_libdir}/libwebsockets.a +/%{_libdir}/pkgconfig/libwebsockets.pc + +%changelog +* Fri Jul 28 2017 Andy Green 2.3.0-1 +- MAJOR SONAMEBUMP APICHANGES Upstream 2.3.0 release + +* Mon Mar 06 2017 Andy Green 2.2.0-1 +- MAJOR SONAMEBUMP APICHANGES Upstream 2.2.0 release + +* Thu Oct 06 2016 Andy Green 2.1.0-1 +- MAJOR SONAMEBUMP APICHANGES Upstream 2.1.0 release + +* Thu May 05 2016 Andy Green 2.0.0-1 +- MAJOR SONAMEBUMP APICHANGES Upstream 2.0.0 release + +* Tue Feb 16 2016 Andy Green 1.7.0-1 +- MAJOR SONAMEBUMP APICHANGES Upstream 1.7.0 release + +* Sun Jan 17 2016 Andrew Cooks 1.6.0-1 +- Bump version to 1.6.0 diff --git a/lws_config.h.in b/lws_config.h.in new file mode 100644 index 0000000..514afeb --- /dev/null +++ b/lws_config.h.in @@ -0,0 +1,154 @@ +/* lws_config.h Generated from lws_config.h.in */ + +#ifndef NDEBUG + #ifndef _DEBUG + #define _DEBUG + #endif +#endif + +#define LWS_INSTALL_DATADIR "${CMAKE_INSTALL_PREFIX}/share" + +/* Define to 1 to use wolfSSL/CyaSSL as a replacement for OpenSSL. + * LWS_OPENSSL_SUPPORT needs to be set also for this to work. */ +#cmakedefine USE_WOLFSSL + +/* Also define to 1 (in addition to USE_WOLFSSL) when using the + (older) CyaSSL library */ +#cmakedefine USE_OLD_CYASSL +#cmakedefine LWS_USE_BORINGSSL + +#cmakedefine LWS_USE_MBEDTLS +#cmakedefine LWS_USE_POLARSSL +#cmakedefine LWS_WITH_ESP8266 +#cmakedefine LWS_WITH_ESP32 + +#cmakedefine LWS_WITH_PLUGINS +#cmakedefine LWS_WITH_NO_LOGS + +/* The Libwebsocket version */ +#cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}" + +#define LWS_LIBRARY_VERSION_MAJOR ${LWS_LIBRARY_VERSION_MAJOR} +#define LWS_LIBRARY_VERSION_MINOR ${LWS_LIBRARY_VERSION_MINOR} +#define LWS_LIBRARY_VERSION_PATCH ${LWS_LIBRARY_VERSION_PATCH} +/* LWS_LIBRARY_VERSION_NUMBER looks like 1005001 for e.g. version 1.5.1 */ +#define LWS_LIBRARY_VERSION_NUMBER (LWS_LIBRARY_VERSION_MAJOR*1000000)+(LWS_LIBRARY_VERSION_MINOR*1000)+LWS_LIBRARY_VERSION_PATCH + +/* The current git commit hash that we're building from */ +#cmakedefine LWS_BUILD_HASH "${LWS_BUILD_HASH}" + +/* Build with OpenSSL support */ +#cmakedefine LWS_OPENSSL_SUPPORT + +/* The client should load and trust CA root certs it finds in the OS */ +#cmakedefine LWS_SSL_CLIENT_USE_OS_CA_CERTS + +/* Sets the path where the client certs should be installed. */ +#cmakedefine LWS_OPENSSL_CLIENT_CERTS "${LWS_OPENSSL_CLIENT_CERTS}" + +/* Turn off websocket extensions */ +#cmakedefine LWS_NO_EXTENSIONS + +/* Enable libev io loop */ +#cmakedefine LWS_USE_LIBEV + +/* Enable libuv io loop */ +#cmakedefine LWS_USE_LIBUV + +/* Enable libevent io loop */ +#cmakedefine LWS_USE_LIBEVENT + +/* Build with support for ipv6 */ +#cmakedefine LWS_USE_IPV6 + +/* Build with support for UNIX domain socket */ +#cmakedefine LWS_USE_UNIX_SOCK + +/* Build with support for HTTP2 */ +#cmakedefine LWS_USE_HTTP2 + +/* Turn on latency measuring code */ +#cmakedefine LWS_LATENCY + +/* Don't build the daemonizeation api */ +#cmakedefine LWS_NO_DAEMONIZE + +/* Build without server support */ +#cmakedefine LWS_NO_SERVER + +/* Build without client support */ +#cmakedefine LWS_NO_CLIENT + +/* If we should compile with MinGW support */ +#cmakedefine LWS_MINGW_SUPPORT + +/* Use the BSD getifaddrs that comes with libwebsocket, for uclibc support */ +#cmakedefine LWS_BUILTIN_GETIFADDRS + +/* use SHA1() not internal libwebsockets_SHA1 */ +#cmakedefine LWS_SHA1_USE_OPENSSL_NAME + +/* SSL server using ECDH certificate */ +#cmakedefine LWS_SSL_SERVER_WITH_ECDH_CERT +#cmakedefine LWS_HAVE_SSL_CTX_set1_param +#cmakedefine LWS_HAVE_X509_VERIFY_PARAM_set1_host + +#cmakedefine LWS_HAVE_UV_VERSION_H + +/* CGI apis */ +#cmakedefine LWS_WITH_CGI + +/* whether the Openssl is recent enough, and / or built with, ecdh */ +#cmakedefine LWS_HAVE_OPENSSL_ECDH_H + +/* HTTP Proxy support */ +#cmakedefine LWS_WITH_HTTP_PROXY + +/* HTTP Ranges support */ +#cmakedefine LWS_WITH_RANGES + +/* Http access log support */ +#cmakedefine LWS_WITH_ACCESS_LOG +#cmakedefine LWS_WITH_SERVER_STATUS + +#cmakedefine LWS_WITH_STATEFUL_URLDECODE + +/* Maximum supported service threads */ +#define LWS_MAX_SMP ${LWS_MAX_SMP} + +/* Lightweight JSON Parser */ +#cmakedefine LWS_WITH_LEJP + +/* SMTP */ +#cmakedefine LWS_WITH_SMTP + +/* OPTEE */ +#cmakedefine LWS_PLAT_OPTEE + +/* ZIP FOPS */ +#cmakedefine LWS_WITH_ZIP_FOPS +#cmakedefine LWS_HAVE_STDINT_H + +#cmakedefine LWS_AVOID_SIGPIPE_IGN + +#cmakedefine LWS_FALLBACK_GETHOSTBYNAME + +#cmakedefine LWS_WITH_STATS +#cmakedefine LWS_WITH_SOCKS5 + +#cmakedefine LWS_HAVE_SYS_CAPABILITY_H +#cmakedefine LWS_HAVE_LIBCAP + +#cmakedefine LWS_HAVE_ATOLL +#cmakedefine LWS_HAVE__ATOI64 +#cmakedefine LWS_HAVE__STAT32I64 + +/* OpenSSL various APIs */ + +#cmakedefine LWS_HAVE_TLS_CLIENT_METHOD +#cmakedefine LWS_HAVE_TLSV1_2_CLIENT_METHOD +#cmakedefine LWS_HAVE_SSL_SET_INFO_CALLBACK + +#cmakedefine LWS_HAS_INTPTR_T + +${LWS_SIZEOFPTR_CODE} diff --git a/cmake/lws_config_private.h.in b/lws_config_private.h.in similarity index 93% rename from cmake/lws_config_private.h.in rename to lws_config_private.h.in index 55bd4fb..8ad39a2 100644 --- a/cmake/lws_config_private.h.in +++ b/lws_config_private.h.in @@ -10,6 +10,9 @@ * LWS_OPENSSL_SUPPORT needs to be set also for this to work. */ #cmakedefine USE_CYASSL +/* Define to 1 if you have the `bzero' function. */ +#cmakedefine LWS_HAVE_BZERO + /* Define to 1 if you have the header file. */ #cmakedefine LWS_HAVE_DLFCN_H @@ -25,6 +28,12 @@ /* Define to 1 if you have the header file. */ #cmakedefine LWS_HAVE_IN6ADDR_H +/* Define to 1 if you have the header file. */ +#cmakedefine LWS_HAVE_INTTYPES_H + +/* Define to 1 if you have the `ssl' library (-lssl). */ +//#cmakedefine LWS_HAVE_LIBSSL + /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ #cmakedefine LWS_HAVE_MALLOC @@ -78,8 +87,6 @@ /* Define to 1 if you have the header file. */ #cmakedefine LWS_HAVE_UNISTD_H -#cmakedefine LWS_HAVE_TCP_USER_TIMEOUT - /* Define to 1 if you have the `vfork' function. */ #cmakedefine LWS_HAVE_VFORK @@ -116,8 +123,4 @@ /* Define if the inline keyword doesn't exist. */ #cmakedefine inline ${inline} -#cmakedefine LWS_WITH_ZLIB -#cmakedefine LWS_HAS_PTHREAD_SETNAME_NP -/* Defined if you have the header file. */ -#cmakedefine LWS_HAVE_INTTYPES_H diff --git a/lwsws/etc-lwsws-conf.d-localhost-EXAMPLE b/lwsws/etc-lwsws-conf.d-localhost-EXAMPLE index 164e03a..2aa85e5 100644 --- a/lwsws/etc-lwsws-conf.d-localhost-EXAMPLE +++ b/lwsws/etc-lwsws-conf.d-localhost-EXAMPLE @@ -2,8 +2,7 @@ "vhosts": [ { "name": "localhost", "port": "7681", -# by default, bind to all interfaces, but you can restrict it -# "interface": "lo", + "interface": "lo", # "host-ssl-key": "/etc/pki/tls/private/libwebsockets.org.key", # "host-ssl-cert": "/etc/pki/tls/certs/libwebsockets.org.crt", # "host-ssl-ca": "/etc/pki/tls/certs/libwebsockets.org.cer", diff --git a/lwsws/main.c b/lwsws/main.c index 4a19307..01a6dc7 100644 --- a/lwsws/main.c +++ b/lwsws/main.c @@ -1,7 +1,7 @@ /* * libwebsockets web server application * - * Written in 2010-2019 by Andy Green + * Copyright (C) 2010-2016 Andy Green * * This file is made available under the Creative Commons CC0 1.0 * Universal Public Domain Dedication. @@ -21,9 +21,7 @@ #include #include -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) #include -#endif #include #include #include @@ -38,7 +36,6 @@ #else #include #include "gettimeofday.h" -#include int fork(void) { @@ -47,7 +44,7 @@ int fork(void) } #endif -#include +#include "../lib/libwebsockets.h" #include @@ -55,20 +52,17 @@ static struct lws_context *context; static char config_dir[128]; static int opts = 0, do_reload = 1; static uv_loop_t loop; -static uv_signal_t signal_outer[2]; +static uv_signal_t signal_outer; static int pids[32]; -void lwsl_emit_stderr(int level, const char *line); #define LWSWS_CONFIG_STRING_SIZE (32 * 1024) static const struct lws_extension exts[] = { -#if !defined(LWS_WITHOUT_EXTENSIONS) { "permessage-deflate", lws_extension_callback_pm_deflate, "permessage-deflate" }, -#endif { NULL, NULL, NULL /* terminator */ } }; @@ -77,14 +71,12 @@ static const char * const plugin_dirs[] = { NULL }; -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) static struct option options[] = { { "help", no_argument, NULL, 'h' }, { "debug", required_argument, NULL, 'd' }, { "configdir", required_argument, NULL, 'c' }, { NULL, 0, 0, 0 } }; -#endif void signal_cb(uv_signal_t *watcher, int signum) { @@ -106,9 +98,7 @@ void signal_cb(uv_signal_t *watcher, int signum) break; } lwsl_err("Signal %d caught\n", watcher->signum); - uv_signal_stop(watcher); - uv_signal_stop(&signal_outer[1]); - lws_context_destroy(context); + lws_libuv_stop(context); } static int @@ -117,7 +107,6 @@ context_creation(void) int cs_len = LWSWS_CONFIG_STRING_SIZE - 1; struct lws_context_creation_info info; char *cs, *config_strings; - void *foreign_loops[1]; cs = config_strings = malloc(LWSWS_CONFIG_STRING_SIZE); if (!config_strings) { @@ -128,7 +117,7 @@ context_creation(void) memset(&info, 0, sizeof(info)); info.external_baggage_free_on_destroy = config_strings; - info.pt_serv_buf_size = 8192; + info.max_http_header_pool = 16; info.options = opts | LWS_SERVER_OPTION_VALIDATE_UTF8 | LWS_SERVER_OPTION_EXPLICIT_VHOSTS | LWS_SERVER_OPTION_LIBUV; @@ -142,16 +131,15 @@ context_creation(void) if (lwsws_get_config_globals(&info, config_dir, &cs, &cs_len)) goto init_failed; - foreign_loops[0] = &loop; - info.foreign_loops = foreign_loops; - info.pcontext = &context; - context = lws_create_context(&info); if (context == NULL) { lwsl_err("libwebsocket init failed\n"); goto init_failed; } + lws_uv_sigint_cfg(context, 1, signal_cb); + lws_uv_initloop(context, &loop, 0); + /* * then create the vhosts... protocols are entirely coming from * plugins, so we leave it NULL @@ -159,7 +147,8 @@ context_creation(void) info.extensions = exts; - if (lwsws_get_config_vhosts(context, &info, config_dir, &cs, &cs_len)) + if (lwsws_get_config_vhosts(context, &info, config_dir, + &cs, &cs_len)) return 1; return 0; @@ -187,7 +176,7 @@ reload_handler(int signum) fprintf(stderr, "root process receives reload\n"); if (!do_reload) { fprintf(stderr, "passing HUP to child processes\n"); - for (m = 0; m < (int)LWS_ARRAY_SIZE(pids); m++) + for (m = 0; m < ARRAY_SIZE(pids); m++) if (pids[m]) kill(pids[m], SIGHUP); sleep(1); @@ -197,10 +186,8 @@ reload_handler(int signum) case SIGINT: case SIGTERM: case SIGKILL: - fprintf(stderr, "master process waiting 2s...\n"); - sleep(2); /* give children a chance to deal with the signal */ fprintf(stderr, "killing service processes\n"); - for (m = 0; m < (int)LWS_ARRAY_SIZE(pids); m++) + for (m = 0; m < ARRAY_SIZE(pids); m++) if (pids[m]) kill(pids[m], SIGTERM); exit(0); @@ -212,19 +199,15 @@ reload_handler(int signum) int main(int argc, char **argv) { - int n = 0, budget = 100, debug_level = 1024 + 7; + int n = 0, debug_level = 7; #ifndef _WIN32 int m; - int status;//, syslog_options = LOG_PID | LOG_PERROR; + int status, syslog_options = LOG_PID | LOG_PERROR; #endif strcpy(config_dir, "/etc/lwsws"); while (n >= 0) { -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) n = getopt_long(argc, argv, "hd:c:", options, NULL); -#else - n = getopt(argc, argv, "hd:c:"); -#endif if (n < 0) continue; switch (n) { @@ -232,7 +215,8 @@ int main(int argc, char **argv) debug_level = atoi(optarg); break; case 'c': - lws_strncpy(config_dir, optarg, sizeof(config_dir)); + strncpy(config_dir, optarg, sizeof(config_dir) - 1); + config_dir[sizeof(config_dir) - 1] = '\0'; break; case 'h': fprintf(stderr, "Usage: lwsws [-c ] " @@ -262,8 +246,9 @@ int main(int argc, char **argv) break; /* old */ if (n > 0) - for (m = 0; m < (int)LWS_ARRAY_SIZE(pids); m++) + for (m = 0; m < ARRAY_SIZE(pids); m++) if (!pids[m]) { + // fprintf(stderr, "added child pid %d\n", n); pids[m] = n; break; } @@ -273,8 +258,9 @@ int main(int argc, char **argv) n = waitpid(-1, &status, WNOHANG); if (n > 0) - for (m = 0; m < (int)LWS_ARRAY_SIZE(pids); m++) + for (m = 0; m < ARRAY_SIZE(pids); m++) if (pids[m] == n) { + // fprintf(stderr, "reaped child pid %d\n", pids[m]); pids[m] = 0; break; } @@ -285,10 +271,16 @@ int main(int argc, char **argv) #endif /* child process */ - lws_set_log_level(debug_level, lwsl_emit_stderr_notimestamp); +#ifndef _WIN32 + /* we will only try to log things according to our debug_level */ + setlogmask(LOG_UPTO (LOG_DEBUG)); + openlog("lwsws", syslog_options, LOG_DAEMON); +#endif + + lws_set_log_level(debug_level, lwsl_emit_syslog); lwsl_notice("lwsws libwebsockets web server - license CC0 + LGPL2.1\n"); - lwsl_notice("(C) Copyright 2010-2018 Andy Green \n"); + lwsl_notice("(C) Copyright 2010-2016 Andy Green \n"); #if (UV_VERSION_MAJOR > 0) // Travis... uv_loop_init(&loop); @@ -296,33 +288,30 @@ int main(int argc, char **argv) fprintf(stderr, "Your libuv is too old!\n"); return 0; #endif - uv_signal_init(&loop, &signal_outer[0]); - uv_signal_start(&signal_outer[0], signal_cb, SIGINT); - uv_signal_init(&loop, &signal_outer[1]); - uv_signal_start(&signal_outer[1], signal_cb, SIGHUP); + uv_signal_init(&loop, &signal_outer); + uv_signal_start(&signal_outer, signal_cb, SIGINT); + uv_signal_start(&signal_outer, signal_cb, SIGHUP); if (context_creation()) { lwsl_err("Context creation failed\n"); return 1; } - lws_service(context, 0); - - lwsl_err("%s: closing\n", __func__); - - for (n = 0; n < 2; n++) { - uv_signal_stop(&signal_outer[n]); - uv_close((uv_handle_t *)&signal_outer[n], NULL); - } + lws_libuv_run(context, 0); + uv_signal_stop(&signal_outer); lws_context_destroy(context); - (void)budget; + #if (UV_VERSION_MAJOR > 0) // Travis... - while ((n = uv_loop_close(&loop)) && --budget) - uv_run(&loop, UV_RUN_ONCE); + lws_close_all_handles_in_loop(&loop); + n = 0; + while (n++ < 4096 && uv_loop_close(&loop)) + uv_run(&loop, UV_RUN_NOWAIT); #endif - fprintf(stderr, "lwsws exited cleanly: %d\n", n); + lws_context_destroy2(context); + + fprintf(stderr, "lwsws exited cleanly\n"); #ifndef _WIN32 closelog(); diff --git a/lwsws/usr-lib-systemd-system-lwsws.service b/lwsws/usr-lib-systemd-system-lwsws.service index 38c5012..13041a3 100644 --- a/lwsws/usr-lib-systemd-system-lwsws.service +++ b/lwsws/usr-lib-systemd-system-lwsws.service @@ -6,6 +6,7 @@ After=syslog.target ExecStart=/usr/local/bin/lwsws ExecReload=/usr/bin/kill -HUP $MAINPID ExecStop=/usr/bin/killall lwsws +StandardError=null [Install] WantedBy=multi-user.target diff --git a/mainpage.md b/mainpage.md new file mode 100644 index 0000000..9a427b3 --- /dev/null +++ b/mainpage.md @@ -0,0 +1,16 @@ +##Libwebsockets API introduction + +Libwebsockets covers a lot of interesting features for people making embedded servers or clients + + - http(s) serving and client operation + - ws(s) serving and client operation + - http(s) apis for file transfer and upload + - http POST form handling (including multipart) + - cookie-based sessions + - account management (including registration, email verification, lost pw etc) + - strong ssl PFS support (A+ on SSLlabs test) + +You can browse by api category
here + +A collection of READMEs for build, coding, lwsws etc are here + diff --git a/minimal-examples/README.md b/minimal-examples/README.md deleted file mode 100644 index 2f271db..0000000 --- a/minimal-examples/README.md +++ /dev/null @@ -1,88 +0,0 @@ -|name|demonstrates| ----|--- -client-server|Minimal examples providing client and server connections simultaneously -crypto|Minimal examples related to using lws crypto apis -dbus-server|Minimal examples showing how to integrate DBUS into lws event loop -http-client|Minimal examples providing an http client -http-server|Minimal examples providing an http server -raw|Minimal examples related to adopting raw file or socket descriptors into the event loop -ws-client|Minimal examples providing a ws client -ws-server|Minimal examples providing a ws server (and an http server) - -## FAQ - -### Getting started - -Build and install lws itself first (note that after installing lws on \*nix, you need to run `ldconfig` one time so the OS can learn about the new library. Lws installs in `/usr/local` by default, Debian / Ubuntu ldconfig knows to look there already, but Fedora / CentOS need you to add the line `/usr/local/lib` to `/etc/ld.so.conf` and run ldconfig) - -Then start with the simplest: - -`http-server/minimal-http-server` - -### Why are most of the sources split into a main C file file and a protocol file? - -Lws supports three ways to implement the protocol callback code: - - - you can just add it all in the same source file - - - you can separate it as these examples do, and #include it - into the main sources - - - you can build it as a standalone plugin that is discovered - and loaded at runtime. - -The way these examples are structured, you can easily also build -the protocol callback as a plugin just with a different -CMakeLists.txt... see https://github.com/warmcat/libwebsockets/tree/master/plugin-standalone -for an example. - -### Why would we want the protocol as a plugin? - -You will notice a lot of the main C code is the same boilerplate -repeated for each example. The actual interesting part is in -the protocol callback only. - -Lws provides (-DLWS_WITH_LWSWS=1) a generic lightweight server app called 'lwsws' that -can be configured by JSON. Combined with your protocol as a plugin, -it means you don't actually have to make a special server "app" -part, you can just use lwsws and pass per-vhost configuration -from JSON into your protocol. (Of course in some cases you have -an existing app you are bolting lws on to, then you don't care -about this for that particular case). - -Because lwsws has no dependency on whatever your plugin does, it -can mix and match different protocols randomly without needing any code -changes. It reduces the size of the task to just writing the -code you care about in your protocol handler, and nothing else to write -or maintain. - -Lwsws supports advanced features like reload, where it starts a new server -instance with changed config or different plugins, while keeping the old -instance around until the last connection to it closes. - -### I get why there is a pss, but why is there a vhd? - -The pss is instantiated per-connection. But there are almost always -other variables that have a lifetime longer than a single connection. - -You could make these variables "filescope" one-time globals, but that -means your protocol cannot instantiate multiple times. - -Lws supports vhosts (virtual hosts), for example both https://warmcat.com -and https://libwebsockets are running on the same lwsws instance on the -same server and same IP... each of these is a separate vhost. - -Your protocol may be enabled on multiple vhosts, each of these vhosts -provides a different vhd specific to the protocol instance on that -vhost. For example many of the samples keep a linked-list head to -a list of live pss in the vhd... that means it's cleanly a list of -pss opened **on that vhost**. If another vhost has the protocol -enabled, connections to that will point to a different vhd, and the -linked-list head on that vhd will only list connections to his vhost. - -The example "ws-server/minimal-ws-server-threads" demonstrates how to deliver -external configuration data to a specific vhost + protocol -combination using code. In lwsws, this is simply a matter of setting -the desired JSON config. - - diff --git a/minimal-examples/abstract/protocols/smtp-client/CMakeLists.txt b/minimal-examples/abstract/protocols/smtp-client/CMakeLists.txt deleted file mode 100644 index 43f4246..0000000 --- a/minimal-examples/abstract/protocols/smtp-client/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-smtp_client) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_SMTP 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/abstract/protocols/smtp-client/README.md b/minimal-examples/abstract/protocols/smtp-client/README.md deleted file mode 100644 index a3b3d01..0000000 --- a/minimal-examples/abstract/protocols/smtp-client/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# lws api test smtp client - -Demonstrates how to send email through your local MTA - -## build - -Requires lws was built with `-DLWS_WITH_SMTP=1` at cmake. - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --r |Send the test email to this email address - - -``` - $ ./lws-api-test-smtp_client -r andy@warmcat.com -[2019/04/17 05:12:06:5293] USER: LWS API selftest: SMTP client -[2019/04/17 05:12:06:5635] NOTICE: LGSSMTP_IDLE: connecting to 127.0.0.1:25 -[2019/04/17 05:12:06:6238] NOTICE: email_sent_or_failed: sent OK -[2019/04/17 05:12:06:6394] USER: Completed: PASS - -``` - diff --git a/minimal-examples/abstract/protocols/smtp-client/main.c b/minimal-examples/abstract/protocols/smtp-client/main.c deleted file mode 100644 index 11d6b20..0000000 --- a/minimal-examples/abstract/protocols/smtp-client/main.c +++ /dev/null @@ -1,175 +0,0 @@ -/* - * lws-api-test-smtp_client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -#include - -static int interrupted, result = 1; -static const char *recip; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -static int -email_sent_or_failed(struct lws_smtp_email *email, void *buf, size_t len) -{ - /* you could examine email->data here */ - if (buf) - lwsl_notice("%s: %.*s\n", __func__, (int)len, (const char *)buf); - else - lwsl_notice("%s:\n", __func__); - - /* destroy any allocations in email */ - - free((char *)email->payload); - - result = 0; - interrupted = 1; - - return 0; -} - -/* - * We're going to bind to the raw-skt transport, so tell that what we want it - * to connect to - */ - -static const lws_token_map_t smtp_raw_skt_transport_tokens[] = { - { - .u = { .value = "127.0.0.1" }, - .name_index = LTMI_PEER_V_DNS_ADDRESS, - }, { - .u = { .lvalue = 25 }, - .name_index = LTMI_PEER_LV_PORT, - }, { - } -}; - -static const lws_token_map_t smtp_protocol_tokens[] = { - { - .u = { .value = "lws-test-client" }, - .name_index = LTMI_PSMTP_V_HELO, - }, { - } -}; - - -int main(int argc, const char **argv) -{ - int n = 1, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - struct lws_context *context; - lws_abs_t abs, *instance; - lws_smtp_email_t email; - struct lws_vhost *vh; - const char *p; - - /* the normal lws init */ - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - p = lws_cmdline_option(argc, argv, "-r"); - if (!p) { - lwsl_err("-r is required\n"); - return 1; - } - recip = p; - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: SMTP client\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - vh = lws_create_vhost(context, &info); - if (!vh) { - lwsl_err("Failed to create first vhost\n"); - goto bail1; - } - - /* - * create an smtp client that's hooked up to real sockets - */ - - memset(&abs, 0, sizeof(abs)); - abs.vh = vh; - - /* select the protocol and bind its tokens */ - - abs.ap = lws_abs_protocol_get_by_name("smtp"); - if (!abs.ap) - goto bail1; - abs.ap_tokens = smtp_protocol_tokens; - - /* select the transport and bind its tokens */ - - abs.at = lws_abs_transport_get_by_name("raw_skt"); - if (!abs.at) - goto bail1; - abs.at_tokens = smtp_raw_skt_transport_tokens; - - instance = lws_abs_bind_and_create_instance(&abs); - if (!instance) { - lwsl_err("%s: failed to create SMTP client\n", __func__); - goto bail1; - } - - /* attach an email to it */ - - memset(&email, 0, sizeof(email)); - email.data = NULL /* email specific user data */; - email.email_from = "andy@warmcat.com"; - email.email_to = recip; - email.payload = malloc(2048); - if (!email.payload) { - goto bail1; - } - - lws_snprintf((char *)email.payload, 2048, - "From: noreply@example.com\n" - "To: %s\n" - "Subject: Test email for lws smtp-client\n" - "\n" - "Hello this was an api test for lws smtp-client\n" - "\r\n.\r\n", recip); - email.done = email_sent_or_failed; - - if (lws_smtp_client_add_email(instance, &email)) { - lwsl_err("%s: failed to add email\n", __func__); - goto bail; - } - - /* the usual lws event loop */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - -bail1: - lwsl_user("Completed: %s\n", result ? "FAIL" : "PASS"); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/api-tests/README.md b/minimal-examples/api-tests/README.md deleted file mode 100644 index a28df4f..0000000 --- a/minimal-examples/api-tests/README.md +++ /dev/null @@ -1,12 +0,0 @@ -These are buildable test apps that run in CI to confirm correct api operation. - -|name|tests| ----|--- -api-test-lwsac|LWS Allocated Chunks api -api-test-lws_struct-json|Selftests for lws_struct JSON serialization and deserialization -api-test-lws_tokenize|Generic secure string tokenizer api -api-test-fts|LWS Full-text Search api -api-test-gencrypto|LWS Generic Crypto apis -api-test-jose|LWS JOSE apis -api-test-smtp_client|SMTP client for sending emails - diff --git a/minimal-examples/api-tests/api-test-fts/CMakeLists.txt b/minimal-examples/api-tests/api-test-fts/CMakeLists.txt deleted file mode 100644 index 023e837..0000000 --- a/minimal-examples/api-tests/api-test-fts/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-fts) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_FTS 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/api-tests/api-test-fts/README.md b/minimal-examples/api-tests/api-test-fts/README.md deleted file mode 100644 index fe7881f..0000000 --- a/minimal-examples/api-tests/api-test-fts/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# lws api test fts - -Demonstrates how to create indexes and perform full-text searches. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --c / --createindex|Create an index file, instead of searching --i / --index |Use this file as the index - -The two modes are: - - - create an index: `--createindex inputfile [inputfile...]` - -``` - $ ./lws-api-test-fts -c ./the-picture-of-dorian-gray.txt -[2018/10/15 07:14:15:1175] USER: LWS API selftest: full-text search -[2018/10/15 07:14:15:1531] NOTICE: lws_fts_serialize: index 1 files (0MiB) cpu time 32ms, alloc: 1024KiB + 1024KiB, serialize: 3ms, file: 325KiB -``` - - - perform search[es]: `searchterm [searchterm...]` - -``` - $ ./lws-api-test-fts b -[2018/10/15 07:15:44:1442] USER: LWS API selftest: full-text search -[2018/10/15 07:15:44:1442] NOTICE: lws_fts_search: 'b' Matched: 3 instances, 8 children, 0ms -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC b: 3 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC be: 472 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC bee: 3 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC been: 236 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC beaut: 1 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC beauty: 55 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC because: 40 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC believe: 49 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC better: 54 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC before: 75 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC beg: 5 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC began: 44 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC but: 401 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC basil: 158 agg hits -[2018/10/15 07:15:44:1443] NOTICE: lws_fts_results_dump: AC broke: 22 agg hits -[2018/10/15 07:15:44:1444] NOTICE: lws_fts_results_dump: AC by: 242 agg hits -[2018/10/15 07:15:44:1444] NOTICE: lws_fts_results_dump: AC boy: 36 agg hits -``` - diff --git a/minimal-examples/api-tests/api-test-fts/canned-1.txt b/minimal-examples/api-tests/api-test-fts/canned-1.txt deleted file mode 100644 index b211f89..0000000 --- a/minimal-examples/api-tests/api-test-fts/canned-1.txt +++ /dev/null @@ -1,26 +0,0 @@ -API selftest: full-text search -AC be: 472 agg hits -AC but: 401 agg hits -AC by: 242 agg hits -AC been: 236 agg hits -AC basil: 158 agg hits -AC before: 75 agg hits -AC beauty: 55 agg hits -AC better: 54 agg hits -AC believe: 49 agg hits -AC began: 44 agg hits -AC because: 40 agg hits -AC boy: 36 agg hits -AC book: 31 agg hits -AC body: 28 agg hits -AC both: 26 agg hits -AC broke: 22 agg hits -AC beg: 5 agg hits -AC bore: 5 agg hits -AC b: 3 agg hits -AC bee: 3 agg hits -AC beaut: 1 agg hits -no filepath results - - - diff --git a/minimal-examples/api-tests/api-test-fts/canned-2.txt b/minimal-examples/api-tests/api-test-fts/canned-2.txt deleted file mode 100644 index 579f3ba..0000000 --- a/minimal-examples/api-tests/api-test-fts/canned-2.txt +++ /dev/null @@ -1,42 +0,0 @@ -API selftest: full-text search -no autocomplete results -../minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt: (8904 lines) 32 hits -360 -17482 -393 -18984 -562 -28820 -837 -42903 -1640 -82057 -2037 -102214 -2091 -105019 -2145 -107351 -2725 -137188 -2808 -141127 -2977 -149971 -3429 -173810 -4417 -229186 -4431 -230058 -4656 -241181 -4708 -244372 -../minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt: (14399 lines) 3 hits -14106 -14313 -14396 - - - diff --git a/minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt b/minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt deleted file mode 100644 index 20aa7e3..0000000 --- a/minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt +++ /dev/null @@ -1,14399 +0,0 @@ -The Project Gutenberg EBook of Les misérables Tome I, by Victor Hugo - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.org - - -Title: Les misérables Tome I - Fantine - -Author: Victor Hugo - -Release Date: January 10, 2006 [EBook #17489] -[Date last updated: July 28, 2010] - -Language: French - - -*** START OF THIS PROJECT GUTENBERG EBOOK LES MISÉRABLES TOME I *** - - - - -Produced by www.ebooksgratuits.com and Chuck Greif - - - - -Victor Hugo - -LES MISÉRABLES - -Tome I--FANTINE - -(1862) - - -TABLE DES MATIÈRES - -Livre premier--Un juste - -Chapitre I Monsieur Myriel -Chapitre II Monsieur Myriel devient monseigneur Bienvenu -Chapitre III À bon évêque dur évêché -Chapitre IV Les oeuvres semblables aux paroles -Chapitre V Que monseigneur Bienvenu faisait durer trop longtemps ses - soutanes -Chapitre VI Par qui il faisait garder sa maison -Chapitre VII Cravatte -Chapitre VIII Philosophie après boire -Chapitre IX Le frère raconté par la soeur -Chapitre X L'évêque en présence d'une lumière inconnue -Chapitre XI Une restriction -Chapitre XII Solitude de monseigneur Bienvenu -Chapitre XIII Ce qu'il croyait -Chapitre XIV Ce qu'il pensait - - -Livre deuxième--La chute - -Chapitre I Le soir d'un jour de marche -Chapitre II La prudence conseillée à la sagesse -Chapitre III Héroïsme de l'obéissance passive -Chapitre IV Détails sur les fromageries de Pontarlier -Chapitre V Tranquillité -Chapitre VI Jean Valjean -Chapitre VII Le dedans du désespoir -Chapitre VIII L'onde et l'ombre -Chapitre IX Nouveaux griefs -Chapitre X L'homme réveillé -Chapitre XI Ce qu'il fait -Chapitre XII L'évêque travaille -Chapitre XIII Petit-Gervais - - -Livre troisième--En l'année 1817 - -Chapitre I L'année 1817 -Chapitre II Double quatuor -Chapitre III Quatre à quatre -Chapitre IV Tholomyès est si joyeux qu'il chante une chanson espagnole -Chapitre V Chez Bombarda -Chapitre VI Chapitre où l'on s'adore -Chapitre VII Sagesse de Tholomyès -Chapitre VIII Mort d'un cheval -Chapitre IX Fin joyeuse de la joie -Livre quatrième--Confier, c'est quelquefois livrer -Chapitre I Une mère qui en rencontre une autre -Chapitre II Première esquisse de deux figures louches -Chapitre III L'Alouette - - -Livre cinquième--La descente - -Chapitre I Histoire d'un progrès dans les verroteries noires -Chapitre II M. Madeleine -Chapitre III Sommes déposées chez Laffitte -Chapitre IV M. Madeleine en deuil -Chapitre V Vagues éclairs à l'horizon -Chapitre VI Le père Fauchelevent -Chapitre VII Fauchelevent devient jardinier à Paris -Chapitre VIII Madame Victurnien dépense trente-cinq francs pour la morale -Chapitre IX Succès de Madame Victurnien -Chapitre X Suite du succès -Chapitre XI _Christus nos liberavit_ -Chapitre XII Le désoeuvrement de M. Bamatabois -Chapitre XIII Solution de quelques questions de police municipale - - -Livre sixième--Javert - -Chapitre I Commencement du repos -Chapitre II Comment Jean peut devenir Champ - - -Livre septième--L'affaire Champmathieu - -Chapitre I La soeur Simplice -Chapitre II Perspicacité de maître Scaufflaire -Chapitre III Une tempête sous un crâne -Chapitre IV Formes que prend la souffrance pendant le sommeil -Chapitre V Bâtons dans les roues -Chapitre VI La soeur Simplice mise à l'épreuve -Chapitre VII Le voyageur arrivé prend ses précautions pour repartir -Chapitre VIII Entrée de faveur -Chapitre IX Un lieu où des convictions sont en train de se former -Chapitre X Le système de dénégations -Chapitre XI Champmathieu de plus en plus étonné - - -Livre huitième--Contre-coup - -Chapitre I Dans quel miroir M. Madeleine regarde ses cheveux -Chapitre II Fantine heureuse -Chapitre III Javert content -Chapitre IV L'autorité reprend ses droits -Chapitre V Tombeau convenable - - - - -Livre premier--Un juste - - - - -Chapitre I - -Monsieur Myriel - - -En 1815, M. Charles-François-Bienvenu Myriel était évêque de Digne. -C'était un vieillard d'environ soixante-quinze ans; il occupait le siège -de Digne depuis 1806. - -Quoique ce détail ne touche en aucune manière au fond même de ce que -nous avons à raconter, il n'est peut-être pas inutile, ne fût-ce que -pour être exact en tout, d'indiquer ici les bruits et les propos qui -avaient couru sur son compte au moment où il était arrivé dans le -diocèse. Vrai ou faux, ce qu'on dit des hommes tient souvent autant de -place dans leur vie et surtout dans leur destinée que ce qu'ils font. M. -Myriel était fils d'un conseiller au parlement d'Aix; noblesse de robe. -On contait de lui que son père, le réservant pour hériter de sa charge, -l'avait marié de fort bonne heure, à dix-huit ou vingt ans, suivant un -usage assez répandu dans les familles parlementaires. Charles Myriel, -nonobstant ce mariage, avait, disait-on, beaucoup fait parler de lui. Il -était bien fait de sa personne, quoique d'assez petite taille, élégant, -gracieux, spirituel; toute la première partie de sa vie avait été donnée -au monde et aux galanteries. La révolution survint, les événements se -précipitèrent, les familles parlementaires décimées, chassées, traquées, -se dispersèrent. M. Charles Myriel, dès les premiers jours de la -révolution, émigra en Italie. Sa femme y mourut d'une maladie de -poitrine dont elle était atteinte depuis longtemps. Ils n'avaient point -d'enfants. Que se passa-t-il ensuite dans la destinée de M. Myriel? -L'écroulement de l'ancienne société française, la chute de sa propre -famille, les tragiques spectacles de 93, plus effrayants encore -peut-être pour les émigrés qui les voyaient de loin avec le -grossissement de l'épouvante, firent-ils germer en lui des idées de -renoncement et de solitude? Fut-il, au milieu d'une de ces distractions -et de ces affections qui occupaient sa vie, subitement atteint d'un de -ces coups mystérieux et terribles qui viennent quelquefois renverser, en -le frappant au coeur, l'homme que les catastrophes publiques -n'ébranleraient pas en le frappant dans son existence et dans sa -fortune? Nul n'aurait pu le dire; tout ce qu'on savait, c'est que, -lorsqu'il revint d'Italie, il était prêtre. - -En 1804, M. Myriel était curé de Brignolles. Il était déjà vieux, et -vivait dans une retraite profonde. - -Vers l'époque du couronnement, une petite affaire de sa cure, on ne sait -plus trop quoi, l'amena à Paris. Entre autres personnes puissantes, il -alla solliciter pour ses paroissiens M. le cardinal Fesch. Un jour que -l'empereur était venu faire visite à son oncle, le digne curé, qui -attendait dans l'antichambre, se trouva sur le passage de sa majesté. -Napoléon, se voyant regardé avec une certaine curiosité par ce -vieillard, se retourna, et dit brusquement: - ---Quel est ce bonhomme qui me regarde? - ---Sire, dit M. Myriel, vous regardez un bonhomme, et moi je regarde un -grand homme. Chacun de nous peut profiter. - -L'empereur, le soir même, demanda au cardinal le nom de ce curé, et -quelque temps après M. Myriel fut tout surpris d'apprendre qu'il était -nommé évêque de Digne. - -Qu'y avait-il de vrai, du reste, dans les récits qu'on faisait sur la -première partie de la vie de M. Myriel? Personne ne le savait. Peu de -familles avaient connu la famille Myriel avant la révolution. - -M. Myriel devait subir le sort de tout nouveau venu dans une petite -ville où il y a beaucoup de bouches qui parlent et fort peu de têtes qui -pensent. Il devait le subir, quoiqu'il fût évêque et parce qu'il était -évêque. Mais, après tout, les propos auxquels on mêlait son nom -n'étaient peut-être que des propos; du bruit, des mots, des paroles; -moins que des paroles, des _palabres_, comme dit l'énergique langue du -midi. - -Quoi qu'il en fût, après neuf ans d'épiscopat et de résidence à Digne, -tous ces racontages, sujets de conversation qui occupent dans le premier -moment les petites villes et les petites gens, étaient tombés dans un -oubli profond. Personne n'eût osé en parler, personne n'eût même osé -s'en souvenir. - -M. Myriel était arrivé à Digne accompagné d'une vieille fille, -mademoiselle Baptistine, qui était sa soeur et qui avait dix ans de -moins que lui. - -Ils avaient pour tout domestique une servante du même âge que -mademoiselle Baptistine, et appelée madame Magloire, laquelle, après -avoir été _la servante de M. le Curé_, prenait maintenant le double -titre de femme de chambre de mademoiselle et femme de charge de -monseigneur. - -Mademoiselle Baptistine était une personne longue, pâle, mince, douce; -elle réalisait l'idéal de ce qu'exprime le mot «respectable»; car il -semble qu'il soit nécessaire qu'une femme soit mère pour être vénérable. -Elle n'avait jamais été jolie; toute sa vie, qui n'avait été qu'une -suite de saintes oeuvres, avait fini par mettre sur elle une sorte de -blancheur et de clarté; et, en vieillissant, elle avait gagné ce qu'on -pourrait appeler la beauté de la bonté. Ce qui avait été de la maigreur -dans sa jeunesse était devenu, dans sa maturité, de la transparence; et -cette diaphanéité laissait voir l'ange. C'était une âme plus encore que -ce n'était une vierge. Sa personne semblait faite d'ombre; à peine assez -de corps pour qu'il y eût là un sexe; un peu de matière contenant une -lueur; de grands yeux toujours baissés; un prétexte pour qu'une âme -reste sur la terre. - -Madame Magloire était une petite vieille, blanche, grasse, replète, -affairée, toujours haletante, à cause de son activité d'abord, ensuite à -cause d'un asthme. - -À son arrivée, on installa M. Myriel en son palais épiscopal avec les -honneurs voulus par les décrets impériaux qui classent l'évêque -immédiatement après le maréchal de camp. Le maire et le président lui -firent la première visite, et lui de son côté fit la première visite au -général et au préfet. - -L'installation terminée, la ville attendit son évêque à l'oeuvre. - - - - -Chapitre II - -Monsieur Myriel devient monseigneur Bienvenu - - -Le palais épiscopal de Digne était attenant à l'hôpital. - -Le palais épiscopal était un vaste et bel hôtel bâti en pierre au -commencement du siècle dernier par monseigneur Henri Puget, docteur en -théologie de la faculté de Paris, abbé de Simore, lequel était évêque de -Digne en 1712. Ce palais était un vrai logis seigneurial. Tout y avait -grand air, les appartements de l'évêque, les salons, les chambres, la -cour d'honneur, fort large, avec promenoirs à arcades, selon l'ancienne -mode florentine, les jardins plantés de magnifiques arbres. Dans la -salle à manger, longue et superbe galerie qui était au rez-de-chaussée -et s'ouvrait sur les jardins, monseigneur Henri Puget avait donné à -manger en cérémonie le 29 juillet 1714 à messeigneurs Charles Brûlart de -Genlis, archevêque-prince d'Embrun, Antoine de Mesgrigny, capucin, -évêque de Grasse, Philippe de Vendôme, grand prieur de France, abbé de -Saint-Honoré de Lérins, François de Berton de Grillon, évêque-baron de -Vence, César de Sabran de Forcalquier, évêque-seigneur de Glandève, et -Jean Soanen, prêtre de l'oratoire, prédicateur ordinaire du roi, -évêque-seigneur de Senez. Les portraits de ces sept révérends -personnages décoraient cette salle, et cette date mémorable, 29 juillet -1714, y était gravée en lettres d'or sur une table de marbre blanc. - -L'hôpital était une maison étroite et basse à un seul étage avec un -petit jardin. Trois jours après son arrivée, l'évêque visita l'hôpital. -La visite terminée, il fit prier le directeur de vouloir bien venir -jusque chez lui. - ---Monsieur le directeur de l'hôpital, lui dit-il, combien en ce moment -avez-vous de malades? - ---Vingt-six, monseigneur. - ---C'est ce que j'avais compté, dit l'évêque. - ---Les lits, reprit le directeur, sont bien serrés les uns contre les -autres. - ---C'est ce que j'avais remarqué. - ---Les salles ne sont que des chambres, et l'air s'y renouvelle -difficilement. - ---C'est ce qui me semble. - ---Et puis, quand il y a un rayon de soleil, le jardin est bien petit -pour les convalescents. - ---C'est ce que je me disais. - ---Dans les épidémies, nous avons eu cette année le typhus, nous avons eu -une suette militaire il y a deux ans, cent malades quelquefois; nous ne -savons que faire. - ---C'est la pensée qui m'était venue. - ---Que voulez-vous, monseigneur? dit le directeur, il faut se résigner. - -Cette conversation avait lieu dans la salle à manger-galerie du -rez-de-chaussée. L'évêque garda un moment le silence, puis il se tourna -brusquement vers le directeur de l'hôpital: - ---Monsieur, dit-il, combien pensez-vous qu'il tiendrait de lits rien que -dans cette salle? - ---La salle à manger de monseigneur! s'écria le directeur stupéfait. - -L'évêque parcourait la salle du regard et semblait y faire avec les yeux -des mesures et des calculs. - ---Il y tiendrait bien vingt lits! dit-il, comme se parlant à lui-même. - -Puis élevant la voix: - ---Tenez, monsieur le directeur de l'hôpital, je vais vous dire. Il y a -évidemment une erreur. Vous êtes vingt-six personnes dans cinq ou six -petites chambres. Nous sommes trois ici, et nous avons place pour -soixante. Il y a erreur, je vous dis. Vous avez mon logis, et j'ai le -vôtre. Rendez-moi ma maison. C'est ici chez vous. - -Le lendemain, les vingt-six pauvres étaient installés dans le palais de -l'évêque et l'évêque était à l'hôpital. - -M. Myriel n'avait point de bien, sa famille ayant été ruinée par la -révolution. Sa soeur touchait une rente viagère de cinq cents francs -qui, au presbytère, suffisait à sa dépense personnelle. M. Myriel -recevait de l'état comme évêque un traitement de quinze mille francs. Le -jour même où il vint se loger dans la maison de l'hôpital, M. Myriel -détermina l'emploi de cette somme une fois pour toutes de la manière -suivante. Nous transcrivons ici une note écrite de sa main. - -_Note pour régler les dépenses de ma maison._ - -_Pour le petit séminaire: quinze cents livres_ -_Congrégation de la mission: cent livres_ -_Pour les lazaristes de Montdidier: cent livres_ -_Séminaire des missions étrangères à Paris: deux cents livres_ -_Congrégation du Saint-Esprit: cent cinquante livres_ -_Établissements religieux de la Terre-Sainte: cent livres_ -_Sociétés de charité maternelle: trois cents livres_ -_En sus, pour celle d'Arles: cinquante livres_ -_OEuvre pour l'amélioration des prisons: quatre cents livres_ -_OEuvre pour le soulagement et la délivrance des prisonniers: cinq cents -livres_ -_Pour libérer des pères de famille prisonniers pour dettes: mille livres_ -_Supplément au traitement des pauvres maîtres d'école du diocèse: deux -mille livres_ -_Grenier d'abondance des Hautes-Alpes: cent livres_ -_Congrégation des dames de Digne, de Manosque et de Sisteron, -pour l'enseignement gratuit des filles indigentes: quinze cents livres_ -_Pour les pauvres: six mille livres_ -_Ma dépense personnelle: mille livres_ - -Total: _quinze mille livres_ - -Pendant tout le temps qu'il occupa le siège de Digne, M. Myriel ne -changea presque rien à cet arrangement. Il appelait cela, comme on voit, -_avoir réglé les dépenses de sa maison_. - -Cet arrangement fut accepté avec une soumission absolue par mademoiselle -Baptistine. Pour cette sainte fille, M. de Digne était tout à la fois -son frère et son évêque, son ami selon la nature et son supérieur selon -l'église. Elle l'aimait et elle le vénérait tout simplement. Quand il -parlait, elle s'inclinait; quand il agissait, elle adhérait. La servante -seule, madame Magloire, murmura un peu. M. l'évêque, on l'a pu -remarquer, ne s'était réservé que mille livres, ce qui, joint à la -pension de mademoiselle Baptistine, faisait quinze cents francs par an. -Avec ces quinze cents francs, ces deux vieilles femmes et ce vieillard -vivaient. - -Et quand un curé de village venait à Digne, M. l'évêque trouvait encore -moyen de le traiter, grâce à la sévère économie de madame Magloire et à -l'intelligente administration de mademoiselle Baptistine. - -Un jour--il était à Digne depuis environ trois mois--l'évêque dit: - ---Avec tout cela je suis bien gêné! - ---Je le crois bien! s'écria madame Magloire, Monseigneur n'a seulement -pas réclamé la rente que le département lui doit pour ses frais de -carrosse en ville et de tournées dans le diocèse. Pour les évêques -d'autrefois c'était l'usage. - ---Tiens! dit l'évêque, vous avez raison, madame Magloire. - -Il fit sa réclamation. - -Quelque temps après, le conseil général, prenant cette demande en -considération, lui vota une somme annuelle de trois mille francs, sous -cette rubrique: _Allocation à M. l'évêque pour frais de carrosse, frais -de poste et frais de tournées pastorales_. - -Cela fit beaucoup crier la bourgeoisie locale, et, à cette occasion, un -sénateur de l'empire, ancien membre du conseil des cinq-cents favorable -au dix-huit brumaire et pourvu près de la ville de Digne d'une -sénatorerie magnifique, écrivit au ministre des cultes, M. Bigot de -Préameneu, un petit billet irrité et confidentiel dont nous extrayons -ces lignes authentiques: - -«--Des frais de carrosse? pourquoi faire dans une ville de moins de -quatre mille habitants? Des frais de poste et de tournées? à quoi bon -ces tournées d'abord? ensuite comment courir la poste dans un pays de -montagnes? Il n'y a pas de routes. On ne va qu'à cheval. Le pont même de -la Durance à Château-Arnoux peut à peine porter des charrettes à boeufs. -Ces prêtres sont tous ainsi. Avides et avares. Celui-ci a fait le bon -apôtre en arrivant. Maintenant il fait comme les autres. Il lui faut -carrosse et chaise de poste. Il lui faut du luxe comme aux anciens -évêques. Oh! toute cette prêtraille! Monsieur le comte, les choses -n'iront bien que lorsque l'empereur nous aura délivrés des calotins. À -bas le pape! (les affaires se brouillaient avec Rome). Quant à moi, je -suis pour César tout seul. Etc., etc.» - -La chose, en revanche, réjouit fort madame Magloire. - ---Bon, dit-elle à mademoiselle Baptistine, Monseigneur a commencé par -les autres, mais il a bien fallu qu'il finît par lui-même. Il a réglé -toutes ses charités. Voilà trois mille livres pour nous. Enfin! - -Le soir même, l'évêque écrivit et remit à sa soeur une note ainsi -conçue: - -_Frais de carrosse et de tournées._ - -_Pour donner du bouillon de viande aux malades de l'hôpital: quinze -cents livres_ -_Pour la société de charité maternelle d'Aix: deux cent cinquante livres_ -_Pour la société de charité maternelle de Draguignan: deux cent cinquante -livres_ -_Pour les enfants trouvés: cinq cents livres_ -_Pour les orphelins: cinq cents livres_ - -Total: _trois mille livres_ - -Tel était le budget de M. Myriel. - -Quant au casuel épiscopal, rachats de bans, dispenses, ondoiements, -prédications, bénédictions d'églises ou de chapelles, mariages, etc., -l'évêque le percevait sur les riches avec d'autant plus d'âpreté qu'il -le donnait aux pauvres. - -Au bout de peu de temps, les offrandes d'argent affluèrent. Ceux qui ont -et ceux qui manquent frappaient à la porte de M. Myriel, les uns venant -chercher l'aumône que les autres venaient y déposer. L'évêque, en moins -d'un an, devint le trésorier de tous les bienfaits et le caissier de -toutes les détresses. Des sommes considérables passaient par ses mains; -mais rien ne put faire qu'il changeât quelque chose à son genre de vie -et qu'il ajoutât le moindre superflu à son nécessaire. - -Loin de là. Comme il y a toujours encore plus de misère en bas que de -fraternité en haut, tout était donné, pour ainsi dire, avant d'être -reçu; c'était comme de l'eau sur une terre sèche; il avait beau recevoir -de l'argent, il n'en avait jamais. Alors il se dépouillait. - -L'usage étant que les évêques énoncent leurs noms de baptême en tête de -leurs mandements et de leurs lettres pastorales, les pauvres gens du -pays avaient choisi, avec une sorte d'instinct affectueux, dans les noms -et prénoms de l'évêque, celui qui leur présentait un sens, et ils ne -l'appelaient que monseigneur Bienvenu. Nous ferons comme eux, et nous le -nommerons ainsi dans l'occasion. Du reste, cette appellation lui -plaisait. - ---J'aime ce nom-là, disait-il. Bienvenu corrige monseigneur. - -Nous ne prétendons pas que le portrait que nous faisons ici soit -vraisemblable; nous nous bornons à dire qu'il est ressemblant. - - - - -Chapitre III - -À bon évêque dur évêché - - -M. l'évêque, pour avoir converti son carrosse en aumônes, n'en faisait -pas moins ses tournées. C'est un diocèse fatigant que celui de Digne. Il -a fort peu de plaines, beaucoup de montagnes, presque pas de routes, on -l'a vu tout à l'heure; trente-deux cures, quarante et un vicariats et -deux cent quatre-vingt-cinq succursales. Visiter tout cela, c'est une -affaire. M. l'évêque en venait à bout. Il allait à pied quand c'était -dans le voisinage, en carriole dans la plaine, en cacolet dans la -montagne. Les deux vieilles femmes l'accompagnaient. Quand le trajet -était trop pénible pour elles, il allait seul. - -Un jour, il arriva à Senez, qui est une ancienne ville épiscopale, monté -sur un âne. Sa bourse, fort à sec dans ce moment, ne lui avait pas -permis d'autre équipage. Le maire de la ville vint le recevoir à la -porte de l'évêché et le regardait descendre de son âne avec des yeux -scandalisés. Quelques bourgeois riaient autour de lui. - ---Monsieur le maire, dit l'évêque, et messieurs les bourgeois, je vois -ce qui vous scandalise; vous trouvez que c'est bien de l'orgueil à un -pauvre prêtre de monter une monture qui a été celle de Jésus-Christ. Je -l'ai fait par nécessité, je vous assure, non par vanité. - -Dans ses tournées, il était indulgent et doux, et prêchait moins qu'il -ne causait. Il ne mettait aucune vertu sur un plateau inaccessible. Il -n'allait jamais chercher bien loin ses raisonnements et ses modèles. -Aux habitants d'un pays il citait l'exemple du pays voisin. Dans les -cantons où l'on était dur pour les nécessiteux, il disait: - ---Voyez les gens de Briançon. Ils ont donné aux indigents, aux veuves et -aux orphelins le droit de faire faucher leurs prairies trois jours avant -tous les autres. Ils leur rebâtissent gratuitement leurs maisons quand -elles sont en ruines. Aussi est-ce un pays béni de Dieu. Durant tout un -siècle de cent ans, il n'y a pas eu un meurtrier. - -Dans les villages âpres au gain et à la moisson, il disait: - ---Voyez ceux d'Embrun. Si un père de famille, au temps de la récolte, a -ses fils au service à l'armée et ses filles en service à la ville, et -qu'il soit malade et empêché, le curé le recommande au prône; et le -dimanche, après la messe, tous les gens du village, hommes, femmes, -enfants, vont dans le champ du pauvre homme lui faire sa moisson, et lui -rapportent paille et grain dans son grenier. - -Aux familles divisées par des questions d'argent et d'héritage, il -disait: - ---Voyez les montagnards de Devoluy, pays si sauvage qu'on n'y entend pas -le rossignol une fois en cinquante ans. Eh bien, quand le père meurt -dans une famille, les garçons s'en vont chercher fortune, et laissent le -bien aux filles, afin qu'elles puissent trouver des maris. - -Aux cantons qui ont le goût des procès et où les fermiers se ruinent en -papier timbré, il disait: - ---Voyez ces bons paysans de la vallée de Queyras. Ils sont là trois -mille âmes. Mon Dieu! c'est comme une petite république. On n'y connaît -ni le juge, ni l'huissier. Le maire fait tout. Il répartit l'impôt, taxe -chacun en conscience, juge les querelles gratis, partage les patrimoines -sans honoraires, rend des sentences sans frais; et on lui obéit, parce -que c'est un homme juste parmi des hommes simples. - -Aux villages où il ne trouvait pas de maître d'école, il citait encore -ceux de Queyras: - ---Savez-vous comment ils font? disait-il. Comme un petit pays de douze -ou quinze feux ne peut pas toujours nourrir un magister, ils ont des -maîtres d'école payés par toute la vallée qui parcourent les villages, -passant huit jours dans celui-ci, dix dans celui-là, et enseignant. Ces -magisters vont aux foires, où je les ai vus. On les reconnaît à des -plumes à écrire qu'ils portent dans la ganse de leur chapeau. Ceux qui -n'enseignent qu'à lire ont une plume, ceux qui enseignent la lecture et -le calcul ont deux plumes; ceux qui enseignent la lecture, le calcul et -le latin ont trois plumes. Ceux-là sont de grands savants. Mais quelle -honte d'être ignorants! Faites comme les gens de Queyras. - -Il parlait ainsi, gravement et paternellement, à défaut d'exemples -inventant des paraboles, allant droit au but, avec peu de phrases et -beaucoup d'images, ce qui était l'éloquence même de Jésus-Christ, -convaincu et persuadant. - - - - -Chapitre IV - -Les oeuvres semblables aux paroles - - -Sa conversation était affable et gaie. Il se mettait à la portée des -deux vieilles femmes qui passaient leur vie près de lui; quand il riait, -c'était le rire d'un écolier. - -Madame Magloire l'appelait volontiers _Votre Grandeur_. Un jour, il se -leva de son fauteuil et alla à sa bibliothèque chercher un livre. Ce -livre était sur un des rayons d'en haut. Comme l'évêque était d'assez -petite taille, il ne put y atteindre. - ---Madame Magloire, dit-il, apportez-moi une chaise. Ma grandeur ne va -pas jusqu'à cette planche. - -Une de ses parentes éloignées, madame la comtesse de Lô, laissait -rarement échapper une occasion d'énumérer en sa présence ce qu'elle -appelait «les espérances» de ses trois fils. Elle avait plusieurs -ascendants fort vieux et proches de la mort dont ses fils étaient -naturellement les héritiers. Le plus jeune des trois avait à recueillir -d'une grand'tante cent bonnes mille livres de rentes; le deuxième était -substitué au titre de duc de son oncle; l'aîné devait succéder à la -pairie de son aïeul. L'évêque écoutait habituellement en silence ces -innocents et pardonnables étalages maternels. Une fois pourtant, il -paraissait plus rêveur que de coutume, tandis que madame de Lô -renouvelait le détail de toutes ces successions et de toutes ces -«espérances». Elle s'interrompit avec quelque impatience: - ---Mon Dieu, mon cousin! mais à quoi songez-vous donc? - ---Je songe, dit l'évêque, à quelque chose de singulier qui est, je -crois, dans saint Augustin: «Mettez votre espérance dans celui auquel on -ne succède point.» - -Une autre fois, recevant une lettre de faire-part du décès d'un -gentilhomme du pays, où s'étalaient en une longue page, outre les -dignités du défunt, toutes les qualifications féodales et nobiliaires de -tous ses parents: - ---Quel bon dos a la mort! s'écria-t-il. Quelle admirable charge de -titres on lui fait allègrement porter, et comme il faut que les hommes -aient de l'esprit pour employer ainsi la tombe à la vanité! - -Il avait dans l'occasion une raillerie douce qui contenait presque -toujours un sens sérieux. Pendant un carême, un jeune vicaire vint à -Digne et prêcha dans la cathédrale. Il fut assez éloquent. Le sujet de -son sermon était la charité. Il invita les riches à donner aux -indigents, afin d'éviter l'enfer qu'il peignit le plus effroyable qu'il -put et de gagner le paradis qu'il fit désirable et charmant. Il y avait -dans l'auditoire un riche marchand retiré, un peu usurier, nommé M. -Géborand, lequel avait gagné un demi-million à fabriquer de gros draps, -des serges, des cadis et des gasquets. De sa vie M. Géborand n'avait -fait l'aumône à un malheureux. À partir de ce sermon, on remarqua qu'il -donnait tous les dimanches un sou aux vieilles mendiantes du portail de -la cathédrale. Elles étaient six à se partager cela. Un jour, l'évêque -le vit faisant sa charité et dit à sa soeur avec un sourire: - ---Voilà monsieur Géborand qui achète pour un sou de paradis. - -Quand il s'agissait de charité, il ne se rebutait pas, même devant un -refus, et il trouvait alors des mots qui faisaient réfléchir. Une fois, -il quêtait pour les pauvres dans un salon de la ville. Il y avait là le -marquis de Champtercier, vieux, riche, avare, lequel trouvait moyen -d'être tout ensemble ultra-royaliste et ultra-voltairien. Cette variété -a existé. L'évêque, arrivé à lui, lui toucha le bras. - ---Monsieur le marquis, il faut que vous me donniez quelque chose. - -Le marquis se retourna et répondit sèchement: - ---Monseigneur, j'ai mes pauvres. - ---Donnez-les-moi, dit l'évêque. - -Un jour, dans la cathédrale, il fit ce sermon. - -«Mes très chers frères, mes bons amis, il y a en France treize cent -vingt mille maisons de paysans qui n'ont que trois ouvertures, dix-huit -cent dix-sept mille qui ont deux ouvertures, la porte et une fenêtre, et -enfin trois cent quarante-six mille cabanes qui n'ont qu'une ouverture, -la porte. Et cela, à cause d'une chose qu'on appelle l'impôt des portes -et fenêtres. Mettez-moi de pauvres familles, des vieilles femmes, des -petits enfants, dans ces logis-là, et voyez les fièvres et les maladies. -Hélas! Dieu donne l'air aux hommes, la loi le leur vend. Je n'accuse pas -la loi, mais je bénis Dieu. Dans l'Isère, dans le Var, dans les deux -Alpes, les hautes et les basses, les paysans n'ont pas même de -brouettes, ils transportent les engrais à dos d'hommes; ils n'ont pas de -chandelles, et ils brûlent des bâtons résineux et des bouts de corde -trempés dans la poix résine. C'est comme cela dans tout le pays haut du -Dauphiné. Ils font le pain pour six mois, ils le font cuire avec de la -bouse de vache séchée. L'hiver, ils cassent ce pain à coups de hache et -ils le font tremper dans l'eau vingt-quatre heures pour pouvoir le -manger.--Mes frères, ayez pitié! voyez comme on souffre autour de vous.» - -Né provençal, il s'était facilement familiarisé avec tous les patois du -midi. Il disait: «_Eh bé! moussu, sès sagé?_» comme dans le bas -Languedoc. «_Onté anaras passa?_» comme dans les basses Alpes. «_Puerte -un bouen moutou embe un bouen froumage grase_», comme dans le haut -Dauphiné. Ceci plaisait au peuple, et n'avait pas peu contribué à lui -donner accès près de tous les esprits. Il était dans la chaumière et -dans la montagne comme chez lui. Il savait dire les choses les plus -grandes dans les idiomes les plus vulgaires. Parlant toutes les langues, -il entrait dans toutes les âmes. Du reste, il était le même pour les -gens du monde et pour les gens du peuple. Il ne condamnait rien -hâtivement, et sans tenir compte des circonstances environnantes. Il -disait: - ---Voyons le chemin par où la faute a passé. - -Étant, comme il se qualifiait lui-même en souriant, un _ex-pécheur_, il -n'avait aucun des escarpements du rigorisme, et il professait assez -haut, et sans le froncement de sourcil des vertueux féroces, une -doctrine qu'on pourrait résumer à peu près ainsi: - -«L'homme a sur lui la chair qui est tout à la fois son fardeau et sa -tentation. Il la traîne et lui cède. - -«Il doit la surveiller, la contenir, la réprimer, et ne lui obéir qu'à -la dernière extrémité. Dans cette obéissance-là, il peut encore y avoir -de la faute; mais la faute, ainsi faite, est vénielle. C'est une chute, -mais une chute sur les genoux, qui peut s'achever en prière. - -«Être un saint, c'est l'exception; être un juste, c'est la règle. Errez, -défaillez, péchez, mais soyez des justes. - -«Le moins de péché possible, c'est la loi de l'homme. Pas de péché du -tout est le rêve de l'ange. Tout ce qui est terrestre est soumis au -péché. Le péché est une gravitation.» - -Quand il voyait tout le monde crier bien fort et s'indigner bien vite: - ---Oh! oh! disait-il en souriant, il y a apparence que ceci est un gros -crime que tout le monde commet. Voilà les hypocrisies effarées qui se -dépêchent de protester et de se mettre à couvert. - -Il était indulgent pour les femmes et les pauvres sur qui pèse le poids -de la société humaine. Il disait: - ---Les fautes des femmes, des enfants, des serviteurs, des faibles, des -indigents et des ignorants sont la faute des maris, des pères, des -maîtres, des forts, des riches et des savants. - -Il disait encore: - ---À ceux qui ignorent, enseignez-leur le plus de choses que vous -pourrez; la société est coupable de ne pas donner l'instruction gratis; -elle répond de la nuit qu'elle produit. Cette âme est pleine d'ombre, le -péché s'y commet. Le coupable n'est pas celui qui y fait le péché, mais -celui qui y a fait l'ombre. - -Comme on voit, il avait une manière étrange et à lui de juger les -choses. Je soupçonne qu'il avait pris cela dans l'évangile. - -Il entendit un jour conter dans un salon un procès criminel qu'on -instruisait et qu'on allait juger. Un misérable homme, par amour pour -une femme et pour l'enfant qu'il avait d'elle, à bout de ressources, -avait fait de la fausse monnaie. La fausse monnaie était encore punie de -mort à cette époque. La femme avait été arrêtée émettant la première -pièce fausse fabriquée par l'homme. On la tenait, mais on n'avait de -preuves que contre elle. Elle seule pouvait charger son amant et le -perdre en avouant. Elle nia. On insista. Elle s'obstina à nier. Sur ce, -le procureur du roi avait eu une idée. Il avait supposé une infidélité -de l'amant, et était parvenu, avec des fragments de lettres savamment -présentés, à persuader à la malheureuse qu'elle avait une rivale et que -cet homme la trompait. Alors, exaspérée de jalousie, elle avait dénoncé -son amant, tout avoué, tout prouvé. L'homme était perdu. Il allait être -prochainement jugé à Aix avec sa complice. On racontait le fait, et -chacun s'extasiait sur l'habileté du magistrat. En mettant la jalousie -en jeu, il avait fait jaillir la vérité par la colère, il avait fait -sortir la justice de la vengeance. L'évêque écoutait tout cela en -silence. Quand ce fut fini, il demanda: - ---Où jugera-t-on cet homme et cette femme? - ---À la cour d'assises. - -Il reprit: - ---Et où jugera-t-on monsieur le procureur du roi? - -Il arriva à Digne une aventure tragique. Un homme fut condamné à mort -pour meurtre. C'était un malheureux pas tout à fait lettré, pas tout à -fait ignorant, qui avait été bateleur dans les foires et écrivain -public. Le procès occupa beaucoup la ville. La veille du jour fixé pour -l'exécution du condamné, l'aumônier de la prison tomba malade. Il -fallait un prêtre pour assister le patient à ses derniers moments. On -alla chercher le curé. Il paraît qu'il refusa en disant: Cela ne me -regarde pas. Je n'ai que faire de cette corvée et de ce saltimbanque; -moi aussi, je suis malade; d'ailleurs ce n'est pas là ma place. On -rapporta cette réponse à l'évêque qui dit: - ---Monsieur le curé a raison. Ce n'est pas sa place, c'est la mienne. - -Il alla sur-le-champ à la prison, il descendit au cabanon du -«saltimbanque», il l'appela par son nom, lui prit la main et lui parla. -Il passa toute la journée et toute la nuit près de lui, oubliant la -nourriture et le sommeil, priant Dieu pour l'âme du condamné et priant -le condamné pour la sienne propre. Il lui dit les meilleures vérités qui -sont les plus simples. Il fut père, frère, ami; évêque pour bénir -seulement. Il lui enseigna tout, en le rassurant et en le consolant. Cet -homme allait mourir désespéré. La mort était pour lui comme un abîme. -Debout et frémissant sur ce seuil lugubre, il reculait avec horreur. Il -n'était pas assez ignorant pour être absolument indifférent. Sa -condamnation, secousse profonde, avait en quelque sorte rompu çà et là -autour de lui cette cloison qui nous sépare du mystère des choses et que -nous appelons la vie. Il regardait sans cesse au dehors de ce monde par -ces brèches fatales, et ne voyait que des ténèbres. L'évêque lui fit -voir une clarté. - -Le lendemain, quand on vint chercher le malheureux, l'évêque était là. -Il le suivit. Il se montra aux yeux de la foule en camail violet et avec -sa croix épiscopale au cou, côte à côte avec ce misérable lié de cordes. - -Il monta sur la charrette avec lui, il monta sur l'échafaud avec lui. Le -patient, si morne et si accablé la veille, était rayonnant. Il sentait -que son âme était réconciliée et il espérait Dieu. L'évêque l'embrassa, -et, au moment où le couteau allait tomber, il lui dit: - ---Celui que l'homme tue, Dieu le ressuscite; celui que les frères -chassent retrouve le Père. Priez, croyez, entrez dans la vie! le Père -est là. - -Quand il redescendit de l'échafaud, il avait quelque chose dans son -regard qui fit ranger le peuple. On ne savait ce qui était le plus -admirable de sa pâleur ou de sa sérénité. En rentrant à cet humble logis -qu'il appelait en souriant son palais, il dit à sa soeur: - ---Je viens d'officier pontificalement. - -Comme les choses les plus sublimes sont souvent aussi les choses les -moins comprises, il y eut dans la ville des gens qui dirent, en -commentant cette conduite de l'évêque: «C'est de l'affectation.» Ceci ne -fut du reste qu'un propos de salons. Le peuple, qui n'entend pas malice -aux actions saintes, fut attendri et admira. - -Quant à l'évêque, avoir vu la guillotine fut pour lui un choc, et il fut -longtemps à s'en remettre. - -L'échafaud, en effet, quand il est là, dressé et debout, a quelque chose -qui hallucine. On peut avoir une certaine indifférence sur la peine de -mort, ne point se prononcer, dire oui et non, tant qu'on n'a pas vu de -ses yeux une guillotine; mais si l'on en rencontre une, la secousse est -violente, il faut se décider et prendre parti pour ou contre. Les uns -admirent, comme de Maistre; les autres exècrent, comme Beccaria. La -guillotine est la concrétion de la loi; elle se nomme _vindicte;_ elle -n'est pas neutre, et ne vous permet pas de rester neutre. Qui l'aperçoit -frissonne du plus mystérieux des frissons. Toutes les questions sociales -dressent autour de ce couperet leur point d'interrogation. L'échafaud -est vision. L'échafaud n'est pas une charpente, l'échafaud n'est pas une -machine, l'échafaud n'est pas une mécanique inerte faite de bois, de fer -et de cordes. Il semble que ce soit une sorte d'être qui a je ne sais -quelle sombre initiative; on dirait que cette charpente voit, que cette -machine entend, que cette mécanique comprend, que ce bois, ce fer et ces -cordes veulent. Dans la rêverie affreuse où sa présence jette l'âme, -l'échafaud apparaît terrible et se mêlant de ce qu'il fait. L'échafaud -est le complice du bourreau; il dévore; il mange de la chair, il boit du -sang. L'échafaud est une sorte de monstre fabriqué par le juge et par le -charpentier, un spectre qui semble vivre d'une espèce de vie -épouvantable faite de toute la mort qu'il a donnée. - -Aussi l'impression fut-elle horrible et profonde; le lendemain de -l'exécution et beaucoup de jours encore après, l'évêque parut accablé. -La sérénité presque violente du moment funèbre avait disparu: le fantôme -de la justice sociale l'obsédait. Lui qui d'ordinaire revenait de toutes -ses actions avec une satisfaction si rayonnante, il semblait qu'il se -fît un reproche. Par moments, il se parlait à lui-même, et bégayait à -demi-voix des monologues lugubres. En voici un que sa soeur entendit un -soir et recueillit: - ---Je ne croyais pas que cela fût si monstrueux. C'est un tort de -s'absorber dans la loi divine au point de ne plus s'apercevoir de la loi -humaine. La mort n'appartient qu'à Dieu. De quel droit les hommes -touchent-ils à cette chose inconnue? - -Avec le temps ces impressions s'atténuèrent, et probablement -s'effacèrent. Cependant on remarqua que l'évêque évitait désormais de -passer sur la place des exécutions. On pouvait appeler M. Myriel à toute -heure au chevet des malades et des mourants. Il n'ignorait pas que là -était son plus grand devoir et son plus grand travail. Les familles -veuves ou orphelines n'avaient pas besoin de le demander, il arrivait de -lui-même. Il savait s'asseoir et se taire de longues heures auprès de -l'homme qui avait perdu la femme qu'il aimait, de la mère qui avait -perdu son enfant. Comme il savait le moment de se taire, il savait aussi -le moment de parler. Ô admirable consolateur! il ne cherchait pas à -effacer la douleur par l'oubli, mais à l'agrandir et à la dignifier par -l'espérance. Il disait: - ---Prenez garde à la façon dont vous vous tournez vers les morts. Ne -songez pas à ce qui pourrit. Regardez fixement. Vous apercevrez la lueur -vivante de votre mort bien-aimé au fond du ciel. - -Il savait que la croyance est saine. Il cherchait à conseiller et à -calmer l'homme désespéré en lui indiquant du doigt l'homme résigné, et à -transformer la douleur qui regarde une fosse en lui montrant la douleur -qui regarde une étoile. - - - - -Chapitre V - -Que monseigneur Bienvenu faisait durer trop longtemps ses soutanes - - -La vie intérieure de M. Myriel était pleine des mêmes pensées que sa vie -publique. Pour qui eût pu la voir de près, c'eût été un spectacle grave -et charmant que cette pauvreté volontaire dans laquelle vivait M. -l'évêque de Digne. - -Comme tous les vieillards et comme la plupart des penseurs, il dormait -peu. Ce court sommeil était profond. Le matin il se recueillait pendant -une heure, puis il disait sa messe, soit à la cathédrale, soit dans son -oratoire. Sa messe dite, il déjeunait d'un pain de seigle trempé dans le -lait de ses vaches. Puis il travaillait. - -Un évêque est un homme fort occupé; il faut qu'il reçoive tous les jours -le secrétaire de l'évêché, qui est d'ordinaire un chanoine, presque tous -les jours ses grands vicaires. Il a des congrégations à contrôler, des -privilèges à donner, toute une librairie ecclésiastique à examiner, -paroissiens, catéchismes diocésains, livres d'heures, etc., des -mandements à écrire, des prédications à autoriser, des curés et des -maires à mettre d'accord, une correspondance cléricale, une -correspondance administrative, d'un côté l'état, de l'autre le -Saint-Siège, mille affaires. - -Le temps que lui laissaient ces mille affaires, ses offices et son -bréviaire, il le donnait d'abord aux nécessiteux, aux malades et aux -affligés; le temps que les affligés, les malades et les nécessiteux lui -laissaient, il le donnait au travail. Tantôt il bêchait la terre dans -son jardin, tantôt il lisait et écrivait. Il n'avait qu'un mot pour ces -deux sortes de travail; il appelait cela _jardiner_. - ---L'esprit est un jardin, disait-il. - -À midi, il dînait. Le dîner ressemblait au déjeuner. - -Vers deux heures, quand le temps était beau, il sortait et se promenait -à pied dans la campagne ou dans la ville, entrant souvent dans les -masures. On le voyait cheminer seul, tout à ses pensées, l'oeil baissé, -appuyé sur sa longue canne, vêtu de sa douillette violette ouatée et -bien chaude, chaussé de bas violets dans de gros souliers, et coiffé de -son chapeau plat qui laissait passer par ses trois cornes trois glands -d'or à graine d'épinards. - -C'était une fête partout où il paraissait. On eût dit que son passage -avait quelque chose de réchauffant et de lumineux. Les enfants et les -vieillards venaient sur le seuil des portes pour l'évêque comme pour le -soleil. Il bénissait et on le bénissait. On montrait sa maison à -quiconque avait besoin de quelque chose. - -Çà et là, il s'arrêtait, parlait aux petits garçons et aux petites -filles et souriait aux mères. Il visitait les pauvres tant qu'il avait -de l'argent; quand il n'en avait plus, il visitait les riches. - -Comme il faisait durer ses soutanes beaucoup de temps, et qu'il ne -voulait pas qu'on s'en aperçût, il ne sortait jamais dans la ville -autrement qu'avec sa douillette violette. Cela le gênait un peu en été. - -Le soir à huit heures et demie il soupait avec sa soeur, madame Magloire -debout derrière eux et les servant à table. Rien de plus frugal que ce -repas. Si pourtant l'évêque avait un de ses curés à souper, madame -Magloire en profitait pour servir à Monseigneur quelque excellent -poisson des lacs ou quelque fin gibier de la montagne. Tout curé était -un prétexte à bon repas; l'évêque se laissait faire. Hors de là, son -ordinaire ne se composait guère que de légumes cuits dans l'eau et de -soupe à l'huile. Aussi disait-on dans la ville: - ---Quand l'évêque fait pas chère de curé, il fait chère de trappiste. - -Après son souper, il causait pendant une demi-heure avec mademoiselle -Baptistine et madame Magloire; puis il rentrait dans sa chambre et se -remettait à écrire, tantôt sur des feuilles volantes, tantôt sur la -marge de quelque in-folio. Il était lettré et quelque peu savant. Il a -laissé cinq ou six manuscrits assez curieux; entre autres une -dissertation sur le verset de la Genèse: _Au commencement l'esprit de -Dieu flottait sur les eaux_. Il confronte avec ce verset trois textes: -la version arabe qui dit: _Les vents de Dieu soufflaient;_ Flavius -Josèphe qui dit: _Un vent d'en haut se précipitait sur la terre_, et -enfin la paraphrase chaldaïque d'Onkelos qui porte: _Un vent venant de -Dieu soufflait sur la face des eaux_. Dans une autre dissertation, il -examine les oeuvres théologiques de Hugo, évêque de Ptolémaïs, -arrière-grand-oncle de celui qui écrit ce livre, et il établit qu'il -faut attribuer à cet évêque les divers opuscules publiés, au siècle -dernier, sous le pseudonyme de Barleycourt. - -Parfois au milieu d'une lecture, quel que fût le livre qu'il eût entre -les mains, il tombait tout à coup dans une méditation profonde, d'où il -ne sortait que pour écrire quelques lignes sur les pages mêmes du -volume. Ces lignes souvent n'ont aucun rapport avec le livre qui les -contient. Nous avons sous les yeux une note écrite par lui sur une des -marges d'un in-quarto intitulé: _Correspondance du lord Germain avec les -généraux Clinton, Cornwallis et les amiraux de la station de l'Amérique. -À Versailles, chez Poinçot, libraire, et à Paris, chez Pissot, libraire, -quai des Augustins_. - -Voici cette note: - -«Ô vous qui êtes! - -«L'Ecclésiaste vous nomme Toute-Puissance, les Macchabées vous nomment -Créateur, l'Épître aux Éphésiens vous nomme Liberté, Baruch vous nomme -Immensité, les Psaumes vous nomment Sagesse et Vérité, Jean vous nomme -Lumière, les Rois vous nomment Seigneur, l'Exode vous appelle -Providence, le Lévitique Sainteté, Esdras Justice, la création vous -nomme Dieu, l'homme vous nomme Père; mais Salomon vous nomme -Miséricorde, et c'est là le plus beau de tous vos noms.» - -Vers neuf heures du soir, les deux femmes se retiraient et montaient à -leurs chambres au premier, le laissant jusqu'au matin seul au -rez-de-chaussée. - -Ici il est nécessaire que nous donnions une idée exacte du logis de M. -l'évêque de Digne. - - - - -Chapitre VI - -Par qui il faisait garder sa maison - - -La maison qu'il habitait se composait, nous l'avons dit, d'un -rez-de-chaussée et d'un seul étage: trois pièces au rez-de-chaussée, -trois chambres au premier, au-dessus un grenier. Derrière la maison, un -jardin d'un quart d'arpent. Les deux femmes occupaient le premier. -L'évêque logeait en bas. La première pièce, qui s'ouvrait sur la rue, -lui servait de salle à manger, la deuxième de chambre à coucher, et la -troisième d'oratoire. On ne pouvait sortir de cet oratoire sans passer -par la chambre à coucher, et sortir de la chambre à coucher sans passer -par la salle à manger. Dans l'oratoire, au fond, il y avait une alcôve -fermée, avec un lit pour les cas d'hospitalité. M. l'évêque offrait ce -lit aux curés de campagne que des affaires ou les besoins de leur -paroisse amenaient à Digne. - -La pharmacie de l'hôpital, petit bâtiment ajouté à la maison et pris sur -le jardin, avait été transformée en cuisine et en cellier. - -Il y avait en outre dans le jardin une étable qui était l'ancienne -cuisine de l'hospice et où l'évêque entretenait deux vaches. Quelle que -fût la quantité de lait qu'elles lui donnassent, il en envoyait -invariablement tous les matins la moitié aux malades de l'hôpital.--Je -paye ma dîme, disait-il. - -Sa chambre était assez grande et assez difficile à chauffer dans la -mauvaise saison. Comme le bois est très cher à Digne, il avait imaginé -de faire faire dans l'étable à vaches un compartiment fermé d'une -cloison en planches. C'était là qu'il passait ses soirées dans les -grands froids. Il appelait cela son _salon d'hiver_. - -Il n'y avait dans ce salon d'hiver, comme dans la salle à manger, -d'autres meubles qu'une table de bois blanc, carrée, et quatre chaises -de paille. La salle à manger était ornée en outre d'un vieux buffet -peint en rose à la détrempe. Du buffet pareil, convenablement habillé de -napperons blancs et de fausses dentelles, l'évêque avait fait l'autel -qui décorait son oratoire. - -Ses pénitentes riches et les saintes femmes de Digne s'étaient souvent -cotisées pour faire les frais d'un bel autel neuf à l'oratoire de -monseigneur; il avait chaque fois pris l'argent et l'avait donné aux -pauvres. - ---Le plus beau des autels, disait-il, c'est l'âme d'un malheureux -consolé qui remercie Dieu. - -Il avait dans son oratoire deux chaises prie-Dieu en paille, et un -fauteuil à bras également en paille dans sa chambre à coucher. Quand par -hasard il recevait sept ou huit personnes à la fois, le préfet, ou le -général, ou l'état-major du régiment en garnison, ou quelques élèves du -petit séminaire, on était obligé d'aller chercher dans l'étable les -chaises du salon d'hiver, dans l'oratoire les prie-Dieu, et le fauteuil -dans la chambre à coucher; de cette façon, on pouvait réunir jusqu'à -onze sièges pour les visiteurs. À chaque nouvelle visite on démeublait -une pièce. - -Il arrivait parfois qu'on était douze; alors l'évêque dissimulait -l'embarras de la situation en se tenant debout devant la cheminée si -c'était l'hiver, ou en proposant un tour dans le jardin si c'était -l'été. - -Il y avait bien encore dans l'alcôve fermée une chaise, mais elle était -à demi dépaillée et ne portait que sur trois pieds, ce qui faisait -qu'elle ne pouvait servir qu'appuyée contre le mur. Mademoiselle -Baptistine avait bien aussi dans sa chambre une très grande bergère en -bois jadis doré et revêtue de pékin à fleurs, mais on avait été obligé -de monter cette bergère au premier par la fenêtre, l'escalier étant trop -étroit; elle ne pouvait donc pas compter parmi les en-cas du mobilier. - -L'ambition de mademoiselle Baptistine eût été de pouvoir acheter un -meuble de salon en velours d'Utrecht jaune à rosaces et en acajou à cou -de cygne, avec canapé. Mais cela eût coûté au moins cinq cents francs, -et, ayant vu qu'elle n'avait réussi à économiser pour cet objet que -quarante-deux francs dix sous en cinq ans, elle avait fini par y -renoncer. D'ailleurs qui est-ce qui atteint son idéal? - -Rien de plus simple à se figurer que la chambre à coucher de l'évêque. -Une porte-fenêtre donnant sur le jardin, vis-à-vis le lit; un lit -d'hôpital, en fer avec baldaquin de serge verte; dans l'ombre du lit, -derrière un rideau, les ustensiles de toilette trahissant encore les -anciennes habitudes élégantes de l'homme du monde; deux portes, l'une -près de la cheminée, donnant dans l'oratoire; l'autre, près de la -bibliothèque, donnant dans la salle à manger; la bibliothèque, grande -armoire vitrée pleine de livres; la cheminée, de bois peint en marbre, -habituellement sans feu; dans la cheminée, une paire de chenets en fer -ornés de deux vases à guirlandes et cannelures jadis argentés à l'argent -haché, ce qui était un genre de luxe épiscopal; au-dessus, à l'endroit -où d'ordinaire on met la glace, un crucifix de cuivre désargenté fixé -sur un velours noir râpé dans un cadre de bois dédoré. Près de la -porte-fenêtre, une grande table avec un encrier, chargée de papiers -confus et de gros volumes. Devant la table, le fauteuil de paille. -Devant le lit, un prie-Dieu, emprunté à l'oratoire. - -Deux portraits dans des cadres ovales étaient accrochés au mur des deux -côtés du lit. De petites inscriptions dorées sur le fond neutre de la -toile à côté des figures indiquaient que les portraits représentaient, -l'un, l'abbé de Chaliot, évêque de Saint-Claude, l'autre, l'abbé -Tourteau, vicaire général d'Agde, abbé de Grand-Champ, ordre de Cîteaux, -diocèse de Chartres. L'évêque, en succédant dans cette chambre aux -malades de l'hôpital, y avait trouvé ces portraits et les y avait -laissés. C'étaient des prêtres, probablement des donateurs: deux motifs -pour qu'il les respectât. Tout ce qu'il savait de ces deux personnages, -c'est qu'ils avaient été nommés par le roi, l'un à son évêché, l'autre à -son bénéfice, le même jour, le 27 avril 1785. Madame Magloire ayant -décroché les tableaux pour en secouer la poussière, l'évêque avait -trouvé cette particularité écrite d'une encre blanchâtre sur un petit -carré de papier jauni par le temps, collé avec quatre pains à cacheter -derrière le portrait de l'abbé de Grand-Champ. - -Il avait à sa fenêtre un antique rideau de grosse étoffe de laine qui -finit par devenir tellement vieux que, pour éviter la dépense d'un neuf, -madame Magloire fut obligée de faire une grande couture au beau milieu. -Cette couture dessinait une croix. L'évêque le faisait souvent -remarquer. - ---Comme cela fait bien! disait-il. - -Toutes les chambres de la maison, au rez-de-chaussée ainsi qu'au -premier, sans exception, étaient blanchies au lait de chaux, ce qui est -une mode de caserne et d'hôpital. - -Cependant, dans les dernières années, madame Magloire retrouva, comme on -le verra plus loin, sous le papier badigeonné, des peintures qui -ornaient l'appartement de mademoiselle Baptistine. Avant d'être -l'hôpital, cette maison avait été le parloir aux bourgeois. De là cette -décoration. Les chambres étaient pavées de briques rouges qu'on lavait -toutes les semaines, avec des nattes de paille tressée devant tous les -lits. Du reste, ce logis, tenu par deux femmes, était du haut en bas -d'une propreté exquise. C'était le seul luxe que l'évêque permit. Il -disait: - ---Cela ne prend rien aux pauvres. - -Il faut convenir cependant qu'il lui restait de ce qu'il avait possédé -jadis six couverts d'argent et une grande cuiller à soupe que madame -Magloire regardait tous les jours avec bonheur reluire splendidement sur -la grosse nappe de toile blanche. Et comme nous peignons ici l'évêque de -Digne tel qu'il était, nous devons ajouter qu'il lui était arrivé plus -d'une fois de dire: - ---Je renoncerais difficilement à manger dans de l'argenterie. - -Il faut ajouter à cette argenterie deux gros flambeaux d'argent massif -qui lui venaient de l'héritage d'une grand'tante. Ces flambeaux -portaient deux bougies de cire et figuraient habituellement sur la -cheminée de l'évêque. Quand il avait quelqu'un à dîner, madame Magloire -allumait les deux bougies et mettait les deux flambeaux sur la table. - -Il y avait dans la chambre même de l'évêque, à la tête de son lit, un -petit placard dans lequel madame Magloire serrait chaque soir les six -couverts d'argent et la grande cuiller. Il faut dire qu'on n'en ôtait -jamais la clef. - -Le jardin, un peu gâté par les constructions assez laides dont nous -avons parlé, se composait de quatre allées en croix rayonnant autour -d'un puisard; une autre allée faisait tout le tour du jardin et -cheminait le long du mur blanc dont il était enclos. Ces allées -laissaient entre elles quatre carrés bordés de buis. Dans trois, madame -Magloire cultivait des légumes; dans le quatrième, l'évêque avait mis -des fleurs. Il y avait çà et là quelques arbres fruitiers. - -Une fois madame Magloire lui avait dit avec une sorte de malice douce: - ---Monseigneur, vous qui tirez parti de tout, voilà pourtant un carré -inutile. Il vaudrait mieux avoir là des salades que des bouquets. - ---Madame Magloire, répondit l'évêque, vous vous trompez. Le beau est -aussi utile que l'utile. - -Il ajouta après un silence: - ---Plus peut-être. - -Ce carré, composé de trois ou quatre plates-bandes, occupait M. l'évêque -presque autant que ses livres. Il y passait volontiers une heure ou -deux, coupant, sarclant, et piquant çà et là des trous en terre où il -mettait des graines. Il n'était pas aussi hostile aux insectes qu'un -jardinier l'eût voulu. Du reste, aucune prétention à la botanique; il -ignorait les groupes et le solidisme; il ne cherchait pas le moins du -monde à décider entre Tournefort et la méthode naturelle; il ne prenait -parti ni pour les utricules contre les cotylédons, ni pour Jussieu -contre Linné. Il n'étudiait pas les plantes; il aimait les fleurs. Il -respectait beaucoup les savants, il respectait encore plus les -ignorants, et, sans jamais manquer à ces deux respects, il arrosait ses -plates-bandes chaque soir d'été avec un arrosoir de fer-blanc peint en -vert. - -La maison n'avait pas une porte qui fermât à clef. La porte de la salle -à manger qui, nous l'avons dit, donnait de plain-pied sur la place de la -cathédrale, était jadis armée de serrures et de verrous comme une porte -de prison. L'évêque avait fait ôter toutes ces ferrures, et cette porte, -la nuit comme le jour, n'était fermée qu'au loquet. Le premier passant -venu, à quelque heure que ce fût, n'avait qu'à la pousser. Dans les -commencements, les deux femmes avaient été fort tourmentées de cette -porte jamais close; mais M. de Digne leur avait dit: - ---Faites mettre des verrous à vos chambres, si cela vous plaît. - -Elles avaient fini par partager sa confiance ou du moins par faire comme -si elles la partageaient. Madame Magloire seule avait de temps en temps -des frayeurs. Pour ce qui est de l'évêque, on peut trouver sa pensée -expliquée ou du moins indiquée dans ces trois lignes écrites par lui sur -la marge d'une bible: «Voici la nuance: la porte du médecin ne doit -jamais être fermée; la porte du prêtre doit toujours être ouverte.» Sur -un autre livre, intitulé _Philosophie de la science médicale_, il avait -écrit cette autre note: «Est-ce que je ne suis pas médecin comme eux? -Moi aussi j'ai mes malades; d'abord j'ai les leurs, qu'ils appellent les -malades; et puis j'ai les miens, que j'appelle les malheureux.» - -Ailleurs encore il avait écrit: «Ne demandez pas son nom à qui vous -demande un gîte. C'est surtout celui-là que son nom embarrasse qui a -besoin d'asile.» - -Il advint qu'un digne curé, je ne sais plus si c'était le curé de -Couloubroux ou le curé de Pompierry, s'avisa de lui demander un jour, -probablement à l'instigation de madame Magloire, si Monseigneur était -bien sûr de ne pas commettre jusqu'à un certain point une imprudence en -laissant jour et nuit sa porte ouverte à la disposition de qui voulait -entrer, et s'il ne craignait pas enfin qu'il n'arrivât quelque malheur -dans une maison si peu gardée. L'évêque lui toucha l'épaule avec une -gravité douce et lui dit:--_Nisi Dominus custodierit domum, in vanum -vigilant qui custodiunt eam_. - -Puis il parla d'autre chose. - -Il disait assez volontiers: - ---Il y a la bravoure du prêtre comme il y a la bravoure du colonel de -dragons. Seulement, ajoutait-il, la nôtre doit être tranquille. - - - - -Chapitre VII - -Cravatte - - -Ici se place naturellement un fait que nous ne devons pas omettre, car -il est de ceux qui font le mieux voir quel homme c'était que M. l'évêque -de Digne. - -Après la destruction de la bande de Gaspard Bès qui avait infesté les -gorges d'Ollioules, un de ses lieutenants, Cravatte, se réfugia dans la -montagne. Il se cacha quelque temps avec ses bandits, reste de la troupe -de Gaspard Bès, dans le comté de Nice, puis gagna le Piémont, et tout à -coup reparut en France, du côté de Barcelonnette. On le vit à Jauziers -d'abord, puis aux Tuiles. Il se cacha dans les cavernes du -Joug-de-l'Aigle, et de là il descendait vers les hameaux et les villages -par les ravins de l'Ubaye et de l'Ubayette. Il osa même pousser jusqu'à -Embrun, pénétra une nuit dans la cathédrale et dévalisa la sacristie. -Ses brigandages désolaient le pays. On mit la gendarmerie à ses -trousses, mais en vain. Il échappait toujours; quelquefois il résistait -de vive force. C'était un hardi misérable. Au milieu de toute cette -terreur, l'évêque arriva. Il faisait sa tournée. Au Chastelar, le maire -vint le trouver et l'engagea à rebrousser chemin. Cravatte tenait la -montagne jusqu'à l'Arche, et au-delà. Il y avait danger, même avec une -escorte. C'était exposer inutilement trois ou quatre malheureux -gendarmes. - ---Aussi, dit l'évêque, je compte aller sans escorte. - ---Y pensez-vous, monseigneur? s'écria le maire. - ---J'y pense tellement, que je refuse absolument les gendarmes et que je -vais partir dans une heure. - ---Partir? - ---Partir. - ---Seul? - ---Seul. - ---Monseigneur! vous ne ferez pas cela. - ---Il y a là, dans la montagne, reprit l'évêque, une humble petite -commune grande comme ça, que je n'ai pas vue depuis trois ans. Ce sont -mes bons amis. De doux et honnêtes bergers. Ils possèdent une chèvre sur -trente qu'ils gardent. Ils font de fort jolis cordons de laine de -diverses couleurs, et ils jouent des airs de montagne sur de petites -flûtes à six trous. Ils ont besoin qu'on leur parle de temps en temps du -bon Dieu. Que diraient-ils d'un évêque qui a peur? Que diraient-ils si -je n'y allais pas? - ---Mais, monseigneur, les brigands! Si vous rencontrez les brigands! - ---Tiens, dit l'évêque, j'y songe. Vous avez raison. Je puis les -rencontrer. Eux aussi doivent avoir besoin qu'on leur parle du bon Dieu. - ---Monseigneur! mais c'est une bande! c'est un troupeau de loups! - ---Monsieur le maire, c'est peut-être précisément de ce troupeau que -Jésus me fait le pasteur. Qui sait les voies de la Providence? - ---Monseigneur, ils vous dévaliseront. - ---Je n'ai rien. - ---Ils vous tueront. - ---Un vieux bonhomme de prêtre qui passe en marmottant ses momeries? Bah! -à quoi bon? - ---Ah! mon Dieu! si vous alliez les rencontrer! - ---Je leur demanderai l'aumône pour mes pauvres. - ---Monseigneur, n'y allez pas, au nom du ciel! vous exposez votre vie. - ---Monsieur le maire, dit l'évêque, n'est-ce décidément que cela? Je ne -suis pas en ce monde pour garder ma vie, mais pour garder les âmes. - -Il fallut le laisser faire. Il partit, accompagné seulement d'un enfant -qui s'offrit à lui servir de guide. Son obstination fit bruit dans le -pays, et effraya très fort. - -Il ne voulut emmener ni sa soeur ni madame Magloire. Il traversa la -montagne à mulet, ne rencontra personne, et arriva sain et sauf chez ses -«bons amis» les bergers. Il y resta quinze jours, prêchant, -administrant, enseignant, moralisant. Lorsqu'il fut proche de son -départ, il résolut de chanter pontificalement un _Te Deum_. Il en parla -au curé. Mais comment faire? pas d'ornements épiscopaux. On ne pouvait -mettre à sa disposition qu'une chétive sacristie de village avec -quelques vieilles chasubles de damas usé ornées de galons faux. - ---Bah! dit l'évêque. Monsieur le curé, annonçons toujours au prône notre -_Te Deum_. Cela s'arrangera. - -On chercha dans les églises d'alentour. Toutes les magnificences de ces -humbles paroisses réunies n'auraient pas suffi à vêtir convenablement un -chantre de cathédrale. Comme on était dans cet embarras, une grande -caisse fut apportée et déposée au presbytère pour M. l'évêque par deux -cavaliers inconnus qui repartirent sur-le-champ. On ouvrit la caisse; -elle contenait une chape de drap d'or, une mitre ornée de diamants, une -croix archiépiscopale, une crosse magnifique, tous les vêtements -pontificaux volés un mois auparavant au trésor de Notre-Dame d'Embrun. -Dans la caisse, il y avait un papier sur lequel étaient écrits ces mots: -_Cravatte à monseigneur Bienvenu_. - ---Quand je disais que cela s'arrangerait! dit l'évêque. - -Puis il ajouta en souriant: - ---À qui se contente d'un surplis de curé, Dieu envoie une chape -d'archevêque. - ---Monseigneur, murmura le curé en hochant la tête avec un sourire, Dieu, -ou le diable. - -L'évêque regarda fixement le curé et reprit avec autorité: - ---Dieu! - -Quand il revint au Chastelar, et tout le long de la route, on venait le -regarder par curiosité. Il retrouva au presbytère du Chastelar -mademoiselle Baptistine et madame Magloire qui l'attendaient, et il dit -à sa soeur: - ---Eh bien, avais-je raison? Le pauvre prêtre est allé chez ces pauvres -montagnards les mains vides, il en revient les mains pleines. J'étais -parti n'emportant que ma confiance en Dieu; je rapporte le trésor d'une -cathédrale. - -Le soir, avant de se coucher, il dit encore: - ---Ne craignons jamais les voleurs ni les meurtriers. Ce sont là les -dangers du dehors, les petits dangers. Craignons-nous nous-mêmes. Les -préjugés, voilà les voleurs; les vices, voilà les meurtriers. Les grands -dangers sont au dedans de nous. Qu'importe ce qui menace notre tête ou -notre bourse! Ne songeons qu'à ce qui menace notre âme. - -Puis se tournant vers sa soeur: - ---Ma soeur, de la part du prêtre jamais de précaution contre le -prochain. Ce que le prochain fait, Dieu le permet. Bornons-nous à prier -Dieu quand nous croyons qu'un danger arrive sur nous. Prions-le, non -pour nous, mais pour que notre frère ne tombe pas en faute à notre -occasion. - -Du reste, les événements étaient rares dans son existence. Nous -racontons ceux que nous savons; mais d'ordinaire il passait sa vie à -faire toujours les mêmes choses aux mêmes moments. Un mois de son année -ressemblait à une heure de sa journée. - -Quant à ce que devint «le trésor» de la cathédrale d'Embrun, on nous -embarrasserait de nous interroger là-dessus. C'étaient là de bien belles -choses, et bien tentantes, et bien bonnes à voler au profit des -malheureux. Volées, elles l'étaient déjà d'ailleurs. La moitié de -l'aventure était accomplie; il ne restait plus qu'à changer la direction -du vol, et qu'à lui faire faire un petit bout de chemin du côté des -pauvres. Nous n'affirmons rien du reste à ce sujet. Seulement on a -trouvé dans les papiers de l'évêque une note assez obscure qui se -rapporte peut-être à cette affaire, et qui est ainsi conçue: _La -question est de savoir si cela doit faire retour à la cathédrale ou à -l'hôpital_. - - - - -Chapitre VIII - -Philosophie après boire - - -Le sénateur dont il a été parlé plus haut était un homme entendu qui -avait fait son chemin avec une rectitude inattentive à toutes ces -rencontres qui font obstacle et qu'on nomme conscience, foi jurée, -justice, devoir; il avait marché droit à son but et sans broncher une -seule fois dans la ligne de son avancement et de son intérêt. C'était un -ancien procureur, attendri par le succès, pas méchant homme du tout, -rendant tous les petits services qu'il pouvait à ses fils, à ses -gendres, à ses parents, même à des amis; ayant sagement pris de la vie -les bons côtés, les bonnes occasions, les bonnes aubaines. Le reste lui -semblait assez bête. Il était spirituel, et juste assez lettré pour se -croire un disciple d'Épicure en n'étant peut-être qu'un produit de -Pigault-Lebrun. Il riait volontiers, et agréablement, des choses -infinies et éternelles, et des «billevesées du bonhomme évêque». Il en -riait quelquefois, avec une aimable autorité, devant M. Myriel lui-même, -qui écoutait. - -À je ne sais plus quelle cérémonie demi-officielle, le comte*** (ce -sénateur) et M. Myriel durent dîner chez le préfet. Au dessert, le -sénateur, un peu égayé, quoique toujours digne, s'écria: - ---Parbleu, monsieur l'évêque, causons. Un sénateur et un évêque se -regardent difficilement sans cligner de l'oeil. Nous sommes deux -augures. Je vais vous faire un aveu. J'ai ma philosophie. - ---Et vous avez raison, répondit l'évêque. Comme on fait sa philosophie -on se couche. Vous êtes sur le lit de pourpre, monsieur le sénateur. - -Le sénateur, encouragé, reprit: - ---Soyons bons enfants. - ---Bons diables même, dit l'évêque. - ---Je vous déclare, reprit le sénateur, que le marquis d'Argens, Pyrrhon, -Hobbes et M. Naigeon ne sont pas des maroufles. J'ai dans ma -bibliothèque tous mes philosophes dorés sur tranche. - ---Comme vous-même, monsieur le comte, interrompit l'évêque. - -Le sénateur poursuivit: - ---Je hais Diderot; c'est un idéologue, un déclamateur et un -révolutionnaire, au fond croyant en Dieu, et plus bigot que Voltaire. -Voltaire s'est moqué de Needham, et il a eu tort; car les anguilles de -Needham prouvent que Dieu est inutile. Une goutte de vinaigre dans une -cuillerée de pâte de farine supplée le _fiat lux_. Supposez la goutte -plus grosse et la cuillerée plus grande, vous avez le monde. L'homme, -c'est l'anguille. Alors à quoi bon le Père éternel? Monsieur l'évêque, -l'hypothèse Jéhovah me fatigue. Elle n'est bonne qu'à produire des gens -maigres qui songent creux. À bas ce grand Tout qui me tracasse! Vive -Zéro qui me laisse tranquille! De vous à moi, et pour vider mon sac, et -pour me confesser à mon pasteur comme il convient, je vous avoue que -j'ai du bon sens. Je ne suis pas fou de votre Jésus qui prêche à tout -bout de champ le renoncement et le sacrifice. Conseil d'avare à des -gueux. Renoncement! pourquoi? Sacrifice! à quoi? Je ne vois pas qu'un -loup s'immole au bonheur d'un autre loup. Restons donc dans la nature. -Nous sommes au sommet; ayons la philosophie supérieure. Que sert d'être -en haut, si l'on ne voit pas plus loin que le bout du nez des autres? -Vivons gaîment. La vie, c'est tout. Que l'homme ait un autre avenir, -ailleurs, là-haut, là-bas, quelque part, je n'en crois pas un traître -mot. Ah! l'on me recommande le sacrifice et le renoncement, je dois -prendre garde à tout ce que je fais, il faut que je me casse la tête sur -le bien et le mal, sur le juste et l'injuste, sur le _fas_ et le -_nefas_. Pourquoi? parce que j'aurai à rendre compte de mes actions. -Quand? après ma mort. Quel bon rêve! Après ma mort, bien fin qui me -pincera. Faites donc saisir une poignée de cendre par une main d'ombre. -Disons le vrai, nous qui sommes des initiés et qui avons levé la jupe -d'Isis: il n'y a ni bien, ni mal; il y a de la végétation. Cherchons le -réel. Creusons tout à fait. Allons au fond, que diable! Il faut flairer -la vérité, fouiller sous terre, et la saisir. Alors elle vous donne des -joies exquises. Alors vous devenez fort, et vous riez. Je suis carré par -la base, moi. Monsieur l'évêque, l'immortalité de l'homme est un -écoute-s'il-pleut. Oh! la charmante promesse! Fiez-vous-y. Le bon billet -qu'a Adam! On est âme, on sera ange, on aura des ailes bleues aux -omoplates. Aidez-moi donc, n'est-ce pas Tertullien qui dit que les -bienheureux iront d'un astre à l'autre? Soit. On sera les sauterelles -des étoiles. Et puis, on verra Dieu. Ta ta ta. Fadaises que tous ces -paradis. Dieu est une sonnette monstre. Je ne dirais point cela dans le -_Moniteur_, parbleu! mais je le chuchote entre amis. _Inter pocula_. -Sacrifier la terre au paradis, c'est lâcher la proie pour l'ombre. Être -dupe de l'infini! pas si bête. Je suis néant. Je m'appelle monsieur le -comte Néant, sénateur. Étais-je avant ma naissance? Non. Serai-je après -ma mort? Non. Que suis-je? un peu de poussière agrégée par un organisme. -Qu'ai-je à faire sur cette terre? J'ai le choix. Souffrir ou jouir. Où -me mènera la souffrance? Au néant. Mais j'aurai souffert. Où me mènera -la jouissance? Au néant. Mais j'aurai joui. Mon choix est fait. Il faut -être mangeant ou mangé. Je mange. Mieux vaut être la dent que l'herbe. -Telle est ma sagesse. Après quoi, va comme je te pousse, le fossoyeur -est là, le Panthéon pour nous autres, tout tombe dans le grand trou. -Fin. _Finis_. Liquidation totale. Ceci est l'endroit de -l'évanouissement. La mort est morte, croyez-moi. Qu'il y ait là -quelqu'un qui ait quelque chose à me dire, je ris d'y songer. Invention -de nourrices. Croquemitaine pour les enfants, Jéhovah pour les hommes. -Non, notre lendemain est de la nuit. Derrière la tombe, il n'y a plus -que des néants égaux. Vous avez été Sardanapale, vous avez été Vincent -de Paul, cela fait le même rien. Voilà le vrai. Donc vivez, par-dessus -tout. Usez de votre moi pendant que vous le tenez. En vérité, je vous le -dis, monsieur l'évêque, j'ai ma philosophie, et j'ai mes philosophes. Je -ne me laisse pas enguirlander par des balivernes. Après ça, il faut bien -quelque chose à ceux qui sont en bas, aux va-nu-pieds, aux gagne-petit, -aux misérables. On leur donne à gober les légendes, les chimères, l'âme, -l'immortalité, le paradis, les étoiles. Ils mâchent cela. Ils le mettent -sur leur pain sec. Qui n'a rien a le bon Dieu. C'est bien le moins. Je -n'y fais point obstacle, mais je garde pour moi monsieur Naigeon. Le bon -Dieu est bon pour le peuple. - -L'évêque battit des mains. - ---Voilà parler! s'écria-t-il. L'excellente chose, et vraiment -merveilleuse, que ce matérialisme-là! Ne l'a pas qui veut. Ah! quand on -l'a, on n'est plus dupe; on ne se laisse pas bêtement exiler comme -Caton, ni lapider comme Étienne, ni brûler vif comme Jeanne d'Arc. Ceux -qui ont réussi à se procurer ce matérialisme admirable ont la joie de se -sentir irresponsables, et de penser qu'ils peuvent dévorer tout, sans -inquiétude, les places, les sinécures, les dignités, le pouvoir bien ou -mal acquis, les palinodies lucratives, les trahisons utiles, les -savoureuses capitulations de conscience, et qu'ils entreront dans la -tombe, leur digestion faite. Comme c'est agréable! Je ne dis pas cela -pour vous, monsieur le sénateur. Cependant il m'est impossible de ne -point vous féliciter. Vous autres grands seigneurs, vous avez, vous le -dites, une philosophie à vous et pour vous, exquise, raffinée, -accessible aux riches seuls, bonne à toutes les sauces, assaisonnant -admirablement les voluptés de la vie. Cette philosophie est prise dans -les profondeurs et déterrée par des chercheurs spéciaux. Mais vous êtes -bons princes, et vous ne trouvez pas mauvais que la croyance au bon Dieu -soit la philosophie du peuple, à peu près comme l'oie aux marrons est la -dinde aux truffes du pauvre. - - - - -Chapitre IX - -Le frère raconté par la soeur - - -Pour donner une idée du ménage intérieur de M. l'évêque de Digne et de -la façon dont ces deux saintes filles subordonnaient leurs actions, -leurs pensées, même leurs instincts de femmes aisément effrayées, aux -habitudes et aux intentions de l'évêque, sans qu'il eût même à prendre -la peine de parler pour les exprimer, nous ne pouvons mieux faire que de -transcrire ici une lettre de mademoiselle Baptistine à madame la -vicomtesse de Boischevron, son amie d'enfance. Cette lettre est entre -nos mains. - -«Digne, 16 décembre 18.... - -«Ma bonne madame, pas un jour ne se passe sans que nous parlions de -vous. C'est assez notre habitude, mais il y a une raison de plus. -Figurez-vous qu'en lavant et époussetant les plafonds et les murs, -madame Magloire a fait des découvertes; maintenant nos deux chambres -tapissées de vieux papier blanchi à la chaux ne dépareraient pas un -château dans le genre du vôtre. Madame Magloire a déchiré tout le -papier. Il y avait des choses dessous. Mon salon, où il n'y a pas de -meubles, et dont nous nous servons pour étendre le linge après les -lessives, a quinze pieds de haut, dix-huit de large carrés, un plafond -peint anciennement avec dorure, des solives comme chez vous. C'était -recouvert d'une toile, du temps que c'était l'hôpital. Enfin des -boiseries du temps de nos grand'mères. Mais c'est ma chambre qu'il faut -voir. Madame Magloire a découvert, sous au moins dix papiers collés -dessus, des peintures, sans être bonnes, qui peuvent se supporter. C'est -Télémaque reçu chevalier par Minerve, c'est lui encore dans les jardins. -Le nom m'échappe. Enfin où les dames romaines se rendaient une seule -nuit. Que vous dirai-je? j'ai des romains, des romaines (_ici un mot -illisible_), et toute la suite. Madame Magloire a débarbouillé tout -cela, et cet été elle va réparer quelques petites avaries, revenir le -tout, et ma chambre sera un vrai musée. Elle a trouvé aussi dans un coin -du grenier deux consoles en bois, genre ancien. On demandait deux écus -de six livres pour les redorer, mais il vaut bien mieux donner cela aux -pauvres; d'ailleurs c'est fort laid, et j'aimerais mieux une table ronde -en acajou. - -«Je suis toujours bien heureuse. Mon frère est si bon. Il donne tout ce -qu'il a aux indigents et aux malades. Nous sommes très gênés. Le pays -est dur l'hiver, et il faut bien faire quelque chose pour ceux qui -manquent. Nous sommes à peu près chauffés et éclairés. Vous voyez que ce -sont de grandes douceurs. - -«Mon frère a ses habitudes à lui. Quand il cause, il dit qu'un évêque -doit être ainsi. Figurez-vous que la porte de la maison n'est jamais -fermée. Entre qui veut, et l'on est tout de suite chez mon frère. Il ne -craint rien, même la nuit. C'est là sa bravoure à lui, comme il dit. - -«Il ne veut pas que je craigne pour lui, ni que madame Magloire craigne. -Il s'expose à tous les dangers, et il ne veut même pas que nous ayons -l'air de nous en apercevoir. Il faut savoir le comprendre. - -«Il sort par la pluie, il marche dans l'eau, il voyage en hiver. Il n'a -pas peur de la nuit, des routes suspectes ni des rencontres. - -«L'an dernier, il est allé tout seul dans un pays de voleurs. Il n'a pas -voulu nous emmener. Il est resté quinze jours absent. À son retour, il -n'avait rien eu, on le croyait mort, et il se portait bien, et il a dit: -"Voilà comme on m'a volé!" Et il a ouvert une malle pleine de tous les -bijoux de la cathédrale d'Embrun, que les voleurs lui avaient donnés. - -«Cette fois-là, en revenant, comme j'étais allée à sa rencontre à deux -lieues avec d'autres de ses amis, je n'ai pu m'empêcher de le gronder un -peu, en ayant soin de ne parler que pendant que la voiture faisait du -bruit, afin que personne autre ne pût entendre. - -«Dans les premiers temps, je me disais: il n'y a pas de dangers qui -l'arrêtent, il est terrible. À présent j'ai fini par m'y accoutumer. Je -fais signe à madame Magloire pour qu'elle ne le contrarie pas. Il se -risque comme il veut. Moi j'emmène madame Magloire, je rentre dans ma -chambre, je prie pour lui, et je m'endors. Je suis tranquille, parce que -je sais bien que s'il lui arrivait malheur, ce serait ma fin. Je m'en -irais au bon Dieu avec mon frère et mon évêque. Madame Magloire a eu -plus de peine que moi à s'habituer à ce qu'elle appelait ses -imprudences. Mais à présent le pli est pris. Nous prions toutes les -deux, nous avons peur ensemble, et nous nous endormons. Le diable -entrerait dans la maison qu'on le laisserait faire. Après tout, que -craignons-nous dans cette maison? Il y a toujours quelqu'un avec nous, -qui est le plus fort. Le diable peut y passer, mais le bon Dieu -l'habite. - -«Voilà qui me suffit. Mon frère n'a plus même besoin de me dire un mot -maintenant. Je le comprends sans qu'il parle, et nous nous abandonnons à -la Providence. - -«Voilà comme il faut être avec un homme qui a du grand dans l'esprit. - -«J'ai questionné mon frère pour le renseignement que vous me demandez -sur la famille de Faux. Vous savez comme il sait tout et comme il a des -souvenirs, car il est toujours très bon royaliste. C'est de vrai une -très ancienne famille normande de la généralité de Caen. Il y a cinq -cents ans d'un Raoul de Faux, d'un Jean de Faux et d'un Thomas de Faux, -qui étaient des gentilshommes, dont un seigneur de Rochefort. Le dernier -était Guy-Étienne-Alexandre, et était maître de camp, et quelque chose -dans les chevaux-légers de Bretagne. Sa fille Marie-Louise a épousé -Adrien-Charles de Gramont, fils du duc Louis de Gramont, pair de France, -colonel des gardes françaises et lieutenant général des armées. On écrit -Faux, Fauq et Faoucq. - -«Bonne madame, recommandez-nous aux prières de votre saint parent, M. le -cardinal. Quant à votre chère Sylvanie, elle a bien fait de ne pas -prendre les courts instants qu'elle passe près de vous pour m'écrire. -Elle se porte bien, travaille selon vos désirs, m'aime toujours. C'est -tout ce que je veux. Son souvenir par vous m'est arrivé. Je m'en trouve -heureuse. Ma santé n'est pas trop mauvaise, et cependant je maigris tous -les jours davantage. Adieu, le papier me manque et me force de vous -quitter. Mille bonnes choses. - -«Baptistine. - -«P. S. Madame votre belle-soeur est toujours ici avec sa jeune famille. -Votre petit-neveu est charmant. Savez-vous qu'il a cinq ans bientôt! -Hier il a vu passer un cheval auquel on avait mis des genouillères, et -il disait: "Qu'est-ce qu'il a donc aux genoux?" Il est si gentil, cet -enfant! Son petit frère traîne un vieux balai dans l'appartement comme -une voiture, et dit: "Hu!" - -»Comme on le voit par cette lettre, ces deux femmes savaient se plier -aux façons d'être de l'évêque avec ce génie particulier de la femme qui -comprend l'homme mieux que l'homme ne se comprend. L'évêque de Digne, -sous cet air doux et candide qui ne se démentait jamais, faisait parfois -des choses grandes, hardies et magnifiques, sans paraître même s'en -douter. Elles en tremblaient, mais elles le laissaient faire. -Quelquefois madame Magloire essayait une remontrance avant; jamais -pendant ni après. Jamais on ne le troublait, ne fût-ce que par un signe, -dans une action commencée. À de certains moments, sans qu'il eût besoin -de le dire, lorsqu'il n'en avait peut-être pas lui-même conscience, tant -sa simplicité était parfaite, elles sentaient vaguement qu'il agissait -comme évêque; alors elles n'étaient plus que deux ombres dans la maison. -Elles le servaient passivement, et, si c'était obéir que de disparaître, -elles disparaissaient. Elles savaient, avec une admirable délicatesse -d'instinct, que certaines sollicitudes peuvent gêner. Aussi, même le -croyant en péril, elles comprenaient, je ne dis pas sa pensée, mais sa -nature, jusqu'au point de ne plus veiller sur lui. Elles le confiaient à -Dieu. - -D'ailleurs Baptistine disait, comme on vient de le lire, que la fin de -son frère serait la sienne. Madame Magloire ne le disait pas, mais elle -le savait. - - - - -Chapitre X - -L'évêque en présence d'une lumière inconnue - - -À une époque un peu postérieure à la date de la lettre citée dans les -pages précédentes, il fit une chose, à en croire toute la ville, plus -risquée encore que sa promenade à travers les montagnes des bandits. Il -y avait près de Digne, dans la campagne, un homme qui vivait solitaire. -Cet homme, disons tout de suite le gros mot, était un ancien -conventionnel. Il se nommait G. - -On parlait du conventionnel G. dans le petit monde de Digne avec une -sorte d'horreur. Un conventionnel, vous figurez-vous cela? Cela existait -du temps qu'on se tutoyait et qu'on disait: citoyen. Cet homme était à -peu près un monstre. Il n'avait pas voté la mort du roi, mais presque. -C'était un quasi-régicide. Il avait été terrible. Comment, au retour des -princes légitimes, n'avait-on pas traduit cet homme-là devant une cour -prévôtale? On ne lui eût pas coupé la tête, si vous voulez, il faut de -la clémence, soit; mais un bon bannissement à vie. Un exemple enfin! -etc., etc. C'était un athée d'ailleurs, comme tous ces -gens-là.--Commérages des oies sur le vautour. - -Était-ce du reste un vautour que G.? Oui, si l'on en jugeait par ce -qu'il y avait de farouche dans sa solitude. N'ayant pas voté la mort du -roi, il n'avait pas été compris dans les décrets d'exil et avait pu -rester en France. - -Il habitait, à trois quarts d'heure de la ville, loin de tout hameau, -loin de tout chemin, on ne sait quel repli perdu d'un vallon très -sauvage. Il avait là, disait-on, une espèce de champ, un trou, un -repaire. Pas de voisins; pas même de passants. Depuis qu'il demeurait -dans ce vallon, le sentier qui y conduisait avait disparu sous l'herbe. -On parlait de cet endroit-là comme de la maison du bourreau. Pourtant -l'évêque songeait, et de temps en temps regardait l'horizon à l'endroit -où un bouquet d'arbres marquait le vallon du vieux conventionnel, et il -disait: - ---Il y a là une âme qui est seule. - -Et au fond de sa pensée il ajoutait: «Je lui dois ma visite.» - -Mais, avouons-le, cette idée, au premier abord naturelle, lui -apparaissait, après un moment de réflexion, comme étrange et impossible, -et presque repoussante. Car, au fond, il partageait l'impression -générale, et le conventionnel lui inspirait, sans qu'il s'en rendît -clairement compte, ce sentiment qui est comme la frontière de la haine -et qu'exprime si bien le mot éloignement. - -Toutefois, la gale de la brebis doit-elle faire reculer le pasteur? Non. -Mais quelle brebis! - -Le bon évêque était perplexe. Quelquefois il allait de ce côté-là, puis -il revenait. Un jour enfin le bruit se répandit dans la ville qu'une -façon de jeune pâtre qui servait le conventionnel G. dans sa bauge était -venu chercher un médecin; que le vieux scélérat se mourait, que la -paralysie le gagnait, et qu'il ne passerait pas la nuit. - ---Dieu merci! ajoutaient quelques-uns. - -L'évêque prit son bâton, mit son pardessus à cause de sa soutane un peu -trop usée, comme nous l'avons dit, et aussi à cause du vent du soir qui -ne devait pas tarder à souffler, et partit. - -Le soleil déclinait et touchait presque à l'horizon, quand l'évêque -arriva à l'endroit excommunié. Il reconnut avec un certain battement de -coeur qu'il était près de la tanière. Il enjamba un fossé, franchit une -haie, leva un échalier, entra dans un courtil délabré, fit quelques pas -assez hardiment, et tout à coup, au fond de la friche, derrière une -haute broussaille, il aperçut la caverne. - -C'était une cabane toute basse, indigente, petite et propre, avec une -treille clouée à la façade. - -Devant la porte, dans une vieille chaise à roulettes, fauteuil du -paysan, il y avait un homme en cheveux blancs qui souriait au soleil. - -Près du vieillard assis se tenait debout un jeune garçon, le petit -pâtre. Il tendait au vieillard une jatte de lait. - -Pendant que l'évêque regardait, le vieillard éleva la voix: - ---Merci, dit-il, je n'ai plus besoin de rien. - -Et son sourire quitta le soleil pour s'arrêter sur l'enfant. - -L'évêque s'avança. Au bruit qu'il fit en marchant, le vieux homme assis -tourna la tête, et son visage exprima toute la quantité de surprise -qu'on peut avoir après une longue vie. - ---Depuis que je suis ici, dit-il, voilà la première fois qu'on entre -chez moi. Qui êtes-vous, monsieur? - -L'évêque répondit: - ---Je me nomme Bienvenu Myriel. - ---Bienvenu Myriel! j'ai entendu prononcer ce nom. Est-ce que c'est vous -que le peuple appelle monseigneur Bienvenu? - ---C'est moi. - -Le vieillard reprit avec un demi-sourire: - ---En ce cas, vous êtes mon évêque? - ---Un peu. - ---Entrez, monsieur. - -Le conventionnel tendit la main à l'évêque, mais l'évêque ne la prit -pas. L'évêque se borna à dire: - ---Je suis satisfait de voir qu'on m'avait trompé. Vous ne me semblez, -certes, pas malade. - ---Monsieur, répondit le vieillard, je vais guérir. - -Il fit une pause et dit: - ---Je mourrai dans trois heures. - -Puis il reprit: - ---Je suis un peu médecin; je sais de quelle façon la dernière heure -vient. Hier, je n'avais que les pieds froids; aujourd'hui, le froid a -gagné les genoux; maintenant je le sens qui monte jusqu'à la ceinture; -quand il sera au coeur, je m'arrêterai. Le soleil est beau, n'est-ce -pas? je me suis fait rouler dehors pour jeter un dernier coup d'oeil sur -les choses, vous pouvez me parler, cela ne me fatigue point. Vous faites -bien de venir regarder un homme qui va mourir. Il est bon que ce -moment-là ait des témoins. On a des manies; j'aurais voulu aller jusqu'à -l'aube. Mais je sais que j'en ai à peine pour trois heures. Il fera -nuit. Au fait, qu'importe! Finir est une affaire simple. On n'a pas -besoin du matin pour cela. Soit. Je mourrai à la belle étoile. - -Le vieillard se tourna vers le pâtre. - ---Toi, va te coucher. Tu as veillé l'autre nuit. Tu es fatigué. - -L'enfant rentra dans la cabane. - -Le vieillard le suivit des yeux et ajouta comme se parlant à lui-même: - ---Pendant qu'il dormira, je mourrai. Les deux sommeils peuvent faire bon -voisinage. - -L'évêque n'était pas ému comme il semble qu'il aurait pu l'être. Il ne -croyait pas sentir Dieu dans cette façon de mourir. Disons tout, car les -petites contradictions des grands coeurs veulent être indiquées comme le -reste, lui qui, dans l'occasion, riait si volontiers de Sa Grandeur, il -était quelque peu choqué de ne pas être appelé monseigneur, et il était -presque tenté de répliquer: citoyen. Il lui vint une velléité de -familiarité bourrue, assez ordinaire aux médecins et aux prêtres, mais -qui ne lui était pas habituelle, à lui. Cet homme, après tout, ce -conventionnel, ce représentant du peuple, avait été un puissant de la -terre; pour la première fois de sa vie peut-être, l'évêque se sentit en -humeur de sévérité. - -Le conventionnel cependant le considérait avec une cordialité modeste, -où l'on eût pu démêler l'humilité qui sied quand on est si près de sa -mise en poussière. - -L'évêque, de son côté, quoiqu'il se gardât ordinairement de la -curiosité, laquelle, selon lui, était contiguë à l'offense, ne pouvait -s'empêcher d'examiner le conventionnel avec une attention qui, n'ayant -pas sa source dans la sympathie, lui eût été probablement reprochée par -sa conscience vis-à-vis de tout autre homme. Un conventionnel lui -faisait un peu l'effet d'être hors la loi, même hors la loi de charité. - -G., calme, le buste presque droit, la voix vibrante, était un de ces -grands octogénaires qui font l'étonnement du physiologiste. La -révolution a eu beaucoup de ces hommes proportionnés à l'époque. On -sentait dans ce vieillard l'homme à l'épreuve. Si près de sa fin, il -avait conservé tous les gestes de la santé. Il y avait dans son coup -d'oeil clair, dans son accent ferme, dans son robuste mouvement -d'épaules, de quoi déconcerter la mort. Azraël, l'ange mahométan du -sépulcre, eût rebroussé chemin et eût cru se tromper de porte. G. -semblait mourir parce qu'il le voulait bien. Il y avait de la liberté -dans son agonie. Les jambes seulement étaient immobiles. Les ténèbres le -tenaient par là. Les pieds étaient morts et froids, et la tête vivait de -toute la puissance de la vie et paraissait en pleine lumière. G., en ce -grave moment, ressemblait à ce roi du conte oriental, chair par en haut, -marbre par en bas. - -Une pierre était là. L'évêque s'y assit. L'exorde fut _ex abrupto_. - ---Je vous félicite, dit-il du ton dont on réprimande. Vous n'avez -toujours pas voté la mort du roi. - -Le conventionnel ne parut pas remarquer le sous-entendu amer caché dans -ce mot: toujours. Il répondit. Tout sourire avait disparu de sa face. - ---Ne me félicitez pas trop, monsieur; j'ai voté la fin du tyran. - -C'était l'accent austère en présence de l'accent sévère. - ---Que voulez-vous dire? reprit l'évêque. - ---Je veux dire que l'homme a un tyran, l'ignorance. J'ai voté la fin de -ce tyran-là. Ce tyran-là a engendré la royauté qui est l'autorité prise -dans le faux, tandis que la science est l'autorité prise dans le vrai. -L'homme ne doit être gouverné que par la science. - ---Et la conscience, ajouta l'évêque. - ---C'est la même chose. La conscience, c'est la quantité de science innée -que nous avons en nous. - -Monseigneur Bienvenu écoutait, un peu étonné, ce langage très nouveau -pour lui. Le conventionnel poursuivit: - ---Quant à Louis XVI, j'ai dit non. Je ne me crois pas le droit de tuer -un homme; mais je me sens le devoir d'exterminer le mal. J'ai voté la -fin du tyran. C'est-à-dire la fin de la prostitution pour la femme, la -fin de l'esclavage pour l'homme, la fin de la nuit pour l'enfant. En -votant la république, j'ai voté cela. J'ai voté la fraternité, la -concorde, l'aurore! J'ai aidé à la chute des préjugés et des erreurs. -Les écroulements des erreurs et des préjugés font de la lumière. Nous -avons fait tomber le vieux monde, nous autres, et le vieux monde, vase -des misères, en se renversant sur le genre humain, est devenu une urne -de joie. - ---Joie mêlée, dit l'évêque. - ---Vous pourriez dire joie troublée, et aujourd'hui, après ce fatal -retour du passé qu'on nomme 1814, joie disparue. Hélas, l'oeuvre a été -incomplète, j'en conviens; nous avons démoli l'ancien régime dans les -faits, nous n'avons pu entièrement le supprimer dans les idées. Détruire -les abus, cela ne suffit pas; il faut modifier les moeurs. Le moulin n'y -est plus, le vent y est encore. - ---Vous avez démoli. Démolir peut être utile; mais je me défie d'une -démolition compliquée de colère. - ---Le droit a sa colère, monsieur l'évêque, et la colère du droit est un -élément du progrès. N'importe, et quoi qu'on en dise, la révolution -française est le plus puissant pas du genre humain depuis l'avènement du -Christ. Incomplète, soit; mais sublime. Elle a dégagé toutes les -inconnues sociales. Elle a adouci les esprits; elle a calmé, apaisé, -éclairé; elle a fait couler sur la terre des flots de civilisation. Elle -a été bonne. La révolution française, c'est le sacre de l'humanité. - -L'évêque ne put s'empêcher de murmurer: - ---Oui? 93! - -Le conventionnel se dressa sur sa chaise avec une solennité presque -lugubre, et, autant qu'un mourant peut s'écrier, il s'écria: - ---Ah! vous y voilà! 93! J'attendais ce mot-là. Un nuage s'est formé -pendant quinze cents ans. Au bout de quinze siècles, il a crevé. Vous -faites le procès au coup de tonnerre. - -L'évêque sentit, sans se l'avouer peut-être, que quelque chose en lui -était atteint. Pourtant il fit bonne contenance. Il répondit: - ---Le juge parle au nom de la justice; le prêtre parle au nom de la -pitié, qui n'est autre chose qu'une justice plus élevée. Un coup de -tonnerre ne doit pas se tromper. - -Et il ajouta en regardant fixement le conventionnel. - ---Louis XVII? - -Le conventionnel étendit la main et saisit le bras de l'évêque: - ---Louis XVII! Voyons, sur qui pleurez-vous? Est-ce sur l'enfant -innocent? alors, soit. Je pleure avec vous. Est-ce sur l'enfant royal? -je demande à réfléchir. Pour moi, le frère de Cartouche, enfant -innocent, pendu sous les aisselles en place de Grève jusqu'à ce que mort -s'ensuive, pour le seul crime d'avoir été le frère de Cartouche, n'est -pas moins douloureux que le petit-fils de Louis XV, enfant innocent, -martyrisé dans la tour du Temple pour le seul crime d'avoir été le -petit-fils de Louis XV. - ---Monsieur, dit l'évêque, je n'aime pas ces rapprochements de noms. - ---Cartouche? Louis XV? pour lequel des deux réclamez-vous? - -Il y eut un moment de silence. L'évêque regrettait presque d'être venu, -et pourtant il se sentait vaguement et étrangement ébranlé. - -Le conventionnel reprit: - ---Ah! monsieur le prêtre, vous n'aimez pas les crudités du vrai. Christ -les aimait, lui. Il prenait une verge et il époussetait le temple. Son -fouet plein d'éclairs était un rude diseur de vérités. Quand il -s'écriait: _Sinite parvulos_..., il ne distinguait pas entre les petits -enfants. Il ne se fût pas gêné de rapprocher le dauphin de Barabbas du -dauphin d'Hérode. Monsieur, l'innocence est sa couronne à elle-même. -L'innocence n'a que faire d'être altesse. Elle est aussi auguste -déguenillée que fleurdelysée. - ---C'est vrai, dit l'évêque à voix basse. - ---J'insiste, continua le conventionnel G. Vous m'avez nommé Louis XVII. -Entendons-nous. Pleurons-nous sur tous les innocents, sur tous les -martyrs, sur tous les enfants, sur ceux d'en bas comme sur ceux d'en -haut? J'en suis. Mais alors, je vous l'ai dit, il faut remonter plus -haut que 93, et c'est avant Louis XVII qu'il faut commencer nos larmes. -Je pleurerai sur les enfants des rois avec vous, pourvu que vous -pleuriez avec moi sur les petits du peuple. - ---Je pleure sur tous, dit l'évêque. - ---Également! s'écria G., et si la balance doit pencher, que ce soit du -côté du peuple. Il y a plus longtemps qu'il souffre. - -Il y eut encore un silence. Ce fut le conventionnel qui le rompit. Il se -souleva sur un coude, prit entre son pouce et son index replié un peu de -sa joue, comme on fait machinalement lorsqu'on interroge et qu'on juge, -et interpella l'évêque avec un regard plein de toutes les énergies de -l'agonie. Ce fut presque une explosion. - ---Oui, monsieur, il y a longtemps que le peuple souffre. Et puis, tenez, -ce n'est pas tout cela, que venez-vous me questionner et me parler de -Louis XVII? Je ne vous connais pas, moi. Depuis que je suis dans ce -pays, j'ai vécu dans cet enclos, seul, ne mettant pas les pieds dehors, -ne vient personne que cet enfant qui m'aide. Votre nom est, il est vrai, -arrivé confusément jusqu'à moi, et, je dois le dire, pas très mal -prononcé; mais cela ne signifie rien; les gens habiles ont tant de -manières d'en faire accroire à ce brave bonhomme de peuple. À propos, je -n'ai pas entendu le bruit de votre voiture, vous l'aurez sans doute -laissée derrière le taillis, là-bas, à l'embranchement de la route. Je -ne vous connais pas, vous dis-je. Vous m'avez dit que vous étiez -l'évêque, mais cela ne me renseigne point sur votre personne morale. En -somme, je vous répète ma question. Qui êtes-vous? Vous êtes un évêque, -c'est-à-dire un prince de l'église, un de ces hommes dorés, armoriés, -rentés, qui ont de grosses prébendes--l'évêché de Digne, quinze mille -francs de fixe, dix mille francs de casuel, total, vingt-cinq mille -francs--, qui ont des cuisines, qui ont des livrées, qui font bonne -chère, qui mangent des poules d'eau le vendredi, qui se pavanent, -laquais devant, laquais derrière, en berline de gala, et qui ont des -palais, et qui roulent carrosse au nom de Jésus-Christ qui allait pieds -nus! Vous êtes un prélat; rentes, palais, chevaux, valets, bonne table, -toutes les sensualités de la vie, vous avez cela comme les autres, et -comme les autres vous en jouissez, c'est bien, mais cela en dit trop ou -pas assez; cela ne m'éclaire pas sur votre valeur intrinsèque et -essentielle, à vous qui venez avec la prétention probable de m'apporter -de la sagesse. À qui est-ce que je parle? Qui êtes-vous? - -L'évêque baissa la tête et répondit: - ---_Vermis sum_. - ---Un ver de terre en carrosse! grommela le conventionnel. - -C'était le tour du conventionnel d'être hautain, et de l'évêque d'être -humble. - -L'évêque reprit avec douceur. - ---Monsieur, soit. Mais expliquez-moi en quoi mon carrosse, qui est là à -deux pas derrière les arbres, en quoi ma bonne table et les poules d'eau -que je mange le vendredi, en quoi mes vingt-cinq mille livres de rentes, -en quoi mon palais et mes laquais prouvent que la pitié n'est pas une -vertu, que la clémence n'est pas un devoir, et que 93 n'a pas été -inexorable. - -Le conventionnel passa la main sur son front comme pour en écarter un -nuage. - ---Avant de vous répondre, dit-il, je vous prie de me pardonner. Je viens -d'avoir un tort, monsieur. Vous êtes chez moi, vous êtes mon hôte. Je -vous dois courtoisie. Vous discutez mes idées, il sied que je me borne à -combattre vos raisonnements. Vos richesses et vos jouissances sont des -avantages que j'ai contre vous dans le débat, mais il est de bon goût de -ne pas m'en servir. Je vous promets de ne plus en user. - ---Je vous remercie, dit l'évêque. - -G. reprit: - ---Revenons à l'explication que vous me demandiez. Où en étions-nous? Que -me disiez-vous? que 93 a été inexorable? - ---Inexorable, oui, dit l'évêque. Que pensez-vous de Marat battant des -mains à la guillotine? - ---Que pensez-vous de Bossuet chantant le _Te Deum_ sur les dragonnades? - -La réponse était dure, mais elle allait au but avec la rigidité d'une -pointe d'acier. L'évêque en tressaillit; il ne lui vint aucune riposte, -mais il était froissé de cette façon de nommer Bossuet. Les meilleurs -esprits ont leurs fétiches, et parfois se sentent vaguement meurtris des -manques de respect de la logique. - -Le conventionnel commençait à haleter; l'asthme de l'agonie, qui se mêle -aux derniers souffles, lui entrecoupait la voix; cependant il avait -encore une parfaite lucidité d'âme dans les yeux. Il continua: - ---Disons encore quelques mots çà et là, je veux bien. En dehors de la -révolution qui, prise dans son ensemble, est une immense affirmation -humaine, 93, hélas! est une réplique. Vous le trouvez inexorable, mais -toute la monarchie, monsieur? Carrier est un bandit; mais quel nom -donnez-vous à Montrevel? Fouquier-Tinville est un gueux, mais quel est -votre avis sur Lamoignon-Bâville? Maillard est affreux, mais -Saulx-Tavannes, s'il vous plaît? Le père Duchêne est féroce, mais quelle -épithète m'accorderez-vous pour le père Letellier? Jourdan-Coupe-Tête -est un monstre, mais moindre que M. le marquis de Louvois. Monsieur, -monsieur, je plains Marie-Antoinette, archiduchesse et reine, mais je -plains aussi cette pauvre femme huguenote qui, en 1685, sous Louis le -Grand, monsieur, allaitant son enfant, fut liée, nue jusqu'à la -ceinture, à un poteau, l'enfant tenu à distance; le sein se gonflait de -lait et le coeur d'angoisse. Le petit, affamé et pâle, voyait ce sein, -agonisait et criait, et le bourreau disait à la femme, mère et nourrice: -«Abjure!» lui donnant à choisir entre la mort de son enfant et la mort -de sa conscience. Que dites-vous de ce supplice de Tantale accommodé à -une mère? Monsieur, retenez bien ceci: la révolution française a eu ses -raisons. Sa colère sera absoute par l'avenir. Son résultat, c'est le -monde meilleur. De ses coups les plus terribles, il sort une caresse -pour le genre humain. J'abrège. Je m'arrête, j'ai trop beau jeu. -D'ailleurs je me meurs. - -Et, cessant de regarder l'évêque, le conventionnel acheva sa pensée en -ces quelques mots tranquilles: - ---Oui, les brutalités du progrès s'appellent révolutions. Quand elles -sont finies, on reconnaît ceci: que le genre humain a été rudoyé, mais -qu'il a marché. - -Le conventionnel ne se doutait pas qu'il venait d'emporter -successivement l'un après l'autre tous les retranchements intérieurs de -l'évêque. Il en restait un pourtant, et de ce retranchement, suprême -ressource de la résistance de monseigneur Bienvenu, sortit cette parole -où reparut presque toute la rudesse du commencement: - ---Le progrès doit croire en Dieu. Le bien ne peut pas avoir de serviteur -impie. C'est un mauvais conducteur du genre humain que celui qui est -athée. - -Le vieux représentant du peuple ne répondit pas. Il eut un tremblement. -Il regarda le ciel, et une larme germa lentement dans ce regard. Quand -la paupière fut pleine, la larme coula le long de sa joue livide, et il -dit presque en bégayant, bas et se parlant à lui-même, l'oeil perdu dans -les profondeurs: - ---O toi! ô idéal! toi seul existes! - -L'évêque eut une sorte d'inexprimable commotion. Après un silence, le -vieillard leva un doigt vers le ciel, et dit: - ---L'infini est. Il est là. Si l'infini n'avait pas de moi, le moi serait -sa borne; il ne serait pas infini; en d'autres termes, il ne serait pas. -Or il est. Donc il a un moi. Ce moi de l'infini, c'est Dieu. - -Le mourant avait prononcé ces dernières paroles d'une voix haute et avec -le frémissement de l'extase, comme s'il voyait quelqu'un. Quand il eut -parlé, ses yeux se fermèrent. L'effort l'avait épuisé. Il était évident -qu'il venait de vivre en une minute les quelques heures qui lui -restaient. Ce qu'il venait de dire l'avait approché de celui qui est -dans la mort. L'instant suprême arrivait. - -L'évêque le comprit, le moment pressait, c'était comme prêtre qu'il -était venu; de l'extrême froideur, il était passé par degrés à l'émotion -extrême; il regarda ces yeux fermés, il prit cette vieille main ridée et -glacée, et se pencha vers le moribond: - ---Cette heure est celle de Dieu. Ne trouvez-vous pas qu'il serait -regrettable que nous nous fussions rencontrés en vain? - -Le conventionnel rouvrit les yeux. Une gravité où il y avait de l'ombre -s'empreignit sur son visage. - ---Monsieur l'évêque, dit-il, avec une lenteur qui venait peut-être plus -encore de la dignité de l'âme que de la défaillance des forces, j'ai -passé ma vie dans la méditation, l'étude et la contemplation. J'avais -soixante ans quand mon pays m'a appelé, et m'a ordonné de me mêler de -ses affaires. J'ai obéi. Il y avait des abus, je les ai combattus; il y -avait des tyrannies, je les ai détruites; il y avait des droits et des -principes, je les ai proclamés et confessés. Le territoire était envahi, -je l'ai défendu; la France était menacée, j'ai offert ma poitrine. Je -n'étais pas riche; je suis pauvre. J'ai été l'un des maîtres de l'État, -les caves du Trésor étaient encombrées d'espèces au point qu'on était -forcé d'étançonner les murs, prêts à se fendre sous le poids de l'or et -de l'argent, je dînais rue de l'Arbre-Sec à vingt-deux sous par tête. -J'ai secouru les opprimés, j'ai soulagé les souffrants. J'ai déchiré la -nappe de l'autel, c'est vrai; mais c'était pour panser les blessures de -la patrie. J'ai toujours soutenu la marche en avant du genre humain vers -la lumière, et j'ai résisté quelquefois au progrès sans pitié. J'ai, -dans l'occasion, protégé mes propres adversaires, vous autres. Et il y a -à Peteghem en Flandre, à l'endroit même où les rois mérovingiens avaient -leur palais d'été, un couvent d'urbanistes, l'abbaye de Sainte-Claire en -Beaulieu, que j'ai sauvé en 1793. J'ai fait mon devoir selon mes forces, -et le bien que j'ai pu. Après quoi j'ai été chassé, traqué, poursuivi, -persécuté, noirci, raillé, conspué, maudit, proscrit. Depuis bien des -années déjà, avec mes cheveux blancs, je sens que beaucoup de gens se -croient sur moi le droit de mépris, j'ai pour la pauvre foule ignorante -visage de damné, et j'accepte, ne haïssant personne, l'isolement de la -haine. Maintenant, j'ai quatre-vingt-six ans; je vais mourir. Qu'est-ce -que vous venez me demander? - ---Votre bénédiction, dit l'évêque. - -Et il s'agenouilla. - -Quand l'évêque releva la tête, la face du conventionnel était devenue -auguste. Il venait d'expirer. - -L'évêque rentra chez lui profondément absorbé dans on ne sait quelles -pensées. Il passa toute la nuit en prière. Le lendemain, quelques braves -curieux essayèrent de lui parler du conventionnel G.; il se borna à -montrer le ciel. À partir de ce moment, il redoubla de tendresse et de -fraternité pour les petits et les souffrants. - -Toute allusion à ce «vieux scélérat de G.» le faisait tomber dans une -préoccupation singulière. Personne ne pourrait dire que le passage de -cet esprit devant le sien et le reflet de cette grande conscience sur la -sienne ne fût pas pour quelque chose dans son approche de la perfection. - -Cette «visite pastorale» fut naturellement une occasion de bourdonnement -pour les petites coteries locales: - ---Était-ce la place d'un évêque que le chevet d'un tel mourant? Il n'y -avait évidemment pas de conversion à attendre. Tous ces révolutionnaires -sont relaps. Alors pourquoi y aller? Qu'a-t-il été regarder là? Il -fallait donc qu'il fût bien curieux d'un emportement d'âme par le -diable. - -Un jour, une douairière, de la variété impertinente qui se croit -spirituelle, lui adressa cette saillie: - ---Monseigneur, on demande quand Votre Grandeur aura le bonnet rouge. - ---Oh! oh! voilà une grosse couleur, répondit l'évêque. Heureusement que -ceux qui la méprisent dans un bonnet la vénèrent dans un chapeau. - - - - -Chapitre XI - -Une restriction - - -On risquerait fort de se tromper si l'on concluait de là que monseigneur -Bienvenu fût «un évêque philosophe» ou «un curé patriote». Sa rencontre, -ce qu'on pourrait presque appeler sa conjonction avec le conventionnel -G., lui laissa une sorte d'étonnement qui le rendit plus doux encore. -Voilà tout. - -Quoique monseigneur Bienvenu n'ait été rien moins qu'un homme politique, -c'est peut-être ici le lieu d'indiquer, très brièvement, quelle fut son -attitude dans les événements d'alors, en supposant que monseigneur -Bienvenu ait jamais songé à avoir une attitude. Remontons donc en -arrière de quelques années. - -Quelque temps après l'élévation de M. Myriel à l'épiscopat, l'empereur -l'avait fait baron de l'empire, en même temps que plusieurs autres -évêques. L'arrestation du pape eut lieu, comme on sait, dans la nuit du -5 au 6 juillet 1809; à cette occasion, M. Myriel fut appelé par Napoléon -au synode des évêques de France et d'Italie convoqué à Paris. Ce synode -se tint à Notre-Dame et s'assembla pour la première fois le 15 juin 1811 -sous la présidence de M. le cardinal Fesch. M. Myriel fut du nombre des -quatre-vingt-quinze évêques qui s'y rendirent. Mais il n'assista qu'à -une séance et à trois ou quatre conférences particulières. Évêque d'un -diocèse montagnard, vivant si près de la nature, dans la rusticité et le -dénuement, il paraît qu'il apportait parmi ces personnages éminents des -idées qui changeaient la température de l'assemblée. Il revint bien vite -à Digne. On le questionna sur ce prompt retour, il répondit: - ---Je les gênais. L'air du dehors leur venait par moi. Je leur faisais -l'effet d'une porte ouverte. - -Une autre fois il dit: - ---Que voulez-vous? ces messeigneurs-là sont des princes. Moi, je ne suis -qu'un pauvre évêque paysan. - -Le fait est qu'il avait déplu. Entre autres choses étranges, il lui -serait échappé de dire, un soir qu'il se trouvait chez un de ses -collègues les plus qualifiés: - ---Les belles pendules! les beaux tapis! les belles livrées! Ce doit être -bien importun! Oh! que je ne voudrais pas avoir tout ce superflu-là à me -crier sans cesse aux oreilles: Il y a des gens qui ont faim! il y a des -gens qui ont froid! il y a des pauvres! il y a des pauvres! - -Disons-le en passant, ce ne serait pas une haine intelligente que la -haine du luxe. Cette haine impliquerait la haine des arts. Cependant, -chez les gens d'église, en dehors de la représentation et des -cérémonies, le luxe est un tort. Il semble révéler des habitudes peu -réellement charitables. Un prêtre opulent est un contre-sens. Le prêtre -doit se tenir près des pauvres. Or peut-on toucher sans cesse, et nuit -et jour, à toutes les détresses, à toutes les infortunes, à toutes les -indigences, sans avoir soi-même sur soi un peu de cette sainte misère, -comme la poussière du travail? Se figure-t-on un homme qui est près d'un -brasier, et qui n'a pas chaud? Se figure-t-on un ouvrier qui travaille -sans cesse à une fournaise, et qui n'a ni un cheveu brûlé, ni un ongle -noirci, ni une goutte de sueur, ni un grain de cendre au visage? La -première preuve de la charité chez le prêtre, chez l'évêque surtout, -c'est la pauvreté. C'était là sans doute ce que pensait M. l'évêque de -Digne. - -Il ne faudrait pas croire d'ailleurs qu'il partageait sur certains -points délicats ce que nous appellerions «les idées du siècle». Il se -mêlait peu aux querelles théologiques du moment et se taisait sur les -questions où sont compromis l'Église et l'État; mais si on l'eût -beaucoup pressé, il paraît qu'on l'eût trouvé plutôt ultramontain que -gallican. Comme nous faisons un portrait et que nous ne voulons rien -cacher, nous sommes forcé d'ajouter qu'il fut glacial pour Napoléon -déclinant. À partir de 1813, il adhéra ou il applaudit à toutes les -manifestations hostiles. Il refusa de le voir à son passage au retour de -l'île d'Elbe, et s'abstint d'ordonner dans son diocèse les prières -publiques pour l'empereur pendant les Cent-Jours. - -Outre sa soeur, mademoiselle Baptistine, il avait deux frères: l'un -général, l'autre préfet. Il écrivait assez souvent à tous les deux. Il -tint quelque temps rigueur au premier, parce qu'ayant un commandement en -Provence, à l'époque du débarquement de Cannes, le général s'était mis à -la tête de douze cents hommes et avait poursuivi l'empereur comme -quelqu'un qui veut le laisser échapper. Sa correspondance resta plus -affectueuse pour l'autre frère, l'ancien préfet, brave et digne homme -qui vivait retiré à Paris, rue Cassette. - -Monseigneur Bienvenu eut donc, aussi lui, son heure d'esprit de parti, -son heure d'amertume, son nuage. L'ombre des passions du moment traversa -ce doux et grand esprit occupé des choses éternelles. Certes, un pareil -homme eût mérité de n'avoir pas d'opinions politiques. Qu'on ne se -méprenne pas sur notre pensée, nous ne confondons point ce qu'on appelle -«opinions politiques» avec la grande aspiration au progrès, avec la -sublime foi patriotique, démocratique et humaine, qui, de nos jours, -doit être le fond même de toute intelligence généreuse. Sans approfondir -des questions qui ne touchent qu'indirectement au sujet de ce livre, -nous disons simplement ceci: Il eût été beau que monseigneur Bienvenu -n'eût pas été royaliste et que son regard ne se fût pas détourné un seul -instant de cette contemplation sereine où l'on voit rayonner -distinctement, au-dessus du va-et-vient orageux des choses humaines, ces -trois pures lumières, la Vérité, la Justice, la Charité. - -Tout en convenant que ce n'était point pour une fonction politique que -Dieu avait créé monseigneur Bienvenu, nous eussions compris et admiré la -protestation au nom du droit et de la liberté, l'opposition fière, la -résistance périlleuse et juste à Napoléon tout-puissant. Mais ce qui -nous plaît vis-à-vis de ceux qui montent nous plaît moins vis-à-vis de -ceux qui tombent. Nous n'aimons le combat que tant qu'il y a danger; et, -dans tous les cas, les combattants de la première heure ont seuls le -droit d'être les exterminateurs de la dernière. Qui n'a pas été -accusateur opiniâtre pendant la prospérité doit se taire devant -l'écroulement. Le dénonciateur du succès est le seul légitime justicier -de la chute. Quant à nous, lorsque la Providence s'en mêle et frappe, -nous la laissons faire. 1812 commence à nous désarmer. En 1813, la lâche -rupture de silence de ce corps législatif taciturne enhardi par les -catastrophes n'avait que de quoi indigner, et c'était un tort -d'applaudir; en 1814, devant ces maréchaux trahissant, devant ce sénat -passant d'une fange à l'autre, insultant après avoir divinisé, devant -cette idolâtrie lâchant pied et crachant sur l'idole, c'était un devoir -de détourner la tête; en 1815, comme les suprêmes désastres étaient dans -l'air, comme la France avait le frisson de leur approche sinistre, comme -on pouvait vaguement distinguer Waterloo ouvert devant Napoléon, la -douloureuse acclamation de l'armée et du peuple au condamné du destin -n'avait rien de risible, et, toute réserve faite sur le despote, un -coeur comme l'évêque de Digne n'eût peut-être pas dû méconnaître ce -qu'avait d'auguste et de touchant, au bord de l'abîme, l'étroit -embrassement d'une grande nation et d'un grand homme. - -À cela près, il était et il fut, en toute chose, juste, vrai, équitable, -intelligent, humble et digne; bienfaisant, et bienveillant, ce qui est -une autre bienfaisance. C'était un prêtre, un sage, et un homme. Même, -il faut le dire, dans cette opinion politique que nous venons de lui -reprocher et que nous sommes disposé à juger presque sévèrement, il -était tolérant et facile, peut-être plus que nous qui parlons ici.--Le -portier de la maison de ville avait été placé là par l'empereur. C'était -un vieux sous-officier de la vieille garde, légionnaire d'Austerlitz, -bonapartiste comme l'aigle. Il échappait dans l'occasion à ce pauvre -diable de ces paroles peu réfléchies que la loi d'alors qualifiait -_propos séditieux_. Depuis que le profil impérial avait disparu de la -légion d'honneur, il ne s'habillait jamais _dans l'ordonnance_, comme il -disait, afin de ne pas être forcé de porter sa croix. Il avait ôté -lui-même dévotement l'effigie impériale de la croix que Napoléon lui -avait donnée, cela faisait un trou, et il n'avait rien voulu mettre à la -place. «Plutôt mourir, disait-il, que de porter sur mon coeur les trois -crapauds!» Il raillait volontiers tout haut Louis XVIII. «Vieux goutteux -à guêtres d'anglais!» disait-il, «qu'il s'en aille en Prusse avec son -salsifis!» Heureux de réunir dans la même imprécation les deux choses -qu'il détestait le plus, la Prusse et l'Angleterre. Il en fit tant qu'il -perdit sa place. Le voilà sans pain sur le pavé avec femme et enfants. -L'évêque le fit venir, le gronda doucement, et le nomma suisse de la -cathédrale. - -M. Myriel était dans le diocèse le vrai pasteur, l'ami de tous. En neuf -ans, à force de saintes actions et de douces manières, monseigneur -Bienvenu avait rempli la ville de Digne d'une sorte de vénération tendre -et filiale. Sa conduite même envers Napoléon avait été acceptée et comme -tacitement pardonnée par le peuple, bon troupeau faible, qui adorait son -empereur, mais qui aimait son évêque. - - - - -Chapitre XII - -Solitude de monseigneur Bienvenu - - -Il y a presque toujours autour d'un évêque une escouade de petits abbés -comme autour d'un général une volée de jeunes officiers. C'est là ce que -ce charmant saint François de Sales appelle quelque part «les prêtres -blancs-becs». Toute carrière a ses aspirants qui font cortège aux -arrivés. Pas une puissance qui n'ait son entourage; pas une fortune qui -n'ait sa cour. Les chercheurs d'avenir tourbillonnent autour du présent -splendide. Toute métropole a son état-major. Tout évêque un peu influent -a près de lui sa patrouille de chérubins séminaristes, qui fait la ronde -et maintient le bon ordre dans le palais épiscopal, et qui monte la -garde autour du sourire de monseigneur. Agréer à un évêque, c'est le -pied à l'étrier pour un sous-diacre. Il faut bien faire son chemin; -l'apostolat ne dédaigne pas le canonicat. - -De même qu'il y a ailleurs les gros bonnets, il y a dans l'église les -grosses mitres. Ce sont les évêques bien en cour, riches, rentés, -habiles, acceptés du monde, sachant prier, sans doute, mais sachant -aussi solliciter, peu scrupuleux de faire faire antichambre en leur -personne à tout un diocèse, traits d'union entre la sacristie et la -diplomatie, plutôt abbés que prêtres, plutôt prélats qu'évêques. Heureux -qui les approche! Gens en crédit qu'ils sont, ils font pleuvoir autour -d'eux, sur les empressés et les favorisés, et sur toute cette jeunesse -qui sait plaire, les grasses paroisses, les prébendes, les -archidiaconats, les aumôneries et les fonctions cathédrales, en -attendant les dignités épiscopales. En avançant eux-mêmes, ils font -progresser leurs satellites; c'est tout un système solaire en marche. -Leur rayonnement empourpre leur suite. Leur prospérité s'émiette sur la -cantonade en bonnes petites promotions. Plus grand diocèse au patron, -plus grosse cure au favori. Et puis Rome est là. Un évêque qui sait -devenir archevêque, un archevêque qui sait devenir cardinal, vous emmène -comme conclaviste, vous entrez dans la rote, vous avez le pallium, vous -voilà auditeur, vous voilà camérier, vous voilà monsignor, et de la -Grandeur à Imminence il n'y a qu'un pas, et entre Imminence et la -Sainteté il n'y a que la fumée d'un scrutin. Toute calotte peut rêver la -tiare. Le prêtre est de nos jours le seul homme qui puisse régulièrement -devenir roi; et quel roi! le roi suprême. Aussi quelle pépinière -d'aspirations qu'un séminaire! Que d'enfants de choeur rougissants, que -de jeunes abbés ont sur la tête le pot au lait de Perrette! Comme -l'ambition s'intitule aisément vocation, qui sait? de bonne foi -peut-être et se trompant elle-même, béate qu'elle est! - -Monseigneur Bienvenu, humble, pauvre, particulier, n'était pas compté -parmi les grosses mitres. Cela était visible à l'absence complète de -jeunes prêtres autour de lui. On a vu qu'à Paris «il n'avait pas pris». -Pas un avenir ne songeait à se greffer sur ce vieillard solitaire. Pas -une ambition en herbe ne faisait la folie de verdir à son ombre. Ses -chanoines et ses grands vicaires étaient de bons vieux hommes, un peu -peuple comme lui, murés comme lui dans ce diocèse sans issue sur le -cardinafat, et qui ressemblaient à leur évêque, avec cette différence -qu'eux étaient finis, et que lui était achevé. - -On sentait si bien l'impossibilité de croître près de monseigneur -Bienvenu qu'à peine sortis du séminaire, les jeunes gens ordonnés par -lui se faisaient recommander aux archevêques d'Aix ou d'Auch, et s'en -allaient bien vite. Car enfin, nous le répétons, on veut être poussé. Un -saint qui vit dans un excès d'abnégation est un voisinage dangereux; il -pourrait bien vous communiquer par contagion une pauvreté incurable, -l'ankylose des articulations utiles à l'avancement, et, en somme, plus -de renoncement que vous n'en voulez; et l'on fuit cette vertu galeuse. -De là l'isolement de monseigneur Bienvenu. Nous vivons dans une société -sombre. Réussir, voilà l'enseignement qui tombe goutte à goutte de la -corruption en surplomb. - -Soit dit en passant, c'est une chose assez hideuse que le succès. Sa -fausse ressemblance avec le mérite trompe les hommes. Pour la foule, la -réussite a presque le même profil que la suprématie. Le succès, ce -ménechme du talent, a une dupe: l'histoire. Juvénal et Tacite seuls en -bougonnent. De nos jours, une philosophie à peu près officielle est -entrée en domesticité chez lui, porte la livrée du succès, et fait le -service de son antichambre. Réussissez: théorie. Prospérité suppose -Capacité. Gagnez à la loterie, vous voilà un habile homme. Qui triomphe -est vénéré. Naissez coiffé, tout est là. Ayez de la chance, vous aurez -le reste; soyez heureux, on vous croira grand. En dehors des cinq ou six -exceptions immenses qui font l'éclat d'un siècle, l'admiration -contemporaine n'est guère que myopie. Dorure est or. Être le premier -venu, cela ne gâte rien, pourvu qu'on soit le parvenu. Le vulgaire est -un vieux Narcisse qui s'adore lui-même et qui applaudit le vulgaire. -Cette faculté énorme par laquelle on est Moïse, Eschyle, Dante, -Michel-Ange ou Napoléon, la multitude la décerne d'emblée et par -acclamation à quiconque atteint son but dans quoi que ce soit. Qu'un -notaire se transfigure en député, qu'un faux Corneille fasse _Tiridate_, -qu'un eunuque parvienne à posséder un harem, qu'un Prud'homme militaire -gagne par accident la bataille décisive d'une époque, qu'un apothicaire -invente les semelles de carton pour l'armée de Sambre-et-Meuse et se -construise, avec ce carton vendu pour du cuir, quatre cent mille livres -de rente, qu'un porte-balle épouse l'usure et la fasse accoucher de sept -ou huit millions dont il est le père et dont elle est la mère, qu'un -prédicateur devienne évêque par le nasillement, qu'un intendant de bonne -maison soit si riche en sortant de service qu'on le fasse ministre des -finances, les hommes appellent cela Génie, de même qu'ils appellent -Beauté la figure de Mousqueton et Majesté l'encolure de Claude. Ils -confondent avec les constellations de l'abîme les étoiles que font dans -la vase molle du bourbier les pattes des canards. - - - - -Chapitre XIII - -Ce qu'il croyait - - -Au point de vue de l'orthodoxie, nous n'avons point à sonder M. l'évêque -de Digne. Devant une telle âme, nous ne nous sentons en humeur que de -respect. La conscience du juste doit être crue sur parole. D'ailleurs, -de certaines natures étant données, nous admettons le développement -possible de toutes les beautés de la vertu humaine dans une croyance -différente de la nôtre. - -Que pensait-il de ce dogme-ci ou de ce mystère-là? Ces secrets du for -intérieur ne sont connus que de la tombe où les âmes entrent nues. Ce -dont nous sommes certain, c'est que jamais les difficultés de foi ne se -résolvaient pour lui en hypocrisie. Aucune pourriture n'est possible au -diamant. Il croyait le plus qu'il pouvait. _Credo in Patrem_, -s'écriait-il souvent. Puisant d'ailleurs dans les bonnes oeuvres cette -quantité de satisfaction qui suffit à la conscience, et qui vous dit -tout bas: «Tu es avec Dieu.» - -Ce que nous croyons devoir noter, c'est que, en dehors, pour ainsi dire, -et au-delà de sa foi, l'évêque avait un excès d'amour. C'est par là, -_quia multum amavit_, qu'il était jugé vulnérable par les «hommes -sérieux», les «personnes graves» et les «gens raisonnables»; locutions -favorites de notre triste monde où l'égoïsme reçoit le mot d'ordre du -pédantisme. Qu'était-ce que cet excès d'amour? C'était une bienveillance -sereine, débordant les hommes, comme nous l'avons indiqué déjà, et, dans -l'occasion, s'étendant jusqu'aux choses. Il vivait sans dédain. Il était -indulgent pour la création de Dieu. Tout homme, même le meilleur, a en -lui une dureté irréfléchie qu'il tient en réserve pour l'animal. -L'évêque de Digne n'avait point cette dureté-là, particulière à beaucoup -de prêtres pourtant. Il n'allait pas jusqu'au bramine, mais il semblait -avoir médité cette parole de l'Ecclésiaste: «Sait-on où va l'âme des -animaux?» Les laideurs de l'aspect, les difformités de l'instinct, ne le -troublaient pas et ne l'indignaient pas. Il en était ému, presque -attendri. Il semblait que, pensif, il en allât chercher, au-delà de la -vie apparente, la cause, l'explication ou l'excuse. Il semblait par -moments demander à Dieu des commutations. Il examinait sans colère, et -avec l'oeil du linguiste qui déchiffre un palimpseste, la quantité de -chaos qui est encore dans la nature. Cette rêverie faisait parfois -sortir de lui des mots étranges. Un matin, il était dans son jardin; il -se croyait seul, mais sa soeur marchait derrière lui sans qu'il la vît; -tout à coup, il s'arrêta, et il regarda quelque chose à terre; c'était -une grosse araignée, noire, velue, horrible. Sa soeur l'entendit qui -disait: - ---Pauvre bête! ce n'est pas sa faute. - -Pourquoi ne pas dire ces enfantillages presque divins de la bonté? -Puérilités, soit; mais ces puérilités sublimes ont été celles de saint -François d'Assise et de Marc-Aurèle. Un jour il se donna une entorse -pour n'avoir pas voulu écraser une fourmi. - -Ainsi vivait cet homme juste. Quelquefois, il s'endormait dans son -jardin, et alors il n'était rien de plus vénérable. - -Monseigneur Bienvenu avait été jadis, à en croire les récits sur sa -jeunesse et même sur sa virilité, un homme passionné, peut-être violent. -Sa mansuétude universelle était moins un instinct de nature que le -résultat d'une grande conviction filtrée dans son coeur à travers la vie -et lentement tombée en lui, pensée à pensée; car, dans un caractère -comme dans un rocher, il peut y avoir des trous de gouttes d'eau. Ces -creusements-là sont ineffaçables; ces formations-là sont -indestructibles. - -En 1815, nous croyons l'avoir dit, il atteignit soixante-quinze ans, -mais il n'en paraissait pas avoir plus de soixante. Il n'était pas -grand; il avait quelque embonpoint, et, pour le combattre, il faisait -volontiers de longues marches à pied, il avait le pas ferme et n'était -que fort peu courbé, détail d'où nous ne prétendons rien conclure; -Grégoire XVI, à quatre-vingts ans, se tenait droit et souriant, ce qui -ne l'empêchait pas d'être un mauvais évêque. Monseigneur Bienvenu avait -ce que le peuple appelle «une belle tête», mais si aimable qu'on -oubliait qu'elle était belle. - -Quand il causait avec cette santé enfantine qui était une de ses grâces, -et dont nous avons déjà parlé, on se sentait à l'aise près de lui, il -semblait que de toute sa personne il sortît de la joie. Son teint coloré -et frais, toutes ses dents bien blanches qu'il avait conservées et que -son rire faisait voir, lui donnaient cet air ouvert et facile qui fait -dire d'un homme: «C'est un bon enfant», et d'un vieillard: «C'est un -bonhomme». C'était, on s'en souvient, l'effet qu'il avait fait à -Napoléon. Au premier abord, et pour qui le voyait pour la première fois, -ce n'était guère qu'un bonhomme en effet. Mais si l'on restait quelques -heures près de lui, et pour peu qu'on le vît pensif, le bonhomme se -transfigurait peu à peu et prenait je ne sais quoi d'imposant; son front -large et sérieux, auguste par les cheveux blancs, devenait auguste aussi -par la méditation; la majesté se dégageait de cette bonté, sans que la -bonté cessât de rayonner; on éprouvait quelque chose de l'émotion qu'on -aurait si l'on voyait un ange souriant ouvrir lentement ses ailes sans -cesser de sourire. Le respect, un respect inexprimable, vous pénétrait -par degrés et vous montait au coeur, et l'on sentait qu'on avait devant -soi une de ces âmes fortes, éprouvées et indulgentes, où la pensée est -si grande qu'elle ne peut plus être que douce. - -Comme on l'a vu, la prière, la célébration des offices religieux, -l'aumône, la consolation aux affligés, la culture d'un coin de terre, la -fraternité, la frugalité, l'hospitalité, le renoncement, la confiance, -l'étude, le travail remplissaient chacune des journées de sa vie. -_Remplissaient_ est bien le mot, et certes cette journée de l'évêque -était bien pleine jusqu'aux bords de bonnes pensées, de bonnes paroles -et de bonnes actions. Cependant elle n'était pas complète si le temps -froid ou pluvieux l'empêchait d'aller passer, le soir, quand les deux -femmes s'étaient retirées, une heure ou deux dans son jardin avant de -s'endormir. Il semblait que ce fût une sorte de rite pour lui de se -préparer au sommeil par la méditation en présence des grands spectacles -du ciel nocturne. Quelquefois, à une heure même assez avancée de la -nuit, si les deux vieilles filles ne dormaient pas, elles l'entendaient -marcher lentement dans les allées. Il était là, seul avec lui-même, -recueilli, paisible, adorant, comparant la sérénité de son coeur à la -sérénité de l'éther, ému dans les ténèbres par les splendeurs visibles -des constellations et les splendeurs invisibles de Dieu, ouvrant son âme -aux pensées qui tombent de l'inconnu. Dans ces moments-là, offrant son -coeur à l'heure où les fleurs nocturnes offrent leur parfum, allumé -comme une lampe au centre de la nuit étoilée, se répandant en extase au -milieu du rayonnement universel de la création, il n'eût pu peut-être -dire lui-même ce qui se passait dans son esprit, il sentait quelque -chose s'envoler hors de lui et quelque chose descendre en lui. -Mystérieux échanges des gouffres de l'âme avec les gouffres de -l'univers! - -Il songeait à la grandeur et à la présence de Dieu; à l'éternité future, -étrange mystère; à l'éternité passée, mystère plus étrange encore; à -tous les infinis qui s'enfonçaient sous ses yeux dans tous les sens; et, -sans chercher à comprendre l'incompréhensible, il le regardait. Il -n'étudiait pas Dieu, il s'en éblouissait. Il considérait ces magnifiques -rencontres des atomes qui donnent des aspects à la matière, révèlent les -forces en les constatant, créent les individualités dans l'unité, les -proportions dans l'étendue, l'innombrable dans l'infini, et par la -lumière produisent la beauté. Ces rencontres se nouent et se dénouent -sans cesse; de là la vie et la mort. Il s'asseyait sur un banc de bois -adossé à une treille décrépite, et il regardait les astres à travers les -silhouettes chétives et rachitiques de ses arbres fruitiers. Ce quart -d'arpent, si pauvrement planté, si encombré de masures et de hangars, -lui était cher et lui suffisait. - -Que fallait-il de plus à ce vieillard, qui partageait le loisir de sa -vie, où il y avait si peu de loisir, entre le jardinage le jour et la -contemplation la nuit? Cet étroit enclos, ayant les cieux pour plafond, -n'était-ce pas assez pour pouvoir adorer Dieu tour à tour dans ses -oeuvres les plus charmantes et dans ses oeuvres les plus sublimes? -N'est-ce pas là tout, en effet, et que désirer au-delà? Un petit jardin -pour se promener, et l'immensité pour rêver. À ses pieds ce qu'on peut -cultiver et cueillir; sur sa tête ce qu'on peut étudier et méditer; -quelques fleurs sur la terre et toutes les étoiles dans le ciel. - - - - -Chapitre XIV - -Ce qu'il pensait - - -Un dernier mot. - -Comme cette nature de détails pourrait, particulièrement au moment où -nous sommes, et pour nous servir d'une expression actuellement à la -mode, donner à l'évêque de Digne une certaine physionomie «panthéiste», -et faire croire, soit à son blâme, soit à sa louange, qu'il y avait en -lui une de ces philosophies personnelles, propres à notre siècle, qui -germent quelquefois dans les esprits solitaires et s'y construisent et y -grandissent jusqu'à y remplacer les religions, nous insistons sur ceci -que pas un de ceux qui ont connu monseigneur Bienvenu ne se fût cru -autorisé à penser rien de pareil. Ce qui éclairait cet homme, c'était le -coeur. Sa sagesse était faite de la lumière qui vient de là. - -Point de systèmes, beaucoup d'oeuvres. Les spéculations abstruses -contiennent du vertige; rien n'indique qu'il hasardât son esprit dans -les apocalypses. L'apôtre peut être hardi, mais l'évêque doit être -timide. Il se fût probablement fait scrupule de sonder trop avant de -certains problèmes réservés en quelque sorte aux grands esprits -terribles. Il y a de l'horreur sacrée sous les porches de l'énigme; ces -ouvertures sombres sont là béantes, mais quelque chose vous dit, à vous -passant de la vie, qu'on n'entre pas. Malheur à qui y pénètre! Les -génies, dans les profondeurs inouïes de l'abstraction et de la -spéculation pure, situés pour ainsi dire au-dessus des dogmes, proposent -leurs idées à Dieu. Leur prière offre audacieusement la discussion. Leur -adoration interroge. Ceci est la religion directe, pleine d'anxiété et -de responsabilité pour qui en tente les escarpements. - -La méditation humaine n'a point de limite. À ses risques et périls, elle -analyse et creuse son propre éblouissement. On pourrait presque dire -que, par une sorte de réaction splendide, elle en éblouit la nature; le -mystérieux monde qui nous entoure rend ce qu'il reçoit, il est probable -que les contemplateurs sont contemplés. Quoi qu'il en soit, il y a sur -la terre des hommes--sont-ce des hommes?--qui aperçoivent distinctement -au fond des horizons du rêve les hauteurs de l'absolu, et qui ont la -vision terrible de la montagne infinie. Monseigneur Bienvenu n'était -point de ces hommes-là, monseigneur Bienvenu n'était pas un génie. Il -eût redouté ces sublimités d'où quelques-uns, très grands même, comme -Swedenborg et Pascal, ont glissé dans la démence. Certes, ces puissantes -rêveries ont leur utilité morale, et par ces routes ardues on s'approche -de la perfection idéale. Lui, il prenait le sentier qui abrège: -l'évangile. Il n'essayait point de faire faire à sa chasuble les plis du -manteau d'Élie, il ne projetait aucun rayon d'avenir sur le roulis -ténébreux des événements, il ne cherchait pas à condenser en flamme la -lueur des choses, il n'avait rien du prophète et rien du mage. Cette âme -simple aimait, voilà tout. - -Qu'il dilatât la prière jusqu'à une aspiration surhumaine, cela est -probable; mais on ne peut pas plus prier trop qu'aimer trop; et, si -c'était une hérésie de prier au-delà des textes, sainte Thérèse et saint -Jérôme seraient des hérétiques. - -Il se penchait sur ce qui gémit et sur ce qui expie. L'univers lui -apparaissait comme une immense maladie; il sentait partout de la fièvre, -il auscultait partout de la souffrance, et, sans chercher à deviner -l'énigme, il tâchait de panser la plaie. Le redoutable spectacle des -choses créées développait en lui l'attendrissement; il n'était occupé -qu'à trouver pour lui-même et à inspirer aux autres la meilleure manière -de plaindre et de soulager. Ce qui existe était pour ce bon et rare -prêtre un sujet permanent de tristesse cherchant à consoler. - -Il y a des hommes qui travaillent à l'extraction de l'or; lui, il -travaillait à l'extraction de la pitié. L'universelle misère était sa -mine. La douleur partout n'était qu'une occasion de bonté toujours. -_Aimez-vous les uns les autres;_ il déclarait cela complet, ne -souhaitait rien de plus, et c'était là toute sa doctrine. Un jour, cet -homme qui se croyait «philosophe», ce sénateur, déjà nommé, dit à -l'évêque: - ---Mais voyez donc le spectacle du monde; guerre de tous contre tous; le -plus fort a le plus d'esprit. Votre _aimez-vous les uns les autres_ est -une bêtise. - ---Eh bien, répondit monseigneur Bienvenu sans disputer, si c'est une -bêtise, l'âme doit s'y enfermer comme la perle dans l'huître. - -Il s'y enfermait donc, il y vivait, il s'en satisfaisait absolument, -laissant de côté les questions prodigieuses qui attirent et qui -épouvantent, les perspectives insondables de l'abstraction, les -précipices de la métaphysique, toutes ces profondeurs convergentes, pour -l'apôtre à Dieu, pour l'athée au néant: la destinée, le bien et le mal, -la guerre de l'être contre l'être, la conscience de l'homme, le -somnambulisme pensif de l'animal, la transformation par la mort, la -récapitulation d'existences que contient le tombeau, la greffe -incompréhensible des amours successifs sur le moi persistant, l'essence, -la substance, le Nil et l'Ens, l'âme, la nature, la liberté, la -nécessité; problèmes à pic, épaisseurs sinistres, où se penchent les -gigantesques archanges de l'esprit humain; formidables abîmes que -Lucrèce, Manou, saint Paul et Dante contemplent avec cet oeil fulgurant -qui semble, en regardant fixement l'infini, y faire éclore des étoiles. - -Monseigneur Bienvenu était simplement un homme qui constatait du dehors -les questions mystérieuses sans les scruter, sans les agiter, et sans en -troubler son propre esprit, et qui avait dans l'âme le grave respect de -l'ombre. - - - - -Livre deuxième--La chute - - - - -Chapitre I - -Le soir d'un jour de marche - - -Dans les premiers jours du mois d'octobre 1815, une heure environ avant -le coucher du soleil, un homme qui voyageait à pied entrait dans la -petite ville de Digne. Les rares habitants qui se trouvaient en ce moment -à leurs fenêtres ou sur le seuil de leurs maisons regardaient ce -voyageur avec une sorte d'inquiétude. Il était difficile de rencontrer -un passant d'un aspect plus misérable. C'était un homme de moyenne -taille, trapu et robuste, dans la force de l'âge. Il pouvait avoir -quarante-six ou quarante-huit ans. Une casquette à visière de cuir -rabattue cachait en partie son visage, brûlé par le soleil et le hâle, -et ruisselant de sueur. Sa chemise de grosse toile jaune, rattachée au -col par une petite ancre d'argent, laissait voir sa poitrine velue; il -avait une cravate tordue en corde, un pantalon de coutil bleu, usé et -râpé, blanc à un genou, troué à l'autre, une vieille blouse grise en -haillons, rapiécée à l'un des coudes d'un morceau de drap vert cousu -avec de la ficelle, sur le dos un sac de soldat fort plein, bien bouclé -et tout neuf, à la main un énorme bâton noueux, les pieds sans bas dans -des souliers ferrés, la tête tondue et la barbe longue. - -La sueur, la chaleur, le voyage à pied, la poussière, ajoutaient je ne -sais quoi de sordide à cet ensemble délabré. - -Les cheveux étaient ras, et pourtant hérissés; car ils commençaient à -pousser un peu, et semblaient n'avoir pas été coupés depuis quelque -temps. - -Personne ne le connaissait. Ce n'était évidemment qu'un passant. D'où -venait-il? Du midi. Des bords de la mer peut-être. Car il faisait son -entrée dans Digne par la même rue qui, sept mois auparavant, avait vu -passer l'empereur Napoléon allant de Cannes à Paris. Cet homme avait dû -marcher tout le jour. Il paraissait très fatigué. Des femmes de l'ancien -bourg qui est au bas de la ville l'avaient vu s'arrêter sous les arbres -du boulevard Gassendi et boire à la fontaine qui est à l'extrémité de la -promenade. Il fallait qu'il eût bien soif, car des enfants qui le -suivaient le virent encore s'arrêter, et boire, deux cents pas plus -loin, à la fontaine de la place du marché. - -Arrivé au coin de la rue Poichevert, il tourna à gauche et se dirigea -vers la mairie. Il y entra, puis sortit un quart d'heure après. Un -gendarme était assis près de la porte sur le banc de pierre où le -général Drouot monta le 4 mars pour lire à la foule effarée des -habitants de Digne la proclamation du golfe Juan. L'homme ôta sa -casquette et salua humblement le gendarme. - -Le gendarme, sans répondre à son salut, le regarda avec attention, le -suivit quelque temps des yeux, puis entra dans la maison de ville. - -Il y avait alors à Digne une belle auberge à l'enseigne de _la -Croix-de-Colbas_. Cette auberge avait pour hôtelier un nommé Jacquin -Labarre, homme considéré dans la ville pour sa parenté avec un autre -Labarre, qui tenait à Grenoble l'auberge des _Trois-Dauphins_ et qui -avait servi dans les guides. Lors du débarquement de l'empereur, -beaucoup de bruits avaient couru dans le pays sur cette auberge des -_Trois-Dauphins_. On contait que le général Bertrand, déguisé en -charretier, y avait fait de fréquents voyages au mois de janvier, et -qu'il y avait distribué des croix d'honneur à des soldats et des -poignées de napoléons à des bourgeois. La réalité est que l'empereur, -entré dans Grenoble, avait refusé de s'installer à l'hôtel de la -préfecture; il avait remercié le maire en disant: _Je vais chez un brave -homme que je connais_, et il était allé aux _Trois-Dauphins_. Cette -gloire du Labarre des _Trois-Dauphins_ se reflétait à vingt-cinq lieues -de distance jusque sur le Labarre de la _Croix-de-Colbas_. On disait de -lui dans la ville: _C'est le cousin de celui de Grenoble_. - -L'homme se dirigea vers cette auberge, qui était la meilleure du pays. -Il entra dans la cuisine, laquelle s'ouvrait de plain-pied sur la rue. -Tous les fourneaux étaient allumés; un grand feu flambait gaîment dans -la cheminée. L'hôte, qui était en même temps le chef, allait de l'âtre -aux casseroles, fort occupé et surveillant un excellent dîner destiné à -des rouliers qu'on entendait rire et parler à grand bruit dans une salle -voisine. Quiconque a voyagé sait que personne ne fait meilleure chère -que les rouliers. Une marmotte grasse, flanquée de perdrix blanches et -de coqs de bruyère, tournait sur une longue broche devant le feu; sur -les fourneaux cuisaient deux grosses carpes du lac de Lauzet et une -truite du lac d'Alloz. - -L'hôte, entendant la porte s'ouvrir et entrer un nouveau venu, dit sans -lever les yeux de ses fourneaux: - ---Que veut monsieur? - ---Manger et coucher, dit l'homme. - ---Rien de plus facile, reprit l'hôte. - -En ce moment il tourna la tête, embrassa d'un coup d'oeil tout -l'ensemble du voyageur, et ajouta: - ---... en payant. - -L'homme tira une grosse bourse de cuir de la poche de sa blouse et -répondit: - ---J'ai de l'argent. - ---En ce cas on est à vous, dit l'hôte. - -L'homme remit sa bourse en poche, se déchargea de son sac, le posa à -terre près de la porte, garda son bâton à la main, et alla s'asseoir sur -une escabelle basse près du feu. Digne est dans la montagne. Les soirées -d'octobre y sont froides. - -Cependant, tout en allant et venant, l'homme considérait le voyageur. - ---Dîne-t-on bientôt? dit l'homme. - ---Tout à l'heure, dit l'hôte. - -Pendant que le nouveau venu se chauffait, le dos tourné, le digne -aubergiste Jacquin Labarre tira un crayon de sa poche, puis il déchira -le coin d'un vieux journal qui traînait sur une petite table près de la -fenêtre. Sur la marge blanche il écrivit une ligne ou deux, plia sans -cacheter et remit ce chiffon de papier à un enfant qui paraissait lui -servir tout à la fois de marmiton et de laquais. L'aubergiste dit un mot -à l'oreille du marmiton, et l'enfant partit en courant dans la direction -de la mairie. - -Le voyageur n'avait rien vu de tout cela. - -Il demanda encore une fois: - ---Dîne-t-on bientôt? - ---Tout à l'heure, dit l'hôte. - -L'enfant revint. Il rapportait le papier. L'hôte le déplia avec -empressement, comme quelqu'un qui attend une réponse. Il parut lire -attentivement, puis hocha la tête, et resta un moment pensif. Enfin il -fit un pas vers le voyageur qui semblait plongé dans des réflexions peu -sereines. - ---Monsieur, dit-il, je ne puis vous recevoir. - -L'homme se dressa à demi sur son séant. - ---Comment! Avez-vous peur que je ne paye pas? Voulez-vous que je paye -d'avance? J'ai de l'argent, vous dis-je. - ---Ce n'est pas cela. - ---Quoi donc? - ---Vous avez de l'argent.... - ---Oui, dit l'homme. - ---Et moi, dit l'hôte, je n'ai pas de chambre. - -L'homme reprit tranquillement: - ---Mettez-moi à l'écurie. - ---Je ne puis. - ---Pourquoi? - ---Les chevaux prennent toute la place. - ---Eh bien, repartit l'homme, un coin dans le grenier. Une botte de -paille. Nous verrons cela après dîner. - ---Je ne puis vous donner à dîner. - -Cette déclaration, faite d'un ton mesuré, mais ferme, parut grave à -l'étranger. Il se leva. - ---Ah bah! mais je meurs de faim, moi. J'ai marché dès le soleil levé. -J'ai fait douze lieues. Je paye. Je veux manger. - ---Je n'ai rien, dit l'hôte. - -L'homme éclata de rire et se tourna vers la cheminée et les fourneaux. - ---Rien! et tout cela? - ---Tout cela m'est retenu. - ---Par qui? - ---Par ces messieurs les rouliers. - ---Combien sont-ils? - ---Douze. - ---Il y a là à manger pour vingt. - ---Ils ont tout retenu et tout payé d'avance. - -L'homme se rassit et dit sans hausser la voix: - ---Je suis à l'auberge, j'ai faim, et je reste. - -L'hôte alors se pencha à son oreille, et lui dit d'un accent qui le fit -tressaillir: - ---Allez-vous en. - -Le voyageur était courbé en cet instant et poussait quelques braises -dans le feu avec le bout ferré de son bâton, il se retourna vivement, -et, comme il ouvrait la bouche pour répliquer, l'hôte le regarda -fixement et ajouta toujours à voix basse: - ---Tenez, assez de paroles comme cela. Voulez-vous que je vous dise votre -nom? Vous vous appelez Jean Valjean. Maintenant voulez-vous que je vous -dise qui vous êtes? En vous voyant entrer, je me suis douté de quelque -chose, j'ai envoyé à la mairie, et voici ce qu'on m'a répondu. -Savez-vous lire? - -En parlant ainsi il tendait à l'étranger, tout déplié, le papier qui -venait de voyager de l'auberge à la mairie, et de la mairie à l'auberge. -L'homme y jeta un regard. L'aubergiste reprit après un silence: - ---J'ai l'habitude d'être poli avec tout le monde. Allez-vous-en. - -L'homme baissa la tête, ramassa le sac qu'il avait déposé à terre, et -s'en alla. Il prit la grande rue. Il marchait devant lui au hasard, -rasant de près les maisons, comme un homme humilié et triste. Il ne se -retourna pas une seule fois. S'il s'était retourné, il aurait vu -l'aubergiste de la _Croix-de-Colbas_ sur le seuil de sa porte, entouré -de tous les voyageurs de son auberge et de tous les passants de la rue, -parlant vivement et le désignant du doigt, et, aux regards de défiance -et d'effroi du groupe, il aurait deviné qu'avant peu son arrivée serait -l'événement de toute la ville. - -Il ne vit rien de tout cela. Les gens accablés ne regardent pas derrière -eux. Ils ne savent que trop que le mauvais sort les suit. - -Il chemina ainsi quelque temps, marchant toujours, allant à l'aventure -par des rues qu'il ne connaissait pas, oubliant la fatigue, comme cela -arrive dans la tristesse. Tout à coup il sentit vivement la faim. La -nuit approchait. Il regarda autour de lui pour voir s'il ne découvrirait -pas quelque gîte. - -La belle hôtellerie s'était fermée pour lui; il cherchait quelque -cabaret bien humble, quelque bouge bien pauvre. - -Précisément une lumière s'allumait au bout de la rue; une branche de -pin, pendue à une potence en fer, se dessinait sur le ciel blanc du -crépuscule. Il y alla. - -C'était en effet un cabaret. Le cabaret qui est dans la rue de Chaffaut. - -Le voyageur s'arrêta un moment, et regarda par la vitre l'intérieur de -la salle basse du cabaret, éclairée par une petite lampe sur une table -et par un grand feu dans la cheminée. Quelques hommes y buvaient. L'hôte -se chauffait. La flamme faisait bruire une marmite de fer accrochée à la -crémaillère. - -On entre dans ce cabaret, qui est aussi une espèce d'auberge, par deux -portes. L'une donne sur la rue, l'autre s'ouvre sur une petite cour -pleine de fumier. - -Le voyageur n'osa pas entrer par la porte de la rue. Il se glissa dans -la cour, s'arrêta encore, puis leva timidement le loquet et poussa la -porte. - ---Qui va là? dit le maître. - ---Quelqu'un qui voudrait souper et coucher. - ---C'est bon. Ici on soupe et on couche. - -Il entra. Tous les gens qui buvaient se retournèrent. La lampe -l'éclairait d'un côté, le feu de l'autre. On l'examina quelque temps -pendant qu'il défaisait son sac. - -L'hôte lui dit: - ---Voilà du feu. Le souper cuit dans la marmite. Venez vous chauffer, -camarade. - -Il alla s'asseoir près de l'âtre. Il allongea devant le feu ses pieds -meurtris par la fatigue; une bonne odeur sortait de la marmite. Tout ce -qu'on pouvait distinguer de son visage sous sa casquette baissée prit -une vague apparence de bien-être mêlée à cet autre aspect si poignant -que donne l'habitude de la souffrance. - -C'était d'ailleurs un profil ferme, énergique et triste. Cette -physionomie était étrangement composée; elle commençait par paraître -humble et finissait par sembler sévère. L'oeil luisait sous les sourcils -comme un feu sous une broussaille. - -Cependant un des hommes attablés était un poissonnier qui, avant -d'entrer au cabaret de la rue de Chaffaut, était allé mettre son cheval -à l'écurie chez Labarre. Le hasard faisait que le matin même il avait -rencontré cet étranger de mauvaise mine, cheminant entre Bras dasse -et... j'ai oublié le nom. (Je crois que c'est Escoublon). Or, en le -rencontrant, l'homme, qui paraissait déjà très fatigué, lui avait -demandé de le prendre en croupe; à quoi le poissonnier n'avait répondu -qu'en doublant le pas. Ce poissonnier faisait partie, une demi-heure -auparavant, du groupe qui entourait Jacquin Labarre, et lui-même avait -raconté sa désagréable rencontre du matin aux gens de _la -Croix-de-Colbas_. Il fit de sa place au cabaretier un signe -imperceptible. Le cabaretier vint à lui. Ils échangèrent quelques -paroles à voix basse. L'homme était retombé dans ses réflexions. - -Le cabaretier revint à la cheminée, posa brusquement sa main sur -l'épaule de l'homme, et lui dit: - ---Tu vas t'en aller d'ici. - -L'étranger se retourna et répondit avec douceur. - ---Ah! vous savez? - ---Oui. - ---On m'a renvoyé de l'autre auberge. - ---Et l'on te chasse de celle-ci. - ---Où voulez-vous que j'aille? - ---Ailleurs. - -L'homme prit son bâton et son sac, et s'en alla. - -Comme il sortait, quelques enfants, qui l'avaient suivi depuis _la -Croix-de-Colbas_ et qui semblaient l'attendre, lui jetèrent des pierres. -Il revint sur ses pas avec colère et les menaça de son bâton; les -enfants se dispersèrent comme une volée d'oiseaux. - -Il passa devant la prison. À la porte pendait une chaîne de fer attachée -à une cloche. Il sonna. - -Un guichet s'ouvrit. - ---Monsieur le guichetier, dit-il en ôtant respectueusement sa casquette, -voudriez-vous bien m'ouvrir et me loger pour cette nuit? - -Une voix répondit: - ---Une prison n'est pas une auberge. Faites-vous arrêter. On vous -ouvrira. - -Le guichet se referma. - -Il entra dans une petite rue où il y a beaucoup de jardins. Quelques-uns -ne sont enclos que de haies, ce qui égaye la rue. Parmi ces jardins et -ces haies, il vit une petite maison d'un seul étage dont la fenêtre -était éclairée. Il regarda par cette vitre comme il avait fait pour le -cabaret. C'était une grande chambre blanchie à la chaux, avec un lit -drapé d'indienne imprimée, et un berceau dans un coin, quelques chaises -de bois et un fusil à deux coups accroché au mur. Une table était servie -au milieu de la chambre. Une lampe de cuivre éclairait la nappe de -grosse toile blanche, le broc d'étain luisant comme l'argent et plein de -vin et la soupière brune qui fumait. À cette table était assis un homme -d'une quarantaine d'années, à la figure joyeuse et ouverte, qui faisait -sauter un petit enfant sur ses genoux. Près de lui, une femme toute -jeune allaitait un autre enfant. Le père riait, l'enfant riait, la mère -souriait. - -L'étranger resta un moment rêveur devant ce spectacle doux et calmant. -Que se passait-il en lui? Lui seul eût pu le dire. Il est probable qu'il -pensa que cette maison joyeuse serait hospitalière, et que là où il -voyait tant de bonheur il trouverait peut-être un peu de pitié. - -Il frappa au carreau un petit coup très faible. - -On n'entendit pas. - -Il frappa un second coup. - -Il entendit la femme qui disait: - ---Mon homme, il me semble qu'on frappe. - ---Non, répondit le mari. - -Il frappa un troisième coup. - -Le mari se leva, prit la lampe, et alla à la porte qu'il ouvrit. - -C'était un homme de haute taille, demi-paysan, demi-artisan. Il portait -un vaste tablier de cuir qui montait jusqu'à son épaule gauche, et dans -lequel faisaient ventre un marteau, un mouchoir rouge, une poire à -poudre, toutes sortes d'objets que la ceinture retenait comme dans une -poche. Il renversait la tête en arrière; sa chemise largement ouverte et -rabattue montrait son cou de taureau, blanc et nu. Il avait d'épais -sourcils, d'énormes favoris noirs, les yeux à fleur de tête, le bas du -visage en museau, et sur tout cela cet air d'être chez soi qui est une -chose inexprimable. - ---Monsieur, dit le voyageur, pardon. En payant, pourriez-vous me donner -une assiettée de soupe et un coin pour dormir dans ce hangar qui est là -dans ce jardin? Dites, pourriez-vous? En payant? - ---Qui êtes-vous? demanda le maître du logis. - -L'homme répondit: - ---J'arrive de Puy-Moisson. J'ai marché toute la journée. J'ai fait douze -lieues. Pourriez-vous? En payant? - ---Je ne refuserais pas, dit le paysan, de loger quelqu'un de bien qui -payerait. Mais pourquoi n'allez-vous pas à l'auberge. - ---Il n'y a pas de place. - ---Bah! pas possible. Ce n'est pas jour de foire ni de marché. Êtes-vous -allé chez Labarre? - ---Oui. - ---Eh bien? - -Le voyageur répondit avec embarras: - ---Je ne sais pas, il ne m'a pas reçu. - ---Êtes-vous allé chez chose, de la rue de Chaffaut? - -L'embarras de l'étranger croissait. Il balbutia: - ---Il ne m'a pas reçu non plus. - -Le visage du paysan prit une expression de défiance, il regarda le -nouveau venu de la tête aux pieds, et tout à coup il s'écria avec une -sorte de frémissement: - ---Est-ce que vous seriez l'homme?... - -Il jeta un nouveau coup d'oeil sur l'étranger, fit trois pas en arrière, -posa la lampe sur la table et décrocha son fusil du mur. - -Cependant aux paroles du paysan: _Est-ce que vous seriez l'homme?..._ la -femme s'était levée, avait pris ses deux enfants dans ses bras et -s'était réfugiée précipitamment derrière son mari, regardant l'étranger -avec épouvante, la gorge nue, les yeux effarés, en murmurant tout bas:_ -Tso-maraude_. - -Tout cela se fit en moins de temps qu'il ne faut pour se le figurer. -Après avoir examiné quelques instants l'homme comme on examine une -vipère, le maître du logis revint à la porte et dit: - ---Va-t'en. - ---Par grâce, reprit l'homme, un verre d'eau. - ---Un coup de fusil! dit le paysan. - -Puis il referma la porte violemment, et l'homme l'entendit tirer deux -gros verrous. Un moment après, la fenêtre se ferma au volet, et un bruit -de barre de fer qu'on posait parvint au dehors. - -La nuit continuait de tomber. Le vent froid des Alpes soufflait. À la -lueur du jour expirant, l'étranger aperçut dans un des jardins qui -bordent la rue une sorte de hutte qui lui parut maçonnée en mottes de -gazon. Il franchit résolument une barrière de bois et se trouva dans le -jardin. Il s'approcha de la hutte; elle avait pour porte une étroite -ouverture très basse et elle ressemblait à ces constructions que les -cantonniers se bâtissent au bord des routes. Il pensa sans doute que -c'était en effet le logis d'un cantonnier; il souffrait du froid et de -la faim; il s'était résigné à la faim, mais c'était du moins là un abri -contre le froid. Ces sortes de logis ne sont habituellement pas occupés -la nuit. Il se coucha à plat ventre et se glissa dans la hutte. Il y -faisait chaud, et il y trouva un assez bon lit de paille. Il resta un -moment étendu sur ce lit, sans pouvoir faire un mouvement tant il était -fatigué. Puis, comme son sac sur son dos le gênait et que c'était -d'ailleurs un oreiller tout trouvé, il se mit à déboucler une des -courroies. En ce moment un grondement farouche se fit entendre. Il leva -les yeux. La tête d'un dogue énorme se dessinait dans l'ombre à -l'ouverture de la hutte. - -C'était la niche d'un chien. - -Il était lui-même vigoureux et redoutable; il s'arma de son bâton, il se -fit de son sac un bouclier, et sortit de la niche comme il put, non sans -élargir les déchirures de ses haillons. - -Il sortit également du jardin, mais à reculons, obligé, pour tenir le -dogue en respect, d'avoir recours à cette manoeuvre du bâton que les -maîtres en ce genre d'escrime appellent _la rose couverte_. - -Quand il eut, non sans peine, repassé la barrière et qu'il se retrouva -dans la rue, seul, sans gîte, sans toit, sans abri, chassé même de ce -lit de paille et de cette niche misérable, il se laissa tomber plutôt -qu'il ne s'assit sur une pierre, et il paraît qu'un passant qui -traversait l'entendit s'écrier: - ---Je ne suis pas même un chien! - -Bientôt il se releva et se remit à marcher. Il sortit de la ville, -espérant trouver quelque arbre ou quelque meule dans les champs, et s'y -abriter. - -Il chemina ainsi quelque temps, la tête toujours baissée. Quand il se -sentit loin de toute habitation humaine, il leva les yeux et chercha -autour de lui. Il était dans un champ; il avait devant lui une de ces -collines basses couvertes de chaume coupé ras, qui après la moisson -ressemblent à des têtes tondues. - -L'horizon était tout noir; ce n'était pas seulement le sombre de la -nuit; c'étaient des nuages très bas qui semblaient s'appuyer sur la -colline même et qui montaient, emplissant tout le ciel. Cependant, comme -la lune allait se lever et qu'il flottait encore au zénith un reste de -clarté crépusculaire, ces nuages formaient au haut du ciel une sorte de -voûte blanchâtre d'où tombait sur la terre une lueur. - -La terre était donc plus éclairée que le ciel, ce qui est un effet -particulièrement sinistre, et la colline, d'un pauvre et chétif contour, -se dessinait vague et blafarde sur l'horizon ténébreux. Tout cet -ensemble était hideux, petit, lugubre et borné. Rien dans le champ ni -sur la colline qu'un arbre difforme qui se tordait en frissonnant à -quelques pas du voyageur. - -Cet homme était évidemment très loin d'avoir de ces délicates habitudes -d'intelligence et d'esprit qui font qu'on est sensible aux aspects -mystérieux des choses; cependant il y avait dans ce ciel, dans cette -colline, dans cette plaine et dans cet arbre, quelque chose de si -profondément désolé qu'après un moment d'immobilité et de rêverie, il -rebroussa chemin brusquement. Il y a des instants où la nature semble -hostile. - -Il revint sur ses pas. Les portes de Digne étaient fermées. Digne, qui a -soutenu des sièges dans les guerres de religion, était encore entourée -en 1815 de vieilles murailles flanquées de tours carrées qu'on a -démolies depuis. Il passa par une brèche et rentra dans la ville. - -Il pouvait être huit heures du soir. Comme il ne connaissait pas les -rues, il recommença sa promenade à l'aventure. - -Il parvint ainsi à la préfecture, puis au séminaire. En passant sur la -place de la cathédrale, il montra le poing à l'église. - -Il y a au coin de cette place une imprimerie. C'est là que furent -imprimées pour la première fois les proclamations de l'empereur et de la -garde impériale à l'armée, apportées de l'île d'Elbe et dictées par -Napoléon lui-même. - -Épuisé de fatigue et n'espérant plus rien, il se coucha sur le banc de -pierre qui est à la porte de cette imprimerie. - -Une vieille femme sortait de l'église en ce moment. Elle vit cet homme -étendu dans l'ombre. - ---Que faites-vous là, mon ami? dit-elle. - -Il répondit durement et avec colère: - ---Vous le voyez, bonne femme, je me couche. - -La bonne femme, bien digne de ce nom en effet, était madame la marquise -de R. - ---Sur ce banc? reprit-elle. - ---J'ai eu pendant dix-neuf ans un matelas de bois, dit l'homme, j'ai -aujourd'hui un matelas de pierre. - ---Vous avez été soldat? - ---Oui, bonne femme. Soldat. - ---Pourquoi n'allez-vous pas à l'auberge? - ---Parce que je n'ai pas d'argent. - ---Hélas, dit madame de R., je n'ai dans ma bourse que quatre sous. - ---Donnez toujours. - -L'homme prit les quatre sous. Madame de R. continua: - ---Vous ne pouvez vous loger avec si peu dans une auberge. Avez-vous -essayé pourtant? Il est impossible que vous passiez ainsi la nuit. Vous -avez sans doute froid et faim. On aurait pu vous loger par charité. - ---J'ai frappé à toutes les portes. - ---Eh bien? - ---Partout on m'a chassé. - -La «bonne femme» toucha le bras de l'homme et lui montra de l'autre côté -de la place une petite maison basse à côté de l'évêché. - ---Vous avez, reprit-elle, frappé à toutes les portes? - ---Oui. - ---Avez-vous frappé à celle-là? - ---Non. - ---Frappez-y. - - - - -Chapitre II - -La prudence conseillée à la sagesse - - -Ce soir-là, M. l'évêque de Digne, après sa promenade en ville, était -resté assez tard enfermé dans sa chambre. Il s'occupait d'un grand -travail sur les _Devoirs_, lequel est malheureusement demeuré inachevé. -Il dépouillait soigneusement tout ce que les Pères et les Docteurs ont -dit sur cette grave matière. Son livre était divisé en deux parties; -premièrement les devoirs de tous, deuxièmement les devoirs de chacun, -selon la classe à laquelle il appartient. Les devoirs de tous sont les -grands devoirs. Il y en a quatre. Saint Matthieu les indique: devoirs -envers Dieu (Matth., VI), devoirs envers soi-même (Matth., V, 29, 30), -devoirs envers le prochain (Matth., VII, 12), devoirs envers les -créatures (Matth., VI, 20, 25). Pour les autres devoirs, l'évêque les -avait trouvés indiqués et prescrits ailleurs; aux souverains et aux -sujets, dans l'Épître aux Romains; aux magistrats, aux épouses, aux -mères et aux jeunes hommes, par saint Pierre; aux maris, aux pères, aux -enfants et aux serviteurs, dans l'Épître aux Éphésiens; aux fidèles, -dans l'Épître aux Hébreux; aux vierges, dans l'Épître aux Corinthiens. -Il faisait laborieusement de toutes ces prescriptions un ensemble -harmonieux qu'il voulait présenter aux âmes. - -Il travaillait encore à huit heures, écrivant assez incommodément sur de -petits carrés de papier avec un gros livre ouvert sur ses genoux, quand -madame Magloire entra, selon son habitude, pour prendre l'argenterie -dans le placard près du lit. Un moment après, l'évêque, sentant que le -couvert était mis et que sa soeur l'attendait peut-être, ferma son -livre, se leva de sa table et entra dans la salle à manger. - -La salle à manger était une pièce oblongue à cheminée, avec porte sur la -rue (nous l'avons dit), et fenêtre sur le jardin. - -Madame Magloire achevait en effet de mettre le couvert. - -Tout en vaquant au service, elle causait avec mademoiselle Baptistine. - -Une lampe était sur la table; la table était près de la cheminée. Un -assez bon feu était allumé. - -On peut se figurer facilement ces deux femmes qui avaient toutes deux -passé soixante ans: madame Magloire petite, grasse, vive; mademoiselle -Baptistine, douce, mince, frêle, un peu plus grande que son frère, vêtue -d'une robe de soie puce, couleur à la mode en 1806, qu'elle avait -achetée alors à Paris et qui lui durait encore. Pour emprunter des -locutions vulgaires qui ont le mérite de dire avec un seul mot une idée -qu'une page suffirait à peine à exprimer, madame Magloire avait l'air -d'une _paysanne_ et mademoiselle Baptistine d'une _dame_. Madame -Magloire avait un bonnet blanc à tuyaux, au cou une jeannette d'or, le -seul bijou de femme qu'il y eût dans la maison, un fichu très blanc -sortant de la robe de bure noire à manches larges et courtes, un tablier -de toile de coton à carreaux rouges et verts, noué à la ceinture d'un -ruban vert, avec pièce d'estomac pareille rattachée par deux épingles -aux deux coins d'en haut, aux pieds de gros souliers et des bas jaunes -comme les femmes de Marseille. La robe de mademoiselle Baptistine était -coupée sur les patrons de 1806, taille courte, fourreau étroit, manches -à épaulettes, avec pattes et boutons. Elle cachait ses cheveux gris sous -une perruque frisée dite à _l'enfant_. Madame Magloire avait l'air -intelligent, vif et bon; les deux angles de sa bouche inégalement -relevés et la lèvre supérieure plus grosse que la lèvre inférieure lui -donnaient quelque chose de bourru et d'impérieux. Tant que monseigneur -se taisait, elle lui parlait résolument avec un mélange de respect et de -liberté; mais dès que monseigneur parlait, on a vu cela, elle obéissait -passivement comme mademoiselle. Mademoiselle Baptistine ne parlait même -pas. Elle se bornait à obéir et à complaire. Même quand elle était -jeune, elle n'était pas jolie, elle avait de gros yeux bleus à fleur de -tête et le nez long et busqué; mais tout son visage, toute sa personne, -nous l'avons dit en commençant, respiraient une ineffable bonté. Elle -avait toujours été prédestinée à la mansuétude; mais la foi, la charité, -l'espérance, ces trois vertus qui chauffent doucement l'âme, avaient -élevé peu à peu cette mansuétude jusqu'à la sainteté. La nature n'en -avait fait qu'une brebis, la religion en avait fait un ange. Pauvre -sainte fille! doux souvenir disparu! Mademoiselle Baptistine a depuis -raconté tant de fois ce qui s'était passé à l'évêché cette soirée-là, -que plusieurs personnes qui vivent encore s'en rappellent les moindres -détails. - -Au moment où M. l'évêque entra, madame Magloire parlait avec quelque -vivacité. Elle entretenait _mademoiselle_ d'un sujet qui lui était -familier et auquel l'évêque était accoutumé. Il s'agissait du loquet de -la porte d'entrée. - -Il paraît que, tout en allant faire quelques provisions pour le souper, -madame Magloire avait entendu dire des choses en divers lieux. On -parlait d'un rôdeur de mauvaise mine; qu'un vagabond suspect serait -arrivé, qu'il devait être quelque part dans la ville, et qu'il se -pourrait qu'il y eût de méchantes rencontres pour ceux qui s'aviseraient -de rentrer tard chez eux cette nuit-là. Que la police était bien mal -faite du reste, attendu que M. le préfet et M. le maire ne s'aimaient -pas, et cherchaient à se nuire en faisant arriver des événements. Que -c'était donc aux gens sages à faire la police eux-mêmes et à se bien -garder, et qu'il faudrait avoir soin de dûment clore, verrouiller et -barricader sa maison, _et de bien fermer ses portes_. - -Madame Magloire appuya sur ce dernier mot; mais l'évêque venait de sa -chambre où il avait eu assez froid, il s'était assis devant la cheminée -et se chauffait, et puis il pensait à autre chose. Il ne releva pas le -mot à effet que madame Magloire venait de laisser tomber. Elle le -répéta. Alors, mademoiselle Baptistine, voulant satisfaire madame -Magloire sans déplaire à son frère, se hasarda à dire timidement: - ---Mon frère, entendez-vous ce que dit madame Magloire? - ---J'en ai entendu vaguement quelque chose, répondit l'évêque. - -Puis tournant à demi sa chaise, mettant ses deux mains sur ses genoux, -et levant vers la vieille servante son visage cordial et facilement -joyeux, que le feu éclairait d'en bas: - ---Voyons. Qu'y a-t-il? qu'y a-t-il? Nous sommes donc dans quelque gros -danger? - -Alors madame Magloire recommença toute l'histoire, en l'exagérant -quelque peu, sans s'en douter. Il paraîtrait qu'un bohémien, un -va-nu-pieds, une espèce de mendiant dangereux serait en ce moment dans -la ville. Il s'était présenté pour loger chez Jacquin Labarre qui -n'avait pas voulu le recevoir. On l'avait vu arriver par le boulevard -Gassendi et rôder dans les rues à la brume. Un homme de sac et de corde -avec une figure terrible. - ---Vraiment? dit l'évêque. - -Ce consentement à l'interroger encouragea madame Magloire; cela lui -semblait indiquer que l'évêque n'était pas loin de s'alarmer; elle -poursuivit triomphante: - ---Oui, monseigneur. C'est comme cela. Il y aura quelque malheur cette -nuit dans la ville. Tout le monde le dit. Avec cela que la police est si -mal faite (répétition inutile). Vivre dans un pays de montagnes, et -n'avoir pas même de lanternes la nuit dans les rues! On sort. Des fours, -quoi! Et je dis, monseigneur, et mademoiselle que voilà dit comme moi.... - ---Moi, interrompit la soeur, je ne dis rien. Ce que mon frère fait est -bien fait. - -Madame Magloire continua comme s'il n'y avait pas eu de protestation: - ---Nous disons que cette maison-ci n'est pas sûre du tout; que, si -monseigneur le permet, je vais aller dire à Paulin Musebois, le -serrurier, qu'il vienne remettre les anciens verrous de la porte; on les -a là, c'est une minute; et je dis qu'il faut des verrous, monseigneur, -ne serait-ce que pour cette nuit; car je dis qu'une porte qui s'ouvre du -dehors avec un loquet, par le premier passant venu, rien n'est plus -terrible; avec cela que monseigneur a l'habitude de toujours dire -d'entrer, et que d'ailleurs, même au milieu de la nuit, ô mon Dieu! on -n'a pas besoin d'en demander la permission.... - -En ce moment, on frappa à la porte un coup assez violent. - ---Entrez, dit l'évêque. - - - - -Chapitre III - -Héroïsme de l'obéissance passive - - -La porte s'ouvrit. - -Elle s'ouvrit vivement, toute grande, comme si quelqu'un la poussait -avec énergie et résolution. - -Un homme entra. - -Cet homme, nous le connaissons déjà. C'est le voyageur que nous avons vu -tout à l'heure errer cherchant un gîte. - -Il entra, fit un pas, et s'arrêta, laissant la porte ouverte derrière -lui. Il avait son sac sur l'épaule, son bâton à la main, une expression -rude, hardie, fatiguée et violente dans les yeux. Le feu de la cheminée -l'éclairait. Il était hideux. C'était une sinistre apparition. - -Madame Magloire n'eut pas même la force de jeter un cri. Elle -tressaillit, et resta béante. - -Mademoiselle Baptistine se retourna, aperçut l'homme qui entrait et se -dressa à demi d'effarement, puis, ramenant peu à peu sa tête vers la -cheminée, elle se mit à regarder son frère et son visage redevint -profondément calme et serein. - -L'évêque fixait sur l'homme un oeil tranquille. - -Comme il ouvrait la bouche, sans doute pour demander au nouveau venu ce -qu'il désirait, l'homme appuya ses deux mains à la fois sur son bâton, -promena ses yeux tour à tour sur le vieillard et les femmes, et, sans -attendre que l'évêque parlât, dit d'une voix haute: - ---Voici. Je m'appelle Jean Valjean. Je suis un galérien. J'ai passé -dix-neuf ans au bagne. Je suis libéré depuis quatre jours et en route -pour Pontarlier qui est ma destination. Quatre jours et que je marche -depuis Toulon. Aujourd'hui, j'ai fait douze lieues à pied. Ce soir, en -arrivant dans ce pays, j'ai été dans une auberge, on m'a renvoyé à cause -de mon passeport jaune que j'avais montré à la mairie. Il avait fallu. -J'ai été à une autre auberge. On m'a dit: Va-t-en! Chez l'un, chez -l'autre. Personne n'a voulu de moi. J'ai été à la prison, le guichetier -n'a pas ouvert. J'ai été dans la niche d'un chien. Ce chien m'a mordu et -m'a chassé, comme s'il avait été un homme. On aurait dit qu'il savait -qui j'étais. Je m'en suis allé dans les champs pour coucher à la belle -étoile. Il n'y avait pas d'étoile. J'ai pensé qu'il pleuvrait, et qu'il -n'y avait pas de bon Dieu pour empêcher de pleuvoir, et je suis rentré -dans la ville pour y trouver le renfoncement d'une porte. Là, dans la -place, j'allais me coucher sur une pierre. Une bonne femme m'a montré -votre maison et m'a dit: «Frappe là». J'ai frappé. Qu'est-ce que c'est -ici? Êtes-vous une auberge? J'ai de l'argent. Ma masse. Cent neuf francs -quinze sous que j'ai gagnés au bagne par mon travail en dix-neuf ans. Je -payerai. Qu'est-ce que cela me fait? J'ai de l'argent. Je suis très -fatigué, douze lieues à pied, j'ai bien faim. Voulez-vous que je reste? - ---Madame Magloire, dit l'évêque, vous mettrez un couvert de plus. - -L'homme fit trois pas et s'approcha de la lampe qui était sur la table. - ---Tenez, reprit-il, comme s'il n'avait pas bien compris, ce n'est pas -ça. Avez-vous entendu? Je suis un galérien. Un forçat. Je viens des -galères. - -Il tira de sa poche une grande feuille de papier jaune qu'il déplia. - ---Voilà mon passeport. Jaune, comme vous voyez. Cela sert à me faire -chasser de partout où je suis. Voulez-vous lire? Je sais lire, moi. J'ai -appris au bagne. Il y a une école pour ceux qui veulent. Tenez, voilà ce -qu'on a mis sur le passeport: «Jean Valjean, forçat libéré, natif -de...--cela vous est égal...--Est resté dix-neuf ans au bagne. Cinq ans -pour vol avec effraction. Quatorze ans pour avoir tenté de s'évader -quatre fois. Cet homme est très dangereux.»--Voilà! Tout le monde m'a -jeté dehors. Voulez-vous me recevoir, vous? Est-ce une auberge? -Voulez-vous me donner à manger et à coucher? Avez-vous une écurie? - ---Madame Magloire, dit l'évêque, vous mettrez des draps blancs au lit de -l'alcôve. - -Nous avons déjà expliqué de quelle nature était l'obéissance des deux -femmes. - -Madame Magloire sortit pour exécuter ces ordres. L'évêque se tourna vers -l'homme. - ---Monsieur, asseyez-vous et chauffez-vous. Nous allons souper dans un -instant, et l'on fera votre lit pendant que vous souperez. - -Ici l'homme comprit tout à fait. L'expression de son visage, jusqu'alors -sombre et dure, s'empreignit de stupéfaction, de doute, de joie, et -devint extraordinaire. Il se mit à balbutier comme un homme fou: - ---Vrai? quoi? vous me gardez? vous ne me chassez pas! un forçat! Vous -m'appelez monsieur! vous ne me tutoyez pas! Va-t-en, chien! qu'on me dit -toujours. Je croyais bien que vous me chasseriez. Aussi j'avais dit tout -de suite qui je suis. Oh! la brave femme qui m'a enseigné ici! Je vais -souper! un lit! Un lit avec des matelas et des draps! comme tout le -monde! il y a dix-neuf ans que je n'ai couché dans un lit! Vous voulez -bien que je ne m'en aille pas! Vous êtes de dignes gens! D'ailleurs j'ai -de l'argent. Je payerai bien. Pardon, monsieur l'aubergiste, comment -vous appelez-vous? Je payerai tout ce qu'on voudra. Vous êtes un brave -homme. Vous êtes aubergiste, n'est-ce pas? - ---Je suis, dit l'évêque, un prêtre qui demeure ici. - ---Un prêtre! reprit l'homme. Oh! un brave homme de prêtre! Alors vous ne -me demandez pas d'argent? Le curé, n'est-ce pas? le curé de cette grande -église? Tiens! c'est vrai, que je suis bête! je n'avais pas vu votre -calotte! - -Tout en parlant, il avait déposé son sac et son bâton dans un coin, puis -remis son passeport dans sa poche, et il s'était assis. Mademoiselle -Baptistine le considérait avec douceur. Il continua: - ---Vous êtes humain, monsieur le curé. Vous n'avez pas de mépris. C'est -bien bon un bon prêtre. Alors vous n'avez pas besoin que je paye? - ---Non, dit l'évêque, gardez votre argent. Combien avez-vous? ne -m'avez-vous pas dit cent neuf francs? - ---Quinze sous, ajouta l'homme. - ---Cent neuf francs quinze sous. Et combien de temps avez-vous mis à -gagner cela? - ---Dix-neuf ans. - ---Dix-neuf ans! - -L'évêque soupira profondément. - -L'homme poursuivit: - ---J'ai encore tout mon argent. Depuis quatre jours je n'ai dépensé que -vingt-cinq sous que j'ai gagnés en aidant à décharger des voitures à -Grasse. Puisque vous êtes abbé, je vais vous dire, nous avions un -aumônier au bagne. Et puis un jour j'ai vu un évêque. Monseigneur, qu'on -appelle. C'était l'évêque de la Majore, à Marseille. C'est le curé qui -est sur les curés. Vous savez, pardon, je dis mal cela, mais pour moi, -c'est si loin!--Vous comprenez, nous autres! Il a dit la messe au milieu -du bagne, sur un autel, il avait une chose pointue, en or, sur la tête. -Au grand jour de midi, cela brillait. Nous étions en rang. Des trois -côtés. Avec les canons, mèche allumée, en face de nous. Nous ne voyions -pas bien. Il a parlé, mais il était trop au fond, nous n'entendions pas. -Voilà ce que c'est qu'un évêque. - -Pendant qu'il parlait, l'évêque était allé pousser la porte qui était -restée toute grande ouverte. - -Madame Magloire rentra. Elle apportait un couvert qu'elle mit sur la -table. - ---Madame Magloire, dit l'évêque, mettez ce couvert le plus près possible -du feu. - -Et se tournant vers son hôte: - ---Le vent de nuit est dur dans les Alpes. Vous devez avoir froid, -monsieur? - -Chaque fois qu'il disait ce mot monsieur, avec sa voix doucement grave -et de si bonne compagnie, le visage de l'homme s'illuminait. Monsieur à -un forçat, c'est un verre d'eau à un naufragé de la Méduse. L'ignominie -a soif de considération. - ---Voici, reprit l'évêque, une lampe qui éclaire bien mal. - -Madame Magloire comprit, et elle alla chercher sur la cheminée de la -chambre à coucher de monseigneur les deux chandeliers d'argent qu'elle -posa sur la table tout allumés. - ---Monsieur le curé, dit l'homme, vous êtes bon. Vous ne me méprisez pas. -Vous me recevez chez vous. Vous allumez vos cierges pour moi. Je ne vous -ai pourtant pas caché d'où je viens et que je suis un homme malheureux. - -L'évêque, assis près de lui, lui toucha doucement la main. - ---Vous pouviez ne pas me dire qui vous étiez. - -Ce n'est pas ici ma maison, c'est la maison de Jésus-Christ. Cette porte -ne demande pas à celui qui entre s'il a un nom, mais s'il a une douleur. -Vous souffrez; vous avez faim et soif; soyez le bienvenu. Et ne me -remerciez pas, ne me dites pas que je vous reçois chez moi. Personne -n'est ici chez soi, excepté celui qui a besoin d'un asile. Je vous le -dis à vous qui passez, vous êtes ici chez vous plus que moi-même. Tout -ce qui est ici est à vous. Qu'ai-je besoin de savoir votre nom? -D'ailleurs, avant que vous me le disiez, vous en avez un que je savais. - -L'homme ouvrit des yeux étonnés. - ---Vrai? vous saviez comment je m'appelle? - ---Oui, répondit l'évêque, vous vous appelez mon frère. - ---Tenez, monsieur le curé! s'écria l'homme, j'avais bien faim en entrant -ici; mais vous êtes si bon qu'à présent je ne sais plus ce que j'ai; -cela m'a passé. - -L'évêque le regarda et lui dit: - ---Vous avez bien souffert? - ---Oh! la casaque rouge, le boulet au pied, une planche pour dormir, le -chaud, le froid, le travail, la chiourme, les coups de bâton! La double -chaîne pour rien. Le cachot pour un mot. Même malade au lit, la chaîne. -Les chiens, les chiens sont plus heureux! Dix-neuf ans! J'en ai -quarante-six. À présent, le passeport jaune! Voilà. - ---Oui, reprit l'évêque, vous sortez d'un lieu de tristesse. Écoutez. Il -y aura plus de joie au ciel pour le visage en larmes d'un pécheur -repentant que pour la robe blanche de cent justes. Si vous sortez de ce -lieu douloureux avec des pensées de haine et de colère contre les -hommes, vous êtes digne de pitié; si vous en sortez avec des pensées de -bienveillance, de douceur et de paix, vous valez mieux qu'aucun de nous. - -Cependant madame Magloire avait servi le souper. Une soupe faite avec de -l'eau, de l'huile, du pain et du sel, un peu de lard, un morceau de -viande de mouton, des figues, un fromage frais, et un gros pain de -seigle. Elle avait d'elle-même ajouté à l'ordinaire de M. l'évêque une -bouteille de vieux vin de Mauves. - -Le visage de l'évêque prit tout à coup cette expression de gaîté propre -aux natures hospitalières: - ---À table! dit-il vivement. - -Comme il en avait coutume lorsque quelque étranger soupait avec lui, il -fit asseoir l'homme à sa droite. Mademoiselle Baptistine, parfaitement -paisible et naturelle, prit place à sa gauche. - -L'évêque dit le bénédicité, puis servit lui-même la soupe, selon son -habitude. L'homme se mit à manger avidement. - -Tout à coup l'évêque dit: - ---Mais il me semble qu'il manque quelque chose sur cette table. - -Madame Magloire en effet n'avait mis que les trois couverts absolument -nécessaires. Or c'était l'usage de la maison, quand l'évêque avait -quelqu'un à souper, de disposer sur la nappe les six couverts d'argent, -étalage innocent. Ce gracieux semblant de luxe était une sorte -d'enfantillage plein de charme dans cette maison douce et sévère qui -élevait la pauvreté jusqu'à la dignité. - -Madame Magloire comprit l'observation, sortit sans dire un mot, et un -moment après les trois couverts réclamés par l'évêque brillaient sur la -nappe, symétriquement arrangés devant chacun des trois convives. - - - - -Chapitre IV - -Détails sur les fromageries de Pontarlier - - -Maintenant, pour donner une idée de ce qui se passa à cette table, nous -ne saurions mieux faire que de transcrire ici un passage d'une lettre de -mademoiselle Baptistine à madame de Boischevron, où la conversation du -forçat et de l'évêque est racontée avec une minutie naïve: - - * * * * * - -«...Cet homme ne faisait aucune attention à personne. Il mangeait avec -une voracité d'affamé. Cependant, après la soupe, il a dit: - -«--Monsieur le curé du bon Dieu, tout ceci est encore bien trop bon pour -moi, mais je dois dire que les rouliers qui n'ont pas voulu me laisser -manger avec eux font meilleure chère que vous. - -«Entre nous, l'observation m'a un peu choquée. Mon frère a répondu: - -«--Ils ont plus de fatigue que moi. - -«--Non, a repris cet homme, ils ont plus d'argent. Vous êtes pauvre. Je -vois bien. Vous n'êtes peut-être pas même curé. Êtes-vous curé -seulement? Ah! par exemple, si le bon Dieu était juste, vous devriez -bien être curé. - -«--Le bon Dieu est plus que juste, a dit mon frère. - -«Un moment après il a ajouté: - -«--Monsieur Jean Valjean, c'est à Pontarlier que vous allez? - -«--Avec itinéraire obligé. - -«Je crois bien que c'est comme cela que l'homme a dit. Puis il a -continué: - -«--Il faut que je sois en route demain à la pointe du jour. Il fait dur -voyager. Si les nuits sont froides, les journées sont chaudes. - -«--Vous allez là, a repris mon frère, dans un bon pays. À la révolution, -ma famille a été ruinée, je me suis réfugié en Franche-Comté d'abord, et -j'y ai vécu quelque temps du travail de mes bras. J'avais de la bonne -volonté. J'ai trouvé à m'y occuper. On n'a qu'à choisir. Il y a des -papeteries, des tanneries, des distilleries, des huileries, des -fabriques d'horlogerie en grand, des fabriques d'acier, des fabriques de -cuivre, au moins vingt usines de fer, dont quatre à Lods, à Châtillon, à -Audincourt et à Beure qui sont très considérables.... - -«Je crois ne pas me tromper et que ce sont bien là les noms que mon -frère a cités, puis il s'est interrompu et m'a adressé la parole: - -«--Chère soeur, n'avons-nous pas des parents dans ce pays-là? - -«J'ai répondu: - -«--Nous en avions, entre autres M. de Lucenet qui était capitaine des -portes à Pontarlier dans l'ancien régime. - -«--Oui, a repris mon frère, mais en 93 on n'avait plus de parents, on -n'avait que ses bras. J'ai travaillé. Ils ont dans le pays de -Pontarlier, où vous allez, monsieur Valjean, une industrie toute -patriarcale et toute charmante, ma soeur. Ce sont leurs fromageries -qu'ils appellent fruitières. - -«Alors mon frère, tout en faisant manger cet homme, lui a expliqué très -en détail ce que c'étaient que les fruitières de Pontarlier;--qu'on en -distinguait deux sortes:--les _grosses granges_, qui sont aux riches, et -où il y a quarante ou cinquante vaches, lesquelles produisent sept à -huit milliers de fromages par été; les _fruitières d'association_, qui -sont aux pauvres; ce sont les paysans de la moyenne montagne qui mettent -leurs vaches en commun et partagent les produits.--Ils prennent à leurs -gages un fromager qu'ils appellent le grurin;--le grurin reçoit le lait -des associés trois fois par jour et marque les quantités sur une taille -double;--c'est vers la fin d'avril que le travail des fromageries -commence; c'est vers la mi-juin que les fromagers conduisent leurs -vaches dans la montagne. - -«L'homme se ranimait tout en mangeant. Mon frère lui faisait boire de ce -bon vin de Mauves dont il ne boit pas lui-même parce qu'il dit que c'est -du vin cher. Mon frère lui disait tous ces détails avec cette gaîté -aisée que vous lui connaissez, entremêlant ses paroles de façons -gracieuses pour moi. Il est beaucoup revenu sur ce bon état de grurin, -comme s'il eût souhaité que cet homme comprît, sans le lui conseiller -directement et durement, que ce serait un asile pour lui. Une chose m'a -frappée. Cet homme était ce que je vous ai dit. Eh bien! mon frère, -pendant tout le souper, ni de toute la soirée, à l'exception de quelques -paroles sur Jésus quand il est entré, n'a pas dit un mot qui pût -rappeler à cet homme qui il était ni apprendre à cet homme qui était mon -frère. C'était bien une occasion en apparence de faire un peu de sermon -et d'appuyer l'évêque sur le galérien pour laisser la marque du passage. -Il eût paru peut-être à un autre que c'était le cas, ayant ce malheureux -sous la main, de lui nourrir l'âme en même temps que le corps et de lui -faire quelque reproche assaisonné de morale et de conseil, ou bien un -peu de commisération avec exhortation de se mieux conduire à l'avenir. -Mon frère ne lui a même pas demandé de quel pays il était, ni son -histoire. Car dans son histoire il y a sa faute, et mon frère semblait -éviter tout ce qui pouvait l'en faire souvenir. C'est au point qu'à un -certain moment, comme mon frère parlait des montagnards de Pontarlier, -qui ont _un doux travail près du ciel et qui_, ajoutait-il, _sont -heureux parce qu'ils sont innocents_, il s'est arrêté court, craignant -qu'il n'y eût dans ce mot qui lui échappait quelque chose qui pût -froisser l'homme. À force d'y réfléchir, je crois avoir compris ce qui -se passait dans le coeur de mon frère. Il pensait sans doute que cet -homme, qui s'appelle Jean Valjean, n'avait que trop sa misère présente à -l'esprit, que le mieux était de l'en distraire, et de lui faire croire, -ne fût-ce qu'un moment, qu'il était une personne comme une autre, en -étant pour lui tout ordinaire. N'est-ce pas là en effet bien entendre la -charité? N'y a-t-il pas, bonne madame, quelque chose de vraiment -évangélique dans cette délicatesse qui s'abstient de sermon, de morale -et d'allusion, et la meilleure pitié, quand un homme a un point -douloureux, n'est-ce pas de n'y point toucher du tout? Il m'a semblé que -ce pouvait être là la pensée intérieure de mon frère. Dans tous les cas, -ce que je puis dire, c'est que, s'il a eu toutes ces idées, il n'en a -rien marqué, même pour moi; il a été d'un bout à l'autre le même homme -que tous les soirs, et il a soupé avec ce Jean Valjean du même air et de -la même façon qu'il aurait soupé avec M. Gédéon Le Prévost ou avec M. le -curé de la paroisse. - -«Vers la fin, comme nous étions aux figues, on a cogné à la porte. -C'était la mère Gerbaud avec son petit dans ses bras. Mon frère a baisé -l'enfant au front, et m'a emprunté quinze sous que j'avais sur moi pour -les donner à la mère Gerbaud. L'homme pendant ce temps-là ne faisait pas -grande attention. Il ne parlait plus et paraissait très fatigué. La -pauvre vieille Gerbaud partie, mon frère a dit les grâces, puis il s'est -tourné vers cet homme, et il lui a dit: Vous devez avoir bien besoin de -votre lit. Madame Magloire a enlevé le couvert bien vite. J'ai compris -qu'il fallait nous retirer pour laisser dormir ce voyageur, et nous -sommes montées toutes les deux. J'ai cependant envoyé madame Magloire un -instant après porter sur le lit de cet homme une peau de chevreuil de la -Forêt-Noire qui est dans ma chambre. Les nuits sont glaciales, et cela -tient chaud. C'est dommage que cette peau soit vieille; tout le poil -s'en va. Mon frère l'a achetée du temps qu'il était en Allemagne, à -Tottlingen, près des sources du Danube, ainsi que le petit couteau à -manche d'ivoire dont je me sers à table. - -«Madame Magloire est remontée presque tout de suite, nous nous sommes -mises à prier Dieu dans le salon où l'on étend le linge, et puis nous -sommes rentrées chacune dans notre chambre sans nous rien dire.» - - - - -Chapitre V - -Tranquillité - - -Après avoir donné le bonsoir à sa soeur, monseigneur Bienvenu prit sur -la table un des deux flambeaux d'argent, remit l'autre à son hôte, et -lui dit: - ---Monsieur, je vais vous conduire à votre chambre. - -L'homme le suivit. - -Comme on a pu le remarquer dans ce qui a été dit plus haut, le logis -était distribué de telle sorte que, pour passer dans l'oratoire où était -l'alcôve ou pour en sortir, il fallait traverser la chambre à coucher de -l'évêque. - -Au moment où ils traversaient cette chambre, madame Magloire serrait -l'argenterie dans le placard qui était au chevet du lit. C'était le -dernier soin qu'elle prenait chaque soir avant de s'aller coucher. - -L'évêque installa son hôte dans l'alcôve. Un lit blanc et frais y était -dressé. L'homme posa le flambeau sur une petite table. - ---Allons, dit l'évêque, faites une bonne nuit. Demain matin, avant de -partir, vous boirez une tasse de lait de nos vaches tout chaud. - ---Merci, monsieur l'abbé, dit l'homme. - -À peine eut-il prononcé ces paroles pleines de paix que, tout à coup et -sans transition, il eut un mouvement étrange et qui eût glacé -d'épouvante les deux saintes filles si elles en eussent été témoins. -Aujourd'hui même il nous est difficile de nous rendre compte de ce qui -le poussait en ce moment. Voulait-il donner un avertissement ou jeter -une menace? Obéissait-il simplement à une sorte d'impulsion instinctive -et obscure pour lui-même? Il se tourna brusquement vers le vieillard, -croisa les bras, et, fixant sur son hôte un regard sauvage, il s'écria -d'une voix rauque: - ---Ah çà! décidément! vous me logez chez vous près de vous comme cela! - -Il s'interrompit et ajouta avec un rire où il y avait quelque chose de -monstrueux: - ---Avez-vous bien fait toutes vos réflexions? Qui est-ce qui vous dit que -je n'ai pas assassiné? - -L'évêque leva les yeux vers le plafond et répondit: - ---Cela regarde le bon Dieu. - -Puis, gravement et remuant les lèvres comme quelqu'un qui prie ou qui se -parle à lui-même, il dressa les deux doigts de sa main droite et bénit -l'homme qui ne se courba pas, et, sans tourner la tête et sans regarder -derrière lui, il rentra dans sa chambre. - -Quand l'alcôve était habitée, un grand rideau de serge tiré de part en -part dans l'oratoire cachait l'autel. L'évêque s'agenouilla en passant -devant ce rideau et fit une courte prière. - -Un moment après, il était dans son jardin, marchant, rêvant, -contemplant, l'âme et la pensée tout entières à ces grandes choses -mystérieuses que Dieu montre la nuit aux yeux qui restent ouverts. - -Quant à l'homme, il était vraiment si fatigué qu'il n'avait même pas -profité de ces bons draps blancs. Il avait soufflé sa bougie avec sa -narine à la manière des forçats et s'était laissé tomber tout habillé -sur le lit, où il s'était tout de suite profondément endormi. - -Minuit sonnait comme l'évêque rentrait de son jardin dans son -appartement. - -Quelques minutes après, tout dormait dans la petite maison. - - - - -Chapitre VI - -Jean Valjean - - -Vers le milieu de la nuit, Jean Valjean se réveilla. - -Jean Valjean était d'une pauvre famille de paysans de la Brie. Dans son -enfance, il n'avait pas appris à lire. Quand il eut l'âge d'homme, il -était émondeur à Faverolles. Sa mère s'appelait Jeanne Mathieu; son père -s'appelait Jean Valjean, ou Vlajean, sobriquet probablement, et -contraction de _Voilà Jean_. - -Jean Valjean était d'un caractère pensif sans être triste, ce qui est le -propre des natures affectueuses. Somme toute, pourtant, c'était quelque -chose d'assez endormi et d'assez insignifiant, en apparence du moins, -que Jean Valjean. Il avait perdu en très bas âge son père et sa mère. Sa -mère était morte d'une fièvre de lait mal soignée. Son père, émondeur -comme lui, s'était tué en tombant d'un arbre. Il n'était resté à Jean -Valjean qu'une soeur plus âgée que lui, veuve, avec sept enfants, filles -et garçons. Cette soeur avait élevé Jean Valjean, et tant qu'elle eut -son mari elle logea et nourrit son jeune frère. Le mari mourut. L'aîné -des sept enfants avait huit ans, le dernier un an. Jean Valjean venait -d'atteindre, lui, sa vingt-cinquième année. Il remplaça le père, et -soutint à son tour sa soeur qui l'avait élevé. Cela se fit simplement, -comme un devoir, même avec quelque chose de bourru de la part de Jean -Valjean. Sa jeunesse se dépensait ainsi dans un travail rude et mal -payé. On ne lui avait jamais connu de «bonne amie» dans le pays. Il -n'avait pas eu le temps d'être amoureux. - -Le soir il rentrait fatigué et mangeait sa soupe sans dire un mot. Sa -soeur, mère Jeanne, pendant qu'il mangeait, lui prenait souvent dans son -écuelle le meilleur de son repas, le morceau de viande, la tranche de -lard le coeur de chou, pour le donner à quelqu'un de ses enfants; lui, -mangeant toujours, penché sur la table, presque la tête dans sa soupe, -ses longs cheveux tombant autour de son écuelle et cachant ses yeux, -avait l'air de ne rien voir et laissait faire. Il y avait à Faverolles, -pas loin de la chaumière Valjean, de l'autre côté de la ruelle, une -fermière appelée Marie-Claude; les enfants Valjean, habituellement -affamés, allaient quelquefois emprunter au nom de leur mère une pinte de -lait à Marie-Claude, qu'ils buvaient derrière une haie ou dans quelque -coin d'allée, s'arrachant le pot, et si hâtivement que les petites -filles s'en répandaient sur leur tablier et dans leur goulotte. La mère, -si elle eût su cette maraude, eût sévèrement corrigé les délinquants. -Jean Valjean, brusque et bougon, payait en arrière de la mère la pinte -de lait à Marie-Claude, et les enfants n'étaient pas punis. - -Il gagnait dans la saison de l'émondage vingt-quatre sous par jour, puis -il se louait comme moissonneur, comme manoeuvre, comme garçon de ferme -bouvier, comme homme de peine. Il faisait ce qu'il pouvait. Sa soeur -travaillait de son côté, mais que faire avec sept petits enfants? -C'était un triste groupe que la misère enveloppa et étreignit peu à peu. -Il arriva qu'un hiver fut rude. Jean n'eut pas d'ouvrage. La famille -n'eut pas de pain. Pas de pain. À la lettre. Sept enfants! Un dimanche -soir, Maubert Isabeau, boulanger sur la place de l'Église, à Faverolles, -se disposait à se coucher, lorsqu'il entendit un coup violent dans la -devanture grillée et vitrée de sa boutique. Il arriva à temps pour voir -un bras passé à travers un trou fait d'un coup de poing dans la grille -et dans la vitre. Le bras saisit un pain et l'emporta. Isabeau sortit en -hâte; le voleur s'enfuyait à toutes jambes; Isabeau courut après lui et -l'arrêta. Le voleur avait jeté le pain, mais il avait encore le bras -ensanglanté. C'était Jean Valjean. - -Ceci se passait en 1795. Jean Valjean fut traduit devant les tribunaux -du temps «pour vol avec effraction la nuit dans une maison habitée». Il -avait un fusil dont il se servait mieux que tireur au monde, il était -quelque peu braconnier; ce qui lui nuisit. Il y a contre les braconniers -un préjugé légitime. Le braconnier, de même que le contrebandier, côtoie -de fort près le brigand. Pourtant, disons-le en passant, il y a encore -un abîme entre ces races d'hommes et le hideux assassin des villes. Le -braconnier vit dans la forêt; le contrebandier vit dans la montagne ou -sur la mer. Les villes font des hommes féroces parce qu'elles font des -hommes corrompus. La montagne, la mer, la forêt, font des hommes -sauvages. Elles développent le côté farouche, mais souvent sans détruire -le côté humain. - -Jean Valjean fut déclaré coupable. Les termes du code étaient formels. -Il y a dans notre civilisation des heures redoutables; ce sont les -moments où la pénalité prononce un naufrage. Quelle minute funèbre que -celle où la société s'éloigne et consomme l'irréparable abandon d'un -être pensant! Jean Valjean fut condamné à cinq ans de galères. - -Le 22 avril 1796, on cria dans Paris la victoire de Montenotte remportée -par le général en chef de l'année d'Italie, que le message du Directoire -aux Cinq-Cents, du 2 floréal an IV, appelle Buona-Parte; ce même jour -une grande chaîne fut ferrée à Bicêtre. Jean Valjean fit partie de cette -chaîne. Un ancien guichetier de la prison, qui a près de -quatre-vingt-dix ans aujourd'hui, se souvient encore parfaitement de ce -malheureux qui fut ferré à l'extrémité du quatrième cordon dans l'angle -nord de la cour. Il était assis à terre comme tous les autres. Il -paraissait ne rien comprendre à sa position, sinon qu'elle était -horrible. Il est probable qu'il y démêlait aussi, à travers les vagues -idées d'un pauvre homme ignorant de tout, quelque chose d'excessif. -Pendant qu'on rivait à grands coups de marteau derrière sa tête le -boulon de son carcan, il pleurait, les larmes l'étouffaient, elles -l'empêchaient de parler, il parvenait seulement à dire de temps en -temps: _J'étais émondeur à Faverolles_. Puis, tout en sanglotant, il -élevait sa main droite et l'abaissait graduellement sept fois comme s'il -touchait successivement sept têtes inégales, et par ce geste on devinait -que la chose quelconque qu'il avait faite, il l'avait faite pour vêtir -et nourrir sept petits enfants. - -Il partit pour Toulon. Il y arriva après un voyage de vingt-sept jours, -sur une charrette, la chaîne au cou. À Toulon, il fut revêtu de la -casaque rouge. Tout s'effaça de ce qui avait été sa vie, jusqu'à son -nom; il ne fut même plus Jean Valjean; il fut le numéro 24601. Que -devint la soeur? que devinrent les sept enfants? Qui est-ce qui s'occupe -de cela? Que devient la poignée de feuilles du jeune arbre scié par le -pied? - -C'est toujours la même histoire. Ces pauvres êtres vivants, ces -créatures de Dieu, sans appui désormais, sans guide, sans asile, s'en -allèrent au hasard, qui sait même? chacun de leur côté peut-être, et -s'enfoncèrent peu à peu dans cette froide brume où s'engloutissent les -destinées solitaires, moines ténèbres où disparaissent successivement -tant de têtes infortunées dans la sombre marche du genre humain. Ils -quittèrent le pays. Le clocher de ce qui avait été leur village les -oublia; la borne de ce qui avait été leur champ les oublia; après -quelques années de séjour au bagne, Jean Valjean lui-même les oublia. -Dans ce coeur où il y avait eu une plaie, il y eut une cicatrice. Voilà -tout. À peine, pendant tout le temps qu'il passa à Toulon, entendit-il -parler une seule fois de sa soeur. C'était, je crois, vers la fin de la -quatrième année de sa captivité. Je ne sais plus par quelle voie ce -renseignement lui parvint. Quelqu'un, qui les avait connus au pays, -avait vu sa soeur. Elle était à Paris. Elle habitait une pauvre rue près -de Saint-Sulpice, la rue du Geindre. Elle n'avait plus avec elle qu'un -enfant, un petit garçon, le dernier. Où étaient les six autres? Elle ne -le savait peut-être pas elle-même. Tous les matins elle allait à une -imprimerie rue du Sabot, n° 3, où elle était plieuse et brocheuse. Il -fallait être là à six heures du matin, bien avant le jour l'hiver. Dans -la maison de l'imprimerie il y avait une école, elle menait à cette -école son petit garçon qui avait sept ans. Seulement, comme elle entrait -à l'imprimerie à six heures et que l'école n'ouvrait qu'à sept, il -fallait que l'enfant attendît, dans la cour, que l'école ouvrit, une -heure; l'hiver, une heure de nuit, en plein air. On ne voulait pas que -l'enfant entrât dans l'imprimerie, parce qu'il gênait, disait-on. Les -ouvriers voyaient le matin en passant ce pauvre petit être assis sur le -pavé, tombant de sommeil, et souvent endormi dans l'ombre, accroupi et -plié sur son panier. Quand il pleuvait, une vieille femme, la portière, -en avait pitié; elle le recueillait dans son bouge où il n'y avait qu'un -grabat, un rouet et deux chaises de bois, et le petit dormait là dans un -coin, se serrant contre le chat pour avoir moins froid. À sept heures, -l'école ouvrait et il y entrait. Voilà ce qu'on dit à Jean Valjean. On -l'en entretint un jour, ce fut un moment, un éclair, comme une fenêtre -brusquement ouverte sur la destinée de ces êtres qu'il avait aimés, puis -tout se referma; il n'en entendit plus parler, et ce fut pour jamais. -Plus rien n'arriva d'eux à lui; jamais il ne les revit, jamais il ne les -rencontra, et, dans la suite de cette douloureuse histoire, on ne les -retrouvera plus. - -Vers la fin de cette quatrième année, le tour d'évasion de Jean Valjean -arriva. Ses camarades l'aidèrent comme cela se fait dans ce triste lieu. -Il s'évada. Il erra deux jours en liberté dans les champs; si c'est être -libre que d'être traqué; de tourner la tête à chaque instant; de -tressaillir au moindre bruit; d'avoir peur de tout, du toit qui fume, de -l'homme qui passe, du chien qui aboie, du cheval qui galope, de l'heure -qui sonne, du jour parce qu'on voit, de la nuit parce qu'on ne voit pas, -de la route, du sentier, du buisson, du sommeil. Le soir du second jour, -il fut repris. Il n'avait ni mangé ni dormi depuis trente-six heures. Le -tribunal maritime le condamna pour ce délit à une prolongation de trois -ans, ce qui lui fit huit ans. La sixième année, ce fut encore son tour -de s'évader; il en usa, mais il ne put consommer sa fuite. Il avait -manqué à l'appel. On tira le coup de canon, et à la nuit les gens de -ronde le trouvèrent caché sous la quille d'un vaisseau en construction; -il résista aux gardes-chiourme qui le saisirent. Évasion et rébellion. -Ce fait prévu par le code spécial fut puni d'une aggravation de cinq -ans, dont deux ans de double chaîne. Treize ans. La dixième année, son -tour revint, il en profita encore. Il ne réussit pas mieux. Trois ans -pour cette nouvelle tentative. Seize ans. Enfin, ce fut, je crois, -pendant la treizième année qu'il essaya une dernière fois et ne réussit -qu'à se faire reprendre après quatre heures d'absence. Trois ans pour -ces quatre heures. Dix-neuf ans. En octobre 1815 il fut libéré; il était -entré là en 1796 pour avoir cassé un carreau et pris un pain. - -Place pour une courte parenthèse. C'est la seconde fois que, dans ses -études sur la question pénale et sur la damnation par la loi, l'auteur -de ce livre rencontre le vol d'un pain, comme point de départ du -désastre d'une destinée. Claude Gueux avait volé un pain; Jean Valjean -avait volé un pain. Une statistique anglaise constate qu'à Londres -quatre vols sur cinq ont pour cause immédiate la faim. - -Jean Valjean était entré au bagne sanglotant et frémissant; il en sortit -impassible. Il y était entré désespéré; il en sortit sombre. - -Que s'était-il passé dans cette âme? - - - - -Chapitre VII - -Le dedans du désespoir - - -Essayons de le dire. - -Il faut bien que la société regarde ces choses puisque c'est elle qui -les fait. - -C'était, nous l'avons dit, un ignorant; mais ce n'était pas un imbécile. -La lumière naturelle était allumée en lui. Le malheur, qui a aussi sa -clarté, augmenta le peu de jour qu'il y avait dans cet esprit. Sous le -bâton, sous la chaîne, au cachot, à la fatigue, sous l'ardent soleil du -bagne, sur le lit de planches des forçats, il se replia en sa conscience -et réfléchit. - -Il se constitua tribunal. - -Il commença par se juger lui-même. - -Il reconnut qu'il n'était pas un innocent injustement puni. Il s'avoua -qu'il avait commis une action extrême et blâmable; qu'on ne lui eût -peut-être pas refusé ce pain s'il l'avait demandé; que dans tous les cas -il eût mieux valu l'attendre, soit de la pitié, soit du travail; que ce -n'est pas tout à fait une raison sans réplique de dire: peut-on attendre -quand on a faim? que d'abord il est très rare qu'on meure littéralement -de faim; ensuite que, malheureusement ou heureusement, l'homme est ainsi -fait qu'il peut souffrir longtemps et beaucoup, moralement et -physiquement, sans mourir; qu'il fallait donc de la patience; que cela -eût mieux valu même pour ces pauvres petits enfants; que c'était un acte -de folie, à lui, malheureux homme chétif, de prendre violemment au -collet la société tout entière et de se figurer qu'on sort de la misère -par le vol; que c'était, dans tous les cas, une mauvaise porte pour -sortir de la misère que celle par où l'on entre dans l'infamie; enfin -qu'il avait eu tort. - -Puis il se demanda: - -S'il était le seul qui avait eu tort dans sa fatale histoire? Si d'abord -ce n'était pas une chose grave qu'il eût, lui travailleur, manqué de -travail, lui laborieux, manqué de pain. Si, ensuite, la faute commise et -avouée, le châtiment n'avait pas été féroce et outré. S'il n'y avait pas -plus d'abus de la part de la loi dans la peine qu'il n'y avait eu d'abus -de la part du coupable dans la faute. S'il n'y avait pas excès de poids -dans un des plateaux de la balance, celui où est l'expiation. Si la -surcharge de la peine n'était point l'effacement du délit, et n'arrivait -pas à ce résultat: de retourner la situation, de remplacer la faute du -délinquant par la faute de la répression, de faire du coupable la -victime et du débiteur le créancier, et de mettre définitivement le -droit du côté de celui-là même qui l'avait violé. Si cette peine, -compliquée des aggravations successives pour les tentatives d'évasion, -ne finissait pas par être une sorte d'attentat du plus fort sur le plus -faible, un crime de la société sur l'individu, un crime qui recommençait -tous les jours, un crime qui durait dix-neuf ans. - -Il se demanda si la société humaine pouvait avoir le droit de faire -également subir à ses membres, dans un cas son imprévoyance -déraisonnable, et dans l'autre cas sa prévoyance impitoyable, et de -saisir à jamais un pauvre homme entre un défaut et un excès, défaut de -travail, excès de châtiment. S'il n'était pas exorbitant que la société -traitât ainsi précisément ses membres les plus mal dotés dans la -répartition de biens que fait le hasard, et par conséquent les plus -dignes de ménagements. - -Ces questions faites et résolues, il jugea la société et la condamna. - -Il la condamna sans haine. - -Il la fit responsable du sort qu'il subissait, et se dit qu'il -n'hésiterait peut-être pas à lui en demander compte un jour. Il se -déclara à lui-même qu'il n'y avait pas équilibre entre le dommage qu'il -avait causé et le dommage qu'on lui causait; il conclut enfin que son -châtiment n'était pas, à la vérité, une injustice, mais qu'à coup sûr -c'était une iniquité. - -La colère peut être folle et absurde; on peut être irrité à tort; on -n'est indigné que lorsqu'on a raison au fond par quelque côté. Jean -Valjean se sentait indigné. Et puis, la société humaine ne lui avait -fait que du mal. Jamais il n'avait vu d'elle que ce visage courroucé -qu'elle appelle sa justice et qu'elle montre à ceux qu'elle frappe. Les -hommes ne l'avaient touché que pour le meurtrir. Tout contact avec eux -lui avait été un coup. Jamais, depuis son enfance, depuis sa mère, -depuis sa soeur, jamais il n'avait rencontré une parole amie et un -regard bienveillant. De souffrance en souffrance il arriva peu à peu à -cette conviction que la vie était une guerre; et que dans cette guerre -il était le vaincu. Il n'avait d'autre arme que sa haine. Il résolut de -l'aiguiser au bagne et de l'emporter en s'en allant. - -Il y avait à Toulon une école pour la chiourme tenue par des frères -ignorantins où l'on enseignait le plus nécessaire à ceux de ces -malheureux qui avaient de la bonne volonté. Il fut du nombre des hommes -de bonne volonté. Il alla à l'école à quarante ans, et apprit à lire, à -écrire, à compter. Il sentit que fortifier son intelligence, c'était -fortifier sa haine. Dans certains cas, l'instruction et la lumière -peuvent servir de rallonge au mal. - -Cela est triste à dire, après avoir jugé la société qui avait fait son -malheur, il jugea la providence qui avait fait la société. - -Il la condamna aussi. - -Ainsi, pendant ces dix-neuf ans de torture et d'esclavage, cette âme -monta et tomba en même temps. Il y entra de la lumière d'un côté et des -ténèbres de l'autre. - -Jean Valjean n'était pas, on l'a vu, d'une nature mauvaise. Il était -encore bon lorsqu'il arriva au bagne. Il y condamna la société et sentit -qu'il devenait méchant, il y condamna la providence et sentit qu'il -devenait impie. - -Ici il est difficile de ne pas méditer un instant. - -La nature humaine se transforme-t-elle ainsi de fond en comble et tout à -fait? L'homme créé bon par Dieu peut-il être fait méchant par l'homme? -L'âme peut-elle être refaite tout d'une pièce par la destinée, et -devenir mauvaise, la destinée étant mauvaise? Le coeur peut-il devenir -difforme et contracter des laideurs et des infirmités incurables sous la -pression d'un malheur disproportionné, comme la colonne vertébrale sous -une voûte trop basse? N'y a-t-il pas dans toute âme humaine, n'y -avait-il pas dans l'âme de Jean Valjean en particulier, une première -étincelle, un élément divin, incorruptible dans ce monde, immortel dans -l'autre, que le bien peut développer, attiser, allumer, enflammer et -faire rayonner splendidement, et que le mal ne peut jamais entièrement -éteindre? - -Questions graves et obscures, à la dernière desquelles tout -physiologiste eût probablement répondu non, et sans hésiter, s'il eût vu -à Toulon, aux heures de repos qui étaient pour Jean Valjean des heures -de rêverie, assis, les bras croisés, sur la barre de quelque cabestan, -le bout de sa chaîne enfoncé dans sa poche pour l'empêcher de traîner, -ce galérien morne, sérieux, silencieux et pensif, paria des lois qui -regardait l'homme avec colère, damné de la civilisation qui regardait le -ciel avec sévérité. - -Certes, et nous ne voulons pas le dissimuler, le physiologiste -observateur eût vu là une misère irrémédiable, il eût plaint peut-être -ce malade du fait de la loi, mais il n'eût pas même essayé de -traitement; il eût détourné le regard des cavernes qu'il aurait -entrevues dans cette âme; et, comme Dante de la porte de l'enfer, il eût -effacé de cette existence le mot que le doigt de Dieu écrit pourtant sur -le front de tout homme: _Espérance_! - -Cet état de son âme que nous avons tenté d'analyser était-il aussi -parfaitement clair pour Jean Valjean que nous avons essayé de le rendre -pour ceux qui nous lisent? Jean Valjean voyait-il distinctement, après -leur formation, et avait-il vu distinctement, à mesure qu'ils se -formaient, tous les éléments dont se composait sa misère morale? Cet -homme rude et illettré s'était-il bien nettement rendu compte de la -succession d'idées par laquelle il était, degré à degré, monté et -descendu jusqu'aux lugubres aspects qui étaient depuis tant d'années -déjà l'horizon intérieur de son esprit? Avait-il bien conscience de tout -ce qui s'était passé en lui et de tout ce qui s'y remuait? C'est ce que -nous n'oserions dire; c'est même ce que nous ne croyons pas. Il y avait -trop d'ignorance dans Jean Valjean pour que, même après tant de malheur, -il n'y restât pas beaucoup de vague. Par moments il ne savait pas même -bien au juste ce qu'il éprouvait. Jean Valjean était dans les ténèbres; -il souffrait dans les ténèbres; il haïssait dans les ténèbres; on eût pu -dire qu'il haïssait devant lui. Il vivait habituellement dans cette -ombre, tâtonnant comme un aveugle et comme un rêveur. Seulement, par -intervalles, il lui venait tout à coup, de lui-même ou du dehors, une -secousse de colère, un surcroît de souffrance, un pâle et rapide éclair -qui illuminait toute son âme, et faisait brusquement apparaître partout -autour de lui, en avant et en arrière, aux lueurs d'une lumière -affreuse, les hideux précipices et les sombres perspectives de sa -destinée. - -L'éclair passé, la nuit retombait, et où était-il? il ne le savait plus. - -Le propre des peines de cette nature, dans lesquelles domine ce qui est -impitoyable, c'est-à-dire ce qui est abrutissant, c'est de transformer -peu à peu, par une sorte de transfiguration stupide, un homme en une -bête fauve. Quelquefois en une bête féroce. Les tentatives d'évasion de -Jean Valjean, successives et obstinées, suffiraient à prouver cet -étrange travail fait par la loi sur l'âme humaine. Jean Valjean eût -renouvelé ces tentatives, si parfaitement inutiles et folles, autant de -fois que l'occasion s'en fût présentée, sans songer un instant au -résultat, ni aux expériences déjà faites. Il s'échappait impétueusement -comme le loup qui trouve la cage ouverte. L'instinct lui disait: -sauve-toi! Le raisonnement lui eût dit: reste! Mais, devant une -tentation si violente, le raisonnement avait disparu; il n'y avait plus -que l'instinct. La bête seule agissait. Quand il était repris, les -nouvelles sévérités qu'on lui infligeait ne servaient qu'à l'effarer -davantage. - -Un détail que nous ne devons pas omettre, c'est qu'il était d'une force -physique dont n'approchait pas un des habitants du bagne. À la fatigue, -pour filer un câble, pour virer un cabestan, Jean Valjean valait quatre -hommes. Il soulevait et soutenait parfois d'énormes poids sur son dos, -et remplaçait dans l'occasion cet instrument qu'on appelle cric et qu'on -appelait jadis orgueil, d'où a pris nom, soit dit en passant, la rue -Montorgueil près des halles de Paris. Ses camarades l'avaient surnommé -Jean-le-Cric. Une fois, comme on réparait le balcon de l'hôtel de ville -de Toulon, une des admirables cariatides de Puget qui soutiennent ce -balcon se descella et faillit tomber. Jean Valjean, qui se trouvait là, -soutint de l'épaule la cariatide et donna le temps aux ouvriers -d'arriver. - -Sa souplesse dépassait encore sa vigueur. Certains forçats, rêveurs -perpétuels d'évasions, finissent par faire de la force et de l'adresse -combinées une véritable science. C'est la science des muscles. Toute une -statique mystérieuse est quotidiennement pratiquée par les prisonniers, -ces éternels envieux des mouches et des oiseaux. Gravir une verticale, -et trouver des points d'appui là où l'on voit à peine une saillie, était -un jeu pour Jean Valjean. Étant donné un angle de mur, avec la tension -de son dos et de ses jarrets, avec ses coudes et ses talons emboîtés -dans les aspérités de la pierre, il se hissait comme magiquement à un -troisième étage. Quelquefois il montait ainsi jusqu'au toit du bagne. - -Il parlait peu. Il ne riait pas. Il fallait quelque émotion extrême pour -lui arracher, une ou deux fois l'an, ce lugubre rire du forçat qui est -comme un écho du rire du démon. À le voir, il semblait occupé à regarder -continuellement quelque chose de terrible. - -Il était absorbé en effet. - -À travers les perceptions maladives d'une nature incomplète et d'une -intelligence accablée, il sentait confusément qu'une chose monstrueuse -était sur lui. Dans cette pénombre obscure et blafarde où il rampait, -chaque fois qu'il tournait le cou et qu'il essayait d'élever son regard, -il voyait, avec une terreur mêlée de rage, s'échafauder, s'étager et -monter à perte de vue au-dessus de lui, avec des escarpements horribles, -une sorte d'entassement effrayant de choses, de lois, de préjugés, -d'hommes et de faits, dont les contours lui échappaient, dont la masse -l'épouvantait, et qui n'était autre chose que cette prodigieuse pyramide -que nous appelons la civilisation. Il distinguait çà et là dans cet -ensemble fourmillant et difforme, tantôt près de lui, tantôt loin et sur -des plateaux inaccessibles, quelque groupe, quelque détail vivement -éclairé, ici l'argousin et son bâton, ici le gendarme et son sabre, -là-bas l'archevêque mitré, tout en haut, dans une sorte de soleil, -l'empereur couronné et éblouissant. Il lui semblait que ces splendeurs -lointaines, loin de dissiper sa nuit, la rendaient plus funèbre et plus -noire. Tout cela, lois, préjugés, faits, hommes, choses, allait et -venait au-dessus de lui, selon le mouvement compliqué et mystérieux que -Dieu imprime à la civilisation, marchant sur lui et l'écrasant avec je -ne sais quoi de paisible dans la cruauté et d'inexorable dans -l'indifférence. Âmes tombées au fond de l'infortune possible, malheureux -hommes perdus au plus bas de ces limbes où l'on ne regarde plus, les -réprouvés de la loi sentent peser de tout son poids sur leur tête cette -société humaine, si formidable pour qui est dehors, si effroyable pour -qui est dessous. - -Dans cette situation, Jean Valjean songeait, et quelle pouvait être la -nature de sa rêverie? - -Si le grain de mil sous la meule avait des pensées, il penserait sans -doute ce que pensait Jean Valjean. - -Toutes ces choses, réalités pleines de spectres, fantasmagories pleines -de réalités, avaient fini par lui créer une sorte d'état intérieur -presque inexprimable. - -Par moments, au milieu de son travail du bagne, il s'arrêtait. Il se -mettait à penser. Sa raison, à la fois plus mûre et plus troublée -qu'autrefois, se révoltait. Tout ce qui lui était arrivé lui paraissait -absurde; tout ce qui l'entourait lui paraissait impossible. Il se -disait: c'est un rêve. Il regardait l'argousin debout à quelques pas de -lui; l'argousin lui semblait un fantôme; tout à coup le fantôme lui -donnait un coup de bâton. - -La nature visible existait à peine pour lui. Il serait presque vrai de -dire qu'il n'y avait point pour Jean Valjean de soleil, ni de beaux -jours d'été, ni de ciel rayonnant, ni de fraîches aubes d'avril. Je ne -sais quel jour de soupirail éclairait habituellement son âme. - -Pour résumer, en terminant, ce qui peut être résumé et traduit en -résultats positifs dans tout ce que nous venons d'indiquer, nous nous -bornerons à constater qu'en dix-neuf ans, Jean Valjean, l'inoffensif -émondeur de Faverolles, le redoutable galérien de Toulon, était devenu -capable, grâce à la manière dont le bagne l'avait façonné, de deux -espèces de mauvaises actions: premièrement, d'une mauvaise action -rapide, irréfléchie, pleine d'étourdissement, toute d'instinct, sorte de -représaille pour le mal souffert; deuxièmement, d'une mauvaise action -grave, sérieuse, débattue en conscience et méditée avec les idées -fausses que peut donner un pareil malheur. Ses préméditations passaient -par les trois phases successives que les natures d'une certaine trempe -peuvent seules parcourir, raisonnement, volonté, obstination. Il avait -pour mobiles l'indignation habituelle, l'amertume de l'âme, le profond -sentiment des iniquités subies, la réaction, même contre les bons, les -innocents et les justes, s'il y en a. Le point de départ comme le point -d'arrivée de toutes ses pensées était la haine de la loi humaine; cette -haine qui, si elle n'est arrêtée dans son développement par quelque -incident providentiel, devient, dans un temps donné, la haine de la -société, puis la haine du genre humain, puis la haine de la création, et -se traduit par un vague et incessant et brutal désir de nuire, n'importe -à qui, à un être vivant quelconque. Comme on voit, ce n'était pas sans -raison que le passeport qualifiait Jean Valjean d'_homme très -dangereux_. - -D'année en année, cette âme s'était desséchée de plus en plus, -lentement, mais fatalement. À coeur sec, oeil sec. À sa sortie du bagne, -il y avait dix-neuf ans qu'il n'avait versé une larme. - - - - -Chapitre VIII - -L'onde et l'ombre - - -Un homme à la mer! - -Qu'importe! le navire ne s'arrête pas. Le vent souffle, ce sombre -navire-là a une route qu'il est forcé de continuer. Il passe. - -L'homme disparaît, puis reparaît, il plonge et remonte à la surface, il -appelle, il tend les bras, on ne l'entend pas; le navire, frissonnant -sous l'ouragan, est tout à sa manoeuvre, les matelots et les passagers -ne voient même plus l'homme submergé; sa misérable tête n'est qu'un -point dans l'énormité des vagues. Il jette des cris désespérés dans les -profondeurs. Quel spectre que cette voile qui s'en va! Il la regarde, il -la regarde frénétiquement. Elle s'éloigne, elle blêmit, elle décroît. Il -était là tout à l'heure, il était de l'équipage, il allait et venait sur -le pont avec les autres, il avait sa part de respiration et de soleil, -il était un vivant. Maintenant, que s'est-il donc passé? Il a glissé, il -est tombé, c'est fini. - -Il est dans l'eau monstrueuse. Il n'a plus sous les pieds que de la -fuite et de l'écroulement. Les flots déchirés et déchiquetés par le vent -l'environnent hideusement, les roulis de l'abîme l'emportent, tous les -haillons de l'eau s'agitent autour de sa tête, une populace de vagues -crache sur lui, de confuses ouvertures le dévorent à demi; chaque fois -qu'il enfonce, il entrevoit des précipices pleins de nuit; d'affreuses -végétations inconnues le saisissent, lui nouent les pieds, le tirent à -elles; il sent qu'il devient abîme, il fait partie de l'écume, les flots -se le jettent de l'un à l'autre, il boit l'amertume, l'océan lâche -s'acharne à le noyer, l'énormité joue avec son agonie. Il semble que -toute cette eau soit de la haine. - -Il lutte pourtant, il essaie de se défendre, il essaie de se soutenir, -il fait effort, il nage. Lui, cette pauvre force tout de suite épuisée, -il combat l'inépuisable. - -Où donc est le navire? Là-bas. À peine visible dans les pâles ténèbres -de l'horizon. - -Les rafales soufflent; toutes les écumes l'accablent. Il lève les yeux -et ne voit que les lividités des nuages. Il assiste, agonisant, à -l'immense démence de la mer. Il est supplicié par cette folie. Il entend -des bruits étrangers à l'homme qui semblent venir d'au delà de la terre -et d'on ne sait quel dehors effrayant. - -Il y a des oiseaux dans les nuées, de même qu'il y a des anges au-dessus -des détresses humaines, mais que peuvent-ils pour lui? Cela vole, chante -et plane, et lui, il râle. - -Il se sent enseveli à la fois par ces deux infinis, l'océan et le ciel; -l'un est une tombe, l'autre est un linceul. - -La nuit descend, voilà des heures qu'il nage, ses forces sont à bout; ce -navire, cette chose lointaine où il y avait des hommes, s'est effacé; il -est seul dans le formidable gouffre crépusculaire, il enfonce, il se -roidit, il se tord, il sent au-dessous de lui les vagues monstres de -l'invisible; il appelle. - -Il n'y a plus d'hommes. Où est Dieu? - -Il appelle. Quelqu'un! quelqu'un! Il appelle toujours. - -Rien à l'horizon. Rien au ciel. - -Il implore l'étendue, la vague, l'algue, l'écueil; cela est sourd. Il -supplie la tempête; la tempête imperturbable n'obéit qu'à l'infini. - -Autour de lui, l'obscurité, la brume, la solitude, le tumulte orageux et -inconscient, le plissement indéfini des eaux farouches. En lui l'horreur -et la fatigue. Sous lui la chute. Pas de point d'appui. Il songe aux -aventures ténébreuses du cadavre dans l'ombre illimitée. Le froid sans -fond le paralyse. Ses mains se crispent et se ferment et prennent du -néant. Vents, nuées, tourbillons, souffles, étoiles inutiles! Que faire? -Le désespéré s'abandonne, qui est las prend le parti de mourir, il se -laisse faire, il se laisse aller, il lâche prise, et le voilà qui roule -à jamais dans les profondeurs lugubres de l'engloutissement. - -Ô marche implacable des sociétés humaines! Pertes d'hommes et d'âmes -chemin faisant! Océan où tombe tout ce que laisse tomber la loi! -Disparition sinistre du secours! ô mort morale! - -La mer, c'est l'inexorable nuit sociale où la pénalité jette ses damnés. -La mer, c'est l'immense misère. - -L'âme, à vau-l'eau dans ce gouffre, peut devenir un cadavre. Qui la -ressuscitera? - - - - -Chapitre IX - -Nouveaux griefs - - -Quand vint l'heure de la sortie du bagne, quand Jean Valjean entendit à -son oreille ce mot étrange: _tu es libre_! le moment fut invraisemblable -et inouï, un rayon de vive lumière, un rayon de la vraie lumière des -vivants pénétra subitement en lui. Mais ce rayon ne tarda point à pâlir. -Jean Valjean avait été ébloui de l'idée de la liberté. Il avait cru à -une vie nouvelle. Il vit bien vite ce que c'était qu'une liberté à -laquelle on donne un passeport jaune. - -Et autour de cela bien des amertumes. Il avait calculé que sa masse, -pendant son séjour au bagne, aurait dû s'élever à cent soixante et onze -francs. Il est juste d'ajouter qu'il avait oublié de faire entrer dans -ses calculs le repos forcé des dimanches et fêtes qui, pour dix-neuf -ans, entraînait une diminution de vingt-quatre francs environ. Quoi -qu'il en fût, cette masse avait été réduite, par diverses retenues -locales, à la somme de cent neuf francs quinze sous, qui lui avait été -comptée à sa sortie. - -Il n'y avait rien compris, et se croyait lésé. Disons le mot, volé. - -Le lendemain de sa libération, à Grasse, il vit devant la porte d'une -distillerie de fleurs d'oranger des hommes qui déchargeaient des -ballots. Il offrit ses services. La besogne pressait, on les accepta. Il -se mit à l'ouvrage. Il était intelligent, robuste et adroit; il faisait -de son mieux; le maître paraissait content. Pendant qu'il travaillait, -un gendarme passa, le remarqua, et lui demanda ses papiers. Il fallut -montrer le passeport jaune. Cela fait, Jean Valjean reprit son travail. -Un peu auparavant, il avait questionné l'un des ouvriers sur ce qu'ils -gagnaient à cette besogne par jour; on lui avait répondu: _trente sous_. -Le soir venu, comme il était forcé de repartir le lendemain matin, il se -présenta devant le maître de la distillerie et le pria de le payer. Le -maître ne proféra pas une parole, et lui remit vingt-cinq sous. Il -réclama. On lui répondit: cela est assez bon pour toi. Il insista. Le -maître le regarda entre les deux yeux et lui dit: _Gare le bloc_. - -Là encore il se considéra comme volé. - -La société, l'état, en lui diminuant sa masse, l'avait volé en grand. -Maintenant, c'était le tour de l'individu qui le volait en petit. - -Libération n'est pas délivrance. On sort du bagne, mais non de la -condamnation. Voilà ce qui lui était arrivé à Grasse. On a vu de quelle -façon il avait été accueilli à Digne. - - - - -Chapitre X - -L'homme réveillé - - -Donc, comme deux heures du matin sonnaient à l'horloge de la cathédrale, -Jean Valjean se réveilla. - -Ce qui le réveilla, c'est que le lit était trop bon. Il y avait vingt -ans bientôt qu'il n'avait couché dans un lit, et quoiqu'il ne se fût pas -déshabillé, la sensation était trop nouvelle pour ne pas troubler son -sommeil. - -Il avait dormi plus de quatre heures. Sa fatigue était passée. Il était -accoutumé à ne pas donner beaucoup d'heures au repos. - -Il ouvrit les yeux et regarda un moment dans l'obscurité autour de lui, -puis il les referma pour se rendormir. - -Quand beaucoup de sensations diverses ont agité la journée, quand des -choses préoccupent l'esprit, on s'endort, mais on ne se rendort pas. Le -sommeil vient plus aisément qu'il ne revient. C'est ce qui arriva à Jean -Valjean. Il ne put se rendormir, et il se mit à penser. - -Il était dans un de ces moments où les idées qu'on a dans l'esprit sont -troubles. Il avait une sorte de va-et-vient obscur dans le cerveau. Ses -souvenirs anciens et ses souvenirs immédiats y flottaient pêle-mêle et -s'y croisaient confusément, perdant leurs formes, se grossissant -démesurément, puis disparaissant tout à coup comme dans une eau fangeuse -et agitée. Beaucoup de pensées lui venaient, mais il y en avait une qui -se représentait continuellement et qui chassait toutes les autres. Cette -pensée, nous allons la dire tout de suite:--Il avait remarqué les six -couverts d'argent et la grande cuiller que madame Magloire avait posés -sur la table. - -Ces six couverts d'argent l'obsédaient.--Ils étaient là.--À quelques -pas.--À l'instant où il avait traversé la chambre d'à côté pour venir -dans celle où il était, la vieille servante les mettait dans un petit -placard à la tête du lit.--Il avait bien remarqué ce placard.--À droite, -en entrant par la salle à manger.--Ils étaient massifs.--Et de vieille -argenterie.--Avec la grande cuiller, on en tirerait au moins deux cents -francs.--Le double de ce qu'il avait gagné en dix-neuf ans.--Il est -vrai qu'il eût gagné davantage si l'_administration_ ne l'avait pas -_volé_. - -Son esprit oscilla toute une grande heure dans des fluctuations -auxquelles se mêlait bien quelque lutte. Trois heures sonnèrent. Il -rouvrit les yeux, se dressa brusquement sur son séant, étendit le bras -et tâta son havresac qu'il avait jeté dans le coin de l'alcôve, puis il -laissa pendre ses jambes et poser ses pieds à terre, et se trouva, -presque sans savoir comment, assis sur son lit. - -Il resta un certain temps rêveur dans cette attitude qui eût eu quelque -chose de sinistre pour quelqu'un qui l'eût aperçu ainsi dans cette -ombre, seul éveillé dans la maison endormie. Tout à coup il se baissa, -ôta ses souliers et les posa doucement sur la natte près du lit, puis il -reprit sa posture de rêverie et redevint immobile. - -Au milieu de cette méditation hideuse, les idées que nous venons -d'indiquer remuaient sans relâche son cerveau, entraient, sortaient, -rentraient, faisaient sur lui une sorte de pesée; et puis il songeait -aussi, sans savoir pourquoi, et avec cette obstination machinale de la -rêverie, à un forçat nommé Brevet qu'il avait connu au bagne, et dont le -pantalon n'était retenu que par une seule bretelle de coton tricoté. Le -dessin en damier de cette bretelle lui revenait sans cesse à l'esprit. - -Il demeurait dans cette situation, et y fût peut-être resté indéfiniment -jusqu'au lever du jour, si l'horloge n'eût sonné un coup--le quart ou la -demie. Il sembla que ce coup lui eût dit: allons! - -Il se leva debout, hésita encore un moment, et écouta; tout se taisait -dans la maison; alors il marcha droit et à petits pas vers la fenêtre -qu'il entrevoyait. La nuit n'était pas très obscure; c'était une pleine -lune sur laquelle couraient de larges nuées chassées par le vent. Cela -faisait au dehors des alternatives d'ombre et de clarté, des éclipses, -puis des éclaircies, et au dedans une sorte de crépuscule. Ce -crépuscule, suffisant pour qu'on pût se guider, intermittent à cause des -nuages, ressemblait à l'espèce de lividité qui tombe d'un soupirail de -cave devant lequel vont et viennent des passants. Arrivé à la fenêtre, -Jean Valjean l'examina. Elle était sans barreaux, donnait sur le jardin -et n'était fermée, selon la mode du pays, que d'une petite clavette. Il -l'ouvrit, mais, comme un air froid et vif entra brusquement dans la -chambre, il la referma tout de suite. Il regarda le jardin de ce regard -attentif qui étudie plus encore qu'il ne regarde. Le jardin était enclos -d'un mur blanc assez bas, facile à escalader. Au fond, au-delà, il -distingua des têtes d'arbres également espacées, ce qui indiquait que ce -mur séparait le jardin d'une avenue ou d'une ruelle plantée. - -Ce coup d'oeil jeté, il fit le mouvement d'un homme déterminé, marcha à -son alcôve, prit son havresac, l'ouvrit, le fouilla, en tira quelque -chose qu'il posa sur le lit, mit ses souliers dans une des poches, -referma le tout, chargea le sac sur ses épaules, se couvrit de sa -casquette dont il baissa la visière sur ses yeux, chercha son bâton en -tâtonnant, et l'alla poser dans l'angle de la fenêtre, puis revint au -lit et saisit résolument l'objet qu'il y avait déposé. Cela ressemblait -à une barre de fer courte, aiguisée comme un épieu à l'une de ses -extrémités. - -Il eût été difficile de distinguer dans les ténèbres pour quel emploi -avait pu être façonné ce morceau de fer. C'était peut-être un levier? -C'était peut-être une massue? - -Au jour on eût pu reconnaître que ce n'était autre chose qu'un -chandelier de mineur. On employait alors quelquefois les forçats à -extraire de la roche des hautes collines qui environnent Toulon, et il -n'était pas rare qu'ils eussent à leur disposition des outils de mineur. -Les chandeliers des mineurs sont en fer massif, terminés à leur -extrémité inférieure par une pointe au moyen de laquelle on les enfonce -dans le rocher. - -Il prit ce chandelier dans sa main droite, et retenant son haleine, -assourdissant son pas, il se dirigea vers la porte de la chambre -voisine, celle de l'évêque, comme on sait. Arrivé à cette porte, il la -trouva entrebâillée. L'évêque ne l'avait point fermée. - - - - -Chapitre XI - -Ce qu'il fait - - -Jean Valjean écouta. Aucun bruit. - -Il poussa la porte. - -Il la poussa du bout du doigt, légèrement, avec cette douceur furtive et -inquiète d'un chat qui veut entrer. - -La porte céda à la pression et fit un mouvement imperceptible et -silencieux qui élargit un peu l'ouverture. - -Il attendit un moment, puis poussa la porte une seconde fois, plus -hardiment. Elle continua de céder en silence. L'ouverture était assez -grande maintenant pour qu'il pût passer. Mais il y avait près de la -porte une petite table qui faisait avec elle un angle gênant et qui -barrait l'entrée. - -Jean Valjean reconnut la difficulté. Il fallait à toute force que -l'ouverture fût encore élargie. - -Il prit son parti, et poussa une troisième fois la porte, plus -énergiquement que les deux premières. Cette fois il y eut un gond mal -huilé qui jeta tout à coup dans cette obscurité un cri rauque et -prolongé. - -Jean Valjean tressaillit. Le bruit de ce gond sonna dans son oreille -avec quelque chose d'éclatant et de formidable comme le clairon du -jugement dernier. Dans les grossissements fantastiques de la première -minute, il se figura presque que ce gond venait de s'animer et de -prendre tout à coup une vie terrible, et qu'il aboyait comme un chien -pour avertir tout le monde et réveiller les gens endormis. - -Il s'arrêta, frissonnant, éperdu, et retomba de la pointe du pied sur le -talon. Il entendait ses artères battre dans ses tempes comme deux -marteaux de forge, et il lui semblait que son souffle sortait de sa -poitrine avec le bruit du vent qui sort d'une caverne. Il lui paraissait -impossible que l'horrible clameur de ce gond irrité n'eût pas ébranlé -toute la maison comme une secousse de tremblement de terre; la porte, -poussée par lui, avait pris l'alarme et avait appelé; le vieillard -allait se lever, les deux vieilles femmes allaient crier, on viendrait à -l'aide; avant un quart d'heure, la ville serait en rumeur et la -gendarmerie sur pied. Un moment il se crut perdu. - -Il demeura où il était, pétrifié comme la statue de sel, n'osant faire -un mouvement. - -Quelques minutes s'écoulèrent. La porte s'était ouverte toute grande. Il -se hasarda à regarder dans la chambre. Rien n'y avait bougé. Il prêta -l'oreille. Rien ne remuait dans la maison. Le bruit du gond rouillé -n'avait éveillé personne. Ce premier danger était passé, mais il y avait -encore en lui un affreux tumulte. Il ne recula pas pourtant. Même quand -il s'était cru perdu, il n'avait pas reculé. Il ne songea plus qu'à -finir vite. Il fit un pas et entra dans la chambre. - -Cette chambre était dans un calme parfait. On y distinguait çà et là des -formes confuses et vagues qui, au jour, étaient des papiers épars sur -une table, des in-folio ouverts, des volumes empilés sur un tabouret, un -fauteuil chargé de vêtements, un prie-Dieu, et qui à cette heure -n'étaient plus que des coins ténébreux et des places blanchâtres. Jean -Valjean avança avec précaution en évitant de se heurter aux meubles. Il -entendait au fond de la chambre la respiration égale et tranquille de -l'évêque endormi. - -Il s'arrêta tout à coup. Il était près du lit. Il y était arrivé plus -tôt qu'il n'aurait cru. - -La nature mêle quelquefois ses effets et ses spectacles à nos actions -avec une espèce d'à-propos sombre et intelligent, comme si elle voulait -nous faire réfléchir. Depuis près d'une demi-heure un grand nuage -couvrait le ciel. Au moment où Jean Valjean s'arrêta en face du lit, ce -nuage se déchira, comme s'il l'eût fait exprès, et un rayon de lune, -traversant la longue fenêtre, vint éclairer subitement le visage pâle de -l'évêque. Il dormait paisiblement. Il était presque vêtu dans son lit, à -cause des nuits froides des Basses-Alpes, d'un vêtement de laine brune -qui lui couvrait les bras jusqu'aux poignets. Sa tête était renversée -sur l'oreiller dans l'attitude abandonnée du repos; il laissait pendre -hors du lit sa main ornée de l'anneau pastoral et d'où étaient tombées -tant de bonnes oeuvres et de saintes actions. Toute sa face s'illuminait -d'une vague expression de satisfaction, d'espérance et de béatitude. -C'était plus qu'un sourire et presque un rayonnement. Il y avait sur son -front l'inexprimable réverbération d'une lumière qu'on ne voyait pas. -L'âme des justes pendant le sommeil contemple un ciel mystérieux. - -Un reflet de ce ciel était sur l'évêque. - -C'était en même temps une transparence lumineuse, car ce ciel était au -dedans de lui. Ce ciel, c'était sa conscience. - -Au moment où le rayon de lune vint se superposer, pour ainsi dire, à -cette clarté intérieure, l'évêque endormi apparut comme dans une gloire. -Cela pourtant resta doux et voilé d'un demi-jour ineffable. Cette lune -dans le ciel, cette nature assoupie, ce jardin sans un frisson, cette -maison si calme, l'heure, le moment, le silence, ajoutaient je ne sais -quoi de solennel et d'indicible au vénérable repos de ce sage, et -enveloppaient d'une sorte d'auréole majestueuse et sereine ces cheveux -blancs et ces yeux fermés, cette figure où tout était espérance et où -tout était confiance, cette tête de vieillard et ce sommeil d'enfant. - -Il y avait presque de la divinité dans cet homme ainsi auguste à son -insu. Jean Valjean, lui, était dans l'ombre, son chandelier de fer à la -main, debout, immobile, effaré de ce vieillard lumineux. Jamais il -n'avait rien vu de pareil. Cette confiance l'épouvantait. Le monde moral -n'a pas de plus grand spectacle que celui-là: une conscience troublée et -inquiète, parvenue au bord d'une mauvaise action, et contemplant le -sommeil d'un juste. - -Ce sommeil, dans cet isolement, et avec un voisin tel que lui, avait -quelque chose de sublime qu'il sentait vaguement, mais impérieusement. - -Nul n'eût pu dire ce qui se passait en lui, pas même lui. Pour essayer -de s'en rendre compte, il faut rêver ce qu'il y a de plus violent en -présence de ce qu'il y a de plus doux. Sur son visage même on n'eût rien -pu distinguer avec certitude. C'était une sorte d'étonnement hagard. Il -regardait cela. Voilà tout. Mais quelle était sa pensée? Il eût été -impossible de le deviner. Ce qui était évident, c'est qu'il était ému et -bouleversé. Mais de quelle nature était cette émotion? - -Son oeil ne se détachait pas du vieillard. La seule chose qui se -dégageât clairement de son attitude et de sa physionomie, c'était une -étrange indécision. On eût dit qu'il hésitait entre les deux abîmes, -celui où l'on se perd et celui où l'on se sauve. Il semblait prêt à -briser ce crâne ou à baiser cette main. - -Au bout de quelques instants, son bras gauche se leva lentement vers son -front, et il ôta sa casquette, puis son bras retomba avec la même -lenteur, et Jean Valjean rentra dans sa contemplation, sa casquette dans -la main gauche, sa massue dans la main droite, ses cheveux hérissés sur -sa tête farouche. - -L'évêque continuait de dormir dans une paix profonde sous ce regard -effrayant. Un reflet de lune faisait confusément visible au-dessus de la -cheminée le crucifix qui semblait leur ouvrir les bras à tous les deux, -avec une bénédiction pour l'un et un pardon pour l'autre. - -Tout à coup Jean Valjean remit sa casquette sur son front, puis marcha -rapidement, le long du lit, sans regarder l'évêque, droit au placard -qu'il entrevoyait près du chevet; il leva le chandelier de fer comme -pour forcer la serrure; la clef y était; il l'ouvrit; la première chose -qui lui apparut fut le panier d'argenterie; il le prit, traversa la -chambre à grands pas sans précaution et sans s'occuper du bruit, gagna -la porte, rentra dans l'oratoire, ouvrit la fenêtre, saisit un bâton, -enjamba l'appui du rez-de-chaussée, mit l'argenterie dans son sac, jeta -le panier, franchit le jardin, sauta par-dessus le mur comme un tigre, -et s'enfuit. - - - - -Chapitre XII - -L'évêque travaille - - -Le lendemain, au soleil levant, monseigneur Bienvenu se promenait dans -son jardin. Madame Magloire accourut vers lui toute bouleversée. - ---Monseigneur, monseigneur, cria-t-elle, votre grandeur sait-elle où est -le panier d'argenterie? - ---Oui, dit l'évêque. - ---Jésus-Dieu soit béni! reprit-elle. Je ne savais ce qu'il était devenu. - -L'évêque venait de ramasser le panier dans une plate-bande. Il le -présenta à madame Magloire. - ---Le voilà. - ---Eh bien? dit-elle. Rien dedans! et l'argenterie? - ---Ah! repartit l'évêque. C'est donc l'argenterie qui vous occupe? Je ne -sais où elle est. - ---Grand bon Dieu! elle est volée! C'est l'homme d'hier soir qui l'a -volée! - -En un clin d'oeil, avec toute sa vivacité de vieille alerte, madame -Magloire courut à l'oratoire, entra dans l'alcôve et revint vers -l'évêque. L'évêque venait de se baisser et considérait en soupirant un -plant de cochléaria des Guillons que le panier avait brisé en tombant à -travers la plate-bande. Il se redressa au cri de madame Magloire. - ---Monseigneur, l'homme est parti! l'argenterie est volée! - -Tout en poussant cette exclamation, ses yeux tombaient sur un angle du -jardin où l'on voyait des traces d'escalade. Le chevron du mur avait été -arraché. - ---Tenez! c'est par là qu'il s'en est allé. Il a sauté dans la ruelle -Cochefilet! Ah! l'abomination! Il nous a volé notre argenterie! - -L'évêque resta un moment silencieux, puis leva son oeil sérieux, et dit -à madame Magloire avec douceur: - ---Et d'abord, cette argenterie était-elle à nous? - -Madame Magloire resta interdite. Il y eut encore un silence, puis -l'évêque continua: - ---Madame Magloire, je détenais à tort et depuis longtemps cette -argenterie. Elle était aux pauvres. Qu'était-ce que cet homme? Un pauvre -évidemment. - ---Hélas Jésus! repartit madame Magloire. Ce n'est pas pour moi ni pour -mademoiselle. Cela nous est bien égal. Mais c'est pour monseigneur. Dans -quoi monseigneur va-t-il manger maintenant? - -L'évêque la regarda d'un air étonné. - ---Ah çà mais! est-ce qu'il n'y a pas des couverts d'étain? - -Madame Magloire haussa les épaules. - ---L'étain a une odeur. - ---Alors, des couverts de fer. - -Madame Magloire fit une grimace significative. - ---Le fer a un goût. - ---Eh bien, dit l'évêque, des couverts de bois. - -Quelques instants après, il déjeunait à cette même table où Jean Valjean -s'était assis la veille. Tout en déjeunant, monseigneur Bienvenu faisait -gaîment remarquer à sa soeur qui ne disait rien et à madame Magloire qui -grommelait sourdement qu'il n'est nullement besoin d'une cuiller ni -d'une fourchette, même en bois, pour tremper un morceau de pain dans une -tasse de lait. - ---Aussi a-t-on idée! disait madame Magloire toute seule en allant et -venant, recevoir un homme comme cela! et le loger à côté de soi! et quel -bonheur encore qu'il n'ait fait que voler! Ah mon Dieu! cela fait frémir -quand on songe! - -Comme le frère et la soeur allaient se lever de table, on frappa à la -porte. - ---Entrez, dit l'évêque. - -La porte s'ouvrit. Un groupe étrange et violent apparut sur le seuil. -Trois hommes en tenaient un quatrième au collet. Les trois hommes -étaient des gendarmes; l'autre était Jean Valjean. - -Un brigadier de gendarmerie, qui semblait conduire le groupe, était près -de la porte. Il entra et s'avança vers l'évêque en faisant le salut -militaire. - ---Monseigneur... dit-il. - -À ce mot Jean Valjean, qui était morne et semblait abattu, releva la -tête d'un air stupéfait. - ---Monseigneur! murmura-t-il. Ce n'est donc pas le curé?... - ---Silence! dit un gendarme. C'est monseigneur l'évêque. - -Cependant monseigneur Bienvenu s'était approché aussi vivement que son -grand âge le lui permettait. - ---Ah! vous voilà! s'écria-t-il en regardant Jean Valjean. Je suis aise -de vous voir. Et bien mais! je vous avais donné les chandeliers aussi, -qui sont en argent comme le reste et dont vous pourrez bien avoir deux -cents francs. Pourquoi ne les avez-vous pas emportés avec vos couverts? - -Jean Valjean ouvrit les yeux et regarda le vénérable évêque avec une -expression qu'aucune langue humaine ne pourrait rendre. - ---Monseigneur, dit le brigadier de gendarmerie, ce que cet homme disait -était donc vrai? Nous l'avons rencontré. Il allait comme quelqu'un qui -s'en va. Nous l'avons arrêté pour voir. Il avait cette argenterie.... - ---Et il vous a dit, interrompit l'évêque en souriant, qu'elle lui avait -été donnée par un vieux bonhomme de prêtre chez lequel il avait passé la -nuit? Je vois la chose. Et vous l'avez ramené ici? C'est une méprise. - ---Comme cela, reprit le brigadier, nous pouvons le laisser aller? - ---Sans doute, répondit l'évêque. - -Les gendarmes lâchèrent Jean Valjean qui recula. - ---Est-ce que c'est vrai qu'on me laisse? dit-il d'une voix presque -inarticulée et comme s'il parlait dans le sommeil. - ---Oui, on te laisse, tu n'entends donc pas? dit un gendarme. - ---Mon ami, reprit l'évêque, avant de vous en aller, voici vos -chandeliers. Prenez-les. - -Il alla à la cheminée, prit les deux flambeaux d'argent et les apporta à -Jean Valjean. Les deux femmes le regardaient faire sans un mot, sans un -geste, sans un regard qui pût déranger l'évêque. - -Jean Valjean tremblait de tous ses membres. Il prit les deux chandeliers -machinalement et d'un air égaré. - ---Maintenant, dit l'évêque, allez en paix. - ---À propos, quand vous reviendrez, mon ami, il est inutile de passer par -le jardin. Vous pourrez toujours entrer et sortir par la porte de la -rue. Elle n'est fermée qu'au loquet jour et nuit. - -Puis se tournant vers la gendarmerie: - ---Messieurs, vous pouvez vous retirer. - -Les gendarmes s'éloignèrent. - -Jean Valjean était comme un homme qui va s'évanouir. - -L'évêque s'approcha de lui, et lui dit à voix basse: - ---N'oubliez pas, n'oubliez jamais que vous m'avez promis d'employer cet -argent à devenir honnête homme. - -Jean Valjean, qui n'avait aucun souvenir d'avoir rien promis, resta -interdit. L'évêque avait appuyé sur ces paroles en les prononçant. Il -reprit avec une sorte de solennité: - ---Jean Valjean, mon frère, vous n'appartenez plus au mal, mais au bien. -C'est votre âme que je vous achète; je la retire aux pensées noires et à -l'esprit de perdition, et je la donne à Dieu. - - - - -Chapitre XIII - -Petit-Gervais - - -Jean Valjean sortit de la ville comme s'il s'échappait. Il se mit à -marcher en toute hâte dans les champs, prenant les chemins et les -sentiers qui se présentaient sans s'apercevoir qu'il revenait à chaque -instant sur ses pas. Il erra ainsi toute la matinée, n'ayant pas mangé -et n'ayant pas faim. Il était en proie à une foule de sensations -nouvelles. Il se sentait une sorte de colère; il ne savait contre qui. -Il n'eût pu dire s'il était touché ou humilié. Il lui venait par moments -un attendrissement étrange qu'il combattait et auquel il opposait -l'endurcissement de ses vingt dernières années. Cet état le fatiguait. -Il voyait avec inquiétude s'ébranler au dedans de lui l'espèce de calme -affreux que l'injustice de son malheur lui avait donné. Il se demandait -qu'est-ce qui remplacerait cela. Parfois il eût vraiment mieux aimé être -en prison avec les gendarmes, et que les choses ne se fussent point -passées ainsi; cela l'eût moins agité. Bien que la saison fut assez -avancée, il y avait encore çà et là dans les haies quelques fleurs -tardives dont l'odeur, qu'il traversait en marchant, lui rappelait des -souvenirs d'enfance. Ces souvenirs lui étaient presque insupportables, -tant il y avait longtemps qu'ils ne lui étaient apparus. - -Des pensées inexprimables s'amoncelèrent ainsi en lui toute la journée. - -Comme le soleil déclinait au couchant, allongeant sur le sol l'ombre du -moindre caillou, Jean Valjean était assis derrière un buisson dans une -grande plaine rousse absolument déserte. Il n'y avait à l'horizon que -les Alpes. Pas même le clocher d'un village lointain. Jean Valjean -pouvait être à trois lieues de Digne. Un sentier qui coupait la plaine -passait à quelques pas du buisson. - -Au milieu de cette méditation qui n'eût pas peu contribué à rendre ses -haillons effrayants pour quelqu'un qui l'eût rencontré, il entendit un -bruit joyeux. - -Il tourna la tête, et vit venir par le sentier un petit savoyard d'une -dizaine d'années qui chantait, sa vielle au flanc et sa boîte à marmotte -sur le dos; un de ces doux et gais enfants qui vont de pays en pays, -laissant voir leurs genoux par les trous de leur pantalon. - -Tout en chantant l'enfant interrompait de temps en temps sa marche et -jouait aux osselets avec quelques pièces de monnaie qu'il avait dans sa -main, toute sa fortune probablement. Parmi cette monnaie il y avait une -pièce de quarante sous. L'enfant s'arrêta à côté du buisson sans voir -Jean Valjean et fit sauter sa poignée de sous que jusque-là il avait -reçue avec assez d'adresse tout entière sur le dos de sa main. - -Cette fois la pièce de quarante sous lui échappa, et vint rouler vers la -broussaille jusqu'à Jean Valjean. - -Jean Valjean posa le pied dessus. - -Cependant l'enfant avait suivi sa pièce du regard, et l'avait vu. - -Il ne s'étonna point et marcha droit à l'homme. - -C'était un lieu absolument solitaire. Aussi loin que le regard pouvait -s'étendre, il n'y avait personne dans la plaine ni dans le sentier. On -n'entendait que les petits cris faibles d'une nuée d'oiseaux de passage -qui traversaient le ciel à une hauteur immense. L'enfant tournait le dos -au soleil qui lui mettait des fils d'or dans les cheveux et qui -empourprait d'une lueur sanglante la face sauvage de Jean Valjean. - ---Monsieur, dit le petit savoyard, avec cette confiance de l'enfance qui -se compose d'ignorance et d'innocence,--ma pièce? - ---Comment t'appelles-tu? dit Jean Valjean. - ---Petit-Gervais, monsieur. - ---Va-t'en, dit Jean Valjean. - ---Monsieur, reprit l'enfant, rendez-moi ma pièce. - -Jean Valjean baissa la tête et ne répondit pas. - -L'enfant recommença: - ---Ma pièce, monsieur! - -L'oeil de Jean Valjean resta fixé à terre. - ---Ma pièce! cria l'enfant, ma pièce blanche! mon argent! Il semblait que -Jean Valjean n'entendit point. L'enfant le prit au collet de sa blouse -et le secoua. Et en même temps il faisait effort pour déranger le gros -soulier ferré posé sur son trésor. - ---Je veux ma pièce! ma pièce de quarante sous! - -L'enfant pleurait. La tête de Jean Valjean se releva. Il était toujours -assis. Ses yeux étaient troubles. Il considéra l'enfant avec une sorte -d'étonnement, puis il étendit la main vers son bâton et cria d'une voix -terrible: - ---Qui est là? - ---Moi, monsieur, répondit l'enfant. Petit-Gervais! moi! moi! Rendez-moi -mes quarante sous, s'il vous plaît! Ôtez votre pied, monsieur, s'il vous -plaît! - -Puis irrité, quoique tout petit, et devenant presque menaçant: - ---Ah, çà, ôterez-vous votre pied? Ôtez donc votre pied, voyons. - ---Ah! c'est encore toi! dit Jean Valjean, et se dressant brusquement -tout debout, le pied toujours sur la pièce d'argent, il ajouta:--Veux-tu -bien te sauver! - -L'enfant effaré le regarda, puis commença à trembler de la tête aux -pieds, et, après quelques secondes de stupeur, se mit à s'enfuir en -courant de toutes ses forces sans oser tourner le cou ni jeter un cri. - -Cependant à une certaine distance l'essoufflement le força de s'arrêter, -et Jean Valjean, à travers sa rêverie, l'entendit qui sanglotait. - -Au bout de quelques instants l'enfant avait disparu. Le soleil s'était -couché. L'ombre se faisait autour de Jean Valjean. Il n'avait pas mangé -de la journée; il est probable qu'il avait la fièvre. - -Il était resté debout, et n'avait pas changé d'attitude depuis que -l'enfant s'était enfui. Son souffle soulevait sa poitrine à des -intervalles longs et inégaux. Son regard, arrêté à dix ou douze pas -devant lui, semblait étudier avec une attention profonde la forme d'un -vieux tesson de faïence bleue tombé dans l'herbe. Tout à coup il -tressaillit; il venait de sentir le froid du soir. - -Il raffermit sa casquette sur son front, chercha machinalement à croiser -et à boutonner sa blouse, fit un pas, et se baissa pour reprendre à -terre son bâton. En ce moment il aperçut la pièce de quarante sous que -son pied avait à demi enfoncée dans la terre et qui brillait parmi les -cailloux. - -Ce fut comme une commotion galvanique. Qu'est-ce que c'est que ça? -dit-il entre ses dents. Il recula de trois pas, puis s'arrêta, sans -pouvoir détacher son regard de ce point que son pied avait foulé -l'instant d'auparavant, comme si cette chose qui luisait là dans -l'obscurité eût été un oeil ouvert fixé sur lui. - -Au bout de quelques minutes, il s'élança convulsivement vers la pièce -d'argent, la saisit, et, se redressant, se mit à regarder au loin dans -la plaine, jetant à la fois ses yeux vers tous les points de l'horizon, -debout et frissonnant comme une bête fauve effarée qui cherche un asile. - -Il ne vit rien. La nuit tombait, la plaine était froide et vague, de -grandes brumes violettes montaient dans la clarté crépusculaire. - -Il dit: «Ah!» et se mit à marcher rapidement dans une certaine -direction, du côté où l'enfant avait disparu. Après une centaine de pas, -il s'arrêta, regarda, et ne vit rien. - -Alors il cria de toute sa force: «Petit-Gervais! Petit-Gervais!» - -Il se tut, et attendit. - -Rien ne répondit. - -La campagne était déserte et morne. Il était environné de l'étendue. Il -n'y avait rien autour de lui qu'une ombre où se perdait son regard et un -silence où sa voix se perdait. - -Une bise glaciale soufflait, et donnait aux choses autour de lui une -sorte de vie lugubre. Des arbrisseaux secouaient leurs petits bras -maigres avec une furie incroyable. On eût dit qu'ils menaçaient et -poursuivaient quelqu'un. - -Il recommença à marcher, puis il se mit à courir, et de temps en temps -il s'arrêtait, et criait dans cette solitude, avec une voix qui était ce -qu'on pouvait entendre de plus formidable et de plus désolé: -«Petit-Gervais! Petit-Gervais!» - -Certes, si l'enfant l'eût entendu, il eût eu peur et se fût bien gardé -de se montrer. Mais l'enfant était sans doute déjà bien loin. - -Il rencontra un prêtre qui était à cheval. Il alla à lui et lui dit: - ---Monsieur le curé, avez-vous vu passer un enfant? - ---Non, dit le prêtre. - ---Un nommé Petit-Gervais? - ---Je n'ai vu personne. - -Il tira deux pièces de cinq francs de sa sacoche et les remit au prêtre. - ---Monsieur le curé, voici pour vos pauvres.--Monsieur le curé, c'est un -petit d'environ dix ans qui a une marmotte, je crois, et une vielle. Il -allait. Un de ces savoyards, vous savez? - ---Je ne l'ai point vu. - ---Petit-Gervais? il n'est point des villages d'ici? pouvez-vous me dire? - ---Si c'est comme vous dites, mon ami, c'est un petit enfant étranger. -Cela passe dans le pays. On ne les connaît pas. - -Jean Valjean prit violemment deux autres écus de cinq francs qu'il donna -au prêtre. - ---Pour vos pauvres, dit-il. - -Puis il ajouta avec égarement: - ---Monsieur l'abbé, faites-moi arrêter. Je suis un voleur. - -Le prêtre piqua des deux et s'enfuit très effrayé. - -Jean Valjean se remit à courir dans la direction qu'il avait d'abord -prise. - -Il fit de la sorte un assez long chemin, regardant, appelant, criant, -mais il ne rencontra plus personne. Deux ou trois fois il courut dans la -plaine vers quelque chose qui lui faisait l'effet d'un être couché ou -accroupi; ce n'étaient que des broussailles ou des roches à fleur de -terre. Enfin, à un endroit où trois sentiers se croisaient, il s'arrêta. -La lune s'était levée. Il promena sa vue au loin et appela une dernière -fois: «Petit-Gervais! Petit-Gervais! Petit-Gervais!» Son cri s'éteignit -dans la brume, sans même éveiller un écho. Il murmura encore: -«Petit-Gervais!» mais d'une voix faible et presque inarticulée. Ce fut -là son dernier effort; ses jarrets fléchirent brusquement sous lui comme -si une puissance invisible l'accablait tout à coup du poids de sa -mauvaise conscience; il tomba épuisé sur une grosse pierre, les poings -dans ses cheveux et le visage dans ses genoux, et il cria: «Je suis un -misérable!» - -Alors son coeur creva et il se mit à pleurer. C'était la première fois -qu'il pleurait depuis dix-neuf ans. - -Quand Jean Valjean était sorti de chez l'évêque, on l'a vu, il était -hors de tout ce qui avait été sa pensée jusque-là. Il ne pouvait se -rendre compte de ce qui se passait en lui. Il se raidissait contre -l'action angélique et contre les douces paroles du vieillard. «Vous -m'avez promis de devenir honnête homme. Je vous achète votre âme. Je la -retire à l'esprit de perversité et je la donne au bon Dieu.» Cela lui -revenait sans cesse. Il opposait à cette indulgence céleste l'orgueil, -qui est en nous comme la forteresse du mal. Il sentait indistinctement -que le pardon de ce prêtre était le plus grand assaut et la plus -formidable attaque dont il eût encore été ébranlé; que son -endurcissement serait définitif s'il résistait à cette clémence; que, -s'il cédait, il faudrait renoncer à cette haine dont les actions des -autres hommes avaient rempli son âme pendant tant d'années, et qui lui -plaisait; que cette fois il fallait vaincre ou être vaincu, et que la -lutte, une lutte colossale et décisive, était engagée entre sa -méchanceté à lui et la bonté de cet homme. - -En présence de toutes ces lueurs, il allait comme un homme ivre. Pendant -qu'il marchait ainsi, les yeux hagards, avait-il une perception -distincte de ce qui pourrait résulter pour lui de son aventure à Digne? -Entendait-il tous ces bourdonnements mystérieux qui avertissent ou -importunent l'esprit à de certains moments de la vie? Une voix lui -disait-elle à l'oreille qu'il venait de traverser l'heure solennelle de -sa destinée, qu'il n'y avait plus de milieu pour lui, que si désormais -il n'était pas le meilleur des hommes il en serait le pire, qu'il -fallait pour ainsi dire que maintenant il montât plus haut que l'évêque -ou retombât plus bas que le galérien, que s'il voulait devenir bon il -fallait qu'il devînt ange; que s'il voulait rester méchant il fallait -qu'il devînt monstre? - -Ici encore il faut se faire ces questions que nous nous sommes déjà -faites ailleurs, recueillait-il confusément quelque ombre de tout ceci -dans sa pensée? Certes, le malheur, nous l'avons dit, fait l'éducation -de l'intelligence; cependant il est douteux que Jean Valjean fût en état -de démêler tout ce que nous indiquons ici. Si ces idées lui arrivaient, -il les entrevoyait plutôt qu'il ne les voyait, et elles ne réussissaient -qu'à le jeter dans un trouble insupportable et presque douloureux. Au -sortir de cette chose difforme et noire qu'on appelle le bagne, l'évêque -lui avait fait mal à l'âme comme une clarté trop vive lui eût fait mal -aux yeux en sortant des ténèbres. La vie future, la vie possible qui -s'offrait désormais à lui toute pure et toute rayonnante le remplissait -de frémissements et d'anxiété. Il ne savait vraiment plus où il en -était. Comme une chouette qui verrait brusquement se lever le soleil, le -forçat avait été ébloui et comme aveuglé par la vertu. - -Ce qui était certain, ce dont il ne se doutait pas, c'est qu'il n'était -déjà plus le même homme, c'est que tout était changé en lui, c'est qu'il -n'était plus en son pouvoir de faire que l'évêque ne lui eût pas parlé -et ne l'eût pas touché. - -Dans cette situation d'esprit, il avait rencontré Petit-Gervais et lui -avait volé ses quarante sous. Pourquoi? Il n'eût assurément pu -l'expliquer; était-ce un dernier effet et comme un suprême effort des -mauvaises pensées qu'il avait apportées du bagne, un reste d'impulsion, -un résultat de ce qu'on appelle en statique la _force acquise_? C'était -cela, et c'était aussi peut-être moins encore que cela. Disons-le -simplement, ce n'était pas lui qui avait volé, ce n'était pas l'homme, -c'était la bête qui, par habitude et par instinct, avait stupidement -posé le pied sur cet argent, pendant que l'intelligence se débattait au -milieu de tant d'obsessions inouïes et nouvelles. Quand l'intelligence -se réveilla et vit cette action de la brute, Jean Valjean recula avec -angoisse et poussa un cri d'épouvante. - -C'est que, phénomène étrange et qui n'était possible que dans la -situation où il était, en volant cet argent à cet enfant, il avait fait -une chose dont il n'était déjà plus capable. - -Quoi qu'il en soit, cette dernière mauvaise action eut sur lui un effet -décisif; elle traversa brusquement ce chaos qu'il avait dans -l'intelligence et le dissipa, mit d'un côté les épaisseurs obscures et -de l'autre la lumière, et agit sur son âme, dans l'état où elle se -trouvait, comme de certains réactifs chimiques agissent sur un mélange -trouble en précipitant un élément et en clarifiant l'autre. - -Tout d'abord, avant même de s'examiner et de réfléchir, éperdu, comme -quelqu'un qui cherche à se sauver, il tâcha de retrouver l'enfant pour -lui rendre son argent, puis, quand il reconnut que cela était inutile et -impossible, il s'arrêta désespéré. Au moment où il s'écria: «je suis un -misérable!» il venait de s'apercevoir tel qu'il était, et il était déjà -à ce point séparé de lui-même, qu'il lui semblait qu'il n'était plus -qu'un fantôme, et qu'il avait là devant lui, en chair et en os, le bâton -à la main, la blouse sur les reins, son sac rempli d'objets volés sur le -dos, avec son visage résolu et morne, avec sa pensée pleine de projets -abominables, le hideux galérien Jean Valjean. - -L'excès du malheur, nous l'avons remarqué, l'avait fait en quelque sorte -visionnaire. Ceci fut donc comme une vision. Il vit véritablement ce -Jean Valjean, cette face sinistre devant lui. Il fut presque au moment -de se demander qui était cet homme, et il en eut horreur. - -Son cerveau était dans un de ces moments violents et pourtant -affreusement calmes où la rêverie est si profonde qu'elle absorbe la -réalité. On ne voit plus les objets qu'on a autour de soi, et l'on voit -comme en dehors de soi les figures qu'on a dans l'esprit. - -Il se contempla donc, pour ainsi dire, face à face, et en même temps, à -travers cette hallucination, il voyait dans une profondeur mystérieuse -une sorte de lumière qu'il prit d'abord pour un flambeau. En regardant -avec plus d'attention cette lumière qui apparaissait à sa conscience, il -reconnut qu'elle avait la forme humaine, et que ce flambeau était -l'évêque. - -Sa conscience considéra tour à tour ces deux hommes ainsi placés devant -elle, l'évêque et Jean Valjean. Il n'avait pas fallu moins que le -premier pour détremper le second. Par un de ces effets singuliers qui -sont propres à ces sortes d'extases, à mesure que sa rêverie se -prolongeait, l'évêque grandissait et resplendissait à ses yeux, Jean -Valjean s'amoindrissait et s'effaçait. À un certain moment il ne fut -plus qu'une ombre. Tout à coup il disparut. L'évêque seul était resté. - -Il remplissait toute l'âme de ce misérable d'un rayonnement magnifique. -Jean Valjean pleura longtemps. Il pleura à chaudes larmes, il pleura à -sanglots, avec plus de faiblesse qu'une femme, avec plus d'effroi qu'un -enfant. - -Pendant qu'il pleurait, le jour se faisait de plus en plus dans son -cerveau, un jour extraordinaire, un jour ravissant et terrible à la -fois. Sa vie passée, sa première faute, sa longue expiation, son -abrutissement extérieur, son endurcissement intérieur, sa mise en -liberté réjouie par tant de plans de vengeance, ce qui lui était arrivé -chez l'évêque, la dernière chose qu'il avait faite, ce vol de quarante -sous à un enfant, crime d'autant plus lâche et d'autant plus monstrueux -qu'il venait après le pardon de l'évêque, tout cela lui revint et lui -apparut, clairement, mais dans une clarté qu'il n'avait jamais vue -jusque-là. Il regarda sa vie, et elle lui parut horrible; son âme, et -elle lui parut affreuse. Cependant un jour doux était sur cette vie et -sur cette âme. Il lui semblait qu'il voyait Satan à la lumière du -paradis. - -Combien d'heures pleura-t-il ainsi? que fit-il après avoir pleuré? où -alla-t-il? on ne l'a jamais su. Il paraît seulement avéré que, dans -cette même nuit, le voiturier qui faisait à cette époque le service de -Grenoble et qui arrivait à Digne vers trois heures du matin, vit en -traversant la rue de l'évêché un homme dans l'attitude de la prière, à -genoux sur le pavé, dans l'ombre, devant la porte de monseigneur -Bienvenu. - - - - -Livre troisième--En l'année 1817 - - - - -Chapitre I - -L'année 1817 - - -1817 est l'année que Louis XVIII, avec un certain aplomb royal qui ne -manquait pas de fierté, qualifiait la vingt-deuxième de son règne. C'est -l'année où M. Bruguière de Sorsum était célèbre. Toutes les boutiques -des perruquiers, espérant la poudre et le retour de l'oiseau royal, -étaient badigeonnées d'azur et fleurdelysées. C'était le temps candide -où le comte Lynch siégeait tous les dimanches comme marguillier au banc -d'oeuvre de Saint-Germain-des-Prés en habit de pair de France, avec son -cordon rouge et son long nez, et cette majesté de profil particulière à -un homme qui a fait une action d'éclat. L'action d'éclat commise par M. -Lynch était ceci: avoir, étant maire de Bordeaux, le 12 mars 1814, donné -la ville un peu trop tôt à M. le duc d'Angoulême. De là sa pairie. En -1817, la mode engloutissait les petits garçons de quatre à six ans sous -de vastes casquettes en cuir maroquiné à oreillons assez ressemblantes à -des mitres d'esquimaux. L'armée française était vêtue de blanc, à -l'autrichienne; les régiments s'appelaient légions; au lieu de chiffres -ils portaient les noms des départements. Napoléon était à Sainte-Hélène, -et, comme l'Angleterre lui refusait du drap vert, il faisait retourner -ses vieux habits. En 1817, Pellegrini chantait, mademoiselle Bigottini -dansait; Potier régnait; Odry n'existait pas encore. Madame Saqui -succédait à Forioso. Il y avait encore des Prussiens en France. M. -Delalot était un personnage. La légitimité venait de s'affirmer en -coupant le poing, puis la tête, à Pleignier, à Carbonneau et à Tolleron. -Le prince de Talleyrand, grand chambellan, et l'abbé Louis, ministre -désigné des finances, se regardaient en riant du rire de deux augures; -tous deux avaient célébré, le 14 juillet 1790, la messe de la Fédération -au Champ de Mars; Talleyrand l'avait dite comme évêque, Louis l'avait -servie comme diacre. En 1817, dans les contre-allées de ce même Champ de -Mars, on apercevait de gros cylindres de bois, gisant sous la pluie, -pourrissant dans l'herbe, peints en bleu avec des traces d'aigles et -d'abeilles dédorées. C'étaient les colonnes qui, deux ans auparavant, -avaient soutenu l'estrade de l'empereur au Champ-de-Mai. Elles étaient -noircies çà et là de la brûlure du bivouac des Autrichiens baraqués près -du Gros-Caillou. Deux ou trois de ces colonnes avaient disparu dans les -feux de ces bivouacs et avaient chauffé les larges mains des -_kaiserlicks_. Le Champ de Mai avait eu cela de remarquable qu'il avait -été tenu au mois de juin et au Champ de Mars. En cette année 1817, deux -choses étaient populaires: le Voltaire-Touquet et la tabatière à la -Charte. L'émotion parisienne la plus récente était le crime de Dautun -qui avait jeté la tête de son frère dans le bassin du Marché-aux-Fleurs. -On commençait à faire au ministère de la marine une enquête sur cette -fatale frégate de la Méduse qui devait couvrir de honte Chaumareix et de -gloire Géricault. Le colonel Selves allait en Égypte pour y devenir -Soliman pacha. Le palais des Thermes, rue de la Harpe, servait de -boutique à un tonnelier. On voyait encore sur la plate-forme de la tour -octogone de l'hôtel de Cluny la petite logette en planches qui avait -servi d'observatoire à Messier, astronome de la marine sous Louis XVI. -La duchesse de Duras lisait à trois ou quatre amis, dans son boudoir -meublé d'X en satin bleu ciel, _Ourika_ inédite. On grattait les N au -Louvre. Le pont d'Austerlitz abdiquait et s'intitulait pont du Jardin du -Roi, double énigme qui déguisait à la fois le pont d'Austerlitz et le -jardin des Plantes. Louis XVIII, préoccupé, tout en annotant du coin de -l'ongle Horace, des héros qui se font empereurs et des sabotiers qui se -font dauphins, avait deux soucis: Napoléon et Mathurin Bruneau. -L'académie française donnait pour sujet de prix: _Le bonheur que procure -l'étude_. M. Bellart était officiellement éloquent. On voyait germer à -son ombre ce futur avocat général de Broè, promis aux sarcasmes de -Paul-Louis Courier. Il y avait un faux Chateaubriand appelé Marchangy, -en attendant qu'il y eut un faux Marchangy appelé d'Arlincourt. _Claire -d'Albe_ et _Malek-Adel_ étaient des chefs-d'oeuvre; madame Cottin était -déclarée le premier écrivain de l'époque. L'institut laissait rayer de -sa liste l'académicien Napoléon Bonaparte. Une ordonnance royale -érigeait Angoulême en école de marine, car, le duc d'Angoulême étant -grand amiral, il était évident que la ville d'Angoulême avait de droit -toutes les qualités d'un port de mer, sans quoi le principe monarchique -eût été entamé. On agitait en conseil des ministres la question de -savoir si l'on devait tolérer les vignettes représentant des voltiges -qui assaisonnaient les affiches de Franconi et qui attroupaient les -polissons des rues. M. Paër, auteur de l'_Agnese_, bonhomme à la face -carrée qui avait une verrue sur la joue, dirigeait les petits concerts -intimes de la marquise de Sassenaye, rue de la Ville-l'Évêque. Toutes -les jeunes filles chantaient _l'Ermite de Saint-Avelle_, paroles -d'Edmond Géraud. _Le Nain jaune_ se transformait en _Miroir_. Le café -Lemblin tenait pour l'empereur contre le café Valois qui tenait pour les -Bourbons. On venait de marier à une princesse de Sicile M. le duc de -Berry, déjà regardé du fond de l'ombre par Louvel. Il y avait un an que -madame de Staël était morte. Les gardes du corps sifflaient mademoiselle -Mars. Les grands journaux étaient tout petits. Le format était -restreint, mais la liberté était grande. _Le Constitutionnel_ était -constitutionnel. _La Minerve_ appelait Chateaubriand _Chateaubriant_. Ce -_t_ faisait beaucoup rire les bourgeois aux dépens du grand écrivain. -Dans des journaux vendus, des journalistes prostitués insultaient les -proscrits de 1815; David n'avait plus de talent, Arnault n'avait plus -d'esprit, Carnot n'avait plus de probité; Soult n'avait gagné aucune -bataille; il est vrai que Napoléon n'avait plus de génie. Personne -n'ignore qu'il est assez rare que les lettres adressées par la poste à -un exilé lui parviennent, les polices se faisant un religieux devoir de -les intercepter. Le fait n'est point nouveau; Descartes, banni, s'en -plaignait. Or, David ayant, dans un journal belge, montré quelque humeur -de ne pas recevoir les lettres qu'on lui écrivait, ceci paraissait -plaisant aux feuilles royalistes qui bafouaient à cette occasion le -proscrit. Dire: _les régicides_, ou dire: _les votants_, dire: _les -ennemis_, ou dire: _les alliés_, dire: _Napoléon_, ou dire: _Buonaparte_, -cela séparait deux hommes plus qu'un abîme. Tous les gens de bons sens -convenaient que l'ère des révolutions était à jamais fermée par le roi -Louis XVIII, surnommé «l'immortel auteur de la charte». Au terre-plein -du Pont-Neuf, on sculptait le mot _Redivivus_, sur le piédestal qui -attendait la statue de Henri IV. M. Piet ébauchait, rue Thérèse, n° 4, -son conciliabule pour consolider la monarchie. Les chefs de la droite -disaient dans les conjonctures graves: «Il faut écrire à Bacot». MM. -Canuel, O'Mahony et de Chappedelaine esquissaient, un peu approuvés de -Monsieur, ce qui devait être plus tard «la conspiration du bord de -l'eau». L'Épingle Noire complotait de son côté. Delaverderie s'abouchait -avec Trogoff. M. Decazes, esprit dans une certaine mesure libéral, -dominait. Chateaubriand, debout tous les matins devant sa fenêtre du n° -27 de la rue Saint-Dominique, en pantalon à pieds et en pantoufles, ses -cheveux gris coiffés d'un madras, les yeux fixés sur un miroir, une -trousse complète de chirurgien dentiste ouverte devant lui, se curait -les dents, qu'il avait charmantes, tout en dictant des variantes de _la -Monarchie selon la Charte_ à M. Pilorge, son secrétaire. La critique -faisant autorité préférait Lafon à Talma. M. de Féletz signait A.; M. -Hoffmann signait Z. Charles Nodier écrivait _Thérèse Aubert_. Le divorce -était aboli. Les lycées s'appelaient collèges. Les collégiens, ornés au -collet d'une fleur de lys d'or, s'y gourmaient à propos du roi de Rome. -La contre-police du château dénonçait à son altesse royale Madame le -portrait, partout exposé, de M. le duc d'Orléans, lequel avait meilleure -mine en uniforme de colonel général des houzards que M. le duc de Berry -en uniforme de colonel général des dragons; grave inconvénient. La ville -de Paris faisait redorer à ses frais le dôme des Invalides. Les hommes -sérieux se demandaient ce que ferait, dans telle ou telle occasion, M. -de Trinquelague; M. Clausel de Montals se séparait, sur divers points, -de M. Clausel de Coussergues; M. de Salaberry n'était pas content. Le -comédien Picard, qui était de l'Académie dont le comédien Molière -n'avait pu être, faisait jouer _les deux Philibert_ à l'Odéon, sur le -fronton duquel l'arrachement des lettres laissait encore lire -distinctement: THÉÂTRE DE L'IMPÉRATRICE. On prenait parti pour ou contre -Cugnet de Montarlot. Fabvier était factieux; Bavoux était -révolutionnaire. Le libraire Pélicier publiait une édition de Voltaire, -sous ce titre: _OEuvres de Voltaire_, de l'Académie française. «Cela -fait venir les acheteurs», disait cet éditeur naïf. L'opinion générale -était que M. Charles Loyson, serait le génie du siècle; l'envie -commençait à le mordre, signe de gloire; et l'on faisait sur lui ce -vers: - -_Même quand Loyson vole, on sent qu'il a des pattes._ - -Le cardinal Fesch refusant de se démettre, M. de Pins, archevêque -d'Amasie, administrait le diocèse de Lyon. La querelle de la vallée des -Dappes commençait entre la Suisse et la France par un mémoire du -capitaine Dufour, depuis général. Saint-Simon, ignoré, échafaudait son -rêve sublime. Il y avait à l'académie des sciences un Fourier célèbre -que la postérité a oublié et dans je ne sais quel grenier un Fourier -obscur dont l'avenir se souviendra. Lord Byron commençait à poindre; une -note d'un poème de Millevoye l'annonçait à la France en ces termes: _un -certain lord Baron_. David d'Angers s'essayait à pétrir le marbre. -L'abbé Caron parlait avec éloge, en petit comité de séminaristes, dans -le cul-de-sac des Feuillantines, d'un prêtre inconnu nommé Félicité -Robert qui a été plus tard Lamennais. Une chose qui fumait et clapotait -sur la Seine avec le bruit d'un chien qui nage allait et venait sous les -fenêtres des Tuileries, du pont Royal au pont Louis XV c'était une -mécanique bonne à pas grand'chose, une espèce de joujou, une rêverie -d'inventeur songe-creux, une utopie: un bateau à vapeur. Les Parisiens -regardaient cette inutilité avec indifférence. M. de Vaublanc, -réformateur de l'Institut par coup d'État, ordonnance et fournée, auteur -distingué de plusieurs académiciens, après en avoir fait, ne pouvait -parvenir à l'être. Le faubourg Saint-Germain et la pavillon Marsan -souhaitaient pour préfet de police M. Delaveau, à cause de sa dévotion. -Dupuytren et Récamier se prenaient de querelle à l'amphithéâtre de -l'École de médecine et se menaçaient du poing à propos de la divinité de -Jésus-Christ. Cuvier, un oeil sur la Genèse et l'autre sur la nature, -s'efforçait de plaire à la réaction bigote en mettant les fossiles -d'accord avec les textes et en faisant flatter Moïse par les -mastodontes. M. François de Neufchâteau, louable cultivateur de la -mémoire de Parmentier, faisait mille efforts pour que _pomme de terre_ -fût prononcée _parmentière_, et n'y réussissait point. L'abbé Grégoire, -ancien évêque, ancien conventionnel, ancien sénateur, était passé dans -la polémique royaliste à l'état «d'infâme Grégoire». Cette locution que -nous venons d'employer: _passer à l'état de_, était dénoncée comme -néologisme par M. Royer-Collard. On pouvait distinguer encore à sa -blancheur, sous la troisième arche du pont d'Iéna, la pierre neuve avec -laquelle, deux ans auparavant, on avait bouché le trou de mine pratiqué -par Blücher pour faire sauter le pont. La justice appelait à sa barre un -homme qui, en voyant entrer le comte d'Artois à Notre-Dame, avait dit -tout haut: _Sapristi! je regrette le temps où je voyais Bonaparte et -Talma entrer bras dessus bras dessous au Bal-Sauvage_. Propos séditieux. -Six mois de prison. Des traîtres se montraient déboutonnés; des hommes -qui avaient passé à l'ennemi la veille d'une bataille ne cachaient rien -de la récompense et marchaient impudiquement en plein soleil dans le -cynisme des richesses et des dignités; des déserteurs de Ligny et des -Quatre-Bras, dans le débraillé de leur turpitude payée, étalaient leur -dévouement monarchique tout nu; oubliant ce qui est écrit en Angleterre -sur la muraille intérieure des water-closets publics: _Please adjust -your dress before leaving_. - -Voilà, pêle-mêle, ce qui surnage confusément de l'année 1817, oubliée -aujourd'hui. L'histoire néglige presque toutes ces particularités, et ne -peut faire autrement; l'infini l'envahirait. Pourtant ces détails, qu'on -appelle à tort petits--il n'y a ni petits faits dans l'humanité, ni -petites feuilles dans la végétation--sont utiles. C'est de la -physionomie des années que se compose la figure des siècles. - -En cette année 1817, quatre jeunes Parisiens firent «une bonne farce». - - - - -Chapitre II - -Double quatuor - - -Ces Parisiens étaient l'un de Toulouse, l'autre de Limoges, le troisième -de Cahors et le quatrième de Montauban; mais ils étaient étudiants, et -qui dit étudiant dit parisien; étudier à Paris, c'est naître à Paris. - -Ces jeunes gens étaient insignifiants; tout le monde a vu ces -figures-là; quatre échantillons du premier venu; ni bons ni mauvais, ni -savants ni ignorants, ni des génies ni des imbéciles; beaux de ce -charmant avril qu'on appelle vingt ans. C'étaient quatre Oscars -quelconques, car à cette époque les Arthurs n'existaient pas encore. -_Brûlez pour lui les parfums d'Arabie_, s'écriait la romance, _Oscar -s'avance, Oscar, je vais le voir!_ On sortait d'Ossian, l'élégance était -scandinave et calédonienne, le genre anglais pur ne devait prévaloir que -plus tard, et le premier des Arthurs, Wellington, venait à peine de -gagner la bataille de Waterloo. - -Ces Oscars s'appelaient l'un Félix Tholomyès, de Toulouse; l'autre -Listolier, de Cahors; l'autre Fameuil, de Limoges; le dernier -Blachevelle, de Montauban. Naturellement chacun avait sa maîtresse. -Blachevelle aimait Favourite, ainsi nommée parce qu'elle était allée en -Angleterre; Listolier adorait Dahlia, qui avait pris pour nom de guerre -un nom de fleur; Fameuil idolâtrait Zéphine, abrégé de Joséphine; -Tholomyès avait Fantine, dite la Blonde à cause de ses beaux cheveux -couleur de soleil. - -Favourite, Dahlia, Zéphine et Fantine étaient quatre ravissantes filles, -parfumées et radieuses, encore un peu ouvrières, n'ayant pas tout à fait -quitté leur aiguille, dérangées par les amourettes, mais ayant sur le -visage un reste de la sérénité du travail et dans l'âme cette fleur -d'honnêteté qui dans la femme survit à la première chute. Il y avait une -des quatre qu'on appelait la jeune, parce qu'elle était la cadette; et -une qu'on appelait la vieille. La vieille avait vingt-trois ans. Pour ne -rien celer, les trois premières étaient plus expérimentées, plus -insouciantes et plus envolées dans le bruit de la vie que Fantine la -Blonde, qui en était à sa première illusion. - -Dahlia, Zéphine, et surtout Favourite, n'en auraient pu dire autant. Il -y avait déjà plus d'un épisode à leur roman à peine commencé, et -l'amoureux, qui s'appelait Adolphe au premier chapitre, se trouvait être -Alphonse au second, et Gustave au troisième. Pauvreté et coquetterie -sont deux conseillères fatales, l'une gronde, l'autre flatte; et les -belles filles du peuple les ont toutes les deux qui leur parlent bas à -l'oreille, chacune de son côté. Ces âmes mal gardées écoutent. De là les -chutes qu'elles font et les pierres qu'on leur jette. On les accable -avec la splendeur de tout ce qui est immaculé et inaccessible. Hélas! si -la _Yungfrau_ avait faim? - -Favourite, ayant été en Angleterre, avait pour admiratrices Zéphine et -Dahlia. Elle avait eu de très bonne heure un chez-soi. Son père était un -vieux professeur de mathématiques brutal et qui gasconnait; point marié, -courant le cachet malgré l'âge. Ce professeur, étant jeune, avait vu un -jour la robe d'une femme de chambre s'accrocher à un garde-cendre; il -était tombé amoureux de cet accident. Il en était résulté Favourite. -Elle rencontrait de temps en temps son père, qui la saluait. Un matin, -une vieille femme à l'air béguin était entrée chez elle et lui avait -dit: - ---Vous ne me connaissez pas, mademoiselle? - ---Non. - ---Je suis ta mère. - -Puis la vieille avait ouvert le buffet, bu et mangé, fait apporter un -matelas qu'elle avait, et s'était installée. Cette mère, grognon et -dévote, ne parlait jamais à Favourite, restait des heures sans souffler -mot, déjeunait, dînait et soupait comme quatre, et descendait faire -salon chez le portier, où elle disait du mal de sa fille. - -Ce qui avait entraîné Dahlia vers Listolier, vers d'autres peut-être, -vers l'oisiveté, c'était d'avoir de trop jolis ongles roses. Comment -faire travailler ces ongles-là? Qui veut rester vertueuse ne doit pas -avoir pitié de ses mains. Quant à Zéphine, elle avait conquis Fameuil -par sa petite manière mutine et caressante de dire: «Oui, monsieur». - -Les jeunes gens étant camarades, les jeunes filles étaient amies. Ces -amours-là sont toujours doublés de ces amitiés-là. - -Sage et philosophe, c'est deux; et ce qui le prouve, c'est que, toutes -réserves faites sur ces petits ménages irréguliers, Favourite, Zéphine -et Dahlia étaient des filles philosophes, et Fantine une fille sage. - -Sage, dira-t-on? et Tholomyès? Salomon répondrait que l'amour fait -partie de la sagesse. Nous nous bornons à dire que l'amour de Fantine -était un premier amour, un amour unique, un amour fidèle. - -Elle était la seule des quatre qui ne fût tutoyée que par un seul. - -Fantine était un de ces êtres comme il en éclôt, pour ainsi dire, au -fond du peuple. Sortie des plus insondables épaisseurs de l'ombre -sociale, elle avait au front le signe de l'anonyme et de l'inconnu. Elle -était née à Montreuil-sur-mer. De quels parents? Qui pourrait le dire? -On ne lui avait jamais connu ni père ni mère. Elle se nommait Fantine. -Pourquoi Fantine? On ne lui avait jamais connu d'autre nom. À l'époque -de sa naissance, le Directoire existait encore. Point de nom de famille, -elle n'avait pas de famille; point de nom de baptême, l'église n'était -plus là. Elle s'appela comme il plut au premier passant qui la rencontra -toute petite, allant pieds nus dans la rue. Elle reçut un nom comme elle -recevait l'eau des nuées sur son front quand il pleuvait. On l'appela la -petite Fantine. Personne n'en savait davantage. Cette créature humaine -était venue dans la vie comme cela. À dix ans, Fantine quitta la ville -et s'alla mettre en service chez des fermiers des environs. À quinze -ans, elle vint à Paris "chercher fortune". Fantine était belle et resta -pure le plus longtemps qu'elle put. C'était une jolie blonde avec de -belles dents. Elle avait de l'or et des perles pour dot, mais son or -était sur sa tête et ses perles étaient dans sa bouche. - -Elle travailla pour vivre; puis, toujours pour vivre, car le coeur a sa -faim aussi, elle aima. - -Elle aima Tholomyès. - -Amourette pour lui, passion pour elle. Les rues du quartier latin, -qu'emplit le fourmillement des étudiants et des grisettes, virent le -commencement de ce songe. Fantine, dans ces dédales de la colline du -Panthéon, où tant d'aventures se nouent et se dénouent, avait fui -longtemps Tholomyès, mais de façon à le rencontrer toujours. Il y a une -manière d'éviter qui ressemble à chercher. Bref, l'églogue eut lieu. - -Blachevelle, Listolier et Fameuil formaient une sorte de groupe dont -Tholomyès était la tête. C'était lui qui avait l'esprit. - -Tholomyès était l'antique étudiant vieux; il était riche; il avait -quatre mille francs de rente; quatre mille francs de rente, splendide -scandale sur la montagne Sainte-Geneviève. Tholomyès était un viveur de -trente ans, mal conservé. Il était ridé et édenté; et il ébauchait une -calvitie dont il disait lui-même sans tristesse: _crâne à trente ans, -genou à quarante_. Il digérait médiocrement, et il lui était venu un -larmoiement à un oeil. Mais à mesure que sa jeunesse s'éteignait, il -allumait sa gaîté; il remplaçait ses dents par des lazzis, ses cheveux -par la joie, sa santé par l'ironie, et son oeil qui pleurait riait sans -cesse. Il était délabré, mais tout en fleurs. Sa jeunesse, pliant bagage -bien avant l'âge, battait en retraite en bon ordre, éclatait de rire, et -l'on n'y voyait que du feu. Il avait eu une pièce refusée au Vaudeville. -Il faisait çà et là des vers quelconques. En outre, il doutait -supérieurement de toute chose, grande force aux yeux des faibles. Donc, -étant ironique et chauve, il était le chef. _Iron_ est un mot anglais -qui veut dire fer. Serait-ce de là que viendrait ironie? - -Un jour Tholomyès prit à part les trois autres, fît un geste d'oracle, -et leur dit: - ---Il y a bientôt un an que Fantine, Dahlia, Zéphine et Favourite nous -demandent de leur faire une surprise. Nous la leur avons promise -solennellement. Elles nous en parlent toujours, à moi surtout. De même -qu'à Naples les vieilles femmes crient à saint Janvier: _Faccia -gialluta, fa o miracolo_. Face jaune, fais ton miracle! nos belles me -disent sans cesse: «Tholomyès, quand accoucheras-tu de ta surprise?» En -même temps nos parents nous écrivent. Scie des deux côtés. Le moment me -semble venu. Causons. - -Sur ce, Tholomyès baissa la voix, et articula mystérieusement quelque -chose de si gai qu'un vaste et enthousiaste ricanement sortit des quatre -bouches à la fois et que Blachevelle s'écria: - ---Ça, c'est une idée! - -Un estaminet plein de fumée se présenta, ils y entrèrent, et le reste de -leur conférence se perdit dans l'ombre. - -Le résultat de ces ténèbres fut une éblouissante partie de plaisir qui -eut lieu le dimanche suivant, les quatre jeunes gens invitant les quatre -jeunes filles. - - - - -Chapitre III - -Quatre à quatre - - -Ce qu'était une partie de campagne d'étudiants et de grisettes, il y a -quarante-cinq ans, on se le représente malaisément aujourd'hui. Paris -n'a plus les mêmes environs; la figure de ce qu'on pourrait appeler la -vie circumparisienne a complètement changé depuis un demi-siècle; où il -y avait le coucou, il y a le wagon; où il y avait la patache, il y a le -bateau à vapeur; on dit aujourd'hui Fécamp comme on disait Saint-Cloud. -Le Paris de 1862 est une ville qui a la France pour banlieue. - -Les quatre couples accomplirent consciencieusement toutes les folies -champêtres possibles alors. On entrait dans les vacances, et c'était une -chaude et claire journée d'été. La veille, Favourite, la seule qui sût -écrire, avait écrit ceci à Tholomyès au nom des quatre: «C'est un bonne -heure de sortir de bonheur.» C'est pourquoi ils se levèrent à cinq -heures du matin. Puis ils allèrent à Saint-Cloud par le coche, -regardèrent la cascade à sec, et s'écrièrent: «Cela doit être bien beau -quand il y a de l'eau!» déjeunèrent à la _Tête-Noire_, où Castaing -n'avait pas encore passé, se payèrent une partie de bagues au quinconce -du grand bassin, montèrent à la lanterne de Diogène, jouèrent des -macarons à la roulette du pont de Sèvres, cueillirent des bouquets à -Puteaux, achetèrent des mirlitons à Neuilly, mangèrent partout des -chaussons de pommes, furent parfaitement heureux. - -Les jeunes filles bruissaient et bavardaient comme des fauvettes -échappées. C'était un délire. Elles donnaient par moments de petites -tapes aux jeunes gens. Ivresse matinale de la vie! Adorables années! -L'aile des libellules frissonne. Oh! qui que vous soyez, vous -souvenez-vous? Avez-vous marché dans les broussailles, en écartant les -branches à cause de la tête charmante qui vient derrière vous? Avez-vous -glissé en riant sur quelque talus mouillé par la pluie avec une femme -aimée qui vous retient par la main et qui s'écrie: «Ah! mes brodequins -tout neufs! dans quel état ils sont!» - -Disons tout de suite que cette joyeuse contrariété, une ondée, manqua à -cette compagnie de belle humeur, quoique Favourite eût dit en partant, -avec un accent magistral et maternel: _Les limaces se promènent dans les -sentiers. Signe de pluie, mes enfants_. - -Toutes quatre étaient follement jolies. Un bon vieux poète classique, -alors en renom, un bonhomme qui avait une Éléonore, M. le chevalier de -Labouïsse, errant ce jour-là sous les marronniers de Saint-Cloud, les -vit passer vers dix heures du matin; il s'écria: _Il y en a une de -trop_, songeant aux Grâces. Favourite, l'amie de Blachevelle, celle de -vingt-trois ans, la vieille, courait en avant sous les grandes branches -vertes, sautait les fossés, enjambait éperdument les buissons, et -présidait cette gaîté avec une verve de jeune faunesse. Zéphine et -Dahlia, que le hasard avait faites belles de façon qu'elles se faisaient -valoir en se rapprochant et se complétaient, ne se quittaient point, par -instinct de coquetterie plus encore que par amitié, et, appuyées l'une à -l'autre, prenaient des poses anglaises; les premiers _keepsakes_ -venaient de paraître, la mélancolie pointait pour les femmes, comme, -plus tard, le byronisme pour les hommes, et les cheveux du sexe tendre -commençaient à s'éplorer. Zéphine et Dahlia étaient coiffées en -rouleaux. Listolier et Fameuil, engagés dans une discussion sur leurs -professeurs, expliquaient à Fantine la différence qu'il y avait entre M. -Delvincourt et M. Blondeau. - -Blachevelle semblait avoir été créé expressément pour porter sur son -bras le dimanche le châle-ternaux boiteux de Favourite. - -Tholomyès suivait, dominant le groupe. Il était très gai, mais on -sentait en lui le gouvernement; il y avait de la dictature dans sa -jovialité; son ornement principal était un pantalon jambes-d'éléphant, -en nankin, avec sous-pieds de tresse de cuivre; il avait un puissant -rotin de deux cents francs à la main, et, comme il se permettait tout, -une chose étrange appelée cigare, à la bouche. Rien n'étant sacré pour -lui, il fumait. - ---Ce Tholomyès est étonnant, disaient les autres avec vénération. Quels -pantalons! quelle énergie! - -Quant à Fantine, c'était la joie. Ses dents splendides avaient -évidemment reçu de Dieu une fonction, le rire. Elle portait à sa main -plus volontiers que sur sa tête son petit chapeau de paille cousue, aux -longues brides blanches. Ses épais cheveux blonds, enclins à flotter et -facilement dénoués et qu'il fallait rattacher sans cesse, semblaient -faits pour la fuite de Galatée sous les saules. Ses lèvres roses -babillaient avec enchantement. Les coins de sa bouche voluptueusement -relevés, comme aux mascarons antiques d'Érigone, avaient l'air -d'encourager les audaces; mais ses longs cils pleins d'ombre -s'abaissaient discrètement sur ce brouhaha du bas du visage comme pour -mettre le holà. Toute sa toilette avait on ne sait quoi de chantant et -de flambant. Elle avait une robe de barège mauve, de petits -souliers-cothurnes mordorés dont les rubans traçaient des X sur son fin -bas blanc à jour, et cette espèce de spencer en mousseline, invention -marseillaise, dont le nom, canezou, corruption du mot _quinze août_ -prononcé à la Canebière, signifie beau temps, chaleur et midi. Les trois -autres, moins timides, nous l'avons dit, étaient décolletées tout net, -ce qui, l'été, sous des chapeaux couverts de fleurs, a beaucoup de grâce -et d'agacerie; mais, à côté de ces ajustements hardis, le canezou de la -blonde Fantine, avec ses transparences, ses indiscrétions et ses -réticences, cachant et montrant à la fois, semblait une trouvaille -provocante de la décence, et la fameuse cour d'amour, présidée par la -vicomtesse de Cette aux yeux vert de mer, eût peut-être donné le prix de -la coquetterie à ce canezou qui concourait pour la chasteté. Le plus -naïf est quelquefois le plus savant. Cela arrive. - -Éclatante de face, délicate de profil, les yeux d'un bleu profond, les -paupières grasses, les pieds cambrés et petits, les poignets et les -chevilles admirablement emboîtés, la peau blanche laissant voir çà et là -les arborescences azurées des veines, la joue puérile et franche, le cou -robuste des Junons éginétiques, la nuque forte et souple, les épaules -modelées comme par Coustou, ayant au centre une voluptueuse fossette -visible à travers la mousseline; une gaîté glacée de rêverie; -sculpturale et exquise; telle était Fantine; et l'on devinait sous ces -chiffons une statue, et dans cette statue une âme. - -Fantine était belle, sans trop le savoir. Les rares songeurs, prêtres -mystérieux du beau, qui confrontent silencieusement toute chose à la -perfection, eussent entrevu en cette petite ouvrière, à travers la -transparence de la grâce parisienne, l'antique euphonie sacrée. Cette -fille de l'ombre avait de la race. Elle était belle sous les deux -espèces, qui sont le style et le rythme. Le style est la forme de -l'idéal; le rythme en est le mouvement. - -Nous avons dit que Fantine était la joie, Fantine était aussi la pudeur. - -Pour un observateur qui l'eût étudiée attentivement, ce qui se dégageait -d'elle, à travers toute cette ivresse de l'âge, de la saison et de -l'amourette, c'était une invincible expression de retenue et de -modestie. Elle restait un peu étonnée. Ce chaste étonnement-là est la -nuance qui sépare Psyché de Vénus. Fantine avait les longs doigts blancs -et fins de la vestale qui remue les cendres du feu sacré avec une -épingle d'or. Quoiqu'elle n'eût rien refusé, on ne le verra que trop, à -Tholomyès, son visage, au repos, était souverainement virginal; une -sorte de dignité sérieuse et presque austère l'envahissait soudainement -à de certaines heures, et rien n'était singulier et troublant comme de -voir la gaîté s'y éteindre si vite et le recueillement y succéder sans -transition à l'épanouissement. Cette gravité subite, parfois sévèrement -accentuée, ressemblait au dédain d'une déesse. Son front, son nez et son -menton offraient cet équilibre de ligne, très distinct de l'équilibre de -proportion, et d'où résulte l'harmonie du visage; dans l'intervalle si -caractéristique qui sépare la base du nez de la lèvre supérieure, elle -avait ce pli imperceptible et charmant, signe mystérieux de la chasteté -qui rendit Barberousse amoureux d'une Diane trouvée dans les fouilles -d'Icône. - -L'amour est une faute; soit. Fantine était l'innocence surnageant sur la -faute. - - - - -Chapitre IV - -Tholomyès est si joyeux qu'il chante une chanson espagnole - - -Cette journée-là était d'un bout à l'autre faite d'aurore. Toute la -nature semblait avoir congé, et rire. Les parterres de Saint-Cloud -embaumaient; le souffle de la Seine remuait vaguement les feuilles; -les branches gesticulaient dans le vent; les abeilles mettaient les -jasmins au pillage; toute une bohème de papillons s'ébattait dans les -achillées, les trèfles et les folles avoines; il y avait dans l'auguste -parc du roi de France un tas de vagabonds, les oiseaux. - -Les quatre joyeux couples, mêlés au soleil, aux champs, aux fleurs, aux -arbres, resplendissaient. - -Et, dans cette communauté de paradis, parlant, chantant, courant, -dansant, chassant aux papillons, cueillant des liserons, mouillant leurs -bas à jour roses dans les hautes herbes, fraîches, folles, point -méchantes, toutes recevaient un peu çà et là les baisers de tous, -excepté Fantine, enfermée dans sa vague résistance rêveuse et farouche, -et qui aimait. - ---Toi, lui disait Favourite, tu as toujours l'air chose. - -Ce sont là les joies. Ces passages de couples heureux sont un appel -profond à la vie et à la nature, et font sortir de tout la caresse et la -lumière. Il y avait une fois une fée qui fit les prairies et les arbres -exprès pour les amoureux. De là cette éternelle école buissonnière des -amants qui recommence sans cesse et qui durera tant qu'il y aura des -buissons et des écoliers. De là la popularité du printemps parmi les -penseurs. Le patricien et le gagne-petit, le duc et pair et le robin, -les gens de la cour et les gens de la ville, comme on parlait autrefois, -tous sont sujets de cette fée. On rit, on se cherche, il y a dans l'air -une clarté d'apothéose, quelle transfiguration que d'aimer! Les clercs -de notaire sont des dieux. Et les petits cris, les poursuites dans -l'herbe, les tailles prises au vol, ces jargons qui sont des mélodies, -ces adorations qui éclatent dans la façon de dire une syllabe, ces -cerises arrachées d'une bouche à l'autre, tout cela flamboie et passe -dans des gloires célestes. Les belles filles font un doux gaspillage -d'elles-mêmes. On croit que cela ne finira jamais. Les philosophes, les -poètes, les peintres regardent ces extases et ne savent qu'en faire, -tant cela les éblouit. Le départ pour Cythère! s'écrie Watteau; Lancret, -le peintre de la roture, contemple ses bourgeois envolés dans le bleu; -Diderot tend les bras à toutes ces amourettes, et d'Urfé y mêle des -druides. - -Après le déjeuner les quatre couples étaient allés voir, dans ce qu'on -appelait alors le carré du roi, une plante nouvellement arrivée de -l'Inde, dont le nom nous échappe en ce moment, et qui à cette époque -attirait tout Paris à Saint-Cloud; c'était un bizarre et charmant -arbrisseau haut sur tige, dont les innombrables branches fines comme des -fils, ébouriffées, sans feuilles, étaient couvertes d'un million de -petites rosettes blanches; ce qui faisait que l'arbuste avait l'air -d'une chevelure pouilleuse de fleurs. Il y avait toujours foule à -l'admirer. - -L'arbuste vu, Tholomyès s'était écrié: «J'offre des ânes!» et, prix fait -avec un ânier, ils étaient revenus par Vanves et Issy. À Issy, incident. -Le parc, Bien National possédé à cette époque par le munitionnaire -Bourguin, était d'aventure tout grand ouvert. Ils avaient franchi la -grille, visité l'anachorète mannequin dans sa grotte, essayé les petits -effets mystérieux du fameux cabinet des miroirs, lascif traquenard digne -d'un satyre devenu millionnaire ou de Turcaret métamorphosé en Priape. -Ils avaient robustement secoué le grand filet balançoire attaché aux -deux châtaigniers célébrés par l'abbé de Bernis. Tout en y balançant ces -belles l'une après l'autre, ce qui faisait, parmi les rires universels, -des plis de jupe envolée où Greuze eût trouvé son compte, le toulousain -Tholomyès, quelque peu espagnol, Toulouse est cousine de Tolosa, -chantait, sur une mélopée mélancolique, la vieille chanson _gallega_ -probablement inspirée par quelque belle fille lancée à toute volée sur -une corde entre deux arbres: - - _Soy de Badajoz._ - _Amor me llama._ - _Toda mi alma_ - _Es en mi ojos_ - _Porque enseñas_ - _À tus piernas._ - -Fantine seule refusa de se balancer. - ---Je n'aime pas qu'on ait du genre comme ça, murmura assez aigrement -Favourite. - -Les ânes quittés, joie nouvelle; on passa la Seine en bateau, et de -Passy, à pied, ils gagnèrent la barrière de l'Étoile. Ils étaient, on -s'en souvient, debout depuis cinq heures du matin; mais, bah! _il n'y a -pas de lassitude le dimanche_, disait Favourite; _le dimanche, la -fatigue ne travaille pas_. Vers trois heures les quatre couples, effarés -de bonheur, dégringolaient aux montagnes russes, édifice singulier qui -occupait alors les hauteurs Beaujon et dont on apercevait la ligne -serpentante au-dessus des arbres des Champs-Élysées. - -De temps en temps Favourite s'écriait: - ---Et la surprise? je demande la surprise. - ---Patience, répondait Tholomyès. - - - - -Chapitre V - -Chez Bombarda - - -Les montagnes russes épuisées, on avait songé au dîner; et le radieux -huitain, enfin un peu las, s'était échoué au cabaret Bombarda, -succursale qu'avait établie aux Champs-Élysées ce fameux restaurateur -Bombarda, dont on voyait alors l'enseigne rue de Rivoli à côté du -passage Delorme. - -Une chambre grande, mais laide, avec alcôve et lit au fond (vu la -plénitude du cabaret le dimanche, il avait fallu accepter ce gîte); deux -fenêtres d'où l'on pouvait contempler, à travers les ormes, le quai et -la rivière; un magnifique rayon d'août effleurant les fenêtres; deux -tables; sur l'une une triomphante montagne de bouquets mêlés à des -chapeaux d'hommes et de femmes; à l'autre les quatre couples attablés -autour d'un joyeux encombrement de plats, d'assiettes, de verres et de -bouteilles; des cruchons de bière mêlés à des flacons de vin; peu -d'ordre sur la table, quelque désordre dessous; - - _Ils faisaient sous la table_ - _Un bruit, un trique-trac de pieds épouvantable_ - -dit Molière. - -Voilà où en était vers quatre heures et demie du soir la bergerade -commencée à cinq heures du matin. Le soleil déclinait, l'appétit -s'éteignait. - -Les Champs-Élysées, pleins de soleil et de foule, n'étaient que lumière -et poussière, deux choses dont se compose la gloire. Les chevaux de -Marly, ces marbres hennissants, se cabraient dans un nuage d'or. Les -carrosses allaient et venaient. Un escadron de magnifiques gardes du -corps, clairon en tête, descendait l'avenue de Neuilly; le drapeau -blanc, vaguement rose au soleil couchant, flottait sur le dôme des -Tuileries. La place de la Concorde, redevenue alors place Louis XV, -regorgeait de promeneurs contents. Beaucoup portaient la fleur de lys -d'argent suspendue au ruban blanc moiré qui, en 1817, n'avait pas encore -tout à fait disparu des boutonnières. Çà et là au milieu des passants -faisant cercle et applaudissant, des rondes de petites filles jetaient -au vent une bourrée bourbonienne alors célèbre, destinée à foudroyer les -Cent-Jours, et qui avait pour ritournelle: - - _Rendez-nous notre père de Gand,_ - _Rendez-nous notre père._ - -Des tas de faubouriens endimanchés, parfois même fleurdelysés comme les -bourgeois, épars dans le grand carré et dans le carré Marigny, jouaient -aux bagues et tournaient sur les chevaux de bois; d'autres buvaient; -quelques-uns, apprentis imprimeurs, avaient des bonnets de papier; on -entendait leurs rires. Tout était radieux. C'était un temps de paix -incontestable et de profonde sécurité royaliste; c'était l'époque où un -rapport intime et spécial du préfet de police Anglès au roi sur les -faubourgs de Paris se terminait par ces lignes: «Tout bien considéré, -sire, il n'y a rien à craindre de ces gens-là. Ils sont insouciants et -indolents comme des chats. Le bas peuple des provinces est remuant, -celui de Paris ne l'est pas. Ce sont tous petits hommes. Sire, il en -faudrait deux bout à bout pour faire un de vos grenadiers. Il n'y a -point de crainte du côté de la populace de la capitale. Il est -remarquable que la taille a encore décru dans cette population depuis -cinquante ans; et le peuple des faubourgs de Paris est plus petit -qu'avant la révolution. Il n'est point dangereux. En somme, c'est de la -canaille bonne.» - -Qu'un chat puisse se changer en lion, les préfets de police ne le -croient pas possible; cela est pourtant, et c'est là le miracle du -peuple de Paris. Le chat d'ailleurs, si méprisé du comte Anglès, avait -l'estime des républiques antiques; il incarnait à leurs yeux la liberté, -et, comme pour servir de pendant à la Minerve aptère du Pirée, il y -avait sur la place publique de Corinthe le colosse de bronze d'un chat. -La police naïve de la restauration voyait trop «en beau» le peuple de -Paris. Ce n'est point, autant qu'on le croit, de la «canaille bonne». Le -Parisien est au Français ce que l'Athénien était au Grec; personne ne -dort mieux que lui, personne n'est plus franchement frivole et paresseux -que lui, personne mieux que lui n'a l'air d'oublier; qu'on ne s'y fie -pas pourtant; il est propre à toute sorte de nonchalance, mais, quand il -y a de la gloire au bout, il est admirable à toute espèce de furie. -Donnez-lui une pique, il fera le 10 août; donnez-lui un fusil, vous -aurez Austerlitz. Il est le point d'appui de Napoléon et la ressource de -Danton. S'agit-il de la patrie? il s'enrôle; s'agit-il de la liberté? il -dépave. Gare! ses cheveux pleins de colère sont épiques; sa blouse se -drape en chlamyde. Prenez garde. De la première rue Greneta venue, il -fera des fourches caudines. Si l'heure sonne, ce faubourien va grandir, -ce petit homme va se lever, et il regardera d'une façon terrible, et son -souffle deviendra tempête, et il sortira de cette pauvre poitrine grêle -assez de vent pour déranger les plis des Alpes. C'est grâce au -faubourien de Paris que la révolution, mêlée aux armées, conquiert -l'Europe. Il chante, c'est sa joie. Proportionnez sa chanson à sa -nature, et vous verrez! Tant qu'il n'a pour refrain que la Carmagnole, -il ne renverse que Louis XVI; faites-lui chanter la Marseillaise, il -délivrera le monde. - -Cette note écrite en marge du rapport Anglès, nous revenons à nos quatre -couples. Le dîner, comme nous l'avons dit, s'achevait. - - - - -Chapitre VI - -Chapitre où l'on s'adore - - -Propos de table et propos d'amour; les uns sont aussi insaisissables que -les autres; les propos d'amour sont des nuées, les propos de table sont -des fumées. - -Fameuil et Dahlia fredonnaient; Tholomyès buvait; Zéphine riait, Fantine -souriait. Listolier soufflait dans une trompette de bois achetée à -Saint-Cloud. Favourite regardait tendrement Blachevelle et disait: - ---Blachevelle, je t'adore. - -Ceci amena une question de Blachevelle: - ---Qu'est-ce que tu ferais, Favourite, si je cessais de t'aimer? - ---Moi! s'écria Favourite. Ah! ne dis pas cela, même pour rire! Si tu -cessais de m'aimer, je te sauterais après, je te grifferais, je te -gratignerais, je te jetterais de l'eau, je te ferais arrêter. - -Blachevelle sourit avec la fatuité voluptueuse d'un homme chatouillé à -l'amour-propre. Favourite reprit: - ---Oui, je crierais à la garde! Ah! je me gênerais par exemple! Canaille! - -Blachevelle, extasié, se renversa sur sa chaise et ferma -orgueilleusement les deux yeux. - -Dahlia, tout en mangeant, dit bas à Favourite dans le brouhaha: - ---Tu l'idolâtres donc bien, ton Blachevelle? - ---Moi, je le déteste, répondit Favourite du même ton en ressaisissant sa -fourchette. Il est avare. J'aime le petit d'en face de chez moi. Il est -très bien, ce jeune homme-là, le connais-tu? On voit qu'il a le genre -d'être acteur. J'aime les acteurs. Sitôt qu'il rentre, sa mère dit: «Ah! -mon Dieu! ma tranquillité est perdue. Le voilà qui va crier. Mais, mon -ami, tu me casses la tête!» Parce qu'il va dans la maison, dans des -greniers à rats, dans des trous noirs, si haut qu'il peut monter,--et -chanter, et déclamer, est-ce que je sais, moi? qu'on l'entend d'en bas! -Il gagne déjà vingt sous par jour chez un avoué à écrire de la chicane. -Il est fils d'un ancien chantre de Saint-Jacques-du-Haut-Pas. Ah! il est -très bien. Il m'idolâtre tant qu'un jour qu'il me voyait faire de la -pâte pour des crêpes, il m'a dit: _Mamselle, faites des beignets de vos -gants et je les mangerai_. Il n'y a que les artistes pour dire des -choses comme ça. Ah! il est très bien. Je suis en train d'être insensée -de ce petit-là. C'est égal, je dis à Blachevelle que je l'adore. Comme -je mens! Hein? comme je mens! - -Favourite fit une pause, et continua: - ---Dahlia, vois-tu, je suis triste. Il n'a fait que pleuvoir tout l'été, -le vent m'agace, le vent ne décolère pas, Blachevelle est très pingre, -c'est à peine s'il y a des petits pois au marché, on ne sait que manger, -j'ai le spleen, comme disent les Anglais, le beurre est si cher! et -puis, vois, c'est une horreur, nous dînons dans un endroit où il y a un -lit, ça me dégoûte de la vie. - - - - -Chapitre VII - -Sagesse de Tholomyès - - -Cependant, tandis que quelques-uns chantaient, les autres causaient -tumultueusement, et tous ensemble; ce n'était plus que du bruit. -Tholomyès intervint: - ---Ne parlons point au hasard ni trop vite, s'écria-t-il. Méditons si -nous voulons être éblouissants. Trop d'improvisation vide bêtement -l'esprit. Bière qui coule n'amasse point de mousse. Messieurs, pas de -hâte. Mêlons la majesté à la ripaille; mangeons avec recueillement; -festinons lentement. Ne nous pressons pas. Voyez le printemps; s'il se -dépêche, il est flambé, c'est-à-dire gelé. L'excès de zèle perd les -pêchers et les abricotiers. L'excès de zèle tue la grâce et la joie des -bons dîners. Pas de zèle, messieurs! Grimod de la Reynière est de l'avis -de Talleyrand. - -Une sourde rébellion gronda dans le groupe. - ---Tholomyès, laisse-nous tranquilles, dit Blachevelle. - ---À bas le tyran! dit Fameuil. - ---Bombarda, Bombance et Bamboche! cria Listolier. - ---Le dimanche existe, reprit Fameuil. - ---Nous sommes sobres, ajouta Listolier. - ---Tholomyès, fit Blachevelle, contemple mon calme. - ---Tu en es le marquis, répondit Tholomyès. - -Ce médiocre jeu de mots fit l'effet d'une pierre dans une mare. Le -marquis de Montcalm était un royaliste alors célèbre. Toutes les -grenouilles se turent. - ---Amis, s'écria Tholomyès, de l'accent d'un homme qui ressaisit -l'empire, remettez-vous. Il ne faut pas que trop de stupeur accueille ce -calembour tombé du ciel. Tout ce qui tombe de la sorte n'est pas -nécessairement digne d'enthousiasme et de respect. Le calembour est la -fiente de l'esprit qui vole. Le lazzi tombe n'importe où; et l'esprit, -après la ponte d'une bêtise, s'enfonce dans l'azur. Une tache blanchâtre -qui s'aplatit sur le rocher n'empêche pas le condor de planer. Loin de -moi l'insulte au calembour! Je l'honore dans la proportion de ses -mérites; rien de plus. Tout ce qu'il y a de plus auguste, de plus -sublime et de plus charmant dans l'humanité, et peut-être hors de -l'humanité, a fait des jeux de mots. Jésus-Christ a fait un calembour -sur saint Pierre, Moïse sur Isaac, Eschyle sur Polynice, Cléopâtre sur -Octave. Et notez que ce calembour de Cléopâtre a précédé la bataille -d'Actium, et que, sans lui, personne ne se souviendrait de la ville de -Toryne, nom grec qui signifie cuiller à pot. Cela concédé, je reviens à -mon exhortation. Mes frères, je le répète, pas de zèle, pas de -tohu-bohu, pas d'excès, même en pointes, gaîtés, liesses et jeux de -mots. Écoutez-moi, j'ai la prudence d'Amphiaraüs et la calvitie de -César. Il faut une limite, même aux rébus. _Est modus in rebus_. Il faut -une limite, même aux dîners. Vous aimez les chaussons aux pommes, -mesdames, n'en abusez pas. Il faut, même en chaussons, du bon sens et de -l'art. La gloutonnerie châtie le glouton. Gula punit Gulax. -L'indigestion est chargée par le bon Dieu de faire de la morale aux -estomacs. Et, retenez ceci: chacune de nos passions, même l'amour, a un -estomac qu'il ne faut pas trop remplir. En toute chose il faut écrire à -temps le mot _finis_, il faut se contenir, quand cela devient urgent, -tirer le verrou sur son appétit, mettre au violon sa fantaisie et se -mener soi-même au poste. Le sage est celui qui sait à un moment donné -opérer sa propre arrestation. Ayez quelque confiance en moi. Parce que -j'ai fait un peu mon droit, à ce que me disent mes examens, parce que je -sais la différence qu'il y a entre la question mue et la question -pendante, parce que j'ai soutenu une thèse en latin sur la manière dont -on donnait la torture à Rome au temps où Munatius Demens était questeur -du Parricide, parce que je vais être docteur, à ce qu'il paraît, il ne -s'ensuit pas de toute nécessité que je sois un imbécile. Je vous -recommande la modération dans vos désirs. Vrai comme je m'appelle Félix -Tholomyès, je parle bien. Heureux celui qui, lorsque l'heure a sonné, -prend un parti héroïque, et abdique comme Sylla, ou Origène! - -Favourite écoutait avec une attention profonde. - ---Félix! dit-elle, quel joli mot! j'aime ce nom-là. C'est en latin. Ça -veut dire Prosper. - -Tholomyès poursuivit: - ---Quirites, gentlemen, Caballeros, mes amis! voulez-vous ne sentir aucun -aiguillon et vous passer de lit nuptial et braver l'amour? Rien de plus -simple. Voici la recette: la limonade, l'exercice outré, le travail -forcé, éreintez-vous, traînez des blocs, ne dormez pas, veillez, -gorgez-vous de boissons nitreuses et de tisanes de nymphaeas, savourez -des émulsions de pavots et d'agnuscastus, assaisonnez-moi cela d'une -diète sévère, crevez de faim, et joignez-y les bains froids, les -ceintures d'herbes, l'application d'une plaque de plomb, les lotions -avec la liqueur de Saturne et les fomentations avec l'oxycrat. - ---J'aime mieux une femme, dit Listolier. - ---La femme! reprit Tholomyès, méfiez-vous-en. Malheur à celui qui se -livre au coeur changeant de la femme! La femme est perfide et tortueuse. -Elle déteste le serpent par jalousie de métier. Le serpent, c'est la -boutique en face. - ---Tholomyès, cria Blachevelle, tu es ivre! - ---Pardieu! dit Tholomyès. - ---Alors sois gai, reprit Blachevelle. - -Et, remplissant son verre, il se leva: - ---Gloire au vin! _Nunc te, Bacche, canam_! Pardon, mesdemoiselles, c'est -de l'espagnol. Et la preuve, señoras, la voici: tel peuple, telle -futaille. L'arrobe de Castille contient seize litres, le cantaro -d'Alicante douze, l'almude des Canaries vingt-cinq, le cuartin des -Baléares vingt-six, la botte du czar Pierre trente. Vive ce czar qui -était grand, et vive sa botte qui était plus grande encore! Mesdames, un -conseil d'ami: trompez-vous de voisin, si bon vous semble. Le propre de -l'amour, c'est d'errer. L'amourette n'est pas faite pour s'accroupir et -s'abrutir comme une servante anglaise qui a le calus du scrobage aux -genoux. Elle n'est pas faite pour cela, elle erre gaîment, la douce -amourette! On a dit: l'erreur est humaine; moi je dis: l'erreur est -amoureuse. Mesdames, je vous idolâtre toutes. Ô Zéphine, ô Joséphine, -figure plus que chiffonnée, vous seriez charmante, si vous n'étiez de -travers. Vous avez l'air d'un joli visage sur lequel, par mégarde, on -s'est assis. Quant à Favourite, ô nymphes et muses! un jour que -Blachevelle passait le ruisseau de la rue Guérin-Boisseau, il vit une -belle fille aux bas blancs et bien tirés qui montrait ses jambes. Ce -prologue lui plut, et Blachevelle aima. Celle qu'il aima était -Favourite. Ô Favourite, tu as des lèvres ioniennes. Il y avait un -peintre grec, appelé Euphorion, qu'on avait surnommé le peintre des -lèvres. Ce Grec seul eût été digne de peindre ta bouche! Écoute! avant -toi, il n'y avait pas de créature digne de ce nom. Tu es faite pour -recevoir la pomme comme Vénus ou pour la manger comme Ève. La beauté -commence à toi. Je viens de parler d'Ève, c'est toi qui l'as créée. Tu -mérites le brevet d'invention de la jolie femme. Ô Favourite, je cesse -de vous tutoyer, parce que je passe de la poésie à la prose. Vous -parliez de mon nom tout à l'heure. Cela m'a attendri; mais, qui que nous -soyons, méfions-nous des noms. Ils peuvent se tromper. Je me nomme Félix -et ne suis pas heureux. Les mots sont des menteurs. N'acceptons pas -aveuglément les indications qu'ils nous donnent. Ce serait une erreur -d'écrire à Liège pour avoir des bouchons et à Pau pour avoir des gants. -Miss Dahlia, à votre place, je m'appellerais Rosa. Il faut que la fleur -sente bon et que la femme ait de l'esprit. Je ne dis rien de Fantine, -c'est une songeuse, une rêveuse, une pensive, une sensitive; c'est un -fantôme ayant la forme d'une nymphe et la pudeur d'une nonne, qui se -fourvoie dans la vie de grisette, mais qui se réfugie dans les -illusions, et qui chante, et qui prie, et qui regarde l'azur sans trop -savoir ce qu'elle voit ni ce qu'elle fait, et qui, les yeux au ciel, -erre dans un jardin où il y a plus d'oiseaux qu'il n'en existe! Ô -Fantine, sache ceci: moi Tholomyès, je suis une illusion; mais elle ne -m'entend même pas, la blonde fille des chimères! Du reste, tout en elle -est fraîcheur, suavité, jeunesse, douce clarté matinale. Ô Fantine, -fille digne de vous appeler marguerite ou perle, vous êtes une femme du -plus bel orient. Mesdames, un deuxième conseil: ne vous mariez point; le -mariage est une greffe; cela prend bien ou mal; fuyez ce risque. Mais, -bah! qu'est-ce que je chante là? Je perds mes paroles. Les filles sont -incurables sur l'épousaille; et tout ce que nous pouvons dire, nous -autres sages, n'empêchera point les giletières et les piqueuses de -bottines de rêver des maris enrichis de diamants. Enfin, soit; mais, -belles, retenez ceci: vous mangez trop de sucre. Vous n'avez qu'un tort, -ô femmes, c'est de grignoter du sucre. Ô sexe rongeur, tes jolies -petites dents blanches adorent le sucre. Or, écoutez bien, le sucre est -un sel. Tout sel est desséchant. Le sucre est le plus desséchant de tous -les sels. Il pompe à travers les veines les liquides du sang; de là la -coagulation, puis la solidification du sang; de là les tubercules dans -le poumon; de là la mort. Et c'est pourquoi le diabète confine à la -phthisie. Donc ne croquez pas de sucre, et vous vivrez! Je me tourne -vers les hommes. Messieurs, faites des conquêtes. Pillez-vous les uns -aux autres sans remords vos bien-aimées. Chassez-croisez. En amour, il -n'y a pas d'amis. Partout où il y a une jolie femme l'hostilité est -ouverte. Pas de quartier, guerre à outrance! Une jolie femme est un -casus belli; une jolie femme est un flagrant délit. Toutes les invasions -de l'histoire sont déterminées par des cotillons. La femme est le droit -de l'homme. Romulus a enlevé les Sabines, Guillaume a enlevé les -Saxonnes, César a enlevé les Romaines. L'homme qui n'est pas aimé plane -comme un vautour sur les amantes d'autrui; et quant à moi, à tous ces -infortunés qui sont veufs, je jette la proclamation sublime de Bonaparte -à l'armée d'Italie: «Soldats, vous manquez de tout. L'ennemi en a.» - -Tholomyès s'interrompit. - ---Souffle, Tholomyès, dit Blachevelle. - -En même temps, Blachevelle, appuyé de Listolier et de Fameuil, entonna -sur un air de complainte une de ces chansons d'atelier composées des -premiers mots venus, rimées richement et pas du tout, vides de sens -comme le geste de l'arbre et le bruit du vent, qui naissent de la vapeur -des pipes et se dissipent et s'envolent avec elle. Voici par quel -couplet le groupe donna la réplique à la harangue de Tholomyès: - -Les pères dindons donnèrent de l'argent à un agent pour que mons -Clermont-Tonnerre fût fait pape à la Saint-Jean; Mais Clermont ne put -pas être fait pape, n'étant pas prêtre. - -Alors leur agent rageant leur rapporta leur argent. - -Ceci n'était pas fait pour calmer l'improvisation de Tholomyès; il vida -son verre, le remplit, et recommença. - ---À bas la sagesse! oubliez tout ce que j'ai dit. Ne soyons ni prudes, -ni prudents, ni prud'hommes. Je porte un toast à l'allégresse; soyons -allègres! Complétons notre cours de droit par la folie et la nourriture. -Indigestion et digeste. Que Justinien soit le mâle et que Ripaille soit -la femelle! Joie dans les profondeurs! Vis, ô création! Le monde est un -gros diamant! Je suis heureux. Les oiseaux sont étonnants. Quelle fête -partout! Le rossignol est un Elleviou gratis. Été, je te salue. Ô -Luxembourg, ô Géorgiques de la rue Madame et de l'allée de -l'Observatoire! Ô pioupious rêveurs! ô toutes ces bonnes charmantes qui, -tout en gardant des enfants, s'amusent à en ébaucher! Les pampas de -l'Amérique me plairaient, si je n'avais les arcades de l'Odéon. Mon âme -s'envole dans les forêts vierges et dans les savanes. Tout est beau. Les -mouches bourdonnent dans les rayons. Le soleil a éternué le colibri. -Embrasse-moi, Fantine! - -Il se trompa, et embrassa Favourite. - - - - -Chapitre VIII - -Mort d'un cheval - - ---On dîne mieux chez Edon que chez Bombarda, s'écria Zéphine. - ---Je préfère Bombarda à Edon, déclara Blachevelle. Il a plus de luxe. -C'est plus asiatique. Voyez la salle d'en bas. Il y a des glaces sur les -murs. - ---J'en aime mieux dans mon assiette, dit Favourite. - -Blachevelle insista: - ---Regardez les couteaux. Les manches sont en argent chez Bombarda, et en -os chez Edon. Or, l'argent est plus précieux que l'os. - ---Excepté pour ceux qui ont un menton d'argent, observa Tholomyès. - -Il regardait en cet instant-là le dôme des Invalides, visible des -fenêtres de Bombarda. - -Il y eut une pause. - ---Tholomyès, cria Fameuil, tout à l'heure, Listolier et moi, nous avions -une discussion. - ---Une discussion est bonne, répondit Tholomyès, une querelle vaut mieux. - ---Nous disputions philosophie. - ---Soit. - ---Lequel préfères-tu de Descartes ou de Spinosa? - ---Désaugiers, dit Tholomyès. - -Cet arrêt rendu, il but et reprit: - ---Je consens à vivre. Tout n'est pas fini sur la terre, puisqu'on peut -encore déraisonner. J'en rends grâces aux dieux immortels. On ment, mais -on rit. On affirme, mais on doute. L'inattendu jaillit du syllogisme. -C'est beau. Il est encore ici-bas des humains qui savent joyeusement -ouvrir et fermer la boîte à surprises du paradoxe. Ceci, mesdames, que -vous buvez d'un air tranquille, est du vin de Madère, sachez-le, du cru -de Coural das Freiras qui est à trois cent dix-sept toises au-dessus du -niveau de la mer! Attention en buvant! trois cent dix-sept toises! et -monsieur Bombarda, le magnifique restaurateur, vous donne ces trois cent -dix-sept toises pour quatre francs cinquante centimes! - -Fameuil interrompit de nouveau: - ---Tholomyès, tes opinions font loi. Quel est ton auteur favori? - ---Ber.... - ---Quin? - ---Non. Choux. - -Et Tholomyès poursuivit: - ---Honneur à Bombarda! il égalerait Munophis d'Elephanta s'il pouvait me -cueillir une almée, et Thygélion de Chéronée s'il pouvait m'apporter une -hétaïre! car, ô mesdames, il y avait des Bombarda en Grèce et en Égypte. -C'est Apulée qui nous l'apprend. Hélas! toujours les mêmes choses et -rien de nouveau. Plus rien d'inédit dans la création du créateur! _Nil -sub sole novum_, dit Salomon; _amor omnibus idem_, dit Virgile; et -Carabine monte avec Carabin dans la galiote de Saint-Cloud, comme -Aspasie s'embarquait avec Périclès sur la flotte de Samos. Un dernier -mot. Savez-vous ce que c'était qu'Aspasie, mesdames? Quoiqu'elle vécût -dans un temps où les femmes n'avaient pas encore d'âme, c'était une âme; -une âme d'une nuance rose et pourpre, plus embrasée que le feu, plus -franche que l'aurore. Aspasie était une créature en qui se touchaient -les deux extrêmes de la femme; c'était la prostituée déesse. Socrate, -plus Manon Lescaut. Aspasie fut créée pour le cas où il faudrait une -catin à Prométhée. - -Tholomyès, lancé, se serait difficilement arrêté, si un cheval ne se fût -abattu sur le quai en cet instant-là même. Du choc, la charrette et -l'orateur restèrent court. C'était une jument beauceronne, vieille et -maigre et digne de l'équarrisseur, qui traînait une charrette fort -lourde. Parvenue devant Bombarda, la bête, épuisée et accablée, avait -refusé d'aller plus loin. Cet incident avait fait de la foule. À peine -le charretier, jurant et indigné, avait-il eu le temps de prononcer avec -l'énergie convenable le mot sacramentel: _mâtin_! appuyé d'un implacable -coup de fouet, que la haridelle était tombée pour ne plus se relever. Au -brouhaha des passants, les gais auditeurs de Tholomyès tournèrent la -tête, et Tholomyès en profita pour clore son allocution par cette -strophe mélancolique: - - _Elle était de ce monde où coucous et carrosses_ - _Ont le même destin,_ - _Et, rosse, elle a vécu ce que vivent les rosses,_ - _L'espace d'un: mâtin!_ - ---Pauvre cheval, soupira Fantine. - -Et Dahlia s'écria: - ---Voilà Fantine qui va se mettre à plaindre les chevaux! Peut-on être -fichue bête comme ça! - -En ce moment, Favourite, croisant les bras et renversant la tête en -arrière, regarda résolûment Tholomyès et dit: - ---Ah çà! et la surprise? - ---Justement. L'instant est arrivé, répondit Tholomyès. Messieurs, -l'heure de la surprise a sonné. Mesdames, attendez-nous un moment. - ---Cela commence par un baiser, dit Blachevelle. - ---Sur le front, ajouta Tholomyès. - -Chacun déposa gravement un baiser sur le front de sa maîtresse; puis ils -se dirigèrent vers la porte tous les quatre à la file, en mettant leur -doigt sur la bouche. - -Favourite battit des mains à leur sortie. - ---C'est déjà amusant, dit-elle. - ---Ne soyez pas trop longtemps, murmura Fantine. Nous vous attendons. - - - - -Chapitre IX - -Fin joyeuse de la joie - - -Les jeunes filles, restées seules, s'accoudèrent deux à deux sur l'appui -des fenêtres, jasant, penchant leur tête et se parlant d'une croisée à -l'autre. - -Elles virent les jeunes gens sortir du cabaret Bombarda bras dessus bras -dessous; ils se retournèrent, leur firent des signes en riant, et -disparurent dans cette poudreuse cohue du dimanche qui envahit -hebdomadairement les Champs-Élysées. - ---Ne soyez pas longtemps! cria Fantine. - ---Que vont-ils nous rapporter? dit Zéphine. - ---Pour sûr ce sera joli, dit Dahlia. - ---Moi, reprit Favourite, je veux que ce soit en or. - -Elles furent bientôt distraites par le mouvement du bord de l'eau -qu'elles distinguaient dans les branches des grands arbres et qui les -divertissait fort. C'était l'heure du départ des malles-poste et des -diligences. Presque toutes les messageries du midi et de l'ouest -passaient alors par les Champs-Élysées. La plupart suivaient le quai et -sortaient par la barrière de Passy. De minute en minute, quelque grosse -voiture peinte en jaune et en noir, pesamment chargée, bruyamment -attelée, difforme à force de malles, de bâches et de valises, pleine de -têtes tout de suite disparues, broyant la chaussée, changeant tous les -pavés en briquets, se ruait à travers la foule avec toutes les -étincelles d'une forge, de la poussière pour fumée, et un air de furie. -Ce vacarme réjouissait les jeunes filles. Favourite s'exclamait: - ---Quel tapage! on dirait des tas de chaînes qui s'envolent. - -Il arriva une fois qu'une de ces voitures qu'on distinguait -difficilement dans l'épaisseur des ormes, s'arrêta un moment, puis -repartit au galop. Cela étonna Fantine. - ---C'est particulier! dit-elle. Je croyais que la diligence ne s'arrêtait -jamais. Favourite haussa les épaules. - ---Cette Fantine est surprenante. Je viens la voir par curiosité. Elle -s'éblouit des choses les plus simples. Une supposition; je suis un -voyageur, je dis à la diligence: je vais en avant, vous me prendrez sur -le quai en passant. La diligence passe, me voit, s'arrête, et me prend. -Cela se fait tous les jours. Tu ne connais pas la vie, ma chère. - -Un certain temps s'écoula ainsi. Tout à coup Favourite eut le mouvement -de quelqu'un qui se réveille. - ---Eh bien, fit-elle, et la surprise? - ---À propos, oui, reprit Dahlia, la fameuse surprise? - ---Ils sont bien longtemps! dit Fantine. - -Comme Fantine achevait ce soupir, le garçon qui avait servi le dîner -entra. Il tenait à la main quelque chose qui ressemblait à une lettre. - ---Qu'est-ce que cela? demanda Favourite. - -Le garçon répondit: - ---C'est un papier que ces messieurs ont laissé pour ces dames. - ---Pourquoi ne l'avoir pas apporté tout de suite? - ---Parce que ces messieurs, reprit le garçon, ont commandé de ne le -remettre à ces dames qu'au bout d'une heure. - -Favourite arracha le papier des mains du garçon. C'était une lettre en -effet. - ---Tiens! dit-elle. Il n'y a pas d'adresse. Mais voici ce qui est écrit -dessus: - -Ceci est la surprise. - -Elle décacheta vivement la lettre, l'ouvrit et lut (elle savait lire): - -«Ô nos amantes! - -«Sachez que nous avons des parents. Des parents, vous ne connaissez pas -beaucoup ça. Ça s'appelle des pères et mères dans le code civil, puéril -et honnête. Or, ces parents gémissent, ces vieillards nous réclament, -ces bons hommes et ces bonnes femmes nous appellent enfants prodigues, -ils souhaitent nos retours, et nous offrent de tuer des veaux. Nous leur -obéissons, étant vertueux. À l'heure où vous lirez ceci, cinq chevaux -fougueux nous rapporteront à nos papas et à nos mamans. Nous fichons le -camp, comme dit Bossuet. Nous partons, nous sommes partis. Nous fuyons -dans les bras de Laffitte et sur les ailes de Caillard. La diligence de -Toulouse nous arrache à l'abîme, et l'abîme c'est vous, ô nos belles -petites! Nous rentrons dans la société, dans le devoir et dans l'ordre, -au grand trot, à raison de trois lieues à l'heure. Il importe à la -patrie que nous soyons, comme tout le monde, préfets, pères de famille, -gardes champêtres et conseillers d'État. Vénérez-nous. Nous nous -sacrifions. Pleurez-nous rapidement et remplacez-nous vite. Si cette -lettre vous déchire, rendez-le-lui. Adieu. - -«Pendant près de deux ans, nous vous avons rendues heureuses. Ne nous en -gardez pas rancune. - -«Signé: Blachevelle. - -«Fameuil. - -«Listolier. - -«Félix Tholomyès - -«Post-scriptum. Le dîner est payé.» - -Les quatre jeunes filles se regardèrent. - -Favourite rompit la première le silence. - ---Eh bien! s'écria-t-elle, c'est tout de même une bonne farce. - ---C'est très drôle, dit Zéphine. - ---Ce doit être Blachevelle qui a eu cette idée-là, reprit Favourite. Ça -me rend amoureuse de lui. Sitôt parti, sitôt aimé. Voilà l'histoire. - ---Non, dit Dahlia, c'est une idée à Tholomyès. Ça se reconnaît. - ---En ce cas, reprit Favourite, mort à Blachevelle et vive Tholomyès! - ---Vive Tholomyès! crièrent Dahlia et Zéphine. - -Et elles éclatèrent de rire. - -Fantine rit comme les autres. - -Une heure après, quand elle fut rentrée dans sa chambre, elle pleura. -C'était, nous l'avons dit, son premier amour; elle s'était donnée à ce -Tholomyès comme à un mari, et la pauvre fille avait un enfant. - - - - -Livre quatrième--Confier, c'est quelquefois livrer - - - - -Chapitre I - -Une mère qui en rencontre une autre - - -Il y avait, dans le premier quart de ce siècle, à Montfermeil, près de -Paris, une façon de gargote qui n'existe plus aujourd'hui. Cette gargote -était tenue par des gens appelés Thénardier, mari et femme. Elle était -située dans la ruelle du Boulanger. On voyait au-dessus de la porte une -planche clouée à plat sur le mur. Sur cette planche était peint quelque -chose qui ressemblait à un homme portant sur son dos un autre homme, -lequel avait de grosses épaulettes de général dorées avec de larges -étoiles argentées; des taches rouges figuraient du sang; le reste du -tableau était de la fumée et représentait probablement une bataille. Au -bas on lisait cette inscription: _Au Sergent de Waterloo._ - -Rien n'est plus ordinaire qu'un tombereau ou une charrette à la porte -d'une auberge. Cependant le véhicule ou, pour mieux dire, le fragment de -véhicule qui encombrait la rue devant la gargote du Sergent de Waterloo, -un soir du printemps de 1818, eût certainement attiré par sa masse -l'attention d'un peintre qui eût passé là. - -C'était l'avant-train d'un de ces fardiers, usités dans les pays de -forêts, et qui servent à charrier des madriers et des troncs d'arbres. -Cet avant-train se composait d'un massif essieu de fer à pivot où -s'emboîtait un lourd timon, et que supportaient deux roues démesurées. -Tout cet ensemble était trapu, écrasant et difforme. On eût dit l'affût -d'un canon géant. Les ornières avaient donné aux roues, aux jantes, aux -moyeux, à l'essieu et au timon, une couche de vase, hideux badigeonnage -jaunâtre assez semblable à celui dont on orne volontiers les -cathédrales. Le bois disparaissait sous la boue et le fer sous la -rouille. Sous l'essieu pendait en draperie une grosse chaîne digne de -Goliath forçat. Cette chaîne faisait songer, non aux poutres qu'elle -avait fonction de transporter, mais aux mastodontes et aux mammons -qu'elle eût pu atteler; elle avait un air de bagne, mais de bagne -cyclopéen et surhumain, et elle semblait détachée de quelque monstre. -Homère y eût lié Polyphème et Shakespeare Caliban. - -Pourquoi cet avant-train de fardier était-il à cette place dans la rue? -D'abord, pour encombrer la rue; ensuite pour achever de se rouiller. Il -y a dans le vieil ordre social une foule d'institutions qu'on trouve de -la sorte sur son passage en plein air et qui n'ont pas pour être là -d'autres raisons. - -Le centre de la chaîne pendait sous l'essieu assez près de terre, et sur -la courbure, comme sur la corde d'une balançoire, étaient assises et -groupées, ce soir-là, dans un entrelacement exquis, deux petites filles, -l'une d'environ deux ans et demi, l'autre de dix-huit mois, la plus -petite dans les bras de la plus grande. Un mouchoir savamment noué les -empêchait de tomber. Une mère avait vu cette effroyable chaîne, et avait -dit: Tiens! voilà un joujou pour mes enfants. - -Les deux enfants, du reste gracieusement attifées, et avec quelque -recherche, rayonnaient; on eût dit deux roses dans de la ferraille; -leurs yeux étaient un triomphe; leurs fraîches joues riaient. L'une -était châtain, l'autre était brune. Leurs naïfs visages étaient deux -étonnements ravis; un buisson fleuri qui était près de là envoyait aux -passants des parfums qui semblaient venir d'elles; celle de dix-huit -mois montrait son gentil ventre nu avec cette chaste indécence de la -petitesse. - -Au-dessus et autour de ces deux têtes délicates, pétries dans le bonheur -et trempées dans la lumière, le gigantesque avant-train, noir de -rouille, presque terrible, tout enchevêtré de courbes et d'angles -farouches, s'arrondissait comme un porche de caverne. À quelques pas, -accroupie sur le seuil de l'auberge, la mère, femme d'un aspect peu -avenant du reste, mais touchante en ce moment-là, balançait les deux -enfants au moyen d'une longue ficelle, les couvant des yeux de peur -d'accident avec cette expression animale et céleste propre à la -maternité; à chaque va-et-vient, les hideux anneaux jetaient un bruit -strident qui ressemblait à un cri de colère; les petites filles -s'extasiaient, le soleil couchant se mêlait à cette joie, et rien -n'était charmant comme ce caprice du hasard, qui avait fait d'une chaîne -de titans une escarpolette de chérubins. - -Tout en berçant ses deux petites, la mère chantonnait d'une voix fausse -une romance alors célèbre: - - _Il le faut, disait un guerrier._ - -Sa chanson et la contemplation de ses filles l'empêchaient d'entendre et -de voir ce qui se passait dans la rue. - -Cependant quelqu'un s'était approché d'elle, comme elle commençait le -premier couplet de la romance, et tout à coup elle entendit une voix qui -disait très près de son oreille: - ---Vous avez là deux jolis enfants, madame, répondit la mère, continuant -sa romance: - - _À la belle et tendre Imogine._ - -répondit la mère, continuant sa romance, puis elle tourna la tête. - -Une femme était devant elle, à quelques pas. Cette femme, elle aussi, -avait un enfant qu'elle portait dans ses bras. - -Elle portait en outre un assez gros sac de nuit qui semblait fort lourd. - -L'enfant de cette femme était un des plus divins êtres qu'on pût voir. -C'était une fille de deux à trois ans. Elle eût pu jouter avec les deux -autres pour la coquetterie de l'ajustement; elle avait un bavolet de -linge fin, des rubans à sa brassière et de la valenciennes à son bonnet. -Le pli de sa jupe relevée laissait voir sa cuisse blanche, potelée et -ferme. Elle était admirablement rose et bien portante. La belle petite -donnait envie de mordre dans les pommes de ses joues. On ne pouvait rien -dire de ses yeux, sinon qu'ils devaient être très grands et qu'ils -avaient des cils magnifiques. Elle dormait. - -Elle dormait de ce sommeil d'absolue confiance propre à son âge. Les -bras des mères sont faits de tendresse; les enfants y dorment -profondément. - -Quant à la mère, l'aspect en était pauvre et triste. Elle avait la mise -d'une ouvrière qui tend à redevenir paysanne. Elle était jeune. -Était-elle belle? peut-être; mais avec cette mise il n'y paraissait pas. -Ses cheveux, d'où s'échappait une mèche blonde, semblaient fort épais, -mais disparaissaient sévèrement sous une coiffe de béguine, laide, -serrée, étroite, et nouée au menton. Le rire montre les belles dents -quand on en a; mais elle ne riait point. Ses yeux ne semblaient pas être -secs depuis très longtemps. Elle était pâle; elle avait l'air très lasse -et un peu malade; elle regardait sa fille endormie dans ses bras avec -cet air particulier d'une mère qui a nourri son enfant. Un large -mouchoir bleu, comme ceux où se mouchent les invalides, plié en fichu, -masquait lourdement sa taille. Elle avait les mains hâlées et toutes -piquées de taches de rousseur, l'index durci et déchiqueté par -l'aiguille, une Mante brune de laine bourrue, une robe de toile et de -gros souliers. C'était Fantine. - -C'était Fantine. Difficile à reconnaître. Pourtant, à l'examiner -attentivement, elle avait toujours sa beauté. Un pli triste, qui -ressemblait à un commencement d'ironie, ridait sa joue droite. Quant à -sa toilette, cette aérienne toilette de mousseline et de rubans qui -semblait faite avec de la gaîté, de la folie et de la musique, pleine de -grelots et parfumée de lilas, elle s'était évanouie comme ces beaux -givres éclatants qu'on prend pour des diamants au soleil; ils fondent et -laissent la branche toute noire. - -Dix mois s'étaient écoulés depuis «la bonne farce». - -Que s'était-il passé pendant ces dix mois? on le devine. - -Après l'abandon, la gêne. Fantine avait tout de suite perdu de vue -Favourite, Zéphine et Dahlia; le lien, brisé du côté des hommes, s'était -défait du côté des femmes; on les eût bien étonnées, quinze jours après, -si on leur eût dit qu'elles étaient amies; cela n'avait plus de raison -d'être. Fantine était restée seule. Le père de son enfant parti,--hélas! -ces ruptures-là sont irrévocables,--elle se trouva absolument isolée, -avec l'habitude du travail de moins et le goût du plaisir de plus. -Entraînée par sa liaison avec Tholomyès à dédaigner le petit métier -qu'elle savait, elle avait négligé ses débouchés; ils s'étaient fermés. -Nulle ressource. Fantine savait à peine lire et ne savait pas écrire; on -lui avait seulement appris dans son enfance à signer son nom; elle avait -fait écrire par un écrivain public une lettre à Tholomyès, puis une -seconde, puis une troisième. Tholomyès n'avait répondu à aucune. Un -jour, Fantine entendit des commères dire en regardant sa fille: - ---Est-ce qu'on prend ces enfants-là au sérieux? on hausse les épaules de -ces enfants-là! - -Alors elle songea à Tholomyès qui haussait les épaules de son enfant et -qui ne prenait pas cet être innocent au sérieux; et son coeur devint -sombre à l'endroit de cet homme. Quel parti prendre pourtant? Elle ne -savait plus à qui s'adresser. Elle avait commis une faute, mais le fond -de sa nature, on s'en souvient, était pudeur et vertu. Elle sentit -vaguement qu'elle était à la veille de tomber dans la détresse, et de -glisser dans le pire. Il fallait du courage; elle en eut, et se roidit. -L'idée lui vint de retourner dans sa ville natale, à Montreuil-sur-mer. -Là quelqu'un peut-être la connaîtrait et lui donnerait du travail. Oui; -mais il faudrait cacher sa faute. Et elle entrevoyait confusément la -nécessité possible d'une séparation plus douloureuse encore que la -première. Son coeur se serra, mais elle prit sa résolution. Fantine, on -le verra, avait la farouche bravoure de la vie. - -Elle avait déjà vaillamment renoncé à la parure, s'était vêtue de toile, -et avait mis toute sa soie, tous ses chiffons, tous ses rubans et toutes -ses dentelles sur sa fille, seule vanité qui lui restât, et sainte -celle-là. Elle vendit tout ce qu'elle avait, ce qui lui produisit deux -cents francs; ses petites dettes payées, elle n'eut plus que -quatre-vingts francs environ. À vingt-deux ans, par une belle matinée de -printemps, elle quittait Paris, emportant son enfant sur son dos. -Quelqu'un qui les eût vues passer toutes les deux eût pitié. Cette femme -n'avait au monde que cet enfant, et cet enfant n'avait au monde que -cette femme. Fantine avait nourri sa fille; cela lui avait fatigué la -poitrine, et elle toussait un peu. - -Nous n'aurons plus occasion de parler de M. Félix Tholomyès. -Bornons-nous à dire que, vingt ans plus tard, sous le roi -Louis-Philippe, c'était un gros avoué de province, influent et riche, -électeur sage et juré très sévère; toujours homme de plaisir. - -Vers le milieu du jour, après avoir, pour se reposer, cheminé de temps -en temps, moyennant trois ou quatre sous par lieue, dans ce qu'on -appelait alors les Petites Voitures des Environs de Paris, Fantine se -trouvait à Montfermeil, dans la ruelle du Boulanger. - -Comme elle passait devant l'auberge Thénardier, les deux petites filles, -enchantées sur leur escarpolette monstre, avaient été pour elle une -sorte d'éblouissement, et elle s'était arrêtée devant cette vision de -joie. - -Il y a des charmes. Ces deux petites filles en furent un pour cette -mère. - -Elle les considérait, toute émue. La présence des anges est une annonce -de paradis. Elle crut voir au dessus de cette auberge le mystérieux ICI -de la providence. Ces deux petites étaient si évidemment heureuses! Elle -les regardait, elle les admirait, tellement attendrie qu'au moment où la -mère reprenait haleine entre deux vers de sa chanson, elle ne put -s'empêcher de lui dire ce mot qu'on vient de lire: - ---Vous avez là deux jolis enfants, madame. - -Les créatures les plus féroces sont désarmées par la caresse à leurs -petits. La mère leva la tête et remercia, et fit asseoir la passante sur -le banc de la porte, elle-même étant sur le seuil. Les deux femmes -causèrent. - ---Je m'appelle madame Thénardier, dit la mère des deux petites. Nous -tenons cette auberge. - -Puis, toujours à sa romance, elle reprit entre ses dents: - - _Il le faut, je suis chevalier,_ - _Et je pars pour la Palestine._ - -Cette madame Thénardier était une femme rousse, charnue, anguleuse; le -type femme-à-soldat dans toute sa disgrâce. Et, chose bizarre, avec un -air penché qu'elle devait à des lectures romanesques. C'était une -minaudière hommasse. De vieux romans qui se sont éraillés sur des -imaginations de gargotières ont de ces effets-là. Elle était jeune -encore; elle avait à peine trente ans. Si cette femme, qui était -accroupie, se fût tenue droite, peut-être sa haute taille et sa carrure -de colosse ambulant propre aux foires, eussent-elles dès l'abord -effarouché la voyageuse, troublé sa confiance, et fait évanouir ce que -nous avons à raconter. Une personne qui est assise au lieu d'être -debout, les destinées tiennent à cela. - -La voyageuse raconta son histoire, un peu modifiée: - -Qu'elle était ouvrière; que son mari était mort; que le travail lui -manquait à Paris, et qu'elle allait en chercher ailleurs; dans son pays; -qu'elle avait quitté Paris, le matin même, à pied; que, comme elle -portait son enfant, se sentant fatiguée, et ayant rencontré la voiture -de Villemomble, elle y était montée; que de Villemomble elle était venue -à Montfermeil à pied, que la petite avait un peu marché, mais pas -beaucoup, c'est si jeune, et qu'il avait fallu la prendre, et que le -bijou s'était endormi. - -Et sur ce mot elle donna à sa fille un baiser passionné qui la réveilla. -L'enfant ouvrit les yeux, de grands yeux bleus comme ceux de sa mère, et -regarda, quoi? rien, tout, avec cet air sérieux et quelquefois sévère -des petits enfants, qui est un mystère de leur lumineuse innocence -devant nos crépuscules de vertus. On dirait qu'ils se sentent anges et -qu'ils nous savent hommes. Puis l'enfant se mit à rire, et, quoique la -mère la retint, glissa à terre avec l'indomptable énergie d'un petit -être qui veut courir. Tout à coup elle aperçut les deux autres sur leur -balançoire, s'arrêta court, et tira la langue, signe d'admiration. - -La mère Thénardier détacha ses filles, les fit descendre de -l'escarpolette, et dit: - ---Amusez-vous toutes les trois. - -Ces âges-là s'apprivoisent vite, et au bout d'une minute les petites -Thénardier jouaient avec la nouvelle venue à faire des trous dans la -terre, plaisir immense. - -Cette nouvelle venue était très gaie; la bonté de la mère est écrite -dans la gaîté du marmot; elle avait pris un brin de bois qui lui servait -de pelle, et elle creusait énergiquement une fosse bonne pour une -mouche. Ce que fait le fossoyeur devient riant, fait par l'enfant. - -Les deux femmes continuaient de causer. - ---Comment s'appelle votre mioche? - ---Cosette. - -Cosette, lisez Euphrasie. La petite se nommait Euphrasie. Mais -d'Euphrasie la mère avait fait Cosette, par ce doux et gracieux instinct -des mères et du peuple qui change Josefa en Pepita et Françoise en -Sillette. C'est là un genre de dérivés qui dérange et déconcerte toute -la science des étymologistes. Nous avons connu une grand'mère qui avait -réussi à faire de Théodore, Gnon. - ---Quel âge a-t-elle? - ---Elle va sur trois ans. - ---C'est comme mon aînée. - -Cependant les trois petites filles étaient groupées dans une posture -d'anxiété profonde et de béatitude; un événement avait lieu; un gros ver -venait de sortir de terre; et elles avaient peur, et elles étaient en -extase. - -Leurs fronts radieux se touchaient; on eût dit trois têtes dans une -auréole. - ---Les enfants, s'écria la mère Thénardier, comme ça se connaît tout de -suite! les voilà qu'on jurerait trois soeurs! - -Ce mot fut l'étincelle qu'attendait probablement l'autre mère. Elle -saisit la main de la Thénardier, la regarda fixement, et lui dit: - ---Voulez-vous me garder mon enfant? - -La Thénardier eut un de ces mouvements surpris qui ne sont ni le -consentement ni le refus. - -La mère de Cosette poursuivit: - ---Voyez-vous, je ne peux pas emmener ma fille au pays. L'ouvrage ne le -permet pas. Avec un enfant, on ne trouve pas à se placer. Ils sont si -ridicules dans ce pays-là. C'est le bon Dieu qui m'a fait passer devant -votre auberge. Quand j'ai vu vos petites si jolies et si propres et si -contentes, cela m'a bouleversée. J'ai dit: voilà une bonne mère. C'est -ça; ça fera trois soeurs. Et puis, je ne serai pas longtemps à revenir. -Voulez-vous me garder mon enfant? - ---Il faudrait voir, dit la Thénardier. - ---Je donnerais six francs par mois. - -Ici une voix d'homme cria du fond de la gargote: - ---Pas à moins de sept francs. Et six mois payés d'avance. - ---Six fois sept quarante-deux, dit la Thénardier. - ---Je les donnerai, dit la mère. - ---Et quinze francs en dehors pour les premiers frais, ajouta la voix -d'homme. - ---Total cinquante-sept francs, dit la madame Thénardier. Et à travers -ces chiffres, elle chantonnait vaguement: - -_Il le faut, disait un guerrier._ - ---Je les donnerai, dit la mère, j'ai quatre-vingts francs. Il me restera -de quoi aller au pays. En allant à pied. Je gagnerai de l'argent là-bas, -et dès que j'en aurai un peu, je reviendrai chercher l'amour. - -La voix d'homme reprit: - ---La petite a un trousseau? - ---C'est mon mari, dit la Thénardier. - ---Sans doute elle a un trousseau, le pauvre trésor. J'ai bien vu que -c'était votre mari. Et un beau trousseau encore! un trousseau insensé. -Tout par douzaines; et des robes de soie comme une dame. Il est là dans -mon sac de nuit. - ---Il faudra le donner, repartit la voix d'homme. - ---Je crois bien que je le donnerai! dit la mère. Ce serait cela qui -serait drôle si je laissais ma fille toute nue! - -La face du maître apparut. - ---C'est bon, dit-il. - -Le marché fut conclu. La mère passa la nuit à l'auberge, donna son -argent et laissa son enfant, renoua son sac de nuit dégonflé du -trousseau et léger désormais, et partit le lendemain matin, comptant -revenir bientôt. On arrange tranquillement ces départs-là, mais ce sont -des désespoirs. - -Une voisine des Thénardier rencontra cette mère comme elle s'en allait, -et s'en revint en disant: - ---Je viens de voir une femme qui pleure dans la rue, que c'est un -déchirement. - -Quand la mère de Cosette fut partie, l'homme dit à la femme: - ---Cela va me payer mon effet de cent dix francs qui échoit demain. Il me -manquait cinquante francs. Sais-tu que j'aurais eu l'huissier et un -protêt? Tu as fait là une bonne souricière avec tes petites. - ---Sans m'en douter, dit la femme. - - - - -Chapitre II - -Première esquisse de deux figures louches - - -La souris prise était bien chétive; mais le chat se réjouit même d'une -souris maigre. Qu'était-ce que les Thénardier? - -Disons-en un mot dès à présent. Nous compléterons le croquis plus tard. - -Ces êtres appartenaient à cette classe bâtarde composée de gens -grossiers parvenus et de gens intelligents déchus, qui est entre la -classe dite moyenne et la classe dite inférieure, et qui combine -quelques-uns des défauts de la seconde avec presque tous les vices de la -première, sans avoir le généreux élan de l'ouvrier ni l'ordre honnête du -bourgeois. - -C'étaient de ces natures naines qui, si quelque feu sombre les chauffe -par hasard, deviennent facilement monstrueuses. Il y avait dans la femme -le fond d'une brute et dans l'homme l'étoffe d'un gueux. Tous deux -étaient au plus haut degré susceptibles de l'espèce de hideux progrès -qui se fait dans le sens du mal. Il existe des âmes écrevisses reculant -continuellement vers les ténèbres, rétrogradant dans la vie plutôt -qu'elles n'y avancent, employant l'expérience à augmenter leur -difformité, empirant sans cesse, et s'empreignant de plus en plus d'une -noirceur croissante. Cet homme et cette femme étaient de ces âmes-là. - -Le Thénardier particulièrement était gênant pour le physionomiste. On -n'a qu'à regarder certains hommes pour s'en défier, on les sent -ténébreux à leurs deux extrémités. Ils sont inquiets derrière eux et -menaçants devant eux. Il y a en eux de l'inconnu. On ne peut pas plus -répondre de ce qu'ils ont fait que de ce qu'ils feront. L'ombre qu'ils -ont dans le regard les dénonce. Rien qu'en les entendant dire un mot ou -qu'en les voyant faire un geste on entrevoit de sombres secrets dans -leur passé et de sombres mystères dans leur avenir. - -Ce Thénardier, s'il fallait l'en croire, avait été soldat; sergent, -disait-il; il avait fait probablement la campagne de 1815, et s'était -même comporté assez bravement, à ce qu'il paraît. Nous verrons plus tard -ce qu'il en était. L'enseigne de son cabaret était une allusion à l'un -de ses faits d'armes. Il l'avait peinte lui-même, car il savait faire un -peu de tout; mal. - -C'était l'époque où l'antique roman classique, qui, après avoir été -_Clélie_, n'était plus que _Lodoïska_, toujours noble, mais de plus en -plus vulgaire, tombé de mademoiselle de Scudéri à madame -Barthélemy-Hadot, et de madame de Lafayette à madame Bournon-Malarme, -incendiait l'âme aimante des portières de Paris et ravageait même un peu -la banlieue. Madame Thénardier était juste assez intelligente pour lire -ces espèces de livres. Elle s'en nourrissait. Elle y noyait ce qu'elle -avait de cervelle; cela lui avait donné, tant qu'elle avait été très -jeune, et même un peu plus tard, une sorte d'attitude pensive près de -son mari, coquin d'une certaine profondeur, ruffian lettré à la -grammaire près, grossier et fin en même temps, mais, en fait de -sentimentalisme, lisant Pigault-Lebrun, et pour «tout ce qui touche le -sexe», comme il disait dans son jargon, butor correct et sans mélange. -Sa femme avait quelque douze ou quinze ans de moins que lui. Plus tard, -quand les cheveux romanesquement pleureurs commencèrent à grisonner, -quand la Mégère se dégagea de la Paméla, la Thénardier ne fut plus -qu'une grosse méchante femme ayant savouré des romans bêtes. Or on ne -lit pas impunément des niaiseries. Il en résulta que sa fille aînée se -nomma Eponine. Quant à la cadette, la pauvre petite faillit se nommer -Gulnare; elle dut à je ne sais quelle heureuse diversion faite par un -roman de Ducray-Duminil, de ne s'appeler qu'Azelma. - -Au reste, pour le dire en passant, tout n'est pas ridicule et -superficiel dans cette curieuse époque à laquelle nous faisons ici -allusion, et qu'on pourrait appeler l'anarchie des noms de baptême. À -côté de l'élément romanesque, que nous venons d'indiquer, il y a le -symptôme social. Il n'est pas rare aujourd'hui que le garçon bouvier se -nomme Arthur, Alfred ou Alphonse, et que le vicomte--s'il y a encore des -vicomtes--se nomme Thomas, Pierre ou Jacques. Ce déplacement qui met le -nom «élégant» sur le plébéien et le nom campagnard sur l'aristocrate -n'est autre chose qu'un remous d'égalité. L'irrésistible pénétration du -souffle nouveau est là comme en tout. Sous cette discordance apparente, -il y a une chose grande et profonde: la révolution française. - - - - -Chapitre III - -L'Alouette - - -Il ne suffit pas d'être méchant pour prospérer. La gargote allait mal. - -Grâce aux cinquante-sept francs de la voyageuse, Thénardier avait pu -éviter un protêt et faire honneur à sa signature. Le mois suivant ils -eurent encore besoin d'argent; la femme porta à Paris et engagea au -Mont-de-Piété le trousseau de Cosette pour une somme de soixante francs. -Dès que cette somme fut dépensée, les Thénardier s'accoutumèrent à ne -plus voir dans la petite fille qu'un enfant qu'ils avaient chez eux par -charité, et la traitèrent en conséquence. Comme elle n'avait plus de -trousseau, on l'habilla des vieilles jupes et des vieilles chemises des -petites Thénardier, c'est-à-dire de haillons. - -On la nourrit des restes de tout le monde, un peu mieux que le chien et -un peu plus mal que le chat. Le chat et le chien étaient du reste ses -commensaux habituels; Cosette mangeait avec eux sous la table dans une -écuelle de bois pareille à la leur. La mère qui s'était fixée, comme on -le verra plus tard, à Montreuil-sur-mer, écrivait, ou, pour mieux dire, -faisait écrire tous les mois afin d'avoir des nouvelles de son enfant. -Les Thénardier répondaient invariablement: Cosette est à merveille. Les -six premiers mois révolus, la mère envoya sept francs pour le septième -mois, et continua assez exactement ses envois de mois en mois. L'année -n'était pas finie que le Thénardier dit: - ---Une belle grâce qu'elle nous fait là! que veut-elle que nous fassions -avec ses sept francs? - -Et il écrivit pour exiger douze francs. La mère, à laquelle ils -persuadaient que son enfant était heureuse "et venait bien", se soumit -et envoya les douze francs. - -Certaines natures ne peuvent aimer d'un côté sans haïr de l'autre. La -mère Thénardier aimait passionnément ses deux filles à elle, ce qui fit -qu'elle détesta l'étrangère. Il est triste de songer que l'amour d'une -mère peut avoir de vilains aspects. Si peu de place que Cosette tînt -chez elle, il lui semblait que cela était pris aux siens, et que cette -petite diminuait l'air que ses filles respiraient. Cette femme, comme -beaucoup de femmes de sa sorte, avait une somme de caresses et une somme -de coups et d'injures à dépenser chaque jour. Si elle n'avait pas eu -Cosette, il est certain que ses filles, tout idolâtrées qu'elles -étaient, auraient tout reçu; mais l'étrangère leur rendit le service de -détourner les coups sur elle. Ses filles n'eurent que les caresses. -Cosette ne faisait pas un mouvement qui ne fît pleuvoir sur sa tête une -grêle de châtiments violents et immérités. Doux être faible qui ne -devait rien comprendre à ce monde ni à Dieu, sans cesse punie, grondée, -rudoyée, battue et voyant à côté d'elle deux petites créatures comme -elle, qui vivaient dans un rayon d'aurore! - -La Thénardier étant méchante pour Cosette, Éponine et Azelma furent -méchantes. Les enfants, à cet âge, ne sont que des exemplaires de la -mère. Le format est plus petit, voilà tout. - -Une année s'écoula, puis une autre. - -On disait dans le village: - ---Ces Thénardier sont de braves gens. Ils ne sont pas riches, et ils -élèvent un pauvre enfant qu'on leur a abandonné chez eux! - -On croyait Cosette oubliée par sa mère. - -Cependant le Thénardier, ayant appris par on ne sait quelles voies -obscures que l'enfant était probablement bâtard et que la mère ne -pouvait l'avouer, exigea quinze francs par mois, disant que «la -créature» grandissait et «_mangeait_», et menaçant de la renvoyer. -«Quelle ne m'embête pas! s'écriait-il, je lui bombarde son mioche tout -au beau milieu de ses cachotteries. Il me faut de l'augmentation.» La -mère paya les quinze francs. - -D'année en année, l'enfant grandit, et sa misère aussi. - -Tant que Cosette fut toute petite, elle fut le souffre-douleur des deux -autres enfants; dès qu'elle se mit à se développer un peu, c'est-à-dire -avant même qu'elle eût cinq ans, elle devint la servante de la maison. - -Cinq ans, dira-t-on, c'est invraisemblable. Hélas, c'est vrai. La -souffrance sociale commence à tout âge. - -N'avons-nous pas vu, récemment, le procès d'un nommé Dumolard, orphelin -devenu bandit, qui, dès l'âge de cinq ans, disent les documents -officiels, étant seul au monde «travaillait pour vivre, et volait.» - -On fit faire à Cosette les commissions, balayer les chambres, la cour, -la rue, laver la vaisselle, porter même des fardeaux. Les Thénardier se -crurent d'autant plus autorisés à agir ainsi que la mère qui était -toujours à Montreuil-sur-mer commença à mal payer. Quelques mois -restèrent en souffrance. - -Si cette mère fût revenue à Montfermeil au bout de ces trois années, -elle n'eût point reconnu son enfant. Cosette, si jolie et si fraîche à -son arrivée dans cette maison, était maintenant maigre et blême. Elle -avait je ne sais quelle allure inquiète. Sournoise! disaient les -Thénardier. - -L'injustice l'avait faite hargneuse et la misère l'avait rendue laide. -Il ne lui restait plus que ses beaux yeux qui faisaient peine, parce -que, grands comme ils étaient, il semblait qu'on y vît une plus grande -quantité de tristesse. - -C'était une chose navrante de voir, l'hiver, ce pauvre enfant, qui -n'avait pas encore six ans, grelottant sous de vieilles loques de toile -trouées, balayer la rue avant le jour avec un énorme balai dans ses -petites mains rouges et une larme dans ses grands yeux. - -Dans le pays on l'appelait l'Alouette. Le peuple, qui aime les figures, -s'était plu à nommer de ce nom ce petit être pas plus gros qu'un oiseau, -tremblant, effarouché et frissonnant, éveillé le premier chaque matin -dans la maison et dans le village, toujours dans la rue ou dans les -champs avant l'aube. Seulement la pauvre Alouette ne chantait jamais. - - - - -Livre cinquième--La descente - - - - -Chapitre I - -Histoire d'un progrès dans les verroteries noires - - -Cette mère cependant qui, au dire des gens de Montfermeil, semblait -avoir abandonné son enfant, que devenait-elle? où était-elle? que -faisait-elle? - -Après avoir laissé sa petite Cosette aux Thénardier, elle avait continué -son chemin et était arrivée à Montreuil-sur-mer. - -C'était, on se le rappelle, en 1818. - -Fantine avait quitté sa province depuis une dizaine d'années. -Montreuil-sur-mer avait changé d'aspect. Tandis que Fantine descendait -lentement de misère en misère, sa ville natale avait prospéré. - -Depuis deux ans environ, il s'y était accompli un de ces faits -industriels qui sont les grands événements des petits pays. - -Ce détail importe, et nous croyons utile de le développer; nous dirions -presque, de le souligner. - -De temps immémorial, Montreuil-sur-mer avait pour industrie spéciale -l'imitation des jais anglais et des verroteries noires d'Allemagne. -Cette industrie avait toujours végété, à cause de la cherté des matières -premières qui réagissait sur la main-d'oeuvre. Au moment où Fantine -revint à Montreuil-sur-mer, une transformation inouïe s'était opérée -dans cette production des «articles noirs». Vers la fin de 1815, un -homme, un inconnu, était venu s'établir dans la ville et avait eu l'idée -de substituer, dans cette fabrication, la gomme laque à la résine et, -pour les bracelets en particulier, les coulants en tôle simplement -rapprochée aux coulants en tôle soudée. Ce tout petit changement avait -été une révolution. - -Ce tout petit changement en effet avait prodigieusement réduit le prix -de la matière première, ce qui avait permis, premièrement, d'élever le -prix de la main-d'oeuvre, bienfait pour le pays; deuxièmement, -d'améliorer la fabrication, avantage pour le consommateur; -troisièmement, de vendre à meilleur marché tout en triplant le bénéfice, -profit pour le manufacturier. - -Ainsi pour une idée trois résultats. - -En moins de trois ans, l'auteur de ce procédé était devenu riche, ce qui -est bien, et avait tout fait riche autour de lui, ce qui est mieux. Il -était étranger au département. De son origine, on ne savait rien; de ses -commencements, peu de chose. - -On contait qu'il était venu dans la ville avec fort peu d'argent, -quelques centaines de francs tout au plus. - -C'est de ce mince capital, mis au service d'une idée ingénieuse, fécondé -par l'ordre et par la pensée, qu'il avait tiré sa fortune et la fortune -de tout ce pays. - -À son arrivée à Montreuil-sur-mer, il n'avait que les vêtements, la -tournure et le langage d'un ouvrier. - -Il paraît que, le jour même où il faisait obscurément son entrée dans la -petite ville de Montreuil-sur-mer, à la tombée d'un soir de décembre, le -sac au dos et le bâton d'épine à la main, un gros incendie venait -d'éclater à la maison commune. Cet homme s'était jeté dans le feu, et -avait sauvé, au péril de sa vie, deux enfants qui se trouvaient être -ceux du capitaine de gendarmerie; ce qui fait qu'on n'avait pas songé à -lui demander son passeport. Depuis lors, on avait su son nom. Il -s'appelait le _père Madeleine_. - - - - -Chapitre II - -M. Madeleine - - -C'était un homme d'environ cinquante ans, qui avait l'air préoccupé et -qui était bon. Voilà tout ce qu'on en pouvait dire. - -Grâce aux progrès rapides de cette industrie qu'il avait si -admirablement remaniée, Montreuil-sur-mer était devenu un centre -d'affaires considérable. L'Espagne, qui consomme beaucoup de jais noir, -y commandait chaque année des achats immenses. Montreuil-sur-mer, pour -ce commerce, faisait presque concurrence à Londres et à Berlin. Les -bénéfices du père Madeleine étaient tels que, dès la deuxième année, il -avait pu bâtir une grande fabrique dans laquelle il y avait deux vastes -ateliers, l'un pour les hommes, l'autre pour les femmes. Quiconque avait -faim pouvait s'y présenter, et était sûr de trouver là de l'emploi et du -pain. Le père Madeleine demandait aux hommes de la bonne volonté, aux -femmes des moeurs pures, à tous de la probité. Il avait divisé les -ateliers afin de séparer les sexes et que les filles et les femmes -pussent rester sages. Sur ce point, il était inflexible. C'était le seul -où il fût en quelque sorte intolérant. Il était d'autant plus fondé à -cette sévérité que, Montreuil-sur-mer étant une ville de garnison, les -occasions de corruption abondaient. Du reste sa venue avait été un -bienfait, et sa présence était une providence. Avant l'arrivée du père -Madeleine, tout languissait dans le pays; maintenant tout y vivait de la -vie saine du travail. Une forte circulation échauffait tout et pénétrait -partout. Le chômage et la misère étaient inconnus. Il n'y avait pas de -poche si obscure où il n'y eût un peu d'argent, pas de logis si pauvre -où il n'y eût un peu de joie. - -Le père Madeleine employait tout le monde. Il n'exigeait qu'une chose: -soyez honnête homme! soyez honnête fille! - -Comme nous l'avons dit, au milieu de cette activité dont il était la -cause et le pivot, le père Madeleine faisait sa fortune, mais, chose -assez singulière dans un simple homme de commerce, il ne paraissait -point que ce fût là son principal souci. Il semblait qu'il songeât -beaucoup aux autres et peu à lui. En 1820, on lui connaissait une somme -de six cent trente mille francs placée à son nom chez Laffitte; mais -avant de se réserver ces six cent trente mille francs, il avait dépensé -plus d'un million pour la ville et pour les pauvres. - -L'hôpital était mal doté; il y avait fondé dix lits. Montreuil-sur-mer -est divisé en ville haute et ville basse. La ville basse, qu'il -habitait, n'avait qu'une école, méchante masure qui tombait en ruine; il -en avait construit deux, une pour les filles, l'autre pour les garçons. -Il allouait de ses deniers aux deux instituteurs une indemnité double de -leur maigre traitement officiel, et un jour, à quelqu'un qui s'en -étonnait, il dit: «Les deux premiers fonctionnaires de l'état, c'est la -nourrice et le maître d'école.» Il avait créé à ses frais une salle -d'asile, chose alors presque inconnue en France, et une caisse de -secours pour les ouvriers vieux et infirmes. Sa manufacture étant un -centre, un nouveau quartier où il y avait bon nombre de familles -indigentes avait rapidement surgi autour de lui; il y avait établi une -pharmacie gratuite. - -Dans les premiers temps, quand on le vit commencer, les bonnes âmes -dirent: C'est un gaillard qui veut s'enrichir. Quand on le vit enrichir -le pays avant de s'enrichir lui-même, les mêmes bonnes âmes dirent: -C'est un ambitieux. Cela semblait d'autant plus probable que cet homme -était religieux, et même pratiquait dans une certaine mesure, chose fort -bien vue à cette époque. Il allait régulièrement entendre une basse -messe tous les dimanches. Le député local, qui flairait partout des -concurrences, ne tarda pas à s'inquiéter de cette religion. Ce député, -qui avait été membre du corps législatif de l'empire, partageait les -idées religieuses d'un père de l'oratoire connu sous le nom de Fouché, -duc d'Otrante, dont il avait été la créature et l'ami. À huis clos il -riait de Dieu doucement. Mais quand il vit le riche manufacturier -Madeleine aller à la basse messe de sept heures, il entrevit un candidat -possible, et résolut de le dépasser; il prit un confesseur jésuite et -alla à la grand'messe et à vêpres. L'ambition en ce temps-là était, dans -l'acception directe du mot, une course au clocher. Les pauvres -profitèrent de cette terreur comme le bon Dieu, car l'honorable député -fonda aussi deux lits à l'hôpital; ce qui fit douze. - -Cependant en 1819 le bruit se répandit un matin dans la ville que, sur -la présentation de M. le préfet, et en considération des services rendus -au pays, le père Madeleine allait être nommé par le roi maire de -Montreuil-sur-mer. Ceux qui avaient déclaré ce nouveau venu «un -ambitieux», saisirent avec transport cette occasion que tous les hommes -souhaitent de s'écrier: «Là! qu'est-ce que nous avions dit?» Tout -Montreuil-sur-mer fut en rumeur. Le bruit était fondé. Quelques jours -après, la nomination parut dans _le Moniteur_. Le lendemain, le père -Madeleine refusa. - -Dans cette même année 1819, les produits du nouveau procédé inventé par -Madeleine figurèrent à l'exposition de l'industrie; sur le rapport du -jury, le roi nomma l'inventeur chevalier de la Légion d'honneur. -Nouvelle rumeur dans la petite ville. Eh bien! c'est la croix qu'il -voulait! Le père Madeleine refusa la croix. - -Décidément cet homme était une énigme. Les bonnes âmes se tirèrent -d'affaire en disant: Après tout, c'est une espèce d'aventurier. - -On l'a vu, le pays lui devait beaucoup, les pauvres lui devaient tout; -il était si utile qu'il avait bien fallu qu'on finît par l'honorer, et -il était si doux qu'il avait bien fallu qu'on finît par l'aimer; ses -ouvriers en particulier l'adoraient, et il portait cette adoration avec -une sorte de gravité mélancolique. Quand il fut constaté riche, «les -personnes de la société» le saluèrent, et on l'appela dans la ville -monsieur Madeleine; ses ouvriers et les enfants continuèrent de -l'appeler _le père Madeleine_, et c'était la chose qui le faisait le -mieux sourire. À mesure qu'il montait, les invitations pleuvaient sur -lui. «La société» le réclamait. Les petits salons guindés de -Montreuil-sur-mer qui, bien entendu, se fussent dans les premiers temps -fermés à l'artisan, s'ouvrirent à deux battants au millionnaire. On lui -fit mille avances. Il refusa. - -Cette fois encore les bonnes âmes ne furent point empêchées. - ---C'est un homme ignorant et de basse éducation. On ne sait d'où cela -sort. Il ne saurait pas se tenir dans le monde. Il n'est pas du tout -prouvé qu'il sache lire. - -Quand on l'avait vu gagner de l'argent, on avait dit: c'est un marchand. -Quand on l'avait vu semer son argent, on avait dit: c'est un ambitieux. -Quand on l'avait vu repousser les honneurs, on avait dit: c'est un -aventurier. Quand on le vit repousser le monde, on dit: c'est une brute. - -En 1820, cinq ans après son arrivée à Montreuil-sur-mer, les services -qu'il avait rendus au pays étaient si éclatants, le voeu de la contrée -fut tellement unanime, que le roi le nomma de nouveau maire de la ville. -Il refusa encore, mais le préfet résista à son refus, tous les notables -vinrent le prier, le peuple en pleine rue le suppliait, l'insistance fut -si vive qu'il finit par accepter. On remarqua que ce qui parut surtout -le déterminer, ce fut l'apostrophe presque irritée d'une vieille femme -du peuple qui lui cria du seuil de sa porte avec humeur: _Un bon maire, -c'est utile. Est-ce qu'on recule devant du bien qu'on peut faire?_ - -Ce fut là la troisième phase de son ascension. Le père Madeleine était -devenu monsieur Madeleine, monsieur Madeleine devint monsieur le maire. - - - - -Chapitre III - -Sommes déposées chez Laffitte - - -Du reste, il était demeuré aussi simple que le premier jour. Il avait -les cheveux gris, l'oeil sérieux, le teint hâlé d'un ouvrier, le visage -pensif d'un philosophe. Il portait habituellement un chapeau à bords -larges et une longue redingote de gros drap, boutonnée jusqu'au menton. -Il remplissait ses fonctions de maire, mais hors de là il vivait -solitaire. Il parlait à peu de monde. Il se dérobait aux politesses, -saluait de côté, s'esquivait vite, souriait pour se dispenser de causer, -donnait pour se dispenser de sourire. Les femmes disaient de lui: Quel -bon ours! Son plaisir était de se promener dans les champs. - -Il prenait ses repas toujours seul, avec un livre ouvert devant lui où -il lisait. Il avait une petite bibliothèque bien faite. Il aimait les -livres; les livres sont des amis froids et sûrs. À mesure que le loisir -lui venait avec la fortune, il semblait qu'il en profitât pour cultiver -son esprit. Depuis qu'il était à Montreuil-sur-mer, on remarquait que -d'année en année son langage devenait plus poli, plus choisi et plus -doux. - -Il emportait volontiers un fusil dans ses promenades, mais il s'en -servait rarement. Quand cela lui arrivait par aventure, il avait un tir -infaillible qui effrayait. Jamais il ne tuait un animal inoffensif. -Jamais il ne tirait un petit oiseau. Quoiqu'il ne fût plus jeune, on -contait qu'il était d'une force prodigieuse. Il offrait un coup de main -à qui en avait besoin, relevait un cheval, poussait à une roue -embourbée, arrêtait par les cornes un taureau échappé. Il avait toujours -ses poches pleines de monnaie en sortant et vides en rentrant. Quand il -passait dans un village, les marmots déguenillés couraient joyeusement -après lui et l'entouraient comme une nuée de moucherons. - -On croyait deviner qu'il avait dû vivre jadis de la vie des champs, car -il avait toutes sortes de secrets utiles qu'il enseignait aux paysans. -Il leur apprenait à détruire la teigne des blés en aspergeant le grenier -et en inondant les fentes du plancher d'une dissolution de sel commun, -et à chasser les charançons en suspendant partout, aux murs et aux -toits, dans les héberges et dans les maisons, de l'orviot en fleur. Il -avait des "recettes" pour extirper d'un champ la luzette, la nielle, la -vesce, la gaverolle, la queue-de-renard, toutes les herbes parasites qui -mangent le blé. Il défendait une lapinière contre les rats rien qu'avec -l'odeur d'un petit cochon de Barbarie qu'il y mettait. Un jour il voyait -des gens du pays très occupés à arracher des orties. Il regarda ce tas -de plantes déracinées et déjà desséchées, et dit: - ---C'est mort. Cela serait pourtant bon si l'on savait s'en servir. Quand -l'ortie est jeune, la feuille est un légume excellent; quand elle -vieillit, elle a des filaments et des fibres comme le chanvre et le lin. -La toile d'ortie vaut la toile de chanvre. Hachée, l'ortie est bonne -pour la volaille; broyée, elle est bonne pour les bêtes à cornes. La -graine de l'ortie mêlée au fourrage donne du luisant au poil des -animaux; la racine mêlée au sel produit une belle couleur jaune. C'est -du reste un excellent foin qu'on peut faucher deux fois. Et que faut-il -à l'ortie? Peu de terre, nul soin, nulle culture. Seulement la graine -tombe à mesure qu'elle mûrit, et est difficile à récolter. Voilà tout. -Avec quelque peine qu'on prendrait, l'ortie serait utile; on la néglige, -elle devient nuisible. Alors on la tue. Que d'hommes ressemblent à -l'ortie! - -Il ajouta après un silence: - ---Mes amis, retenez ceci, il n'y a ni mauvaises herbes ni mauvais -hommes. Il n'y a que de mauvais cultivateurs. - -Les enfants l'aimaient encore parce qu'il savait faire de charmants -petits ouvrages avec de la paille et des noix de coco. - -Quand il voyait la porte d'une église tendue de noir, il entrait; il -recherchait un enterrement comme d'autres recherchent un baptême. Le -veuvage et le malheur d'autrui l'attiraient à cause de sa grande -douceur; il se mêlait aux amis en deuil, aux familles vêtues de noir, -aux prêtres gémissant autour d'un cercueil. Il semblait donner -volontiers pour texte à ses pensées ces psalmodies funèbres pleines de -la vision d'un autre monde. L'oeil au ciel, il écoutait, avec une sorte -d'aspiration vers tous les mystères de l'infini, ces voix tristes qui -chantent sur le bord de l'abîme obscur de la mort. - -Il faisait une foule de bonnes actions en se cachant comme on se cache -pour les mauvaises. Il pénétrait à la dérobée, le soir, dans les -maisons; il montait furtivement des escaliers. Un pauvre diable, en -rentrant dans son galetas, trouvait que sa porte avait été ouverte, -quelquefois même forcée, dans son absence. Le pauvre homme se récriait: -quelque malfaiteur est venu! Il entrait, et la première chose qu'il -voyait, c'était une pièce d'or oubliée sur un meuble. "Le malfaiteur" -qui était venu, c'était le père Madeleine. - -Il était affable et triste. Le peuple disait: «Voilà un homme riche qui -n'a pas l'air fier. Voilà un homme heureux qui n'a pas l'air content.» - -Quelques-uns prétendaient que c'était un personnage mystérieux, et -affirmaient qu'on n'entrait jamais dans sa chambre, laquelle était une -vraie cellule d'anachorète meublée de sabliers ailés et enjolivée de -tibias en croix et de têtes de mort. Cela se disait beaucoup, si bien -que quelques jeunes femmes élégantes et malignes de Montreuil-sur-mer -vinrent chez lui un jour, et lui demandèrent: - ---Monsieur le maire, montrez-nous donc votre chambre. On dit que c'est -une grotte. - -Il sourit, et les introduisit sur-le-champ dans cette «grotte». Elles -furent bien punies de leur curiosité. C'était une chambre garnie tout -bonnement de meubles d'acajou assez laids comme tous les meubles de ce -genre et tapissée de papier à douze sous. Elles n'y purent rien -remarquer que deux flambeaux de forme vieillie qui étaient sur la -cheminée et qui avaient l'air d'être en argent, «car ils étaient -contrôlés». Observation pleine de l'esprit des petites villes. - -On n'en continua pas moins de dire que personne ne pénétrait dans cette -chambre et que c'était une caverne d'ermite, un rêvoir, un trou, un -tombeau. - -On se chuchotait aussi qu'il avait des sommes «immenses» déposées chez -Laffitte, avec cette particularité qu'elles étaient toujours à sa -disposition immédiate, de telle sorte, ajoutait-on, que M. Madeleine -pourrait arriver un matin chez Laffitte, signer un reçu et emporter ses -deux ou trois millions en dix minutes. Dans la réalité ces «deux ou -trois millions» se réduisaient, nous l'avons dit, à six cent trente ou -quarante mille francs. - - - - -Chapitre IV - -M. Madeleine en deuil - - -Au commencement de 1821, les journaux annoncèrent la mort de M. Myriel, -évêque de Digne, «surnommé _monseigneur Bienvenu_», et trépassé en odeur -de sainteté à l'âge de quatre-vingt-deux ans. - -L'évêque de Digne, pour ajouter ici un détail que les journaux omirent, -était, quand il mourut, depuis plusieurs années aveugle, et content -d'être aveugle, sa soeur étant près de lui. - -Disons-le en passant, être aveugle et être aimé, c'est en effet, sur -cette terre où rien n'est complet, une des formes les plus étrangement -exquises du bonheur. Avoir continuellement à ses côtés une femme, une -fille, une soeur, un être charmant, qui est là parce que vous avez -besoin d'elle et parce qu'elle ne peut se passer de vous, se savoir -indispensable à qui nous est nécessaire, pouvoir incessamment mesurer -son affection à la quantité de présence qu'elle nous donne, et se dire: -puisqu'elle me consacre tout son temps, c'est que j'ai tout son coeur; -voir la pensée à défaut de la figure, constater la fidélité d'un être -dans l'éclipse du monde, percevoir le frôlement d'une robe comme un -bruit d'ailes, l'entendre aller et venir, sortir, rentrer, parler, -chanter, et songer qu'on est le centre de ces pas, de cette parole, de -ce chant, manifester à chaque minute sa propre attraction, se sentir -d'autant plus puissant qu'on est plus infirme, devenir dans l'obscurité, -et par l'obscurité, l'astre autour duquel gravite cet ange, peu de -félicités égalent celle-là. Le suprême bonheur de la vie, c'est la -conviction qu'on est aimé; aimé pour soi-même, disons mieux, aimé malgré -soi-même; cette conviction, l'aveugle l'a. Dans cette détresse, être -servi, c'est être caressé. Lui manque-t-il quelque chose? Non. Ce n'est -point perdre la lumière qu'avoir l'amour. Et quel amour! un amour -entièrement fait de vertu. Il n'y a point de cécité où il y a certitude. -L'âme à tâtons cherche l'âme, et la trouve. Et cette âme trouvée et -prouvée est une femme. Une main vous soutient, c'est la sienne; une -bouche effleure votre front, c'est sa bouche; vous entendez une -respiration tout près de vous, c'est elle. Tout avoir d'elle, depuis son -culte jusqu'à sa pitié, n'être jamais quitté, avoir cette douce -faiblesse qui vous secourt, s'appuyer sur ce roseau inébranlable, -toucher de ses mains la providence et pouvoir la prendre dans ses bras, -Dieu palpable, quel ravissement! Le coeur, cette céleste fleur obscure, -entre dans un épanouissement mystérieux. On ne donnerait pas cette ombre -pour toute la clarté. L'âme ange est là, sans cesse là; si elle -s'éloigne, c'est pour revenir; elle s'efface comme le rêve et reparaît -comme la réalité. On sent de la chaleur qui approche, la voilà. On -déborde de sérénité, de gaîté et d'extase; on est un rayonnement dans la -nuit. Et mille petits soins. Des riens qui sont énormes dans ce vide. -Les plus ineffables accents de la voix féminine employés à vous bercer, -et suppléant pour vous à l'univers évanoui. On est caressé avec de -l'âme. On ne voit rien, mais on se sent adoré. C'est un paradis de -ténèbres. - -C'est de ce paradis que monseigneur Bienvenu était passé à l'autre. - -L'annonce de sa mort fut reproduite par le journal local de -Montreuil-sur-mer. M. Madeleine parut le lendemain tout en noir avec un -crêpe à son chapeau. - -On remarqua dans la ville ce deuil, et l'on jasa. Cela parut une lueur -sur l'origine de M. Madeleine. On en conclut qu'il avait quelque -alliance avec le vénérable évêque. _Il drape pour l'évêque de Digne_, -dirent les salons; cela rehaussa fort M. Madeleine, et lui donna -subitement et d'emblée une certaine considération dans le monde noble de -Montreuil-sur-mer. Le microscopique faubourg Saint-Germain de l'endroit -songea à faire cesser la quarantaine de M. Madeleine, parent probable -d'un évêque. M. Madeleine s'aperçut de l'avancement qu'il obtenait à -plus de révérences des vieilles femmes et à plus de sourires des jeunes. -Un soir, une doyenne de ce petit grand monde-là, curieuse par droit -d'ancienneté, se hasarda à lui demander: - ---Monsieur le maire est sans doute cousin du feu évêque de Digne? - -Il dit: - ---Non, madame. - ---Mais, reprit la douairière, vous en portez le deuil? - -Il répondit: - ---C'est que dans ma jeunesse j'ai été laquais dans sa famille. - -Une remarque qu'on faisait encore, c'est que, chaque fois qu'il passait -dans la ville un jeune savoyard courant le pays et cherchant des -cheminées à ramoner, M. le maire le faisait appeler, lui demandait son -nom, et lui donnait de l'argent. Les petits savoyards se le disaient, et -il en passait beaucoup. - - - - -Chapitre V - -Vagues éclairs à l'horizon - - -Peu à peu, et avec le temps, toutes les oppositions étaient tombées. Il -y avait eu d'abord contre M. Madeleine, sorte de loi que subissent -toujours ceux qui s'élèvent, des noirceurs et des calomnies, puis ce ne -fut plus que des méchancetés, puis ce ne fut que des malices, puis cela -s'évanouit tout à fait; le respect devint complet, unanime, cordial, et -il arriva un moment, vers 1821, où ce mot: monsieur le maire, fut -prononcé à Montreuil-sur-mer presque du même accent que ce mot: -monseigneur l'évêque, était prononcé à Digne en 1815. On venait de dix -lieues à la ronde consulter M. Madeleine. Il terminait les différends, -il empêchait les procès, il réconciliait les ennemis. Chacun le prenait -pour juge de son bon droit. Il semblait qu'il eût pour âme le livre de -la loi naturelle. Ce fut comme une contagion de vénération qui, en six -ou sept ans et de proche en proche, gagna tout le pays. - -Un seul homme, dans la ville et dans l'arrondissement, se déroba -absolument à cette contagion, et, quoi que fît le père Madeleine, y -demeura rebelle, comme si une sorte d'instinct, incorruptible et -imperturbable, l'éveillait et l'inquiétait. Il semblerait en effet qu'il -existe dans certains hommes un véritable instinct bestial, pur et -intègre comme tout instinct, qui crée les antipathies et les sympathies, -qui sépare fatalement une nature d'une autre nature, qui n'hésite pas, -qui ne se trouble, ne se tait et ne se dément jamais, clair dans son -obscurité, infaillible, impérieux, réfractaire à tous les conseils de -l'intelligence et à tous les dissolvants de la raison, et qui, de -quelque façon que les destinées soient faites, avertit secrètement -l'homme-chien de la présence de l'homme-chat, et l'homme-renard de la -présence de l'homme-lion. - -Souvent, quand M. Madeleine passait dans une rue, calme, affectueux, -entouré des bénédictions de tous, il arrivait qu'un homme de haute -taille, vêtu d'une redingote gris de fer, armé d'une grosse canne et -coiffé d'un chapeau rabattu, se retournait brusquement derrière lui, et -le suivait des yeux jusqu'à ce qu'il eût disparu, croisant les bras, -secouant lentement la tête, et haussant sa lèvre supérieure avec sa -lèvre inférieure jusqu'à son nez, sorte de grimace significative qui -pourrait se traduire par: «Mais qu'est-ce que c'est que cet -homme-là?--Pour sûr je l'ai vu quelque part.--En tout cas, je ne suis -toujours pas sa dupe.» - -Ce personnage, grave d'une gravité presque menaçante, était de ceux qui, -même rapidement entrevus, préoccupent l'observateur. - -Il se nommait Javert, et il était de la police. - -Il remplissait à Montreuil-sur-mer les fonctions pénibles, mais utiles, -d'inspecteur. Il n'avait pas vu les commencements de Madeleine. Javert -devait le poste qu'il occupait à la protection de M. Chabouillet, le -secrétaire du ministre d'État, comte Anglès, alors préfet de police à -Paris. Quand Javert était arrivé à Montreuil-sur-mer, la fortune du -grand manufacturier était déjà faite, et le père Madeleine était devenu -monsieur Madeleine. - -Certains officiers de police ont une physionomie à part et qui se -complique d'un air de bassesse mêlé à un air d'autorité. Javert avait -cette physionomie, moins la bassesse. - -Dans notre conviction, si les âmes étaient visibles aux yeux, on verrait -distinctement cette chose étrange que chacun des individus de l'espèce -humaine correspond à quelqu'une des espèces de la création animale; et -l'on pourrait reconnaître aisément cette vérité à peine entrevue par le -penseur, que, depuis l'huître jusqu'à l'aigle, depuis le porc jusqu'au -tigre, tous les animaux sont dans l'homme et que chacun d'eux est dans -un homme. Quelquefois même plusieurs d'entre eux à la fois. - -Les animaux ne sont autre chose que les figures de nos vertus et de nos -vices, errantes devant nos yeux, les fantômes visibles de nos âmes. Dieu -nous les montre pour nous faire réfléchir. Seulement, comme les animaux -ne sont que des ombres, Dieu ne les a point faits éducables dans le sens -complet du mot; à quoi bon? Au contraire, nos âmes étant des réalités et -ayant une fin qui leur est propre, Dieu leur a donné l'intelligence, -c'est-à-dire l'éducation possible. L'éducation sociale bien faite peut -toujours tirer d'une âme, quelle qu'elle soit, l'utilité qu'elle -contient. - -Ceci soit dit, bien entendu, au point de vue restreint de la vie -terrestre apparente, et sans préjuger la question profonde de la -personnalité antérieure et ultérieure des êtres qui ne sont pas l'homme. -Le moi visible n'autorise en aucune façon le penseur à nier le moi -latent. Cette réserve faite, passons. - -Maintenant, si l'on admet un moment avec nous que dans tout homme il y a -une des espèces animales de la création, il nous sera facile de dire ce -que c'était que l'officier de paix Javert. - -Les paysans asturiens sont convaincus que dans toute portée de louve il -y a un chien, lequel est tué par la mère, sans quoi en grandissant il -dévorerait les autres petits. - -Donnez une face humaine à ce chien fils d'une louve, et ce sera Javert. - -Javert était né dans une prison d'une tireuse de cartes dont le mari -était aux galères. En grandissant, il pensa qu'il était en dehors de la -société et désespéra d'y rentrer jamais. Il remarqua que la société -maintient irrémissiblement en dehors d'elle deux classes d'hommes, ceux -qui l'attaquent et ceux qui la gardent; il n'avait le choix qu'entre ces -deux classes; en même temps il se sentait je ne sais quel fond de -rigidité, de régularité et de probité, compliqué d'une inexprimable -haine pour cette race de bohèmes dont il était. Il entra dans la police. - -Il y réussit. À quarante ans il était inspecteur. - -Il avait dans sa jeunesse été employé dans les chiourmes du midi. - -Avant d'aller plus loin, entendons-nous sur ce mot face humaine que nous -appliquions tout à l'heure à Javert. - -La face humaine de Javert consistait en un nez camard, avec deux -profondes narines vers lesquelles montaient sur ses deux joues d'énormes -favoris. On se sentait mal à l'aise la première fois qu'on voyait ces -deux forêts et ces deux cavernes. Quand Javert riait, ce qui était rare -et terrible, ses lèvres minces s'écartaient, et laissaient voir, non -seulement ses dents, mais ses gencives, et il se faisait autour de son -nez un plissement épaté et sauvage comme sur un mufle de bête fauve. -Javert sérieux était un dogue; lorsqu'il riait, c'était un tigre. Du -reste, peu de crâne, beaucoup de mâchoire, les cheveux cachant le front -et tombant sur les sourcils, entre les deux yeux un froncement central -permanent comme une étoile de colère, le regard obscur, la bouche pincée -et redoutable, l'air du commandement féroce. - -Cet homme était composé de deux sentiments très simples, et relativement -très bons, mais qu'il faisait presque mauvais à force de les exagérer: -le respect de l'autorité, la haine de la rébellion; et à ses yeux le -vol, le meurtre, tous les crimes, n'étaient que des formes de la -rébellion. Il enveloppait dans une sorte de foi aveugle et profonde tout -ce qui a une fonction dans l'État, depuis le premier ministre jusqu'au -garde champêtre. Il couvrait de mépris, d'aversion et de dégoût tout ce -qui avait franchi une fois le seuil légal du mal. Il était absolu et -n'admettait pas d'exceptions. D'une part il disait: - ---Le fonctionnaire ne peut se tromper; le magistrat n'a jamais tort. - -D'autre part il disait: - ---Ceux-ci sont irrémédiablement perdus. Rien de bon n'en peut sortir. - -Il partageait pleinement l'opinion de ces esprits extrêmes qui -attribuent à la loi humaine je ne sais quel pouvoir de faire ou, si l'on -veut, de constater des damnés, et qui mettent un Styx au bas de la -société. Il était stoïque, sérieux, austère; rêveur triste; humble et -hautain comme les fanatiques. Son regard était une vrille. Cela était -froid et cela perçait. Toute sa vie tenait dans ces deux mots: veiller -et surveiller. Il avait introduit la ligne droite dans ce qu'il y a de -plus tortueux au monde; il avait la conscience de son utilité, la -religion de ses fonctions, et il était espion comme on est prêtre. -Malheur à qui tombait sous sa main! Il eût arrêté son père s'évadant du -bagne et dénoncé sa mère en rupture de ban. Et il l'eût fait avec cette -sorte de satisfaction intérieure que donne la vertu. Avec cela une vie -de privations, l'isolement, l'abnégation, la chasteté, jamais une -distraction. C'était le devoir implacable, la police comprise comme les -Spartiates comprenaient Sparte, un guet impitoyable, une honnêteté -farouche, un mouchard marmoréen, Brutus dans Vidocq. - -Toute la personne de Javert exprimait l'homme qui épie et qui se dérobe. -L'école mystique de Joseph de Maistre, laquelle à cette époque -assaisonnait de haute cosmogonie ce qu'on appelait les journaux ultras, -n'eût pas manqué de dire que Javert était un symbole. On ne voyait pas -son front qui disparaissait sous son chapeau, on ne voyait pas ses yeux -qui se perdaient sous ses sourcils, on ne voyait pas son menton qui -plongeait dans sa cravate, on ne voyait pas ses mains qui rentraient -dans ses manches, on ne voyait pas sa canne qu'il portait sous sa -redingote. Mais l'occasion venue, on voyait tout à coup sortir de toute -cette ombre, comme d'une embuscade, un front anguleux et étroit, un -regard funeste, un menton menaçant, des mains énormes; et un gourdin -monstrueux. - -À ses moments de loisir, qui étaient peu fréquents, tout en haïssant les -livres, il lisait; ce qui fait qu'il n'était pas complètement illettré. -Cela se reconnaissait à quelque emphase dans la parole. - -Il n'avait aucun vice, nous l'avons dit. Quand il était content de lui, -il s'accordait une prise de tabac. Il tenait à l'humanité par là. - -On comprendra sans peine que Javert était l'effroi de toute cette classe -que la statistique annuelle du ministère de la justice désigne sous la -rubrique: _Gens sans aveu_. Le nom de Javert prononcé les mettait en -déroute; la face de Javert apparaissant les pétrifiait. - -Tel était cet homme formidable. - -Javert était comme un oeil toujours fixé sur M. Madeleine. Oeil plein de -soupçon et de conjectures. M. Madeleine avait fini par s'en apercevoir, -mais il sembla que cela fût insignifiant pour lui. Il ne fit pas même -une question à Javert, il ne le cherchait ni ne l'évitait, et il -portait, sans paraître y faire attention, ce regard gênant et presque -pesant. Il traitait Javert comme tout le monde, avec aisance et bonté. - -À quelques paroles échappées à Javert, on devinait qu'il avait recherché -secrètement, avec cette curiosité qui tient à la race et où il entre -autant d'instinct que de volonté, toutes les traces antérieures que le -père Madeleine avait pu laisser ailleurs. Il paraissait savoir, et il -disait parfois à mots couverts, que quelqu'un avait pris certaines -informations dans un certain pays sur une certaine famille disparue. Une -fois il lui arriva de dire, se parlant à lui-même: - ---Je crois que je le tiens! - -Puis il resta trois jours pensif sans prononcer une parole. Il paraît -que le fil qu'il croyait tenir s'était rompu. Du reste, et ceci est le -correctif nécessaire à ce que le sens de certains mots pourrait -présenter de trop absolu, il ne peut y avoir rien de vraiment -infaillible dans une créature humaine, et le propre de l'instinct est -précisément de pouvoir être troublé, dépisté et dérouté. Sans quoi il -serait supérieur à l'intelligence, et la bête se trouverait avoir une -meilleure lumière que l'homme. - -Javert était évidemment quelque peu déconcerté par le complet naturel et -la tranquillité de M. Madeleine. - -Un jour pourtant son étrange manière d'être parut faire impression sur -M. Madeleine. Voici à quelle occasion. - - - - -Chapitre VI - -Le père Fauchelevent - - -M. Madeleine passait un matin dans une ruelle non pavée de -Montreuil-sur-mer. Il entendit du bruit et vit un groupe à quelque -distance. Il y alla. Un vieux homme, nommé le père Fauchelevent, venait -de tomber sous sa charrette dont le cheval s'était abattu. - -Ce Fauchelevent était un des rares ennemis qu'eût encore M. Madeleine à -cette époque. Lorsque Madeleine était arrivé dans le pays, Fauchelevent, -ancien tabellion et paysan presque lettré, avait un commerce qui -commençait à aller mal. Fauchelevent avait vu ce simple ouvrier qui -s'enrichissait, tandis que lui, maître, se ruinait. Cela l'avait rempli -de jalousie, et il avait fait ce qu'il avait pu en toute occasion pour -nuire à Madeleine. Puis la faillite était venue, et, vieux, n'ayant plus -à lui qu'une charrette et un cheval, sans famille et sans enfants du -reste, pour vivre il s'était fait charretier. - -Le cheval avait les deux cuisses cassées et ne pouvait se relever. Le -vieillard était engagé entre les roues. La chute avait été tellement -malheureuse que toute la voiture pesait sur sa poitrine. La charrette -était assez lourdement chargée. Le père Fauchelevent poussait des râles -lamentables. On avait essayé de le tirer, mais en vain. Un effort -désordonné, une aide maladroite, une secousse à faux pouvaient -l'achever. Il était impossible de le dégager autrement qu'en soulevant -la voiture par-dessous. Javert, qui était survenu au moment de -l'accident, avait envoyé chercher un cric. - -M. Madeleine arriva. On s'écarta avec respect. - ---À l'aide! criait le vieux Fauchelevent. Qui est-ce qui est bon enfant -pour sauver le vieux? - -M. Madeleine se tourna vers les assistants: - ---A-t-on un cric? - ---On en est allé quérir un, répondit un paysan. - ---Dans combien de temps l'aura-t-on? - ---On est allé au plus près, au lieu Flachot, où il y a un maréchal; mais -c'est égal, il faudra bien un bon quart d'heure. - ---Un quart d'heure! s'écria Madeleine. - -Il avait plu la veille, le sol était détrempé, la charrette s'enfonçait -dans la terre à chaque instant et comprimait de plus en plus la poitrine -du vieux charretier. Il était évident qu'avant cinq minutes il aurait -les côtes brisées. - ---Il est impossible d'attendre un quart d'heure, dit Madeleine aux -paysans qui regardaient. - ---Il faut bien! - ---Mais il ne sera plus temps! Vous ne voyez donc pas que la charrette -s'enfonce? - ---Dame! - ---Écoutez, reprit Madeleine, il y a encore assez de place sous la -voiture pour qu'un homme s'y glisse et la soulève avec son dos. Rien -qu'une demi-minute, et l'on tirera le pauvre homme. Y a-t-il ici -quelqu'un qui ait des reins et du coeur? Cinq louis d'or à gagner! - -Personne ne bougea dans le groupe. - ---Dix louis, dit Madeleine. - -Les assistants baissaient les yeux. Un d'eux murmura: - ---Il faudrait être diablement fort. Et puis, on risque de se faire -écraser! - ---Allons! recommença Madeleine, vingt louis! Même silence. - ---Ce n'est pas la bonne volonté qui leur manque, dit une voix. - -M. Madeleine se retourna, et reconnut Javert. Il ne l'avait pas aperçu -en arrivant. Javert continua: - ---C'est la force. Il faudrait être un terrible homme pour faire la chose -de lever une voiture comme cela sur son dos. - -Puis, regardant fixement M. Madeleine, il poursuivit en appuyant sur -chacun des mots qu'il prononçait: - ---Monsieur Madeleine, je n'ai jamais connu qu'un seul homme capable de -faire ce que vous demandez là. - -Madeleine tressaillit. - -Javert ajouta avec un air d'indifférence, mais sans quitter des yeux -Madeleine: - ---C'était un forçat. - ---Ah! dit Madeleine. - ---Du bagne de Toulon. - -Madeleine devint pâle. - -Cependant la charrette continuait à s'enfoncer lentement. Le père -Fauchelevent râlait et hurlait: - ---J'étouffe! Ça me brise les côtes! Un cric! quelque chose! Ah! - -Madeleine regarda autour de lui: - ---Il n'y a donc personne qui veuille gagner vingt louis et sauver la vie -à ce pauvre vieux? - -Aucun des assistants ne remua. Javert reprit: - ---Je n'ai jamais connu qu'un homme qui pût remplacer un cric. C'était ce -forçat. - ---Ah! voilà que ça m'écrase! cria le vieillard. - -Madeleine leva la tête, rencontra l'oeil de faucon de Javert toujours -attaché sur lui, regarda les paysans immobiles, et sourit tristement. -Puis, sans dire une parole, il tomba à genoux, et avant même que la -foule eût eu le temps de jeter un cri, il était sous la voiture. - -Il y eut un affreux moment d'attente et de silence. - -On vit Madeleine presque à plat ventre sous ce poids effrayant essayer -deux fois en vain de rapprocher ses coudes de ses genoux. On lui cria: - ---Père Madeleine! retirez-vous de là! - -Le vieux Fauchelevent lui-même lui dit: - ---Monsieur Madeleine! allez-vous-en! C'est qu'il faut que je meure, -voyez-vous! Laissez-moi! Vous allez vous faire écraser aussi! - -Madeleine ne répondit pas. - -Les assistants haletaient. Les roues avaient continué de s'enfoncer, et -il était déjà devenu presque impossible que Madeleine sortît de dessous -la voiture. - -Tout à coup on vit l'énorme masse s'ébranler, la charrette se soulevait -lentement, les roues sortaient à demi de l'ornière. On entendit une voix -étouffée qui criait: - ---Dépêchez-vous! aidez! - -C'était Madeleine qui venait de faire un dernier effort. - -Ils se précipitèrent. Le dévouement d'un seul avait donné de la force et -du courage à tous. La charrette fut enlevée par vingt bras. Le vieux -Fauchelevent était sauvé. - -Madeleine se releva. Il était blême, quoique ruisselant de sueur. Ses -habits étaient déchirés et couverts de boue. Tous pleuraient. Le -vieillard lui baisait les genoux et l'appelait le bon Dieu. Lui, il -avait sur le visage je ne sais quelle expression de souffrance heureuse -et céleste, et il fixait son oeil tranquille sur Javert qui le regardait -toujours. - - - - -Chapitre VII - -Fauchelevent devient jardinier à Paris - - -Fauchelevent s'était démis la rotule dans sa chute. Le père Madeleine le -fit transporter dans une infirmerie qu'il avait établie pour ses -ouvriers dans le bâtiment même de sa fabrique et qui était desservie par -deux soeurs de charité. Le lendemain matin, le vieillard trouva un -billet de mille francs sur sa table de nuit, avec ce mot de la main du -père Madeleine: _Je vous achète votre charrette et votre cheval_. La -charrette était brisée et le cheval était mort. Fauchelevent guérit, -mais son genou resta ankylosé. M. Madeleine, par les recommandations des -soeurs et de son curé, fit placer le bonhomme comme jardinier dans un -couvent de femmes du quartier Saint-Antoine à Paris. - -Quelque temps après, M. Madeleine fut nommé maire. La première fois que -Javert vit M. Madeleine revêtu de l'écharpe qui lui donnait toute -autorité sur la ville, il éprouva cette sorte de frémissement -qu'éprouverait un dogue qui flairerait un loup sous les habits de son -maître. À partir de ce moment, il l'évita le plus qu'il put. Quand les -besoins du service l'exigeaient impérieusement et qu'il ne pouvait faire -autrement que de se trouver avec M. le maire, il lui parlait avec un -respect profond. - -Cette prospérité créée à Montreuil-sur-mer par le père Madeleine avait, -outre les signes visibles que nous avons indiqués, un autre symptôme -qui, pour n'être pas visible, n'était pas moins significatif. Ceci ne -trompe jamais. - -Quand la population souffre, quand le travail manque, quand le commerce -est nul, le contribuable résiste à l'impôt par pénurie, épuise et -dépasse les délais, et l'état dépense beaucoup d'argent en frais de -contrainte et de rentrée. Quand le travail abonde, quand le pays est -heureux et riche, l'impôt se paye aisément et coûte peu à l'état. On -peut dire que la misère et la richesse publiques ont un thermomètre -infaillible, les frais de perception de l'impôt. En sept ans, les frais -de perception de l'impôt s'étaient réduits des trois quarts dans -l'arrondissement de Montreuil-sur-mer, ce qui faisait fréquemment citer -cet arrondissement entre tous par M. de Villèle, alors ministre des -finances. - -Telle était la situation du pays, lorsque Fantine y revint. Personne ne -se souvenait plus d'elle. Heureusement la porte de la fabrique de M. -Madeleine était comme un visage ami. Elle s'y présenta, et fut admise -dans l'atelier des femmes. Le métier était tout nouveau pour Fantine, -elle n'y pouvait être bien adroite, elle ne tirait donc de sa journée de -travail que peu de chose, mais enfin cela suffisait, le problème était -résolu, elle gagnait sa vie. - - - - -Chapitre VIII - -Madame Victurnien dépense trente-cinq francs pour la morale - - -Quand Fantine vit qu'elle vivait, elle eut un moment de joie. Vivre -honnêtement de son travail, quelle grâce du ciel! Le goût du travail lui -revint vraiment. Elle acheta un miroir, se réjouit d'y regarder sa -jeunesse, ses beaux cheveux et ses belles dents, oublia beaucoup de -choses, ne songea plus qu'à sa Cosette et à l'avenir possible, et fut -presque heureuse. Elle loua une petite chambre et la meubla à crédit sur -son travail futur; reste de ses habitudes de désordre. - -Ne pouvant pas dire qu'elle était mariée, elle s'était bien gardée, -comme nous l'avons déjà fait entrevoir, de parler de sa petite fille. - -En ces commencements, on l'a vu, elle payait exactement les Thénardier. -Comme elle ne savait que signer, elle était obligée de leur écrire par -un écrivain public. - -Elle écrivait souvent. Cela fut remarqué. On commença à dire tout bas -dans l'atelier des femmes que Fantine «écrivait des lettres» et qu'«elle -avait des allures». - -Il n'y a rien de tel pour épier les actions des gens que ceux qu'elles -ne regardent pas.--Pourquoi ce monsieur ne vient-il jamais qu'à la -brune? pourquoi monsieur un tel n'accroche-t-il jamais sa clef au clou -le jeudi? pourquoi prend-il toujours les petites rues? pourquoi madame -descend-elle toujours de son fiacre avant d'arriver à la maison? -pourquoi envoie-t-elle acheter un cahier de papier à lettres, quand elle -en a «plein sa papeterie?» etc., etc.--Il existe des êtres qui, pour -connaître le mot de ces énigmes, lesquelles leur sont du reste -parfaitement indifférentes, dépensent plus d'argent, prodiguent plus de -temps, se donnent plus de peine qu'il n'en faudrait pour dix bonnes -actions; et cela, gratuitement, pour le plaisir, sans être payés de la -curiosité autrement que par la curiosité. Ils suivront celui-ci ou -celle-là des jours entiers, feront faction des heures à des coins de -rue, sous des portes d'allées, la nuit, par le froid et par la pluie, -corrompront des commissionnaires, griseront des cochers de fiacre et des -laquais, achèteront une femme de chambre, feront acquisition d'un -portier. Pourquoi? pour rien. Pur acharnement de voir, de savoir et de -pénétrer. Pure démangeaison de dire. Et souvent ces secrets connus, ces -mystères publiés, ces énigmes éclairées du grand jour, entraînent des -catastrophes, des duels, des faillites, des familles ruinées, des -existences brisées, à la grande joie de ceux qui ont «tout découvert» -sans intérêt et par pur instinct. Chose triste. - -Certaines personnes sont méchantes uniquement par besoin de parler. Leur -conversation, causerie dans le salon, bavardage dans l'antichambre, est -comme ces cheminées qui usent vite le bois; il leur faut beaucoup de -combustible; et le combustible, c'est le prochain. - -On observa donc Fantine. - -Avec cela, plus d'une était jalouse de ses cheveux blonds et de ses -dents blanches. On constata que dans l'atelier, au milieu des autres, -elle se détournait souvent pour essuyer une larme. C'étaient les moments -où elle songeait à son enfant; peut-être aussi à l'homme qu'elle avait -aimé. - -C'est un douloureux labeur que la rupture des sombres attaches du passé. - -On constata qu'elle écrivait, au moins deux fois par mois, toujours à la -même adresse, et qu'elle affranchissait la lettre. On parvint à se -procurer l'adresse: _Monsieur, Monsieur Thénardier, aubergiste, à -Montfermeil_. On fit jaser au cabaret l'écrivain public, vieux bonhomme -qui ne pouvait pas emplir son estomac de vin rouge sans vider sa poche -aux secrets. Bref, on sut que Fantine avait un enfant. «Ce devait être -une espèce de fille.» Il se trouva une commère qui fit le voyage de -Montfermeil, parla aux Thénardier, et dit à son retour: «Pour mes -trente-cinq francs, j'en ai eu le coeur net. J'ai vu l'enfant!» - -La commère qui fit cela était une gorgone appelée madame Victurnien, -gardienne et portière de la vertu de tout le monde. Madame Victurnien -avait cinquante-six ans, et doublait le masque de la laideur du masque -de la vieillesse. Voix chevrotante, esprit capricant. Cette vieille -femme avait été jeune, chose étonnante. Dans sa jeunesse, en plein 93, -elle avait épousé un moine échappé du cloître en bonnet rouge et passé -des bernardins aux jacobins. Elle était sèche, rêche, revêche, pointue, -épineuse, presque venimeuse; tout en se souvenant de son moine dont elle -était veuve, et qui l'avait fort domptée et pliée. C'était une ortie où -l'on voyait le froissement du froc. À la restauration, elle s'était -faite bigote, et si énergiquement que les prêtres lui avaient pardonné -son moine. Elle avait un petit bien qu'elle léguait bruyamment à une -communauté religieuse. Elle était fort bien vue à l'évêché d'Arras. -Cette madame Victurnien donc alla à Montfermeil, et revint en disant: -«J'ai vu l'enfant». - -Tout cela prit du temps. Fantine était depuis plus d'un an à la -fabrique, lorsqu'un matin la surveillante de l'atelier lui remit, de la -part de M. le maire, cinquante francs, en lui disant qu'elle ne faisait -plus partie de l'atelier et en l'engageant, de la part de M. le maire, à -quitter le pays. - -C'était précisément dans ce même mois que les Thénardier, après avoir -demandé douze francs au lieu de six, venaient d'exiger quinze francs au -lieu de douze. - -Fantine fut atterrée. Elle ne pouvait s'en aller du pays, elle devait -son loyer et ses meubles. Cinquante francs ne suffisaient pas pour -acquitter cette dette. Elle balbutia quelques mots suppliants. La -surveillante lui signifia qu'elle eût à sortir sur-le-champ de -l'atelier. Fantine n'était du reste qu'une ouvrière médiocre. Accablée -de honte plus encore que de désespoir, elle quitta l'atelier et rentra -dans sa chambre. Sa faute était donc maintenant connue de tous! - -Elle ne se sentit plus la force de dire un mot. On lui conseilla de voir -M. le maire; elle n'osa pas. M. le maire lui donnait cinquante francs, -parce qu'il était bon, et la chassait, parce qu'il était juste. Elle -plia sous cet arrêt. - - - - -Chapitre IX - -Succès de Madame Victurnien - - -La veuve du moine fut donc bonne à quelque chose. - -Du reste, M. Madeleine n'avait rien su de tout cela. Ce sont là de ces -combinaisons d'événements dont la vie est pleine. M. Madeleine avait -pour habitude de n'entrer presque jamais dans l'atelier des femmes. Il -avait mis à la tête de cet atelier une vieille fille, que le curé lui -avait donnée, et il avait toute confiance dans cette surveillante, -personne vraiment respectable, ferme, équitable, intègre, remplie de la -charité qui consiste à donner, mais n'ayant pas au même degré la charité -qui consiste à comprendre et à pardonner. M. Madeleine se remettait de -tout sur elle. Les meilleurs hommes sont souvent forcés de déléguer leur -autorité. C'est dans cette pleine puissance et avec la conviction -qu'elle faisait bien, que la surveillante avait instruit le procès, -jugé, condamné et exécuté Fantine. - -Quant aux cinquante francs, elle les avait donnés sur une somme que M. -Madeleine lui confiait pour aumônes et secours aux ouvrières et dont -elle ne rendait pas compte. - -Fantine s'offrit comme servante dans le pays; elle alla d'une maison à -l'autre. Personne ne voulut d'elle. Elle n'avait pu quitter la ville. Le -marchand fripier auquel elle devait ses meubles, quels meubles! lui -avait dit: «Si vous vous en allez, je vous fais arrêter comme voleuse.» -Le propriétaire auquel elle devait son loyer, lui avait dit: - -«Vous êtes jeune et jolie, vous pouvez payer.» Elle partagea les -cinquante francs entre le propriétaire et le fripier, rendit au marchand -les trois quarts de son mobilier, ne garda que le nécessaire, et se -trouva sans travail, sans état, n'ayant plus que son lit, et devant -encore environ cent francs. - -Elle se mit à coudre de grosses chemises pour les soldats de la -garnison, et gagnait douze sous par jour. Sa fille lui en coûtait dix. -C'est en ce moment qu'elle commença à mal payer les Thénardier. - -Cependant une vieille femme qui lui allumait sa chandelle quand elle -rentrait le soir, lui enseigna l'art de vivre dans la misère. Derrière -vivre de peu, il y a vivre de rien. Ce sont deux chambres; la première -est obscure, la seconde est noire. - -Fantine apprit comment on se passe tout à fait de feu en hiver, comment -on renonce à un oiseau qui vous mange un liard de millet tous les deux -jours, comment on fait de son jupon sa couverture et de sa couverture -son jupon, comment on ménage sa chandelle en prenant son repas à la -lumière de la fenêtre d'en face. On ne sait pas tout ce que certains -êtres faibles, qui ont vieilli dans le dénûment et l'honnêteté, savent -tirer d'un sou. Cela finit par être un talent. Fantine acquit ce sublime -talent et reprit un peu de courage. - -À cette époque, elle disait à une voisine: - ---Bah! je me dis: en ne dormant que cinq heures et en travaillant tout -le reste à mes coutures, je parviendrai bien toujours à gagner à peu -près du pain. Et puis, quand on est triste, on mange moins. Eh bien! des -souffrances, des inquiétudes, un peu de pain d'un côté, des chagrins de -l'autre, tout cela me nourrira. - -Dans cette détresse, avoir sa petite fille eût été un étrange bonheur. -Elle songea à la faire venir. Mais quoi! lui faire partager son -dénûment! Et puis, elle devait aux Thénardier! comment s'acquitter? Et -le voyage! comment le payer? - -La vieille qui lui avait donné ce qu'on pourrait appeler des leçons de -vie indigente était une sainte fille nommée Marguerite, dévote de la -bonne dévotion, pauvre, et charitable pour les pauvres et même pour les -riches, sachant tout juste assez écrire pour signer _Margueritte_, et -croyant en Dieu, ce qui est la science. - -Il y a beaucoup de ces vertus-là en bas; un jour elles seront en haut. -Cette vie a un lendemain. - -Dans les premiers temps, Fantine avait été si honteuse qu'elle n'avait -pas osé sortir. Quand elle était dans la rue, elle devinait qu'on se -retournait derrière elle et qu'on la montrait du doigt; tout le monde la -regardait et personne ne la saluait; le mépris âcre et froid des -passants lui pénétrait dans la chair et dans l'âme comme une bise. - -Dans les petites villes, il semble qu'une malheureuse soit nue sous les -sarcasmes et la curiosité de tous. À Paris, du moins, personne ne vous -connaît, et cette obscurité est un vêtement. Oh! comme elle eût souhaité -venir à Paris! Impossible. - -Il fallut bien s'accoutumer à la déconsidération, comme elle s'était -accoutumée à l'indigence. Peu à peu elle en prit son parti. Après deux -ou trois mois elle secoua la honte et se remit à sortir comme si de rien -n'était. - ---Cela m'est bien égal, dit-elle. - -Elle alla et vint, la tête haute, avec un sourire amer, et sentit -qu'elle devenait effrontée. - -Madame Victurnien quelquefois la voyait passer de sa fenêtre, remarquait -la détresse de «cette créature», grâce à elle "remise à sa place", et se -félicitait. Les méchants ont un bonheur noir. - -L'excès du travail fatiguait Fantine, et la petite toux sèche qu'elle -avait augmenta. Elle disait quelquefois à sa voisine Marguerite: «Tâtez -donc comme mes mains sont chaudes.» - -Cependant le matin, quand elle peignait avec un vieux peigne cassé ses -beaux cheveux qui ruisselaient comme de la soie floche, elle avait une -minute de coquetterie heureuse. - - - - -Chapitre X - -Suite du succès - - -Elle avait été congédiée vers la fin de l'hiver; l'été se passa, mais -l'hiver revint. Jours courts, moins de travail. L'hiver, point de -chaleur, point de lumière, point de midi, le soir touche au matin, -brouillard, crépuscule, la fenêtre est grise, on n'y voit pas clair. Le -ciel est un soupirail. Toute la journée est une cave. Le soleil a l'air -d'un pauvre. L'affreuse saison! L'hiver change en pierre l'eau du ciel -et le coeur de l'homme. Ses créanciers la harcelaient. - -Fantine gagnait trop peu. Ses dettes avaient grossi. Les Thénardier, mal -payés, lui écrivaient à chaque instant des lettres dont le contenu la -désolait et dont le port la ruinait. Un jour ils lui écrivirent que sa -petite Cosette était toute nue par le froid qu'il faisait, qu'elle avait -besoin d'une jupe de laine, et qu'il fallait au moins que la mère -envoyât dix francs pour cela. Elle reçut la lettre, et la froissa dans -ses mains tout le jour. Le soir elle entra chez un barbier qui habitait -le coin de la rue, et défit son peigne. Ses admirables cheveux blonds -lui tombèrent jusqu'aux reins. - ---Les beaux cheveux! s'écria le barbier. - ---Combien m'en donneriez-vous? dit-elle. - ---Dix francs. - ---Coupez-les. - -Elle acheta une jupe de tricot et l'envoya aux Thénardier. - -Cette jupe fit les Thénardier furieux. C'était de l'argent qu'ils -voulaient. Ils donnèrent la jupe à Eponine. La pauvre Alouette continua -de frissonner. - -Fantine pensa: «Mon enfant n'a plus froid. Je l'ai habillée de mes -cheveux.» Elle mettait de petits bonnets ronds qui cachaient sa tête -tondue et avec lesquels elle était encore jolie. - -Un travail ténébreux se faisait dans le coeur de Fantine. Quand elle vit -qu'elle ne pouvait plus se coiffer, elle commença à tout prendre en -haine autour d'elle. Elle avait longtemps partagé la vénération de tous -pour le père Madeleine; cependant, à force de se répéter que c'était lui -qui l'avait chassée, et qu'il était la cause de son malheur, elle en -vint à le haïr lui aussi, lui surtout. Quand elle passait devant la -fabrique aux heures où les ouvriers sont sur la porte, elle affectait de -rire et de chanter. - -Une vieille ouvrière qui la vit une fois chanter et rire de cette façon -dit: - ---Voilà une fille qui finira mal. - -Elle prit un amant, le premier venu, un homme qu'elle n'aimait pas, par -bravade, avec la rage dans le coeur. C'était un misérable, une espèce de -musicien mendiant, un oisif gueux, qui la battait, et qui la quitta -comme elle l'avait pris, avec dégoût. Elle adorait son enfant. - -Plus elle descendait, plus tout devenait sombre autour d'elle plus ce -doux petit ange rayonnait dans le fond de son âme. Elle disait. Quand je -serai riche, j'aurai ma Cosette avec moi; et elle riait. La toux ne la -quittait pas, et elle avait des sueurs dans le dos. - -Un jour elle reçut des Thénardier une lettre ainsi conçue: - -«Cosette est malade d'une maladie qui est dans le pays. Une fièvre -miliaire, qu'ils appellent. Il faut des drogues chères. Cela nous ruine -et nous ne pouvons plus payer. Si vous ne nous envoyez pas quarante -francs avant huit jours, la petite est morte.» - -Elle se mit à rire aux éclats, et elle dit à sa vieille voisine: - ---Ah! ils sont bons! quarante francs! que ça! ça fait deux napoléons! Où -veulent-ils que je les prenne? Sont-ils bêtes, ces paysans! - -Cependant elle alla dans l'escalier près d'une lucarne et relut la -lettre. - -Puis elle descendit l'escalier et sortit en courant et en sautant, riant -toujours. Quelqu'un qui la rencontra lui dit: - ---Qu'est-ce que vous avez donc à être si gaie? - -Elle répondit: - ---C'est une bonne bêtise que viennent de m'écrire des gens de la -campagne. Ils me demandent quarante francs. Paysans, va! - -Comme elle passait sur la place, elle vit beaucoup de monde qui -entourait une voiture de forme bizarre sur l'impériale de laquelle -pérorait tout debout un homme vêtu de rouge. C'était un bateleur -dentiste en tournée, qui offrait au public des râteliers complets, des -opiats, des poudres et des élixirs. - -Fantine se mêla au groupe et se mit à rire comme les autres de cette -harangue où il y avait de l'argot pour la canaille et du jargon pour les -gens comme il faut. L'arracheur de dents vit cette belle fille qui -riait, et s'écria tout à coup: - ---Vous avez de jolies dents, la fille qui riez là. Si vous voulez me -vendre vos deux palettes, je vous donne de chaque un napoléon d'or. - ---Qu'est-ce que c'est que ça, mes palettes? demanda Fantine. - ---Les palettes, reprit le professeur dentiste, c'est les dents de -devant, les deux d'en haut. - ---Quelle horreur! s'écria Fantine. - ---Deux napoléons! grommela une vieille édentée qui était là. Qu'en voilà -une qui est heureuse! - -Fantine s'enfuit, et se boucha les oreilles pour ne pas entendre la voix -enrouée de l'homme qui lui criait: Réfléchissez, la belle! deux -napoléons, ça peut servir. Si le coeur vous en dit, venez ce soir à -l'auberge du _Tillac d'argent_, vous m'y trouverez. - -Fantine rentra, elle était furieuse et conta la chose à sa bonne voisine -Marguerite: - ---Comprenez-vous cela? ne voilà-t-il pas un abominable homme? comment -laisse-t-on des gens comme cela aller dans le pays! M'arracher mes deux -dents de devant! mais je serais horrible! Les cheveux repoussent, mais -les dents! Ah! le monstre d'homme! j'aimerais mieux me jeter d'un -cinquième la tête la première sur le pavé! Il m'a dit qu'il serait ce -soir au _Tillac d'argent_. - ---Et qu'est-ce qu'il offrait? demanda Marguerite. - ---Deux napoléons. - ---Cela fait quarante francs. - ---Oui, dit Fantine, cela fait quarante francs. - -Elle resta pensive, et se mit à son ouvrage. Au bout d'un quart d'heure, -elle quitta sa couture et alla relire la lettre des Thénardier sur -l'escalier. - -En rentrant, elle dit à Marguerite qui travaillait près d'elle: - ---Qu'est-ce que c'est donc que cela, une fièvre miliaire? Savez-vous? - ---Oui, répondit la vieille fille, c'est une maladie. - ---Ça a donc besoin de beaucoup de drogues? - ---Oh! des drogues terribles. - ---Où ça vous prend-il? - ---C'est une maladie qu'on a comme ça. - ---Cela attaque donc les enfants? - ---Surtout les enfants. - ---Est-ce qu'on en meurt? - ---Très bien, dit Marguerite. - -Fantine sortit et alla encore une fois relire la lettre sur l'escalier. - -Le soir elle descendit, et on la vit qui se dirigeait du côté de la rue -de Paris où sont les auberges. - -Le lendemain matin, comme Marguerite entrait dans la chambre de Fantine -avant le jour, car elles travaillaient toujours ensemble et de cette -façon n'allumaient qu'une chandelle pour deux, elle trouva Fantine -assise sur son lit, pâle, glacée. Elle ne s'était pas couchée. Son -bonnet était tombé sur ses genoux. La chandelle avait brûlé toute la -nuit et était presque entièrement consumée. - -Marguerite s'arrêta sur le seuil, pétrifiée de cet énorme désordre, et -s'écria: - ---Seigneur! la chandelle qui est toute brûlée! il s'est passé des -événements! - -Puis elle regarda Fantine qui tournait vers elle sa tête sans cheveux. - -Fantine depuis la veille avait vieilli de dix ans. - ---Jésus! fit Marguerite, qu'est-ce que vous avez, Fantine? - ---Je n'ai rien, répondit Fantine. Au contraire. Mon enfant ne mourra pas -de cette affreuse maladie, faute de secours. Je suis contente. - -En parlant ainsi, elle montrait à la vieille fille deux napoléons qui -brillaient sur la table. - ---Ah, Jésus Dieu! dit Marguerite. Mais c'est une fortune! Où avez-vous -eu ces louis d'or? - ---Je les ai eus, répondit Fantine. - -En même temps elle sourit. La chandelle éclairait son visage. C'était un -sourire sanglant. Une salive rougeâtre lui souillait le coin des lèvres, -et elle avait un trou noir dans la bouche. - -Les deux dents étaient arrachées. - -Elle envoya les quarante francs à Montfermeil. - -Du reste c'était une ruse des Thénardier pour avoir de l'argent. Cosette -n'était pas malade. - -Fantine jeta son miroir par la fenêtre. Depuis longtemps elle avait -quitté sa cellule du second pour une mansarde fermée d'un loquet sous le -toit; un de ces galetas dont le plafond fait angle avec le plancher et -vous heurte à chaque instant la tête. Le pauvre ne peut aller au fond de -sa chambre comme au fond de sa destinée qu'en se courbant de plus en -plus. Elle n'avait plus de lit, il lui restait une loque qu'elle -appelait sa couverture, un matelas à terre et une chaise dépaillée. Un -petit rosier qu'elle avait s'était désséché dans un coin, oublié. Dans -l'autre coin, il y avait un pot à beurre à mettre l'eau, qui gelait -l'hiver, et où les différents niveaux de l'eau restaient longtemps -marqués par des cercles de glace. Elle avait perdu la honte, elle perdit -la coquetterie. Dernier signe. Elle sortait avec des bonnets sales. Soit -faute de temps, soit indifférence, elle ne raccommodait plus son linge. -À mesure que les talons s'usaient, elle tirait ses bas dans ses -souliers. Cela se voyait à de certains plis perpendiculaires. Elle -rapiéçait son corset, vieux et usé, avec des morceaux de calicot qui se -déchiraient au moindre mouvement. Les gens auxquels elle devait, lui -faisaient «des scènes», et ne lui laissaient aucun repos. Elle les -trouvait dans la rue, elle les retrouvait dans son escalier. Elle -passait des nuits à pleurer et à songer. Elle avait les yeux très -brillants, et elle sentait une douleur fixe dans l'épaule, vers le haut -de l'omoplate gauche. Elle toussait beaucoup. Elle haïssait profondément -le père Madeleine, et ne se plaignait pas. Elle cousait dix-sept heures -par jour; mais un entrepreneur du travail des prisons, qui faisait -travailler les prisonnières au rabais, fit tout à coup baisser les prix, -ce qui réduisit la journée des ouvrières libres à neuf sous. Dix-sept -heures de travail, et neuf sous par jour! Ses créanciers étaient plus -impitoyables que jamais. Le fripier, qui avait repris presque tous les -meubles, lui disait sans cesse: Quand me payeras-tu, coquine? Que -voulait-on d'elle, bon Dieu! Elle se sentait traquée et il se -développait en elle quelque chose de la bête farouche. Vers le même -temps, le Thénardier lui écrivit que décidément il avait attendu avec -beaucoup trop de bonté, et qu'il lui fallait cent francs, tout de suite; -sinon qu'il mettrait à la porte la petite Cosette, toute convalescente -de sa grande maladie, par le froid, par les chemins, et qu'elle -deviendrait ce qu'elle pourrait, et qu'elle crèverait, si elle voulait. -«Cent francs, songea Fantine! Mais où y a-t-il un état à gagner cent -sous par jour?» - ---Allons! dit-elle, vendons le reste. - -L'infortunée se fit fille publique. - - - - -Chapitre XI - -_Christus nos liberavit_ - - -Qu'est-ce que c'est que cette histoire de Fantine? C'est la société -achetant une esclave. - -À qui? À la misère. - -À la faim, au froid, à l'isolement, à l'abandon, au dénûment. Marché -douloureux. Une âme pour un morceau de pain. La misère offre, la société -accepte. - -La sainte loi de Jésus-Christ gouverne notre civilisation, mais elle ne -la pénètre pas encore. On dit que l'esclavage a disparu de la -civilisation européenne. C'est une erreur. Il existe toujours, mais il -ne pèse plus que sur la femme, et il s'appelle prostitution. - -Il pèse sur la femme, c'est-à-dire sur la grâce, sur la faiblesse, sur -la beauté, sur la maternité. Ceci n'est pas une des moindres hontes de -l'homme. - -Au point de ce douloureux drame où nous sommes arrivés, il ne reste plus -rien à Fantine de ce qu'elle a été autrefois. Elle est devenue marbre en -devenant boue. Qui la touche a froid. Elle passe, elle vous subit et -elle vous ignore; elle est la figure déshonorée et sévère. La vie et -l'ordre social lui ont dit leur dernier mot. Il lui est arrivé tout ce -qui lui arrivera. Elle a tout ressenti, tout supporté, tout éprouvé, -tout souffert, tout perdu, tout pleuré. Elle est résignée de cette -résignation qui ressemble à l'indifférence comme la mort ressemble au -sommeil. Elle n'évite plus rien. Elle ne craint plus rien. Tombe sur -elle toute la nuée et passe sur elle tout l'océan! que lui importe! -c'est une éponge imbibée. - -Elle le croit du moins, mais c'est une erreur de s'imaginer qu'on épuise -le sort et qu'on touche le fond de quoi que ce soit. - -Hélas! qu'est-ce que toutes ces destinées ainsi poussées pêle-mêle? où -vont-elles? pourquoi sont-elles ainsi? - -Celui qui sait cela voit toute l'ombre. - -Il est seul. Il s'appelle Dieu. - - - - -Chapitre XII - -Le désoeuvrement de M. Bamatabois - - -Il y a dans toutes les petites villes, et il y avait à Montreuil-sur-mer -en particulier, une classe de jeunes gens qui grignotent quinze cents -livres de rente en province du même air dont leurs pareils dévorent à -Paris deux cent mille francs par an. Ce sont des êtres de la grande -espèce neutre; hongres, parasites, nuls, qui ont un peu de terre, un peu -de sottise et un peu d'esprit, qui seraient des rustres dans un salon et -se croient des gentilshommes au cabaret, qui disent: mes prés, mes bois, -mes paysans, sifflent les actrices du théâtre pour prouver qu'ils sont -gens de goût, querellent les officiers de la garnison pour montrer -qu'ils sont gens de guerre, chassent, fument, bâillent, boivent, sentent -le tabac, jouent au billard, regardent les voyageurs descendre de -diligence, vivent au café, dînent à l'auberge, ont un chien qui mange -les os sous la table et une maîtresse qui pose les plats dessus, -tiennent à un sou, exagèrent les modes, admirent la tragédie, méprisent -les femmes, usent leurs vieilles bottes, copient Londres à travers Paris -et Paris à travers Pont-à-Mousson, vieillissent hébétés, ne travaillent -pas, ne servent à rien et ne nuisent pas à grand'chose. - -M. Félix Tholomyès, resté dans sa province et n'ayant jamais vu Paris, -serait un de ces hommes-là. - -S'ils étaient plus riches, on dirait: ce sont des élégants; s'ils -étaient plus pauvres, on dirait: ce sont des fainéants. Ce sont tout -simplement des désoeuvrés. Parmi ces désoeuvrés, il y a des ennuyeux, -des ennuyés, des rêvasseurs, et quelques drôles. - -Dans ce temps-là, un élégant se composait d'un grand col, d'une grande -cravate, d'une montre à breloques, de trois gilets superposés de -couleurs différentes, le bleu et le rouge en dedans, d'un habit couleur -olive à taille courte, à queue de morue, à double rangée de boutons -d'argent serrés les uns contre les autres et montant jusque sur -l'épaule, et d'un pantalon olive plus clair, orné sur les deux coutures -d'un nombre de côtes indéterminé, mais toujours impair, variant de une à -onze, limite qui n'était jamais franchie. Ajoutez à cela des -souliers-bottes avec de petits fers au talon, un chapeau à haute forme -et à bords étroits, des cheveux en touffe, une énorme canne, et une -conversation rehaussée des calembours de Potier. Sur le tout des éperons -et des moustaches. À cette époque, des moustaches voulaient dire -bourgeois et des éperons voulaient dire piéton. - -L'élégant de province portait les éperons plus longs et les moustaches -plus farouches. C'était le temps de la lutte des républiques de -l'Amérique méridionale contre le roi d'Espagne, de Bolivar contre -Morillo. Les chapeaux à petits bords étaient royalistes et se nommaient -des morillos; les libéraux portaient des chapeaux à larges bords qui -s'appelaient des bolivars. - -Huit ou dix mois donc après ce qui a été raconté dans les pages -précédentes, vers les premiers jours de janvier 1823, un soir qu'il -avait neigé, un de ces élégants, un de ces désoeuvrés, un "bien -pensant", car il avait un morillo, de plus chaudement enveloppé d'un de -ces grands manteaux qui complétaient dans les temps froids le costume à -la mode, se divertissait à harceler une créature qui rôdait en robe de -bal et toute décolletée avec des fleurs sur la tête devant la vitre du -café des officiers. Cet élégant fumait, car c'était décidément la mode. - -Chaque fois que cette femme passait devant lui, il lui jetait, avec une -bouffée de la fumée de son cigare, quelque apostrophe qu'il croyait -spirituelle et gaie, comme:--Que tu es laide!--Veux-tu te cacher!--Tu -n'as pas de dents! etc., etc.--Ce monsieur s'appelait monsieur -Bamatabois. La femme, triste spectre paré qui allait et venait sur la -neige, ne lui répondait pas, ne le regardait même pas, et n'en -accomplissait pas moins en silence et avec une régularité sombre sa -promenade qui la ramenait de cinq minutes en cinq minutes sous le -sarcasme, comme le soldat condamné qui revient sous les verges. Ce peu -d'effet piqua sans doute l'oisif qui, profitant d'un moment où elle se -retournait, s'avança derrière elle à pas de loup et en étouffant son -rire, se baissa, prit sur le pavé une poignée de neige et la lui plongea -brusquement dans le dos entre ses deux épaules nues. La fille poussa un -rugissement, se tourna, bondit comme une panthère, et se rua sur -l'homme, lui enfonçant ses ongles dans le visage, avec les plus -effroyables paroles qui puissent tomber du corps de garde dans le -ruisseau. Ces injures, vomies d'une voix enrouée par l'eau-de-vie, -sortaient hideusement d'une bouche à laquelle manquaient en effet les -deux dents de devant. C'était la Fantine. - -Au bruit que cela fit, les officiers sortirent en foule du café, les -passants s'amassèrent, et il se forma un grand cercle riant, huant et -applaudissant, autour de ce tourbillon composé de deux êtres où l'on -avait peine à reconnaître un homme et une femme, l'homme se débattant, -son chapeau à terre, la femme frappant des pieds et des poings, -décoiffée, hurlant, sans dents et sans cheveux, livide de colère, -horrible. Tout à coup un homme de haute taille sortit vivement de la -foule, saisit la femme à son corsage de satin couvert de boue, et lui -dit: Suis-moi! - -La femme leva la tête; sa voix furieuse s'éteignit subitement. Ses yeux -étaient vitreux, de livide elle était devenue pâle, et elle tremblait -d'un tremblement de terreur. Elle avait reconnu Javert. - -L'élégant avait profité de l'incident pour s'esquiver. - - - - -Chapitre XIII - -Solution de quelques questions de police municipale - - -Javert écarta les assistants, rompit le cercle et se mit à marcher à grands -pas vers le bureau de police qui est à l'extrémité de la place, traînant -après lui la misérable. Elle se laissait faire machinalement. Ni lui ni -elle ne disaient un mot. La nuée des spectateurs, au paroxysme de la -joie, suivait avec des quolibets. La suprême misère, occasion -d'obscénités. Arrivé au bureau de police qui était une salle basse -chauffée par un poêle et gardée par un poste, avec une porte vitrée et -grillée sur la rue, Javert ouvrit la porte, entra avec Fantine, et -referma la porte derrière lui, au grand désappointement des curieux qui -se haussèrent sur la pointe du pied et allongèrent le cou devant la -vitre trouble du corps de garde, cherchant à voir. La curiosité est une -gourmandise. Voir, c'est dévorer. - -En entrant, la Fantine alla tomber dans un coin, immobile et muette, -accroupie comme une chienne qui a peur. - -Le sergent du poste apporta une chandelle allumée sur une table. Javert -s'assit, tira de sa poche une feuille de papier timbré et se mit à -écrire. - -Ces classes de femmes sont entièrement remises par nos lois à la -discrétion de la police. Elle en fait ce qu'elle veut, les punit comme -bon lui semble, et confisque à son gré ces deux tristes choses qu'elles -appellent leur industrie et leur liberté. Javert était impassible; son -visage sérieux ne trahissait aucune émotion. Pourtant il était gravement -et profondément préoccupé. C'était un de ces moments où il exerçait sans -contrôle, mais avec tous les scrupules d'une conscience sévère, son -redoutable pouvoir discrétionnaire. En cet instant, il le sentait, son -escabeau d'agent de police était un tribunal. Il jugeait. Il jugeait, et -il condamnait. Il appelait tout ce qu'il pouvait avoir d'idées dans -l'esprit autour de la grande chose qu'il faisait. Plus il examinait le -fait de cette fille, plus il se sentait révolté. Il était évident qu'il -venait de voir commettre un crime. Il venait de voir, là dans la rue, la -société, représentée par un propriétaire-électeur, insultée et attaquée -par une créature en dehors de tout. Une prostituée avait attenté à un -bourgeois. Il avait vu cela, lui Javert. Il écrivait en silence. - -Quand il eut fini, il signa, plia le papier et dit au sergent du poste, -en le lui remettant: - ---Prenez trois hommes, et menez cette fille au bloc. - -Puis se tournant vers la Fantine: - ---Tu en as pour six mois. - -La malheureuse tressaillit. - ---Six mois! six mois de prison! Six mois à gagner sept sous par jour! -Mais que deviendra Cosette? ma fille! ma fille! Mais je dois encore plus -de cent francs aux Thénardier, monsieur l'inspecteur, savez-vous cela? - -Elle se traîna sur la dalle mouillée par les bottes boueuses de tous ces -hommes, sans se lever, joignant les mains, faisant de grands pas avec -ses genoux. - ---Monsieur Javert, dit-elle, je vous demande grâce. Je vous assure que -je n'ai pas eu tort. Si vous aviez vu le commencement, vous auriez vu! -je vous jure le bon Dieu que je n'ai pas eu tort. C'est ce monsieur le -bourgeois que je ne connais pas qui m'a mis de la neige dans le dos. -Est-ce qu'on a le droit de nous mettre de la neige dans le dos quand -nous passons comme cela tranquillement sans faire de mal à personne? -Cela m'a saisie. Je suis un peu malade, voyez-vous! Et puis il y avait -déjà un peu de temps qu'il me disait des raisons. Tu es laide! tu n'as -pas de dents! Je le sais bien que je n'ai plus mes dents. Je ne faisais -rien, moi; je disais: c'est un monsieur qui s'amuse. J'étais honnête -avec lui, je ne lui parlais pas. C'est à cet instant-là qu'il m'a mis de -la neige. Monsieur Javert, mon bon monsieur l'inspecteur! est-ce qu'il -n'y a personne là qui ait vu pour vous dire que c'est bien vrai? J'ai -peut-être eu tort de me fâcher. Vous savez, dans le premier moment, on -n'est pas maître. On a des vivacités. Et puis, quelque chose de si froid -qu'on vous met dans le dos à l'heure que vous ne vous y attendez pas! -J'ai eu tort d'abîmer le chapeau de ce monsieur. Pourquoi s'est-il en -allé? Je lui demanderais pardon. Oh! mon Dieu, cela me serait bien égal -de lui demander pardon. Faites-moi grâce pour aujourd'hui cette fois, -monsieur Javert. Tenez, vous ne savez pas ça, dans les prisons on ne -gagne que sept sous, ce n'est pas la faute du gouvernement, mais on -gagne sept sous, et figurez-vous que j'ai cent francs à payer, ou -autrement on me renverra ma petite. Ô mon Dieu! je ne peux pas l'avoir -avec moi. C'est si vilain ce que je fais! Ô ma Cosette, ô mon petit ange -de la bonne sainte Vierge, qu'est-ce qu'elle deviendra, pauvre loup! Je -vais vous dire, c'est les Thénardier, des aubergistes, des paysans, ça -n'a pas de raisonnement. Il leur faut de l'argent. Ne me mettez pas en -prison! Voyez-vous, c'est une petite qu'on mettrait à même sur la grande -route, va comme tu pourras, en plein coeur d'hiver, il faut avoir pitié -de cette chose-là, mon bon monsieur Javert. Si c'était plus grand, ça -gagnerait sa vie, mais ça ne peut pas, à ces âges-là. Je ne suis pas une -mauvaise femme au fond. Ce n'est pas la lâcheté et la gourmandise qui -ont fait de moi ça. J'ai bu de l'eau-de-vie, c'est par misère. Je ne -l'aime pas, mais cela étourdit. Quand j'étais plus heureuse, on n'aurait -eu qu'à regarder dans mes armoires, on aurait bien vu que je n'étais pas -une femme coquette qui a du désordre. J'avais du linge, beaucoup de -linge. Ayez pitié de moi, monsieur Javert! - -Elle parlait ainsi, brisée en deux, secouée par les sanglots, aveuglée -par les larmes, la gorge nue, se tordant les mains, toussant d'une toux -sèche et courte, balbutiant tout doucement avec la voix de l'agonie. La -grande douleur est un rayon divin et terrible qui transfigure les -misérables. À ce moment-là, la Fantine était redevenue belle. À de -certains instants, elle s'arrêtait et baisait tendrement le bas de la -redingote du mouchard. Elle eût attendri un coeur de granit, mais on -n'attendrit pas un coeur de bois. - ---Allons! dit Javert, je t'ai écoutée. As-tu bien tout dit? Marche à -présent! Tu as tes six mois; _le Père éternel en personne n'y pourrait -plus rien_. - -À cette solennelle parole, Le Père éternel en personne n'y pourrait plus -rien, elle comprit que l'arrêt était prononcé. Elle s'affaissa sur -elle-même en murmurant: - ---Grâce! - -Javert tourna le dos. - -Les soldats la saisirent par les bras. - -Depuis quelques minutes, un homme était entré sans qu'on eût pris garde -à lui. Il avait refermé la porte, s'y était adossé, et avait entendu les -prières désespérées de la Fantine. Au moment où les soldats mirent la -main sur la malheureuse, qui ne voulait pas se lever, il fit un pas, -sortit de l'ombre, et dit: - ---Un instant, s'il vous plaît! - -Javert leva les yeux et reconnut M. Madeleine. Il ôta son chapeau, et -saluant avec une sorte de gaucherie fâchée: - ---Pardon, monsieur le maire.... - -Ce mot, monsieur le maire, fit sur la Fantine un effet étrange. Elle se -dressa debout tout d'une pièce comme un spectre qui sort de terre, -repoussa les soldats des deux bras, marcha droit à M. Madeleine avant -qu'on eût pu la retenir, et le regardant fixement, l'air égaré, elle -cria: - ---Ah! c'est donc toi qui es monsieur le maire! - -Puis elle éclata de rire et lui cracha au visage. - -M. Madeleine s'essuya le visage, et dit: - ---Inspecteur Javert, mettez cette femme en liberté. - -Javert se sentit au moment de devenir fou. Il éprouvait en cet instant, -coup sur coup, et presque mêlées ensemble, les plus violentes émotions -qu'il eût ressenties de sa vie. Voir une fille publique cracher au -visage d'un maire, cela était une chose si monstrueuse que, dans ses -suppositions les plus effroyables, il eût regardé comme un sacrilège de -le croire possible. D'un autre côté, dans le fond de sa pensée, il -faisait confusément un rapprochement hideux entre ce qu'était cette -femme et ce que pouvait être ce maire, et alors il entrevoyait avec -horreur je ne sais quoi de tout simple dans ce prodigieux attentat. Mais -quand il vit ce maire, ce magistrat, s'essuyer tranquillement le visage -et dire: _mettez cette femme en liberté_, il eut comme un éblouissement -de stupeur; la pensée et la parole lui manquèrent également; la somme de -l'étonnement possible était dépassée pour lui. Il resta muet. - -Ce mot n'avait pas porté un coup moins étrange à la Fantine. Elle leva -son bras nu et se cramponna à la clef du poêle comme une personne qui -chancelle. Cependant elle regardait tout autour d'elle et elle se mit à -parler à voix basse, comme si elle se parlait à elle-même. - ---En liberté! qu'on me laisse aller! que je n'aille pas en prison six -mois! Qui est-ce qui a dit cela? Il n'est pas possible qu'on ait dit -cela. J'ai mal entendu. Ça ne peut pas être ce monstre de maire! Est-ce -que c'est vous, mon bon monsieur Javert, qui avez dit qu'on me mette en -liberté? Oh! voyez-vous! je vais vous dire et vous me laisserez aller. -Ce monstre de maire, ce vieux gredin de maire, c'est lui qui est cause -de tout. Figurez-vous, monsieur Javert, qu'il m'a chassée! à cause d'un -tas de gueuses qui tiennent des propos dans l'atelier. Si ce n'est pas -là une horreur! renvoyer une pauvre fille qui fait honnêtement son -ouvrage! Alors je n'ai plus gagné assez, et tout le malheur est venu. -D'abord il y a une amélioration que ces messieurs de la police devraient -bien faire, ce serait d'empêcher les entrepreneurs des prisons de faire -du tort aux pauvres gens. Je vais vous expliquer cela, voyez-vous. Vous -gagnez douze sous dans les chemises, cela tombe à neuf sous, il n'y a -plus moyen de vivre. Il faut donc devenir ce qu'on peut. Moi, j'avais ma -petite Cosette, j'ai bien été forcée de devenir une mauvaise femme. Vous -comprenez à présent, que c'est ce gueux de maire qui a tout fait le mal. -Après cela, j'ai piétiné le chapeau de ce monsieur bourgeois devant le -café des officiers. Mais lui, il m'avait perdu toute ma robe avec sa -neige. Nous autres, nous n'avons qu'une robe de soie, pour le soir. -Voyez-vous, je n'ai jamais fait de mal exprès, vrai, monsieur Javert, et -je vois partout des femmes bien plus méchantes que moi qui sont bien -plus heureuses. Ô monsieur Javert, c'est vous qui avez dit qu'on me -mette dehors, n'est-ce pas? Prenez des informations, parlez à mon -propriétaire, maintenant je paye mon terme, on vous dira bien que je -suis honnête. Ah! mon Dieu, je vous demande pardon, j'ai touché, sans -faire attention, à la clef du poêle, et cela fait fumer. - -M. Madeleine l'écoutait avec une attention profonde. Pendant qu'elle -parlait, il avait fouillé dans son gilet, en avait tiré sa bourse et -l'avait ouverte. Elle était vide. Il l'avait remise dans sa poche. Il -dit à la Fantine: - ---Combien avez-vous dit que vous deviez? - -La Fantine, qui ne regardait que Javert, se retourna de son côté: - ---Est-ce que je te parle à toi! - -Puis s'adressant aux soldats: - ---Dites donc, vous autres, avez-vous vu comme je te vous lui ai craché à -la figure? Ah! vieux scélérat de maire, tu viens ici pour me faire peur, -mais je n'ai pas peur de toi. J'ai peur de monsieur Javert. J'ai peur de -mon bon monsieur Javert! - -En parlant ainsi elle se retourna vers l'inspecteur: - ---Avec ça, voyez-vous, monsieur l'inspecteur, il faut être juste. Je -comprends que vous êtes juste, monsieur l'inspecteur. Au fait, c'est -tout simple, un homme qui joue à mettre un peu de neige dans le dos -d'une femme, ça les faisait rire, les officiers, il faut bien qu'on se -divertisse à quelque chose, nous autres nous sommes là pour qu'on -s'amuse, quoi! Et puis, vous, vous venez, vous êtes bien forcé de mettre -l'ordre, vous emmenez la femme qui a tort, mais en y réfléchissant, -comme vous êtes bon, vous dites qu'on me mette en liberté, c'est pour la -petite, parce que six mois en prison, cela m'empêcherait de nourrir mon -enfant. Seulement n'y reviens plus, coquine! Oh! je n'y reviendrai plus, -monsieur Javert! on me fera tout ce qu'on voudra maintenant, je ne -bougerai plus. Seulement, aujourd'hui, voyez-vous, j'ai crié parce que -cela m'a fait mal, je ne m'attendais pas du tout à cette neige de ce -monsieur, et puis, je vous ai dit, je ne me porte pas très bien, je -tousse, j'ai là dans l'estomac comme une boule qui me brûle, que le -médecin me dit: soignez-vous. Tenez, tâtez, donnez votre main, n'ayez -pas peur, c'est ici. - -Elle ne pleurait plus, sa voix était caressante, elle appuyait sur sa -gorge blanche et délicate la grosse main rude de Javert, et elle le -regardait en souriant. - -Tout à coup elle rajusta vivement le désordre de ses vêtements, fit -retomber les plis de sa robe qui en se traînant s'était relevée presque -à la hauteur du genou, et marcha vers la porte en disant à demi-voix aux -soldats avec un signe de tête amical: - ---Les enfants, monsieur l'inspecteur a dit qu'on me lâche, je m'en vas. - -Elle mit la main sur le loquet. Un pas de plus, elle était dans la rue. - -Javert jusqu'à cet instant était resté debout, immobile, l'oeil fixé à -terre, posé de travers au milieu de cette scène comme une statue -dérangée qui attend qu'on la mette quelque part. - -Le bruit que fit le loquet le réveilla. Il releva la tête avec une -expression d'autorité souveraine, expression toujours d'autant plus -effrayante que le pouvoir se trouve placé plus bas, féroce chez la bête -fauve, atroce chez l'homme de rien. - ---Sergent, cria-t-il, vous ne voyez pas que cette drôlesse s'en va! Qui -est-ce qui vous a dit de la laisser aller? - ---Moi, dit Madeleine. - -La Fantine à la voix de Javert avait tremblé et lâché le loquet comme un -voleur pris lâche l'objet volé. À la voix de Madeleine, elle se -retourna, et à partir de ce moment, sans qu'elle prononçât un mot, sans -qu'elle osât même laisser sortir son souffle librement, son regard alla -tour à tour de Madeleine à Javert et de Javert à Madeleine, selon que -c'était l'un ou l'autre qui parlait. - -Il était évident qu'il fallait que Javert eût été, comme on dit, «jeté -hors des gonds» pour qu'il se fût permis d'apostropher le sergent comme -il l'avait fait, après l'invitation du maire de mettre Fantine en -liberté. En était-il venu à oublier la présence de monsieur le maire? -Avait-il fini par se déclarer à lui-même qu'il était impossible qu'une -«autorité» eût donné un pareil ordre, et que bien certainement monsieur -le maire avait dû dire sans le vouloir une chose pour une autre? Ou -bien, devant les énormités dont il était témoin depuis deux heures, se -disait-il qu'il fallait revenir aux suprêmes résolutions, qu'il était -nécessaire que le petit se fit grand, que le mouchard se transformât en -magistrat, que l'homme de police devînt homme de justice, et qu'en cette -extrémité prodigieuse l'ordre, la loi, la morale, le gouvernement, la -société tout entière, se personnifiaient en lui Javert? - -Quoi qu'il en soit, quand M. Madeleine eut dit ce moi qu'on vient -d'entendre, on vit l'inspecteur de police Javert se tourner vers -monsieur le maire, pâle, froid, les lèvres bleues, le regard désespéré, -tout le corps agité d'un tremblement imperceptible, et, chose inouïe, -lui dire, l'oeil baissé, mais la voix ferme: - ---Monsieur le maire, cela ne se peut pas. - ---Comment? dit M. Madeleine. - ---Cette malheureuse a insulté un bourgeois. - ---Inspecteur Javert, repartit M. Madeleine avec un accent conciliant et -calme, écoutez. Vous êtes un honnête homme, et je ne fais nulle -difficulté de m'expliquer avec vous. Voici le vrai. Je passais sur la -place comme vous emmeniez cette femme, il y avait encore des groupes, je -me suis informé, j'ai tout su, c'est le bourgeois qui a eu tort et qui, -en bonne police, eût dû être arrêté. - -Javert reprit: - ---Cette misérable vient d'insulter monsieur le maire. - ---Ceci me regarde, dit M. Madeleine. Mon injure est à moi peut-être. -J'en puis faire ce que je veux. - ---Je demande pardon à monsieur le maire. Son injure n'est pas à lui, -elle est à la justice. - ---Inspecteur Javert, répliqua M. Madeleine, la première justice, c'est -la conscience. J'ai entendu cette femme. Je sais ce que je fais. - ---Et moi, monsieur le maire, je ne sais pas ce que je vois. - ---Alors contentez-vous d'obéir. - ---J'obéis à mon devoir. Mon devoir veut que cette femme fasse six mois -de prison. - -M. Madeleine répondit avec douceur: - ---Écoutez bien ceci. Elle n'en fera pas un jour. - -À cette parole décisive, Javert osa regarder le maire fixement, et lui -dit, mais avec un son de voix toujours profondément respectueux: - ---Je suis au désespoir de résister à monsieur le maire, c'est la -première fois de ma vie, mais il daignera me permettre de lui faire -observer que je suis dans la limite de mes attributions. Je reste, -puisque monsieur le maire le veut, dans le fait du bourgeois. J'étais -là. C'est cette fille qui s'est jetée sur monsieur Bamatabois, qui est -électeur et propriétaire de cette belle maison à balcon qui fait le coin -de l'esplanade, à trois étages et toute en pierre de taille. Enfin, il y -a des choses dans ce monde! Quoi qu'il en soit, monsieur le maire, cela, -c'est un fait de police de la rue qui me regarde, et je retiens la femme -Fantine. - -Alors M. Madeleine croisa les bras et dit avec une voix sévère que -personne dans la ville n'avait encore entendue: - ---Le fait dont vous parlez est un fait de police municipale. Aux termes -des articles neuf, onze, quinze et soixante-six du code d'instruction -criminelle, j'en suis juge. J'ordonne que cette femme soit mise en -liberté. - -Javert voulut tenter un dernier effort. - ---Mais, monsieur le maire.... - ---Je vous rappelle, à vous, l'article quatre-vingt-un de la loi du 13 -décembre 1799 sur la détention arbitraire. - ---Monsieur le maire, permettez.... - ---Plus un mot. - ---Pourtant.... - ---Sortez, dit M. Madeleine. - -Javert reçut le coup, debout, de face, et en pleine poitrine comme un -soldat russe. Il salua jusqu'à terre monsieur le maire, et sortit. - -Fantine se rangea de la porte et le regarda avec stupeur passer devant -elle. - -Cependant elle aussi était en proie à un bouleversement étrange. Elle -venait de se voir en quelque sorte disputée par deux puissances -opposées. Elle avait vu lutter devant ses yeux deux hommes tenant dans -leurs mains sa liberté, sa vie, son âme, son enfant; l'un de ces hommes -la tirait du côté de l'ombre, l'autre la ramenait vers la lumière. Dans -cette lutte, entrevue à travers les grossissements de l'épouvante, ces -deux hommes lui étaient apparus comme deux géants; l'un parlait comme -son démon, l'autre parlait comme son bon ange. L'ange avait vaincu le -démon, et, chose qui la faisait frissonner de la tête aux pieds, cet -ange, ce libérateur, c'était précisément l'homme qu'elle abhorrait, ce -maire qu'elle avait si longtemps considéré comme l'auteur de tous ses -maux, ce Madeleine! et au moment même où elle venait de l'insulter d'une -façon hideuse, il la sauvait! S'était-elle donc trompée? Devait-elle -donc changer toute son âme?... Elle ne savait, elle tremblait. Elle -écoutait éperdue, elle regardait effarée, et à chaque parole que disait -M. Madeleine, elle sentait fondre et s'écrouler en elle les affreuses -ténèbres de la haine et naître dans son coeur je ne sais quoi de -réchauffant et d'ineffable qui était de la joie, de la confiance et de -l'amour. - -Quand Javert fut sorti, M. Madeleine se tourna vers elle, et lui dit -avec une voix lente, ayant peine à parler comme un homme sérieux qui ne -veut pas pleurer: - ---Je vous ai entendue. Je ne savais rien de ce que vous avez dit. Je -crois que c'est vrai, et je sens que c'est vrai. J'ignorais même que -vous eussiez quitté mes ateliers. Pourquoi ne vous êtes-vous pas -adressée à moi? Mais voici: je payerai vos dettes, je ferai venir votre -enfant, ou vous irez la rejoindre. Vous vivrez ici, à Paris, où vous -voudrez. Je me charge de votre enfant et de vous. Vous ne travaillerez -plus, si vous voulez. Je vous donnerai tout l'argent qu'il vous faudra. -Vous redeviendrez honnête en redevenant heureuse. Et même, écoutez, je -vous le déclare dès à présent, si tout est comme vous le dites, et je -n'en doute pas, vous n'avez jamais cessé d'être vertueuse et sainte -devant Dieu. Oh! pauvre femme! - -C'en était plus que la pauvre Fantine n'en pouvait supporter. Avoir -Cosette! sortir de cette vie infâme! vivre libre, riche, heureuse, -honnête, avec Cosette! voir brusquement s'épanouir au milieu de sa -misère toutes ces réalités du paradis! Elle regarda comme hébétée cet -homme qui lui parlait, et ne put que jeter deux ou trois sanglots: oh! -oh! oh! Ses jarrets plièrent, elle se mit à genoux devant M. Madeleine, -et, avant qu'il eût pu l'en empêcher, il sentit qu'elle lui prenait la -main et que ses lèvres s'y posaient. - -Puis elle s'évanouit. - - - - -Livre sixième--Javert - - - - -Chapitre I - -Commencement du repos - - -M. Madeleine fit transporter la Fantine à cette infirmerie qu'il avait -dans sa propre maison. Il la confia aux soeurs qui la mirent au lit. Une -fièvre ardente était survenue. Elle passa une partie de la nuit à -délirer et à parler haut. Cependant elle finit par s'endormir. - -Le lendemain vers midi Fantine se réveilla, elle entendit une -respiration tout près de son lit, elle écarta son rideau et vit M. -Madeleine debout qui regardait quelque chose au-dessus de sa tête. Ce -regard était plein de pitié et d'angoisse et suppliait. Elle en suivit -la direction et vit qu'il s'adressait à un crucifix cloué au mur. - -M. Madeleine était désormais transfiguré aux yeux de Fantine. Il lui -paraissait enveloppé de lumière. Il était absorbé dans une sorte de -prière. Elle le considéra longtemps sans oser l'interrompre. Enfin elle -lui dit timidement: - ---Que faites-vous donc là? - -M. Madeleine était à cette place depuis une heure. Il attendait que -Fantine se réveillât. Il lui prit la main, lui tâta le pouls, et -répondit: - ---Comment êtes-vous? - ---Bien, j'ai dormi, dit-elle, je crois que je vais mieux. Ce ne sera -rien. - -Lui reprit, répondant à la question qu'elle lui avait adressée d'abord, -comme s'il ne faisait que de l'entendre: - ---Je priais le martyr qui est là-haut. - -Et il ajouta dans sa pensée: «Pour la martyre qui est ici-bas.» - -M. Madeleine avait passé la nuit et la matinée à s'informer. Il savait -tout maintenant. Il connaissait dans tous ses poignants détails -l'histoire de Fantine. Il continua: - ---Vous avez bien souffert, pauvre mère. Oh! ne vous plaignez pas, vous -avez à présent la dot des élus. C'est de cette façon que les hommes font -des anges. Ce n'est point leur faute; ils ne savent pas s'y prendre -autrement. Voyez-vous, cet enfer dont vous sortez est la première forme -du ciel. Il fallait commencer par là. - -Il soupira profondément. Elle cependant lui souriait avec ce sublime -sourire auquel il manquait deux dents. - -Javert dans cette même nuit avait écrit une lettre. Il remit lui-même -cette lettre le lendemain matin au bureau de poste de Montreuil-sur-mer. -Elle était pour Paris, et la suscription portait: À _monsieur -Chabouillet, secrétaire de monsieur le préfet de police_. Comme -l'affaire du corps de garde s'était ébruitée, la directrice du bureau de -poste et quelques autres personnes qui virent la lettre avant le départ -et qui reconnurent l'écriture de Javert sur l'adresse, pensèrent que -c'était sa démission qu'il envoyait. - -M. Madeleine se hâta d'écrire aux Thénardier. Fantine leur devait cent -vingt francs. Il leur envoya trois cents francs en leur disant de se -payer sur cette somme, et d'amener tout de suite l'enfant à -Montreuil-sur-mer où sa mère malade la réclamait. - -Ceci éblouit le Thénardier. - ---Diable! dit-il à sa femme, ne lâchons pas l'enfant. Voilà que cette -mauviette va devenir une vache à lait. Je devine. Quelque jocrisse se -sera amouraché de la mère. - -Il riposta par un mémoire de cinq cents et quelques francs fort bien -fait. Dans ce mémoire figuraient pour plus de trois cents francs deux -notes incontestables, l'une d'un médecin, l'autre d'un apothicaire, -lesquels avaient soigné et médicamenté dans deux longues maladies -Éponine et Azelma. Cosette, nous l'avons dit, n'avait pas été malade. Ce -fut l'affaire d'une toute petite substitution de noms. Thénardier mit au -bas du mémoire: _reçu à compte trois cents francs_. - -M. Madeleine envoya tout de suite trois cents autres francs et écrivit: -Dépêchez-vous d'amener Cosette. - ---Christi! dit le Thénardier, ne lâchons pas l'enfant. - -Cependant Fantine ne se rétablissait point. Elle était toujours à -l'infirmerie. Les soeurs n'avaient d'abord reçu et soigné «cette fille» -qu'avec répugnance. Qui a vu les bas-reliefs de Reims se souvient du -gonflement de la lèvre inférieure des vierges sages regardant les -vierges folles. Cet antique mépris des vestales pour les ambulaïes est -un des plus profonds instincts de la dignité féminine; les soeurs -l'avaient éprouvé, avec le redoublement qu'ajoute la religion. Mais, en -peu de jours, Fantine les avait désarmées. Elle avait toutes sortes de -paroles humbles et douces, et la mère qui était en elle attendrissait. -Un jour les soeurs l'entendirent qui disait à travers la fièvre: - ---J'ai été une pécheresse, mais quand j'aurai mon enfant près de moi, -cela voudra dire que Dieu m'a pardonné. Pendant que j'étais dans le mal, -je n'aurais pas voulu avoir ma Cosette avec moi, je n'aurais pas pu -supporter ses yeux étonnés et tristes. C'était pour elle pourtant que je -faisais le mal, et c'est ce qui fait que Dieu me pardonne. Je sentirai -la bénédiction du bon Dieu quand Cosette sera ici. Je la regarderai, -cela me fera du bien de voir cette innocente. Elle ne sait rien du tout. -C'est un ange, voyez-vous, mes soeurs. À cet âge-là, les ailes, ça n'est -pas encore tombé. - -M. Madeleine l'allait voir deux fois par jour, et chaque fois elle lui -demandait: - ---Verrai-je bientôt ma Cosette? - -Il lui répondait: - ---Peut-être demain matin. D'un moment à l'autre elle arrivera, je -l'attends. - -Et le visage pâle de la mère rayonnait. - ---Oh! disait-elle, comme je vais être heureuse! - -Nous venons de dire qu'elle ne se rétablissait pas. Au contraire, son -état semblait s'aggraver de semaine en semaine. Cette poignée de neige -appliquée à nu sur la peau entre les deux omoplates avait déterminé une -suppression subite de transpiration à la suite de laquelle la maladie -qu'elle couvait depuis plusieurs années finit par se déclarer -violemment. On commençait alors à suivre pour l'étude et le traitement -des maladies de poitrine les belles indications de Laennec. Le médecin -ausculta Fantine et hocha la tête. - -M. Madeleine dit au médecin: - ---Eh bien? - ---N'a-t-elle pas un enfant qu'elle désire voir? dit le médecin. - ---Oui. - ---Eh bien, hâtez-vous de le faire venir. - -M. Madeleine eut un tressaillement. - -Fantine lui demanda: - ---Qu'a dit le médecin? - -M. Madeleine s'efforça de sourire. - ---Il a dit de faire venir bien vite votre enfant. Que cela vous rendra -la santé. - ---Oh! reprit-elle, il a raison! Mais qu'est-ce qu'ils ont donc ces -Thénardier à me garder ma Cosette! Oh! elle va venir. Voici enfin que je -vois le bonheur tout près de moi! - -Le Thénardier cependant ne «lâchait pas l'enfant» et donnait cent -mauvaises raisons. Cosette était un peu souffrante pour se mettre en -route l'hiver. Et puis il y avait un reste de petites dettes criardes -dans le pays dont il rassemblait les factures, etc., etc. - ---J'enverrai quelqu'un chercher Cosette, dit le père Madeleine. S'il le -faut, j'irai moi-même. - -Il écrivit sous la dictée de Fantine cette lettre qu'il lui fit signer: - -«Monsieur Thénardier, - -«Vous remettrez Cosette à la personne. - -«On vous payera toutes les petites choses. - -«J'ai l'honneur de vous saluer avec considération. - -«Fantine.» - -Sur ces entrefaites, il survint un grave incident. Nous avons beau -tailler de notre mieux le bloc mystérieux dont notre vie est faite, la -veine noire de la destinée y reparaît toujours. - - - - -Chapitre II - -Comment Jean peut devenir Champ - - -Un matin, M. Madeleine était dans son cabinet, occupé à régler d'avance -quelques affaires pressantes de la mairie pour le cas où il se -déciderait à ce voyage de Montfermeil, lorsqu'on vint lui dire que -l'inspecteur de police Javert demandait à lui parler. En entendant -prononcer ce nom, M. Madeleine ne put se défendre d'une impression -désagréable. Depuis l'aventure du bureau de police, Javert l'avait plus -que jamais évité, et M. Madeleine ne l'avait point revu. - ---Faites entrer, dit-il. - -Javert entra. - -M. Madeleine était resté assis près de la cheminée, une plume à la main, -l'oeil sur un dossier qu'il feuilletait et qu'il annotait, et qui -contenait des procès-verbaux de contraventions à la police de la voirie. -Il ne se dérangea point pour Javert. Il ne pouvait s'empêcher de songer -à la pauvre Fantine, et il lui convenait d'être glacial. - -Javert salua respectueusement M. le maire qui lui tournait le dos. M. le -maire ne le regarda pas et continua d'annoter son dossier. - -Javert fit deux ou trois pas dans le cabinet, et s'arrêta sans rompre le -silence. Un physionomiste qui eût été familier avec la nature de Javert, -qui eût étudié depuis longtemps ce sauvage au service de la -civilisation, ce composé bizarre du Romain, du Spartiate, du moine et du -caporal, cet espion incapable d'un mensonge, ce mouchard vierge, un -physionomiste qui eût su sa secrète et ancienne aversion pour M. -Madeleine, son conflit avec le maire au sujet de la Fantine, et qui eût -considéré Javert en ce moment, se fût dit: que s'est-il passé? Il était -évident, pour qui eût connu cette conscience droite, claire, sincère, -probe, austère et féroce, que Javert sortait de quelque grand événement -intérieur. Javert n'avait rien dans l'âme qu'il ne l'eût aussi sur le -visage. Il était, comme les gens violents, sujet aux revirements -brusques. Jamais sa physionomie n'avait été plus étrange et plus -inattendue. En entrant, il s'était incliné devant M. Madeleine avec un -regard où il n'y avait ni rancune, ni colère, ni défiance, il s'était -arrêté à quelques pas derrière le fauteuil du maire; et maintenant il se -tenait là, debout, dans une attitude presque disciplinaire, avec la -rudesse naïve et froide d'un homme qui n'a jamais été doux et qui a -toujours été patient; il attendait, sans dire un mot, sans faire un -mouvement, dans une humilité vraie et dans une résignation tranquille, -qu'il plût à monsieur le maire de se retourner, calme, sérieux, le -chapeau à la main, les yeux baissés, avec une expression qui tenait le -milieu entre le soldat devant son officier et le coupable devant son -juge. Tous les sentiments comme tous les souvenirs qu'on eût pu lui -supposer avaient disparu. Il n'y avait plus rien sur ce visage -impénétrable et simple comme le granit, qu'une morne tristesse. Toute sa -personne respirait l'abaissement et la fermeté, et je ne sais quel -accablement courageux. - -Enfin M. le maire posa sa plume et se tourna à demi. - ---Eh bien! qu'est-ce? qu'y a-t-il, Javert? - -Javert demeura un instant silencieux comme s'il se recueillait, puis -éleva la voix avec une sorte de solennité triste qui n'excluait pourtant -pas la simplicité: - ---Il y a, monsieur le maire, qu'un acte coupable a été commis. - ---Quel acte? - ---Un agent inférieur de l'autorité a manqué de respect à un magistrat de -la façon la plus grave. Je viens, comme c'est mon devoir, porter le fait -à votre connaissance. - ---Quel est cet agent? demanda M. Madeleine. - ---Moi, dit Javert. - ---Vous? - ---Moi. - ---Et quel est le magistrat qui aurait à se plaindre de l'agent? - ---Vous, monsieur le maire. - -M. Madeleine se dressa sur son fauteuil. Javert poursuivit, l'air sévère -et les yeux toujours baissés: - ---Monsieur le maire, je viens vous prier de vouloir bien provoquer près -de l'autorité ma destitution. - -M. Madeleine stupéfait ouvrit la bouche. Javert l'interrompit. - ---Vous direz, j'aurais pu donner ma démission, mais cela ne suffit pas. -Donner sa démission, c'est honorable. J'ai failli, je dois être puni. Il -faut que je sois chassé. - -Et après une pause, il ajouta: - ---Monsieur le maire, vous avez été sévère pour moi l'autre jour -injustement. Soyez-le aujourd'hui justement. - ---Ah çà! pourquoi? s'écria M. Madeleine. Quel est ce galimatias? -qu'est-ce que cela veut dire? où y a-t-il un acte coupable commis contre -moi par vous? qu'est-ce que vous m'avez fait? quels torts avez-vous -envers moi? Vous vous accusez, vous voulez être remplacé.... - ---Chassé, dit Javert. - ---Chassé, soit. C'est fort bien. Je ne comprends pas. - ---Vous allez comprendre, monsieur le maire. - -Javert soupira du fond de sa poitrine et reprit toujours froidement et -tristement: - ---Monsieur le maire, il y a six semaines, à la suite de cette scène pour -cette fille, j'étais furieux, je vous ai dénoncé. - ---Dénoncé! - ---À la préfecture de police de Paris. - -M. Madeleine, qui ne riait pas beaucoup plus souvent que Javert, se mit -à rire. - ---Comme maire ayant empiété sur la police? - ---Comme ancien forçat. - -Le maire devint livide. - -Javert, qui n'avait pas levé les yeux, continua: - ---Je le croyais. Depuis longtemps j'avais des idées. - -Une ressemblance, des renseignements que vous avez fait prendre à -Faverolles, votre force des reins, l'aventure du vieux Fauchelevent, -votre adresse au tir, votre jambe qui traîne un peu, est-ce que je sais, -moi? des bêtises! mais enfin je vous prenais pour un nommé Jean Valjean. - ---Un nommé?... Comment dites-vous ce nom-là? - ---Jean Valjean. C'est un forçat que j'avais vu il y a vingt ans quand -j'étais adjudant-garde-chiourme à Toulon. En sortant du bagne, ce Jean -Valjean avait, à ce qu'il paraît, volé chez un évêque, puis il avait -commis un autre vol à main armée, dans un chemin public, sur un petit -savoyard. Depuis huit ans il s'était dérobé, on ne sait comment, et on -le cherchait. Moi je m'étais figuré... Enfin, j'ai fait cette chose! La -colère m'a décidé, je vous ai dénoncé à la préfecture. - -M. Madeleine, qui avait ressaisi le dossier depuis quelques instants, -reprit avec un accent de parfaite indifférence: - ---Et que vous a-t-on répondu? - ---Que j'étais fou. - ---Eh bien? - ---Eh bien, on avait raison. - ---C'est heureux que vous le reconnaissiez! - ---Il faut bien, puisque le véritable Jean Valjean est trouvé. - -La feuille que tenait M. Madeleine lui échappa des mains, il leva la -tête, regarda fixement Javert, et dit avec un accent inexprimable: - ---Ah! - -Javert poursuivit: - ---Voilà ce que c'est, monsieur le maire. Il paraît qu'il y avait dans le -pays, du côté d'Ailly-le-Haut-Clocher, une espèce de bonhomme qu'on -appelait le père Champmathieu. C'était très misérable. On n'y faisait -pas attention. Ces gens-là, on ne sait pas de quoi cela vit. -Dernièrement, cet automne, le père Champmathieu a été arrêté pour un vol -de pommes à cidre, commis chez...--enfin n'importe! Il y a eu vol, mur -escaladé, branches de l'arbre cassées. On a arrêté mon Champmathieu. Il -avait encore la branche de pommier à la main. On coffre le drôle. -Jusqu'ici ce n'est pas beaucoup plus qu'une affaire correctionnelle. -Mais voici qui est de la providence. La geôle étant en mauvais état, -monsieur le juge d'instruction trouve à propos de faire transférer -Champmathieu à Arras où est la prison départementale. Dans cette prison -d'Arras, il y a un ancien forçat nommé Brevet qui est détenu pour je ne -sais quoi et qu'on a fait guichetier de chambrée parce qu'il se conduit -bien. Monsieur le maire, Champmathieu n'est pas plus tôt débarqué que -voilà Brevet qui s'écrie: «Eh mais! je connais cet homme-là. C'est un -fagot. Regardez-moi donc, bonhomme! Vous êtes Jean Valjean!--Jean -Valjean! qui ça Jean Valjean? Le Champmathieu joue l'étonné.--Ne fais -donc pas le sinvre, dit Brevet. Tu es Jean Valjean! Tu as été au bagne -de Toulon. Il y a vingt ans. Nous y étions ensemble.--Le Champmathieu -nie. Parbleu! vous comprenez. On approfondit. On me fouille cette -aventure-là. Voici ce qu'on trouve: ce Champmathieu, il y a une -trentaine d'années, a été ouvrier émondeur d'arbres dans plusieurs pays, -notamment à Faverolles. Là on perd sa trace. Longtemps après, on le -revoit en Auvergne, puis à Paris, où il dit avoir été charron et avoir -eu une fille blanchisseuse, mais cela n'est pas prouvé; enfin dans ce -pays-ci. Or, avant d'aller au bagne pour vol qualifié, qu'était Jean -Valjean? émondeur. Où? à Faverolles. Autre fait. Ce Valjean s'appelait -de son nom de baptême Jean et sa mère se nommait de son nom de famille -Mathieu. Quoi de plus naturel que de penser qu'en sortant du bagne il -aura pris le nom de sa mère pour se cacher et se sera fait appeler Jean -Mathieu? Il va en Auvergne. De _Jean_ la prononciation du pays fait -_Chan_, on l'appelle Chan Mathieu. Notre homme se laisse faire et le -voilà transformé en Champmathieu. Vous me suivez, n'est-ce pas? On -s'informe à Faverolles. La famille de Jean Valjean n'y est plus. On ne -sait plus où elle est. Vous savez, dans ces classes-là, il y a souvent -de ces évanouissements d'une famille. On cherche, on ne trouve plus -rien. Ces gens-là, quand ce n'est pas de la boue, c'est de la poussière. -Et puis, comme le commencement de ces histoires date de trente ans, il -n'y a plus personne à Faverolles qui ait connu Jean Valjean. On -s'informe à Toulon. Avec Brevet, il n'y a plus que deux forçats qui -aient vu Jean Valjean. Ce sont les condamnés à vie Cochepaille et -Chenildieu. On les extrait du bagne et on les fait venir. On les -confronte au prétendu Champmathieu. Ils n'hésitent pas. Pour eux comme -pour Brevet, c'est Jean Valjean. Même âge, il a cinquante-quatre ans, -même taille, même air, même homme enfin, c'est lui. C'est en ce -moment-là même que j'envoyais ma dénonciation à la préfecture de Paris. -On me répond que je perds l'esprit et que Jean Valjean est à Arras au -pouvoir de la justice. Vous concevez si cela m'étonne, moi qui croyais -tenir ici ce même Jean Valjean! J'écris à monsieur le juge -d'instruction. Il me fait venir, on m'amène le Champmathieu.... - ---Eh bien? interrompit M. Madeleine. - -Javert répondit avec son visage incorruptible et triste: - ---Monsieur le maire, la vérité est la vérité. J'en suis fâché, mais -c'est cet homme-là qui est Jean Valjean. Moi aussi je l'ai reconnu. - -M. Madeleine reprit d'une voix très basse: - ---Vous êtes sûr? - -Javert se mit à rire de ce rire douloureux qui échappe à une conviction -profonde: - ---Oh, sûr! - -Il demeura un moment pensif, prenant machinalement des pincées de poudre -de bois dans la sébille à sécher l'encre qui était sur la table, et il -ajouta: - ---Et même, maintenant que je vois le vrai Jean Valjean, je ne comprends -pas comment j'ai pu croire autre chose. Je vous demande pardon, monsieur -le maire. - -En adressant cette parole suppliante et grave à celui qui, six semaines -auparavant, l'avait humilié en plein corps de garde et lui avait dit: -«sortez!» Javert, cet homme hautain, était à son insu plein de -simplicité et de dignité. M. Madeleine ne répondit à sa prière que par -cette question brusque: - ---Et que dit cet homme? - ---Ah, dame! monsieur le maire, l'affaire est mauvaise. Si c'est Jean -Valjean, il y a récidive. Enjamber un mur, casser une branche, chiper -des pommes, pour un enfant, c'est une polissonnerie; pour un homme, -c'est un délit; pour un forçat, c'est un crime. Escalade et vol, tout y -est. Ce n'est plus la police correctionnelle, c'est la cour d'assises. -Ce n'est plus quelques jours de prison, ce sont les galères à -perpétuité. Et puis, il y a l'affaire du petit savoyard que j'espère -bien qui reviendra. Diable! il y a de quoi se débattre, n'est-ce pas? -Oui, pour un autre que Jean Valjean. Mais Jean Valjean est un sournois. -C'est encore là que je le reconnais. Un autre sentirait que cela -chauffe; il se démènerait, il crierait, la bouilloire chante devant le -feu, il ne voudrait pas être Jean Valjean, et caetera. Lui, il n'a pas -l'air de comprendre, il dit: Je suis Champmathieu, je ne sors pas de là! -Il a l'air étonné, il fait la brute, c'est bien mieux. Oh! le drôle est -habile. Mais c'est égal, les preuves sont là. Il est reconnu par quatre -personnes, le vieux coquin sera condamné. C'est porté aux assises, à -Arras. Je vais y aller pour témoigner. Je suis cité. - -M. Madeleine s'était remis à son bureau, avait ressaisi son dossier, et -le feuilletait tranquillement, lisant et écrivant tour à tour comme un -homme affairé. Il se tourna vers Javert: - ---Assez, Javert. Au fait, tous ces détails m'intéressent fort peu. Nous -perdons notre temps, et nous avons des affaires pressées. Javert, vous -allez vous rendre sur-le-champ chez la bonne femme Buseaupied qui vend -des herbes là-bas au coin de la rue Saint-Saulve. Vous lui direz de -déposer sa plainte contre le charretier Pierre Chesnelong. Cet homme est -un brutal qui a failli écraser cette femme et son enfant. Il faut qu'il -soit puni. Vous irez ensuite chez M. Charcellay, rue -Montre-de-Champigny. Il se plaint qu'il y a une gouttière de la maison -voisine qui verse l'eau de la pluie chez lui, et qui affouille les -fondations de sa maison. Après vous constaterez des contraventions de -police qu'on me signale rue Guibourg chez la veuve Doris, et rue du -Garraud-Blanc chez madame Renée Le Bossé, et vous dresserez -procès-verbal. Mais je vous donne là beaucoup de besogne. N'allez-vous -pas être absent? ne m'avez-vous pas dit que vous alliez à Arras pour -cette affaire dans huit ou dix jours?... - ---Plus tôt que cela, monsieur le maire. - ---Quel jour donc? - ---Mais je croyais avoir dit à monsieur le maire que cela se jugeait -demain et que je partais par la diligence cette nuit. - -M. Madeleine fit un mouvement imperceptible. - ---Et combien de temps durera l'affaire? - ---Un jour tout au plus. L'arrêt sera prononcé au plus tard demain dans -la nuit. Mais je n'attendrai pas l'arrêt, qui ne peut manquer. Sitôt ma -déposition faite, je reviendrai ici. - ---C'est bon, dit M. Madeleine. - -Et il congédia Javert d'un signe de main. Javert ne s'en alla pas. - ---Pardon, monsieur le maire, dit-il. - ---Qu'est-ce encore? demanda M. Madeleine. - ---Monsieur le maire, il me reste une chose à vous rappeler. - ---Laquelle? - ---C'est que je dois être destitué. - -M. Madeleine se leva. - ---Javert, vous êtes un homme d'honneur, et je vous estime. Vous vous -exagérez votre faute. Ceci d'ailleurs est encore une offense qui me -concerne. Javert, vous êtes digne de monter et non de descendre. -J'entends que vous gardiez votre place. - -Javert regarda M. Madeleine avec sa prunelle candide au fond de laquelle -il semblait qu'on vit cette conscience peu éclairée, mais rigide et -chaste, et il dit d'une voix tranquille: - ---Monsieur le maire, je ne puis vous accorder cela. - ---Je vous répète, répliqua M. Madeleine, que la chose me regarde. - -Mais Javert, attentif à sa seule pensée, continua: - ---Quant à exagérer, je n'exagère point. Voici comment je raisonne. Je -vous ai soupçonné injustement. Cela, ce n'est rien. C'est notre droit à -nous autres de soupçonner, quoiqu'il y ait pourtant abus à soupçonner -au-dessus de soi. Mais, sans preuves, dans un accès de colère, dans le -but de me venger, je vous ai dénoncé comme forçat, vous, un homme -respectable, un maire, un magistrat! ceci est grave. Très grave. J'ai -offensé l'autorité dans votre personne, moi, agent de l'autorité! Si -l'un de mes subordonnés avait fait ce que j'ai fait, je l'aurais déclaré -indigne du service, et chassé. Eh bien? - -Tenez, monsieur le maire, encore un mot. J'ai souvent été sévère dans ma -vie. Pour les autres. C'était juste. Je faisais bien. Maintenant, si je -n'étais pas sévère pour moi, tout ce que j'ai fait de juste deviendrait -injuste. - -Est-ce que je dois m'épargner plus que les autres? Non. Quoi! je -n'aurais été bon qu'à châtier autrui, et pas moi! mais je serais un -misérable! mais ceux qui disent: ce gueux de Javert! auraient raison! -Monsieur le maire, je ne souhaite pas que vous me traitiez avec bonté, -votre bonté m'a fait faire assez de mauvais sang quand elle était pour -les autres. Je n'en veux pas pour moi. La bonté qui consiste à donner -raison à la fille publique contre le bourgeois, à l'agent de police -contre le maire, à celui qui est en bas contre celui qui est en haut, -c'est ce que j'appelle de la mauvaise bonté. C'est avec cette bonté-là -que la société se désorganise. Mon Dieu! c'est bien facile d'être bon, -le malaisé c'est d'être juste. Allez! si vous aviez été ce que je -croyais, je n'aurais pas été bon pour vous, moi! vous auriez vu! -Monsieur le maire, je dois me traiter comme je traiterais tout autre. -Quand je réprimais des malfaiteurs, quand je sévissais sur des gredins, -je me suis souvent dit à moi-même: toi, si tu bronches, si jamais je te -prends en faute, sois tranquille!--J'ai bronché, je me prends en faute, -tant pis! Allons, renvoyé, cassé, chassé! c'est bon. J'ai des bras, je -travaillerai à la terre, cela m'est égal. Monsieur le maire, le bien du -service veut un exemple. Je demande simplement la destitution de -l'inspecteur Javert. - -Tout cela était prononcé d'un accent humble, fier, désespéré et -convaincu qui donnait je ne sais quelle grandeur bizarre à cet étrange -honnête homme. - ---Nous verrons, fit M. Madeleine. - -Et il lui tendit la main. - -Javert recula, et dit d'un ton farouche: - ---Pardon, monsieur le maire, mais cela ne doit pas être. Un maire ne -donne pas la main à un mouchard. - -Il ajouta entre ses dents: - ---Mouchard, oui; du moment où j'ai médusé de la police, je ne suis plus -qu'un mouchard. Puis il salua profondément, et se dirigea vers la porte. -Là il se retourna, et, les yeux toujours baissés: - ---Monsieur le maire, dit-il, je continuerai le service jusqu'à ce que je -sois remplacé. - -Il sortit. M. Madeleine resta rêveur, écoutant ce pas ferme et assuré -qui s'éloignait sur le pavé du corridor. - - - - -Livre septième--L'affaire Champmathieu - - - - -Chapitre I - -La soeur Simplice - - -Les incidents qu'on va lire n'ont pas tous été connus à -Montreuil-sur-mer, mais le peu qui en a percé a laissé dans cette ville -un tel souvenir, que ce serait une grave lacune dans ce livre si nous ne -les racontions dans leurs moindres détails. - -Dans ces détails, le lecteur rencontrera deux ou trois circonstances -invraisemblables que nous maintenons par respect pour la vérité. - -Dans l'après-midi qui suivit la visite de Javert, M. Madeleine alla voir -la Fantine comme d'habitude. - -Avant de pénétrer près de Fantine, il fit demander la soeur Simplice. -Les deux religieuses qui faisaient le service de l'infirmerie, dames -lazaristes comme toutes les soeurs de charité, s'appelaient soeur -Perpétue et soeur Simplice. - -La soeur Perpétue était la première villageoise venue, grossièrement -soeur de charité, entrée chez Dieu comme on entre en place. Elle était -religieuse comme on est cuisinière. Ce type n'est point très rare. Les -ordres monastiques acceptent volontiers cette lourde poterie paysanne, -aisément façonnée en capucin ou en ursuline. Ces rusticités s'utilisent -pour les grosses besognes de la dévotion. La transition d'un bouvier à -un carme n'a rien de heurté; l'un devient l'autre sans grand travail; le -fond commun d'ignorance du village et du cloître est une préparation -toute faite, et met tout de suite le campagnard de plain-pied avec le -moine. Un peu d'ampleur au sarrau, et voilà un froc. La soeur Perpétue -était une forte religieuse, de Marines, près Pontoise, patoisant, -psalmodiant, bougonnant, sucrant la tisane selon le bigotisme ou -l'hypocrisie du grabataire, brusquant les malades, bourrue avec les -mourants, leur jetant presque Dieu au visage, lapidant l'agonie avec des -prières en colère, hardie, honnête et rougeaude. - -La soeur Simplice était blanche d'une blancheur de cire. Près de soeur -Perpétue, c'était le cierge à côté de la chandelle. Vincent de Paul a -divinement fixé la figure de la soeur de charité dans ces admirables -paroles où il mêle tant de liberté à tant de servitude: «Elles n'auront -pour monastère que la maison des malades, pour cellule qu'une chambre de -louage, pour chapelle que l'église de leur paroisse, pour cloître que -les rues de la ville ou les salles des hôpitaux, pour clôture que -l'obéissance, pour grille que la crainte de Dieu, pour voile que la -modestie.» Cet idéal était vivant dans la soeur Simplice. Personne n'eût -pu dire l'âge de la soeur Simplice; elle n'avait jamais été jeune et -semblait ne devoir jamais être vieille. C'était une personne--nous -n'osons dire une femme--calme, austère, de bonne compagnie, froide, et -qui n'avait jamais menti. Elle était si douce qu'elle paraissait -fragile; plus solide d'ailleurs que le granit. Elle touchait aux -malheureux avec de charmants doigts fins et purs. Il y avait, pour ainsi -dire, du silence dans sa parole; elle parlait juste le nécessaire, et -elle avait un son de voix qui eût tout à la fois édifié un confessionnal -et enchanté un salon. Cette délicatesse s'accommodait de la robe de -bure, trouvant à ce rude contact un rappel continuel du ciel et de Dieu. -Insistons sur un détail. N'avoir jamais menti, n'avoir jamais dit, pour -un intérêt quelconque, même indifféremment, une chose qui ne fût la -vérité, la sainte vérité, c'était le trait distinctif de la soeur -Simplice; c'était l'accent de sa vertu. Elle était presque célèbre dans -la congrégation pour cette véracité imperturbable. L'abbé Sicard parle -de la soeur Simplice dans une lettre au sourd-muet Massieu. Si sincères, -si loyaux et si purs que nous soyons, nous avons tous sur notre candeur -au moins la fêlure du petit mensonge innocent. Elle, point. Petit -mensonge, mensonge innocent, est-ce que cela existe? Mentir, c'est -l'absolu du mal. Peu mentir n'est pas possible; celui qui ment, ment -tout le mensonge; mentir, c'est la face même du démon; Satan a deux -noms, il s'appelle Satan et il s'appelle Mensonge. Voilà ce qu'elle -pensait. Et comme elle pensait, elle pratiquait. Il en résultait cette -blancheur dont nous avons parlé, blancheur qui couvrait de son -rayonnement même ses lèvres et ses yeux. Son sourire était blanc, son -regard était blanc. Il n'y avait pas une toile d'araignée, pas un grain -de poussière à la vitre de cette conscience. En entrant dans l'obédience -de saint Vincent de Paul, elle avait pris le nom de Simplice par choix -spécial. Simplice de Sicile, on le sait, est cette sainte qui aima mieux -se laisser arracher les deux seins que de répondre, étant née à -Syracuse, qu'elle était née à Ségeste, mensonge qui la sauvait. Cette -patronne convenait à cette âme. - -La soeur Simplice, en entrant dans l'ordre, avait deux défauts dont elle -s'était peu à peu corrigée; elle avait eu le goût des friandises et elle -avait aimé à recevoir des lettres. Elle ne lisait jamais qu'un livre de -prières en gros caractères et en latin. Elle ne comprenait pas le latin, -mais elle comprenait le livre. - -La pieuse fille avait pris en affection Fantine, y sentant probablement -de la vertu latente, et s'était dévouée à la soigner presque -exclusivement. - -M. Madeleine emmena à part la soeur Simplice et lui recommanda Fantine -avec un accent singulier dont la soeur se souvint plus tard. - -En quittant la soeur, il s'approcha de Fantine. - -Fantine attendait chaque jour l'apparition de M. Madeleine comme on -attend un rayon de chaleur et de joie. Elle disait aux soeurs: - ---Je ne vis que lorsque monsieur le maire est là. - -Elle avait ce jour-là beaucoup de fièvre. Dès qu'elle vit M. Madeleine, -elle lui demanda: - ---Et Cosette? - -Il répondit en souriant: - ---Bientôt. - -M. Madeleine fut avec Fantine comme à l'ordinaire. Seulement il resta -une heure au lieu d'une demi-heure, au grand contentement de Fantine. Il -fît mille instances à tout le monde pour que rien ne manquât à la -malade. On remarqua qu'il y eut un moment où son visage devint très -sombre. Mais cela s'expliqua quand on sut que le médecin s'était penché -à son oreille et lui avait dit: - ---Elle baisse beaucoup. - -Puis il rentra à la mairie, et le garçon de bureau le vit examiner avec -attention une carte routière de France qui était suspendue dans son -cabinet. Il écrivit quelques chiffres au crayon sur un papier. - - - - -Chapitre II - -Perspicacité de maître Scaufflaire - - -De la mairie il se rendit au bout de la ville chez un Flamand, maître -Scaufflaër, francisé Scaufflaire, qui louait des chevaux et des -«cabriolets à volonté». - -Pour aller chez ce Scaufflaire, le plus court était de prendre une rue -peu fréquentée où était le presbytère de la paroisse que M. Madeleine -habitait. Le curé était, disait-on, un homme digne et respectable, et de -bon conseil. À l'instant où M. Madeleine arriva devant le presbytère, il -n'y avait dans la rue qu'un passant, et ce passant remarqua ceci: M. le -maire, après avoir dépassé la maison curiale, s'arrêta, demeura -immobile, puis revint sur ses pas et rebroussa chemin jusqu'à la porte -du presbytère, qui était une porte bâtarde avec marteau de fer. Il mit -vivement la main au marteau, et le souleva; puis il s'arrêta de nouveau, -et resta court, et comme pensif, et, après quelques secondes, au lieu de -laisser bruyamment retomber le marteau, il le reposa doucement et reprit -son chemin avec une sorte de hâte qu'il n'avait pas auparavant. - -M. Madeleine trouva maître Scaufflaire chez lui occupé à repiquer un -harnais. - ---Maître Scaufflaire, demanda-t-il, avez-vous un bon cheval? - ---Monsieur le maire, dit le Flamand, tous mes chevaux sont bons. -Qu'entendez-vous par un bon cheval? - ---J'entends un cheval qui puisse faire vingt lieues en un jour. - ---Diable! fit le Flamand, vingt lieues! - ---Oui. - ---Attelé à un cabriolet? - ---Oui. - ---Et combien de temps se reposera-t-il après la course? - ---Il faut qu'il puisse au besoin repartir le lendemain. - ---Pour refaire le même trajet? - ---Oui. - ---Diable! diable! et c'est vingt lieues? M. Madeleine tira de sa poche -le papier où il avait crayonné des chiffres. Il les montra au Flamand. -C'étaient les chiffres 5, 6, 8-1/2. - ---Vous voyez, dit-il. Total, dix-neuf et demi, autant dire vingt lieues. - ---Monsieur le maire, reprit le Flamand, j'ai votre affaire. Mon petit -cheval blanc. Vous avez dû le voir passer quelquefois. C'est une petite -bête du bas Boulonnais. C'est plein de feu. On a voulu d'abord en faire -un cheval de selle. Bah! il ruait, il flanquait tout le monde par terre. -On le croyait vicieux, on ne savait qu'en faire. Je l'ai acheté. Je l'ai -mis au cabriolet. Monsieur, c'est cela qu'il voulait; il est doux comme -une fille, il va le vent. Ah! par exemple, il ne faudrait pas lui monter -sur le dos. Ce n'est pas son idée d'être cheval de selle. Chacun a son -ambition. Tirer, oui, porter, non; il faut croire qu'il s'est dit ça. - ---Et il fera la course? - ---Vos vingt lieues. Toujours au grand trot, et en moins de huit heures. -Mais voici à quelles conditions. - ---Dites. - ---Premièrement, vous le ferez souffler une heure à moitié chemin; il -mangera, et on sera là pendant qu'il mangera pour empêcher le garçon de -l'auberge de lui voler son avoine; car j'ai remarqué que dans les -auberges l'avoine est plus souvent bue par les garçons d'écurie que -mangée par les chevaux. - ---On sera là. - ---Deuxièmement.... Est-ce pour monsieur le maire le cabriolet? - ---Oui. - ---Monsieur le maire sait conduire? - ---Oui. - ---Eh bien, monsieur le maire voyagera seul et sans bagage afin de ne -point charger le cheval. - ---Convenu. - ---Mais monsieur le maire, n'ayant personne avec lui, sera obligé de -prendre la peine de surveiller lui-même l'avoine. - ---C'est dit. - ---Il me faudra trente francs par jour. Les jours de repos payés. Pas un -liard de moins, et la nourriture de la bête à la charge de monsieur le -maire. - -M. Madeleine tira trois napoléons de sa bourse et les mit sur la table. - ---Voilà deux jours d'avance. - ---Quatrièmement, pour une course pareille sur cabriolet serait trop -lourd et fatiguerait le cheval. Il faudrait que monsieur le maire -consentît à voyager dans un petit tilbury que j'ai. - ---J'y consens. - ---C'est léger, mais c'est découvert. - ---Cela m'est égal. - ---Monsieur le maire a-t-il réfléchi que nous sommes en hiver?... - -M. Madeleine ne répondit pas. Le Flamand reprit: - ---Qu'il fait très froid? - -M. Madeleine garda le silence. Maître Scaufflaire continua: - ---Qu'il peut pleuvoir? - -M. Madeleine leva la tête et dit: - ---Le tilbury et le cheval seront devant ma porte demain à quatre heures -et demie du matin. - ---C'est entendu, monsieur le maire, répondit Scaufflaire, puis, grattant -avec l'ongle de son pouce une tache qui était dans le bois de la table, -il reprit de cet air insouciant que les Flamands savent si bien mêler à -leur finesse: - ---Mais voilà que j'y songe à présent! monsieur le maire ne me dit pas où -il va. Où est-ce que va monsieur le maire? - -Il ne songeait pas à autre chose depuis le commencement de la -conversation, mais il ne savait pourquoi il n'avait pas osé faire cette -question. - ---Votre cheval a-t-il de bonnes jambes de devant? dit M. Madeleine. - ---Oui, monsieur le maire. Vous le soutiendrez un peu dans les descentes. -Y a-t-il beaucoup de descentes d'ici où vous allez? - ---N'oubliez pas d'être à ma porte à quatre heures et demie du matin, -très précises, répondit M. Madeleine; et il sortit. - -Le Flamand resta «tout bête», comme il disait lui-même quelque temps -après. - -Monsieur le maire était sorti depuis deux ou trois minutes, lorsque la -porte se rouvrit; c'était M. le maire. Il avait toujours le même air -impassible et préoccupé. - ---Monsieur Scaufflaire, dit-il, à quelle somme estimez-vous le cheval et -le tilbury que vous me louerez, l'un portant l'autre? - ---L'un traînant l'autre, monsieur le maire, dit le Flamand avec un gros -rire. - ---Soit. Eh bien! - ---Est-ce que monsieur le maire veut me les acheter? - ---Non, mais à tout événement, je veux vous les garantir. À mon retour -vous me rendrez la somme. Combien estimez-vous cabriolet et cheval? - ---À cinq cents francs, monsieur le maire. - ---Les voici. - -M. Madeleine posa un billet de banque sur la table, puis sortit et cette -fois ne rentra plus. - -Maître Scaufflaire regretta affreusement de n'avoir point dit mille -francs. Du reste le cheval et le tilbury, en bloc, valaient cent écus. - -Le Flamand appela sa femme, et lui conta la chose. Où diable monsieur le -maire peut-il aller? Ils tinrent conseil. - ---Il va à Paris, dit la femme. - ---Je ne crois pas, dit le mari. - -M. Madeleine avait oublié sur la cheminée le papier où il avait tracé -des chiffres. Le Flamand le prit et l'étudia. - ---Cinq, six, huit et demi? cela doit marquer des relais de poste. - -Il se tourna vers sa femme. - ---J'ai trouvé. - ---Comment? - ---Il y a cinq lieues d'ici à Hesdin, six de Hesdin à Saint-Pol, huit et -demie de Saint-Pol à Arras. Il va à Arras. - -Cependant M. Madeleine était rentré chez lui. - -Pour revenir de chez maître Scaufflaire, il avait pris le plus long, -comme si la porte du presbytère avait été pour lui une tentation, et -qu'il eût voulu l'éviter. Il était monté dans sa chambre et s'y était -enfermé, ce qui n'avait rien que de simple, car il se couchait -volontiers de bonne heure. Pourtant la concierge de la fabrique, qui -était en même temps l'unique servante de M. Madeleine, observa que sa -lumière s'éteignit à huit heures et demie, et elle le dit au caissier -qui rentrait, en ajoutant: - ---Est-ce que monsieur le maire est malade? je lui ai trouvé l'air un peu -singulier. - -Ce caissier habitait une chambre située précisément au-dessous de la -chambre de M. Madeleine. Il ne prit point garde aux paroles de la -portière, se coucha et s'endormit. Vers minuit, il se réveilla -brusquement; il avait entendu à travers son sommeil un bruit au-dessus -de sa tête. Il écouta. C'était un pas qui allait et venait, comme si -l'on marchait dans la chambre en haut. Il écouta plus attentivement, et -reconnut le pas de M. Madeleine. Cela lui parut étrange; habituellement -aucun bruit ne se faisait dans la chambre de M. Madeleine avant l'heure -de son lever. Un moment après le caissier entendit quelque chose qui -ressemblait à une armoire qu'on ouvre et qu'on referme. Puis on dérangea -un meuble, il y eut un silence, et le pas recommença. Le caissier se -dressa sur son séant, s'éveilla tout à fait, regarda, et à travers les -vitres de sa croisée aperçut sur le mur d'en face la réverbération -rougeâtre d'une fenêtre éclairée. À la direction des rayons, ce ne -pouvait être que la fenêtre de la chambre de M. Madeleine. La -réverbération tremblait comme si elle venait plutôt d'un feu allumé que -d'une lumière. L'ombre des châssis vitrés ne s'y dessinait pas, ce qui -indiquait que la fenêtre était toute grande ouverte. Par le froid qu'il -faisait, cette fenêtre ouverte était surprenante. Le caissier se -rendormit. Une heure ou deux après, il se réveilla encore. Le même pas, -lent et régulier, allait et venait toujours au-dessus de sa tête. - -La réverbération se dessinait toujours sur le mur, mais elle était -maintenant pâle et paisible comme le reflet d'une lampe ou d'une bougie. -La fenêtre était toujours ouverte. Voici ce qui se passait dans la -chambre de M. Madeleine. - - - - -Chapitre III - -Une tempête sous un crâne - - -Le lecteur a sans doute deviné que M. Madeleine n'est autre que Jean -Valjean. - -Nous avons déjà regardé dans les profondeurs de cette conscience; le -moment est venu d'y regarder encore. Nous ne le faisons pas sans émotion -et sans tremblement. Il n'existe rien de plus terrifiant que cette sorte -de contemplation. L'oeil de l'esprit ne peut trouver nulle part plus -d'éblouissements ni plus de ténèbres que dans l'homme; il ne peut se -fixer sur aucune chose qui soit plus redoutable, plus compliquée, plus -mystérieuse et plus infinie. Il y a un spectacle plus grand que la mer, -c'est le ciel; il y a un spectacle plus grand que le ciel, c'est -l'intérieur de l'âme. - -Faire le poème de la conscience humaine, ne fût-ce qu'à propos d'un seul -homme, ne fût-ce qu'à propos du plus infime des hommes, ce serait fondre -toutes les épopées dans une épopée supérieure et définitive. La -conscience, c'est le chaos des chimères, des convoitises et des -tentatives, la fournaise des rêves, l'antre des idées dont on a honte; -c'est le pandémonium des sophismes, c'est le champ de bataille des -passions. À de certaines heures, pénétrez à travers la face livide d'un -être humain qui réfléchit, et regardez derrière, regardez dans cette -âme, regardez dans cette obscurité. Il y a là, sous le silence -extérieur, des combats de géants comme dans Homère, des mêlées de -dragons et d'hydres et des nuées de fantômes comme dans Milton, des -spirales visionnaires comme chez Dante. Chose sombre que cet infini que -tout homme porte en soi et auquel il mesure avec désespoir les volontés -de son cerveau et les actions de sa vie! - -Alighieri rencontra un jour une sinistre porte devant laquelle il -hésita. En voici une aussi devant nous, au seuil de laquelle nous -hésitons. Entrons pourtant. - -Nous n'avons que peu de chose à ajouter à ce que le lecteur connaît déjà -de ce qui était arrivé à Jean Valjean depuis l'aventure de -Petit-Gervais. À partir de ce moment, on l'a vu, il fut un autre homme. -Ce que l'évêque avait voulu faire de lui, il l'exécuta. Ce fut plus -qu'une transformation, ce fut une transfiguration. - -Il réussit à disparaître, vendit l'argenterie de l'évêque, ne gardant -que les flambeaux, comme souvenir, se glissa de ville en ville, traversa -la France, vint à Montreuil-sur-mer, eut l'idée que nous avons dite, -accomplit ce que nous avons raconté, parvint à se faire insaisissable et -inaccessible, et désormais, établi à Montreuil-sur-mer, heureux de -sentir sa conscience attristée par son passé et la première moitié de -son existence démentie par la dernière, il vécut paisible, rassuré et -espérant, n'ayant plus que deux pensées: cacher son nom, et sanctifier -sa vie; échapper aux hommes, et revenir à Dieu. - -Ces deux pensées étaient si étroitement mêlées dans son esprit qu'elles -n'en formaient qu'une seule; elles étaient toutes deux également -absorbantes et impérieuses, et dominaient ses moindres actions. -D'ordinaire elles étaient d'accord pour régler la conduite de sa vie; -elles le tournaient vers l'ombre; elles le faisaient bienveillant et -simple; elles lui conseillaient les mêmes choses. Quelquefois cependant -il y avait conflit entre elles. Dans ce cas-là, on s'en souvient, -l'homme que tout le pays de Montreuil-sur-mer appelait M. Madeleine ne -balançait pas à sacrifier la première à la seconde, sa sécurité à sa -vertu. Ainsi, en dépit de toute réserve et de toute prudence, il avait -gardé les chandeliers de l'évêque, porté son deuil, appelé et interrogé -tous les petits savoyards qui passaient, pris des renseignements sur les -familles de Faverolles, et sauvé la vie au vieux Fauchelevent, malgré -les inquiétantes insinuations de Javert. Il semblait, nous l'avons déjà -remarqué, qu'il pensât, à l'exemple de tous ceux qui ont été sages, -saints et justes, que son premier devoir n'était pas envers lui. - -Toutefois, il faut le dire, jamais rien de pareil ne s'était encore -présenté. Jamais les deux idées qui gouvernaient le malheureux homme -dont nous racontons les souffrances n'avaient engagé une lutte si -sérieuse. Il le comprit confusément, mais profondément, dès les -premières paroles que prononça Javert, en entrant dans son cabinet. - -Au moment où fut si étrangement articulé ce nom qu'il avait enseveli -sous tant d'épaisseurs, il fut saisi de stupeur et comme enivré par la -sinistre bizarrerie de sa destinée, et, à travers cette stupeur, il eut -ce tressaillement qui précède les grandes secousses; il se courba comme -un chêne à l'approche d'un orage, comme un soldat à l'approche d'un -assaut. Il sentit venir sur sa tête des ombres pleines de foudres et -d'éclairs. Tout en écoutant parler Javert, il eut une première pensée -d'aller, de courir, de se dénoncer, de tirer ce Champmathieu de prison -et de s'y mettre; cela fut douloureux et poignant comme une incision -dans la chair vive, puis cela passa, et il se dit: «Voyons! voyons!» Il -réprima ce premier mouvement généreux et recula devant l'héroïsme. - -Sans doute, il serait beau qu'après les saintes paroles de l'évêque, -après tant d'années de repentir et d'abnégation, au milieu d'une -pénitence admirablement commencée, cet homme, même en présence d'une si -terrible conjoncture, n'eût pas bronché un instant et eût continué de -marcher du même pas vers ce précipice ouvert au fond duquel était le -ciel; cela serait beau, mais cela ne fut pas ainsi. Il faut bien que -nous rendions compte des choses qui s'accomplissaient dans cette âme, et -nous ne pouvons dire que ce qui y était. Ce qui l'emporta tout d'abord, -ce fut l'instinct de la conservation; il rallia en hâte ses idées, -étouffa ses émotions, considéra la présence de Javert, ce grand péril, -ajourna toute résolution avec la fermeté de l'épouvante, s'étourdit sur -ce qu'il y avait à faire, et reprit son calme comme un lutteur ramasse -son bouclier. - -Le reste de la journée il fut dans cet état, un tourbillon au dedans, -une tranquillité profonde au dehors; il ne prit que ce qu'on pourrait -appeler «les mesures conservatoires». Tout était encore confus et se -heurtait dans son cerveau; le trouble y était tel qu'il ne voyait -distinctement la forme d'aucune idée; et lui-même n'aurait pu rien dire -de lui-même, si ce n'est qu'il venait de recevoir un grand coup. Il se -rendit comme d'habitude près du lit de douleur de Fantine et prolongea -sa visite, par un instinct de bonté, se disant qu'il fallait agir ainsi -et la bien recommander aux soeurs pour le cas où il arriverait qu'il eût -à s'absenter. Il sentit vaguement qu'il faudrait peut-être aller à -Arras, et, sans être le moins du monde décidé à ce voyage, il se dit -qu'à l'abri de tout soupçon comme il l'était, il n'y avait point -d'inconvénient à être témoin de ce qui se passerait, et il retint le -tilbury de Scaufflaire, afin d'être préparé à tout événement. - -Il dîna avec assez d'appétit. - -Rentré dans sa chambre il se recueillit. - -Il examina la situation et la trouva inouïe; tellement inouïe qu'au -milieu de sa rêverie, par je ne sais quelle impulsion d'anxiété presque -inexplicable, il se leva de sa chaise et ferma sa porte au verrou. Il -craignait qu'il n'entrât encore quelque chose. Il se barricadait contre -le possible. - -Un moment après il souffla sa lumière. Elle le gênait. - -Il lui semblait qu'on pouvait le voir. - -Qui, on? - -Hélas! ce qu'il voulait mettre à la porte était entré ce qu'il voulait -aveugler, le regardait. Sa conscience. - -Sa conscience, c'est-à-dire Dieu. - -Pourtant, dans le premier moment, il se fit illusion; il eut un -sentiment de sûreté et de solitude; le verrou tiré, il se crut -imprenable; la chandelle éteinte, il se sentit invisible. Alors il prit -possession de lui-même; il posa ses coudes sur la table, appuya la tête -sur sa main, et se mit à songer dans les ténèbres. - ---Où en suis-je?--Est-ce que je ne rêve pas? Que m'a-t-on dit?--Est-il -bien vrai que j'aie vu ce Javert et qu'il m'ait parlé ainsi?--Que peut -être ce Champmathieu?--Il me ressemble donc?--Est-ce possible?--Quand -je pense qu'hier j'étais si tranquille et si loin de me douter de -rien!--Qu'est-ce que je faisais donc hier à pareille heure?--Qu'y a-t-il -dans cet incident?--Comment se dénouera-t-il?--Que faire? - -Voilà dans quelle tourmente il était. Son cerveau avait perdu la force -de retenir ses idées, elles passaient comme des ondes, et il prenait son -front dans ses deux mains pour les arrêter. - -De ce tumulte qui bouleversait sa volonté et sa raison, et dont il -cherchait à tirer une évidence et une résolution, rien ne se dégageait -que l'angoisse. - -Sa tête était brûlante. Il alla à la fenêtre et l'ouvrit toute grande. -Il n'y avait pas d'étoiles au ciel. Il revint s'asseoir près de la -table. - -La première heure s'écoula ainsi. - -Peu à peu cependant des linéaments vagues commencèrent à se former et à -se fixer dans sa méditation, et il put entrevoir avec la précision de la -réalité, non l'ensemble de la situation, mais quelques détails. - -Il commença par reconnaître que, si extraordinaire et si critique que -fût cette situation, il en était tout à fait le maître. - -Sa stupeur ne fit que s'en accroître. - -Indépendamment du but sévère et religieux que se proposaient ses -actions, tout ce qu'il avait fait jusqu'à ce jour n'était autre chose -qu'un trou qu'il creusait pour y enfouir son nom. Ce qu'il avait -toujours le plus redouté, dans ses heures de repli sur lui-même, dans -ses nuits d'insomnie, c'était d'entendre jamais prononcer ce nom; il se -disait que ce serait là pour lui la fin de tout; que le jour où ce nom -reparaîtrait, il ferait évanouir autour de lui sa vie nouvelle, et qui -sait même peut-être? au dedans de lui sa nouvelle âme. Il frémissait de -la seule pensée que c'était possible. Certes, si quelqu'un lui eût dit -en ces moments-là qu'une heure viendrait où ce nom retentirait à son -oreille, où ce hideux mot, Jean Valjean, sortirait tout à coup de la -nuit et se dresserait devant lui, où cette lumière formidable faite pour -dissiper le mystère dont il s'enveloppait resplendirait subitement sur -sa tête; et que ce nom ne le menacerait pas, que cette lumière ne -produirait qu'une obscurité plus épaisse, que ce voile déchiré -accroîtrait le mystère; que ce tremblement de terre consoliderait son -édifice, que ce prodigieux incident n'aurait d'autre résultat, si bon -lui semblait, à lui, que de rendre son existence à la fois plus claire -et plus impénétrable, et que, de sa confrontation avec le fantôme de -Jean Valjean, le bon et digne bourgeois monsieur Madeleine sortirait -plus honoré, plus paisible et plus respecté que jamais,--si quelqu'un -lui eût dit cela, il eût hoché la tête et regardé ces paroles comme -insensées. Eh bien! tout cela venait précisément d'arriver, tout cet -entassement de l'impossible était un fait, et Dieu avait permis que ces -choses folles devinssent des choses réelles! - -Sa rêverie continuait de s'éclaircir. Il se rendait de plus en plus -compte de sa position. Il lui semblait qu'il venait de s'éveiller de je -ne sais quel sommeil, et qu'il se trouvait glissant sur une pente au -milieu de la nuit, debout, frissonnant, reculant en vain, sur le bord -extrême d'un abîme. Il entrevoyait distinctement dans l'ombre un -inconnu, un étranger, que la destinée prenait pour lui et poussait dans -le gouffre à sa place. Il fallait, pour que le gouffre se refermât, que -quelqu'un y tombât, lui ou l'autre. - -Il n'avait qu'à laisser faire. - -La clarté devint complète, et il s'avoua ceci:--Que sa place était vide -aux galères, qu'il avait beau faire, qu'elle l'y attendait toujours, que -le vol de Petit-Gervais l'y ramenait, que cette place vide l'attendrait -et l'attirerait jusqu'à ce qu'il y fût, que cela était inévitable et -fatal.--Et puis il se dit:--Qu'en ce moment il avait un remplaçant, -qu'il paraissait qu'un nommé Champmathieu avait cette mauvaise chance, -et que, quant à lui, présent désormais au bagne dans la personne de ce -Champmathieu, présent dans la société sous le nom de M. Madeleine, il -n'avait plus rien à redouter, pourvu qu'il n'empêchât pas les hommes de -sceller sur la tête de ce Champmathieu cette pierre de l'infamie qui, -comme la pierre du sépulcre, tombe une fois et ne se relève jamais. - -Tout cela était si violent et si étrange qu'il se fit soudain en lui -cette espèce de mouvement indescriptible qu'aucun homme n'éprouve plus -de deux ou trois fois dans sa vie, sorte de convulsion de la conscience -qui remue tout ce que le coeur a de douteux, qui se compose d'ironie, de -joie et de désespoir, et qu'on pourrait appeler un éclat de rire -intérieur. - -Il ralluma brusquement sa bougie. - ---Eh bien quoi! se dit-il, de quoi est-ce que j'ai peur? qu'est-ce que -j'ai à songer comme cela? Me voilà sauvé. Tout est fini. Je n'avais plus -qu'une porte entr'ouverte par laquelle mon passé pouvait faire irruption -dans ma vie; cette porte, la voilà murée! à jamais! Ce Javert qui me -trouble depuis si longtemps, ce redoutable instinct qui semblait m'avoir -deviné, qui m'avait deviné, pardieu! et qui me suivait partout, cet -affreux chien de chasse toujours en arrêt sur moi, le voilà dérouté, -occupé ailleurs, absolument dépisté! Il est satisfait désormais, il me -laissera tranquille, il tient son Jean Valjean! Qui sait même, il est -probable qu'il voudra quitter la ville! Et tout cela s'est fait sans -moi! Et je n'y suis pour rien! Ah çà, mais! qu'est-ce qu'il y a de -malheureux dans ceci? Des gens qui me verraient, parole d'honneur! -croiraient qu'il m'est arrivé une catastrophe! Après tout, s'il y a du -mal pour quelqu'un, ce n'est aucunement de ma faute. C'est la providence -qui a tout fait. C'est qu'elle veut cela apparemment! - -Ai-je le droit de déranger ce qu'elle arrange? Qu'est-ce que je demande -à présent? De quoi est-ce que je vais me mêler? Cela ne me regarde pas. -Comment! je ne suis pas content! Mais qu'est-ce qu'il me faut donc? Le -but auquel j'aspire depuis tant d'années, le songe de mes nuits, l'objet -de mes prières au ciel, la sécurité, je l'atteins! C'est Dieu qui le -veut. Je n'ai rien à faire contre la volonté de Dieu. Et pourquoi Dieu -le veut-il? Pour que je continue ce que j'ai commencé, pour que je fasse -le bien, pour que je sois un jour un grand et encourageant exemple, pour -qu'il soit dit qu'il y a eu enfin un peu de bonheur attaché à cette -pénitence que j'ai subie et à cette vertu où je suis revenu! Vraiment je -ne comprends pas pourquoi j'ai eu peur tantôt d'entrer chez ce brave -curé et de tout lui raconter comme à un confesseur, et de lui demander -conseil, c'est évidemment là ce qu'il m'aurait dit. C'est décidé, -laissons aller les choses! laissons faire le bon Dieu! - -Il se parlait ainsi dans les profondeurs de sa conscience, penché sur ce -qu'on pourrait appeler son propre abîme. Il se leva de sa chaise, et se -mit à marcher dans la chambre.--Allons, dit-il, n'y pensons plus. Voilà -une résolution prise!--Mais il ne sentit aucune joie. - -Au contraire. - -On n'empêche pas plus la pensée de revenir à une idée que la mer de -revenir à un rivage. Pour le matelot, cela s'appelle la marée; pour le -coupable, cela s'appelle le remords. Dieu soulève l'âme comme l'océan. - -Au bout de peu d'instants, il eut beau faire, il reprit ce sombre -dialogue dans lequel c'était lui qui parlait et lui qui écoutait, disant -ce qu'il eût voulu taire, écoutant ce qu'il n'eût pas voulu entendre, -cédant à cette puissance mystérieuse qui lui disait: pense! comme elle -disait il y a deux mille ans à un autre condamné, marche! - -Avant d'aller plus loin et pour être pleinement compris, insistons sur -une observation nécessaire. - -Il est certain qu'on se parle à soi-même, il n'est pas un être pensant -qui ne l'ait éprouvé. On peut dire même que le verbe n'est jamais un -plus magnifique mystère que lorsqu'il va, dans l'intérieur d'un homme, -de la pensée à la conscience et qu'il retourne de la conscience à la -pensée. C'est dans ce sens seulement qu'il faut entendre les mots -souvent employés dans ce chapitre, il dit, il s'écria. On se dit, on se -parle, on s'écrie en soi-même, sans que le silence extérieur soit rompu. -Il y a un grand tumulte; tout parle en nous, excepté la bouche. Les -réalités de l'âme, pour n'être point visibles et palpables, n'en sont -pas moins des réalités. - -Il se demanda donc où il en était. Il s'interrogea sur cette «résolution -prise». Il se confessa à lui-même que tout ce qu'il venait d'arranger -dans son esprit était monstrueux, que «laisser aller les choses, laisser -faire le bon Dieu», c'était tout simplement horrible. Laisser -s'accomplir cette méprise de la destinée et des hommes, ne pas -l'empêcher, s'y prêter par son silence, ne rien faire enfin, c'était -faire tout! c'était le dernier degré de l'indignité hypocrite! c'était -un crime bas, lâche, sournois, abject, hideux! - -Pour la première fois depuis huit années, le malheureux homme venait de -sentir la saveur amère d'une mauvaise pensée et d'une mauvaise action. - -Il la recracha avec dégoût. - -Il continua de se questionner. Il se demanda sévèrement ce qu'il avait -entendu par ceci: "Mon but est atteint!" Il se déclara que sa vie avait -un but en effet. Mais quel but? cacher son nom? tromper la police? -Était-ce pour une chose si petite qu'il avait fait tout ce qu'il avait -fait? Est-ce qu'il n'avait pas un autre but, qui était le grand, qui -était le vrai? Sauver, non sa personne, mais son âme. Redevenir honnête -et bon. Être un juste! est-ce que ce n'était pas là surtout, là -uniquement, ce qu'il avait toujours voulu, ce que l'évêque lui avait -ordonné?--Fermer la porte à son passé? Mais il ne la fermait pas, grand -Dieu! il la rouvrait en faisant une action infâme! mais il redevenait un -voleur, et le plus odieux des voleurs! il volait à un autre son -existence, sa vie, sa paix, sa place au soleil! il devenait un assassin! -il tuait, il tuait moralement un misérable homme, il lui infligeait -cette affreuse mort vivante, cette mort à ciel ouvert, qu'on appelle le -bagne! Au contraire, se livrer, sauver cet homme frappé d'une si lugubre -erreur, reprendre son nom, redevenir par devoir le forçat Jean Valjean, -c'était là vraiment achever sa résurrection, et fermer à jamais l'enfer -d'où il sortait! Y retomber en apparence, c'était en sortir en réalité! -Il fallait faire cela! il n'avait rien fait s'il ne faisait pas cela! -toute sa vie était inutile, toute sa pénitence était perdue, et il n'y -avait plus qu'à dire: à quoi bon? Il sentait que l'évêque était là, que -l'évêque était d'autant plus présent qu'il était mort, que l'évêque le -regardait fixement, que désormais le maire Madeleine avec toutes ses -vertus lui serait abominable, et que le galérien Jean Valjean serait -admirable et pur devant lui. Que les hommes voyaient son masque, mais -que l'évêque voyait sa face. Que les hommes voyaient sa vie, mais que -l'évêque voyait sa conscience. Il fallait donc aller à Arras, délivrer -le faux Jean Valjean, dénoncer le véritable! Hélas! c'était là le plus -grand des sacrifices, la plus poignante des victoires, le dernier pas à -franchir; mais il le fallait. Douloureuse destinée! il n'entrerait dans -la sainteté aux yeux de Dieu que s'il rentrait dans l'infamie aux yeux -des hommes! - ---Eh bien, dit-il, prenons ce parti! faisons notre devoir! sauvons cet -homme! - -Il prononça ces paroles à haute voix, sans s'apercevoir qu'il parlait -tout haut. - -Il prit ses livres, les vérifia et les mit en ordre. Il jeta au feu une -liasse de créances qu'il avait sur de petits commerçants gênés. Il -écrivit une lettre qu'il cacheta et sur l'enveloppe de laquelle on -aurait pu lire, s'il y avait eu quelqu'un dans sa chambre en cet -instant: _À Monsieur Laffitte, banquier, rue d'Artois, à Paris_. - -Il tira d'un secrétaire un portefeuille qui contenait quelques billets -de banque et le passeport dont il s'était servi cette même année pour -aller aux élections. - -Qui l'eût vu pendant qu'il accomplissait ces divers actes auxquels se -mêlait une méditation si grave, ne se fût pas douté de ce qui se passait -en lui. Seulement par moments ses lèvres remuaient; dans d'autres -instants il relevait la tête et fixait son regard sur un point -quelconque de la muraille, comme s'il y avait précisément là quelque -chose qu'il voulait éclaircir ou interroger. - -La lettre à M. Laffitte terminée, il la mit dans sa poche ainsi que le -portefeuille, et recommença à marcher. - -Sa rêverie n'avait point dévié. Il continuait de voir clairement son -devoir écrit en lettres lumineuses qui flamboyaient devant ses yeux et -se déplaçaient avec son regard:--_Va! nomme-toi! dénonce-toi!_ - -Il voyait de même, et comme si elles se fussent mues devant lui avec des -formes sensibles, les deux idées qui avaient été jusque-là la double -règle de sa vie: cacher son nom, sanctifier son âme. Pour la première -fois, elles lui apparaissaient absolument distinctes, et il voyait la -différence qui les séparait. Il reconnaissait que l'une de ces idées -était nécessairement bonne, tandis que l'autre pouvait devenir mauvaise; -que celle-là était le dévouement et que celle-ci était la personnalité; -que l'une disait: le _prochain_, et que l'autre disait: _moi_; que l'une -venait de la lumière et que l'autre venait de la nuit. - -Elles se combattaient, il les voyait se combattre. À mesure qu'il -songeait, elles avaient grandi devant l'oeil de son esprit; elles -avaient maintenant des statures colossales; et il lui semblait qu'il -voyait lutter au dedans de lui-même, dans cet infini dont nous parlions -tout à l'heure, au milieu des obscurités et des lueurs, une déesse et -une géante. - -Il était plein d'épouvante, mais il lui semblait que la bonne pensée -l'emportait. - -Il sentait qu'il touchait à l'autre moment décisif de sa conscience et -de sa destinée; que l'évêque avait marqué la première phase de sa vie -nouvelle, et que ce Champmathieu en marquait la seconde. Après la grande -crise, la grande épreuve. - -Cependant la fièvre, un instant apaisée, lui revenait peu à peu. Mille -pensées le traversaient, mais elles continuaient de le fortifier dans sa -résolution. - -Un moment il s'était dit:--qu'il prenait peut-être la chose trop -vivement, qu'après tout ce Champmathieu n'était pas intéressant, qu'en -somme il avait volé. - -Il se répondit:--Si cet homme a en effet volé quelques pommes, c'est un -mois de prison. Il y a loin de là aux galères. Et qui sait même? a-t-il -volé? est-ce prouvé? Le nom de Jean Valjean l'accable et semble -dispenser de preuves. Les procureurs du roi n'agissent-ils pas -habituellement ainsi? On le croit voleur, parce qu'on le sait forçat. - -Dans un autre instant, cette idée lui vint que, lorsqu'il se serait -dénoncé, peut-être on considérerait l'héroïsme de son action, et sa vie -honnête depuis sept ans, et ce qu'il avait fait pour le pays, et qu'on -lui ferait grâce. - -Mais cette supposition s'évanouit bien vite, et il sourit amèrement en -songeant que le vol des quarante sous à Petit-Gervais le faisait -récidiviste, que cette affaire reparaîtrait certainement et, aux termes -précis de la loi, le ferait passible des travaux forcés à perpétuité. - -Il se détourna de toute illusion, se détacha de plus en plus de la terre -et chercha la consolation et la force ailleurs. Il se dit qu'il fallait -faire son devoir; que peut-être même ne serait-il pas plus malheureux -après avoir fait son devoir qu'après l'avoir éludé; que s'il _laissait -faire_, s'il restait à Montreuil-sur-mer, sa considération, sa bonne -renommée, ses bonnes oeuvres, la déférence, la vénération, sa charité, -sa richesse, sa popularité, sa vertu, seraient assaisonnées d'un crime; -et quel goût auraient toutes ces choses saintes liées à cette chose -hideuse! tandis que, s'il accomplissait son sacrifice, au bagne, au -poteau, au carcan, au bonnet vert, au travail sans relâche, à la honte -sans pitié, il se mêlerait une idée céleste! - -Enfin il se dit qu'il y avait nécessité, que sa destinée était ainsi -faite, qu'il n'était pas maître de déranger les arrangements d'en haut, -que dans tous les cas il fallait choisir: ou la vertu au dehors et -l'abomination au dedans, ou la sainteté au dedans et l'infamie au -dehors. - -À remuer tant d'idées lugubres, son courage ne défaillait pas, mais son -cerveau se fatiguait. Il commençait à penser malgré lui à d'autres -choses, à des choses indifférentes. Ses artères battaient violemment -dans ses tempes. Il allait et venait toujours. Minuit sonna d'abord à la -paroisse, puis à la maison de ville. Il compta les douze coups aux deux -horloges, et il compara le son des deux cloches. Il se rappela à cette -occasion que quelques jours auparavant il avait vu chez un marchand de -ferrailles une vieille cloche à vendre sur laquelle ce nom était écrit: -_Antoine Albin de Romainville_. - -Il avait froid. Il alluma un peu de feu. Il ne songea pas à fermer la -fenêtre. - -Cependant il était retombé dans sa stupeur. Il lui fallait faire un -assez grand effort pour se rappeler à quoi il songeait avant que minuit -sonnât. Il y parvint enfin. - ---Ah! oui, se dit-il, j'avais pris la résolution de me dénoncer. - -Et puis tout à coup il pensa à la Fantine. - ---Tiens! dit-il, et cette pauvre femme! - -Ici une crise nouvelle se déclara. - -Fantine, apparaissant brusquement dans sa rêverie, y fut comme un rayon -d'une lumière inattendue. Il lui sembla que tout changeait d'aspect -autour de lui, il s'écria: - ---Ah çà, mais! jusqu'ici je n'ai considéré que moi! je n'ai eu égard -qu'à ma convenance! Il me convient de me taire ou de me -dénoncer,--cacher ma personne ou sauver mon âme,--être un magistrat -méprisable et respecté ou un galérien infâme et vénérable, c'est moi, -c'est toujours moi, ce n'est que moi! Mais, mon Dieu, c'est de l'égoïsme -tout cela! Ce sont des formes diverses de l'égoïsme, mais c'est de -l'égoïsme! Si je songeais un peu aux autres? La première sainteté est de -penser à autrui. Voyons, examinons. Moi excepté, moi effacé, moi oublié, -qu'arrivera-t-il de tout ceci?--Si je me dénonce? on me prend. On lâche -ce Champmathieu, on me remet aux galères, c'est bien. Et puis? Que se -passe-t-il ici? Ah! ici, il y a un pays, une ville, des fabriques, une -industrie, des ouvriers, des hommes, des femmes, des vieux grands-pères, -des enfants, des pauvres gens! J'ai créé tout ceci, je fais vivre tout -cela; partout où il y a une cheminée qui fume, c'est moi qui ai mis le -tison dans le feu et la viande dans la marmite; j'ai fait l'aisance, la -circulation, le crédit; avant moi il n'y avait rien; j'ai relevé, -vivifié, animé, fécondé, stimulé, enrichi tout le pays; moi de moins, -c'est l'âme de moins. Je m'ôte, tout meurt.--Et cette femme qui a tant -souffert, qui a tant de mérites dans sa chute, dont j'ai causé sans le -vouloir tout le malheur! Et cet enfant que je voulais aller chercher, -que j'ai promis à la mère! Est-ce que je ne dois pas aussi quelque chose -à cette femme, en réparation du mal que je lui ai fait? Si je disparais, -qu'arrive-t-il? La mère meurt. L'enfant devient ce qu'il peut. Voilà ce -qui se passe, si je me dénonce.--Si je ne me dénonce pas? Voyons, si je -ne me dénonce pas? Après s'être fait cette question, il s'arrêta; il eut -comme un moment d'hésitation et de tremblement; mais ce moment dura peu, -et il se répondit avec calme: - ---Eh bien, cet homme va aux galères, c'est vrai, mais, que diable! il a -volé! J'ai beau me dire qu'il n'a pas volé, il a volé! Moi, je reste -ici, je continue. Dans dix ans j'aurai gagné dix millions, je les -répands dans le pays, je n'ai rien à moi, qu'est-ce que cela me fait? Ce -n'est pas pour moi ce que je fais! La prospérité de tous va croissant, -les industries s'éveillent et s'excitent, les manufactures et les usines -se multiplient, les familles, cent familles, mille familles! sont -heureuses; la contrée se peuple; il naît des villages où il n'y a que -des fermes, il naît des fermes où il n'y a rien; la misère disparaît, et -avec la misère disparaissent la débauche, la prostitution, le vol, le -meurtre, tous les vices, tous les crimes! Et cette pauvre mère élève son -enfant! et voilà tout un pays riche et honnête! Ah çà, j'étais fou, -j'étais absurde, qu'est-ce que je parlais donc de me dénoncer? Il faut -faire attention, vraiment, et ne rien précipiter. Quoi! parce qu'il -m'aura plu de faire le grand et le généreux,--c'est du mélodrame, après -tout!--parce que je n'aurai songé qu'à moi, qu'à moi seul, quoi! pour -sauver d'une punition peut-être un peu exagérée, mais juste au fond, on -ne sait qui, un voleur, un drôle évidemment, il faudra que tout un pays -périsse! il faudra qu'une pauvre femme crève à l'hôpital! qu'une pauvre -petite fille crève sur le pavé! comme des chiens! Ah! mais c'est -abominable! Sans même que la mère ait revu son enfant! sans que l'enfant -ait presque connu sa mère! Et tout ça pour ce vieux gredin de voleur de -pommes qui, à coup sûr, a mérité les galères pour autre chose, si ce -n'est pour cela! Beaux scrupules qui sauvent un coupable et qui -sacrifient des innocents, qui sauvent un vieux vagabond, lequel n'a plus -que quelques années à vivre au bout du compte et ne sera guère plus -malheureux au bagne que dans sa masure, et qui sacrifient toute une -population, mères, femmes, enfants! Cette pauvre petite Cosette qui n'a -que moi au monde et qui est sans doute en ce moment toute bleue de froid -dans le bouge de ces Thénardier! Voilà encore des canailles ceux-là! Et -je manquerais à mes devoirs envers tous ces pauvres êtres! Et je m'en -irais me dénoncer! Et je ferais cette inepte sottise! Mettons tout au -pis. Supposons qu'il y ait une mauvaise action pour moi dans ceci et que -ma conscience me la reproche un jour, accepter, pour le bien d'autrui, -ces reproches qui ne chargent que moi, cette mauvaise action qui ne -compromet que mon âme, c'est là qu'est le dévouement, c'est là qu'est la -vertu. - -Il se leva, il se remit à marcher. Cette fois il lui semblait qu'il -était content. On ne trouve les diamants que dans les ténèbres de la -terre; on ne trouve les vérités que dans les profondeurs de la pensée. -Il lui semblait qu'après être descendu dans ces profondeurs, après avoir -longtemps tâtonné au plus noir de ces ténèbres, il venait enfin de -trouver un de ces diamants, une de ces vérités, et qu'il la tenait dans -sa main; et il s'éblouissait à la regarder. - ---Oui, pensa-t-il, c'est cela. Je suis dans le vrai. J'ai la solution. -Il faut finir par s'en tenir à quelque chose. Mon parti est pris. -Laissons faire! Ne vacillons plus, ne reculons plus. Ceci est dans -l'intérêt de tous, non dans le mien. Je suis Madeleine, je reste -Madeleine. Malheur à celui qui est Jean Valjean! Ce n'est plus moi. Je -ne connais pas cet homme, je ne sais plus ce que c'est, s'il se trouve -que quelqu'un est Jean Valjean à cette heure, qu'il s'arrange! cela ne -me regarde pas. C'est un nom de fatalité qui flotte dans la nuit, s'il -s'arrête et s'abat sur une tête, tant pis pour elle! - -Il se regarda dans le petit miroir qui était sur sa cheminée, et dit: - ---Tiens! cela m'a soulagé de prendre une résolution! Je suis tout autre -à présent. - -Il marcha encore quelques pas, puis il s'arrêta court: - ---Allons! dit-il, il ne faut hésiter devant aucune des conséquences de -la résolution prise. Il y a encore des fils qui m'attachent à ce Jean -Valjean. Il faut les briser! Il y a ici, dans cette chambre même, des -objets qui m'accuseraient, des choses muettes qui seraient des témoins, -c'est dit, il faut que tout cela disparaisse. - -Il fouilla dans sa poche, en tira sa bourse, l'ouvrit, et y prit une -petite clef. - -Il introduisit cette clef dans une serrure dont on voyait à peine le -trou, perdu qu'il était dans les nuances les plus sombres du dessin qui -couvrait le papier collé sur le mur. Une cachette s'ouvrit, une espèce -de fausse armoire ménagée entre l'angle de la muraille et le manteau de -la cheminée. Il n'y avait dans cette cachette que quelques guenilles, un -sarrau de toile bleue, un vieux pantalon, un vieux havresac, et un gros -bâton d'épine ferré aux deux bouts. Ceux qui avaient vu Jean Valjean à -l'époque où il traversait Digne, en octobre 1815, eussent aisément -reconnu toutes les pièces de ce misérable accoutrement. - -Il les avait conservées comme il avait conservé les chandeliers -d'argent, pour se rappeler toujours son point de départ. Seulement il -cachait ceci qui venait du bagne, et il laissait voir les flambeaux qui -venaient de l'évêque. - -Il jeta un regard furtif vers la porte, comme s'il eût craint qu'elle ne -s'ouvrît malgré le verrou qui la fermait; puis d'un mouvement vif et -brusque et d'une seule brassée, sans même donner un coup d'oeil à ces -choses qu'il avait si religieusement et si périlleusement gardées -pendant tant d'années, il prit tout, haillons, bâton, havresac, et jeta -tout au feu. Il referma la fausse armoire, et, redoublant de -précautions, désormais inutiles puisqu'elle était vide, en cacha la -porte derrière un gros meuble qu'il y poussa. - -Au bout de quelques secondes, la chambre et le mur d'en face furent -éclairés d'une grande réverbération rouge et tremblante. Tout brûlait. -Le bâton d'épine pétillait et jetait des étincelles jusqu'au milieu de -la chambre. - -Le havresac, en se consumant avec d'affreux chiffons qu'il contenait, -avait mis à nu quelque chose qui brillait dans la cendre. En se -penchant, on eût aisément reconnu une pièce d'argent. Sans doute la -pièce de quarante sous volée au petit savoyard. - -Lui ne regardait pas le feu et marchait, allant et venant toujours du -même pas. - -Tout à coup ses yeux tombèrent sur les deux flambeaux d'argent que la -réverbération faisait reluire vaguement sur la cheminée. - ---Tiens! pensa-t-il, tout Jean Valjean est encore là-dedans. Il faut -aussi détruire cela. - -Il prit les deux flambeaux. - -Il y avait assez de feu pour qu'on pût les déformer promptement et en -faire une sorte de lingot méconnaissable. - -Il se pencha sur le foyer et s'y chauffa un instant. Il eut un vrai -bien-être.--La bonne chaleur! dit-il. - -Il remua le brasier avec un des deux chandeliers. Une minute de plus, et -ils étaient dans le feu. En ce moment il lui sembla qu'il entendait une -voix qui criait au dedans de lui: - ---Jean Valjean! Jean Valjean! - -Ses cheveux se dressèrent, il devint comme un homme qui écoute une chose -terrible. - ---Oui, c'est cela, achève! disait la voix. Complète ce que tu fais! -détruis ces flambeaux! anéantis ce souvenir! oublie l'évêque! oublie -tout! perds ce Champmathieu! va, c'est bien. Applaudis-toi! Ainsi, c'est -convenu, c'est résolu, c'est dit, voilà un homme, voilà un vieillard qui -ne sait ce qu'on lui veut, qui n'a rien fait peut-être, un innocent, -dont ton nom fait tout le malheur, sur qui ton nom pèse comme un crime, -qui va être pris pour toi, qui va être condamné, qui va finir ses jours -dans l'abjection et dans l'horreur! c'est bien. Sois honnête homme, toi. -Reste monsieur le maire, reste honorable et honoré, enrichis la ville, -nourris des indigents, élève des orphelins, vis heureux, vertueux et -admiré, et pendant ce temps-là, pendant que tu seras ici dans la joie et -dans la lumière, il y aura quelqu'un qui aura ta casaque rouge, qui -portera ton nom dans l'ignominie et qui traînera ta chaîne au bagne! -Oui, c'est bien arrangé ainsi! Ah! misérable! - -La sueur lui coulait du front. Il attachait sur les flambeaux un oeil -hagard. Cependant ce qui parlait en lui n'avait pas fini. La voix -continuait: - ---Jean Valjean! il y aura autour de toi beaucoup de voix qui feront un -grand bruit, qui parleront bien haut, et qui te béniront, et une seule -que personne n'entendra et qui te maudira dans les ténèbres. Eh bien! -écoute, infâme! toutes ces bénédictions retomberont avant d'arriver au -ciel, et il n'y aura que la malédiction qui montera jusqu'à Dieu! Cette -voix, d'abord toute faible et qui s'était élevée du plus obscur de sa -conscience, était devenue par degrés éclatante et formidable, et il -l'entendait maintenant à son oreille. Il lui semblait qu'elle était -sortie de lui-même et qu'elle parlait à présent en dehors de lui. Il -crut entendre les dernières paroles si distinctement qu'il regarda dans -la chambre avec une sorte de terreur. - ---Y a-t-il quelqu'un ici? demanda-t-il à haute voix, et tout égaré. - -Puis il reprit avec un rire qui ressemblait au rire d'un idiot: - ---Que je suis bête! il ne peut y avoir personne. - -Il y avait quelqu'un; mais celui qui y était n'était pas de ceux que -l'oeil humain peut voir. - -Il posa les flambeaux sur la cheminée. - -Alors il reprit cette marche monotone et lugubre qui troublait dans ses -rêves et réveillait en sursaut l'homme endormi au-dessous de lui. - -Cette marche le soulageait et l'enivrait en même temps. Il semble que -parfois dans les occasions suprêmes on se remue pour demander conseil à -tout ce qu'on peut rencontrer en se déplaçant. Au bout de quelques -instants il ne savait plus où il en était. - -Il reculait maintenant avec une égale épouvante devant les deux -résolutions qu'il avait prises tour à tour. Les deux idées qui le -conseillaient lui paraissaient aussi funestes l'une que l'autre.--Quelle -fatalité! quelle rencontre que ce Champmathieu pris pour lui! Être -précipité justement par le moyen que la providence paraissait d'abord -avoir employé pour l'affermir! - -Il y eut un moment où il considéra l'avenir. Se dénoncer, grand Dieu! se -livrer! Il envisagea avec un immense désespoir tout ce qu'il faudrait -quitter, tout ce qu'il faudrait reprendre. Il faudrait donc dire adieu à -cette existence si bonne, si pure, si radieuse, à ce respect de tous, à -l'honneur, à la liberté! Il n'irait plus se promener dans les champs, il -n'entendrait plus chanter les oiseaux au mois de mai, il ne ferait plus -l'aumône aux petits enfants! Il ne sentirait plus la douceur des regards -de reconnaissance et d'amour fixés sur lui! Il quitterait cette maison -qu'il avait bâtie, cette chambre, cette petite chambre! Tout lui -paraissait charmant à cette heure. Il ne lirait plus dans ces livres, il -n'écrirait plus sur cette petite table de bois blanc! Sa vieille -portière, la seule servante qu'il eût, ne lui monterait plus son café le -matin. Grand Dieu! au lieu de cela, la chiourme, le carcan, la veste -rouge, la chaîne au pied, la fatigue, le cachot, le lit de camp, toutes -ces horreurs connues! À son âge, après avoir été ce qu'il était! Si -encore il était jeune! Mais, vieux, être tutoyé par le premier venu, -être fouillé par le garde-chiourme, recevoir le coup de bâton de -l'argousin! avoir les pieds nus dans des souliers ferrés! tendre matin -et soir sa jambe au marteau du rondier qui visite la manille! subir la -curiosité des étrangers auxquels on dirait: _Celui-là, c'est le fameux -Jean Valjean, qui a été maire à Montreuil-sur-mer_! Le soir, ruisselant -de sueur, accablé de lassitude, le bonnet vert sur les yeux, remonter -deux à deux, sous le fouet du sergent, l'escalier-échelle du bagne -flottant! Oh! quelle misère! La destinée peut-elle donc être méchante -comme un être intelligent et devenir monstrueuse comme le coeur humain! - -Et, quoi qu'il fît, il retombait toujours sur ce poignant dilemme qui -était au fond de sa rêverie:--rester dans le paradis, et y devenir -démon! rentrer dans l'enfer, et y devenir ange! - -Que faire, grand Dieu! que faire? - -La tourmente dont il était sorti avec tant de peine se déchaîna de -nouveau en lui. Ses idées recommencèrent à se mêler. Elles prirent ce je -ne sais quoi de stupéfié et de machinal qui est propre au désespoir. Ce -nom de Romainville lui revenait sans cesse à l'esprit avec deux vers -d'une chanson qu'il avait entendue autrefois. Il songeait que -Romainville est un petit bois près Paris où les jeunes gens amoureux -vont cueillir des lilas au mois d'avril. - -Il chancelait au dehors comme au dedans. Il marchait comme un petit -enfant qu'on laisse aller seul. - -À de certains moments, luttant contre sa lassitude, il faisait effort -pour ressaisir son intelligence. Il tâchait de se poser une dernière -fois, et définitivement, le problème sur lequel il était en quelque -sorte tombé d'épuisement. Faut-il se dénoncer? Faut-il se taire?--Il ne -réussissait à rien voir de distinct. Les vagues aspects de tous les -raisonnements ébauchés par sa rêverie tremblaient et se dissipaient l'un -après l'autre en fumée. Seulement il sentait que, à quelque parti qu'il -s'arrêtât, nécessairement, et sans qu'il fût possible d'y échapper, -quelque chose de lui allait mourir; qu'il entrait dans un sépulcre à -droite comme à gauche; qu'il accomplissait une agonie, l'agonie de son -bonheur ou l'agonie de sa vertu. - -Hélas! toutes ses irrésolutions l'avaient repris. Il n'était pas plus -avancé qu'au commencement. - -Ainsi se débattait sous l'angoisse cette malheureuse âme. Dix-huit cents -ans avant cet homme infortuné, l'être mystérieux, en qui se résument -toutes les saintetés et toutes les souffrances de l'humanité, avait -aussi lui, pendant que les oliviers frémissaient au vent farouche de -l'infini, longtemps écarté de la main l'effrayant calice qui lui -apparaissait ruisselant d'ombre et débordant de ténèbres dans des -profondeurs pleines d'étoiles. - - - - -Chapitre IV - -Formes que prend la souffrance pendant le sommeil - - -Trois heures du matin venaient de sonner, et il y avait cinq heures -qu'il marchait ainsi, presque sans interruption lorsqu'il se laissa -tomber sur sa chaise. - -Il s'y endormit et fit un rêve. - -Ce rêve, comme la plupart des rêves, ne se rapportait à la situation que -par je ne sais quoi de funeste et de poignant, mais il lui fit -impression. Ce cauchemar le frappa tellement que plus tard il l'a écrit. -C'est un des papiers écrits de sa main qu'il a laissés. Nous croyons -devoir transcrire ici cette chose textuellement. - -Quel que soit ce rêve, l'histoire de cette nuit serait incomplète si -nous l'omettions. C'est la sombre aventure d'une âme malade. - -Le voici. Sur l'enveloppe nous trouvons cette ligne écrite: _Le rêve que -j'ai eu cette nuit-là._ - -«J'étais dans une campagne. Une grande campagne triste où il n'y avait -pas d'herbe. Il ne me semblait pas qu'il fît jour ni qu'il fît nuit. - -«Je me promenais avec mon frère, le frère de mes années d'enfance, ce -frère auquel je dois dire que je ne pense jamais et dont je ne me -souviens presque plus. - -«Nous causions, et nous rencontrions des passants. Nous parlions d'une -voisine que nous avions eue autrefois, et qui, depuis qu'elle demeurait -sur la rue, travaillait la fenêtre toujours ouverte. Tout en causant, -nous avions froid à cause de cette fenêtre ouverte. - -«Il n'y avait pas d'arbres dans la campagne. - -«Nous vîmes un homme qui passa près de nous. C'était un homme tout nu, -couleur de cendre, monté sur un cheval couleur de terre. L'homme n'avait -pas de cheveux; on voyait son crâne et des veines sur son crâne. Il -tenait à la main une baguette qui était souple comme un sarment de vigne -et lourde comme du fer. Ce cavalier passa et ne nous dit rien. - -«Mon frère me dit: Prenons par le chemin creux. - -«Il y avait un chemin creux où l'on ne voyait pas une broussaille ni un -brin de mousse. Tout était couleur de terre, même le ciel. Au bout de -quelques pas, on ne me répondit plus quand je parlais. Je m'aperçus que -mon frère n'était plus avec moi. - -«J'entrai dans un village que je vis. Je songeai que ce devait être là -Romainville (pourquoi Romainville?). - -«La première rue où j'entrai était déserte. J'entrai dans une seconde -rue. Derrière l'angle que faisaient les deux rues, il y avait un homme -debout contre le mur. Je dis à cet homme:--Quel est ce pays? où suis-je? -L'homme ne répondit pas. Je vis la porte d'une maison ouverte, j'y -entrai. - -«La première chambre était déserte. J'entrai dans la seconde. Derrière -la porte de cette chambre, il y avait un homme debout contre le mur. Je -demandai à cet homme:--À qui est cette maison? où suis-je? L'homme ne -répondit pas. La maison avait un jardin. - -«Je sortis de la maison et j'entrai dans le jardin. Le jardin était -désert. Derrière le premier arbre, je trouvai un homme qui se tenait -debout. Je dis à cet homme:--Quel est ce jardin? où suis-je? L'homme ne -répondit pas. - -«J'errai dans le village, et je m'aperçus que c'était une ville. Toutes -les rues étaient désertes, toutes les portes étaient ouvertes. Aucun -être vivant ne passait dans les rues, ne marchait dans les chambres ou -ne se promenait dans les jardins. Mais il y avait derrière chaque angle -de mur, derrière chaque porte, derrière chaque arbre, un homme debout -qui se taisait. On n'en voyait jamais qu'un à la fois. Ces hommes me -regardaient passer. - -«Je sortis de la ville et je me mis à marcher dans les champs. - -«Au bout de quelque temps, je me retournai, et je vis une grande foule -qui venait derrière moi. Je reconnus tous les hommes que j'avais vus -dans la ville. Ils avaient des têtes étranges. Ils ne semblaient pas se -hâter, et cependant ils marchaient plus vite que moi. Ils ne faisaient -aucun bruit en marchant. En un instant, cette foule me rejoignit et -m'entoura. Les visages de ces hommes étaient couleur de terre. - -«Alors le premier que j'avais vu et questionné en entrant dans la ville -me dit:--Où allez-vous? Est-ce que vous ne savez pas que vous êtes mort -depuis longtemps? - -«J'ouvris la bouche pour répondre, et je m'aperçus qu'il n'y avait -personne autour de moi.» - -Il se réveilla. Il était glacé. Un vent qui était froid comme le vent du -matin faisait tourner dans leurs gonds les châssis de la croisée restée -ouverte. Le feu s'était éteint. La bougie touchait à sa fin. Il était -encore nuit noire. - -Il se leva, il alla à la fenêtre. Il n'y avait toujours pas d'étoiles au -ciel. - -De sa fenêtre on voyait la cour de la maison et la rue. Un bruit sec et -dur qui résonna tout à coup sur le sol lui fit baisser les yeux. - -Il vit au-dessous de lui deux étoiles rouges dont les rayons -s'allongeaient et se raccourcissaient bizarrement dans l'ombre. - -Comme sa pensée était encore à demi submergée dans la brume des -rêves.--tiens! songea-t-il, il n'y en a pas dans le ciel. Elles sont sur -la terre maintenant. - -Cependant ce trouble se dissipa, un second bruit pareil au premier -acheva de le réveiller; il regarda, et il reconnut que ces deux étoiles -étaient les lanternes d'une voiture. À la clarté qu'elles jetaient, il -put distinguer la forme de cette voiture. C'était un tilbury attelé d'un -petit cheval blanc. Le bruit qu'il avait entendu, c'étaient les coups de -pied du cheval sur le pavé. - ---Qu'est-ce que c'est que cette voiture? se dit-il. Qui est-ce qui vient -donc si matin? En ce moment on frappa un petit coup à la porte de sa -chambre. - -Il frissonna de la tête aux pieds, et cria d'une voix terrible: - ---Qui est là? - -Quelqu'un répondit: - ---Moi, monsieur le maire. - -Il reconnut la voix de la vieille femme, sa portière. - ---Eh bien, reprit-il, qu'est-ce que c'est? - ---Monsieur le maire, il est tout à l'heure cinq heures du matin. - ---Qu'est-ce que cela me fait? - ---Monsieur le maire, c'est le cabriolet. - ---Quel cabriolet? - ---Le tilbury. - ---Quel tilbury? - ---Est-ce que monsieur le maire n'a pas fait demander un tilbury? - ---Non, dit-il. - ---Le cocher dit qu'il vient chercher monsieur le maire. - ---Quel cocher? - ---Le cocher de M. Scaufflaire. - ---M. Scaufflaire? - -Ce nom le fit tressaillir comme si un éclair lui eût passé devant la -face. - ---Ah! oui! reprit-il, M. Scaufflaire. - -Si la vieille femme l'eût pu voir en ce moment, elle eût été épouvantée. - -Il se fit un assez long silence. Il examinait d'un air stupide la flamme -de la bougie et prenait autour de la mèche de la cire brûlante qu'il -roulait dans ses doigts. - -La vieille attendait. Elle se hasarda pourtant à élever encore la voix: - ---Monsieur le maire, que faut-il que je réponde? - ---Dites que c'est bien, et que je descends. - - - - -Chapitre V - -Bâtons dans les roues - - -Le service des postes d'Arras à Montreuil-sur-mer se faisait encore à -cette époque par de petites malles du temps de l'empire. Ces malles -étaient des cabriolets à deux roues, tapissés de cuir fauve au dedans, -suspendus sur des ressorts à pompe, et n'ayant que deux places, l'une -pour le courrier, l'autre pour le voyageur. Les roues étaient armées de -ces longs moyeux offensifs qui tiennent les autres voitures à distance -et qu'on voit encore sur les routes d'Allemagne. Le coffre aux dépêches, -immense boîte oblongue, était placé derrière le cabriolet et faisait -corps avec lui. Ce coffre était peint en noir et le cabriolet en jaune. - -Ces voitures, auxquelles rien ne ressemble aujourd'hui, avaient je ne -sais quoi de difforme et de bossu, et, quand on les voyait passer de -loin et ramper dans quelque route à l'horizon, elles ressemblaient à ces -insectes qu'on appelle, je crois, termites, et qui, avec un petit -corsage, traînent un gros arrière-train. Elles allaient, du reste, fort -vite. La malle partie d'Arras toutes les nuits à une heure, après le -passage du courrier de Paris, arrivait à Montreuil-sur-mer un peu avant -cinq heures du matin. - -Cette nuit-là, la malle qui descendait à Montreuil-sur-mer par la route -de Hesdin accrocha, au tournant d'une rue, au moment où elle entrait -dans la ville, un petit tilbury attelé d'un cheval blanc, qui venait en -sens inverse et dans lequel il n'y avait qu'une personne, un homme -enveloppé d'un manteau. La roue du tilbury reçut un choc assez rude. Le -courrier cria à cet homme d'arrêter, mais le voyageur n'écouta pas, et -continua sa route au grand trot. - ---Voilà un homme diablement pressé! dit le courrier. - -L'homme qui se hâtait ainsi, c'est celui que nous venons de voir se -débattre dans des convulsions dignes à coup sûr de pitié. - -Où allait-il? Il n'eût pu le dire. Pourquoi se hâtait-il? Il ne savait. -Il allait au hasard devant lui. Où? À Arras sans doute; mais il allait -peut-être ailleurs aussi. Par moments il le sentait, et il tressaillait. - -Il s'enfonçait dans cette nuit comme dans un gouffre. Quelque chose le -poussait, quelque chose l'attirait. Ce qui se passait en lui, personne -ne pourrait le dire, tous le comprendront. Quel homme n'est entré, au -moins une fois en sa vie, dans cette obscure caverne de l'inconnu? - -Du reste il n'avait rien résolu, rien décidé, rien arrêté, rien fait. -Aucun des actes de sa conscience n'avait été définitif. Il était plus -que jamais comme au premier moment. Pourquoi allait-il à Arras? - -Il se répétait ce qu'il s'était déjà dit en retenant le cabriolet de -Scaufflaire,--que, quel que dût être le résultat, il n'y avait aucun -inconvénient à voir de ses yeux, à juger les choses par lui-même;--que -cela même était prudent, qu'il fallait savoir ce qui se passerait; qu'on -ne pouvait rien décider sans avoir observé et scruté;--que de loin on se -faisait des montagnes de tout; qu'au bout du compte, lorsqu'il aurait vu -ce Champmathieu, quelque misérable, sa conscience serait probablement -fort soulagée de le laisser aller au bagne à sa place;--qu'à la vérité -il y aurait là Javert, et ce Brevet, ce Chenildieu, ce Cochepaille, -anciens forçats qui l'avaient connu; mais qu'à coup sûr ils ne le -reconnaîtraient pas;--bah! quelle idée!--que Javert en était à cent -lieues;--que toutes les conjectures et toutes les suppositions étaient -fixées sur ce Champmathieu, et que rien n'est entêté comme les -suppositions et les conjectures;--qu'il n'y avait donc aucun danger. Que -sans doute c'était un moment noir, mais qu'il en sortirait;--qu'après -tout il tenait sa destinée, si mauvaise qu'elle voulût être, dans sa -main;--qu'il en était le maître. Il se cramponnait à cette pensée. - -Au fond, pour tout dire, il eût mieux aimé ne point aller à Arras. - -Cependant il y allait. - -Tout en songeant, il fouettait le cheval, lequel trottait de ce bon trot -réglé et sûr qui fait deux lieues et demie à l'heure. - -À mesure que le cabriolet avançait, il sentait quelque chose en lui qui -reculait. - -Au point du jour il était en rase campagne; la ville de -Montreuil-sur-mer était assez loin derrière lui. Il regarda l'horizon -blanchir; il regarda, sans les voir, passer devant ses yeux toutes les -froides figures d'une aube d'hiver. Le matin a ses spectres comme le -soir. Il ne les voyait pas, mais, à son insu, et par une sorte de -pénétration presque physique, ces noires silhouettes d'arbres et de -collines ajoutaient à l'état violent de son âme je ne sais quoi de morne -et de sinistre. - -Chaque fois qu'il passait devant une de ces maisons isolées qui côtoient -parfois les routes, il se disait: il y a pourtant là-dedans des gens qui -dorment! - -Le trot du cheval, les grelots du harnais, les roues sur le pavé, -faisaient un bruit doux et monotone. Ces choses-là sont charmantes quand -on est joyeux et lugubres quand on est triste. Il était grand jour -lorsqu'il arriva à Hesdin. Il s'arrêta devant une auberge pour laisser -souffler le cheval et lui faire donner l'avoine. - -Ce cheval était, comme l'avait dit Scaufflaire, de cette petite race du -Boulonnais qui a trop de tête, trop de ventre et pas assez d'encolure, -mais qui a le poitrail ouvert, la croupe large, la jambe sèche et fine -et le pied solide; race laide, mais robuste et saine. L'excellente bête -avait fait cinq lieues en deux heures et n'avait pas une goutte de sueur -sur la croupe. - -Il n'était pas descendu du tilbury. Le garçon d'écurie qui apportait -l'avoine se baissa tout à coup et examina la roue de gauche. - ---Allez-vous loin comme cela? dit cet homme. - -Il répondit, presque sans sortir de sa rêverie: - ---Pourquoi? - ---Venez-vous de loin? reprit le garçon. - ---De cinq lieues d'ici. - ---Ah! - ---Pourquoi dites-vous: ah? - -Le garçon se pencha de nouveau, resta un moment silencieux, l'oeil fixé -sur la roue, puis se redressa en disant: - ---C'est que voilà une roue qui vient de faire cinq lieues, c'est -possible, mais qui à coup sûr ne fera pas maintenant un quart de lieue. - -Il sauta à bas du tilbury. - ---Que dites-vous là, mon ami? - ---Je dis que c'est un miracle que vous ayez fait cinq lieues sans -rouler, vous et votre cheval, dans quelque fossé de la grande route. -Regardez plutôt. - -La roue en effet était gravement endommagée. Le choc de la malle-poste -avait fendu deux rayons et labouré le moyeu dont l'écrou ne tenait plus. - ---Mon ami, dit-il au garçon d'écurie, il y a un charron ici? - ---Sans doute, monsieur. - ---Rendez-moi le service de l'aller chercher. - ---Il est là, à deux pas. Hé! maître Bourgaillard! - -Maître Bourgaillard, le charron, était sur le seuil de sa porte. Il vint -examiner la roue et fit la grimace d'un chirurgien qui considère une -jambe cassée. - ---Pouvez-vous raccommoder cette roue sur-le-champ? - ---Oui, monsieur. - ---Quand pourrai-je repartir? - ---Demain. - ---Demain! - ---Il y a une grande journée d'ouvrage. Est-ce que monsieur est pressé? - ---Très pressé. Il faut que je reparte dans une heure au plus tard. - ---Impossible, monsieur. - ---Je payerai tout ce qu'on voudra. - ---Impossible. - ---Eh bien! dans deux heures. - ---Impossible pour aujourd'hui. Il faut refaire deux rais et un moyeu. -Monsieur ne pourra repartir avant demain. - ---L'affaire que j'ai ne peut attendre à demain. Si, au lieu de -raccommoder cette roue, on la remplaçait? - ---Comment cela? - ---Vous êtes charron? - ---Sans doute, monsieur. - ---Est-ce que vous n'auriez pas une roue à me vendre? Je pourrais -repartir tout de suite. - ---Une roue de rechange? - ---Oui. - ---Je n'ai pas une roue toute faite pour votre cabriolet. Deux roues font -la paire. Deux roues ne vont pas ensemble au hasard. - ---En ce cas, vendez-moi une paire de roues. - ---Monsieur, toutes les roues ne vont pas à tous les essieux. - ---Essayez toujours. - ---C'est inutile, monsieur. Je n'ai à vendre que des roues de charrette. -Nous sommes un petit pays ici. - ---Auriez-vous un cabriolet à me louer? - -Le maître charron, du premier coup d'oeil, avait reconnu que le tilbury -était une voiture de louage. Il haussa les épaules. - ---Vous les arrangez bien, les cabriolets qu'on vous loue! j'en aurais un -que je ne vous le louerais pas. - ---Eh bien, à me vendre? - ---Je n'en ai pas. - ---Quoi! pas une carriole? Je ne suis pas difficile, comme vous voyez. - ---Nous sommes un petit pays. J'ai bien là sous la remise, ajouta le -charron, une vieille calèche qui est à un bourgeois de la ville qui me -l'a donnée en garde et qui s'en sert tous les trente-six du mois. Je -vous la louerais bien, qu'est-ce que cela me fait? mais il ne faudrait -pas que le bourgeois la vît passer; et puis, c'est une calèche, il -faudrait deux chevaux. - ---Je prendrai des chevaux de poste. - ---Où va monsieur? - ---À Arras. - ---Et monsieur veut arriver aujourd'hui? - ---Mais oui. - ---En prenant des chevaux de poste? - ---Pourquoi pas? - ---Est-il égal à monsieur d'arriver cette nuit à quatre heures du matin? - ---Non certes. - ---C'est que, voyez-vous bien, il y a une chose à dire, en prenant des -chevaux de poste.... - ---Monsieur a son passeport? - ---Oui. - ---Eh bien, en prenant des chevaux de poste, monsieur n'arrivera pas à -Arras avant demain. Nous sommes un chemin de traverse. Les relais sont -mal servis, les chevaux sont aux champs. C'est la saison des grandes -charrues qui commence, il faut de forts attelages, et l'on prend les -chevaux partout, à la poste comme ailleurs. Monsieur attendra au moins -trois ou quatre heures à chaque relais. Et puis on va au pas. Il y a -beaucoup de côtes à monter. - ---Allons, j'irai à cheval. Dételez le cabriolet. On me vendra bien une -selle dans le pays. - ---Sans doute. Mais ce cheval-ci endure-t-il la selle? - ---C'est vrai, vous m'y faites penser. Il ne l'endure pas. - ---Alors.... - ---Mais je trouverai bien dans le village un cheval à louer? - ---Un cheval pour aller à Arras d'une traite! - ---Oui. - ---Il faudrait un cheval comme on n'en a pas dans nos endroits. Il -faudrait l'acheter d'abord, car on ne vous connaît pas. Mais ni à vendre -ni à louer, ni pour cinq cents francs, ni pour mille, vous ne le -trouveriez pas! - ---Comment faire? - ---Le mieux, là, en honnête homme, c'est que je raccommode la roue et que -vous remettiez votre voyage à demain. - ---Demain il sera trop tard. - ---Dame! - ---N'y a-t-il pas la malle-poste qui va à Arras? Quand passe-t-elle? - ---La nuit prochaine. Les deux malles font le service la nuit, celle qui -monte comme celle qui descend. - ---Comment! il vous faut une journée pour raccommoder cette roue? - ---Une journée, et une bonne! - ---En mettant deux ouvriers? - ---En en mettant dix! - ---Si on liait les rayons avec des cordes? - ---Les rayons, oui; le moyeu, non. Et puis la jante aussi est en mauvais -état. - ---Y a-t-il un loueur de voitures dans la ville? - ---Non. - ---Y a-t-il un autre charron? - -Le garçon d'écurie et le maître charron répondirent en même temps en -hochant la tête. - ---Non. - -Il sentit une immense joie. - -Il était évident que la providence s'en mêlait. C'était elle qui avait -brisé la roue du tilbury et qui l'arrêtait en route. Il ne s'était pas -rendu à cette espèce de première sommation; il venait de faire tous les -efforts possibles pour continuer son voyage; il avait loyalement et -scrupuleusement épuisé tous les moyens; il n'avait reculé ni devant la -saison, ni devant la fatigue, ni devant la dépense; il n'avait rien à se -reprocher. S'il n'allait pas plus loin, cela ne le regardait plus. Ce -n'était plus sa faute, c'était, non le fait de sa conscience, mais le -fait de la providence. - -Il respira. Il respira librement et à pleine poitrine pour la première -fois depuis la visite de Javert. Il lui semblait que le poignet de fer -qui lui serrait le coeur depuis vingt heures venait de le lâcher. - -Il lui paraissait que maintenant Dieu était pour lui, et se déclarait. - -Il se dit qu'il avait fait tout ce qu'il pouvait, et qu'à présent il -n'avait qu'à revenir sur ses pas, tranquillement. - -Si sa conversation avec le charron eût eu lieu dans une chambre de -l'auberge, elle n'eût point eu de témoins, personne ne l'eût entendue, -les choses en fussent restées là, et il est probable que nous n'aurions -eu à raconter aucun des événements qu'on va lire; mais cette -conversation s'était faite dans la rue. Tout colloque dans la rue -produit inévitablement un cercle. Il y a toujours des gens qui ne -demandent qu'à être spectateurs. Pendant qu'il questionnait le charron, -quelques allants et venants s'étaient arrêtés autour d'eux. Après avoir -écouté pendant quelques minutes, un jeune garçon, auquel personne -n'avait pris garde, s'était détaché du groupe en courant. - -Au moment où le voyageur, après la délibération intérieure que nous -venons d'indiquer, prenait la résolution de rebrousser chemin, cet -enfant revenait. Il était accompagné d'une vieille femme. - ---Monsieur, dit la femme, mon garçon me dit que vous avez envie de louer -un cabriolet. Cette simple parole, prononcée par une vieille femme que -conduisait un enfant, lui fit ruisseler la sueur dans les reins. Il crut -voir la main qui l'avait lâché reparaître dans l'ombre derrière lui, -toute prête à le reprendre. - -Il répondit: - ---Oui, bonne femme, je cherche un cabriolet à louer. - -Et il se hâta d'ajouter: - ---Mais il n'y en a pas dans le pays. - ---Si fait, dit la vieille. - ---Où ça donc? reprit le charron. - ---Chez moi, répliqua la vieille. - -Il tressaillit. La main fatale l'avait ressaisi. - -La vieille avait en effet sous un hangar une façon de carriole en osier. -Le charron et le garçon d'auberge, désolés que le voyageur leur -échappât, intervinrent. - ---C'était une affreuse guimbarde,--cela était posé à cru sur -l'essieu,--il est vrai que les banquettes étaient suspendues à -l'intérieur avec des lanières de cuir,--il pleuvait dedans,--les roues -étaient rouillées et rongées d'humidité,--cela n'irait pas beaucoup plus -loin que le tilbury,--une vraie patache!--Ce monsieur aurait bien tort -de s'y embarquer,--etc., etc. - -Tout cela était vrai, mais cette guimbarde, cette patache, cette chose, -quelle qu'elle fût, roulait sur ses deux roues et pouvait aller à Arras. - -Il paya ce qu'on voulut, laissa le tilbury à réparer chez le charron -pour l'y retrouver à son retour, fit atteler le cheval blanc à la -carriole, y monta, et reprit la route qu'il suivait depuis le matin. - -Au moment où la carriole s'ébranla, il s'avoua qu'il avait eu l'instant -d'auparavant une certaine joie de songer qu'il n'irait point où il -allait. Il examina cette joie avec une sorte de colère et la trouva -absurde. Pourquoi de la joie à revenir en arrière? Après tout, il -faisait ce voyage librement. Personne ne l'y forçait. Et, certainement, -rien n'arriverait que ce qu'il voudrait bien. - -Comme il sortait de Hesdin, il entendit une voix qui lui criait: -arrêtez! arrêtez! Il arrêta la carriole d'un mouvement vif dans lequel -il y avait encore je ne sais quoi de fébrile et de convulsif qui -ressemblait à de l'espérance. - -C'était le petit garçon de la vieille. - ---Monsieur, dit-il, c'est moi qui vous ai procuré la carriole. - ---Eh bien! - ---Vous ne m'avez rien donné. - -Lui qui donnait à tous et si facilement, il trouva cette prétention -exorbitante et presque odieuse. - ---Ah! c'est toi, drôle? dit-il, tu n'auras rien! - -Il fouetta le cheval et repartit au grand trot. - -Il avait perdu beaucoup de temps à Hesdin, il eût voulu le rattraper. Le -petit cheval était courageux et tirait comme deux; mais on était au mois -de février, il avait plu, les routes étaient mauvaises. Et puis, ce -n'était plus le tilbury. La carriole était dure et très lourde. Avec -cela force montées. - -Il mit près de quatre heures pour aller de Hesdin à Saint-Pol. Quatre -heures pour cinq lieues. - -À Saint-Pol il détela à la première auberge venue, et fit mener le -cheval à l'écurie. Comme il l'avait promis à Scaufflaire, il se tint -près du râtelier pendant que le cheval mangeait. Il songeait à des -choses tristes et confuses. - -La femme de l'aubergiste entre dans l'écurie. - ---Est-ce que monsieur ne veut pas déjeuner? - ---Tiens, c'est vrai, dit-il, j'ai même bon appétit. Il suivit cette -femme qui avait une figure fraîche et réjouie. Elle le conduisit dans -une salle basse où il y avait des tables ayant pour nappes des toiles -cirées. - ---Dépêchez-vous, reprit-il, il faut que je reparte. Je suis pressé. - -Une grosse servante flamande mit son couvert en toute hâte. Il regardait -cette fille avec un sentiment de bien-être. - ---C'est là ce que j'avais, pensa-t-il. Je n'avais pas déjeuné. - -On le servit. Il se jeta sur le pain, mordit une bouchée, puis le reposa -lentement sur la table et n'y toucha plus. - -Un routier mangeait à une autre table. Il dit à cet homme: - ---Pourquoi leur pain est-il donc si amer? - -Le routier était allemand et n'entendit pas. - -Il retourna dans l'écurie près du cheval. - -Une heure après, il avait quitté Saint-Pol et se dirigeait vers Tinques -qui n'est qu'à cinq lieues d'Arras. - -Que faisait-il pendant ce trajet? À quoi pensait-il? Comme le matin, il -regardait passer les arbres, les toits de chaume, les champs cultivés, -et les évanouissements du paysage qui se disloque à chaque coude du -chemin. C'est là une contemplation qui suffit quelquefois à l'âme et qui -la dispense presque de penser. Voir mille objets pour la première et -pour la dernière fois, quoi de plus mélancolique et de plus profond! -Voyager, c'est naître et mourir à chaque instant. Peut-être, dans la -région la plus vague de son esprit, faisait-il des rapprochements entre -ces horizons changeants et l'existence humaine. Toutes les choses de la -vie sont perpétuellement en fuite devant nous. Les obscurcissements et -les clartés s'entremêlent: après un éblouissement, une éclipse; on -regarde, on se hâte, on tend les mains pour saisir ce qui passe; chaque -événement est un tournant de la route; et tout à coup on est vieux. On -sent comme une secousse, tout est noir, on distingue une porte obscure, -ce sombre cheval de la vie qui vous traînait s'arrête, et l'on voit -quelqu'un de voilé et d'inconnu qui le dételle dans les ténèbres. - -Le crépuscule tombait au moment où des enfants qui sortaient de l'école -regardèrent ce voyageur entrer dans Tinques. Il est vrai qu'on était -encore aux jours courts de l'année. Il ne s'arrêta pas à Tinques. Comme -il débouchait du village, un cantonnier qui empierrait la route dressa -la tête et dit: - ---Voilà un cheval bien fatigué. - -La pauvre bête en effet n'allait plus qu'au pas. - ---Est-ce que vous allez à Arras? ajouta le cantonnier. - ---Oui. - ---Si vous allez de ce train, vous n'y arriverez pas de bonne heure. - -Il arrêta le cheval et demanda au cantonnier: - ---Combien y a-t-il encore d'ici à Arras? - ---Près de sept grandes lieues. - ---Comment cela? le livre de poste ne marque que cinq lieues et un quart. - ---Ah! reprit le cantonnier, vous ne savez donc pas que la route est en -réparation? Vous allez la trouver coupée à un quart d'heure d'ici. Pas -moyen d'aller plus loin. - ---Vraiment. - ---Vous prendrez à gauche, le chemin qui va à Carency, vous passerez la -rivière; et, quand vous serez à Camblin, vous tournerez à droite; c'est -la route de Mont-Saint-Éloy qui va à Arras. - ---Mais voilà la nuit, je me perdrai. - ---Vous n'êtes pas du pays? - ---Non. - ---Avec ça, c'est tout chemins de traverse. Tenez, Monsieur, reprit le -cantonnier, voulez-vous que je vous donne un conseil? Votre cheval est -las, rentrez dans Tinques. Il y a une bonne auberge. Couchez-y. Vous -irez demain à Arras. - ---Il faut que j'y sois ce soir. - ---C'est différent. Alors allez tout de même à cette auberge et prenez-y -un cheval de renfort. Le garçon du cheval vous guidera dans la traverse. - -Il suivit le conseil du cantonnier, rebroussa chemin, et une demi-heure -après il repassait au même endroit, mais au grand trot, avec un bon -cheval de renfort. Un garçon d'écurie qui s'intitulait postillon était -assis sur le brancard de la carriole. - -Cependant il sentait qu'il perdait du temps. - -Il faisait tout à fait nuit. - -Ils s'engagèrent dans la traverse. La route devint affreuse. La carriole -tombait d'une ornière dans l'autre. Il dit au postillon: - ---Toujours au trot, et double pourboire. - -Dans un cahot le palonnier cassa. - ---Monsieur, dit le postillon, voilà le palonnier cassé, je ne sais plus -comment atteler mon cheval, cette route-ci est bien mauvaise la nuit; si -vous vouliez revenir coucher à Tinques, nous pourrions être demain matin -de bonne heure à Arras. - -Il répondit: - ---As-tu un bout de corde et un couteau? - ---Oui, monsieur. - -Il coupa une branche d'arbre et en fit un palonnier. - -Ce fut encore une perte de vingt minutes; mais ils repartirent au galop. - -La plaine était ténébreuse. Des brouillards bas, courts et noirs -rampaient sur les collines et s'en arrachaient comme des fumées. Il y -avait des lueurs blanchâtres dans les nuages. Un grand vent qui venait -de la mer faisait dans tous les coins de l'horizon le bruit de quelqu'un -qui remue des meubles. Tout ce qu'on entrevoyait avait des attitudes de -terreur. Que de choses frissonnent sous ces vastes souffles de la nuit! - -Le froid le pénétrait. Il n'avait pas mangé depuis la veille. Il se -rappelait vaguement son autre course nocturne dans la grande plaine aux -environs de Digne. Il y avait huit ans; et cela lui semblait hier. - -Une heure sonna à quelque clocher lointain. Il demanda au garçon: - ---Quelle est cette heure? - ---Sept heures, monsieur. Nous serons à Arras à huit. Nous n'avons plus -que trois lieues. En ce moment il fit pour la première fois cette -réflexion--en trouvant étrange qu'elle ne lui fût pas venue plus -tôt--que c'était peut-être inutile, toute la peine qu'il prenait; qu'il -ne savait seulement pas l'heure du procès; qu'il aurait dû au moins s'en -informer; qu'il était extravagant d'aller ainsi devant soi sans savoir -si cela servirait à quelque chose.--Puis il ébaucha quelques calculs -dans son esprit:--qu'ordinairement les séances des cours d'assises -commençaient à neuf heures du matin;--que cela ne devait pas être long, -cette affaire-là;--que le vol de pommes, ce serait très court;--qu'il -n'y aurait plus ensuite qu'une question d'identité;--quatre ou cinq -dépositions, peu de chose à dire pour les avocats;--qu'il allait -arriver lorsque tout serait fini! - -Le postillon fouettait les chevaux. Ils avaient passé la rivière et -laissé derrière eux Mont-Saint-Éloy. - -La nuit devenait de plus en plus profonde. - - - - -Chapitre VI - -La soeur Simplice mise à l'épreuve - - -Cependant, en ce moment-là même, Fantine était dans la joie. - -Elle avait passé une très mauvaise nuit. Toux affreuse, redoublement de -fièvre; elle avait eu des songes. Le matin, à la visite du médecin, elle -délirait. Il avait eu l'air alarmé et avait recommandé qu'on le prévînt -dès que M. Madeleine viendrait. - -Toute la matinée elle fut morne, parla peu, et fit des plis à ses draps -en murmurant à voix basse des calculs qui avaient l'air d'être des -calculs de distances. Ses yeux étaient caves et fixes. Ils paraissaient -presque éteints, et puis, par moments, ils se rallumaient et -resplendissaient comme des étoiles. Il semble qu'aux approches d'une -certaine heure sombre, la clarté du ciel emplisse ceux que quitte la -clarté de la terre. - -Chaque fois que la soeur Simplice lui demandait comment elle se -trouvait, elle répondait invariablement: - ---Bien. Je voudrais voir monsieur Madeleine. - -Quelques mois auparavant, à ce moment où Fantine venait de perdre sa -dernière pudeur, sa dernière honte et sa dernière joie, elle était -l'ombre d'elle-même; maintenant elle en était le spectre. Le mal -physique avait complété l'oeuvre du mal moral. Cette créature de -vingt-cinq ans avait le front ridé, les joues flasques, les narines -pincées, les dents déchaussées, le teint plombé, le cou osseux, les -clavicules saillantes, les membres chétifs, la peau terreuse, et ses -cheveux blonds poussaient mêlés de cheveux gris. Hélas! comme la maladie -improvise la vieillesse! À midi, le médecin revint, il fit quelques -prescriptions, s'informa si M. le maire avait paru à l'infirmerie, et -branla la tête. - -M. Madeleine venait d'habitude à trois heures voir la malade. Comme -l'exactitude était de la bonté, il était exact. - -Vers deux heures et demie, Fantine commença à s'agiter. Dans l'espace de -vingt minutes, elle demanda plus de dix fois à la religieuse: - ---Ma soeur, quelle heure est-il? - -Trois heures sonnèrent. Au troisième coup, Fantine se dressa sur son -séant, elle qui d'ordinaire pouvait à peine remuer dans son lit; elle -joignit dans une sorte d'étreinte convulsive ses deux mains décharnées -et jaunes, et la religieuse entendit sortir de sa poitrine un de ces -soupirs profonds qui semblent soulever un accablement. Puis Fantine se -tourna et regarda la porte. - -Personne n'entra; la porte ne s'ouvrit point. - -Elle resta ainsi un quart d'heure, l'oeil attaché sur la porte, immobile -et comme retenant son haleine. La soeur n'osait lui parler. L'église -sonna trois heures un quart. Fantine se laissa retomber sur l'oreiller. - -Elle ne dit rien et se remit à faire des plis à son drap. La demi-heure -passa, puis l'heure. Personne ne vint. - -Chaque fois que l'horloge sonnait, Fantine se dressait et regardait du -côté de la porte, puis elle retombait. - -On voyait clairement sa pensée, mais elle ne prononçait aucun nom, elle -ne se plaignait pas, elle n'accusait pas. Seulement elle toussait d'une -façon lugubre. On eût dit que quelque chose d'obscur s'abaissait sur -elle. Elle était livide et avait les lèvres bleues. Elle souriait par -moments. - -Cinq heures sonnèrent. Alors la soeur l'entendit qui disait très bas et -doucement: - ---Mais puisque je m'en vais demain, il a tort de ne pas venir -aujourd'hui! - -La soeur Simplice elle-même était surprise du retard de M. Madeleine. - -Cependant Fantine regardait le ciel de son lit. Elle avait l'air de -chercher à se rappeler quelque chose. Tout à coup elle se mit à chanter -d'une voix faible comme un souffle. La religieuse écouta. Voici ce que -Fantine chantait: - - _Nous achèterons de bien belles choses_ - _En nous promenant le long des faubourgs._ - _Les bleuets sont bleus, les roses sont roses,_ - _Les bleuets sont bleus, j'aime mes amours._ - _La vierge Marie auprès de mon poêle_ - _Est venue hier en manteau brodé,_ - _Et m'a dit:--Voici, caché sous mon voile,_ - _Le petit qu'un jour tu m'as demandé._ - _Courez à la ville, ayez de la toile,_ - _Achetez du fil, achetez un dé._ - _Nous achèterons de bien belles choses_ - _En nous promenant le long des faubourgs._ - _Bonne sainte Vierge, auprès de mon poêle_ - _J'ai mis un berceau de rubans orné_ - _Dieu me donnerait sa plus belle étoile,_ - _J'aime mieux l'enfant que tu m'as donné._ - --_Madame, que faire avec cette toile?_ - --_Faites un trousseau pour mon nouveau-né._ - _Les bleuets sont bleus, les roses sont roses,_ - _Les bleuets sont bleus, j'aime mes amours._ - --_Lavez cette toile._ - --_Où?_--_Dans la rivière._ - _Faites-en, sans rien gâter ni salir,_ - _Une belle jupe avec sa brassière_ - _Que je veux broder et de fleurs emplir._ - --_L'enfant n'est plus là, madame, qu'en faire?_ - --_Faites-en un drap pour m'ensevelir._ - _Nous achèterons de bien belles choses_ - _En nous promenant le long des faubourgs._ - _Les bleuets sont bleus, les roses sont roses,_ - _Les bleuets sont bleus, j'aime mes amours._ - -Cette chanson était une vieille romance de berceuse avec laquelle -autrefois elle endormait sa petite Cosette, et qui ne s'était pas -offerte à son esprit depuis cinq ans qu'elle n'avait plus son enfant. -Elle chantait cela d'une voix si triste et sur un air si doux que -c'était à faire pleurer, même une religieuse. La soeur, habituée aux -choses austères, sentit une larme lui venir. - -L'horloge sonna six heures. Fantine ne parut pas entendre. Elle semblait -ne plus faire attention à aucune chose autour d'elle. - -La soeur Simplice envoya une fille de service s'informer près de la -portière de la fabrique si M. le maire était rentré et s'il ne monterait -pas bientôt à l'infirmerie. La fille revint au bout de quelques minutes. - -Fantine était toujours immobile et paraissait attentive à des idées -qu'elle avait. - -La servante raconta très bas à la soeur Simplice que M. le maire était -parti le matin même avant six heures dans un petit tilbury attelé d'un -cheval blanc, par le froid qu'il faisait, qu'il était parti seul, pas -même de cocher, qu'on ne savait pas le chemin qu'il avait pris, que des -personnes disaient l'avoir vu tourner par la route d'Arras, que d'autres -assuraient l'avoir rencontré sur la route de Paris. Qu'en s'en allant il -avait été comme à l'ordinaire très doux, et qu'il avait seulement dit à -la portière qu'on ne l'attendît pas cette nuit. - -Pendant que les deux femmes, le dos tourné au lit de la Fantine, -chuchotaient, la soeur questionnant, la servante conjecturant, la -Fantine, avec cette vivacité fébrile de certaines maladies organiques -qui mêle les mouvements libres de la santé à l'effrayante maigreur de la -mort, s'était mise à genoux sur son lit, ses deux poings crispés appuyés -sur le traversin, et, la tête passée par l'intervalle des rideaux, elle -écoutait. Tout à coup elle cria: - ---Vous parlez là de monsieur Madeleine! pourquoi parlez-vous tout bas? -Qu'est-ce qu'il fait? Pourquoi ne vient-il pas? - -Sa voix était si brusque et si rauque que les deux femmes crurent -entendre une voix d'homme; elles se retournèrent effrayées. - ---Répondez donc! cria Fantine. - -La servante balbutia: - ---La portière m'a dit qu'il ne pourrait pas venir aujourd'hui. - ---Mon enfant, dit la soeur, tenez-vous tranquille, recouchez-vous. - -Fantine, sans changer d'attitude, reprit d'une voix haute et avec un -accent tout à la fois impérieux et déchirant: - ---Il ne pourra venir? Pourquoi cela? Vous savez la raison. Vous la -chuchotiez là entre vous. Je veux la savoir. - -La servante se hâta de dire à l'oreille de la religieuse: - ---Répondez qu'il est occupé au conseil municipal. - -La soeur Simplice rougit légèrement; c'était un mensonge que la servante -lui proposait. D'un autre côté il lui semblait bien que dire la vérité à -la malade ce serait sans doute lui porter un coup terrible et que cela -était grave dans l'état où était Fantine. Cette rougeur dura peu. La -soeur leva sur Fantine son oeil calme et triste, et dit: - ---Monsieur le maire est parti. - -Fantine se redressa et s'assit sur ses talons. Ses yeux étincelèrent. -Une joie inouïe rayonna sur cette physionomie douloureuse. - ---Parti! s'écria-t-elle. Il est allé chercher Cosette! - -Puis elle tendit ses deux mains vers le ciel et tout son visage devint -ineffable. Ses lèvres remuaient; elle priait à voix basse. - -Quand sa prière fut finie: - ---Ma soeur, dit-elle, je veux bien me recoucher, je vais faire tout ce -qu'on voudra; tout à l'heure j'ai été méchante, je vous demande pardon -d'avoir parlé si haut, c'est très mal de parler haut, je le sais bien, -ma bonne soeur, mais voyez-vous, je suis très contente. Le bon Dieu est -bon, monsieur Madeleine est bon, figurez-vous qu'il est allé chercher ma -petite Cosette à Montfermeil. - -Elle se recoucha, aida la religieuse à arranger l'oreiller et baisa une -petite croix d'argent qu'elle avait au cou et que la soeur Simplice lui -avait donnée. - ---Mon enfant, dit la soeur, tâchez de reposer maintenant, et ne parlez -plus. - -Fantine prit dans ses mains moites la main de la soeur, qui souffrait de -lui sentir cette sueur. - ---Il est parti ce matin pour aller à Paris. Au fait il n'a pas même -besoin de passer par Paris. Montfermeil, c'est un peu à gauche en -venant. Vous rappelez-vous comme il me disait hier quand je lui parlais -de Cosette: bientôt, bientôt? C'est une surprise qu'il veut me faire. -Vous savez? il m'avait fait signer une lettre pour la reprendre aux -Thénardier. Ils n'auront rien à dire, pas vrai? Ils rendront Cosette. -Puisqu'ils sont payés. Les autorités ne souffriraient pas qu'on garde un -enfant quand on est payé. Ma soeur, ne me faites pas signe qu'il ne faut -pas que je parle. Je suis extrêmement heureuse, je vais très bien, je -n'ai plus de mal du tout, je vais revoir Cosette, j'ai même très faim. -Il y a près de cinq ans que je ne l'ai vue. Vous ne vous figurez pas, -vous, comme cela vous tient, les enfants! Et puis elle sera si gentille, -vous verrez! Si vous saviez, elle a de si jolis petits doigts roses! -D'abord elle aura de très belles mains. À un an, elle avait des mains -ridicules. Ainsi!--Elle doit être grande à présent. Cela vous a sept -ans. C'est une demoiselle. Je l'appelle Cosette, mais elle s'appelle -Euphrasie. Tenez, ce matin, je regardais de la poussière qui était sur -la cheminée et j'avais bien l'idée comme cela que je reverrais bientôt -Cosette. Mon Dieu! comme on a tort d'être des années sans voir ses -enfants! on devrait bien réfléchir que la vie n'est pas éternelle! Oh! -comme il est bon d'être parti, monsieur le maire! C'est vrai ça, qu'il -fait bien froid? avait-il son manteau au moins? Il sera ici demain, -n'est-ce pas? Ce sera demain fête. Demain matin, ma soeur, vous me ferez -penser à mettre mon petit bonnet qui a de la dentelle. Montfermeil, -c'est un pays. J'ai fait cette route-là, à pied, dans le temps. Il y a -eu bien loin pour moi. Mais les diligences vont très vite! Il sera ici -demain avec Cosette. Combien y a-t-il d'ici Montfermeil? - -La soeur, qui n'avait aucune idée des distances, répondit: - ---Oh! je crois bien qu'il pourra être ici demain. - ---Demain! demain! dit Fantine, je verrai Cosette demain! Voyez-vous, -bonne soeur du bon Dieu, je ne suis plus malade. Je suis folle. Je -danserais, si on voulait. - -Quelqu'un qui l'eût vue un quart d'heure auparavant n'y eût rien -compris. Elle était maintenant toute rose, elle parlait d'une voix vive -et naturelle, toute sa figure n'était qu'un sourire. Par moments elle -riait en se parlant tout bas. Joie de mère, c'est presque joie d'enfant. - ---Eh bien, reprit la religieuse, vous voilà heureuse, obéissez-moi, ne -parlez plus. - -Fantine posa sa tête sur l'oreiller et dit à demi-voix: - ---Oui, recouche-toi, sois sage puisque tu vas avoir ton enfant. Elle a -raison, soeur Simplice. Tous ceux qui sont ici ont raison. - -Et puis, sans bouger, sans remuer la tête, elle se mit à regarder -partout avec ses yeux tout grands ouverts et un air joyeux, et elle ne -dit plus rien. - -La soeur referma ses rideaux, espérant qu'elle s'assoupirait. - -Entre sept et huit heures le médecin vint. N'entendant aucun bruit, il -crut que Fantine dormait, entra doucement et s'approcha du lit sur la -pointe du pied. Il entrouvrit les rideaux, et à la lueur de la veilleuse -il vit les grands yeux calmes de Fantine qui le regardaient. - -Elle lui dit: - ---Monsieur, n'est-ce pas, on me laissera la coucher à côté de moi dans -un petit lit? - -Le médecin crut qu'elle délirait. Elle ajouta: - ---Regardez plutôt, il y a juste de la place. - -Le médecin prit à part la soeur Simplice qui lui expliqua la chose, que -M. Madeleine était absent pour un jour ou deux, et que, dans le doute, -on n'avait pas cru devoir détromper la malade qui croyait monsieur le -maire parti pour Montfermeil; qu'il était possible en somme qu'elle eût -deviné juste. Le médecin approuva. - -Il se rapprocha du lit de Fantine, qui reprit: - ---C'est que, voyez-vous, le matin, quand elle s'éveillera, je lui dirai -bonjour à ce pauvre chat, et la nuit, moi qui ne dors pas, je -l'entendrai dormir. Sa petite respiration si douce, cela me fera du -bien. - ---Donnez-moi votre main, dit le médecin. - -Elle tendit son bras, et s'écria en riant. - ---Ah! tiens! au fait, c'est vrai, vous ne savez pas c'est que je suis -guérie. Cosette arrive demain. - -Le médecin fut surpris. Elle était mieux. L'oppression était moindre. Le -pouls avait repris de la force. Une sorte de vie survenue tout à coup -ranimait ce pauvre être épuisé. - ---Monsieur le docteur, reprit-elle, la soeur vous a-t-elle dit que -monsieur le maire était allé chercher le chiffon? - -Le médecin recommanda le silence et qu'on évitât toute émotion pénible. -Il prescrivit une infusion de quinquina pur, et, pour le cas où la -fièvre reprendrait dans la nuit, une potion calmante. En s'en allant, il -dit à la soeur: - ---Cela va mieux. Si le bonheur voulait qu'en effet monsieur le maire -arrivât demain avec l'enfant, qui sait? il y a des crises si étonnantes, -on a vu de grandes joies arrêter court des maladies; je sais bien que -celle-ci est une maladie organique, et bien avancée, mais c'est un tel -mystère que tout cela! Nous la sauverions peut-être. - - - - -Chapitre VII - -Le voyageur arrivé prend ses précautions pour repartir. - - -Il était près de huit heures du soir quand la carriole que nous avons -laissée en route entra sous la porte cochère de l'hôtel de la Poste -à Arras. L'homme que nous avons suivi jusqu'à ce moment en descendit, -répondit d'un air distrait aux empressements des gens de l'auberge, -renvoya le cheval de renfort, et conduisit lui-même le petit cheval -blanc à l'écurie; puis il poussa la porte d'une salle de billard qui -était au rez-de-chaussée, s'y assit, et s'accouda sur une table. Il -avait mis quatorze heures à ce trajet qu'il comptait faire en six. -Il se rendait la justice que ce n'était pas sa faute; mais au fond il -n'en était pas fâché. - -La maîtresse de l'hôtel entra. - ---Monsieur couche-t-il? monsieur soupe-t-il? - -Il fit un signe de tête négatif. - ---Le garçon d'écurie dit que le cheval de monsieur est bien fatigué! - -Ici il rompit le silence. - ---Est-ce que le cheval ne pourra pas repartir demain matin? - ---Oh! monsieur! il lui faut au moins deux jours de repos. - -Il demanda: - ---N'est-ce pas ici le bureau de poste? - ---Oui, monsieur. - -L'hôtesse le mena à ce bureau; il montra son passeport et s'informa s'il -y avait moyen de revenir cette nuit même à Montreuil-sur-mer par la -malle; la place à côté du courrier était justement vacante; il la retint -et la paya. - ---Monsieur, dit le buraliste, ne manquez pas d'être ici pour partir à -une heure précise du matin. - -Cela fait, il sortit de l'hôtel et se mit à marcher dans la ville. - -Il ne connaissait pas Arras, les rues étaient obscures, et il allait au -hasard. Cependant il semblait s'obstiner à ne pas demander son chemin -aux passants. Il traversa la petite rivière Crinchon et se trouva dans -un dédale de ruelles étroites où il se perdit. Un bourgeois cheminait -avec un falot. Après quelque hésitation, il prit le parti de s'adresser -à ce bourgeois, non sans avoir d'abord regardé devant et derrière lui, -comme s'il craignait que quelqu'un n'entendit la question qu'il allait -faire. - ---Monsieur, dit-il, le palais de justice, s'il vous plaît? - ---Vous n'êtes pas de la ville, monsieur? répondit le bourgeois qui était -un assez vieux homme, eh bien, suivez-moi. Je vais précisément du côté -du palais de justice, c'est-à-dire du côté de l'hôtel de la préfecture. -Car on répare en ce moment le palais, et provisoirement les tribunaux -ont leurs audiences à la préfecture. - ---Est-ce là, demanda-t-il, qu'on tient les assises? - ---Sans doute, monsieur. Voyez-vous, ce qui est la préfecture aujourd'hui -était l'évêché avant la révolution. Monsieur de Conzié, qui était évêque -en quatre-vingt-deux, y a fait bâtir une grande salle. C'est dans cette -grande salle qu'on juge. - -Chemin faisant, le bourgeois lui dit: - ---Si c'est un procès que monsieur veut voir, il est un peu tard. -Ordinairement les séances finissent à six heures. - -Cependant, comme ils arrivaient sur la grande place, le bourgeois lui -montra quatre longues fenêtres éclairées sur la façade d'un vaste -bâtiment ténébreux. - ---Ma foi, monsieur, vous arrivez à temps, vous avez du bonheur. -Voyez-vous ces quatre fenêtres? c'est la cour d'assises. Il y a de la -lumière. Donc ce n'est pas fini. L'affaire aura traîné en longueur et on -fait une audience du soir. Vous vous intéressez à cette affaire? Est-ce -que c'est un procès criminel? Est-ce que vous êtes témoin? - -Il répondit: - ---Je ne viens pour aucune affaire, j'ai seulement à parler à un avocat. - ---C'est différent, dit le bourgeois. Tenez, monsieur, voici la porte. Où -est le factionnaire. Vous n'aurez qu'à monter le grand escalier. - -Il se conforma aux indications du bourgeois, et, quelques minutes après, -il était dans une salle où il y avait beaucoup de monde et où des -groupes mêlés d'avocats en robe chuchotaient çà et là. - -C'est toujours une chose qui serre le coeur de voir ces attroupements -d'hommes vêtus de noir qui murmurent entre eux à voix basse sur le seuil -des chambres de justice. Il est rare que la charité et la pitié sortent -de toutes ces paroles. Ce qui en sort le plus souvent, ce sont des -condamnations faites d'avance. Tous ces groupes semblent à l'observateur -qui passe et qui rêve autant de ruches sombres où des espèces d'esprits -bourdonnants construisent en commun toutes sortes d'édifices ténébreux. - -Cette salle, spacieuse et éclairée d'une seule lampe, était une ancienne -antichambre de l'évêché et servait de salle des pas perdus. Une porte à -deux battants, fermée en ce moment, la séparait de la grande chambre où -siégeait la cour d'assises. - -L'obscurité était telle qu'il ne craignit pas de s'adresser au premier -avocat qu'il rencontra. - ---Monsieur, dit-il, où en est-on? - ---C'est fini, dit l'avocat. - ---Fini! - -Ce mot fut répété d'un tel accent que l'avocat se retourna. - ---Pardon, monsieur, vous êtes peut-être un parent? - ---Non. Je ne connais personne ici. Et y a-t-il eu condamnation? - ---Sans doute. Cela n'était guère possible autrement. - ---Aux travaux forcés?... - ---À perpétuité. - -Il reprit d'une voix tellement faible qu'on l'entendait à peine: - ---L'identité a donc été constatée? - ---Quelle identité? répondit l'avocat. Il n'y avait pas d'identité à -constater. L'affaire était simple. Cette femme avait tué son enfant, -l'infanticide a été prouvé, le jury a écarté la préméditation, on l'a -condamnée à vie. - ---C'est donc une femme? dit-il. - ---Mais sûrement. La fille Limosin. De quoi me parlez-vous donc? - ---De rien. Mais puisque c'est fini, comment se fait-il que la salle soit -encore éclairée? - ---C'est pour l'autre affaire qu'on a commencée il y a à peu près deux -heures. - ---Quelle autre affaire? - ---Oh! celle-là est claire aussi. C'est une espèce de gueux, un -récidiviste, un galérien, qui a volé. Je ne sais plus trop son nom. En -voilà un qui vous a une mine de bandit. Rien que pour avoir cette -figure-là, je l'enverrais aux galères. - ---Monsieur, demanda-t-il, y a-t-il moyen de pénétrer dans la salle? - ---Je ne crois vraiment pas. Il y a beaucoup de foule. Cependant -l'audience est suspendue. Il y a des gens qui sont sortis, et, à la -reprise de l'audience, vous pourrez essayer. - ---Par où entre-t-on? - ---Par cette grande porte. - -L'avocat le quitta. En quelques instants, il avait éprouvé, presque en -même temps, presque mêlées, toutes les émotions possibles. Les paroles -de cet indifférent lui avaient tour à tour traversé le coeur comme des -aiguilles de glace et comme des lames de feu. Quand il vit que rien -n'était terminé, il respira; mais il n'eût pu dire si ce qu'il -ressentait était du contentement ou de la douleur. - -Il s'approcha de plusieurs groupes et il écouta ce qu'on disait. Le rôle -de la session étant très chargé, le président avait indiqué pour ce même -jour deux affaires simples et courtes. On avait commencé par -l'infanticide, et maintenant on en était au forçat, au récidiviste, au -"cheval de retour". Cet homme avait volé des pommes, mais cela ne -paraissait pas bien prouvé; ce qui était prouvé, c'est qu'il avait été -déjà aux galères à Toulon. C'est ce qui faisait son affaire mauvaise. Du -reste, l'interrogatoire de l'homme était terminé et les dépositions des -témoins; mais il y avait encore les plaidoiries de l'avocat et le -réquisitoire du ministère public; cela ne devait guère finir avant -minuit. L'homme serait probablement condamné; l'avocat général était -très bon--et ne manquait pas ses accusés--c'était un garçon d'esprit qui -faisait des vers. - -Un huissier se tenait debout près de la porte qui communiquait avec la -salle des assises. Il demanda à cet huissier: - ---Monsieur, la porte va-t-elle bientôt s'ouvrir? - ---Elle ne s'ouvrira pas, dit l'huissier. - ---Comment! on ne l'ouvrira pas à la reprise de l'audience? est-ce que -l'audience n'est pas suspendue? - ---L'audience vient d'être reprise, répondit l'huissier, mais la porte ne -se rouvrira pas. - ---Pourquoi? - ---Parce que la salle est pleine. - ---Quoi? il n'y a plus une place? - ---Plus une seule. La porte est fermée. Personne ne peut plus entrer. - -L'huissier ajouta après un silence: - ---Il y a bien encore deux ou trois places derrière monsieur le -président, mais monsieur le président n'y admet que les fonctionnaires -publics. - -Cela dit, l'huissier lui tourna le dos. - -Il se retira la tête baissée, traversa l'antichambre et redescendit -l'escalier lentement, comme hésitant à chaque marche. Il est probable -qu'il tenait conseil avec lui-même. Le violent combat qui se livrait en -lui depuis la veille n'était pas fini; et, à chaque instant, il en -traversait quelque nouvelle péripétie. Arrivé sur le palier de -l'escalier, il s'adossa à la rampe et croisa les bras. Tout à coup il -ouvrit sa redingote, prit son portefeuille, en tira un crayon, déchira -une feuille, et écrivit rapidement sur cette feuille à la lueur du -réverbère cette ligne:--_M. Madeleine, maire de Montreuil-sur-mer_. -Puis il remonta l'escalier à grands pas, fendit la foule, marcha droit à -l'huissier, lui remit le papier, et lui dit avec autorité: - ---Portez ceci à monsieur le président. - -L'huissier prit le papier, y jeta un coup d'oeil et obéit. - - - - -Chapitre VIII - -Entrée de faveur - - -Sans qu'il s'en doutât, le maire de Montreuil-sur-mer avait une sorte de -célébrité. Depuis sept ans que sa réputation de vertu remplissait tout -le bas Boulonnais, elle avait fini par franchir les limites d'un petit -pays et s'était répandue dans les deux ou trois départements voisins. -Outre le service considérable qu'il avait rendu au chef-lieu en y -restaurant l'industrie des verroteries noires, il n'était pas une des -cent quarante et une communes de l'arrondissement de Montreuil-sur-mer -qui ne lui dût quelque bienfait. Il avait su même au besoin aider et -féconder les industries des autres arrondissements. C'est ainsi qu'il -avait dans l'occasion soutenu de son crédit et de ses fonds la fabrique -de tulle de Boulogne, la filature de lin à la mécanique de Frévent et la -manufacture hydraulique de toiles de Boubers-sur-Canche. Partout on -prononçait avec vénération le nom de M. Madeleine. Arras et Douai -enviaient son maire à l'heureuse petite ville de Montreuil-sur-mer. - -Le conseiller à la cour royale de Douai, qui présidait cette session des -assises à Arras, connaissait comme tout le monde ce nom si profondément -et si universellement honoré. Quand l'huissier, ouvrant discrètement la -porte qui communiquait de la chambre du conseil à l'audience, se pencha -derrière le fauteuil du président et lui remit le papier où était écrite -la ligne qu'on vient de lire, en ajoutant: _Ce monsieur désire assister -à l'audience_, le président fit un vif mouvement de déférence, saisit -une plume, écrivit quelques mots au bas du papier, et le rendit à -l'huissier en lui disant: Faites entrer. - -L'homme malheureux dont nous racontons l'histoire était resté près de la -porte de la salle à la même place et dans la même attitude où l'huissier -l'avait quitté. Il entendit, à travers sa rêverie, quelqu'un qui lui -disait: Monsieur veut-il bien me faire l'honneur de me suivre? C'était -ce même huissier qui lui avait tourné le dos l'instant d'auparavant et -qui maintenant le saluait jusqu'à terre. L'huissier en même temps lui -remit le papier. Il le déplia, et, comme il se rencontrait qu'il était -près de la lampe, il put lire: - -«Le président de la cour d'assises présente son respect à M. Madeleine.» - -Il froissa le papier entre ses mains, comme si ces quelques mots eussent -eu pour lui un arrière-goût étrange et amer. - -Il suivit l'huissier. - -Quelques minutes après, il se trouvait seul dans une espèce de cabinet -lambrissé, d'un aspect sévère, éclairé par deux bougies posées sur une -table à tapis vert. Il avait encore dans l'oreille les dernières paroles -de l'huissier qui venait de le quitter--«Monsieur, vous voici dans la -chambre du conseil; vous n'avez qu'à tourner le bouton de cuivre de -cette porte, et vous vous trouverez dans l'audience derrière le fauteuil -de monsieur le président.»--Ces paroles se mêlaient dans sa pensée à un -souvenir vague de corridors étroits et d'escaliers noirs qu'il venait de -parcourir. - -L'huissier l'avait laissé seul. Le moment suprême était arrivé. Il -cherchait à se recueillir sans pouvoir y parvenir. C'est surtout aux -heures où l'on aurait le plus besoin de les rattacher aux réalités -poignantes de la vie que tous les fils de la pensée se rompent dans le -cerveau. Il était dans l'endroit même où les juges délibèrent et -condamnent. Il regardait avec une tranquillité stupide cette chambre -paisible et redoutable où tant d'existences avaient été brisées, où son -nom allait retentir tout à l'heure, et que sa destinée traversait en ce -moment. Il regardait la muraille, puis il se regardait lui-même, -s'étonnant que ce fût cette chambre et que ce fût lui. - -Il n'avait pas mangé depuis plus de vingt-quatre heures, il était brisé -par les cahots de la carriole, mais il ne le sentait pas; il lui -semblait qu'il ne sentait rien. - -Il s'approcha d'un cadre noir qui était accroché au mur et qui contenait -sous verre une vieille lettre autographe de Jean-Nicolas Pache, maire de -Paris et ministre, datée, sans doute par erreur, du _9 juin an II_, et -dans laquelle Pache envoyait à la commune la liste des ministres et des -députés tenus en arrestation chez eux. Un témoin qui l'eût pu voir et -qui l'eût observé en cet instant eût sans doute imaginé Fantine et -Cosette. - -Tout en rêvant, il se retourna, et ses yeux rencontrèrent le bouton de -cuivre de la porte qui le séparait de la salle des assises. Il avait -presque oublié cette porte. Son regard, d'abord calme, s'y arrêta, resta -attaché à ce bouton de cuivre, puis devint effaré et fixe, et -s'empreignit peu à peu d'épouvante. Des gouttes de sueur lui sortaient -d'entre les cheveux et ruisselaient sur ses tempes. - -À un certain moment, il fit avec une sorte d'autorité mêlée de rébellion -ce geste indescriptible qui veut dire et qui dit si bien: _Pardieu! qui -est-ce qui m'y force?_ Puis il se tourna vivement, vit devant lui la -porte par laquelle il était entré, y alla, l'ouvrit, et sortit. Il -n'était plus dans cette chambre, il était dehors, dans un corridor, un -corridor long, étroit, coupé de degrés et de guichets, faisant toutes -sortes d'angles, éclairé çà et là de réverbères pareils à des veilleuses -de malades, le corridor par où il était venu. Il respira, il écouta; -aucun bruit derrière lui, aucun bruit devant lui; il se mit à fuir comme -si on le poursuivait. - -Quand il eut doublé plusieurs des coudes de ce couloir, il écouta -encore. C'était toujours le même silence et la même ombre autour de lui. -Il était essoufflé, il chancelait, il s'appuya au mur. La pierre était -froide, sa sueur était glacée sur son front, il se redressa en -frissonnant. - -Alors, là, seul, debout dans cette obscurité, tremblant de froid et -d'autre chose peut-être, il songea. - -Il avait songé toute la nuit, il avait songé toute la journée; il -n'entendait plus en lui qu'une voix qui disait: hélas! - -Un quart d'heure s'écoula ainsi. Enfin, il pencha la tête, soupira avec -angoisse, laissa pendre ses bras, et revint sur ses pas. Il marchait -lentement et comme accablé. Il semblait que quelqu'un l'eût atteint dans -sa fuite et le ramenât. - -Il rentra dans la chambre du conseil. La première chose qu'il aperçut, -ce fut la gâchette de la porte. Cette gâchette, ronde et en cuivre poli, -resplendissait pour lui comme une effroyable étoile. Il la regardait -comme une brebis regarderait l'oeil d'un tigre. - -Ses yeux ne pouvaient s'en détacher. - -De temps en temps il faisait un pas et se rapprochait de la porte. - -S'il eût écouté, il eût entendu, comme une sorte de murmure confus, le -bruit de la salle voisine; mais il n'écoutait pas, et il n'entendait -pas. - -Tout à coup, sans qu'il sût lui-même comment, il se trouva près de la -porte. Il saisit convulsivement le bouton; la porte s'ouvrit. - -Il était dans la salle d'audience. - - - - -Chapitre IX - -Un lieu où des convictions sont en train de se former - - -Il fit un pas, referma machinalement la porte derrière lui, et resta -debout, considérant ce qu'il voyait. - -C'était une assez vaste enceinte à peine éclairée, tantôt pleine de -rumeur, tantôt pleine de silence, où tout l'appareil d'un procès -criminel se développait avec sa gravité mesquine et lugubre au milieu de -la foule. - -À un bout de la salle, celui où il se trouvait, des juges à l'air -distrait, en robe usée, se rongeant les ongles ou fermant les paupières; -à l'autre bout, une foule en haillons; des avocats dans toutes sortes -d'attitudes; des soldats au visage honnête et dur; de vieilles boiseries -tachées, un plafond sale, des tables couvertes d'une serge plutôt jaune -que verte, des portes noircies par les mains; à des clous plantés dans -le lambris, des quinquets d'estaminet donnant plus de fumée que de -clarté; sur les tables, des chandelles dans des chandeliers de cuivre; -l'obscurité, la laideur, la tristesse; et de tout cela se dégageait une -impression austère et auguste, car on y sentait cette grande chose -humaine qu'on appelle la loi et cette grande chose divine qu'on appelle -la justice. - -Personne dans cette foule ne fit attention à lui. Tous les regards -convergeaient vers un point unique, un banc de bois adossé à une petite -porte, le long de la muraille, à gauche du président. Sur ce banc, que -plusieurs chandelles éclairaient, il y avait un homme entre deux -gendarmes. - -Cet homme, c'était l'homme. - -Il ne le chercha pas, il le vit. Ses yeux allèrent là naturellement, -comme s'ils avaient su d'avance où était cette figure. - -Il crut se voir lui-même, vieilli, non pas sans doute absolument -semblable de visage, mais tout pareil d'attitude et d'aspect, avec ces -cheveux hérissés, avec cette prunelle fauve et inquiète, avec cette -blouse, tel qu'il était le jour où il entrait à Digne, plein de haine et -cachant dans son âme ce hideux trésor de pensées affreuses qu'il avait -mis dix-neuf ans à ramasser sur le pavé du bagne. - -Il se dit avec un frémissement: - ---Mon Dieu! est-ce que je redeviendrai ainsi? - -Cet être paraissait au moins soixante ans. Il avait je ne sais quoi de -rude, de stupide et d'effarouché. - -Au bruit de la porte, on s'était rangé pour lui faire place, le -président avait tourné la tête, et comprenant que le personnage qui -venait d'entrer était M. le maire de Montreuil-sur-mer, il l'avait -salué. L'avocat général, qui avait vu M. Madeleine à Montreuil-sur-mer -où des opérations de son ministère l'avaient plus d'une fois appelé, le -reconnut, et salua également. Lui s'en aperçut à peine. Il était en -proie à une sorte d'hallucination; il regardait. - -Des juges, un greffier, des gendarmes, une foule de têtes cruellement -curieuses, il avait déjà vu cela une fois, autrefois, il y avait -vingt-sept ans. Ces choses funestes, il les retrouvait; elles étaient -là, elles remuaient, elles existaient. Ce n'était plus un effort de sa -mémoire, un mirage de sa pensée, c'étaient de vrais gendarmes et de -vrais juges, une vraie foule et de vrais hommes en chair et en os. C'en -était fait, il voyait reparaître et revivre autour de lui, avec tout ce -que la réalité a de formidable, les aspects monstrueux de son passé. - -Tout cela était béant devant lui. - -Il en eut horreur, il ferma les yeux, et s'écria au plus profond de son -âme: jamais! - -Et par un jeu tragique de la destinée qui faisait trembler toutes ses -idées et le rendait presque fou, c'était un autre lui-même qui était là! -Cet homme qu'on jugeait, tous l'appelaient Jean Valjean! - -Il avait sous les yeux, vision inouïe, une sorte de représentation du -moment le plus horrible de sa vie, jouée par son fantôme. - -Tout y était, c'était le même appareil, la même heure de nuit, presque -les mêmes faces de juges, de soldats et de spectateurs. Seulement, -au-dessus de la tête du président, il y avait un crucifix, chose qui -manquait aux tribunaux du temps de sa condamnation. Quand on l'avait -jugé, Dieu était absent. - -Une chaise était derrière lui; il s'y laissa tomber, terrifié de l'idée -qu'on pouvait le voir. Quand il fut assis, il profita d'une pile de -cartons qui était sur le bureau des juges pour dérober son visage à -toute la salle. Il pouvait maintenant voir sans être vu. Peu à peu il se -remit. Il rentra pleinement dans le sentiment du réel; il arriva à cette -phase de calme où l'on peut écouter. - -M. Bamatabois était au nombre des jurés. Il chercha Javert, mais il ne -le vit pas. Le banc des témoins lui était caché par la table du -greffier. Et puis, nous venons de le dire, la salle était à peine -éclairée. - -Au moment où il était entré, l'avocat de l'accusé achevait sa -plaidoirie. L'attention de tous était excitée au plus haut point; -l'affaire durait depuis trois heures. Depuis trois heures, cette foule -regardait plier peu à peu sous le poids d'une vraisemblance terrible un -homme, un inconnu, une espèce d'être misérable, profondément stupide ou -profondément habile. Cet homme, on le sait déjà, était un vagabond qui -avait été trouvé dans un champ, emportant une branche chargée de pommes -mûres, cassée à un pommier dans un clos voisin, appelé le clos Pierron. -Qui était cet homme? Une enquête avait eu lieu; des témoins venaient -d'être entendus, ils avaient été unanimes, des lumières avaient jailli -de tout le débat. L'accusation disait: - ---Nous ne tenons pas seulement un voleur de fruits, un maraudeur; nous -tenons là, dans notre main, un bandit, un relaps en rupture de ban, un -ancien forçat, un scélérat des plus dangereux, un malfaiteur appelé Jean -Valjean que la justice recherche depuis longtemps, et qui, il y a huit -ans, en sortant du bagne de Toulon, a commis un vol de grand chemin à -main armée sur la personne d'un enfant savoyard appelé Petit-Gervais, -crime prévu par l'article 383 du code pénal, pour lequel nous nous -réservons de le poursuivre ultérieurement, quand l'identité sera -judiciairement acquise. Il vient de commettre un nouveau vol. C'est un -cas de récidive. Condamnez-le pour le fait nouveau; il sera jugé plus -tard pour le fait ancien. - -Devant cette accusation, devant l'unanimité des témoins, l'accusé -paraissait surtout étonné. Il faisait des gestes et des signes qui -voulaient dire non, ou bien il considérait le plafond. Il parlait avec -peine, répondait avec embarras, mais de la tête aux pieds toute sa -personne niait. Il était comme un idiot en présence de toutes ces -intelligences rangées en bataille autour de lui, et comme un étranger au -milieu de cette société qui le saisissait. Cependant il y allait pour -lui de l'avenir le plus menaçant, la vraisemblance croissait à chaque -minute, et toute cette foule regardait avec plus d'anxiété que lui-même -cette sentence pleine de calamités qui penchait sur lui de plus en plus. -Une éventualité laissait même entrevoir, outre le bagne, la peine de -mort possible, si l'identité était reconnue et si l'affaire -Petit-Gervais se terminait plus tard par une condamnation. Qu'était-ce -que cet homme? De quelle nature était son apathie? Etait-ce imbécillité -ou ruse? Comprenait-il trop, ou ne comprenait-il pas du tout? Questions -qui divisaient la foule et semblaient partager le jury. Il y avait dans -ce procès ce qui effraye et ce qui intrigue; le drame n'était pas -seulement sombre, il était obscur. Le défenseur avait assez bien plaidé, -dans cette langue de province qui a longtemps constitué l'éloquence du -barreau et dont usaient jadis tous les avocats, aussi bien à Paris qu'à -Romorantin ou à Montbrison, et qui aujourd'hui, étant devenue classique, -n'est plus guère parlée que par les orateurs officiels du parquet, -auxquels elle convient par sa sonorité grave et son allure majestueuse; -langue où un mari s'appelle un époux, une femme, une épouse, Paris, le -centre des arts et de la civilisation, le roi, le monarque, monseigneur -l'évêque, un saint pontife, l'avocat général, l'éloquent interprète de -la vindicte, la plaidoirie, les accents qu'on vient d'entendre, le -siècle de Louis XIV, le grand siècle, un théâtre, le temple de -Melpomène, la famille régnante, l'auguste sang de nos rois, un concert, -une solennité musicale, monsieur le général commandant le département, -l'illustre guerrier qui, etc., les élèves du séminaire, ces tendres -lévites, les erreurs imputées aux journaux, l'imposture qui distille son -venin dans les colonnes de ces organes, etc., etc.--L'avocat donc avait -commencé par s'expliquer sur le vol des pommes,--chose malaisée en beau -style; mais Bénigne Bossuet lui-même a été obligé de faire allusion à -une poule en pleine oraison funèbre, et il s'en est tiré avec pompe. -L'avocat avait établi que le vol de pommes n'était pas matériellement -prouvé.--Son client, qu'en sa qualité de défenseur, il persistait à -appeler Champmathieu, n'avait été vu de personne escaladant le mur ou -cassant la branche. On l'avait arrêté nanti de cette branche (que -l'avocat appelait plus volontiers rameau); mais il disait l'avoir -trouvée à terre et ramassée. Où était la preuve du contraire?--Sans -doute cette branche avait été cassée et dérobée après escalade, puis -jetée là par le maraudeur alarmé; sans doute il y avait un voleur. Mais -qu'est-ce qui prouvait que ce voleur était Champmathieu? Une seule -chose. Sa qualité d'ancien forçat. L'avocat ne niait pas que cette -qualité ne parût malheureusement bien constatée; l'accusé avait résidé à -Faverolles; l'accusé y avait été émondeur; le nom de Champmathieu -pouvait bien avoir pour origine Jean Mathieu; tout cela était vrai; -enfin quatre témoins reconnaissaient sans hésiter et positivement -Champmathieu pour être le galérien Jean Valjean; à ces indications, à -ces témoignages, l'avocat ne pouvait opposer que la dénégation de son -client, dénégation intéressée; mais en supposant qu'il fût le forçat -Jean Valjean, cela prouvait-il qu'il fût le voleur des pommes? C'était -une présomption, tout au plus; non une preuve. L'accusé, cela était -vrai, et le défenseur «dans sa bonne foi» devait en convenir, avait -adopté «un mauvais système de défense»--Il s'obstinait à nier tout, le -vol et sa qualité de forçat. Un aveu sur ce dernier point eût mieux -valu, à coup sûr, et lui eût concilié l'indulgence de ses juges; -l'avocat le lui avait conseillé; mais l'accusé s'y était refusé -obstinément, croyant sans doute sauver tout en n'avouant rien. C'était -un tort; mais ne fallait-il pas considérer la brièveté de cette -intelligence? Cet homme était visiblement stupide. Un long malheur au -bagne, une longue misère hors du bagne, l'avaient abruti, etc., etc. Il -se défendait mal, était-ce une raison pour le condamner? Quant à -l'affaire Petit-Gervais, l'avocat n'avait pas à la discuter, elle -n'était point dans la cause. L'avocat concluait en suppliant le jury et -la cour, si l'identité de Jean Valjean leur paraissait évidente, de lui -appliquer les peines de police qui s'adressent au condamné en rupture de -ban, et non le châtiment épouvantable qui frappe le forçat récidiviste. - -L'avocat général répliqua au défenseur. Il fut violent et fleuri, comme -sont habituellement les avocats généraux. - -Il félicita le défenseur de sa «loyauté», et profita habilement de cette -loyauté. Il atteignit l'accusé par toutes les concessions que l'avocat -avait faites. L'avocat semblait accorder que l'accusé était Jean -Valjean. Il en prit acte. Cet homme était donc Jean Valjean. Ceci était -acquis à l'accusation et ne pouvait plus se contester. Ici, par une -habile antonomase, remontant aux sources et aux causes de la -criminalité, l'avocat général tonna contre l'immoralité de l'école -romantique, alors à son aurore sous le nom d'école satanique que lui -avaient décerné les critiques de l'Oriflamme et de la Quotidienne, il -attribua, non sans vraisemblance, à l'influence de cette littérature -perverse le délit de Champmathieu, ou pour mieux dire, de Jean Valjean. -Ces considérations épuisées, il passa à Jean Valjean lui-même. -Qu'était-ce que Jean Valjean? Description de Jean Valjean. Un monstre -vomi, etc. Le modèle de ces sortes de descriptions est dans le récit de -Théramène, lequel n'est pas utile à la tragédie, mais rend tous les -jours de grands services à l'éloquence judiciaire. L'auditoire et les -jurés «frémirent». La description achevée, l'avocat général reprit, dans -un mouvement oratoire fait pour exciter au plus haut point le lendemain -matin l'enthousiasme du Journal de la Préfecture: - -Et c'est un pareil homme, etc., etc., etc., vagabond, mendiant, sans -moyens d'existence, etc., etc.,--accoutumé par sa vie passée aux actions -coupables et peu corrigé par son séjour au bagne, comme le prouve le -crime commis sur Petit-Gervais, etc., etc.,--c'est un homme pareil qui, -trouvé sur la voie publique en flagrant délit de vol, à quelques pas -d'un mur escaladé, tenant encore à la main l'objet volé, nie le flagrant -délit, le vol, l'escalade, nie tout, nie jusqu'à son nom, nie jusqu'à -son identité! Outre cent autres preuves sur lesquelles nous ne revenons -pas, quatre témoins le reconnaissent, Javert, l'intègre inspecteur de -police Javert, et trois de ses anciens compagnons d'ignominie, les -forçats Brevet, Chenildieu et Cochepaille. Qu'oppose-t-il à cette -unanimité foudroyante? Il nie. Quel endurcissement! Vous ferez justice, -messieurs les jurés, etc., etc. - -Pendant que l'avocat général parlait, l'accusé écoutait, la bouche -ouverte, avec une sorte d'étonnement où il entrait bien quelque -admiration. Il était évidemment surpris qu'un homme pût parler comme -cela. De temps en temps, aux moments les plus «énergiques» du -réquisitoire, dans ces instants où l'éloquence, qui ne peut se contenir, -déborde dans un flux d'épithètes flétrissantes et enveloppe l'accusé -comme un orage, il remuait lentement la tête de droite à gauche et de -gauche à droite, sorte de protestation triste et muette dont il se -contentait depuis le commencement des débats. Deux ou trois fois les -spectateurs placés le plus près de lui l'entendirent dire à demi-voix: - ---Voilà ce que c'est, de n'avoir pas demandé à M. Baloup! - -L'avocat général fit remarquer au jury cette attitude hébétée, calculée -évidemment, qui dénotait, non l'imbécillité, mais l'adresse, la ruse, -l'habitude de tromper la justice, et qui mettait dans tout son jour «la -profonde perversité» de cet homme. Il termina en faisant ses réserves -pour l'affaire Petit-Gervais, et en réclamant une condamnation sévère. - -C'était, pour l'instant, on s'en souvient, les travaux forcés à -perpétuité. - -Le défenseur se leva, commença par complimenter «monsieur l'avocat -général» sur son «admirable parole», puis répliqua comme il put, mais il -faiblissait; le terrain évidemment se dérobait sous lui. - - - - -Chapitre X - -Le système de dénégations - - -L'instant de clore les débats était venu. Le président fit lever -l'accusé et lui adressa la question d'usage: - ---Avez-vous quelque chose à ajouter à votre défense? - -L'homme, debout, roulant dans ses mains un affreux bonnet qu'il avait, -sembla ne pas entendre. - -Le président répéta la question. - -Cette fois l'homme entendit. Il parut comprendre, il fit le mouvement de -quelqu'un qui se réveille, promena ses yeux autour de lui, regarda le -public, les gendarmes, son avocat, les jurés, la cour, posa son poing -monstrueux sur le rebord de la boiserie placée devant son banc, regarda -encore, et tout à coup, fixant sont regard sur l'avocat général, il se -mit à parler. Ce fut comme une éruption. Il sembla, à la façon dont les -paroles s'échappaient de sa bouche, incohérentes, impétueuses, heurtées, -pêle-mêle, qu'elles s'y pressaient toutes à la fois pour sortir en même -temps. Il dit: - ---J'ai à dire ça. Que j'ai été charron à Paris, même que c'était chez -monsieur Baloup. C'est un état dur. Dans la chose de charron, on -travaille toujours en plein air, dans des cours, sous des hangars chez -les bons maîtres, jamais dans des ateliers fermés, parce qu'il faut des -espaces, voyez-vous. L'hiver, on a si froid qu'on se bat les bras pour -se réchauffer; mais les maîtres ne veulent pas, ils disent que cela perd -du temps. Manier du fer quand il y a de la glace entre les pavés, c'est -rude. Ça vous use vite un homme. On est vieux tout jeune dans cet -état-là. À quarante ans, un homme est fini. Moi, j'en avais -cinquante-trois, j'avais bien du mal. Et puis c'est si méchant les -ouvriers! Quand un bonhomme n'est plus jeune, on vous l'appelle pour -tout vieux serin, vieille bête! Je ne gagnais plus que trente sous par -jour, on me payait le moins cher qu'on pouvait, les maîtres profitaient -de mon âge. Avec ça, j'avais ma fille qui était blanchisseuse à la -rivière. Elle gagnait un peu de son côté. À nous deux, cela allait. Elle -avait de la peine aussi. Toute la journée dans un baquet jusqu'à -mi-corps, à la pluie, à la neige, avec le vent qui vous coupe la figure; -quand il gèle, c'est tout de même, il faut laver; il y a des personnes -qui n'ont pas beaucoup de linge et qui attendent après; si on ne lavait -pas, on perdrait des pratiques. Les planches sont mal jointes et il vous -tombe des gouttes d'eau partout. On a ses jupes toutes mouillées, dessus -et dessous. Ça pénètre. Elle a aussi travaillé au lavoir des -Enfants-Rouges, où l'eau arrive par des robinets. On n'est pas dans le -baquet. On lave devant soi au robinet et on rince derrière soi dans le -bassin. Comme c'est fermé, on a moins froid au corps. Mais il y a une -buée d'eau chaude qui est terrible et qui vous perd les yeux. Elle -revenait à sept heures du soir, et se couchait bien vite; elle était si -fatiguée. Son mari la battait. Elle est morte. Nous n'avons pas été bien -heureux. C'était une brave fille qui n'allait pas au bal, qui était bien -tranquille. Je me rappelle un mardi gras où elle était couchée à huit -heures. Voilà. Je dis vrai. Vous n'avez qu'à demander. Ah, bien oui, -demander! que je suis bête! Paris, c'est un gouffre. Qui est-ce qui -connaît le père Champmathieu? Pourtant je vous dis monsieur Baloup. -Voyez chez monsieur Baloup. Après ça, je ne sais pas ce qu'on me veut. - -L'homme se tut, et resta debout. Il avait dit ces choses d'une voix -haute, rapide, rauque, dure et enrouée, avec une sorte de naïveté -irritée et sauvage. Une fois il s'était interrompu pour saluer quelqu'un -dans la foule. Les espèces d'affirmations qu'il semblait jeter au hasard -devant lui, lui venaient comme des hoquets, et il ajoutait à chacune -d'elles le geste d'un bûcheron qui fend du bois. Quand il eut fini, -l'auditoire éclata de rire. Il regarda le public, et voyant qu'on riait, -et ne comprenant pas, il se mit à rire lui-même. - -Cela était sinistre. - -Le président, homme attentif et bienveillant, éleva la voix. - -Il rappela à «messieurs les jurés» que «le sieur Baloup, l'ancien maître -charron chez lequel l'accusé disait avoir servi, avait été inutilement -cité. Il était en faillite, et n'avait pu être retrouvé.» Puis se -tournant vers l'accusé, il l'engagea à écouter ce qu'il allait lui dire -et ajouta: - ---Vous êtes dans une situation où il faut réfléchir. Les présomptions -les plus graves pèsent sur vous et peuvent entraîner des conséquences -capitales. Accusé, dans votre intérêt, je vous interpelle une dernière -fois, expliquez-vous clairement sur ces deux faits:--Premièrement, -avez-vous, oui ou non, franchi le mur du clos Pierron, cassé la branche -et volé les pommes, c'est-à-dire commis le crime de vol avec escalade? -Deuxièmement, oui ou non, êtes-vous le forçat libéré Jean Valjean? - -L'accusé secoua la tête d'un air capable, comme un homme qui a bien -compris et qui sait ce qu'il va répondre. Il ouvrit la bouche, se tourna -vers le président et dit: - ---D'abord.... - -Puis il regarda son bonnet, il regarda le plafond, et se tut. - ---Accusé, reprit l'avocat général d'une voix sévère, faites attention. -Vous ne répondez à rien de ce qu'on vous demande. Votre trouble vous -condamne. Il est évident que vous ne vous appelez pas Champmathieu, que -vous êtes le forçat Jean Valjean caché d'abord sous le nom de Jean -Mathieu qui était le nom de sa mère, que vous êtes allé en Auvergne, que -vous êtes né à Faverolles où vous avez été émondeur. Il est évident que -vous avez volé avec escalade des pommes mûres dans le clos Pierron. -Messieurs les jurés apprécieront. - -L'accusé avait fini par se rasseoir; il se leva brusquement quand -l'avocat général eut fini, et s'écria: - ---Vous êtes très méchant, vous! Voilà ce que je voulais dire. Je ne -trouvais pas d'abord. Je n'ai rien volé. Je suis un homme qui ne mange -pas tous les jours. Je venais d'Ailly, je marchais dans le pays après -une ondée qui avait fait la campagne toute jaune, même que les mares -débordaient et qu'il ne sortait plus des sables que de petits brins -d'herbe au bord de la route, j'ai trouvé une branche cassée par terre où -il y avait des pommes, j'ai ramassé la branche sans savoir qu'elle me -ferait arriver de la peine. Il y a trois mois que je suis en prison et -qu'on me trimballe. Après ça, je ne peux pas dire, on parle contre moi, -on me dit: répondez! le gendarme, qui est bon enfant, me pousse le coude -et me dit tout bas: réponds donc. Je ne sais pas expliquer, moi, je n'ai -pas fait les études, je suis un pauvre homme. Voilà ce qu'on a tort de -ne pas voir. Je n'ai pas volé, j'ai ramassé par terre des choses qu'il y -avait. Vous dites Jean Valjean, Jean Mathieu! Je ne connais pas ces -personnes-là. C'est des villageois. J'ai travaillé chez monsieur Baloup, -boulevard de l'Hôpital. Je m'appelle Champmathieu. Vous êtes bien malins -de me dire où je suis né. Moi, je l'ignore. Tout le monde n'a pas des -maisons pour y venir au monde. Ce serait trop commode. Je crois que mon -père et ma mère étaient des gens qui allaient sur les routes. Je ne sais -pas d'ailleurs. Quand j'étais enfant, on m'appelait Petit, maintenant, -on m'appelle Vieux. Voilà mes noms de baptême. Prenez ça comme vous -voudrez. J'ai été en Auvergne, j'ai été à Faverolles, pardi! Eh bien? -est-ce qu'on ne peut pas avoir été en Auvergne et avoir été à Faverolles -sans avoir été aux galères? Je vous dis que je n'ai pas volé, et que je -suis le père Champmathieu. J'ai été chez monsieur Baloup, j'ai été -domicilié. Vous m'ennuyez avec vos bêtises à la fin! Pourquoi donc -est-ce que le monde est après moi comme des acharnés! - -L'avocat général était demeuré debout; il s'adressa au président: - ---Monsieur le président, en présence des dénégations confuses, mais fort -habiles de l'accusé, qui voudrait bien se faire passer pour idiot, mais -qui n'y parviendra pas--nous l'en prévenons--nous requérons qu'il vous -plaise et qu'il plaise à la cour appeler de nouveau dans cette enceinte -les condamnés Brevet, Cochepaille et Chenildieu et l'inspecteur de -police Javert, et les interpeller une dernière fois sur l'identité de -l'accusé avec le forçat Jean Valjean. - ---Je fais remarquer à monsieur l'avocat général, dit le président, que -l'inspecteur de police Javert, rappelé par ses fonctions au chef-lieu -d'un arrondissement voisin, a quitté l'audience et même la ville, -aussitôt sa déposition faite. Nous lui en avons accordé l'autorisation, -avec l'agrément de monsieur l'avocat général et du défenseur de -l'accusé. - ---C'est juste, monsieur le président, reprit l'avocat général. En -l'absence du sieur Javert, je crois devoir rappeler à messieurs les -jurés ce qu'il a dit ici-même, il y a peu d'heures. Javert est un homme -estimé qui honore par sa rigoureuse et stricte probité des fonctions -inférieures, mais importantes. Voici en quels termes il a déposé:--«Je -n'ai pas même besoin des présomptions morales et des preuves matérielles -qui démentent les dénégations de l'accusé. Je le reconnais parfaitement. -Cet homme ne s'appelle pas Champmathieu; c'est un ancien forçat très -méchant et très redouté nommé Jean Valjean. On ne l'a libéré à -l'expiration de sa peine qu'avec un extrême regret. Il a subi dix-neuf -ans de travaux forcés pour vol qualifié. Il avait cinq ou six fois tenté -de s'évader. Outre le vol Petit-Gervais et le vol Pierron, je le -soupçonne encore d'un vol commis chez sa grandeur le défunt évêque de -Digne. Je l'ai souvent vu, à l'époque où j'étais adjudant garde-chiourme -au bagne de Toulon. Je répète que je le reconnais parfaitement.» Cette -déclaration si précise parut produire une vive impression sur le public -et le jury. L'avocat général termina en insistant pour qu'à défaut de -Javert, les trois témoins Brevet, Chenildieu et Cochepaille fussent -entendus de nouveau et interpellés solennellement. - -Le président transmit un ordre à un huissier, et un moment après la -porte de la chambre des témoins s'ouvrit. L'huissier, accompagné d'un -gendarme prêt à lui prêter main-forte, introduisit le condamné Brevet. -L'auditoire était en suspens et toutes les poitrines palpitaient comme -si elles n'eussent eu qu'une seule âme. - -L'ancien forçat Brevet portait la veste noire et grise des maisons -centrales. Brevet était un personnage d'une soixantaine d'années qui -avait une espèce de figure d'homme d'affaires et l'air d'un coquin. Cela -va quelquefois ensemble. Il était devenu, dans la prison où de nouveaux -méfaits l'avaient ramené, quelque chose comme guichetier. C'était un -homme dont les chefs disaient: Il cherche à se rendre utile. Les -aumôniers portaient bon témoignage de ses habitudes religieuses. Il ne -faut pas oublier que ceci se passait sous la restauration. - ---Brevet, dit le président, vous avez subi une condamnation infamante et -vous ne pouvez prêter serment.... - -Brevet baissa les yeux. - ---Cependant, reprit le président, même dans l'homme que la loi a -dégradé, il peut rester, quand la pitié divine le permet, un sentiment -d'honneur et d'équité. C'est à ce sentiment que je fais appel à cette -heure décisive. S'il existe encore en vous, et je l'espère, réfléchissez -avant de me répondre, considérez d'une part cet homme qu'un mot de vous -peut perdre, d'autre part la justice qu'un mot de vous peut éclairer. -L'instant est solennel, et il est toujours temps de vous rétracter, si -vous croyez vous être trompé.--Accusé, levez-vous. - ---Brevet, regardez bien l'accusé, recueillez vos souvenirs, et -dites-nous, en votre âme et conscience, si vous persistez à reconnaître -cet homme pour votre ancien camarade de bagne Jean Valjean. - -Brevet regarda l'accusé, puis se retourna vers la cour. - ---Oui, monsieur le président. C'est moi qui l'ai reconnu le premier et -je persiste. Cet homme est Jean Valjean. Entré à Toulon en 1796 et sorti -en 1815. Je suis sorti l'an d'après. Il a l'air d'une brute maintenant, -alors ce serait que l'âge l'a abruti; au bagne il était sournois. Je le -reconnais positivement. - ---Allez vous asseoir, dit le président. Accusé, restez debout. - -On introduisit Chenildieu, forçat à vie, comme l'indiquaient sa casaque -rouge et son bonnet vert. Il subissait sa peine au bagne de Toulon, d'où -on l'avait extrait pour cette affaire. C'était un petit homme d'environ -cinquante ans, vif, ridé, chétif, jaune, effronté, fiévreux, qui avait -dans tous ses membres et dans toute sa personne une sorte de faiblesse -maladive et dans le regard une force immense. Ses compagnons du bagne -l'avaient surnommé Je-nie-Dieu. - -Le président lui adressa à peu près les mêmes paroles qu'à Brevet. Au -moment où il lui rappela que son infamie lui ôtait le droit de prêter -serment, Chenildieu leva la tête et regarda la foule en face. Le -président l'invita à se recueillir et lui demanda, comme à Brevet, s'il -persistait à reconnaître l'accusé. - -Chenildieu éclata de rire. - ---Pardine! si je le reconnais! nous avons été cinq ans attachés à la -même chaîne. Tu boudes donc, mon vieux? - ---Allez vous asseoir, dit le président. - -L'huissier amena Cochepaille. Cet autre condamné à perpétuité, venu du -bagne et vêtu de rouge comme Chenildieu, était un paysan de Lourdes et -un demi-ours des Pyrénées. Il avait gardé des troupeaux dans la -montagne, et de pâtre il avait glissé brigand. Cochepaille n'était pas -moins sauvage et paraissait plus stupide encore que l'accusé. C'était un -de ces malheureux hommes que la nature a ébauchés en bêtes fauves et que -la société termine en galériens. - -Le président essaya de le remuer par quelques paroles pathétiques et -graves et lui demanda, comme aux deux autres, s'il persistait, sans -hésitation et sans trouble, à reconnaître l'homme debout devant lui. - ---C'est Jean Valjean, dit Cochepaille. Même qu'on l'appelait -Jean-le-Cric, tant il était fort. - -Chacune des affirmations de ces trois hommes, évidemment sincères et de -bonne foi, avait soulevé dans l'auditoire un murmure de fâcheux augure -pour l'accusé, murmure qui croissait et se prolongeait plus longtemps -chaque fois qu'une déclaration nouvelle venait s'ajouter à la -précédente. L'accusé, lui, les avait écoutées avec ce visage étonné qui, -selon l'accusation, était son principal moyen de défense. À la première, -les gendarmes ses voisins l'avaient entendu grommeler entre ses dents: -Ah bien! en voilà un! Après la seconde il dit un peu plus haut, d'un air -presque satisfait: Bon! À la troisième il s'écria: Fameux! - -Le président l'interpella. - ---Accusé, vous avez entendu. Qu'avez-vous à dire? - -Il répondit: - ---Je dis--Fameux! - -Une rumeur éclata dans le public et gagna presque le jury. Il était -évident que l'homme était perdu. - ---Huissiers, dit le président, faites faire silence. Je vais clore les -débats. - -En ce moment un mouvement se fit tout à côté du président. On entendit -une voix qui criait: - ---Brevet, Chenildieu, Cochepaille! regardez de ce côté-ci. - -Tous ceux qui entendirent cette voix se sentirent glacés, tant elle -était lamentable et terrible. Les yeux se tournèrent vers le point d'où -elle venait. Un homme, placé parmi les spectateurs privilégiés qui -étaient assis derrière la cour, venait de se lever, avait poussé la -porte à hauteur d'appui qui séparait le tribunal du prétoire, et était -debout au milieu de la salle. Le président, l'avocat général, M. -Bamatabois, vingt personnes, le reconnurent, et s'écrièrent à la fois: - ---Monsieur Madeleine! - - - - -Chapitre XI - -Champmathieu de plus en plus étonné - - -C'était lui en effet. La lampe du greffier éclairait son visage. Il -tenait son chapeau à la main, il n'y avait aucun désordre dans ses -vêtements, sa redingote était boutonnée avec soin. Il était très pâle et -il tremblait légèrement. Ses cheveux, gris encore au moment de son -arrivée à Arras, étaient maintenant tout à fait blancs. Ils avaient -blanchi depuis une heure qu'il était là. - -Toutes les têtes se dressèrent. La sensation fut indescriptible. Il y -eut dans l'auditoire un instant d'hésitation. La voix avait été si -poignante, l'homme qui était là paraissait si calme, qu'au premier abord -on ne comprit pas. On se demanda qui avait crié. On ne pouvait croire -que ce fût cet homme tranquille qui eût jeté ce cri effrayant. - -Cette indécision ne dura que quelques secondes. Avant même que le -président et l'avocat général eussent pu dire un mot, avant que les -gendarmes et les huissiers eussent pu faire un geste, l'homme que tous -appelaient encore en ce moment M. Madeleine s'était avancé vers les -témoins Cochepaille, Brevet et Chenildieu. - ---Vous ne me reconnaissez pas? dit-il. - -Tous trois demeurèrent interdits et indiquèrent par un signe de tête -qu'ils ne le connaissaient point. Cochepaille intimidé fit le salut -militaire. M. Madeleine se tourna vers les jurés et vers la cour et dit -d'une voix douce: - ---Messieurs les jurés, faites relâcher l'accusé. Monsieur le président, -faites-moi arrêter. L'homme que vous cherchez, ce n'est pas lui, c'est -moi. Je suis Jean Valjean. Pas une bouche ne respirait. À la première -commotion de l'étonnement avait succédé un silence de sépulcre. On -sentait dans la salle cette espèce de terreur religieuse qui saisit la -foule lorsque quelque chose de grand s'accomplit. - -Cependant le visage du président s'était empreint de sympathie et de -tristesse; il avait échangé un signe rapide avec l'avocat et quelques -paroles à voix basse avec les conseillers assesseurs. Il s'adressa au -public, et demanda avec un accent qui fut compris de tous: - ---Y a-t-il un médecin ici? - -L'avocat général prit la parole: - ---Messieurs les jurés, l'incident si étrange et si inattendu qui trouble -l'audience ne nous inspire, ainsi qu'à vous, qu'un sentiment que nous -n'avons pas besoin d'exprimer. Vous connaissez tous, au moins de -réputation, l'honorable M. Madeleine, maire de Montreuil-sur-mer. S'il y -a un médecin dans l'auditoire, nous nous joignons à monsieur le -président pour le prier de vouloir bien assister monsieur Madeleine et -le reconduire à sa demeure. - -M. Madeleine ne laissa point achever l'avocat général. - -Il l'interrompit d'un accent plein de mansuétude et d'autorité. Voici -les paroles qu'il prononça; les voici littéralement, telles qu'elles -furent écrites immédiatement après l'audience par un des témoins de -cette scène; telles qu'elles sont encore dans l'oreille de ceux qui les -ont entendues, il y a près de quarante ans aujourd'hui. - ---Je vous remercie, monsieur l'avocat général, mais je ne suis pas fou. -Vous allez voir. Vous étiez sur le point de commettre une grande erreur, -lâchez cet homme, j'accomplis un devoir, je suis ce malheureux condamné. -Je suis le seul qui voie clair ici, et je vous dis la vérité. Ce que je -fais en ce moment, Dieu, qui est là-haut, le regarde, et cela suffit. -Vous pouvez me prendre, puisque me voilà. J'avais pourtant fait de mon -mieux. Je me suis caché sous un nom; je suis devenu riche, je suis -devenu maire; j'ai voulu rentrer parmi les honnêtes gens. Il paraît que -cela ne se peut pas. Enfin, il y a bien des choses que je ne puis pas -dire, je ne vais pas vous raconter ma vie, un jour on saura. J'ai volé -monseigneur l'évêque, cela est vrai; j'ai volé Petit-Gervais, cela est -vrai. On a eu raison de vous dire que Jean Valjean était un malheureux -très méchant. Toute la faute n'est peut-être pas à lui. Écoutez, -messieurs les juges, un homme aussi abaissé que moi n'a pas de -remontrance à faire à la providence ni de conseil à donner à la société; -mais, voyez-vous, l'infamie d'où j'avais essayé de sortir est une chose -nuisible. Les galères font le galérien. Recueillez cela, si vous voulez. - -Avant le bagne, j'étais un pauvre paysan très peu intelligent, une -espèce d'idiot; le bagne m'a changé. J'étais stupide, je suis devenu -méchant; j'étais bûche, je suis devenu tison. Plus tard l'indulgence et -la bonté m'ont sauvé, comme la sévérité m'avait perdu. Mais, pardon, -vous ne pouvez pas comprendre ce que je dis là. Vous trouverez chez moi, -dans les cendres de la cheminée, la pièce de quarante sous que j'ai -volée il y a sept ans à Petit-Gervais. Je n'ai plus rien à ajouter. -Prenez-moi. Mon Dieu! monsieur l'avocat général remue la tête, vous -dites: M. Madeleine est devenu fou, vous ne me croyez pas! Voilà qui est -affligeant. N'allez point condamner cet homme au moins! Quoi! ceux-ci ne -me reconnaissent pas! Je voudrais que Javert fût ici. Il me -reconnaîtrait, lui! - -Rien ne pourrait rendre ce qu'il y avait de mélancolie bienveillante et -sombre dans l'accent qui accompagnait ces paroles. - -Il se tourna vers les trois forçats: - ---Eh bien, je vous reconnais, moi! Brevet! vous rappelez-vous?... - -Il s'interrompit, hésita un moment, et dit: - ---Te rappelles-tu ces bretelles en tricot à damier que tu avais au -bagne? - -Brevet eut comme une secousse de surprise et le regarda de la tête aux -pieds d'un air effrayé. Lui continua: - ---Chenildieu, qui te surnommais toi-même Je-nie-Dieu, tu as toute -l'épaule droite brûlée profondément, parce que tu t'es couché un jour -l'épaule sur un réchaud plein de braise, pour effacer les trois lettres -T. F. P., qu'on y voit toujours cependant. Réponds, est-ce vrai? - ---C'est vrai, dit Chenildieu. - -Il s'adressa à Cochepaille: - ---Cochepaille, tu as près de la saignée du bras gauche une date gravée -en lettres bleues avec de la poudre brûlée. Cette date, c'est celle du -débarquement de l'empereur à Cannes, _1er mars 1815_. Relève ta manche. - -Cochepaille releva sa manche, tous les regards se penchèrent autour de -lui sur son bras nu. Un gendarme approcha une lampe; la date y était. - -Le malheureux homme se tourna vers l'auditoire et vers les juges avec un -sourire dont ceux qui l'ont vu sont encore navrés lorsqu'ils y songent. -C'était le sourire du triomphe, c'était aussi le sourire du désespoir. - ---Vous voyez bien, dit-il, que je suis Jean Valjean. - -Il n'y avait plus dans cette enceinte ni juges, ni accusateurs, ni -gendarmes; il n'y avait que des yeux fixes et des coeurs émus. Personne -ne se rappelait plus le rôle que chacun pouvait avoir à jouer; l'avocat -général oubliait qu'il était là pour requérir, le président qu'il était -là pour présider, le défenseur qu'il était là pour défendre. Chose -frappante, aucune question ne fut faite, aucune autorité n'intervint. Le -propre des spectacles sublimes, c'est de prendre toutes les âmes et de -faire de tous les témoins des spectateurs. Aucun peut-être ne se rendait -compte de ce qu'il éprouvait; aucun, sans doute, ne se disait qu'il -voyait resplendir là une grande lumière; tous intérieurement se -sentaient éblouis. - -Il était évident qu'on avait sous les yeux Jean Valjean. Cela rayonnait. -L'apparition de cet homme avait suffi pour remplir de clarté cette -aventure si obscure le moment d'auparavant. Sans qu'il fût besoin -d'aucune explication désormais, toute cette foule, comme par une sorte -de révélation électrique, comprit tout de suite et d'un seul coup d'oeil -cette simple et magnifique histoire d'un homme qui se livrait pour qu'un -autre homme ne fût pas condamné à sa place. Les détails, les -hésitations, les petites résistances possibles se perdirent dans ce -vaste fait lumineux. - -Impression qui passa vite, mais qui dans l'instant fut irrésistible. - ---Je ne veux pas déranger davantage l'audience, reprit Jean Valjean. Je -m'en vais, puisqu'on ne m'arrête pas. J'ai plusieurs choses à faire. -Monsieur l'avocat général sait qui je suis, il sait où je vais, il me -fera arrêter quand il voudra. - -Il se dirigea vers la porte de sortie. Pas une voix ne s'éleva, pas un -bras ne s'étendit pour l'empêcher. Tous s'écartèrent. Il avait en ce -moment ce je ne sais quoi de divin qui fait que les multitudes reculent -et se rangent devant un homme. Il traversa la foule à pas lents. On n'a -jamais su qui ouvrit la porte, mais il est certain que la porte se -trouva ouverte lorsqu'il y parvint. Arrivé là, il se retourna et dit: - ---Monsieur l'avocat général, je reste à votre disposition. - -Puis il s'adressa à l'auditoire: - ---Vous tous, tous ceux qui sont ici, vous me trouvez digne de pitié, -n'est-ce pas? Mon Dieu! quand je pense à ce que j'ai été sur le point de -faire, je me trouve digne d'envie. Cependant j'aurais mieux aimé que -tout ceci n'arrivât pas. - -Il sortit, et la porte se referma comme elle avait été ouverte, car ceux -qui font de certaines choses souveraines sont toujours sûrs d'être -servis par quelqu'un dans la foule. - -Moins d'une heure après, le verdict du jury déchargeait de toute -accusation le nommé Champmathieu; et Champmathieu, mis en liberté -immédiatement, s'en allait stupéfait, croyant tous les hommes fous et ne -comprenant rien à cette vision. - - - - -Livre huitième--Contre-coup - - - - -Chapitre I - -Dans quel miroir M. Madeleine regarde ses cheveux - - -Le jour commençait à poindre. Fantine avait eu une nuit de fièvre et -d'insomnie, pleine d'ailleurs d'images heureuses; au matin, elle -s'endormit. La soeur Simplice qui l'avait veillée profita de ce sommeil -pour aller préparer une nouvelle potion de quinquina. La digne soeur -était depuis quelques instants dans le laboratoire de l'infirmerie, -penchée sur ses drogues et sur ses fioles et regardant de très près à -cause de cette brume que le crépuscule répand sur les objets. Tout à -coup elle tourna la tête et fit un léger cri. M. Madeleine était devant -elle. Il venait d'entrer silencieusement. - ---C'est vous, monsieur le maire! s'écria-t-elle. - -Il répondit, à voix basse: - ---Comment va cette pauvre femme? - ---Pas mal en ce moment. Mais nous avons été bien inquiets, allez! - -Elle lui expliqua ce qui s'était passé, que Fantine était bien mal la -veille et que maintenant elle était mieux, parce qu'elle croyait que -monsieur le maire était allé chercher son enfant à Montfermeil. La soeur -n'osa pas interroger monsieur le maire, mais elle vit bien à son air que -ce n'était point de là qu'il venait. - ---Tout cela est bien, dit-il, vous avez eu raison de ne pas la -détromper. - ---Oui, reprit la soeur, mais maintenant, monsieur le maire, qu'elle va -vous voir et qu'elle ne verra pas son enfant, que lui dirons-nous? - -Il resta un moment rêveur. - ---Dieu nous inspirera, dit-il. - ---On ne pourrait cependant pas mentir, murmura la soeur à demi-voix. - -Le plein jour s'était fait dans la chambre. Il éclairait en face le -visage de M. Madeleine. Le hasard fit que la soeur leva les yeux. - ---Mon Dieu, monsieur! s'écria-t-elle, que vous est-il donc arrivé? vos -cheveux sont tout blancs! - ---Blancs! dit-il. - -La soeur Simplice n'avait point de miroir; elle fouilla dans une trousse -et en tira une petite glace dont se servait le médecin de l'infirmerie -pour constater qu'un malade était mort et ne respirait plus. M. -Madeleine prit la glace, y considéra ses cheveux, et dit: - ---Tiens! - -Il prononça ce mot avec indifférence et comme s'il pensait à autre -chose. - -La soeur se sentit glacée par je ne sais quoi d'inconnu qu'elle -entrevoyait dans tout ceci. - -Il demanda: - ---Puis-je la voir? - ---Est-ce que monsieur le maire ne lui fera pas revenir son enfant? dit -la soeur, osant à peine hasarder une question. - ---Sans doute, mais il faut au moins deux ou trois jours. - ---Si elle ne voyait pas monsieur le maire d'ici là, reprit timidement la -soeur, elle ne saurait pas que monsieur le maire est de retour, il -serait aisé de lui faire prendre patience, et quand l'enfant arriverait -elle penserait tout naturellement que monsieur le maire est arrivé avec -l'enfant. On n'aurait pas de mensonge à faire. - -M. Madeleine parut réfléchir quelques instants, puis il dit avec sa -gravité calme: - ---Non, ma soeur, il faut que je la voie. Je suis peut-être pressé. - -La religieuse ne sembla pas remarquer ce mot «peut-être», qui donnait un -sens obscur et singulier aux paroles de M. le maire. Elle répondit en -baissant les yeux et la voix respectueusement: - ---En ce cas, elle repose, mais monsieur le maire peut entrer. - -Il fit quelques observations sur une porte qui fermait mal, et dont le -bruit pouvait réveiller la malade, puis il entra dans la chambre de -Fantine, s'approcha du lit et entrouvrit les rideaux. Elle dormait. Son -souffle sortait de sa poitrine avec ce bruit tragique qui est propre à -ces maladies, et qui navre les pauvres mères lorsqu'elles veillent la -nuit près de leur enfant condamné et endormi. Mais cette respiration -pénible troublait à peine une sorte de sérénité ineffable, répandue sur -son visage, qui la transfigurait dans son sommeil. Sa pâleur était -devenue de la blancheur; ses joues étaient vermeilles. Ses longs cils -blonds, la seule beauté qui lui fût restée de sa virginité et de sa -jeunesse, palpitaient tout en demeurant clos et baissés. Toute sa -personne tremblait de je ne sais quel déploiement d'ailes prêtes à -s'entrouvrir et à l'emporter, qu'on sentait frémir, mais qu'on ne voyait -pas. À la voir ainsi, on n'eût jamais pu croire que c'était là une -malade presque désespérée. Elle ressemblait plutôt à ce qui va s'envoler -qu'à ce qui va mourir. - -La branche, lorsqu'une main s'approche pour détacher la fleur, -frissonne, et semble à la fois se dérober et s'offrir. Le corps humain a -quelque chose de ce tressaillement, quand arrive l'instant où les doigts -mystérieux de la mort vont cueillir l'âme. - -M. Madeleine resta quelque temps immobile près de ce lit, regardant tour -à tour la malade et le crucifix, comme il faisait deux mois auparavant, -le jour où il était venu pour la première fois la voir dans cet asile. -Ils étaient encore là tous les deux dans la même attitude, elle dormant, -lui priant; seulement maintenant, depuis ces deux mois écoulés, elle -avait des cheveux gris et lui des cheveux blancs. - -La soeur n'était pas entrée avec lui. Il se tenait près de ce lit, -debout, le doigt sur la bouche, comme s'il y eût eu dans la chambre -quelqu'un à faire taire. - -Elle ouvrit les yeux, le vit, et dit paisiblement, avec un sourire: - ---Et Cosette? - - - - -Chapitre II - -Fantine heureuse - - -Elle n'eut pas un mouvement de surprise, ni un mouvement de joie; elle -était la joie même. Cette simple question: «Et Cosette?» fut faite avec -une foi si profonde, avec tant de certitude, avec une absence si -complète d'inquiétude et de doute, qu'il ne trouva pas une parole. Elle -continua: - ---Je savais que vous étiez là. Je dormais, mais je vous voyais. Il y a -longtemps que je vous vois. Je vous ai suivi des yeux toute la nuit. -Vous étiez dans une gloire et vous aviez autour de vous toutes sortes de -figures célestes. - -Il leva son regard vers le crucifix. - ---Mais, reprit-elle, dites-moi donc où est Cosette? Pourquoi ne l'avoir -pas mise sur mon lit pour le moment où je m'éveillerais? - -Il répondit machinalement quelque chose qu'il n'a jamais pu se rappeler -plus tard. - -Heureusement le médecin, averti, était survenu. Il vint en aide à M. -Madeleine. - ---Mon enfant, dit le médecin, calmez-vous. Votre enfant est là. - -Les yeux de Fantine s'illuminèrent et couvrirent de clarté tout son -visage. Elle joignit les mains avec une expression qui contenait tout ce -que la prière peut avoir à la fois de plus violent et de plus doux. - ---Oh! s'écria-t-elle, apportez-la-moi! - -Touchante illusion de mère! Cosette était toujours pour elle le petit -enfant qu'on apporte. - ---Pas encore, reprit le médecin, pas en ce moment. Vous avez un reste de -fièvre. La vue de votre enfant vous agiterait et vous ferait du mal. Il -faut d'abord vous guérir. Elle l'interrompit impétueusement. - ---Mais je suis guérie! je vous dis que je suis guérie! Est-il âne, ce -médecin! Ah çà! je veux voir mon enfant, moi! - ---Vous voyez, dit le médecin, comme vous vous emportez. Tant que vous -serez ainsi, je m'opposerai à ce que vous ayez votre enfant. Il ne -suffit pas de la voir, il faut vivre pour elle. Quand vous serez -raisonnable, je vous l'amènerai moi-même. - -La pauvre mère courba la tête. - ---Monsieur le médecin, je vous demande pardon, je vous demande vraiment -bien pardon. Autrefois, je n'aurais pas parlé comme je viens de faire, -il m'est arrivé tant de malheurs que quelquefois je ne sais plus ce que -je dis. Je comprends, vous craignez l'émotion, j'attendrai tant que vous -voudrez, mais je vous jure que cela ne m'aurait pas fait de mal de voir -ma fille. Je la vois, je ne la quitte pas des yeux depuis hier au soir. -Savez-vous? on me l'apporterait maintenant que je me mettrais à lui -parler doucement. Voilà tout. Est-ce que ce n'est pas bien naturel que -j'aie envie de voir mon enfant qu'on a été me chercher exprès à -Montfermeil? Je ne suis pas en colère. Je sais bien que je vais être -heureuse. Toute la nuit j'ai vu des choses blanches et des personnes qui -me souriaient. Quand monsieur le médecin voudra, il m'apportera ma -Cosette. Je n'ai plus de fièvre, puisque je suis guérie; je sens bien -que je n'ai plus rien du tout; mais je vais faire comme si j'étais -malade et ne pas bouger pour faire plaisir aux dames d'ici. Quand on -verra que je suis bien tranquille, on dira: il faut lui donner son -enfant. - -M. Madeleine s'était assis sur une chaise qui était à côté du lit. Elle -se tourna vers lui; elle faisait visiblement effort pour paraître calme -et «bien sage», comme elle disait dans cet affaiblissement de la maladie -qui ressemble à l'enfance, afin que, la voyant si paisible, on ne fît -pas difficulté de lui amener Cosette. Cependant, tout en se contenant, -elle ne pouvait s'empêcher d'adresser à M. Madeleine mille questions. - ---Avez-vous fait un bon voyage, monsieur le maire? Oh! comme vous êtes -bon d'avoir été me la chercher! Dites-moi seulement comment elle est. -A-t-elle bien supporté la route? Hélas! elle ne me reconnaîtra pas! -Depuis le temps, elle m'a oubliée, pauvre chou! Les enfants, cela n'a -pas de mémoire. C'est comme des oiseaux. Aujourd'hui cela voit une chose -et demain une autre, et cela ne pense plus à rien. Avait-elle du linge -blanc seulement? Ces Thénardier la tenaient-ils proprement? Comment la -nourrissait-on? Oh! comme j'ai souffert, si vous saviez! de me faire -toutes ces questions-là dans le temps de ma misère! Maintenant, c'est -passé. Je suis joyeuse. Oh! que je voudrais donc la voir! Monsieur le -maire, l'avez-vous trouvée jolie? N'est-ce pas qu'elle est belle, ma -fille? Vous devez avoir eu bien froid dans cette diligence! Est-ce qu'on -ne pourrait pas l'amener rien qu'un petit moment? On la remporterait -tout de suite après. Dites! vous qui êtes le maître, si vous vouliez! - -Il lui prit la main: - ---Cosette est belle, dit-il, Cosette se porte bien, vous la verrez -bientôt, mais apaisez-vous. Vous parlez trop vivement, et puis vous -sortez vos bras du lit, et cela vous fait tousser. - -En effet, des quintes de toux interrompaient Fantine presque à chaque -mot. - -Fantine ne murmura pas, elle craignait d'avoir compromis par quelques -plaintes trop passionnées la confiance qu'elle voulait inspirer, et elle -se mit à dire des paroles indifférentes. - ---C'est assez joli, Montfermeil, n'est-ce-pas? L'été, on va y faire des -parties de plaisir. Ces Thénardier font-ils de bonnes affaires? Il ne -passe pas grand monde dans leur pays. C'est une espèce de gargote que -cette auberge-là. - -M. Madeleine lui tenait toujours la main, il la considérait avec -anxiété; il était évident qu'il était venu pour lui dire des choses -devant lesquelles sa pensée hésitait maintenant. Le médecin, sa visite -faite, s'était retiré. La soeur Simplice était seule restée auprès -d'eux. - -Cependant, au milieu de ce silence, Fantine s'écria: - ---Je l'entends! mon Dieu! je l'entends! - -Elle étendit le bras pour qu'on se tût autour d'elle, retint son -souffle, et se mit à écouter avec ravissement. - -Il y avait un enfant qui jouait dans la cour; l'enfant de la portière ou -d'une ouvrière quelconque. C'est là un de ces hasards qu'on retrouve -toujours et qui semblent faire partie de la mystérieuse mise en scène -des événements lugubres. L'enfant, c'était une petite fille, allait, -venait, courait pour se réchauffer, riait et chantait à haute voix. -Hélas! à quoi les jeux des enfants ne se mêlent-ils pas! C'était cette -petite fille que Fantine entendait chanter. - ---Oh! reprit-elle, c'est ma Cosette! je reconnais sa voix! - -L'enfant s'éloigna comme il était venu, la voix s'éteignit, Fantine -écouta encore quelque temps, puis son visage s'assombrit, et M. -Madeleine l'entendit qui disait à voix basse: - ---Comme ce médecin est méchant de ne pas me laisser voir ma fille! Il a -une mauvaise figure, cet homme-là! - -Cependant le fond riant de ses idées revint. Elle continua de se parler -à elle-même, la tête sur l'oreiller. - ---Comme nous allons être heureuses! Nous aurons un petit jardin, -d'abord! M. Madeleine me l'a promis. Ma fille jouera dans le jardin. -Elle doit savoir ses lettres maintenant. Je la ferai épeler. Elle courra -dans l'herbe après les papillons. Je la regarderai. Et puis elle fera sa -première communion. Ah çà! quand fera-t-elle sa première communion? Elle -se mit à compter sur ses doigts. - ---... Un, deux, trois, quatre... elle a sept ans. Dans cinq ans. Elle -aura un voile blanc, des bas à jour, elle aura l'air d'une petite femme. -Ô ma bonne soeur, vous ne savez pas comme je suis bête, voilà que je -pense à la première communion de ma fille! Et elle se mit à rire. - -Il avait quitté la main de Fantine. Il écoutait ces paroles comme on -écoute un vent qui souffle, les yeux à terre, l'esprit plongé dans des -réflexions sans fond. Tout à coup elle cessa de parler, cela lui fit -lever machinalement la tête. Fantine était devenue effrayante. - -Elle ne parlait plus, elle ne respirait plus; elle s'était soulevée à -demi sur son séant, son épaule maigre sortait de sa chemise, son visage, -radieux le moment d'auparavant, était blême, et elle paraissait fixer -sur quelque chose de formidable, devant elle, à l'autre extrémité de la -chambre, son oeil agrandi par la terreur. - ---Mon Dieu! s'écria-t-il. Qu'avez-vous, Fantine? - -Elle ne répondit pas, elle ne quitta point des yeux l'objet quelconque -qu'elle semblait voir, elle lui toucha le bras d'une main et de l'autre -lui fit signe de regarder derrière lui. - -Il se retourna, et vit Javert. - - - - -Chapitre III - -Javert content - - -Voici ce qui s'était passé. - -Minuit et demi venait de sonner, quand M. Madeleine était sorti de la -salle des assises d'Arras. Il était rentré à son auberge juste à temps -pour repartir par la malle-poste où l'on se rappelle qu'il avait retenu -sa place. Un peu avant six heures du matin, il était arrivé à -Montreuil-sur-mer, et son premier soin avait été de jeter à la poste sa -lettre à M. Laffitte, puis d'entrer à l'infirmerie et de voir Fantine. - -Cependant, à peine avait-il quitté la salle d'audience de la cour -d'assises, que l'avocat général, revenu du premier saisissement, avait -pris la parole pour déplorer l'acte de folie de l'honorable maire de -Montreuil-sur-mer, déclarer que ses convictions n'étaient en rien -modifiées par cet incident bizarre qui s'éclaircirait plus tard, et -requérir, en attendant, la condamnation de ce Champmathieu, évidemment -le vrai Jean Valjean. La persistance de l'avocat général était -visiblement en contradiction avec le sentiment de tous, du public, de la -cour et du jury. Le défenseur avait eu peu de peine à réfuter cette -harangue et à établir que, par suite des révélations de M. Madeleine, -c'est-à-dire du vrai Jean Valjean, la face de l'affaire était -bouleversée de fond en comble, et que le jury n'avait plus devant les -yeux qu'un innocent. L'avocat avait tiré de là quelques épiphonèmes, -malheureusement peu neufs, sur les erreurs judiciaires, etc., etc., le -président dans son résumé s'était joint au défenseur, et le jury en -quelques minutes avait mis hors de cause Champmathieu. - -Cependant il fallait un Jean Valjean à l'avocat général, et, n'ayant -plus Champmathieu, il prit Madeleine. - -Immédiatement après la mise en liberté de Champmathieu, l'avocat général -s'enferma avec le président. Ils conférèrent «de la nécessité de se -saisir de la personne de M. le maire de Montreuil-sur-mer». Cette -phrase, où il y a beaucoup de _de_, est de M. l'avocat général, -entièrement écrite de sa main sur la minute de son rapport au procureur -général. La première émotion passée, le président fit peu d'objections. -Il fallait bien que justice eût son cours. Et puis, pour tout dire, -quoique le président fût homme bon et assez intelligent, il était en -même temps fort royaliste et presque ardent, et il avait été choqué que -le maire de Montreuil-sur-mer, en parlant du débarquement à Cannes, eût -dit l'_empereur_ et non _Buonaparte_. - -L'ordre d'arrestation fut donc expédié. L'avocat général l'envoya à -Montreuil-sur-mer par un exprès, à franc étrier, et en chargea -l'inspecteur de police Javert. - -On sait que Javert était revenu à Montreuil-sur-mer immédiatement après -avoir fait sa déposition. - -Javert se levait au moment où l'exprès lui remit l'ordre d'arrestation -et le mandat d'amener. - -L'exprès était lui-même un homme de police fort entendu qui, en deux -mots, mit Javert au fait de ce qui était arrivé à Arras. L'ordre -d'arrestation, signé de l'avocat général, était ainsi -conçu:--L'inspecteur Javert appréhendera au corps le sieur Madeleine, -maire de Montreuil-sur-mer, qui, dans l'audience de ce jour, a été -reconnu pour être le forçat libéré Jean Valjean. - -Quelqu'un qui n'eût pas connu Javert et qui l'eût vu au moment où il -pénétra dans l'antichambre de l'infirmerie n'eût pu rien deviner de ce -qui se passait, et lui eût trouvé l'air le plus ordinaire du monde. Il -était froid, calme, grave, avait ses cheveux gris parfaitement lissés -sur les tempes et venait de monter l'escalier avec sa lenteur -habituelle. Quelqu'un qui l'eût connu à fond et qui l'eût examiné -attentivement eût frémi. La boucle de son col de cuir, au lieu d'être -sur sa nuque, était sur son oreille gauche. Ceci révélait une agitation -inouïe. - -Javert était un caractère complet, ne laissant faire de pli ni à son -devoir, ni à son uniforme; méthodique avec les scélérats, rigide avec -les boutons de son habit. - -Pour qu'il eût mal mis la boucle de son col, il fallait qu'il y eût en -lui une de ces émotions qu'on pourrait appeler des tremblements de terre -intérieurs. - -Il était venu simplement, avait requis un caporal et quatre soldats au -poste voisin, avait laissé les soldats dans la cour, et s'était fait -indiquer la chambre de Fantine par la portière sans défiance, accoutumée -qu'elle était à voir des gens armés demander monsieur le maire. - -Arrivé à la chambre de Fantine, Javert tourna la clef, poussa la porte -avec une douceur de garde-malade ou de mouchard, et entra. - -À proprement parler, il n'entra pas. Il se tint debout dans la porte -entrebâillée, le chapeau sur la tête, la main gauche dans sa redingote -fermée jusqu'au menton. Dans le pli du coude on pouvait voir le pommeau -de plomb de son énorme canne, laquelle disparaissait derrière lui. - -Il resta ainsi près d'une minute sans qu'on s'aperçût de sa présence. -Tout à coup Fantine leva les yeux, le vit, et fit retourner M. -Madeleine. - -À l'instant où le regard de Madeleine rencontra le regard de Javert, -Javert, sans bouger, sans remuer, sans approcher, devint épouvantable. -Aucun sentiment humain ne réussit à être effroyable comme la joie. - -Ce fut le visage d'un démon qui vient de retrouver son damné. - -La certitude de tenir enfin Jean Valjean fit apparaître sur sa -physionomie tout ce qu'il avait dans l'âme. Le fond remué monta à la -surface. L'humiliation d'avoir un peu perdu la piste et de s'être mépris -quelques minutes sur ce Champmathieu, s'effaçait sous l'orgueil d'avoir -si bien deviné d'abord et d'avoir eu si longtemps un instinct juste. Le -contentement de Javert éclata dans son attitude souveraine. La -difformité du triomphe s'épanouit sur ce front étroit. Ce fut tout le -déploiement d'horreur que peut donner une figure satisfaite. - -Javert en ce moment était au ciel. Sans qu'il s'en rendit nettement -compte, mais pourtant avec une intuition confuse de sa nécessité et de -son succès, il personnifiait, lui Javert, la justice, la lumière et la -vérité dans leur fonction céleste d'écrasement du mal. Il avait derrière -lui et autour de lui, à une profondeur infinie, l'autorité, la raison, -la chose jugée, la conscience légale, la vindicte publique, toutes les -étoiles; il protégeait l'ordre, il faisait sortir de la loi la foudre, -il vengeait la société, il prêtait main-forte à l'absolu; il se dressait -dans une gloire; il y avait dans sa victoire un reste de défi et de -combat; debout, altier, éclatant, il étalait en plein azur la bestialité -surhumaine d'un archange féroce; l'ombre redoutable de l'action qu'il -accomplissait faisait visible à son poing crispé le vague flamboiement -de l'épée sociale; heureux et indigné, il tenait sous son talon le -crime, le vice, la rébellion, la perdition, l'enfer, il rayonnait, il -exterminait, il souriait et il y avait une incontestable grandeur dans -ce saint Michel monstrueux. - -Javert, effroyable, n'avait rien d'ignoble. - -La probité, la sincérité, la candeur, la conviction, l'idée du devoir, -sont des choses qui, en se trompant, peuvent devenir hideuses, mais qui, -même hideuses, restent grandes; leur majesté, propre à la conscience -humaine, persiste dans l'horreur. Ce sont des vertus qui ont un vice, -l'erreur. L'impitoyable joie honnête d'un fanatique en pleine atrocité -conserve on ne sait quel rayonnement lugubrement vénérable. Sans qu'il -s'en doutât, Javert, dans son bonheur formidable, était à plaindre comme -tout ignorant qui triomphe. Rien n'était poignant et terrible comme -cette figure où se montrait ce qu'on pourrait appeler tout le mauvais du -bon. - - - - -Chapitre IV - -L'autorité reprend ses droits - - -La Fantine n'avait point vu Javert depuis le jour où M. le maire l'avait -arrachée à cet homme. Son cerveau malade ne se rendit compte de rien, -seulement elle ne douta pas qu'il ne revint la chercher. Elle ne put -supporter cette figure affreuse, elle se sentit expirer, elle cacha son -visage de ses deux mains et cria avec angoisse: - ---Monsieur Madeleine, sauvez-moi! - -Jean Valjean--nous ne le nommerons plus désormais autrement--s'était -levé. Il dit à Fantine de sa voix la plus douce et la plus calme: - ---Soyez tranquille. Ce n'est pas pour vous qu'il vient. - -Puis il s'adressa à Javert et lui dit: - ---Je sais ce que vous voulez. - -Javert répondit: - ---Allons, vite! - -Il y eut dans l'inflexion qui accompagna ces deux mots je ne sais quoi -de fauve et de frénétique. Javert ne dit pas: «Allons, vite!» il dit: -«Allonouaite!» Aucune orthographe ne pourrait rendre l'accent dont cela -fut prononcé; ce n'était plus une parole humaine, c'était un -rugissement. - -Il ne fit point comme d'habitude; il n'entra point en matière; il -n'exhiba point de mandat d'amener. Pour lui, Jean Valjean était une -sorte de combattant mystérieux et insaisissable, un lutteur ténébreux -qu'il étreignait depuis cinq ans sans pouvoir le renverser. Cette -arrestation n'était pas un commencement, mais une fin. Il se borna à -dire: «Allons, vite!» - -En parlant ainsi, il ne fit point un pas; il lança sur Jean Valjean ce -regard qu'il jetait comme un crampon, et avec lequel il avait coutume de -tirer violemment les misérables à lui. - -C'était ce regard que la Fantine avait senti pénétrer jusque dans la -moelle de ses os deux mois auparavant. - -Au cri de Javert, Fantine avait rouvert les yeux. Mais M. le maire était -là. Que pouvait-elle craindre? - -Javert avança au milieu de la chambre et cria: - ---Ah çà! viendras-tu? - -La malheureuse regarda autour d'elle. Il n'y avait personne que la -religieuse et monsieur le maire. À qui pouvait s'adresser ce tutoiement -abject? elle seulement. Elle frissonna. - -Alors elle vit une chose inouïe, tellement inouïe que jamais rien de -pareil ne lui était apparu dans les plus noirs délires de la fièvre. - -Elle vit le mouchard Javert saisir au collet monsieur le maire; elle vit -monsieur le maire courber la tête. Il lui sembla que le monde -s'évanouissait. - -Javert, en effet, avait pris Jean Valjean au collet. - ---Monsieur le maire! cria Fantine. - -Javert éclata de rire, de cet affreux rire qui lui déchaussait toutes -les dents. - ---Il n'y a plus de monsieur le maire ici! - -Jean Valjean n'essaya pas de déranger la main qui tenait le col de sa -redingote. Il dit: - ---Javert.... - -Javert l'interrompit: - ---Appelle-moi monsieur l'inspecteur. - ---Monsieur, reprit Jean Valjean, je voudrais vous dire un mot en -particulier. - ---Tout haut! parle tout haut! répondit Javert; on me parle tout haut à -moi! - -Jean Valjean continua en baissant la voix: - ---C'est une prière que j'ai à vous faire.... - ---Je te dis de parler tout haut. - ---Mais cela ne doit être entendu que de vous seul.... - ---Qu'est-ce que cela me fait? je n'écoute pas! - -Jean Valjean se tourna vers lui et lui dit rapidement et très bas: - ---Accordez-moi trois jours! trois jours pour aller chercher l'enfant de -cette malheureuse femme! Je payerai ce qu'il faudra. Vous -m'accompagnerez si vous voulez. - ---Tu veux rire! cria Javert. Ah çà! je ne te croyais pas bête! Tu me -demandes trois jours pour t'en aller! Tu dis que c'est pour aller -chercher l'enfant de cette fille! Ah! ah! c'est bon! voilà qui est bon! -Fantine eut un tremblement. - ---Mon enfant! s'écria-t-elle, aller chercher mon enfant! Elle n'est donc -pas ici! Ma soeur, répondez-moi, où est Cosette? Je veux mon enfant! -Monsieur Madeleine! monsieur le maire! - -Javert frappa du pied. - ---Voilà l'autre, à présent! Te tairas-tu, drôlesse! Gredin de pays où -les galériens sont magistrats et où les filles publiques sont soignées -comme des comtesses! Ah mais! tout ça va changer; il était temps! - -Il regarda fixement Fantine et ajouta en reprenant à poignée la cravate, -la chemise et le collet de Jean Valjean: - ---Je te dis qu'il n'y a point de monsieur Madeleine et qu'il n'y a point -de monsieur le maire. Il y a un voleur, il y a un brigand, il y a un -forçat appelé Jean Valjean! c'est lui que je tiens! voilà ce qu'il y a! - -Fantine se dressa en sursaut, appuyée sur ses bras roides et sur ses -deux mains, elle regarda Jean Valjean, elle regarda Javert, elle regarda -la religieuse, elle ouvrit la bouche comme pour parler, un râle sortit -du fond de sa gorge, ses dents claquèrent, elle étendit les bras avec -angoisse, ouvrant convulsivement les mains, et cherchant autour d'elle -comme quelqu'un qui se noie, puis elle s'affaissa subitement sur -l'oreiller. Sa tête heurta le chevet du lit et vint retomber sur sa -poitrine, la bouche béante, les yeux ouverts et éteints. - -Elle était morte. - -Jean Valjean posa sa main sur la main de Javert qui le tenait, et -l'ouvrit comme il eût ouvert la main d'un enfant, puis il dit à Javert: - ---Vous avez tué cette femme. - ---Finirons-nous! cria Javert furieux. Je ne suis pas ici pour entendre -des raisons. Économisons tout ça. La garde est en bas. Marchons tout de -suite, ou les poucettes! - -Il y avait dans un coin de la chambre un vieux lit en fer en assez -mauvais état qui servait de lit de camp aux soeurs quand elles -veillaient. Jean Valjean alla à ce lit, disloqua en un clin d'oeil le -chevet déjà fort délabré, chose facile à des muscles comme les siens, -saisit à poigne-main la maîtresse-tringle, et considéra Javert. Javert -recula vers la porte. - -Jean Valjean, sa barre de fer au poing, marcha lentement vers le lit de -Fantine. Quand il y fut parvenu, il se retourna, et dit à Javert d'une -voix qu'on entendait à peine: - ---Je ne vous conseille pas de me déranger en ce moment. - -Ce qui est certain, c'est que Javert tremblait. - -Il eut l'idée d'aller appeler la garde, mais Jean Valjean pouvait -profiter de cette minute pour s'évader. Il resta donc, saisit sa canne -par le petit bout, et s'adossa au chambranle de la porte sans quitter du -regard Jean Valjean. - -Jean Valjean posa son coude sur la pomme du chevet du lit et son front -sur sa main, et se mit à contempler Fantine immobile et étendue. Il -demeura ainsi, absorbé, muet, et ne songeant évidemment plus à aucune -chose de cette vie. Il n'y avait plus rien sur son visage et dans son -attitude qu'une inexprimable pitié. Après quelques instants de cette -rêverie, il se pencha vers Fantine et lui parla à voix basse. - -Que lui dit-il? Que pouvait dire cet homme qui était réprouvé à cette -femme qui était morte? Qu'était-ce que ces paroles? Personne sur la -terre ne les a entendues. La morte les entendit-elle? Il y a des -illusions touchantes qui sont peut-être des réalités sublimes. Ce qui -est hors de doute, c'est que la soeur Simplice, unique témoin de la -chose qui se passait, a souvent raconté qu'au moment où Jean Valjean -parla à l'oreille de Fantine, elle vit distinctement poindre un -ineffable sourire sur ces lèvres pâles et dans ces prunelles vagues, -pleines de l'étonnement du tombeau. - -Jean Valjean prit dans ses deux mains la tête de Fantine et l'arrangea -sur l'oreiller comme une mère eût fait pour son enfant, il lui rattacha -le cordon de sa chemise et rentra ses cheveux sous son bonnet. Cela -fait, il lui ferma les yeux. - -La face de Fantine en cet instant semblait étrangement éclairée. - -La mort, c'est l'entrée dans la grande lueur. - -La main de Fantine pendait hors du lit. Jean Valjean s'agenouilla devant -cette main, la souleva doucement, et la baisa. - -Puis il se redressa, et, se tournant vers Javert: - ---Maintenant, dit-il, je suis à vous. - - - - -Chapitre V - -Tombeau convenable - - -Javert déposa Jean Valjean à la prison de la ville. - -L'arrestation de M. Madeleine produisit à Montreuil-sur-mer une -sensation, ou pour mieux dire une commotion extraordinaire. Nous sommes -triste de ne pouvoir dissimuler que sur ce seul mot: _c'était un -galérien_, tout le monde à peu près l'abandonna. En moins de deux heures -tout le bien qu'il avait fait fut oublié, et ce ne fut plus «qu'un -galérien». Il est juste de dire qu'on ne connaissait pas encore les -détails de l'événement d'Arras. Toute la journée on entendait dans -toutes les parties de la ville des conversations comme celle-ci: - ---Vous ne savez pas? c'était un forçat libéré! Qui ça?--Le maire.--Bah! -M. Madeleine?--Oui. Vraiment?--Il ne s'appelait pas Madeleine, il a un -affreux nom, Béjean, Bojean, Boujean.--Ah, mon Dieu!--Il est -arrêté.--Arrêté!--En prison à la prison de la ville, en attendant qu'on -le transfère.--Qu'on le transfère! On va le transférer! Où va-t-on le -transférer?--Il va passer aux assises pour un vol de grand chemin qu'il -a fait autrefois.--Eh bien! je m'en doutais. Cet homme était trop bon, -trop parfait, trop confit. Il refusait la croix, il donnait des sous à -tous les petits drôles qu'il rencontrait. J'ai toujours pensé qu'il y -avait là-dessous quelque mauvaise histoire. - -«Les salons» surtout abondèrent dans ce sens. - -Une vieille dame, abonnée au _Drapeau blanc_, fit cette réflexion dont -il est presque impossible de sonder la profondeur: - ---Je n'en suis pas fâchée. Cela apprendra aux buonapartistes! - -C'est ainsi que ce fantôme qui s'était appelé M. Madeleine se dissipa à -Montreuil-sur-mer. Trois ou quatre personnes seulement dans toute la -ville restèrent fidèles à cette mémoire. La vieille portière qui l'avait -servi fut du nombre. Le soir de ce même jour, cette digne vieille était -assise dans sa loge, encore tout effarée et réfléchissant tristement. La -fabrique avait été fermée toute la journée, la porte cochère était -verrouillée, la rue était déserte. Il n'y avait dans la maison que deux -religieuses, soeur Perpétue et soeur Simplice, qui veillaient près du -corps de Fantine. - -Vers l'heure où M. Madeleine avait coutume de rentrer, la brave portière -se leva machinalement, prit la clef de la chambre de M. Madeleine dans -un tiroir et le bougeoir dont il se servait tous les soirs pour monter -chez lui, puis elle accrocha la clef au clou où il la prenait -d'habitude, et plaça le bougeoir à côté, comme si elle l'attendait. -Ensuite elle se rassit sur sa chaise et se remit à songer. La pauvre -bonne vieille avait fait tout cela sans en avoir conscience. - -Ce ne fut qu'au bout de plus de deux heures qu'elle sortit de sa rêverie -et s'écria: «Tiens! mon bon Dieu Jésus! moi qui ai mis sa clef au clou!» - -En ce moment la vitre de la loge s'ouvrit, une main passa par -l'ouverture, saisit la clef et le bougeoir et alluma la bougie à la -chandelle qui brûlait. - -La portière leva les yeux et resta béante, avec un cri dans le gosier -qu'elle retint. Elle connaissait cette main, ce bras, cette manche de -redingote. - -C'était M. Madeleine. - -Elle fut quelques secondes avant de pouvoir parler, saisie, comme elle -le disait elle-même plus tard en racontant son aventure. - ---Mon Dieu, monsieur le maire, s'écria-t-elle enfin, je vous croyais.... - -Elle s'arrêta, la fin de sa phrase eût manqué de respect au -commencement. Jean Valjean était toujours pour elle monsieur le maire. - -Il acheva sa pensée. - ---En prison, dit-il. J'y étais. J'ai brisé un barreau d'une fenêtre, je -me suis laissé tomber du haut d'un toit, et me voici. Je monte à ma -chambre, allez me chercher la soeur Simplice. Elle est sans doute près -de cette pauvre femme. - -La vieille obéit en toute hâte. - -Il ne lui fit aucune recommandation; il était bien sûr qu'elle le -garderait mieux qu'il ne se garderait lui-même. - -On n'a jamais su comment il avait réussi à pénétrer dans la cour sans -faire ouvrir la porte cochère. Il avait, et portait toujours sur lui, un -passe-partout qui ouvrait une petite porte latérale; mais on avait dû le -fouiller et lui prendre son passe-partout. Ce point n'a pas été -éclairci. - -Il monta l'escalier qui conduisait à sa chambre. Arrivé en haut, il -laissa son bougeoir sur les dernières marches de l'escalier, ouvrit sa -porte avec peu de bruit, et alla fermer à tâtons sa fenêtre et son -volet, puis il revint prendre sa bougie et rentra dans sa chambre. - -La précaution était utile; on se souvient que sa fenêtre pouvait être -aperçue de la rue. Il jeta un coup d'oeil autour de lui, sur sa table, -sur sa chaise, sur son lit qui n'avait pas été défait depuis trois -jours. Il ne restait aucune trace du désordre de l'avant-dernière nuit. -La portière avait «fait la chambre». Seulement elle avait ramassé dans -les cendres et posé proprement sur la table les deux bouts du bâton -ferré et la pièce de quarante sous noircie par le feu. - -Il prit une feuille de papier sur laquelle il écrivit: _Voici les deux -bouts de mon bâton ferré et la pièce de quarante sous volée à -Petit-Gervais dont j'ai parlé à la cour d'assises_, et il posa sur cette -feuille la pièce d'argent et les deux morceaux de fer, de façon que ce -fût la première chose qu'on aperçût en entrant dans la chambre. Il tira -d'une armoire une vieille chemise à lui qu'il déchira. Cela fit quelques -morceaux de toile dans lesquels il emballa les deux flambeaux d'argent. -Du reste il n'avait ni hâte ni agitation, et, tout en emballant les -chandeliers de l'évêque, il mordait dans un morceau de pain noir. Il est -probable que c'était le pain de la prison qu'il avait emporté en -s'évadant. - -Ceci a été constaté par les miettes de pain qui furent trouvées sur le -carreau de la chambre, lorsque la justice plus tard fit une -perquisition. - -On frappa deux petits coups à la porte. - ---Entrez, dit-il. - -C'était la soeur Simplice. - -Elle était pâle, elle avait les yeux rouges, la chandelle qu'elle tenait -vacillait dans sa main. Les violences de la destinée ont cela de -particulier que, si perfectionnés ou si refroidis que nous soyons, elles -nous tirent du fond des entrailles la nature humaine et la forcent de -reparaître au dehors. Dans les émotions de cette journée, la religieuse -était redevenue femme. Elle avait pleuré, et elle tremblait. - -Jean Valjean venait d'écrire quelques lignes sur un papier qu'il tendit -à la religieuse en disant: - ---Ma soeur, vous remettrez ceci à monsieur le curé. - -Le papier était déplié. Elle y jeta les yeux. - ---Vous pouvez lire, dit-il. - -Elle lut.--«Je prie monsieur le curé de veiller sur tout ce que je -laisse ici. Il voudra bien payer là-dessus les frais de mon procès et -l'enterrement de la femme qui est morte aujourd'hui. Le reste sera aux -pauvres.» - -La soeur voulut parler, mais elle put à peine balbutier quelques sons -inarticulés. Elle parvint cependant à dire: - ---Est-ce que monsieur le maire ne désire pas revoir une dernière fois -cette pauvre malheureuse? - ---Non, dit-il, on est à ma poursuite, on n'aurait qu'à m'arrêter dans sa -chambre, cela la troublerait. - -Il achevait à peine qu'un grand bruit se fit dans l'escalier. Ils -entendirent un tumulte de pas qui montaient, et la vieille portière qui -disait de sa voix la plus haute et la plus perçante: - ---Mon bon monsieur, je vous jure le bon Dieu qu'il n'est entré personne -ici de toute la journée ni de toute la soirée, que même je n'ai pas -quitté ma porte! - -Un homme répondit: - ---Cependant il y a de la lumière dans cette chambre. - -Ils reconnurent la voix de Javert. - -La chambre était disposée de façon que la porte en s'ouvrant masquait -l'angle du mur à droite. Jean Valjean souffla la bougie et se mit dans -cet angle. - -La soeur Simplice tomba à genoux près de la table. - -La porte s'ouvrit. - -Javert entra. - -On entendait le chuchotement de plusieurs hommes et les protestations de -la portière dans le corridor. - -La religieuse ne leva pas les yeux. Elle priait. - -La chandelle était sur la cheminée et ne donnait que peu de clarté. - -Javert aperçut la soeur et s'arrêta interdit. - -On se rappelle que le fond même de Javert, son élément, son milieu -respirable, c'était la vénération de toute autorité. Il était tout d'une -pièce et n'admettait ni objection, ni restriction. Pour lui, bien -entendu, l'autorité ecclésiastique était la première de toutes. Il était -religieux, superficiel et correct sur ce point comme sur tous. À ses -yeux un prêtre était un esprit qui ne se trompe pas, une religieuse -était une créature qui ne pèche pas. C'étaient des âmes murées à ce -monde avec une seule porte qui ne s'ouvrait jamais que pour laisser -sortir la vérité. - -En apercevant la soeur, son premier mouvement fut de se retirer. - -Cependant il y avait aussi un autre devoir qui le tenait, et qui le -poussait impérieusement en sens inverse. Son second mouvement fut de -rester, et de hasarder au moins une question. - -C'était cette soeur Simplice qui n'avait menti de sa vie. Javert le -savait, et la vénérait particulièrement à cause de cela. - ---Ma soeur, dit-il, êtes-vous seule dans cette chambre? - -Il y eut un moment affreux pendant lequel la pauvre portière se sentit -défaillir. - -La soeur leva les yeux et répondit: - ---Oui. - ---Ainsi, reprit Javert, excusez-moi si j'insiste, c'est mon devoir, vous -n'avez pas vu ce soir une personne, un homme. Il s'est évadé, nous le -cherchons, ce nommé Jean Valjean, vous ne l'avez pas vu? - -La soeur répondit: - ---Non. - -Elle mentit. Elle mentit deux fois de suite, coup sur coup, sans -hésiter, rapidement, comme on se dévoue. - ---Pardon, dit Javert, et il se retira en saluant profondément. - -Ô sainte fille! vous n'êtes plus de ce monde depuis beaucoup d'années; -vous avez rejoint dans la lumière vos soeurs les vierges et vos frères -les anges; que ce mensonge vous soit compté dans le paradis! - -L'affirmation de la soeur fut pour Javert quelque chose de si décisif -qu'il ne remarqua même pas la singularité de cette bougie qu'on venait -de souffler et qui fumait sur la table. - -Une heure après, un homme, marchant à travers les arbres et les brumes, -s'éloignait rapidement de Montreuil-sur-mer dans la direction de Paris. -Cet homme était Jean Valjean. Il a été établi, par le témoignage de deux -ou trois rouliers qui l'avaient rencontré, qu'il portait un paquet et -qu'il était vêtu d'une blouse. Où avait-il pris cette blouse? On ne l'a -jamais su. Cependant un vieux ouvrier était mort quelques jours -auparavant à l'infirmerie de la fabrique, ne laissant que sa blouse. -C'était peut-être celle-là. - -Un dernier mot sur Fantine. - -Nous avons tous une mère, la terre. On rendit Fantine à cette mère. - -Le curé crut bien faire, et fit bien peut-être, en réservant, sur ce que -Jean Valjean avait laissé, le plus d'argent possible aux pauvres. Après -tout, de qui s'agissait-il? d'un forçat et d'une fille publique. C'est -pourquoi il simplifia l'enterrement de Fantine, et le réduisit à ce -strict nécessaire qu'on appelle la fosse commune. - -Fantine fut donc enterrée dans ce coin gratis du cimetière qui est à -tous et à personne, et où l'on perd les pauvres. Heureusement Dieu sait -où retrouver l'âme. On coucha Fantine dans les ténèbres parmi les -premiers os venus; elle subit la promiscuité des cendres. Elle fut jetée -à la fosse publique. Sa tombe ressembla à son lit. - - - - - -End of the Project Gutenberg EBook of Les misérables Tome I, by Victor Hugo - -*** END OF THIS PROJECT GUTENBERG EBOOK LES MISÉRABLES TOME I *** - -***** This file should be named 17489-8.txt or 17489-8.zip ***** -This and all associated files of various formats will be found in: - http://www.gutenberg.org/1/7/4/8/17489/ - -Produced by www.ebooksgratuits.com and Chuck Greif - -Updated editions will replace the previous one--the old editions -will be renamed. - -Creating the works from public domain print editions means that no -one owns a United States copyright in these works, so the Foundation -(and you!) can copy and distribute it in the United States without -permission and without paying copyright royalties. Special rules, -set forth in the General Terms of Use part of this license, apply to -copying and distributing Project Gutenberg-tm electronic works to -protect the PROJECT GUTENBERG-tm concept and trademark. Project -Gutenberg is a registered trademark, and may not be used if you -charge for the eBooks, unless you receive specific permission. If you -do not charge anything for copies of this eBook, complying with the -rules is very easy. You may use this eBook for nearly any purpose -such as creation of derivative works, reports, performances and -research. They may be modified and printed and given away--you may do -practically ANYTHING with public domain eBooks. Redistribution is -subject to the trademark license, especially commercial -redistribution. - - - -*** START: FULL LICENSE *** - -THE FULL PROJECT GUTENBERG LICENSE -PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK - -To protect the Project Gutenberg-tm mission of promoting the free -distribution of electronic works, by using or distributing this work -(or any other work associated in any way with the phrase "Project -Gutenberg"), you agree to comply with all the terms of the Full Project -Gutenberg-tm License (available with this file or online at -http://gutenberg.org/license). - - -Section 1. General Terms of Use and Redistributing Project Gutenberg-tm -electronic works - -1.A. By reading or using any part of this Project Gutenberg-tm -electronic work, you indicate that you have read, understand, agree to -and accept all the terms of this license and intellectual property -(trademark/copyright) agreement. If you do not agree to abide by all -the terms of this agreement, you must cease using and return or destroy -all copies of Project Gutenberg-tm electronic works in your possession. -If you paid a fee for obtaining a copy of or access to a Project -Gutenberg-tm electronic work and you do not agree to be bound by the -terms of this agreement, you may obtain a refund from the person or -entity to whom you paid the fee as set forth in paragraph 1.E.8. - -1.B. "Project Gutenberg" is a registered trademark. It may only be -used on or associated in any way with an electronic work by people who -agree to be bound by the terms of this agreement. There are a few -things that you can do with most Project Gutenberg-tm electronic works -even without complying with the full terms of this agreement. See -paragraph 1.C below. There are a lot of things you can do with Project -Gutenberg-tm electronic works if you follow the terms of this agreement -and help preserve free future access to Project Gutenberg-tm electronic -works. See paragraph 1.E below. - -1.C. The Project Gutenberg Literary Archive Foundation ("the Foundation" -or PGLAF), owns a compilation copyright in the collection of Project -Gutenberg-tm electronic works. Nearly all the individual works in the -collection are in the public domain in the United States. If an -individual work is in the public domain in the United States and you are -located in the United States, we do not claim a right to prevent you from -copying, distributing, performing, displaying or creating derivative -works based on the work as long as all references to Project Gutenberg -are removed. Of course, we hope that you will support the Project -Gutenberg-tm mission of promoting free access to electronic works by -freely sharing Project Gutenberg-tm works in compliance with the terms of -this agreement for keeping the Project Gutenberg-tm name associated with -the work. You can easily comply with the terms of this agreement by -keeping this work in the same format with its attached full Project -Gutenberg-tm License when you share it without charge with others. - -1.D. The copyright laws of the place where you are located also govern -what you can do with this work. Copyright laws in most countries are in -a constant state of change. If you are outside the United States, check -the laws of your country in addition to the terms of this agreement -before downloading, copying, displaying, performing, distributing or -creating derivative works based on this work or any other Project -Gutenberg-tm work. The Foundation makes no representations concerning -the copyright status of any work in any country outside the United -States. - -1.E. Unless you have removed all references to Project Gutenberg: - -1.E.1. The following sentence, with active links to, or other immediate -access to, the full Project Gutenberg-tm License must appear prominently -whenever any copy of a Project Gutenberg-tm work (any work on which the -phrase "Project Gutenberg" appears, or with which the phrase "Project -Gutenberg" is associated) is accessed, displayed, performed, viewed, -copied or distributed: - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.org - -1.E.2. If an individual Project Gutenberg-tm electronic work is derived -from the public domain (does not contain a notice indicating that it is -posted with permission of the copyright holder), the work can be copied -and distributed to anyone in the United States without paying any fees -or charges. If you are redistributing or providing access to a work -with the phrase "Project Gutenberg" associated with or appearing on the -work, you must comply either with the requirements of paragraphs 1.E.1 -through 1.E.7 or obtain permission for the use of the work and the -Project Gutenberg-tm trademark as set forth in paragraphs 1.E.8 or -1.E.9. - -1.E.3. If an individual Project Gutenberg-tm electronic work is posted -with the permission of the copyright holder, your use and distribution -must comply with both paragraphs 1.E.1 through 1.E.7 and any additional -terms imposed by the copyright holder. Additional terms will be linked -to the Project Gutenberg-tm License for all works posted with the -permission of the copyright holder found at the beginning of this work. - -1.E.4. Do not unlink or detach or remove the full Project Gutenberg-tm -License terms from this work, or any files containing a part of this -work or any other work associated with Project Gutenberg-tm. - -1.E.5. Do not copy, display, perform, distribute or redistribute this -electronic work, or any part of this electronic work, without -prominently displaying the sentence set forth in paragraph 1.E.1 with -active links or immediate access to the full terms of the Project -Gutenberg-tm License. - -1.E.6. You may convert to and distribute this work in any binary, -compressed, marked up, nonproprietary or proprietary form, including any -word processing or hypertext form. However, if you provide access to or -distribute copies of a Project Gutenberg-tm work in a format other than -"Plain Vanilla ASCII" or other format used in the official version -posted on the official Project Gutenberg-tm web site (www.gutenberg.org), -you must, at no additional cost, fee or expense to the user, provide a -copy, a means of exporting a copy, or a means of obtaining a copy upon -request, of the work in its original "Plain Vanilla ASCII" or other -form. Any alternate format must include the full Project Gutenberg-tm -License as specified in paragraph 1.E.1. - -1.E.7. Do not charge a fee for access to, viewing, displaying, -performing, copying or distributing any Project Gutenberg-tm works -unless you comply with paragraph 1.E.8 or 1.E.9. - -1.E.8. You may charge a reasonable fee for copies of or providing -access to or distributing Project Gutenberg-tm electronic works provided -that - -- You pay a royalty fee of 20% of the gross profits you derive from - the use of Project Gutenberg-tm works calculated using the method - you already use to calculate your applicable taxes. The fee is - owed to the owner of the Project Gutenberg-tm trademark, but he - has agreed to donate royalties under this paragraph to the - Project Gutenberg Literary Archive Foundation. Royalty payments - must be paid within 60 days following each date on which you - prepare (or are legally required to prepare) your periodic tax - returns. Royalty payments should be clearly marked as such and - sent to the Project Gutenberg Literary Archive Foundation at the - address specified in Section 4, "Information about donations to - the Project Gutenberg Literary Archive Foundation." - -- You provide a full refund of any money paid by a user who notifies - you in writing (or by e-mail) within 30 days of receipt that s/he - does not agree to the terms of the full Project Gutenberg-tm - License. You must require such a user to return or - destroy all copies of the works possessed in a physical medium - and discontinue all use of and all access to other copies of - Project Gutenberg-tm works. - -- You provide, in accordance with paragraph 1.F.3, a full refund of any - money paid for a work or a replacement copy, if a defect in the - electronic work is discovered and reported to you within 90 days - of receipt of the work. - -- You comply with all other terms of this agreement for free - distribution of Project Gutenberg-tm works. - -1.E.9. If you wish to charge a fee or distribute a Project Gutenberg-tm -electronic work or group of works on different terms than are set -forth in this agreement, you must obtain permission in writing from -both the Project Gutenberg Literary Archive Foundation and Michael -Hart, the owner of the Project Gutenberg-tm trademark. Contact the -Foundation as set forth in Section 3 below. - -1.F. - -1.F.1. Project Gutenberg volunteers and employees expend considerable -effort to identify, do copyright research on, transcribe and proofread -public domain works in creating the Project Gutenberg-tm -collection. Despite these efforts, Project Gutenberg-tm electronic -works, and the medium on which they may be stored, may contain -"Defects," such as, but not limited to, incomplete, inaccurate or -corrupt data, transcription errors, a copyright or other intellectual -property infringement, a defective or damaged disk or other medium, a -computer virus, or computer codes that damage or cannot be read by -your equipment. - -1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the "Right -of Replacement or Refund" described in paragraph 1.F.3, the Project -Gutenberg Literary Archive Foundation, the owner of the Project -Gutenberg-tm trademark, and any other party distributing a Project -Gutenberg-tm electronic work under this agreement, disclaim all -liability to you for damages, costs and expenses, including legal -fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT -LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE -PROVIDED IN PARAGRAPH F3. YOU AGREE THAT THE FOUNDATION, THE -TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE -LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR -INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH -DAMAGE. - -1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a -defect in this electronic work within 90 days of receiving it, you can -receive a refund of the money (if any) you paid for it by sending a -written explanation to the person you received the work from. If you -received the work on a physical medium, you must return the medium with -your written explanation. The person or entity that provided you with -the defective work may elect to provide a replacement copy in lieu of a -refund. If you received the work electronically, the person or entity -providing it to you may choose to give you a second opportunity to -receive the work electronically in lieu of a refund. If the second copy -is also defective, you may demand a refund in writing without further -opportunities to fix the problem. - -1.F.4. Except for the limited right of replacement or refund set forth -in paragraph 1.F.3, this work is provided to you 'AS-IS', WITH NO OTHER -WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR ANY PURPOSE. - -1.F.5. Some states do not allow disclaimers of certain implied -warranties or the exclusion or limitation of certain types of damages. -If any disclaimer or limitation set forth in this agreement violates the -law of the state applicable to this agreement, the agreement shall be -interpreted to make the maximum disclaimer or limitation permitted by -the applicable state law. The invalidity or unenforceability of any -provision of this agreement shall not void the remaining provisions. - -1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the -trademark owner, any agent or employee of the Foundation, anyone -providing copies of Project Gutenberg-tm electronic works in accordance -with this agreement, and any volunteers associated with the production, -promotion and distribution of Project Gutenberg-tm electronic works, -harmless from all liability, costs and expenses, including legal fees, -that arise directly or indirectly from any of the following which you do -or cause to occur: (a) distribution of this or any Project Gutenberg-tm -work, (b) alteration, modification, or additions or deletions to any -Project Gutenberg-tm work, and (c) any Defect you cause. - - -Section 2. Information about the Mission of Project Gutenberg-tm - -Project Gutenberg-tm is synonymous with the free distribution of -electronic works in formats readable by the widest variety of computers -including obsolete, old, middle-aged and new computers. It exists -because of the efforts of hundreds of volunteers and donations from -people in all walks of life. - -Volunteers and financial support to provide volunteers with the -assistance they need, is critical to reaching Project Gutenberg-tm's -goals and ensuring that the Project Gutenberg-tm collection will -remain freely available for generations to come. In 2001, the Project -Gutenberg Literary Archive Foundation was created to provide a secure -and permanent future for Project Gutenberg-tm and future generations. -To learn more about the Project Gutenberg Literary Archive Foundation -and how your efforts and donations can help, see Sections 3 and 4 -and the Foundation web page at http://www.pglaf.org. - - -Section 3. Information about the Project Gutenberg Literary Archive -Foundation - -The Project Gutenberg Literary Archive Foundation is a non profit -501(c)(3) educational corporation organized under the laws of the -state of Mississippi and granted tax exempt status by the Internal -Revenue Service. The Foundation's EIN or federal tax identification -number is 64-6221541. Its 501(c)(3) letter is posted at -http://pglaf.org/fundraising. Contributions to the Project Gutenberg -Literary Archive Foundation are tax deductible to the full extent -permitted by U.S. federal laws and your state's laws. - -The Foundation's principal office is located at 4557 Melan Dr. S. -Fairbanks, AK, 99712., but its volunteers and employees are scattered -throughout numerous locations. Its business office is located at -809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887, email -business@pglaf.org. Email contact links and up to date contact -information can be found at the Foundation's web site and official -page at http://pglaf.org - -For additional contact information: - Dr. Gregory B. Newby - Chief Executive and Director - gbnewby@pglaf.org - -Section 4. Information about Donations to the Project Gutenberg -Literary Archive Foundation - -Project Gutenberg-tm depends upon and cannot survive without wide -spread public support and donations to carry out its mission of -increasing the number of public domain and licensed works that can be -freely distributed in machine readable form accessible by the widest -array of equipment including outdated equipment. Many small donations -($1 to $5,000) are particularly important to maintaining tax exempt -status with the IRS. - -The Foundation is committed to complying with the laws regulating -charities and charitable donations in all 50 states of the United -States. Compliance requirements are not uniform and it takes a -considerable effort, much paperwork and many fees to meet and keep up -with these requirements. We do not solicit donations in locations -where we have not received written confirmation of compliance. To -SEND DONATIONS or determine the status of compliance for any -particular state visit http://pglaf.org - -While we cannot and do not solicit contributions from states where we -have not met the solicitation requirements, we know of no prohibition -against accepting unsolicited donations from donors in such states who -approach us with offers to donate. - -International donations are gratefully accepted, but we cannot make -any statements concerning tax treatment of donations received from -outside the United States. U.S. laws alone swamp our small staff. - -Please check the Project Gutenberg Web pages for current donation -methods and addresses. Donations are accepted in a number of other -ways including checks, online payments and credit card -donations. To donate, please visit: http://pglaf.org/donate - - -Section 5. General Information About Project Gutenberg-tm electronic -works. - -Professor Michael S. Hart is the originator of the Project Gutenberg-tm -concept of a library of electronic works that could be freely shared -with anyone. For thirty years, he produced and distributed Project -Gutenberg-tm eBooks with only a loose network of volunteer support. - -Project Gutenberg-tm eBooks are often created from several printed -editions, all of which are confirmed as Public Domain in the U.S. -unless a copyright notice is included. Thus, we do not necessarily -keep eBooks in compliance with any particular paper edition. - -Most people start at our Web site which has the main PG search facility: - - http://www.gutenberg.org - -This Web site includes information about Project Gutenberg-tm, -including how to make donations to the Project Gutenberg Literary -Archive Foundation, how to help produce our new eBooks, and how to -subscribe to our email newsletter to hear about new eBooks. - -*** END: FULL LICENSE *** diff --git a/minimal-examples/api-tests/api-test-fts/main.c b/minimal-examples/api-tests/api-test-fts/main.c deleted file mode 100644 index 5003f8c..0000000 --- a/minimal-examples/api-tests/api-test-fts/main.c +++ /dev/null @@ -1,230 +0,0 @@ -/* - * lws-api-test-fts - lws full-text search api test - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) -#include -#endif -#include - -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) -static struct option options[] = { - { "help", no_argument, NULL, 'h' }, - { "createindex", no_argument, NULL, 'c' }, - { "index", required_argument, NULL, 'i' }, - { "debug", required_argument, NULL, 'd' }, - { "file", required_argument, NULL, 'f' }, - { "lines", required_argument, NULL, 'l' }, - { NULL, 0, 0, 0 } -}; -#endif - -static const char *index_filepath = "/tmp/lws-fts-test-index"; -static char filepath[256]; - -int main(int argc, char **argv) -{ - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - int fd, fi, ft, createindex = 0, flags = LWSFTS_F_QUERY_AUTOCOMPLETE; - struct lws_fts_search_params params; - struct lws_fts_result *result; - struct lws_fts_file *jtf; - struct lws_fts *t; - char buf[16384]; - - do { -#if defined(LWS_HAS_GETOPT_LONG) || defined(WIN32) - n = getopt_long(argc, argv, "hd:i:cfl", options, NULL); -#else - n = getopt(argc, argv, "hd:i:cfl"); -#endif - if (n < 0) - continue; - switch (n) { - case 'i': - strncpy(filepath, optarg, sizeof(filepath) - 1); - filepath[sizeof(filepath) - 1] = '\0'; - index_filepath = filepath; - break; - case 'd': - logs = atoi(optarg); - break; - case 'c': - createindex = 1; - break; - case 'f': - flags &= ~LWSFTS_F_QUERY_AUTOCOMPLETE; - flags |= LWSFTS_F_QUERY_FILES; - break; - case 'l': - flags |= LWSFTS_F_QUERY_FILES | - LWSFTS_F_QUERY_FILE_LINES; - break; - case 'h': - fprintf(stderr, - "Usage: %s [--createindex]" - "[--index=] " - "[-d ] file1 file2 \n", - argv[0]); - exit(1); - } - } while (n >= 0); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: full-text search\n"); - - if (createindex) { - - lwsl_notice("Creating index\n"); - - /* - * create an index by shifting through argv and indexing each - * file given there into a single combined index - */ - - ft = open(index_filepath, O_CREAT | O_WRONLY | O_TRUNC, 0600); - if (ft < 0) { - lwsl_err("%s: can't open index %s\n", __func__, - index_filepath); - - goto bail; - } - - t = lws_fts_create(ft); - if (!t) { - lwsl_err("%s: Unable to allocate trie\n", __func__); - - goto bail1; - } - - while (optind < argc) { - - fi = lws_fts_file_index(t, argv[optind], - strlen(argv[optind]), 1); - if (fi < 0) { - lwsl_err("%s: Failed to get file idx for %s\n", - __func__, argv[optind]); - - goto bail1; - } - - fd = open(argv[optind], O_RDONLY); - if (fd < 0) { - lwsl_err("unable to open %s for read\n", - argv[optind]); - goto bail; - } - - do { - int n = read(fd, buf, sizeof(buf)); - - if (n <= 0) - break; - - if (lws_fts_fill(t, fi, buf, n)) { - lwsl_err("%s: lws_fts_fill failed\n", - __func__); - close(fd); - - goto bail; - } - - } while (1); - - close(fd); - optind++; - } - - if (lws_fts_serialize(t)) { - lwsl_err("%s: serialize failed\n", __func__); - - goto bail; - } - - lws_fts_destroy(&t); - close(ft); - - return 0; - } - - /* - * shift through argv searching for each token - */ - - jtf = lws_fts_open(index_filepath); - if (!jtf) - goto bail; - - while (optind < argc) { - - struct lws_fts_result_autocomplete *ac; - struct lws_fts_result_filepath *fp; - uint32_t *l, n; - - memset(¶ms, 0, sizeof(params)); - - params.needle = argv[optind]; - params.flags = flags; - params.max_autocomplete = 20; - params.max_files = 20; - - result = lws_fts_search(jtf, ¶ms); - - if (!result) { - lwsl_err("%s: search failed\n", __func__); - lws_fts_close(jtf); - goto bail; - } - - ac = result->autocomplete_head; - fp = result->filepath_head; - - if (!ac) - lwsl_notice("%s: no autocomplete results\n", __func__); - - while (ac) { - lwsl_notice("%s: AC %s: %d agg hits\n", __func__, - ((char *)(ac + 1)), ac->instances); - - ac = ac->next; - } - - if (!fp) - lwsl_notice("%s: no filepath results\n", __func__); - - while (fp) { - lwsl_notice("%s: %s: (%d lines) %d hits \n", __func__, - (((char *)(fp + 1)) + fp->matches_length), - fp->lines_in_file, fp->matches); - - if (fp->matches_length) { - l = (uint32_t *)(fp + 1); - n = 0; - while ((int)n++ < fp->matches) - lwsl_notice(" %d\n", *l++); - } - fp = fp->next; - } - - lwsac_free(¶ms.results_head); - - optind++; - } - - lws_fts_close(jtf); - - return 0; - -bail1: - close(ft); -bail: - lwsl_user("FAILED\n"); - - return 1; -} diff --git a/minimal-examples/api-tests/api-test-fts/selftest.sh b/minimal-examples/api-tests/api-test-fts/selftest.sh deleted file mode 100755 index 03e7d49..0000000 --- a/minimal-examples/api-tests/api-test-fts/selftest.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=4 - -FAILS=0 - -# -# let's make an index with just Dorian first -# -dotest $1 $2 apitest -c -i /tmp/lws-fts-dorian.index \ - "../minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt" - -# and let's hear about autocompletes for "b" - -dotest $1 $2 apitest -i /tmp/lws-fts-dorian.index b -cat $2/api-test-fts/apitest.log | cut -d' ' -f5- > /tmp/fts1 -diff -urN /tmp/fts1 "../minimal-examples/api-tests/api-test-fts/canned-1.txt" -if [ $? -ne 0 ] ; then - echo "Test 1 failed" - FAILS=$(( $FAILS + 1 )) -fi - -# -# let's make an index with Dorian + Les Mis in French (ie, UTF-8) as well -# -dotest $1 $2 apitest -c -i /tmp/lws-fts-both.index \ - "../minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt" \ - "../minimal-examples/api-tests/api-test-fts/les-mis-utf8.txt" - -# and let's hear about "help", which appears in both - -dotest $1 $2 apitest -i /tmp/lws-fts-both.index -f -l help -cat $2/api-test-fts/apitest.log | cut -d' ' -f5- > /tmp/fts2 -diff -urN /tmp/fts2 "../minimal-examples/api-tests/api-test-fts/canned-2.txt" -if [ $? -ne 0 ] ; then - echo "Test 1 failed" - FAILS=$(( $FAILS + 1 )) -fi - -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt b/minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt deleted file mode 100644 index f4ffc49..0000000 --- a/minimal-examples/api-tests/api-test-fts/the-picture-of-dorian-gray.txt +++ /dev/null @@ -1,8904 +0,0 @@ -The Project Gutenberg EBook of The Picture of Dorian Gray, by Oscar Wilde - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.net - - -Title: The Picture of Dorian Gray - -Author: Oscar Wilde - -Release Date: June 9, 2008 [EBook #174] -[This file last updated on July 2, 2011] -[This file last updated on July 23, 2014] - - -Language: English - - -*** START OF THIS PROJECT GUTENBERG EBOOK THE PICTURE OF DORIAN GRAY *** - - - - -Produced by Judith Boss. HTML version by Al Haines. - - - - - - - - - - -The Picture of Dorian Gray - -by - -Oscar Wilde - - - - -THE PREFACE - -The artist is the creator of beautiful things. To reveal art and -conceal the artist is art's aim. The critic is he who can translate -into another manner or a new material his impression of beautiful -things. - -The highest as the lowest form of criticism is a mode of autobiography. -Those who find ugly meanings in beautiful things are corrupt without -being charming. This is a fault. - -Those who find beautiful meanings in beautiful things are the -cultivated. For these there is hope. They are the elect to whom -beautiful things mean only beauty. - -There is no such thing as a moral or an immoral book. Books are well -written, or badly written. That is all. - -The nineteenth century dislike of realism is the rage of Caliban seeing -his own face in a glass. - -The nineteenth century dislike of romanticism is the rage of Caliban -not seeing his own face in a glass. The moral life of man forms part -of the subject-matter of the artist, but the morality of art consists -in the perfect use of an imperfect medium. No artist desires to prove -anything. Even things that are true can be proved. No artist has -ethical sympathies. An ethical sympathy in an artist is an -unpardonable mannerism of style. No artist is ever morbid. The artist -can express everything. Thought and language are to the artist -instruments of an art. Vice and virtue are to the artist materials for -an art. From the point of view of form, the type of all the arts is -the art of the musician. From the point of view of feeling, the -actor's craft is the type. All art is at once surface and symbol. -Those who go beneath the surface do so at their peril. Those who read -the symbol do so at their peril. It is the spectator, and not life, -that art really mirrors. Diversity of opinion about a work of art -shows that the work is new, complex, and vital. When critics disagree, -the artist is in accord with himself. We can forgive a man for making -a useful thing as long as he does not admire it. The only excuse for -making a useless thing is that one admires it intensely. - - All art is quite useless. - - OSCAR WILDE - - - - -CHAPTER 1 - -The studio was filled with the rich odour of roses, and when the light -summer wind stirred amidst the trees of the garden, there came through -the open door the heavy scent of the lilac, or the more delicate -perfume of the pink-flowering thorn. - -From the corner of the divan of Persian saddle-bags on which he was -lying, smoking, as was his custom, innumerable cigarettes, Lord Henry -Wotton could just catch the gleam of the honey-sweet and honey-coloured -blossoms of a laburnum, whose tremulous branches seemed hardly able to -bear the burden of a beauty so flamelike as theirs; and now and then -the fantastic shadows of birds in flight flitted across the long -tussore-silk curtains that were stretched in front of the huge window, -producing a kind of momentary Japanese effect, and making him think of -those pallid, jade-faced painters of Tokyo who, through the medium of -an art that is necessarily immobile, seek to convey the sense of -swiftness and motion. The sullen murmur of the bees shouldering their -way through the long unmown grass, or circling with monotonous -insistence round the dusty gilt horns of the straggling woodbine, -seemed to make the stillness more oppressive. The dim roar of London -was like the bourdon note of a distant organ. - -In the centre of the room, clamped to an upright easel, stood the -full-length portrait of a young man of extraordinary personal beauty, -and in front of it, some little distance away, was sitting the artist -himself, Basil Hallward, whose sudden disappearance some years ago -caused, at the time, such public excitement and gave rise to so many -strange conjectures. - -As the painter looked at the gracious and comely form he had so -skilfully mirrored in his art, a smile of pleasure passed across his -face, and seemed about to linger there. But he suddenly started up, -and closing his eyes, placed his fingers upon the lids, as though he -sought to imprison within his brain some curious dream from which he -feared he might awake. - -"It is your best work, Basil, the best thing you have ever done," said -Lord Henry languidly. "You must certainly send it next year to the -Grosvenor. The Academy is too large and too vulgar. Whenever I have -gone there, there have been either so many people that I have not been -able to see the pictures, which was dreadful, or so many pictures that -I have not been able to see the people, which was worse. The Grosvenor -is really the only place." - -"I don't think I shall send it anywhere," he answered, tossing his head -back in that odd way that used to make his friends laugh at him at -Oxford. "No, I won't send it anywhere." - -Lord Henry elevated his eyebrows and looked at him in amazement through -the thin blue wreaths of smoke that curled up in such fanciful whorls -from his heavy, opium-tainted cigarette. "Not send it anywhere? My -dear fellow, why? Have you any reason? What odd chaps you painters -are! You do anything in the world to gain a reputation. As soon as -you have one, you seem to want to throw it away. It is silly of you, -for there is only one thing in the world worse than being talked about, -and that is not being talked about. A portrait like this would set you -far above all the young men in England, and make the old men quite -jealous, if old men are ever capable of any emotion." - -"I know you will laugh at me," he replied, "but I really can't exhibit -it. I have put too much of myself into it." - -Lord Henry stretched himself out on the divan and laughed. - -"Yes, I knew you would; but it is quite true, all the same." - -"Too much of yourself in it! Upon my word, Basil, I didn't know you -were so vain; and I really can't see any resemblance between you, with -your rugged strong face and your coal-black hair, and this young -Adonis, who looks as if he was made out of ivory and rose-leaves. Why, -my dear Basil, he is a Narcissus, and you--well, of course you have an -intellectual expression and all that. But beauty, real beauty, ends -where an intellectual expression begins. Intellect is in itself a mode -of exaggeration, and destroys the harmony of any face. The moment one -sits down to think, one becomes all nose, or all forehead, or something -horrid. Look at the successful men in any of the learned professions. -How perfectly hideous they are! Except, of course, in the Church. But -then in the Church they don't think. A bishop keeps on saying at the -age of eighty what he was told to say when he was a boy of eighteen, -and as a natural consequence he always looks absolutely delightful. -Your mysterious young friend, whose name you have never told me, but -whose picture really fascinates me, never thinks. I feel quite sure of -that. He is some brainless beautiful creature who should be always -here in winter when we have no flowers to look at, and always here in -summer when we want something to chill our intelligence. Don't flatter -yourself, Basil: you are not in the least like him." - -"You don't understand me, Harry," answered the artist. "Of course I am -not like him. I know that perfectly well. Indeed, I should be sorry -to look like him. You shrug your shoulders? I am telling you the -truth. There is a fatality about all physical and intellectual -distinction, the sort of fatality that seems to dog through history the -faltering steps of kings. It is better not to be different from one's -fellows. The ugly and the stupid have the best of it in this world. -They can sit at their ease and gape at the play. If they know nothing -of victory, they are at least spared the knowledge of defeat. They -live as we all should live--undisturbed, indifferent, and without -disquiet. They neither bring ruin upon others, nor ever receive it -from alien hands. Your rank and wealth, Harry; my brains, such as they -are--my art, whatever it may be worth; Dorian Gray's good looks--we -shall all suffer for what the gods have given us, suffer terribly." - -"Dorian Gray? Is that his name?" asked Lord Henry, walking across the -studio towards Basil Hallward. - -"Yes, that is his name. I didn't intend to tell it to you." - -"But why not?" - -"Oh, I can't explain. When I like people immensely, I never tell their -names to any one. It is like surrendering a part of them. I have -grown to love secrecy. It seems to be the one thing that can make -modern life mysterious or marvellous to us. The commonest thing is -delightful if one only hides it. When I leave town now I never tell my -people where I am going. If I did, I would lose all my pleasure. It -is a silly habit, I dare say, but somehow it seems to bring a great -deal of romance into one's life. I suppose you think me awfully -foolish about it?" - -"Not at all," answered Lord Henry, "not at all, my dear Basil. You -seem to forget that I am married, and the one charm of marriage is that -it makes a life of deception absolutely necessary for both parties. I -never know where my wife is, and my wife never knows what I am doing. -When we meet--we do meet occasionally, when we dine out together, or go -down to the Duke's--we tell each other the most absurd stories with the -most serious faces. My wife is very good at it--much better, in fact, -than I am. She never gets confused over her dates, and I always do. -But when she does find me out, she makes no row at all. I sometimes -wish she would; but she merely laughs at me." - -"I hate the way you talk about your married life, Harry," said Basil -Hallward, strolling towards the door that led into the garden. "I -believe that you are really a very good husband, but that you are -thoroughly ashamed of your own virtues. You are an extraordinary -fellow. You never say a moral thing, and you never do a wrong thing. -Your cynicism is simply a pose." - -"Being natural is simply a pose, and the most irritating pose I know," -cried Lord Henry, laughing; and the two young men went out into the -garden together and ensconced themselves on a long bamboo seat that -stood in the shade of a tall laurel bush. The sunlight slipped over -the polished leaves. In the grass, white daisies were tremulous. - -After a pause, Lord Henry pulled out his watch. "I am afraid I must be -going, Basil," he murmured, "and before I go, I insist on your -answering a question I put to you some time ago." - -"What is that?" said the painter, keeping his eyes fixed on the ground. - -"You know quite well." - -"I do not, Harry." - -"Well, I will tell you what it is. I want you to explain to me why you -won't exhibit Dorian Gray's picture. I want the real reason." - -"I told you the real reason." - -"No, you did not. You said it was because there was too much of -yourself in it. Now, that is childish." - -"Harry," said Basil Hallward, looking him straight in the face, "every -portrait that is painted with feeling is a portrait of the artist, not -of the sitter. The sitter is merely the accident, the occasion. It is -not he who is revealed by the painter; it is rather the painter who, on -the coloured canvas, reveals himself. The reason I will not exhibit -this picture is that I am afraid that I have shown in it the secret of -my own soul." - -Lord Henry laughed. "And what is that?" he asked. - -"I will tell you," said Hallward; but an expression of perplexity came -over his face. - -"I am all expectation, Basil," continued his companion, glancing at him. - -"Oh, there is really very little to tell, Harry," answered the painter; -"and I am afraid you will hardly understand it. Perhaps you will -hardly believe it." - -Lord Henry smiled, and leaning down, plucked a pink-petalled daisy from -the grass and examined it. "I am quite sure I shall understand it," he -replied, gazing intently at the little golden, white-feathered disk, -"and as for believing things, I can believe anything, provided that it -is quite incredible." - -The wind shook some blossoms from the trees, and the heavy -lilac-blooms, with their clustering stars, moved to and fro in the -languid air. A grasshopper began to chirrup by the wall, and like a -blue thread a long thin dragon-fly floated past on its brown gauze -wings. Lord Henry felt as if he could hear Basil Hallward's heart -beating, and wondered what was coming. - -"The story is simply this," said the painter after some time. "Two -months ago I went to a crush at Lady Brandon's. You know we poor -artists have to show ourselves in society from time to time, just to -remind the public that we are not savages. With an evening coat and a -white tie, as you told me once, anybody, even a stock-broker, can gain -a reputation for being civilized. Well, after I had been in the room -about ten minutes, talking to huge overdressed dowagers and tedious -academicians, I suddenly became conscious that some one was looking at -me. I turned half-way round and saw Dorian Gray for the first time. -When our eyes met, I felt that I was growing pale. A curious sensation -of terror came over me. I knew that I had come face to face with some -one whose mere personality was so fascinating that, if I allowed it to -do so, it would absorb my whole nature, my whole soul, my very art -itself. I did not want any external influence in my life. You know -yourself, Harry, how independent I am by nature. I have always been my -own master; had at least always been so, till I met Dorian Gray. -Then--but I don't know how to explain it to you. Something seemed to -tell me that I was on the verge of a terrible crisis in my life. I had -a strange feeling that fate had in store for me exquisite joys and -exquisite sorrows. I grew afraid and turned to quit the room. It was -not conscience that made me do so: it was a sort of cowardice. I take -no credit to myself for trying to escape." - -"Conscience and cowardice are really the same things, Basil. -Conscience is the trade-name of the firm. That is all." - -"I don't believe that, Harry, and I don't believe you do either. -However, whatever was my motive--and it may have been pride, for I used -to be very proud--I certainly struggled to the door. There, of course, -I stumbled against Lady Brandon. 'You are not going to run away so -soon, Mr. Hallward?' she screamed out. You know her curiously shrill -voice?" - -"Yes; she is a peacock in everything but beauty," said Lord Henry, -pulling the daisy to bits with his long nervous fingers. - -"I could not get rid of her. She brought me up to royalties, and -people with stars and garters, and elderly ladies with gigantic tiaras -and parrot noses. She spoke of me as her dearest friend. I had only -met her once before, but she took it into her head to lionize me. I -believe some picture of mine had made a great success at the time, at -least had been chattered about in the penny newspapers, which is the -nineteenth-century standard of immortality. Suddenly I found myself -face to face with the young man whose personality had so strangely -stirred me. We were quite close, almost touching. Our eyes met again. -It was reckless of me, but I asked Lady Brandon to introduce me to him. -Perhaps it was not so reckless, after all. It was simply inevitable. -We would have spoken to each other without any introduction. I am sure -of that. Dorian told me so afterwards. He, too, felt that we were -destined to know each other." - -"And how did Lady Brandon describe this wonderful young man?" asked his -companion. "I know she goes in for giving a rapid _precis_ of all her -guests. I remember her bringing me up to a truculent and red-faced old -gentleman covered all over with orders and ribbons, and hissing into my -ear, in a tragic whisper which must have been perfectly audible to -everybody in the room, the most astounding details. I simply fled. I -like to find out people for myself. But Lady Brandon treats her guests -exactly as an auctioneer treats his goods. She either explains them -entirely away, or tells one everything about them except what one wants -to know." - -"Poor Lady Brandon! You are hard on her, Harry!" said Hallward -listlessly. - -"My dear fellow, she tried to found a _salon_, and only succeeded in -opening a restaurant. How could I admire her? But tell me, what did -she say about Mr. Dorian Gray?" - -"Oh, something like, 'Charming boy--poor dear mother and I absolutely -inseparable. Quite forget what he does--afraid he--doesn't do -anything--oh, yes, plays the piano--or is it the violin, dear Mr. -Gray?' Neither of us could help laughing, and we became friends at -once." - -"Laughter is not at all a bad beginning for a friendship, and it is far -the best ending for one," said the young lord, plucking another daisy. - -Hallward shook his head. "You don't understand what friendship is, -Harry," he murmured--"or what enmity is, for that matter. You like -every one; that is to say, you are indifferent to every one." - -"How horribly unjust of you!" cried Lord Henry, tilting his hat back -and looking up at the little clouds that, like ravelled skeins of -glossy white silk, were drifting across the hollowed turquoise of the -summer sky. "Yes; horribly unjust of you. I make a great difference -between people. I choose my friends for their good looks, my -acquaintances for their good characters, and my enemies for their good -intellects. A man cannot be too careful in the choice of his enemies. -I have not got one who is a fool. They are all men of some -intellectual power, and consequently they all appreciate me. Is that -very vain of me? I think it is rather vain." - -"I should think it was, Harry. But according to your category I must -be merely an acquaintance." - -"My dear old Basil, you are much more than an acquaintance." - -"And much less than a friend. A sort of brother, I suppose?" - -"Oh, brothers! I don't care for brothers. My elder brother won't die, -and my younger brothers seem never to do anything else." - -"Harry!" exclaimed Hallward, frowning. - -"My dear fellow, I am not quite serious. But I can't help detesting my -relations. I suppose it comes from the fact that none of us can stand -other people having the same faults as ourselves. I quite sympathize -with the rage of the English democracy against what they call the vices -of the upper orders. The masses feel that drunkenness, stupidity, and -immorality should be their own special property, and that if any one of -us makes an ass of himself, he is poaching on their preserves. When -poor Southwark got into the divorce court, their indignation was quite -magnificent. And yet I don't suppose that ten per cent of the -proletariat live correctly." - -"I don't agree with a single word that you have said, and, what is -more, Harry, I feel sure you don't either." - -Lord Henry stroked his pointed brown beard and tapped the toe of his -patent-leather boot with a tasselled ebony cane. "How English you are -Basil! That is the second time you have made that observation. If one -puts forward an idea to a true Englishman--always a rash thing to -do--he never dreams of considering whether the idea is right or wrong. -The only thing he considers of any importance is whether one believes -it oneself. Now, the value of an idea has nothing whatsoever to do -with the sincerity of the man who expresses it. Indeed, the -probabilities are that the more insincere the man is, the more purely -intellectual will the idea be, as in that case it will not be coloured -by either his wants, his desires, or his prejudices. However, I don't -propose to discuss politics, sociology, or metaphysics with you. I -like persons better than principles, and I like persons with no -principles better than anything else in the world. Tell me more about -Mr. Dorian Gray. How often do you see him?" - -"Every day. I couldn't be happy if I didn't see him every day. He is -absolutely necessary to me." - -"How extraordinary! I thought you would never care for anything but -your art." - -"He is all my art to me now," said the painter gravely. "I sometimes -think, Harry, that there are only two eras of any importance in the -world's history. The first is the appearance of a new medium for art, -and the second is the appearance of a new personality for art also. -What the invention of oil-painting was to the Venetians, the face of -Antinous was to late Greek sculpture, and the face of Dorian Gray will -some day be to me. It is not merely that I paint from him, draw from -him, sketch from him. Of course, I have done all that. But he is much -more to me than a model or a sitter. I won't tell you that I am -dissatisfied with what I have done of him, or that his beauty is such -that art cannot express it. There is nothing that art cannot express, -and I know that the work I have done, since I met Dorian Gray, is good -work, is the best work of my life. But in some curious way--I wonder -will you understand me?--his personality has suggested to me an -entirely new manner in art, an entirely new mode of style. I see -things differently, I think of them differently. I can now recreate -life in a way that was hidden from me before. 'A dream of form in days -of thought'--who is it who says that? I forget; but it is what Dorian -Gray has been to me. The merely visible presence of this lad--for he -seems to me little more than a lad, though he is really over -twenty--his merely visible presence--ah! I wonder can you realize all -that that means? Unconsciously he defines for me the lines of a fresh -school, a school that is to have in it all the passion of the romantic -spirit, all the perfection of the spirit that is Greek. The harmony of -soul and body--how much that is! We in our madness have separated the -two, and have invented a realism that is vulgar, an ideality that is -void. Harry! if you only knew what Dorian Gray is to me! You remember -that landscape of mine, for which Agnew offered me such a huge price -but which I would not part with? It is one of the best things I have -ever done. And why is it so? Because, while I was painting it, Dorian -Gray sat beside me. Some subtle influence passed from him to me, and -for the first time in my life I saw in the plain woodland the wonder I -had always looked for and always missed." - -"Basil, this is extraordinary! I must see Dorian Gray." - -Hallward got up from the seat and walked up and down the garden. After -some time he came back. "Harry," he said, "Dorian Gray is to me simply -a motive in art. You might see nothing in him. I see everything in -him. He is never more present in my work than when no image of him is -there. He is a suggestion, as I have said, of a new manner. I find -him in the curves of certain lines, in the loveliness and subtleties of -certain colours. That is all." - -"Then why won't you exhibit his portrait?" asked Lord Henry. - -"Because, without intending it, I have put into it some expression of -all this curious artistic idolatry, of which, of course, I have never -cared to speak to him. He knows nothing about it. He shall never know -anything about it. But the world might guess it, and I will not bare -my soul to their shallow prying eyes. My heart shall never be put -under their microscope. There is too much of myself in the thing, -Harry--too much of myself!" - -"Poets are not so scrupulous as you are. They know how useful passion -is for publication. Nowadays a broken heart will run to many editions." - -"I hate them for it," cried Hallward. "An artist should create -beautiful things, but should put nothing of his own life into them. We -live in an age when men treat art as if it were meant to be a form of -autobiography. We have lost the abstract sense of beauty. Some day I -will show the world what it is; and for that reason the world shall -never see my portrait of Dorian Gray." - -"I think you are wrong, Basil, but I won't argue with you. It is only -the intellectually lost who ever argue. Tell me, is Dorian Gray very -fond of you?" - -The painter considered for a few moments. "He likes me," he answered -after a pause; "I know he likes me. Of course I flatter him -dreadfully. I find a strange pleasure in saying things to him that I -know I shall be sorry for having said. As a rule, he is charming to -me, and we sit in the studio and talk of a thousand things. Now and -then, however, he is horribly thoughtless, and seems to take a real -delight in giving me pain. Then I feel, Harry, that I have given away -my whole soul to some one who treats it as if it were a flower to put -in his coat, a bit of decoration to charm his vanity, an ornament for a -summer's day." - -"Days in summer, Basil, are apt to linger," murmured Lord Henry. -"Perhaps you will tire sooner than he will. It is a sad thing to think -of, but there is no doubt that genius lasts longer than beauty. That -accounts for the fact that we all take such pains to over-educate -ourselves. In the wild struggle for existence, we want to have -something that endures, and so we fill our minds with rubbish and -facts, in the silly hope of keeping our place. The thoroughly -well-informed man--that is the modern ideal. And the mind of the -thoroughly well-informed man is a dreadful thing. It is like a -_bric-a-brac_ shop, all monsters and dust, with everything priced above -its proper value. I think you will tire first, all the same. Some day -you will look at your friend, and he will seem to you to be a little -out of drawing, or you won't like his tone of colour, or something. -You will bitterly reproach him in your own heart, and seriously think -that he has behaved very badly to you. The next time he calls, you -will be perfectly cold and indifferent. It will be a great pity, for -it will alter you. What you have told me is quite a romance, a romance -of art one might call it, and the worst of having a romance of any kind -is that it leaves one so unromantic." - -"Harry, don't talk like that. As long as I live, the personality of -Dorian Gray will dominate me. You can't feel what I feel. You change -too often." - -"Ah, my dear Basil, that is exactly why I can feel it. Those who are -faithful know only the trivial side of love: it is the faithless who -know love's tragedies." And Lord Henry struck a light on a dainty -silver case and began to smoke a cigarette with a self-conscious and -satisfied air, as if he had summed up the world in a phrase. There was -a rustle of chirruping sparrows in the green lacquer leaves of the ivy, -and the blue cloud-shadows chased themselves across the grass like -swallows. How pleasant it was in the garden! And how delightful other -people's emotions were!--much more delightful than their ideas, it -seemed to him. One's own soul, and the passions of one's -friends--those were the fascinating things in life. He pictured to -himself with silent amusement the tedious luncheon that he had missed -by staying so long with Basil Hallward. Had he gone to his aunt's, he -would have been sure to have met Lord Goodbody there, and the whole -conversation would have been about the feeding of the poor and the -necessity for model lodging-houses. Each class would have preached the -importance of those virtues, for whose exercise there was no necessity -in their own lives. The rich would have spoken on the value of thrift, -and the idle grown eloquent over the dignity of labour. It was -charming to have escaped all that! As he thought of his aunt, an idea -seemed to strike him. He turned to Hallward and said, "My dear fellow, -I have just remembered." - -"Remembered what, Harry?" - -"Where I heard the name of Dorian Gray." - -"Where was it?" asked Hallward, with a slight frown. - -"Don't look so angry, Basil. It was at my aunt, Lady Agatha's. She -told me she had discovered a wonderful young man who was going to help -her in the East End, and that his name was Dorian Gray. I am bound to -state that she never told me he was good-looking. Women have no -appreciation of good looks; at least, good women have not. She said -that he was very earnest and had a beautiful nature. I at once -pictured to myself a creature with spectacles and lank hair, horribly -freckled, and tramping about on huge feet. I wish I had known it was -your friend." - -"I am very glad you didn't, Harry." - -"Why?" - -"I don't want you to meet him." - -"You don't want me to meet him?" - -"No." - -"Mr. Dorian Gray is in the studio, sir," said the butler, coming into -the garden. - -"You must introduce me now," cried Lord Henry, laughing. - -The painter turned to his servant, who stood blinking in the sunlight. -"Ask Mr. Gray to wait, Parker: I shall be in in a few moments." The -man bowed and went up the walk. - -Then he looked at Lord Henry. "Dorian Gray is my dearest friend," he -said. "He has a simple and a beautiful nature. Your aunt was quite -right in what she said of him. Don't spoil him. Don't try to -influence him. Your influence would be bad. The world is wide, and -has many marvellous people in it. Don't take away from me the one -person who gives to my art whatever charm it possesses: my life as an -artist depends on him. Mind, Harry, I trust you." He spoke very -slowly, and the words seemed wrung out of him almost against his will. - -"What nonsense you talk!" said Lord Henry, smiling, and taking Hallward -by the arm, he almost led him into the house. - - - -CHAPTER 2 - -As they entered they saw Dorian Gray. He was seated at the piano, with -his back to them, turning over the pages of a volume of Schumann's -"Forest Scenes." "You must lend me these, Basil," he cried. "I want -to learn them. They are perfectly charming." - -"That entirely depends on how you sit to-day, Dorian." - -"Oh, I am tired of sitting, and I don't want a life-sized portrait of -myself," answered the lad, swinging round on the music-stool in a -wilful, petulant manner. When he caught sight of Lord Henry, a faint -blush coloured his cheeks for a moment, and he started up. "I beg your -pardon, Basil, but I didn't know you had any one with you." - -"This is Lord Henry Wotton, Dorian, an old Oxford friend of mine. I -have just been telling him what a capital sitter you were, and now you -have spoiled everything." - -"You have not spoiled my pleasure in meeting you, Mr. Gray," said Lord -Henry, stepping forward and extending his hand. "My aunt has often -spoken to me about you. You are one of her favourites, and, I am -afraid, one of her victims also." - -"I am in Lady Agatha's black books at present," answered Dorian with a -funny look of penitence. "I promised to go to a club in Whitechapel -with her last Tuesday, and I really forgot all about it. We were to -have played a duet together--three duets, I believe. I don't know what -she will say to me. I am far too frightened to call." - -"Oh, I will make your peace with my aunt. She is quite devoted to you. -And I don't think it really matters about your not being there. The -audience probably thought it was a duet. When Aunt Agatha sits down to -the piano, she makes quite enough noise for two people." - -"That is very horrid to her, and not very nice to me," answered Dorian, -laughing. - -Lord Henry looked at him. Yes, he was certainly wonderfully handsome, -with his finely curved scarlet lips, his frank blue eyes, his crisp -gold hair. There was something in his face that made one trust him at -once. All the candour of youth was there, as well as all youth's -passionate purity. One felt that he had kept himself unspotted from -the world. No wonder Basil Hallward worshipped him. - -"You are too charming to go in for philanthropy, Mr. Gray--far too -charming." And Lord Henry flung himself down on the divan and opened -his cigarette-case. - -The painter had been busy mixing his colours and getting his brushes -ready. He was looking worried, and when he heard Lord Henry's last -remark, he glanced at him, hesitated for a moment, and then said, -"Harry, I want to finish this picture to-day. Would you think it -awfully rude of me if I asked you to go away?" - -Lord Henry smiled and looked at Dorian Gray. "Am I to go, Mr. Gray?" -he asked. - -"Oh, please don't, Lord Henry. I see that Basil is in one of his sulky -moods, and I can't bear him when he sulks. Besides, I want you to tell -me why I should not go in for philanthropy." - -"I don't know that I shall tell you that, Mr. Gray. It is so tedious a -subject that one would have to talk seriously about it. But I -certainly shall not run away, now that you have asked me to stop. You -don't really mind, Basil, do you? You have often told me that you -liked your sitters to have some one to chat to." - -Hallward bit his lip. "If Dorian wishes it, of course you must stay. -Dorian's whims are laws to everybody, except himself." - -Lord Henry took up his hat and gloves. "You are very pressing, Basil, -but I am afraid I must go. I have promised to meet a man at the -Orleans. Good-bye, Mr. Gray. Come and see me some afternoon in Curzon -Street. I am nearly always at home at five o'clock. Write to me when -you are coming. I should be sorry to miss you." - -"Basil," cried Dorian Gray, "if Lord Henry Wotton goes, I shall go, -too. You never open your lips while you are painting, and it is -horribly dull standing on a platform and trying to look pleasant. Ask -him to stay. I insist upon it." - -"Stay, Harry, to oblige Dorian, and to oblige me," said Hallward, -gazing intently at his picture. "It is quite true, I never talk when I -am working, and never listen either, and it must be dreadfully tedious -for my unfortunate sitters. I beg you to stay." - -"But what about my man at the Orleans?" - -The painter laughed. "I don't think there will be any difficulty about -that. Sit down again, Harry. And now, Dorian, get up on the platform, -and don't move about too much, or pay any attention to what Lord Henry -says. He has a very bad influence over all his friends, with the -single exception of myself." - -Dorian Gray stepped up on the dais with the air of a young Greek -martyr, and made a little _moue_ of discontent to Lord Henry, to whom he -had rather taken a fancy. He was so unlike Basil. They made a -delightful contrast. And he had such a beautiful voice. After a few -moments he said to him, "Have you really a very bad influence, Lord -Henry? As bad as Basil says?" - -"There is no such thing as a good influence, Mr. Gray. All influence -is immoral--immoral from the scientific point of view." - -"Why?" - -"Because to influence a person is to give him one's own soul. He does -not think his natural thoughts, or burn with his natural passions. His -virtues are not real to him. His sins, if there are such things as -sins, are borrowed. He becomes an echo of some one else's music, an -actor of a part that has not been written for him. The aim of life is -self-development. To realize one's nature perfectly--that is what each -of us is here for. People are afraid of themselves, nowadays. They -have forgotten the highest of all duties, the duty that one owes to -one's self. Of course, they are charitable. They feed the hungry and -clothe the beggar. But their own souls starve, and are naked. Courage -has gone out of our race. Perhaps we never really had it. The terror -of society, which is the basis of morals, the terror of God, which is -the secret of religion--these are the two things that govern us. And -yet--" - -"Just turn your head a little more to the right, Dorian, like a good -boy," said the painter, deep in his work and conscious only that a look -had come into the lad's face that he had never seen there before. - -"And yet," continued Lord Henry, in his low, musical voice, and with -that graceful wave of the hand that was always so characteristic of -him, and that he had even in his Eton days, "I believe that if one man -were to live out his life fully and completely, were to give form to -every feeling, expression to every thought, reality to every dream--I -believe that the world would gain such a fresh impulse of joy that we -would forget all the maladies of mediaevalism, and return to the -Hellenic ideal--to something finer, richer than the Hellenic ideal, it -may be. But the bravest man amongst us is afraid of himself. The -mutilation of the savage has its tragic survival in the self-denial -that mars our lives. We are punished for our refusals. Every impulse -that we strive to strangle broods in the mind and poisons us. The body -sins once, and has done with its sin, for action is a mode of -purification. Nothing remains then but the recollection of a pleasure, -or the luxury of a regret. The only way to get rid of a temptation is -to yield to it. Resist it, and your soul grows sick with longing for -the things it has forbidden to itself, with desire for what its -monstrous laws have made monstrous and unlawful. It has been said that -the great events of the world take place in the brain. It is in the -brain, and the brain only, that the great sins of the world take place -also. You, Mr. Gray, you yourself, with your rose-red youth and your -rose-white boyhood, you have had passions that have made you afraid, -thoughts that have filled you with terror, day-dreams and sleeping -dreams whose mere memory might stain your cheek with shame--" - -"Stop!" faltered Dorian Gray, "stop! you bewilder me. I don't know -what to say. There is some answer to you, but I cannot find it. Don't -speak. Let me think. Or, rather, let me try not to think." - -For nearly ten minutes he stood there, motionless, with parted lips and -eyes strangely bright. He was dimly conscious that entirely fresh -influences were at work within him. Yet they seemed to him to have -come really from himself. The few words that Basil's friend had said -to him--words spoken by chance, no doubt, and with wilful paradox in -them--had touched some secret chord that had never been touched before, -but that he felt was now vibrating and throbbing to curious pulses. - -Music had stirred him like that. Music had troubled him many times. -But music was not articulate. It was not a new world, but rather -another chaos, that it created in us. Words! Mere words! How -terrible they were! How clear, and vivid, and cruel! One could not -escape from them. And yet what a subtle magic there was in them! They -seemed to be able to give a plastic form to formless things, and to -have a music of their own as sweet as that of viol or of lute. Mere -words! Was there anything so real as words? - -Yes; there had been things in his boyhood that he had not understood. -He understood them now. Life suddenly became fiery-coloured to him. -It seemed to him that he had been walking in fire. Why had he not -known it? - -With his subtle smile, Lord Henry watched him. He knew the precise -psychological moment when to say nothing. He felt intensely -interested. He was amazed at the sudden impression that his words had -produced, and, remembering a book that he had read when he was sixteen, -a book which had revealed to him much that he had not known before, he -wondered whether Dorian Gray was passing through a similar experience. -He had merely shot an arrow into the air. Had it hit the mark? How -fascinating the lad was! - -Hallward painted away with that marvellous bold touch of his, that had -the true refinement and perfect delicacy that in art, at any rate comes -only from strength. He was unconscious of the silence. - -"Basil, I am tired of standing," cried Dorian Gray suddenly. "I must -go out and sit in the garden. The air is stifling here." - -"My dear fellow, I am so sorry. When I am painting, I can't think of -anything else. But you never sat better. You were perfectly still. -And I have caught the effect I wanted--the half-parted lips and the -bright look in the eyes. I don't know what Harry has been saying to -you, but he has certainly made you have the most wonderful expression. -I suppose he has been paying you compliments. You mustn't believe a -word that he says." - -"He has certainly not been paying me compliments. Perhaps that is the -reason that I don't believe anything he has told me." - -"You know you believe it all," said Lord Henry, looking at him with his -dreamy languorous eyes. "I will go out to the garden with you. It is -horribly hot in the studio. Basil, let us have something iced to -drink, something with strawberries in it." - -"Certainly, Harry. Just touch the bell, and when Parker comes I will -tell him what you want. I have got to work up this background, so I -will join you later on. Don't keep Dorian too long. I have never been -in better form for painting than I am to-day. This is going to be my -masterpiece. It is my masterpiece as it stands." - -Lord Henry went out to the garden and found Dorian Gray burying his -face in the great cool lilac-blossoms, feverishly drinking in their -perfume as if it had been wine. He came close to him and put his hand -upon his shoulder. "You are quite right to do that," he murmured. -"Nothing can cure the soul but the senses, just as nothing can cure the -senses but the soul." - -The lad started and drew back. He was bareheaded, and the leaves had -tossed his rebellious curls and tangled all their gilded threads. -There was a look of fear in his eyes, such as people have when they are -suddenly awakened. His finely chiselled nostrils quivered, and some -hidden nerve shook the scarlet of his lips and left them trembling. - -"Yes," continued Lord Henry, "that is one of the great secrets of -life--to cure the soul by means of the senses, and the senses by means -of the soul. You are a wonderful creation. You know more than you -think you know, just as you know less than you want to know." - -Dorian Gray frowned and turned his head away. He could not help liking -the tall, graceful young man who was standing by him. His romantic, -olive-coloured face and worn expression interested him. There was -something in his low languid voice that was absolutely fascinating. -His cool, white, flowerlike hands, even, had a curious charm. They -moved, as he spoke, like music, and seemed to have a language of their -own. But he felt afraid of him, and ashamed of being afraid. Why had -it been left for a stranger to reveal him to himself? He had known -Basil Hallward for months, but the friendship between them had never -altered him. Suddenly there had come some one across his life who -seemed to have disclosed to him life's mystery. And, yet, what was -there to be afraid of? He was not a schoolboy or a girl. It was -absurd to be frightened. - -"Let us go and sit in the shade," said Lord Henry. "Parker has brought -out the drinks, and if you stay any longer in this glare, you will be -quite spoiled, and Basil will never paint you again. You really must -not allow yourself to become sunburnt. It would be unbecoming." - -"What can it matter?" cried Dorian Gray, laughing, as he sat down on -the seat at the end of the garden. - -"It should matter everything to you, Mr. Gray." - -"Why?" - -"Because you have the most marvellous youth, and youth is the one thing -worth having." - -"I don't feel that, Lord Henry." - -"No, you don't feel it now. Some day, when you are old and wrinkled -and ugly, when thought has seared your forehead with its lines, and -passion branded your lips with its hideous fires, you will feel it, you -will feel it terribly. Now, wherever you go, you charm the world. -Will it always be so? ... You have a wonderfully beautiful face, Mr. -Gray. Don't frown. You have. And beauty is a form of genius--is -higher, indeed, than genius, as it needs no explanation. It is of the -great facts of the world, like sunlight, or spring-time, or the -reflection in dark waters of that silver shell we call the moon. It -cannot be questioned. It has its divine right of sovereignty. It -makes princes of those who have it. You smile? Ah! when you have lost -it you won't smile.... People say sometimes that beauty is only -superficial. That may be so, but at least it is not so superficial as -thought is. To me, beauty is the wonder of wonders. It is only -shallow people who do not judge by appearances. The true mystery of -the world is the visible, not the invisible.... Yes, Mr. Gray, the -gods have been good to you. But what the gods give they quickly take -away. You have only a few years in which to live really, perfectly, -and fully. When your youth goes, your beauty will go with it, and then -you will suddenly discover that there are no triumphs left for you, or -have to content yourself with those mean triumphs that the memory of -your past will make more bitter than defeats. Every month as it wanes -brings you nearer to something dreadful. Time is jealous of you, and -wars against your lilies and your roses. You will become sallow, and -hollow-cheeked, and dull-eyed. You will suffer horribly.... Ah! -realize your youth while you have it. Don't squander the gold of your -days, listening to the tedious, trying to improve the hopeless failure, -or giving away your life to the ignorant, the common, and the vulgar. -These are the sickly aims, the false ideals, of our age. Live! Live -the wonderful life that is in you! Let nothing be lost upon you. Be -always searching for new sensations. Be afraid of nothing.... A new -Hedonism--that is what our century wants. You might be its visible -symbol. With your personality there is nothing you could not do. The -world belongs to you for a season.... The moment I met you I saw that -you were quite unconscious of what you really are, of what you really -might be. There was so much in you that charmed me that I felt I must -tell you something about yourself. I thought how tragic it would be if -you were wasted. For there is such a little time that your youth will -last--such a little time. The common hill-flowers wither, but they -blossom again. The laburnum will be as yellow next June as it is now. -In a month there will be purple stars on the clematis, and year after -year the green night of its leaves will hold its purple stars. But we -never get back our youth. The pulse of joy that beats in us at twenty -becomes sluggish. Our limbs fail, our senses rot. We degenerate into -hideous puppets, haunted by the memory of the passions of which we were -too much afraid, and the exquisite temptations that we had not the -courage to yield to. Youth! Youth! There is absolutely nothing in -the world but youth!" - -Dorian Gray listened, open-eyed and wondering. The spray of lilac fell -from his hand upon the gravel. A furry bee came and buzzed round it -for a moment. Then it began to scramble all over the oval stellated -globe of the tiny blossoms. He watched it with that strange interest -in trivial things that we try to develop when things of high import -make us afraid, or when we are stirred by some new emotion for which we -cannot find expression, or when some thought that terrifies us lays -sudden siege to the brain and calls on us to yield. After a time the -bee flew away. He saw it creeping into the stained trumpet of a Tyrian -convolvulus. The flower seemed to quiver, and then swayed gently to -and fro. - -Suddenly the painter appeared at the door of the studio and made -staccato signs for them to come in. They turned to each other and -smiled. - -"I am waiting," he cried. "Do come in. The light is quite perfect, -and you can bring your drinks." - -They rose up and sauntered down the walk together. Two green-and-white -butterflies fluttered past them, and in the pear-tree at the corner of -the garden a thrush began to sing. - -"You are glad you have met me, Mr. Gray," said Lord Henry, looking at -him. - -"Yes, I am glad now. I wonder shall I always be glad?" - -"Always! That is a dreadful word. It makes me shudder when I hear it. -Women are so fond of using it. They spoil every romance by trying to -make it last for ever. It is a meaningless word, too. The only -difference between a caprice and a lifelong passion is that the caprice -lasts a little longer." - -As they entered the studio, Dorian Gray put his hand upon Lord Henry's -arm. "In that case, let our friendship be a caprice," he murmured, -flushing at his own boldness, then stepped up on the platform and -resumed his pose. - -Lord Henry flung himself into a large wicker arm-chair and watched him. -The sweep and dash of the brush on the canvas made the only sound that -broke the stillness, except when, now and then, Hallward stepped back -to look at his work from a distance. In the slanting beams that -streamed through the open doorway the dust danced and was golden. The -heavy scent of the roses seemed to brood over everything. - -After about a quarter of an hour Hallward stopped painting, looked for -a long time at Dorian Gray, and then for a long time at the picture, -biting the end of one of his huge brushes and frowning. "It is quite -finished," he cried at last, and stooping down he wrote his name in -long vermilion letters on the left-hand corner of the canvas. - -Lord Henry came over and examined the picture. It was certainly a -wonderful work of art, and a wonderful likeness as well. - -"My dear fellow, I congratulate you most warmly," he said. "It is the -finest portrait of modern times. Mr. Gray, come over and look at -yourself." - -The lad started, as if awakened from some dream. - -"Is it really finished?" he murmured, stepping down from the platform. - -"Quite finished," said the painter. "And you have sat splendidly -to-day. I am awfully obliged to you." - -"That is entirely due to me," broke in Lord Henry. "Isn't it, Mr. -Gray?" - -Dorian made no answer, but passed listlessly in front of his picture -and turned towards it. When he saw it he drew back, and his cheeks -flushed for a moment with pleasure. A look of joy came into his eyes, -as if he had recognized himself for the first time. He stood there -motionless and in wonder, dimly conscious that Hallward was speaking to -him, but not catching the meaning of his words. The sense of his own -beauty came on him like a revelation. He had never felt it before. -Basil Hallward's compliments had seemed to him to be merely the -charming exaggeration of friendship. He had listened to them, laughed -at them, forgotten them. They had not influenced his nature. Then had -come Lord Henry Wotton with his strange panegyric on youth, his -terrible warning of its brevity. That had stirred him at the time, and -now, as he stood gazing at the shadow of his own loveliness, the full -reality of the description flashed across him. Yes, there would be a -day when his face would be wrinkled and wizen, his eyes dim and -colourless, the grace of his figure broken and deformed. The scarlet -would pass away from his lips and the gold steal from his hair. The -life that was to make his soul would mar his body. He would become -dreadful, hideous, and uncouth. - -As he thought of it, a sharp pang of pain struck through him like a -knife and made each delicate fibre of his nature quiver. His eyes -deepened into amethyst, and across them came a mist of tears. He felt -as if a hand of ice had been laid upon his heart. - -"Don't you like it?" cried Hallward at last, stung a little by the -lad's silence, not understanding what it meant. - -"Of course he likes it," said Lord Henry. "Who wouldn't like it? It -is one of the greatest things in modern art. I will give you anything -you like to ask for it. I must have it." - -"It is not my property, Harry." - -"Whose property is it?" - -"Dorian's, of course," answered the painter. - -"He is a very lucky fellow." - -"How sad it is!" murmured Dorian Gray with his eyes still fixed upon -his own portrait. "How sad it is! I shall grow old, and horrible, and -dreadful. But this picture will remain always young. It will never be -older than this particular day of June.... If it were only the other -way! If it were I who was to be always young, and the picture that was -to grow old! For that--for that--I would give everything! Yes, there -is nothing in the whole world I would not give! I would give my soul -for that!" - -"You would hardly care for such an arrangement, Basil," cried Lord -Henry, laughing. "It would be rather hard lines on your work." - -"I should object very strongly, Harry," said Hallward. - -Dorian Gray turned and looked at him. "I believe you would, Basil. -You like your art better than your friends. I am no more to you than a -green bronze figure. Hardly as much, I dare say." - -The painter stared in amazement. It was so unlike Dorian to speak like -that. What had happened? He seemed quite angry. His face was flushed -and his cheeks burning. - -"Yes," he continued, "I am less to you than your ivory Hermes or your -silver Faun. You will like them always. How long will you like me? -Till I have my first wrinkle, I suppose. I know, now, that when one -loses one's good looks, whatever they may be, one loses everything. -Your picture has taught me that. Lord Henry Wotton is perfectly right. -Youth is the only thing worth having. When I find that I am growing -old, I shall kill myself." - -Hallward turned pale and caught his hand. "Dorian! Dorian!" he cried, -"don't talk like that. I have never had such a friend as you, and I -shall never have such another. You are not jealous of material things, -are you?--you who are finer than any of them!" - -"I am jealous of everything whose beauty does not die. I am jealous of -the portrait you have painted of me. Why should it keep what I must -lose? Every moment that passes takes something from me and gives -something to it. Oh, if it were only the other way! If the picture -could change, and I could be always what I am now! Why did you paint -it? It will mock me some day--mock me horribly!" The hot tears welled -into his eyes; he tore his hand away and, flinging himself on the -divan, he buried his face in the cushions, as though he was praying. - -"This is your doing, Harry," said the painter bitterly. - -Lord Henry shrugged his shoulders. "It is the real Dorian Gray--that -is all." - -"It is not." - -"If it is not, what have I to do with it?" - -"You should have gone away when I asked you," he muttered. - -"I stayed when you asked me," was Lord Henry's answer. - -"Harry, I can't quarrel with my two best friends at once, but between -you both you have made me hate the finest piece of work I have ever -done, and I will destroy it. What is it but canvas and colour? I will -not let it come across our three lives and mar them." - -Dorian Gray lifted his golden head from the pillow, and with pallid -face and tear-stained eyes, looked at him as he walked over to the deal -painting-table that was set beneath the high curtained window. What -was he doing there? His fingers were straying about among the litter -of tin tubes and dry brushes, seeking for something. Yes, it was for -the long palette-knife, with its thin blade of lithe steel. He had -found it at last. He was going to rip up the canvas. - -With a stifled sob the lad leaped from the couch, and, rushing over to -Hallward, tore the knife out of his hand, and flung it to the end of -the studio. "Don't, Basil, don't!" he cried. "It would be murder!" - -"I am glad you appreciate my work at last, Dorian," said the painter -coldly when he had recovered from his surprise. "I never thought you -would." - -"Appreciate it? I am in love with it, Basil. It is part of myself. I -feel that." - -"Well, as soon as you are dry, you shall be varnished, and framed, and -sent home. Then you can do what you like with yourself." And he walked -across the room and rang the bell for tea. "You will have tea, of -course, Dorian? And so will you, Harry? Or do you object to such -simple pleasures?" - -"I adore simple pleasures," said Lord Henry. "They are the last refuge -of the complex. But I don't like scenes, except on the stage. What -absurd fellows you are, both of you! I wonder who it was defined man -as a rational animal. It was the most premature definition ever given. -Man is many things, but he is not rational. I am glad he is not, after -all--though I wish you chaps would not squabble over the picture. You -had much better let me have it, Basil. This silly boy doesn't really -want it, and I really do." - -"If you let any one have it but me, Basil, I shall never forgive you!" -cried Dorian Gray; "and I don't allow people to call me a silly boy." - -"You know the picture is yours, Dorian. I gave it to you before it -existed." - -"And you know you have been a little silly, Mr. Gray, and that you -don't really object to being reminded that you are extremely young." - -"I should have objected very strongly this morning, Lord Henry." - -"Ah! this morning! You have lived since then." - -There came a knock at the door, and the butler entered with a laden -tea-tray and set it down upon a small Japanese table. There was a -rattle of cups and saucers and the hissing of a fluted Georgian urn. -Two globe-shaped china dishes were brought in by a page. Dorian Gray -went over and poured out the tea. The two men sauntered languidly to -the table and examined what was under the covers. - -"Let us go to the theatre to-night," said Lord Henry. "There is sure -to be something on, somewhere. I have promised to dine at White's, but -it is only with an old friend, so I can send him a wire to say that I -am ill, or that I am prevented from coming in consequence of a -subsequent engagement. I think that would be a rather nice excuse: it -would have all the surprise of candour." - -"It is such a bore putting on one's dress-clothes," muttered Hallward. -"And, when one has them on, they are so horrid." - -"Yes," answered Lord Henry dreamily, "the costume of the nineteenth -century is detestable. It is so sombre, so depressing. Sin is the -only real colour-element left in modern life." - -"You really must not say things like that before Dorian, Harry." - -"Before which Dorian? The one who is pouring out tea for us, or the -one in the picture?" - -"Before either." - -"I should like to come to the theatre with you, Lord Henry," said the -lad. - -"Then you shall come; and you will come, too, Basil, won't you?" - -"I can't, really. I would sooner not. I have a lot of work to do." - -"Well, then, you and I will go alone, Mr. Gray." - -"I should like that awfully." - -The painter bit his lip and walked over, cup in hand, to the picture. -"I shall stay with the real Dorian," he said, sadly. - -"Is it the real Dorian?" cried the original of the portrait, strolling -across to him. "Am I really like that?" - -"Yes; you are just like that." - -"How wonderful, Basil!" - -"At least you are like it in appearance. But it will never alter," -sighed Hallward. "That is something." - -"What a fuss people make about fidelity!" exclaimed Lord Henry. "Why, -even in love it is purely a question for physiology. It has nothing to -do with our own will. Young men want to be faithful, and are not; old -men want to be faithless, and cannot: that is all one can say." - -"Don't go to the theatre to-night, Dorian," said Hallward. "Stop and -dine with me." - -"I can't, Basil." - -"Why?" - -"Because I have promised Lord Henry Wotton to go with him." - -"He won't like you the better for keeping your promises. He always -breaks his own. I beg you not to go." - -Dorian Gray laughed and shook his head. - -"I entreat you." - -The lad hesitated, and looked over at Lord Henry, who was watching them -from the tea-table with an amused smile. - -"I must go, Basil," he answered. - -"Very well," said Hallward, and he went over and laid down his cup on -the tray. "It is rather late, and, as you have to dress, you had -better lose no time. Good-bye, Harry. Good-bye, Dorian. Come and see -me soon. Come to-morrow." - -"Certainly." - -"You won't forget?" - -"No, of course not," cried Dorian. - -"And ... Harry!" - -"Yes, Basil?" - -"Remember what I asked you, when we were in the garden this morning." - -"I have forgotten it." - -"I trust you." - -"I wish I could trust myself," said Lord Henry, laughing. "Come, Mr. -Gray, my hansom is outside, and I can drop you at your own place. -Good-bye, Basil. It has been a most interesting afternoon." - -As the door closed behind them, the painter flung himself down on a -sofa, and a look of pain came into his face. - - - -CHAPTER 3 - -At half-past twelve next day Lord Henry Wotton strolled from Curzon -Street over to the Albany to call on his uncle, Lord Fermor, a genial -if somewhat rough-mannered old bachelor, whom the outside world called -selfish because it derived no particular benefit from him, but who was -considered generous by Society as he fed the people who amused him. -His father had been our ambassador at Madrid when Isabella was young -and Prim unthought of, but had retired from the diplomatic service in a -capricious moment of annoyance on not being offered the Embassy at -Paris, a post to which he considered that he was fully entitled by -reason of his birth, his indolence, the good English of his dispatches, -and his inordinate passion for pleasure. The son, who had been his -father's secretary, had resigned along with his chief, somewhat -foolishly as was thought at the time, and on succeeding some months -later to the title, had set himself to the serious study of the great -aristocratic art of doing absolutely nothing. He had two large town -houses, but preferred to live in chambers as it was less trouble, and -took most of his meals at his club. He paid some attention to the -management of his collieries in the Midland counties, excusing himself -for this taint of industry on the ground that the one advantage of -having coal was that it enabled a gentleman to afford the decency of -burning wood on his own hearth. In politics he was a Tory, except when -the Tories were in office, during which period he roundly abused them -for being a pack of Radicals. He was a hero to his valet, who bullied -him, and a terror to most of his relations, whom he bullied in turn. -Only England could have produced him, and he always said that the -country was going to the dogs. His principles were out of date, but -there was a good deal to be said for his prejudices. - -When Lord Henry entered the room, he found his uncle sitting in a rough -shooting-coat, smoking a cheroot and grumbling over _The Times_. "Well, -Harry," said the old gentleman, "what brings you out so early? I -thought you dandies never got up till two, and were not visible till -five." - -"Pure family affection, I assure you, Uncle George. I want to get -something out of you." - -"Money, I suppose," said Lord Fermor, making a wry face. "Well, sit -down and tell me all about it. Young people, nowadays, imagine that -money is everything." - -"Yes," murmured Lord Henry, settling his button-hole in his coat; "and -when they grow older they know it. But I don't want money. It is only -people who pay their bills who want that, Uncle George, and I never pay -mine. Credit is the capital of a younger son, and one lives charmingly -upon it. Besides, I always deal with Dartmoor's tradesmen, and -consequently they never bother me. What I want is information: not -useful information, of course; useless information." - -"Well, I can tell you anything that is in an English Blue Book, Harry, -although those fellows nowadays write a lot of nonsense. When I was in -the Diplomatic, things were much better. But I hear they let them in -now by examination. What can you expect? Examinations, sir, are pure -humbug from beginning to end. If a man is a gentleman, he knows quite -enough, and if he is not a gentleman, whatever he knows is bad for him." - -"Mr. Dorian Gray does not belong to Blue Books, Uncle George," said -Lord Henry languidly. - -"Mr. Dorian Gray? Who is he?" asked Lord Fermor, knitting his bushy -white eyebrows. - -"That is what I have come to learn, Uncle George. Or rather, I know -who he is. He is the last Lord Kelso's grandson. His mother was a -Devereux, Lady Margaret Devereux. I want you to tell me about his -mother. What was she like? Whom did she marry? You have known nearly -everybody in your time, so you might have known her. I am very much -interested in Mr. Gray at present. I have only just met him." - -"Kelso's grandson!" echoed the old gentleman. "Kelso's grandson! ... -Of course.... I knew his mother intimately. I believe I was at her -christening. She was an extraordinarily beautiful girl, Margaret -Devereux, and made all the men frantic by running away with a penniless -young fellow--a mere nobody, sir, a subaltern in a foot regiment, or -something of that kind. Certainly. I remember the whole thing as if -it happened yesterday. The poor chap was killed in a duel at Spa a few -months after the marriage. There was an ugly story about it. They -said Kelso got some rascally adventurer, some Belgian brute, to insult -his son-in-law in public--paid him, sir, to do it, paid him--and that -the fellow spitted his man as if he had been a pigeon. The thing was -hushed up, but, egad, Kelso ate his chop alone at the club for some -time afterwards. He brought his daughter back with him, I was told, -and she never spoke to him again. Oh, yes; it was a bad business. The -girl died, too, died within a year. So she left a son, did she? I had -forgotten that. What sort of boy is he? If he is like his mother, he -must be a good-looking chap." - -"He is very good-looking," assented Lord Henry. - -"I hope he will fall into proper hands," continued the old man. "He -should have a pot of money waiting for him if Kelso did the right thing -by him. His mother had money, too. All the Selby property came to -her, through her grandfather. Her grandfather hated Kelso, thought him -a mean dog. He was, too. Came to Madrid once when I was there. Egad, -I was ashamed of him. The Queen used to ask me about the English noble -who was always quarrelling with the cabmen about their fares. They -made quite a story of it. I didn't dare show my face at Court for a -month. I hope he treated his grandson better than he did the jarvies." - -"I don't know," answered Lord Henry. "I fancy that the boy will be -well off. He is not of age yet. He has Selby, I know. He told me so. -And ... his mother was very beautiful?" - -"Margaret Devereux was one of the loveliest creatures I ever saw, -Harry. What on earth induced her to behave as she did, I never could -understand. She could have married anybody she chose. Carlington was -mad after her. She was romantic, though. All the women of that family -were. The men were a poor lot, but, egad! the women were wonderful. -Carlington went on his knees to her. Told me so himself. She laughed -at him, and there wasn't a girl in London at the time who wasn't after -him. And by the way, Harry, talking about silly marriages, what is -this humbug your father tells me about Dartmoor wanting to marry an -American? Ain't English girls good enough for him?" - -"It is rather fashionable to marry Americans just now, Uncle George." - -"I'll back English women against the world, Harry," said Lord Fermor, -striking the table with his fist. - -"The betting is on the Americans." - -"They don't last, I am told," muttered his uncle. - -"A long engagement exhausts them, but they are capital at a -steeplechase. They take things flying. I don't think Dartmoor has a -chance." - -"Who are her people?" grumbled the old gentleman. "Has she got any?" - -Lord Henry shook his head. "American girls are as clever at concealing -their parents, as English women are at concealing their past," he said, -rising to go. - -"They are pork-packers, I suppose?" - -"I hope so, Uncle George, for Dartmoor's sake. I am told that -pork-packing is the most lucrative profession in America, after -politics." - -"Is she pretty?" - -"She behaves as if she was beautiful. Most American women do. It is -the secret of their charm." - -"Why can't these American women stay in their own country? They are -always telling us that it is the paradise for women." - -"It is. That is the reason why, like Eve, they are so excessively -anxious to get out of it," said Lord Henry. "Good-bye, Uncle George. -I shall be late for lunch, if I stop any longer. Thanks for giving me -the information I wanted. I always like to know everything about my -new friends, and nothing about my old ones." - -"Where are you lunching, Harry?" - -"At Aunt Agatha's. I have asked myself and Mr. Gray. He is her latest -_protege_." - -"Humph! tell your Aunt Agatha, Harry, not to bother me any more with -her charity appeals. I am sick of them. Why, the good woman thinks -that I have nothing to do but to write cheques for her silly fads." - -"All right, Uncle George, I'll tell her, but it won't have any effect. -Philanthropic people lose all sense of humanity. It is their -distinguishing characteristic." - -The old gentleman growled approvingly and rang the bell for his -servant. Lord Henry passed up the low arcade into Burlington Street -and turned his steps in the direction of Berkeley Square. - -So that was the story of Dorian Gray's parentage. Crudely as it had -been told to him, it had yet stirred him by its suggestion of a -strange, almost modern romance. A beautiful woman risking everything -for a mad passion. A few wild weeks of happiness cut short by a -hideous, treacherous crime. Months of voiceless agony, and then a -child born in pain. The mother snatched away by death, the boy left to -solitude and the tyranny of an old and loveless man. Yes; it was an -interesting background. It posed the lad, made him more perfect, as it -were. Behind every exquisite thing that existed, there was something -tragic. Worlds had to be in travail, that the meanest flower might -blow.... And how charming he had been at dinner the night before, as -with startled eyes and lips parted in frightened pleasure he had sat -opposite to him at the club, the red candleshades staining to a richer -rose the wakening wonder of his face. Talking to him was like playing -upon an exquisite violin. He answered to every touch and thrill of the -bow.... There was something terribly enthralling in the exercise of -influence. No other activity was like it. To project one's soul into -some gracious form, and let it tarry there for a moment; to hear one's -own intellectual views echoed back to one with all the added music of -passion and youth; to convey one's temperament into another as though -it were a subtle fluid or a strange perfume: there was a real joy in -that--perhaps the most satisfying joy left to us in an age so limited -and vulgar as our own, an age grossly carnal in its pleasures, and -grossly common in its aims.... He was a marvellous type, too, this lad, -whom by so curious a chance he had met in Basil's studio, or could be -fashioned into a marvellous type, at any rate. Grace was his, and the -white purity of boyhood, and beauty such as old Greek marbles kept for -us. There was nothing that one could not do with him. He could be -made a Titan or a toy. What a pity it was that such beauty was -destined to fade! ... And Basil? From a psychological point of view, -how interesting he was! The new manner in art, the fresh mode of -looking at life, suggested so strangely by the merely visible presence -of one who was unconscious of it all; the silent spirit that dwelt in -dim woodland, and walked unseen in open field, suddenly showing -herself, Dryadlike and not afraid, because in his soul who sought for -her there had been wakened that wonderful vision to which alone are -wonderful things revealed; the mere shapes and patterns of things -becoming, as it were, refined, and gaining a kind of symbolical value, -as though they were themselves patterns of some other and more perfect -form whose shadow they made real: how strange it all was! He -remembered something like it in history. Was it not Plato, that artist -in thought, who had first analyzed it? Was it not Buonarotti who had -carved it in the coloured marbles of a sonnet-sequence? But in our own -century it was strange.... Yes; he would try to be to Dorian Gray -what, without knowing it, the lad was to the painter who had fashioned -the wonderful portrait. He would seek to dominate him--had already, -indeed, half done so. He would make that wonderful spirit his own. -There was something fascinating in this son of love and death. - -Suddenly he stopped and glanced up at the houses. He found that he had -passed his aunt's some distance, and, smiling to himself, turned back. -When he entered the somewhat sombre hall, the butler told him that they -had gone in to lunch. He gave one of the footmen his hat and stick and -passed into the dining-room. - -"Late as usual, Harry," cried his aunt, shaking her head at him. - -He invented a facile excuse, and having taken the vacant seat next to -her, looked round to see who was there. Dorian bowed to him shyly from -the end of the table, a flush of pleasure stealing into his cheek. -Opposite was the Duchess of Harley, a lady of admirable good-nature and -good temper, much liked by every one who knew her, and of those ample -architectural proportions that in women who are not duchesses are -described by contemporary historians as stoutness. Next to her sat, on -her right, Sir Thomas Burdon, a Radical member of Parliament, who -followed his leader in public life and in private life followed the -best cooks, dining with the Tories and thinking with the Liberals, in -accordance with a wise and well-known rule. The post on her left was -occupied by Mr. Erskine of Treadley, an old gentleman of considerable -charm and culture, who had fallen, however, into bad habits of silence, -having, as he explained once to Lady Agatha, said everything that he -had to say before he was thirty. His own neighbour was Mrs. Vandeleur, -one of his aunt's oldest friends, a perfect saint amongst women, but so -dreadfully dowdy that she reminded one of a badly bound hymn-book. -Fortunately for him she had on the other side Lord Faudel, a most -intelligent middle-aged mediocrity, as bald as a ministerial statement -in the House of Commons, with whom she was conversing in that intensely -earnest manner which is the one unpardonable error, as he remarked once -himself, that all really good people fall into, and from which none of -them ever quite escape. - -"We are talking about poor Dartmoor, Lord Henry," cried the duchess, -nodding pleasantly to him across the table. "Do you think he will -really marry this fascinating young person?" - -"I believe she has made up her mind to propose to him, Duchess." - -"How dreadful!" exclaimed Lady Agatha. "Really, some one should -interfere." - -"I am told, on excellent authority, that her father keeps an American -dry-goods store," said Sir Thomas Burdon, looking supercilious. - -"My uncle has already suggested pork-packing, Sir Thomas." - -"Dry-goods! What are American dry-goods?" asked the duchess, raising -her large hands in wonder and accentuating the verb. - -"American novels," answered Lord Henry, helping himself to some quail. - -The duchess looked puzzled. - -"Don't mind him, my dear," whispered Lady Agatha. "He never means -anything that he says." - -"When America was discovered," said the Radical member--and he began to -give some wearisome facts. Like all people who try to exhaust a -subject, he exhausted his listeners. The duchess sighed and exercised -her privilege of interruption. "I wish to goodness it never had been -discovered at all!" she exclaimed. "Really, our girls have no chance -nowadays. It is most unfair." - -"Perhaps, after all, America never has been discovered," said Mr. -Erskine; "I myself would say that it had merely been detected." - -"Oh! but I have seen specimens of the inhabitants," answered the -duchess vaguely. "I must confess that most of them are extremely -pretty. And they dress well, too. They get all their dresses in -Paris. I wish I could afford to do the same." - -"They say that when good Americans die they go to Paris," chuckled Sir -Thomas, who had a large wardrobe of Humour's cast-off clothes. - -"Really! And where do bad Americans go to when they die?" inquired the -duchess. - -"They go to America," murmured Lord Henry. - -Sir Thomas frowned. "I am afraid that your nephew is prejudiced -against that great country," he said to Lady Agatha. "I have travelled -all over it in cars provided by the directors, who, in such matters, -are extremely civil. I assure you that it is an education to visit it." - -"But must we really see Chicago in order to be educated?" asked Mr. -Erskine plaintively. "I don't feel up to the journey." - -Sir Thomas waved his hand. "Mr. Erskine of Treadley has the world on -his shelves. We practical men like to see things, not to read about -them. The Americans are an extremely interesting people. They are -absolutely reasonable. I think that is their distinguishing -characteristic. Yes, Mr. Erskine, an absolutely reasonable people. I -assure you there is no nonsense about the Americans." - -"How dreadful!" cried Lord Henry. "I can stand brute force, but brute -reason is quite unbearable. There is something unfair about its use. -It is hitting below the intellect." - -"I do not understand you," said Sir Thomas, growing rather red. - -"I do, Lord Henry," murmured Mr. Erskine, with a smile. - -"Paradoxes are all very well in their way...." rejoined the baronet. - -"Was that a paradox?" asked Mr. Erskine. "I did not think so. Perhaps -it was. Well, the way of paradoxes is the way of truth. To test -reality we must see it on the tight rope. When the verities become -acrobats, we can judge them." - -"Dear me!" said Lady Agatha, "how you men argue! I am sure I never can -make out what you are talking about. Oh! Harry, I am quite vexed with -you. Why do you try to persuade our nice Mr. Dorian Gray to give up -the East End? I assure you he would be quite invaluable. They would -love his playing." - -"I want him to play to me," cried Lord Henry, smiling, and he looked -down the table and caught a bright answering glance. - -"But they are so unhappy in Whitechapel," continued Lady Agatha. - -"I can sympathize with everything except suffering," said Lord Henry, -shrugging his shoulders. "I cannot sympathize with that. It is too -ugly, too horrible, too distressing. There is something terribly -morbid in the modern sympathy with pain. One should sympathize with -the colour, the beauty, the joy of life. The less said about life's -sores, the better." - -"Still, the East End is a very important problem," remarked Sir Thomas -with a grave shake of the head. - -"Quite so," answered the young lord. "It is the problem of slavery, -and we try to solve it by amusing the slaves." - -The politician looked at him keenly. "What change do you propose, -then?" he asked. - -Lord Henry laughed. "I don't desire to change anything in England -except the weather," he answered. "I am quite content with philosophic -contemplation. But, as the nineteenth century has gone bankrupt -through an over-expenditure of sympathy, I would suggest that we should -appeal to science to put us straight. The advantage of the emotions is -that they lead us astray, and the advantage of science is that it is -not emotional." - -"But we have such grave responsibilities," ventured Mrs. Vandeleur -timidly. - -"Terribly grave," echoed Lady Agatha. - -Lord Henry looked over at Mr. Erskine. "Humanity takes itself too -seriously. It is the world's original sin. If the caveman had known -how to laugh, history would have been different." - -"You are really very comforting," warbled the duchess. "I have always -felt rather guilty when I came to see your dear aunt, for I take no -interest at all in the East End. For the future I shall be able to -look her in the face without a blush." - -"A blush is very becoming, Duchess," remarked Lord Henry. - -"Only when one is young," she answered. "When an old woman like myself -blushes, it is a very bad sign. Ah! Lord Henry, I wish you would tell -me how to become young again." - -He thought for a moment. "Can you remember any great error that you -committed in your early days, Duchess?" he asked, looking at her across -the table. - -"A great many, I fear," she cried. - -"Then commit them over again," he said gravely. "To get back one's -youth, one has merely to repeat one's follies." - -"A delightful theory!" she exclaimed. "I must put it into practice." - -"A dangerous theory!" came from Sir Thomas's tight lips. Lady Agatha -shook her head, but could not help being amused. Mr. Erskine listened. - -"Yes," he continued, "that is one of the great secrets of life. -Nowadays most people die of a sort of creeping common sense, and -discover when it is too late that the only things one never regrets are -one's mistakes." - -A laugh ran round the table. - -He played with the idea and grew wilful; tossed it into the air and -transformed it; let it escape and recaptured it; made it iridescent -with fancy and winged it with paradox. The praise of folly, as he went -on, soared into a philosophy, and philosophy herself became young, and -catching the mad music of pleasure, wearing, one might fancy, her -wine-stained robe and wreath of ivy, danced like a Bacchante over the -hills of life, and mocked the slow Silenus for being sober. Facts fled -before her like frightened forest things. Her white feet trod the huge -press at which wise Omar sits, till the seething grape-juice rose round -her bare limbs in waves of purple bubbles, or crawled in red foam over -the vat's black, dripping, sloping sides. It was an extraordinary -improvisation. He felt that the eyes of Dorian Gray were fixed on him, -and the consciousness that amongst his audience there was one whose -temperament he wished to fascinate seemed to give his wit keenness and -to lend colour to his imagination. He was brilliant, fantastic, -irresponsible. He charmed his listeners out of themselves, and they -followed his pipe, laughing. Dorian Gray never took his gaze off him, -but sat like one under a spell, smiles chasing each other over his lips -and wonder growing grave in his darkening eyes. - -At last, liveried in the costume of the age, reality entered the room -in the shape of a servant to tell the duchess that her carriage was -waiting. She wrung her hands in mock despair. "How annoying!" she -cried. "I must go. I have to call for my husband at the club, to take -him to some absurd meeting at Willis's Rooms, where he is going to be -in the chair. If I am late he is sure to be furious, and I couldn't -have a scene in this bonnet. It is far too fragile. A harsh word -would ruin it. No, I must go, dear Agatha. Good-bye, Lord Henry, you -are quite delightful and dreadfully demoralizing. I am sure I don't -know what to say about your views. You must come and dine with us some -night. Tuesday? Are you disengaged Tuesday?" - -"For you I would throw over anybody, Duchess," said Lord Henry with a -bow. - -"Ah! that is very nice, and very wrong of you," she cried; "so mind you -come"; and she swept out of the room, followed by Lady Agatha and the -other ladies. - -When Lord Henry had sat down again, Mr. Erskine moved round, and taking -a chair close to him, placed his hand upon his arm. - -"You talk books away," he said; "why don't you write one?" - -"I am too fond of reading books to care to write them, Mr. Erskine. I -should like to write a novel certainly, a novel that would be as lovely -as a Persian carpet and as unreal. But there is no literary public in -England for anything except newspapers, primers, and encyclopaedias. -Of all people in the world the English have the least sense of the -beauty of literature." - -"I fear you are right," answered Mr. Erskine. "I myself used to have -literary ambitions, but I gave them up long ago. And now, my dear -young friend, if you will allow me to call you so, may I ask if you -really meant all that you said to us at lunch?" - -"I quite forget what I said," smiled Lord Henry. "Was it all very bad?" - -"Very bad indeed. In fact I consider you extremely dangerous, and if -anything happens to our good duchess, we shall all look on you as being -primarily responsible. But I should like to talk to you about life. -The generation into which I was born was tedious. Some day, when you -are tired of London, come down to Treadley and expound to me your -philosophy of pleasure over some admirable Burgundy I am fortunate -enough to possess." - -"I shall be charmed. A visit to Treadley would be a great privilege. -It has a perfect host, and a perfect library." - -"You will complete it," answered the old gentleman with a courteous -bow. "And now I must bid good-bye to your excellent aunt. I am due at -the Athenaeum. It is the hour when we sleep there." - -"All of you, Mr. Erskine?" - -"Forty of us, in forty arm-chairs. We are practising for an English -Academy of Letters." - -Lord Henry laughed and rose. "I am going to the park," he cried. - -As he was passing out of the door, Dorian Gray touched him on the arm. -"Let me come with you," he murmured. - -"But I thought you had promised Basil Hallward to go and see him," -answered Lord Henry. - -"I would sooner come with you; yes, I feel I must come with you. Do -let me. And you will promise to talk to me all the time? No one talks -so wonderfully as you do." - -"Ah! I have talked quite enough for to-day," said Lord Henry, smiling. -"All I want now is to look at life. You may come and look at it with -me, if you care to." - - - -CHAPTER 4 - -One afternoon, a month later, Dorian Gray was reclining in a luxurious -arm-chair, in the little library of Lord Henry's house in Mayfair. It -was, in its way, a very charming room, with its high panelled -wainscoting of olive-stained oak, its cream-coloured frieze and ceiling -of raised plasterwork, and its brickdust felt carpet strewn with silk, -long-fringed Persian rugs. On a tiny satinwood table stood a statuette -by Clodion, and beside it lay a copy of Les Cent Nouvelles, bound for -Margaret of Valois by Clovis Eve and powdered with the gilt daisies -that Queen had selected for her device. Some large blue china jars and -parrot-tulips were ranged on the mantelshelf, and through the small -leaded panes of the window streamed the apricot-coloured light of a -summer day in London. - -Lord Henry had not yet come in. He was always late on principle, his -principle being that punctuality is the thief of time. So the lad was -looking rather sulky, as with listless fingers he turned over the pages -of an elaborately illustrated edition of Manon Lescaut that he had -found in one of the book-cases. The formal monotonous ticking of the -Louis Quatorze clock annoyed him. Once or twice he thought of going -away. - -At last he heard a step outside, and the door opened. "How late you -are, Harry!" he murmured. - -"I am afraid it is not Harry, Mr. Gray," answered a shrill voice. - -He glanced quickly round and rose to his feet. "I beg your pardon. I -thought--" - -"You thought it was my husband. It is only his wife. You must let me -introduce myself. I know you quite well by your photographs. I think -my husband has got seventeen of them." - -"Not seventeen, Lady Henry?" - -"Well, eighteen, then. And I saw you with him the other night at the -opera." She laughed nervously as she spoke, and watched him with her -vague forget-me-not eyes. She was a curious woman, whose dresses -always looked as if they had been designed in a rage and put on in a -tempest. She was usually in love with somebody, and, as her passion -was never returned, she had kept all her illusions. She tried to look -picturesque, but only succeeded in being untidy. Her name was -Victoria, and she had a perfect mania for going to church. - -"That was at Lohengrin, Lady Henry, I think?" - -"Yes; it was at dear Lohengrin. I like Wagner's music better than -anybody's. It is so loud that one can talk the whole time without other -people hearing what one says. That is a great advantage, don't you -think so, Mr. Gray?" - -The same nervous staccato laugh broke from her thin lips, and her -fingers began to play with a long tortoise-shell paper-knife. - -Dorian smiled and shook his head: "I am afraid I don't think so, Lady -Henry. I never talk during music--at least, during good music. If one -hears bad music, it is one's duty to drown it in conversation." - -"Ah! that is one of Harry's views, isn't it, Mr. Gray? I always hear -Harry's views from his friends. It is the only way I get to know of -them. But you must not think I don't like good music. I adore it, but -I am afraid of it. It makes me too romantic. I have simply worshipped -pianists--two at a time, sometimes, Harry tells me. I don't know what -it is about them. Perhaps it is that they are foreigners. They all -are, ain't they? Even those that are born in England become foreigners -after a time, don't they? It is so clever of them, and such a -compliment to art. Makes it quite cosmopolitan, doesn't it? You have -never been to any of my parties, have you, Mr. Gray? You must come. I -can't afford orchids, but I spare no expense in foreigners. They make -one's rooms look so picturesque. But here is Harry! Harry, I came in -to look for you, to ask you something--I forget what it was--and I -found Mr. Gray here. We have had such a pleasant chat about music. We -have quite the same ideas. No; I think our ideas are quite different. -But he has been most pleasant. I am so glad I've seen him." - -"I am charmed, my love, quite charmed," said Lord Henry, elevating his -dark, crescent-shaped eyebrows and looking at them both with an amused -smile. "So sorry I am late, Dorian. I went to look after a piece of -old brocade in Wardour Street and had to bargain for hours for it. -Nowadays people know the price of everything and the value of nothing." - -"I am afraid I must be going," exclaimed Lady Henry, breaking an -awkward silence with her silly sudden laugh. "I have promised to drive -with the duchess. Good-bye, Mr. Gray. Good-bye, Harry. You are -dining out, I suppose? So am I. Perhaps I shall see you at Lady -Thornbury's." - -"I dare say, my dear," said Lord Henry, shutting the door behind her -as, looking like a bird of paradise that had been out all night in the -rain, she flitted out of the room, leaving a faint odour of -frangipanni. Then he lit a cigarette and flung himself down on the -sofa. - -"Never marry a woman with straw-coloured hair, Dorian," he said after a -few puffs. - -"Why, Harry?" - -"Because they are so sentimental." - -"But I like sentimental people." - -"Never marry at all, Dorian. Men marry because they are tired; women, -because they are curious: both are disappointed." - -"I don't think I am likely to marry, Harry. I am too much in love. -That is one of your aphorisms. I am putting it into practice, as I do -everything that you say." - -"Who are you in love with?" asked Lord Henry after a pause. - -"With an actress," said Dorian Gray, blushing. - -Lord Henry shrugged his shoulders. "That is a rather commonplace -_debut_." - -"You would not say so if you saw her, Harry." - -"Who is she?" - -"Her name is Sibyl Vane." - -"Never heard of her." - -"No one has. People will some day, however. She is a genius." - -"My dear boy, no woman is a genius. Women are a decorative sex. They -never have anything to say, but they say it charmingly. Women -represent the triumph of matter over mind, just as men represent the -triumph of mind over morals." - -"Harry, how can you?" - -"My dear Dorian, it is quite true. I am analysing women at present, so -I ought to know. The subject is not so abstruse as I thought it was. -I find that, ultimately, there are only two kinds of women, the plain -and the coloured. The plain women are very useful. If you want to -gain a reputation for respectability, you have merely to take them down -to supper. The other women are very charming. They commit one -mistake, however. They paint in order to try and look young. Our -grandmothers painted in order to try and talk brilliantly. _Rouge_ and -_esprit_ used to go together. That is all over now. As long as a woman -can look ten years younger than her own daughter, she is perfectly -satisfied. As for conversation, there are only five women in London -worth talking to, and two of these can't be admitted into decent -society. However, tell me about your genius. How long have you known -her?" - -"Ah! Harry, your views terrify me." - -"Never mind that. How long have you known her?" - -"About three weeks." - -"And where did you come across her?" - -"I will tell you, Harry, but you mustn't be unsympathetic about it. -After all, it never would have happened if I had not met you. You -filled me with a wild desire to know everything about life. For days -after I met you, something seemed to throb in my veins. As I lounged -in the park, or strolled down Piccadilly, I used to look at every one -who passed me and wonder, with a mad curiosity, what sort of lives they -led. Some of them fascinated me. Others filled me with terror. There -was an exquisite poison in the air. I had a passion for sensations.... -Well, one evening about seven o'clock, I determined to go out in search -of some adventure. I felt that this grey monstrous London of ours, -with its myriads of people, its sordid sinners, and its splendid sins, -as you once phrased it, must have something in store for me. I fancied -a thousand things. The mere danger gave me a sense of delight. I -remembered what you had said to me on that wonderful evening when we -first dined together, about the search for beauty being the real secret -of life. I don't know what I expected, but I went out and wandered -eastward, soon losing my way in a labyrinth of grimy streets and black -grassless squares. About half-past eight I passed by an absurd little -theatre, with great flaring gas-jets and gaudy play-bills. A hideous -Jew, in the most amazing waistcoat I ever beheld in my life, was -standing at the entrance, smoking a vile cigar. He had greasy -ringlets, and an enormous diamond blazed in the centre of a soiled -shirt. 'Have a box, my Lord?' he said, when he saw me, and he took off -his hat with an air of gorgeous servility. There was something about -him, Harry, that amused me. He was such a monster. You will laugh at -me, I know, but I really went in and paid a whole guinea for the -stage-box. To the present day I can't make out why I did so; and yet if -I hadn't--my dear Harry, if I hadn't--I should have missed the greatest -romance of my life. I see you are laughing. It is horrid of you!" - -"I am not laughing, Dorian; at least I am not laughing at you. But you -should not say the greatest romance of your life. You should say the -first romance of your life. You will always be loved, and you will -always be in love with love. A _grande passion_ is the privilege of -people who have nothing to do. That is the one use of the idle classes -of a country. Don't be afraid. There are exquisite things in store -for you. This is merely the beginning." - -"Do you think my nature so shallow?" cried Dorian Gray angrily. - -"No; I think your nature so deep." - -"How do you mean?" - -"My dear boy, the people who love only once in their lives are really -the shallow people. What they call their loyalty, and their fidelity, -I call either the lethargy of custom or their lack of imagination. -Faithfulness is to the emotional life what consistency is to the life -of the intellect--simply a confession of failure. Faithfulness! I -must analyse it some day. The passion for property is in it. There -are many things that we would throw away if we were not afraid that -others might pick them up. But I don't want to interrupt you. Go on -with your story." - -"Well, I found myself seated in a horrid little private box, with a -vulgar drop-scene staring me in the face. I looked out from behind the -curtain and surveyed the house. It was a tawdry affair, all Cupids and -cornucopias, like a third-rate wedding-cake. The gallery and pit were -fairly full, but the two rows of dingy stalls were quite empty, and -there was hardly a person in what I suppose they called the -dress-circle. Women went about with oranges and ginger-beer, and there -was a terrible consumption of nuts going on." - -"It must have been just like the palmy days of the British drama." - -"Just like, I should fancy, and very depressing. I began to wonder -what on earth I should do when I caught sight of the play-bill. What -do you think the play was, Harry?" - -"I should think 'The Idiot Boy', or 'Dumb but Innocent'. Our fathers -used to like that sort of piece, I believe. The longer I live, Dorian, -the more keenly I feel that whatever was good enough for our fathers is -not good enough for us. In art, as in politics, _les grandperes ont -toujours tort_." - -"This play was good enough for us, Harry. It was Romeo and Juliet. I -must admit that I was rather annoyed at the idea of seeing Shakespeare -done in such a wretched hole of a place. Still, I felt interested, in -a sort of way. At any rate, I determined to wait for the first act. -There was a dreadful orchestra, presided over by a young Hebrew who sat -at a cracked piano, that nearly drove me away, but at last the -drop-scene was drawn up and the play began. Romeo was a stout elderly -gentleman, with corked eyebrows, a husky tragedy voice, and a figure -like a beer-barrel. Mercutio was almost as bad. He was played by the -low-comedian, who had introduced gags of his own and was on most -friendly terms with the pit. They were both as grotesque as the -scenery, and that looked as if it had come out of a country-booth. But -Juliet! Harry, imagine a girl, hardly seventeen years of age, with a -little, flowerlike face, a small Greek head with plaited coils of -dark-brown hair, eyes that were violet wells of passion, lips that were -like the petals of a rose. She was the loveliest thing I had ever seen -in my life. You said to me once that pathos left you unmoved, but that -beauty, mere beauty, could fill your eyes with tears. I tell you, -Harry, I could hardly see this girl for the mist of tears that came -across me. And her voice--I never heard such a voice. It was very low -at first, with deep mellow notes that seemed to fall singly upon one's -ear. Then it became a little louder, and sounded like a flute or a -distant hautboy. In the garden-scene it had all the tremulous ecstasy -that one hears just before dawn when nightingales are singing. There -were moments, later on, when it had the wild passion of violins. You -know how a voice can stir one. Your voice and the voice of Sibyl Vane -are two things that I shall never forget. When I close my eyes, I hear -them, and each of them says something different. I don't know which to -follow. Why should I not love her? Harry, I do love her. She is -everything to me in life. Night after night I go to see her play. One -evening she is Rosalind, and the next evening she is Imogen. I have -seen her die in the gloom of an Italian tomb, sucking the poison from -her lover's lips. I have watched her wandering through the forest of -Arden, disguised as a pretty boy in hose and doublet and dainty cap. -She has been mad, and has come into the presence of a guilty king, and -given him rue to wear and bitter herbs to taste of. She has been -innocent, and the black hands of jealousy have crushed her reedlike -throat. I have seen her in every age and in every costume. Ordinary -women never appeal to one's imagination. They are limited to their -century. No glamour ever transfigures them. One knows their minds as -easily as one knows their bonnets. One can always find them. There is -no mystery in any of them. They ride in the park in the morning and -chatter at tea-parties in the afternoon. They have their stereotyped -smile and their fashionable manner. They are quite obvious. But an -actress! How different an actress is! Harry! why didn't you tell me -that the only thing worth loving is an actress?" - -"Because I have loved so many of them, Dorian." - -"Oh, yes, horrid people with dyed hair and painted faces." - -"Don't run down dyed hair and painted faces. There is an extraordinary -charm in them, sometimes," said Lord Henry. - -"I wish now I had not told you about Sibyl Vane." - -"You could not have helped telling me, Dorian. All through your life -you will tell me everything you do." - -"Yes, Harry, I believe that is true. I cannot help telling you things. -You have a curious influence over me. If I ever did a crime, I would -come and confess it to you. You would understand me." - -"People like you--the wilful sunbeams of life--don't commit crimes, -Dorian. But I am much obliged for the compliment, all the same. And -now tell me--reach me the matches, like a good boy--thanks--what are -your actual relations with Sibyl Vane?" - -Dorian Gray leaped to his feet, with flushed cheeks and burning eyes. -"Harry! Sibyl Vane is sacred!" - -"It is only the sacred things that are worth touching, Dorian," said -Lord Henry, with a strange touch of pathos in his voice. "But why -should you be annoyed? I suppose she will belong to you some day. -When one is in love, one always begins by deceiving one's self, and one -always ends by deceiving others. That is what the world calls a -romance. You know her, at any rate, I suppose?" - -"Of course I know her. On the first night I was at the theatre, the -horrid old Jew came round to the box after the performance was over and -offered to take me behind the scenes and introduce me to her. I was -furious with him, and told him that Juliet had been dead for hundreds -of years and that her body was lying in a marble tomb in Verona. I -think, from his blank look of amazement, that he was under the -impression that I had taken too much champagne, or something." - -"I am not surprised." - -"Then he asked me if I wrote for any of the newspapers. I told him I -never even read them. He seemed terribly disappointed at that, and -confided to me that all the dramatic critics were in a conspiracy -against him, and that they were every one of them to be bought." - -"I should not wonder if he was quite right there. But, on the other -hand, judging from their appearance, most of them cannot be at all -expensive." - -"Well, he seemed to think they were beyond his means," laughed Dorian. -"By this time, however, the lights were being put out in the theatre, -and I had to go. He wanted me to try some cigars that he strongly -recommended. I declined. The next night, of course, I arrived at the -place again. When he saw me, he made me a low bow and assured me that -I was a munificent patron of art. He was a most offensive brute, -though he had an extraordinary passion for Shakespeare. He told me -once, with an air of pride, that his five bankruptcies were entirely -due to 'The Bard,' as he insisted on calling him. He seemed to think -it a distinction." - -"It was a distinction, my dear Dorian--a great distinction. Most -people become bankrupt through having invested too heavily in the prose -of life. To have ruined one's self over poetry is an honour. But when -did you first speak to Miss Sibyl Vane?" - -"The third night. She had been playing Rosalind. I could not help -going round. I had thrown her some flowers, and she had looked at -me--at least I fancied that she had. The old Jew was persistent. He -seemed determined to take me behind, so I consented. It was curious my -not wanting to know her, wasn't it?" - -"No; I don't think so." - -"My dear Harry, why?" - -"I will tell you some other time. Now I want to know about the girl." - -"Sibyl? Oh, she was so shy and so gentle. There is something of a -child about her. Her eyes opened wide in exquisite wonder when I told -her what I thought of her performance, and she seemed quite unconscious -of her power. I think we were both rather nervous. The old Jew stood -grinning at the doorway of the dusty greenroom, making elaborate -speeches about us both, while we stood looking at each other like -children. He would insist on calling me 'My Lord,' so I had to assure -Sibyl that I was not anything of the kind. She said quite simply to -me, 'You look more like a prince. I must call you Prince Charming.'" - -"Upon my word, Dorian, Miss Sibyl knows how to pay compliments." - -"You don't understand her, Harry. She regarded me merely as a person -in a play. She knows nothing of life. She lives with her mother, a -faded tired woman who played Lady Capulet in a sort of magenta -dressing-wrapper on the first night, and looks as if she had seen -better days." - -"I know that look. It depresses me," murmured Lord Henry, examining -his rings. - -"The Jew wanted to tell me her history, but I said it did not interest -me." - -"You were quite right. There is always something infinitely mean about -other people's tragedies." - -"Sibyl is the only thing I care about. What is it to me where she came -from? From her little head to her little feet, she is absolutely and -entirely divine. Every night of my life I go to see her act, and every -night she is more marvellous." - -"That is the reason, I suppose, that you never dine with me now. I -thought you must have some curious romance on hand. You have; but it -is not quite what I expected." - -"My dear Harry, we either lunch or sup together every day, and I have -been to the opera with you several times," said Dorian, opening his -blue eyes in wonder. - -"You always come dreadfully late." - -"Well, I can't help going to see Sibyl play," he cried, "even if it is -only for a single act. I get hungry for her presence; and when I think -of the wonderful soul that is hidden away in that little ivory body, I -am filled with awe." - -"You can dine with me to-night, Dorian, can't you?" - -He shook his head. "To-night she is Imogen," he answered, "and -to-morrow night she will be Juliet." - -"When is she Sibyl Vane?" - -"Never." - -"I congratulate you." - -"How horrid you are! She is all the great heroines of the world in -one. She is more than an individual. You laugh, but I tell you she -has genius. I love her, and I must make her love me. You, who know -all the secrets of life, tell me how to charm Sibyl Vane to love me! I -want to make Romeo jealous. I want the dead lovers of the world to -hear our laughter and grow sad. I want a breath of our passion to stir -their dust into consciousness, to wake their ashes into pain. My God, -Harry, how I worship her!" He was walking up and down the room as he -spoke. Hectic spots of red burned on his cheeks. He was terribly -excited. - -Lord Henry watched him with a subtle sense of pleasure. How different -he was now from the shy frightened boy he had met in Basil Hallward's -studio! His nature had developed like a flower, had borne blossoms of -scarlet flame. Out of its secret hiding-place had crept his soul, and -desire had come to meet it on the way. - -"And what do you propose to do?" said Lord Henry at last. - -"I want you and Basil to come with me some night and see her act. I -have not the slightest fear of the result. You are certain to -acknowledge her genius. Then we must get her out of the Jew's hands. -She is bound to him for three years--at least for two years and eight -months--from the present time. I shall have to pay him something, of -course. When all that is settled, I shall take a West End theatre and -bring her out properly. She will make the world as mad as she has made -me." - -"That would be impossible, my dear boy." - -"Yes, she will. She has not merely art, consummate art-instinct, in -her, but she has personality also; and you have often told me that it -is personalities, not principles, that move the age." - -"Well, what night shall we go?" - -"Let me see. To-day is Tuesday. Let us fix to-morrow. She plays -Juliet to-morrow." - -"All right. The Bristol at eight o'clock; and I will get Basil." - -"Not eight, Harry, please. Half-past six. We must be there before the -curtain rises. You must see her in the first act, where she meets -Romeo." - -"Half-past six! What an hour! It will be like having a meat-tea, or -reading an English novel. It must be seven. No gentleman dines before -seven. Shall you see Basil between this and then? Or shall I write to -him?" - -"Dear Basil! I have not laid eyes on him for a week. It is rather -horrid of me, as he has sent me my portrait in the most wonderful -frame, specially designed by himself, and, though I am a little jealous -of the picture for being a whole month younger than I am, I must admit -that I delight in it. Perhaps you had better write to him. I don't -want to see him alone. He says things that annoy me. He gives me good -advice." - -Lord Henry smiled. "People are very fond of giving away what they need -most themselves. It is what I call the depth of generosity." - -"Oh, Basil is the best of fellows, but he seems to me to be just a bit -of a Philistine. Since I have known you, Harry, I have discovered -that." - -"Basil, my dear boy, puts everything that is charming in him into his -work. The consequence is that he has nothing left for life but his -prejudices, his principles, and his common sense. The only artists I -have ever known who are personally delightful are bad artists. Good -artists exist simply in what they make, and consequently are perfectly -uninteresting in what they are. A great poet, a really great poet, is -the most unpoetical of all creatures. But inferior poets are -absolutely fascinating. The worse their rhymes are, the more -picturesque they look. The mere fact of having published a book of -second-rate sonnets makes a man quite irresistible. He lives the -poetry that he cannot write. The others write the poetry that they -dare not realize." - -"I wonder is that really so, Harry?" said Dorian Gray, putting some -perfume on his handkerchief out of a large, gold-topped bottle that -stood on the table. "It must be, if you say it. And now I am off. -Imogen is waiting for me. Don't forget about to-morrow. Good-bye." - -As he left the room, Lord Henry's heavy eyelids drooped, and he began -to think. Certainly few people had ever interested him so much as -Dorian Gray, and yet the lad's mad adoration of some one else caused -him not the slightest pang of annoyance or jealousy. He was pleased by -it. It made him a more interesting study. He had been always -enthralled by the methods of natural science, but the ordinary -subject-matter of that science had seemed to him trivial and of no -import. And so he had begun by vivisecting himself, as he had ended by -vivisecting others. Human life--that appeared to him the one thing -worth investigating. Compared to it there was nothing else of any -value. It was true that as one watched life in its curious crucible of -pain and pleasure, one could not wear over one's face a mask of glass, -nor keep the sulphurous fumes from troubling the brain and making the -imagination turbid with monstrous fancies and misshapen dreams. There -were poisons so subtle that to know their properties one had to sicken -of them. There were maladies so strange that one had to pass through -them if one sought to understand their nature. And, yet, what a great -reward one received! How wonderful the whole world became to one! To -note the curious hard logic of passion, and the emotional coloured life -of the intellect--to observe where they met, and where they separated, -at what point they were in unison, and at what point they were at -discord--there was a delight in that! What matter what the cost was? -One could never pay too high a price for any sensation. - -He was conscious--and the thought brought a gleam of pleasure into his -brown agate eyes--that it was through certain words of his, musical -words said with musical utterance, that Dorian Gray's soul had turned -to this white girl and bowed in worship before her. To a large extent -the lad was his own creation. He had made him premature. That was -something. Ordinary people waited till life disclosed to them its -secrets, but to the few, to the elect, the mysteries of life were -revealed before the veil was drawn away. Sometimes this was the effect -of art, and chiefly of the art of literature, which dealt immediately -with the passions and the intellect. But now and then a complex -personality took the place and assumed the office of art, was indeed, -in its way, a real work of art, life having its elaborate masterpieces, -just as poetry has, or sculpture, or painting. - -Yes, the lad was premature. He was gathering his harvest while it was -yet spring. The pulse and passion of youth were in him, but he was -becoming self-conscious. It was delightful to watch him. With his -beautiful face, and his beautiful soul, he was a thing to wonder at. -It was no matter how it all ended, or was destined to end. He was like -one of those gracious figures in a pageant or a play, whose joys seem -to be remote from one, but whose sorrows stir one's sense of beauty, -and whose wounds are like red roses. - -Soul and body, body and soul--how mysterious they were! There was -animalism in the soul, and the body had its moments of spirituality. -The senses could refine, and the intellect could degrade. Who could -say where the fleshly impulse ceased, or the psychical impulse began? -How shallow were the arbitrary definitions of ordinary psychologists! -And yet how difficult to decide between the claims of the various -schools! Was the soul a shadow seated in the house of sin? Or was the -body really in the soul, as Giordano Bruno thought? The separation of -spirit from matter was a mystery, and the union of spirit with matter -was a mystery also. - -He began to wonder whether we could ever make psychology so absolute a -science that each little spring of life would be revealed to us. As it -was, we always misunderstood ourselves and rarely understood others. -Experience was of no ethical value. It was merely the name men gave to -their mistakes. Moralists had, as a rule, regarded it as a mode of -warning, had claimed for it a certain ethical efficacy in the formation -of character, had praised it as something that taught us what to follow -and showed us what to avoid. But there was no motive power in -experience. It was as little of an active cause as conscience itself. -All that it really demonstrated was that our future would be the same -as our past, and that the sin we had done once, and with loathing, we -would do many times, and with joy. - -It was clear to him that the experimental method was the only method by -which one could arrive at any scientific analysis of the passions; and -certainly Dorian Gray was a subject made to his hand, and seemed to -promise rich and fruitful results. His sudden mad love for Sibyl Vane -was a psychological phenomenon of no small interest. There was no -doubt that curiosity had much to do with it, curiosity and the desire -for new experiences, yet it was not a simple, but rather a very complex -passion. What there was in it of the purely sensuous instinct of -boyhood had been transformed by the workings of the imagination, -changed into something that seemed to the lad himself to be remote from -sense, and was for that very reason all the more dangerous. It was the -passions about whose origin we deceived ourselves that tyrannized most -strongly over us. Our weakest motives were those of whose nature we -were conscious. It often happened that when we thought we were -experimenting on others we were really experimenting on ourselves. - -While Lord Henry sat dreaming on these things, a knock came to the -door, and his valet entered and reminded him it was time to dress for -dinner. He got up and looked out into the street. The sunset had -smitten into scarlet gold the upper windows of the houses opposite. -The panes glowed like plates of heated metal. The sky above was like a -faded rose. He thought of his friend's young fiery-coloured life and -wondered how it was all going to end. - -When he arrived home, about half-past twelve o'clock, he saw a telegram -lying on the hall table. He opened it and found it was from Dorian -Gray. It was to tell him that he was engaged to be married to Sibyl -Vane. - - - -CHAPTER 5 - -"Mother, Mother, I am so happy!" whispered the girl, burying her face -in the lap of the faded, tired-looking woman who, with back turned to -the shrill intrusive light, was sitting in the one arm-chair that their -dingy sitting-room contained. "I am so happy!" she repeated, "and you -must be happy, too!" - -Mrs. Vane winced and put her thin, bismuth-whitened hands on her -daughter's head. "Happy!" she echoed, "I am only happy, Sibyl, when I -see you act. You must not think of anything but your acting. Mr. -Isaacs has been very good to us, and we owe him money." - -The girl looked up and pouted. "Money, Mother?" she cried, "what does -money matter? Love is more than money." - -"Mr. Isaacs has advanced us fifty pounds to pay off our debts and to -get a proper outfit for James. You must not forget that, Sibyl. Fifty -pounds is a very large sum. Mr. Isaacs has been most considerate." - -"He is not a gentleman, Mother, and I hate the way he talks to me," -said the girl, rising to her feet and going over to the window. - -"I don't know how we could manage without him," answered the elder -woman querulously. - -Sibyl Vane tossed her head and laughed. "We don't want him any more, -Mother. Prince Charming rules life for us now." Then she paused. A -rose shook in her blood and shadowed her cheeks. Quick breath parted -the petals of her lips. They trembled. Some southern wind of passion -swept over her and stirred the dainty folds of her dress. "I love -him," she said simply. - -"Foolish child! foolish child!" was the parrot-phrase flung in answer. -The waving of crooked, false-jewelled fingers gave grotesqueness to the -words. - -The girl laughed again. The joy of a caged bird was in her voice. Her -eyes caught the melody and echoed it in radiance, then closed for a -moment, as though to hide their secret. When they opened, the mist of -a dream had passed across them. - -Thin-lipped wisdom spoke at her from the worn chair, hinted at -prudence, quoted from that book of cowardice whose author apes the name -of common sense. She did not listen. She was free in her prison of -passion. Her prince, Prince Charming, was with her. She had called on -memory to remake him. She had sent her soul to search for him, and it -had brought him back. His kiss burned again upon her mouth. Her -eyelids were warm with his breath. - -Then wisdom altered its method and spoke of espial and discovery. This -young man might be rich. If so, marriage should be thought of. -Against the shell of her ear broke the waves of worldly cunning. The -arrows of craft shot by her. She saw the thin lips moving, and smiled. - -Suddenly she felt the need to speak. The wordy silence troubled her. -"Mother, Mother," she cried, "why does he love me so much? I know why -I love him. I love him because he is like what love himself should be. -But what does he see in me? I am not worthy of him. And yet--why, I -cannot tell--though I feel so much beneath him, I don't feel humble. I -feel proud, terribly proud. Mother, did you love my father as I love -Prince Charming?" - -The elder woman grew pale beneath the coarse powder that daubed her -cheeks, and her dry lips twitched with a spasm of pain. Sybil rushed -to her, flung her arms round her neck, and kissed her. "Forgive me, -Mother. I know it pains you to talk about our father. But it only -pains you because you loved him so much. Don't look so sad. I am as -happy to-day as you were twenty years ago. Ah! let me be happy for -ever!" - -"My child, you are far too young to think of falling in love. Besides, -what do you know of this young man? You don't even know his name. The -whole thing is most inconvenient, and really, when James is going away -to Australia, and I have so much to think of, I must say that you -should have shown more consideration. However, as I said before, if he -is rich ..." - -"Ah! Mother, Mother, let me be happy!" - -Mrs. Vane glanced at her, and with one of those false theatrical -gestures that so often become a mode of second nature to a -stage-player, clasped her in her arms. At this moment, the door opened -and a young lad with rough brown hair came into the room. He was -thick-set of figure, and his hands and feet were large and somewhat -clumsy in movement. He was not so finely bred as his sister. One -would hardly have guessed the close relationship that existed between -them. Mrs. Vane fixed her eyes on him and intensified her smile. She -mentally elevated her son to the dignity of an audience. She felt sure -that the _tableau_ was interesting. - -"You might keep some of your kisses for me, Sibyl, I think," said the -lad with a good-natured grumble. - -"Ah! but you don't like being kissed, Jim," she cried. "You are a -dreadful old bear." And she ran across the room and hugged him. - -James Vane looked into his sister's face with tenderness. "I want you -to come out with me for a walk, Sibyl. I don't suppose I shall ever -see this horrid London again. I am sure I don't want to." - -"My son, don't say such dreadful things," murmured Mrs. Vane, taking up -a tawdry theatrical dress, with a sigh, and beginning to patch it. She -felt a little disappointed that he had not joined the group. It would -have increased the theatrical picturesqueness of the situation. - -"Why not, Mother? I mean it." - -"You pain me, my son. I trust you will return from Australia in a -position of affluence. I believe there is no society of any kind in -the Colonies--nothing that I would call society--so when you have made -your fortune, you must come back and assert yourself in London." - -"Society!" muttered the lad. "I don't want to know anything about -that. I should like to make some money to take you and Sibyl off the -stage. I hate it." - -"Oh, Jim!" said Sibyl, laughing, "how unkind of you! But are you -really going for a walk with me? That will be nice! I was afraid you -were going to say good-bye to some of your friends--to Tom Hardy, who -gave you that hideous pipe, or Ned Langton, who makes fun of you for -smoking it. It is very sweet of you to let me have your last -afternoon. Where shall we go? Let us go to the park." - -"I am too shabby," he answered, frowning. "Only swell people go to the -park." - -"Nonsense, Jim," she whispered, stroking the sleeve of his coat. - -He hesitated for a moment. "Very well," he said at last, "but don't be -too long dressing." She danced out of the door. One could hear her -singing as she ran upstairs. Her little feet pattered overhead. - -He walked up and down the room two or three times. Then he turned to -the still figure in the chair. "Mother, are my things ready?" he asked. - -"Quite ready, James," she answered, keeping her eyes on her work. For -some months past she had felt ill at ease when she was alone with this -rough stern son of hers. Her shallow secret nature was troubled when -their eyes met. She used to wonder if he suspected anything. The -silence, for he made no other observation, became intolerable to her. -She began to complain. Women defend themselves by attacking, just as -they attack by sudden and strange surrenders. "I hope you will be -contented, James, with your sea-faring life," she said. "You must -remember that it is your own choice. You might have entered a -solicitor's office. Solicitors are a very respectable class, and in -the country often dine with the best families." - -"I hate offices, and I hate clerks," he replied. "But you are quite -right. I have chosen my own life. All I say is, watch over Sibyl. -Don't let her come to any harm. Mother, you must watch over her." - -"James, you really talk very strangely. Of course I watch over Sibyl." - -"I hear a gentleman comes every night to the theatre and goes behind to -talk to her. Is that right? What about that?" - -"You are speaking about things you don't understand, James. In the -profession we are accustomed to receive a great deal of most gratifying -attention. I myself used to receive many bouquets at one time. That -was when acting was really understood. As for Sibyl, I do not know at -present whether her attachment is serious or not. But there is no -doubt that the young man in question is a perfect gentleman. He is -always most polite to me. Besides, he has the appearance of being -rich, and the flowers he sends are lovely." - -"You don't know his name, though," said the lad harshly. - -"No," answered his mother with a placid expression in her face. "He -has not yet revealed his real name. I think it is quite romantic of -him. He is probably a member of the aristocracy." - -James Vane bit his lip. "Watch over Sibyl, Mother," he cried, "watch -over her." - -"My son, you distress me very much. Sibyl is always under my special -care. Of course, if this gentleman is wealthy, there is no reason why -she should not contract an alliance with him. I trust he is one of the -aristocracy. He has all the appearance of it, I must say. It might be -a most brilliant marriage for Sibyl. They would make a charming -couple. His good looks are really quite remarkable; everybody notices -them." - -The lad muttered something to himself and drummed on the window-pane -with his coarse fingers. He had just turned round to say something -when the door opened and Sibyl ran in. - -"How serious you both are!" she cried. "What is the matter?" - -"Nothing," he answered. "I suppose one must be serious sometimes. -Good-bye, Mother; I will have my dinner at five o'clock. Everything is -packed, except my shirts, so you need not trouble." - -"Good-bye, my son," she answered with a bow of strained stateliness. - -She was extremely annoyed at the tone he had adopted with her, and -there was something in his look that had made her feel afraid. - -"Kiss me, Mother," said the girl. Her flowerlike lips touched the -withered cheek and warmed its frost. - -"My child! my child!" cried Mrs. Vane, looking up to the ceiling in -search of an imaginary gallery. - -"Come, Sibyl," said her brother impatiently. He hated his mother's -affectations. - -They went out into the flickering, wind-blown sunlight and strolled -down the dreary Euston Road. The passersby glanced in wonder at the -sullen heavy youth who, in coarse, ill-fitting clothes, was in the -company of such a graceful, refined-looking girl. He was like a common -gardener walking with a rose. - -Jim frowned from time to time when he caught the inquisitive glance of -some stranger. He had that dislike of being stared at, which comes on -geniuses late in life and never leaves the commonplace. Sibyl, -however, was quite unconscious of the effect she was producing. Her -love was trembling in laughter on her lips. She was thinking of Prince -Charming, and, that she might think of him all the more, she did not -talk of him, but prattled on about the ship in which Jim was going to -sail, about the gold he was certain to find, about the wonderful -heiress whose life he was to save from the wicked, red-shirted -bushrangers. For he was not to remain a sailor, or a supercargo, or -whatever he was going to be. Oh, no! A sailor's existence was -dreadful. Fancy being cooped up in a horrid ship, with the hoarse, -hump-backed waves trying to get in, and a black wind blowing the masts -down and tearing the sails into long screaming ribands! He was to -leave the vessel at Melbourne, bid a polite good-bye to the captain, -and go off at once to the gold-fields. Before a week was over he was to -come across a large nugget of pure gold, the largest nugget that had -ever been discovered, and bring it down to the coast in a waggon -guarded by six mounted policemen. The bushrangers were to attack them -three times, and be defeated with immense slaughter. Or, no. He was -not to go to the gold-fields at all. They were horrid places, where -men got intoxicated, and shot each other in bar-rooms, and used bad -language. He was to be a nice sheep-farmer, and one evening, as he was -riding home, he was to see the beautiful heiress being carried off by a -robber on a black horse, and give chase, and rescue her. Of course, -she would fall in love with him, and he with her, and they would get -married, and come home, and live in an immense house in London. Yes, -there were delightful things in store for him. But he must be very -good, and not lose his temper, or spend his money foolishly. She was -only a year older than he was, but she knew so much more of life. He -must be sure, also, to write to her by every mail, and to say his -prayers each night before he went to sleep. God was very good, and -would watch over him. She would pray for him, too, and in a few years -he would come back quite rich and happy. - -The lad listened sulkily to her and made no answer. He was heart-sick -at leaving home. - -Yet it was not this alone that made him gloomy and morose. -Inexperienced though he was, he had still a strong sense of the danger -of Sibyl's position. This young dandy who was making love to her could -mean her no good. He was a gentleman, and he hated him for that, hated -him through some curious race-instinct for which he could not account, -and which for that reason was all the more dominant within him. He was -conscious also of the shallowness and vanity of his mother's nature, -and in that saw infinite peril for Sibyl and Sibyl's happiness. -Children begin by loving their parents; as they grow older they judge -them; sometimes they forgive them. - -His mother! He had something on his mind to ask of her, something that -he had brooded on for many months of silence. A chance phrase that he -had heard at the theatre, a whispered sneer that had reached his ears -one night as he waited at the stage-door, had set loose a train of -horrible thoughts. He remembered it as if it had been the lash of a -hunting-crop across his face. His brows knit together into a wedge-like -furrow, and with a twitch of pain he bit his underlip. - -"You are not listening to a word I am saying, Jim," cried Sibyl, "and I -am making the most delightful plans for your future. Do say something." - -"What do you want me to say?" - -"Oh! that you will be a good boy and not forget us," she answered, -smiling at him. - -He shrugged his shoulders. "You are more likely to forget me than I am -to forget you, Sibyl." - -She flushed. "What do you mean, Jim?" she asked. - -"You have a new friend, I hear. Who is he? Why have you not told me -about him? He means you no good." - -"Stop, Jim!" she exclaimed. "You must not say anything against him. I -love him." - -"Why, you don't even know his name," answered the lad. "Who is he? I -have a right to know." - -"He is called Prince Charming. Don't you like the name. Oh! you silly -boy! you should never forget it. If you only saw him, you would think -him the most wonderful person in the world. Some day you will meet -him--when you come back from Australia. You will like him so much. -Everybody likes him, and I ... love him. I wish you could come to the -theatre to-night. He is going to be there, and I am to play Juliet. -Oh! how I shall play it! Fancy, Jim, to be in love and play Juliet! -To have him sitting there! To play for his delight! I am afraid I may -frighten the company, frighten or enthrall them. To be in love is to -surpass one's self. Poor dreadful Mr. Isaacs will be shouting 'genius' -to his loafers at the bar. He has preached me as a dogma; to-night he -will announce me as a revelation. I feel it. And it is all his, his -only, Prince Charming, my wonderful lover, my god of graces. But I am -poor beside him. Poor? What does that matter? When poverty creeps in -at the door, love flies in through the window. Our proverbs want -rewriting. They were made in winter, and it is summer now; spring-time -for me, I think, a very dance of blossoms in blue skies." - -"He is a gentleman," said the lad sullenly. - -"A prince!" she cried musically. "What more do you want?" - -"He wants to enslave you." - -"I shudder at the thought of being free." - -"I want you to beware of him." - -"To see him is to worship him; to know him is to trust him." - -"Sibyl, you are mad about him." - -She laughed and took his arm. "You dear old Jim, you talk as if you -were a hundred. Some day you will be in love yourself. Then you will -know what it is. Don't look so sulky. Surely you should be glad to -think that, though you are going away, you leave me happier than I have -ever been before. Life has been hard for us both, terribly hard and -difficult. But it will be different now. You are going to a new -world, and I have found one. Here are two chairs; let us sit down and -see the smart people go by." - -They took their seats amidst a crowd of watchers. The tulip-beds -across the road flamed like throbbing rings of fire. A white -dust--tremulous cloud of orris-root it seemed--hung in the panting air. -The brightly coloured parasols danced and dipped like monstrous -butterflies. - -She made her brother talk of himself, his hopes, his prospects. He -spoke slowly and with effort. They passed words to each other as -players at a game pass counters. Sibyl felt oppressed. She could not -communicate her joy. A faint smile curving that sullen mouth was all -the echo she could win. After some time she became silent. Suddenly -she caught a glimpse of golden hair and laughing lips, and in an open -carriage with two ladies Dorian Gray drove past. - -She started to her feet. "There he is!" she cried. - -"Who?" said Jim Vane. - -"Prince Charming," she answered, looking after the victoria. - -He jumped up and seized her roughly by the arm. "Show him to me. -Which is he? Point him out. I must see him!" he exclaimed; but at -that moment the Duke of Berwick's four-in-hand came between, and when -it had left the space clear, the carriage had swept out of the park. - -"He is gone," murmured Sibyl sadly. "I wish you had seen him." - -"I wish I had, for as sure as there is a God in heaven, if he ever does -you any wrong, I shall kill him." - -She looked at him in horror. He repeated his words. They cut the air -like a dagger. The people round began to gape. A lady standing close -to her tittered. - -"Come away, Jim; come away," she whispered. He followed her doggedly -as she passed through the crowd. He felt glad at what he had said. - -When they reached the Achilles Statue, she turned round. There was -pity in her eyes that became laughter on her lips. She shook her head -at him. "You are foolish, Jim, utterly foolish; a bad-tempered boy, -that is all. How can you say such horrible things? You don't know -what you are talking about. You are simply jealous and unkind. Ah! I -wish you would fall in love. Love makes people good, and what you said -was wicked." - -"I am sixteen," he answered, "and I know what I am about. Mother is no -help to you. She doesn't understand how to look after you. I wish now -that I was not going to Australia at all. I have a great mind to chuck -the whole thing up. I would, if my articles hadn't been signed." - -"Oh, don't be so serious, Jim. You are like one of the heroes of those -silly melodramas Mother used to be so fond of acting in. I am not -going to quarrel with you. I have seen him, and oh! to see him is -perfect happiness. We won't quarrel. I know you would never harm any -one I love, would you?" - -"Not as long as you love him, I suppose," was the sullen answer. - -"I shall love him for ever!" she cried. - -"And he?" - -"For ever, too!" - -"He had better." - -She shrank from him. Then she laughed and put her hand on his arm. He -was merely a boy. - -At the Marble Arch they hailed an omnibus, which left them close to -their shabby home in the Euston Road. It was after five o'clock, and -Sibyl had to lie down for a couple of hours before acting. Jim -insisted that she should do so. He said that he would sooner part with -her when their mother was not present. She would be sure to make a -scene, and he detested scenes of every kind. - -In Sybil's own room they parted. There was jealousy in the lad's -heart, and a fierce murderous hatred of the stranger who, as it seemed -to him, had come between them. Yet, when her arms were flung round his -neck, and her fingers strayed through his hair, he softened and kissed -her with real affection. There were tears in his eyes as he went -downstairs. - -His mother was waiting for him below. She grumbled at his -unpunctuality, as he entered. He made no answer, but sat down to his -meagre meal. The flies buzzed round the table and crawled over the -stained cloth. Through the rumble of omnibuses, and the clatter of -street-cabs, he could hear the droning voice devouring each minute that -was left to him. - -After some time, he thrust away his plate and put his head in his -hands. He felt that he had a right to know. It should have been told -to him before, if it was as he suspected. Leaden with fear, his mother -watched him. Words dropped mechanically from her lips. A tattered -lace handkerchief twitched in her fingers. When the clock struck six, -he got up and went to the door. Then he turned back and looked at her. -Their eyes met. In hers he saw a wild appeal for mercy. It enraged -him. - -"Mother, I have something to ask you," he said. Her eyes wandered -vaguely about the room. She made no answer. "Tell me the truth. I -have a right to know. Were you married to my father?" - -She heaved a deep sigh. It was a sigh of relief. The terrible moment, -the moment that night and day, for weeks and months, she had dreaded, -had come at last, and yet she felt no terror. Indeed, in some measure -it was a disappointment to her. The vulgar directness of the question -called for a direct answer. The situation had not been gradually led -up to. It was crude. It reminded her of a bad rehearsal. - -"No," she answered, wondering at the harsh simplicity of life. - -"My father was a scoundrel then!" cried the lad, clenching his fists. - -She shook her head. "I knew he was not free. We loved each other very -much. If he had lived, he would have made provision for us. Don't -speak against him, my son. He was your father, and a gentleman. -Indeed, he was highly connected." - -An oath broke from his lips. "I don't care for myself," he exclaimed, -"but don't let Sibyl.... It is a gentleman, isn't it, who is in love -with her, or says he is? Highly connected, too, I suppose." - -For a moment a hideous sense of humiliation came over the woman. Her -head drooped. She wiped her eyes with shaking hands. "Sibyl has a -mother," she murmured; "I had none." - -The lad was touched. He went towards her, and stooping down, he kissed -her. "I am sorry if I have pained you by asking about my father," he -said, "but I could not help it. I must go now. Good-bye. Don't forget -that you will have only one child now to look after, and believe me -that if this man wrongs my sister, I will find out who he is, track him -down, and kill him like a dog. I swear it." - -The exaggerated folly of the threat, the passionate gesture that -accompanied it, the mad melodramatic words, made life seem more vivid -to her. She was familiar with the atmosphere. She breathed more -freely, and for the first time for many months she really admired her -son. She would have liked to have continued the scene on the same -emotional scale, but he cut her short. Trunks had to be carried down -and mufflers looked for. The lodging-house drudge bustled in and out. -There was the bargaining with the cabman. The moment was lost in -vulgar details. It was with a renewed feeling of disappointment that -she waved the tattered lace handkerchief from the window, as her son -drove away. She was conscious that a great opportunity had been -wasted. She consoled herself by telling Sibyl how desolate she felt -her life would be, now that she had only one child to look after. She -remembered the phrase. It had pleased her. Of the threat she said -nothing. It was vividly and dramatically expressed. She felt that -they would all laugh at it some day. - - - -CHAPTER 6 - -"I suppose you have heard the news, Basil?" said Lord Henry that -evening as Hallward was shown into a little private room at the Bristol -where dinner had been laid for three. - -"No, Harry," answered the artist, giving his hat and coat to the bowing -waiter. "What is it? Nothing about politics, I hope! They don't -interest me. There is hardly a single person in the House of Commons -worth painting, though many of them would be the better for a little -whitewashing." - -"Dorian Gray is engaged to be married," said Lord Henry, watching him -as he spoke. - -Hallward started and then frowned. "Dorian engaged to be married!" he -cried. "Impossible!" - -"It is perfectly true." - -"To whom?" - -"To some little actress or other." - -"I can't believe it. Dorian is far too sensible." - -"Dorian is far too wise not to do foolish things now and then, my dear -Basil." - -"Marriage is hardly a thing that one can do now and then, Harry." - -"Except in America," rejoined Lord Henry languidly. "But I didn't say -he was married. I said he was engaged to be married. There is a great -difference. I have a distinct remembrance of being married, but I have -no recollection at all of being engaged. I am inclined to think that I -never was engaged." - -"But think of Dorian's birth, and position, and wealth. It would be -absurd for him to marry so much beneath him." - -"If you want to make him marry this girl, tell him that, Basil. He is -sure to do it, then. Whenever a man does a thoroughly stupid thing, it -is always from the noblest motives." - -"I hope the girl is good, Harry. I don't want to see Dorian tied to -some vile creature, who might degrade his nature and ruin his -intellect." - -"Oh, she is better than good--she is beautiful," murmured Lord Henry, -sipping a glass of vermouth and orange-bitters. "Dorian says she is -beautiful, and he is not often wrong about things of that kind. Your -portrait of him has quickened his appreciation of the personal -appearance of other people. It has had that excellent effect, amongst -others. We are to see her to-night, if that boy doesn't forget his -appointment." - -"Are you serious?" - -"Quite serious, Basil. I should be miserable if I thought I should -ever be more serious than I am at the present moment." - -"But do you approve of it, Harry?" asked the painter, walking up and -down the room and biting his lip. "You can't approve of it, possibly. -It is some silly infatuation." - -"I never approve, or disapprove, of anything now. It is an absurd -attitude to take towards life. We are not sent into the world to air -our moral prejudices. I never take any notice of what common people -say, and I never interfere with what charming people do. If a -personality fascinates me, whatever mode of expression that personality -selects is absolutely delightful to me. Dorian Gray falls in love with -a beautiful girl who acts Juliet, and proposes to marry her. Why not? -If he wedded Messalina, he would be none the less interesting. You -know I am not a champion of marriage. The real drawback to marriage is -that it makes one unselfish. And unselfish people are colourless. -They lack individuality. Still, there are certain temperaments that -marriage makes more complex. They retain their egotism, and add to it -many other egos. They are forced to have more than one life. They -become more highly organized, and to be highly organized is, I should -fancy, the object of man's existence. Besides, every experience is of -value, and whatever one may say against marriage, it is certainly an -experience. I hope that Dorian Gray will make this girl his wife, -passionately adore her for six months, and then suddenly become -fascinated by some one else. He would be a wonderful study." - -"You don't mean a single word of all that, Harry; you know you don't. -If Dorian Gray's life were spoiled, no one would be sorrier than -yourself. You are much better than you pretend to be." - -Lord Henry laughed. "The reason we all like to think so well of others -is that we are all afraid for ourselves. The basis of optimism is -sheer terror. We think that we are generous because we credit our -neighbour with the possession of those virtues that are likely to be a -benefit to us. We praise the banker that we may overdraw our account, -and find good qualities in the highwayman in the hope that he may spare -our pockets. I mean everything that I have said. I have the greatest -contempt for optimism. As for a spoiled life, no life is spoiled but -one whose growth is arrested. If you want to mar a nature, you have -merely to reform it. As for marriage, of course that would be silly, -but there are other and more interesting bonds between men and women. -I will certainly encourage them. They have the charm of being -fashionable. But here is Dorian himself. He will tell you more than I -can." - -"My dear Harry, my dear Basil, you must both congratulate me!" said the -lad, throwing off his evening cape with its satin-lined wings and -shaking each of his friends by the hand in turn. "I have never been so -happy. Of course, it is sudden--all really delightful things are. And -yet it seems to me to be the one thing I have been looking for all my -life." He was flushed with excitement and pleasure, and looked -extraordinarily handsome. - -"I hope you will always be very happy, Dorian," said Hallward, "but I -don't quite forgive you for not having let me know of your engagement. -You let Harry know." - -"And I don't forgive you for being late for dinner," broke in Lord -Henry, putting his hand on the lad's shoulder and smiling as he spoke. -"Come, let us sit down and try what the new _chef_ here is like, and then -you will tell us how it all came about." - -"There is really not much to tell," cried Dorian as they took their -seats at the small round table. "What happened was simply this. After -I left you yesterday evening, Harry, I dressed, had some dinner at that -little Italian restaurant in Rupert Street you introduced me to, and -went down at eight o'clock to the theatre. Sibyl was playing Rosalind. -Of course, the scenery was dreadful and the Orlando absurd. But Sibyl! -You should have seen her! When she came on in her boy's clothes, she -was perfectly wonderful. She wore a moss-coloured velvet jerkin with -cinnamon sleeves, slim, brown, cross-gartered hose, a dainty little -green cap with a hawk's feather caught in a jewel, and a hooded cloak -lined with dull red. She had never seemed to me more exquisite. She -had all the delicate grace of that Tanagra figurine that you have in -your studio, Basil. Her hair clustered round her face like dark leaves -round a pale rose. As for her acting--well, you shall see her -to-night. She is simply a born artist. I sat in the dingy box -absolutely enthralled. I forgot that I was in London and in the -nineteenth century. I was away with my love in a forest that no man -had ever seen. After the performance was over, I went behind and spoke -to her. As we were sitting together, suddenly there came into her eyes -a look that I had never seen there before. My lips moved towards hers. -We kissed each other. I can't describe to you what I felt at that -moment. It seemed to me that all my life had been narrowed to one -perfect point of rose-coloured joy. She trembled all over and shook -like a white narcissus. Then she flung herself on her knees and kissed -my hands. I feel that I should not tell you all this, but I can't help -it. Of course, our engagement is a dead secret. She has not even told -her own mother. I don't know what my guardians will say. Lord Radley -is sure to be furious. I don't care. I shall be of age in less than a -year, and then I can do what I like. I have been right, Basil, haven't -I, to take my love out of poetry and to find my wife in Shakespeare's -plays? Lips that Shakespeare taught to speak have whispered their -secret in my ear. I have had the arms of Rosalind around me, and -kissed Juliet on the mouth." - -"Yes, Dorian, I suppose you were right," said Hallward slowly. - -"Have you seen her to-day?" asked Lord Henry. - -Dorian Gray shook his head. "I left her in the forest of Arden; I -shall find her in an orchard in Verona." - -Lord Henry sipped his champagne in a meditative manner. "At what -particular point did you mention the word marriage, Dorian? And what -did she say in answer? Perhaps you forgot all about it." - -"My dear Harry, I did not treat it as a business transaction, and I did -not make any formal proposal. I told her that I loved her, and she -said she was not worthy to be my wife. Not worthy! Why, the whole -world is nothing to me compared with her." - -"Women are wonderfully practical," murmured Lord Henry, "much more -practical than we are. In situations of that kind we often forget to -say anything about marriage, and they always remind us." - -Hallward laid his hand upon his arm. "Don't, Harry. You have annoyed -Dorian. He is not like other men. He would never bring misery upon -any one. His nature is too fine for that." - -Lord Henry looked across the table. "Dorian is never annoyed with me," -he answered. "I asked the question for the best reason possible, for -the only reason, indeed, that excuses one for asking any -question--simple curiosity. I have a theory that it is always the -women who propose to us, and not we who propose to the women. Except, -of course, in middle-class life. But then the middle classes are not -modern." - -Dorian Gray laughed, and tossed his head. "You are quite incorrigible, -Harry; but I don't mind. It is impossible to be angry with you. When -you see Sibyl Vane, you will feel that the man who could wrong her -would be a beast, a beast without a heart. I cannot understand how any -one can wish to shame the thing he loves. I love Sibyl Vane. I want -to place her on a pedestal of gold and to see the world worship the -woman who is mine. What is marriage? An irrevocable vow. You mock at -it for that. Ah! don't mock. It is an irrevocable vow that I want to -take. Her trust makes me faithful, her belief makes me good. When I -am with her, I regret all that you have taught me. I become different -from what you have known me to be. I am changed, and the mere touch of -Sibyl Vane's hand makes me forget you and all your wrong, fascinating, -poisonous, delightful theories." - -"And those are ...?" asked Lord Henry, helping himself to some salad. - -"Oh, your theories about life, your theories about love, your theories -about pleasure. All your theories, in fact, Harry." - -"Pleasure is the only thing worth having a theory about," he answered -in his slow melodious voice. "But I am afraid I cannot claim my theory -as my own. It belongs to Nature, not to me. Pleasure is Nature's -test, her sign of approval. When we are happy, we are always good, but -when we are good, we are not always happy." - -"Ah! but what do you mean by good?" cried Basil Hallward. - -"Yes," echoed Dorian, leaning back in his chair and looking at Lord -Henry over the heavy clusters of purple-lipped irises that stood in the -centre of the table, "what do you mean by good, Harry?" - -"To be good is to be in harmony with one's self," he replied, touching -the thin stem of his glass with his pale, fine-pointed fingers. -"Discord is to be forced to be in harmony with others. One's own -life--that is the important thing. As for the lives of one's -neighbours, if one wishes to be a prig or a Puritan, one can flaunt -one's moral views about them, but they are not one's concern. Besides, -individualism has really the higher aim. Modern morality consists in -accepting the standard of one's age. I consider that for any man of -culture to accept the standard of his age is a form of the grossest -immorality." - -"But, surely, if one lives merely for one's self, Harry, one pays a -terrible price for doing so?" suggested the painter. - -"Yes, we are overcharged for everything nowadays. I should fancy that -the real tragedy of the poor is that they can afford nothing but -self-denial. Beautiful sins, like beautiful things, are the privilege -of the rich." - -"One has to pay in other ways but money." - -"What sort of ways, Basil?" - -"Oh! I should fancy in remorse, in suffering, in ... well, in the -consciousness of degradation." - -Lord Henry shrugged his shoulders. "My dear fellow, mediaeval art is -charming, but mediaeval emotions are out of date. One can use them in -fiction, of course. But then the only things that one can use in -fiction are the things that one has ceased to use in fact. Believe me, -no civilized man ever regrets a pleasure, and no uncivilized man ever -knows what a pleasure is." - -"I know what pleasure is," cried Dorian Gray. "It is to adore some -one." - -"That is certainly better than being adored," he answered, toying with -some fruits. "Being adored is a nuisance. Women treat us just as -humanity treats its gods. They worship us, and are always bothering us -to do something for them." - -"I should have said that whatever they ask for they had first given to -us," murmured the lad gravely. "They create love in our natures. They -have a right to demand it back." - -"That is quite true, Dorian," cried Hallward. - -"Nothing is ever quite true," said Lord Henry. - -"This is," interrupted Dorian. "You must admit, Harry, that women give -to men the very gold of their lives." - -"Possibly," he sighed, "but they invariably want it back in such very -small change. That is the worry. Women, as some witty Frenchman once -put it, inspire us with the desire to do masterpieces and always -prevent us from carrying them out." - -"Harry, you are dreadful! I don't know why I like you so much." - -"You will always like me, Dorian," he replied. "Will you have some -coffee, you fellows? Waiter, bring coffee, and _fine-champagne_, and -some cigarettes. No, don't mind the cigarettes--I have some. Basil, I -can't allow you to smoke cigars. You must have a cigarette. A -cigarette is the perfect type of a perfect pleasure. It is exquisite, -and it leaves one unsatisfied. What more can one want? Yes, Dorian, -you will always be fond of me. I represent to you all the sins you -have never had the courage to commit." - -"What nonsense you talk, Harry!" cried the lad, taking a light from a -fire-breathing silver dragon that the waiter had placed on the table. -"Let us go down to the theatre. When Sibyl comes on the stage you will -have a new ideal of life. She will represent something to you that you -have never known." - -"I have known everything," said Lord Henry, with a tired look in his -eyes, "but I am always ready for a new emotion. I am afraid, however, -that, for me at any rate, there is no such thing. Still, your -wonderful girl may thrill me. I love acting. It is so much more real -than life. Let us go. Dorian, you will come with me. I am so sorry, -Basil, but there is only room for two in the brougham. You must follow -us in a hansom." - -They got up and put on their coats, sipping their coffee standing. The -painter was silent and preoccupied. There was a gloom over him. He -could not bear this marriage, and yet it seemed to him to be better -than many other things that might have happened. After a few minutes, -they all passed downstairs. He drove off by himself, as had been -arranged, and watched the flashing lights of the little brougham in -front of him. A strange sense of loss came over him. He felt that -Dorian Gray would never again be to him all that he had been in the -past. Life had come between them.... His eyes darkened, and the -crowded flaring streets became blurred to his eyes. When the cab drew -up at the theatre, it seemed to him that he had grown years older. - - - -CHAPTER 7 - -For some reason or other, the house was crowded that night, and the fat -Jew manager who met them at the door was beaming from ear to ear with -an oily tremulous smile. He escorted them to their box with a sort of -pompous humility, waving his fat jewelled hands and talking at the top -of his voice. Dorian Gray loathed him more than ever. He felt as if -he had come to look for Miranda and had been met by Caliban. Lord -Henry, upon the other hand, rather liked him. At least he declared he -did, and insisted on shaking him by the hand and assuring him that he -was proud to meet a man who had discovered a real genius and gone -bankrupt over a poet. Hallward amused himself with watching the faces -in the pit. The heat was terribly oppressive, and the huge sunlight -flamed like a monstrous dahlia with petals of yellow fire. The youths -in the gallery had taken off their coats and waistcoats and hung them -over the side. They talked to each other across the theatre and shared -their oranges with the tawdry girls who sat beside them. Some women -were laughing in the pit. Their voices were horribly shrill and -discordant. The sound of the popping of corks came from the bar. - -"What a place to find one's divinity in!" said Lord Henry. - -"Yes!" answered Dorian Gray. "It was here I found her, and she is -divine beyond all living things. When she acts, you will forget -everything. These common rough people, with their coarse faces and -brutal gestures, become quite different when she is on the stage. They -sit silently and watch her. They weep and laugh as she wills them to -do. She makes them as responsive as a violin. She spiritualizes them, -and one feels that they are of the same flesh and blood as one's self." - -"The same flesh and blood as one's self! Oh, I hope not!" exclaimed -Lord Henry, who was scanning the occupants of the gallery through his -opera-glass. - -"Don't pay any attention to him, Dorian," said the painter. "I -understand what you mean, and I believe in this girl. Any one you love -must be marvellous, and any girl who has the effect you describe must -be fine and noble. To spiritualize one's age--that is something worth -doing. If this girl can give a soul to those who have lived without -one, if she can create the sense of beauty in people whose lives have -been sordid and ugly, if she can strip them of their selfishness and -lend them tears for sorrows that are not their own, she is worthy of -all your adoration, worthy of the adoration of the world. This -marriage is quite right. I did not think so at first, but I admit it -now. The gods made Sibyl Vane for you. Without her you would have -been incomplete." - -"Thanks, Basil," answered Dorian Gray, pressing his hand. "I knew that -you would understand me. Harry is so cynical, he terrifies me. But -here is the orchestra. It is quite dreadful, but it only lasts for -about five minutes. Then the curtain rises, and you will see the girl -to whom I am going to give all my life, to whom I have given everything -that is good in me." - -A quarter of an hour afterwards, amidst an extraordinary turmoil of -applause, Sibyl Vane stepped on to the stage. Yes, she was certainly -lovely to look at--one of the loveliest creatures, Lord Henry thought, -that he had ever seen. There was something of the fawn in her shy -grace and startled eyes. A faint blush, like the shadow of a rose in a -mirror of silver, came to her cheeks as she glanced at the crowded -enthusiastic house. She stepped back a few paces and her lips seemed -to tremble. Basil Hallward leaped to his feet and began to applaud. -Motionless, and as one in a dream, sat Dorian Gray, gazing at her. -Lord Henry peered through his glasses, murmuring, "Charming! charming!" - -The scene was the hall of Capulet's house, and Romeo in his pilgrim's -dress had entered with Mercutio and his other friends. The band, such -as it was, struck up a few bars of music, and the dance began. Through -the crowd of ungainly, shabbily dressed actors, Sibyl Vane moved like a -creature from a finer world. Her body swayed, while she danced, as a -plant sways in the water. The curves of her throat were the curves of -a white lily. Her hands seemed to be made of cool ivory. - -Yet she was curiously listless. She showed no sign of joy when her -eyes rested on Romeo. The few words she had to speak-- - - Good pilgrim, you do wrong your hand too much, - Which mannerly devotion shows in this; - For saints have hands that pilgrims' hands do touch, - And palm to palm is holy palmers' kiss-- - -with the brief dialogue that follows, were spoken in a thoroughly -artificial manner. The voice was exquisite, but from the point of view -of tone it was absolutely false. It was wrong in colour. It took away -all the life from the verse. It made the passion unreal. - -Dorian Gray grew pale as he watched her. He was puzzled and anxious. -Neither of his friends dared to say anything to him. She seemed to -them to be absolutely incompetent. They were horribly disappointed. - -Yet they felt that the true test of any Juliet is the balcony scene of -the second act. They waited for that. If she failed there, there was -nothing in her. - -She looked charming as she came out in the moonlight. That could not -be denied. But the staginess of her acting was unbearable, and grew -worse as she went on. Her gestures became absurdly artificial. She -overemphasized everything that she had to say. The beautiful passage-- - - Thou knowest the mask of night is on my face, - Else would a maiden blush bepaint my cheek - For that which thou hast heard me speak to-night-- - -was declaimed with the painful precision of a schoolgirl who has been -taught to recite by some second-rate professor of elocution. When she -leaned over the balcony and came to those wonderful lines-- - - Although I joy in thee, - I have no joy of this contract to-night: - It is too rash, too unadvised, too sudden; - Too like the lightning, which doth cease to be - Ere one can say, "It lightens." Sweet, good-night! - This bud of love by summer's ripening breath - May prove a beauteous flower when next we meet-- - -she spoke the words as though they conveyed no meaning to her. It was -not nervousness. Indeed, so far from being nervous, she was absolutely -self-contained. It was simply bad art. She was a complete failure. - -Even the common uneducated audience of the pit and gallery lost their -interest in the play. They got restless, and began to talk loudly and -to whistle. The Jew manager, who was standing at the back of the -dress-circle, stamped and swore with rage. The only person unmoved was -the girl herself. - -When the second act was over, there came a storm of hisses, and Lord -Henry got up from his chair and put on his coat. "She is quite -beautiful, Dorian," he said, "but she can't act. Let us go." - -"I am going to see the play through," answered the lad, in a hard -bitter voice. "I am awfully sorry that I have made you waste an -evening, Harry. I apologize to you both." - -"My dear Dorian, I should think Miss Vane was ill," interrupted -Hallward. "We will come some other night." - -"I wish she were ill," he rejoined. "But she seems to me to be simply -callous and cold. She has entirely altered. Last night she was a -great artist. This evening she is merely a commonplace mediocre -actress." - -"Don't talk like that about any one you love, Dorian. Love is a more -wonderful thing than art." - -"They are both simply forms of imitation," remarked Lord Henry. "But -do let us go. Dorian, you must not stay here any longer. It is not -good for one's morals to see bad acting. Besides, I don't suppose you -will want your wife to act, so what does it matter if she plays Juliet -like a wooden doll? She is very lovely, and if she knows as little -about life as she does about acting, she will be a delightful -experience. There are only two kinds of people who are really -fascinating--people who know absolutely everything, and people who know -absolutely nothing. Good heavens, my dear boy, don't look so tragic! -The secret of remaining young is never to have an emotion that is -unbecoming. Come to the club with Basil and myself. We will smoke -cigarettes and drink to the beauty of Sibyl Vane. She is beautiful. -What more can you want?" - -"Go away, Harry," cried the lad. "I want to be alone. Basil, you must -go. Ah! can't you see that my heart is breaking?" The hot tears came -to his eyes. His lips trembled, and rushing to the back of the box, he -leaned up against the wall, hiding his face in his hands. - -"Let us go, Basil," said Lord Henry with a strange tenderness in his -voice, and the two young men passed out together. - -A few moments afterwards the footlights flared up and the curtain rose -on the third act. Dorian Gray went back to his seat. He looked pale, -and proud, and indifferent. The play dragged on, and seemed -interminable. Half of the audience went out, tramping in heavy boots -and laughing. The whole thing was a _fiasco_. The last act was played -to almost empty benches. The curtain went down on a titter and some -groans. - -As soon as it was over, Dorian Gray rushed behind the scenes into the -greenroom. The girl was standing there alone, with a look of triumph -on her face. Her eyes were lit with an exquisite fire. There was a -radiance about her. Her parted lips were smiling over some secret of -their own. - -When he entered, she looked at him, and an expression of infinite joy -came over her. "How badly I acted to-night, Dorian!" she cried. - -"Horribly!" he answered, gazing at her in amazement. "Horribly! It -was dreadful. Are you ill? You have no idea what it was. You have no -idea what I suffered." - -The girl smiled. "Dorian," she answered, lingering over his name with -long-drawn music in her voice, as though it were sweeter than honey to -the red petals of her mouth. "Dorian, you should have understood. But -you understand now, don't you?" - -"Understand what?" he asked, angrily. - -"Why I was so bad to-night. Why I shall always be bad. Why I shall -never act well again." - -He shrugged his shoulders. "You are ill, I suppose. When you are ill -you shouldn't act. You make yourself ridiculous. My friends were -bored. I was bored." - -She seemed not to listen to him. She was transfigured with joy. An -ecstasy of happiness dominated her. - -"Dorian, Dorian," she cried, "before I knew you, acting was the one -reality of my life. It was only in the theatre that I lived. I -thought that it was all true. I was Rosalind one night and Portia the -other. The joy of Beatrice was my joy, and the sorrows of Cordelia -were mine also. I believed in everything. The common people who acted -with me seemed to me to be godlike. The painted scenes were my world. -I knew nothing but shadows, and I thought them real. You came--oh, my -beautiful love!--and you freed my soul from prison. You taught me what -reality really is. To-night, for the first time in my life, I saw -through the hollowness, the sham, the silliness of the empty pageant in -which I had always played. To-night, for the first time, I became -conscious that the Romeo was hideous, and old, and painted, that the -moonlight in the orchard was false, that the scenery was vulgar, and -that the words I had to speak were unreal, were not my words, were not -what I wanted to say. You had brought me something higher, something -of which all art is but a reflection. You had made me understand what -love really is. My love! My love! Prince Charming! Prince of life! -I have grown sick of shadows. You are more to me than all art can ever -be. What have I to do with the puppets of a play? When I came on -to-night, I could not understand how it was that everything had gone -from me. I thought that I was going to be wonderful. I found that I -could do nothing. Suddenly it dawned on my soul what it all meant. -The knowledge was exquisite to me. I heard them hissing, and I smiled. -What could they know of love such as ours? Take me away, Dorian--take -me away with you, where we can be quite alone. I hate the stage. I -might mimic a passion that I do not feel, but I cannot mimic one that -burns me like fire. Oh, Dorian, Dorian, you understand now what it -signifies? Even if I could do it, it would be profanation for me to -play at being in love. You have made me see that." - -He flung himself down on the sofa and turned away his face. "You have -killed my love," he muttered. - -She looked at him in wonder and laughed. He made no answer. She came -across to him, and with her little fingers stroked his hair. She knelt -down and pressed his hands to her lips. He drew them away, and a -shudder ran through him. - -Then he leaped up and went to the door. "Yes," he cried, "you have -killed my love. You used to stir my imagination. Now you don't even -stir my curiosity. You simply produce no effect. I loved you because -you were marvellous, because you had genius and intellect, because you -realized the dreams of great poets and gave shape and substance to the -shadows of art. You have thrown it all away. You are shallow and -stupid. My God! how mad I was to love you! What a fool I have been! -You are nothing to me now. I will never see you again. I will never -think of you. I will never mention your name. You don't know what you -were to me, once. Why, once ... Oh, I can't bear to think of it! I -wish I had never laid eyes upon you! You have spoiled the romance of -my life. How little you can know of love, if you say it mars your art! -Without your art, you are nothing. I would have made you famous, -splendid, magnificent. The world would have worshipped you, and you -would have borne my name. What are you now? A third-rate actress with -a pretty face." - -The girl grew white, and trembled. She clenched her hands together, -and her voice seemed to catch in her throat. "You are not serious, -Dorian?" she murmured. "You are acting." - -"Acting! I leave that to you. You do it so well," he answered -bitterly. - -She rose from her knees and, with a piteous expression of pain in her -face, came across the room to him. She put her hand upon his arm and -looked into his eyes. He thrust her back. "Don't touch me!" he cried. - -A low moan broke from her, and she flung herself at his feet and lay -there like a trampled flower. "Dorian, Dorian, don't leave me!" she -whispered. "I am so sorry I didn't act well. I was thinking of you -all the time. But I will try--indeed, I will try. It came so suddenly -across me, my love for you. I think I should never have known it if -you had not kissed me--if we had not kissed each other. Kiss me again, -my love. Don't go away from me. I couldn't bear it. Oh! don't go -away from me. My brother ... No; never mind. He didn't mean it. He -was in jest.... But you, oh! can't you forgive me for to-night? I will -work so hard and try to improve. Don't be cruel to me, because I love -you better than anything in the world. After all, it is only once that -I have not pleased you. But you are quite right, Dorian. I should -have shown myself more of an artist. It was foolish of me, and yet I -couldn't help it. Oh, don't leave me, don't leave me." A fit of -passionate sobbing choked her. She crouched on the floor like a -wounded thing, and Dorian Gray, with his beautiful eyes, looked down at -her, and his chiselled lips curled in exquisite disdain. There is -always something ridiculous about the emotions of people whom one has -ceased to love. Sibyl Vane seemed to him to be absurdly melodramatic. -Her tears and sobs annoyed him. - -"I am going," he said at last in his calm clear voice. "I don't wish -to be unkind, but I can't see you again. You have disappointed me." - -She wept silently, and made no answer, but crept nearer. Her little -hands stretched blindly out, and appeared to be seeking for him. He -turned on his heel and left the room. In a few moments he was out of -the theatre. - -Where he went to he hardly knew. He remembered wandering through dimly -lit streets, past gaunt, black-shadowed archways and evil-looking -houses. Women with hoarse voices and harsh laughter had called after -him. Drunkards had reeled by, cursing and chattering to themselves -like monstrous apes. He had seen grotesque children huddled upon -door-steps, and heard shrieks and oaths from gloomy courts. - -As the dawn was just breaking, he found himself close to Covent Garden. -The darkness lifted, and, flushed with faint fires, the sky hollowed -itself into a perfect pearl. Huge carts filled with nodding lilies -rumbled slowly down the polished empty street. The air was heavy with -the perfume of the flowers, and their beauty seemed to bring him an -anodyne for his pain. He followed into the market and watched the men -unloading their waggons. A white-smocked carter offered him some -cherries. He thanked him, wondered why he refused to accept any money -for them, and began to eat them listlessly. They had been plucked at -midnight, and the coldness of the moon had entered into them. A long -line of boys carrying crates of striped tulips, and of yellow and red -roses, defiled in front of him, threading their way through the huge, -jade-green piles of vegetables. Under the portico, with its grey, -sun-bleached pillars, loitered a troop of draggled bareheaded girls, -waiting for the auction to be over. Others crowded round the swinging -doors of the coffee-house in the piazza. The heavy cart-horses slipped -and stamped upon the rough stones, shaking their bells and trappings. -Some of the drivers were lying asleep on a pile of sacks. Iris-necked -and pink-footed, the pigeons ran about picking up seeds. - -After a little while, he hailed a hansom and drove home. For a few -moments he loitered upon the doorstep, looking round at the silent -square, with its blank, close-shuttered windows and its staring blinds. -The sky was pure opal now, and the roofs of the houses glistened like -silver against it. From some chimney opposite a thin wreath of smoke -was rising. It curled, a violet riband, through the nacre-coloured air. - -In the huge gilt Venetian lantern, spoil of some Doge's barge, that -hung from the ceiling of the great, oak-panelled hall of entrance, -lights were still burning from three flickering jets: thin blue petals -of flame they seemed, rimmed with white fire. He turned them out and, -having thrown his hat and cape on the table, passed through the library -towards the door of his bedroom, a large octagonal chamber on the -ground floor that, in his new-born feeling for luxury, he had just had -decorated for himself and hung with some curious Renaissance tapestries -that had been discovered stored in a disused attic at Selby Royal. As -he was turning the handle of the door, his eye fell upon the portrait -Basil Hallward had painted of him. He started back as if in surprise. -Then he went on into his own room, looking somewhat puzzled. After he -had taken the button-hole out of his coat, he seemed to hesitate. -Finally, he came back, went over to the picture, and examined it. In -the dim arrested light that struggled through the cream-coloured silk -blinds, the face appeared to him to be a little changed. The -expression looked different. One would have said that there was a -touch of cruelty in the mouth. It was certainly strange. - -He turned round and, walking to the window, drew up the blind. The -bright dawn flooded the room and swept the fantastic shadows into dusky -corners, where they lay shuddering. But the strange expression that he -had noticed in the face of the portrait seemed to linger there, to be -more intensified even. The quivering ardent sunlight showed him the -lines of cruelty round the mouth as clearly as if he had been looking -into a mirror after he had done some dreadful thing. - -He winced and, taking up from the table an oval glass framed in ivory -Cupids, one of Lord Henry's many presents to him, glanced hurriedly -into its polished depths. No line like that warped his red lips. What -did it mean? - -He rubbed his eyes, and came close to the picture, and examined it -again. There were no signs of any change when he looked into the -actual painting, and yet there was no doubt that the whole expression -had altered. It was not a mere fancy of his own. The thing was -horribly apparent. - -He threw himself into a chair and began to think. Suddenly there -flashed across his mind what he had said in Basil Hallward's studio the -day the picture had been finished. Yes, he remembered it perfectly. -He had uttered a mad wish that he himself might remain young, and the -portrait grow old; that his own beauty might be untarnished, and the -face on the canvas bear the burden of his passions and his sins; that -the painted image might be seared with the lines of suffering and -thought, and that he might keep all the delicate bloom and loveliness -of his then just conscious boyhood. Surely his wish had not been -fulfilled? Such things were impossible. It seemed monstrous even to -think of them. And, yet, there was the picture before him, with the -touch of cruelty in the mouth. - -Cruelty! Had he been cruel? It was the girl's fault, not his. He had -dreamed of her as a great artist, had given his love to her because he -had thought her great. Then she had disappointed him. She had been -shallow and unworthy. And, yet, a feeling of infinite regret came over -him, as he thought of her lying at his feet sobbing like a little -child. He remembered with what callousness he had watched her. Why -had he been made like that? Why had such a soul been given to him? -But he had suffered also. During the three terrible hours that the -play had lasted, he had lived centuries of pain, aeon upon aeon of -torture. His life was well worth hers. She had marred him for a -moment, if he had wounded her for an age. Besides, women were better -suited to bear sorrow than men. They lived on their emotions. They -only thought of their emotions. When they took lovers, it was merely -to have some one with whom they could have scenes. Lord Henry had told -him that, and Lord Henry knew what women were. Why should he trouble -about Sibyl Vane? She was nothing to him now. - -But the picture? What was he to say of that? It held the secret of -his life, and told his story. It had taught him to love his own -beauty. Would it teach him to loathe his own soul? Would he ever look -at it again? - -No; it was merely an illusion wrought on the troubled senses. The -horrible night that he had passed had left phantoms behind it. -Suddenly there had fallen upon his brain that tiny scarlet speck that -makes men mad. The picture had not changed. It was folly to think so. - -Yet it was watching him, with its beautiful marred face and its cruel -smile. Its bright hair gleamed in the early sunlight. Its blue eyes -met his own. A sense of infinite pity, not for himself, but for the -painted image of himself, came over him. It had altered already, and -would alter more. Its gold would wither into grey. Its red and white -roses would die. For every sin that he committed, a stain would fleck -and wreck its fairness. But he would not sin. The picture, changed or -unchanged, would be to him the visible emblem of conscience. He would -resist temptation. He would not see Lord Henry any more--would not, at -any rate, listen to those subtle poisonous theories that in Basil -Hallward's garden had first stirred within him the passion for -impossible things. He would go back to Sibyl Vane, make her amends, -marry her, try to love her again. Yes, it was his duty to do so. She -must have suffered more than he had. Poor child! He had been selfish -and cruel to her. The fascination that she had exercised over him -would return. They would be happy together. His life with her would -be beautiful and pure. - -He got up from his chair and drew a large screen right in front of the -portrait, shuddering as he glanced at it. "How horrible!" he murmured -to himself, and he walked across to the window and opened it. When he -stepped out on to the grass, he drew a deep breath. The fresh morning -air seemed to drive away all his sombre passions. He thought only of -Sibyl. A faint echo of his love came back to him. He repeated her -name over and over again. The birds that were singing in the -dew-drenched garden seemed to be telling the flowers about her. - - - -CHAPTER 8 - -It was long past noon when he awoke. His valet had crept several times -on tiptoe into the room to see if he was stirring, and had wondered -what made his young master sleep so late. Finally his bell sounded, -and Victor came in softly with a cup of tea, and a pile of letters, on -a small tray of old Sevres china, and drew back the olive-satin -curtains, with their shimmering blue lining, that hung in front of the -three tall windows. - -"Monsieur has well slept this morning," he said, smiling. - -"What o'clock is it, Victor?" asked Dorian Gray drowsily. - -"One hour and a quarter, Monsieur." - -How late it was! He sat up, and having sipped some tea, turned over -his letters. One of them was from Lord Henry, and had been brought by -hand that morning. He hesitated for a moment, and then put it aside. -The others he opened listlessly. They contained the usual collection -of cards, invitations to dinner, tickets for private views, programmes -of charity concerts, and the like that are showered on fashionable -young men every morning during the season. There was a rather heavy -bill for a chased silver Louis-Quinze toilet-set that he had not yet -had the courage to send on to his guardians, who were extremely -old-fashioned people and did not realize that we live in an age when -unnecessary things are our only necessities; and there were several -very courteously worded communications from Jermyn Street money-lenders -offering to advance any sum of money at a moment's notice and at the -most reasonable rates of interest. - -After about ten minutes he got up, and throwing on an elaborate -dressing-gown of silk-embroidered cashmere wool, passed into the -onyx-paved bathroom. The cool water refreshed him after his long -sleep. He seemed to have forgotten all that he had gone through. A -dim sense of having taken part in some strange tragedy came to him once -or twice, but there was the unreality of a dream about it. - -As soon as he was dressed, he went into the library and sat down to a -light French breakfast that had been laid out for him on a small round -table close to the open window. It was an exquisite day. The warm air -seemed laden with spices. A bee flew in and buzzed round the -blue-dragon bowl that, filled with sulphur-yellow roses, stood before -him. He felt perfectly happy. - -Suddenly his eye fell on the screen that he had placed in front of the -portrait, and he started. - -"Too cold for Monsieur?" asked his valet, putting an omelette on the -table. "I shut the window?" - -Dorian shook his head. "I am not cold," he murmured. - -Was it all true? Had the portrait really changed? Or had it been -simply his own imagination that had made him see a look of evil where -there had been a look of joy? Surely a painted canvas could not alter? -The thing was absurd. It would serve as a tale to tell Basil some day. -It would make him smile. - -And, yet, how vivid was his recollection of the whole thing! First in -the dim twilight, and then in the bright dawn, he had seen the touch of -cruelty round the warped lips. He almost dreaded his valet leaving the -room. He knew that when he was alone he would have to examine the -portrait. He was afraid of certainty. When the coffee and cigarettes -had been brought and the man turned to go, he felt a wild desire to -tell him to remain. As the door was closing behind him, he called him -back. The man stood waiting for his orders. Dorian looked at him for -a moment. "I am not at home to any one, Victor," he said with a sigh. -The man bowed and retired. - -Then he rose from the table, lit a cigarette, and flung himself down on -a luxuriously cushioned couch that stood facing the screen. The screen -was an old one, of gilt Spanish leather, stamped and wrought with a -rather florid Louis-Quatorze pattern. He scanned it curiously, -wondering if ever before it had concealed the secret of a man's life. - -Should he move it aside, after all? Why not let it stay there? What -was the use of knowing? If the thing was true, it was terrible. If it -was not true, why trouble about it? But what if, by some fate or -deadlier chance, eyes other than his spied behind and saw the horrible -change? What should he do if Basil Hallward came and asked to look at -his own picture? Basil would be sure to do that. No; the thing had to -be examined, and at once. Anything would be better than this dreadful -state of doubt. - -He got up and locked both doors. At least he would be alone when he -looked upon the mask of his shame. Then he drew the screen aside and -saw himself face to face. It was perfectly true. The portrait had -altered. - -As he often remembered afterwards, and always with no small wonder, he -found himself at first gazing at the portrait with a feeling of almost -scientific interest. That such a change should have taken place was -incredible to him. And yet it was a fact. Was there some subtle -affinity between the chemical atoms that shaped themselves into form -and colour on the canvas and the soul that was within him? Could it be -that what that soul thought, they realized?--that what it dreamed, they -made true? Or was there some other, more terrible reason? He -shuddered, and felt afraid, and, going back to the couch, lay there, -gazing at the picture in sickened horror. - -One thing, however, he felt that it had done for him. It had made him -conscious how unjust, how cruel, he had been to Sibyl Vane. It was not -too late to make reparation for that. She could still be his wife. -His unreal and selfish love would yield to some higher influence, would -be transformed into some nobler passion, and the portrait that Basil -Hallward had painted of him would be a guide to him through life, would -be to him what holiness is to some, and conscience to others, and the -fear of God to us all. There were opiates for remorse, drugs that -could lull the moral sense to sleep. But here was a visible symbol of -the degradation of sin. Here was an ever-present sign of the ruin men -brought upon their souls. - -Three o'clock struck, and four, and the half-hour rang its double -chime, but Dorian Gray did not stir. He was trying to gather up the -scarlet threads of life and to weave them into a pattern; to find his -way through the sanguine labyrinth of passion through which he was -wandering. He did not know what to do, or what to think. Finally, he -went over to the table and wrote a passionate letter to the girl he had -loved, imploring her forgiveness and accusing himself of madness. He -covered page after page with wild words of sorrow and wilder words of -pain. There is a luxury in self-reproach. When we blame ourselves, we -feel that no one else has a right to blame us. It is the confession, -not the priest, that gives us absolution. When Dorian had finished the -letter, he felt that he had been forgiven. - -Suddenly there came a knock to the door, and he heard Lord Henry's -voice outside. "My dear boy, I must see you. Let me in at once. I -can't bear your shutting yourself up like this." - -He made no answer at first, but remained quite still. The knocking -still continued and grew louder. Yes, it was better to let Lord Henry -in, and to explain to him the new life he was going to lead, to quarrel -with him if it became necessary to quarrel, to part if parting was -inevitable. He jumped up, drew the screen hastily across the picture, -and unlocked the door. - -"I am so sorry for it all, Dorian," said Lord Henry as he entered. -"But you must not think too much about it." - -"Do you mean about Sibyl Vane?" asked the lad. - -"Yes, of course," answered Lord Henry, sinking into a chair and slowly -pulling off his yellow gloves. "It is dreadful, from one point of -view, but it was not your fault. Tell me, did you go behind and see -her, after the play was over?" - -"Yes." - -"I felt sure you had. Did you make a scene with her?" - -"I was brutal, Harry--perfectly brutal. But it is all right now. I am -not sorry for anything that has happened. It has taught me to know -myself better." - -"Ah, Dorian, I am so glad you take it in that way! I was afraid I -would find you plunged in remorse and tearing that nice curly hair of -yours." - -"I have got through all that," said Dorian, shaking his head and -smiling. "I am perfectly happy now. I know what conscience is, to -begin with. It is not what you told me it was. It is the divinest -thing in us. Don't sneer at it, Harry, any more--at least not before -me. I want to be good. I can't bear the idea of my soul being -hideous." - -"A very charming artistic basis for ethics, Dorian! I congratulate you -on it. But how are you going to begin?" - -"By marrying Sibyl Vane." - -"Marrying Sibyl Vane!" cried Lord Henry, standing up and looking at him -in perplexed amazement. "But, my dear Dorian--" - -"Yes, Harry, I know what you are going to say. Something dreadful -about marriage. Don't say it. Don't ever say things of that kind to -me again. Two days ago I asked Sibyl to marry me. I am not going to -break my word to her. She is to be my wife." - -"Your wife! Dorian! ... Didn't you get my letter? I wrote to you this -morning, and sent the note down by my own man." - -"Your letter? Oh, yes, I remember. I have not read it yet, Harry. I -was afraid there might be something in it that I wouldn't like. You -cut life to pieces with your epigrams." - -"You know nothing then?" - -"What do you mean?" - -Lord Henry walked across the room, and sitting down by Dorian Gray, -took both his hands in his own and held them tightly. "Dorian," he -said, "my letter--don't be frightened--was to tell you that Sibyl Vane -is dead." - -A cry of pain broke from the lad's lips, and he leaped to his feet, -tearing his hands away from Lord Henry's grasp. "Dead! Sibyl dead! -It is not true! It is a horrible lie! How dare you say it?" - -"It is quite true, Dorian," said Lord Henry, gravely. "It is in all -the morning papers. I wrote down to you to ask you not to see any one -till I came. There will have to be an inquest, of course, and you must -not be mixed up in it. Things like that make a man fashionable in -Paris. But in London people are so prejudiced. Here, one should never -make one's _debut_ with a scandal. One should reserve that to give an -interest to one's old age. I suppose they don't know your name at the -theatre? If they don't, it is all right. Did any one see you going -round to her room? That is an important point." - -Dorian did not answer for a few moments. He was dazed with horror. -Finally he stammered, in a stifled voice, "Harry, did you say an -inquest? What did you mean by that? Did Sibyl--? Oh, Harry, I can't -bear it! But be quick. Tell me everything at once." - -"I have no doubt it was not an accident, Dorian, though it must be put -in that way to the public. It seems that as she was leaving the -theatre with her mother, about half-past twelve or so, she said she had -forgotten something upstairs. They waited some time for her, but she -did not come down again. They ultimately found her lying dead on the -floor of her dressing-room. She had swallowed something by mistake, -some dreadful thing they use at theatres. I don't know what it was, -but it had either prussic acid or white lead in it. I should fancy it -was prussic acid, as she seems to have died instantaneously." - -"Harry, Harry, it is terrible!" cried the lad. - -"Yes; it is very tragic, of course, but you must not get yourself mixed -up in it. I see by _The Standard_ that she was seventeen. I should have -thought she was almost younger than that. She looked such a child, and -seemed to know so little about acting. Dorian, you mustn't let this -thing get on your nerves. You must come and dine with me, and -afterwards we will look in at the opera. It is a Patti night, and -everybody will be there. You can come to my sister's box. She has got -some smart women with her." - -"So I have murdered Sibyl Vane," said Dorian Gray, half to himself, -"murdered her as surely as if I had cut her little throat with a knife. -Yet the roses are not less lovely for all that. The birds sing just as -happily in my garden. And to-night I am to dine with you, and then go -on to the opera, and sup somewhere, I suppose, afterwards. How -extraordinarily dramatic life is! If I had read all this in a book, -Harry, I think I would have wept over it. Somehow, now that it has -happened actually, and to me, it seems far too wonderful for tears. -Here is the first passionate love-letter I have ever written in my -life. Strange, that my first passionate love-letter should have been -addressed to a dead girl. Can they feel, I wonder, those white silent -people we call the dead? Sibyl! Can she feel, or know, or listen? -Oh, Harry, how I loved her once! It seems years ago to me now. She -was everything to me. Then came that dreadful night--was it really -only last night?--when she played so badly, and my heart almost broke. -She explained it all to me. It was terribly pathetic. But I was not -moved a bit. I thought her shallow. Suddenly something happened that -made me afraid. I can't tell you what it was, but it was terrible. I -said I would go back to her. I felt I had done wrong. And now she is -dead. My God! My God! Harry, what shall I do? You don't know the -danger I am in, and there is nothing to keep me straight. She would -have done that for me. She had no right to kill herself. It was -selfish of her." - -"My dear Dorian," answered Lord Henry, taking a cigarette from his case -and producing a gold-latten matchbox, "the only way a woman can ever -reform a man is by boring him so completely that he loses all possible -interest in life. If you had married this girl, you would have been -wretched. Of course, you would have treated her kindly. One can -always be kind to people about whom one cares nothing. But she would -have soon found out that you were absolutely indifferent to her. And -when a woman finds that out about her husband, she either becomes -dreadfully dowdy, or wears very smart bonnets that some other woman's -husband has to pay for. I say nothing about the social mistake, which -would have been abject--which, of course, I would not have allowed--but -I assure you that in any case the whole thing would have been an -absolute failure." - -"I suppose it would," muttered the lad, walking up and down the room -and looking horribly pale. "But I thought it was my duty. It is not -my fault that this terrible tragedy has prevented my doing what was -right. I remember your saying once that there is a fatality about good -resolutions--that they are always made too late. Mine certainly were." - -"Good resolutions are useless attempts to interfere with scientific -laws. Their origin is pure vanity. Their result is absolutely _nil_. -They give us, now and then, some of those luxurious sterile emotions -that have a certain charm for the weak. That is all that can be said -for them. They are simply cheques that men draw on a bank where they -have no account." - -"Harry," cried Dorian Gray, coming over and sitting down beside him, -"why is it that I cannot feel this tragedy as much as I want to? I -don't think I am heartless. Do you?" - -"You have done too many foolish things during the last fortnight to be -entitled to give yourself that name, Dorian," answered Lord Henry with -his sweet melancholy smile. - -The lad frowned. "I don't like that explanation, Harry," he rejoined, -"but I am glad you don't think I am heartless. I am nothing of the -kind. I know I am not. And yet I must admit that this thing that has -happened does not affect me as it should. It seems to me to be simply -like a wonderful ending to a wonderful play. It has all the terrible -beauty of a Greek tragedy, a tragedy in which I took a great part, but -by which I have not been wounded." - -"It is an interesting question," said Lord Henry, who found an -exquisite pleasure in playing on the lad's unconscious egotism, "an -extremely interesting question. I fancy that the true explanation is -this: It often happens that the real tragedies of life occur in such -an inartistic manner that they hurt us by their crude violence, their -absolute incoherence, their absurd want of meaning, their entire lack -of style. They affect us just as vulgarity affects us. They give us -an impression of sheer brute force, and we revolt against that. -Sometimes, however, a tragedy that possesses artistic elements of -beauty crosses our lives. If these elements of beauty are real, the -whole thing simply appeals to our sense of dramatic effect. Suddenly -we find that we are no longer the actors, but the spectators of the -play. Or rather we are both. We watch ourselves, and the mere wonder -of the spectacle enthralls us. In the present case, what is it that -has really happened? Some one has killed herself for love of you. I -wish that I had ever had such an experience. It would have made me in -love with love for the rest of my life. The people who have adored -me--there have not been very many, but there have been some--have -always insisted on living on, long after I had ceased to care for them, -or they to care for me. They have become stout and tedious, and when I -meet them, they go in at once for reminiscences. That awful memory of -woman! What a fearful thing it is! And what an utter intellectual -stagnation it reveals! One should absorb the colour of life, but one -should never remember its details. Details are always vulgar." - -"I must sow poppies in my garden," sighed Dorian. - -"There is no necessity," rejoined his companion. "Life has always -poppies in her hands. Of course, now and then things linger. I once -wore nothing but violets all through one season, as a form of artistic -mourning for a romance that would not die. Ultimately, however, it did -die. I forget what killed it. I think it was her proposing to -sacrifice the whole world for me. That is always a dreadful moment. -It fills one with the terror of eternity. Well--would you believe -it?--a week ago, at Lady Hampshire's, I found myself seated at dinner -next the lady in question, and she insisted on going over the whole -thing again, and digging up the past, and raking up the future. I had -buried my romance in a bed of asphodel. She dragged it out again and -assured me that I had spoiled her life. I am bound to state that she -ate an enormous dinner, so I did not feel any anxiety. But what a lack -of taste she showed! The one charm of the past is that it is the past. -But women never know when the curtain has fallen. They always want a -sixth act, and as soon as the interest of the play is entirely over, -they propose to continue it. If they were allowed their own way, every -comedy would have a tragic ending, and every tragedy would culminate in -a farce. They are charmingly artificial, but they have no sense of -art. You are more fortunate than I am. I assure you, Dorian, that not -one of the women I have known would have done for me what Sibyl Vane -did for you. Ordinary women always console themselves. Some of them -do it by going in for sentimental colours. Never trust a woman who -wears mauve, whatever her age may be, or a woman over thirty-five who -is fond of pink ribbons. It always means that they have a history. -Others find a great consolation in suddenly discovering the good -qualities of their husbands. They flaunt their conjugal felicity in -one's face, as if it were the most fascinating of sins. Religion -consoles some. Its mysteries have all the charm of a flirtation, a -woman once told me, and I can quite understand it. Besides, nothing -makes one so vain as being told that one is a sinner. Conscience makes -egotists of us all. Yes; there is really no end to the consolations -that women find in modern life. Indeed, I have not mentioned the most -important one." - -"What is that, Harry?" said the lad listlessly. - -"Oh, the obvious consolation. Taking some one else's admirer when one -loses one's own. In good society that always whitewashes a woman. But -really, Dorian, how different Sibyl Vane must have been from all the -women one meets! There is something to me quite beautiful about her -death. I am glad I am living in a century when such wonders happen. -They make one believe in the reality of the things we all play with, -such as romance, passion, and love." - -"I was terribly cruel to her. You forget that." - -"I am afraid that women appreciate cruelty, downright cruelty, more -than anything else. They have wonderfully primitive instincts. We -have emancipated them, but they remain slaves looking for their -masters, all the same. They love being dominated. I am sure you were -splendid. I have never seen you really and absolutely angry, but I can -fancy how delightful you looked. And, after all, you said something to -me the day before yesterday that seemed to me at the time to be merely -fanciful, but that I see now was absolutely true, and it holds the key -to everything." - -"What was that, Harry?" - -"You said to me that Sibyl Vane represented to you all the heroines of -romance--that she was Desdemona one night, and Ophelia the other; that -if she died as Juliet, she came to life as Imogen." - -"She will never come to life again now," muttered the lad, burying his -face in his hands. - -"No, she will never come to life. She has played her last part. But -you must think of that lonely death in the tawdry dressing-room simply -as a strange lurid fragment from some Jacobean tragedy, as a wonderful -scene from Webster, or Ford, or Cyril Tourneur. The girl never really -lived, and so she has never really died. To you at least she was -always a dream, a phantom that flitted through Shakespeare's plays and -left them lovelier for its presence, a reed through which Shakespeare's -music sounded richer and more full of joy. The moment she touched -actual life, she marred it, and it marred her, and so she passed away. -Mourn for Ophelia, if you like. Put ashes on your head because -Cordelia was strangled. Cry out against Heaven because the daughter of -Brabantio died. But don't waste your tears over Sibyl Vane. She was -less real than they are." - -There was a silence. The evening darkened in the room. Noiselessly, -and with silver feet, the shadows crept in from the garden. The -colours faded wearily out of things. - -After some time Dorian Gray looked up. "You have explained me to -myself, Harry," he murmured with something of a sigh of relief. "I -felt all that you have said, but somehow I was afraid of it, and I -could not express it to myself. How well you know me! But we will not -talk again of what has happened. It has been a marvellous experience. -That is all. I wonder if life has still in store for me anything as -marvellous." - -"Life has everything in store for you, Dorian. There is nothing that -you, with your extraordinary good looks, will not be able to do." - -"But suppose, Harry, I became haggard, and old, and wrinkled? What -then?" - -"Ah, then," said Lord Henry, rising to go, "then, my dear Dorian, you -would have to fight for your victories. As it is, they are brought to -you. No, you must keep your good looks. We live in an age that reads -too much to be wise, and that thinks too much to be beautiful. We -cannot spare you. And now you had better dress and drive down to the -club. We are rather late, as it is." - -"I think I shall join you at the opera, Harry. I feel too tired to eat -anything. What is the number of your sister's box?" - -"Twenty-seven, I believe. It is on the grand tier. You will see her -name on the door. But I am sorry you won't come and dine." - -"I don't feel up to it," said Dorian listlessly. "But I am awfully -obliged to you for all that you have said to me. You are certainly my -best friend. No one has ever understood me as you have." - -"We are only at the beginning of our friendship, Dorian," answered Lord -Henry, shaking him by the hand. "Good-bye. I shall see you before -nine-thirty, I hope. Remember, Patti is singing." - -As he closed the door behind him, Dorian Gray touched the bell, and in -a few minutes Victor appeared with the lamps and drew the blinds down. -He waited impatiently for him to go. The man seemed to take an -interminable time over everything. - -As soon as he had left, he rushed to the screen and drew it back. No; -there was no further change in the picture. It had received the news -of Sibyl Vane's death before he had known of it himself. It was -conscious of the events of life as they occurred. The vicious cruelty -that marred the fine lines of the mouth had, no doubt, appeared at the -very moment that the girl had drunk the poison, whatever it was. Or -was it indifferent to results? Did it merely take cognizance of what -passed within the soul? He wondered, and hoped that some day he would -see the change taking place before his very eyes, shuddering as he -hoped it. - -Poor Sibyl! What a romance it had all been! She had often mimicked -death on the stage. Then Death himself had touched her and taken her -with him. How had she played that dreadful last scene? Had she cursed -him, as she died? No; she had died for love of him, and love would -always be a sacrament to him now. She had atoned for everything by the -sacrifice she had made of her life. He would not think any more of -what she had made him go through, on that horrible night at the -theatre. When he thought of her, it would be as a wonderful tragic -figure sent on to the world's stage to show the supreme reality of -love. A wonderful tragic figure? Tears came to his eyes as he -remembered her childlike look, and winsome fanciful ways, and shy -tremulous grace. He brushed them away hastily and looked again at the -picture. - -He felt that the time had really come for making his choice. Or had -his choice already been made? Yes, life had decided that for -him--life, and his own infinite curiosity about life. Eternal youth, -infinite passion, pleasures subtle and secret, wild joys and wilder -sins--he was to have all these things. The portrait was to bear the -burden of his shame: that was all. - -A feeling of pain crept over him as he thought of the desecration that -was in store for the fair face on the canvas. Once, in boyish mockery -of Narcissus, he had kissed, or feigned to kiss, those painted lips -that now smiled so cruelly at him. Morning after morning he had sat -before the portrait wondering at its beauty, almost enamoured of it, as -it seemed to him at times. Was it to alter now with every mood to -which he yielded? Was it to become a monstrous and loathsome thing, to -be hidden away in a locked room, to be shut out from the sunlight that -had so often touched to brighter gold the waving wonder of its hair? -The pity of it! the pity of it! - -For a moment, he thought of praying that the horrible sympathy that -existed between him and the picture might cease. It had changed in -answer to a prayer; perhaps in answer to a prayer it might remain -unchanged. And yet, who, that knew anything about life, would -surrender the chance of remaining always young, however fantastic that -chance might be, or with what fateful consequences it might be fraught? -Besides, was it really under his control? Had it indeed been prayer -that had produced the substitution? Might there not be some curious -scientific reason for it all? If thought could exercise its influence -upon a living organism, might not thought exercise an influence upon -dead and inorganic things? Nay, without thought or conscious desire, -might not things external to ourselves vibrate in unison with our moods -and passions, atom calling to atom in secret love or strange affinity? -But the reason was of no importance. He would never again tempt by a -prayer any terrible power. If the picture was to alter, it was to -alter. That was all. Why inquire too closely into it? - -For there would be a real pleasure in watching it. He would be able to -follow his mind into its secret places. This portrait would be to him -the most magical of mirrors. As it had revealed to him his own body, -so it would reveal to him his own soul. And when winter came upon it, -he would still be standing where spring trembles on the verge of -summer. When the blood crept from its face, and left behind a pallid -mask of chalk with leaden eyes, he would keep the glamour of boyhood. -Not one blossom of his loveliness would ever fade. Not one pulse of -his life would ever weaken. Like the gods of the Greeks, he would be -strong, and fleet, and joyous. What did it matter what happened to the -coloured image on the canvas? He would be safe. That was everything. - -He drew the screen back into its former place in front of the picture, -smiling as he did so, and passed into his bedroom, where his valet was -already waiting for him. An hour later he was at the opera, and Lord -Henry was leaning over his chair. - - - -CHAPTER 9 - -As he was sitting at breakfast next morning, Basil Hallward was shown -into the room. - -"I am so glad I have found you, Dorian," he said gravely. "I called -last night, and they told me you were at the opera. Of course, I knew -that was impossible. But I wish you had left word where you had really -gone to. I passed a dreadful evening, half afraid that one tragedy -might be followed by another. I think you might have telegraphed for -me when you heard of it first. I read of it quite by chance in a late -edition of _The Globe_ that I picked up at the club. I came here at once -and was miserable at not finding you. I can't tell you how -heart-broken I am about the whole thing. I know what you must suffer. -But where were you? Did you go down and see the girl's mother? For a -moment I thought of following you there. They gave the address in the -paper. Somewhere in the Euston Road, isn't it? But I was afraid of -intruding upon a sorrow that I could not lighten. Poor woman! What a -state she must be in! And her only child, too! What did she say about -it all?" - -"My dear Basil, how do I know?" murmured Dorian Gray, sipping some -pale-yellow wine from a delicate, gold-beaded bubble of Venetian glass -and looking dreadfully bored. "I was at the opera. You should have -come on there. I met Lady Gwendolen, Harry's sister, for the first -time. We were in her box. She is perfectly charming; and Patti sang -divinely. Don't talk about horrid subjects. If one doesn't talk about -a thing, it has never happened. It is simply expression, as Harry -says, that gives reality to things. I may mention that she was not the -woman's only child. There is a son, a charming fellow, I believe. But -he is not on the stage. He is a sailor, or something. And now, tell -me about yourself and what you are painting." - -"You went to the opera?" said Hallward, speaking very slowly and with a -strained touch of pain in his voice. "You went to the opera while -Sibyl Vane was lying dead in some sordid lodging? You can talk to me -of other women being charming, and of Patti singing divinely, before -the girl you loved has even the quiet of a grave to sleep in? Why, -man, there are horrors in store for that little white body of hers!" - -"Stop, Basil! I won't hear it!" cried Dorian, leaping to his feet. -"You must not tell me about things. What is done is done. What is -past is past." - -"You call yesterday the past?" - -"What has the actual lapse of time got to do with it? It is only -shallow people who require years to get rid of an emotion. A man who -is master of himself can end a sorrow as easily as he can invent a -pleasure. I don't want to be at the mercy of my emotions. I want to -use them, to enjoy them, and to dominate them." - -"Dorian, this is horrible! Something has changed you completely. You -look exactly the same wonderful boy who, day after day, used to come -down to my studio to sit for his picture. But you were simple, -natural, and affectionate then. You were the most unspoiled creature -in the whole world. Now, I don't know what has come over you. You -talk as if you had no heart, no pity in you. It is all Harry's -influence. I see that." - -The lad flushed up and, going to the window, looked out for a few -moments on the green, flickering, sun-lashed garden. "I owe a great -deal to Harry, Basil," he said at last, "more than I owe to you. You -only taught me to be vain." - -"Well, I am punished for that, Dorian--or shall be some day." - -"I don't know what you mean, Basil," he exclaimed, turning round. "I -don't know what you want. What do you want?" - -"I want the Dorian Gray I used to paint," said the artist sadly. - -"Basil," said the lad, going over to him and putting his hand on his -shoulder, "you have come too late. Yesterday, when I heard that Sibyl -Vane had killed herself--" - -"Killed herself! Good heavens! is there no doubt about that?" cried -Hallward, looking up at him with an expression of horror. - -"My dear Basil! Surely you don't think it was a vulgar accident? Of -course she killed herself." - -The elder man buried his face in his hands. "How fearful," he -muttered, and a shudder ran through him. - -"No," said Dorian Gray, "there is nothing fearful about it. It is one -of the great romantic tragedies of the age. As a rule, people who act -lead the most commonplace lives. They are good husbands, or faithful -wives, or something tedious. You know what I mean--middle-class virtue -and all that kind of thing. How different Sibyl was! She lived her -finest tragedy. She was always a heroine. The last night she -played--the night you saw her--she acted badly because she had known -the reality of love. When she knew its unreality, she died, as Juliet -might have died. She passed again into the sphere of art. There is -something of the martyr about her. Her death has all the pathetic -uselessness of martyrdom, all its wasted beauty. But, as I was saying, -you must not think I have not suffered. If you had come in yesterday -at a particular moment--about half-past five, perhaps, or a quarter to -six--you would have found me in tears. Even Harry, who was here, who -brought me the news, in fact, had no idea what I was going through. I -suffered immensely. Then it passed away. I cannot repeat an emotion. -No one can, except sentimentalists. And you are awfully unjust, Basil. -You come down here to console me. That is charming of you. You find -me consoled, and you are furious. How like a sympathetic person! You -remind me of a story Harry told me about a certain philanthropist who -spent twenty years of his life in trying to get some grievance -redressed, or some unjust law altered--I forget exactly what it was. -Finally he succeeded, and nothing could exceed his disappointment. He -had absolutely nothing to do, almost died of _ennui_, and became a -confirmed misanthrope. And besides, my dear old Basil, if you really -want to console me, teach me rather to forget what has happened, or to -see it from a proper artistic point of view. Was it not Gautier who -used to write about _la consolation des arts_? I remember picking up a -little vellum-covered book in your studio one day and chancing on that -delightful phrase. Well, I am not like that young man you told me of -when we were down at Marlow together, the young man who used to say -that yellow satin could console one for all the miseries of life. I -love beautiful things that one can touch and handle. Old brocades, -green bronzes, lacquer-work, carved ivories, exquisite surroundings, -luxury, pomp--there is much to be got from all these. But the artistic -temperament that they create, or at any rate reveal, is still more to -me. To become the spectator of one's own life, as Harry says, is to -escape the suffering of life. I know you are surprised at my talking -to you like this. You have not realized how I have developed. I was a -schoolboy when you knew me. I am a man now. I have new passions, new -thoughts, new ideas. I am different, but you must not like me less. I -am changed, but you must always be my friend. Of course, I am very -fond of Harry. But I know that you are better than he is. You are not -stronger--you are too much afraid of life--but you are better. And how -happy we used to be together! Don't leave me, Basil, and don't quarrel -with me. I am what I am. There is nothing more to be said." - -The painter felt strangely moved. The lad was infinitely dear to him, -and his personality had been the great turning point in his art. He -could not bear the idea of reproaching him any more. After all, his -indifference was probably merely a mood that would pass away. There -was so much in him that was good, so much in him that was noble. - -"Well, Dorian," he said at length, with a sad smile, "I won't speak to -you again about this horrible thing, after to-day. I only trust your -name won't be mentioned in connection with it. The inquest is to take -place this afternoon. Have they summoned you?" - -Dorian shook his head, and a look of annoyance passed over his face at -the mention of the word "inquest." There was something so crude and -vulgar about everything of the kind. "They don't know my name," he -answered. - -"But surely she did?" - -"Only my Christian name, and that I am quite sure she never mentioned -to any one. She told me once that they were all rather curious to -learn who I was, and that she invariably told them my name was Prince -Charming. It was pretty of her. You must do me a drawing of Sibyl, -Basil. I should like to have something more of her than the memory of -a few kisses and some broken pathetic words." - -"I will try and do something, Dorian, if it would please you. But you -must come and sit to me yourself again. I can't get on without you." - -"I can never sit to you again, Basil. It is impossible!" he exclaimed, -starting back. - -The painter stared at him. "My dear boy, what nonsense!" he cried. -"Do you mean to say you don't like what I did of you? Where is it? -Why have you pulled the screen in front of it? Let me look at it. It -is the best thing I have ever done. Do take the screen away, Dorian. -It is simply disgraceful of your servant hiding my work like that. I -felt the room looked different as I came in." - -"My servant has nothing to do with it, Basil. You don't imagine I let -him arrange my room for me? He settles my flowers for me -sometimes--that is all. No; I did it myself. The light was too strong -on the portrait." - -"Too strong! Surely not, my dear fellow? It is an admirable place for -it. Let me see it." And Hallward walked towards the corner of the -room. - -A cry of terror broke from Dorian Gray's lips, and he rushed between -the painter and the screen. "Basil," he said, looking very pale, "you -must not look at it. I don't wish you to." - -"Not look at my own work! You are not serious. Why shouldn't I look -at it?" exclaimed Hallward, laughing. - -"If you try to look at it, Basil, on my word of honour I will never -speak to you again as long as I live. I am quite serious. I don't -offer any explanation, and you are not to ask for any. But, remember, -if you touch this screen, everything is over between us." - -Hallward was thunderstruck. He looked at Dorian Gray in absolute -amazement. He had never seen him like this before. The lad was -actually pallid with rage. His hands were clenched, and the pupils of -his eyes were like disks of blue fire. He was trembling all over. - -"Dorian!" - -"Don't speak!" - -"But what is the matter? Of course I won't look at it if you don't -want me to," he said, rather coldly, turning on his heel and going over -towards the window. "But, really, it seems rather absurd that I -shouldn't see my own work, especially as I am going to exhibit it in -Paris in the autumn. I shall probably have to give it another coat of -varnish before that, so I must see it some day, and why not to-day?" - -"To exhibit it! You want to exhibit it?" exclaimed Dorian Gray, a -strange sense of terror creeping over him. Was the world going to be -shown his secret? Were people to gape at the mystery of his life? -That was impossible. Something--he did not know what--had to be done -at once. - -"Yes; I don't suppose you will object to that. Georges Petit is going -to collect all my best pictures for a special exhibition in the Rue de -Seze, which will open the first week in October. The portrait will -only be away a month. I should think you could easily spare it for -that time. In fact, you are sure to be out of town. And if you keep -it always behind a screen, you can't care much about it." - -Dorian Gray passed his hand over his forehead. There were beads of -perspiration there. He felt that he was on the brink of a horrible -danger. "You told me a month ago that you would never exhibit it," he -cried. "Why have you changed your mind? You people who go in for -being consistent have just as many moods as others have. The only -difference is that your moods are rather meaningless. You can't have -forgotten that you assured me most solemnly that nothing in the world -would induce you to send it to any exhibition. You told Harry exactly -the same thing." He stopped suddenly, and a gleam of light came into -his eyes. He remembered that Lord Henry had said to him once, half -seriously and half in jest, "If you want to have a strange quarter of -an hour, get Basil to tell you why he won't exhibit your picture. He -told me why he wouldn't, and it was a revelation to me." Yes, perhaps -Basil, too, had his secret. He would ask him and try. - -"Basil," he said, coming over quite close and looking him straight in -the face, "we have each of us a secret. Let me know yours, and I shall -tell you mine. What was your reason for refusing to exhibit my -picture?" - -The painter shuddered in spite of himself. "Dorian, if I told you, you -might like me less than you do, and you would certainly laugh at me. I -could not bear your doing either of those two things. If you wish me -never to look at your picture again, I am content. I have always you -to look at. If you wish the best work I have ever done to be hidden -from the world, I am satisfied. Your friendship is dearer to me than -any fame or reputation." - -"No, Basil, you must tell me," insisted Dorian Gray. "I think I have a -right to know." His feeling of terror had passed away, and curiosity -had taken its place. He was determined to find out Basil Hallward's -mystery. - -"Let us sit down, Dorian," said the painter, looking troubled. "Let us -sit down. And just answer me one question. Have you noticed in the -picture something curious?--something that probably at first did not -strike you, but that revealed itself to you suddenly?" - -"Basil!" cried the lad, clutching the arms of his chair with trembling -hands and gazing at him with wild startled eyes. - -"I see you did. Don't speak. Wait till you hear what I have to say. -Dorian, from the moment I met you, your personality had the most -extraordinary influence over me. I was dominated, soul, brain, and -power, by you. You became to me the visible incarnation of that unseen -ideal whose memory haunts us artists like an exquisite dream. I -worshipped you. I grew jealous of every one to whom you spoke. I -wanted to have you all to myself. I was only happy when I was with -you. When you were away from me, you were still present in my art.... -Of course, I never let you know anything about this. It would have -been impossible. You would not have understood it. I hardly -understood it myself. I only knew that I had seen perfection face to -face, and that the world had become wonderful to my eyes--too -wonderful, perhaps, for in such mad worships there is peril, the peril -of losing them, no less than the peril of keeping them.... Weeks and -weeks went on, and I grew more and more absorbed in you. Then came a -new development. I had drawn you as Paris in dainty armour, and as -Adonis with huntsman's cloak and polished boar-spear. Crowned with -heavy lotus-blossoms you had sat on the prow of Adrian's barge, gazing -across the green turbid Nile. You had leaned over the still pool of -some Greek woodland and seen in the water's silent silver the marvel of -your own face. And it had all been what art should be--unconscious, -ideal, and remote. One day, a fatal day I sometimes think, I -determined to paint a wonderful portrait of you as you actually are, -not in the costume of dead ages, but in your own dress and in your own -time. Whether it was the realism of the method, or the mere wonder of -your own personality, thus directly presented to me without mist or -veil, I cannot tell. But I know that as I worked at it, every flake -and film of colour seemed to me to reveal my secret. I grew afraid -that others would know of my idolatry. I felt, Dorian, that I had told -too much, that I had put too much of myself into it. Then it was that -I resolved never to allow the picture to be exhibited. You were a -little annoyed; but then you did not realize all that it meant to me. -Harry, to whom I talked about it, laughed at me. But I did not mind -that. When the picture was finished, and I sat alone with it, I felt -that I was right.... Well, after a few days the thing left my studio, -and as soon as I had got rid of the intolerable fascination of its -presence, it seemed to me that I had been foolish in imagining that I -had seen anything in it, more than that you were extremely good-looking -and that I could paint. Even now I cannot help feeling that it is a -mistake to think that the passion one feels in creation is ever really -shown in the work one creates. Art is always more abstract than we -fancy. Form and colour tell us of form and colour--that is all. It -often seems to me that art conceals the artist far more completely than -it ever reveals him. And so when I got this offer from Paris, I -determined to make your portrait the principal thing in my exhibition. -It never occurred to me that you would refuse. I see now that you were -right. The picture cannot be shown. You must not be angry with me, -Dorian, for what I have told you. As I said to Harry, once, you are -made to be worshipped." - -Dorian Gray drew a long breath. The colour came back to his cheeks, -and a smile played about his lips. The peril was over. He was safe -for the time. Yet he could not help feeling infinite pity for the -painter who had just made this strange confession to him, and wondered -if he himself would ever be so dominated by the personality of a -friend. Lord Henry had the charm of being very dangerous. But that -was all. He was too clever and too cynical to be really fond of. -Would there ever be some one who would fill him with a strange -idolatry? Was that one of the things that life had in store? - -"It is extraordinary to me, Dorian," said Hallward, "that you should -have seen this in the portrait. Did you really see it?" - -"I saw something in it," he answered, "something that seemed to me very -curious." - -"Well, you don't mind my looking at the thing now?" - -Dorian shook his head. "You must not ask me that, Basil. I could not -possibly let you stand in front of that picture." - -"You will some day, surely?" - -"Never." - -"Well, perhaps you are right. And now good-bye, Dorian. You have been -the one person in my life who has really influenced my art. Whatever I -have done that is good, I owe to you. Ah! you don't know what it cost -me to tell you all that I have told you." - -"My dear Basil," said Dorian, "what have you told me? Simply that you -felt that you admired me too much. That is not even a compliment." - -"It was not intended as a compliment. It was a confession. Now that I -have made it, something seems to have gone out of me. Perhaps one -should never put one's worship into words." - -"It was a very disappointing confession." - -"Why, what did you expect, Dorian? You didn't see anything else in the -picture, did you? There was nothing else to see?" - -"No; there was nothing else to see. Why do you ask? But you mustn't -talk about worship. It is foolish. You and I are friends, Basil, and -we must always remain so." - -"You have got Harry," said the painter sadly. - -"Oh, Harry!" cried the lad, with a ripple of laughter. "Harry spends -his days in saying what is incredible and his evenings in doing what is -improbable. Just the sort of life I would like to lead. But still I -don't think I would go to Harry if I were in trouble. I would sooner -go to you, Basil." - -"You will sit to me again?" - -"Impossible!" - -"You spoil my life as an artist by refusing, Dorian. No man comes -across two ideal things. Few come across one." - -"I can't explain it to you, Basil, but I must never sit to you again. -There is something fatal about a portrait. It has a life of its own. -I will come and have tea with you. That will be just as pleasant." - -"Pleasanter for you, I am afraid," murmured Hallward regretfully. "And -now good-bye. I am sorry you won't let me look at the picture once -again. But that can't be helped. I quite understand what you feel -about it." - -As he left the room, Dorian Gray smiled to himself. Poor Basil! How -little he knew of the true reason! And how strange it was that, -instead of having been forced to reveal his own secret, he had -succeeded, almost by chance, in wresting a secret from his friend! How -much that strange confession explained to him! The painter's absurd -fits of jealousy, his wild devotion, his extravagant panegyrics, his -curious reticences--he understood them all now, and he felt sorry. -There seemed to him to be something tragic in a friendship so coloured -by romance. - -He sighed and touched the bell. The portrait must be hidden away at -all costs. He could not run such a risk of discovery again. It had -been mad of him to have allowed the thing to remain, even for an hour, -in a room to which any of his friends had access. - - - -CHAPTER 10 - -When his servant entered, he looked at him steadfastly and wondered if -he had thought of peering behind the screen. The man was quite -impassive and waited for his orders. Dorian lit a cigarette and walked -over to the glass and glanced into it. He could see the reflection of -Victor's face perfectly. It was like a placid mask of servility. -There was nothing to be afraid of, there. Yet he thought it best to be -on his guard. - -Speaking very slowly, he told him to tell the house-keeper that he -wanted to see her, and then to go to the frame-maker and ask him to -send two of his men round at once. It seemed to him that as the man -left the room his eyes wandered in the direction of the screen. Or was -that merely his own fancy? - -After a few moments, in her black silk dress, with old-fashioned thread -mittens on her wrinkled hands, Mrs. Leaf bustled into the library. He -asked her for the key of the schoolroom. - -"The old schoolroom, Mr. Dorian?" she exclaimed. "Why, it is full of -dust. I must get it arranged and put straight before you go into it. -It is not fit for you to see, sir. It is not, indeed." - -"I don't want it put straight, Leaf. I only want the key." - -"Well, sir, you'll be covered with cobwebs if you go into it. Why, it -hasn't been opened for nearly five years--not since his lordship died." - -He winced at the mention of his grandfather. He had hateful memories -of him. "That does not matter," he answered. "I simply want to see -the place--that is all. Give me the key." - -"And here is the key, sir," said the old lady, going over the contents -of her bunch with tremulously uncertain hands. "Here is the key. I'll -have it off the bunch in a moment. But you don't think of living up -there, sir, and you so comfortable here?" - -"No, no," he cried petulantly. "Thank you, Leaf. That will do." - -She lingered for a few moments, and was garrulous over some detail of -the household. He sighed and told her to manage things as she thought -best. She left the room, wreathed in smiles. - -As the door closed, Dorian put the key in his pocket and looked round -the room. His eye fell on a large, purple satin coverlet heavily -embroidered with gold, a splendid piece of late seventeenth-century -Venetian work that his grandfather had found in a convent near Bologna. -Yes, that would serve to wrap the dreadful thing in. It had perhaps -served often as a pall for the dead. Now it was to hide something that -had a corruption of its own, worse than the corruption of death -itself--something that would breed horrors and yet would never die. -What the worm was to the corpse, his sins would be to the painted image -on the canvas. They would mar its beauty and eat away its grace. They -would defile it and make it shameful. And yet the thing would still -live on. It would be always alive. - -He shuddered, and for a moment he regretted that he had not told Basil -the true reason why he had wished to hide the picture away. Basil -would have helped him to resist Lord Henry's influence, and the still -more poisonous influences that came from his own temperament. The love -that he bore him--for it was really love--had nothing in it that was -not noble and intellectual. It was not that mere physical admiration -of beauty that is born of the senses and that dies when the senses -tire. It was such love as Michelangelo had known, and Montaigne, and -Winckelmann, and Shakespeare himself. Yes, Basil could have saved him. -But it was too late now. The past could always be annihilated. -Regret, denial, or forgetfulness could do that. But the future was -inevitable. There were passions in him that would find their terrible -outlet, dreams that would make the shadow of their evil real. - -He took up from the couch the great purple-and-gold texture that -covered it, and, holding it in his hands, passed behind the screen. -Was the face on the canvas viler than before? It seemed to him that it -was unchanged, and yet his loathing of it was intensified. Gold hair, -blue eyes, and rose-red lips--they all were there. It was simply the -expression that had altered. That was horrible in its cruelty. -Compared to what he saw in it of censure or rebuke, how shallow Basil's -reproaches about Sibyl Vane had been!--how shallow, and of what little -account! His own soul was looking out at him from the canvas and -calling him to judgement. A look of pain came across him, and he flung -the rich pall over the picture. As he did so, a knock came to the -door. He passed out as his servant entered. - -"The persons are here, Monsieur." - -He felt that the man must be got rid of at once. He must not be -allowed to know where the picture was being taken to. There was -something sly about him, and he had thoughtful, treacherous eyes. -Sitting down at the writing-table he scribbled a note to Lord Henry, -asking him to send him round something to read and reminding him that -they were to meet at eight-fifteen that evening. - -"Wait for an answer," he said, handing it to him, "and show the men in -here." - -In two or three minutes there was another knock, and Mr. Hubbard -himself, the celebrated frame-maker of South Audley Street, came in -with a somewhat rough-looking young assistant. Mr. Hubbard was a -florid, red-whiskered little man, whose admiration for art was -considerably tempered by the inveterate impecuniosity of most of the -artists who dealt with him. As a rule, he never left his shop. He -waited for people to come to him. But he always made an exception in -favour of Dorian Gray. There was something about Dorian that charmed -everybody. It was a pleasure even to see him. - -"What can I do for you, Mr. Gray?" he said, rubbing his fat freckled -hands. "I thought I would do myself the honour of coming round in -person. I have just got a beauty of a frame, sir. Picked it up at a -sale. Old Florentine. Came from Fonthill, I believe. Admirably -suited for a religious subject, Mr. Gray." - -"I am so sorry you have given yourself the trouble of coming round, Mr. -Hubbard. I shall certainly drop in and look at the frame--though I -don't go in much at present for religious art--but to-day I only want a -picture carried to the top of the house for me. It is rather heavy, so -I thought I would ask you to lend me a couple of your men." - -"No trouble at all, Mr. Gray. I am delighted to be of any service to -you. Which is the work of art, sir?" - -"This," replied Dorian, moving the screen back. "Can you move it, -covering and all, just as it is? I don't want it to get scratched -going upstairs." - -"There will be no difficulty, sir," said the genial frame-maker, -beginning, with the aid of his assistant, to unhook the picture from -the long brass chains by which it was suspended. "And, now, where -shall we carry it to, Mr. Gray?" - -"I will show you the way, Mr. Hubbard, if you will kindly follow me. -Or perhaps you had better go in front. I am afraid it is right at the -top of the house. We will go up by the front staircase, as it is -wider." - -He held the door open for them, and they passed out into the hall and -began the ascent. The elaborate character of the frame had made the -picture extremely bulky, and now and then, in spite of the obsequious -protests of Mr. Hubbard, who had the true tradesman's spirited dislike -of seeing a gentleman doing anything useful, Dorian put his hand to it -so as to help them. - -"Something of a load to carry, sir," gasped the little man when they -reached the top landing. And he wiped his shiny forehead. - -"I am afraid it is rather heavy," murmured Dorian as he unlocked the -door that opened into the room that was to keep for him the curious -secret of his life and hide his soul from the eyes of men. - -He had not entered the place for more than four years--not, indeed, -since he had used it first as a play-room when he was a child, and then -as a study when he grew somewhat older. It was a large, -well-proportioned room, which had been specially built by the last Lord -Kelso for the use of the little grandson whom, for his strange likeness -to his mother, and also for other reasons, he had always hated and -desired to keep at a distance. It appeared to Dorian to have but -little changed. There was the huge Italian _cassone_, with its -fantastically painted panels and its tarnished gilt mouldings, in which -he had so often hidden himself as a boy. There the satinwood book-case -filled with his dog-eared schoolbooks. On the wall behind it was -hanging the same ragged Flemish tapestry where a faded king and queen -were playing chess in a garden, while a company of hawkers rode by, -carrying hooded birds on their gauntleted wrists. How well he -remembered it all! Every moment of his lonely childhood came back to -him as he looked round. He recalled the stainless purity of his boyish -life, and it seemed horrible to him that it was here the fatal portrait -was to be hidden away. How little he had thought, in those dead days, -of all that was in store for him! - -But there was no other place in the house so secure from prying eyes as -this. He had the key, and no one else could enter it. Beneath its -purple pall, the face painted on the canvas could grow bestial, sodden, -and unclean. What did it matter? No one could see it. He himself -would not see it. Why should he watch the hideous corruption of his -soul? He kept his youth--that was enough. And, besides, might not -his nature grow finer, after all? There was no reason that the future -should be so full of shame. Some love might come across his life, and -purify him, and shield him from those sins that seemed to be already -stirring in spirit and in flesh--those curious unpictured sins whose -very mystery lent them their subtlety and their charm. Perhaps, some -day, the cruel look would have passed away from the scarlet sensitive -mouth, and he might show to the world Basil Hallward's masterpiece. - -No; that was impossible. Hour by hour, and week by week, the thing -upon the canvas was growing old. It might escape the hideousness of -sin, but the hideousness of age was in store for it. The cheeks would -become hollow or flaccid. Yellow crow's feet would creep round the -fading eyes and make them horrible. The hair would lose its -brightness, the mouth would gape or droop, would be foolish or gross, -as the mouths of old men are. There would be the wrinkled throat, the -cold, blue-veined hands, the twisted body, that he remembered in the -grandfather who had been so stern to him in his boyhood. The picture -had to be concealed. There was no help for it. - -"Bring it in, Mr. Hubbard, please," he said, wearily, turning round. -"I am sorry I kept you so long. I was thinking of something else." - -"Always glad to have a rest, Mr. Gray," answered the frame-maker, who -was still gasping for breath. "Where shall we put it, sir?" - -"Oh, anywhere. Here: this will do. I don't want to have it hung up. -Just lean it against the wall. Thanks." - -"Might one look at the work of art, sir?" - -Dorian started. "It would not interest you, Mr. Hubbard," he said, -keeping his eye on the man. He felt ready to leap upon him and fling -him to the ground if he dared to lift the gorgeous hanging that -concealed the secret of his life. "I shan't trouble you any more now. -I am much obliged for your kindness in coming round." - -"Not at all, not at all, Mr. Gray. Ever ready to do anything for you, -sir." And Mr. Hubbard tramped downstairs, followed by the assistant, -who glanced back at Dorian with a look of shy wonder in his rough -uncomely face. He had never seen any one so marvellous. - -When the sound of their footsteps had died away, Dorian locked the door -and put the key in his pocket. He felt safe now. No one would ever -look upon the horrible thing. No eye but his would ever see his shame. - -On reaching the library, he found that it was just after five o'clock -and that the tea had been already brought up. On a little table of -dark perfumed wood thickly incrusted with nacre, a present from Lady -Radley, his guardian's wife, a pretty professional invalid who had -spent the preceding winter in Cairo, was lying a note from Lord Henry, -and beside it was a book bound in yellow paper, the cover slightly torn -and the edges soiled. A copy of the third edition of _The St. James's -Gazette_ had been placed on the tea-tray. It was evident that Victor had -returned. He wondered if he had met the men in the hall as they were -leaving the house and had wormed out of them what they had been doing. -He would be sure to miss the picture--had no doubt missed it already, -while he had been laying the tea-things. The screen had not been set -back, and a blank space was visible on the wall. Perhaps some night he -might find him creeping upstairs and trying to force the door of the -room. It was a horrible thing to have a spy in one's house. He had -heard of rich men who had been blackmailed all their lives by some -servant who had read a letter, or overheard a conversation, or picked -up a card with an address, or found beneath a pillow a withered flower -or a shred of crumpled lace. - -He sighed, and having poured himself out some tea, opened Lord Henry's -note. It was simply to say that he sent him round the evening paper, -and a book that might interest him, and that he would be at the club at -eight-fifteen. He opened _The St. James's_ languidly, and looked through -it. A red pencil-mark on the fifth page caught his eye. It drew -attention to the following paragraph: - - -INQUEST ON AN ACTRESS.--An inquest was held this morning at the Bell -Tavern, Hoxton Road, by Mr. Danby, the District Coroner, on the body of -Sibyl Vane, a young actress recently engaged at the Royal Theatre, -Holborn. A verdict of death by misadventure was returned. -Considerable sympathy was expressed for the mother of the deceased, who -was greatly affected during the giving of her own evidence, and that of -Dr. Birrell, who had made the post-mortem examination of the deceased. - - -He frowned, and tearing the paper in two, went across the room and -flung the pieces away. How ugly it all was! And how horribly real -ugliness made things! He felt a little annoyed with Lord Henry for -having sent him the report. And it was certainly stupid of him to have -marked it with red pencil. Victor might have read it. The man knew -more than enough English for that. - -Perhaps he had read it and had begun to suspect something. And, yet, -what did it matter? What had Dorian Gray to do with Sibyl Vane's -death? There was nothing to fear. Dorian Gray had not killed her. - -His eye fell on the yellow book that Lord Henry had sent him. What was -it, he wondered. He went towards the little, pearl-coloured octagonal -stand that had always looked to him like the work of some strange -Egyptian bees that wrought in silver, and taking up the volume, flung -himself into an arm-chair and began to turn over the leaves. After a -few minutes he became absorbed. It was the strangest book that he had -ever read. It seemed to him that in exquisite raiment, and to the -delicate sound of flutes, the sins of the world were passing in dumb -show before him. Things that he had dimly dreamed of were suddenly -made real to him. Things of which he had never dreamed were gradually -revealed. - -It was a novel without a plot and with only one character, being, -indeed, simply a psychological study of a certain young Parisian who -spent his life trying to realize in the nineteenth century all the -passions and modes of thought that belonged to every century except his -own, and to sum up, as it were, in himself the various moods through -which the world-spirit had ever passed, loving for their mere -artificiality those renunciations that men have unwisely called virtue, -as much as those natural rebellions that wise men still call sin. The -style in which it was written was that curious jewelled style, vivid -and obscure at once, full of _argot_ and of archaisms, of technical -expressions and of elaborate paraphrases, that characterizes the work -of some of the finest artists of the French school of _Symbolistes_. -There were in it metaphors as monstrous as orchids and as subtle in -colour. The life of the senses was described in the terms of mystical -philosophy. One hardly knew at times whether one was reading the -spiritual ecstasies of some mediaeval saint or the morbid confessions -of a modern sinner. It was a poisonous book. The heavy odour of -incense seemed to cling about its pages and to trouble the brain. The -mere cadence of the sentences, the subtle monotony of their music, so -full as it was of complex refrains and movements elaborately repeated, -produced in the mind of the lad, as he passed from chapter to chapter, -a form of reverie, a malady of dreaming, that made him unconscious of -the falling day and creeping shadows. - -Cloudless, and pierced by one solitary star, a copper-green sky gleamed -through the windows. He read on by its wan light till he could read no -more. Then, after his valet had reminded him several times of the -lateness of the hour, he got up, and going into the next room, placed -the book on the little Florentine table that always stood at his -bedside and began to dress for dinner. - -It was almost nine o'clock before he reached the club, where he found -Lord Henry sitting alone, in the morning-room, looking very much bored. - -"I am so sorry, Harry," he cried, "but really it is entirely your -fault. That book you sent me so fascinated me that I forgot how the -time was going." - -"Yes, I thought you would like it," replied his host, rising from his -chair. - -"I didn't say I liked it, Harry. I said it fascinated me. There is a -great difference." - -"Ah, you have discovered that?" murmured Lord Henry. And they passed -into the dining-room. - - - -CHAPTER 11 - -For years, Dorian Gray could not free himself from the influence of -this book. Or perhaps it would be more accurate to say that he never -sought to free himself from it. He procured from Paris no less than -nine large-paper copies of the first edition, and had them bound in -different colours, so that they might suit his various moods and the -changing fancies of a nature over which he seemed, at times, to have -almost entirely lost control. The hero, the wonderful young Parisian -in whom the romantic and the scientific temperaments were so strangely -blended, became to him a kind of prefiguring type of himself. And, -indeed, the whole book seemed to him to contain the story of his own -life, written before he had lived it. - -In one point he was more fortunate than the novel's fantastic hero. He -never knew--never, indeed, had any cause to know--that somewhat -grotesque dread of mirrors, and polished metal surfaces, and still -water which came upon the young Parisian so early in his life, and was -occasioned by the sudden decay of a beau that had once, apparently, -been so remarkable. It was with an almost cruel joy--and perhaps in -nearly every joy, as certainly in every pleasure, cruelty has its -place--that he used to read the latter part of the book, with its -really tragic, if somewhat overemphasized, account of the sorrow and -despair of one who had himself lost what in others, and the world, he -had most dearly valued. - -For the wonderful beauty that had so fascinated Basil Hallward, and -many others besides him, seemed never to leave him. Even those who had -heard the most evil things against him--and from time to time strange -rumours about his mode of life crept through London and became the -chatter of the clubs--could not believe anything to his dishonour when -they saw him. He had always the look of one who had kept himself -unspotted from the world. Men who talked grossly became silent when -Dorian Gray entered the room. There was something in the purity of his -face that rebuked them. His mere presence seemed to recall to them the -memory of the innocence that they had tarnished. They wondered how one -so charming and graceful as he was could have escaped the stain of an -age that was at once sordid and sensual. - -Often, on returning home from one of those mysterious and prolonged -absences that gave rise to such strange conjecture among those who were -his friends, or thought that they were so, he himself would creep -upstairs to the locked room, open the door with the key that never left -him now, and stand, with a mirror, in front of the portrait that Basil -Hallward had painted of him, looking now at the evil and aging face on -the canvas, and now at the fair young face that laughed back at him -from the polished glass. The very sharpness of the contrast used to -quicken his sense of pleasure. He grew more and more enamoured of his -own beauty, more and more interested in the corruption of his own soul. -He would examine with minute care, and sometimes with a monstrous and -terrible delight, the hideous lines that seared the wrinkling forehead -or crawled around the heavy sensual mouth, wondering sometimes which -were the more horrible, the signs of sin or the signs of age. He would -place his white hands beside the coarse bloated hands of the picture, -and smile. He mocked the misshapen body and the failing limbs. - -There were moments, indeed, at night, when, lying sleepless in his own -delicately scented chamber, or in the sordid room of the little -ill-famed tavern near the docks which, under an assumed name and in -disguise, it was his habit to frequent, he would think of the ruin he -had brought upon his soul with a pity that was all the more poignant -because it was purely selfish. But moments such as these were rare. -That curiosity about life which Lord Henry had first stirred in him, as -they sat together in the garden of their friend, seemed to increase -with gratification. The more he knew, the more he desired to know. He -had mad hungers that grew more ravenous as he fed them. - -Yet he was not really reckless, at any rate in his relations to -society. Once or twice every month during the winter, and on each -Wednesday evening while the season lasted, he would throw open to the -world his beautiful house and have the most celebrated musicians of the -day to charm his guests with the wonders of their art. His little -dinners, in the settling of which Lord Henry always assisted him, were -noted as much for the careful selection and placing of those invited, -as for the exquisite taste shown in the decoration of the table, with -its subtle symphonic arrangements of exotic flowers, and embroidered -cloths, and antique plate of gold and silver. Indeed, there were many, -especially among the very young men, who saw, or fancied that they saw, -in Dorian Gray the true realization of a type of which they had often -dreamed in Eton or Oxford days, a type that was to combine something of -the real culture of the scholar with all the grace and distinction and -perfect manner of a citizen of the world. To them he seemed to be of -the company of those whom Dante describes as having sought to "make -themselves perfect by the worship of beauty." Like Gautier, he was one -for whom "the visible world existed." - -And, certainly, to him life itself was the first, the greatest, of the -arts, and for it all the other arts seemed to be but a preparation. -Fashion, by which what is really fantastic becomes for a moment -universal, and dandyism, which, in its own way, is an attempt to assert -the absolute modernity of beauty, had, of course, their fascination for -him. His mode of dressing, and the particular styles that from time to -time he affected, had their marked influence on the young exquisites of -the Mayfair balls and Pall Mall club windows, who copied him in -everything that he did, and tried to reproduce the accidental charm of -his graceful, though to him only half-serious, fopperies. - -For, while he was but too ready to accept the position that was almost -immediately offered to him on his coming of age, and found, indeed, a -subtle pleasure in the thought that he might really become to the -London of his own day what to imperial Neronian Rome the author of the -Satyricon once had been, yet in his inmost heart he desired to be -something more than a mere _arbiter elegantiarum_, to be consulted on the -wearing of a jewel, or the knotting of a necktie, or the conduct of a -cane. He sought to elaborate some new scheme of life that would have -its reasoned philosophy and its ordered principles, and find in the -spiritualizing of the senses its highest realization. - -The worship of the senses has often, and with much justice, been -decried, men feeling a natural instinct of terror about passions and -sensations that seem stronger than themselves, and that they are -conscious of sharing with the less highly organized forms of existence. -But it appeared to Dorian Gray that the true nature of the senses had -never been understood, and that they had remained savage and animal -merely because the world had sought to starve them into submission or -to kill them by pain, instead of aiming at making them elements of a -new spirituality, of which a fine instinct for beauty was to be the -dominant characteristic. As he looked back upon man moving through -history, he was haunted by a feeling of loss. So much had been -surrendered! and to such little purpose! There had been mad wilful -rejections, monstrous forms of self-torture and self-denial, whose -origin was fear and whose result was a degradation infinitely more -terrible than that fancied degradation from which, in their ignorance, -they had sought to escape; Nature, in her wonderful irony, driving out -the anchorite to feed with the wild animals of the desert and giving to -the hermit the beasts of the field as his companions. - -Yes: there was to be, as Lord Henry had prophesied, a new Hedonism -that was to recreate life and to save it from that harsh uncomely -puritanism that is having, in our own day, its curious revival. It was -to have its service of the intellect, certainly, yet it was never to -accept any theory or system that would involve the sacrifice of any -mode of passionate experience. Its aim, indeed, was to be experience -itself, and not the fruits of experience, sweet or bitter as they might -be. Of the asceticism that deadens the senses, as of the vulgar -profligacy that dulls them, it was to know nothing. But it was to -teach man to concentrate himself upon the moments of a life that is -itself but a moment. - -There are few of us who have not sometimes wakened before dawn, either -after one of those dreamless nights that make us almost enamoured of -death, or one of those nights of horror and misshapen joy, when through -the chambers of the brain sweep phantoms more terrible than reality -itself, and instinct with that vivid life that lurks in all grotesques, -and that lends to Gothic art its enduring vitality, this art being, one -might fancy, especially the art of those whose minds have been troubled -with the malady of reverie. Gradually white fingers creep through the -curtains, and they appear to tremble. In black fantastic shapes, dumb -shadows crawl into the corners of the room and crouch there. Outside, -there is the stirring of birds among the leaves, or the sound of men -going forth to their work, or the sigh and sob of the wind coming down -from the hills and wandering round the silent house, as though it -feared to wake the sleepers and yet must needs call forth sleep from -her purple cave. Veil after veil of thin dusky gauze is lifted, and by -degrees the forms and colours of things are restored to them, and we -watch the dawn remaking the world in its antique pattern. The wan -mirrors get back their mimic life. The flameless tapers stand where we -had left them, and beside them lies the half-cut book that we had been -studying, or the wired flower that we had worn at the ball, or the -letter that we had been afraid to read, or that we had read too often. -Nothing seems to us changed. Out of the unreal shadows of the night -comes back the real life that we had known. We have to resume it where -we had left off, and there steals over us a terrible sense of the -necessity for the continuance of energy in the same wearisome round of -stereotyped habits, or a wild longing, it may be, that our eyelids -might open some morning upon a world that had been refashioned anew in -the darkness for our pleasure, a world in which things would have fresh -shapes and colours, and be changed, or have other secrets, a world in -which the past would have little or no place, or survive, at any rate, -in no conscious form of obligation or regret, the remembrance even of -joy having its bitterness and the memories of pleasure their pain. - -It was the creation of such worlds as these that seemed to Dorian Gray -to be the true object, or amongst the true objects, of life; and in his -search for sensations that would be at once new and delightful, and -possess that element of strangeness that is so essential to romance, he -would often adopt certain modes of thought that he knew to be really -alien to his nature, abandon himself to their subtle influences, and -then, having, as it were, caught their colour and satisfied his -intellectual curiosity, leave them with that curious indifference that -is not incompatible with a real ardour of temperament, and that, -indeed, according to certain modern psychologists, is often a condition -of it. - -It was rumoured of him once that he was about to join the Roman -Catholic communion, and certainly the Roman ritual had always a great -attraction for him. The daily sacrifice, more awful really than all -the sacrifices of the antique world, stirred him as much by its superb -rejection of the evidence of the senses as by the primitive simplicity -of its elements and the eternal pathos of the human tragedy that it -sought to symbolize. He loved to kneel down on the cold marble -pavement and watch the priest, in his stiff flowered dalmatic, slowly -and with white hands moving aside the veil of the tabernacle, or -raising aloft the jewelled, lantern-shaped monstrance with that pallid -wafer that at times, one would fain think, is indeed the "_panis -caelestis_," the bread of angels, or, robed in the garments of the -Passion of Christ, breaking the Host into the chalice and smiting his -breast for his sins. The fuming censers that the grave boys, in their -lace and scarlet, tossed into the air like great gilt flowers had their -subtle fascination for him. As he passed out, he used to look with -wonder at the black confessionals and long to sit in the dim shadow of -one of them and listen to men and women whispering through the worn -grating the true story of their lives. - -But he never fell into the error of arresting his intellectual -development by any formal acceptance of creed or system, or of -mistaking, for a house in which to live, an inn that is but suitable -for the sojourn of a night, or for a few hours of a night in which -there are no stars and the moon is in travail. Mysticism, with its -marvellous power of making common things strange to us, and the subtle -antinomianism that always seems to accompany it, moved him for a -season; and for a season he inclined to the materialistic doctrines of -the _Darwinismus_ movement in Germany, and found a curious pleasure in -tracing the thoughts and passions of men to some pearly cell in the -brain, or some white nerve in the body, delighting in the conception of -the absolute dependence of the spirit on certain physical conditions, -morbid or healthy, normal or diseased. Yet, as has been said of him -before, no theory of life seemed to him to be of any importance -compared with life itself. He felt keenly conscious of how barren all -intellectual speculation is when separated from action and experiment. -He knew that the senses, no less than the soul, have their spiritual -mysteries to reveal. - -And so he would now study perfumes and the secrets of their -manufacture, distilling heavily scented oils and burning odorous gums -from the East. He saw that there was no mood of the mind that had not -its counterpart in the sensuous life, and set himself to discover their -true relations, wondering what there was in frankincense that made one -mystical, and in ambergris that stirred one's passions, and in violets -that woke the memory of dead romances, and in musk that troubled the -brain, and in champak that stained the imagination; and seeking often -to elaborate a real psychology of perfumes, and to estimate the several -influences of sweet-smelling roots and scented, pollen-laden flowers; -of aromatic balms and of dark and fragrant woods; of spikenard, that -sickens; of hovenia, that makes men mad; and of aloes, that are said to -be able to expel melancholy from the soul. - -At another time he devoted himself entirely to music, and in a long -latticed room, with a vermilion-and-gold ceiling and walls of -olive-green lacquer, he used to give curious concerts in which mad -gipsies tore wild music from little zithers, or grave, yellow-shawled -Tunisians plucked at the strained strings of monstrous lutes, while -grinning Negroes beat monotonously upon copper drums and, crouching -upon scarlet mats, slim turbaned Indians blew through long pipes of -reed or brass and charmed--or feigned to charm--great hooded snakes and -horrible horned adders. The harsh intervals and shrill discords of -barbaric music stirred him at times when Schubert's grace, and Chopin's -beautiful sorrows, and the mighty harmonies of Beethoven himself, fell -unheeded on his ear. He collected together from all parts of the world -the strangest instruments that could be found, either in the tombs of -dead nations or among the few savage tribes that have survived contact -with Western civilizations, and loved to touch and try them. He had -the mysterious _juruparis_ of the Rio Negro Indians, that women are not -allowed to look at and that even youths may not see till they have been -subjected to fasting and scourging, and the earthen jars of the -Peruvians that have the shrill cries of birds, and flutes of human -bones such as Alfonso de Ovalle heard in Chile, and the sonorous green -jaspers that are found near Cuzco and give forth a note of singular -sweetness. He had painted gourds filled with pebbles that rattled when -they were shaken; the long _clarin_ of the Mexicans, into which the -performer does not blow, but through which he inhales the air; the -harsh _ture_ of the Amazon tribes, that is sounded by the sentinels who -sit all day long in high trees, and can be heard, it is said, at a -distance of three leagues; the _teponaztli_, that has two vibrating -tongues of wood and is beaten with sticks that are smeared with an -elastic gum obtained from the milky juice of plants; the _yotl_-bells of -the Aztecs, that are hung in clusters like grapes; and a huge -cylindrical drum, covered with the skins of great serpents, like the -one that Bernal Diaz saw when he went with Cortes into the Mexican -temple, and of whose doleful sound he has left us so vivid a -description. The fantastic character of these instruments fascinated -him, and he felt a curious delight in the thought that art, like -Nature, has her monsters, things of bestial shape and with hideous -voices. Yet, after some time, he wearied of them, and would sit in his -box at the opera, either alone or with Lord Henry, listening in rapt -pleasure to "Tannhauser" and seeing in the prelude to that great work -of art a presentation of the tragedy of his own soul. - -On one occasion he took up the study of jewels, and appeared at a -costume ball as Anne de Joyeuse, Admiral of France, in a dress covered -with five hundred and sixty pearls. This taste enthralled him for -years, and, indeed, may be said never to have left him. He would often -spend a whole day settling and resettling in their cases the various -stones that he had collected, such as the olive-green chrysoberyl that -turns red by lamplight, the cymophane with its wirelike line of silver, -the pistachio-coloured peridot, rose-pink and wine-yellow topazes, -carbuncles of fiery scarlet with tremulous, four-rayed stars, flame-red -cinnamon-stones, orange and violet spinels, and amethysts with their -alternate layers of ruby and sapphire. He loved the red gold of the -sunstone, and the moonstone's pearly whiteness, and the broken rainbow -of the milky opal. He procured from Amsterdam three emeralds of -extraordinary size and richness of colour, and had a turquoise _de la -vieille roche_ that was the envy of all the connoisseurs. - -He discovered wonderful stories, also, about jewels. In Alphonso's -Clericalis Disciplina a serpent was mentioned with eyes of real -jacinth, and in the romantic history of Alexander, the Conqueror of -Emathia was said to have found in the vale of Jordan snakes "with -collars of real emeralds growing on their backs." There was a gem in -the brain of the dragon, Philostratus told us, and "by the exhibition -of golden letters and a scarlet robe" the monster could be thrown into -a magical sleep and slain. According to the great alchemist, Pierre de -Boniface, the diamond rendered a man invisible, and the agate of India -made him eloquent. The cornelian appeased anger, and the hyacinth -provoked sleep, and the amethyst drove away the fumes of wine. The -garnet cast out demons, and the hydropicus deprived the moon of her -colour. The selenite waxed and waned with the moon, and the meloceus, -that discovers thieves, could be affected only by the blood of kids. -Leonardus Camillus had seen a white stone taken from the brain of a -newly killed toad, that was a certain antidote against poison. The -bezoar, that was found in the heart of the Arabian deer, was a charm -that could cure the plague. In the nests of Arabian birds was the -aspilates, that, according to Democritus, kept the wearer from any -danger by fire. - -The King of Ceilan rode through his city with a large ruby in his hand, -as the ceremony of his coronation. The gates of the palace of John the -Priest were "made of sardius, with the horn of the horned snake -inwrought, so that no man might bring poison within." Over the gable -were "two golden apples, in which were two carbuncles," so that the -gold might shine by day and the carbuncles by night. In Lodge's -strange romance 'A Margarite of America', it was stated that in the -chamber of the queen one could behold "all the chaste ladies of the -world, inchased out of silver, looking through fair mirrours of -chrysolites, carbuncles, sapphires, and greene emeraults." Marco Polo -had seen the inhabitants of Zipangu place rose-coloured pearls in the -mouths of the dead. A sea-monster had been enamoured of the pearl that -the diver brought to King Perozes, and had slain the thief, and mourned -for seven moons over its loss. When the Huns lured the king into the -great pit, he flung it away--Procopius tells the story--nor was it ever -found again, though the Emperor Anastasius offered five hundred-weight -of gold pieces for it. The King of Malabar had shown to a certain -Venetian a rosary of three hundred and four pearls, one for every god -that he worshipped. - -When the Duke de Valentinois, son of Alexander VI, visited Louis XII of -France, his horse was loaded with gold leaves, according to Brantome, -and his cap had double rows of rubies that threw out a great light. -Charles of England had ridden in stirrups hung with four hundred and -twenty-one diamonds. Richard II had a coat, valued at thirty thousand -marks, which was covered with balas rubies. Hall described Henry VIII, -on his way to the Tower previous to his coronation, as wearing "a -jacket of raised gold, the placard embroidered with diamonds and other -rich stones, and a great bauderike about his neck of large balasses." -The favourites of James I wore ear-rings of emeralds set in gold -filigrane. Edward II gave to Piers Gaveston a suit of red-gold armour -studded with jacinths, a collar of gold roses set with -turquoise-stones, and a skull-cap _parseme_ with pearls. Henry II wore -jewelled gloves reaching to the elbow, and had a hawk-glove sewn with -twelve rubies and fifty-two great orients. The ducal hat of Charles -the Rash, the last Duke of Burgundy of his race, was hung with -pear-shaped pearls and studded with sapphires. - -How exquisite life had once been! How gorgeous in its pomp and -decoration! Even to read of the luxury of the dead was wonderful. - -Then he turned his attention to embroideries and to the tapestries that -performed the office of frescoes in the chill rooms of the northern -nations of Europe. As he investigated the subject--and he always had -an extraordinary faculty of becoming absolutely absorbed for the moment -in whatever he took up--he was almost saddened by the reflection of the -ruin that time brought on beautiful and wonderful things. He, at any -rate, had escaped that. Summer followed summer, and the yellow -jonquils bloomed and died many times, and nights of horror repeated the -story of their shame, but he was unchanged. No winter marred his face -or stained his flowerlike bloom. How different it was with material -things! Where had they passed to? Where was the great crocus-coloured -robe, on which the gods fought against the giants, that had been worked -by brown girls for the pleasure of Athena? Where the huge velarium -that Nero had stretched across the Colosseum at Rome, that Titan sail -of purple on which was represented the starry sky, and Apollo driving a -chariot drawn by white, gilt-reined steeds? He longed to see the -curious table-napkins wrought for the Priest of the Sun, on which were -displayed all the dainties and viands that could be wanted for a feast; -the mortuary cloth of King Chilperic, with its three hundred golden -bees; the fantastic robes that excited the indignation of the Bishop of -Pontus and were figured with "lions, panthers, bears, dogs, forests, -rocks, hunters--all, in fact, that a painter can copy from nature"; and -the coat that Charles of Orleans once wore, on the sleeves of which -were embroidered the verses of a song beginning "_Madame, je suis tout -joyeux_," the musical accompaniment of the words being wrought in gold -thread, and each note, of square shape in those days, formed with four -pearls. He read of the room that was prepared at the palace at Rheims -for the use of Queen Joan of Burgundy and was decorated with "thirteen -hundred and twenty-one parrots, made in broidery, and blazoned with the -king's arms, and five hundred and sixty-one butterflies, whose wings -were similarly ornamented with the arms of the queen, the whole worked -in gold." Catherine de Medicis had a mourning-bed made for her of -black velvet powdered with crescents and suns. Its curtains were of -damask, with leafy wreaths and garlands, figured upon a gold and silver -ground, and fringed along the edges with broideries of pearls, and it -stood in a room hung with rows of the queen's devices in cut black -velvet upon cloth of silver. Louis XIV had gold embroidered caryatides -fifteen feet high in his apartment. The state bed of Sobieski, King of -Poland, was made of Smyrna gold brocade embroidered in turquoises with -verses from the Koran. Its supports were of silver gilt, beautifully -chased, and profusely set with enamelled and jewelled medallions. It -had been taken from the Turkish camp before Vienna, and the standard of -Mohammed had stood beneath the tremulous gilt of its canopy. - -And so, for a whole year, he sought to accumulate the most exquisite -specimens that he could find of textile and embroidered work, getting -the dainty Delhi muslins, finely wrought with gold-thread palmates and -stitched over with iridescent beetles' wings; the Dacca gauzes, that -from their transparency are known in the East as "woven air," and -"running water," and "evening dew"; strange figured cloths from Java; -elaborate yellow Chinese hangings; books bound in tawny satins or fair -blue silks and wrought with _fleurs-de-lis_, birds and images; veils of -_lacis_ worked in Hungary point; Sicilian brocades and stiff Spanish -velvets; Georgian work, with its gilt coins, and Japanese _Foukousas_, -with their green-toned golds and their marvellously plumaged birds. - -He had a special passion, also, for ecclesiastical vestments, as indeed -he had for everything connected with the service of the Church. In the -long cedar chests that lined the west gallery of his house, he had -stored away many rare and beautiful specimens of what is really the -raiment of the Bride of Christ, who must wear purple and jewels and -fine linen that she may hide the pallid macerated body that is worn by -the suffering that she seeks for and wounded by self-inflicted pain. -He possessed a gorgeous cope of crimson silk and gold-thread damask, -figured with a repeating pattern of golden pomegranates set in -six-petalled formal blossoms, beyond which on either side was the -pine-apple device wrought in seed-pearls. The orphreys were divided -into panels representing scenes from the life of the Virgin, and the -coronation of the Virgin was figured in coloured silks upon the hood. -This was Italian work of the fifteenth century. Another cope was of -green velvet, embroidered with heart-shaped groups of acanthus-leaves, -from which spread long-stemmed white blossoms, the details of which -were picked out with silver thread and coloured crystals. The morse -bore a seraph's head in gold-thread raised work. The orphreys were -woven in a diaper of red and gold silk, and were starred with -medallions of many saints and martyrs, among whom was St. Sebastian. -He had chasubles, also, of amber-coloured silk, and blue silk and gold -brocade, and yellow silk damask and cloth of gold, figured with -representations of the Passion and Crucifixion of Christ, and -embroidered with lions and peacocks and other emblems; dalmatics of -white satin and pink silk damask, decorated with tulips and dolphins -and _fleurs-de-lis_; altar frontals of crimson velvet and blue linen; and -many corporals, chalice-veils, and sudaria. In the mystic offices to -which such things were put, there was something that quickened his -imagination. - -For these treasures, and everything that he collected in his lovely -house, were to be to him means of forgetfulness, modes by which he -could escape, for a season, from the fear that seemed to him at times -to be almost too great to be borne. Upon the walls of the lonely -locked room where he had spent so much of his boyhood, he had hung with -his own hands the terrible portrait whose changing features showed him -the real degradation of his life, and in front of it had draped the -purple-and-gold pall as a curtain. For weeks he would not go there, -would forget the hideous painted thing, and get back his light heart, -his wonderful joyousness, his passionate absorption in mere existence. -Then, suddenly, some night he would creep out of the house, go down to -dreadful places near Blue Gate Fields, and stay there, day after day, -until he was driven away. On his return he would sit in front of the -picture, sometimes loathing it and himself, but filled, at other -times, with that pride of individualism that is half the -fascination of sin, and smiling with secret pleasure at the misshapen -shadow that had to bear the burden that should have been his own. - -After a few years he could not endure to be long out of England, and -gave up the villa that he had shared at Trouville with Lord Henry, as -well as the little white walled-in house at Algiers where they had more -than once spent the winter. He hated to be separated from the picture -that was such a part of his life, and was also afraid that during his -absence some one might gain access to the room, in spite of the -elaborate bars that he had caused to be placed upon the door. - -He was quite conscious that this would tell them nothing. It was true -that the portrait still preserved, under all the foulness and ugliness -of the face, its marked likeness to himself; but what could they learn -from that? He would laugh at any one who tried to taunt him. He had -not painted it. What was it to him how vile and full of shame it -looked? Even if he told them, would they believe it? - -Yet he was afraid. Sometimes when he was down at his great house in -Nottinghamshire, entertaining the fashionable young men of his own rank -who were his chief companions, and astounding the county by the wanton -luxury and gorgeous splendour of his mode of life, he would suddenly -leave his guests and rush back to town to see that the door had not -been tampered with and that the picture was still there. What if it -should be stolen? The mere thought made him cold with horror. Surely -the world would know his secret then. Perhaps the world already -suspected it. - -For, while he fascinated many, there were not a few who distrusted him. -He was very nearly blackballed at a West End club of which his birth -and social position fully entitled him to become a member, and it was -said that on one occasion, when he was brought by a friend into the -smoking-room of the Churchill, the Duke of Berwick and another -gentleman got up in a marked manner and went out. Curious stories -became current about him after he had passed his twenty-fifth year. It -was rumoured that he had been seen brawling with foreign sailors in a -low den in the distant parts of Whitechapel, and that he consorted with -thieves and coiners and knew the mysteries of their trade. His -extraordinary absences became notorious, and, when he used to reappear -again in society, men would whisper to each other in corners, or pass -him with a sneer, or look at him with cold searching eyes, as though -they were determined to discover his secret. - -Of such insolences and attempted slights he, of course, took no notice, -and in the opinion of most people his frank debonair manner, his -charming boyish smile, and the infinite grace of that wonderful youth -that seemed never to leave him, were in themselves a sufficient answer -to the calumnies, for so they termed them, that were circulated about -him. It was remarked, however, that some of those who had been most -intimate with him appeared, after a time, to shun him. Women who had -wildly adored him, and for his sake had braved all social censure and -set convention at defiance, were seen to grow pallid with shame or -horror if Dorian Gray entered the room. - -Yet these whispered scandals only increased in the eyes of many his -strange and dangerous charm. His great wealth was a certain element of -security. Society--civilized society, at least--is never very ready to -believe anything to the detriment of those who are both rich and -fascinating. It feels instinctively that manners are of more -importance than morals, and, in its opinion, the highest respectability -is of much less value than the possession of a good _chef_. And, after -all, it is a very poor consolation to be told that the man who has -given one a bad dinner, or poor wine, is irreproachable in his private -life. Even the cardinal virtues cannot atone for half-cold _entrees_, as -Lord Henry remarked once, in a discussion on the subject, and there is -possibly a good deal to be said for his view. For the canons of good -society are, or should be, the same as the canons of art. Form is -absolutely essential to it. It should have the dignity of a ceremony, -as well as its unreality, and should combine the insincere character of -a romantic play with the wit and beauty that make such plays delightful -to us. Is insincerity such a terrible thing? I think not. It is -merely a method by which we can multiply our personalities. - -Such, at any rate, was Dorian Gray's opinion. He used to wonder at the -shallow psychology of those who conceive the ego in man as a thing -simple, permanent, reliable, and of one essence. To him, man was a -being with myriad lives and myriad sensations, a complex multiform -creature that bore within itself strange legacies of thought and -passion, and whose very flesh was tainted with the monstrous maladies -of the dead. He loved to stroll through the gaunt cold picture-gallery -of his country house and look at the various portraits of those whose -blood flowed in his veins. Here was Philip Herbert, described by -Francis Osborne, in his Memoires on the Reigns of Queen Elizabeth and -King James, as one who was "caressed by the Court for his handsome -face, which kept him not long company." Was it young Herbert's life -that he sometimes led? Had some strange poisonous germ crept from body -to body till it had reached his own? Was it some dim sense of that -ruined grace that had made him so suddenly, and almost without cause, -give utterance, in Basil Hallward's studio, to the mad prayer that had -so changed his life? Here, in gold-embroidered red doublet, jewelled -surcoat, and gilt-edged ruff and wristbands, stood Sir Anthony Sherard, -with his silver-and-black armour piled at his feet. What had this -man's legacy been? Had the lover of Giovanna of Naples bequeathed him -some inheritance of sin and shame? Were his own actions merely the -dreams that the dead man had not dared to realize? Here, from the -fading canvas, smiled Lady Elizabeth Devereux, in her gauze hood, pearl -stomacher, and pink slashed sleeves. A flower was in her right hand, -and her left clasped an enamelled collar of white and damask roses. On -a table by her side lay a mandolin and an apple. There were large -green rosettes upon her little pointed shoes. He knew her life, and -the strange stories that were told about her lovers. Had he something -of her temperament in him? These oval, heavy-lidded eyes seemed to -look curiously at him. What of George Willoughby, with his powdered -hair and fantastic patches? How evil he looked! The face was -saturnine and swarthy, and the sensual lips seemed to be twisted with -disdain. Delicate lace ruffles fell over the lean yellow hands that -were so overladen with rings. He had been a macaroni of the eighteenth -century, and the friend, in his youth, of Lord Ferrars. What of the -second Lord Beckenham, the companion of the Prince Regent in his -wildest days, and one of the witnesses at the secret marriage with Mrs. -Fitzherbert? How proud and handsome he was, with his chestnut curls -and insolent pose! What passions had he bequeathed? The world had -looked upon him as infamous. He had led the orgies at Carlton House. -The star of the Garter glittered upon his breast. Beside him hung the -portrait of his wife, a pallid, thin-lipped woman in black. Her blood, -also, stirred within him. How curious it all seemed! And his mother -with her Lady Hamilton face and her moist, wine-dashed lips--he knew -what he had got from her. He had got from her his beauty, and his -passion for the beauty of others. She laughed at him in her loose -Bacchante dress. There were vine leaves in her hair. The purple -spilled from the cup she was holding. The carnations of the painting -had withered, but the eyes were still wonderful in their depth and -brilliancy of colour. They seemed to follow him wherever he went. - -Yet one had ancestors in literature as well as in one's own race, -nearer perhaps in type and temperament, many of them, and certainly -with an influence of which one was more absolutely conscious. There -were times when it appeared to Dorian Gray that the whole of history -was merely the record of his own life, not as he had lived it in act -and circumstance, but as his imagination had created it for him, as it -had been in his brain and in his passions. He felt that he had known -them all, those strange terrible figures that had passed across the -stage of the world and made sin so marvellous and evil so full of -subtlety. It seemed to him that in some mysterious way their lives had -been his own. - -The hero of the wonderful novel that had so influenced his life had -himself known this curious fancy. In the seventh chapter he tells how, -crowned with laurel, lest lightning might strike him, he had sat, as -Tiberius, in a garden at Capri, reading the shameful books of -Elephantis, while dwarfs and peacocks strutted round him and the -flute-player mocked the swinger of the censer; and, as Caligula, had -caroused with the green-shirted jockeys in their stables and supped in -an ivory manger with a jewel-frontleted horse; and, as Domitian, had -wandered through a corridor lined with marble mirrors, looking round -with haggard eyes for the reflection of the dagger that was to end his -days, and sick with that ennui, that terrible _taedium vitae_, that comes -on those to whom life denies nothing; and had peered through a clear -emerald at the red shambles of the circus and then, in a litter of -pearl and purple drawn by silver-shod mules, been carried through the -Street of Pomegranates to a House of Gold and heard men cry on Nero -Caesar as he passed by; and, as Elagabalus, had painted his face with -colours, and plied the distaff among the women, and brought the Moon -from Carthage and given her in mystic marriage to the Sun. - -Over and over again Dorian used to read this fantastic chapter, and the -two chapters immediately following, in which, as in some curious -tapestries or cunningly wrought enamels, were pictured the awful and -beautiful forms of those whom vice and blood and weariness had made -monstrous or mad: Filippo, Duke of Milan, who slew his wife and -painted her lips with a scarlet poison that her lover might suck death -from the dead thing he fondled; Pietro Barbi, the Venetian, known as -Paul the Second, who sought in his vanity to assume the title of -Formosus, and whose tiara, valued at two hundred thousand florins, was -bought at the price of a terrible sin; Gian Maria Visconti, who used -hounds to chase living men and whose murdered body was covered with -roses by a harlot who had loved him; the Borgia on his white horse, -with Fratricide riding beside him and his mantle stained with the blood -of Perotto; Pietro Riario, the young Cardinal Archbishop of Florence, -child and minion of Sixtus IV, whose beauty was equalled only by his -debauchery, and who received Leonora of Aragon in a pavilion of white -and crimson silk, filled with nymphs and centaurs, and gilded a boy -that he might serve at the feast as Ganymede or Hylas; Ezzelin, whose -melancholy could be cured only by the spectacle of death, and who had a -passion for red blood, as other men have for red wine--the son of the -Fiend, as was reported, and one who had cheated his father at dice when -gambling with him for his own soul; Giambattista Cibo, who in mockery -took the name of Innocent and into whose torpid veins the blood of -three lads was infused by a Jewish doctor; Sigismondo Malatesta, the -lover of Isotta and the lord of Rimini, whose effigy was burned at Rome -as the enemy of God and man, who strangled Polyssena with a napkin, and -gave poison to Ginevra d'Este in a cup of emerald, and in honour of a -shameful passion built a pagan church for Christian worship; Charles -VI, who had so wildly adored his brother's wife that a leper had warned -him of the insanity that was coming on him, and who, when his brain had -sickened and grown strange, could only be soothed by Saracen cards -painted with the images of love and death and madness; and, in his -trimmed jerkin and jewelled cap and acanthuslike curls, Grifonetto -Baglioni, who slew Astorre with his bride, and Simonetto with his page, -and whose comeliness was such that, as he lay dying in the yellow -piazza of Perugia, those who had hated him could not choose but weep, -and Atalanta, who had cursed him, blessed him. - -There was a horrible fascination in them all. He saw them at night, -and they troubled his imagination in the day. The Renaissance knew of -strange manners of poisoning--poisoning by a helmet and a lighted -torch, by an embroidered glove and a jewelled fan, by a gilded pomander -and by an amber chain. Dorian Gray had been poisoned by a book. There -were moments when he looked on evil simply as a mode through which he -could realize his conception of the beautiful. - - - -CHAPTER 12 - -It was on the ninth of November, the eve of his own thirty-eighth -birthday, as he often remembered afterwards. - -He was walking home about eleven o'clock from Lord Henry's, where he -had been dining, and was wrapped in heavy furs, as the night was cold -and foggy. At the corner of Grosvenor Square and South Audley Street, -a man passed him in the mist, walking very fast and with the collar of -his grey ulster turned up. He had a bag in his hand. Dorian -recognized him. It was Basil Hallward. A strange sense of fear, for -which he could not account, came over him. He made no sign of -recognition and went on quickly in the direction of his own house. - -But Hallward had seen him. Dorian heard him first stopping on the -pavement and then hurrying after him. In a few moments, his hand was -on his arm. - -"Dorian! What an extraordinary piece of luck! I have been waiting for -you in your library ever since nine o'clock. Finally I took pity on -your tired servant and told him to go to bed, as he let me out. I am -off to Paris by the midnight train, and I particularly wanted to see -you before I left. I thought it was you, or rather your fur coat, as -you passed me. But I wasn't quite sure. Didn't you recognize me?" - -"In this fog, my dear Basil? Why, I can't even recognize Grosvenor -Square. I believe my house is somewhere about here, but I don't feel -at all certain about it. I am sorry you are going away, as I have not -seen you for ages. But I suppose you will be back soon?" - -"No: I am going to be out of England for six months. I intend to take -a studio in Paris and shut myself up till I have finished a great -picture I have in my head. However, it wasn't about myself I wanted to -talk. Here we are at your door. Let me come in for a moment. I have -something to say to you." - -"I shall be charmed. But won't you miss your train?" said Dorian Gray -languidly as he passed up the steps and opened the door with his -latch-key. - -The lamplight struggled out through the fog, and Hallward looked at his -watch. "I have heaps of time," he answered. "The train doesn't go -till twelve-fifteen, and it is only just eleven. In fact, I was on my -way to the club to look for you, when I met you. You see, I shan't -have any delay about luggage, as I have sent on my heavy things. All I -have with me is in this bag, and I can easily get to Victoria in twenty -minutes." - -Dorian looked at him and smiled. "What a way for a fashionable painter -to travel! A Gladstone bag and an ulster! Come in, or the fog will -get into the house. And mind you don't talk about anything serious. -Nothing is serious nowadays. At least nothing should be." - -Hallward shook his head, as he entered, and followed Dorian into the -library. There was a bright wood fire blazing in the large open -hearth. The lamps were lit, and an open Dutch silver spirit-case -stood, with some siphons of soda-water and large cut-glass tumblers, on -a little marqueterie table. - -"You see your servant made me quite at home, Dorian. He gave me -everything I wanted, including your best gold-tipped cigarettes. He is -a most hospitable creature. I like him much better than the Frenchman -you used to have. What has become of the Frenchman, by the bye?" - -Dorian shrugged his shoulders. "I believe he married Lady Radley's -maid, and has established her in Paris as an English dressmaker. -Anglomania is very fashionable over there now, I hear. It seems silly -of the French, doesn't it? But--do you know?--he was not at all a bad -servant. I never liked him, but I had nothing to complain about. One -often imagines things that are quite absurd. He was really very -devoted to me and seemed quite sorry when he went away. Have another -brandy-and-soda? Or would you like hock-and-seltzer? I always take -hock-and-seltzer myself. There is sure to be some in the next room." - -"Thanks, I won't have anything more," said the painter, taking his cap -and coat off and throwing them on the bag that he had placed in the -corner. "And now, my dear fellow, I want to speak to you seriously. -Don't frown like that. You make it so much more difficult for me." - -"What is it all about?" cried Dorian in his petulant way, flinging -himself down on the sofa. "I hope it is not about myself. I am tired -of myself to-night. I should like to be somebody else." - -"It is about yourself," answered Hallward in his grave deep voice, "and -I must say it to you. I shall only keep you half an hour." - -Dorian sighed and lit a cigarette. "Half an hour!" he murmured. - -"It is not much to ask of you, Dorian, and it is entirely for your own -sake that I am speaking. I think it right that you should know that -the most dreadful things are being said against you in London." - -"I don't wish to know anything about them. I love scandals about other -people, but scandals about myself don't interest me. They have not got -the charm of novelty." - -"They must interest you, Dorian. Every gentleman is interested in his -good name. You don't want people to talk of you as something vile and -degraded. Of course, you have your position, and your wealth, and all -that kind of thing. But position and wealth are not everything. Mind -you, I don't believe these rumours at all. At least, I can't believe -them when I see you. Sin is a thing that writes itself across a man's -face. It cannot be concealed. People talk sometimes of secret vices. -There are no such things. If a wretched man has a vice, it shows -itself in the lines of his mouth, the droop of his eyelids, the -moulding of his hands even. Somebody--I won't mention his name, but -you know him--came to me last year to have his portrait done. I had -never seen him before, and had never heard anything about him at the -time, though I have heard a good deal since. He offered an extravagant -price. I refused him. There was something in the shape of his fingers -that I hated. I know now that I was quite right in what I fancied -about him. His life is dreadful. But you, Dorian, with your pure, -bright, innocent face, and your marvellous untroubled youth--I can't -believe anything against you. And yet I see you very seldom, and you -never come down to the studio now, and when I am away from you, and I -hear all these hideous things that people are whispering about you, I -don't know what to say. Why is it, Dorian, that a man like the Duke of -Berwick leaves the room of a club when you enter it? Why is it that so -many gentlemen in London will neither go to your house or invite you to -theirs? You used to be a friend of Lord Staveley. I met him at dinner -last week. Your name happened to come up in conversation, in -connection with the miniatures you have lent to the exhibition at the -Dudley. Staveley curled his lip and said that you might have the most -artistic tastes, but that you were a man whom no pure-minded girl -should be allowed to know, and whom no chaste woman should sit in the -same room with. I reminded him that I was a friend of yours, and asked -him what he meant. He told me. He told me right out before everybody. -It was horrible! Why is your friendship so fatal to young men? There -was that wretched boy in the Guards who committed suicide. You were -his great friend. There was Sir Henry Ashton, who had to leave England -with a tarnished name. You and he were inseparable. What about Adrian -Singleton and his dreadful end? What about Lord Kent's only son and -his career? I met his father yesterday in St. James's Street. He -seemed broken with shame and sorrow. What about the young Duke of -Perth? What sort of life has he got now? What gentleman would -associate with him?" - -"Stop, Basil. You are talking about things of which you know nothing," -said Dorian Gray, biting his lip, and with a note of infinite contempt -in his voice. "You ask me why Berwick leaves a room when I enter it. -It is because I know everything about his life, not because he knows -anything about mine. With such blood as he has in his veins, how could -his record be clean? You ask me about Henry Ashton and young Perth. -Did I teach the one his vices, and the other his debauchery? If Kent's -silly son takes his wife from the streets, what is that to me? If -Adrian Singleton writes his friend's name across a bill, am I his -keeper? I know how people chatter in England. The middle classes air -their moral prejudices over their gross dinner-tables, and whisper -about what they call the profligacies of their betters in order to try -and pretend that they are in smart society and on intimate terms with -the people they slander. In this country, it is enough for a man to -have distinction and brains for every common tongue to wag against him. -And what sort of lives do these people, who pose as being moral, lead -themselves? My dear fellow, you forget that we are in the native land -of the hypocrite." - -"Dorian," cried Hallward, "that is not the question. England is bad -enough I know, and English society is all wrong. That is the reason -why I want you to be fine. You have not been fine. One has a right to -judge of a man by the effect he has over his friends. Yours seem to -lose all sense of honour, of goodness, of purity. You have filled them -with a madness for pleasure. They have gone down into the depths. You -led them there. Yes: you led them there, and yet you can smile, as -you are smiling now. And there is worse behind. I know you and Harry -are inseparable. Surely for that reason, if for none other, you should -not have made his sister's name a by-word." - -"Take care, Basil. You go too far." - -"I must speak, and you must listen. You shall listen. When you met -Lady Gwendolen, not a breath of scandal had ever touched her. Is there -a single decent woman in London now who would drive with her in the -park? Why, even her children are not allowed to live with her. Then -there are other stories--stories that you have been seen creeping at -dawn out of dreadful houses and slinking in disguise into the foulest -dens in London. Are they true? Can they be true? When I first heard -them, I laughed. I hear them now, and they make me shudder. What -about your country-house and the life that is led there? Dorian, you -don't know what is said about you. I won't tell you that I don't want -to preach to you. I remember Harry saying once that every man who -turned himself into an amateur curate for the moment always began by -saying that, and then proceeded to break his word. I do want to preach -to you. I want you to lead such a life as will make the world respect -you. I want you to have a clean name and a fair record. I want you to -get rid of the dreadful people you associate with. Don't shrug your -shoulders like that. Don't be so indifferent. You have a wonderful -influence. Let it be for good, not for evil. They say that you -corrupt every one with whom you become intimate, and that it is quite -sufficient for you to enter a house for shame of some kind to follow -after. I don't know whether it is so or not. How should I know? But -it is said of you. I am told things that it seems impossible to doubt. -Lord Gloucester was one of my greatest friends at Oxford. He showed me -a letter that his wife had written to him when she was dying alone in -her villa at Mentone. Your name was implicated in the most terrible -confession I ever read. I told him that it was absurd--that I knew you -thoroughly and that you were incapable of anything of the kind. Know -you? I wonder do I know you? Before I could answer that, I should -have to see your soul." - -"To see my soul!" muttered Dorian Gray, starting up from the sofa and -turning almost white from fear. - -"Yes," answered Hallward gravely, and with deep-toned sorrow in his -voice, "to see your soul. But only God can do that." - -A bitter laugh of mockery broke from the lips of the younger man. "You -shall see it yourself, to-night!" he cried, seizing a lamp from the -table. "Come: it is your own handiwork. Why shouldn't you look at -it? You can tell the world all about it afterwards, if you choose. -Nobody would believe you. If they did believe you, they would like me -all the better for it. I know the age better than you do, though you -will prate about it so tediously. Come, I tell you. You have -chattered enough about corruption. Now you shall look on it face to -face." - -There was the madness of pride in every word he uttered. He stamped -his foot upon the ground in his boyish insolent manner. He felt a -terrible joy at the thought that some one else was to share his secret, -and that the man who had painted the portrait that was the origin of -all his shame was to be burdened for the rest of his life with the -hideous memory of what he had done. - -"Yes," he continued, coming closer to him and looking steadfastly into -his stern eyes, "I shall show you my soul. You shall see the thing -that you fancy only God can see." - -Hallward started back. "This is blasphemy, Dorian!" he cried. "You -must not say things like that. They are horrible, and they don't mean -anything." - -"You think so?" He laughed again. - -"I know so. As for what I said to you to-night, I said it for your -good. You know I have been always a stanch friend to you." - -"Don't touch me. Finish what you have to say." - -A twisted flash of pain shot across the painter's face. He paused for -a moment, and a wild feeling of pity came over him. After all, what -right had he to pry into the life of Dorian Gray? If he had done a -tithe of what was rumoured about him, how much he must have suffered! -Then he straightened himself up, and walked over to the fire-place, and -stood there, looking at the burning logs with their frostlike ashes and -their throbbing cores of flame. - -"I am waiting, Basil," said the young man in a hard clear voice. - -He turned round. "What I have to say is this," he cried. "You must -give me some answer to these horrible charges that are made against -you. If you tell me that they are absolutely untrue from beginning to -end, I shall believe you. Deny them, Dorian, deny them! Can't you see -what I am going through? My God! don't tell me that you are bad, and -corrupt, and shameful." - -Dorian Gray smiled. There was a curl of contempt in his lips. "Come -upstairs, Basil," he said quietly. "I keep a diary of my life from day -to day, and it never leaves the room in which it is written. I shall -show it to you if you come with me." - -"I shall come with you, Dorian, if you wish it. I see I have missed my -train. That makes no matter. I can go to-morrow. But don't ask me to -read anything to-night. All I want is a plain answer to my question." - -"That shall be given to you upstairs. I could not give it here. You -will not have to read long." - - - -CHAPTER 13 - -He passed out of the room and began the ascent, Basil Hallward -following close behind. They walked softly, as men do instinctively at -night. The lamp cast fantastic shadows on the wall and staircase. A -rising wind made some of the windows rattle. - -When they reached the top landing, Dorian set the lamp down on the -floor, and taking out the key, turned it in the lock. "You insist on -knowing, Basil?" he asked in a low voice. - -"Yes." - -"I am delighted," he answered, smiling. Then he added, somewhat -harshly, "You are the one man in the world who is entitled to know -everything about me. You have had more to do with my life than you -think"; and, taking up the lamp, he opened the door and went in. A -cold current of air passed them, and the light shot up for a moment in -a flame of murky orange. He shuddered. "Shut the door behind you," he -whispered, as he placed the lamp on the table. - -Hallward glanced round him with a puzzled expression. The room looked -as if it had not been lived in for years. A faded Flemish tapestry, a -curtained picture, an old Italian _cassone_, and an almost empty -book-case--that was all that it seemed to contain, besides a chair and -a table. As Dorian Gray was lighting a half-burned candle that was -standing on the mantelshelf, he saw that the whole place was covered -with dust and that the carpet was in holes. A mouse ran scuffling -behind the wainscoting. There was a damp odour of mildew. - -"So you think that it is only God who sees the soul, Basil? Draw that -curtain back, and you will see mine." - -The voice that spoke was cold and cruel. "You are mad, Dorian, or -playing a part," muttered Hallward, frowning. - -"You won't? Then I must do it myself," said the young man, and he tore -the curtain from its rod and flung it on the ground. - -An exclamation of horror broke from the painter's lips as he saw in the -dim light the hideous face on the canvas grinning at him. There was -something in its expression that filled him with disgust and loathing. -Good heavens! it was Dorian Gray's own face that he was looking at! -The horror, whatever it was, had not yet entirely spoiled that -marvellous beauty. There was still some gold in the thinning hair and -some scarlet on the sensual mouth. The sodden eyes had kept something -of the loveliness of their blue, the noble curves had not yet -completely passed away from chiselled nostrils and from plastic throat. -Yes, it was Dorian himself. But who had done it? He seemed to -recognize his own brushwork, and the frame was his own design. The -idea was monstrous, yet he felt afraid. He seized the lighted candle, -and held it to the picture. In the left-hand corner was his own name, -traced in long letters of bright vermilion. - -It was some foul parody, some infamous ignoble satire. He had never -done that. Still, it was his own picture. He knew it, and he felt as -if his blood had changed in a moment from fire to sluggish ice. His -own picture! What did it mean? Why had it altered? He turned and -looked at Dorian Gray with the eyes of a sick man. His mouth twitched, -and his parched tongue seemed unable to articulate. He passed his hand -across his forehead. It was dank with clammy sweat. - -The young man was leaning against the mantelshelf, watching him with -that strange expression that one sees on the faces of those who are -absorbed in a play when some great artist is acting. There was neither -real sorrow in it nor real joy. There was simply the passion of the -spectator, with perhaps a flicker of triumph in his eyes. He had taken -the flower out of his coat, and was smelling it, or pretending to do so. - -"What does this mean?" cried Hallward, at last. His own voice sounded -shrill and curious in his ears. - -"Years ago, when I was a boy," said Dorian Gray, crushing the flower in -his hand, "you met me, flattered me, and taught me to be vain of my -good looks. One day you introduced me to a friend of yours, who -explained to me the wonder of youth, and you finished a portrait of me -that revealed to me the wonder of beauty. In a mad moment that, even -now, I don't know whether I regret or not, I made a wish, perhaps you -would call it a prayer...." - -"I remember it! Oh, how well I remember it! No! the thing is -impossible. The room is damp. Mildew has got into the canvas. The -paints I used had some wretched mineral poison in them. I tell you the -thing is impossible." - -"Ah, what is impossible?" murmured the young man, going over to the -window and leaning his forehead against the cold, mist-stained glass. - -"You told me you had destroyed it." - -"I was wrong. It has destroyed me." - -"I don't believe it is my picture." - -"Can't you see your ideal in it?" said Dorian bitterly. - -"My ideal, as you call it..." - -"As you called it." - -"There was nothing evil in it, nothing shameful. You were to me such -an ideal as I shall never meet again. This is the face of a satyr." - -"It is the face of my soul." - -"Christ! what a thing I must have worshipped! It has the eyes of a -devil." - -"Each of us has heaven and hell in him, Basil," cried Dorian with a -wild gesture of despair. - -Hallward turned again to the portrait and gazed at it. "My God! If it -is true," he exclaimed, "and this is what you have done with your life, -why, you must be worse even than those who talk against you fancy you -to be!" He held the light up again to the canvas and examined it. The -surface seemed to be quite undisturbed and as he had left it. It was -from within, apparently, that the foulness and horror had come. -Through some strange quickening of inner life the leprosies of sin were -slowly eating the thing away. The rotting of a corpse in a watery -grave was not so fearful. - -His hand shook, and the candle fell from its socket on the floor and -lay there sputtering. He placed his foot on it and put it out. Then -he flung himself into the rickety chair that was standing by the table -and buried his face in his hands. - -"Good God, Dorian, what a lesson! What an awful lesson!" There was no -answer, but he could hear the young man sobbing at the window. "Pray, -Dorian, pray," he murmured. "What is it that one was taught to say in -one's boyhood? 'Lead us not into temptation. Forgive us our sins. -Wash away our iniquities.' Let us say that together. The prayer of -your pride has been answered. The prayer of your repentance will be -answered also. I worshipped you too much. I am punished for it. You -worshipped yourself too much. We are both punished." - -Dorian Gray turned slowly around and looked at him with tear-dimmed -eyes. "It is too late, Basil," he faltered. - -"It is never too late, Dorian. Let us kneel down and try if we cannot -remember a prayer. Isn't there a verse somewhere, 'Though your sins be -as scarlet, yet I will make them as white as snow'?" - -"Those words mean nothing to me now." - -"Hush! Don't say that. You have done enough evil in your life. My -God! Don't you see that accursed thing leering at us?" - -Dorian Gray glanced at the picture, and suddenly an uncontrollable -feeling of hatred for Basil Hallward came over him, as though it had -been suggested to him by the image on the canvas, whispered into his -ear by those grinning lips. The mad passions of a hunted animal -stirred within him, and he loathed the man who was seated at the table, -more than in his whole life he had ever loathed anything. He glanced -wildly around. Something glimmered on the top of the painted chest -that faced him. His eye fell on it. He knew what it was. It was a -knife that he had brought up, some days before, to cut a piece of cord, -and had forgotten to take away with him. He moved slowly towards it, -passing Hallward as he did so. As soon as he got behind him, he seized -it and turned round. Hallward stirred in his chair as if he was going -to rise. He rushed at him and dug the knife into the great vein that -is behind the ear, crushing the man's head down on the table and -stabbing again and again. - -There was a stifled groan and the horrible sound of some one choking -with blood. Three times the outstretched arms shot up convulsively, -waving grotesque, stiff-fingered hands in the air. He stabbed him -twice more, but the man did not move. Something began to trickle on -the floor. He waited for a moment, still pressing the head down. Then -he threw the knife on the table, and listened. - -He could hear nothing, but the drip, drip on the threadbare carpet. He -opened the door and went out on the landing. The house was absolutely -quiet. No one was about. For a few seconds he stood bending over the -balustrade and peering down into the black seething well of darkness. -Then he took out the key and returned to the room, locking himself in -as he did so. - -The thing was still seated in the chair, straining over the table with -bowed head, and humped back, and long fantastic arms. Had it not been -for the red jagged tear in the neck and the clotted black pool that was -slowly widening on the table, one would have said that the man was -simply asleep. - -How quickly it had all been done! He felt strangely calm, and walking -over to the window, opened it and stepped out on the balcony. The wind -had blown the fog away, and the sky was like a monstrous peacock's -tail, starred with myriads of golden eyes. He looked down and saw the -policeman going his rounds and flashing the long beam of his lantern on -the doors of the silent houses. The crimson spot of a prowling hansom -gleamed at the corner and then vanished. A woman in a fluttering shawl -was creeping slowly by the railings, staggering as she went. Now and -then she stopped and peered back. Once, she began to sing in a hoarse -voice. The policeman strolled over and said something to her. She -stumbled away, laughing. A bitter blast swept across the square. The -gas-lamps flickered and became blue, and the leafless trees shook their -black iron branches to and fro. He shivered and went back, closing the -window behind him. - -Having reached the door, he turned the key and opened it. He did not -even glance at the murdered man. He felt that the secret of the whole -thing was not to realize the situation. The friend who had painted the -fatal portrait to which all his misery had been due had gone out of his -life. That was enough. - -Then he remembered the lamp. It was a rather curious one of Moorish -workmanship, made of dull silver inlaid with arabesques of burnished -steel, and studded with coarse turquoises. Perhaps it might be missed -by his servant, and questions would be asked. He hesitated for a -moment, then he turned back and took it from the table. He could not -help seeing the dead thing. How still it was! How horribly white the -long hands looked! It was like a dreadful wax image. - -Having locked the door behind him, he crept quietly downstairs. The -woodwork creaked and seemed to cry out as if in pain. He stopped -several times and waited. No: everything was still. It was merely -the sound of his own footsteps. - -When he reached the library, he saw the bag and coat in the corner. -They must be hidden away somewhere. He unlocked a secret press that -was in the wainscoting, a press in which he kept his own curious -disguises, and put them into it. He could easily burn them afterwards. -Then he pulled out his watch. It was twenty minutes to two. - -He sat down and began to think. Every year--every month, almost--men -were strangled in England for what he had done. There had been a -madness of murder in the air. Some red star had come too close to the -earth.... And yet, what evidence was there against him? Basil Hallward -had left the house at eleven. No one had seen him come in again. Most -of the servants were at Selby Royal. His valet had gone to bed.... -Paris! Yes. It was to Paris that Basil had gone, and by the midnight -train, as he had intended. With his curious reserved habits, it would -be months before any suspicions would be roused. Months! Everything -could be destroyed long before then. - -A sudden thought struck him. He put on his fur coat and hat and went -out into the hall. There he paused, hearing the slow heavy tread of -the policeman on the pavement outside and seeing the flash of the -bull's-eye reflected in the window. He waited and held his breath. - -After a few moments he drew back the latch and slipped out, shutting -the door very gently behind him. Then he began ringing the bell. In -about five minutes his valet appeared, half-dressed and looking very -drowsy. - -"I am sorry to have had to wake you up, Francis," he said, stepping in; -"but I had forgotten my latch-key. What time is it?" - -"Ten minutes past two, sir," answered the man, looking at the clock and -blinking. - -"Ten minutes past two? How horribly late! You must wake me at nine -to-morrow. I have some work to do." - -"All right, sir." - -"Did any one call this evening?" - -"Mr. Hallward, sir. He stayed here till eleven, and then he went away -to catch his train." - -"Oh! I am sorry I didn't see him. Did he leave any message?" - -"No, sir, except that he would write to you from Paris, if he did not -find you at the club." - -"That will do, Francis. Don't forget to call me at nine to-morrow." - -"No, sir." - -The man shambled down the passage in his slippers. - -Dorian Gray threw his hat and coat upon the table and passed into the -library. For a quarter of an hour he walked up and down the room, -biting his lip and thinking. Then he took down the Blue Book from one -of the shelves and began to turn over the leaves. "Alan Campbell, 152, -Hertford Street, Mayfair." Yes; that was the man he wanted. - - - -CHAPTER 14 - -At nine o'clock the next morning his servant came in with a cup of -chocolate on a tray and opened the shutters. Dorian was sleeping quite -peacefully, lying on his right side, with one hand underneath his -cheek. He looked like a boy who had been tired out with play, or study. - -The man had to touch him twice on the shoulder before he woke, and as -he opened his eyes a faint smile passed across his lips, as though he -had been lost in some delightful dream. Yet he had not dreamed at all. -His night had been untroubled by any images of pleasure or of pain. -But youth smiles without any reason. It is one of its chiefest charms. - -He turned round, and leaning upon his elbow, began to sip his -chocolate. The mellow November sun came streaming into the room. The -sky was bright, and there was a genial warmth in the air. It was -almost like a morning in May. - -Gradually the events of the preceding night crept with silent, -blood-stained feet into his brain and reconstructed themselves there -with terrible distinctness. He winced at the memory of all that he had -suffered, and for a moment the same curious feeling of loathing for -Basil Hallward that had made him kill him as he sat in the chair came -back to him, and he grew cold with passion. The dead man was still -sitting there, too, and in the sunlight now. How horrible that was! -Such hideous things were for the darkness, not for the day. - -He felt that if he brooded on what he had gone through he would sicken -or grow mad. There were sins whose fascination was more in the memory -than in the doing of them, strange triumphs that gratified the pride -more than the passions, and gave to the intellect a quickened sense of -joy, greater than any joy they brought, or could ever bring, to the -senses. But this was not one of them. It was a thing to be driven out -of the mind, to be drugged with poppies, to be strangled lest it might -strangle one itself. - -When the half-hour struck, he passed his hand across his forehead, and -then got up hastily and dressed himself with even more than his usual -care, giving a good deal of attention to the choice of his necktie and -scarf-pin and changing his rings more than once. He spent a long time -also over breakfast, tasting the various dishes, talking to his valet -about some new liveries that he was thinking of getting made for the -servants at Selby, and going through his correspondence. At some of -the letters, he smiled. Three of them bored him. One he read several -times over and then tore up with a slight look of annoyance in his -face. "That awful thing, a woman's memory!" as Lord Henry had once -said. - -After he had drunk his cup of black coffee, he wiped his lips slowly -with a napkin, motioned to his servant to wait, and going over to the -table, sat down and wrote two letters. One he put in his pocket, the -other he handed to the valet. - -"Take this round to 152, Hertford Street, Francis, and if Mr. Campbell -is out of town, get his address." - -As soon as he was alone, he lit a cigarette and began sketching upon a -piece of paper, drawing first flowers and bits of architecture, and -then human faces. Suddenly he remarked that every face that he drew -seemed to have a fantastic likeness to Basil Hallward. He frowned, and -getting up, went over to the book-case and took out a volume at hazard. -He was determined that he would not think about what had happened until -it became absolutely necessary that he should do so. - -When he had stretched himself on the sofa, he looked at the title-page -of the book. It was Gautier's Emaux et Camees, Charpentier's -Japanese-paper edition, with the Jacquemart etching. The binding was -of citron-green leather, with a design of gilt trellis-work and dotted -pomegranates. It had been given to him by Adrian Singleton. As he -turned over the pages, his eye fell on the poem about the hand of -Lacenaire, the cold yellow hand "_du supplice encore mal lavee_," with -its downy red hairs and its "_doigts de faune_." He glanced at his own -white taper fingers, shuddering slightly in spite of himself, and -passed on, till he came to those lovely stanzas upon Venice: - - Sur une gamme chromatique, - Le sein de perles ruisselant, - La Venus de l'Adriatique - Sort de l'eau son corps rose et blanc. - - Les domes, sur l'azur des ondes - Suivant la phrase au pur contour, - S'enflent comme des gorges rondes - Que souleve un soupir d'amour. - - L'esquif aborde et me depose, - Jetant son amarre au pilier, - Devant une facade rose, - Sur le marbre d'un escalier. - - -How exquisite they were! As one read them, one seemed to be floating -down the green water-ways of the pink and pearl city, seated in a black -gondola with silver prow and trailing curtains. The mere lines looked -to him like those straight lines of turquoise-blue that follow one as -one pushes out to the Lido. The sudden flashes of colour reminded him -of the gleam of the opal-and-iris-throated birds that flutter round the -tall honeycombed Campanile, or stalk, with such stately grace, through -the dim, dust-stained arcades. Leaning back with half-closed eyes, he -kept saying over and over to himself: - - "Devant une facade rose, - Sur le marbre d'un escalier." - -The whole of Venice was in those two lines. He remembered the autumn -that he had passed there, and a wonderful love that had stirred him to -mad delightful follies. There was romance in every place. But Venice, -like Oxford, had kept the background for romance, and, to the true -romantic, background was everything, or almost everything. Basil had -been with him part of the time, and had gone wild over Tintoret. Poor -Basil! What a horrible way for a man to die! - -He sighed, and took up the volume again, and tried to forget. He read -of the swallows that fly in and out of the little _cafe_ at Smyrna where -the Hadjis sit counting their amber beads and the turbaned merchants -smoke their long tasselled pipes and talk gravely to each other; he -read of the Obelisk in the Place de la Concorde that weeps tears of -granite in its lonely sunless exile and longs to be back by the hot, -lotus-covered Nile, where there are Sphinxes, and rose-red ibises, and -white vultures with gilded claws, and crocodiles with small beryl eyes -that crawl over the green steaming mud; he began to brood over those -verses which, drawing music from kiss-stained marble, tell of that -curious statue that Gautier compares to a contralto voice, the "_monstre -charmant_" that couches in the porphyry-room of the Louvre. But after a -time the book fell from his hand. He grew nervous, and a horrible fit -of terror came over him. What if Alan Campbell should be out of -England? Days would elapse before he could come back. Perhaps he -might refuse to come. What could he do then? Every moment was of -vital importance. - -They had been great friends once, five years before--almost -inseparable, indeed. Then the intimacy had come suddenly to an end. -When they met in society now, it was only Dorian Gray who smiled: Alan -Campbell never did. - -He was an extremely clever young man, though he had no real -appreciation of the visible arts, and whatever little sense of the -beauty of poetry he possessed he had gained entirely from Dorian. His -dominant intellectual passion was for science. At Cambridge he had -spent a great deal of his time working in the laboratory, and had taken -a good class in the Natural Science Tripos of his year. Indeed, he was -still devoted to the study of chemistry, and had a laboratory of his -own in which he used to shut himself up all day long, greatly to the -annoyance of his mother, who had set her heart on his standing for -Parliament and had a vague idea that a chemist was a person who made up -prescriptions. He was an excellent musician, however, as well, and -played both the violin and the piano better than most amateurs. In -fact, it was music that had first brought him and Dorian Gray -together--music and that indefinable attraction that Dorian seemed to -be able to exercise whenever he wished--and, indeed, exercised often -without being conscious of it. They had met at Lady Berkshire's the -night that Rubinstein played there, and after that used to be always -seen together at the opera and wherever good music was going on. For -eighteen months their intimacy lasted. Campbell was always either at -Selby Royal or in Grosvenor Square. To him, as to many others, Dorian -Gray was the type of everything that is wonderful and fascinating in -life. Whether or not a quarrel had taken place between them no one -ever knew. But suddenly people remarked that they scarcely spoke when -they met and that Campbell seemed always to go away early from any -party at which Dorian Gray was present. He had changed, too--was -strangely melancholy at times, appeared almost to dislike hearing -music, and would never himself play, giving as his excuse, when he was -called upon, that he was so absorbed in science that he had no time -left in which to practise. And this was certainly true. Every day he -seemed to become more interested in biology, and his name appeared once -or twice in some of the scientific reviews in connection with certain -curious experiments. - -This was the man Dorian Gray was waiting for. Every second he kept -glancing at the clock. As the minutes went by he became horribly -agitated. At last he got up and began to pace up and down the room, -looking like a beautiful caged thing. He took long stealthy strides. -His hands were curiously cold. - -The suspense became unbearable. Time seemed to him to be crawling with -feet of lead, while he by monstrous winds was being swept towards the -jagged edge of some black cleft of precipice. He knew what was waiting -for him there; saw it, indeed, and, shuddering, crushed with dank hands -his burning lids as though he would have robbed the very brain of sight -and driven the eyeballs back into their cave. It was useless. The -brain had its own food on which it battened, and the imagination, made -grotesque by terror, twisted and distorted as a living thing by pain, -danced like some foul puppet on a stand and grinned through moving -masks. Then, suddenly, time stopped for him. Yes: that blind, -slow-breathing thing crawled no more, and horrible thoughts, time being -dead, raced nimbly on in front, and dragged a hideous future from its -grave, and showed it to him. He stared at it. Its very horror made -him stone. - -At last the door opened and his servant entered. He turned glazed eyes -upon him. - -"Mr. Campbell, sir," said the man. - -A sigh of relief broke from his parched lips, and the colour came back -to his cheeks. - -"Ask him to come in at once, Francis." He felt that he was himself -again. His mood of cowardice had passed away. - -The man bowed and retired. In a few moments, Alan Campbell walked in, -looking very stern and rather pale, his pallor being intensified by his -coal-black hair and dark eyebrows. - -"Alan! This is kind of you. I thank you for coming." - -"I had intended never to enter your house again, Gray. But you said it -was a matter of life and death." His voice was hard and cold. He -spoke with slow deliberation. There was a look of contempt in the -steady searching gaze that he turned on Dorian. He kept his hands in -the pockets of his Astrakhan coat, and seemed not to have noticed the -gesture with which he had been greeted. - -"Yes: it is a matter of life and death, Alan, and to more than one -person. Sit down." - -Campbell took a chair by the table, and Dorian sat opposite to him. -The two men's eyes met. In Dorian's there was infinite pity. He knew -that what he was going to do was dreadful. - -After a strained moment of silence, he leaned across and said, very -quietly, but watching the effect of each word upon the face of him he -had sent for, "Alan, in a locked room at the top of this house, a room -to which nobody but myself has access, a dead man is seated at a table. -He has been dead ten hours now. Don't stir, and don't look at me like -that. Who the man is, why he died, how he died, are matters that do -not concern you. What you have to do is this--" - -"Stop, Gray. I don't want to know anything further. Whether what you -have told me is true or not true doesn't concern me. I entirely -decline to be mixed up in your life. Keep your horrible secrets to -yourself. They don't interest me any more." - -"Alan, they will have to interest you. This one will have to interest -you. I am awfully sorry for you, Alan. But I can't help myself. You -are the one man who is able to save me. I am forced to bring you into -the matter. I have no option. Alan, you are scientific. You know -about chemistry and things of that kind. You have made experiments. -What you have got to do is to destroy the thing that is upstairs--to -destroy it so that not a vestige of it will be left. Nobody saw this -person come into the house. Indeed, at the present moment he is -supposed to be in Paris. He will not be missed for months. When he is -missed, there must be no trace of him found here. You, Alan, you must -change him, and everything that belongs to him, into a handful of ashes -that I may scatter in the air." - -"You are mad, Dorian." - -"Ah! I was waiting for you to call me Dorian." - -"You are mad, I tell you--mad to imagine that I would raise a finger to -help you, mad to make this monstrous confession. I will have nothing -to do with this matter, whatever it is. Do you think I am going to -peril my reputation for you? What is it to me what devil's work you -are up to?" - -"It was suicide, Alan." - -"I am glad of that. But who drove him to it? You, I should fancy." - -"Do you still refuse to do this for me?" - -"Of course I refuse. I will have absolutely nothing to do with it. I -don't care what shame comes on you. You deserve it all. I should not -be sorry to see you disgraced, publicly disgraced. How dare you ask -me, of all men in the world, to mix myself up in this horror? I should -have thought you knew more about people's characters. Your friend Lord -Henry Wotton can't have taught you much about psychology, whatever else -he has taught you. Nothing will induce me to stir a step to help you. -You have come to the wrong man. Go to some of your friends. Don't -come to me." - -"Alan, it was murder. I killed him. You don't know what he had made -me suffer. Whatever my life is, he had more to do with the making or -the marring of it than poor Harry has had. He may not have intended -it, the result was the same." - -"Murder! Good God, Dorian, is that what you have come to? I shall not -inform upon you. It is not my business. Besides, without my stirring -in the matter, you are certain to be arrested. Nobody ever commits a -crime without doing something stupid. But I will have nothing to do -with it." - -"You must have something to do with it. Wait, wait a moment; listen to -me. Only listen, Alan. All I ask of you is to perform a certain -scientific experiment. You go to hospitals and dead-houses, and the -horrors that you do there don't affect you. If in some hideous -dissecting-room or fetid laboratory you found this man lying on a -leaden table with red gutters scooped out in it for the blood to flow -through, you would simply look upon him as an admirable subject. You -would not turn a hair. You would not believe that you were doing -anything wrong. On the contrary, you would probably feel that you were -benefiting the human race, or increasing the sum of knowledge in the -world, or gratifying intellectual curiosity, or something of that kind. -What I want you to do is merely what you have often done before. -Indeed, to destroy a body must be far less horrible than what you are -accustomed to work at. And, remember, it is the only piece of evidence -against me. If it is discovered, I am lost; and it is sure to be -discovered unless you help me." - -"I have no desire to help you. You forget that. I am simply -indifferent to the whole thing. It has nothing to do with me." - -"Alan, I entreat you. Think of the position I am in. Just before you -came I almost fainted with terror. You may know terror yourself some -day. No! don't think of that. Look at the matter purely from the -scientific point of view. You don't inquire where the dead things on -which you experiment come from. Don't inquire now. I have told you -too much as it is. But I beg of you to do this. We were friends once, -Alan." - -"Don't speak about those days, Dorian--they are dead." - -"The dead linger sometimes. The man upstairs will not go away. He is -sitting at the table with bowed head and outstretched arms. Alan! -Alan! If you don't come to my assistance, I am ruined. Why, they will -hang me, Alan! Don't you understand? They will hang me for what I -have done." - -"There is no good in prolonging this scene. I absolutely refuse to do -anything in the matter. It is insane of you to ask me." - -"You refuse?" - -"Yes." - -"I entreat you, Alan." - -"It is useless." - -The same look of pity came into Dorian Gray's eyes. Then he stretched -out his hand, took a piece of paper, and wrote something on it. He -read it over twice, folded it carefully, and pushed it across the -table. Having done this, he got up and went over to the window. - -Campbell looked at him in surprise, and then took up the paper, and -opened it. As he read it, his face became ghastly pale and he fell -back in his chair. A horrible sense of sickness came over him. He -felt as if his heart was beating itself to death in some empty hollow. - -After two or three minutes of terrible silence, Dorian turned round and -came and stood behind him, putting his hand upon his shoulder. - -"I am so sorry for you, Alan," he murmured, "but you leave me no -alternative. I have a letter written already. Here it is. You see -the address. If you don't help me, I must send it. If you don't help -me, I will send it. You know what the result will be. But you are -going to help me. It is impossible for you to refuse now. I tried to -spare you. You will do me the justice to admit that. You were stern, -harsh, offensive. You treated me as no man has ever dared to treat -me--no living man, at any rate. I bore it all. Now it is for me to -dictate terms." - -Campbell buried his face in his hands, and a shudder passed through him. - -"Yes, it is my turn to dictate terms, Alan. You know what they are. -The thing is quite simple. Come, don't work yourself into this fever. -The thing has to be done. Face it, and do it." - -A groan broke from Campbell's lips and he shivered all over. The -ticking of the clock on the mantelpiece seemed to him to be dividing -time into separate atoms of agony, each of which was too terrible to be -borne. He felt as if an iron ring was being slowly tightened round his -forehead, as if the disgrace with which he was threatened had already -come upon him. The hand upon his shoulder weighed like a hand of lead. -It was intolerable. It seemed to crush him. - -"Come, Alan, you must decide at once." - -"I cannot do it," he said, mechanically, as though words could alter -things. - -"You must. You have no choice. Don't delay." - -He hesitated a moment. "Is there a fire in the room upstairs?" - -"Yes, there is a gas-fire with asbestos." - -"I shall have to go home and get some things from the laboratory." - -"No, Alan, you must not leave the house. Write out on a sheet of -notepaper what you want and my servant will take a cab and bring the -things back to you." - -Campbell scrawled a few lines, blotted them, and addressed an envelope -to his assistant. Dorian took the note up and read it carefully. Then -he rang the bell and gave it to his valet, with orders to return as -soon as possible and to bring the things with him. - -As the hall door shut, Campbell started nervously, and having got up -from the chair, went over to the chimney-piece. He was shivering with a -kind of ague. For nearly twenty minutes, neither of the men spoke. A -fly buzzed noisily about the room, and the ticking of the clock was -like the beat of a hammer. - -As the chime struck one, Campbell turned round, and looking at Dorian -Gray, saw that his eyes were filled with tears. There was something in -the purity and refinement of that sad face that seemed to enrage him. -"You are infamous, absolutely infamous!" he muttered. - -"Hush, Alan. You have saved my life," said Dorian. - -"Your life? Good heavens! what a life that is! You have gone from -corruption to corruption, and now you have culminated in crime. In -doing what I am going to do--what you force me to do--it is not of your -life that I am thinking." - -"Ah, Alan," murmured Dorian with a sigh, "I wish you had a thousandth -part of the pity for me that I have for you." He turned away as he -spoke and stood looking out at the garden. Campbell made no answer. - -After about ten minutes a knock came to the door, and the servant -entered, carrying a large mahogany chest of chemicals, with a long coil -of steel and platinum wire and two rather curiously shaped iron clamps. - -"Shall I leave the things here, sir?" he asked Campbell. - -"Yes," said Dorian. "And I am afraid, Francis, that I have another -errand for you. What is the name of the man at Richmond who supplies -Selby with orchids?" - -"Harden, sir." - -"Yes--Harden. You must go down to Richmond at once, see Harden -personally, and tell him to send twice as many orchids as I ordered, -and to have as few white ones as possible. In fact, I don't want any -white ones. It is a lovely day, Francis, and Richmond is a very pretty -place--otherwise I wouldn't bother you about it." - -"No trouble, sir. At what time shall I be back?" - -Dorian looked at Campbell. "How long will your experiment take, Alan?" -he said in a calm indifferent voice. The presence of a third person in -the room seemed to give him extraordinary courage. - -Campbell frowned and bit his lip. "It will take about five hours," he -answered. - -"It will be time enough, then, if you are back at half-past seven, -Francis. Or stay: just leave my things out for dressing. You can -have the evening to yourself. I am not dining at home, so I shall not -want you." - -"Thank you, sir," said the man, leaving the room. - -"Now, Alan, there is not a moment to be lost. How heavy this chest is! -I'll take it for you. You bring the other things." He spoke rapidly -and in an authoritative manner. Campbell felt dominated by him. They -left the room together. - -When they reached the top landing, Dorian took out the key and turned -it in the lock. Then he stopped, and a troubled look came into his -eyes. He shuddered. "I don't think I can go in, Alan," he murmured. - -"It is nothing to me. I don't require you," said Campbell coldly. - -Dorian half opened the door. As he did so, he saw the face of his -portrait leering in the sunlight. On the floor in front of it the torn -curtain was lying. He remembered that the night before he had -forgotten, for the first time in his life, to hide the fatal canvas, -and was about to rush forward, when he drew back with a shudder. - -What was that loathsome red dew that gleamed, wet and glistening, on -one of the hands, as though the canvas had sweated blood? How horrible -it was!--more horrible, it seemed to him for the moment, than the -silent thing that he knew was stretched across the table, the thing -whose grotesque misshapen shadow on the spotted carpet showed him that -it had not stirred, but was still there, as he had left it. - -He heaved a deep breath, opened the door a little wider, and with -half-closed eyes and averted head, walked quickly in, determined that -he would not look even once upon the dead man. Then, stooping down and -taking up the gold-and-purple hanging, he flung it right over the -picture. - -There he stopped, feeling afraid to turn round, and his eyes fixed -themselves on the intricacies of the pattern before him. He heard -Campbell bringing in the heavy chest, and the irons, and the other -things that he had required for his dreadful work. He began to wonder -if he and Basil Hallward had ever met, and, if so, what they had -thought of each other. - -"Leave me now," said a stern voice behind him. - -He turned and hurried out, just conscious that the dead man had been -thrust back into the chair and that Campbell was gazing into a -glistening yellow face. As he was going downstairs, he heard the key -being turned in the lock. - -It was long after seven when Campbell came back into the library. He -was pale, but absolutely calm. "I have done what you asked me to do," -he muttered. "And now, good-bye. Let us never see each other again." - -"You have saved me from ruin, Alan. I cannot forget that," said Dorian -simply. - -As soon as Campbell had left, he went upstairs. There was a horrible -smell of nitric acid in the room. But the thing that had been sitting -at the table was gone. - - - -CHAPTER 15 - -That evening, at eight-thirty, exquisitely dressed and wearing a large -button-hole of Parma violets, Dorian Gray was ushered into Lady -Narborough's drawing-room by bowing servants. His forehead was -throbbing with maddened nerves, and he felt wildly excited, but his -manner as he bent over his hostess's hand was as easy and graceful as -ever. Perhaps one never seems so much at one's ease as when one has to -play a part. Certainly no one looking at Dorian Gray that night could -have believed that he had passed through a tragedy as horrible as any -tragedy of our age. Those finely shaped fingers could never have -clutched a knife for sin, nor those smiling lips have cried out on God -and goodness. He himself could not help wondering at the calm of his -demeanour, and for a moment felt keenly the terrible pleasure of a -double life. - -It was a small party, got up rather in a hurry by Lady Narborough, who -was a very clever woman with what Lord Henry used to describe as the -remains of really remarkable ugliness. She had proved an excellent -wife to one of our most tedious ambassadors, and having buried her -husband properly in a marble mausoleum, which she had herself designed, -and married off her daughters to some rich, rather elderly men, she -devoted herself now to the pleasures of French fiction, French cookery, -and French _esprit_ when she could get it. - -Dorian was one of her especial favourites, and she always told him that -she was extremely glad she had not met him in early life. "I know, my -dear, I should have fallen madly in love with you," she used to say, -"and thrown my bonnet right over the mills for your sake. It is most -fortunate that you were not thought of at the time. As it was, our -bonnets were so unbecoming, and the mills were so occupied in trying to -raise the wind, that I never had even a flirtation with anybody. -However, that was all Narborough's fault. He was dreadfully -short-sighted, and there is no pleasure in taking in a husband who -never sees anything." - -Her guests this evening were rather tedious. The fact was, as she -explained to Dorian, behind a very shabby fan, one of her married -daughters had come up quite suddenly to stay with her, and, to make -matters worse, had actually brought her husband with her. "I think it -is most unkind of her, my dear," she whispered. "Of course I go and -stay with them every summer after I come from Homburg, but then an old -woman like me must have fresh air sometimes, and besides, I really wake -them up. You don't know what an existence they lead down there. It is -pure unadulterated country life. They get up early, because they have -so much to do, and go to bed early, because they have so little to -think about. There has not been a scandal in the neighbourhood since -the time of Queen Elizabeth, and consequently they all fall asleep -after dinner. You shan't sit next either of them. You shall sit by me -and amuse me." - -Dorian murmured a graceful compliment and looked round the room. Yes: -it was certainly a tedious party. Two of the people he had never seen -before, and the others consisted of Ernest Harrowden, one of those -middle-aged mediocrities so common in London clubs who have no enemies, -but are thoroughly disliked by their friends; Lady Ruxton, an -overdressed woman of forty-seven, with a hooked nose, who was always -trying to get herself compromised, but was so peculiarly plain that to -her great disappointment no one would ever believe anything against -her; Mrs. Erlynne, a pushing nobody, with a delightful lisp and -Venetian-red hair; Lady Alice Chapman, his hostess's daughter, a dowdy -dull girl, with one of those characteristic British faces that, once -seen, are never remembered; and her husband, a red-cheeked, -white-whiskered creature who, like so many of his class, was under the -impression that inordinate joviality can atone for an entire lack of -ideas. - -He was rather sorry he had come, till Lady Narborough, looking at the -great ormolu gilt clock that sprawled in gaudy curves on the -mauve-draped mantelshelf, exclaimed: "How horrid of Henry Wotton to be -so late! I sent round to him this morning on chance and he promised -faithfully not to disappoint me." - -It was some consolation that Harry was to be there, and when the door -opened and he heard his slow musical voice lending charm to some -insincere apology, he ceased to feel bored. - -But at dinner he could not eat anything. Plate after plate went away -untasted. Lady Narborough kept scolding him for what she called "an -insult to poor Adolphe, who invented the _menu_ specially for you," and -now and then Lord Henry looked across at him, wondering at his silence -and abstracted manner. From time to time the butler filled his glass -with champagne. He drank eagerly, and his thirst seemed to increase. - -"Dorian," said Lord Henry at last, as the _chaud-froid_ was being handed -round, "what is the matter with you to-night? You are quite out of -sorts." - -"I believe he is in love," cried Lady Narborough, "and that he is -afraid to tell me for fear I should be jealous. He is quite right. I -certainly should." - -"Dear Lady Narborough," murmured Dorian, smiling, "I have not been in -love for a whole week--not, in fact, since Madame de Ferrol left town." - -"How you men can fall in love with that woman!" exclaimed the old lady. -"I really cannot understand it." - -"It is simply because she remembers you when you were a little girl, -Lady Narborough," said Lord Henry. "She is the one link between us and -your short frocks." - -"She does not remember my short frocks at all, Lord Henry. But I -remember her very well at Vienna thirty years ago, and how _decolletee_ -she was then." - -"She is still _decolletee_," he answered, taking an olive in his long -fingers; "and when she is in a very smart gown she looks like an -_edition de luxe_ of a bad French novel. She is really wonderful, and -full of surprises. Her capacity for family affection is extraordinary. -When her third husband died, her hair turned quite gold from grief." - -"How can you, Harry!" cried Dorian. - -"It is a most romantic explanation," laughed the hostess. "But her -third husband, Lord Henry! You don't mean to say Ferrol is the fourth?" - -"Certainly, Lady Narborough." - -"I don't believe a word of it." - -"Well, ask Mr. Gray. He is one of her most intimate friends." - -"Is it true, Mr. Gray?" - -"She assures me so, Lady Narborough," said Dorian. "I asked her -whether, like Marguerite de Navarre, she had their hearts embalmed and -hung at her girdle. She told me she didn't, because none of them had -had any hearts at all." - -"Four husbands! Upon my word that is _trop de zele_." - -"_Trop d'audace_, I tell her," said Dorian. - -"Oh! she is audacious enough for anything, my dear. And what is Ferrol -like? I don't know him." - -"The husbands of very beautiful women belong to the criminal classes," -said Lord Henry, sipping his wine. - -Lady Narborough hit him with her fan. "Lord Henry, I am not at all -surprised that the world says that you are extremely wicked." - -"But what world says that?" asked Lord Henry, elevating his eyebrows. -"It can only be the next world. This world and I are on excellent -terms." - -"Everybody I know says you are very wicked," cried the old lady, -shaking her head. - -Lord Henry looked serious for some moments. "It is perfectly -monstrous," he said, at last, "the way people go about nowadays saying -things against one behind one's back that are absolutely and entirely -true." - -"Isn't he incorrigible?" cried Dorian, leaning forward in his chair. - -"I hope so," said his hostess, laughing. "But really, if you all -worship Madame de Ferrol in this ridiculous way, I shall have to marry -again so as to be in the fashion." - -"You will never marry again, Lady Narborough," broke in Lord Henry. -"You were far too happy. When a woman marries again, it is because she -detested her first husband. When a man marries again, it is because he -adored his first wife. Women try their luck; men risk theirs." - -"Narborough wasn't perfect," cried the old lady. - -"If he had been, you would not have loved him, my dear lady," was the -rejoinder. "Women love us for our defects. If we have enough of them, -they will forgive us everything, even our intellects. You will never -ask me to dinner again after saying this, I am afraid, Lady Narborough, -but it is quite true." - -"Of course it is true, Lord Henry. If we women did not love you for -your defects, where would you all be? Not one of you would ever be -married. You would be a set of unfortunate bachelors. Not, however, -that that would alter you much. Nowadays all the married men live like -bachelors, and all the bachelors like married men." - -"_Fin de siecle_," murmured Lord Henry. - -"_Fin du globe_," answered his hostess. - -"I wish it were _fin du globe_," said Dorian with a sigh. "Life is a -great disappointment." - -"Ah, my dear," cried Lady Narborough, putting on her gloves, "don't -tell me that you have exhausted life. When a man says that one knows -that life has exhausted him. Lord Henry is very wicked, and I -sometimes wish that I had been; but you are made to be good--you look -so good. I must find you a nice wife. Lord Henry, don't you think -that Mr. Gray should get married?" - -"I am always telling him so, Lady Narborough," said Lord Henry with a -bow. - -"Well, we must look out for a suitable match for him. I shall go -through Debrett carefully to-night and draw out a list of all the -eligible young ladies." - -"With their ages, Lady Narborough?" asked Dorian. - -"Of course, with their ages, slightly edited. But nothing must be done -in a hurry. I want it to be what _The Morning Post_ calls a suitable -alliance, and I want you both to be happy." - -"What nonsense people talk about happy marriages!" exclaimed Lord -Henry. "A man can be happy with any woman, as long as he does not love -her." - -"Ah! what a cynic you are!" cried the old lady, pushing back her chair -and nodding to Lady Ruxton. "You must come and dine with me soon -again. You are really an admirable tonic, much better than what Sir -Andrew prescribes for me. You must tell me what people you would like -to meet, though. I want it to be a delightful gathering." - -"I like men who have a future and women who have a past," he answered. -"Or do you think that would make it a petticoat party?" - -"I fear so," she said, laughing, as she stood up. "A thousand pardons, -my dear Lady Ruxton," she added, "I didn't see you hadn't finished your -cigarette." - -"Never mind, Lady Narborough. I smoke a great deal too much. I am -going to limit myself, for the future." - -"Pray don't, Lady Ruxton," said Lord Henry. "Moderation is a fatal -thing. Enough is as bad as a meal. More than enough is as good as a -feast." - -Lady Ruxton glanced at him curiously. "You must come and explain that -to me some afternoon, Lord Henry. It sounds a fascinating theory," she -murmured, as she swept out of the room. - -"Now, mind you don't stay too long over your politics and scandal," -cried Lady Narborough from the door. "If you do, we are sure to -squabble upstairs." - -The men laughed, and Mr. Chapman got up solemnly from the foot of the -table and came up to the top. Dorian Gray changed his seat and went -and sat by Lord Henry. Mr. Chapman began to talk in a loud voice about -the situation in the House of Commons. He guffawed at his adversaries. -The word _doctrinaire_--word full of terror to the British -mind--reappeared from time to time between his explosions. An -alliterative prefix served as an ornament of oratory. He hoisted the -Union Jack on the pinnacles of thought. The inherited stupidity of the -race--sound English common sense he jovially termed it--was shown to be -the proper bulwark for society. - -A smile curved Lord Henry's lips, and he turned round and looked at -Dorian. - -"Are you better, my dear fellow?" he asked. "You seemed rather out of -sorts at dinner." - -"I am quite well, Harry. I am tired. That is all." - -"You were charming last night. The little duchess is quite devoted to -you. She tells me she is going down to Selby." - -"She has promised to come on the twentieth." - -"Is Monmouth to be there, too?" - -"Oh, yes, Harry." - -"He bores me dreadfully, almost as much as he bores her. She is very -clever, too clever for a woman. She lacks the indefinable charm of -weakness. It is the feet of clay that make the gold of the image -precious. Her feet are very pretty, but they are not feet of clay. -White porcelain feet, if you like. They have been through the fire, -and what fire does not destroy, it hardens. She has had experiences." - -"How long has she been married?" asked Dorian. - -"An eternity, she tells me. I believe, according to the peerage, it is -ten years, but ten years with Monmouth must have been like eternity, -with time thrown in. Who else is coming?" - -"Oh, the Willoughbys, Lord Rugby and his wife, our hostess, Geoffrey -Clouston, the usual set. I have asked Lord Grotrian." - -"I like him," said Lord Henry. "A great many people don't, but I find -him charming. He atones for being occasionally somewhat overdressed by -being always absolutely over-educated. He is a very modern type." - -"I don't know if he will be able to come, Harry. He may have to go to -Monte Carlo with his father." - -"Ah! what a nuisance people's people are! Try and make him come. By -the way, Dorian, you ran off very early last night. You left before -eleven. What did you do afterwards? Did you go straight home?" - -Dorian glanced at him hurriedly and frowned. - -"No, Harry," he said at last, "I did not get home till nearly three." - -"Did you go to the club?" - -"Yes," he answered. Then he bit his lip. "No, I don't mean that. I -didn't go to the club. I walked about. I forget what I did.... How -inquisitive you are, Harry! You always want to know what one has been -doing. I always want to forget what I have been doing. I came in at -half-past two, if you wish to know the exact time. I had left my -latch-key at home, and my servant had to let me in. If you want any -corroborative evidence on the subject, you can ask him." - -Lord Henry shrugged his shoulders. "My dear fellow, as if I cared! -Let us go up to the drawing-room. No sherry, thank you, Mr. Chapman. -Something has happened to you, Dorian. Tell me what it is. You are -not yourself to-night." - -"Don't mind me, Harry. I am irritable, and out of temper. I shall -come round and see you to-morrow, or next day. Make my excuses to Lady -Narborough. I shan't go upstairs. I shall go home. I must go home." - -"All right, Dorian. I dare say I shall see you to-morrow at tea-time. -The duchess is coming." - -"I will try to be there, Harry," he said, leaving the room. As he -drove back to his own house, he was conscious that the sense of terror -he thought he had strangled had come back to him. Lord Henry's casual -questioning had made him lose his nerve for the moment, and he wanted -his nerve still. Things that were dangerous had to be destroyed. He -winced. He hated the idea of even touching them. - -Yet it had to be done. He realized that, and when he had locked the -door of his library, he opened the secret press into which he had -thrust Basil Hallward's coat and bag. A huge fire was blazing. He -piled another log on it. The smell of the singeing clothes and burning -leather was horrible. It took him three-quarters of an hour to consume -everything. At the end he felt faint and sick, and having lit some -Algerian pastilles in a pierced copper brazier, he bathed his hands and -forehead with a cool musk-scented vinegar. - -Suddenly he started. His eyes grew strangely bright, and he gnawed -nervously at his underlip. Between two of the windows stood a large -Florentine cabinet, made out of ebony and inlaid with ivory and blue -lapis. He watched it as though it were a thing that could fascinate -and make afraid, as though it held something that he longed for and yet -almost loathed. His breath quickened. A mad craving came over him. -He lit a cigarette and then threw it away. His eyelids drooped till -the long fringed lashes almost touched his cheek. But he still watched -the cabinet. At last he got up from the sofa on which he had been -lying, went over to it, and having unlocked it, touched some hidden -spring. A triangular drawer passed slowly out. His fingers moved -instinctively towards it, dipped in, and closed on something. It was a -small Chinese box of black and gold-dust lacquer, elaborately wrought, -the sides patterned with curved waves, and the silken cords hung with -round crystals and tasselled in plaited metal threads. He opened it. -Inside was a green paste, waxy in lustre, the odour curiously heavy and -persistent. - -He hesitated for some moments, with a strangely immobile smile upon his -face. Then shivering, though the atmosphere of the room was terribly -hot, he drew himself up and glanced at the clock. It was twenty -minutes to twelve. He put the box back, shutting the cabinet doors as -he did so, and went into his bedroom. - -As midnight was striking bronze blows upon the dusky air, Dorian Gray, -dressed commonly, and with a muffler wrapped round his throat, crept -quietly out of his house. In Bond Street he found a hansom with a good -horse. He hailed it and in a low voice gave the driver an address. - -The man shook his head. "It is too far for me," he muttered. - -"Here is a sovereign for you," said Dorian. "You shall have another if -you drive fast." - -"All right, sir," answered the man, "you will be there in an hour," and -after his fare had got in he turned his horse round and drove rapidly -towards the river. - - - -CHAPTER 16 - -A cold rain began to fall, and the blurred street-lamps looked ghastly -in the dripping mist. The public-houses were just closing, and dim men -and women were clustering in broken groups round their doors. From -some of the bars came the sound of horrible laughter. In others, -drunkards brawled and screamed. - -Lying back in the hansom, with his hat pulled over his forehead, Dorian -Gray watched with listless eyes the sordid shame of the great city, and -now and then he repeated to himself the words that Lord Henry had said -to him on the first day they had met, "To cure the soul by means of the -senses, and the senses by means of the soul." Yes, that was the -secret. He had often tried it, and would try it again now. There were -opium dens where one could buy oblivion, dens of horror where the -memory of old sins could be destroyed by the madness of sins that were -new. - -The moon hung low in the sky like a yellow skull. From time to time a -huge misshapen cloud stretched a long arm across and hid it. The -gas-lamps grew fewer, and the streets more narrow and gloomy. Once the -man lost his way and had to drive back half a mile. A steam rose from -the horse as it splashed up the puddles. The sidewindows of the hansom -were clogged with a grey-flannel mist. - -"To cure the soul by means of the senses, and the senses by means of -the soul!" How the words rang in his ears! His soul, certainly, was -sick to death. Was it true that the senses could cure it? Innocent -blood had been spilled. What could atone for that? Ah! for that there -was no atonement; but though forgiveness was impossible, forgetfulness -was possible still, and he was determined to forget, to stamp the thing -out, to crush it as one would crush the adder that had stung one. -Indeed, what right had Basil to have spoken to him as he had done? Who -had made him a judge over others? He had said things that were -dreadful, horrible, not to be endured. - -On and on plodded the hansom, going slower, it seemed to him, at each -step. He thrust up the trap and called to the man to drive faster. -The hideous hunger for opium began to gnaw at him. His throat burned -and his delicate hands twitched nervously together. He struck at the -horse madly with his stick. The driver laughed and whipped up. He -laughed in answer, and the man was silent. - -The way seemed interminable, and the streets like the black web of some -sprawling spider. The monotony became unbearable, and as the mist -thickened, he felt afraid. - -Then they passed by lonely brickfields. The fog was lighter here, and -he could see the strange, bottle-shaped kilns with their orange, -fanlike tongues of fire. A dog barked as they went by, and far away in -the darkness some wandering sea-gull screamed. The horse stumbled in a -rut, then swerved aside and broke into a gallop. - -After some time they left the clay road and rattled again over -rough-paven streets. Most of the windows were dark, but now and then -fantastic shadows were silhouetted against some lamplit blind. He -watched them curiously. They moved like monstrous marionettes and made -gestures like live things. He hated them. A dull rage was in his -heart. As they turned a corner, a woman yelled something at them from -an open door, and two men ran after the hansom for about a hundred -yards. The driver beat at them with his whip. - -It is said that passion makes one think in a circle. Certainly with -hideous iteration the bitten lips of Dorian Gray shaped and reshaped -those subtle words that dealt with soul and sense, till he had found in -them the full expression, as it were, of his mood, and justified, by -intellectual approval, passions that without such justification would -still have dominated his temper. From cell to cell of his brain crept -the one thought; and the wild desire to live, most terrible of all -man's appetites, quickened into force each trembling nerve and fibre. -Ugliness that had once been hateful to him because it made things real, -became dear to him now for that very reason. Ugliness was the one -reality. The coarse brawl, the loathsome den, the crude violence of -disordered life, the very vileness of thief and outcast, were more -vivid, in their intense actuality of impression, than all the gracious -shapes of art, the dreamy shadows of song. They were what he needed -for forgetfulness. In three days he would be free. - -Suddenly the man drew up with a jerk at the top of a dark lane. Over -the low roofs and jagged chimney-stacks of the houses rose the black -masts of ships. Wreaths of white mist clung like ghostly sails to the -yards. - -"Somewhere about here, sir, ain't it?" he asked huskily through the -trap. - -Dorian started and peered round. "This will do," he answered, and -having got out hastily and given the driver the extra fare he had -promised him, he walked quickly in the direction of the quay. Here and -there a lantern gleamed at the stern of some huge merchantman. The -light shook and splintered in the puddles. A red glare came from an -outward-bound steamer that was coaling. The slimy pavement looked like -a wet mackintosh. - -He hurried on towards the left, glancing back now and then to see if he -was being followed. In about seven or eight minutes he reached a small -shabby house that was wedged in between two gaunt factories. In one of -the top-windows stood a lamp. He stopped and gave a peculiar knock. - -After a little time he heard steps in the passage and the chain being -unhooked. The door opened quietly, and he went in without saying a -word to the squat misshapen figure that flattened itself into the -shadow as he passed. At the end of the hall hung a tattered green -curtain that swayed and shook in the gusty wind which had followed him -in from the street. He dragged it aside and entered a long low room -which looked as if it had once been a third-rate dancing-saloon. Shrill -flaring gas-jets, dulled and distorted in the fly-blown mirrors that -faced them, were ranged round the walls. Greasy reflectors of ribbed -tin backed them, making quivering disks of light. The floor was -covered with ochre-coloured sawdust, trampled here and there into mud, -and stained with dark rings of spilled liquor. Some Malays were -crouching by a little charcoal stove, playing with bone counters and -showing their white teeth as they chattered. In one corner, with his -head buried in his arms, a sailor sprawled over a table, and by the -tawdrily painted bar that ran across one complete side stood two -haggard women, mocking an old man who was brushing the sleeves of his -coat with an expression of disgust. "He thinks he's got red ants on -him," laughed one of them, as Dorian passed by. The man looked at her -in terror and began to whimper. - -At the end of the room there was a little staircase, leading to a -darkened chamber. As Dorian hurried up its three rickety steps, the -heavy odour of opium met him. He heaved a deep breath, and his -nostrils quivered with pleasure. When he entered, a young man with -smooth yellow hair, who was bending over a lamp lighting a long thin -pipe, looked up at him and nodded in a hesitating manner. - -"You here, Adrian?" muttered Dorian. - -"Where else should I be?" he answered, listlessly. "None of the chaps -will speak to me now." - -"I thought you had left England." - -"Darlington is not going to do anything. My brother paid the bill at -last. George doesn't speak to me either.... I don't care," he added -with a sigh. "As long as one has this stuff, one doesn't want friends. -I think I have had too many friends." - -Dorian winced and looked round at the grotesque things that lay in such -fantastic postures on the ragged mattresses. The twisted limbs, the -gaping mouths, the staring lustreless eyes, fascinated him. He knew in -what strange heavens they were suffering, and what dull hells were -teaching them the secret of some new joy. They were better off than he -was. He was prisoned in thought. Memory, like a horrible malady, was -eating his soul away. From time to time he seemed to see the eyes of -Basil Hallward looking at him. Yet he felt he could not stay. The -presence of Adrian Singleton troubled him. He wanted to be where no -one would know who he was. He wanted to escape from himself. - -"I am going on to the other place," he said after a pause. - -"On the wharf?" - -"Yes." - -"That mad-cat is sure to be there. They won't have her in this place -now." - -Dorian shrugged his shoulders. "I am sick of women who love one. -Women who hate one are much more interesting. Besides, the stuff is -better." - -"Much the same." - -"I like it better. Come and have something to drink. I must have -something." - -"I don't want anything," murmured the young man. - -"Never mind." - -Adrian Singleton rose up wearily and followed Dorian to the bar. A -half-caste, in a ragged turban and a shabby ulster, grinned a hideous -greeting as he thrust a bottle of brandy and two tumblers in front of -them. The women sidled up and began to chatter. Dorian turned his -back on them and said something in a low voice to Adrian Singleton. - -A crooked smile, like a Malay crease, writhed across the face of one of -the women. "We are very proud to-night," she sneered. - -"For God's sake don't talk to me," cried Dorian, stamping his foot on -the ground. "What do you want? Money? Here it is. Don't ever talk -to me again." - -Two red sparks flashed for a moment in the woman's sodden eyes, then -flickered out and left them dull and glazed. She tossed her head and -raked the coins off the counter with greedy fingers. Her companion -watched her enviously. - -"It's no use," sighed Adrian Singleton. "I don't care to go back. -What does it matter? I am quite happy here." - -"You will write to me if you want anything, won't you?" said Dorian, -after a pause. - -"Perhaps." - -"Good night, then." - -"Good night," answered the young man, passing up the steps and wiping -his parched mouth with a handkerchief. - -Dorian walked to the door with a look of pain in his face. As he drew -the curtain aside, a hideous laugh broke from the painted lips of the -woman who had taken his money. "There goes the devil's bargain!" she -hiccoughed, in a hoarse voice. - -"Curse you!" he answered, "don't call me that." - -She snapped her fingers. "Prince Charming is what you like to be -called, ain't it?" she yelled after him. - -The drowsy sailor leaped to his feet as she spoke, and looked wildly -round. The sound of the shutting of the hall door fell on his ear. He -rushed out as if in pursuit. - -Dorian Gray hurried along the quay through the drizzling rain. His -meeting with Adrian Singleton had strangely moved him, and he wondered -if the ruin of that young life was really to be laid at his door, as -Basil Hallward had said to him with such infamy of insult. He bit his -lip, and for a few seconds his eyes grew sad. Yet, after all, what did -it matter to him? One's days were too brief to take the burden of -another's errors on one's shoulders. Each man lived his own life and -paid his own price for living it. The only pity was one had to pay so -often for a single fault. One had to pay over and over again, indeed. -In her dealings with man, destiny never closed her accounts. - -There are moments, psychologists tell us, when the passion for sin, or -for what the world calls sin, so dominates a nature that every fibre of -the body, as every cell of the brain, seems to be instinct with fearful -impulses. Men and women at such moments lose the freedom of their -will. They move to their terrible end as automatons move. Choice is -taken from them, and conscience is either killed, or, if it lives at -all, lives but to give rebellion its fascination and disobedience its -charm. For all sins, as theologians weary not of reminding us, are -sins of disobedience. When that high spirit, that morning star of -evil, fell from heaven, it was as a rebel that he fell. - -Callous, concentrated on evil, with stained mind, and soul hungry for -rebellion, Dorian Gray hastened on, quickening his step as he went, but -as he darted aside into a dim archway, that had served him often as a -short cut to the ill-famed place where he was going, he felt himself -suddenly seized from behind, and before he had time to defend himself, -he was thrust back against the wall, with a brutal hand round his -throat. - -He struggled madly for life, and by a terrible effort wrenched the -tightening fingers away. In a second he heard the click of a revolver, -and saw the gleam of a polished barrel, pointing straight at his head, -and the dusky form of a short, thick-set man facing him. - -"What do you want?" he gasped. - -"Keep quiet," said the man. "If you stir, I shoot you." - -"You are mad. What have I done to you?" - -"You wrecked the life of Sibyl Vane," was the answer, "and Sibyl Vane -was my sister. She killed herself. I know it. Her death is at your -door. I swore I would kill you in return. For years I have sought -you. I had no clue, no trace. The two people who could have described -you were dead. I knew nothing of you but the pet name she used to call -you. I heard it to-night by chance. Make your peace with God, for -to-night you are going to die." - -Dorian Gray grew sick with fear. "I never knew her," he stammered. "I -never heard of her. You are mad." - -"You had better confess your sin, for as sure as I am James Vane, you -are going to die." There was a horrible moment. Dorian did not know -what to say or do. "Down on your knees!" growled the man. "I give you -one minute to make your peace--no more. I go on board to-night for -India, and I must do my job first. One minute. That's all." - -Dorian's arms fell to his side. Paralysed with terror, he did not know -what to do. Suddenly a wild hope flashed across his brain. "Stop," he -cried. "How long ago is it since your sister died? Quick, tell me!" - -"Eighteen years," said the man. "Why do you ask me? What do years -matter?" - -"Eighteen years," laughed Dorian Gray, with a touch of triumph in his -voice. "Eighteen years! Set me under the lamp and look at my face!" - -James Vane hesitated for a moment, not understanding what was meant. -Then he seized Dorian Gray and dragged him from the archway. - -Dim and wavering as was the wind-blown light, yet it served to show him -the hideous error, as it seemed, into which he had fallen, for the face -of the man he had sought to kill had all the bloom of boyhood, all the -unstained purity of youth. He seemed little more than a lad of twenty -summers, hardly older, if older indeed at all, than his sister had been -when they had parted so many years ago. It was obvious that this was -not the man who had destroyed her life. - -He loosened his hold and reeled back. "My God! my God!" he cried, "and -I would have murdered you!" - -Dorian Gray drew a long breath. "You have been on the brink of -committing a terrible crime, my man," he said, looking at him sternly. -"Let this be a warning to you not to take vengeance into your own -hands." - -"Forgive me, sir," muttered James Vane. "I was deceived. A chance -word I heard in that damned den set me on the wrong track." - -"You had better go home and put that pistol away, or you may get into -trouble," said Dorian, turning on his heel and going slowly down the -street. - -James Vane stood on the pavement in horror. He was trembling from head -to foot. After a little while, a black shadow that had been creeping -along the dripping wall moved out into the light and came close to him -with stealthy footsteps. He felt a hand laid on his arm and looked -round with a start. It was one of the women who had been drinking at -the bar. - -"Why didn't you kill him?" she hissed out, putting haggard face quite -close to his. "I knew you were following him when you rushed out from -Daly's. You fool! You should have killed him. He has lots of money, -and he's as bad as bad." - -"He is not the man I am looking for," he answered, "and I want no man's -money. I want a man's life. The man whose life I want must be nearly -forty now. This one is little more than a boy. Thank God, I have not -got his blood upon my hands." - -The woman gave a bitter laugh. "Little more than a boy!" she sneered. -"Why, man, it's nigh on eighteen years since Prince Charming made me -what I am." - -"You lie!" cried James Vane. - -She raised her hand up to heaven. "Before God I am telling the truth," -she cried. - -"Before God?" - -"Strike me dumb if it ain't so. He is the worst one that comes here. -They say he has sold himself to the devil for a pretty face. It's nigh -on eighteen years since I met him. He hasn't changed much since then. -I have, though," she added, with a sickly leer. - -"You swear this?" - -"I swear it," came in hoarse echo from her flat mouth. "But don't give -me away to him," she whined; "I am afraid of him. Let me have some -money for my night's lodging." - -He broke from her with an oath and rushed to the corner of the street, -but Dorian Gray had disappeared. When he looked back, the woman had -vanished also. - - - -CHAPTER 17 - -A week later Dorian Gray was sitting in the conservatory at Selby -Royal, talking to the pretty Duchess of Monmouth, who with her husband, -a jaded-looking man of sixty, was amongst his guests. It was tea-time, -and the mellow light of the huge, lace-covered lamp that stood on the -table lit up the delicate china and hammered silver of the service at -which the duchess was presiding. Her white hands were moving daintily -among the cups, and her full red lips were smiling at something that -Dorian had whispered to her. Lord Henry was lying back in a -silk-draped wicker chair, looking at them. On a peach-coloured divan -sat Lady Narborough, pretending to listen to the duke's description of -the last Brazilian beetle that he had added to his collection. Three -young men in elaborate smoking-suits were handing tea-cakes to some of -the women. The house-party consisted of twelve people, and there were -more expected to arrive on the next day. - -"What are you two talking about?" said Lord Henry, strolling over to -the table and putting his cup down. "I hope Dorian has told you about -my plan for rechristening everything, Gladys. It is a delightful idea." - -"But I don't want to be rechristened, Harry," rejoined the duchess, -looking up at him with her wonderful eyes. "I am quite satisfied with -my own name, and I am sure Mr. Gray should be satisfied with his." - -"My dear Gladys, I would not alter either name for the world. They are -both perfect. I was thinking chiefly of flowers. Yesterday I cut an -orchid, for my button-hole. It was a marvellous spotted thing, as -effective as the seven deadly sins. In a thoughtless moment I asked -one of the gardeners what it was called. He told me it was a fine -specimen of _Robinsoniana_, or something dreadful of that kind. It is a -sad truth, but we have lost the faculty of giving lovely names to -things. Names are everything. I never quarrel with actions. My one -quarrel is with words. That is the reason I hate vulgar realism in -literature. The man who could call a spade a spade should be compelled -to use one. It is the only thing he is fit for." - -"Then what should we call you, Harry?" she asked. - -"His name is Prince Paradox," said Dorian. - -"I recognize him in a flash," exclaimed the duchess. - -"I won't hear of it," laughed Lord Henry, sinking into a chair. "From -a label there is no escape! I refuse the title." - -"Royalties may not abdicate," fell as a warning from pretty lips. - -"You wish me to defend my throne, then?" - -"Yes." - -"I give the truths of to-morrow." - -"I prefer the mistakes of to-day," she answered. - -"You disarm me, Gladys," he cried, catching the wilfulness of her mood. - -"Of your shield, Harry, not of your spear." - -"I never tilt against beauty," he said, with a wave of his hand. - -"That is your error, Harry, believe me. You value beauty far too much." - -"How can you say that? I admit that I think that it is better to be -beautiful than to be good. But on the other hand, no one is more ready -than I am to acknowledge that it is better to be good than to be ugly." - -"Ugliness is one of the seven deadly sins, then?" cried the duchess. -"What becomes of your simile about the orchid?" - -"Ugliness is one of the seven deadly virtues, Gladys. You, as a good -Tory, must not underrate them. Beer, the Bible, and the seven deadly -virtues have made our England what she is." - -"You don't like your country, then?" she asked. - -"I live in it." - -"That you may censure it the better." - -"Would you have me take the verdict of Europe on it?" he inquired. - -"What do they say of us?" - -"That Tartuffe has emigrated to England and opened a shop." - -"Is that yours, Harry?" - -"I give it to you." - -"I could not use it. It is too true." - -"You need not be afraid. Our countrymen never recognize a description." - -"They are practical." - -"They are more cunning than practical. When they make up their ledger, -they balance stupidity by wealth, and vice by hypocrisy." - -"Still, we have done great things." - -"Great things have been thrust on us, Gladys." - -"We have carried their burden." - -"Only as far as the Stock Exchange." - -She shook her head. "I believe in the race," she cried. - -"It represents the survival of the pushing." - -"It has development." - -"Decay fascinates me more." - -"What of art?" she asked. - -"It is a malady." - -"Love?" - -"An illusion." - -"Religion?" - -"The fashionable substitute for belief." - -"You are a sceptic." - -"Never! Scepticism is the beginning of faith." - -"What are you?" - -"To define is to limit." - -"Give me a clue." - -"Threads snap. You would lose your way in the labyrinth." - -"You bewilder me. Let us talk of some one else." - -"Our host is a delightful topic. Years ago he was christened Prince -Charming." - -"Ah! don't remind me of that," cried Dorian Gray. - -"Our host is rather horrid this evening," answered the duchess, -colouring. "I believe he thinks that Monmouth married me on purely -scientific principles as the best specimen he could find of a modern -butterfly." - -"Well, I hope he won't stick pins into you, Duchess," laughed Dorian. - -"Oh! my maid does that already, Mr. Gray, when she is annoyed with me." - -"And what does she get annoyed with you about, Duchess?" - -"For the most trivial things, Mr. Gray, I assure you. Usually because -I come in at ten minutes to nine and tell her that I must be dressed by -half-past eight." - -"How unreasonable of her! You should give her warning." - -"I daren't, Mr. Gray. Why, she invents hats for me. You remember the -one I wore at Lady Hilstone's garden-party? You don't, but it is nice -of you to pretend that you do. Well, she made it out of nothing. All -good hats are made out of nothing." - -"Like all good reputations, Gladys," interrupted Lord Henry. "Every -effect that one produces gives one an enemy. To be popular one must be -a mediocrity." - -"Not with women," said the duchess, shaking her head; "and women rule -the world. I assure you we can't bear mediocrities. We women, as some -one says, love with our ears, just as you men love with your eyes, if -you ever love at all." - -"It seems to me that we never do anything else," murmured Dorian. - -"Ah! then, you never really love, Mr. Gray," answered the duchess with -mock sadness. - -"My dear Gladys!" cried Lord Henry. "How can you say that? Romance -lives by repetition, and repetition converts an appetite into an art. -Besides, each time that one loves is the only time one has ever loved. -Difference of object does not alter singleness of passion. It merely -intensifies it. We can have in life but one great experience at best, -and the secret of life is to reproduce that experience as often as -possible." - -"Even when one has been wounded by it, Harry?" asked the duchess after -a pause. - -"Especially when one has been wounded by it," answered Lord Henry. - -The duchess turned and looked at Dorian Gray with a curious expression -in her eyes. "What do you say to that, Mr. Gray?" she inquired. - -Dorian hesitated for a moment. Then he threw his head back and -laughed. "I always agree with Harry, Duchess." - -"Even when he is wrong?" - -"Harry is never wrong, Duchess." - -"And does his philosophy make you happy?" - -"I have never searched for happiness. Who wants happiness? I have -searched for pleasure." - -"And found it, Mr. Gray?" - -"Often. Too often." - -The duchess sighed. "I am searching for peace," she said, "and if I -don't go and dress, I shall have none this evening." - -"Let me get you some orchids, Duchess," cried Dorian, starting to his -feet and walking down the conservatory. - -"You are flirting disgracefully with him," said Lord Henry to his -cousin. "You had better take care. He is very fascinating." - -"If he were not, there would be no battle." - -"Greek meets Greek, then?" - -"I am on the side of the Trojans. They fought for a woman." - -"They were defeated." - -"There are worse things than capture," she answered. - -"You gallop with a loose rein." - -"Pace gives life," was the _riposte_. - -"I shall write it in my diary to-night." - -"What?" - -"That a burnt child loves the fire." - -"I am not even singed. My wings are untouched." - -"You use them for everything, except flight." - -"Courage has passed from men to women. It is a new experience for us." - -"You have a rival." - -"Who?" - -He laughed. "Lady Narborough," he whispered. "She perfectly adores -him." - -"You fill me with apprehension. The appeal to antiquity is fatal to us -who are romanticists." - -"Romanticists! You have all the methods of science." - -"Men have educated us." - -"But not explained you." - -"Describe us as a sex," was her challenge. - -"Sphinxes without secrets." - -She looked at him, smiling. "How long Mr. Gray is!" she said. "Let us -go and help him. I have not yet told him the colour of my frock." - -"Ah! you must suit your frock to his flowers, Gladys." - -"That would be a premature surrender." - -"Romantic art begins with its climax." - -"I must keep an opportunity for retreat." - -"In the Parthian manner?" - -"They found safety in the desert. I could not do that." - -"Women are not always allowed a choice," he answered, but hardly had he -finished the sentence before from the far end of the conservatory came -a stifled groan, followed by the dull sound of a heavy fall. Everybody -started up. The duchess stood motionless in horror. And with fear in -his eyes, Lord Henry rushed through the flapping palms to find Dorian -Gray lying face downwards on the tiled floor in a deathlike swoon. - -He was carried at once into the blue drawing-room and laid upon one of -the sofas. After a short time, he came to himself and looked round -with a dazed expression. - -"What has happened?" he asked. "Oh! I remember. Am I safe here, -Harry?" He began to tremble. - -"My dear Dorian," answered Lord Henry, "you merely fainted. That was -all. You must have overtired yourself. You had better not come down -to dinner. I will take your place." - -"No, I will come down," he said, struggling to his feet. "I would -rather come down. I must not be alone." - -He went to his room and dressed. There was a wild recklessness of -gaiety in his manner as he sat at table, but now and then a thrill of -terror ran through him when he remembered that, pressed against the -window of the conservatory, like a white handkerchief, he had seen the -face of James Vane watching him. - - - -CHAPTER 18 - -The next day he did not leave the house, and, indeed, spent most of the -time in his own room, sick with a wild terror of dying, and yet -indifferent to life itself. The consciousness of being hunted, snared, -tracked down, had begun to dominate him. If the tapestry did but -tremble in the wind, he shook. The dead leaves that were blown against -the leaded panes seemed to him like his own wasted resolutions and wild -regrets. When he closed his eyes, he saw again the sailor's face -peering through the mist-stained glass, and horror seemed once more to -lay its hand upon his heart. - -But perhaps it had been only his fancy that had called vengeance out of -the night and set the hideous shapes of punishment before him. Actual -life was chaos, but there was something terribly logical in the -imagination. It was the imagination that set remorse to dog the feet -of sin. It was the imagination that made each crime bear its misshapen -brood. In the common world of fact the wicked were not punished, nor -the good rewarded. Success was given to the strong, failure thrust -upon the weak. That was all. Besides, had any stranger been prowling -round the house, he would have been seen by the servants or the -keepers. Had any foot-marks been found on the flower-beds, the -gardeners would have reported it. Yes, it had been merely fancy. -Sibyl Vane's brother had not come back to kill him. He had sailed away -in his ship to founder in some winter sea. From him, at any rate, he -was safe. Why, the man did not know who he was, could not know who he -was. The mask of youth had saved him. - -And yet if it had been merely an illusion, how terrible it was to think -that conscience could raise such fearful phantoms, and give them -visible form, and make them move before one! What sort of life would -his be if, day and night, shadows of his crime were to peer at him from -silent corners, to mock him from secret places, to whisper in his ear -as he sat at the feast, to wake him with icy fingers as he lay asleep! -As the thought crept through his brain, he grew pale with terror, and -the air seemed to him to have become suddenly colder. Oh! in what a -wild hour of madness he had killed his friend! How ghastly the mere -memory of the scene! He saw it all again. Each hideous detail came -back to him with added horror. Out of the black cave of time, terrible -and swathed in scarlet, rose the image of his sin. When Lord Henry -came in at six o'clock, he found him crying as one whose heart will -break. - -It was not till the third day that he ventured to go out. There was -something in the clear, pine-scented air of that winter morning that -seemed to bring him back his joyousness and his ardour for life. But -it was not merely the physical conditions of environment that had -caused the change. His own nature had revolted against the excess of -anguish that had sought to maim and mar the perfection of its calm. -With subtle and finely wrought temperaments it is always so. Their -strong passions must either bruise or bend. They either slay the man, -or themselves die. Shallow sorrows and shallow loves live on. The -loves and sorrows that are great are destroyed by their own plenitude. -Besides, he had convinced himself that he had been the victim of a -terror-stricken imagination, and looked back now on his fears with -something of pity and not a little of contempt. - -After breakfast, he walked with the duchess for an hour in the garden -and then drove across the park to join the shooting-party. The crisp -frost lay like salt upon the grass. The sky was an inverted cup of -blue metal. A thin film of ice bordered the flat, reed-grown lake. - -At the corner of the pine-wood he caught sight of Sir Geoffrey -Clouston, the duchess's brother, jerking two spent cartridges out of -his gun. He jumped from the cart, and having told the groom to take -the mare home, made his way towards his guest through the withered -bracken and rough undergrowth. - -"Have you had good sport, Geoffrey?" he asked. - -"Not very good, Dorian. I think most of the birds have gone to the -open. I dare say it will be better after lunch, when we get to new -ground." - -Dorian strolled along by his side. The keen aromatic air, the brown -and red lights that glimmered in the wood, the hoarse cries of the -beaters ringing out from time to time, and the sharp snaps of the guns -that followed, fascinated him and filled him with a sense of delightful -freedom. He was dominated by the carelessness of happiness, by the -high indifference of joy. - -Suddenly from a lumpy tussock of old grass some twenty yards in front -of them, with black-tipped ears erect and long hinder limbs throwing it -forward, started a hare. It bolted for a thicket of alders. Sir -Geoffrey put his gun to his shoulder, but there was something in the -animal's grace of movement that strangely charmed Dorian Gray, and he -cried out at once, "Don't shoot it, Geoffrey. Let it live." - -"What nonsense, Dorian!" laughed his companion, and as the hare bounded -into the thicket, he fired. There were two cries heard, the cry of a -hare in pain, which is dreadful, the cry of a man in agony, which is -worse. - -"Good heavens! I have hit a beater!" exclaimed Sir Geoffrey. "What an -ass the man was to get in front of the guns! Stop shooting there!" he -called out at the top of his voice. "A man is hurt." - -The head-keeper came running up with a stick in his hand. - -"Where, sir? Where is he?" he shouted. At the same time, the firing -ceased along the line. - -"Here," answered Sir Geoffrey angrily, hurrying towards the thicket. -"Why on earth don't you keep your men back? Spoiled my shooting for -the day." - -Dorian watched them as they plunged into the alder-clump, brushing the -lithe swinging branches aside. In a few moments they emerged, dragging -a body after them into the sunlight. He turned away in horror. It -seemed to him that misfortune followed wherever he went. He heard Sir -Geoffrey ask if the man was really dead, and the affirmative answer of -the keeper. The wood seemed to him to have become suddenly alive with -faces. There was the trampling of myriad feet and the low buzz of -voices. A great copper-breasted pheasant came beating through the -boughs overhead. - -After a few moments--that were to him, in his perturbed state, like -endless hours of pain--he felt a hand laid on his shoulder. He started -and looked round. - -"Dorian," said Lord Henry, "I had better tell them that the shooting is -stopped for to-day. It would not look well to go on." - -"I wish it were stopped for ever, Harry," he answered bitterly. "The -whole thing is hideous and cruel. Is the man ...?" - -He could not finish the sentence. - -"I am afraid so," rejoined Lord Henry. "He got the whole charge of -shot in his chest. He must have died almost instantaneously. Come; -let us go home." - -They walked side by side in the direction of the avenue for nearly -fifty yards without speaking. Then Dorian looked at Lord Henry and -said, with a heavy sigh, "It is a bad omen, Harry, a very bad omen." - -"What is?" asked Lord Henry. "Oh! this accident, I suppose. My dear -fellow, it can't be helped. It was the man's own fault. Why did he -get in front of the guns? Besides, it is nothing to us. It is rather -awkward for Geoffrey, of course. It does not do to pepper beaters. It -makes people think that one is a wild shot. And Geoffrey is not; he -shoots very straight. But there is no use talking about the matter." - -Dorian shook his head. "It is a bad omen, Harry. I feel as if -something horrible were going to happen to some of us. To myself, -perhaps," he added, passing his hand over his eyes, with a gesture of -pain. - -The elder man laughed. "The only horrible thing in the world is _ennui_, -Dorian. That is the one sin for which there is no forgiveness. But we -are not likely to suffer from it unless these fellows keep chattering -about this thing at dinner. I must tell them that the subject is to be -tabooed. As for omens, there is no such thing as an omen. Destiny -does not send us heralds. She is too wise or too cruel for that. -Besides, what on earth could happen to you, Dorian? You have -everything in the world that a man can want. There is no one who would -not be delighted to change places with you." - -"There is no one with whom I would not change places, Harry. Don't -laugh like that. I am telling you the truth. The wretched peasant who -has just died is better off than I am. I have no terror of death. It -is the coming of death that terrifies me. Its monstrous wings seem to -wheel in the leaden air around me. Good heavens! don't you see a man -moving behind the trees there, watching me, waiting for me?" - -Lord Henry looked in the direction in which the trembling gloved hand -was pointing. "Yes," he said, smiling, "I see the gardener waiting for -you. I suppose he wants to ask you what flowers you wish to have on -the table to-night. How absurdly nervous you are, my dear fellow! You -must come and see my doctor, when we get back to town." - -Dorian heaved a sigh of relief as he saw the gardener approaching. The -man touched his hat, glanced for a moment at Lord Henry in a hesitating -manner, and then produced a letter, which he handed to his master. -"Her Grace told me to wait for an answer," he murmured. - -Dorian put the letter into his pocket. "Tell her Grace that I am -coming in," he said, coldly. The man turned round and went rapidly in -the direction of the house. - -"How fond women are of doing dangerous things!" laughed Lord Henry. -"It is one of the qualities in them that I admire most. A woman will -flirt with anybody in the world as long as other people are looking on." - -"How fond you are of saying dangerous things, Harry! In the present -instance, you are quite astray. I like the duchess very much, but I -don't love her." - -"And the duchess loves you very much, but she likes you less, so you -are excellently matched." - -"You are talking scandal, Harry, and there is never any basis for -scandal." - -"The basis of every scandal is an immoral certainty," said Lord Henry, -lighting a cigarette. - -"You would sacrifice anybody, Harry, for the sake of an epigram." - -"The world goes to the altar of its own accord," was the answer. - -"I wish I could love," cried Dorian Gray with a deep note of pathos in -his voice. "But I seem to have lost the passion and forgotten the -desire. I am too much concentrated on myself. My own personality has -become a burden to me. I want to escape, to go away, to forget. It -was silly of me to come down here at all. I think I shall send a wire -to Harvey to have the yacht got ready. On a yacht one is safe." - -"Safe from what, Dorian? You are in some trouble. Why not tell me -what it is? You know I would help you." - -"I can't tell you, Harry," he answered sadly. "And I dare say it is -only a fancy of mine. This unfortunate accident has upset me. I have -a horrible presentiment that something of the kind may happen to me." - -"What nonsense!" - -"I hope it is, but I can't help feeling it. Ah! here is the duchess, -looking like Artemis in a tailor-made gown. You see we have come back, -Duchess." - -"I have heard all about it, Mr. Gray," she answered. "Poor Geoffrey is -terribly upset. And it seems that you asked him not to shoot the hare. -How curious!" - -"Yes, it was very curious. I don't know what made me say it. Some -whim, I suppose. It looked the loveliest of little live things. But I -am sorry they told you about the man. It is a hideous subject." - -"It is an annoying subject," broke in Lord Henry. "It has no -psychological value at all. Now if Geoffrey had done the thing on -purpose, how interesting he would be! I should like to know some one -who had committed a real murder." - -"How horrid of you, Harry!" cried the duchess. "Isn't it, Mr. Gray? -Harry, Mr. Gray is ill again. He is going to faint." - -Dorian drew himself up with an effort and smiled. "It is nothing, -Duchess," he murmured; "my nerves are dreadfully out of order. That is -all. I am afraid I walked too far this morning. I didn't hear what -Harry said. Was it very bad? You must tell me some other time. I -think I must go and lie down. You will excuse me, won't you?" - -They had reached the great flight of steps that led from the -conservatory on to the terrace. As the glass door closed behind -Dorian, Lord Henry turned and looked at the duchess with his slumberous -eyes. "Are you very much in love with him?" he asked. - -She did not answer for some time, but stood gazing at the landscape. -"I wish I knew," she said at last. - -He shook his head. "Knowledge would be fatal. It is the uncertainty -that charms one. A mist makes things wonderful." - -"One may lose one's way." - -"All ways end at the same point, my dear Gladys." - -"What is that?" - -"Disillusion." - -"It was my _debut_ in life," she sighed. - -"It came to you crowned." - -"I am tired of strawberry leaves." - -"They become you." - -"Only in public." - -"You would miss them," said Lord Henry. - -"I will not part with a petal." - -"Monmouth has ears." - -"Old age is dull of hearing." - -"Has he never been jealous?" - -"I wish he had been." - -He glanced about as if in search of something. "What are you looking -for?" she inquired. - -"The button from your foil," he answered. "You have dropped it." - -She laughed. "I have still the mask." - -"It makes your eyes lovelier," was his reply. - -She laughed again. Her teeth showed like white seeds in a scarlet -fruit. - -Upstairs, in his own room, Dorian Gray was lying on a sofa, with terror -in every tingling fibre of his body. Life had suddenly become too -hideous a burden for him to bear. The dreadful death of the unlucky -beater, shot in the thicket like a wild animal, had seemed to him to -pre-figure death for himself also. He had nearly swooned at what Lord -Henry had said in a chance mood of cynical jesting. - -At five o'clock he rang his bell for his servant and gave him orders to -pack his things for the night-express to town, and to have the brougham -at the door by eight-thirty. He was determined not to sleep another -night at Selby Royal. It was an ill-omened place. Death walked there -in the sunlight. The grass of the forest had been spotted with blood. - -Then he wrote a note to Lord Henry, telling him that he was going up to -town to consult his doctor and asking him to entertain his guests in -his absence. As he was putting it into the envelope, a knock came to -the door, and his valet informed him that the head-keeper wished to see -him. He frowned and bit his lip. "Send him in," he muttered, after -some moments' hesitation. - -As soon as the man entered, Dorian pulled his chequebook out of a -drawer and spread it out before him. - -"I suppose you have come about the unfortunate accident of this -morning, Thornton?" he said, taking up a pen. - -"Yes, sir," answered the gamekeeper. - -"Was the poor fellow married? Had he any people dependent on him?" -asked Dorian, looking bored. "If so, I should not like them to be left -in want, and will send them any sum of money you may think necessary." - -"We don't know who he is, sir. That is what I took the liberty of -coming to you about." - -"Don't know who he is?" said Dorian, listlessly. "What do you mean? -Wasn't he one of your men?" - -"No, sir. Never saw him before. Seems like a sailor, sir." - -The pen dropped from Dorian Gray's hand, and he felt as if his heart -had suddenly stopped beating. "A sailor?" he cried out. "Did you say -a sailor?" - -"Yes, sir. He looks as if he had been a sort of sailor; tattooed on -both arms, and that kind of thing." - -"Was there anything found on him?" said Dorian, leaning forward and -looking at the man with startled eyes. "Anything that would tell his -name?" - -"Some money, sir--not much, and a six-shooter. There was no name of any -kind. A decent-looking man, sir, but rough-like. A sort of sailor we -think." - -Dorian started to his feet. A terrible hope fluttered past him. He -clutched at it madly. "Where is the body?" he exclaimed. "Quick! I -must see it at once." - -"It is in an empty stable in the Home Farm, sir. The folk don't like -to have that sort of thing in their houses. They say a corpse brings -bad luck." - -"The Home Farm! Go there at once and meet me. Tell one of the grooms -to bring my horse round. No. Never mind. I'll go to the stables -myself. It will save time." - -In less than a quarter of an hour, Dorian Gray was galloping down the -long avenue as hard as he could go. The trees seemed to sweep past him -in spectral procession, and wild shadows to fling themselves across his -path. Once the mare swerved at a white gate-post and nearly threw him. -He lashed her across the neck with his crop. She cleft the dusky air -like an arrow. The stones flew from her hoofs. - -At last he reached the Home Farm. Two men were loitering in the yard. -He leaped from the saddle and threw the reins to one of them. In the -farthest stable a light was glimmering. Something seemed to tell him -that the body was there, and he hurried to the door and put his hand -upon the latch. - -There he paused for a moment, feeling that he was on the brink of a -discovery that would either make or mar his life. Then he thrust the -door open and entered. - -On a heap of sacking in the far corner was lying the dead body of a man -dressed in a coarse shirt and a pair of blue trousers. A spotted -handkerchief had been placed over the face. A coarse candle, stuck in -a bottle, sputtered beside it. - -Dorian Gray shuddered. He felt that his could not be the hand to take -the handkerchief away, and called out to one of the farm-servants to -come to him. - -"Take that thing off the face. I wish to see it," he said, clutching -at the door-post for support. - -When the farm-servant had done so, he stepped forward. A cry of joy -broke from his lips. The man who had been shot in the thicket was -James Vane. - -He stood there for some minutes looking at the dead body. As he rode -home, his eyes were full of tears, for he knew he was safe. - - - -CHAPTER 19 - -"There is no use your telling me that you are going to be good," cried -Lord Henry, dipping his white fingers into a red copper bowl filled -with rose-water. "You are quite perfect. Pray, don't change." - -Dorian Gray shook his head. "No, Harry, I have done too many dreadful -things in my life. I am not going to do any more. I began my good -actions yesterday." - -"Where were you yesterday?" - -"In the country, Harry. I was staying at a little inn by myself." - -"My dear boy," said Lord Henry, smiling, "anybody can be good in the -country. There are no temptations there. That is the reason why -people who live out of town are so absolutely uncivilized. -Civilization is not by any means an easy thing to attain to. There are -only two ways by which man can reach it. One is by being cultured, the -other by being corrupt. Country people have no opportunity of being -either, so they stagnate." - -"Culture and corruption," echoed Dorian. "I have known something of -both. It seems terrible to me now that they should ever be found -together. For I have a new ideal, Harry. I am going to alter. I -think I have altered." - -"You have not yet told me what your good action was. Or did you say -you had done more than one?" asked his companion as he spilled into his -plate a little crimson pyramid of seeded strawberries and, through a -perforated, shell-shaped spoon, snowed white sugar upon them. - -"I can tell you, Harry. It is not a story I could tell to any one -else. I spared somebody. It sounds vain, but you understand what I -mean. She was quite beautiful and wonderfully like Sibyl Vane. I -think it was that which first attracted me to her. You remember Sibyl, -don't you? How long ago that seems! Well, Hetty was not one of our -own class, of course. She was simply a girl in a village. But I -really loved her. I am quite sure that I loved her. All during this -wonderful May that we have been having, I used to run down and see her -two or three times a week. Yesterday she met me in a little orchard. -The apple-blossoms kept tumbling down on her hair, and she was -laughing. We were to have gone away together this morning at dawn. -Suddenly I determined to leave her as flowerlike as I had found her." - -"I should think the novelty of the emotion must have given you a thrill -of real pleasure, Dorian," interrupted Lord Henry. "But I can finish -your idyll for you. You gave her good advice and broke her heart. -That was the beginning of your reformation." - -"Harry, you are horrible! You mustn't say these dreadful things. -Hetty's heart is not broken. Of course, she cried and all that. But -there is no disgrace upon her. She can live, like Perdita, in her -garden of mint and marigold." - -"And weep over a faithless Florizel," said Lord Henry, laughing, as he -leaned back in his chair. "My dear Dorian, you have the most curiously -boyish moods. Do you think this girl will ever be really content now -with any one of her own rank? I suppose she will be married some day -to a rough carter or a grinning ploughman. Well, the fact of having -met you, and loved you, will teach her to despise her husband, and she -will be wretched. From a moral point of view, I cannot say that I -think much of your great renunciation. Even as a beginning, it is -poor. Besides, how do you know that Hetty isn't floating at the -present moment in some starlit mill-pond, with lovely water-lilies -round her, like Ophelia?" - -"I can't bear this, Harry! You mock at everything, and then suggest -the most serious tragedies. I am sorry I told you now. I don't care -what you say to me. I know I was right in acting as I did. Poor -Hetty! As I rode past the farm this morning, I saw her white face at -the window, like a spray of jasmine. Don't let us talk about it any -more, and don't try to persuade me that the first good action I have -done for years, the first little bit of self-sacrifice I have ever -known, is really a sort of sin. I want to be better. I am going to be -better. Tell me something about yourself. What is going on in town? -I have not been to the club for days." - -"The people are still discussing poor Basil's disappearance." - -"I should have thought they had got tired of that by this time," said -Dorian, pouring himself out some wine and frowning slightly. - -"My dear boy, they have only been talking about it for six weeks, and -the British public are really not equal to the mental strain of having -more than one topic every three months. They have been very fortunate -lately, however. They have had my own divorce-case and Alan Campbell's -suicide. Now they have got the mysterious disappearance of an artist. -Scotland Yard still insists that the man in the grey ulster who left -for Paris by the midnight train on the ninth of November was poor -Basil, and the French police declare that Basil never arrived in Paris -at all. I suppose in about a fortnight we shall be told that he has -been seen in San Francisco. It is an odd thing, but every one who -disappears is said to be seen at San Francisco. It must be a -delightful city, and possess all the attractions of the next world." - -"What do you think has happened to Basil?" asked Dorian, holding up his -Burgundy against the light and wondering how it was that he could -discuss the matter so calmly. - -"I have not the slightest idea. If Basil chooses to hide himself, it -is no business of mine. If he is dead, I don't want to think about -him. Death is the only thing that ever terrifies me. I hate it." - -"Why?" said the younger man wearily. - -"Because," said Lord Henry, passing beneath his nostrils the gilt -trellis of an open vinaigrette box, "one can survive everything -nowadays except that. Death and vulgarity are the only two facts in -the nineteenth century that one cannot explain away. Let us have our -coffee in the music-room, Dorian. You must play Chopin to me. The man -with whom my wife ran away played Chopin exquisitely. Poor Victoria! -I was very fond of her. The house is rather lonely without her. Of -course, married life is merely a habit, a bad habit. But then one -regrets the loss even of one's worst habits. Perhaps one regrets them -the most. They are such an essential part of one's personality." - -Dorian said nothing, but rose from the table, and passing into the next -room, sat down to the piano and let his fingers stray across the white -and black ivory of the keys. After the coffee had been brought in, he -stopped, and looking over at Lord Henry, said, "Harry, did it ever -occur to you that Basil was murdered?" - -Lord Henry yawned. "Basil was very popular, and always wore a -Waterbury watch. Why should he have been murdered? He was not clever -enough to have enemies. Of course, he had a wonderful genius for -painting. But a man can paint like Velasquez and yet be as dull as -possible. Basil was really rather dull. He only interested me once, -and that was when he told me, years ago, that he had a wild adoration -for you and that you were the dominant motive of his art." - -"I was very fond of Basil," said Dorian with a note of sadness in his -voice. "But don't people say that he was murdered?" - -"Oh, some of the papers do. It does not seem to me to be at all -probable. I know there are dreadful places in Paris, but Basil was not -the sort of man to have gone to them. He had no curiosity. It was his -chief defect." - -"What would you say, Harry, if I told you that I had murdered Basil?" -said the younger man. He watched him intently after he had spoken. - -"I would say, my dear fellow, that you were posing for a character that -doesn't suit you. All crime is vulgar, just as all vulgarity is crime. -It is not in you, Dorian, to commit a murder. I am sorry if I hurt -your vanity by saying so, but I assure you it is true. Crime belongs -exclusively to the lower orders. I don't blame them in the smallest -degree. I should fancy that crime was to them what art is to us, -simply a method of procuring extraordinary sensations." - -"A method of procuring sensations? Do you think, then, that a man who -has once committed a murder could possibly do the same crime again? -Don't tell me that." - -"Oh! anything becomes a pleasure if one does it too often," cried Lord -Henry, laughing. "That is one of the most important secrets of life. -I should fancy, however, that murder is always a mistake. One should -never do anything that one cannot talk about after dinner. But let us -pass from poor Basil. I wish I could believe that he had come to such -a really romantic end as you suggest, but I can't. I dare say he fell -into the Seine off an omnibus and that the conductor hushed up the -scandal. Yes: I should fancy that was his end. I see him lying now -on his back under those dull-green waters, with the heavy barges -floating over him and long weeds catching in his hair. Do you know, I -don't think he would have done much more good work. During the last -ten years his painting had gone off very much." - -Dorian heaved a sigh, and Lord Henry strolled across the room and began -to stroke the head of a curious Java parrot, a large, grey-plumaged -bird with pink crest and tail, that was balancing itself upon a bamboo -perch. As his pointed fingers touched it, it dropped the white scurf -of crinkled lids over black, glasslike eyes and began to sway backwards -and forwards. - -"Yes," he continued, turning round and taking his handkerchief out of -his pocket; "his painting had quite gone off. It seemed to me to have -lost something. It had lost an ideal. When you and he ceased to be -great friends, he ceased to be a great artist. What was it separated -you? I suppose he bored you. If so, he never forgave you. It's a -habit bores have. By the way, what has become of that wonderful -portrait he did of you? I don't think I have ever seen it since he -finished it. Oh! I remember your telling me years ago that you had -sent it down to Selby, and that it had got mislaid or stolen on the -way. You never got it back? What a pity! it was really a -masterpiece. I remember I wanted to buy it. I wish I had now. It -belonged to Basil's best period. Since then, his work was that curious -mixture of bad painting and good intentions that always entitles a man -to be called a representative British artist. Did you advertise for -it? You should." - -"I forget," said Dorian. "I suppose I did. But I never really liked -it. I am sorry I sat for it. The memory of the thing is hateful to -me. Why do you talk of it? It used to remind me of those curious -lines in some play--Hamlet, I think--how do they run?-- - - "Like the painting of a sorrow, - A face without a heart." - -Yes: that is what it was like." - -Lord Henry laughed. "If a man treats life artistically, his brain is -his heart," he answered, sinking into an arm-chair. - -Dorian Gray shook his head and struck some soft chords on the piano. -"'Like the painting of a sorrow,'" he repeated, "'a face without a -heart.'" - -The elder man lay back and looked at him with half-closed eyes. "By -the way, Dorian," he said after a pause, "'what does it profit a man if -he gain the whole world and lose--how does the quotation run?--his own -soul'?" - -The music jarred, and Dorian Gray started and stared at his friend. -"Why do you ask me that, Harry?" - -"My dear fellow," said Lord Henry, elevating his eyebrows in surprise, -"I asked you because I thought you might be able to give me an answer. -That is all. I was going through the park last Sunday, and close by -the Marble Arch there stood a little crowd of shabby-looking people -listening to some vulgar street-preacher. As I passed by, I heard the -man yelling out that question to his audience. It struck me as being -rather dramatic. London is very rich in curious effects of that kind. -A wet Sunday, an uncouth Christian in a mackintosh, a ring of sickly -white faces under a broken roof of dripping umbrellas, and a wonderful -phrase flung into the air by shrill hysterical lips--it was really very -good in its way, quite a suggestion. I thought of telling the prophet -that art had a soul, but that man had not. I am afraid, however, he -would not have understood me." - -"Don't, Harry. The soul is a terrible reality. It can be bought, and -sold, and bartered away. It can be poisoned, or made perfect. There -is a soul in each one of us. I know it." - -"Do you feel quite sure of that, Dorian?" - -"Quite sure." - -"Ah! then it must be an illusion. The things one feels absolutely -certain about are never true. That is the fatality of faith, and the -lesson of romance. How grave you are! Don't be so serious. What have -you or I to do with the superstitions of our age? No: we have given -up our belief in the soul. Play me something. Play me a nocturne, -Dorian, and, as you play, tell me, in a low voice, how you have kept -your youth. You must have some secret. I am only ten years older than -you are, and I am wrinkled, and worn, and yellow. You are really -wonderful, Dorian. You have never looked more charming than you do -to-night. You remind me of the day I saw you first. You were rather -cheeky, very shy, and absolutely extraordinary. You have changed, of -course, but not in appearance. I wish you would tell me your secret. -To get back my youth I would do anything in the world, except take -exercise, get up early, or be respectable. Youth! There is nothing -like it. It's absurd to talk of the ignorance of youth. The only -people to whose opinions I listen now with any respect are people much -younger than myself. They seem in front of me. Life has revealed to -them her latest wonder. As for the aged, I always contradict the aged. -I do it on principle. If you ask them their opinion on something that -happened yesterday, they solemnly give you the opinions current in -1820, when people wore high stocks, believed in everything, and knew -absolutely nothing. How lovely that thing you are playing is! I -wonder, did Chopin write it at Majorca, with the sea weeping round the -villa and the salt spray dashing against the panes? It is marvellously -romantic. What a blessing it is that there is one art left to us that -is not imitative! Don't stop. I want music to-night. It seems to me -that you are the young Apollo and that I am Marsyas listening to you. -I have sorrows, Dorian, of my own, that even you know nothing of. The -tragedy of old age is not that one is old, but that one is young. I am -amazed sometimes at my own sincerity. Ah, Dorian, how happy you are! -What an exquisite life you have had! You have drunk deeply of -everything. You have crushed the grapes against your palate. Nothing -has been hidden from you. And it has all been to you no more than the -sound of music. It has not marred you. You are still the same." - -"I am not the same, Harry." - -"Yes, you are the same. I wonder what the rest of your life will be. -Don't spoil it by renunciations. At present you are a perfect type. -Don't make yourself incomplete. You are quite flawless now. You need -not shake your head: you know you are. Besides, Dorian, don't deceive -yourself. Life is not governed by will or intention. Life is a -question of nerves, and fibres, and slowly built-up cells in which -thought hides itself and passion has its dreams. You may fancy -yourself safe and think yourself strong. But a chance tone of colour -in a room or a morning sky, a particular perfume that you had once -loved and that brings subtle memories with it, a line from a forgotten -poem that you had come across again, a cadence from a piece of music -that you had ceased to play--I tell you, Dorian, that it is on things -like these that our lives depend. Browning writes about that -somewhere; but our own senses will imagine them for us. There are -moments when the odour of _lilas blanc_ passes suddenly across me, and I -have to live the strangest month of my life over again. I wish I could -change places with you, Dorian. The world has cried out against us -both, but it has always worshipped you. It always will worship you. -You are the type of what the age is searching for, and what it is -afraid it has found. I am so glad that you have never done anything, -never carved a statue, or painted a picture, or produced anything -outside of yourself! Life has been your art. You have set yourself to -music. Your days are your sonnets." - -Dorian rose up from the piano and passed his hand through his hair. -"Yes, life has been exquisite," he murmured, "but I am not going to -have the same life, Harry. And you must not say these extravagant -things to me. You don't know everything about me. I think that if you -did, even you would turn from me. You laugh. Don't laugh." - -"Why have you stopped playing, Dorian? Go back and give me the -nocturne over again. Look at that great, honey-coloured moon that -hangs in the dusky air. She is waiting for you to charm her, and if -you play she will come closer to the earth. You won't? Let us go to -the club, then. It has been a charming evening, and we must end it -charmingly. There is some one at White's who wants immensely to know -you--young Lord Poole, Bournemouth's eldest son. He has already copied -your neckties, and has begged me to introduce him to you. He is quite -delightful and rather reminds me of you." - -"I hope not," said Dorian with a sad look in his eyes. "But I am tired -to-night, Harry. I shan't go to the club. It is nearly eleven, and I -want to go to bed early." - -"Do stay. You have never played so well as to-night. There was -something in your touch that was wonderful. It had more expression -than I had ever heard from it before." - -"It is because I am going to be good," he answered, smiling. "I am a -little changed already." - -"You cannot change to me, Dorian," said Lord Henry. "You and I will -always be friends." - -"Yet you poisoned me with a book once. I should not forgive that. -Harry, promise me that you will never lend that book to any one. It -does harm." - -"My dear boy, you are really beginning to moralize. You will soon be -going about like the converted, and the revivalist, warning people -against all the sins of which you have grown tired. You are much too -delightful to do that. Besides, it is no use. You and I are what we -are, and will be what we will be. As for being poisoned by a book, -there is no such thing as that. Art has no influence upon action. It -annihilates the desire to act. It is superbly sterile. The books that -the world calls immoral are books that show the world its own shame. -That is all. But we won't discuss literature. Come round to-morrow. I -am going to ride at eleven. We might go together, and I will take you -to lunch afterwards with Lady Branksome. She is a charming woman, and -wants to consult you about some tapestries she is thinking of buying. -Mind you come. Or shall we lunch with our little duchess? She says -she never sees you now. Perhaps you are tired of Gladys? I thought -you would be. Her clever tongue gets on one's nerves. Well, in any -case, be here at eleven." - -"Must I really come, Harry?" - -"Certainly. The park is quite lovely now. I don't think there have -been such lilacs since the year I met you." - -"Very well. I shall be here at eleven," said Dorian. "Good night, -Harry." As he reached the door, he hesitated for a moment, as if he -had something more to say. Then he sighed and went out. - - - -CHAPTER 20 - -It was a lovely night, so warm that he threw his coat over his arm and -did not even put his silk scarf round his throat. As he strolled home, -smoking his cigarette, two young men in evening dress passed him. He -heard one of them whisper to the other, "That is Dorian Gray." He -remembered how pleased he used to be when he was pointed out, or stared -at, or talked about. He was tired of hearing his own name now. Half -the charm of the little village where he had been so often lately was -that no one knew who he was. He had often told the girl whom he had -lured to love him that he was poor, and she had believed him. He had -told her once that he was wicked, and she had laughed at him and -answered that wicked people were always very old and very ugly. What a -laugh she had!--just like a thrush singing. And how pretty she had -been in her cotton dresses and her large hats! She knew nothing, but -she had everything that he had lost. - -When he reached home, he found his servant waiting up for him. He sent -him to bed, and threw himself down on the sofa in the library, and -began to think over some of the things that Lord Henry had said to him. - -Was it really true that one could never change? He felt a wild longing -for the unstained purity of his boyhood--his rose-white boyhood, as -Lord Henry had once called it. He knew that he had tarnished himself, -filled his mind with corruption and given horror to his fancy; that he -had been an evil influence to others, and had experienced a terrible -joy in being so; and that of the lives that had crossed his own, it had -been the fairest and the most full of promise that he had brought to -shame. But was it all irretrievable? Was there no hope for him? - -Ah! in what a monstrous moment of pride and passion he had prayed that -the portrait should bear the burden of his days, and he keep the -unsullied splendour of eternal youth! All his failure had been due to -that. Better for him that each sin of his life had brought its sure -swift penalty along with it. There was purification in punishment. -Not "Forgive us our sins" but "Smite us for our iniquities" should be -the prayer of man to a most just God. - -The curiously carved mirror that Lord Henry had given to him, so many -years ago now, was standing on the table, and the white-limbed Cupids -laughed round it as of old. He took it up, as he had done on that -night of horror when he had first noted the change in the fatal -picture, and with wild, tear-dimmed eyes looked into its polished -shield. Once, some one who had terribly loved him had written to him a -mad letter, ending with these idolatrous words: "The world is changed -because you are made of ivory and gold. The curves of your lips -rewrite history." The phrases came back to his memory, and he repeated -them over and over to himself. Then he loathed his own beauty, and -flinging the mirror on the floor, crushed it into silver splinters -beneath his heel. It was his beauty that had ruined him, his beauty -and the youth that he had prayed for. But for those two things, his -life might have been free from stain. His beauty had been to him but a -mask, his youth but a mockery. What was youth at best? A green, an -unripe time, a time of shallow moods, and sickly thoughts. Why had he -worn its livery? Youth had spoiled him. - -It was better not to think of the past. Nothing could alter that. It -was of himself, and of his own future, that he had to think. James -Vane was hidden in a nameless grave in Selby churchyard. Alan Campbell -had shot himself one night in his laboratory, but had not revealed the -secret that he had been forced to know. The excitement, such as it -was, over Basil Hallward's disappearance would soon pass away. It was -already waning. He was perfectly safe there. Nor, indeed, was it the -death of Basil Hallward that weighed most upon his mind. It was the -living death of his own soul that troubled him. Basil had painted the -portrait that had marred his life. He could not forgive him that. It -was the portrait that had done everything. Basil had said things to -him that were unbearable, and that he had yet borne with patience. The -murder had been simply the madness of a moment. As for Alan Campbell, -his suicide had been his own act. He had chosen to do it. It was -nothing to him. - -A new life! That was what he wanted. That was what he was waiting -for. Surely he had begun it already. He had spared one innocent -thing, at any rate. He would never again tempt innocence. He would be -good. - -As he thought of Hetty Merton, he began to wonder if the portrait in -the locked room had changed. Surely it was not still so horrible as it -had been? Perhaps if his life became pure, he would be able to expel -every sign of evil passion from the face. Perhaps the signs of evil -had already gone away. He would go and look. - -He took the lamp from the table and crept upstairs. As he unbarred the -door, a smile of joy flitted across his strangely young-looking face -and lingered for a moment about his lips. Yes, he would be good, and -the hideous thing that he had hidden away would no longer be a terror -to him. He felt as if the load had been lifted from him already. - -He went in quietly, locking the door behind him, as was his custom, and -dragged the purple hanging from the portrait. A cry of pain and -indignation broke from him. He could see no change, save that in the -eyes there was a look of cunning and in the mouth the curved wrinkle of -the hypocrite. The thing was still loathsome--more loathsome, if -possible, than before--and the scarlet dew that spotted the hand seemed -brighter, and more like blood newly spilled. Then he trembled. Had it -been merely vanity that had made him do his one good deed? Or the -desire for a new sensation, as Lord Henry had hinted, with his mocking -laugh? Or that passion to act a part that sometimes makes us do things -finer than we are ourselves? Or, perhaps, all these? And why was the -red stain larger than it had been? It seemed to have crept like a -horrible disease over the wrinkled fingers. There was blood on the -painted feet, as though the thing had dripped--blood even on the hand -that had not held the knife. Confess? Did it mean that he was to -confess? To give himself up and be put to death? He laughed. He felt -that the idea was monstrous. Besides, even if he did confess, who -would believe him? There was no trace of the murdered man anywhere. -Everything belonging to him had been destroyed. He himself had burned -what had been below-stairs. The world would simply say that he was mad. -They would shut him up if he persisted in his story.... Yet it was -his duty to confess, to suffer public shame, and to make public -atonement. There was a God who called upon men to tell their sins to -earth as well as to heaven. Nothing that he could do would cleanse him -till he had told his own sin. His sin? He shrugged his shoulders. -The death of Basil Hallward seemed very little to him. He was thinking -of Hetty Merton. For it was an unjust mirror, this mirror of his soul -that he was looking at. Vanity? Curiosity? Hypocrisy? Had there -been nothing more in his renunciation than that? There had been -something more. At least he thought so. But who could tell? ... No. -There had been nothing more. Through vanity he had spared her. In -hypocrisy he had worn the mask of goodness. For curiosity's sake he -had tried the denial of self. He recognized that now. - -But this murder--was it to dog him all his life? Was he always to be -burdened by his past? Was he really to confess? Never. There was -only one bit of evidence left against him. The picture itself--that -was evidence. He would destroy it. Why had he kept it so long? Once -it had given him pleasure to watch it changing and growing old. Of -late he had felt no such pleasure. It had kept him awake at night. -When he had been away, he had been filled with terror lest other eyes -should look upon it. It had brought melancholy across his passions. -Its mere memory had marred many moments of joy. It had been like -conscience to him. Yes, it had been conscience. He would destroy it. - -He looked round and saw the knife that had stabbed Basil Hallward. He -had cleaned it many times, till there was no stain left upon it. It -was bright, and glistened. As it had killed the painter, so it would -kill the painter's work, and all that that meant. It would kill the -past, and when that was dead, he would be free. It would kill this -monstrous soul-life, and without its hideous warnings, he would be at -peace. He seized the thing, and stabbed the picture with it. - -There was a cry heard, and a crash. The cry was so horrible in its -agony that the frightened servants woke and crept out of their rooms. -Two gentlemen, who were passing in the square below, stopped and looked -up at the great house. They walked on till they met a policeman and -brought him back. The man rang the bell several times, but there was -no answer. Except for a light in one of the top windows, the house was -all dark. After a time, he went away and stood in an adjoining portico -and watched. - -"Whose house is that, Constable?" asked the elder of the two gentlemen. - -"Mr. Dorian Gray's, sir," answered the policeman. - -They looked at each other, as they walked away, and sneered. One of -them was Sir Henry Ashton's uncle. - -Inside, in the servants' part of the house, the half-clad domestics -were talking in low whispers to each other. Old Mrs. Leaf was crying -and wringing her hands. Francis was as pale as death. - -After about a quarter of an hour, he got the coachman and one of the -footmen and crept upstairs. They knocked, but there was no reply. -They called out. Everything was still. Finally, after vainly trying -to force the door, they got on the roof and dropped down on to the -balcony. The windows yielded easily--their bolts were old. - -When they entered, they found hanging upon the wall a splendid portrait -of their master as they had last seen him, in all the wonder of his -exquisite youth and beauty. Lying on the floor was a dead man, in -evening dress, with a knife in his heart. He was withered, wrinkled, -and loathsome of visage. It was not till they had examined the rings -that they recognized who it was. - - - - - - - - - -End of Project Gutenberg's The Picture of Dorian Gray, by Oscar Wilde - -*** END OF THIS PROJECT GUTENBERG EBOOK THE PICTURE OF DORIAN GRAY *** - -***** This file should be named 174.txt or 174.zip ***** -This and all associated files of various formats will be found in: - http://www.gutenberg.org/1/7/174/ - -Produced by Judith Boss. HTML version by Al Haines. - -Updated editions will replace the previous one--the old editions -will be renamed. - -Creating the works from public domain print editions means that no -one owns a United States copyright in these works, so the Foundation -(and you!) can copy and distribute it in the United States without -permission and without paying copyright royalties. Special rules, -set forth in the General Terms of Use part of this license, apply to -copying and distributing Project Gutenberg-tm electronic works to -protect the PROJECT GUTENBERG-tm concept and trademark. Project -Gutenberg is a registered trademark, and may not be used if you -charge for the eBooks, unless you receive specific permission. If you -do not charge anything for copies of this eBook, complying with the -rules is very easy. You may use this eBook for nearly any purpose -such as creation of derivative works, reports, performances and -research. They may be modified and printed and given away--you may do -practically ANYTHING with public domain eBooks. Redistribution is -subject to the trademark license, especially commercial -redistribution. - - - -*** START: FULL LICENSE *** - -THE FULL PROJECT GUTENBERG LICENSE -PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK - -To protect the Project Gutenberg-tm mission of promoting the free -distribution of electronic works, by using or distributing this work -(or any other work associated in any way with the phrase "Project -Gutenberg"), you agree to comply with all the terms of the Full Project -Gutenberg-tm License (available with this file or online at -http://gutenberg.net/license). - - -Section 1. General Terms of Use and Redistributing Project Gutenberg-tm -electronic works - -1.A. By reading or using any part of this Project Gutenberg-tm -electronic work, you indicate that you have read, understand, agree to -and accept all the terms of this license and intellectual property -(trademark/copyright) agreement. If you do not agree to abide by all -the terms of this agreement, you must cease using and return or destroy -all copies of Project Gutenberg-tm electronic works in your possession. -If you paid a fee for obtaining a copy of or access to a Project -Gutenberg-tm electronic work and you do not agree to be bound by the -terms of this agreement, you may obtain a refund from the person or -entity to whom you paid the fee as set forth in paragraph 1.E.8. - -1.B. "Project Gutenberg" is a registered trademark. It may only be -used on or associated in any way with an electronic work by people who -agree to be bound by the terms of this agreement. There are a few -things that you can do with most Project Gutenberg-tm electronic works -even without complying with the full terms of this agreement. See -paragraph 1.C below. There are a lot of things you can do with Project -Gutenberg-tm electronic works if you follow the terms of this agreement -and help preserve free future access to Project Gutenberg-tm electronic -works. See paragraph 1.E below. - -1.C. The Project Gutenberg Literary Archive Foundation ("the Foundation" -or PGLAF), owns a compilation copyright in the collection of Project -Gutenberg-tm electronic works. Nearly all the individual works in the -collection are in the public domain in the United States. If an -individual work is in the public domain in the United States and you are -located in the United States, we do not claim a right to prevent you from -copying, distributing, performing, displaying or creating derivative -works based on the work as long as all references to Project Gutenberg -are removed. Of course, we hope that you will support the Project -Gutenberg-tm mission of promoting free access to electronic works by -freely sharing Project Gutenberg-tm works in compliance with the terms of -this agreement for keeping the Project Gutenberg-tm name associated with -the work. You can easily comply with the terms of this agreement by -keeping this work in the same format with its attached full Project -Gutenberg-tm License when you share it without charge with others. - -1.D. The copyright laws of the place where you are located also govern -what you can do with this work. Copyright laws in most countries are in -a constant state of change. If you are outside the United States, check -the laws of your country in addition to the terms of this agreement -before downloading, copying, displaying, performing, distributing or -creating derivative works based on this work or any other Project -Gutenberg-tm work. The Foundation makes no representations concerning -the copyright status of any work in any country outside the United -States. - -1.E. Unless you have removed all references to Project Gutenberg: - -1.E.1. The following sentence, with active links to, or other immediate -access to, the full Project Gutenberg-tm License must appear prominently -whenever any copy of a Project Gutenberg-tm work (any work on which the -phrase "Project Gutenberg" appears, or with which the phrase "Project -Gutenberg" is associated) is accessed, displayed, performed, viewed, -copied or distributed: - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.net - -1.E.2. If an individual Project Gutenberg-tm electronic work is derived -from the public domain (does not contain a notice indicating that it is -posted with permission of the copyright holder), the work can be copied -and distributed to anyone in the United States without paying any fees -or charges. If you are redistributing or providing access to a work -with the phrase "Project Gutenberg" associated with or appearing on the -work, you must comply either with the requirements of paragraphs 1.E.1 -through 1.E.7 or obtain permission for the use of the work and the -Project Gutenberg-tm trademark as set forth in paragraphs 1.E.8 or -1.E.9. - -1.E.3. If an individual Project Gutenberg-tm electronic work is posted -with the permission of the copyright holder, your use and distribution -must comply with both paragraphs 1.E.1 through 1.E.7 and any additional -terms imposed by the copyright holder. Additional terms will be linked -to the Project Gutenberg-tm License for all works posted with the -permission of the copyright holder found at the beginning of this work. - -1.E.4. Do not unlink or detach or remove the full Project Gutenberg-tm -License terms from this work, or any files containing a part of this -work or any other work associated with Project Gutenberg-tm. - -1.E.5. Do not copy, display, perform, distribute or redistribute this -electronic work, or any part of this electronic work, without -prominently displaying the sentence set forth in paragraph 1.E.1 with -active links or immediate access to the full terms of the Project -Gutenberg-tm License. - -1.E.6. You may convert to and distribute this work in any binary, -compressed, marked up, nonproprietary or proprietary form, including any -word processing or hypertext form. However, if you provide access to or -distribute copies of a Project Gutenberg-tm work in a format other than -"Plain Vanilla ASCII" or other format used in the official version -posted on the official Project Gutenberg-tm web site (www.gutenberg.net), -you must, at no additional cost, fee or expense to the user, provide a -copy, a means of exporting a copy, or a means of obtaining a copy upon -request, of the work in its original "Plain Vanilla ASCII" or other -form. Any alternate format must include the full Project Gutenberg-tm -License as specified in paragraph 1.E.1. - -1.E.7. Do not charge a fee for access to, viewing, displaying, -performing, copying or distributing any Project Gutenberg-tm works -unless you comply with paragraph 1.E.8 or 1.E.9. - -1.E.8. You may charge a reasonable fee for copies of or providing -access to or distributing Project Gutenberg-tm electronic works provided -that - -- You pay a royalty fee of 20% of the gross profits you derive from - the use of Project Gutenberg-tm works calculated using the method - you already use to calculate your applicable taxes. The fee is - owed to the owner of the Project Gutenberg-tm trademark, but he - has agreed to donate royalties under this paragraph to the - Project Gutenberg Literary Archive Foundation. Royalty payments - must be paid within 60 days following each date on which you - prepare (or are legally required to prepare) your periodic tax - returns. Royalty payments should be clearly marked as such and - sent to the Project Gutenberg Literary Archive Foundation at the - address specified in Section 4, "Information about donations to - the Project Gutenberg Literary Archive Foundation." - -- You provide a full refund of any money paid by a user who notifies - you in writing (or by e-mail) within 30 days of receipt that s/he - does not agree to the terms of the full Project Gutenberg-tm - License. You must require such a user to return or - destroy all copies of the works possessed in a physical medium - and discontinue all use of and all access to other copies of - Project Gutenberg-tm works. - -- You provide, in accordance with paragraph 1.F.3, a full refund of any - money paid for a work or a replacement copy, if a defect in the - electronic work is discovered and reported to you within 90 days - of receipt of the work. - -- You comply with all other terms of this agreement for free - distribution of Project Gutenberg-tm works. - -1.E.9. If you wish to charge a fee or distribute a Project Gutenberg-tm -electronic work or group of works on different terms than are set -forth in this agreement, you must obtain permission in writing from -both the Project Gutenberg Literary Archive Foundation and Michael -Hart, the owner of the Project Gutenberg-tm trademark. Contact the -Foundation as set forth in Section 3 below. - -1.F. - -1.F.1. Project Gutenberg volunteers and employees expend considerable -effort to identify, do copyright research on, transcribe and proofread -public domain works in creating the Project Gutenberg-tm -collection. Despite these efforts, Project Gutenberg-tm electronic -works, and the medium on which they may be stored, may contain -"Defects," such as, but not limited to, incomplete, inaccurate or -corrupt data, transcription errors, a copyright or other intellectual -property infringement, a defective or damaged disk or other medium, a -computer virus, or computer codes that damage or cannot be read by -your equipment. - -1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the "Right -of Replacement or Refund" described in paragraph 1.F.3, the Project -Gutenberg Literary Archive Foundation, the owner of the Project -Gutenberg-tm trademark, and any other party distributing a Project -Gutenberg-tm electronic work under this agreement, disclaim all -liability to you for damages, costs and expenses, including legal -fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT -LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE -PROVIDED IN PARAGRAPH F3. YOU AGREE THAT THE FOUNDATION, THE -TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE -LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR -INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH -DAMAGE. - -1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a -defect in this electronic work within 90 days of receiving it, you can -receive a refund of the money (if any) you paid for it by sending a -written explanation to the person you received the work from. If you -received the work on a physical medium, you must return the medium with -your written explanation. The person or entity that provided you with -the defective work may elect to provide a replacement copy in lieu of a -refund. If you received the work electronically, the person or entity -providing it to you may choose to give you a second opportunity to -receive the work electronically in lieu of a refund. If the second copy -is also defective, you may demand a refund in writing without further -opportunities to fix the problem. - -1.F.4. Except for the limited right of replacement or refund set forth -in paragraph 1.F.3, this work is provided to you 'AS-IS' WITH NO OTHER -WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR ANY PURPOSE. - -1.F.5. Some states do not allow disclaimers of certain implied -warranties or the exclusion or limitation of certain types of damages. -If any disclaimer or limitation set forth in this agreement violates the -law of the state applicable to this agreement, the agreement shall be -interpreted to make the maximum disclaimer or limitation permitted by -the applicable state law. The invalidity or unenforceability of any -provision of this agreement shall not void the remaining provisions. - -1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the -trademark owner, any agent or employee of the Foundation, anyone -providing copies of Project Gutenberg-tm electronic works in accordance -with this agreement, and any volunteers associated with the production, -promotion and distribution of Project Gutenberg-tm electronic works, -harmless from all liability, costs and expenses, including legal fees, -that arise directly or indirectly from any of the following which you do -or cause to occur: (a) distribution of this or any Project Gutenberg-tm -work, (b) alteration, modification, or additions or deletions to any -Project Gutenberg-tm work, and (c) any Defect you cause. - - -Section 2. Information about the Mission of Project Gutenberg-tm - -Project Gutenberg-tm is synonymous with the free distribution of -electronic works in formats readable by the widest variety of computers -including obsolete, old, middle-aged and new computers. It exists -because of the efforts of hundreds of volunteers and donations from -people in all walks of life. - -Volunteers and financial support to provide volunteers with the -assistance they need, is critical to reaching Project Gutenberg-tm's -goals and ensuring that the Project Gutenberg-tm collection will -remain freely available for generations to come. In 2001, the Project -Gutenberg Literary Archive Foundation was created to provide a secure -and permanent future for Project Gutenberg-tm and future generations. -To learn more about the Project Gutenberg Literary Archive Foundation -and how your efforts and donations can help, see Sections 3 and 4 -and the Foundation web page at http://www.pglaf.org. - - -Section 3. Information about the Project Gutenberg Literary Archive -Foundation - -The Project Gutenberg Literary Archive Foundation is a non profit -501(c)(3) educational corporation organized under the laws of the -state of Mississippi and granted tax exempt status by the Internal -Revenue Service. The Foundation's EIN or federal tax identification -number is 64-6221541. Its 501(c)(3) letter is posted at -http://pglaf.org/fundraising. Contributions to the Project Gutenberg -Literary Archive Foundation are tax deductible to the full extent -permitted by U.S. federal laws and your state's laws. - -The Foundation's principal office is located at 4557 Melan Dr. S. -Fairbanks, AK, 99712., but its volunteers and employees are scattered -throughout numerous locations. Its business office is located at -809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887, email -business@pglaf.org. Email contact links and up to date contact -information can be found at the Foundation's web site and official -page at http://pglaf.org - -For additional contact information: - Dr. Gregory B. Newby - Chief Executive and Director - gbnewby@pglaf.org - - -Section 4. Information about Donations to the Project Gutenberg -Literary Archive Foundation - -Project Gutenberg-tm depends upon and cannot survive without wide -spread public support and donations to carry out its mission of -increasing the number of public domain and licensed works that can be -freely distributed in machine readable form accessible by the widest -array of equipment including outdated equipment. Many small donations -($1 to $5,000) are particularly important to maintaining tax exempt -status with the IRS. - -The Foundation is committed to complying with the laws regulating -charities and charitable donations in all 50 states of the United -States. Compliance requirements are not uniform and it takes a -considerable effort, much paperwork and many fees to meet and keep up -with these requirements. We do not solicit donations in locations -where we have not received written confirmation of compliance. To -SEND DONATIONS or determine the status of compliance for any -particular state visit http://pglaf.org - -While we cannot and do not solicit contributions from states where we -have not met the solicitation requirements, we know of no prohibition -against accepting unsolicited donations from donors in such states who -approach us with offers to donate. - -International donations are gratefully accepted, but we cannot make -any statements concerning tax treatment of donations received from -outside the United States. U.S. laws alone swamp our small staff. - -Please check the Project Gutenberg Web pages for current donation -methods and addresses. Donations are accepted in a number of other -ways including including checks, online payments and credit card -donations. To donate, please visit: http://pglaf.org/donate - - -Section 5. General Information About Project Gutenberg-tm electronic -works. - -Professor Michael S. Hart is the originator of the Project Gutenberg-tm -concept of a library of electronic works that could be freely shared -with anyone. For thirty years, he produced and distributed Project -Gutenberg-tm eBooks with only a loose network of volunteer support. - - -Project Gutenberg-tm eBooks are often created from several printed -editions, all of which are confirmed as Public Domain in the U.S. -unless a copyright notice is included. Thus, we do not necessarily -keep eBooks in compliance with any particular paper edition. - - -Most people start at our Web site which has the main PG search facility: - - http://www.gutenberg.net - -This Web site includes information about Project Gutenberg-tm, -including how to make donations to the Project Gutenberg Literary -Archive Foundation, how to help produce our new eBooks, and how to -subscribe to our email newsletter to hear about new eBooks. diff --git a/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt b/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt deleted file mode 100644 index 4e97252..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt +++ /dev/null @@ -1,80 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-gencrypto) -set(SRCS main.c lws-genaes.c lws-genec.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_GENCRYPTO 1 requirements) -require_lws_config(LWS_WITH_JOSE 1 requirements) - - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() - diff --git a/minimal-examples/api-tests/api-test-gencrypto/README.md b/minimal-examples/api-tests/api-test-gencrypto/README.md deleted file mode 100644 index ab8ff0b..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# lws api test gencrypto - -Demonstrates how to use and performs selftests for Generic Crypto, -which works the same whether the tls backend is OpenSSL or mbedTLS - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -``` - $ ./lws-api-test-gencrypto -[2018/12/05 08:30:27:1342] USER: LWS gencrypto apis tests -[2018/12/05 08:30:27:1343] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2018/12/05 08:30:27:1343] NOTICE: created client ssl context for default -[2018/12/05 08:30:27:1344] NOTICE: test_genaes: selftest OK -[2018/12/05 08:30:27:1344] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-gencrypto/lws-genaes.c b/minimal-examples/api-tests/api-test-gencrypto/lws-genaes.c deleted file mode 100644 index 9063647..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/lws-genaes.c +++ /dev/null @@ -1,801 +0,0 @@ -/* - * lws-api-test-gencrypto - lws-genaes - * - * Written in 2010-2018 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -static const uint8_t - /* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes256 \ - * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \ - * -iv "0123456789abcdeffedcba9876543210" - * -in plaintext.txt -out out.enc - * - */ - *cbc256 = (uint8_t *)"test plaintext\0\0", - cbc256_enc[] = { - 0x2b, 0x5d, 0xb2, 0xa8, 0x5a, 0x5a, 0xf4, 0x2e, - 0xf7, 0xf9, 0xc5, 0x3c, 0x73, 0xef, 0x40, 0x88, - }, cbc256_iv[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - }, cbc256_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - } -; - -static int -test_genaes_cbc(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - - /* - * As part of a jwk, these are allocated. But here we just use one as - * a wrapper on a static binary key. - */ - e.buf = (uint8_t *)cbc256_key; - e.len = sizeof(cbc256_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CBC, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, cbc256, 16, res, (uint8_t *)cbc256_iv, - NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(cbc256_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CBC, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cbc256_iv, - NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__); - lwsl_hexdump_notice(res1, 16); - return -1; - } - - if (lws_timingsafe_bcmp(cbc256, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -static const uint8_t -/* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes-128-cfb \ - * -K "0123456789abcdeffedcba9876543210" \ - * -iv "0123456789abcdeffedcba9876543210" - * -in plaintext.txt -out out.enc - * - */ -*cfb128 = (uint8_t *)"test plaintext\0\0", -cfb128_enc[] = { - 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04, - 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71 -}, cfb128_iv[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}, cfb128_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}; - -static int -test_genaes_cfb128(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - size_t iv_off = 0; - - e.buf = (uint8_t *)cfb128_key; - e.len = sizeof(cfb128_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB128, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, cfb128, 16, res, (uint8_t *)cfb128_iv, - NULL, &iv_off, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(cfb128_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - iv_off = 0; - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB128, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb128_iv, - NULL, &iv_off, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(cfb128, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res1, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -static const uint8_t -/* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes-128-cfb8 \ - * -K "0123456789abcdeffedcba9876543210" \ - * -iv "0123456789abcdeffedcba9876543210" - * -in plaintext.txt -out out.enc - * - */ -*cfb8 = (uint8_t *)"test plaintext\0\0", -cfb8_enc[] = { - 0xd2, 0x91, 0x06, 0x2d, 0x1b, 0x1e, 0x9b, 0x39, - 0xa6, 0x65, 0x8e, 0xbe, 0x68, 0x32, 0x3d, 0xab -}, cfb8_iv[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}, cfb8_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}; - -static int -test_genaes_cfb8(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - - e.buf = (uint8_t *)cfb8_key; - e.len = sizeof(cfb8_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CFB8, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, cfb8, 16, res, (uint8_t *)cfb8_iv, - NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(cfb8_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CFB8, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)cfb8_iv, - NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(cfb8, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res1, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -static const uint8_t -/* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes-128-ctr \ - * -K "0123456789abcdeffedcba9876543210" \ - * -iv "0123456789abcdeffedcba9876543210" - * -in plaintext.txt -out out.enc - * - */ -*ctr = (uint8_t *)"test plaintext\0\0", -ctr_enc[] = { - 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04, - 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71 -}, ctr_iv[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}, ctr_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}; - -static int -test_genaes_ctr(void) -{ - uint8_t nonce_counter[16], sb[16]; - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - size_t nc_off = 0; - - e.buf = (uint8_t *)ctr_key; - e.len = sizeof(ctr_key); - - memset(sb, 0, sizeof(nonce_counter)); - memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv)); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_CTR, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, ctr, 16, res, nonce_counter, sb, &nc_off, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ctr_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - nc_off = 0; - memset(sb , 0, sizeof(nonce_counter)); - memcpy(nonce_counter, ctr_iv, sizeof(ctr_iv)); - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CTR, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, nonce_counter, sb, &nc_off, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ctr, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res1, 16); - return -1; - } - - lws_explicit_bzero(sb, sizeof(sb)); - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -static const uint8_t -/* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes-128-ecb \ - * -K "0123456789abcdeffedcba9876543210" \ - * -in plaintext.txt -out out.enc - * - */ -*ecb = (uint8_t *)"test plaintext\0\0", -ecb_enc[] = { - 0xf3, 0xe5, 0x6c, 0x80, 0x3a, 0xf1, 0xc4, 0xa0, - 0x7e, 0xdf, 0x86, 0x0f, 0x6d, 0xca, 0x5d, 0x36, - 0x17, 0x22, 0x37, 0x42, 0x47, 0x41, 0x67, 0x7d, - 0x99, 0x25, 0x02, 0x6b, 0x6b, 0x8f, 0x9c, 0x7f -}, ecb_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, -}; - -static int -test_genaes_ecb(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - - /* - * As part of a jwk, these are allocated. But here we just use one as - * a wrapper on a static binary key. - */ - e.buf = (uint8_t *)ecb_key; - e.len = sizeof(ecb_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_ECB, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, ecb, 16, res, NULL, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ecb_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_ECB, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, NULL, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ecb, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -#if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_OFB) -#else - -static const uint8_t - /* - * produced with (plaintext.txt contains "test plaintext\0\0") - * - * openssl enc -aes-128-ofb \ - * -K "0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210" \ - * -iv "0123456789abcdeffedcba9876543210" - * -in plaintext.txt -out out.enc - * - */ - *ofb = (uint8_t *)"test plaintext\0\0", - ofb_enc[] = { - /* !!! ugh... openssl app produces this... */ - // 0xd2, 0x11, 0x86, 0xd7, 0xa9, 0x55, 0x59, 0x04, - // 0x4f, 0x63, 0x7c, 0xb9, 0xc6, 0xa1, 0xc9, 0x71, - /* but both OpenSSL and mbedTLS produce this */ - 0x11, 0x33, 0x6D, 0xFC, 0x88, 0x4C, 0x28, 0xBA, - 0xD0, 0xF2, 0x6C, 0xBC, 0xDE, 0x4A, 0x56, 0x20 - }, ofb_iv[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - }, ofb_key[] = { - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - } -; - -static int -test_genaes_ofb(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32]; - size_t iv_off = 0; - - e.buf = (uint8_t *)ofb_key; - e.len = sizeof(ofb_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_OFB, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, ofb, 16, res, (uint8_t *)ofb_iv, NULL, - &iv_off, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ofb_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - iv_off = 0; - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_OFB, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, (uint8_t *)ofb_iv, NULL, - &iv_off, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(ofb, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -#endif - -#if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_XTS) -#else - -static const uint8_t - /* - * Fedora openssl tool doesn't support xts... this data produced - * by testing on mbedtls + OpenSSL and getting the same result - * - * NOTICE that xts requires a double-length key... OpenSSL now checks - * the key for duplication so we use a random key - */ - *xts = (uint8_t *)"test plaintext\0\0", - xts_enc[] = { - 0x87, 0x83, 0x20, 0x8B, 0x15, 0x89, 0xA1, 0x13, - 0xDC, 0xEA, 0x82, 0xB6, 0xFF, 0x8D, 0x76, 0x3A - }, xts_key[] = { - 0xa4, 0xd6, 0xa2, 0x1a, 0x3b, 0x34, 0x34, 0x43, - 0x9a, 0xe2, 0x6a, 0x01, 0x1c, 0x73, 0x80, 0x3b, - 0xdd, 0xf6, 0xd4, 0x37, 0x5e, 0x0e, 0x1c, 0x72, - 0x8e, 0xe5, 0x18, 0x69, 0xfd, 0x08, 0x40, 0x2b, - 0x98, 0xf9, 0x75, 0xa8, 0x36, 0xd5, 0x0f, 0xa2, - 0x20, 0x04, 0x43, 0xa7, 0x3a, 0xa6, 0x4a, 0xdc, - 0xe9, 0x54, 0x50, 0xfa, 0x38, 0xad, 0x6d, 0x96, - 0x5f, 0x31, 0x9e, 0xcd, 0x33, 0x08, 0xa0, 0x44 - } -; - -static int -test_genaes_xts(void) -{ - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - uint8_t res[32], res1[32], data_unit[16]; - - memset(data_unit, 0, sizeof(data_unit)); - - e.buf = (uint8_t *)xts_key; - e.len = sizeof(xts_key); - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_XTS, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - if (lws_genaes_crypt(&ctx, xts, 16, res, data_unit, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(xts_enc, res, 16)) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_XTS, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create dec failed\n", __func__); - return -1; - } - - if (lws_genaes_crypt(&ctx, res, 16, res1, data_unit, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, NULL, 0)) { - lwsl_err("%s: lws_genaes_destroy failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(xts, res1, 16)) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} -#endif - -static const uint8_t - /* - * https://csrc.nist.gov/CSRC/media/Projects/ - * Cryptographic-Algorithm-Validation-Program/ - * documents/mac/gcmtestvectors.zip - */ - - gcm_ct[] = { - 0xf7, 0x26, 0x44, 0x13, 0xa8, 0x4c, 0x0e, 0x7c, - 0xd5, 0x36, 0x86, 0x7e, 0xb9, 0xf2, 0x17, 0x36 - }, gcm_iv[] = { - 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, - 0xee, 0xd0, 0x66, 0x84 - }, gcm_key[] = { - 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, - 0x1c, 0x04, 0x65, 0x66, 0x5f, 0x8a, 0xe6, 0xd1, - 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, - 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f - }, gcm_pt[] = { - 0xf5, 0x6e, 0x87, 0x05, 0x5b, 0xc3, 0x2d, 0x0e, - 0xeb, 0x31, 0xb2, 0xea, 0xcc, 0x2b, 0xf2, 0xa5 - }, gcm_aad[] = { - 0x4d, 0x23, 0xc3, 0xce, 0xc3, 0x34, 0xb4, 0x9b, - 0xdb, 0x37, 0x0c, 0x43, 0x7f, 0xec, 0x78, 0xde - }, gcm_tag[] = { - 0x67, 0xba, 0x05, 0x10, 0x26, 0x2a, 0xe4, 0x87, - 0xd7, 0x37, 0xee, 0x62, 0x98, 0xf7, 0x7e, 0x0c - }; - -static int -test_genaes_gcm(void) -{ - uint8_t res[sizeof(gcm_ct)], tag[sizeof(gcm_tag)]; - struct lws_genaes_ctx ctx; - struct lws_gencrypto_keyelem e; - size_t iv_off = 0; - - e.buf = (uint8_t *)gcm_key; - e.len = sizeof(gcm_key); - - /* Encrypt */ - - if (lws_genaes_create(&ctx, LWS_GAESO_ENC, LWS_GAESM_GCM, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - /* first we set the iv and aad */ - - iv_off = sizeof(gcm_iv); - if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL, - (uint8_t *)gcm_iv, (uint8_t *)gcm_tag, - &iv_off, sizeof(gcm_tag))) { - lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__); - goto bail; - } - - if (lws_genaes_crypt(&ctx, gcm_pt, sizeof(gcm_pt), res, - NULL, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) { - lwsl_err("%s: lws_genaes_destroy enc failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(gcm_ct, res, sizeof(gcm_ct))) { - lwsl_err("%s: lws_genaes_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, sizeof(gcm_ct)); - return -1; - } - - - /* Decrypt */ - - if (lws_genaes_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_GCM, &e, 0, NULL)) { - lwsl_err("%s: lws_genaes_create failed\n", __func__); - return 1; - } - - iv_off = sizeof(gcm_iv); /* initial call sets iv + aad + tag */ - if (lws_genaes_crypt(&ctx, gcm_aad, sizeof(gcm_aad), NULL, - (uint8_t *)gcm_iv, (uint8_t *)gcm_tag, - &iv_off, sizeof(gcm_tag))) { - lwsl_err("%s: lws_genaes_crypt 1 failed\n", __func__); - goto bail; - } - - if (lws_genaes_crypt(&ctx, gcm_ct, sizeof(gcm_ct), res, - NULL, NULL, NULL, 0)) { - lwsl_err("%s: lws_genaes_crypt 2 failed\n", __func__); - goto bail; - } - - if (lws_genaes_destroy(&ctx, tag, sizeof(tag))) { - lwsl_err("%s: lws_genaes_destroy dec failed\n", __func__); - return -1; - } - - if (lws_timingsafe_bcmp(gcm_pt, res, sizeof(gcm_pt))) { - lwsl_err("%s: lws_genaes_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, sizeof(gcm_ct)); - return -1; - } - - return 0; - -bail: - lws_genaes_destroy(&ctx, NULL, 0); - - return -1; -} - -int -test_genaes(struct lws_context *context) -{ - - if (test_genaes_cbc()) - goto bail; - - if (test_genaes_cfb128()) - goto bail; - - if (test_genaes_cfb8()) - goto bail; - - if (test_genaes_ctr()) - goto bail; - - if (test_genaes_ecb()) - goto bail; - -#if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_OFB) -#else - if (test_genaes_ofb()) - goto bail; -#endif - -#if defined(MBEDTLS_CONFIG_H) && !defined(MBEDTLS_CIPHER_MODE_XTS) -#else - if (test_genaes_xts()) - goto bail; -#endif - - if (test_genaes_gcm()) - goto bail; - - /* end */ - - lwsl_notice("%s: selftest OK\n", __func__); - - return 0; - -bail: - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - - return 1; -} diff --git a/minimal-examples/api-tests/api-test-gencrypto/lws-genec.c b/minimal-examples/api-tests/api-test-gencrypto/lws-genec.c deleted file mode 100644 index 57ab78b..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/lws-genec.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * lws-api-test-gencrypto - lws-genec - * - * Written in 2010-2018 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -static const uint8_t - *jwk_ec1 = (uint8_t *) - "{\"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\"," - "\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\"," - "\"d\":\"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE\"," - "\"use\":\"enc\"," - "\"kid\":\"rfc7517-A.2-example private key\"}" -; - -static int -test_genec1(struct lws_context *context) -{ - struct lws_genec_ctx ctx; - struct lws_jwk jwk; - struct lws_gencrypto_keyelem el[LWS_GENCRYPTO_EC_KEYEL_COUNT]; - //uint8_t res[32], res1[32]; - int n; - - memset(el, 0, sizeof(el)); - - if (lws_genecdh_create(&ctx, context, NULL)) - return 1; - - /* let's create a new key */ - - if (lws_genecdh_new_keypair(&ctx, LDHS_OURS, "P-256", el)) { - lwsl_err("%s: lws_genec_new_keypair failed\n", __func__); - return 1; - } - - lws_genec_dump(el); - lws_genec_destroy_elements(el); - - lws_genec_destroy(&ctx); - - if (lws_jwk_import(&jwk, NULL, NULL, (char *)jwk_ec1, - strlen((char *)jwk_ec1)) < 0) { - lwsl_notice("Failed to decode JWK test key\n"); - return 1; - } - - lws_jwk_dump(&jwk); - - if (jwk.kty != LWS_GENCRYPTO_KTY_EC) { - lws_jwk_destroy(&jwk); - lwsl_err("%s: jwk is not an EC key\n", __func__); - return 1; - } - - if (lws_genecdh_create(&ctx, context, NULL)) - return 1; - - n = lws_genecdh_set_key(&ctx, jwk.e, LDHS_OURS); - if (n) { - lws_jwk_destroy(&jwk); - lwsl_err("%s: lws_genec_create failed: %d\n", __func__, n); - return 1; - } -#if 0 - if (lws_genec_crypt(&ctx, cbc256, 16, res, (uint8_t *)cbc256_iv, - NULL, NULL)) { - lwsl_err("%s: lws_genec_crypt failed\n", __func__); - goto bail; - } - - if (lws_timingsafe_bcmp(cbc256_enc, res, 16)) { - lwsl_err("%s: lws_genec_crypt encoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - goto bail; - } - - lws_genec_destroy(&ctx); - - if (lws_genec_create(&ctx, LWS_GAESO_DEC, LWS_GAESM_CBC, &e, NULL)) { - lwsl_err("%s: lws_genec_create dec failed\n", __func__); - return -1; - } - - if (lws_genec_crypt(&ctx, res, 16, res1, (uint8_t *)cbc256_iv, - NULL, NULL)) { - lwsl_err("%s: lws_genec_crypt dec failed\n", __func__); - goto bail; - } - - if (lws_timingsafe_bcmp(cbc256, res1, 16)) { - lwsl_err("%s: lws_genec_crypt decoding mismatch\n", __func__); - lwsl_hexdump_notice(res, 16); - goto bail; - } -#endif - lws_genec_destroy(&ctx); - - lws_jwk_destroy(&jwk); - - return 0; - -//bail: -// lws_genec_destroy(&ctx); - -// return -1; -} - -int -test_genec(struct lws_context *context) -{ - if (test_genec1(context)) - goto bail; - - /* end */ - - lwsl_notice("%s: selftest OK\n", __func__); - - return 0; - -bail: - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - - return 1; -} diff --git a/minimal-examples/api-tests/api-test-gencrypto/main.c b/minimal-examples/api-tests/api-test-gencrypto/main.c deleted file mode 100644 index 31137b0..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/main.c +++ /dev/null @@ -1,48 +0,0 @@ -/* - * lws-api-test-gencrypto - * - * Written in 2010-2018 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -int -test_genaes(struct lws_context *context); -int -test_genec(struct lws_context *context); - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int result = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS gencrypto apis tests\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - result |= test_genaes(context); - result |= test_genec(context); - - lwsl_user("Completed: %s\n", result ? "FAIL" : "PASS"); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/api-tests/api-test-gencrypto/selftest.sh b/minimal-examples/api-tests/api-test-gencrypto/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-gencrypto/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-jose/CMakeLists.txt b/minimal-examples/api-tests/api-test-jose/CMakeLists.txt deleted file mode 100644 index 64e8bde..0000000 --- a/minimal-examples/api-tests/api-test-jose/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-jose) -set(SRCS main.c jwk.c jws.c jwe.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_JOSE 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/api-tests/api-test-jose/README.md b/minimal-examples/api-tests/api-test-jose/README.md deleted file mode 100644 index 74034c7..0000000 --- a/minimal-examples/api-tests/api-test-jose/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# lws api test lwsac - -Demonstrates how to use and performs selftests for lwsac - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -``` - $ ./lws-api-test-lwsac -[2018/10/09 09:14:17:4834] USER: LWS API selftest: lwsac -[2018/10/09 09:14:17:4835] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-jose/jwe.c b/minimal-examples/api-tests/api-test-jose/jwe.c deleted file mode 100644 index 2519ef4..0000000 --- a/minimal-examples/api-tests/api-test-jose/jwe.c +++ /dev/null @@ -1,2231 +0,0 @@ -/* - * lws-api-test-jose - RFC7516 jwe tests - * - * Written in 2010-2018 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -/* - * These are the inputs and outputs from the worked example in RFC7516 - * Appendix A.1 {"alg":"RSA-OAEP","enc":"A256GCM"} - */ - - -static char - -*ex_a1_ptext = - "The true sign of intelligence is not knowledge but imagination.", - -*ex_a1_compact = - "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkEyNTZHQ00ifQ." - "OKOawDo13gRp2ojaHV7LFpZcgV7T6DVZKTyKOMTYUmKoTCVJRgckCL9kiMT03JGe" - "ipsEdY3mx_etLbbWSrFr05kLzcSr4qKAq7YN7e9jwQRb23nfa6c9d-StnImGyFDb" - "Sv04uVuxIp5Zms1gNxKKK2Da14B8S4rzVRltdYwam_lDp5XnZAYpQdb76FdIKLaV" - "mqgfwX7XWRxv2322i-vDxRfqNzo_tETKzpVLzfiwQyeyPGLBIO56YJ7eObdv0je8" - "1860ppamavo35UgoRdbYaBcoh9QcfylQr66oc6vFWXRcZ_ZT2LawVCWTIy3brGPi" - "6UklfCpIMfIjf7iGdXKHzg." - "48V1_ALb6US04U3b." - "5eym8TW_c8SuK0ltJ3rpYIzOeDQz7TALvtu6UG9oMo4vpzs9tX_EFShS8iB7j6ji" - "SdiwkIr3ajwQzaBtQD_A." - "XFBoMYUZodetZdvTiFvSkQ", - - *ex_a1_jwk_json = - "{\"kty\":\"RSA\"," - "\"n\":\"oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" - "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" - "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" - "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" - "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" - "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw\"," - "\"e\":\"AQAB\"," - "\"d\":\"kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" - "WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" - "3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" - "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" - "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" - "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ\"," - "\"p\":\"1r52Xk46c-LsfB5P442p7atdPUrxQSy4mti_tZI3Mgf2EuFVbUoDBvaRQ-" - "SWxkbkmoEzL7JXroSBjSrK3YIQgYdMgyAEPTPjXv_hI2_1eTSPVZfzL0lf" - "fNn03IXqWF5MDFuoUYE0hzb2vhrlN_rKrbfDIwUbTrjjgieRbwC6Cl0\"," - "\"q\":\"wLb35x7hmQWZsWJmB_vle87ihgZ19S8lBEROLIsZG4ayZVe9Hi9gDVCOBm" - "UDdaDYVTSNx_8Fyw1YYa9XGrGnDew00J28cRUoeBB_jKI1oma0Orv1T9aX" - "IWxKwd4gvxFImOWr3QRL9KEBRzk2RatUBnmDZJTIAfwTs0g68UZHvtc\"," - "\"dp\":\"ZK-YwE7diUh0qR1tR7w8WHtolDx3MZ_OTowiFvgfeQ3SiresXjm9gZ5KL" - "hMXvo-uz-KUJWDxS5pFQ_M0evdo1dKiRTjVw_x4NyqyXPM5nULPkcpU827" - "rnpZzAJKpdhWAgqrXGKAECQH0Xt4taznjnd_zVpAmZZq60WPMBMfKcuE\"," - "\"dq\":\"Dq0gfgJ1DdFGXiLvQEZnuKEN0UUmsJBxkjydc3j4ZYdBiMRAy86x0vHCj" - "ywcMlYYg4yoC4YZa9hNVcsjqA3FeiL19rk8g6Qn29Tt0cj8qqyFpz9vNDB" - "UfCAiJVeESOjJDZPYHdHY8v1b-o-Z2X5tvLx-TCekf7oxyeKDUqKWjis\"," - "\"qi\":\"VIMpMYbPf47dT1w_zDUXfPimsSegnMOA1zTaX7aGk_8urY6R8-ZW1FxU7" - "AlWAyLWybqq6t16VFd7hQd0y6flUK4SlOydB61gwanOsXGOAOv82cHq0E3" - "eL4HrtZkUuKvnPrMnsUUFlfUdybVzxyjz9JF_XyaY14ardLSjf4L_FNY\"" - "}" -; - -static int -test_jwe_a1(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048], compact[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json, - strlen(ex_a1_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode(ex_a1_compact, strlen(ex_a1_compact), - &jwe.jws.map, &jwe.jws.map_b64, temp, - &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < strlen(ex_a1_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a1_ptext, - strlen(ex_a1_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ex_a1_ptext, strlen(ex_a1_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - /* - * Canned decrypt worked properly... let's also try encoding the - * plaintext ourselves and decoding that... - */ - lws_jwe_destroy(&jwe); - temp_len = sizeof(temp); - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json, - strlen(ex_a1_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - if (lws_gencrypto_jwe_alg_to_definition("RSA-OAEP", &jwe.jose.alg)) { - lwsl_err("Unknown cipher alg \"RSA-OAEP\"\n"); - goto bail; - } - if (lws_gencrypto_jwe_enc_to_definition("A256GCM", &jwe.jose.enc_alg)) { - lwsl_err("Unknown payload enc alg \"A256GCM\"\n"); - goto bail; - } - - /* we require a JOSE-formatted header to do the encryption */ - - jwe.jws.map.buf[LJWS_JOSE] = temp; - jwe.jws.map.len[LJWS_JOSE] = lws_snprintf(temp, temp_len, - "{\"alg\":\"%s\",\"enc\":\"%s\"}", "RSA-OAEP", "A256GCM"); - temp_len -= jwe.jws.map.len[LJWS_JOSE]; - - /* - * dup the plaintext into the ciphertext element, it will be - * encrypted in-place to a ciphertext of the same length - */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - ex_a1_ptext, strlen(ex_a1_ptext), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* CEK size is determined by hash / hmac size */ - - n = lws_gencrypto_bits_to_bytes(jwe.jose.enc_alg->keybits_fixed); - if (lws_jws_randomize_element(context, &jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), - &temp_len, n, - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_err("Problem getting random\n"); - goto bail; - } - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - n = lws_jwe_render_compact(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", - __func__, n); - goto bail; - } - - // puts(compact); - - /* - * Okay... what happens when we try to decode what we created? - */ - - lws_jwe_destroy(&jwe); - lws_jwe_init(&jwe, context); - temp_len = sizeof(temp); - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode(compact, strlen(compact), &jwe.jws.map, - &jwe.jws.map_b64, temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, ex_a1_jwk_json, - strlen(ex_a1_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: generated lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - -/* A.2. Example JWE using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256 - * - * This example encrypts the plaintext "Live long and prosper." to the - * recipient using RSAES-PKCS1-v1_5 for key encryption and - * AES_128_CBC_HMAC_SHA_256 for content encryption. - */ - -/* "Live long and prosper." */ -static uint8_t - -ex_a2_ptext[] = { - 76, 105, 118, 101, 32, 108, 111, 110, - 103, 32, 97, 110, 100, 32, 112, 114, - 111, 115, 112, 101, 114, 46 -}, *lws_jwe_ex_a2_jwk_json = (uint8_t *) - "{" - "\"kty\":\"RSA\"," - "\"n\":\"sXchDaQebHnPiGvyDOAT4saGEUetSyo9MKLOoWFsueri23bOdgWp4Dy1Wl" - "UzewbgBHod5pcM9H95GQRV3JDXboIRROSBigeC5yjU1hGzHHyXss8UDpre" - "cbAYxknTcQkhslANGRUZmdTOQ5qTRsLAt6BTYuyvVRdhS8exSZEy_c4gs_" - "7svlJJQ4H9_NxsiIoLwAEk7-Q3UXERGYw_75IDrGA84-lA_-Ct4eTlXHBI" - "Y2EaV7t7LjJaynVJCpkv4LKjTTAumiGUIuQhrNhZLuF_RJLqHpM2kgWFLU" - "7-VTdL1VbC2tejvcI2BlMkEpk1BzBZI0KQB0GaDWFLN-aEAw3vRw\"," - "\"e\":\"AQAB\"," - "\"d\":\"VFCWOqXr8nvZNyaaJLXdnNPXZKRaWCjkU5Q2egQQpTBMwhprMzWzpR8Sxq" - "1OPThh_J6MUD8Z35wky9b8eEO0pwNS8xlh1lOFRRBoNqDIKVOku0aZb-ry" - "nq8cxjDTLZQ6Fz7jSjR1Klop-YKaUHc9GsEofQqYruPhzSA-QgajZGPbE_" - "0ZaVDJHfyd7UUBUKunFMScbflYAAOYJqVIVwaYR5zWEEceUjNnTNo_CVSj" - "-VvXLO5VZfCUAVLgW4dpf1SrtZjSt34YLsRarSb127reG_DUwg9Ch-Kyvj" - "T1SkHgUWRVGcyly7uvVGRSDwsXypdrNinPA4jlhoNdizK2zF2CWQ\"," - "\"p\":\"9gY2w6I6S6L0juEKsbeDAwpd9WMfgqFoeA9vEyEUuk4kLwBKcoe1x4HG68" - "ik918hdDSE9vDQSccA3xXHOAFOPJ8R9EeIAbTi1VwBYnbTp87X-xcPWlEP" - "krdoUKW60tgs1aNd_Nnc9LEVVPMS390zbFxt8TN_biaBgelNgbC95sM\"," - "\"q\":\"uKlCKvKv_ZJMVcdIs5vVSU_6cPtYI1ljWytExV_skstvRSNi9r66jdd9-y" - "BhVfuG4shsp2j7rGnIio901RBeHo6TPKWVVykPu1iYhQXw1jIABfw-MVsN" - "-3bQ76WLdt2SDxsHs7q7zPyUyHXmps7ycZ5c72wGkUwNOjYelmkiNS0\"," - "\"dp\":\"w0kZbV63cVRvVX6yk3C8cMxo2qCM4Y8nsq1lmMSYhG4EcL6FWbX5h9yuv" - "ngs4iLEFk6eALoUS4vIWEwcL4txw9LsWH_zKI-hwoReoP77cOdSL4AVcra" - "Hawlkpyd2TWjE5evgbhWtOxnZee3cXJBkAi64Ik6jZxbvk-RR3pEhnCs\"," - "\"dq\":\"o_8V14SezckO6CNLKs_btPdFiO9_kC1DsuUTd2LAfIIVeMZ7jn1Gus_Ff" - "7B7IVx3p5KuBGOVF8L-qifLb6nQnLysgHDh132NDioZkhH7mI7hPG-PYE_" - "odApKdnqECHWw0J-F0JWnUd6D2B_1TvF9mXA2Qx-iGYn8OVV1Bsmp6qU\"," - "\"qi\":\"eNho5yRBEBxhGBtQRww9QirZsB66TrfFReG_CcteI1aCneT0ELGhYlRlC" - "tUkTRclIfuEPmNsNDPbLoLqqCVznFbvdB7x-Tl-m0l_eFTj2KiqwGqE9PZ" - "B9nNTwMVvH3VRRSLWACvPnSiwP8N5Usy-WRXS-V7TbpxIhvepTfE0NNo\"" - "}", - -*ex_a2_compact = (uint8_t *) - "eyJhbGciOiJSU0ExXzUiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" - "." - "UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-kFm" - "1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKxGHZ7Pc" - "HALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3YvkkysZIF" - "NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8" - "rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPgwCp6X-nZZd9OHBv" - "-B3oWh2TbqmScqXMR4gp_A" - "." - "AxY8DCtDaGlsbGljb3RoZQ" - "." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" - "." - "9hH0vgRfYgPnAHOd8stkvw" -; - -static int -test_jwe_a2(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode((const char *)ex_a2_compact, - strlen((char *)ex_a2_compact), - &jwe.jws.map, &jwe.jws.map_b64, - (char *)temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ex_a2_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a2_ptext, - sizeof(ex_a2_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ex_a2_ptext, sizeof(ex_a2_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -/* JWE creation using RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256 - * - * This example encrypts a different, larger plaintext using the jwk key from - * the test above, and AES_128_CBC_HMAC_SHA_256 for content encryption. - */ - -static const char *rsa256a128_jose = - "{ \"alg\":\"RSA1_5\",\"enc\":\"A128CBC-HS256\"}"; - -static uint8_t - - /* plaintext is 1024 bytes from /dev/urandom */ - -ra_ptext_1024[] = { - 0xfe, 0xc6, 0x4f, 0x3e, 0x4a, 0x19, 0xe9, 0xd7, - 0xc2, 0x13, 0xe7, 0xc5, 0x78, 0x6e, 0x71, 0xf6, - 0x6e, 0xdd, 0x04, 0xaf, 0xaa, 0x4e, 0xa8, 0xad, - 0xd8, 0xe0, 0xb3, 0x32, 0x97, 0x43, 0x7c, 0xd8, - 0xd1, 0x5f, 0x56, 0xac, 0x70, 0xaf, 0x7d, 0x0b, - 0x40, 0xa1, 0x96, 0x71, 0x7c, 0xc4, 0x4a, 0x37, - 0x0b, 0xa6, 0x06, 0xb3, 0x8c, 0x87, 0xee, 0xb6, - 0x15, 0xfe, 0xaa, 0x60, 0x7e, 0x7f, 0xdc, 0xb0, - 0xff, 0x96, 0x4b, 0x30, 0x60, 0xcf, 0xc6, 0x5d, - 0x09, 0x6a, 0x6f, 0x66, 0x0c, 0x5f, 0xb0, 0x6f, - 0x61, 0xa6, 0x26, 0x02, 0xbd, 0x46, 0xda, 0xa3, - 0x73, 0x19, 0x17, 0xff, 0xe0, 0x5f, 0x30, 0x72, - 0x7d, 0x17, 0xd8, 0xb2, 0xbe, 0x84, 0x3e, 0x4d, - 0x76, 0xbd, 0x62, 0x5d, 0x63, 0xfe, 0x11, 0x32, - 0x11, 0x41, 0xdc, 0xed, 0x96, 0xfd, 0x31, 0x38, - 0x6a, 0x84, 0x55, 0x7a, 0x33, 0x3f, 0x37, 0xc3, - 0x37, 0x7b, 0xc1, 0xb7, 0x89, 0x00, 0x39, 0xa6, - 0x94, 0x91, 0xb7, 0x19, 0x6b, 0x1d, 0x99, 0xeb, - 0xf6, 0x10, 0xb9, 0xd2, 0xcd, 0x15, 0x0d, 0xbc, - 0x24, 0x34, 0x9a, 0x52, 0x64, 0x21, 0x72, 0x1e, - 0x9a, 0x00, 0xf2, 0xcf, 0xf1, 0x7d, 0x1a, 0x12, - 0x8d, 0x39, 0xbc, 0xf9, 0x09, 0xfd, 0xd9, 0x22, - 0x27, 0x28, 0xe1, 0x3a, 0x0b, 0x82, 0xba, 0x9a, - 0xe5, 0x9d, 0xa8, 0x12, 0x6e, 0xf5, 0x4b, 0xc7, - 0x2b, 0x9c, 0xdc, 0xfe, 0xf3, 0xe8, 0x74, 0x65, - 0x3d, 0xe0, 0xaa, 0x64, 0xf3, 0x43, 0xa4, 0x88, - 0xa8, 0xbe, 0x60, 0xdb, 0xfd, 0x2d, 0x3b, 0x84, - 0x82, 0x8f, 0x4d, 0xbb, 0xe4, 0xa9, 0x59, 0xe3, - 0x6c, 0x52, 0x45, 0xe4, 0x34, 0xdb, 0x28, 0x0e, - 0x4a, 0x44, 0xb6, 0x9a, 0x25, 0x9b, 0x3b, 0xae, - 0xe1, 0x12, 0x1d, 0x1c, 0x66, 0x7d, 0xb9, 0x5b, - 0x5f, 0xc2, 0x4a, 0xaa, 0xd2, 0xe9, 0x65, 0xe2, - 0x85, 0x6f, 0xf6, 0x67, 0x66, 0x8e, 0x0b, 0xd2, - 0x60, 0xf8, 0x43, 0x60, 0x04, 0x9b, 0xa9, 0x3a, - 0x6a, 0x3c, 0x02, 0x3c, 0x08, 0x9d, 0x60, 0x1c, - 0xc4, 0x27, 0x3e, 0xff, 0xd0, 0x70, 0x94, 0x43, - 0x3e, 0x9e, 0x69, 0x19, 0x22, 0xf0, 0xec, 0x26, - 0x2d, 0xa5, 0x71, 0xf3, 0x92, 0x61, 0x95, 0xce, - 0xc3, 0xc0, 0xa0, 0xc3, 0x98, 0x22, 0xdd, 0x32, - 0x3c, 0x48, 0xcb, 0xd1, 0x61, 0xa0, 0xaa, 0x9a, - 0x7e, 0x5a, 0xfa, 0x26, 0x46, 0x49, 0xfc, 0x9c, - 0xaa, 0x21, 0x06, 0x45, 0xf1, 0xa0, 0xc9, 0xef, - 0x6b, 0x89, 0xf2, 0x01, 0x20, 0x54, 0xfa, 0x0a, - 0x23, 0xff, 0xbd, 0x64, 0x35, 0x94, 0xfd, 0x35, - 0x70, 0x52, 0x94, 0x66, 0xc5, 0xd0, 0x27, 0xc1, - 0x8f, 0x6d, 0xc4, 0xa3, 0x34, 0xc2, 0xea, 0xf0, - 0xb3, 0x0d, 0x6c, 0x13, 0xb5, 0xc9, 0x6e, 0x5c, - 0xeb, 0x8b, 0x7b, 0xf5, 0x21, 0x4c, 0xe3, 0xb7, - 0x73, 0x6d, 0x07, 0xaa, 0x44, 0xc4, 0xba, 0xc5, - 0xa5, 0x0e, 0x75, 0x28, 0xb7, 0x50, 0x22, 0x54, - 0xa7, 0xe1, 0x2e, 0xfd, 0x20, 0xcd, 0xa4, 0x31, - 0xa3, 0xb2, 0x73, 0x98, 0x7c, 0x3c, 0x8f, 0xa3, - 0x40, 0x8a, 0xaf, 0x31, 0xfa, 0xf9, 0x70, 0x4d, - 0x83, 0x10, 0xc4, 0xa0, 0x9c, 0xd6, 0xa3, 0xd5, - 0x07, 0xaf, 0xaf, 0x35, 0x15, 0xd0, 0x84, 0x09, - 0x20, 0x36, 0x88, 0xac, 0x6f, 0x16, 0x5e, 0x03, - 0xa9, 0xfc, 0xb3, 0x2d, 0x01, 0x57, 0xb3, 0xed, - 0x4b, 0x55, 0x2b, 0xbc, 0x92, 0x87, 0x3e, 0x27, - 0xc4, 0x2c, 0x44, 0xac, 0x05, 0x5f, 0x26, 0xe7, - 0xe9, 0xb0, 0x2d, 0x6b, 0x3c, 0x8c, 0xd2, 0xb4, - 0x3c, 0xb4, 0x86, 0xfe, 0x68, 0x99, 0x2a, 0x42, - 0xac, 0xa4, 0xb3, 0x89, 0x61, 0xb3, 0xd1, 0xdf, - 0x9b, 0x58, 0xc7, 0x81, 0x62, 0x87, 0x26, 0x52, - 0x51, 0xe7, 0x7d, 0x7c, 0x37, 0x14, 0xe5, 0x19, - 0x28, 0x34, 0x3e, 0x95, 0x17, 0x36, 0x12, 0xf9, - 0x5e, 0xc1, 0x3c, 0x9c, 0x28, 0x70, 0x06, 0xdf, - 0xc4, 0x6d, 0x25, 0x04, 0x46, 0xe0, 0x95, 0xf0, - 0xc8, 0x57, 0x48, 0x27, 0x26, 0xf3, 0xf7, 0x19, - 0xbe, 0xea, 0xb4, 0xd4, 0x64, 0xaf, 0x67, 0x7c, - 0xf5, 0xa9, 0xfb, 0x85, 0x4a, 0x43, 0x9c, 0x62, - 0x06, 0x5e, 0x28, 0x2a, 0x7b, 0x1e, 0xb3, 0x07, - 0xe7, 0x19, 0x32, 0xa4, 0x4e, 0xb4, 0xce, 0xe0, - 0x92, 0x56, 0xf5, 0x10, 0xcb, 0x56, 0x34, 0x4b, - 0x0d, 0xe1, 0xd3, 0x6d, 0xfe, 0xf0, 0x44, 0xf7, - 0x22, 0x1d, 0x5e, 0x6b, 0xa7, 0xa5, 0x83, 0x2e, - 0xeb, 0x14, 0xf2, 0xd7, 0x27, 0x5a, 0x2a, 0xd2, - 0x55, 0x35, 0xe6, 0x7e, 0xd9, 0x3b, 0xac, 0x4e, - 0x5a, 0x22, 0x46, 0xd5, 0x7b, 0x57, 0x9c, 0x58, - 0xfe, 0xd0, 0xda, 0xbf, 0x7d, 0xe9, 0x8c, 0xb7, - 0xba, 0x88, 0xf1, 0xc3, 0x82, 0x53, 0xc3, 0x66, - 0x20, 0x51, 0x12, 0xd3, 0xf9, 0xaf, 0xe9, 0xcb, - 0xc1, 0x7a, 0xe6, 0x22, 0x44, 0xa5, 0xdf, 0x18, - 0xb3, 0x6e, 0x6c, 0xba, 0xf3, 0xc6, 0x24, 0x5a, - 0x1c, 0x67, 0xa6, 0xa5, 0xb4, 0xb1, 0x35, 0xdf, - 0x5a, 0x60, 0x5c, 0x0b, 0x66, 0xd3, 0x1f, 0x4e, - 0x7c, 0xcb, 0x93, 0x7e, 0x2f, 0x6d, 0xbd, 0xce, - 0x26, 0x52, 0x44, 0xee, 0xbb, 0xd8, 0x8f, 0xf2, - 0x67, 0x38, 0x0d, 0x3b, 0xaa, 0x21, 0x73, 0xf8, - 0x3b, 0x54, 0x9d, 0x4e, 0x5e, 0xf1, 0xa2, 0x18, - 0x5a, 0xf1, 0x6c, 0x32, 0xbf, 0x0a, 0x73, 0x14, - 0x48, 0x4f, 0x56, 0xc0, 0x87, 0x6d, 0x3b, 0x16, - 0xcc, 0x3f, 0x44, 0x19, 0x85, 0x22, 0x43, 0x5f, - 0x8c, 0x29, 0xbd, 0xa0, 0xce, 0x84, 0xd9, 0x4a, - 0xcf, 0x00, 0x6b, 0x37, 0x35, 0xe0, 0xb3, 0xc9, - 0xd1, 0x58, 0xd1, 0x1b, 0xc3, 0x6f, 0xe3, 0x50, - 0xdb, 0xa6, 0x5e, 0x03, 0x18, 0xe5, 0xe2, 0xc1, - 0x97, 0xd5, 0xf8, 0x42, 0x6f, 0xe6, 0x61, 0x80, - 0xc9, 0x7c, 0xc6, 0x83, 0xf0, 0xad, 0x70, 0x13, - 0x0e, 0x26, 0x75, 0xc0, 0x12, 0x23, 0x14, 0xef, - 0x1f, 0xdf, 0xfd, 0x47, 0x99, 0x9f, 0x22, 0xf3, - 0x57, 0x21, 0xdc, 0x38, 0xe4, 0x79, 0x87, 0x5b, - 0x67, 0x66, 0xdd, 0x0b, 0xe0, 0xae, 0xb5, 0x97, - 0xd8, 0xa6, 0x5d, 0x02, 0xcf, 0x6b, 0x84, 0x19, - 0xc1, 0xbb, 0x25, 0xd2, 0x10, 0xb9, 0x63, 0xeb, - 0x4b, 0x27, 0x8d, 0x05, 0x31, 0xce, 0x3b, 0x0c, - 0x5f, 0xd4, 0x83, 0x47, 0xa4, 0x8b, 0xc4, 0x76, - 0x33, 0x74, 0x1a, 0x07, 0xf8, 0x18, 0x82, 0x1c, - 0x8e, 0x01, 0x75, 0x78, 0xea, 0xd9, 0x72, 0x61, - 0x71, 0xa9, 0x09, 0x44, 0x7b, 0x0f, 0x12, 0xcf, - 0x4c, 0x76, 0x7b, 0x69, 0xc8, 0x64, 0x98, 0x60, - 0x45, 0xb6, 0xc7, 0x6b, 0xd8, 0x43, 0x99, 0x08, - 0xc9, 0xd3, 0x6f, 0x01, 0x4f, 0x57, 0x6f, 0x49, - 0x4f, 0x4f, 0x72, 0xa4, 0xa2, 0x45, 0xe1, 0x0e, - 0xf2, 0x08, 0x3e, 0x67, 0xc3, 0x83, 0x5b, 0xb1, - 0x24, 0xc0, 0xe0, 0x3a, 0xf5, 0x1f, 0xf2, 0x06, - 0x4b, 0xa7, 0x6f, 0xd2, 0xb2, 0x81, 0x96, 0x91, - 0x42, 0xb1, 0x53, 0x65, 0x3a, 0x12, 0xcd, 0x33, - 0xb3, 0x7e, 0x79, 0xc0, 0x46, 0xf6, 0xd8, 0x4a, - 0x22, 0x35, 0xb8, 0x3f, 0xe4, 0x08, 0x88, 0x49, - 0x3c, 0x73, 0x9a, 0x44, 0xe3, 0x3b, 0xcc, 0xc4, - 0xae, 0x7c, 0xbe, 0xfd, 0xa6, 0x4a, 0xd4, 0x26, - 0x52, 0x58, 0x81, 0x30, 0x66, 0x44, 0x54, 0xc8, - 0xe4, 0x7c, 0x5b, 0x63, 0x06, 0x60, 0x94, 0x62, - 0xe5, 0x47, 0x45, 0xfb, 0x58, 0xf5, 0x6a, 0x7c, - 0xb2, 0x35, 0x08, 0x03, 0x15, 0x68, 0xb3, 0x13, - 0xa5, 0xbd, 0xf2, 0x1e, 0x2e, 0x1c, 0x8f, 0xc6, - 0xc7, 0xd1, 0xa9, 0x64, 0x37, 0x2b, 0x23, 0xfa, - 0x7e, 0x56, 0x22, 0xf0, 0x8a, 0xbd, 0xeb, 0x04 -}, - -r256a128_cek[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f -} -; - -static int -test_jwe_ra_ptext_1024(struct lws_context *context, char *jwk_txt, int jwk_len) -{ - char temp[4096], compact[4096]; - struct lws_jwe jwe; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - /* reuse the rsa private key from the JWE Appendix 2 test above */ - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* dup the plaintext, it will be replaced in-situ by the ciphertext */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - ra_ptext_1024, sizeof(ra_ptext_1024), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* dup the cek, since it will be replaced by the encrypted key */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), &temp_len, - r256a128_cek, sizeof(r256a128_cek), - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_notice("%s: Not enough temp space for EKEY\n", __func__); - goto bail; - } - - jwe.jws.map.buf[LJWE_JOSE] = rsa256a128_jose; - jwe.jws.map.len[LJWE_JOSE] = strlen(rsa256a128_jose); - - n = lws_jwe_parse_jose(&jwe.jose, jwe.jws.map.buf[LJWE_JOSE], - jwe.jws.map.len[LJWE_JOSE], - lws_concat_temp(temp, temp_len), &temp_len); - if (n < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - - n = lws_jwe_render_compact(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n); - goto bail; - } - - // puts(compact); - - lws_jwe_destroy(&jwe); - lws_jwe_init(&jwe, context); - temp_len = sizeof(temp); - - /* now we created the encrypted version, see if we can decrypt it */ - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: failed to parse generated compact\n", __func__); - - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024, - sizeof(ra_ptext_1024))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -static const char *rsa256a192_jose = - "{ \"alg\":\"RSA1_5\",\"enc\":\"A192CBC-HS384\"}"; - -static const uint8_t r256a192_cek[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f -} -; - -static int -test_jwe_r256a192_ptext(struct lws_context *context, char *jwk_txt, int jwk_len) -{ - struct lws_jwe jwe; - char temp[4096], compact[4096]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - /* reuse the rsa private key from the JWE Appendix 2 test above */ - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* - * dup the plaintext into the ciphertext element, it will be - * encrypted in-place to a ciphertext of the same length - */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - ra_ptext_1024, sizeof(ra_ptext_1024), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* copy the cek, since it will be replaced by the encrypted key */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), &temp_len, - r256a192_cek, sizeof(r256a192_cek), - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_err("Problem getting random\n"); - goto bail; - } - - jwe.jws.map.buf[LJWE_JOSE] = rsa256a192_jose; - jwe.jws.map.len[LJWE_JOSE] = strlen(rsa256a192_jose); - - n = lws_jwe_parse_jose(&jwe.jose, jwe.jws.map.buf[LJWE_JOSE], - jwe.jws.map.len[LJWE_JOSE], - lws_concat_temp(temp, temp_len), &temp_len); - if (n < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - - n = lws_jwe_render_compact(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n); - goto bail; - } - - // puts(compact); - - /* now we created the encrypted version, see if we can decrypt it */ - - lws_jwe_destroy(&jwe); - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: failed to parse generated compact\n", __func__); - - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024, - sizeof(ra_ptext_1024))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - -static const char *rsa256a256_jose = - "{ \"alg\":\"RSA1_5\",\"enc\":\"A256CBC-HS512\"}"; - -static const uint8_t r256a256_cek[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -} -; - -static int -test_jwe_r256a256_ptext(struct lws_context *context, char *jwk_txt, int jwk_len) -{ - struct lws_jwe jwe; - char temp[4096], compact[4096]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - /* reuse the rsa private key from the JWE Appendix 2 test above */ - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* - * dup the plaintext into the ciphertext element, it will be - * encrypted in-place to a ciphertext of the same length - */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - ra_ptext_1024, sizeof(ra_ptext_1024), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* copy the cek, since it will be replaced by the encrypted key */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), &temp_len, - r256a256_cek, sizeof(r256a256_cek), - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_err("Problem getting random\n"); - goto bail; - } - - jwe.jws.map.buf[LJWE_JOSE] = rsa256a256_jose; - jwe.jws.map.len[LJWE_JOSE] = strlen(rsa256a256_jose); - - n = lws_jwe_parse_jose(&jwe.jose, rsa256a256_jose, strlen(rsa256a256_jose), - lws_concat_temp(temp, temp_len), &temp_len); - if (n < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - - n = lws_jwe_render_compact(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", __func__, n); - goto bail; - } - - // puts(compact); - - /* now we created the encrypted version, see if we can decrypt it */ - - lws_jwe_destroy(&jwe); - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, jwk_txt, jwk_len) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - if (lws_jws_compact_decode(compact, n, &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: failed to parse generated compact\n", __func__); - - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024, - sizeof(ra_ptext_1024))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -/* produced by running the minimal example `lws-crypto-jwk -t RSA -b 2048 -c` */ - -static const char *rsa_key_2048 = - "{" - "\"e\":\"AQAB\"," - "\"kty\":\"RSA\"," - "\"n\":\"lBJdvUq-9_8hlcduIWuBjRb0tGzzAvS4foqoNCO7g-rOXMdeAcmq" - "aSzWTbkaGIc3L1I4-Q3TOZtxn2UhuDlShZRIhM6JCQuUVNVAF3TD7oXxHtZ" - "LJ7y_BqCUlrAmW31lu-nVmhY2G3xW26yXWUsDbCxz0hfLbVnXRSvVKLzYWm" - "_yyrFyEWfxB8peDocvKGh879z_aPCKE3PDOEl2AsgzYfpnWCLytkgnrTeL6" - "qY8HXxvvV-Jw-XMaRiwH0VldpIjs4DaoN35Kj1Ex7QOZznTkbYtMIqse8bR" - "LoR8Irkxbc5ncUAuX1KSV6lpPtelsA3RtEjJ4NHV-5eEABiYh8_CFQ\"," - "\"d\":\"DDpguQ9RVQFMoJC5z2hlkvq91kvsXPv2Y9Dcki256xYlg55H7Pre" - "p__hahrABR2Jg6QVJhArt5ABjUnDQ_JL69HH6VvLD6RVVBTQ-FRBZ_3HYKY" - "Oynx5BA7tJm1BRatF5FkBCvq27i8nAc4vfjAb22o9CFvEW3FLaKAgOCncQ3" - "Tnbz9CddH89n7DXw4kBFI8q5ugF_aRIg5-i42W_hQinLaBhZ_zhAuE-nvlt" - "ZnhDal8cX3T60lNoUrDOlirqEOXKO3gXCHpm3csZ6nabHYD1UCyHOmi2RsR" - "pzjaiqjXdPbwPzQoh2DcYpavNrf1mtHiqTwLZDTJIRHWHufJzHf-sw\"," - "\"p\":\"ySeC3FtvzduDEL-FX4JqbRN06PdBhUmosCkymmbBjriuLNpkGkG-" - "1ex7r-M8neUBZbctmDdih6cpLZ8hjZv3eEDZ4b5Z2LqZnja4QvVoWLUs4Fb" - "NN_PxJCR5H28uUfT6ThxqT0Nb2enb8Dyp0Qxvd7eJUeYz6jOt7pEK-ErTB4" - "M\"," - "\"q\":\"vHG2Pd6QUH7vFZjJtXwmlVnrz5tdJvUPQvz7ggeM69cqhf4vLajz" - "sqP9GhJr7bEkp6vKVdZGmfEdiFRD8cssIZq651oAO5Wr7zZd2mR_hG9jZx7" - "8Davfuxr4SZNN-bmoxO6dbDi-X2c7fvMI2YeJwL4groNKyiosdUYILTrYRI" - "c\"," - "\"dp\":\"h5Gqf2rcokgEQGBjuigCJDtNuskRjoxDNV6-rRL99nt_X9lcR9n" - "xjOnRvowOyXeTBoN7JjCFpllBxm6ORYtNMO28KomIsimo6NmGPBJ7XfXVJe" - "k6bDBrX-l4_HeJJ1FM9SHvgDYsjGQxh-rKpIqWAYBf-yOD758e5T85vndnX" - "JM\"," - "\"dq\":\"K9LiB-dfdmjenw4mMp-JtYfw8Bn4gtvQzcpZjzbETgB-8iRXwm2" - "dJvk-HjcUhHWCyb-I0YeAacKKFK9MEconHDWIq87haPn4vyvMjcJ7aUgiPN" - "QW1_MVl8TA4xNvudi0Z__5-jYEB9nRG0fX0gbUQU-19_-uf-9o4WkE88fQj" - "bc\"," - "\"qi\":\"LEkTRqmomn9UiASeRfAKw-Z5q7cye9CSL4luSexFvA3Du7Oin-s" - "L9a7F3nJN4CuYzhtNMxQ0hM7k6ExzhDhXDlNRHxnNEDt81-CFRV98v7GVWV" - "SH1KnaKf9wgegxSSm-x536ki2SI8EN4k4qkqRF0iLVHZK7CgnWMbtt6tnpp" - "3k\"" - "}"; -/* produced by running the minimal example `lws-crypto-jwk -t RSA -b 4096 -c` */ - -static const char *rsa_key_4096 = - "{" - "\"e\":\"AQAB\"," - "\"kty\":\"RSA\"," - "\"n\":\"uiLBz1SUgd4eQ0okg6tlPdk9QUhTsqXmiJXygWVFgzT45E5_Rfkq" - "vZ2fwAqQ8DvxkDTUWiKpeXMpPRNWG5GxuBuq9n7xdA1vn1eQi8LoekB28dg" - "3MwMfozVSKCzyxG1f81xPE5x3EMVhCcx6hshhlMEHkzNNhE07d-oRO87ZC0" - "z_5L3Vh03uJBXaDKVlsgHAazoHLhn6G4odqv-ro54T6Nx1eEtyTnMmFY5ND" - "V4rN0SjQvSefbZZtsrtby8Z0JmeyvynmDwOINj7FpmPmpFLoWGXntc2yxPP" - "8SHnqfT9ESh94fxCMxRhDNohgpegRHyiYwj3M5ZYY6reCZYfOQONSWmc8yp" - "NBMJqj4LuJ2bTMGAFS17ZP4ZZWm5RP9ax100Dgk0yxP1UrybG5dCfJRQvHC" - "ncxG_aL6cSQu2o4fXqlJsNHxk3FjHtV_CMZ3tqvGTvwrs4yxvKwKv6r3fRh" - "KL01bGOePzp9THkHW2-lzVj6kUwnxBdHGZE6fcAnczOdp8ZIEdV1w6ThimC" - "m3Bw_TIyl3tkuxRWXpc_d6Q4iiSVKGKCvUvfAlESpTA4tIhQkij-T9FEoj2" - "WE2H1D35AKmjcfLCh6yszu8cmDNedn862pwnawE2RvRFAyuI113fLQeCbCz" - "tQ1JHuD8cnQt0hpGzReTa5UJ8OEOGIlyXNdWZyTpk\"," - "\"d\":\"G2ZW582AT-6xvz-IiP5fuJ9EMloygeuEeEo0aMJO3X3cfoUknJkN" - "ZtyvYa5cgBSe3la8hKkyD9_5K9WvGP9VLTAbdk4g_m-k5QyXiU9PeAGJ0Nd" - "-Zqq4y0Zj2eil8u7Tz0fhFxay-zvG6VGZnsIcBTD2C7_jUwyoaqJA17A_CH" - "gU-ifMqS56VgMGdlKZmf7Cg7ZGzM1DoS6vZ9bbfgoczaw4OZVHlg9Cxa0NI" - "CDi1S-sJcTLGN_RLISKN5H0J54ZfzF6fUEn5kNykLTZrAvj2XV7g4UUOogn" - "1cvjJYRcBVzTzQKcfxbqo2DvymDGFZbQM6pj80rYJ5HFPh2EapjggPN8hXp" - "NlTNDEvC84QFv0lo2E-0nVWQqcyHtXd431O1JH2h5X822zKjXxkaztQSCj9" - "YP7AdAeoxIaWOa3aO1vcwURH2WWaNV-_KXVkPJNzfo9-bGYwblMw_RIqIkN" - "BDayTb8rBuQHTCE_tSEHgoSnkityGpr8j_vgA-Fa-SqmdqUlbklVpwA_Mq_" - "UH7RCaqe91dWxRhS_7c85tFMRFCKOcaRXkwxEpP2LD1AYe8yvVQlr0Se8_d" - "RefuQcC-BECwMW-TCgR3VxAuL7ExNTYe4bhBD8WYXsHP7wDXWX2Q4v7IRzj" - "cfVIdpTNYuWEd69PvXBCuy75hmDniSmS3Xps3ItGU\"," - "\"p\":\"961BtLSIZkHO7Vu1KfaA3urcwGpISKJiTSB5Nh6npxJr9mSjzv_f" - "e8VoxCX6CWGY0SEeQNUQ6ceTnAAxkSHtZJQGed598jBtxIexAWEE7oc9s9d" - "b0cWu4QWIVZYXrcOTEWmK1kWN4PXmnnQknrWQF49adn81BaOXqoL-tahe7f" - "faXzXe0RXuohK543ZKbuuHQ2TxqFG7CZpXiH_qn1Syao32u0V3iDFpmmCUV" - "h9O2JCzfo8sAosTrnQwC0pXz3Nvr_9Cnk6bMluJoMrwB1Ywg_DPQ1WvpYHO" - "URezEOqVC8Y3zrko199TMX2COKGNFgutVpnzxs2_h0PyINUmwrY4zQ\"," - "\"q\":\"wGQRaxy_gBafbrVJy4f32O0a2FQHzmS--WgHhoteDoF6ZAajLcV0" - "GEvb-AVmFER1Wii62BFaFJOYQIegELvnBFFzD6oHJRX7bM4m36G8J_TC1o9" - "T1IFnxOpaoFDf4JWf2k7DCXClGg_zueyOD8fj8F6j2nqpOfytuLmikHcWMc" - "dGTHTCRtQmvOk3pm0uk2qR0cQb5L3Ocv45tCKr55tMc6Zx3DKkMt1kmUwd2" - "HFfk_0WM6R7q4LNGIjwl8dwiERppLKA8xao9i3jOOdFEfAD-Zqv8H-32cyH" - "Mg6Guo4tPNAYSzcsz8nbEYPtKVVm-PDuM2cx0iaKnS8BIK2XTbzc_Q\"," - "\"dp\":\"ZXLWIwp_hEMYWyjhP9r0VlqlKTtfeEDrOuQ-Qei0iz6EclwurK8" - "p_yyRCSb1D7qmOaLzHWMollllINUDeIsJDdWEAY8cz4L-sy1RV1tCBeHnaC" - "6iMX5jb1Aw072y3T3qk4tDjxjWUHroh6bTCR8dckkJqNfaBAFKMlGNuyLIH" - "3kSPUV3ivUM1d4NvhnJyz02HmjOgz9W-Uv65rJei_zJR9P2aCbAG00CEHXW" - "zJ_uT86VdxV11WTaHu8Abt94sER8Tv6jbuyLrUjJSs9VGew32xNcEhya4ZQ" - "VyimG8zri6fu7CDXXgPS8wtzB5ihl_c2ypnJQ4_GKrgEqwEAOrFqvUQ\"," - "\"dq\":\"uzlmngcm8R6S3qi7fL7_2fG7uyPjSN5P3uR21l8QFCu6kFbJO8S" - "4muBP20hds4F_dlLGqXgRYo7TjpCtmztQsKoWv_ql41hGCfeAawa41WViqm" - "xmlxmrgzzRHsw1YhgZrNgTAz_E290EQT3Mbd0HnCZtbDMMNisIYAj_A3lwd" - "tbHOaYyXb0dSZ_nkSUVO05tQ2aGAo8Xtl5ih0NqaQR_XNhwW2pI0lsTB__D" - "15tU-O5FSdJaq2ip8KNrBzmF8IYrDKTNykKWAKRdSEX_uFoLdD8t0mxn3SM" - "luffa8vdjXJfh3GiASmHUt3HcPOooQEAufoWBPVJWeGqCvWtRH8yYfQ\"," - "\"qi\":\"h-e9es5J49OUF48gSXUI8cynZ8ydv5cThXc1deV3mil_7_7Hg8E" - "jV3gAErO4l-irHJplFmHFZvU1ud4zs1gtBt5TA-EeeepYOHMSssWDvDK3WI" - "zsM6C3vcNTSkT-ihaSFmPWHCVwJ1R3auWfeI2In3at0jd4t-OK-cCcGZXb7" - "90-EnyyDcdFTU9WfwVSOJffRGjoUYX8DexavClv7CBzPhpdUzGoeyarNaG4" - "z9MI8Q8txHyHgc_D70lZUum1cj0bZwgEj6yDzOPzSgUmICFJiLDDj93oPaI" - "v-5CQ_Ckju7icexc_kuuYTKBOLTj_vfaURnV3KCHul2UljUYOxkfeNQ\"" - "}"; - -static const char *rsa_key_4096_no_optional = - "{" - "\"e\":\"AQAB\"," - "\"kty\":\"RSA\"," - "\"n\":\"uiLBz1SUgd4eQ0okg6tlPdk9QUhTsqXmiJXygWVFgzT45E5_Rfkq" - "vZ2fwAqQ8DvxkDTUWiKpeXMpPRNWG5GxuBuq9n7xdA1vn1eQi8LoekB28dg" - "3MwMfozVSKCzyxG1f81xPE5x3EMVhCcx6hshhlMEHkzNNhE07d-oRO87ZC0" - "z_5L3Vh03uJBXaDKVlsgHAazoHLhn6G4odqv-ro54T6Nx1eEtyTnMmFY5ND" - "V4rN0SjQvSefbZZtsrtby8Z0JmeyvynmDwOINj7FpmPmpFLoWGXntc2yxPP" - "8SHnqfT9ESh94fxCMxRhDNohgpegRHyiYwj3M5ZYY6reCZYfOQONSWmc8yp" - "NBMJqj4LuJ2bTMGAFS17ZP4ZZWm5RP9ax100Dgk0yxP1UrybG5dCfJRQvHC" - "ncxG_aL6cSQu2o4fXqlJsNHxk3FjHtV_CMZ3tqvGTvwrs4yxvKwKv6r3fRh" - "KL01bGOePzp9THkHW2-lzVj6kUwnxBdHGZE6fcAnczOdp8ZIEdV1w6ThimC" - "m3Bw_TIyl3tkuxRWXpc_d6Q4iiSVKGKCvUvfAlESpTA4tIhQkij-T9FEoj2" - "WE2H1D35AKmjcfLCh6yszu8cmDNedn862pwnawE2RvRFAyuI113fLQeCbCz" - "tQ1JHuD8cnQt0hpGzReTa5UJ8OEOGIlyXNdWZyTpk\"," - "\"d\":\"G2ZW582AT-6xvz-IiP5fuJ9EMloygeuEeEo0aMJO3X3cfoUknJkN" - "ZtyvYa5cgBSe3la8hKkyD9_5K9WvGP9VLTAbdk4g_m-k5QyXiU9PeAGJ0Nd" - "-Zqq4y0Zj2eil8u7Tz0fhFxay-zvG6VGZnsIcBTD2C7_jUwyoaqJA17A_CH" - "gU-ifMqS56VgMGdlKZmf7Cg7ZGzM1DoS6vZ9bbfgoczaw4OZVHlg9Cxa0NI" - "CDi1S-sJcTLGN_RLISKN5H0J54ZfzF6fUEn5kNykLTZrAvj2XV7g4UUOogn" - "1cvjJYRcBVzTzQKcfxbqo2DvymDGFZbQM6pj80rYJ5HFPh2EapjggPN8hXp" - "NlTNDEvC84QFv0lo2E-0nVWQqcyHtXd431O1JH2h5X822zKjXxkaztQSCj9" - "YP7AdAeoxIaWOa3aO1vcwURH2WWaNV-_KXVkPJNzfo9-bGYwblMw_RIqIkN" - "BDayTb8rBuQHTCE_tSEHgoSnkityGpr8j_vgA-Fa-SqmdqUlbklVpwA_Mq_" - "UH7RCaqe91dWxRhS_7c85tFMRFCKOcaRXkwxEpP2LD1AYe8yvVQlr0Se8_d" - "RefuQcC-BECwMW-TCgR3VxAuL7ExNTYe4bhBD8WYXsHP7wDXWX2Q4v7IRzj" - "cfVIdpTNYuWEd69PvXBCuy75hmDniSmS3Xps3ItGU\"," - "\"p\":\"961BtLSIZkHO7Vu1KfaA3urcwGpISKJiTSB5Nh6npxJr9mSjzv_f" - "e8VoxCX6CWGY0SEeQNUQ6ceTnAAxkSHtZJQGed598jBtxIexAWEE7oc9s9d" - "b0cWu4QWIVZYXrcOTEWmK1kWN4PXmnnQknrWQF49adn81BaOXqoL-tahe7f" - "faXzXe0RXuohK543ZKbuuHQ2TxqFG7CZpXiH_qn1Syao32u0V3iDFpmmCUV" - "h9O2JCzfo8sAosTrnQwC0pXz3Nvr_9Cnk6bMluJoMrwB1Ywg_DPQ1WvpYHO" - "URezEOqVC8Y3zrko199TMX2COKGNFgutVpnzxs2_h0PyINUmwrY4zQ\"," - "\"q\":\"wGQRaxy_gBafbrVJy4f32O0a2FQHzmS--WgHhoteDoF6ZAajLcV0" - "GEvb-AVmFER1Wii62BFaFJOYQIegELvnBFFzD6oHJRX7bM4m36G8J_TC1o9" - "T1IFnxOpaoFDf4JWf2k7DCXClGg_zueyOD8fj8F6j2nqpOfytuLmikHcWMc" - "dGTHTCRtQmvOk3pm0uk2qR0cQb5L3Ocv45tCKr55tMc6Zx3DKkMt1kmUwd2" - "HFfk_0WM6R7q4LNGIjwl8dwiERppLKA8xao9i3jOOdFEfAD-Zqv8H-32cyH" - "Mg6Guo4tPNAYSzcsz8nbEYPtKVVm-PDuM2cx0iaKnS8BIK2XTbzc_Q\"" - "}"; - -/* This is a compact JWE containing the plaintext ra_ptext_1024 for the key - * lws_jwe_ex_a2_jwk_json... produced by test test above running on OpenSSL. - */ - -static char *jwe_compact_rsa_cbc_openssl = - "eyAiYWxnIjoiUlNBMV81IiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9" - "." - "mWXwMv4hxwgKbUAyMFAuHxiKjg62Z5owkFYLgxho5FNT3Hm5ZGiF8plS5W3NwUTmv8t6C" - "I0kV5cOOJXE_PXPaOptsie2aoQR-_Bs6gAFixa7aZNsnsMF4lMAiIy7VkrvP2qh0s04y2" - "2poOLfmS93tB9AyWdlnQ6Z-U1wzrM9kncqO9GpPol9M4WnAss1ZtTE-9Tbc7dMHURHbZb" - "vHn2h625pBD8oD_s0osRav8YEw7jNeQjW_ch4pI6HRox-hf0dyLtk9yFCtBjxbCvysadW" - "SlZPJBj0HYv0BVqCK0fETi7URx4MCJ3zgCJnpAuQo2yq1yQzXwOYcFoLIvY0jIm44A" - "." - "WINMABhU_GQKJarmmTP_-g" - "." - "V9kHAh9ajE558EPj_zX6p_C903MevMPJLcMU4MWhfhwe1cFW_0io-LvZfcF_Xj7aNoIZd" - "vPXJ0On_jHPFsnwe4dus6kuh8RrSKFFV0sGIv-FFXrKB99FFRY_8BTPsYFrcqt_8EV2Af" - "p7toaVOO15WXOEH6Ym81a3aOWCVGdj_akMN46Qx_JrQaql-Xs_fL2HdpaEWHHTV2ac9aY" - "ah7o0Ojl9UnzkHyXieRgrjXymvCcT0te3D4OQJhrv7TzH_hfKu621O-Frmkr-NvQGSNcl" - "fVgRkte2ks34j5HPqEbJQWWKG3IDfkPRvWmDZzEXW_JTrK_1r1FM-aYtY79tLnir8Zw7I" - "WCczD-XmtlOJNYA2Ss5dbjoJDtevbqaZWVl-sDSwO1xdf-DUfiemep7S7IFoFAdl0vXLT" - "YtuNBxuFw-cP2Kwi8RyF__uENo4vD003cI4htqSYIYXeyAVqWIkmsP1BFpT7MGixfvhAu" - "VCj_ToJmowGY3bOHiMuzyT9M7wtCCiCySEBARVU-EdQBXj8X-quSj-0OnBtxXChUS4QXw" - "q2pNn3UKSMsxqvHR25HQq_6U2AbvNHxKhup3luzn0T27uy0l3XeWSz_48SwJZKRnbYPtC" - "n5Jd5mRdr5GxihpNwupaO4BWnHZo_fHUTI9-Z18lpj_4QB-c3dzDL15xFN4HEZ5lv2iO5" - "zMiRI_NlVVDdA9lqGpn4IyO44osHQieBraUjWF8X5cSXDoqktXDVymAdrxe0fYZQca6Bq" - "CsBqFTYae4CG01SpG46ysfwAXmsTEKPzj7uiOguFCRB4hClTd-Q8R2axj9JNT1jU_Vb7U" - "GKFBGeDJt5PDXJyvW5rHyiQDewykf0Lpvdp39yITT8qARmJl2SwCrDCPADZ4TwwobT42B" - "J_Cq5IKgEOeuS3S7NOdOfXxmAcNfN0yujKbmfiOxnXhwnepQ-TnpgTV0nv8snBRITN7mS" - "EgflqQlKAZus_0mDbHmBmw1nY-0q4qMWI03IEwMC57-p4JLshnWgIAupnFCGp9nyi4E_s" - "GVyQlGCxzC5VSH1Hba3rvbulQGxx_kGk0j56NGhGsQEzqvSuI4xgIsGMPo1Ii7xUh68dd" - "BzJRzaov9oDTgnWM5-hoEQQoazW7hDKAFPYccC6zqX0fnI7vBIIBZsjUsol6-5bdujpb4" - "l3LRGCjULXlSPbnNGzyk5R-mIwQC8aM9wcIiZZdcdHdr4meMNr3HmpG_B5xtBmENAJAvU" - "K3DO6pro2xhypuNKYtOAdH0Xyl8QBPIJ0EFVH6_1V-H_gHs2MLMIqGfUmFCuRev60APcw" - "Pbf-GZxLeXLutPq2DOl1HD0XLNtYL1dB1aw2j4L8OJREOC_N-KpIH3g" - "." - "n4QRlTzW2urRnNiJlwQkZw" -; - - -static int -test_jwe_r256a128_jwe_openssl(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode((const char *)jwe_compact_rsa_cbc_openssl, - strlen((char *)jwe_compact_rsa_cbc_openssl), - &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024, - sizeof(ra_ptext_1024))) { - lwsl_err("%s: plaintext RSA/AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - -/* This is a compact JWE containing the plaintext ra_ptext_1024 for the key - * lws_jwe_ex_a2_jwk_json... produced by test test above running on mbedTLS. - */ - -static char -*jwe_compact_rsa_cbc_mbedtls = - "eyAiYWxnIjoiUlNBMV81IiwiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.oBqKJ06UJs2oryPLWZKyI8743GC0geUt_xaKLMaPtApp__swG2w0IhNtmkIBKA9LeeGyiCWKpGGzOlQUR5YSxrT99PnincHXw_pkCprOvi4j3oxThJ2pFRx-CBc9ZgPJ3Kje1QifOueT3vQt_65iiyXmqyc5PDxzuV0L_KtrA_jEsm2m1JVBMOX--qzXjYyqx_dc87d43TXY_4kuTmAtqVpQe7ixKJlUViPVSzuASyeLEUTIaNlALuEWial1wP-ICF37OQzOcZRH3OVZObrcZi1aWkDOLxF4qO4I_GtpuAgZT732a7gnobR-T2oyBpimcqCVEk88Wa7cYyBXZvAOUA.fNLEFh1mjdlyc3WKw0I2Kg.e8X-11K9yXK0KkK-8ikplEWFViruqduaKPDOA7x6lKpBk8l3RFX1aqC4s0WVc1eN0qd-fB__EoO_AIG1xsfw1ie2IDWV0p18ZaRkQRN9Th5UU-W9C9XyPFQUxcl7ShKRE-yKJU-VdZDk6L2-07FH3s-voVKx0oqLIYqkkXp9a2jvnzrZ0Psujs4PSCHOZEgcS8PNdMmdsjDHLsb0NDMifOSlXk2Mp6V2SizXRIPJtOkVJGKwuBc7FbdO02GnzzVXldiLC7GI0zoRsnSJndF8yc3pMrMQhoVRktkBClAcIujD_OxJwHG-i3OJqUg1uVfci86RoQrnULoygvB7apX_WMxF7eXXJdXbG8sPLLCf0SW4sgvuSclOHL2UXzGi6Tp_l1XjxFQTzVEfUaj7i0gD2wM74Ru79RX8yO0m-5qOOwkySU1lEXqbLTuxjJXD9WLcTQQmF0Nm5myTUyNOl7xKpeDpnNt5A0L8o6SW6iJ3DwZEzhMxk3JWQOYtQP1J2sgwAKEDM6SkGzTy9QXpCEoraKp2UEzunux9S6-roYpzgEFT2RZrq3Hg_JyequTtrcNaoiEKd5szJvE6pUc25WEjDzgg79v_n40gQm688mO62kiVBThVmc88u2JVlNpzVQFUfKt-bu2Xxiqn5lRfEMK93EEPZRd8n12vBq5aJKvvEpPN1AC4HaMepf78Ob0GNTYGR-70zSS0ErecCeIgUJ1CttE2Nn0qEOfbQcO48SjeIltecl9DRzeLT3tPN3Z4BqbzSX8kKU5LStUX5YC-obM_0Ss7swXJM19I1O-QH8VbHZl-9TADR6BLzmrsJQ9_BL_uTB6uPdLhYfqWw6VUf0eMLaqvsY92vV5-JVQqyv7s70FNLT1-8P94k79ZGiLvNdDNZgGsmRQOwA2Vk6snHI0oUYGj7NeEK4O64ZfNRZJgPfWnxtQ-LIhSYCJvxFGL7ZMoA_ijKl9_v_bRqd03_7o8YQisw2luDYqLa87Dh9u9tacOoraGAzcEBIAh-BOcnIrQEt5KoSbly5xNAkfqj7QDvL0vPHArZ5E3Gb_k3VbKjsqCzvisNMEjm887Z-Dc6tW4Y2OceYf-rfUDvJ3EXZ66CWSQ7yKhPVcP1RRtNUFEqLoIAkA4aEAAS2ZPKVHIJQwyMzbbNFAuvY_7piNYprAI5lySFcA1cz_hKl6s9xmqbAkH2XGZZduw5Nv-aY_LMXujjhmblqE2Ocej91xTdgMe74Ftr1b3y9FvPPVSqNjpTSfujCi5L57LOpjT78do8eSrDz6coG0zeRUybjWeTszoiYbif_NlyAcMScO5OMZHNkre6L8u-AVeYSKTGsdpK7em_iLN8cGSEjZABNAr_A9Lfg.6Qb_Qf-ktX0DRHWUHAJxDQ" -; - -static int -test_jwe_r256a128_jwe_mbedtls(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode((const char *)jwe_compact_rsa_cbc_mbedtls, - strlen((char *)jwe_compact_rsa_cbc_mbedtls), - &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ra_ptext_1024) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ra_ptext_1024, - sizeof(ra_ptext_1024))) { - lwsl_err("%s: plaintext RSA/AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ra_ptext_1024, sizeof(ra_ptext_1024)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - - -/* A.3. Example JWE Using AES Key Wrap and AES_128_CBC_HMAC_SHA_256 - * - * This example encrypts the plaintext "Live long and prosper." to the - * recipient using AES Key Wrap for key encryption and - * AES_128_CBC_HMAC_SHA_256 for content encryption. - */ - -/* "Live long and prosper." */ -static uint8_t - -ex_a3_ptext[] = { - 76, 105, 118, 101, 32, 108, 111, 110, - 103, 32, 97, 110, 100, 32, 112, 114, - 111, 115, 112, 101, 114, 46 -}, - -*ex_a3_compact = (uint8_t *) - "eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0" - "." - "6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ" - "." - "AxY8DCtDaGlsbGljb3RoZQ" - "." - "KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY" - "." - "U0m_YmjN04DJvceFICbCVQ", - -*ex_a3_key = (uint8_t *) - "{\"kty\":\"oct\"," - "\"k\":\"GawgguFyGrWKav7AX4VKUg\"" - "}" -; - -static int -test_jwe_a3(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)ex_a3_key, - strlen((char *)ex_a3_key)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode((const char *)ex_a3_compact, - strlen((char *)ex_a3_compact), - &jwe.jws.map, &jwe.jws.map_b64, temp, - &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(ex_a3_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], ex_a3_ptext, - sizeof(ex_a3_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(ex_a3_ptext, sizeof(ex_a3_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -/* JWA B.2. Test Cases for AES_192_CBC_HMAC_SHA_384 - * - * Unfortunately JWA just gives this test case as hex literals, not - * inside a JWE. So we have to prepare the inputs "by hand". - */ - -static uint8_t - -jwa_b2_ptext[] = { - 0x41, 0x20, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, - 0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x20, - 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, - 0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x20, 0x74, 0x6f, 0x20, - 0x62, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, - 0x74, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x69, - 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, - 0x65, 0x20, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x74, - 0x6f, 0x20, 0x66, 0x61, 0x6c, 0x6c, 0x20, 0x69, - 0x6e, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x68, 0x61, 0x6e, 0x64, 0x73, 0x20, 0x6f, 0x66, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x6e, 0x65, - 0x6d, 0x79, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f, - 0x75, 0x74, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x6e, - 0x76, 0x65, 0x6e, 0x69, 0x65, 0x6e, 0x63, 0x65 -}, - -jwa_b2_rawkey[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, -}, - -jwa_b2_iv[] = { - 0x1a, 0xf3, 0x8c, 0x2d, 0xc2, 0xb9, 0x6f, 0xfd, - 0xd8, 0x66, 0x94, 0x09, 0x23, 0x41, 0xbc, 0x04 -}, - -jwa_b2_e[] = { - 0xea, 0x65, 0xda, 0x6b, 0x59, 0xe6, 0x1e, 0xdb, - 0x41, 0x9b, 0xe6, 0x2d, 0x19, 0x71, 0x2a, 0xe5, - 0xd3, 0x03, 0xee, 0xb5, 0x00, 0x52, 0xd0, 0xdf, - 0xd6, 0x69, 0x7f, 0x77, 0x22, 0x4c, 0x8e, 0xdb, - 0x00, 0x0d, 0x27, 0x9b, 0xdc, 0x14, 0xc1, 0x07, - 0x26, 0x54, 0xbd, 0x30, 0x94, 0x42, 0x30, 0xc6, - 0x57, 0xbe, 0xd4, 0xca, 0x0c, 0x9f, 0x4a, 0x84, - 0x66, 0xf2, 0x2b, 0x22, 0x6d, 0x17, 0x46, 0x21, - 0x4b, 0xf8, 0xcf, 0xc2, 0x40, 0x0a, 0xdd, 0x9f, - 0x51, 0x26, 0xe4, 0x79, 0x66, 0x3f, 0xc9, 0x0b, - 0x3b, 0xed, 0x78, 0x7a, 0x2f, 0x0f, 0xfc, 0xbf, - 0x39, 0x04, 0xbe, 0x2a, 0x64, 0x1d, 0x5c, 0x21, - 0x05, 0xbf, 0xe5, 0x91, 0xba, 0xe2, 0x3b, 0x1d, - 0x74, 0x49, 0xe5, 0x32, 0xee, 0xf6, 0x0a, 0x9a, - 0xc8, 0xbb, 0x6c, 0x6b, 0x01, 0xd3, 0x5d, 0x49, - 0x78, 0x7b, 0xcd, 0x57, 0xef, 0x48, 0x49, 0x27, - 0xf2, 0x80, 0xad, 0xc9, 0x1a, 0xc0, 0xc4, 0xe7, - 0x9c, 0x7b, 0x11, 0xef, 0xc6, 0x00, 0x54, 0xe3 -}, - -jwa_b2_a[] = { /* "The second principle of Auguste Kerckhoffs" */ - 0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x63, 0x6f, - 0x6e, 0x64, 0x20, 0x70, 0x72, 0x69, 0x6e, 0x63, - 0x69, 0x70, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20, - 0x41, 0x75, 0x67, 0x75, 0x73, 0x74, 0x65, 0x20, - 0x4b, 0x65, 0x72, 0x63, 0x6b, 0x68, 0x6f, 0x66, - 0x66, 0x73 -}, - -jwa_b2_tag[] = { - 0x84, 0x90, 0xac, 0x0e, 0x58, 0x94, 0x9b, 0xfe, - 0x51, 0x87, 0x5d, 0x73, 0x3f, 0x93, 0xac, 0x20, - 0x75, 0x16, 0x80, 0x39, 0xcc, 0xc7, 0x33, 0xd7 - -} -; - -static int -test_jwa_b2(struct lws_context *context) -{ - struct lws_jwe jwe; - int n, ret = -1; - char buf[2048]; - - lws_jwe_init(&jwe, context); - - /* - * normally all this is interpreted from the JWE blob. But we don't - * have JWE test vectors for AES_256_CBC_HMAC_SHA_512, just a standalone - * one. So we have to create it all by hand. - * - * See test_jwe_a3 above for a more normal usage pattern. - */ - - lws_jwk_dup_oct(&jwe.jwk, jwa_b2_rawkey, sizeof(jwa_b2_rawkey)); - - memcpy(buf, jwa_b2_e, sizeof(jwa_b2_e)); - - jwe.jws.map.buf[LJWE_IV] = (char *)jwa_b2_iv; - jwe.jws.map.len[LJWE_IV] = sizeof(jwa_b2_iv); - - jwe.jws.map.buf[LJWE_CTXT] = buf; - jwe.jws.map.len[LJWE_CTXT] = sizeof(jwa_b2_e); - - jwe.jws.map.buf[LJWE_ATAG] = (char *)jwa_b2_tag; - jwe.jws.map.len[LJWE_ATAG] = sizeof(jwa_b2_tag); - - /* - * Normally this comes from the JOSE header. But this test vector - * doesn't have one... so... - */ - - if (lws_gencrypto_jwe_alg_to_definition("A128KW", &jwe.jose.alg)) - goto bail; - if (lws_gencrypto_jwe_enc_to_definition("A192CBC-HS384", - &jwe.jose.enc_alg)) - goto bail; - - n = lws_jwe_auth_and_decrypt_cbc_hs(&jwe, jwa_b2_rawkey, - jwa_b2_a, sizeof(jwa_b2_a)); - if (n < 0) { - lwsl_err("%s: lws_jwe_a_cbc_hs_decrypt failed\n", __func__); - - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(jwa_b2_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT],jwa_b2_ptext, - sizeof(jwa_b2_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(jwa_b2_ptext, sizeof(jwa_b2_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - - -/* JWA B.3. Test Cases for AES_256_CBC_HMAC_SHA_512 - * - * Unfortunately JWA just gives this test case as hex literals, not - * inside a JWE. So we have to prepare the inputs "by hand". - */ - -static uint8_t - -jwa_b3_ptext[] = { - 0x41, 0x20, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, - 0x20, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x20, - 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, - 0x20, 0x62, 0x65, 0x20, 0x72, 0x65, 0x71, 0x75, - 0x69, 0x72, 0x65, 0x64, 0x20, 0x74, 0x6f, 0x20, - 0x62, 0x65, 0x20, 0x73, 0x65, 0x63, 0x72, 0x65, - 0x74, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x69, - 0x74, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, - 0x65, 0x20, 0x61, 0x62, 0x6c, 0x65, 0x20, 0x74, - 0x6f, 0x20, 0x66, 0x61, 0x6c, 0x6c, 0x20, 0x69, - 0x6e, 0x74, 0x6f, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x68, 0x61, 0x6e, 0x64, 0x73, 0x20, 0x6f, 0x66, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x65, 0x6e, 0x65, - 0x6d, 0x79, 0x20, 0x77, 0x69, 0x74, 0x68, 0x6f, - 0x75, 0x74, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x6e, - 0x76, 0x65, 0x6e, 0x69, 0x65, 0x6e, 0x63, 0x65 -}, - - -jwa_b3_rawkey[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f -}, - -jwa_b3_iv[] = { - 0x1a, 0xf3, 0x8c, 0x2d, 0xc2, 0xb9, 0x6f, 0xfd, - 0xd8, 0x66, 0x94, 0x09, 0x23, 0x41, 0xbc, 0x04 -}, - -jwa_b3_e[] = { - 0x4a, 0xff, 0xaa, 0xad, 0xb7, 0x8c, 0x31, 0xc5, - 0xda, 0x4b, 0x1b, 0x59, 0x0d, 0x10, 0xff, 0xbd, - 0x3d, 0xd8, 0xd5, 0xd3, 0x02, 0x42, 0x35, 0x26, - 0x91, 0x2d, 0xa0, 0x37, 0xec, 0xbc, 0xc7, 0xbd, - 0x82, 0x2c, 0x30, 0x1d, 0xd6, 0x7c, 0x37, 0x3b, - 0xcc, 0xb5, 0x84, 0xad, 0x3e, 0x92, 0x79, 0xc2, - 0xe6, 0xd1, 0x2a, 0x13, 0x74, 0xb7, 0x7f, 0x07, - 0x75, 0x53, 0xdf, 0x82, 0x94, 0x10, 0x44, 0x6b, - 0x36, 0xeb, 0xd9, 0x70, 0x66, 0x29, 0x6a, 0xe6, - 0x42, 0x7e, 0xa7, 0x5c, 0x2e, 0x08, 0x46, 0xa1, - 0x1a, 0x09, 0xcc, 0xf5, 0x37, 0x0d, 0xc8, 0x0b, - 0xfe, 0xcb, 0xad, 0x28, 0xc7, 0x3f, 0x09, 0xb3, - 0xa3, 0xb7, 0x5e, 0x66, 0x2a, 0x25, 0x94, 0x41, - 0x0a, 0xe4, 0x96, 0xb2, 0xe2, 0xe6, 0x60, 0x9e, - 0x31, 0xe6, 0xe0, 0x2c, 0xc8, 0x37, 0xf0, 0x53, - 0xd2, 0x1f, 0x37, 0xff, 0x4f, 0x51, 0x95, 0x0b, - 0xbe, 0x26, 0x38, 0xd0, 0x9d, 0xd7, 0xa4, 0x93, - 0x09, 0x30, 0x80, 0x6d, 0x07, 0x03, 0xb1, 0xf6, -}, - -jwa_b3_a[] = { /* "The second principle of Auguste Kerckhoffs" */ - 0x54, 0x68, 0x65, 0x20, 0x73, 0x65, 0x63, 0x6f, - 0x6e, 0x64, 0x20, 0x70, 0x72, 0x69, 0x6e, 0x63, - 0x69, 0x70, 0x6c, 0x65, 0x20, 0x6f, 0x66, 0x20, - 0x41, 0x75, 0x67, 0x75, 0x73, 0x74, 0x65, 0x20, - 0x4b, 0x65, 0x72, 0x63, 0x6b, 0x68, 0x6f, 0x66, - 0x66, 0x73 -}, - -jws_b3_tag[] = { - 0x4d, 0xd3, 0xb4, 0xc0, 0x88, 0xa7, 0xf4, 0x5c, - 0x21, 0x68, 0x39, 0x64, 0x5b, 0x20, 0x12, 0xbf, - 0x2e, 0x62, 0x69, 0xa8, 0xc5, 0x6a, 0x81, 0x6d, - 0xbc, 0x1b, 0x26, 0x77, 0x61, 0x95, 0x5b, 0xc5 -} -; - -static int -test_jwa_b3(struct lws_context *context) -{ - struct lws_jwe jwe; - char buf[2048]; - int n, ret = -1; - - lws_jwe_init(&jwe, context); - - /* - * normally all this is interpreted from the JWE blob. But we don't - * have JWE test vectors for AES_256_CBC_HMAC_SHA_512, just a standalone - * one. So we have to create it all by hand. - * - * See test_jwe_a3 above for a more normal usage pattern. - */ - - lws_jwk_dup_oct(&jwe.jwk, jwa_b3_rawkey, sizeof(jwa_b3_rawkey)); - - memcpy(buf, jwa_b3_e, sizeof(jwa_b3_e)); - - jwe.jws.map.buf[LJWE_IV] = (char *)jwa_b3_iv; - jwe.jws.map.len[LJWE_IV] = sizeof(jwa_b3_iv); - - jwe.jws.map.buf[LJWE_CTXT] = buf; - jwe.jws.map.len[LJWE_CTXT] = sizeof(jwa_b3_e); - - jwe.jws.map.buf[LJWE_ATAG] = (char *)jws_b3_tag; - jwe.jws.map.len[LJWE_ATAG] = sizeof(jws_b3_tag); - - /* - * Normally this comes from the JOSE header. But this test vector - * doesn't feature one... - */ - - if (lws_gencrypto_jwe_alg_to_definition("A128KW", &jwe.jose.alg)) - goto bail; - if (lws_gencrypto_jwe_enc_to_definition("A256CBC-HS512", - &jwe.jose.enc_alg)) - goto bail; - - n = lws_jwe_auth_and_decrypt_cbc_hs(&jwe, jwa_b3_rawkey, - jwa_b3_a, sizeof(jwa_b3_a)); - if (n < 0) { - lwsl_err("%s: lws_jwe_a_cbc_hs_decrypt failed\n", __func__); - - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < sizeof(jwa_b3_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT],jwa_b3_ptext, - sizeof(jwa_b3_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(jwa_b3_ptext, sizeof(jwa_b3_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -/* JWA C. Example ECDH-ES Key Agreement Computation - * - * This example uses ECDH-ES Key Agreement and the Concat KDF to derive - * the CEK in the manner described in Section 4.6. In this example, the - * ECDH-ES Direct Key Agreement mode ("alg" value "ECDH-ES") is used to - * produce an agreed-upon key for AES GCM with a 128-bit key ("enc" - * value "A128GCM"). - * - * In this example, a producer Alice is encrypting content to a consumer - * Bob. The producer (Alice) generates an ephemeral key for the key - * agreement computation. - * - * JWA Appendix C where this comes from ONLY goes as far as to confirm the - * direct derived key, it doesn't do any AES128-GCM. - */ - -static const char - -*ex_jwa_c_jose = - "{\"alg\":\"ECDH-ES\"," - "\"enc\":\"A128GCM\"," - "\"apu\":\"QWxpY2U\"," /* b64u("Alice") */ - "\"apv\":\"Qm9i\"," /* b64u("Bob") */ - "\"epk\":" /* public part of A's ephemeral key */ - "{\"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"gI0GAILBdu7T53akrFmMyGcsF3n5dO7MmwNBHKW5SV0\"," - "\"y\":\"SLW_xSffzlPWrHEVI30DHM_4egVwt3NQqeUD7nMFpps\"" - "}" - "}" -; - -static uint8_t -ex_jwa_c_z[] = { - 158, 86, 217, 29, 129, 113, 53, 211, - 114, 131, 66, 131, 191, 132, 38, 156, - 251, 49, 110, 163, 218, 128, 106, 72, - 246, 218, 167, 121, 140, 254, 144, 196 -}, -ex_jwa_c_derived_key[] = { - 86, 170, 141, 234, 248, 35, 109, 32, - 92, 34, 40, 205, 113, 167, 16, 26 -}; - - -static int -test_jwa_c(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[2048], *p; - int ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - /* - * again the JWA Appendix C test vectors are not in the form of a - * complete JWE, but just the JWE JOSE header, so we must fake up the - * pieces and perform just the (normally internal) key agreement step - * for this test. - * - * See test_jwe_a3 above for a more normal usage pattern. - */ - - if (lws_jwe_parse_jose(&jwe.jose, ex_jwa_c_jose, strlen(ex_jwa_c_jose), - temp, &temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - /* - * The ephemeral key has been parsed into a jwk "jwe.jose.jwk_ephemeral" - * - * In this example, the ECDH-ES Direct Key Agreement mode ("alg" value - * "ECDH-ES") is used to produce an agreed-upon key for AES GCM with a - * 128-bit key ("enc" value "A128GCM"). - */ - - p = lws_concat_temp(temp, temp_len); - - if (lws_jwa_concat_kdf(&jwe, 1, (uint8_t *)p, - ex_jwa_c_z, sizeof(ex_jwa_c_z))) { - lwsl_err("%s: lws_jwa_concat_kdf failed\n", __func__); - - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (lws_timingsafe_bcmp(p, ex_jwa_c_derived_key, - sizeof(ex_jwa_c_derived_key))) { - lwsl_err("%s: ECDH-ES direct derived key wrong\n", __func__); - lwsl_hexdump_notice(ex_jwa_c_derived_key, - sizeof(ex_jwa_c_derived_key)); - lwsl_hexdump_notice(p, sizeof(ex_jwa_c_derived_key)); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - -/* - * ECDH-ES Homebrew Encryption test - */ - -static const char - - /* peer key */ - -*ecdhes_t1_peer_p256_public_key = /* as below but with d removed */ - "{" - "\"crv\":\"P-256\"," - "\"kty\":\"EC\"," - "\"x\":\"ySlIGttmXG80WPjDO01QaXg7oAzW3NE-a-GF0NDGk_E\"," - "\"y\":\"i08k5z4ppqgtnLK8lh5qw4qp2FhxPdGjovgilajluuw\"" - "}", - -*ecdhes_t1_peer_p256_private_key = /* created by ./lws-crypto-jwk -t EC */ - "{" - "\"crv\":\"P-256\"," - "\"d\":\"ldszv0_cGFMkjxaPspGCP6X0NAaVCVeK48oH4RzT2T0\"," - "\"kty\":\"EC\"," - "\"x\":\"ySlIGttmXG80WPjDO01QaXg7oAzW3NE-a-GF0NDGk_E\"," - "\"y\":\"i08k5z4ppqgtnLK8lh5qw4qp2FhxPdGjovgilajluuw\"" - "}", - -*ecdhes_t1_peer_p384_public_key = /* as below but with d removed */ - "{\"crv\":\"P-384\"," - "\"kty\":\"EC\"," - "\"x\":\"injKcygDoG1AuP044ct88r_2DNinHr1CGqy4q2Sy5yo034Y" - "7yQ5_NT-lEUXrzlIW\"," - "\"y\":\"y52QaJLhVm-ts8xa1jL8GkmwGm_dX6xV1PSq4s3pbwx2Hu9" - "X29z5WYcTPFOCPtwJ\"}", - -*ecdhes_t1_peer_p384_private_key = /* created by ./lws-crypto-jwk -t EC -v "P-384" */ - "{\"crv\":\"P-384\"," - "\"d\":\"jYGze6ZwZxrflVx_I2lYWNf9GkfbeQNRwQCdtZhBlb85lk-" - "SAvaZuNiRUs_eWmPQ\"," - "\"kty\":\"EC\"," - "\"x\":\"injKcygDoG1AuP044ct88r_2DNinHr1CGqy4q2Sy5yo034Y" - "7yQ5_NT-lEUXrzlIW\"," - "\"y\":\"y52QaJLhVm-ts8xa1jL8GkmwGm_dX6xV1PSq4s3pbwx2Hu9" - "X29z5WYcTPFOCPtwJ\"}", - - *ecdhes_t1_peer_p521_public_key = /* as below but with d removed */ - "{\"crv\":\"P-521\"," - "\"kty\":\"EC\"," - "\"x\":\"AYe0gAkPzzjeQW5Ek9tVrWdfi0u6k7LVUru-b2x7V9EM3d" - "L4SbQiS1p2j2gmZ2a6aDoKDRU_2E4u9EQrlswlty-g\"," - "\"y\":\"AEAIIRkVL0WhtDlDSM7dciBtL1dOo5UPiW7ixIOv5K75Mo" - "uFNWO7cFmcxaCOn9459ex0giVyptmX_956C_DWabG6\"}", - -*ecdhes_t1_peer_p521_private_key = /* created by ./lws-crypto-jwk -t EC -v "P-521" */ - "{\"crv\":\"P-521\"," - "\"d\":\"AUer7_-qJtQtDWN6CMeGB20rzTa648kpsfidTOu3lnn6__" - "yOXkMj1yTYUBjVOnUjGHiTU1rCGsw4CyF-1nDRe7SM\"," - "\"kty\":\"EC\"," - "\"x\":\"AYe0gAkPzzjeQW5Ek9tVrWdfi0u6k7LVUru-b2x7V9EM3d" - "L4SbQiS1p2j2gmZ2a6aDoKDRU_2E4u9EQrlswlty-g\"," - "\"y\":\"AEAIIRkVL0WhtDlDSM7dciBtL1dOo5UPiW7ixIOv5K75Mo" - "uFNWO7cFmcxaCOn9459ex0giVyptmX_956C_DWabG6\"}", - -*ecdhes_t1_jose_hdr_es_128 = - "{\"alg\":\"ECDH-ES\",\"enc\":\"A128CBC-HS256\"}", - -*ecdhes_t1_jose_hdr_es_192 = - "{\"alg\":\"ECDH-ES\",\"enc\":\"A192CBC-HS384\"}", - -*ecdhes_t1_jose_hdr_es_256 = - "{\"alg\":\"ECDH-ES\",\"enc\":\"A256CBC-HS512\"}", - -*ecdhes_t1_jose_hdr_esakw128_128 = - "{\"alg\":\"ECDH-ES+A128KW\",\"enc\":\"A128CBC-HS256\"}", - -*ecdhes_t1_jose_hdr_esakw192_192 = - "{\"alg\":\"ECDH-ES+A192KW\",\"enc\":\"A192CBC-HS384\"}", - -*ecdhes_t1_jose_hdr_esakw256_256 = - "{\"alg\":\"ECDH-ES+A256KW\",\"enc\":\"A256CBC-HS512\"}", - -*ecdhes_t1_plaintext = - "This test plaintext is exactly 64 bytes long when unencrypted..." -; - -static int -test_ecdhes_t1(struct lws_context *context, const char *jose_hdr, - const char *peer_pubkey, const char *peer_privkey) -{ - char temp[3072], compact[2048]; - int n, ret = -1, temp_len = sizeof(temp); - struct lws_jwe jwe; - - lws_jwe_init(&jwe, context); - - /* read and interpret our canned JOSE header, setting the algorithm */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWS_JOSE, - lws_concat_temp(temp, temp_len), &temp_len, - jose_hdr, strlen(jose_hdr), 0)) - goto bail; - - if (lws_jwe_parse_jose(&jwe.jose, jose_hdr, strlen(jose_hdr), - temp, &temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - /* for ecdh-es encryption, we need the peer's pubkey */ - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)peer_pubkey, - strlen((char *)peer_pubkey)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* - * dup the plaintext into the ciphertext element, it will be - * encrypted in-place to a ciphertext of the same length - */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - ecdhes_t1_plaintext, - strlen(ecdhes_t1_plaintext), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* - * perform the actual encryption - */ - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - - /* - * format for output - */ - - n = lws_jwe_render_flattened(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", - __func__, n); - goto bail; - } - - // puts(compact); - - n = lws_jwe_render_compact(&jwe, compact, sizeof(compact)); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", - __func__, n); - goto bail; - } - - // puts(compact); - - /* okay, let's try to decrypt the whole thing, as the recipient - * getting the compact. jws->jwk needs to be our private key. */ - - lws_jwe_destroy(&jwe); - temp_len = sizeof(temp); - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, (char *)peer_privkey, - strlen((char *)peer_privkey)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode(compact, strlen(compact), &jwe.jws.map, - &jwe.jws.map_b64, temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: %s selftest failed +++++++++++++++++++\n", - __func__, jose_hdr); - else - lwsl_notice("%s: %s selftest OK\n", __func__, jose_hdr); - - return ret; -} - -/* AES Key Wrap and AES_XXX_CBC_HMAC_SHA_YYY variations - * - * These were created by, eg - * - * echo -n "plaintext0123456" | \ - * ./lws-crypto-jwe -e "A192KW A256CBC-HS512" -k aes192.key - */ - -/* "Live long and prosper." */ -static const char - *akw_ptext = "plaintext0123456", - *akw_ct_128_128 = "eyJhbGciOiJBMTI4S1ciLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.zbTfhhWePf1UrCRDxJD_-8eAQr2AoWAL51_nNOv0L4nV3P0e4_9ARA.qWehIhy4j4_gh_h5MF9ZEw.GD40YH6NeNOEkhhxC9ryZA.PEuU6V3rhYXeoxENrAzDgw", - *akw_ct_128_192 = "eyJhbGciOiJBMTI4S1ciLCAiZW5jIjoiQTE5MkNCQy1IUzM4NCJ9.zpkr45xH_kSJ5eTBv5dGo5PN_A6YdC4JoJSOw3_VTqcOeAYyCkCAXeGWugqIVLzMzBKgtXdabO8.O28MVhkgfketu5sxQK4Ffw.j25N7luxh251kQwpAoYURQ.Pm_NOj0KZzUq2fV9ARpHxT3Iach9feLK", - *akw_ct_128_256 = "eyJhbGciOiJBMTI4S1ciLCAiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.VvFmi121jliyh_UKzsBv7HR3TVY7-yALpcdlasHqdzmfISd8LFU5oc2fEhfn3_TKfCbgRycm5M3103NEMbVSiNULZWvJAPFe.7uLHGFO1g-PgD9YkjPbvoA.AlPwQPWSqGaB_em4qEEyjw.0LgTLld5pSffZnzGG6IRWEwXg7HhClmwP4m_p1yKnHw", - *akw_ct_192_128 = "eyJhbGciOiJBMTkyS1ciLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.kxlmi-xn0JN-ZlnSfkVDP-fXvricJ-L63WP2bWddWEiVK4m-os2trw.iarAWaeV873kh5s7HjoZ4Q.nFHEpnnIxvbCiYfFfsLj7Q.karz-h-R93dJgwN_YZyPmw", - *akw_ct_192_192 = "eyJhbGciOiJBMTkyS1ciLCAiZW5jIjoiQTE5MkNCQy1IUzM4NCJ9.D869MEk-JERZU_4MgFuL_6Pg24LUEbXlTvGj-t_JUnNFsJ0p8fk5L-iOATqPmx2g7AyVWgcUqU0.RrxzDsy6Bne1pzx99PBGsA.C-ZWmMwd1uswYkvhKX2_jg.bIFY0TmGuohI2APxDZyFUYpa6s1Mx2j1", - *akw_ct_192_256 = "eyJhbGciOiJBMTkyS1ciLCAiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.XNOBw0Dy1paAX2_XGkZYm2Zm455i8InAVMqM3aOrVDpXYBAADuZ_Ke_dlo3Fc8J5b9m_KNCUtVUU8f3KV0sY-yESsqyZTSXk.n3wEIV1-tL50JAp4H19Y1w.ODPd-oxmpCai9CzqaO0P3Q.b9z08hJTySSVSOw-4qp5lrTEcUur46L-RRB-SEcqPpk", - *akw_ct_256_128 = "eyJhbGciOiJBMjU2S1ciLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.THaIbHUOHkr7McMeiQqIO_gBcm61F0BKx79JXkzQVVSF7m0u7Z6uhA.RAU8Yx_a9rbWeqr_0YyLZA.zzfdv55bM-qblTxaR5pNzQ.cySMIOTOcEoFkcVn0D6RKQ", - *akw_ct_256_192 = "eyJhbGciOiJBMjU2S1ciLCAiZW5jIjoiQTE5MkNCQy1IUzM4NCJ9.gFcfX6fVrpmDJWN5jPqSWEvpOOoNuV4Yn2KO47p1wGsdw5qIw3r5AO5U8zOEtoGNVX68IC8vkpo.9w3tBsve4e-77lI-S9cFog.Vj3L009JDipPJlHY0tS4Iw.WYGgCedW4SmxleDF3P6Hx26BUXxnizxl", - *akw_ct_256_256 = "eyJhbGciOiJBMjU2S1ciLCAiZW5jIjoiQTI1NkNCQy1IUzUxMiJ9.ldhqlMf2LJrZ7EDl-oZvaqi0b_KPGy4cMRx2QDpKtTg92tTSWF7ALVHPPCyT4qccIybP4rygajKfdC_Q_UE16KFyUvXhBgaj.S9OCmKpY0zDkArLF5XsrJw.zvJ1X-zuHsrwLXGJJbglPA.WaRKb7Le2ZQ30pGQAV3sfp-YY1563KXxPURHQ8ntdPc", - *akw_key_128 = "{\"k\":\"JjVJVh8JsXvKf9qgHHWWBA\",\"kty\":\"oct\"}", - *akw_key_192 = "{\"k\":\"BYF6urCMDRMKFXXRxXrDSVtW71AUZghj\",\"kty\":\"oct\"}", - *akw_key_256 = "{\"k\":\"cSHyZXGEfnlgKud21cM6tAxRyXnK6xbWRTsyLUegTMk\",\"kty\":\"oct\"}" -; - -static int -test_akw_decrypt(struct lws_context *context, const char *test_name, - const char *ciphertext, const char *key) -{ - struct lws_jwe jwe; - char temp[2048]; - int n, ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, key, strlen(key)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - /* converts a compact serialization to jws b64 + decoded maps */ - if (lws_jws_compact_decode(ciphertext, strlen(ciphertext), - &jwe.jws.map, &jwe.jws.map_b64, - temp, &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", __func__); - goto bail; - } - - n = lws_jwe_auth_and_decrypt(&jwe, lws_concat_temp(temp, temp_len), &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail; - } - - /* allowing for trailing padding, confirm the plaintext */ - if (jwe.jws.map.len[LJWE_CTXT] < strlen(akw_ptext) || - lws_timingsafe_bcmp(jwe.jws.map.buf[LJWE_CTXT], akw_ptext, - strlen(akw_ptext))) { - lwsl_err("%s: plaintext AES decrypt wrong\n", __func__); - lwsl_hexdump_notice(akw_ptext, strlen(akw_ptext)); - lwsl_hexdump_notice(jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]); - goto bail; - } - - ret = 0; - -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest %s failed +++++++++++++++++++\n", - __func__, test_name); - else - lwsl_notice("%s: selftest %s OK\n", __func__, test_name); - - return ret; -} - -static int -test_akw_encrypt(struct lws_context *context, const char *test_name, - const char *alg, const char *enc, const char *ciphertext, - const char *key, char *compact, int compact_len) -{ - struct lws_jwe jwe; - char temp[4096]; - int ret = -1, n, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwk_import(&jwe.jwk, NULL, NULL, key, strlen(key)) < 0) { - lwsl_notice("%s: Failed to decode JWK test key\n", __func__); - goto bail; - } - - if (lws_gencrypto_jwe_alg_to_definition(alg, &jwe.jose.alg)) { - lwsl_err("Unknown cipher alg %s\n", alg); - goto bail; - } - if (lws_gencrypto_jwe_enc_to_definition(enc, &jwe.jose.enc_alg)) { - lwsl_err("Unknown payload enc alg %s\n", enc); - goto bail; - } - - /* we require a JOSE-formatted header to do the encryption */ - - jwe.jws.map.buf[LJWS_JOSE] = temp; - jwe.jws.map.len[LJWS_JOSE] = lws_snprintf(temp, temp_len, - "{\"alg\":\"%s\", \"enc\":\"%s\"}", alg, enc); - temp_len -= jwe.jws.map.len[LJWS_JOSE]; - - /* - * dup the plaintext into the ciphertext element, it will be - * encrypted in-place to a ciphertext of the same length - */ - - if (lws_jws_dup_element(&jwe.jws.map, LJWE_CTXT, - lws_concat_temp(temp, temp_len), &temp_len, - akw_ptext, strlen(akw_ptext), 0)) { - lwsl_notice("%s: Not enough temp space for ptext\n", __func__); - goto bail; - } - - /* CEK size is determined by hash / hmac size */ - - n = lws_gencrypto_bits_to_bytes(jwe.jose.enc_alg->keybits_fixed); - if (lws_jws_randomize_element(context, &jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), - &temp_len, n, - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_err("Problem getting random\n"); - goto bail; - } - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail; - } - - n = lws_jwe_render_compact(&jwe, compact, compact_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_render_compact failed: %d\n", - __func__, n); - goto bail; - } - - ret = 0; -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest %s failed +++++++++++++++++++\n", - __func__, test_name); - else - lwsl_notice("%s: selftest %s OK\n", __func__, test_name); - - return ret; -} - -/* - * Check we can handle multi-recipient JWE - */ - -static char *complete = - "{" - "\"protected\":" - "\"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2In0\"," - "\"unprotected\":" - "{\"jku\":\"https://server.example.com/keys.jwks\"}," - "\"recipients\":[" - - "{\"header\":" - "{\"alg\":\"RSA1_5\",\"kid\":\"2011-04-29\"}," - "\"encrypted_key\":" - "\"UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0-" - "kFm1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ__deLKx" - "GHZ7PcHALUzoOegEI-8E66jX2E4zyJKx-YxzZIItRzC5hlRirb6Y5Cl_p-ko3" - "YvkkysZIFNPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPh" - "cCdZ6XDP0_F8rkXds2vE4X-ncOIM8hAYHHi29NX0mcKiRaD0-D-ljQTP-cFPg" - "wCp6X-nZZd9OHBv-B3oWh2TbqmScqXMR4gp_A\"}," - - "{\"header\":" - "{\"alg\":\"A128KW\",\"kid\":\"7\"}," - "\"encrypted_key\":" - "\"6KB707dM9YTIgHtLvtgWQ8mKwboJW3of9locizkDTHzBC2IlrT1oOQ\"}]," - - "\"iv\":" - "\"AxY8DCtDaGlsbGljb3RoZQ\"," - "\"ciphertext\":" - "\"KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY\"," - "\"tag\":" - "\"Mz-VPPyU4RlcuYv1IwIvzw\"" - "}\"" -; - -static int -test_jwe_json_complete(struct lws_context *context) -{ - struct lws_jwe jwe; - char temp[4096]; - int ret = -1, temp_len = sizeof(temp); - - lws_jwe_init(&jwe, context); - - if (lws_jwe_parse_jose(&jwe.jose, complete, strlen(complete), - temp, &temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - - goto bail; - } - - if (jwe.jose.recipients != 2) { - lwsl_err("%s: wrong recipients count %d\n", __func__, - jwe.jose.recipients); - goto bail; - } - - ret = 0; -bail: - lws_jwe_destroy(&jwe); - if (ret) - lwsl_err("%s: selftest failed +++++++++++++++++++\n", - __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - -int -test_jwe(struct lws_context *context) -{ - char compact[4096]; - int n = 0; - - n |= test_jwe_json_complete(context); - - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_128, - ecdhes_t1_peer_p256_public_key, - ecdhes_t1_peer_p256_private_key); - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_192, - ecdhes_t1_peer_p384_public_key, - ecdhes_t1_peer_p384_private_key); - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_es_256, - ecdhes_t1_peer_p521_public_key, - ecdhes_t1_peer_p521_private_key); - - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw128_128, - ecdhes_t1_peer_p256_public_key, - ecdhes_t1_peer_p256_private_key); - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw192_192, - ecdhes_t1_peer_p384_public_key, - ecdhes_t1_peer_p384_private_key); - n |= test_ecdhes_t1(context, ecdhes_t1_jose_hdr_esakw256_256, - ecdhes_t1_peer_p521_public_key, - ecdhes_t1_peer_p521_private_key); - - n |= test_jwe_a1(context); - - n |= test_jwe_a2(context); - - n |= test_jwe_ra_ptext_1024(context, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)); - n |= test_jwe_r256a192_ptext(context, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)); - n |= test_jwe_r256a256_ptext(context, (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)); - n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_2048, - strlen((char *)rsa_key_2048)); - n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_2048, - strlen((char *)rsa_key_2048)); - n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_2048, - strlen((char *)rsa_key_2048)); - n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_4096, - strlen((char *)rsa_key_4096)); - n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_4096, - strlen((char *)rsa_key_4096)); - n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_4096, - strlen((char *)rsa_key_4096)); - n |= test_jwe_ra_ptext_1024(context, (char *)rsa_key_4096_no_optional, - strlen((char *)rsa_key_4096_no_optional)); - n |= test_jwe_r256a192_ptext(context, (char *)rsa_key_4096_no_optional, - strlen((char *)rsa_key_4096_no_optional)); - n |= test_jwe_r256a256_ptext(context, (char *)rsa_key_4096_no_optional, - strlen((char *)rsa_key_4096_no_optional)); - - /* AESKW decrypt all variations */ - - n |= test_akw_decrypt(context, "d-a128kw_128", akw_ct_128_128, akw_key_128); - n |= test_akw_decrypt(context, "d-a128kw_192", akw_ct_128_192, akw_key_128); - n |= test_akw_decrypt(context, "d-a128kw_256", akw_ct_128_256, akw_key_128); - n |= test_akw_decrypt(context, "d-a192kw_128", akw_ct_192_128, akw_key_192); - n |= test_akw_decrypt(context, "d-a192kw_192", akw_ct_192_192, akw_key_192); - n |= test_akw_decrypt(context, "d-a192kw_256", akw_ct_192_256, akw_key_192); - n |= test_akw_decrypt(context, "d-a256kw_128", akw_ct_256_128, akw_key_256); - n |= test_akw_decrypt(context, "d-a256kw_192", akw_ct_256_192, akw_key_256); - n |= test_akw_decrypt(context, "d-a256kw_256", akw_ct_256_256, akw_key_256); - - /* AESKW encrypt then confirm decrypt */ - - if (!test_akw_encrypt(context, "ed-128kw_128", "A128KW", "A128CBC-HS256", - akw_ptext, akw_key_128, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-128kw_128", compact, akw_key_128); - else - n = -1; - if (!test_akw_encrypt(context, "ed-128kw_192", "A128KW", "A192CBC-HS384", - akw_ptext, akw_key_128, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-128kw_192", compact, akw_key_128); - else - n = -1; - if (!test_akw_encrypt(context, "ed-128kw_256", "A128KW", "A256CBC-HS512", - akw_ptext, akw_key_128, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-128kw_256", compact, akw_key_128); - else - n = -1; - - if (!test_akw_encrypt(context, "ed-192kw_128", "A192KW", "A128CBC-HS256", - akw_ptext, akw_key_192, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-192kw_128", compact, akw_key_192); - else - n = -1; - if (!test_akw_encrypt(context, "ed-192kw_192", "A192KW", "A192CBC-HS384", - akw_ptext, akw_key_192, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-192kw_192", compact, akw_key_192); - else - n = -1; - if (!test_akw_encrypt(context, "ed-192kw_256", "A192KW", "A256CBC-HS512", - akw_ptext, akw_key_192, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-192kw_256", compact, akw_key_192); - else - n = -1; - - if (!test_akw_encrypt(context, "ed-256kw_128", "A256KW", "A128CBC-HS256", - akw_ptext, akw_key_256, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-256kw_128", compact, akw_key_256); - else - n = -1; - if (!test_akw_encrypt(context, "ed-256kw_192", "A256KW", "A192CBC-HS384", - akw_ptext, akw_key_256, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-256kw_192", compact, akw_key_256); - else - n = -1; - if (!test_akw_encrypt(context, "ed-256kw_256", "A256KW", "A256CBC-HS512", - akw_ptext, akw_key_256, compact, sizeof(compact))) - n |= test_akw_decrypt(context, "ed-256kw_256", compact, akw_key_256); - else - n = -1; - - n |= test_jwe_r256a128_jwe_openssl(context); - n |= test_jwe_r256a128_jwe_mbedtls(context); - n |= test_jwe_a3(context); - n |= test_jwa_b2(context); - n |= test_jwa_b3(context); - n |= test_jwa_c(context); - - return n; -} diff --git a/minimal-examples/api-tests/api-test-jose/jwk.c b/minimal-examples/api-tests/api-test-jose/jwk.c deleted file mode 100644 index 2f88ff5..0000000 --- a/minimal-examples/api-tests/api-test-jose/jwk.c +++ /dev/null @@ -1,350 +0,0 @@ -/* - * lws-api-test-jose - RFC7517 jwk tests - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -static -uint8_t *lws_jwe_ex_a1_jwk_json = (uint8_t *) /* EC + RSA public keys */ - "{\"keys\":" - "[" - "{\"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\"," - "\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\"," - "\"use\":\"enc\"," - "\"kid\":\"1\"}," - - "{\"kty\":\"RSA\"," - "\"n\": \"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx" - "4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMs" - "tn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2" - "QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbI" - "SD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqb" - "w0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\"," - "\"e\":\"AQAB\"," - "\"alg\":\"RS256\"," - "\"kid\":\"2011-04-29\"}" - "]" - "}", - -*lws_jwe_ex_a2_jwk_json = (uint8_t *) /* EC + RSA private keys */ - "{\"keys\":" - "[" - "{\"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4\"," - "\"y\":\"4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM\"," - "\"d\":\"870MB6gfuTJ4HtUnUvYMyJpr5eUZNP4Bk43bVdj3eAE\"," - "\"use\":\"enc\"," - "\"kid\":\"1\"}," - - "{\"kty\":\"RSA\"," - "\"n\":\"0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4" - "cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMst" - "n64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2Q" - "vzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbIS" - "D08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw" - "0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw\"," - "\"e\":\"AQAB\"," - "\"d\":\"X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9" - "M7dx5oo7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij" - "wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMwFs9tv8d" - "_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4sbg1U2jx4IBTNBz" - "nbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2WBii3RL-Us2lGVkY8fkFz" - "me1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q\"," - "\"p\":\"83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPV" - "nwD20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuVIYQyqV" - "WlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs\"," - "\"q\":\"3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyum" - "qjVZQO1dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgx" - "kIdrecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk\"," - "\"dp\":\"G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oim" - "YwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_Nmtu" - "YZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0\"," - "\"dq\":\"s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUU" - "vMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9" - "GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk\"," - "\"qi\":\"GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzg" - "UIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rx" - "yR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU\"," - "\"alg\":\"RS256\"," - "\"kid\":\"2011-04-29\"}" - "]" - "}", -*lws_jwe_ex_a3_jwk_json = (uint8_t *) /* oct symmetric keys */ - "{\"keys\":" - "[" - "{\"kty\":\"oct\"," - "\"alg\":\"A128KW\"," - "\"k\":\"GawgguFyGrWKav7AX4VKUg\"}," - - "{\"kty\":\"oct\"," - "\"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" - "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\"," - "\"kid\":\"HMAC key used in JWS spec Appendix A.1 example\"}" - "]" - "}", - -*lws_jwe_ex_b_jwk_json = (uint8_t *) /* x5c example (no parent JSON) */ - "{\"kty\":\"RSA\"," - "\"use\":\"sig\"," - "\"kid\":\"1b94c\"," - "\"n\":\"vrjOfz9Ccdgx5nQudyhdoR17V-IubWMeOZCwX_jj0hgAsz2J_pqYW08" - "PLbK_PdiVGKPrqzmDIsLI7sA25VEnHU1uCLNwBuUiCO11_-7dYbsr4iJmG0Q" - "u2j8DsVyT1azpJC_NG84Ty5KKthuCaPod7iI7w0LK9orSMhBEwwZDCxTWq4a" - "YWAchc8t-emd9qOvWtVMDC2BXksRngh6X5bUYLy6AyHKvj-nUy1wgzjYQDwH" - "MTplCoLtU-o-8SNnZ1tmRoGE9uJkBLdh5gFENabWnU5m1ZqZPdwS-qo-meMv" - "VfJb6jJVWRpl2SUtCnYG2C32qvbWbjZ_jBPD5eunqsIo1vQ\"," - "\"e\":\"AQAB\"," - "\"x5c\":" - "[\"MIIDQjCCAiqgAwIBAgIGATz/FuLiMA0GCSqGSIb3DQEBBQUAMGIxCzAJB" - "gNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYD" - "VQQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1" - "wYmVsbDAeFw0xMzAyMjEyMzI5MTVaFw0xODA4MTQyMjI5MTVaMGIxCzAJBg" - "NVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGRGVudmVyMRwwGgYDV" - "QQKExNQaW5nIElkZW50aXR5IENvcnAuMRcwFQYDVQQDEw5CcmlhbiBDYW1w" - "YmVsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL64zn8/QnH" - "YMeZ0LncoXaEde1fiLm1jHjmQsF/449IYALM9if6amFtPDy2yvz3YlRij66" - "s5gyLCyO7ANuVRJx1NbgizcAblIgjtdf/u3WG7K+IiZhtELto/A7Fck9Ws6" - "SQvzRvOE8uSirYbgmj6He4iO8NCyvaK0jIQRMMGQwsU1quGmFgHIXPLfnpn" - "fajr1rVTAwtgV5LEZ4Iel+W1GC8ugMhyr4/p1MtcIM42EA8BzE6ZQqC7VPq" - "PvEjZ2dbZkaBhPbiZAS3YeYBRDWm1p1OZtWamT3cEvqqPpnjL1XyW+oyVVk" - "aZdklLQp2Btgt9qr21m42f4wTw+Xrp6rCKNb0CAwEAATANBgkqhkiG9w0BA" - "QUFAAOCAQEAh8zGlfSlcI0o3rYDPBB07aXNswb4ECNIKG0CETTUxmXl9KUL" - "+9gGlqCz5iWLOgWsnrcKcY0vXPG9J1r9AqBNTqNgHq2G03X09266X5CpOe1" - "zFo+Owb1zxtp3PehFdfQJ610CDLEaS9V9Rqp17hCyybEpOGVwe8fnk+fbEL" - "2Bo3UPGrpsHzUoaGpDftmWssZkhpBJKVMJyf/RuP2SmmaIzmnw9JiSlYhzo" - "4tpzd5rFXhjRbg4zW9C+2qok+2+qDM1iJ684gPHMIY8aLWrdgQTxkumGmTq" - "gawR+N5MDtdPTEQ0XfIBc2cJEUyMTY5MPvACWpkA6SdS4xSvdXK3IVfOWA==\"]" - "}", -*lws_jwe_ex_c1_jwk_json = (uint8_t *) /* RSA enc private key (no parent JSON) */ - "{" - "\"kty\":\"RSA\"," - "\"kid\":\"juliet@capulet.lit\"," - "\"use\":\"enc\"," - "\"n\":\"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy" - "O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP" - "8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0" - "Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X" - "OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1" - "_I8sLGuSiVdt3C_Fn2PZ3Z8i744FPFGGcG1qs2Wz-Q\"," - "\"e\":\"AQAB\"," - "\"d\":\"GRtbIQmhOZtyszfgKdg4u_N-R_mZGU_9k7JQ_jn1DnfTuMdSNprTeaSTyWfS" - "NkuaAwnOEbIQVy1IQbWVV25NY3ybc_IhUJtfri7bAXYEReWaCl3hdlPKXy9U" - "vqPYGR0kIXTQRqns-dVJ7jahlI7LyckrpTmrM8dWBo4_PMaenNnPiQgO0xnu" - "ToxutRZJfJvG4Ox4ka3GORQd9CsCZ2vsUDmsXOfUENOyMqADC6p1M3h33tsu" - "rY15k9qMSpG9OX_IJAXmxzAh_tWiZOwk2K4yxH9tS3Lq1yX8C1EWmeRDkK2a" - "hecG85-oLKQt5VEpWHKmjOi_gJSdSgqcN96X52esAQ\"," - "\"p\":\"2rnSOV4hKSN8sS4CgcQHFbs08XboFDqKum3sc4h3GRxrTmQdl1ZK9uw-PIHf" - "QP0FkxXVrx-WE-ZEbrqivH_2iCLUS7wAl6XvARt1KkIaUxPPSYB9yk31s0Q8" - "UK96E3_OrADAYtAJs-M3JxCLfNgqh56HDnETTQhH3rCT5T3yJws\"," - "\"q\":\"1u_RiFDP7LBYh3N4GXLT9OpSKYP0uQZyiaZwBtOCBNJgQxaj10RWjsZu0c6I" - "edis4S7B_coSKB0Kj9PaPaBzg-IySRvvcQuPamQu66riMhjVtG6TlV8CLCYK" - "rYl52ziqK0E_ym2QnkwsUX7eYTB7LbAHRK9GqocDE5B0f808I4s\"," - "\"dp\":\"KkMTWqBUefVwZ2_Dbj1pPQqyHSHjj90L5x_MOzqYAJMcLMZtbUtwKqvVDq3" - "tbEo3ZIcohbDtt6SbfmWzggabpQxNxuBpoOOf_a_HgMXK_lhqigI4y_kqS1w" - "Y52IwjUn5rgRrJ-yYo1h41KR-vz2pYhEAeYrhttWtxVqLCRViD6c\"," - "\"dq\":\"AvfS0-gRxvn0bwJoMSnFxYcK1WnuEjQFluMGfwGitQBWtfZ1Er7t1xDkbN9" - "GQTB9yqpDoYaN06H7CFtrkxhJIBQaj6nkF5KKS3TQtQ5qCzkOkmxIe3KRbBy" - "mXxkb5qwUpX5ELD5xFc6FeiafWYY63TmmEAu_lRFCOJ3xDea-ots\"," - "\"qi\":\"lSQi-w9CpyUReMErP1RsBLk7wNtOvs5EQpPqmuMvqW57NBUczScEoPwmUqq" - "abu9V0-Py4dQ57_bapoKRu1R90bvuFnU63SHWEFglZQvJDMeAvmj4sm-Fp0o" - "Yu_neotgQ0hzbI5gry7ajdYy9-2lNx_76aBZoOUu9HCJ-UsfSOI8\"" - "}" /*, -lws_jwe_ex_c1_plaintext[] = { - 123, 34, 107, 116, 121, 34, 58, 34, 82, 83, 65, 34, 44, 34, 107, - 105, 100, 34, 58, 34, 106, 117, 108, 105, 101, 116, 64, 99, 97, 112, - 117, 108, 101, 116, 46, 108, 105, 116, 34, 44, 34, 117, 115, 101, 34, - 58, 34, 101, 110, 99, 34, 44, 34, 110, 34, 58, 34, 116, 54, 81, 56, - 80, 87, 83, 105, 49, 100, 107, 74, 106, 57, 104, 84, 80, 56, 104, 78, - 89, 70, 108, 118, 97, 100, 77, 55, 68, 102, 108, 87, 57, 109, 87, - 101, 112, 79, 74, 104, 74, 54, 54, 119, 55, 110, 121, 111, 75, 49, - 103, 80, 78, 113, 70, 77, 83, 81, 82, 121, 79, 49, 50, 53, 71, 112, - 45, 84, 69, 107, 111, 100, 104, 87, 114, 48, 105, 117, 106, 106, 72, - 86, 120, 55, 66, 99, 86, 48, 108, 108, 83, 52, 119, 53, 65, 67, 71, - 103, 80, 114, 99, 65, 100, 54, 90, 99, 83, 82, 48, 45, 73, 113, 111, - 109, 45, 81, 70, 99, 78, 80, 56, 83, 106, 103, 48, 56, 54, 77, 119, - 111, 113, 81, 85, 95, 76, 89, 121, 119, 108, 65, 71, 90, 50, 49, 87, - 83, 100, 83, 95, 80, 69, 82, 121, 71, 70, 105, 78, 110, 106, 51, 81, - 81, 108, 79, 56, 89, 110, 115, 53, 106, 67, 116, 76, 67, 82, 119, 76, - 72, 76, 48, 80, 98, 49, 102, 69, 118, 52, 53, 65, 117, 82, 73, 117, - 85, 102, 86, 99, 80, 121, 83, 66, 87, 89, 110, 68, 121, 71, 120, 118, - 106, 89, 71, 68, 83, 77, 45, 65, 113, 87, 83, 57, 122, 73, 81, 50, - 90, 105, 108, 103, 84, 45, 71, 113, 85, 109, 105, 112, 103, 48, 88, - 79, 67, 48, 67, 99, 50, 48, 114, 103, 76, 101, 50, 121, 109, 76, 72, - 106, 112, 72, 99, 105, 67, 75, 86, 65, 98, 89, 53, 45, 76, 51, 50, - 45, 108, 83, 101, 90, 79, 45, 79, 115, 54, 85, 49, 53, 95, 97, 88, - 114, 107, 57, 71, 119, 56, 99, 80, 85, 97, 88, 49, 95, 73, 56, 115, - 76, 71, 117, 83, 105, 86, 100, 116, 51, 67, 95, 70, 110, 50, 80, 90, - 51, 90, 56, 105, 55, 52, 52, 70, 80, 70, 71, 71, 99, 71, 49, 113, - 115, 50, 87, 122, 45, 81, 34, 44, 34, 101, 34, 58, 34, 65, 81, 65, - 66, 34, 44, 34, 100, 34, 58, 34, 71, 82, 116, 98, 73, 81, 109, 104, - 79, 90, 116, 121, 115, 122, 102, 103, 75, 100, 103, 52, 117, 95, 78, - 45, 82, 95, 109, 90, 71, 85, 95, 57, 107, 55, 74, 81, 95, 106, 110, - 49, 68, 110, 102, 84, 117, 77, 100, 83, 78, 112, 114, 84, 101, 97, - 83, 84, 121, 87, 102, 83, 78, 107, 117, 97, 65, 119, 110, 79, 69, 98, - 73, 81, 86, 121, 49, 73, 81, 98, 87, 86, 86, 50, 53, 78, 89, 51, 121, - 98, 99, 95, 73, 104, 85, 74, 116, 102, 114, 105, 55, 98, 65, 88, 89, - 69, 82, 101, 87, 97, 67, 108, 51, 104, 100, 108, 80, 75, 88, 121, 57, - 85, 118, 113, 80, 89, 71, 82, 48, 107, 73, 88, 84, 81, 82, 113, 110, - 115, 45, 100, 86, 74, 55, 106, 97, 104, 108, 73, 55, 76, 121, 99, - 107, 114, 112, 84, 109, 114, 77, 56, 100, 87, 66, 111, 52, 95, 80, - 77, 97, 101, 110, 78, 110, 80, 105, 81, 103, 79, 48, 120, 110, 117, - 84, 111, 120, 117, 116, 82, 90, 74, 102, 74, 118, 71, 52, 79, 120, - 52, 107, 97, 51, 71, 79, 82, 81, 100, 57, 67, 115, 67, 90, 50, 118, - 115, 85, 68, 109, 115, 88, 79, 102, 85, 69, 78, 79, 121, 77, 113, 65, - 68, 67, 54, 112, 49, 77, 51, 104, 51, 51, 116, 115, 117, 114, 89, 49, - 53, 107, 57, 113, 77, 83, 112, 71, 57, 79, 88, 95, 73, 74, 65, 88, - 109, 120, 122, 65, 104, 95, 116, 87, 105, 90, 79, 119, 107, 50, 75, - 52, 121, 120, 72, 57, 116, 83, 51, 76, 113, 49, 121, 88, 56, 67, 49, - 69, 87, 109, 101, 82, 68, 107, 75, 50, 97, 104, 101, 99, 71, 56, 53, - 45, 111, 76, 75, 81, 116, 53, 86, 69, 112, 87, 72, 75, 109, 106, 79, - 105, 95, 103, 74, 83, 100, 83, 103, 113, 99, 78, 57, 54, 88, 53, 50, - 101, 115, 65, 81, 34, 44, 34, 112, 34, 58, 34, 50, 114, 110, 83, 79, - 86, 52, 104, 75, 83, 78, 56, 115, 83, 52, 67, 103, 99, 81, 72, 70, - 98, 115, 48, 56, 88, 98, 111, 70, 68, 113, 75, 117, 109, 51, 115, 99, - 52, 104, 51, 71, 82, 120, 114, 84, 109, 81, 100, 108, 49, 90, 75, 57, - 117, 119, 45, 80, 73, 72, 102, 81, 80, 48, 70, 107, 120, 88, 86, 114, - 120, 45, 87, 69, 45, 90, 69, 98, 114, 113, 105, 118, 72, 95, 50, 105, - 67, 76, 85, 83, 55, 119, 65, 108, 54, 88, 118, 65, 82, 116, 49, 75, - 107, 73, 97, 85, 120, 80, 80, 83, 89, 66, 57, 121, 107, 51, 49, 115, - 48, 81, 56, 85, 75, 57, 54, 69, 51, 95, 79, 114, 65, 68, 65, 89, 116, - 65, 74, 115, 45, 77, 51, 74, 120, 67, 76, 102, 78, 103, 113, 104, 53, - 54, 72, 68, 110, 69, 84, 84, 81, 104, 72, 51, 114, 67, 84, 53, 84, - 51, 121, 74, 119, 115, 34, 44, 34, 113, 34, 58, 34, 49, 117, 95, 82, - 105, 70, 68, 80, 55, 76, 66, 89, 104, 51, 78, 52, 71, 88, 76, 84, 57, - 79, 112, 83, 75, 89, 80, 48, 117, 81, 90, 121, 105, 97, 90, 119, 66, - 116, 79, 67, 66, 78, 74, 103, 81, 120, 97, 106, 49, 48, 82, 87, 106, - 115, 90, 117, 48, 99, 54, 73, 101, 100, 105, 115, 52, 83, 55, 66, 95, - 99, 111, 83, 75, 66, 48, 75, 106, 57, 80, 97, 80, 97, 66, 122, 103, - 45, 73, 121, 83, 82, 118, 118, 99, 81, 117, 80, 97, 109, 81, 117, 54, - 54, 114, 105, 77, 104, 106, 86, 116, 71, 54, 84, 108, 86, 56, 67, 76, - 67, 89, 75, 114, 89, 108, 53, 50, 122, 105, 113, 75, 48, 69, 95, 121, - 109, 50, 81, 110, 107, 119, 115, 85, 88, 55, 101, 89, 84, 66, 55, 76, - 98, 65, 72, 82, 75, 57, 71, 113, 111, 99, 68, 69, 53, 66, 48, 102, - 56, 48, 56, 73, 52, 115, 34, 44, 34, 100, 112, 34, 58, 34, 75, 107, - 77, 84, 87, 113, 66, 85, 101, 102, 86, 119, 90, 50, 95, 68, 98, 106, - 49, 112, 80, 81, 113, 121, 72, 83, 72, 106, 106, 57, 48, 76, 53, 120, - 95, 77, 79, 122, 113, 89, 65, 74, 77, 99, 76, 77, 90, 116, 98, 85, - 116, 119, 75, 113, 118, 86, 68, 113, 51, 116, 98, 69, 111, 51, 90, - 73, 99, 111, 104, 98, 68, 116, 116, 54, 83, 98, 102, 109, 87, 122, - 103, 103, 97, 98, 112, 81, 120, 78, 120, 117, 66, 112, 111, 79, 79, - 102, 95, 97, 95, 72, 103, 77, 88, 75, 95, 108, 104, 113, 105, 103, - 73, 52, 121, 95, 107, 113, 83, 49, 119, 89, 53, 50, 73, 119, 106, 85, - 110, 53, 114, 103, 82, 114, 74, 45, 121, 89, 111, 49, 104, 52, 49, - 75, 82, 45, 118, 122, 50, 112, 89, 104, 69, 65, 101, 89, 114, 104, - 116, 116, 87, 116, 120, 86, 113, 76, 67, 82, 86, 105, 68, 54, 99, 34, - 44, 34, 100, 113, 34, 58, 34, 65, 118, 102, 83, 48, 45, 103, 82, 120, - 118, 110, 48, 98, 119, 74, 111, 77, 83, 110, 70, 120, 89, 99, 75, 49, - 87, 110, 117, 69, 106, 81, 70, 108, 117, 77, 71, 102, 119, 71, 105, - 116, 81, 66, 87, 116, 102, 90, 49, 69, 114, 55, 116, 49, 120, 68, - 107, 98, 78, 57, 71, 81, 84, 66, 57, 121, 113, 112, 68, 111, 89, 97, - 78, 48, 54, 72, 55, 67, 70, 116, 114, 107, 120, 104, 74, 73, 66, 81, - 97, 106, 54, 110, 107, 70, 53, 75, 75, 83, 51, 84, 81, 116, 81, 53, - 113, 67, 122, 107, 79, 107, 109, 120, 73, 101, 51, 75, 82, 98, 66, - 121, 109, 88, 120, 107, 98, 53, 113, 119, 85, 112, 88, 53, 69, 76, - 68, 53, 120, 70, 99, 54, 70, 101, 105, 97, 102, 87, 89, 89, 54, 51, - 84, 109, 109, 69, 65, 117, 95, 108, 82, 70, 67, 79, 74, 51, 120, 68, - 101, 97, 45, 111, 116, 115, 34, 44, 34, 113, 105, 34, 58, 34, 108, - 83, 81, 105, 45, 119, 57, 67, 112, 121, 85, 82, 101, 77, 69, 114, 80, - 49, 82, 115, 66, 76, 107, 55, 119, 78, 116, 79, 118, 115, 53, 69, 81, - 112, 80, 113, 109, 117, 77, 118, 113, 87, 53, 55, 78, 66, 85, 99, - 122, 83, 99, 69, 111, 80, 119, 109, 85, 113, 113, 97, 98, 117, 57, - 86, 48, 45, 80, 121, 52, 100, 81, 53, 55, 95, 98, 97, 112, 111, 75, - 82, 117, 49, 82, 57, 48, 98, 118, 117, 70, 110, 85, 54, 51, 83, 72, - 87, 69, 70, 103, 108, 90, 81, 118, 74, 68, 77, 101, 65, 118, 109, - 106, 52, 115, 109, 45, 70, 112, 48, 111, 89, 117, 95, 110, 101, 111, - 116, 103, 81, 48, 104, 122, 98, 73, 53, 103, 114, 121, 55, 97, 106, - 100, 89, 121, 57, 45, 50, 108, 78, 120, 95, 55, 54, 97, 66, 90, 111, - 79, 85, 117, 57, 72, 67, 74, 45, 85, 115, 102, 83, 79, 73, 56, 34, - 125 } */ -; - -static int -key_import_callback(struct lws_jwk *s, void *user) -{ - lwsl_notice("%s: key type %d\n", __func__, s->kty); - - return 0; -} - - -int -test_jwk(struct lws_context *context) -{ - struct lws_jwk jwk; - - /* Test 1: A.1: Example public keys */ - - if (lws_jwk_import(&jwk, key_import_callback, NULL, - (char *)lws_jwe_ex_a1_jwk_json, - strlen((char *)lws_jwe_ex_a1_jwk_json)) < 0) { - lwsl_notice("Failed to decode JWK test key\n"); - goto bail1; - } - - lws_jwk_destroy(&jwk); - - /* Test 1: A.2: Example private keys */ - - if (lws_jwk_import(&jwk, key_import_callback, NULL, - (char *)lws_jwe_ex_a2_jwk_json, - strlen((char *)lws_jwe_ex_a2_jwk_json)) < 0) { - lwsl_notice("Failed at A.2\n"); - goto bail1; - } - - lws_jwk_destroy(&jwk); - - /* Test 1: A.3: Example symmetric keys */ - - if (lws_jwk_import(&jwk, key_import_callback, NULL, - (char *)lws_jwe_ex_a3_jwk_json, - strlen((char *)lws_jwe_ex_a3_jwk_json)) < 0) { - lwsl_notice("Failed at A.3\n"); - goto bail1; - } - - lws_jwk_destroy(&jwk); - - /* Test 1: B: Example x509 cert chain (no parent JSON) */ - - if (lws_jwk_import(&jwk, NULL, NULL, (char *)lws_jwe_ex_b_jwk_json, - strlen((char *)lws_jwe_ex_b_jwk_json)) < 0) { - lwsl_notice("Failed at B\n"); - goto bail1; - } - - lws_jwk_destroy(&jwk); - - /* Test 1: C.1: Example private key (no parent JSON) */ - - if (lws_jwk_import(&jwk, NULL, NULL, - (char *)lws_jwe_ex_c1_jwk_json, - strlen((char *)lws_jwe_ex_c1_jwk_json)) < 0) { - lwsl_notice("Failed at B\n"); - goto bail1; - } - - lws_jwk_destroy(&jwk); - - /* end */ - - lwsl_notice("%s: selftest OK\n", __func__); - - return 0; - -//bail: -// lws_jwk_destroy(&jwk); -bail1: - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - - return 1; - -} diff --git a/minimal-examples/api-tests/api-test-jose/jws.c b/minimal-examples/api-tests/api-test-jose/jws.c deleted file mode 100644 index 8fc6ad5..0000000 --- a/minimal-examples/api-tests/api-test-jose/jws.c +++ /dev/null @@ -1,713 +0,0 @@ -/* - * lws-api-test-jose - RFC7515 jws tests - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -/* - * JSON Web Signature is defined in RFC7515 - * - * https://tools.ietf.org/html/rfc7515 - * - * It's basically a way to wrap some JSON with a JSON "header" describing the - * crypto, and a signature, all in a BASE64 wrapper with elided terminating '='. - * - * The signature stays with the content, it serves a different purpose than eg - * a TLS tunnel to transfer it. - * - */ - -/* for none, the compact serialization format is b64u(jose hdr).b64u(payload) */ - -static const char *none_cser = - "eyJhbGciOiJub25lIn0" - "." - "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ", - *none_jose = "{\"alg\":\"none\"}", - *none_payload = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}"; - -int -test_jws_none(struct lws_context *context) -{ - struct lws_jws_map map; - struct lws_jose jose; - char temp[2048]; - int n, temp_len = sizeof(temp), ret = -1; - - lws_jose_init(&jose); - - /* A.5 Unsecured JSON "none" RFC7515 worked example */ - - /* decode the b64.b64[.b64] compact serialization blocks */ - n = lws_jws_compact_decode(none_cser, strlen(none_cser), &map, NULL, - temp, &temp_len); - if (n != 2) { - lwsl_err("%s: concat_map failed\n", __func__); - goto bail; - } - - /* confirm the decoded JOSE header is exactly what we expect */ - if (strncmp(none_jose, map.buf[LJWS_JOSE], map.len[LJWS_JOSE])) { - lwsl_err("%s: jose b64 decode wrong\n", __func__); - goto bail; - } - - /* parse the JOSE header */ - if (lws_jws_parse_jose(&jose, map.buf[LJWS_JOSE], - map.len[LJWS_JOSE], - (char *)lws_concat_temp(temp, temp_len), - &temp_len) < 0 || !jose.alg) { - lwsl_err("%s: JOSE parse failed\n", __func__); - goto bail; - } - - /* confirm we used the "none" alg as expected from JOSE hdr */ - if (strcmp(jose.alg->alg, "none")) { - lwsl_err("%s: JOSE header has wrong alg\n", __func__); - goto bail; - } - - /* confirm the payload is literally what we expect */ - if (strncmp(none_payload, map.buf[LJWS_PYLD], - map.len[LJWS_PYLD])) { - lwsl_err("%s: payload b64 decode wrong\n", __func__); - goto bail; - } - - /* end */ - - ret = 0; - -bail: - lws_jose_destroy(&jose); - - if (ret) - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - else - lwsl_notice("%s: selftest OK\n", __func__); - - return ret; -} - - - -static const char - *test1 = "{\"typ\":\"JWT\",\r\n \"alg\":\"HS256\"}", - *test1_enc = "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9", - *test2 = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}", - *test2_enc = "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQ" - "ogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ", - *key_jwk = "{\"kty\":\"oct\",\r\n" - " \"k\":\"AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQ" - "Lr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow\"}", - *hash_enc = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk" -; - -int -test_jws_HS256(struct lws_context *context) -{ - char buf[2048], temp[256], *p = buf, *end = buf + sizeof(buf) - 1, *enc_ptr; - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_jws_map map; - int temp_len = sizeof(temp); - struct lws_genhmac_ctx ctx; - struct lws_jose jose; - struct lws_jwk jwk; - struct lws_jws jws; - int n; - - lws_jose_init(&jose); - lws_jws_init(&jws, &jwk, context); - - /* Test 1: SHA256 on RFC7515 worked example */ - - /* parse the JOSE header */ - - if (lws_jws_parse_jose(&jose, test1, strlen(test1), temp, &temp_len) < 0 || - !jose.alg) { - lwsl_err("%s: JOSE parse failed\n", __func__); - goto bail; - } - - /* confirm we used the "none" alg as expected from JOSE hdr */ - if (strcmp(jose.alg->alg, "HS256")) { - lwsl_err("%s: JOSE header has wrong alg\n", __func__); - goto bail; - } - - /* 1.1: import the JWK oct key */ - - if (lws_jwk_import(&jwk, NULL, NULL, key_jwk, strlen(key_jwk)) < 0) { - lwsl_notice("Failed to decode JWK test key\n"); - return -1; - } - if (jwk.kty != LWS_GENCRYPTO_KTY_OCT) { - lwsl_err("%s: unexpected kty %d\n", __func__, jwk.kty); - - return -1; - } - - /* 1.2: create JWS known hdr + known payload */ - - n = lws_jws_encode_section(test1, strlen(test1), 1, &p, end); - if (n < 0) { - goto bail; - } - - if (strcmp(buf, test1_enc)) - goto bail; - - enc_ptr = p + 1; /* + 1 skips the . */ - n = lws_jws_encode_section(test2, strlen(test2), 0, &p, end); - if (n < 0) { - goto bail; - } - - if (strcmp(enc_ptr, test2_enc)) - goto bail; - - /* 1.3: use HMAC SHA-256 with known key on the hdr . payload */ - - if (lws_genhmac_init(&ctx, jose.alg->hmac_type, - jwk.e[LWS_GENCRYPTO_OCT_KEYEL_K].buf, - jwk.e[LWS_GENCRYPTO_OCT_KEYEL_K].len)) - goto bail; - if (lws_genhmac_update(&ctx, (uint8_t *)buf, p - buf)) - goto bail_destroy_hmac; - lws_genhmac_destroy(&ctx, digest); - - /* 1.4: append a base64 encode of the computed HMAC digest */ - - enc_ptr = p + 1; /* + 1 skips the . */ - n = lws_jws_encode_section((const char *)digest, 32, 0, &p, end); - if (n < 0) - goto bail; - if (strcmp(enc_ptr, hash_enc)) { /* check against known B64URL hash */ - lwsl_err("%s: b64 enc of computed HMAC mismatches '%s' '%s'\n", - __func__, enc_ptr, hash_enc); - goto bail; - } - - /* 1.5: Check we can agree the signature matches the payload */ - - if (lws_jws_sig_confirm_compact_b64(buf, p - buf, &map, &jwk, context, - lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_notice("%s: confirm sig failed\n", __func__); - goto bail; - } - - lws_jws_destroy(&jws); - lws_jwk_destroy(&jwk); - lws_jose_destroy(&jose); - - /* end */ - - lwsl_notice("%s: selftest OK\n", __func__); - - return 0; - -bail_destroy_hmac: - lws_genhmac_destroy(&ctx, NULL); - -bail: - lws_jws_destroy(&jws); - lws_jwk_destroy(&jwk); - lws_jose_destroy(&jose); - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - - return 1; -} - - -static const char - /* the key from worked example in RFC7515 A-2, as a JWK */ - *rfc7515_rsa_key = - "{\"kty\":\"RSA\"," - " \"n\":\"ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" - "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" - "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" - "SXndS5z5rexMdbBYUsLA9e-KXBdQOS-UTo7WTBEMa2R2CapHg665xsmtdV" - "MTBQY4uDZlxvb3qCo5ZwKh9kG4LT6_I5IhlJH7aGhyxXFvUK-DWNmoudF8" - "NAco9_h9iaGNj8q2ethFkMLs91kzk2PAcDTW9gb54h4FRWyuXpoQ\"," - "\"e\":\"AQAB\"," - "\"d\":\"Eq5xpGnNCivDflJsRQBXHx1hdR1k6Ulwe2JZD50LpXyWPEAeP88vLNO97I" - "jlA7_GQ5sLKMgvfTeXZx9SE-7YwVol2NXOoAJe46sui395IW_GO-pWJ1O0" - "BkTGoVEn2bKVRUCgu-GjBVaYLU6f3l9kJfFNS3E0QbVdxzubSu3Mkqzjkn" - "439X0M_V51gfpRLI9JYanrC4D4qAdGcopV_0ZHHzQlBjudU2QvXt4ehNYT" - "CBr6XCLQUShb1juUO1ZdiYoFaFQT5Tw8bGUl_x_jTj3ccPDVZFD9pIuhLh" - "BOneufuBiB4cS98l2SR_RQyGWSeWjnczT0QU91p1DhOVRuOopznQ\"," - "\"p\":\"4BzEEOtIpmVdVEZNCqS7baC4crd0pqnRH_5IB3jw3bcxGn6QLvnEtfdUdi" - "YrqBdss1l58BQ3KhooKeQTa9AB0Hw_Py5PJdTJNPY8cQn7ouZ2KKDcmnPG" - "BY5t7yLc1QlQ5xHdwW1VhvKn-nXqhJTBgIPgtldC-KDV5z-y2XDwGUc\"," - "\"q\":\"uQPEfgmVtjL0Uyyx88GZFF1fOunH3-7cepKmtH4pxhtCoHqpWmT8YAmZxa" - "ewHgHAjLYsp1ZSe7zFYHj7C6ul7TjeLQeZD_YwD66t62wDmpe_HlB-TnBA" - "-njbglfIsRLtXlnDzQkv5dTltRJ11BKBBypeeF6689rjcJIDEz9RWdc\"," - "\"dp\":\"BwKfV3Akq5_MFZDFZCnW-wzl-CCo83WoZvnLQwCTeDv8uzluRSnm71I3Q" - "CLdhrqE2e9YkxvuxdBfpT_PI7Yz-FOKnu1R6HsJeDCjn12Sk3vmAktV2zb" - "34MCdy7cpdTh_YVr7tss2u6vneTwrA86rZtu5Mbr1C1XsmvkxHQAdYo0\"," - "\"dq\":\"h_96-mK1R_7glhsum81dZxjTnYynPbZpHziZjeeHcXYsXaaMwkOlODsWa" - "7I9xXDoRwbKgB719rrmI2oKr6N3Do9U0ajaHF-NKJnwgjMd2w9cjz3_-ky" - "NlxAr2v4IKhGNpmM5iIgOS1VZnOZ68m6_pbLBSp3nssTdlqvd0tIiTHU\"," - "\"qi\":\"IYd7DHOhrWvxkwPQsRM2tOgrjbcrfvtQJipd-DlcxyVuuM9sQLdgjVk2o" - "y26F0EmpScGLq2MowX7fhd_QJQ3ydy5cY7YIBi87w93IKLEdfnbJtoOPLU" - "W0ITrJReOgo1cq9SbsxYawBgfp_gh6A5603k2-ZQwVK0JKSHuLFkuQ3U\"" - "}", - *rfc7515_rsa_a1 = /* the signed worked example in RFC7515 A-1 */ - "eyJhbGciOiJSUzI1NiJ9" - ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - ".cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7" - "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4" - "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K" - "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv" - "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" - "p0igcN_IoypGlUPQGe77Rw" -; - -int -test_jws_RS256(struct lws_context *context) -{ - struct lws_jws_map map; - struct lws_jose jose; - struct lws_jwk jwk; - struct lws_jws jws; - char temp[2048], *in; - int n, l, temp_len = sizeof(temp); - - lws_jose_init(&jose); - lws_jws_init(&jws, &jwk, context); - - /* Test 2: RS256 on RFC7515 worked example */ - - if (lws_gencrypto_jws_alg_to_definition("RS256", &jose.alg)) { - lwsl_err("%s: RS256 not supported\n", __func__); - goto bail; - } - - /* 2.1: import the jwk */ - - if (lws_jwk_import(&jwk, NULL, NULL, - rfc7515_rsa_key, strlen(rfc7515_rsa_key))) { - lwsl_notice("%s: 2.2: Failed to read JWK key\n", __func__); - goto bail2; - } - - if (jwk.kty != LWS_GENCRYPTO_KTY_RSA) { - lwsl_err("%s: 2.2: kty: %d instead of RSA\n", __func__, jwk.kty); - goto bail; - } - - /* 2.2: check the signature on the test packet from RFC7515 A-1 */ - - if (lws_jws_sig_confirm_compact_b64(rfc7515_rsa_a1, - strlen(rfc7515_rsa_a1), &map, - &jwk, context, temp, &temp_len) < 0) { - lwsl_notice("%s: 2.2: confirm rsa sig failed\n", __func__); - goto bail; - } - - if (lws_jws_b64_compact_map(rfc7515_rsa_a1, strlen(rfc7515_rsa_a1), - &jws.map_b64) != 3) { - lwsl_notice("%s: lws_jws_b64_compact_map failed\n", __func__); - goto bail; - } - - /* 2.3: generate our own signature for a copy of the test packet */ - - in = lws_concat_temp(temp, temp_len); - l = strlen(rfc7515_rsa_a1); - if (temp_len < l + 1) - goto bail; - memcpy(in, rfc7515_rsa_a1, l + 1); - temp_len -= l + 1; - - if (lws_jws_b64_compact_map(in, l, &jws.map_b64) != 3) { - lwsl_notice("%s: lws_jws_b64_compact_map failed\n", __func__); - goto bail; - } - - /* overwrite the copy of the known b64 sig (it's all placed inside temp) */ - n = lws_jws_sign_from_b64(&jose, &jws, - (char *)jws.map_b64.buf[LJWS_SIG], - jws.map_b64.len[LJWS_SIG] + 8); - if (n < 0) { - lwsl_err("%s: failed signing test packet\n", __func__); - goto bail; - } - jws.map_b64.len[LJWS_SIG] = n; - - /* 2.4: confirm our signature can be verified */ - - in[l] = '\0'; - if (lws_jws_sig_confirm_compact_b64(in, l, &map, &jwk, context, lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_notice("%s: 2.2: confirm rsa sig failed\n", __func__); - goto bail; - } - - lws_jwk_destroy(&jwk); - - /* end */ - - lwsl_notice("%s: selftest OK\n", __func__); - - return 0; - -bail: - lws_jwk_destroy(&jwk); -bail2: - lws_jws_destroy(&jws); - lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); - - return 1; -} - -static const char - *es256_jose = "{\"alg\":\"ES256\"}", - *es256_payload = "{\"iss\":\"joe\",\r\n \"exp\":1300819380,\r\n" - " \"http://example.com/is_root\":true}", - *es256_cser = - "eyJhbGciOiJFUzI1NiJ9" - "." - "eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt" - "cGxlLmNvbS9pc19yb290Ijp0cnVlfQ" - "." - "DtEhU3ljbEg8L38VWAfUAqOyKAM6-Xx-F4GawxaepmXFCgfTjDxw5djxLa8ISlSA" - "pmWQxfKTUJqPP3-Kg6NU1Q", - *es256_jwk = - "{" - "\"kty\":\"EC\"," - "\"crv\":\"P-256\"," - "\"x\":\"f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU\"," - "\"y\":\"x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0\"," - "\"d\":\"jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI\"" - "}" -#if 0 - , - rfc7515_ec_a3_R[] = { - 14, 209, 33, 83, 121, 99, 108, 72, 60, 47, 127, 21, 88, - 7, 212, 2, 163, 178, 40, 3, 58, 249, 124, 126, 23, 129, - 154, 195, 22, 158, 166, 101 - }, - rfc7515_ec_a3_S[] = { - 197, 10, 7, 211, 140, 60, 112, 229, 216, 241, 45, 175, - 8, 74, 84, 128, 166, 101, 144, 197, 242, 147, 80, 154, - 143, 63, 127, 138, 131, 163, 84, 213 - } -#endif -; - -int -test_jws_ES256(struct lws_context *context) -{ - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_genhash_ctx hash_ctx; - struct lws_jws_map map; - struct lws_jose jose; - struct lws_jwk jwk; - struct lws_jws jws; - char temp[2048], *p; - int ret = -1, l, n, temp_len = sizeof(temp); - - /* A.3 "ES256" RFC7515 worked example - verify */ - - lws_jose_init(&jose); - - /* decode the b64.b64[.b64] compact serialization blocks */ - if (lws_jws_compact_decode(es256_cser, strlen(es256_cser), - &jws.map, &jws.map_b64, - temp, &temp_len) != 3) { - lwsl_err("%s: concat_map failed\n", __func__); - goto bail; - } - - /* confirm the decoded JOSE header is exactly what we expect */ - if (jws.map.len[LJWS_JOSE] != strlen(es256_jose) || - strncmp(es256_jose, jws.map.buf[LJWS_JOSE], - jws.map.len[LJWS_JOSE])) { - lwsl_err("%s: jose b64 decode wrong\n", __func__); - goto bail; - } - - /* confirm the decoded payload is exactly what we expect */ - if (jws.map.len[LJWS_PYLD] != strlen(es256_payload) || - strncmp(es256_payload, jws.map.buf[LJWS_PYLD], - jws.map.len[LJWS_PYLD])) { - lwsl_err("%s: payload b64 decode wrong\n", __func__); - goto bail; - } - - /* parse the JOSE header */ - if (lws_jws_parse_jose(&jose, jws.map.buf[LJWS_JOSE], - jws.map.len[LJWS_JOSE], - (char *)lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - goto bail; - } - - /* confirm we used "ES256" alg we expect from the JOSE hdr */ - if (strcmp(jose.alg->alg, "ES256")) { - lwsl_err("%s: JOSE header has wrong alg\n", __func__); - goto bail; - } - - jws.jwk = &jwk; - jws.context = context; - - /* import the ES256 jwk */ - if (lws_jwk_import(&jwk, NULL, NULL, es256_jwk, strlen(es256_jwk))) { - lwsl_notice("%s: Failed to read JWK key\n", __func__); - goto bail; - } - - /* sanity */ - if (jwk.kty != LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: kty: %d instead of EC\n", - __func__, jwk.kty); - goto bail1; - } - - if (lws_jws_sig_confirm(&jws.map_b64, &jws.map, &jwk, context) < 0) { - lwsl_notice("%s: confirm EC sig failed\n", __func__); - goto bail1; - } - - /* A.3 "ES256" RFC7515 worked example - sign */ - - l = strlen(es256_cser); - if (temp_len < l + 1) - goto bail1; - p = lws_concat_temp(temp, temp_len); - memcpy(p, es256_cser, l + 1); - temp_len -= l + 1; - - /* scan the b64 compact serialization string to map the blocks */ - if (lws_jws_b64_compact_map(p, l, &jws.map_b64) != 3) - goto bail1; - - /* create the hash of the protected b64 part */ - if (lws_genhash_init(&hash_ctx, jose.alg->hash_type) || - lws_genhash_update(&hash_ctx, jws.map_b64.buf[LJWS_JOSE], - jws.map_b64.len[LJWS_JOSE]) || - lws_genhash_update(&hash_ctx, ".", 1) || - lws_genhash_update(&hash_ctx, jws.map_b64.buf[LJWS_PYLD], - jws.map_b64.len[LJWS_PYLD]) || - lws_genhash_destroy(&hash_ctx, digest)) { - lws_genhash_destroy(&hash_ctx, NULL); - - goto bail1; - } - - lwsl_hexdump(jws.map_b64.buf[LJWS_SIG], jws.map_b64.len[LJWS_SIG]); - - /* overwrite the copy of the known b64 sig (it's placed inside buf) */ - n = lws_jws_sign_from_b64(&jose, &jws, - (char *)jws.map_b64.buf[LJWS_SIG], - jws.map_b64.len[LJWS_SIG] + 8); - if (n < 0) { - lwsl_err("%s: failed signing test packet\n", __func__); - goto bail1; - } - jws.map_b64.len[LJWS_SIG] = n; - - lwsl_hexdump(jws.map_b64.buf[LJWS_SIG], jws.map_b64.len[LJWS_SIG]); - - /* 2.4: confirm our generated signature can be verified */ - -// lwsl_err("p %p, l %d\n", p, (int)l); - p[l] = '\0'; - if (lws_jws_sig_confirm_compact_b64(p, l, &map, &jwk, context, lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_notice("%s: confirm our EC sig failed\n", __func__); - goto bail1; - } - - /* end */ - ret = 0; - -bail1: - lws_jwk_destroy(&jwk); - lws_jose_destroy(&jose); - -bail: - lwsl_notice("%s: selftest %s\n", __func__, ret ? "FAIL" : "OK"); - - return ret; -} - -static const char - *es512_jose = "{\"alg\":\"ES512\"}", - *es512_payload = "Payload", - *es512_cser = - "eyJhbGciOiJFUzUxMiJ9" - "." - "UGF5bG9hZA" - "." - "AdwMgeerwtHoh-l192l60hp9wAHZFVJbLfD_UxMi70cwnZOYaRI1bKPWROc-mZZq" - "wqT2SI-KGDKB34XO0aw_7XdtAG8GaSwFKdCAPZgoXD2YBJZCPEX3xKpRwcdOO8Kp" - "EHwJjyqOgzDO7iKvU8vcnwNrmxYbSW9ERBXukOXolLzeO_Jn", - *es512_jwk = - "{" - "\"kty\":\"EC\"," - "\"crv\":\"P-521\"," - "\"x\":\"AekpBQ8ST8a8VcfVOTNl353vSrDCLLJXmPk06wTjxrrjcBpXp5EOnYG_" - "NjFZ6OvLFV1jSfS9tsz4qUxcWceqwQGk\"," - "\"y\":\"ADSmRA43Z1DSNx_RvcLI87cdL07l6jQyyBXMoxVg_l2Th-x3S1WDhjDl" - "y79ajL4Kkd0AZMaZmh9ubmf63e3kyMj2\"," - "\"d\":\"AY5pb7A0UFiB3RELSD64fTLOSV_jazdF7fLYyuTw8lOfRhWg6Y6rUrPA" - "xerEzgdRhajnu0ferB0d53vM9mE15j2C\"" - "}" -; - -int -test_jws_ES512(struct lws_context *context) -{ - uint8_t digest[LWS_GENHASH_LARGEST]; - struct lws_genhash_ctx hash_ctx; - struct lws_jws_map map; - struct lws_jose jose; - struct lws_jwk jwk; - struct lws_jws jws; - char temp[2048], *p; - int ret = -1, l, n, temp_len = sizeof(temp); - - /* A.4 "ES512" RFC7515 worked example - verify */ - - lws_jose_init(&jose); - - /* decode the b64.b64[.b64] compact serialization blocks */ - if (lws_jws_compact_decode(es512_cser, strlen(es512_cser), - &jws.map, &jws.map_b64, temp, - &temp_len) != 3) { - lwsl_err("%s: concat_map failed\n", __func__); - goto bail; - } - - /* confirm the decoded JOSE header is exactly what we expect */ - if (jws.map.len[LJWS_JOSE] != strlen(es512_jose) || - strncmp(es512_jose, jws.map.buf[LJWS_JOSE], - jws.map.len[LJWS_JOSE])) { - lwsl_err("%s: jose b64 decode wrong\n", __func__); - goto bail; - } - - /* confirm the decoded payload is exactly what we expect */ - if (jws.map.len[LJWS_PYLD] != strlen(es512_payload) || - strncmp(es512_payload, jws.map.buf[LJWS_PYLD], - jws.map.len[LJWS_PYLD])) { - lwsl_err("%s: payload b64 decode wrong\n", __func__); - goto bail; - } - - /* parse the JOSE header */ - if (lws_jws_parse_jose(&jose, jws.map.buf[LJWS_JOSE], - jws.map.len[LJWS_JOSE], - lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_err("%s: JOSE parse failed\n", __func__); - goto bail; - } - - /* confirm we used "es512" alg we expect from the JOSE hdr */ - if (strcmp(jose.alg->alg, "ES512")) { - lwsl_err("%s: JOSE header has wrong alg\n", __func__); - goto bail; - } - - jws.jwk = &jwk; - jws.context = context; - - /* import the es512 jwk */ - if (lws_jwk_import(&jwk, NULL, NULL, es512_jwk, strlen(es512_jwk))) { - lwsl_notice("%s: Failed to read JWK key\n", __func__); - goto bail; - } - - /* sanity */ - if (jwk.kty != LWS_GENCRYPTO_KTY_EC) { - lwsl_err("%s: kty: %d instead of EC\n", - __func__, jwk.kty); - goto bail1; - } - - if (lws_jws_sig_confirm(&jws.map_b64, &jws.map, &jwk, context) < 0) { - lwsl_notice("%s: confirm EC sig failed\n", __func__); - goto bail1; - } - - /* A.3 "es512" RFC7515 worked example - sign */ - - l = strlen(es512_cser); - if (temp_len < l) - goto bail1; - p = lws_concat_temp(temp, temp_len); - memcpy(p, es512_cser, l + 1); - temp_len -= (l + 1); - - /* scan the b64 compact serialization string to map the blocks */ - if (lws_jws_b64_compact_map(p, l, &jws.map_b64) != 3) - goto bail1; - - /* create the hash of the protected b64 part */ - if (lws_genhash_init(&hash_ctx, jose.alg->hash_type) || - lws_genhash_update(&hash_ctx, jws.map_b64.buf[LJWS_JOSE], - jws.map_b64.len[LJWS_JOSE]) || - lws_genhash_update(&hash_ctx, ".", 1) || - lws_genhash_update(&hash_ctx, jws.map_b64.buf[LJWS_PYLD], - jws.map_b64.len[LJWS_PYLD]) || - lws_genhash_destroy(&hash_ctx, digest)) { - lws_genhash_destroy(&hash_ctx, NULL); - - goto bail1; - } - - /* overwrite the copy of the known b64 sig (it's placed inside buf) */ - n = lws_jws_sign_from_b64(&jose, &jws, - (char *)jws.map_b64.buf[LJWS_SIG], 1024); - if (n < 0) { - lwsl_err("%s: failed signing test packet\n", __func__); - goto bail1; - } - jws.map_b64.len[LJWS_SIG] = n; - - /* 2.4: confirm our generated signature can be verified */ - - p[l] = '\0'; - - if (lws_jws_sig_confirm_compact_b64(p, l, &map, &jwk, context, - lws_concat_temp(temp, temp_len), &temp_len) < 0) { - lwsl_notice("%s: confirm our ECDSA sig failed\n", __func__); - goto bail1; - } - - /* end */ - ret = 0; - -bail1: - lws_jwk_destroy(&jwk); - lws_jose_destroy(&jose); - -bail: - lwsl_notice("%s: selftest %s\n", __func__, ret ? "FAIL" : "OK"); - - return ret; -} - -int -test_jws(struct lws_context *context) -{ - int n = 0; - - n |= test_jws_none(context); - n |= test_jws_HS256(context); - n |= test_jws_RS256(context); - n |= test_jws_ES256(context); - n |= test_jws_ES512(context); - - return n; -} diff --git a/minimal-examples/api-tests/api-test-jose/main.c b/minimal-examples/api-tests/api-test-jose/main.c deleted file mode 100644 index c2f2c72..0000000 --- a/minimal-examples/api-tests/api-test-jose/main.c +++ /dev/null @@ -1,54 +0,0 @@ -/* - * lws-api-test-jose - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -int -test_jwk(struct lws_context *context); -int -test_jws(struct lws_context *context); -int -test_jwe(struct lws_context *context); - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int result = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS JOSE api tests\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = 0; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - result |= test_jwk(context); - lwsl_notice("%d\n", result); - result |= test_jws(context); - lwsl_notice("%d\n", result); - result |= test_jwe(context); - lwsl_notice("%d\n", result); - - lwsl_user("Completed: %s\n", result ? "FAIL" : "PASS"); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/api-tests/api-test-jose/selftest.sh b/minimal-examples/api-tests/api-test-jose/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-jose/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-lws_dsh/CMakeLists.txt b/minimal-examples/api-tests/api-test-lws_dsh/CMakeLists.txt deleted file mode 100644 index 936d610..0000000 --- a/minimal-examples/api-tests/api-test-lws_dsh/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-lws_dsh) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_NETWORK 1 requirements) -require_lws_config(LWS_WITH_LWS_DSH 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/api-tests/api-test-lws_dsh/README.md b/minimal-examples/api-tests/api-test-lws_dsh/README.md deleted file mode 100644 index f62a45a..0000000 --- a/minimal-examples/api-tests/api-test-lws_dsh/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# lws api test lws_dsh - -Demonstrates how to use and performs selftests for lws_dsh - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -``` - $ ./lws-api-test-lws_dsh -[2018/10/09 09:14:17:4834] USER: LWS API selftest: lws_dsh -[2018/10/09 09:14:17:4835] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-lws_dsh/main.c b/minimal-examples/api-tests/api-test-lws_dsh/main.c deleted file mode 100644 index 8f92fd9..0000000 --- a/minimal-examples/api-tests/api-test-lws_dsh/main.c +++ /dev/null @@ -1,361 +0,0 @@ -/* - * lws-api-test-lws_dsh - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -int -test1(void) -{ - lws_dsh_t *dsh; - size_t size; - void *a1; - - /* - * test 1: single dsh, alloc 2 kinds and free everything back to a - * single free obj - */ - - dsh = lws_dsh_create(NULL, 16384, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh\n", __func__); - - return 1; - } - - if (lws_dsh_alloc_tail(dsh, 0, "hello", 5, NULL, 0)) { - lwsl_err("%s: Failed to alloc 1\n", __func__); - - goto bail; - } - - if (lws_dsh_alloc_tail(dsh, 1, "some other string", 17, NULL, 0)) { - lwsl_err("%s: Failed to alloc 2\n", __func__); - - goto bail; - } - - if (lws_dsh_alloc_tail(dsh, 0, "hello again", 11, NULL, 0)) { - lwsl_err("%s: Failed to alloc 3\n", __func__); - - goto bail; - } - - if (lws_dsh_get_head(dsh, 1, &a1, &size)) { - lwsl_err("%s: no head 1\n", __func__); - - goto bail; - } - if (size != 17 || memcmp(a1, "some other string", 17)) { - lwsl_err("%s: test 1 mismatch\n", __func__); - - goto bail; - } - lws_dsh_free(&a1); - - if (lws_dsh_get_head(dsh, 0, &a1, &size)) { - lwsl_err("%s: no head 2\n", __func__); - - goto bail; - } - if (size != 5 || memcmp(a1, "hello", 5)) { - lwsl_err("%s: test 2 mismatch\n", __func__); - - goto bail; - } - lws_dsh_free(&a1); - - if (lws_dsh_get_head(dsh, 0, &a1, &size)) { - lwsl_err("%s: no head 3\n", __func__); - - goto bail; - } - if (size != 11 || memcmp(a1, "hello again", 11)) { - lwsl_err("%s: test 3 mismatch\n", __func__); - - goto bail; - } - lws_dsh_free(&a1); - - lws_dsh_destroy(&dsh); - - return 0; -bail: - lws_dsh_destroy(&dsh); - - return 1; -} - -int -test2(void) -{ - lws_dsh_t *dsh, *dsh2; - lws_dll2_owner_t owner; - uint8_t blob[4096]; - - memset(blob, 0, sizeof(blob)); - - /* - * test 2: multiple dsh, overflow allocation and dynamic destroy - */ - - lws_dll2_owner_clear(&owner); - - dsh = lws_dsh_create(&owner, 4096, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh1\n", __func__); - - return 1; - } - - dsh2 = lws_dsh_create(&owner, 4096, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh2\n", __func__); - - goto bail; - } - - if (lws_dsh_alloc_tail(dsh, 0, blob, 4000, NULL, 0)) { - lwsl_err("%s: Failed to alloc 1\n", __func__); - - goto bail2; - } - - if (lws_dsh_alloc_tail(dsh2, 0, "hello", 5, NULL, 0)) { - lwsl_err("%s: Failed to alloc 2\n", __func__); - - goto bail2; - } - - /* - * We create this logically on dsh. But there's no room for the body. - * It should figure out it can use space on dsh2. - */ - - if (lws_dsh_alloc_tail(dsh, 0, blob, 2000, NULL, 0)) { - lwsl_err("%s: Failed to alloc 3\n", __func__); - - goto bail2; - } - - if (lws_dsh_alloc_tail(dsh2, 0, "hello again", 11, NULL, 0)) { - lwsl_err("%s: Failed to alloc 4\n", __func__); - - goto bail2; - } - - /* - * When we destroy dsh2 it will try to migrate out the 2000 allocation - * from there but find there is no space in dsh1. It should handle it - * by logicalling dropping the object. - */ - - lws_dsh_destroy(&dsh2); - lws_dsh_destroy(&dsh); - - return 0; - -bail2: - lws_dsh_destroy(&dsh2); - -bail: - lws_dsh_destroy(&dsh); - - return 1; - -} - -int -test3(void) -{ - lws_dsh_t *dsh, *dsh2; - lws_dll2_owner_t owner; - uint8_t blob[4096]; - - memset(blob, 0, sizeof(blob)); - - /* - * test 3: multiple dsh, umeetable allocation request - */ - - lws_dll2_owner_clear(&owner); - - dsh = lws_dsh_create(&owner, 4096, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh1\n", __func__); - - return 1; - } - - dsh2 = lws_dsh_create(&owner, 4096, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh2\n", __func__); - - goto bail; - } - - if (lws_dsh_alloc_tail(dsh, 0, blob, 4000, NULL, 0)) { - lwsl_err("%s: Failed to alloc 1\n", __func__); - - goto bail2; - } - - if (lws_dsh_alloc_tail(dsh2, 0, "hello", 5, NULL, 0)) { - lwsl_err("%s: Failed to alloc 2\n", __func__); - - goto bail2; - } - - /* - * There's just no room for this, we expect it to fail - */ - - if (!lws_dsh_alloc_tail(dsh, 0, blob, 5000, NULL, 0)) { - lwsl_err("%s: Didn't fail to alloc as expected\n", __func__); - - goto bail2; - } - - if (lws_dsh_alloc_tail(dsh2, 0, "hello again", 11, NULL, 0)) { - lwsl_err("%s: Failed to alloc 4\n", __func__); - - goto bail2; - } - - lws_dsh_destroy(&dsh2); - lws_dsh_destroy(&dsh); - - return 0; - -bail2: - lws_dsh_destroy(&dsh2); - -bail: - lws_dsh_destroy(&dsh); - - return 1; -} - -int -test4(void) -{ - uint8_t blob[4096]; - lws_dsh_t *dsh; - size_t size; - void *a1; - - memset(blob, 0, sizeof(blob)); - - /* - * test 1: use up whole free list, then recover and alloc something - * else - */ - - dsh = lws_dsh_create(NULL, 4096, 2); - if (!dsh) { - lwsl_err("%s: Failed to create dsh\n", __func__); - - return 1; - } - - if (lws_dsh_alloc_tail(dsh, 0, blob, 4000, NULL, 0)) { - lwsl_err("%s: Failed to alloc 1\n", __func__); - - goto bail; - } - - if (lws_dsh_get_head(dsh, 0, &a1, &size)) { - lwsl_err("%s: no head 1\n", __func__); - - goto bail; - } - if (size != 4000) { - lwsl_err("%s: test 1 mismatch\n", __func__); - - goto bail; - } - lws_dsh_free(&a1); - - if (lws_dsh_alloc_tail(dsh, 0, "some other string", 17, NULL, 0)) { - lwsl_err("%s: Failed to alloc 2\n", __func__); - - goto bail; - } - - if (lws_dsh_alloc_tail(dsh, 0, "hello again", 11, NULL, 0)) { - lwsl_err("%s: Failed to alloc 3\n", __func__); - - goto bail; - } - - if (lws_dsh_get_head(dsh, 0, &a1, &size)) { - lwsl_err("%s: no head 1\n", __func__); - - goto bail; - } - if (size != 17 || memcmp(a1, "some other string", 17)) { - lwsl_err("%s: test 1 mismatch\n", __func__); - - goto bail; - } - lws_dsh_free(&a1); - - if (lws_dsh_get_head(dsh, 0, &a1, &size)) { - lwsl_err("%s: no head 2\n", __func__); - - goto bail; - } - if (size != 11 || memcmp(a1, "hello again", 11)) { - lwsl_err("%s: test 2 mismatch (%zu)\n", __func__, size); - - goto bail; - } - - lws_dsh_free(&a1); - - lws_dsh_destroy(&dsh); - - return 0; -bail: - lws_dsh_destroy(&dsh); - - return 1; -} - -int main(int argc, const char **argv) -{ - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - int ret = 0, n; - const char *p; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: lws_dsh\n"); - - n = test1(); - lwsl_user("%s: test1: %d\n", __func__, n); - ret |= n; - - n = test2(); - lwsl_user("%s: test2: %d\n", __func__, n); - ret |= n; - - n = test3(); - lwsl_user("%s: test3: %d\n", __func__, n); - ret |= n; - - n = test4(); - lwsl_user("%s: test4: %d\n", __func__, n); - ret |= n; - - lwsl_user("Completed: %s\n", ret ? "FAIL" : "PASS"); - - return ret; -} diff --git a/minimal-examples/api-tests/api-test-lws_dsh/selftest.sh b/minimal-examples/api-tests/api-test-lws_dsh/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-lws_dsh/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-lws_sequencer/CMakeLists.txt b/minimal-examples/api-tests/api-test-lws_sequencer/CMakeLists.txt deleted file mode 100644 index 1d24090..0000000 --- a/minimal-examples/api-tests/api-test-lws_sequencer/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-lws_sequencer) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) -require_lws_config(LWS_WITH_SEQUENCER 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/api-tests/api-test-lws_sequencer/libwebsockets.org.cer b/minimal-examples/api-tests/api-test-lws_sequencer/libwebsockets.org.cer deleted file mode 100644 index 4a9fb35..0000000 --- a/minimal-examples/api-tests/api-test-lws_sequencer/libwebsockets.org.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgISA9x0/oj5PLdW46hsmR82/7ytMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5NDBaFw0x -OTEyMDYwNzA5NDBaMBwxGjAYBgNVBAMTEWxpYndlYnNvY2tldHMub3JnMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPinIkleLmvEcA/YuBss6ASXVi7g -yr6Sss7cB3vTy7Fp8OB2c1N25prHZxVpORAUo0UreiaY2Ws4NFvDaYp08ZffevuC -UhThsEJlbkD0uvt7dPapJt9PNJtlxjNFWyvHEy6PijzIaMYDROiStcCJQn7kAew/ -Za2+5kNVgKqT+7OXukJEFdSdVZI6QC/npeQlkIrFSq1WVthCGBNJehxxES0hSWzk -0gNVKlkD3/SbkupsfUpe73XiawMtrtsSE7cdnul7VZmiP8I/3sJr1+4/3xZ+DEYg -mVB82B0vd08VJYzU7Nf0pz0PWusAmzRoRn81IXkOfBg9ohlSSEoZhHYS7QIDAQAB -o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmKKyGjufWgp7pR2x0tWxG -D9G+WTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB -AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw -dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw -dC5vcmcvMBwGA1UdEQQVMBOCEWxpYndlYnNvY2tldHMub3JnMEwGA1UdIARFMEMw -CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j -cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAdH7a -gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFtCsWIfgAABAMASDBGAiEA -0H55VqSKV3otHK7uHNbcR0QwoUYtCmeObhsqxzCnmDwCIQD3mtuSKrxTD3oA+Yde -nmTgWfFyS4TNgLNEPCJYo2s75gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM -9OVFR/R4AAABbQrFil4AAAQDAEYwRAIgNSpvz/1JA2aP6fh6ujGNuYfrAvWjlxXo -CJtVGe4XaDYCIGmK1/9tl1uQbVD46P5NswnULq06KQmuOrlI3HO4r86HMA0GCSqG -SIb3DQEBCwUAA4IBAQBiAlV7wkCsWE99VmZHBmcbZChWyWUHG3LM1hnaQRQjTSYk -CIlauCpWzlUd6weuvra85KqBbCYo+1hxbwITI796uAdgtHmBE8nj0VltHwKeSq2s -KKiGXBRT7Z7t0VHYSLOlGOVn1auuQFaWBArc0cQ/m1ZsoHvOiHTlKQvVsA4HnIxA -CjGY9OOQoh0c36ecbJZ44XKnU9J/OXtDx00aW6QodaZmgMp/OOCghFQUvufkgTUL -LZid873/8dJVWjAaj1VdadO1nSbdAfBbeWXy93+vg1aAoig80RoscrzYCaNlwmR7 -EO5zWxL3l+xUZogQSJuICgUgNzVB3wjn8HeHGsqt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/api-tests/api-test-lws_sequencer/main.c b/minimal-examples/api-tests/api-test-lws_sequencer/main.c deleted file mode 100644 index a84aa7e..0000000 --- a/minimal-examples/api-tests/api-test-lws_sequencer/main.c +++ /dev/null @@ -1,399 +0,0 @@ -/* - * lws-api-test-lws_sequencer - * - * Written in 2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This api test uses the lws_sequencer api to make five http client requests - * to libwebsockets.org in sequence, from inside the event loop. The fourth - * fourth http client request is directed to port 22 where it stalls - * triggering the lws_sequencer timeout flow. The fifth is given a nonexistant - * dns name and is expected to fail. - */ - -#include - -#include - -static int interrupted, test_good = 0; - -enum { - SEQ1, - SEQ2, - SEQ3_404, - SEQ4_TIMEOUT, /* we expect to timeout */ - SEQ5_BAD_ADDRESS /* we expect the connection to fail */ -}; - -/* - * This is the user defined struct whose space is allocated along with the - * sequencer when that is created. - * - * You'd put everything your sequencer needs to do its job in here. - */ - -struct myseq { - struct lws_vhost *vhost; - struct lws *cwsi; /* client wsi for current step if any */ - - int state; /* which test we're on */ - int http_resp; -}; - -/* sequencer messages specific to this sequencer */ - -enum { - SEQ_MSG_CLIENT_FAILED = LWSSEQ_USER_BASE, - SEQ_MSG_CLIENT_DONE, -}; - -/* this is the sequence of GETs we will do */ - -static const char *url_paths[] = { - "https://libwebsockets.org/index.html", - "https://libwebsockets.org/lws.css", - "https://libwebsockets.org/404.html", - "https://libwebsockets.org:22", /* this causes us to time out */ - "https://doesntexist.invalid/" /* fail early in connect */ -}; - - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -/* - * This is the sequencer-aware http protocol handler. It monitors the client - * http action and queues messages for the sequencer when something definitive - * happens. - */ - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct myseq *s = (struct myseq *)user; - int seq_msg = SEQ_MSG_CLIENT_FAILED; - - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_notice("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - goto notify; - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - if (!s) - return 1; - s->http_resp = lws_http_client_http_response(wsi); - lwsl_info("Connected with server response: %d\n", s->http_resp); - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_info("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_notice("LWS_CALLBACK_COMPLETED_CLIENT_HTTP: wsi %p\n", - wsi); - if (!s) - return 1; - /* - * We got a definitive transaction completion - */ - seq_msg = SEQ_MSG_CLIENT_DONE; - goto notify; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - lwsl_info("LWS_CALLBACK_CLOSED_CLIENT_HTTP\n"); - if (!s) - return 1; - - lwsl_user("%s: wsi %p: seq failed at CLOSED_CLIENT_HTTP\n", - __func__, wsi); - goto notify; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); - -notify: - /* - * We only inform the sequencer of a definitive outcome for our step. - * - * So once we have informed it, we detach ourselves from the sequencer - * and the sequencer from ourselves. Wsi may want to live on but after - * we got our result and moved on to the next test or completed, the - * sequencer doesn't want to hear from it again. - */ - if (!s) - return 1; - - lws_set_wsi_user(wsi, NULL); - s->cwsi = NULL; - lws_seq_queue_event(lws_seq_from_user(s), seq_msg, - NULL, NULL); - - return 0; -} - -static const struct lws_protocols protocols[] = { - { "seq-test-http", callback_http, 0, 0, }, - { NULL, NULL, 0, 0 } -}; - - -static int -sequencer_start_client(struct myseq *s) -{ - struct lws_client_connect_info i; - const char *prot, *path1; - char uri[128], path[128]; - int n; - - lws_strncpy(uri, url_paths[s->state], sizeof(uri)); - - memset(&i, 0, sizeof i); - i.context = lws_seq_get_context(lws_seq_from_user(s)); - - if (lws_parse_uri(uri, &prot, &i.address, &i.port, &path1)) { - lwsl_err("%s: uri error %s\n", __func__, uri); - } - - if (!strcmp(prot, "https")) - i.ssl_connection = LCCSCF_USE_SSL; - - path[0] = '/'; - n = 1; - if (path1[0] == '/') - n = 0; - lws_strncpy(&path[n], path1, sizeof(path) - 1); - - i.path = path; - i.host = i.address; - i.origin = i.address; - i.method = "GET"; - i.vhost = s->vhost; - i.userdata = s; - - i.protocol = protocols[0].name; - i.local_protocol_name = protocols[0].name; - i.pwsi = &s->cwsi; - - if (!lws_client_connect_via_info(&i)) { - lwsl_notice("%s: connecting to %s://%s:%d%s failed\n", - __func__, prot, i.address, i.port, path); - - /* we couldn't even get started with the client connection */ - - lws_seq_queue_event(lws_seq_from_user(s), - SEQ_MSG_CLIENT_FAILED, NULL, NULL); - - return 1; - } - - lws_seq_timeout_us(lws_seq_from_user(s), 3 * LWS_US_PER_SEC); - - lwsl_notice("%s: wsi %p: connecting to %s://%s:%d%s\n", __func__, - s->cwsi, prot, i.address, i.port, path); - - return 0; -} - -/* - * The sequencer callback handles queued sequencer messages in the order they - * were queued. The messages are presented from the event loop thread context - * even if they were queued from a different thread. - */ - -static lws_seq_cb_return_t -sequencer_cb(struct lws_sequencer *seq, void *user, int event, - void *data, void *aux) -{ - struct myseq *s = (struct myseq *)user; - - switch ((int)event) { - case LWSSEQ_CREATED: /* our sequencer just got started */ - s->state = SEQ1; /* first thing we'll do is the first url */ - goto step; - - case LWSSEQ_DESTROYED: - /* - * This sequencer is about to be destroyed. If we have any - * other assets in play, detach them from us. - */ - if (s->cwsi) - lws_set_wsi_user(s->cwsi, NULL); - - interrupted = 1; - break; - - case LWSSEQ_TIMED_OUT: /* current step timed out */ - if (s->state == SEQ4_TIMEOUT) { - lwsl_user("%s: test %d got expected timeout\n", - __func__, s->state); - goto done; - } - lwsl_user("%s: seq timed out at step %d\n", __func__, s->state); - return LWSSEQ_RET_DESTROY; - - case SEQ_MSG_CLIENT_FAILED: - if (s->state == SEQ5_BAD_ADDRESS) { - /* - * in this specific case, we expect to fail - */ - lwsl_user("%s: test %d failed as expected\n", - __func__, s->state); - goto done; - } - - lwsl_user("%s: seq failed at step %d\n", __func__, s->state); - - return LWSSEQ_RET_DESTROY; - - case SEQ_MSG_CLIENT_DONE: - if (s->state >= SEQ4_TIMEOUT) { - /* - * In these specific cases, done would be a failure, - * we expected to timeout or fail - */ - lwsl_user("%s: seq failed at step %d\n", __func__, - s->state); - - return LWSSEQ_RET_DESTROY; - } - lwsl_user("%s: seq done step %d (resp %d)\n", __func__, - s->state, s->http_resp); - -done: - lws_seq_timeout_us(lws_seq_from_user(s), LWSSEQTO_NONE); - s->state++; - if (s->state == LWS_ARRAY_SIZE(url_paths)) { - /* the sequence has completed */ - lwsl_user("%s: sequence completed OK\n", __func__); - - test_good = 1; - - return LWSSEQ_RET_DESTROY; - } - -step: - sequencer_start_client(s); - break; - default: - break; - } - - return LWSSEQ_RET_CONTINUE; -} - -int -main(int argc, const char **argv) -{ - int n = 1, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - struct lws_context *context; - lws_seq_t *seq; - struct lws_vhost *vh; - lws_seq_info_t i; - struct myseq *s; - const char *p; - - /* the normal lws init */ - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: lws_sequencer\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - info.protocols = protocols; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./libwebsockets.org.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - vh = lws_create_vhost(context, &info); - if (!vh) { - lwsl_err("Failed to create first vhost\n"); - goto bail1; - } - - /* - * Create the sequencer... when the event loop starts, it will - * receive the LWSSEQ_CREATED callback - */ - - memset(&i, 0, sizeof(i)); - i.context = context; - i.user_size = sizeof(struct myseq); - i.puser = (void **)&s; - i.cb = sequencer_cb; - i.name = "seq"; - - seq = lws_seq_create(&i); - if (!seq) { - lwsl_err("%s: unable to create sequencer\n", __func__); - goto bail1; - } - s->vhost = vh; - - /* the usual lws event loop */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail1: - lwsl_user("Completed: %s\n", !test_good ? "FAIL" : "PASS"); - - lws_context_destroy(context); - - return !test_good; -} diff --git a/minimal-examples/api-tests/api-test-lws_struct-json/CMakeLists.txt b/minimal-examples/api-tests/api-test-lws_struct-json/CMakeLists.txt deleted file mode 100644 index 07ab387..0000000 --- a/minimal-examples/api-tests/api-test-lws_struct-json/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-lws_struct-json) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_STRUCT_JSON 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() - diff --git a/minimal-examples/api-tests/api-test-lws_struct-json/README.md b/minimal-examples/api-tests/api-test-lws_struct-json/README.md deleted file mode 100644 index ebe930d..0000000 --- a/minimal-examples/api-tests/api-test-lws_struct-json/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# lws api test lws_struct JSON - -Demonstrates how to use and performs selftests for lws_struct -JSON serialization and deserialization - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -``` - $ ./lws-api-test-lws_struct-json -[2019/03/30 22:09:09:2529] USER: LWS API selftest: lws_struct JSON -[2019/03/30 22:09:09:2625] NOTICE: main: ++++++++++++++++ test 1 -[2019/03/30 22:09:09:2812] NOTICE: builder.hostname = 'learn', timeout = 1800, targets (2) -[2019/03/30 22:09:09:2822] NOTICE: target.name 'target1' (target 0x543a830) -[2019/03/30 22:09:09:2824] NOTICE: target.name 'target2' (target 0x543a860) -[2019/03/30 22:09:09:2826] NOTICE: main: .... strarting serialization of test 1 -[2019/03/30 22:09:09:2899] NOTICE: ser says 1 -{"schema":"com-warmcat-sai-builder","hostname":"learn","nspawn_timeout":1800,"targets":[{"name":"target1"},{"name":"target2"}]} -[2019/03/30 22:09:09:2929] NOTICE: main: ++++++++++++++++ test 2 -[2019/03/30 22:09:09:2932] NOTICE: builder.hostname = 'learn', timeout = 0, targets (3) -[2019/03/30 22:09:09:2932] NOTICE: target.name 'target1' (target 0x543b060) -[2019/03/30 22:09:09:2933] NOTICE: target.name 'target2' (target 0x543b090) -[2019/03/30 22:09:09:2933] NOTICE: target.name 'target3' (target 0x543b0c0) -[2019/03/30 22:09:09:2934] NOTICE: main: .... strarting serialization of test 2 -[2019/03/30 22:09:09:2935] NOTICE: ser says 1 -{"schema":"com-warmcat-sai-builder","hostname":"learn","nspawn_timeout":0,"targets":[{"name":"target1"},{"name":"target2"},{"name":"target3"}]} -[2019/03/30 22:09:09:2940] NOTICE: main: ++++++++++++++++ test 3 -[2019/03/30 22:09:09:2959] NOTICE: builder.hostname = 'learn', timeout = 1800, targets (2) -[2019/03/30 22:09:09:2960] NOTICE: target.name 'target1' (target 0x543b450) -[2019/03/30 22:09:09:2961] NOTICE: child 0x543b480, target.child.somename 'abc' -[2019/03/30 22:09:09:2961] NOTICE: target.name 'target2' (target 0x543b490) -[2019/03/30 22:09:09:2962] NOTICE: main: .... strarting serialization of test 3 -[2019/03/30 22:09:09:2969] NOTICE: ser says 1 -{"schema":"com-warmcat-sai-builder","hostname":"learn","nspawn_timeout":1800,"targets":[{"name":"target1","child":{"somename":"abc"}},{"name":"target2"}]} -[2019/03/30 22:09:09:2970] NOTICE: main: ++++++++++++++++ test 4 -[2019/03/30 22:09:09:2971] NOTICE: builder.hostname = 'learn', timeout = 1800, targets (0) -[2019/03/30 22:09:09:2971] NOTICE: main: .... strarting serialization of test 4 -[2019/03/30 22:09:09:2973] NOTICE: ser says 1 -{"schema":"com-warmcat-sai-builder","hostname":"learn","nspawn_timeout":1800} -[2019/03/30 22:09:09:2974] NOTICE: main: ++++++++++++++++ test 5 -[2019/03/30 22:09:09:2978] NOTICE: builder.hostname = '', timeout = 0, targets (0) -[2019/03/30 22:09:09:2979] NOTICE: main: .... strarting serialization of test 5 -[2019/03/30 22:09:09:2980] NOTICE: ser says 1 -{"schema":"com-warmcat-sai-builder","hostname":"","nspawn_timeout":0} -[2019/03/30 22:09:09:2982] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-lws_struct-json/main.c b/minimal-examples/api-tests/api-test-lws_struct-json/main.c deleted file mode 100644 index 5b84718..0000000 --- a/minimal-examples/api-tests/api-test-lws_struct-json/main.c +++ /dev/null @@ -1,365 +0,0 @@ -/* - * lws-api-test-lws_struct-json - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * lws_struct apis are used to serialize and deserialize your C structs and - * linked-lists in a standardized way that's very modest on memory but - * convenient and easy to maintain. - * - * The API test shows how to serialize and deserialize a struct with a linked- - * list of child structs in JSON using lws_struct APIs. - */ - -#include - -/* - * in this example, the JSON is for one "builder" object, which may specify - * a child list "targets" of zero or more "target" objects. - */ - -static const char * const json_tests[] = { - "{" /* test 1 */ - "\"schema\":\"com-warmcat-sai-builder\"," - - "\"hostname\":\"learn\"," - "\"nspawn_timeout\":1800," - "\"targets\":[" - "{" - "\"name\":\"target1\"," - "\"someflag\":true" - "}," - "{" - "\"name\":\"target2\"," - "\"someflag\":false" - "}" - "]" - "}", - "{" /* test 2 */ - "\"schema\":\"com-warmcat-sai-builder\"," - - "\"hostname\":\"learn\"," - "\"targets\":[" - "{" - "\"name\":\"target1\"" - "}," - "{" - "\"name\":\"target2\"" - "}," - "{" - "\"name\":\"target3\"" - "}" - "]" - "}", "{" /* test 3 */ - "\"schema\":\"com-warmcat-sai-builder\"," - - "\"hostname\":\"learn\"," - "\"nspawn_timeout\":1800," - "\"targets\":[" - "{" - "\"name\":\"target1\"," - "\"unrecognized\":\"xyz\"," - "\"child\": {" - "\"somename\": \"abc\"," - "\"junk\": { \"x\": \"y\" }" - "}" - "}," - "{" - "\"name\":\"target2\"" - "}" - "]" - "}", - "{" /* test 4 */ - "\"schema\":\"com-warmcat-sai-builder\"," - - "\"hostname\":\"learn\"," - "\"nspawn_timeout\":1800" - "}", - "{" /* test 5 */ - "\"schema\":\"com-warmcat-sai-builder\"" - "}", - "{" /* test 6 ... check huge strings into smaller fixed char array */ - "\"schema\":\"com-warmcat-sai-builder\"," - "\"hostname\":\"" - "PYvtan6kqppjnS0KpYTCaiOLsJkc7XecAr1kcE0aCIciewYB+JcLG82mO1Vb1mJtjDwUjBxy2I6A" - "zefzoWUWmqZbsv4MXR55j9bKlyz1liiSX63iO0x6JAwACMtE2MkgcLwR86TSWAD9D1QKIWqg5RJ/" - "CRuVsW0DKAUMD52ql4JmPFuJpJgTq28z6PhYNzN3yI3bmQt6bzhA+A/xAsFzSBnb3MHYWzGMprr5" - "3FAP1ISo5Ec9i+2ehV40sG6Q470sH3PGQZ0YRPO7Sh/SyrSQ/scONmxRc3AcXl7X/CSs417ii+CV" - "8sq3ZgcxKNB7tNfN7idNx3upZ00G2BZy9jSy03cLKKLNaNUt0TQsxXbH55uDHzSEeZWvxJgT6zB1" - "NoMhdC02w+oXim94M6z6COCnqT3rgkGk8PHMry9Bkh4yVpRmzIRfMmln/lEhdZgxky2+g5hhlSIG" - "JYDCrdynD9kCfvfy6KGOpNIi1X+mhbbWn4lnL9ZKihL/RrfOV+oV4R26IDq+KqUiJBENeo8/GXkG" - "LUH/87iPyzXKEMavr6fkrK0vTGto8yEYxmOyaVz8phG5rwf4jJgmYNoMbGo8gWvhqO7UAGy2g7MW" - "v+B/t1eZZ+1euLsNrWAsFJiFbQKgdFfQT3RjB14iU8knlQ8usoy+pXssY2ddGJGVcGC21oZvstK9" - "eu1eRZftda/wP+N5unT1Hw7kCoVzqxHieiYt47EGIOaaQ7XjZDK6qPN6O/grHnvJZm2vBkxuXgsY" - "VkRQ7AuTWIecphqFsq7Wbc1YNbMW47SVU5zMD0WaCqbaaI0t4uIzRvPlD8cpiiTzFTrEHlIBTf8/" - "uZjjEGGLhJR1jPqA9D1Ej3ChV+ye6F9JTUMlozRMsGuF8U4btDzH5xdnmvRS4Ar6LKEtAXGkj2yu" - "yJln+v4RIWj2xOGPJovOqiXwi0FyM61f8U8gj0OiNA2/QlvrqQVDF7sMXgjvaE7iQt5vMETteZlx" - "+z3f+jTFM/aon511W4+ZkRD+6AHwucvM9BEC\"" - "}", - "{" /* test 7 ... check huge strings into char * */ - "\"schema\":\"com-warmcat-sai-builder\"," - "\"targets\":[" - "{" - "\"name\":\"" - "PYvtan6kqppjnS0KpYTCaiOLsJkc7XecAr1kcE0aCIciewYB+JcLG82mO1Vb1mJtjDwUjBxy2I6A" - "zefzoWUWmqZbsv4MXR55j9bKlyz1liiSX63iO0x6JAwACMtE2MkgcLwR86TSWAD9D1QKIWqg5RJ/" - "CRuVsW0DKAUMD52ql4JmPFuJpJgTq28z6PhYNzN3yI3bmQt6bzhA+A/xAsFzSBnb3MHYWzGMprr5" - "3FAP1ISo5Ec9i+2ehV40sG6Q470sH3PGQZ0YRPO7Sh/SyrSQ/scONmxRc3AcXl7X/CSs417ii+CV" - "8sq3ZgcxKNB7tNfN7idNx3upZ00G2BZy9jSy03cLKKLNaNUt0TQsxXbH55uDHzSEeZWvxJgT6zB1" - "NoMhdC02w+oXim94M6z6COCnqT3rgkGk8PHMry9Bkh4yVpRmzIRfMmln/lEhdZgxky2+g5hhlSIG" - "JYDCrdynD9kCfvfy6KGOpNIi1X+mhbbWn4lnL9ZKihL/RrfOV+oV4R26IDq+KqUiJBENeo8/GXkG" - "LUH/87iPyzXKEMavr6fkrK0vTGto8yEYxmOyaVz8phG5rwf4jJgmYNoMbGo8gWvhqO7UAGy2g7MW" - "v+B/t1eZZ+1euLsNrWAsFJiFbQKgdFfQT3RjB14iU8knlQ8usoy+pXssY2ddGJGVcGC21oZvstK9" - "eu1eRZftda/wP+N5unT1Hw7kCoVzqxHieiYt47EGIOaaQ7XjZDK6qPN6O/grHnvJZm2vBkxuXgsY" - "VkRQ7AuTWIecphqFsq7Wbc1YNbMW47SVU5zMD0WaCqbaaI0t4uIzRvPlD8cpiiTzFTrEHlIBTf8/" - "uZjjEGGLhJR1jPqA9D1Ej3ChV+ye6F9JTUMlozRMsGuF8U4btDzH5xdnmvRS4Ar6LKEtAXGkj2yu" - "yJln+v4RIWj2xOGPJovOqiXwi0FyM61f8U8gj0OiNA2/QlvrqQVDF7sMXgjvaE7iQt5vMETteZlx" - "+z3f+jTFM/aon511W4+ZkRD+6AHwucvM9BEC\"}]}" - "}", -}; - -/* - * These are the expected outputs for each test, without pretty formatting. - * - * There are some differences to do with missing elements being rendered with - * default values. - */ - -static const char * const json_expected[] = { - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":\"learn\"," - "\"nspawn_timeout\":1800,\"targets\":[{\"name\":\"target1\",\"someflag\":true}," - "{\"name\":\"target2\",\"someflag\":false}]}", - - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":\"learn\"," - "\"nspawn_timeout\":0,\"targets\":[{\"name\":\"target1\",\"someflag\":false}," - "{\"name\":\"target2\",\"someflag\":false},{\"name\":\"target3\",\"someflag\":false}]}", - - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":\"learn\"," - "\"nspawn_timeout\":1800,\"targets\":[{\"name\":\"target1\",\"someflag\":false," - "\"child\":{\"somename\":\"abc\"}},{\"name\":\"target2\",\"someflag\":false}]}", - - "{\"schema\":\"com-warmcat-sai-builder\"," - "\"hostname\":\"learn\",\"nspawn_timeout\":1800}", - - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":\"\"," - "\"nspawn_timeout\":0}", - - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":" - "\"PYvtan6kqppjnS0KpYTCaiOLsJkc7Xe\"," - "\"nspawn_timeout\":0}", - - "{\"schema\":\"com-warmcat-sai-builder\",\"hostname\":\"\"," - "\"nspawn_timeout\":0,\"targets\":[{\"name\":\"PYvtan6kqppjnS0KpYTC" - "aiOLsJkc7XecAr1kcE0aCIciewYB+JcLG82mO1Vb1mJtjDwUjBxy2I6Azefz" - "oWUWmqZbsv4MXR55j9bKlyz1liiSX63iO0x6JAwACMtE2MkgcLwR86TSWAD9" - "D1QKIWqg5RJ/CRuVsW0DKAUMD52ql4JmPFuJpJgTq28z6PhYNzN3yI3bmQt6" - "bzhA+A/xAsFzSBnb3MHYWzGMprr53FAP1ISo5Ec9i+2ehV40sG6Q470sH3PG" - "QZ0YRPO7Sh/SyrSQ/scONmxRc3AcXl7X/CSs417ii+CV8sq3ZgcxKNB7tNfN" - "7idNx3upZ00G2BZy9jSy03cLKKLNaNUt0TQsxXbH55uDHzSEeZWvxJgT6zB1" - "NoMhdC02w+oXim94M6z6COCnqT3rgkGk8PHMry9Bkh4yVpRmzIRfMmln/lEh" - "dZgxky2+g5hhlSIGJYDCrdynD9kCfvfy6KGOpNIi1X+mhbbWn4lnL9ZKihL/" - "RrfOV+oV4R26IDq+KqUiJBENeo8/GXkGLUH/87iPyzXKEMavr6fkrK0vTGto" - "8yEYxmOyaVz8phG5rwf4jJgmYNoMbGo8gWvhqO7UAGy2g7MWv+B/t1eZZ+1e" - "uLsNrWAsFJiFbQKgdFfQT3RjB14iU8knlQ8usoy+pXssY2ddGJGVcGC21oZv" - "stK9eu1eRZftda/wP+N5unT1Hw7kCoVzqxHieiYt47EGIOaaQ7XjZDK6qPN6" - "O/grHnvJZm2vBkxuXgsYVkRQ7AuTWIecphqFsq7Wbc1YNbMW47SVU5zMD0Wa" - "CqbaaI0t4uIzRvPlD8cpiiTzFTrEHlIBTf8/uZjjEGGLhJR1jPqA9D1Ej3Ch" - "V+ye6F9JTUMlozRMsGuF8U4btDzH5xdnmvRS4Ar6LKEtAXGkj2yuyJln+v4R" - "IWj2xOGPJovOqiXwi0FyM61f8U8gj0OiNA2/QlvrqQVDF7sMXgjvaE7iQt5v" - "METteZlx+z3f+jTFM/aon511W4+ZkRD+6AHwucvM9BEC\"" - ",\"someflag\":false}]}" -}; - -/* - * These annotate the members in the struct that will be serialized and - * deserialized with type and size information, as well as the name to use - * in the serialization format. - * - * Struct members that aren't annotated like this won't be serialized and - * when the struct is created during deserialiation, the will be set to 0 - * or NULL. - */ - -/* child object */ - -typedef struct sai_child { - const char * somename; -} sai_child_t; - -lws_struct_map_t lsm_child[] = { /* describes serializable members */ - LSM_STRING_PTR (sai_child_t, somename, "somename"), -}; - -/* target object */ - -typedef struct sai_target { - struct lws_dll2 target_list; - sai_child_t * child; - - const char * name; - char someflag; -} sai_target_t; - -static const lws_struct_map_t lsm_target[] = { - LSM_STRING_PTR (sai_target_t, name, "name"), - LSM_BOOLEAN (sai_target_t, someflag, "someflag"), - LSM_CHILD_PTR (sai_target_t, child, sai_child_t, - NULL, lsm_child, "child"), -}; - -/* builder object */ - -typedef struct sai_builder { - struct lws_dll2_owner targets; - - char hostname[32]; - unsigned int nspawn_timeout; -} sai_builder_t; - -static const lws_struct_map_t lsm_builder[] = { - LSM_CARRAY (sai_builder_t, hostname, "hostname"), - LSM_UNSIGNED (sai_builder_t, nspawn_timeout, "nspawn_timeout"), - LSM_LIST (sai_builder_t, targets, - sai_target_t, target_list, - NULL, lsm_target, "targets"), -}; - -/* Schema table - * - * Before we can understand the serialization top level format, we must read - * the schema, use the table below to create the right toplevel object for the - * schema name, and select the correct map tables to interpret the rest of the - * serialization. - * - * Therefore the schema tables below are the starting point for the - * JSON deserialization. - */ - -static const lws_struct_map_t lsm_schema_map[] = { - LSM_SCHEMA (sai_builder_t, NULL, - lsm_builder, "com-warmcat-sai-builder"), -}; - -static int -show_target(struct lws_dll2 *d, void *user) -{ - sai_target_t *t = lws_container_of(d, sai_target_t, target_list); - - lwsl_notice(" target.name '%s' (target %p)\n", t->name, t); - - if (t->child) - lwsl_notice(" child %p, target.child.somename '%s'\n", - t->child, t->child->somename); - - return 0; -} - - -int main(int argc, const char **argv) -{ - int n, m, e = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; -#if 1 - lws_struct_serialize_t *ser; - uint8_t buf[4096]; - size_t written; -#endif - struct lejp_ctx ctx; - lws_struct_args_t a; - sai_builder_t *b; - const char *p; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: lws_struct JSON\n"); - - for (m = 0; m < (int)LWS_ARRAY_SIZE(json_tests); m++) { - - /* 1. deserialize the canned JSON into structs */ - - lwsl_notice("%s: ++++++++++++++++ test %d\n", __func__, m + 1); - - memset(&a, 0, sizeof(a)); - a.map_st[0] = lsm_schema_map; - a.map_entries_st[0] = LWS_ARRAY_SIZE(lsm_schema_map); - a.ac_block_size = 512; - - lws_struct_json_init_parse(&ctx, NULL, &a); - n = (int)(signed char)lejp_parse(&ctx, (uint8_t *)json_tests[m], - strlen(json_tests[m])); - if (n < 0) { - lwsl_err("%s: notification JSON decode failed '%s'\n", - __func__, lejp_error_to_string(n)); - e++; - goto done; - } - lwsac_info(a.ac); - - b = a.dest; - if (!b) { - lwsl_err("%s: didn't produce any output\n", __func__); - e++; - goto done; - } - - lwsl_notice("builder.hostname = '%s', timeout = %d, targets (%d)\n", - b->hostname, b->nspawn_timeout, - b->targets.count); - - lws_dll2_foreach_safe(&b->targets, NULL, show_target); - - /* 2. serialize the structs into JSON and confirm */ - - lwsl_notice("%s: .... strarting serialization of test %d\n", - __func__, m + 1); - ser = lws_struct_json_serialize_create(lsm_schema_map, - LWS_ARRAY_SIZE(lsm_schema_map), - 0//LSSERJ_FLAG_PRETTY - , b); - if (!ser) { - lwsl_err("%s: unable to init serialization\n", __func__); - goto bail; - } - - do { - n = lws_struct_json_serialize(ser, buf, sizeof(buf), - &written); - lwsl_notice("ser says %d\n", n); - switch (n) { - case LSJS_RESULT_CONTINUE: - case LSJS_RESULT_FINISH: - puts((const char *)buf); - break; - case LSJS_RESULT_ERROR: - goto bail; - } - } while(n == LSJS_RESULT_CONTINUE); - - if (strcmp(json_expected[m], (char *)buf)) { - lwsl_err("%s: test %d: expected %s\n", __func__, m + 1, - json_expected[m]); - e++; - } - - lws_struct_json_serialize_destroy(&ser); - -done: - lwsac_free(&a.ac); - } - - if (e) - goto bail; - - lwsl_user("Completed: PASS\n"); - - return 0; - -bail: - lwsl_user("Completed: FAIL\n"); - - return 1; -} diff --git a/minimal-examples/api-tests/api-test-lws_struct-json/selftest.sh b/minimal-examples/api-tests/api-test-lws_struct-json/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-lws_struct-json/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-lws_tokenize/CMakeLists.txt b/minimal-examples/api-tests/api-test-lws_tokenize/CMakeLists.txt deleted file mode 100644 index 7bfc6f6..0000000 --- a/minimal-examples/api-tests/api-test-lws_tokenize/CMakeLists.txt +++ /dev/null @@ -1,73 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-lws_tokenize) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - - - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() diff --git a/minimal-examples/api-tests/api-test-lws_tokenize/README.md b/minimal-examples/api-tests/api-test-lws_tokenize/README.md deleted file mode 100644 index a6b75ec..0000000 --- a/minimal-examples/api-tests/api-test-lws_tokenize/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# lws api test lws_tokenize - -Performs selftests for lws_tokenize - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --s "input string"|String to tokenize --f 15|LWS_TOKENIZE_F_ flag values to apply to processing of -s - -``` - $ ./lws-api-test-lws_tokenize -[2018/10/09 09:14:17:4834] USER: LWS API selftest: lws_tokenize -[2018/10/09 09:14:17:4835] USER: Completed: PASS: 6, FAIL: 0 -``` - -If the `-s string` option is given, the string is tokenized on stdout in -the format used to produce the tests in the sources - -``` - $ ./lws-api-test-lws_tokenize -s "hello: 1234,256" -[2018/10/09 09:14:17:4834] USER: LWS API selftest: lws_tokenize -{ LWS_TOKZE_TOKEN_NAME_COLON, "hello", 5 } -{ LWS_TOKZE_INTEGER, "1234", 4 } -{ LWS_TOKZE_DELIMITER, ",", 1 } -{ LWS_TOKZE_INTEGER, "256", 3 } -{ LWS_TOKZE_ENDED, "", 0 } -``` - diff --git a/minimal-examples/api-tests/api-test-lws_tokenize/main.c b/minimal-examples/api-tests/api-test-lws_tokenize/main.c deleted file mode 100644 index 3257c4f..0000000 --- a/minimal-examples/api-tests/api-test-lws_tokenize/main.c +++ /dev/null @@ -1,408 +0,0 @@ -/* - * lws-api-test-lws_tokenize - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -struct expected { - lws_tokenize_elem e; - const char *value; - int len; -}; - -struct tests { - const char *string; - struct expected *exp; - int count; - int flags; -}; - -struct expected expected1[] = { - { LWS_TOKZE_TOKEN, "protocol-1", 10 }, - { LWS_TOKZE_DELIMITER, ",", 1}, - { LWS_TOKZE_TOKEN, "protocol_2", 10 }, - { LWS_TOKZE_DELIMITER, ",", 1}, - { LWS_TOKZE_TOKEN, "protocol3", 9 }, - { LWS_TOKZE_ENDED, NULL, 0 }, - }, - expected2[] = { - { LWS_TOKZE_TOKEN_NAME_COLON, "Accept-Language", 15 }, - { LWS_TOKZE_TOKEN, "fr-CH", 5 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "fr", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1}, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.9", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "en", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1}, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.8", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "de", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1}, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.7", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_DELIMITER, "*", 1 }, - { LWS_TOKZE_DELIMITER, ";", 1 }, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.5", 3 }, - { LWS_TOKZE_ENDED, NULL, 0 }, - }, - expected3[] = { - { LWS_TOKZE_TOKEN_NAME_EQUALS, "quoted", 6 }, - { LWS_TOKZE_QUOTED_STRING, "things:", 7 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_INTEGER, "1234", 4 }, - { LWS_TOKZE_ENDED, NULL, 0 }, - }, - expected4[] = { - { LWS_TOKZE_ERR_COMMA_LIST, ",", 1 }, - }, - expected5[] = { - { LWS_TOKZE_TOKEN, "brokenlist2", 11 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_ERR_COMMA_LIST, ",", 1 }, - }, - expected6[] = { - { LWS_TOKZE_TOKEN, "brokenlist3", 11 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_ERR_COMMA_LIST, ",", 1 }, - - }, - expected7[] = { - { LWS_TOKZE_TOKEN, "fr", 2 }, - { LWS_TOKZE_DELIMITER, "-", 1 }, - { LWS_TOKZE_TOKEN, "CH", 2 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "fr", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1 }, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.9", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "en", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1 }, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.8", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "de", 2 }, - { LWS_TOKZE_DELIMITER, ";", 1 }, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.7", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "*", 1 }, - { LWS_TOKZE_DELIMITER, ";", 1 }, - { LWS_TOKZE_TOKEN_NAME_EQUALS, "q", 1 }, - { LWS_TOKZE_FLOAT, "0.5", 3 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected8[] = { - { LWS_TOKZE_TOKEN, "Οὐχὶ", 10 }, - { LWS_TOKZE_TOKEN, "ταὐτὰ", 12 }, - { LWS_TOKZE_TOKEN, "παρίσταταί", 22 }, - { LWS_TOKZE_TOKEN, "μοι", 6 }, - { LWS_TOKZE_TOKEN, "γιγνώσκειν", 21 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "ὦ", 3 }, - { LWS_TOKZE_TOKEN, "ἄνδρες", 13 }, - { LWS_TOKZE_TOKEN, "᾿Αθηναῖοι", 20 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "greek", 5 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected9[] = { - /* - * because the tokenizer scans ahead for = aggregation, - * it finds the broken utf8 before reporting the token - */ - { LWS_TOKZE_ERR_BROKEN_UTF8, "", 0 }, - }, - expected10[] = { - { LWS_TOKZE_TOKEN, "badutf8-2", 9 }, - { LWS_TOKZE_TOKEN, "퟿", 3 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_ERR_BROKEN_UTF8, "", 0 }, - }, - expected11[] = { - { LWS_TOKZE_TOKEN, "1.myserver", 10 }, - { LWS_TOKZE_DELIMITER, ".", 1 }, - { LWS_TOKZE_TOKEN, "com", 3 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected12[] = { - { LWS_TOKZE_TOKEN, "1.myserver.com", 14 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected13[] = { - { LWS_TOKZE_TOKEN, "1.myserver.com", 14 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected14[] = { - { LWS_TOKZE_INTEGER, "1", 1 }, - { LWS_TOKZE_DELIMITER, ".", 1 }, - { LWS_TOKZE_TOKEN, "myserver", 8 }, - { LWS_TOKZE_DELIMITER, ".", 1 }, - { LWS_TOKZE_TOKEN, "com", 3 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected15[] = { - { LWS_TOKZE_TOKEN, "close", 5 }, - { LWS_TOKZE_DELIMITER, ",", 1 }, - { LWS_TOKZE_TOKEN, "Upgrade", 7 }, - { LWS_TOKZE_ENDED, "", 0 }, - }, - expected16[] = { - { LWS_TOKZE_TOKEN_NAME_EQUALS, "a", 1 }, - { LWS_TOKZE_TOKEN, "5", 1 }, - { LWS_TOKZE_ENDED, "", 0 }, - } - -; - -struct tests tests[] = { - { - " protocol-1, protocol_2\t,\tprotocol3\n", - expected1, LWS_ARRAY_SIZE(expected1), - LWS_TOKENIZE_F_MINUS_NONTERM | LWS_TOKENIZE_F_AGG_COLON - }, { - "Accept-Language: fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", - expected2, LWS_ARRAY_SIZE(expected2), - LWS_TOKENIZE_F_MINUS_NONTERM | LWS_TOKENIZE_F_AGG_COLON - }, { - "quoted = \"things:\", 1234", - expected3, LWS_ARRAY_SIZE(expected3), - LWS_TOKENIZE_F_MINUS_NONTERM | LWS_TOKENIZE_F_AGG_COLON - }, { - ", brokenlist1", - expected4, LWS_ARRAY_SIZE(expected4), - LWS_TOKENIZE_F_COMMA_SEP_LIST - }, { - "brokenlist2,,", - expected5, LWS_ARRAY_SIZE(expected5), - LWS_TOKENIZE_F_COMMA_SEP_LIST - }, { - "brokenlist3,", - expected6, LWS_ARRAY_SIZE(expected6), - LWS_TOKENIZE_F_COMMA_SEP_LIST - }, { - "fr-CH, fr;q=0.9, en;q=0.8, de;q=0.7, *;q=0.5", - expected7, LWS_ARRAY_SIZE(expected7), - LWS_TOKENIZE_F_RFC7230_DELIMS - }, - { - " Οὐχὶ ταὐτὰ παρίσταταί μοι γιγνώσκειν, ὦ ἄνδρες ᾿Αθηναῖοι, greek", - expected8, LWS_ARRAY_SIZE(expected8), - LWS_TOKENIZE_F_RFC7230_DELIMS - }, - { - "badutf8-1 \x80...", - expected9, LWS_ARRAY_SIZE(expected9), - LWS_TOKENIZE_F_MINUS_NONTERM | LWS_TOKENIZE_F_RFC7230_DELIMS - }, - { - "badutf8-2 \xed\x9f\xbf,\x80...", - expected10, LWS_ARRAY_SIZE(expected10), - LWS_TOKENIZE_F_MINUS_NONTERM | LWS_TOKENIZE_F_RFC7230_DELIMS - }, - { - "1.myserver.com", - expected11, LWS_ARRAY_SIZE(expected11), - 0 - }, - { - "1.myserver.com", - expected12, LWS_ARRAY_SIZE(expected12), - LWS_TOKENIZE_F_DOT_NONTERM - }, - { - "1.myserver.com", - expected13, LWS_ARRAY_SIZE(expected13), - LWS_TOKENIZE_F_DOT_NONTERM | LWS_TOKENIZE_F_NO_FLOATS - }, - { - "1.myserver.com", - expected14, LWS_ARRAY_SIZE(expected14), - LWS_TOKENIZE_F_NO_FLOATS - }, - { - "close, Upgrade", - expected15, LWS_ARRAY_SIZE(expected15), - LWS_TOKENIZE_F_COMMA_SEP_LIST - }, - { - "a=5", expected16, LWS_ARRAY_SIZE(expected16), - LWS_TOKENIZE_F_NO_INTEGERS - }, -}; - -/* - * add LWS_TOKZE_ERRS to the element index (which may be negative by that - * amount) to index this array - */ - -static const char *element_names[] = { - "LWS_TOKZE_ERR_BROKEN_UTF8", - "LWS_TOKZE_ERR_UNTERM_STRING", - "LWS_TOKZE_ERR_MALFORMED_FLOAT", - "LWS_TOKZE_ERR_NUM_ON_LHS", - "LWS_TOKZE_ERR_COMMA_LIST", - "LWS_TOKZE_ENDED", - "LWS_TOKZE_DELIMITER", - "LWS_TOKZE_TOKEN", - "LWS_TOKZE_INTEGER", - "LWS_TOKZE_FLOAT", - "LWS_TOKZE_TOKEN_NAME_EQUALS", - "LWS_TOKZE_TOKEN_NAME_COLON", - "LWS_TOKZE_QUOTED_STRING", -}; - -int main(int argc, const char **argv) -{ - struct lws_tokenize ts; - lws_tokenize_elem e; - const char *p; - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - int fail = 0, ok = 0, flags = 0; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: lws_tokenize\n"); - - if ((p = lws_cmdline_option(argc, argv, "-f"))) - flags = atoi(p); - - p = lws_cmdline_option(argc, argv, "-s"); - - for (n = 0; n < (int)LWS_ARRAY_SIZE(tests); n++) { - int m = 0, in_fail = fail; - struct expected *exp = tests[n].exp; - - ts.start = tests[n].string; - ts.len = strlen(ts.start); - ts.flags = tests[n].flags; - - do { - e = lws_tokenize(&ts); - - lwsl_info("{ %s, \"%.*s\", %d }\n", - element_names[e + LWS_TOKZE_ERRS], - (int)ts.token_len, ts.token, - (int)ts.token_len); - - if (m == (int)tests[n].count) { - lwsl_notice("fail: expected end earlier\n"); - fail++; - break; - } - - if (e != exp->e) { - lwsl_notice("fail... tok %s vs expected %s\n", - element_names[e + LWS_TOKZE_ERRS], - element_names[exp->e + LWS_TOKZE_ERRS]); - fail++; - break; - } - - if (e > 0 && - (ts.token_len != exp->len || - memcmp(exp->value, ts.token, exp->len))) { - lwsl_notice("fail token mismatch %d %d %.*s\n", - ts.token_len, exp->len, ts.token_len, ts.token); - fail++; - break; - } - - m++; - exp++; - - } while (e > 0); - - if (fail == in_fail) - ok++; - } - - if (p) { - ts.start = p; - ts.len = strlen(p); - ts.flags = flags; - - printf("\t{\n\t\t\"%s\",\n" - "\t\texpected%d, LWS_ARRAY_SIZE(expected%d),\n\t\t", - p, (int)LWS_ARRAY_SIZE(tests) + 1, - (int)LWS_ARRAY_SIZE(tests) + 1); - - if (!flags) - printf("0\n\t},\n"); - else { - if (flags & LWS_TOKENIZE_F_MINUS_NONTERM) - printf("LWS_TOKENIZE_F_MINUS_NONTERM"); - if (flags & LWS_TOKENIZE_F_AGG_COLON) { - if (flags & 1) - printf(" | "); - printf("LWS_TOKENIZE_F_AGG_COLON"); - } - if (flags & LWS_TOKENIZE_F_COMMA_SEP_LIST) { - if (flags & 3) - printf(" | "); - printf("LWS_TOKENIZE_F_COMMA_SEP_LIST"); - } - if (flags & LWS_TOKENIZE_F_RFC7230_DELIMS) { - if (flags & 7) - printf(" | "); - printf("LWS_TOKENIZE_F_RFC7230_DELIMS"); - } - if (flags & LWS_TOKENIZE_F_DOT_NONTERM) { - if (flags & 15) - printf(" | "); - printf("LWS_TOKENIZE_F_DOT_NONTERM"); - } - if (flags & LWS_TOKENIZE_F_NO_FLOATS) { - if (flags & 31) - printf(" | "); - printf("LWS_TOKENIZE_F_NO_FLOATS"); - } - printf("\n\t},\n"); - } - - printf("\texpected%d[] = {\n", (int)LWS_ARRAY_SIZE(tests) + 1); - - do { - e = lws_tokenize(&ts); - - printf("\t\t{ %s, \"%.*s\", %d },\n", - element_names[e + LWS_TOKZE_ERRS], - (int)ts.token_len, - ts.token, (int)ts.token_len); - - } while (e > 0); - - printf("\t}\n"); - } - - - lwsl_user("Completed: PASS: %d, FAIL: %d\n", ok, fail); - - return !(ok && !fail); -} diff --git a/minimal-examples/api-tests/api-test-lws_tokenize/selftest.sh b/minimal-examples/api-tests/api-test-lws_tokenize/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-lws_tokenize/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-lwsac/CMakeLists.txt b/minimal-examples/api-tests/api-test-lwsac/CMakeLists.txt deleted file mode 100644 index a73c680..0000000 --- a/minimal-examples/api-tests/api-test-lwsac/CMakeLists.txt +++ /dev/null @@ -1,73 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-api-test-lwsac) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - - - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() diff --git a/minimal-examples/api-tests/api-test-lwsac/README.md b/minimal-examples/api-tests/api-test-lwsac/README.md deleted file mode 100644 index 74034c7..0000000 --- a/minimal-examples/api-tests/api-test-lwsac/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# lws api test lwsac - -Demonstrates how to use and performs selftests for lwsac - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -``` - $ ./lws-api-test-lwsac -[2018/10/09 09:14:17:4834] USER: LWS API selftest: lwsac -[2018/10/09 09:14:17:4835] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-lwsac/main.c b/minimal-examples/api-tests/api-test-lwsac/main.c deleted file mode 100644 index 0ea0aa4..0000000 --- a/minimal-examples/api-tests/api-test-lwsac/main.c +++ /dev/null @@ -1,83 +0,0 @@ -/* - * lws-api-test-lwsac - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include - -struct mytest { - int payload; - /* notice doesn't have to be at start of struct */ - lws_list_ptr list_next; - /* a struct can appear on multiple lists too... */ -}; - -/* converts a ptr to struct mytest .list_next to a ptr to struct mytest */ -#define list_to_mytest(p) lws_list_ptr_container(p, struct mytest, list_next) - -int main(int argc, const char **argv) -{ - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE, acc; - lws_list_ptr list_head = NULL, iter; - struct lwsac *lwsac = NULL; - struct mytest *m; - const char *p; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: lwsac\n"); - - /* - * 1) allocate and create 1000 struct mytest in a linked-list - */ - - for (n = 0; n < 1000; n++) { - m = lwsac_use(&lwsac, sizeof(*m), 0); - if (!m) - return -1; - m->payload = n; - - lws_list_ptr_insert(&list_head, &m->list_next, NULL); - } - - /* - * 2) report some debug info about the lwsac state... those 1000 - * allocations actually only required 4 mallocs - */ - - lwsac_info(lwsac); - - /* 3) iterate the list, accumulating the payloads */ - - acc = 0; - iter = list_head; - while (iter) { - m = list_to_mytest(iter); - acc += m->payload; - - lws_list_ptr_advance(iter); - } - - if (acc != 499500) { - lwsl_err("%s: FAIL acc %d\n", __func__, acc); - - return 1; - } - - /* - * 4) deallocate everything (lwsac is also set to NULL). It just - * deallocates the 4 mallocs, everything in there is gone accordingly - */ - - lwsac_free(&lwsac); - - lwsl_user("Completed: PASS\n"); - - return 0; -} diff --git a/minimal-examples/api-tests/api-test-lwsac/selftest.sh b/minimal-examples/api-tests/api-test-lwsac/selftest.sh deleted file mode 100755 index 16d1e2e..0000000 --- a/minimal-examples/api-tests/api-test-lwsac/selftest.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 apiselftest -exit $FAILS diff --git a/minimal-examples/api-tests/api-test-smtp_client/CMakeLists.txt b/minimal-examples/api-tests/api-test-smtp_client/CMakeLists.txt deleted file mode 100644 index 4c8e671..0000000 --- a/minimal-examples/api-tests/api-test-smtp_client/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-unit-tests-smtp-client) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_SMTP 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/api-tests/api-test-smtp_client/README.md b/minimal-examples/api-tests/api-test-smtp_client/README.md deleted file mode 100644 index 4c2052d..0000000 --- a/minimal-examples/api-tests/api-test-smtp_client/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# lws api test smtp client - -Performs unit tests on the lws SMTP client abstract protocol -implementation. - -The first test "sends mail to a server" (actually is prompted by -test vectors that look like a server) and the second test -confirm it can handle rejection by the "server" cleanly. - -## build - -Requires lws was built with `-DLWS_WITH_SMTP=1` at cmake. - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --r |Send the test email to this email address - - -``` - $ ./lws-api-test-smtp_client -[2019/06/28 21:56:41:0711] USER: LWS API selftest: SMTP client unit tests -[2019/06/28 21:56:41:1114] NOTICE: test_sequencer_cb: test-seq: created -[2019/06/28 21:56:41:1259] NOTICE: unit_test_sequencer_cb: unit-test-seq: created -[2019/06/28 21:56:41:1272] NOTICE: lws_atcut_client_conn: smtp: test 'sending': start -[2019/06/28 21:56:41:1441] NOTICE: unit_test_sequencer_cb: unit-test-seq: created -[2019/06/28 21:56:41:1442] NOTICE: lws_atcut_client_conn: smtp: test 'rejected': start -[2019/06/28 21:56:41:1453] NOTICE: lws_smtp_client_abs_rx: bad response from server: 500 (state 4) 500 Service Unavailable -[2019/06/28 21:56:41:1467] USER: test_sequencer_cb: sequence completed OK -[2019/06/28 21:56:41:1474] USER: main: 2 tests 0 fail -[2019/06/28 21:56:41:1476] USER: test 0: PASS -[2019/06/28 21:56:41:1478] USER: test 1: PASS -[2019/06/28 21:56:41:1480] USER: Completed: PASS -``` - diff --git a/minimal-examples/api-tests/api-test-smtp_client/main.c b/minimal-examples/api-tests/api-test-smtp_client/main.c deleted file mode 100644 index df7adac..0000000 --- a/minimal-examples/api-tests/api-test-smtp_client/main.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * lws-unit-tests-smtp-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This performs unit tests for the SMTP client abstract protocol - */ - -#include - -#include - -static int interrupted, results[10], count_tests, count_passes; - -static int -email_sent_or_failed(struct lws_smtp_email *email, void *buf, size_t len) -{ - free(email); - - return 0; -} - -/* - * The test helper calls this on the instance it created to prepare it for - * the test. In our case, we need to queue up a test email to send on the - * smtp client abstract protocol. - */ - -static int -smtp_test_instance_init(lws_abs_t *instance) -{ - lws_smtp_email_t *email = (lws_smtp_email_t *) - malloc(sizeof(*email) + 2048); - - if (!email) - return 1; - - /* attach an email to it */ - - memset(email, 0, sizeof(*email)); - email->data = NULL /* email specific user data */; - email->email_from = "noreply@warmcat.com"; - email->email_to = "andy@warmcat.com"; - email->payload = (void *)&email[1]; - - lws_snprintf((char *)email->payload, 2048, - "From: noreply@example.com\n" - "To: %s\n" - "Subject: Test email for lws smtp-client\n" - "\n" - "Hello this was an api test for lws smtp-client\n" - "\r\n.\r\n", "andy@warmcat.com"); - email->done = email_sent_or_failed; - - if (lws_smtp_client_add_email(instance, email)) { - lwsl_err("%s: failed to add email\n", __func__); - return 1; - } - - return 0; -} - -/* - * from https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol - * - * test vector sent to protocol - * test vector received from protocol - */ - -static lws_unit_test_packet_t test_send1[] = { - { - "220 smtp.example.com ESMTP Postfix", - smtp_test_instance_init, 34, LWS_AUT_EXPECT_RX - }, { - "HELO lws-test-client\x0a", - NULL, 21, LWS_AUT_EXPECT_TX - }, { - "250 smtp.example.com, I am glad to meet you", - NULL, 43, LWS_AUT_EXPECT_RX - }, { - "MAIL FROM: \x0a", - NULL, 33, LWS_AUT_EXPECT_TX - }, { - "250 Ok", - NULL, 6, LWS_AUT_EXPECT_RX - }, { - "RCPT TO: \x0a", - NULL, 28, LWS_AUT_EXPECT_TX - }, { - "250 Ok", - NULL, 6, LWS_AUT_EXPECT_RX - }, { - "DATA\x0a", - NULL, 5, LWS_AUT_EXPECT_TX - }, { - "354 End data with .\x0a", - NULL, 35, LWS_AUT_EXPECT_RX - }, { - "From: noreply@example.com\n" - "To: andy@warmcat.com\n" - "Subject: Test email for lws smtp-client\n" - "\n" - "Hello this was an api test for lws smtp-client\n" - "\r\n.\r\n", - NULL, 27 + 21 + 39 + 1 + 47 + 5, LWS_AUT_EXPECT_TX - }, { - "250 Ok: queued as 12345\x0a", - NULL, 23, LWS_AUT_EXPECT_RX - }, { - "quit\x0a", - NULL, 5, LWS_AUT_EXPECT_TX - }, { - "221 Bye\x0a", - NULL, 7, LWS_AUT_EXPECT_RX | - LWS_AUT_EXPECT_LOCAL_CLOSE | - LWS_AUT_EXPECT_DO_REMOTE_CLOSE | - LWS_AUT_EXPECT_TEST_END - }, { /* sentinel */ - - } -}; - - -static lws_unit_test_packet_t test_send2[] = { - { - "220 smtp.example.com ESMTP Postfix", - smtp_test_instance_init, 34, LWS_AUT_EXPECT_RX - }, { - "HELO lws-test-client\x0a", - NULL, 21, LWS_AUT_EXPECT_TX - }, { - "250 smtp.example.com, I am glad to meet you", - NULL, 43, LWS_AUT_EXPECT_RX - }, { - "MAIL FROM: \x0a", - NULL, 33, LWS_AUT_EXPECT_TX - }, { - "500 Service Unavailable", - NULL, 23, LWS_AUT_EXPECT_RX | - LWS_AUT_EXPECT_DO_REMOTE_CLOSE | - LWS_AUT_EXPECT_TEST_END - }, { /* sentinel */ - - } -}; - -static lws_unit_test_t tests[] = { - { "sending", test_send1, 3 }, - { "rejected", test_send2, 3 }, - { } /* sentinel */ -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -/* - * set the HELO our SMTP client will use - */ - -static const lws_token_map_t smtp_protocol_tokens[] = { - { - .u = { .value = "lws-test-client" }, - .name_index = LTMI_PSMTP_V_HELO, - }, { /* sentinel */ - } -}; - -void -tests_completion_cb(const void *cb_user) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - int n = 1, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - lws_test_sequencer_args_t args; - struct lws_context *context; - struct lws_vhost *vh; - lws_abs_t abs, *instance; - const char *p; - - /* the normal lws init */ - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS API selftest: SMTP client unit tests\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - vh = lws_create_vhost(context, &info); - if (!vh) { - lwsl_err("Failed to create first vhost\n"); - goto bail1; - } - - /* create the smtp client */ - - memset(&abs, 0, sizeof(abs)); - abs.vh = vh; - - /* select the protocol and bind its tokens */ - - abs.ap = lws_abs_protocol_get_by_name("smtp"); - if (!abs.ap) - goto bail1; - - abs.ap_tokens = smtp_protocol_tokens; - - /* select the transport and bind its tokens */ - - abs.at = lws_abs_transport_get_by_name("unit_test"); - if (!abs.at) - goto bail1; - - instance = lws_abs_bind_and_create_instance(&abs); - if (!instance) - goto bail1; - - /* configure the test sequencer */ - - args.abs = &abs; - args.tests = tests; - args.results = results; - args.results_max = LWS_ARRAY_SIZE(results); - args.count_tests = &count_tests; - args.count_passes = &count_passes; - args.cb = tests_completion_cb; - args.cb_user = NULL; - - if (lws_abs_unit_test_sequencer(&args)) { - lwsl_err("%s: failed to create test sequencer\n", __func__); - goto bail1; - } - - /* the usual lws event loop */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - /* describe the overall test results */ - - lwsl_user("%s: %d tests %d fail\n", __func__, count_tests, - count_tests - count_passes); - for (n = 0; n < count_tests; n++) - lwsl_user(" test %d: %s\n", n, - lws_unit_test_result_name(results[n])); - -bail1: - lwsl_user("Completed: %s\n", - !count_tests || count_passes != count_tests ? "FAIL" : "PASS"); - - lws_context_destroy(context); - - return !count_tests || count_passes != count_tests; -} diff --git a/minimal-examples/client-server/README.md b/minimal-examples/client-server/README.md deleted file mode 100644 index 7339c61..0000000 --- a/minimal-examples/client-server/README.md +++ /dev/null @@ -1,3 +0,0 @@ -|name|demonstrates| ----|--- -minimal-ws-proxy|Serves an index.html over http that connects back to the ws server, and maintains a ws client connection of its own at the same time to https://libwebsockets.org dumb-increment-protocol to feed a ringbuffer that is sent to all connected browsers. diff --git a/minimal-examples/client-server/minimal-ws-proxy/CMakeLists.txt b/minimal-examples/client-server/minimal-ws-proxy/CMakeLists.txt deleted file mode 100644 index a265496..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-proxy) -set(SRCS minimal-ws-proxy.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/client-server/minimal-ws-proxy/README.md b/minimal-examples/client-server/minimal-ws-proxy/README.md deleted file mode 100644 index 5c65500..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# lws minimal ws proxy - -## Build - -``` - $ cmake . && make -``` - -## Description - -This is the same as minimal-ws-server-ring, but with the -inclusion of a ws client connection to https://libwebsockets.org -using the dumb-increment protocol feeding the ringbuffer. - -Each client that connect to this server receives the content that -had arrived on the client connection feeding the ringbuffer proxied -to their browser window over a ws connection. - -## Usage - -``` - $ ./lws-minimal-ws-proxy -[2018/03/14 17:50:10:6938] USER: LWS minimal ws proxy | visit http://localhost:7681 -[2018/03/14 17:50:10:6955] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -[2018/03/14 17:50:10:6955] NOTICE: Using non-SSL mode -[2018/03/14 17:50:10:7035] NOTICE: created client ssl context for default -[2018/03/14 17:50:11:7047] NOTICE: binding to lws-minimal-proxy -[2018/03/14 17:50:11:7047] NOTICE: lws_client_connect_2: 0x872e60: address libwebsockets.org -[2018/03/14 17:50:12:3282] NOTICE: lws_client_connect_2: 0x872e60: address libwebsockets.org -[2018/03/14 17:50:13:8195] USER: callback_minimal: established -``` - -Visit http://localhost:7681 on multiple browser windows - -Data received on the remote wss connection is copied to all open browser windows. - -A ringbuffer holds up to 8 lines of text in the server, and the browser shows -the last 20 lines of received text. diff --git a/minimal-examples/client-server/minimal-ws-proxy/minimal-ws-proxy.c b/minimal-examples/client-server/minimal-ws-proxy/minimal-ws-proxy.c deleted file mode 100644 index 4bb5a3e..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/minimal-ws-proxy.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * lws-minimal-ws-proxy - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with an added websocket proxy distributing what is received on a - * dumb-increment wss connection to https://libwebsockets.org to all - * browsers connected to this server. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws proxy | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/example.js b/minimal-examples/client-server/minimal-ws-proxy/mount-origin/example.js deleted file mode 100644 index a25a3cd..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/example.js +++ /dev/null @@ -1,70 +0,0 @@ -var head = 0, tail = 0, ring = new Array(); - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal-proxy"); - try { - ws.onopen = function() { - document.getElementById("r").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - var n, s = ""; - - ring[head] = msg.data + "\n"; - head = (head + 1) % 20; - if (tail === head) - tail = (tail + 1) % 20; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 20; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("r").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } -}, false); diff --git a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/favicon.ico b/minimal-examples/client-server/minimal-ws-proxy/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/index.html b/minimal-examples/client-server/minimal-ws-proxy/mount-origin/index.html deleted file mode 100644 index 9df7cf8..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - -
- - Minimal ws server proxy example.
- The server makes a dumb-increment-protocol wss connection
- to libwebsockets.org. It proxies what it was sent to
- all browsers open on this page.
- The textarea show the last 20 lines received. -
-
-
- - diff --git a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/client-server/minimal-ws-proxy/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/strict-csp.svg b/minimal-examples/client-server/minimal-ws-proxy/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/client-server/minimal-ws-proxy/protocol_lws_minimal.c b/minimal-examples/client-server/minimal-ws-proxy/protocol_lws_minimal.c deleted file mode 100644 index c51c304..0000000 --- a/minimal-examples/client-server/minimal-ws-proxy/protocol_lws_minimal.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This version uses an lws_ring ringbuffer to cache up to 8 messages at a time, - * so it's not so easy to lose messages. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include -#include - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - uint32_t tail; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - - struct lws_ring *ring; /* ringbuffer holding unsent messages */ - struct lws_client_connect_info i; - struct lws *client_wsi; -}; - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static int -connect_client(struct per_vhost_data__minimal *vhd) -{ - vhd->i.context = vhd->context; - vhd->i.port = 443; - vhd->i.address = "libwebsockets.org"; - vhd->i.path = "/"; - vhd->i.host = vhd->i.address; - vhd->i.origin = vhd->i.address; - vhd->i.ssl_connection = 1; - - vhd->i.protocol = "dumb-increment-protocol"; - vhd->i.local_protocol_name = "lws-minimal-proxy"; - vhd->i.pwsi = &vhd->client_wsi; - - return !lws_client_connect_via_info(&vhd->i); -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - struct msg amsg; - int m; - - switch (reason) { - - /* --- protocol lifecycle callbacks --- */ - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) - return 1; - - if (connect_client(vhd)) - lws_timed_callback_vh_protocol(vhd->vhost, - vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - lws_ring_destroy(vhd->ring); - break; - - /* --- serving callbacks --- */ - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) - break; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + LWS_PRE, - pmsg->len, LWS_WRITE_TEXT); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct per_session_data__minimal, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - /* more to do? */ - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - break; - - /* --- client callbacks --- */ - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - vhd->client_wsi = NULL; - lws_timed_callback_vh_protocol(vhd->vhost, vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("%s: established\n", __func__); - break; - - case LWS_CALLBACK_CLIENT_RECEIVE: - /* if no clients, just drop incoming */ - if (!vhd->pss_list) - break; - - if (!lws_ring_get_count_free_elements(vhd->ring)) { - lwsl_user("dropping!\n"); - break; - } - - amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)amsg.payload + LWS_PRE, in, len); - if (!lws_ring_insert(vhd->ring, &amsg, 1)) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - break; - } - - /* - * let everybody know we want to write something on them - * as soon as they are ready - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - vhd->client_wsi = NULL; - lws_timed_callback_vh_protocol(vhd->vhost, vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - /* rate-limited client connect retries */ - - case LWS_CALLBACK_USER: - lwsl_notice("%s: LWS_CALLBACK_USER\n", __func__); - if (connect_client(vhd)) - lws_timed_callback_vh_protocol(vhd->vhost, - vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal-proxy", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/crypto/README.md b/minimal-examples/crypto/README.md deleted file mode 100644 index 1c95c13..0000000 --- a/minimal-examples/crypto/README.md +++ /dev/null @@ -1,7 +0,0 @@ -|name|tests| ----|--- -minimal-crypto-jwe|Examples for lws RFC7516 JWE apis -minimal-crypto-jwk|Examples for lws RFC7517 JWK apis -minimal-crypto-jws|Examples for lws RFC7515 JWS apis -minimal-crypto-x509|Examples for lws X.509 apis - diff --git a/minimal-examples/crypto/minimal-crypto-jwe/CMakeLists.txt b/minimal-examples/crypto/minimal-crypto-jwe/CMakeLists.txt deleted file mode 100644 index 05f7376..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwe/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-crypto-jwe) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_JOSE 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/crypto/minimal-crypto-jwe/README.md b/minimal-examples/crypto/minimal-crypto-jwe/README.md deleted file mode 100644 index f7ddc7a..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwe/README.md +++ /dev/null @@ -1,70 +0,0 @@ -# lws minimal example for JWE - -Demonstrates how to encrypt and decrypt using JWE and JWK, providing a -commandline tool for creating encrypted JWE and decoding them. - -## build - -``` - $ cmake . && make -``` - -## usage - -Stdin is either the plaintext (if encrypting) or JWE (if decrypting). - -Stdout is either the JWE (if encrypting) or plaintext (if decrypting). - -You must pass a private or public key JWK file in the -k option if encrypting, -and must pass a private key JWK file in the -k option if decrypting. To be -clear, for asymmetric keys the public part of the key is required to encrypt, -and the private part required to decrypt. - -For convenience, a pair of public and private keys are provided, -`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just - -``` - $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private -``` - -Similar keys for EC modes may be produced with - -``` - $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private -``` - -and for AES ("octet") symmetric keys - -``` - $ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private -``` - -JWEs produced with openssl and mbedtls backends are completely interchangeable. - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --e " "|Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE. --k |JWK file to encrypt or decrypt with --c|Format the JWE as a linebroken C string --f|Output flattened representation (instead of compact by default) - -``` - $ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256" -[2018/12/19 16:20:25:6519] USER: LWS JWE example tool -[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ -``` - -Notice the logging is on stderr, and the output alone on stdout. - -You can also pipe the output of the encrypt action directly into the decrypt -action, eg - -``` - $ echo -n "plaintext0123456" | \ - ./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \ - ./lws-crypto-jwe -k key-rsa-4096.private -``` - -prints the plaintext on stdout. diff --git a/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.private b/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.private deleted file mode 100644 index 1084143..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.private +++ /dev/null @@ -1 +0,0 @@ -{"d":"XcSl3ulvs4OGomu9thRPVQGOstim0PY7CibP_bnCmzjvmGmzb8J4q5AUmJCnZT5TesOzXuXhyG95CxQWsakd9GWHSAinV1QQSLsahaezPULRG1qmo37JqKb9noKkvXguh5XU5np8HjeoeeEkF_XqtCdEo0wHijEjTL9RZar98jmyAmlizoHIY9NnECavs4DZB27onU61B61vGpw-y4xhC9jlZSIwRqIMDzeTcSv8fRKcVYR80ozm2_KwWMpue27rS2EfTQUtsMXuYmnvMAf_DHqA0tNWyD1gpUWYHvlyBh5xnYrWPuXxQBRNesImQdRQl5VMMsuvdtY-uZfIVUdN5CcsB0acronx4UsmVg-Qz-jd1NVW4koZQM9uA4oWiMZg4FEUTQ-UWelHCldg-PYLAazsItmaHPF9LcAPkLkI8jaVS33v-DhSeXHW3Pg3sibtnPhouiSvD84zMtzu1gjFT7vtapMynBeZouqeWYT-BFeu2wzppJcW1YxTQ_Ai80VJSFY__Huw-9r1MOHmDRcEW7x9W97UezWDjrh5Shhh4C6SMYbaf7ouACzFu1i_r8Q06JqKA7aY8i5izKlKA0We9tQKlTF8Fgsneu9gpxFglvZsd1ersiA-MkuP9qTBQpyAf3kJ6HS9GrQUju6r3DExdWDjdvM5Grt8QD7Zkv-qXeE","dp":"M-LFs3T2GI1JxD5LJt2GgV4cMDKbiPKBddLukfG0duUxNp0-6x2LZ0ptxrlHrhxBMMmvCg4GEaujrZdaYWCar6xCnlnkVlOELz4yZ3JBSpS86thJw03xuE7lyeR7usFY4CpSqUQGI_YveITuFeoh4YjwdKDuqPhOpDI-34ptgU93dlBRS9nnQFTiVoUdP4bhGTKOpULTiLgPXHQxQR5rfiGVD9AIwqHvMdBQ0hxQBKEt37PbRWK_eTzMslHZGWNfbg8ipwJxisvHyUn0c1X3Uelw8BRyvNVCNovNDeCj-R7kFkMvriMd_sqGVy1Go46WZ2wMkUJHkvmYk0gDlhnTGQ","dq":"qO89nQEJfdkaDtGGyD-sQE2Mm8p_PIPSpCmgMfpl8zgSOb4P9iqXBgpHyS7w10uY_UHt8KW6pY7ozy0y4Gu_f4Wk_rcXiYYdbuIhlFl0_nLI2mfFPGxr1xC64zfjjEaBr4zIJr_YzhvTpjZFtIdSAH5VG5Tv-2yUtCC2DnKnU2kzEkgUeSI6LHOEVhXqup7C0Kjiv9FJsLR0hiqwH4oLziqH7EVqVDvJI3yL1lhqoLKjAu1ogTDgH7hzSrqVhttnpwL8rDcgbtY6Q8C2csdN3Jt1ucgtGy-Yzgqf_QIULP3CRlqzDTvHrMe2A9cNAQ4dNsCbNAjW_MxxGKKWuWXAMQ","e":"AQAB","kid":"my kid","kty":"RSA","n":"2_YjG_D1sOWJxs6cohikupHf5WJfWSFfSCrnNZ7WR7AyTLnKZAF4VKyimMeJTLYYwCAXMDD5XmkF8VluI4O-hASUIJ7F9eDg3vO7nPwtkWa9lkqt-QyQZ_PjiOGpwetBLzrsaXsC9PvdVzrKXnjeNPsmmbC_Fx2cUn4H_9H_WfXi01VR75XFTBtxTrDY7hmpZHuFCFUOMCW9siTZRk9339Y6ORBznBs4jFbkGI1Pmc3op0o5f8S1gus9L81W5uyUrxfd-CkmJ6eWE8I36cfzI6irN2bhVhR_NXERUtS0QOEeJYlRJXqfYkxTMVlsXPl6zbYt__ZYLC6ZiUTCc6K2KmfGh7fihWbao4dyQW3Mq4kClhpIT0O01Y0r7sR1j4jTnFNqbmtPSl9lEMrfiUHfOLqRJo3qizQ-b6HLCDty1otFz8Q8gg0rD3copQ_zFrcTGwJGAv2Absraj7kp9EJXBqneCJ3dlRO8rzx7KB9Dsj-ygh3kZaubkPCeT1v4l_VUY2iGnK4vzIGKM7j56DQ97ZAi1Bb0y6GYSbrWB2_z0DKJu0fiU-NscbKplR68vgppUM6_iogrk48JEZg_kkTymniqbT3g7J_WeoZSx1Uu8ZHI3ysIFfUtFscOa2SJGlj1ds-lfk6Oqac_I8ahRqQeyVAEisZPmYIGSJajbJopJ4s","p":"_V4CwEjRd8Hv9-ncqGdB_vtReTIuHSWQzSx4al15J3VxvPFI2kxicNeQKyq3OAVT2kmCmUP3ETgCdwuKIgw_QbEc8qNxtS_KpM_KsuTe9a5jrQKpt8ctYhzELZfr_sy9UzUGJzr8glLjJ1IDX4x6_JAqYB_NhttP6bzgu5Dt-DKtRPNO1qZtfhrLIgmltpC2M6-AlAv-dyHSHck2VJIL84Hwk4FulozEYxop0dKuZdfM5Z1dZM8-ICo62O0zUKzoWxKmQcB9_gDZsxYaO6xZ9BLmaW6-WcPSEI6YDnPk8ptnk_Kbyc4kPW4Z3ASczxjaewBmfl2_lwkqkndFVptAeQ","q":"3j9DR6ZpKC3WrshSrxXFYAuT19Rlf6qQ_9uD_Fq7dIpTjCZdl01695Qx7UmujKoetutL3RMCpeRdZR-gCLVh8aMxpMuIc5fHC6HbhsdF-I7GoqO0DEJ6coS3n5Ey4EXL5uoLh4C3l67wBKfLmPW28bxxG2QAP59jncWXkrBQm_qbS5Qon8r7wj0tejG_tGdsPjhsFc9KdnkkBucT6MiEVpzpdwDlsn7bHpMsyPlNyc0fj5qYmRB-DN7rv5varaisBaVT0mLQdwKjBDVqNVnU2m5azPhY-2txvihHaI5_cLIsLLaqKMbB17UxGumuT_o8S03_h8-1syO3Ay87y9pPIw","qi":"JY2uUek6wPrp4fPcInX_5WdNlhyghcGVEvlqxs9iOEUeCtUc6d42n9tgiImMu605dQaigvNaH5y1pwDpLlmxUk0nOUVxqo9mv0Uw8WNXB88FyDb0fPbewLpn4Fskb8Umv6_OymJ1W814DRG-jq3sI5DsB7AjtqJQ22nP2Vs1bIrx5fUxuScwrMsWSrrjAx4Kr8-5eeSDqE-_c7DPZ_zSPYDoHaMeR2pZfNAq3mEbxp8jMukzh77rYZ3ffQEA6AyxFSCSCrxVozhP4ypQ0jAkXVWOlj4nuV6briIqlL3ZboydwsIolRwaPSgH6-bw03XS6Hb9DA0KHJKLun94N9n5kw","use":"enc"} diff --git a/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.pub b/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.pub deleted file mode 100644 index e2bd85c..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwe/key-rsa-4096.pub +++ /dev/null @@ -1 +0,0 @@ -{"e":"AQAB","kid":"my kid","kty":"RSA","n":"2_YjG_D1sOWJxs6cohikupHf5WJfWSFfSCrnNZ7WR7AyTLnKZAF4VKyimMeJTLYYwCAXMDD5XmkF8VluI4O-hASUIJ7F9eDg3vO7nPwtkWa9lkqt-QyQZ_PjiOGpwetBLzrsaXsC9PvdVzrKXnjeNPsmmbC_Fx2cUn4H_9H_WfXi01VR75XFTBtxTrDY7hmpZHuFCFUOMCW9siTZRk9339Y6ORBznBs4jFbkGI1Pmc3op0o5f8S1gus9L81W5uyUrxfd-CkmJ6eWE8I36cfzI6irN2bhVhR_NXERUtS0QOEeJYlRJXqfYkxTMVlsXPl6zbYt__ZYLC6ZiUTCc6K2KmfGh7fihWbao4dyQW3Mq4kClhpIT0O01Y0r7sR1j4jTnFNqbmtPSl9lEMrfiUHfOLqRJo3qizQ-b6HLCDty1otFz8Q8gg0rD3copQ_zFrcTGwJGAv2Absraj7kp9EJXBqneCJ3dlRO8rzx7KB9Dsj-ygh3kZaubkPCeT1v4l_VUY2iGnK4vzIGKM7j56DQ97ZAi1Bb0y6GYSbrWB2_z0DKJu0fiU-NscbKplR68vgppUM6_iogrk48JEZg_kkTymniqbT3g7J_WeoZSx1Uu8ZHI3ysIFfUtFscOa2SJGlj1ds-lfk6Oqac_I8ahRqQeyVAEisZPmYIGSJajbJopJ4s"} diff --git a/minimal-examples/crypto/minimal-crypto-jwe/main.c b/minimal-examples/crypto/minimal-crypto-jwe/main.c deleted file mode 100644 index 9bd2676..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwe/main.c +++ /dev/null @@ -1,279 +0,0 @@ -/* - * lws-crypto-jwe - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include -#include -#include - -/* - * handles escapes and line wrapping suitable for use - * defining a C char array ( -c option ) - */ - -static void -format_c(const char *key) -{ - const char *k = key; - int seq = 0; - - while (*k) { - if (*k == '{') { - putchar('\"'); - putchar('{'); - putchar('\"'); - putchar('\n'); - putchar('\t'); - putchar('\"'); - k++; - seq = 0; - continue; - } - if (*k == '}') { - putchar('\"'); - putchar('\n'); - putchar('\"'); - putchar('}'); - putchar('\"'); - putchar('\n'); - k++; - seq = 0; - continue; - } - if (*k == '\"') { - putchar('\\'); - putchar('\"'); - seq += 2; - k++; - continue; - } - if (*k == ',') { - putchar(','); - putchar('\"'); - putchar('\n'); - putchar('\t'); - putchar('\"'); - k++; - seq = 0; - continue; - } - putchar(*k); - seq++; - if (seq >= 60) { - putchar('\"'); - putchar('\n'); - putchar('\t'); - putchar(' '); - putchar('\"'); - seq = 1; - } - k++; - } -} - -#define MAX_SIZE (4 * 1024 * 1024) - char temp[MAX_SIZE], compact[MAX_SIZE]; - -int main(int argc, const char **argv) -{ - int n, enc = 0, result = 0, - logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - char *in; - struct lws_context_creation_info info; - int temp_len = sizeof(temp); - struct lws_context *context; - struct lws_jwe jwe; - const char *p; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS JWE example tool\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = 0; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - lws_jwe_init(&jwe, context); - - /* if encrypting, set the ciphers */ - - if ((p = lws_cmdline_option(argc, argv, "-e"))) { - char *sp = strchr(p, ' '); - - if (!sp) { - lwsl_err("format: -e \" " - "\", eg, " - "-e \"RSA1_5 A128CBC-HS256\"\n"); - - return 1; - } - *sp = '\0'; - if (lws_gencrypto_jwe_alg_to_definition(p, &jwe.jose.alg)) { - lwsl_err("Unknown cipher alg %s\n", p); - return 1; - } - if (lws_gencrypto_jwe_enc_to_definition(sp + 1, &jwe.jose.enc_alg)) { - lwsl_err("Unknown payload enc alg %s\n", sp + 1); - return 1; - } - - /* create JOSE header, also needed for output */ - - if (lws_jws_alloc_element(&jwe.jws.map, LJWS_JOSE, - lws_concat_temp(temp, temp_len), - &temp_len, strlen(p) + - strlen(sp + 1) + 32, 0)) { - lwsl_err("%s: temp space too small\n", __func__); - return 1; - } - - jwe.jws.map.len[LJWS_JOSE] = lws_snprintf( - (char *)jwe.jws.map.buf[LJWS_JOSE], temp_len, - "{\"alg\":\"%s\",\"enc\":\"%s\"}", p, sp + 1); - - enc = 1; - } - - in = lws_concat_temp(temp, temp_len); - n = read(0, in, temp_len); - if (n < 0) { - lwsl_err("Problem reading from stdin\n"); - return 1; - } - temp_len -= n; - - /* grab the key */ - - if ((p = lws_cmdline_option(argc, argv, "-k"))) { - if (lws_jwk_load(&jwe.jwk, p, NULL, NULL)) { - lwsl_err("%s: problem loading JWK %s\n", __func__, p); - - return 1; - } - } else { - lwsl_err("-k is required\n"); - - return 1; - } - - if (enc) { - - /* point CTXT to the plaintext we read from stdin */ - - jwe.jws.map.buf[LJWE_CTXT] = in; - jwe.jws.map.len[LJWE_CTXT] = n; - - /* - * Create a random CEK and set EKEY to it - * CEK size is determined by hash / hmac size - */ - - n = lws_gencrypto_bits_to_bytes(jwe.jose.enc_alg->keybits_fixed); - if (lws_jws_randomize_element(context, &jwe.jws.map, LJWE_EKEY, - lws_concat_temp(temp, temp_len), - &temp_len, n, - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES)) { - lwsl_err("Problem getting random\n"); - goto bail1; - } - - /* perform the encryption of the CEK and the plaintext */ - - n = lws_jwe_encrypt(&jwe, lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_encrypt failed\n", __func__); - goto bail1; - } - if (lws_cmdline_option(argc, argv, "-f")) - /* output the JWE in flattened form */ - n = lws_jwe_render_flattened(&jwe, compact, - sizeof(compact)); - else - /* output the JWE in compact form */ - n = lws_jwe_render_compact(&jwe, compact, - sizeof(compact)); - - if (n < 0) { - lwsl_err("%s: lws_jwe_render failed: %d\n", - __func__, n); - goto bail1; - } - - if (lws_cmdline_option(argc, argv, "-c")) - format_c(compact); - else - if (write(1, compact, strlen(compact)) < 0) { - lwsl_err("Write stdout failed\n"); - goto bail1; - } - } else { - if (lws_cmdline_option(argc, argv, "-f")) { - if (lws_jwe_json_parse(&jwe, (uint8_t *)in, n, - lws_concat_temp(temp, temp_len), - &temp_len)) { - lwsl_err("%s: lws_jwe_json_parse failed\n", - __func__); - goto bail1; - } - } else - /* - * converts a compact serialization to b64 + decoded maps - * held in jws - */ - if (lws_jws_compact_decode(in, n, &jwe.jws.map, - &jwe.jws.map_b64, - lws_concat_temp(temp, temp_len), - &temp_len) != 5) { - lwsl_err("%s: lws_jws_compact_decode failed\n", - __func__); - goto bail1; - } - - /* - * Do the crypto according to what we parsed into the jose - * (information on the ciphers) and the jws (plaintext and - * signature info) - */ - - n = lws_jwe_auth_and_decrypt(&jwe, - lws_concat_temp(temp, temp_len), - &temp_len); - if (n < 0) { - lwsl_err("%s: lws_jwe_auth_and_decrypt failed\n", - __func__); - goto bail1; - } - - /* if it's valid, dump the plaintext and return 0 */ - - if (write(1, jwe.jws.map.buf[LJWE_CTXT], - jwe.jws.map.len[LJWE_CTXT]) < 0) { - lwsl_err("Write stdout failed\n"); - goto bail1; - } - } - - result = 0; - -bail1: - - lws_jwe_destroy(&jwe); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/crypto/minimal-crypto-jwk/CMakeLists.txt b/minimal-examples/crypto/minimal-crypto-jwk/CMakeLists.txt deleted file mode 100644 index fb8c3e3..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwk/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-crypto-jwk) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_JOSE 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/crypto/minimal-crypto-jwk/README.md b/minimal-examples/crypto/minimal-crypto-jwk/README.md deleted file mode 100644 index eea687d..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwk/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# lws minimal example for JWK - -Demonstrates how to generate and format any kind of supported new random JWK keys. - -The full private key is output to stdout, a version of the key with the private -part removed and some metadata adapted can be saved to a file at the same time -using `--public `. In the public form, `key_ops` and `use` elements are -adjusted to remove activities that require a private key. - -Key elements are output in strict RFC7638 lexicographic order as required by -some applications. - -Keys produced with openssl and mbedtls backends are completely interchangeable. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --t |RSA, OCT or EC --b |For RSA and OCT, key size in bits --v |For EC keys, the curve, eg, "P-384"... this implies the key bits ---kid "ID string"|Key identity string ---use "use[ use]"|Key use restriction (mutually exclusive with --key-ops): sig, enc ---alg |Specify the algorithm the key is designed for, eg "RSA1_5" ---key-ops "op[ op]"|Key valid operations (mutually exclusive with --use): sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits --c|Format the jwk as a linebroken C string ---public |Only output the full, private key, not the public version first - -For legibility the example uses -c, however this - -``` - $ ./lws-crypto-jwk -t EC -v P-256 --key-ops "sign verify" --public mykey.pub -[2018/12/18 20:19:29:6972] USER: LWS JWK example -[2018/12/18 20:19:29:7200] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2018/12/18 20:19:29:7251] NOTICE: lws_jwk_generate: generating ECDSA key on curve P-256 -{"crv":"P-256","d":"eMKM_S4BTL2aiebZLqvxglufV2YX4b3_32DesgEUOaM","key_ops":["sign","verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"} -``` - -The output in `mykey.pub` is: - -``` -{"crv":"P-256","key_ops":["verify"],"kty":"EC","x":"OWauiGGtJ60ZegtqlwETQlmO1exTZdWbT2VbUs4a1hg","y":"g_eNOlqPecbguVQArL6Fd4T5xZthBgipNCBypXubPos"} -``` - -Notice the logging goes out on stderr, the key data goes on stdout. diff --git a/minimal-examples/crypto/minimal-crypto-jwk/main.c b/minimal-examples/crypto/minimal-crypto-jwk/main.c deleted file mode 100644 index f962136..0000000 --- a/minimal-examples/crypto/minimal-crypto-jwk/main.c +++ /dev/null @@ -1,190 +0,0 @@ -/* - * lws-crypto-jwk - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include -#include -#include - -/* - * handles escapes and line wrapping suitable for use - * defining a C char array ( -c option ) - */ - -static int -format_c(int fd, const char *key) -{ - const char *k = key; - int seq = 0; - - while (*k) { - if (*k == '{') { - if (write(fd, "\"{\"\n\t\"", 6) < 6) - return -1; - k++; - seq = 0; - continue; - } - if (*k == '}') { - if (write(fd, "\"\n\"}\"\n", 6) < 6) - return -1; - k++; - seq = 0; - continue; - } - if (*k == '\"') { - if (write(fd, "\\\"", 2) < 2) - return -1; - seq += 2; - k++; - continue; - } - if (*k == ',') { - if (write(fd, ",\"\n\t\"", 5) < 5) - return -1; - k++; - seq = 0; - continue; - } - if (write(fd, k, 1) < 1) - return -1; - seq++; - if (seq >= 60) { - if (write(fd, "\"\n\t \"", 5) < 5) - return -1; - seq = 1; - } - k++; - } - - return 0; -} - -int main(int argc, const char **argv) -{ - int result = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - enum lws_gencrypto_kty kty = LWS_GENCRYPTO_KTY_RSA; - struct lws_context_creation_info info; - const char *curve = "P-256", *p; - struct lws_context *context; - struct lws_jwk jwk; - int bits = 4096; - char key[32768]; - int vl = sizeof(key); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS JWK example\n"); - - if ((p = lws_cmdline_option(argc, argv, "-b"))) - bits = atoi(p); - - if ((p = lws_cmdline_option(argc, argv, "-t"))) { - if (!strcmp(p, "RSA")) - kty = LWS_GENCRYPTO_KTY_RSA; - else - if (!strcmp(p, "OCT")) - kty = LWS_GENCRYPTO_KTY_OCT; - else - if (!strcmp(p, "EC")) - kty = LWS_GENCRYPTO_KTY_EC; - else { - lwsl_err("Unknown key type (must be " - "OCT, RSA or EC)\n"); - - return 1; - } - } - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = 0; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - if ((p = lws_cmdline_option(argc, argv, "-v"))) - curve = p; - - if (lws_jwk_generate(context, &jwk, kty, bits, curve)) { - lwsl_err("lws_jwk_generate failed\n"); - - return 1; - } - - if ((p = lws_cmdline_option(argc, argv, "--kid"))) - lws_jwk_strdup_meta(&jwk, JWK_META_KID, p, strlen(p)); - - if ((p = lws_cmdline_option(argc, argv, "--use"))) - lws_jwk_strdup_meta(&jwk, JWK_META_USE, p, strlen(p)); - - if ((p = lws_cmdline_option(argc, argv, "--alg"))) - lws_jwk_strdup_meta(&jwk, JWK_META_ALG, p, strlen(p)); - - if ((p = lws_cmdline_option(argc, argv, "--key-ops"))) - lws_jwk_strdup_meta(&jwk, JWK_META_KEY_OPS, p, strlen(p)); - - if ((p = lws_cmdline_option(argc, argv, "--public")) && - kty != LWS_GENCRYPTO_KTY_OCT) { - - int fd; - - /* public version */ - - if (lws_jwk_export(&jwk, 0, key, &vl) < 0) { - lwsl_err("lws_jwk_export failed\n"); - - return 1; - } - - fd = open(p, LWS_O_CREAT | LWS_O_TRUNC | LWS_O_WRONLY, 0600); - if (fd < 0) { - lwsl_err("Can't open public key file %s\n", p); - return 1; - } - - if (lws_cmdline_option(argc, argv, "-c")) - format_c(fd, key); - else { - if (write(fd, key, strlen(key)) < 0) { - lwsl_err("Write public failed\n"); - return 1; - } - } - - close(fd); - } - - /* private version */ - - if (lws_jwk_export(&jwk, 1, key, &vl) < 0) { - lwsl_err("lws_jwk_export failed\n"); - - return 1; - } - - if (lws_cmdline_option(argc, argv, "-c")) { - if (format_c(1, key) < 0) - return 1; - } else - if (write(1, key, strlen(key)) < 0) { - lwsl_err("Write stdout failed\n"); - return 1; - } - - lws_jwk_destroy(&jwk); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/crypto/minimal-crypto-jws/CMakeLists.txt b/minimal-examples/crypto/minimal-crypto-jws/CMakeLists.txt deleted file mode 100644 index ddf9579..0000000 --- a/minimal-examples/crypto/minimal-crypto-jws/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-crypto-jws) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_JOSE 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/crypto/minimal-crypto-jws/README.md b/minimal-examples/crypto/minimal-crypto-jws/README.md deleted file mode 100644 index 97cbf00..0000000 --- a/minimal-examples/crypto/minimal-crypto-jws/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# lws minimal example for JWS - -Demonstrates how to sign and verify using compact JWS and JWK, providing a -commandline tool for signing and verifying stdin. - -## build - -``` - $ cmake . && make -``` - -## usage - -Stdin is either the plaintext (if signing) or compact JWS (if verifying). - -Stdout is either the JWE (if encrypting) or plaintext (if decrypting). - -You must pass a private or public key JWK file in the -k option if encrypting, -and must pass a private key JWK file in the -k option if decrypting. To be -clear, for asymmetric keys the public part of the key is required to encrypt, -and the private part required to decrypt. - -For convenience, a pair of public and private keys are provided, -`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just - -``` - $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private -``` - -Similar keys for EC modes may be produced with - -``` - $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private -``` - -JWSs produced with openssl and mbedtls backends are completely interchangeable. - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --s ""|Sign (default is verify), eg, -e "ES256". For verify, the cipher information comes from the input JWS. --k |JWK file to sign or verify with... sign requires the key has its private part --c|Format the JWE as a linebroken C string --f|Output flattened representation (instead of compact by default) - -``` - $ echo -n "plaintext0123456" | ./lws-crypto-jws -s "ES256" -k ec-p256.private -[2018/12/19 16:20:25:6519] USER: LWS JWE example tool -[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ -``` - -Notice the logging is on stderr, and the output alone on stdout. - -When signing, the compact representation of the JWS is output on stdout. - -When verifying, if the signature is valid the plaintext is output on stdout -and the tool exits with a 0 exit code. Otherwise nothing is output on stdout -and it exits with a nonzero exit code. - diff --git a/minimal-examples/crypto/minimal-crypto-jws/main.c b/minimal-examples/crypto/minimal-crypto-jws/main.c deleted file mode 100644 index 5879fa9..0000000 --- a/minimal-examples/crypto/minimal-crypto-jws/main.c +++ /dev/null @@ -1,209 +0,0 @@ -/* - * lws-crypto-jws - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include -#include -#include - -#define MAX_SIZE (4 * 1024 * 1024) -char temp[MAX_SIZE], compact[MAX_SIZE]; - -int main(int argc, const char **argv) -{ - int n, sign = 0, result = 0, - logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - char *in; - struct lws_context_creation_info info; - struct lws_jws_map map; - int temp_len = sizeof(temp); - struct lws_context *context; - struct lws_jose jose; - struct lws_jwk jwk; - struct lws_jws jws; - const char *p; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS JWS example tool\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = 0; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - lws_jose_init(&jose); - lws_jws_init(&jws, &jwk, context); - - /* if signing, set the ciphers */ - - if ((p = lws_cmdline_option(argc, argv, "-s"))) { - - if (lws_gencrypto_jws_alg_to_definition(p, &jose.alg)) { - lwsl_err("format: -s \"\", eg, " - "-e \"RS256\"\n"); - - return 1; - } - - /* create JOSE header, also needed for output */ - - if (lws_jws_alloc_element(&jws.map, LJWS_JOSE, - lws_concat_temp(temp, temp_len), - &temp_len, strlen(p) + 10, 0)) { - lwsl_err("%s: temp space too small\n", __func__); - return 1; - } - - jws.map.len[LJWS_JOSE] = - lws_snprintf((char *)jws.map.buf[LJWS_JOSE], - temp_len, "{\"alg\":\"%s\"}", p); - sign = 1; - } - - in = lws_concat_temp(temp, temp_len); - n = read(0, in, temp_len); - if (n < 0) { - lwsl_err("Problem reading from stdin\n"); - return 1; - } - temp_len -= n; - - /* grab the key */ - - if ((p = lws_cmdline_option(argc, argv, "-k"))) { - if (lws_jwk_load(&jwk, p, NULL, NULL)) { - lwsl_err("%s: problem loading JWK %s\n", __func__, p); - - return 1; - } - } else { - lwsl_err("-k is required\n"); - - return 1; - } - if (sign) { - - /* add the plaintext from stdin to the map and a b64 version */ - - jws.map.buf[LJWS_PYLD] = in; - jws.map.len[LJWS_PYLD] = n; - - if (lws_jws_encode_b64_element(&jws.map_b64, LJWS_PYLD, - lws_concat_temp(temp, temp_len), - &temp_len, jws.map.buf[LJWS_PYLD], - jws.map.len[LJWS_PYLD])) - goto bail1; - - /* add the b64 JOSE header to the b64 map */ - - if (lws_jws_encode_b64_element(&jws.map_b64, LJWS_JOSE, - lws_concat_temp(temp, temp_len), - &temp_len, jws.map.buf[LJWS_JOSE], - jws.map.len[LJWS_JOSE])) - goto bail1; - - /* prepare the space for the b64 signature in the map */ - - if (lws_jws_alloc_element(&jws.map_b64, LJWS_SIG, - lws_concat_temp(temp, temp_len), - &temp_len, lws_base64_size( - LWS_JWE_LIMIT_KEY_ELEMENT_BYTES), 0)) { - lwsl_err("%s: temp space too small\n", __func__); - goto bail1; - } - - - - /* sign the plaintext */ - - n = lws_jws_sign_from_b64(&jose, &jws, - (char *)jws.map_b64.buf[LJWS_SIG], - jws.map_b64.len[LJWS_SIG]); - if (n < 0) { - lwsl_err("%s: failed signing test packet\n", __func__); - goto bail1; - } - /* set the actual b64 signature size */ - jws.map_b64.len[LJWS_SIG] = n; - - if (lws_cmdline_option(argc, argv, "-f")) - /* create the flattened representation */ - n = lws_jws_write_flattened_json(&jws, compact, sizeof(compact)); - else - /* create the compact JWS representation */ - n = lws_jws_write_compact(&jws, compact, sizeof(compact)); - if (n < 0) { - lwsl_notice("%s: write_compact failed\n", __func__); - goto bail1; - } - - /* dump the compact JWS representation on stdout */ - - if (write(1, compact, strlen(compact)) < 0) { - lwsl_err("Write stdout failed\n"); - goto bail1; - } - - } else { - /* perform the verify directly on the compact representation */ - - if (lws_cmdline_option(argc, argv, "-f")) { - if (lws_jws_sig_confirm_json(in, n, &jws, &jwk, context, - lws_concat_temp(temp, temp_len), - &temp_len) < 0) { - lwsl_notice("%s: confirm rsa sig failed\n", - __func__); - lwsl_hexdump_notice(jws.map.buf[LJWS_JOSE], jws.map.len[LJWS_JOSE]); - lwsl_hexdump_notice(jws.map.buf[LJWS_PYLD], jws.map.len[LJWS_PYLD]); - lwsl_hexdump_notice(jws.map.buf[LJWS_SIG], jws.map.len[LJWS_SIG]); - - lwsl_hexdump_notice(jws.map_b64.buf[LJWS_JOSE], jws.map_b64.len[LJWS_JOSE]); - lwsl_hexdump_notice(jws.map_b64.buf[LJWS_PYLD], jws.map_b64.len[LJWS_PYLD]); - lwsl_hexdump_notice(jws.map_b64.buf[LJWS_SIG], jws.map_b64.len[LJWS_SIG]); - goto bail1; - } - } else { - if (lws_jws_sig_confirm_compact_b64(in, - lws_concat_used(temp, temp_len), - &map, &jwk, context, - lws_concat_temp(temp, temp_len), - &temp_len) < 0) { - lwsl_notice("%s: confirm rsa sig failed\n", - __func__); - goto bail1; - } - } - - lwsl_notice("VALID\n"); - - /* dump the verifed plaintext and return 0 */ - - if (write(1, jws.map.buf[LJWS_PYLD], jws.map.len[LJWS_PYLD]) < 0) { - lwsl_err("Write stdout failed\n"); - goto bail1; - } - } - - result = 0; - -bail1: - lws_jws_destroy(&jws); - lws_jwk_destroy(&jwk); - - lws_context_destroy(context); - - return result; -} diff --git a/minimal-examples/crypto/minimal-crypto-x509/CMakeLists.txt b/minimal-examples/crypto/minimal-crypto-x509/CMakeLists.txt deleted file mode 100644 index 327cdcd..0000000 --- a/minimal-examples/crypto/minimal-crypto-x509/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-crypto-x509) -set(SRCS main.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITH_JOSE 1 requirements) - -if (requirements) - - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/crypto/minimal-crypto-x509/README.md b/minimal-examples/crypto/minimal-crypto-x509/README.md deleted file mode 100644 index b0d641e..0000000 --- a/minimal-examples/crypto/minimal-crypto-x509/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# lws minimal example for X509 - -The example shows how to: - - - confirm one PEM cert or chain (-c) was signed by a trusted PEM cert (-t) - - convert a certificate public key to JWK - - convert a certificate public key and its private key PEM to a private JWK - -The examples work for EC and RSA certs and on mbedtls and OpenSSL the same. - -Notice the logging is on stderr, and only the JWK is output on stdout. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --c |Required PEM Certificate(s) to operate on... may be multiple concatednated PEM --t |Single PEM trusted certificate --p |Optional private key matching certificate given in -c. If given, only the private JWK is printed to stdout - -Example for confirming trust relationship. Notice the PEM in -c must contain not only -the final certificate but also the certificates for any intermediate CAs. - -``` - $ ./lws-crypto-x509 -c ec-cert.pem -t ca-cert.pem -[2019/01/02 20:31:13:2031] USER: LWS X509 api example -[2019/01/02 20:31:13:2032] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2019/01/02 20:31:13:2043] NOTICE: main: certs loaded OK -[2019/01/02 20:31:13:2043] NOTICE: main: verified OK <<<<====== -[2019/01/02 20:31:13:2045] NOTICE: Cert Public JWK -{"crv":"P-521","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"} - -[2019/01/02 20:31:13:2045] NOTICE: main: OK -``` - -Example creating JWKs for public and public + private cert + PEM keys: - -``` - $ ./lws-crypto-x509 -c ec-cert.pem -p ec-key.pem -[2019/01/02 20:14:43:4966] USER: LWS X509 api example -[2019/01/02 20:14:43:5225] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2019/01/02 20:14:43:5707] NOTICE: lws_x509_public_to_jwk: EC key -[2019/01/02 20:24:59:9514] USER: LWS X509 api example -[2019/01/02 20:24:59:9741] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2019/01/02 20:25:00:1261] NOTICE: lws_x509_public_to_jwk: key type 408 "id-ecPublicKey" -[2019/01/02 20:25:00:1269] NOTICE: lws_x509_public_to_jwk: EC key -[2019/01/02 20:25:00:2097] NOTICE: Cert + Key Private JWK -{"crv":"P-521","d":"AU3iQSKfPskMTW4ZncrYLhipUYzLYty2XhemTQ_nSuUB1vB76jHmOYUTRXFBLkVCW8cQYyMa5dMa3Bvv-cdvH0IB","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"} - -[2019/01/02 20:25:00:2207] NOTICE: main: OK -``` - diff --git a/minimal-examples/crypto/minimal-crypto-x509/main.c b/minimal-examples/crypto/minimal-crypto-x509/main.c deleted file mode 100644 index 64875fb..0000000 --- a/minimal-examples/crypto/minimal-crypto-x509/main.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * lws-crypto-x509 - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#include -#include -#include -#include - -static int -read_pem(const char *filename, char *pembuf, int pembuf_len) -{ - int n, fd = open(filename, LWS_O_RDONLY); - if (fd == -1) - return -1; - - n = read(fd, pembuf, pembuf_len - 1); - close(fd); - - pembuf[n++] = '\0'; - - return n; -} - -static int -read_pem_c509_cert(struct lws_x509_cert **x509, const char *filename, - char *pembuf, int pembuf_len) -{ - int n; - - n = read_pem(filename, pembuf, pembuf_len); - if (n < 0) - return -1; - - if (lws_x509_create(x509)) { - lwsl_err("%s: failed to create x509\n", __func__); - - return -1; - } - - if (lws_x509_parse_from_pem(*x509, pembuf, n) < 0) { - lwsl_err("%s: unable to parse PEM %s\n", __func__, filename); - lws_x509_destroy(x509); - - return -1; - } - - return 0; -} - -int main(int argc, const char **argv) -{ - int n, result = 1, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_x509_cert *x509 = NULL, *x509_trusted = NULL; - struct lws_context_creation_info info; - struct lws_context *context; - struct lws_jwk jwk; - char pembuf[6144]; - const char *p; - - memset(&jwk, 0, sizeof(jwk)); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS X509 api example\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.options = 0; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - - p = lws_cmdline_option(argc, argv, "-c"); - if (!p) { - lwsl_err("%s: missing -c \n", __func__); - goto bail; - } - if (read_pem_c509_cert(&x509, p, pembuf, sizeof(pembuf))) { - lwsl_err("%s: unable to read \"%s\": errno %d\n", - __func__, p, errno); - goto bail; - } - - p = lws_cmdline_option(argc, argv, "-t"); - if (p) { - - if (read_pem_c509_cert(&x509_trusted, p, pembuf, - sizeof(pembuf))) { - lwsl_err("%s: unable to read \"%s\": errno %d\n", - __func__, p, errno); - goto bail1; - } - - lwsl_notice("%s: certs loaded OK\n", __func__); - - if (lws_x509_verify(x509, x509_trusted, NULL)) { - lwsl_err("%s: verify failed\n", __func__); - goto bail2; - } - - lwsl_notice("%s: verified OK\n", __func__); - } - - if (x509_trusted) { - - /* show the trusted cert public key as a JWK */ - - if (lws_x509_public_to_jwk(&jwk, x509_trusted, - "P-256,P-384,P-521", 4096)) { - lwsl_err("%s: unable to get trusted cert pubkey as JWK\n", - __func__); - - goto bail2; - } - - if ((p = lws_cmdline_option(argc, argv, "--alg"))) - lws_jwk_strdup_meta(&jwk, JWK_META_ALG, p, strlen(p)); - - lwsl_info("JWK version of trusted cert:\n"); - lws_jwk_dump(&jwk); - lws_jwk_destroy(&jwk); - } - - /* get the cert public key as a JWK */ - - if (lws_x509_public_to_jwk(&jwk, x509, "P-256,P-384,P-521", 4096)) { - lwsl_err("%s: unable to get cert pubkey as JWK\n", __func__); - - goto bail3; - } - lwsl_info("JWK version of cert:\n"); - - if ((p = lws_cmdline_option(argc, argv, "--alg"))) - lws_jwk_strdup_meta(&jwk, JWK_META_ALG, p, strlen(p)); - - lws_jwk_dump(&jwk); - /* only print public if he doesn't provide private */ - if (!lws_cmdline_option(argc, argv, "-p")) { - lwsl_notice("Issuing Cert Public JWK on stdout\n"); - n = sizeof(pembuf); - if (lws_jwk_export(&jwk, 0, pembuf, &n)) - puts(pembuf); - } - - /* if we know where the cert private key is, add that to the cert JWK */ - - p = lws_cmdline_option(argc, argv, "-p"); - if (p) { - n = read_pem(p, pembuf, sizeof(pembuf)); - if (n < 0) { - lwsl_err("%s: unable read privkey %s\n", __func__, p); - - goto bail3; - } - if (lws_x509_jwk_privkey_pem(&jwk, pembuf, n, NULL)) { - lwsl_err("%s: unable to parse privkey %s\n", - __func__, p); - - goto bail3; - } - - if ((p = lws_cmdline_option(argc, argv, "--alg"))) - lws_jwk_strdup_meta(&jwk, JWK_META_ALG, p, strlen(p)); - - lwsl_info("JWK version of cert + privkey:\n"); - lws_jwk_dump(&jwk); - lwsl_notice("Issuing Cert + Private JWK on stdout\n"); - n = sizeof(pembuf); - if (lws_jwk_export(&jwk, 1, pembuf, &n)) - puts(pembuf); - } - - result = 0; - -bail3: - lws_jwk_destroy(&jwk); -bail2: - lws_x509_destroy(&x509_trusted); -bail1: - lws_x509_destroy(&x509); -bail: - lws_context_destroy(context); - - if (result) - lwsl_err("%s: failed\n", __func__); - else - lwsl_notice("%s: OK\n", __func__); - - return result; -} diff --git a/minimal-examples/dbus-client/README.md b/minimal-examples/dbus-client/README.md deleted file mode 100644 index ecde9d1..0000000 --- a/minimal-examples/dbus-client/README.md +++ /dev/null @@ -1,4 +0,0 @@ -|Example|Demonstrates| ----|--- -minimal-dbus-client|Shows how to connect to a DBusServer dbus server like minimal-dbus-server -minimal-dbus-ws-proxy-testclient|A test client for use with minimal-dbus-ws-proxy diff --git a/minimal-examples/dbus-client/minimal-dbus-client/CMakeLists.txt b/minimal-examples/dbus-client/minimal-dbus-client/CMakeLists.txt deleted file mode 100644 index 674bb09..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-client/CMakeLists.txt +++ /dev/null @@ -1,120 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) -include(CheckLibraryExists) - -set(SAMP lws-minimal-dbus-client) -set(SRCS minimal-dbus-client.c) - -if (NOT LWS_WITH_MINIMAL_EXAMPLES) - CHECK_LIBRARY_EXISTS(dbus-1 dbus_connection_set_watch_functions "" LWS_HAVE_LIBDBUS) - if (NOT LWS_HAVE_LIBDBUS) - message(FATAL_ERROR "Install dbus-devel, or libdbus-1-dev etc") - endif() - - if (NOT LWS_DBUS_LIB) - set(LWS_DBUS_LIB "dbus-1") - endif() - - if (NOT LWS_DBUS_INCLUDE1) - # look in fedora and debian / ubuntu place - if (EXISTS "/usr/include/dbus-1.0") - set(LWS_DBUS_INCLUDE1 "/usr/include/dbus-1.0") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE1 to /usr/include/dbus-1.0 or wherever the main dbus includes are") - endif() - endif() - - if (NOT LWS_DBUS_INCLUDE2) - # look in fedora... debian / ubuntu has the ARCH in the path... - if (EXISTS "/usr/lib64/dbus-1.0/include") - set(LWS_DBUS_INCLUDE2 "/usr/lib64/dbus-1.0/include") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE2 to /usr/lib/ARCH-linux-gnu/dbus-1.0/include or wherever dbus-arch-deps.h is on your system") - endif() - endif() - - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES};${LWS_DBUS_INCLUDE1};${LWS_DBUS_INCLUDE2}) - - if (NOT LWS_DBUS_INCLUDE1 OR NOT LWS_DBUS_INCLUDE2) - message(FATAL_ERROR "To build with libdbus, LWS_DBUS_INCLUDE1/2 must be given. See lib/roles/dbus/README.md") - endif() - -endif() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_DBUS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - include_directories("${LWS_DBUS_INCLUDE1}") - include_directories("${LWS_DBUS_INCLUDE2}") - list(APPEND LIB_LIST dbus-1) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared ${LWS_DBUS_LIB}) - else() - target_link_libraries(${SAMP} websockets ${LWS_DBUS_LIB}) - endif() -endif() diff --git a/minimal-examples/dbus-client/minimal-dbus-client/README.md b/minimal-examples/dbus-client/minimal-dbus-client/README.md deleted file mode 100644 index 42563c6..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-client/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# lws minimal dbus client - -This demonstrates nonblocking, asynchronous dbus method calls as the client. - -## build - -Using libdbus requires additional non-default include paths setting, same as -is necessary for lws build described in ./lib/roles/dbus/README.md - -CMake can guess one path and the library name usually, see the README above -for details of how to override for custom libdbus and cross build. - -Fedora example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib64/dbus-1.0/include" -$ make -``` - -Ubuntu example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib/x86_64-linux-gnu/dbus-1.0/include" -$ make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -The minimal client connects to the minimal dbus server example, which is -expected to be listening on its default abstract unix domain socket path. - -It call the server Echo method with "Hello!" and returns to the event loop. -When the reply comes, it prints the returned message. - -Afterwards it just sits there receiving unsolicited messages from the server -example, until closed by the user. - -``` - $ ./lws-minimal-dbus-client -ctx -[2018/10/05 06:08:31:4901] NOTICE: pending_call_notify -[2018/10/05 06:08:31:4929] USER: pending_call_notify: received 'Hello!' -^C[2018/10/05 06:09:22:4409] NOTICE: destroy_dbus_client_conn -[2018/10/05 06:09:22:4691] NOTICE: Exiting cleanly -... -``` - diff --git a/minimal-examples/dbus-client/minimal-dbus-client/minimal-dbus-client.c b/minimal-examples/dbus-client/minimal-dbus-client/minimal-dbus-client.c deleted file mode 100644 index 43b48a1..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-client/minimal-dbus-client.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * lws-minimal-dbus-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal session dbus server that uses the lws event loop, - * making it possible to integrate it with other lws features. - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -static struct lws_dbus_ctx *dbus_ctx; -static struct lws_context *context; -static int interrupted; - -#define THIS_INTERFACE "org.libwebsockets.test" -#define THIS_OBJECT "/org/libwebsockets/test" -#define THIS_BUSNAME "org.libwebsockets.test" - -#define THIS_LISTEN_PATH "unix:abstract=org.libwebsockets.test" - - -static DBusHandlerResult -client_message_handler(DBusConnection *conn, DBusMessage *message, void *data) -{ - const char *str; - - lwsl_info("%s: Got D-Bus request: %s.%s on %s\n", __func__, - dbus_message_get_interface(message), - dbus_message_get_member(message), - dbus_message_get_path(message)); - - if (!dbus_message_get_args(message, NULL, - DBUS_TYPE_STRING, &str, - DBUS_TYPE_INVALID)) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - lwsl_notice("%s: '%s'\n", __func__, str); - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -} - -static void -destroy_dbus_client_conn(struct lws_dbus_ctx *ctx) -{ - if (!ctx || !ctx->conn) - return; - - lwsl_notice("%s\n", __func__); - - dbus_connection_remove_filter(ctx->conn, client_message_handler, ctx); - dbus_connection_close(ctx->conn); - dbus_connection_unref(ctx->conn); - - free(ctx); -} - -/* - * This callback is coming when lws has noticed the fd took a POLLHUP. The - * ctx has effectively gone out of scope before this, and the connection can - * be cleaned up and the ctx freed. - */ - -static void -cb_closing(struct lws_dbus_ctx *ctx) -{ - lwsl_err("%s: closing\n", __func__); - - if (ctx == dbus_ctx) - dbus_ctx = NULL; - - destroy_dbus_client_conn(ctx); -} - -static struct lws_dbus_ctx * -create_dbus_client_conn(struct lws_vhost *vh, int tsi, const char *ads) -{ - struct lws_dbus_ctx *ctx; - DBusError err; - - ctx = malloc(sizeof(*ctx)); - if (!ctx) - return NULL; - - memset(ctx, 0, sizeof(*ctx)); - - ctx->vh = vh; - ctx->tsi = tsi; - - dbus_error_init(&err); - - /* connect to the daemon bus */ - ctx->conn = dbus_connection_open_private(ads, &err); - if (!ctx->conn) { - lwsl_err("%s: Failed to connect: %s\n", - __func__, err.message); - goto fail; - } - - dbus_connection_set_exit_on_disconnect(ctx->conn, 0); - - if (!dbus_connection_add_filter(ctx->conn, client_message_handler, - ctx, NULL)) { - lwsl_err("%s: Failed to add filter\n", __func__); - goto fail; - } - - /* - * This is the part that binds the connection to lws watcher and - * timeout handling provided by lws - */ - - if (lws_dbus_connection_setup(ctx, ctx->conn, cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto fail; - } - - lwsl_notice("%s: created OK\n", __func__); - - return ctx; - -fail: - dbus_error_free(&err); - - free(ctx); - - return NULL; -} - - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -/* - * This gets called if we timed out waiting for the server reply, or the - * reply arrived. - */ - -static void -pending_call_notify(DBusPendingCall *pending, void *data) -{ - // struct lws_dbus_ctx *ctx = (struct lws_dbus_ctx *)data; - const char *payload; - DBusMessage *msg; - - if (!dbus_pending_call_get_completed(pending)) { - lwsl_err("%s: timed out waiting for reply\n", __func__); - - goto bail; - } - - msg = dbus_pending_call_steal_reply(pending); - if (!msg) - goto bail; - - if (!dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &payload, - DBUS_TYPE_INVALID)) { - goto bail1; - } - - lwsl_user("%s: received '%s'\n", __func__, payload); - -bail1: - dbus_message_unref(msg); -bail: - dbus_pending_call_unref(pending); -} - -static int -remote_method_call(struct lws_dbus_ctx *ctx) -{ - DBusMessage *msg; - const char *payload = "Hello!"; - int ret = 1; - - msg = dbus_message_new_method_call( - /* dest */ THIS_BUSNAME, - /* object-path */ THIS_OBJECT, - /* interface */ THIS_INTERFACE, - /* method */ "Echo"); - if (!msg) - return 1; - - if (!dbus_message_append_args(msg, DBUS_TYPE_STRING, &payload, - DBUS_TYPE_INVALID)) - goto bail; - - if (!dbus_connection_send_with_reply(ctx->conn, msg, - &ctx->pc, - DBUS_TIMEOUT_USE_DEFAULT)) { - lwsl_err("%s: unable to send\n", __func__); - - goto bail; - } - - dbus_pending_call_set_notify(ctx->pc, pending_call_notify, ctx, NULL); - - ret = 0; - -bail: - dbus_message_unref(msg); - - return ret; -} - -int main(int argc, const char **argv) -{ - struct lws_vhost *vh; - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */ /* | LLL_THREAD */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal DBUS client\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - vh = lws_create_vhost(context, &info); - if (!vh) - goto bail; - - dbus_ctx = create_dbus_client_conn(vh, 0, THIS_LISTEN_PATH); - if (!dbus_ctx) - goto bail1; - - if (remote_method_call(dbus_ctx)) - goto bail2; - - /* lws event loop (default poll one) */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail2: - destroy_dbus_client_conn(dbus_ctx); - -bail1: - /* this is required for valgrind-cleanliness */ - dbus_shutdown(); - lws_context_destroy(context); - - lwsl_notice("Exiting cleanly\n"); - - return 0; - -bail: - lwsl_err("%s: failed to start\n", __func__); - lws_context_destroy(context); - - return 1; -} diff --git a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/CMakeLists.txt b/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/CMakeLists.txt deleted file mode 100644 index dda46bf..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/CMakeLists.txt +++ /dev/null @@ -1,120 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) -include(CheckLibraryExists) - -set(SAMP lws-minimal-dbus-ws-proxy-testclient) -set(SRCS minimal-dbus-ws-proxy-testclient.c) - -if (NOT LWS_WITH_MINIMAL_EXAMPLES) - CHECK_LIBRARY_EXISTS(dbus-1 dbus_connection_set_watch_functions "" LWS_HAVE_LIBDBUS) - if (NOT LWS_HAVE_LIBDBUS) - message(FATAL_ERROR "Install dbus-devel, or libdbus-1-dev etc") - endif() - - if (NOT LWS_DBUS_LIB) - set(LWS_DBUS_LIB "dbus-1") - endif() - - if (NOT LWS_DBUS_INCLUDE1) - # look in fedora and debian / ubuntu place - if (EXISTS "/usr/include/dbus-1.0") - set(LWS_DBUS_INCLUDE1 "/usr/include/dbus-1.0") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE1 to /usr/include/dbus-1.0 or wherever the main dbus includes are") - endif() - endif() - - if (NOT LWS_DBUS_INCLUDE2) - # look in fedora... debian / ubuntu has the ARCH in the path... - if (EXISTS "/usr/lib64/dbus-1.0/include") - set(LWS_DBUS_INCLUDE2 "/usr/lib64/dbus-1.0/include") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE2 to /usr/lib/ARCH-linux-gnu/dbus-1.0/include or wherever dbus-arch-deps.h is on your system") - endif() - endif() - - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES};${LWS_DBUS_INCLUDE1};${LWS_DBUS_INCLUDE2}) - - if (NOT LWS_DBUS_INCLUDE1 OR NOT LWS_DBUS_INCLUDE2) - message(FATAL_ERROR "To build with libdbus, LWS_DBUS_INCLUDE1/2 must be given. See lib/roles/dbus/README.md") - endif() - -endif() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_DBUS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - include_directories("${LWS_DBUS_INCLUDE1}") - include_directories("${LWS_DBUS_INCLUDE2}") - list(APPEND LIB_LIST dbus-1) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared ${LWS_DBUS_LIB}) - else() - target_link_libraries(${SAMP} websockets ${LWS_DBUS_LIB}) - endif() -endif() diff --git a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/README.md b/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/README.md deleted file mode 100644 index d583462..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# lws minimal dbus ws proxy testclient - -This is a test client used to test `./minimal-examples/dbus-server/minimal-dbus-ws-proxy` - -It asks the minimal dbus ws proxy application to connect to libwebsockets.org -over the mirror protocol. And it proxies back the ASCII packets used to -communicate the mirror sample drawing vectors over dbus to this test client -if you draw on the [mirror example app](https://libwebsockets.org/testserver/) -in a browser. - -## build - -Using libdbus requires additional non-default include paths setting, same as -is necessary for lws build described in ./lib/roles/dbus/README.md - -CMake can guess one path and the library name usually, see the README above -for details of how to override for custom libdbus and cross build. - -Fedora example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib64/dbus-1.0/include" -$ make -``` - -Ubuntu example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib/x86_64-linux-gnu/dbus-1.0/include" -$ make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 - -This connects to the minimal-dbus-ws-proxy example running in another terminal. - -``` - $ ./lws-minimal-dbus-ws-proxy-testclient -[2018/10/05 14:17:16:6286] USER: LWS minimal DBUS ws proxy testclient -[2018/10/05 14:17:16:6538] NOTICE: Creating Vhost 'default' port 0, 1 protocols, IPv6 off -[2018/10/05 14:17:16:6617] USER: create_dbus_client_conn: connecting to 'unix:abstract=org.libwebsockets.wsclientproxy' -[2018/10/05 14:17:16:7189] NOTICE: create_dbus_client_conn: created OK -[2018/10/05 14:17:16:7429] USER: remote_method_call: requesting proxy connection wss://libwebsockets.org/ lws-mirror-protocol -[2018/10/05 14:17:17:0387] USER: pending_call_notify: received 'Connecting' -[2018/10/05 14:17:18:7475] NOTICE: client_message_handler: (type 7) 'ws client connection established' -[2018/10/05 14:17:21:2028] NOTICE: client_message_handler: (type 6) 'd #000000 323 63 323 67;' -[2018/10/05 14:17:21:2197] NOTICE: client_message_handler: (type 6) 'd #000000 323 67 327 73;' -... -``` - diff --git a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/minimal-dbus-ws-proxy-testclient.c b/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/minimal-dbus-ws-proxy-testclient.c deleted file mode 100644 index d2818fa..0000000 --- a/minimal-examples/dbus-client/minimal-dbus-ws-proxy-testclient/minimal-dbus-ws-proxy-testclient.c +++ /dev/null @@ -1,459 +0,0 @@ -/* - * lws-minimal-dbus-ws-proxy-testclient - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This acts as a test client over DBUS, opening a session with - * minimal-dbus-ws-proxy and sending and receiving data on the libwebsockets - * mirror demo page. - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -/* - * These are the various states our connection can be in, both with regards - * to the direct connection to the proxy, and the state of the onward ws - * connection the proxy opens at our request. - */ - -enum lws_dbus_client_state { - LDCS_NOTHING, /* no connection yet */ - LDCS_CONN, /* conn to proxy */ - LDCS_CONN_WAITING_ONWARD, /* conn to proxy, awaiting proxied conn */ - LDCS_CONN_ONWARD, /* conn to proxy and onward conn OK */ - LDCS_CONN_CLOSED, /* conn to proxy but onward conn closed */ - LDCS_CLOSED, /* connection to proxy is closed */ -}; - -/* - * our expanded dbus context - */ - -struct lws_dbus_ctx_wsproxy_client { - struct lws_dbus_ctx ctx; - - enum lws_dbus_client_state state; -}; - -static struct lws_dbus_ctx_wsproxy_client *dbus_ctx; -static struct lws_context *context; -static int interrupted, autoexit_budget = -1, count_rx, count_tx; - -#define THIS_INTERFACE "org.libwebsockets.wsclientproxy" -#define THIS_OBJECT "/org/libwebsockets/wsclientproxy" -#define THIS_BUSNAME "org.libwebsockets.wsclientproxy" - -#define THIS_LISTEN_PATH "unix:abstract=org.libwebsockets.wsclientproxy" - -static void -state_transition(struct lws_dbus_ctx_wsproxy_client *dcwc, - enum lws_dbus_client_state state) -{ - lwsl_notice("%s: %p: from state %d -> %d\n", __func__, - dcwc,dcwc->state, state); - dcwc->state = state; -} - -static DBusHandlerResult -filter(DBusConnection *conn, DBusMessage *message, void *data) -{ - struct lws_dbus_ctx_wsproxy_client *dcwc = - (struct lws_dbus_ctx_wsproxy_client *)data; - const char *str; - - if (!dbus_message_get_args(message, NULL, - DBUS_TYPE_STRING, &str, - DBUS_TYPE_INVALID)) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - /* received ws data */ - - if (dbus_message_is_signal(message, THIS_INTERFACE, "Receive")) { - lwsl_user("%s: Received '%s'\n", __func__, str); - count_rx++; - } - - /* proxy ws connection failed */ - - if (dbus_message_is_signal(message, THIS_INTERFACE, "Status") && - !strcmp(str, "ws client connection error")) - state_transition(dcwc, LDCS_CONN_CLOSED); - - /* proxy ws connection succeeded */ - - if (dbus_message_is_signal(message, THIS_INTERFACE, "Status") && - !strcmp(str, "ws client connection established")) - state_transition(dcwc, LDCS_CONN_ONWARD); - - /* proxy ws connection has closed */ - - if (dbus_message_is_signal(message, THIS_INTERFACE, "Status") && - !strcmp(str, "ws client connection closed")) - state_transition(dcwc, LDCS_CONN_CLOSED); - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -} - -static void -destroy_dbus_client_conn(struct lws_dbus_ctx_wsproxy_client **pdcwc) -{ - struct lws_dbus_ctx_wsproxy_client *dcwc = *pdcwc; - - if (!dcwc || !dcwc->ctx.conn) - return; - - lwsl_notice("%s\n", __func__); - - dbus_connection_remove_filter(dcwc->ctx.conn, filter, &dcwc->ctx); - dbus_connection_close(dcwc->ctx.conn); - dbus_connection_unref(dcwc->ctx.conn); - - free(dcwc); - - *pdcwc = NULL; -} - -/* - * This callback is coming when lws has noticed the fd took a POLLHUP. The - * ctx has effectively gone out of scope before this, and the connection can - * be cleaned up and the ctx freed. - */ - -static void -cb_closing(struct lws_dbus_ctx *ctx) -{ - struct lws_dbus_ctx_wsproxy_client *dcwc = - (struct lws_dbus_ctx_wsproxy_client *)ctx; - - lwsl_err("%s: closing\n", __func__); - - if (dcwc == dbus_ctx) - dbus_ctx = NULL; - - destroy_dbus_client_conn(&dcwc); - - interrupted = 1; -} - -static struct lws_dbus_ctx_wsproxy_client * -create_dbus_client_conn(struct lws_vhost *vh, int tsi, const char *ads) -{ - struct lws_dbus_ctx_wsproxy_client *dcwc; - DBusError e; - - dcwc = malloc(sizeof(*dcwc)); - if (!dcwc) - return NULL; - - memset(dcwc, 0, sizeof(*dcwc)); - - dcwc->state = LDCS_NOTHING; - dcwc->ctx.vh = vh; - dcwc->ctx.tsi = tsi; - - dbus_error_init(&e); - - lwsl_user("%s: connecting to '%s'\n", __func__, ads); -#if 1 - /* connect to our daemon bus */ - - dcwc->ctx.conn = dbus_connection_open_private(ads, &e); - if (!dcwc->ctx.conn) { - lwsl_err("%s: Failed to connect: %s\n", - __func__, e.message); - goto fail; - } -#else - /* connect to the SYSTEM bus */ - - dcwc->ctx.conn = dbus_bus_get(DBUS_BUS_SYSTEM, &e); - if (!dcwc->ctx.conn) { - lwsl_err("%s: Failed to get a session DBus connection: %s\n", - __func__, e.message); - goto fail; - } -#endif - dbus_connection_set_exit_on_disconnect(dcwc->ctx.conn, 0); - - if (!dbus_connection_add_filter(dcwc->ctx.conn, filter, - &dcwc->ctx, NULL)) { - lwsl_err("%s: Failed to add filter\n", __func__); - goto fail; - } - - /* - * This is the part that binds the connection to lws watcher and - * timeout handling provided by lws - */ - - if (lws_dbus_connection_setup(&dcwc->ctx, dcwc->ctx.conn, cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto fail; - } - - state_transition(dcwc, LDCS_CONN); - - lwsl_notice("%s: created OK\n", __func__); - - return dcwc; - -fail: - dbus_error_free(&e); - - free(dcwc); - - return NULL; -} - - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -/* - * This gets called if we timed out waiting for the dbus server reply, or the - * reply arrived. - */ - -static void -pending_call_notify(DBusPendingCall *pending, void *data) -{ - const char *payload; - DBusMessage *msg; - - if (!dbus_pending_call_get_completed(pending)) { - lwsl_err("%s: timed out waiting for reply\n", __func__); - - goto bail; - } - - msg = dbus_pending_call_steal_reply(pending); - if (!msg) - goto bail; - - if (!dbus_message_get_args(msg, NULL, DBUS_TYPE_STRING, &payload, - DBUS_TYPE_INVALID)) { - goto bail1; - } - - lwsl_user("%s: received '%s'\n", __func__, payload); - -bail1: - dbus_message_unref(msg); -bail: - dbus_pending_call_unref(pending); -} - -static int -remote_method_call(struct lws_dbus_ctx_wsproxy_client *dcwc) -{ - char _uri[96]; - const char *subprotocol = "lws-mirror-protocol", *uri = _uri; - DBusMessage *msg; - int ret = 1; - - /* - * make our own private mirror session... because others may run this - * at the same time against libwebsockets.org... as happened 2019-03-14 - * and broke travis tests :-) - */ - - lws_snprintf(_uri, sizeof(_uri), "wss://libwebsockets.org/?mirror=dbt-%d", - (int)getpid()); - - msg = dbus_message_new_method_call( - /* dest */ THIS_BUSNAME, - /* object-path */ THIS_OBJECT, - /* interface */ THIS_INTERFACE, - /* method */ "Connect"); - if (!msg) - return 1; - - if (!dbus_message_append_args(msg, DBUS_TYPE_STRING, &uri, - DBUS_TYPE_STRING, &subprotocol, - DBUS_TYPE_INVALID)) - goto bail; - - lwsl_user("%s: requesting proxy connection %s %s\n", __func__, - uri, subprotocol); - - if (!dbus_connection_send_with_reply(dcwc->ctx.conn, msg, &dcwc->ctx.pc, - DBUS_TIMEOUT_USE_DEFAULT)) { - lwsl_err("%s: unable to send\n", __func__); - - goto bail; - } - - dbus_pending_call_set_notify(dcwc->ctx.pc, pending_call_notify, - &dcwc->ctx, NULL); - - state_transition(dcwc, LDCS_CONN_WAITING_ONWARD); - - ret = 0; - -bail: - dbus_message_unref(msg); - - return ret; -} - -/* - * Stub lws protocol, just so we can get synchronous timers conveniently. - * - * Set up a 1Hz timer and if our connection state is suitable, use that - * to write mirror protocol drawing packets to the proxied ws connection - */ - -static int -callback_just_timer(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - char payload[64]; - const char *ws_pkt = payload; - DBusMessage *msg; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - case LWS_CALLBACK_USER: - lwsl_info("%s: LWS_CALLBACK_USER\n", __func__); - - if (!dbus_ctx || dbus_ctx->state != LDCS_CONN_ONWARD) - goto again; - - if (autoexit_budget > 0) { - if (!--autoexit_budget) { - lwsl_notice("reached autoexit budget\n"); - interrupted = 1; - break; - } - } - - msg = dbus_message_new_method_call(THIS_BUSNAME, THIS_OBJECT, - THIS_INTERFACE, "Send"); - if (!msg) - break; - - lws_snprintf(payload, sizeof(payload), "d #%06X %d %d %d %d;", - rand() & 0xffffff, rand() % 480, rand() % 300, - rand() % 480, rand() % 300); - - if (!dbus_message_append_args(msg, DBUS_TYPE_STRING, &ws_pkt, - DBUS_TYPE_INVALID)) { - dbus_message_unref(msg); - break; - } - - if (!dbus_connection_send_with_reply(dbus_ctx->ctx.conn, msg, - &dbus_ctx->ctx.pc, - DBUS_TIMEOUT_USE_DEFAULT)) { - lwsl_err("%s: unable to send\n", __func__); - dbus_message_unref(msg); - break; - } - - dbus_message_unref(msg); - dbus_pending_call_set_notify(dbus_ctx->ctx.pc, - pending_call_notify, - &dbus_ctx->ctx, NULL); - count_tx++; - -again: - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 2); - break; - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "_just_timer", callback_just_timer, 0, 10, 0, NULL, 0 }, - { } -}; - - -int main(int argc, const char **argv) -{ - struct lws_vhost *vh; - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */ /* | LLL_THREAD */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - if ((p = lws_cmdline_option(argc, argv, "-x"))) - autoexit_budget = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal DBUS ws proxy testclient\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - info.protocols = protocols; - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.options |= - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - vh = lws_create_vhost(context, &info); - if (!vh) - goto bail; - - dbus_ctx = create_dbus_client_conn(vh, 0, THIS_LISTEN_PATH); - if (!dbus_ctx) - goto bail1; - - if (remote_method_call(dbus_ctx)) - goto bail2; - - /* lws event loop (default poll one) */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail2: - destroy_dbus_client_conn(&dbus_ctx); - -bail1: - /* this is required for valgrind-cleanliness */ - dbus_shutdown(); - lws_context_destroy(context); - - lwsl_notice("Exiting cleanly, rx: %d, tx: %d\n", count_rx, count_tx); - - return 0; - -bail: - lwsl_err("%s: failed to start\n", __func__); - lws_context_destroy(context); - - return 1; -} diff --git a/minimal-examples/dbus-server/README.md b/minimal-examples/dbus-server/README.md deleted file mode 100644 index fc59bfb..0000000 --- a/minimal-examples/dbus-server/README.md +++ /dev/null @@ -1,4 +0,0 @@ -|Example|Demonstrates| ----|--- -minimal-dbus-server|Shows how to run a DBUS session server using lws event loop -minimal-dbus-ws-proxy|Control ws client connections via DBUS diff --git a/minimal-examples/dbus-server/minimal-dbus-server/CMakeLists.txt b/minimal-examples/dbus-server/minimal-dbus-server/CMakeLists.txt deleted file mode 100644 index 7260d5a..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-server/CMakeLists.txt +++ /dev/null @@ -1,120 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) -include(CheckLibraryExists) - -set(SAMP lws-minimal-dbus-server) -set(SRCS main.c) - -if (NOT LWS_WITH_MINIMAL_EXAMPLES) - CHECK_LIBRARY_EXISTS(dbus-1 dbus_connection_set_watch_functions "" LWS_HAVE_LIBDBUS) - if (NOT LWS_HAVE_LIBDBUS) - message(FATAL_ERROR "Install dbus-devel, or libdbus-1-dev etc") - endif() - - if (NOT LWS_DBUS_LIB) - set(LWS_DBUS_LIB "dbus-1") - endif() - - if (NOT LWS_DBUS_INCLUDE1) - # look in fedora and debian / ubuntu place - if (EXISTS "/usr/include/dbus-1.0") - set(LWS_DBUS_INCLUDE1 "/usr/include/dbus-1.0") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE1 to /usr/include/dbus-1.0 or wherever the main dbus includes are") - endif() - endif() - - if (NOT LWS_DBUS_INCLUDE2) - # look in fedora... debian / ubuntu has the ARCH in the path... - if (EXISTS "/usr/lib64/dbus-1.0/include") - set(LWS_DBUS_INCLUDE2 "/usr/lib64/dbus-1.0/include") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE2 to /usr/lib/ARCH-linux-gnu/dbus-1.0/include or wherever dbus-arch-deps.h is on your system") - endif() - endif() - - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES};${LWS_DBUS_INCLUDE1};${LWS_DBUS_INCLUDE2}) - - if (NOT LWS_DBUS_INCLUDE1 OR NOT LWS_DBUS_INCLUDE2) - message(FATAL_ERROR "To build with libdbus, LWS_DBUS_INCLUDE1/2 must be given. See lib/roles/dbus/README.md") - endif() - -endif() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_DBUS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - include_directories("${LWS_DBUS_INCLUDE1}") - include_directories("${LWS_DBUS_INCLUDE2}") - list(APPEND LIB_LIST dbus-1) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared ${LWS_DBUS_LIB}) - else() - target_link_libraries(${SAMP} websockets ${LWS_DBUS_LIB}) - endif() -endif() diff --git a/minimal-examples/dbus-server/minimal-dbus-server/README.md b/minimal-examples/dbus-server/minimal-dbus-server/README.md deleted file mode 100644 index 7b61eb1..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-server/README.md +++ /dev/null @@ -1,96 +0,0 @@ -# lws minimal dbus server - -## build - -Using libdbus requires additional non-default include paths setting, same as -is necessary for lws build described in ./lib/roles/dbus/README.md - -CMake can guess one path and the library name usually, see the README above -for details of how to override for custom libdbus and cross build. - -Fedora example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib64/dbus-1.0/include" -$ make -``` - -Ubuntu example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib/x86_64-linux-gnu/dbus-1.0/include" -$ make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 ---session | Bind to session bus instead of creating private abstract unix socket - -By default the minimal server listens using its own abstract unix socket -at `unix:abstract=org.libwebsockets.test`. - -You can also run it instead as a participant on the session bus, without its own -unix socket, by giving `--session`. - -### Examples using the default private abstract unix socket - -``` - $ ./lws-minimal-dbus-server -[2018/10/03 07:08:02:6448] USER: LWS minimal dbus server -[2018/10/03 07:08:02:6693] NOTICE: Creating Vhost 'default' port 0, 1 protocols, IPv6 off -... -``` - -You can communicate with the dbus server over its private abstract socket using, eg - -``` -$ gdbus introspect --address unix:abstract=org.libwebsockets.test --dest org.libwebsockets.test --object-path /org/libwebsockets/test -node /org/example/TestObject { - interface org.freedesktop.DBus.Introspectable { - methods: - Introspect(out s data); - signals: - properties: - }; - interface org.freedesktop.DBus.Properties { - methods: - Get(in s interface, -... -``` - -``` -$ gdbus call --address unix:abstract=org.libwebsockets.test --dest org.libwebsockets.test --object-path /org/libwebsockets/test --method org.libwebsockets.test.Echo HELLO -('HELLO',) -``` - -### Examples using the DBUS session bus - -``` - $ ./lws-minimal-dbus-server --session -[2018/10/03 07:08:02:6448] USER: LWS minimal dbus server -[2018/10/03 07:08:02:6693] NOTICE: Creating Vhost 'default' port 0, 1 protocols, IPv6 off -... -``` - -You can communicate with the dbus server over the session bus using, eg - -``` -$ gdbus introspect --session --dest org.libwebsockets.test --object-path /org/libwebsockets/test -node /org/example/TestObject { - interface org.freedesktop.DBus.Introspectable { - methods: - Introspect(out s data); - signals: - properties: - }; - interface org.freedesktop.DBus.Properties { - methods: - Get(in s interface, -... -``` - -``` -$ gdbus call --session --dest org.libwebsockets.test --object-path /org/libwebsockets/test --method org.libwebsockets.test.Echo HELLO -('HELLO',) -``` diff --git a/minimal-examples/dbus-server/minimal-dbus-server/main.c b/minimal-examples/dbus-server/minimal-dbus-server/main.c deleted file mode 100644 index 0d74b9b..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-server/main.c +++ /dev/null @@ -1,535 +0,0 @@ -/* - * lws-minimal-dbus-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal session dbus server that uses the lws event loop, - * making it possible to integrate it with other lws features. - * - * The dbus server parts are based on "Sample code illustrating basic use of - * D-BUS" (presumed Public Domain) here: - * - * https://github.com/fbuihuu/samples-dbus/blob/master/dbus-server.c - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -static struct lws_context *context; -static const char *version = "0.1"; -static int interrupted; -static struct lws_dbus_ctx dbus_ctx, ctx_listener; -static char session; - -#define THIS_INTERFACE "org.libwebsockets.test" -#define THIS_OBJECT "/org/libwebsockets/test" -#define THIS_BUSNAME "org.libwebsockets.test" - -#define THIS_LISTEN_PATH "unix:abstract=org.libwebsockets.test" - -static const char * -server_introspection_xml = - DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE - "\n" - " \n" - " \n" - " \n" - " \n" - " \n" - - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " " - " \n" - - "\n"; - -static DBusHandlerResult -dmh_introspect(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - dbus_message_append_args(*reply, DBUS_TYPE_STRING, - &server_introspection_xml, DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_get(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - const char *interface, *property; - DBusError err; - - dbus_error_init(&err); - - if (!dbus_message_get_args(m, &err, DBUS_TYPE_STRING, &interface, - DBUS_TYPE_STRING, &property, - DBUS_TYPE_INVALID)) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, err.name, err.message); - dbus_error_free(&err); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - if (strcmp(property, "Version")) /* Unknown property */ - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - dbus_message_append_args(*reply, DBUS_TYPE_STRING, &version, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_getall(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - DBusMessageIter arr, di, iter, va; - const char *property = "Version"; - - dbus_message_iter_init_append(*reply, &iter); - dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "{sv}", &arr); - - /* Append all properties name/value pairs */ - dbus_message_iter_open_container(&arr, DBUS_TYPE_DICT_ENTRY, NULL, &di); - dbus_message_iter_append_basic(&di, DBUS_TYPE_STRING, &property); - dbus_message_iter_open_container(&di, DBUS_TYPE_VARIANT, "s", &va); - dbus_message_iter_append_basic(&va, DBUS_TYPE_STRING, &version); - dbus_message_iter_close_container(&di, &va); - dbus_message_iter_close_container(&arr, &di); - - dbus_message_iter_close_container(&iter, &arr); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_ping(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - const char *pong = "Pong"; - - dbus_message_append_args(*reply, DBUS_TYPE_STRING, &pong, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_echo(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - const char *msg; - DBusError err; - - dbus_error_init(&err); - - if (!dbus_message_get_args(m, &err, DBUS_TYPE_STRING, - &msg, DBUS_TYPE_INVALID)) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, err.name, err.message); - dbus_error_free(&err); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - dbus_message_append_args(*reply, DBUS_TYPE_STRING, &msg, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_emit_signal(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - DBusMessage *r = dbus_message_new_signal(THIS_OBJECT, THIS_INTERFACE, - "OnEmitSignal"); - - if (!r) - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - if (!dbus_connection_send(c, r, NULL)) - return DBUS_HANDLER_RESULT_NEED_MEMORY; - - /* and send the original empty reply after */ - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_emit_quit(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - interrupted = 1; - - return DBUS_HANDLER_RESULT_HANDLED; -} - -struct lws_dbus_methods { - const char *inter; - const char *call; - lws_dbus_message_handler handler; -} meths[] = { - { DBUS_INTERFACE_INTROSPECTABLE, "Introspect", dmh_introspect }, - { DBUS_INTERFACE_PROPERTIES, "Get", dmh_get }, - { DBUS_INTERFACE_PROPERTIES, "GetAll", dmh_getall }, - { THIS_INTERFACE, "Ping", dmh_ping }, - { THIS_INTERFACE, "Echo", dmh_echo }, - { THIS_INTERFACE, "EmitSignal", dmh_emit_signal }, - { THIS_INTERFACE, "Quit", dmh_emit_quit }, -}; - -static DBusHandlerResult -server_message_handler(DBusConnection *conn, DBusMessage *message, void *data) -{ - struct lws_dbus_methods *mp = meths; - DBusHandlerResult result; - DBusMessage *reply = NULL; - size_t n; - - lwsl_info("%s: Got D-Bus request: %s.%s on %s\n", __func__, - dbus_message_get_interface(message), - dbus_message_get_member(message), - dbus_message_get_path(message)); - - for (n = 0; n < LWS_ARRAY_SIZE(meths); n++) { - if (dbus_message_is_method_call(message, mp->inter, mp->call)) { - reply = dbus_message_new_method_return(message); - if (!reply) - return DBUS_HANDLER_RESULT_NEED_MEMORY; - - result = mp->handler(conn, message, &reply, data); - - if (result == DBUS_HANDLER_RESULT_HANDLED && - !dbus_connection_send(conn, reply, NULL)) - result = DBUS_HANDLER_RESULT_NEED_MEMORY; - - dbus_message_unref(reply); - - return result; - } - - mp++; - } - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -} - -static const DBusObjectPathVTable server_vtable = { - .message_function = server_message_handler -}; - -static void -destroy_dbus_server_conn(struct lws_dbus_ctx *ctx) -{ - if (!ctx->conn) - return; - - lwsl_notice("%s\n", __func__); - - dbus_connection_unregister_object_path(ctx->conn, THIS_OBJECT); - lws_dll2_remove(&ctx->next); - dbus_connection_unref(ctx->conn); -} - -static void -cb_closing(struct lws_dbus_ctx *ctx) -{ - lwsl_err("%s: closing\n", __func__); - destroy_dbus_server_conn(ctx); - - free(ctx); -} - - -static void -new_conn(DBusServer *server, DBusConnection *conn, void *data) -{ - struct lws_dbus_ctx *conn_ctx, *ctx = (struct lws_dbus_ctx *)data; - - lwsl_notice("%s: vh %s\n", __func__, lws_get_vhost_name(ctx->vh)); - - conn_ctx = malloc(sizeof(*conn_ctx)); - if (!conn_ctx) - return; - - memset(conn_ctx, 0, sizeof(*conn_ctx)); - - conn_ctx->tsi = ctx->tsi; - conn_ctx->vh = ctx->vh; - conn_ctx->conn = conn; - - if (lws_dbus_connection_setup(conn_ctx, conn, cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto bail; - } - - if (!dbus_connection_register_object_path(conn, THIS_OBJECT, - &server_vtable, conn_ctx)) { - lwsl_err("%s: Failed to register object path\n", __func__); - goto bail; - } - - lws_dll2_add_head(&conn_ctx->next, &ctx->owner); - - /* we take on responsibility for explicit close / unref with this... */ - dbus_connection_ref(conn); - - return; - -bail: - free(conn_ctx); -} - -static int -create_dbus_listener(const char *ads) -{ - DBusError e; - - dbus_error_init(&e); - - if (!lws_dbus_server_listen(&ctx_listener, ads, &e, new_conn)) { - lwsl_err("%s: failed\n", __func__); - dbus_error_free(&e); - - return 1; - } - - return 0; -} - -static int -create_dbus_server_conn(struct lws_dbus_ctx *ctx, DBusBusType type) -{ - DBusError err; - int rv; - - dbus_error_init(&err); - - /* connect to the daemon bus */ - ctx->conn = dbus_bus_get(type, &err); - if (!ctx->conn) { - lwsl_err("%s: Failed to get a session DBus connection: %s\n", - __func__, err.message); - goto fail; - } - - /* - * by default dbus will call exit() when this connection closes... - * we have to shut down other things cleanly, so disable that - */ - dbus_connection_set_exit_on_disconnect(ctx->conn, 0); - - rv = dbus_bus_request_name(ctx->conn, THIS_BUSNAME, - DBUS_NAME_FLAG_REPLACE_EXISTING, &err); - if (rv != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { - lwsl_err("%s: Failed to request name on bus: %s\n", - __func__, err.message); - goto fail; - } - - if (!dbus_connection_register_object_path(ctx->conn, THIS_OBJECT, - &server_vtable, NULL)) { - lwsl_err("%s: Failed to register object path for TestObject\n", - __func__); - dbus_bus_release_name(ctx->conn, THIS_BUSNAME, &err); - goto fail; - } - - /* - * This is the part that binds the connection to lws watcher and - * timeout handling provided by lws - */ - - if (lws_dbus_connection_setup(ctx, ctx->conn, cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto fail; - } - - lwsl_notice("%s: created OK\n", __func__); - - return 0; - -fail: - dbus_error_free(&err); - - return 1; -} - -/* - * Cleanly release the connection - */ - -static void -destroy_dbus_server_listener(struct lws_dbus_ctx *ctx) -{ - dbus_server_disconnect(ctx->dbs); - - lws_start_foreach_dll_safe(struct lws_dll2 *, rdt, nx, - ctx->owner.head) { - struct lws_dbus_ctx *r = - lws_container_of(rdt, struct lws_dbus_ctx, next); - - dbus_connection_close(r->conn); - dbus_connection_unref(r->conn); - free(r); - } lws_end_foreach_dll_safe(rdt, nx); - - dbus_server_unref(ctx->dbs); -} - -/* - * DBUS can send messages outside the usual client-initiated RPC concept. - * - * You can receive them using a message filter. - */ - -static void -spam_connected_clients(struct lws_dbus_ctx *ctx) -{ - - /* send connected clients an unsolicited message */ - - lws_start_foreach_dll_safe(struct lws_dll2 *, rdt, nx, - ctx->owner.head) { - struct lws_dbus_ctx *r = - lws_container_of(rdt, struct lws_dbus_ctx, next); - - - DBusMessage *msg; - const char *payload = "Unsolicited message"; - - msg = dbus_message_new(DBUS_NUM_MESSAGE_TYPES + 1); - if (!msg) { - lwsl_err("%s: new message failed\n", __func__); - } - - dbus_message_append_args(msg, DBUS_TYPE_STRING, &payload, - DBUS_TYPE_INVALID); - if (!dbus_connection_send(r->conn, msg, NULL)) { - lwsl_err("%s: unable to send\n", __func__); - } - - lwsl_notice("%s\n", __func__); - - dbus_message_unref(msg); - - } lws_end_foreach_dll_safe(rdt, nx); - -} - - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */ /* | LLL_THREAD */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal DBUS server\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.options |= - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - dbus_ctx.tsi = 0; - ctx_listener.tsi = 0; - ctx_listener.vh = dbus_ctx.vh = lws_create_vhost(context, &info); - if (!dbus_ctx.vh) - goto bail; - - session = !!lws_cmdline_option(argc, argv, "--session"); - - if (session) { - /* create the dbus connection, loosely bound to our lws vhost */ - - if (create_dbus_server_conn(&dbus_ctx, DBUS_BUS_SESSION)) - goto bail; - } else { - if (create_dbus_listener(THIS_LISTEN_PATH)) { - lwsl_err("%s: create_dbus_listener failed\n", __func__); - goto bail; - } - } - - /* lws event loop (default poll one) */ - - while (n >= 0 && !interrupted) { - if (!session) - spam_connected_clients(&ctx_listener); - n = lws_service(context, 0); - } - - if (session) - destroy_dbus_server_conn(&dbus_ctx); - else - destroy_dbus_server_listener(&ctx_listener); - - /* this is required for valgrind-cleanliness */ - dbus_shutdown(); - lws_context_destroy(context); - - lwsl_notice("Exiting cleanly\n"); - - return 0; - -bail: - lwsl_err("%s: failed to start\n", __func__); - - lws_context_destroy(context); - - return 1; -} diff --git a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/CMakeLists.txt b/minimal-examples/dbus-server/minimal-dbus-ws-proxy/CMakeLists.txt deleted file mode 100644 index bad9ec3..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/CMakeLists.txt +++ /dev/null @@ -1,122 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) -include(CheckLibraryExists) - -set(SAMP lws-minimal-dbus-ws-proxy) -set(SRCS main.c) - -if (NOT LWS_WITH_MINIMAL_EXAMPLES) - CHECK_LIBRARY_EXISTS(dbus-1 dbus_connection_set_watch_functions "" LWS_HAVE_LIBDBUS) - if (NOT LWS_HAVE_LIBDBUS) - message(FATAL_ERROR "Install dbus-devel, or libdbus-1-dev etc") - endif() - - if (NOT LWS_DBUS_LIB) - set(LWS_DBUS_LIB "dbus-1") - endif() - - if (NOT LWS_DBUS_INCLUDE1) - # look in fedora and debian / ubuntu place - if (EXISTS "/usr/include/dbus-1.0") - set(LWS_DBUS_INCLUDE1 "/usr/include/dbus-1.0") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE1 to /usr/include/dbus-1.0 or wherever the main dbus includes are") - endif() - endif() - - if (NOT LWS_DBUS_INCLUDE2) - # look in fedora... debian / ubuntu has the ARCH in the path... - if (EXISTS "/usr/lib64/dbus-1.0/include") - set(LWS_DBUS_INCLUDE2 "/usr/lib64/dbus-1.0/include") - else() - message(FATAL_ERROR "Set LWS_DBUS_INCLUDE2 to /usr/lib/ARCH-linux-gnu/dbus-1.0/include or wherever dbus-arch-deps.h is on your system") - endif() - endif() - - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES};${LWS_DBUS_INCLUDE1};${LWS_DBUS_INCLUDE2}) - - if (NOT LWS_DBUS_INCLUDE1 OR NOT LWS_DBUS_INCLUDE2) - message(FATAL_ERROR "To build with libdbus, LWS_DBUS_INCLUDE1/2 must be given. See lib/roles/dbus/README.md") - endif() - -endif() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_DBUS 1 requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - include_directories("${LWS_DBUS_INCLUDE1}") - include_directories("${LWS_DBUS_INCLUDE2}") - list(APPEND LIB_LIST dbus-1) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared ${LWS_DBUS_LIB}) - else() - target_link_libraries(${SAMP} websockets ${LWS_DBUS_LIB}) - endif() -endif() diff --git a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/README.md b/minimal-examples/dbus-server/minimal-dbus-ws-proxy/README.md deleted file mode 100644 index 7192854..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/README.md +++ /dev/null @@ -1,115 +0,0 @@ -# lws minimal dbus ws proxy - -This is an application which presents a DBUS server on one side, and a -websocket client proxy on the other. - -You connect to it over DBUS, send a Connect method on its interface giving -a URI and a ws subprotocol name. - -It replies with a string "Connecting" if all is well. - -Connection progress (including close) is then provided using type 7 messages -sent back to the dbus client. - -Payload from the ws connection is provided using type 6 messages sent back to -the dbus client. - -## build - -Using libdbus requires additional non-default include paths setting, same as -is necessary for lws build described in ./lib/roles/dbus/README.md - -CMake can guess one path and the library name usually, see the README above -for details of how to override for custom libdbus and cross build. - -Fedora example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib64/dbus-1.0/include" -$ make -``` - -Ubuntu example: -``` -$ cmake .. -DLWS_DBUS_INCLUDE2="/usr/lib/x86_64-linux-gnu/dbus-1.0/include" -$ make -``` - -## Configuration - -The dbus-ws-proxy server tries to register its actual bus name with the SYSTEM -bus in DBUS. If it fails, eg because of insufficient permissions on the user, -then it continues without that and starts its own daemon normally. - -The main dbus daemon must be told how to accept these registrations if that's -what you want. A config file is provided that tells dbus to allow the -well-known busname for this daemon to be registered, but only by root. - -``` -$ sudo cp org.libwebsockets.wsclientproxy.conf /etc/dbus-1/system.d -$ sudo systemctl restart dbus -``` - -## usage - -Run the dbus-ws-proxy server, then start lws-minimal-dbus-ws-proxy-testclient in -another terminal. - -This test app sends a random line drawing message to the mirror example on -https://libwebsockets.org/testserver every couple of seconds, and displays -any received messages (such as its own sends mirrored back, or anything -drawn in the canvas in a browser). - -``` - $ sudo ./lws-minimal-dbus-ws-proxy-testclient -[2018/10/07 10:05:29:2084] USER: LWS minimal DBUS ws proxy testclient -[2018/10/07 10:05:29:2345] NOTICE: Creating Vhost 'default' port 0, 1 protocols, IPv6 off -[2018/10/07 10:05:29:2424] USER: create_dbus_client_conn: connecting to 'unix:abstract=org.libwebsockets.wsclientproxy' -[2018/10/07 10:05:29:2997] NOTICE: state_transition: 0x5679720: from state 0 -> 1 -[2018/10/07 10:05:29:2999] NOTICE: create_dbus_client_conn: created OK -[2018/10/07 10:05:29:3232] USER: remote_method_call: requesting proxy connection wss://libwebsockets.org/ lws-mirror-protocol -[2018/10/07 10:05:29:3450] NOTICE: state_transition: 0x5679720: from state 1 -> 2 -[2018/10/07 10:05:29:5972] USER: pending_call_notify: received 'Connecting' -[2018/10/07 10:05:31:3387] NOTICE: state_transition: 0x5679720: from state 2 -> 3 -[2018/10/07 10:05:33:6672] USER: filter: Received 'd #B0DC51 115 177 166 283;' -[2018/10/07 10:05:35:9723] USER: filter: Received 'd #E87CCD 9 192 106 235;' -[2018/10/07 10:05:38:2784] USER: filter: Received 'd #E2A9E3 379 290 427 62;' -[2018/10/07 10:05:39:5833] USER: filter: Received 'd #B127F8 52 126 60 226;' -[2018/10/07 10:05:41:8908] USER: filter: Received 'd #0E0F76 429 267 8 11;' -... -``` - -## ws proxy DBUS details - -### Fixed details - -Item|Value ----|--- -Address|unix:abstract=org.libwebsockets.wsclientproxy -Interface|org.libwebsockets.wsclientproxy -Bus Name|org.libwebsockets.wsclientproxy -Object path|/org/libwebsockets/wsclientproxy - -### Interface Methods - -Method|Arguments|Returns ----|---|--- -Connect|s: ws URI, s: ws subprotocol name|"Bad Uri", "Connecting" or "Failed" -Send|s: payload|Empty message if no problem, or error message - -When Connecting, the actual connection happens asynchronously if the initial -connection attempt doesn't fail immediately. If it's continuing in the -background, the reply will have been "Connecting". - -### Signals - -Signal Name|Argument|Meaning ----|---|--- -Receive|s: payload|Received data from the ws link -Status|s: status|See table below - -Status String|Meaning ----|--- -"ws client connection error"|The ws connection attempt ended with a fatal error -"ws client connection established"|The ws connection attempt succeeded -"ws client connection closed"|The ws connection has closed - diff --git a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/main.c b/minimal-examples/dbus-server/minimal-dbus-ws-proxy/main.c deleted file mode 100644 index f926c80..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/main.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * lws-minimal-dbus-ws-proxy - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal session dbus server that uses the lws event loop, - * and allows proxying ws client connections via DBUS. - */ - -#include -#include -#include -#include -#include -#include - -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_dbus_ws_proxy.c" - -static int interrupted; -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_DBUS_WSPROXY, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* - * we pass the dbus address to connect to proxy with from outside the - * protocol plugin... eg if built as a plugin for lwsws, you would instead - * set this pvo in the lwsws JSON config. - */ - -static const struct lws_protocol_vhost_options pvo_ads = { - NULL, - NULL, - "ads", /* pvo name */ - (void *)"unix:abstract=org.libwebsockets.wsclientproxy" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_ads, /* "child" pvo linked-list */ - "lws-minimal-dbus-wsproxy", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - static struct lws_context *context; - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */ /* | LLL_THREAD */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS DBUS ws client proxy\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.port = CONTEXT_PORT_NO_LISTEN; - info.ws_ping_pong_interval = 30; - info.protocols = protocols; - info.pvo = &pvo; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* lws event loop (default poll one) */ - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - lwsl_notice("Exiting cleanly\n"); - - return 0; -} diff --git a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/org.libwebsockets.wsclientproxy.conf b/minimal-examples/dbus-server/minimal-dbus-ws-proxy/org.libwebsockets.wsclientproxy.conf deleted file mode 100644 index 49e430b..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/org.libwebsockets.wsclientproxy.conf +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - - - - - - - diff --git a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/protocol_lws_minimal_dbus_ws_proxy.c b/minimal-examples/dbus-server/minimal-dbus-ws-proxy/protocol_lws_minimal_dbus_ws_proxy.c deleted file mode 100644 index 693acc7..0000000 --- a/minimal-examples/dbus-server/minimal-dbus-ws-proxy/protocol_lws_minimal_dbus_ws_proxy.c +++ /dev/null @@ -1,828 +0,0 @@ -/* - * ws protocol handler plugin for dbus ws proxy - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This proxies outgoing ws client connections on DBUS. So a DBUS client can - * reach out and get remote WS payloads in both directions. - * - * DEVELOPER NOTE - * - * Two worlds, dbus and ws, collide in this file. - * - * There main thing keeping it sane is both worlds are running in the same - * thread and on the same event loop. Although things may happen completely - * asynchronously in both worlds, the logical reaction to those events are - * serialized in a single event loop doing one thing at a time. - * - * So while you are servicing an event in the ws world, you can be certain the - * logical state of any related dbus thing cannot change underneath you, until - * you return back to the event loop, and vice versa. So other-world objects - * can't be freed, other-world handles can't close etc while you are servicing - * in your world. - * - * Since all bets are off what happens next, and in which world, after you - * return back to the event loop though, an additional rule is needed: worlds - * must not allocate in objects owned by the other world. They must generate - * their own objects in their world and use those for allocations and state. - * - * For example in the dbus-world there is a struct lws_dbus_ctx_wsproxy with - * various state, but he is subject to deletion by events in dbus-world. If - * the ws-world stored things there, they are subject to going out of scope - * at the whim of the dbus connection without the ws world hearing about it and - * cleanly deallocaing them. So the ws world must keep his own pss that remains - * in scope until the ws link closes for allocations from ws-world. - * - * In this application there's a point of contact between the worlds, a ring - * buffer allocated in ws world when the ws connection is established, and - * deallocated when the ws connection is closed. The DBUS world needs to put - * things in this ringbuffer. But the way lws_ring works, when the message - * allocated in DBUS world is queued on the ringbuffer, the ringbuffer itself - * takes responsibility for deallocation. So there is no problem. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#include -#endif - -#include -#include -#include - -/* - * dbus accepted connections create these larger context structs that start - * with the lws dbus context - */ - -struct vhd_dbus_proxy; - -struct msg { - void *payload; /* is malloc'd */ - size_t len; - char binary; - char first; - char final; -}; - -struct pss_dbus_proxy { - struct lws_ring *ring_out; - uint32_t ring_out_tail; -}; - -struct lws_dbus_ctx_wsproxy { - struct lws_dbus_ctx ctx; - - struct lws *cwsi; - struct vhd_dbus_proxy *vhd; - struct pss_dbus_proxy *pss; -}; - -struct vhd_dbus_proxy { - struct lws_context *context; - struct lws_vhost *vhost; - - /* - * Because the listener ctx is composed in the vhd, we can always get a - * pointer to the outer vhd from a pointer to ctx_listener inside. - */ - struct lws_dbus_ctx ctx_listener; - struct lws_dbus_ctx_wsproxy dctx; - - const char *dbus_listen_ads; -}; - -#define THIS_INTERFACE "org.libwebsockets.wsclientproxy" -#define THIS_OBJECT "/org/libwebsockets/wsclientproxy" -#define THIS_BUSNAME "org.libwebsockets.wsclientproxy" -static const char *version = "0.1"; - -static const char *server_introspection_xml = - DBUS_INTROSPECT_1_0_XML_DOCTYPE_DECL_NODE - "\n" - " \n" - " \n" - " \n" - " \n" - " \n" - - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " \n" - " " - " \n" - " " - " \n" - - "\n"; - -static void -destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -/* - * DBUS WORLD - */ - -static DBusHandlerResult -dmh_introspect(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - dbus_message_append_args(*reply, - DBUS_TYPE_STRING, &server_introspection_xml, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_get(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - const char *interface, *property; - DBusError err; - - dbus_error_init(&err); - - if (!dbus_message_get_args(m, &err, DBUS_TYPE_STRING, &interface, - DBUS_TYPE_STRING, &property, - DBUS_TYPE_INVALID)) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, err.name, err.message); - dbus_error_free(&err); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - if (strcmp(property, "Version")) /* Unknown property */ - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; - - dbus_message_append_args(*reply, DBUS_TYPE_STRING, &version, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_getall(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - DBusMessageIter arr, di, iter, va; - const char *property = "Version"; - - dbus_message_iter_init_append(*reply, &iter); - dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY, "{sv}", &arr); - - /* Append all properties name/value pairs */ - dbus_message_iter_open_container(&arr, DBUS_TYPE_DICT_ENTRY, NULL, &di); - dbus_message_iter_append_basic(&di, DBUS_TYPE_STRING, &property); - dbus_message_iter_open_container(&di, DBUS_TYPE_VARIANT, "s", &va); - dbus_message_iter_append_basic(&va, DBUS_TYPE_STRING, &version); - dbus_message_iter_close_container(&di, &va); - dbus_message_iter_close_container(&arr, &di); - - dbus_message_iter_close_container(&iter, &arr); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static DBusHandlerResult -dmh_connect(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - struct lws_dbus_ctx_wsproxy *wspctx = (struct lws_dbus_ctx_wsproxy *)d; - const char *prot = "", *ads = "", *path = "", *baduri = "Bad Uri", - *connecting = "Connecting", *failed = "Failed", **pp; - struct lws_client_connect_info i; - char host[128], uri_copy[512]; - const char *uri, *subprotocol; - DBusError err; - int port = 0; - - dbus_error_init(&err); - - if (!dbus_message_get_args(m, &err, DBUS_TYPE_STRING, &uri, - DBUS_TYPE_STRING, &subprotocol, - DBUS_TYPE_INVALID)) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, err.name, err.message); - dbus_error_free(&err); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - strncpy(uri_copy, uri, sizeof(uri_copy) - 1); - uri_copy[sizeof(uri_copy) - 1] = '\0'; - - if (lws_parse_uri(uri_copy, &prot, &ads, &port, &path)) { - pp = &baduri; - goto send_reply; - } - - lws_snprintf(host, sizeof(host), "%s:%u", ads, port); - - memset(&i, 0, sizeof(i)); - - assert(wspctx); - assert(wspctx->vhd); - - i.context = wspctx->vhd->context; - i.port = port; - i.address = ads; - i.path = path; - i.host = host; - i.origin = host; - i.ssl_connection = !strcmp(prot, "https") || !strcmp(prot, "wss"); - i.vhost = wspctx->ctx.vh; - i.protocol = subprotocol; - i.local_protocol_name = "lws-minimal-dbus-wsproxy"; - i.pwsi = &wspctx->cwsi; - - lwsl_user("%s: connecting to %s://%s:%d%s\n", __func__, prot, - i.address, i.port, i.path); - - if (!lws_client_connect_via_info(&i)) { - lwsl_notice("%s: client connect failed\n", __func__); - pp = &failed; - goto send_reply; - } - - lws_set_opaque_parent_data(wspctx->cwsi, wspctx); - lwsl_notice("%s: client connecting...\n", __func__); - pp = &connecting; - -send_reply: - dbus_message_append_args(*reply, DBUS_TYPE_STRING, pp, - DBUS_TYPE_INVALID); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -static int -issue_dbus_signal(struct lws *wsi, const char *signame, const char *string) -{ - struct lws_dbus_ctx_wsproxy *wspctx = - lws_get_opaque_parent_data(wsi); - DBusMessage *m; - - if (!wspctx) - return 1; - - m = dbus_message_new_signal(THIS_OBJECT, THIS_INTERFACE, signame); - if (!m) { - lwsl_err("%s: new signal failed\n", __func__); - return 1; - } - - dbus_message_append_args(m, DBUS_TYPE_STRING, &string, - DBUS_TYPE_INVALID); - - if (!dbus_connection_send(wspctx->ctx.conn, m, NULL)) - lwsl_err("%s: unable to send\n", __func__); - - dbus_message_unref(m); - - return 0; -} - -static DBusHandlerResult -dmh_send(DBusConnection *c, DBusMessage *m, DBusMessage **reply, void *d) -{ - struct lws_dbus_ctx_wsproxy *wspctx = (struct lws_dbus_ctx_wsproxy *)d; - const char *payload; - struct msg amsg; - DBusError err; - - dbus_error_init(&err); - - if (!wspctx->cwsi || !wspctx->pss) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, "Send Fail", "No ws conn"); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - if (!dbus_message_get_args(m, &err, DBUS_TYPE_STRING, &payload, - DBUS_TYPE_INVALID)) { - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, err.name, err.message); - dbus_error_free(&err); - - return DBUS_HANDLER_RESULT_HANDLED; - } - - /* - * we allocate on the ringbuffer in ws world, but responsibility for - * freeing it is understood by lws_ring. - */ - - amsg.len = strlen(payload); - /* notice we over-allocate by LWS_PRE */ - amsg.payload = malloc(LWS_PRE + amsg.len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, "Send Fail", "OOM"); - - return DBUS_HANDLER_RESULT_HANDLED; - } - amsg.binary = 0; - amsg.first = 1; - amsg.final = 1; - - memcpy((char *)amsg.payload + LWS_PRE, payload, amsg.len); - if (!lws_ring_insert(wspctx->pss->ring_out, &amsg, 1)) { - destroy_message(&amsg); - lwsl_user("Ring Full!\n"); - dbus_message_unref(*reply); - *reply = dbus_message_new_error(m, "Send Fail", "Ring full"); - - return DBUS_HANDLER_RESULT_HANDLED; - } - if (wspctx->cwsi) - lws_callback_on_writable(wspctx->cwsi); - - return DBUS_HANDLER_RESULT_HANDLED; -} - -struct lws_dbus_methods { - const char *inter; - const char *call; - lws_dbus_message_handler handler; -} meths[] = { - { DBUS_INTERFACE_INTROSPECTABLE, "Introspect", dmh_introspect }, - { DBUS_INTERFACE_PROPERTIES, "Get", dmh_get }, - { DBUS_INTERFACE_PROPERTIES, "GetAll", dmh_getall }, - { THIS_INTERFACE, "Connect", dmh_connect }, - { THIS_INTERFACE, "Send", dmh_send }, -}; - -static DBusHandlerResult -server_message_handler(DBusConnection *conn, DBusMessage *message, void *data) -{ - struct lws_dbus_methods *mp = meths; - DBusMessage *reply = NULL; - DBusHandlerResult result; - size_t n; - - assert(data); - - lwsl_info("%s: Got D-Bus request: %s.%s on %s\n", __func__, - dbus_message_get_interface(message), - dbus_message_get_member(message), - dbus_message_get_path(message)); - - for (n = 0; n < LWS_ARRAY_SIZE(meths); n++) { - if (dbus_message_is_method_call(message, mp->inter, mp->call)) { - reply = dbus_message_new_method_return(message); - if (!reply) - return DBUS_HANDLER_RESULT_NEED_MEMORY; - - result = mp->handler(conn, message, &reply, data); - - if (result == DBUS_HANDLER_RESULT_HANDLED && - !dbus_connection_send(conn, reply, NULL)) - result = DBUS_HANDLER_RESULT_NEED_MEMORY; - - dbus_message_unref(reply); - - return result; - } - - mp++; - } - - return DBUS_HANDLER_RESULT_NOT_YET_HANDLED; -} - -static const DBusObjectPathVTable vtable = { - .message_function = server_message_handler -}; - -static void -destroy_dbus_server_conn(struct lws_dbus_ctx_wsproxy *wsctx) -{ - if (!wsctx->ctx.conn) - return; - - lwsl_notice("%s\n", __func__); - - dbus_connection_unregister_object_path(wsctx->ctx.conn, THIS_OBJECT); - lws_dll2_remove(&wsctx->ctx.next); - dbus_connection_unref(wsctx->ctx.conn); -} - -/* - * This is the client dbus side going away. We need to stop the associated - * client ws part and make sure it can't dereference us now we are gone. - */ - -static void -cb_closing(struct lws_dbus_ctx *ctx) -{ - struct lws_dbus_ctx_wsproxy *wspctx = - (struct lws_dbus_ctx_wsproxy *)ctx; - lwsl_err("%s: closing\n", __func__); - - /* - * We have to take care that the associated proxy wsi knows our - * dbus ctx is going out of scope after we return from here. - * - * We do it by setting its pointer to our dbus ctx to NULL. - */ - - if (wspctx->cwsi) { - lws_set_opaque_parent_data(wspctx->cwsi, NULL); - lws_set_timeout(wspctx->cwsi, - PENDING_TIMEOUT_KILLED_BY_PROXY_CLIENT_CLOSE, - LWS_TO_KILL_ASYNC); - } - - destroy_dbus_server_conn(wspctx); - - free(wspctx); -} - -static void -new_conn(DBusServer *server, DBusConnection *conn, void *d) -{ - struct lws_dbus_ctx_wsproxy *conn_wspctx, /* the new conn context */ - /* the listener context */ - *wspctx = (struct lws_dbus_ctx_wsproxy *)d; - struct vhd_dbus_proxy *vhd = lws_container_of(d, - struct vhd_dbus_proxy, ctx_listener); - - assert(vhd->vhost == wspctx->ctx.vh); - - lwsl_notice("%s\n", __func__); - - conn_wspctx = malloc(sizeof(*conn_wspctx)); - if (!conn_wspctx) - return; - - memset(conn_wspctx, 0, sizeof(*conn_wspctx)); - - conn_wspctx->ctx.tsi = wspctx->ctx.tsi; - conn_wspctx->ctx.vh = wspctx->ctx.vh; - conn_wspctx->ctx.conn = conn; - conn_wspctx->vhd = vhd; /* let accepted connections also know the vhd */ - - assert(conn_wspctx->vhd); - - if (lws_dbus_connection_setup(&conn_wspctx->ctx, conn, cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto bail; - } - - if (!dbus_connection_register_object_path(conn, THIS_OBJECT, &vtable, - conn_wspctx)) { - lwsl_err("%s: Failed to register object path\n", __func__); - goto bail; - } - - lws_dll2_add_head(&conn_wspctx->ctx.next, &wspctx->ctx.owner); - - /* we take on responsibility for explicit close / unref with this... */ - dbus_connection_ref(conn); - - return; - -bail: - free(conn_wspctx); -} - -static int -create_dbus_listener(struct vhd_dbus_proxy *vhd, int tsi) -{ - DBusError e; - - dbus_error_init(&e); -#if 0 - vhd->dctx.ctx.tsi = tsi; - vhd->dctx.ctx.vh = vhd->vhost; - vhd->dctx.ctx.next.prev = NULL; - vhd->dctx.ctx.next.next = NULL; - vhd->dctx.vhd = vhd; - vhd->dctx.cwsi = NULL; - - /* connect to the SYSTEM bus */ - - vhd->dctx.ctx.conn = dbus_bus_get(DBUS_BUS_SYSTEM, &e); - if (!vhd->dctx.ctx.conn) { - lwsl_notice("%s: Failed to get a session DBus connection: '%s'" - ", continuing with daemon listener only\n", - __func__, e.message); - dbus_error_free(&e); - dbus_error_init(&e); - goto daemon; - } - - /* - * by default dbus will call exit() when this connection closes... - * we have to shut down other things cleanly, so disable that - */ - dbus_connection_set_exit_on_disconnect(vhd->dctx.ctx.conn, 0); - - if (dbus_bus_request_name(vhd->dctx.ctx.conn, THIS_BUSNAME, - DBUS_NAME_FLAG_REPLACE_EXISTING, &e) != - DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { - lwsl_notice("%s: Failed to request name on bus: '%s'," - " continuing with daemon listener only\n", - __func__, e.message); - dbus_connection_unref(vhd->dctx.ctx.conn); - vhd->dctx.ctx.conn = NULL; - dbus_error_free(&e); - dbus_error_init(&e); - goto daemon; - } - - if (!dbus_connection_register_object_path(vhd->dctx.ctx.conn, - THIS_OBJECT, &vtable, - &vhd->dctx)) { - lwsl_err("%s: Failed to register object path\n", __func__); - goto fail; - } - - /* - * This is the part that binds the connection to lws watcher and - * timeout handling provided by lws - */ - - if (lws_dbus_connection_setup(&vhd->dctx.ctx, vhd->dctx.ctx.conn, - cb_closing)) { - lwsl_err("%s: connection bind to lws failed\n", __func__); - goto fail; - } - -daemon: -#endif - vhd->ctx_listener.vh = vhd->vhost; - vhd->ctx_listener.tsi = tsi; - - if (!lws_dbus_server_listen(&vhd->ctx_listener, vhd->dbus_listen_ads, - &e, new_conn)) { - lwsl_err("%s: failed\n", __func__); - dbus_error_free(&e); - - return 1; - } - - lwsl_notice("%s: created DBUS listener on %s\n", __func__, - vhd->dbus_listen_ads); - - return 0; -#if 0 -fail: - dbus_error_free(&e); - - return 1; -#endif -} - -static void -destroy_dbus_server_listener(struct vhd_dbus_proxy *vhd) -{ - dbus_server_disconnect(vhd->ctx_listener.dbs); - - lws_start_foreach_dll_safe(struct lws_dll2 *, rdt, nx, - vhd->ctx_listener.owner.head) { - struct lws_dbus_ctx *r = lws_container_of(rdt, - struct lws_dbus_ctx, next); - - dbus_connection_close(r->conn); - dbus_connection_unref(r->conn); - free(r); - } lws_end_foreach_dll_safe(rdt, nx); - - if (vhd->dctx.ctx.conn) - dbus_connection_unref(vhd->dctx.ctx.conn); - dbus_server_unref(vhd->ctx_listener.dbs); -} - -/* - * WS WORLD - */ - -static int -callback_minimal_dbus_wsproxy(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct pss_dbus_proxy *pss = (struct pss_dbus_proxy *)user; - struct vhd_dbus_proxy *vhd = (struct vhd_dbus_proxy *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - struct lws_dbus_ctx_wsproxy *wspctx; - const struct msg *pmsg; - int flags, m; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), sizeof(*vhd)); - if (!vhd) - return -1; - - vhd->context = lws_get_context(wsi); - vhd->vhost = lws_get_vhost(wsi); - - if (lws_pvo_get_str(in, "ads", &vhd->dbus_listen_ads)) { - lwsl_err("%s: pvo 'ads' must be set\n", __func__); - return -1; - } - - if (create_dbus_listener(vhd, 0)) { - lwsl_err("%s: create_dbus_listener failed\n", __func__); - return -1; - } - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - destroy_dbus_server_listener(vhd); - /* this is required for valgrind-cleanliness */ - dbus_shutdown(); - break; - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("LWS_CALLBACK_CLIENT_ESTABLISHED\n"); - - /* - * create the send ringbuffer now the ws connection is - * established. - */ - - wspctx = lws_get_opaque_parent_data(wsi); - if (!wspctx) - break; - - wspctx->pss = pss; - pss->ring_out_tail = 0; - pss->ring_out = lws_ring_create(sizeof(struct msg), 8, - destroy_message); - if (!pss->ring_out) { - lwsl_err("OOM\n"); - return -1; - } - - issue_dbus_signal(wsi, "Status", - "ws client connection established"); - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - lwsl_user("LWS_CALLBACK_CLIENT_WRITEABLE:\n"); - - pmsg = lws_ring_get_element(pss->ring_out, &pss->ring_out_tail); - if (!pmsg) { - lwsl_user(" (nothing in ring)\n"); - break; - } - - flags = lws_write_ws_flags( - pmsg->binary ? LWS_WRITE_BINARY : LWS_WRITE_TEXT, - pmsg->first, pmsg->final); - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + LWS_PRE, - pmsg->len, flags); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lwsl_user(" wrote %d: flags: 0x%x first: %d final %d\n", - m, flags, pmsg->first, pmsg->final); - - lws_ring_consume_single_tail(pss->ring_out, - &pss->ring_out_tail, 1); - - /* more to do for us? */ - if (lws_ring_get_element(pss->ring_out, &pss->ring_out_tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(wsi); - - break; - - case LWS_CALLBACK_CLIENT_RECEIVE: - - lwsl_user("LWS_CALLBACK_CLIENT_RECEIVE: %4d " - "(rpp %5d, first %d, last %d, bin %d)\n", - (int)len, (int)lws_remaining_packet_payload(wsi), - lws_is_first_fragment(wsi), - lws_is_final_fragment(wsi), - lws_frame_is_binary(wsi)); - - { - char strbuf[256]; - int l = len; - - if (l > (int)sizeof(strbuf) - 1) - l = sizeof(strbuf) - 1; - - memcpy(strbuf, in, l); - strbuf[l] = '\0'; - - issue_dbus_signal(wsi, "Receive", strbuf); - } - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - issue_dbus_signal(wsi, "Status", "ws client connection error"); - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - lwsl_err("LWS_CALLBACK_CLIENT_CLOSED ()\n"); - issue_dbus_signal(wsi, "Status", "ws client connection closed"); - - /* destroy any ringbuffer and pending messages */ - - lws_ring_destroy(pss->ring_out); - - wspctx = lws_get_opaque_parent_data(wsi); - if (!wspctx) - break; - - /* - * the wspctx cannot refer to its child wsi any longer, it is - * about to go out of scope. - */ - - wspctx->cwsi = NULL; - wspctx->pss = NULL; - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL_DBUS_WSPROXY \ - { \ - "lws-minimal-dbus-wsproxy", \ - callback_minimal_dbus_wsproxy, \ - sizeof(struct pss_dbus_proxy), \ - 1024, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_DBUS_WSPROXY -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal_dbus_wsproxy(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal_dbus_wsproxy(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/http-client/README.md b/minimal-examples/http-client/README.md deleted file mode 100644 index fc56f6c..0000000 --- a/minimal-examples/http-client/README.md +++ /dev/null @@ -1,8 +0,0 @@ -|name|demonstrates| ----|--- -minimal-http-client-certinfo|Shows how to gain detailed information on the peer certificate -minimal-http-client-custom-headers|Shows how to send and receive custom headers (h1 only) -minimal-http-client-hugeurl|Sends a > 2.5KB URL to warmcat.com -minimal-http-client-multi|Connects to and reads https://warmcat.com, 8 times concurrently -minimal-http-client-post|POSTs a form containing an uploaded file and a form variable, and captures the response -minimal-http-client|Connects to and reads https://warmcat.com diff --git a/minimal-examples/http-client/minimal-http-client-certinfo/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client-certinfo/CMakeLists.txt deleted file mode 100644 index 1bc44df..0000000 --- a/minimal-examples/http-client/minimal-http-client-certinfo/CMakeLists.txt +++ /dev/null @@ -1,80 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client-certinfo) -set(SRCS minimal-http-client-certinfo.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-client/minimal-http-client-certinfo/README.md b/minimal-examples/http-client/minimal-http-client-certinfo/README.md deleted file mode 100644 index ff6ada4..0000000 --- a/minimal-examples/http-client/minimal-http-client-certinfo/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# lws minimal http client certinfo - -This demonstrates how to dump information from the peer -certificate largely independent of the tls backend. - -The application goes to https://warmcat.com and receives the page data. - -Before receiving the page it dumps information on the server's cert. - -This works independently of the tls backend being OpenSSL or mbedTLS. - -However the public keys cannot be compared between the two tls -backends, since they produce different representations. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --l| Connect to https://localhost:7681 and accept selfsigned cert ---h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it - -``` - $ ./lws-minimal-http-client-certinfo -[2018/04/05 21:39:26:5882] USER: LWS minimal http client -[2018/04/05 21:39:26:5897] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 on -[2018/04/05 21:39:26:5955] NOTICE: created client ssl context for default -[2018/04/05 21:39:28:0824] NOTICE: lws_http_client_http_response 200 -[2018/04/05 21:39:28:0824] NOTICE: Peer Cert CN : warmcat.com -[2018/04/05 21:39:28:0824] NOTICE: Peer Cert issuer : /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited -[2018/04/05 21:39:28:0825] NOTICE: Peer Cert Valid from: Mon Nov 3 00:00:00 2014 -[2018/04/05 21:39:28:0825] NOTICE: Peer Cert Valid to : Sat Nov 2 23:59:59 2019 -[2018/04/05 21:39:28:0825] NOTICE: Peer Cert usage bits: 0xa0 -[2018/04/05 21:39:28:0825] NOTICE: Peer Cert public key: -[2018/04/05 21:39:28:0825] NOTICE: -[2018/04/05 21:39:28:0825] NOTICE: 0000: 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 0.."0...*.H..... -[2018/04/05 21:39:28:0825] NOTICE: 0010: 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 ........0....... -[2018/04/05 21:39:28:0825] NOTICE: 0020: 00 EC 39 C1 98 25 A8 99 AC 01 9B D2 16 C0 CA A3 ..9..%.......... -[2018/04/05 21:39:28:0825] NOTICE: 0030: 0E 19 57 E5 3D 23 F3 79 7E 63 BF CD B8 88 D1 16 ..W.=#.y~c...... -[2018/04/05 21:39:28:0825] NOTICE: 0040: C6 F0 A6 ED 66 CB F3 C3 D6 7E A7 A3 AB 00 0A 3E ....f....~.....> -[2018/04/05 21:39:28:0825] NOTICE: 0050: AD EF 20 44 85 5A 61 F0 71 20 BD E3 D1 4B B6 53 .. D.Za.q ...K.S -[2018/04/05 21:39:28:0825] NOTICE: 0060: 57 AA 81 E6 ED 74 36 40 E7 FC 62 24 AD E8 82 1D W....t6@..b$.... -[2018/04/05 21:39:28:0826] NOTICE: 0070: 89 C4 3D 64 6C A8 34 4B DB FB DD 7D D2 2D FB 86 ..=dl.4K...}.-.. -[2018/04/05 21:39:28:0826] NOTICE: 0080: 97 EA 6B E2 C9 39 D6 19 DE A8 90 E7 86 8F CF 0A ..k..9.......... -[2018/04/05 21:39:28:0826] NOTICE: 0090: CD 09 3C AF FB 0A FF 85 E8 93 D1 4B A0 C5 21 AD ..<........K..!. -[2018/04/05 21:39:28:0826] NOTICE: 00A0: 58 52 30 0E 4B FE 4F C8 01 B9 BD 0F D4 E4 64 7B XR0.K.O.......d{ -[2018/04/05 21:39:28:0826] NOTICE: 00B0: 04 B4 D2 68 69 8F F1 D5 FD B0 1A CE 55 43 08 B7 ...hi.......UC.. -[2018/04/05 21:39:28:0826] NOTICE: 00C0: 9F 57 0D 4E E1 CA E8 5C B4 2A 6B AB 05 B5 57 67 .W.N...\.*k...Wg -[2018/04/05 21:39:28:0826] NOTICE: 00D0: B8 FD 20 F4 4F 6B 0E 47 7C AD EB B4 99 2C 9B 53 .. .Ok.G|....,.S -[2018/04/05 21:39:28:0826] NOTICE: 00E0: DF EA 67 8D 8A 9D A7 17 01 F9 4E BD 56 43 50 53 ..g.......N.VCPS -[2018/04/05 21:39:28:0826] NOTICE: 00F0: 08 4E FE 6A 85 4A 4D 45 03 DA 01 00 96 7A C0 A9 .N.j.JME.....z.. -[2018/04/05 21:39:28:0826] NOTICE: 0100: C2 32 5E 1A 9F 6F 7B E2 02 5E 70 12 D3 8E 76 6A .2^..o{..^p...vj -[2018/04/05 21:39:28:0826] NOTICE: 0110: 0B 59 A4 D7 31 9D C6 86 08 53 2E 02 8A 1E B1 FB .Y..1....S...... -[2018/04/05 21:39:28:0826] NOTICE: 0120: 7B 02 03 01 00 01 {..... -[2018/04/05 21:39:28:0826] NOTICE: -[2018/04/05 21:39:28:0829] USER: RECEIVE_CLIENT_HTTP_READ: read 503 -[2018/04/05 21:39:28:0829] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:0829] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:0829] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -... -[2018/04/05 21:39:28:3777] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:3777] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:3778] USER: RECEIVE_CLIENT_HTTP_READ: read 503 -[2018/04/05 21:39:28:3778] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:3778] USER: RECEIVE_CLIENT_HTTP_READ: read 512 -[2018/04/05 21:39:28:3778] USER: RECEIVE_CLIENT_HTTP_READ: read 471 -[2018/04/05 21:39:28:3778] USER: LWS_CALLBACK_COMPLETED_CLIENT_HTTP -[2018/04/05 21:39:28:3787] USER: Completed -``` - - diff --git a/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c b/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c deleted file mode 100644 index 99454f1..0000000 --- a/minimal-examples/http-client/minimal-http-client-certinfo/minimal-http-client-certinfo.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * lws-minimal-http-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws. - * - * It visits https://warmcat.com/ and receives the html page there. You - * can dump the page data by changing the #if 0 below. - */ - -#include -#include -#include - -static int interrupted, bad = 1, status; -static struct lws *client_wsi; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - uint8_t buf[1280]; - union lws_tls_cert_info_results *ci = - (union lws_tls_cert_info_results *)buf; - - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - break; - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - status = lws_http_client_http_response(wsi); - lwsl_notice("lws_http_client_http_response %d\n", status); - - if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_COMMON_NAME, - ci, sizeof(buf) - sizeof(*ci))) - lwsl_notice(" Peer Cert CN : %s\n", ci->ns.name); - - if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_ISSUER_NAME, - ci, sizeof(ci->ns.name))) - lwsl_notice(" Peer Cert issuer : %s\n", ci->ns.name); - - if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_FROM, - ci, 0)) - lwsl_notice(" Peer Cert Valid from: %s", ctime(&ci->time)); - - if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_VALIDITY_TO, - ci, 0)) - lwsl_notice(" Peer Cert Valid to : %s", ctime(&ci->time)); - if (!lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_USAGE, - ci, 0)) - lwsl_notice(" Peer Cert usage bits: 0x%x\n", ci->usage); - if (!lws_tls_peer_cert_info(wsi, - LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY, - ci, sizeof(buf) - sizeof(*ci))) { - lwsl_notice(" Peer Cert public key:\n"); - lwsl_hexdump_notice(ci->ns.name, ci->ns.len); - } - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_COMPLETED_CLIENT_HTTP\n"); - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "http", - callback_http, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* - * For LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE - * - * | LLL_INFO | LLL_PARSER | LLL_HEADER | LLL_EXT | - * LLL_CLIENT | LLL_LATENCY | LLL_DEBUG - */ ; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client [<-d ] [-l] [--h1]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./warmcat.com.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - i.ssl_connection = LCCSCF_USE_SSL; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } else { - i.port = 443; - i.address = "warmcat.com"; - } - i.path = "/"; - i.host = i.address; - i.origin = i.address; - - /* force h1 even if h2 available */ - if (lws_cmdline_option(argc, argv, "--h1")) - i.alpn = "http/1.1"; - - i.method = "GET"; - - i.protocol = protocols[0].name; - i.pwsi = &client_wsi; - lws_client_connect_via_info(&i); - - while (n >= 0 && client_wsi && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); - - return bad; -} diff --git a/minimal-examples/http-client/minimal-http-client-certinfo/warmcat.com.cer b/minimal-examples/http-client/minimal-http-client-certinfo/warmcat.com.cer deleted file mode 100644 index 550393d..0000000 --- a/minimal-examples/http-client/minimal-http-client-certinfo/warmcat.com.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCBDigAwIBAgISA4mJfIm3iCGbU9+o8YQa+4nUMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5MjNaFw0x -OTEyMDYwNzA5MjNaMBYxFDASBgNVBAMTC3dhcm1jYXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnEoH9JW3GvpadpxHGZPb5wv1Q6KfAIMWtdq -YCOfotFxaYULuzHVxmrTTgmEqJr+eBqUBkXKmGuRR/9UipOmTu5j02qFyWHotFdF -ZGyp//8z+Rle9Qt1nL68oNIZLDtWkybh5x00b1uo4eyEszXUaa0aLqKP3lH7Q4jI -aSVARZ8snrJR640Gp3ByudvNTYkGz469bpWzRC/8wSNtzzY02DvHs1GxQx9tMXw+ -BbtUxeP7lpYFKEFBjgZaIKLv+4g8ItJIuO7gMSzG2JfpQHxdhrlhxpx7dsaMUcyM -nnYXysNL5JG3KEMhkxbtdpCaEQ8jLSPbl/rnF/+mgce+lSjMuQIDAQABo4ICYjCC -Al4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI9ai12zLFeNTEDHKI9Ghkqcpa2TAf -BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw -LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw -LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv -MBYGA1UdEQQPMA2CC3dhcm1jYXQuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAY/Lbzeg7zCzPC3KEJ1dr -M6SNYXePvXWmOLHHaFRL2I0AAAFtCsVHHAAABAMASDBGAiEAy0q1cR4VwPL3iviL -cBWN67kjJRXk+DwhodmeoM3kb3gCIQC2soAHFs0Umo+0RNdFrL41+hMuidh2cXbb -Ovc6nh5tOQB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAABbQrF -R48AAAQDAEgwRgIhANqKQm4t9by263CJ7/DLOaZCjtcK29KgJjPwhv08UMn1AiEA -h35nGTASR8/E7xz+56ZUleqD7U1ABFgWZRZskIzsFO8wDQYJKoZIhvcNAQELBQAD -ggEBADDJBVbKe2LPHmi8k2vxErB3Y0Ty+3gwgPEXKYtEvQ7tos89eE+QmOXAzH5J -GwRarFf7kzmKeJv04tMebiEtshpap47oJfxCxfrtpja8hP8Cdu/v/Ae6eEzu3yet -0N08GJdxQKfgCFaoGUptbaF2RCIZS12SVcX4TPpdP+xaiZdmIx4dGM6tReQ8+y8B -10b4Hi2+d/zW0W1z6+FAemU6yleWriJDUik5oas9XZF5LAAMDb/WgF5eIB6P9CUG -LuAO8lWlk9nBgXvMLTxZ74SJb17H4kFEIrIjvABNshz5gBW8xw9nfr5YIfANtwEj -BDsq06Df3UORYVs/j3T97gPAEZ4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-client/minimal-http-client-custom-headers/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client-custom-headers/CMakeLists.txt deleted file mode 100644 index a81d45d..0000000 --- a/minimal-examples/http-client/minimal-http-client-custom-headers/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client-custom-headers) -set(SRCS minimal-http-client-custom-headers.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-client/minimal-http-client-custom-headers/README.md b/minimal-examples/http-client/minimal-http-client-custom-headers/README.md deleted file mode 100644 index ac49a87..0000000 --- a/minimal-examples/http-client/minimal-http-client-custom-headers/README.md +++ /dev/null @@ -1,45 +0,0 @@ -# lws minimal http client custom headers - -This http client application shows how to send and receive custom headers. - -This currently only works on http 1, so the app forces that even if h2 enables. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --l| Connect to https://localhost:7681 and accept selfsigned cert --n|no TLS - -The app looks for a custom header "test-custom-header" sent by warmcat.com. - -``` - $ ./lws-minimal-http-client-custom-headers -[2019/03/11 05:46:45:7582] USER: LWS minimal http client Custom Headers [-d] [-l] [--h1] -[2019/03/11 05:46:45:7671] NOTICE: created client ssl context for default -[2019/03/11 05:46:46:7812] USER: Connected with server response: 200 -[2019/03/11 05:46:46:7812] NOTICE: callback_http: custom header: 'hello' -[2019/03/11 05:46:46:7814] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -... -``` -You can use the -n and -l to make this test app connect to localhost:7681 over http, -and confirm the "dnt:1" header was sent either by tcpdump or by running the test -server on :7681 with -d1151 - -``` -[2019/03/11 05:48:53:6806] PARSER: WSI_TOKEN_NAME_PART 'd' 0x64 (role=0x20000000) wsi->lextable_pos=0 -[2019/03/11 05:48:53:6807] PARSER: WSI_TOKEN_NAME_PART 'n' 0x6E (role=0x20000000) wsi->lextable_pos=567 -[2019/03/11 05:48:53:6807] PARSER: WSI_TOKEN_NAME_PART 't' 0x74 (role=0x20000000) wsi->lextable_pos=-1 -[2019/03/11 05:48:53:6807] PARSER: WSI_TOKEN_NAME_PART ' ' 0x20 (role=0x20000000) wsi->lextable_pos=-1 -[2019/03/11 05:48:53:6807] PARSER: WSI_TOKEN_NAME_PART '1' 0x31 (role=0x20000000) wsi->lextable_pos=-1 -' 0x0D (role=0x20000000) wsi->lextable_pos=-1NAME_PART ' -[2019/03/11 05:48:53:6807] PARSER: WSI_TOKEN_NAME_PART ' -``` - diff --git a/minimal-examples/http-client/minimal-http-client-custom-headers/minimal-http-client-custom-headers.c b/minimal-examples/http-client/minimal-http-client-custom-headers/minimal-http-client-custom-headers.c deleted file mode 100644 index 377d970..0000000 --- a/minimal-examples/http-client/minimal-http-client-custom-headers/minimal-http-client-custom-headers.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * lws-minimal-http-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws. - * - * It visits https://warmcat.com/ and receives the html page there. You - * can dump the page data by changing the #if 0 below. - */ - -#include -#include -#include - -static int interrupted, bad = 1, status; -static struct lws *client_wsi; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - char val[32]; - int n; - - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - break; - - case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: - { - unsigned char **p = (unsigned char **)in, *end = (*p) + len; - - /* - * How to send a custom header in the request to the server - */ - - if (lws_add_http_header_by_name(wsi, - (const unsigned char *)"dnt", - (const unsigned char *)"1", 1, p, end)) - return -1; - break; - } - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - status = lws_http_client_http_response(wsi); - lwsl_user("Connected with server response: %d\n", status); - - /* - * How to query custom headers (http 1.x only at the momemnt) - * - * warmcat.com sends a custom header "test-custom-header" for - * testing, it has the fixed value "hello". - */ - - n = lws_hdr_custom_length(wsi, "test-custom-header:", 19); - if (n < 0) - lwsl_notice("%s: Can't find test-custom-header\n", - __func__); - else { - if (lws_hdr_custom_copy(wsi, val, sizeof(val), - "test-custom-header:", 19) < 0) - lwsl_notice("%s: custom header too long\n", - __func__); - else - lwsl_notice("%s: custom header: '%s'\n", - __func__, val); - } - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_COMPLETED_CLIENT_HTTP\n"); - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "http", - callback_http, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* - * For LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE - * - * | LLL_INFO | LLL_PARSER | LLL_HEADER | LLL_EXT | - * LLL_CLIENT | LLL_LATENCY | LLL_DEBUG - */ ; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client Custom Headers [-d] [-l] [--h1]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./warmcat.com.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - - if (!lws_cmdline_option(argc, argv, "-n")) - i.ssl_connection = LCCSCF_USE_SSL; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } else { - i.port = 443; - i.address = "warmcat.com"; - } - - /* currently custom headers receive only works with h1 */ - i.alpn = "http/1.1"; - - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.method = "GET"; - - i.protocol = protocols[0].name; - i.pwsi = &client_wsi; - lws_client_connect_via_info(&i); - - while (n >= 0 && client_wsi && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); - - return bad; -} diff --git a/minimal-examples/http-client/minimal-http-client-custom-headers/warmcat.com.cer b/minimal-examples/http-client/minimal-http-client-custom-headers/warmcat.com.cer deleted file mode 100644 index 550393d..0000000 --- a/minimal-examples/http-client/minimal-http-client-custom-headers/warmcat.com.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCBDigAwIBAgISA4mJfIm3iCGbU9+o8YQa+4nUMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5MjNaFw0x -OTEyMDYwNzA5MjNaMBYxFDASBgNVBAMTC3dhcm1jYXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnEoH9JW3GvpadpxHGZPb5wv1Q6KfAIMWtdq -YCOfotFxaYULuzHVxmrTTgmEqJr+eBqUBkXKmGuRR/9UipOmTu5j02qFyWHotFdF -ZGyp//8z+Rle9Qt1nL68oNIZLDtWkybh5x00b1uo4eyEszXUaa0aLqKP3lH7Q4jI -aSVARZ8snrJR640Gp3ByudvNTYkGz469bpWzRC/8wSNtzzY02DvHs1GxQx9tMXw+ -BbtUxeP7lpYFKEFBjgZaIKLv+4g8ItJIuO7gMSzG2JfpQHxdhrlhxpx7dsaMUcyM -nnYXysNL5JG3KEMhkxbtdpCaEQ8jLSPbl/rnF/+mgce+lSjMuQIDAQABo4ICYjCC -Al4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI9ai12zLFeNTEDHKI9Ghkqcpa2TAf -BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw -LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw -LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv -MBYGA1UdEQQPMA2CC3dhcm1jYXQuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAY/Lbzeg7zCzPC3KEJ1dr -M6SNYXePvXWmOLHHaFRL2I0AAAFtCsVHHAAABAMASDBGAiEAy0q1cR4VwPL3iviL -cBWN67kjJRXk+DwhodmeoM3kb3gCIQC2soAHFs0Umo+0RNdFrL41+hMuidh2cXbb -Ovc6nh5tOQB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAABbQrF -R48AAAQDAEgwRgIhANqKQm4t9by263CJ7/DLOaZCjtcK29KgJjPwhv08UMn1AiEA -h35nGTASR8/E7xz+56ZUleqD7U1ABFgWZRZskIzsFO8wDQYJKoZIhvcNAQELBQAD -ggEBADDJBVbKe2LPHmi8k2vxErB3Y0Ty+3gwgPEXKYtEvQ7tos89eE+QmOXAzH5J -GwRarFf7kzmKeJv04tMebiEtshpap47oJfxCxfrtpja8hP8Cdu/v/Ae6eEzu3yet -0N08GJdxQKfgCFaoGUptbaF2RCIZS12SVcX4TPpdP+xaiZdmIx4dGM6tReQ8+y8B -10b4Hi2+d/zW0W1z6+FAemU6yleWriJDUik5oas9XZF5LAAMDb/WgF5eIB6P9CUG -LuAO8lWlk9nBgXvMLTxZ74SJb17H4kFEIrIjvABNshz5gBW8xw9nfr5YIfANtwEj -BDsq06Df3UORYVs/j3T97gPAEZ4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-client/minimal-http-client-hugeurl/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client-hugeurl/CMakeLists.txt deleted file mode 100644 index 22a3011..0000000 --- a/minimal-examples/http-client/minimal-http-client-hugeurl/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client-hugeurl) -set(SRCS minimal-http-client-hugeurl.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-client/minimal-http-client-hugeurl/README.md b/minimal-examples/http-client/minimal-http-client-hugeurl/README.md deleted file mode 100644 index 6a7d06d..0000000 --- a/minimal-examples/http-client/minimal-http-client-hugeurl/README.md +++ /dev/null @@ -1,52 +0,0 @@ -# lws minimal http client hugeurl - -## build - -``` - $ cmake . && make -``` - -## usage - -The application goes to https://warmcat.com/?fakeparam=<2KB> and receives the page data. - -``` - $ ./lws-minimal-http-client -[2018/03/04 14:43:20:8562] USER: LWS minimal http client hugeurl -[2018/03/04 14:43:20:8571] NOTICE: Creating Vhost 'default' port -1, 1 protocols, IPv6 on -[2018/03/04 14:43:20:8616] NOTICE: created client ssl context for default -[2018/03/04 14:43:20:8617] NOTICE: lws_client_connect_2: 0x1814dc0: address warmcat.com -[2018/03/04 14:43:21:1496] NOTICE: lws_client_connect_2: 0x1814dc0: address warmcat.com -[2018/03/04 14:43:22:0154] NOTICE: lws_client_interpret_server_handshake: incoming content length 26520 -[2018/03/04 14:43:22:0154] NOTICE: lws_client_interpret_server_handshake: client connection up -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3022] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3022] USER: RECEIVE_CLIENT_HTTP_READ: read 974 -[2018/03/04 14:43:22:3022] NOTICE: lws_http_client_read: transaction completed says -1 -[2018/03/04 14:43:23:3042] USER: Completed -``` - - diff --git a/minimal-examples/http-client/minimal-http-client-hugeurl/minimal-http-client-hugeurl.c b/minimal-examples/http-client/minimal-http-client-hugeurl/minimal-http-client-hugeurl.c deleted file mode 100644 index 174ddb9..0000000 --- a/minimal-examples/http-client/minimal-http-client-hugeurl/minimal-http-client-hugeurl.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * lws-minimal-http-client hugeurl - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws. - * - * It visits https://warmcat.com/?fakeparam=<2KB> and receives the html - * page there. You can dump the page data by changing the #if 0 below. - */ - -#include -#include -#include - -static int interrupted, bad = 1, status; -static struct lws *client_wsi; - -static const char * const uri = - "/?fakeparam=" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000" /* 500 */ - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" - "11111111111111111111111111111111111111111111111111" /* 1000 */ - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" - "22222222222222222222222222222222222222222222222222" /* 1500 */ - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" - "33333333333333333333333333333333333333333333333333" /* 2000 */ -; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - break; - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - status = lws_http_client_http_response(wsi); - lwsl_user("Connected with server response: %d\n", status); - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "http", - callback_http, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - signal(SIGINT, sigint_handler); - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client hugeurl [-d ] [-l] [--h1]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./warmcat.com.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - i.ssl_connection = LCCSCF_USE_SSL; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } else { - i.port = 443; - i.address = "warmcat.com"; - } - - if (lws_cmdline_option(argc, argv, "--h1")) - i.alpn = "http/1.1"; - - i.path = uri; - i.host = i.address; - i.origin = i.address; - i.method = "GET"; - i.protocol = protocols[0].name; - i.pwsi = &client_wsi; - - lws_client_connect_via_info(&i); - - while (n >= 0 && client_wsi && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed: %s\n", bad? "failed": "OK"); - - return bad; -} diff --git a/minimal-examples/http-client/minimal-http-client-hugeurl/selftest.sh b/minimal-examples/http-client/minimal-http-client-hugeurl/selftest.sh deleted file mode 100755 index 2da54b6..0000000 --- a/minimal-examples/http-client/minimal-http-client-hugeurl/selftest.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=6 - -dotest $1 $2 warmcat -dotest $1 $2 warmcat-h1 --h1 - -spawn "" $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost -l -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1 -l --h1 -kill $SPID 2>/dev/null -wait $SPID 2>/dev/null - - -if [ -z "$TRAVIS_OS_NAME" ] ; then - SPID="" - spawn "" $5/http-server/minimal-http-server-eventlib $1/lws-minimal-http-server-eventlib --uv -s - dotest $1 $2 localhost-suv -l - spawn $SPID $5/http-server/minimal-http-server-eventlib $1/lws-minimal-http-server-eventlib --uv -s - dotest $1 $2 localhost-suv-h1 -l --h1 - - kill $SPID 2>/dev/null - wait $SPID 2>/dev/null -fi - -exit $FAILS - - diff --git a/minimal-examples/http-client/minimal-http-client-hugeurl/warmcat.com.cer b/minimal-examples/http-client/minimal-http-client-hugeurl/warmcat.com.cer deleted file mode 100644 index 550393d..0000000 --- a/minimal-examples/http-client/minimal-http-client-hugeurl/warmcat.com.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCBDigAwIBAgISA4mJfIm3iCGbU9+o8YQa+4nUMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5MjNaFw0x -OTEyMDYwNzA5MjNaMBYxFDASBgNVBAMTC3dhcm1jYXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnEoH9JW3GvpadpxHGZPb5wv1Q6KfAIMWtdq -YCOfotFxaYULuzHVxmrTTgmEqJr+eBqUBkXKmGuRR/9UipOmTu5j02qFyWHotFdF -ZGyp//8z+Rle9Qt1nL68oNIZLDtWkybh5x00b1uo4eyEszXUaa0aLqKP3lH7Q4jI -aSVARZ8snrJR640Gp3ByudvNTYkGz469bpWzRC/8wSNtzzY02DvHs1GxQx9tMXw+ -BbtUxeP7lpYFKEFBjgZaIKLv+4g8ItJIuO7gMSzG2JfpQHxdhrlhxpx7dsaMUcyM -nnYXysNL5JG3KEMhkxbtdpCaEQ8jLSPbl/rnF/+mgce+lSjMuQIDAQABo4ICYjCC -Al4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI9ai12zLFeNTEDHKI9Ghkqcpa2TAf -BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw -LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw -LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv -MBYGA1UdEQQPMA2CC3dhcm1jYXQuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAY/Lbzeg7zCzPC3KEJ1dr -M6SNYXePvXWmOLHHaFRL2I0AAAFtCsVHHAAABAMASDBGAiEAy0q1cR4VwPL3iviL -cBWN67kjJRXk+DwhodmeoM3kb3gCIQC2soAHFs0Umo+0RNdFrL41+hMuidh2cXbb -Ovc6nh5tOQB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAABbQrF -R48AAAQDAEgwRgIhANqKQm4t9by263CJ7/DLOaZCjtcK29KgJjPwhv08UMn1AiEA -h35nGTASR8/E7xz+56ZUleqD7U1ABFgWZRZskIzsFO8wDQYJKoZIhvcNAQELBQAD -ggEBADDJBVbKe2LPHmi8k2vxErB3Y0Ty+3gwgPEXKYtEvQ7tos89eE+QmOXAzH5J -GwRarFf7kzmKeJv04tMebiEtshpap47oJfxCxfrtpja8hP8Cdu/v/Ae6eEzu3yet -0N08GJdxQKfgCFaoGUptbaF2RCIZS12SVcX4TPpdP+xaiZdmIx4dGM6tReQ8+y8B -10b4Hi2+d/zW0W1z6+FAemU6yleWriJDUik5oas9XZF5LAAMDb/WgF5eIB6P9CUG -LuAO8lWlk9nBgXvMLTxZ74SJb17H4kFEIrIjvABNshz5gBW8xw9nfr5YIfANtwEj -BDsq06Df3UORYVs/j3T97gPAEZ4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-client/minimal-http-client-multi/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client-multi/CMakeLists.txt deleted file mode 100644 index be0314e..0000000 --- a/minimal-examples/http-client/minimal-http-client-multi/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client-multi) -set(SRCS minimal-http-client-multi.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-client/minimal-http-client-multi/README.md b/minimal-examples/http-client/minimal-http-client-multi/README.md deleted file mode 100644 index 7eaac9d..0000000 --- a/minimal-examples/http-client/minimal-http-client-multi/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# lws minimal http client multi - -## build - -``` - $ cmake . && make -``` - -## usage - -The application goes to https://warmcat.com and receives the page data -same as minimal http client. - -However it does it for 8 client connections concurrently. - -## Commandline Options - -Option|Meaning ----|--- --s|Stagger the connections by 100ms, the last by 1s --p|Use http/1.1 pipelining or h2 simultaneous streams ---h1|Force http/1 only --l|Connect to server on https://localhost:7681 instead of https://warmcat.com:443 --n|Read numbered files like /1.png, /2.png etc. Default is just read / - diff --git a/minimal-examples/http-client/minimal-http-client-multi/minimal-http-client-multi.c b/minimal-examples/http-client/minimal-http-client-multi/minimal-http-client-multi.c deleted file mode 100644 index de348f6..0000000 --- a/minimal-examples/http-client/minimal-http-client-multi/minimal-http-client-multi.c +++ /dev/null @@ -1,343 +0,0 @@ -/* - * lws-minimal-http-client-multi - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws, which makes - * 8 downloads simultaneously from warmcat.com. - * - * Currently that takes the form of 8 individual simultaneous tcp and - * tls connections, which happen concurrently. Notice that the ordering - * of the returned payload may be intermingled for the various connections. - * - * By default the connections happen all together at the beginning and operate - * concurrently, which is fast. However this is resource-intenstive, there are - * 8 tcp connections, 8 tls tunnels on both the client and server. You can - * instead opt to have the connections happen one after the other inside a - * single tcp connection and tls tunnel, using HTTP/1.1 pipelining. To be - * eligible to be pipelined on another existing connection to the same server, - * the client connection must have the LCCSCF_PIPELINE flag on its - * info.ssl_connection member (this is independent of whether the connection - * is in ssl mode or not). - * - * HTTP/1.0: Pipelining only possible if Keep-Alive: yes sent by server - * HTTP/1.1: always possible... serializes requests - * HTTP/2: always possible... all requests sent as individual streams in parallel - */ - -#include -#include -#include -#include -#include - -#define COUNT 8 - -struct user { - int index; -}; - -static int interrupted, completed, failed, numbered, stagger_idx; -static struct lws *client_wsi[COUNT]; -static struct user user[COUNT]; -static lws_sorted_usec_list_t sul_stagger; -static struct lws_client_connect_info i; -struct lws_context *context; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct user *u = (struct user *)user; - - switch (reason) { - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: resp %u\n", - lws_http_client_http_response(wsi)); - break; - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi[u->index] = NULL; - failed++; - if (++completed == COUNT) { - lwsl_err("Done: failed: %d\n", failed); - interrupted = 1; - } - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: conn %d: read %d\n", - u->index, (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_COMPLETED_CLIENT_HTTP %p: idx %d\n", - wsi, u->index); - client_wsi[u->index] = NULL; - if (++completed == COUNT) { - if (!failed) - lwsl_user("Done: all OK\n"); - else - lwsl_err("Done: failed: %d\n", failed); - interrupted = 1; - /* so we exit immediately */ - lws_cancel_service(lws_get_context(wsi)); - } - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - if (u && client_wsi[u->index]) { - /* - * If it completed normally, it will have been set to - * NULL then already. So we are dealing with an - * abnormal, failing, close - */ - client_wsi[u->index] = NULL; - failed++; - if (++completed == COUNT) { - lwsl_err("Done: failed: %d\n", failed); - interrupted = 1; - } - } - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { "http", callback_http, 0, 0, }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -#if defined(WIN32) -int gettimeofday(struct timeval * tp, struct timezone * tzp) -{ - // Note: some broken versions only have 8 trailing zero's, the correct epoch has 9 trailing zero's - // This magic number is the number of 100 nanosecond intervals since January 1, 1601 (UTC) - // until 00:00:00 January 1, 1970 - static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL); - - SYSTEMTIME system_time; - FILETIME file_time; - uint64_t time; - - GetSystemTime( &system_time ); - SystemTimeToFileTime( &system_time, &file_time ); - time = ((uint64_t)file_time.dwLowDateTime ) ; - time += ((uint64_t)file_time.dwHighDateTime) << 32; - - tp->tv_sec = (long) ((time - EPOCH) / 10000000L); - tp->tv_usec = (long) (system_time.wMilliseconds * 1000); - return 0; -} -#endif - -unsigned long long us(void) -{ - struct timeval t; - - gettimeofday(&t, NULL); - - return (t.tv_sec * 1000000ull) + t.tv_usec; -} - -static void -lws_try_client_connection(struct lws_client_connect_info *i, int m) -{ - char path[128]; - - if (numbered) { - lws_snprintf(path, sizeof(path), "/%d.png", m + 1); - i->path = path; - } else - i->path = "/"; - - i->pwsi = &client_wsi[m]; - user[m].index = m; - i->userdata = &user[m]; - - if (!lws_client_connect_via_info(i)) { - failed++; - if (++completed == COUNT) { - lwsl_user("Done: failed: %d\n", failed); - interrupted = 1; - } - } else - lwsl_user("started connection %p: idx %d (%s)\n", - client_wsi[m], m, i->path); -} - -static void -stagger_cb(lws_sorted_usec_list_t *sul) -{ - lws_usec_t next; - - /* - * open the connections at 100ms intervals, with the - * last one being after 1s, testing both queuing, and - * direct H2 stream addition stability - */ - lws_try_client_connection(&i, stagger_idx++); - - if (stagger_idx == (int)LWS_ARRAY_SIZE(client_wsi)) - return; - - next = 300 * LWS_US_PER_MS; - if (stagger_idx == (int)LWS_ARRAY_SIZE(client_wsi) - 1) - next += 700 * LWS_US_PER_MS; - - lws_sul_schedule(context, 0, &sul_stagger, stagger_cb, next); -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - unsigned long long start; - const char *p; - int n = 0, m, staggered = 0, logs = - LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - - staggered = !!lws_cmdline_option(argc, argv, "-s"); - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client [-s (staggered)] [-p (pipeline)]\n"); - lwsl_user(" [--h1 (http/1 only)] [-l (localhost)] [-d ]\n"); - lwsl_user(" [-n (numbered)]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * COUNT client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and COUNT + 1 (allowing for h2 - * network wsi) that we will use. - */ - info.fd_limit_per_thread = 1 + COUNT + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./warmcat.com.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - i.context = context; - i.ssl_connection = LCCSCF_USE_SSL; - - /* enables h1 or h2 connection sharing */ - if (lws_cmdline_option(argc, argv, "-p")) - i.ssl_connection |= LCCSCF_PIPELINE; - - /* force h1 even if h2 available */ - if (lws_cmdline_option(argc, argv, "--h1")) - i.alpn = "http/1.1"; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } else { - i.port = 443; - i.address = "warmcat.com"; - } - - if (lws_cmdline_option(argc, argv, "-n")) - numbered = 1; - - if ((p = lws_cmdline_option(argc, argv, "--port"))) - i.port = atoi(p); - - i.host = i.address; - i.origin = i.address; - i.method = "GET"; - i.protocol = protocols[0].name; - - if (!staggered) - /* - * just pile on all the connections at once, testing the - * pipeline queuing before the first is connected - */ - for (m = 0; m < (int)LWS_ARRAY_SIZE(client_wsi); m++) - lws_try_client_connection(&i, m); - else - /* - * delay the connections slightly - */ - lws_sul_schedule(context, 0, &sul_stagger, stagger_cb, - 100 * LWS_US_PER_MS); - - start = us(); - m = 0; - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lwsl_user("Duration: %lldms\n", (us() - start) / 1000); - lws_context_destroy(context); - - lwsl_user("Exiting with %d\n", failed || completed != COUNT); - - return failed || completed != COUNT; -} diff --git a/minimal-examples/http-client/minimal-http-client-multi/selftest.sh b/minimal-examples/http-client/minimal-http-client-multi/selftest.sh deleted file mode 100755 index 49d61a1..0000000 --- a/minimal-examples/http-client/minimal-http-client-multi/selftest.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=16 - -dotest $1 $2 warmcat -dotest $1 $2 warmcat-pipe -p -dotest $1 $2 warmcat-h1 --h1 -dotest $1 $2 warmcat-h1-pipe --h1 -p -dotest $1 $2 warmcat-stag -s -dotest $1 $2 warmcat-pipe-stag -p -s -dotest $1 $2 warmcat-h1-stag --h1 -s -dotest $1 $2 warmcat-h1-pipe-stag --h1 -p -s - -spawn "" $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost -l -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-pipe -l -p -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1 -l --h1 -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1-pipe -l --h1 -p -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-stag -l -s -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-pipe-stag -l -p -s -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1-stag -l --h1 -s -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1-pipe-stag -l --h1 -p -s - -kill $SPID 2>/dev/null -wait $SPID 2>/dev/null -exit $FAILS - diff --git a/minimal-examples/http-client/minimal-http-client-multi/warmcat.com.cer b/minimal-examples/http-client/minimal-http-client-multi/warmcat.com.cer deleted file mode 100644 index 550393d..0000000 --- a/minimal-examples/http-client/minimal-http-client-multi/warmcat.com.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCBDigAwIBAgISA4mJfIm3iCGbU9+o8YQa+4nUMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5MjNaFw0x -OTEyMDYwNzA5MjNaMBYxFDASBgNVBAMTC3dhcm1jYXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnEoH9JW3GvpadpxHGZPb5wv1Q6KfAIMWtdq -YCOfotFxaYULuzHVxmrTTgmEqJr+eBqUBkXKmGuRR/9UipOmTu5j02qFyWHotFdF -ZGyp//8z+Rle9Qt1nL68oNIZLDtWkybh5x00b1uo4eyEszXUaa0aLqKP3lH7Q4jI -aSVARZ8snrJR640Gp3ByudvNTYkGz469bpWzRC/8wSNtzzY02DvHs1GxQx9tMXw+ -BbtUxeP7lpYFKEFBjgZaIKLv+4g8ItJIuO7gMSzG2JfpQHxdhrlhxpx7dsaMUcyM -nnYXysNL5JG3KEMhkxbtdpCaEQ8jLSPbl/rnF/+mgce+lSjMuQIDAQABo4ICYjCC -Al4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI9ai12zLFeNTEDHKI9Ghkqcpa2TAf -BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw -LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw -LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv -MBYGA1UdEQQPMA2CC3dhcm1jYXQuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAY/Lbzeg7zCzPC3KEJ1dr -M6SNYXePvXWmOLHHaFRL2I0AAAFtCsVHHAAABAMASDBGAiEAy0q1cR4VwPL3iviL -cBWN67kjJRXk+DwhodmeoM3kb3gCIQC2soAHFs0Umo+0RNdFrL41+hMuidh2cXbb -Ovc6nh5tOQB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAABbQrF -R48AAAQDAEgwRgIhANqKQm4t9by263CJ7/DLOaZCjtcK29KgJjPwhv08UMn1AiEA -h35nGTASR8/E7xz+56ZUleqD7U1ABFgWZRZskIzsFO8wDQYJKoZIhvcNAQELBQAD -ggEBADDJBVbKe2LPHmi8k2vxErB3Y0Ty+3gwgPEXKYtEvQ7tos89eE+QmOXAzH5J -GwRarFf7kzmKeJv04tMebiEtshpap47oJfxCxfrtpja8hP8Cdu/v/Ae6eEzu3yet -0N08GJdxQKfgCFaoGUptbaF2RCIZS12SVcX4TPpdP+xaiZdmIx4dGM6tReQ8+y8B -10b4Hi2+d/zW0W1z6+FAemU6yleWriJDUik5oas9XZF5LAAMDb/WgF5eIB6P9CUG -LuAO8lWlk9nBgXvMLTxZ74SJb17H4kFEIrIjvABNshz5gBW8xw9nfr5YIfANtwEj -BDsq06Df3UORYVs/j3T97gPAEZ4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-client/minimal-http-client-post/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client-post/CMakeLists.txt deleted file mode 100644 index 9fe8d51..0000000 --- a/minimal-examples/http-client/minimal-http-client-post/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client-post) -set(SRCS minimal-http-client-post.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-client/minimal-http-client-post/README.md b/minimal-examples/http-client/minimal-http-client-post/README.md deleted file mode 100644 index 9a7ff28..0000000 --- a/minimal-examples/http-client/minimal-http-client-post/README.md +++ /dev/null @@ -1,74 +0,0 @@ -# lws minimal http client POST - -This example demonstrates a multipart POST to - -https://libwebsockets.org/testserver/formtest - -setting both a form variable and uploading a -short file. - -The result of the POST form processing is captured -and displayed in a hexdump. - -This is programmatically POSTing to the same -form you can access at - -https://libwebsockets.org/testserver - -in the "POST" tab with file upload. - -By default the client action occurs using http/2 if -your lws was built with `-DLWS_WITH_HTTP2=1`. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-client-post -[2018/04/03 13:13:10:7891] USER: LWS minimal http client - POST -[2018/04/03 13:13:10:7905] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 on -[2018/04/03 13:13:10:7984] NOTICE: created client ssl context for default -[2018/04/03 13:13:12:8444] USER: LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER -[2018/04/03 13:13:12:8444] USER: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE -[2018/04/03 13:13:12:8445] USER: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE -[2018/04/03 13:13:12:8445] USER: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE -[2018/04/03 13:13:13:1437] USER: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE -[2018/04/03 13:13:13:1440] USER: LWS_CALLBACK_CLIENT_HTTP_WRITEABLE -[2018/04/03 13:13:13:1440] USER: RECEIVE_CLIENT_HTTP_READ: read 402 -[2018/04/03 13:13:13:1441] NOTICE: -[2018/04/03 13:13:13:1441] NOTICE: 0000: 3C 68 74 6D 6C 3E 3C 62 6F 64 79 3E 3C 68 31 3E

-[2018/04/03 13:13:13:1441] NOTICE: 0010: 46 6F 72 6D 20 72 65 73 75 6C 74 73 20 28 61 66 Form results (af -[2018/04/03 13:13:13:1441] NOTICE: 0020: 74 65 72 20 75 72 6C 64 65 63 6F 64 69 6E 67 29 ter urldecoding) -[2018/04/03 13:13:13:1441] NOTICE: 0030: 3C 2F 68 31 3E 3C 74 61 62 6C 65 3E 3C 74 72 3E

-[2018/04/03 13:13:13:1441] NOTICE: 0040: 3C 74 64 3E 4E 61 6D 65 3C 2F 74 64 3E 3C 74 64 < -[2018/04/03 13:13:13:1441] NOTICE: 0070: 74 72 3E 3C 74 64 3E 3C 62 3E 74 65 78 74 3C 2F tr>< -[2018/04/03 13:13:13:1442] NOTICE: 00D0: 74 64 3E 4E 55 4C 4C 3C 2F 74 64 3E 3C 2F 74 72 td>NULL -[2018/04/03 13:13:13:1442] NOTICE: 0110: 3C 2F 74 72 3E 3C 74 72 3E 3C 74 64 3E 3C 62 3E < -[2018/04/03 13:13:13:1442] NOTICE: 0130: 74 64 3E 30 3C 2F 74 64 3E 3C 74 64 3E 4E 55 4C td>0
filena -[2018/04/03 13:13:13:1442] NOTICE: 0160: 6D 65 3A 3C 2F 62 3E 20 6D 79 66 69 6C 65 2E 74 me: myfile.t -[2018/04/03 13:13:13:1442] NOTICE: 0170: 78 74 2C 20 3C 62 3E 6C 65 6E 67 74 68 3C 2F 62 xt, length 44 -[2018/04/03 13:13:13:1442] NOTICE: -[2018/04/03 13:13:13:1442] USER: LWS_CALLBACK_COMPLETED_CLIENT_HTTP -[2018/04/03 13:13:13:1455] USER: Completed -``` - diff --git a/minimal-examples/http-client/minimal-http-client-post/libwebsockets.org.cer b/minimal-examples/http-client/minimal-http-client-post/libwebsockets.org.cer deleted file mode 100644 index 4a9fb35..0000000 --- a/minimal-examples/http-client/minimal-http-client-post/libwebsockets.org.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgISA9x0/oj5PLdW46hsmR82/7ytMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5NDBaFw0x -OTEyMDYwNzA5NDBaMBwxGjAYBgNVBAMTEWxpYndlYnNvY2tldHMub3JnMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPinIkleLmvEcA/YuBss6ASXVi7g -yr6Sss7cB3vTy7Fp8OB2c1N25prHZxVpORAUo0UreiaY2Ws4NFvDaYp08ZffevuC -UhThsEJlbkD0uvt7dPapJt9PNJtlxjNFWyvHEy6PijzIaMYDROiStcCJQn7kAew/ -Za2+5kNVgKqT+7OXukJEFdSdVZI6QC/npeQlkIrFSq1WVthCGBNJehxxES0hSWzk -0gNVKlkD3/SbkupsfUpe73XiawMtrtsSE7cdnul7VZmiP8I/3sJr1+4/3xZ+DEYg -mVB82B0vd08VJYzU7Nf0pz0PWusAmzRoRn81IXkOfBg9ohlSSEoZhHYS7QIDAQAB -o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmKKyGjufWgp7pR2x0tWxG -D9G+WTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB -AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw -dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw -dC5vcmcvMBwGA1UdEQQVMBOCEWxpYndlYnNvY2tldHMub3JnMEwGA1UdIARFMEMw -CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j -cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAdH7a -gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFtCsWIfgAABAMASDBGAiEA -0H55VqSKV3otHK7uHNbcR0QwoUYtCmeObhsqxzCnmDwCIQD3mtuSKrxTD3oA+Yde -nmTgWfFyS4TNgLNEPCJYo2s75gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM -9OVFR/R4AAABbQrFil4AAAQDAEYwRAIgNSpvz/1JA2aP6fh6ujGNuYfrAvWjlxXo -CJtVGe4XaDYCIGmK1/9tl1uQbVD46P5NswnULq06KQmuOrlI3HO4r86HMA0GCSqG -SIb3DQEBCwUAA4IBAQBiAlV7wkCsWE99VmZHBmcbZChWyWUHG3LM1hnaQRQjTSYk -CIlauCpWzlUd6weuvra85KqBbCYo+1hxbwITI796uAdgtHmBE8nj0VltHwKeSq2s -KKiGXBRT7Z7t0VHYSLOlGOVn1auuQFaWBArc0cQ/m1ZsoHvOiHTlKQvVsA4HnIxA -CjGY9OOQoh0c36ecbJZ44XKnU9J/OXtDx00aW6QodaZmgMp/OOCghFQUvufkgTUL -LZid873/8dJVWjAaj1VdadO1nSbdAfBbeWXy93+vg1aAoig80RoscrzYCaNlwmR7 -EO5zWxL3l+xUZogQSJuICgUgNzVB3wjn8HeHGsqt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-client/minimal-http-client-post/minimal-http-client-post.c b/minimal-examples/http-client/minimal-http-client-post/minimal-http-client-post.c deleted file mode 100644 index d6b080a..0000000 --- a/minimal-examples/http-client/minimal-http-client-post/minimal-http-client-post.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * lws-minimal-http-client-post - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws and POST. - * - * It POSTs both form data and a file to the form at - * https://libwebsockets.org/testserver/formtest and dumps - * the html page received generated by the POST handler. - */ - -#include -#include -#include - -static int interrupted, bad = 0, status, count_clients = 1, completed; -static struct lws *client_wsi[4]; - -struct pss { - char boundary[32]; - char body_part; -}; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - char buf[LWS_PRE + 1024], *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - 1]; - uint8_t **up, *uend; - uint32_t r; - int n; - - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - bad = 1; - if (++completed == count_clients) - lws_cancel_service(lws_get_context(wsi)); - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - for (n = 0; n < count_clients; n++) - if (client_wsi[n] == wsi) { - client_wsi[n] = NULL; - bad |= status != 200; - if (++completed == count_clients) - /* abort poll wait */ - lws_cancel_service(lws_get_context(wsi)); - } - break; - - /* ...callbacks related to receiving the result... */ - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - status = lws_http_client_http_response(wsi); - lwsl_user("Connected with server response: %d\n", status); - break; - - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); - lwsl_hexdump_notice(in, len); - return 0; /* don't passthru */ - - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - n = sizeof(buf) - LWS_PRE; - if (lws_http_client_read(wsi, &p, &n) < 0) - return -1; - - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_COMPLETED_CLIENT_HTTP\n"); - bad |= status != 200; - /* - * Do this to mark us as having processed the completion - * so close doesn't duplicate (with pipelining, completion != - * connection close - */ - for (n = 0; n < count_clients; n++) - if (client_wsi[n] == wsi) - client_wsi[n] = NULL; - if (++completed == count_clients) - /* abort poll wait */ - lws_cancel_service(lws_get_context(wsi)); - break; - - /* ...callbacks related to generating the POST... */ - - case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: - lwsl_user("LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER\n"); - up = (uint8_t **)in; - uend = *up + len - 1; - - /* generate a random boundary string */ - - lws_get_random(lws_get_context(wsi), &r, sizeof(r)); - lws_snprintf(pss->boundary, sizeof(pss->boundary) - 1, - "---boundary-%08x", r); - - n = lws_snprintf(buf, sizeof(buf) - 1, - "multipart/form-data; boundary=%s", pss->boundary); - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE, - (uint8_t *)buf, n, up, uend)) - return 1; - /* - * Notice because we are sending multipart/form-data we can - * usually rely on the server to understand where the form - * payload ends without having to give it an overall - * content-length (which can be troublesome to compute ahead - * of generating the data to send). - * - * Tell lws we are going to send the body next... - */ - lws_client_http_body_pending(wsi, 1); - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_CLIENT_HTTP_WRITEABLE: - lwsl_user("LWS_CALLBACK_CLIENT_HTTP_WRITEABLE\n"); - n = LWS_WRITE_HTTP; - - /* - * For a small body like this, we could prepare it in memory and - * send it all at once. But to show how to handle, eg, - * arbitrary-sized file payloads, or huge form-data fields, the - * sending is done in multiple passes through the event loop. - */ - - switch (pss->body_part++) { - case 0: - /* notice every usage of the boundary starts with -- */ - p += lws_snprintf(p, end - p, "--%s\xd\xa" - "content-disposition: " - "form-data; name=\"text\"\xd\xa" - "\xd\xa" - "my text field" - "\xd\xa", pss->boundary); - break; - case 1: - p += lws_snprintf(p, end - p, - "--%s\xd\xa" - "content-disposition: form-data; name=\"file\";" - "filename=\"myfile.txt\"\xd\xa" - "content-type: text/plain\xd\xa" - "\xd\xa" - "This is the contents of the " - "uploaded file.\xd\xa" - "\xd\xa", pss->boundary); - break; - case 2: - p += lws_snprintf(p, end - p, "--%s--\xd\xa", - pss->boundary); - lws_client_http_body_pending(wsi, 0); - /* necessary to support H2, it means we will write no - * more on this stream */ - n = LWS_WRITE_HTTP_FINAL; - break; - - default: - /* - * We can get extra callbacks here, if nothing to do, - * then do nothing. - */ - return 0; - } - - if (lws_write(wsi, (uint8_t *)start, lws_ptr_diff(p, start), n) - != lws_ptr_diff(p, start)) - return 1; - - if (n != LWS_WRITE_HTTP_FINAL) - lws_callback_on_writable(wsi); - - return 0; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "http", - callback_http, - sizeof(struct pss), - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* - * For LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE - * - * | LLL_INFO | LLL_PARSER | LLL_HEADER | LLL_EXT | - * LLL_CLIENT | LLL_LATENCY | LLL_DEBUG - */ ; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client - POST [-d] [-l] [--h1]\n"); - - if (lws_cmdline_option(argc, argv, "-m")) - count_clients = LWS_ARRAY_SIZE(client_wsi); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + count_clients + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - if (!lws_cmdline_option(argc, argv, "-l")) - info.client_ssl_ca_filepath = "./libwebsockets.org.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - i.ssl_connection = LCCSCF_USE_SSL; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - i.path = "/formtest"; - } else { - i.port = 443; - i.address = "libwebsockets.org"; - i.path = "/testserver/formtest"; - } - - i.host = i.address; - i.origin = i.address; - i.method = "POST"; - - /* force h1 even if h2 available */ - if (lws_cmdline_option(argc, argv, "--h1")) - i.alpn = "http/1.1"; - - i.protocol = protocols[0].name; - - for (n = 0; n < count_clients; n++) { - i.pwsi = &client_wsi[n]; - if (!lws_client_connect_via_info(&i)) - completed++; - } - - while (n >= 0 && completed != count_clients && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); - - return bad; -} diff --git a/minimal-examples/http-client/minimal-http-client-post/selftest.sh b/minimal-examples/http-client/minimal-http-client-post/selftest.sh deleted file mode 100755 index 2f887f2..0000000 --- a/minimal-examples/http-client/minimal-http-client-post/selftest.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=8 - -dotest $1 $2 warmcat -dotest $1 $2 warmcat-h1 --h1 -dotest $1 $2 warmcat-m -m -dotest $1 $2 warmcat-m-h1 -m --h1 - -spawn "" $5 $1/libwebsockets-test-server -s -dotest $1 $2 localhost -l -spawn $SPID $5 $1/libwebsockets-test-server -s -dotest $1 $2 localhost-h1 -l --h1 -spawn $SPID $5 $1/libwebsockets-test-server -s -dotest $1 $2 localhost-m -l -m -spawn $SPID $5 $1/libwebsockets-test-server -s -dotest $1 $2 localhost-m-h1 -l -m --h1 - -kill $SPID 2>/dev/null -wait $SPID 2>/dev/null -exit $FAILS diff --git a/minimal-examples/http-client/minimal-http-client/CMakeLists.txt b/minimal-examples/http-client/minimal-http-client/CMakeLists.txt deleted file mode 100644 index 6181371..0000000 --- a/minimal-examples/http-client/minimal-http-client/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-client) -set(SRCS minimal-http-client.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/http-client/minimal-http-client/README.md b/minimal-examples/http-client/minimal-http-client/README.md deleted file mode 100644 index 3113aa0..0000000 --- a/minimal-examples/http-client/minimal-http-client/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# lws minimal http client - -The application goes to either https://warmcat.com or -https://localhost:7681 (with `-l` option) and receives the page data. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --l| Connect to https://localhost:7681 and accept selfsigned cert ---h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it ---server |set server name to connect to --k|Apply tls option LCCSCF_ALLOW_INSECURE --j|Apply tls option LCCSCF_ALLOW_SELFSIGNED --m|Apply tls option LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK --e|Apply tls option LCCSCF_ALLOW_EXPIRED - -``` - $ ./lws-minimal-http-client -[2018/03/04 14:43:20:8562] USER: LWS minimal http client -[2018/03/04 14:43:20:8571] NOTICE: Creating Vhost 'default' port -1, 1 protocols, IPv6 on -[2018/03/04 14:43:20:8616] NOTICE: created client ssl context for default -[2018/03/04 14:43:20:8617] NOTICE: lws_client_connect_2: 0x1814dc0: address warmcat.com -[2018/03/04 14:43:21:1496] NOTICE: lws_client_connect_2: 0x1814dc0: address warmcat.com -[2018/03/04 14:43:22:0154] NOTICE: lws_client_interpret_server_handshake: incoming content length 26520 -[2018/03/04 14:43:22:0154] NOTICE: lws_client_interpret_server_handshake: client connection up -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0169] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0174] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:0179] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3010] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3015] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3020] USER: RECEIVE_CLIENT_HTTP_READ: read 1015 -[2018/03/04 14:43:22:3022] USER: RECEIVE_CLIENT_HTTP_READ: read 1024 -[2018/03/04 14:43:22:3022] USER: RECEIVE_CLIENT_HTTP_READ: read 974 -[2018/03/04 14:43:22:3022] NOTICE: lws_http_client_read: transaction completed says -1 -[2018/03/04 14:43:23:3042] USER: Completed -``` - - diff --git a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c b/minimal-examples/http-client/minimal-http-client/minimal-http-client.c deleted file mode 100644 index 54a420e..0000000 --- a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * lws-minimal-http-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal http client using lws. - * - * It visits https://warmcat.com/ and receives the html page there. You - * can dump the page data by changing the #if 0 below. - */ - -#include -#include -#include - -static int interrupted, bad = 1, status; -static struct lws *client_wsi; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - break; - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - status = lws_http_client_http_response(wsi); - lwsl_user("Connected with server response: %d\n", status); - break; - - /* chunks of chunked content, with header removed */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - lwsl_user("RECEIVE_CLIENT_HTTP_READ: read %d\n", (int)len); -#if 0 /* enable to dump the html */ - { - const char *p = in; - - while (len--) - if (*p < 0x7f) - putchar(*p++); - else - putchar('.'); - } -#endif - return 0; /* don't passthru */ - - /* uninterpreted http content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - { - char buffer[1024 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - return 0; /* don't passthru */ - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_user("LWS_CALLBACK_COMPLETED_CLIENT_HTTP\n"); - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - client_wsi = NULL; - bad = status != 200; - lws_cancel_service(lws_get_context(wsi)); /* abort poll wait */ - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "http", - callback_http, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* - * For LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE - * - * | LLL_INFO | LLL_PARSER | LLL_HEADER | LLL_EXT | - * LLL_CLIENT | LLL_LATENCY | LLL_DEBUG - */ ; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http client [-d] [-l] [--h1]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./warmcat.com.cer"; -#endif - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - if (!lws_cmdline_option(argc, argv, "-n")) - i.ssl_connection = LCCSCF_USE_SSL; - - if (lws_cmdline_option(argc, argv, "-l")) { - i.port = 7681; - i.address = "localhost"; - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } else { - i.port = 443; - i.address = "warmcat.com"; - } - - if (lws_cmdline_option(argc, argv, "--h1")) - i.alpn = "http/1.1"; - - if ((p = lws_cmdline_option(argc, argv, "-p"))) - i.port = atoi(p); - - if (lws_cmdline_option(argc, argv, "-j")) - i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - - if (lws_cmdline_option(argc, argv, "-k")) - i.ssl_connection |= LCCSCF_ALLOW_INSECURE; - - if (lws_cmdline_option(argc, argv, "-m")) - i.ssl_connection |= LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK; - - if (lws_cmdline_option(argc, argv, "-e")) - i.ssl_connection |= LCCSCF_ALLOW_EXPIRED; - - if ((p = lws_cmdline_option(argc, argv, "--server"))) - i.address = p; - - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.method = "GET"; - - i.protocol = protocols[0].name; - i.pwsi = &client_wsi; - lws_client_connect_via_info(&i); - - while (n >= 0 && client_wsi && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); - - return bad; -} diff --git a/minimal-examples/http-client/minimal-http-client/selftest.sh b/minimal-examples/http-client/minimal-http-client/selftest.sh deleted file mode 100755 index c065b44..0000000 --- a/minimal-examples/http-client/minimal-http-client/selftest.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=4 - -dotest $1 $2 warmcat -dotest $1 $2 warmcat-h1 --h1 - -spawn "" $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost -l -spawn $SPID $5/http-server/minimal-http-server-tls $1/lws-minimal-http-server-tls -dotest $1 $2 localhost-h1 -l --h1 - -kill $SPID 2>/dev/null -wait $SPID 2>/dev/null -exit $FAILS diff --git a/minimal-examples/http-client/minimal-http-client/warmcat.com.cer b/minimal-examples/http-client/minimal-http-client/warmcat.com.cer deleted file mode 100644 index 550393d..0000000 --- a/minimal-examples/http-client/minimal-http-client/warmcat.com.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFUDCCBDigAwIBAgISA4mJfIm3iCGbU9+o8YQa+4nUMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5MjNaFw0x -OTEyMDYwNzA5MjNaMBYxFDASBgNVBAMTC3dhcm1jYXQuY29tMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnEoH9JW3GvpadpxHGZPb5wv1Q6KfAIMWtdq -YCOfotFxaYULuzHVxmrTTgmEqJr+eBqUBkXKmGuRR/9UipOmTu5j02qFyWHotFdF -ZGyp//8z+Rle9Qt1nL68oNIZLDtWkybh5x00b1uo4eyEszXUaa0aLqKP3lH7Q4jI -aSVARZ8snrJR640Gp3ByudvNTYkGz469bpWzRC/8wSNtzzY02DvHs1GxQx9tMXw+ -BbtUxeP7lpYFKEFBjgZaIKLv+4g8ItJIuO7gMSzG2JfpQHxdhrlhxpx7dsaMUcyM -nnYXysNL5JG3KEMhkxbtdpCaEQ8jLSPbl/rnF/+mgce+lSjMuQIDAQABo4ICYjCC -Al4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD -AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSI9ai12zLFeNTEDHKI9Ghkqcpa2TAf -BgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRjMGEw -LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5vcmcw -LwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5vcmcv -MBYGA1UdEQQPMA2CC3dhcm1jYXQuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG -CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 -cHQub3JnMIIBBgYKKwYBBAHWeQIEAgSB9wSB9ADyAHcAY/Lbzeg7zCzPC3KEJ1dr -M6SNYXePvXWmOLHHaFRL2I0AAAFtCsVHHAAABAMASDBGAiEAy0q1cR4VwPL3iviL -cBWN67kjJRXk+DwhodmeoM3kb3gCIQC2soAHFs0Umo+0RNdFrL41+hMuidh2cXbb -Ovc6nh5tOQB3AOJpS64m6OlACeiGG7Y7g9Q+5/50iPukjyiTAZ3d8dv+AAABbQrF -R48AAAQDAEgwRgIhANqKQm4t9by263CJ7/DLOaZCjtcK29KgJjPwhv08UMn1AiEA -h35nGTASR8/E7xz+56ZUleqD7U1ABFgWZRZskIzsFO8wDQYJKoZIhvcNAQELBQAD -ggEBADDJBVbKe2LPHmi8k2vxErB3Y0Ty+3gwgPEXKYtEvQ7tos89eE+QmOXAzH5J -GwRarFf7kzmKeJv04tMebiEtshpap47oJfxCxfrtpja8hP8Cdu/v/Ae6eEzu3yet -0N08GJdxQKfgCFaoGUptbaF2RCIZS12SVcX4TPpdP+xaiZdmIx4dGM6tReQ8+y8B -10b4Hi2+d/zW0W1z6+FAemU6yleWriJDUik5oas9XZF5LAAMDb/WgF5eIB6P9CUG -LuAO8lWlk9nBgXvMLTxZ74SJb17H4kFEIrIjvABNshz5gBW8xw9nfr5YIfANtwEj -BDsq06Df3UORYVs/j3T97gPAEZ4= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/README.md b/minimal-examples/http-server/README.md deleted file mode 100644 index a6d0b8e..0000000 --- a/minimal-examples/http-server/README.md +++ /dev/null @@ -1,24 +0,0 @@ -|Example|Demonstrates| ----|--- -minimal-http-server-basicauth|Shows how to protect a mount using a password file and basic auth -minimal-http-server-custom-headers|Shows how to query custom headers that lws doesn't already know -minimal-http-server-deaddrop|Shows how to use the deaddrop drag and drop file upload + sharing plugin -minimal-http-server-dynamic|Serves both static and dynamically generated http content -minimal-http-server-eventlib-foreign|Demonstrates integrating lws with a foreign event library -minimal-http-server-eventlib-demos|Using the demo plugins with event libraries -minimal-http-server-eventlib|Same as minimal-http-server but works with a supported event library -minimal-http-server-form-get|Process a GET form -minimal-http-server-form-post-file|Process a multipart POST form with file transfer -minimal-http-server-form-post|Process a POST form (no file transfer) -minimal-http-server-fulltext-search|Demonstrates using lws Fulltext Search -minimal-http-server-mimetypes|Shows how to add support for additional mimetypes at runtime -minimal-http-server-multivhost|Same as minimal-http-server but three different vhosts -minimal-http-server-proxy|Reverse Proxy -minimal-http-server-smp|Multiple service threads -minimal-http-server-sse-ring|Server Side Events with ringbuffer and threaded event sources -minimal-http-server-sse|Simple Server Side Events -minimal-http-server-tls-80|Serves a directory over http/1 or http/2 with TLS (SSL), custom 404 handler, redirect to https on port 80 -minimal-http-server-tls-mem|Serves using TLS with the cert and key provided as memory buffers instead of files -minimal-http-server-tls|Serves a directory over http/1 or http/2 with TLS (SSL), custom 404 handler -minimal-http-server|Serves a directory over http/1, custom 404 handler - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt deleted file mode 100644 index c1bb2ce..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-basicauth) -set(SRCS minimal-http-server-basicauth.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/README.md b/minimal-examples/http-server/minimal-http-server-basicauth/README.md deleted file mode 100644 index 7cf7751..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# lws minimal http server basic auth - -This demonstrates how to protect a mount using a password -file outside of the mount itself. - -The demo has two mounts, a normal one at / and one protected -by basic auth at /secret. - -The file at ./ba-passwords contains valid user:password -combinations. - -## Discovering the authenticated user - -After a successful authentication, the `WSI_TOKEN_HTTP_AUTHORIZATION` token -contains the authenticated username. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-basic-auth -[2018/04/19 08:40:05:1333] USER: LWS minimal http server basic auth | visit http://localhost:7681 -[2018/04/19 08:40:05:1333] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -``` - -Visit http://localhost:7681, and follow the link there to the secret area. - -Give your browser "user" and "password" as the credentials. - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords b/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords deleted file mode 100644 index 28b9bb2..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/ba-passwords +++ /dev/null @@ -1 +0,0 @@ -user:password diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c b/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c deleted file mode 100644 index 1336d28..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/minimal-http-server-basicauth.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - * lws-minimal-http-server-basicauth - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server with a second mount that - * is protected using a password file and basic auth. - * - * To keep it simple, it serves the static stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include -#include - -static int interrupted; - -/* override the default mount for /secret in the URL space */ - -static const struct lws_http_mount mount_secret = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/secret", /* mountpoint URL */ - /* .origin */ "./mount-secret-origin", - /* .def */ "index.html", - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* dynamic */ - /* .mountpoint_len */ 7, /* char count */ - /* .basic_auth_login_file */ "./ba-passwords", -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_secret, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server basic auth | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html deleted file mode 100644 index 0b35368..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/index.html +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - -
- - Hello from the minimal http server basic auth example. -

- This is a static page served from ./mount-origin/index.html. -

- Stuff down /secret in the URL space is protected by Basic Auth.
- Your browser will ask for a username / password combination, and
- lws will check it against ./ba-passwords, which contains a list of
- "username:password" one per line.
-
- The example content for ba-passwords is literally "user:password".
- Click on the link into the protected area of the URL space below
- and give your browser the credentials "user" and "password". -

- /secret - - - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html b/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html deleted file mode 100644 index a0bb441..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/index.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - - -
- - This is the big secret protected by basic auth. - - - diff --git a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-basicauth/mount-secret-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-custom-headers/CMakeLists.txt deleted file mode 100644 index 92d0d18..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-custom-headers) -set(SRCS minimal-http-server-custom-headers.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITH_CUSTOM_HEADERS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/README.md b/minimal-examples/http-server/minimal-http-server-custom-headers/README.md deleted file mode 100644 index 9666d02..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# lws minimal http server dynamic content - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-dynamic -[2018/03/20 10:24:24:7099] USER: LWS minimal http server dynamic | visit http://localhost:7681 -[2018/03/20 10:24:24:7099] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -``` - -Visit http://localhost:7681, which is all static content. - -Click on the link to /dyn/anything, this opens a new tab with dynamicly-produced content. - diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/minimal-http-server-custom-headers.c b/minimal-examples/http-server/minimal-http-server-custom-headers/minimal-http-server-custom-headers.c deleted file mode 100644 index dcdb0b8..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/minimal-http-server-custom-headers.c +++ /dev/null @@ -1,220 +0,0 @@ -/* - * lws-minimal-http-server-custom-headers - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that can produce dynamic http - * content as well as static content. - * - * To keep it simple, it serves the static stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include -#include - -static int interrupted; - -struct pss { - char result[128 + LWS_PRE]; - int len; -}; - -/* - * This just lets us override LWS_CALLBACK_HTTP handling before passing it - * and everything else to the default handler. - */ - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - uint8_t buf[LWS_PRE + 2048], *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - LWS_PRE - 1]; - struct pss *pss = (struct pss *)user; - char value[32], *pr = &pss->result[LWS_PRE]; - int n, e = sizeof(pss->result) - LWS_PRE; - - switch (reason) { - case LWS_CALLBACK_HTTP: - /* - * LWS doesn't have the "DNT" header built-in. But we can - * query it using the "custom" versions of the header apis. - * - * You can set your modern browser to issue DNT, look in the - * privacy settings of your browser. - */ - - pss->len = 0; - n = lws_hdr_custom_length(wsi, "dnt:", 4); - if (n < 0) - pss->len = lws_snprintf(pr, e, - "%s: DNT header not found\n", __func__); - else { - - pss->len = lws_snprintf(pr, e, - "%s: DNT length %d
", __func__, n); - n = lws_hdr_custom_copy(wsi, value, sizeof(value), "dnt:", 4); - if (n < 0) - pss->len += lws_snprintf(pr + pss->len, e - pss->len, - "%s: unable to get DNT value\n", __func__); - else - - pss->len += lws_snprintf(pr + pss->len , e - pss->len, - "%s: DNT value '%s'\n", __func__, value); - } - - lwsl_user("%s\n", pr); - - if (lws_add_http_common_headers(wsi, HTTP_STATUS_OK, - "text/html", pss->len, &p, end)) - return 1; - - if (lws_finalize_write_http_header(wsi, start, &p, end)) - return 1; - - - /* write the body separately */ - lws_callback_on_writable(wsi); - return 0; - - case LWS_CALLBACK_HTTP_WRITEABLE: - - strcpy((char *)start, "hello"); - - if (lws_write(wsi, (uint8_t *)pr, pss->len, LWS_WRITE_HTTP_FINAL) != pss->len) - return 1; - - if (lws_http_transaction_completed(wsi)) - return -1; - return 0; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", callback_http, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static const struct lws_http_mount mount_dyn = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/dyn", /* mountpoint URL */ - /* .origin */ NULL, /* protocol */ - /* .def */ NULL, - /* .protocol */ "http", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_dyn, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server custom headers | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - /* for testing ah queue, not useful in real world */ - if (lws_cmdline_option(argc, argv, "--ah1")) - info.max_http_header_pool = 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* http on 7681 */ - - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.vhost_name = "http"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - /* https on 7682 */ - - info.port = 7682; - info.error_document_404 = "/404.html"; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - info.vhost_name = "https"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/404.html deleted file mode 100644 index 6f85f25..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/error.css b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/error.css deleted file mode 100644 index e69de29..0000000 diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/index.html deleted file mode 100644 index a5fbbd7..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/index.html +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - -
- - Hello from the minimal http server custom headers example. -

- The idea is it will tell you what your browser sent for DNT, a header lws doesn't already know. -

- At the moment the custom header api only works on h1. -

- - Show DNT header using h1 over http
- Show DNT header using h1 (h2 if enabled) over https
- - - diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-custom-headers/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt deleted file mode 100644 index d5f5188..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/CMakeLists.txt +++ /dev/null @@ -1,86 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-deaddrop) -set(SRCS minimal-http-server-deaddrop.c) - -# NOTE... if you are building this standalone, you must point LWS_PLUGINS_DIR -# to the lws plugins dir so it can pick up the plugin source. Eg, -# cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (LWS_PLUGINS_DIR) - include_directories(${LWS_PLUGINS_DIR}) - endif() - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/README.md b/minimal-examples/http-server/minimal-http-server-deaddrop/README.md deleted file mode 100644 index 4a07ad4..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# lws minimal http server deaddrop - -This demonstrates how you can leverage the lws deaddrop plugin to make a -secure, modern html5 file upload and sharing application. - -The demo is protected by basic auth credentials defined in the file at -./ba-passwords - by default the credentials are user: user1, password: password; -and user: user2, password: password again. - -You can upload files and have them appear on a shared, downloadable list that -is dynamically updated to all clients open on the page. Only the authenticated -uploader is able to delete the files he uploaded. - -Multiple simultaneous ongoing file uploads are supported. - -## build - -To build this standalone, you must tell cmake where the lws source tree -./plugins directory can be found, since it relies on including the source -of the raw-proxy plugin. - -``` - $ cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-deaddrop -[2018/12/01 10:31:09:7108] USER: LWS minimal http server deaddrop | visit https://localhost:7681 -[2018/12/01 10:31:09:8511] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/12/01 10:31:09:8522] NOTICE: Using SSL mode -[2018/12/01 10:31:10:0755] NOTICE: SSL ECDH curve 'prime256v1' -[2018/12/01 10:31:10:2562] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath localhost-100y.cert -[2018/12/01 10:31:10:2581] NOTICE: Loaded client cert localhost-100y.cert -[2018/12/01 10:31:10:2583] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath -[2018/12/01 10:31:10:2593] NOTICE: Loaded client cert private key localhost-100y.key -[2018/12/01 10:31:10:2596] NOTICE: created client ssl context for default -[2018/12/01 10:31:10:5290] NOTICE: deaddrop: vh default, upload dir ./uploads, max size 10000000 -[2018/12/01 10:31:10:5376] NOTICE: vhost default: cert expiry: 730203d -... -``` - -Visit https://localhost:7681, and follow the link there to the secret area. - -Give your browser "user1" and "password" as the credentials. For testing to -confirm what a different user sees, you can also log in as "user2" and -"password". - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/ba-passwords b/minimal-examples/http-server/minimal-http-server-deaddrop/ba-passwords deleted file mode 100644 index cd9feb0..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/ba-passwords +++ /dev/null @@ -1,2 +0,0 @@ -user1:password -user2:password diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/minimal-http-server-deaddrop.c b/minimal-examples/http-server/minimal-http-server-deaddrop/minimal-http-server-deaddrop.c deleted file mode 100644 index fe06412..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/minimal-http-server-deaddrop.c +++ /dev/null @@ -1,171 +0,0 @@ -/* - * lws-minimal-http-server-deaddrop - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates how you can leverage the lws deaddrop plugin to make a - * secure, modern html5 file upload and sharing application. - * - * Because the guts are in a plugin, you can avoid all this setup by using the - * plugin from lwsws and do the config in JSON. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "../plugins/deaddrop/protocol_lws_deaddrop.c" - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_DEADDROP, - { NULL, NULL, 0, 0 } /* terminator */ -}; - - -static int interrupted; - -/* - * teach the /get mount how to present various filetypes to the client... - * lws won't serve files it doesn't know the mimetype for as a security - * measure. - */ - -static struct lws_protocol_vhost_options em3 = { - NULL, NULL, ".zip", "application/zip" -}, em2 = { - &em3, NULL, ".pdf", "application/pdf" -}, extra_mimetypes = { - &em2, NULL, ".tar.gz", "application/x-gzip" -}; - -/* wire up /upload URLs to the plugin (protected by basic auth) */ - -static const struct lws_http_mount mount_upload = { - /* .mount_next */ NULL, - /* .mountpoint */ "/upload", /* mountpoint URL */ - /* .origin */ "lws-deaddrop", - /* .def */ "", - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, - /* .mountpoint_len */ 7, /* char count */ - /* .basic_auth_login_file */ "./ba-passwords", -}; - -/* wire up /get URLs to the upload directory (protected by basic auth) */ - -static const struct lws_http_mount mount_get = { - /* .mount_next */ &mount_upload, /* linked-list "next" */ - /* .mountpoint */ "/get", /* mountpoint URL */ - /* .origin */ "./uploads", - /* .def */ "", - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ &extra_mimetypes, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ "./ba-passwords", -}; - -/* wire up / to serve from ./mount-origin (protected by basic auth) */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_get, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ "./ba-passwords", -}; - -/* pass config options to the deaddrop plugin using pvos */ - -static struct lws_protocol_vhost_options pvo3 = { - /* make the wss also require to pass basic auth */ - NULL, NULL, "basic-auth", "./ba-passwords" -}, pvo2 = { - &pvo3, NULL, "max-size", "10000000" -}, pvo1 = { - &pvo2, NULL, "upload-dir", "./uploads" /* would be an absolute path */ -}, pvo = { - NULL, /* "next" pvo linked-list */ - &pvo1, /* "child" pvo linked-list */ - "lws-deaddrop", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server deaddrop | visit https://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.pvo = &pvo; - info.protocols = protocols; - info.error_document_404 = "/404.html"; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.css b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.css deleted file mode 100644 index 549e362..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.css +++ /dev/null @@ -1,70 +0,0 @@ -.td { padding: 8px } -.h1 { } -.dd-fileinfo { font-size: 8pt; } -table td { - display: table-cell; - vertical-align: top; - background-color: rgba(247, 247, 232, 0.6); - text-align: center -} -table { - border: 2px solid #ccc; - padding: 4px; - border-radius: 12px; - transition: background-color 0.5s ease; -} -table.nb { border: 0px; border-radius: 0px; transition: opacity 0.5s; } -table.noconn { background-color: #ddd; } - -div { transition: opacity 0.5s; } -div.da { padding-left: 20px; padding-right:20px; } -div.trot { - animation: scale 0.5s linear infinite; -} -div.uplbox { padding-bottom: 8px; } -div.disa { opacity: 0.2; } - -td.ogn { text-align:left; font-size: 8pt; padding-left: 4px; padding-right: 4px;} -td.dow { text-align:left; font-size: 9pt; padding-left: 4px; padding-right: 4px;} -td.r { text-align: right; } -td.err { color: red; font-weight: bold; } -td.vm { display: table-cell; vertical-align: middle; padding-top: 12px; padding-bottom: 12px; } - -h3 { font-size: 12pt; margin-bottom: 6px; } -span { font-size: 9pt; } -a { font-size: 9pt; } - -input.ubtn { font-size: 16pt; margin-top: 4px; text-align: center } - -img.working { - display: inline-block; - float:left; - background: url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJMYXllcl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKICAgICB3aWR0aD0iMjRweCIgaGVpZ2h0PSIzMHB4IiB2aWV3Qm94PSIwIDAgMjQgMzAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDUwIDUwOyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CiAgICA8cmVjdCB4PSIwIiB5PSIxMCIgd2lkdGg9IjQiIGhlaWdodD0iMTAiIGZpbGw9IiMzMzMiIG9wYWNpdHk9IjAuMiI+CiAgICAgIDxhbmltYXRlIGF0dHJpYnV0ZU5hbWU9Im9wYWNpdHkiIGF0dHJpYnV0ZVR5cGU9IlhNTCIgdmFsdWVzPSIwLjI7IDE7IC4yIiBiZWdpbj0iMHMiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICAgIDxhbmltYXRlIGF0dHJpYnV0ZU5hbWU9ImhlaWdodCIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyAyMDsgMTAiIGJlZ2luPSIwcyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ieSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyA1OyAxMCIgYmVnaW49IjBzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgPC9yZWN0PgogICAgPHJlY3QgeD0iOCIgeT0iMTAiIHdpZHRoPSI0IiBoZWlnaHQ9IjEwIiBmaWxsPSIjMzMzIiAgb3BhY2l0eT0iMC4yIj4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ib3BhY2l0eSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjAuMjsgMTsgLjIiIGJlZ2luPSIwLjE1cyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0iaGVpZ2h0IiBhdHRyaWJ1dGVUeXBlPSJYTUwiIHZhbHVlcz0iMTA7IDIwOyAxMCIgYmVnaW49IjAuMTVzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgICA8YW5pbWF0ZSBhdHRyaWJ1dGVOYW1lPSJ5IiBhdHRyaWJ1dGVUeXBlPSJYTUwiIHZhbHVlcz0iMTA7IDU7IDEwIiBiZWdpbj0iMC4xNXMiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICA8L3JlY3Q+CiAgICA8cmVjdCB4PSIxNiIgeT0iMTAiIHdpZHRoPSI0IiBoZWlnaHQ9IjEwIiBmaWxsPSIjMzMzIiAgb3BhY2l0eT0iMC4yIj4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ib3BhY2l0eSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjAuMjsgMTsgLjIiIGJlZ2luPSIwLjNzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgICA8YW5pbWF0ZSBhdHRyaWJ1dGVOYW1lPSJoZWlnaHQiIGF0dHJpYnV0ZVR5cGU9IlhNTCIgdmFsdWVzPSIxMDsgMjA7IDEwIiBiZWdpbj0iMC4zcyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ieSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyA1OyAxMCIgYmVnaW49IjAuM3MiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICA8L3JlY3Q+Cjwvc3ZnPg=="); - width:0px; - height:0px; - cursor:pointer; - padding:0.6em 1em; - background-repeat: no-repeat; - vertical-align:middle; - color: rgba(0, 0, 0, 0); -} - -img.delbtn { - display: inline-block; - float:left; - background: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCAzNC4yMTcxMzMgMzQuMTQ0MjQ5IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KCTxkZWZzPgoJCTxyYWRpYWxHcmFkaWVudCBpZD0iYSIgY3g9IjEzNTguNSIgY3k9Ijk3Ny43MiIgcj0iNC4xMTYiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoMS41MDM1IDAgMCAyLjQ5NDQgLTI1NzcuNCAtMTgyMy44KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjZmZmIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iI2ZmZiIgc3RvcC1vcGFjaXR5PSIwIiBvZmZzZXQ9IjEiLz4KCQk8L3JhZGlhbEdyYWRpZW50PgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjEzNjYuMyIgeDI9IjEzNDQuOCIgeTE9Ijk3OC4xOSIgeTI9Ijk1OC43MyIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgtMjE3NCAtMTA3Ni4xKSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjOWM5NzlkIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iI2Y0ZmVmMyIgc3RvcC1vcGFjaXR5PSIuNzQwMTYiIG9mZnNldD0iMSIvPgoJCTwvbGluZWFyR3JhZGllbnQ+Cgk8L2RlZnM+Cgk8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4MzQuMjkgMTIzLjc1KSI+CgkJPGcgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIj4KCQkJPGNpcmNsZSBjeD0iLTgxNy4yMiIgY3k9Ii0xMDYuNjgiIHI9IjE2LjA5IiBmaWxsPSJ1cmwoI2IpIiBzdHJva2U9IiMwMDAiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIHN0cm9rZS13aWR0aD0iMS45NjUiLz4KCQkJPHBhdGggZD0ibS04MjUuNjctMTE0LjcxYzE3LjMzIDE3LjMzIDE3IDE2Ljk5OSAxNyAxNi45OTkiIGZpbGw9IiNmNTUiIHN0cm9rZT0iI2EwMCIgc3Ryb2tlLXdpZHRoPSIxLjY2NSIvPgoJCQk8cGF0aCBkPSJtLTgwOC45Ni0xMTQuNjFjLTE3LjMzIDE3LjMzLTE3IDE2Ljk5OS0xNyAxNi45OTkiIGZpbGw9IiNmNTUiIHN0cm9rZT0iI2EwMCIgc3Ryb2tlLXdpZHRoPSIxLjY2NSIvPgoJCTwvZz4KCQk8ZWxsaXBzZSB0cmFuc2Zvcm09InJvdGF0ZSg1NS44ODUpIiBjeD0iLTUzNC45NiIgY3k9IjYxNS4wNyIgcng9IjYuMTg4MyIgcnk9IjEwLjI2NyIgZmlsbD0idXJsKCNhKSIvPgoJPC9nPgo8L3N2Zz4="); - width:0px; - height:0px; - cursor:pointer; - padding:0.45em; - background-repeat: no-repeat; - vertical-align:middle; - color: rgba(0, 0, 0, 0); -} - -@keyframes scale { - 50% { - opacity: 0.5; - transform:scale(1.1) rotate(2deg); - } -} diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.js b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.js deleted file mode 100644 index ebb6e12..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/deaddrop.js +++ /dev/null @@ -1,300 +0,0 @@ -(function() { - - var server_max_size = 0, ws; - - function san(s) - { - if (!s) - return ""; - - return s.replace(/&/g, "&"). - replace(/\/g, ">"). - replace(/\"/g, """). - replace(/%/g, "%"); - } - - function lws_urlencode(s) - { - return encodeURI(s).replace(/@/g, "%40"); - } - - function trim(num) - { - var s = num.toString(); - - if (!s.indexOf(".")) - return s; - - while (s.length && s[s.length - 1] === "0") - s = s.substring(0, s.length - 1); - - if (s[s.length - 1] === ".") - s = s.substring(0, s.length - 1); - - return s; - } - - function humanize(n) - { - if (n < 1024) - return n + "B"; - - if (n < 1024 * 1024) - return trim((n / 1024).toFixed(2)) + "KiB"; - - if (n < 1024 * 1024 * 1024) - return trim((n / (1024 * 1024)).toFixed(2)) + "MiB"; - - return trim((n / (1024 * 1024 * 1024)).toFixed(2)) + "GiB"; - } - - function da_enter(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.add("trot"); - } - - function da_leave(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.remove("trot"); - } - - function da_over(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.add("trot"); - } - - function clear_errors() { - var t = document.getElementById("ongoing"); - - for (n = 0; n < t.rows.length; n++) - if (t.rows[n].cells[0].classList.contains("err")) - t.deleteRow(n); - } - - function do_upload(file) { - var formData = new FormData(); - var t = document.getElementById("ongoing"); - - formData.append("file", file); - - var row = t.insertRow(0), c1 = row.insertCell(0), - c2 = row.insertCell(1), c3 = row.insertCell(2); - - c1.classList.add("ogn"); - c1.classList.add("r"); - - if (file.size > server_max_size) { - c1.innerHTML = "Too Large"; - c1.classList.add("err"); - } else - c1.innerHTML = ""; - - c2.classList.add("ogn"); - c2.classList.add("r"); - c2.innerHTML = humanize(file.size); - - c3.classList.add("ogn"); - c3.innerHTML = file.name; - - if (file.size > server_max_size) - return; - - fetch("upload/" + lws_urlencode(file.name), { - method: "POST", - body: formData - }) - .then((e) => { /* this just means we got a response code */ - var us = e.url.split("/"), ul = us[us.length - 1], n; - - for (n = 0; n < t.rows.length; n++) - if (ul === lws_urlencode( - t.rows[n].cells[2].textContent)) { - if (e.ok === true) { - t.deleteRow(n); - } else { - t.rows[n].cells[0].textContent = - "Failed " + san(e.status.toString()); - t.rows[n].cells[0]. - classList.add("err"); - } - break; - } - }) - .catch((e) => { - var us = e.url.split("/"), ul = us[us.length - 1], n; - - for (n = 0; n < t.rows.length; n++) - if (ul === lws_urlencode( - t.rows[n].cells[2].textContent)) { - t.rows[n].cells[0] = "FAIL"; - break; - } - }); - } - - function da_drop(e) { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.remove("trot"); - - clear_errors(); - - ([...e.dataTransfer.files]).forEach(do_upload); - } - - function upl_button(e) { - var fi = document.getElementById("file"), - da = document.getElementById("da"); - - clear_errors(); - e.preventDefault(); - - ([...fi.files]).forEach(do_upload); - } - - function body_drop(e) { - e.preventDefault(); - } - - function inp() { - var fi = document.getElementById("file"), - upl = document.getElementById("upl"); - console.log("inp"); - upl.disabled = !fi.files.length; - } - - function delfile(e) - { - e.stopPropagation(); - e.preventDefault(); - - ws.send("{\"del\":\"" + decodeURI(e.target.getAttribute("file")) + - "\"}"); - } - - function get_appropriate_ws_url(extra_url) - { - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; - } - - function new_ws(urlpath, protocol) - { - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); - } - - document.addEventListener("DOMContentLoaded", function() { - var da = document.getElementById("da"), - fi = document.getElementById("file"), - upl = document.getElementById("upl"); - - da.addEventListener("dragenter", da_enter, false); - da.addEventListener("dragleave", da_leave, false); - da.addEventListener("dragover", da_over, false); - da.addEventListener("drop", da_drop, false); - - upl.addEventListener("click", upl_button, false); - fi.addEventListener("change", inp, false); - - window.addEventListener("dragover", body_drop, false); - window.addEventListener("drop", body_drop, false); - - ws = new_ws(get_appropriate_ws_url(""), "lws-deaddrop"); - try { - ws.onopen = function() { - var dd = document.getElementById("ddrop"), - da = document.getElementById("da"); - - dd.classList.remove("noconn"); - da.classList.remove("disa"); - }; - - ws.onmessage = function got_packet(msg) { - var j = JSON.parse(msg.data), s = "", n, - t = document.getElementById("dd-list"); - - server_max_size = j.max_size; - document.getElementById("size").innerHTML = - "Server maximum file size " + - humanize(j.max_size); - - s += "
NameLength -[2018/04/03 13:13:13:1441] NOTICE: 0060: 56 61 6C 75 65 3C 2F 74 64 3E 3C 2F 74 72 3E 3C Value
text13my text fi -[2018/04/03 13:13:13:1441] NOTICE: 00A0: 65 6C 64 3C 2F 74 64 3E 3C 2F 74 72 3E 3C 74 72 eld
send -[2018/04/03 13:13:13:1441] NOTICE: 00C0: 3C 2F 74 64 3E 3C 74 64 3E 30 3C 2F 74 64 3E 3C 0
file -[2018/04/03 13:13:13:1442] NOTICE: 00F0: 3C 2F 62 3E 3C 2F 74 64 3E 3C 74 64 3E 30 3C 2F 0NULL
-[2018/04/03 13:13:13:1442] NOTICE: 0120: 75 70 6C 6F 61 64 3C 2F 62 3E 3C 2F 74 64 3E 3C uploadNUL -[2018/04/03 13:13:13:1442] NOTICE: 0140: 4C 3C 2F 74 64 3E 3C 2F 74 72 3E 3C 2F 74 61 62 L
"; - for (n = 0; n < j.files.length; n++) { - var date = new Date(j.files[n].mtime * 1000); - s += ""; - } - s += "
" + - humanize(j.files[n].size) + - "" + - date.toDateString() + " " + - date.toLocaleTimeString() + - ""; - if (j.files[n].yours === 1) - s += ""; - else - s += " "; - - s += "" + - san(j.files[n].name) + "
"; - - t.innerHTML = s; - - for (n = 0; n < j.files.length; n++) { - var d = document.getElementById("d" + n); - if (d) - d.addEventListener("click", - delfile, false); - } - }; - - ws.onclose = function() { - var dd = document.getElementById("ddrop"), - da = document.getElementById("da"); - - dd.classList.add("noconn"); - da.classList.add("disa"); - }; - } catch(exception) { - alert("

Error " + exception); - } - - }); -}()); diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/drop.svg b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/drop.svg deleted file mode 100644 index f413cf0..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/drop.svg +++ /dev/null @@ -1,102 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/index.html deleted file mode 100644 index 6788572..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/index.html +++ /dev/null @@ -1,35 +0,0 @@ - - - - - - - - -  
-

- - - -
-
-
-

...or select files to upload:

-
-
- - -
- -
-
-
-
- -
-
-
- - \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-deaddrop/uploads/user1/placeholder.txt b/minimal-examples/http-server/minimal-http-server-deaddrop/uploads/user1/placeholder.txt deleted file mode 100644 index 2d1be9e..0000000 --- a/minimal-examples/http-server/minimal-http-server-deaddrop/uploads/user1/placeholder.txt +++ /dev/null @@ -1 +0,0 @@ -git doesn't support empty dirs... diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-dynamic/CMakeLists.txt deleted file mode 100644 index 5b5794c..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-dynamic) -set(SRCS minimal-http-server-dynamic.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/README.md b/minimal-examples/http-server/minimal-http-server-dynamic/README.md deleted file mode 100644 index 9666d02..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# lws minimal http server dynamic content - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-dynamic -[2018/03/20 10:24:24:7099] USER: LWS minimal http server dynamic | visit http://localhost:7681 -[2018/03/20 10:24:24:7099] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -``` - -Visit http://localhost:7681, which is all static content. - -Click on the link to /dyn/anything, this opens a new tab with dynamicly-produced content. - diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c b/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c deleted file mode 100644 index bb537eb..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/minimal-http-server-dynamic.c +++ /dev/null @@ -1,300 +0,0 @@ -/* - * lws-minimal-http-server-dynamic - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that can produce dynamic http - * content as well as static content. - * - * To keep it simple, it serves the static stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include -#include - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - char path[128]; - - int times; - int budget; - - int content_lines; -}; - -static int interrupted; - -static int -callback_dynamic_http(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - uint8_t buf[LWS_PRE + 2048], *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - LWS_PRE - 1]; - time_t t; - int n; - - switch (reason) { - case LWS_CALLBACK_HTTP: - - /* in contains the url part after our mountpoint /dyn, if any */ - lws_snprintf(pss->path, sizeof(pss->path), "%s", (const char *)in); - - /* - * prepare and write http headers... with regards to content- - * length, there are three approaches: - * - * - http/1.0 or connection:close: no need, but no pipelining - * - http/1.1 or connected:keep-alive - * (keep-alive is default for 1.1): content-length required - * - http/2: no need, LWS_WRITE_HTTP_FINAL closes the stream - * - * giving the api below LWS_ILLEGAL_HTTP_CONTENT_LEN instead of - * a content length forces the connection response headers to - * send back "connection: close", disabling keep-alive. - * - * If you know the final content-length, it's always OK to give - * it and keep-alive can work then if otherwise possible. But - * often you don't know it and avoiding having to compute it - * at header-time makes life easier at the server. - */ - if (lws_add_http_common_headers(wsi, HTTP_STATUS_OK, - "text/html", - LWS_ILLEGAL_HTTP_CONTENT_LEN, /* no content len */ - &p, end)) - return 1; - if (lws_finalize_write_http_header(wsi, start, &p, end)) - return 1; - - pss->times = 0; - pss->budget = atoi((char *)in + 1); - pss->content_lines = 0; - if (!pss->budget) - pss->budget = 10; - - /* write the body separately */ - lws_callback_on_writable(wsi); - - return 0; - - case LWS_CALLBACK_HTTP_WRITEABLE: - - if (!pss || pss->times > pss->budget) - break; - - /* - * We send a large reply in pieces of around 2KB each. - * - * For http/1, it's possible to send a large buffer at once, - * but lws will malloc() up a temp buffer to hold any data - * that the kernel didn't accept in one go. This is expensive - * in memory and cpu, so it's better to stage the creation of - * the data to be sent each time. - * - * For http/2, large data frames would block the whole - * connection, not just the stream and are not allowed. Lws - * will call back on writable when the stream both has transmit - * credit and the round-robin fair access for sibling streams - * allows it. - * - * For http/2, we must send the last part with - * LWS_WRITE_HTTP_FINAL to close the stream representing - * this transaction. - */ - n = LWS_WRITE_HTTP; - if (pss->times == pss->budget) - n = LWS_WRITE_HTTP_FINAL; - - if (!pss->times) { - /* - * the first time, we print some html title - */ - t = time(NULL); - /* - * to work with http/2, we must take care about LWS_PRE - * valid behind the buffer we will send. - */ - p += lws_snprintf((char *)p, end - p, "" - "" - "" - "
Dynamic content for '%s' from mountpoint." - "
Time: %s

" - "", pss->path, ctime(&t)); - } else { - /* - * after the first time, we create bulk content. - * - * Again we take care about LWS_PRE valid behind the - * buffer we will send. - */ - - while (lws_ptr_diff(end, p) > 80) - p += lws_snprintf((char *)p, end - p, - "%d.%d: this is some content... ", - pss->times, pss->content_lines++); - - p += lws_snprintf((char *)p, end - p, "

"); - } - - pss->times++; - if (lws_write(wsi, (uint8_t *)start, lws_ptr_diff(p, start), n) != - lws_ptr_diff(p, start)) - return 1; - - /* - * HTTP/1.0 no keepalive: close network connection - * HTTP/1.1 or HTTP1.0 + KA: wait / process next transaction - * HTTP/2: stream ended, parent connection remains up - */ - if (n == LWS_WRITE_HTTP_FINAL) { - if (lws_http_transaction_completed(wsi)) - return -1; - } else - lws_callback_on_writable(wsi); - - return 0; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocol = - { "http", callback_dynamic_http, sizeof(struct pss), 0 }; - -static const struct lws_protocols *pprotocols[] = { &protocol, NULL }; - -/* override the default mount for /dyn in the URL space */ - -static const struct lws_http_mount mount_dyn = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/dyn", /* mountpoint URL */ - /* .origin */ NULL, /* protocol */ - /* .def */ NULL, - /* .protocol */ "http", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_dyn, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server dynamic | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - /* for testing ah queue, not useful in real world */ - if (lws_cmdline_option(argc, argv, "--ah1")) - info.max_http_header_pool = 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* http on 7681 */ - - info.port = 7681; - info.pprotocols = pprotocols; - info.mounts = &mount; - info.vhost_name = "http"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - /* https on 7682 */ - - info.port = 7682; - info.error_document_404 = "/404.html"; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - info.vhost_name = "localhost"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/index.html deleted file mode 100644 index 8fe93d7..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - -
- - Hello from the minimal http server dynamic content example. -

- This is a static page served from ./mount-origin/index.html. -

- Stuff down /dyn in the URL space is generated dynamically
- by the callback. For example, click on - /dyn/anything to - see dynamic content. - - - diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-dynamic/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-eventlib-demos/CMakeLists.txt deleted file mode 100644 index 593d687..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-eventlib-demos) -set(SRCS minimal-http-server-eventlib-demos.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/README.md b/minimal-examples/http-server/minimal-http-server-eventlib-demos/README.md deleted file mode 100644 index 90720e4..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# lws minimal http server eventlib demos - -This demonstrates a slightly more complex demo that can use -any of the event loops (it defaults to poll) - -It uses statically included plugins to provide the lws test server functions - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 ---uv|Use the libuv event library (lws must have been configured with `-DLWS_WITH_LIBUV=1`) ---event|Use the libevent library (lws must have been configured with `-DLWS_WITH_LIBEVENT=1`) ---ev|Use the libev event library (lws must have been configured with `-DLWS_WITH_LIBEV=1`) - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-eventlib-demos -[2018/03/04 09:30:02:7986] USER: LWS minimal http server-eventlib-demos | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/minimal-http-server-eventlib-demos.c b/minimal-examples/http-server/minimal-http-server-eventlib-demos/minimal-http-server-eventlib-demos.c deleted file mode 100644 index eaad580..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/minimal-http-server-eventlib-demos.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * lws-minimal-http-server-eventlib - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http[s] server that can work with any of the - * supported event loop backends, or the default poll() one. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "../../../plugins/protocol_lws_mirror.c" -#include "../../../plugins/protocol_lws_status.c" -#include "../../../plugins/protocol_dumb_increment.c" -#include "../../../plugins/protocol_post_demo.c" - -static struct lws_context *context; - -static struct lws_protocols protocols[] = { - /* first protocol must always be HTTP handler */ - - { "http-only", lws_callback_http_dummy, 0, 0, }, - LWS_PLUGIN_PROTOCOL_DUMB_INCREMENT, - LWS_PLUGIN_PROTOCOL_MIRROR, - LWS_PLUGIN_PROTOCOL_LWS_STATUS, - LWS_PLUGIN_PROTOCOL_POST_DEMO, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* - * mount handlers for sections of the URL space - */ - -static const struct lws_http_mount mount_ziptest = { - NULL, /* linked-list pointer to next*/ - "/ziptest", /* mountpoint in URL namespace on this vhost */ - "candide.zip", /* handler */ - NULL, /* default filename if none given */ - NULL, - NULL, - NULL, - NULL, - 0, - 0, - 0, - 0, - 0, - 0, - LWSMPRO_FILE, /* origin points to a callback */ - 8, /* strlen("/ziptest"), ie length of the mountpoint */ - NULL, - - { NULL, NULL } // sentinel -}; - -static const struct lws_http_mount mount_post = { - (struct lws_http_mount *)&mount_ziptest, /* linked-list pointer to next*/ - "/formtest", /* mountpoint in URL namespace on this vhost */ - "protocol-post-demo", /* handler */ - NULL, /* default filename if none given */ - NULL, - NULL, - NULL, - NULL, - 0, - 0, - 0, - 0, - 0, - 0, - LWSMPRO_CALLBACK, /* origin points to a callback */ - 9, /* strlen("/formtest"), ie length of the mountpoint */ - NULL, - - { NULL, NULL } // sentinel -}; - - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_post, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "test.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void signal_cb(void *handle, int signum) -{ - lwsl_err("%s: signal %d\n", __func__, signum); - - switch (signum) { - case SIGTERM: - case SIGINT: - break; - default: - - break; - } - lws_context_destroy(context); -} - -void sigint_handler(int sig) -{ - signal_cb(NULL, sig); -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server eventlib | visit http://localhost:7681\n"); - lwsl_user(" [-s (ssl)] [--uv (libuv)] [--ev (libev)] [--event (libevent)]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.pcontext = &context; - info.protocols = protocols; - info.signal_cb = signal_cb; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "--uv")) - info.options |= LWS_SERVER_OPTION_LIBUV; - else - if (lws_cmdline_option(argc, argv, "--event")) - info.options |= LWS_SERVER_OPTION_LIBEVENT; - else - if (lws_cmdline_option(argc, argv, "--ev")) - info.options |= LWS_SERVER_OPTION_LIBEV; - else - signal(SIGINT, sigint_handler); - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (!lws_service(context, 0)) - ; - - lwsl_info("calling external context destroy\n"); - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/candide.zip b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/candide.zip deleted file mode 100644 index 82a66199a701657e3b4819f36e9fe18f2379a886..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 211764 zcmV(%K;pkpO9KQH000080O`18K}nF31(|aJ0Eqzv01N;e0ApcpWNBn&E@*UZY*kbV z00So0mryCJyI6I23jhHG=mP)%1n2_*0HpnUliOC3Esp+u6`}6{>BJe`dx9!k56hOz zV?{}pt?ITOBb8g-zY`};faE3#7YMNND2hGt`|dZ_%FK-olI7;~^k}-PSR@GSNA7&A zTKfQl-^|ueNvsJe)vk$+${PprxcK_j5UwwY^>Z`AQy80>m>zk{$zh;llzRo^% zO)=}f`s($&`*-hT@}K*wuG@V7)mPi?_H6s)tZtTHU48uO3oi8tpS2$!w*27Pyqn+u z@$Q|wcYffPeOZ@P`|n4t@#y*U=lW5+J_e&rAA(B&CE^Dz9qFK+(*{;Rs` zLe)LI+HJ!9Y^J~c`~5C_>Au1>&S$HTxWw5(^>b>C(G>nj0TBY!=5S6x1p zVgJv=%O1Pf@TqzBpEsfDidkOzz{o?yzfbG=ZhXy0U;oeB?-YNGpDotQ>_4YbAP>zru1w&wTu7fXny2I>#~?o4g$)Az`T%(2ns$<$cbis6g$3HxcZZT&OD{vJj|%>};eh;i}D^G>t< zH|ezbd)oCZ-|#)0|C_ui@~X2X@KFBNrr(-xu*Ce$+n_@+t;>1xu0^pNZcnGxjl%Jp z_0QFHSJho;v+;<3pUv}jC8qIFGT8p+xb6<^#gQeIF7mI>o+ncguXk4F(@t3yqc}*X1KR~W7qZ@90JMRoP8J1n|YYkO|D;E)m2DMOdZyv-8Opa z!-wW8>5bxj!}7z`rcH9SdC_jld^ddW@V>LQ%d3Cn>9=w*XJ58a#U-0;ZFL?al`GTh>e8JQI>K8nGXr7B$OSmPW znrGSn`9D9pY5(CXdNk^eeP#aG4>%a<(8GWvHDNt5Ld75HckoxEJ*1^Gi0)ZvsR+h*HU-nDg*C4ZJ> zf2(^LsGWRtv&)KZk}ZpyAU|aJR$i@}yLX!K5ML@U^)gI)7h)IIE$*W``fR@zVmt7e zYF761Fu!{THzaS4Pb5!MS3GXz&f(}T{loBgbpWs6K7Q}xgI6y4PIm40qhWfbhj`xM z4#v_>|6Awbe~5?u^zr|} zCw|SVWiQ9$_u1=eSr+Yz-y$A!K7+{=zggD8tk%Qg^3!|spz*H%^}qgC_UY>4<5l+l z=j`gu<)`e!$M=7F{pu?F<+rQX?_R$C_>0W@`}cp&UR}KV>GG%7nS4SY7XK#$Iqzp; zM`b0vTJ^K*?3X4Ki%IsgoLfc3!T!{V>&`jGZ|^yVckldEV1B1EhI33uy=c^J&8|Ye z#tM4zL%@@D_^em`@Fajk1}s19>KW@SN(_8lOL~|ylQ9iU7>l<%6Q7C z%IbfDzixhfKfNjHzJ-@xFPnU`f=SIn)6{a$t6Ub=G=xglTGPmak$WwwyLY%Muno`T zIh!n(Kd(1s5KAwEFAH*`6WE53{UC8p6Bhq||9@P)yZ<8wK#yZtiFTcNJ?pU?&VKkR z|52Vv{$Cy>KGzT8q;uQ;`+f5epNVUu!4IGA&Fk##`=4Hae3$)t`SRn%$G`c*t)BkK zIendde*f{;pB{Y5UcUZxm0>bJ$$OqAU-9HepWT;#%l`8I*Q<-mkFV`Idjsp<*8Lx4 z^k^sgDV7|(vTY&Z$24TiGMCA&WtSG^cx<=KWbZAh`+)Qy}k9m7d3HP{jv^*Y<=J!83b zE3CD=)p=g$b9JZJVyCj5L?`W8_FC-D4pt?HF_G_>%Ko#bT@+Z?e4>m#d6>6Yy?IvF z+iW8iEO5!>mAu+vL*hZ?8`fw0bDa)z^mp#>P5$F=;relD`^qZTvh~}qzW(~r+3%aB z%nQPmwwa}W`M=$Yf0O`G!s;0I-q&0I_xo5+Sbx}6Ojf*#vPp8k0G?&{Z-{8EnjcWWl74!>nAU(*_l0^fA~XF zRB8~o=6 zEG1Ga{*Rgk{c2e;r`d(aqv4M8K$C~%oV9Y$h3wI{-#nkl=_)JV*F?5$;IiJgGweQ| zuPNrmtS{sK5~o(S66{yr=@AKg2-_BPiz5vozOKfj+qx;|?L^(=$a=xloMo4C<|P-$n8|am zYcX84d^_HYRFAx-HzH%-V#TUeZ1MOqk{5UHtkufmF62|mCB-rZ8tYl!%~p0tJiBG8 z#Fn-7+UC7(#q?furI^%Wmd)fQ#kk1gDdc0*MxL7E5#Jy;S$DNqQGQrv;HKUogkLoE zTD%iE?EitUec6YqZnKM>82Yp9GnV4pTq2u_w_;O~ZQ(Jta-68imSGOn5)PxS$hTpR z2a}UN$k=V=y{q97G5oon0=cZuY3R0CdsU8!YG-+~fxq`MM=}aeR>}nH0K!L>$C&AarIra@kv#Vu$2WiWc90mc6RW8Y^a6U{aF#TgWK{7fPHx@d0<4xvg@0*b^o8 zI$V@lG0(&Yk}*zJ`cL9ce~@V`Wvfmw8JniQ(P<1{ve(-pFu))Tu<+x2rqH+~&?TPSz3h(ahc zx{ZjBdUYod_vBL~pbL8>{r(Iqx>7qM*T`jywODRziQH#$=Wh!5Dl%%dbA=KbIfmawXK z@04N_ajf(_HMm3Tk}Gi<^gH=g_Qhx7yl*{_sN$I4y)(r-dztvbbXN!#kznQ1?-1n5 zgw4XH%RbAFDI~`D4ErWVPF$m8Pb73=;#hFS5Nlb>sf4zJhi>bv`ON-?4R`-yc?Jb^cmYa7V=XZtm_bZO9TnBZy z4oCJ(PJww?*K&_y-{idLtA7jm3>mX!T_N{?N06E95k?|{`z#w`vyzpa%Msab8W|~` zHS%>Fnw@UpnJyW%bgitCs@pw8>|hpKk5k!Q;y=#y6o|jb(@Q|J4eIsF@q71_ z9AQ}o+gwA7Il`jWhg*VN*&1EZYKQ}$LT*ep>!O#iKZkQ5!y>-s4YD3<9jNFi%sQS7 z5}^isMHR$z$u>m;Z*w9()0#u^Vv#`O(Tb%`M{Uh{7VzF<49D=`y4i-$H_(Zs+f#KM|}1q?-W%jCA1 z48~_*S0^}-^W@@rPXa&w@$y#*4d3NX zLS;{lQEp@h=VfaSSw3z1Mm#||D9hp+qk}}^8oRY`W4t2!K1Kq##zxEt7AOz8o-0BZ zT=YJRu9Bk@`w*@-E)>LZEtjlpw7MWevk(tNCZGw+zRcwq6~6?tURjC*fCv-_sGp- z1bDFzGAiyoZ|WMiH@b*;u-l5GU z^D+rskrTp($nL+%*JbGL>%Npbl4Z-ci@}Lw(9Gq%G0GD2BfdITNHH9Dj3mUZVd#fA zR8~W`!q+eljddzVUyPRYP2xj}n=FU_DV8}k%x0HIW*O^fCTAj+qq|9n+cXbh*2F!@ehozTyee2?$ZktLnM1}!Y38mq)wVnxkSWw?})9X zWk*e7a$iHMcvHG_@P%@JMQK59yAAY#7g%^RdEN{c3VF+ACi@Ey6Vp;~U2vcILf${O z=ae^LUyC)C@m~ejzTgp0ce;zj37)`(%-J9KxonVVtmuS{wklp$@~yj zclH@K=te~RnI-mg_Wwot1ty0sH_|li|IaTFpI+=et3$&T{Wh|;>KBWLa^lf*rV&Pb z0;g_**?}b=9~SD}%k@iqzua`k8J%FSt{8xC^pvQXA7NSq8`Of!F5899-LixEneZJ8 zJQQ3KBu8X6=t6|Q_vY;Lh~a18Ez#M8H4vjU0v%-|TP1F4 zkMz0t#I#F@0yMVQ(%8C|IcjWO1MY$QzTu{uc+}4cm;1wpY>;!O3(i+@gE;XqzB5^X z7+Xzz%gG*Mu?|ZMNj&5><;!QCJQFe^vukyXIlW>6IM=JbLH0-&5@Xey(8dgers4B- zP6H#JYcZ#LaA{wQnetb4v5Vu?icgCnM_E+u{!;d#y3BJ~ETcDZk>Pe24A(n#PouBG zlYuv3FChhpkYk>&H|E*fv2=ElaZXbhUo3&~Wt6@^aZg50f_|QEz6~Urx93#zI1gcs z6y;`9&}hb7sn$Q?YtBP@>})o>G+f7t6CZP2`#?GsNiLKqVvU7a*R$-GTo(Fn$i9j* z+bKc}(`j|t-i8M50A~U|iNx5uH0mqGrpiGh!TFq3;Fa2<3X#zg+1tcszQt~lEg%=d za&J4!%AnAum6V~*=2=p%p)?0ALsIa&dfmZdZ&{;}l|h#%%{Q2*T!pO$STbtzTufLN z?!9U91W|#F8;5A(AJA#S$HetSG8-PaI3A(W@Bk+gmK_Q?YOy(j2>E8k2B)P2tE>1c zx0gB0X6yL{nlE&V)QFi^FK@*VQ^rTXLDv#Y9NcnGz{#J*mz3ij!Sn`!^c7w_Krkk5(*Uz7KLsvpW%KKxWq>^RMrm}polHN_Ia_H&6Z zG{dM*fbXp*LnO1)=W$m@ZiUH+x|~}?#B)$1?JYncB(Ui? zF^7(~SnxFaclVC%`3dIqLfrbg#LZ(>($q*8IoD^Do5`BqO12Ea+)xZ zR3g^nPO{u%(;aR1zg%8>_5R(}>vvb5SXz_Sdg5K|-NtYqx8KN66@H*4%?G#z1<5Ly z?ceWzeP1TDEDbF5@AseT?{cvjf0w_v{d%1@yMMob#ZRK1p(txYnt$k;AAjh?R|ll) z-yd)i9{l*~&BceS*B^iQs+*^Oh2JmFw)d)i=EKD=uk}w~$u)1g^5xm_i@vG1L)499 zs)4=ja3~>hA&&R5k}ZURkoUDiTq2)a=|?2g40M~2B%Xy^Zgaq8a4sI*|M8Jdz(2k7 z+iv|cwj^QcjyDdS0>f_NrPVlg>7zA-Ub5xs# zhms@gw0nPk|HtPi-uqupxOJ`LGHE83?X9MhhsssFX?6TH3y2iaiIe|CX8*})w|m>& zUWv~akfi&xDmGg=$*(8bYY7Wi5)@pA$Nie_bDr5VmWm3Q!ue@W`dB9J@u?H{hkJy`G+A1oYjG-Z#$F?+PdD<&&N!|> zJ~Sne5LrA4eonpbXL8@qPQLHkZX7X@#00X47(c!0tH9dGX*coY>-#@G`TE37`qvYU zp5H>Um^)2Mz=f&)-WP4rAqV7{!as%WiMK1}@QK>PlaAV((Mfyb2kp)HoIQN-S&d^; zZsW;=69(qCaS;!RyB*;UlO%CCk|Bza$hh!ODnS5{<8+%B|2XG+)YTPd?)7?_H`jEw zPaHHc1y4>i1%JJDe+)}(bhoG7!qdn1e|-A*)LZzYrG7ELq0<`LgIi(gxTyM5H{eql zm!~I>%SopzteC`Vz`_!T%+pm%xiWKc)(r*41@z>>9z*`3-A6NM_3;zHfp&YkjJV_)JFn*~ue) z>pH%G*~!b1+iL#SUnJn`V2@sx;;=ONyiR->2B2-e)lB+nxBRV){4} z`@0i8?Z2LO*SOn|sZs<}b1oy5dwP;n5RDvL{AFf4%*1 zdk>J$r(Ra#J``d!{Xjm$Vtp#UfL9>*G$1Fv9*|`x-aTB!M<@G=e{i1J%|4LhOEJgT zL2{^~8>Fa!n>+Q65K5oyDE`yqDm@vF1q4GXzztsLW(OC%aS-G7!|MBGc`6urZ{KLkg z|H32hKXdZXmAvoM)vvE7>~g~A-tZ%L@4Wu&hu6RU z`uZpI?Y(>T`Ybl#@tH1>1D`SPjbnCzyaL?Ep zz<|a2DgueN?n?lBh>4#T^fdL2zxVScK_`kNEQpvlOn_GUCw2&JBW!?v;3T`uP^}89 z0AIttXc{mG7EgHvkoW=Qj!}HfD@L_i2sUhR+p~dy0JU{2?y)A#a`8~h=eWwz(xO44 zQT$OZj(jb*utLGmM+xT98>Ucso7T;W@8Vdqf~OFnGN11p%C5kQHM<=Wz!IiJ8>ZkD z#7+$sDH9O$-8&-`GYh2Fl7*o`e^g%9OP1a{0N7H9Vu=avR;;+_*c8?8J$gp8YjeF< zp7kY$S=n#C+{of-kRvYHLd4yy%h1-@l3ky2 ziE@JavrNBy^C`Rhak9%F>n?vh0@ca>SbD>Ejx;{t^A}~Q$md!?RGQ0a)(>|qidf}8 z&o;zk$luv)MN}<-$mcrZOZDXO{f4igiIJrO6R5gYp6A;E2$-BM2pQ~gU>*B-u#OK(GpxDO49<>dh(6MU7 z)5>!ZQ=J3^ub?ShtQtQn8@xs_vU%8_MXl5h4zBC=7rB_SdqL=4jO- z6oZ!!=o93Qg-vOIu{1#M;H+R>>fXTW)&@J^v6iy97V_!U!&zO*O`w_&AXmAYpjV+^ zZzc}=FB-*|rvrwkY(rQF2PVqmRyc&+5rD5vx7rPh2IF*Qyi@^*jil@om+H^&l;Pw5 zKJsH}^a@YW!KwM#xJC5ce$pFBh^%ov#@u3Nb%WNZ*g&mDPao5IaNOlv$vDleS*LC5 zh#s)r06V8}5KbN5=g{ey6Aq+H%^y>%JQ8pb$cP&O2iRt{Yl~U^P_A6lF4Zz8?OJ|* zSQSgWw9_+#=1$h)e9bAbr4a#~Rh@+e;MWlefn&07lO~19(7FFlx>Sd$HuL0z=+La8 z1dXO8zQ=Y2hYcI5yQLWxZH7%vF!^Xl-dDgMI$k79;i{7@4djGO$RxY(owlU)lEb$~ z)kRxCw?%7hQnn>`z%8BA$mZ1UnKd3-*%g6kd6JB5g5 z=|a&@oDbuxRt!Kro}re%#4^|Jm|lA!a2IhcmGzvB$RCQO-mBpR^=-Ibb#O~t{z2AX za~=0EOkvi*n4d8$4u9|Au_++cMb(oG2VPEX!P;r6$^(%W`5Fo|U>W z$@}!vjxWW7oZU}WzT2IW{iZy-Iz_g^7eJRmD2s5zgjiM2c%wRwAa!B4j%>=e1!`>3 z^oK7UTB1t$P*$y;*qfE5f#}uTPGC6$G)W)>z=uSCe61+-+W25>D6B&-B-l;xL2!$) zeGW#^J@4$O<4t!mpdUom`w}ND&WU(A8XJWdjvq=tDTCeE&A>el!JE$vf0z%jZba`* zw=%F8TeEU@8z0~&XxM#0M!1(&S%{5X)ukC>tWN!gS+a6QZ#1;&9%>%Y#N=7Tp{Hdn z**O*SxHH4_5bR?o(-ub#0{~l~=KsL;YS6iwZ(~n4mspRsyUD1-Hd8b_F3MAl$XFnS znu1h3rN%yJRPx7XmoNrlO*4z*V3niE?%|q%wxNA>+5nijMZei3<1_#h+3E7tX{l!g z{D_M-+gqvZO*eCZYOynf#SPQWilF`DEz4hk{^J=i=xUkg9usZU#1D^^^v<;_56-Na z>6|Z-fKe_bpU~ppX$^!=6Knfat?kos_h8Uss4on~x;$ttgKuk2&+Mcc#xq-QP3F31 z@A4G>HOB|%Q|XZNzxPE)L}6Rp1m}W?aC!CI;lOEU)HL=&pJ(FLiu>c#FD*M^VQp#P zrtoEdD1L1Fg_v%19osGc@Ky1no=Y0EjbR~%@E!X;pK$5WMb}DZwF&vqL1FF%ja-RE zD>vuwwHMHX(AGLv+k%XBaQo?nt?LHt72GO|NF{)iY%=0bkTrF!qkz@y4ieDBc)$0G z!C0%0N?u89SG9KY0VBaRV&Vjgg|WS zwGX1mxX8`+0#$x33vyM2MFf%{pFm;_fB|(gFaa&Yfz9kkgBPzAncis|4*b_PIX|-N zg1u;6?9zeL1}N()H!3pNmJUsAVwi4zQYmEBjjl2hMli+@6lxHXxdQ;XkVuF7qq?T z=NNL?gt*^3p_|&)HKFXZK>!cw>I6PsLu0Ikt#-2Du+nBhb(7ezweN|uZHWCQI8q(r zI`Z(%YdfjcKSz#k)^?*}rIV=0FKmHhrN{syv)s5`f7Wg5y;VRvwW^3i@HIJOA#TVe1DrRE4mi z2iN2U=^=;_-D&r%_zX<7z!;m|LTh@54#}=od}z%291o4`1S-~>rVvAF`)<=)W(xfe zn4Y*1k*t94RpvYGLP2{#iQf9y(Z|ZvWFRt_&*7i2HGNTpaz6M2+ZrImhDjtCw-&wO zi@+WL`Gy9BG$n9}XW2WmdmyKA+s+e#q_cCDoR>?r!0dcZpWiZkz1iSxg|-3DS(?N0 zIWOnn3tZKUg>3X@di`)-T+i!fv53vW63HUfBj#mJC_jU2ZBkG=iLO}ofz7)TzW^#J zt}31n&0{<77oXP}V{51P8K5V!U1U7w)`cq%FDFbGTnKrlF$Yq;mbDavP#!AxJ>1TD zRz95eMd>+A3@JMB46lY30;FYDY&jS?{8w5PtO)AfD{a$Rnia@`?Z{}HBxLm*8r|eC znrD^uc^`crWii;c$-slcKz5lkH;%sI7RLL&+%|Xv)*g#lMoROJmm26G%;qM+wU9Ce zZOjf~Uc1UcpLU8Vd6t-xXKG5G9Wy0(p!evyEt+K1-GRbv>4q%Ua`(pmA%B$TXpjXL zTgwbQ&Aq=43bM|^9o%_d?HH|n&#)Uqz+OjE(uH6@iHpAqt#X*WNN4W;-{^+Q{i*8& zLyTT@QludP*>2fPhK$9U?VLt~H?6n(i!0cL+MsE0GyO3OtZglUcg;ruq}re#%nS!4 zY~?-raB$c7KQqoblOcRQw!c@MZmM%_^l2<{ZhR-=W3?^&Zb(l`Z~tuk+;Sm&s<9{K zC z3a)+U1WCR@6U~2CtGd_t@M7=lI!mDsNjSM*Op99vU3G!HM(gp-qSSxSm_gD!pmoq% z3W{CJa*$WoS{NYv(%Igy-BXK*g)SdP#&(&QJc~T!SgNi^6XLCN+N~(>4Xo_kT%8g|=s7~sTC>|ITLIQ(ZI^=+{3 zJ6QlUEV;*4*!{9%OF)oGG1MYuKN_h^g?5xiX0!;_)k<5*Tt&{PksF5ST&s~bVaY%_ za+a7E>uEJH{-N}$haBf++GZH1o~%iY;w z22i~%bV`Rsp*0z&y+U)WZUii0Iju`PSJLy9W9Ax7*~!S(wo!t*}!hz!oFVlD0i z8J5-oG9qpTtjkDY_T#~TBHQ|q2oISE`%aS7sdNEQ?VW&+Sl7-1V-sm|> zbFJJ=oDS{xZBg+{DXS27lA}c&_l}%ZER$7m`thV8-1?WZOuhL1t0`GE;ZkW_;gj*ogS`l z5LI<~p@A;zzqp9GR8#r#d}%yL2(l+i$uZUD%r(| z23t^gq;04kyT%NuVGf+ZN;LXGV|Rrkdli&4U!qG?dP$(ijjEf5S=27=6c~sxTZI$B zkPgLN((w)Tm|`jWD<2qUtfpy99?rs`=ZTCAxw6bEkqk%9mb!{ZAU&a(vuY^)c%vzd zwXA}?XpMc_OwI2y5mjEsj593}%f+zQ%W+Ni!q7J2Z@>@&sgdN)A{X&CgllHG)&UbE zPZHL0Vj^{ndTfjUek$r#o<=^a8dvp1AFAGOck<+6= zfXCDzqXqL6IUMC@P*9>)CO^uW1m$SeIcu$X2wLw^W5dlL#x|Fe1S{kU1}>mDvM3g? zj;p-yrZswp=JF?9!ld)6YU8aJn_A2)25x1EDSHtzRRmaR(G&0vwJiEkunaZGrdqm` zrg~8#{Gr32~5zDn~*KJU3 zA(Ni?B}FCA+rif$_fp?1azCf0IW$Df0V~`3pVVrs3X~gI1z;eQ`21_l$JL^x)`0Rg zDNdC*iU(&r(!}z&XUXY7gu7+&)eXwi+UW$+S}|3aTm3w5mB5k5$lS7p8vixoPrwVG zt-#)z+M&+auDxpNON9ZY9(_plt9VBCQ|Q;`hqcJeak5|popW-Q1L5R$EV|3;7jrf^ zh*>Dxpp-!PMN4(Q=uoDk6|-}wwzaisl`lG1+!%A1UYwIvruDDDlIJL6YPh#^_pZgd z&I%qwljv|)84cKgk&7ka)CdwO+2f3gM2jaOfxk|nz+W2{`0J75Y7{U=2Rb z87aUuHqlRFZ?xQoP4HThW8vUipd7HC)?1~-pr^qS^6=eYHnLKm<)FdE(=G}xEPG{q zYq;5Av@Nzcw{;mK4)81L9B79A?j12G>(EB$N|&dcgd3&2(~TIw5}>d>*;o;MOc$Si zQe$S1!P1cs5}eg@U<6Aaww7e839ozGgwR5hn7+%Cm8y--hB8H$UB6VDg!j%}i zvn1)PfChLROaRuJc`Y{uIFeA`DAv&Qjad})`*yRQ{#M_ zpDW3et`-Fh(hDR8g}jr@1hDE;dBDKV%!vyL?x)5l6&d!| zNK-2zUYr8X%zCIwv*$AUw`===&)OK=Hv!a*`)Qnid;snl9to_3ZG&aGw5DpYN%*pn zL&2mlfYM0USS-&Sr~q5CtW(N}s9ZJg!{`ESmOJ!p87N~z;LJ%y(?_Fr3h$>l z(ohjW$jn<|jm^CW2rVqZ~&*sKz$-FkWRd|tI*lX@*FdF3Y7$=j}Uo`%( z+kvY0tu{r}n=Jt^G2Fd#zl)B_9%2&+H6Z_Jn;8BzY{Z+7s|aMeC3&lTRZ7vDu3u%>#BXG92e7Nq~&dM3eo~LY{qleRU z)%};48~LK9UiNYiQ~gx}jwZ-ad+v3Sfw^?;jQe|qCL68?NH{O#f}6hU9BjBE&2b;2 zcp)7l(O*7K0|blgLcU?(WO-O#YLhII3`j_MRr^ zapZi#a#BH`MkaDeEr5Rnu$HokhQ`lO1!J1?#KxFf1c|zNCxOX4ZR<%0m?kuLM$W{e z!#%rf*7PV9R43*59;GcQkE|!<(YPrEnUZx;sXARe;gqIZp56*!mIMvRMKE&!C5XU| z1GtLC#=WRK(^d@Rp=-cl69AQ1%{A5t(14ZKO=6l~x258X5Z74k!rcU-?EteV>&E=F ziiD!oP;r!K4^fDgGT1)Wi{t8PsSn~c!r5xO9>O~*)Kkg5qvMfyTBZ~UYTd3;-^zon zBzZ5-gsk?+qVK_9iPmOtHl&V^)L|p`NK;gL>Rd{|hS3L^vv@dHW`2H33TF)xecIWgy~s7*AhORU|Tgh8@E>_S}ty)qwQg1kBX z9&{|Aq$7%TL++Uw_KpUVOTG{W1G+@$Q#j-+xMzPj4y%q;vMJxJ`I*P|(M@ zdCBAc1!~n3_$wqITGN``Q|N)22w?J5ik_x0nvY&&p9dAonF+QX>mC3~sAMi|shmXg%~&6R-Vq;VQ^>sUJ3M0MsI`?}t9iO~ z9}I=}=w$iurBm}8CUndpu~%wjyd75*I_wNrOn|MOLg=xTBUV$1>L#Iv;W*O7m}B9x zy)QxPd47HD*@pq&5jWWVIASkOLU%n%q419k3;*cpZ2+%N3JXDkEWxY|{@byfhU09z zc>Y*(sd~8B8{QDw5~1uI>`8}$jEaPDD9sOhTmjmUj#&{o=2;B|_zWV(O{jI9`k^q! za>e|DJ=eYLVl~;z`g)|9v!@7a{iQmOTW*Y^EZO^lz+an0CBFKMG+^gs{1P=24Nm)z zw7qC^CE?1bI=NHI!|0&@Y9HmZziwsv9mm{g1shKu5zH~|)dFR$`L$8vj1D9YE(T*L z3FXz!3x81|(Gw7KqE%<017&ujygiCt&vwCgcp0c~M|4lQg)&b|p5u?g9 z%h$qhD!_`_@Mtq*c!1lVr1gXNwp%M7CTR@IKymKjT;rG4s{E$!BiJfMachg3&h6B3PpjLx$#N=qMXBB)KjnAaS_9wphSs1>)tzhUqsEM8>Z@ z4R`w}#qd8e5dWj2DE|G29!`TxbrDo%rH);&Eq!KaVp>~WXM$kpY|v-HT4v4YT-8P# zhD*Wwb*gTdvmHe%(ga}Ly>qnt;w%F-kCu+CvgS;@x?(me#*W<%7Xq_j$)=VngR)dH z=_4x`SBA3tGKXR20&T^iS-0P3#3j4KGx(zN9WFeFC8h*hHbT|`$EG-j+1s38ZZt;r zKwDsny(i?H(Ez2<;3hOh~vvE~|$S)SXW_BZ3 z(-|epcgj09iCG88fonlQwk2zwa!-aS!r$@#MQ1qv8f~>owL-xcyGH!FqI0#wS$>n3 zz|o6Cl^2!1mt-#bO}XI-3hT#VArn#JaET2`68_*jlpA!S+6b%^$lj}OidpcxW?S04 zK&n}sugaQ@68J8|mP$3<#39uTkhYz^s>^;o?T}MoE zckJ{67#qwY8IjRCPAZ{Ak{NM7S<2kU=MI!zVmg>Cb0O}yG;o=wuX*lz0X3{8X~yXu>3JBu%?xmMbkh1JxX{q_oX?1%EF0-?SBa`(=k zav4kh$^+3Q;J8TD73zlWpaZu={mMNcZ5QQBuDv|q!rFvPYhx=~8c4KDRLrH8+K9CR zrZI|GDF7yKz`lzS+PFHI>M!gG5-Sx5P79r31>K~`N2hXPqm#+_6dD9!8i?elp59!p zsns`1G8Za%E3f&Z=;xDn_Cc$+A>)4ruuvWn)Yd>sY)|Cm42_6#;I^vQ|!v$ox_UOA0PBf+mPA z^7f-;sWe?m?}V}0Thurl&)6SVJ8>46X7@XG}>nupAT znR&KX`N_v(B>nIGOxif&Qxj!Zgo0Gwo&)2@+6);99!+dZ?q)>RV)aY0;AwW=?~al*64 z+aW!fGK5t~Lukl~rQ9e-5M_h8Vf9|Gp5{F`v~KYvR!pQk0Z{1*gI9w{1~X!mkcKccVSBD-24ULpeOwK8 zB?V~fn>9m2xxrDxpe)*$W_P9ZOG6c+$gv%I8>ccr7>ib08UNHnS}r(IM=1UQ#yvae z9Cruf<{!f?%vQm6H85e&)M)puuNBKRxB=8uHkT1gjS`PlcqrQmihnagBG~7K=9V0o z`ypxFYBi3QgsxO+tcS2tZezG8?88~|StE;!-D1w-W<7H01xL^EnaHwLFh{}*QSCLj zZkp>5UqK04c5Ml@I ze}0`5ng(R^Pw!t{y-$i!5`t;bO5gn_dD|zVr7zxHyuA2ub@}OPuPXHhIKLq#rVu>f zC=x7catVl?)}wC>TT`n*Dq~~Jf;NQpBy`Zn7ziIyN)HBtW#yP6a$x(M%+p5l zsb~var0Oy{YmQ9vm}zSkU92qpM}A%!w-^>MV$!Hho9&LM%+UC}14ZB0ZZGj1-F~ zZF&guTw9E(WmBE|M$4xbUTOVU+vOs8L9fVV&q4jo{nd#5*w#kf{m+SQ;0Jx9vU^0gF#)f(l1>IOf8sS5D%wVx9d5CM1v{|?Ie z%Gqw9p)D;LCqHS!G1fr2*KH20UI0-(T}&L(v9XN#`PjMid%xbqq5_)_`_4z>M(g8N zjYw&_2A5jy?j&23wqQK69*jrN$4a)5jIbMgjA-Xy=DWfE4LCi{p1iQ>8$?n=Jt5f! z2L45#I(L;@cw>mXiJ15wiXZ@kiQHz$9rMn9} z0OKz1q`KK@YrZ2jx}+c9-7EE@l=VejqRgkVj}Npe&@pL(Nn-R4FR zVBdp{iuPCuuocnoM0k2(RTQ+*L!K=AG|QVA#>QCob`ko|*;6_tfWoWJ>9D*}!*T%Q zO{YE{db>+=#&hMi(+&*nS+h?f)-ppc)}l?Y?~9u7Ez5RE7&ay42i?CZ9je+&YKi$r zF>r2*?V3X5qHRibIpAhOOIAZwP|sz_L=nm!v~j{z?l9FX+A*$biF*KEuU> zhJkMXuvq4Cju_Gk#=EZe6BT>Z3Yr_iHGf4?;HP}IpZndXS~e4d08l`$zjJX=12y3P zf(os+_DKdnA}f-W;AcXmtS{4&^b@KE&6~cuo}5H~owl|-w$_%%8aF~hOUN?H^MMfs{>?1``##l@F-CzF() zWk35DSzY`R#iaG742c?#>}beMf5C9FJ^O}YC@qgG=5r6X_BYOaHhSf@t<85IZf&ix zo|BAgX?6TvqFSzlHyWHzIGI2I$Q7t;yf``7LY3?+=LLgRW#`a7C%KtbRVGI18I%FSfgJLUH`;#EYJL*DzUN6_j4@!x-z}GLK4ed=QJk#% zpuXU}w|%);A#m2CU`eK6b=7faLw;+Yqet^jmI0`zDT(zM6YscM^8P3@LL75(>Wk9& zimJWz^c!Hz{n9VSX^g}lKEobb1FVsI`;o@%1?A(>zqoORK#j>#SNAA8aY}ZmHY&Pz z3tfmOS>m)o=CL)%JbrYL7Nwu2QH9o9_qrwF_IBjGxMG&W_*qDFqP`ZyzR6-RK5rC8 ztH7_J>+8@Dl!46)vrFKy{35{{EArT8XhjvT^1@ue!u-?UYo5fsly(AQ2{%d2r)D?) z;Ek|;GIAer3X1PYdN5PTaM!g*PK{jsOZQFT8Y>3_GTM%6;zu;W2{#?x(DS0ran7J} zRy4DItuZNfLemG=$=KvTSd#t+Gy&v{_VY%I)c|-qO|?0x#KvpX4J0e0@C0vz>}ze> zmEa-*c~PWM9Fe*w8QHX}C0+hM*UjkU8h}OZ0c%)xxfr&2E~dW}XQ<{OVli9MB~0?M z*O!e#xZXPQW~R3p8+Pm-Ga^{J5$SxAg9cB>0RiBJTUVglM}&j~i2n?20_d}u8FkfQ zYgj{U(ouAU@$sfE6?#wSNCIq!NLm2D*UfdY+2jpty`1&RSm+YMFz*I}EsO8oGqbRm%_vC`O#zoyI6A%&tnq7=#L*&Kre8$vo|8o?QWsUIW z3eU?yO9|7)q*|l|iMwV>o!A^y!!2z-(G(*T91qDz5Mm^)vtfc zKEJvA@Zt4OdnxaWC;$+mq`l^iVjx3Sn1{-}-wru4_rsRKMQ?_#=mFGM5%&WwB9h6_ zmr}Q_H~vx017Q0Rk>s<-%o%K^>Mh%$m??Uei+^=CX4yU~1X;oYD*qq6afl z8HRchA<}a#-4R}qXD$T1YZqjk4FV2Le9K+@al!HI%j(o3RJan_;1w zfM#ZM9%MB0S!}E*m2nTGWFSem1DR=^z}C3KS^n0E9Y?R+Hp_hX;Vggaf!>HHz9V-b zan71!QsSf(TQI2Q7_=q~8QM;3lBNN(35w((puccVclABUJ*LAM)kD;F%M26^ha38E z5--4eF!e0WcGcCqpIKtN4FHxx8y4Ux%d`!YRkND?etAkYrdVE-yVhvij_bMYPb&sK zPTNKvTieLvQQJuNngz!>I2)35t7Zrjw+Wf8ym~kdRngV$@jd;Wv&xNLxox)j?!(#E zQl-1Zg?0gh%c9ED*1b(m=I3?MHQpJ53VwPqW6Eps|~-A5u2VR>-s|mDAAv22a3A6+w-Y z&$YG}`G9O$f&+-PK$d6*6XefB=t`&(WH0G{=_|ls(x^ z0@)NaVyz<*D%NXDz{3hySZda_l|SdE|Hzu-(CO(Jl%wpREX*r2Xui(>K|*#w`WmVQ zlBu1PIr?+LxuOYV^M{z#9EAjzmH^&k>pc(#a~bO@Vi+{aeUTA0Cqco2?7&tDQx)^D+56DYEQ@=SWT?w!;!@;Gf7d2B5sk8f)kx#C_o!eG*GO;Ct|>Wwo?YIh`@ zHlw{#DO21QPL!!qZ|VM=mNe;;hzbR%)K*27XXqNS{B}#M;`e)rZOWk%!{>5Vn&}}+ z%=*NZna3%b`mv#@A0K6_Kh2dt?#rVU`t$p@7w^PPfB$E3zdxo*7$Z$w?Vsj{UjFIz zt1Ef!?ww!X|K-3jj|F@~Hl{^){rD%+SFzk)_JEC zYk9?#qRQJgs?mh6U~a;Veg(toeVD${2$I&`j#&viqIOmBAwg`nKRPFmlH3|XS@9NnqpBy?2&z+=k^vZ1x1K)k31?F;jpY@?ofoW9m-2nMHQyl=LNgET+iqTeiF+R z`U$y`oGX?Z9~#lR_?1~08a*0LG=DZ3RW3zWQW$R4mg^)g94?LHgCTc>&(Ufbqa`|6 zEq|&Ix-R%tHr+rz4&+M|h)H(Wv{5BP=Wj*6^m>uw@JML_T0W2!;!(BHW+PJsa;M$^ z@baASH@}xt4Ym8NywRqc#z17&p+GM+|qHEqVZEP}S2G?y( zoaQKfdh0lGW1bxjL9N$lxVpzwbN@4#!IT!@#X&hmJvrowAe9|-B`KAMOkR)9SER_% z>18YdMo3Rgz9Kq#;k}wQ^XfW>#PlF{%>3i|__6IIM^YkcbJ*xX*vCg>U;RUGQFD7* zA)lLxlH<+0OU4yKFMuaC-n?;X3kAMJ$h6|F^UR>1nm$+;i2H{wTg|k;Xz+qhfI8^*>${{+J0#Auw6yF=_k4z5|MIvhIz!! z!bxssIZGxyquMpIxgMgDUXSc&NRhN8QT((D1OBa6IAM)o0nndCj^n9M1cEqngsXwX zZ~(!Xs%FFhXe%F7^U$a{53#9Wl?ao&svgRQWk0({cG=0kwY@7P{)>H+2AGRF#T6cD z(C}h!9-EACv3+30FyL`L>Tasx4VerDvG5EO3*bNcveRlOa6`Oby@D>0{CD*5%uu*y zuUBO5)l2*yw!vvLMwRCL?wy-Zlw+s}_ExYheIvMZqH749js858`i z{tOYieWA-2nQBzB{i+RotN8rN31@cx9@!|p#7Hj6R#A|v;I%5td*-b1sJQ{743%k^ z6C(C2RjGq&K*U5~8^q1(Q;&sG7DUsv>!28fY28t<*Q$wYXVi|sJ0;%08gR8giABR~ zHE_~T!_wJ!3@i(w9wwLg;@^9$wYoA=T{W+4yMgv0qB1I7^LJ~VP{S^Vk6$C9&zZ49 zPTT#4#ibgU2EkKyNZNc#fr!tbL<1Vvwr)P~oQ#);2R;B-F{fH|M@}Ux03kv9LXH?B zn%IvHG!4rln%d0E7y7*#g<2yRjY*T=(4^TLc=PVrOH@Y_N;j~vP*2QK5>;YC@JDuUA_1^7G==hGDyVX2*20>g^Z5;%IYaz3TUiSwsZ#EK-)r7^ zw$DYx>LA68xT>rOzSq^FtSO2%Av(?J&57_)4MZKN71_!l?g?$BrB< zT+yo#1xGa!z|At6T*ob^Dx0pUqI?S4YJU`j(y)WIQ>DLp%BG#wklu53Yb8)FRN^p? zhI*oy(4~5*H#J+1K=~5F)KqBWp*V?t+%R!xrFZm8#RwTIO4E7raTzpVExZj1 zk_ZDPz!SA3-UV?{rD+Z7p0n1eEPBMd-wX6_wRmsy_apdf9b{PsUxe&B5pFB zu-S4nn2HhMT`aTMsvmNiJYB~_SF2iJdeB3LhsTy|aH8-E?@ABu zDF8wUeJp0bp(07LE-*~YRMh&C{XWZOslQB#{Jlh*uJWWiQEYHh&4z?mOzn>z>w&H* zLlpjTd#p)hr0A#VA{s4tb5xH-zPydJqP1#0%B%%<9!;>ci z4g+IT0I~M?n|}gT(xI^E*?tCC!{N4H+sT9azqZ6->G5nCLy!{kDWhmn31m>UpyOyA ztePQ#R+LXr=asZ$T4{;HjEzUGstRb%5XC+8$_wliiy)mPGVe|@H7Qu}iGdZLJla3y zNK`SLOmP2Y7m$V98^!w0qCak1i%sDz)bpLTZbRg!(LJG}39(7Ya^f5UME^!uEsMt6 zI-{^0#f6)w%s>-m4JV|LXwezrg+fNI*iJ5&H&Y_;b4A))1iZHNjItToZbIVW#`tv3 z9oFt`hZQf%R31fuEkrgZVOfnE8;cyVNasW(ol5_lJKH@zV|jxb6OMXnMP`Fo*x5yS zMC&p>P!qN54CKaGHEbxfKC(TR*&6R5YNY+`nNnFjCXjP+M*kmi3z9s;G-sbSK5 zVUukG-h+`d$@f@w29h{kXAMX-S$|~dAWNVuZatzw)(x7XUvE~*H-Y(u#U?V$x(nDW zpE>ODkQ7jk7!1ywt;3c-gJT?H8j9LYY@#7eL9w_b@TEzX*(p$Kz61=BnQjQCf>7UxU8xHtp_a9uC^nsSVI#zSW?CrU9?cC{30)#L%7P`Eu% zT+!~gJ9;BTykFFh-S=|a{BTok#A>=-3Vv35XETH-c!hYup@;c13mEzW@@&Ydqwr45%+Qe0r+ZrrD89DWt zz_BtCiJTs$iMQ06Zp&T^0k1B#-Kp`cEHDnd(lC_;w&bKWV1+4F|Hp7=7cW3oghb1@Q zdN<5t!a1HDLN{aj?Cu@eEH;u(7pney1S>^s(ouw@^;c{ibc7(v^Bcw+#gI&XM8C(h zbd2;RUF(8828SRtZg~Z%S?b@c0xY@mBw(GLWT{g)^b>w8?!664-2^D6>9Ja0m)_1nKxO_PgOYq!vhpzJa&S6cgapdtW;2a}l9f`f!(O5W zYN-stgF38Yn5^iSfT>u&eDJBOHxnE#svg$fdqBTP?oiWhrmjV;4LxNvYoA_x}t~!By2aQsr17WFjBNN6t69wL|$yVNqK~uNDRXqKVs^JP= zs3Oo&22Z|nt0D(g7#YZdiT1&bbVWZ~#F~DYWC;{JNovJU6>KQ01|pVzS?&(QkmM5} zbhot6Dkf{}@3aezoGJZ0;ZQi-Q1R`^{muijyL*9~U2UKl9!+t)nRt>AJF^#nChuEv zmAnN}HKo^1qBVJvqN<-5s`|+oRh@J>Iyw`k$y93wipY2;Ox|DWxT#ze8V1Z!XoB_M zD8?1(LTzcJAL)?_FaAZs01oxG+Zm6-bBmTxKgTj3NdqF(VOaYsuv=cD?u zqTO;`OSH7=tHdBjZHNM+^MP2z?S(=IfFsfQvHUc=+@e*1yU3o$&3W!FTf)>VvE&zo zKCMY#h|^`)3XvbTL}5lxeeQ(S7P zwq4~-giVb~qL-Cnf~{t1ELOQDO*VB^pamhyeptEMMOYLnCGMoDpOW60nW3Rrhj?;M z@`grTOIRjSwOhV>8{=Ih@gtJxdxfl{$f{ocXZf$qDlaLmnlg(k3mW_0Th_{yaA*va z$@xITxi$vSk{e>K_ky9@6r_EHBZ`oTVFX3B^kmMRMUC^}nGzGWAgP^$M#PBr?Mi_f z-AEynV3RRHf!N2t6pf5tB!yA*twt;wiMm2h-@eFHhfZtoq_GG5$uVB{tcx2cBJm%U zaOHQSi=1hfyizK{U%5BtN-(PK=scN@Cc*v(fDO7waQxUq*tZryB7+D5JQFrL$#$d| z@+XENe==s|4(lMtST(bjTB}(D`&Jt_K}zQEvv|#{Tp{KeN;Yk8Oi*!w9N-0URmk z8rDRKg(&+e6HBq}SqZI@ShMyda?{bPH76#{rS6}ivSLK8iy5nISkQ}-V8lclc)21d zH@fd}(=D|WYAaz+mt2dStk-LRFmO>IbfgeO?u}}CII22E%EyNM^fsmVOv`27owLHu zTGJslU_(kRs4dk<1!(ZA^~j-vDV0IyJ6+LX8dD*M5;^C-FqvmD-CwvJmhkjI#AbkR zFPM@*!nr(GZz6BANOQeKsTlgGH6%X3`ekSq{9@c9b`C^#YqALu*w8XKv2~+krT9h2 z0hP{Kh=f^Q$v-&h=aHM$yL)Up{i^$!M-A>+{9uAl0nMIZ0dBKEdEB(S48@$QQZ;|E z@;kg=Etj;;jxIjUxH=mw!FTUSbyh`JhEV`}vMSbs$$e{N=iv)Bb6*uRjoP%e0bk8C zCnux(NH@ip35xE8dHp7C4p3rk=L55WEm($Fsj_OFc(x?>FSI*Xf*f&^+j|G_s)!*| z@FsCc_X*vpQzoO6n7f{&(Df$X?$F^5SO^D-D7 zvduwxAhTTt%V2;BGUhLq`s!Mv?{lQMsjNi$7M3OztSfGfof%wD3l&cUEXj4^Yr7?F zK``JG1@6QXG|Fbis})R22XT%VWwanRGe)CV`MmhY#2~FShJ{H8nogbM{k-PGz5 z*VdO9GcmoI-xwCvMru~qWh73k4ro;_yI?bm(FXoM6lN)J7dCUc_k;T#EL7VrcIt|1#P1 zIDor+r(DuMU4FXy`1;eQA#O`zIS$>`O6_zt=#BBL(G(Y`9yV^uPCW zrlTb0Tp>MgKomnJ8BDLK!O69i@WT>j_%1VnQMuK&zlNWt#oQmT(;rh?8+A3)l-G-n zq#h)CKGUoJ_*sWZ*5jN9m7p*1LC(HHODydPQ)NmhA1g&XUvG4J@kk7*d*XJ+9C85-Fq2 z(?!bJJbQ_luK@o_P%dh2z^P5T4-Wl+T;k?c$TxW3EF_ZU|Ll;VXRh&5^ry35`x(!O zS2(+JJGp-i;wpW?$uYF8X(^j23O*TdNQ)A{R*PX8I!)|{qR(V^A$xj5rgp=A4?uhd z0|+y8qq!Y2@i&RfyOrf6KIBcl>fwfEFkIr;654MW*I;a*RbKDfu!3{KiL-h|3 zB+ImZ%4bcky>8*AE+Za5FY{*>@9g zNOgrT5_X_GW>$>m#*`||;6#aCXgI~j%O#Zk5Cp)NniIu1iGLJpDjTSn8%>SH!1`AL z)t2~vJQ_q$JdM?ZB^hxi>@jkHH|zz1knwj!#;$6Mu>?_T z_u$*1(T0Ls0kyhEg<0N6chV2?G1Qpy#Y_hJkL0DtPWZcir&l} z))Zr5Yf!>Z!;tP%7LvL(_8Rkq-Ki4l0odAls8DJ|_Q&zw=v*zij})|_xDjI0v3?v9 z6hakuf{~;g3f)*@RmGnUAlv6i%PSeYy9waq^?EP_#aqTCYA?Od6D0C@Ed}5NP|eeS*f!m+5Wn1Ucp2M!kIKIZz7L zv5pYYp?l=MNiI_FM+LLtS(Xr$RD_x_qPyQ`SqbELWfq-;MfHmUs$MS690x|ey07#` zh{9?Qyrhw9nxv%GI}=c|ihN%Yq7ff>)VN4sA?)MO>oU=|#gYg9I%m6#BHmTC*BTlp zk&i-Ks+6{K(LVzIpIQ_@ADYSgOR-^EK~;v z?=T%_rJLPG!rv}0uQMmA*3`43OsjjG>jwKz*y`+09(|p z6*ASwG3|=D#5JHB)9}T-pEkT%bd)3~PD(~RO~K1g4ZQsH@xPpm*kctM+SNw+hQpRM zSFg1S=oC3~jL|OkbMu$7fb^}?$PtDKN{SXEq@ScFBhgzc^lVg?r@Hhj=PW9SwLVjD zf&xSkDgzci{_XMa=xetz@Yp8~Id~p@J+Ss!8214&tZlas z;?e;ESmkHgZ%`-XJMyJ^>m)G^L{Ds;M84o{WZ=S?VZcOrd;uc0;rq;}C(iOF;!N)Fl zVV=fiBy3TA`?Kurj)?)owQ4kCl|BXq_Sbugki=2w(8pJuwu_*zpRevwr^qa`O*pc`%%*tY8 zN+B}IKub&D+9kpWK$=F2-rC~oU~F95s)k|?5E(Fe&H>UnhL3{iKC8L-~Gn}rq-wM8P#W(lx?$SncmMhRWZYI@TtZ6j@p^)dwad{2=nAExfi%24kj4Ac4zya z>jDTwG5L-B-&yvF>x`Xr^7nh0ay@FUolt9qTeaH|x`!%F%_Zt&EeTr+;i(eKSdKxS zzPTRbM5eD&J%}NQV&A^FKgBxOVo~12IaIcror49%D{jH_Vq{ePrUPQm zC`7^PZ?Z_tud_E^>zPcp$hOvSC$Su^kHIU5CnO#aR0Gbt(5eq4h6~zCWjmo4gx=Ad z49hjxD3KIeEP`souy!cx?NSc;-JmZmp3ZuK@yl2>UcTkUYi8bxkc@4TR*yBn1o#Q?UZG0 zZA6&6(jIB&5(#uAN?MuD-MmmcTWScLYYBDb5<+9$%|zCOX;^D$ffTI@l}z&`s$8WS zO?StO$}#7*=KOfUmqJo+Q7Q>Dzuy;gBIXQ(FlAer(~d1nB3i5ECV>V6(jiDzFrXtR zW9J1~T!Tt8k8@kSC%5E0%tMz`7(T40kTE6eGldtC*#IlT&P|?kgzFKj$)9qb82l(= zUUsUQ00zAec(4ad{C{K({382=%TkE91v_%Pt!the#6Yr-vsNDIUIzYs-;gPG9u|Rh z>u!KN#_xq2^Pt6`5OdsGcfQJ(B_Hs0D&Kltg#jiGu$Ce)@i#E4tf{HITqaZve!n>9 zm6IPwiR?D`AgXm=lYFJ%_B_oaO@YEs4JiEd=`BQ`_b(MwQSOE+XKb8+?V2K;q=o0} zuxrl;>H)cK8_+ zyp}UYv`urepm67H^LFSHpckS5L`vxuD!>|9)BG@Iq*|k)$mvUxq=;!+`8&`xa8SKn0KpqQ;LN~Rl8U4?BhD6SaCTondEDFp7`d22A8 z!T?~AJ|WP%)h1O{KZR{6)@ykPK)ol%{W~jeijwoB%{8r6yx5zTSvsp7+OcB#+S)xh zRuJD=7Jz~LndL!s24N>4C`6DC62KT=Rd%Mf1kQy-ago?^Jla*?TmzNto%X6@U|~`l zzQkpkvE6SG@0`z>;O_OSLB9<=)7XI#^I%aiichl3C4gXy7X2l)bD#{KQ~$Gw-m<)^ zfSZj)H(sA?oCHLBQCN*=%iKA<90n_YeOouRIQlC8hNf*9-~yhEHA-hz5oXGz_H`ZY zHg`wC-agfhOpYhTBWNe0kshmKbw1dKY|lJU>X`Z3k*BNe1&nKA@jT;%~mmIwk7so^YUS$p^psj(C%WsCHmEYZZ+lvW`bk`QW3Rg z$@g5>(E?<<%}Fq)rzzb0slm;kesiR4BX&Vq^?DwiMITU!t&h656YIq6$;)VQh951l zYwV2`N-B^u$3~VaESuWc7D7}An#Y2Sb!z6eKD8zRsRz#HS@vp_3qBrxrzZj{1~CKx zv!L2N>p@=Dv4k8IptfP85!W-6Cn~ie7?HwHae==axKB0|fzeLpR_h`R`Mi3rw$q{O zs<~<5H(C-2K^%)L>X)cKE>)eFr-eBoY|okE zjlAB_tIS`W(tGr$F5iOO)x015#TsJv|GMtQjqd6&d^o;BmJSLFx%tb}FhmSmrR6d% z5vK=|aIM&rNPSnc4~Qoj!<`Id8%FM_C!;+8VJIYOLsb-_yoDkw^h`3g4`ZA`v+8?9fzxa#5`%Sl0&kdhQS#Xun})Pni8vP*P5} zwZ!g?Oe7Pwa@lTzq@x++OZp#c%beg|{hq9KiNVgg(A2PI(QZQFG5}hOk`SyZ>e4ZX zlp(gh<-W4gdfj>;3HFzf6!2TZATPQy9~3V}I)fT|6gE7--zu+fY{7txsqf!Xr3AYI z4&!NdKW!CwYOMlK$E^YkrWrJz|8bp$q_j; z713BzvxZCf0YaS6ccID|4VLOh*e3zVfwn0w4|m8}nP5c-M4{=|_cN&xmXkD; z8h&Upgsv0Q+eQ3o7MzJzT+A)6F`5h{Bi|k=V*DW#K@36m%jvBJsT1fQ@(sT2V=zY!?(LzzzQV?jqIT0>zEEu$>{Nu8YXc$iyQG0x`C@lMbu?onlKVqwzEMj#GEf7^y$0> zo++{*p+}G_HaS61GZdVpBz;(Fn|d3@8l;-xU`>Ht1CU)vQZ?`w>8m5#;vIExU$K8u zG7UnBG;4&&*&4{bqeE_?m=YByEKupdurNN_im=VhTFpLui~bo)EwhZclGHSc3nU1a%$YF!PN zs8|Q3B~uDOW6av(a5oaj9K%mU#87l`vxLc@4UAtFCE3aN+qnvp8)4o) zlOJG<%;M{L+}26Y5vpkk%y|`^U)6#D;tNcM!TKx+vv#nV1rw?8Z)^q|9R&|k^hTGx z%K?X;JQ$jwA2`rR&YmS49O6wHJF!sYXbE|oiQ^@QS7qf^%9m@xU5PZ*Bcj5W_9`jF z1+;7hsd~t&Lg|r|ynDP->WKXIk2k^55kR%Go~EfRn%}b{HsXo=+qV&X?N%G1pEzP8 zv>>R-!T4yJn}`@xu8&m565`i>8eCe#ABw)E>ckaF0>KWb$sd*YAB?8)svbPCdk?Hz z`EoqfROa1#%ZhEsVS~s&d%zC(lWbm!0Do!-@TX%0IKbS>u@U1U@;mzD7)?w9MCkWG z3*TOxhR z;L*++Wi@crHOLh$JBuW*(R!B~l0`cJE_3WN+EE!+aYBYW{snfcBB|MUNh2w%q$Zf! zx!6#*UDjyKroGTtVldA$F?Pte)mEre=8;zt9D3Up$>>c*2k&F0_Y9fqxA`BrCWy>Z z-(+v@SKv@gc_&F_j(P_by$jPW5=YD3==asQbJc@v~xN ze?m`+vx%w2x#WA2j)88MFr}TFHvsr`XGHQaJZF2Iv0f>plKuHfts{g%N+emvM>=Lb;}J zz_)p6bq$&Gs2fJ8n$`aSR4BTBgxyJCY_Jd?IGM~YLpp$^JW)u4PEne*m4PR!62G=2gs4A0$llYH7|K3__Li zqHS{z4YBYoc3-56K3$%%5(2jcG3J&l%Z>_JuQVk?+r&@Kn{0Q_5+qn^km$-`6S#Nu z@^A}O-D!kT9w?k5QYJ~pF+wsp#ReiXN*Fef8HspY zH@hW%kY+4=k-KPMT@;=%yh2LS^{(;$TIDO{3sh^UwWeQGS|CsIR|qxP_Q?5$xoWhY zEzfkZ%zdo>l*{9`c~fZ5OKo>n8(}jBg<=6_Q3<5bqw3-xCL3OnA0Z^L~WRp)u)n` zTlkvYpz`FgV&5ojxPDsk;6-O<)@)t`@DA`6c?Q(H#I{f6Om@z*%mhe@L6D%%=3iSb z7D3@h&~wgRs2(!xc?VT2rcTw;2WR(0gie9;PMf<_4_67V=ZDxnpbYUVllAZsrOk}^W(&mCD!odNFl?`ARA3& zO)|7A#Wbogj(!k2WE+OZGR~@HnyUto7>St%+gf`BxkiDhGH5)8JK|8 z?ANoRjsEdgp&ONkegGqm+niI<+&#+<08|lGB!DJu&11D3ul48*u?*`9gOlur%^T^N z=y?crxf-GVR5k~i4bYWv_l|$@E(`4}-?)}Xyv8P{qv3qOUV~NtUQuA^a^?nB5?m)? z`B}yXg$D3i*IF7>mGovPs}TkTL5tJe)3mAM8*A$L=J6iSv6&4&xVTkkC4F-qSbb{| zG4%@MP6v&R8QFJx>jOY-L`47)iGZjf>cL>^;51Q}J7KpR)I_!#<**D!;68jFXT)z6 zU`F)Ew3z#@pN1hry$XzeEuQWjjHPAIYuyM@O$VS}WaoIYw@EtA%k_J-0;EURJY3$~ z=H`tmTGna>)ze90v&~d%Sv2y}0Qb?(pb@N95??b)C`dE>vfe30U>!3Gq|2kuY2>2y zbf%p^%J{40BZZV`XQkXlSd-uH#>s2sq+nF=fcaF@g4YNzLYO5I4ds~PPZ?(rH|Y(w z10q*GT$Cu0cB(lrA;W6DC_4A0a)t#J6+9ND<%dCM(=a(L+%sy%mq10SeN}8ip@WYpKsC=R7Z&d0@pz<8sBjInE#TD#}KYt8`A> zZjUKtm{PQnlP#%}Gd@zhHI6A%Lz&;1A-#pgPt^xTif71)1pp+S1 z??IyBlPql7QSyy-lzj8#&>>ZLggt@!OsGf_jNzi@ZAL8(j;bOMku!KPMmbybPx14r z8{i+_wcPPS+`Z&$(hQ<)s)_T!p$S6*y_zvb)y5KS(w(f^De69GMP3d;6BvVTmf%lCmr9CcsQ z;0HRXYAOLu*IjpR2@E0v1N~m0iK?abhPkwp^}E3$$z(&pNx9=c*3)o(titeA{_R&7 z_}Z-%2K~g53WK89<*607KXtl7w_#@fDUfm~zT^zY>p*`=;ZiDSV=W*HASOX;XU&b{ z779I8T<$c|1jVUm8A|u)0({b*{pBYP>V3{CE)z{9fh4q1e5|GgH&oZvG?p_$4VThX z5B@~7>ZTA+)c~6sh3TvnRGH>M3U_QK&Ud|rFXk#k$V)SBs(@tBRt-fVCmKz}Q)=A5 z(#DYiuQ%Ce*-)}@>*5}AQP>yP#(?NvSr^IcE>Q>oDTyVV=LJ$_s)jqjb!EzKfbFKG zW<)|V2>>190}<{GB_m5CFPtJ^8b{>;TK4(kQ}*-wkFP*~_W9y(+0P%}zlG3d_VdN%$ALEO zkTvaq==!Kkv7i4i>U#-l=sCK=?M6e;M)67v9N1>Sbill~%C;(_5waAYQwJ^ILN;$uD@1UCpB85|7)!>tT&fR7@$C0FL<4Milj2? z_LZK!QOp9(=$fR+_eg;UgpGmz#@T)ASTO!Y0BjCe$>KFz#mDfjBbFA9;%e6xvk^&4xQQLOwf@y;gI_oA~n@qtmT8t zsW_4{AiL~mfWm6@2J9qA0@r#IcwX$XU-R`w?CHGbZ=dS^AGvk(B=L<(5CSg-qR*Cj zV>AschfSm;VGUs#Fp?+PrL-O58*7L7X50>ew=3g$WM&{Z)F`HSlQQ{;5avu9%@Q>w za2aT~#-gKgoxvdnU1(sI`wH3m!qj@?hN*B0{wkDM zX^d4OcQtiIc9ngU*R!rV3Bss)4}aRypvuyXO1QB;K`@E%gM>9E=@wIRVuO%Ja~Z`r z6%H9Jp{m6b4IZqS!)nxddmWp-S}R@Cg`nk(Sm7-K8(vD=^{{CNw*B_nl1Fk1woK9F zW!}&mjPykK+8%eowlwh_{M(q%m&*h7rwr7JLr8Du9KBq|Rl$qUQjM=c0m~-2N*Cn_ z+S(Yh^U~Un8OAf0KsbAmpauv~K@v^n4CRHK8CvaGqb(Olv_R3_V@o~f))fCM6(TX{GwhO%i(b`(e*QoDGHt;znWsX;5asi*auOgYx&R6%Dq z-qo&EMyj5n*zeMluA%$Nk>7qeYRixkQh?dOLUm?G;0J^^B8qX~ynM0+5sM12@ z2t6_uKU8DyR`zYP_2_X$3DY0$`~B@O8Jb^i;Zt(dW=b3C3}+H~P+nR?zj_;cCt-;O zCO_m8+D=)U<=wJyWnEmrOPpD$a)o`&WW(UHCJR{tBQp9Tk7Kb6W3vH_pkgAR8mLRo z?V*M#lMG zf!h+2+Hod<<7H+!cN;Y2#km|crBpTaqI#q;usgX2oT$M!o56YDf%%{OUMQL{@`8>y zWZjYF5()aWoDCt2nWJ{#(2mLVG|fASrD1w)DPQ--YQ-7>M`V|Fu>%z$&Z(10Q8=bt z_Ttl)F%fQ>f?L<&@x1v+TB6;16qY#2jx2`{8Xc$#?g{mThu3(KYq&qDRLed?v>O}n zcjGCH9of~NG`<*YC?AhS8M+BW~IEg zY8AbGiM$6|O}~3bztdRV{Crn+J!6<;D5k@OLC`)Iv(K{pim8=y%|T7rJR8}-2HK5X zGUg$bF8%mlv!`j(!8g`)@XfdT?On+rV=j##iPVACcINFcMrq^pw$^5??n06DZV=m8 zK&PN_ji4^J2n`>K-&Is`WfPDv4nwZA@P}n@p;ZhBZLupUM{Vg}gfmeC@_Jm3e*N)v_VM+r*JSj6`8U&L`}Eu875hy-TztIv<+qE! z?WL~Bp@6Xtp=+%LwRQ^RyzTa=plwf^KT=USwkj-U zwx(%!;y$6Qngi6so`za=XDe}Ws5Erd&w5gvu2TH8sy9BI)&L!%S&?c)-bOef7YvA{ z=Os2wROKWFE1zAH^Bv9>iioseuku;Gp4JiD?d(_p(~YCI;k6MOjEY@kP=6DmxXDNX zGDNj4_!-1x>iH@?~9?gt_7p>~FDRIGzUx!`ui zftNdySN(}}gYY*)F#D(x!UF z7u1=0rwADj8KEuyT4?)~(kl!~063BVXs$2hJ@~>A1V2u$0e!7zY1aIeSfa2T_zW(P zl-vw>wS0Zh3By=5wt~3p#Vn%h7r^-X{$xcnQBH1f+Gy-Wr_;s^tp4jlGn>QJHKFZm z18?j%$|iMNyEa+tBuogMpAGW@TYRp`Q^&w?{_BC1K{j_f5hu`M&rZBXkM^XxRG&H*Pv9?V3sUeU( z)wfh##SCeWNuJsg3&oC& zg}6no6$}k5m$8f;T9PP&XQpdCV#^-45$s0#R+<){vTOjUNZpy*l!m{{@lTS`yLSi; zKe)3YE{3F4tmMZa=auSKkRc<3}rOu;&dvAISGD&qi_R9 zEZN2w57tbtPEC0cWDx@>M|C?97DLVXW{~>po0#YFBV>F8#~{=MDfVtP8}9VQ*!?=& zLxLA6CQ!DeY#8;)6_OpwFm1Fa0Mst&kx#?r6Od#c%(1yfp+V{G@iYXqrH@B+``9&k zV+~jb4r5Zb(>yl}RucRH_hrzn39A*V(=ulwLHn>yvg>Ih$unytc{Xk&(Kwg9BWZZx z=t+BcqRVeEK9O|;KI>F&>Uu%FUga(VZB}lXbQOo?G|t8yk5`Hn)Rj&s{$8%ceWz^S z&P2LV%oTICz?qEJ0OFHrFe>ADs&p6ERBCeXtH%1uR7-8pf%gINV%$w6D$*K>@(iO5 zx&iCL(J0akBJ*KG%PT=GLj?k)$f0>?lnr7VDKQmXg30?yz>~1kv_WMZawsuXk*y3> ztf_;?lx0UQLt#y{B^03WUta8Wi+j7Uj-=T=wEsKf)N?f4 z&QV)wo%UXB(xM3Ey!GONE631d3IhXu+iS-P%3EX0k}NM7=^_^HTc6)#dOc$^rp`3J zPlbNy%u!Hikt>f3)!eUvy`{eWl7IwGXy3$K4w*CQ^BCp*gs8w9>fqM8t76Sx7& z5e?fQUf#g_%%)fdL_iSkY!r0zqH_1Nu}Lh|!5T~s{OX1^D#WOk?3U4hB%pf~%J5kq zb3?qs4zR|p>78?J?qV`cofpFRwN8u>Ee>&IoJQ>xeCqo_ zZEjtJ2r11jy-2K?Y2O*h#6x-~!`TzKZYTRE>Nwav2#PPv5tpr8$?Bfz13Op)C|kzGtXcM^ z?}VLb$;%jvX+g0mPqL3`56Cm?0eLp=0V#{W_qBTZOW^)=+M9ZI{czUofXid}<79F{t!HWN;>HK>{LCK7Y73 zx;rXzGReKLb+B9Qr`W^3$n&M)KSqKNNjx5_5qm}Eb3^CS%8j$xk^fgNJo^6EbcPtI zC%xOfk%$?kptiI@Q9~kK|pr zjeif_SJO;Q8xN>XZpT9Mva*mSs}?@ zb%3m90#QkFU+TXmWA-fV7kFm<0?+>Seu3L7t$)7!_1D+h2=Mabd-^}6y0qG3;A7ZmgA+z$%Y_OZe7aLW2UZY}FI;*U-ntL-hiouGLr#^9lq2;A@@Gho~b z(|V_!yaXx9);CF7RBtI{X&OPAQz0c6+t@Vu%S{7x7_kljKzW^?`p#ruQ@4KTq<+-PyBK?(pe#B&E+L|xBTY|^>o^ydv! zoC!PBE??FU){J7bY~VAx0b^DX`Rny9B?U@anX88QMjb+J=4be%dAP{*sp6q{g*>55 ze&;w(FynT4KtQ!*8i{jp8%F-1Q?(7@x+PIAc?N@K;_u!;Qae#ScYA+1bdhU-u8T&6 z-4v9}*NfP+e9U6}RLsSNJEpt$O#ba>G5Ol9Sxo)Jku0X-Mzc>n!Sd!o$q>BJyo0M} zn!W1C(SbU{0ysQXx1eH!PD1RxX52a*Ktx3SPBN7~Q0gVkxp@Ii*Q{y)UB!yc!(UXX zIE@IHK}WzIg-%oyFhbG2*aN9&q3({`5qX4}hE8!m0f z1GerS6+`UlL)jRB7Gs@gaz0X)&%85}eMgqV3Z=CL7L=y`jPc-E!QP4-CA&4XX*Vga z#Gj4%ij_NY+f^){%uwVJVW?)E*j>zc@9Y?wg4qNE+*idc?~GKIxy~uOk;3K&+ zA9{h5gj(z`Zu&5)3}I{H^jRY1w2&`Y?c=-|8zl#$tnCKz6a#0C^6(XD*T^g<-VV3J znt+9C)=MEL^Ij(H{)NQC)@MKJlyHQAjQTRf<9BR)i2^orMaeK!7OTJa;Es%nmo(#v zdoc6}j6CHl0;lzOzGSiRuFZ#+qB_*vS0@XWdoo;};| z_BYKgb``84U6F-_ED%hM_Ntf=kg2nvVhFo~WmTfhN}-Mx2Yc>}K2HN~O`c34MM z;Ymu`JZd-ixR>9Gxxr*Wd<$yGj&Cm(yDUNz=rgpl-jVn=$}wNW6evM?4(3-bwgDe| zPFxk+4HV46?j_gFs#*4DI}{VyY5&hTnsM-Lv8_{?AF#v|{$(<-8a6A)lUb-Sh`gIY zj09cCES8URUuB*B%E$|#Q=@*@50TD#dNn4QSW3z_gEO^(upa_DQtx`czbGR>NALYXt0Ly-Ua#Er zN)A%+FvN6+Yo*PWkysIB8#}lU@&&&DtMf}8Yf7|NMjSEVjkO@tI%&UpQ4{hnno)dM zR1eF1dvB0rp2|`9P}~8U^cfaT--OX(9YmkJQ$OO<^_z{)GEz)0EMIF>*W224NOA1$ zLmw@RZygIY5iAgxGsk0I*D>+t8Tm#DO@K@|;6h7~+B|}WQ@M)$2}(W3Je3B+08+GU zfJ}k!j&(fxYXV!G^Y}|Cv&SX_9_{td!l(`@(ngPn4IZVRn*z4<22Gh1FopEJ;FW46o zZRwJgTW>{eVGmh;Hjj^u(DKJM;d-^zYmnE4N_3gUMwvO~482`tizv~&GOf#u7Q(NF zazsPC1Q4td`?erUDkK{ANQ)Oq5o)3UC?y z9iBzK50LaWJ#xI_F7`mdZ-|B88qb?Iy~Q$!1WyWO#d6Hcy4U_QjTXkea0*5PIdJ^x zwlvZ!^^#Acj(C=$?w=Xz{@K5dy8p|VIpR>e;p+4I?CRsiUta(E>+6r7CfVo9t2cb{ zm&=d8%J2B`?fZ9se*HK3#YiOX-uZO#my2KIBCjr(PkR6H_2sX>zJK@W7F52sY$+6< z}tztM>Lqts%0eDt3$kwA}rRM0sLZ2IJR4qwKF#;)E0~hUY3kKN3cZd!z>CT zDcQo!H5>wJ-eQ-d)bIqg5cqM6rg!;v%ZY$x&tO!tZ6yBvY)-%U;|GOO3n(SF>l(%? zCJ~NCczwVqJC$I5hh$1sTTsJJrR$VYwxce(Qp%382y1zkdaLQBHetir^bI#T^t9Qs z0H!wO+`M}y(qc4-lRdyNG=CgVCF2;%>VrMUC@Z8yl_|X80I@3F2S5yD68DOuZ_w0Y z{QT&Q*QW{W;#(hj@0x{hS}=O9N%6<@@fe-UIkyhZ>Z8F^ZJyFmvXd8g?|hCBe54CV zbfdS^ZUB7NJmR(q9ZUP9!6dl0$&KZcl-%?%RgxBLXc$0!o2mo7$P^#tUxnNGq4@Dn zG7*(2JYF?m+xh}Vk0aTnZ{^>9Hi@s@noZJA9LXl>0fxT*7l&P+D`VA1UvNn@i_>qA zf=T{?~mwgAAT7 zQ)o+i&0)GT%2!22IKwt!`p(HPR1;>AH#{d9)7?A2*HIA|`3N+p5Z{PsXjW{BPEk*T zc0qw?B6PjkL6S7Mw6XGw+r6uYC5|!#6S<=J& zQ42IYK-EkmuC}SM%sgr^k>gw`N09O*xnZQwKg%u`el03EbS5)Y=)viBaun9uS>~RZ zeOx1PnCA?8eNOGamPj3EB)xIrYxqoDXb^-~c17+7<7flD2kD8O3%cB$d)mBc2mU3h zA;j;s>2Kfc$Y6jR4|Lnf6trSYN`mVixeAHa>$yCUX@H)$AvM;w{gCB+pHYcn$CySp_D!iegA_+e)oiibUYAEhFH@mO*bh+&3@Q5aRZ zRpsTgqvX{6pC~-0&opH4hSs^AU4A4zMw88FMPYJ>YF< ze<6$PUOFP~dtD}+$cAvxGk8DQ)lxEp&mO6L6e>2GAuZpvAnUPKHqbPjN6)^6V8<7= zeK?i0Nv)qz91aar*h@Wj;LmyQJOiKdZr4QYh=uhr$6?Gt3Nfb0S*vW3D*ZXJT3<>d z$V?3d4^TA9r{t79%m8aMCtLhtaTnmT`7w}q)NRp|sP9%*fX3Rvrl(6t8l_Y{0~;kC z2h=S!iUm6qnGS#tqr_nH^3zBT{72UV7=REanC z&`MS_BVmbM7KsI=20VFof*Me{l8tr63BuFs+%LV=ZTtf$rPjD=nnXxxZAtrYJs z^B(Q3_ImY!y|&8V>*4F%BQ)HrWVg*?UqV zIP1zz%i2RhYpBY=k2+Ug?YWBovARU84t{#y1evGWP+zV^;nnsSL+UUSmtd#1PBIpU zY`g*dxi;M!PG;xWF(?SnN7^l7KcP>BU&MK8Q|gSQ6^1&&lrdK?G`U+NCDR}qEoGd~ zrjZ}5TsABFslL1@(Iy}dB=HqWx}UHZx7PnhKL(`c&~%;UGH?y~V&J2h2A?HGgBUlq z6>f@wFsxL7<>*9nn8dy44&58FPt)MqAn=(-IjIPh2V^58J?$Y++k;0hBLwa@<0Ht# z*a(*Nx>!7s91p5-cbm__$aO#2ztNciRUy`qZQ|^Y_HgWs55X5%982FFHg1RG^;yrX zp+1qeH5w+p0c!%#T@B|3&GM{PlDUNGuj3)i zRvH!Kg)a$Iwi@ zcjW8+RI8Gc2?WQQgI7DmS5)0j9R2BuJ9Kq(@vF;dC)@9`6{3Vz>)p8%uNsY-$Hs@( z%iulI`=q4cN=?vR_~=PSF$LUzYk>Q2$FdEWQk707`6Fx?oD&9DN~t$PSQhiZct2;Z zuO3DLzVUPX0tR4!(vP?CH*D?8+>QY8aAM+ z2azV>XQolEB_&3J7^|dbH^EynJiwpW-f;F0YYIcVD9fZWU}tFk?M8$> zY9Ekt1hHJ-%(UdQm9uNG3VLC}ru1qiv3O%NIB|Gl5vgJE*f+zh@pGb)1z{COq+vC9 z;1zC)88~2x;Fx5~xDL3k6(;Yr-snPD)wGzJSln@(4H2b1+8!jhJm|P-n>JvGm@QRN zw00$GaLotqgKp)TOMbV>^B%c8O(sx#O2OfP#6%C*8Q|=kxBhc`>YQzdKsf5rL9Y_( z5l{%IeYYRBsj0%4O4%b!i$43WcUay zir2BmZq8U_ii)KxB+RTvt1Y80+z{xYlhT|euEGNjOQI+Ugi)D~nG6p9Y;{tL&v$02Tkg03q; zq=^!9EEPZLWErw9^8IFUCB5L(4^WJAv|u2P50$x&%7Kh5(83hf737U*9=vb;?3$1R znA5)6Ba#Jj#5#_^@~>>fKyuG_dvuxxo}0QEbhf_;}EX@Hb7B?0I`hBkLp;>gt?yG9e&gc}`ITeo`gDs)tu};l*TZoW(#FTc=3H z+*rUg>a;^`ZCx`8k4cH40KUL28X1kjaG0PD@ISYEyn`%>+UH&z7C6!s93^njXV7QGsSZw5NZZk+RGB$dSU+&QE%l1(YA@#mdWY>_E zWHR+6yOeeXd~00+-;TQisPn9bQ^t61v4QFF#)Ou+glwY*2R>HK5JGc!;9M)axh215 zb*_1?iC2+9D_snI^9FLW77z~3W=wWCf}D|GK#v5F7|Fc>E>}0sbCoc6D^N2UvSWFd z$U}~g;Z&+>x~lMdJbc@#Tmn*k%hj0@Z4qvQ<7X&DXvFpNmm zcWkI@K;S+2+H}M`99q_cuQ{VOEPIG_l+AfA<>=!9tz9KU3R6OkZXCa=XH6=syfPJq zcG#gTUSU#otKLQ?_t`y3?<_jZcR0}@7#G(;$?jsfY?M0l11=c4vkja*Q$)39tVtwW zn&#EDQd=+?N9JzyK7#gqH(_noa+a(+SLef9sh!!bYxz4bVDD@C4s!A7~ye2o$$7w%RQH>na7+4&LBN_Q6g}vjiwyzQWS8^hbBWsLeNRhH-*Fs zJL01>{+=^gu+Pt=^gfE-$SGx84*jrECK@pVcM9PMXtL2!A;DdnrA&~GVj_Mf+ELfR z;CNtU#GGtQMjY?efFHV!s^pxH@LZY*WXqZYraFmHQ2N@iwGiO5-u2gt3NlGr4OP4+ z?n(#RoB%D6_hnbyKW?~uI7nWyBSa;Q)WNJVYXj5+&j7O%{ z6pVF8`B8BJi(r&jR&Gjm>b%LfWu$sSE)RH0QN(bn9} z2oIcOR}yQwV#C|;ckuN5lmCjw?M)szbe-a($c@uo3yWH_y zvXyeIF4R6W^89;WqpQ!Vxbo%gbs;A8?CzcSfI1FlEOvqz*9qOseBB$|*zMSK7s-ZA zO&S!>{0=T7TNv~^)ILnI9ZvZzX@2Z{1jmy*6*C-NIYY!{FCWijNr*+ir?z&uLGjwI z;}PSkdC&zX7J%P)ZkQVEDC1-@v=kJ>*Jvo5Yd3rr88@1KDnX?64l*yzvvg2Z9>gUW z4C}X?zh z)UWB;TAuQxA?}F@tCQ?>+L7?BbtHT{?nqeX%1o+!OSnB9I5`=sWD$+DJPMP<;c%N* z6)XEo8et!?ej^8xwT@^Gu8oAVRzpg1Rz_@OShiKa=CQ@J&V*WAiY`?-_Mz$p6dD_P zy=q=GHpn2~g0mEy#`Fl{_MJXaQIPZ`JBS$rfXxWfF}5 zWtR;Ass4zHhXsOnV-{?J{5h7{w6;$7sTh9T?|y^ku;UX`OoXB%)^*s~97PmRX$2+S z$x#&|#2vqvVRNw2c3>uQ8la3gE8B2!GwuQJxH)l9TbHe|n1j|crnwaT*X7P{j#4MQ zvp5S3L~CM9Ix!W;>!=nmv38W?6Wif_FZTQ;bd-5KBWr-i2}$@IYidS8Q~fBY^yn;O z9yoV~V2JAGa69GtKws9|c_I(Iv4cmava=qlh$d-*i_EcCua3=L6mV)i{jE?bm1B&m zQZlf`%-dctOWUZPj)bWVSUpF@1$ks$g999&OKfPGV{ez1r%bVPXDBMj=wbDK2u*)e zKz6`+A7~LZH%cCsD8o@0fuur^l@ckPC$CJIkikTE_i&V}wIg?I^T|(byAmQR@N+6*!E3R2!M{Vq97AVlhPE^Df5xgs7h_9xYgN+XD(^Ngg{Km z-b*ewqlKc9v@$KyI@Q>;WO!TVO{MBq&V1s`3ZRy(JL+61goCV?b#uf!eJ=m@y;Ht+ zt9PoOIO3gZOF(qc#kgCo$jQw&u*QHo;!YiA67jn5cOrx3qNMDW>uUQIMm(7sgjd8~ zSm$e7e2MRkB%0YkZhtOcp-?liz4;Qp12lx>|+NqExu@M#~YfKWGmJPXze60)knFDAsnuu)UY5eJJtk$Q^rIw=tt?Dt#7Y zt@2F_h4SUnidkBL>wx%#czG?pOHi)poypa?El~f|btv0}Am5$FS<#4zpc1T;>f_8Z zLcZ0&ra*%C?*}>o0Ll2O8N7Y05>8Noo*RQ-V|xa8#YR~2FHSc z5ypRr_;%Vyw5_aWnK^J$Jbo~0mG1GUTv>?w&2#TJI-kBZImY}2y}l?r4Fs_zPtM@x zJBraWcurW57G}5c(BJ9e$CV3J^pWMX(@ zVOUSVg?9$?F|_80J61q|7Cd`%nZtBidS?Ty6Z|+0`q9&!?_5zq!4+{zv|`R+q6Bx} z2$G^YY;k!jO5!9dp0+1_Ywbzjj@y%_y+L;sXsZbhlV#TK?P}*raN5)l{|Bge_oK`Y zxIjT*MdcB~z-64ph^rCy22v74RTRzB6Cbp~Go1?xZEO7q%P$H<46=m_Mmo4*mSV)j z6dZjDr90GTU_I1s6FaiCv57StJ-o$fR<65vG$$lXd|j3%%-c~{E_~ry3ogz_YsmB# z@*xSes9a1uk3x&y){bCdR+>Y{TiI5wZ#MWiVa-RFHQQPXNHL$G<iuu;u0H+^wdYu3KIl!3 zi_}~+hC6*z)JR>rKRuYwKWdC&XN8W_vZ@<0kx%9g_Q=62ODQ?{K|v_JfQbOilg?90xzshw z9HSeaefS=DvqgCmhCnP6<5b$pMHFT4QippAhLEjAt}M2QeFJS0<-M>!3_fyGgu#Vr z3ScxlOZ!25L>>wqFauvyydg2!P2a|5YYono$~-3Gco!T+6ds3!^w3wN_O5AEe$%@0 z*pH{fP_$0S+!pH%JkM@-OxjnM%RmN~D1_9NiDEBuPf3#0t%F#EH*=1BlwgW=(+sQLbW{>Iu82ap`fdhK&@IFcE0^z0sM>&7NJPBosEDVRYph~C zY*j?v+n{pE8*+?i?3A|ET5t`?V%d4i``YaI-4F%a>YibYsCkd7p3(VZ8~~XpPOqYQ z;;>owU9PZ#YQdsKr6laU&mnndcx4_imhYC?{h|2rb(#Gnr`5a$&w%w=RoQFt5a5gD zl_P>(OEUW;1N%8I=}CMP<1L5OBqRR>*Gi?nn5D_`xOa>`a#^c`NhApH-3!@2it1LjAufi#T7u|h(U)*HNENbA`e@8F zsDM~5MK1n13N16n7@j6>(*xC=!$$!wVXVBWSVbx+GKt|=ZePSFJIkEt3&DV;PbQ=L z;L48j9I*4>QyoaoGBAY#?WV1Y>U1`Y*T>z~wY6mECtwI*Q{|H{_A7%*Tt>V;Jxl6v zC+T3)s+gydFjqcMDu-@-q?zrY_f!KM(yKPd z=mlfXq?eLqvBEIky@Nbjt|YO|Zpf6~DmFy%YXAW0?1Oz7kKfeG*uJARCwr80CC*T_ zp-!dy)U}MjX*EcjhDCCD3uY``Tl=(c2E)P!@b)*wIvqlJzHS8o&5}s%J(f5!tX^}; zyn)ct8|^ny1-@QetKgu75WNMHr@{L(3JSE2yq0|&@^*hY4T8^VNXC(yll&Mx-bofP zZKn9nnkl|}vWI#>PA^qv4eXJ++M5nm6~nmy?``A`+@nX$EzEZ+Ke};$R?d!j+;S^I z=V0jR_aLrlRXDQ@>k3$J2qsu5hZ8);;Wx*teM{$$qf2QRzKkNM&ZbnCF^dWOtafhBn=6fac?_{xsSV{--a^<~ofq2T! zU>z8B&ZgGD$7zU#f{c#JO(YW=}!@ zpBYz+-?{V@I^o6~J^vK*ql_9Mczm0>@l|a;O3dAYsPH5^n6`y{XKf+hJssOYqWbDB zRm)@Angs%9cL_uAQ7jbKYB@!Vm`tI;xgX2o`Zg1f=ZP9)wbQxs8)$RreEV#Z;4upL zmIlSkD=mX2*w0jw_Rk7_Pym2&D-BIdS_5P9z#lCK&zF_zHWcsGb)VEKZH)nON_p57 zVraXGoQ}2-3*at?6QRQj>d7Yk;8qkPIj~)wU&~!8e$u&XnOKeuR5W zI}irR@76Q~^x1AA;e8tLv}&!jBulu|A)q5OJV)xC>Z1=Vd-EKYEw5qqPX9NFI2JFyA^#{+3iS{Xoz;3Ca<2mlTMLV0Qxe2=0m3hOAtRkXRXmh*+TIVhKQ=N^jL4cW)o zD8KfuUkisLz5=TukB2(?h=0%TA>y&A&zN4zd?F-XR@#S4!60-^wddKf zi%GDmWV`d8B^(nUD{D}F)4pyk*Pq+Y(xfs-9IM@neR3)_d8vzGEa5t=1`@1KGP`Nl z%XilG^4+-W#RS=syrFaIn3(N4t`(4y9H;$AttsN1(L^a2Fqz>8C`EvD^i4YY+?RlLJ|C_2U&kCh5AN#$D;czF}dlF`*yqy@r>o%LW3{7${;eE9F+wgxJ}Ehup|!R+7gEPnGgmY_*N@>?~{ou4VLI#FcejaJrtPPHdC(QS2XNNni=1v9V*{hhst;3 z4i)7n4UtDxw+pTGnUm+Z4Qh(mTF^1ZbvGe$c8NXP$!kEi(k#19I{AvU9>%o3mhZN$ z6>L=*!-aSjAc?+v=a)K*2*xcD!qyvVyiE>?V}cb~xdMHbek;Y=d1{$B%G+6RKZmWV z))^fIGL>g&O$^F(H|Rn;wv1j})02D#)x?`zzAVhW`}As+bbt=6iR#cNldpV3M3Sbi z$&j5O3H?IIW=3YMi}FE{Gs8RUw1_YdJ_CO1udo zs*P+?3DgaI@LWm{$rSoS~i^(|W3d0=`{5lyZBaANBVz>)ModJG()qnVv_o z{|O%)=&s^KkT9xH6bXhNq{Gm`rFgGTS&Eh+2v-s}$zYGMw{OchM{LRIO53k=r;QT#c;BP@O_UX5em+vm#D)(3-h5pO? ztL);{fBbfF`R+#3d%=d#Jp4b|nDnD&$c zk2t>CI#UNWZ-Z;|Nn)E*+^ty@XH>>^xow%}nDp7(;8S4ToCyjHH0LIfg0UF$N0|#T zrz$2_-?<`ekcwqLFEAm)EL7@WMkt!c{x-21 zC0bDqd@pP$tgJ;;$H76SXW6HO2_Okczdw%mi1hwswB{3W59J0^P=tB(iUv+G4DXQ3 z0Mw(f&K@~45*6S9B&wX2OzsUXvB){R!ZTe2uypB5AqcDK_VM z+I;fdnopjOVx(rJdJy6ys2}y`lQl3!~vEL*H_W%pASsAz3=}KP(sUdRX-R9ueW+FemLm`5wPEc4T(3lxQah1v06r46b;3 zE2H`2^J773c7F+l1)ND+GJ_LtJw&h6kaz6PPOUN@DJR5X?sxK`+RG)%~OW%R&!7+6p5 z#E#$|U4Nh_R4Y`HB;16;^_Xznks|Om8G@^L80S5YxALkWq?A&VmGqr)B+Aw5)R|JTBKdBa(h-NYd_xWFkMc zW?1-By#&VGNdy=+Df@w#3Ra3@6bvojmYAYJ0+NT^rMgixd&#VMivgQvAW4gME~o*U zG=)MlKZ$9l?@#Drib(7eJ{H)3i+R2_(xz#dvqNHNaMyu8%dB|`83mcqkeBtcXssQw zFr5hI+yH+_``e#6dC9p`*`bAdn6k|qKefs(}|H>HrF1?vcPN|R0MW5^#U zB&%!TB)gjS+dQ{^o9B-YHBtQ`ie_-U&HW@t$XpW;Gc5S!*&*I%5I#3mn#M4>+Lg9} znXZ*;BKDTi0O&??p+k2>MZEY4yFMr~pc z?5P>Aki>sNJuYVl^8Lu&KE-lVsis^z?zgVXr)z5gS87z?UGE^s-pn6B;SFptV0H0A z?qNYv*I%cYXPMp&&thlmC3-q+I#WGYwo(9^H0Xq_!HqKn7+`tD-uNgTqf=b(Hw+kw z8Z97giQD6O&CrGA>AQEdOvCfTQUV+Ct%Do_Dcau>u4!9tdmec~w4`eqta`|u5B7gq zdzw_9a<6hu5X5L}OL(^!=eFRlXxCP(n~A$fx0gcEeskwIvQ{AqbYK&gD)xp>*e3am z?2dEK-N$p@#7#!xr!M-&YkCE{?b{7NQI!=x&a=x0C@h68HoBr~DN-HNp5}nxV!AnK zUG|qyiL?ccOU33j95a z0W-4$>cHUDUF+l_FL#3BfsVNXta59PrVi3viPDQU8*$i~=2*=(hy_bdN9;2cqyhL+ zgnR)d>)NwiG3k+py}lgn>|?n|ZKg`B4=Meaof*>8mtBtZq{7Bl!OjIud3gtf`M{Rk zou|YE1Mf{@G7R$DAmf0Ji`T$zF?%^6lHkGZaTZ85E*$);VZZ=YK&ron9gfP2F5>+G zVbJt?TFcQ8Ae4#vP3M==&!J`oaHXy=(OBvys64_U0x15-85w1X!%z z6pM0X49;B-PWQ5!LSOqsQ5JbY((zX9kiw3V2(8S$;oJ;l3%te8jFL1zJn`)ywM-)OWkpK--*9xUeyIsIHs#T6bWpuy!y);-bJd z(lsEtn3MEEgMAhv`#fhCh+t@5V*yxe)J0c=d#84}5x*pE``C!`f?58K6O?W^cfU|p=h zUFd6WxHVK*wCQ%C?hMV~(PK`@BOLTeaR}RJ*e!q?AkDmyBZ);qYNV|T6Cw{^^0iX- zX_pg4-|eoKhsRqfDJ8Yp>u zwjZ_58=1MZSZM*kxh<=qf0`Z!Qj|sOsnk(7jHW+HWp-}4?Yi_tRyUq9gVZL&21}&D z1T~1}8pt9A=+tYdWoY(SxwzF5vF1Eyxp5szrrE8+u0+Fy>byG`cwikj<&&v0Q*u77 zIjJ*V4U+415T*l*N^C9S!BJG2a7sHhmStTdXCMQak7!M7?DgEvGZl{VWY_?UqNP$B zrYrR&7Ej)Pp=Q}C!cPtWLvHo8p#oU7K@5dQ4nA902XsCyDqpgF+vla$P-q62_lAfj zDGkj8cLTZe$~(XvjRGnh_-2gu>)Z%T8FY{OTjJ`(bX92Y(YOaL6e%2)2xrgZ^9Puy zVTzSMPuUlm9**rd?AHrS zC7H4nfK6*k|Ems&jIS!%6u}{tXv$l$FKg}4a~y87LW#y*RT=M5!ig}X@7AFywEinE zlV3oW4Env=0H%J|;pr?5U{@Q2D|2h<%MPa!87az~UX#l(?+D{%VZg*-#cm$U}%ud^EHKe_L%={7lf zFP^gK;y7%XL7+t8AGV~|4`wAqfg=C0Qs<0NJ$iCEvkE9=H6xs+XVuKWZYjtn`h78z zLG$93M>Vc~A={7p8CN&s3gKQl@4%4pXPt=(cSzg2OQ>ewNq+FH>tLB|2Ahh!OpX~{ zXb^Q;>&-`o3a^L^k80^^KEYmUS*FK7I7Zref_T&a;~xg=oTH=H4lB;w#KNGb3J!KZPM!8y<@Bz*2ond-hJ}eeH3v#Q`B0^!Y^hf z2oM1qOr4>BtsQc7sPk(Q0tn~489aq4G_(!91_`1yl6&)f%_HIWe!ldOb3CzL#Zi-K zj79)V&BLgoBO7JOcIrwawgVSrvnpgx>dne3M_7vSc+dpmDq%G=|6r=U=i6d|oc0tL zi^^YYy^}GY%753@@b)EVN2m_RQqe?4ck$!S-~Z3(If+U86#(zml}Wa1a`L zX>X>s3D%VhreUS`)0RlqbEk8`Lt;;u1hMIT4mDR`p)9wj){K@BTT=6CpTuTYkh;&D z>xOh2agtmSZXj8tjD4QerRh-U*hX+`y-6l|JSz$x! z`H>V_|JO_hc>)I2+$G$3Mvw^Q(hXxg3}E zbYt1MGwNa`*pA9+VbTByJ&k5ZCjf#sQ4ThZ?d_l`ovXtZJ4XCZ`34DE+Y+yUWCb_| zDfc%7yc$f29Wr$6YqSH?h=N%=2X;`-&P1Xru%g>e)XcV>+PWnK{d?`+IIQ?M;Am$3&~zv$8Nan)?%^7MyiWv8QkbVu4-V zPqMdijM#eEt4WM3?MY;u&r_)UbA!r1A1e|lwsLOlld^WM6Nbj3eUWXQP))^j5VFES zJHDO9h{aC?D@L58FZ27jkg?RMAO!JD5l@yJTnWu}6R3tZqh~~LQZ84l0FfdA>LC{I zk^I}o;_CCG&QFV-;Q$a_|nQ?Z!^XXDHgt{&{G)Qm8FHW`#TlDWKfIi@im1ENc?PY$kPp&Ap~w+~jS z3NU!CVc^3cBD8^_p)H>z6q#r^o#o98b3$MQkR5K~fv zAJ0LvG#DOerk!@yJRRJd_`TkVH_sk<`GQjn_@l4W#smCD6D~ibHk^D{wnixVyeP3I zTBEc}S;ljA65Xf-6xk;MAFXb76VNdlMMWm3UakUzS`j41^b0ypkjW@vkeG{t(Kvq!{m6J++%C6?qu zIhBpq2XLabk;N@cD6Ak3OGPczU$0Y6xVv}8*=Xf>8h5n0ns*yVR5wJ$lhC&e5&I@x%s}Ky!*Ym?z8`2CmAh>qy*JcWi}7ahB#PTMHax zL}-#h7YVuOfoh%|&6U~R*>x;J*omN{pp*uYE38ZCk4Bb`iz)0qAB_y>BR8DmjstF)SpQuqX6m7rnq&8B(fNXzhVQ*Y-AE8)*Y3ShWJTN8gx`^K ziydCZSmXSkgB3%dGqLJLDXhxNlhD*~FbpWk&X9R9*3aC#^oV7^`JL^aTfD%8`(F0w9hVkAG7ZD2R(+4x&0cnmbjJ=)0 zmhF*mE4zC=Y#dfRH@&Kjk?0$k{2I-xT>j%=7hYz}bklM&yBu63Z7**4+kj~volx6V z!lbDsxS(WsQ`X#(BhO1%)Ed&0(YbsPU0uK9AwD1GkKqE}H3x}lFo%z&ihX#Stu}l# z!tQxMp)gWZeYBlQb3N*%CjiXeqzLs?+JZ1~i<7vU?U0>E;)u3aIS{nZXghAMT&TKZ zJc+J{WWqI}$FycfTS~|nlx5BYY3&+{4K$rzf&^?(T&63$LTX^{zeVLN#0?0dC)Rfb zcw5bLo@nbXZN(;_J!*<^S&k(MNN!`UldG2|WMLnVEbL>qu#f-sT;^Di?J#LM$v(cm`1JnW<-1=d*-sxYK4aO$wM}~&4B;a(g7=WRl zA@nG_qU+~QNSUM`ZB3`($W(2n2k>=3geM+HVwsX-b1V=mTO>QcOS#H2nR7Z6(;~R(Md@M;L z!92o#)A9^-gm3DyH0ul|L%HSCOwp5(DSG0jXbjq?+c_NfFacAgJ8kkQd4_d?=fGJe zFUep6>NB&~eEp2X3@qWNii2b-MlqY))sy-ITblPXd1N-mB;&_38l=9+9(&Q1Btpy0qfSj;^UpTKr*FE0#g3@n-L zHEPMnmlSzqYZ;UEOg%gOl<3X+3_d$re=6UJWWDQ7?+JQ1 zlk{5S>+UdOa_ddU zoYlZC%+Qj5My)GWTM}YIjV6%Wjr^c=5KIu+THO>Ht9?S~?e#vGBiZDaeN5}S5YsKR z11slKV_4HbF`IRcob7Rzi#6smn6g$okbPlm)B$Y3K&law1{Ox_Q!tn)kgtEs0V!ed z{)wrQ$j$@8&(>BZTvM-$tv{Y_8%|fIo9Mj)9aQcPhli;>!ip;O(|FdjN%C5+1XN#` z|ItZ*Rf7-;?!1b#&7pC5So;`bfE$;;>7pcYr&54$0=&xI-vrL~Q3zdD*>iULh^Wi?KF!smW28k8j*s48; z*fXCs=Ez$mCUU&ZVGke9mCRy9BVZrrLMsb4StFZC`8zZmp+^sH8nxh{`zjkWCvv}- z7j>u9Z*rR;2SJPAykYHjS@vBAW;o!X`sz9-lL9cxxLl}i5X;NnUQYq9!;jNa?9=X{ zBEQg71 zm_Y$ba<37%ahd`7W@JFVaRc(reknw7X}tvdHcd!m78bZqjD zyg-nl5!?BXpiPqW4zLlr_{|Smt?VhFbbfw627>&Y665E9QW)7n=6d6XOvGE?p%2F7 z;0B~6!=4M|1KaE+At3U@E7=#21mhq7pQJJ{Zq;hMvwvR1o`XzFviKLhcNg0T$i_l9s7d7E*xFaz6&;LyhD7m%sP8@B@1q^bxbKaaGxcFq|)R@@yLH`cBZt-vk~*P+X7AYN=g7vL&)28){3 zUou7fld#QOkh>9OtqFh_<0-NffbZK9OW|I|BTbqWGmK6ky{%bC?gH!FHL3ydk@ah3 zJFUj;wU>aD2ddrQ_Zl2F23%UrKqroSiv~EE5M5{mGa<~g-o2wxyK@t1uy9+c82Z*S zB2{ET0Ixthi8o4g1RB(5>QiYfZbg|rA29NVtC|%VH#utB!BU1WXH{!ZjJ1^jiUSrk z+Q4!NKn!A;+d7&wLv1uGWh_}+`-*|tL%6OiaYE@+P0&m=_-oSI3geSazH{PNmOPPP zO7h2wZUoJ=NA7w`tp~b=IE}Jd`^Lx&ia|gaS(Al$6UO^6;=PO8(TJkVaL2dXOmD4- zK%pqDne*@^jlf6$+HO;!j$M?M>`>m>MGBqxP09OL{`7dKA3M0FGJzzO z2c|b7Cu6;~suP5g#Fxgzplpd_Cw@=FS-T3o`hPecus)d40RBeBwkfEk&xuw?YKq}Z zu4l8nRn(#BsI|Z_8?Fv42iu2GEIQF4`*vhczjb^1?JdpMzD59USFBaiLGFF8T5riq z67DN2Irdmgcc40>1of)K73*ySul9~3uw139vQnK*I1IYf45m#8%Pg4T;pWhzQ`f7n zCtq+1a?Qa?t(CRZ;kCvmB8;de8&#u>z%JHPl`NFLj-kOWrc*y9Nkj5MHuI8-Zc+OV z*PZq)^1=%CsWazdle-EHE87bd$eM5;Z&@Z?Z8~Vgzieh=BAaR}u=g-V^0n6Xgqyd>Q(gA*bEBim(bPL=rD7`H`+- z+zZ*SdG@Ma`-sVSBqTL)4dgT>@>CK6?amTJzLGY&ylSf?n1r5a9mK@-)Tp=&RBKcz zj&1`v49+RKURVn%bj1D@TUc1+4^;>ps~J!CJ}McaC?{VwNJfy=hbAoVWt}!+bb@XeB9?|^+eMR4i`hg4!ntNb6}0i_?j8OyKWFNVdB&B6 zqH7ndikFRPY?QQ!D`bT;Qu3<6Nn_Hq@M9mYtvfyP+pjmP5(SK{OaelG8Y42vu8)Fy zAIraea4%oG72KAqW7&m>7?d6ZG>DiR@F0 zt>2Ao`*&{Jk2a1(u0gp*51;GaL4hDXAZ++J5%IGX!SzP*W5U1@-H)?>`elb1&lDe{ zu3M?uIL)C~zAI=5&1n2buhP=RKk{i%Ww2Zkw~EZE+5#FlW>t=?lPB_Tf1U8PTi1zx z;>bGDa#8~5pe;EB4ccRj@%u5gqz_FQXFwUx5uPfpnC1COm4^2f0M4_NpiYn9QiCR@^+EZ`0toTm7RZGElZ<_I8t%f0?m+*acT-MNfedppri!I>0Zn38}2d|(-m6O zktD85bacf^v8>GqL(lYv4IZ7nZ^$?1s?A~Q!ycuH?Xq_o4g?MkdjZoAB4IZ_YQ3Jy zzx`Fo*KS>v`iUc}^67!~`VSlI(VgwvfP=ItVUTnQ$eF})V6`|7h|0ES@y{Td>H|T)GEiLLGjGSQG#7NcB7jC`p%bCiy# zqlM<+!gjm5qs|E|`x-;r6)en(=WWv+_30O;;Jl70q9xfPwc)mK+}HLYy>Lgq1#LH3yVTkfl6y{Hc>XJWz2OSDmg|#(_XHsb1Sc}mO(#Q>`@2H{MUzN zvcgJl`puhSscGd+eNCOkLdmH))I}gU`v5H2YUj+r{-SQJc4L#TJH%!H4_(H7%o}r8 zr}=y+)}$rb!{OD7LxW9i(~bDGv;tF#xzT3n#7*&9h z#D~EzDbACaPQVC2mJ0q(3c4QUsb;o#|E+(tc6oT;zIyZM=7-Qk+||#Gzon^<_wjur z|Mm|{zIN+jsh>De&eKV@`O&Cd=aIMTJQ^#77=krK6sl~r zqJfYByZBYRyqm3bxv?d-V%dPCEvh!dJaGeH!hs8QQCbq0{V_r5HndhSkn4^RqQjPT zClhN-HB(|vNBvQ(18^qzA)=5r6-$)g<`A0%NNV2=O?`+|4S200SaO-B2L5&YEwmT; zRtsIDbki6Ht7|({$aXtK0WaK;>_i@O6+GRntvh3qN6QD%?Itafu}15k`ZhS}=$uKE zzxR0=!CabJkEahJ?7Mf=CCaI_rRU+C=7j!4p~-YoYaFBMn^+>K_0C%O9(|)ldLsuk zMk=ccI7=aJ@By2~Ni^=*p23LzocHi-mMqr1k%w*u=lNXvnHIb`ZSZpG# ziah>u0O^}fU!N8S1Quxs+@)IO3CRT%F20oB`?peS3_HquB$%? z2i_!&5M#?P>w4p9hrQ+E1VrV+9$k$x3{XrQ>HIInms2&$b>X_kvC?EKq%w(MMVZgJ z^sSVhGsSErmXSTmD8ZH(VX|GQIOag0xIorIv+}Hh=B4AJQ>jW)n0cWjFG@Qu;(2cU zQ?YcBjc988h+Nk<10@k!z|P$pB+)cyAmMm3_b&-^s%39QasSNs=6Q_{P~_Q>n1LG! zB?ER3Y65>aM-L8lqiNGXKVx)(N&#I5MiD#*vHJC$dShnESrf7TMpo3xvPm!@RDVXy zP?}`6B+#e&UD&{p^qkg8^%ds*;!mR9OhH&F6|@3M}$_ z)f!Z+t;`^JkWG2Q$rDdA>!UWLN8X0?Xe@z(^ePkAC9F;?YWUmNL$O5W7}M<`?%7WFN`vj-F~n^*#1BvccJ~t+NH6 zs?u|aN12!RpbIZCgnH9N&EOaZ+SZ9g)PwViAu$&4>05r3D4T+x8@9V;IifHbJDbU# z&Dyf%-{4vyaa!)Er_fw`8^yi5cix~9=Ab|M--&UMHT9+`m`G4~1btWS*7DmyI;AKz z(?Hr)@y)~<#XlRT9?A{((4`nfP@HUUozT?S$w2Z!khp1$*`PV(%osr-hxPNI&9FcB zwQi!G6O_@ZRH{lMj_-pwhy{5)3AzuRNcPI&IAzu-kru}1S@bE416|!yuT5AZm1%3o zcgFqIgtRfYjC9^dP8~dWl#3p29J~}tF_#e7tXN;wbk=NO7UL3RvKWj(s$y=)VxCcz z@uo6MgX)DwiWqA>3|$}1{Q{jE2CPH%hNia}ly{L+l31oU(KN%H3>|8fQh?g|;^JO> zm!&OR+8T8^sGLpNo7f8D(2Y^KW~z`OU(OmK)N?>579IO>r)6P!9r`t=+4)hA*CX%o zdh}$>gkm8xYRr+JBU|-kEv04^qdhAs$^G*nKezkN9fq^1t+S`@jWUsDw%WO{n5T$2 z(Ver%#>?RI=L8n<9-6Lrj{1!?QmNcDUhx1-6u1c;%a?M0TB|D*|r7jkGv1n#Hcv@psG?mfN>?bw zo*oOX`$@DCPlZDKEv1E$vw_tR&913e=Dgx02gDh}ULvfMBh+USIU?JYk0f|;>{#s} zZX_HilSqq|Ix~u0&|`;)nAVc4o6vZUK3WMPk#KZafEQ0O#-a2YCr%Z+$`kC2;~^3~ z51FObk?*;7>mfg*Z*Xv^T;w!kJZc_$93aAxN%#S}1?r8s z8)Qp!uAo`H@wg&XpPq3l7S&yU%kUBsCPl?oh~yGl398BEu!VBhfSl{wsWu9#aBlK9 z${*@Wsn4GQ-%w#u=KB;;Nw1{^Mx?&<^TF_8vfU743~s)8_oOLV<@94*D%_L&Hdn5> z*)c(!t;1+HNx+2m8wPE%z~sks^H6X=IF!AWtFu;Lk)O^mJK#q^t#pqx2XIa6$HO78 zR&|;f^&Rx4UL{|UD-ED=c}>f@Yfl97JsNe*J@T%(M@PHn%(^L-2x|p{8MQC?wTC6V z|9@%ky4=QD8UK(u(3Wp=cNk|>F8iPVU+eR?J)ItoCMs3w3yR~1OX zZ#-}DuArx0N_ z-ui_TgN@q|&O!Yiy+}RHQy7U2x%UlSu5v@NtkTTehD7{D??D5MQ}N7}EvI-#t=aTG zq}eWy{m8U#j)PBT6h`Ia8LCrKkGhm|_--4qx#-@{0))w&s#*aI^6(^w(5nQSl?-i5ARn;jppQ^t4< zZ#ocVf}BNDJz7&kJyd*O`FL@;6{tYiRf(Tg(Ht~DEf?r}x|03T=j*$Z<{~&fN9q&e zI!aT!?D9svWa$qjh3gNj~^X%|_X_lIjL`IVnxP=SvKby1Z&*Lu&Rj6!o z0wZ7~tBUm|*{j{HVdJ2L)ZID#!U|Ja6P2`eZc1&s6PKo*A&v|ze?cThc_+QPt-ltA zN8wt3VEAE|S?t(7tX$FVsQtGZ^zb3mlilv{h?f zOVEr)1|W^?$r(B<=Rp>I4HT_a*0jLbtbh%il;+9te6S3x>y#;L61@~{;Y8nbXfo;4 z`Z6o^p$teeCw5*WptPHOx(wwGOpkBT!xdhSFIL32%k)I!l{uWb=CJR~4FXd{0%LICUyAbe53XIs$Zrq>O z$cC#bvJAy z{gX)%a71Z(Y`#*Hn>ZBFL%}A}{5d$Vfw8fpgBg;%X~|luIj<4V8gGHFNPwTHo+{Uo z7C)7cf>?XdzB-~%Ju=c#JH8$L3#NN{;_dKkZ#cDm z=eCAm#i_z%5?V+C74@v!c=*W_6vn7PC=FwmwJ+;%PEG@DvoW`yDDQ^te0QykD$(4+ zOUj<81cn>#acpOaFs9%L$z|xnc|O;W5ydqPn4A;obhk+Q9c`18XRJr zgX-KMwAcbQpgd?ZrxC6y<$ulI6YH;ad6l4h_<$O8O6dSm;wxx;hrHj&iXxUuQ@69wh8Vg1YrN;w0B%@&3%!gs zXP^_hoKr98nF@My1)+<$vD#`EM+Jhqxot@1G5%FWOlzPsFq_N8mBguu+OSF~YKsAb znzv5F653@eV<@u_su^fgob9VC%yF)QsmN8BW6M{THQ{#9SsSEmzk`U+ZNZqs@z?gF zc$Y9?(+aY5bbOq^1mj&-FrzgDDV3d^fG4>$nyjY_Q@9@_Lc>ip91`)va+do7GThca zvZPd0bijup+a7eX&ExDM?+~f5%yH}6Z(OCvl;O6X$T_QiBLTPUg+HPCPzhT#sydW31o=CV{23548{0q)~B>moLsA`NJQAQXdGvU-0%ap~>tPJ`LDH<)dA8_eR_ zH+XDbxGq#d^J8g+VqKULXTCd_LG(<) zr2vyf;A)~3k|{PIS8buYGo4J8NbI~a|Nb`Aq_O<3Dp!@2Cs}37Z+3QFP=H#Z@`Blw zPO-)oLMO)>$&XbS!DwnCA(4R;2Yu;H-7^F$E878`b911()-hMWb3&GNSHCbn4Ln1B z6Uq9^*`jKSWJ{Pd4#}mP^|mSsX>(cnS7gTJk-;p@WWfm6}%T+1+c7?X;ms<1x1Q=R(rfbzIh%C1bM zR#f*h8WzI-6(W`>vLp)W3ov#}i)Jmk+>~|KU?%Dh460Tds)SgZkQd%?58B4SG9St;d+2*69ovQA`}lqQ?&5Eq>oJ6+Eq# z*_<{G2w=;Yn)I-?TnA!%Pm=TwYj*-t^&1-isp`ag(2F!A z2uw9CPHYASONnOSET=gO+gNNNkW*~L(WF;n={xT=+CJER9svOJR_d2&k6thI4BxqZ|t=;GHr*~WW+FiG0-&nt`U0vxK z-}!yH3UQCXIhrmPDbS|5q^pW|-;k0|U*PhhG)WUqDV<)|8Zem8TGAkxZ>-*k?F{ng z=?X^!cDrVrZ8#x{-8_1nsl-GCqOh$NMPu|aE21awbQX=7!)0nh7N1z1#^TC(MLu)@ zr*e8}J~XBQRMl4ryx8bb6uD)b~EZrN_3ZsC8upmIJ)%QF>tU_wZdt3b^^2UfnO1iajz4n)AqLGZEri< zcU0sq0&1HZ!9~kWplDJq{EjAhjb2hsyXa_ZipE2jo3d`bIzquYcv2y{SDmX-mAV=b zK$jDq4jU-)iC$bJ%Hx(K&|Kb_9Z+aOtgyfHjxrq{fHLgPM2;A>rI<8F8(QwoOy-1* zs>VsPCODsVDw`sKuiI1*-I+A3z+_kfd>v9>xo6gC?Ji0ce;gqJ3xkf$t*D|-1 zRa(xRlJ8#?cm?lSlHKVv$n1E7%+8j96YRM>Ro>$szgWnRBB-oxrEgkd@1~*M|zr)BVwLV=3Ke|Ze`>&R|UK^2 zTmJNY1ip5skD%Y!;3I4YA0gZ=2sjq(WLL=xn88qR#68m!jxrH?pPA}7v=gyX6$uhq z7?+bP2fmi4j~yHyO=yR!p30Y{1&(tgsFt0rd;qQq9}4_Nzvp7JrFP_CEfP&gQ6&^2 zr&BqGL-Loovjx<6NvK4cgKHaU=Y$TCxw{H_pCR>tu$FiTw&1 z-=i^f8UUp5m_026D2pw54V~A3H)LX$jqmKJxh%gbsRgoCa}7_g=S86@R?ouS&uVqr zJ$Ag^W2YH!+9@O9X^tIm?^x4OKAka>o<`4+%u&UN0IZk|(VytfgUu&97SK)D zpaXuLbE$OBfi*jJs8B#{wnIk(i5;zTr}$dbqq4#1vB7t?DC;8Bg=|%KjLnC_90F^w zs?0}V*YCUwq^I|Ot!Y(-npB225bq1OvNCp9&w&k`Mi`MKIYg#g8%)fO{OOw*zILaH z(Qj-pG3%U<79nfpg~MQXvdQLpJgZ;LA{)^qz-_e& zHg|w`OEF za;K<7Or=DtmSr9mVr$i{AFcxE9JDgpIzd+62=fT7fAANfLI$e>fwm&_T9|6vFs}pi zMsya$j+l(+cQlHVLfN&z7*P$GJy32PdE*>3%M$sRO43u!D=@Ud#+*ehlVX~>pZy|< z|DsAQC{2g56XYvXhQ6QG?eul*cwfiPUXQ;hCj*GOB-R2S;PZ&~;0()B_*gc>YTm;Y zvF28cogdmDWeK72IaO~Oi-f#rhj%_nsD`$wd=9m5Do5vy5v@^da2$~~9a9NC(_!Hl zxHX{_E!5+9>GpOIzxrQ_|35C8e-fBk%XaiJdnyDuk4U$XZn zU(Vir{L8UsNcv9v&sHEPYu7Z4GZpDjZbPOXcv`xlVGvtmw4)$`_LyB>7R58?I)dk| zITbs1r}@~(AiR8TovS3nN2evy_lk(a@9NdZy3NY@zn3@>t9iJd3f8KWU(R;kt%na@ zFJ1mmEiy?ZwC2J4UOTWKg&JLl6xI?f?2a&ds8R=Nirr4&-XnqnY2ivg5Y${;S;R;- zm554SwCsY}T+4Ce!@>0%sPUm%B}Gi|*7C~8=+76q72U-TWUCWwC4HC9t{hnZ;oS16 znxND9ahmC{YtmZ%#5vv7Eq#=ogdzb8_BKLvks-R0C)nQGpe~%>m6YB}3SSCmh<&sw z6cyRLxJ6UFgqgLNfJB}GqkxrDTpdBjP=OX@n_%8~XlqHrDD1U`ex^x9Zy(MVdX*43hTl>Ni7I^ISLyBp(QU0gp}3k@?=j1b^iOsC7H zPhcq<;j$n)h#tw9qB()#OUK8wHSTALI#}=>$Aa&4^<8dz)wv3-5!OgXMb*oAjW`+&)(S6(l4epwK$O5fBHF2z&;>FmB5D(p1QGpa;X1YIDZ{NVwcIhoK{P ztzaYMAZtg(D&P7<3zAw~ixQkC)WBftpEuGfeH|v4CCE_ay6I~!$J4`aHsff6Ot#72T8Eh_PnBUuwvz~BGIvgx<;S4@mDfG zwn24VmCOmEHCGzt_FBHz21zbPc)6lFnI}w=UJ>Ga8@dlJl->;5I2sR|YSXoh;pZ~{ z?YDfOT4knUR@T$ZWQy`yH9f*LjDGA=rVd;MQ<8NJ6rf|>T{kerazG#Q3NcY2Tfe@J zz$?(GnflDYn69d8`G1#2vZz6-90v;t@2BcI>b*rO`C6>713PoTw3%?g*1H-xc{&2UG7r9E-8U--0DU8)`YW*2%sx%Y z0uvxdV;E!(U3_dS2F_ix{2g`3h!*4#1WLtB^rax2`c9| zCAlyB{!Dg^QEqO{Ff*}{bu}+7Y4#CB4fU89p1K6*qiu^(ek1$Xku~zHH9F&XiBDqh zz={r;FR?`*^UfYi^6WQPsKQ*gGmu=VAU zi-jYL_(V!1sa4$ob}md*3{Z7HjA#U^c^8YS+UxNOCd+DCMB?l$)E*%vO$^^wc3QDw z!j3uxtcQ3VCN>@oIYy10*>tS%Nv+I^>-S@~g!_o9^L}St)s)Y<3LF@Sa#QZXk@q)c zaceNs+yq=YtQl(KtZ39I!XI=?twbEaSreq}w7ZD{1hyMsVAH9Xejm@g(T7J-yGH|@ zH;+<8;7qmB#F&*}9MF6W*Z!mmtYXG$=2aGRJrkcjcJ#v-1RZ!eV`QpdZD_wV)}j*w z&_P|6^2P!G<|9k}-yr2tuU!s#Jk%47>U5>5;Z!dzJ zh9HR(3LDBSkt%0d11lN!l~KZgqgXp}t9hm!!3JXD;uw>M;2oTya9j2Ss!gg_ebNNK z6Z{O^c~+{0(sJ1@aX%jrINg?)2`Tf;BFF4s1?9B>mr&)tB!#e?&yZl3)i_-pdOHmw zg3D#C$?x!V%3mDH70at>Y3vk)4rtShm&oO2#L=N|LZVE5L?H_1;F2zSsPf5L$D65Y zx}~YnAhPxFftLdVtd+D)V=9hSED=$xqjf5ioSh@jNUv2`M@DAKd9w)P&5e>0IFOMt z4&)y61IP+@-%t!XsuN?B!l0?pDLT>RD7-|;Y>Dgxr6XCx&)Ca2(VTja;1q*s30ysU z#-;VjPS}jg1<7_kgEPv_lA-8kIb|rR(}CN0(l{{&0vS52p>^SMs`0kB zB{j@q-p(07KYRcnqxjZg$Bw+vk6BO%PJY83sLeFK$~AL<4EZy-uMBi>g9Q2VkONGu zE((^rqBRbEnkqG*cg?dD%gi@1Q3jwvka($e=2a%-2Ci0^Diw04V|sw9Y?rR@lb8aJ zt8{b4;x`cQV;44YUKVW0%(+@UF6A0l+WWS;p9St9)OQ@AzSBjhFB{z;wu-sATCRb7 zxU$Yw&54AAMd2t_D358DrmkQ->79h^at3cf5420IDQkd7_tVn=w?>jzI*ceCx4hP( zpo@983{U24c!Kc|XQdse2;_=LQzE(s)Rvx)B?4CXsXR>5#%R1Z1TiacG#?UoNzb!c zPTR)G?v#x$VG|uvlC3mYTHBVR3dnFgkwQ=_t$!GX*80i0fN=;SBL~VJ~Vxn?0qSFZR*Q8Rc~);*ug6B46R!p8RT>Ax?Is4V6hyH3)t$+o@(wc19`yE-RxaL8`+LDd5^Pj!Vd2)=dvA z=|*aUx6Nb(LeGx(L3>z65d|7?xC?-S*EpnkjNHpg?{={6yN-3=?PA@{L};OwUJEQr zXpK75szLQkf17L@3!qbFIgz_!vYb(P)6SJb07XE$zjt|$zbaOTdFX*|6)+z-0p)z; zU43$Pdx<^CIhLlYX|iXmS~eswzE%E1S0tSzF`|JxY-$f}hQx1emG_-hO_Y53+iJD6 z8;#a3P&fsp7>AV5Q3s_$U-ji3n^-n1Vy*NuB2eCxKvimI9TbP)O-T%2SWM#Cam_JX z6VCi*r4Mqc2wN6r@@Y$W++2+v^SO}W7+7xC`%B@fQ-)6ksfmBk3MV|u&0($+AW-=Y(~4s*vfFgHKb&R_%1=Gn!vzNVA8$ZN_& z$yjMvmwB6&(f>Qw4K~WM4JqY>g`7FRfmS~?g{}+VdD`f6TLr2Bpu&O3#&n4yI~FGp z9$VQ@Avz*AXg#)iJ^~)PyQ$ z*2izzd-+sB;lHTMfIdTND_0OU!+8{3&xz3jvd2h!xXG)cm42+mMpH0q?2YDz!>p`8 zt;?s)nSEFd)Jt#xat59~qih;?==*L7AyXn1q@4f6Dek#usQW(ZO=fj3hO9bHe zMF#A4kl?$H1mC?23GOv6jSAd8b@F!XId2f9jjD?M;=P>gblPc3O);)C@Z!-RY6U|r6ScW(> z9x#FeAWNa|q0+y`371wdRKJSze);WgWF@^L>BqML;_6CcxI@IZse<9aaS{(hCa`4^ z2so^{grQfj)^6Jtsg>MkYs2KU!--^&QH!#!oVP~HpS`WFG?L@yP@b(uO9kpFrP&?LGCOb~}9% zyWS_U+Z7V=Xno|or44A%%gd>Pt3$j`aOOr8h~jHLE7#<79)H$?9(a@1=h*y+^J1Pe zJ70}J>jh`lbc#4TrE|Ctkh{pqnQdnFHQa;TYtoY3tml!3 zmhcoCt;ij2f3msd^A#dtR@JhthOfnc)D6FqDCd6tG`k&S`mQ6>cX$6dz^;q0L$}N?C+8;@*~MA* z@$Adn?DN^1vo}9~IXb;K9%M(^>DlX#@{!}yG7-HTaUR!MpMs({>D{GB9-xsMZ@2fVR07-%nB3fp&{qQUwg0VnT^_ zR533mL0Nyd{?51 zapwi9=DMVcd-hEwwzR!x@}z^r-gPAQZWoCiC0&>p!8i^St#qR(^&k#C+oJl9(UghX z8TiC*D_v@6%2!AmYLu%!agP!x4`nK^FLNx_m{ZZtB7+SQI(h{`$Xazoy_l~m%H3MB zF>|YAGCNBK0i$pG{I*DlY{V@MB1M({+=@Rh6NM1c-VPcbsrYW4+V->Fuq81SaTnd3fW+_W+ny4cvSto28mWFl+k34Jrpef^gB zOo}wj<4^FRJu!*0Z3P~+6OzLQr5>34Raiw%;VTpRo7s~D%-31XeXQMjdbs04cw2a` z$|iCrQIt|68AfGdQbuUiC@D|bTc>mi0cu%ao&aYcqdap`VX~(pSq}F~)`xY}TrwWf z9Z_lTgArf{@bOiRe6ZNZ#!Fck0w53vhB)C<%d9SI3Qx5eOO}8E;`RrYYaM7}cxu$M z+BjQ$MLm=hh9%bGavBzXLWvoK8u<0_NoW1CeSjO^0$Q8ENw!zGV|ZCH+I8eF0Kq7c za<;rm8b`fBQc&yVWKU#=B8fSSi{XCuw$nDT>unRe`y1>nn~OA9Mz~F2KtStqSwqw~ zsI_S4Ir2$5z(KDfgF>loa8wf10mIxwY@>C&ui?Q-WNRW!taHGwlU=BS;gJ&v!>qD) zX3MCWqlkQ<)vL=(vi{{G!XBO&vt9Qocz)m?BY^qk{u9tfAb52rF?9NXIf;VyI7Vf~ zxs1zS%fHossYYczI-C}+JNU*>Xbp1GO4ayAwt->VK((MG7y0cqa!&F*fnTZt|1r@W z$Q_W=DzM1QHz+g#KTjMF60mFdEM6r#&_c*VI9`x?n_FpH!`5j7CNBj^OsnZJ4n$OUO9E`K+d;g!(9shd9*u`19-oRH0?RUCp6| zr6FG(` zorRcr`SFGEOusL{Qqj-Z1^o*N%R7P!=?Q@R=5(bpARv0vNQo&l1r9@?;F`yKOgu1S zWo*=8@2J|vSh*a`EmQDHK=4pdtS$X$)jm-OlLMK620Eg{&_swEh?R3Jc0fm5Fpw?% zs+J>r9!&?a<)xz*H!enHW1PP7y${6{7!+6m15Oy@bnCbDdY9W;uT|myM!ID03Bo z9480~XuI>&kP527VwZ{D10%i0{AT7j1MPK%`pkvrObz`GD^(W;Z?vjo6(n!eMu_tg zRo^d}^rQ-%7DQbNG7(-h&!}{@DTzXC2WJ``S27F6tRhRg1hQvE`)lo}74`m_c7;0j zIG?(OR9DPB4f(bbAm~n)d0%Td*3#Rt*_hEPB5Bq2Q#it9_Dfk`mD6ugCY~VPoVS}@ zrZ8CI0aP$Om*D7|SPww?l?r#&wNe(q_Q+xMm!o5xJoBO)^EAqh#)!sn;DB}~uU}AQ zJbWi_6uApgKKL1Lrj^{BJj@^gL}W*h2QKV2OA{Q)4w;w!K~*CDJAIXpC?5J7U?sRJ zDzu)@awKLH8&2u!>?3#}%RCC8sG|%vB;?1vUyY@K%c%*Rr-_Fxy2i+yW*4$EE9Qg5 z8iU!K>i})a9;q&>8m1ljNDZ!!>auFup2qMe7UdTtrzt!M2f3ECni|uX4y|8>9CXOZ z^m*2!y<|SZE#`*``G;2d9Ff|cUW}LtK-VH#-p}tEPFFx$`^KHL-Exv zo%>yFjO*>m4}z>i>`OT!Z-Z+y20{@--IlY3rf{N1GlTBMN{@jP4V!e)Xx%%Z`@#6W zuH}#wH*#qR7-H^>`ki@l@jUNmeLEc?yWSD9`=XcahIe32ns(u!$Hh`5f#4aZ(3j<+ zoR-VRNI_J#mQ~7?vx7iP6PFPOsDV-nsds(DI*W~dJt(FUfiW8{J##2~pt#EG7zx(i z$*Iklkcg)`uWlU%V}Jl~Qld7Rv5FVga3J3wO`s==XnI^(aEjQHvbcDu?T#Y6ZAH07}R+d#QU;m9(MLRV}*c6_bO7TzL+Q?m16+y;=e5OqSZZKyIB0W~2drA>22zZO8ShR%ai4-wUx?(a zAU<1xi%XlPH~6@LsFnZ+pbGO&T~OhxrbB|?8z`EZv>-7@#9vh)D{=o@ks@swk^`FV z4aQ5K83JNdlub7Ilg7lhyTSO`oqtTH_CfY^1&)98708nL!F6mt##~pFAD) zAw4T;#;RZWaOsC!yJ8|M2Y%ugF(55uE3&}r;yk5+q=;#GnX<8-P+#(4S!2hcO@6vW zl&~bfA7UN)IE`mub%qa>U_Cg+u0MI*D2hgZP1~6VDb&Ho-t`-oLv}DBBM?^MfO-Im zk#xQKjGYM`Nt+~3;E-pKnCQUCoGuNuM2{d~HBW9r4{Nu1j8E#KOw7w#m$nBL+mrU75E)(s&VdwO{%xtGuWY>E| zc7OPW+#k*ilbP~m**&+)OWmU(Jx0$Bin@v-sh7hca7x-3g)q=`ff=Dl$k+simgpY) z*!eI-j{+YZ$%++Ahy~NE#JtWd;X}`tbd@qnvf?PyG+A5xM}df_&c(A4%cslk#8rSc z$g^1{RrbW-;e&G-ClvJgqsm*;tHyI~(;byMioRC5w8ZfdjDLAt{Z_aWFf(Z^_CDwm z-x5Dg3(gquxE7QkO;Je$*JjG69&m&Nt}#CQa4ig(B{y1(a^DzapI%-ebndL?YFb^b zR9`6IBGPtqZ_OvXhWD(E6$NCUX?XwuZnPG#p}iU%T+A6ZlVS>cf0^(%84Zy7)0^N7 zIUcZ#s&NrKlV@M#I2z&@o@T+Pi_;knmUDvc)HR4C$oOZHBx^h`{_w%kyoEqHZTr~Q6(qn)rsZvA zQES`7Vcvc$fmiIXdW$v?t%mY>l-I&Qqrqg>F}C6=Gmq{+e_xZ^X%5--=8)Z&cbME@aVjMrWrFLI zIHp9I8rzv4z)2fbb?r_(MM%~AN(7^3Jq@Z~C)KNs=3L=g6o@aKL)9dutemDfwU+W+ zbVcX7JGdBSeN5E7^|C&zWDurUSfTtq(#&OJ*_}}(Um*=V$~RR=w7;*>yHMbE& zKe<-d+41LMP+E{cVRmI0WTn@7_yBq4<*bntURLo3<$k<=B|+mY!(_KrVj2NwM_z>m zDvcAJodZOZRSDC_DEUc4>ec}1CbzT>5;Z;0gxX{u-j;g3eq6bFi0iB3@;uYX^~O2dIf0DLVjXI!%hIRZNIHkm}5D zBw~Z(76}vCZRkfQ*)-&hw=!gtC|=aeIWCS1zU09x<8V&Ohq_1@^9bVAVn$odjOEcz z&%^?f>cQ|V|HmV5Zq9Lm1-EFUab3vjdS*PKmht9spsVc)n3HGY^6ILn|F3e(!}N?u zP<4yo2yT|4r8~e8CIwZNO)P52B9wrAbIaQ~8+Ymn`Xms|aX*zUyG0Zh%6>(YQz`W# z@D%+NLami=BEzYr z)Z8W;cf6*=n0p;pcl3TV6sQUyC%F2HqJTcTO8U}aM!Tu@jNwHsbZCx%i9zMx(c|G8 z?e>s{ZZ*hGIKJ{(mIGz8hM=paP;P}dn3gCsF@SmDBda;I>1a1`FviZ(p-Ow=T(GP| z{w>-Jgu>SR+bn?>KxHkT_xnhO1@b;hK8~&CVQK(T`0;N|*2xL?C_A-40yfxE4t<`= zBkvk7A<|vn6u}Sj9CoZwjlIWKV{>B9tg0HT@-BCab=|=I&8LPtDf$j9=^cPzs6slW zsaV3zZO3;MS5Q)x$3K!Y!TL`~hs3>ZedG=Zm4HE?t9mwLb7f|l)1ImKE?jkK;UvmF zuT2@YC;FUV>DQQLG*Ax(a&45i8UU=aw*FXNiUuWFf#%|}8^=4(K{GUM!p6|fUQ{cR zv=hq|IF{wldJSM)899Gz^3A~&?~>u@)y2+TEt@zL7$d?^?fS2>&r|VL%ts>p9g1%8S;Rfanw;`(D=Gg?j-aKQIU(J+0}UcA-`_1s$y@9+MLa;%7M;dJRxuhLEV57`dZCUsruUX`Xvua>E7z z51rSjiegfvb6jh-PpK3)$rI{=RbI;t((8sMN-+I~r{Z~~{f?B%wiJ|@PGHMBVM#zA ztTDcCs_|BYDd4mW!laTp+7K-t&`v8go_aQ6i9 zQ>n7k-Br%#0|PeSTG9zDgkMXfx{a@SIL$}&d>VPGfpU`$i%B_8HXIi((NT;QTu{88 zL7PQ(K&OlQz47%?04;Q{q4Q8pu2N|o20}paT%`N$XOD`>l%d^Ygew|3+wEUwXoWkp zy%YTdLrjK!ozjDjBEgHCz|~v@IO!rQ7{r8`P;DccQ~@LE*(>4(%r2am$ly|~R2Wo+ zddE@eR4Y6kN1?+Xs)EEF0?|XW!zBrsUS$^s2Wd^}*jR*-yaTEVtOeCd!i4tyjZ8_N>i;qj zRiFuI9G8ufNL==U3J{d8fr*R|CMAb~BR(LZME(=+lz; zp`IZijiEm@TRFg(l0%IV2{A#bDsxy(?4d>Mb!dX7>IZ20g1U)zEX>J*$<4C4IEK1p zt!j*3HD%j1dU|mX43c%6w~n-8YAI+VW0+bkVGcUGK*71byTdc48C>oIrE0{btHF!bR*4y7IEbIA(=ZNjYk4 zbccjiO9p?#Ao!ls3u%n1qb8qbXWtm?YhrHdvC-U)n7dmplodIxy!1$5v~ernp<#r8u5C;KGJ7;=A=<#hH$UA^n87RKu+J%rO>CS>29}i zvDmQRI!|}*`>Ko^ilFGA;{f6ST}+@^nAj4C65cV7>ns8KInO4%4xZ1~_-!ycW(hk~ z=D=M2R9sAITw66m0m1O0xO2z7Q^pHjac$^nk03v)jgD#%yBkYa95f_#i4?FD<*l|< zI|cHvQaMTW4;ETxrl>2&Putl7l}b&0-G>h>FVY4vbVhY1njr4da&4R2W;XgvQ%;zh zq3j$SgS%w+ApM&#vgc&_qND0c!<3jP=2ywrhc%|9>~s*Y;)wHZ|<3O6=r|y}s>9mCGc}vLN{uoy%cQkj2yn zSdrc|fZ*(@68|Q{E_B~Q4K70_6V@y3M+L^gOw?Vv$lsxHy|R={r5>bt3*~sBcRekjw?U>UWuS>7)tBl3;N&bWjhu~O4x@=d zdNwQYO|-3Qp-@v}`FK+3@J9lo2~4Bh;keFk&9MQflTthWlh|_PTkTJm#ZtjN_)?j2 z(}FbLH)T@>HXIDWfCxl=@W`VYmrEjcqc)%S1JWH>6aSvov;N2i;lZpff$xK55L`fp zVtp$8-Z6%sE1f-_+mQ?jigK7nIcT81#D)TnxYh&Y>_pvSOr%8x%vGFyMp3GK;i;Y* zWPBUa&dNtmsQ4+X!$$;MH+6NR#9y5pkuo%3@XP@DmRER&?ObeW9Ya1euDrROZFy!5!JS?M*apEvR_kf$2)i2Pi`=L`wCg62 z9?!1>RPh%HzL(Sd5S~zX;^AZ7l8Q840WNqH_5u>poe^aWvtdY2oSfh`@i@U*RgWf5 zn#}XZ4EKKgeIF-y31CI!F$g!Rq>y!!nScu@5ka$QId#j#s5`-b$UIkLDy$V#kgewS&UDk-WUEpd7t@J=oN|jVjtTqY3kC*z-78?-D{E zWa&#anr^8ljBdT$=@Lmbm)?qY67gnW72(u}i%@-AXP8umh!AVKuewkAAJSX}T-sZ8 zRRIaA%&`Ut;v<+n<~E#Zk=e^DDT9+)4vvo{GHM1WIAaDH)~GTI2be?#-6PY)dhW4( zbw^S0Mt8}6TT+C#q6qpZ08@!9-&{=8g{DD$*`h08Z#Dhx5M>)SOPfvMkL5Exbm4)^tY#m?H*w+&OXY$438i+j-uo#UI5fyV-&WjT zR+P#-gz&JY~1af8|WHhcQ_FOq5#=N-2)#|3F)1W5ZdvS}|Vp^>zIKq#a zTpKRaO|5e@OwrC7(SW8v5j)l^@3)XTVDdc&lkaT=li#;Uw^7Oa$$9q6**}inAA^GE z&DrVs#nI`-$?4hWk9}c3p3t74_CzajG)Dg`d+H`9oG!FHfwU5kQB$qta?o;C8{{wf z!Hz?NH~S;oV*0dyEOPV29Ft8A)w`9zgV~7!YAVzPVr|0uR=nF1yf4+TD4X0!zAQOz zgk!#pH?g(djn8nhLl7%GzAdyK60_WC@N^yN6au&(`HVKSz7VBcc`pj>;b=nUEU}f{ zb_VT=!w#ky){|K^NsL1IZN{qTt??tm(l>kgxBsd+J_JSAhj4tZNYJ1476k zFcGC2@D3PS@;1D6TLnxJ#JFso^Vc94X?oBnqhlpyV-H>OJLJv^0oP2Us=H~j2;ya? zT6CKzFeTw2`0FC!*^ucgGhpn5Q*v!PdogXjiM6gZoB!A%K);FbJrsTK>`-SfA#jmU zI250)$CakAjd_Zs&lEmtt<&bgEEawOF9Ri?jf6QCQT#9*FT?xs=5OStJt%OEs@She zh$jUXjwuY?w77MPP*LKFncAEhVr&TvRauq_$lA%XBGi{>-zG@C)fAs;i262qm7SQ% zPpcx+09Kb*%2T1tT(7dXXtGw(Gu99E!-{?mHR%a?mK#gEQ(#7EkyO$zcLKJx0&y2T zGt8j4Gnd*iF4Y>Y|1 znJ70WjrXK*4mWj#Rc(k~6BSXQJ-@t~t~Oz~Wc7~;Sdk5i&ukPFx1i3tsC5sU;#tc! z8suj2^KGRoltM4KV||nfLHgQ%|sAhcu>tOP;<4SqfdZ zd{M}VwE4nBf=$6SKZ=4u5M{>rx=Dhs3(vl zN>R^Ku|5c*A6fHh(q-J`jjRUWMlO*m~%5m?G2y&pS4p*P17< zHM(wQa${B!z3V64U5nGqI@J`p{b=3yBc-GQc?xw%Rc-)~7V~6aO^iJle3*9{hTtt; zCO)b%=+>%UrNFfHs~E0)O|()wTWPofKIT#xkz|868Gl7fg11QNEAqT-Ec|Vh>}-Br zI;M_#*bu?Vw2dzG0hLri1N6M1`n>0a2*r=I9ca4<=SC7axZxvfgAx=+^;72LAgziL#PL^G^hy+Qx(9Eysnys z9D&Q`epSK!4vc%>Vch%MYuWDDJ8_j$)nuVKg4`NeCYV{>w5im+;Ts%xBa4CCv7G68 zv)&_je>pu0@o~pBSNhErT`4jbYRXPC5Z&anqMCyD6_{@l8DUG?(q7PrXmh&d*l`G@ zgM9?aYyQLt$S4b1Nq8qGDJ`m2=bM26g6}YiABUN(Egqx`&iu29|c5U zL16}Od%2A`Jc(^UMn)$}#qRTLxSUR(fX?T)-{3igZLPvnN<*IXd)ULKKLO30}ct3Jxivb%;z(^Mlj zLhzNlJD~$VYpca0w9YJCGOF*Z7)FO~vC7861fzJOaNB^Kx|bR4G#u=E!@>T>h68u7 z9$Bbw_vFWP3gP5HZ{72YVas;D@D}_(a+>9{SG_?v%pT`Rxrx(#EzvaEIcFri?O9&L z>xO2FYsAuZ*97G~{NCw>&{z$h)>H%R9uVok>g|@s1R!Nu< zU)|ju2>mcyYn#}-^48BUt_-?{Kycv{`2;D4Vu@xpXhpE%{Y(tPvkMuF(e-4IPMfx` z4lzz)XBD$W>C)DewhveAZZijMQLUhm_+qkZN~m5ZjE~(Rd|O>`vOr?EUYqNwM6Dtp`JXJwt z%+lUS(QeYB2+6(faS+equ5;YoUvTEo zSnC;C@XL8On;lm;lI~|xJM9wt-Y&7O%KCY1im0eYsFa}LY>sUroKidwk5);mW>eger zSBcTQn0FR)mnwG zObwr8d(qW3FlJ0X+a**`!u%d6D2cQPs(3lR#sC8CNP^&_IcVmE6|S! zokVese?pamr&cw!v1i(gx9PbrJA2yD-k!FWh3Z)u8&PbtKyFXxI0iE&ZNfvkzNgsF zey53I-4zlBmH@#Xsa`4K(TBC?NW_OdDwavnycE&tTzC%eo~oMHkhz8VHCGFf zJC&HWT`{*c^9n-#@Ie}ZIsHP3s`m^RbA|?uAr6jt-P9Y(KDow91bpy3YuxuYlzQvri^4B5P(rSGh{su1}JpyrJGtMw1Hg>WD1XN;bnM zty}52q-Vr!p%7dZg|27%Y675FMh>hWe9(?&qj9GPl9+B|XP;;XN>gp6?v+9;b0_P@ zyo;X-p>a4AGnYq+;ln)}yY@SM3H#ocu;1-V7`ieEsF22;A(K#Q*)+>3!H`FCQ{yry zoXpZ}t|kv$dZC)ev(XI?Uez7JD11($EzTkUn%f<|gItgvjf1 zaU558rs-MeJ05MNOD3(g?{3o>6{^TelLEd&7GOMcDdFl8jIo<&&7*f1yyUgGcw%&8 zWviSPc^mvpYw>{xy(y}P{~IVjgBSid)H2aQi-Ilv?S!*0;GH3qRy&coQ$<2AU^Y~d zm|DA?Qb90ES4RFAh0_IWe_iE_tJM)|TG&lvw74m&sY2LuS2`*haJCiNFUw@5lfPXu zmTxLEBl-x)A5&PMRk3S43)hR0(8}s0H!w|bRNg@Q5Cv`Au(F74#2au~8pROL)TLzp z-6e@@1Zrs4so)D~ zRygaEB8tzAMoVzvs5!%}5pm4~B195tlx_=Wino;Ov|KO%2Xe*9&LPSfSi_jE&rsky zB(!l-8D30tzwC%+hnI4)`O;b+a)#qjVJL500TMnMmJQH^5JT~x0ejun0gSm4+?$AF z!~BI|4akVfDw78r;b6Cg;VY6PcK85ts5y~&W7cO>p|CJ~soW8MPVRJWne1w(@Dm zu~tA`X9TEJ;HHYFv}X3K%Bf^QR*jFVB_!p<{(w@+9ZHjBzr>&`TuI5Mh#Z|S+k!4u z@wKW)rLmtq$&Tz3A=?Fez8stUE%Q~N#Nq;2F6idMsM1MBga){=x>LIGw3k)AB+Xcm ze`CsK#3vurL9IuKM4|BU=tzt#$vjp6Dz;2Kz-1-s#srB-0}^! zcF_%PNH4BaM;4>GO2umr8&(z9p?q9C=*GixCs%NJdbomWqU;__D7qm1R<3O&V7$>F zFP8~)7N}48w9QquhFpJsgeh`Ut)uf~xKXjjSoKLQP}fE_3=uv7WpaRm$ox=5B7qPF zJ99e+cLKE%gQd@129@ zN2q@RDoX&HUK(9A3nXjD)WcgY_{IC#<4!NezV~A6cV#bPHcuNFod+Xr5w{q56jrzC z5iwU{xd$d*qJyOKq;LRZRgg2ewo}$9U(8>$fFTA4too79h0JdR8c!Y8o;X4VN#=no zj=h2FH@f%JJON~``}cNN^ENv69!@v@(4grEy*w6-vbV_cFkXmml$C0(G61}iu1-q= zoJG_vFiMuhiQoY?l30*d%&oBh2|UK7Lc$0FJS}o6_^PWfCfH>OZ@IUxjX?NKRbMWR z!k13@5}G`-aw>;g0Dw0!DL>B3sd0s9<`H(bwFi%023%E=HH^b~8NwO!2pwDoO`oRq zubW?W2|z8`5X$+y8kwv$Pc|{YdDvLYHqsQ9#s-vCD&r~3>q%or_pHN8;$lmjYdcwfzfJ^kuSI8ijigfu_%Z0vi;4YBx{tA zgBhw>hiOFN1>EA941oBiN@oS;+6oj!jYW=gbEb&?*Q^)0#LaH9%gyw?~wG!kbLur0q&7UPN*|xT`#J0PVps78I!VqJNq1RbebUG)Xcu*U&+c z5xSl-Q>?-QJVLa^m}1JtEk9DWeeHNy3E!H!~|$ZBop< zJX_hSR$yDX>g6XM4Z*Kjv0*A(I@BBX=Us{197QO{eIuZ7OQ%E=Km z(cB{rH_|LsW-sbNACiEg>XLgML)XyL)~Ks)UF>+Nf-2RtFl$2Q)k9A#_~}Ur27{3r zm=AX)XZjcczIhr~hcPKm4!v?Jj(&j2`n4ST&X87@!34=wp02Kuo1Iq4)eQN=W>5|c zr3UM2-bHJ5%fDfvTuzr7aC$+W*)Eh2?kKY%_5F1;Zb#%mTOpN=8@-M;g1kJXRkp8)=5qJ2R2mT(GbrUijGF{sWIqP-i{`(Vimw~t_IP81=dV~%l+YK zgb+J8fyndscx@2npoFu{=1G`tGce`_ys?DA$qdj~=D41f2ClaGqMV+tPENO-OkroaoG8B0RHjVp@{NSb`4|u~v zD_{>K44TB#q;V5h(A>TOjnjH;2|aH;o94Go*t`xGjU5U$88%bFu%MfYEsd$jx*|-0 zX}I-#yUt3`nP`gqFw(tCyfaS2cP~=vS;^qk@h6xXjL=oAm52TX7clo=_fmC;>}X#( zB}=Of9CMv#qBVP!`gdB?w(GHCkL|~z{&1yBP~A``LqK=fm|4tQ=il=1e$e$Rw1weD zvu)-#HF@dce^^W26s_~7wL%TpaB;1EnM;v}9CpIH(+1^=iRw#E6R`ovOwJ|L)c)_> zni(u5u~-5>;d3TV`PkC3CZsY{Y~a0&O$U;G;E?o#yCCV-mT%1?G6EerKI6Tvlzsth zsLZk^v@=ZE*<+|xj5z%?eDA@XlXrZlasw=CF%|Q+*Mi=4YlB3q7W6#tVt0vdYHK+R z^`)LFo%c?k%tzq8&F4vKjCIRT1kk-4q(#^*xYi*@q zw5Tb$OF4p7+)_T482B*SOs`j@6*1S}m1(rEsk%nn*Hyva)znXuPdCD?H5u5Vli0jH ztu_i=2hCzU%m97ViPnbbN`sEpHi$*%>_-9th_5M|G>pZR z?5@o+4<>I?1d}K0*Gs~{H$iUlR+}Sj{h8Z6)T}hgBo^{;q_mB_ST4vq=z^ys>7(hJ z8J=6S1buvcvxQazY6n3h4;2!UNTGl>ADgc$27X+Hg9H6n2-mZtR;BVtG#*UXZ(AB)+%LO$bD31CgF1u-DHOC6)`rty>P*{cn&0cm)NfN4t0V@;KBjiZet4v780 zLF@-z5WCME`5ziEvbRdH$mDD&I0uet)5arAZh}~(sVIhkHfoq5Pk<3IW^J&QmFKz^ z!V+U+@0zu8c8{76AhLi}GSy6DX&5-UL4ITG{k`VdAqa6LiWZAr))J>`zq|F>ir?K< za{P}Nwp=O$($ekC5)^lBie!4doL*5@vhm-wJht|cDq01n)f~CfeA!md#`&{LSC&Dt zbl}LUBpFU%&}}qyjGL_8J3vBMVm`<1#G8&#Yl%(+nLW^ELUK--x74px+IDDx9zo||dLRO;Ff53zD{ z?UW!JYwPG_VX%v_k5_UmFn5=pv95^ZRVz)jfeA!w<<#p|`W>Zn#76T=B-IS9bmKUzVLw-h zJ4qXod`Em_2J)d@fPfaK8#mJXagSE}SH0J%G9@W4R!p_chJj`fHZ=-tVM?}KI7NiK z3XR36#H4NMIKZ`sNDpRlAz84BZkBd~c1^$vb@SWo9$HMwL~2b3mI?Iek4s-mi7SnL zz(SNY|6bLOCZZDs#p5fRp;n(DC&YZo{aJmO)2FxF!9)LNQPn7100CgR zpf3f6_o|^oh)RL^C?t`9j7`9)HbwC&GaePy3bwY@M}4UY{YeC0Vyz=(TT@sQdWeyz zq1W5@J!*)xB)$5qwBP|yb19=C1MwEPpJoz(=BgrGj1z&uG(0PnA6WZyl0f&?yhP8( z0S=brRIC|YDR_HH=TAo=6FVWwM`&axw@$Rgej4lvil z2F4vQC6|}%mu&~@_ovnUR`s_EGWF?&Wf`Mr@ao|M!V{U;Gh#<3TAKS=%nlO&z>)X| zT_ip$FYM7jzFIA0G{#_R!v?7}(_v}FF%6#Itk@MT2v}=52^H*kpoA(*D?Qi%#)RpB zxy9xbpMTXe1)UZ3p;8DX9IyG+vgmi|*huzE9~xsqN~*aFu^tlBT0J&2DNLM!K0(5R zSWc_I8gXk;cwkXp*j8dZLn9p5f@MRhy1XhCRiZ^=ZfEjo1WEw8hnNhx18lH?=fO3U z2I(*Wq1jrNO6y}DLyo$wy>FLw(2S9NPP~iiGONM4)qUP9YGVDE6}_#pUrh4CZWo;z zmu(p_%(|7Wvb&*8Td(AG{1_%FJz*0sWRad_0!KN7Zflq=Jzd?KCg@m`6-*jT;4*I| zQ{9mm^blU#iW0RO%lN?^8Ys0vZo1f0E!>$nA$=x_lv(D29v((o<9Fa4)s_t_S)z&6 zOuB!tG7VKvwLnj0h+n;&X+%pVWVS+Cbcgi1u`;>&r5Hv>84SbD`RHv1YjMFz*xx;D zo28Pe>^Ul?S@35Qp7Q5d&(ARrdYhp`Aep9Ed#*=?L=#7P>- z6ZF0;R~-8_s31=hpNPceV+a=DiCxm%cu6I;kXdP{UKsN-?*6Qj^{4*wSVaU_=^e6} zM=OwS_6+EHKTF%e(H}UD{-CEZK%?QLh?uiRBP{|ty4wYVLq%;AER_2rKT; z({x;!5_&b9sF>dibPgjq%1PDTu_YfgZ@eSAU_gq|rYguP?nUEP3&*n>qWqztglN_P67=2^` z@-a$Lb>61GI;7$sKLLtFF;q8Y?gU{+vqJ6?4szKb?rOZBGr}XfgJn}UsfZ~HZE(nM zUM_M2R)Al-n^yu5n!5jJ5El|-rTa|gffsfrRz)} zowZrk(i(6ehNc}@TvG{1I%HBDDP_;_gjvmaF81pAT>hLRj8&H_s>5;>NcALom>Ibr z9dF2_wM(^OK-S6_TpES9Wle%{FTc8IhdRChz!y<&!uW_I2XWUAC3kDFtT(tpBx_~l z4=`kXb8sfz6Yd*qtPM9#HnwfswryLR4L7#2(Z;rI+qUiZz4?B1tL`6nYUb2T)pXbC zp6TawP4)Ccmx|sOF3*%GFq_a+tz7&``r9%sk#K;W#)-IOk(V0Yuk3F3)AJmOd*m5H zqKnWq{u++Q0mpo@^?O+Pg=ZZep}B+z)9)qR9=tQhB6De^Zv}#JD%R+VI&A|(JG#6J z?|hTP&doalVK=VYRH`O>IHXptC^7GBEV@8Mc?#e-4XC*JdcFvQ>J46Ys)y&Gd_Rh>RvCb zG#ngfm`$Z-(6OHYH_Mq~O5@WwfBg&bHiah?4EOmkQ=sgC*(T7Bf0jt(@@7rscs_k4 z-FaO48)~R)!RY?Hy2`lDBbm+sxP0*RmTEy=-2KRVE&__uUw9j?Vm^G88q1kl8+|3% zx8%L7WEEu{uIv2I9%JoUbQT9VV;5(Bh!HtR>NWIovBW(j2ba0u<)OylH9zGBNL7PX zWFs&1AUOft>dRqFmzEehqzzyW$z&SUZ(>Fk!5ylm!w3G^xzP9spFt)k$ZbEo&t^6G zrZoMEA*!J0yi6E5j(||Sv2o9}=By7drcic^S9vI-rB{U?3G?RH4?YM8w>CnR6f~Pa{tdTz^5N2DxPH+l zNna~{J2S}n*E(Qbg8v5G)0;v^$sI-66gwy?}AvEPy z8Iq82+TjtF&)C5h&k&ZSRDIX;8e+D3B!oi|=SzPj`t{Tlz5FzN%ya;PC%>18?iS>b zAIV<82Zz_5+YxEp1E%5MjxY3!;1PNWP>T%UKPs ziO?*WTLRB^fR)}F=kl(cCGu6Hwdji`90&KBph_Z4H=r{caD4*4b@Fa)1N)CRUXSIk zxo*ewrc1Bwyr;5(F2KBLFUTDI{efce;W($YkSsZ(MF@CAAIwX`5G>qwgzcmI!x>Zj zV%s#_ap}SlGO=`_suA<|;)!P94ax=3rI`cL^RS9|=9wL_*FFHI>A8936P}L_uS<5E zx%{|oJP5xJhTdj=ZRh8UB0H&L&XLdq_(6wp#E_~kZq-6hxn{XowL{sdGrKN(ak^-C zG6~khzpS!y)||idc;8zfQLQaK9cd(;NKM+ah$;Sd{+8A)yb~6bw){0VXC&oN#CJxR z8{Zjl^=J-Ry}?HEwpEP1s*@R?DxN-kK&CYY>J%N7AKEopMfhIjtzi)xD+eV#!Q)6B zZ2LY41QG_ceFj`T=O9&YJi2~~maH4F&`l#c?Ng0qja0()fnfLG#L(K^Ox_uVI;75! zqY1U?`1OBXkmRx$vCAuklZ9iYs}tv`ZRG^v_UiOldoQrPF-0H)OnIxT+q3@V3zQ3) z_iA#Dv2%95v9SHZGs~l-G;drP>q^l9>I&)5y{C=mXV=$w`|Id8DXcs`6Xd<){=8$L zRL$4(5AcLS271k83UxRyBb@nUn%@}OL3z;a`eUs?84s@c$jAdi$smpgMPfTdk5jiA zzb|v3F$n}+dmnS9UiT6PykLQRXMH@sr2Ef(G6{f#M`02)M7U)E?{1rEI2TCuG>3h`OVCHZ8{dfHW0Vjy?`mHva51n#fmuoc_r!^yV zxySbw{lZVOgN=E7W~yF-zN+zudMU3gPMzkM3zS%y%1g3BvN7r} z;6Wpp+Q){ObZg(40nIS{VdWDc^*nQDCXBC~s?8!=qC&6Ka%OC{n$M=&l1L7jrw)^F zze{n7{!w;$D~RaPDpuypR=Y_TJVodWLiI)2xsnP~BkN;9Pqfg?#e)?VsGC#PyrK|| zc3qu*{%pg_9_ql_N_+mho>uY-hbyO7E2kDK$bLo_=lr27Wf{sZ;}?0K5;xPq)z{3^5K`u)vv}IlYMHEt*V|Htk3sWbrNI4xJw4I!k`B9 z<400qa*St9Lz_rz;P}{#CrtH5yaRchS1>cgVIQ>*_j@&>jjm~X&FED}ARyb8y5M3u zz4No}vfgVqf}TpOdy(Xy(X&hUK%9+wPnm4f(0)`?g_MEwo#mRLkJ}v9j2(3cJY`H)huo&R z<&YOOj1Ab6rp&=Q`BIw!he>6<^GiZ^eFF2?LAlc>H!yiP_tKN7h@!+{u7=;c1Bt#r zKJr!qs}Pg%#Iv94UyRbFXFqk34^Kfh=W%txbqJ60)eY}%X~E+r7m$*+ErY4e==^5> zpTY{O5^q1(;>BMrizLoFgb0UW*1)hX3KMR7FbMc(4BU|uKeAHjkLhcbI9Jx+(QJhK zP8&}$t2bN8zpSw_ri0v0Y`K_6t*EA$q-7}f#Zi!}w^SbQE&O!+7kI&F(E4e79Fp3O z!^|V%qj~x${)lQDNVBjG8gRKD$pwDV&++80Z*9J8*bu*N!PgF36mF1&SJ4DBFGQU< z)6;y;5-L#IUXSGhMQ$2-2>ZV7M6nTi+(JetPg7sD;ewG!bl&NZxYkTZSICv@OH9FG z-}%|JBSF9Dq_BNko?%Lx@?polIU9|HHrI~St5n7Gtg|I6-7$%& zB5(k8JyGCub=SsYDyFmD$$bg@!tZuBAie%@C=m<*#S1CNqAS&vd8e|62TB9w!r&2^2S`-g(8mDy zP!d|b$;I|`HB_oKj)cbxo$df}6i;0f;eEq6T9P`AN%nK_!+*-YsPljymVgek#{^u8rkEhrP7u=k zSbO0e&Fk#jtg*!OaZsnLTY=2W|GM=&O6nI_;Ux6F)hdA%FOpk3Slupo37s$U#_ zA}nn>B}s^KQN!f3{Bmc;I`YZLocmH+$|Y}NRTW;cl!Uij8gc<%-A>WIyuSNDV}upo ze4c_(dgf3BdlCdBjOs?uf|A>Hs&KlGpmS%3;?fAHR}HK-|T%m8@+ z0-MHJRc7$*2lkbQLv*wE_)c#0Ajy*>TY$042T{Nq+UW9CmZXozzGzhuhdv(Uq^npB zeRWmjh#wXSvY~FEr-ms!I3-$!M9i&nA8=%aIoXr{c$EbDoiwkf&YP=0eG&(kNhP`V zX`Dm>n}Rh&Xh*Gx3X{W&dPG6+2Amco)Tzm1XR4`r1_eVzs3)MpVWUHS#v zZXFSWIqpKlPl+CXq8A09(EB&Tl6asymCSYSIKwOe;RKS!zs0g8%U2S!J&oHIcQt|b zLVi4R4O}r=Mb;R=gfoRuZ@w;o*Fh>2b8#Pa2PqzVsEgKV=3JizPE_?)C+Yg#c<~^lLc{`I?(fc`H_ahp6iwr;e0p6?DZ=S!T+ zf-<9Nj%su`3Y;YBMgm<3T?~tpe0TM_AlD*G_H=>on@>Tsso&cp)fMz=>~tsa!?>!% z>5StA`JIVD#zn!`n8gVBVkiZ6hKzZrWbQos^25Rry0Px0dwB%o&QlH-^S@(tkT{O7 zlICSLPSVYhhOqyc9G#piaU-w5QsR+qEOAZ3S{kqM;L7-N?ct2_M#in1oaE+k>fMLSwv_V zWt#@^K(GXJkg#OQB=)WGEa-In>E4`1ymI{2;V2)6Ws^k&8ns`E7x>)lS-#pp{KA3F zniQxNf1q%TE`IbS);j}Vk=TrCDjVRlxll50n8b-`<)-S-l44&L$()e^#_H4)u%{TY zs>nEbequd#b)VvxEHO79S!PMl>zm>a)2uKNkAL8=XK2Ng(NUdvuV;$I2AeEx{^Zg` z${HFn%w9G7L$3m`*`t*=w~=uoY1aBa!bnax5tC>|12TD-*uV11%zq~0e{YbDCP-(E z!Z16RdJ>IaBPxSjFD0*4n;x5YnE=@b&ha|c!bA8RLk+)Qia*!iCXL6gY_uLlGmX+> z!MiB;67U+}xL9!a>78n%oWnOYSjjk-&wAWj?2xwKm2|tmu4UUSZ*8`?FB4--Px8f^ zwVl2A<@syTgLmfR^~VZeu4Y<8Ie*?J?iW*ajpfsjUm7brwZDRQzN#PNrh$1qGGFX6wW#thJvS!;1W^J5^y&HD`M-?Gfw|c5nI_)EKB&rF zn3%OXb*C`fUu}bGlL)eExV${V5TvHy{0F~bV~%x=VlnQkDoF-~KZ}N^zWKD;PP77( zV*g-k55%>+YDSe6aoX-J`bpT$Q>75lOE7MgSnHF^Cu?PwI3JLnzG|%kYN;$_8y^mM zbj76Q$2@AjRWxyuL>?;0UUhw(D$pCWyEtENMkltX#IE|&>yH}5(50$jPH!<@g_U}1 zv=di|6c6d@AQ}?#zu3PIK8;(fGw9>-npw+D4Vzu+nGO1y=L8{V%WVVYpVuJFM-C)G znhiuKf#GmJn2QZZM?QjICdK#UYvb$13Lcx+aT?L)-!k0&|Jb1XNi;U2-O%<)MImY!{&k)Zxy$|7bEO@3*o4llzO%DFIXlupQ_d)~GGK>7i{g)zyV8DO-wR%c zZ_uq5aG{mOF3DB3rX{1VNn~|`8y>|#a5VXX4HAAXuOx!8*LTO0`~!)WcT%la1)2b6Y^H_2^juXOQggGM%a^GemjFrn)gw*g^N_2z5d z7ydx&jXT<2U;J>6Ln%osK=Ux3b)O_P(Kn=Ha}bioyl14S4KR`yUrLa0U<1!5LNMNo zB>oOKu2PTfS@BGoXdD$v{Lu7^fw*S44@J96VS1!*&bKfB>{9m*G&l93*&O$BYky2@ zQP}a(9ocnRQ7%a68ufZj6{gz?r;}(iu&Mx^Ps?t6b@f-k`wEY}uf!FtnIH<{(UUbN z*>c#wlUZD~?nq-LG;i}r9Np)hBFFfPraWtvqd%%OUaW}sWw-m9FC)9No4=i|1oSFdXP5#SB+0k0Q7gZ#(KfYoz) zfFhw2s;wY75|0u#Omx=P7Bb>2`C?%fat!Yzc(MzPg>~a^$SS{Qt&Hu)3h>kT`A}sr zAsQZGg_j8OK#;pN-Un3V5rXA2-LAp8qBPCX3HXTNiy+^yYVy~+9yAk|Yuy=)^Qh{Y zZ+}A;Agbfn{v}ega>L7j?CnwiuFCHCrx3&{!Orn{gUr*3OvtNNyl9OOXZ_sQiMzTT zFb1ASEL3N0IcZHwpY&PrI}n+WvYL1_sF7l3G2S?!Yc5RFU=raDEa`L3D#vTw?xIcU z7d)f*Pni=zq9nO{FaExN3sMHBURnEl)n*X?*Iu0VE*t=Y&tIwrd{r`J0QL z@3@*>AmPgpgv}y4n7RntwPCdEZ7JgpJVW`PtBKCIjj_q4(yg`zgeD>%jKWH{)mEsq zi%Tuwn3cP%K&KDA{A$is6K0EuHak0^^JaYL&vxX!#JEGn&JW?k#h>c~1+1~jdH97o zx5^Rp2^uflDsQmzB#JqA0$hA;B+V4|r^dC(mzT~vjEtWO;jo+Q!|e)*rZJC9Z-=>~ zhaCFdAJ!}?{)c3yrkM>4s5W!TA{6&2zL3%z>h>5qh1bb>rO|%tBJ9>mjG071jPqS{ zZ*RJ=6vDv-yaaYNuH&yDm0!Wv3!C*dQANdw9t}^X9A;W;^}E%+-1x*|HcwSHsl11g z?*caK1n{2lH>A49Ac8x69sSd_ZaAOrr^!z}f2Z8}=YU-M74KV93EJ|DK+x>$;^(%( zV3eCazxqUhw+u#I(W*}b>2Y0ARo(t_8UsQz)=_BrPW=8lXg}a1_TuHi&i#qL{l(Ea z#}DZIG=H1<=i+l3Yq+F3w!0%$CM)}s@8oIp_|oQ1Ec7Hb?tta0KcD2S*`RA<-HUxS zqk#q8=p(l~`A?KVh=AJA4~dkT7GQ%*3m(=;^diuWhNHJg+18E=bh{fo0d$ya`a{?a z0zN&tpN|pxm6ug_Z3BTt9}d?(K;U!B?X-L=@&1i@U6R?Ie&5Hq&{Ngh8JgdexqY*e zg^Q>iGGWIz8C@>Y5v3|+y(M>41Hoo|$^lQTKjpW^Hu??RA_5FUzO2=<=LLCY(A;BZ?F;m7x)NI`3(VviO?dVGpT8#1Y*Urgweh=ssRv+{d4tV0ShdB@* zKY=k`rN3jR1%-4=8|r&}#$8fjU)KF2q>J z8E@Db$4fTV;wV`-rsrz;L2xLg-va9IAw7-kJopj^^#X6uF^Fu5%B%gI6q?ewkqGO8vuyI0`Olq)(mvtu2=e8%I~Ksu z%g5fy_+ad6d#-^01bA_euis|dI>jKPKQDiRgD)4qcR5Ax`M!sRK}>x> z)@N2HA6NH_^PP5AQnufye@g5vT6d1$D-Q$mHn-Mo=2L`&J!4lya@ns#)UO^R`%b@m z{?4zf^ERhM?;W8DSJEzc!>J1uRk6CoQDVY8$qsCMWWR)}ufD1vr1 z%KUJd7@z!g{)yyFeU8;PAFyCG*=2G{OehYgEFh?acqk-tC(k3@7M5NaUBZ5TyrkYm zCu3WXUqGY!Q3dPsk|(gz^7gb8ulvlVNQLRJ#17m@E=BBI7IR}9?4*by*~y6#>=J~F zH*|Pul%!buXA_&?2G5(LSoE2Iu~ue_dI@u#M@3z=e6YL}-nz%7KVR`K=gv%kc?SB<^^a=N45N^OBcHH5RPcVl=*?mdS*6Xne(`_+}pi{kfZpK7&b&iFL*)^0X^ zYy7-))C3-0g##l^qzD?I2UJ893U9@9=~xymt&gmpuET>92c$M3*uEgnuB0vkC+V!v zRF}`jV;W&%=hgjtti<&}91{pvMY$~DIpaARGuq1Zd+RpiSY=KIp_x0{(sMChKRZ3JOt2Ly!^d$D4kx0 z@xfoDtevF-!<>)2eFn(onQgGAIi!~OFxA=GhU6gfhmpUgIU(SY@hQffST%Z?OPRE4 zd%bB52~IrlNergjVhp}3dr?oa%?ywKywSR5i}vnf&;9Kjz(PZ(N9ruez5Fb6(J*1; z#70e3YB0L+t+Eq7N9K>)C^4@#>^fN6SDzV0o!gQ3`5dvfi`3)E+%EQ@pHeL517<#ZkH;=Hl`v%%Z27) zSzweoyIvv?6>SCLU~pvvJOy8)IX2HzUHE<^>3x?EwYMHYiHgGDr*^fH(Q^&D(ef%Q zR&9C!LM83u=$+fX_Rr8cQA^+@n2;pjoE*{b+f^{+m87dbFhgs#S=d=rU9Ox=*A-d$ z&70f!ENO^P2(Iw%vj4-vPn4r73|;#ovB6leq*Qo?KJS803?f!nHf=*}`XLvf@5Qh@ zq_yGQSkd+?=1|-}hPa(;JmaM+Z1#1wy3P(69e(&Cf;hSMjhQ4S6Ou^QNHIemx-=`_ zfeZSIH!WG{;RpMb<2K7fSg)Xjxbr`5WzYB>95soVSw$?i?sZhDodXfgNs`S@Ptwg7 zI=7bxkIbOp9<-DX2T{KVv|u~$v4Fc;C8t`pi0-unQVIvH4dt~I`p*`$JWP|RUa<*> zBss}3qWk=E2rtgpSR9C>BlMAjQpVp18}qt>Elsl%{p_q5Avwn4ArNp)H13uF53lhd z#6skpU5RmaJ8*fE6}gz`DKjg$KuPho&shp-k!4#t=yMsz;p~tF#MapBjF||W6_SCXL27s$+6v?2prZL^ysBEO z8mDbM-a_`puX#-CCkL^d4@%!*_U=?HLtrVK^5$h{D<9G0&H_nVdE_JBCIPoYulJUNqpBSHp+hu*2X-CMKSHMLO)VmV28ZO zr=yIV1iRGTQ}VrRV;=H6hYxy`%5i|DEO`_;T2@m$*zdQh<`EP$q(77}hd2)81yq}< zo2;o2*cMMURoxOU=o4snnmY({ERd`$DTFBQZ;z>LPZ?hEJfAL3J|;&;_fOhZIU49q z(Z3Q@p~(qHl3k(-?`wyybmKI(o=U%F_X&ZokI(bQhV-%xau4QE6MLhZ7zS8v$TZFG z%*IClSnUbp7%4Oi|M=#Yt*6Z_G!kqZ$at2GvB{T!cW35MOA7DQ{A38)SZyAT)6Gg- zC0SXc!ku16k(_hRG;uZ97s2LL-{{CJsjuwo3y4pHq3H^Nbl3~;f4vx%Y3L$0yz@5i zwiia~;t>g83=U}_;mh*Y(olcqu{cLQjd|qJSPA}{a7ny3r{I@CI;Ppa|4ue$M;x8( zhwbqg^;{2NTs<2upFnSN&jEQD;A@!v3`s*`n%kf7Rd)!AgM+yFFGLSb=0jPwPA5>HMOv zDx4$cEX3fA*HNrGXvV3iu?5v@d1qbVa!gonRs@=8AzJgEC*@0v>r7R#h#DxC$zk$(n$EV8)Q7_+ zOk+(0ntaacJ8kOemdQDdj0)K&pN)8hvr;Mho`qK&Rt)v~_z>!qHQk!{ZIK>{0rwAM z*`SuC>pJ^a`aXvWR*Ry)vbVLb3*p{<-Ho0f{B zX@5|wp}Vw{A_g=!@~m(+chT)5+@C~vu}Uy9y_O9-!wQ(|3NEsvV|gaaG4VkOS(P`+ zMzZKX|0C~hCD%X8aQuU%AjS`I|5(-l(tz;QWHb&`$z|O>+juSdk6SPAiov2z{nDFzNy*gYo zJ{VV%^^bBg{h;E>BwMi066;rRyim+TS_=vV%`1o$CJ%R^>UYqo=DyX=WBfY@yz|gm zlpSd^DKfXP0&^f7#vw9%P24(@HmMWShvT&!p&Cn!4f)%VY-M>UB$1%Xe>(?iqghew ztlQhHV3P3A#PZ{J3h+afHopuhn~8&*<}R1>+7CLeC+T z>x()mXiDuVlZV0`2Q9eq?ez?+r?>C16xXo|+jz*#J)2v)k~8kk4{rzi zu*G+esrv;SgpASrojrYn8rxaf`o3J=F7f!F<;?wQtUD8n--~`+?}rDKw2_JP7x%MR zt?>oZgmoV6=N#g3TmSu87E3QbB@g}b+z;(M+B}>a)Ahl}^ZxkoGET(9?FYYL^!orT z&f`rT^9Qk4$5zSy{GW^E#8|>ZY=*k!;Ws?OLyxJK0#EJM`P^83;}Cx?e;1~>_51G8 z;4DH=b?zY!#Y@j|u7U!+yg%68^=@$DJjWel36=z5zcD}X@P(DfYZ$&;V7Em-tAk5j z@YU(*_2T10bQpyp8}xD1-w*w^S>xfJ*m-|=@EHd0dpCZ294q1QpmpHijn|zxoK(3l zNq0|BQ>hYW!gsuQPx=d4sOW4?Ub2ju=O?=Y9x;x5o8We`>z^EP!-S`0<<>FN2A3i( zq4H|l2`l@$z@uWEB`UCOsMQCXoF3RK_fLpLs9a{Qtw}98gii7k%WC$Gq;E-J0m)n+ zaF{bDCp!`8;bJvS9VB>|c(&2yys{_lA!%t=TC}Gcbp;Yb>~C`C3OE!fvpQpxKdx2U zwHpzXo9szhj}@_{kjD)W8qI$7_@=83sL~!=YwSgB-_B?AOwZvivr<(@Nc{fUjCt9Q zB6fj$K_OdGT{dueXFWqU;23Wg$)Ra2_gwc;Hf^A>mod?oBP8765&05tOL1yu@iR^2 zXd2of65SJbDj`lfx)q&pn?mAvT7K%QGNAPZ0O3upqdW0SOH@;NwUtpJ0LzCNMdjsn z{PvaW>3XzenouETyKkoB_2pj2uz1jOR`7MHoAca2YHE^$@J4}y$e_-H0;{Bj)GqB~ z<~X-IJR+hAGX2p7F2uTXGXKx-gxBvT2Qeg0R4~#RN*$t4^cnw-@Vtj71Cm9=%6~K> zIRbLuo7Wfn4#FN>l{Lwc#$H@H9iDM8xS2)~N$<4VehP{lHs@DohDWn9s8(j@zvy^@V z1nrGgUxcoV$gtEZ5ZrR~9k5y4Rj?oG>CIC%5DjemTnl)KWG-Lksg}Zq0*Toal^3Ks zJTM*vW#q8JEx4y@lO)3|^FkVF*4YVYAk#eV+$tZ6n@*5>yiHtlmcIIfxee1G8hbC2 zvwYv`EIG`k7PWYev|VO=wxqANm;kTW3@wHAU+v6dTxxE7kCseYbTzqly&h$1)^Pa+9BG({A9hY$@>*oR`mWU9jjni zL%w4S15>Y-8H5U_+B5?7#AC@{OEtHlG7}zmm}7FV#1rs2U(*Fy;f~}~9z=5<%YJh3 zG|hACXR3g62NED=mB3lRi~OgzvGhuWtv$`%#kuCbpJzR$Fxs^z?-Rh+2IG-N<#R3wpIzqVlzDT z#j-rHl0cWXNRc7LFmaQkqEdHPOfEF83sN~oM!AGeW zrNZopXLGeFmJWM>Ke&s5{`hIi799|HzZwuivjkIRhuMGY^k#L+=tlBxsovFZEyYlI z8(?W9(^f6(tXetoJS0ruQrb&BP_U==a{2@5@JkiT+Hj_BLqMyqx0Z=d>}!S1QinIl zv@bk<@l1tshb!vR7QZJl)RWP!Lq{S1{MywHchh2Awr+J1h;3KTe7w{CzAy%lxk1WJ z9Ej`rix0KZb^f;H?;}!7r$?suudJsTvUp>jpo-%NebHu^U`vd4=Sex?Wr@nMTw=4V zml5aZAq14WQS2lrbuE_QZB&An-Qa8BI(yDr_a$EBV7qDyE@yRDT7=qTaXr|F{mt+oQ|{i18bNS~D^apLAbASUtz1?-q>8>F zW&}05Wvcl7-r1x(^oqpE-mJNKvjm=edWB?lH4*nwThhggUjFK-?g7!#zJZ?&Nd(qy zs(1YM=_2WM#|46SuOplly5_mYh4SSOI}k- z$GoOB=7}c?*0QEAsGNtM!Ea`MeXf+N_mE@?8y{Kz2ZeYkM-AA-dF-DF0Z#TB)Ne8T zKrO0PcpBB+oEhKNxN&g0J(@1z&xQyhEPB6t$q9nta+6BE{HTz6Z!->&C9)r7jH)Ar zJyN=-3g_I>bi^Be3!5$xF)#2&LY4#07So8@f;$-hI2gaxb+k@e{E3nWyZrs}bVx>c ze4n&Ad@ZifH2ua)e-MU@{?BxS7EWMSuH!N)8aZ4T|8F$g!Ui4lSiHg%VP)pPA?&VlFg_h4k8h*ah7|*%Qdi(|X z1{rK{$sWrH9lR0*G5h@&S5hM#zxpM)^8r^nmr)gx>@`6*!;(0X=mhgl0QYi3BJVCw zF_nz!p8DDa>YX5_Wo&x|TV|QdL1_)$Uv5I`E`A1WI$qM*rrcr7eOm&FP9oe53jXuc&!%8CjUQFsP}*0w8Lu+BF-$4mVGD z02t&61OV{A;XeiFUm`F7Y-bZ`q&v8g#1jBu_!I#6{{Iv(GBO#sTGCrPTKrFyGF+=B z>i@6G_5&h~RH$A6?)hS+$!`5?XZILxx=bfnXW?nO#9tqp+VGp^dfotebn9$>s+u1# z{H0;}NkVcqT6W!dEdU_JhP8qPz`(!=o^3+P0Dv^W zU!Tzcy`S54kT4j4hwd=}K%k=yU_STn;TOD zULB~mw?UInozMNFW0R8+VezxQ$-OHRvjbVZ3$r=1<0}#I=|K_Sdnis0O>M1huEb4^ z?X50*6ujmaC8SL4h7?Li>8DArNv-Y8=nnUdtIi7Y%+E}0#_YtYC;|P)gZpOJrVdx; zvIk}k$2(*Dg9@((eO|z1kcfHV2edO&{f^T2#23PmZXAI_knW$75{h67n&5&zWF#yc z92_KQ@Fei?p8}Ab<;}sFwOF0OG^YZvjG`bik%^7Pg~7Ga$+g+t0Mm33?g9wo2{c~| zYWUEY2G*i|zx^y3D=0F)Ie8XT_LUZ)4q09jrM z;bL982zNWxWE9*~1h}*W$L-etR%B4qVoSOET)(H%^*|>=ZaDahscn1xbp39|n60FB z+;`;Zfci%L^hUMK;T`4Qm{L_!$%7I9j-mP!@q^$xqOoS1GT#O+Hsvyv^O7z2=*@+l zamyL+$LH3c&H)0RPnn>K^r3gkRPewn}$~Ia425vZfj_&#nC`_%QY~ z>ny2z6XdH{ieqCQPy9x~x+8%b5D4G%F55n|ChQgPt4f+iVzcWAIXTLDi&zww*Pd}yVp#Zgk zR0XP*qE60}dwnv_iY`c<%dv2Ton$WZ(n$)1-6v)$IAv7vVkf5paU4^>s4axuyNfOUA%h(qK1@J`g|ZX{kc$8OSN5)jOv(?M@a$R!1?i`$)~R^b+j?2l639u+`S7NSp{Q;@Ah`X;o?x9 zTEjFn%`{h*0;wrD?lmMo(mBJ9j}GsV$);G>2VD|93c5<0AnE^&L{`EYq)p~75Ni{< z`MUg^+|8-Pp7oG`V1YQvP>k(L(!KrtCQeQ>U6Z!`4j-1!x;=u62 z;e8H)h{8Wmu2An)eyitW&Y0z2#4*c!BvP&3^)}>{u01}E$J}y4@LE{|dg!_lq@c&f zqSajO@L?Ji99LJvyF^4}RSs`*3ryx&WcB@{w)N^PZJ8UmxpptIp=Cr%y>^S~FEJg9 zPHcG<5~OJp83}Ok|Lj&)j%UQ9J;c>}A@;%lXs|3fD{&$ml6^nHG_V=1?EmwSrOJxr zbwo{oukIQ!`nXc>ET&6&0o^&|`{rD{eDZCq{%jr%Kc>xyR7nrVKGE0mZ1MJ#oIy{S zxT;L;>K5w;ku%yMxJvPN4B=j;ERyo-u-;Zd=st}Oy7pdQn>G1xsls8a(KgZ=h*>1V%2OCBYnpm z1=_#Ua2FGnCd!l&0^(^ng(L-Q&UkgVZe21JvJ*CCy67^yp76GKgyQ1x5$^uU9MCO61q}P9^BxQWU9w~lCzk3A_BO_L37g_EOzi+7dN}DxX#C%D4PGBu84~aDOARbJF!VGo4EaR zSJ>QiKg%zK`2Lu1X?HG>ie0myg4od`T{0CA!{dnFhcVZeBfg+New*unZ;?Uz^Ufs% zdT{t1OWQn%&R9Q4HHV!}n(GwaPjWp#`KyV}lND`bA`zr9`!9=*uTz&rt>^O@o) zu}t2dEiQ`1?cGEdT#))c z^ZmP}YGq$qwQI}<6?ArxdeK~p%Ar3BmPH1UCZ}i+^gs;M%zDE|94smwH)gDpNo#(k zxEJ=}z+Q{2FDj*pN>TiRYFjY3f<(&i_$_v_>O2ZhxLw_D1}fQ^~4tKXWT$*-N7r zXtNKnE%#|=sz2KYBHuUTSVyIi=WUc#F;u>%$km!XiReKjzg3anOKB;cL%Mp{w$djT z6|4kmwHm-Kzkpv`z&+sU@{fX1r^7o!B&OC_VBpfsc-I4}M9_0Ol(`G+b7Gz~@l z{Yza_$iK6B%9Q@YvarWfPe#Wof-!h077t|O>UetOS1)hkF{^cjv#8XNK&Xm4OtmSO zJ{!+Z&JVO?#0iHjmqT~-^>5#rQ7CXrk4>dA($^3jtm0^KuF zyKmTOd4H2sc*<-4Fr@9=M4t?=Xgc{8xe{`Fg!yiVQpa6dmREpTZGqS zZ0H1@3A{?~D7XA-ERY_pr+pL)BmpA02u#}Azr`}>(MIB}lUss&{^^@DE3R49klwMy z1YuL1ss~kpwT8`UA)_eUkr~;nqCnDTIz;~cF33c`Du~=M07pQ$zr>dew$9+w8bt+j z%DA(uCR);e=0&83om8c>%j#*ex@UdGm_J|`pzXB*83?!~hnAHE`FUQ3dgLT${U2}g zRn7+JyKNzABaap4_%GtUUuMF#}009H}0saI0KWV^!Qe04wA7J1BWE3P+G<0Gj z5>hf|Hg<9*79n9)5eOxt|49o#z<*4SRgD^cwFE@H5UZG_45t&XPct|MkOh~Khct^f zWOQsMr4S(wbEbu7!wl&PGkQ?u5kWu&3Z z^Tu?`V*9*EXKt7N3*Z+@ofv>-{n=?NTKtt;(pB_sL(Q?d1AT}l=;8@=qihaJL)K$5 z$I%24ac0us!{O{jL_3%vVbMvHk$bT!CdJeT?D)#)F8ap5E$0zlU?XlB5quKt%v#H%PxP)i_T1Cr7sLmpztt1| zbS!1LXY@&a12_|87zh<*bzX?#UQca7Q%RP%Dxi!&y|6%eDJa;Ff;~Eyn%(Y z(ifJv;=w=&<&FP%vdXBoDT?u$Z|G(en8*!O-lM$Ea%ljn)Vkfsovo_HWwm0QU|Eqs zDbhTz$7mg$;OL2Hrf(V>fE0)Z=i^_8lS^AQ955wsfeODftkM!=|4vVvkyuswyShlu zZ@E69+Hs6xo?htet`YJ>n5CecgjDc<3cJZ-GEPG4o4-+%89^ z1BaY1bXcsh}o`vpAH2P6Eog-)zS(+rSiDo%*%8?VCr$QJQJl(ou>c?z1uO|lj= z^*8#axm4fcHt{9$Goa(EV7JZNodvnJy7riagq_7qcpTjrk69w+^&nii=Lg8o9Ch|d zo-YHLghpNEwzdv8Be6FYJE(#fcd4@j1ptUlkKF6DY@;=W>7j{jLNT4sGrQCk6EZAu zf}J$}m71%+=B~X$MH(Lk!-om4YTS zj50Q8uPg#Pp{GgY#aMzgz{-Kvu8I-%Y6pc{ys&Ns*b5$tqntT9870RIwbvF#r{k?5 z$*3gRw)eWlqqF8~K8n|@VG|$4jXfC7o9dFmg6| zSREPG7CmD#Vxlk`>mo^LocQ&ru~>VQ1selBWu)>?z3*tA3*D=6?6P>$%*OMfafW?o zObJG>1Z3uo6L610t^Az9;aJioED-o`Nz>EHM@g|>Oq9i$8HYpC#m#Uio>E}v+D+Rw zi7H{1yDct}iwNENBk~tsHaotVu-V}1*`yE9y=ZKpfprEX$Gk)?Rwp(DqtuVH&lwU! zc!S0pL1Ph;P>Ot1A{$!UP8c~1d*B8UE*X?SGj+!$k5?NP`Z{6v;H+1lc;)Xm0G1I0 zW?Ss80|KJpS`?00QbSB*T{0HUKo#uJtMQydBufg|COr4th?r2N%Ew&Fd|4{-3+n1g zHj3Ny3fW22Dtvg~80|Om8Ve8G`m|XbAjmb2oQGX?Ku1xikz=OB%vk%Z_e1BVchB~^ z(PF>mH^)$FWdcTl)1e-xHBy{{B2R6eshU?sRFd_)da6rA{azF)%ehXOhWJ@=z}uPz z57hzxGrP@}F(Ud^2M@9RA#x$=A@FczT+ZcyoC- zAIWTjb}Hy~(1~fr@2`AY^BXUYm$Zt_voO1(8nz7UvTvRfB;& z)Rax@sE#3ffYrmE4XH_LH+~wkRvEP{R=C}0>ZARek`3F1{}%Xfp3n=DN>tRZAy|VN zlQ3myo7rxa_}zS{WTI&(`ILztHOh6iK#g#q0{Rc#ZGIx7zPp+VXvh-T?(bW-8PXiN zfY)fg$?0>d#A?Gl+?;!Qe0F}ioA|xJ((}ebv(cxRz=+m7NvkOMS;abnFYIoC8e z?E~}!c+{EeC9RIBt_D{p z@SK0829^uhny{ux(=45qfsi2-KHP=Bkb*$lU#>N03DKxrN1R48<@~fmYj*T_e zM5T^hFIyiFEFuG1lu*X}U{mBZq>oZE1vi5!7+1U6?$q>|ic@UNmq<{fY@J-vO6PG+ zjIVyba8UVY^z9rdd6nzKXfI}rZlc{P{0%546QP9~=RlxcgOIWnCY%w8IkSvKQ_iLl zH3cuJ$vA5;#5yLVUUu<`$aH=^zZv@{J;gXpDpUH(oi-7FMUyLp?+gG-i|cgKL|d&i z9erD4E%qYU8dn~x&D;=+FLG=g$HczMJTGjCHL=?A4d}gRveF#Qi8^M5#lLH^%wjG! zHLG;~-DE1xrlo+rN$1yHM3Ka@r<1z;WqI5D8B4f!o5qnw#~mMWR(29)6i!YI{!thb z5{n*bXkg0S{0-16B)R0)K?wGVQj&~Lek!6o5`>oqvuPp50P2Qp5PNxwcBrkPDamxd>S_nE z1QD6EqlR+F?<`=_Q8>Oi{g@AJEoSaUYLM&6_)!h7{DFRs*_x=v&CMc* zNowSQ1@0Nj_Yto6GqN&4{k!uq;oeG)uvDCf0#Z|B9NnKt$hVv=F0h>az~{;_>L!Fk8UA z8na|}^)V)C;sa9&zIJ`uDz*zR?JtSoFILMq28;paoQBf9iT$+Bo_O3#0>*+GU-hs9cDb-+E1q z6mZ<|u~-1QUy^n4c;-zJbT{_P45nR_EX-I8ZUxdvVd`QFtw^&lPxy=MuHOK8aSzFc z1hhylmUjKOpBjA?PECeO#?oiBBiN{LJSq(2ZewdAuKQxBrRa~9tt2i-M;`)cvwk?E z?FlTu8TqX0k-#$@wu|PH$SOJ#hgQQ{kxEC`>PuZpm|7BZTDi%jtezlMh8huh&`n8u zMW-=fbr#l3RO-2^rhIjlYRLlhbWXZm5LS>754)#i+IVGc_;Fb^LXdv8o@^vWh| zhr4OBYLobZ;6G)b#F`Tu3l0Lomh|*+#KYznf=T?US;Vr+Cbg1A=g5Pf^nCgeAt@mT8E8xO+mZ^h5?UGs%B18pmQS68XthX#2a4?s zC!@ereau_xb;hohR(s@!W6NaO84uaZs2Mj&$|#hBC@pBNpT(X%Sx@tof;W~l>^GpH z#XxG_?w`v`9LD&~5}987+7d4@3;X8cAc(Jc> zIM$MLE0xX@%HoUTYl@M+g?|H<%>%h>t0PwMNso}VCmzRWe_#QB`W~(Eg6nxZTqSxu zM|4KWLES0ig{-vB^Oc_a4fNRxPuWzE%p!xZ5O7>EH6ALARZP4#!pTC?Fhbo$c#4Hl z#b`5yCON1|5$_z{TSc76G=JK2?%t;F>*Fv=@|D{XtEa>(Lc5Zt<9=3a)p^3oeEBfN znI2@8Ll!Ed3!1D)6;J-I`gPJ)UL>!xQmh+?OBkvR?^i3T;yg}?+;vx|DHn$Z2)x%w`G@aQbR^%oWY!ss8-^PH`=id z!6OlCleMZEAR3bLdWE_*54AN;nsd6`1&IxJ1d62Ipz!QkkY5=&a5D9WdyvLkaV?iy zMZKu1#K%E)I#W!{vPj@1OLb3-;$_UE;u5*T`^f}IqRi~cuWaE@XrQ(4Lc`6VKK>(h zmw!NUTd8Z${P)f)`}HnPm(5hpbLny=nCX1%Reb!vsl&;9I{ILgrIt?7=~FIar=U$XG``YDXf(Q;f#rrVx!!2t3gc zmI|e*E_74v70>^XScKMLkt4M<(N4@n_o%H|l9u7BT#=FON#ZckA#&#MI}V&L&Q01Z zWs6N6HNIoN4i?s!E-sP57l)+QB@^QgwJ9jdo*k4OmeY{1ul;jdY4AMEmheH+!1o zW|EyzD|~lY7|o2Xd#BLgCIoz<0%%RdP}q76T<0hBl3|*E|3(X{xG4b300yrPAo~Xy z*%?^~!<)1lSscapdSqVdV)?WK^LQ=43E9Rlz>Yx&KJUt6=R~Fc6x&pqY1ZFwt#lMZ zG^)jEeFHRp$DRK9^LD2lZB%Zij6VD4aXFP40U81pF1erxThmvIBXjx0tvwl}BjF%T zO(l-cGtm>Ld5o2WifkRWGG3j@9xYqkgKQDKWj-ZTBv#r(%})JY&8vQoo-JMcc?)mJ z6^cYOlZNR8tS|%2&y}6cp}-gGB&Ez9=d&DQ*w_AYEjEH}PLB+|03?5gjyoEacks!5 zo!P;RfoDbKz@Gf-+U1F?g>;+=47-ebuUuT_4OHa^o3}SPBpUTmoT(;Z?Jd@&MVy0Z za7Qh>QNnX5RhTA+*f;|B>X}Mk#cl3Ov!MNmAIBu-v=F6dLWSuBE8FuoAjZV5$g?SW zW3>?^&(o

P-qN2mSNU@`(2&BLTa~SwvNLr!CMP_?ZvOIJTOTctCA8U)1IbHA=c3 z;&9hg1s)Ya!El({QqL=byxGI;)BubCxnhNBw2>sGNDN{esHYsC-|$ zt^as+A;f9^Jemno43&D}Ap{L_fuv%HaV|TFurW9FC=m!$MlwfwmH#mo7r*ZNfug{K z&|Jn9==A)xDS&gIej!%Yapu*>$!4u#`GY$nk_2kOxpY-Y}#7)x-4efyo|ZMxBf5S z9 zhz_i=X&?qQ-OFuP8jSk`znD*FbAm*?Q7b;=5fLY@2piWoZASe;OXt-d=g(5HSI33eG}rLv;p13xVu zPEHQHN+!?d=7;rqoTL{Xg|#J(dvL8bG|!C8tXpfZ7k4ZdOhz7}q05i;c)oMjZT`}P zxtX1)Qix9HrSLH)Ce2K&g+jowL(}p?GO9I6ihUcY$pQ3m65!;b{D%Hsd4*!ego`Kr5|Z;(dSp> zMtb=+jM$H}Mm<^LlRV*_QFoOX%+_P1(@sc*2{Z1|gGHng)rl)G(OmE-q>zDIoYHE? zVc2BsmtLu@Ve``odeTHu#&{BPiFC}H7{kXoWvD6>Mmu$`23)#t;w~l7K^0G<((7reFUPZ;D(Sh} zW_dbb1e2yTrzQ=M0{uFbfgRWo*NRZu#+nkU*)jVwzF%Yyawb-HS}bn4EPiPJPBE0I<%$L5qHaWS;^XmOV5eyX&vD3UQ`K|(9L51371`7- zkL{N6iVvyHe<}AeYo=)amHq}$`mw(s;8dmJl*Yrx^1LJNrJMLRf+hT_j7_#CAtM&w zx7In;A-B9x?vzo z79}5D-&n$nsZryk#LNoxHu~No8<$;cFSXCdZMnV}+o$_Vp zrPZWsv(geei2f6sEt8GJNPOUG^RNojH`!z)<@I#Tg}jv{4L6gAEhhzYRgQN>=sc=4 z_{>##I#Z3+6j;*Y@m3l$>_C7;W>!F@kCn5w<^@R5h3Qq1NNN~xLNak6@%jd!p2sX% zEzN7{tu3&-%WWM_gwvKgwXN2bxNfb33jvPV7Uvr{mlI_PLyOT{VcJj5Q{7LWKeR$9 z=2H`^CBjbB>@^S~HPg@8OPo>EJE@u{Brgy{r_`xzDabsXNJwHFoW>{p+FT%MpXZ61Gs!gd4U6&}N&#xMtQR?)q77tzk#sKE zbU778)``cssqW6duDT}<+EK1a3rX#EPRh1iK6I+emY4BzIs?a?a*y3{-OxALBNf#A zP#T_Ah!Ynk@IzEM4TS{lYuxEvZ5+naGc!CJ!B7kTTo! z#O{>e5HJGhsJ_pEa$wQr*k#fAjPA@WKv2BjmxQEQ#B$Dm+__Nh(U0AK- zNRyrZjHpgzYWEzZ(oo}ibnFaAyYHEj-ZZ~eT`*EshPK7ukA*8TOh1kkVcdNX#?)Fsk1JzONwm3s% zMhT@UNNLAhD;%n0!qSghU?B;42g6m5$a?d|(FoFyf84<y zx_IZ=b-m#|y?BcBdYD(m$2nNw*wl{xz|G^gk<7oy%ehY``Znn2o=xVSMn<~4SbDpV zY;&{rFhsiMp0=k`&fMC|snN#t>J~DiyOd9d!|L;fXhEc~l_y=wh+0}uc&HXVn_8Na z@HXzNyy}GNUB=IhZRx1Z%(S1I>*;7(T5!}>(k3_2lv}=dB+_^o9aM^RtY;UWrK9A` zxTxAYT6)BmE%Nf%q)cs0I8*SHM(xa&ainH6A1pSpyEeA4Hd2t|SehevIGLzIBhvt) z&OOTHYR-aHi?nW=SKE~-$9)cU@8f6-xyLFhjV%|k8Duh`gXtu<5@9jMEZoxDokv{` z$2?*av^k}*U}-?>e9}L{bzpcZO*&PV%s9wwK2STz=H*xF|SRAw~QBi}#m&vs)MS>rYjrG04CfnD zPqLWwl7TlFJ&(}Hg@W4BDHiGJ43fs>j%)PF6^+w9o%F0gAne2y^(8?)!+_EodnYnv zcB_1fG&xK>$T1BsVIP%wOu|aEb!y3+88i*GA7j`=Mlk!-v|K&LZUtbB<&MM#D6Skz zvMKocjZ-zq_LUV^JJPg9i~F(JO(M5>D0ls#v2V$FynYRQRq^8Y%+~8*Xfzw~(Trlo zAm^PA@4mwkZGoQ@5Kq)+0ENP;QbwDiUv2fzapgPLMJct5RLH()`E;lKatxix9SFbb zGr83Uh-6|MeUv2F;ABzyS=C+Ln{c}oIW~EoV>oQuq&cH6`p;SW^)>{mjPf^D$5P#w zaEP^c0E1p=JE2q2G+{eIDS6o4+R8bo7sPybQRty0$FEfI6OE$S@+B8>jyqTm?v^5Q zJz>=rCjRq(ULA9lFtG{C=l|UA&`Rr!9EF1R7?-m3dLuw5uCbxUd&Y_djEeDO`FBFX zw)Xzi>`_=HP9wFSY^TE@ejkHoLMr3D$r?io(@N^!kwWOnyviG7_RJz1*gNFJKDn%IuTVoqEE+T0~bp0)Lr zk(oVI6f^VT6flKW4)=zpnwYA8v|54X6tLlReAc??I(jtP0r(5(+BVC{WwQd?auiF7X-NhqR{|;ij?#U<27{ zqS=W!BL>*;P+fX%t%XO2PmNjg%sMLyShvobS8CF-uiKQ)nfIK`a5y=0g1I0{tIk28 zl!;4psT^tZC!5?ntF5c8tJuE~++wBH&Vp*KW1OI3q|7R_rK9{Ckor9YkU#=}fc^jl z2ZI6w0|x~K2l>y_0-(smD9plONT?*rEUd=PM5H1rEz;k)n}p&!{^{P&`X}oM#*YT0^S*@Q zo1lmPKv#eNL%w?_zL@xj|1U}JiohGQ_uA)wr<|^re}Z3YA1?=&MYIv>5Jjl(T%4P4pAO%iTLw_QyeT+_K<$zd zY&pOxQg5FS^QgEoQ+0ijr))Y0e&w=}<*&r34_eH3rMf2nU)N6G0Gj6jd;N;|aTllF ziGJWT%oXHe?w0~)EOOneDOE?`pya&kC0o%qK=MWXXK1c4mHUq09DER@@A9tx`puEG zfUp4sAtt*q7*l{Q(VIDzVwbyw1mDcN)J7$7)~)ojhEU$7-Hnh!zeMMdSA|*3T*FR1 z$tujR`rRKF@ z$g$ePznbnO-+*d?sy51bz13;prLo@JUzh<8PZYOl_G18|*f@!i{f!up(v6d+{z}BA z67s-;y&5R6fwO6)!h?_BNdJ=XBdRuw#DAr;RJqPcXzYHUr&@l4yVH352fo(qTv@l- zo}tJF48?>bZS0SshsXt7_D+WVU6jM7Fniw8IHPY!TTnM|~>d*&Oh&8v+pXt0$bmtUM7Y{P?op< zt{Mdt^u#YUSuUIU#dMTHTocR~h7U|4vH0bx%L929b(D&1wYC_7jXWseHReYWi#VP! z;8SZWTWJ_(0PfBjiJ=q2;m1|2cAv_rbCzJtkK@L+GdL!9(4{d|wk{Ph_IxoaGVb+; zVe2*$B{tEdL=$#r{JUhNb@aCF?!r5R@Y3p39kF~=iNr$^70cFvrTcH_ss~An|u=GU&ZgQ zjQCG+lziaAO%SZYp{^nuZ`Ewbqt`9E>TC;fmQ0)d5cTSt(S?PB8Nj_Obh^9g3XH7a zv*Ek4MWq1UW5FCCQdQ?F@YAe?%VGYop^ua2JSv{uvlDqw0=d5s*oopq<-vj+0AQT%Wk!>ncvz5GO>9Gv<@sAPhklR|%Pr~_G1RvVo;H5?}Tps%_fP+f`__tI}D#X1&<)7+nqfQP0N3q*V2Q6io#NDR)*hWAt;Rw9Z*mTO#9>V0$O%H#im}my-aY@W`T3En-*xuD21sRry{i_-SmhzI zo0!1ZlFA$Sc?ms`A?3hRwOvM%_Zwh8Q&uawV08Y3INWQzACf{67DvO0EYZb?wz3e! zFNH(14lk=9lSAY6D;rHSapdqAT_Tiykc2aUg!%3p;4Z|>zB6%MqD6#7yKv;(S{QlV zi&}I#7sHe#5{B{P#_QxPY+Tn|jP3>qXH+a%u<#rlvgAd_QqM)%Ws2x#KZX8UlcV(# zyv-YY00@3dqc7S2EL0*zlUyNeG%dT-C^d=g9~@kWKT!JAJyh<`sQDE+g%LI0rRN=Y zpEqvM{>N*I#_o#!C2GI39J!1XxF6liX*eE$e|*rSzeG}qX?H#NCIj+lw6v_8?orFz z2ai45@;7yqw>EH%^R~tmggv3$9#^nsLLxe{iKAGfR^@aXcx);y#$1>u#oXq69%GSH z&PGU}6Ia2X&%8Jv)*}J1gR_Ni4k8WfZ-zm1u33nMlu~j@WTr6E2A&64p82%$FFyaAUpia_h#H;;p<>SC+e!56RCW4yPO@ z=!GN1O*|fNS{uk7_fW+4QS}YjAPMI&z@UMBYZSzcTXJTrYu5i@Am!KQP(T+JLm z2pzOVK>nJNrXr|);-O(}O1Oo-GAafsZPAnP8&!`ihnNHZx$N4>fr#qVhuB1*m-AJn zV3#-%OQU>Q9(H;u%%bS!urLF|v*@>D6)T#y2+wcDZiDn^a!1m7gTOR29UfyS=O8;O zGP9#0NQ9U7LyjE^Lq{0s#%oG?;b~8vyt=etpyeJMs=53>sc_6;j3h&l?EsmIJBehC6nQMFKhAs+Oe*mDM>aSw zd~`+kwFmwpQ9Yj1$H50|#0YdbTzw2xs9E#!G7QlSld8mlvc+--?g_(FqoI-IXbvA0 z$Gw=m(4SS&@Lc)d0O@)89Wi_Lfspok{~!BOmnwv9A9BEl1ceQcw!P>&LqPQ5QEbr{ zs8G(sHy|{^ESG>$OOo6!nlMA&H4Be_qip2W32`EqPR-+21e5*@cL9&Xz0*JEaQvWW z6>0!KsyLRyoTDYJ1)48(>AT0XUkd!t`uvQ%#Uxf7Zyuw__I|$Ji)ZQHb+x z6;>nzco7fO5VJ|0FOqxkM6=gmvQyp3Jnno0m4!&K zE<)I1<}bAuZEKbZ`dU{Whuw$Up)uf^(fiSz80D|YRs2$xOk~1 zTJ_+=GiRDgmfnaVTvkzM6~O|F1~x%9$WxrT@MjKd;OM!eDjT zH*9?am_I5iZyd9yok(q)D#_LuynBDT$RTEkqE54+SI{&M9VAOcNOO&{PUApCVUBz< z;;2I%3v|8c8d)Ef${hI8FKhh_&N@5RnI9A%`jz57j@uyfXReyyCaH{$@_|7U^yt&4 zr@wd@OP9IW;gYK9lY^4`eOz&!GX{dvmtC#mmilHXw?8@Ou~a$Vtbk|>{FS~eet>2m z7rG&Kt5-(CchL3DR))$?{+|i;W&6bjik&bQ?CT1w^(zfd?L^`PdgkHq5Q_m)DEt)lUrtyO>mUsw}lEn?o^sT!tj}Fz25R!z%WXxFsUjTgS zx&Lwi(Ib_vw7;6w;g2a~@ua6H@&GLl7rc8~gJ@K}d!Ch_p3ProvaJpF%*ByM!&3b+ zd`c;=*M^ti+GG2;iSwF3KeAosPG4W0YI@2XGj?Sd<^ENT7ZFDt{N>X>g%7*jlp6}Z z7joV-l7Mn~;hsf{MkEs3Vi8al8J-3 z7g9}_nU2w#de+^Ss)s|BoLUJY4onrrERs{pIRnk3I3844a@l7074CCh2<8>@(k^3X z9|$|6XZ;2rXrykG2GgS;Lq+&J5lD5(iW`^o{!NNi&nnX#A8-TEZ-C4R7``ToWGmN0 zjZOGonVUyn6ofW2LJ;GS(McJy_|RsK&;m!DIu<1GDT%$;+_T}Y24=6|ky;o6X}5CQ zI1c_4Ni1aZ!Mw=pHSFcpHUE#QSa;{syp^nG9GF6eRR)N>NgtqilQiQ1%rN1rZuhoI z$Fq)qdZj55V^iLKeXE?mzAPQl>)c_byep8S26O*8o29#^+*$>T zr}g&`YhH*`@UY1GLg$~WwlQQ6Z=viA#SiObH}zxiXyMe#cLcEL`4>03SZm>yw_{fM zzoSd*8WKcYHn|FYekMfp;UP>;`huk%pCUO-Id^P4>e<(4e^9dY7{fpK)WCK#RCt&O zrW)I}Th2sdaqV++(MZt#MJTa&e>5wyq8ihC_pDpyDT#ZVaj=J z)^D%}?pX%Sc)xKI zfOP8){)b$%1(cb?K0#hS>h|OVcdZ4Fio+57}KitB~s%d-f;r0Bu?yps`k zSlAEcEXr8%f&ONWmT{vh?Kcq?{+T#L^I~-du8o(&Em1OO0<--OJil^al!@=eIvgV$ z!Vv?FX3yHrho(CZH%7O5IlG=BXwmOCGQ?9%ptsWH0G)#;gl zRZO~tNBDAMkF8;`o0kZyZ(iZ%SY2@M!P`U+KilHZFz}NkK1&!w z#LTMU5STi&uxlN0Xps)~MaXv6~pGvs@PZt{BXC$_{_RTWmw$NtRkD`V8Kai#aR@**44G?At(8tfXeOhaV zn`C@Y_9j{+ez3NG1B{OO)X;yfI>eoq)hVAsLRVsTiO+hTE_p<5hm|Mxt!r78q;6nTv3FAPB4W4}vKJj(NiH*;eSooPxjY3`xv50r zc%?R+mZqiHGgT5?Jm4SzhfPw{+9)5@tt+S&Rb49OIVbN@N%?F$*7&nio9#AwS{$q%**fUtooLtc6+1hRQR~f7=_{+@;7(m34g47y+VD=H%`cDM;7^FT z887QKw_7-c*Pt4KnNSRK zNSG;oa=@&-CdL)Uk#b!&Oub0mxOCK#W=myTv;YUyQ-2^&opX1l#@;pTPz{1O@YP%b z(~V8#F{lWf-CW$f5P1HsegjGtkxrG%)S>hF;@&EYV*`K+?QKXdRJcEN8ZNL%T87QW zi`~hJhMN-G9VN#y$Mh-TM0PXGP2R_8OY!a-d8B~{d&3hijAE(jn{R_3QZ-zRCL=Eyxv#Evd zv@yN|8%&zlK!nH`4~3e5$`85~Ywo)H0?bu4964vN(4kEV*Das(;xyr35UZe8-7t1d zF|NFg+do{ZJT2$7mrsjxo^uYeEHxkS2mClMQ!(cH!`J-<-CpxIZEbdu)v=x(Bwki` zxT$^icf%yY5z)q;Jz_+ge>^eLQ@OUC);G+4>5@Ei5-jSduOp(J*t_15&w?Uh*qKsr ziZ_ozD9;Dr$fg~`?Aw*JBUUK!_-#<@UnjnS2Z4r5fa{koeb#7^T3J0hkM6{G!X+jl z&F1a1(LznL(1f+?q)t0mPHoaL@J%%iHVxn#+H_FNei2jfbpEjjxpz6>(wd2t2)W&0 zhAG#}p0BKL3=Z4Ot88>dbPH|d@6;9#$y$YtkgM8ywpmckylI`#+RcTQZ?V~=df$EC zr4qPP@zdRTNEX-NNqAoYRyY&KDW=ZBt#7dX0ABy*;dBR&^2Pb`eC|dfwHf3{Z3MM3 zcC&%rI2R|64p$>)tp3>*qYTH?yp<}kz0p-yrpf&jI}M#F9Lk&`e!VCO`UI9+)uecdQ9d5xw^Qw0G9ka$8=72)Php|5Dzb%#!L z{}byJ*SxE~Woe3(BD)#qR%4|gkqr+NZ&t^j^6B4ziuK&kFH&dQX+3@YL+nryUk{G= z{u>64r3o22s;fhH7*VQ%QocD9n7L){<-O6Wo%5s^U805?0#&2G{efBWLd9tZUu()I!H)?P}Oo$YgbHzcKw|1L(R96T7fns~{%jnrEDIb*Exe z<9MZQRc9M%MN|EtE_F7f39Pw`C+baJL=?;C?RlJJv;N5T`j{xLSVi?P%7j%M2Ak;P zm@dmIQ=biBbqrryu_mxY^g82tWr>aA2vhLrPv;xee{SISl6?cB=gJiElWJx0pNY+J z{j3_~PHrz2CQ(7VWzK!*6lxHD%Iy*gwd~iZCY{#{#O|Vk6oYo8SH*y?s$Y=Wb`LPy zKP}-E02Ow+@`pwYMI{+xUPQ*-!g0#ds+3qb@2D-)tsk4)+i$RY z;9&%GcqDuS*jJwBkq3WtK5F5U{+{SjW!m0d_VnUO*Jiaa{Uo?9RU$c~^5LvhbXy1@ zphlqlQ9rE0pH*O0-?^=Us{zb~Nnx66Z{2}{Fi#rV=A~s~R9ALh97a{$kEroWw#|i_ z_1i^By+l7LoeNlu&L&YkUO!@J6(d>oWoZ3G;V9(cG;`tiG=i^zu*sd@T=lU%xz4 zQ`s&KYAc}Cvm9-=;T4a~9C7L<+$R)N+FaCgQK7iOV(N3=0vtM5!VOCubGE$&D*KU3 zU+JvOyPUYqlJ*8h%Hp2d`kl={tLR-i%8SP@wR?|=jQ zPLCp`97Wv&XYuoKodMJ2pbw_Mo`UuuW*nqPIuMkCoGU~XubbY0Jlm>{hM$hv2XcX( z8We~Ah+5BWQ?<{1069R$zvPkk5gWYh^LR}8e4Y`@fexv{xalZ}OQ&tExUxY?P1FHtSEcDTk> zA@#*Bu+tYd!hzI?QzcJ!IZyS{s=}Lau3Y5d=OCR<^(t%7Tdj5GlVQY~{&}8v#-3vS zEds+dL&SQk1jr3i7294prc4LM2qIGF@Gzc81kb>>dgYUX1ChNBFx8h%^q8kkON;-w zz4%-&&^+8CI%KCR*$@cIRIzEWOl9yZwFb#)BKx@JEq&j^(QGcLZ~AiU>p|JiIS+~5 z_0Yu;z9{aprBmN&%jVowReW;KhQy^dh~}tJ6h7lihk|Eox?TSKBDGm%bzV)1HXQxy zJhSW%_>dJ6!eW&Y`0x^e)$-)()N_6)XawJvZ8a_(L&BL27}u-wh4_T+nE;0PP-(n) zm^LmR@m68A9(^7+-oC5gI-imtpzqh9+_aLhJ=3u|pSplZCrzTcu~38Eqg@T&)K{Si z6YpsaXyL$(_&+{B_|4CU9r%DJjopwg<_;j<IPuq!TUNb-J-4o&vT zswS1Dm<>~sgf@6Y)Dy9$+9l=^7w~=~0_OFn+>$B(eYrF-{IQ}pmpHdgA39fwU6)PH z>za47qZrs#4ZU*yyb1^Z$v85usK7-|I=)TCype61Em}Boucw42=N=^Rp!0^q=sa$o zGzk7B4j7XfCjhzF4m=L+qh%0z_FK%AvpZkTv)YEEuS=^UnO{*b+}5zn zQCp-*9oj%dYFme7Jahoo3eSCEfi#3C&Mt=YdfrE0<1@H z)^GprO#Y83T+Jlj#LMsZG5qt~oaHrmw--@`YBk*S^Fy z*D#4IU|N3bJOFC;f&SYUSJ}a0i>6aFWTR*dRWmt5Ot@hY!-E{OWs0;cICC^L}Z8%1=n{?W`rQYWIPazdtIvW?MQIAlf1>yH)evlU%if z)z&s>*zZNKbeKqb7I|qE~zx8=!F&+2sqT z+G1DVtnq_)im*f{{jfSp17lC)B8#EHSJ}6zmUxznB6DH~ZDASkKrzx*hXJGT!ry>_ zrdY&Zd@J+T9Vd;_^;!-40^Vh+#Pcd`Lg`A^5Lx)2+v&>o@J7YLxY37f(8ZSVVT6A| z?9f2{Y1dj%vo_YbOF&Ci+u5pmii`XnA$r`!y3Ac8#}bqF6y~7k$D~1yxCu|QoA%ds4Pl35?(nI$qjic z%Lnb1jaHVwqpI9KbSO*S@M6=I^EU;$vfH*DM0Y!Gk-+Nh{-~-GAEg_>p#pbR&)5_$ z5T8nhCg83hD~0V+Tb2)6pB3aS-)Wn3gOSA9-pM{fF|MIDkMFi9vF?KA@b5t&!;IE= z)KcUVt+mRyu!l+f!cdFBQ-=uB0CxFp4ZP}l2Cge1KujU{1a6f_NSm4YO0rRT<5@|n z4}<3B;V=kksLiXisFAW44d%KQSuJV$_2DEet+WAcdsd0IwM`m0n=pnPq71 zviR`LBqrw05#|k=9PCW*zX9t=-+((fMUPsT>fG8hGvky6x=$Fkv1;Qbx{vZJigr_s zis=nH$ATyZOB_nRbIl(rxO4AXB~Dg%YGIswf6=W*+QtPVEl*jBu)v|lSrol|5PZGK zc&Zf{5T5b2(h%PZqF#%h`GW59)lTMk%gC<;Hei4dPMgbP0@7S5?P$yVdACKrcvgEh zw6HCpQ9HB)ofJ_ky)@;FY!fH{)~WkVwQoS=zv%T)yzd(zY@CJp_NYZX8val=G{IAR zTA@3VJ*-^9`kS52UYSM0tMzpJ3!j5<%wg#@kIPq9(j3>AR1i#7>MiD193H(Hk>1&H z2rd^N@i%~UnSH6r!H1L%BJM>&7To0-ug8q^P`$|KC}{sdyCwD$xK>K3{>xySMr3Gh zONWm|Eem37H{?fym~+G5yh5WFd_}Q_{Tk}2ItF9ojSgXg*+%6!2#nE#Ts7mOoVG_| zuNY_d)B1~C4PqU1-GvoRSh`WMZ9C82Ug+hQHkJR}Q&2#?r=Gi<4_bN71-doldEyb} z{wQNGIqx`O2H`+z_Y1S>|8Yk(`%xsZUsShpvEk*o&OSq)*hW*$ z+zis0#Ket9KCPMY7n7})bX+q$dSA^{hyY6J`NyAZ)a}qwGKH=pVrl2)5nVWFslA+4qs#5*$htR}1j>dPA11pqvf)QfX2J4OrF;l4@|ZH<7?Pk= zxdz}B2xlBu;{-s{`SRgNUk3fFF5GJjdKEYKXg2WEwQ5rNtS485c%UMd55pqFe|b1P z?`0>C`Y`v}Q7L0I2+AMEwSI+~hv;=%NfXOMKl4uOs0L?qQCTjzl%sCV%`k#L>{(K! z54AbYbe(X7F5;e*aZ26UGK--SU@o@W%DKl`%$(eU4zV{)G02UCMEchFEs))C&@80f?wu!ljM^CjxM2V%trM7Crh} zJTqH0g-NoQTOeH?=cL{pHy(0N?Ca{g%1eOfvNL7m0-uL&vQ7=;XFA8M;<3oTtZy7q z?H$M-y31|=T|NX{6R6eyT|N{`;<$`6H0gz|468iabo7=^M^9i2?W%*HVd9Ziihh~( z!it20uf88R?lPb#Tl>dv3rK3@nAHsW#9*bX$Zm!E;Da7y_(1!gEdqvT-+;ru#jLj? zG5YeX>w^dVMe1eD1e_DxkO`$Aq{(z*^$C}8mgb9I^`V$%n1xdlU+UvJQlzKYJD6Ex z%~aqbN1jZMv0|vwtYc_kMaOJ9`)+*E&Fq;-vcFD;W$D#K*WSCjAhKhqXLW(Rb!rg8 zPtUfWaN zl(jcHPctuzWS$!E%AoyKqqj(ypoS_{$NiT!%@Z-{DF2J*A%CHcbk#u-h@N`he)wLe zPVJbXb!UR!10mfqt627y$glqi$t0@B(V>>avWu?lq!h;yj<2o{Ykk~)l32`BgbOu* z&`~h@W0bJS_W;liue>jYn1tMsq35C)BdSNqqTXujH}?c^@AQDubwuB0=f82lqlmcO zt2mc=x(gbtm{(_ODM-iHtPU|+iQ>lEGLcKwhJt^UR!bu+8byAIB9V-AZEI z2gO@NT;Ttv#GD>E{xv+WO0*3-`J_>VAo6=*5j6i*YWK;Z@#_zGGxyZMgcd3G^Kdd@ zg-eJ^PV0LrtZs2%(J!euY;1GV;HfSJkrmijTBjH`7|sBlze}pWr_4J-t-#!G6~Zh{ z;AdY^3g&Hs4e_tbg-Txgg7FUaQCW zuG9o1UzCxn`ig!wJXZyh6U?IuAsoMzjj=1|kN;JJ18e3FHmHKj7NW29)Ovl*EqHVQ zEYe)qXw2nE#0XK@QvS?jTjTE;H>P8<9rxn`G} zT7J5hu*#uvwM{O~;0Wg3Mre1cgw2vBNm2eXd-({%#t!K0H^L7>xZ;IdHe%; zXtREeqPwSNz;+o@6LzEuWA2acb*w5VB3u(A`DC-cj*(*2Q&Nlo6i9-2Ji7H1k?3Dd z(JWisWN{3dy+AenXxy2u40ZC`NY5+%Tm27pu4(-uzh760_mV4r(->H- zvbbuFH8X*~ES5d1|H}4SE_+Vv-)dy$tE;jKRQ;zq^$v8->N*DAWh%1ovYywm3IKB~ zYTv4QVS8a)1ET-?+x@}taQUBI`M>_NFCVr!ASy@3FSX334y9MvH&9%OAVBI*$Y!Oy zBODvYS+2O}*d@g^EoqnfI!!yiB6(7eKU}I)LZcdTe$jPKfRqO2SBk&vH$bMDB_MUH z@3D688zAmQ_^wRBxw@zJ`}~cDgVP_=YUMXzx}U#zb&^!>N8|)Bz}dFB=OnXhW|F11 z$Cg@-h8LAu5(`=Jfb!My4u@MZ^2_>D@j-FlS=XllF6hKhp@Or>dU9=QYVbf1J1z7J z2~%@Z5IH5+VSUrjT&tGXXwBCaAbSxWC=RxfmeTRtSr8=1*}v%)tF+%gY3-krP=7x8 zCz*xLYlM9Cn%w>+wv^sLjd^N)T1NU7Wl#_r0=KF{3_pMsQgIL+e~ut7a}3*%H9N*> z60V_3iwJq2s&N;pqTW?4We)aKSo2n7>xG0jIuC-G^_5@yr}Vr_a|_p$qR=wUv2nRh zMJcHp1l*ZbO0A$aA9gjN>226hH@8ZqWt9{K0rv{88;f_;!;mS5MpZxbdx=~D4<@t- zhb!-JK~)O+C_-_l;%IZTx4LSLVRNtFZL2_N=tADSNT?^u_Zk`RLn zDj8uz$TA}gHXInS)CFFh&O8^nbzsNr^J77NeQr7C8{v=@B_;itp0!15<&~nfVgwj~08RwMpoPJ5)98F=FcWB4W~2A5F3ji=X-FC;$=? z!+P?TKWB8|qj-Oh=g)EMe(FJnS!UOO6zFK~R-t`N&@5MZekpP_9n3GXGLycEC zOGs;#v_=Sv+8kK)J16LSgoTWUL!?WhLKyWXAo(6{s9! zXMij)pMGcTS?QiwW9C^Bsj@F{KO-RQ{g9OvULwc^2^oGs(0gh6`>rOmp6>-e4#Awu z=}^eDwqUhSWDySYIGwpjbu!|IGcj6+J7QNOh}ICt9oY z=LF7aM)d5QN)R>=#!X{+*<~-do%Vtm!NFQgXn1FLh!3%tz?oRCDf@Sro-B($1@kum z>+it@9Dy&v94-5)eo^lsVmVD}6l(J*zs^O(0(efm8x9tOSWi#sAzZF2oDZ|l7AQad zXt_Pe@qul1AXR~SK`N@WLawPBlg+2nie)T-1E8F-mr>;|QobmJAB;sN&dBMS+kcgf z9uIdX!{Pl6NGk%S-~Qg!`cgEY;U?CshNG7y7)v^PfUPQT1y9a?HzKubk77}?)OO@C z%}SNBczZJU=zike}5LLny{N)!yPaS0n@YyMm(s)Hf; z@(!b+AviQx^M|6sA^GXN8er5XN_W-KGSEkfitq#;Tz;P>RMZwIgXnGQ9A?CO1+oy- z>U^;FUT>_-KcMo9K@&^|?LJ5;KAsA$o~>!~i}BXYeCmpz;y0~gcOy=kjytZVfh#VA zD?HCf)n_QCrik!tG-Q%;^k(Hrb1g!UW?`4AhJ;pbiUF5=`?4p7d(gW6`hJk>JAepz zFVfg*cQwM&g3E60?+M!Gbw?I3nMa59*Ym86C0@b(0-v23=xYWE$eQ@`AmoA~f3GUU?jNS0GFEF(44BRi9?HS4iRM>!MJq z3AUz^$?u(Hh)Z2ZL9!%asWSMZ$;OJI)3@$W7wQcXhzOKF6dWj~OIXoPUR zpL5sz~$)#por!0pBj$B_?5Ml%X_o3(3;$=nD zJn5?y&6loY>Ed=?0&>{0`c>3m`v&PS}m~ zI@s&K;%K*%j@*b(??fuUkyMm05lK8Y%4+{HpAk#em>rCUCM5acsD2wD~%s_;80X1z0hkS{^kQ| zIc_&pG9QOj77c>p>2RTjs_*HY>WbwRP`8FdQ<3%rqV1J;DDE{YJdLyLc)7^20t$&7 z?3yVUG{3QWBZaKR8Szov;ao-+Tgq<;8WvjohO*Nb>r5=996+ld3dj2H z7_=m^f+2kaN|$`WojOCTV+5vJZ+IU#=w4eu5arj+v&v2xPOFD)YzjWTQsea$ykAo* zJOo;+`(dxBR{C_c_dxfp3aXmZwfDY$nZkSn+yNJwBHr=QTr00c=9t8AWXhG)>w%S? zxP@>hujy*rmbPaMe_~SJqP!HS0vp>&tE?Y57_B!CV`cVo4${8?5O$+Akz>WxU=hN0 z*pcaKvU!qv7qs0ei2~P&%0V=Fv@dC_72S+h9tZU#F>9nhXNM*%R_kgSGB)=j4pf)j zaD^XgJT!g}N?g2XZ$tu5Qjm;~*? z$)j-vx>!sm&X<MW2m+@ms8k8A7}GP1P}tnr6rjT0nYtI?>(_>Mzp;%L-ct#x*9! zq||j2w@D05Zq}CBZBH;}6ht??5AcRQnpWqgbp@LAy(s5P%rN(UKGDKvZoa(?1Kj~&4jzxgbx6?NqnHjCUq zR(%74nXzT$k;##Gcg=U>lwGn;1P{hhrSMuK|3`xDMbkI+ly z=9H-_*wW4qUNA$%%PFolf%-;sK~9k5!txtH3<{5Kf~V|n@(n=3pcAwd6tpmcvGFp} zV!%!N)mwYXxAXYW1UnK^Y%|#}Pnn?@>1Dh1s~O$Y z@D1WC+P8lQlJ=CSz`pV_cMs`85)`c6DW)9RT(?!_4~g!fku$DThYDi4@fCD#hkj-l zZnmKo(Wz#!j!T9WH`V)J&`TkWnA0vmHD?F$^KZVERX9^_yI4qw< zSzvexBHQBx%W$@F`JYTJ_qg$zVIy47B60({yp6wOZ|!#e#$?KxKQAhAOQ^B=-vbYE zZA^KgP*M*vJaI;Pr%du_>_!PSOxEd}^|`{h!_-j`;~8mpI9hHodF)@nUq~%#CC;#R ze)CAJU|#S>o(#@Bltj!clMC0%F^Yk3g_EAm;Pah8d1 zs5{DVu0-Do-Q4JGKqMo1RkOpi;&}J2#5LEODJ9Cz7pi=^F#LS$ljV8$jE*XxP6tzD z;%vp3w&58IJHH{2(*SkFVYb z6rnpY1G@+Rbl_1x^Z!fT&H=8UnW~`+y}sfsb8$hJu?b{^d`sqx{e< ztKFnNcXvkz@+U@N&i5OTh+bvjD|Zc7%PaKLek}~`Z%Uc0)2;<2$&uQ6RV#_yB~$!L>w4i-j1-D@^rt~bpUu}OZ;+0#`@*bcb$P1~CUH3Y%iFQe|^N)IW1Rbn9SRIH=ke*?psTp1?@l%odAOcm8cr$x3&1ECokeWU3yXOT4H7KxXDHKAH&Lq<}YJ%Vlt z>mKp+!zCcb&LV`~d1!b64dp~n1`q*Qq{I;f4rJfrrkE&5j>n9fz(CRzs!Egz^6BBl!=}p`)MY ze#Jw(#YQN4!EA?VR*m?~2765I4Bnw)i=n&6L2Ds!d(f&Sv%p!*#9UY!r)(gZhQ)fqa zbF4h=bT;&|;tvsiF3y8Y!;r*~{RR-lMlSoi<2lj*`n#x%(lAc>m$CcBx#Ac!POa@2 z@>p525@T9AI}j*iQ*5!~Ou@)oQ#e$wW88_H{R_%+(h$9vmpAz?f*}wBhSF4#sno{^%-khDCGL}<$*5qNJEjUQ zJmyW<@_E3f{A$y3q(Pswr}&zX)n9hm-R^a5ufO~NWf%zxCuPeMDW8HysMjFiH-KCP zzxH%#0O*#cqI#}8I5)6sB zR$fT!^g1CwIT3s?cREkDZLm9PUMLrz`nDFsz-#i9kp%7Ly`QCWE$-Nn7wG#mdPRH3 zFz&=bigKN)O=_AxnHPYrYVxw>?vo1I4gRfu@qow+0LrLhDfxP7+KM8mnPqcr)D;W8 z5UykXHeEXGwIEj2T@%1=l~HBPTd33L721#OVTFkAl$NX9@=&EGiyAkaDOi8e{- zDHon%B8R5tdg6Tp))jWt=`dWN(6j6A@ev^h3lvo&6{B}ZqqmM*)aoqS8Az09Q#!sIIP z<>?U9=NFo;4ud(hw8h)h!P7)9=TnxMz@Xu5>G_?&qIB@s-@hPsr=%O~38P-xg7jZ0 zHhj=gt+!+e_ACWyEmO%_G z>OIb@8KM_E8U#7@lg&zc~a-zK#UdZXZa!8bn&uwcHB z>w)G~0d;>7v^9#^^q$m6d%?8mg9!~oP z{1VOAqW7Gmtstr|FAx5C)o z_h)ASK*16$b~HYBu1=|!rPPj9AQGUUcwrFa>{IXeplGwO3^$~r;-ZN3fXt70v8E?& zK)+@{x(nuTCXFm)|D8IZrnDXY_oxpHq5>6<+-)x7fX3D;X#-Vy2zX^%cb8tVxMQ`r z&q~7$Ofg(%=g<#W{N&+G+Y4Od46t3NjD76#pO}m&GYECsrt+nZ#V`3H{^PlA)GY7! z0*I`9u@=L$v;GxaBl=eQTG@H+!gFE^7srEYB!v};~U)$&ZRoPDLgnN zz)(uh{H8S^U)mPJZ4;&?(0&N_T8>ZB#H_f61iYABu^XotY_cGO&6O;FApiN3viPR* zTNj71kVdNWI8uVwL*FYsoY3v5sG8(D=ehcz+N1Vz_tRmJVATZVQT*l!>rU*UmB^;_ z>h8RNW=`(XL)0EdmD)@5Bs@)-J)4qHb;D`Xw8ovV+&ca7_;2mUZ_tn4Qq&^ef z=P?lpSw>||izwkTw?78yrf&0{XdM*O6i&2OX+Y#3x>t% zkA3P&?ND+TxL`aL6-TxGraIiNka<9vN=J(;w|2m{eq{H1o)1(0bUKgxz_t*b->RmM z9#8A;gT4VQ%tr%xhLuoxA-BWdZ)spBlW`*`;n=mx62;977p3Fp4F0P%SG!82dA5l`^j%T&L<&YqcXM~4Xm;B@ z^?H!w8=#BM!yI5a`p60YQ8dOZ^hp@>S2Ko8JqQc3#BkHF$zFwwR#`;ZY=FtCmBYUv8I)}pW!avi=j z)YuT~DYyd0T)ZB>8gc&?Ly168)-~^EV8pez!?WJp;q;nDtclj=VjyEG=iGKRC9{%? zU`{Q{{e-kS^f}EPr(C&?N5)QT=uq;`-1kceCpig;EY+vR-5PF4tV6Ak9L@n8jOm0XW7{vFX;18{fBc)*WPN_wE`UQ$c%G6zFU4+&LZSi}JJKYEL1*!nu zadXJLWa;T?*0UQ2aRY45wxWI7j&gBn7-abVF*mdJ8U~ZA-I<-*W~QS;v(v~>D8mUq zf+_V{dZ??6Z8(i-5)pzDeJUtVTWcjZQXfQlUnxZ0D{OR~+>?T{@BqRpm7;(5iW!hF z<@=Jx^MV^&SK-9Cp(Vn7;CAsAbM}zG*RC6BAMk=pK+5(2LVE`?Wmi)a7A|e30U}O& z41qb){-ni;y-#}Q{7!eRcra8gVzZfm=ZMRYXWs3>6$o_)aw&uq^J}&MT9cswO)nsL zC>uMb!M%71dChXDycXT%%OD}n@1!_>5 zelM<9Tp1EWYIk2&j1bP0m&{LL4CyIz7dg7qJn551lWh*xt~giywR-Ymwi>_<3bndJ%SF zfGEifdLN^2On2AxHWV=Nf&AzgD~lTfSTTtfS2;F7-$w;(K1WH^;`PoKBh~y36reO? zFe^GzXD|fnrA)9(af62M@aZfe5?-Dmz;^n4Okc)GPpxRtw+g~5RM11#bfgiLu528$ zIyCcDjPUC(=Z*O;gASsO?}~0jsfTw2^!i9>qH z4HuO3Ru_o6)f8;#x>{8Y+RWB=g~Ozb1BZ2*=TA0l%tDn_HB2Q+K$Ke6F6EqOI9O*< z@=mQVMz2n}f#<$F{0EfTEV}_oXJ~sZho9~Gk>=q#TP?G25GrhiP}uAUAlG@wL>~fz zS!uNq;IEOxog|fnRzcd<3JHyaNx3CD6d*HshKAMkhM+WC>~9%QrRk}f+RYIgP1WQ| zW{?f=TmF9|r*LD{67;D)zv@ME27t5(-qN5FTg&|A4oFCg|cf+e7&71pk8q1>}2U>=qv zPgz+_1FHg@LVtx}o790rql!E?J{E`a@ z{AE~1glut^Poq4e^5HEHxK6R@ zf!(;|cXKUmaeMHQo6*?3?kGVEPiybIFyU)RgDB^KETk6Wb4UYf8g@B~4KYL7z|9ai#9u_jSKatzdbOSba(K-Jm>>0SS+$wLgVhL{zu1E< zD#!=j)NM)gupC%?(L5ZykZK?7Cxhv{UY4CV37#cJAJEAmLR!40iW|LRJxJZ#xWL&E zi6s%6ciMxU@HV01z1XHej5)6^wD`LxpKAw1JH{cF?nci!k zE!!B|kQiPhb34+{rO035TDA~Mz+>tXhY6f0Q!Z`-!b$w+xkBf>bNiDT=4Zv?5&MWB z$@@Qm=nz-x-`{Vce|RR_krn$PW%^W3Hk5h$Y|=`SGG~Il6!!AFkIF07%}z6^upFY58^f*}Dymc{!2K0pvg-BiGVb|3VW>2OWj0?v8C`hDKX>4* zU`z*FaadkZ!!q}3L}P%7pT00IRHs>76l=N?*w5xa{>zP7m+CoQh@?_jGgF@zIl^HY zRr5vre8bE+dlIoe*ig3rQsHx8o{sXD5-b9&&d)UCo3&=}fzMZeqWp}5AUQAZVd%}T zkuTK`XBHR8MdNF_9qa_YIaZ4`A?xh;?7IdgQYCFIcg7Nh!_*(tk*rQ zwuD1CDUG_tk-eoP$7hJDmN!SC$L}=fKkX|;7py8Z0po^34*14L&mwdun6J@PJ;a=^ zao+W1TN{MVzEn4R?DaPF3e1wkRsKHgfe1_}vO;eTLxdA>yvyDd#}s~35IMR1sp^XX z_Nxb299jDWzPQ)rWMaaawA1a1dm`5*_B4luz<@N2WzzbQ)$to!6=U&3OmurngQew_Opb?d?lfyZ2hLUlh2<2H$KQKNwEjnX$uGR z>v_F3p8%ZN?g4ax^f%S*q4SXEm^djt#D#Lt*1WZ+SuyK7RHBK7MY= z2M#v_dpNp2|kp(0RY(O2ubu@=>A% zrQ3f3ME*h|FpWdA`MNH-=l}Ti14IyNl8vL`jgeR9A!V^iA*p+F_{j_ockM;#a?$6* zwzq^z+Gp=&WPQ*eMv-S`U!Jdg5ciG0IZSxCSLXew%l``93W;k;h?*Q-Aq$-qntsPX z94T{8)_b)5;|WN%4=G3m|97}%8o#2rDo)m6sO;O88%*w|*XOL7MUs-AYW@UDdt8SL zc@Z_6=g`=%O!r&YsKnuIO(OB6Qa&wlYDy@RUn?fq6?_cIlnV6aw0*x{HOEX&;F9fs z$#VLeiB?;0^=<->-s}->J~iX{b=cN0C@eOi*x$4uwg6oFtd=X)!1Z5X(Gwuw+9l`v z_3wGC^LK1Z-p^K_l#y4ce=fU6tr_^3!N82O_p*yLpfvf3`{fce@#f|BC22g@t2{(nF7V)Lb2} za~^3-hLn{2hPi{~yxcB(R9<))l7IE1j{Th^*`C>tL+CuRTdDX4{jfvkZ||zt76h{$ zh2L)!G##u}R#XwQH91#~cOfe=(cm2zyf|e}MN=Vxlmy;S_vSv=PWxyBz4*k=@^`rW z3PzNCOD`bfK;03SYfM^te><~}9r!ZLl$HkjFW>h1!n@c`0twAkr30%n@=$ZqMQx(D zOxI$|4Nd0j6w-c0QLR{WP{{q1^ubc^@F zXZw0&tM67tJz4uG`+I~R!FRoc%B>G}LsFG(InCN8lfso3?HVF^`08Kzs3VwosA4sD zPv9j%cqz`kQnf`>5$|n>GM0@g{#GwqD^pvpC%rbL%Hoapr{(CNxz$Fa9}8-XPyP4i zi(58eb@=s&ss=+X_Jgy*OSav4^2Nj;UqUc_5c(uG=kQm2iJy+*3!9a^J{w+ zk1{bTGwpMpqaUw+>CGUnq7NdkKV0Q!c?7>Lt;79r9GG_&X7YCK1C41i`Pw>}pPRi6 zhX*0F$_J@@FUSAh5A*mF=MP+zqbk`P*Gw6o2iNUckXue&@;GsVPK)Dnfvyz^|B$cr z4eI$m$#0H&o_)A3kW!~MFL>c=d(#%3jSyGam>hU96jcd@z?M_{xA)<>rHc`5W1l?K zg<8M4vYW#iA1X? z+@t%ZOnETKVoLjW?l5wN<$c!4_8(4}N^b2Qc#lJV_I8x_@xu-j!n1rj;acsI`auZ9 zX>f5~T zkUtVHVk@F_)#4i={Ads4HnB11I$Ud>W`|hy8YY#0?`JDU5Iz#DgjqwXP~T@b@gXD# ziSZ3<#G>6^pg@K+*jRshaS*1IBzCfp9TU;;7mBmZLhu3*lUSFkuIEa&T9o=VCt1+n zMaY)}6Iyu<{7sCzrcY}nr1mf=JY)TwTuIBgy4wP6N zdxKxgSrbqZ=oW!=rfRzn63HlG8sMf=Jyt>r(UacQavLo>Z&Q&>)v}?6LmgHg0wW-hjf;VpO zhv!jWv3&rk<*nZAO0?7U>cr9EWY;S_HD$BammlrPh0C3y4iUyMeu%AnGMbT&A=)VA zz`*SX2KfYFrM&PrNyDkiVN;*V`@M)(Fpc?#4GCKLy)G&Ms%ftBIr=Y!{*Nq}noMPeG_ zeo5AKcjK_}A^ZtA{I~ogKk*4DV9M*DKZ*OCb0To%smE(-JP^NMo_>4%z~k3tlN8<_ zb-LbY{}A{9#1>`SNNQfhb98>Yh_M)P(T*=R>iO94;$XME@#-5!K+6d=W5=(?Fm#^8 zlrJSB&F<;F)s@4Z8A6e&mpT9e?_10aKz?WzDJ$#kA%Q3S`-5vI)%ojsRp;@@i zd(ey^O+20`>K@0Zfj8{M6HxA}r%gYlr0~|6Xi4&jzOi1tH1g}-V7Z=C$X2Z}NUf-w$M48wqT`q%H5B zO>8Wz6Z<|W-av}=IHL@#AFHXbTs>y$)ppEWC*$reo!`pUrmy7XUq*HgH~LqU^U;w= zYU&J^tLZ4XG9#TYgZpRVFs+>++!i)-?D~k7{*LnxRy)xeC>quL87t2}Am3kWh{Qe< z-D&rB5?BfT>GcAq0l^Qq5>2+Ai&*(wbk;eaeQO3R>ylFw>g6oATSC zeU=>+n>BkHg>7$vGNH6??K2b&*|(lN(^%}fpLZcn#O0g|XyY%dd=L1(5ct-#QQB9+ zdJo)$M@~G90)mPI*752pHRe_W<2te%%3lxC{5s++38Qbiuyzlb>@PUo5jcI681@%E z4RJD29%}y?mW`13sTU?7rz9&if!Tl(2&7QVp$s~?9c-1j7vjXhy*I4v3QI{7u{)l6 zX@xNSYWZmvp8YWsb3IS(+4?9-VzkX0sbS#qm6j;J__{|&nhW(+WmniN8VrlO& zK%XjAnK)+NY4!T82o_csMBDt=Jx?2pu;W7s9s^cCsTT#CKzQ?W-yg*GKS-J}FD1#Z zik#7&Q5Nb2>NuO(%2k-YN-|WvD{T?8WR0UFTcw9MVJ`Hb6c;|4xE-M*cpLd?j;-0W z3E4OGRswzk7;26UK7xJtw3w$EOVS}_r!nd z#0o-PJg?i{H#eK_I=zoG5J}MW3O|^1(e6Gj(5!c7I4lR5$G$FBres-kTOmeeSH9U& zB6mIEKCo~w?;U`De)mSltCZ@n^%u_o7!7~XSqF=I= z$Qq0se;V}%62_jD0&S~T?u*=FuO8qQvgA(y>7ye~siMVSGEy=305}0Du|4G^BlGL^ z;K`yY_OO~yZeN;KT6%rj(#xRK!;GeeoLqugj+NVaaz{hbTY8qC3R=*A=tMvdCZrlz zYB^WhD<0uyLV`D&A{U9uLf~6-%Ju6g)p|n4_cShRoO5%{M)#A>vQY1R*N9U-*4`xxJS1(vyFwKGoCj~&o#eP}BL_t_b#c-RCa zd-(f7B6=VjBVC%yxSa_5n)6^QhFH#q!EX0&1O!AC;J>ytlDGwnAswvRmE^c zQxl`S3gaUI<5yK7jh|)ux1Rv2{jXQ+Yj3N#Nm45|kUf)6fXzIT(bbp9TG1Cb*y>+c z%Ga~y$JnsuNZIyypBrtjK>haO{|SvPz1HW)Wf+CMlf^yZ+@Cq4w{;?f&xwt-o{0`* z8R7?85bQ?F{J1bYlJER_QsOH#XEu9Wyse4mK>2*|GWD6NA<0S7o8i~}t=^cQTn0m! zPdL0iL9a9W3kxjxATy~-gp_8T6GM3aQs)lY#g*MOuj5Q?UKwjHdA%@EIum7Cn^Bjd zLUvM5yOcNydnT6>%IPjHR*4QW2mIaz+uC)UuclWhX z|3mP)hSFiSl?Fwk{XJY>_eDm+()ada=kc}4J`L-l+fJf{AHka6&RM9htDl{4%p@Ld zru1K)H<7g&5B~TqtnkB+0m4K1v07el{$ioLqP+SENcw-&3IIT~f&WC5Pac)0~piY3&3AsRe%BL6#&u@0CAL=AOL`V1$v1OU@FNguLA%_QO_{| z9GSdvZO2N5oI{qVc-Fk)**HR- zpk>*z>iEJ=?Pa|<7`l5KXtV@L5s-69Sj3Lk%fe*>`1Nm0lmhrOVqgt0x}xbpt$cF0 zFSS6&d0|^%jXnZQ@U<>h6=i|ffgXUJU)l( zEdRy{QuqI}OORnA-SFyqLiMwZ+IRkqPk_jP7Hc!jbn8XFMqiU0MZo|cA^L-D^Z3}K zNgzf?*GOR(fZB!>7om|Um0#xLQ1wb&_nO7*KLIEWmwZ=vWW)vWLB3yxZ*C91C%tQg zu9J|yiBTFWF<2a-!1P??=Vy_CV+@0LKbi!YMlMhg>LeGwpWxcq;jhC6bk(={+&t(M z3QWH)?`@TgcYh5t;8+ozZ>>8+MlzoO)28g3C!hP`2i=QVU+p{VzIkFB+I)}w%;Q{G59L+GC691XLi%7Y7>JRqiL3O zdGh7@#aTsJun~seWBP3h4^9c&)TWId)^K^d+#cB?rSHVL@jh!8za>6XG5NG)ENi1v z>n`_r_`Mp9J`;*^H;ia|^i3Xn{=!T6ZFI53AW<8qPQ4t&r@(UWefa1c<}1fh{ysp| zchzywPxsVz=>+-CQpLTTktp5qYjdhoy(S+1J_lif@ zN(E}grY|hL3{GNIanQZD&rmT!)gH?oWf(DXAz()()-taO5emmTtv`Rz%_`0Jlra}A zoDo|fwHlx?aO_pi68+42%`T8%>A3}SFY-6m*_8%Us`I}IM|Z~Q>y+0r@WkuGaj>+n z;Z9)po#t$oXYf2K`k8{GlE`KQ1w@nA9w^FB(@a`9@+R+ME&M;6q%qEf+4s-6=$NpP*CeT*nCGs!MFqXMqN`xY5-7CjeIhtb%cNZy%zs zp0uqhdj?C1Oy{?uAQz~=(Y~V%{db6kZH&;4vWhMVOz6dR;%ggR!b;|2CT7}*S#Mz4 zeVyuo+-2P=tNYSq+DmvfXSPRRVupJ(XrJerpB^So1O+EwHT61bXm#ubBBj=Qbhnws zf2ah%y^hRO?Ywr}osJAn(YW1anAT4e5Bu&YkX*0^=i|fyIZdL);m%#0>)(Zb&%|L7 z^7ypxn9>x*4arj4g7cv#pq`u8uU03XBq<+vq&QJC_GUsk(HS(fxz;f*tOF;?Rq0U(+%?MceRr^#fWrq*Wuec^laeRdHT@%V7rAc&20o^&uq0;ni(i24sT(%RbGTJ4 z&fghiQ)()-PuPcvUkKczukOpv-RhBg4$*eKbnRzWrygT@I+O7s}Bm zsMxxdWaEKqN=K8yg57Tx3s;s}h1EwbauJ3Pa!t?R$Y|cP5@x8TxqT0)r#Adosr==b zGu+~hGC%7bNpaPerUF&XRxeSRCt#1hhORJZ9o0mFKcrK${Ub(6G-UI|U@du5(N4aP z$`R?PHmaw{gWoZ3D{v&S3>eqm@6%297CjV+c2wa{l&#!GaeTXcwvO-2!5oXF* z*M#`pxJ1r!7@H%_s(E6YPh-Tz$s_{eu+|OPnE93V+P~!(K^{)p&+;opz^W(_qjYb7 zgt!y`9+h}J7OqLAlL-|FXJIqveR0?SmXTkOF_lG}5|4*CrpJX)48@8CB zG08E?68IQL-$3UD4d-!9w*uPI+Q*1ai!9@uX z#vNO7Dd8=TzI4>HK4A9)ax0AoPn&bI)@EX|4KGu_wAm8QsyqdcIVu>+v zz4M0_CFc4BGT~>8(DBCS(&w_;YDx_0&!=;c?wH*Ut}A+k_mmT`fZ{koLhmLbwxjZg z`t>Lu5;pqcl`4p2_t-@;G<7Iwm?+2aNT(Qz^|&*DYn7Amxj`Il9}6h227%;NZ^SbW z!u89sCf31btM0tHQVguQD|=;4RKhFxm&gz1o!T+RCf)ZAA zB|9{m&#v8#Vl$2uvfSGO04~OTntzm$EoYUvudolc8EuJz>+|EUTaZYmAgmPcSL*5& z9*-xwl8ek}XAA+qXKFwBr(Q&YPq9(D<-OWg8Ofw5 zNJ?vSz6!=sWNDHjU=%9s_#wwZv+phxe-Y!}oM;%oVuAC^l;kZ6mR_rzADqwLFdsV- z>vD9za#O%t>TZJttHb!=dm&RE!mWAZb@n6HMzH!Mt~Cwqo(d+YWrm6V{Cv|$)q|1f zUlX$?+CN!)JI?$U?#$~BMe)?g$!A!h-nA_i#R=ZC5xR~oh1rLq{;`*;tbLVp`EN+A ziI>uz`-ZXo1OPChw1WR=Z=j{-5M=DKcN>vjQ5-V>?qHFQ*BL1%{|L#6RVc%?9P+;iv1XQEN`j!K|Gm_mr9vB@Z|?Y?Qo3i(bff`UmtxmQ{Zm|w$hgjtCFDZ799d2 zOwvD5ZC69G&y=@vCsEHZ)3R%=-LiD&l!3M}k>+blD&{8ujzEuBA{()jU6VEyU1o=> zY-@63R9hLbN+Fnaqg@kXY_#mv-!e`p4;0@G|B`Eg*&*KW#X z2b%X?(xOD?_rUplSFdrJlC#bylIwBMn65&U|1jFALAo@! zD_J-jd*k{ns#j1R$1<%sgCrj)4v_uM_yS=vvZkh`I}oZ77OdfD4ZcT9SRXSl2YoC5v7Kk?r!4EfK&&8tyyERI7T!7Hg{zH zx!27=oUQ$hT$@M=f~f@LAT3G8>7V_J4?YWR4qXafeFZeBC>mYHPY!^9ORWyPeft^e-Gk4x{Owsz$e4?z8B_^(C;{}Z00>TLrU~Szx zgoqEOIJN)nIif*PU&UJ72D)51Ak?EG^Xs0;5v-Dl&c7s=ZGDoc>gJwCg;-OdBTsdA zAax)wx(zM}JEGQrt3z%0pxL%FXiG!hrh-vpszJSN>#WjkL9&Na9(EG6Z#6Wfhvgjx z=C|%S3)Wfo#h(BVBnUjqeZf@L8I#H?*gL-|BYJPUZcd5@@hTRW7H3w);YVunPhAyo zP!P%fCN!0P$V*Q3d4H9rAI{1oM1W}hv8>iqEAIezV#YD#@}2%uWDNUKZ1ra>`cEVW z;~oSfk%Q=B82VhT^hd+AYqSHJ+tmHe6VU6(bBFiMRAbVD(Zc3m&-FV4H|9%kt1)SL zM@7M^<3~jtb~^{JZ)=)p?7Wowv7!9WELga>y5v1-s29eaz8~ z5vLD!sDedfH^uRbjlNg{w6Q@$M6^J|4AfwKOtzMMZM|Uk*tNC7nX^2YU~s!5;v@!K z(Cqz;u8mu;DJB;_yeWGI_RT?3aLHlZnR?;rwo$+#w%-P#IO;xZ8ZsdGUarV1Nxw5G zJ60f#CRJH}6(s$i7`fpJt-c3ct@J#zJMa7=_%rYa&EZPV?a0%h`nwvdw3FXXTuRo@}ogx5$?7%+=G`0-%pysxu zK$n#)^!H@`M9ZtK=|Ae-fx+6y#p#(idR9(+dhio4iw}!#?0FQ`j8cC8*}$St+9H~U zsb{*y4+Bg#07bKthvf+r88#ClWr~TTy%YLk;^Nd?%*5;40Y65av9!JyzpBW4{C|mq z%?CcpE88=B4x7E?Rby!tt=lUqIQN1mhzwyVrz{B)5F7-Y6#QHms(cKAmI)4G8GQ_D z>t${i>_v}``r`jcSS=WFATMirZjIMR z2ZuNSAY@Wtb1yDX z)7R-egy-h^t!grQZt#49ETUUJtk^J%QAJCeuwRe%@3q&R_My^1`W^%qGDL*V7HlT~ z4~xNgLUt1ypS8dm2mQNz+zvA zwU5ykjNx#Pl&CYGyk+pZcZ>w6F@EzB&qamtsPwQ7I~&D&D5K9~>JY+1v8$AItR*faR;?UvVp^*JQIP*%t*Or2Ku`AA`OIYz{?d z5Z?h*IIdL5-(v&cb_&?`2~!OFTT)qxq*u<5Wd?4lKF^D0xwnJs8yXn*OiMZF<0dqG zrs5Gn*L}|Su}wK#lUR;ERapnZ{ZIw`B?%P1{i~D27A-rOrLgTgtu~u5Vk^k@fiX>N z5!h~>jLQNSWjU+j-TU2yN^==kl!4Hd=eVeD)q7TC8B8^cTUeu2$mgxp;pt>Xu)@UyrnjFY$;LLThAjz>P@rhmm1echS11K59{ zkLqB;d~Q=wZK?_qia>k-sZmMUw_+Q9KK8`YGDcGvnHKyO=>*Sfp<@Mk7pi$5xlFqU z65!wze``*F?gck&6{e15ZWzET8D=mEjMqzoJ_9+UX%g)t> z1bl4k6ZcIOwSRNHt({L9VN;-}AkdBS7VS7EOm{DZzzHO+q6YG;9ew8`bMr_&yf-OD zX78e;bh=Z?84^=^!^W!m3!3QTn^wzCkwDDwa*K3ZkXiRW`ZWZ9sCI-^e-mA4=J~+V z%s{QACqKoAXLFo#huT1JgSH=wkDoj*2M-Iaq3EIwp{oO$4y8(NfQx*J*$axQzf=Ar z(K&|mkRv<|xF$G#-v^y^GlreXFcvo?1qB4l5=ZfVtbr3D3W~^Tje@s$yFm?mU(2pH z^{b-l~fHL&cv&l0p4Ba5+s} z0`yU%d4~j^?e`lnOGs=K>Dja?^)Ix(n{#0y-Z;CZXJ0@7{DtNgYc%F)0#(|`C;JNg zCI9un#QSwdnDjH7QhP?;%`km+QkC>CY)Oa`k6;(zezWzU%RQ#pDoq6={Mt0{4(H&%mAE9m3hW@Px1?& zG3ieXD_3rH_CWKYHg1wgRn|JOtHjNP@0a-OhC7u1GWhKg$7rj+@Nwu`O2?4Mu9K4N`0pIv(fJu;gbw=cOG3ow>KI-1UW zJ>`d_GAH^UuzX`SCzFLZJUWZ?A|}j(0nLB9f=ps%ZLM2c`~6Nm*7n7uhMqCim`CHNuK33>z*t`sH|2NHPGjM(`04zNr(dnBO6Z~6aW%H3M=PRUF+m2|X$uRM9>zH3 zBVdOR3-IBPVqOM;Ho~rz>XlgI7N|@NjN#_p_4XUMLk<)W7QhU)MRU)$`s{M8%-GfI z=fxS~Nc?7)?tXn&EtrM3GxyK5H4|1~;pGz$NFk}Xc%`wX@-sO1Ly@jM{&z(X?fdJ# zA=_D;8qEvwGvwLdjFhOf>9IVoV|c8Kt0(mh6hOmfEwgSP*CL7H zay;<2_93CQP2ljT_8jI`^9#r}Ja+gRE)TErxIV{)mCEFeXm+M$zrOH`%!(?#Z$XTy z#Jw~x4>KLr58rlt)+>T~bvSQ7O?{O(K)6AS={p!&4pWPqSw4flA16s&A#kkgqO$ab zdgyshcc>2@X;vCL=gF9l{lWFK{;qQo2Yga}ZB|5lJnw~B{)_!$5~p5!pjhVRs{mz* zcaZmX(PG9uFUX2Gs;^RbVJ{3S+DKt+xcT~~f8GlG(@7As#=RBPWqM_AWbczi%r#8j z!p^ToAITy54fS%=K~CLVQqxS=g-T&<>T+VUUGgg@j{cTf)e{)pEz@e7REo;cVHvCxYHY400JX!2mvJ$Mh|%om`$Ut^~1ihKBVdo1+W!UsCrwm7OZcv8jG8Pj-sy8 zRTk%_aPoz4-cFy)!^cw7bqM)hL6PA+3`cnF?#YJ|`B5bJ1%@gZDtiDX9Mts!J7|kc zEX^^nP1cMjF@^&!rSvCbx0y8>mElpKLv~cePCOcL1o6`bliCe})VtY!4SREO$^A>P zWC(n=oSqcpb<*RJiAG9H^sI=rVE%%YXqvlUFx(FV*357b;g&W!EVYDs-AX)nj$yr> zM-o5`BPg%V#eTrdC%|ddAvLAgHLGz}y;W(2?64V;DIpb)u+;dk(uD_wi|cCxNo$O) z+1~ni*Uh(D)I=(WMICzbwi=f$U9AV$oB_^-e zb+jvh7vBzbz8Z6O;^@nNp#}YvUsH@=5LCWU*$g?3ZgEmhbwS`(00BXs)u=bf9NR1c zlMJ>!Hd74azLG2DCRc^Bx0r7cCs~oKxdnbfucZgj*gO~)MYD)|3}0*Em8P*FKN+hi zZg>2P*I}Vw#*8&2{U_!y zm1R<8T1zv2s+dXs$vLgAk$W#v}H<& z+DQ0BsE?9)^p?gs70nB8A0udDMjf^I#wgq8oct~AvdC9~`20@iH~HqQ*=?>Z_fJ3thMUA8K*LRrlaZu3RH6ESHN$GD$rzy;*` z(e}?ycm!PDZn(nDI6as&JqR1V9i;a+MUE`m0^TS_1>#KbA!s((!crwRQZUI-MaF9LUG|1EVrBLy=HX)v)binl zy6KQT0bL<8wkOe$3GbMuaaYXmUQ5AWZPUFWg&!P+%4ySKxRCkjLn79`2ep($vK@wkj-GUK~*Po8O z9u-qcoF1yLc9x#b)01H*($M^=S)Mc|o}RX-LqRSO2{oRHS^S6I!tOyr+8Ghx{SMY6 zDW%iu+r$nDZ3f9Z&449}4Ofu@8nDO5bkq1cR<7&b`gDPpUdJkX?5dNvcao=l4xiCH zm++*1Zd~Espv236#BI^xdMA%`EFl901v8U18;gvs;FWfCO+>-UidE)2TwW4QeSv)+Zc}b`2G&uSTZ<;<_}V9ipy6j@{nu@WUec z0-K9|jlRZF1{jbsyt^h?8ygd zI^XyS2*$$(MGWYBUu)zEd?6pjqII?!f312wRPW6bk=CM^M)vPR^KaDv3O&@+fLX|HVJ(!D1omRff!Duhsomb~tATASg??l>Idn#{|&8ObHhW<%xc?Km8sL;sqIZIL)7fb=4sVv~vWoiP!v%ym6WK?S}D zo4~IdjJ0OWGK``^p6rNVs?|>?;VS$h!J5?mftZ42PHa)*V43*6&-kQR3)`acd z0A?PO$Ma44cunnenpllDwgemay6gVu!H(G#0@Vd_(oORVuIMeQBy=wmhnBwVFu>KidnbC#Sfk&X{M9@wek+;#+B;E$m*4 z)-2cqJz1B%`9*OBsuBzrQ4;)$a!fnS3)#~+?HuSHJqg9BI#V6l6_KR}nRJ&VZ7*<4_FDNO(dGk*AOFa_9^0Rj$RzQY zT&%ezk!h)wG=24gl7*9uT1E7{@v10%p}3Od`AFJwSaizbj@LL2Bwb>xlZ;Ar9$m{4 z3wK{lsg&cZ5Z&&_Dos4m+&9W9c#!wHW1MaQMRsS(S?Rc&K`X&qIHuDEqCkw|#Nfm0 zJk3boo9#a2V7c#D)R070usB!|XHIGw{~{aamA+TMqDq2Mv%b!6rKtLbTBQ|)P}t0> zUK~Z2k9kH)cyyJ3_q`13Yvc7eDFvqDm#~Bqt5pX-ZdfEkMw|rpavr5D+cl9Tz6k4A zY@E^pt|veTk+oU;q8*?)M!_-Z6&XY4tp&a0Ry=G1r14?;n2i7MJRzH8ytbA=*nx%s0qwVUCHzSIvG;>C z{o03+P{FQjP8EBFR2NVmH?dsz>#1lrGBvzfy^|QJ=UGMFM%E{EwouI*YOA308yPcfpu%Zc6eM#>Iu z0}Z_YCB-FqPgr4{)a2_zTlEfnf{96wox}b%Q}(jccivsz)1d5Mm)DrR?ZO48~ba^kR^Mx4b1#2P^+XD0_=D-N%AZv-3^N(66hnoV zN%&bJl6#gWv(Tv`NUStNs?bl?1shB<;cCRL3XxPpEJ)wCpeNuT**~gsA@+~?Tt+#L z+*z#XgMtW}CH>*Ci{FQ*8$LdYarr(vOZZ~3YmosGYeZsNTJ-uw3eRvcDaNePrth0H zL58hW<;f2YDWoE=)0i$&IPJVa`J!|x8OPSSt~HU|(OnIY!+3J!fAmj%QPLw=cl(zvBO#C2@3wg`(kGyd>7fQ24N zI*H$`AZ4jTY)?E&cS^5Fx0L-Hb!6KK{QU%=56{J8{Gw*jk}5G*uEOy1q>5f861wHT zs55!~=_qz6V=T3YuqXsme~ZsyQU;${VH7f1|G_vfuoRq#ua*7YHeR{LBRfS5n`Sg6 zwkBLc9(y-bQ0zrAY#53jk&w-AAFe(-itWwXWQy{a%_NDkd}y?zQoXjnVlK_Gk1ihZ zbiL|TcSLpCk7PUiBy0bm8wG%J)({1Q4>1DeY9C&`j5DczRk5-o8UL9PW!59YYLyjurR)p`g>kbb>;NZuqYZX$ZJSm#tmm3k`%wIMH82c zAgPreWDbz*v*ITcP|uF94G0lcvD{RQvT6FJj0Pb8Ha=XKuW&mSZDdBun=^JkYZR~H zGff3OyAjm0N(jlDk6)jS#{P(@AMAWic#U1^cw$V0LEK%~;3CChfD_0K z*`W0K!yaAP^B`**zUw9?P%oh+kv9I8eOd7LJU1TU8-dstWFX{UJCSamXv{?u9KyIy zy_t&SkdnU-pEEu#d8~XRcvyGQQnxl)40a^ICsY@$x$eTn(pKGB0AM~J(5KM1oY=Ck z#JELYf&fVn>$i6afwl)oa}`v1r$C<>7xjI59{@T5VQ$xF3g2(Dj6UbW|3?wnyXEcm zx-lz+{u+r)vHV@qj{%|k)wgv|2Fb87E>W~Y)Qd9PsJ~mzb6QKRft z!M0`mvJnee&p-k$0XgdY>go<#*HcD@az}`f7vG6F>F4epET)1Ki_E#UM*_xhS4r1W z2~}K%GKC2VLj?$DA?GnZJ1VQjFJXT;HDvyyuwvIo7C~me zrq~n5jI?H2PA*Qy5lTt)Ge#lshPotr^^1A~9^11I7*z|t*bB<1Zxsl`8u(aH%oOLw83 zO?~jm0k;?GyJFU;^^95(HVC6DNotP5X#6>IVq1l(Pi{LHC(ZwXpO=LH*>@j5ho%0d z*#dL|Pn7@?9&TlJCygf?j7*pl@aFJ={urysN3|q)IQxWpGmsk&u zMHXIQ;;$Ujqgm?)kEdumdbQYfS$}xE3|a+!O9y3!pZ7Vi;4tY2{Ns1;#o&UGsEJL! z3{R&Z`#Kmn!ueA7SO4b1u?NT0RXn+JI40L%Ad1OLRo=3eGA%pF#dH~`TOf>F;uU(o zWPYemi<|~Cf7cbcj86w#!+_)_efUVDlJ=2#%%fTph>%OU9{BxkvN3w`IuzXh;yWwu z4m-iAk<(#YbZbq|Ym{wt$-Ft$E{YZbKfsI6;UJaVu#hD?Nl^cIS+zvWHC}C2-qlNo z3;Ys`-gj2+PmJv*D*AF1e~4ybk+=swWx8OFYRkEC0dece+ggdoTYTH-^dlf<4ih)A(v`&(+HOLY)C4}jHTm#UwPvkfqe$qqMZdj0g z=KgC)1Uzx&!>;(~BrJL-|1J2}<3_liHb~{<5liLuzO|7MF&aYtA;9pna02*qSOCTf zQpO~ze>crwc>;FN6JC@55HJw@kL9Z0ubo6WSXt9d>zp89OzbDah<(V`^&$}RH+<1> zQdqU`Mf_1c#~rPT$BP0svZXPOV9I}9k(`Q&?5Q5PPV~Y3@q|@tE!vZ+!|_e!UWQxz zuIJuEY6+RdC9r3}a znChI0F>P-ns%-Z;!r%DCjN#ZXVTffp>rfe)%lXZAfd(?t*!hAf-|~3CKrFU1>!yQQ zXlXgt3cfvu3Gs(&6bHHzsfKx~#OIDY+8s(6j$jR=w`vbXW%dTxxvtX1UC=|fsOovw zdYGWrKzymX9q+=OEOeKO8kB>^^XRiX%0vZH89I49bpXm|q2M!}SKBMX8TF@e2}|VJ z1!an=bJi!!c{pr3^)i*uQ}D^lnbSlZ8u-7J?LgJ?s-$cWYegZeKq`G9$+@z62-3nU z;@bGMbSd(Sj!U;@w61LQBNop`fQBhfWzB0cA5^Q=e=`I&DDNX{N8a!Ff1t9`YTop+ zBxuI5n}zx1amz)_*gFOc^kegaOy9Z9;t5>aUC*GXbJSVPWs7`#`bDJRB`8u{)o{Bn z%Aemm^>fgGBwW;Z@jtY%M0R{DS{?hX*hGxZ^4z|`2b~SyG@5tWCLQcmHdYvuVP{6H zbA(`47U~a1@(P8G9Vf?eFb=ts@|4qx5-`aJFJ-a`+rrrG4H{+tK*7lGyeW}v)*a6@ zv${am0t#z*91-Ac{t3w>n_EX7aBt2SR;|rdoJUeov<%zX!R7j>#gC1l9NZV^bXsf^ zk;?3gfN?wfXcdb18U84aytPPz2Pv5dow}tXQyUOvr?7Sw+mC`}PJOMHGqzAAyB$o# ztCdIIKLPz2FS(7W#T{}o1hLcB?zi5(@F0J6mg@z-o zcWEc+Q3BJ8r%?^lRJG^l)s7KAsrV0m!v4fF%$yZO{=$$uO&u1>uY*j=n1?ox*O{xp zB?AUGZ8^CU1BwJJbF5e*#3ODT!_ggq3`;qhFIxs{=KTH2lcpCLn57sG)+cqu5QtVr zkaqwR(+?$iN#dY&;cb>M|3Et*Gr1DU)gZ?- zYDRWNLiy(>kw(*ZqQ!&ZL17VO!&fksnyO%g2f7ltQ>F6Wfs9>PhT2eTi>g1N&y}m; zbY1@4xZL1mhy&`SU_?{m?C}#26+&;P%F7m4pMVj-a{TxNjFA8=#=w~Vn~XC1A9fmf z1K0K7f?}RK`}+43&t7$|@K#eo_j^~<`gk!~W>nLeSd`~UF~2-;(-iY^Kq01#Q@v7E zYy@}R3BG$pKS78>W36s}G!>U@1<7{r4EFZ`KjD<%OX#+UJ&Bm;)>c^7nYE-i`QEml+XRoNhi%g77be{-PQW9-PLy5JB>6um)DhyC z3t9NjE(rK@D9SU9HpQV-Ad$GgcMwCGYV6zafS#|l8X!ryb&Iy0JzCrIH^VIUOfX_% za&iXoV9KvtpO5ctgY0H7QjfFEGt?}j3NiL*?D*|^o|SIeAlx>5a~i*dYPQYUgVQ@R zilsJ{y#8T=3sD7agXjz8v46VczqaGjxOuv-hQ$;)QhpB`JsvdcpZ}e~+$mSCi`BGZ zhX3hm?2rE8Z#vs3{2O}z*bh*vo#V&1$!6vanGo4?SGulGVKm4dTF zwk9I47Pw!Q3+vwuu`EL#<3~@>hz&%vG5(1~?(0L!Y9;;*Q@G(Ppy7RYk%mx0O2sbi zE#ztCg){exG)K`RvcPu=h}=QWwU2z}7xE=GF}%P!dp=rQD&4v(HcWP1YEz9QB)LsN z_`mRluC=A6N#MjrHACA-M9$e9cE^DrEd?=X;P5T;*&`FJ+cgva5y9C2GTzFegk~gv3e!htpeqr@UcYc9!HJI44}PTsxI3 zaUvg@#Beo7|Ep{QTSLR-;v$VG-3UnoBBnvR>scJ7Glhy?twH=aA{WN+XhV9eclcV$ zE1KaMTw3FuhWTBwZh69mbQv0d>JyL{cs${|bc(#{x~es*{VyGToi(S?zvJ?yXPynd z?F3vuEw43OmDNO_vob@`H)vbgJ|M);gVSLScF&jw9im;Wl-}3=ycrSO2XRZZ%Ii>0 zn+Taj^W^M&@uc#u;iP|cIk2osjor6!)IM{~ zL}@nnS2g2h^&X~RA`S9`LUpkHnRA3@GXejGBK5RY)6u&0i4edJpMaV3v~YvxzXyf3 zP%_7ww2yov&a}@9Bjeld&3)wr`a~l6y-m(o_8eWhd85J6VLiL;h$gcsUdQNB6L;xS zgM=z2q)2(e0zJUa3{x|BCDM>k7pbdG^LsSzZjw+RRFJHeh7PAG!}OON7`Dt#fN9d% zTYpAM=J@NTG@9;)7evxvQ=IhGjb+2q^+pE0Bhf0O4O-nCh9zyO)1w?)?ro@8BrzCE z-{t2Oj6v(5ph|RhbhI}*yq*@}%ys?_HN)C+iPm!X7SKIyYYD_Rl&9T?V0XuXr|f9P(fRa6CT?j2kvM94N@!KSd?pzqwrmU|a8iGmFg zuNaj|HyQ(n<(ZSTQ|oRA(v%Sp!I9IA2%O*UZF^l&x;TpAlb`rS{-&8o+(wh^vIOVB zZ9C^3+Ts!hLM=+Hu(#+)G+*K6{vj1W&sm85_=mhbyw^xYlOS3Wx4f>mzKuTel87^S-QE&b2L<&xV$wNM8nF5L8f3EKeFH!|E_TuNR zStG(B$#_<}9vFI9A17eyIz5@(CKFCF`%Zn9iB(@OC)wS|2{SfnkDKoHmh9kAGHWnH zUc_-Au7$gPHd4`jYr3PRT1K_M;h6yInqANVlXf3J@MD{>{js2aE12d z=AXu3-bywD6#o49zQU)SBaC$8HOO=I*TY7uO@t{PTLpvN6cEGTPe33wlmr>YxLK@& zZr>4f`_&4>v9TO(_>M*OJ+o{80S^v#FQ^#GHM*VoBWJY!8%h^vYXa4H6Ww~aI|-M= z1^oQ*l~p0uq#=&cZSp>gRqoXRZJM!Z4q-JRE84=N>_Osx&?#sa2uRb-wy&G9LXZ*q(cE_lFqP*i;PTRQHTqQZH<_Rgi#mx_c5?Hp-Ib z-e$`XM}(&z<>RK^vqZ_M(^ph*znvyrmWhdX+h?0^M6KpTgL@WvKg{X5Onx)^Gcgj6 zd&v4|m>K{}K(xPyMp*@Nk`z0dCjWAX%r@dT+*FXB;Hy!1;RItA+YUp$n6f&R6Yd$! zpQU;(pj#}Na2W!DJP&rb17pRjM9AIs(c&RFvZRQuy)yERV31Kfev&Jhfrl;xl0vrN zVLNRGAoei{xbN3B%KL~siZdO}`}$RRgHWVCqI6?sKR1PypVc7mAI2DV9F_JMHRL#n z@YbEx94A7n+g|JHZ_3wQoC2S>DLdBxaPa;XLKO8 zbU0iPBeP`wI=d3)3}bEPfg94f z5TxnID-T+i*UCA#d|lM}tMWPD$0xu)<)f&vDl#mVIBW8&-B>DjK%e6o8Aa%TRTJ}M z#<&3~y-t1LrhEeHzNU9v<(!RDx!lWu@5aM8SL%0tnc$fTnq2QynxPML63d+7xTl@L zw(9+y%(VyUQ4xWYV(IiRUO2hn!+bOnYoW&?*Tcpc1xCpEzmGx%n(Sbk|6L?7&(9^jrdsKYQL~a3*PNEKexQ@ujOK1Op%&Xob&1R$&V9%=@6jUEJD8=LL z8$6A`X;u7Sz5W_iP>n{7-{MNRQ?lRpnj-*+(`E4S3;<;sI^;CQ5A(a0b8u=?u}#yf zb*X7_X4dPuIWh_Kdt|VIM@4YGN|MU`6b2CEU^jda0G3(j&%NbI#TGkDFJR(RtnF3m zxEY%mWsDr{Ymd}gW6o96#(;PIO-dmpKq@ZYWW6Q+vHGgYFHO;`fEt_AUS3Za+Ai+q zSx=@|6qVIX_v%{_ir{;Myh)_~F-45h7_;7L=z|ky%jbCa13`^LU<7hY9*CR3e9pQ? ze9_aHchixZB})e{dZ-E@hxgmgEs3E&@4P#`d;2O=rg^?P~WVh`yXO z)ebt8LM%xmJJ!iFSTvWTKbid0Q*>Y(@z$W5toc! zRpYlz+pNS*if7W2$+29g8j#}u-W__5A7doL=^Lf?IvfspRr#yciiAYDx`-+M&M~=@ z>BGw<&d9NF^l{Au(xBc~f105UH71tB%Io3VNRqmqkZDY?E*a=A=Z~HuRtgdz{f(w^ zGZ#w?W(UuS(Vsb35!7P1sA&8>PrKjOvRMOyrgia`Dk)CR*0`?%Mu*ZOzj5tcxQ&hN zQmehG4l9`+I(0}9g1-Y-6?V3|MZrD` znhYgg<7>tM5=K^^=;_1pC_uufJ2wLm=aYBRWgT_ z4iz=cRhVuB4Zqv->2Dj7dXsix4k0c4w4jz$Bmy$HJm_FHyd>MZC)oEMLlIF!Hdzo&7eP zMLp5;$KXa&^30q4^eqxWd$&o{OXB#QO9_XICsQ*rcBQ0jgF|z zy^b;0WXE#dpdUwsxQtZ!S$hSSd=UE-kRX*-`t*qc?fYGs#&C(4C&V5o3aHn z{(zif_9KR_+DgDQxpS^^KD)2bF}hpneo7k;4JHW0a#~U<+IC?S2lmI#F(}7Pk57D} z)!7DTwkHVWZzNM=?AXixVWJsT1dvx20})_xn9W|;9t5)!sku6?Eo#kvNnw5}tCy(% zo!;)7z}T8HNZD)EY^88-0USZCLN#H=REp*%MiKOk$16gZgfEl|CHpr#Xx&(8Q(!xKgA;y@sfLL8Lc) z@*Cn>&W0dDhHZb7CN0vNuSs$0h1;{*SZYi(kJ`57Hm^Mv{vysQgq8zH2hPdPFzLUR ziwQ^q@g6-2pe_WK+*@6ClAPz*kL=woE9yF7cNc1M0`c~}OM7=+{@buW>E%1;rx`LBbEv%JzPn6Qz9eB7_CG;X?a=|{z1%gT^F zBjr)zX3}3>G`6r#m&--j|D>*AwalOt!>s0Y?VzG z7>*OJ#!R!$MaQo{l2B^BctS*b@-q*v8pa zSk|ZlWom{EIcdUQNP0)p%Hc)k6MfpmMK@N?QG9uo5R_jt!^yNJu*G2(v1(Cug?c+E zF!`RvdNSMwJSoS5z*~wk2X?J)@8IysH8X@XYR#qLaFtNs%h8z=X z(0C8wVa@5E#ivu`%%zJ`;r95~#1ET>$t7$@3}TV$AUVg<*KZU-q@+g;L;_&`;#YVnr^Yo@m4gS(dPH6h}vC~F@EyvYSp-UE7&>Bg^ z?{_ElygKDk>%DEZRefn%Vrw8d_7ZNA{pJx_AsjBq@Xs}T0uM&4EyM^5W4na!qXyP# zU3S9Z=t0S0R;2Z_Vxe?0_CVr=6xM;h;s5=Qa}gIpMn=NGYw+bql^8VEH(*8ptGb8kA!#^x2WeF^{|%w!E6TOWQ-@A1AyTom*|ie+yO-Wvfkh6C9RomJON|l93!yVrEakXczvoK+MHd z-gx|IIOo{wMiLK|yY2@v(9^8MYW83x*}6!XEt5U`Xv&5;VrfBcYxE3hJsTJ6lJ{W# zN#X^^XfnMT>azn*_kXHm?`d)7JBOxk`@S;eeUvJ)`~I8UVb1G%m>&^|-uh8CeUD9d zR1g*cQRRF?!1nj zZBZwF0jTA{4g8Xtldseo1Mm8|km;DhW30F+-DXBcLN3ot>}$MC;5qyCsHLYt5kF zqdyZxEwMX~_>bLh?4a=^w znIOw5rR~h;&0>jQG?y}a$K$?u zWf}plvUT~00E&8Kg>kv?ikj|_WcRnHAaVtYpTSA@4p}jLydncOMf$o} zNp)TCi_Or(&52dk01{kFCLGm>`iATQlwNMu;hAd0q+`%cP;#KhI%v5C(_`BBknQ9hc#i{94HpmB=1ZPgQu zISbe3=dTfz{)tdJeb|6ekTA631PPE`!k++oe%gNUE7J03JyDqB7g-WdQjYkMLe~c-W>H|1@HWhhWKKQNR+cn*=AV+-bx~|M zUh!e-Nz$`IhF4uWXK57RIvN-~_es3dEc&dB1BL&*$`^9cV`>BO&8LJ9dM z27AYfy|iCZH~nf@=n^=IT!)4w^bS{9gY~>YnrSU@Dk)O7O}oV3)~C_NFdUzNH}doW zLJr%G(Q#uQIH_ieicE@fah;=MRA%6%p7n-CCMV>n&bL-hs9m&|sBCk;ZbfTEbU;`D z280!?BN=H^uM!Y}fevukvOPFt^Z&!r-h^JBMM>!M6nz;mTCo3)ubL)$<_?hH))PR3pDgel{fY3p6@C5?c#sh z3!LH(nzRkr53z7JP|`M1SLDorg6w~xRVfyJQ7tybhLvt)GhIZp;XuGKVquw7SXjG6 z7n{Ftz4mK71{t+K){ti}@mQ|Qd)0+?j$$xpJ0KAvWVQmr7|n)n@u}qoM=hMb&a=*u z7@9})T+??Xf+o`F<;B+tq!g|WieP5wrk+#E@W`!@C!jwhDx9_Nn{U{(MphI#n8STw zNj~0ZcIXIVOIRr88y1iYtCZwbbf3mINyAMivd5^&-1_*j>+_rOB~dVh`e*3(-$rSQ zgWpK$pvHm$5R#!bsTb({))ZXzo&L3=iVL=%As}1H95Gg4d6}7K=I8Bs3h}YxjP@8+ zvA~X<7_mh!ZZ7>9ky5;KUngyhQNcTW6_CI~5ytvQIBV_gXmyQ@z32ki=Yvxf#HPD# zgdHxA`|fY?v{Ya?vz(L%>F@q7LysY~tDJIzp>)Da2GrX#OlGQou%X@?HL7(}*7lo$ zrYPPCV~gbjCjRUmg*yETENZt|h11t?4sGc+CJCgPlR@y?lJtDTQtB>SONEhpHY&vj z%g}O)c!6l#{5J>w8CEn9tOsL$c)SiYCSKTZIpqAUCRZ;yPQ|O(xr+_{LIP&wK8J)v zQ56Ve9rve*I(m*#Sk*Q8EUUl{1T;Emy62--8RXF6tcyQ=mu4#|=pdf`_Jx%Y!XMw3 zWX#!cv(!Qb0mqlyVJObADUc%0Pg2aYXhET-yqL?+^C{2Cz8}*4OxnHT!QS8}0@8{k zv^0x(RltSL5?T{S0Yz|TC4-aaw&eBv)yZ&Z!CQaS;B^V7z9YV}rrX?tp!&x_J4Oz; ze6;e5Rr>2#UFZyZuSQz?Q5W+YP+~6f325+vh31dpd}b!wU@ox@)iiFsq)Kr4p;M%S zap)j`t87>NZj4y24Odg6tv~WEb{=bIWc}S_scAE0;hyxj1UZ;lzv;U63V*{m)r0Io zCK;-4psyIg5C@H{uimjazL}Ic&7fkj!}$$ z^z|rW%m4g60*VEM6AF6xt!T$ZU-kB8@T9)H6)X~Hel4n$np*T-&5s!ris*G^=Pnn< z@`OG|KT@r2#T`U;4Mr*N?1EVQb)wuIiuyJkeZjB z{akaZ2(C9c=|U=*W=&Q`nuug6&N0lzqH^W)&rUw>)9iY}yo_vT$#p2=CUr%BGoq6~ z0#*j}Ap1y~`bg+@a40@me4?FrUXGW{CzJkMQ$+w9Ej9i&eEn3-r4`8{WdThGk>{b~ zd%fY9-Fbc%K4%{WX89EwnNu~jRKB-Grgs5Wl)nCXzyWhT=L1DnX2V&V7tkaPuE*Tq zeqPt(wl^sp@E5EyTTqbo-c>5@8WbfOz6soMo+8nyq68$?w0ns4k*z27k>Ooo7`QE; zI2m$2+_Ie|)J)n2CZ2I<3b1EhkL9Pg#~s0b{~$za4c$h zG#TYg=zm7zJ^|2pt(D{umrI>32-_|FGVRMhGhQ&-tB3*SOtWWl0`SKtU_MLMLjE|- zO-$tvrjZ$ZAr7Y)Zan$^y`a(!K5NV-LdHxsT+|OLCZ) zK`*h4pjofG(R$S$f{x)WXmxdb%Z-=Iz0r>A^wQ+z)G1@)8vfk;r;Do`Ddx{hyu(GL zGY;_JSLIa3C62LD+QPVR1A1A}nyRMc9=1TvQ>FhsiuWf-6b{eu5q56H2z}dNZ%oEH z-@!{=$Z5yy_P8C(=S5@HgYeo=o#`{fnf{((p6AUfvZnn>$M8S-p{JUVn5vzcj(!%T zs_KzNUwExzB%Wj0@;B^~L9lG_D3i2nQ3dBO4%TUDXFJJS5FnFEBw$AyvV9&F`O9KQH00008003xgHE@>|(}>&v094)p01*Hj0BLPu zXJvCQFfcM-bZ9PWaA#Fi2>=67s#Zl3uDe)ucnbgl1n2_*00ig*004x&XH*kW8!j4} zH0eb^sw6^!prTaiJ)wuts{$fmXadqZQlx|sKzd6c^xli0bd=shlOh5Ff;2(k`kiy` zId|Rrt#$WWGxK9+&7RqNzfXB*X3x#s%_@K%rUq355dAAcL_z?-%{Kt6s*mGK06<$C z009616oCIxZU_Kn02v7>DJcorzZDr7*)8(h6y*O39W^!OZ3a3yO91n zF9jtDG10%>hV%d;5)#sX3-P~NNhkn!h=@u49l!t}XXJZK!E}#VQD5{q3%`;(D?F4E z_#`R+4%-XRea|pVP2I#(aS3H3w4{euLHD?dfw8T3cuHaI)A|*!1f0&l4{@C*4mtMb# z{EF3-wbA9Uj)A^_s?bmZveU_?VDfKuruEzD-}~2UsP1h3vq_>T>TO_oBX`ow6C-? zYy<)cAIT6GNow%C&bpl)*n1M%LMMj!@Lp-r;{k8Ts*robqhe+_y1WXaAqnNB{pB}6 zlv=a%*}G>a;={y)Db-?0c5uSy_bxC@VFH=vMkl%o)zx*?XR>?}+OG5Ti2jNaC%FnY ziVa2*U4e(9yRW)seK{`F%a%61?Ose`RNcA^D2wgnJamUQhuhcJ)RikQC-?YgSht2= z>IaI;7}lcKNI$?oW;~OD>wRPA0?G2N=R7R;wk`bNQw(SbDmLcvn z@Od!L7xRJH28CI`))8I_gH}(n9L=w*-n!U1+*fDqQBj9c#}|?0im{*=b998HxN;^} z*Uu0uWlM8$5$f(`+^{4Xx{{Me`^FfOo`_cRmgF$hE!qI0Yzai5_5OPF3r+cN=Zk|I z!=BS_UEph6bHST1=|0im*BXM{6=(Jf&b2py~0o{F1^ayxOpn@V|bX(JekITC`? z-Xh{A59Y}Tu6VzSzpt99gjVK9*}L){>E3JjW8BZSyB9t`YISsF?{XVYnXXkYJn*IQ zfE;sKSf~2%xsaRj=@spKim?Hdi3OI z0I=bmAy9tR|D1}c!rANWuA6^%Babsd1IV1!Tshbu?8+t$AFaq7_n67I*XOk1%|(i| z4NCUgoBn!s`EQ`PTruo=Y->`8n0kseL#ZgyKl%^WZvaC9uinfoE#QaEjl|gHCs^%T z;VJa)NizXHqXa9*lRCerM?nQc`50D%Lpo`+;YOL1EJNIFuRqcTCMW(a51!pwsK-D4 z;OF!KHZwU=F_l1dUYMc#%Bz4b(xFN=FnC4uIG)>J)XeDbjCpFKd0-k3l3L?Razt_W zBk%QRtAmTtR@(;>_XY}%hM)H{h)wf_<>|7Zl8?GZZfSJ04eJL+esaDtO7gr8DkT;^*I6uJSuB@e z(ypB6E!mya8R-!&gnhnY5Vi6Epqx3?Lmuu%cQ8L2eKJV50Ng9P-r|e60kE_2w`X0- z1$ZU4{PmXDO=Z_V6Q4eg<7A#uJm8``=RZi?yF8z5m37x2u87>*Se=LY;t^voUA_UL zy;Hy-Iln+<`}TK%3Lz!)_bUD(Ywj9I7d%WF>K*Q!m~dlN&R`jUt}B`)hjh9J)ITF7l&mR6Q!R~5!v+& zndk}bSi31^v^iXT_?m4a$D&$|h{T$q!)Xer`#O_@)P(5Q@Te3Ve(pgYy3O7PFVKLs z{(2G;0O788VU5Eo*K9vw{Dj77ymT&g6fR>U7ldvwD~u|j+~h7&UPqN7mQqf^5-A^P zW7xOo`wxxma-TP0=tzYjJlyt>?#mF zokbt>aAbpNLF+~M#2U=EfHDYB zCqCw zZSNOJo8~3|?d4M>Z>$Cwb0*K)nvx@5v358uHWyi@Js2`i$_FF*7<9aqfUOIP@<2h- z5+W#%$j9{LvF@f0sr{F|6XnUy`-bTnPi%$l#SEZYm=OgyCdaP$gUN=%Kp)_j-}IpP z$#HasoujB@YP!bzeRVs+(0Bb5ZZP+3jzv_i)NFKn2bXRvmmf>syf1HwP`)s&fV}Oy zR{6P|hizg9+BAErhT_5viY3!lJW$Gk`i90vD?JGHLt!v~G?~d}a)=C<9n9yQ;1N#S zBX2QkMlTIM=8hvtoMB10FePQ-EdJ!4EH)Qw7z)qUbGiX^BqJw@)Ae8`zOGst@D@H0 zJB)~nMNlvbK>=dFpbd?t=8C-cs9g9TNIu{y_EvCNd9f~B<>{JF@q#1 z?nmQ>#x!M(^BXqg?T?_>U#L+v7ujo%0KnwXRcBehaA()}^G)T~MLmWcp!#>u>!Z-k zLomiW!%N)El`8bQE0Vj9+`+G2s+p)1S;O@AJ7))}ND5L&Q0jpWq_+Hh+>YKu8w(yn z`Y!(N#dno3$K)?lUy=eU(J5F^K+T07jtR4Idpq*Aia`Y~CMw1e;_fQZ1@id=w85j~ z`pd6xCI3UB2UTc4UiZ=970t2n*qGN)&D+EAgP<<<|Sl#=2kmS;Oms4H`Q?d`JH_Csmg>7%3h)S&YN@jWGfBn#dS%sofW zbsK}f9Y#y*MY~8XyX*J&__Hp6VtC3r%E- zo=#-@A*a`tzCN5+`Ciz;wBY1IAw!>+hvkl5s~lt-^2*rW@5{GPZN-qYM!QJ%H2=M7 z${sjfRDu!oUMD7z7NXz$Az|_{mYd0cT$&T8!wU#w9DpnNG)CA7 z3JH;Zv43p}cV~ zT((puoouFHs9!utlR{As_y8xs**ct`|~ECdb<?Q0>4=zka?IUMcaU+zJ2wgnBe? z`_9_}vEwgYg}QEn!VmlKAi-`@=3F3}YQE9b;|g&@_!iU5_a)|Nh~|5RIY*ySfr zk~@X9BT3pwnk95ku^)eO%9tQFDj7C4Thv@3<*(VpFcaTN%28CY360w_yEBn6f_(Sg zG^G`{Vuk-)VgUL!GoMPJY2eIbZZ4?j0ZJ{qN$&0j?Tu>Bh_!EuP9#Zhv`qOl7C8m2 zKVUxAEY(tW2;%R#*-!hl1Sw+)vr-=B zoKZIc>srn8*JovA`&61MeYKBJ^?i89w}sCGfjVGRf=2|Q83uS{YU@Jdvb~sW%YIj8 z=QUJPSrIK?yI*Cl7eX}c;6@jHrBZr)zuAjwcGBx?GG~n zYY>Kv$wXsyeBTi}JpSZidI@NsZx$&7tAe-RmZh#A>)vxda_CvSe|wOwWIEr|ZCE)8 zcnIVCq^1i65Eb2$rC)+jpH;<*QkYVFW9hY*f8oz2-{kW*+rQ;U!lt{Tj`eXbJ+a4g zNgY5JPuWiZM^N&QcTc0FocBo{!RY(ISVZ6y7iPJw`9Kn-=1;>)`wj1;w8i&wr(%Lm@?iLEs)hM z(HuMOKVIkk2UQEY1x{_E^WNH5WCeuwq50wxb+*HvaytI&Vpzt%yAr!>i(AzR;&fC% z%LjkoesBX&VVX$0TfEON^y-lBp#dff?=V2i1IP+~Q)S%2Hd|Ud=Uo*rv5qSWSKkKj z>hp3ZP@!d*)_GiI(MDH{U(J#C)0-KxB#C-qMI{1jkFx03I{VpvcxD5+-@E)mCpG^9 z2&YD082c*%+^?)2p&nn-JRLbUZ5Gxrm?G2?%reb`hEfhhH7NJgV_A9?LjR0F2Y%@b zjaz-k0IBv0D0ui!Jf8h)F=>zDi-#Z0?`yqJn0$y!0o}&PG-4{r_ys~PSGUMJe+97Q zp7B;j@cg|jO2OO?ZYd`%lfAlR8(kmW3k&_ID)HILCOB4j`Z7kh{hPsRzx;GJAJ3Od z8+7hR>qMwrjH}oHD&KExiLAD9rqPnhee}~iTJq}$$(K%zi`F`sxwhtYE*zT>;6eb1 zRQfM8XQ!DbjF};%lJ`(fnp=Ur*9)T6YS<6)Om*l<+E3Tl+>2~3eu4ozS)-I>3Jl#fIC13jO-;fu=ko#i6v_i?LnDbREr{A>Z(BF`!*2j@ zoOdB!7xtDekc=%+bL964T#5G91*gV{-)PU(iP1$*Q)Z*Y{$@mv!lL6rLD6vOmF5|W z`TL__-DZoUCo{RHD?#@ZtMQqB*V6=+Kl)Y%diDqm>jGkZ*If#R)?u{JBmeOC+DqTq zP_JSp%_vdJ;(jTe%$`({qW!zE6tE@|gU^kH@`40Lm4WM4%%zK$F4d6}+^avKC4o4; z=RIke8yqH*-D?PqU2^Gd^`gMB5|@hTE0;2br@s22z`LOkedGy<5@IGwL;~SY^yw4z za{N!mqNHR0c=!3fxvn+?gK`y~F(dB&1bXdowmp%SZUtw1P%hs_kP6t-w%v6xbM}J0 zz&>YMfLQpFCRjfihf2wEa)!qxd?}k$&2MaCj-Af-L8LMM#H)W(g(u#+>;78M9n$~M zjRmC_B*0~_@ZyQZ{MY{Xpdn${RAp?q5E5VUn8<@caJ4wYO5=1aAvr56DehFP#{1di zo=9ZP#83ZIpjqa$ue`aK@D1QXdWaE&qdsDe<3U{}CnVsPe$Q=*>s0W(sc8D@ly(co zec=~j*U5P31pxicMI)F$ejp(OvynzRg?%jZ)J#~z8CHP%q-PsV@H#$Ujn&t2y{=#eRA#u?9ELqks97&}8Xd1xTGmTZ z=q#<_({N)m6d324YL@M}bOnR;!B>#;t-VwEcqx|$=Hsy#?aihpS60pjqId4($*8#jQ;3gQ2fHL`vvPWUQZ zte1Az3}zI0JCbCB;f&+EF}@U$A^Y3ST*&2_=Md-i?QzF1%@HjO#YQnipB@kP4cl98 z9RBhNA)0Ms$*sF2*ekibH_exFlOVbJ6yU(2Rm2Hb(~N6W^Ct)MR}Q(kc|`$La_y}R z$P5ih-s(G)Ox>5H(sZfbVMcU9_sA&S6^i+ZWNoFJI^33x_TISt_>D)eB67qROi<)^ z#ztEkg!v%sL|rLNxz+q^(s^vJv79%#Fk%76uxar_u$Q%q>2B6V7-O>?CFkA<_N5P<>EVU+Sy$?F;TW`-EOG;=W=EYoeh8X>iqE?o z>wD(azz9P#6Lqoc1Ot-9=Uffy8@JaM7oks38%A}s)$5##m;nvA?CAmoZUN>eC1#n? ziRI|9<|q9fInJS)=?kqdMX`T~rO|(twpRj0^fYcM!lWp5 zi24BA>Qb|sr{p&PynW0K;MY%{Yhp2p@k;2v=963NmJMv%?!tYQ15~~O+zV5ekzCh7 z0z3q(J10xhCpodxUfUkKm0%^i{v0aJ5=sRncnFG~De_qQ4*<{~c>lQavQ}1RUPq?3 zfyzmb@&*7wV6nk@fZ(F?rT>=JY?#dZ+`qP=&xX#_D2zVcqX8~ zx9Q*{n1pN#cMvHpfKdJUNaJMU%@Hyx{{|50K-s4o7q7f?WF)b0(eOQk78-3F}r7mUMuLfXLqoIGtm-%^^&@p{K(fl@ZdEV{?A zUhJgWG?S?4ZHC(+bH>2W*Wl&ae~J{5J0^xhEc$IgFD`9oPurPkC}G;WvPVO%TvqyyLO1NG6L1 zxBV7oh&tiP4S>dJO%!_r_$E+u>G-b+BUUbJn!Ndk;ysr<&lx8YUJ8h=pZ6)Aj#0f+ z+~xn+SbF#U3{4VET26r;{`(W@;852i512aUCp&p{xIP??SfPOmHZq{`U6 zrvl(Mb0>o(ADQN24_$9gu`J=P;;Bcv zi^SoH`xT(TSo%n+oW&Uq_*gpQ_Y#QPk+9uUOhi}?WFvXS4!cDnyc zNwq7hHp;hVNS!8Ovq-rkzb6)p(PN1WY2@_S3eINyb4WKV7|-}73xRSNO1&FbY6eoW z@RV+@IWOOQchw-Rum{W&l9T!UGsN?&Ucy!zQ2jk0jkxBpGJazn4Edxq8=4dA-$k0s z;a&HShn|2-BTA6&j#IswPI^l3@xrYOu{!V+Y#fSG#{Epd!2DmV?HQN+`gu8m=L*tK zX#7&?HaFaE3Y)0LhG>|@aKrNx$<54dJ4_~AVk68A+*VbKbb}wnX6leoDIFU$3I~E!A-b;c%Zq5hQW7&4tfccOSs#*l)l|b&a@|4=eoEnpaSpBA=+#sURprD08 zL(jb@B&E>@r5Ev_jJ!5a#*t=lXT>`r?YT;$@P&UOsCrQ84hYGT&_=z6@Z)8eUF1^l zv4)#xf;a9PuKo?FrC;NIlxO3B4*kR^y(*cTv;n=`34G}%nj$rWvr0Kua$OP;c`8<_ zyrV9XX)v^w6cIY7C?(KtC^e+#uljn4# z?Ng8GOjq7R@Q`D9LUcDz@jfL-?D8c|Lz9hWZH0;6eetk&I0FL1Ox*P#r(xn>h3%DB z52VCt@OvF1JEaz1(lCu#_|*z5J<)6KqpUFhzuC`k0H)?<-V;X_{|Hv>^&*u)1!=ux z-&-(zj$8o19ElCdjUDm_?9MopW@d;_OqBbZMc!IT=HPvQzu;5L9Yz3WrWybV`&pt= z21GydGFTpsjo`Q)LxI&TPc~a_0I3CIsio&EuF*Sh~FfO zM>dtvuQ?a+TJ*L`nys)7OL@S|4=Mm%D0qE_iq<_mC-0{;rXsl(>Ppc4CHTB%H0ksT z^9#5d5bLIK$*3OWCH9{X3dnafHQ}s{beDp1t#a3GjV4u9{J(;%`{N#qs`B+L-h=JC z*^74z6K47lN2|+!A-T;ZKwiFjEyjML=wy;wul+F|3189nKr*z5QGD&h<&p6+3x$P6 z!?O$`Rud=J+jq*-UJn!+=|y3q$waLZ=HZ%&0ZNH&J#^6ktb-K!#;x`u#NF5wB}C7# zXKgCWgZ3uI33G~Tvs;hU;PuBa4Y)sm(fF}Z(TDfBlG^s?pPrW5Y7Ig)_d$PUnuuGT zJA8+000BfB&xA2~^^1C-MFSj#2iFUOU5K?54Veul#TNJ+Iw+^uEjgQw^uQwSH3&Ou zy+x$d@vVKd3-f7Sb4z+RRgXW;N{~F@S~O?hVXSF9F?pfrVV^HRkpzW85UQkDa357n z_rPWso@97$!A~99f+#hBJ8>eO?8yzx3qrkl2p662 zyXALzt%f_5)eLYU43>8EfE(>I$<~_gT}fS(Wa&r>wxBU~oK@>6KXTspu;KQK_aneT z?~doOSRaoRhBH&DwKO;pm^6fCoGUIoS32llca~M@&v0sgUVtnyd}rS1v#qq0EaXfE z)u-?h2Mx(HT?+0}ygq>s7rNe^_CJkb3~XXyWd5S}Nw=C=^XtO}(ntV;o;aqz`H_Y$ z^uRwMyKT7uoG<~VRVp0CD@U@@_130_B5NPzpfz}GXU(?1$8&raKa+Xa)a1UAUQVV` zDzlE1p2;gAzKmD1;r|u6yA)8r;S#|40C*r;6H&E(@fhJ>Fr{d zBZcPWE|`*;29BotInn#Q3YHq8FscN=YL2C^09YQW5vY97`ZIP>h;g{+ew+Uk=G}bU zo4q~}&w1+vm_9${z;3NVU!chX*Fc%_ll{Q`mW)c_c2YPozp}joPMIb|>NJbd9i?&j z{h^J^^r4MQdmw(Rl4T$<6tG~Z!HVbxTv z=Sd0Cyy3ZhjpF}@W1VmN9XqC*&rQO2;y*iP%E&BmO3^lRCr97}3UHis10!lMwKCyv z9pi8IpYBc=%H|fA3O=E{-MNtCa!=1}ZQZ8qPgKZ}Tk`OlQgYEb^ZoB#X=YDbTs84M z-ewc{IZf`P_Zpf`iW-9(#egm%Fh5oI>|Q_Fg*}xpC_PJ=0jLqgq(X<^1k3FzLN(ZF z8q;VgIjJ7cItiX-*-n0Q2HK)`EJgV4-N=>;ANfw;+uN|~C# zo3kQ+3y_9KVDV??()zFGt@0%D`_`>!Erj(qTYCQ(svC01=zvs87~t5nI|*o*dvf@? z^t?aRW?X!xKgww=y!3fo#cZ~e`F`0+b1-{<=olME>VHxYE%`gdgOM)#6>I6G)-Bvc zFCR^;C?MTt65YYzA&Wsc;k6qn;Lf!LCMcV?_$xwYm?KAk*pN>I63}38UM>A zU!z!0jS=R)=$U2F48O&3@x{Zq`z^(7gj5Xoc-puN`+j4RjOhNm} zYV!+O3(`I5C+{+g;Uv1h3`U3eil!E#7Ri3I-2g;#8%w8N^b<7p^x)xm4h zK{^lr$pa_-|DZ>rPUYRqnWbLi(tPSP1~CD>`ewsHXh1DG54!$tx`!wMoqTn=Un_s9 zksdZpHC6(S%m}m7u#bX&(`}?cs+??W^7Ab2DlVLW8{!j+40mL-1{(<;JYZm0Lm!pE z$B{QTfURlj>#zNKuirPkoBb+SB3d~QGbEVoDWHRO!^e)~^=GR7AM9)seEJSo*l~;# z7Di_m6;7q%N>6B&TO z90>r50X)?Mgv8p(pCxGv$`$3$HO!RI`RBYlG0Qgqtr`16?R3b}^EQ{}Ra%g~9s`GR z4AuI6<1O+XdEn|<@-WBeCNkpHQ1f(GBP8X$J#XtqsPd5S)*UoDf-FH*r9@SM;ZO}Q zII1hYlra_9*;KgbAogy%X8hUjgIg0UIU_o6l5<8puN7n&vIBmp|6#fT2nW8J?TJcH z_>2Zhze`7gTqGMvag-!Lv>$-3vrc5q)p9S;I?BbH>q9MT>QK>aTCa9(P5?8O>5!8A zA{t~pA;VZ3T--5G))#-j>f;^Cvd3S@3voRXJxL(|H(NH@bpiS6DG#sh&g)#lbBSU1 zgEGa3I1B=1cmjq}bqO6MkKF*GS+xV)gb7q>5(kphuLVpU< zE0R~M)zDQgAWSkBER_behDc~7hpWI8<~X>yQtV*Yw>_K!&y>0h1VU4oS`D+ z=R=mP_Pw-v@6uT7CF@&0FK*OAWx-P9T(*0aS^q+X#FyaR>)-%CK)}D<#MK%Xql+*v zAMjMCP_UuZv|?SQG9#jZQMFQ@d8i+a1WE)h2=|)#u}Ecji814k$GK%FLxnph?fZ<1 zvWQ+O-SubRP~hYLRO{6-=h(=OOhwZZ94VF5LjYYIm*a(ovnA9F&tmFXN=aVVZybw* z42Jr*13#h_aptu={7=2|7>}VZ9Q+-*meC+4o7wv0Za(3N(!KIr@i&*&pn= zlHc!zkw@+o@_xgGrfsHh4}-5NMU##qPZLzZ=lKPU5ecFC004RN*fi7i$ir7i)h-M_ zZIl}M}`H8^Z9q?j;#_{4L@7-?gZgo*nb42!v>ZP;q^N49$}t!Utl z&H{~v`J%F)JlBZD-qCA}Rbv@61)C_6l-pZg#S{Lw4JN-T=yqD(ab=1qA|&8wO-3)j zgsvZKA?!?{<%XMvMe3Rf_)@!X?BGGyMIuKS%OSKI@b#@ge*oGHeo`5hJh3t|H1zE@7}t zD@tw&ctq!6X4K^u(pYwTw!{qidCuU4~yts)Z5Xd50cXR+OA!oY`Jn?}yy&$CfPwquo7~E>2VZw_}Q8?v| zt07Rjj_yFtysOxtKSXNh7EI+!ttHD(Gai`LFX-0)c|K)Vg4$8W0lm@mMtMPVBXseg zd9KBVw`NN!7eGvdzGHod-p$yg}?fgPFsY$8G58I_am5>%cpBmf*CN>WwwQ}S3wm!*t)j)lOEB;!u!8t$^z zkSiQScuj%RLzj~b@Z_6Wq8~}S zq2|YZ?Ir|vxOiAZC+r5$GK?nh0TY|Pk_w*WCZ0_SRAJ;F25##c!SaL2V)pB!Le6xj zI#H5nl#%RYXjTN;<@dqIf%6=d#C(xz`)vIa5n9i;&(lIkMI<`>+p*Zj+bRqPR#R)AN}Go zBIYY=fB)>EKIiK>6`iwgMufpax@kF2HMpKAq3g-=6`^_qyc-NvOB_!fQ%4){;_;7n zkR7^Cw~cYngnRfevfWi-@+Vz?0ptW-GgS+mfe%(0m^jLDe|;WMp{8s~DTvq9tUcnb|!;%k1{@4_5JH~@1Q6!i|?Ln?eQa8jYPdb&W|5Q zl>)_(kkYV#R^a@irAT8>>-&-Vuz+tMD{1aGS+{q-X;1+qu#2of7Nc*Oc{vn#AOZ^% zcp`&7n>mk*%qVwqdhfLm43$FF&0iZlA5vH=0c)5|uQyKMvTpy4;fykyA;dJ#=q$mL zMYk(@i}MN}RMQDqlJwu|cj(XM7@e{FJ ztH2WVLiNRlp2=MYW&e`X7A;($&mV}`;;cEJomM(*dB~$qXQgM2hwrnNfX<8v3c{{x zR$N0A{bZNU1AUTZ++sw>xqh#gX}Ra%>}AHws%jf}Wj6RjCJmiOPyJa3`C%v(L&M`xwm`USCpu{vt}r( zG!jRkpDFcZ3sYo-kGt70CZmb0e;ZsL!h%UZcoPf^ovpl=tTaEdl^WXKqq^4|Wdx5w zvT))(Ub_=1oP3c)(-M&v`#p6ga^-5AelzuTi{-<_=YlHT+Z{SE z2^VIq-9x00jpIdLe}DB>4F2oIUBeii)@n>GjHJw5g(r5RDc6njVIhhU${#$2S;M)vOx?NEsvvxNwTwj<@b@d#ze8b#N98}(JaCCD({CK z$z_9;V0r}w@1_sRfh36;Q3UOJ4x~0bn_=nkCKme{u2*>9V=C{iV_p_Yx4vA^^BL*s ztp=;@i#Nz;`f4pdFkX|p#~0?eYM>Fg3Oc;Mlh-Q^{^Y`#0a>BT5HHR-%U`VzsC8s^ zOR-mj&fu9$|0Of60V-?xG1$>6gz7vQb=P>ikG7>Vf1s_gv5I&ulREol>bgEq5?zFd z(oe8t*n~*Rqv`f4k@uFPQ-+fe(YY^qrd5J+?qk2k{A}u}P-w*D2(76H#Hur_-!pE= ztO_%1I)F{*jnUB8@Bb zz6@yity_T2Fu=sA{T+L64xDzA{(aE>4r6CQq8W_YRYLDh$LL&^Mh_ExU#~a3$TGutoD|FD?~mv4M$f+8l>sIa#tmvV%NHz~`3%Q-iv=w+StqWN{X*+Vhba(4T<0VEVT z-kr4nfUy&TjQp!Xf|8CiMV#*~re?!{_`PSWHM()TV8^cA?)80gL_rS!`mgoeZJ-^a z*VGks#nfkez)$+Wc4W{)wW|3T7=$#i`fn5b_maoLo3#_`10IkD#9M7p|J{s8D`N&R{U`Af6wEuS63b1)!5>eRCbwuQaq%c|$Byuxc!NOHSaVSk^zpq2N}Y5sRN?IZyNUX|l0) z!CxEu1}h5p7HacuYBN{@hxHMf*4KL>`rK#QT(kXBG?Q&)(`CN)1&>p{mZP9Wav}5P}tL>V*LBdvE2Fp~ZDz9j9BFxu$%&RcJ%d<0%BxKLI|Hr2K z-HelJzRy&s;yhJ+V>+2|oSUxIJIW23|}eI;;hs1$ewd`*&{%v*^73gV4CA0mD{LCMB7ARbgH9MI`h2X#sVIaD_GW zBh1zBGPS|^z#G7Py6d8MFD%jkb}s@Nw<0mMYa>~O6oe}!Fu#dFLG^xz<16=F18v_5 z`x!#S?$L<0_h5RGc+jbKtw)o4I7|`>n|ir9CLfSgk=7znF59p$FCpe`wOd_~PwAX$ zcu$cCtne3IC2*L0I)lKO9F}w@m8BuSH}ogJnfdl5;|H0;_9O@ll|fMb@o@JY4fqrl zn1RkX1}%xJ;9(fX7SHIvc9K4w=0mJ&aJUo@Y{BRO3v3|Sl-^#B=h&($@e4>h^S%Kj zX*u219(U5;`p7;AxM$tMRb96SwycoS2k`^J*6xdS)0mjs))FNi=_c;;uVQ=Hg+J3h z{Ve#-kT=pnc%y_}j>BI#;;nGbz@xDUI7=Hg}U`;8-}ic54RiC)5M)NfH?4T zjT=B5lvC60WPp*9mrh!@)BmoUQk#>paN3=vYHX3rPC)blV8JZ4p0{yM;HW*9yxCq5&I2xNh>2y?*<5yv*RE7 ztdCD0fUGr&Eis=4Avko6Tw#Mwdb};WX=dh|Iok0KnQWTTx)3tvImvPyj#x^( z+>RmlXVArW)paN1io1Q<<+dNDo0%pl>(yy-+r_EozLfIz^kL}7Inb_|_IWye%)HT` zx~3fIk_MAfgv5qcbd~)EjuK2qW*0^A9oo;6pd&@|X#ZjHg8j&V^Xr3HstR9f^EKj9 zK1UY?gGfFct&PARoQygTiIg1Q<5O}keYp>fEnRRsNpbq4B5}?)C%+3Dh{$ zFsU(7iZ))j>iOW`z+!uD1!i7GDtZO}E_hu+RQeWIWtMiG`xq$?9#vC5Dj#QUX0E9;h zwO_TTFU9yQ8Qx+4sx#F7Trgy#^!9<{_m;OQq77gmQQ|K7N3ORj8Vk~lfryXFPU@3t ziDGRrj|xuH{|Q*9C>v&fSc7sFkKN`ju@d=iyKs``|~&oFGi7Z4*IhIYrS zuRS@RR+Yn?G_)GYN?RXN3M>{$(abwjpK=6 zI1z4k{BX#k;~pdxc>U2~_luot6+j|#R8+}NNZ_!3_lY(UJ<+(BvY@zUQx zRc0sYPTk`1(qiz<(kZi0?T8B)dM7320g4$-te3+0CUnMclIvwz=kc?b_I}ur6`3VD zk_l|T9gIp}2~iGGS@o1BmkBsS&DvN$Yin+tdLK4@10d;pUK*anI5qcMv>pdGmNSKt zZ``6HkK5YAUHW>tWFfcG9rodZ6p^CoC!SG`$a3+WF*qj-Hp(A@(9qj0_w@2`mfDXh zITueo{!BPOe(3$|Nk+U;Hs4stoSQ≠n`uBSJk)KJe97l_njX)!w|P-xm#D)$QO8 z_X|pQ#^#)3W58>QkWq#W+L5}EQP+{*`}Tb&j4|r9O!xWa4IYc&jw8gmH0_8v<>dzZ z9)~=W+WEZ#`=>B}4vJZJIEDQaB{F}z^}ieUQj+>BJO^3h|0YP29F*qTzkL`aAr~c5 ztd;np+fwR~{Zv35o${chUNU8qT286mEA9p`IO-CpIBnP}e`?v%Se?K49>xFY_?|`F z(Ex;e!xseM^vSsa82ikG1?qrOO0eXdlpqSo8ngS@DB*Hf!s>FbH8t`?t6u1?qpHeK z2E2Jx%*Z^>4YG#7-8w>{gH#ft{IYKVcUQi{a{UJC>_o8}k9sY~c6|i+A?hq>$<=`1 zH!C^>`{3yVWO=4r!HU-1RQ43Eizf+L4Z;O^sTd7Xk8|$7WRBsJBkL;?mO6Dv7vajU zR2^FOC3a$%NYSHIdMZju{?MO-8w{&kR=WGW^WK&XF!2d<=7mLR=8#^UVt5Arr{saJ zeGV9ybf&+1`jc_Hj?i%bsCC!d@UzoUB=_t!^V=Bk(kUI+HMy<398{*nfR zJ^_A^g#MWcJ0Y>3;`cLn5y?Kgsny7*;N=vn6gZ_yp*i%av%7lj@DIsoygh|+PX?(_ z7*~@|FmZuQ$>TK*MP-{8O%akfF)UUW+DWP_po~M+OWQmSuOY1RJWR zJO~*fA~zm6S0gM95Hy~xD?e{J!aE}SebAf_(8LR#yqiMKxy=+(P#rbJ8MUegi)In% ziJ8Gs(X@)h?f$&-&Xihy;KOc^APr**BhC&@E92yB``Th}GE_giX_m^=DfTdKit01$ z1x!!9ISi2i1y<-3OX^TPIona>nK=F3Wud-#A7u2*rI9-X^W(5 z;+}~f|bxoxENbx?aWs> zb9~@xZhzpcW=AN}WPN~zFzMS%j#CFN;`8!P!@?*?Q$i!3=X3+JEtb(Gvoyo4$q&oI zDz168oHQI;J1ImeV5^gMHtu{FmJ)UW5s*4?=WvlLgOIsQQf|2SL3r>1t7#@n-sIs8 zUO9o7Ueb(uidJHCHZ)v#l=#qS($%->u8-t zICt|`*b}#zCb{$xq9!WzJU>KFSwrzB@My!2eYWVEwR7cE(O{`a-sb)0VeNKbUI_4e z2Hfn8Fv`Nj!j6%t|2T{81IJRT>kRYHEYOs+|bA0hDlr`>C86G>IA6@!r>D z+1Aone>6ztMTr#Bb34sLP+qk=t#|{C?VkwGeW_F?QcOdH7|j_;k>>JCviE1vfLfgC zk-L6{mL<*Rk-Bjk=~N^@K1zrY`QobcBbU=Dt?ccr#r;05;SRbMH*HU`wA2_%xm_6y zC12wVit?vFKil;1cIt)Ex7S~3JNQg<2roGgmcDm_tS>&t-T+P-?43FOx!0|Q6#r#3 zgKqRtey@{sF4VaBoB4iO&1!g8(0cUWY^RFB8^Dg2#|_~8p79NU%xthTS^_pw_Y-#H z>Yv{lP~xS~m?9`yu*Nv-xUIm$M#8>ZAyQ;|VtH^PeAf$1Z%Er03XWRS_4I$4hac8- z0s~U)O6uZ550w=AylTXfu8eiG=nM#f_v?O&DLD!0$XtHpCA?7T_}%mNf{Ior;5Kc- z>&vDo`*8MB3x9aattJD!A-|GVkO&q;`;f|1Cg^kjzM7k;Y7=Y9E$Rl!r*lbbFuc?O z)Qcv>(vz20*!nv!i2ssC_2)D4zmgeCI$qCra9^#!hOlxo8Z=pDL64v2_2f(p1%? zL-SYR9j$T7SDrG6#;n&RP+2e^&}NHIx$jwx=c`%Kju%gNt~8e4E1ZMozB!;sZUFga zyg}D=){S|Ow<FLl2oQ{)h@-tMHJVXBZ(d+`tS zsvNKnj!j|V#8Gywhn0f^>c+{G0iJ&5)pt`!yib={s&JZcGqZd|p%9gVFPO9DR8UWk z|5S3u_e7#b*fb3!@kV@~1eM>5CQPiW#Br+#=&d25K3h+%dBhAC~>Dc zj0-z`z0d2|q!(gKYvIz&6B> z?RoPAQF7MUb2-XM`O;zOGXI|`FO!s|@S^%+sa=CU^}ft>i*f5`T{GZ3L+(T`gZ(X& z7+r4~B(9D%1C9YV4P9Ee{8uZRGhuztGrgzZ)p4LUUcEAyCd(sUyNmopzi$W&xegzlamV&!OGyGKsfs z{sCJ1Rgzzb-E^Riwmyd7{(KR2*F)Nk%WP)RE)t!^EvFzLDbqIe?(IMO`h9;57O8u} z5DYc1P|VnKoXP*lPwhZ$5Z}tF;{mV19Lq_OqHbxyn$IgHQ#Xb%v1RUs{Z1d&d_kDj zh{h;Jb$X>(coVY@T^DDW)U4hQw`tu1#gGP^b3A(^B7YTwy`A{S@nt+mq-&4F&fSMT zpW+66w_Y8=BLK9zjln>=iye|58JP$il5?&hDsVfv9|Z0XHg2wE_^Rm3XH%BSEG_5d zyOVSBsA2JOMMY^0NL%*p6nbi6<*(YRsO;>Fw4^MMSnb&jKo6b2y^slqy5L%#y%)|K zOo)&&9iU-86y#5|2@4)uH>|=!<_JrZZQ?I$9uzK?3>bn_9)h8-h~58*%8Uhce)0`q zCUJ4s+?m&p46l*xYehEXVHWpA{9eCTJs@eXc`b`{9RkN3i0Zg!(T0#{?h`uuW-MI; zmGztTak*aO82&$ypQrL?JCVo9j^=OAieT9-=0%{}LwG4}v%8Y3>&RNhoo6x#ADqh7 z^l&++)8pEvX?2?>@%(!Ka6u~SME|iJh`>VZokS$`@6*n(k3;P@fHmp48sK9QA$UPM z;ipVU<04WKYNj#3o5&k)XRTi#c~aMOOLv;MaXZ?sQJpxbWm(bY52=mUpUZWQ@wWUI zz3qGF^;5zhTzX4-atO-oM0?@4Qw)Uk2zOk~M& zP5r|nFG-V6$+JO^Po;}Xj8wE!Pu@GiAGADdQfaYiO{ZUWYw04b;ujd$SYW37=`G`I z_0O@rx@eD1e|F{xkxmiGE7?6$mIU8!Vu=)3qtpX){$UzlpLwKEX6eghs|x$Zx@ck^ zv__AxlR*?1>AcBJcI>ygjS}_Ohu}^c`hwq26+zz9aQqa+&E^G@d_|Wfu(p17f$a! zt<%J7zavaMPtLV>(g4Zd0G8m#u9~bbB&3VIW>c4pGFqtoGSyFs*%QCo_mV#f{y>b$ zBidyf@gp9t+~Zy_+WM3$H;iT1v!GS?dPhP93mq73iaT4T^%79M75zSPIP&QSrOI`_ z$dOZn1J*vb1fP*-vd&p4jit%^3)s}%$9S!&tr^Jeb`1Srw>2r@CQc+sRmk3UUrj2! zpLA#XxY));M%u!>GDb8VQ8=yV*dT3jrptJ++?Pvlh4*MmMF1BPF`|w+N*l@)}cjON56h2-noE4rOttX-p+5zG;xc& z%?%@x8cK=#tFa5$Otd@g{AdzXCpR9Jk=z}ysSdHX*Bmka#rx(D(?Hx70(Y`aWN&1ldvT_Z;%TWBq$uok2*I*Uf9G zl`Skn|HC%NNZ1M^N9Ax+bh+ zBq8{isc!}B&i`&+JEB901NAuQ`8XbWDUHLs}-j;Bss!6q*b zwcdd&--4uXf4BkY97{6ZMdGkqz|Gonl$%@7XDy@7iH_HZf)15Mp_&gg(vyh_zB87N z*Ax_Mz4Mp5J(0_`L31#>@{!I`VpJtW+*J)7S4gtk?l&7CrdegAYfZW#bZ z%DXm?S~AT#h@bu=XIDJWA#;^}8qc^&#@`L26^pko)XzB005C?TE_)03Jlm*=-jAc% z3Zdt3-<2+!sfy0yqxY+U(xsWiqW5H=)G)->;vsbCNz!MzN4(P-v`un#D){`N*RhP& z2@}*RWf?5J+U5KJ!4Qvj+Y>uRMJAf}FH__L8n2@e40dWS40M~1qhkM*Xyy0RYjA<6 zbr^F2$;tE5W1U!uk@XU*IHc9&GmzMw`%Sdkuz#*}S#ntTp^QNf54v-XKaX;H+}Tn> zWobU$p%brJY+f&!U<9ftm%8V?ib?(DhH+Pl**!>Tm3HZ9+8HY_PIA!;t8^N47xcor z@-eJ$rE1nP2i7z6A15cHWU`Hn&dU0zmJEkqRtmlF$bXlot$Dzw$k{@lhXDh_h+v(| zGE6yT#}F^kI?LFrd5%b;bKSuNGc%xM!4JnCRj(OE5KOZSx*My=mD5*Gjzf+V>Ul5h zVc{hWL+eke3b1|8Q+>aB^It_7CB#OX7~ey=F-!klKK0%-pDy#ul&gY(n&268rr4<> z@x>w!4GlQ6BAGI&*EeMYJ*5!dFglxf@g*@aec{*&dj`%Ac={a7hrR2j_pczUxr^&0 zm%D7n|5P{e#P9JJW80r#j8nHd({3Kn#}XAfJ&jX9=`?&jLiC#su;2PkqT?F({SMr6^okiE04 zGcPj|mhMnWZDkS1=|xOS(Fn6Ycz`47PGKP<=+S&;7iCP^<=U(v*JkC+4c%< zJ83%w^xqSMr2KsJ^WDIk6(EiZZV*D;W<;d7&0qV7awg;$%#o(iDq{ZWyU*wM$cezS zGzsvQPFugSn2R2{RoH zbxFk?b>Bhviw(mW9*)Gzv55jbU>cqeLXs!i`LSVuHKurkRh9S~=e_qF4;E-3hN2D9 zc~fQq8amC58&#yKS07U;HT0kwSI+DM0$R(M@}cQj_fO3wE^RJ-1p+@xrzvd1zDtLN zAD2KuG8)70jTsW%c>(HXwjQT%T_tFolRXGu+GMrgP0EIup+acYSY_7F$Ps?7=5>=P z3rje!smK=tDZ;Lk#adJzaDE=)d_`sSSOY&w?-%SHx!JUP?n}f=Y`?om?GZ7-Oh*Z= zrpQynQ6f=h^Yd$W_&p21*Jk!z#s~MD1y_0WbR=c_N%NHp!{}B_xYt>xgP9w15X`q6 z3hr(v31yaeiBt%qcd7vzLmssNc1iZhgcT!}*E28nnS^j7mUW;HdV0G~!ZHO>lFd7B zz5qnw`BzX9ouPWmNoD0OOC*09RVI(_aXae56<==B%!BSnKD!lgB?uP4d7$Q z5=1tLqPT=$ezdLB$|sD_Qw7p>?lv#=(wbni$5itVzm|P^{EZxb-~uLd7N~Fh7%Pfa zisGf<*a?c~*sR8SbsD4%kPGJC1yXGWRSk2)xz9L?=3nypCDBV_-mE9@}2 z7&pk)3A$S(O20D?5pL$>&4G|&RvDR}UD9|O{MWe)Evn1S8ZLMJT`tJTsFKADA#v4% z`qvJ%O@^U2fati;+?M_ocy`AMVaxTwRtbg**(Q)2VT03NyB zl3P%0_wUwUx_p-eXRU`A!ZT?$E)TJSC5}2=kikC52&s@a7bE${jRpP1Q`US`8I7hWn~ik>40?K=J)V*4=v#*A zioo2&F=&?XW%r(qu42%_VqbQ+H~8#>V~U!`o6dPRQBC9<_>A5>jJ^Q`+#mx;c>pE! zbK_6;^m@JZ^D3tB8uSJyw_CB1bVxE4Y)U>D1o;UFMw&FT?i&9zA7VKXE&4iZiO|;! zl9@#u&Bdhv3am&djCqMQga#l2179wu)VB1_X!DU4o(o^qLhr|Dp)ZjkDWp2)8eUj3 z2P!h&zi3KQEIm5EYH34BheqcI1v%+w$uUBIdBnMv8wpc*GNbubi2M_YRe`BhX!k zv2Zx)*R5x}58Axiq|?N<-3xoOjY}#mV$+CgjrT#p^v^hb%TD=Je7naTC(^iM7r*cO z)DOPd4CGB%>y(>QvVi5vRHshqs$fq;6I&RiS$>PkeuU+z=hzgy`*`MUCm#{E+n%e= z30(jFUB{PJaIG={Wt?6T>z}4fRa8CyywRb7tiI%NI%?jP!nM8;m*`f)&jxShM|*Kt zIF^H$XRYJX?o~AL=DLBD7e9r49FFvlN8{c`+~x%CJg>gpp}Ev1#<=LHw^F6(K5K@g z_1DF1;%G`%wugKLBXasV!xLJ=|4Dtt<`t!fn%z3>KLT0KI&k8jbVPr**A|8+^-8i| zW@|Z_N4l^07dAbqG+=1?wep@t9!BkgztW=>K8z!Ka2Z9}594~fqFMjnCi@f{-fQ~^ zF-pY8NQCRCB+wWsr!fCk8pH4Slx&C>&_Z>TVE(eUBWZp`gue3Kah9^csnI&;j|Z4R zE&3vL5Ey0$mSv>7C;uzyeEJQmpLLLEX2@~#_|W*VuB7HGyBolhFxE#{bl~J{@JdIZ z{&A3rGf?p?dvsccJ1}IQkjd!Fy#V7K-y8Cx3a6dJJ^*D zl|%z&m&&K5*odp=O7xhP{`O)Z7E{vTJ}}BC8jwg0Z!j%bbk7d-GG=@soLC(DM`_VH zEJWSf1{SY#5_ev)ci>WVPn;^BscdJs;QuTDGRJTI_Lb48$-?X;hD2zWS?s2(r`YY%qsjAkEUHe4~AoUtw$_D*`)lieaACa3L$ zcxkOIov7`<_*_WIFp4Ur2Oo(&>G5>WR=myx`YPorGz|cEeBv zjcpi}e9%Wlo`9XwmPQFrCZu|WVR>(NIL!9_1lNZY9><3dN_y3);P2r1n8FdNHi&ds zn^I9FB03qeKU`e!poQK#o=HW@}lGMPU@*T~(OLM=K@m-c-_0qIirKbU?Cn>-0Mn%CQH4F& ze04TbU=W?P=XtgL#LmMha13(h5#!FrWdI`vTwfe(Fi$1Ck#q$985U%)m)E(|s5I`> z7Zj<3GZNytJ#?*uRDj&`FZ=LLoI`zJ3ACJ5@J<;^wS*jj1V>a`ehHZa%f zI+o+9Gv?VxE~C@4rRT*9zH<_!QS_Xye0DN8?_`wv29I=&%jNf)Ho3e9B@YSo+bkRb zKaz41*^jGIIcZB&u2-Ji03vL-{~kN2#rtX{b8{MlGz0O63s8fE)@lqd9WZ%}BY#H@ zmuFZxiwvx)+iCjpy=L%y_;&AM^50&P5P&R-h`)S$rntRH?8882>s@EPd^n;y*`Qcc z<lN;l+5_|_STQDmm4o+}l#;jl-+;)OpJCz216=i8vqqmW;8oG|#=8}~C^ zB)`a1(Y>G54THUn)}13N-EwTI99rB(*QqpQe>mDk=6|{@|AjneRD?fSChAAY>{Ot|JX{3z)dOvLoQNf+%ZH&A5%QNko=%ut1#2X$6Xeml@pa90CY@# z@z%Sn6%HKI4mB(oqXrEanmz<+5AZ31*t(=f{MmV!(9&P){x|$IU!4@>8hp6mxUV}E zDOxwCpqUjzK41h-8U%U`1fJwyJzSp2o_AH7mz@s#TyJcRCn4{bT;e#MOSBSC(8Mj#|5mL0ZN5GKdEoKGHJuGg# z2ZM8z=X95plI)T;q`^d2^J4rTZGK&~KAZkpya4m904q%o6Lm2iN_9~V0v-EUY78_H zO>>XeHC%LA`U9t>C#L4?h*$LlVIECthKEPFq%Vzi4dtHtU3p9=3|9?Af7S=JvCC|0 z$#9<`>ati!0g+&^Okfwo9Enz@${+0VqumrgyV!;Xb$mKsF+D2nQ;53N4x`e`4M9|+=w7@N_UeKPOi_^}l)H`aM+|6F5 z`Q+tlk0!dKs{9GOc35FU`mT;IF_A8#A}RKq+{}3L22k8)?O3Ey*6{eE!~S&G8h)Xq zH*9bEiD8+tYbZvbvL-pBfBGSwLAW$$ac_68{qhUN343pfBx_Wxo|(<<6d~$86IqAE zz@5sd?S-ReWX6?WZmbt;&JNDt1>&9v|0L5MpAIugig*?;NapwY-u#pr>&6mVJT?Dy zY#lv*a;Gd=FOi!MHkL+j+)V@m-!9Le(34>u(V*^*U+C;DF~-hV6n(;Lu!;1Vy^m+b zOti3MfysoF(k`)iSD~|;YQm@`Gv(wW-AtOa!Uhq;XM}&+qR-m=Jrcr8iW`dv?dR0r zV0_|i)@Ix=tF7w!{{ElJ%u4C&N>0CeV6~GrAJ~jUXyDrf9g7_&=Q^A8>+1c5kuREM z2G#^>r((lT5nCWW#eom%g;Q@Eb=GsO><=u^GJ>dM))hP52}77bAphk5fYUxrN;|R&94gH_Qa|t ztJUUpntRkAt)zGR$bB~X#4JCA!}Ht#(#nh{mX{O=9avnCo%o&-c1S=MjahA8kD;O* zMPtGk<)^MjDk$CO(%9!}(~+lKQ04e$6t+TOfcID}zwPmJi6++fGrLc|%-lZP5G_am zHKtaD2Y+Oah&x&DOY#dVMerjpelV*NnYZMsvgRh`Q2Fz@Fq|tt?`1mensID?^{Yd| zFRN}7KC#Z40+*PS+}#JOhfOgaA<9qbYoh|ZhA+90+4`Lg^X~;59mk8F7PI@Uhb)8z zM5Lg~={}mWU7e`Ioo9`4+AAq)l@gGO7c-Wc@dKw_5DkETbiZN`U2O6!FVSUqh2xu< zlDDj*Gi9EpUq*_*6hOVA7L4HasfITI>wzQMLaU@3z-3nX=oL-yU&EcL|6>|_E7X0( zpwV7ma4BV-Q<#ku((8WU_54Uyju!jVA$vG{@!>Pjz|kOBjWJ{%HXdhhA~eVww+>9M zNZIyxDh7(L<1iwTcQ*Bew;Hn&fSU!cz z5Z0I>T@fe!Q3nIlW2&z~+8lvuOsKLH=!3x+{pY>6mXMn2jXQ%-K|UQDcR&EjO^vn# zB39}tIU?-IQM&^Tzi;tJ81^~nOW4XS*3^j5S^28tj&Su-i(gM+zmm`i zla?0dKFIhFny)j`?R`S*fCDcMB(;HlMmY>9m6>ME`qHEPE=q{D@|o_V5R=E5_7pFa z6}uR5fzJRbK*8T`8(S?#gq7LAOwY{gG|G~Cm^N1i;=5H3Vi+E6Ov-Y*L~#q&ayvPa z)4gkI!nm}fFPq5Y8@ytU%3CxyoSk7gbsZ;y12sLW+52mZDtP3xelRJ!-JY4=4ABnP z$-yE(>PXzD;)b6c;!0Pa>Tz}f=1QM~r?MJZ&;@>DR=M74x%Q2jwLk1*X5;$M)}};S zT^f52YH8hjNU>$W99d4^sw;h0k5a7x!Y=Qi2e5@A6j9kr_Bsz=oaLRR+n-LY01@Dk z3DOvtjtz8tcmtrri|!_^54g{J6p)tGeoCb@ZjQ^l-CT7&&wH-H!@MJAl}BtpQ#iTJ zmjvF{^o(#5@h4N{-)Q(deMkb5N!%WsO_|ih>FuxxB7C(LJx{ZhlOO|*ucO%EMp>86 z>|LgSTq2D=9kraiQ9}`}h4NNx^Ry98yn*89i7?o`p>;v&9lN;&EnRpwFKt_MlTi)H z+f%XZJ{5}cS-}QA%?fY>*iKFAbj6Bk&_`)tgl@+a;J(wgu+uXuf@~-@uaS?^)b>iT zA!a;>&$%wbQ!YNG4zKV~@P=+#KK(cH(-vdHliuF@uJtlQ8DBNvBV#c5{8iwhO)klX zs0=rFDkm`LZ}ZvmINpVyF}?i0=dH1HdKE+edunhW(&F-zw~1E^JGAi}{U7&u>+cVS zx>z%yoA{Ntbkh@Qe)DOUT{3-P`m_FLCi3{o>r=aU>~cx3JNMoUv>(>zUdWp6+&1mDD*##K(hRDe)HxwT7g9VVX zzBjCIZT5T`Y0vk7EG_=4E=`0(nut^1&GWLiyby04^m*xi0lkkK5 zea!XzPaoc-awzfo$15?zN}A4=?R~?Fp>l^zJO5Zs&F_&wnW2x^oECx8zpJ~}ex9$! z0;Lvudx|s?p%-x~piwV@=Nq>QB`@pYNwITIz6hm=qQW#UPdZ75RGUp{w~9A^kxz@g~y$)9DG6v|cjL>-N5u zzI;~W|MLb=3FRdG*vb~KmKjkl5U+{yspaFmzK!CHe z>2jKQX%sY^BVQ}oES;0_I7T!ZX6>#_rH_QHiAwj$5TOHh;!heHSvTu^%vlIQ>D)=W z$?U(S82BT_SE}`tBir2%7Gb&@>+&63h>LHY`a6dLh8t~M4>;gK$pkrq2C|Rv${xxI zSL}lda0S#=4QH%6vT%4k|9~o`X`$Tw`n+!$W(-kcjv=%ArV7>PilmoMOYE#jgeIC9 ziEIQSXF2`}Y!+RTHZ{@878Xel8q=^zFDc%X!zG%)5c%cqdadGscPF1b8wsu?Xf9I-fy*&V6p@7SlPc-*U#yTuv&DB|6a?r|i;7Dugj>uAec zZh~Qzatxz#k~QtaIchD#r>ipWM~*1F43OUdEW{|dyiqwg2vbr|rHr&{Yk(GfLSUL3 zmB9*o0(niWl*THw?ZoagI5*j6dnbg0$?dzvx14|Wz1d!aPkfH=SBmuoYkbFHey>$c z0rcgw9NPkArKZ5*sufT|n+wQ@OKhd2QV?Hc2pt1ZNy@~!?*lM79U~v5%f$;iR11;4 zTTLmpch5J64c{$lROM?R8=~~Mkc$z&z72$D-6pfy0lh*{-)(y}?Py3*pMQdidr6;? z5P)@ehv`u159F2Oq%^*xM4xfV{e!sV6yrkGPDt%{eJgzTL+#VGL4Sg^gcOciUt>UU zNJsulZll*XIh^}&i(`XxY?Yi{-v(d3+|N;O<>yqeRvpV?I7w_KzE^1?(uK|ySq#N*mK@3LgJ`h?skBDSG7wF&M(m-Z+mLe-B zh8r3eoIQ3TPdYeMk-kbsYm;A{S98weP><)?Cb_#8o>e(nN-!SyiZ7lU`rh)d%O|_s zAJBs-1(|$ygt;*#bk1E4OB7`W&g?}A8kr-wS?*`Q*YhrF2%FT@(=j7$N|SNrM`hZ%tgAldEBf0g*R2f0t0GpPeN^0gKmY+{4Y0|De}p{*${(Pq_^Tt z$|kedCi0aW zpKoO%`@&4!%aaBb$pSo{#BE6u&m3QEqgUIm8yozKkX5jBF1l{5d+(OrVSJ8~yoax8 z&$BoW593V;UhOAb=|NTt2SSE1qWLmw+bMR3UZVGG!9$ol=#TZmpTO04L?=!n>Fv^` zf}s+@{XIMe9IQ{%AJryC3}ZZEg}aBDYEY7{j|4NCC#*DyhkctXo5}e7{dT>Gsw$jQ z1Vp4=Zvod);JJffOiCP+*$&40@7jw{GVIhtgmrLc*=%CHAKpjzs!5qZ$Y6jJEEWub zy%`i_mlM+~6`n~yBNJJ9;aE1JWHaQUg~>lPf8Fql46;U?GNC>X29udeT5o@^{+b*p zcAti9Arhv_aE=^KWn|Qo1(|$axfq(u#Q_ZvZ9fQpQzR^6U^dPCJ<3Eb_KU@}ar4siWU{wOnjYkEsqV&iSxd>N%yx(J{1XLW&wZ@i==ap!+`BGvxxM+E*#m&z=9_GshbVzTB3 z!n+4*lertrm`#WVn~<)lOiZ7~)d`(Z{aZ+PVvDEbt)*5&si#95X1K`s=jwfS%5eWuHIKqvl{fTd~nVK%Q)Om_PL;=gY%+%1d7t;H=BGvHUpY zSMg%I{<9Yw;eRK)Quul=MenX3U7MvOFME~m9q5}&n11-6?<$#;3a1LH!1XJ#32>$o zt1I_;9<ErU6H470bJ=xt5^^O^ilKp}QJlU%PGR!0_w4FH!5y%x9&mi_7-7(ha=jlX_a7=h_ zafYlQP8)+(pUYb164#d)wcU$>;`L4!u#pCHkH3v(5THKq^s;IvvQ72ijCqffX2=&w z^p^}vX|6X{yvDw?Qcs(eL82J8Qghv>-4)#x0az64MKqBm$PSa`@%&wJ<=xU{51gTL z)%43~9abzDDa^g2{z^kBj1weJN?(8}>jpR)zFcf5VE|1!y0O45*yD;xM(2^_y0AOJ8W_ko(6lF2)-B7erl1z&^7$!GK5d& zy#*)fx;)>C*>F9Dmi|4p7)zX1_K3cph1$1@7D1Z&3;5g{K&r(MbS(g6+DG){?i+iF z7r(EmZ>72FU{zg2QJ24mJ~(29VXjF^=q!BG{I>zrn;AFZ9oe#m>n!AaN+#OVeEImb zP=uOZ3dOEDjFjF39+tJK`7`dDoR`M(w8O#BaXJgdVad@>{+mr4+9aOyX$pFWu`V*r z1M6W$VM@8%m;6)42PnCZpYD|V$M68Jw#kDYE6JzYkWGG}bAaP8WuiBx};CN>Ei z(Lf5iwV=^34p#y4i<*Vl1pDP3!$PD>y!Ui{GN{!atfS@y&p9)^r)jThr9eq3rO-7< zDf_n$Xa2bUM0>3AYh!^C*mE%MleQv8ZfC&r0dEK@D>2q^B~0pVmRGav)1R4l^7ebP-R}O9=m6S*PQwjea4Fy z9TQaG)NMp7=yI-8A4Z%Y^qrqVy!W1HE&KC|a8QOr9=jviG$B+Lh26?aX0f$69x#_z z4|S@2w%y*t()hLtcv9bZxsn&Xg;t8pBqMWV@dqg*J>`cc zuxLI65*!WRX5?>NXUZmP#4H%8(NgNe-FsoWzDA{HLLQYIduogIf-Kt)AEg;k@k5o% ze5ucrve3JMWS|p%+S>r8g!XMirL?!EZ=ZQSdq>)eeAzmw81$1huxN3^r#WmMtoNOg zKUzi zr5(_LHzto!jq8)^mG>BnBrjteby>V|Da^JRI#dail)KusFNagXM?zlnE(5ryjrTtL zV5Em>LUsWUR^1`)J^-}j$%fNZU7(3ecIUx(n~3lz)1rFQUnPk<&7onaq5;`!UH-GF z3%YXZSR7@)Wj&rAD@hoPJ(^k1@7GI!s!8`jyMc)_baOl8tycMOML)8!y0BxShm|Z< zB=tX2pJI|DrOO%pR~5*~sM&vJ8DSFMighhAnLjectkX4b;94)Ne3%Q-jO8WHL($!% zik9oJnVG69uVXRjY4m7+a!P3CwDC`@J2)A{qXa zC91ERq`rM^GW9K5q~;C4K&d||jy_rG$@aRV7Vq)a$7bzMGo+%OQ+YZ)`t2X9In4s) z7A3z=zd{x;>WS{Wf2M*AmCCOi4Go8c5ufoI27)y7d0E6c0FWerw&n)#(bBz<&0DxZ zGw#Ai`ir=^*_$juUSj#JVy^!dja<8C3-fLBeKS~L*5eZpRFXG(-zK~=@aOb0(z5|+ z0IIdBGy?xNI#)1vqo&dr8Ff6 zxqkU1iQqHkihL`2OmLPfRBpsqG#JH8J~m8~&MD4~>a8VU%LVxa6_uY;8vilOT{eE{ zSNjn>GR4)xH{rae`nq=VHJO@usp5v^260kYTyE1gfcBWMQ+nF^mOB>~Wz@u$uZAr- zi@l4-9rzxF>7l6@^OVf3$WQ#kIhq2YW=4^lH9V&u^$G^U-3s1wD=`njSU^As52Q+dGa{v^#y+4*)OR+EyYiK*{UePvHr)t zJoqEBe*@%F(zMoGhe^}R`!v~0q`dTpWJ}NY`0~BG1dI6b#jw?hQZ<{HuYz1NQgSl1 zK8)p%HcWx7du@fq#%|!@L+xicWGn_x75PRP2k*?m9KjPk^Ew7KPE&*Rl$N9p_WIjj zlo2$kw6Ao;PwwRyzR@sw`k%j^5bUd2cQ6G$Wiq2C8)*15s`J+Up!sRSP(-qJ+n$h> z!U5Ol8^GtKBQ}f;1D8yGjC{>;tm`qT)Cc zJIkIyEZ$a0i-KvU2woRGVx5=hj;UK6GaArCuonPy!UR`2+opZOc@Dp3&aq_&8rVoR~)HWkw~kqKm&e zY$t;sqHn(Odlc1vR+&!FW2^6STjmi{aOazyiQi8K>v?c!M|IrzuuxN+rt(6GKVI&3jK{ph#o_pJn)^AZO5p zsmqGDeZP@MvO+6Z4Ept{l{tews25aS39{tjY`p>K|CzFJ?Hi}0RrkBZsrlk6n(m@- zPqAPsupXZRy@&klNaw9_T1rlyU5;q#G~5hpyj_97 zr%0x-xnRL`YMzp4`R3X9arZH#pH0c4p^qnCwWpp3^FxVhI!i!c-z|8k*%=Kj`l2IS)YeAxiw1St@D=PJ>g4N$pS2pu2KPrx96`rn_Bt5@r-7l%=~cx zfb#wl9zcE__r0Z|>14rQ7?P}q?F!6T95~##bX+}FWB;}fZtyt29E6Acbs(=f&3ql{ z=M~=UGP_;hJbk)OM3qYf(?j%>Xej#TOwpf{RjWOtHo4@os=omsj?d9E;LMl$Iv-FQ zjy2c_(chuy^=Pw>JgH(b`JjF~+7q(nz@;*my@Hcs7xS+ZFJP&~FRO>X#4rWcE})mq z)#w|f#x^gaHGXV3c5YSU+upR!4A1@q_su^&M}ztvmcnp@7xqsZKY0+Jm*gP;Bg{$P zpd3k)XG34|jVyB=_6!?t1STM(q1(x zjagVjfo{3ok7<0V=-IGY{0a>eX?g^8~qZ*PGRTf&0gC1f9cLia%sWwzfT2*lPlCk43_ zxZL$B`s0J_>}(H)&4{cmG892k@8+UF z-FvN{rZ`s#IEOzmdJ2?obRgdAJni5eVZdb_a>O@`7;h%^<(tnGjh?N=1lro*C zUT}C=-5H;!JE_wlQ}(G;Vyfc0mZ(LV>)NNy=v!@2mE4RWy(`;5ei^Sr*@ zPx^lDP1l`9FP9_k;ug{%*)NJPXf(fup1qLwE_ELQ7)n~2m$kzj}67!2Mn zY2ub)91Gqq%x!Qd@MFaZ`&-b~rld*MfU?}m(Nx$w5A+r<{PDm#+ivAZt18R8wO*$u zyzdqil!$;RK-bSdvqkaz<#0!@4`CpyY{q;}$uttUsb(}abjUE0SX8dxWOO|6ez<(V ze&YuGo8+eW)5bZa7r;hLsm-3<4ZwsX)(t?hD<3Zq^s{nt=`ib}&6|^QhfjM7ya$S* z!3zos3iH0jB+4I8i)~MwwN+>@m+XPo#kL>i|GN@{-7}-8PYjWK>YIDb%qgqkVKu7` z*4BIUO|QQ0VeZCca57KdF?K92rBs3+Dms1vsoX9PP*0w@RgtUBx=EZ_H{)fNt6JQP z*Uak`1&MKieV4Uy>gcY)p#*+_T+S{S$ z-rNu?Z4{XDtDpWB1q?<`AAmi-GMOp7O*rc)qf*&N~4oy4?x@eJr^eqgJ62KF!-vcKvhO`w``=)?=q_XP$Qh_RII(XzZX@O39=3XXM}T`!HJCM z0@ro_mu6J#P?%ybdhN9*d{ke2&e@386IIG`)X=>F#N}7o>c509wQqZ|TldVQSw7Tp zA@7~|W;S}Ojg(mO_7*?zY#q+JtD{h?8<(*O^UQGG69K*}a#KLc9V)tlfr7$4RXCEc z$~ttq+V}mkx7m!N7eZdG&a9Y+jyHgU)QHGCN{lJ_Wb%xX^nS*SALVGvllRkE ziKBC(l8?I7;8?oE;Z$gx!SnCG;lMbPDGx64~tVJ>IumF{Jc|{90Cs|(M~RpPI0Qg zd!G%KPjE8yS9J?$%qdT(f%}6BMN2mWXMU-x zS~04n>`Q_lSBv<3-ehpkm|V&nIvJ)JtjUzDgW*m7C3QOE_9TSzpu68y{>{Ye&xR$F zi>a5Dr3vZ4*9U0?uz+C&n8!-^QC}wQH!@)ve7m5!7W>y{r61} zr8%riw+eweX-tYlUsBtq@sJ;GqJ#+G^ zEx)$M8Fz<5Q{=tl`3&XUZ>*EtsM2s}Wmh0rP)`XHmKe*(j7x}7kYyC3sn|zy{K$ia z#fLO)2mO5*#C*!{p%B2I0k4hV2OF~haxDLP(59CoQHy@P5YS6ydg0jD)>{Sn9wmb3 zVQbOCITq-^UZD+?e6Te7inSl9#FH$7zh0f?GKp^11H@}-HnUSpt%qMJL%4(Z4X-a< zh38x1SRwmVPuUnXMf7Z?>-k=h0a?5vOCX9r6BA9iJ-=2nTD=V@k4pcrGZDLZpSj8M zbD8?nh{6ONJyggeX|AA!oqzJMW(eU0%`HGW_NT4*LC4c@okr(Y=iTN>JXv#C5!u+J;4$h{Z zf>zb5FhIxcF{{-Ild)WZkWKCNqkGn5qa_E|PT8_pKaV*jd! z1sI9zkdj+cCPQi`($$v~X_^till<3yP2$9)87~LsQ7=VzML7!9XvMc>P*txPX#;!@ zPY=rpb>i5}%&DTiz8G%{@r8_1sMn?e>$}ubdr5jJJX1es!sB`V!!p>XnzGa2lCvW1 zibZ2F@j!fIIv%0n)@Nqds0lIYIv`U3$Q!Sa?(C;gw!ptZ4UXuaw-&?SErFFI@-;qn zT`7<;5?zJ_Eg1e!t2=GKgL8JB{JK*#gB3b=dIxuNL!i_z!qi%lUAhr}zKBn1fM~;x zvXb_&yz3jf7_7~vrS|=qeAKI*hgm zY~*lV3KV7wI<XGMP&+=b z!?Mnk92xRQXo^n>&!p=sZvfim( zifXLdYLB9=8WBP58N}YZR*RrjC1y}Hs&?(xe7?W`|J8F{zvtC?bIzO3b?(o7-)CHR ztIUkepBKhP>H>V|-~O$4^1%9-%71Q zVPSW4nsL^qbiagA;04ouyASy|XehR!bl$yKj^n=W_Mz!giFrin$I=eZ&Bsax?|3D_ zid^W0AQ&>kJf|E}wpZINo|C$^&F^`-WQ`8I-ft1CftUNWiPY$tynuJ7iS(TjB9m0P zw3^ovmdjll6ZNk|cPIpWc6` z{>RHy1FR8ZS)Bz-5%LbKCQt`^6uvwZXmwuiMxcGZ-bxpo8btNto$0xBm;wzVpr73r z@>`gfreB^!wpUg@+|6G}-TFuW3o+Z@fp{|+MX)dnv#2Z^;BRS(zbr5O0> zrYfs?6)4U#6)YhNXjCD+fYa_MrC?&GN!T8R(staJmV}Xz)HIG}F1YFLL%<=g>o1^B zh|xvRRN2#-eQA~@*Eel4A0Ny$muRL?!QSl4ez8oYF;ert+|{ z5Q$H89ldhzse#IN83SCJ9h1A=2HDqDFHi9_ziJxN2EIWU+5FBq`t5W~(|)HW^Y{1i zyx&W}s>)ZUEAwfc3BC~TENitPb`I#T0)tm;B-7qGSIwA@Qj3A$H)3VJ=2hE=VM0a3 zJ<)WC7^KYrcT%m@wag?)?(;{z`*UEW=jPJruU4iBnNj54z*NZ%K(u}8t%^RoP?8VU zM^=_h38m5#y}P;bykyRldZv0+Iv%@eruw8T%izAfKVD!6{4gGtmVj2-AUnyou-!Ir z@f2i98#2Rv%05AJxnll#P-}<*80+#=;OQu;kq9~VCMEf&;#;R$59U)eDvc|p;!UWt zSxiOoUwLBwCk4CQ8v^np8519$676Xf(Ypb7{q{l1C~Yfi)wI&ENj)az4wERZDz4L| zxZNR{+;-vT3GLi~K4R$*O$#$~rHk5EeHMMl;b6&wb+w=-XG;05a!8=zA}(1^wi`dx zpDB(YYsQ7z6dR@gepuy{x=)^;%m+j;gn{|V+V#qisn5{B{V81MioBbE_L#;+7EZSOwypipzZ(>2o^fkkAMH9cn&WA5A+ z^znjd=H$WT)BpcVGHI*xBAOdO=haF{{r;b_v~)a35R4R%-Djm#X=yKGNmG_G2fsxv zc_1~>m@gEd|N^^x~O*AhZ0Gx zZ1@hrI%t~hw}ct8i((OZL5Q=W)^_Un3tleL`EsEzixmWf3iI4XZcHBey)O$BJ*Rs{ zcJf=Aw0@OukpNm&i#DXn)5X9R<){{{~X#V z{aJ>Dk&Q8l(2JDUcpw9Z)3NtPy;!|*&c)%xPQNYcD5;9UD-tVelbi;W=k}?#1Ge7E zG&^p-=jKVn6k`TS79BxMJMlE6N&Ta>{_xZ!Mt()Yhe>ycXuy>n5bEh6)@+WQu3$3O z6fJtkD-vS2?+i#Qzf2qAUyG?7Ihs}_R17VAJjn>zb@)237J8VlN_GEiZz$7%s^yvEM6C zW7o-*)WS8LI#zZ4^-PezbodxZqidB~e^^EC+00$%oUQycTS74FJHuQyH+>k(GQ%aS ze1t$bjBkR#Jb4;5_%Z8k^cgKdnE4{<7q0HhedXx2mE&l< zeG0}u%<8RqbfVrcU`{L_VKqjSyxuD-QX7e`(VxILRrx7Y&*pmBJ<5$Yw94C=VGIvo@tGL7(R`L(_iW0Sgb>ZxgbmKXWmiJQ zgG8O<{pUn~U1`Cc>9UVr`svd&?c@sV3P@QV3j3-xCjr^viQJew_D6;H6c^-dsruha9+<;zndZ`I{SfQL-!&3P8>#-c0P%;iE z<*9(pR+*g(;{$jLPg!Z=I`IijVoC}TDRNkJr&ux=G9d`8Cu@qyDYi#dCWoHmPTz4DJ(v`j&Hb20}GCwhRZ}bj;SO2Sp zA@0hXM57v7NQO5>u}@Xm%Uk)wTIv51aZTCL&dSWnWo*K?QkZZgikL7QEm(^@{cmK> z-C3T5pL>h*!rWe`MXB5`A0jlnH|rw~6P10Vidr#14yYQN4u?HNj%_SlGdFzC>FY`R z4nCd!=j@SntbQh2#K3BAfSR{{baavNurLP;7A=m>@iQpyZ0=EbZ9D&u=o?^-vz`E9 zn@nf!xI<1YErw4C`O^p#EKVH#Nb0?(RZs1#RQsJx=6US1AJK1{EUVN`iP3RP93Bmu zP^htJ2`FVoI`(c#C4FVXW9FqdFO`nlAn9-I7|JvF^xV)}(QtWwx|Wn^RMH>i&zA{L z&lfK|7l{?6;~sQ!!UbWp@5*QFj5H?WBlY58u#oi$>cLlkSMKIM4t|IoOy2TDWre;G zGD z@Hv*k82rH(VnSP=>j8Tbi3RwiF_2KyC-qT;h5h+w^d9K^*@REatY`t-!jTFt0*hJb z2xRkvBAFVP!gWgWyE~folK4#c2I#N_qk`_dLPFI2s=WdYw-j?B|Jyf4zzL@qLiEkY z{I^5ho5i~B#pIVP(Xo}a{fOf0tY6jA{6R|}s#zl;F7P3N zvCvpp9C8}WDJ58yCWtE^FG@j8VDdCF4X8nfa04oG*4#6Pg%G)Rf`xb`A>yq4j@ew? zAKjpq5{Z&~jK!$1&lIR|6^_?Y)3G;z7y7HpKk9b3ICx}DD`)}?A5OHa{xNc2ejSZ1 zxB+Z!b7_j|C+#B7*kTO=;Hx5OY4>qWHCbjAun@2^{%im{;DAdhdYoT@VQIq6 z_!MBBu^`+Fa%QH;VAgsianD2sSI_LyOv{&B)h4@z!`>5byunzeH$Y{ut`(+6mOSc{ zGW9f`XggDPMpt-!uU3*zO{eXdJbLn{if^9H2F779w|geNZ98?do>%)i@Kb)q5hAx3lrI_7>v)@=AIU3PT!H4YmHX1_V;|nIk8Z zzBGE2E40I#U(^n?;F>nfdRC>W!Dqmh`y~Bap~?O$Ke$^*3+KpAv)k_zwVB)fwnwbR zj5$_iav!*KuOJXVuYeL*upq4Qlk5swCl%Y&1J5qw3%P@}VG2&z0S)Li`N>aQ4aUb) ztJ2a_c&Spe3JD01wF>_TY~9K>)Bk8)ixBjuuAdiYyXN@f*S%f&;twqk%LFM#4jszq zofzPPqZ}*rXI{Nw`)IYHAWV z{EDN41VLO-q4g-V_^<$X&g=1S)x7O#>{Bv1F&WNKRE&;j=YWGu!r^chhBsKlCmeY{YB~cpwBFhAyMM!au*_63e$eC?LEf!m|-pGn{w> z+$YY4)>ZMn7F&O+Kh0o4<37lU59NmC(z?FHYgeo0PP202dnCsLt&BT@@U@nsm|8Y) zujG}QBE0mCi!AyE@TT^n|3?aN96MH}AW<&F=D=|s)m#!8^Kq|ShNhhYlyeF6-Ow%b zP+m0_B>a}XU_p3o@DMT~XY6MnNXtAFZa&a_c#4+uK8p3b#bM4)J5YJRp@v8c0u16U2@l=!7T3C#tH$PnGTtzg#hcY1}*VAYQFjB#_A(Y{iT zZvC0hc`E5yN7Z)Ra;4nE`S>XK&bK>rX-DU%dWw%Zr-wXhV)Y;k@mo^UFIjM=iC#MQv}_)#4I4U48#X zt}w>j&V%rCuHwJ#Vy?5R*bUaq%(XjL9vD5*B)AnM$X}K&p@=*kvFo71J=pddFg10l zRJrEV3g04gD*D5D;;w4N#IKh7j1s6#OA^pOIrT^*{xj~-g#Dh@FzxlWa<5+t{xoO@ z6KiAt4d6;l8Ym|k#qi2~bq7%uG@NWRwH*)t?)9Y2)t{!R=%7L?-3+U3csP*;^o|jc z1)A{bp!a#a0B==Rby!R-7?d%V5ov% zPLJAsB6HE#9o`RpxnN;HZwQnhBEn=Bc=C;bnj17BA zOO$Wf)XX4SfhtQJztZnpbr`6VaOTCou@7*QKk{p>8ZkA-7vds}KD^Ttq|31Kz}#cm z$PvWpQWq{XFYX`fERK%-+sJZTTWQFeN*#el zl;SxE4dS1}(@53!^^G2(&&aQglTSL9hsHyUc%c0GHFK#s|#$sU?vum&L(bbx}DI(S%9o6Z&)jp+PHm0KJq zd^$}VeH@S~ID*Om^C@Clwg{NQ23Xr;;cLFh=u*?@M}=jhWdw>Vt3(OcTG&T1br)Ru zZS9p91&&xB8oE%}_$voXw)HczvIo`GqwQq_!L!wSpzUBq&_|gko8JarV5;?eU&kBM z=<4$LA?QgcDfKS|TE6X5ESi>m>TrF;&+4IJ#*pTd(vf z{9Q!(Cu6m*XTAC`W#>v?jsn6DqF1v)=ajDreA`bnMrzG^0+ zz7QH>O7dvelEAvWnt=%k8?YO|+}As_9ebJI`C-U(hodE%yjpUmNLPLv5=BnIbn$jfa@xDfcr!TJ^V=eO;wSG4mA}Em zk-LTk)Lv4j)&hlJ)-88PgIV|4-`EEF8ysbtwYxk5em>92E!PbY%Jr12Wxi!}53O!A zZzE{9F8uo>?tS-Wwn;S&%DIg}Og+~`c|umAihP-$n<*I`?FA4vQ`|NWb}p;+{K&g_ zc7SBi!!-)&aWj)zBZZs`s#a?pT(>!eEzLeR?&&3kVCLy==|3x7Xu78qfP49hJnL}C(Q${Taa8Xj2CRUkL*4=?Vla?u1z1>4EBJkxMk0Jos?I^U-TW}!2pJB1duj#IW z-CF-7o?Yo{#q^v;hu!fuwiR3GU~{#6iyd#y0brgE2a)EnJ?3rv-6L$<|BM;u9#-8>&bW;w+bh06Mqrh? zWjvQ!O>upiRwv$qDWW7LEf!9<9}O`@lEA3e$H7{fYg@}x+*={`NMa)eGt4~>*Q$sh zm*jQ)XIOlhWbbkz+~vq6{dzCAyLR^8o!B6q)F;*wAG@UL((o@x&9-UHfQ3p0?ErbnO6a%B0 zy|W94!5q4HpP<$}p&`QAkKox3so^#nqzq?o8BrsV#tGf@kOPsAw4}_ixW013m|-w| zwcmw--2UD?V@W$Tf}lq+ohTI_RpZ_pz>gfmvwgI3riZMCI6qd18TRsv%9T16-TKMAjO7>QW z^DoK0cE5Hiu5qwh5QQViS>A7biqOKn&)xZWd&Ch@5_V zo9O@enp6JxYi?gri-a~v-creNr;g#|c6i9pYn)Ta^tTjk*M_f?TDH}M%hCIneX%KknDh=4_MjKdPDV+7@SHuGY?a=Jbo;MJJ*F95nkf)^-~kp z;{?kNcht+m2jhh4np(!YZ3UW1@H}g)1;Nu1O>WF*$UwR>t@yR!nfvuwsN(?IBuM&n zGlc)`7)!%=#JbgzkA`u!t+W(g z6f65sUX_fRI|rh90|;{>GK4)gao=$b6MCnLm4xMGIQ3^dAYJf3&R~izT0xMGAkaA} zC?I8mYxP}M!|AzFh*dY!x379eP(E9X@)M$1kjs-x_J?^t+n3O=$cD z0y0&R+V{c8u|{K$ds7_QLc?coEd;~P)R4Z?UAOAchi~Qt(1WQq zb&jTeN9BnfQpor}jk|9BK!=56nlMX@3laDMHX6hV2A!r}BpTh1-DLmllV+6ZPH>ZI zy~dP0venqh<6*k4#{=Nhyqc>#;nGO~zrd-cNyoHXJ83UJC!Kxd&?*VjONJm<>ddGh zWYO|+T;541FQ0ywalQ{<#VBkwn)rWU7>bV1Wlg{OgMCQUE3C8j%aA-z9%B1_+oES@ zn#Lz17>|&Ce2IVZrk8}?TW=@{aHWwB9mc~$9Y01C>p#wfxt~v9RCUX`p~{qpQ#G2} zlGYv_@2Pkh7u7Wi$*3)btVp&SUX`Eay;*kCoZ8{cZLJb=p4}ai*zK$oN9_o4iZ4ex zwM9k3QDuybW~s3p=mf_G>3g%bwP{_9ZeEuDBdSF@KqB4e4R({CO@*RuL9tlZWrXgU zvL25>f68uR!qg9>&GC?!*$bhv$th!Xt{5O;h!u`*`4Y>7k|<4jq-~ayP=FL8>^}Hu z_kEN=tDoU0agWZ#=>S<^mPXpl%u!wpipHSnRmh$)DZoaGZJXnnca3YZnngVZpXKVt zzoSVN5rz7bxc>b^!IRXjX4mQws83^>ZHlv=Nu;;(gd|G*fj^}d|2P01@bMsz%^{Ut zSE*F8cQvT)c<*kyf?w>Q7>1V01M_iMEgCl-6bUW$-veDx2|7gC(CD{}^V79jbDMhP z32l1*6R(f^(j;oI7v%>+NS*^cjbdo1F1JTW5nZ;p6xHO`Nt`o|_IWWo_)gu9bBO~h znD8cuBLJrR&t(@U<;pcseFIpb+f(`u69&5vnsyF92^<$M^Y#blbUDH&pC$-?G`SQb0abcg8k zjDb429443Ib5&l8KN1<2(sY?j(i4UFc00Jqi7_8o6ZiATM2MP(pBk>l&x5LRq%<%~ zS~PoT-7Q*26zRtiDxfbjSlV>l3x`;01Qp{+$(%ueRJ01)pC!?@3Xj|=c6kfc z^<$`Z5dz$`ZB$TUxpMJVBu^ELN$b$rpyGIY6wUAh$~3AEp~hrnuk~3#Aa-Cz7z2^) z`1RU9m6lv`fnO%iOr7yD3zP!sHhNUexQx);lux%AcVygosL zYl;Ki8%}PJrvGAX9d~8}O$XCqyr|ANJM#>nB$8&Nx z3NC9y%~DlkX`0zvjik~BOeW;i#TOvS_g1zm)o7q=sF;WxL3{g$UE-hhL`v1M+9sQ) zk78xIv#lZ_pyZS78^Bkb^!w*FftB8yGR@6=wc?%~EQj~u@L>ql@G&(ND_vE>>It`! zn>I20y=zjhhPlB{tr&J_=)fD+u5?TlMGg+i#h5b6J$d0;*Ld23K6X3(Cp`=IAo3Y` z@@C(@@OQayvGSeD2p|i@0BPQxsr8Qe1B>C0Z<%^5_BD8%C$Nxh1>rEKq?U0uLTZ5I z_x7P(tMOjJtnx|5LPHKZJst8onK)6Hh0*kU1Zfm)-a1@uhtKQ9(_Zo`V5a zmsUf+5<8K8`TS$M@{fxPwEh9> zA6Ym8wq)Zo_!tFx(!fG6_&t=NR5U!FO(`(({-)cr%?lSj+dk8ziM`-#r1e_}jlLWW z+j#&13QG8?_idCr`Eg$2^L@LF5yAV8?Bgy!?uwZ+C3y&QSiUHPQ64g3d1beYYGnuW zWmdxOIaPbK5XlUD^ut#y&Py{b)+Q?q1@bLa_%QizxBC^77SH6R ziIoZZKFcO4*oiF$`S$UUABTWkDB1cZW#)q8iSH-p-(IPi?OKNFjGKCmV05oz^W)=u zl!t2B%{!hJ$jrPn`x2aMLwKMZz3PqYdno)?c36(uFlf;5m3(h!&fdIPZaB_K!LAgR zZ**2N>8jtt|M_M7JGc!L903m1mbj%8#MT%{I~nUaGZ&orSwZH`2mU@7b*F@I>;`l7tHWuaay03f4P()k}8DKJ`BbrkP>l zr?*bM;kog2ylcK5itpBB4~BkPt{Bb==K9jVksGvm$ov`p45RzR5;DqwVY-BcZ}Hsz zi(jMOzZJ3Rvsm=>{!e#fxA#WLd-B_F#URT6JQ|v0sN^`ydS*HO=2Kv$#w%|zS$?{A z`o1-@VOkPy08Ww8F-o@L9*dnVU(1@!I)0h1#+J6Nv!!_lO)QTv%~O(=R8kmlZ}Hqc zAOwF~yc(~o-Z&l6u+uVhZskAFWSQjSOK+gji|@aMV4;~B<-quOM^%Q&?w-7UzMG>r z@=iYhYZ83F_M>UI3Iy&2HE)sdO7j{~H^ejg_*Q*t?Xkq zHq?cY4S<5^z#MQ&+dD~deSKq$C_%X8%pKgZZQHhO+qz@hwr$(CZQHi(*?HK_W_Ppc zRHahsoc_9gbgI$^Q!nAP-5Nb*{~D`d=mBL3C@jytw>JK=CJC#P2`(u*u<*Ie6kj{~ z$a8$SR}m$r{U-8`jHr{A7-8XGQsv#3-)4ldFi*7N&M$qAZD zE6clNoSdW1c|1(g#vTU5XwMlvsR%82UJe8Qk?*7&g$mo{^{;(;UQvx`4lZeS zoIx+rAkp^n$iz26@a`~j`X}H`mO1wL=n?WXl7eG_7Slz(-&)Z&oGfP6t%FdUWDO7q zbW!f1&#u7x!3|-c;Q&K5F*WVdWCnwIx^51ae&-_(Lr-;x?kPV_d^>%b!jZXm4FKz= zz<4q?GCaI~saNC#TUJm;t&b1u`E&&lC<~V|?<9Vz$-qTsT6_KZF(HE&{F*yv2VkZr z@mRcH%Xr-83+N3Y?{Rw)!jdgx6td^}lKq3_!nw*63zVboy7xt&&LK_L2?8J&FVyYn z!kQ+v16dJgV=n7joHIVmjiRD6*VD*=`%I3Ugh-g$oXI+=dj#R-yDoq3eSgmBQCvq# zAW=;q*1%ugX);hA+o2(`KDt5j-QuheXNHH` zIL1aRmYUSLyOp4qiI53SDbl{&Z*?s%#|`?GTW z?47|tZxf+IuQ|3K)K98W^6#3c)wb7R7U2zsdSM;Y!x6zjEP&r*Q!WS?tBABer*Og< ztjL7W!X!55kiwnoC40zVn~?TdrP`H>?cus1c@%^?*FBj-PmIfaRoK}_R)8+6%fymj zRqODZoyAq-wF04R;pHnBVe`=ugM4JvLx k5La?jo0WXUyvcv$tw_a?Pq}`6(}- ztS;(aRH~^-ov*km(uiLTd+{^y8&nTqK{RLf-BsyaQ?iZ|9Ju6^I)gU5&H~bI| zJnt2i*k{?1IX0KKGGN=`lbbrf<8uB6$haQ&o!spSWx_!sDwuc9B#%DCNNTmQwZN*f8$N>IwaVmjknac}8R28) z@2|^MpP*0@3ks~hz|+o!F7;h=j;z#H&kw;Sg9&Bt{mj7aitL^XEPub?lC{{q_AwU9T3^mXjPO z<#@=7%$Ho$CZ>lzo@sp)p7dp6t}UMLMRBs6b`bTjdP!i#g@)*%qmtof5f)0}5}o8m zH{_W+mm_mmjX)}%oh&YGO#KxX9#D2;_sB^PB_EQnkCSkO0NSK1SvF2GAF5Oj^n zR+{%FY?a+Ak@p$>wNp975 z-BsfM%9?*xx^YOmnV#4TikT;AsSD$;PD;aFc~}crdE{e$v`CIy1@E*i8pxLj1(pNv zX8nKOtrms6j1Vr(;6UVxMjj6*t<7|IHq5%OQJW@H^jV8{GrJLEkqCPOO1Q46FLb38 zaAOM8_3HdDRL)J_CB_n5_{j5+Yvtzob8A&cgp%t(Sd&#(_}mIQF4`OwUC#yaVa<A051R`U_9(7%=QWT3M@pR|KExTy#AV9QjI@R`e)y zRC7cWM4XjYS98Rv=r{_G-Z+o18scW;c?_ld>O7q88;1j_eYu$5t6ug%k0ZWt;37Q0 z>6W+@tk$Kv#a=Ut$}@kv3W>k< znXk+8V^pYy>~zbuK9UHogAl&0qe}`2+`=j2$BNa()>CYojygXj(mmwwXaDU%l_i~D zhh|lLHI-ie0_CFx%|k7lk`Q&nm#Zqj74)UaM&9ZAbz)Pm*}czQ-muK`q_y*X1BV5v zDFOeaVp1^WuSD?rLbZN*BN@w|%)$gjULd93vqnG_TUbnuDe#H%qH9 zd9KqW-uZ-%-9#FcJOur0zjJPbC5NxnM&>Twnsc>~T3C%BH8sxBY?%%B`1#k0{^6GZ z%ZicxJOPONJ+!>cQe#&MsqNKo93J?QO)j>R{L)Z+PbC|nlw z!wRbenGp;6x|D;Ky|}=u-Q1Yt`eL8s&c6KU}K!`;BV%$c=v8-Y6x z`I_pN23;XBZZsAAHd!yj)cM2I#tOo9;jy3Cgri#_(OR5L;j9KF!JS7s?=_^Pj>k^!4b;A( zlaHB@uyiO#@p@jQIhL+Qy!8#D-?&aoPGtyjCcZmZ@BuoLC`{tHbB+j(Ao4Oc{dbe? zR$Q2zBhsC@@)*=!Nd-A`t@R_?sVepys?L|~X~GH>E75R5iA2?NlzlX_ZI9px-23&m zlg!F_XqFzVJK9c6Fm|;Cnu4&IdnjhD8o6HB?T9c8fIRu21zT)vKIJ9J_o}oc7%ckn zXN=(O#fPqGJ1(AKy1aoL1q2Xh2kOFVp3hd(P=?AkrKGGR%2xmrPiP(>jBuphK8=?UcQ44f{aYtPrts*E8z+X~eZ5}|y(n|Qoi zj+l=hw6uDujcyS)QZv7o&84lM)9^u)S9A!*&m{a>{FfK9kS>_PWG}=tkz)l}oGXRi zi<984zZAyIzUIb*>>o%4hdWG#0$m+bs~UtGFU@Y;?nwO*p=g_dsg!eFkg`FmK=>Zu z)b7GNmOC>h>1m#w?oBf9=$ytqZ5s29=Ueks8I zOjNN|uAG+AAEcA3eCG46NXGg}$^X-D8VAA8f1x`q^7bssa zl>2VN?d#JY8cfD+i7ODOx=qTwB`E71!czcO*L_D)@D#i*ri?|gO^SFFx94bJmQ=0-ih10Gm?ZM)b!0Y$|D#_mZ} z<^(E}&+QdK)8Dok2m3V4xMZICK60)<>^#S^u*z!z?JEnQkH-h6`^Y&#g+G1144Q~E zZ`!Xrsdq&ZZ#*`CPHQ+?E@_y~R@o3l4qeoCWA{Smrj0JIMFu2REN_^fPY&#Lkhs*d z6R4{A%QfBLiFAG3u+2~$AYQ1G<>ziMS7FDfa0%L;{QBM7{jEVR#z>m#L8tfl@HxtWCw~TkCF-evp7jKpgZEC zS1qk^ZE*qwV&00(0Bwo*M2UbREbWXXzErcp+63e99b<-}2pY+Rwq7Ys;>X?7$xGWf z!*&nQ>HpVjLbLeN2xoW8W(PO2s5+J7US$svPK@B-y}KvEY-|BlCU}h-f;h|tFaOI2 zV~MKiJ!X5}h3qdRLqjB$t1Nc;&K{NBZp;cyJ7e$Mb*hZ6;@Q4i@<|5I*U3kA=c+q7 zdua&dZ=K-HuW$chR;CtI|;^^!(AJ>e&tO3$1m=8OEE!Z~_%kQ@LA z1KGinLsY4E3gG<_XaA(G4!J8tKDP)rHnEO^qGDgfpl6nIYW$&&}@*ZT<)la%!9gDZd79S&I;7%=77jRD-=u}++S96w9Ix?Iqy#~ ze(#M&Db6*A@791#BereXj?&p-%$W&FR-wc%=kB*DnM<)otzzI033!x}^8M^n2kq04 zm65SQpEw`;d>tJ{i)3MrjBbu_10lQWIwWBWpk<}{a35PsFWzGx6BR;FYWF_Uj8aWs zY@r_y^rt<~??zm(o+21vjMwR_0H^EqvuzXD*6otmx!;X}GS>z}aKRYkA%J;B4Lzpv zNQ|R@Fl{W)05mM85NoLi%e(!yQ4cZp`6~@@hTiu?jLM`cI4?Mt?sUoyO$$#2#JZ}h zpYN%J@b=#abnc^HYd+UiAZURfDEK;Ad5QD_YJo^)h=rMZNXII*g257NS%gkHwJFSA zacb2-{a?}PqCZuGoI_$t*se$6uVd+JbMaV6jz|8~A!fqf0wkobzlR_t{2xiFPP@weg)=(IlB7Abi?O;8ozqkx ztg#95kFr4Q&cx=QJVVzYf!az0798D?WUbo(!>eC78(bd#M1(a&qC3abRmHt>Jd@Z}_&ms5-pPGp zk{=KX>V@oq9*B3I7%_x}=NYvg}ib>YrpHAWI@_kzWY}1$cWf|GY%S6tRkSW#5^}s&G zLK1ttztCBC2zenYR>UkBblRcjTj?9()KmMo4d9fxz1(j`Nt8pTDe2h0pyd+j;kqx+ zR;G_0@QZhrbsQ0h;fzP@54H|4X5pdQeu61rfo}J(nBO=v}rg?g@e>a z#pYc!a631KaKMi;+f9$RnRJ)2>{gz}hUWwlfs!EUj6GDk;9m*Dnsl^0HPL;!;(RF_ zG!@o;mXLjZ3&kbkl;ZROOW3FfrBFHWLSaDO35dc4!w#iX-OVg+KE+GCmCki(ry)Bd zL)1Lz^lLu{OWd6P*Bp2ifc(Ja0MPR2xb|eny~BxVsL|{H878NJCUufPIUOW!4y_g>2)!6JvrP zDSviaG-|(PySe9+3lU&XWCVxPJ>+eE?aw!AQ{cWNs;yz{hI++p4?O4jO^#eh(q8>g z%zP*bC$doJW*v-MYAn-0aZC4-&l4GMAV?*bJiy`8rV+P6^EoE{oTWM&zCKz~ZvAvl z|L&MQiOIzFmbWOw`RPGb(Mh+wiO^#t}Gt{o-^55w8mWJIoN zs}gqS-O`;yUB6Vm_y-?^T0lLQU~-!TbQ&e)VXkgyX|V=;6HT8Wgqv*E9Z`VY`7{PU;$J^ zK76zy?Yu!hRa)?f* z#7p@N9CYXe&e&M+5!w67VJuMAF#wp+`6$-sY)n(afD z3bXsJP5rii5pb66uYb~Gz~BVQqeF!z#cnnRuck*D1zwb3((=G)aa_K69C6PJEJLxA zv4Vj0z8K5&=^7FfL*KLyb+|nn9~lAFtN~gyYmn0ykW)Jr&&&bRy909 zXhYEir&-Lk#tO#g)01H3Jef>aQC)|1hh+T@y>j(u%3oli=ttTV$!|u_P2A3{2#HiO|M>!Fx9Eh=t0?FdAE*b%Qjd@ zQkG6)kik762>X2$jVNXM)q&@HresCBxTYev>yT-F&1&e9Pd)3P)IX-J2~OGTjNtf( zkGBiq%`6Bh;~_I+%)thMP;L9f{svpFWO!kOQT<)cj_jBe(hMr>vNbQ3X0+Cr%y>H$ zSh@Om4Vs3#;^m5*eI%6K_i1P&1K;l{uhUoU_5#m&4(d<1~cUtQ%hBG1A`y&Qz z%{<=wdH6=^^EV4|khU46EoFgSa}T__hw^eSQlS~2({7ANrqB$as#bGl_A#eAy!udc zy9c*AWDAs+bdhrY=JNKl`Slzp(*(u9fB^kT+<#fJ^iUDHso26@(MjXJ8T3@7mTK?Q zRIOe98@ypxgw1!G4vFY>Zl>{8dspw{IErMI-=m^+T)yrS#+05}VwxQ5Y9_|c{UhuY zIij2u%yamb?Htj#0WRsrG$=DY_j`5%?=zqgm?Y4mon+y@bb1bX zsh5@aGdxS%%!#TPZjF7+%ZH>`DgJ|#-q@jC0c9tVn7{~e0Cci!0KUM8Rfyb`#gF@& zTpMc*H?lMgVggB}i=)!Tp`j8qi%37Aj3|alD z-M2RL(yQ#|Dh}?WszzSVcX(Slc6Or#A{+OX7rAmWruJ13VB*AJgb# zI+HOwH=C;Zl^9WB(hW}2^h073&exzB;9p}*} ztnVYZ*kkeOx{x_$>6dbwc(@^sDkUFVu`DQaONbKUb41bkU`?6Jxgazky z|5J=3l-+Q7(gy31o>p%2;xhW;(j>R1`YvAhk9e@|d^D$WI6g|lRaZey2E+j4a+J#DGN&R9h%FNBJ=)!I!esXGY@dl} zQ8L=A@)X(OW3-w4zL^)hE7@?8R1OI#WBJgln-v@eupk@K=RIMvyR|Y_>=+-bp2Y09 z8Ba46%Sc9d64LP0?fqpMVZ?+}-2Fx*pT`OMB)$Cjjl-U0-Yy{XHK6Y|ZJEB)ELODl zcO;*-H5Z`UpRCBy0X6<5<}8iG_p(XN)!hL?0GGbNDF05G&&I7^q2djBxLI8lFjb>T zyk@4$XvfQ#L;vM^y`N2b%q|@%pE5Y{K^h2&gnR}sJk1h9{OWUkW4EIFZP_N_AJUPc z1BJ|kMh+?0c8(vO*6svxAEgKFg|~LH);57(;`R|OiAc5t3|^{I38jZ!h7UbeSnDtE zTx!Ffa~1C=z|;^7-a@k8tb$si!;6K|mgT6`n0bwek>f6qEDakp#*+qJ=Ixd!^>Gq@c;%w!ZXqc0vut{}b(^;K0wr$hqyZ^C-ZWr27~ zc$MYY(Hq?4jpa1sE2)X)(MKS3Qb4p1cq);m2uK^@rGk?a$ioP=bDSjA0s`yBOtI`~LpL?2#6E`5w7SOA%tY1A8Ml|I|k&C%iY^?8kM2fp9hzp|IjJ5s~P ze$BHuP2$OCDqspQp|y(J2kb;60dL^6hPtacdg|t5QKhJhj3iN>+r9C1&F)h)ocWRJ!?MelkqVm{w zh)>o4dnGd;5l#VyBAY*HTy=0e>qk>ROD4;&?rM>!j;1g$&?HzUmJK(mT;Sfa7xHjB z)i2Y6P=29iX6=BPFUg6306g|B4;;g`pE%i*hCqV23ur2z>7?*!glxv#s<YX} zs769gw@dd|6~(evYpW$&vZnJ=X)=^iki5Mu))6=R5AjNMpe`_hj!Of~+gG?mV(6-L zzxj0O)OMm+Z(8T?3?w{MInSwSh9LCp@;R^|!;4K_P?<#(C}l-u3#-L?YNu(tw;ruA z$8%3}-ukEdf*Nj-rFTX|W4e76!}nV&Bsa`m<%cfO=s*1-$hW4tlbfU!!vOo<8c) z(DSX*%){R(2@1FEQ)fjl?cI5I?WxRCBo$veY_D@g-FJ+-Pke{^l_%3 z>X=xL#(IWRBeHXbQ~8WR^(BsjxPt_*+!SE$~`Xd zo0C%Jz4H90HJN3dbuR6`h<&#<`aVCalD$TUhZ72hBv*V$1mH_vAOZN@=I5@sBnk+G zjHvu8O9%zbCX<(oidjOF=3L_ohzX}rJ1fyvE9HC^HEhlpNSKzG3D2fmkVO`M$guY7 z34vzK^ZqN+D8S@Qko4qsQ;g+aX~&bTOIkeXnKLI2KABu*?kU&P@smTIXpix_HZto~L26)QIIpcEBY#ps6PsT;Ivn#3LKl*QOcI*@z!Gk7vw>Ay zUv^i3i={22$r(uqHt&Ru1>F__5GhyMo~?*ze}xyETi@letkk-*=WwT=rWGZmdJC?o z+aF!R;S7xFJHdy%99xo5cy>YXWWF-8z0V3k;+wDY9?9t_5&%p5PyI%`jiy9p07alr zst1)=s5<^k6RKPdNnPHg*TFp|kXU^r{$mrhdeK{9->_%1OYG!W^Qp+1X`z$tT2^o} z`{7~%LfU|8AsEJ>tW9l^+O&o_fqX^(AoQH`pM_5^rP2!XuUhN1a1d(#p&C*vZ=AMQ z){XhxMq>#hbItX}tAINDJg^^+Lk-H17HTvB9M?K(XxN8FFHEMO)i715lvpp$zOY5( z4zVGJmg#n9+F&HBtWXzkm&}y<#Ru1li!q@&zcx7F&4xN84Q|rYQ0Cltj6upJ<#1iR z)ijFVQ@|N_g29#qyw@Nma!7RZTvPh{Zyv%nSJr-YkIl%<&jd+P>#R1J@YYFKgOGS0 zTBLuAkhPNdtV`;X9`ugz))vEJeyVhq`phgA*mTlbY z{)QP+cj9XQf%rGxP-BCVxde8!NaH^Aj+YQq7;7HT22kg*|9Q9%RmW;2VijekVt>!dZrNkJbnmWLObJ$S9mtA( zu6@du7VG|L;t47+_4Ep2BVU2lfu%u>v@rr=s5RO6O+u2acPBG_pl$9)Xms=JtV7D^ zs8-v|52dV|6iQL=lURD)=cix=yQrBr_rz9+6nnl8;)Wd0_FqTi&q`ErQR4TLFoe!{ zD(E@?6?C`#^U2?SJBC#jhc(3JQrTT_aB+>L^oxalgr6 zvrgSe7%>`Q4973HkSEE#mT1lopAzoflV7ePH^Xdk(q4hfsehc)dF>Uzm-_#tfc$>l zGR72XC#v3_F1LNC-9RHH$VlKvy4qSukZf1o zwD{+Cbbc;=nSUhWDQ)Na%T)B+PMp<%BxqNh)sPs(lESH#*X!&HGt{cLx~8Dx0q%;) zBwAe6A0J4yf0~4v9_Fl=?eGg39ol{#!tpA?u#b{5LU3Me!sBR#A-k$~$$vp8tV^(F zu%79#39%T^;8CJcM}XgEt-v_Z_nQ*X+2Si^soKgU0zF`YkfIYdVEsh{_-xCBM0!W5 z%>P*+H{Je>}*Y7H}fBG^Z3vE+%= zEZ=yPk3#1*;OU%)Qdo~ox;6cDC8?9!(CzHtG{+x1Vt$Mq<1LhMCZ-0A)Gq0Jfxdvr z>QDpe*$(eEf5%T^F{xjTR2s)WSPmb9!XoNa}C^R`;s)H_ckyK2AzUG0zN3I1= zYDV$VD+38ypr>eVjqPc=csm3|Yd>}vCX|$;5=G#8z#&WU{03c1t#SeRS&t^R!TcVx z^E3DL;7%qYs!0@VB}QLTy*+U?mlwa%5E%k0aKY;WrEQc|>=>2Pg?;C(LT|oD9xNV< zpW3kvZc_Erg9syD|A#)8RWjtSYF?XDbaMgx;rwF>aVZ=Z3!41coB4*?BO<-WnP?OJ z$RFeCs(&wM+8jC8;do2NQcYi5MAVpU(j5(a(hJ8Uz7dvp)h7IDH%AFrV%1J_&@xY0 zF;EIf{^ZhX^iL5B_p%!ZG7UBYK`h9Tc5|{l>Tq1%CNU*?EfAyf8j=sxj6U><8T}I6b z#5roFOgSc}9H}q36=Ep9S4t*L6Rb;6eugbI8_RRimH*`SDJ40LpbN!f@1_QvjGts^ z8@^_DK5%{=HoQJ_&373_lfG5e;isfm8Dc+qEBdNTy}!hY%lD9Hi#r^|ww=g)5$~IV zDgceCiS#~;X(cFDHNVM#`t|=?2FFVA8g^v5uONyCl|D|bbk8_2r}Fn>M}MAuCz#wg z&Yt&w5F2|96H1w81vmWB3C*mrL{P zw-jJ+>E3+`Uk^KT8?WlKRSkRrrs4dE`0PwN2VvuWdVIs$(bcKwKg!^Cr}QUOPiEfJ zI8|e)&B>y|QTGj$F0e@o2Wm9s`)iBgia!0$6wN$0IxgXze%zez-C0^XS@r4FsRScX zsVC^Npck5tj`v6OD#Lc{g34mbP)l`z)2P~c1G49V3ggj2Z>b#LjSr)|Fi`&9_s3Eo zhwjC$N8JR+VxcXj57nZ|c1Wr6x(k0OS1z*YZfsXobqc4?GOFjcq46udk6z2qvJa29 zvNGoL71*vZ-hrL^-FiNwb|CF~24{ZC2?%uqFq=uL@571m*~yG})lq3&6&4Ty$gQ=% z9ypAFs?4r{!17MJM1WudF|A1j_Lc2I)6qx-=CVpHV;wCakHRHj%-%e0JFX?N^WGpP zW8|!JvuJ%VlswC$Dd8DikH!Wh#)FYwG0&gC<`=1c5%_?m_M9aesGNP?na7(| zX4T?eBvb9U!7r^P^&3aPvNIrT6`{}>`Rn{(>3{?cznreV9;$5vqPHD0A}3emHNL$# zIx?-00a#NsrUos&2jTK0|00w5D2=S%6%m1n9~Iw>+zk&q1c!T6O?rBcGPROK}kYDizd{>Z0T0+?uO;y`e`?`9EscLB3={1QzWeM#eo}&;va+ z{CsddxVE;c9%g1F;33HSgbPOUrTa&|q7VTP1vs-0rJVw8dA3^j8pg-GenyxB3jq?y zA1YTjLg~eov=Q8_zMNoC$9}iptf}_T4C+*}iu&oc96;eZ1WX&RA!m1?5E*ORtxbz? ztZGsi0oVt06#SS|A9TJqT2FA}0>wov_c>;8SDPErUXO!9+CiI&`FnJ@;BQx?j3uZz z`l8W%vKrA66O5p+y4QGo^>8 zf!7+(D=?O&j*PQ3@gXM>M>WyJ@=d6sYFd;OBugorq@{-3w7*W4hlEgHA2!rd?~aI* z5(QjK0g)(J$(llqX9q5U+4fCFt#QLy=)3+T0fk$;%`J+POw_MrWrO6*{r=}OUIX5e zpPw=iA1x-p^guGoTfF}C%tLmS(HetR~ty1_(lcJ_y0#0MlYw(rhMdZ#T zzj`+J6OV@USeV(JCoaeC{Of?JEdpnV_&I=~A^OV(A3K|K5;Zd1h&=q#vbLG#S~=#& z?DDHp3T=tK!8CEN|AXXsv`pBGw={WO{5Ha<&;?b+Ghp8zgQsm|^7OAYNfevKK5)?} zln}eO2wJbDCRml}tnhS6hAZUc0<1KENw~v2x6+l-9H{kmC$41&fj=qO3@kI;ZaQ3= zqNagV2nljDCjbD=8Q>B{vDinSgUCh38)j@zj;?{4?E&Q1xOWT)3TNW0ZBfF4m``j}82@WIC9wtpUN0Bnm%#9ok} zZYPQ)Sm$km)L}crFkv~*PRmvX@`>KuoEQei+Sr{I+hC=qMxAp?!T7xJfLEiI7zPv& zH1sx#CWW_!$6Deq{(gpkhA>V;tENIpZPdxHSBn=8eSyHcbL-fo0hBZn3j4SgB(tzO3@p@l+&aK+{FRNX789qn$-MI;rbccb(I zE%S`=4dKv0l{GPGbezwtdc&PhP+#p%z{D%i$u)!3IVy`US&>(442eTmrxZz{_%hMR zas^fS%!<(3E53~7TEOlm7X4t_Blms_Xx^GCDf#906*LbdIqy-56^>hq1-BHLkEjxQ zRO`AVL5o}jd3=cYLdgyX^>MMT<1aym^e`i_B$B1|7YYv!=Auok&IwAP^H5sM*W&Q2 zG4BUzF|jATwt^*{h|Q~0FVoQ_7sAuZ zP3q{L-5a-uwt`0!n7wTCd#+7=W>(MggJ&6-y*&s0Mgy0ky0ruAyt}n#BorOZ#j|7* z=J;T$wl~k#`T1H2{R=QH#kfAF?b{@Krk$F}km8Mj%l33}c|TRlVb4F9aHr)VjyqZ9 z*FZ^(pHh#Ev7HKK9e{-eJySZ!$J=+_5|xjrRmO;Kg`}SzK$=nmMO;QqRYbLn@3pbF zUH&FRy`^55)*{m4)7&2aG<2?G11l^EY?R=((62cv%P9gCAO8Sgt;mk)`EQ|9%R1x` zDI!Wsr(xzIOc&^2d(2W|Vk9&`#v31&Ty%Z>n1!xwY^nya`d-l0tvIdOFSe6F;HM9l zbK&dWoB?BdjlH?peG!&dcE9!iWxilvHJ46NOeWKA?MvWl>vRTsHE|soxI#ZncI=4u zf{HFlYCl7`E4BTMiJpdcZme8cFDR16LR9?+E$sg~Hag1oRien#bou@40*~<%m70~$ zL=gv+l48*rqMr%@*8&AcWRDs~kQOY@5Klg{gxF_eT_>dypo^ycR5y+Z6+8Th!R=A= z^GBfSIU&s*IC?k{nI=Hrx0dYtYkkreQ9(4snb)lZO`>?m{V5WJN?4AuT#$@R*9>uH zqN22VJZo2%0Gn!D$0djT6@l*1@M9Yv1;ehLa3?I+#V)|0r-WIrLGRSG1TCi~6U+ zgt0Hzf$^h_u7MH1W{e}R4Pa5qWq5~;r}WN0O zF&*{NMCdgqpGodzJN<*v>vb9z^&i4{qxR!fWE9kH*ZTGsSm#JfmTBh==ej%X*(0<* z6c%M+MH`6yyGqds_U8#3(_jfUhX!?AAmJPzwPa2QB06M{pSjTaU6>k39tzeoZ%uCB z*B7?IM{lBz^BKcV@t_*M@L4py+ql=@PkCiJn>>FktFSEcB^TT_6&`09Nb9&9bGhp$ ze9jSQ;N(tzOG9lnRo*<^Dj3E41`6C0i?q2v4xZs&laj>a zY`}5cIL!XxRxK$jc}SbEW0KM0zvf&q*cyW^y+5B@@tK{^MZs`(2lcGJNN7?7`BgXW z-knF3Ucn=;<#!P`Bveu|+c*G?dmK`^>U1`0_GdU zV0G0UYX48L|0)mN-cSPO9%3}%6aZl43;+QBe}Vl+d3cWh3yhAAUf0o-#@zPbf5Iw2 zwEh2J0Zc8KZBvjJLN@^bl(zp**l(>r|FcFqI)?upR<2w{`2VUF1oS`N6!`a&{#~^> J_TNPT_#Z=hx;Ov; diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/http2.png deleted file mode 100644 index b4129e73b7ad5a5aa5696e8958a968ba780a6798..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2046 zcmVTpvJ2hXh_2OAun@A8 z8nHo0O)!RFtRexER*f10ne*K9oag-SbDrnSoqHt9vMerO$gMV@ z)woDNs|{#1)F7c{S=b?>lS73hNuHnJLx4ST(=;&*1H&*}WON!NNkW!o6h%Q%6l7U0 zli*9hW;U~3*^VV!SZZfZ+{Uu`Wo$dSjaV#3EEXdgjiM+Dk|fmQqWAgNS}R4PRxktlnGCjo|GU|0r3T4CS&akAMg#bU7>&uR#;mw;)S=iSiv3c9W{F)_jP^fb9#4qeyF zK|L@F1mbKI<`sw-u%zggWxK$Xpi2i$7vJk4UW9@QdY!F_YQoZj82d;PPRAe@f&N*z zIxFm{f@zxMaybfxf@|_nXCDxVo9}~>%i$Zl;PD-mc3pm$Wqp0J1%op%c4_@=D+taJz{?{9tN^=Cf+9y5}1^D18Z`rkz!mxp?C;-2|rgGg~ z`yf5%?t8t%n-2Ae&rcq9w?l>GRi!ZiZaNC<55cd8U}9;*Q)zAq?Cz@=ELXXfO~A*i zjCS@LoUWa`6K`JvQ*lwRUSdu?)w1bQunp2(h2}iKz5{QiVEsLA*+{Rqan62TGAC>j zWvlk?=T+ES8pBEQ&sV`qgQ9-x;b8p^gePF8s}ii*N+6;Xd~CA_c#{+kg6p!Y0nac6-bgeTy&KCntZ5We+_2t+n^4#3M-i#+|IlkR?p zd*EcZsMqrVKNok(Kuq3=YbW8Czj=?BfNel#4jy~KExY$lLBMqrwXwnOrF?Sv@_ zlEK?koZfNkVX=YgpM}+vF#JyKxOEVofPa?^xWU7?UH$$t+wh^O+MS~lZ>3kzFa;!mOB~l73(%nf{SA)CViWLo zsWb~2vAJ1=*xXpaKH!b2>wXcSV?Ba|2GM@|04F5iBc)>FSHQml`aBSBi1vyB^)Lo( z4v^mqd?K96&LQ9ka64kR=Y^YrC&Q~<+$9hPq8{yMf%ygK-3x5MKfP@Lo(CFu4WSx~ z>j6&yr#(u&v=xNsft&E2yaqf1Y^Uj;#_hWVvcM+b^MKbMJsS`|mmgw5vuM98U;#e^ z9tI{oIC$(epc8`w?)S zagl&l8_;Tm3xYQw^12`5KJDA^-w0LTf<5>@2yGO8c6cBh0V>cF&K3Zcgt#`@g#HEK zf>{ERB$bO37X$&4B)JYr)IBmI%Q72hHZnLi$bka~IC}JG`8D%SdW&3=Bosv zlf>h3@t1heks13W#ad%6z09d(XCmSt2`C6P!laMb|mbeecP zP9zd3dx9qcilWfn-AyKwVa19Sba!_%J3H$-XwV6;=Msy>NTpH?3=GiI(^K{W@L2+O zr*t}vq9|lCnew~#od#K!i9{mA<8hM7B*|nFP1DK*)Vv}C;?;6p*O{N6r%)(REEX{g zqodZpjq>3rRYlV@qR}XkNTeJGJP82z(HYY;JIeLFAj@*OI5UAS0pLDl(CGwtof?HY c1Y8LCKbEqKTz(Zi+5i9m07*qoM6N<$f21T#Zq zA*z8g2(du$Q%KwdAuQ;>>oNQArwz-H{O4EzpeQV(s4Oc1NGQ?Eaxyb90l*)ThNAFm zX;y%RiJ6s$iJ6Cqi#tf8|sDN((EBN=ZR5<|R5WBm$%# zACT~<=TY|223Hj}%-`t`1^@);0ZL*Vz!uEo3q*!wK0LS$J&rQ~c>l-qpFQsG{#ow- z?mSUI7LE1nELxzZm4Fc>D6%ltI{#_%4T6z8|vjpfLC&K?!-~iA7$W;4p z0yJO-_3(fSg$M;P1d8k5l>PrN@k;uYG&F1%6chjrp)O|t*bfANZ^(a+ERlf6PJ)C# zrV_|Nr2Atq{?Scczeb-nWc2-4N8)3xPcR_5$)NuwMMHT075zu@kLCZKJO-rfk^Unc z|4RO`4gX9B0LlN0{wwm2GJo;=Bq0L65PFRN%KJV3%l_Z{@v;0-<{#;Ix!>`l>|^>- z*JIs()%lO|zuWb@{G;6O>EGr2{sa5}lKabs$Mj?U|7gR%*Z#lce~47XM$~i2tVfk1YoQ@{rvg2rz@_cua%;o4Wo_?BDjlQrW4`V-6~0`wIuz z^^!skEFeG)707la0Ti0hffq~gf6!A0bl{P+s9+nqDgl7Q8tMsT0(m5e#Q*$M@>tFP zh5ze;|4;V-CglI%@wATvAuxo7Ld2oJe^SLdTxv@0N~Z+aFae$%$krZNXutVr>hGu5 zf3Hz+koEHKJ`iZg|0qN$0FXifLVsaM^35;&N7*lb)FT_pZ#<7_$Q~R*k0%QSZY~J= zyXMDI$YJl7PwX=!^_PFl6@o#(bizUKKl6ztL;Nj&`NT3I_;;Te6!f1q7eex(e_1zi zqJI8@hK-$rlZ%^2^re`%grw9fMI~hwRW)@DLnC7o)3;{k4vtRFF0O9w{_g_QO3uv6&dJToFDR_2tg5c5t*dYN*51+C)!ozEH#R;oIW;{qJGZjBw!ZOW zb8CC&==kLH?EK>L>KX%LGBgYf2nPPqWGHBt$Hrp7z&>M!!xWZ>*SEtWWAR0JDiWPh z-iAods&I&HU_Xk4L&3H}dGu)YA4dP@Z1($a8T~h#|7P;TJjB%m0zn1^2=3390fK{v zd3-65Ob`eG9vyh0Yp5?ui(&l@q)IOUsXeOtLr6Wh> zwaQ0{4wd7t>8s%kUW{Gtp1I?l8hq{E34E6QjB%tlN34E*ci<=Pgp=d;VfF6(syn9g z9Q6q@c>3RPXq1GQgVJDjeIpanFUseCoaQ}$zd}(Je(^+wS_JtyxVz6i_O{#lEh#aB ziAmT4P!J{-25^Dj0Ho{b85wWzgoSMz-zkMBo(vC0N7QwX3rvpGCk+?6BN-;ma~zh} zbBP6$;|cf%QxinE5_RJ7+F4k^&u4Yb>pMijA7NAI8Lg+W4ie-dZ&;(cay!TQ=&VP{ zQHN)xeIQiGwoggSOw54FO^gvAy`}d}LF3+z@)9FH9QiV})yl2^tTkqe)pvYzKGu)P zZE>3L&@6*!8mn&|^pVmYf&1zMD1SF>Z7%zG4aq28kU<9}#u`f68`CGxKO$>BjYl>o zsbzGt>h&^>WTD;k&vTHV&swtP)A}SC@}P2hn?Nl~hE|&Vd-5(G<9GGBlA;9>BMaS7 zy=f~m&;&PG#7+0wAEXEIyV?wsN|YXeFUgCtOAC62w&X;v%W0Epc!3H=bWK(|^{4Ho z1@Pcg>=!wo_r8lVtji#+zFlvQ_Qi`>V2RZIXh`vSnZX^S)9s+xs*ti>47T_#ydJiM z*o%EFT=)mqw`F^8S0Ox-7yF&=fs+)}v)W^<9}~OU^}7K$YZmUG>h2#o6gv!?2YRUy z-AAKIPXVKtzE>%R<->5XR^b$paFct*E20j0n(A!XhRVUk6EV#9wXnkIzF{|hT-+tH zay-Jv8vIFNSY%pt%=_F7@cr?;N4-P>Sucx7DGmqld!W@rr zvoSPd8v6F;r^-EJ+@}I9V8JeIGsb|{64$HY>arJZW6~YqWU2Hl>;}V_Qmp0Bgb`{X zJ8%ekJGqe!M009?`nV2A4neI)cKUplNl=t>vCML`LfQG;+oi;D!2FCzj#t7^ii08v zPi@U!K{*-Y0U$hEZj5`~5aMsqm3=;W4uvFIE@{zk0Q?ZaEe2^7H9+QZ&sG6|oZ zU^7L^Ueoeid?At!be!1jOg=EIAFE_+!+H^q3oYwh{Uu0pF}4yp4Iz>o^p$x}+mhdT z&&$@6JAcr)(35tGA!C})@N-of#a$$yIvuR0QUx>Z_Zf}IRT<6(wU`L2&osz?`bsRj?Tj~nDuidC_>m95e}KG9j%lN>w_gX^!-V{q=a)cvKO8aC)Cb*kMS;^ zuPCqD@N!d9>qps5lj{2tuH8jTf^b&8j(s-Z`~>o`C-9AN@I4(C?lhUxG@sM%SRy{M z+ONr4ZN?O~zRr!df2rymAgX50v7AzcC8Qt2iH8>Ug$1mVJMWjZsnF+qkZKF(g}9#b z0Prla$WV`bldr6<7A>2XZVx;dZ}eGObKT0`KgT0F5y!i~bvbl?@*<}VYmqJ);y61!zTKKH@KtP4s>QcE%ZAm2@D80KLoLUY$k9m9RU z$3Qmc?Crw6o8r_h{4)RwYa_;WHIZqcFX>t1p`36J1-dK^gGN|0c>3lI(DCyHmxYrG zxOKT)al{EMaJl>1Db!j$LkSP<<@;FQHo%WLOfPH=o;IRA z7ePZj*J#W@AEB1y&IbXlC?*wSJk$v1&(yZJTm_A6Z@hxQTF*OjtT11P){}?Z_K%?P zIK$WA=BUg=fm266##qgg&4orbfKXEW=Sv5;iU!E_gR;QZ;*tw9Js|KhF&gir8|KV& zNuS{9JIBCf&@{z!5IN|3S{3!P8=lk%RgE&uppJNXVY@nY3toqwVfK9%WQV#eMC^@CG=NuvoO%aFIL0=ze?yh@?+llec0`M{(VeTd z_QSav|Zjn$&%qboy7B2^yo4cLux)--gFCvFJoQm zqpRVPwD}ZJlGHF?QZSLOQ~YO;EJrgzv=X?VctPjR)xER<%Nf-6G3s?(ycOjS)9|h*1k(kKQsn zaL!ERxJxYS*U%!2r%po`SEgg0p9bf$YQ#Y^9k=@xQI4&wt-~xKwzGsq!4tZpD2yK< zle~WG-t?8^2x)0YLyKqA@8Dw2b+i4+@cW4`gy1s^%%{sILFrhyJ^fu6{BmaO7Ab1I;cA59*vP9Y0!w-w+7=H z3rVG(r2Dnv6N}<_+2bWWWzppw3N!xU*=egdEaDV3X}mo@fO$SOy&g9TJyVz`_N>#z zcKGqdE6rFP$=)3g0PGgr#kuFvy2AXe_oYqN3rVs@yN%1?_D+YOerwM7#vU4~+Gx2R zgk93ASn;n3BI!!RWTW&QE`mt6W)#MTlehdl!EE6oWLaPjXQ4LNh?lNCuwZ$d@mg`z z7qrEr`QWf;WV8x`9^^t$`xpGz?@+v6*tsjq2YVV(XyQhXV5B8+-FEW(!=lpJ(*<$5 zAql~pUdaJ32-7ZyUWA^1*iZ&Qh!m8yXUl|yXI$JpV1YB4&tdLp$UG?DCCB~SbM3kb z;nwUxHsCG^wu=oYCKl4w#f#-DPf+isi-<$(7W3>YG#E^}95nsF8ArQmmwunm?%pnW z?BV%?&PI}KNm*6(2C_MBD0pvI?sp1EX$f(9!B7Nw*eQ9kFZ#66RT=s#J-e|`sPNPI z&5NIxPM%Ade}5Uyc|&J9k5RH*243+u#?^%O4nInE-f@X=O|;4jInBWRKT1Sdrm=+0E4Zy$v!{l>O8GH zYQug5E@iZ#Cu1%Cn#A`4|7kK;PMTzjKUw0j(aUF3QlNn6ND&et#gsR7TaD>?`h2{- zwmZn21BAwkvKsPZ7q9vpG@4asG`0-Qj>O!@igc-hQJ$k<>B#v~gzZF&L#;I|$1WIh z4;t(G+91nb)YRs3GMg1;UcII?ZWUxqROiG(8xP}<8?f!FIx{`28gWzkAa?`~oC2Q~ zJgf0g88-?)VXBjG#w6$ zD@LADMU2pjOMF+Dos(1?uN&gV{^`CE*V%!}hQoM%33Y5@fOZOk#S_|2^RKZOWZbtZ z(Z`S>X9geduO*cgN5&wj@(b^4C#R=;RT_Tbs4!@QJU}d>`~bL0!jLp!$bMV) z#&W;S!u@ zNswL4tNbkjQ0)9ynv5_jMa+eU7xOGEw;R`G%0zM_j^rs*{y_=BWNB}E2ke{jY)RVv zPlzQ-*T#ys8%R3%&Al1h-Vru6s0)}(TCdSQC4B%0V=#O&8Xo{H6{}8qwJ{sx@_pyZ zxo%5}X6a`BU_;mKLY9E;XRYCN1{;TxdaMT`yIT!IwJXCIodwO+k-?6tyq@waagjK4 zA7N26;*-cpXDM8+?dm^lfKQ%SipcZ)u=@E$}`p zQk*hwx@2B+jMTgfZgMIb$mKdy__9QjFt`<=U9^*XPC#uT|#3Fw|Mn-#@dYS)0p+B)Rol%BLEr7Mao&B@<$SWI^*Ie ztCwfXII-%N`h{k(iJM+vE*nfU=MMb`V5Gz|Rbv6Y5oKD;RuhH$h;kx=%3p|ftVpp@y6s}UYaQ9%#;n)}O>cfaKGk*X|a!Qo9uf1D&%boOH zp1R=6T-8;lie^Q@ZE#U)5`v9RFp!h!hS?r2SIYO`;5PY1;d^8GpTDK1+`7x3Ow1b>m;MXU1O_l57P{{Aw6tZ5vL5dwg#fu?5m;PTIb2MU`tF_ z3#q^%BD*u*RMFRy6rlJ15pfJ5j0(!&FIW|>y&H&lOC6cd< zM5jfzM#p0ceooaChZOTq+J-pG$!%fjMZH&xe)QD&#rMUxE0shO=eV5DRqzNT7_IT-g;boNT)4nJ zD56sJZK$!sm1eB8c&C$*iirhS!Z|SgC|Bt_J#z!EVhZaF9J*j_#Ei4P>jYIPdtuJ) zr>F%xVIM2kl)vYWo5?ptKr}_Z82}xJX!Fb~mnHKnJ9^P-9-dV-S|8-Rrs*jx0p<5f zFyFQ=hh?F!%sE)wJ6C58YuJZ#aSzrjy*dgVTg>tn*c+NK9EJ0BF?Lxl+VZp`vpTHQ zG>a*4D5DGM8&1KbG_2)z<3Uj=i8Z5)NJ7o&n@iFQSJ@d;Rd|_gB4&V2!OV}w{M}bm zBd$B}jJGZ_V9c>RDk&MSm=IhyP?JB5zmDfdAf;uc-EsJ$N(eLKl8{cmO9CY5N<7dN?9*G6o8Z&B3U=v6dX9+)peXtJn2q8>H}wM- zpm*&tonn#qjj6xo<&j`u$)4_yGy*RTTqaIOB!YDn$_O`ZT}xH^Rdt&KcC!bdDyzP( zQVP#Ng)#bxC#;ApbRi7j*u&LERqr!3wf-qb5n*GD%#G{jn28*GzP7eR(-EV>yPqt&6KuFVxC@|27qE>iXUc{337>o^kZ44-+CE z)Wj+FwhqxDdU%ttrBku}10a3rau^O3bFr!#Zeqa;j+PrRO!|l@X{m3}GX!N!SHF9D z<(QxJMNlvOLwkoRMl5dd17JxKs-Ye!SEC2SRfU==CUDasqCP|6Bxf9`=T?fXQXS5O zB``nL4dvUqeHP)-cAMq6&l?9z)jLGer23x!N@~ zoYe9g9=D^%sl`S=0Q`vHVrfK|=lDtY{o&bjWHn>rLJA+4yGmXq2r_8pbE_Cgt>tg3 zobe!|>MD(}&ue?M@pzR@e2&&t8Rux6mwvt!BkW9sd*NbN6^}^{T@r~$9j2-b8`U6kNRcs0zKBv8`wM-yEVxKSiJo>hlVgD|`h2f;ynk`&XOHIqz_xSaIR1bVmJZLrnsd`8!Kt@52({R*uOSO)b0_*NP;DiD4& z{p|v4r=_x?%97ejoY4E5=t}=PmR@fweC;;;F#gUM6cXNu!fyv-*R$4ibDSY>;4Twi zaNWZhND(o2XAIin*W|2*d$%{Zbn1TKsoWN<67;949eV)Y(u>M?O{3c35PZ9*{^+%K z9u%eV`e)S1+-CMCi@K(-hm)O?r6EnQu(@%E4&AS&RjwIQ!4dT6oo2qP^uRS~U1!Jh z8LFiN6zi+xj1%g2kq&CJMNYcW8GN-xHqIL# z`3Sf3-Q6S`JEAIxsHm0Mil2fmlAN()G}&Nx;;6XKRn$*~&Ols;O^Wcm!GQupYJ{QK zs?2c<3&_rZM7y2c!F)0eI^~lS|5kT$uN1?uboGgItzq6INvj2&9dhukgp;ju>38Xy zqb}}xtZ(4EtlqoRI?^b2TjvPtV|2uRR*K|&5WPq1Vcpds4_#i| zNGZFNXnz3E*#=G6G0inDzU|vfewLcTp{F$~V4U65e&2PkC3(c#^VH{+YP^P;PE8hS zdeE2+Qm<`ao_v$Y2((&&?J~#AdAM(|Ezvu}ur(7aR>iS1>;$=q3mx?DTdK)sVl=mV zD22H!J_jPW8;;ZYg|BldwQ+kZUK5a z!F~Z68YdYt!vZ^-95r*E+(uUDC?O3uV#CNqk-{t*0;EFR8uwW3&f&m& z>`RqJ#s|R42Cvj#Wec?Y0L+fJott^BhU?DPZ!2ImV)6x`l) zs3)AKnW+|C|5eR%(s!*yKU^()#f&yip#10$tbv9%@JYWzsY zfVa1u{kjB-&?a36RMk=PsiqCWyMg;B_1a{+-~7*S?#f(kE)~9`eMnuoqjDm(o^nEM zeAUgkq}bXu3uu>k9shiNm)Rs^5-;##oKbK&UALmTOD+(y!}=LemTW?B{2sA$eRunBvm5xxAD;gB-2y#XKH_pthP+cXBC*uvXCr#q4 ztF(w1Nn_yo%V)+;eI=809gb#i_KEz>z7p2>Xm%QBbkR?n1ZQq(7|d_Si{`6YJ$-JE z#@qs`Qyz4}EKUp(H^di+PViY;5qymq=#In6}y0eCy@F zA)Ms3L3~)8P4uyH)dh2z*GQQ4iE+fV1snBcdl%Thism*e+Sk9Q7|f2a?5ntknoWkq z#;PGX^itnnl;9abw(_^sZagR+yJVbV4=lJabz}peCfNAIFe;2;T0U}dnTbeNXH{LHS=(~h6Y<_q-w$2N_K3?yUJFjN;O+88texpHuYxKGu{LJd)# zj=lG=A{>D|=s#X8DLaIDc3bI|r|XVvRvn@H|738K!`~h!@Ae$Jktf%i(s&=ESD?0G z93d-fkfz+lthJx4VTqoj6)tct0oT#*kUEMHAMO{UiRngP`L?^qp0%s<{rt)eZb0#x}@a!u=(q$RCIPrk#*aPsK{amf~g;SlFB&0G0H zujX8XaZFX@Ra6dApZxmKYWf5w7`$V#vh8O>>HfFRiZyreA?uWGa0`YfZ06evglf6j zJgp;%khN;uuheM4D~*E~-`C^mRfZH{GQcL>7+o4rwIuEF7s*pe4$DLat9@&oulv8; z_q)eUys$+NCKEmP5JRhTocux_Gx7P#sIjWn0Kuvht+CkkWVIzA=ZHFFGf;4zdSx%o zG_-_|H&a5N{o;MH5aeL*xA=ylfqxr=V^SeX29Y;OE!fNwavJN3HsdYb?I|+6D`nfw zyKIy{qN-kVAkQsbA;A)*aGo>hQa8putQohnrBIQ_fM!~|_*Ad)bAPWGLuB9rckBtw zzB^R(JYf42RvF~;6!s0|3IlW{Me`W@M)_q@j>fEJZ4lJx17N1<>X$duWQIvA`$#;w9}tQlC!|eN=CvkS=)j!6hSCzea+pcd_Vo9;CKCQdKZRl57ziB;~VUFs{tx<|uBz(3KZTw7}2L)Xg zUU43KY-^4&@>a~2t_f=8Q?bsG-T4n+xda&lD zyCF=cseCfnK`CFqv%b%{=cOLp%{rK$SWohlu(Pejot|b|Aj_|As*LTOS$=o;`3=$! zMRL2ymJu{`myAo^j_dHs-4@JS8U4eoXDCdDq2 zLwVgf8__3~-51(T%sD-94?uzkZN*wtY1uy2$Mbhkhm_&nK`o}kFqfas{Vxv%ym9Vl zNUHdxUGg0}67cE6_HPnf7nDQRQE1&l!`vNri_94)F9V7MgR`rFw@XB26*$)_X}}d( z`S|q4x6(d5e*s*)edSV|B@0u(^HItWJry-@DS`(!pW_hJ9z4H!+EhfEY5z&ll13V3 zmTTd?wgJCrr^bEJst2l*%G6EQ+}U>g>e3$0aaMF>Uvwi5!BZH;Fo0Pn$v#R9vChIQ zDb9ZfC#tud=57ri6vlGfPBi@b$5-#^s!Kk`5~dZJf+4T0J~L+Ubq8LXY;YRX6ooZ%(<-u5zUK+A}OSI z{f=sBv~|X2B;rox(UP?xjy7?ZOG4zdKIq$NwCN2YgSiXwC>Lsd{S@7{ivCrG-16Pi zc;_W!7Ag^wdnHamjEwL<*&OVg6%_1FsK#4i4zx_c<{Jm(Ay7Z)I1@A+N)|Z|Rz--? zL3UzzFresRFg18r**bOLrx%*DQLSimiWqpSh}=>_(1Y|)oWC)7F!cbynA7f3Th~Ec zrmS1G&3em^#(VEN@o9iE;ERydg*D9Q00UmeRiW*LkijHNe;Z{pYQ+ND%icKqFwAH#G=U}ZCtR`LU zqoX(g3)M659@D-RstcAWsNM3@9@ZQaJ!%K=;|0eCCJWS6O+YVwgeG@eUVvm|0*d!r z2|$O<9@E*#T1-z?R`h`T$~nb-T0f?yvr)gKjVqX{p}OWurfGHmfG^Fq7)ye9>@$#O zzUGH6Q=Mb#z%n$(7k^ZrK+7*)U|1dl|O^8i=&ZX zon{ZR+3{C^Sq6&`TLJ5B{^I_~?3iT}(F!`gmMf>ybinXlz!3|A=_U6O++{R&QgqWW zg2km_K=QZ4P_ru(a*rHtc(a|;d_L>3-dxvDQb_{TGq2BeSVl5Zc#FrlrC5Molvce6 zbon;y^<>XE=h|h9@36Pp6KoFvjHl@#a({s*M$=L5=lC(Hw_4Oeo{UM7Wcqd$I|!~ly3Rp4fB;^t7fG8M&jK#&tS@2d?S5fk(iZ7=5`%(PDh!9 zG2yh_iQ9%8??)B;&B&%^l00!UVs!@H)z;}^x3$DSu|L+nwlGaniQ9SsEdzf}dH0DOowY;b zizyUIXYz<;7d{`n!WwT7rMej(wf=GuIAF6alt{E~d>6SzWUUWL-2_$v8*3rBH*6f4__fZQNkM=bd!H+^q6e}RK%`(jZ1 z`H_a1zto{iV3XjX+zN`;>@E4FE>>4Xn4xpAXVzeI;^#LDE0IeJV(LMfLYZ9jmV0bR zzJ{iG(AbK#J#ehOdAZB$eU*hN@Me7hJ>AG>hFx51Pg!$W$T9X;Rp9XeltT$p$F;He z%pV?>qBNR$Oo$;qvI>foT=#q=pVBv!zW;b88ScN5ldSwq@_q~C-{nUWfNg2oLyJyO-bzmHV|R6$rC>dT+bsaDKEes6FAKz;wmPv} zp%+$*p(Z?BwCzAkSqUlyM%hcBY$x;=X^?lXp_1NxT8#`G!S-lGSzX~ss}OfnOhXuY zr?0C#kS&SouQ{LcV`FLf&cLCD-BOQe;o<@8~Mj`XSx;*4Yi|19EaqvXmn z(PdZ{`4J8gtO%y?T}4VO`8Q@;!>V4=Z9F*@+FKXy&gEHhxJg-y8a|W=txu8c+HHtC zjPCgs2gaB*wapGz{1$$Eb2TOCFfz4v=LC~pV@&6`x%lNg0CM+T6YNt}hiO?!Ux~D} z7OWz8!+uzCo%qaGC`;Uk5+a?^rq?8X9nKHMtEL4C@)v~G916I?ax6K!jq!=$-Uu$1B1fh%JrppRNeN1E?V40Gl-1HJ;gtD0h9HtI2dOy7q-sA zaX87!&O|ND$+)fSdxOI?#Yq@cG{?l7!*3VHL*3OidINdfBK_$fP5G`(;zK{vwj>=b z=*S0&I>#U)P-$A^!(l|iw$Arbd?vi0=B7%=uI{y}k#cgeO__fcg0`TCV`A-F0jFl@ zJ8UlT07OQ%d7n}iYYW~%`~cH}cS*Egdd(FztyJ_-Q?qS*!JT`f^UvQ%ku+ICKYjA_ z9NcB=zT*|Dri`_NlaOPiaJ0}1rPgP!)iqxs1S)HTPdBslo*2GgeE^L2OSc#q!Gp+_M_-=&&=di{Yw z`~ip&ObPF59wP}9L|hxqt2m6|$T}ico7{iLXc1F7XLS%&G}lBa`9#yLALsN#EaYdp z;-3iKJsA)$rw-(|4x^HEnFm0b`p#bW4n{@ZVYJrSY{P=WGiQx*;&fkC=CWXg1kJ4C zGM+Z4=JISMTw&HIkOXHg%ETkF=7=~4`YL-ZDP}9ovp#0^XS*)?t&7!a>4$TBbMFe5 z@MTWql^JqaiVogj)F*FfqRW>U561E`av{L`S}Q0LpbB zehlMM)%u(6o$4@W>2inWp9^CrVObZH94Ihz*{QQ@goeIplKW@bsua+pl)V5#(`O|T z6{tX=A@^A2{dYfak#EgizwX=#b`^G6D6y#2zNDwnFaCgt;@jRE0t&p#dx>=u2xs`%+-4FB| z(+40+#@bc&p09fN`YQAR5Ti6H^>BUwd@N%u6bsR?kg=93pyHAhB#*C1SPcWa1@b^S z##aH-)tOZ_EOAV5G%(B&$k4X7aFBaaj@Wq*0Nn$yj2+f;wCBBW|1tIF2~7Or@WU+d z$9>zs?mYhyLqmh09|H{JvNH%42KMo~^Wz0+I9OPCILN(QM95v~#{dh5h=hoM^q6>* zdz66uAwVSlDE==!{?Nm>D5Qc&*oq>&pUC~7J+lz@Lv?76*BGGrM5$dG8$%@2d+U(Aktbh_ zHaAhl*SMPSz6u@N)$~o-G~1=o$Qi90ThZ!n^a%lnGW$b%;o;v~9J!QmXeXHPqxqnu+nkV>(X*BRAG`N^%VO)Gqc(B9&p#g}zP_idT% zRJfHb<=e$n0JR&1Ti~oaY5Lu;*U)W^Us&v(7pzB~*<3<2!jo=h0#2q@YJORZUZ-?m zTXBc;1$~ob(5w2eBgUIuZ(3#GP_v~NKl{beM8&=y#Qj2q~Pvzu>#Xft2-gshk zk!L4nuHGe3Lq$bZJ?G`(`aX9H zXT#0+H_b8VpwQY_-;2aM;xt z=iVW*)X;7hhO%oS)Y~j5jw}~F=O)7_O%z1UZRT;ZjO566;tpqgCHeDUMX|vYsO17w z?I=^8%+p@UR0w>k=R>PjrddQvv9#03Zrcz>X7gO$OtZ)wwPASHSv8F%hitpoeOfAz z*~q)y*RA?lN7TYiKu27se;oSrbdz!ZRfn16=nG2lX0AOggQzj9V0%HnmfMA8U&1r6 z&n9`~tC0zW`WmzBD3P6Jg8HH``IIEzytmG(FPkSqt77{iEDVmX$GTRs{GLR^5V#QM z5n0rvd@+5YHg;HCRVhvQ6T``5!FBtmPP1!#4ZeZwZdpX)X;G?#L2PCHhWpp1+IPlZ z#5rq+_Gf-HolAZeIS5FgrY3Kxb{H~HhLf;loau;p6;emxA3kYvz_seSCjTrFvSXV% zEv&@Tu-+3mH_wpqgO^XG4xx(J%eciZ6z_SDQ+uCs#+DBsE5R zoMB&KwGGQ_u|ygoeY{B}E_HU2G>Lf)S>UPQxmKGBH(y%`;Mm!o6dA>|SDS%PshBJ4 z)3Xr|C|xo6L>nU&6~C*QCwomWcy_)&CkJ6Sh?kjcWLu8KzyC}QxLg$##SEL(8pZZ` zLT}oL(7rMWT>3n!HFK9?WD;#FDL7X5lTYSFxQU#tjG44dTV={LmG1#6GP}TZa;nwPR`;-4r>hdJ8ToIA5d(U)W?Tn)iL+ zb&hyH6~h{_QGbuSn`|^v6&nPT*cRs3o^fA2vvZABp0~AYLjac^9uNt?s}*PHQ1gjz z$-|?7N~JDQ0Byk#Cb``YO zCN&GKW8JppY$+*r!_D?GUi@eC;1b(68?3wgvP{h9Ve8g99-3Y0HUm<85dziQHEEn4 zpSqK`6Rza&CCdT4x&qXU~&7 zDHGhLtJpr>VYj%{i}@vxFtwhj%k4|>86NS*c|Mw4uWy$HQp8OhqWYF&15=De3(c}` zBZy*+eJi;+*=$Z2<=#Rn{IerysXj-_k@v;amTTM(`q@-f3%FaFr_-AlawzXDw-8Aj zRibiVOpJ9Sx(2h4L?>KuQ`@J>NSVPnXbE8(hr4?&Ouy8wV&Y`nk7IgbeY%?MOPUNt z5H{3}dcaSsCfj3mN;kJ%Cgt(e2D%$hAa2`TJeW|Hc=lsYon`d5kvi;#ji_Ns{PNB6mjj8kt&m?GiwH#DA-Vdp8uSf2?#L#8GckrEw2&`j7+Z~a8oPQTh2 zAb1PkJE+)XAMU-*lEx6);b`!)?{MKh`$DO*x0gpO-w>Ydo)Dp&Lo6mPQ#BO0u89k$kHTR{7@8&aY1chv;TiOx!MNWyz@dL3vc^Sm8 zn(3|faqLB;cy3CDynxGM$7b4( zC3Zv(YbRMX851^qW9yyyM%7I56k=Ro%@1CYGZKwpr3O~~Rk$?Qq|oQzj#~Lt85wZa z{BA&o@MHD4R2+`~!g0pSE-%7MI~s`B(3nRK%mtM4Bee%jz%)#OC=^+>kmM2b}^5+d0V?>R0SXru9O4;4(QuXI6VyUm z8Toi{I zPMneVU9Ca-JSju0o#^`_{{uiX>m{52PA5AZ?9X$jR;Ku&&Vk9?`<4Ek5g)`2K z4J*vXRK8UpZhgt%E>m6ptK~@=tz^l1pLPIGVpBtHb#zF3dSZlw=A7vViV1dd+aHd> z?_MI0c4Id^bD$<4IUD47dy2=_uO_&vXIEZ1JbtCxAJhG=p;CR3E|P{@oPouCIztvm zBrMVxU%0HYCPrI)X*qEsUuDB9sK{>HWttYbOTE~L*B*XJAiXc0GSr@pZ9dUaIy98G zCkcmFY0yhp})BfAR9>ub?3Fi6>^GT8B1&Z8v1ykDs zlv8Z=aOsAul$qrQEaE@i7n9HNR_PggX$g@TmOT$hNo<0En3rlSu`YUl#1Zt|AF6J8YB zPl$Q!c30K~qV&*frlG@6RkLxSTz~qaklD2#KHw^^wEluzMY@P!qp3QaU^uu2t1Rq} z-(sj_$wIoI)^{WA0}-t9>_IEosjJtQPaLQ4TAPdeUdVm6yDZt`3JAV{${1 zkv}R8N|&lM8jpud%+PMt^BsOwHOmtHgBZWjZ*?+xyQ!9?MrcROVu8Y$x!0`*?@df0 zvS<5uY!(s4@^FXZ&U3|cHax``C8OF6ZL8F-8(wAgm=^*^7wn(h69#hz>#E#JYf*b+ z{r!i`zt-naevKpT%j(*(RZTzXB%`E#kDG2bK1xQ?1OkzVG~y)cq{ol{-7q&6@Jd% zmPonqjb@>jdbQ%GrK!&_d$WN7cQ-l zy_m68431kUpavZ(u1>jiF^X@eYgq<_>lTC-C+;lBUmyO+uybq(^OY8N!9zbx7B~Iu z>c0Etemv>GS~wJd9e($taq-@xW&!>{WK5BD!z9H$AUigg^tdK(pq{U^u0&B~d~KqZGd`o12=W!jlY9rmb(Z}pdLHrk zy{7?6WDb7jooU(EacgaaB3weP2O1Gpbg~0Zi|=bnDzYg@QjU}=YYgpsUS=EeAI&Hc zkS*3!I>yl17VT3PXszZ05<4AG#ID>vL@;QvNXexVH)gPdkK3owV<(x#Oy(G={I6)Z!x)QiHlSR7uvcrMzk;A zQM{L;2!+mHa@f{!a3Ej3A#Wa1u>_*wQdx5iB+`w_gGCf0OAiVRM z>00G>4#tH);oDa{i$M;vH0+4J*)e9awOGg}$fDYCIdmMjWpCX%=foQ45jB+L;NN zn97mF{I5LZcCSLzZXwg53=7YcI9#93xtx)qA zwXO8@1;oIDAn7D_VQ1$&lTga z!>V{{{^v^7WS)5%V$eGb0=}GjRyAa8MT@HHT8^NSX=>>ZR^Bo*T$K85p)6CatPJKn zGai^3>s+UAHIb8ZKCxsZ3a=zXf)sqj*G;48x{Ow{$!iVU$WX}YgYJ%`&}Au~Mf@07 zxzk$H`%CTDH*yzbE0zi|fInL4Zu~W*+FnmJy@kHu%)|xmdz#)oj&5VfJXK}lJw>I` z{5=#9O?svV5~c|R@BsDTSBU&Y@Xw081tNG?R?}{!nP66CDf_j^9ZfT$I~?zWbvX1b zPS*178In>#C4TW9g1vI{#P>ca@eZA4*3!MIva6`Vvqp3J=CHB8+q2ND{tanwq}yCw zLq4A=ndT9w;!(Sy&(^zrS4oRS@V)M!ZzG28D6?x6m>c=+>^Z2EtV2i3arnPq)%6K3 zE~SXh&$0Za#yv@{_rudA&Ec}Tk|<;!H?HBDiAv~SoY*kUpj&gsMXqhTy-510D9nfaC)5Vw<%GnI#{aNq%=DRNurkfO!LldNs zGAfqH zeurVM_2d65Vbgc-l`TNEMl_+g3c!#adpetl#O;A@fRNJ_jXz z&$V%S&%^y*-hU*=nG2NJjldsVifGPM&uH*uI-Z5$X!K28S*{vZbk7J!BZ2u>F5V-# zwbc!*RxIjR@5cuxnz|O251- z7N6z4$`D9*#}x%Y?KOE{!`6}AB-Xxe0Xx262<*bT{{RN~Ru74H7V=%SzL^$$*)lr& zDDBM!H`MR`AozB}!*|+y_*UrY>1k<=$k{D0=XckN=Kcuk+RRgGdX~GaH19OB`B13Z z_&ETR`qFaH=R5xZ4*Vw2Z#5lPQrF%Yr*hNVW-Jwu=Nyi>t@->XewH^YW#wMqg&-Kz zj3@{Adi1V&+o&Hu{{U-i7IMjJcPE--ETQ>abLm>%6Vk2xNv3N0-mR$V+H^6oir6tE z+{7YSC~9;TULCw!yH#6uxrFX%a@g9vb64;6>mLnU*js@u$~@&6mw^~R(t*M@dYX6I zhlQ;48=YSBQ-%x8!^(*8T%Ui(rFk~1tlV9rOK&om!jrI^VCStg`yEPWGMZxD>Tqf| zPGgWR(4g@C`1~tB#Jc^)f&de?#>$PY$l|p2hR|o7w}@i6vzGbccasP2ag290X3tN% z@p4$fV$<8{&Q+QA@_v~W9NOHjQ|QkU_(xCE{4Hsw+)M=X;gV1|f0vZUsIQMaN#Xr+ z!%?+{!C7t0ghF0yqyY0yV6n;*-{@J>34 zLyEFHWbodndwp(IVv5=D3%7Gzzr49i&y6$U9>>Je+g<>0HrOvF%;})1r${ z(~@?ESmgk@2dAp97jun zCvy-B^Pig@^~HFD!}Hq3H`(AVdaKACcpd3WRiSFJ<+sx77VulSQ5=A78^%Z#sRpdS z+0kE2(m8XqpyLL!_IKP)S_D2byEDmaYB2jkdgR=Tyu^y+o7%tS@@HzFNh|*f#Bj#m00II@M^3QT@PybYk8`8 z{_ss5jL}{acjV`B@5Osov*IiN0Eg4Z7@6;pz>CU+knH}0_57*W<&;jI4C)>ZlTZ`Q zX?Hr1U~$SnUz_!>5N$8d)+LX7CC~v#4~~A68GAFd@dt%%blo}`t|f`vI49p8zm0j? z!js=6osG*!bU-I)1giStf|WCWQPgg{A!h~i*#7`&TCCw&%H!rZ>rB4aH4S;~ucM9Z zwD`%~iJWuW27<3+gVdJCQ@pr)pqA>0%CfH|hCBLmT~C7G(o@6Nk=ssTxrl9vc|KyC zgF&*D&ld5ohYUARU&2~BLxH%DyiPzLtz)i{eP2R5Zv0V8;0D1#e{{XTkXy$9D^BqAyfB99$HaVvwkdpEA&0Y(8cFMacByNiBF)}JiMHf?^^yX({-z_5nJjecyC+ESc9r@vyK?|BC6Wz zUp}Xycxpd2p@EdRQ^@RntI_VJv5G?s%Nz-uY*X@zxX-w~t+X<=$h6i*TUn!7wgQ;w zKhG8B`h}&=m9?e3it6yFBWFbhv`lf9?6p1aq4q_FSsGwKY=3&9(_?WYaNZRbfD)?5 zlIQ;b)mlbCq@Lxw>v3y$Y34G0orZCm=I<`7E@8Tf@19gw!U4!9JcH?48l#idtX?~K zE$su$$1*qzfP=Mf_;6~Lv&PoqNaIgK!(?>D35}lNZ4HL8_IR%o>_!#X<+=I&ar#ys zyX4qu_cHyUd8_iqjn3{5AbtX+&!L-&JZDX@lIK&7=TJcKMoTn#&ztFALU>=rso_~o z{F-&G`Z9TK6r<%;?T>niJCQkSW5czp{{RyFK=D4SeXiacT_vU~ZEhF$ai%exb*ox` zhUXWl8pyH?ZBRf1>yuI`Z*!)x(rs4b&XuB)Xt@~~8TPErb4v4k>7fID3t>kD`%(zX z$CuA@sKIp~n&D&Hk1KEUtt%Z`<~y~8k>W=k17kjv9TAz;t(V&E_s<;r+vZm6YMf~m zo?22e4-Mb_*T@@P?mK<;gy?Od2t^M@(A~cp>gCmeAG34q+sff2Fs>c>w zh3U>~PeAa_pQhhHbr|Dy5(9@h3zPo<*PtZYKHP%W!xma?yc%;tva;@W8QM6`1$m~j znl;4pPd%h}R{;v6pW)3SwMUoD;;TI;R9gsR6Gm7^BH$7i`d6{|dIP~`#09EUqf+dF4z}FkDi?=#n>6ZO4`N*Yqm_c%^~EP_V0(* zcUq>GC)+GuNWl^CGrQ~h)wkG3uv}Z(T50BMWde#R(4p7 zr#pu{;<0eoQ%KIp9nrK9d}oZ=|Xd;JVr8;1A(~lk9yt-p*bCPou#Tt zCF@G5BAv{?-shmM`rBBYY#mrM6B2N{@<^gq>Pdv&7>`?Y^3+2k@Njz8)L#q#0JAoe z1Wrj+Cw6yd+NnOq(Rv*Pv|5*kwVgLgOGrM%&cbmb0#hS`E2Hs;hwN_jsSI(cDsp6X zHcqZ}-25`MVJ?hSzs5P|K(8Ne)LJmhvj{g9y1@m+^8DeKhR(Rx% zv$!F_Q(aGn{5xqPOszDq1VUm$bLKHW{<@iLOQ>OZmKL!@Lvgs|j02LtTIaO=LQ8mz zzHw-QCk@~0Ts2XYnf-2m!99LD-uR=!8a|b%-Wy#~-c^a=&khGh9-LyorJsa;II`3< z+Z_pAtz)`C$N|U_00HakQ7U%W_v&hT$B4B3D)uz6mC`7t+Z(YzD!)wE<8S;Gm-bZB z{v-Slx$!@S#L2GPL@n>`S$N9eq0d|pF`sJQ6F6lXAIDC!WpSkHw;E;fiW%S{J|qN4 zK;(g5sqp8;I>o9DHo{3_R-8EpBq$w7J*qLWQ-!2&hq`Ciz8}^uE;dIs#Imjd=A`jX ztSojx8IfhUIKrtv%cXqpB2u~6Q)7V8>@FKoce#z?K5)iILF->ZK=wA45S5%6OJT4% z1B@E?Fm>$IPdchP?J!2k^2yipHRu*Ph_SW{5}-mbN2#xNoUU=Ua@Q)8UCDVQ2(xqZ zj604n!vBw<(--pDo5_va^FhLz|-0s{;MK+qA(dZ6MzRwn@m+nW3(y+nFDru=BJf| zncZIKkx6F^cM>m@eGem=$CFJ+_s0~?I|0BWk|`%+IT^PX1}H6(Bnjo@9lp6eYL&G6 z9%&s)7a)>H-maBB4857F1&mPYDSV9W9|3{jky_fF@_m+XoTC6n+-Hh>?7wD_%UW3f z0BAgNxY>eE+Ri2iw`K_m_`hx`p+y3zDlQe_De795rJ z?o9wwiu+E{?HbC}5XyNCk6QElzqHSDaBfO@Eyx4E;Ydu{(?57hc||@`$>0jDd#1+D zvbt{zz$Ukgxr1j@q3V&^d1zdy1A*HWudaB5`&Qa$Bigd6;Zr;?#W5y%rkQVWt1>;f zLZ>t9P(?b522B-I=+df7|4h;m|e%za&cWR!kt{tt3C2u zv)iK;D}VqX^ZpeT29I0ugm+rHthV!r-Ofq+*OJNMKRL)Zr6-MqgFJ5MrE`@iUvkCe z!&|4>k{1&a20-cSRQ|;U;8c=Nv#Vz;z?@dp&Ur(qnr@kEr-UbS${Vuv8LVFu>Q62G zzMLSLc7k#`FFik6=;cHXw30h_SkX30dB?qXdVF7L3iG;^Je+fib{)!B5&fI(4of-^ zM%?EgO7i=7=WRwtD8cywh{xeg4at+-=!WM~x42@_6z$XxeAhzue`cE8BF8#8+6tUz zl%?FdXQJs=siq^eWc{(!DPlPu->qWm8kNw+q``e??;$`zc7P0L&9x1xj<+OWwWq5|u zml-`j`qgvBUM+aEOMO1x*>@o>SdW>H*0PjrX&Rjm8?)5n)MeaYlg`f|gBE9nhQ+PNz9V()%taHs5V6uszc?;o>3V`+Z#az;? zLc1N^4?fjKaF0`aQq!$wK&p!90Lua}Ym<(|8|4`Z5^w_5bF)PQ+59W5{hP~%_Ta6! za1>{uuD8as*tU#bJH>W#N2eI7jJuIiEcx?IngMcRmOm;}kOBT7o}#;0blX@}ZbA?g z5_^xWDX~U2H}tz}8>0>AkT3^!1$I6ocU>Vq&WR(Oe7Md9W>Qu>Uh*iAiDprr;k#Ec zJa)Gw*aZ=iN#lyvHZqfDbQ)`FbHyAWY*!rz7_Qq`@cepxq!*U3s}goO2b})^g=ieb zX0*3!1oHqA^(3B^g(a(QRaM(BRlw^=sYvWnYg=neKQ;ohq7y04EPthT{utJ*o;66~ z+F12rS;}37?9GYwpR-FR+1Ykuj2`vEOC0xi_cN7g5wh7Fo&{!Y7&6C)wF@0~3*A06 zBISvLlY#&^@AR%3FNafT^GR;g&eDe^8dlt2Cp~E9MxM;;^dbG2vLyEe-0dS9uoo4? zUC#6BHxfcgK-tMZdaX={8wH-4_gCB3Z~*53SAQ;%bEjzMSax@YGlIlmDLp@tr^|gs z%yPf*km@%!_ZUf46M>LG`ikIW6A5SgGfW(|;!6{feJUJHBU8E2=~{-P3&m#vCvoXt zO!#k2j^@osjaE?@EzjOQ)UD9ho2d@BZ$6V0m)1Z%#@v8UaqC=*_`_M&plve#J82`} zkU3>Ofa9e*u`{ReuZ7m_ov+|{xFjeU$n~xd#a5RV`kaZTU8u2$5YZ9(=C-A-=2Pr> z#htL8^~-`JX*V+tmD0(k{el*_N8Cp|clE919Soeh9OaedhIv$?ozKQ<<^742`G^@; z9M(+&Wi1-=;v2Xu;Xq<$A+zaS(`i>1GHLTpT0{&%RsI^!m0aEo^c^$8T1~S`s|S}O zW!RC_{VSjGwa=Mgx@<`uvoFiN7X*V=kw+=v?J87=%Q7Rw(m7_C-b8xuq$PdFh(Bu0*$&D8wP11`uPVbJTY#6F2-hqF-FBi*WIx zunfD01KOh3bPJst&Pk(4nVj_l?)%mpwl-A=yq3Aq`cts_Ly_DFJJF@;H#hbcn_5V)!AN!J z0p_|=v4ok>Y7J{{sAGqa26OyIyraaCr28%*5l1JQOJsKR6*6QNyfk0UL3OubVYCj_ z?6%QCYV9zZcJW~Q@!DAQi@<@ZEzgp-mn(!5Jp@f4RxmgS`TF8#qvclD@I zHH^EPdNq~B^@wGjH^KfR$R71uSJ9#l5nmFhC*?J)X^vAl%?n1o`+F_%`8VZT7{IS- zi&L@i%y#liBFKPeE&MH8!k(rQnIrg$4N@7WNddV$f)7Jp19gx1NHr+#3bgqTka-_p z%DPer$hEEBNeou@?IS#Hxyp6?>(@LRskP3VYZSAOA|@=VI~)#wK}E}TG&KBJz7>dB z%Y8IP@_9A@-niiB*R6AQJ_&~6CX&|V#U}Cuih2WCNuwttZ&%Tyv$C_dMwa1~esae< zo7TA9J6gKZyjNvxmi}$9T#Nuhk=JmpX2zg;AC0~%-e|TKqSr`Esa@4K7Q&z>lf`oS z&E3AY_8o2EwuVnH8AHhR&*fJcbTX+Hab71=bEkPLGpCrrRfq8U)>||dR=!jLA>ae= zTHMCn1+m$8v?M=t{p@mSHG3I1iB-ZVI2``9jQ2OB$*rv}XW0x78=>G5afbJ;+kI_Jf@cA;-8wg80=6+s!u6~O7ua-}5LvpGGh zIU`tXXopCwE)r5q1ds+#LF-Ax3;H#bklm^T zcZNmAdvQ(_KkT|x^unma@Y-4~7)vgS*Rl#WS*2}o{TYBo1>kdT%P9PWmjTzmKox` zPfWXxD`kmf!^)xBJkXF48)TmR6f;D;5JBTUmEFZDmf5XVRl4u*`jev~a`u(pC`X=n1lVo&i^#nNC@kp;YDV~#l#8o;Vn z$4Q9XUI>r}0AzPORfz8FZnsZtk&vgNjADVkj2{prPisBn##@5Jjx%0+70a|GiOiYC z5aOAY&hx{fMSE+>?L@7dI+N6U*P=nMVH(i_!EUdBiaJs&+7$d}V`V0r1>DS-L@dF^ z0k0y_JX0Oy4{NaORxGSeay=+5zJ~Rtr)w?S0;1n)jPb*N`sy<+$t*Vdn%qY{qm9Zj_lLD=o}@UG{vk^G zWwoBY7MUciZoye&2PJdK{{TLffjqa`?xP-~Yp1=eGDIYG#sELly-P@wKgD`>r>Maa zMD8PH=V`_(BSY{7(^|z8mm*1#OFJIp-lE2_S{!GOybTtiXAYXvvdtqB-dF&Y_cfj2 zeG1dV`c?g|onsVt62>8CWdyML)kaoBaWrgxA8Fd1plk7GWe!gLz;J(^cn^y1(?!

6MLys^Hsnj6NDGD@fA+5sGo%DP_++Cdse zG%lA`?C+m2shj91 zzK5wzd@n8|dw3@{>Z(5P-sArOtz539;(Hn9TQ}5gK>)7Y{Kp5SW?1bJU@+a?+J5>s zQl$04uQ%4bAFb$2g}cTVozmW5=Hvv>yrD=)Vp$O*SK^1Y4P< zg?6DCW>2cjfWvKaIB-w4{kEd$jPL+FX(8L)o6K2Bl9FlR?tD43Rna1jR zYT4YG)rTV_d)JA0g5@tSjHWT2#AmV^#%#Dm;k-+yMQb{lZp1FzPs}m9BRo;0&j`$M z$+{N#9f9G!ze>#MMB3yQkj`SajUFX#syf!DpQ%9vFe|W*V;NTG83(lnb4PpOU2{$F zvA5P*TUe1Cs0!F@5$Rn1pYc*Td|iDNyEV>=tPv#Y#g9{u#+qh6$m#r1@h`$Qy4Im} zr_FOG*%~tj><3~8C-do5^_z>&jMhKeSAKn@j+<9<0>MW?#aA;rBO4rg{5G~-YR=I# z$4C(YB&QsA&N#11v-nA)zlm+N?H zn;9-$9oXk~cr*y_Z#++_-d*V;7<}7bwM875ZLAk?=QZ_avjwK7qepKfHnzH4KQha= z22KZ4-=z(SD;)QUtdegELuUnzwawEnluiIF3G4V*${sVm{{VywP=`;yh+N6#iFS|q zWIx)?N|nn}wuGJ#*R-DyUC9Ooz2IWNo>iCnSE?Nmt}dGH1cq2`*UXUPf(1~Vnc)5> z)NeHp5!^)-h8XRf1OtVT5uQGot-Egu>YA3HcYSYbBPFy(R&Y2_Jx|tw9S?#u``iBj z3(KrLF~%EE&T{Wk#7T1yb-3-0quROq9ZOu6aS34YIV{RMfzpDnb9YnJ zJd0IXV2#R+!FKXbxvmpL@iaPZ)NgfeVP+&gK5TRAKq(deB5E3ciY2wS(Jn4yw~VXH zvx6fJpo;dNhnlI;p4kez!og&cDIW&_asm7)J&E!=U3UK8RZE5l5ek(VB;!8yiSYjb z!uGli;u{OAo7;!Uk>oqJlhh2?Jmg9}2jWk}Xgmd`T3Tilk)t3;Q|D&MI2o>6!+#j{ zi+f1*Lt-x`Wh=Mtk;i_O%PDGa8duQre-?O_;%jY2?h7IInMvA%peL}eI-dJcyYPef zb}1UoND>&7pOo>Ql~HAT1bw059UDyW_ruLUO@>+Tf+%*LQgYHT&fK26d8@Zy*f3jL z+AoyXPlhrAdU{txCSfXLZtg#`bjzEaKGNQ6hJeKzG5fje{cGmkPRGR>k!h_GG-DtJ z8OITTPDsaE=!?0Rvti?J18NugKASkXn&<@+m{oq`DgJy{nHAM1)8sbsPv(rOZ&C<8 z;+T6jYj{e_Ue@o{JBV&=_NiV^%faeCwc2>Qz_DIfNF@=ph&;}DDrhxVTAod3@atK7 zC%rMmEgEAKL>z|v4SN2YcK#UAZeoN+Yh$F|N3%_| z$c5TmD>EEt`SV?mi@YJFX*aGUjvLLA6!}Ri&FpA5QL*y3#Qy+>n$f&E^cGhIu0itS z1OT}2U3Y=>7<@UQS-h;1-AfPexXD)k03w4rw(5G`g?nRrw!x!l3I$;Mc*!--_>02Y zX20V2Z<-sX)2)sq1@f{u0B#<~CyK@Ip~Wp3rKwLAgKKYTX$76G%rKKYkbSfMb6PqV ziq}xKHv(06GO#W_Q^z0UK%$wYc+76j@=Vh4*CdK&x8ZSTXfAFMlYC}QQwFI|p|VWy zElW(d)aDUK10(J#p!csb@eZGLV{va`XKc!cB3%Cf3HGfKsm5J2nqQdk4BegvPkOs+ zCz#MQ@uv0fj!gwc*zEOh70h%AG^=ywWwRq7`HJI!JNnm|TIf%IELR3O(l5Nk+Pe`d88)V4q#PRgMF7s29vYjPpse37ftl)9=oYbp%Ib z(4mpR`F>&TUpx42Jw)plH@C|g%-=J7`M~t3jJuN;W7@S9hgr~8HGox;au z@jJy9o)EB*SzB7&-N?e;3w3OkKi&=P-2H3MJR^CjUtO-Dug3oXXEEjCR=`|(8eH8> z)K#u$c%ln?sSc-X4ZL7wKphv>x=#Y%PjItABRRBK)x?}AC)3`Y#q82r89q7HZKR#F z%T|B0l{?OR*OKYBkEBg@_F@-DSC4ayl?*U(_-2uDk&S<%#TA@433#GXO0*m4)5)6~k=dy4$QTPFnf zq|7CBY-!q3UR*BF&_cM}$TD{Kz^yGqMz(87CW#togAwy~`qolrPF)ep=+LTNFDV&Q z$ODS><%!zK&K5kz!JGTkn-ru~@aeh+ZzzOpZct7$isCiSduF(PgEMr0pVFKmkX1VTYe{LCosTE+s>pjAvj{W{#C42hOswoul%^J-XXR~ z)CD-t=}<1NkxS&uZ@y_8_fL+E?^F?ujZ2$3?xMBxt(hiv+5(-}KGn~E!ZT%W71Q~z z4Z}Gr8D1FoHL8)anZaItrrT3wkUEtgD9OVE>-kppl=trT^Drq2u_ShCnLfqb^sOd) zQTB;E@SbT0EZhd^Mxm@}OXbBmH!52GnV`)GP+MghHXu>q_}WV+C?F=&Ik0Wx<&cbCX_((@-Q%ZP*OVmLOY!w zO=%)NZPJbb9e$>(XtC#j(De%~PR`>=whjzn0=sfIW3jA_Tf(Z_<(Wd5#!g2y9OYQ$ zFRvk<)@uuK6NVThoB#!J`WBsIXME?)k;`yNeC?+hTt{F300`EfCF@H((S%nABMfov zTF_{J+hXP|IyIK{Ku{QPaop7x6?3qgO1;r%x3{^tS>}6i$Pu!u{{Yvn3sX&ZOM9(G z%5=D71;lbDarCAVjgK4B*%Bz5Bt7_DdP=g8m(k>x9J*gYr;ZKIRaQd_HqOe9EvuHZRptN#E9wZxM` z(JH&S1CxvoT1^|dT^+^ehSN*8irtzi3`h`5!6j)SOJDj>^*E zwA*NHXDG67;YsH;HP!Uf8D+iu&5+pWeJeK>M`UGb$d7Vf>NZ$+0mpILy~D%$n)qtb zEVR}U#O=M8)$^Q@-l<2qt@;%&Ur_NDw$ooujJQ$&U8HvB98|i7n`vVN&Q=J}4haC} zsw27Meju~*?5-F_-C2X<9eP)h#8T4gJB#NrMh;}b10twRow}qqH;~C-(tVjeY%s}T zTQ<>?DtV~Nhu5`dP|KY6O$NhD((LUY&5eWn&dj5&OX7bQ=r&LrTPsDnyF}jY82ONP zIL}Th6EsYY*3<0*Ii$1(_CyDH9H{GC8l12ti&|aW+uqG0G1z%L^(0lPgJ**4T2zp| z&7!G!SLWT>0qlO9SAbvrqwUu*PTpil-M;SznxAqvC$!Ulv_$g#kq7&y0=+9iv4XEtmJ+#^;oAe#@U2hmC~x%p;J2~H#XeOFlHX3% zgz5D)RBnE=e#YMz<@iVOTR@)iWsbv8mF&qfZi*5<>$vykzpy`nUOu$ev|kQg>31?n z(ngXa=l)vpkSm(3k6CJdiP}Z>?Iy}%qm1K-P~>o#!~G9fr@oB>+bNz<{dJuPGI-3nVW&`liCJf2z=+t?A_yBnACZPIDP zOCM~g$*-7|?_;FKk5kemYlc--$Kkm8ir9j934jy(rohE_;Vzmy{7P>_()47vTVmiC z)qd*(!S=3=AoE@}4$-k6nXjg$GtXo1-D71}3hcuKVxX1{mV;zW?nvNu71syQ%5my! zX;w4Zu#wP}1C%}Mu+Zd!Dfa!ECt?^k$O%$M6{(q5P|{-iY-NIO2XHPr8q7%2X{JFT z1U5pE*XdWwrO0yD#5Xbqk&q*0N8ZM8Yc@F~itgUw!;P#nlh&ogo_2ZzYHN70s%?mH z0t}zVx2$ais~&&bwC93JhmzpuCj{rU z0_H~7hi~M!Xl*>h6`BpIn9o7luii8_x9vag0uU4-ZUs9N?F_9;P30smA`0Lhds02S zUOZk~0x^!Ag(4i8sr{O5;6{vvEVs$|sHG60bHt7p(f8ryl{5n=P zWgM$Ta1=;m-xKl4uEx$-?d(KwD^9>}!0deubW=uk4o$9KP`z>Gh~plt55W z=hN(GRcWRy6C z&o)hn3aY+&!0TGJc5gJ6?;?j)CAl0atf#qg+_kUjUR0Lt0g@(O8wanwayqT#_mIl( za9Nm;-1DD$f|QOqmPAp2z#84tBZRy!G6|JWA%{xM+}14HU9w1t0ZpeTj`Y~II4$lC zwCx!k6l1+8l_?xUJ>P>!oGg+^r&(!D9f|)7K@@?B4uSjFsf;u zHt|iCt7#pzjiHX+4&k0yF~?RNxanC+p=zIVJHr}mm(m3LJ}!3d-?!zjMAN(*Z6$`U zd2=*yUB;`110G}NrAnTobo4Q_8`<=WqA!{5E!B%3FmOGqi}B{WWq)~WmZ;Aved43# zIjcr8Ryn;YriPnGwS7KwQ!MRJF%W9HjU1*9}4OQXamnE z+S`r>H+QFalJ-m4^!+APgbfX1>%6c0{02lIPRfy`IL#&}i10 zORQ@=go7g-GjUpS863Cv3;0%P67F0o5rii>Uf8QL_`=rWF&aV=AaHjMX?rqUk2%(7 zOXh63LZ_haJ?ob~SXPQRMcjINQ&F*z?LQ8@CkOUD<@A>}%Q7itRwFO;u95UOt|3-2 zrt&&xfPHF(W5v8*X!X)WcJIi_X7J3y>jHeJh7$*BJTXxqmG;KoTZ20a$K+kHwKG?AD6YW%C7haifZ z8mW(RW`U#R zFC6Xqnukh--s)-GxrAqrQ(8qk6Dci^K=9c{zL72C^3L7Fu&+ecHB|oqgl6|c*>5B= zg)(j*e;%Kmbj5Trmd6zm+Ko8PBq_15r*iNs6?`KsQ8f0-E+NT%-8S=_Q?{WV#&wi& zwyt7W;}-!z*gE}d)MC5Ttkxxk2t&tS1w)CXWn-+f)cl)SeCXkx;jl*WkUt9K>|%mF zMoXu+Pcu8R2OVoBY0P(T;u|%JPqWVPN>q%Y!6O|rUMX_-P5q)BzGfv?JoT%LjO3qE zT_-^ME}ZvsN|Q>?FoUoaC8EW5J>+)*;DZ}eobz2t>2sP}nc8QDzR7cYt2FI%Z5ohN zugaZqijB2Z~-nb5to81&%9f6YjvtF=;K9@7eoV!u5=QW%(yih zs5j~M@SwI~*8_uHy`;9}Yh_vl%PBBhA z@(?K7jAVB;l)IZnSmR*Ut@Pjy1&{CLIAn#)}YcZ#54FtJ7v5N|cp{B3!?5XGj+0>&K_UZb&+A$#_c9sc4Mi-XXfC0QN^oO*;EYyY zpP*an+I_|Jp`?jHeCMSuZ3KC=cZqo^hRNiLBzy;6H(>VstG?6q`R@?JeoE{hDfbly zu~yup;vH65VOv{vm&t7B=IU#gwbSn8B1?$Me|J5_1s>1fsXR5OX!6?MT!+;fQp}@_ zAqN$o28DGj+Loan>8*M9Z<0mowXvsYCsEU88iapt zUBL9^Nbg%f$=u>~n+v}UymLfl@@6EWo~u-}`xVruH&+mkF#Yx&!2baC)r1QA{+npJ zpm+ntV5$UaTP2Tt*5-$-+Su=eERX@i9AFy4QYg>YuEpi_a;&+9Nh%NXuUpggO)pCD zO|GXU*!|j{KRj*Z^Pixso4Co~)gZWmE}X29o)nIF_o*x_wCk&jnUV-Zs0j>L85I^Z zQqb}*7QnN-mh#9YkiJA<`X1GHLbu&w@knF~k^->76yqD2%0@=J92T?N+Roq-N0)=a ztUYeTv`__ew>f?>ir1G*7`Ls>O&a>v)*?}(d9k-+b{@61V@uein3dS0Bp%hAmZp%9 zmf|txs;Jx#$_MkM@d8{eh$;@oVi=K;ii4p^6|}g9pQF8vs)Z$Rzug)3u5Irg(7a%k zo2O3o6EuX3rJe3KZ;-wT&VQ9{8^Jxbv_=#jUmq%fPu8+6%R;=WT3~jR1D-k&T`Uk> zzR)Aes&47X6;U&ku1}|G6WK$2Az}81Lb)Tc?O2gZEu@Bd365477$17I=t*Mw?XRs% z#WO9&+-}bzxve5uZP+C3xT(hcoVV7oWy7)Pwx4E}+GmtT5r-u8t`(LT-g1&NMp%K9 zSS`&O(5Y=_YaFc3?yh@wHPBi=lWRIc_&Z9e^{%>R4cO-NZA#)jSV1g`BRuXW(z=a$ z@Le=Fq^8W{fyG&$v@l|8X(NhjHp?B^?o8Nl_XI3AYm|jy!+Oi+ILQF=Xysc9 z6R2tIbp5Sz!3!`MZuLs??%ZkxEvH+EvKX@T1JaP}H(Zjiwx{!A4JqX#~coZHa#4Jz`=Yl(=0VSsb|N7lQYKUUGK(N3dq5;4Mpy-#XZ zG>p-a;(rhLb6Bx6U#d$BbO7<5)zf%-DD+(-#@sw@Xp4o&`>XZ*D?e#tWgDZ8@jr`Y z)X{7-IHH~(Ff5E)D%fs+E^BJjS$kRMhD$W^wgmf~Mkw~3#q7HrzNdR6@}ag^#7M-I z_N=>2WsthW%?WJA*gZuY#MsZgvXa%;RtT3-qMf2nLw*(Eek0X&JuIw~x>=(!*uj4x zKpED)FxK?~t8jeiRf6SEjOUE|)E+d@thB3$?xwmAG?6Tu*+>{8Jbr(rW;H7wTVbw2 zsjLt~A-GnVqYR(JgN}W;uT{CdpTpKL*{O&!jO4dD#VZu%RnSlNx7)982+sY5NZ{w* zy!%@4V`#GK_PS|zx?*OG7u*$_o;|1~%H~glj-{qM$vYpk?ZNHH>x${MTievPvDde+ z@8|O7XFRHa4?kSurcohY=dW4#{{TR<_;r7(S)?;+_UQ4(5dG|oXC2R4`D?+J&8>Kj z<50VdO{a*=qjKS)V%Z@3b6LF&qJ4J)_(x6AE#lMeVQa_E_|y0??OCy{t3n(x5{|yr zahGtD=!~BWcy~#-@hje6Tf;PE^B~UMz;($S*UY~h?z};%!dX9!8(@~z@@fRgn5x3hF z&e6OqQ`K8l(kw1@tI4CimPb5BF|d2Cee2Klht#zTI3$wD+T1AlwvMAcPvKL_TbE;> z(j$4+Nm4H|72vQL1bWwB;f+4h^6gHQzAD7W6GVs%C_+o zmZk`aNrysLf%T=+QV%oKwCzMeCz@7PbMpW=THxEm33t7AMhB*)wYL{sxg2HWEz#0K%Y}y>H>Gy!%GM)tki0DzCx3=7dY5@3R4Djo;uZZ zPXueJq1@a+?<^4qm4F)=h#^OR$Ln5^;k_O^jV-k;F(Q@YJDC9Ghg!&sv)3)WZ=(MI z!Z)pJcfJ;mX)JX4KF?|81@qlktAp1jzX5e$5npSX=Cyq$mYRLd&C^^wN(R`sG5Hh@ zfKY20SoR$h{if$nfg_3=lA%5;Dx=D4L=w_ zuZjLMcvo50b&Y3Ny^>pxFocYV`5xa&s%Wofc;|&}wH*V*HqhQfByh1*$r#2@IQ6c- z;$OxsYr^{Oui>3J3@IYV9AQotL_bdaR+bNDa`t{4@lKhAx7y}7DaDHrx`V(2y z?YtB4`di&YQFC)L{{X3oec}Gs_AMWPe)rc{S(N zCx%-vT2b>c&t5v#EG%~#evx^pY2l%_l4+F**rO*k=KeK#qqUC4IHoeh!P{?9{&7k( zB2h=2%`McCJn?Rg5N>VX!&CTw#adhI78WYAz0(7hPRFfn?FsTVHLJFkX$87UiO5zX zx4m(0M|1BvKpTkvJh(DD_|} zn9Zy28o!-yX#qRkuzAXX>090!@m9BMsocsZXn-Mb7x+l){OcDD4PuTj;s&v=__xHm zbobIM_IB!5Cz8tm=s*|0*a6zT2SZ=C>5VU!_CP`T7TCti6_|`!?>r+ zS-JsThll(DZ1<78kR%rm89SWderBP@#+nC<_1nJ=PaU+k4F$XiA@bDaS-pS#RZGL# z+0@gW2JTaCy(_>A-mN4Q4*!NxHBvu0-;AiihRhYP|nu;dH(Tdu6UoQWR&J#jio#{HZzABuwLlr?)}hGfs7vAdZDtEN=e%j4otH6|8+VUU zQQ6(!>C@f8HQmkA$tLzW&d_^OiIL{MG}N^THKR0lGBgn;*wKem>VHbHq2FG?q}$xC z)ScvEv5z_R{cCF*#T>thz9#C{lWDdP+shT@w4Q6-q=bD2GtblByZ-?AUiy}?qOkEo z%{|E2vCakt-kge;17{A#WuC1LqY=GE^HT(!y*;at*7Xv{%vj3GPCzG>s7}nv#!Px3 z)$=<>1jCQJ$R4?@sr1XMe?BO(?GxWzlJo^eKn%*olI_eZ^tvsCZz5FvIHv54n1~Jd+S@Rik ztLkg`lUuyie%YmI(?w?`!ufldxQusfpQU`;pm>7r$)$$$JA`+Od-aq9fJGu4YyfyX1_hkAQH1clvQ$FNz}Y z_l>nvXQ$r4*QwYXY<``MR9%@zS*1^H;mb*EA&?c=vF;})Be*s4_rAoP}Yc@Jy zhf(`HQTe0fS+UgQcjGm;nXDpt7Omo4S6tMrO~t#zDrImSu=?cs;=NZ+lKxvFMZ+^H z{L7p!+6>xT9)+dplWLl1k`xZ%Gqs1_uT_Ue(6nz2#P`~HvbZW3$W8)`P-gT;%-XHI zcNeqWy6l9=N|4=GJR0ZxL3?d+n@udo5kM7)AH{*mps>woPQ0cfaprq`0$BF*idv$wpDT`vC-RCpqJ))T#0R@SjHflLS#_ey+^fSNqcoInX|Kz%1lY;JfFt0lumYzJ{@n!)JBfQTMyzSv266urCMh2iF7=c z_W}@%#at;0GHbK8(ClDCsp@gdBPuh9z~u<&aX|-Hq(Yava^0%30yh9g8AWn_AiL9a z=u&BCjh*E&`9y&6@IGVp%`-lJ$C_%Ea^1PRLe86j-Ue_FwQj*AcD7PRQQlB6p+^j9 z7G!EL-bEVR%_)sC8v~-&1Q*laNY>>{N*m>Da%m(@O^-%>NBb@~G`QO8RKRhB#u$Og zsq!aL4#M&fN&G66x|rC(wD7K(B>MHL=!xs zHOa?(QZ=S~Q|Jn|Nnvp-&vcAYvUAha)^??BC7Q|C_E(&d0fa)_fF zNOtPkrPnlgC9!cFg?zFRB2Jv=kZNbx)0~UJ(MzH$tVLSkPC#`HyB$9oj{g8zlH$_+ zud}^@`sDi5I0KR5vXOL&YYQx0M&fH0D{IKyuvR-yLEKeF7TnL7o#nO6Y_YL+X)qKb z@C9jTz9;_1)I6(Ex>w3?Q_!9&%Z&ORc`{gBJh!r|u|3;Ag*t1COZi2my9u{&RG-qF zjc$3&s*suOEn|sc-Mzw$0>eFh>vd$k)HLLdN5kW5AUrMytsxxE>}_sEx1Q^Ro(?fp zSInAJA&{i8H? zav1}=7bM6JWvMkezYchg@>jXJx3&KOMGdq9n04#H&3X5V^;2bcbt**iYJ`PlE%ygB zxtX2MKGbzhQsN1M83W2baz;t7Ak-}vZl^P<#4Vxz(3%w}#DTbQ#0us#>8|hMcUbM(1IYyA3+!l9 z*1^nrGy_exv$bg9F+`{V=OvGG^sXX%nKg^^&H!CqocM!vF z0Uo@5wT$T=r3pSwPv}?S?!3M$lG+rwa}2Qw6rRopBlE9Uhr;vQUESSXqug0tgB}~C zY&-t|D&^%%LDcd;CO_b+{{XVApBMfV+jzS})8M++^r(%!^|6EyP-kSJy62v?{9|~Z z!_DCxUsSM)FfXhx3;+_?Rv6D-qmxy8ri|kHA5eG$#j)y^HnMI>Bq$Y*(7XX&r{eD! z=(>%Lk8h+HUhWa)-61C{?ho{@4z(*uoeH7L+1}f=$~4a66NSL&4SH6Qsp*Xz7Q#7x z&=~SYayw$Kg-bg#o~u2Y&T%!I5v8go!;S}EQfq$N@*Rqq{qpxFz5G1xk3LZ?2v$Pv zGa+Ddr$41f6SP?_Jlu5aUGRDtOJln5)#a7ki}s{IgDAzlPeWSwHrB9~HnOA=VaN{Z-L1;SAx+<%O^wqrFC_aM?w0tTA~H)19QPRf z>yFelHG|K^w zP60H``OH_;^&7;FDH)q@Bo23Cx@{v{OKeX(9R@a@w9>hu)am-oma{pqjpAFc;03Tn zd2fh(HFsyMPb*I?%Sk5jzn!PhdsdN+jH+CQXIOl=pjkI<{oyCSwKbrhhl?_x=bp7h zxc53s87?KaB!Z2BfWoayrhjQQvdTBdxMTs&C@wPSY{}tiF5)s-+scU$B=_8+vTdyG ztSv4@!#?Ae$vplP)3GmekCq#FrJ6_!c}JkndVQ{escQ4aCAN6C01%Pe*ELR|F{YX9 z`d`D}v|8LBDnii4GqHPm*E?t7w$pVtFeV+&*C6)ytldLZO)U&R7usGm?VBvt z&)pRcy(Yb?cxy7Ht%xZaA$JPRJ1X#lecDl0KRGZKGV?UzYwJH?*X zClR~kV13%z9Q7YVm+_U%ka>{?ZOW%4{{R(u?wcG_Y?Y;vKw|0~oagbTVtQVkc9&8? zYcjf9F~MXxBk-=2*#7`$vdjy42eTfvN=*UKX*O|PBM}U580R?7GhS^ip_g7{jBjY$ zV*)tECni*5a?ZJ8nqHubAq<=xBWD?|hFwD5$4r@_i^`BF*iSpN>sYz7TUg|7%yUL2 zkne7zipQT#wTc#-wXE}SF(fD(~C%{OR-nPb{cifqKM*189rlg-2}0jwy5J7?N_wrRa0vW##Rl~o<5Zg1ZB|EztWa?t>bvg z?aoN*YjZ(sdnqDIXv)XJka}W+dUEJ`4xy{N1&AsuU@qkt;<;0!SlrJA)0dufVn%vn z(zT|M4C#%9o}6R3^3pYbLDITw&$3Acl<6EQs<;d}B>Me%t(!(JN0<1y?(L_Aqyx%y z4VFBWuO?|`Hxr@;Xu;f1*0Uthh8DYyO`w^6>E{`$cA7WY?vW?H3=JQCq zg5P_=Yz|pRdiE_Me>w;qWl4(+aC%m9WhQyQ#7#HP#GY81>LA2pzqN7NVUSxSTRgx( zB?#&5L|;L+Z`kN|9BzyO!0Gg@2Gex2rkEm*DChgzfc-0Et+4soi)(!bn=4{4)AZfa zuSKcHeyj{Jw$qG^=B84yB^&Fz+pAk`IvYgt%ja)=SEGMvC9j9=EFZ~NDpkHgmHca- zQ#67yEFrXt=HC7XM3pizv~yaw7an!eBD731^N@N`%!?^&H}KfpTExXeN(!k1Jw0l+ ztEt7MXxDN=(fz5@XvoezYbI$9$B8Drd?uCQna?L~59h^Pw(%A8Yco1|ry0Wz7}6=T zW-W5|=H58nj4IeTUs~FROO@KO!n;vU^>{E=LBoG|g5p%3})=1bxwp%(%+K^&KwPS+V&%%=ZZjl>;C`=MDKYRy$I)X5wK&w z0+&$Lbu0VW=Yr-)<~DC3!Oj>bryq@ao|ABzg^Zd~Tqu0xR)Z*rnFI8l%Z?_Fk-X>mT5bcq2mAH1aGP)&~N2DZ{{7718K z7XWe79C21!?%v;gmX{qs89nOb*hXfbXQo_gOLcPxpD0uM)VFq)_SX$0WbEh%t!Rwp zex^;%n`3i#YdnauDjeX9=CM3~ro=4mn#N%oGVgG|z(G8Im8OPF@@q()u0(=gpCEl} z&?1x&*5s6ZyI%*jXD=a_ZKsL}V2VtX`=gGP)9d%}9WCu`Q_hT_JD78k)K(TZj>cAv z3(sm>%Oo)54%NtNcD`NsEUb(VOm(P~Zf^!sx6@~M-eS8Kb`P~_MQpbFinBI4D7pjxf-nspAMDlMTwX$OQgd3kb4ZSY`=b z-PmnDgNmgcvoc8@a_SB}>omnDZ4CQ(<(}v!%%~qR^sbuP!bk(jxn2&q&2&aqFqCd{ zx}CE(nQ;<@=YXP@O}+DDST6wzy;SzCRIX)XarD@(QbQ9dOlOn&RJQs|mhnk+8Z=x5 z!Ky`Sk)3TOvMyMLZzX}s_9CoV`4(vHGeTtFlC`3Vq$Kw}7fqW)w$miPx?6XjcqoKq zeNA+t<4V^b?NdbzC;PF0qw=U~#@zkJNo#JWDgi;rt+*|pRnz5))mL(Z^J5~U%1rXR zZ6Rzgbpxry%;$x}ZNqxw)7qexNW|%RY@qpmqa%t5v4^Y66v-ix_FNJQf;!hJI_&wj zk+y-NTMLNqCxQkAE)lcOLMzs+bt&!cP(ZRp9~sX>Kt$T0c&_qJ2VZDy>>enJ<$ z5$w#QwJqCf7aAV1=3ZO*jM-&Y9^Gp??^E;cOI$pDTQ}eu~Q-1*f>9(2?|j=Uk7OxdRCJal1TpmXOE1r+)Z;j<;BEaBbng4 zFJ!R=5beOvbD9LBV<#ziqX#@PAjbO7l*_;b-dC{9|1r>bGVO6iP+kjJp*M1E-WhKzor~(v6PjK8Kq4Gs5%4WQ7b*Y@{q?@sD#| zoRiutzhxItyy)IsilaMf3%TaH>{03Zi7hEA*#q2HI+$zZk!C(gIL%aui`4J!%SmV= zx*sUva4L?Yr07Nf+NGp3sK^{+1oX{Am5V%?d^LZ2e|HGB7W!SYd5Y`+3=gI~IIk=C zpK8wrnPWRfu*orqIBr13dG`MR8h5#zqIpMyd@pThuIm2)XSrhe4CnYk9hSTA8!Wn} zt)v?TWQA=)G7gOVWskpK&VmK8Nwg~|Br-f<$SkL!t$RISt-!q&%W)|LVnxX5*Y%(d z6H}28UYLtKiufQ59G-ZrEnLplHukKN#w9@OynXULDNA50=&{RTr|LHHK^w&)oUV8b zd8!&c)9DuSL2V3>&p$Ga*-$gkewBoiHbOmc<*(WQe_)q%>Nzipge=K2vWPi9p>5s~~IJFkNzPXgkCF5r- z=aco#L2-@Aul4OBC{`H|T*yHsPXJ@FtP5Wf9Y$M(lHN6iqcEgnji8DfA0d@)f8idU z<^iY2xWrIK!-1ZM6_ufBnw)o1U0wo+&$$&lFS)7bM7Y@MFRhN91KjyyX(V8wbN4!O zYAcOLO}4c+5;CI&`G_@}krE+})B8f)-9*9^AQe|q3js{-j!qL|`^*s(9rAHt+B zZOdu?jo&sMp$cvYeS(YQD@ z*?6yT{^Y^-7ma5b3Mkb6}^tBr?`-q zvIJ~7{67l(-SN-Dts?7Pn^CZ`wbJe7c@85??K#K-g)yie8=z>nQ);axv=a#}-N0t- zMtL69-dyW4H9@k%oU9*x1;4(A~4^n#*`B##7dgkv?wA62n%%(f(n1wD$E9uYE zr3MWeBf(deIxe9-tF@P&c1TyLQPU&xt{Y6yZ8Vr;Lw4rz`T)cLy*L#TMOgHI3}~8u zqkm;*b#Wwu6S_u~IymHDkHWr!lfpVji0*79lF^}P<5V~&_k?$>%@sr4>~#dvqp`K0 z$&nz8Z43rV=RDUtda&x6UauIof=fqNkgz~or(E^osY==#dqd+p-8$87lkAsrTw5b< z^Q9bv-!+Q`hk-TE5kda|2}Q(mTtwnP!v`lkb63sSZhen&z3~@=wJVDs2kC8Ylfw>V zl%Q2UpEq;I*1VI%R+@dzv2URlH#&0>zG89}iNOGWo|JQ$_0;kmbK$0yq3aitX)_zS z8fVDC#&gFVt4qOJtG1%HchW74z?ibllws{z$(3{J%@MT^57?#B-+iOaPcR*WA$b@a zdm85Tdl)rn&B91xeoGv6`qXmuGm-NLi?vIy48^MGwsLvV-l>X7v7U!NFQ-c8{1at8 zzO7@ZDyk}TzD3V8%uis3(^b^jqm853@@~e?cK097lUlXX?s0EzVfF?_`-Qg>2Y>VH zRUOEa=wYsdrmT#JV~*wU#0+GQQ(1HP0_5t6sM<*v&HJ$2fZs~kaA!y1?}Qgkw*LNC zo)x(*v=T7c&sy~@O2r<=Y3?my)257ha4P=*%T*oN`p|96mdAu>nv{3`C~YEGBoefn z6^J2m^*>7bx5N5InwDS~B5)Y48~Ct03eITJO3dpm^v@0Gx;@6Dc(MJhj?j!SqBVPbRWpu%h#G&3FZ9TDt4N~1keI^8m@SUy@T{Ai zH&C|K^$YzzSuM2Xa`D9A7QpGqr(z^>x+bdc@dndZ@e17%upcCp+%kISJ@_AnYwL|K zR=3sksBSGv7>7)!B#&>-ixPOh#0>%sO)f7ZhC_ALPhE%DcCQEU{Q8BqsRoHW7Y^o9 z#np4)x$8>ceS4yKRvVKDk`-l9yE}7&1$0f~0j24e3uA1ldmO(kn{YuK0rbr$eu8MB zf8zZ@;>Bc^Z#PhP1%hx1u4BcXH^1=Bri%fFBXv0p-#*qZ(@J5^BSbUpkL4q~_mE%6t&3&Pns%hsyN7Ca& zjwBm4;|9FLQo4p)p%X?9AMYN*rO6Y0ZhE$XHl3%zxCEbi0Cx_J?O9s!w~ZO&D2zyE zH4b2z<}zAN`hrZ1=^pUJ^xSLN^c`j$F@s*lCq)Dkno?a&Epwua#*#F)lG{Q=LBJ8X z;~DBfuA5fzUX?4@TgQ~YY0Q$cpOs_B-N!-BYB@=1bUdrYULgM0)o$*z%ZGzcT!c`> z918QHs_wZ>$M;He!J^#^ozBv46-JtJ#}l8mo}``>cH+IS!5%QMwzP)dQ7A47C|NVX z{3@(v%FQnnydEpHnoB#hf!6>Me)d1v$jy14r{L9FDGVrzw+xt=e+HoL}PU2Ye*P*L6c1O^^@QvJ?DJ`Ut zrky&-!;ou@o58lawbDGc={QFIB+or5b0aTl(BQmB@aEPlyWLS0?aVPTR13k!wRt|1 z;wj_awrC|T;TItM$2}>M=6#Fd-7;Gn81E*ul6H6yGNWKFdCg&Xi(dOhwDvlJN@HM9 zMt*EBr>Fk_u7OPPtNUrM5>|o+NK|7d(!8oIF7ho#QM^1%`8;x>g3;*S9@O7VcY+p_ z-KvxFoD!#s^ho?>nx>I8qFcSZSTVj=EX*^>G!;VjN#S8Eq1d=Ay}c`ezPs@S z<&)URJeXpTfD~ip&#eSV^iK{L^*t#*-4)bQM20w&kGco>HEHzkorx!N$@_^u>2tFT?#(4JkE^Liz~hE?3GYBpg)oBVJqTd491k{39BS ztn+!YO5Y;qjQdx4;m;9U+-dJE^w!BdtRo8jM?I;yncJb-+{vfK4Z6UhMnCNG4O6nw zrM*N&C(#-**?-fMT4sU^pjB*)HA&5kqA(yXY{ zw#U-`AJcEHyf+Q>PLsftU8=6bn>K9Jp;AS(9e~6CN(0G?t({w#L2{Qix zX>*q+7*X3FtpwQ|Z`dz&;UwkeK*TDdj<~JA4QX-c(q3H@mRr>yDgNg)uh6sA{4&X9 zV{;|kw$aTy2bBoP_8^{}s~5&*>I=h|VV=mwhBrpZCm9@5EkN>#w9Cy)Qie%XEMi4` z{W@2>+sCs=2H+!>8#a;2KC}d*W6ZoktzCFr28PI8GvO7<$XxfN(`5T?gu?FL8Kk&S zIS1rEqK1bk>2n(6!f{wRR!LD5?l~L`))n%goU9Hc;~7=P0HBtRD_qoNNiFQHW%6Vv zl1ED3(Db=2{{Ve$D^E8CoBO7kb_ku9i7&6Dfd#d~eWerx+P(4IS0CY@?aOs{uhp~YsPYzVpRJJd>66q(|lCA2YWOcHcx zhdA$0!MfJjZzYI2DaJibV%ZX1NOaE>KB+&E4YW3}fM`nN4D1np_Z>}Alh~Il=yem=&2tOM zYa63Q9{D->ahztn=JBsyM*Be?N}O)&N2NY?TJr_DcoAOGMRz=4u6XvX8&4Tercb%0 zk#A!djEOK;-xQiQj(;k8 zfVd-%(zJ|wn%hFhg#27tB(;+5jkLH8$iP0oTEN#YtnV%r?Z+zQ5_-NpYdJ>7Z4R}* zw^fX^5e8COv;0HSxjztTkm?$cyG2j377SHJIX;yoBv81$ve8vx7YgN0S%12H54~wy zc)k{d{ESNsE(aAng(x$L*0qbP;~+gPM3gBurV;0kIZ<79?hoNXYDQf849z%YXA$7%im_`I#hSEMr+XfRjsm@ju?J)OCioHK z3vFE5T5xD@B{Y8F-#jQ(uWoA^o@yY_Z1MbKxl50?xV++K(WIFDR zt>{|qk&{K#t(wB@6v;&+3jY95Yxsr#0D_W!%~xLq{xx`yN{-GeTXmdaGq-$X%nZ2W|}k)7q0V+;;*$F*={Ain0j*0JiO6VIyyqaf7sS4LTnX z-8N)0$*>$KQI0+7$rlG>ptsf@`GS;$DuIR^7Cz#r%csI#b&;^m^AD5nA58YCH6hdV zjZ*ITT3SZMbBuQ!cCSO$ZPr~nI~yyNMpZ#FgZGbdK%}%dON)4*h{hcvBjpR8f}yv% z`vaY<(o6gR3TYS}CYf(@a}E9TI1vH?3~M!_c%DISf?(NZ8P7h|tdWyOazxR)Z!a6M zJoFU;-%n|})?^N>GOXj4`cq29^A>FMnUZ`7f&tc;ZAtqSGH(tEEC(?P7IMK3Nm<6?Ln+$dVA{j);b=h4iZ3s2ggC0@doi- zvR%KGBN_Q40~4gp_U7WKn~3FoKR`XXWm&yaI#-q1QruUmk$U{gN$+bn&)o5%OFEK ztIV8&ed;A3OwQ5tNpJ4%F4b`Rh8UiU>?@G*E~Tqj>z~=ycT&Q_HaH8x>CH@|V|sHe z={kM>t1;AdITm}BK&7+S1N*hsSlQmeaU8I_#H#y_2T@qf9TD?8EAJ58I;3dL=551d z{b7n6dpoHMuI#Wp@(&cC#?1?xtrJ+&(kZbVif{uqGxYxeJ?k#hPq$#i71}rh z85Pk9BaWghK#^T5S|-H`+i+_?`zWeOZe3$iO0Ub(v?r9NJRo3z66-l^jN=%^WoTLi z^6GO+Rm>>F9(Xk^Zd!uqdX?R@(psp~blaP&r2%%vrHKc6&P z9QCBBx2anjy2a(;g4#P}0oRP(SC%S+ul!bjIt}q z&jfW9-1uuzxUjcV7+_h451fHgYL$-nQq*kP%`R35Zlz=@@i$U`4r|KvIIeu@FJ^(8 z=E;q@+P;Sr5hQi7O4CgU3G$A@w)HJ~F=}8$Rgp;Kj((KWuw3PQFMMsasHK>QmB|c9 z#zt%3_2Z(+rP^IB)IM_q@;T1x(Nqpre9NlcPp0Z3CROszSy*wAnjlMCi))zfRC)3b zm5;q>stKzdFNNT<)2s!YmkGWudX7iZpw@LLtdq{#?+Y9$3!l(Y?K%kNBww^KZKN{_ zWwqD#Oh(^emz)+S2BLB_f;ufaXOc+dh1gEGAdlg#>-$YY=ECOb$C>3vlaJyxk-TD# zM@E+7?ni@bK%<5P^(MNpZFggN8N_5T#(UBnqDy(G*#%d+RCUM7bKF;*_={Km)47^E zIK)=@7#Yqe2pF0jox4xv$mgm2DAuh$$*7G!&KtLh)G(3L0Q*xMk=6KX!fYcS6hBy#D}9wVvefh!r5?gWkDkE`>#OJ#WI^A2(M} zM(V{u!5*f&9~NmhQAcN|X|Tj3c~M$i;iF#UR%zV1I~<3_8@KSrmoJ49Yiqqllo{n# z$x)5~Kb?4XgK4SiSC+P_?+hgTX(;_ z+jk5Tk%8~cK15q~I$s27_8Oj`&8alXgD0*4G`wf7$ioHw>(BMS z2kJUy+;RvcMct6(U=i(9sTArPdM&;5mjc!)mRV0F0p!-ilf9h5E*D`vi0f9NW1dwG zhThuN^^)>LjbTBa2TWCY{7*gp=pb99w}p!BVSwJ_+MAVv4U*YvlImfs7^Gx#k6*2N zZ-l%nWvA@br&MN>9uWY;>f3%@kS&8NAUjukZ3bfc1Z34+QW{0D<1Cp{`NI^ zL%G~n{o1I?!f`rn4$|fwkEtLjj)u68h{E1Dqe$LJp>lJE!2D}u%p6(gT1Ajx@xq(m zx$9eLXXRZIBHtqLSe`{DD|9!0&WuT7N@Nh;n5|1|{V^c8NoP&Ke4z7_ShILTp{b*5 zmfAbI`C!E3VI#1t{bs=>b9)?%ENpin9jO|nW07Q;=17Y%Qo}!mdOn|_=S;Yh?1hd- zNEJMWZID^$X#{sB<)n&KbN;sjk3m?P@t%7VYi1eUjv2RLfmtYhX!Z<{ISq=TrpVG<0@A7m`Em8CiXuqqHSGc|0W@pK z?$&0x++iftJp5{56p^v~xTx#j2{in+~-ZFttL7Ilia_)Cp zW~CUiFM6!d?FT*a?Ogu=hP+>Wr|Opw+9UmmnUn@SSKIZe2}xXciTv$W`qJj!>S&}= zS=0_35zyBCm9?$Dkvm-~?sUSD{3eln$nw2Q$~RANRLa1BpdPh(wqC3<$7Iqu1I$lB zOkB%jR_8>54KQCr5=45`l{iRtJXyg$lpNB(QzKBF)@5catBfu?RSTH6qz@x)Qdrk2Z+{1rsaH=FK5N`e< zka9mNwdM{sI1AL>cOkk_6ibp0GxV;v!ng3;+TF=usPd>d$m?4tp^q-7cj2q4ZS?EA zolY+*XE+Cuv}Uz0wLK=|L1^NJ-bUm<8PB1pay3Z#cIF3mxe@RKleZstnlv36S?^t) zP^fM&dBOFm1GfIpy0f+!xXIi>J@)-;vGB&5cdFa@H%imP3j-GO)8F%;sJk7nohFjk zJ3=FjFAevr&3s?4-D>xCX<;;3hE21mAANDt>yj%s1EEOY)1U0{m56@uuPQ&SV@2TI zR`TXsxULq-W{|$-T;za1`qZNxN519QrQa!01yLF7pB zi5w1g5jG=i@-zrcdqCPo z(}UOPRwIbjG#i_*8Qt4jPjGa$3czjUM?B~7uVa$mMoVoYOVo*$coeGcPvAU{>rPDs zS}wfF-6H;hHN}RI5?IgO zJo?sD-(a@0m&8%tqTPokMP(tt9rIaARw~4Cc+z=fNG5qM9KL+U^z^D4_l<1td{LtK zc3XMXL}2fbk1V-7bNSKD&<^ugvb4O>A5B=%EsjGnoTTRRLM z4_;4c_ydUdkuD3P)}Os{T7`mjY|c+bVKOQmWTmWarK50+vZn4fCQ(lI%?d?%@D z8V;4I+-h^fZ#Y$UCk`0!17q;7XVJVZt7%>qiFAiHep@2RDQ}u#>5k`$O&t+-J!it2 zmZKJnX`ma3ZUV@1sGuDG0H5Vt=f&06ZS*Z5cy8}U3S@J18ZFW&1E}ws%1AlSk0jG? z{5?C%XwNH1-eldB6V&tks(U+0M26sk?D)VvsEG{r2z)%z?eo%M-_RUD*?06rHyho+$ z_rp!_>d1t~o6ENa{{V<_?_N3MKMh6U>sHoobt^fp8NpcNljl|gp%uDCIi4um?}&@s z3mr!4)@cuzvJOfgL7MtUz`ESJ#kGvug!?ra8(;+d#~AssPQz~7n>vt}PPDx`go`E2 zvNx6!sTtzA{{Ro^I(6QuXZE=S2-1Lhmgj?t#!FHh&#SGiV}b?KMqb_&5yo?#1w*9h zc9!vKGc?jqZ6oK&E>F#a$o3T`GMVB302BNX9H!dg5v|==$bb$TKHrUV8YYVH8*e%_ zA$cRQrc0YWa@HLh$4Z*wD~C(-ow4oX^R7B8WxlwY<|vcx45V%&kSIi)HkaYc>wRNZ zzq*!2h>(g(;1D_B{{Wtq=(;AKs$X5)OK72@wusBMhDRKeS~(XNW3uoY>ep5pjGDP< zWO>?1;{&4SfmS?EX@9CqVPz9CLmAxYsrP{%zpW)FV!fwgG2y=tX?K=ZSCU)W-6HSI zgAbB9KDg^%i(#S8AoI$}Z(=aXAsF1b>OE>@E1D_wJiEslsJmJ8$X-^rQgX!OBOR;6 zC$^H<+r6~-v23fT95>da*w65uiKyK8zUNSmF)o)4tI4?ID8tgd>%+@us-rk{lWsQ; zQB;=Z(=_DGf@bLw|=&3jbZTrF=I zVDAXRxdN%#BAgEho5LS!@g}7DrP;94?bVtmkP;g`jydgAye;9#wOwi$rQ02#ljJIM zpL0{m*dt8uJ|TQW()=5)Md57*B)+w^w^J@#<`SO2%Di6R#xnThRlM13u`@7sAaFUQ z%4_UTX0*@~Q_!^^4@WwswZeY+Pu(Z`#=L4@g%Rm@jcxYWr)Y)@h(1>O3aH5<96B8C zqv2^IGb9IK1S+{7dc7OL+O@}pl|*P_X)vsD!8G~Ni!?QBFYS?YsZDR>Udqf)PDukl z&-&MsOW|oQlJ;Z~$RQvV+yP*JokgxLZAw<3ZA;5|ShD#~&N>nATAId%b*W7~;zqOD zFa#;!1|GFu%+@mQC-zLRz@H|~iZB4Kemkk&{zU>nfO0X#E?o^1I?J1%HtN(tJZ=CP z`EWXP`qfQmP1htBHx|&xD>p5-u%Sb_Pg4&{(65@_LFLT^ju`oE)E{c|O-k0|O1gBq zd0=6TAp|l106489NQ1BN--adC)vhn$n8e2jk^(ml#}(0E*<4y`u|sPd=18!ryx`~m z0M%60fb|~-+22oal3ky(Z6Qhnl55=UEiL7W;|ga$z#I$`2dyEWF?>d}xla`8D`1Un zaXV(-D3_&uLGb%V(R>@=eF|-7RNH@X8$IRBrznR#yN;EUxe`R0r^fGw@Y`GI-X1gF z-mBtEkc7tPrw1J~T6#9AXidG#JWF#i`6J+S)~3Wb4%f6dn$mABH;vf{+y-z>e2FiD zJV1P1cX4lPa+-a#t0Fr`gqx0pA46M3Sg6Cf^#_GDJIfCV->$6C+-vV6G6dmvXMy$U zT)&9CTcumrc^B~8TU{TSoMUq?I}fcf$~QiA)BJULs$S1ywS1CFM8I`k*sHQ>)5$wb zqtiGYC?{rmZ-jI^YiMpYYpZpbl_&&+b;dXqt!3fwE(0uziVTIer$947QK(wF(X8i! zYl$XA@|3cJ&hzPt;Xkn~F7Be=9x}x3Q9({slqIfpzSDxH0!-YoNM&1GS_N!qj9^a>EjbM?&uji~-UBu**^)={LR$d&j zu({ObyN1f)0C`N0{LV#X*$1F=7OA_=hl7(gZmcR z%FneJd;qclH|0ErU*|UDd;OHpnElY z8&V3%*VU*qbL?KzG#|1;_l)Zh9IF2S6CD2l_3MoBo!l1}7V&vu-7wfAGzsoMPP@H^ z0O}+O)N#_fJr~6g!E++qLA%WXOJldaE1D#1c&kx?EufoBy($w7ReG`X0J1<$zcq!V z>K9iVCcly9V%)2q0QRW%hVj2s(KO_h0vw2`$*&&^%M=9?|OsCn?EhYQ?$)kbAl z^8IqjZY{(YJLNv0V-+5j810h8{^?MUn0?%Ls{@PizPYHjog{y35h9YI$2*CyCDZS( zK=Yd7R<}@By8Pa?qK9#tS{|C(o%>I4uIGndG6~O0^l6}dJkJRVld;alJ^q!OM>O4x zN$xQq47;Ss{79$4tlMd_$9!)R1B@==oVTaekujO+e-1Sd_(=8pyR&%ja~K88m{|Qm z`qy3KuNK=}+}_&S&un#7AP~oa>(l93JGWy+sp5K*+qs_V`Qlic2tZ++_v5W`{xJB3 zW2r-D;hh%5*y)iuGRpq|dRN9cG~)wgT+lSQ(kTARzG*ouNXTEMZ;7=XKhL^nYjj_b z6UP+X1mbsI5AmJGsTIbVw1}f2%a!DgaC7NhZI6c8CG+=OT{O(nuw&3<^!6B{Q0ylg zYIc@7H1P+iN?3cJDYm3eLoHo>gF%Fj|=KCM|0!rUjRb3np@c1UtL1V>cH@))b>3qz_kmB zudZ$`RFNZ`;;7jxD;s)wTQ!MeNZ4a>E7TuDS73Rs-Qs&`_m7(ja6t9VOrm8bc9Cds z$EIF+o1Ih*!>%*hu-<<*6BvXcz&nRw=~#(waglg#Ic_I=o2Iz)A8-xSR{sF@PMu(( zScTe80)ugyK7@7sU|UBFNeELRk%$VI`qfVq#}9?>WVN=rihJXL7-5leJ*taG^VrnkOoXe;0 zSrSNDPD>$9jrFb$=_RwAvbF#}aP>7NN!ZYBRsm{bh6e$;Z!mWi&lqQ(Wt!dz9$vdp zbfDfX?tQTgAxf_7m10W*c_zBsGG<7vBQZ%XRH2aYtPVl?Tk+$(K zgEXHHY8SFMiZtnbspAiyDbRI3yMPA2qi=)WG_=?L#L_Z-n&oz`(elSHss8{y>LzO? z)cOfzSy}DmP22uQugV|zE6?nWr2K982|vV-3u&nT01&h#iW`ZD1?Gc2Te}a}tq^A{ z_dkX&5=W_N8uqoP>N>%uKxhR-YAPt)5Ouw4BCpZWipN4S?8u} z98ErGgcZ+O(e-&?((fm@gkEnX269^j_Z8FpHHOk>yt=-5qnXGEgy1O8ahmzs(dCiX z8fU3TD#bPIkT~1{9Grjv?OmV3?-1!Ku0 zy=@m`CmRR+Bhb7^<-TF*{8h@&6!y14BN0~K z8565VJ(Ia3cx(hcO=OKdWpm~(*+4sYcBG z-o^5pa>6eyzRzyMdoU-^8sa=tXD**?$sl0t!A=KS9E9nVye%dDgwvTVksd}0Hxda? zQ(gV6-ei+o-EI5$-JJ19IS!HN+8bEgL2ys+;t7%qb+0^=Q_=Lh+pEI^cQ`@GJ*!B) z3}qV_wlWpFp80Iw%8+0Y?_QN1%W3*@T@`jO;DZf`Y9a_k~k8%r?zw46;7W|xn&C($nLECsyxx^#;kBqM;_bB|2_04nReAEDSq zq~2TILMB;PF@Qj2e_y351exd7t#4^@a+dHi?2(l2J#cDnd)h;mZY1>O{HQpvMM49AzSGQ^Q`g7SCE~bh| zf{aGTh5&RTtyDDSK6>%oaNBB-;jN&ykpAUR^!Bb!=H^&!<2Ly7%Ybq?13do#S|kUf zcz;qB7Eg6NpCDYbW93?Aui{9rmC&?%3Z8M)`&LqkN>(@`HE|ne3 z22}~USOd>m#MUx7i6E2h5(Ewr8yr^mg{>!-Q!%8A3Y9MWed9pRlf*Y^W{+ykCjFTh z91~pSlO@y&e7915UPg0Q6lFAbRyt1D1j#F)JPoT>?L6qE5Edmt&OK{ZK`yf;(<3Y; zptn}qwIuv*~@OP9j+9+m0VcIe_Yc*PF+$O?>LQY_ng<=WTgWzVeJ#cMBS`=r?j~5l59cAo^ElZ>39Nr!==^ywG;-9QLi^ zyBzf+WO3ixOQr!N@+yaan5gT`boVp4g4xglj54GVoO{-bN2!lO?w58ZV;0lr9sncS zrLwU8#)@S!8RmIe^Nei-^!z$js#Yp3+e7O=gFg}c7o_R)>AI3yT5Iv3WthgSWnBH- z5yyJwJ~_eQU19Atj}6`1{{U!DmziS$N8meC=Ox_vA5^|e2S{1M?L7}Uu7b;4k5I9W zIMGrdG6p$n#%+>wSN7y9FK@)@}gIR4pzo*(CU7u+QCp)rk-4qm`)x+z_H9L5%ZSJ=n97 zd6Wzur2BJS4}-M5Rj#H>%YCW16bgC#MRT)MeLvv+GCK)Y>O>Cvh5-PK)cz~H)3o%s zy40mhXaX~-$5!oG^H{z{_dZ?>m7+e5VNy{7n1$04^IEka)TG)xL zB9Cv)g2esmaM6m~GsSH3ZzPSQy=@N0Egq5K{SwaB!)UZ~A# z{k*oxx?B~=A9lOX5Jb07=_z+Cb59}x_jz8tAM@!`DKb=1*7##c@~tPbDzg&1cKX&_ zS~Rfgh99!3TMnbw+Od?2OR)V;#@kMm-P>Eo3xS>uScArFEtbs0V|;St@mcdTRc((s z)qG8;YWKls7xPeRLAa=1wB4&RdTx(%(pAWDLIlr2qPofs9oJD ziA+!rH_*3wH7J)tm(A26^V@3f0G~r%bM%^mNR4C)g0Hd)~A`=qYF=#NpGXMoHo<^CcUS_vA||X8W!@(i3kIRtqF2S>U=?Y5U^8c z0>vi7hsJk)72#ey)uPp`EOc3|ZStpk$N}8^^fgJ?=aV;l7ij|92_}eJ#-kgy@@kX8 zb9aAvbs&u+FNIY85IdSzCgm>?%`Jtkym6}elA|*1JoU#l=IXA-L@heHk&~WHBSj-x zE9v0{1guve^IhGg;=Yoy<(+}SBkqrC3g#^|GVBP@_AylMU7HM z3zBd>y3})%V!pF~Rb)skDIjipzSp4A5Esi@f4>E0oZ;_6vZm5R!P9Ga3# zs|8Ex;3cM400G>8oK(1#&128CRhny=9b^od>5O8ciq*tITmY)vj^>(H4sPb$H;<`6 zwpWbKtHNif6}P77*p&l$PPrRNszklUc)D2amIzV;{NS)0R~e-Jy|r6wh#lQmoMS7I z(==R(MCkPkiR~{VS=Lh|xoz8cuSL-k8SU9-0XIjUM@rF8xG31@Tf6+!^wbN{yRk@Y1DsvW2KMs`nkq#YCulX;=rN|B1ha#&)Nr`;sZg^P zhJtv8^HLcQn?_b7bN7X7E$)wT2%p5W+1f`6mu>6wNC##2tq61Ik103$H;ymtuB`5@ zt>CvuM2LK*L7oW|{c6imp4}kRSN$DShalmA$52HCvxK$rx7n20fY)AAd4Dm<$l!zP zSi0r%+(<601aK?4cT5~D22&-|E-hII)UDRxRBq1fRvx3MEYA^v1EPWgk4g;L3=vMQ zl19HPb>orruCmfQtw!2KW@l*B=RJTKpy-Tx9)D%4&YGIdb2ej&Yyb}!2NN$Inl+B&Y)JC4!klun6DZh%_)7^3DEzxt zmXfjEPL~Bpm<_oef`S_~d_fZ4+px8b1A(;dAI^^q>88dI?gTIVKzFBcMQd}klU1DB zOpJCSsSA;x(!9>v`b!BeEyRV<$zz(E^e>@>c_E#qbx)f)AP>D==Y@2wktNKhYp^5$ zITXhz*xb3diuNXfAaArW;QLm#k9aiub%gnTaQQzfPD6}tRM#&I$t1BjNkJL0T5v`C$P_f|bcdi~4`6N^|w2{GHT_N1f-C8+5E?X?JJ zjQyooF`VF6ifWoo@U)$sBy>j}TA=&fR+5)Nr(-_a8@M4^%#Up#U%JPq*1a3Ui)VGC z-n&fm$jmk!+;P^hnm0`5d`A=sXLV%A49tY>KE1fFm~{yCc`woiUm_KgFY}+uu^TL# z*{rplK09*}i_8Iw9OPsCYEKnw*AiIVXfjBA^q0-@M;l1a38tBZk2%#mWgWJXVX$U{ zSTVA^p~lq*Ab>uV=Xyr7eWnJEYsr?*YyzD(HhR@54Mm=V4~vS$Y+-|K*E^p)vf}_B z^WLc2c!N{9)=Cpa?e?EIHtL2cA1)N&0qb1t&ZZ~Sbm*il9BxV~ z`}=;iGFK?;{81g=nV{TX+gn_HmMFk{4CM3Q@UIlP@fEGjirLK{?+E$JAG|#XrOG>K zdF}U!ucf|t^tc%!M%omQzh3L$9|~Fcr%}`2U4}x~4xvZPtUvvAafpvZ@%)Y8+ub_D z?D9>g%NTJe7}|K?{=b!QdZmcHv66Lh9^u9ZLq&}Fj9or+rrk+u2K05uPu8)#S1sbe zW3X7^lc_KN0M@K$9;GQ9_k*=Ny&TL0=?%f$3CCRZ$JaF95no+vQ;Un_w2)hY6fB4X z0oNq@)D?3+*HNA1Sfj+U^isyX8a*N%LJN3yGr2#!AK^g~m5s6Cc#GM>6pM9ivX#$D zi&nEXajT-08@8N`WK$)~=b_ePnoGSgga!u2;xUlJusugw^s7x9$&XK-;z(rkloV`( z$GsqvzQ>Gs(X?1@n)>qi$0T`gzjq}<0pf)T~9#p&B8|+2K2Q5067wQU=F^6r`Cgb$D=&CXST4iScH?s zbu5M?To4EV=lNC_m#yl4ex4+fJ80i(#hxsiNwe_uw|aHUGDW*PqL2I7`ruSJnsTPJJs)21>=NkLaN5TkTChYF|NtHbgAI0AgJW=+jZM1zjOM7Q7UQ+v8 zclSu|Ubqdmr{P%d^>VsCp)I&CF7QrC#|NfGY?ou6P&IF~cx>Ja6f(~nK(Z^c@<~zY z^{*GZ&ZFaP55v|TF0rs%nGL+lx0GYko}z)pYJ1O%JUQWw3ql?iJ9T|o2~%+0RO0}H z-n_HnSA#WJEOn@EH(sh-{kN;d=RT?1a8>q)e?g;dU~fK(mNpIY%h9{ASk&sH`8UQ)Rd zBEQ^kOncOOF><4x@Rj04svU9c&|Y(m!z1wqxZfAu%dFotnyi-WT0@0I+B*7GrD9xC zMzy|=;Rw7j6`hoE&98^~&f~y6E5FiVw$e1Dj@B373YK}ceBSiQmd7^-iB{`Vg`N>K zk;{cyFhh@V?_K_nYW8<>U#*C@hdyHEcn8y(&T;B4SGm;M_~n}B=H5A>c@7oVAdnA# zYT1{>f7u0M7gqCGG>0st9AlHsXJREx>CG zc_Q=OcPQ=;ZfG-bH8h(v{=rdoF_Q2`4pihZ9e=H7cy>r7x;ARgN-L7=zypDrN<^KG zp)Q|mrai2a$d^xv3gm2WPsY6Ed{UZ3f;m}o#Hbm@X>$dSQ_(y@Y2-je;T^Det$i!U zz88IF^1<&*>QOHFJi(8YbjElz(-KB0^aHYOh+w{gVP;5*L4?-j-wnl z_p(7{3_)U02O&qbGU2(y>RuljkK1((@vX2pT$~mkO7eYoL%#70@#z|Ag4V{}M3N1s zGM`M)Y@LpR(d5vyJIe&OjytJTN02af_aDl&ybRI02vB{NcV4bI$EO`AB2yP!x;iDz z$BHkPtE|*j@Zq)BH)JX}U&(acdpJu#;}gF>(OUCp7FzdK_N1w|W%MZK$}O z7V#SP)o~*1HR@8|mU} zOIwyR$S~+nAzK*7>qoQDNjvIk>b^d=wzQ7c($;^pNOra`amQNXZ9GO*8LsEumdR-s z?)_=1Z5=R=Q;3(wH`=DQ&_L-Wq-+@-4lqHlqclGfo2?ZsWs&v~z5O>1{{YUbk(N79 z)3iSj{5;p?x1Jlj*{2Y*Mn>cVJSp`(4SB4d2k|Yeb}{%~8Is&OiDhA*Ek38e6>G7i zA49Iwegi>w<82dM)m3io@2$$ru1U$xGJW{2RXij8nXYP(NvAHIZ4~A>mNg0;M|{!D zi@B$%X_vZHx?WjaHpc`JjQ#?=W<6I?ZA2Ls;UZ>j#k%6MW-MEsLQA{oZITh?@5vx^ z9<|e2URhb{5W%TH<~P7b>yt?5x!G#*L2GUjCAkWXD=b8^T=;y(>k6;p{Jh2aGT~dTu`T(RjbcS~h_-hL>Yz z(p^Xb%tzf{^U|5Jf!O$R%fq_0ou;AZyWBGp+;G0%&byxw_!Gcdyms=-rYH7-GRQ6q zW#slfv6^Yv91d$z@SdD*n&LRt*4`jCqOLa{ovX*Sd+j>L_UFwC@+L>i$yy~NDN4tp z{58>aFA?i@a=`E=oi;J%jieu3n)(yQR+c^w)7A|M8&cI8J(z_v=1fV*2h$zv8BELC zK7~&Xd^pmy=8wkyCyvil@jUU3ma>9U2+!%7`NQ^%eR_R98!rsmO>3ur%fd#bw~m`v z&>Yn%n?;^w@W;W9G$|sAb%G~Y3mk6kS#yMu)n+>z_qU!ryYwr@ z{{VXAd~G6K!fc~P-sft@I*fYNsTTt~L-0dscF3^6OGw3r;e(S}_iL+oUTcpe+pMKL zz1Rn6VT1VdR+-fm*zwEl3f9`n?b;P zmrjZaVF;HSS+b>nt$FqEdo51d@@sSDC8=A`JFE2x?v9vPYM|F2AHM5+ER00$l z;5H1#^44$W<(LvTW$J$~U;;koE*p79Gy zJlA@qymLVspbX8Aneo^2&0t(n3${=}e-2A@Zj%nCU_cwKUVX|25;<=7p>RMa^ zHV;bjEn-V&lv|`=#mi%j!2NwI8E#_Hkbc1qpQu1(7O*sbbpXp8^sk@wd2N#R;M)VU za9?x9K#BCNI!l-Nh{jLe?Olb|g+7^U2B7%+6o=(u>*+uiWBWuYT#>^f}XBqxg>E09Y&9&vCPko5)=*LB}KMT5k-OR`J{0NfS!v2Xk_@pE0UMi<|M`YcLCyc@VBx za!9Wmxwh22NxM+B^YGa|V*~hcT1G&7f5IOL!LHs*cX@9tHx^`;^Ts2<>c>10UqI?# zVxAc+A-l5FE&}c;0r^yV9yqNzx*5*rHu^mGn=I|1FCsR7c0O*Obei(75NVBNsHMBY zJmw^AKX_I$mqccBPh%t82&G3v-N$P6PluXSh1KMS;^q{c7^p+XIOu-4u6a+eIawau z>nsfLNCx)nvz@ezluNTxE0gzek;KtptipvjMVP z4poIz*3O@MpzFG3t!Ewfk#P~Szm3Lo6Yxm)9cvzDv@xiE4Bzlof7xE^;19;X8hD3G zu~0v|6`kvRtcF&>d8aBdztSo$r3`$n;B0abNJUm;a?9;d2cnutFR%-B$1z>q{kY4&fUBj zBwHkCt}d=DZ*63i3cAE{3n{7RH1;JcrfXg4EN9J+Ab>m9H7dm| z+IgixCp|hqRp)26LKC zgw3ctY31iR`P(D#uGjk(2_R?Mi!^P{&0HvwE3=V zVG7{6QJjqD>rmPnM%{;pZ*6Xim4G7!z$d4G{2lhwMxoMee88P=|K|Q>RVEjM;t>cvJIt2e_FK%hu&E& zq_tR#IKe_V6|@$IESa=*8(T}OdjV@4=aq1H0+Rmv4UDX+(e1!Y@U^5}fXvYCqQ1J5 z_hWj2*ZNnZ=-Ne@xieg;XjJ46?$Wr?=vv;Nrg(axSW03>92JSQXLw_Em>!2aKX`mJ9C4_ZicjkdYc)V zjis)ui;pab1P2zJsS+Ti$AdAb|Yb<8suwGSpGZc<)n!Z3<{CMXEtGqa%V*M}Ma^!Dz`c zqe!E;k1ayEcVc(pz!#r zmRENvek4R!hdIxsVBVurG`vOPad|uzYZ@-q+p$kWkLz3HIDd7~Sq0 zDu~;7>*++D#-MtafiG>mRdaoBd#4yJ;Q%Mi{;>4O9QUrzQSkiwTQrzM0KY=7E1S@XthwRNFhNK-46OqGfSG@bO|O1!+(ti6IR&fwLA8nCjrW~amP3nv7u;? zeSsxrLoeP38QnpJ%&!qy$Sy6wbx7j{iC^SvpVRf*sI?1!F4^Zqa2vJS2~!X}sCjmtYx;rw#R{qKoCZ$Xu-Q>JviYVdRiAj8z#d z$k~D&l>T&b_9;ZF*FIgsFO(g@>VJm4Ry)lu>%!h$%EfPf93AX_>f^OOP&{d-`$W>W zpYr68-KzGPrLLpB<0#<)C+I1PQb)6RLTv&q4n))~{>^ZNvS9L0p{%v>6b9-@)Awjx zuHD_L<0}}+owkvvT3t!HX}4TpDDRLezle3Tvb?;vjZ3*u7aRrS)}^yIF2xTFc)5k8 z#+P>LZWV(obs%T_{#D<}4El|#vLcv2hDqnlc6R{9Gv{iK^_IGYtUA4~ zmdkF$j#Tvbpz5aVwLJ?)v#^j{MK!z|n?Et{?@qDs-K~t_EoO~kX2}DCnyAXfJ$5?_ zZ6etkMV$d`edZON;@dN)Y0-!l6_JDoJFULF1$B;ZGCD{Uz9jpoDqZl zYOU6%sOvhFve>Id0LhaFlb)HZrP$Rg8x!f$S>DIz&JmeGB%Ujl@dPIJd9B3Ba};Vq zu;_ioG`g`f7f+6RG!RJV$}5#a*oxP&g3?(;%wrNNmN`5UJt~tqr4mhF!q0gEURV!4 zMnXz~z$3MJis=nws#`Rc?-Y)3Nf@np^%t_z=d0=-A&X1U?X;aX2-0@{09zm(de@yt zs6iFe$2vksQ-Sx5WX7qTo{OtNbLYVvZiomOBdvNTh8hbineW{qn1nwhnZt4070W4D z*;DREZ{zu8ypGl@d958~Bjy}QU2nuMxA>F6l3T}YhVe(68%CIH`V;9`ojiw}$Ex`j zR(6+=!yJ(zQmCUUea=6fMWFbTOt`qZhgXOysl;D5AIh!>i92Xu__bOY0fE9tA;|hy zm+Ny$6e}Q?WBt|{`@*`Z>~qdW7M>^hrvMmp@-XjS&)^M6YVr*d;h==Ztvbk4lb+xB z@9SLbgnzZ8in=TwoS3V&zvv^Ojapjcr(4i_5s( z)D@5A$4pld;?EP<>2GG1aL;pbE0E3y3fbU&J?b1p zshsrMgqoVe_J#q#IUU7GE}v??U9tveVUkZ6rO0gEXa6_&@0Q| za-6T&WETwx4Hzekj>hY8{<>%B(do6f=k zjs<3EO?CFjJhp9$-Bj{v7tL)Blf)|5U^+ST$sE-UK18&*j9ff!4`bi!L1lY@xA%@< z5D4;FzHOuMrpB@^;-`Qp7-=yEXS`_S6~LZQf<{n&?q~y>*5uT6 zR!9&8ToqOWr@eajgtUJQ>GoP7y}aE!sS~2FDnaYd9Md#P!+c$;cwb42Qg*h6>0&}s zM>s3^3h_tOHH(c*>UOhCmflyEBM0Tj)7GjhTMAE07GTzOTfHXk&RH5*n32gmRt=7s zdvJx5bcHwrJq=$fGi>NBbeq`ir<-fTvzZHY&2H$rlrYSS?YyZ4sBzN3dp(T$bMBk~pt#mH?vEwj%w5ddk~J zZ(#t;Q?WqA`VUG0=yPbX=}&Pk;;X#6p+3EZdTxhumsaaD$GmMIj-+uxH`L_3L9EB4 z#wCUPkM^6OHN(%T&9B9CmTRk@ER|w-A4*_zz7z1)rv>~sGZ_-&8GWvH{Q$3Gy74}p zq*#b9q#|if%mI=Yy$r5h4=wQ?gW;_{#%*6hyBD{z12e(_Q@Hjd)()Fu_qKj?xkqK( zR)T6o=IPyLx>o9TAnz z8_bhWxLCZI9glI)4A*a^PE3+CM`OCOvu!{PjKlmh$b7S zwQ&!9bjCyG?zk)TsVkKoABJr88?|XBj!nwmnID~cRCCctx4k;CADeR2%|U!*psKN|7B z7HRP%#^_W^uBEr_$2FOu<2r@yt-Qfwk|dTk!<>xfxtl5E)^F~ml3RtiZPAj$C4tDM zkuD}3$AROpnnbt_vv={F?gpUL?cn=WyfMQYqWCdMH{1?`ji)XA=eBQM38zK?S?owc=r)8tsdJIT!N)Su6_ zWofa+CH1w$k#K_>eLd<8BDx;g;#h{i;U>}|yV#7GR0=-!Ff;j@`J-9*Lv^O#Lb`;j zZ*;MPGR80%k<`?wbSsxj8Ikx-Jw6nID17Eu-{%fb(!ICg#lqWaHcae@-8YrmV;y;| zV(ehfv&WbA`ooAW{FyC2?&kg>UPIzr{XH!LT1q06DFkN&fyec!Y{!+JPiL*V+zI7% z47_EJQC*5O8r$2&GVWq?pK8i%Rx`DIHVaGBnAQafHso;Jb*@VC?kmXN7~qOoN|Ev& z0|QWL24Pw*qodr|+%}aZ=`wBz#~&!~UqERZ-HZ{2`#ec=Ew(v)|&9t?f%e7{m~d@J-DtH!j{@*k>W7- z`hku)+iI%-KyKI-26E8%-C3ua(eKvg8Pzt#18_>?wMV9SzR$waX|Z2N9pcOLG<&$) zo}5%lT?mYhYs6kP(mY>pd#A%1%N$n(`DJjc?eE&Tk$s|gDhn-SJTYCD+Nl`%mplPc z%*~@v@ATbTd&r}|o_Sz^w&pA|zu3{L{AcjLfbQ-UH2Z6vQuPdB%x5uk+Z{3Q>q#R= zK8KiFHjl3Amy^OR7V>f={n!{Rdsi*uE6FdsOQd`{ytbALZ!^relr}dZ=ck|`dR4~z z7)yH}PF#JKOxoKmvq=rA#0-)SfpL&?*S;&~UkrF(!@5qred1kt($OvEc|71ZF&XYh zwrZk^f#>?~kFUI05m|-* zZ-$av1d;{>IXx>kQSe+>5Xh0+neI7m2O@%0d!B3IO+4uSAev1{SuI*{vTzT|JN{Mm zJ>{2&MUzXXTt@a&uHYE_$~_GOQAdqEj3dN$GTZ473e-a@q=nHLv5y8 zTIt15AV5C*8Z0LDvCU{6AGNTxySmh+du>innTRBa1<~w4YPC@~$L|ZHzZK zBzE=bQsZGbGuL!|N;9GeVOZTA2H6PYdsjcD!88|OL-V^6&~zE*vT^KU>6%)`hjXht zSgTxa+zL1tCz{~3ZwfxAs@Ops;v|jN&D=@e0pxpB$8r~A)U@3?C}2g7IG~0wQamqO z#nn6<`i#Y+iZIN(i;f8cp0%>`Dk#v?EbX*7mK$WB&3wH3n<3k#N8yU(k{=S@_=?+6 zd)9+YNj5dQ46CMo@jY`|doy^%_1#;H{T6zEEYXZ#^QTMA9#w6MuhkCEdit<)mYtzLaY=QpkcCBX6?-ob;-&9xJYDSDIF%7MT$)^S;C^ zzbc;G*G&h9FXn4yxOn`{!z?>s`p^j3yR>t-63se%ymvK~rTBK@Z695SP-mV-1ygrp z_4;OmXr5i7_tRI6W9-SJPH8OQ&cT7e%0f1O&)W-THk^17#0|7sFA9Rkyc= zW`!J;0O3mmoSOSK%GDy$Ay-vE@rIM-7#@Ir6^x#ycGTI>EbXqLxSHBXl4zH5)PSl6l!#lgV$Ck&q_Ts#i?X-6S z26d9{KZ`sX1kPn_?)2S#?%5TsW#C2^IQOonQ?!O>g7x4_V4!pyaY4>=x{c-Ly0-R^ zjA`(Y+ww;s*Gl@Xli{BYn~1Np>x;S7plI8wXZVE#$#h30rrwY2Sw7!)9M_EG$0Tot zQP^$I)0*+ip9$RRH`feqZX%0z{F9Q$KBljonKQK0G^rvHqqBK2e|wD8wY-An;jJB7 zG#wQ5G`X3jIUNPgq?T|+2qhaBTpphFg4zmrrt&vZBz5O;=cQ7gbFwo%p4&&4!#*Fg zia5-n$s5lY&svYex~JJL0!cU#2MP0dZ_@56Fl$9H|E#c}7Wi2+l=Jvpe9j3v3>_#egQ%FFvc(V~^e3d@m{Bl%a+{{RhV z()>erX9TzQx`&C86y-nuRY$erNt(!8_Chs?RVY79=QCf-k_HLB+(?)piw2Z0Fe2Ck5B7b^CO;G9zOmF z(d_>K;&Nk^QDh9u*!v2O9~aocG_gcth6yC#DEq$EO>{H8&IaSfHWu35%xfH1S4G(o zo1Cw&wNvpntp&ZEps{yWVtmomup_lA2O$=N;#uUDB)ap&3P48B2k@@*#F~Y*q!Hag zJd<0bO7b?`1#EIZ3T1mX&kDHlpV}_%?gVJ?2gY{fpL+FebH-QG=rO$ECS_5#<=c)s zQDVKHW9H3Q#FxfrlG5ekmzE%OZ))|O4$^H)K+&}?D&~9nnT&|5%BBVn^PpV1*ypv+ z7u?xuHkN32*`Yhow2+AEy~50`#x|2=ZyPO z_J-4)k4V&X)X;6MFm3H-i{*+e4peun3#+%fo;j{Y*2wSrijHfX(w)V(hSJx}w~ZLE zC5d<4yFB1k3!N#oaLjWFRmfHy276XAZ>fXsNv7PvrZ|dH;$=9)j=q?#(V()`pb2#} zOCyYBhYAn1X$zA3o(JPC8sAF0TX^Jo);1;}y(J$?$k6o2b$jU~yN@y`$|+m}p4HTi zV$V#|w0E|i+CY&iD}r~fb6rNMu3K7(=aEn#B$YwXdkW3K((N4Hp>=Dl`7qnXDqHQ^ zySmpK4~8PsFEu-`(p_Cl0>`+0+#aBPC{XBW2X|w<(e)Ff*oV1>Se&^SY-j6=z}0>u z%W-!-ls5BP+iu#YJia^e_|>It4v5Cvmb9z=TUoPMAdLBP$W@iw4fXzY)~r7JE<}OwndzQSC@ ztaiweTcH^W2JCbv)Yp=DYr@*siCW`VlHKgIwc!IH41MZUUsIx*zNesQIv4gUPyL|H zG_J(Q=!@_9R6Z=k_E!+;*OU26!U8dmUOu&=(Ag^+o9X^TB&8Fga|Q898>eq@_YB83?L7S3IG8Ow_s~ z!L@y1=hRGg<0_=!gTStzNV%2-7fNu)f=_D8m72y^G<6#x;%V*HV%yMsh)>ErO?oGV z>~w2OIPI=yh^PffQP9(jMRr-6MY`2d?DU(5NOzDzNwawL%|F4ngFv~vwbU-eQ!y%8 zj&p<4ir8Cd&hq=j@LE~SEdgu2!PZfcw~G1WQq*+`H6*)^=-k|vU>U~Z0X36@756t< z?cO+HmCobyNX#*s+_UjElM6#<42u=QjJJH6l|as0A5uM_ifIWf@do2P#Z&U7EI=v#*?xQOu-`P$V8$if#z=O}yzog&zCa3KYFN^fX(sf(-B-XU2hSo_u z&A9_;S01?-ADw42x}18S(-*?87(DvI%=b3(>Dr7~xX)Om$UD8c8T_l+_0R0pw7iM@ zrxJ~X=f7k8tDaHpDv|7dRQ~|MM1N*YKjY89y+`eOV&C|SMc?NT0Beg4go01;Z8#rK zt$zwWGtlPHd`qlo@26Z^t%b+g*`ynI$pGN{0a@}kVH=*I@S-~@@BaX@Z|>o?nZfd< zcKHx{n(eOEIcK|z&bU;8h)_63&lxAZc$lrux+>?R_ytl3ZZ}-!G6I4Mf1w@DL{proMN`s(;)L15xtod3Du>NUsrgSIIn_jz0>3CfVU|3qCt`uU-;7>6&YGwM&vpj<^*(vPRIX zjC|B^2n>2wq#}6LMW_h5U({6??xlw1%LC=(Y1}&1Mc8bxC0MRwn%sjQ2NcVhrn{K5 zLM$ut2Tazt>SraXtv#$^A=(|2Z_kd^Zp!-mPKnkRGej^@8iwv$m5#ea@uktcI)0}* z&LvP4vBX2tweK$kGna%Zd~F<5sDr3^j-`1cO*h&IS2^PyO>^$n)5!$jZFTe=O>1YWEOq4E&IAq^bH=A~o!6kxJ49&&sE;_oXTJE-~tMS|+g-l<~Fd1c(vyFWx_e zdLE;%S?Zfa0$87ZShpL65tl;EsG_mDju0V^Pyi3OXOG6c2TIa>KWPMsY9W$C$WU>N z`qqYg-HeYA+iDO%jcp1pd2QL@eXGo_HGd)ehh5 z#q=e?6q#=B?q$?2p^Dmmq$uf{%doyn%kL)UbcKTuyzoV6VJ#0((j&LiWJ|@G-Og}u zb5|$Tt`#n%wL2848}rl;O42bgawzx%#Tw?TKC3Ol6tj;j4sZ#_e0^&x#@;r#yo~90 z3S%lTPTX!^>r~*39L{6Ip)OWK3O3?!GtioxNqauBY#uO?1vz4I$n8`SZMzccH;~6@ z))Z9hYb_2j#JG^jA=Jb^)JiKxcbHpW1rP)P#~^BUr;Y?2A(oTCmd-FL zWWa_7F6hiluV1ZOyNPAEj^oM;89P{Z2Cyn7-k+!0P8iG)*c>Q7!|zOO6hS)}iSn{f z`_vk8-$Q!V!cc`Ggh<3^IL<4A)huq{Y3GtR3<*BGdsRi)pJ%O&uMKLqv6y2;63=uCFV*d=<^S#R|leUPL~=oB+C z?d?D(VY-I1e;iA97~2~0*BfgRJ#Fh#x8in(=o+AzwhE$C6LDvLjX!<-e%C9hmR~Z|Ysb5;%E&JQX zzh;Lc?hYH+&{^vq4UlQEEZ_*cI|}OVJXY7uJ)CN0w`B@lo4$Kc2Mw-xbwC&UrAa{~ z1KfJoEo#=JcaFise68x$zd z<5r+@np&Nq)E(Iwj6`vcDJ*<71*{>%ymNi*G5gdwSg3AxI!>bcWbs;DKw1Jf2^W$* zjdhxx_MND$zndIFWnHc6M{0wjEbyNa>1(Fl8KXvIa!73EptI1Yyokt#G-5bbJ?Jl+ zLz=ws&Z89f2x8?<6su>N%xx!Mn@?zOQKP^ikdk;Fl+4UsA5N0;b%j{O22_l5T{Z2F zq2af;*tkiMjOVB{SjJI(OSY2FExSMq7yfmews+CY9!NGj9C1j4uG95dwACzyOt{B2 zjdS7#eNCp+ZgLsM?E3oCxLEXSI}294CdI_az^Ee}`Wo+iBXxbI@6+z?JoOAq7XW6F zry=M6028#>yh*6pU06nznytAz3g>F{9E|s_f5ZAU&-R8jbn@ekd2(_y?O4g1(??6G zYj*Z9No@?pX9I#e4_f2m@kXU=@y?ewA0vm#obCYhIjk=1bVl7zOV&Om#o~=PLa<9~ zaOx69SK3Yh864)S&*C$4YXzj*huYF5*~#hks(|K>e#PR|brgg~#xP3suX^ymg&~hj zxVc6VvH4h$oPV5GObpL5zm8buyM{>}-DF@gdsiIRcTW?omD^j%yCv9eJ$V$`F>)o= z)%5)|NCxFNLfg3}y#9O5MqwJ-%OYfq1sNpKVW}SZ;HzC?*GGkQH}h^7o;Kr;dY{C) zGJTpGi6cbY&O6l=&Uq=6Uf#?tNOd1C12{C__(gA4>L-~aXy4}CKZEO0BBQa__;T9P z%f=c`gQ$q1x0MWxPo_Zs0NJa!)a{|QX(F(hWVcL(z{PUO7IW6o*u?98_Tb!>`J2}j z=o*j27Sc3B1**fgSoV>Cc>a`>8BU?|)~Dj6)b8iHiWu!=dGM1;LYaScAxq>%lF*2_Khg=TT;r=etE-fyMGAL%-k?)%6infP5;A-ji zdUReB6N{MPxd1&+J4@r&6EhA#*`!`Rq)HLX=yWClNUnv-OU z_TDD(6nZ$(8bw8jx`vH<$C7Y+*8c#6udOe%^e7s8joFX{#?kepQy-~FmNL#Gfub*# zJA2n7=S6iMW>#y6+l|AeG()hlTR<76LgBH_(VW*sr*64;Ze_GHTgDD|e5BArmWQ2q zhUV(~Seni@l1Oj}LO$uFj@BzUR!f-9-0k^?6cX9gSj%9~Zya#M4;*K$U)1HgjU+bF zt1~GW1Ew{l8=G5& zRpUT0$jPA5#O9Mrw~`Zd&`KN)!1Tw~vS8NYjpTyh{OWO!Po)Co(&qHG-)VtZE^<3{ zt9pK!0y;|~EQAaU)N@}_JdQV9)uqz)3GILoBfi*}jt|zRyLoPGt)~Pl;PgLwn@ZY& z%6ali%z$H_pVG9fSX;`VC=z3^v{Wru~y!W=&3ugk$98xwK<0KE4 z-(_o<1VAws{AY3QDw8!x^^HSHfNYA&1!dX^By*fsF>z;cYFBZREv!CZ zcok7s&92(%XYfGry zv}_%>9Ou16nMbneHz{*#A|oqKgAAjb5nQgRZE1I?#Ii>$fGFrv@0w=uDpt#X55TN@x;km(X4+Hh8db(;*_-f8AGB<`Z z`?hB}=smuotd4Wb28*m-S;=)2N@5>*t9s5Dw9PW!_V}VeqcZuN0ZztposOedwbFb+ zq+7{sf*H2?k-GFC_O42OK7B6L6`A${fLP=j4E>|(ayM5pUSGovxNDGbp>dvltJl0O z4b`kACEFA72=(HTYqE~iS)UWQ6;SVl(shdk6L#*+qs>j zX*ZU$wd94Pwoa^g2D*7})>r{7j)0m*kf!cp!!mh*uHff91IOcC7MrQXZ)0WfISJTS3V4a((XHqw64Gw=Ztz{t}zCWM9~#3VUZ(P(lDnv?@qao?NOJ3 zeqi7ei~uV}VItkmpKWItxwdq9HjIFI=~ z#53E^0-ZfrCftG7rEnLY7GUuHg$|~Z&SAHl;v^e`oZ#{JewB+grW$9(9b?3@+0S>U zu#Jf^ka87!H|1WJu6T;h+eLpaNF~1VhzNRv>ru#bb0gu#@Yjm9KM}RW*HdnoyT6sv zF`hBl{x$4cW}p3#p|5TuaErN}dFkqFZ)RhAmn7BnO zPMX?seYVJI-R{`6?NBJ;%4_URkZ{pvF|T*mH(r zdSqV=MPZu%UU5D&?&=RbLT!hf7UC-dixj zIT}aX<*8wl^u}wv_@m)Z19(H?b;ZAc?_$)vG37@jMO%0d$_pI#`LZgxt)etgM+L3w zDR(qGU4B3i3}b=lD;>2rNuyX{l34*PTO$BeHa4`d?F&}Ax$!NU$czxM+PLe_KhnOk z@c#gbrP9U6k|T9>DS|VzG#T?4vc;s|Pjk6Zn}H=yN_Hk+khL<_Cr5WdJD8InQe3v|j|+_`^)r7W+!Skj8fpEP;RrCX}UN`$Gf4 z{t>e9MxZ0IiZp;sSvRQ4D;|3NO>>?h*R=cHV^Q$Yo-I#LjhI6uN8~M@LHFaOWZ8Vr zp|hrVcTBs|)B8v)kVL>3bIBvPu6FN2wT^Z2p%N;-Q*g-ybmox_GW2@ZqRDxtY9=`C zpe*ekcJc@F;=XV32Z*nHNvTI?Z*wFjGF?n$G)T@ zU3h-Mx6c%5JJrDbH!%f$@t>`G-jSir1h+bLcWZYvqs)+? zAT~$c>CdO(P~s+Yo<8vp{42dTNwc$p5ABPYjA0bvl`)K;Zng66vu?VUzdh9ON|$Z` zW*Omg+N_AP)ci5x4-H*u*7|j!oplIZ;$^$nMV6(fTUu$cm@eHjEScvy zpxWr=H7|tL*7`=Tb8jSfI*HoqBqV^|!@Xr`x>S+qk=SZG8u>^JarcPy6bYqcKK{mg zOLUsxq;VGY^sYx!mKdhByH-bB`hrDgDG5gB7vi55-d*25nWsd?-P3HY-ADVl`d3-- zZ-xwU^uM^R>{7a)0{xsdF|;$Fum_(kV3SODl+FNv+>(Y!~jY_kRq2wetS} z#0yJ}M_SUOv=2_JaprF_rvQvU!^@HV+R!D!OWZz|-*!)&=f z!h6(m>Pn5v`hSh5yNbm5GLp%}LmZmzt~C!L$L*VBNp~uQ0G-+ERyMUS$qX~fM6 z$8;Bl=t1|c6HL{7%eid9bGV&_M;_U&p|ImC9#`Wl9bV5}k{M$yEUE(y_`;uGz}IKs zeM$5SmzM%V3I;)+xY#(ywNpao(#KzCtlC`1d3UN^C)*~FIN$HrAEiLDT3lZUjEv}t z9AIP<=}Pt;*`ufGu-M&6sNUG6(;zDvg)CPjbAd_XPZM6nE2`Q`Z2|@xeSI-ZnKPBr zzA|Y`HlLy0X*W>Z`RpBv=WKn66}#e}iJlvUZ8Y1Jjv1ZF4~|OHu#8Jp(fmg=7crz0 z!i;t~8Nn6oS}v2PTUwcCQuizOV=Iw@I_8rd&Tm|$XP)?{Tkw$aD#xI-jrNjTpZR6&UBrUN#ClAcY;3P) zv0`ktHym@H&Zg|Oex?S6;$Qed>~&ad?4y?DqiB?Yj1OO}dar^!b*yV%9F68O+g_8v zW7hP<+bk1_F- z@M@QLH(F%cRo|b(c?-2i9S0q2=MNEhPVYk0EiZhDi$4*eZU`;bgA=9G;YGbm{YKt1 zmD;P+3ZKO>qWLq%(lW5+KmZTIgC{bknWb7>AchnZZ|AQ*{8yR$T<}fIRyu5&3~h2* zkD3<)${FfLYe>Vm<9*LC@Lz^JXFc@NUqE5DUO745J-sW`Z!}Ft#S}H1(Y7)B&IMD7 zCBc%*1>9P7gt9`DOi4)<4^Pg#!(Dws-&2NI9yn8Q3<&$9(-oVIhXvGwU)H|U8d~|b z;GdT``_<`x1ftcYhgNoLf3T@(yZc=A0=+zIaT}0eN9~O?wfa^>o)r3w2yDA84e^vu(FfNoOP?Pk?LM2_?llu zO*-mpIc_GGaK|n%Iv;Lp#3zXA7iR7NWR>%uYB^E78Zk8w3F=PqOwvl=NxDF%0I#R= zu6SwsmA0(6@T1#Ggd*=hF2H*VhfLerA4b9ATWfnOJvvp}aO62>1Cfr^!FZR&`pvE5 z+W2POu2N0IV;-aH(zBFU)UI=0Eb*qO+IE$s-lJJ;`R*fbNn$AYZR5|f+|8xlz08^` zlFj9hyMxgFbS2QrNgl1@C}8mgxwz9Bdu=I+F$Qj<72>wu2XU#!^T=SgNe%$#aK}^n z*6}fMNM@;^XtuX+Q~vq>7NcVtqTX#hCMKZRuCib(S3y?|{%enJK)w^J!o zGjxv<>NXY^ak)wE$vZsJpP2L?t$Uw`?e3-1ts%M*okCRIC_$120pgpA6-e0+{>@97 z0_-L8k;fnkudGbEd`~sKl(WcjwN&#}6oN5VG3@m7uUNE~8ho(7C-;kn9MdiQBWI*M zkG)X=--gIND?@u}Vy)J{r)-KFIbyk(WUy16y!WnaS-!K0<0j%^xk1^pIQ5{1Eln#O zNfO#iiw215aiDkxG6DYpXjdbw_>xT&CH3^lKCI+?x$1lINioIhX5Dz%?zFQ8pBy)u zoWlpq&LhF<53NVxT_*bR-tScMmkpFq4_|Xk+g*{~-Lhy_?=yV&1cy=&3Oy?~Nb&pX zi#%-%kOUqfkA2a+d245;rsshrRSK?K2R`4ebh-zLt#59;*AH{hgWEo}OF^cM zA0DK7ww)TI`BGtus+?oqzGBks^@i6YvCGW@w%nYYueqx>jJl)U62j&ysNp+T%fgY@ z@}~HP=JAXWi_BQUK6DGrpZ==PR<2xTa2o#rh%dZFs6lJ}krWnDLa2ZqOD|SGUbWao z;fW&Bl3Ph5dzMmmwnpDf@m7_K=G63mhqjkdStOdxv^&>3LY$(2d-2VAZ^b=1yh*Of zs%du6{i}#xG#F5$rU3d=A1wz%(0^U{kI=bD<--W zqiv5J@h+hLUh6VUnCM3)u&tGEwD%Wk$uHg94+-l?B+d)O)~Tj~``jtP+{5n=YU4Cb za`)|Xn|U5g>ij^B#jySD^ z+C2vQM@7>b=E~|BE=vSRBW$-y^B)*Psl}#QM>WF5GoUi41Q17T)JcVv?s@lz?Vj^d zXqp+B6?g9=gY913ABXno=j_av0PSL-a8TDg-$AI@$-GC?#JflOLX2Pz)ZH%rTZJ+M z^29?jW11AS5_%oZgRNakvqJD2YjA!|%Ywx9Is7T_0JyybBQmkUWIuQ7R%FiZ^Fc(l zHuk%3CSVmELHSR94SAr^Q%<~S?;vR%8|OfFuo<978RALS2bsdih;xsprfbh2ig~66 z6D&>}c`M)AwTni|D#z(<%DVtnS(F@SwPr&Mw=;xxL~eb+$9l7MP}OEJylWb~tfY0| zlj~nye#$==?*0_~T=4$@i6LvtNLk^vmmf3?+rCpG^y8jsNbjRF`#$}jz9i}XE6^aj z7m-_DUB??JiM~~r0P*Z|U!a~FkNbN=j%(Q#Sye=H05CEu14fM#qu5?UJ*K4!&toJ~ zTHGTpe8^pJK^~nC;a|h|{1xx^Jk~w}d};ANh%7umsOp{=z9!}wV|+m*WaUUB_=h0> z09r~qn8qjNABS~@(lvW4=+!*Iw6d@atPgKa_4LDO_FAr&_JjzJFu_pV55l}W%AYKb zs(NU49uv|NPKltFXPrUnMsb?-@!@~Aye|#7k>eqdblr;al(o63(AkOYZ|%|(vAQxX zdajyew75{i@140To@?F9>aCAI5e+VMw|2WyCvpU2=Yjm{q{Gdg7LGX67+iO6!oGq# z9(15B!L^PFWAdHVa(+&^`gg3vVD1(;JoF+%|tG9q@_7;w_A(%GVH#o>1pjE13Q@ORH z>eny5U0Y^ALO-o_R(kY$c?RM_ml^p;9sTJ>EYYK>v-pX3adQJ0E$=NN7;wXO^&N<= zMUz7DCDrRC&8&ARxcNJ<)o6)Fu*)m>?4_2}ByJD_7@FifOR7b6sM_hshULocVg_)1 z4F+bTY3XgJB;kZlj#P2YNu)e%OGrp;0mRBv~i7Q3~Vo82uwDse?M5WNQ zj(Y0udEAvnbsP_4SbCJOyk_2fq@8&7tcysYXty^PR=;CWa20|`toRDO&whQYvhh5A zL&7bfXeBW&6LItzKaDi(ZOeTOi%SWK4y8A1{%+C-cfZPE@_A_!HZwr=f&B$Un6{fmf)Uu?C zSX*N+xw+!9E-betnerpNx0}mVlm@};_*Sg-@&Neu!cCuwFl=o@99mnx3{-;4h1iUr`B$7 zO}vRPPDdjH@ukXKQLCwVbIW_jvyJ}J$9Cmzr_#8&H2rKsW^|G@-;6Sx=QTWrmpW|@ zNtq;p#tNPry>zyAP|cGj<2LR=JP}gRDKn(J)RRclr?HKYGcPItJ!=ljSJU*3FkD=_ zw9flgcJL__q*c{?T5i$^BWV!;z~iy6Jk#zAY8R8KDirM*{vqu_jYHKfEc`cl1*Of} zqvPgeAdEMrYr}Ox1&4@dF*|*cq-IrKLa(J?J27dVhox$kEo6ZwF2|@Rp{3NC?kK$I zb}cudF9>2iX(6vk<`|9p)?lol$Hq5iP^i3Nuag4M@rCi z$S$7y?DpnI7(DPRkMZuIX72)s;YEmGoKh5;=vUBui6D%yM1H%6aa6og>tO0Fj`=ah z2LRAuX6V81WmKO#`g?tAy|(ySYvNnTOt)(tx0Y3u4jH}ajyCFb);=4TLWPW{Y)~Dg zmm5Nk^{E8WUKi9X*(SFG?=SIGNt>B7vRqyHtq4V7jl}n?eQtSdEazob>9~8=CX~-9 z*6vN@7S{@o<~YgDN8yUCYGh~?Pym?2deU*|XpOBIV~R-}jrmjehX8w5XJ?_sc+ugp zZ=L68>qKMFxtrGZkXW>`#sp5CvN@}^-x8kD4w{n1w4IXReV*#21zbhU&r+XO4wW;a9Xt0tC)=k4DamH(w(yZ+?=Sd~~>aT9& zp4D9FN-dtTr1-+l;^2%1Tx<%*k?&n!i1h1Q-5S@)zf*fCEKx>wf$v8$FWH|v=@+&h z5xmq+t!&a+g3eV(%uhV@{A;k*yh&*mj|J|S*0&ELd6Avq=(67KQJRIJ*&s{=`Jp{ zS+wgJ<(42f2QBh)dVOnHw6`*p9nJkG;l81(yFq0f*B2Xi1yhrpSJB_IzrqW>KK}s4 zSKcGO@*=oZSS^fyFe~@E@H4ls(wwR!9Ib3G#Tj(p4jIzI<{O|~f%9izuamVD)I3DG z-m_|l%C*OxxA;NyAB{w3bZ2LMNd}uVx($Sg-gKh=JC4u6G*3dpx0b&PAt7wKOog!v0f^$IZYFb07N{l8|cyZMAu1jCjH5)5NnmE~D zED0!hIG`@foi|p!XhcB*7a48GkzE&uNzx>qe=*FC-!c+$k6}RhnQgD9yt|RwOrRxp z9lPk3qWsUK{0N-j(D#`lf&0{x(1^qnnw$wZ(cZJKZcmC zeGi}XCYD>dr`2pCwbenyk)B83d-ks4_R`kwz@vp#Q=SJW+L2tW^Gzs3y0+#rVHkzQ zdM(}Eyb7-<>wq}*pp%}}wMcHQzRzrm>bMMXj%x!>u={=Zc^E^%JPxE#QbS~UZ8cb| zz})%E5AKTeYaL(AbhO-2!hl-@Vw0CbS|++^g`MMu^6mgTTpsnw+1^=dT3pL{DE`ri zfJpv7T4qv4LfYIjm{nWJ>zrWLedUC+97hAO4ZuCU>7)whaUP9*Z==B>Q1TvdI*P5P zeY)D=uHk1=0na{^8bv#vcj7ZHuc||IW|0{Q457GT(~(_fi|6T9l6{Itk9fm#!5)>I zv^0!Mm)8^DTD6?AGr;_xLVfF|)AdKQ(&5wNlX`6%z&IHdpE06|m#O%^-rGyO(%^zA zF696*C;dhnBD#5zrtqqjp(Dd6Sx@3VP-q~Dq=~{PN^!sI%!!{3UxVvs* z<7QRXBGa`SJ7&AGgM46-CONHLJ3`X`0J7t{mg34tN@ZgN=daW8r70UnLzC6x(e#)n zx`sH5bFg*Cy>LrC#pJNhZcmy>AgyNEsOH;6STt*$Lz%1QP|yZ!U%58?XOr-}5P zH~tX&ZC*Qg{{XZmlMNc2ydxZw{(DwTdLA)xZ0+Skl_Z^`>6-5JYgD&Yx0u2=Fy^WQ zH@rcqY1S`oVYWG9Vi$K}Yj;Z1G#d+N)Y)Q*avhsJD?wb{Sz^>Kp*9~hBN=1fvi>DB zHusU*Y2HTmjeNlv`E!BDtAU)Q(B(8t$pm(DFewoVp#K0D728`{-^b)7nr->La1Clf z$7`M?a?+zLlQb=`@thjW(`J)dkUh$c>CiW7iAZHlZr=V~VtFx(KeH+T7v;}9{{Sk; z@cpa*0BKxA?5Pj{{S9Ozvw=knc=A^bQ?!wq^u&!+84PF zdhKso+IwVhFp5a+R-_g@!^EB>ze}dlZ0y@$V6I0%J!_cNJZ*Dk6GW5DSBDZ1c+T$s z0Hs&74`z==@UE$*>RKa0itBh>WpT$nf2BJ1($3E8X}aNo9%$L3jzPnKJARdG92PN8hDj5J6I#~nMC--O_u zY~i?=yo(_?Ipk)Ma2(o&{hq0EE!B{tg;IJNhsD~x&5g)KkbR+}5;4bODkUSLD#sC~ zU0Ui_VhQ9(osM!y0H0oZRQisK1i5`bbkBkrM!gr0^qmWO*9&S6H0@LO&%nwHxB zJ4vHU!?0uzb4=uvx*Z;+ai?3lvIzE(z#jF?TxoK(>~{!KXdCXK9MsBICN9L+>u%OF zSWcn{-Geddj8~f6O9I}tt*dW}Ka>!7Z+gwh>VxP#TgZLDe)l-7nC)a_P{4E2q}0=f z8DohXf=?JcR*U_b>e5K$gUXiyNsWlf{{R|jiR@H^OOo?sGb6RS9D+|lTDLkKkIrLW zihc1~HnuUjo2S};XA*Bo+nvY<@d~>w)veXgpUEwftH|lvr8H{^cRSUxj?T=+;O++m zcCJHQwh>$TizW+a9DUl=4a>2@={J`KW-YwL8wWMs+ugx=6qYFB7UY6h0BR;?*@>oF z+$N{CX{BUx5s2hqcf~tZ@Xf?mk?K;y?P#nYaN{+Rakll`MmQ`bhI2gug6q7b|Jq4~b>7}}u`BGqcSm!>q%Xovr>as&LjlL9qfai+1 zqE8mqbkTLIU0vy6E@DO?0DF$rs|BUa%rLu&Aq=EodefA94M~^u%S-E9TjP6j?whuw zV;feX(|i$Obh6t8ZzL&_JSJ7x^Mm!Q>~z7i$2IHSV?*&|o*zp&EvA4g3>*LnJRi!s zxUa7tM7z7bL?R+gk{0`dr6i3d9Y z+_5U;X8@e>O|n!EIETa6x-{_E#A9fhQyF{_wNGEhzT5b5qiB}tZ8f}0JSpXum&;OA z_X9PXSJcrSP4RocdX3_ltevBHWNUyA%e-^c{WD$X_10nFYockU&69$TNBE3QG7tqJZteb`qA|< zWur_Z`y4_X`4}9p9@wVbc&kCwe0w&Pso2dtHWDmhWKgB!9X8duTR_`GmGPRS+Wq#k zrNaCx`az}A=t?vU`H7q;Qlq6WA=wzVQ*!2Czj$kW{|1-{g0@x zFx31kw>qpAcAjh8xiW2DK~erqBQl+}x7g(#Qw_Vh!Rl*T@4|BGbHjXQf&id7$E zIqO#1G=xfRVRL7B3R$9gTfSo7dyc?YtZAAec%Ji2)55HG>^ARj;U2$AgJ`AH$Ctnm zXjeM5)~RZsvj&qwwrxA<2Dp;=nq-^{U@eANIs=W2Rlfl1u%H2(kwOJeY93o5*< z2vP?ln(A$@hM#g`oz%(>9ZB@{rgO?Yix-b|d*;28EKxD%+Op)+wJQi>xVTUi+Z%&$ zD{~%3M|I)bU3LU}s65cJWRN)+=QW%Cm8xjkzNaRiJR?UI#SsP+%1;FSdU09J6&UwC zw@^tXd6#FIBPm7Q{0A83zH}ZAweXe8*xTPd+&KIazc|XpPj<278(1-6ON)n&5T)0@lsuztinj zRs$0efI!dq&_&9g9@6aId!0?LRuynQQQVG|X79q9rQ=UNlBl;VbLL|N)$)~Pu}8w* z2k~Z~sNCu|_wVNgDfjm7Uw+=T+iTj6m#65{+~3<9n~2kwY+-(soJ?gQbge;jl(V}j z3)?Ucw4OGfO4qyi!KXoYHI<%;Yj}Yh%gH%bJu-9jtmS@&cfRLApzC^snmL|ekh8F9 z6Lxm@#d{})wQWLqE!RxB@>S4+OKl?}qAa*X^G}I4`YPK=YjJkr|VH%%RH>#y4o?j zu0}qUt)x#Zto~FohhS4Baz`Bh09pmhspwu7@W`6x0cmdy#m|=WY}wNp&QHESTHg40 z+P1l^>T~LLOJf(Ar`rD7S$0T4f;I_|0R$R+tJNedfD((R7A9}2{26A37TdQjwI{yI3 znj2f0mNhv8X*^{5b*bEHnmw(gaocJJP|EEu-T?*<4}NF|7JKJ}rPJ>GyNkq&?GMzl z{o3X{WYfj3!wRHE*eGyN@=khxDsgrp#PdC4N7L=3n(<+l3x#tbY~-5a>@Tf6Nv<`X ztg+c4LL->2M+3O)=~n01Ry{|~l5hyjqFd;DuD zNQkR4>uQTOp>e7_LgM~W)xaaaZ^YNmo;?20lTjLER~}WXqZtMWW0Tm@NgWVfO5P3d zMWk*)c5@Nk^Bj^%^{$h}HxYOfexGjhnXbu`3`|DsgV=SiQXgb!5>YEo(w(fh;zH`>KT|dQorlYLh#r6R=SYsb5W4QX%$b5$fv-?w2iq^?qSqlK4EqzNJ4T>eL$=ikm}k7ldHjIE$%LNAPpYT zk@TyJu(^wf6$P|DVUqxEIK~gB@~vdPlTO<_AeLZ9%s4+veB?@3GcI+Dxo_clZX&m{ z9JT@c>YktCtw&$+Dm%jV))xN&yHo&x z=zKe+3s_kSrZbk}nMY}4?{_;{GD0Aa?uL(+&%b)({9H72`#qF)@xiDg6E5z!&mY#0 zBTpljhSqI&QIhuJK{TiqFo=HYfsO$BR_)147m`~tyU|K7A2RXRKD3%ltDX<9Tg`i_ zPa9lJ_YL!HBjzHzuMc=?8)yr_Wj7#Yk%t0>6pZC79i@btlxnuZCv;<-ndNHj<;p|? z?SDJ&o-@T|CTDw|KjU3j?2U0_XBxNWB=0=f?tO?wnWPK3y2$lSy3k6wQ|(GDudg!qs9YfF-Q>rx#!CG)`ct`ga< zFK!xJ+qaf-cQ2s!qQ=)fLq*l#w6?O-S&I3xc}Lqd^bM!N@vdpmz+g!uVUWIHUCZhz zY%XKw9~byu9|_-2G;%=&lNVJ&!I_9Xj%(IzwFj{9Ev~68jdMowsf(IJ<}3*liTT0C(v)q z)|Z-6D#H5o7A62TIn$#fVEj(Mw$JDO9Co~Ik(9X8G_ZcQvk4aRp3 zz?|pOzJP+$OJfyZ* z$1Jk#+{K3ggVQv{q38PNg|DKKuBK=5i8)e!>GT!Cf5JO|HN!Q#2Sy`m1>~P|L7c31 zwpvy0hih=YR8wBD10UQO<4sS-!AYgz@S zu&9z=G*NBX#v_8Y%;~-o)AWmFSeX2{8Do;m>zbu43yZdc^?R7~+)p8e_jCmEYmT&z z?^&45D#;TJfQ&!{6W{XvX>(~~TOCb@gRLc*+T295K)aa^OEB(7wRP4ukxLszFm+sX z1Fk6M18(MfJIxt%%`nSm%8WPc0hRlnoc=YH;r{>$MF#ognA}bWnB}mn`$s4AtvS%S z&qIpqL0br}Y%XoS*AjflK5fSz&c0jm4wbCSsLgSbo12V|aC_9bjx`M(15cj867K#u z4haj478veDclxfR>t<(ni|piWDh>`Y*jGEBV@ET@C-GD_4RS2WE^?nfM&8xWN3H7T zShCS!guT41H!%YzJ${s-xe|91$69UmnnP_QGu$JVM%sSma8_}?m>MLD_uW?`n(3yD zY|m8ix0!zurNy*wwS#SQ{JpEL)#0*_NV$Zn#dcU6fq(~bn$WIOfz!N6E|swS#74yM zGDbRJ{#Dpdray}zw!5B5k=?w^GWE}`4Hs_Z2tFU`R(F$J+S$zL2N*frewEbeT1<^B zQ_U{Ts!q_@8-{p4m1Q`MqnYu9_jjx1MI3Q1K6V%-vD&$v31)&(a#L?Y%FEZ-*DDi8 zpu2gtlU^i3D1jxA9vASgcf;NzxQ|+%*4!#swiU)WW7n-|0}flB?PV?P)*3k?h;fG} zg%!p4j@stp;^yhyWRoW^yO#d|8X930(DQ50uwUJq3%QaKK?5VLQ+*B_1}(LuL|w&K zlHZL-Gdd!D#KKUC0R>|OeqCl%at!a))998C^;1CxsEG_68Qa)l*m zxjTk4o+&uo^(aXGhQHvKzqG7gEby`L7N_>u{7GSQExgNy!96xIl6eGiU(;8@zZgqx z28$i^k0zgXzD3)Pi74;-3d&1Ut-hza$^_+=I4kmz>MQfN{t7w!F=_t*v`6gou4u67 z*Hie*M2btB28WiO5^~Fr;>W*1Q72<2^*@5&iGC5)ejNNj*7O~2(X{l4mJz#P#DkBz zJCZBez7uL%cC)1o7gD{JD|F`CM@*7)(U|j!^Rs$)ijmO`&!u!r7_5A_02A&TcY)X5 zy=Ekm4LC~i%Z2$B*N?+B@@?yLc&>*Vb*Ltm&40x5uQ=*JuSC(jQo6mJt-@P~3i5d6 zkMyqGHD?#hx)V}`)~BJQ(cQth+1mg&OoLIyZ|4;(6`!1T=DyaHuM@zUBCp}22TI?5c+CwpCNHe$-oC>I!&5`MsjhNGWlb#igdKJ{qHHEYWW|L_D z09TWQ$*p2!%o~dc-qpOh3%PHY5t5>)=z0Fp7BUF(wWi-h{ga&WA*k?JBnI8S`J|Za(R+M%4TdbEWuIbxU}j=J2sA7BE;2 z;F{7Ybup2LW2iK-$7gdSkjgSq8=ybu6~k-R%r4gvQ9* z`d~NVS~`4JI_|7K(Qsl8PCi}%^u=U#DKpXL&?nMiB3Qu8d~D$II@g_PS`F@%b#DF`#YEdiv03Vhfr4i>D8?vWzm3oK>wV;mko4F~f$hd5f*y?{utE^gT3SFGZKa?}rmR{JP)l0c&PIgEml2j*h zjE3xMKTuh0-7jWmTW82zo(?E8levu3JhG7zfQ{O^3kzh01QYCxJzey(Gv)4P>QPB* z@yQjql0DcxjWSlaHm=s?m*pXcr9r%4jOMzyvWSvOq2mQ}nvYMqoZPccs_MhI{!}96 z4Npzd#jV}Ct^w_l-k)|8Ox{5O54C9+8C;h_@q>WzJ-lQ_+kRfB9qWwo#_f6ImF?C^ zH{=C!FnvuwW?WgvuiB!wO+8?R^N_@!x_eaC_BWPJOrN}N;Br3-&7g8Fi}|IU7C58| z7-Runu_fYYnoYc@#5;^LHyGokOI-~4ndN%#h=u#Z90F)i5=@)1lk6)FJDu0I(A={a z$qT*v=95UMA5wT?&ri3|R?QYPx>gOjTdqf?a9rD*>_-ZHezl*XOBSB6 zL2+<`V%Q;%A4;P$ySlu!v!37V(nBC&{6EUO4Ia%dH#`azunT8{O6JPj4%4pm(W%dB z&l6lD{NR5N;ZN6EIkg>xM3w{`kTJA-3SyH-oy8JEaWX{Pm5Ig&T7j1O(M+zAu;=FV zq-JrNjpnbYld!vxa87aFsBgIiVz_Az!U$4&8o0!k>~wb1$0${Bt1EoC^{YSGg)S9T z2$Y_3X-QbhQn{I~>Q@><&1D6~^lSp7*VxyXN^d1*orAP&#|@m~p`jju;n>n>k>n$K z4B#5s*7bRyw`*lWF^m&Mx)mE7R-dU&CE4ELq{tkK*1n1hhXBh!G`|N6yFBByPa$!) zLAre3X1Yee+ng>s*PuaVb9D)p5Zj61;;ACh>Y8ql@o9@Bim$amUvu=Y9oDsYZZ2kZH;o*-K*o`81mErqhJ^&mNJJd>D z4e8T63pnHP4~DgUl@}dra9+Zuu%Sjc(K=W>5*yw7un+)>J98krX znZ0Q}hI&_qJW;OrFH)Xa6U?{aW60%r`MEXg&G8RhzS70cooW))A2Q=C1M>k&XqhL0@xc1P*G44z3_dj z%5`rAzLy;9d#E$qE1o#rkEpG=w6PAFMg%&H&`yi{*wYxsbDHb)yvuM%WN66aCjynp zE$X_9X^<&flvF1f>MJ`^@g0@+g7(5mp5Q;-1B`msiN2g~uEwDhD;%OsKGFAqHI8IprREHggU%0X zo^tF`i|kR(ZYlv!7rAvu*+=+llN#+GxlX27At8bRhiYI0F$3u)406T z?Bv>kI%kg69L%W3#dx#199&v7i%4=Jvq?B3o`03h|pUTaQk66xH~j_xIvI3_ArcTV-7 zR?w{P8ZP2}Ijd3^vuOx5Ng5v@{pC3NQz2;Wl4g*DkasEWXamf(3rJg2d1Fxux#R)H zYoVSWCr(hgVBBPOsF|Xf&YSy*CWbIh)xf|NCZTzCrx@fa#xu_yYa4YmzLqj%hwTLF z5k(7`2v-4yTOPIBX}VmIM)S!5k7*fP_B|CY$1$Ysmbm2INT$L^nf@ z^)fV!Mb$sEwE3La*`@s3Lx88DBDlRa<50Vrb-0hnb#2>!yHORXMIR7O?uD*oVyX8} zy>%)v_m3 z&NIlZAdK5OojeGqjoS(V!NL2+y&i3L+RDbtFstUdAd)&$*b}+t8vX1x+JIn??I%9F zkJ74I%PcI@BC4z4`_wiEpj-KRgb=;l3-?K2#?$IbZEjOBF; z`?$c8C|*O5GQB?<=xm~Uh&<;zRabK#N{0@@EckaO;nmioeP^v{QwMa9%4B8E;m2R5D`g&l z=iKf*8KP@Mn&v&PkDF=d9+d|1RzvMHz);E@BPwNb z-D`hE)y|6(nODzpgm6zDwQ-e%<8k(X5biAQL&>I_m^Ls4i1|-y^Lg*C^-Hz5xB@vm z!sBT7;zN z!<^TT$6;}6a3d?Q=Y=DmtwFSIbXH1V&$pUC-YE^1Onye6ES^J0G?ElW`>H)@n?_y4 zw$)YVNWmHZ0BHXJD$=>V3nHu`e4J#AVCInwsi^pdXzcBvjZ0;^WRJ{>?`&j+Y$3Xm z7ii^-kf8E=e=$LmTAX*C{ii%}`HYZ8O6)up=cQHF(&I@{aS<(Uq;wtq=q!%U#Cnzc z3jrkg7=6U>-1HT$kXk~ZDzW8{psixGH08O;$8yDH^2)3r@G;4#qFG(l z?VZfd<37Tn->B3qcX~0p(=|xun1)5+l#aOVPVukAM!UU_PLEI6i}C`$cK~!XCeexH zmKu>wO5$jvc()yg(Ek9O*JnPPEvht=$G?6bKHaNGM23yIbt_Fa#@5~iS!HjT$3niw zu%`006rGYq3J)us;;g{rX3~ z+@q_+Bhi{mF$AUGVz2eb<6l5{Pry1%o*J{6bt^a>EsXN+AZ^++f%U~n(@s54g}hDS zy-Qcu^&b%G%j8^LUo>#wa!?W%KdJm{r-#5$%c9Sx$8cwvi82B?Ao^7(njUE%!Kc2S z>gHK70^xBdM#1Td^cxK!w98QwGmwXG91p^YLc(QBtsUMb`yQSpxO0#(^B<*p4})dZ zyeHxKS6rSbAd=v+G=MJSo)miHAXaj=#HPn z4c~=zk2)oJY+V)Dk${Bb01w8pu~BUvYv)MFiRFe>Z1k+Xb4IhhvNtl_#*;8;{J!cB zaz6@IDa)bG_ypgzPPNQPK;UQF@D(?WbvykhSUxO{(gxI8CW)M`;1rJI znwduBXhCPH%c$6`*6cf|&eM!>S=MsQ%_L4x!_aZbtePgrL2qq&rrLRcypa>Plb$OV zRJ&;;iLA`9$r!;SuhNkw1L@L?%{4M zqLJM)+d(HF4tTE5!1}mNQhmc0FNoFGfTNs`)`MlS+4#3k^WqBfE4yV}16*#ArrPMy z+_J|RXJ3^;=Q-;^HaaaO?zKzEEG?&o6UhrFP6mIaeARV-b*Olz=U3f22;`D7s^23J z#Ao^OO$hhj4S175wt~U+Jwg~Q9e{RWlh>X*(p_o^;y)7VHhM$FbK%$+BsT!#&CjSm zg=(+4oTJqBJuVG0TL?7B6$FaS=1O{z>G)vRhIrm-V%2XnL=3ix7-W!VsV5`!6`Yxw z#D8SETg`hSOj0B+*cshkH9nU9A{veTy_vO{+?DxqO8ym_THMw>&ZEM*ewND~p8AcX zH?b+1qiHbAzJOAAlf*W5fLaAeS0`uppBUx!-~ zt**5F_Y%VlS3?_#0hFFPcBUMM7|SM!u3BjK2`$ttNerO#j-9byfvNcF*GALkiWt7n zA|2b0emYQ1j(@>g=ZL&Xcd5;C5<6)oSmFWmyWIZ(p4GqO&ktHpW-PAR(MBDLwgcm} zGbt@kKGyWzPs9*uLrb1lNFvxHJOhtm*S%#gfv)uHHt{Z`E@Ox|19suh)4fYBFgvdc z_{PF%&YY3mqr#!3W6}EKXs*{#@m2JYB)U*GSmB!-*5+sXOD9Gn zJ573r!&kAix@+RNnC;w0{Iv82t}+GYd)BY4i;GhVsE!9v3aH~Fy?%UrRlOR&#OsY7 z8_B0XX9^>8@*v6N56YXAq2^qfT*kq^ z?>Xnzl#Y2s=&!scyor;+I9{KmBp7ISX8CnTqiY3g`kZ@|b3O)0|dd zqcS+#_jh^@c=t8IYExZaUR<=s3oShy5O-s6{{TIz;~Nuxg-trl_>*62eL8rXO;}t7 zkmD=|Qhy4`vG5$X5uHlvcI`d5Z0Kmx`XmLt?wyv7oykD9z+pz8iJ@iv_LJ*1a&3ARqoaG`Vee!VN}D}67* zUK!JLNc=;oTYth(`(SvA^ar+ms8V7`_AL`n(^^ZNFGhmW@$M7LZUYdx&ls;i@o&TX z3yoFu`xqFJo&~ zbvX~z5!;GlmAagT)#aCpZ{^bT+r*Ao*AIdSVmgo06~kR=`c{E`8fruA@~|N!Jm=~8 zR7!n>{EhYUC$$&jQ%iXjfQmLexW`<2bgtV|@xGO7qv-Fkq9HHYTv2{yZ=eyHo zj4i@OcWoy;(;9X?=i#QmW8)aLKM&tPbo-k_yUQf8U`Joa`cmpTeu}1Po9y?|M&%VV zjNo<1q}hJZ@gXF!YPShvXC=BzHq}_kI|0um*SOiicXOs9Pd540K5QO452 zcj0T>o0;0#4*l53T$<(lRp9HrGR_Y*TwSbzok+mP7~}Dy*_lcvUxh5Sx$j=krZ(JmU|8+qYPK1W=slzrh`2an}_8rtz7 zW|r+2b`t7ykw^g;=NAySJkDsMYKT)kmI-m=~%U4b8B(B-IevMR%>>Pdo;`DU)exGe^ZkEiDkCXU!W34NLlRTrtlV9q0_b}bU0^k_bFD0{Dz9n_Fh1wUI zMvZ%a19zlJ!>*+FR>iKwsS{v=!vqTY2f=zWX_^b_mllfgTyl)q`<##FDc_*VTK2gO zhMxB<99kmrpW!tZg#1gTU07afSJ%QTKtAwsf_*9TGNTi+Tc5Yt%l)4?bs!Zgc_O}l z_>m8aC%C!S64O&lB#k3U1LR4xeAph;;l2_Z>z3*1n zwEa54+Uj`3&Np@Wt5KQ$AJ?=kPB}Fjgn|YNq7`-dr1koG)}_9o91^=haE}`vi_Sfb z1~NtU*CdW&!HP@wcPZ#9<3knAwcXmb)Q%Tz%yE(hV$mnfmtWdCzNE-j6=r-KH{GvU z)ASpQ0cer!cG?a?^fe}ukxs*w;oM#_O$BV+BWYN=5m7?K*!93=vK7&Zdvx4^e{XDQF+TS<( zIQOooYd;VcchLMldwh_(9nFGPJn(tx_*GclBzgX?;ExnqZj)4+U0|f7d0-OQJxTYk zQ_vyRQq0-hBS8pU1a;((O1@E}Ni;YX`riKP%^&6hJdE*OX0r^6&iXNUq2p+E#(ip9 zB24Hkb*rUF2}YSqY+?>Vkx}1Y2Gs46Spx?jFBmu#Es@O4li{r*_Y=zvjoOotq-T-Q zzfaP-UAkmeBGsg~v{=^)+i)|U_@kK{Moq0wD^<~A5KVLPq$fC$m+v2H@n?*S@W%j? z!0vhLSxM?rXHR!+BWdoXq{$qvYsRenJFVYpT8+#WlE-b1FfvX!&MHcjjlBZ%RQ}yf zEtsq@sdi>!7!WgzeihtZc&2|4O&yVhrKDtek^|01raSRL%{|SXDl2xoTiF$E5D%Lkr#fxQE9^Ggl;H)CLlKG8{moi4cg0Y?}rjtRqnXTuQ51ShY z3ywj?Gy2uWJwdYc+J32VY4(Uv#+fP^xa4&e(`h!ErN)hNHA}dZD`9y&&AG@e?ZpPlN9fI` zjI@smcqdkZ(@TnNPJ4HPIroA}p4jYb<9oEVlJaHq#QKRO0$VKAh1n$wof>mvKlYM> zaztt$pInh%e)o^3Ol7sVe5N+zvjb0=f$1I`(__@(p65|4Nm4ofB5R4%v>RJlnFvtX z<2^-Mn47WF>AE$ov~X@Q&npnDtb^ts?{=;i#9D5Xb-()wjmE}hBe)>)F;eOoxfC>g z3M)5Pzw=?|aL-!ydp%Q0)9ppQy~-?@4xo{eJ^uho=ak7u7q5Iwy3^;8;kHzMKmt6j z4|?_u5WW6~1@5OTac+z;!02fy8YuQW*{l~<*IMbe+}NWN8k3HGmA8KaS%#D{ss#il zFhyw@bSIpi&gNTq1dBJ5l{s*6$E9pp-%M<#Y^$P>Sm!)?)fuTA{l=wmT1(3-l#ba3 zRWbMdPHV`#OYs-&vaB%P+>M2XRFwpd2(27!XrRqshH~q0CZ((0TqEhM3dL_Zz!@jz z9qV#$6qzriw_AmoqXFbNJ6Em;KaFKAf-z>!o2kchYb3EGk1^p>Z&R9frDv_`T5?T! zY}U4p415#86@ju{&o*re7;a&PMc*mo9W(D;g^rJHr^^h|#@J4!xj&sayD>6-N?$&B zZg8mr9Q4R+eQTTl0EAgJjanPTaAJ1fCVz-?T`_hiW_6lhh6Fl}B8a@o3Jt$D(VuG6 z)_gy9*7q|)jX90>NC?I~bNbf6B%Aj(*mCHc1H7L{gLY zGXB+8?leaY5ML{(;<@=5H!^h%P9e73nUYxsGNXcPmwC;d!%7e)a6JWFRfc+BhrDg} zJ2017ZoC7*9+jp%K@P7GXl;@;ZZXdURoNNX^WAx4(=H9{<6{=+M;WUcM!$W27T)eC zj0E9G7(bnJ$#yo1x%YL=tB1&4$WH){hO$kgH1f`0G851o1RjFA<0~1c*vZ=>w2_#Y z0R8%7HGT=?w_z#Va83tY)`vwleHr^bd|a2|Kg6F0_@2j5ytTBKP*HlmZcwQkLEGO4 z2kQ;c02K6}9QaR1xfiK+lkJXG$;!$GL;Vl*KGmGj*K_p)Lh>%O_~uqqA}^Nw zVB~t%RsGD6B*G}x=5z&JasIM1!3XfoWiG&f9bfQSf7s7T_-*5>zlwej(C??wZ^^ro zL_+Gxl5h_}gPhmlAA|Kd^xaO-?ygT9ntfYE` zu}5yBFHC7=jL!gF+jE@YSHx9?n@4pvk2k!#{?vjiv~`Uil~Qq$ zTFb57=+A3zZexbo&_2~YTeg2%>BDbgr7p*}_+wV{E#heASwk*D_pX($r4TS-wqwBC z+P=dHJEOzI?{e%hv9%<#HO_f%nZ->d+%~q(p<+kwarcj{cExINHr9rG@p6M*3b+!pgs7n^W4eCdz7?_9UrndTB8Ht)N*`=+&yx{+e3 zw$vnoO-11b-Cu|4lU8Q6xp?57ZSkge8liHR^vmV2zgG$#AVIg=j$9n{;Y9(;j!yVNISQrOdlSK~ zkHb1`g^Ba-$D-9E}jOLD=o z0Qt!2L|0Orx)rp@uWT-(yThceg&1d?5!3ZG=++v|oOVxREM;Y3oadme325gpyc?%@ zl4Q7LBg#9sk_zv91Hh z`k$R}h#`$4000qq$o8bBFJ^CiH_+~{FRcubk1HF40fI$+8>s29q>3Y63V?Iowx_tI z8y+#^Eil_%BC(HSe8h$yFV_{q+|LuNaiEOGGCaV3^=flUT@39i-r47!=YKPI8EkW2 zm!)X&wUyY00P(7V$EML#-(xcqTDJbpf*GW79$#q4?OBrewp%MV($mVCH^E|5ep#rL ztW-{6bw9LB(gZ|s-nv4RNhk;(HicOE(soK>k9-1+7^oBMeq^O@JN+6V;quER!_=Tbt@M<|y# zzUNpIgNa>AA$0YwX6)LZrJ!zORI}J-O_nT*xDC4 zKK0Y;x@&!vmMymOAOv&EQ*8^Co=f5jIUo~FGY7ntenHc2J!&mKNb@X2G8bsur+&4a zmq9dkaOsfvYS{(APn-t~#|1#GJ3T7H#1qI~P0=0~VdYP$tvOJPy-&iHIztsj^DcAu zv&gSLl6JPfFfzN7lg(!AG<6o15?R3puQj_%7nlYII3B;PdWM~=+1wjJXSLI=bH+Zj zhs@5#<57~y8AFdPzHEcQ#d!yatSzqRO;#6KBw}*Fj=AQ8MA>IY`!&gqL?NU`=QY+` z#ba>-MDtq-nX%=Q%KOy0A-KMWp7^QXNnf+I$S<9vV*(fP73NphHxfhyvzY)GQch|) z$cku7IA>U4WqhgYf!3bWl~;`(Xr$a6G-n4QrcCLkdzXR!AwgwtJ+;J=MR?f3-NkEa zmLbw@Ms(QHsdX#-LXo39dP|dQbu{eF$!<@kXU#apB1CZmsPkz}*q&XgxFd zR*Eb~Po~RtBnb-7BCmX(ym4C^27r9|ukMvq6|%WJ=iaZD!ffjbM?LhD?vHlC0+{*NL=R)&fj5BqBBxG&opJ%eh(yn4R77sy^)FKSru3YP)AW& zv<8)|cT=*uqKk44bKbju4rpm_Bo~hqc`dXMau%w}#JO1Y4PU}A-dLBBp&$?gCsHeo z@dmPVD{D&|Xd_!#zFcjrX3I?F-^AB!v)#vL{zAH{ENPP2uXE6Cq`vTWv9e^cykM-P zu1^5u{uvdSr!mjlYN@3`Jhyj=JA}Z<+6k`)x@+xQReOijB8uG0@~(0p>P>XUJq(%O zYX1NaUTYg`t4Y+{Cep(k9QszBpM(+}E^oEAbMo+Zky@yuE=F;lAn?W5)9m51n%Y6; zF$%zz$8Kwgh8xRi-rjhINRQ-;n) zMFw+=HFZ14VA0m}PLZ)70D7OLJ3`d$lFi!f&zw#by}pzRFgBCKSFlHK4TJeumvI=$ zYV}y-)MwC^=@@yoalAlag*YwmT;{Q1YdD?=nW9$ZHr5ST zqlUJ#^1R4Qe>xM>twVjOl3XxtyF!*ev;$@*+YAs$B0o97&MT9i`uXmaw~~My=cuhY zRf$sUc77Z2KCPr!P3PZ8@wA1a1P_v@(>1%hjElK}V#JaL2VYFqWt|LG{vXpPU1mcl zy-*%CUN^RToYz}7#Cr`xPPm@uPHP*bZJ1}=Wj?)6S_YEpaCeZ;9IZZnR{6m6%`(zk z$DTGS?~{N%>Bn+fJAdrPf;eV$A>Rj)S0d4uQrzBPhD98E*5^6JL!nJ2!HWBIxR9KI zjDUEn`klFsXl)>aF#vb`*vH{W&NsQwLu~|8u@>OD&JKDSX04>(-@x8VVaGzlf@=e= z19blY5511Wx+*ybQqidTLmk4bBkI&Hnz?#dYE8Bz%DE9RYDC6iH}?O9?% z*hNFa))we)cU~2b#JVl+i#$d{Z8k)kx&`O-;-K+ukC)<&U=@$cX^SH%$Ym#}trD^W zDh3umxdmS&ox_TT;^0MarrnVN89!Q-1)mS@gYM zNmV&G9Zhult;^dHJP8!a6U!^N)2H&QQZcd3tP|?#GTV`FBuHHD;AD0cm8$Ep#cc#v za!2Q=7+m0-Q@GqtIrUg>RL>}2%6Kd~3hQj0r_<4+0!ZCM=N$zCG)|>;ZDzq|c;HU> z>s;0Dw`?q?^O>f(eo?d9fHU-q+tszZo=ZlaCm<-R(s;7~X%Jieo#hCHH)nax1t^^r zw}-A8NiL&747gG9@rv(dwaiMsX6Z`x1N5eyiD}+jwKt(=Yd{R7P!p}AKF4W z<=!Ro+;JJ~KBI~~peT}mYr(B*4R379(jfC>T;M3Kk~=T$2!6<9F#>Vcj&gZyaN4Gm zeP^hod(o_lAD-+yMjYvh-O&&)?^ft-cq-LP>aAn$ItqS!p@&xIRLJE;L_ z?&nz4Ayw?PwWLEO=qn&@okd)C0^Ax}85u-M(B}*>*VeRc{4)|wx;6O-;5g3FT9Gcq zn$4xRhsBVPW#t>jPZ-bt09v`pJVk0}i|qTk$mgIn5|T1;?lkJs-^}0XD3GF_I%cit zdVZIx-${3KH2(l>jDSHuDvq@Y4`Wxv^Zx*A-^m?>R?xacsvTDwusV<{%&zq9MP)Et z7MzyAeW9DFUk6P{Y zOP0CPAb?FGv`Ruh_eZFuD-9!#(KKB~#_I0g`tnQXW@!Y)a7ZVn1$OtkYHBtn)X2(* z8_4#lMye+@?<*(bQ9i4>uoD5BPh>awZ&cOTBYM$-K0-E%;y}?mt$*a zdOnNr!ti)|QP=Jyh9!jq@^~yr;;JRY>tM5L5VWx<9D~l$#w%#67)f+IuTa$*{n>0} z4+544j34vGV`*Bo!H_`-5&rZh4}NJ}#@g8TJtIs}6C0O>WKolo*Vt7}X)PXgks{d& z00Ozred{*OV;dY!qov1sE#5hn3w4k&#cs#1{g%QVJ~@ZkkObwkxO>!^MpiR52e#Bi zaWraHGnM0^r|6auEUuxrAcCOtRT8<$@1eKR^!taEtOwS(?fPlwcj;aHRIBa=wK)7cL{a zvRP~{-QRnRCI(5z0DiT`#rC^f=)C)7`#54*i(rm=VxyGB#qNmwRjsw&sVTIN?7S-+ z4lsZHMwy~&x}sf43^Ht4Q_J9TbJzM(8Z3Wn%MA0Sy~};B2@EZ;V=azHT9!xM4ILm+K%I?^ry?b- zm^=#1(hT!WGvV|)SBu84decJosL(uWK^uwW{&g>jyfF^7t?8P84?V53`F|{U^8w=@ z=hA~i!8Ct{^Z2{suZ?UqH#$a#W>48>nNHPUKIs1O&MV2hMQ^D1U&RqSwIaTMFb zs-262!8BNB&~|$C7nTbwu-net0<3{R+DCdWJR=8)QaEmy2Yf%vz&~16F>z(T5NMZv z5YX>!>>4{wK_lH3M^+<(Yceel#5$*kEh4zNZBtteyZ-=%Hj+R3^vwAUt9>!F%Zq)> zwn)BGbNSWZ6Y57((qxAE=1CePD->W1FX36Zwly0b9i&+66JJ|4o`(}S-gX?S``3Ri zucByHH%qK)DxbS>sE2fn*!23*$XbQZ9q^ZlZ?$Xmg4QXlbhpm;lw%`31$`&*{!^-I zHu@cuaTeSaaB;ibntZm@QjL#on@ztK(^zd}x(%=a&U-#%N6nTxAzvrYL-!| zzQ@S-Clu7KSF~od5-skaKFfhK9%4h&ze?;Z^-EY`zI%w`^HSX5wr3~M)fX3Y$?yIk z+3HVkr%P=mv!PiTMtERyF-t^Ih2)lSPjPXLvxgl91`6k){{TL;q>X)<70-xn zv`Z_!LfBmWt|Vy`L_S~u=qt)R3-KBC+xg!duc%y}+FM-Gzu2WgmygtwiWu4o5?FdwDlj~MXMEXHpJc+DSTEN*2uw!r|rE|VJ z)7Qj0T#?zCVrb6iRc@eq(<7x=yvc(EL5%BJB)$xji<2s*U(-VygKKA>_4?^$-2C^63&bP zE^&^3U)F^VsX86qS7)BY7-RF=x_*44Co=uNiuM)LXI zeLbt8L6}QWw%5}^7dBAappq94D-njt=rde4qjzuO&1O61dG0TFvaDw(r)*H;V>v4x zo$%|%emL;=h#t!F6w{L8AG3hRF3HpodvFDP9|x8Y{j%!bISg#d(i{xn;8YnnpDuXY z#Jb*-acyUD7@Aq9EUy}nxaOWc&GO@;Z#`fDz(_y}f zW{I9%-eQb^Jq<^9<1Z0k=yq1#8A~>tk1gexU@D(M>+e?us2xv%ejGlBr!D^gkoWq7 zmUn25(oa%^6SGl&k zMPqCiDhA=f&%HA>Uiuu~rv;z(9q!hT?LdOL?lIE5I$OzYrj=!l;BUID$AV}&pm%-) z@a^2%#G2Yj@lQNv5W+$OXFYp&uAKNIQtdj3)%-Z2%S3-Yz zyVjFf(^B{}mkkuI=LMMet2B1qmOLf!!dr{yxmFOmpqw!v1pxKUb(eZAzK^Otp?#^? z-@_T*<}vvc_sQ?lqE!jq=x4>^m~X}1#9EwkBw*xj7>Ig`^1XXkU3yewaBikmF$N8t z%kTMA^RVP+C1+v|t7~t%HTm*G4CD^==~~BubiG2_4r3Wly%6co=xO^yLu%hj({1#q zH0Ukg?I;R{E%$nJ_2QdnVv;)~p&C)bc{zmXYhc$^#+-L;Kj z_^QZi_ji^q-fiSeRzj9ue{}Zv$PcV~GhlKaEcxhFMnT3zVK`&Oi&C z{c5Z}Q=0J~foHwCK{Czu5CAso)rjq%%Dt;w@kZZ=8c&9;^sgfBFD@m(0HSA+`qHs+ ziNN@aOI=$)n#1jI!i21?8w{2swS3Eee{rX3k?BbqwWjg5+$Y{0`cif^iay8i7O9|V zmR3evc_fkI$pnG4{{VLt-RoW_v%1h`(Csa4k_J*pDj0%KIP|3(u`}k2PlsB4#-nko zY1Xn^0OTLtmB|O1Rm?Qz~^sQpGCfc07i(zxBB!B5aE#kr2 z2~%DEn`AV*kRz3|D9+6HqDsbc>~^WAv@na=9a07PnCHEDUyi(EaW0QOnHZ8deq}8i zVD0s(B;))MY2sZ{Lq3mZCDN`i(t;1aYWg!up8XMR?`AI-&K+s zuVt3{NW&~!fe53x1J^Z{_R{Khke6xgSV_+Q2jf+HZeooM7fyTcG9t%fo}EqweO;w| z2h;UW0JYw^tiz&9FvYA>COqcGRfBqa)Ttw)I%;^vm*C4k4K((x6b~ad-}laO!L6MW z`##$L08_OVkwC!=OrPD(IUkj486!H9eAg^XrnHGYy@V*vMiq+Z^{O%Hl3eNYM-*`_ z(l$x{^K|LyS~)8jdq%W1)5DNSYi;(Wo=Gq;2;eq*S3R!k7IyL_rXgiTC4!ztJJv># zpK)xLO1IH%WVE=HiGgyAxHu=T>sD6Q);n8^{{Y>|It(msM^91uR#KNkSnsJ%M%3=U z(6~Nbw$tXE^1i~lDI$*L7}|p_-}Q!S~*daqGsP(eV)oUhHNB_ zohw3pQvPeG=9%3$LKyG>`c!gsIh>DA@aB;gnQFn|Hxh*-gMtov){-^Fq#A_ROA0K5 zVyl6WJ-ztrS|VcgI2|)k)J@Iht%ONcxwS(N6@7?a@wHpK)H%@Uz0uTgx@}q-NS9W&u~7-G+Nm%X2y%bZfVoea4w+ zWk}?h6(#;({>u)iDgkH(}UEl*1k*yy@C+C>akMF7Kv=cRm`taz(Zz42Av+h#V6 zD1<3Ij&YDE9Cccr(IJ9A55h8j)cIBna8m=Vc??%~Hj-RDyelM&@`C39kKsze$=u%8 zZrl433&t^}$Q*?|s|QEAiJD8hgi|q4rN4_Fl@6a`VvDvB!EviaeS2>$)F{K`&urJO z_=8or@eZM;+vp71K8Xt;aKo0s?~d8c9EOPKZLIXQXk<45=0^45k4jBu32xqaF1C3{ zJh<6^&(^ep)KZDU$EDpW-Nx4wNgHr8$sbCIe9L8(OtL3p3C3$x6i>4$>KC?u*+Skq zicQ30o}#?hOz@12sWVX(0#oE25iwL(rWodrs0DR5uUU&Zh3DwQQEscef#DwLgQH_}OH0&#N zJI@OErQ@_{Bax+;gA|R>w|=#~Xm!0=u37EHwX|{qrKkC%_uJ`J7hxpR)VpqN>|vTq z)Q;wN$OLh>n&T$a!M_OsWNiGW7%N(HbT*4RKkd(w-b7euyNNN#A2H{X`PT#D4Kq@Y zY_|>MM#FP1I_IS+6xrri-)gqhQC3GV;PQJPYVR}~tDQ*%cScC<(+Z`=27Rj|89SXs zmR2HU9&B=K>Ojaf=KdzUgj`1qL8Nn@gN#yQPQ`sb&il@{ltufJLY2oO>0d$VIwibz zFi7e*k(^@~{A(#TQg_h6@eQNT6t=f^@lEsQK6?t_R^kgyROy#dgpmiB=nm3X9gRV> zbkO}6lG&O8GVDHBi#WRo? zqT@V|&{oE@*{f|NN-Y(XLj*ZvW8r4&VE)? z`1Prh(Cm(<^&Rlj;v(HyS>8``4A8kSUn>)obN5?5`TZ;2u53heB+)r^3O5jVWh2+q zn#6L6@bB%L`#))49sUdW=i$z!ZFzY&moA~Dc|+!u082zW^Vc4^ui!`G_keX@h5k0b z@Qn7eT3p3(FO;$&0vOcbDI>Tvuh1gw&wuzcufeK#cHhI7cXqPgz}{mF5=Kair;7Q!n(Q6TfQsgvl=|L9geDI9rm4Lb7-k)0E*xh3yxJl>-{T})Vw_< z@q|fmMj4BZzj$M(wQ$p^Z4pyFFTy@V5y5EJiD@dQ@f?yX+BC$9WJz7OIOFFWAA0)S zvTjh+^KlU_$Eban&u!$!tlSaQ52a^ZBr?Y|&Pyf;03I`5)HgiFLk05OTcxN*6J#j% z#cjnAvDPp_?Pk%6iGrk1IN+VXl1e_G>j^;@f($TK=iF+ zA`V+d(699io0fY?3@Anz9;1#({A<%7v`rpBldwc26OqLn=qz?RMaGXT7k+KbLGkjP zxxlX$@g}<07Zcf7Az>2`a51`{GBa^!31@M2{h=Ig6;!t@+>BSMKBpz6sWAc~AT~hb zG`W!D6UqEhc)G>ln&o1dw*l;b3aJBm5=SoMxDZD@0Q9NnHc)3*7l@&0qmc}^3=hwd zT};}(o2lxyFh-GC+fGDhB;gw${4TwM?RDWa^r&^kG&l{4h`e>-bb!&WWh%x?s4rw-Yi(UTk$=f8|rlt%03C!i{QQ z57^ix<*%7MImve1#2$eCE7tD(PZiR%p_9z}#YY&e>F#pZPREjJ7nZkd_fi=V+Cnxt z&UwXgek-8*e|wSj%#`8D`1%7HqH! z*N(L!Y5|?MB(bs|m4`VMCC6<~VbJx6&ts|qc zeGa3C_~PpxTjxC%Tadkxf=7J+-$flgd?Cl z`cP(dULet|E!qu26t{tuK`Mi($2G`Ds9K4F`9tRKo|FxhwR^X*Q6k7f5$R3v=CAgY zog$hxSLbQ(K#P~UC6mJlXOuT200ueqsdN}2)8M#dWQ`LXm%;q0jMEoz-Ma)O$@M*J zlGNw>HO#9RBN*fk1tQeWNA1gbe9Y|oqklp(U2U=}ycZV?TG}I*8Q`sFDE2mt&uz20 z(KT%*Q=`pk91_209i zOA|&BeqcvDiskQhmegdM=Q0*NvGt&KI7^j~PQer_e|UGT9RVZzYI%|LI4s?BL86YQ z(0XpS{hy|8w~bpW7u4}wj;(X7UcIESLnY4XF@kUuXOr}z!ty$)JUedET57TqWsQN_ z2^cuRKas78H4A%q*b+R!$ic>FNSpLI4PRRM1Iv#qA$n&doK|!ZTg^W69BRXpk=m(g zu${JM%zCu?b<}BP6e8J1?E0GHd|Bdai9Cn$(m0Por>j!1Y1HIk)2G%XhH0iOM*tpc z(DYq5$h3yaa~n*D<#4$CDa8f48#=#+Ak}Rj&pV%PHlBnUJU8K?q-pbiq(uXwfE51# z5FUn!FjUc7RF>M}KyZd$m?pUGUqpiJOL-a;xI{Zb_o+g3?8o>UT0h!LrCr(GJ1855 z+^Em5YV_--w6S-P+bTq=asuGcG>%JE)?m8PouD5(fA;PY_p_WMerZv6Bh1Yse(lVheVxovS?P ztGYNqb=!>R(xjESE}?T3oGgeKHrxTnKT5$x3aWPe%y4~w8VyphBiM)|ljaIfQhM|0 zUYp_H6x~ImNuk{nDn@`KOM-pyPc^hqNu0Fyce=gtiWom|z@87?QR`cpHiVXQ$8h2X z1As6qp)_U8&ZQ<22humaNuMA-9p1Ne9Z#ryzb+ zV_4HuPeOjums^)``s1Z%p)B+73+s0B_`gkkMaG$ClL&~Dm2OAO2Y&U{d{WZx=J6hs zng*(ux@kgpjH;^~ako78r6wrBot)Y~hAjRS-+8me9Y12*KMpV6(fK@+BY4?)OO;dn0$=pB6SSR&$Ou=X00Q! znPyPS^L^u5Md%!icA?@M*{z#T^9=Ds#Hhzi`c_S>Yro8Ler`{oq~vSLUM)1U53&Vz z$3a?yP@Q5csVgqU`9VAn{`48kE~0o>6%n<5osaJvN7QXKdn*t)#1dl(Csd*?PqyjV6P--NKieg@{`Z0 z=6(Uu_4%frDafA80LKHK4^v*TdnMMHWFUoPV(ql!pv^8qqfqj%6-Xqxv9bWV46^`n z$n~tf3rn)PzVe(btrVbv*K1Q~X`cNp_t`YV1o4=hj0VSA@{L1V)b#h6UHtoZ1g`FY z)h6}^?0JRfjkPN+M%6V4)ou5kn{r9|@m)WM^$7e!cXKwPi{@i7p5PAW*0e@$qC0zS z21xY@|A7XJ}8A?Sm(2dlsV`t%%;{_Hh>wJzTgO6p!?QxzT%Zl4LiH2lGNUSt0OKrI3U-U zPkr`@_sHPJPImOECz|4oP}T2we)wl!X$1x4_bFLr?JZYlKFEK zsxlbk9+~2|beJK6NaL4w820XI9T9=o+37!QxweN;aRsX|3hmG?YQKylv9*yc^cXip z0M6l)xOFrGhhry9lTf&t886k`1_R4IF$5KT63K2=yZF#Ypa;ph>}*|?;rvB)&{lZLw_@=%u;2S zC;3#l0z-6P4$E*_RRNolGJ1;N)ND&p^?x7BsYx09PP!T~48?L2U!Az{JWz{VH6#0!N$cnwh=2n`xhj8$0<*kNYxey{YpZar zY!o0WJv*9L8Roj0rMs#|34G)8tm!Q$NCcT*H1r3xRWv5-cRC)Bn$3%?ug8p>?_VSEfV7WbN*q!t{eFoc8&@I;5FvT50fiP|+;l zxv^*<49-4w;PKkNZTNYPW-QX|ABWwYQJXLCd;=bL~!1v1+Z#TGh(wlA;Mj zYysXqYbFm9X|9VK%E8LF9;TpnY~;S!@m{u|vK5!^gXl9`l6Z~pT?N~j*+|BFVx>ys zj60jL_=@s-3yWu1)jZA=9PSmw-}pXhE{45tJmMGo@SnPU>Wby)WycIUbgwSujk*#K zUuxRY{7d#*pfb-GT%6ElC1!V$>UurqlLN@f_J$<#d9Ev0k4?SP*lg@IRdVp$KE?~AsP^5+Fj`W+b88O_u-EVjD(C`PPdbfk)w7a{4DJE#-JPdyk zq~r&xYML}!ewBHx02<2F2A3S;@atZEqHA#KvoV5Yc!}$bZT2-ndKi8+u#;1o8@9eK z@cfFaoDp7Ab8R%tBt<(BunHQuuI6^R*7zGj(REJ}Y1V!&)o!$X4T}eoFiV!kR1ABJ zSEkFNCY5JD*j1W5oG~AGcFk3iE0aUd5p{LEd)0vXYxl-;TDpD8>UYj0NbTGbPUC^c zr9)vTb~NX(fIQbl72B`MFh45gwF|Xa$IK#>94djysTzq}Oz`yA_S0Pk{lgXv!10k? zpN70K6gE$CFOQn7x63271*DFG&rkB?mRpENJOk<}b+Bx->8`CJ^V|*;aX^nC*R?ox z4HnW#p^_ayFfD_?9CZC_pVIDaZZD(Ll=;^TMsPAy+|UQS=sFgcWfR&MmgSh|Ip}dj z-W1dP^l4Z3UceJg=X`y0{1loF>R-D$@tDKjNJVC5# zz8*dsvbjhs9zxE@FxkdB*PVE?Qq>np)9m1V%CY$*XNKgGe_CorGDn&;GQk=oX8?>a z&sx2uLY8+H?IIT_a5L-cQOrr~{vW^lRnki&F3}@`>fIi)^~ZwuSw34bMH-db8-tTl z2PfkR9^c5Y)7=G_`SPO#pGxNRt4Wg1S*~W6Xk&#v$F($ok}K=hxKvAd1UTV|>+M}G zkv;r+(p)0OsLB@yrEH=HALD!NO7~TnuH%Uy-SS|be+tBXGRE%OHE1J7L%0?^=9I}x zxsjtDIKOQ|G|ONUIe1Jw!OV>Pv6qr%M{q|CwsFyXsak*Cm(bJq0D zBTCh5EOkgy(piy-1oGh52jfo&G?!NQP!M8w`IQDSRLY9b^X*H*(7`juAbsjO5zS** zX;%7kOLY(52P3{K32qXJ9fYp0eGRR;-U;qRm{b6U10UmCP-xohTD`on#Vk5|##&~_ z$_9E9_|ilxqqSWNOT3BoJ4oV#jjBP;6+)9yrE2gZSdAE}f{|%WT)zFKG&nKp%Mj0EJSRb2}VXzoTE->o!+bd!*ee zpEX6l@h~XXP!57$T&RaxbF~L ztTu4mtjag!mIs_rCb}HghdgZ7GfQWu&e2`)a5&sO^IkpT?*{mSO?mE$8DySjnadrm z7(IaWpl53~pLeF{7O_hp(@yYD%gOxxYoyRVBir~=?@GUp&8{YoB)X4JS{f5a&@y~f zyT6XxQ?(`!IX5=po)7Y`9@hLv9p(O^acrNyW&%UbTC<<~LQ8tW^EAaC8p=G-8#-Ork_kMqtVP+WwbmaQi39a7w zTBMpzq%H;Q65y{OXFOFDd;P5TOBR)-qDXGqH2@aLCmANH>pBhOT5h4aTkS=%j;=5V zzprWxWRINg;*u+?t<1B!uq6TKIj^UDA>vrP58<69{6js(qg{d`+;D6yy< z*Tk=iI(*kQmU>8r_2Y=BWysy%pU$`s?7e5iuv==E2v!vU2#EQzX?rt7taqLk@V%{t zyM3CGJmO`p?Hzu5K9&0v^dGzR9633M|tGdnpnc>|YYpC0NgXUF1 z^AB%I*u}un@PEdrv|AAdsT-t>1C}q-+P$a3KM{O8;!6w5Jp)dVO7pB!&g5avGsm|y z)%q98jK2_kR?z$vtVyH2wZylg20mgaz;njZf2D9*uZ_(1QC?fxO+D1TnB%Q!3-uyV zv9+UJTxu}90trU+$yMlU1$+l+nzXZ`!EJXVR38t^e=7mRg%Kg3Z^iEU{iFe%T>LBS@f3qn*+V%GKe^xZDoQq}G)qB2M= z;sY6PpdGodC-{v9wcthS-y*>vd9_qs7`551Anm$NI`v*qnJ!&lM%+w)$kV`GNuzCdU$xGN8yR8O73;8HX;DW6Q)*U_ZUlVo zfS`9KrIIAN--mRKF|{k}km$(9HdX`-9&<_IJN-7|@=NHV7l|$-`FLpZatZwNN;B$b zHPreQ8%NTSJgFkNm7N==N}o@DO>-VA8g`WgSE|V^-d*QI5a9^V2DVe~Lw(N_ZxlnX zm~W!B5XFvFGN;Q&Y^xbB!hM8O^iq&j+4B`c=yh1nF40)NU;m z?zZj>+;jD;{U6kqnIF0uFF1Sjy!_Z1VjBLmE6Vtk1q@`L|=Q zJuzJaY4cBb_t}Y8h1v!-`+-zRYkD2_*OEWkPu|1?37>yVo2Lqxf1m~Csef4WAb&_ zbo*^PQB~LqsVwV`2+wNbVzIc@Ba&Byo&2*Ez|Z*7Y>33d({JJM{;MdwjN96w`HG*J zhkOd3;$Oz?SHw0tex0Xoj>63X+q+6t#yJ_s6-oz0W1+-&D__*SQEPlPU0!QlPjgKd z+9mlx9AQu4QbXf?Z0c8*^1#vFL_!nC?*(ZUVNM;7pfryW-A|#~*o1=KVld1A+zI#Z zU2^GZq3LUNsY;LL4WYvTUA<_z%_#LK-)g9~No@totia@R_fM#=JzWK^W(B0)zsAfm zNU7&DXyhZ*uNTD8>5++UH0465Fw6Fyg?(aftudt-_0bTj2+CrhCmBwpY?XI!q z+RSa$8MixufAA|G8B7PpJ86=H$f;N^=iT-TC#pThUDT+bvk8RnGafIrom-5bU_7+x0er-**jb8{*f zt)O*aM?1ai>dhNcowVz8x6Dpg%Vy{peLZP1WR9a$E2G+3HOv0`MBaceBd=e|xVx=I zuc3J^lVoF(pz=jz_aJ4PSX@YtZ2+1voCf5t<5@l-zLv+!iq#`hTRA+84_cDpxkFa* zoziLM9X?xTGR3nPnk9|IOc_kE zvYY^WW4#7V+heQnoI-i!mf@WW@tpA3uRxaYC_!L8Q-bV9cOPnrOQAP9eLe{0FkDS5 zLdxHF(0bD^bwM@cX)DVdN=Y&wy4|r(G9NS8)q>+kf*t!JmR>WLz^^~lFRW(1nF!mK z85rtoqAXt2%a22EJMGgna}1v?M`7+gY1)>nW2WSkEpQ6$8RDpMnVCMSC5>G}3>@%q z7QB?(N?v~@H-9>J<>I_0_3)<7b}o@h*n$UKAiS4r`sThz4; zR?5iS%XMmz25B3ilRlrFQdTrn&pFX_i^->gSfmg_*$%{Ka251jw!b=Q(Zw2b5AZn^i(Shmo$TT=>oB*P#%IpiGm#bVRA&hc;bzYW>K ze1(!w`-%bcWDi=iXYo5t^JBWYh^Epv#@J9-(~sv$%+0{HF0}@)cxSaSMFXzn8^6Z9 z_g2>N<_%rLvTY$Q{gF6O2{C zi=UyJrs;ON&Hb002{iX+n8pR?ZDhrt}xWp5tY`(SYga^wYdT^ zN!y-%$*wNu!t+(vEhDspE4(b6;|uHgihQVXS3N^nlEcFKYTZVL<>EN#GRGb3j?w-l zUteDT0H!QL$iMD@IM^}i^{Mt~-km11n=4I|}lPFEd@&?aZ;x z{$p)zzk3I@W$a6EvOiM((6Eq>?&bbq3h=yitm&0nbvEmcFvB_AYjrD_Irbo)6&O$- zk&&O}T;$er#N@Ot$(}Ge(>11Av{<4S26Egl%l`n^uXgwq@o!N0N8>#U#Tq@#QO$2W zamf;J~B>3+I{P{uVy|zgp*%dKyb(uZG6ls!jH9I$M0Qk5$Jb@~`9<{tIpUB1z!C z8QXkp@J5AusrX}Dn6#oc+xB_0$UlhvDlfA!NAvCA{{RwS_;bZ#M@S>Kia#<)XSHD!nV>#|6IM4QWsRZaWweqrhLtZAi=36{#yM1lTpoDX{Xs58%$PLE9R-RyS% z0NM^B5VL2J0R($~Rm*GA&wY6foMr}qzGdDrck3G=aGc*0X9B`bdz+ zJ2xbbpHo|!$AzS|g|3yE`1{%Wrk5y5^f?vNX1ljbw0-DFR#Lde4QuI84j^(~T>QR^ zL6O~0DYTB?$sZub?0*$=I-T9!{mGU|5#i(IVbJ!ZY0cQdztpu&JP~OOvq>V5xKp$r zLTjInEnuXVlH18`ESwSsYWW#5dXvdveW%;Ud2tFz$I$fp)^*;!dhtzbByut?(g0ov zG@MwGhq_5FGqY+AMr!1(6}&3!L~E1RwMEU7E?8OKyfaB}5=jra|N zZ^{CB2B|v?_DkOkNZJ%eIV1B(K3FF$pL(MohfF$m+L}d@LBRv4HLp4qj7e5IW-?D1 zRAG;sv8=_`gm&$1D!6^;815)fP?NES)4DNxV(_kcAlGeaeH>Pfni(8 zChsouPc}$UI#m}L9-pJxl+d0FbxVIHAtZpf8RxM4Ys@am7otg672Ih_8aW$wc9{L> zAG^kL>snB0@Idj-p${D?IHY6L=yeOYBe8-w6Jv09XY;Lp53$PKakwcZsvNW_8n+%G zODAdOl^rqAo-V(rA!bPpHOj(0NF~fj+*Xf)2aHvHt*Q+s5{@yl|l> z3y+uz^9jssTIu5v;9*}F=B6VXf2v#;Moq(S zBL_LGn+v&hJI^BJIZk@lvX3 z@mwK?&fSi=KTPdl@7o%E#p%nXLP38JguIWg!kuM;N6eXgsz+= z5tLPDR@yl@>q$pTjnp~~4%2Mz=p^e&3T84Zmyx#=Zk*uTObGOGf-M)oO(x> zZYM}Wt9-?KlUMDehSqf?EKWxhtPQix^~*_hO=3d_nKzl(4*s>dqIh20PFsoZ(m15R zCp}uRk{H|j*es(0I9=B`JYuo*y;jy;L8ZPQy1@zn>4C*bsmSY+E&cZB)3bT1H&~qU3s{mhOfoMGSViCmU4Mvt6yz zLaQ{96l{R4jMkV5}^d(`sbfY==JR{Q`I%U4vi`p z?X-AeD{ux&NaPN4^(XYHlQpLib^Q+M;M1)mxiMQLpS_P}Osmfs?a38~ccR#xN@%Sh z4{DEq%sC>tq-$fc{>;2G;!Q*+m~=Z4Ae&8d9 zw=+Q+q?bXtJ%FcbR)B-voZ9>a`OUM0G{(=W8y?5zy2 zxeF#ZD1CmE%x44HyeZ;~>zE;Hr8CI5ZNzmSTJL;8;sw0Yo;k|DAnhlnD`>Ntq%}P2 zO4R1kZ)Lf$c0$NefE*Bdf-6$%#7i}?iggPqOin4$79g#)f@(BqOxc1-d#We?o-pqBME{{Z15 zEp!veM79VN^PC)e*PKrkg!<%hv!Y7uN`c1e&Y;q{XIzR4eLSUC)}tLC<|f?H3t#TZ?Rc{uKCj-O1Gq}-^USm+7G zOm!ww=yaNXh>x~OV^?MzVDvQ0o0ijVTG}#FP^`+Z)L6%6E!si$n8rB%D$|tBGY0bQ5UWD}05B&U){Il#Us~*uOEPeZIXJAGONq6m zYTAvD?pns>03R%jq%YGovo5OByR_gmWD$&XKD8#tpGk9XYdd+_Uz@*EQpuu?dUVvF zjz>tNKPc&+Tz(W-0z1o_D@&JlRgp*ThB*hdak{m~h;D$on&RVYkXeA}YLy}L*lnfd z%Z0$eg*~)e>-XM{@GBK_rsKgPillVH^3@?%ouPqcnhJfyOHtYBbL4 zQf)@%A+*Pz3}Av+jGu1xZr4|vN{wx=5#thIhCQ$-j0;md%i;v~)4;25a^6{xZXt*# zJ+do`w6U2Wn&Fm7wx%-7NdmM{v8BzO3f^1xm^3XK{{Xk#Rg2qc1d9{I>Y(93=K`q4 zTaRsRG_!3Q03DkIgZF--y1PwVb*fBG{ITM$GO{_^cRd%u^4RLhbns5CD*TKCbU#YJ ztW9;{s|&l=bhw*gD68D|6%CgJcwV8X>Uy--H#ebt=HM0Q1Jb!UEgwz3g5uybh(RAI z<#STvY@~MjeD*h%V5+k2BLTQIB(OABA~;dPFascTtBe86)v?m9fD%n`%A3248ufp* z=&5U_!Y^Y>hh3Ww_q~VGn~j8|&MU><7J+XATgeQu5DRP^6N=*Rba#TxvPL6f-AAQE z4r3Zfn%dc3X~5ch)+gJfX~>3WizkeCtki^OTxF+oD~z`p@A%dXgD%nJNgC%TG}5?> z0iv1Jf(6BFXv=uF>h>~A70g>*P7c$P(w`t6$>NU|YBrt*)U;WYMz#Bv~qpyzvo>xjb|)ZsR}vr{_!j`pK3sQRs&RZ-KMi}G^Sr7PnaU9$zzTMQb2hIq2V23PZUbBT3o?kK1N*R3}>8r*JGmi ze#cC{kVgt_ZskT;(@{libyLCiC%KV#tL+39JXf9TKN!3h;mg~bUlHpT(Y!x;G-0{3 z)9G1C{Q~DZ{{RbH!?)90+-ZfQfuRz4?I0pUo`7{6V!Z)8NoA-(1}5HF2HtWhDHC&^ zzJcIGc9B_Raue6_u0zB!#?NgGhi8^D53YS`z~ob9-N0XyV6}MW zoz+;CKXl`zHV0MV%ZcN-w~kpP`!;hS$4WKtu&${ou$5(xpkc;;3P5oBg^k6<(YV8$ zaCzX?rih|x(JxbFws23iR9%GRZroYgdCeV}^JC8k9ji{?N?SNCZ`d!B3VDvqcuv{< zYW<+kH}NK`V<=sM-)ZDOdgP!ce+8?F}$N7A;``vI)>1FjDG;g_t)0>fgqHr+@rS@?!F-LCYz;rWqg4QnzR^JjA!ou z0C?9drK!}Bz<8hH9k+T%de((I2tTLUNj{{V$I;hm+ly1QRq>J0HDDu}!O@y&EWBbKC(wEqCJ z=hF1Cs}hT3@iW9-hwm}iel_xMiFFSUYgf}vXF9xOGKJ25Y}U3p)kb^w!)x73Oz`c5 zGaoYa$B83uerl!St!G`-1V+v^wV7OoMjQYQbIvD3YU*=0ChGb#CGEhDa=}@c^UoEj z9*qW@wequ}O{}DFPpxy<*V-0zZwV#e+T>Xh+8$&IK2m*otq%}*nk_EIG>aH*VImmg`2=iv0~o9?_(>+VvbmamVvK?|@^E_R^`zoW z+tBEw)b!u6+FV)cHun(70c>%!`d2xu>w)uYU?%g!1mCwj_31=oa@0<)*F%S0gG`BL zl{F<9V5@+~(A3%ugT<=J4ah>#&9{@&6{<#Ob9)V%!EpBKpK4TYPz*QWUO6O}TJ5>8 zzk=cu+ypC+N>Yeep3}hkrke06xF*@jkOnx~KDFjvB93^qKP4S5Km@)yDtlILCW#}K zxA<*!;)}s?sa!R-i)#M>Xxc&Gj&eW3yLj~<4QskQR$d+vn639k=e%2FW1r%wV{%1* z4C!uUk~`9qKK2Ns<-ir@9}(L}PZVjot^9U332hIT7RKCT&N>=G=P@+RYVT0go_kk@ z4JTna+;=l)`BWPJ0Eo349Q}$vIyE7mX(X`p1HAx}Io&tn4xM*3+%v4v-KkYrfWZuX zYpAmEzRRZY?C$U^tgk5B>EHD<6>ThY7ce{OGhL*_TX}?tYm4!=wRvd_4>i1y##>_i zxXJdQT*fw^ZEt5|2Z$a?KHTgJ1m|Gw#d?mHCYP?u1owBT_Ov^QW+9w(pj_q;i*$n~ zu>((gF|cO>D4BTg-nK9NDWh6Lael43-ZWCG-^Kp`*QDiObL>;owV1CVpHH_`w^$eC z$-vq5tV?!^-aCj{x5{KJtjCf$;8r&>Y;~TmYp0n2onf2I2X9T;uD8aqTzG@S1A8p` zd*(((eeJ%2i8v4yuiE8%~HR?5!q{{T_Cw|oAn3m=%NJqNB0eIY-I^(FA=)4Zpb?CMNt z2l}-m1P`t#Egvm-^TRsEtK!{1Rns2c-eLpYD{x#6gnRX^ElWnxwVCYI?d_8J2r?C1 zmm~iGuR(n5?)*34cb;kW4 z!JiM__;$y|nuV33YBSrg3%n^-2c|ok@{fuC01oaF^F`Bc+TkL$Pc;-b3Al8}(9j&{ z@wq-3&o;59J-lmkZ5_aQOR)qf^!2ZzH7h02Y@w3Y&M0Ik8a2pmym6Wd_J^9?w!3+y z>MJaMWC6FzRDJKEJv!G-;aG1p{{SvUw||_1+t1wsf=!rwN2uE0Uq)_GA-En{Md0H( zBj2T9>htcqv$wNPAY30UW+NdEGn4hfpq)=-vC<>|07sNEUX?)E9Bw%Ds-8daWT~P} zHKn{Zx0g{D^P@~OOmYDJMuK^s$B}qzN4?Qf*GDGzQQt6K#d1Mo)caSUc(cN~eg2a^ zmwZ4~2h3LL*z7+lPATqarDMl5JwL)$V)pV$f-Sl^L7t2U0^#Z`#7T^DNcAT$A&*S4 zW|@L-Vm@7fS9GiWu?5A%NEMfn$mg{NXB}zqyTlqMz5f6SUCqIJSw3|@K~25E9<^^( zW!0sZOW7nWjpqV7k?HzSQNe1O6k2LARSNSGz!UdR(z!e9p#{5!^5vAS*v@)2XE)H+ zGBms=Wi8Cs*_G$G$SiGRcZan32e5hP2o_RUrw|d&1zKGY}MpYgKFS}9a}!N z$KUJvXNRDs4JZu{L;fZU0pzI}?nW;q3oClpJA zA<`{1-Fh*iTHb0OVKM_RCB9SC4D_$9{5g4Z;mt59A{X4OSdW{IKb1qL*utUEN%4C^ z(KQVo)J%0txscDm$}SHo$MUZ)_>=Lw#NIL0FEsrQ*3!*hNa2qFjIXCp>r0WDqhlW`_xWfBjpG9e=}cDHiv5Z z9C5-VcVbC7;j`FMQ3j7I)$H`$5%2Bhj2o$bY&&I@hB^wd;S2j^yGse~Lfq{vss|>T zT?yqool8x)hyErCuBiV2cPrQFUTv)DnuDX3V*da)3tOnzq^@(3=pHM)zS5zxw3V%$ zik2z&1$r)_;n{RFmg?@_Ramf&#C)N>{{UKLs%A~*k#BbzCBujoL}y0huQ(ON*!XgP z48<+lT$g8)ehY3V+Fn1?xm~RT=xCMlo8t4~p*E!r~Ti`do7FY#+M#_4-se8G0E$ zAh9}~q_Cds>N*^Ki%?z^8Ul#y_>_HB9m0oT1B>-OT3;1Qp};4 z1JoZvDtQp4Nf=UieRQT$Zj)<#*(U|Ec_y-NyftqX#-ZXkMDjx%Wpj~*0B3<&$yi*r zFgzLJTP-X@* zV6AXB%&JDi->rEh3w?7chEuVL8+&BQqIY8ykn$+Prjlp8aHk81H6CV`G!MCA~9M z$cf}Ac#p*TwdgS0hkIlIJDxWmZ(4)Hi>Tkl_F^A?JWV-tf z)iHuqjy`(nE^PkS3Akn`sz&3`kF73NClj34JXvMo#D!qEj_JV90|if|a1eY)vYzgL zvf40i7x%+CJ;<#hw6L{W9d?(izOQPCk+S^QWkmsxJ?qgX5$PIrq_NvgHOt7VpmG4u zB+_WYQhNz~Hr1Nq^6lLY3XF6fmCa5*+#MkewBVd}6*78?EP!1^taR%uxDsf<-M6lL zX0;^n{ngBN*H^JWmopSh4DUX|g%hR`Jg3I7*lCv*me!YPkq-CT3i(Grbmq4F4WsKm zESeZ}wG0`&u_J?zau4TFbix-j{8HC?1os*h%mw8N6in^76VT$Z?X(LNBKqMsx{b=J zF}v}gB^wdT8$69GB7{@&ZR!WTN>mS_V!GW^NBblL&W;njWG*^WjBE#u z_>C_;bMHQ`H__MOpNfa005}k?)^; z(Am`k+ATaIqWFJLyG=Jwv(sVa-)Q-qpMK`PZTOvOCDq&?WVDGbBU~5T*Z%;oS;l?J zl#WAAwVfi35nCgJuvJZ0QNFg_6O2Fx)(zIQIprf)!Pe0}14gMI@Bn%Y*QJ}NBEN>x zS4iX;IXr>&q~d0`JYU9|;!CPrL1^D8CphW&S08O?Znt@FBTdsRdQ%4`dVY+y_TmUG zo@WYxHq-p7mc3(c(xdr6$!-IvJpY$kFGxvUXBJ_vsO7Oqu4I2 z0@}M7+9xp(Cw*tvOusrnS)4pIW(!)WU^`Kai{&dzh{yV(5kc z09xyT&nXj4EG@d+ji)(MJ!&5&HkTgtZ(t(*=qoG9j- zZ3(1t8st&kqC*Y2+#BXldsh{Eqg)w`Ys_JC4}8;;(8-w^ew#nq+8NB7dVIsBbobgM zZEn`_$GT)$-WSoW`-UyS_48gg$U5w_5A1bW4T?8G($b;Yr4665Yro(JmETk$nB9 zFO$OJxt&%CMnWr=W7JbdGNwzWXp^LVd$8Vp1$1^=eWJIWaEuvw1Haa`xJ2{+01#?T z9pQ@JN#cZ^p!DP3sM}kl^OSSuL+S-XpF+;FMYa;&c^4Ne91WGuKIrtS+QyftY5xGc zR3Bj^0f!$oPcsMRR*uo{p$%&13UjkOR<@sUbRsr~bO)YCQCArCWH(|>R?bOnw*q!> z2|l8+tt?_&xLusGjD6A4uEJ{j9^GWxWR?jLbw?|PkpUbTU!D?|H zA`|Ko!{>%E1AtGbrBs$pI@H5#BiR@OuR>_C(HCRVbjeoMz)x?W10b9&yD z4b}4;Z`uWB%$D|$nWYMmApo)C6qwXlv3q$68CyL~V9vLjxcQ0NrFxp;b-9JaklaoRyg;fj zI3w%pOx7ns;olK8<;}H~)Ul*PJ!6XM!rdCMhE2@ggFSx=w8=Q{ z58vJE{x4lH+gw3x5Uy0^P7Xh&Yv`{ST5DbgvGAkluVp=*%l`nR8CO5M0RFiP`qWLG z5j=BRzPd${Xs&m*@Od3M=qR$dj#vb&LVI^6vKdbH^5!QIq;8S0$T;G>`@}k=(PGOb zT;viDG~&7lz|yX#{q&B~Nh^GSkgPa-Kvtqpw={lrqo<%7xkn#b`L zr9IZOr`p+R_m2= z9x?4&>|-aX&0AdB!7@9@p-JhUO=arWvCnr5maIa9o=-K6`kJWq5bF+5TRN}k-Nba9wY%B8)II4`SGtYcIJ(Svy*mMaG}RS zD@e!>GSct0()yK!<+Leq^I=$aPT$U!OT~&ih=7&uRN$ObCPprqWhMRKkf?T6+Cwh} zyGdeLqgdgEVqODn=~WbS$(ikcEwlZd2uQ%rN3CklEVr6B?+Lh7=kE2XC!15x8&OT; zd@lou1`ct!S5a-MyvkV%zIeq2X}NORJBdtsqc}a>3XvX5$#}w3TDLqW9&k@?#S;o*w9J8?bK5QD` z;?yoK?j76~W^b62lZv7x6SL8kBZBmlcbm&4cK2-e{4-p5g7P`8Zmys(tDc0_#(l-? z$_*L|fL&L1dG|Hy9vu5Eq?VVTW?krVbB~+zs&XYoo~z=o5O`km!`60MbaO{`9JGQ( z7|uHp&N|nGUEM<%ljq%!PSuy0sl-D)uA!WeXBBdhmm@JW-?PS9T|)I6i0f8S7tLU# zAt3cU8p3inf-6mPwV<~F2E+OLnyIf$n;{Vx*;rw=54wHp6JkFPPovu<%IYwMWdgu1ts>bOPp(=ZKt}j;p(3bgUfyoCu z#(D~wOQ3Qyr_w~}rQ-2I%;e{ug1MRX8<)PegUk6MAOnHO%{WV;EgrYwSCaPe<(}OH zI0KdHYoqaokz%$jc!CY6zN4R|XoPrFkm>hG%XIO?PdiwCqM3Jb9-nG_sNtU9qwN_i zD&-NUVz!BNmu(Vc2*)Fz>DIjEip7n|0uLj5`Yq4?V zK!4?#KQGh@0>@{p*;~P36l4<0+0J{K^1Vvl+E29Fd7Bi18G*;*C=mEON8$Y@)+-oD zntj1BkL6p3#2QYYsDEk2Y*SE>EMo%)1OEWm`p`Qa2AkvE4h>QX?^afs9BxK9^E2=G zSCVUb_3o+T8~gBLf)dzSzvTdKQPO+NYkZh1`rU z915AN@6BHt`R(lbH5#mHz-Z zsT@|Ld>SQdnIL#1Sz=x1e<8hpm34a6+9j3Exhv($gm7>(?@cS4A1`YtQl^>|)vpiAZ`&~~*yxJ8N zBLSHR!sj)V)`NtPDYLUp15c9v&f*h%t%0|w^d_@33z;=5tNV?1W%Hdv#;7n4*Y&P8 zj_5O-@qVeI_)gZ}4u7(2?{6CI zPn+(F#MU%~@ca?2owQS3%nQcdv(E?9oYu;H44oso_qIeGD6WCAyvja)J;+-rY&9y;A!{vDTMCn^m_^e=AQ}VvcDD3e4CG?_V|ev&0ctc)L}$w0Simvk0RR z^dxuBOmwOU#iLuqnhd&zou+D*N{MqP%RFi_+iD+*aoBj^?PvLodGA{KgpuU6c0BkLW&r-mSmFQRh01tEtXM#N*(IbHgk{!Sn zB=J^?XwP2;gZGIPl12d5QCz}I`^ z(*TBdTUT`%+&cX#{*M*E*{<&O0I1LYuP5&e)G%5T_>sS}d^@V&A_-;@Y=kl6Bp>jv zo%G!<{`%rM?@3_kM?mE@lobdMD19w^iAlFY%UT{&MqHp+w798hev zE_hE>)h=}lDAYr8LFak?mFu1-i0ihCYpMi)Ep{dV0X~!oq+Hyc6v7k-^{6FH$pB4C%MDWI@=I+VU$c5XYWcMTa*R%Me zM$j8c)pW@1&?S^jxUAU{usF}Z(xywGIHTq(Io=D4i4lv$<7iXI0=l?#%~Mdej$JY& zd$2OQhIaa#R6}x9Y;t}s@cq@DpWCIo@@H2H!}zoGuT%JAXL+vpK3Fd%xU;m9O^p-h zdxQS~>a9vvN0Dnj8@2HN0E{(l7f+5;q$wLb!<>Vj1$$V#jdbMsQN(bf?NQhabfC7( ze-CRPX!w=k`?=$IG}KmKEb^lrPCb9dzNnGbeKz*)7YQ2@QE|&H1oIz1_?kD;nYEeZ zofVLQxSgeIj?y)oxwT(4BUZK~5ZUR+@}%WrdCzzAb;;nzf*?$}7AC`@ukx3wI`CuyVTdOz4!HoN`tkokyH zg&bg$TDtUFcAV{NWFnnW1||aqxccInk`8+wbEAtm^|^Ift)ah(qiAEdlkTG&jl6q|_1mY=cPK&7MmgX%v zBS&E8CzkrqOIqCZD{l$d+IW4gE-pUD6a`u}3NTNmYnZ8$Lu$m2)3 z6R+A(K0s5Bzf4y_<7=q3TNo^D-W@*VBzv6>Lt`9c@Won*5{c@53YSW>@asg@jct7J zV88tK1oQY;f&4}B)t#-@kKr8!F4Ft$er4>tawCs9>U(0BHl*v+-tjMvyf=R?m8R(S zb47B|?Uc4yF$1@yc(%V~;qMVnR$GyCycB5Tkd3(Yq^I0`{mmV6$#gvvOSaMNnrwj? zLnh*&4z1BjvB`pX`Z2 zmICr2Y-6^0IIlwRUYiZ>qXp~flVD-dq+EU?orf5oN9tOY?whAu7^Cy&bqlf6?&tb* zTqWkOZDkG6*6o7aVC_{n!&Wjyw0!U5OWS+f;U%S`p_GB1qv$_c=)66mCBB;+?*x%4 zB#>A6)Y#5Z(?i#EO)@J;E$)~m=~M0%`=hmXQ(i}BYOf^hB^;{c@kq$=e-U3=%c?3d z4{*(vV!-6rbKoBjrR~l3t_-pPBzECQ>(}m|&Ve_f+W42m6UGxjH!BC(oR2F5a-8%( zm2<+@ON%>~o^b$Ska3bK!TS0EbTjUlar~|O9Zxnn$eGdIB zZu~nGu|)@zl4B_$$5Zd`Ow*kl=Y}q2)@@5_Gm#VJ<5s{6p4qKN8g;XQbcR$193Rk7 zOPR^*EVq$fTj|XutgH%0k-%=%>D~(PW!!pAm5t0U?KlkK#|+2$&_Sc7_;XcB^|-Ix zE|#ix23{ir-nlDp59!j*l0g)6MHHLC+mLC33Vtpl>dxmPSWKA=|#s%g<^ zsXUOP95DfqeeZe&&tjK^QY~KSO?WXDe(5~>0d(lF81G2lu72K_Yo?VUEGY~v*jV&>^1)Y3tnpiS)pSaBJW_t4A+)f+s|!% zJ+!cx)*=W$-Ze$W_SEb&%iTijShmtE?BTs>N6nSVKzoios{a6rbm`V8d!MBSjs^v$j=IL%+sQ5_iIe1Bn@RQJvM;<}3SY2Z#b+YF#fDE-t4fJr`ueZ`6u#_sw?z$#hDhI>np~wG)98 zmqLlXn%d^t)0q*;10(L>S6vp2lG?1+$^z#A7RwXu?OF1(7G1HlTT>KQJ4DPzImra} zu98m;Pc7#7a%IOjT<)zRDMY=e>A%^twcwnWZWs;#sr*B)MKz_mIg(q2B^Mnr{&Q4E zvpjpmmNz$OuOv+P&M{b)x(*#)-~!xW5x_L!>{L~amQS)ke6-(i8;o?tScg~!>&eyc zq%XjXNH~mRv8|gav!(Ffvja-^7U3m_cHHB=civ>y_RS;~ZQ1nnt9sszws~$LIl5qQz||EPo>?b@ zZf@=pY2(kQJ?mdg({$}VJBXyVm97ClHbwxZY08N#p@wULBwM_d%9D(9SFWvGyA(hW zU=DdSiE%M5G;4`sMTvJmC+KUN)HIvxHzCxShbN8&XDJ#Nw68I4k=d0~`>oZDd;X27 z#XL%}M*=cnupngPu+3&mM{O>$nw%T;39cG&0;mV3I&)O+wU{)RCX&fjW!gdA>SzeF z=kFBx9wxb0yFh%Skju~-k4&?-wP^0pu#q1a{uA|}XL$|#$#ric+Ig`tA%HjtG1OK2 z_^p}}9o-_qtmQ6Xt(nX%_#EKeP)1}w-%LsxW_j(JAL6!1E; z2IY_N=kHe4j;bwP5<WW+E`ix?~wV&A!cWo>Q1guEQ zAzUjTr}Pz^(cKrJ`p=@vJ=LrcN)Mi>vMC?Ngk%x;RQIr@+$@Bh@t-m>5Ah1jnV-ua z{1)5xO1HQ=f5*=QX|S!MP37Og3K8Wg611rd3J$>8;S#- zy}Q+N-Yz7@RzBX*wU6zs6kp4BvOGzU81>?+XxhNl5L_vE?i7^yPCz;8KPvq8yjqo+ zs*&mX0$9PPO!8mF4ag!evJ<{wg9DoL6g2(u3 zgIR1~@JI6joPo)&N}1=*#ax}pa2V%|_N^#4$1p|=$FE*1TXZ1mR?uSn191NPNd8bKw zi1tx1axu^Fn#rPC>~SqAv%d>|+<|i9RB-YV( zF=ic%v(0xbcNy~0gALuqcb3xHWhQ?n2*BES?^_aAg3`*~@=0NmH_6?&am8o&g8eNm zF7G3_1xEl5r;ft0mgN;R?NTXxKRw*VB`h$zR|I<+;%)B%oF&4NpdEw`KN^x`>~Gp! z@?+c;ah{pYW$Rkv*;`BzF*Aaz#&Jy;-1A{;dw&U@P+e5={-1?(+I+Aq8yEn8ivyaj zMsIyCNo|#IkuhS@WP1v&uC4qxD+0+R@UcuCy))XWK+baLdN+l1SYd-QCdE0)^(M5g zblVo6bV?U*%bZm%#%DiuYE?p+JjjD&fk-s7Ya&e>ItCoz@rq+aH@Ak}42dC)$EdE0 z!?z;x&I#`)ovs-03ScPu&~At7vH5K&fbKi853O)I)$q4s@+-vWjyq69qIvz?sMD{= zOEBC%m2%lyFi4TMo_h2(GM7U$dc#u8TP5Z|amnf{MNAoJvZ2`V?ewJq5{n2RjiuiH zY3Mx-GC7vnflaJQ$!f4P-IGuPExXw9)2F>Pg!Rgi*Kwv)Oc?bkqrDAx8If{+ zPvI5X4Hm;yw^^NI55XIH3K6NH7>i6u<5?A#Ki;eN+TNdjmiCDXMBoK1Ij!RzbTd<9 z^vPnhxML6*>7Q!tjB)B(Wd8tVW)~Ra6gc%7pL51r!|c}=l3qWVDSV;Z#}&^{1khhP zC5jhjN&|8_e+k0Znu=Tk{{Sv>y^VUeiFBF% z#x9aL{G1K>#|ISBv5DoeT)?hkmGCpPil-i>X%+dl^TZ^!)jgW1EPEE6rN(sEnrpzh zV7OD$-m@mt;Jc8_LXw9&vqi;XTWiQX_k-t!3EH{f8h(wXcz;csSi5_ax|(JqnF-q1 z<8MFbHJqet$Z$4p@Ly^(PczR0KgfiCtH<-M#^%y1jW}vZnJ|gHTq&>CRxrb!RLc)hTFi&4|T9eFqW|2MIT8wSE+^0DMrFI(7 z);vjZ656A&+Nvy z+T`?V@}C%6T?IGLC)xwDjHu~Ut~D!~IxdTKcVQ#>Nerrm%Q41r>0B+;w^w%p)nsK@ z&sO6!<$K&Nbvjj&TtOqbCN$?5tr)cERn+7K;{(>9PDi8Y`c!EYl1QOhh7@M8H7zy7 zla?xD1CDBxNOCJ^dRN&CNeFq{_>OW0Yu!98q-cL-d9T$AE?M}-?mAYjl8-U*uZVTM zKT@%l(h(kzz^E(71HaRQUR|hon^3yd36kx_u~HRC>VC91+}1i7Q|e+zNLz<~&Z6e20iP`lK@Ud;fo^jT$44E@t<43&IFQ?Tl5xFbp9CoO#bZc1T zAsIyS5=MH~$jVI0dl8~xT|z{#D>4S)P9h{dIu)`M9Ci9Rw&|G45 z_nK_>h=8z0<29k8X&S6IQb{uvPC9TfdSq z=m_33^JMhJXWRVOB0f#F?W)+UWQ`z;nzx4x+vT;F_lT#QV+RE+x zqK>#H)Q+@FXj_=P*d|Lh2`^umWLGBW`hC@;tf?``EtAL6rY^)zCuKj1U>aS-Rw}VG z4W#D;A8O^T^^H$aw>FYZG`8`c6t;44R|aNYxzWDWrC91$R&Q-E+#MZ;Pd?R$sX=ii zk&eP8=NaRm^{wL@p$_o=gx2pgo_XBhZ3J~S&`B9cq_VjPjKsF$KJ8PEmOx=yLmj>7 z<<3tB(!2BHEl*FexU_;(E4Lt?+;q?5Ser&&4?bN!<5iYPXOqlq%wqBXs;nw+{a^|;U1Oe_nJa!ER3p!S^ofpbJl_+i`RO;*oC;a zW96P$H)`hZ^_c$FlSW4Kl6M}TN(@F%b9Fn3e8w^n!)KuOtYaMUT_`ea8NuDx>p&ee zULluGjbrl+smE;9%Z*vq1)fDA8~Cw`05sdu*9Ji+&5VKRRQy8H+@x}qjgZC)%tkOpUA5A+Yac0$d!ffg89Dc> zi`1nCcHRhsSC>|j{{U3CjdaM*5rg-Ks|;4{-oF$Yli0$|5~E;k?^`1_t)Z)Pcr{oe zvPIl}^AK=yD~HrA683Ahg(N}ua(iQn0PzP+LeBZ+nIpuIJ+usGl zAH9M1Tl!E1s4bwKm+cU%pyV89pRH&vhi7$oCbx{n6pUo&8KhN?i{d}_H-)sFBI`=H zS+3=ebKvqAe+V6W8sK%UUT+fVR(4ka2-P+KJLKg506GNOd%&}4vESTi&c;1bB zM{FO%73zBW7&I4_Sw}xA0C@~(5#?Hro8k*=dr5b&wlVH({Kl`5 zzj+Mj10J~PNJ>cDmrJ;S$t2-7?cAps#aPl~yS%nDN;i}r#4(XUqBQLwiZ+`e)2~jM zuRPc8?w?b1wSA}@FU&Y$-i!1ajr2OJFc!sU5-4CY+~X9;b@WE^M4)H3deU;SKFr0w zzGb?W7fb~t`V&{<*KTcvw080IkQ2vhj&bsxl=}2GN}7?4*Z5y(?rWVsBwO{kfr|NM z306Iu(w{mi$2VnZHRbiRSCU4@8=C_F*IB4}@k4mJeY?)lN4R#aB{CFxnKzeKbJ#&L zNZw&xvi90Vcn$WYaXt30Z4a8UZV|Z-cDEdHSxQ|CjC&qYu4o_?4ZVtm8@hAU z*6rqvtJ_#Yl3!cLa9Ly<91;cr!NIII*y@a|d7s4li(MDPHdnfx#4oM1hslSMRAZ73 zKDFWR<9%jL4C(RAvqvBZq$mszZhF%8X16_$;irUWg3{XiSiAGS*5!~MHUW;g>t94# zcw!>x$cr}a3ZEY4$G|whJbscwc^`_XYk43kaON&{O7-Y7W zOh>{+>ND3hQ&o#dzSc&YCZTRw`D8=RIR5||%0oLn4@R-H(B#mejs!Be5V$xg`uo>K zp=ur*@U88Zlj6-z-dp)I9042>9Csid*fk)0m*bC!TJ`UY^@$MJgBYFbG&i? z0N1Z+w1VeU&?GljeofBRlP(6~{&P;@W9B_(OWU6nxYn(&q|zdoG;9M9#YRs~)#zR+ z@y(>VHNBmMq`?#u4p$-RSVW_8yyftNOs6ecERt0@JQfgillTEc*VUG$} zcK!;u_A_U*cn?|duAQQ4cG{JX+OM5Q*K#JwP7rDfyJ?i2+;B5qf$-YTSc=ANS6O>mt|FL8<>Md>^!FTA zY$vhN{{X@#X?1@#qiJhzZxpQ3A1yF4PJ2|tOuq8&9R|iiPC&rNy(1%;PYT(ujBPwh zbsLAdXg19foC3u1e@?YG#7jrjEJlu)OL9c9v!EqK1x8jpkHdZpyVLGwy^7dNYY)t1 z`=@m;inT8gjXpRu`)FO>K+U`Oe;OJeHl&(%r5qYMHm3vqylu-Xa1MW3>a{BI7*C-%`d6@M<`1%4*|eG3He~c+Q754{IX{if1+9mMqqhCTLfoX$DBK!N-+20Q zit`^0X_nfRo6Be-Y2$1%9yrEpAR&ug)gY2+ZWrwD=9P&7>VWk%)oI$rtDwG96qg9t zIp=8}qJyC9Eic;jqx(7?@*HhZS(?w<;MJB3i&(2F2`Bt2Ql{4rArs{V(eD}6n9L5xo z2;^2R#J}kF=J5GGY@S*MI4s_PRJfee(?f~YO^%gy0?B)5vZM1J{FNa0uc5U60EiLj zo)xf$C~WSv3y+>Lv*uLjbDqYg!57@{4-slN_gBW^Bnvmpaz{W-bp9PHb7YZStd1T~ z%vj_%wrZ4(A=veA72n-zejU2fv|YMkDu)r0#9&to@PEPfnih+#-}r|5Ic^o?c;g_m zHcvt6im1rZM?)V}@xF`ptD9@67AYOPunOd;9XR)__<+CrP2IZNM;ai)g}`I%D#m$l zjdcr;?7O*s&||lWS>1PV*zJz>^X2BNYXU*2yzZ!ZBffFz_)tWar_jF$ylJUw6I^MQ z_V7(>AwZ0N{9I(Wx21h!qG(zP^EEA8ndepL`7FmBk6?fl~n?Y+7 zL^>Rt1|GcE%F$|ij)gtl)OOLubs`v@nEmCeMJXa(H^ny_%=e8VHgehMe;WED;Wvq6 z@rI*)Woc;9StrPsAHw7ge_8~jZusB+5(}8Fd^=@#s9DD|4bw)%0ngXcxUDO}O<@$p zBpQQ6H-(g+-W>DW@ukbqe$eYLw979OTihaFSVJwWM3Af1fct~qzD(A19bZq?1m+u& zZzQFB!oM#EIIP@DPWm3H;r{>)HlrQhqPNf(VvGPve_aC-j$ z7ITA|-`Dj^{a*HcMpsEL=Y7*Q2O}K^rAvq&UE*s^L~dwix(8|djf&-TyG=&gNJKKa zOk0=FDl^)$w?iwRPw7&_Z{e$*XIq)tWKZ02lPeEjL0%IVjis96aV@Jwhd(ZIarL6s z9AbKvj=!bcS=yLlGA}#35^>U_v!2ddg=tmr9{?H+8$BDtaN6m2_g8v+YiMS0?Salm zLVrrTuWPevR~Oc~-zL(bir^FLTB#!`Nbp(o`DD6bcuasf+(5t;+<13cgF!}?_Gx9e ziAaqzlHBwjl|uHKo|mL}i%ZtpS+1oa(k5{p?syyl`d5qJ>Y9&;d|#&NSr*pvu?^=g zc+N6N>Ds1Gp{!+c---M#`fH!ESje_sXO@>ca*V^!{{Wt~*m!ovIV{E2qjXF=caN7F z!1SlNOvjU7HxNrDgfkq-Q3DKZ0OK{xc)L{8mrI?)kjelco<6lQ(U{3uo>AdFa`#Zw z1b10^p=`8+paCzW@wpFQ-B{GbKkE@ z`R7tFc#20^pz|V)nL@}h)2QZvaqM#!n!Tp@tYWt|s-Gw-FgUHrEv;oShLJ7?1A>Qx zk=~OtXqLxBPqihaUh6D%v0pS7%7egWz58SJ<3_#*jicLJPEuQ z*b#z9t5=Emn%WIA?KI6f;}J;4IJWo2E^dU~+`Vt5-q~2Slg|y=MDqz&0aqY&&wkbA z{vz>pjjS?g+K0~olgw6F@>c_qpH82ZA$vC2FM_VLeNK5~vuJHnHO}VaaPMA`eX7GU znKX^}N`QvR-HMjj{fjGTI=qn26xUB8F+VV4(z|U(#ClGnr%7oI?Tx~+GO*512c>Bg zZ%&!uTD($6<_id4an8-WbM0R;>oMwa>Nf)7Tc#-ZD(55~^|92E*7#e&@2y(hPV(GA zAWx8E*1m)IeP}c|CWRDSGcXcJtAoH8=ChPc=M;PWh`775X7d(Y;2&N(3i2I(#pl=2 zS;eeK+?D?TmWLfHG>rDp*wb#CNrc>5ms_4yTnsY(E6+8(Zf!qM7q?eUKI~=Rk{F(A zPF9OZI8AeJDL!9 zbJuJk_(CT7}jNI1cuUWY;8{{RW-`hDc` zwaB~u;f;L8$zO0iD)zf9O47z%qK$bjINAk7rO>h3WVV4Bp^0#L-UrM@Ri5@s_ZEU# zR?a=yDoz7?ipbAYblwY1UrBqL=XJ{+iG%z#*7%22ywDX)zyHBlLVq9c= z!8L>*+A_{uqACCwpS_COu_9!9Z!##L0J$J?F;^(uBvaHS({zz*d3Fq{#O%lMf1DcW zw2gaByN7;{G;`b($Cd{%8jeFgLyps8@kQ3ZX>l}gq)Ra+TxaF_`q$C_0BMo*nWM2W ztjG+G%06+&Jo-{`H9Q(W7kGzMn^V#vvXa6A+Y)cQ!L!SIS6c?0%Y7dC-dNQE48!FI z9Gp<&*k*2{u4(J$z(<)Pk-K2$@~$&l)?POT+SW%5Hv~iTFV>Ns??AV>gj&4w7W1}b zAp67XUU@y;^!IYxx=Se}>6+fc*5_5C>app&ZC%z0N#Q{1eJj;t@io*|R@2^* z1*#!uEzk;?M6O<}ZN>ea_URkS5is0`u&zT?)@*O=MU{-Imny_OfaHRGJu4#YE{Xn& z0dw~YaX<{dPzW`uVz8#kK-ugpvGCUYO(2(5D zy7R3paz`;LCit<^{AQXLu2~P_%-nl`*TUMwV1c|rMiH; z=ghaj0R9#9HJ+a>qRA{1MhZ1N>g`4}`VdBJ#o=I$5pNXMNiWzA~pAl z{@VI`iLMevm6bqKoq%-b@~^BdoL^d!g=BsY2ON6WyM&iR%dfc!vzN?74Fk#3uh}AmvwfsmME%E0An@MTDtEW*UgPbIO=M^>XLZGQ6k2Y zBDPConyEBNE?QhQjVpI{H&64Wk0V8zn~L zxMsP_h~Dp1WdmZe?)g^=Pkee+MnaTLc{In0Snf8uFdIh)6_tN`3^2(7C2u-;x$9b@ zB(*K+8jaIICBK<0q4T)cOQXQ{q2WadxRb%_nzXJ-+uGY)>G<=87w>*GQ^X!4BU7}B z${5YKj}kB&a^FgZg6A)<+sl1$mo6ZOfC)j2{cC4M(NHSfiI_%M7GCs}QUj~hBeaeM zc!DQwx##L@nL^%Rh5@}wW{mzhV+HpUx$n-P!A+Z7(I7naBD%EzI>?r2DfA=X-uw?GN6($Wb(en31L-76Cq9=oAvI(?p-4WyC4Sb%eZocHFrZx#4n%FW}tw3$v$T?c9o zvxiAtWl)NKwY6(|701gfs4IoebDGLhGN}`H75wn>j!V0LIb4M4l55ZPZ8CXhjVC^6c`<-9z@SZ>*NJqCi#bpv z4w3tgRD0A~RgBD}yLr6eXRx87O6Yt7hjV-~ zO=}#x7(_rIj-s=5TS%jLmMInAkDDKR@TXy4q0ng0VyZsVBE=wK^ZuBv2hpu$xJGm( z*@+lGtyYC2FIm!BIa+w(K2IBX>T6QN%Z|+*%A}iq?{BRU-%{lCIGt`Z)Glq()Zn4X zAoZy&EhDpz=IUYv!!S7+&H(hS5u5C7=@S5wOw488ax!{XLv5>ESSze8w{Rfm(uTn^ z8sk|=k;IV?nB(UDAEh$hG?5I#HB@1ow9IoRzEU-81*!g1DWwP{p4DVFJ_)mWZvI4Nj1~yT9miCba3KNIB?|kYAv9N z?X2XvP1lfl4jAnj=N+l?PbQdx7@d%w1!pwPqRx5r`+CC+k5>VCA}vf7BubM5mE zI`N8?CRys93ej}iTPd$qZKP=k$Rm^4D|r=HrqpP`UHnw0FUT*AM}2 z0ajKRB>LA)ZQz?tM@C&n+%v@Bkj6}$`VY>4M{gaK^62XeERjT@4o@}9HO{$c?QaFI z+kR{VzX8AfRWj@|q`ujwTE#uq!*I#w6%0OK#=LUE_UiXmki^rZL5r2g%Go}?v_>H6 zSoB%6*)A@u3dJF}+ytE9SE1@c8;cgSfdmL}6d}eiJJs^&Wa~m5x4lf6s**@Fn|)s6RD;ecu^CC{(>#7Pvvc4`4c+dp#cpR@Gn`?7{&=YeQ1ZP; zR*34Z&?${W6bC(VThVIJqr%~SaM@#ywJtgf+B2xsd{rgYr`g~oUPao6(yw?{=1Z+C zT3>~KluY8Q!ai!#Ny z50|}q9rlkL8a#2^#*2VSByvqmq-DzXJiaI+H|``wIBWynyZt*%d+6R~P^Ae}&+%4n zM#&u>lW}jSybW|!t}=MXZ)&yTGotGmxEgzqe3g5uv$vqsp?iW{iUa(z4Ey!Tb`m95UH1;v`>mPP;uATak74NArp z#kJL}tN?p>0pw?{DoHGF?cs+}X$RPcB<82tnYM0O_^?^e5h!kEVgjJ&cd)NVYYXem zGHpgpI#?qE_<+LwY4V_o=y~mqsdsE;{n2f%N~(_8?_K4NuCc)O*RwUGk|Ei}M9tx` zz)R+}t<9#PJeSh$ZIT`Wf=&iLm=&Ah{{RWTv#8G$%ByJz^9dwYi3(mso+t1`kEz>W5Q5={C#7sXmEMt}-Rej@+js`TK+pNC7v6j7Uold><_(KizdsVKZ>zo;h}YZKgjX`fl!l!)Z`A8 z!0DE7FqT_Z-{tirXNuA&hE~+I)SoeF^O(jyV!ghVMmxK!hYDwR7}`kZHF1bG`WhDA z7}PEmZXgV?6PzBW9@Xm}AJS&iys42xe7NU~8kT^5rS_xthL%Nsa0%~R>DTW>(b}h& z_#t>b2fcI1xNdqSgfraRubIogzHwZ5qqei6)j4lsf!mXv^+*`iJI9|S@ivi5uPLH}bY@gIs zG>}FJ-;8tgryaS{z4P>}rt~(7u{2Uobz?NKjg1-~H0Pyr-W1hjhfz!Bk7L6x z5wPK~de%cE@ipa*+|$haV|H?I2LruxP-0Sx!=PY(f`B)5i1h1?Fi9AU%@YX|*ox<1 z*KRIkw6cb8CB%Sp$RdC{i7#&LJm?)8&0s!t>?@z0C%AVkes04Q0aMB&bXm6`91M1? zWL>Wk7|Z9J_31&W>;4z9u=@f{J1n|@a_zeqRO|(MJT`VS!*MtX7RBF=Fi)jYW4Y$` zUN3jO)pWS5locQc9mR2SwY)wf)Nii$xqZDGg#-MW)iNa$s?&9gX|A9)Qv_ygVDdn& z+ABD(=N7iJqj`gpI0W~mWYNa>x5FAmrJQ#0#y_yD)2scQOp(ot9jL>#ZT)`1%S2bRN8zmibO_o_D&jF2n4_>FC@-uO~EGalVFjG$RFWQrBB??Q}|X&=-Q9=f%{C}YLU5Bag?e^lh3?YV{vPBadj*T zY&qQ~?m_n$uQb#&B-CLB)fsmJer|@eQP9pvqv3A?e`MX3YjvMn)*PiMYf>~ZiQdf3PI*)qFO2*XpIjw(I^5B^?`Q5D01(Q5(HQ`ctpTruc zh^+0j$!8W|`ECHl=KggDN`gHeE6a;Jh`jm#0DMT@xbl5#)%2^C)D@e_A%-!5)Km32 z>MqBf{6^L_y)x>?4J!IIjzTh|9FFxvK-9GXm%2Gu91QoWbmEJyiI2{yR(rImCF*lvIsv)mUL5zzv3SeN2lpGFi0IP znNG!1kH)@tzxan`qFO_$7MAE4L}gPimh28I2O~~Ia^5A^rbBJ3O!C1KNV04{DeL!6 zdvji$;GI^-#2zY%?_=8o{n$LrMhDdQtAQ>BkJ>*=vhfTW9j=k4!wbY5Eb*WLbL;t6 z#s|Zf+Geq(SznmtW|wE0fbCz_w}LZ1)9~h*_Dwraib;jdq(^jT9Wz*dGu3WaQnk2| zw=PtwfhWlSh50>dOYJb$8}n$QCq>!5AEz^Y~Y*=ohO5L&`t8+uO19 ztX!BAO%3+9s9HxQ!Lzf-R`qUudkXZ+>kD5D=+bJp7YNY8rAtWsAEhpBEF^gkinZr^ z2(>#Y5<&)4V}@Guj|uCEtc#PY!~LD*J2@O2kFVugM`K964zEb@#1iV!wVkjUN)kR- z!yJE;S-%y$YkA^Ug|x<+*4is&w^ZGxS@D z@Xz9T_3QPIP`*Ru##{na9=IO9^oHPd7XAo=_fyn0)S5NB+*u(o;I=w+71nq@U2j#> zZtlE8WST_IjT}+C<@)21jC2*OTCtlmwM`pOw$q~0B)y7z!o}DX0DOWtyJyZjw`U&JV&6nh9{Y%Sns3Az#J6E zaZ}7sDaCjXP|)vSxV5*MPdQ~S`;XnvC$HAMBUiNW_1}ZerATJWYu1{5t-h3zTay-9vNB}<0DIQF@_5o) z`0kjOg?Da`vu2uLHs;e#mH`=AcQ$tgQ-vQFGf?W2;wkym$UE_Zh*j_$^e{nPs#So2zhvkiZzO{+0U5NZT zF7Msry9;+TfGjNB1SkCdwYPEMhrU4e5=FTjL{$hoo9S9p1d7Yyt1TBz)Gsx+n6m~D zs(=ph*pEu!H4Q=JwEoVqw=tstgBi%J2g+agM=r79-x%7tv%J+baW>hYk+2G$zcKpP zyZl(v?DdOFJG)&T!ruDcU=*p#6wY}*zVr%6^Caua9P?V<5AZ5lwdApfx%*6j zEJS1+=O_I7(lv`mrRaK1mYH_?o})aFSz9YR;184m@Ay=jC&W(!c((FuXl^Z);3fCS za%Ja$0O_1j8FfcO(BOP^;B7Np@iniCAk!`2k~aO`)Z4jF@fw?4_;0D|R`!?C>L1zd zyc9$^81$`_u4gKm9Uhh8uMl`+!&;I|X1u)f@MUw5t%HRF(-q)95OwbrM`xj+u#WL< zB$eIbPGckLl={H(+ z^4mIGTu4eP=aJ7^4G%Zh^c$J(T0gP~XqaXbzT&5?xz zuUcb`kFES0;r$0ocw^D5;zo-RNhaJDVb_}V$>-9ij?2lu`#s3dpXLw{dSkrFK@CtZ`PPVbq zq)AyPRdxja@d4((tN3|!;hzWSG5C7Q9TpvK#IwvtEXqgSaqFJ+!LEq$e;xcx*EG#X zRF!Rv!crF5V;r-d*soad4D&_dZA$N45KpMIODNp9R0I%Je?QRB%(;rb74ZBLuB~@* zs4Q2_k|GK6$TNTkzAMLmA!t4&kHlJ3HadG%0MI}$zxo@(M^|y+ z9cJ4|Y3!pGutW|);1lUncq>BI?r)aCV~%;9Nl?6Cfs!&$wLs-P4vy{ZM7IfguzjEp zEsLD(1OEWkUo`64>>7r#eW%#L<;4LitOjdnnR7N;(zaX5T_TBY4jULBH@+)NNU^`W zxqRTpWIgx;)|k{A+}FC&EjAM|V&L#W$RAq5weU2zv&l1EtT2L4r{z-NsY;)7tp5On zV^cbJ*r$~~&PD)ke>(8*5@|Nt6wl^O3SH!afMbE)lYxA;6GGHxYiVaEDuX9!`@WT{ zr}(-jl~|vhP5@zp#b;wVCeGUX$1SAk*9vGNS^$I}&8!haF94MuYJdKaB-GYE>H z`IM8?6Vnw@i!*R%qIi?ThS$S7j;{m1+CuGu5Us=4dMaoWd-bnQ0XES`HrnNX_7o=4DrHJ3L;Q!%s)i)FF9ypnicX$bO@9Y?Kj zJ}bO?#+uqT2&1TD#%ONlFS+L0Boo=(ETjiRAwMAZucoxyM844Ao?D3_xFDT`bRP9o z#mcTwwD3aROt;daOL4y$^c6?Mx)rXPE*cv{D=0rWTyCumlCkHW0Pz*po8n)ySy{^h zOsyQO0R?go2EMnn(XC|Drq-`7c3h-?BFN(pj=*~6lXflG^4tFa6Znqu6|=l~>@7o` zk!R&T{8yFh-YT=xcUjH0JA%gwy-B6ci8u?}E4%rj)IgRPWKPGWbUGQ9WL39?ppgj; zo_FBj6Ir=jnJb=`VK~$6ZZ4-rk+Lv=@YwdQ&qvj*Zf#7kHZC^qT;s2ytlUhRvCP`v zYZ|t#c=uYw(QP6yfkpxK85yp-P|=xYw39aazPU52_ zed~bnSHsyYwB-pU-SyTFn==u~`c{f4=!{Y4+AWOwD+Dr2~*YJdGQE z>mXwtML%XaMBi;v+UmmK+pWvp1NfDcCIuDflwPPtYxfXY^?VcaEyRo%N*>}R^up2TmMRD4{ zhEm#LbZyaOk&CfYo@qsyIcjVsm!wH+V%H_E1 z1~EZg-OnZQ7l$r{@WpCwj5z>f?w?a$iJ`&NbdB_6Z<;; z;_3*YW(s`FsLJ;KwaR#>!mX*tJ@O=pZ=PiCr1zjD8yH*w9 z>G{`9rr52$g51h*UNYNRPDXlAXC#dHB%e*5>+MnmM+0vsrA;o`5XzfWsNI^0OG_Eb z%R;u4q+E%u6U}f7k`Hd?weRliFD{x0OmeFLu6qwqe>%;xOPX3%oT)6<>QncB-RCu@ zbEW-}+{p2LiO4Fdm}1?|eJKM*ot&v?f;^!Fa2V2Snw6VrGTVmpCU@Dx{GemKYZ(HG z;Cj`xmnK4mf_>4qf-9ZVv>y@c5nVxJ4eQ1Z-QW}h2f3>)N4f1fmw+vF-wRp1@}<_S z>6udmtV8jyGw|#dz8KUPG+^RQ*(Z;oqQY%h?I+iC_-?G=vz8+(xkH2}cs`Zu7dlPN zwvTBmD_e_|J8;+}3YP3;DRw;0Jv!G*ziBQX$}OGT@_x0asovPKMqrWGdX6#<->oiU zd9}I4U0AEiX2~Uq#yvijsr{2>VW%Bh@WRNsR^5(9I)1gC^|_*G&G7xMop|kf&?xg% zrd;F8s60)7plMRt>9+7&$*8_rCc(kL>FHPP2h3COu8(bZDqm`G#dmWX7k1l#xjlt? zCZnV3Gu=mIAStI@s8wcA0bllqr%HU`&!NW6XKg#lYXs^SK3OLt73bG_4c4D~G&WF2 zKhJ_t{qKC#Zp!B9cbXbqT0R)jKqk0F z)TW;4VSuD-&Ux#KxXQ#@+LUF~+S2FBCPG^*#YaJ1=9hmR#CER>h1@gGQ}v=!>^^NQ zj*|M)?qHXDE*1^EU~uGhth1bD4I&_It&mQ3;+(6uCNuYXan_OBP4qRaWtZ(S zD38o$BWMfM*Rp&s@y?~-4;=VY#TFNH>FXW*ZE|hT&mu2XWBuF@DEY zG|wG)AHzN}(Qa+E3lxQ7D20|$wS&et6)`MUoAg6n?8FXJx=>3_6`h3%vh$12-u*3n1C?BKQsOyjR$ed;3Y z?qq)<_bsYum-mo5!EA{;Miw)lm$9zD!`iL<`kt63z1)Iz1}Pf|;G7)(b&et&%-)*5 zhv+tuW2LlFS;ub`l&(1n+p)(S*DK;Lh7j4^8@L|YONK%@$T`nKYv-q0&r^S9nVDq< zt)N@0TIoUEFj^?sW3OUyUr2mE)&BssZ3?_i9Fd$zg!Deu+k>y~YH-)WtxrI{(q2NB zFfmPo0A~a76~E!jnC-3uT|*tzYB0!83~^sgN?Kg;>Qk|YtmyDTeD`(&V;iX6rMOe< zD>m9^SvEwa_MA68E3Gq~orRX=kCZEuoK2y?x5$V(Yneqqk2q;T>8lCST zus&j9NeMX~v<)*Z9YP0@Ad*6^#fe&Gv1@UqSth6fjuXO?IQOPonYE^PgZom=BD<4( zF#@TC9QyOtxr@CPJImKFpbG85ZlbqHhvsitXcu--tf~`*KPatDGV(Yl4{$=L#&S3Y zfgM+h{6(fmZdXsZo^)kg?M{ar;CmYJ`LCTWV{LYEdcJ;^e!(ywzldr3oJLzFGY#`o*TFV5-_=h;Cy( zVZ-#n=9xUkE}<^3;u%EQmRq+w|GvvA({NC})AgENI7b@zjq>FVN4a;upa#BUiMyG25d7^9&lN ztJ?3kwwlY$dy)RI0nmF=5zJm(PbJNhOa{PqoQ!enT9D3?yO~*KUVwpHMHA{W?kEk+ zZzPf%a~?22!1v8JMYz)%@-qYxJfP#HP(x#=@dt?KvV$;$P>YNKTy)+g`(zQUj$?OT zGJf?;q;#UKw#0MOa~zD+7jZ4U)K@Azqk<08!S}31A@}Wbb81p2Op)nWaoTT25=ikf zkVXzVP;%5dJHOoNQ3w?ta(?JMf$LQ?Rh~qd86VFi@DJ--MkXU<7dG<55Sb919E|3= zn{7-(Z45^v=D`@M8Q(x*mrO=komd=f;8!_&avDYqyB$se?Lkc(r-(IMmec2vLdZVp zInHrh?}eqmog*%+yNGS4wNzts8MCwT#a3PqA%WSE#{;_3 z8$90cQ<@pSdKD$f2nohv& z#g`Fv_Np|DY+co@1n@&D9i`9fSF~ADD1>t5!j5?8YZ-1(>*>a-jR|24XOEb4uPliY z(^)o&Af31$DBukBqC1H6_%vI2ip?kBhy0o&iiZE6rI9#4LA9~{NG;K>!)9&x0 zj0ht*4W0o#C{ZcPL%q=@n#V|n37c%pgODqo)cirKS=}X?!*w;G^=KMX+dEuEL$i#f;esi~Al%*~x@JIM;#fXfH>f$vVzqWdup@R^wb z$E8h$%z4*~-uqU%n%c_P$MY(k#Nmf}>AW@JND?@F;<2*eu@$n7v2Dj!RtE zuP?3Rw3(Plt-CqoA7fsb;cZIh9Tq_xPV&nUL%h`Tv6Qsvt}X8(yPcJ0=wckMbKKRv zV@TLFR3Y7*#a$j?2n(`VE#WSN+>YTa>w4SOes?X4~CE*495k>3iZ zJgM~+QCA`8QPeyms@!U#&MAy}P{hbH<%8>4T8we{dw4RVOus6T+}6fYW-J=jsDb2? zMO&69ssObhWoN((>2z3-^EZ*VSbuLrMxKY!FG&<8Q@~G zlju}$W5et&ZyOQZfEWNB(0$|WUW7DjYn>>cJ;mD$DcjbeYRAm>IeU#R-rE+YQpAtq zZ1eT4{{RU`YhZOBJ=RO6P!nnC&r|qjwv29PDOkz)gW}{^V1q|rGUZW2mmM3uaW;Cr z{JLb2UoXzYs67J?*%V4P8mM!I)?0gpWGaNP$Q@76*P&Tjyf&`#pgV>^J*q5?9n4AW zUiLX26%14md-Scn3d-Kv)nqo~DyJtM4KfP4j9Pu1=|7lDzCQ}b)HVMAE(syAK_**+ ziU5OG)%6?w8XFs>%wS*wIu5*kW~1=Cm9x5vWaZ8|^s9@pGDSUCM6#L|lF}(-yH>)L zJP}8QwEKu}lkHLEGs(wlzGPAKRC;ZMLf28XNWS6S9)9oPSso(PB7z9hPT9Eq=EqOM zu#~Jwz100<8v|Lv7A-{JyS>2Eh9*#NZDiwgOkBN-jzt$ zTSFPYw3E%aa?P_RQeC3NSB3|I zYLY3zoW!0(T)7T>rG29(rEXi=MQ-fuSgQ`1;L#*hQ(KugvBeFY)OPT~(>chK9IbQF zSR9`<+0^5a(A1MAJzsuACkx!dLFrLd2s6-Z{{5A481<4roGf8fUUfb``$^% zdSJ0^b z)|s~U$_J5EPH$<0q7?plSCUo_1jNDtl_ zuKPsr=9#%}AWuJPh6Io0RmzaAba$U)+*BCEiZjzZ*9)nmG~un}A;ITwLs2FdDcd`y zqN^-sMI$-wU7h~`i_=21mI&dEUPKChY>IFL&hK>?uFzfGBytdUF5$rXdRCr|tidRb z5fE8(kaN&hq)I64t!5S%f#N8#edgQLn(lwM2ljl&X_8_N3wHLP$nwV2uP484>moux z$n-V2aiz<8i*TyWtBiYAZcQ?jZbztCUoLLlfpYe8eO5+I3D*^V>UngYi;u1a9llTK*S zqE_12>zwu@wRe^}Y%<%1k|dC01TfAh5=R~4{XYJ8Ks@tqh(JNm3gLv3#Tm6|$m};B zMPlP)NVZth^y`y!yJ400cV26~)BG(Vg~ii1oY^RXm5oSXyVEo%E@adtOL=8G6f<=r zwR$&(Z*BDr77sp8DpuuowpG6$N=5SMX52$-W2?xv(L*%Z8}ZX0=QPb*Mbo7>H-;o} z<(Arb0M&DJB=Y+Smoft> z9nZaT*V9RT=l09E}`vCzexgeW?vZmA)Zd2z6hzSlU}ksL{i*&pcy22Q}q>5!dw@JVesm zF)1J;GBG=U3OR=0dRK_xv$=v5Ss;`;WT+i|b6kdUkK|OLcwuoZxh%u671|l2IHrPGDswkyF!O^IirU07lp1oOLu89M!1Fh=PmTD3x5x3`g0_AMWPBpJG%-j zk)Fp#t@x8hf(NwI%<@LRB9MJOYs|)<{jYZ=?ZJ*qfO0Z<&1TurOyxXec0kfirpb43 zp@Kg^xF4-}r^B6lL)EptLr2zaB7;_nBXt$KE^-0t->(&cvC#PM!un>Vq_(GNcWEW< zyrGOUFkB`&uc;X6UT5&{S+=>h}rp*Ap4)nv*bp6mU^5Y zi(<02(abFqK`LN;gMd9TUR71gUG=-bYf6!MMd-ka=UQ0xm%K^57 zj1%iw$~{fuUW-|uQjR#JAV?G`^x~(|HCvq{P`HxH2!7cq%QJDD3=Gyr(Rx_>Gr}63 zj=N)~Y7$2lopK`)%u_6^!-Cb7<9`=v`gO&gmOQZ1IbSp;J0A2A%dL-}^(|gIJGq%B z`%AGPlH7q(cwK9ixHp-H!D>&Q< z!jV{v@Gl(r!&66+xv^>xR8m_&fh|Sb*{!sDXwh1yJ+K`i*Cp95<5{9 zU^cufsr`;C+iTk>y!LH_a12y?SG8zwVR1S&{MNQRK_#387y~%qb>ftfYJCqg_=48A zQ^VqIA|!IM?JCSLr__G6^M<2){k^GbI;Gh%rtPwPq?N(xS#pxo zV7tl?=Z(%sJ;Z zt!rZ(_ZEIhk^;C4am83VnjWF2+Xz~F#8_fg9r)(C-CxC*%%;{?Q6SE6yfp&mN6)&= zh)J^|N0A}yzj^(&EOpxDTT48MBeK;$5xT*&%=LxR%Y^76tM ze$ph#w*YN*Us5Zlv7b-S^c`unsBM7WJf{OJIp}?JSjic-e4+7cS(@v__L^UYwm?K+ zu?lh1J^S?)>pm4^k_Z@?y#D|#RE^mgsT@f@Ab76BMets+rAG0|tz4@mxbCOlk8YLl zo~f_udTrck4UgHNjYDrn+qs7wt60OiyjAx)Js-zk5IlRU>3SSjch>ORM$%M;a?Cwdv$V@uN_!i9QY*um9hc@}#~B2ASJA!+wbeW! zBKVt8d7-eCOF;u4l|dQZ%|nM`&cDYW86Qc|H2(nX?Hb zPnozL+yUxq#kCD)+fuh{%_ikUGp^-*m@Sdl2CSZAg0%3Q9yq^SONdc!p?@+rX#xUA zJ$+6qrSS)Wl79yF3RS5Kk% ztHJ&q(=P9|FyGo2@`7hAmvVY29s1&eWcnBW7g_1w6TD@4HO;xR)3n)HRptKxmWLVO zci@Wpuf{iCAJA-La2HJsl=CXbW6PvaYnH^sVbpNDQIh#iJT#~H}^ zeY^fu?_*HApUJ(}Wmz56Fm_M|J*zh^<;4-+>(*Bmk?FItc~0h2DlpE_I%Dv!G1Kp- zXa3OBmEpBAFksmY*BShAQ5lL+E%=jP(3;A^(Gxn0Iavq*?>?1BPVm2nt%TZw*~FIy z5?ufpm5KU$=DMS?q*jL(z80{v)a2CKF%+&mrQCD06JDp`ohH&qr+DIti1`jjPg)zX zS1fD37=jHlY1yGjqF_rAfWZF%`l~m>ei{D&gqzHLHsaUp5U>+5ZddTE`M~viohHXZ z@Mnl`e$V!uTWA(az-?#m*QXWvtK;i!e^As`^IEfx+Vh>kdkp>D{#B%1!*idsxRXnS z1x7@1w+E#|Z*#Uy?~tVW;}pWjq*&?Jz96%3q2O!HQ&^Hq#J5X`owi6%L?fKksNBh(ajnaD zq+i@y!4%15AIfFp6_cjMy8JU-KbWMqem8s7N;(-mjeBc*T{p{$Seiu6bDU?|y++Pd zYe;XRh2pn^5@SPQ|yV;R9qh8Nv6iX5YgaABpT6QM$8uF8s~Ifx?0R0M-?kv;)n2QLIC4 zsKcPzsq#?^58dNGLsIFMf>_!%K0>nd*x=PhR|BrQ)U6`&-%%Sa;*Vi54qF4Sxi#jG z<0gMFSxRAmk`&_xsFsaC3F>p)YZmZ@HxnxfKKCcK+}`bg^-148rU&1vYTr^@|mOyFl(CjG)S|HGJZfyN=URTUjS-xmrk$auJbaRsaSTlhk9#Am%sU4*7tyU{OA-LQikGG^RYZy2voHacRZf@$JdQAT9mLEPQ(T-BZ4f^7E>4P9u% zN4vMa1uvUw#9O94y()`%cl$zFkV=T0vlb)eUs}=&QyCs*ulQ&|JL*=qHxsj_!kOa> zoDuk%`1|5-g!Ro*_RQT#V45-*Wr-nArF6zO2ySWk7r~bn7MhzyF*3RbW{~o#G19$L zz`h>7)h~tJ>~g9kn20&#fx+X@{{UK+tZ1TpuDPTvhSD8E&f37Dg-FV63ckLz$ZK&& zX$*73SIYxxkbNsTHj7bZdu>)L8y2~m?%AUpva{g5d3T7sb9=1naM@}1F~g_Cen^z= z2imig%WJ8$mNIJJWLv=71{;HbF;j)$)Ur}i@kaPM|6^nD}(&;hzu_PuyhB8$<9;5ZI9FEFZby>_0 z_nUj<^(K(HbkOzx00{VgEgIhUQM|jlp6*}XLZ_8gC!xvWvo&87ytk8Em0z@A0mni9 zMMp5wGIgfaUd9wailP4SaDS1mPSWP-?cT~;uil0wSPnj z1+qsO83*}SeSc|hqeW?JboN$L?Azsx0>paby;_qepF=7un0!O1T#NUP8x({mOoBkh zG58AcpA~2}*E*57Sr_ceF}6I9&a0iA@}8z>oxs+ohA9}t+SgW$ko*>dS4=h6Q+qqTTgy(m?VO?m@G?U!h zq?1Ctv*V=>3~nb^;Y~KyE30X>5`xv3eBFZArrh|GM2KEmY4-NlELl=AUmj09pUQ~E z^(r&y&k^{Yu3u_4a_QP^bKA1YyB}xDSGfFnuRhZ}FKrxR;_7)VbwqD7=je0Vn~9{V zUsiNbNiIJ8-W6a$ z$pZmvgVAlVdu`{RmGTE{Qg1^!p2K6{yG=y|^B^c!ki48#Vd49ICgkiAtTE+EwPxgG zZp*5;vs+lUl~clwE6jBjnte>MW91Qo8-k*s+A*=GCXHh)k-75~X5u)LAhR*{^y^hE zqLK&^q&p=UCp|czqwa{B3Bt~14JbR5XNIbuXfGp>&dR5i$6EE>x}5x?36WrF-CZB2 zBZE(7Yk-XL6m9@zJPOUUHB4291?Aj64 z;FpZ=rn`u17iRiEhB(=WIK_Qcd#Kpzp;F#x9Zm#|kV=~Qe04ib*zAmtHq>mjE1h!1 zZ3wrqLRMhsnRC#J^{)w9%cfiz0gOUh1ok!0LQOQqHGL0XitW|oV!4VyRddmeW8A#@ zecF=&+`}vs@O|s-Fq67Idl2<#=ziG@kgRQpi>~~(I^(5tHlbR1BaK~TA2T*O3iTne z#N>3kG?M+Z$Y8RQ_i%6xNvqBFtM`AILY0;&f??OIdVXD6ZQrOS(19thQm zC)YizrSsm}7Po{aoX6#7A9Vd|O9N+T74@8Uu|+JPw3rNW_f2DJIuqU7zu4tO`G-N& zd(c8{vmQMnc*V%8C84nx+O>Q*LP|&rsk4;pzLARF1 zFiEW4Q&3>$OSzb<5C-mp+Ou#4D;$-~(FbS)#zE(r=)65(jddHlWeEeOMG7P5FL;Z? zwuU0!Sd8S5K;VI1TdQgAvBMRyiq=e=u{i{ND^hu`baCl+S2|s??U2ZW2e$8e;*N#= zha=1+kok;Ct~gObK&@hqwz|dTk&52gCXu87vl0kjYUFNo{X!9I=ETSWKY2(ZhP#_B zi;Ht|3bs7GyjJD4)rIOxE-nw78jYKW40Hbg>#U_6NuI>9+Fo4DBe04|A;<-Q;8mOL zE9_`ebr=Vbc+DjibIlYIaViKB0$gVRcl4;>O;H!ln%!+kem0!$UwYXiI~@hJxR=S9 zSrm_$lh9SM4ZH6-Lfwb0FtIh$UL~1k1pqi0=uKd0nuW#ew-8H*ImU6?fI3CeAdNn{S^X^>o9 zSVUUpIQKDTOiwDCyR{M?}!p;>*puk>Ve9c%o7zMHHpd zE-fxnS!4p#6SE@#{VH3_=9USqTrZO9V`1H^2@LaFjUv}Y!oY&sAU;fX6+Mdmq0#4D zufKXx-%+$#)il^Hris=VB8htuRCL=o;Ax=|Vl4ITn%OfcXlYGprdhkn(WjU>Zp7C+ zX2SaIk}3f6LwQI*TG$k7J3Dsj+#YVD-5M;;wF%Z@QnSCw4T=DP6=ReGwIE8`mcm+u(3BghH^3Wtz#>Qv8g;4dL(xR ze8_GG2oLkFdqaawvR4;M$lFMW0npJXv8GtoG^>eip}tUNM)^Pw_kRk;Nv5!9ZRZRb z`NycN+BAy3=V57Y0f?Kp)#7o1n!$YoLefRu{C85nR%F3Hk)&-Fk;iFXDDhpL^s&Vp z-(djxau4Fk=tt7MkHBwv<15&j)U>FDqm&=uVboKxYkMB$YoM!51-~9%K*2pLM_c$; z;k)VK)!?()sKTdX05hC=)XCVj4QzNko(h`x#4_GqY3|mr{JYrT`+@mZR;S?|BHZ5J zI_;MmbLcxzq$d@z=gXnRcRTG1EFBJe*L!QI+v$2;rH_*uTqFFf2T*$-r86llF3R^& z#W&hDONH{$2P7S!{uIwX-L1s1gS@6d&swfimAT5Go*0fvbE$ofE#-B3-xQ=owYGylt+VTas*E zZSf%lU>xJ=TO95-A8n(`(5%++?@-+L&2+jihuU*@c_b{~DL*psDcFahsb#KP*ju{! zE#|2st}-g-^Q>u0eZ*NKbY%R(hC-2EHL@00;cpV!=>YjT%Xt|6Rnm<{fE z!R=IK)c(Ym43PO!I^l?3PCe^H>|-d{<*hEG)UH}t70g{SM>(%m@b-tLYcNj*@pv|< z*gyv+i8ESpMlXu|2Xkj(d#Tzimo}E{852%cW{Ad$vT(yBq??K&+c?j^UA?JmHqnZ_~HW8RWx4oKnT)UI_2WBH6| zUmW)psTz4KuBRY$2DIheE>xQ4d2W^>Sm z?)R6r?HpM+Ry>3Laa~&9K?FhLA*FNEwkRzNZQ?uV<(?>sRmKmsOfRO?V3s1Ma|{xD zeJdFo$729#ChFzoc@^Yd6pBStXTQ#o4iCx&Nt~>7`WCaY+`!iCS&1yiu%~HWBwa4! zP#Taoa1ul~J4&DHiU$UFJ{a+AR?%uP+{n?}N>s8Oe85%j8R^k#I$~=c9%Q(;TnmLK z1qsh;rP$Q)8LX#@?DO&y_du=dh;EIPPK)yA3a5(oVa#9k81VL3SB0d6qijLe>uZ( z$;Yi^&5tti#gB*Yd}Te}op%0Z*5BOcXe4rQzS;bRZE3y_pLAn+knS8~x1gnB+U`x_ z?FlR`?e5m)SjU~wXXfi#GHX(Vf=OeMB6GLy<7xM;45PT&w5HZ1c&Cqj zqb|@@&QJJPeWPfpsY3cs*xPJsK4Zzn2Jq8zJ!8QiWQ2<#uGk@f7{z(YcrNW@Te)A% zP55Qs$owiCQLi#EZgkn?x|R!QNr6rXJ?pTs)=h<~+s_$CLHs7OXvEKLL1w-TOr%J0 zfC;VJe-B^X2boJEgOG8aD?UM}m#5P$?6mo=BzE(V<%u1u&LMd9OV$q`n4{(-j@3yN zor@Q%Wj5uC-}g$~E;E|$^nVK3MI3jLA2FE&1>5&(tPP`UP4Kb%O!xB0`<&nd(0v7T z_r4u#Ygi>|4#xzA1a|&Z)JQz@Q-STSZODuTm9P$R(yzaY^!*B0bp2jbv_xR6Snx?c zwJtruGqTj8f+(Q4w2>Vp8nT*jl=3!26-GIMG4QKpqWO- zIEnYR#%E^tt5I6qu#P0=LV6A}K?Y`{n;ZB(*sP7_C>a^a&r0^)J~(fnh(<-ax2VMf zJH0DI(r)eMw5M(;ycHOrk#PSoHjgaNR{M?vXDg>#D6^qogi)$HJCm+Z_$u(m&|r#6-laJrJ!hFg`Z{= zVE$B+2Q)el4Hmym#dhO42O_#SjlH(bK5(9BB;jhK8<^bW{7YwkA&{lH@|^H%14+~F zEzAa3rZT%@AZKsZjz$Nx==PDM@I~gA;1U>PHPQHj2fMTo#nv?-ahwXcD+6aS;khHX zwz;>SZ{Nm2P)96lv5yf(x}>lBvW}TS=~o_XQ{}@3p`-)&)unFvuGddZb#@LgnU>V+GZns=yXPPnd83 zCpFD@*G{+8rGYG9`z$daR_7(ybtmggW=Df<9@1y?Q5|<22K29U@vX;zH2(kuNj%n# zd#}dvm=O@+q(8!cFe*UL(Y!llu33G)#6=zXkLQdI5xpztZyxEo{)exdUl2tNsyeGc zNynHDdS~$b>7++5Q=MHc&8^^$F)hIWj2;%f1Ht|mNbLvOVn?4l!+O-pCW+X{@pp&f zmeT(KdAIoxvT@(izB<$N3vDk}zSl11X>Lm3WdJC?fa5rBoUl*;%N}{fdKZA~taW$> zuWvLrQEu4Dk-MQiI{MVVGiVk3Lu030Uf$|=@WhCj01?<%f_S&ah`MZRrncgYQJGIA zdw*IkYi@@h@bAak2A8QluZeHxw$o?dC)x-s5c*{M@m}fSt1UNP(q!=#lW>n}?CPP9 z&4HeO92%K1a-4RzHLZe7_qGQ17dur4Q=T*URU2(C4OGJn+bs|;T!5|U4N_!DSk}@$ z9Qc35ciI+%b#l;LLpiv15^Y%m{nbB+uAAZ=j5zl#8J+{K z+C?^`hWHm&!NK4Tdetd(+c|Y6w6Kxjjk2MgbHNzr6(+HtbIh*QJUOXJr_RzDOr=2x zNpGcecAgub#5&v|+2XXA4&_*Vaal?wr`YxFMYYWXNz?3fd*}o!AV~H|rvtt~_N{*& zE|;fxUfS~QuI{y0RD7!Zqa&x+kx*AL;eHs>C-Fy%>})NbDN)sqH{iFfO?$1mvhdEH zZQ_kB+9QBe<8MCH(jm&nCvS3^)zt8=U7zIx9ZBh2q;^p))zo5g%o`ZM@SQEID zcz*TexDYe!Z~~Ay8Shi*)?eA%?WUem11fCBJ#v34wE#2a^K~sD8sVDCVso<@!Su~}R;wM-K`X)z-Ht*0FCcQ)&^} z++%Y$LUN-W2fq{=sHAGyU&~`^){;iIk*LNW{3{zuw2Mwlr;6S!vp)Cvax*|l*z`{Y zTQh2t%XecMT6rgAn|E#m5JukL{d)1Qh`t|d3D_z-+O&*U%TK%Cr3NjX{{X>%hp;w- zHnpr;F`ihOFW;#B*y>x`1NqfSY~Z)Mx`r$mRgTiUwEIwiiJr$KHljA}wEHq*4=4{B0jD_Y3-x5J(`)!@6-HEV+eHti$BZ?%7b z5;N<_uA0xr_PWYyP~U{ISebSXqG9V^%n+n0rH<()C>*#QG+yV7Aeg zhz~6sXLd&fFyoI(@%!HZ-NQTGX~)T&1}Yw!7Bcyhyv`hF1AL$vc99+)zt}_CC(|0jqdkO&#?2lxcG!Nq05e$+vuj;6^_x@BCSEZ{A5^yo*%0 z3ILH9kO!wVoYzu)lRO7h(PoQLhgg=?%;CJ(b^a_2b6XSm^4nC>p4Dz8`4@1(&e5Jn z<6QENrqHHw*B8@V$!!Ic&1zV#H}kbSirUn5$#g#sURy(P8eGW3=Rd**dY;vE(+2<7WOf_ zGD#}N3$O7W-=VK*(To;zs=Rv`o!bD$>WP^1>T!P^{8Ojfcur@#f;(?8h?B}=kU;JS zzABIG`Qi&0yg4SgZ3U#enOzUfx=dgkegM}pg@ojE`j)MEsR+g89FgB{I#*m(jbhIw_`Tp=62nN+Kd|GH&SZ~lqdXQKg1k3F(Qb81 zxb0CFI3$vA20PO_B7I%(o8iM;>l$>H_cNqxAQELkO#9b$`%ipa)%+oAZSelW{u_JC zsMcqi*@=8$0w2>NqnA-6kAv*&^=)~kXj*+qqD|%Ga?ITNn))l@gkC7{?v1J2M1IL_ zG&z6+w`nKlC-tYuQDWasy}G{pJ;HhW+o?G}Q&#nRYh5={`zkzl2#vRJAbh_jAUGxaYA zo7s}Z#89=s4BN-u^d`AGKMAg#c-no!!y2O%KQQDD`Ju}}DReV6y%y4Ir?|EZEw_-M zoZ`1MNfGV7$cX5Q+dx0eR02G&;uedjNvTb9b$Yi!7pGu7DSjT`YB~k2<;-#!WpYB5 z9Z>c)TG-t^4u;z3YB!@%m`!f-H_VQBUV4x#)b!m(#@2Y^3X5@!@OdND3QZE{*o(wE zP4(`ZaeWd(^2P~B$?yE@Kf|`VhJ~a+y1EZF^2Y}tl6nfwQyP;ztHw`l4f@@LSYLJl z{_S>JMU9TD3SA3`%;9#3z&|!eU(&3XCSmx($_ofvN=cQPMaBr^9^$+{^TL|VqzsXQ z$lo#s;I(PUYZY^)@Sc&VX)SYoGmo@36kw8ekFUOKuk++&n&hGLCIGp|-p8#DpJBCP z&xW<=^c_kI*0xKfOpUC&m!3Hlhw(z_>Xue_7B`O-&!4%*G4lEfixDSdozZnGOKVq# zUGh!F-gFNpV6dc>Z4!hvxTfVda~ zgZfssoAEtgHtl;9zHb1oeolRR*3fzl#M|*6xVF|!{*Yea0fjvZk^cbduMC4ym&CfR zp=%^^8+d?H?570#8tGCqjBIrFFg2-LD`j@sfw*_CX!v;|Y5Iy>UnQN@ylfaG#HeB4 zoYIuLl@?d{ldePJonaCi*R!&S1lt4j1Get9%j#`yacd2$znY*8x#~?~R);%BUj)=~>Dml)4{DF|)L`gA)nv0)pxW zHj~=8pAhTGW(0mI;wZGaA(^C@&%c-I6nfC* zV$#y*N3Hm$?Ezqf`H+#l$lzC*8SXU=Qb}w|C8wFW^1u+Ius?-nc z*q#`4^z&`VI0ZVe?_Gu7xa*?9VH%*7SBVD>N2Y2Dm-W`Kl@?aLv9L#a@5DE`oXe&fdrNd>V zLY7ilMy>LJDf`jmKhChM@ML%hDNw(Aq54n~nUje*s%jmC?d>ROQAURe0A$kQ}iH&sHQyATUD22N@* z@ay|g;kSK5?Bpsvk>)7|csvPv@G z0q;aoG>S&fSN&X+$Sm~2$vaEQBfD_Xl%~OdQbUAPMP3-N~ z3wTvwl~aXYH*?QFl~I>iTZWcdu0n?BugKhe>k5>}mex5#efB50MxV@?nBev!+Nq|Z zZf@C{Jht9Q80qU-s$tHJM3xpRFaZN0y$w*Eq-&E3mXt0rgN%dLmf8n7_iJs4d21LD z_T!K$2$nf!2?}l4F`V_T;vu%RXG_WR<=|Qjld+3R*|U-hc1wL zXJ}o(o`dUABFizC6G(`@hX9XEcc6APqmK|VLV%o)p?00tV@?uEvz>tU2j+OnFe!%|#w1$=O6T><$i8QN= zgK+SPuON3BR~$&6p+Aj8(b*X3WA;nII;(3UM2cm2qyk%VeLITu_^me)41{yj9gTCi z3UTOi_f9zQ&$G?RZ-y8fLV{88a34W89wFP7+U<3Vj2Pco`U&H3DZ1$10t=maw zeo0M|uEr%!3k5$+)!3CI(ta3twp|AF&lK@)jF|%y^DE_ujzaNbWl4fm<4)thZ{wu>b%79M{p{ zrg*r@J%&jlU8H7PbrL54WA2|?*3)berfG^FG$zx7_kpiwoR20{?9OvoTcLC<>`ale zF5+>)=ca1;)ZJ|%Qqg(*3<1eL^}3NNHqfVIs9wINEmc^q+=(;5K9$tynjHGxsTyA0 zx7mOqOpd4j0IgK_DmxlpBJkh#RjYYWzuDN~T#gA9&aBq%q)UOc3=lffi)BjP2{cKe zTakbd%yJ82wQqjO1>Wh0nz_K*+z+j77h)PEj9A<;wuD=z&zXR3hPBsIirNXTZQ~Q5 zU9tdp2mFe28dfVqtR|z(k)%o3k^O6s@g&nF)5U1$%m#Ql=CG7UeuqD&%Y6E!rQGn6 z(Hv)tkEMIJhMGIXy1BSdLE_J| zc|tUGJBCW06ndJq9d1F{L9QmJYVngR&5xAlD_l0KX*4oA%Em*J&~&Y14&aRY3(ZmH z0wyLrh1fkSs=RpQi6fJ0N*9oM_8eg*RZRLsG^b}Z`Nu5rQuRfVMhXczB0mrRv zYj==p5vzbpV=cxx_MpV$?a|v&x7!&A4oN4duR*)}9M;VOs$j1HdB@by*!h{u$zzmd zM`Zx>gV0twHN~yntdpyKoMiivK-1{Ye9bd78k!w<|g~5VGhEN>`@eZF_zpF(Q_JBqte2xxiBGx&(eQC7GP(}zlNnm=D z(z<;IT)(?ZxMYSRg*ha0M?7YMT+6ZWqq4gfjzu996|OG{UU9fKj-RQ~`v z2@7B2+Jw_`A zw27VBS;T5Fk&{VD6DghSw&Lbg<6>Yp2D0v@7S3Q+S5VuqI@Km-mD$Z}H{WOh4t(5g z$6_l>Pl_7|?fl8289TmSqJv1r#s;}}aW&a%SqVXsymjZjJ59ROmN9W7I|K52W`f2` zrCncK$C&p?yN#y<9`)&(R*srOC)&~mxZCq*1RT(4uh87G(5Ah)mF-{)8jasCdeybH z5Z)wrP`q#>1G$IZr*L<^r%iUYcQ+B+{iOs%VL?4B&pc_PTG>HwH1`cI(g*{!M44tr zg(F?W*6KXO2OR$ZTD7X$&1Q=wyLmtmxE)PUITdepE9otvjzP9HQUejmt{%fx)L^){ zjSQ1HJ3(-9TSe$|-0q;%=0qvG6KyAQoO6oBU2|7azT#z)5uC9c)@>CX&Qru1_;D0r z!Z16!WRY0#$u06o@r|*CsA+^WVm@}fVLuwWJFBt=jpIXvLldOitVE^Tj`Sds^YPDsx=tCqU|0Ff+-ew%IBedX;~wpTIa{xj9(wY9#u zw~c3w*o4J=K{M7o{)lD6zK ze5wxux|DjHvzJ4$)^tL;MZ8Yoqim~#-n`=SH`DD|p?MwGfTZ^IrzXy4Ee>gKZm!*f zIwJx|0M)3cxcQkSJNgWsm6@zorP~|(ww7enJH5e87x(?Z- z&e&*kl35?MM=?U{yEslwdUc+SbErWK-)C~T$m5!nuc5av=Yo4p(Y#V12LO>*JUijr zJ$maeq%eOS>H+J1s#K-7uz1 zV4Bh~uuA0(d9HNmC7Vx0o<#=%xLo6*HRczZ-Oi?r$buI8tc%k<@l;^^&XdFXY&P%) zBlx)teQVP6pRz-OtUSEsj(SjQ1JiXqOHH3fO9&)c<(OjuMn|Q5*{sbhS9cKF3>D6J z#w$53O&WGMo97eTg`Pxht)0iNYb3zzxKKoS;MMY@o>3d8quSt3<@v`asLgg3A`6Ye zQmRKBnqje(szhzBEaZoB0QhoxFt0(=WQ4&3ONpX#uDM#5VRYfeG9W z4?|cmM9n*{=5jvh{^_9J8=EjfU`b>ue8$HIwP;w}WQbLZIp-Oq&~q0og!0_n#cmGl z;PIX+zNv2lK+FR9+p=+4N+cN8xAN^MUt{APdsbGW<|Ij3QHnPHYE2-HrY{U?J|*zg zkBK0b?#jW4Dp2Dm9S`SLbY|7;r8+}gT+Xfw`J{ZL4#tCP5=$!N>?&p)4|7#){8+JT z7CJn(aokDInI7(k91=Rzxdo1^QPd!_v}=omFhmA$MloCqv_o_76^?rK%`{1`4XoZs zmNeiD^y^e~$nK)Nn^Bc~w{w-pVOFJMDWl#zF|AsriFbE(Xp&3Hsb>4XL0)02c#~8& z7p(^Nu$4eD=b;_P=}EHV6P9lgMp2W>lg$ShE#A7V7gCE?vX;^{lF^1nSYwgtK|~jx z9F+xxk_hFvM+_gj{x#GuiS2COJvkhIX^bA68m?PzGtV`hLtfW)c_8wPRxzE&AH+}p z0IH|8p3*7y`EiCtABpv*rDO)@_PyQ25ZcBQ?8?NDJLlfCDmTKwz=E1XTc%eXFJWc(b|x z07RU{lY!4#mr&gzf%t;Sad)RlXAJD@7kd&JM{+r;IkK1 zrd)YVcnig}VTY}8+O%>@eB~GwI0bzv2^%E^Nw7-Fpx|m8?>*`B~Ck_*+V| zL$M}Xf;06$O5V_34K~dpygx7)B=L$Rpp6|$LbAXYySWV4wZbSXkJL;kbvrb;Po}aU8%xM9-kPnyo4}GAxIpkUIsc2^o?SX(Rfcon^9wQVmo(j-HxPp73eyrh#}G} zZfz}X;PbK)NwM><9EyhQjSn)L#1DSXpkyff%~86!zR<2trEeOji!2K+MltAWy`d@{&KY%E&k<;=^!RuWupgU_zgmGFZ>ZegUtCBfl+C*VNj>Wl`@?@^cy1zz z+USx_4OC(co`vCCE2(Wu-8kN@j=cqHYF4(&#(4ty#BrbJT19AQ&DiH{Cu@tTqP;P- zs)4W*oEo=tduwFzvmyweh1-rPi=CFV{{R%}a%zIzVPLVSCA~iy>#lWJywKrS$=X9; z^NMD2sCe9Z-`ceq0PRoo~#5J_+Ng`qa7iHG(Mr0BS*~I!ASERr?k-$b3oH?R+`*XzfgL z-pZhegMr_rW6pHKBfK}Q=_bnKQM-XHB@4NW4oUQ`x5S#ChKGVy{yTvBq^ zT9Zifnt7nUg>dLb=5M-bH)BMNv8L$jEwNjOq9uWTdkX42M{8|xmXD^v8G)2!0iJzo zIkh!VM$g0l01xXLb@Z2BUh8KEC|AF&ZhS-VJ+F+C2`{aqS)u`BeY>{f`Bg?&9I2#u zPNU#9@a@EQlCIa4cXGUy_N;rWJIy}X63tJ`+@7P_sLD%IB3&l;P_mL1V;GR{JBD&A z$h=eV`pWhTv~M+LG3_jaf%U47nJpX^li-)qe$frG$u+a97L1R&G0CoW&q(l_-A|~c zt+<{BA&%d>*x>#ZriOBlQ|V8GQg|;~(RF3hw9#>^$2dp0kYzSwqWYTm`yCEx;A?9e zBvcE#cHhqxoUPEz`0MtE@L!9h@fMS5r)ZZmX;2PKakJuAUHG2)*Rd^6YXWz((4 z+A>Ql#ftC8Tvt4u&YEfLcKV;ipAdM8>&v*(;>5^aN009A@5U>hk3oHNZ`tCK8=ea< z@UZl(c}|o&#Xk+K7S_pbq@6ZOu2nz^z;lD`Udf>9c6Pc<7M8Yg*jU9D#t1RE_a>>w zLRscI=$`XcOW0>&rl{f~Gm<;zvt-q^i?8=`}XH z5MP7=0_Wy6SN;+k`^#uzx&+3D?>D7U2LbU5TUlhg)h!{naycb(x?YKCaPr&} z3N&LSTe0axsk2IQ=y|JYo+t3=yIoFO_PFzyJ4+$?ThMw|-M5JKEpo~|7gD^ry|z)@ zoGA9J+)WQb@Y(S8fpY-TmN!I<2V%G?-AMgv++IA>wHiVQ+*#kkEUu#7P=gyND*4A#{V8)4WcX^<=H~I@)M17R z19^r;Y%31E`}MDTZ9l_4EYhy@w!1Lxg;!)>eUGVNc+WKDF2H$Lh&%xV8gpvbdaT-Z zm1`&f$skpB=odXt(zpqi6B}#Poa3G^TT@63sG<6tcQ4X`_vkq zxv2@RzQw9VZ7q$ov4OX)=i{2%@b%pKVYnKdw0>6xGq)rUr3B3$six{$TP57_D*2^x z5(BpfKA)Xc@in!MrKMXNHHvG5lXLOgjPv=>V$ojTP-Ef8va*V1W2 zA`{QJumQFr3}8@PW7P3&Li*va<~LeI;KB@fkb}QH!3MN+chx@5*Ac-ZqhO><*RQQ6 z&1`*-@OM&TGX^nSu9%O7Kt|$CnF<0dR4d?GDx*OQB{@& zl4f6*Bz%h1!s>cIif*-Ev=<1{fwXgk_aBW{DmF-|eW2?0_Tx>S?&5p6iFa0F%$Yv* zM^*5)r3^N5MFaV&Rip&+%0*R&W1!KzHEM0{F0Mav$`8wfxs7B%pJlqgn^e9?EF(eX zAs>0Y&uT=c(Vf?aWVX1nU24_?1WpMD7&#TqYknoQxxd|WaHiw#a>FCuf!x>A?Yui} z7Llw*e$pWO(z9eMAL~$SpAo!0Z7bX8d-W;EK4VCj*g@wM8MOMIbw7zU-x0Wm%skQp zcHuIyuYA|Id_A8308X`QE94Gjb!@70!0-5)4CS%tn&*jpt2>(wJR4~YSdi}f$DVOs zN8z@L=Tb=IXeYK%a*V$#A5Z5&mD$`TkEPl>LuqLRrMMj;O`^HWyHTdx+(^fK1NWFb z?FN|*Ha^c;@aCO7cej(lA{P6gfs@5LaoJ6Gz9aDU?~CnVyVan&hg6m&aFMpwLO|z^4+f~xFR5x@ z1^9ba&@Vg=FQQ#S;@m5?b1Xpdob~jnJSY1$co)K!mbx{)u+()J(`1(~$Y%azQa6md z9!vW}cpF~O{3T>GJqkGCd3?Dig?62pw+^9~B}(zk@V9Q^Fg(!4P)yLS!kt+Bdj(ya@SdgORDu<|F@WY*R!zaUt^WW5*y;Wn(Qgi`at)QNZ9DA& zIUTX@P~wSZDfpS;O;!tgTT5xJuCArq5M%dO9mi_v{59eY7JY8h!U-+3dW*K$&^B4m zd{sFO86Oq&Z9Y3Yh$LAiy+$QC=)J)nwetp&A%*T{iM+Q~+7~>v9O&8)L%Q(y#GexQ zMoFSs65=FDn( z+%T2S3CRo1XDJiSbJYACvfNsWE6a`cg9jaeuVC=bgP^9hZf~C8*k>omU^jbnP-fs& zZwqRAblQ%yHli*gQo=YkVfN>N=x{5`wV19Y)Y5rS#+lumecx(D#x~e?qxMmx-rY$I ztg0})5szBql3Uwr86G1fOh)Lz2R~Y9sH4txo6DR!< zXk3Vu56W1dPtvzWswb;O;5{KP7AcLa4n}8S!C2t*&vR67G#wfpWBW>Xmex^-AuN7Y z$NvCW(PGs!&c?>((k4@Kt1KYnYPjaSzv4fM>@BZsG|PEqc?uW(+8wLx$JVoyOr-s|B~ z*2V}`Bz?nz&UhK5=8a%mgGfkZRC~L57=qs@;QeY@tRS_ul2WSb&A`TSigzr?x$w2) zXSPW6Y=EmUEAAg4>8Fh zOk;*>_uX^FC?bOMY^tdbm#`m{umhjdKb=L5BP$;!_?uL|yVkE{Gw!x8luo61=QV*H z#qoIl%`+=0<7vSLoKo26gpX9xHLXTS#l7XjyPPj4Ij>35ENx#-nUeEklZHSJPCL~} zbQGCl#{Der=n;`GsUoi9z&E$rrLi8D&0FBb;@pTqU2G3#^9{2to2 zp*z5$ceezyKJ1nx^v!l!DQ z+u^GpCq`M`&M&k`Jk(|c6k(A-oRN*FU*B6mWV>*(bC!&7qtl+X&s}PESN70+{$mr@ z9MED=)UE8|wMn5?Pm^imsr9ZmOPX}Of(Mdu7&vlAQR_*^xp8_Lej?V^JwD>z(i_Px zN|o~>8@TQAfl>S!(lzf8-RhRwl1XLZyGV@pHxdo3gmvrJtu+k|lx}kRmx*-iJzG$d z!%WvUkxKES0kqA6f1Q1E@c#h8mmV$f_LZ!_#LDN(Xb)1rXCJKt_H6Objou5pwVO`e zZEz(?S+<4R8-v%{uyjJYR)*706i{45rPvXj-qhCTJxJK)VAQoePU|vV%)~KZfv~DQ zDosB})0e3xP!s1Bn)D6s;UFtm#9Zh0bt=N%m z?xj%>=ri7iX&Cf6p{Lq|Zc!ui7hi~SqMlKFEp*i4>y;>=o=#F%0?=8$h?%q9(zvNy`R=&T! zp7!1wNX(E%$8(d9{{US#KEzA0)Z6MwXQ%zD?r<0`Lb2;iw$`E4UGmJcU;sS@PdSA` zwdAu)bg;yPCNaLfC2a+-hOQ;HxHHVqnAKN;hu_+tIg#P_+BB*iz?G#Rd!M{&?t`UW zJiDz_dCsFC46ya1otCe%I;iwrFHd!gP>EjRM)^Y=X0iN#r)hQ%XqsM`y8CJgb~s^! zj%p=Qnpxb;(50Fwj4f;;j{xL?39jN@LMt;Gc`|wJ_ky7y55lEN`WZd!Si8~~M)!9! zeVurGV;LPqd5?{JVA_?+*<0nL+Nb4Hj1D>N+O0h-2_27y5p49}s)Nq^*$vOqx(h9H zRr04>*<;=utXmZ2Q_$3wqhrgwRcfa4ZAir*+8lCJVVfScm!)dA(L(!Ykp^-A?OR1? zbU}4HeJjKt+0vV-ZerTQ=2sjwZCrS^d-)}b8RJN{V4xYwnz2eJgKAb*X{pMPfaP4D zQn{$4w!fQngL>Pm4l#_8QqES2%{Q3tgza_Xkv>|1Vg!u!%} zZK2K_9OK^<8zeR$voRS7CnK)_dQ>sWBgAZ~NCb~uP-#rkwzw{yVb3RS2*`!$GfnL3=veSX-<`n&wh)5PmiNRer$#0I+|@ zzuC9osQ8WJzYyIfx2XRBrX3&3$Jqg1Km(qb28lGIbJL9*E1$Q20RAJ}>bee-Zxm#h z;xb1g3_bw)l#jsvwf0twPyyyV5j`6iaZ= zZz|_>t&+-nkIYxJXpf~|#~dm|O%!1U58n5$nX4~*L$lf)9)$5}dYj$7y2PxzOpDZk z>t353WMeaWfbtQ?;W=Tx01D2?l`tDi=frD3m9g!xFRHdjSKVJs2TRJJG0U6T`mL1gdMZg z)xjE;ZM29j*`~nzM@Bg0R_>FaokmYKL%!d3J+tpt4Aj(TQuSh$8P6lrJaOwxT*!x2*HSB}?cm&rjGuC9J2{&A;e6AFECJ(#NNDQcPq&sL z(6-ref&i|ML!IH%+Q(svQrO*|O*Dv`CAYlQwB14??5K$OTy?I}X!NW17xLN&?qrN^ z%W?I^J6O!|9}ruJB)v9rGD297lZ;j_o2J~$lNvZsyR-f3S0?=pS!}L^O8b$vumB#o zty}BS4UM&;y2kCFY*vs)ayTVRnC~V&VJg7$TlUdC!kCaUvW`wTt043*4K=#kPXeop zfJaW4s+vW%v8ZdeRyQ!HwHYYD{oz{k7X(S-W={^y99F5B7!JI1SU=jLHED@ivM~FG ze+pdJH6*jqqrbjOyL`mOcAj`q^sJ{}5owyG!Mc%N+i@|K2Lx7tb=nNtex@E9=n-xR z9I)yteL=L1HtlUL7$vg(^BClhL0DY4tDZaNt?r?E(H2p^BRz3l+#XA5@`qqf(a9af zBN~Spb*X)tc8CMNcX8UbblpiU<96EYLC)F?jcZG`yp_;GP!rRxMQ`dBmaC^1SV+1- z!9U?m7NBz19x|Hl+TTo_^9{RT1>+xDyY}k~*~qj(3Nk9N&Upg_{xzl5fv$$aTTYV* zQBcM}pp}n7o$Jtx_}3?+Ty1J*&CWWgcV; z82L#6&_t2n-CEzrDj|n$yC=$5*Bn;_i7fi8mbXr@a#sv{w1#yUI20<3aPET%P)hI#|qxP2o^ z%!kj9V*(G&-|0#*6ryN&i&y@}juU9R?xiJu@IGI?bJoeINpRN_h1$uJ>zdIk6r*E0 zNF4ZKt-RuLKt;lBYd;Rj7e1_77ze0L7b}5WQ+Bu+Xx%?w2{nDL9Vh z-7iuWB%Oj{eo$NZdFx#RT!|g8r7`3Uqd&#;rC_<~9uD!0cJ4*AP);@&|I($46TJydE&8?)Gl;>46_mG%c!tr zcI0jt&lQh9h@|^;_Omo=hv-FYnN9R&`Mvv1oyDu$z>paH#d1FL;P4Mo{{Yvn9>mQY zP`&IsC*OjDk=Lebl&oakj;vZi<-D)9AbA70tUvU48KE(kjgLHZs*a^5Wq6;$5xhq3 z)!_dCRvUwygWKy^T5X(>Tgen@gvV1)mqT67ufVolPn(j1Wd}d*Ie+-YoO$DJ1a*vX-|KgCnt%0eTMq0M5RP_}wY8d(?WZj<2Qv0BG9XTA4TD)64;gJqTY)=CAH;E+a64JkZ&} zJ*rI)7Wk8|L#M0|MqkRn0T5?#^{*qJQOpua3i3t?&1p=|Pod96pm6HmNbnch?wVVnj$itI?^mCU>E61=3qv%BMhGo7`{>RPPACRV}7Dmdn% zp^}R^$RU<5E@A^Q2chH&(6y4{SxvgIXbH*B@YYQ0r5$crzMNXzEMSi?a7gb&QF;4} z%%KVC-xZ5zT1J)gL1rw?yM5#HXPWgt5BR3sTG+uI<1A=0K|gfS9m;Vsyi?*uY2MNs zg5ijA!;r&0e_AxiF0ACYnhB+oc?TtU$GvW!V<|@Ej}mzLR@N=_kFq1$ukOsKaslVB zw-teTeH{KJv9h&=u8jCabzizb{{Z#Yp3#{&bVsyk`t7!vJ-j)J8IedOh6QAJlT-U_ za>of55jWl{comy{K|!7?cj4W|KE}HU`En24tr>hjf2YN7bhnZ_DBZIopL1O7(lq;= zmbYhT3qAGRkwq(xq~mrwe>(1d5$NA*)b8fF)8(4jfFULD6@lwO`Ff-4TUae4NZsR4 zF-};Kz{hIxJzmo5O4M}=qo^C(IiGUGKps%^9@R+6`JPqc80xx4EfUO;boU|5t4m*py-UPp{F(F{-1ES zP(Iy&6z4tb4_CNLOOI5Xi2(icmwrW#Xv2l+> ztFiFIY7vjLI>RV#4m#qxdyfWK>994xnmy~wf^tn&^|7jgJil4Lx4VWRV#OU~JJ=ow z6}h14Q8Z1dPR$<75ZLQX#-@dMwPJNUmD3$|qhZJ#^Hp!%CTSuMxwGG{DrAhg%>6e- zpHQ77iMLwhjE~~2IkY>bx=`?^*^_`V%T{g->8C55W&Z$*HGMC_7WyrsOAeSM1Y4?) zm;Cxv`VGoUrbBUZpiIng2;^q7cj#=b)VpbIVzPNr+r=X^n~SLA8t6xctSqMf)%zW} zyaOI-QMlDbbPjIE1>?bccNL5hY&NK*viIcHCY7QlvcG49WMdfVj8>e4Gp@Ms?erE6 z0=Py(2Ho9jD^SxeqtlX7s*Hqg1J;)zoVPbE^(dQ9OIYAY-ve>}@v4*Q^Gl{(PL}H| z{OpW%Bh*q+=p>&*%HYwbnrP){rC%)k=tf92=nz1bDG(XS`=AbU?^>vuC*1F?Et3Ai zBRg!DsKBg!L&MR-sCm}v9IAp?^&a()W%XeD6Oon$~+ReVm@>|7Q4I2?ey&rPZ7s$8*dSnUI|}Q`Os3oQl^=x zTiWZE!WixT%4ExzZd7}5Ue~Sv0B0=b`%iXs>|3cA??KSEJU?IY6UpLBdn%&ZT}#~(@oqZ;mSv8Vc0`50giYRA%iL2YHI8>@+@`#5~O zd-?n-Inf-fO>@NKUxMxwiC|5{jyrv8frCnl8)dvzCA+8{YLtkvwJwDNqR;knCEMKe z{3{X*38cMC7$Gea5*e}5nAEI&9c?AHnc@2+wzCjALRL+K?>{{M04ne;X5wj{MvzP9 zGZNYLq|J_WNYFZ#Pnh;S>tfOwOB@IC= zX2s$c(_Bd^5}ug;m92cTO0nJt-wdg_Uz}!~B2#1<1Su`_amyc_wD0Hmh^>8j9@^zs zZb|%<*6JosMJo%dq`emKyD4=irx@=})nU~xH8c$n79mtF80DM4^rdcsQ8}$bS?o-a z!}s%+_O3q8OWWOHuJ5FhOBGU!8u5mr#7kpNC@-uTWdxTiEpYwCi_u7*!zTFRcT)&}p_lK)1RP zjPSgA*E!=$%ZU76rfK?JmZrAvD*2~jzyx?;wMh4uREe7b*!-kaB4s0n@jjZjn!8OPjo^wshXVxTy?G~z?libC)^I15Fo0({ zJu2fPGm(trEgG{YWh13v>lSmaoiIyieCb9(VVoMYz{=D-H)|J%?$M*SZA4p_^DuYudauX=`g>_we~5_mnDEaL+vj1(+Iy zi>S>Ft?UasmMo`kaa6oPYW6x~HLEMD##xXLx<_L`u5um`vDG|7XDoNxbd~}YUzzdy z);^f4_Bv(ESNCS_-BDGx#sSD8gEpHc)~_^+bxV8676}yPvM>cvoN0GIXo}iNcC01S zx0rEC;&HLzcTeVv-GnChVbh@pAJV;J;q*%mooy<*{iFiN^kt-rAiEbSxiWTckACCoh!(7PZIctPw~yKg)FqBT|FDjhT(7sLF#dw=A5U|6;2%s zUN^YWb-gavsXmlM`Ysa!_7E^$(cwCHhs7OY> zr)doFT%9f`<7ZOX2aKM7onmO72fw<`r+YLBVx$I-9H|}thO|)wxYm3xrQGPM+F6#* zQ%OJ8Dhx88TJkMZNYpgz+h-;@AWWGH4!=V~f&;L#iS?TaBIbE6-p+2uVa(( zPlwg5A!rfW`bp091EAvv@#pfd5|`n<-R`LyNLDrbKrX7kc|qhFe3sm}9^tIT4U87B zY1ZagU_hm0ZUFThewEJOV^J(%#0A!;A8wo1Nms>BRQ?TYir{BLosPP%zj zeQ{$gB1e)G1I0MI6)lZ%tXp1~>>{>Ps48UR_}Y_G)2^?q)$PyOO0WcV1dm$RnHe3& zhx{{Z6@{FaQXI(JQyP*0s5=H2Ybtql!ROV?QXSZjHYe>Gm*K&vz}d zO{-1=$ui?0j>HP^*zYI2CGOE)Wg&5nxS(UByn+a>%;>8#M(U~tR1z`Gc&4FZd_g+f ztcCoi-6qb2k6HwJieJYbmoA*Td%JmRkg}bj7!FDG=xe~WzXW);2xHY{w@a3}xn+!p z;YN5<-he&R!~Ou)JU`%BJTJPfxpFMnw&RPpE2&vO>rT!i4e;XfZtR zQ@OaiylAxanWT|Okl>zuzgoGZXp`A_D5&W!*p|-SzR@a&$lLAo;=M1!@LqT} z>2;e6$rd@G0m2ShbHxU{i0R<*wbr|;+-i3!@ycLW)N;53f=c`1yN?X%`p&I=r&(LZ zk8L~hy*7$UHZo}SYmEy}veX*SP_(s{6)Pg|9E@ixT`KsaOKZiuhfRtoVqLKyZN)(8 z&*4O+Vj}K%rmy3zAHbU2{wvfp*1b31yO52!j02H__3iIpO!#xf-XEVw(fmyt#**9t+m7v z+1isVXa)lV*Xv2EiJd2hbX2v5N!cS;W4m!2v9CbWB(;fSn)Vo3)8^!H?}}W864jkO z<@nXu+O#uB5;gM4L$ybs{{RY#FArT^*fh~vTu7kwWyckycNZz8q5lAEXqUq69Hd|o zDr17am4~l*hUWJ9?d6z&Uwmr3Z68mg!pS{Vbi+O_U5ic$9mJ0IQ|i+umu?YBAg*c`h@80k2#5U!~rzyKCY(51V6aAfGP3 zHaO_s^^}THJ=X2CuMk=IgIC0H+Q3>RM>!{VVe5+c%TTt0*HYAx7`DeHk4zrl(xBEW zLk?R@-A;QbEnZS{gMruUUg@If)A(;sjkWFhF&B)24(~yl=s@Fhj`1&#^{A3KG-%_t z)Je%KG8ISCy<6eM{{Z%ehp61^T8X{AjdvBuTp#a!DrU4WmWP^Jc#7^%9!naCqO?f? zjh%9Uem!}wLb}%F*Jgsw>Kk}1BsOF&3g z?0&Tkk#lnSEaA~CZX}uyv(5`94tHbPxour6?X)(%X(N$X6+nN4^~beZlPdaH`R?8e z``h_0=YeB`c2A%mTIsw& z%l0U+`;eS5?hoZqd`8qYD{m8hlJfFjvMM9P622LD`^WUHO%mvi!q>&gqxe%!x%)u6 zyl}xtU|BK1EGx#fj}-l?Uoe+>Nyc-~)JbSQQ>XBpZ+G^Irj|(~Mc#7Nfi|%maq5;A z4{ve4P8pXCAF!+?v4o>zSHK1hLV4_OZX}M~BWD3qp&$OL>~$SSNri+kOkh<`Rzsb{ zcdYqXD6rBsB)Fd6%nfq{m;_(|J?q-$((ER(S*;oug%B4^kC%^1xGM|DED93dj;p4gl*~H$DeV zQqnu7h^7WX3x=&ywubSFNZ9c1mt|#a(N7p@e&%FeN4<8C-S}@uM3VYxWwzy{3fMe$ z8K6?9(5V%knXlREQbTMdz$ECv{nC$=rdMt2I1VW^%9<6jKLV|8;SrMO60nnRAq z(zp#5O_oXKxJX%$4cr1vOEih!od;iz&J99cI^`|D=c!x;?}MK8*?4*8Z8~OHM3Luo zl8lYM-^ze-WmqkmN1Vo4iDR7hA6nu3O>sBct!!eRM%l!e{whQ?dym7tC9bsN4xW70 z3R(7j;8b&(pTrh2!5q!yvQLcU^}wKKifO(ov1_}JvMSw(+=6q}y^VU8hx|u#rRg_! zny7~T{J>y{pSY*7^`OQ`;dQ-2O=8x2hz7j20{N5WI?Zu;DYLvGD$hr9kgIGS7PLwLs{A zde(o4F75R%3V4S?(6xc5T@tG_Y6jgxD2WLHT zUvhuKWv2Wr@KuGR^INsVfqrmucXm8k#|voVtHY-oB0o?%iTNdfK-2&}v99?;!LAq8YsC5}4ct}?lgDq0dttz9C0 ziNMC)ip&QUZo&wzV2NZcJE0|*nzGbvcY1BB>S~K`XEN*|LC0KmBDU`|&5V=E93n2x zzp1Qc9ZOB4%k}RO2z3S1><6B?8Fl^<>T4TW)Gt~IBR_kLFg-;Qje#9+g*2J2?4Ib& z5}XBX%mV@KnyIcw1T+1f$jKZE2yzE9H`b(2bBfdv;Y1eB=?^QEvrjdZfEnWz(pl;6py;WuUyCVjNobZP z`rMa1=Kn_&KI*)T$xgse~$kg56GryVP%GPt0^G3KO-7czAq4nGQoWF^xHv6q4EOx$c{ zL60qbrFJ=Oy-2I80?rX6RU~noV44kJT!mHL)FTamFWkW5x*Z2W)VxD^W#RoZOx1Ob zV(LJUT3aD$3y9}xa8_-6CN7J62x6~uZ?^ca#N zxWtD&I)nIE_4TGJ_@h+4igrnColUBu{l$+PKm(u{=j&Xx=g{;VY>$_&JTrIjXX1{f z;dQ&Wy3r;g}s%!E80R9U-`yAPPfBl|Mk8~@wi^YB(j7O;Mj24;<0J=a$zwk-wdwqHI zt>L-JBlt?z{5h!U9wF2;d-B3)WH8L7HneOz9@rz1O}3t0I`+;>Q5lU1EEw=lV@{;3 zv^0tKRh$}+i+nq0c=N~opBl%7X2C||fC0~H_Rk3TaV>3{>79f_0G-*}fnO(ym79sv zPgAngB5QcOxt%s}Rgm=rXPVOZZ{jI+9Z2Yxs%>RyS#91%8(l|A*9BMJ6-rt=p80R5 z-P`$)N|=4z3}oi2PpG^&h9~*K&g^ursKZL=@oGgCuQk0|^7_*0=bBbgwTU^%1A+Xi z6u5@&c9LkF<~$ReabAQULyk~JMfJD(Ns%A-Kylw6TJ&EF>oBA%W9E@?sz_d^6{145 zj-pqTGO;E;cQ)Zut$~EC%A!wh!*MIoeXDrKprq__`kaQ{ZX~sWDO>}D_04(iiQ`R9 z!%}-TDz=XKNWthwQfoy|xs0dK^ozd`8@o2N17kNOfyd!oovpIm-54c{Xdsgz=nYJx zVmg=}BJkbSwaQMDZ;NQ7Bysf3Hv0}TMeh)453WZnq=}^;GKCr2it+s(I8#x33+He$TMfa^Yd0fU_d6uI zx6{~^X%FGrx24r|&0@{SWHN>Op#9TLO6Azi(6kd^qI-9Hg=Q_88z(vG^yZfPN{>~R zWR;o+0hySuw@M2zydmL84A=K_Opb|=+xqqFD_2yuvVum9Q9P{VoZ^EiL!r%T8X{fW z38PMjouiyrF?82aExb@hCM)ueF`ucR!0WViTQVlNLFTdoaC%mTy{N%&YaPqjWBbDPt2jZVULhHF`^T?rpJ7_VB; z>|u&%E-o$-B|UO@29rSG&FyE#7e8iQCe}nYVUH{PN7lHjTZq=<1-DEx+@5hrmUJ`f zhW;qwBjy8d9A>!z;jMXYE+nxE5RK8k4p-MS(zqkgZDkiaa#~(a8e|wQc`fZ#7C7LE zgDDKh3&j=&&PMvuIqwdNw!wzf!-7Z?QOoOPs6F^4>k%4Ak@$DO2o z>fZ3ABkgG|)NF+Cz!ml`nwM=<9& z^sK)TNeW70w4L5O4ZFrO$2?HpfOa1ag^iue;y@yKm}QUMCl&7Y0@~6yn&5#Bax#AK zsIblp#5b1uz3csq0IEv-r+_`{%C)$5&l)@tuv53|?^vkoW;=8{{SNtF&eKZ^E)@tu z0XQC<?Y*T0Gi*hcdG%Rc+r&3?Ai+`^$e2 z+BK|XTPR#^jff-OsYeVJF(tI~?sNe`bIW_ykco8BvLS1f5vv0iU@NK9d@-k5X>-kS zBE7*Imn*>@m2%kWrjI+g)Go9{yPnVixM1XQ)~Q+elU}*HEjfka1Qq#lm8@GfiaoEv z`n*%j)~v09Hxf;B-Ym7BQnf>7@>+%9GLOBE)i%_J9)}q&f|{L_c9)XJBK5;K2P2%~ zs9I^Znp?pZpKSu19^HNE*vn%N#Zd0BFtlz#anN+HG&*6NI?9MqPgd6~-LPb)eSwuD-KqpfMyarqNZ3or^Y z-*+|Ynnt57wY|O0r##mTS79Z&`kGEGXF1~gShXN8Es5FK^}w$>g2xhw6^yY0a!KfE z!Pw4gsp*~-PqDm<7$KYlz+C5=?tDybVbhu`gb6DyRAa4lDV&m8pFdpbrdj;hosmx@ z0aPw+QdI$n-lygI)VFd<4zoinA%^76-UW1adUC|ZMOH4{;}tS?Iw=%ywAq^DbE5`s zF^pFwsU^*&(OI3g=Yi7|iPsIz>%kV5dga8B>kBL}h{;FwI5_=4sO8YFboaV=Qz#hp zImo1F&Wpg>Or9jXk~g+}v2=WABfWcc+Fhv5n3AGpLWa-XIIYoyosST@@E?oUTDTVa zWxUoZcX{n5H-qRsMQUlbE2ioMU8{M@a;3YUYGmBl)W}yi4U~)Do+}pLQ?;_5OLv*k zAN^Qi_l*`P(z@03%M^7-9%QkRjBrh0_*zH2nXT_{6U{7o^kJTrpCDZ8pTbt!mZbz2 zi3j$2DclMIPq_VSr)^J5@UMt1v|TYFYZhFYNXGA={OTI$Bc!_V40f*jqz2foPAi+# z_3KNkR@D(a+hs%YgV!RZ$eBXtiRwu%pz+IVZq}uMY!i+%TRN7olIa$f1~|b+CxOpF z*Yd3)BNqK0Id#}BBwtCR9w}Kc}IH3mzjFVc7=w-Z*Qh^%T*J-NO z(Lg|3fTelJ0~7&4=kmN6YMM9?~nJ zAoCTS4|B#V3!23pa@j*QlFj9v%hJ0K4#5SgEydB<(1HacrZKVXmX_A?+9kp=@#)l) zT%NygsoYNX)^egq?=z;YGw&?f3b76OO`&yE4xpxWAh3!_q?pO)bid z2_5oD_pa~Z*I*+h0m#SCkWyM*|hlrnhOWcxe5F zZKih{%$(%=4%8`Jo?9H(*e>L;n4nnh_WYop3w>+RJQmW&0gF=d-d(v02SZG4*yOxb zb!%nf2=x04R*E^JGCPtmPoSybwpgH!>QFXk9eJRKBYxXkuuDRcs4R_-lwgYHZhU0{ zo=6fgDgaUO)Ou2JHICYq;Wv7jhQR_s6sKu290kvOt!?5MVn%8?QFrJzIiy>&ZyN$o;jz}X z?sX@$w=#gTI0RvaMm=b-k36_*rnD_MSi_RaG0P0oEL1@XO545j+MR&wv>OYe@?F3s zl^cUy2liFors6`A*o1q_Pvqk-7>wMw_{5;J4MSAhwVcxnd8@D<4_# zYH1h7;!i5_4XVsjI2D|tX>Babf^Frym?gSJ9>K;qtJa!ib4IZ$k%OKE5f>*y)~f5K z+ZbPHY>nQeS35I#YPWXyjZbiT8r04!T~A2UHD9#o)~?4JvZRrWkzQ}&CXP*DBp|#v z3{Ex$B|(w@a5V!tTs$4bIV#7Z_gL7-S)iy3d@j${%EP(Mw> zy=rQ@9-HfQ-jzWZ+^*Nw8WpT}Gpa}ef4xullcBs zV%x=5cg}+ORqo_;d$n>H-^WZcymdb+VbHX`BsYL0y??(uUgZ##S*~;z-|Qf=|M(} z{vW)#(gd#2&uq+NIjs#lTc1L;gGh!rBh%wTGQ1r60a?rpNxWsE+1{$(T)-X23g`KX zD%TkkqsR=0RrgA5L*+Oq>DO*#l*UodUkl6l~IS34EsLh{V^>elMxZboZp17;tH zZf$R3yqC=Ko#QRACI?^AyrL^nc(IL}wx3RvNrBQqZ{#adKaF3DZ77gHe^Rrbwa z@DGl(%@b4+YObqkIP!#~WFbGwh_XGI>ld2ct*)%{#Uwj`+!zst6SYu>C(F7oH) zIsX9lQ&F)z=b3nN>cY;`Ta#0{Y%dn-5EUJcPv==ydiCHJ_VLfY5^(9XfJSmZr7@`^ zTS?chZ%f<9=CTq#TwrlmHA{PY?MB)wiH6yb+n6{TjyreG0idJSv`+|WR(d_ApQmZ? z!0^Tt$~w2MX_EMI3uR=mjb7wr?gNrfS`4|59PwM&+g?RI{E_*pHe?Q;jZxS9Eo-Sj zlGvTD>zwdL2&DYWiRNqIX3!-tU2JKjllVv8J+W5qz8#DEXl*q4V6vWBgG$ZvlDX-g zG19Ydu|^m6LTNM498j$B##$ujJG*Wb)_7LY^ouEUSYeE;tYsmG%n9^8K<1Y-CQ`8; zv!_hbR(QB}7-ZP6uxVY>$&l#H+3V`#HHj4r|2M>|KYPL}>1 z@Yb8CS~PaomyMEvn1+b;=kug$*JIE1{Yv32?8Szg^FPYm@Cp7Z^o<+H)VwnO9@Onp z>e=xoGxt~z{{US~q-C+e__N`aw}^B(t@LYklUlYOWKpo;z`@y{!=-aR8u8`-0E2us z`Zm2BT7BqA0wRu35rR7URPHO>@tZwH(tTRjQjI0Gv>70Sw{A~UUh!jTqNTJ~535ZB);!$?Pw@VAv!VExTecn|w3kQI-qvLcZ6l4vc9puf2Jzy)~cJZJe-o(8&$T$OH(vrMH#o?Ea}k4kn4 zN3nNYg3jG9uUf=M3z88-a;CT)3c}h`J=`c^N6v6RoiiCb8dvwC!C-4-6F3<>j+M!H zi^sZ=v9{B#wAD7~`P_Pg+|UtsH2e#B;=dE?!uojTi%xX2V7 zQwdQK*DBbd19aNimZ<;X*B9s45)5SdFSg`wmROob$M*zB3mbR^B9tG&uR?X zI@_DcZ#8R3VrU|W01K`c(~M*Ftldw=OQo4)u)Vg5`X~7}9FRwRQDB5RmUQnF>i#dZ zNwt)UOMs>=$S@glaa|3jkM=S9+eL$r0|Unt8XcyId89`T^{xDyC3IvAtGhnNslle( z-dfyT!)Vu&sWHYfR4E>#6alNFd^En)Zfy0Ho;WTHh_7yO!UNB4_4G!S;pjA7Sl`PI z_!A?`17K7C0M?++Ni&4;rmt%q)H25EkOTZp&U$lRBjZ0FS@=`LxaHv`NTat{ z?BkGUU_DR0bIuIwjWe$C2gYmP7HD@~5W3Q=ZOp_)C(DAqxNpY1yIJ^0sx*3jsWg_b zTRsdH*52hLyo4MONdpwixL#?~TG?v4jPq@^EJ8aBV4mLf5c#kz$R6gE>9%UIM=gH2p~Fx=b36_Ie;5WTbzrJ;pJ` zHzZVIWBBXC8djO(9WTJX5x0`!-pyl<=gDk|S-$aaUi??DYx8S19vz2B@cooF_h}-l z<0E+Bay>;vnRY!2(QGuo20{I|sl^P8lZ(~*+6&3bM2n{TV=@=FR!acYT|*a`dwDz4Usa+gCQ!$8vQl4<6% zStWQ`Vs>1S#c&!8oc34FY??-bQboZp>Cj?^-p4exXGwi(jRRlWplft|ZUd?R03x8! z=X>eIb39AIBR!2lP)BbBmzIHv0KZHr#szlzYPG^eE2&2y6>f&1$EjiB8~b|=D6_1q zd>EYPA=e!-UnJ^&D%UUdDbo4nk4k0vP$|ggy;_CD^wjlBO)JG0iJ;o0&AQl@8_Q(u zUqCxm9~(ukzOiGXS+Kc80q0o$=sW?ReE$F=SL}wLW1`di7vi(v`?h^P*53YEjBw=S zx4t^#rDk|X_H^+#+N8blCCoG1`Itmz0fu=z8fwVVRI%3Fcz;OnHO1ssv9MKa3<2{W zd{@r@01~gY4-{(FcZ+CMp^wYn1`Y@R0IHudHH++dk+{BTWru9Y5N+$yt=MT7dZfkx zN`)Yj#;Dc34`S1_hw#^jbt&3O9PA-on}EddKPvJINH4VuznnD9yDmWB8eE9R$9FcD zCYx&V+6h)tq+}jVa#ngp=BOjNGTd!e&hpvMwH&BvGt;bX0QauM{L@KswAQ_ z`{v#E0q=_P%gdW>O^CR1-e1f+WYhMAb1@;-XMzbn$P94pD%|qp(!AQ+?K;M=k*dfc z4j67Y?^5IkwOdDZXXGN1@B@wQUFV$O*)5F-=Gfjm2Xqg}9TBxvGn<-j4w(xo!_Y>#5`CyF4B*52Krw7aq{uQViWR41qd z@vbApHp*$m|YPaV4 zCX;*e=O?Gqm@PFu&%$x(o({BmEoMk0l}vBP%-nD*hw(qe4J9X;TFx2RA&rs2``E<; zl0IeBS|xLLZ*BG^A2*j6?^_-ZgH-VZli1!*D70ci5;l;1D_F%D$~su|$M8)0U6a9T zTH2>@ z@C#Rbh~#wy4k{#!>{`@s7S1-5g>}YA$3u$XqthcYY8+uN==AknC(-J<;`yL<4;V{2_a zmDPrz=(sBcft3m98y)J2_CZ2IGzeS1(bWCZBP06US{BL|kV% z>-4PsYf_D3p3+AB^EN~01uGVR0ZcP-_+KuBV&iV)0~w#d0(=T`U5kL=*RlaU&k%+O~AtTZFmUYO2Z@Fa>(! zv8ZykhI41=SH!IkTkz+LHO(JX)4ZKZE0YP8928;~JdUEg=OQHX&IGNTrt#mMPka)Wyk~$TA+YmrRl4CnbJsZ^4rL1=n93U#d zjO1`>8dKiKXQKFj#C|974xQld2Wi(jr-|<{kz20j38{1Zq138|re&R!Gn z-^SmIR@Qzr_}_JGJe@jJ0d%O&P8T^j1Ne?Q@zXR_e6YV(d-N&t!tDK%(tHVP;;#`) zuZ=A%E+s|GY0?k|G5S}vXnH#6cS~f72|Vrtit{C?rBLL4IQ%-Z@n?fBH7iSXPZjCT zFDzw5$=tchpQ!$|`5nd`YTW zX-7=cF0UrIhY}Ww^&9S$^x%#?tMa2!acgIA@&!wFi>V(nlj}}tJ<5sp*TaiFM(^R& z8o%2jXhJ8Hil7ppa>RXqop+u9@z>jt^n2K@B9-JODHvg0LB}2aE9G&N?>RJg(~XY) z=Ut9DZftLW^MKgA;HmehEo~)+>q*xwT<*7+NF!F^`yBpeu%Yg>%am??XQyikccsN6 zNaFR75=r5Gznx@VT2C5A@&dz*dz$*3B(yv_@v*yQ<#|!dCzk_l1SubSxgBQ8_ANm^ z&myX^IV1Q*da;#`PFv_}X}0j(v9y&IRO4}DjMsCcX;$|0rOctWDdYp!+O&+y<-Vt| z%AOv()2$vGc@k$*CG#5~^V^R~=k*O&L|YN2*|Mz2`&%8yrF6nZ6OTj3yjeW9F%+?q z0VxE4PC@$DoLSnX*0i@VS;rFu8?bZFde$;IYG`^5rJVChOklDv&5ggUcCp#%?*m-j z$d;v7BLjxT5|E=S=yNjb5nNf%Xkkw%K1715L1`0aXwW(;g52?0nnc;Mz7{Z<;b&Jo z94>KJH7!M6(8`5`$Cf>h(t*ld2yNhx?50@p9LJtdQhjSSOKtN7o@D2a4Fsk=?O={u zc|L%ST4 z+wrVxp?htqTBW>m&ZU4%4u{^9v@V@1v*{lT+uXrpZn}^X$X7UCImLPRjl44Lbozyi zJMI(bI8VAgE1FZ(>!(WE93x(ZMTS*$n16U~_S-+%e z7y4zITHZX4ROcAzYj0E31>6bbfVm$z1KPDAyBxQL?=7WWMklxt>~b>M8?b6US5niY zlI9UE^hV)``_$}n%120UqO#FolEP0trG)vR)DS+OrFs3egtEhO(n_&1jnUyr+-VtH zM0fiK+7-l+5JpcyT>bKiZB^uHHiNr^kSUd7TNjVYj57_m$0Mk&qe|1^g|4p*%Hx88 zhu!*9jI1{vh98NZeOl@Ok_lZfxm4r;FjE@p(3wf!@ zFpVQo!N*oUrn!c@mPQHzLz9IkkF6$#ON<35#{bH(!9h{7-g7ykfe zgE4IGq!({6l1S6|Yp%8N#m$r#HmLEkNC5Zz>8~*r;lGY$6Gqr#eq|rRYUTE@{!#-Z zY|6M99Mk4t(a*l8Evh`qiqEw585KuLi+#AfzKEkXShx68iU z2dxA+^fM$|r!5`0GB$ZQ>}v{58O-JH!H*f?k7@*WFKuldrIfmKiUTMs#&$6O0QFVo z)~CO>TT;*F#M@-;o+;R4^zrsQ$sqZO&I#*TT8xV+X#^-uS@WrsdP=8`kRx4!35_YN}?qlG& zcUG{-tGP-rz#wF1os7}M#izxn+}zD)0a%(wSn_%d)!jG2$pz}&$s+B^B{9&}k)~6b z>K|j%8q>~phs*=+kUG&}rq8I`%?MKxVD%gdP6Fmvv)6K>3UD z#nsFoW<~k_e)Ws4+iB9IGT2J)0)wA^_@Jk;#NC;ua8-&Z9s1H}5$YEDoHubivM4y) zjylk0&s&#K)Z*84`ZB&hZVYvP7YhsR@MTR?lJw?l^GMr%sb6k$Ke|aU{!fEX! zaVgrT9G}9SiEhN!l4>osTlpRE08@;9bQOaBSt8?V^$dH`A}><>no>M15tnQ2;~uro zrMg2qBLGR@=CFI4M{~Nj(-I#J%c)H~OA4R$YJOq=00HY+`b4Yt%P6m|ysIN7&>O2} zrcBuNYs-mjn|OjOrs!>sp0cTSRE*2aNv!ciy4Df_QXkFX44qLv0!E*zNgKXy&rH zW5KU+s8~;E?$NgFZUY#ot!yuJ$)|#An~S}t9&5I9O2UwClu!b9nR4guYk=mFTx7u_U&|I*&^Wu<`w;y;_cr`@P zbZbpA-pViCu`BZPjyNaV6yj$lO`>Zrb*ink%fMrh5{c09UGA3mD|%4d$f^7}9Z#if zwkFqRo$rU{)o#r9Hlh}c{ExGsuQ>4(q8(Zb7^f{1Exh319x=@>V?_cRGA?d}axjfp z;F5T)`#%m^z08OqiKb`4Y;``gxyEbVSk0u)sK}C)Y-Ap_PU}Mc(|NBYfP#u!t^ma~ zF6LDktsKi7uU`TWV9oEQ#i^;|-81#l#lY(9Jp+!Hfm@Pg>8M zw*!(lmhft6AVzbHob*3h>Td0A?`>dc9x$gRo7)}glesoL@_j1i@^^{`EU{p=-omvs ztt0L8rkGkNq^tO2;gxuBIlT42Io)LX6B*@yIpG$D&IW!7dcUMn|rF z>Xm^V)`g|Wq6nm2fj%?uES5wuF+?KrP3zqxsJ1iN-cRy;BO8o;B!O)pNog3k8o;<~z!?#b%E z{d(#3D=T>{t%$@7i^)9&XECMF@%L>*?NS7?R>Yh!INZLtu0K?Y>dtG6gmAl#+z#AS zSa;}fHuK91Nh@Yeu3M*5R0Te>2rcxjN9`JGh$oTE zhi@5bnMl$I-0=3Rt?DakH1N$RAV|&*7uLPT{{UOL(zKbaqe!kMnmw6riq(@xTy`iy z1k%{sN=#mH`B)(Diqg{t%{ua1*;3Yc#u0IoFF5=-=Cp)N=JhX0s_Hg+4cuB~wD@aWYpB$H8N8in~( zae?nx`fct0ojA4y?qi6P8y=rbRC^>G?_;F!lill*Y}cRckhwdGChdbfeQKV!Zv~w5 zSlZ6>*`&BvDX>UAaYKq4Z>h>_5JNAV)~IAqy~kSRZ0%LrMnwyr#A2|StPKdG-0cz- z^Rs}Y<26Qh`!wEM!D5*4!R%`zRLJCHg`-v>lc~Vx6^W}`L900sMpQ2fq+>J{85n5x znhouj_Kcy`aPF#c#a;N5;{A3H3<Ck zxav-QE7&ddm=ag8S<9mQ-sF8LMj&kXQ%5?UwI$`L07+jx=9 zqTF14l{5Bnza>=r)tU2ZaQ+R{YPt^Tf&|d(gnnVdxIp>K!KD$Wj~Ow6W25iYrq}Ls`zum8a3tbhvtUfU$;T? z?o<4Khv8nQ;(ZrOc%ZnrzIa(+Eh;i_&7Oj_cHk5AtQ)N> zPPet4uH%su0)A1~6r4chJR3XeH!`w?wuM}zWHxt!-o2wv@G4EL*y>kuEV9D;(MbEb z>OrimJD&HbL8V)1(NAijWzN^bXEo=Vp1q;zCP`Xo9sH)mY;atWgZXBV)LHTlp{tEY zT3Z{vEs`^ERuPP&WcB)-lV3t;eipfs%GfYv4BL8eqO+X38(7uxH-~iZ?C4%)iLO+D zh5C$oSDfqmMf>PC5m{Mz^Kw;}H6 z9cw;zD6YqA;w$TWD=6lBn`^G2uPZx=U=?C*@%5-isOS7{q+nArMv z08(>iiD{|s{x`bN;ej-*J~Vws4XF1KpON_J1#sF2inSjP>lV6%R+hK+u@cfnDd6L^ zVC2UteNG2j_|f7kOPkxPD>(G6P~0@JvVh7Ip2Mf%UT39RYkw29i7mB#MmD~cj_Ed) z36uI(^!&(F(dZr~_&9zScv^dp5O{#!O>;Pg(Kig7j!5scRUZXtaA-PgI^Ffu_m`6Z zL}VR~gClU~jAIqCN>6Zm^Y&@Q!qh_U!?!r}`hb1ZQkyR*~*R%;ob878eCi9A#_y-o=t@cT|x zw~Vq3^xa=a=pG2Qn^1!9NSK1Yznn)c^(cHH+4UVflmX&f$cBwR* zzG2lx3PpQE!8N}Y-L|W749t%ba&kB$*V4Lg4C^{|(uaaF(RTp%@BL|&dzu$MBl7NK z5m>T97>&e&Ptve%d?jP6-&$%m(QUXV_q~2$OryQiY|~3yO&3m$ibf2NCJ71;Y@elV zz2Av$-blBs%weh4+KrC z8$BWkjKR`tfTfuLO zQu|Pd+T3cFi*F^J!xI>dgKy7V9MCRX9}Rp*(=~Z@yY`0iID94wR_vGQVk0F_IZR@LaKJ*v%$?mss5b}q|RLw63kB{6)pxQh0od6#%8r> zUS%PMdq;*e%l%3jW=POkqK1))#@yF`Wue;H z+pXY&-1XbFxh?dqMw#>9#%~d8msge^9Fi-mZ7<6^*;tLOo;rH_)SeL4?X>MUM|i(# zyN!0EAG&kbbvqQKY(?VzH%T%AEbl;&e5C#FYT>T6^uNBl)a~Gs#v>_Jh-3x!0MONo zMehh$wT8QQ;)s$#s5T$WZh6KrgY8|)-)lOpzPYMf>9-rL*UV-KoyXRyF}bfMhl<^J z&g%aFNYw7H?Pp1&a-KsU;;ViI@YbQIX_q?c*xaNqh9Q^bQR$wQsWZ^+H4CKD?HS}K zu_gxGU}n1C0eI@qT4?+~rr7<0Nr#m#>=P$FMF%9Msp-0AgW$ba#xrw3*XU{`8ymu!zNeOJdaKGrWm^Z88O1_JMUp(?`%Sl!R#=Z1$-w5jPY-x@cx*Kr>7a;0 z084&OUAQMacILN^#PqW~^Tay6(P;FG@UTMCZd3e(FSD<({2rXfoa;dbC1(<{c zf$g4#nHT7HU+{{zh+{J8MP!SoQIqSDR3`X(ZM5jD?I#dSj1UZT9nAw$v2HI6vgXMr z4$8w4FzH-Ax!{Xw?(S8dKQ%k5@YDyiE9g2FpQ1{}SXJEQwnqojwqSff&a@`BuWY;a(=t(e((?0;d;Cg{q&U5o?W6bsFt#q5S9-kv2+q)$E-kHa}a-Z;) zSm;2oxVWC+@+M1Gkj?VTj$KpF*5?Q^Kv$S#+!8>b0(@r{M(njO$5tRTkXK6m- zgu4w!+8Ni&J&6}krpQsb8S7X#em8lv{X@fcGbOFe%1B_KvU`t8v8CMLydmQc5cpGH zT`J!8Wz)-vW!}egH}dUYZg`UOO|$TopNQ1Ue$uFUUAR)moG-Yd$45PnB(w2;m#9H= z(g}<-VO~c_roHf<|nn_29T225NahwsQA3*7}=6Z($)X$aEwPr#+A5 zUDk!7rL~%tf+t_T%6Z&sBcY4BX5_Z%WoISL!bt_GIcDvTO7qLR8+l=t?knqeS109C za-Uk%zHJUlD-Atv1VZKokzeL~c0I_ho^5Uz?If~UB6!n{@t?hqN>X+m`kS5~yVGwi zR{G;AyAPHR%0c=X;e1(R4a|~Aj(Ox2JXR8ya$e^Zr51|qTIIniNcjhD*{=RMq`oFi z?&S|g8NlsT9rY!|?DY*B#NHs&H0?XX63cIJBv)~q1M709wG4jQ6b`O6)G6v5D>Dx>iL40D9?`{2!Fvveh1CrZyRb}Hi9#!Y4O{~4cqx!ktM?9s2peSSLLZzyuAgbGT~B$aq-h+t47l?M z80p%%Yt*~B>GPjXX<8I^tUk_%a2R9#>eZgfS8EaTjzRRUZf$OHRhiOwb~r9)j@nyw zx!!g%5%+=PkJi69zAyMr+u&!%3*QXsT8*{Vlc9j$ z)|%>fe+s@UU3hL0V#zAS`^0#X66+*j-~us>;=bAN&xK#&9+zk1O)dwqHjFpyP@zWN z6pvmHQ6VVZK2F)Md9juo%{?LvWt~YQHT3u=c-M`MlYvC(PKK%YL~PJ7oyB(HH0fJn+zae-RGJxFucQuU^@ zJ+-<+BYCAyAlD4qZlrZfjY0zLZ0uVE{li@_MpAm2+JjtOBa*ANPB`mOXz|+FPxi@7 zfe7!=R);*}uBW2fUMr-R7Ixv{!Be;Rvs|RNGh957O2u|C`E%Nxj3c8pQY%Q-6_Owq zBR}m_vd3#X{hAWdLyRyKjbqr@AK5Y3BzEeuOn`>Nbtl@hQ|zr9nWY9nk1YWE$LmPd zz>fRvmP(R@Vi;#`F<3I&O*H9p?}u-?0ji0cjgF^Jj!4QeJn@|R*KKE|PvScn?O9CH zm)HR6XyxiS%FOXyZq9!Xz15AhP{XyzA$ZBpIj(-!b=#GZO3Fq-?MtZix!Ky=-Au_2 z#x4g;b*{rmuruzon%$AQ0>{2)9YRulf#imZK*1jbq)YIARk)G(e%ytu` zpI*_Rj>W(VQ_RUH9G-h|UTfiwZ(*2G03Z&6+LUdI~;R*n08(kf&BYPB$YS0CQbMtXWF^#Z^II4*CO5*mSl2p z+JmhKb^|l518AxDY;GI5l3! zLb{b-bP|?ga1?Z_?0?+oV^t!+Cojgfgi zqnZlmXQ5k7BHE&YyYbUCc1yx^(FkT~kKO|S%Rn^0{{XK+2U+2`5$#valQ#o~1oo?X z=9_P;TK?`pE;g0?se#P+O$>O$%oNQUqbO+ULQb`{mwnxp< zx*bwoQ$*HnZQ0Oip?1I5vHo;RVXIu4MuPE6D=zctR{sFu8J_CQ%PeoSj42#*Sd_Oo z4MHKH%_2y|F+X*`!nr6e^&LWMh#)dcyE|1!Q9?$SA%nq_PjLjqBD*)wyOO_J@6$w{ z(%Iy7UnU`q%T}SGcCtMG09Ek~-M!iPdMv} z$he%ItFB9VExdA=$qWL5de?2B>2t#*8mY80JZCDylBR-X7F@bBO?e|it>wsY+lNC~ zO=ECwj8bphxfx^7P){p0w96UN(3zx?R8}XE(BF;jw`Lov*6GpLC(C24g zB6dL_I3B&LV@!-nrfF2aY!O)-C%LnwycTz4?PW%M5T~UYmxdf%$$e=ei$`t6NzPAt z+A*;W65HEIut<;>N87_MTJCfyuUbnxRJVCq*aQB}QHzOV##&w6w@Qi?EMj52j;wj( z`Bw$vON;9pcxJLu<#gooDVjv&?)5~x)8~q4Ow7XvBR`m{{v9%#Wfu>=HQ{sEP&1;I z!YR(^!hxU4u3OABh>Al9eWy4Bl4%#qXJgP-&GkpquO^L=c9$Iptp5NU$v=ZFZ0%t- z?LMIi^3_Og4>>sL_iAJhbIh!+?zH%!W@Lutn=Qsh?`ln2`rA{QJFC|+T&`F1>rmj# zp2sZHgm<@y>_f*LNT^+|ZRK?=<^~wx@%YgNsgjA&czR%Op$JCN?bp`5Hs0>v?G0-1 zua%Dd>eRKdxtXiSWv9lk9Lf=iJ9EgdF#ghGs52}-AZ&&wA*zhz(c4^)?JF6PQDT}! z0AOR9ucml1>ee^Dnr}Kny%(qDPR3~K{5_>wT|Cg;Cd`eY*paaM*CFB^22CGSdl5V{ zvcKO(%CP#@Qjb%3$3sHe)=6M6l1>P~9Oj(9LP;DftGQ1H9Okn&y^e=ceL~wy64*Q| zxZ%Sdaa=x>mlrouNp{hd-|~eRHe81*uoi|}ag9n6kr62=J!2a{biRx|20gHPHP-45@cp`(<-CbfhT>EA3RRwX## zaK@5$Qz=w!!Mcx1ld=m!oLX+9W2itKS*_WFWOM?z^(bYyo#zj~fsFB*MHS+>Xdxz4 z&N^bbpA=7d;*?0P6`sl;l~j%Z$6-LvHU7wrbx2}H^59Yz80%iId3fz*ZD#~=1&<5( zcQgo^*7&Hmia6tukevN08;Ib(ycY2y1N>iFq|92>pTgb`zn8|ZCFB;y!rm|Ra-%Fs z`^5b*Uil7Y3R_|9uMB-1dSd*m0#9M_y*=#WbtmB#RH91|x! zPtub$iNN2j+G}lP32m{c&j%o!{{V${mOdtr!`Iq%rl$uNIr8LTkO&>k0OEEQ`kl4> zz{aUEpSh9O=|;Jz-$$d|+QS)v~nL+ ztW7MJH+z&J9S%BINo#hOu&j3=yi7h|dy39+>S@et&0}G3i76_Uq+tChg6c6U+S)}S zjdh;5!;{^?shO8NEOmw>)vgW$FpU}0RI4u zBU>E~lXrV}r#+na!Jr(7*!T6WZ_1k6?V;`t_d=)v#tjKRfO)ifeywuT%F)VajN#8? z?kjgnXq835R(A)GPaIaaW_-Gxv|c5LPqJ%>?akEdARs8oU&5>2YnqgA7JOtZ}>8dYbZo5$n-Du#>|J+d~Q1A!f*8IL%a96WGkx zJW`>pE|pOcn2o&vKGl^kj4!TXTYF7{Pc?pQWQEA$n=?9iwTq_I?4rAy5#t`2_pX~z zw30Vr1d&R65O}Pn&Cvqst#M?pbcn1}grhGniyrZEwryt-1n@+&ra3# zD0C}0l2Z+oMF1U?XN*@7qS?a@(Y?B8 zRKC?={?M|D;@;nf0R~Kd#<161)-I*;BxWEl01jAt&}fy6mYM~fvk^CZ?gVwN=R^Bh zwP5h#Gn`~}r($I6Xq_Oy(dsfRb3!`Do2}MB3E&@2J67L>tZlFFZy*k^?u>?P zbjZeOlGV>P)ch&^o2cp*b`u+zRm+0J{M`1d2DnP*YP!up=Ri1!p2=kccIB(8Zbr5*0C=G%$og%$TM z!^;mtRy;4K+WGOM@+5^x1Td_nP}7j^=DE|f`3$yJ>*XV7Za87@URUCa92<-AA$=Z(YKt9X-4w1OFAwqGjcSY&4(Efy;J zSn|D3Mmnjunc!QPV@>jLpOkg|YbM9VzuFeRV7}76#SAO5As`2E`ef9!TYZiuKLL1l zEn+=+tzvt~$(dtwl{r0eS_`GxOQ`RL))?<(I4r$|GR%(`c&Aj+Zm+yOpxIyU2qKc@ zB0CtLL&bUiiL75v!rt^WbE9lllLL3Yb3j<*RtIkv>NgsE!tU6~_X*vD(~ro0b-SqA z>I_!dzSNH=%At7M?kEG&dn$cugW5yeS#(RJDsi$IjPB+8ruj)EPI-aQnRC-=zN3>-n(BJTfh~V(lrS(|kvTd#sHgB1@IOm^g#h2m@*NC-^K+SI%u@RL( z2?ub<^!k63T1HIHaWs59H3+TV=IB42B4!xa5m zLiaavqRdGV#y}wcb?J*?eXsazYw~H=5!}as$a_Xk3m?;piJGK&)OwzYr)!q&cN~`h z9s5DXdU0P#_+Q2v4~T4I`zec0!TYY?>ivym9J*Za4<39}b@-QYqrIHZq1wca5CbiP z)wB86y=WdP@TK3wch;a;CDblu`#cf2+E6c6ApTSc@ZD~Anph#5b*gSIjCcb+_4D6| z=D)W$a#|51G^C-&-Nj6wLM7P6ZwpO+g7WfqmT7=&K6$Q{taUFB=!+GE4Z0}WMU6j; zj@6S0Bj(Q+UwDsN)7iClHuJ-miF3He+Fx`Yin!WP?mKr^*R8&6Tq zV^MWFV;+a7MAp}Fi<1G2<1CB@LHDjNS4Faw;fa;fL7%2;II^0yhmLrs?GQRibEinw z>e!93_v_L=9r%~S8a|fN$pjXlw@8E`#wT~LvWiJ|cWO1Jov;;#w4rl%GDlWhw} zIhBa=$sIWKt!;C|qd>QpOhik&XyV$V8-7ng>05IxjAo2YOI^Ctyfr=Ukn!8SxeUZN zD!n=UtIWJF@j}x})a^A(lowE|o#EGvpI>Ut#1%8>e++o5OVza7`6knncud}6I`GOl z;2%nDr;4;|8{1&=G#1l8$sC6!ro;AHT=bnA#`YdI(fnk){hkLGSip(7VJty^a3~ig&oIUba(4w3499I@AAhE=<|63QH5zu5GyyH!C9e_?i9GLRg4 zkxY(6d90oZnp-H~b(U#bKo(YB8FSvdNW3W?iEPnZ!{tr41Rikyv=w6#^G&&Hn{^P$ zGH@A(10&YD8}GGg@JIcf8Z4s@+w=J1ftUO*t;c&C++EweZxfi?0}A8TyZ-JRFKU(^) zz+OJpZs%j-1eObUkCm~3z)%3rJN^|xCu1YW9w^b8*5r$+l61-2w~i~~Pa62ZU0udB z+eqPvh?<0E{`*|UfWR;g`UA+nEiUy?5 z3h>{Awa*azM6=LV#l`E)48CE&G3W0SUuLI;Q$@MdCAXG47@}5;k(Lez98~fea@`(R zq_g zv*t2#1`aA83tvHMsc{rhUPU1*xNKqV1+% zlgnO5PTi|(nnhn@necak^;>ms5?^0OZqUD&P@EYDY%jHK_?G!0w@Ko*GRn?e$#oi-LjLMFsX7+iXT z#YK%{Nb7tf@LJcyb9jF5#kN*@o%0Vod57oOpOlh2;;;Ng(}>bk!wtY97{eSY zb^eu;kmVf?F3aq?U)mwMxOvQLyC;S{g-vO$X$<>?!M2Dg!2^PQE1vf`?_=SJK>E6 zUk@9<^tfkvJhouCQgO~2wob(@4J*rQ3k@=4vuR97p-X2VA9G$-y8XS}Q)zZm`Eo}l z>14+Z?Vrw@k+f#|YJ#0hn6rJ7+DRK} zRww26uR!qP{k$c+vw1lK7_FkipP{|+BfvfwTT4%~K<#{tONImGVbcb_Th#R(Vhg*? z6GobNkT?>mbGzHps1Kul2+4h?D6rLJnl%y}IUN*^{F`T>vNGLcV=*}x zAO5=Z{{RQ7TDyjhDemNvrDolM>)-tGSQMskK0Nr%X`*{;f1FVyury;|WJ2~g@mQMadVK9$Vs`nB}1tZ}v% zBYKh7ilsXNnV>zz{<96nr0gCQJ2sPn&j;&YUD(g2S?K98xEB$W5;1IT>Ff2U?Fu-b z6JOctlZ%Mrf*61Rf$Te1j^1mQntr2uaRifCT0BKnS+ZE*@$@v~K7>ggO|0L4!b7M) z4al_xL~6&N#d6w~rFG%S-p(8Ky<7w4C^$c#rD%+uJx^o!Q{!!BGd;YThm~OIhX=R^ zv9DIw{8=HA-Z*YQ(bSwA?Z_gUiE)LQ;+`bc<&OP+#^!c*0pB?X*j8nxkz=b*9J2=V z6}KJ3uhOYQxo4_)KGM?5S9_$iKv;Qb8FCliy+&I-;4G1ZRmlfv8>+T3lGNj`t?uqG zVP=6MjK0@Z#y0xbKdSf>!jZ`~sc4wKbDWR?QaBl^OmIB-cv^ca)zuvZ%uOJSfH+=j z+x$g$Hm%^q(GA0-D;^?1cvH?=nb4`8Mc~~g+fI4lzb>(aEi8ci!yK08xnC7{!rJyZ z^u0Ppp4t{|hiJ(^=M;zR&R;;D@_EwXQcR-^fW19)Uq|?NSJU-v3Iha^E$XwRis)6b z+mFt%lGNv#>ULU~Z3OSRDsaNhM2mqQlMCh=E@=Yb@4x>!(xAKti4I{M<}L}tgUM)BjiOV(~MFb&ps(@=BJv8w4Y2C`q#5)-Xzh* zh_FKfGJqL}B%e-c!UW1UHX7y`9X`&!TtEN^e{)>+u+w?2usmQ9jrr&3Ygop@jBIhR z*}vM}-s#nqMleT8n^V(Ou^Etsh!7NLg(rM44otmpK4> zSBhR-dD@)Gbj&d1ay=-FJDrs3AKyRibMRg-8vHx)29I?l^T4wMaRU*Mn80=JPDuyq zEBR^hj(~hO;vILxGX1I*w7Ga;6AUv)+as-X!3QOd8RJOyBCDZ173vSYQ4!*I^4x6$ z10x%%iC$%}zFbmV#VdK=C;~lhgA8zMgASs(WdvC$`?=~@)BeVP|;PTVoiTIRfWygz`Y)ab2|OTT=u27X6+)e;&1Cr9%bjpLpH|e(au~js<VmQdi;-yIrEc|TKUhd9tTHUP5a!5G^``6z;0ep3MbZtu6?oh?C zn`}UYECK2VezoUjmX#OsJE+T3)?vS})x0$(w{|CMgp+J)2-}RD=klnb)%5GVF|`JJ zdqzX$?FW{}dijpFM_i+8l_tJ@I_pfmhDaw_K>=B=Hi@K2^ig6;K^9~UDnvyAW>#HBLE}rtt4?JXGRgPO5V&d0G(k6I{+Myt- zXBjn#r^hY($#l^jq~j!gqUv+2SZ z$v#4f8bZ5{JJ%Yw^4zMlZXPz}Ffp1FxiX2-=}&jEIHqYDPcxEDd!CyTL!?H~vqf>R znKE(CdsSbd5sBhnDbXjn)J?Qd&m+2T4o?i(JeGqqSz>8<8B$V>t3Ix+m?zAMO|IS9aQuu(A5uN#EoS3P)farj$dQT!#z)umuT9gnT{Oit&BMmL=Nuo(rZqo5>K^+~z<5FSn<)U`E#R zA~nfJk$}!eQ&$(<$)j!`B0EzGk8A%5mcc6zIO^6M| zaU(|OcI;xk4^6X-X~KJkD9iJGO#o&cP6%T$+7Y?iETD8Xy9TcYiED2?+@UN4;vvHi*&A6RMqCS zi4g-7ld_&MR-bb3(Bkd28#~EvKG_likB&!CU8mZhw$tLi(-CA=VU46`ImH~rv!arD zVc2#e(1oc-$7yYYRNh2i^&q5^y3!(twI!OtI+CoYCvbvR!RPdABYTkCcS512y^ zg^qm><676(IJ*{&l~rTTaro4TsdIj&+IY-sB9$0yatQaYF1@)I*OPfs2nKmzI^)`r ztTrS5$W1}vibP%BY;3FtBMc88m3!BTt|ajOk*CXM(An;c7GS3bjC%Frrc$xdZ4N2* z?LFd=qE%@CA2HyA--_pkv2Qip@i8UvK6BjE^O?#f+Ui?$=ZTAiZ0XHqavOjmWL$0g)jLIC?fJ3t*Od3udI8QPkgc4(EEB+nS` zYp>AZd8`#rnR9Re1u>jfkzK_p9etgg5=@&QKt?h;X1b_uG~GH0FWMAal{_dI1XYPM zhqu=*^*f8G<#>&}neE8ufm~OJwwtScD`(9i_38AaXsmHQCR=Y0{hr(_#?u|SbAiQG z({HYA5oKUf2?$J;&PnKK9nsn%-xOB2j9d^w&TtJ;*1SfRI+9MQ8_0@0#5{m#X^WX$ zheGkzv#4tJkwk(M<{ToNhmYw@_>C0v_=e9_nn072h=${}J%FHl?03+3V_Ce>Qh992 zoM5Vf%Y8FW9}iLIhE?-?;sZ#8-~&m?4MVxY_?yF)ItBAwLm+3Ag6q7TeFtjAx|0wY zV_)4=%3X)ZZs^`sqT5Wd9G+P9>r=~m={$^%?JFDreJUfloRzdHYFD$)=&XkszyhbA zP10bJ(j7imY{DK;!|uu43fRJ1oi>xFOtw=`CBm|SkfihYR_}&&WxBgK7cJ9dOj8_=3>IMj|lY9a4a7S7IrFUW$bhrdDBPSKTX=w4P zmXJvU432*70%KuTOW}Y#tmk$*R{pCNme8F;Ok|5tJ6E3g9Z$7YjFZ&S(e<0Cq%8!Z zH^JQb>O0q=Xg(^qSg!5mxk%%9*-Ljkbg4CqIB6}6h|@CeeaG*2tXUS0L?0*Nm zJhR_u`klp;QmjLjl}_KpSEhKYz_$1ILK_*9*4ND4xD4@{9IRI<=en1N6G|=RFqETU zJ~6ty*ThmTpp9zGcT-Hw#T>?;q`kaGJHA5x^#Rfsk}Kd>RadDGsSxqz>iSSt`Y@?HB}rc;}nMEc?P56E2}74*4F3vh&XO* zBTcnUVTH8B8CdUzG}jU$sBNVQ;ZM}l zQL)bCbQji>$ZqWINHMDI^AWNu$?UZKM&DUmIHG4(C8U{&BR=2ZOiC>E$+Wwag>L1y zRA$EF005t*d3TA@GRRorvNfvw zkt+cqspPSw9;atvsA=}FgtAzjit<7B>sf!=0I`ob49BtgjbkpyMKogScW(oWIiW14 z=3I>PS7FoS8ca7QDZ3=EA1Uoo$Y^jn(YX>R+}lQY9qP@E<^83p7i#Sa^elT;iC75c zyt&j4VuNL}^<&bhL#gVvkSsCCWlrwcQ6K!tSbC@OLZsEmi!{U25OsSaO zPJn|#n57$-x{r?RtS;}ZZD+T-p8*I{z$f0hJzrUb+8gVq^9TegVE!~YlNg>Oed8;; ztNGi*s~?h!vS6%9R`jlyz?y=}jV0~r^L)b06l97`X>!iWUlTz!@>@k{<`ATBV~n4r zbKW4+*I$%aL|#X150j{-<6t3+!rG39EO%43(7!72k80#~4L?x(edF9<%3P3h_k}E`-a;garUIUjc(^oCp3wYjuNS&U9ma9XHpQt196@V({A-$e!V ziG)$fEkRt2^PMLCe+}u{+yErE7dHO@XEL6uGBbhiUPr0H8Bk@->rABQJQ(Y!x#2CQwNxp@PLHV>4N zaslg(Yu4qT!}eAe*Kck$Hjf(|V2tD5lXe*24*Xs4hL3Nm>QdW@b;vCUwu{TikdE2> zE343aPpAAu`wxsYeJ0Y|Sa?SDbyCrsV-+0Z2 zM&_zDduLnFWVN&0qvcN7tNN^RYF4e}0>}^%liwfXOvTe>t36v$@OOhn<@JKhhCq>W z4;dN$oc(JqJLq+1j{gAc#uSt13!l51Mv#q;o*PS9V=DIXmkbLwI||df@n!9vn?9C~ zuv(LbRUKB8qjJv_)U;!&-I;CRWL7^mI)UrOdLM@TIxKJ2Rk)N!BH87ix=&pFYCV`a zbR_YghqO&^P_xucxQ|haAsKW(>oL$DTB8??bZ-yoiKc3B#rAZUcHlrMoMxe`1S)Yday zqVJ3z3lcxi?_($4S(DP`8&dPK3&1kOfrhj4$=8Ng}LK)pQ*{;r5)5{hlnN zc}ar`b1518`d6L!pT>ITt*Bce)8dOobY?OW^Qk=n?^;1>Wh!SseWPl3`b3uY$uIVN zq(sgaAm_2Hxc(E*s@S%d7TD+WLivjyQO9c36m7Zhei-m=-+=T9blceBo>$)G)a0lg z@DChUncdt+;zySANKxfPOhQe)={SVD9)aQgJ^U$W7O!;n&ZSP}2MkZE0bF*E@mIuy z#j(L@cN`jh!x$u7oR!Q!o4$D(DfMN zvA2o|QWZgxd-KqKHKKP8WMX(v;TEIgUlLDjmd4i9$A^|e6&EI_)_xDc;48UiT|!&6 zw{}>M8-4MPw8)hD6+AI_D7?E%wO9imlMRr=*0wG+D?2;*7WHFfGLJ3apdfVSgC2Bg z-guoPu~a5CvO>=pAPv7m=~!>#c(pwy=K9V-dZBo9Y~u&5OI?V&FtpDb*xbA@%NLZ+ z%7iZ^PCM76>Ss%y*3ZqF7~`0ENXLqmF5^j%$Kf~AteuU;zuBK92yBP?8sR6>btksF znV>U7l7%b}0G^-7{#9w*>8G)`;d=?;lv~?EJo%fPagTcD{8iy=(RXt^nvnZRVs^JA zH8ReV!SO4#nAFv7E~6YAagoxrX4GT5y1S0d6k{P>qnuDomCq3Iu8XW*+%&fOg!@C` z<3abU=k0GzzgzXRTY28$h*5!zbJl}CMtxu4-v`*oEtIW$9n`3(NM5_Kl0OcW>zdxL zpj#kmZSCz<4(zJrk@%l#0aIt1XkI$-)y}yLP+EB`@3h>7DsT@*&r0;45_p$QEppb5 zXS0vx!oKat*ENi!%jITmrl}0}aD|nv;d8LFX9B$MUa*r=FiQLuYn# zfAFj|XVgkdtW7ST8y%>rl|1wHtu0r>gG)$lVInwHzFaQeYgH7?MvR!4(09eExLcfR{YvttUq1utetCqw9MBTBaL^ob^|bk=r98=Q~2 zr>Pasc;tA0Qop*p(x;7M3cqJ6pqT*ZPr2mO$~G!7=#Ex>Z&%TD^t`^e650XEy7J(9 zdi1X<)ci)?BAq|dR>skZ*o0sK^sJ`(8pbDkr)xS_h4k4TSk&qg#6`c&g=QViahJ=e zc(PI+@<`-h1B7$IJ=FH7i`1D$$EJ8kz;Wo>g_KZONph%%&yr8P*&lf4>s=Sb4~p71 zf;5Xw1`8P9S(JyBys?ijIOP2+t`g`$>0SfWw676qT5hGLfx8>ajtC>tq4DR!eG|o+ zUcYyxY3~NGVhkdL+$jXK*2!RXI?@wlQB|=~{N9 zERgA#iq&HS%t8QFAbsvX8cmnX%;@%294Ys)TG>|++! z0~t7PLra#%QbuN{bA5f~+FD3J$ZVeYq|-FnqrE9Jmzj?5%dn(lDKoBxZkqPqGLlCF zHdy1JuUNeC9M=9GmrRQJlF12|8@7z&8ON^_$X92MABYzzrQcdv-1(6?$uE)^k9w)# z-BKB*Q#8m!6T6N9qQ>bR6x!yEX>la7TePS%xE?nTYV-d9?cqJt>!d_{lEmjd1r`en zBkGggL2+>-d1wNtRO)Npd@S#2Y-41Qu^{lh{pz5KjBa;2u9)mpe-S~eX$HkEiQ+tf3tMi5h2DK zV&vfQ%}ISEnq8!k+xe4RV32Xvux!Qdc^0N_@4S||m`ELpr~?~u+PV!rO^vh>L|J8! z zB;%_4{*_C@m%7HKr@?PBh^}Rjs>;U&MO+Xg%DhwIRM54SjieWWq&uBD?k2ta!>Ma` z;fq-!y^hyWE#;lfOjpN#Dc7}2oAirQj^fH?Cu$Lmy!5M7`xVN|_8MHXK^)#; zK)m(CW7f6xPY7Gz=rC%LYH+Q}F(hOhf!L3FEFwP%Ey~L1sGdk%WOqMG>hG>(M~!Eb ze1CWx^lEXHgj&)kwbUFdLa;`8ZOfL(t;?gw7CFDAy$uoc;>LLptOq1P?_W2 z<#3(0^U11%G=z^awDB~H_M0oX5I`L4e_q4!uG>!yac};cIf5n_`G@+kSImyc%c08a z`flq<*2eT_1QtF0tBmmHfvqp+-6Z}?7uh6u`Hp*v%2h_@k?vNW7x3SL?Tw?xw^ErJ zFtYvUIOsXqmQ=h~P7lNrVaNDuK9mQYN{9hlCZPq`X(EY)T8f(mFllbkx|Z)S?f@R4xFmXt(lNH8ZpYIe71S=)!|k(+c_eixQO540sQ0S6%=Z@7qIebO z4B!=2&OPeFz*;wG>n=$$n;6%c;iU^Ve*XInV@~jOY8?5y@fUAYXpC!PsQ&Jgq<%k)sqTJUO>DM^ z1c-?e;fc>t=qj@5bLu7tZD5eIwg3YKedsggdlofKA@u7>P_r|6WOc?Lx9eZN{{Zk# zpW7o#PlG!D0K$(MB1fxf)*{Z<;3|wAaFY8{%HM@Xy7*F}BjItcba99p~o4n$UcWRA&VUE4DqzgQ3i5I;MYm3U)bJ3970UGsdZ$3$t2LJ zX4@k0)h=g5X&Acxlc>dY9>h@z1oX~5s-2de@mgNXG=5SPD!K08=QR#RHDemjRb2+w z{=@wq6}XH-UmUj}=k%^a?RN1^H0vt6$H^dY{i;d1v0<&GkVwE~@KM5^2sCN>d&_eq zv0BOGsLtg8j(Zxo$EgyTbIXzfW!|F=kO<^frjYlyXg62%L_J&q>o~yq;^=pq+UO=5Rqh#dUT@2%$umQ(;ZLBi0@b%l@2o%sKbWHj5JG%k45O(~ZP`85tt7ZuJCR&|A13xY zD{o_sxZoNDdQO`K(O2D#%Y(__S52xJBhnf>d7fD@_W{Nz1BlbNTDnPauIf(O?R6;P zxQ5lR9y5}pj)s6Zw1!cAA!ysl&Nu%6dYgF!%F1JnisTR|1F^Kb&h5+<_Wdi4)*Rim z(b~3$0dz4!5h(dW*I!Y8>Cl*7~PKMyw6_n z4VIsAs95Z2VBQRDryS?5MPD(cy9!{6D?@2?eDSjcG2oASh6qzxgng0{-cpf(Ju3Nb zWpgqQ4Non)UEJF>q>u9yVfTHFb(&LHz*5M--e(x&<*AZlAn^pe$Rd544n9`qxVaij z+j#*CCftr|ATQ~6@1j{5A&DcD{{R=IXWeRdOv!&BGN$dUNT6n(lQLb~%Eo=NF(U+E zVyMHW!!#GB%Gu@A0VEOF4CjgpjI34D?cUv^X+e3A=V{{xy*J_w_x6{77R*N@#$F;_ zS1l3tKAq3fiyC`Qi18~M8>nMezH^N72Ly_V$;7oFvF*p zc=n8z7{RMHSBCRTpLr#tKQOU9N4}T#k9G-U!v+*6qdA!8gXheR0yN521@kb#}>NX1Bs}%&KH0 z4%O##__O;H8-P`HgXOFo7QW(`^xktGe4 z1n{3qENqx~>RT;+?UMH1%2tE`8B`pw7|+(WG=C1+-q>4tCM%aKjkx7G^sTu<&gV_3 z#@-y!F6}KLfKKaz%%JTbk4o@3G?{g)mnJgX-)SXyr75dexKll|!9EJpw2Ql2>22Vi zc+(u5WLDn0CxkBVt#v7_t*4e5mMy7=@|ch_{HvBy>~+SPN54Y=yR^2rK^%~*W6Qz- zMh8wSiPdGcvze|ZUoBMgpW>{p5?WaKgU9|S)AfCB?QAT(yET-k9ZLQ+%G=Fu&|+r! zfyi8Tret(5%&QD2k*cP8)b^S@(pNB*1T~yj_g{HX#o5F4!IO~r}VmG9JGR|0{JDGu8 zlhcau%b2FOoF&A}?(TN(IVY3FWhJR>k(=~256y*R9(B2V6}30cRppiLHBZdjh`J;BaPKSVV+6%trX08dLD`J-@IQWBc8%u5Adx{rFbB0(xUkbAiR_j&Uo0GZ z98fcjgHAF=^MDK^ARP6oYi##nni6n;p-^#}b`dA`74^NWS2@Zd0hc)@k@VZi%QR|G zM!SwjTCP{I5rvGewq06zQL@K|KR42}?X?HD676DGuwW0RNoPTCs4VvTnqwQ500KD0 zBPBk4S2sz(XS-aBvGT{{{R})&M`N%>Hh$<;Feo4=0sHEAI_VkTDF~J z&wBD*$_pLD4hDGX=|L_wDr;9s{gT%<`(93=bIGnhNY^HkJBZ|oyzBxw>G)ETxQ&Yu zE}tXn(Z=m?yk&Setvk!Pyh@7No#e7vBZX+)vya2@tSodRQ(4pWOFbJ*vyI{tCQN)} zfsQ%)S1e^{^yy8yc~Xp?M-`-Fshrt^Kih61wMcE=>Dkpt1F`R2DAA-<3wT``J`7}I zZ`4+Xb}{uUyPIov7E(M;qyRwR4D_x;QJ(WqzP7nJdE+1scpT6NTP57#6elDOd(*Vt z22V9^E*5C_HW$)>v9EfO*lLhMw-Na=kf?<6YofjI(bQ~aS3f8nIup$TD(Tv4TL-r> ztd7nOO5~^>mAm2#mD0Q~s6k~Riv93e!TX?pk@-})TSC-NoNt+~iIon56MY`5E5YUnTyAF3KR7$P}RMSu^QhZNf$vNJzqtjqO&ZCkA$L>7z<$ zbm1CDaM6I0R8W)_p0WStCQR5Tmga(jPNC?_7)QdRl5T zAPUS^rf_jmSxcwt7E#90lFSBobR*h=)UI?ldS$hqjpW$dt23}{^x5lHG>?Z8>lPQ< zq7_SMwzntmWaEkpIWH1H{hMcZ6fJ8N%KU?Q`^LI23-~)uhr)N)_nL#zZeX4c?z`8;KoG?0wH#%2K!;*NCk=OEeJN6$QaYav+t{V#FM6M8w_}VqIn7o0gW&%Fwohqu z1-=mcpko|X=~&IP=1&^<4^q?Qo@nga>e+xFAkN>dXM8^J%*OI9Li}9X+o?NY3$?h& z=h*Q>LyVt8-Zd{2*?4;yB?i?zd1?SSQYu+-tvsCcTn#=YQOt~$Bz+io9Ty8R_ zg!~Vxc(En8miXA|gzQf*9YO4IUuEe(4fRhBX;vprD{~$cxib9SD;9@xuC1fS_%I6I4E5wBLv<~7-O7CMi;^rQ&jw2PI#4GhtRa7t}rGr{Rz(cq65 z=$4RNX!r9&1ckwgf$M?DKj*ao+0J}T)$XnIEl0%GQ3q6)%Wb*OmyU7xSIp5*t21`xC&zcyH7o783M`0gJc!OEgHBSm@I#iI^EQ+dQD5G?YIQhHwHNr8}?UY8Uu|&D^ z6pWVoRSM|i@AX|>=X0ss%59Oh#~B=L{#D!svD8`#^r*#@5kj(DM&~&r0PW}0jwl*s z*|nWFO40QT$!4~IM!*g1cO2)Z*pOvGV$IGy ztDQ|_QfsC~Ddv(h)MwU%CmS1AcP7O~q8H4$jW;R|=DZKZnp@s)yp?}*Glnso@M|eB zyGNGlcGgx`5knLUwZ3;KJNwpdpJN@iy*8y`aLE2v7iWHq)X=mRq@}lZ+n?)`Nk+zzk=$H(2IEtOE~h_bv$87F zI2d3F#w*Y6^r3CyF?Zp+$=vQSMpS3(pURF@YOH%Fh5T2jcu!17b!(Zfm@#5iNhFik z73liMjw10Mj=Bz;b!NBM5cyNA%oGGCuQd{fVxreW^Zx5qx$tj}MC(4EJXTkGBt|TX z=nv{Sue#&-@1xxKO2pVnZ2G93r6GRlTo0G|)bbCRmu|1@yia73>#u8THl&zi@f>-zryi1qIZrj6m-OJON*_3S=qi0Dppk?mb~hSul9T2_pb>e1?2{nBr^ z3Qz7&L;3nsQMf6V{72(Bw9C6il_D{~ya0CwJ6WlYKwO>8 zo^nC=tzv|6cfL2)bjw>U8puus%%Dl-@y0o9{uR_uG*=dK-RhED`D+jE&~giV=9rp1 z^4S{WQjL`qTK3!bu~hthVvVN8lENUhm5gxBA;Ry+Kz(_jmrP_jJ+o-mT4Toq*6RQY z&HOx8O@wy3R8m^Rp%Hola)oyJ ze1M0iO2xBudN!XW+Uc-bM$L$nD9=m^ax3c-+vyf^$pe-d^kbg+rwz@vHRKRz&v722 zlGD9mvt$UUzqMJbDnCM({$ZVYwO=E zB*Do{^&Zp}8FwSoZ!at_t&%vvmCg=ZZau|%l$u2MHnUHBim$W> zs&whEC5cgSxUoGbgD|=BRorQ)>e64N#^TjE-=DkhUen+<+jj(rVw>+O()VRyJ z?%KAKKCx=h-4wZm$MXj~ZN+4GZ^4#VjF1=<*+A;sLj}Ok116M>x$I&5QL)l2U`TZp zmL2TTp;ML4I#z%=TB(@dQ^PN{v2Aavn@d4yG_JwOO}mD9KaU*O&6@uJ#BEh> z?qSpJB(%Ite53e>sjIQPV{?d~#Cp!D<=Dq;*VmIc45PaqGhbr-B=EMQ;4L1;JxRlA zk`o}0s7&@g^^}oPjgG6ua=~e9JS{wN&g{YBPvQQR@$ZSt&#bM5wY;nXmom5A1N&)5k3Hu%N?rY<|xL@@*PD6mk`t4iZIE;e@aVbzfCymHq&fnJ4go&&qIpT z>x52&Mz_A#$%b}N0QuOS9Al@}y-UOY01ukcppgV+oboe}t3h7O=yjh7UfMfdMF@L! zUfcjhXm|i>SGQ2w$!9y<%=n5H9J$UopobeDPOsT~Ibg@c%@&x7H!zd{!1@gO*Ux?^ z@kRE#;{?~d9cZG?!~kSdyJ;Bw4{C%ZD{5nETF$Mh+Ugpb5l69;_l0G-3@TrJ;) z^zC9a)K)`vbnSs24itLR=O$7+&xf89z0q~(bqVaDw}LbBusLRL;X83%f5h!qThW%w zP_na2jbqDVjUnX}liHs)wkju>_+d39g6mPdnl~~&6+r=)x#GP_(!nk?;Pb`g#@ws0 zJ!#k(%e*jlRWi`}R1FBIs zX(V&5aB$hnRP(c)#hW_BuxXG4m7Qt~*n_8fLQ^rQa)tB_-gF-6-TL$60MVY8MuohM}pnQJ_0_l2m7m z*Ae3lLTiinwbO3A_YHvf;E!BU%EHG@;rpxmBv_P4kGF58Mk}b&@2n@u-)57ATrH5;Pk*z>s8KW%=RbHW{kn*GQXMt zBxj{w)vxSrt>!8bU9d1)4fs;$B5AgAD>$Aqh~&iFWE$(dJ>g9=PnJDe>r{ZTa)K#W z?hJ6i{&i56mNbhwzYzGM#^X@G(e${?*ATbMF+;V-s5OaYsZR5>GLnkG067>wqO8?3 zytcBsHqVQhBtpaz+?-U_cMoR`; z&&#RWm?W}jWP68gxg9Z6DOi)T&~zyD`xzLlvu_2F8Abuccz=nRhN*Iy^03(mGg%tL zt21K{DhVd}yDvQ}TGd);9X9dM5;+x6T9#L_@a^5@^s-1}TQyDnIn8NZcxK&kEuaW< zlk(%AdekgvL95?eM-8W$xg#GbE63qo8P{zs;8Qcs(!L9A86SY6#7aGf&3Qb~DX>%X zkPb!&9`%o|T}cbuD?ry*4%-~A0A4zu^WLy(#%2oXa^K&5l3}rX7UnaQzlgsSbsrV$8ujj_eRHYZ%Q#a~&cOM0)AvjcoqBuM;J%l2Esu?KON)EENfsGA^~fZk82+Y{O3p0W zFh4-$@j`g6TVnz=lFJea0*nWJqda|UW=r#;ptQe9lH+((7~pYV3tp9*)YsYA>~yab z!9AMV+_}t-6JTDTcg;E$rQ*&O4wda#knKEz*Zx0)$D^+$^sIT@&9V<2xOLm?bzztXxQ>|rz!?~t@J zN4PNZK+u;q!O%&zi-Sl z+=|M_R3Af|)!ili>?$2_agO!n+KtV{yQ9dVP`4nr0)(z-QeBQ`T=OsO+2FHeF_OW6 z&NE(Q#nIjdAzLSk)-kcmDU(GF{1RK3WHCU;Kkrw$_*xZP8Rp($UN>()d*~}@M9I6E zI;F*om(ay-z%vYB^dwOuq)4(5(QMC8;;m6}jkh_CcKYb~7qFX!AdiHT zc4K6AUbrI%AJVwnj}%{MnxV57GkvU~$wxTYc&v=&B(8Eg<4-KDeIvH^z}m-vK9yfg z(?7LC$1l!|c?;8u+9ne_9Y4dC7P7%Ssirs53ZmfL(z zOtGmsX5%C4Nyx%-(9YDSluII!w*-afJbKqXCXpr3l3na2+uOb>OpZ!y$9$HdS)XAf z6O7~A@vi$rWNUKwYTyHa2T?(^7KYPA)1|{icK{1*^%coOq*&Zt%)8lTDZ=NzdQeej zZ8X~31x>;bae{fQ>m4`Cm^5s-Eyg)Gpbh)`D};gkrDr(p)YlDVZ#~`YGEQYwLy|j! z4|)XSbKJEJ8rJ^+LAP63Av1{go!A&7)7H3cH^VlwTC+_g(@(sB!=`GLx{Hw=!uUf^ zpG}U<%gCz2MkEfP=C^FczMpE)EAfq>xT?>Qs-W&UCO?bu;8WEh4pTdFI^b2!sZE)O|h00-U;A!tc1IEx>!JrM5=H}=|K{gLu*ZvC33eBqaZm1*6s9G z#S(XsEuaT$I9{KH1w``uxh`6H&9t6+=NMXu+23jQ_L`iE(A$?P2pp;7{AjVQF_(&$ zOsws(0nYDQt#hftZzLA>jwC0I%RuCM&%@0pP1Y^066)z@xeuH$$vOW33hH&O2I0e6 z#XFd|2p5bGYG!AYYI^kE9@Jk=E?RC2DHyHoH^tX_q!VfFX2vkTBj-4zIHLmQ2`{eE z<(qeGW2fU@!|?k=w~o#@qKy_5VGu0c592{`iPUO(ovxYUE4?frlgd`x^JM3rijF-E(HC!A-k1=#al@Je1uko>*B#=RH8_kJGIEkCp`^wk!Qj2mQ|PT~$Z z`qjo{@?T?^gIBZE<+_SVR6@IofPU}cS(07b+rnNTd*u67Ig#wy#@|Uhz*;12@8ACb zuT}gp;vFwVxzrO?(-QV)jiZQ2jBiv_74HsQ^8ULT1p?^fxZkvR-hWF9Cd*_lvj3l^z)d-lUL zFZUuNh4nSpHo2zTXf3D8vI$j-C?IWN$5Z*xK3yzu_t!Ap!)-Kh@5#X!A1JPORMX2x zEb&6`AW}gc{iq^H=HSvEIpk#YuRw!Lx3<$^wS-3C^DLduwFIM^)-)#5o#oS< z%Krd-ZSVB0eOJV{3uB~0ipwyJE94$qpXrJ$Upa0#ueA*tZ$4$Wk;ys7Po-w*+H6{V z)E5k&Xp{q&rDQm(?sSHGi`b{O45=Fob?scr>4q)*D|G~p)FxLcX|7Ld%`FJ?me>{w}kEHiG=57aIzz6UOgq+Qv?2K`PsGFxbV; z?4I?54b7|SQCnY66e#VEy;s-us!_R&q-l6|7$Ug5irJgX++6e2*Jm}h`%!j*q-ehW zN8PCkvy#W5Ap?PBU752?U!C` zdvFQKE9qD4U`;j|Ild;T9;jW9IGk z6_2lJr$&)vwnPf@0rK!0ny9jgJU`+~32v@*%g493`SHEZLf30O&W@UV&1~@8IT$4m z7_Ai09&M|5a9(Y>fmA6Qg9FINV^x>Kt>usvk=1$6rA(R=xz1b1dueiGmL_Nug$Mc9 zO{3l-yr@Xr-*=9cn9H}uKeg!gQ;E;oCJE*aKlI?4#ji&H(`O zYdIrWNZ;_}V_5qI(=>l{7CkXr9}v7DY2wX8!&;5R#zfQOXw`G~f$V*8Qyt4}@-0hF zdnUPx$d`nkGI|e6!J5(AO1ia~U7kV$oc+;Sr*bCx8Zqe5*=W$l!Bu(#+}EGQ;d$-# z;Vco`iwRWc3-dF2(-$%9HWAwC7G6|REOHUGxcjwRP1j!OZ){^Qyh*tkk2{C-s<97q zpVgb~w$RvE!{jn97Xtv+MuVhkHg0Y&;6#v&am@}k5!X$0BD9dk5OKEzXC}Dmgo>>a z7uzFlZgE*S8gpn~j#o{Q+%qxh^B$GiLk*m^D-uYrGxfpA#Zp!!$e&Nqq=neT#e$G? zx20F{2B!o!1Wz=6bDVS4sghEgOKEf_)JsM!*y9-)Z^F3vwCDx1x(}IhMmy4Iq|Bzi zyVI=>qiG19SmYlg_ZjE<*VjG|(`}iD&kxBJf_<7{$zpioywkz5#TKU=w-d+ajBQ{#A6jF% z>h}H`n^*A_&X_MP@UeyrA3JmFiuO+#crL@ix^yu~s9EaLeVt@8#mEeMP&Rn=m(6nc zD&6+?6_eu&rGc#=SlQ8lEsl1Y3}j1T_N(1G_R7m_Z1E4gc+ag~(rmn$5H-M7L7V~9 z&}G!l*JQu9nTF+>EN6qrtS<=bw-4fY;*o8h)MXw&;#2BPCRz19hofE3C);${U0Gu# zp(7xSb^NQ%{6Y43l1M|Wt+=^C*ygdZqLq(2yVb7cXzc_e%iVqfTZjAyND24ZzF=`h746WvBy+7%meI5_QGx5mZ1@jr#FHBBE& zvzG4Ka_j&K?H8c>b53#UZxiObT~6sz+=D&3t_#M?f<1_@Qt-IBy1TS8s7O~YoO4+Y z-45r(_KT_9Mf=kvxW-hFNcG~mU2jo>SBp;#q)VwoUe#{ zHF<7^M-Mbi`~Y|Wn(y>K1lbrY%yVukpzUA>G|JH#o-njgV|Qx==^URjvVok8RXsn( zce-AIrRgx)7-Cq;5sZ`Gg3~->RkOL)ro6hnc{hen{*MuRBW!him0s_yqe< zSF<~Vt;4KnQ^zg1bRRFv(zt&VTWOjej|8^mVMhQAo&oPb`3pAI65MGeW059Tj5=rT zla4FTZgk7*>v=4%VumfOMnAkMBqp^q^*;<+>N-`mq)hNl7{d;s$Mme|{2FcT(iFCh zP$71~``D&SG2*d}epsZ~6XwVxBL}s0SDMYft!j~y@=S^lvmThMawNdNv>JpTWR^5^ zblbw@@&5qot~PxF!%el8D4|riL%Z12jY`Lj{6~hvSMc0+SJ0VfTa2;}c;g58*OS|7 z7FrgGbEevdTlq4GG4iTo9X~oov3ed)J&e&ZO>}qTpOg>*to+;F>XF=-;3%uHnTIOB z;YqQdV|X{i_NPwK&5A?z6lHb5z+><0&3jg<<9`TfT1Kq;_PJ@N&1!-6oc{21z^nlC z*;*ZAQnb{xyU1HgcuVJJbBupq&ZzjGPe<_hw6lr}yUC>687s>kmM#OmkFQggMl+NtS~J*?t;!v0gf#*u+LK{)(6)ecDZ&0+~G{4aOqOw-%C zZ3AXQ{{V$}^{%G`2_>9x$Ni~4$r6#y>~yW;v6hO zSEfs&L2qj%<@AwxK4D#?{p@w7V=eS5>lS)nh&0HpVYjtJjD`~+0hD8*^%dnB&xfxq z?iKV|WLUOgfp5Hilp06O;I3?MuXQ~mLb`HNc{a4K_g21$(Yz`D00{ntYZlg)*ttmL zZ@fUq_|j;jrqe7w({mo595KB6vJs9005gJp@n0Ol;$2oB9|>;bYpW4)EKL-Aq*!h@ zd*D>s#K`qsdi^hNEtgLR?4<_oF^1#+0Iyj(j+-U#hVEjPDPvzbSWXAsBehIz)O@`T zCspv~j{0)yv6$f7h{<=!m5*>eD%={ zOPNRvt@l)81P{ygHRcm*8o;|t%NXsYw28N}kavT}L+Mb+DtMdXEL!A{Y5xFcp2le- z*>FSUWnsx<@6BrbHn-BQHS2#iZK(?qQB!by4un<`nQ@Wd>b81*rGI%85l3wrl2?(E zIq6|T8KiWVo)XbMBuVy2;nOtzK*U7SNI%w)I0GFHYtB3s z@K?l9YmRl+cD1&Um}7|ijHCFgqAb=kN2K`nO*_JNmh)d~QNg?2EwGEa~O;^Q2O;yyCAt>B;dMzt6uc%{8&C*~Olta6{FTtXY3a{fED z)<3i1Q*xI%CBt+ecdu#qeR*ZB&wZ!CBHT`qh9ClVuT1)Otqo69wD4S46Ni-BM#_Fo z?SMsK_{UVxb$KlG?I9qww~iwOh#w`KXF2?HK-)5WH{qya+*L@01_nt#sjM%LJ{Y>z z?EDD^lO%9ymcC?@1$?v4d$8;UEA%cfyE)GWcq7G{g3BGG0{R$ZF6<=1WgeRZNU8R?TW~RxxSw(T zD6&Jvb$f3A0Bc)m0F=ghfzCauAoPlk5jw0k}%R2AhG#JU~9{@KNH?+m#0b4qWd&~x&TSr)2(P)Xz4sL{kfzKPCa1_ z)4l{UZ5bZIw3ko|bunn7m5TG`E_VL__2}{>&xI0e*&>=%Qb{Ta73N_qc6&`)S#Z}9tK<&&_NC4>KIU{W zTSU?Maeb`GC{yk3Yg@#g8MQi8_YQu~k}#@pI(5xVq*7NhycMl3i3FNI+E3VWSVy>! z$JFH2jZek)8r99koXX$X81nqAZTYzb`_!U+n>b$y_&-XUSGnloR-&vUBST4|bgpt^muHy(GIi-wS6q2oB< zab8j3t!u^hTD|q9<;)j={{X5gHtxahKPsSyKFc1>Thxm!Edqwc9 zGipk(A|V^EPM0NlZTZ9J(vn?EQPOQ*9XVx^UB#3!IA%Q1W^MROOVu^h zypvIeX(Wy_xiOBt$LC%P@fX5B@Q&&?Y;74QWenT6C_7e)M%2zLz!#0D_^QtSOL zBa-K%Fu@h}m5#ag*dJ4p?9ABncjuw0XG-%tm&KP?+P&1;$TK7*%9UKG@6CCfSI|!+ z&|Wh@*~EK~-l;N{=035gM`V#hFPOtWC<8gG7Li%~j9-g$E!W-v_5gLoOr>K9E~Tw6 zP>S+nB#NqvKqzanx$!24r|Hu{cVvk)k`0cHgXxTSrx^l^G_+qEd^Lg{M$c2Rww##3 zCTK%Hndr6Vb3@_XQ&+vdis9|;SOT$#wyO;E$3a>tni^w$^Nbytslg_}c1jk^FY?9<|~dqofIrwKK?AxdmfEo^#XkuTJ=N;Y;g318LeVo7hWn zIddS4jqEYNIX_x=RyOF?Fn@0-o_`& z`HQzFt^uigiOBWa?QX+Rc<=4(*2XxO8x)a}JJ*hUN7t_P3Fg)2SBhCMsuXZ3t;fzc z;ogOJt48zdZw0gn3vzL|X9EM?y~9^~9XiGvc;t%e(NqvX;2&z$kDU2C##-K`;!hUa z+vt{8KV^V2yRs0c9AiDrGgZ9S?BKJ228=l#W=1oQLqduiUD?aWYd?rDyrA-VtB`r( zs%kz1)U6RAxQl(ra8-JbW;Hy9kb&!w=z3m}q6N$mU2F_?{{RzLoJDDP@`;jZFk1`8 zbBe-oHHzwWHuK2Hsz&!go!O~0>&vL8p6%FqSr`QLtU<2BZ?A2nnPf?%Gp<3w;|8+y zxaXHplICea2;lb zJ?1r5=XeLMJu6>I*JRZ1?Cs!<-yI2 ziQ&tC1jh!MVRIX_(Ux}3NmJPVl}=VA%Eb>5=_gbOr)*KFB=!}={hA#vMG&BE*#wd? zSjuKhyQp5mf3s{_2zIjPC_y>TdefI#)u6P4OosAdV1$tv`uWpzn-9FEznWbV#(?skn8 z)$Eq+vB;nR4%O>dkM6d#@fp!MbUj=S)gm=vf(-Ap5!=S=oNfE2yuZYL8Nb#p)#JG^ zBy$D?9<(MFF)fzr(&F|NaLEBV-g^B#YYuH!Skyd~Ln=mcMl;jiwSbQA!=%}mWR(Qc zmIIXyyEW<&>6&z{1dnYLti5tD4OrZWFA^JjR!dmXEx|u`x2Vl>tjP*Pdalvi$ea>> zQ%Qm4-XQS}ytgu2rt*McNNj?8)^~3PbF_QbRrI!(s8#nX zf^o4&N*u^5XgVj_Z_M|1vn`-F7+!+C3f|HQt{EQe#~AyeM<%8!>~Te{O_#$kuCyM* z%8mG02yMsRde@UTh;Q`^`KQ#T7c#trhE>1=HL8jtHFQgZv_JvuHqKJ{uHM&fc~j(dn$FeeA^FI-^MxtmgUI_*1NxwT!8NxI;C z(E`{7z3ciV{{Vt+e$nuFmq(XJ@g3}@?$>3TY?NfkxWfVI#Y>ilr%FoJKcg>(dcK~p zM}CbA7juyv#Chj{Fi8As+S`AaRih^do;r%+s5vv^Z`-5xaj^ZSz5w{U;efNVo5V3h zbsZI^QMAf{v5!5o&*p3V@;)i}2U+l6i~LXF&34)y4_S(786ykx0vLjG=m@OiyG2v% zdw0Pf6${%)pf{04s#vf=xqfL|+mCAc4*Jz~XStH@Nln{j@)tife0DmUgq&HtZEG_h zM76QBlG4`n+)E@ZaKvPj>TB4owGBH{SuHIk0pd`tkT^cI#YS4{DMd5Vz8q_j>0Tp) zPShXBvSi{yzbiL9AJg-%OT4hL)F*Xoks1XhHZFG>`h2>kmOPAI2DL|;>l#y8&f7!o z-M4WaYbVWFaU8@3&Ml17buygB&~@b~)HTv>^!Xv+IZ z!m|_Ji>r0BDGk4wxyDbgJ!_^WeAZ@$m*JFWhF2Q_Y~=Mm_0V2PsK(6_O)QrEG7m~+ z#OORRt`8vFYBKHl_NZgYTF~*I*yGWrmLyc;0PW6bB2qlc*HM&d+4FL&yI5!M3dE8- zMv3N<1d)I_^&a#XxZKpzq!yeRQ_ZW6+O>{GJ*2UPhDD2wdVIhfa*i&4_v40)h z$v2i3Z@Nw~n$5(_t}dGJNG_9=9545(&Yd^*ckf{(6pltY6{KU(&QUr@Zyxaph(6W9 zs4i|ADHWt*jH4$#YfI^1giSji5~Oj)_VKwpPEV<>%ftRR{{TQgZ-HTE<92hnRF{WGJf;w}!N)zK<~@x~AL#$R?$WMoU=lR(Q;6zjq^(Ly<;IF$msSBREmq_Z7;` zwp-IBt0FG$-D*i}*}q>aOONe#?C!?_hxk)8yJ&3utg<|f&mY4;CUnqwS2Fo?%&NzP z&wA04!pcMu2qKK_BXSN&_n^`;v4yM4J)BQ$kBLCQ2Z9Y&(r*(?(j$`is?D^>!Fn@$ zQ%EH4YiQmrw!DH=^CY$og@Q8k^saR3bEU+>d0tfCz(2!R?98Pu$5C}_XLF-S`=buH zAQAV+b6zE?*~FI)@e>*`=K`UjM^|!`T5KUzfmTp?&uZOgfi00hO{>!btxftJ3JTX` z@VX>fje_nRbI7b&ql0=F{JoMwWbsiqMo?D>>ySl;`1Oe36 zhEkE}lG)r?!5hv({HbPHn9PHoHXIlu>?q`i<$YbBv9@`J~EVA1gdV$6g)0 z{?v~5avlg`M=j}G+&5EM+d2TLF3x$!G#W-WIc3%^mRIwLQcgZm(z?qp7;1J_Le9c= zOM>CaBRC&Q4Wk~XU!z$~smpPyHO7UH`qpCK z-)k1O_Bv|@xiWmp-Pb(Uv8Qtu>~+#Y@mtvGQ$^+6C?K42N%gEh5PUP#ZSEnxj(ou` zB+oe?LHJW}9XTXXi@{egT|&<>m2;igz^OGIGJ7|`MUe>uIOjEyz0thM4W5r1%Ex{= zB=t4QTI<&uLOsGfuK>$qIpUgEFk^I&7D{d=dx%7ka=_;pu7^jtn_IQKp5oNRfQW2XH-hHSbUokU{=DRz)FAiKq8b&|UkpX?gV7IkXYoSr{GA|>EEtU&+ zS8y|hITaR-5xaD=DxP|bV2(~|ONz0ows6><3cIk!TA`;}U1}G1w&K;5B2wMHUcgfIL#JQG}S0euaU?kW9y$@jTG-iUI_K9>>|DO z<7rE?FB3Q;0CS&1UUmJUCF_N|V%taEJoltr5!q-T5YB})y^*y+Y`9K?*1cE6UNwr& z;eo`ENy@~iv&Z~5r|W|D=k2d6uJ+p5&UxVe zHP~MZt9E2)-P;+ic}Ueoofm{HlUcUDkx_|-g3G}h8~l+}b-1oAFGaa1co|&tSdK`w z_GlrR-tp|#8I^b}yyBNp)+Z>QOGx?ULYmyo$EqTeUbt%n(_TG_%vt#AeGO`OFHp79 z1@*Mo44aPhLO5R76b>;u=(S5(7;Kg`Z1IzVYs~z6;+u(lnf!bKJj1$z?VEUVh z9NtH;pbBc7Ob$<8@eR93o=voQ18X;~c&;5aORG&vWcx+5sE2}`2&0!vf;t;*S6$Y1 z)YZ}m(@03lYzS8lJCANENtk$s^X!)MtdpnA(f1hbiiU=D+AgqkZI;SdZ9ITFS6O+h z`PT4F4aRweJv3ojuqZXNl$a>?U{3)7rDW^p$ zZ3%G1?>PI^_7TtPTH|R;1g&cIbcLqg_kwDmfqspD$8#PnZmdFQJqoxrzo{ zuztYk{cFLDjYB!O<`z~YxWwQrNk`nWTdRCAmsWG zf6rQW1KVH3S5RrvNeX6Sq@F#i$S1eD)~;7jyS9-EKIIYt@}E&a9rlN*z4Tw$*Vs#V z<1VMRdE&br6T|vs@Z9~TXsx#W)xkTz&lHAv{xB@$XLk1t{3!yl3J` zA&bh=r54h@Fi6N1g)Xx@TP5Yz($V82bjPkK5_&zIycgPRa+`H%q>K`+pPx12TK<$5F8LrDz)~qZ!VaG1}5o|lk}$-W14X@?sb{$ z-9$hmX8K_M zMTFgntR3%SMMr2(@CnBtXRUkOK117DA@XHKQI4IxYLYXQx)~lKmRVqqC~lTG_mAC- z9R3x{%-7cOK@^dJ0R#=*2&UxCB67>&%>v^1H`t;9@w~Cl> z7pXOSMM>jkhIL?@j?;{QDVe^+dZxKF@LlNXExzW)+>WizIs9wB@VCef&A;Fw(!cuVwaF?m4M#cPFQiCd-tJ0a*@AzZF8^qY7G`x z;1*Fon5&Lik8*26P55hLr|ExZw?JKxuqU6$nyV0EY5o@bIW|a(6ls!o5!c+BBN19$ z1de24ykK%T^{A5rj`3~Iqpa!?%Q~jS;B7!S^u=lDFL`t4M21yB0LFMAcC5hMmqN9= zL2-2&0;C+Ct5)@Y3R-Gb?oJ&0 zdwW*)r=!~H7SP#VM;!Ly!yqFdWB&lvK-8}ED_;1I!&+_8(AC76u#5LlAman6CcM+c zUMJAQ+S{9ZldFJy&n)C^$j1VU4$PnXM&c{WX)P3(!u;9#R-MJo#EQu>FU*Ij=}yLS zjgL0_6fn;=OQ1OfXMig@8}BKk5q#lW)2&pICEIK3i0@W+n`B)8Jq1UvCFG*!;xZ6A z?dia%1Htv{RFUO}d1+UzeEY0hG+MN$nO%K|*0H$y(f_!+KS>$X?A2ijma@j5hWTm4*kJxBTJTsQ3@pz3}dz0&7*ls*|)ft|lnDU%nmtzn|eplNn~eblmf zu`0qDv$aPY``1;c-e~7Q@@|lwPAvZQzleX0M5Wl!@;?__YI2<>`$V<2ZIXkR81L8h zuF~(vy2O!K=~ob>)-a|Kh6ciUB9fnQIDZ#-r&<2bH8({vg!BoU0DOC&ZCIb zgx1RxSUL31O5)c{eJ@dgE$=Q6^g4%5{0*NT%>@Ghs|O))NQCWGyAvpXjL z0GV4o52a-&fyv%@qs6+ww9>UHWD!}h3JLq`j=!JsuMvmhXNt6+5o%WYZl!q|!9LfA z7zIuvCp*RS=dCK8fLpzE9tzl~?!>lSiq{{Y$YlADy9qYgNb>b}t!gu$!&vyya8W&l}ATaNMexj(Pbhn=o zZD+i-YjXbpXLKr?c~E^x^{)o;CC!$Hbv5pvAcOafJG%mM#O06Dvyuj#&#N>Dt*rhZ z-T0PSZm$@^vs?LT^3BFb1FuT+#?(Ah7#KR&Q}>@pVN=!Pn*IP@Ly|so}+M)3A*t%uqV1!BF+Q~FlHyewkzh#>uX&{QiH@6R@<%TUUGQd=qo!JN_QjB z^(pSIqlQM3*^)-thQJ+1HNR}LO&+3lc}XiB?O^#$Wpvt{Hq%bAxKNT6 zAOTp*ag_W)rr4ufC8fp5W*}tnOM3BMgYef#n@_ru?(*swZW&6Jeis<`^%WqIv>>)R z*|+;Zj@^#uU@$$+YS_(dXRS2x%o|5Ub=X^IW9y&8r2#0OP2$~d`Yl0z%;BxWZg5U> zPtdO-zpzPd?V|%MUjY2Xo@gm|GkJ?N`b|m6_!pBGTs2B97M56rF$t9S`v1tzyNlY1&SnkA0_0cW_R2p#g#Q zr|iy{YIHgp*z3CXnQdco+I;h{NcVMTBktF;!{Mmx-u4^o&6hDg!pt}r;Qs(BRop{>+LAgBbRF!9nB`p7hO>I-Q4%JaYQv zHfv=i#k^ifM-qP-1MgM^x=C(yyEw5RDjG&T6k@Y+>@Hr0SBo#~l31*-ZKj^)S5%0q zaG>#@P*v-DtWXw3;afEgn@ao&+9P2jn8Jpk)h7e+a5Wr>1kqA#yK_%-vF#s2^j=#$;WX*I-m8jQ$( z(EEdIU-qfR*xDLw8Wrb*th^1b>g#W%J;XM?UAkoMk%%KIJDSG$52kBgG?Q1+?yqiG z`6^*n8&u?9%o9tn$GON6%2a4snxTCHRj^x`)L9tai_C zpaOt&C%$TKgmf+8Vd7&RpDHc9sf;#umOhn*;^;1X4{Y%hw`vt_gf`LNBva)SQRDV< z>N3T|PuQlw@M*ACcDIcv( zs7*YRi%VN~g;?-Z@T1rCsb~(CKNC-*X;Nv0jEvtfXBowMhladCr_15FBAVLaZrJ>+ z2nfR-m4ud~Q94@*t~D!DV`{O-83%DEI2iS=kHVTFX>Ql8c{Hs645`o)=rQ!9OGlS@ ziKlNBTg5pqX>}+YnB;;_eAlgbgH>;bDHZ$|if)oU(Z-Ap--5|Pkf)Csd8&zL4#i>~rEacR@^K<4(mbu44gIz_7$1+T% zL*uWgtV-rHts^U{KIr5~m*!T+Lsv_wMv*E?j!#7#V>MBBWU~lId8!1BWq4X9;GO`j zC^Xs8RH<#>#ouxDt%!Ra*Mp;s-3V^xFpo45B#pwKYQN&3Z<^_&yfY+2k`GbSG#T?W zkDN7IYjHd7iR3xQPKKYL+O?h0k{{ej_Yn4DRn4W1xta7Xn|n06GuzxVHOL?%h9D^Q z0=g{^PrS0z?)9C1?Qa#3q%p^WR1SyMktd&PUNn;JCpI?EY|4f*3Sb;}KK136m%65@ za~+M{%u#Ncwyxf*?rCz4$EWyb!Jb3k>i4&H?&2{VN_g6Red)1kb3r%uEx>{eKhE>i1UiU0(*22?-z`52xpfTTLTR)32{QR&81CXI+KMecXCeQPgKQ;{9?jsPuSW6qdDZbYP;#+0F`?(C=s}*l7 zWxE<&>u>hS7?24em}8JXTEUF$~Z?>M0w2~u?d2EpE z*pR8oLFt5gR+6Z+$F7`kyq7h-4-10|EFTXXE zrPN2GYnrU`Siz;*#}dBfSr{A^PQtv8#!*BiT*?Bj0o-zPiqD+5Elk}d?Vj2jh)_%N z1GtQBZ1$)%dkJS*t`7HB9N>M@YM{*-!d*aZzGf|eF`U(nDtn1S#<^r1k)8!mr6hG% zb}MZXJaa)Ljf~@{6hobS$8Z?LPIu+<1cS%Iq5h9u>Z3W6AnfupDJ#z1FRBsHBoy z%Ce(#$lw~U4W+;_&9!pP$9l58q3GIIo3=ER4Y|o3D({G9c!0E2w~iM70G7Gr3W-ai z9B0t~09-9!NiQdpyUVwb6>rAAM);-R_(iqsazW-eCN@@>&<^UUOIw*3;2Uq(9OJ-Ut+j1;y`|2PXv2bsy8#0PKS|e z_vqV9cf#J_Wzk5+{wvM(OUZ8SCA6LV@ImC9k@PjOi;?6e>f=PzQ&Q6Jt}JyFiKADI z%H>Z`aa|lspq2!@lHYjy!Ut zbox}4CTT74fX6)7DI%8xH5p+X>(^Z zXogjjaG6d@I0x%rsJd>ZFSPh>Ne;-MHhZsQT=I`bY^GAw?%sBWYgiIXn|JeK4bg{n zIOKvjHT;DC0Ks*?W4QbQ05MobrDuOi6d1kG24#SyQM(}pzzztKI9Bb73^!W zI~=my-P3gQ723%lA0uUV3hbwCBI3sCNkA7WKwd^iuk@{Xx+4`GPJYi*npo$ywP7KQ zckNc8y}z@8*6$`F2`2!Bt53P1TS1B&$>w(7ETy-TpSlPC0IIC`zgaIFHn;*69ZATl zGn9IqC)ydDq;e;&-omTJEb=wPWSzTtzvlmeF>5cm>hF!!L$8be*$cY3- zSi+~x$?j`LV&h|HMT^gNM|Di(#qXLQaZZ@S-6 zS+>*tspNS#`CE?F=mi1I(9CJ>uI>yw3ab6m1zBsav4)CIG?w6Fr36YxSEZ_4!5D=` zILFqy3*Bm6Iy4cYOE0$>;)60h8h4fDym7Kaf_dxhR{Tk;$*4yU*`&mwhV8u$DrF!! ztKCuv?Ajs6b+k=i5BsHb6b6>Xk7+lHEVl3=GKcOtpf zj^kH(lm@lLrBFV2PHY-PZf%X$ogwpMLQXmy`&T`49mS;07NfK}x6E_5*9d9=t-;CaoqX? zLWXp-l6^+jFyss|IU|9CS{6Pe(RBNntmk;Yw8DmnC?35{La1+R=w#f_ZFbX2#59ag zE5;3QH@DwpkaFR}bpoZ!p^TN8$ll)lqDkeHDPifxD6_j}jec|Fu=#^}R1k>uJsKG7 z#r40GOXmokN7lV(;U|af;<(d=!~zNBY_x-}GunfqnFqw*3ftOh_uAfzw$>KQG;G~* zj-35#pZIs<%b0GiVY}4)*nkCNU_Mdl`cg+tk3iM6D}8okh;7{5p!KgT@nyV$NwkHP zSLJ_SsHTyel03;p(2(p_EuM2-9*1pqH3i(N*&r&Bo@(PBeknvxV8~*OaKl?r+)SF&XK1}rt21$ z*7uhY+r<2WGq`)!ux3(~&tALMlKW7G<9f>{uH0mOE6{Y?yNj2$Ys6V0#yL3y+OuSs zUMjj%B=+_QkwqMVn`jyT0QFa!U0lxcA>0YvGn&akl%&Z0jQoktfD&VYW(>V_XXmH(KNg7$pbk4yQWCRt#^!zK;wQ2NQ646;f6^?U$dgcHJB$nG1B{VT zO{ra6%!rDpi_08!9@U7>hewi2`3yT$5DDX{t!T7+9k-7V3qRgr{o&G)tPU4ZFzK_k zwV3%!4DD`&*F&Z>#l^@C=3^U=Y6mTb>o=3zPi;H{d*JTK??;91?wWh+o2gtgkN_v3 z_Mpx&x#(7HV{EcD$Wij+Bz3PV_>19*A=E8zbo(h~N#g}fBO^Zi`x*^n9)!uH+DoO0 zuCLlHO3~6pLO%8@7GD?Yx0;M7>LiW+LaHzZJJPrtiK$#IV0cDF`Tu<{l)CjnE)Gz&hC2Gc-kCRR&MfKS<1Nz zb~w&)P$#j2s%f?tmg3DPF)%`R1I==cr>>oDvWFp?D!J!4tBkrFvwaNFeQ|T=TeCOJ zF~@Q3Te=;UDY%knsMP_d3Y6mLMQ+yxHV^DkUo& z5TtfGhk$L;Stp6h!aiagcdVPsTbW%v-GL$)1oi{cquMgu64>Z;>7Zq{w|M-?hDm&O zuE$Pj;54kf4bP;moiz56h{T^e4DvDD z*NFJ1P)lza!>awVH?t_Q$~T+?xCJ=;O%@c9zvAx^U2ld6P{|X-51a-RU=Nq;{uRIB zy9qBe`0rb4B9OQzpRH{jj9NEuZ0+48c_K^^jE)F3$O{Kagta$63kjX4caI6Pf z>ij?9U2jvnnpKS>w~jK>Za5$g^wJ%=ltt!s(P(W1v8XHa^nN;w9@Uqr>1%7NhG`vR z;kF)_s*N3i@SDRD)31NSL3M2%~vmSEL*#?F-YP8xkg1((e#O(-bP1A_Z%}HEULcNe9eM2Nl%m`bD&i>g0Jtlg%NOb-B_jWVf|ti_GCcJxHnTA@V%2BxYE^ z1cn`G11jrLj$4_oEUjXOF#As5y11^4Y8MHzXpwmU93G?!0Os!|ySf72_DNDFeap$h zpIp_;Jt$;NB+G_Andw(`uomUGmruBo)-96f<;d^vR4#1q(S*?m6L91|tyd}odqte- z>1dY#2^*Hj0Mhu>#_ z6{DkgfmUI4BQ3mc2H*z(dr&75_N(GsuMtOYXJEivN0LcBN40s*pLX-z6XqiYm6T_; z4K!CNrp-RTdkv&gGsFp2*w`E&{cVWh6SoG}i^u zn-0I-9@TI}OUUdsEiUJ5Zwzf6lN0;H{8*&6)1C}Gc}%Z8#b|RLW#TO{Q&ef=R%c}y z$FKP{?w%CZwDi#6x76TiE|wjNRk4=rO+?TZ?R5=0UDoonX?Ds?d2YC`8S(C__V<=| zabI0T(Y^{P!pc3xWKz(@wec!kF(Yc+G5Kn7aIgj-+$V*gE4BwU1M5;%I-}zDb_)^E7-90{#9?o9vsr|ANxyJ zn&e}c{Il!p&1queE{99vzXneYoxSCuOS=a^#3|0-uf1gG=4(r7%tvySF_OooX${P= z_L;4cJ5uVU`2)Wd3GqgyVX(x`${QGdK>AclMJ>)(R`EUb(a0iw&dfo;H}~?MK8hu#WEJ{JA|i z#}%RB9|Kx_jyv0!1=g^4d8Ccp_3K(gur@|)Hfl0T=%zK}XdF{@T~bS*yJrk#Mi*$o zKU!_1V%fp!#z-yXx|uc;({*x|YPUBLl~29t(9}tY?BLKf8@V3S?BXbthup)4tq&2T zmR8LgB4no0Hv3X&50)<=dyP)!JL{CSQXh~BC4e{|k4oY1ps}+FEQ-_0Wb*Njb4ch~ zlvhW!)gEm=;?_tJh8W|V`_(;1;r4?)(6qLY89@Q3E3}j8ijH(^$a*h@z8>hl1k`8N zG>gEOGDfQ@B!c7*{{UTM{8!WA_?2tnSv1)!-s?})0iH)Cibi-~zK5+RBu6VNcqDocM^u^1r0w@g;B^_Vo1n47+uBbeqe$B~?c+63X_9;2fwXNd1u<$b70g)J z`#?G3y<**zS#PVC=b_|@1(zuQ?8E&=RGGR5lK+7&1GXhw4 zAXc7-Yo_Q{S91#&mr=o3IW=6}0NsnjxA!)(U&{om3ydNWj!knqRC=AA z?xCezJ-~-}J7i1@9>Dje;6(0p_j(nZjWQiN(%C$g{qr*NQymx6wP{)CR@Ul~PYGx< zjCaSiOGa&!Bk&~Jo~LhQ5Gu;ydf(6TKg^2MMhc*7FsAF_p`?+S%rYJRwvCdj)_I8(c`YMO=iiL}RJH5Xu>Sxic zw7b%#+7B`|0A)elk9rGovFsK;GSp+!md;zqZBY|qg-{OPOo5v4j~MEDw~6(Q4@}bU zCJt_aearHN9ZR?2`qIBbQ@hmliQv(0R(p9M(~|y30xr?X#sOeI&sy`%Z{Uud7MXW) z+wJad=Z-;er{!e>mB+6^Owix(C%`+qkF-H)62)OCd6MQ+jl^do`BxvV{3UG@T6DOI zHaQz-BO8u>lnMEr-Jiohwmyfb&2a1XY1Tm$ZMSh80!}L5#LW-vSGHEVNETNwJ}!YF z^1FKG^QD?!;n!y+&;gZ23*>W z9teidPd55DoGqbJ>KK!gjN>M}>hnpL#Q3whwtXqpc9v6;zcIH%lVkinc+>$u}f$3S) zFq5%`X#hy%mi7mEN8G}aK_1m|@voW#9DAaPfM6dW)bf`d%(v9R?L#Dx?!))4aoeA?9;&K{Rw9edD1h(7z?R9fyi)}G2FXhBbGQdK!p0Z?MkHaLSJFQZ^-X`q@SAN-pHtK>rE|J9*c&9DqT@jDqiO#DZr1d> zN1U`usVFjT$K4~|sOh@8F}=Qy+ACc}iHT(Z7BS@WyWjfMxS6+Ogz;CzJwwB@+b}CE zYWUxbaq271?EcB)DfK-~W->yL&U+toPQlE1e~6%wZl||i7nsy^uUoLW)BHcBz%OIA zmf=DdEru!p&OchsMUg3VIeB#}4-;xfP{b3&kMb&x20MK#*K`dk!%~(7xo9nIvK!{; zwB7DSwXx_o-W`c9;f^c2J5*pW;N?i|&2bvn#9t5i8ut3uK>F0NIEflCLhnAKxTkBH zQ-#hCQTVT}U%vYYlFAZF5C#eN&3wt?Ek=8-Lgl4W*Usfz9lme2#`D6A zXI5Yic{nG%es^i!Bh&A$?(VPV7S6{30|SGe=Cb8vjc*j}*WGNc%y!B`p>haseAjv5 zzYf^=#?x23@dn$QE#*~&fk8f>&bnhOZfgXOP}1}d3V2^jI(ChvS{4@NU6n(E8>sZJ znf3nw58Y}y!q^*Z*-0msL_8S5Jxx=ZG_mjZ8Xtr_E2CRz8Z;=DeWJu}b!e}WD~VHj{_OmqisgJYJ>$63i!z{M zH?v?U&w9#E;*_jLvNO0w}6jl5H)OBzq-EymcRDYymfeY;n>_@Bd6L9Sa}*3PGAb8n~Q?vs*66#XkEwKJ3tIJ?vSR`Ozw zMvRb8P+Qu&-wb$TRffPy_C8FKI3%wiXSp=FSy5IxPZH?YQNYo>;&_!f0AqG5!u6Xw z>uE%h%PRi>7To>OQt7p*%?%UA8jXhgf3!#TcVUpj=Ht?w^4mK!f!lnt5=T>$=}e|F z^3Z*rNNvllz~quDgf>@A<;u+Ko-vM1M8YRX-fU5-PZOemI-a%B=yIbZ{h;&ZRbLfzm^F*PfVKF%1FzeIAfMucNqb}$nA>GyJG{wmg|_L$$iJ4#({E)bK$8q zOHn1gxn~RWamH%DhjhzJeOLPuWLLUqi)5+9e)*P~k5QTn z*se+@{{Scqs*a8ItG5tXTSl`n^9v#Ka5+=y{Hj|UiSw6=w27nDS)!5NIT*TNboQ=) zO;?Wad67+k_$M8`YbhBxp6zRFCyvugj`J$TTg-{N=LZD-mEG%lHKS>;=`eYrzzWUR zanDih(yk;oW1s&3gef(s;~gOc^UaZ&mWC)H<$L_W!zePk;{4s5xTxGeQJi_ThXmfhR+jTn~Rx1l2&HP2D|?N z3wT1t{{U9E)o!GYAUeo$bI(F)IGJ*FK9$t`OW||jQQ?g{N4y$=kxbWQfQx~~GBSGC z6CIVdpJLZ(aU0w}Blke$bDmF1&)Jj6c+bQS5hPZr3@)L;%l9K3j91R{>aVCu-)m;t zxhh!ots@%~C~2wIX`!1SV0u^g!N9}H>JTp@d~^F)n= zKnjHi)P5A*YfOR*w)+r?B~zWigMvSuW~Nd(p`%`0v4~GJpaUV>!L030&f?}DoV@WN zE41=yIWuN?Hof7;oz`a&D#$_D4++L_hfEJ!i*03657}w zvu?p*)2~YGF1$I2BtR912P?{f?tdz%_GDB%lf`-iL2A&uo$N;-boy2fksZ7i<}Wec zWchMNHyY5$=q=;&cV1pdt}t)_z*Fg5{L&-bEz%IG8zRKnILfse_G)bl(sdn=W!XbJDgYiuYcBv`i1# z*B~J3-sDztkth2D-b9x%ZISjKpyQ=^4~?`qCAVvqS7jiqrF!Gr-iYja4Ii7o6m(rv zMAYNe?ChhsFi06vQIPB3KD-+I5&gOT608>Y-x0L^K4eHd$!3Ty5%|eb@1B*U8I+=a zMPA=zLoD#fVr34xl$&qrAKTRfl>8bQU_a zMi3+)XGUzX?^`z4%6BUh zdecbhf&B}A!7zVlsI_e+d=cUuW6#v|*c39x{FNi+QJ$rE{HywS_$%XE-w{})tnzM> z6bUHq6QYy(3W||7K8J?U|YP{OUoTj*GzS3tYzWcj)%5t zs7}nA+1U2~02k<%)~>pQH%leFssP%4=^b-kdvgP#Y-RIfBe~+fy8%(Sq<9#F?qN>` zB4s$vK+jB7n+wx#x(H(cXYUctYuJXz6E|#TX{Ts|mS8s?e(0#KbWK_Q(SI8=+pq(k z)nnyj{4b_zCjMn~eS@5+``=pL)vpp3pH8?98-g0s_C&a}P|_l|vW`i&VDu+A z-C15ExD&=$JW{J1e50jmgmM04R><-c=NRB}X|PQDnPPbsHpYM2q|B5}87!JKc_VQd z>&VV)pwr-KR=JK}I7c0;O)f@2{lwqA?Og^Wo)(@p^5tY1 z$7-h$#yXfc5ScI?h+uKZ>q6VC4zVLKlY`T>G>rLmHm&U-mf|p1V=>1Aty{kEZ2tgl z*(te$aonm$Y5_-E9j(TdYoO_{;n8*t$BY)uax-fBRmJFnUZ8FS_V%EOM#eOcKPZse_}*B<4t)+^%z!;mAAlkgh1^@&9 z0M%PvYzHavLq#m&6kzMfIX!F6qtm0(hLL#RyoH+#qrN+TDp$UPN6%>Pk-XGDFe0yMuWc+MJ>be)ZU<_UI~`Sxx0bIFm3~pq zPZ_O9d_#YwktvhPh9UCft}3F9BQAzUv*Me-5Uh5tWQyDZnREAv?^uJtms(zybr^1; z^W>AtjR42X>z__*PD5*(_8NAtq)lmgH2c|CAO_Apqwudog5JVdAfH!sMxC$&9DbBE zksRinpAR%OyqfOH)h-c+Re}5bb*?_oK)AEkLf=Nnk;%D2jt`|vn7NNf@rAaVb){Iz z3n`c=cMF4-2ci8d%`MfCwCS}J9(ct=WuoNvR+rvOMESW48-d=vL&Nqq`i%CAd>77z zvYVHo!5`yA!6Q5Nglqi{-@=h;_qMV<(itU;9*cv=A334BRl6|cQn0N{fHvMU- z*iJnTj>YYvoGsLzTY<+JuKP^Yt!-i|!^~i~UV43K=Vmr6SlPpWE!Eu6qM1i0p*Zba zzlgNUTRVXqAro=}aM?8DD-wrze^HA|g~ZYk5&}p)Tj(p%ZMDm7LdVRGWe^lRKN!tE zV|X)%m98x{3vEZkcS#J%Al!E39(e;5$9Tt9yu8&Uo=B42O8ntQ0X@zsb1_Y5a5C!G z7V|OA)aVx-Yj^uj_WC#?f=BtVO9Arab~Pp~9j=+Ct;#dsf37}*f@%w!OAC9%OOfTC zNIAwuAV)Iq4W^|NEyU68Cm1|pwCuHyKK}O7DcR(Y1-R-B1rvW~!*_Qb%FP#)4joA3 zn)Ho6!6boNI8MR*Bdr5(L!H!?*&UUlB=dpkS@yu&soI!drgK2z>|)8OpEBS`TX|oX zB#ir4rdnOZx>Ri|Bd*X@T>Q(&YKgO=Ea2~qax{}f$+Wf)y<^L5ro$u`2v#OV#uRs~ zijzefoAj3Gv_-n&wd|$7ECd8@+tiMRsw+{btDcph_=8Tr(l4RbWgprW;4CP>o#Xmf zoA{R6)>nBvg=cPq+MJ@wD(KLClGb~Gp+VrH^`%0hX$lOcbGJFgK+WAI3n}kbTjd{R z7$z`r&(^wcvm!?-Km@rt13d)-XqLl6`()9`Ds;Hi)oaX5vy()^&*+mA2RN#;oU%LRyn_kEx1y+#&h1bqVTo7oYE?~ zZv>FabCX%hJx!x4BP(9irng9-^G47{KpfROYjLPr+|M$GfD8~1Cyup~k3kf4J18c- zjt?=DJVp;wT}O)VAZuZ1ZEqB6z$AdTpzA>rjm}p~xVJAHDI&8D4?K$4y3{RiB$~=d ze1^ar^PCQ}6lYoJjEwHZVi?J8?@heZ;eY`lXJ_MXdR9EALMy>#c@?F^Rtq6^QoI~~ z6~=gD!_fGLS9sBqXNk;mhvWwbr`EQOFg}a;gYf)X{5pePv9}ku@U&r|+mVgjpU77+ z7QLZCBzj~s#?lCp*dk*G9X~p~h>@Fle6fa*mX%59J6AEM>NonG-RcW@ZSCUdNguq= zps6xDTY1gBg~hAe?|HB{u;l>su3|B54A&wu0~N?Qqz5H`s7>~<1We!&+ofvgHnT}^ zk=(BR%6T*a>IliF*oe%_h3n5CSDxxxM7qD9CYB>Cxh<1`Xf*a=r+6lKQ^Cfg&NbX<@)XK5lVLN1a%k7Sv_FfX3>sQ|LjcykxI5R`(W`t1GN$FZ^GC zpw^iELr?zO&}`tivpN+gH=(yox~tv79HX6ISEU&9mn)*VZ%KL8~-TnC2)L zpT50`{{Ra0ShV;ig3e1ckM0As4DL0PMrM8FFKEiMsfqd($3t8c-X+y6wcp-H{)-ck zRYwfIrjXGrvfJykT9iO>AaxEoQ=ZlDs+R9>8 zfgP)d&>HT~QIdPNgxeKl2;+h1X*Xaq^#s~}o!(f- zQ{S4Naq^7Oq_x!ENiQx^0-rcs5@bGtvbEc-Lr~O~%F^UPYzX`-MJ~dzzjOPfwT0YF z=$loE&17r3h2@@-OUWmZEP^eV&T)>T)0zgNVrt$O)g`jCzxy0(1d;C>j|?;a0M<1> zhVE^woeIMlm=V}&*7OaZW=~zSo456 zt;=5y+UcH1G6!OJ5JdvyM7pdxb4DYAGi@s$n6GhJ_7^sgOsLzJ2j%0n1W4JN%Qo!D zVUlx@p}JOES=`NU8%)a-nEBBU2iO`2aVu%E+}hrKjyQxd?!hGW&2HV;+1Wyp6C83j zN`d@drh(YG;kkvh&gmRGuyMy3HCs{Eyg;#pxVco3B`h`!ah{X`QEslTo#dI-yw1FG zYi(`B(FBFbd~MnfTDWd!GcQxn?qRoSR60t$fsPuvDV9SR^P&CgU|@6=yi8Np#~G~Y zmdyT5s>Ed+oDMmwI#r5WJW6tJ3w9-BqlIeuLO#Q2`r|!l1qULU4S+N z*16=YY;>AFr)i+18kV4qxVF)OpUS3(SJ1Deo?BVd&CkpSRUWjHu}UW0*1c~9iduc8 z?jcziCCeiXgZwM-=3Q4>BuTsDV?B z$EVhn%$#}|H+t2z(1k&Z&bI|OF9o^lUT@;jE~p^5S8PM_s0Xh!gpWV5H>s#c3d9U& zIc)M8y?aTEQne7ga){S|&N0{8gLAvO)nWMc^90ouL7~2*S>uqT1f)hk-$57#yi&6 zGUaDsqTSfrT8%qe)=izeFjDNLhB{=5=XEsGtghs=vAK%&+_^jB$P7JjX*M+$QcE}| zxofZaY@-RdatF0@ULv`HR^AnuB~&y9m2>OH7~gF#boLhkZQNK$5cjn zRkt9?7-8#33)WLD)ymr2q-zXqwm`jwdYe6*8gG+l79|}4YG8QIr>xy-5=(7y43LCk z3biJlx?P+PI0Rm25yy<~9nNSjEZy+8h!S0KUEowejrZ3LxE|H$`u3S?sLySy?1?U! zgXEA&QP}=;i*qwI4QI?}hcWGhU;uNI>M7QGt?%}8Exp`=S$GUM+Gx2BPh+ZsNx6a; zQdjft9YHOhyuW& zV#*t)KJPSK8a<-JT1Sc)?ZU|k!7MxbRws?)wU3V!u zabMiUzCFXt0Q1K~SsQyooX+}&sXM&VHKQA{Qwu&a`^p6bq-UZR5x0VZ77V0$* zmHC(H=~VSE1}}(o`@4Hs(W8+MBxbEenQ3v_f5ZO(5hCfaL8wM;?V~L=<-uSF7|E<% zU*Wvkt*@4lz}GCqBdO;;zSP`%7Z~+3`~je7z7^N6M~Sr}w~<^b+xa9FMHtTGp1Jg` z&lOqeH@8zhl%8h!7?&gFVeeVXV$U_awwzl}0NFq$zY%C+bX+J088yZ0cULypvw4;$ zDjG=7P&*pHV!>$)Ho|q8RGc5JS+dk&(VebmRk&r#ZDYZvgm&5o#E7-sEx)vE*H3Xc zZJc372>$>Ix2b8dc&c@{vy96cCfD-+0Eh$BkyNHkk;KpAEiU`UkZ2YL-7T%)@}w!t zG{YIszgq4Mo}q7Ymr_MLN5ZJuatY{ao~Bka_1OGIw+VG&aUi=_3`yju?s7TlUpV|s z@D8)BYWg+wckw2b6sCKG^1s)dbO-B5(gi&X_+Lpnz2u8zW{Gf-lY@-=cNOxd#t#*E zkHr2kx4pEy)opZZSVR_4+R3!Zo=G_5{xzAbV|INh;V+BQ_&ectlcQ=rADKK$JZ}Td zEyiADBY;0ITJhZ?Uk>YM#J93XJ&wGRppgQfm>itvziyNVvaz!Ty6Rxr+I;e>1$L1M z0Q!5>`lpRwM}a&nbo+RWauQ|(ADN`(VC6EO#vU55nmhZARtCI}1SEemt9Ik^t9RO# zuda(ZtX^NU$U`%g`LWj(pE#Pa>OLBaO16UKwP~aKV<1>JlYyS5xj*qJ|MOeFQ2)YH<-y-)4wCritc_Pc&Ajk(3bMnd3Adz zh+AK?rw2R$0Q@TK&ChE1Ie&Ymcn3(A#J6)lh@3MdYs$t;XABS5^sf#5sQi6Bq#6X* z`lXCFX89(H(EwH`i~$E8xIdLXZER&H(DW}7c>6=}zl8J;5?X1uT9%n9g%``l=Pixh zJu-hP^8WycTD&(}(_h(5{*82kZ!308C(@&xm^ib{W|DM{-f51&T;a3H71i2!&cjZz zHWz3vvcSeVfP0gQIl)J{;=VEQ&a{^nw)%Y0MQP?1l|bsfg=5L%tuh#yWLImqUILy) zE@oFD*8DN}d!l?mhf?uX+FV)avKBmyP}!$1 zQ<1;%W!|UuTa7Zu$cV@pgop2_>x$dcv@Ki27t>tWY2jCTor5GQ=jI}kHc>f$i9Q(8 zbsawMQPV}_m-dr9GPq3nryYhf*1Si;zXv`dc#?IKPt&fWiT>pBDPDe<;~ZAe*e-qj zq-af~cwDhA?Dtw4USMqqmn-iSA$q zPqT&_4suTwoSm72eNL}TvAB}n+flfLqBCO*y-(BftqoEuYmyK=X*%#%9DzmdjbpLo zo;L9wkKwfz_jcD0G^$z$$KE5hE2H>5XFrWJ{a^b+-Yq+7k1KcHV%P&BlZJ-((6QnT zA$$VYmgY^%3$n0YLlNm%*Pbj}oi|P~x+9kT?0a&>djNfZ!jg&2INa&4t+kl^Gd1O` zWnz_1#pujH{{RzS6&{P@okH(Ty45b@7O)TBBx%<^rnQW1prCqvr-vf9Wnl=pX)wPr zz(MOp_K9;1^Xb;sZ+J_5il7pGvrO79$D+sK9}oDGz$v4{bq15Il#op!jFSs`8qV;Z zkFEGSNVd_uFL-YCXyIiyN-*U2EBH`fH*@BH8F+8SNbrm4t|rwy=6^Cp`O_zbz_AkOigCN^Quq%~@g1qS)0zbP z6A(WPznSKY{NR-2fyXsU zAfj6E4wad6*Z+ zJ4dEIwdh~7Ps6Vkd^pu^P5r&Qo4A2{fPtA1bAiVM;;@x|hOu`=Z;n1Xp7&1GtZnTY z37O=NYMh+(`K$Bz*w5!pZXQLPVVn*rCCnU%cB6G~X7C70JmhEQ)w%Ezwp7ngLz@uh;JMiAx?@#c7hgW$F(RGpBmTzO9^Tkj8hYO|raEUzD%8(CV zQ(W!aLgOPBRk@nNM%8ah`3k$SjN=uh{{RUz7g{7bjjS`hex!vqhd3EY`G944Qq z>Y9Z2a6xZ8@oV2gBN)r>QNjmk3cTI{|rqUI7)fWM$5L=kbpD zwSOJY_Dv!^BF5I)Az-{LkNxevx>Py^rj|6@h-aBT(8-Qo<^nGVX2I-aVqd<{i01eMM zKT7f~V&cZlO-&@|%L;jYSnhbxm= zjWf_}uJpUh$F{s^ZRA|LNsRX3WALtS^INfw=Hts~TgoS*;2c&`U=!RMy*+hM&E+!g z0hgey?+@vx$+XlYkw|$miceAMeXBc~McYPt3hI=U< zX&dHn7nK9nw2QH$WzBO<{>AXs#P%>vaeA_^Y^X!m9`%u+MR$KPyt9Rb09A2<)ve5B zfU)-*y z+60ru4yc5zv48-N2N^i`%}E}M6f(#>ue4l(6uNrn{{Yuaj&@0^+kat)B-%}LEPGZK z>lq`d9gT4dZ>n5rrDcs^h`BBZ864v|>x#G|YEpMRU&g)<*75zNX)zHoF%O^a5&T&1 zT~EV{7^3phaCjNqrM$*ecq7et!o zHoCzCDdF+fvtv4Fyc2mHgctHGcS?6QNX{~N6_Ib@oj+H&l^WPu-HayCFdNpP%p}pV z7L9M=-9khu8I5D!NI3bi{{ZTz+iTE4Jn4HRVF(3Xj|1AAWpfEd%VW{By8l ztwtDQx4>9cz>;EfjezwWb6+Rld`1_VhNWjcmD~tqK2c%@MtYG{RB2d#o1|#^jrwYr z3%WIJ#B~|<`q$JJmUbG4hplx;BynpoF{jCe8%J~a)kan?M0ux;Y+${zx3aUjngT#q zmILz<{x#+iXf}EZLT(J3vQ=br*FL`Ws&^xttFI;Ht&-eWhPcW7<~uEE_ygiBuCB%F0-t}9dUHO`Btw70itmm33wJeCKyv82T%p;FFh#4BeimxM10 z4|?|fF3QGR4LAajy71iPx>T4oVqI^+m846mYf-MfsKNGI zRwRT@fKySpBx-B=<&KMLvszoT+-=+>Cj^g7SD)GIQfl96c&7d1Wy%AJRxVAVDQt3x z@~n&KSaqsbkV7J$AZNbO#wihfPUpZHB-aowt#pw`5s{)uN!rIAr@eYD=Z56E(=TqU zuFMyxxC$4asHSaCT@MP>KHaC>h^`)HaUeNX`|N!{uBCiLx^=C^tfFIcAPu(%1NS#>J@eG~_=qrnvg|)&i8BTII&MDaEa2)qE zgU3&;WxP6FtoH^%9Ptp#lxzTfYgGhPZgYvKtKCTjvXw>PF&q(9^+L-DkPu4pKl;_2 zmZw56wAtItS28m%UwZV2wd?-?Ay(a50u(85FmYK*AT4!4u-i4QErMPqB0vKZPY zP4PIvEKj~s4X5(2r% z6}xAtm75p~laY?qrMenLy^o^*0B8RIj9SORzluH-_=TsfrPi4YzD3+6xnS%UaqK{^ z?UVLG`0=Iq%fhxkA<|@m>Is%5m`39!GyGoo^{#pBc15478g8W&_RviPhE0eZ7XBqQ zPsBQW{wvY$Z6cXry~mknE^uOT=xdH^Qjg`!{tJ!!6QF~xX zH{o&5A1G`e#=n)AuYT1WTZERgtc-<7!OENve_F}H=8!$-;gQxgd+SX$#2M~`4T_^U z^)>ash%KSfji}b0Eh%1~6TQHs|%PVwya;od%g=wy$$_ zaLki76+j$g-nKPA5L{YY$7qOL{{Rr_ky^NpGCF%76X;UKX&##e)HfkQ%FWQXbDv6Y zi!7}F0J7~bB7ttNnopJUoxZ2_{VB#GlRU;vKUKW9R)RnnzTSjnX0Km(KUUIwI=a36 z?VF=a$>pnj=rNE;^!Ke1ndc&7E386wF)`>4O=`&`cJYY9w(i*U^`>VX4GlJ9beJsL z!RStNT@9tYuw5qOBIBs-LPf`8w$nUNz8iKT(l_%)(&YnUjZ?E&6fg~F}? z$9mBuGm*M3`@_nj1wSdzTI;+kr7W6d?dva@DEVVU{67Bx=hl;srZc|AKCPlH)V_7f zu?mL;M?>lP)?bGFIRyHNl5#*ib>LAb*pt%lZSC!1XnxTWs*GTs-omh^xwF$PTIwMi zO5*{8bNN&b#|2{@lzNocl1Jo4yLR^ISe#c&dwFV)H<5PVty!NtDp=_APb?B#JZqkybIn{!F>kLWjl}k8 z6UY0v-<+P~j`WE)ZnSl^mJ5`1enI+*sdWyyI z4xI!B2~yz9fZ>#93sV?sL4yvA`^_8N@X=^-kHa6}Bv(SnzX$bc{2gN$wot2H0@!N&oxf>Ub zr?2H+E8`y(PpDfYeq(t`qk-#L^)^W)a@MV8_OZx6*AcXW*bpxu>{?px@k3A@AyW3 z&LV(ZysgLsB~E(cf}+SF@u`3nxwTnw{n18&eX8pkz0JcVy_Kg#3Qm6-qFlQdJWXPe z%FfgMszOFGdV5!m_{=0tru~+ABA4b|W98jXk%u|G;mI$9#r9ct5BX?7$ZGHIZg1!E zp@mgQJ^R+F8mV0FH0?eJV2(?fW0H0tA4<8Z>US_{(pkjFkokb%W9B3O0M=_MFgzQ? z`eB*px{*fqB(WUVF{j!6j_1siheE?<5?&jPMXc_qTMY#EpyfOMvd ziZ0q)TxwA)j}k)4Milj~`o~DQoh_mUSrlNlK{)2OH9ZnP57`LX;iFfQG-I{74T1jv z)~^iLR`bMZJjl&zfr>*K6NDg<&JVRrqj5BPr^C+@-S~ULNu}#g1;xd>ljg9?F!agh zxs7|p(rZ@>_Ej)QyzW!fdRA8GV`EOn3&UtiO_p`b0&ALh=D)X^-5Kp>1gURRLPNhp zN+tgQgl^v6^5$*+TKSupa@ehp1^ivIzPY=TP|@XBWkzTu3_kZbBz62LGo~gljCJ^R zFu!XnB&tb5IV0&_Lv;j@sGP3gPI;`k9mOMAIxokNFrQS$LxQ0pg8kgW4a>gPP4 zx@%h)N+|8^d{FaG3hvnuQGmTGk=C_|=hQ9~GXcM6PDrO1^hQkRY;-+J>d`LQPnJe^ zdkXHnIig-)S*@&4fjL~Z?!&%oPC>=kcC+Ejj|e0 zE%TGkD>HU^{kMnpeM;)?-a9vzC|rgr2_Sm@wd=kY&|tHTtmjk{pa*LonMbeaXh7-p zI}>LTyao~$6UismxZP&YQ}I`e^!*~%(%#!kSVH}xMhY48(Ek8D)8#X90r2Bp)Ac#w zyIXs%@yQR&ioaZ%hSN>abc@@&YwNXpvZFhW2{f!OL!hz==% zt!*b;j?c`B(qQrhD1WUYWg8s+s~M8@rEtg?ago5R3AHb>O&;b}0PQ*GXe6nw%QmJg zZR~XDAygl|kx$Iz_x@EVOW0tA9T~n|xF(Z{qLCNaC0keBCz6Af4gD(ua|F9%w4EOZ zEKfC*qhmu`O0u_E9I^=+y?fVAEM|!#^4A3PAawfEi?O^_h@;XP&UbW@CXvQlio)>) z!`s`raJWU>4}L3Anc8>SwL1&O(`Hq~dz&Ye!3d`B*voq-kl3vnfYYnbFnkgmFNssvHx$nz`ct02}y%Jz5pDzc%*o8mdJafKabr!`hp= z99L7-z8Y(HdfXa;@dO0}GaxKJ@EsU^c&|g%FEouWN{m~{0=g*;x2YfFQ|&Fec0B(8 zP@hho$#obeM{;q3c@+nTJo}})Yo`H(ZomRa$Ojldm1*q|l6_AJX?5LGP`GTDSmkwX z;Ep$O`eM5UxtmYZVQ-ojB&&jc^%FxdVAu53)gj(Uls6uk^v!hgNB;l`6DYHFGX@zM z>&<2crjg+}EN*XPzIZI$ADLuq6WX$+p4J=3mCDJ^K2zyMfa+zv(7w-TvFZWc*K>}A zPI?-0>beE?`xxX&ZWM(qy+@@ZSj6h|yErsy?dA;y*F%OKDqAlEX}Wd$YT9gZ!F6=T zNkBLSy=uAaU5><0e+&jGu7A;wRq6=$uPE^zi=_=xTbN_ENn8!ZKpnlRd4S|bpLGk* z4&x*}f}DZ))+`s|!s19mF8$s5&|u9wZF<^QaQ6!pz$7R>xUNkLMJ3Cbce6Psoc>ho zBCLw*F)j0tdhB$CdwsL1$sB{}NM$b&c!zz%K(YnT$Ux${ABU6M$*9e3=I?Nrbz{43 zeQ8|TY@6aOcvg6#yg61(@<5=8BZh~=H_=EgMaZ7n^3=4gtW&YCv#$ZOiHLOCv%85?cy5 zB%1Us9#qvW;eEk!+e(wr&{Sn(tTt<5d2f4hcs!V+ATI@9rZe=%>s-%?we2Eyv9+BM zt=3Kd0CZz_ujnbKVzp+jwebeWNww4MkQ=a|DtTQIao^ItA4l;`hNq%O_LLvv|u9KjM;Nma=Ez;vi=gQf9Ji(TEw z@NAx0K4}V%^=H#H;L};O8n&eiPA0iy!jbn^{{YuW4SR17th3qPS={19`I#|}mFPNM z_2Xa3_TMk;%NWBG^A_}^%H=O=PbAyqNd#zl2y2Daqx(!xY?2t=x|QlH79z!!$hHUr z6M?j!YUg#kxNlWj2WDaV;*cj}2Tr?^8=w?rR~vy9(CRTwc_fz_bZY}X3ho)ftze6j z5J+txS#I|$HPIFvj zo*0tC;pX#EkROyU@q5;CmtvDWE5h2{t*xK-ZQOB9<~aWVSb2}=bH#Y3y{bN;s%mlE z$R@KBlN^1KFgpG@tjanlH7K>~3k?*caYJqhMqj+-`k%_GUFrV-@Q+(vOSUb+a>2c- z9L>peJz;JpLPRB)ZrV--OMR#rZb90L%5qgsYI)cZ-O3gOo>f&OcdAoBmv&CD!b`RS z?L5|zF@1~erp=^7ZE<=e@|kgi+m5ulZogxA5+Mwz=*KSn2KrSJ8q}6+D_jl6Y>Z&w z3gdMxMq8`9OsQRm0F%?!kRA1fgUM=*3bHP9k>0Fp(LINg9ohzrsBD3p(*|KB%yUH2 z#JhI(t6F1RglW{UCCe>rk%8RVU0mGRmzW^I+II}+=~#NcoLWfYiWtj3Uf8BWjhW}3 zC({#1*kM4jI0U~?YY#!+dvGC*gM!@TecELnfcBEX11-cQqS{Df+PU?y`(QVgkh;b= z9CfT_Z4HR@U1HNxy_ZeaZSEf1%5f6`fUnb^#KJDJ)VTBNs$ zabj*RPsXUozv7v&$>;sO?>M zg1kMieYthXE|$zfK~0(5MmyHAh}%6k!#)?&wH;pS;_5Y%Y2T7N`&WIfTSK}qiUCvz z0*<_QswK0+HJiKRsLf|`g=Ahr0CBe@0)HyCrbTfos>n~B*a6g3PhoRwW7MtfVog0Y z4Mq`fDyqj4?8llq6JAHJX;!+Pw**kj8eB2kyQdlHSqz)Rc60b`Z0$sFOw0>;is81N z!;0i#nk7i}JH^{7F=o$t25M;#S>0V5yEIgiPJnl=;?GE$RGiB)q=1cs9Y?)3g2$S8 zuS%ZU`e{nW;4uFHR(}0l)BGE#%X+s{Bcv$~Rz0{ok3vu7NYXJp@pW6x6JBeZ$YTi! zbuo@Zel=TA_oW~Tc_tCAmazd4AAAv?{I!%}BWqDM#mA=ed)V@%?1FP`z| zeZo0i$p8!i^cBorG}6l?EL<`XoaUTen57rg_K$~}mYrv#t){XjbG*7rr;+W0_*XmQ zomS%M<-1pN3jC-5zyh{JpF3*a9K6&fd2QiOGDqCyv-5s6-dlJ+_U}epNo>j%O}l#^ zp{L8G%_AcdQuuu*hP3FW9#jzQzyRcode;vV&n?%QBrRm52@^h@!KjoAxwGQELee;v z^G1PVVHgpo`&jO4Dm_zB)O7Z>p2=3-qshp~cKX&<8Jni~S_pLGc{~v$=0J88`BYab z%P01o-`XKmw~kywQMiy})3R&^V457XMQb2L2a&%^IF zt9Nr9^~}-A#DMLbHG2)Ml$utFGf!?^mLr$PEIn!)9K4Spg5yrqZwpL()c`idY#(D= zTEBqo{6}WGfW3kiU=dU)GAJGMigAs}IcWSNdo8+Y_LpxfsoS}eBR@*W@sEWs?X9D2 zvAY5T1HmGRM!zOMLvcr2_8nruI3d>y5e0F%cc)kY*w zW0JS{X=81Dd*TnZq!%(w(h$GiILS5YH-0P{FNAeVnXVvvb&XP2bqsR3Bc7wBXk#P6 ztiCMVYeMm((;URlwPXo`>yDs$8qv0fO-s$1^f0lCH<5-pPyscRjiVbL6RYXI7uD`w z?#km&w@I61drm`h>s*Gb@asg-yi;R$d2wy1c?^eiY<3WEaZqg?3||sn+j#HBw>I$E zT156F8*l~y1a|sy&2?5@9nfoRe= z)CO*Yf$Lro<4*@#Ykm~eHN_Cc6w)b49SCMPJcB_z$B}$C@GpmS-CtAGwbXq=)(cja zG87Xmx%;CW`d2@w_^-t}HS*iTadoHYvp)1+EP|rA7v*0i4yK?TfuL~>1W5)zv- zHvwM->V6s3ekJ@)k5BO_xtCB?kPC1ahfsd@>PZvIkF6I)wa~mBrRj6rBUsvvi4i#} zKN|8I>q&JhhL+f$A|~JSe-istxEM*;&D1UBp3JljvUE5=!z1#j>}_^ICE06JBF5Xp z4CLdmsElrAr1nS5_mOH>dZpY6GfMKxN(SQt(-qTc{s7e_is`irX;xQKurXdU_4KVd z5xiG(>JNl|8q)kH;c0Z)H4E#jnH{dK5spWhf&gD`Xw>br%a*u`Na9vMHr59u8d8T* zxpq9iRnsli88p48%Q!33Xs=HAf8zZs!V+1@s;gZFjn+VbWkCdWs77;{*=Zgf(e%A4 z8Df!cqq&jpu;epF8MDvlUB!jwp7!P&d$`kS!Hoz3eeu$*Pr08vFrx7;i$0@uW{+od z#cp#=r|&VeWD!<1F5xAOoEkFfdW)mk7{i#+#!2)(mFC(7 zoLBmSPYISQWOnlQ^O5RmdC^KoYd)HmY>bS>Nat|mn&UNXW_=1&xgj`ZBrxEd)X03N zqv?8@c!x|ASlq142i#xabLcCax3`;36WvL0WV(>;ZT#&S?fKQkSgTt@8&UAQel1qi zb!o(pU>bPCE<)o!<5u)rZBowO+HD?hv&2{vC|%0HcBX3;!?AtMW%btp_daQqpzEkqxw*xNW&*^z^6S{6>#K)Yg4I+7{H(F}Kf; za)!qQRLSUR89k3H(f%Q}pLyaNolfRqJr0N= z(QRA!oaYVo6@>4xs#i0vJa6M~h@L5*U1WmKN4T3Y+p6;!9Z%HpUFDCB*23x?GB{zq zmT3%f%KZ6Q2b#~`8jCt<{0yEWy0g^GiE9Uz$9Nwp8SZ|fyA20TvD0Ce1dw^bhQW-I zKDE;tf@IpL5eS-POL-XdZUOW);r=R9sNLMekol<)3%me9_7$NLzeCC*)^*()_J8b~ zd7za(MrMqi+5YdoE9pruE_96!-tywv?yr8%yL|D}BdsZ4p;qd0*M2e9?=*xZQ5PG4 zBOLb0>s+Mzo%QCH;&^S7YLeqQ+}@(1S0U3mD5t-*ifuwUgitEsv)-Gh>o?k!*}gXo zC{-JNY>mFvl;hA8Y|lW`ej<%8Q-TQWnswR;5)*_q>v~_rt#Vy5?(*YV7Pk_<)J@+q zpy`A8RvyT-&VR$+2-P*nwXJhry^H%L<#|>~B*QuM6_csx-X6F^q}kd+w=8yz)*_uX2FKzoh&#ldOeR**ewS-Y-C0G690Dn%E&<#t%UkR>7#+_qrtLhIL0})I* z9)`8{ni?GUhCF#C=C|S%)KyNIBKgo;g}_!h&N1oN@UK#|njK!!IIOLa5;23boVI(K z=9&v0f8$HbAF{)x!Ej$uX)x*6ZY!44X1cL5HOj5Ux~Us5dgG|9V;eGRYsusDZ_xE09j1wd<&&#Zc7Ni+P?G-U2=xB|C=HDu47_jw?s)B1bk7vq_%~0E zI~gKj9?-G3&ACUfYE~^l97m1(b*Jmsa6A?etNCNjW+0Ys=DfLe=eWC?-%5?JoIX!V z17oO;D}ieF3K<9-;PuUUABbhV^O7i7?mXb0DH(HXbG-0sM?Q}=rNrAW$`%B^0-W~G zTE8Zld#BEmx)z5R-TmW0i#{Q{(LTX#s9X}4Xxn3rGI_^ST*jX~cQ8#p;jo^hfsEF3 zOxg>f*XkYvzlPG@>eZ)`XH11rxSy?g;P9rQE~b`uaJQ6y){o--D>HRU=hTwHqe-LK z>DJm@R<9Hb6pm1Qzz(>_UwZNz=xzKzB=W>=C54;I1&JU6eLGSewLK3+({%p;4QQ#a zYf?u&wl|`NIoLXk*Ph#aWow`9DYPv)(H+Vtb{P@T63`;;_~5)CFTS6J6>q>}H;Y!Wikzp?#m5+99Mk8al*eXZ;gtech5fFmD`S`?`s zt?=7KpT-#RMz^S$+2qFNClQ0wKK*Oewe1QUz%A{IE}m1%W4G^qKb>4;Om{dB9YGXY zL>gpKrKj2x%2Ii9M^<0Ty#D}AT}MT-xO-UQj_Fj0%g4hXdL(Zf1;>fC+omwdc{Gj_ zZ{GP(dI4T>p@=m901`{mDjZ!D=?RK@*91~PT|y=%afp);2MvM^)}SMeQ`a^3a143A6n;+if?X-JDFt3 z81xyfp&o(Ep2tC=-|L#3mRen*7cTO0PB6b(ZnNOcMmzbMTXXh+PVK`#h^ui$sJ3!? zY}$%W@WF3$8gC%wPb3^y)P5O~>r?Ory@#G}k!|-*jrn`EJG^Pl- zV8=fx74N!u(OVWaXc?pE?D;O=)4f_ob{#ICWh~%G@wAvEVCSDo*g*xQlxE^K`zPHb zj0MeTq!5<2D(e0N(foFi!KUj;E82|y;1bP|(0}#ohP3c?kA~!7=5Dw>3jkcGJ?dop zo3xHI#G0$DrWjGCM<+YvP0TOU!$sZlX;v8$zc);l>Zl_$7pcK{R&fKRP^ zO{TsjOJ#;h{OJ_@pl1i$6?~?V(?gwo2Ki^Zmgx&h#J9{b{OdmOS{Pa>P#eWznF;8) z=~EoMO6J^(!kaIpZ>7?Vki^7z4c`TR+%iXV|XA+JogW!5yo5_TDR)ml$PX zkzBOp-0M!qlKAJtqg1qOi-r!#gp<^*dv>sz_!;?g_9(-nDMreaU>of5;TvPxFG<wc2BmLo zL|#LWpK}1KgWtauoa5B#r!)Gc_%q`zS_^x9D_y&ed2N*Bo>{Hil_d8#Vay zj$JxU_Ut^wVf;YXG~#q6bIZOw{4?<9#{U3>9wzux;zQ*@s>32#T!1&(-0VA9bKIN{ zex2+5+fEI%TxsX*~WiSUOz3F(zVr|v*522+-Y;J zhW76=Jb(hL_gB8-Uf-$M!y$reWe*GUk^D97<@F96WO|%Vtifeqs>5q?NbOZ^B{AGX zDNw*30k5K^Bf+b=zk3qS5gJ0V93Q>Xxy^1P0xJe-;XN3h)!7+zF-)6AwYauMzHuk^ zVyFfBUrT?8$u+9?;?};eg6O|b{T(1A+8Oi=&FiIQV%55-YK2#YypyJ8Zb&M zS>%D-)@oJ*%O6dRqg$JMb@N7Zh3Qa5r=-Q2=n;X&8v`|b=*hv4wTxI!y9zpZ<`9A$wxW&m+iwAoCSSaGPzOE7W3Tw??Etx1wDy9>)eg;Xwg5Djt@ygGQ6Lg%jU{{U4p zE>q66onm{r{?3A8dz_v}rEF-cACVGVL{i^7er(}uHy(wknmUc8mC6-Fk8o^-Q^Chf z3g)KLrATII#?y`v_cST@6sd)b_mD#I2QP4^Az1hH&2*Pm_p56h&lpE>kO9aBwKC;I zaOzTvaSMso>3Xp5Toul%f2M0u-d;KwRl_FX$@Ryt6ouq{4}WEQuJ~>}O2#%)QDxoJ z<OSZ=@LP2FPd#g((llsoqm<6Mc3!yeLlw_1@g?QWtXFg0D#WqL@{QbV&r@9DYfrb#V5JXC ze+Z<}aF;``gTxSCX~sFw%(%u$t302WjOHJbz+mEosEt+Vy-bFQ9SoW`$YGN9FET>HlK4|hijsZMWlge5lM^;bq1{= zC?1z#V{c<=8a~8$qsu#SoL7wan_9EiHDI=p2&6&~Z8^}%%2=o; zBd>aXo2_ZE$>q%yR@+9>i^fG-RtFQF)vsZ>)Rj^H0B~5~4oMZx_>V;X(1cHDNNB-0 zYS%#IMz6y=TV=A_IztSM{{XzpWU0?J?-x2&n{4SMNgS9Q5IbU}$h3|(TD^uVh@*;V z#9SQi$2I4Aw!e7yBGMU>bw(#}ZZK<}OwmOS8oj;Et6DmTnMq>azSYWH?2_&VxPY`H z@Z3ErNzm-T6hvQ+0dMGjw_keqml_^lEwoo1CNwsRakLm&W-lS?b2p}_c6vX zlU~DNt3hm$TeOQ2Wdj8D_7$b|p4e?Y9XXZx}Dakx^;<%j{OC7_?PWYFe2TDp-dYMYy4_WZOtEB2oj|o{@mE65O zDlKD3olMVUoU0c&9Ff+p+5}dm4K7Q671+Lyc;rX8m64Z}Y-1loiu3Og_)_D;OK$ch zo)jfpwtXujW0HMYuOb*5S89nQAD|*P7x>p!*BN-7(0o3-L^scDl%W zYsn&skP`~y0Oq9LIvpp1wMmlcZH$UiR>PI!KU(j+RM&=RZ*0~yNfgG?Dqy*x1lftB zHT1je?qp_oa>Ty`3d8Z9wQ;A#X?><##cM1__t{+T8P6V^QFAtWUxa=nCZVNT-!NY> zP{$&^2v9~kes$n}F0o7PYf#o~Zc5JID(96L&M-e33AyY34AyV8ZwkW;Tf5vUvPs8M zGtF_nQHn&EIJLtZ@_~|1 zqs-5CmeYv~>X1mL<&Td_AU3a!qlM1RA~fm|_hm;Z8XMpF10YY7GX+-OkG)^FSE~rhRLg)x0`JuNC#_ zj9Ko%$o^EM?oE!r#8=OzX_o&0*v}Hjjj@ov-A}D?e{R*UMTgpMRotK60npZNCiXT= zF~lQ>1|%fqdlO!V;i%4@ZW2XCSt2;kraI9LjAgi=*;b<7Lj}Alu50K=;Z(|at%B31_sa8Kt>#&VO`*7$*{ zYDsf%Z)>u5mG-`S40kny7Mv|0id&7}Yjc7#pUS6`py2v5QcVoW2bm0D+_LT9aw@H# zhqVnV2Gy_at|2`F9<`f|j))!ovd^hT8XJ!-kwXjG`x;q#$FQDG%ZTz;ccX7K^S0o=e=RtLv&s*Bmn;a z#h&$JvDe3JpCNP({mB))O|89?MlMn|W#|Wb=WC$R#cR4HlTQW8xww!j$+Gv{ z2DpOLQ-#(5+ws0ZrpNL*(by!NvBtQ@GSu?JoXe#&{V20PA2- zGo*t`(>z0>YOQgpMFg>`giwBFIqmeXFSyY3<34VrSzQhh{pmSa+A*-$z8_CCl1MIm z*xgKlTyO`Vt9GlZX!o!sxRNV%`}kg?+M}PbRy_Xz#8P>lAij3GJ0v(w{4gDJ`q!ZR zKe^L%kkemYc~)dGT>k)j{{Yukq;s^<-P>yN-AgLi7j$OH_Zh5>P6#yZT5H)NSZ-uY zIV;ZJLHU|uIjME1H2c<>R0#GkCpB6zig&_2- z8E1~p>7kvHS##_Bt1(!HX?C=Vqil!f=di8aH^S51Tdm2CGPop=X|FOlN>S(@b=AO* zCEU2&1#en1SjMr4(ZK2}WG5D3Tw1i!Tr`mcjJHg66_Tkm4)3yCc-JIu6_b-SQ7mbi zkhm9jR}O)flfFvFOhVGl%Gz&TFy{5M>w;KYlT>MN0ER%E2Gfi zdEQCo-;j3lcr_LSZ&TCe)PBzlU`qfTbN7CgK9O}}VRo=x9F-j4bgiPSbI$kB^i6)^ z(_GPETX+=_6by5m`qziAhxHh*UNYM(*Dap-tz1muxgCwdYB%>DM1_On3}mT{Ae5`MLV;yqA!is>xv(XGFC$xcbf z){6<4vDj{f)$U@nScdG#alajfYxrMMOUWnFM3$%L-x*>7>FR4(#>ND&c$VtTH4Q%c z&N$U>0>LK#0KT{#e-rvwpbsljg5B*QSlTq&$2l&2YQXSMiPFt&d1kA7DazqtJap=5 zpAN1fTic6il}yqMuG5mf^nmwI6hQ^Hm0@Izk1GO0V;@j|D)aH;*>vl8ZDF;BMppq; zPtKcoZ^DZ^d(2+RTwm zBYDUi73cG=3T<69$s)NJ!N>rPryVO9M7Wb_UMtpoS*Fi&k%JYhlwX@U_8+ZQyYSuU zu>Re+lkDr}g#er|B!Bg)ENr84=9yz>uFD!--ic+8uRX;_<6Q?%g~73zSp-T-b<1F9 z`p_>U55jsx_a}P*oK4+@iqacnD8qSc_eLocrhMzFcuH7xd7Aru#gv3>0I5)9G58WPf9u?J}pG4s*|8Q!R-$uXPPKRElMU`8<5MIjaf7?@jLS*^@$sLFQ_YSg=LCh1mZRgt*PIBLE`IhU=qM~d7; z@eU6Jae-MH#QL4|5(`w@5F;VS-T?ED*0eHm=yx6y@bsF*`el^Rgh^kiH~@WX-@Hkn zXr37Git3S=W_GyS9A&{}gkvm7{C_G%A3gZ{S+UhLyS*OE$(q*cFuRBwfH=uh&MV5{ z(R6gThQ(%v7g+w|zBd8D$uyfTDV|y4dGEB{J@iWiwq~B;6=c9;8k5gHgEiaua!oTr z`$Rq?zJcwn$c#*+6m0rba`iMijb1xDy+2ZuPM!}X)cGK=$n-d`n|0;8g67Gc@e1&E zo~Pc6ur#dns4n(Mz{?wTQhV0V{3Kcyrv>a9U5A%%9G*}uoQ6&gGw)W|n<`q{*xp-B zEz`yJfZ(cQoO@R{;yb~keV#ib587OCrLmEov?dolXW@T@tlvb}bz7V8GJ5_Mtm~uh7D| z>(+~z*z@}j4%nN>94b8d3{(u{dsnksTi-znq%ltnN;(=uOR>r8x~{Dh>t$kNNDK^Q zEO`VFeSWp)+NX%@-o`r!@1~wc-S&t``Bnb_uN7(cA1X0CFzanA!{x+^$K@b!quRa4 zRq${2_k=ZgE%kWp?&h^&AYP?-;1S=YDKVcr!SF)(oh&0OSlQXU?y=mN0kU?`KN6nT%2J8;?CyZ>a z;nhvTt*U8B0uS7un|SU>>~T>kS%Krf6LqaKTGMomDjhgaaRAQsa;#f+diz$_j=mvU zX`cwJbj#bBBY18AffX`jC$T;G{&izAJP`{+3r}^YEU^UhGJ11eQv5Hn_>Z99Un_Z9 zy}3S01NUPcN%rYMr#bB(2>uWFgG{-ryKlo(Y9h51oO?M6Q$YmF?sV@m6{oI~0pVGY};lF@1j{w+s zuf@^5{-=L4Y>rt7VA&*)!?iASOrJtO2Kb`O#a9}nz9%v1Fr&0e(!K!4a6su^53Bf( z!#aPBwM}10LvL$oA&NJXjl;Wr54|pPCTwdES!=!r)wSV$Yi(s2PcVnh^ke)VO7MMK zQj1TswK^@&of9BnSCSXfpEpA$oy@ykQ8gVpNo4cwrDL!w4neMR-op1!xAGeOq}?L| z%-oeZJNuj!Bui9=VlS{Z$69y~KTzmc%!0Wysp7JKXxVDzoT(mw`K4Y|%=sj_t#+Q*C z=a*aG>eA|$DJ*Xk0EGdNuI&0A_3Zu*&^$e=BEhShmjMZVytf06{-p1$~=Q3ulVtJ|=56UK!Kli^B_TCZRH?+8B`Zd3L%^OX)Vvw4ECj_inIjc_tCvQvRo3qzyN+XNmxY^m%rMREPAo@+{8QI8 zduux_C2j6(EiO@md1Qki9m%g*_*HhAZ-6x2E?b6RshK?Eg06iDt5PAzXNf#(qpaq_ zDcUpB2bLHcWzJ{=t#?d(4W5!ywuAOb6!FE>H%p@sd2Ts+y;azlDY0q(RN1YMg zptn`esi@^_sH083JKaZrY4(dK?exIP9h8B%XQA~bxeps^c3v;lQ&+aPmI;xF1aJzT z*c=|!PC95eex)x4>Y8n}<=Zfdcj7&*)HZACPd7=h(jt2)Kqo$xxbnxSBV0oV?$~q3+!*gtq$w_vj(= zp>YJFD2DRthX*|49@VNEjgF(mo*x%+rl}&lw~ULll1N;Rg1m;qPSiC!_S38ppHSxt zr=BZbQsWz)y6OHR@Pi5UG?ppC?eff-TzZk~SJGb=c$~>BD?3}nyQIWNYcH{@v8##c zdKbe-)AUu>waMZsEBSH8TjyYFLrn1PwwndqR+je4^O3ym%N!hx9<;Ptn9d{Th3w+F zw|L)iF`09H)rvA}p}-!1g<-H{254Y(ca)*Dp3 z)gz5Biv5}pJg^22PW0mgNWrtu_2c%3Xkw3dKXi}fTb=^&R;{gSi!AYZT3X1cAs`VZ z4s%muctXeMCYzz#E{d`|DfWUI-UU_uECGZ0*Ujr_bl(wb5o!=54;;HywqtPh&1Exq zv(j#2(r+{dnOYUSX$d8=9nL?O2D}pQ!y5Lk_knz*w2Lx4r2MF(p*00cCpmTEJFQmI z4+euh?7uW=!P*CYMR9-dhEJeMlCp(Q;@UE;jtw+sYs0T;FzPVr_K76(d0@zdV;Sx! zwt^`y<-L$L{{Xqa(-o&8*vZVdb>Q1QTwLGBJfi(mE1Zyj3Qq}W8jhXz>#apCwgqAd zY!bfN?^~!KQ|@&zELydTtTt(N0R*oclj)k`E_@TLFWMxI!7Z$n)r%GAr1MqEhUR;> z!@W~Zv9+<$;(Na-khU;(@zDOY>;5e9R+psdP{$iR$^spZ>;wdKBiD+{l*sx1KNHX5 z8<)Mhx4MQHA7l~8K`OqZ&{sjI>ai`Xn?80cw=SbOH2JzCc4dDzTWd>iwLl#$LT=B@agTFfM(8>WR{C6eeZ90(E_}vd zGC=RorDrKv)wN@b)_f)`wMegFXkxc#{rds;mj{A>D)GM;-n?4H#-C;jY05&gkZ{lJ zYd&UjR7Gtz3wa=vO96I2boQyH(8!S_jHvm6#yU`>a!G1c)pVC6b|i-5QtO+=^IQi<01f5YB%O(cpERgZqwINaWX zy+cf~TYFemNMmUU%MsX8=Q1ej4(ThQL9+y@&mT(iEm|jO-c*dI%zN++K6Gmhj%B4r zl4Bz~amYOLQQA$Lh|rbUx}P?-DD=w|ic3(opLmi9D}#~!E0CW5-|7O(Z-x_UhETY$DNXYbb4o{e<~jv zJ{@Y`4g6E8*9l&(lF^6vBrYg9yL}n_d zC!7wMpg|?7zGV!cWG)9<&Of-7hUr@*4`EuyMzqV&Nc+)ZJ@ba{GhX@do8lb5419Uv zUmt09GhAL$c$-X^&!xSzZ6e7w zUR!gFui?ngrVW0o_zv+)Y8qXmz0Q!2=2%OPu^-|3{{Z!?nxZ=66TH3ApwuETOc^;2 ztT-scxUc4~{tMgt4C%fr(RAoOQ#PCU)O!ae&}1~Qkp+Ac9Z z+O}AbM{){(#3r;SJoqpu>jCsbFSTc|{nsUj3OY#--YGGDC9 zyWGD7<2lVkfJR*lnr@}#8C0qW$id3zHIa2Bg=7$rt;snZd8n~wRlKYxX`G~o8$iY} zTT?B>+HArF+>Ci;0FY})AT=Xak57yU!bq{;@yYkBT{1~t;S5Df@ucGC7WyNSsM+Dxz*?9D4p$=iV`CAXJ>TZR2b< zI-kO!$h3<36n46VGA8JvbMu13o;ytMQM8@2RmqM=u+M#w2<6MJk~)rB7^sRt2*LaXeI(^ z%xn$;>s6peXHRphiS%J$gU!nA>(acw(mU%NO5r3zBVqC!^HSm1*-yFZ-WAhyjZPUZ zF!+tc)cSTFhMjMrp%P-9PP6jP|e8co|J*a z-|*gx2))ZyF)v7^iWm8MA2i_Ci3G;iV_|M|$No``fE) zXNB%vP>rEUts=XZ&Cv7cr@4mI&Y{ux!T#~DLhv=s>q;&|fZ548&1n^=T=X4Y{!wW( zOorol!P<$&eu}ac0oLTcG*;M>t024HqLI#yBhg%Xw)O=jYl+So>5;T>#@eKc|~p?LsL@ zflS+nKYP7xnBLhwK&S5?#c-aX5)H@!=Q->3s^?}xXqt7Z+_W-}lpZnOv@bN zsGRPZ2li&Adh;NXBA$Ao7n-J^7x!_L zEX%++>t8tENp*2_*H=rNuI<2aS<3e>nCv_&95&H4#=xw{zZL2lhNE*Ph7t)CrHmGh z4vdH8iP`f}Qu1D6ewY^T`RMeSDtWe+pr0{9ovRXS| z4qIJY_;Xl>3k8uRU-f|C#@?grTs4$;aihe}-e%%X;aenOC(!ys;nP{^z8k&!K#%Q{ z<)YfamBw?C+c~cz@dl%6($8xgh_ASu9{kWjod%(CWo|?Zle7)Jg=^{Zt^6gW0b~b^ zp7n7-FI`z0d*v(rA63>Q~Ae}?ZbU4Gv*0Epua^GU(~018sSQ)G+_4-nkm zL3bQbl$DnlJ$bG^8#ju5vz?QM!w*W5^fYatb-HN~xl}oBaky81W1`)7ipA`JU$D6y z`7{@!*xu9pHF4ot9qcX)TU5puBpeZpSD0T|+#A`%k&!mzwY{h(m$9K`;+gzAG$|x5 z$tm)i9)x3`YO#EiE3M^H3nGmTQ*s#xuVhX1Seu>TeWZxt?hx z+QHQN;@!A0&~`V-i_&*hrnS4g_Ic_JeWrvujl zqQi1#JldS_+;nZA;BnHr{U2Ei6ti6!8d5N$Jt-1e)Ai}?Z|AsO$!gdtGy00v7Piy4 z)H586=OCOP&a{lW1&$NN`ZMa9o}V-lK#;(tT{eIp-#(&?3mF?WF)&iZeCm1%zG7t( z3%hm~7dG;gmDKK5EzM%-lFO;;J0w<(A#Qgbxb7*L^4Rn%ZGO;dHt@iMaTow|oOLy? z;_nb!Y8qJ6t$-J8CPNYTX-X!j$I)fDw_yUJ%e{7!-n}uk2=sjwqPT)9nPgT~RzG(m z+Ocu5qM6`v=@UyW#Kj>=a(+-SKLJ!P?8VXsy(q00%g?nTITm!}Ym*W{q2cw$E5FmM z(#1fGA~88&rnip7ntJ{7-&-ZU<9X<)QFG~B9k!T=vCS-EEVkYc0+}vWIt@okip$F- zgpnA>Aau=f^VrP;i6jnU$-yGA<#!{T&`UEVlPiTM9eUtaMvZWq70j{{UM-~LbM&Z` zP3g$%^-qY$Q`1GQimWck0l~>*?_O~goz>mk#g&#t0FV@c_)*G@k6G|*CAFJrTBDfK zPn|*a&#!Lv7mBKF-B5-4qCzq;NuGA4oM!B)Il5S5GV{4 z2N|a{LBs3XY}Pku&`TEd!(jK#J5Ifx<5{z^zJZxsfxSmc#1B=~JS3h(H*h#|Ya ztUc?>yi2cZ7jnLi@LWY`yIolZ0Y034DVG#sTTQNM(h18>i6O!Rz%|;~+exZg%{+j_ z;12ywM51haHi>NnRw?#|iH^>_Ycl>zNo1BgbVeuTVppK{tU&Q^5ouaU)zu`qD$-?C z0m(S+Q`_kF!%Q&A2cK@Og3dFO{zX(w=4k0s$6y0MJd_@t>Ye_ivtGRNO7}4RYgA-X zv(wUR)Do*Qle=pU)za%Nr)i5E;Ku_DDgr+7sc|)ojwXBC*^$M#3c>S`GsRW5AKDi{ z-5u8myky|96_IAVQWJ8!mPB>n*LSA)qVmZ`lLdr#G2DEe}>NMx_+} z@+wI!u3KcPRpC5>4|;cd4(Cf}XtKnzOowhqC)T3z6fjSiac;RlnW-9fJTb7%-RPY3OUZ(f-M7 zrYnR;1P}IPK8nwQsJOjgmuXueVm4TF}+?^;ix>6b9adk)l{(>TvhV@-L8%6smG2@DaSbKO>>tTHjxXn zY0^b?fuEP06G^l)ht}REyj?kjLVO7}=aJ7^?KB_ktv5>5_1!=hxn%NHLjBJBhvaEF zB3b47`IhAah$Xm)k~kecwPV7X8_THM%{=Q0mf5!-mQ7M-2cc^I9k$dh=C`^-u%4=L zK^?)ak3p4m=nO1Lkgn7qXB0ME5+c>SCkDT2?{fmnGMs`}?uxJAUkY1jlV3yRM=t#Q z&N)thg!bwB(Q{iCJZ)irb89TN*5hnye7qhritP{>J?c4Gv}8%D+umq)k;^T+Be^Q7 zeQM@`;-RJ=IV1^oFaqPPD-~ly#oi{?HO)5HPKQu*fu!>#RTyu;isiNY>FnZ$&7yT@ zj1!U8fjHdH@VeSXe6Ms6$NWu>N7B8^!@8^&7edm)?-u)b-Zq{+sb0oBw>vp5{4L?> z&atS-o1KC<7!5D5{cGj<^@;VL6l!{f<(xJ)GTgDZT>RU6W`!bMGu3Pz;=GX zb}enGA^~u>4ZjB_v12sj(eCuQ)=NoAwrqnRVrdScaXKKGRHQ6UJ^d*P!!NI6xwN~B zn44x%f%~Sp?Kb}Tq-pL9PZA6Qc=}K~3v(2jqDsia&Bp`Mx#@f*eIzklEX)d=9zOA) zEOh#1joy?Xd-X9FP{Z6-hNG$Ju-RSRvXT)ts-XMS3A-E(l-gdIYO_ajK5Xqme(g2y zw7cY2+@mC`C^@6q^#xG7bK$ES!33IoGQil1VP_bfAo0B1GYX>w`TB1q+A^Y(m++|+_bebvUTEK%BNlP;e$atz6icIS{Q zZ&}u_X48d(+?T>_&$R`qSmtz{0$a#tyAT_tglsLhqY!cYtK&%oyL1t9q|o(Jdh@rWevP7E#a1R z+(|3O0sKc=B@&V5&3SdBUmNRtyP05+?AlzFPzU#F3(pZ)UdOXlWsh*eb{mQ5P|-%J z>b6#TTS4ZnoJGM6kTKh@<5jgUBTcY{;&3Evo}(-edc~2-_Gc|Fw!Vw}8GNcy1Xj z^!-`oj#qp_Ty#E%J!uUZUl%pYTiGCMw6ePSL~-0EG6paQ;l+HvKA?1)%ZT*(B!o^B zN+ZwD?s40J`BJ{NH$pAjt4Ol4um>tVc&=vp;LCDjnefDAMmmaMXz6<1m!c&1PiWV- zzbHrDfSmewuVnBy#0@{jdTya<6`iavXb72=PWB%3&UX`^@r!8?X><8-F}q+kwnxf6 z``62oStr}(MQlpsH~#=%^rqql3h4REG4JypV9m>sZcRjVY(p z^q77y-@0lR5zliXz`G#woDVP4kEUvv_~GI&3+Oj?mKKY6*Ahl9B$)D0Hcm14*E^Fs zqfG65S^G|SPUlV1d^2I;?N3g?-SZUnhNPUb+e|Ppt`}31gEw~O7p#M!E@XAddmLj zjVpU2A_fB^(;l2vM9f&cGj(sJ!F3DygunEN0;DYWNr99*^N8ac(s4 z?F+B6w%CtA-;cSi9|le{~ydy|Bz|94!ZEj=hE2z&QwYQEqiXqIQ zxnr7#O7M-wvji~Ck8wJ-0NzPF&^sL!&w(s_I~~N5S;=naB!|yjSC(BX=~LX^lrTtC za(V?FKb-_~bVeSz;+;EK5RFGtG04Oz=L6W+PvHFvKwVbF-rxsE-Xvj_2i$kfOr>GP zSf}wW{{TzyMxytI@6Bm*A_V)m_VlYdCG%=paJsw#0?~sI1D4ONWZ7jIH2po~NnKBv zq_$LJCZA({aii+mPWwN%KyFmLY}gw*(1g*i@pJ5cE|W@}X@gI=w{p>p;c=dvel^3~ zMR%%N+vyS9y`*fxL0&fEtw5eq#pKwxC)(W@4hYHj&2sj7Ua6#C!>K6S7Sall z_ekmeYPouwMh3@>ym_l!Xf0%pvfSLZCt{oceKFFx%>!P)y43XR8@q|Fa~i}9jgXk& za%!v|%_G>RuzeXPM0i@^3Hi`xA4>4c&1X|j5j=wDa^R|{?$n#GLMq~0_$yS`E^c)V zM8gfU{{XATOEIrS@aMw)GUHRSM1nc)_a<_`cOB?*TN)lm@m>v5FNk`A>&9!HI@<|q z0K$+x`eb6gm*F&j4}4J~UESF&tnC5D^Sdqwx4k=(<)PCzhIB1AQY0{w#Q9c;&Zvq5DR#+%|V6ALEQ9i@U#-D7{fY)87Lk09J4Xw;=8%7jl46n5YO&r#*;N3<`gqdG;x{sR&2R}-7rKLfq z>B%d;`M@Nve0rLhG(J>jcmr3|biG&p5+h{w4WAgazvIw z-r{oKyUOxMxvb|CSToSPBca4@XL(_j<&=-SeNQ>BdbIHOguk(MD_i%xvzgOjc!&cY zwUSmfy0*q7dRK%zJ>iXKTGO5cc$>@JBLEly>C~PLc-6(*>v6sE7%*@S#^C0(<};LT zbe;y$^t+>Z9o_0jF_lWIrbau8^xb<#(xshj^nq{Yc_2yUbLQZ3aog$bM>(G>IXU#* zIKvK`t6#xvp&Ce))MbeDs@flgbjxeyk~=Fk)G?UyK4YH$08W)^s|&jvUx_pu>;C{1 zn{N=pG}~mDe8`{)0XW(RO8O7}5nUF?Ns2up#UT;Lg1`bmQtzqKU4wK2ySbFmnFq-Lg4xtyM-OQ`D>q9`Vn zp5suFa?U>JTy*-@G#((dx%2Jq?aBl=aDR!tew8L}2RWzce`mkC)g_uHjo7gm30;$ zR4Cx*u766xQ?ar1R5z0b4+Pr-Fm(f{_pcWCy^SkGmibJrdo-S0Qts$a2ajHBmCEly zoHe(^eLB~|XqT3golX@10(0gOp7rO4;!WnaXQ<0_8Pg$d8s0X*U^;Z`L}S#xSFuaM zo-)&|eDn4>R{JN*kdeoz#d^k(q@NI48=2#hGb0eAvWn=0NN9?0hI)R7dmF`b_PHDp zB#xU^Ir?_5H`ZF-8}G8iB5e)xGWV^PhcubpY3m)8oOjZO5jzxeI3!nnZQ!5nyJquC zt*BLY9S$?o`BUZ^UCzTs@P3(WtkOibI(oO3IRu6v<382r{wdZz%+gz=2V`sIg$FtM z3b@MRIIS^!Mg6XqR`%N@MR9V2v!)F(+ruyBuWH8`F^nn;5)ke6tyh9mkH# z2n-P zVixe@8OApnsKp$!+~#~ot1aYqM@v|(WgAjZ2{{A!y|Y=GlMA6|WcJbBOymOK50;#4 zL8)!wdGx4F<Fv zl?3OS^erkaK1flWqmFEVGBJ;>TA0cFb>aJ+N5jzCcy{rv?@#YbnF@yg0B1j)ay|;v zb>9uNM)Kr49(V62KT>+r=S9b3*C+9Ir+qO-y)(3MfJ4XzN22}lkAE}MBSuXQ6w0?TqTt{9$Lt=nj~(rTs|;#kU%4o}LzjZ29$ zi#MYeBIw6wiQ`uY`yV6Ty`N6BwU17Y=rW01;Kq97cc?NgUR+!KgJK1eQOb;c)AgfKv_51^nEu|Af!mzUEtschMhl1b>Jy>k8_fzwc#Euwb-_c_3*o9J$i zMB7grJKQXa>`&!WS)>grMnNTd$ZAsGc0^_Cf=@Ix zIRg#JY<3k;rh5)cWPXodLYFp76HCduG3%Z`sKAgN8uI8 zj!Tg()r62J%re5m?zrHF$Gv9BZSqLU>J>TKTL_B9J)@Wriv)~0%nNq)6hEFh-DuZVL5&jez6xJ=SL$}U)VAA5==07qp z&Vja)dgOog=o-)rFK>e3ni8(WP~U?@H&e4e@~rs z%d2@}G9|=Bv_y_np8R^&6>j5UDvbIYPWXYYURc<|n!KvWgXTPh$6gJ6Kk(n;1+R$O zO*Y`a+rC5+WPJU&{{TI!!NuW}bvr3ldmgXi9U5;B&2KwE)2CC6WCPsSN8xQkYs;NF z?mNHqDBCTM;vSX5PF$|%M5;R|7^nv$dB#pZ{Z-(0wz6o~O<@``AuM{5 z2`ALo)?g=eco@2EodgyzNJq@j$-AC<)XNG+@N;#N-XM9%0FZO|*3sBZT>{DtKJF);eX*SKqmlSj`s86QEm{_Bp|S`aN2#hX zk~VaC5tdKmlOwNs>X$bgZG(|6ayjCejH6?i*Cdw0P?FniWWxt5-1-{l=bGl^v)cy& zPDXjjp_of^u+lX)Sk@c0PQZ{c$g3KRHdj)qMq|%hbTs3*MkNWAY(!pBGRfB2e)V^Rc6U#6{TT!bt)Zz&maek_M*cX9+Q3*1&hKF zi!-TxyLz7db*@Gz^&9!7jbW4R5t7cI?1R_xtlT>Rc3~`65yYtR!;o|DUX7>tpG?r8 z3SA_-kul|U&(v09P`T!}cQDB%%%V)(GZTd!d8{R0v(C~eW+dd$Cm!N8yqb-q(@q-Q z@^+!*L1?IP1kS zR9TDtuJ@P!0AonXW8`kzkF{s`pTjnqpV=Z}W0g-N8rn7=Esk4J(Jk!OYe*%IZ!BOC zcqXYws9kB6@THx&kwXB=4mj>=?n62&twv|kqhfH(aq^C9Hq%s-O_`-gcj0oUp1!pV z6R}GBQAu6ec>~>T;B+HC)z70lLh%EZBN(Y^+QyNQ={^*{o*Q(E=sXSAr zY8tKnpQ+gdvX&Gf!ln%0T22P3^fGOo=2v+`!EmQ*WD(D(t#~zCn_DpmV9uv1?cS%A zg@Jr*>R?CH%&b@}n@AZRwU2u>jm^nq!WKElrB|~DVkq>(b$hucQmVLLV_1GFvDK_> zglH{Yw_(|ncOKrAT!@o^k4wB=+jl5zWcqz8-TWt_y}yR7i~@5hE#`l-j9{82u+lnv z%WJEB5^L2B=WIS+Ix!XH@_46L3@n!B<~XtoKO1wNm4v0#e5cS>8s?>Up~D1)Wry&72cR(Jq4Nz8r$vONl4C zSzNYGP7Zy3l^yn(9hB+iyi+dF+;c#jOwB=`$w^g!=b-E>K1rSk#ltz+e(%y6pW8qaxeLvkl~K&VLGMQI*b)E7$;N zL?JVPJt?+#Ee@`h;I7u}Ijtg!J(?d6zOihr6kM|4W82cX`@2g`79X))I}QH;E*NK; zBRKnK;&m~_Z7-pTP~xl6++)RoRvT@GB~M` zY9>0o8pY%S{Il0msdzt5m9gg=aEt}zKp{6Qj*-s9A_Zo z+Pmm9xFNenQleb^yz*-Kz~8rNET)k`2>gZ>iLBn)#Vle**xkrIX*mJHJ*+pEGWiGh zdFfJJh^*}PvH4f?KGh_>%lazIspyYzV=*EzR1Pr5{Nl0Z)$cU<772q0bC83KP*u&# zd$hQ6%At{mL(O#B1)KuqjDR7*7^+WOf#shNF4EIjT^-<-8`fVlvC$YVP!Qhd?$j1cpQTUrsit+4Ww!3?054p%4y(pA`y9n5@xK(E(8_4_B&0cA8 zYY#k8D2=(!M+8(3#{QdOZ=+g9FAPAhBLfuVwYr|-S+wc*L~uyQBDYTBDC;xa!yIfQ zX?C7KIK@(qR@5S9Ne9R?x4vnaN+Xb#Ttfics)f& zIR;Ldrrt|s8I?qEleFipXKJ=Ob+x6$YJsj>fP?#^ss2>b(^BC27}^e%q%<>JM+*tI zZB`uzJ?h#-(cQ)%x${{@(tu|q`qSk`*EFSy?kQ}giU}rHlq8rqF%Rz_YV7aQ2sGxp zxSVm1b4u1?JOT|ubE)bO#dUS%G^H0O*VEd)uftHoX{V$OBeSUe<1xuKn`1fse%fpO zMWDBaX%r3H)p9T?njO3mUPW&rF_8{(-B06EGuv$}R_X+YYZYb3CaK+cHrgoUm5Ktt z!-@@4F`%>4FV*zMpatmgU@ZI!yUfnxbf zgX`L~C5{xc^GX3Q8@EOd*^4`ccOG23y=yt4bDM;%&E=$EZ1dbM zM+4f(w~!lX9vT!w$Sxjeo*Ls$S1-ke{;I zAUQbabv{ukSoi%M>{COxd#OaSv|EPLo@>ZFPkk!fJEO>PoGyD*G;bHw=k%H7)B{Xa zq+IPe{u;{h7Mg99B#eYY{XUhKD>k{UrC#ZZ>m|X7!XU_D*Xv7le+Hr?Hfn)0@&I@P z+O>|xaz{63qupHGGEBRHCzDrYvWnl#wUO232N(ynG7T$B#J99MdM-YF{W{bU$t9HG zZcg&Yxxni{&bBRFY*8wsqJkEmqH56%LTKckG>n0>dB6uW2&3Z96X|Hs>GsNJm*(@O zA9VTw?NIngymzz^?ZjQ%y}z8JsL?R6y6Vzg5>P8Js zrAs`rv@xS3na=~IX$f>PaXV{gok@b=kh%NEv8|mYplJj%CiwSt^sNa!VoO_HJ5Pog zg2O!6lN-76$l%uk*NJO&J<}CyRwOSyDJ5+U6K0!hx-rw8?gGk~BZ4pucxJhIWutl5 zmXIuJ&$y@^eN7G6vp2(h>X+6s>J|}@?G|tx zRJryVIPZ;;LE?!#A$g@~_PShF&oR4L^NE26X~%44zGu};I(DQZLMD)q2GiDsBCPCt z4}ooe=J}RL0ul5f9E)!Ro>bDA=-f+m!WA;>RUc^je+5DUeBgN+I(vil5JI7 zDw@_Z=w#w?J~w-tYbo#a{XShmkdKrc4c?XU_3@wn6PUG~K?SY!k_jY>JOmwp`kJxw zA8BYeXIaymS%yg6atXn~$4c&eIpXaa(nEcDcVz@{Zr>dI2N>j3OJh`zi2Olk74L}k zTa7gj_H6RAq0UF)?OUE7@WtJf2J&Pv!q1f_fW&%KaYwPH)pkM6fUoJN&?Tqdtt#KC@SNF*^lub5UzDulP~Q z#&`N{zM~V^!uFylmMk=#*yq2$HP-95@OWRs_gaLI$8^Plpbh~9{xx3A4+qpdU3ERg zQu)o~9Io8=RgH|-3ReN74ErqU{(2p{1aled{>B%+5YF5_Q(OWfyaa}nfl1$}u>ry+NU5|loyjA{!_i@8y zyF{LAVONpQ;at~?tnV!Kx6rI5mr#n_ZQmIG09ZO_ueD2p87uft#4Ih|>e++^4;jhN zY*$&~zXzvS=uyip^^@my65E*bs6JaC65u ziSI0;Xx*+6)xjykZRygpB>FEz({7(nwi8>(&cFuU{6d|mct1qEyBF|H4TSc<5{yYK z$J34|5zt+U8cl!Li&agr-b;-AAQ`~^Iz3`=qHd4Rab%6T73r2*XW%|pSO zs%gUFG;cm&3V;qr&{v^+EBJfjoij@DMyG!ic7>r0y_6%esm@6Lm1-s|$(G4)EM&bm zqVZ+RMsdMY(-q3a;M1vGeXv4zAlf$fK9r=;hiV=dj3vFMqOA%)1QUYZ)$HC8)qFLi zTU%(iVg$AhGY|uOi-Dec^sL5w(eYPWm&N*~t>K*#+fmZ=IW7Xv42*Fy1IINEpYVT4 zxAUUcCDZQJU=l?J{iOy6e&^{x9=Q~2ccIShqM0pit-Pg07|u8u#eA8n$8V+U*RrxR zB0vMi6#ndFoKPdme1CbUB)U1!W4hBrIB7z*P7i*2dskO&d#KrHR~A2OySrU~o>sOFmXG8}HepCT#avfXT-o4%6g)+Fpy~1GdR!}EV&5;EFr;K- zXs)~AuYjb3M}mDViItagZ+>KB)ce-95@)UJFiUA^V`(+Y&8SBn9Y8rAxv!OeH~526 z*Kc&4KF;dq*2dEjyeXfVfX?E6v{)3Z%l`oIp7`g-T0C9~@T}>gd1)AuML-&Tqp2t9 zUYX!u55?iF7HIXEn^4y-Boa+<((l?wVeLRRb~id=HLQ{|v- z{?oQMc8PO)aT0E2&UhW`sPNo+o}9(*M4^rb)7!O7i?ME7&kgvC#rjW%b&GlLuNapR zfs=vj?Ow<615NPnhqU-Vv*(dsTr4pnAKioAp)E*qvF6Vuw6>)!ZjtUbedQV2-iI}A zTa6_D0A}g;PCvC=<_Hg_`dj>A5+UNM8Ezmuq&v6t%KKKw!~Gr!?zJZhC%v};Eus3dExTp zQkn7r{x7X~R;Tdh3u~Apv&4@Sr0#L^5$b5M3Vn{A&rVxs5X_}pX(Ns+leO{Yxuf{r z)5H2@oD<#8AXxT{w%+EVNPO4Po|EGr0%?9Hvn}GNSsFl0Y>E}R&pD=e1L3cMbW7IK zbcrIp*Q1G9RZdtBsN#~BLkU#qaz7GpZ!}$6I5eARr@5NtZPqysK5pQ9*LEWh;k`&% z$8-I#miTDiFwt+%IX#6-cN`~k=L^jx?(SMUl993d+d2d7U4D)5;@bZJWYXNnZLn@% zF@9FZVryffF-AlU9j2i&NES6oN~n*Z{OVUawx_7wv6?5-)l?u=0~qz7ZXJ$e#7zoX z&u0ubPk*=&5;8*%%DVpmhWcvhkQp^SG)E(VRA&T#_3JrBnez2LAcVTSaU2Sk>+=;S zr?IYk#J(SYu}`TmSS|B_q-1mH`BYd(%fH$Z>3XX|#z$5p4?$fldTpkswPH*=9DJud z(i3(o>V6WuwT#6ZeCM2>;riD!G@+%)jRSf23xmUPnhEDUTS~p3RJQ`@wz2@BPk(CG ziLauZEOyN#NOq8m&*4Ey+;7A!J{vs`O}@m@$uYyD3>6-~=hCZuGty^sCHIz}W(o?i z#z;NIDHMPD;Zg2FBLRZ?jiHAumM^CXbYoP{=z9jJmsM^lBC5@nsb|y3BjPv>N zUeBTG8f~7k+Qf}K_vR4-1`zw>^PzOY?4QBY^o7bK3E;UuOs!Zk$yOM&rOu+o*S}BwF||V z&ddfD5sU!JKsCQ+vi4?*{ZE%~XPSG1X**5jCnqPaYo+k+nWbIZ&uEtt$uK12Ic4=-K2`Xu?rF^TXDwuIL5z z3njOEa*{Fw+z>(c=N0L`9r2!ns9s5DeQ<0VHAEmso&dmZzSW+jl{KFgXx7))5`uLb zP2O0Ia=X0_2Q}nc^pR?J?{E-D9?}2=)kTGlw?}kMA}HjIn(PG$&OjXh0QIY*5NX!- z6I|ZLvR<;CgR*hlQz1a{ib@26j+=5XY_1jHd06a}{{RMi5Ia}V9}YZ2s9Nc& zw`a>$Tr9HtcC6-yZ7zDX#IN zrCZxiGKah{U<0s^*18KJFuj2V!mrFm3E_nRdftpyeTi_Yv2-ID+w`kGBGYYdBeY9p zOI7LS6NNuo5m9zL9_Ie$*679=ZY5SKq#Oxj>eTI_ zv}SeD_;*jVG1*(B7BH7G7i9VRcQwdsQ`*90u`d&bar1@2Vh68UPFEXc2&1;K2)2s3 zZcYb!zZLYcMk1C;7z4Ou)R@b18MVopQ3P$f7#t3tO4E-@OUrR~>~f9?QH}svGpl#&=GH0MP0y>DU;J3ARyH$IR z6+zDf9cx)rNV`i#HpL{tWQ9i~Kux2B)BEwsGCtOB-$rkTSU*m6fkqs}>?9*xxJhT+)rSG?!!L ze~G>oX>4z8k}zdonkL8IUrPMA_|NeA*H^KhO=~BR$|Mo15*K+N{;DEL{IGt~e+nPr zmyY#~KFT|oEiN6dd0eYVTa`-rqIj~!LW3gr^sS7fnV;oKz!yTk;Pn*)K_d_#m1A9` zFn-h=@>-QP$h#D{WkN@_P35W1?17BnbCW>@Cq7h0Yq*R~&Jc9K$;bFqyJEL#o)uXT zw*(FiRAX_KSy^3XmAu{K00H-Z3LnT>*9EqA2a*kJbkk?0_zT9G$HVUy_B{~cDoHee(%pd18qb1Re}#o|wa{{n&%>YiEjR3` zVew<&EZ-Tew0W<5Q{njD8~GuN_uEExO3XROuh-hYh*>SJtqjpi48@{+8JzPe_MxpT z5sK<;cy?>2X;`5dVpsjpKmB#?9}cFzJ|xl_!%%|KRFpj1SC&sq_OBl>r*)yz8y|n` zdb(d}(8(?2EhmxzRqCK|&({^mcr#vjuC*OFw9&!{2-`SpjPPscwd!jpq4ckXb+@?F zjic%ti1|Qc$*W@CCZ0hdEh3x}dYbwywzosf#Q6-kvv7qJdnxs-Nfzb=XcbF1Ipp)2 z`bsi9nv1EYV{1LbmS);d9dUzIFJRTIZeB^)>>Q26kO#GP9F4OI;yJZHGXDT*`4?_| zMO3tc6eaQd)5l6fiWgAb5}dft10I#nL%98-W@bk`0n&qO8v1-1jNiHPOyQUW>ze8G zp{RI!P-w1JXNA~#v1b7LQzMY{6%&cp;w{LS+!P$(8tJs%LdIL4E?~R%;BFmFUpWm} z!SR)is$B@;4+&Ncm2N9DPP%mpBVdW2PQLXm+(%Vurpc&A@`o-5~h zb|SAKbCa4ZY?zkTFie*raFPbe$m>{oqP?>RKovmeioRq!n9XvhY~->a9E?+2QCE$l zS;W2bntbTRoeziZ!%c2u1(fF?t$I$$p_VIzhCeI#hkBwKxkh*sR+e$)sEK(wjc8~AOZEgL8jspkfsBuPNn11>vt2i};ha`&2q>wJ+2WN$2n zIRp>Rv?TEq_s!&Ql&T#0V>nNxH7gX07b_z~C!NU{<0G22;r&v0Zc4`*u)*ujMQa&c zlc%<8nQml_!jyCJ;Nx%BqP(<%&06rZQOf6UUPu(BARM#VJ)~xMLyY{S4yLeM!!LiT zwZ*X;jsZS`x#W%FbDE}~sA>1;8V6{Uk+>fJ07}i0YsP6NF@{C|06f!MG8Qb2X&$!2oVO z>YPTr&dS>E($*%_E;g))aC6Z~t~Te!H#19e%_L`OB>-Ncq-7W+ZABL390vKYMh&p#-osvOpC!}@cEK&f47M|mdYi^N{hgk( z40?Rl>t>mbLIFNu>_?>r)+jIfe2Z@?gohi$;AM?NsM*_F!0;6*a!1MyN@dxkbJ|aa zuWvrnaVjsB7z|EuPdx=!ztaf5Q4*Am+XFwtRD~#=ou-v*p$l}qWSJ#9e874)rD6EC z+scS}XLKd`2bu^mAhX?P9II@1XKCYsQEHOj+Ql69^UEAbg=7Z+=AvcO+_`7syM~TC zJJY=gAxIn%=xdC=mefpqy!lxpk6PuG&WqgE@W!pG+D$Am$#FbcJQm`#Wwd>=P4-{2 zq^-MlF}bLM)X$XjPY`O8+G=y9yu_lY3&%`Xr1&FMz1Qr4!;7~G!&YwI{Jfw_g0QSWuktMdD za|Oht88?Hpjtw}*<}=XjU&Wf1jdu;qD;h-2kVwr-1?9%1*B5ZJmtuD+@%mN!GcRa# z9v*owV4E(-%gV^3u@y{dSGvsCg4JbJh!Qdg2mEU@crK;Ax}2h7k+gXX$}mWHxcdeGTHmtv21P z*uewRnszJMo}r>^cM9>Zo3a#5pn=l7@8S>JE_Dk_%Si5BTlXh!NFVJQMRJ_g^6Hk> zvBsdt>^7WoYfr-(eeJ#RH&3u&XN&<+&K5nhL(ug5+p!}-6U z%N(9@w!ObkF-2zb#;}={IOD&q1g3Jf+EwnlP1XF1YWv7w211Pg0EIH=!!~w0!`#{4 zeXb-JSJ{KlUMd_76p0oC=+^g4(CneM-etHye*-x_)#pASDSdx& za~hv5j|xA8P)uHgme%bQB5}EPjB;yZO`B3N84T!>t8P+HMmKt;Ln|E>*2Ik&k}g)}?`D-Ggr&Z#WQgBT)fV-vYT8#E#W>O_Vgi_f8 zwQa8MJowCKY@B3z&@)@ax_tVbg}l*BW4MMu!4%+0$3s(idt0^8ZViU2lY=N6;~Rda zoMm7)d_uZi)PbxMVkq^_>TibpI|arZq*lu0?ss6Idy;Co`U#`VG~2t~KgD|NMhCaE z5-3So@)&o;c0O`yT9buzouc`&e}sC9%*mtDH27r@Sj7YeRe6G*1_o;%#y%9X(!51I z#5XZrmErb|0qzA_m4Y!jT~13|J9duERLbd&J!_5d_LqGX`rSJ156iJXc#lfHbZg3b zeC-vmN$%MoLVB9Wf3^6A=36L|6t)UVWv~dxQfS-{Hn-BGnp>%CqmFC1n5n_wu&Hci z@f1YBLcr~Urp~Zpix-(x}Xji(Hn991Jl+nb0y2N*{0@J6}VAR-Z(p*WXBN-$+ zNK#LysHw28(E3Nhn)Di-hnTM?+R?TER|Aj#09AGwGPo1DZ&md*EU3E_r_wDWxoe1{ z5jjw#YIot@x6`!b1f(fnTMU-H! z8>K{}ahwI`iodY#QZl$eSIr%8q}NyCJy%B7VEa{zN%HLr5q^4dX+}0Hl+WVmC5J@dCKUTN=GG~ge&BY+2@a5l<&~f zl@VLrOJ@X;qe#)OP)`d|#c2kk0Fp#jk%dUg@o1A+M8e)MS9X6I;5=)1Ug`)U2`j^t zaT(7ixuCeSmvy)p^N_@(agmL~*0uClu5B_Rg^VrAfH=)E-(#}1a}qz=6J(>(p%(B* zG}AO-yC^%clk6!O$m8`H=7#<$Bz?FfARYaxO1)0G_U`IeWG!jcK-N?6N zl37PgRcIL7TD-GQkj;`wB?_zZ4Xt zjGaeSd9H3IpJGPrN(3Kw*wP~U6F zAxKgvRAjN~Nv?nqr;oA2!f`DzzII7u@cyBTXTNoTMWK z83VW@t$FR%my3&w)x&v@kwl_jGA`Na?lA9`8@M>>U5>eV;rlHHVQ(yVmwsC0CPQTP z9QsyPGn9`WwbCqEz$Q?47RwSyKT}M*igalN0$ZFmIPXQ72UDW>es8rvZ`IN_k8tDq z*4@UPXQbYXfjjJOfSh1`C~Ct?p)6iL(llLeJ0<&LOk!Dcx8>yHt$hKf>%rd7`$1aJ zN~*xP{u9v9Um-5Bs~BRrw6vL~wRXYhh8>M~ABdArpTuc@aRs4;-3v$Xm=J9LT+`5Wdm%s)8Jj0~%c9w8zfY*7B+htL?@=z3*J)_f}KP@!zvSZb2U} zUY+X9j&{!9NJu1(*<agIQbj8yWhEKf ztbZ!lk3`lyY2j0&UwI;Ce=$lYD&4Sp_8*lE*t5=?zz0EyTHaq9`^fSe4qPHOF}AM?>pK4mZR)L^lyE zkrYP^IM3d$tHPQElxEHw@Uk-iNmI~MNEn|Md>;*vh4kjOzOo^5sOrq5e|ToTc5f0( zrA>dN+XZQYh9Hb=Jol}6QJ*o!YCapd@l0yBs*KS1dnMXNL1|W_o>=dqssE%yfC!NxhEY!tfX{A?rrtU9by}MNu!8eD9Sp4 z$Q8x-hQm?1)m9j`$rH#vZ2jL_lFV-q>2H9G2KlqMuR<%9({(#tGggi}NF!z2mvVXB zJ7XVO=Mn5$Uyg0k$?T) z8)4??u{cz?xEo$?bx=B0KM;7cUevW%XYpK{)@Bf=83ji`bKlyXz}dU;M#wFowbGYW zxp^bEg=A0lDnE3{vPoy_k`}{N4{s@8UwhVdw+!>vFIK*vCuUS4fuaw5L|z1 ztl`84JQ&6YC-eURIOofB+ho1eX4Rx(C1%(@QH1BP9VjaO49|($XV~?I8dN@f(*?wl zE(19oap*a&E`I{}_f3~axx3U8QfZ?nbh!r^`=cE&DTw-R##wv`;k#+|%Xr$}_CGE( zd}2n&9DQr%Elb0iZO!(pBih9b*J^iff4X}fdQh|x^H+>CAGP?OPd{y#i&gT`74ob* z{c6Uke03MM`wh8UOK8>^8#yk+Iq66Y{XbB))O8inQrd5|v}Q~d>)-XP zfaUyCd#u`M$*1WJ0~xMSYoj~HKI+ge`#yleXKW(je!{d09J5t zc@^!pTBN!Mhi)`hwua^yjM78jX>9b)eW)^(O;4J1&k)?NgwBzBCzrb7X-XbjC69XJ zCGggvZ)}(L@VjZ!zQmG0;W*DU3w_F#*M1?>*6gG=2?v-XR_njqS9jsR8SCfmmKxG7 z=&+wEkV4~(`_^)gVw6o;{8E;hJ?*}p(~GH5gn_@heJjDd5#T+0#ojiC9XLw@uIVRf z9H>xx)U6Gp8y|ORJ`sn(x^=ddE>dQL%XV&j%=h>0ST|k;TkDe;F+pyaV7NJEtBr*# zTE{!5d@qy1I^MbCCh{(Id!S>AU^C>#zyhn-RlghSP{ZIoR^sheU2RNo!-WNvFmgcr zs<}~t)GGZhW6e5sD~Jq;r>=-48j=R?z@ z)GkBA6nj&FxpV95S-K6x8ZNIkA#rZNF>(Fu^fii;L{yRQx^BCC`(cS#TF9eu2LZmd zjp8p7SZGOesOk)X5eQ;O3suZ#)a7)odrs6)YJ%||#GHma40=|!nW*?;FB#fuHuknB zSGgr(l~?ACM{NEzqeZ0dS@GwJ-rmt8(e3V@%2^r-nSjcVU#38>oO~(q2U_r7iFN&7 zN4IEiSb0KeM)1RLVeOhxj+QiqEj1Hgo5lV;p4#J94Hc|1i-=}KC`_bsL9b0u7-~8$ zj=EfS*Aj`7WV3mg2afdYTY^aQy+d2PwVKjP3wwD;m3JhE0f(k*+U@m6w$RP#c!Roa zRnH2?sKqi=neu;*b!}!HV$`J4rMPb~gku@{*LmO_dR<;aXvQO!#sK6{SF}FG@E?MV zx=y95%@vK+i-wH^h#A)l$zJ?dlKA^p)3o-ng5ESq1MNGG(%#@v7erN06COpdX6#lsBklx>ab~%=~kBZ*Ag}RV`<#PvkY}6yz^MnW4F9XE#r8t$IRT; zQt~rLNux(>@yB$`=G{m<4xo3hd+?)Zu|;op_G!$rIP%MZw~tUqJ*pttv~AGU@dt>}SbNE*!aIGX; z6;Poglhk9IHEu>^LDfciiJ+oG%i#eTc z^HtK3CxH>e9FSiaUs~r6j4v5Y$OhV7!2@LSYbkGWIG&^7+uPk@#{U3W)UP1AzPAeF ze_l>9E75#8ss8|Nz%8z>BZA|BgVUb%&#^qHW~Xy)3(cY1+S%U7aE3=*?dPb?YgqV8 zPnOs1nw&w{Wi|!qal!p7MLyuBU58Rn3NP9;`za-x?kXyB*{dNgp56^k>fEMSHr7sZ zdseZPfzPqVYcobt`s(5xI1(5lk;?PbR~@EmcCuOAx?7CD$XST_dFP7OPR4DGn%c(4 zWY;Sm=?3Luam9KsfNg9gyn^O-M1yH00fOH7u4yuD1C!H{UgO~359!*K zn`%09+rsUV+q$>6){8Pdq26jUvGCpRhAi%a+s%P1WBpn6&3v_I;Z1IBOHqO5TYET8 z$QhhsW$BvP8Y7vv@a@&!uO^joKJ{5o&aI8S^{;*K(#fVGY4)rnm4?z>@x@m$l-cXI z7iUbdlHJIAgBKz;1ZNy$73RJl(7a7|cO~`Ex`kNe^dXn1AB9N;En8UCt+j|PqSGXr z*#U1mJQnGKDVoN!e>R?wBqux;GioZhP5ldExVb(! z-s|(}w)ZwkWpWUS3SfyC9{BdE_GLusH7^%hL#2z>7V@~jL~QQQsO?^Db>f?iOh1_t z+wwph91g~lg^ji;*j#;{WtrD=^e4F$=?`gRC)w}V$OLJ>=Iu~o%w0>w*B3VoZDCtg z=rf)LU9z85xquBkJKZt)dF%A8APdY(y(aTj5!&BezfeE~f*aPibUzJ$VzuI27MbNh z7botV`hIm>=-DoZr1(?A{{Y$(-6hO1!wLXQt-w+4f6rR#E%e)Yk}W>o~-euSRg;7xZ!)_f|u zgfJJ>5RWU<{sa$d$?;~Zcx@-UC1KjTGKv6Sps4m>d{yF$+3#h4B4xOPEK6q`=cQfn z&49c}{McFLbCHg6J?f(y0pDJ>kEVHQfuMCzsxkMTq|>gx)>*Gri!eJ#7~|fo#!l>x z-&u!Gx-vtsm2O6OHH)rG_PCnk4!0~uGI%1BAm()2Z9++8y0~4jgS9q{W8S+xDXkgj zx@q0+B5o5M20G@kdz5#YcCeUPM1fm4U|3`irE~r}*7ZfUGU=h6axu>eD^#tZSo2>B zwCj9tHL{mLo!(lG0LQI;4WW34!@6~)wD$+dpK$?Kt9oa!rX1Rs`rfx~sLwq1+MHX` zG8G3>3F%%#cWm>`JH6?aPzmJVFSSgQ=xG-Enp!N5WAesikN{7q&1z4942)5N1A|0S zGBb>j#Uf1vY_10x?^?Fntns;;W%JSV@~Ou)Wkx9H^&5#b3+r7j)#5j@xI`Jr=g?Pj z-wtNejFM^>ZxhC=`@N?!u^zoRq;y7_D_>f};rj=s&B)}i4oI(<29?BiCG3;VUtZney6QatgPQbMk$CB3UTM#nUkrF$9Uis4c@3rCC= z>IG^-*EaJkmeKjBt}@u*ih~%-xoSyfyu4(R2Uc^C6bjz6vU^ooZW-j{lAvJY(ylQp z+SzD+$6R=>?@*daZ)8bi&oZdS;(cqV@c#gbjMO?zdth8W|{%yjBOrxqtI3WPXE=({p^W2HlH8eGZ|Nok43eN9(8Hm1$3HtOml zA&f~FRx7*Kzh(ab;F6!TuB-6>0OB-%3}<^wOKnC+yVGU3m;oD(9Z5agCj+N7C!QK380O(<8aST^^BuqMvRXY=o%l6d@Zkd zBg9&Dwa$U8+r5S8Wf;RLP)~2-Kbf!duKxgnl77j0m+YteM|ju6cDgOjmEp&|BGtxK4{>*DN7|hNmQ&6L{{XJJ>(XyS zMN_Hko*($NsEbK=+DwLDl&pg-f&8n`d@JK|cc^c;ogrwDxlWt0&OW?XiBk!wtD9)_ zZvp&Sx7Ibbv$%0ih@6wbu1;c+-3hKF-4F*DucDxM^`m0cx7MNIlH4g>qP4Xv>syGtpcT}B zIqoaI2OPIE?JaE#6F|UhWFdQC``0I^S*4Q?EXR|`+s@i$L6|Z>n&e14!g_O4@3)Z~uj!si)04?$F8Cu7hw z{X%w-M`{Xf8;?8_?Ndo07eF&R$sy0oI#Ui~Z%?*?}3OI56>nh_xbe(35GASpgLrkNh@cY|obIEafNPr9|^*+_> z`eo&|qYy`S>TrSC)@R{ppJQ1+qv+}GMOWA z>plRH3zV`c+J5B8+s6Z>9h$giasEYOF$unm)VX1;F`zLucu3vV7pjx z>?$KI1tqE4SnG3nlg8HHF5U_LD$cukFK#7;uOoqcvUa)PU}ukh)iQS^e}{EDdrMZe zxJe}P$qIXZHQQ-ZlO$5wGRZTNq9N9?l%BzJnb$l=1iF%G+N3brTtl9Nlb>4Q^=stV z%Wb$u-ErQWW!zlO*EIYtrU;~9h}+KMdzyZ?bM|S`BcJzj3>E8&+ApBFmr-=cEMUL1 zp7}Rhy9F#gE4f`eL`_IsS_pinKQEb#vX>tueK&g##=O$s zN)cNbH6&=%fB+=q)-q<$iMEAN5*Qf-cm;UsE2PttWDcyLt98e%MeJ?t)r}1wM$u-} zlJi$@HYh_B0P-6hKN{`y2GKPchK6m`5zYbGk7?~jpWVLZ8w(N z2IW9cU!`TTYA4;3*UGz1Wh;!wt#cte?1#-6$ z=|@qwxVnL_Ez!di&N68tv}QMmp7&9?Ni^8}i)D~90&}%<)AFvi4-M&lB+}l}{M^Mp zH-<+mk}G6Roeeu54TXTi93^5M*m_royqH^d|VtKq*K4+F7 zUD@S$=~o4biXijA81Lb+-msI<(LtRDhonZllu5BhM*{$g>@}F|?`(ywy}(r6k}=Af z&MwA^2bo`ZAVE32+9i#$!Ha)Ny=@F08)Ve1L#w_7nBWE-2(4~DUWc;yW5g0gq7M^Y z+L^`+5d3E#;Ma&%{OgO> z+fmn~Yn!Wwl0{s6+~%1QpJHtXOG}WjND4CKxdVkBwclv^MUu~nKyH5c`fy z(w^2fGM%IYoEqe;BhnzXn9prD+l!5){oHe${*;m)!?jB&@ARn!tTC}cxCQ>T=2~ut zCaJ1hz}sW_v-6x{wx-CLN5pZ<7O{J1w<#jT%e7Q}+UWEfq_((@5}V!BWaEmn6Vogg zOR!l|-sUJtJ|l)73jL2 zhaYs;qBW(fSVpfF+mXri6-H8*Q_QZc zZl6$i78Ao|Nd6&L6G^{od#S$QRVNtakxP`%pRteNe;P@nLvWW7&m_Ca4#$-}z^y%d zUa`88(@~KGx2pTqh~#FSht1IEuJya?%UQ^Bu zE#qyZjo&c``r?A)6Bk(3ZVVT8;7xC`O{0v72eoss-2$x4s^A~F{x!~7hS%3tSFv5% zTg4+IhuTI)b5``r+pDX|ZYEWUoRf~(Gy*+$K#nr5Zi+j)>^NNi06L2M!&+N?u4pH8 zlzhQ))OVm}9*rp9Ac&P!eYrjB((V%0do{V5C6;JF&J=M$5@(xgaZi77b#n}RJg<}u zy?fJb^vUKikqhq6JX12UG>|-ENS#lX3CA4`P_d4CX_L&6jBI*(R*prevua6g;bOT_ zA@A#1dYnzQSy%T>$@i>{4kGS5*=__eI*7KGJB>d~w$vq_8*4sVSp<1Mbbd4e>l#Lp zb#rHVq-t}n*h@*sAyd@;LcIB!3rmS2R}-R=ppJ%`0>+oBt+t^8T*lr@Dci>fn(d>s zfKFwJah`t)(kKn6A^S@zWT4OMT=&Eu3I70U>CxRsc`3Sxjq#2NP(PJET>!|?KeS}C zwGv3BmkM#xy*F3XEo|&Yo=8w*86fZtM7IOOp3dg$TJnU&l275!TvwyZpxo)UZ>YpS z(iL`XC#a||*^=m9HIBvxT|(ret8$p?eUIZ+bw3b>feZ}q8^}m3a(OwalPN>Fi4nRQ zowU~u9dZaZLWsIjK1Bu#d4Zn zw;hxg+H+48q_dB+`Hj@%fAysk{SotK2sEG=Y;X>KJ9#egTLImhc=UB8EIZ|<%pduWi9 zWgC;ONAs+uBS@`mapLp-5$#0Tz!hd(k&(d_)oD7T-W6%&EaL>XVOg^IQd*lj)!foq z#S{dW-Shfm*0lUNH<9Oyh?I?=EB^p?u^d|Hd2ft7QFW$0)xEh{t|dETWgR{1i_-PY zMCvPRsoBPxV-8PeCXu9Lar(xNx~0lBx~z9HDckb;RjEE4>lW*$UfRhN>ijw>~xGCx8I z>s?od8rhX$o$^Kj!TY9xo8BUt+efmRRA!cDQ?LRDHRXN^@KVixHmj(tax90;pC=v3 z=jlx{k+0$%Z$Z48Ydb4=r`m!vC-?|Fnt!GJd0FD`L?iNtvmGr38nKWLv(c;z0mQ~tw^~kKdEh-HkS(4Fgl1o?nxg?O> zlb_O=jEt>L6CL|PV=zL_bGTz4N^RbZ?{5sHSgAP2sP(Ii>||@{nlgQzfKpTG(xATZ z>rE_g3H{QXwtI>tA=uK6*&ss5cJYs`Nfc9FE6yU>E;!G6sKiD6S}kpSByF^tcx2R4 zKxB5{?c@IduUXoDm#bcBDF*3xDCeB~)qJ`E)j^>odRc3RLnu7wj2h!&)FF-MvrnDD zI4jORl^lgdYBI`qy^2DE%nC}7+z>~4qPoxaZOMgqFk|y%_M?=(Q9re#)F)?*7=kv! zeXDm*(csltk>%VN90GcZv{}?Yh4hO{aWT7&8?_q@E!3Y%$)8e&+fuR7qqZ@u(UYFo z7|-*d4w~N52;xs9B!KX6KT75PC}?-`S!i+E#cuY~M9nIKMapyIjz01|j}U(ifaURyX^fF#e#4l}`^e4(aYYMPD2Z>UJd1pzWo z1Pbcqnm1%v)Clu{Jt!oW?q;_zq5vZPD(9!Q((mqBNmK;va!*lNwV)d9rP@RC!opa9 z+m)izPg{3{l_n6wB#h@3pqf1cQr4{PG(zbGxF|tKYz%sjMZR87PJ2Vq)P+~77tO6{{UTOVK!Ql z+Sb-9{{Xg5u*Vc^ zQo_rL6rR5L^%RSgdmKKkt-#liNo~1g9D~=ra~C>ec#`>cYQNd-8auM>`DGw|-iMmf zGB9v5qL$agSN2iP=Jw)ZKwNPd89e?~7Qb-UkcYO2toh)9*0dB(GJE^0SVWUYm(L>< zx_`w@V#e7nbSDvBth)eo`D4di)VP{9YQf_heL`2ey>)Ara?QIRG4=fFwe{nnh2o4e zy94+W{uK@ecebXj{*aR*T?31c;S0`2E6uK26`D(LF}~0bAg>#$4HLPsrRs9(*H&6Z z;B2A71zvsmuHp|4neS1U$NiR^oyX=@`cMQKmXQdyyp|qO6p~b9it~Ff4?#4GF!KjH zv61r%Vo2}wOGkz~h@gna45;5+8+-uDrCCobJIKL8IlZ~p*7jW~BGVW#M35cW>_?@0?Vh7;s0rq^ zSY5XK{w zzSC|RMrMyYV>!kT=Ugq_=7XkRE}Z&=Rta+}VOV|Ujne zWNrEymhNpB+~IY2wJl2K;?)~+GZbCCZC>AvS3VfkG;0V_`tbA)nLLr7ZuH|3xY)gG zdv7+O1lpUW!bYQzqa+XK_}9yxH=o41o%W+?J;<}RY5c^IalDPk0<=-EQ zL`Ra*9jyWpD}l-{Pfq^;)`KZqspr}rgW=y2T{f>2GG2Klfgq5%?oZ`j-Jy6FN!L6( zsoL5?ZD3+{v~p+4KA?UyTxjDb_-SjSL3Q@2=aN^Dlnw_Rb|07LUR>6fmeSqB7*w{A zw#&H&>;uLPX6A1a=BK3Sns%6O;k~!Kxp>KRSHXz;=kc!z()?rMT^8d}xzH~X)_GB* zA1-pIwPtFddoPAQCTo@&9+9f}>eB8kIj)YstQ*dHW2imyr3iunv+Mb_nu1^i!jl46Dv>5>& zamNIEQxj*cwDQ{8z3i@cL^HXEr>EstyfI^AB(ivxc_zBKyW2A{KYJtesFsN4Bk@MN z15Rz&0}%uSQ~c}1=a){kzb?QlG3n{_sB-93PSV#^vY$+jAtD4xGm<&Sy=%uNm8$9H zL}cNP>38iIAJ(L9Ec8DHUnZ$-d8b%j#9@IIq-=tJ4|>M&cBSC`I@0njS!C62oE7rh z0Tpr7(?qDdo>Mo8yeHxh2c$YSoqMCl4bTnFH*Gx+*A=tjYgleIs|%GVijDHQ86!2M zW!%wSZhIe%+QBrR?3*ibs9!pnH!2n6bX?bxcpu^Jsd;uaEmAvcS5yB09?a@X5`BBq zQtn^0vFTd9w6_BK3& z((TsGM0j~iXOYsGrr&B3%xz|lM1~>)?i?CsO_X)ZJ3Gs#7f`FQ{^;wP+W2YU?LWhM zh2M$hj^0a*?1d!G9dXa4-lxafpABC!d#khvNB2fbx;RLvg>c&gJC2G~pW-A;AH;;8wSeX0+AxJLzC}?zILj z&Byc=tAso2~90Bu~x zyMnmj6W{RumE}5r#KiFri6PTp5OQffn2fqb=jf&f^N_iC;FiFt8n6w$)++o>e5T!HIBr!v^ov9@~% zOmJLE>gqQxI9lvHI`?+hmeNNs^9ciy)0)BVXFZQrz3|n=p}f{Fr;;f_18zBS>MI{i z*Pm0KB)5`eRhMI{WD|}#_N0s@D<13Nog&{*y0w!2<|MZPiQY5F71H>&`@*)mScod$ z-QY%`CIX&-@!y)>nV&O0P1k%I;$3R$HPNl+j@x-W@_vK!uPO0=g?v-t+Y>#bwDWId zc)43KtF_Gbmhps?vG4uSn))8f!61z$fr48q;T3y(Rx^&F z%#H0NkW5yw$oV*AAd%0de7o^E@9h2{YdUc{ z7`P;Pi^EraZQ+e?!`giBq+cbfq??fm&m`pWSIVuZT=T6jR`Cv>eSHnx<4xvB%*qGe z2eJBA<<#;^5Rx=?LU!%-sd3jsT{;_jUYntZI(sLMi&eC)|C4b80)E*;_ru_+j=|cmQh7( zepGo+)j`KoUoE$TJVoH$c`bGOb7i%F4~&U&I*Qu;4u~VsFMKt1s@laJxt?r{{_JA{ zxGSrKvyy#2H(95QfcWaZ#-yusBeB(Hx7zZQIAN9SE7c_N1;>bON09Kv8pg1I6m%a> zwTzagZCG#iMc9B`%O2In(8H@%zlSaU&8WG(ot7P^Uju@^&#Sej(^OL}N{{ zNn&|l%Z=BCBRv>btT?l69@<@2Rk?-0C&>Wwj^ek3NO3$FyaQo(s$8y~p%IDNn|V1o z%|RxG27=GL;%}9H(+(4i5PX(-yzS~p65Elg2Ov2}s zw}vhtNh69GL{Z3Jacq~#rmfkU;ga@9y%Z?M%np^DrO*zlD~ms}tV&bNz{2CNy=31^ zEYYG+t0DPF_0M|F=CDT-_KUqf<(a1}Ph5-uGhT&nDY&z@d0cF4sRz0GR>|CRS{Qna zNS9N25g3!I;B~Co66$CrX;AM9NEz)~z{KKWy}V1H6ikkC20aI%uR+nJic-G!H$Ml6xBzzjGTsWefsZ$^ttePO2Zt)$do+S|e92iCo}P7vz% zDQ0g(FtJkeNOBZ<`kI99%Zg_e<6i~sSv7yOD%nP@CP&^Nah!ij!O-H;^s7i@g~Lg!I*jI_-(r)a|96In~l%)bx9pAlNLaQPD}AuMAi* zd(@WkK$<|YkQ5$@N47;qf^kQgXihwyIn6>0_HI>kOd=w{66*8deM%j+TXIr z?H%Gz+27-5f<7l{8jI=B*j++zq*6lN+ZO=D;Cpwk^bPO_#19R8UHE_DUx_{%mMQdo zUd<=@ISDBosXaR9^{k{{E3scwi6SiMxNP9@Uo-qp@Ty%!bvKlQKfFiV)c*i>h;Csm z56w@D-Uf?YvDGx2{W9A2-r_e^NlpSuju;-szms3ukKqop@Q>miuWzYCa++=A@=XTB z1VqH-hCZH^vPKP`BF^Z*6b(9c1&^+oLee8kkobh&}1@9OdM^j$-kNK2mU`9zm#cB8I}Zr_6c!icSM8+LQ&yluEMT zgW9VLW-=94F)=5R+NGmfMYv*XVi2=B5z89w{14)NW5RwV(R@Xr+`(yoXE12wn0&D) z$tU!n^r=Yx&wt>ZzqBTk@kim`gZy)*-r2qEu*WUKML5I~sl%o^@^N3i{twmdHIK1N z9J{RU6U>bC8@q~%kvc4O7ZNNt%WgpXB!sIT%4_j+{tGqxAj$hod86}SehfnEVZAhEK zdT4c?8Z)M-^I6-?ZzQZ3PPjXWudTip{7t#hHLIOF#5dQgZb}HIBn_b8b??r2qLg(m zq>rTT<&W)GS2}&`U8JCV>`u}Lpgk)-?b3V*&R_Hg(!FX=q2|`rjD-EBR8}gX0O`jy z&`oC)R_tWBD=PHkj8~ygV}fxoV3tN!Q8VNp(y%qzrHuo-GJtxITC*GU8KX~cEKV*w z$B?%Ko_>|mP2tqOus2aiiSrfO$L1o2i%jHZ)BeQd29YOL=N; zS2?lS==RNQ8bBOmWSsOBR`j&9w5SWWImb0o+=(MFO>mAj#$$)ReQA+T7@Wr;*(o7< zdYahE$Fk^}U8_7`O|)Qg4+P?~^>|X=`^tvoZ&FS=f_*3@?V&JvA^Sg?vV6_P!Hiaz zuqNT;ln0T=F5HqSq-0*Rg2Hh&pE5Htka}=MazAW>Tj}iN2@)Z~^U}18Y(8dXYg%k@ z`CeT9d^@su#wvSFL+ogY1ceZD*S%Qziudh3{lu3yi0dNkjqo6!- zO%UXFQtK&i1Qun0C3Y(-XY;O#$5u-VcxOp6!wPp}lUl|=UAouScqhAJcZ~8Y&-E=@ zEk*^@q6D}bw~@;Vpg3u@tEt{aYld|s91~kG-T5}Hc4AW+<2y%M%3`_FcxPDCb*Pb{ zl0PRqN%cOJ$7_*Y%dE69BM3uevYt*4N|J2OmOE=}`x}cjCdx-sxzK#Wj^6a19{YWi zv8*%6Jg^K0X8D^P&*fN2Sf%D;__tGQ?MiEz<6pEf%MiG%n6A;R8Cu_T+lJXQ%8q#S zH6vnWT?bre{t?BwOQoSZOn|nXvo?|-10l(k*p?E(=V>>mS>JUqsSL5 zFjRNqy+gw@>HZtWqo@aX^Ona|9@G@s!|VPvgI%6ca|;V3at8CA;P>xVG>;hlj@@+Y z6@zx%D`SuiJDIq39dSL|y0;=fyuc5=Qz^G&=gcwe)QpTdbvUK-K~(_`0o*!Krd>+O zEA3$#u+BT00N%gxCD)M`&ACH>-!E@Zx6ymxeh|IM33sa=E%@0<7t9#Zh9( z8;JfI>~1b1g2p+3mPZ38139S}$oxxZ^T9o;T&peyNdXC}x<#ZqmaX<@GWjgOD&rs; zcLTNYNxRYX1kvrvn`X{OPAkK0p|iA+*~wVX3l-FNtSS?jf-f~>l zEta0vI-*Fc=Co{7=e-*ZqYKBHe$8Pu0|H07H5pNWN7A!&OS?O3u^q&6ys~u1u%nro zx@GNNce=Im>`9JsD9&;?$nRa3gY-)q%|}N%iCdL|Ups0378&RDHJh3>iaw5?U(wal z3-E^7$PC*7Dm_Jb--|7D&0aa|EvH9~U4n7bJrDAzb2mIjNVQ98Cevb9hT0$kNC$p% z$KWf}wC#R zs{ND9#mbK{qt0?GWqzh}X8Sx6TwJpcB$1wZ1LKuoe)cDvHKJavi-fNF0c~HLAs`UHyv64>wZt zGC~aey}0}hF0bP2n|~eH_-ft}C7kgeGjQ6;AS17}1i4)5@2&p;vdUjbf@uQ<+C6h! zmX`p#({FDB+s4tsBmCGI!k#IDjn9&a;~@TY39A;C((dZ#Om8ubv0f7y&2~^}-(;2m*5m?t zIIQI!!;GwR{v(D1CBa5ry>ahcC6spO&y~g*RGpyptj&3l{SM*@u3yZz4H+b7p%v3z z=uq3D+}gn;l5XwkK+Uw&VAAYXcigPZ7pJXNw${J2^)|5wX7%C8;Lrlc0_bP=8zwD~ z+m|@4zX)mqYumWyaplRJq6KDe%WTiq_o>`i3b z*+vM!`Kfaul(k`{+}SMBfp0XAw*=#NxULIRpHHy8iqp@GxC0n$=apHcN6m3eoAG%2+W zQcF9y!oe5}#2oYKR~Zs$_{&AR(lwi8TNhm{rsQqoR$N0P&E+me2tm1`CUr)j$6?;1lq%^J({$bCm~iu2DIBv(Em(`sgTz36UG{}@sQScqax}we`NjF0NTNY9Q$D!|C#n*?8^sP4G3G4N$<}xNt1`BB| z%c{iW^PY$BuF6aF@`6IDb|_UKb;Tw$dEbaEZRLXM?cj~3zyXg0b5QtU6xd4x#}Uh5 z9{8-JYR#A|??1F+0fX8FV8D(u+xpiX5PdBw-twEJluV$HN?9<ei_D$R%Jw z>Gw#ii>vr-?OfTm)Z}|Gr(itZ+skR>xF9m*pZ99__S`a02AyvV%W%kDn;8xCt(5*;tlSJ-jj#AfE%YBENaIhn07pHz z>sWdRh`fmjBZ`=Hlbyy4L&Pq?Vel`?guC9RRa&Pvb>AA z0OLJtIZLsxv$o`#2DJ^mpS?b6ImW_xHPpyq6F$HMPJUef01j!!SI~AJt=d~zXkzLw zA#M`^nDfWIX83>4xplk+O}uZ1_xcLn49ZCA?lmns3xu~0xtt%6^{st6-pfwYu0%|v z?=81HbcNzGs}EO;wy_=+lXRWe3OO7;nx+&z_w!k8=(IHzS>g(vDg0q)ltr9 zqhq3$*|ex0a;y^tkG~b?{{Y*TnuuGaB*%@w?d?g(X7bx<)7$Coq?sCNK533VRV4QO zE2&5uPMt-(&hw&=mlP;AR!D?_oU!LVwX5QNC3M^9Z{WSRYn|i-jf)u9 z(=;X{DnA*;4btgL6zg@vGatG|M<l^Ypcn#4NW)K!tOHtH(dj@~jJA3e63G2gE_(LS8t(sVrYZl4o7T?*7_M77OiV{3^q%6TthpzkUECOf56n57J{gP$*6VIEGDZv=`70TO5J;Sobq!e$QmEe0-E10@#V|Pluj$5g1QOn3VZaNS0 zD$cW}TU|2C0A1>sV~+Hg$7tGRfS%qhN<#!qjFHu9(yZEIPc_1UZXBvM?1mJI=IAyl zp}ezegkZ9Rv;p7gQ)r6tTrjy{NAQ8%)u@t7tN2!X%j<1i+@dJRRZucB>T9IZ{5@qp zm{{GX+Y(Q@SC$y{=~{_K#zwELok*qd5O%KBMHd8}?V!~UVe9k!)(?O=kbvoP0IYndZ zih{~sDosB_bE4YKZGQ^ABv-zNbP*srZS_YXrbIk zpLljHckPp1+zr<+BM=v!H*xx6y<+1?yttJv?rtsK)W^5U+mn;ro}YziJ03CdgTVHB zW`g>?#`(1wV%=$P5`o_zH>G^_d!lMOMvJCuage4~`IY*h7|->nZs^@3xA5)B)a+n( zXneB6ZtlF-X>+GVD!reb1M&jpxX-O-Hez`H0O9I*Kg4!6k!sf0)4ifS_m)8^A>=Mc zpfwhUrAlXM;&4KadHrfwi@MCV>jT7sYl)G*O@o^3ejYxpb0M2gM2gx8fRUg0*NlN# zOK?86vDMZV(iRD{7U4jz1@V2(lYKSZ7FUtqD$C^VjPSr7O-Sru+i1zAZ)lLZ z$%kS_PH|E;pQm13#WtY=T&j(`TxV$Y6bS2dUkP}2^HrYt7SL=%lVwHsJc~)P z)>(9h@q7kNW) zYbHu%6Ap4iZQ*TePSMjyc6+fi%_~Go?Ow=zdz#F)_)Vl}`fZeVT6}Xf zu4HVE;PH`6j&6m0PJ10PYk1|6BZwa^H7D--57xQA9DGr44_QN?czt5Kl4u+4Y~z$u z(>!sSmaYq3PZZGnSE}0Dgwf`bD5RC6Xprp=&76UwdOC)MC8<07lX7?Cnm0 zFnD2^i!zohsh_XoM=CW^N2PdTD=!VfbrrSSEzF|~P<{M#&*@%KulQTVo+j3=ZY*cL zyoctJRnG{Ze=1HUmqsnD{{Uvrn8DN6A^CR7PE48S9@HgspOAH*#S5Xi_N9@yh5rC{PJGDv#sz4iOO1_9JHu~#5<$1kF#^Sj z0|VZ$uk>lY*O(O??jYdtk6OEud8dkXnfyI}vib;G!)QfiKRILmMRI!2jOD+!7CLZf zA7Kgea%nbe8x(vusy>w>z%=WLm7C@)#DY(~dY!JRYjFgT7%k_zDo74~;KypoD}!2| zb*k%HppJVBC_=>KJCX-ck-_|Fo)^6Mg{Epts_4V*ktA$9xgrj%JxQzfW!U>4O7Se- zCh#S;wRRUzyowx3kCf*)J5-LHYX&_MJIjByGli3eEWPtfkU35(;x2%F6tx3d1~c*1q!a{{V+z zI#TKuR%#-S1(Db`HgG#ptW4&0Iw;XKZ57_){vRXHG0BiV?{n|;uZTV=cy~|IJX3#t z;rm}NPI*opjthI@sZ6N(o?rHpd3kQCPW5nHft}UtDz{H(Bxv%ww0j%ThoKc$xzdRI zA@J50wbZr!ayx&s!x?2pJ96EDHJ_zu`hCsoy1JlHaksxU9IK!-bG{+)MzyKxu-;o) z%JxdwCC)ae?^!+~(eE_*A%-wE?8({>%k`xw88|ZjlL0nPo^!@P+~s&I2X2+!_)jw zxRUADYXS)>2c~P5_-%ix>oH!K?flhO!IhVk9<`)af^kN*<@bo8)y%1=+>3D;UnmR= zgVfh~;jMo5>R98vVvHOPx!+c2C1QDeajZXxbxUaU_&$VnH z(3zf%{kZ2ugHOF!k|@4>qH@{wHJ2sIJ3t?7WRL@Q0-`Td5{=ALU0r!=F$ z=rOa5m5>}36|h+Abgd%p*GZA?^%HUv0e22T^sI<9C)6(f(JD)G06u2iWALnHxb{7- z!}^7Wi(_*P@sx^4_BP(fIT@}qQ1Nb@E}qe3iOhh4gz;F#J6LXA3=3}zTFdV7lN^$9g=7@)MWwtJ)57~><_x*;xxZbqhp*B05yDptk)W(fHuRh0m*C{#$+B}s?01Bb1ON?C+0XH=DcosZcMilF;i^Jd0yXI$f%oI zO{DK1ofDUoH}N+`_O0udaHvuiaB#f#_svu{HZT7GWx;a{a(Mxna8G>Vtx00CA{Pk+ z1dJ2F2DQIITo(zJ~*a7WNKxA%aTVquhw93F8#(&dQPQPz*?c+TYipSNspkP0f20OI6Y;O>Z~h2T`(xYdIxemICV1;!wmO<_ zz0f6jv*s^dzS!fBtqpWLBKjZEW#yYlgX9O2jy(vkGx1K3_L~cfM_-vT>OE@|>~d8; z3;4<5C4$yt8tz#mVgmIIUxOdFC&4>!6zCVzzL`D6+QROlGqty<`Z+bnKIQHKX0eJe6u%PCA9xXyiRRV(OWFCv?G(6 zV$RzQy}%&s^vS`m?a%gm@g(>94ZW=4${SI0ZMpeIA9!Qj15r^OeCYb-+DNs1 zBwR1wAcN|xD>XE|KU0!h4N@Cxoi6egu)j%AGQ2J@ay`2K70S%ymgn$E{{RJk{f%{x z*+=$-@qAiuh3;bbd#K!fr$d%C{nUa(xtDjU^vAV+LR_pC%N)TOqWkz$)}`u<>}&X9 z*7shWVufUp91s^AE-UEo3w$fo+e}Ff>~`K+>ixom57q+bk_Q< z-LkTAUP%+c(=><3*`FN(b&eKv7szJeSwlT zK4@H#p7nzqFBA(jug2~aQ!v){H*DpOOLp^IC|&?Ps{_OZWot<6qj?`CTinweR)jW| zH#0<#NRlPVKXmhhOfy_XzSiPoXu;!-^e17PR+AMnsgOJ+aq}Jr(x_kEJ+v(ZYOI@2 zUwW=?fO0xyFZQ;P<4IkPIUEY@WznV@aEZW*7A1}-lz^MUdOT6wGa`>ESSVk5^$5H@ zrU_nKqa0buIqONwTY^U!a+c7%hTV3=t;1)N&2z#hw$$a+Ai8fU@TD8JJN~tty8(Mt z(je4vI6h3cz$f^tm2Eyt7+q!TNWuOp&M3IDJD4sef(RjuNxiZF9FMJ5()2AwE^dFc zVsEqOAm{WVwluRgqOgfeeVBP}4`I@uZ=>7Y&-?X{%u|rfPR3H))w$ClvYA#e>W7{> zR9ChwsoE?{aWCEnuc7s(qDjA`Xoo6f1>_6zwtM5fOLFmA-oXn)86%&Vf*aPf@+wu%R5;dZ=1Q#BvzI)xve&j{w3ay{rL(k>+0o{o3xGC{;y$%9G>YhNo7insMH4Ow$mfw+tWqnP zp6CWv{x0IVS-HaM^RJ&eq@~7sk55BZZ7(Hjc8EwaQ@?Rj71RuwaS{>{kb{q{bXpvj zF|;=-%&w>I`qq(+#dEK7b*#LLGT{dR`_~t7;T!4hZakZJ^84XRi&qG@pPOUZNt?*eQ zh9*W(J%}|bW~w?KHFD!cfpj|TyUoQk*B>2s#tK^ch)a*k9Itz3Plhp%F~hIa%$;0rGq6r5}| zGtn!i0MFj3a4IskYWxP@Ju zAp^M_e@s?#V^KN(0EwEL-0D!++6W#5BuGKePfE?uS&=-6gHI1!WA4-gN1|wUH#%t4 zH6(J8N%I5*5_kipahk7*uL?;M1dOggC(^WxgvVIwaHJO3H)?h<0B4-BIILe5Y8JNY zjd1ufHqjP3{uQAJ>pUrar(fAeZc#1ZLA7u&MQUnVUX^JZYBnO+T$LgB9Fl!%9QzwW zCIzOKZF6jHWl*j@V&K+>iF;>rJJ?$y?=lP=a>Q0MS(m-lU?b8DdXP3Pi4Wu z{#Bzy^PaDv+OCkOyW@;)Er}4;Uk&#}1;v1VAoknJ}3h|CYj>fa( zHj1$;G!fXtEXoe#>D*VGkG4xS!x+Jf%syGc>F@f{%iLt}ORQYqT3LDfAV(X(PrL_g z_OENcvaq;<#SC$$mV+gKiM{Gr7+SrY3Ix%kq(Bb*X0>!r?2ElB<_ooFz1|E&9^B_Y zr6WFbPfS!>YuN*YRAQ%h1PbM)`xV=*oN=IDNCWu2>qrgAZl~dkX!L15$pn`Z$fS8= z<=TCXYWQQqws!D9E^Xs7D)YGW)23@%3D2?SULesgW$|=(7LY&ob4UPAPTxx1*SsyN zUcAggZ7BxmBA`b-T|xg+(A4hVp1~8&V6ea0-TOP=b8yXfD%E#Bl=f; z;mf^3;^`rAEyQ4PkO7-Idg0 z-r`%B2?_>%w|i!vD>O*p+fvk8^=__lx2Djz#dLG)_e&IV+MT%=Iqp4Zu;Pv@Q`)1lZSFGq$SnHGB-@^9k42OEgPIj-QB4gxW zYiI29mW3B~>~Y$;n~UJnqY?8E2RzVdqulLo^aVZ~I)JfHw4Ox0(~gzkqTYCKBg+po zNuA!b(MNd|vy-Fn8+wF^?vI!K`-anm{KDG!;8 z;k_W)#XZEcHOx{mWEtUe*i_fvA8lE#nXlf?IHEEY{`Lr~ceRL8N1H3jHm7Z9#yR1N zT&Z)@K9%X;VU9gOS<2}XWG+DK^r;#YMPa4`ow{FD&dY@d@gr7ZF zUEJIFvi8(NKMRoLe4rfHMXFw0TfMuagXZLbdiLhCs0`+Ab(^T}R9y+3+C^M0K?|O> z>|P*_&%{0uvC#DBrTa;lW-_b%#~9=EsZlfMIgJj+T{;H0k!L$jcDFp%h4hyoB#5O1 zO}jYurs6oup|7G(eX2zMX)(e(zZC?U_3n!W>)Qb|#1&DDf_r9^Z_u-!lg6@YwySG= zA%gW(l4I!J)l6#nwrgz2yO$gu4QUtLQjN}L`Oc^2TRZttj42>>seCu#U}ssB{EFG! z=aOohF|qCz3!z$EPP*0PQM$xm2dQqr*DI-BTH6Vth%1>%V8HaOWc4l)WSTwPHXB`E zYbyQR<8iJh#PjL~8<}h!)?x_?JJg#k&nKH(zVarGOF(;6HYo_po@G{RPvn0ie zVSNdp8N&QUzfZFTjU;A`!y|SK4_fCuA>*BASMhd_rD{5WT`jVb?`)7pHi7#7R1PlM zGwb{P8X0YjP{RaCK=8q^n@`f9wvOM260q9u#~|Xf8aWS%Q+N}> zUJy$k5Z+B?s@=psz_Gp?1F7qt)$;b8a}?+=ViOow?l~CU_)t@sYf|ymrHaOyh3qzR z7|)iO0h=CzxeW`&TFv~IruyH=kIX9(BogWU?mAFr+#b2> zn#a;SO{MA@W~F+OCD^)z!nxqY+3G(k26-F!Z&*R?1#QDDB`X9==y(h$e71gwu^+dZ^W@C@u z6Nkom9C6aJlP6cGz9hKN?`)^On*P$(2rZ1t>NAp~rhV(eEPu89Z=zUunm}jLt*#_{ zLJ1rIe(?4Astp#JoF9%nQFEy24QX$uc~`<+g~RZR+}F##Gw_w?i}bXX#@JmtT&ha4 zf(G2+kPlw;(R{4qbloxjA019h-8fj;p~RsVf}@=9J*!Uh##$D)r%xWA697WC@W*f% zsOHwh`!{lzf%WFqQuFMV?*^E%Z1YLtQV&d4zs2tc!K(O9=U!&Fw$|Z}#0^1O@@w2lbfE>KCx7cPW<{z`*|i>zdR? zeW!ww$5OahU1Pf-wpj3)=lWN7AH^T|Lo9Uf58dv#xRF(5VHv{@Utyo;Nyg^9h?MxA zZ9+Sc&eA}@ZouFVdh;(An024Cy`9*KSeWkly7AD`QP$+h@wAXN>quh^=-32vn(Acm zcZhsTsOcJrk!>UUOmDo&g19|}Q4ODLc%NC)ei(QyFZE46Tm5E25f=mm$GGF4%Dn#o z!#@&b@qMJ%vLQhXijQvJ!g}I^3w1DcyE_NgKHc*P92Zn}$UuDo`c+L!N71#Z(AyX% zkir&BE*o&{PqhWc<a&oND*zP- zx7M?Xc5LZ2?;h!%4)FGeq-Zy`Zyb@MBnSa$WIan@SIWLB(l2M4>s;{+o^GW)o@izm z^Aw&4AC+$fpeXkZHtN!QQnIJ-SB1ghYqs#r>2*J!6G)SxC^9QG2v zKZhLr)DAH`Sj#LfmzfeN&Ptq&_pKd2#+TZC%Qd=~A(l2)1A^VT_N6U{W6fo@j(t+# z!pI%pErHg)l=x|*S!wc3sOvH{y|hv8+NsO8rhO{{T&#MO+ST30`};dtEv?`oBOwBU zdV|Gz#pi|JS+u^?^{5hijoX6flazJu^CqoMe3 z!1~4al$Td6nEZwXNI}jQ>PP8Bud%t!Tl`46@dbsJk9nuq>6Y?tcw;~d;Pni9*L|g| zUt?i$Jdi>VfyXRB;8Jq4CBBH|ueF#I%>q8hkJRvL3r$a6)lxX)wHFS9%ZfGbJ?dPU zo~-$ANbqK{s(7~hPKtHWrAvpAq>ye^0PZ82`&+_ZCV_Mb{5v~Gc4kF~dZ`RK>InK& z8zQ%jya}&OpxRn!R}<;RSw>k<D*fJv@S^Gu83--s3sLht)Q&FJ9mF-(zC<)=M1+{dMB$ONo$0QF^RmfK<@=uGk9aF`6rk$#4MPRgwP^ppCIPG4i z7Nw>5a>mj`ky>N?BhwkFaJcyyyQh3dwY>8nl|-`z2_Em^KT7FzFAyppCSRIi^Ae+u zzO^3A&QWFm03P_h_fpg3vs?S9)>IMy0Ib1K1~Mz=i_bp6<+rd&F6EK=$>ScR)g&w1 zb2jHln(AUMRPEV;kGf5I2ZgljeJ0%_cp(Y>=3YUjM5Wm7HD8H3Plm11AGS+#dn_#y zCNr>}F@x=12j-)1m0eXCixwE*6IIH|NuH?&t)Sg#Hc?tK$mqYlm#zS=dq}?2VAL-! zOEX)9DHbucv)-r3+BfQLX_h)JwKStuwqG!jwN!oMoaVi5Jq>=REYO zjJq3iE16y{(rqEp@2#Y}Xtfyd#x(N9tln8H!tVAb41QR^!LGBz zz9N!KG>KXilRlXv*isdYUx=E`)t-Yblrv2P*GFzqv9}#gYs|bSX0ph_Te+EbfQrX) z&(@I-M0<~h=6G%a!AFYR`oe8~tZ@IrOb;bVdiQX!?{|M2Tl>gbH$m@tW)}yk&I^ zvBw3f?gK8~p7o5NV^S78*WxYh-Q0GMFkQ}}%#pX~ab7_U>3l@n_hgI{oYpdqhDV@i zcSa!_+@zv3{^;P=#ovhDOIaeeggTZxIt&9@nno<>JTUKakxO>2knRZXK_FFM8Qs`G z^FePu=mdph=aKGx>6%8F&S?HQpGmbgu3l(_VFuxr&TDJ_6MzYrG4pr@G1|0&ud_LA zM^%eZo=Mdhu_vPSt!+0@y3_2WifbugToQ~A4fPdIV>WXG#ag5qjmFEl;9LRno)6(& zj)~&Ck1j~BE{vO>JD75#&|;VsJVWCfc|@9ga7lCKxMZ2z?tnUDHB-az3$&7XEyK9V zpkbfHP&aOeRc+zhK{!VnqHmb-)xAEI)@w1%r0KEU+u2I?UbUL5oJsTa$E8h(l%2IJ>vs?fnJiSqlKFes0seg} z5yWEJ7BVER{48tKpQRQsJeS0l&vP#5Ov=HC0Cue(3%0hmSy3`9cq2Zwv?5$%-0yX* zYI`eL9w_GX8BAo3pq{n!)$P6eyti{k=t~|*<-IGRM#ZILq|u~?(!>~(7Y)?0?@p6@ zL?pz&Yy^;3paz+orP%wWt&Z~90k`vtb&a}5<`oB)Cz=kJBXY{-{s~#4n8eu&hEPK< ze2V)20QO-0p!`el3*z5|z9VQh@LQV;xFmOs0AxjBxqY%JrghVi{*M0u1U@Txd*ipk z-vj(&@NMP2?uV?{#Vng2ca=8Zm>+zCKA_h@tXj(IWFVFueZ^xnshw4=k@L^Q-v<4z z-Hb8rl0__@fxRp8pW|nPUi@njT*DSF!&{7~K1-kC{-2F!8647ukLBa`!uTz9@W;m& zda%>2>@C^eE2k^KZQOMAJ?rAB)qs4eq@8kk&2+`}Gn8~P%yOY20{q{tSDj^nR3bAH zaB^@lS9@%6$!bC_<9P}dWyhfFQnMqKSj#In0f6aM21yi86TB>d*I8He;mmyYYYkJlV|1!p{>)o z%Ti3rgJf4zK+!akDZ%F(O z?f(GJKrp`m2%rwPNP-J#-fL0=ADNG1j`h8*+}mDQm{RSMVz@haprnp!(rXwXk4{GMWZS5pmreXWONG7^lKO5=VoxJAiCI@jU$~bz}BU`SgCpNd`&nxXJ zgz?8g?^~LA6T&2B8vxuhTJq>)CSQ{J3)u`j1ONgzqmUNKs<7_@3x0amc-lYHwBTG z8x&=UrX$7f^x6D7;@iDCOL=U-`Fy81ARa+rYkK+#@1qjOCmLki^HA|l6bB)i+hLLHt&)^G7oC?tv>$% z!@6l}D|>r)wh9V-id+ud)Ef0Myh-A1CsDIqEp+X&NPcD~u&yTR!|dy9QGB>D@~Geu zK@Hf-xA6G7x}AK;t>M~RcW#vin-`Taw~bY>NGH;PDIH{y+recuxQ!-v8QeP>md8cX zhM7J6#n@#D=~-<_RYB7|X*mIrr`!~_XH_ic zk&|0?TAs5hNbN%yjteN{XVRUn2U#7x<*nVF!dUsUBPnge2Mv~WNf{KhyZ z9-pOGDMsFzs9R{s{hw}(IRTr$=Tk|kTYqZ2GTcW7Q-7|1D$0ABz_D|!l#(R#1EP#6 zC#`cD&Y>QlVlEuWy%?UAhbt|z9X{51W)4^?fu2WN>>`%pI3uAr?_4H@q3UiE zATzUWB~xi%VOUtWG1`ZPEG0-UAf0bzY;Xn&bgexO81#!>V(U|kN`W@QiV0=+Kdn?E zYjc&-JUJGnblRoEHKmHVk&K*h525C*d_;HqEt7bDYk5$dNaSFV&m-TZXd}r?^IQc| zb0|A=?_C}Bwe{V$o{rAwi<629QnA)p=rGS`XK=z)xGb(gJOU3)SD{?p{ec=+a}MRe z!0IRzq+rj4J>?u?*dlDIu;y_p=^jGIV% zD`}1SNl+XPdJ4s{)gy**_C*Zv@77KYxRPkCZX;0e=bh(2 zbXL{~qL+beV3=LV@`p&lI3J~L8#~Z$5F;3O6OTbzxHCwy{+kV@&Ymsp?$dj*Lmqx$ zewD~-J|EWnDS184$c;B^bjt2miNFA_0t zoqBdy77g_C+S;3l=@$MeVYN&Miyjzfu&i8*j60onx$!>AcGEN%42-fj-06Tj{`NcW%)Ulxtp*bOkbw5h>zk`cotLX24aOl#d!G#Vm7y^2JRGf-P^?!*{_%p)36us5;*S1@k zSz)$`A}{9g&T;jxpY$&fTI+7`%!bqhvj^^~o`$FfYU^chyt6Nsr{!X5T`Elue=-T~ zn4-tKFF%50;ma{&GoLX+rxHqKbXn7U@&kv#VI6;iqz)(N8n8jt>+e&V&36{JcIyudYbXg z4K4H;Ws1t;XK3=Ha~_qMvDw*upINtAosXN7yFbHH#o>!Pi_3W~yvQx1VCBYn{5#T8 z0)G;Cfvq%ayK6~G;ZD}<J*Pi&B!oDfhJVhRrq};$Pb`+BmV6%H3oikeUibefQyZ)UA7GE=hCR_R_!3Qxt%0y zM^m?O<1|M?TW4wDOG|4lIqj|@+R|avxaCKnHRj(H{BL8ST}Pl;%^Tgwcc#?K0gidA z1C#J?g_B#-H9b~I8atMWqmD-hm-<%=scD+7krkM~R+{BPhZ+0BJ%6oCqjHhIbEmGM z9CARhmMSuF`cs7S=tkc15=`iX1wA?ArDP`*blN_!E@FF$iU~pjcYhbsrFTg!rjiMx zX&8OqTHB!tI*&-M;I)mRkfp;WS%11K23Z^{1|i##gWS-K4?euoyykXbW5;p9s}U6v zA~5;TaYU`u4HiWTvTR-b2eoM2+}&vw@LVw5Bu&eX02%B0R#My!R_9QAok}aIe}5x@ z9f9Km{F$fh;4)%$VkTK~<*>oyty7k4>$Im`i&JgZ7HPanm&9#%~IT;zIOt(CK z{$rzU3oo&VDm#t~Bo2(x)GoNP1 zAJV*^!CoDR__j-;(Y?niiVksu!9M&@7h4};*m#O78z`dHWiZSDD=Si~Cbi zgxM0d%Ex4x;H@-B+gL5Fu5T|y;(49;&+zfn^sTKeu5NEk*GfLl-zic!THOKD$3K&) zu9t5K*dj6sMgTtFTJZk>7++jLs$AQ;J;b3&ZoJgWCB{}hU%k|PNvYpo*jZ}FPmgeA ziB1c8hR@Qvn-30ZHW#TMp0@G;8dc!#?^(FmzGQdy_V(()$V2_k(_{!!GF1HLG+N<9ygJZGzT%g5JH{{U@= zxxTl;s+422FI*1X3hF#D;`P*QZnWuaLPcvE9qe}PW#Es}pDPrj(DF@6+C6i`_VYd3 zv+QE9_4z$V<6SPK_tu(J(&_4ExIwoZinkLvM^nkC)HOz)c6FU1bHg#~>t3DUtxhZ3 zS?s4JS|iwC6N;`>Qaysg+|6ihbL6~-YYhG6u0O{D?isXe4Gvb*t;8fWk*;?zKc`>P zvXG?u8y*_?tKz>3T^Ogh^P=)rByu-yJqaN2D$bpA;%#SFnkltp)oq+;U^%#G& zFD4BIy2v*b9awvH;;^(yE#lKw-efY*fL}P|)pCL5pBQiFzOd8nG>bbeY86I??%fqu zNb*l4p1+-Z?6$XF9?`|-zoFb|HtQG(#z0bjQ;|!RlgvYP@s`@tN{>YF#)y{ow(FTs zmHxTMC53y}gzt3!0EiwI(C)4wg1+6t6tP@EWRT)opz707x!x8K5F{o&{e5iv(t4aw;C0aY!Wcmi0FJ)NennG1oPb%C{RHBPhc!KI{T`kkjuT6nv}bHk@u!DDEPhTSIOSar|gSxQER2gD0o zZ6jK=vx`K1Mk4-PvVoOPM*datf9)No-q_#xF2hW>n&#f6JDdDX{iKu5{Z@BuyVZ(1~PA<*w5qf;n;5y2=AbHol8t3JHCp2IjY*> zT~f*oa&>s^XTWxTjNS9^KwL{739A17)(5q-+8Kg@hWD!ahLK~ac-v3a-qvYSBv@6X zU!6d};Qk-Vtu#@=c*{e!wA7*0db$q~e=7+~W#{3|!dnyTB|TUkMU zG(R`*ww@Scr4V7tcT9~z{u*6t zk7uvx+N){lYbz}xTX z(v#Sy6V6-2z8kUe&F!s|K_kZ9MoOyZjim8jvwy1I-|6ozobi|$f@g29dc~N^Eavpj z58dpR;_l&OnMdk2MewD9Jesmo<$XLEjHC0;->gbp#9LWAghIjh|Gg3nmF zn(3KtC6T3+smLXcaK6>+p9VE6eMiNR+G_VwBLIcD+7WZtJt`$Wh}8WL(mX-nO%~;# z)io;}O4rH4KK?i7?$@4pt6s736|SeL=)PUPodGd`5Dbo-9_FI=DmOkP@u!MzwdIlq z(hyoBl#Qg150&p;OQvdCrJcbx_EKJDh}pXw`d36F(Af2Rl!sk$9-(6$n*>#8mpJK; z_2?cR@V1fR>qy3xYQUEB90Exs*1V_=vHW+ZX%_bycCU1nc20ykJB2JgYtHR8%S*u0 z_+gFQFdfSAebBkx2ZqUyiZK=oceyfH};*pk81;w6l;P#Hyn1P7U+EeZ{ro}~@Sa~Ks1bOe%&{vK4<+S}a(KT81S#K^bQPuMkxMAR19l5FIIENF?qc}g!HX7$KZ%5JUh11wh#oLY5o*i^%S!19(&;3VjGQ*xCG1w7alt9VP~Q zkn9>$j6yNgdR7R|#|7b?4&wJ))-?<5Qfukmip7C>Y%zy^0XYy;At;p=y{Ei>Fp5j=tENyL`UbHeWPkktH~s3Y>x)+sxo-~L#;IID8|Qo zd8@lD{q7TPTB7#&Ys``3o+)^J6L;su!e+p;iDYh?Q!5Pc6I*46G@TS2?!KX_K< z&Y%XF12x<*+$I!*)qv|nku_EHGoaD$yil?tI54Oz0XW4hpAJ8=;d_biJeha_TyWX+ zHH%2X$ZX$bv$IuGhX>}|IK?tE353WI834{lYQ{*YonMD8?yhZSjs<2=_z9j59cjA% z0EQ!Ld70H?X8qw)*yF81XO2X!CV0vKsCI%m%};e0ky$`>d~?rAY1l4w{u{Q22N&%+ zOB8!cAsnB;*Hz-JRxLn1{h?IJ`C`Drtv+soJYM;wmQOQ!B+PzM>S^)Mc8CM2s2#zr zV)O!NrD>&BVVoT273;c1{88K6MQ;+u>bNc4kJ6N#ft%MCS4Yd0%7!@F6mkW1+EjyA zffnlL&50NQgdL)$1_yVfX&QB_Ts^+T-1q};3cjG$uCJ=-`bC=wM0YQ=Dv&X^pXXYr zofPBT`B%r@Ik$ssdRz;0c+wC~Z~|m^{P?duw$<)lcbhaCoZ=hBp-YsigLe-a-y zLg~gw9c#1GbvPCaWD*8f8<+ut4rwK03X!qYUCX0O99D){Uiw5N#ob4#tbY*rSueE6 zV7FLSa0c8SI#%&Ucj(Sf!+#I2@2_JlmkVhbV8;LkBd;dC4*vkcmKsbq4=iOFcHlYd zpK7CMBz+3QK53KWQgY4TKD7<3isYyz)PE4^K~P$fi6)NXLmIS!j~kEO72IjpmqN@e z4!>(g1rE%We$`Qp&bo0wte^NdyY{-ew7u6qWN#g6G23Yu5jFOS_K6g_&Q4uNJPiE6 zeQWxd)GQj=XIYnQs7f&Ff-5@9Q);p5cWqdyn_0BxUxnt#NP0Bg&s+d~b^7Ril!$i{l&x?{16F%%V663mRsI%Dr2K~*jzc@e;7 zL!K1%rf}41$c@(kbUu}(GbqSoM>{&m#iJPIf4pfFd0%~8 z=hCiQ9S|PMK>{)h<2!rQu`*|Af=J~n&hO%^wL2lXe#Ye!%#HT9KPX|4EA-d?3Ag)7 z-h3JOv8U-8yWhd#{Z4Y8dOtBaAOIIQBbpkq)fdqI;JyL)>&&v#QD=aE2H%9n_n{L&L!KB7pZEAl)TE?Zmnx`ek`G9j7NhY#yZz|cXy#aoS|)_ zw$xRK^LL!E?UB-^H|Sfj<}EeWsVl~dh?TMO{cEA{)|=$qJnsY&%!GvV7dQvfwJ?;r z5bL+dv(E@q_JwQ}#|mqehRe-iaXR^=9!G9{t5qanDRw(OKG_}+7Bwl2ywyMK{{XW* z?dC9xB;aUqSbX7 zFHu#)i5moFfpa1s5!=oW+h>$U00=+>n#qSnw!4j|h5;*gIG}eh^(%{Oc8VqfK6wJU z9YfBQ=9)D=Ny3j)Kpm%pWHQ*w-b=F=7*-fK9>%*nxRdPjEWu)n2N)eq1F;RA++Sy% zZ5wyXvAE7NS+F^ZH%T3LC}u8tU{WuaO$>=HXS}j&`*0TaH6kI7f6q$vnC>*qUq-dJ zmQvTdaB@G@wK2-)8K`)FRIo2~8D~MjAaym$+xfbbv$W{Jz`?=cO zQy}+a-y`y_M@`c%n));`xtD|b$`lK%iqxLYYel#ZCG zl&)`0UqheLtzO{Bw?Wm`LZ@)YBmV%^U2VRq(8gh43Ma}vF;Z)7E^wY8c?K^e47Q4T zo&fi)3oTOmDDCdvB#IHn{=2E9Or&g(nv{ufB#^gar?qVB5{T>}iYIOdVam~C3!J1H zt;MCQBy8JPyDuiJcsotib(^c5Mj#-EkavQ)`ubLprUr(ksmZ0?J-l(Pz$BxvY~W+H zU|L<>%=5tV{{W#mz(K|-$~qMpYClxdZHo!f~gicE2l-uQ~)ZnUdob0Lyv z;2iSYR&R!GZeU=qAw!IMVzF(TMQB*E@fM{Qh_5{BiTt&}NQoF=JC60&c!O5{*S54X zApO`R1J2V|0_X6vm1YuJoz1s{ts=EY7tu>` zD(;O`e>~Br-D&!CBGD8in~7q3)`~`QMqIuyMb$LzH6dA6S$45j!BOju^`qkpYa2_X zyR?_gjOWWe$FcXS=SFPvgRI@nd2Mc%(1cbeIKwgj06DK%@ZPNOJ3N+)C_gWj;~~Da zU~_kVAJHJz9^+ZLxUh$7KG??X=crIKityb|bsDUf1*C~X{Ji6i)ty9b9gekhy=`K7 zw&l(TY*j5AT{}46E#d@?9By8D2j0CC!&>gGbz^TG!%9`3%Nx1&&0A!hM~u8D zeD+EGopA}hc(SJ_Xm5IdhLZD4(ycA^C`a27b0NnJ-SJtCM8npd^$8@#-Qo8xJ5_r- z1-ZFPc_ZFWE%dD8BSi}vI=z(M9S^snrBw%^pqCbE zM{Jg_3CeGf4hQn6xTa6Xu*l-SfenOgq<#Eb29=dNoO*`dwfNp)jy8To*ISDNfJyNMS}j!BBMu-g9AfYj6N;AfOX zLcT+PLvx$ygbmt%ZqlMg-^@z4x^g=*^FDw5p<)^j9Mslfo}BNeP*N<81f zTmJyzE`46+OQyG0^8yAqQ|bpw`hUbeBGPqzB4>M;?r-iRWZJ{#TvWJ^nVtbYmSYjy zl#r`12aJPSn%9QyuXM@d^2eNuk=XH4S2uHo(4(}}ZP!S-wo;(BPBWg^Kb3mwcw z&^4P~V7z*RiC^bA45KHE`vG4#wUqH{G1=J3Ga!&DcIrm#8deLRPHDaYST1elyhh&| zE2++MNX~1wyNWAYX(Lb^pvMO$nUzB?NU@gYL%Fu~z-rI&j2~x$(n~l&oJc&^{{UnB z=7Teeyj?$1vzZ=uS+RxN>+kK>ujr84SVIAom006<7~DstM4B4YW2w8kxi%M*>Guo3 z+QT^`BEEUQ^CowDi8oAyspB2$u2q>@2=zP1kixT=(0rhJ*RAOqMc>$>j^MIBGD{qq zV&!Ko9*L=5YM1v&V@oJ7s-vug_o?QyduScyELb;8Qf0;+N}8^so*U93)tC*kN#v*l zCw4~|{6$A$<7h5gC_#8-CvM^}b4;_-E$-lShDj$$B?BaPt{=p=m-^1D7M&b$MP@#3 zA0+!?lU)guv3pFg5h}zLl^2hj*1CwS)qn-bJ&&bk;AhOvTf`QAb+cQsWjlvK)K-3( zptRQs8pb!1#S)K1Nvo(rnqAyhsAHL#a>Y(|`&J&arrh4fhT7swc?+*8)j%UP2GBd1 zZf)6DVr&Z#QVGfFf@^@Z-KOeu-%KTFbAUl7jukJPrRtGhq>D5%{K}xFes0yw zcuQHklTf?SZzX79+)tSA@~=II(zN!3`!k@_ZXwgJE|q4E@(k^b$MFwQSj}StME5R; z8Au@asODyzwklZacNY4VOKyW0KA5hbSi7;4?DEL)sZoXEkkz`J_xvN8e~FyQbviS% z@+25h?_KS+-kG3ycSG>Tn3gFmwDQmLC zmsc0pQ>0eT0fA0;9=WdN?^DCDz3jx0#3x?$l%2|oINf8!S2xj59kQur7~RtXywdMT zSm1+heBMhiINWO~n-{dJORqgQ?T#_j1I{aNQ1N!1b$bSo3~Mx_%RojlK=!2w^#hpk zmW6#`r`pWMMTx;9jtI|c^Sv55%=S^D1%cn^$@{~a&`sNO)ML>sFD@+IQZ!X@lDuxN z;ynb&i*B5;;yiPc=~Z(QoZ2LsdrN6Lh^~kPf<0@Qy^S>Hk$`C~V!;X*mOok}qceJ= z(flcCqWGUel4hI8@eDw_tAW>!3C~_lc!!QO>y0-4{`z^Q4=MyC5Va8qPkqg5Fv>0c+y1=gz+^UXAxh0tOWM^U%}c+crq&Pnu7g;v{2 z@SUcgD@EsE0PJvc?_BqYd^&IJu5O`|&bUx|@-f)cQWUm1EjR48nr*^eOSbg@z}xqa zf2CsBteUj*yzzeNNg$s}98fPZ-1hIjIG|LG2nupAO>3@=J&MCJsaS~hG4jPUF)Sn_D={GFkz5yu<-IQ)5l=SNQmiwOYd%(7W!%rO zd#hrqS&re4r5Bd3Jj>^?MaUqI=7px_mm-qdD{`#QwSnWcTWMUzBS1jMJW(FN*~)5n z7XEy31eN8^F}AbyFABqa@yHW&Bw>LVAl92LL|C=(snMafvPYTt$`?5}HQIPj!MbjY zv)|l9zWQlQo@OzSdw(y=vST#0>t~u2@`myO&QA+iRyJ`>7>osubr~R@MIjT|TQoD1 zJQz?;0UR}ST6m|89@OTsjf@KP&}V!zKX%E?^xhx zxIO6SE0pE)O;4mfjJCwR3#;@AgzB$`hQL&PI_$dgRfqO0!?oW zl1fJ)8qO=ZZ5{rfp=ohKmoI7M>V+}CjD_^BM^c}}J{Q!rYsfVj;`5X!M?6Nj83XHE zBuUFd;>%qtT7vPXPq(<-P;yy%6N>lm4}3H5UZLSz&1%qECZ~2Bn{bCD6Ou{Cxu;-q z)bbg$&jS27*X<|QtwbhkNfr;6JSgOQS0`oSe+z0FF26mcx!)v$D3U?*Aj!)Cj(UEz zG6T;w8$S+3XCk!<>J&ejNpA1w+NhjAe2|MZsxcFO7)E+2b zQC}#jAx}BLt9~NVBDRI01TcP39a zUfSvbf_V)La}oSSNFV3kx#rEI3!Jsz#7$x?SZQ`vcJS%uLXye2WpH}aZuRFLCbELT zj-e4k9!wq|gV6TtP;8-N2gDKGTwG5j)M&7F80d4)^sYkx09w&(Y;B-hiPG`q+bc$X z;NuwmYe=9yXT^}&$)IRj;<$BE#c6FEVGME@LBSn{J*Xib58_{h z{vGfK#0?fLTH)^eGc~bS<8PEtek;`e7koYN*Mn?z2z)=RCDo+cwz`w^DLL8!tftK) z6C+XZ{-NQI8tGmlw$!h0t(rp9T1ZLq&+vpFm*-z*OW{od@4`M0@m2Pb6Y6roEye6| zfLLVU1D|YGa??_ti$mpa9eg^nhR*NA5Tjix7M2KM`JF=YL9d^*ZwzU^B)T3q@h!AA zGeK-(M450=N#j2F6yq+ahS}x5BGV&}SH7D>Rh!RH+hac|$4q-yk6vzFQ7rC~NcASk zRmUgkT>`P*>biV({sh$SwzOIKfhQb_lT+4Vn&u$V6n+&{XB_wX)J#(~=TEX*L3bi~*36}j4<{a#i}23w zYi}J~_=04bRg&1ol1MiQl#CSs{&j?z2>Qdq`iF*WzSXZ>8*7J1UI;)rb(87&*M|Ht z)ck2_d*XYTJVk46?R6&Wb8qt`W&0ldVzNe&lj?h>p{z=<$$5Aqy0&ECxW;kbynn`C zJ7{clh^(|LZ9?&Ghm|YB7(k8HvTJycn@f(=bos3``)x|zIPco%@*{3nBxIk?s5gh? z)bwphZ&GxOut=Avk^cbt!!^*11Oov6XE~eS`=Nxm%pnT__ z-RVl}16{)#x<2M4amRY=Erd4Kw-PLI#AJ-eyX(RIDcq$bb6R}*b<5sbiB;Yw5$#i+ zasL3<73TgX(C#mFxqxY{bh!4i;PTEt{ZxkJWz8bRWNl+ms2Kd+*!$N9bu<@{x>-bm zWO9y5^{A*9(B`MnbsLS)2~1GnGt37HE7x_+A5OQ@bVl&VYsrPOo1Nzyq#bekRubOD z5a?r8y^iwx>@uWL#zNtK>vTCaM^wt5sV*TB;Fk{M*w zXE0c*nG`zYa65f!qoTMe8eS;6gTdF97Eq#j>k%v(K6(24V!4~Yj@kyBpo?jWE$nj; z#X%-PkGuKRn<(7Z@T{NPkVmN@XS10^s=Ej)o_Vg!VLq{?m=iF7UWz$FS>O;J*&9d^2yS z&W~!B5;Dg7zDG>@qJS zXiR*}^{dTuP1Fya_Dg$ZW(9&b>0bBn)=v-Fh~&Ckd)sG;wh5S(Q`i&MwDy9#K1TSv z;oHq$##)A>902K44Y5aqwk~-Bsdy=*(It`xV+;xa3+sxq)cc;hs%n~C`$REFHz?$D z^#_XJbxSjDmbZ3x@;sAGw*h(s-1<;UlPPPOW!;s9#P|E`c7WJn!CzY7Et&6ZZ!FB0 z5$=$MV0g! zpetvUuS(Ky>~E)y^(KeyN_R(|jD6^X=mr;$bOUf7#1Y~>%oKzJ1oy5g(@SQx1Q|Fx zjcS=PM%At6qVieVxeaPK>0YCw!EX(-u3Ar+w_K6*q+)D;q}!`4tY>>E!i4J($zz`h_|D)U;^e%jw|cLpVHM@(dTSB-p8@pp)|8|QfytZiQ_ z=STOYJm#UIQ#|S&KKA=gx4BlH7~7O2k-od12FYcmgKH#jCBr^hfyU9_ip!9g%c0v} zYHy^$E7_SH*zMYf8-+=!>UWLd(|Ps+E?D3 z)9FqTu`-WiYRgaZeEZv*c;!S~M7#oAbn9NL;a9VVNWGT&B#L5(Y5|-v^{$8*S={n8 z@dO&h)~}=3-P_M`Y{a^S=bnI9lFQ)>Z9i7H*6+lHoRZvh!0lFOqRJL}rQEWZau{wQ zSPpU8x|@AHl@*BF$0X8Z+Q@R~{{Y$$h@R0V1+WVa{{ULleGC2(%USI$+8D36cM;&= z5ywA`WqyQn>0^_$msYl!n&1nSa>ZPaxN}~U;j8^Z)nK-saSFL2S&?uy{W{c@85T8N zQV7~{Z2QohDbL;+?_6EY-<>$#>dL(V>ZX}T2diAiWxM4$W;MlH+)b!zaKs#{i03vIS-k5siRC-n5OSb&HIp@pJB>bew<^&##~f|!MQvZ|8lI;N!ZnUI2onsyc|gY$ zhI#C|XtuO;2X*OT)MEhE8;v?EYacS>P=-k{pOpyOeL0{Em>NZmOmaI%o!Q1SQb`re ztfb7yKfCKd5SwWtxDq^Q&)Ya6vhVOBWC6Uwz;V!4l=}gzr|IbuL%wBF`2go6GscyB6p+S)d^3FP`tx?X|+g;oZA5BYWT33xe_Io#c zd)J(Jg6it}VJz}FK%sd(KMK|?o=4~B zkoNabuIUPKv4QzXt4n;cNhah0l=5>{dG%sIC&uOboRFj1nG`|g3hq&IK5TJLK1VtS z*(#_K7u(QghE!x_OsiuBfamqC&dPfgm01`mL+1~dc|B=|JII+G0ALOeT1{zVt~wU- zsLGpo;kZ3Tb(&qw*4l=Ze`%=P>9@AB32mM;!au80J0OqikNydL`%d5dZ1{Pg_-9ks z*ZXG9c;I0(m183CtO@9?#})k`cy8|M?@qRql3GL&+z;-`IOp=u<6QL-qeo?G*EZJX zIfyTuHam*=YyJui`z>i-wRh~z;~xUcq{pau+eLz1OF?ozX)>pB3=E#9-;wEFeRb5j zZp{7%yd`O>{5ANCtN16xHcXR8H`rx~vl)z|5t0r&iuz$?lE&scWr0@R`-?qo_-~Jw?3lMd{Y#@9=1Tj z8`NQj-S>ymtljFDcaIZ0<^sHud)L-ck>J)sLi=P#LPBI@)%TWDA{5TXZaW-$*L)q1 zK5L=fY0_zz_OikI&$KQweGPM3oJC@u2+%P&A6{!wMh@o@2A?ZxcJW9WHxH5cSJ3)) ziE*jv&IaaXTn>2#rO4@wY-4Hu9sbSJwGpb^%{9to#2ItAlib&wSZSBnT8jY?K%}w9 zN-c9k)%5QS+pKU%?HqIC=3+Pku=V{4=q$?y`T00tahkgsN%SzZO)_g4T-_fi$iR)? z!&{n$p$?r4Z5a;xj&_{pkq!*zrMq2HNiG5eU*Z_S$nRU44vzYnn6!~Zss}FMaX~VL zjGJv;?C++sxiP^3muzIW-r~JF&%=^xFh_fCp`hAapYH+Iwob-erwihbJ(|+SOMl!A z#daV7V;_6oxt%o;uU6hr-dH&xe_A=vtb0z4rdVFaqU96_k+z=W13%KZYnUx9udXMw zncZ832l#PMn4VN~TGY2U(HN1>9YH*`PvC2tn1$qbitsA2199p-Xk)R9;u|Yzb&bFY zARLwltzOXdpR~KY#bk?cDhC)I^vj9qT7HYB+B0mC5!p)s4uI5E@w(dQ68LZ_Y*kzKfyibSRdK?}xT|SAW zM{_v3GlYo+DKd-#k(?4S`PYkhcE;00ywvP(d6rOo zwr~JLyE*)_D`?8bW}cBAnA)wvLeT7DGnE)VwT32rn;wb@hfC$D-dKIjan9#)uVT_!5R1+wjJ?5(eXzL7c#4aUyxTKfN zSM!jwmhN&0s#ES@;&bw8w!81{m;*Q?sXTiM!ID?DnM_4Qr;(oERXK!HI~!+srWhOwwASvK|YL(`#sLJ;CwocG#?SkmMNtZ8e?57i5oJI2pJ)Ou1e#=YoJ|P z19rE2qsef%$JVfNNY==)t$2$=y71NShxH9M3yGW$v(5)9M^Jr1731Cp*AIm?=_R|5 z&bH+Ou*huj-|JSY2QAK%#d>yutj%tb6c=O}cs+6}&+hyt_7TA~yr|jgGH|s0r(;Od z?ki~E$!U^}7I66-XWG5HLDk{5j@r|5`3RsdpftIdr5hMNKhhUQF|zK@QG?pN zg3k9%kp;!z9%{c&?+Vf>^)Q^e7qu-rP}Z+>*V5;Blg(G>p&o|1KOSG$S*DX`d1q*s z@vi4+`mx7Azvq8roiLpvZN~-G3EU$QY9XRrqiu7D{{foW&jh8^qSmS z{2`mV3|sQ8=%jqsFaq%RP{Mod^M|C>9*GwS2ok#7>tjzjihzR?b5vV^5^?` z(nfS`spTVsoMVsZDg5E4IYth?)iWsV zpoonbE*=Se z$eVC?6;g5fR!Li3Hrn>Wcm>Lwjok|S)zcH$&$iUzNM0!0Ym>Auaw{rbCh5z`87~_# zV!zh9pv(@BN`WmSIXhU6c&=9FeO>%XI$Fad)=Ht(knx^!G5J+rpwc$=4-go1xbXz3 zaNLC>kVR|wN5tn)zgs(tNj$S3UsLZ`*w>f2)W@ON$#&9Nhy%0j7~==tnc|HTRnljD zE=!AW>Ttv!qu9_txa8TU^dGri6VCCy9XY^kQw^Vh&0U? zN4S<-hK}oZmWUVcWMi#(U8>Hyid;Y)k{#$%mMxxwvy{3L zlDXpk7=FrF>no(Q5)M+?rGPw#^aBC?V z`rb)}!xE*r!Q=3t%0k2Eo23E6#ODAGpx0?9hAwYlK5X7p%gQfW2q{}>`l6AiS{I&D z_#1luRLcm=S1)-aOfOIv*s;z4HAt5oPO{HeAm&6ouOxRBm#lb|5WTguOS>Gg9Vzp6 z1fBI6KB0XEh2~qRm6&CYKJT@83$DwVu2ob!HsX5Z)AoTSq1!U7hNYi~BZAnW-?bDfF*xTn$?KZ!(_$O4S|2ki zTcE7jtal)fSFxAMg4q>Wcydou?OHnIP%fJt#4(Ab3%G3^ezlV{=C+49qu<`oY*Jet z_fFU(A;JpN@b83Sw$#Pt(yWtiBnHPBJ*wf@qtZ29IBOG|Yl!~WZRPnPTkfFtuMhEE zo{8buRkT-c;i0R=$;$#735Kg?n#N!imA>B z$8c*{n8|8kTI#WX!gAL)TAZ(KDF6v1B@@)~T_l2iLtU9w?e3ur6fz%_f!dr{ z6Kk3a>agt&(p!^;=Ky_cnfnKaZ7kNuMRjYmZPPN~jDyIcRu%QJ#_RXjMtI@0yF(T+ z&p>OVvhfb5Z=;<)&Op~P5gYA1Ha%)?HjNEK!!Iqn&v>ZY z9Xr-mwj+k_-qzL!o+3{9Gs0rClIUz>MQrm-u_B}3^<&byrO@8q(dCv%r4No5_(eeF z8y59ga_-5w*WRlnCb-*Qt0*dY%NSExkwyx+@ z{HO`&eT5?V8PDoEd=~MvGRAkVc+LT@E)m^9sWj21#9(`HDMgbg*y*5}d!cUx(8skH zwn)Jhe(L52fJJEwkb@4xoyM4scxm%I(a$iIMsfu%vjpr^$L2eM#_9s+oOs(-mrl}E zUr$?`=g3|#G6%2WUNvdrORYaqj{D3$NL~}CJ@G+MLPha5?_U1UG3chw-6bI;Ez1n` z#ah$+QjtRK8VbpJySy;L7~iuTR#KOViXO60EswfCtQY ztit9dk$GshQfgQCVmONYh}|>TR~h495ZP<<%jUJPm@sTA`g>LLvDoqbBSX`*e-u8e zBnfiSN93ti#@>0zud=)ho>h!6I}a-xQE`g3F5F#P=MxBw)cv9ARb&W?{yFOu;8>7bndgIo;(ik*5n_C%Tcr7m1D<)PFC>tN$vE>k`e{{RZ!_WuA! z(yd>_GBuh;pxcg4-$Tb8{{TA9@dkvRAGWZP(QNi3ta1k@CNb580&(bf7Fv#vtZ6pZ zmbWiFOm{4O6$!>pE6Y4ftJ?T(?&jVbizz08U9w^LQ=T*WR#KJrGv(IDGvdqGwQV9x zy=cLHtf2zS&fI!e&1d62r{U=@d^@JeYheR9@+1g4ml)_h4JQ(1BbU_m6J;Eh5o!kS z35Ia_3<&9-_2jzEiPZFsQr2i0qPUF5*Bg1I7}$<;mheW0rTA?mn&(P}=HRhhOxfCl zpa#8P!Ttg8KD_han>z_LrB|95@t%XGPxAJzgzgGQ$NvBj{7E*CuId^!_LnA-QbMTs z!pbw$3fk~gnqP@;Z7nR}*>tQDM<*&ztusV==C|RiAM9I=GU=Ho+qySWK33zJ$nbB& z%^Sm-6~*<{(_d?{+_0B>g2Ey@_s41*u`->uIe!y)bK#z!uH4?*X|cg};R{G446H!s z1Ghcuis;d5$sO#+5pK#7dC2eiR&tj^H!GSiX9k)rBE8gLOIb?@!ya4nt-lQ3_>6SnT*Wc2xlvzsVgKF_ExnpP{ns^o2gD2bv)c$q9uUavR=KD@ovJ9XN zfR@koti;*qe-8A?=Cac5b%>< zw#8%TFCO?sFZ_3TVJ^96Ah4WEaUSp*Nh>eJQfgDGK@5UBR2aY?c=k17lnwwb)H6Vt zNn05wrg2wv+f5$-09THEMcO-n)6OU7=tO0OS+avzXE;YI>ZDr(Rj<@;$hA0z=y)kPTVUyhU+m zYaO6i3_-IiNH;NGMJJ_ZY@^WkpAUGl)@=rRdu=_1jLJg;#!s*5SRNzSEMWT-7WTp& zJr^EVT%2O6CY-uzb9T|R_CoqANfBA{2^6)|_*tAznD>wUjp+mWGiRAwP z+d7uBtX%6}E7mUc4NBlBea-T&1~7xtyKN)FJ|4WbfosHrt&a+VQ zgq|AHpwVpMoh|ZM7}M__m~TqrE;W67RGQts-6g%5ERrwxl-4)bLn%w4XH&4ztSl}3 z_CSDb8%QMM+PVEBNP|+pwXuccx3_293!Rt)o=sF`+=5?-T0&`_8Ps)=W@ojDPnh_~ zOn1$8-?Hb3bdM0C>TLLP#PT$aC9T|&TcZ)*=N|Rdc#mF!>q5Ai zTeA}@jG!EW&osGNv{B*EYN->5O#XZ4IX&y1)?ZP))L|EnRuJ2PUMkdVRHNAR-wZ_r zq84c+l~jy=9<}c}P2sk)h8@AXj2vQ_nab+=g!;AX2_0H2ZAHd89+irkCA3~{r!<3N zkP7CtgXjhxx31gUG$TZXW`xMAf^&hNYWJT3X%~hx-IZjv}InhFMl2CgqTDIO;3T{7b9qwz>k}Y3&GkcSfqXUx7r*V0Wa z>-XCv;8#=N-7a4}W=BZkQV+XSw_|hC^<4rBtIHXbvqKlmMn3R8YnQpTh%Ab+D*WfC zVO;W+jiOS43f)H?yE3ldm=315OtadU&eF_!dWs^-Bh>Y~xS)m^t{Pi*ZWN5|HM!xv zcSs36wy7k4YYUi$Fgo=$(H3VZhOu!9!qdXI+7Cg&rSP|jA=7Nr?Nj;khB7d3LUW35 z$jtUwJWZpnk~Ldn z_INiSEtv-c9jk~s#--w0xgot|veIqXM+89Qa*i`rCo{O8z_&VXmb$bLBv3gEmvMui zL0omtsxMmCMARU+m2G4!7^vud=xjOBdhW{J^GW{zM3x0ha6+IRbLm^&AMhGjXwRxo zBHmt>Ew^tQJt#A5f%P`D6E_mN2yS~H}a{MZMM z#<1*f)n=M|$r#Bl1Lckz9R@2iB(yh@_9=|Yk*AVzjyhGiHE68oifEI~WjqEPepCp^ z)SyjcQh>`dZVkCY3;=$WxVAR2!l^2}^5b3vqK(VR}V;rlzAS?(Tr;k*Qh(2taX z>TAyQ*b_~{ZVC*70R?a6fku0kNKX)}6nIZ0(Dsx=A7BcpQRj7L1nW zW#zQGz0$`ZUZC;ZXP~aj`#K#m)5yAo5q6hSRAlkTG?}z~k2kT^W1mqF!sWhhMmg(V z(FLpO5Zgy*6iY7Lwg=7itmO4H_GgxOmd^G)UvoPmsM^^aSD##5nXV*;=HZqga1Jsv zRTe{59}3O##RSUnsXQJx3e&cg}gDXyy7c)O|muvNbS&lD!rJ}JITJ$9k{c5vvO3NHb@M8O=H|n znnkg=ni%B(a;@o4*@41E;(*st$!}<6SAC!mF?-Hx>{O%R%9oraBYw@zIjFCflNF<(>sJcTr^ z_A{GAM+J+v2?rG#obpDVrFo*>HQZJgF_w*rI4go5zCC+amFjwZ?AN6tX`gY%-J?8q zskoz|^yHSR`_N9%Fl^-WQtnT(%@f;;naCR$oE2btis&~|Mtcd|r|(J};Nq`aMI=&! zvJL4%gY@>VJJfVRG}qSNQBbO6jgR!M zbDp9;A^6$g5qCVA)DT3r@&J=~*&r$hIXLOZO6QHbIypg?0I@6FR`J~Bt1g8I zHp%b8`-Y2;#VwSsFsDxC%NgNn@9GW-dVowJB_L(|rbQ zDDNbpw&x>{N|B>!l4%4VDZ$=PYK!P}r*Z|dnk+jV!G=K|m9GWKk|Q4gspmeF`W-ac z_Sft^`$gY;0{FwE-|ADzb>Yog;v0F#o3*WR_goH`9<}}2{?FeOH18N`9vju8)!f)> zR>|hR{oY*I9e%k7^Q@;6p!>EM(V+l1os?}SJ!$b>HI6Tm-aDz_2joA;83Zu=i50LF6V zz^l{`f9GE@QZ{!+tsTQ%nG!}b1a~`R;-l5=A(GDAqzN3brgss7?dnhEUXBv4Ev#iy zo%b>PH>|OcD==tjO%aO)aBiw{!^dhvEPhjgY zxMje`-om{oy$>>7j;Bht`zlWUXhmQM$m(m9yE=ro;uT~?X9uP@tL7z0>#a2VKejF1;OWx`&LGV_O^EtTmc-R z+knQJZ3T}{wzON9kajRZen#@SwQMp@pYP{(q4h?nWH7cFkvXYo}bz9FAs0f-9LEHo0x4wU63m z)S4|pGEzO6$G&UZei-V%@hP!^u2SY8yAL@hj`T}IJ01MGR-ErW(;_r`O9f-;)YpK2 zpxkRW(b@p8p+7qGJoL}4VJT`{R+eW+73{Wte#UopLb%TYxB&*KX*yh9IE|Y*MQzKB z)|BK#;)&srukPcD6g!xl^cbwB)-EB{CbO0wEdj!j-ntRbC1zi`jyBmW#G)SF^*mCW zbPE%Z-H)XJosOc;?n{{v$siAmZau|l!EtkM<~DN|O3p~NKIcEJ-1#i>M7ak9jMole zo>--Ohh{^T8U9r&Bj!Z@9(&8#4Z6a_fLN|MQC-4ZwUTToS#yT=6{?Mlnd)8`)-C?a z8(SUhgBu^_{A-W#SbCY4-w9#n61jWMqDa^Q(^HIQt~g^vm&Px60RSxCNNu zi1ex+Ced$Yk#1ET#s?)&Pioktu1%$1&*9rtWw%+~M&Z15`qh)D!LLm$(|J+lf%y*$ z?O9BGr?q@J(<~Bj(?HTqpO*)&Dz}Yn{?Vz)D-=jnfSZpso0Wwme9z)*xz|y+vpP?ygtN+5ikQRpG{;ZRCVaib&2egG{)~ zxkA$IKG7%IBZ$OX3zOEgM3YBrIfyuf=aI;usYJ=ruFaj?ayXHsR_X^M>0JfhvkW%^ z;_NYx2X0R}#U|`$ZESQN64vc*{?QxUGdp~taq{5RZFThZm2Jvwom)8drMQy5g*Y`s zZyc8HtYg}FP)YnNL3CSVYi)D(hs)&St}|1}YNOob-@}mJ>o`fvN?ZV0@Hq4xtI(&@ z{{XYr9X)O~LZD=?PkOYAG(10f1bVoJ-b9v8hbPjhd_{e3?_Y}IT{=G`02qRDybj-; zHe63J@h6I{Y;WysQqoBLzyoYjRZctoYq#*miv-X~cF{H5?lKpkQR`S59!28|xGr_Z zvq)j{V>!x!^7S36+%a5e_BNMy^N3-XZI34#`J`tz(5HONwzEB~sj&v)GmL}jT-}d} zB!cC<<=(2_D91tQYPlKA<*CzngTzs4Zxq&cP}#!ChX^{KTI8UfIVV>UD}j)6@7kM< zjU(iAc8?TWJfs7;1GRL1M3?B&7|4VHj1HA3+mk?#Ow}#cHQMcM)p@HkxwHr+jHIWb z+t#*>Y)2zB>@-`;v1@TQ#e}iSvgdIB064A4JQa0f?Qu1no>6S0V}d=YiPO2xc&f#% zZR~owdk94a-kWuoS%AwatftPYa_)K-f#Ow)(%VjuC}mu@4fkuUTfI9`wYoDMvWU*Y z2;`6QYn0UauKjLe*JVJCZFus=dy`wfGw_4x+FgdDdhslC6?I|Pnng!*&#ohfOuI&s z<)?2fZDl9q2b@UG+fSv>3rV?A2;5IVJCj`~<(8*h zZ2V7oXfO20u3E$>kh%;gPMNMtQPj?-<=Wf{CAvr1m+CuGE-`0a4}j*kx3Sb_c2y1? zvB3-1pKA8q4_>wK&8}|Dk=aN$FF$zpsFbX9#>S<$k5XMh7AtU2Fv90K6|bva-fCd| ziM*Jc*z4P9>of})1O49W$8Eq}D9_TI|m*$Lv)lX`f6UCphA=<=q-{6#QEpnwmplZ6d`Q zNuA+&Vd?a&8T=QhO8{$T^PVyc+j}N?G~*Jkk5abNbn87L53?+BBBlzd`GEtyc`m&) zN&_^EvoRxS^s6#4EK~y53|JL89`(>QtAM$p_Ha9=0zSXS0>@^Zfjm&J<1s6Rd~ST{hH&2+Q&JK zQ!ku@j|@ z?CrHU))Nyc3^>Dft&CbM+1e{feS33!k;2$9#>0Vu&{tLAJvn~dbs-Y%3yiShg5Y!h zB}*+=TYE??W41(Wl7j)ku8zk<(KP=6K5KV)$^*2XN#miXb3&D-pqsqqQXh79s(ifp7Qfv)9$B|>7;^8v}kY?9E_1!Ihw{O zy{cMSUS6se^Q})sZuEa=>3VjUBe#f0GPVFGjkxVk+6qxawA&T=RH59&9D3JDZv@eB zqiTxL7)kUvX|8qqZxRR<=ZeZe4nt%fykj3q_N^kx0WuP z_(tx}$1SNtda~*0it1wn49BScRJoB#2cW*EES7fgz*&eTPak(QXnI_~X+^!fg`J#` z`RFrJ<~0MV@i^0N>{`n1NX&dL8>3>rf7ET|i&CB&3!q~M183c+EY-Ksr)X!qcWE|( z)|XDXv5N5`ibPA6$lITo){&8%&elCH39bdiD24jBa-essHdj{Gnvd^{Zkw@&Jw;g- zIPV{7_x8HBlr%PiOKgv{KO|#42fz4Nrsy^|x7PO8yOU$}$2F9SiaF06TP3CJ5iC+2 z(T2+omFIVwYsiqjw5T~5}-ucvA&;T*Gp~_%p?W_xc>kmuElRWwo8)XpPolr z$;#%bS!hM4_-5f9+DOQWUn2)K-N37DYXI{DF*pM}ifRDlWNKa@v(q)Wbc>`vXb4^X z6#5_Y*w>7B{zUO7i(%FLmlCK6v@r>{Blt%hg=&o1>Y`0Kw3}N<2-vvY#t0-}isLn% zDg5X;AynXu@ZRQ{SJ06(%^u-z;xOh1R7Ex}Kvil>`W6ZQm{ds4JM_wOw6y-oBeF%WAEJAaK80!25HU z(pkV}Vmb;zEzOnIM8WN2Vj0(_II0$!O~u92MQ?2_!oFMO8K8+ShRxrGm-{|R;fQ%^ zR66%>!|<$$yk|5KojzD3w}v;!X7t4|C9RJC09Luvt~3h+b7rxuWiAVj3t)l?_Ts7Q zdY+f!e-3K4ntMi?q9Qacvp67h&*Xm!8Z9C}251&Ke}=8@wGS?RYFxy}c> z8EE5O+tr3LaoVuFN2U3f7V}P#ZqLidB+xq@BsvQ{v@EE1g)G_hsy3Pq_gmL^)dO%l zpLzs)9)+f8nxr-mU)n`mEf-o==#2!;td|j>|&My8QmuAIN;;j zm>zE?vpg}}MI7(;Hyd&NYtQs1(>yVGdvj-R9LoE{?it;?J%2Mm9Ncp0+LiM@2IXRK z2i@kqGewI=5k{7=C}d(?!0KrX(D9wL`i_wLQ%NjWGLY)2!xaD!e;V=qD_p$O+4Q@J zOU#N1#~41e50tSgy!pM2b~6%sde+^uCAOZj-MdIx{$FYn6NwM@gWJo6gb?^;W7U3@ zm47|m+RyfTfdruLEX$guD;e?~e}SYoH)y(wpC@VD7peCZYsEe}(7Y`*q%ztzp(mI; z*wo`<_9W*$t3@HIXO`Q1K$lSQHO#i~h%IF05i|0SOx7of*7EOE8iWE;cjL+qKvh1! zN}{ZC_jec8cWEG*k}MF*o(*WGrV%4E!rL71XlPDWIvpY#2$D;w5XkO9Q=S%?b*;*e zI+(-4-zoq))-qa+Go5`B>hap;7v@u(75lX%yt=ANkVgjKi~&|0x6*}fr7q{I>pGsJ z;cpJ2E}y*2RLuDKq4fF=Ym0+b*LC?VE+kAeL{@wdkR95(C6oA*5S}b=?FUu9xJKPk_eJ`SZ|s8^~DAy`5?^k z#gnm5B=@Dbu!aQtbnBH<-0(#(Id2enV&7Y_xwy84Sg$du$KF1lt$eTI811Yjb-1@l zE)Xz8+l{B*f}-rtBGYef{@QI#szGY)!s7?8Cb~T@LDY3Wwk@O%?jK-4PUiX!w48bx z^CQ^)9cc2VqiSxMkyWzMft&%?BlD|XCS`}lPA#WvjX7APU>pwopVG4SY(+)Lk^xH)Gof$aNlQkE#?!F5BPMbE;6voSBpxxxSAud%0MlX zf_ofSf8k#j>)LFlDRl_ue>ZeT7%IM$8ZRT!?)*(W5leR*MsG22Lw7Z);mbQan|W?E zD_Bw)uo$oepw3MLGIbgJKWRRoww5rNLY0i*0^a8pM_eBC6DQaKfpp7@ zo14pf8H9p0iblb4>IHb-wHBiv+QM8(aR}T-M+?tRC^2Qv3wWx>OP@`#)gYQgl!%<6 z0RA72E7>CO^cvh~@tG}cw-=4G%KQ8ErYoH9#2*0Ym&VUbT|#Tch9q+)-K0J_{{Z#Z zpm;08T78ayj21gvl^cFj_l7zTYDS8B9RwE9T3^by5?jZ$Hl5A49A>=l$692N!6%3= z%rR-Ir)E!Ir{zHT&NslmDz%4Lnn^5U5UQ0{W56e&A4=BN{1xF{dr({3gbo;qCBWg2 z`$N4Du(Qdk&vE46 zdH!-UWce-Bt`Da)3dhji2=SkYyim7^H0n~+05))6@ULUg{7a|m@yBC6r)~C#!C4eG ze3R}y=}Bo}@-hqQ?V9QvShust3aev+-M^(_Yn~~)_;8kOeI3obj>0I)e5KERe>#|} zXvfIUANa$4bMd3a+HK~T>8EKnmT_B!Tn2JEY`53Fb>9Yl9_qdc@dP@isT>!c9l1Mz zGJf<(pboyBD$7vP$6N6?QW0Lg-M!gWU_@!R1KU30zHZTP{6`hl+>5E)NY9k{+?}F; z<>(jQ5V%=CwJ!A=yM-srA&DV=mDu=eQ`PmC9v;)91r|1SZZdx#prp`pBh5TzWv($@ z_j264F2EdezQBGopA394sNY>nI$2x`waTlwCCKmiR!$|KT+$#Tc2 z{{T6z;_t;i70{u!pT!r@X|{bM%H+EafDfpwTy-K)JG-BVT2`rHq+P@BjoeB( zAMFv|ypHQqx4ef`yVU2kdq}ssuspY10iJVOBtwHdr9Ly;Yufgip!j!AWVZV_`$IYT zLxYT9_pXD(e;2h64C^|yx+1VBq#Ox>hYkBg<{HO*_UOD%8AivP_zd z)TZL=Yn_FO#~y%JXL&8Pj{A9|M}ARDo(H`#*&boytC6ExJ=8JA?BuGrmiuzl`GdrYPKI(C~v(%c+ z$(3W(ZM7$TBJS>MsNoU($9rQV&SZf-m_ZnTwr(7cxilTbTsWY-pDH0j!0X{K7d2|9ER;0%5>&uaSqoRGYw z2b&o?obW!B#MeRBo;7Vx!0PFo!f zPR3GJGh*<>TBYrZPO&-(cSa{%1taVJd9N4o+uZ*E!b_>?a$4C%Zxa{@fE+gqe>D;^g;KRWs|L5A-}wYqDCSoqtP{vJC}(Xu?RQt?=AQsOD><_NBHmEeKg z8tZMmMd3;Gd+9ApEWTOt(U=m_59!vj| z2Z<&n*C+ry1K$+X45zs3?O#!E4(fUh-lrAx_fAyXvS2KIv-wx4{50@xmEl_pd&sO} zi&3~jtmts7p5I!Ax*4=ftxI(9OD>q{A|p0(a55{#t~^<&wd8j9QRX5~2en5cDx7sW zuNC-{SJFK7)7~`G>!dm zN0A$-Dtc7S;tg+ERkpdlxOE^F-PGc*l@|0Z*u^5v8Ac(qj%(0X8$g~-%9-wRFhSr7 z$c|=upMf+OH7gs-0||y#R!GTgWc_}Xdsh2@gLJ9v?}EPJwRy<^dK1k}nBxncFCUEF z)z~5(>PF4Yo@(0o&hq9tV!D4WIYC8Mt2XvV@565o-aPjYc9FHd^W>E|9q^* z49^U|XY(uqf*L&JA52r`WH=J9#WAm6L#5nl5-qHGEi1MGZpRhPc&kKz5!~6!V``Db z{;zm$NzYUHiqSrej*+I%Znu+0K>0SYVE+J9UQ?%Q8l{3q4y6zz5>Zbp z^``6`s`e~sHk!AIyio>`Zp#~8N+SmtUV9q#KM?p=Oz=h3rjoa2>h}z1Dn3})e+_cf zE7|udY1b+)ftVIer9fkl*{a(2*!2B4B#4tsF5)=BUV2v~w<^ayqsgbJhES?*K<6hL zN2PCF9XzZz8^Yig>(l8~8?C_LHSAtoh%HHdpdLQ8xu$qlW+{Jh5Sf4&0lE)*-ZHV9 zfm>X>n$q5AauY5F)9GBsmX{azw-MQ_gcVTxhXX#9veb(n^`Lk<)?F@ZTkF;nE(!!0 z-aXH?dM1ryXAP`&rAsR3ab8LMD^&y+XU@JkiWJsWZFK>6_p%hWVmau-u^SO2cMWoZ z5QZzBT8=~`&~zEK?-xLdGMZxWtVzZP`8Ckqcq$7Yv%wV6TwFgbFefeb&!rrQ3%(Wb z#hgzv>IOwtBqk0k)|M?5bXTy3^x9m8C=N5h9G_a34#sZn*&ihQMDV_&4b8e(hngV8 zjKzrDJD!#1eiYK6i&nV0*9_@oH*FupSZAN*MTs6h@ z`kQzPM(2PBPpv~%&<%_2Cs1oewvGrhk&+v?y=Up_{v5kUjJ!{t$2`|Kk8`o{i|cSL zv?{44z=sL}HGR^{!nY51t-`i}lPq!x1FlIPwY*)1a(b7Y_iuPx5rC53T zV1_xQH%i4v9^GqeNzx{>!n-utL6S$zY4d4gBd3PpEaDP85wv5TSLXcdJ5ko)yS96A zT|8Fs)Cm2s&fALuR-xYhde{!+g&GDw77!SDO==h zVV?u;;-SS{?nxgu_>)=Hj;L+*BR`t1#GaY@iottylQKym51j4ws*HOW)UhSA%94op z5QN}+3g4CuO3u}05wxo&RS#;l269b>oxZ1Y90EX5GqshDaqpVnlFr7`Cz5!4*y2;> zpHclQNXEu#n4TBa^k_9pXa%A&GhtbVN{sVgN@`ZO8j4y)XQ!-CISjqZt~dws{cEB! zH0JJk@@aOuWV(&*{C3ZG8kJPfBc9dNcs41obnA^nQZblSh(Lz~amGa_GR{9!)MjU$ zObs5^JQJPX{8k>JZ!V$sc?-%T0|f(cezd)y+AP@UkU=yzEo_X6a;irHx(!Mra{}AU zk0fm9+X3T_hl)L*;_M}_gA-NMQq#&Ytb@!lBK(no*}ppUZw`DiwvI=WP_c&XQL`4o z>C<&Sak;B#XX`%?=D5ANzK+rxa?V&FPm}@ttAf=o=SWfGJ02n-_Os->5bvT>7 zT1H6iqK4*s-0o7XkMe7+(PY0cMJ42I6~+(9$0c*v)^bKobUvG3k|q+UX~@CJ=~I@1 z-V1dFg~oZ$AbM9xF?T53GP_CVjPQQx>sIX8OKut`MqQxo#tHoBI_b#U({AEfk=`@r zso;^w`d795Gx(FM{4nv~hkhmaV_TO@*R;o3ZPicCBvu3w{b)O>O6U4Le#L*Z9*6r_ ze$Af`elO_vwm15d*~e+D7@ROmlmSjhZgcbmSGj8AY>ygzvLPh|=i59V9;;YJ*;m@^g6P9r^mfw64#PFbWCAW_L z#;c^UtFrD=LB=!5t(3GdaL}=DC+?^DetvMQDQ&l`C5Q^d9y6TO%0~;G^VsV zBUJvS{vY_Dc#FffH*x^CXa%L;7{h^p#Cw7I8ryrzoe`v-_GR+ao^it`{{X7I>hUy; zu6*75VgAl~XYE1zJ9yjS%&luaxec7Uj)2b?Z{CGsV?Lms-sJYL^W)ci9j<%|_~m!u zy;d7d9b=W^krB4;^&gnV4S0BpdY!aoq4Y+lcbi*Vs5aaz$Rv!fZ?EDFZRvWEx{lnL z8|?rM!`8lA5f-#NE_F8!lg5+Av7)X6;C1@bA6{Fuk_m0_=r9O8Fdo#f^$u#&D%sm4 zQlYX~(MuO&j;wh#?|u+u)GgwPi_bIsgaO~BeV$c`=ZWEB9nJlBN|#J=Z*W;17>&Kx z*wt^grpUw!OoOg^SJ6{vlQpTer@6RSEtDg%92(cM(O&f~rHuoWz&!EKdgxFhG@Z%x zF9+SltXth*Ouk42ssax_zm{w3Z3n`3cm5mKEKQtKM?Iq=mf(iQM?XG_AP!mVDt=5^M==QgY z`-F-@79f+yJXf1N^W9EmUolj%$GEL|PG=UGi{cGR@=vo{Fi7l+ZEOsd;<9e^{rY6` zpe1qqOV*I18yuF0Z#cPUk~qYD03*2cuV&Kq{W1`r+ICUTlqkwL7{)Rw#JI)vJR17R zFSUz^;4%oA++oj7f0cSCgY?ZuNGTjm`;FnS2kT9vS=yzFO*D%sB1K)ie+jK26A9>Y zR?sDl*a74T$!}6Us}oRzb-=nuI42)U)g1DAoeUP!v=NyAbQm0-{?!{=IA>T;woj+s zrb*N3`ecm~%F4{jILEC+ZLVBeT}uJ77dwewMnLUA6m>fbtCTY-#Cguz%7S5OVCi-P zoVOc!_Mi)Y59bi-(#tA*vM^i>WP4Yq-dbt5t#jtW>kw0br*AX?=dsOqr`<>_W|lb9 zAg(^}_pIAJP46zQVY-yzN#{KDtBkA#O%ubD-fIHx?D>$#IFdf(V!o`gztS~59VOH( zcHO2{3}b4jJqX1)OxBt>U2-il^5t4fOKVu4DUlxw$6OE2yn@%kSGJJqI;3}7lu5Nr ze{s3s+5fNB{v z^|_SBQCH{b*0vDan`wNK;3Qi~epjtQKZ&J-OOC@W1TMpj;4!Aq`MMIOsb?Gk#AT*l zNd~gD&3@kd$+d|g^BeBq)JYc-&WUq%Y}2SaR{(|`&2(B0i?8c4>UaK4&E2d+JHg2J z6`zr!CA8GxisYsh0u$8asva9i7oA*4|JYu00!c5&$T9vBCKaMq*t@)n%#uc>GGq7ZM+GW z(2Di_W5jwT*M@9bHh}6V&Gv#{lhbb*`qpXp8S`$ZcWZH|%_I3zI3sBtE3-Z&x|c?p z%S~vYx|9TBgPeE85kxtZ?7SZwHzMld0+%BOP2BF!tv}*438?70JT@@IX0w;>gM#b+ zb6VKV$l)Z>+0xyF%e8WmT8B ztkvIU%A-4nRwJ!U_AW88*J!pfUv3FZ6W2n)4qJTv**+rG><6=0x0_at&+DQZCD^rk@?OBm$vwykOT)ru;yg zQl8gNkw=rWXxx73p-7n|Q1OR`qSP8aO&fZ~Rqzj|Y*sje*(`}tOOCwsHAKqY3@;98 zRNuej%6a{b>`=@gQJ27N z+5IcLh{<(p46z4CRvVAwO&G~o>9okVBTBL>$^kjgHP7n4C!WpxtEVz9aH=`QIc^b^ zj(bqn?4qAYxLBtX`JhNt_B?Vw8rks+!gZ+KCVV<68;%QbJAO6KBcVsJJleDAj}VA6 zZs2?ISk~I&w2d9}N#-$aqqoyE;QA9K(4Saa8N52_G=p$Cyhtm=Br&XJ`?te-M`y>YkeQz+ch13ny2 zKDXjK$%7J&3kJbFg#`5J*w(C^r+h6 zGZD!QFilCNx*n-!@W6=_tg%hB_2V@@qpSH)F2z%WjGnb>W>SF-w~6&Rt*$MYtJ?4~ zM<9AvEv}s{?WCUYp@?97+=EoA5z1~u;uMcUYY5mwWQa1oGme$vdY#YOwH3OK6^=0B z*9RN0YgJHbbVs#m9wKiQ+(Q$hTQZ^{Ud#Xk`c;n;UcRH`X*p|gW<0pg+zC7X09uny zUd9fS9p$~-O>qN2tKT`@Uhm;HOVo3?a6**_k)LV|*$<8_t~AIX5ltVRDcqcbK=&Eq zxa~7k)m7qA9CO|S#~o?zWn-Jxb$^K7DAh%#s*zekKX$7h-E<$8KPu`pzYBlDGonu; zTf%0M{{Yp6Ag6u9>rOQKnq2a^?rvLEp592LN8Pzg4l!Ppq&2+IPH@PQ_&>`0r-daXvNaD9{GwW6FVbN_Mcq2qHu*ks18|gsKE@%;dp zE6=xTP9U9*lFr@j<_0A!8?IZWap@b$sL1fEI(dX-9N><*q@!Y-k3_fAWg1If1Z9+P z7uVjoO*!thEk@?jc+4_KgSZ^;2l-Z!i3eI>!~)XbyqgY24m0guhYq6^rik*}28Dv- zX*mL?&opf@19w#g ztGCuP*C7R=9-tmGQzQo^Zqi#^G&d2-lM(?vzY6ppD@TJ#l4&4mZe}4&pWXV_ZpCvm zho8gB*GBT*nFf!ev9eoKKgQCooWqU0_<_tvdMi8~!+HuE$#_Y74gU9S8 z`^X7n3rRR^=N$)nvj%hNa`N0qB$5}LFvvYXuUxQGDFr798D5#-(Ac8O8eXAq71Y*u zX&cC=Y%HX&}`j5C{}A5<;GF>sd*fLvl?|#8#1M=>%-vZVv2cB-baQ-!$`< zyO0>ecRb>t)anVQH<8E1nH&H-V%&<(91up#aK2HNSNnDuitfggNyTz=Oti zzD#fprGktz0i2rhdpm1`so+{W!cI#A`eKkBW$eFZvoRFLzgPl$9aQaw{o32^2K31)EL zC?Ed1(d;sYrKngecTvXgG_f#^^0@i2+w&FL_(#T5==L_cP0VHOk&DJhTpwS^Rwjy{ zb34Xb@dEOdEfb>9jSK?C%tn0qrSFAzy<6TQ@CeZcKT=(W`N zYUQuo%`%jS*!|N}6gQ%=*y;C;bE-{Zw)aBDA~#4Ei3hjgUT-IfwF~WIR~ELfX$*3- zaHDgKcdbmy_8YFQuV>ZOUhRk9JzM6t`^1@Xi0Lwh9q<~Be9pH>zXQfChtqNu#fvn=0WB= z@J2dflT6UQ)#b$_#Fp5}EO{ogay3vWc*{X=4BkNm5+fv$EP$!x0yF(-x;5UZZ>Nj9 zX=UEI8-eE@l;a^db~d5$2{J~rEUul^Mk|x?3~^muG{qTRs>$SKT~ozVUfM&YO>Bt_ zY2|T~xO>*Wgc|zAE^Z`?bbVEJ^S9oZ;}O?>CA^k3-| zgL9FPbCFsaoOe-L-dRO&v@~EV<2-*(l*v5pG|Rham4t!@Er3TkuTar#uC(noVQ@n> z!s^%r^!1==9Lze+&Y^9-@-*^;ox4fe-=BKtbxl5d`{laBLGppPa0nf!E-^c`Xmqg+ z{Zx-L`+PqfQaw=&tNAlov zzt(~*c{JLc^V)rsOc{qlMk|+_P`T4w$n0cncj(jz&w^S0)`eBV%5o1(8tr1%rqV4g zVu-3pzTA=qq)VMG7C{@hQHAvS(n`cOS-;cP2qL|B(TWUh>498YURvDG za|DGE`wac+VmogJ+@_y+`jCU|9zvb5u{b1pj^ex*#M)M`toW;1)+LS7OUZZ0Gr$9~ zj)T2v5u>#DPvNE2d`tFOh)Dk7$j;nzn)VC52T6!sgKn5mNps0HppTurO)PQF(2)vT zgXzyT4xgsMb!!^5yYbKy(uNPr-iJ!P^A_0`dSi?lbK6?LBe&X2%HOSHB4TUlz9G|X zukQ4XO(cQf8=rDxC!Rk_=_8v#)NefdAslXiedEZ@NvvIq`mOA8>GwK(h_jh7lEaaT zJS}G(;zwx&J7>5wxTUGl#zUgWvDaec(gl+ z{84*pErr;cAOc9rcChMp_ODaYZZ%&ITiojUHM+jKx%)bh3X!yfk@(Y*T!$~<9~o*7 zf3CIAo(qTxR%sN1&cNgVezkJ*#5VC>+oWmssk6P`vY$gz#-n3%Qq;8FW5XATs@;t? zX`^5V@ovrrJu{l~dkr^Iu=18s_KS4^V`dyS2Y*`5QAH5yw!}cwnInLJSo?cY_y+PT zy+-QdY2bzxz(tjQ@f~sXtj3RU)-}Bt+Q95!w>aEmL4YynO>$O074)0ULG%VywVB3Z zVlbKd&}|}IV>zpT@Um?r(InHf{XX6uN6pWjAUl*}pcDj=SIyLUCc=t9}_jk9K(#j=~w{8)Q+;P}((!I*> z!WaG~OKUTz7$XRv&F@xWngW9|cuAwuxuqyDLfbJNcx%nl+YxEa6upIM263US#uYI)14pqh~e6oUHhF z>LmJ(lop-OS@9RdKND+OR+$yGwVXG0@vK=y!DS!C_3vJJ3?4Y~manI28l~OU-k$D3 zVmB1^0DIA6brgH$--k4v0?Ng0EabP8ph+LQW81ZMR&6!CqDdRvOt7bz0Lj4bQz=-P zB#u7sQ_}opqg+bMkCFIx6^;j?#R0;$V;6X{7yp$BcL zYPOd8I$D)b2?3b50=P{MTm2sRojN9IrDB23eo;+G4^`6i&+Q2$f?Gj7#HRpboSNw) z(CmB-s7Q4^Kv?dGw1l`mP{H5<>*-HTgwf{1;=Yu+!Ile&t~B93z+N&6s63J@+NYS2g3So6Tl8Qp8+Z#K2<*=JzxUn#CEd zntcY_PG^wG6K*m)XCngxABAJuNquD^c`^(r$31gd%Tl8w4*JpNl-$c68BczH8oQ*a zkseop{TG4>s9s|-{7-kNUV~(DE(4Zy`(2n?cQPDI=-ynYGs~ zE;Rd#h}!pIEfD3LcjB`yJUb7Ar-M>mI(wv2QZJY8lhTtTkm)sDQp)2@x776&7TSSg z1bO?%9dqkkHj}67l3h=&TVcwdFz#=?#k-^_z z!J|HpBo@mx;~$@41TQ_ouGd@CwMVhF)va3QD=^WC2^k*zd-GaCT?Uc5Y-xh_Ku@W|MpIY+WX{GaCXo;NxI4VBq%_M?4 zJxm5`o5&p|F38zlM{2hr_OHp#tlTunY#L7+pV)m3PPvmY<>FfEwtMki)iMCG;^G1c3biGtcXhb9o3$< z9)+h1Ye<9MGas3_+H02aPOh5Wgnw>fJB9uRI1NFxb~r67!6JFauXLb82peP0H~;PNZbJD1FdwvEZ4NuylWjXabq?X zFiv>yxKL!~aXuo^G_4y?ZB8rSKKfPNg%}X~d)7~b{8M)~+6}tOEY$7Yj=r@jpeLzw z#u};Bo*gGmnmImfC}IIT_pG}=0VMLXT{XOuE);GV3{PQI&7oe=B1^qLMev>M_E60n zn#63b<};5d`VaHkyyM0ClS?7Gl0x@np83vunoM5XO$>b&=6&kL$iWAi>h&8dYv{{0 z(VJ%p>`h|VLR`*v+e(hqOfD15XBboKS+}=vhZfNZ3|ZUA=zS>y(ZP6XbM8eu17&v2$#-|6T}*9?Q|oR6^k9gfUc9nw$NKD21QfAZUt;iq>o_J zH0xsWN*RoMcYs(74{FNs7OACZc5_*7F$@-qn= z2P9|KvgXro*#+dVO(bgP_iLY+XB5QI?w%U))LIsq1aawtSdr&`Wu!80+(t+gl#GrPUzMkgz&$!(^(goWgpm<)hUN40v7g)O6w z`ZT&+HqgZw@&~PR$Q*Pd@kXuvk*y`AxN~bG;T(*Uo|zTPc%kp~$W@fB)XW5!L&A?k z?@BSysKdF=_*Ycbr@NL|MZ_#}N|JcT6&Hv<;WWF5Nh;k<3lfBRnA|heb6pB1iX9B= zSnnc@EzuehM%}I3>00r4CPpzyaW|AsU*;VTY}C#paJHwbX}S#X*g(--Os+`UG1S)} z+LpIvs$E2G&C-HZ%!BUx3eLor2CEFMi;bpEfRRy3nnl8Wn8yy_zjSah??DneT^B`y zD3<0ct%o=&dvR4fPpUPP3a0fgb|!Wy&fjVaJgR+meL~*m*=I5_#(C&HD-Gw=jA(5{ ziOvo?iixhHHf6lC5GcM;kT?u7b6SvEMR1EOc~&?(aoVyonl+O84Ki3_jZ4hRbF^>` zOq#vQ&UP`2ju}rNP-kMj#4?EH^X^aC+dEr4ipqfpKEBk z9k!3)y(;26<+`|F@vh;Jpkp7cdB?>WFFaEYn?9j3td`NL+lanZ%JIk?de$*ooeJm7 zI_8CaCEex2s?8{G-IX~kG2ij7S*)564CSJji0Gxj053Hq--f5W)2D06zRr%ME>1Ter8I{c zcR8O3_!e0;1A9HnM{Ns%jo2&?{{X7KhSofH{{RSjHNCWHJf&0vB4nWhjCxhL8p@gT zuB+mmQ&GMehNU=Lhb5Uu0O#7h55is{g8Ihd(H>YP3R$w>D|-scQm`WvQq@vQ@VJhUPfYax%Es*UMoA)4o=XpxZ}5ukw7&~GxPjSKR1!;n z7CQ<#nKC;qGB|AF5XPvaXFo4dU2c)9+Q&JG;~R!Hs=f|0$;EDwfzbGh_eRn*>+AdG zA$D%JMj#i@eAmW4GMvu@_m(ldQn}pw$U8^1S0fSR9v;-ybz>dU+}t3^Spfr__pf4Y zLeSd0>pUAk<7xSu+|(Tr)!6!Odvf7r!o0i?M?xx_sCfZ!7y*o8x)IKmhe;G|1EWOV zW-y0Armd4kn0Wcgvo=xu%iZPABw- z{{RFG{kQa=gI^alKiSjAI{Vr9Tg3{CVQT0W7_SRsF`nCj9D0FY*lx3D`&=f z9FvLo_4`r$2-3bFcnieP+(#N~HnFp-JLAm&@Idt(ewF;M_{+k#-Uaa{yQ1p4d9}NW z;mnvnD-Yo+J-{`zA43U55$zjwZqLTu4LGm%MK1lrD~3fWxGUh&jpWwH~UkrGr zE60OGxw#e^jAd}SW5kC(oO4P?O*o(3zwF8JlFP(8ABMGS3FaD2>}wU#X5G2CDABi6eHGAE6!&-HQ zr+Edds%%jCz&?Y$dToc9qg=?5!ex~X)*V6mSIlM*wAtByhj$Ef$ub#)W+_)A3^+gi zYPq7p_BOb-DILQyu-xbmT=cIlo7BRpD#a4mPc(MSpaKpQV+XxCQ`vgNSHl6}8Q=}(|U>9t9(n@u;iQvk`+9ag&Eg#Q2& zyjW5l4^omVs}_;B>>a|T$amM za$U&w7SYdf=h|MyqXX_fe+XoEKgW2iBd2mB@5WUh-W=815kwE2}TeFg-KP zN3HmNcDqlMsRto*!K6M`Yub25`BiVN0fjhYfu2WPS4(GdWXyM9`LUn6e~OeFAGL&N9F){u3;S21jm;aaS0TIW3Pm)O53WuOv~R zbv*5?Ek8__(cR_`2`!vwwKR;hxzyat3^54eaCdSCt#Yjt_cuYHkR(ah>r_jRW4f}C z-o%zqmymEt9GZ{D9vHTl!ih3V0$o8a=MHdvK?C!kgNM;0w4Y13@+4w+eDBRAMe{*U5g{It2laN`05rS-TM@a;z3s(m>magMoqERPe#}a0R@ZWDS+)twJg>Ix7uc@Z3a_&+~L) z)HPqe(h|YRkr-^X$Rh`@uN8I_S&idsnWCLww{|cU z$=Z6>1)iUKdt%bGG6=%sG|O@^v`rFQomgIpoW_9jpqbC|H>rl6@UPMN6r{V_;xsB)bfs zKz#*IEr8Im`z_RRHqjte$p`prnz&2(T$J&p<_Y zR=OpIxdDezWN=s=r=~%o=8=j$O50Dh(lp3nx3hv7R1>`y4F3RA_*V_7+*w%P1&xGL zPPsdW@m6w?rH+4E@NJ#mk~Ju<(oI4~vb5 zsiQWHG$rI0=0!;V0J@{Tefn1#`yyqU6TQc$Bvx)6ja2)Ynueh@#nqd-O}SgKAmY1y zT2;DxXl&7z21U;9yRpyfn#`l3&@CaB3)=@!%oGj>uf22n&wyU@$+3oWaUS(MNjV+r z;}JNPt~@^_oKo5}D)QsYAda=?x|f3WixE1>3QZb-%E{Pz8r3Tc*_{W4ZzAx-kZMh8V=1DCbBEXRkzo+T?&?c;pLe_NA4uw22Lg2G04yPC*yv`30 zY91WFl6wh@PDV4FV2YO_RBltf@s0Mau77Ci*K-zFmL*os(tpSmO6$g#*0&+_@R3TV zcs{173Q@7{+HSoa>{@=KDOs)_Fjy!92kBkDvwaI`P{}LCc*iFc)3GOJE;W?LwoqEJrUANH#Gz~$$ARfHF4;e3&>o=ra1&+X_`Cg9x;Gx=446n+(h zPv3Nih^$E?80Mm}w~x=b4Drb_5OxESqt>wjuNvOW+aP3e;B@q^zROPg3P*abOrR0B z9Yt3u9NiJX_^ZX=+4_h}CEn4pnUEiub6x(Kt!WyB5HK;E5af3hoNQ9RQ<(Anhj(U8Dcow-|JTF{1*j=pD4R|PNw%8zTgTFlb)UWP+Vc$^*iegIxh<) zj3xnj$q%@6uNTm?O$$7mum*A~)h)F(lF>z^l8H_Vjkv`` z(J5GzT*;?1yy_;M{{V=uHOp$ZA8OShnleO;n|(1^l@+O0;Zi4z+yF*#*15;Ic<%zj zFavUPibm(D=z4=Gj!3h!1xOr`Q?JCx?x4T0(^n-(YELTC;tGgSX#%38$^3+7$K3H zep}FwdT|RF7W(z|{0qOliLFZ@1QuS`&B z%hYswv^EVR#?iEra_6}E)H3Sv$76G=rOL7)#&i7t04fM^v74rAI>w@7z4KM=gW>bo zdw!MCS==NVpwvg0@&nMHmmf})4oj&XrSTH(!(Wao8^lXRL*^>Sm4B)JmCg8@Rf|%E zCq*)$Qg*1~fvA|;Plh!g5ZuQen#lqp?|hIB(boX?uW7!~to%KpB=g?e$mKTy(bSJ> zmjgtPB}wh|Jx1G5)KY7>lwcfy9EBKOyw{-XIwp^QX{5EgMQpLCOea2WI_KV*M#NqVw7k-a+rVbJ$l5{1 z-@>`;-vP@RSZBMqwvs2@LL3w9eW(M~{1ss=jcFS^JHze$=>u>dTA$+2h+wpW4MxLH zf(MOuO0Xvx8Tp750rOt74xJ)%2wV{UxzDGybMs!R7i-Paxlfda9cT+2 zu=_}wV#>#!)p+UYeQIZ&Rb3bmGs&SV7|U|2Kz?b_RTLZ`Z(7W|l1Tv$QJ7v~FYP=6q*uPvX5dQ(OBdW_cosLT}Fwy}y+J7FKiKOcfLe`Qo~GCznWnEu-M@ zao&Kj(>AKtHYVP9Qdmm-*&O1zi_JGleMZWCI>+qx_zV?}TR7*O3Sf5<&u4CJlE&CW zBdAv;x}N5#YMM&U5?JGlaUU^Srywh6PJAJDH7hWXHc4mbc^J-X(4IXu{b4)7EWbZJ zNv%*GA+7iz$*o=qS}85~Dxh@7y-?JABW>a9dui_RVr0De(TMr6HKlhVwV>2RZNBmno9m|n1E#6;H9MaYY8H}OhgP-Eo3wCw1b$WNx6vv@*F`{$dbT(e6qyc@ zrfK@zk8IZ#(A$+R&ms9#0aX$`4@b4Q{?d}!^!VE>Uw{|E4Q_2tXmNfSuY zs^bAqAPS`xi9N;3OsZwU-n~9tP+vK-E|_j%6NrP}2+rRyMeXM%*Jf0D;{7 zXdgC(%?CtnOX6>Vbm^DN(dD`#=5TT3s9p*7=Dw!B(sZph`u!E*8(o!l{ni=nRjHZ9 z>z6)tj5FdRP4I~rW+FL^<%=)wqdocda0fc~z?mdY8 ze>&lOM|6{0C)uajBv?fl#~CNL)`MfI@J5|~XtwwF*4A=Ca>5}YVYq;QyVkw?#iRZa zy)CtS6^um#Mvt|=Ql}X?`ee`sKAEc9_^qId>f$kG7!`GF=N#5wj&%DOY$nqD*&1iy z0nrrq6cnV+GsK$pwU&h6X-7wjF&sxdabGISVR?7rn+;z2-XM38Z(@XNeepr8dmY`k!)YS0o^K{}yNy+q zc5o9NbNN+&1nHL=eec=>r}l!G0rJx&dXK}3nMk{v(pWC1d2N5^Tql;y9UXXVdV^Ei z&2f8iaF*7s1WBFyRNya9%Cca5`|)zl;@;j1Eh#2}9(~dnScd1Z1N`$`2gB=IjZ0X# z({3QWxt)GU)uV5i`cZ-;W$xJM3)C|_9QkAqL z)I4jac*n!no)WOI3+1=(oH=1Dd)J*vw;Fod>8yfFec!|Pl>K`4pv#}3)_-YfcGuP+ zY}NxS2-OMBNFJuS?~MA^t)uCd7nTUSiwNCR=Y!k%P*aukJbOt00EB~Cn$hEjVg?3G zkGwrA(PN3O4AQ)4l0q?uUOx|731=MEGrZ;#Ccs}ik4oqD32pT0i3+kder6ozlL*VP zqXw-Gp(s-bbl4Y^02~ZfthYAr2FT$^Sx;3M#b9k0bH}_&%|4{DSV~as0f9W{y<1-Z z>X!>?aVtV?9A%syNTz7)dT)e0FKMIQMX1J$1nRgFXRdnYwmfaFX_sPaD4q#CpaBR! z)*tT*rk_$Q%S2plIQ}Y|5~gcvx@EnMrkggO zrbsU1+-@a5b&hziU-)0*En?vfym8ybq=yauuMS`8M@mH=_;eWcx!BD1_R{gkKz;bH z9=U6&HI&k{-zs}(<}pahI(~yFwmeYt(P-=Gx_UDuAXg_u_!wmE_ z>)smDbo7C(QrhC`(TT!t`==d!%`)RFpFQ~7RnhExLl1|dlg!l&Z6Ohi?dKS8Lt8dF zSBY+XH1Im^QiY2t9FL_U`A?kuRp1X2_;x1NW^;9<%aN2A+I#LIsA(7JsA$p094LxO zje`skk6H%dZH+5^CS;l@(LBhUbC2M!R`9pO{RT$4)U{s@4MJQfjpWWi9PleHc1vv@ zho|^A!#eH!8hjcplsc-$X2?!eK38~l$B1EDCbzx5B!p~apQn1?wbgu6bF0m2!Q(_zB1nny zk)DU&if$GTQ#$WPzq-}Vt$!TrcI30M7+D9sb6VY&>CP2fjPg1ffk`V5)3l+vNkv!f z+chAP2(ROX-0WuxIO8>+EzFBruA6pcOO!`8fB+c>L!OmGSJ4iy9ksj>Lu)S3R!`z% z>VI0_5;IKZwGTe|Wr?B3q-;hY`Mw;wh;QX`zuu<>owt#1m-{%+oL(46$GjZaH` zR%q|1h3A-nIV6PwswHz8x)+9Y$P3QU#*)h8&2=Ap9<}JV8da>ZKy9q;T@|tA1Q;XK z`qsrc9GCndcB1*NuODT){n)_3CbhKfTSCxp?%P(hmOU{>=5!!uk9y8>=oY!ic(+>7 zwfoCE-73agYe*1?!24~LOz*7p~-X&>9;K#|CK!LAti8aqs_$D1U;7dah$ zYcRJ%9hXhhY_9bSTX77djgjM=fA#C0xA8dF8qKfmTGrJ*K^8ear}3wDHjwWT>AD;0 zcG{MhhT7UV_7roHTRgYvTiy*8dX}d&8ieYAuGqH>?ld+xE{CMQ*lf|Fj^a0yf{HqZ z2E1Ry@l-^2D(Y4iD5)BIYYuTE}YlOFJ|OGVFhZR|5v9lIm)(NEH}`2d?Gy zpbt>7j{eSAlubR%3{D+*2E3!j38-3YQ>UFgaXIq@ZP%aaPQwog$)MU_NiT?6^T=RO zh_G9CW6gRs)tZI69#8i*-a7~dylg+B1jl@A1z-hFp$g0pt;PJ(h1#8-1OUy4lA6$ zwriMVfh2N5ouqa(lN?`DiP0vO(s5?T%zW&3ZuQqo7M(rAE!kNl;4=a{bfV#Lo*?jd zgmn>a+GXNiGsIQdTOLfFhu*xNPYLTfee*+Ub34Gf3R537VJ*ayJ8cDjvvm31{>Z({ zH&e?2S(=s9R;Z53?Q&l{@B;lRN{nuHz6bF)*plYv@!?A$fZZ}j<6Ad>8T5ZTPqD9= zZZjB@Ba`V`!UnOTdVYhc*y{Q$dW=es8|4|pW9IbzE0ff9OS@%xE#W3*$&EvN&ChDx zI|HPVLes==eR;oFyz}E+M<1J_b}UefS82dIl|%p1coXNbH_eo>>0? zNN^QM>IGaG=f+mtj(KKCGyMiRiJm4)!Yf(2gqg^!TMF5P<;zBMSQWqSS*{* z190hDmOQEX_y-sr0rah4j=EAkcfr0n)qEMO_-n;}9@H02*0hVrFH%jJX4v7d4_?*& zj(@PhJ~y(bwfW!02;>^lF*vjqjoKCEbhxLhTtH zE64n8;f*^`f=9Yf+(-&A1MZw~-<@)t)7bpT_@m)yBe=OH1h`9gFkCC9e8|Y|K8C-T zzxXK^z`bw5{xH=%Q=r;e-B~O7tkK4Kg}DWD*aKA!%p{M?FkF?8JX=V^C>;;hn<;#5 zVY%`#&1{i_2`tedNzwNx2O$R}RcR&NlL#Sko_l*%v5kVmVwrH~1=yV6o*JyhBqH)- z6f#@HS0kL{(`X3RMKZIo#sD8$Y_dYL$gdy_2IWvX(uy>L=vcN5A_*9xj-Y3t_pLaj z5XAQkUC{>pqttgEl}BARe@fr*NYC18eOtrF;eU#?xZlJYW2_OxXUolOKxB{)QH&qP zzpF2W{xOTh{vNZqp5i~X+mUT?8Emm!e69I$_*XqdbX@hBp_&r2Td-tLn~vhVclL_- z1EPM?AG6=YUxpX)*-LkOXxBPRN&)h&KquwTLU{da%)~H|=XCX8gV{KOjYGfG^^Ozn#|H0#)rgG+LP zG$$L5In8zvO&qt@_LkFP`S$s1yO$^b0M}nR$!DRRMA=gA#`4=xzO~rmeBsA%M_T2~ zl4%;nt@N%Y5)hIyoMRm_e-ruFx0Y4qsIGC>rmdm%FN1ZxKI+Kcs1ED~-JJm)>t6cW zJII>jdZTn4^P2lwZ1QTWJ0bR0D7K>8o$5y<)RHdAqL36WysI8@U2r+s-04?Ry^Gt- z+u~qVvD&tLD7M}a(xmW{!z2oVuN)l15oFH}Qklo@>-Rf2KaCqFY00<@qOUoIfnN z;4vRc4XK)1Zl$B?dLn(U>LDyJk`NwC;NW!i#d$TpvvI2GsxHEXVsZh-MtJ=w*Q|0isODE z+3Gr8p{Kl2#J2Kf*|W)9af&%~F_So{tj*#EIW4!0*Apg{eJ7Zf=wo2VlT{RRoeEsf zFtLT%)#2lT)bsu|+S+OmA}Y=TCNjZ&YQZB{PVo!h-HS+|+iaL1u<9$)q|_}yL~xjX zHkxMYHZV2)7RvHCZ!A^_r-)wBA&kY2LyA1aUT&?ac;HkbBycX8ZYJK9LV zsAIy9L0zt?;2Wog%fy1_-qTNKDpU|l5Ic^dk(QS-C5p))kP@t0jOUYHE8@$bmodR5 zyE+yi9B?r~CpR9YBq(Aa#Cs9ay$iy+mCcr(_SZzbGB)GD1&=uXbQR6e$h@={S78YK z(Q-h>D^Bl7gHMa?cM*v4oN+={G*WgkwEK8GN2gp^TZ6r1A2OZ24tm#THkLH|2vp0N za7Ms78Vs4v+T69WO%(8XdxWCT-#WXv0E)@8NS#gp0FLann|9LUlG=MaX+y}0I4$-3tIK>*;utO_ySO&c!3Hpq zr$s%gNtAmYZ4}ea+1%lC&uX~y&bg6EcJ1j^6>@pnI-LqtGpkIX&Bg{euJ6p1oS{&p z4l(On*v-{BZDI{XN~HlXx8DB%X1#ae+v?f|l+xMVH=A&dk`as$c>c6B3RgJq5b9&Y zZD$OiT5af`+}!m)jTh)>k>X=qU-Kr?;8nuv@i$9m20T=D0r?G&Xv!o*GoSMt#i6 zbB-tjr<+!5IJE6b#Us163(6JZxu|sutzzb7F2{54+C~cdP$rP;<85KFrhT6_I#e-S z%I>WSv!_gs)CnUuUQL1-=9q45fDdz9J|3QL>^HOj09zb19BUhd`&bc3vm&v^G|jH~K-8%+fntM<n z{J)(*)U0q8nv=hyip8rMsaW^jFh?bw zt-RTiQ!OirK)Kz zlHS8H6EcCdOA<-NToG40X#6{+UY$9wt%QmgFx|!)x_8nvWxsc{v`bhs%4a>RPEj^H zQt-x%@U-@J(Tk0SMFq3Y4S7zJEblut>bf#99)MuhGBk|4okiz~WYg?_(c*z8VgPVC zth+B3-C61u?|$B7O^wbQ{Nl3bH9M<~Ud3gGNbcdA&0WB+I6j85^<7?A;hrW%l2%Wf z9^$Gp?gu-k_-IcWz3UEs?%|#**gPYoTWOZ^2v#-@z@4l2aa0FY;~hfAKMmd4Br(kH z07fhGA@7R$a#yvI;KZLax$1evOqo2ydai`BBvMAsRYq_)$*xr`1k;EmY{)qIyP6{3 zQAw?jN${SfEEj^w&&Y!VBDOqHcd1_~ib)+Umm5NH&%IEct)b6aYExRkmQneH4ml*( ze{H54t7ukfS!5s_9;Y>MTA7}2;x7iam*NQ4Yxy+@m@J8px|tcr)MpjZJ@58nLYDUI zcpNF`@U2N_pe?*{>CoNIo@jL(9+|~)UKh|_!&25S?}Tdi3`&e=DU1P8Bu_S?UPmNu z!U(e}kVmE}oEqe|x|+vz7+4g7c*r%f#bI|fE_iIOB8Yz453dR^{-{( zDQ#9rTWUlUoStxdR5_Ix+~)KT6-}o2itZa_X1Kdx9zwq=jE?=Qw($>&ZSM7nKhx52 zkf00za537I+t}GF85+&q&a_g-DE`8+LVtLq{O!rl@~qztNqMK~nunWpT z`u+m0z*E(AM~W7+o;8&?JG0iZtfYcS-^fCWIpd+GD-^X$3)$fFEfu8BcqjQ*KAET7 zTDsld2aVh1!RsjdG23tZg!O$>y-0X&RTA){LJN=<6`UtL=knQ)5C zdk;^_yRAD-vWab^kwQus1J~}*NmIplc79RJw`;hi&1js{t$xeF>|kCdLL z^{+S8yftxUs$1Mb=#owI%rHR%pZ>K4G;d93ZEFHEGZlPtO;kzeOQp58j!8KH6+LrL zk&=36hi$H+wUXXI0tP4OYlZPXnL9|?w_V_zG4J)QQm`2w7@Ez#*Aqq_;G7Mo(DVGO z(lqN!drSCal6B7v0qsl=Me!t>O{{uhj^-(vRP$vB*~homxEmc}2G!c)BGFiIyD`W) z>}xkM*wogwjXp;}vU%Hx03UN)RJ^W*4Mgm(j^E>F4rTjDy50=zk$3rCB!z0mvCfn z9b_J#U-745#z!AEuVp-U6Tb5_tGRay=X8gT;`yMKMG=wrj{#~;p!yeYJUyoAx+bfv z&pa_iWdITUY<+)9%kZ{?7Q3bElFsEKP!<#i{b4=N>p`K7U$tK?{vv%)YHisO#j_VN)*nr7mXalgeh4fkDlGaSJ z9ovVsa^5xZ2lnx@wklzgCSt`2`Mrjm5Li`?H1VwAYhg7u4)#M}|ltkdv{GJo?sc1Ci=FFqTaYJ0*_ULSvAa zIUfH2jd0g<>e@!5HKdVEbnsD7-HEwZbdLyt9TG1cQ&|TqxGV zTu(jI%RcufEz|;O7Ie0Ht*@Mm6wo5%V{yiFSsIH^de^q=wtVCj>J0#SW!{3Y-9;R+ z#pWsGw*#8<{X){*%W(Hh%PFsv>jEK3odI5_^5W-TT=i#3)sm(A+jQzYKep^h79RUXJmj7~Kx&j28k!D|Izt@3UI`d%3euCqhVoG(te%UWl^|+M z;psH{Nuh<1$+za-aa?Wfo~r^Z(JzqM1s@p)o|J}ndS#q9vRlNAvRtqodIR3K9>riu zt;0l;C~dhM6ONP!@vHqteMG&a(f&yQpY<-9QPI5_-5Yv0Omj$ztQJ(3i;u^Y9#Dw z26{r?L-u&YidH}}Nj)o`)$HKbAz=^(V0Qv~RNq}nEa-5>1g6Sk@~Rd*V?1=Ntv<^~ zw@Iy_w1PEaSTIg=_*8+;>mnNmcwmeytN=WAu6o-{{@S}1_Q5>m8GXm4A*FLG!Ls;@ z*Tq-Mr(0WyqGN9}wtndu2iY@Ki6T zU7tE4HZDi6VfoZajVqS4Z-}by^3+Jr>ptS}9dhJgPq7 zf)_dKS*BmJH7|7!1&wOUQm~BbmJ7Azj#UGHsO!?X3!4omTGVdtbj>>3NkYVk@_(73 zvUwR!KLu(Uyz*Mv+@u3wW|6Ugx#t&ayvVGrhH`n7O!-%Ln%3rC7O<>%JEFacibe9;3g^k&f=1XD5+eKg2tW`%OC8Ektc` zAqg50g5&(=rNmBWj_aS=@mWTT0gYG^`}(29aN1_4KhLIW8)PL*@AAgtN55Lht7uY3 zs`wVwj-#XMQ(T9%g|Z{v@}G9*y&mVsI+uvP#o+7afppDLrFdjT92Mgy9YrCWKZ1NQ zt>`z`wo~gCmpW>>+cJU)=dkpyzUB*w=ecx~&bd>u9lAHxfj48C@h#<^n+>9CqAC31 zW801a!RcJRzMpGzC9Jlpt^|OUDb78O25wB^HLHzE`%t|W@J(xF1gx^Wid3I<^&Hn1 zX|2P0bqhNg-b*%<%U8}8Odh0AO_|SlrcFy%{>QU4xf^5jzJJ*=#-x9U^-A40KT|ex49FmZ~ zCOpg@IR5}WXemnPujv|Qp8A~LAn`4vcRF(@k{f(-IuSRvN@U61~0AbXavwWVXonwlz0tUZ$TYb0h6N6ZT@$w9OtL417`6q_@#-VrXUiJcQ1LfxtM)}qfulPdqM7T&T@8q|&zmZ8>nD-r+Zkfg@rD3K);jb4>qUm?miD?U6NN}&+MtfGb z{4Bj+Ptk5P`zc|!k=Q#8zj?h+;Y^uE=c)J$##dH4dAQN^$n`7PCP2ifB{}5RWhKs` zKD&FUU)w~mvK&OKjjVIdKN`ie2LiR+XI7I*xZjVm%ei9CH~{iT<5=DzwZGNmw|k{) zy9AIn(bPAsYNc_VPM2<$HVr=5;YG`C0DPc#u4?yDOJ6$a^3aTuamO^k=l=k;>~A6- zSjsT@aopFB__JJtPt}E#S-Efn61@+#21&F!(_MQzCTFurU@dt@5A+ReAq5~z=+cH#tD)l?>4NIqkZDSyNUo3LN1fKj; zQL(F^Msl~1U)wK{Z*v?wlY5q z5;)Xs{cDl%7Ny~sH7!kVvbtrH%jbn$7G>-+?}1qb%*&6B)_U)bZ1k-Q!&h2uiHVj; zrC=1}BOrbvxXn`X`$>ZO^2Q~3<(R(no?Gkmpl(dt@Xv|wTHRz0@LaT8WE=61QCe2o zy~W$d9MgToVHnQt^=YdMnDBoY>315Qyz|8**Hf81prC!uIpUzwG)-35Ru&fOBstDA z_fL9)`OiQ}W%HUHqA;Wu_w}yJ!!K!VadRZDo@N0YclM1!pvqiE42W$s1- zk=%Ql`SZn|H@VSu8T6~G6pmOJh`_)k6WsoFtPDAIvF_gvb*mo~cvc&^^x!TRFru?# z51vT_lUhF$z9D#n;NQc!lSZ(!x$!OZf;)N0&ycO$b?gmY`Wh(M_`kqD5!7`pZsWun zjr5JEO2&DMMY@_#NrdpMcLh#pywSN%U&7`l8Ez%<( z7YF5k&%JWK2KZ;B>z7_4janbvI}9c;SWPZ)2(yVsjh}ImqUuzwB0L4^KLY)LO<^%;Q7-^)BGV~vbriaRU2Akl^Ju(O-)@FpfzdFO5yAjup)z0|0UV_9ejgEyZv3%QE zqsb@JAXb2r*ySepW8!}gwx8n`j9F>dv2OCSg5JezhSWSlZ?EnxZlK>NCj~|neJC|@ zMs&AUmOBRg+&|1p{{RT|tmv<2k)@2z#YxB=b3DH1GcR4*XM%7Eaa>XiK1B@`h2iVtLqx?C!zSp#id2H@yGPjxgzI?DcnrqC` zFK1lFO+A#~?!d~Hz$UFswvo*1S`N2* zg7WdMB5dzGV|78MSUgVpiY^fp4{`LQP92DK9WvL$)-&ECM-_OAh>)d#Bq-zhRoPon zsOhQgmijabQAMOkGu1z>cb58Yn+2*Ahxeg=X3lBKT4)+|BX0`bYR=Hb1Z2sArHEhW z#dvp&^y@7b%v;8VB}UsKImjd)qv=`hXk&PPO4D^^^R)}K(lqjPw)CrU$i=nBT>`Z;w(<6U4SHZty%A{?cU--ZLT!QL5yxdS${f4Oz=M$ zTHIP{_ETDkrL?&FrW2M^llOq=IIns5O$Ul}>vw|o;`93s>k~y2lk&fQzl8%{XS>gP zabe~N-6MsQYakqx>+M`_ptEXB{{UoNw+uGz&m>V`JejN^Xf+KoJ4Z{GWBbN`x^vD2 zXIgk6ltT!ehy}Tjjft#bK^zF@H>3TC;$QnkH=4js>WOGm1 zm&j%KgH-W-hM_zE0B5a*f(?;Pl3AO%HRS7aJ@Jw$%#-eHxgd<3(s3ci#>@Da+FP}R zun=$t-1imJ_(Q_SS(sgj6w83?#x{)eP)6FHQpe!SZ5v4YP1M3knFD}V8xA@e@lP0N zkZRCf>eCXJLt>%883VQ|oQk>gPN*f1P?2MSiL17HtHS6G6;$#EMyLa#{@T=a zOP18#qkWNu5ycn*RC)pUR_t?J%LtN9#qdZ5l%9f;xeCQR(?(g_&0ZHA52b1~k+(xQ z2P2c7mCq-ki#f}wE$=Y{lFp}|IIhFPdaN2s#S&QM!)|BK-X5RMnpV)L#h*y&J|ojF z^w_70-rmI!?Z8Yi&Uw#sS@(MOmwPa6?iMmbuo*RRxvDB#-}rZ14W`HY`>0$n8@7?3 zQC&=O+uE#_-(+T#U=7D1Pjg$w{Q=0d(A-ZHK2&kRhr=#D_ogexej@9yZ1G0|5A8;M zzaYjj>qjv>x7fndbrTl(?vrxuASgIHy=xQ3n*7$54>p+ucCzeM9R2g${c1*)v@!JC z1F8saB%KIV-P0K$RcVjeuOwL!{&9iNB7u*zg7QhkHtZv|cMR+}ApL88_Rd8xG;%y_ zj6P%Dv#3;JGitWxicIzC(z2t`Cf2SemSvFk869goqhzc%`xO%!MdUlJF+C?nG_p0Hraz+aK zRmE8I)yeLxp^D|;jz;4@cw>)Rq_HMsSfob-Jx^R!9W=*5H_Riz+QbZ=pjNPG(6S&M zdBDX~Wn;3Lt)?r@B%kSVLKhoQjPI}L3;qaY`(a1$PxhaGgdQx^&Yj?Y6@d!Jk|Aq? zxKeU(3FLk?X>N8xD^vSU*X&l!!ovP?<8)FElA-8-BV1MWjI+lqQy|#Gjyf9Tk};GI zhCVv@X4=9zwGj;a9GGr)FG1Ojen5WL9||n|Z{b^u8;faVl_6_w;d0VMbI;+QmNUqOoKj7%o_3vqe@ zTX>dWG!v7<+gBy?rqgI-NY6#4>hABZsWI;ikB{i zeM*wH)r`WSqdbCWl~tk*8n2yCXs}$vWqWTRQVvRaxIW~8 zT{vkZ?qyaw8~zj3MuH46Nh(0hICseWJ*(Wb+xWF9E#$X<-8Kt?cqhGmt`>2 zO=&sZ@}7DD-miF@$2Tx(noK@odCa6X!;pOm9jGxm6XKiexD_@<6om3rWa7EqUVEt- z9ECAAUB{oofHM|5S<$z;?pzbkO6VH$;^xj3w}rN=1;`wz^`H-;JR_p$_c|nU>NfFt z>cPy8Y5pwmo|moZZzZhp%WWPB!Q(mOnhu(9(Bu3yZJ_v034YrQR?jm8fcD**v8lXv z*0(oqqH+N#$LmwfRHBcaZ9G$OZZ7B4qet585D-@*J?ooU<&tNX+j79fwlnY2i(gX- zMO^Ic$Ye=nQR%n6X<9XgkA3EbG21(G2;(Q(sLb~717B%+#P<oTI$6;Q8HO)1l zu$I>Nz0(3_LbwQiz3W3K24A?f#s$?^#dgHZdNvJf_ zMkH5eat3kInAM`Fn*Z4-kWz(he_QDkI zQ;d>5C>&7^t)ngKwYskGPI5;|=rk_}{hY>vLAA!x4@IEAW^$*&_d0&Pdo0NUTQdfY zl=4q{^m_|mJ*dy59Y;*HcZE*ZBaG5EjWeC_hLd$Y^9f-uZ5r;8TY`PFTJzg3 z`I^{yDvgo@P+umt9im$57kY$mxq9Ily(`_U^k^O=y0}#H!sE;}jF|aZ(Ar$XXKa3S zWQ^purEogNtM;pbG)f|MZ$!!vkF;o)ZewD>&dW1J}+#Ohki+D&+ zUZj6sD@Xz9S9>N{)5=m%4Y(M^aoXMVYnY;cCBWq7v?((()5K4vtdq$)vjP8Fyg>I&tRRG@H2xu&$R#)nIf2;kQcPcaGI1v~;$5oSW22`yxYu^siL#uZb-hceX`I zi>XW=x%L#qXL!neKtLiS#lgVt0rsyRi$~hOYFU}SZLN{cYTSAlHZtz|YgrZu)VhzD zWO4Y{IR%y0qo_0O*ua-#+NvTu7&J@qBtK=}xR7$AoL0~F+&3{vWhBB}9g=q{)j(FX zdoL;BNOK|+^LI71r|P>dmTiQ`5d?-f&$ToMMJ%?yBZ$o%w230QVIV&!Q(UAL?`wNC zz1)#Ywokl0J65VeW6gM65aE*e%o_chyvrO=MNupkA zKWGq14tPEJ?L@9pIC;&Po{d=k7VvG{`lZ9od~T;e z>=PIRzkj7_kSU&#rCNyOYkPtN;PZ|#>6)ji+QDu_EKy=7J$g_IM?J1-mTfY5S4%o{ z!k#J%Juy{Y*d3d>Ty-@Pm5WT;f;nuL?7%C!ah!C`a9YQRu1=!*6q<4<$zgGxPt*MN zsrG|2Ev^QcF_K6{>vA@;9tj<5(>yt-Tx*&w?TYVHZmfEACmlaZSGWz)?BtNixZ%)% zGv2w)YgD__wT2OSu2%q%ai67Ih>~3eZEE)J%3G->kS2a$Tcty!Y4U4!xS3^DEy2ea z^%Yh$jBa&zUJ%o)v`3uCt#lj^gR24FnV`LryW?r>aoU1px*fw^!omp3#9>|(t^qY$ zRJllFSB1z{1Oc9y?@;I1#lfCycd2=^h%Ov9PbAkleJVw8SvG|y86E0e#~2QR=&Xoc z8fecOdCgvm(@@uSb!fz}Dn>Sg?b@y}G(ED3mwwkA09UPf$BMO~9L|yzeV~pFOP^sVzNbB)>4_DH)hw-pKIS+Blardl z@jr;K?eFa_?;W7Hm2i=T#xOkvCw9#Z=(UM8J3C3T-eQarYogMkONatHFU;7^dQ>w= z=!^QUhjXSy6sZeNsfPhiEm3Osttqr;w`*;~Bo^yPgNW5G?5=GuQr;zWDqo99hZ9 z6GYBt$phscqPP4lr`zAbbdmn<;n=FFZ_x@_{ZCItRjz&^(n=URgcGa5tC z=Ku~UC|x5;ZDLEL^Tcf$hrtIYn)Uwx26#q&x02pS@LI7djH{L-9Z%yx6{qmFu@YR1 zd(nApoN_SO_pWy5!w>^M+YrTb#~tVcUcwt)7S*DeWo2#=y=prxA?ChWV3FlVkT4kg zzQU$bu%+gD9rdNG_VVS-S1Iy=j^ez}Q)${kYUH!8%n9vHGXt&B{F|K_?H(19;a?%~ zlB3X8FWDel;;$<2eg;o8!1YZl!WL3!6H9R+Z*pkv^ zxQl2mpdXa_RYu)TgQC(SvXw3`B8Js&K*KDG2xaMv8uNRN4h=U@xWCh&hR_nyI8_64 zde+2BMQt-#n^kg>sb-HO7_PR$(B4C^+y3)*eXuHIjE;^iRy#u0#@}qbavKYZ=~g{D z=Wp8WqPvaP1V12Wy=K@LllY3t*U!@;a*^#TjNk)UUvJ$AfmEA};N!UUsW*2p$M062ikL6|4--BKO2zGt(`uZ8U4M1-9Vf!sLIzxvxg>w~KAHjWz=@SZ?Aw z9dV7vyHP0U1-({#n~Ck?NfgAuv+d_Km8sqNcAir(c#v-AwPXjF$>LpZ-uYy)WER~B z#t5#vO7TXoc^kFU1ehEqJw50fBe{;|;`L^TL=XZb9oW)Kb$w@UZQ@PH>{D4KNp2$h+pxGJkz4oB+goX3+zwChk9z9#d#@@fo-}87$zXfdb7qi4H#c)kOhp9nmo!7;4trwC>@WPQ^T5u zr{eo7tINq@h78O^X97YG-G5s2?-yIy>Tj{F)<&H`i~*3nIi%tn9(8r0>E0H#X=RNB zlH{^%7$kQ!<(?vY9aA#dM-nW|F&tp*1M#d`vUfEtE+Mm$&MCx_Hr!=LO22uo#SoSY zaVkjv04lINicJpZ9(+sUOACvLZFO6Sl&D5W84NR@YVSNb;=8F;ZQ3FO<(fv2=OefC zrOHI5(6g;gYGk)F89dn-0gmRnyFEBbXDMh5Z}&mR>rTc@%AZJ{0gs=_Ew`>e8mX;o zPox-NhIe)H!8=Cg8SOxnPESRa`ZT;*?&P@hoyzVU#)R}AO1~D5EtR|7GjEBB*vvYb zzF=`Z8^Sj~XR0Jc=6Q9NJX*97zZE*y{$!uh(J%2uxqGo)$kbGJA zKd5+O3n=wBxBFepB6U#Qh4=TblXaaE^4n8Oma>)NRSF1B54RM#QKU~n@XeUL6WhY6 zYqBy*^y9uOmGO3|W#Fr;A*Sj2hM}mXv%zXX$Jv>HWk3X$6cXv0TK1dv%U8_EBxT#vJbTy7*Pa~I zbeT05o*%Qt=52=yfg<|<06)rtEN~V#*Gb|R&}NQjg_q3SA|*lRg5T1;Lc;Gw7glJ^ z9i7^!jUS)~J#*TVS`?6%QfqhG)!v@Bw&m@n5#^3nPscphs`#L49uV-|p1XIn+epg* z@{U_SPsXtyBRogq9|0m8x>FO|p$0*bg4q0P#%}aq7+qTkY^|@-*1{&7 z+h8ii-0t@r){tFUT&GX)@5J6Gk{hVC*{!Z@Bf+-}Hv$Oh_*bO(XuZPfS2IH-7d~(h zfyia`s|iK!XKVie7p?pcKBoqwZv@iJfo$RjC(IrFtGD<``%m~9%fdPS(MyM1QnFg9EL29HN~snE3LFlI0WG2*0zu0%(=r2uHyI%MD;pnetPJ~;7pwzFimS{<#;sNQ_pNZY+} z#sRH^*&agLo~aWjknUkY$}^0#^nd3qkN;aw}lS}m&29qdtC+%_jnWU>x%*N)ZbHaEfKd8RNJloEFi zwK7kkc1+@YRQi3+nFZ~zi>n6OdwSOcD2*&_?*+sy46U(wKhT}oYRQ=ZLU%wa>xkI-gqL8RtLR&I(`I_hLQ%mcE;F=;lJ6(y?95CyccoeUl@3Y#8Ta?7t;V%+>e$# ze+sX!HE~45-tc#e^zVh9AFzW_5*vYW=Dd;|v$5^AyIa57Z{b&p^-t_AYeu^J6l|b7 z#z`zs_pwuEZ5me>$F?bLbrhZ$(wj}NmMzhk@=nv!cfU2u_+wA;1+K3x#FMSmB|kVL}%x5>z}B_ zM4p0`K8LM*F7ZEyZ?)}OE6p{bQHN`s6cS*boO9Bz&#KyZy60B7@a&C!Z*MG!%#o3_ z1J~*A(y}s?4<)_u{q3%!cP{5=ZL+kIYw=c%xFEOp#>B-Xk&;9nD;2V^}Q@AJVO_d`)_F3*j^Ed+Acqy1tBVhbx_c^#Jx5t$S?~O}(*8 zx#EEtNGUX|6)}%`zIJCPspY;q@rjzoSnV7=yg;IV5C_;-%+}M%sa|}R#~3*{?^hOJ zr`*4+_%`my!9CeXreGKh^R)9+E%f!a-dM1ZoB%~#ioMo{W#OCMJ4}1GyMURUHmrvq zFVpa@l7EWVULUvq$+}OVn`#<)(r_k+#>P5wS5c`&vJ^G%z;Ppt9L#$zR}V+ z#1h{$gsR9}8#tjWm+ZAYPs3X6wa%3hyR!{3a_v9ybm?7YjpI0Ui`JUSq&EN+R#T0h z`K>v03m!$|8@uc6M(0wR@@XMpPQrR0TH(AKuGnjOjL=)3HfZG9RFAwxWJ;HF)O=;4 zeVPa+)K8L=MdpE?RZnX9;!QzqrkX2vZzp#Eij{t)74M_DyRwqz+HoGvP7XQtteq!V zxU;z+Ibz2Ek(2cmX@S@3I&Q1uTUe}Px$>?zV{lRPbKbr0;b*`rj|l5;s_UAqz4ON& z(jy=Zy?FPkl(Z9Q_3cjT3tPm~;D$rKKoF6FtIt~6j`L5`VKNqDF+JBKH3H>A>Aop~ z^4n31Q448(7$GDFDIo3iHQ-(>(BbhWr*A#!#jxBYCHA4`u1^(k+_Ql3PmN$r7UxQi zc%30%DF`2Q4wdt?HoBGk{%w;yyO@2`NU0gMjEbLq> z9)O$^$4bgku!XkJ@0p|2_9u|9jpv{SzLW6hhUdD|E%j#9t!IxOSOM@C1E)WQNE!>L z+hx4j-Q8PjBMRgsxQZLLlGV06Z=aT!oRQ`F?Stw1ieAljV7Dw}WyTLDJlCQ4W5gO& z{ldehPYukl5MOd;w5Bva#@e#lz|+X)7RwSl4_tazm+Af{({C)={wR&Fme}1P0Lkx) zv!Qv6)u8^_wR@?iGeskP;(C26#e7Gj&!*YE+!2{he&FkYQzlDHso|{+Z>>e>Rf!lOa5IrvHf1REK8-gsYPvcYZb-s`AYgDk4RJTtDpE^F zh8u{Ka&z~o3zYH=U%;PiOS{1j?zfdqosXq?-2NMLaTTnq_FcU6)8JQ;RBAs)(ND|%ipU%b_kEk5upl z&ZfoXxU)AJU|*bL2R@+JU#aM^U(BCmV=2HThZ}R+tj1Ag+g&lN=Yra1i6O@?-}0&+ zAoC5ew2YKVI1C3hl%30`y^UQT!?4)c$LG75NnD8sQR`lzY2b%jbiK4yMVkzpxarr5 z&BW=Ax|JgEo5OxJ8@LmCw$M?s20PbAblY2tnC|XYDP~sQ7p6e>p+>@#m5hx;S+~?A zzO>WUGb}$ZmacH8)4g-oz8;2qcv6Arz=errM!TFfTN1% zB-I9?bkO-OhX4$ZyT&-GIomo958LW?*Qowrfg%Nzu*f_f)d!5VTPqzYVe)OBR(zSa z5XU@ir?BGt9`4&38FrRJpp*zY)f+2`Y$F?-%F5U!hBK2}hqEuqc_qa18CW4;KrA@? zDzw3l(xp$!+lS)1!gNA@?QW9&}|LNP{}lM!y*+IsX8HYJSxEPwj*IC-@7+Hu{p@ z_^(B_8h)!2x9>L~199$ijQ%FR-<^ET(c_WrSk#DA(DEOMS|z>ajd>rF2HDibCgcY{ zpVGfEe0ky7>{9Y+Z1Fq{=@#`284gBq?khOT#}m2y)PKQ5z6L|5UtD;%&La1p6BNpOV%VP{`44ZbGL|rEHm;qjMleQdtA8!O)T3kF>IdEV^EUzr~67^GVV21ip# zg^ZYt*4G9%CwAl7x>(jZl0Ps=Rl165*8=qVWKqTTSQaTITrhm({VOW(Mx5=HesSL> ztu(YEQ7&2AqQXPM08mLFb*nlas*$7KTEeclI|<;`CPynHlK$gZhItWPB18Ma4|D5P zlVn+Da6K@2;+d~QLe5o_&Yo5~6oPrLMX}T^Wzx)1K^T_@GWW$h8A)n+uDD(akJ*|z zl$`EU`c(c5(}d%d#+?M#1WHj=c){8kZ3=)C!IO|B%!?4ia+kCJQB!#l)ci#7_n$^^H@>)ZXK3;xapN&$JLUA!QNsZiT z9i(zIH_A%?0EKc|o`-p762`Gyo8tN2wahF-+Vu@`ppi3EyMKR$guDY~V?UCOBt z*&3V=TBRgsDrYf$ZF(Ebv@E1B$j4gt4+^Wn3{YK77U#nd{{Scl9Wz6c6lv;rmL4Y2 z^*ad=F;WES{{Vz8tn>$#XjH3+JGsH*ueq$;j-;%4BznEqh`hVo z$RxLD*s{c1h3(q9>9rp=z%=BWbzP*6+;pT(O^*uHSX|xQc`@!&(08krEe@P~yUTTv zwveFb0OQ-zw2L_2;=!m+vIS*dEIxSWHQj1jL+cUQ80U`N_bFf#?+Vayjn7B$?vk2( zDH^iG0-w5m@yB|p_L&_oW01`xrz15t=xZ3*^M=x0H5ZxOc{s)bHU?5=x<# zAaV{dgG-SNZlPmkV`pz1SFz1-1_~(qwb^(kJCvLWr;ROJ0e1tz_oeL3V>6-gjpfdV zsM*;Eh5XNyusF#-{c5per9p8dD$?*d&t6St(V?rX>bhQ&IItH!Wyh9Jm(Y=n9xKK# z;b|@!Q6AfNIRqZ2qD3TS;od_WYTjV&is`&Lp--!7Fx%Zt9j&f*vo~L;{b@!lQZ#&`n@g76EnZJFzsjfj)U;-g zHu2qz5=|r!N#&V4spU;mj>^{GOMplb=07Mo<&7w<3yiI!IKL5T_ff|J*(JPJ4B($I zo}WQoErpU^rMj4+dE*!a4oy*J#8Etq`ckWeex#m18uGn!!|4v8bc4w9hxZ0|8bc@W zlWqHLtZLW~w}W2IWh&{qd@ry*-16Lt0P^n;DZN{X;EyB%*y&Yt-w;}979iYjjP3b& z>GhzL?YZb0G--Ef736a(#{U2|N$pwJJ}|zx)aTQ*v_TvtRJjBO9r5pq3sW^j*G)P} zG+U5?*0cO?d3@R|F=@LXxLIS#QOgb7{+XbzeGW<)-EQOa3;e(auSnDMNhXZQujEL) zp<{#i)x{V}S3GlD@P4^3iKM=i2aN%3z?`urx@+$e&7$~zdmDL}TrtC`P(uJa)!ACa z>~g*uw4Qf;PV5GO->xx{UrcD0nqB^nHk)T=Ks~{7Rmi|m>0K4qif$GL zv{d<2{H@nD&g9D|!>rx^0A}2+)8QGiz;(x^Q@qp>?B4DS$f%qtJd^2Eh?R~Ec!KF; zkuN}3UfW`G z+a=X+?yW8(M2=UB_?brlRTF!xS~$AWrj`q(Iadl!!|PWRN$e3^>l&7y71j5dJ;afM zS!9~<8dcE{&WG^#2~gY-aD0tb{r_q2d!w!tm)TK zfoTbe_a1#{1E|ukrfoV=v15yn4?=62nNoS2EX})c$OoFFz}LBscGG8DXkKy%$UQ)= zi^4Y9f;*>1RSqz?^r6U}Vy}qow7nwM{Iqgv5M41oTl0cOG0kV$>5cXXW0^Xj#?MNS zdX+Ce&0`2iPn9t0N2OSX>Q}M*I?PrnM<8*}tpy{L{{V!4RGIHLTb5jgNdW3GQCPe& zKE?&y9B_J8GA%&SyVoUwO2r(Q+l=D$?7YjuoGIu@WN3QzV-(sRmIy3EyOwl&kUj`iH=BKGPUYDJ@$&$8ga4O z6vP>njBP#XjO2Vvtu#>|v&^iADU5WkUrM`?5X%cn@iFHfqpoR5Xa`CCrRE_au_}9G z6@_S=*O+Gd*Y z?O6AA3NS0L@SOf$pz#G)m5vwvn$^f>so!|(N7LbtPrbNNsFgSw<+15pP0x;^)WP%Y zqL@ZVOo5)A>Kuzy`<$v>Pdw@&W`;1sX&eE~YihnA&Y^70YV&OZIUI4*y+Hk$&|7$q zP7qz83Acc&oaEP;U1<|*I;+SV$qwE50)cxo&@|0H>qfS_Np50mD4680M(vSYABtqr z^@t;pLa&x^vY&dm%EdVJG*d-_-%QhGwDTo`RmSbS79BwSD_Y&GZEaO0aTLM29+fSR zl-|>|$aQI2*byg|0pM^4YLi^BismJB11b*D-1|~8lCkDmb)D4rcd;9AkVS_x>o*YDPIULT4|>2j1atXtjYCqhzj#zQI588!&w56&J#XSZl@*4UqBW!z!0st5V1Ds|C+6wXk@*_( zJx4~4`o={N#RJBr!{d>P3KPMz>Cz-{xoca1-dnSbZv(w|+OLc!(5+^JMn7t?ZVKRM zcfaRA4YJnVJUekc&bGsEl#+M2P1}oO1p812eHNi>e-lRN5fl(N z9t}Yq!EHKEu}q>wka9RUtYnFn#VbD$Ts+Q!eAu}MC%tTGk;|^?6UAv{Uf~xc1>*p9 z{VJ)LwV}-FekYn=GeWSveLhv0OUSW+8y~};O0fd@_g0rabbe|`K4uvnoK}L2Yk)9o_B5S&w78AiPQeyG0 z4mV@1bdY#qwA+Z)43Uw*{<)w{SnF&em9ZJ(Lcjss)S8B#BA5mxm~|NHXdf{(j+|x5 zl7AsOpQT}3>3WOm7bx!p`dK5(*m6L}Ijy2eO5Z|*Nx70pq}{uprEE3l+3c>PS<>F; zqOlz+gn9J$H&+wewDXhYjJ`Mx?_I^OjCAXJZA6!oVkRQz?w@+bOHrO_3O=o;M>xz=#&m^@=WDH*c$z3#DV1lErWAY~W@cy4Re^c`aBOwq)%NNu53$CxySsNd9KsHB%YZa>vG1)bd3{Q)n!X-r?*gJ3^S4I{(WdE$3w(?m)5UtHA$^) ztR=YT5R3&Kznx~h2T6O&Xkq^VMn&9Z&UX{Zt!a?a&E4y|G*;q_k^MX86khQ;8FjFu;* zVp@lD9@*m&D~V91aqerPv7K9LDzd)r{V5YD*z97wf;=JemTm#T-w*h{#>Ud;N?T~BzE=m$EJ0QD$Gvga z@lB}ecP7F&m1c7z07)d{82u;%g=@`YPt`7(Ii`jv$O=2D@BJ&&d@HF)mx61QHw^2M zf!=^Rj}Ys#X|Sc$iQ4$+Pg7iEpAixpe=}^KYE~aAoaTTdVPoO}9q5lUOhY@c!QJm& z7l-^MV`q2gLw45}Wc|W0SJ+Sn?e(sxy4W)qmrq67$=3v9pXXe!#5wfq-5TQeOnX`1 z%h~&({6Jv-pwKhtNp!nW;b^>4Cy?B=$b)2SleB@)(x9}}bom|`;tuWNy)?^V81dsY1(!|>m` z3BiDt7DFUe#r_`$fHxjSO#z6Z_ciDnQ4v)!ya@`%AIT zM$VPzmoaKGYPTMIY!EP1IL6^fsG>bedz~im!o$i%+S~gOdk@m8#p0Qyo%F@U%zMww z4;cJt9Jkc(JT13Hv(@!E3quTKvnd4mgpc7B>MQXJP15uTHA`8dS(pq5ILmh6(@f8l z;WghLYu-E6^xOST=4;nTHZJ4BuN;1q=_kBv8Kr9o78MMU?p%gGwX$Tm9%F1KTic6- zd18_9xabGcvb;l~>I-dWeLdP+MfRm)>;c|0_ebeOwkcfc?zMRDE$z2WADq7~(d;_Z zQ)ug}X_qBgW4Q%N790iVKhm+WNa8GXm@MyQvUic-<(a_G9+mC?01kAGHtq@G(x!^m zDT#dSIF-E*zZ6(}%)z_YjGCW{v~4#|TkE?;Amx5l_Z)QXUp;uw#W$L)sP~$BX{!nZ z!pKNw9AthNp`uR&*E~X+YFysDj;*^Pf$8mBt9Z(NQSF2_r^#Malgl_c$)s%uq3;$q zkYDJqXE5p`59Z|K@~@Hg4;6UhO7VuRrD}dG)OBqdN!nOM(qST8@wIC?Xi@L}2J!EL zyg#o;dEyzP)RV~poH_phM=xfYAGW=t>@onkTycr|G3&QCzXZ5C$>N*1Y3e@yxn?IZ7oX}C6e zezD*?PY=4-YUdY3xz#RAF+(yK*z!gON2OVeqI#c(JTIu* z+v<(tEjmTe1-X~b9W#Oe+(0A0Kb>(mPiuW|H}*qF@I*HqqwbIMiVU1}HGUubL%Nq& zgF)0Jo_M5E5maYs1F5fGo5kK8(u9eqTq?*^#v;dao=>JJTT+xxHup^zcFimouPw2N zfQmR@rFrd>+fHL^n3`)CSZn}eBpPC|?4B09hD+NGN(1HFs{&(Toc(I=k0fim*)=P7 zg4!{k;lnqkC?z95;fna5TGF*BFC>&gzH5!gYk7OPgqo@ z6&YfqxyNb^qC@cSOno;~hWlB!kz)SbLm`+@!DIFGj4(vJQLofs~RO^vGCrg_ZqFXn=PE{r?f?uR2c+k^y^;D zd3oV&D#F6^Ow(HF%ZSTFGT&A{ooZCN1&4T}#kN|$mtuTBq>FuNTlcIo1Xvgt_pd4N z+iLLY^J}`JJkq-|EOYRrkK!EWwT%0YCJ%~yC#`trRq~@O`t9QF^IwBO@J+lv2!_Tjet6_b z9526oax+O8xgQyLV^;BQhpNmqX{5QDZb+5Os*d|}Uh$;JX0@8>?by2l>W95)?8}U< z&o1%azkR2zw3=LK(!86civ#BNsIGi3YvQ|mEA2w_%eI!>`NAc`!sj?&<;`be(GP?? zKc(q6aOtmP!q5Y?yOtg6vAXeW`fjo`JuRbIOeN(6kOY6qt_X)d#cB13e3|ZJf=DNo zL2~_aIIOKpRJp#=&7IZ6vcrNAK{y%qtqj@0-DnzuX>qg=tTsR0e*U0R>6&JpXQWAR z&?;OOAuxH}?maryUrQ0o(C4mi!;K0 z{{Xh^l3CgjoSa}&j^+D9w|@}na@j7FwhpqYtZK{hjyku!Yw3d47qhTJ(p|ag zc`QDau{xe%@jJ%w=~|5b8Pc9XZ-BE&AQ^WV%KD5EUP0l#Us2Mvt6f7+NnH{^&J=og z&1T`)UdqR^__N|w=Z`$GJ*0NFki;Pv2P{E3uPxLkwu}}zL>`rxtZC`-+FaP;DV`3Z zO~*O+rJF^tw}RWqk>$DEH#RsFqz9;YQqnsnW)}&#kli{8`Xfd09-gUfZ8hpf&ih!q za8GO>TF+Kw;?G6#MV^aeW2WB0IxM`$y^eh6>w)@Lm*2|zi#iEPL^1b$XpZBH=uo}V zqMkXejErDlK4o$aYr#G+uCr}r2AQR5Q^c_l&k`JYqtn{DVIHQbo;_)z-_0CNx>k>3TK7#C6Eh#5aT|V>prqNkYo!Zyy40>C+h`n>%Yc5EuA@!yCxTuT zk4|QNM{n;RVw5MkjQUVwn{LMo@gCpAcUJaR-We19km08h0J;24ad7A#5@xZoOCxi7 zsNtCn!yt$T2PYj*6uD8PVtor^F0K8Sc`TA*;lM0dZUX}x9^ESj()r9&G=?bNGs_R+ zH4eg*Pbc`Htm+MJX0(;=ZrL|yImSC0Z|wQ4&LY%gz7nLNnpRm?05I&Q(3-e}WudF$ z&lBqYDe(p3-59>i7_XNSU?}6S=Uo1=;Jrrj2;j6VzGyyH2?0(!)gx6a9ird9>AY$RbLHjv$TfaS#Tj^ z^D!ACpXpfKXG`K({2irP-D^Wodv(}Fyk<@vyOtd*!F2EK4-wu=G%F11xdpR~dsTC@ z87mk60I{X==R{dP)r_yEYdNF3XjL!dTX%@$jQ#G_ERvL0$!d+X#_qu52fcbvPq(-;DA>)(TFOm@>~{Juh9l9@C4tsgZgzq9N2PWbI#tY;iE{PD6eRJ5vTZ1 zZkr9nt&RTxBNCr{(+#K zcWvS?4(R$?=@tfMxmMeqgZGQ*e=4tGs$9zij#knrcb$Zvobg+j$y~dqT_y3kmSG%l z+kWwkrvhw$3isx?jW*|9@n?wc1g{m1x}C{yw0+F>^r_@TsM()Hwwb5d>51Q>sebS?p9VYPkDLoTBn zk-34R+s4ulQSC{<%1-B-f5Jm&p=)m=Kxc+c#or$)wR+@M@M{`gpL-qDHxNt7jSfoV z)~!dWjG}Yeotz16GKtyKb}*})R{?&oS?zBuh=C+CCh4(#K#OcXr8tb1I7MtV{=jESHx0S97*8N#sRCWELYun#0?SMD`abMkC{hT(g9u`UMq(LkW4nxM=gZ)1Wnd}mg#A`Zq7m!N~ zrwHTnuY`U#XvWScrHa$cG0Ek=)%(iF89z_ySeVHCqWz)%7HR$<@TZIPxiq+SDdvaw zQ91?(J@M)@U&^P&e~0sU2gdq`hQ7^p1gk4czD5Ijo}>@26|`N%<)x1>xbo9%Z5~jP z2?w0kJcO$xN>7y-#t7%@nxmGah@)INBXbU!>zbWoea?lu@tU|Cz>#p{AZ4(4{c6M! z#~Ly&`7yxB&MH~aOU#4JW!$_r22Ed3K-)3O?a1~NBy~mDb-N_4s-a+v1Gj1W)$9KN z1AZs?kKo6}{{RR4Oz`mz`fICPsXy`e2Jf94*CUQ=M|Gjm8k!&7-|V6B)5E_Kd@JGq z0EoIRy4Yx@2xXcNIAx%a57kab9XPMmod;62xkZBB>M2knylkiMDH;B?%T#>kmZxoR ze`@xVkf4yr-PMP^e>#8gUVqrj{uW2VohSB@@Q#afajIC#A=VPs+&M;3fh!zj4hP^x zc~#S~RNq7SDEM*Wh-@yNJIU2`R1FwLKQeQS5!lz%x^wCmHn3gC8m0haj;ubl;A82# z^E0tCW=luZVPdEiwvZ2@uNV7vv!~qLM?3DA$YYFy@{#`l>i$*bQ;wk7*V^hIXlNmM z!oC0`o(I;u-w0i5S|+y3dw2G$7b~&XouklW>t9Ef%F;(Qc%NnH;t6d8?2aN~w|fq? zk9dpcl!!2t`kpcLucoKi^Jf$hXe)ft%HRiD?DV*;G->UYNTl*#AeHH#TIr1XGoDeo z((CrNH__W(+m-a%qo2mI?B;^bCqf%JIL}Phh9?`XBnvJIY?;R8Vd^QGWU~26leiLR z859BA!s%@TUQ0AFY~T!h&sZ9li1hW^mZjCPhukg}!0$irNTQD%iy` zhr_>?56zzS(j=3`XwuuWg#(UirC}HvP2I)xk|pY_ZNCH1iu4;h`z;b!ipJh<)0_^q zlLWOj{6TwVu4ycaBJ&5!oxGBJSBTvBTIjg8iPy^93EXkdy$Kq7GoOk`^lSBo1&l`?^8sq#zmfC|f@yNS}p~Wd|1~!|h&7<5aTe2+JA$JVc zXNff|s!MX;eYSy~m5s)6?Qk&L8zaBHWZcZm3XW!<=Pe;V|=nf}pirqK*aK-+`U z@u`*0ns79uK^>+l4-MHw~jB9-ftOW>QC=>6%T%n!ByRBj)6H#e1asJ(M~znI>xp zqfN~1T3<_$c>bq1_Ku@(_Uy``#>dIX$9nBoT1_HY8+(-?1%BR@i)ASoR~Bbc)^Gem zw-U)as>XMopcB*csNR1#7)bk>KUzkd=*_sAJ1y5zvaC46A4=G^zHcGkCuEZ!DfRcD z9L7Y9*9&tg`I`fAt*v`m)O0O6-B4|bjz(MW8fn;krY4c&)^F_{GWAUDJYZuSDbEBS z!nSm~n|qk%grlsAcYMROZwZ*xi6*t-`wN>pYl*^2?sypcy!zKbEhMnf;k>nz%#aYF zd#!6dj$@R&)mZqJD_iNMmPb(TdhG}L*I#R=Ms*uv^RucSke-6F13Smh6`kd&w~ugN zzUQePwU4LHRbsfcoHHJHJt!^6TkS@8u71$7IhXF8rvTIR`xezM86`Mp#xvf7NHx@h zTe#8m1!(l9M7d%6%nnO?{#DA{c(VFL5W_PxL56v(`I*tmiEVz>eQ?sW*d4(gi8OoF(zKg(u7W9*!sCIE1!XM_slnLa)-_!+TM3rZNawj^C`NwfE9G5zZp`a% zmdi2DYd&;o?9WZ`KA-k`C}6nDA`blKzK!taxnpIe-7X@5&Lbe8&ON;wO zWi`^rboT7VPnjH^2==cgdq@|~iPg7v;9#0OJFVMY>LSwg z`D6G={zqmnB$ z10Czpyb}$uwtI+NLav+3dXOjrJ#Sb0d$qRbFm-J76|LcYBGzfy*s72+x#TgR(l8(6 zUkPd2jJH=ddgEz#UuRg%N=|Y+sKFVp95{15Djm2O>xz8kIOuJ) zteS1Lq^#yxV*xhfJPPvf6y90Edh^8ziZ;t|Is9nmF_5}OuK>4c9amxJIOG~*-&{4U znVE74eos$Ir6Uq8B1hHlO{K%TB#VQ`7!_ky_}VyOOc&2=s*ZO?ImRnDNsjt$a`y7^O}&U9LxIEp z0Fyvi>*KvPGwz%b4t{@i^{T!h@xjyQEultQ(N1IE#(t)O#+l8XYgF+~%n{zkVn8#r z9xKt)#2QRmF}1Xbjq>3{fw~V&P+uX&PiJ%`Sqn`&J7;OFi2OgTM*>`Lga%=?3Fx#i z_GH@EjBNA`I%qVz%X{12VV4P?D3ODYdhyK~dzno4E0ZfbF9$j2y<+2S4Ro>XS~iCO zv6ACfWHTvEuG(+%}CB>{?_IM}F~<2?zaIs*F36C)n}GqP|y{-ZOdck1&JA zN2PR@Epnk&SqrCZ*FuTQCeJ|d)}3zmhW1#`of49mKcDigUl2W>wWM5II`0JGl=LIg zp`sPeDhnfPrM!q05gQzJT8`H3r;all5zaDdTyAWO_BOIfcw#HNjFazHJVR(_vXTS{ zuBn0#dP){GPeYy4C%B8qw3xKm$XCu6ofGVf8uB6=`~AyQMXn>6X*nvEAnoa-eqfu5ZKIDrgWG zmPu}686Zf+?e_Xr3~j}vH*wu2z!i>o<82be)>aPC#&OV)ITbHp63!baEyp|3TanY5w@eK{g&K~-zsk-=qnb6yv{DnvLUF z+kKiB=rfawL1RAEAcAEtBNLyy(AQI->K58{*t{&UvbHh77(Hka=DsAJ>Rm$SP*!&? z+Z(RcJ%w#qUPTU-Z4kE2!w;Rv`^VaYNXwztK?UTRQcJi468yLT9M>PJ-QPf#$uRlf zsU6J*g?l?~PFU7P`D5SI_ciG@7SCs=PjPm;B-|BGe0quoWb2+HOKlGCPn8_WIS7tA z=Dce9OQUHWl0WYA^KLmNorvZ}=8NJh+ZbbpNtvQfK+bVmBJSr^-tfsPF*(g3QaaxZ z2ht^$^6{N*$O^=dzJ9f};vW!drZXOoZ38n7vK(#taZFP$Sw}Kxo@+o7^@iz4Zne!_ z-U*^Qa}$O+CWqu?ZRwhAoJPUyN-il=NYFZV&fy5_^0AHqPo&{Taz+_ zu;(1(zw2IkqU!plp(X2ILa4GSO~7!=P;7D5(a&e9%>x#}%&{3B|Dor}q!kQGR92XL_A*3MWwmQ`~yjgW^qTF8S z?{RH)Djnnvq%WthtvJORSn+k#!?J6L_%LTk4kjHk%+bh{Su;~}9>TpZ#~&Lc(Dm&{L$L70 z%UVdJE$SiKfsfq-r%DZMc#YqP8bf%pD#DUvanyrY9v9Z*@ZH>I%?^CRPDfCB)m#rn zyZ*stZDnlYH!i2;Q;nzAxJ@$t&ht>YX!*l)>xz6F~I3nF~H>@(y#BXLp=NKkn_$fxwX>t*yCuX zMKZALJ62_L8FOfM;m?%i6Fe_U?rrqzKe9(Jl8DMONj+#XlhovOxjg&UlFl(30zT;P zT2NVEOdZ-Jb|5h%<7uQw+dmNqbsJqWd3Gu>X~K@)_1@TCXnrV$OS>?)Hf&6LvFXQp z2<2xQbb)WJJ6lO0Lxtn+j(XHFMLwshUR$&iMzBZ$a=bXeJRioHXL+eySle4-#@wWP z0+QWH$0oeeJGiI3xmC6br|)B?X#u4!j|QO}HakGK+7zxbDtm1JM+}xwBx=e}KhlEY z&S5+->m&1)-6L9R_Plp&T5Z6Nf|7B-8F?Cd2~D2f11+1D@5{_*voAEFrtKv=PT3$XDtIy+odcMOf=B?rb#uQLSK}D@&(MuE>9f-xVzE zvCDF>kv*~>z6S=P;~j524{J5thA|R)ab6AL4O$sINqMmrI2l8!1mN}W`Bid()%a6N z(C)O`%e#r=T|x}BA=q=1+OKQ&K2Dahk1OpM4lpuJOO1+*tbG3fu50?{s@7Uf){HE? zve=bCJIDJ*lSs6+wN}2kW&2c286zO(L!OzWRGI7=ezg_mi*YR0?+XEzOk^oF=Q`An zstY?ch+V2k56ZlPIul6Dxu!{Z9=8UZk(F@^$;Y7U{cGEF7;N>u9!R5@38M_GvT>Ye zIQQb7z;HT-i5{Gc%IML?I_D%0df;`fCey_?mN82_(M1=`sa4>btb%*9t~70-In&Kn` z8-+PpFmcwlyd~ilpI)(MypGZVDBR97Q^RXZeaZ@i5O{)`bKs_dQ#}-xp)j^vj(ZYb$FTh@xO$oJtQ)Yvlg` zjJ_?7=TWg{j1tfDBvA}V2R!~2JddGDHfNw-==T0J@GZ3PM>N`Oo>Ifk40suA`d1-) z;UD-%?I4ybST!kR7+A}5x2Hbz-%-ma9TkY;l@)k9*N>Pq{p3#u3JTNWne3cI{tLcw5Cj7t{#Q^ft6>#*GJ-6Yet} zMo)g#4ZVRT!^O6VWuj{uZOxUS-3!E6I);soFnpoW=u$_l{5Me? zx@EqjZ7jNt_0n3x>M#aL{+0C?iM(N>{5-qV{53Eawzd+h%`{Ph@wPkTo;l*PZS^&b z4-nR+(fm!T>%Kkk!rsFz;14vCArFu-k~?*;5Yjb9@b8N?ON~PM?&+t9h}GmJQ#@v* z-`SppphzXvpI$d8%jFo+2+mG=^{G5!y1$6qPql*Q?6%0ojs`)`9Ewtjl;hCFi^HBB z&^%Y9>H3bh7}dOhgeryF&Ckj+*NXIS5bAnggfzo*9KdVagl`PMFxW@l!5HXim^66> zp0lT4JkO~;vrJ_D%BUSZ{{UL`O-sby2hucsD&8x|f3{>_E=bX`d;G?(H`o&Fd~@*^ z#x|?sm~7FOYk1f(+mbV$mF=DZ)oy%O=fP(jR@U&Y=E`AubkBTMdp_f5rCV59#W{UK z-5eqLN)V?$y*gJF;~@&_DSc-Q5GleCda$iy2eFiyoVM+C2x%fNI(r(?{{Vz;c%ikv zDZL$;7Cd#vKgNd}1R22U?R9=8Q60sgjNryW8%Iq3mB+@HP?&5)(oHF0g(o|!IZDNn zP2s!05o#8&T1pWh%gzD*5Dj{Vf&3?ZsA>1IS`lw!Z@_t5mggL2lT@9+<31tkD7R2q znBFUtQ4wWK40Hth`_=`$^twi#Be0#k_fz}KkW~F@t<(%{8^iGGR@c`Wwxb(6FgsZC zeuBHdF3(NVrIOFc+JGTa_$TRCu+q67hP3rbIA>G?wYgbnZJ<`dkNajYB#z`l+uRzl@O-D$C6aY5d zZuR4uq!Q3--6SbA3mKKroz6N}KXD{_o#Md;)owB|S;`%bXDc#0u-beAD8#PkBjr8o zt?*8tf2qi}g(Uk%-!b=*g&y^oxsPbm^cR%?jX~ZpeX&b(;JYQhf*ne7=!~*#S2)Ny z=N;${bbHho*ED2`Tf2Rhob>sB3iG?m`%MG)Qo9CuNKi6KCnk#!-Sjac@eTL( zg|v-(_B}mv&5@GF`c^-RY^}AssWl0&Rsb=Xr0Cf7tsu%x-%^aWFq=59)luz;*bX|8 zQD}EoS2~@vO3U_5_>hi5kELi`%O4RTp4Y>0-daf?lP$rB9{d1v`qz_qPfC45RJYxQ zg0M&u?8z?yCyo-Ybb4`yt=m1$@2=G_&j5t1w)ne z5}Btw8h)4Id+Qr@Xr+-!k)&*vyf zp4qP@TrZi}=hnH!u#ZQ%OAAQWClBSw3GbeUsxr2NQs_^n8wA%TOUM>5TlbhBc;lse zSBH&_>5ddw1b8e9FWnWOxtY=3S=%hpu9;#jq9f;UbGgTSR6Zr2Ot$doveh7l;YzcQ zkZxwiHst;k7Z=?4hg9&5t*!KW!XL0(ZVDnig~{};-^IEPnHPsFmrB%SZA*B0_JCJ! zpf!xUoe*6`(yTQ*D?=$ksk_m7f$rMR+B6}W}q*^@pFh~2gbs+EtYsP$Kr^|7vJBb81 zEC|jA;wns!J{l#;$s4@iyHml>-md3N)Nf-$4V(=msJUJ{ikU{_OI?p)@QPp9+ev?` z+#9>wgOCdlBlZHjd+!mfRx2E=+cswh@v5;=N6kJxU29R)t?yu%y_q|Fymcquw!R+t zOg6J`d#bcncH$!I!6k?!;Qm!gM(~Go)jW0M_;lSqOI<$BD5hXawllZ2e5(}No}oB< z_g^*JC4j&u+NwsbHb--%X(<-#i6xeHE6|=4*Hxw7YW8YGXbK*~uhOE#okiyn85S1a zz#O+3uQAr=TWMX=MKUqS0MILs@J@vWp?iI(>yn~cs*;L&^yohvRFm5iaQ;+2Qf|VJ zYS~KUIg6+pi+dfB!6U9lc4sZyrF5PTO&>(n%-4w(z4XXH6CPjKQ!?h%_iq$w;dEHt zQdIL|62~7^DtemvPsBbSn%M%Ql(=J&v;uKKv}K`h!d@NJ-qLlnS#GX3Gx=w(ed}KT z09Dj7Bv^>7^#umEpv(tkJHp)v$7$M}(@YmSi59NXn4LF|A zL;?kiaoSM*JJOVFb4qNhHOJWFl6e{yP)jo~7+!jjUVW>_{kjB8B1nO=xE_G?t5WJq zFk+2iidaJ-jWVH!82oFQyw(!grnNm}04Zblew5UUj_27r{e<@Sw`I~Ytox(D+p%%b z{rYqs%NJR#3R=G17ywEF_Bztk`8g za|fxa>pCk0mv-)Op?|Fg$=r3d&Lvpn436BXCxcxDq=p3F5NQU;lzlVHF zK9O|>v!mWz>3aQyziPL1AIXsoqF zS0v1#0N>9%<99xX){|Nq?vK6oD`3$wjJ83q4)}@TD0RIicXf>z3^*gN*03{?`KR$C z!KTAd)Y5PyXhvNZOs zaM@Rk9Fzk&=rdo}@4~%i)_o2U75s8)7W*9#9%PA!Z>OidVNxc^A3?|(TWHG@xyJOY z{d2*ZKg3@Kc$4ARi7l4r!`kJm+Rq!~2_aGyhI^C8<>_8^XlQgtbNuE%Zok>5#9y+1 z?IYu#1M6BVX_5W5Ym~TAx6gpNDIoj^tlx(oEt2<2vbLW0?H4eDyV(K;PNKYgbT3QL z?WT`P(;i#9nXMvmDSx@N^e3%ai^JL#t+dvc*7MHcSgY>&_j>2^ubq~R=;b^b)59Jh zxbZ#6hgSnj&NdYVhdl-drbT<`w@X_!bp}Zz7|+xH0M%Zd3cR*vH7V%P?|uRCL|T$* z)ssvh5Zk}mqTC$_z`*E7wNEw8BO7jR_-gW5XS+$Z&W22?^x50| zYW?1&JafI1*r}zN(MJCS$@h{q<)r3Mbv_5w?2Nmsq3U2RXvc0t|&1Z8W z?o;j1R<0Vc(Tk8hy{{Tt7hDcs1m?(VmKN`)hg`Et#Q%bO{ z!XRk!LjjIG&2yeDkZLwIkjrBTw~GoLR|SafeNAO3*bhBxc`f4&6lcrsK&khmLa>40R+|@{{UoLrD@lUlZ<55 z5zJPS)(uAap@jUHJf1ez#+z>ynL7eDIQhSdfaW!IIU7^4HZj5x)NlaqJ!>aNo=aO` zlaV3l*y9F^7fz*(-5%~kcp>KcXgR;me5N#vf~QclFQ*~Q1J>AG#z$(k^!((%2dedAXCPh(!o|rYy z>hMo9*++0$V&DKeEeZ^tWNgW4c^#l@CryQNa%;{e)$ilGn$+6_j4)p?8qre|nbuip zx|X53CXK$#gLIF#BNec)TcR|PgFH*e%iPttlH|^#K+>bsilyWx2!RCjC2N`ZiKgG# zxHF$N%ngwYU?}ydU5Q&*bUC4hV`a-{Qt?Ouc6#k;<@j9$5Taq^^`b5(OV#BQOW=~3Nk zSJNR$-F`;u0SEs8*HpC4No}qXWq;hSUs|}eu}%olF~_Z4zUbCi@>NOcwz*lnD?XWf zaBc4*xUeL*C+?p?Pm{5mR?x$}jyqd~MqutSfEzUw+MM=Sk~vE4^y^aKBbLrolm5Z^-JCEa0e_~u|S9gtg@fbJeFagdn{9lf1K0~7CQ=n+q+O@k~wY-UG=4=H| z^Q(Hshjy~azF3~ra5K(-3TYEPi~4o0mjo))Ff5qJ&NhmR#O-N$b!Vr*nLxdlu6=7* z>_Uff9XH|oJd$5X9N-XzU*+SjYIyW{k}#4metQa+BWS@LMYBcWm@O|F%gmP{iyyqg zwXQX7D_XE8be5?oaCY$7JNGArd_*IHz5}FqHHI(z}lf>KC3Tx4m6L2<)900p+>F40Y{_ zu2D17bqV5wOo|tCBnU7vc{Sx4<41FD{{UcN6~^`CdS{x=Zecgo9NpElw=$;X23%nA zik2-ePqDm)>U(5j_*|&|FM4Xm9L)5e4B1-UT+gQ7c~B&Z+>wj`Gx_meXD*By>t&6^ zl18#NOP<+0Rq~<7Q>OmHnp;p(*`^zSY!0B-#CjrG!LT8XSE`ONQ^;*%Ek8uFxSsAw zU`Z8#jDyn^%-&y1q3SmO z5~MQSzA(d*Gf3F(w97HR+IxjbVA`i?8RohcwzRm`7V!))0{Pk#1Mn0vC#{Z@=^Al{ z>|Z#0saN+zAN6NFNcv`~Y1(y$lWTP?<=K`v!2qcniN_zUV9gY*q2WFxj?cs>(OAtQ zPv>FwoD+jx!g#LM+8b>??g^f6EGn@%0FPP;aw62V*Soil7^K^ePL<}@+K!bxhSutR zvh&bqbv{;Q%=S6x@9mXZ-DG4;@U^*Rb7>S4i-{L;JZGLMsFG{=QvF7+2E|z;!)NJ= z^l4jUYj-pZ@SKzq1epHj_%{h9Ueg6QAFJ_G*f*7WKrAZ?s zk4oz;Q%AG#5W3b0`(oUJ*-lE4+vr7VhIwV?xi6ox)?hPAzKx(#%FHvk z_MlRgkE3latuCXEX%P}-L7a5y-i=FI@~q5JT4(roFH!G79OsZ~J{tx}FIYO;%GoRG z{mplt0n&6U8C5PV)TwRFv}Y!RM0yUXX&mx2wvm*NIV+CUx$whk}V?sO9Vl&Ivnr?NXxeRvI)?KSl#$h({)36J@oQ2 zDgoOh^q|#6BCJu!*APm~h>P;J2VZ*DzSkzQw3^TpCz_@*NXXm%K%i}O4-9BG^Gb~b zF81s5HU>6|?(UX5IYV2ta^&!t&OWpYl)tEXdTxm(t8p4b7Q)WQfCtvRLsIb-)%M6O zXG>_yf*DsNu5W-K&{Iem&+A?smioq3vJt(`^(w45>&(rqm#^&?gph?l&7rjga-M+Z)GgmXc_|clmdYt&W-fX>$vd z?kq0s^y_DtRC&bY$a;ZP556o6`1A@x;ZxUuE3KhNhwV3EamqfWlmZob)jaDv?!Y#GTuwb5zTdTUuK zTTc`1`F4)ficIA7OI5bGX&pmIcmxijtZ7G%-lzt#{mCF}h@x!8PeNHyh%D)=3o+ zIRN*i9gJS*o%qx2*E+b4#7gZZ&a0iRk(0-6weNl$g|z5x&`JBl3i6~L)kL#TRsX9p;d7J~2wBT3Bkm;9JdenCJ^1QL6g#4?6jGSli#XeRu*Y2;h2yJZ*yuiqK zXxQ?##p^o7*7)SpLMP3J&p8z)k$_uUMR9p)cFh^M+#7HiAe!}*wtG7rV*cG_k|@(` zjt3Y$t1fn0jgC*@{r;SnT8iBph-W#L-CSTfEI%%$y+>MYGJ7L`sjPld0`e6cwg*94 zrZeQ5{{R-Iv#Dw~Fj*Zw!_IFdN#rhgtCl;abdgwn;BtCU2dPbIV-}wn-t9IE61@S( zO5-#uXtev8=19)z4vO9UGhN^5~_st9<}sll{7Z#_W2PRB40905s-tEKp!nn}wDmOQ6oghxvx#uhDuQ#_ zYP?#k_mVBTxsn!ab?Nl1#B_ExHqpuhs~LK5de-&L?Y5Jm>eshW$Xy_9inz}2{{U8L zNfjS6#_VsRyt#sDBP%4}H_h+Z*P+}s&7>YplROK+`Fa`wmvrfO+Ms4>E(>krwRLdE ztww`Qw6luYW=xE!VW*dkkQTr=$u-UY0A}hsF0FN8s39_; z1m(9-ILPd5{J^rjPN1r8IXK9!b6c>VP>ix#EUNziA=oj2>&JS|Q8Ya>L$rb|Cf!ya zCF6_&y~+2hW5m(gGFb%O3lY2lz&~2d4r2Q53)_jTZ!NP65}~`H>}%(r7du;hzBuGE zzD#GFV0NuwfcYz0(`UE2c8O&&gS%*B$*lc4`%%#~T{rE^JR;&iSA)v^e-F~F#n=hF za|WG1iDc8XYfFty@UF~#`;W(r*U|p~4}2fu89XaKsi?G84{H%`DUQ-20%Wt9=Ab1*D9VF#EWp!m{hyMzNyab2J7(&dxbw*9RP8mna^o;|)(v(DgfC z6U7CU(P-K~E)0bQun57&Ju8v3_@->FuWa;)Jgr&Lh;lL!NXH)j^m2g@!`*Vv#2R(h zfv?Qt#0};!c6^2doc$@f9CmN3xVoMgY|%=jj1D&p@yF#@v{xy!;w=|Wy0#juR|4iZ z`o^C#K0OEFStYHK0VSHXwp1KBoz)k~+_7LwxPAp~c*9V?>I?5*yS zM?gXwE-(@^^9K4KTBOZ6nbD@2ua{^fgk-4P zI^h2RT4WO4X;(m6+9-*-vmB4gqEE4$q)!@ZH*Iv*XpeNUw4}E{2RW>rU&NEm7ngM= z%YdL26hO%58^m`A#?4djAqBCJ0T||`m*MW0{{RT=8r8(>KBq0nc;bw3BLL)|#}%c9 z&NpAOjtl#3LM=Tlj3@&VG6@~deQQR`SH0Bqd3CwGiL4-*ZE&nIy-4HmG^~lSv8`H3 zePeBN95Q(_orhrQfm|+?1KVF6J8X{fzR36FmZ2*b2zNU#iu3rR!yXmUygHhEu-jbS zB3xX>!Cp8A*w>lq{u9?`v6AxJPJgpAh}VA{j`-_L)g$b`g`@2L9M>VavbK)i3so#x zfPMWwRr;Fpw!6B!x;Y=ZX&VE++~Si*Jk|F)2-fRQGTiCjV@DY{a=d5Wxl5a!V^o4& zaL(ccK3foQjD0?}fq}wH3yYS&^BM_3>`2}}+OEUH=T5M(o)HG=XJaXKJOX;wk%w?I z%!z9xlf$4W1HGJ_WDh`pDo!Xlw6Vx( z*1k3IGfAlGnw{byoR!@$P-Rt5LO%|B7UB1=;oDhLgc(0@836G~{=ve5iB<2&6WSAzclPq?>KZ`~OH4E~2b z`2A~$_=n?P3iumax6uuyuCCrll20l4Ne}Q6JBlR}qA8u1!#|3e4y}KnT)m~Gwx@3( zm2HFM?ispuu}e+^Fr7g~wEpOD}T`D{A#ip$V^ z9`Ih=++W5eWME4<mmr>Ne=`+LSKHr~P3bqP_dVej1xdu#fva zAhw0FvLCt*ea&2Cj(U=@i{hL8K^Ec&fL2xc2;|m9jjp5O86kU^Uxh5$7{Y=70M@H= zFmC5lBG|!cZvw)Wu}AWjCzd&^8^0Dlon_cM`_mFk{Xuo=n=uv-~*mPK~17O>wAOL2)#( z7+gp@dW!5W{Cl9os0$4i<_DM!!Zqx3>FGorgV{5X@g9jbwRvr*-?1RR`2jqzBC<8x zJu=HlTRk$(p_G&Jxz10ubVgPY%Gqc$&kT*`OsGadQQore4yk7=TC_~o>;TT(=A5KE zp4Z@S5y7R~D2RQP(l+^k8_7P0wPASr{^P{L($d}!I#OCe-|;mOb}yXdJPF`a9P-_2 z1urg4hXjw7Fgs$s=I=qZxCv=)v6sj^r&H-$rc9=Jzl^l40L(x$zY@?xV33Pz#sp1{ zhw15FDm17qFJoAT@0gGer`Cg>Qn^RO8hb>M%Ix_kw*ca-X*%1XKfh~yphsbmxkqo% zRuhukM}MSzNYrd)g4Wc^_mN3A%$JUZm9x}TZU-M>aABF(E?tHg4^OQ$>?b0Qqp98h0B2k2Og1D(C`TF3U*%mMi)CS^ z*frD*156N^7p6Xys(nR%hZnBtxBe!&fV8&|Ss}Y@V1d@qezpBZ?#;Y+N7SJ z=Zcv~*=#}a58?-o^=%t2!Y&rG?|QUt&AhMe1FcEM>$ z^vSHqlsg@Fh%YT~Z!S_8rAuwcU~Z>1<6bYfO*+PC)Gf8pIaFXl#Rf9H&UZuc7NcWf zG0tZYFYwy)B%r2(&A;?I_qx3d$H$Bus?K}O!63{lP}xK)xs2qgN~f8pIl6{J{@ zMo{fMcJ`}`fb`bZZES7Wh$gw4Bg;~_-Sw|C@kXn8<1J3k5|CP2S(4@zI0R$sR}^Uk zaQgICmKN=GsuW8wGJ&y<4QBXu4J%)FYd}oDc@es>^a7KQLtbkmxpuXE9!)+pw^0q-k+Dvj2b9Be8 z2syeQXX56)`9<3#iy7;l{jpqaxp`+vUtpK2s2~rX)(#RV#!>yV&2}0bZ6DHMJMZHs1w2}*rHXD!hpm#>NA1~M1ydzP9>PyFnm3ecwdX533m4VRsR?him zklaZt#hs&Yy z)3xYZNpG|?ZV@CL5OK*BMM65Aj+5~(SkpASBdP_t+X#s7Prdk8n%++~sjb{=R?=KT ztou?D{{SKZ-xZsaHRL@vz_*`Zx}Nk1UT1x*2|k_c%Dy&VYC5d3!C`CV+hydRX!!>n zze=dg=bF^>9{|}xy0y90pxa`jf0z&5e?lwl?Jr(=EE-8A(%`lb`7y<_?+ktX`uo<= z*K&D!Gv`kh_@4J!xSq%UJ?wL_gi;Z_1Nv0DRsUWyhFQ;=(aR>_R1wB&Cd~P)exUqx@HOv)JbU7e3TBcmKF(!;`JgL_NC##; zffeAlc6QLq6xd#v$?IKmhhs%drzP4;l=(`Gk7HGB;8P05$I3+XIXL>(V^AwjLZoR5 z{@=S9Fk=s1O!uqYqzhN8wxsp=lKHPXyoyrBbIOHOkjRIY*)J@5T=T zyx(iN3ad4`l?pn@r}@|A{{Y8-hZY_t@UFR|U3u$v(X(1ek?-dmp&fy#QL)U?{HXk6 z@E*1BY7(blJvgJ0zZe zon&S|kjGlVjHAl2pE2W8x27>$Mo8zeX%>CVW!t+X1wNGPc-@uZl|YYq$2rb>(w|@> zIf;xc7~>TMK-#Wn^hcVcCHdai!!o&{;+R&)%($m_CQ4{5J8X zwea`GS_i~^0`F3@zSHMNxJV@`WQZPD9rND5xWCw6_LuPQ#P1LISH|8O)IQawwVX3d zvmBWT07$3kbNE&>I-_eVAG221cKV`P&0#W4X38ajf#9j__;jrsySUInV8P>gkI2|K z1an+95pmG`O8)?Y?*7I0U$hVG@IF0wTR@jm_>bZHX0*RHm|3Qaj4?eh56$?WO8zFi zJFn`xW~R2c3?ZEdmn3c1D}da8TJx$wS*CTX!Cbk9ViO;>r*gUBsRVuf1$_xNj|@Pc*qB0n~9{ zbA*-YtDirKPg@Uy&NaJvB~=VK`Fqo|33F?<95Ke{IK_Gh;AqAwVZCVCgOnwA4wZ7} zd3XR_>N)FLr_jL=UtL{B@E?-{sOgbXtkSba=&Tt}%)NyQfytt=LjqWRJ8$%}U^J*bpRim~Y4A@Clf4uPZI%^VS0$e2|PmN@nN>%?x>^4{`z zB#6NZHo!6W_^IS7#l12oMQHXgkEb=+ys<%T_F1CnpD54kP!=nAdRQWzqj>hkg54{m zy08;RCZh$qDyr~LdbsPLxl9PIA4)JwARtJ`9+m4J74Z1f5_u+BA`-;FGMr%JjQeJ^ zj7D%eXM{XQ;lB_%Jl6Bt<)l_ok;`WXu6oz5*yt&%G=FG#&E9u(+lsx4QB2`{Q=({a z%x>9Wxw~JJ1ZQu#tq%@CW2M-6un3x5mg|6~k7!RRqi5r0OPR#iuuB|V?8Y(cOFpe* z;vYD~?6WR*kUs4vD~iVchb@Jdmb#NoBmnY5b6#WO4S(%^FSCXH#YJ}XMxdjP6_9&K2`;BHTRg309H2W zeJVpYlvSA&s677wv}jT8GW5E*zPF7bfTMBO*1FFOcz){43yZg8XUX7o1ox@2tW}B< z!91QWeKu5)tXVRX;NWx6``0Vuof=zv=;IEJVU2-7$lMQK(w8bVb2-24iDYP+MJ}L% za(asOJuca0vsHzuE@k^9l7fdh0FKq0u4)LED`cTa2ZueW zSj^~b(Ek8uC!97080*%sE_ACH=1A@&QT%Ix)~YON9oB&?n%5=~~pP(Uc^EmHr@oYLf0J zp`!YIwyJI2Cv?U$xck?kX}X2hn=p;`7{&Zpm5Fh=moJ7b zjI-)DHwps%&`&=>R&>n<&i#=fkIr{&C_Ix@&Mr>H&l6wUXxe?edUD4N=yIiTjzw{> z*xqZ=i6=s=a2PKmKU#@QYBoJjN3l;2SeO}N3g8Tr`iignwY+p@Ntv^ZccdDmd4Gwt z_KNarh%L_f84;CEIL}|hB-YNm1hd*{_ZC*zyBlI+INSyXYPtzX==96`y&luaonK=q zRt$P%R&~71E!>cx$QWh%RGYxHe{_<>#`TQv_jZ%oxx1;FNTZ1&FskQkDCB)>2{S_~ z@?Wyryi-Q=XPw8jXTf7R(+ujYBpKk2)k&6!$-DyPkQ*Wceav_;KyULWw7+L#HjR zsk-u)&T)=TO>_SM*|#%KAu+L1!H{$m;~h+7jm!Nq`Xo0AHUma?5P4HrniNr5c@~%V z1-!{se8)IBCavsUGu)xm=dxRS3B0)>NjIrb4_tSyN8*E7_EfIa7*>JDo9!;dg!()hzX! zxUQgdRBh2?BXI3n`evD`Ur#h4C5}=2L}wpLlG3s5`b6+pS=vXboW9+FW1p>bQ`tv* z6mr0!JfE1lo}=Egd)bMrY!E~MrbXi* z_pf``yd!7gj|AIjYJ%5PhYcjLoCfLCeifpgfO&qe;5{?L)|N|qa@RLSK7W@OAoi@E zDK2JF6hLf2jy(lhWY1$}!&Q#amMhmWyL95ZJ55z*kSlF?j}**}N$sM%w%n2iT#yw{ zN@kU2x_Ug)$P^Cdf%7xcbp2M=TU&V}Xr4Z#*8}658;PTK)0rM4h9Gf@LTvLp9}vZ) zn9}fw5I6*};B#K0?G@dtqOzFZ46ZxV1Dbs)PNi*V6hP8+W7F$aW{MpWScLPbgt0{t3#~mhMU^ok75TQGx_#&<#9dTLs@StYKF=JT zJ-zGKv~4aeXp~1O{8SefM4la%E2%9eLgR58fT!wuB1E8~6$(cU=qNQd?DgccNg{!S z8C|=F9lBRL1;_S<(@c&-sVcMq?iQLguZg@FccN;3RCbb~j#ld34<`V$#mRS$!-9;9QXKF7o`!0D{OBY7E40}pRX%1jHs3f3+j z{sp*#GQMeY#Yf6B(!Ij&G;0~IOR8sp3F}Z?Yb>5saDwG1Tzcyfb;H_=R+~NoNj86D~^Nd)GsCrM;8H%nk=!j zw6fX&fz%PkYt$^HvGWlbQB<}_#yIq(E@O=GmY;K|c#Wgd?2;WmQSyBJr{`QGei@41 zN!sRh3<=05BO-%UBU4IcED8=3`d4pi#hZU|*N(Kvp5^%8@=G`& zQ2ziT{J@UGy=2N#vC~}Y_Hwa+h~1R*Q<`?Ss@lh*Tm=tr5nZK$6pH6Oj?NamokU_d zY~wq~BN-X(UrcFw1h+a0Ucs>tu2Ga^rxXdy<7A&tgIHzPyxHy5NZlCcrCPLuNJLkI zbb*+%bJH|fL%c_&U)y+6?^zL*g%23#aKX>{_pckYgHX7dA0b>@zs$!c27=MwN2i#e zw~QcQymab)Yd6H2n`pMt$21bo(vjt$IL|Z(E~jm&n_JHeXo;~r>GQdX=K%Hp06vv3 zhIC7NWttwln;`r5qTrx&-am;nO-DqI#pS(8(Vl(}?pr+x{3{bu)b$DAN#?v_sDUDj z_)t`HmTTyKBfq!PQUF!CEOEybgR02}xc1`iNh4z*c)7;nD#c=+t*P2*UQM);7nz1g zU*W7)nKc;VM!4LLbJvh4v7L_N#CJYVg_<;yNN2!MQ|}NxD~__(??Oi$Q*1{2>cb_4 z28%=0{vG(0bj@ng_WiK1%p?R1o(*h#Uh(ywp{^#RG}C*h+-r2QRfkcta(vdqAUtE&6{#PGuH?G%;DKbe z^2u!HIrgkg;$E=Qg_O*W6qz zRiQH2>tKEAW0Yk`8-1$}QDI}K+S=QslB}(?9jE1NcR!s>wk9myipu8NK=UwIa7GB~ zX}9tI@;hjlJg>k#sEaL>rnhen>IN$*A-X02S=W#lfJ*)uBk-=XLez!ciE`IA>>tT@ zlm;C@S4pK`YFCS>dA6*ZSO~*+9<%|ZCx=R&Aix%K z8-vojh;_;JOL!y=B+94D$Qi~5N(Prh&Aesen|(g-`!i0P{WdZC{{Wi?GJ1bX=XGso zT9VUEkfYr~2G#`h_Z1S8M#?rebeVW+37BBmoq>e$8$sC%MCQ;8= zd@r%q<-4?7gCA0*j{~0m)#Sb@@YUvvtG<)wzhYAFeB?)h0eoA)g83hG<`-{ zZq7FDagyItU2cu0*h&}oTcPB9y{I#qJ1qv<-q!JwF%(3NnJ1w2uQ>7Vi7a99z3+#t z7T$T@6=NvmJ~+rfT+l>Trq_pUBbg?S;xp3=!Q`6hg_>C^mPJ(j=}Bm8a{mDElghf4 z)r!K20VQ{OnyIU4Q(j!H#f8JHJ3*5Jjo7S8=w^MEdkB_ki|j4SHgHXOPl_Op;7NN7 zD($-txZsN3E4e40FM=CV^Dfk;{&t{VNUjAu2e0_ASkz&>ai!W?pDro>@!AJKF~|A( z*4ISx^*U&DO&3eLv(loB-0EdQwCpfggIk)vi1k}*8LW3s@cCX#5;$f4?PWc7G)uYQ zP%*Ia9hRmZ;v0lrzFcI5W%M9=SJHZC#2e@E``T(DfCxtI-Mdyix?J0m=bOKZwA+z7 zZSyrCq=0%bJaw%7Ps44j_+L|=@JDW-1>wOf?g6TbwuVxP$mlS5V*da_)%+a#o%7FW zYGgsXZpks82d^As(zty#8r{`00${J_GXf#cF z`^0IgU0ySz#-}&|PoS@3(tIJMPoS;SxRN(NAPhHd`c_hUl%->my-QCG+7-2p1QEIO z2J8`@ro6Yr`p~)5&Ha?#UYF%B?zZ5E?tl8#B5cF9@l=um_j_%v(%JYk)%1DN!M0zh z-`5`~=O50Tk)h>wJ|4Nfp5>>Et-K^|7{@-@sy-^wuI?hVT>-XvXEOqWpT?wVbUgdS z6KOUvqF>yLmjF9D@#UW5@UHj5a!aZBVrZd}Mw>YWU6c+zk6Hv^-*_7C^6153a1uW3 zc{%p3&rSG$qWOh&+W~PhMY=ZxXLSXr=y)H;sP*j+L4o`~ZG7o0`x#@5k_HcY>@*J& z+1+?+MGa`ScSgh{qZ>=fgUR>lL8Xo|$4}JkTIHc3Vq!@goDzAg8_Ra_Dj(lKk8Z{` zBzFgq^`I<;md@8hwKwvGD7YKD16>aLRnnr=-CbpDoHh>cOjODvJg;2wboYqR+ra4H zl`IECj;6XFf!_}_pAl*&Sn-T^%JE$9wvrbcWXB`v5v(~_gK})PB<;?Tt27Z$eUG7 zKqz>cGN&wgJ-GbqSS<^S9=;MulJiFiYXo;OC`*Uopl|j~ZRp+-yVETpw36+$1dj-< z-2G~e5zYKq)26ZT)LMPMox1Ac;TlQ6Kf6pGzTe|tJy_`4`~fUhb+psulualjhsSyi zA+hwOr-=03BTBLIptrbYO{BU81+myxPlxo_b**mCRFc5k%@l>vkZ^hQprhUXA$W^V z)%2?!Ci6zM^7jd5+<@i4;eqX5AE-PGc-l1wH zk_g{v3<(8(werTHeXMEM+J=QCwe6;ZZFXMV9PNHEbL-Nhk(}-&o0b>wgBmNy*x-MK zBhNO4e`%*&Tg~%E7=>Qke~oC6qXuWms>gHU7trEKOw4y|Bj;83^sI}I4eBxL4RHmd zTy4$~hX$FyCYC=-JOSamqu?DKk!{7)@nEJv^1%Kan)AJ8X1Vb!_8O**X@8|!!WBsS zrGYsOj=s66<|0d>%UsE2Y!wN%)2$v{jxZD&^8G*JewwLG)*Wfua21YsybsE z9ln|1j}u+CjJC5(w$XgOZ!gRMv#S;H{)o>a(@cWWmxJy z9q4xc4%aR<61J~6gd}~yZ&CUFmGsAkC)DmP2B8U^@)4_EKm5Xgw zBRtojm4e$&7b|;c5r!E9jmw`=Tc@GVC>}wrYI8lrfhOM;?lH##rqFcgb<2nT(ULgr z0|AK!cm7lYJr`7uOIgjT*?pQc{o2P6#_V@B;r<}ew3XB^ZY`Jh+jrxu4`P2h#l235 zv&r?Vp>1$p2lCvI3g@L<@P?H$YB!qTlH4-Kxi|G<4K!_Yy3wz-4R2PwzP`GgTfl_v z18R}(E1=SK9UsIqO=%c2#-yvZ+=$M5)|V8uCx#12E@iN^MTKI@Dvkqt)ywTN(%#jg zx!Te(z#wM_6wLWdPY-xH=To`3nmFeBJb2x(@TyO7UrG3T;l`CMg6lU^x;#qT8A$!! z0Q<|_Rai|NjqZSK=95y2bcWcrV{N}Hka@*oc&Aylva@^n^(42PCQ(swf;i{WwnWMo z*zl|Ea!p{#d3Pnemmpv|rrpEdouz5E5?lWOXzBuViHj;S0r!CE&(u6-IBO)o5%CB!BL&ei__X!=(?mB~ok@Ya_*%^l=~#LFnaBbxT@OIVKD z*4b8n-v!x>{oGQFbkw-&^*KxVp7ul_DZ=D7F`9AOqH@X;|&Fi{G|b z7kQ7)Fu*njJ?nc)(5&ENJ>q$+K4bv$2fb2P2}iN#o+tj*x!2wiWIUV=g;Xl2t=$hq z)LuuQP?|p@X3&axYS))b6Ufc$%}&=wv}OjD*^lKg#)7c9{B@W3M#_W+0Q{!5PUfp)Tfq7TsBiTvn~T))OvXippYJYm zNY8(2^`^6m@mW&XMRA{zi0}Rs$&^m^DCdI1Pg{qH?$$70%lo77_2Re>iC4E;SB4)@ zbZfg{O0y~DSJY8rIa%{1ir@H_!(7zmyS|4;hiqjw;5J9Cci#^5dqsh+&AisDl8VkT zypEWuaVd6YKacgzYRc_@v0}HC5w|}a{vQ1+n(%Fhio9duCx^uoCBB8^oUDT(&rmWy zDqNin<2?^|w9{;SEu>EsrKDy~NL=I|D>K8hU+Qtc+X7qd+}nBM8NjTi0ZL|Wvu7+0 zZYD$If%35GPx&IbtvXwVzL8^u$WU$$!#J!|O!>?o7yY3kb}WHd<%TQBS}Uu!c@%{l zg$29jn~6uWcv8~kptct!Jdn8rbuIoC-!<8a;ZYgaj2)-jtxI56zMD>gW@xR^uNeZf zuT%7_D?J5dNp%aA`#JMIQJ=l;X{N-@O;^Mg);c7XMKaN3t_BDvzH83(uM;UxoU^ZR;R z%|=To7k#=Np_o>In`}VJJkg$c=~EYWV<;ci-~1Jy_H|zj{6Mn!g9eZnPn@Jzc5pxf zTioLT*^f`Jy?z7hP~F3Ob8R-5Y%wbUS@ZJb;E%0(b}dxyb1|urwzuCo;c8ckR7{Y5 zPzm$`quG$^UqYlz@>~efS=$7I+N`Q5+yb4z^OM$&LQ}Z~*++szh{&_&g2#jSQra0j zg+^V{{{R^rb5i4}tRF){)#ryXD>TkdcQO4d&@`Q2RMQeC)8>oqDKbvGfygRzkVieJ zYR7#!ALs}F00eaXv10wKe`Ng+N%0n_XZVZZWcwV#LO0#OqXF^Mi~;zsy?&bNmi}uq zD*UIBSX5e-KF5)GvqVdzH~w5s@sK1|T!tRvzc)T8_&&_)`o5nkrKee7AoAne(z7vX zAI`t+{{Zj-FYa|e5omVTmbaE}XSQc-{iN+VLyp|n;!@2x8*k%yZh_k>j?6lNTEX-( zsFkdYsn#DooMjKcr4JIMZ*YiYw?YAIbkF|)sMVZR5fIo0e6J;D>@NtU$rvCtfLw?lo{5E| zAMlS@_@hnMJSDFp-S~f4wUbZ2iN;ihQUU#O^d`U0hyDtE`yXpxvXAXW;$IHi+1f6Z zGf5?cyEY@hPUOd5o1SaVoNUdhA2EC?@m`M{wwh0fRpW|6Ng+8ZIPYIfo1FstP?%`4 zP4;98qjyt*Up<&%r5QGk=oTi{Z0xLv7Vh%7D5ux2wRxK8*7~1{tfAF)XzZ+<=2a<^ zgXztA)a2sIluN!M@HUU(vbybn^6i>k;fD(-85uS7Kf|3`EkjO%Xk}S8f%1dtUuTqJ zdEsVxc$#Uep4(_*lQR`%7|+T%Cad2?9PSjxho>j0uWmE$c`~PAhe=IB3FAUyx&Uo# zclW8Gw@YP)-I+|l<<2=ZrO4zPKAbfIp%G9I;x$(8(d^?NXOU!^00tv~edtV0Sm-6w zu61~0ERj1PQ?eDn(Sm@XKIzxYTZ5^_y zF^mJ2AMAS8iEOZAZP%$A7goDV!U)o6*iV&erBk3 z?+#l1mkl6$ggXFH#s|GP>Srr#VrV*4a!w=i_U$~e^sS9@-QtEwBW%JBM&5?DNX+w_ zw`-(^+~BIPEBV*8_)Ak7RhwL2-mEs8c9lJU3VhZbi+Z1mw3u?AX;Ht3j?cgKu4H(^ z+TD>MkhACJ{{ZV&a;RKso`0!oQr=z8A$K9pI@U`U&gKj{^V+qFFngV3jBm7=#^(}_6oZV4=5*f)+v%{}P45!0arRjYM5=OYVMw6>ZcHUyBaKi#TU zIyJqwmeMhp4o8-8`PDYM7~JmkS*I7~+SI=p4Cc3y)zcr4W~?j$)pFOcyhuxp@HGtWeyU+Y@NS^-wx&RO)>O!0^&02V>~C+k@kmM+3L)G%f}g-oPvPA6BR_;~_G z>_UWX+>Z6!w}>>mNiD6~;yGs7mO|X)*0FQ!bVi?YmZfv284y~?ieChu?)z7qYejDL zR@2_zYq)XpI**l)etS@+X5w#nV?)z53q4vHt~`s|S5UDYO9TE#>r9fucy6$pk_F@I zRz;S^SBg!%`ZL-6qFZZ$ENlv%KnFk4xT6&JQbt^PpmICrfl4UuEu@!HiZ}@fP-7el z-P82TNvF0KqBm4*ZpKRb;)avB)f^SuA%43P1$o)Kxza>i+<1ffOnu z^SkE26`YlW+8$GFs=dyn*2^RdoT+ZO6~y?bNx56Y95*psD}1YyoEqo2xsPx7f33cU zpj}!>ko~q;3|QHa0UY4h&3d)$+NQgGmy%cWOlqf~0ON|%G90{)*H6<@*4z?LnmF1A zN{UsK$QDtE^MlW7vLhRvg|(VkBu@-0%2G1V%pK&lM7v zW1=uOZ1u6S2q$7;FY{pIgI%NQwy{{p2AIHLZEOs2N;2pUHaKgW``IKa3%1tFDDEp< zYIEtSZFOe*9Zv2J3Yw>T6LW*{KBawksL7~ZPGo5YW7KF>J8plj~Y3l9APTn@@vJiPW+ia-i~aUO08NvX*Oe z2y1pcNWE!unx9%s(z8R5t zQGwGH#N4dDSh0#yQ>Js)t;Ckh2`w%xH5Ic(2H})Gdhmb!b-k(C>XzD7zNE9nUw*?9 zu?HQ`>rrB&%eqa5qp!nmu`wOM{1f^nKWt{Mi%;>iZ zC|~aYas?~jLZKTUXX+Z=o~hwK?T;=b*V;1PR59%ZfaBV}a?@IG5$V(0_?|dT+>Apb z{J?T}{#8mgI!=?qx<&VdpHq47A)4L5*r+&F>@k|vZC2gxEicyNEuGB1g0pchGO=&P zTCS6?UM>BkZkUY_s{ncoaqV30o2lv65|H~um?SCVHH?{j-3*;yT>EM~7Ho?k=-B(F zy$`{+*0A_vU4~oBX)foqc-5yrD)%_|;{u>gN04||;ziztp+}?5Wh}dHHhHRY8FP$} z_G`A*wW+QwT4>JWw|4`PTSU&snd#PdvL)1#Ni^lyxMn>w*j5ACOAXBO0?UJj&wN&~ zCQioYhXgk_EF{{l6qO|6v~{l!&vRzisH-E!q~LXLVMsY?~Nep8LYN$ED>6+5e?qc$8 zB8^1T?ArMptu*XJqPm=>rvnnv%w-G?KmAp`;T=0rxED(tPbIpq4W38&#cdf}#Oy4l zhfmzIPRTfIDv|erq`x;;E+vZOh%?ILgO1d|x1@RSGcTCtGu2OTrFIa@0FE?lq1r=k z??BHr@g9#1`piT?pI~L$*j}gn=Crg}Ww!F|BeVt4H<-8|>vk zMm+8H2i~~-LU+Bgb&^L6M?0t@NaeKly*Gy4reOfU1FlVX66jD~#>mVPP`r{l8qzQ% zv!!S)r@+rD!F2L3Ew?*=!n@B4Yb#-TB!w-SL~Ws20UwAp4HXs8-fdM~?k;8WJk*e} zRjzl$TEv=z!Q@-4aE=@U$)q;f<-Q@*B#!ntk~v^PxfmQAS8L%*>j?DwnI(*Ur(oJx z^yia6l&pF-i{et6eCWf-_sGE>wa05(sx*rj9^!BqDuy)3f+LjuPmhf+SV}wwyc*Y%~Nd}B8|be zjGtlNyw_2=mgXT7!d0?Y>rPI<8V#IGijl@)lsR*gocmX++1WrX;_GDxDO=Q5v z9%i(GinLBLp>c!hT;=D3HLF-WiKds$$ZWFm!1F-PcT&`%(qg#N#iaiL+HwB?8R2tX zw}Z-DSf$;~!b>x#%56CYkQ!R$ru63oydva4jaJJlv53_5+b z-sPeW1A@!my&1K1xrvf1Xzh{4F&M$cAUN$_+D$6%)@wwPW|W0uKZJYKI?tailSHyf zyz`FL5|xWlxxeA~E$?*lAqewCLb=a8SFZSHU)G}+nqo^ETFRjUsKHP_{Z%~U026Bxu<8;jyBZ!-cXFD1tu}t>Jx3MfzBawo zbt|hYi)anioKc;}JfZd#o0(1~c87DQ-8hO%y{o%&LbIA6jpapLZL34EN5RyMBh)gl&w7$cr zN#|QZaBl6bWZMW;#?jnXqHK#<&>r~(%%8iQ0g!s)x!C+UdjX7@Fmt%$y#z;dsPd(} zCr=3^fj}qN)`pSbtLbi4=PL|AkOy8Vmu`l=wu>FEqdmOW4d*Y)BVX%RHES3}q?Yo> z=0I>;aL?2E(leB7dGz{3=p&BaWGq{u>@!`|X=9{lcMr8?oS|Gd@SJt}&_U!@cJazx zr*xf(Cz0Dc3f8b#ts;`%G3B8-132f_fD5%TOj>=p#{?YYR)>WNjqk4nZMZO9OKwxqBR}-&aTKP7XvM^~G_NW7z!J^JrQ-DVU zv}wDLIQ|-=d*Tb`(V@}t=R~3q3u(1t7u zh+gE3xsUX&j3g4s$YhP>kAuc@ikWOg3byf`PDheUgh-+Vu+4$^Rg0}Q(pHM;2Kb8Z z+z%kuag~h>&l0Vic9Bh|E3&E#Xd$gP+yj8=>xB(lgs9=z5}4uZ}*tE)*ZwgupFPk&0<(|j2B zzFNpI=}2c)t9W)u;ey5}!v;;Sv~!B`>#qXbY1-sBTbAnG7&JpGsF;y5)KEuQpZXyYL7!*y@24Nu~IHBtemKw@Hu5gii;fsEA1vzqY! znRx=RmQOZN0VHwFT-7hN0MN$-Qc8L@2TyvAT|l`Pi>|Z{I&}LKjwe1-NK+*TT<5n+ z=I^bnb%(dUXd{+Y;1>JBwF8{jG)t8zEtAT)Ve)5+?Yslw?PkK#b-!=5?_;nka)y96 zt~A@X`%TnQNUpgIK;(g5Np+^$+-j+FZtOJ(vNFTw=iY#^=@xea!$%s0{N^W(a_x@w zLdV7WZ23#}=6Bm}!0<*h%_%N`R=kTwwP|mx%u>n8IOpc|H4Tl`*mBnH0`)8EYGVLw zy?=A4-e|Mw@|1Sp<{%^Pn)6HTC`62Rjr&U!?Z>5Pk(-}mJHzp6F@2{{j3Zn5Wez`t z^PkeU((ctXuR7ArBc4pGtF&a*N;U;EV>WQ~X22aJz;_iq?@ zMjZ#k)^ckumhUycnuMH}s5Xn#`R7Qt()EkE&7vW=N7z-D2a4?V4JyrayTIkqmI7A; zg8rY*vXQajIxd@er|oOW48wUF$nBc%JaZaZBOdA58*#sUe7jLK||1+DEVB zS~sC7JDA#%YC5-xEakVfvWm_n+QlQ<8;;$FO54?MwC$GKJ;W-v45V^+JXSK;qls-d zREpB>*7Dh7WXr69zE)0g*S;%V%gHm{ z9i`iQ0i0KzCGDQEvMWYkGaR5igP!z^UCO`MZ!OFsNaPSKnJPyOj>f&R##@sLM^NUtGdXwiUN3>NK=PL$28Z0p*E zvR=VqqOu;V29eUf&U=4guLlvhWf>e?N?rw@d5Bxr8pkIoUG#^1`KU6`b< zbXPi^w70hwx4M*3L{v25SpW#X=lNBu?MK2^w-LXFbvs>AR4IL@Ipe)biO(u*=Wni3 z{xfqtai$+|0AK^_RN~d_R#=4O7!^rzkO}t{qE;bjdA_;vHpa(Xdwb0eTb&&z$a{H! zcR)X$eJj+y9eDG@zA2AYju-`&Bpy_^EwgC!=c)ey3Skz*;@ZWfcrr`Vc8}-GA%sFh zv2XC^yk|%7hXmpgKHj}qw9KKiDcDnOlxxX?gXnMW0T0mCZ*v!8LbvbAXyk4(&PAj2eks{ zI5zNlJ;c++XC1Pl9gY3|sHYo{GT*HyP?nb5}u7aMcjnhED4@D`mPhc$@xD@em! z+s4K`@&M|3{VP+)SCDw4M78k&oJP4ZylR8*XFTJ-S_!%4dLnsFUK@kHA(i&5d)*iRj<(o9OzUpmm1QEUa}&SVmST$IFlJA6{#4c!8$X z>}^`j0xTqnw(w4RAI_plnxt<0L-?0};T<=_cQ$u&PiZ>{rP>Kt0QCcK^c`u1l*`Q^LLYy#6mN@H7zI1x7 zi{VXI!+sLEn_kmkZz2Z@#04+tM{{2!-D-M&itiA-l36HxlrnOp9)||9alOUu4|4Et z?CAGe-jm|(PEA))(Nz|ICJ75Bef=w~_>1E!uY*>PE|H)${k7zQVo-kI!Qke(zwxQUgz+8;y$tAxlNdRStPiNWV?y^xz0fK&MF-( z3ygXlKgBI;Q`2qQ@@+<7vZGA?S3I8Q+*dhiVdATat_hT%Ex7rQ@~=-Ut!rQLOMUGiW^ZQulv(vR$?r*-+Gs@x;=sr~^wI-Y5JMAX!(IZ9PpEx9B6ZEX* zBQ$Rx8xbt?>Ms-AGZs)ff$#X%y@iY(CqVY`VrK`b3O^H2Y@~eau4xMvt#@yADx}Kg zcsa#-=YureD&I>;rnom3Tfp15saTiy#;VTundtfw5X&rjuCKAWfA zY1gw$rm2G6!DiUJH$Cc;7dszma34^X?^AJWnN9-t=hClSUNz10LjeyMeXE1P9<<6+ zCGkIswZ8=EZvGVw2DZcxF~;QDJw~RLXtvV2sN6U^L8U91$p9C!U96kVd#*Z)+Y(!9<{M#Wx#E0$ z;Bm($v()C2B$nq-(xwYE(15>t4UwP1vLMy;yNP7D)JxB9Umv?Zo|Id-Mhxq8ol`^c z3{j0c%(ax|L~`Jf`BzDI;CF`6?=Br@L&4en6dI`5z*wcz$Qe;+r)Xi^is&@`a_zjN zBsvl|4ww`Q$4hx}X6i2HjC_EW8SPAySJAEXxh9TTR__^AQNa9bSiJ^#+*6N3 zyRh+u-(ZZ`%wU;RqcRK}d)6=ZiMhQ=u2N!2Jw1I*Xmgs)bqu!I1D;1p=Vj7vS_vN1 zPjJU1ZaobFW314wzq6O@uEJZAK4l-mewEb!0BlEX6rX7MdH_hqC@L#cj`1D+y5*YU z2@@a*5a+M8J4u=ubn;ca$7UlL!ThP3`jE!PJE(T*A_@0@sP4nL73x|pw25%m@~o~l zZnK~e4aS3zs3X_qM{hxJ=KJB>X_nM+0qko4Hc zu0O`FnHh7OuZnyx;hi$b#3Hh`f@U)tNPz&aq3!El6E>}5roY)^iQz>gpd;lT)k3>7 zH0@hPp8cV^Na4Gcy2!ah?_I^bx-1c0UClkVpAxPH2GHl)fQ)6-tsjd#Ahx1COHssN z;4=LAtZg&I7ExZ^+@N={=VlMqvy?~3Sh>~L#9l-p*=?gFDh~eumvoZKpi|lg_N#1KQJDZH`c*pr0|^DeDTJTKKayP6^AYF&3dWQ zE#(n?p~+Lp+rS@%RCfy=Y2x1u`PQyt1yG^^oRBLLld;m<%XfDyHpw(_SjL31fy9Tm<6TCJ zrD!+$j1g+%?y5F+t&aNhZXXd zif=9aLE=45<3Wo1{t<+jt&_~Sd86#cw~Sdbk-&J5SDGt$^ve+>N=Y(|{L9-SrSQe{ zT3pX@b#F3V7)(I7@l|pN>~sxD@6t_4p_0vFICdu^uN?cbLKe;*=1lqopc&K z!^g19QT8{=d*Y<;r`Y{N{{Vtk{@4~HKDwYHu~B35YeA1LAA0gM@8nIxd5sPO zg&56hbF?o104+SzxS$|l3Tw$6^D{hdqaHdUIMc6y)sAN3~Gtx74*1VM~b#NVCr!E4uK1iFHp6 zc#}o(E`zD+8aAP)Tr8e^3-^?BfUZ;EktW`p+YR#QbsGd;QJc< znEwER&i=^uzqIe{+WtP#?a};s;X~)$PZ|$CTQCnp)baX;t{Rp~=CPiq@M^1bq3W+= ztu4lztlG}eg^=N;k9P$6@rwH+;XL|X&8+j>+^^cl%v6l-7(d}&Ze;!2qqdtn?RQqu zH48g?4L;%-^*zLtP(Dt0&N;2EL&91$?u8Dkb#dfsaYnA8Q>h$dHS<+8dYf|eJbPNW zhr}L#hc6?YZHt6<13huZE8ILK{gn}-){x_kO1pl5HXay z8ajTZYdjJcmODo1fq~1Kl3P2OOiqzBkTY#AP6ZdRGX+EkA%a2kTr*Y4%!fthX3XHdo1F zI*QD*(<5lw(nPmY=7ru0``43ey0o@318{K&$RwZQt?8qlqp_9Y{cid0Y=j#g6DQ6} z0+`j?jjuE0YE#{#9)ujZb{TTrg#WP^$H~VKQnX~>t4t3 z-%`1oPrO363uK=xTN?$37$^1osn~riar(THX*c(AUWx9fG8yrM_etOr)1_m!y`~FU z8R18j*lfp9^sOSrD46=Wp6U!*lNG_~kRoS*ZWn^U{{UAdml0`Y^ik9rD>dz_*0v)Vu=%s~k>;;wdboG2KPEx)2X)>n6Okzj)-G8_CXBBc(G5 z)3I+=)Zm8B;jLUY#od6uwZ>TMQg2sWmP3)ckujBxEn~#4(MJOBSq@17y4M>e+eqss z$MeGN4g5fQXY#1zHTI^oTBgw)lh5T0jO5p->C@Q=pu3F6B5fO6Bj&0~#&VN8m$uUH zbosBegoQN?pvX8Im=1=xsdWJ)NfgS7IOV-T?@XJs%REhU4b<%%50~s%cJ`?B8+*vD zVi#c(Zb$pWGzqh6InAMav``UFDjPj&S#Cf^`LcQ*F36o*FEsEx$VTNNpJ-%lUhWH_u~TbC&OY{gR#K+- z8a*3Mu$XDrH!;Z)NKuE(amFjeF0CcGy=%AxP_oO(29k}Lq*jMwg678B-sVK!B+fI_ zimjvfw*D@?YYP^nKs7O8t7z6~ zJU7--eA3{Y#7|?I^bL2!_F7!>EsRDKa!%3JN7j&Xo;L@H?&X&7-4i=AHrX9{!970; zy`$?-rQLn1-f*ru`WgyI@3q}#{{U0B)2^i~wvs6zgTrHr^V^wx%hifG2bg~7saG}8 zov()VE2~?nG^xPzNgYLcMY~IDEO8Qi-2A*|tur=whlq7uLi1Q?(WJDBHes+HB=vTRpQ} zZ(@uJk{6D(%lMM+`} zJBiI*)>bHppUn{{WwQ$kUXF*xXx4{!C4B%y=WCS6iWIdZxEyC8Ap! zTZdL2T#P!^D2b!VE!DKmQs2Y+(ek{S8w}X#?^Vpi(Z*d^O=qkv#kehNk^nsj zuH*Y&SJM*GSYz6ZNGriP?fO)D6u8pFINMK)@L_aVT48I+{ z`@t-bT1`A?M&P}LdUl1X9X$dV;=5xO(yyE+6ahqN`k$LVv2cc4H*Km3`@D3nPhZpJ ziq_&(2as|x(ttenGZctmgn6?C=m%eVlSwxgy5*JBaQ^9k)}tOD*wYlFavf(;wHFsY zda!-?7#s@eydKXa7ji2y;{h;n`PRu87B!WDZRU-mLpgPjOP{(&Z}aI|+Fis`#;DMM zILYiyRfTRFzVGZkhD1VqI=~&1O9+-)fVAySe6&&F>P<+5kxIBZ$f* z5#)@9Y~up9zp`zvt)rP9Smi5{0OL66S;}3FBWr4L`qZOOgJsl0Kp%xG*1UsI)nvT5 zYe?;0H9QV*ezkFA9Yl6kdTqU{lq4bsX5E~c%ChkR8i9&~ zUD-hQ3cQYX_7x?&3F12)Az-(PG+AZ?EJ)~Uk!x0tEWo689CZ{6K-KPbVQCb0s*YEJ z2*5v$L#Nwam?TS>i$r<+X*6kLvC_3DG;kD#0A;WjsRF!r#@;Wu)qFuFp{6@n#3M1X z#7G355Ar{qA)Mxx(>#&Rr*p1GT`f=()=T;=`z_~3%P)o0b@Df9P^q&XyUv>J=MOiV|k=sNgOC!&4?%~A*mDM zJ;Yj##Ja>Hw{NSw>-5BoHac zCC>{$%|m+*r#;e!LaQM~V0dqO<}NhLqdoefqgixZa!;)SIIHa}!7|-&#DX@d`?YgM zmg-ErhcO`9po#$2x}CNzM)gzDu2@^cc9I!mP2=wK(vyj#ZfZxQC8dhZX(BDdNrpvS zaqC-JH=PM{Dzp#C89dY|>Nzmgd@*%<4bAP^nfIKMdg8qD`$4^u_(vQelV~BErD#l9 zrQo~KplW)Jlia<#F&SL(_*c>vx0+?_DoZQ*XbHicJ+ocTjiuU%VK+`EmuTZ0ueAnob|kUTr_t{3FD=1VmCNQ& zm}eNrKT5lG;uthd25b3;+OFAzY7k_pCmF>Cj%efbO(R#b)MVA~rk&)z!^Iqnf)sJb zuczT&rRCa7YDBOvo&n(Y^q|gCx#e1wv=Lv;a~#{HLIVJJA4(=L*NG)%m&^bH zcq6?8oE4amU50_=e!+TyTH2kqqo&=#<`7x&ls!&p0%d|(6qZ-X=jl>dMRz)zSneJ; z$@zdd+(iI-M}{DNAdNiRo!IBnyF0xmQDrOM~wgg7$@oRqu}3q}i+y$m%m(Y8r*k)%!CyL<8>o*DHUfLb5{h=0`!p z6VUqBB^9L+M{Omv+hxu&b68Jp5;T$kxE%b)AB9{H46(ekl^t0EmFRsdb`6&rbmT-D zWp9_9WO`PDeT{323y5^Z5XUTT%Zv}FYJY?5H48hK6HvFC${=x^mLF47J%to*_@_ya zNqa&}UQNQ8HisPZ+zQT$QqiV3kI;6k(MG0~t!OacNv7(tK`c^7AdQ?8wYKm^J@H&- zpL1h#HOeVgC`y1j@M}~n43|rbRKH7hRSw;K#Yf{GgfT&KHD3=QMQE3DG0N`8Kdx%x z#(8|&cB!Mhk=;g7!N3brHHG8CTgiVU{pLQj=1h_yu!-TBP$>>ut~%GFXtAV>V3C)e zMty1wPWs!!H&ENde;Rp_zD`twx9eRVgXTv)!ICvsR3vA(pk>za3=lKjE33MOMBDr% z@t?xHcT&IB*7{rJXyvq4+s{=$S_+CqNc?L#@?(2XG#Lnd9*gT;L>ia&h14t&Be0BT zaOw}!^Ps*&N2=?QPVWl7@zAbocR@>!e6 z9&&_~2PChxXftD3lTC`&=DWINEVV#&G)Aj-u1xFj*@7rclaGGH^lU*Us?km$K^;T(WNn z#YiKT^fbhDwtgTw!_TI#mndckMn38P04A{xhDM_d&Ry0Z%As3@%>YlP+G=`Z-8n&X zZ0uNZ&P{p_h92bLqA$u1Od0{MhevUynApg2iak5m0j=p4w-T)3*<~ka=d}bl6s_!S z{6D5$SVoO;H0_bNeaxJkesylnEh;N3sW0HTjr^Uk>=|A8AA8#wplS&4Jy%mn^}n-P z$0`^cx-dck`ktNoS2ghi#TuTm2AgMhJ1Se{RZsc%sB`RT1*zuV9@IawF0N+#G&hrn zEy(TfS7Y&(t95er_qOoc+h^rfImrB}T^k)HkM?`}-}H-RHn`w=nv=&zK()3BYM*S5 z84%&)`gZ!$ljvaC=9V{bH1`h`ylIBc2NmmDE~#S{o8{eFgMA?d8C&j;a4Hl;bK2gm zq{XY+KA_O;T+MXNP=f@rBlyw!RL~H4iQj#OiMfkm3IT zxx218u0z4zEz#w_(|_S5yt-Q`B^f*a0C+|_6HzGiH;d?cr-c3>r;2TF^nFiFg*-jx zOBr=+Nit`Fk~ps<*Ss5}X!kbPQrxum@wt{LO?joe^ z&O1;fta)a$r|RL(pyy?SPU@RS56?{cid!p(XA&`IAOH?}W3>QmTAJW{ZLQ?CiG{#jqdjN?=lxGe)b4dhj`q^v+DLY+xg-Yf`c+>N=ogj;P0}9EKF_GFt<+g{z~z7$iX@!jr=uXsYe=G$fx~tCK^Bw@n`A!)FjZk zY<&L!<9%nspJk6ozeyz28ce3qkT5#_mB)Bv!ZvckbvPt19^%QlvPt}YwXtzWaiVyF z4KG!DT|#SUC5gxGS-xgonIgM8Df}a2;#=PmX))T~$BF{y;sB* z_IDOOE6}a<`}p651d>SupQSUNP#taIWbq`+Bn{>61TORUea(1} z_CBe1ug&3YD^R}O6rf8qY(_cfp41Kz=zY_tX*Y0K!JujviKyG!TSn$$bH9O}Pgdr+ zJ!{4Go*vX}{5xZ(eY4Ny+#n_}dK2kEGL?@m@qM)SnzP;BJXV@aQD81eC67{n3fA!b z&X;SaM!J@vb7`eUNse8a1p0OQR7ym9L)Gl{?IXfAE2w5Au)G5f%06y!pRX0GcX@oe zedYC%$o~LnP$EJ&2ev9XjT7u)CyLb}ippDrT|y<=@e~R{{{T6zM_x;dtC=sBJ>_HE z%*->K_8*NG)ICo-yVqsY;+W4MjX^x;wQ=_TD!G{_v-25k3-8&S53N*F2$0z7MRg{W zJc$zxpl5?!g}#w4sdDDdJ-0haA5VJFxXQ;fc<9VjV2hopE`!&6Z4|TNXD3+1O`{eLoud&*6@z9*L{lYB!3%WHI?lIKmPL-TK!vnawBA`lsUM zmw~k3g4*YawLN1){?U%uO$tTZf|@!re0lIO8e0u0FX~$2Wk}2 zDEdS8UihEm%_X%z59-i(l3QsVqd_1gVcqZ84lCGyXj^EnydiH5x!JCHs#LaEh|V*| zZuCDRbK_lWO4MO%Xtb>~xXOorU&6F)F5}QIt)EhXt?$%^RoQ}~v%5Ern;!k*UmExm z#J>+GihHrEYX&0{!ioWhj^@5!(=Vjb;gM}&6IzrhvBp3c#VZ%g&d=eNpEk9u%WG>A ziB>YogkufuQuzBy)$T67%Y7Wyv2<|Y{KAU|Ip)@OX4-Xv5w~Mtu^a(j*A#HvSy@5$ zgxH`cIUl^wwJu(!a*<2N-WJw;H>X-%7+NKep-u=JPCun{+HSWJ>Hh#?n4{dY3^5%C zrD~va&O_V7k!sG8DmLX{!~<7vqr1@^Y!fg}R5GVem)5kgg^qhs)#gTqBOA`la!Bo6 z*MoFOJVN&7MoVz)R6G9w38<7ngI(|xBL4dF&UAKz_ioB_y>r^Se}^(UT$@0UnbG#P z{z8Iy%?c0oc_bB#9^;Dhd&?uIUATtTTHOK0InT8z@>T8zqE`@#Jcx{F9v|-2tYh_73^fX^F(D*w|y=ng036T{D1%mYY*I9MrEoV(j ztvzoZRd*qdGIsh@@*+$KP1WqtUCVWJs2ey|;Qd8)vT8Hfk2c%~<8Mki5Lj)dp{VMJ z)|YU&iI0}bPCirbTk~1PGku=es8m3u0nRZ)NEsE4j-TO$pHNuR3yl1r3~gh{G@5^p z?zKto{@Hr3YMe$0#y*vcBa>4fQ}G4L&%WKiblhjTtaa3;xOYNye@1VnmyhXb$YS{O<;)HMG93zWN_JEGzeGJp;T<6fJmX_{V}r}=+j zH`TkJO!7-|_T|3lAFma^KBKGnL2cyG{HZT?hL6nvsOOx6_|i8~EZXW%sNKh@PE*be zg4h5LTvtP_c;3P*g=oxZRX}Z?-qnk2%1G7l&%`TRokj~ZJSg16w^8X{l^2S%n^>im zNs(?#0;He4+M1b{v+QMR8qKz^CzmDca4^UW#E_!A?GnXik>rjmwaFwGJo}2;H3epm zJ@EyZlIdDMm4OYEINR)NsJ|91;oB+oIU#dsa_8PW*#bCX|w3{H03RkbaXk#Wr0(E(SX3pGnpoBjrBmi;8YGx8j z#0O%l!zwdlziLmM#v=??5PJ$l7U5XgSw!sUPu;k`(fRF(%-Wr{{Ra7WvPpwh~5zkZ*LvMz}!o0I0TI3 zj453Dfkd6n`X8|xylF1jQGRl~V05nx@rIox%ngWq#zI4>{vlkZbJ+L;;;)BaOuU}j zIM@k)(jX;4!CZ08e?0#HxA*Me`u2~1;){D^d82l^ONC5`j(%l4exFLHZe)H4+}gOf zxK&Rf!w?rd@Nv?zZlUs75?nZC$@Z<%Gm;}~ms@hEBJ)R0!-|?P%^-Xb2*ALtqKL4p zg=b(-%6od#-wNtOGL__jI*Nxr!D44$JSE6G7p4LIY3fW{9H?aX?^PLGsK==wX(T(9 zLoe3?wJfe@x0xC>PcI-o?!(%u#>o9^{{VtZ{?nSz!EcKad^yx!ShO8t{M^`?X3DJK zjH-^=9lo{wyL>S5+?s^8`f{Vk4A8CJn~}?8WtTqPKMLom9*0jWK9tzngfYxXD&xQK znth#~nS8p2lj0j#ZuBerc{Kajs(c6b5mz+Bk2za zUFa=-vcYczmy-2hm@Iwk-QZn1c*Ig%VRm7M04cAH#N9Kqn#)3zz7?_4VSQXj1mo{- zPD#al`>c5HP11Z*FNtrXYbdeg$Au$m{XOeU6-MTgIP0HNcqhbW`$@OB-}{LGbYY%< z&lTy>-MN5WxehU$XQ;2brOckEg;qM4x0Y!vLU^TZu1O31(^(61bie4%>{*EDFd5YoAEnO(&5pPB7EEFS1zmAbjQ}UrejfD!}vQ5gK81Mc4K5+ z*jG5|UcabZTI%}D){ry3x^N2&e6_!{GgQodZ%VSUvs;GJu_cE(r~Qal(q)hW)hoptuO{7gad>-%5L;PJnCD>URYsj7JL~ zIV5%Tu4h@(t>uYl4jI*p1qYg?6a}9O-d#(6uu327*v5SYYWSSr+1neWReNH140_cO zCQsp=Q+1npp?47m zzsOfjr)oNWi4jPQQNsB7cZ`AW=~v{9A-1Ni#m1Mb2m2+z+NNaz`OYiOwOJc8E8u*&3UQu&JJHI@=1A&qrA-}gRdo9sp(JG$q)poi?mZ28rRDAPmWJBtwnj(; z%lUIulj>(ZNo{PUrP18ChEm(rnkAW^Cmbb=Yq5* zMO1V5-({Zd;I&|ljIwvE&+ORkrIJXhUMIZV9#R!JKeQPP@~!pRwSIJ>$~q|CtM-n$R7u~dzmsVA?!Qdc98-J8NXt^S^t zmicCJ$NNXvRd4u5PJyS&x9lO*@&cwg@BaYSt) zepRK*#ULRG`I!5DRf~5VO8cSKmf==N>>>aoDh%xv;*X@wZK>VaS+hw3xoyl3BQ%Xt zIved~-e0n5Ht1YO)v?@)sj2AbZJ`mY3vkVop17c^9j2Ax3rnpTp5kPJRZZmQwR!%j zt;M9vEv=jR$ebx-k(v#XGoaS)udy4fYUhlvdgwIE8Q{5DR1l5BP-i8sgSBe}iu7EN zSG#0mBE2)g`X7aSU8Q}MZsMO=Wg^}sJx+W66cZR6X1k_Apz08y)6eeMhH$(Ot#f`f z@k;8}dVZM*Kp)Pqa_X$7hHq+ax2fK0SIpAN&OjN#;)w1= zipwtekz`Z{J%vD#N%o8>ESbRLtv4M&^lds5Et*E<{Ja354)s;EMQhb65sEfgo}l^) zml2&^j)L~rQEJjQ_6#svu&(CnTiFshl|hk#E5-&YK=IkM@3-q=Z&FATb_)Z?THLy{ zDiYCBFC`R>;PUhcx8XbM8+}nDxP(e01af*4(ARygg}Kvjq`Hlwh42#xss8}=P&C8g zqC8gmm4uG6+q9vP7z2Ur`q!*Bl02)0wS=HmIr>z&Slr;vot1!T);Kqu{LG-&8K`)6 z(&j0y;SrST^mC%EbIjy@ zHlu9uhH_s7ebRkv-#i<57f7*dn~1I^Rr!<*3Z7@sckXtp<93M_&d@_`^A$S|3j^5Z zxs6A|*Ls9{#;0h4NZev^Q{)zi1QV>7LRkMUY|PUST^Fg+756jC;KpkSV$DR zaZCwsw5w;+fo2m2$z}GeB$D4uwEHw=5goo%Q_`Wsv8)+xZm8!%^iJuIorbQF@ zHa#Zh+Uojk@ogtyJx@>RS+r5aYS!|$qKRV6QQQJS#?UL$JTc(iL8lt41fJLKv1U2l zkN&j@0o8bJ?p+S{?dOdog|{x!GrT?~vty75 z1L;Pqro|QI+?y1V%t1~CAo4s*ROa$@xf_%|04BOm3(qB?k)$oLj|13N@!02ko|mcU zH+PVU?ciA=bq>UVl1aNN%tNias0cxL`1 zS7q?!jfK(F(nR}8Fc=4n)?gZzpFX*LWfkOc8+0CU-~Hj!713Hv6cI8x18+TRK1K(e zc&6nqr&Mw{V~lj>xY;y>mwd5>5&#B!fmV=?p5ID|G^r!HlXR-1X(R7fEV=?(JTkhg z`K^J+N?>}1pQgbDgp)&Wuquq;@=a&mO^1po;&ARgI?x9*so5Xgsz?iG=jWw*H-#@I zw6>Bt*o9TVAa$S)cTm&b>h=ke?ZSs8$M=E%03x>R^xrn_(h16lIR%HMFgKG+(ygsu zdqpk4a#%BU9+l3GUr*I_JJ>933=mt82mtNRpfxu&jmj7B-K?pqT}Fb)N))K-Ysocz zKHhy&_FGhyZ5htpzypezNYLHU{5;ln1916IAmb#8#e+~b+J(eY+q{N}W-OpOHd#JU`6)aI(`KJ{)k6k~H9*G!t; zC$*AigN)@)3FfwR$*wFG;yZ)6bMh0(BOU5Pm7JEK?<~ZsHc2Ca{OS!WOx2!ACJ@Wy z?JbN_4pwWxs2DWSm0q|#ja+$cVMj2y5_CB4Q8s9oMqSahwAnSJ$_o?wvU-}4zqBt6 z%$ADV;={Kb0aBz6Cf1MQom%Q?QsELyPcLr+JdVb+WVvX}QD{4(j`YT9M#QBdW%7~`~ng(+>T7>i4Op?bfwe}9^ z$>mShxY$(P-J-HGvYz9;0Ce`yJaR@PT;;Gq?_Iv1e-@axHqu6oxs?9^wV!X+fhKSs zGSqb&ol?c%a%}=MZlL6;IKlpPp%%F=pJoi8wZKpiW10mgVy=;?NppEU)!0w9O4-Of zx7NCSZcj28b`@qL51&s;44Wj=WYeKYV4gk2h*5*myNEQ#j7fJA5SSfJG>qK(9LBeC zsM=fHTty)y1Au!P@?A5;^V&|oZ&Ru!?7BJIgP%c7s}&b=e-wDDSn(8=lKrMjNbQMR zaT&mkdHH`+T}OlbS#f%=X@4#zP*qr*nFy&U>0d^lT1&@a@&(D`7_TkVbQvx07B*>C zAldeyEJJ7i022F>%6Fh{bHT2|Ro1l2q_&n9chtr_&A?y)IK=>wTFKt(-dBvS7?GZa zsA%@@H1a5Qj&j5WKC~b`Ys0oOX_1+ggUP`qfMJ9`h$?AS1)NM5ezK&E-Q)$ZNp5My3 zn|bc_E19Q>+1ao*x7`(-qhXyT=9tl1MJ%%-G2?0Vu2Wglbwn^kAZM|ceXW9HUdp;a}AaKv4w^ThVCnC z#U3Eh^zA24)9m!txbXwcm6ZX&j{p#UopV`AMI?C-i}amOPSx!tzJ_hGz_JbJ4f)=BU|J3$7$KJQl1MvHc2zQw|!^5Vzet6pY2%=y~Qu65l>-tsdOKLH0IW754m zcwWy?(%RHIz}rdAdCzQ6!5pREgl}z4wWJXda7e~SE-EW4DJ|{_vi|TKA8JBq^zA-f zLG<|SwA1ED#5TjzHKlu}+@ct-L56H$iu4o+;Vz(+9phDA4nCr>rLdeyAr4+P=V|B- z0A*Wf>hm~d5fXOv>s>yFq&tV zaFD>?CqhZ-L8-qknwqqh(@Mw{uyc+xS^Cz!q}kv90Aj|_$#ECV`$yd#wVK>#n|O-$ zYx|@&@T1zO!C+2nmD05Y&^7xz_uUod)`;yt!hL@#PD4>WUe{fNR)022fU;)=eMhOR z{eH?@J5TLV8Eay~HFX?k(xkpa7enz%SY4vbBl|fUScA@MdtC8M+NQBCn_&Zu56M>- zD<;<8pSnk1#++S=aj^xwHq!Z`c5T38IjnWiK$c6(bqy~glYv_hRfGK65jh6f^`y4NhVI4-RrnOY@$ z;2t-6&@;>?)9eyknI+>S62buDZr6@ zw^Dd3P+a(pEgs(L;KYDnklX?@kIsVIvFOrxuk5xXP_cy_wuV5x4;7njthb1voXu`* zuH+eHCpfJm6B7j4C5etnE|%RD$$i79u9CuNTN2v2Z~+<4YSIzSc&|!bS)ub4=8%!F z1B`o$zomFa^GP~<){*>(*^_%5k&e0VRTp9<6WzQ!t2NNfu!r&xXCoj1^{bcKnnelJ zZ33u?w+)Nm=~_9H7~J@m#hQES+QzM|SP3s~Ze}Ib&Ia&sap_)};lGCZ6jp3+CAYbE zM3P;+n2F~D>59%$H;H!h!ZM3kX3(xy(#a-b@u&o_1C06%{{SlI<To5FnQ^scl4J#)iN*)51CHk#WvR`gyz}a^ zF|zWQ%}jK zx9J*1+clIorr}I`aq}*Fk9tEnpAP9dg4kJH+6P%>mN6iZ?It{ollW%6T0LINRMzgi z8D%Gt_EgJA+$;SE`hK;Xe8}aw=Nj*Y>@GDZkFq1CNr@MWYj*+VSWZ8pgq zjH)m9kD#lL#Uyb0=YsDw)PuyDSeAC1gqk$VkbC_(uT#_fCu89c4p>^=YLlHx;E>VC zK4k~r@vP*Y>}PjpYoJ*F0Ak0g+B>YXtRp9h4`I{VzKc%`X}6bFcQXjQJ*FL~FgGyc zj1Ij209rtKKgJIYT4+|VYbRJogg)uoM8PrRA6oe9#Z&2PsY4!{a<^8+e)68A^PG0A zAufd5Q_+4JO9UxD+7))LTq|?C&^RJ}5 zEv{T^o*ah8S(zFpBnZeD7~-;VX3#!9w6xVV zKlPldFY#xf`qPR=rJor5Ik&lJ=F*(4s<1LH+_B@K72@)Eb~$ez*%d=0>}(Ia^{qz2 z?hg+5dwq??YP z&7PGLM7GX?5vS>JCb-f^D0C~cBY)Qw$w~1{S~c#I4xcp6>*k}C;c@Ty);`2>iSz#e z#6KQfc!JXBN4{yE)$j~{a|QMo=~@2(4t4qbH+5|k1yTongSk?DDLO^_JrA(F5All6 z!7r#ZT0N$tJ=9Kw$T5cg_q}NA_u8k#O-9#N*DdU=XIMliu#yz7sU6Qse4*^g2ZWNx zNz^VH;X}oOio=&a-%9yYT#oBh)b1wKBWSJz5%;r@J?WYno*1#T4$)mekGm?)2PzMK zD^F4I)xEW};?)9eUzNKN>r)~59CwBFS-d%{&8S(<>2=0g7>)-Y<6Sqz4-?&7+1TEt z&)Otz9yZQ@I+zKPXm(aQzlL>5y!as0V*%A$8Fj(PA4>C|27RVK5$UH;c|Wrty5A;q zhEPuf^s0+6d!Jc;(mp!SylvqvJ5TVqxv>7vg*Kvqe9fb|>T_Qy{4rT|=Dn8rTV!wL zjia6^nYFp@_NLQHx0>ciky+)n~()?OjAy}6kd703|ejJAEdcdc)TdR5+y zq_pnI1pZpODL5{sv*!rL$Ip;N)=3@B#LDqDc9PjS_pSKeJz=eU>qt`39DM4y-Hzsx zlQx3tZ+L=KyM?XeC+whYjaQ}zO8MVXwlLhzj%1XAcq6CMpF1=QH`(QUzrM~_KgzvZ zM6;h%)NPvi)nEW9QagH@(lWTuTegEv(g;gKB9_P`pOo?ZtId30shcaSh=WGRc=;QT z!kHHCVfZ&miu&?N=ZSW?%ADtMuc0FGYw7E0qUe^E*1Aim7Y0RKvw_!v>rKwUlj?Z3 zv#j{LM%8r%ySno<_daL}a=6Y%1Msc*{BxoB$#i`u#CA4UXpAe_r4fv2{&DnE-H8n0-nepHW)A9?<90Y=!O1t=#gG%*PnVZU;{F z7Yp<&c)Ie^4J5j#d2x@KbCx`DUpH9As@>~zSiu~qNg2q%T4`LUNcA@GjqDDPwcJ+` zs(FmSoG%$8CbaZDHpY0THjJ(rSxd3q%_l(EpZ*XXTS>WxQ@FSiKNa> zZ0&Cn2Z2EYr3`}_lpdNsGfnFoxUl83(sN7yHx*LMWYaC&QeJauvuhi$E*5}kOe#;Ovu81u0s z8Rxh)i-%&=t)a4)Qg4A3*ds1iAH-?5(tU&p9g0dw7&Jy5%%v`Z%L_qmEzHrMAyhFe zao49>^Q}&6jao#uX9n0e7(aLLu82penXzFl=Y}sW(k(0PEi7A-Lb(A?@-@?4YjfH` zZ#}Jr?6R|fKp%5G&1gM$JxfZ{XKOoYrwZvRMNpT6Dc9oj4nUM zvFGYFBZa%0$hMZw-M~A;0ISOZTpqI~qUB|rNogK-spwj;b7rabJFgB}c~)t8DJ6OW zMGIXISNqNZ6R+jgRcprCYR7$mtW3Ne8BDYe?0ukyg$$GQ*w3 z4vp?HmDLAnoZd4w0;7x?)CU|`{4z`u(e(r zaljS5IP@l6i1lw2X!gQH({D|~jjY6up!MRZ_;bZqYj-j=j8WS&mfR3#PCC}{iJRQ@ z33WLxtqjtHWl_60!(-CCqhIkS+uZ392Y1{8w_T&sl*Dl|cxpR4%RAjlP>PZUAs+`7 z>1%UmbdUvAD4hxCKU&DnWerx|JBufdFplI9eXEqxd>sQ%3yGwGLl!%}V%4N!+|2&~ zW?u=Ed@R>~8+hl$UJ}+)E2-@6WnVCSrR~AQa&y;#gYRE9i+#vhKv==f zRQ>9+o@-l~mxcWHj3yL*wF5_S8i$QbspvC|nhsJaB!87$D42|pPfC?1#@zhPf-&ju zK++K!B$Sk7qFAyvjtZ(5!`u!by1`F%Pc zO4|Ben6fRGC>5>>0!DZgkY#t^t1sSTSh2=dF0`=9jt|SYfwSv>y`bnvB|hsis}Wc?-n5 zjzQ#Oy?<>V@J?Ua%S-s*@QcH`%-44|-XXPRRE>}KKn`)+aT%QEJ0D`c7#_Rh{e#^HWA+Wbgj~@6) z%W|_I{q(k>N!kxnfzW@mU%;I9I-iBLi?0vrlB8Ok6UeNgv*rwv3G_A2rDoB!Gt;~g zd3Lk9HQR{+$|yXF_lrwk7TsFSs$1O%ES17aGr5lk1bTF@pT|>9T*qu~dmn~nyS>n@ z?C#{amQAOY;FDe*@dLx?*0<56znyaV^8Cfl4RBD3jMFl!aefYX^TZZ+F!*Owh$W(u zo^H|x{s#d2clNKhG-#UQ#hFQD z^ejH@bVVEz+}(*%P#{x@4+oyq#l4o-QbU4cLD_rOmefa6eKc3PY|`&Q%r@;kYnJf6 zjkTThmkJ+aoMW{%R8jOCx-@I2tcF$dN&*FV-mhz@wd9fR4QSjh-29|^n!wcPd^de} zqULmvK`shpKO|I_ws%_UYEoUy9!;f|LOD}TE1+2CygQ*hnuWcloWZZyjFHy_*RQ># z`WDNA@wBW8sTb7-Ux0J9FOATtx|R+#>NEp_EOnMWkqwG{VT{d>$?aUqk9(K9AJTf z271(UB166Fvs19>JZAL`Cj>6kuh0g=A9<|sQV~WWO zC|4a=54~3gOyqMmw=mjW%Pe6Wlf&bXYPO-Mn@fvmQZU|g9j6^@Lo|za+DqKrLAd!~ zADeLPT(-ZbqFpeCHbA*280M2TyEZ&6V+3&|>=lb=;sO1rqMhna z@oF;Kq*3{|5jPFA@C9_HPYGyRC6vn7S8VLw zVI5p^*YGFtt`k?*r@Ju86lZ2Q$F)l?n$*wJ{6lyyO|`sum=Wdy$zQE@nmvuh-R0fX z=(`Gyymj@>37R#b=QAtV>spg6aG(xwSGf17H5*N0_3bb0ipjK=1(<++jwz9Q9rezs zA@Ivc%C@&{5LQrggY8}eaWgf{(#Tbg?DA=~&}v2f5^%SvA$`$jaR7RDuV>TsTM6xE zkyH{0<3Dzg9LJ2cS#ItuMY}gZSarx9xTp9+`Wqc;(^**>KeLiJZMn`r!n2gR6&RkA zt?OETuM}~_h39PK-1u|NzYGXi`eL&+Iqwl@M@op2@e-}lHp#4Q15CKqZ*C!m z-Q-nG&cm>#WjKjBj*}rk2_qw@^{bi%WWGOrXdkSxcHMlP{+2UEv z!#+nHkEI-l2s9UTyq3~P8c~zC0N@PwHPyY$T1=88@yNzOlq$Ic@u9?K7mIK1ZuEF8 z^!Zg7N*+?GGRx_nwZK8A8KQ49dG;qHnxPw3(>=Ya!NbSX?&B34_i5y{x0=RLj;ElY z4i)6`Z_2mt6y)a}1$EXfd$4_m5h*-;!hkvr0!?F2x`yvkx3?1(!vT^uk4pDVeJyn_ z3q8cq+bZ3mh6YywqhW)PKOX+Iok7^~Z8uFrBgJ=ch{1Vg=;R9Bi%|Z_vH}Riq?6Ea zD>0~?tb*5<-%ND&Z!8D_xPu8Ac!EY_i**6|% znorJ8de|C0rR0`YYZ+6LW6O0lLNFxMuD4uTpm>#7#=!L;R!c=C{PFog)_BS3(t@J( zJ)=awy3}luy}vPA$%)m4X>9AY$9#gW@hJ~ZVgR|mCrX_M^Kwxj@uyFe8uu`Nyz^I z>(*wcW94cSfI)@18+~fIN{^Y%T*q;z-2gDL9(n3&&9o^nXURV|=4x6tQqbD9Tg!Ys zyts8chEEyyuCG_t?b}PYlX9)jO1iFced!sq$0v$OZlsbxX2IQ@R@JTi$r?!_qMp4?rdw&RugN%g_4Zc>M1Gg5=Y z)=OhA+GAUo2r8<_&-=>ht45_h8!s8uS%Be z2TgIQ$$6$LTZYISh3lH9V|_GGx1SN7XvXNn9;fM3&3B;7x>t(z3yaxey|j3u`>LQ| zWcycts9G434>bxl%myRZnv1fmP_WTpw*uy3C09LLy=mUqT>=`}m90p^k-!{L%**6P zW82AT9CuQcYz|MYX6rsBOK-44rmTxADc`u~pKorIibk%7X>+MgvfR6FKYJ&Nk}Hv+ zYZrn+AK4BA0ysXr(kU%YicM$3o+Gv^Zc**nkN`g}1$f@EX(g_qC8!}3H_8V)g#)us zL#y!B(#3rQQ<&KR#v8R!@s##4YLUZjY>|YF5a2M1;Es1wq+|Sub{~0u{BhR)dZ3PicSRu zoXSlfo+5@UqYc6HT}6hbm^M-pn@%_!V2S|dd`%=)3hbXYdybf^I!}c44P(KB#&*(M z$zkT0vaQJ=4u4Teps~#9@Z5iBTfpkl9oYFtPsY8kP1E1(SCK$Mf;P8uX>uSZ(_l?5 z<%E{e?J9GT*FKfVYPzIfYgCFggef4lG2hmrQ2~bT$)cRSyjRP&7zdrzUrMvEk&VL{ zt-`)OVt!1~7tjiNm85GaFf!fz*k%KzRI}6Ig6Hi%T6vv1aaw_5^GdzASG$E#B0>&N z7^2xs(UR)THh%ZD0b?&yw~9D&PWz^AIIeno8>`56g_PX^(0BHrnLdWzk)$r1jdiHo zFt{s)8?l31^1&_eg3cn2%)okLgC=RmqTHp#2kh(RbkCvnu7|`LmZKb2v09jIZKB7V zK>PH?W1PFzY_5{t+>-NdBkhIrOTUubm`v6`OwS z{GODWDlFo(%_B2+rw?;Gd!xf zkRF*mslE)ekHJmj3`rgg9Id;WNIFtKHKv@{_IN@>lS1$&r2n*)#k09`Xpk4^ZQ zs@mM!&i9kWHHxSa%Oc>$gMsuIuOHFBvz|E;%Hb{nLR5pC{xzgxbD36p9;0*SJ@`*3 zNK_OA@tzOXtlwC{qQND^%qB$ZxM0?nGnwT!cj(%XnmE;0d2C~;&38Ig<+bLl-g~ha z+Tw;nMd=p*086?{yIW7SVfZRQIIl^ux6~!HiPk($=XNMHjBIiqEY>fy-w|0`c@sy3 zA2xBd$81+)rfJE3fz~Dxh2JJeH9W;wxnpwv9M@E=D?PJ7>i!WFM7_u`KP`|y>L+JgPEDSCxq^1(_NAcmk#^Be?#kC zO`nG+(`=e4j0W@^F$0X$Gz~E)v-=g9o_1~d1La<(ofPoIimabA4(E|q71VP3bv~x9>H22PO3EV0Eg0e5kKN|1Ryf}m>b_O&)sByBl>i%BGUXtGuuSq#z|&T+|UKNedy%w?H069aMk%@k%DHCsn0d zTwG}?3@7DXn*jU2THJ%fv&_eOTtx7I=;_AqV~^!pdKj6ypM-Uf5Xv;m8-%sIBsS>) z*av;t?OHlMl@^1yOu4y={^lZ9SyW+Nv-~5{n2wfvUkt!gTAuDmr%&DaPJT>!j%!-S zSFzRnl(mi!gl#2z`_mUG(7|gRq>}(qrN+~=_Ny^TVHLI7eUVxxC5tgVhiZvR!$|Wx zJu5}ir_^snsJs#q$d8SY9{hLjUO%f`YSG_G{h2hD*3uHL*~SNKcC3w6w=eiEZCcjq zO;=IAx_c$eURfZiVLwZhR;u*NsQY|B-d?`alHo6GmbwB2V=;-AXw>gTk4jg35}BcrL%%me-(UrtZCYW znuMN82h-4>oBN)h)`HZT>^dE=xzIG}ZREL*%&Mx$j6f$mfnJN_Z89BAbg`wP2ZkgM zgTs(H%}kKxKF0q5m!N4L9fsdhTthc00dHCk;ie;ypvJ=sjT$Ny&?@iOttYO(Oh{%+>)wM zc+NY4iV_?XK5_V|@pHw06ZI8=r8btscbJyya>GA#4#KkZF9Kd&No+QWWMtj*HVDAa zB>pw0A+t#%&~&@`yf3~Kfo>tlQUdPhKjVt@{X4(DoQt!oWtN5E!xBkw8-MpAtKh-hr54~h+R`$Ae z#Mg^#mp2fC(1N+-cdYEMVwA@GI`L2Thk|vF6Zp*=PDQzrG(`t5jDeo~n&lwVG<#>c z*FMbFEpst!N^$06z7OG56=ptTh4C}#8r0U2SXsg^QbJx_a(;re;L!4-CRbJfNtWY} zTpFZ1yJ~t4h2l6Z5o3f$apkZLxP9Mh^e+*?r+AaYSGv8ewWY4HY@>6iISNiXbo8R- zB+o6=bql*Y(q|@nBeZNzDV{iz>fYAfqOzaLcK#L4(bqK1d3qjM;ja?Ob>hkNYl-ED zFsmZ6;Xuz{^XXl;haUO$Pw`MsBRPAkZFyye-sH%ER~%%9t(^x$ zx+Q17C6FK99lyarQH_oV#y<{*v*H$uNJX1Unn=|dy>rMvO7tK2M|3{}=sJd$4W6TR zvyM?WIB)h_>%~i#Lr!ZRo!~!&_PU%F{vg!jidokZMz1IFc2K^x?7kzt(yZ-tjXO}$ z{{XRd8*Hl$p-U%bKD|vupJN$IqCCIEzY#R;Dc4I`Eo8fuenoMU^{)ceZvOzZZmv}# z#DR}djE?xM+p#9EhHMRry~V?4aVL?$Uc$7zL92~U+}PWVh>Ng=9Q`v{Ib7YG7l!l{ zyVX|C85T>o$O)X4`q!^~NBAMCTX+)V#FnWY#L&Pc5UX;>(;m64Y1?9X(eh@6tZE-> zio?jfhT=hniyY@1sIKE%mVXZYiq=ajn|WoAa+wpU`u;V#f-{!-8j;;xN2AR&P?;xn z+HyK)zALr(Ssm1RABpb`k%Htz;dYPpy|#ht{uP{&Cmk#Jk5zlwrjFv)D8R}w?b9Z? z>mLnWMSR-25d(vjByxWmR}+!zS`N9WTFVSGsl8CS!wiA%SA1(F)Y@{~+mza_8_NeB zfBjT*bR(UdG#Z7p(a8qY0`?U_3tgU4&m0U_leNi}y=<%^!DdZnYj>p5g<-GD41l~%LdCqg|T1HnB zJ0I+L?yY0;cy%ygt_7RgD@;%SV6%w6|(bEfveuea@bXXxDJfZunpi&N2!1>sax`CRSEZ zTpoDo^sE|dLDaSMCi`3(ZPW{PL*Q=bj0)J%d{&=rZ9L1mIT#{jbk1mtvCP*~)ilop zj}%{9>GQ~?P=a~dr<~`XrBNOO(jQt)LGPordq-s{8w|*LbL(9ZkmD;H?~E=j?qq!? z%^uxGRir28aBGycyV3q1>2O)WZ9Mmm!HH-809ZYRYT7y?`W=1G#jP(@zS8_Ud^bI; zFSirM;g6Yv*V~Hjw97eWhFgiIjU;`?XyX{How^Y%4jy)QzMQ#S2FD|e*ID5`YEKQ$ zce#5qNn{5ZIjm-a3i=v;E%=#xsA?8|ORPFPLA=P5jOV6vRWz?0X!mhJ=i6M#^YfMg zc8bPK=}}fF>)NfZrXKFfSlZe(B}$C#_OBq*W}00_d&Pt`q7WG1=Q%ZW-Ptmgj)vgR zD@`Iob}-2Up%us6>1O6d{mGC6lgHhzxFZJ4TVD^q+O8T`5JY*50n1j^oPS^*SV6H* zJ+oRFMq27{x9#O>5;_Sm#FfeWze>YxM&WKGX*a~Z9I@d2D=tP{UC%(b@s^8cX=`dE znt8FgBs?s5>J4`m^T*<)j^^S*@q|(wV>qYm%-ZT-s>{Z?3H^?(NA{iC5%Y3;+N>rFVA=r|Gdg zsD972M+erjinBAEY+!3%C%DxX+9)hygKS$E_1;11YfjoNUd{+EQrw9gZ991FT``Hs zbh=YtT3uO-w%Y36Xf4zncKqwm^I zS@A={wz_T0Bo~)13ErYX%X@!1-Z8N*N09h(HcQ7_wILMX`GcshZ_~8Xb!!V+yis6{ zqyTu&H9)0vx06V`mcmKnQqisfIO+AT5{5|hJ#OdBjXeC8%!54V(A4uShvYwBg7;rl zxK;un*c(@lJ7S%qdBFXOX%tF%Qh3HFQbtl*9U8zA$j&5^R}NLcUX`b(*>a@$8G!y`N{-HzS| z<5=IJ>Q8g{@&5pVuKvzbeXC6Pp<|@MV=k3zKA)_laq}#H!6O0qb?yy+I9k<;X!o+| z(M!CfYci-(HzN~+irPCI@<%@`K+Bdqo|!zg<_GN=jqn(Z{(o5C&Pvb#ELypb>fl{x4=JJHnYrhjZ7@IVjS4j+u41T~M@bHB#77IuNS>V=KcWyq5?}at1=UVZq?@TgP)5>~k{4u(*;^ zeMcQCH;tV)hc21U(b~4L$vwshWjS5P9EHs!NXzC#>h8gE+;A!#wkG5V9ye$G=na59 zt6nJ)V%W-Yj?{CbT6ZCr0^&KPSC^n%9)hk%FjNBzyfMal{xxXnhQ@`QtkTDv0mUvtu?M^qPc`+xWw<9i)hbhvEq zntNSJF)fA&A!N@ePfYNCF<)H0$y<2N)8-Sk@%$#aY8%CN7%pI%-fMg4Qu4-RYirAQ z8CjuWf(ZS83jP*<;I-eeJpTZ*zsI|e8F+I_mHZv7J6>Bglvx(&Pv70sj(XPxM`v?d zZ2W=n!rgyt>H3G-@1j`b&I!Piwn*qldizJgy4B^)ywRA$+vINgiuwG;O7=%&C8noL z_qvNu5wZ@bADz7gXZW93eLh%acm&yAgaUJ3G-mmX>TG$&w>)qiI^mJxxbp;xP!6Ey z8T{+&{{V#^Du+|G^5ip14*p7D9th7g>^q*R;QbazEfZFf(EX+UbznLH+x4xB zjX|{wq)FjSV5$7;aa{4Qh`MBhR*>3Q8z`a*rO~%7SFok4x}f znk=lch}Uo+mLGKcS9>;zrQKZHCzu-O{D!uR=w)J`iTpdKY4%qKX4i>w6fR3Ocy^a! z*N<@{OalJ^2qOheJAp6udqhcc!~^TzuUc4njtC_2gU&ZlhIBT!H`e}S7ZGl@0C_~5 z)2^a>xTJVwSW1A{Bk!E_rUhXp*k8;7PB2GWeUF&3q|g8tJ8(xz)+EYSH8)9lsmAj@ z$drtQ99L1}4NB`uhfTFZ3;Dn}aNon*Bk-z`lVxuY_=0PhCXVSgL&D zwv0p<%VGc-J#+6^1AUHeJx21*HC1KUe(o!&(PwMSULY|twj7?v{E7%V`?ye8okMfW zF7R-JCb>(S<<+jH)9$p{O{faOM*|Gr)EL;0Pm4&KQjK=S=VxxxdH`#x*L7VVOtYHV z;m#L;JD*B-DMsg#v|`{s|!M(DV#sP2EXuB~KNaNf zsIPqZdZSX&poSUYXMst4Fv6M%G&Pe8+spQwfUJat=RcKrKC1@XtC{A6`CG83)|z$$ zvGDEX<%NT7jwvFQa14kW1M#P6di}y`FPMe9fx zf=vCx-y`Wu;k_*+@|JVDlVryx!SVLnfOsbO+*A=AJ7O`lF zd8KMGwbt^l5bJ^8+*I7wF|pA2Q%`McLmGv{c~_%$0}O6o$LU!%+Ej5}qFh|WL&`WO z8+qz$CWmf^brrNWs!Ee2sC#lTSemWqh6yetY!GlU)Y2V}KG<98>2Q~G$Q*;^?dGs; zWY&B&cCtXT+eIRk+(!~E1j!e*je6$%+siC0(uMNZYWA()2SICXu2{o=A%(6NcE(;? zAO5;`Gv#N}9~gB#FHh3ED+E@y)>aK=x6UdFnX+@c@~;T+yi#3i3#MtdjWxCj+*I%> z^AhfE>d{?7ve;R~OXLHQ#dEP~lif)KQXR5nsU52M%;gTI_LePl**48QacAY^)~AT? zZ`K6U?5-nyK1lg>Jdk^TpGt{4l^C>-JNqTZnK^{2Fa=w3oQxiN*K;ntHKmoy+Tj`E zDY%cj#Yv=Hh`b-EYnF-{^5G`3m4Q_Y^A{cZ*P?6ME%nxisH~7UONdX-Mov9I{3}%y zRAhMuuc2JsXr@_i{I!fJ*x>Gy*NRUF4I@ppb^9}k3m!*9?~2WqUAonb5)){P4nYUh z*IB0CL#b&o$0`ME5Zi|$ru_inb(1Z;Z3CUES{TdhszbbR@3SePm7m1Z1c~pQSjWcHS|}`c-TFA4k#kNpJNF?8`ntJGjBd2lAlSF|n;a zfuiaf2BD`-Zl`o#yO+2>{;b!M+UP&nT7AX6#O8P4s{?{QwO1L9ZKFF!sb1U7DSeyJ zx38eAYg?O!+a1tfw178p#%p8*H@44xeH^j{E4LW$TUI(;k;<(qqeqO44z&`98zRy< zL$1|c+3AY&`;9hM)r=F(D21{Uo()2eLEPzN&|zO9AQ?)i2Pds-H-zGj+<9zc-ZPE0 zY647E(&wlsx{{Y!-ZYFz#S8tRl>T^$(BKg_m`nBZO7k2F@+8!p8 z3{gq^@n1-MJMhk#X{Jr9vvRJWGj+kwAEiuWDQZLUe#=VGQm{Zqsmy{(wDyoHLW!D4>t6uHdZE~QvDc@W6)mC49HwV`)vZfq7Cby8)>ASlX_ zNy&**?reA$!t#@MWcN&Em5YNf-2)v5TlnA@F1gu($MT@oF*qr8opfmSS&lZj1Q$>^QhL{8E~}_7 zgj~&RJmmSt&aIx`r6I{Aa|wBQGQ|w#nE=i!BKjdVqXgR&A}Jhu(=$5VGJA-iGebIK zJ5@8uHEUMWWW0D^&k=cm2FT+yi;S#o_-@m~wr5z;udg77RI_cUROMtj!NK}gAB^JN;?@Ybd7TJ}MoPyhqHj!0z9WH;}q-SKv zal1Wgi7}?rZyE-;*zSsUyA!}Q>E003;fe%};D+VVPsqcA??BTq{8g{%hwQJXx}=1& zN}ymXWbi*q%a6o%cba)i*wl>V^yFfLOTCXfx6~nuS$@vPX7h}nyX{-{_la(i&mkvw zQQXi`nd2Q!2aN@#yo(u+YwtPd+OKF@-nB1-JU8LZGSVwM8-Mk{IsNH9N$sAL0p00Z zM3BlHqbm`d)|7h8Iz{@}8<^sj;4x6$TLYizK$Nay&Ej=yq_-1?n4Egn2aGIkt*zjW zSyObamI`@atri*1ThDc*+Yw|Uot=j5{{X@};<_8nS@kU*WwJp9$y1j&;EJ9^1RoFV zbq!wnYck8Zm>Dwv0DIH=kRr`V@didhH)jtyq(dVC%q zu$tq}1{jwNG1h_{k1@Ktk)}6nFozgZ+O*1pfU(Uz+nbrj@}-U!jPqR%pLzCMGG|{tayGHX2TpNWxf-frqLXzqM;S!7 zCxiVfqSWEDf(2_so34$H^rI^mW6X8CpFcl4F(VsKCqA|3CB;YUMs6Uqh&Aw=mcUt{o*NK%*oP{3jpEu1m3;qjq==)t;wk z_DNiMZ!j$x9r^zN>sLvlEY^1-=2qR2m)w5$(xsusHr)07FI!d*4vGl1A#Ek}(ca!WjK8NHX}XT6bQKE>Q%NH@jO{%K zy-ZbrO+NQj)b%Bj;4GFwLdX5(9l@>75zS>jnI)WQ6tBP_pXpR*GJ3j&OF3nZ<+)wi!*SZ4pml!>uQdow-}ahBl9USPuGY_L=`}qPTm43R>xdE8I95N! zQdRp5yf<2Qp30EAGYzT-YV)~nbt_rmYq^|F_py_MNT)3h@;mEIZEdX43@oS`ObmwS zx8+Q-t8TS#% zcsE0jRn}m)kqnPKm{dPrarxJ%c;mtvT-u{Y;hj2LdrNqLI3bLWj!z!-V0`WN%eXG4 zNX(vUIR$ahiuDf$YcqYd6IYl?XwCNs!32)f#(HJt)`-hG-w(7xprWRE#d$x6d@HAa zYuw$<4Aa|^-di!{K{>@tospt}=^B=aq+3}=EbY;YgPeWj`kL`ge@>ZXSkf}sB$7wz zSeAKh_NAd2ZmeY%!ej>-9S?C{BdYk;I4`a(boORNlVg%H*Cq4wsU*eZ!n$_Y3W`5BbAIA4f1cUrx@j-BCsS{Kyb@I^92_;P@bH+JOy zm78OuYPvK1k5Y4Ua+z5Ma#a5STvf-h1NA)u*IcxQ2`KTW6`L9ke>11ZbLOudG~Xn#0L8u#8M$ z`=PO%bM8e~`0wCdQ&rLYGAwMO-xP*KUJ#TS1Gak59L%%eUkvE_eT9Vj%A-6{6R~(9 z`5kdu+J=jB98)#8H!jC9sO0lie0EM*qUrczeuGvkz zk+>{j$m$My^GJ3!eiC?FSn-91p*$1JmXJ^5IV__=@PX{T2@*TYN}}V~I%osO&hsb_h1 zWr5|ZXC>@Po1>fIlS_XrqB+YFUQvU5)KfB1z zez>oE(6oDtd-<(z%9)S%z!}d>W`g4$=ahU?_;KQY5Nm0B;akW1IEVMpnZQs7Qaum< z09w5F;J=Qqd@ti$?+tjqI8xDpf(fSOnY|Uc=l=k&L2*8;)S*j;p6%TpK&oNR2r7DF zxwt+kX|}eSkAb^ro;p!KercNxdS;hSwERBMYb^_xnuz#!wl*1BCY zP4oP_mPsRt!NV{s&*NH%)&9h@yGyu%f#;70a{GE$FXHv_V`%0LGWFq#ATZ!y`t6_& zBf!2ZywW^9tS5?Zr?}Q`?!M1&4C8Pa;{bLX15CS3e$no2r;ap!HmdX-deCPyYcku# zq)%~m6p~%84gu|sf2C>Zo*c2WlG^zs7ZJ)9LZEQo)ti$uD&E>!$|e5Mo9yt!8OBC; z9&n<&KZc`Ao5R-$r`>tFi^%cDjKAu#ct2igxf!^2Iz1*?+eFmu?zL(4IjuntBb=6O z^e46|JttGsCxuR=S}btIMnE5rYK!ZkJglvMtY|Gf+DC_sx|_yB;4amC*DLXl;l=5( z()>(rZs%gbe5EB42EfiouswaNTlX#zJZnbqr;4m^7X8Vd&Na(2F5sZ_EPGc=u3YN! zq<3i~TNesQJgSOj{D&0!rSvwp2@UQUiDFlb3iMxwn!c&1CEQP_OL1qj_rE^}&{1J? zTSRw_;rrWJV|XH$V=y2E$ge=vEM+=%jjiptNs58>9>0|V&dgWRv@f?xt7T;s%y9_8 z2r@C;k=~lR;^>ZMo@mgv*b7JoanJ#p3Fd6azPcaqlInJLkEiPPF~k*Qj1AkmpUaQd zr@YanZ4ztSJCO^@rZNLy1CE6Bq~ug(-1+VGy+X%ko94RAys=}So2Er{IxWtd8%;K| za3z_4comLRkniS|#n&vLv!3QIwH(`A^13&$%_^Um89hYd!_>J-(!?WiN-& zv@tSDr_3A>#1COnDULF^#K)*T=vcQd#v@|q02-;M+Fi?YceV*m3CSFRT=JF861nJq z4Lm)k=-0P;?y&)mC<%6SB~~OI2|Z7G z^dnGF(Vi)J;TwG-#qE|g0XZxVa4KI8YZ^_JrP4!ikQJOJ8Ng;Fb;W5X(9*`9qoUYq zxA4VlEKtMpnc6lCA3eD1{{YsmM_#$M(5_CB_HoT-z@ItB)>GRR&m?oo9ST;u<*ZOk z1W*ZBuGMuMj%%CNyh2{tY*k98{JGhJ-qfO<$WYYt8>wfwxH4FT-@9p2NCW9z--rAk zscIJY7n4MWB*roh8|Z4~8=VlQcb*-)k4(RpMuupik$`CfkTK{hu<_T9Ch%{CH2r>d zYvA`EW=N0SSH~NNr!|s`G;uz5({J@}6W#v+Y+j3KA!$o_QLYp(pv8Oc>#Lm>Ej~t< z?BzI%IRo&m;=`8bhO1J7lrUy^#!7;I z?_TxvUDP@~y^;y%C}Urnc*fSO%Dj9^(o0QFU$i4j@rz8=!=5(|4>PRb80 zqz9K#{b`+1fx`SE($`(rQu^U1k{HI{H96XThrNAQWnm4!kS7z8&9r>oeJOJyCr;;r zYQ8P8gIl_?kqI!&Rht+Dk4n>vS4~j^>B{VxDqW@ zvAT9bT$N5yaar=*)f*N%&Y+re>C9ob-gfl+-kCLSHnr3A@p~oIZV4dcyAIf`X~fQG zzo6bGxofF0xr)kIqjz7IJFqwd>s;@L^(DHFWRSeK3QD&aB>UEh*vYPjoToCz>i|KX zGJa~ed1BWwNiam<=YfoxF3e9d)nJMDND!lgk(TRRmDQ8o$AB`UlaAG-7~i8k~^L| z*GJ<200n58ecqR)%1zbdp)GJg*o}@y6_+s%DI?DBv`DUJwzpSkLa;HAa1_^B;lB*Q zBHpg8G`ofZN(Tya)czG5#xj+TLtnENw=$)hy~VPe0tO3nQO9n-V_`NLEajK~0IgHb zYffibABVKh5%_vDZDg}a9u`(Bw1R%M^Vf~6t~@oU!)b0>+BN~uah6>5`ccffol&dM z={ynQy?Wm2LuGiuj3pl{leg$f-BrSx)5b1ac5P-7>7gV*a#MH1wCrkC~$J5`!% zb0ZZ1@j(QD6(xRF$KD@W;nMN`)g8O0 z`GL;WLU$jnE^x44c$-Z+qG_1?iT)(@Thq%D&O^~YRRh{jSj z^etlDWVls$e6gJF9SHZYB=Ni3YI?QYSdGGCWADgw=qpGzOjBo-Y91S&IapcQ&Q*{; z?y7yN{{V#bYwb1K&P!{Cfmo9nTxavEYoXH$7dQ_Hu#cuuW* zHm#_O+oZ(J+ck`%(9zSe*;~!_dsKA`5Mi8qfmm`hZ7g%kapjl$o4<(Tr}M0&+A?dQ z9iFRuCHkR|EvG|)$;EoZYCu>;9F81q;R)?m7oj|e{{U404Hk3T6~bxWZGor+gEIj16I3wv=DQHP@ zKoT^JIgoqOdB0~cMygCqIpe>jOErV&X~VI6!l|`cw_u({S+~6M6qS>3M<<$bOzfv4 z?myUr_Nv!EWS`o9;n&5hJzM)9!%^Ht9;*l&MdG_`U`YP}Wasd&^mowwYoz>9@UMrw zf8ndRFSI>s(kr`ZqadpmKuF{3pT>%dO--jRr8~<-{{R-eEd=)05W^ao z7x#$3bB{{pIplt6d`|FYjjZW<{+Xx(Y_B7AQdc55#y}+X9OpIsm;Twm2H)W)#Ocxq z@2)g0Th5ctc*shWNCEV)L900^^>A@6)q1=3TB_vQvhwF;I<`HZqjFjW&Us@6? zn#N?GB8G=9#O^FlZ)#a1dC6qP!^tjwZ2c=}s~S^%3(-9B9g%I?21&2o^P7&Etd-8206zKpU0oZxn^vn&i3}u+ue(RRKiBr zUt0J-{t7$$E@^+Ym+af(FA7>M)vu3qYe_C_9wo`UgZQF8ykKLmOn0w3v~)C#^*_&Z zT+w_(@Z-h$w}iY?Yb~YimBYY^vlvA<89zZ^Lwqao0yL9C8K;Qja)ZFH7cr-JDv0Z+ zK8Mh2G#0jUNgQmmXL#rIuQu_NlFMY5QX_KY^$G0h0L^5p_fL-)z#0@j_W-W%2rFc2I9r<~TE)P7O>LOw`7lvoQ|XPK=y zwGtF^4h{|tce-DNk~wXJrZ<_01BxsMuWCAGsb}_B?5Eg~M~Ne4>ySEEKYt8bRkWIi zkY03NR3E%(1BKVF&b6bAbF`mRR~VAyY)^Qx zPaJl*hTt~toHi;gb5=-oO*da#nG*IRf`cMF{{Xr;trD;)9rmZ=NHxtJRRM*=VQw5$pyogk3n6T0J?pqlE=e@gEt90or=j43 zTScK?xkWUEQ6t=5c^F*$$CFtsy{BzmC~rjzAfkkid5}fgaG~o<}Gj%=@SFt!*<`YcnE9 z-etUmJ~7^=Qs`!S?}oKJTR)YCjz#;VWD2!BFh^~DtW7GVlmqvq4D3JT8jf+r9$9^V zr$IX1$1<+sN^^o~(cVj}Jb!6m91+ykro?_D(^hC9jS4fbLZ_&%YeduaYfFo1Eu-Aq z!(fc?4|>y;4JWcao5tG4p)QGM_M{f`aVG890DBICxy=X0_i7F}QUx)PhC$NC(D9GwrvApyrzI~~fG+&jXy!$<&iZ8Rk zNL`=~Gu+n|uk4NFipEAb&n@dgh|djZU)p+nl4`|Wm=yU(My=ltEw+zscc*E>J3XL= z+A*32nT@JVG?Nu+Jl)3%J?U(8D{Iore)9=%3L)rEy#rP=d|7*IqO96|rPLFM*?wgE zx%8}CT|x`R6GBsQ9H{G>hXZ3)*=M;|TX@N36{DnU-`LWuGZP|j1dmFdQS-CV?R-IL ztdhG3h<<;Gs@krvYi|LAPgvE?Re(L~M6IDL^Q(vw_GtGyq^q2OKKItN{6C?^sN7DM zQ-~v9Y@el3DWg+fvx869^ar!IS#8ltl2X_xfBN;$`06Fpb(>$Z$fkKRPB}Y&&L}pF zh&)f=T}w>TG;?bO&Bf))ox^VmdF1~8qWL0v;jv6AUGLjXawn;;y2`pt9tCH0+^~n-ZUhkbvahY83)pV*yr!9r;6ciBv8&kBaXDQT6tFO1nBr~2<<@IQ2(T!<$VmWm@{{T?G)9x5eAq zI;S5n3&{igiiT?x(a}X`W-gRmLXX=m)K=x)n!#xDM5-GfD-Y{aVvi=(WYnb!+M+JN z#34d(25QZmwvg;ZQ}cA=p{6ErI_2x!>WAc!6%N3pV15;^rQ6%2@XIg+=PG}@^q^K} zrA2XLBue4On4C6ip^IOJ9Wr|%c2XI_`O$;J1vv!JQOrfCM{{or+n+mg5S{WXH^h3B zmsV?G1ixgsR}5K34;bQs8A+<@jJ7KT0MbA$zo^Y05}ll|ttq@nwsA9UGI9YJ&OPV> zzuR#{l3b`#8E{T3kC~e1QcY#0Bqm11<2m;HD6k#0w<~iUkCYt9-B;G6y;E%nX%UL_ z$G@dzG&C|j8plrk#8z|`^4h!+h*UDS%0TN-Y?nj5(PW;^b$g5= zF$12ayGxxK9b)3vVy1V5lBy1WN(OZBTB~B$?@CH_NN#@ zjz&#%`cAW@yzL$1$gr;&+s-|OUpb#6*u~a${n5(=F*H`qz{uvj+V!pP{D@}d<9*D5G9;uDsRW2=x6$ z?iSwJBo8q?7y-zsylFRwJX>dXFNf@G(MU-#p7`hRCZVFPc@5kV$K~1pM4h2hx#~eT~>WOk%fRvNC<4n2p){qt?2eBUiM%LM~mJUCcy`uSx0&IsnfIUr6(jLb1Qn{8EUG4(PG04ZQ5{-(CtabN(9kCG@K6xb^dFrD zGTijNJHwVKrN=a^W4k>Ohu$^F_=ir_e2L_QH%EviIpnbw z?7A<+uMPNu&r|Sbr)rRDmRv#^2=iFrpRW`&bw^?PABL^1^(VfYO%g^FgBqR~;<^1> zK)k)v?%cu#_hn3QR~3x6DDn%B^cmJSC0QGc`qh@ao_1FmbDo2}NUV2yOphJB^W7+p z5HJAinrzYq`QibAJ$r%gRD`2#iZVMH6J&$R=)*NKT7+esuITy3Kb>r1(Ypk@AoB|W z5Nu}{H9o0s#wcziaD!+#?q~yt*An99!dp9AxuWwJ60zidHFHnWF0|bS?QQPdY6b!k z-0mu9G=u1QCZqP)kcnBDw`V8Tq=DtQfngx|rD-w9=gDIAqk ziU8|njtjMp-bl{CJCD6xmXjPYh!^b36iNd8qJTXSCADomq6B%1f~58OR~f6=+TKrT zJ;WoO+lng zMYE8qTWwOg9QvBvPYeC2CAES>21hKo{VH}tJp;k|J-3J4L_d1uV90v0uUS4A)9>ew zOXieD$}&^{MJ{r=Pd|_0)}s23r*(O#TifYyN+h)*{&pDqqe>(d3P6n9hXFD z?2b3ww@mf}pXpYa4P3~5F)l43l0wW#->?oq6`wAi?HQ3kHf_NNwFXjJ*rwVPFK4>W zO_DL}dB?4B*O6aaYZi9K=0|3b4o^w~JD*^94m()1*jo2ysyw(WzyN)PF%U)yB>mq%!_st&S3|09x^*u zbD(HZ=+l{uiy@uxGr{`M2S4$LO1HMQ@WM_$%l?#PX$T;;JAR+7Lua6m8`%rJ9zh+= zqA8Jp8S=(A4t;PcdC*wLzns=QMMRl^mUpnGM6wclMb-bWT3LhPI~; zAXkg#1Yr7Rpk;d%CM8QY5IVRgCzkqF{+@5Oi}lm3(8+Y)bmIf@Jt+Z;FNdBBsZ#7N z;KY(URvx3KMJ&bz`I|o>pblnuq_dyw<-$tmYUjN`#%noa61U6`rv%oJh#rlmMdWF( zc;J|rWGV0db6D1T$M!|o)UDolwFGd{I-k0Is;mO|GAVpX;ybIRluINoT431>N#v7W zvl41>UMt$M`x=6!f7;I<)|6vmmlMPOM7Mg3(yCoegDKBY2LiZ#65`jyI@X~SaZGJu zEWT+UF7f<7rC5!KXEvIGSqPY0wsQC!RJS^GLUnt6HRXZwWNn~=ef!mOFtO(zFR`_^ z`#f>Ri*dZ2nERr<-E&Yh*t1Gd&^_Wa%JfVq){!C2h01CnS1 z)jTJtTAOtf88?gtK8CVh^L54`j=|(DGP%k9q*_AH*6pwx1o;S0O{j2tc_Y z`c^!8zMk9MTTEh#0ZmZ^}B)&QS06x{1Gd4)!p7wRxyqNx+n)cs^mI*DS z>vZUnxebD9K<%{~8SUiXhPG^r`wBkIc8EZ!0%Zx zUB`2BkhFz>Ipe1lrH~t5C%V(yO;YiPWg%5py?poLi;4By%`(o?(d=Q2<>gbI;CB91 zivzIHb*(GIlUr%hNA|0kQv~OcpK3g5pbcv0NtndZM+^Cka(VVX)Bx`eyb<2YCAWD8 zBji7JpRV{uZAmU}EG>N5nB@UHlSpXb{2-oJixW$}hFf`|>PJ;R)!A#BzN@16j`Z3z zBTPjr9D^ar>67?X#zAArKFy@+I=ftIlYN>e3|-V?=E25)994ZE!y2cGb=0%cTtpSu zVGV#l_xcLdM&74us%iI9E%HlmZ5sjR9+GYBc(WU$*1?d3#^w0$e& z=FsQ4)V|0e*)Ww&#t$IpCbvT8J-*%@E+;nV+hh@p#^)q)*0XFS{=vDry_MLghC>>u z>iFY7N*O9Go@EBRr|X)(hwt=@I5dN9jxJeACgMVQC!RZW^sh_PrTc zHH@C6I%O{s+W!Dx%^X*b$>%sh@|>yktFZjiLFZfV zWd!4C>s+sew9PNW8t$KSBkV^^Bs;$HkJh4S6p4IK<1IQ{yM~_aHmiki_H*l9UA2sQ zuZ88+bXJQ{2tZ>CWb@NMTFj-f#Oa!*v*8VL{{U3fZRUdJFD-`Q^C%pQgWH<(uO56# z@eaGnpc69BoMG=O}}ahz9`>;4V! z?ajk#KiSaBa#v`VsMgsvqirw=h!P|B@_vkB^J{It{t>P$eB8Jtj;gHINum>dK zfQ*c9jeatRK(({bbPJ(%slEiy2`%Jce8Bb}{d)PY!}ceS!me8-O+tVcJTLI0!up?t?~yeKrPgi> zO)R+OTe_OdzSDL63hLU@9YRU0KEw*{Z?r9H=o`@j zN2RG5ZhrBl%z;fAy5EPiTRi~X$d)gB>=p@k0%1MakJ7$myVLwzr|Oacslj-SIe$Aj zR!=}POgWEXg2-9Lr|MdgtdTN_IX^4^0J3RizdD7}{f$=LRe=$wMH%UeO&K?-ljF$l zhLK|}hLwAFapx6d1Z?>PbznOVYs>sG@e=#My0qzi_E^ODjTS{Em5zA}>ru#Pt!tlV z_yfa?G<%EvM&2;Da6QAK@LxRSDdg7^ulRD_{>t^O^(gG7=pyb%wMs-uu7`%jKZtw_ z<2xH6V*0F;6?6)uji2oi+nV|Z#2zKT@dbn0YV!yzo>h`X{)5uBaSJY|0r59e(sV5c zS5FRJUcI8n8)h`yf(3|Yq4qYTL>2A{O0UC z(|#Lkntz1+K-YSm^pNQ6m@z7r866Ec`GNQU0D$MP)O6|fsb`M%+iI9qM;JZ-0MD&q z{8sT!nPsC#sIB7L!U+$&{PB7L?Z~O?ViI>Tz7{|={XI3AOn0cU&4VGqa;iulQ^kC* zrs`Lp75rsBk>agVeG1W~mMG#-Nr9A{5(iqNRU~>JhrA#E00`!-aV$Eu#pTw`jP5bL zdt_H{cj8SjGiW!LEp4g<^8hiOtiR(!Me`nH{vEg0^`vM4dDU2h$R5AasNeV?c@o}> zhn_|SO}K7ItePfLJx{^+F!*-H-D8euBUKC|-@+R94L9O(lFrXjX&1_lY}+#dg2Nx+ zD=Eau*}EJ+jr?J+c=yFW+6{F*i>yImxQhWpbo;&Qn)rd?&mH)aLeQz>{`(J87wWX?c=t8p46!f6n5`jZkMR|YeCYEfu-4-4K$DS?a4!)P6y-p)^U}I z=XT{h`rb`P`(sp|4O(gKoc`rU_eb*0dbfr=QgmGs=GIFzmPs6)&e>)Ja;Mt5p-@sh zN5+EbV!xV3`#iJARbfzYs(M$-J}uF&bhJyz43P#S3h}qXoo;<^P}DVBc7d$oDoWKZI=A zOtV}cpC{3H&T&b*ZgiyDIiC(#>3T%AcFk@Y0WcdvADDl4Bc*!O`c&Gb#1^`8!v);# zBZ+asXQvessF7AZD^vIftoSqFX20=s#kY`KvDALYraiYT*bENt{OxRG(!MzGmYMyh z<`|=q;Z-up=8dP5laPDl)2CH#OLs?Stax+7x}KQ=T*Cs$Bq31_JhA}!kJp;$yftBK zXQxl3SjdnW&_vG1g1zgeGed9yQ8FPn!UukW3@YQ zp$1C-0Gv_Gj(J7&JC6!zR#x*FZ$bnMozkfWPhdrGel@(8eAclvZ3%1Bh1L?r!?8l%(abAP}J{!NadNB^5lE^*Rbe%RlV++Wdv4(%?Y+m_#mA1sIf1x)Ge-|XQuxE zWkEQ#)7keqi{)jyIgNVy{{Z!oeGLBqgn9+`nFQB5h=b0|k~mSfIqApc zT{nn)TWa$g2;N(HRk6+2cOJPuwdp!Oh&25zB3Xmy zuK;sV8TS;SW0TZ0?=j5FCd0UbYbsfm2+gaNlH48n0|Xk@JDHPfF(YY0SnmjxumD5K zk5FsPKGf0A98%oNHL|t>vF>};>4~%3JUe?8j+$EBhsxoB9jl?HvA7E9}D_58+*0`lN$RXyY+Y{pH)w=TxGMq?c38Zp@NQQgW%g zg#)#1>6&evi5et=KwAy!>V0!lj}@#|mv(SVA3c4}YbivBOSzRSQ(VU^s~X8F@(1^; z673~K2X4kE1QX3>IK#Qs=zb=LLePbZ+e^n{6b3 z<&^@IQPAVkxqTPn7N=`^(nAWBZUB=60q!Y950xX(pT<*MDvv7+Ib|gC^r|+$+EZ&1 z-rG$wZBe!~&tAFDt!c=NXFi8Cx-PqO;``^+QaeOK9TCCvSf5(hI zb5u2rXYJQF7jVLmO5_ie4uEy1b9mIT<~q9H#Ve}Zu~!*BwUcce%W@iKe=K9KdQFo$ zhU{1EaX5f5MMHy;$sU5c==2CKZQuqrM+>+NWakx(q+(=TXntIX_-IHxV1GKYcfzI} z&UW-Z)Z;FKKh&T0YxuLJ{B-@7{u2CJ({8NpZ!ats9Y93i>h3{eLk^>yj(r7vG4PYb z<3;g2HdF2v_jyN?KPr*aBmDHQLai%odo?JY=kZ6v@OZz%+MbCtW@ME~j~~ML;eqYm zzmER^_$&A9?|3yGJK}eSY;M~7LyTJM5tZguV}k5+&N!}A?0L0gWBJGN7Mm;+$jfsb z!kox@4XSzy0quV5aHb`&bs^(`zH9IRwR`pg8 zVe^phh_d7>_B_}2Xa4{M2mQ3);zzCU+2PF*Z>}TK z(A(O|qD5EjAzZNh^IwHuxA(#5ynpcWdy8vV7q+PF8IJ+hWI5y5@%qzJv6au~UsJN% zF^)(Y*867Xh~qg29lh(3m1KxJNeM&K2l>{>BR>$ zq*k|s%7r}E4=`eKdX8$;MnxdtvlD^EYXm^tN(ss~{Q6TGR#_2T;Nv9YI2C5FG!j$} ziSqN`+O=(GNM$55W2d$%WwG5%{SW^Df^>em2CmwIG*% z6~}H*YX0TE5qO7A)bBJ~=yeDiO4ZchEJA7jORG_{42`Ed(@m4L#CV$vHUUOJqKKd zdkHM=mSx+tk;fzH&1_BK%UxdW>~HPbT{a#*MhE8hJlD$9smk;{7}L5q`@e$rULVwF z)mi?_1H@h-5MDhqk9zs5Rq*AngnU?+mXpgEmf@zsJUao+dl`N*(@4g)9a`tvp9}n6 zy3L#_#hO(F91ivDhUCN)l>te~HTG1beC2g!(KO7{D*0-vr<`MxQLJ(nUFtA8{M|)% zMOfo3q>@V00GLJlicU>z+6Wdu^wJgk3Za;76j9x8$9|%^cq}H>SjGpEq>PX_#REv& zwl>-g^eF->p~~*hL0U8GFE@&8=CiqYEdjwsVfoNLUZ=4~;PMOS^k*N-1umk?mUy%p0G=fv~>>t2)K z_qP7eyplr1u*_t1X7n@{8$AvqQdXYs?mK|XyO6oaKGltFsLx>{+Pg7UIATU=grauS z+UV`2M?4lO73^O-xjFMc3gA3fdu`$kR5qCsCKM|L7yyCK6pUO>S5nh%bjWS)q!O$x z#(Nx9izQ-f)f--UCM!wE20tVWzJiW-R(&xV2QUIeGPP8 zAJxX6f9KzXnQ%5PJw0nfXiTx<9cTM;W(yC>SOr!b0q80;(yic<8|2um2G&{)ZkdkS zM3*|{tf(S*gK)(14SO?QL2Y7|^J95kq@JRbos3RN!dh>Z7C$ylGxw{Fx{l)Z@G9>} zThpyiFq}0#9z_1k)7hbc))YWk1Czk(UUe?L0gijSb!3p7up{}^naU=Pi@R94w`@A& z=FTfa!~*5DS)^1Eswhaxa1XvHB=WBjMLpU&2;^2q`M_M}t9WP1g5g?3WI4gl8>lv3 zXV6|3@V=)N+ur@Q*lE%zZOTSs80p93UUjbNQYN!<(7@{nY?jXy7s_^8Gz$it&VdA- zKDAC;85w4}LAU|fbfCgXrgOH@&YF@;WGNmt@H2z!U0gDaJI|4D^AXhdri}Tz6?H4f zu5IIyWR8gKz9?$?o52*8N)iBkw#fa^tT_B} zs#y4mA(%;VWjlfL54oPC`&3PxP(FarCGggjCB~zvCAQgiGd_7`_Q!Aye6R5@?0S!n zHJw7kY_@YxwHPV+lP3rDtR&wfY8VE+kesbq5C(U`64th?=&GeFWy~ z?6R!FU6|a19job$8^;<}wwKz){MJ$y1PIG*Am<|=voX(UXgZ3>oJgxVgUU~>LT`XA>@tLj!4OwNKZ>yperil$AJnZ{dd z)7&&>*h#dXrqS)xyV#-n*J=BZdn(3(6im zV0Ss74lYeVYe?%05e_-e^A#n%q|rle%!SwofyPGC|CH63*m7;pK)@{14WR7`}6^SLJ{bAmKY*;KuW1xj%$I| z!@C=hoUV{8n8&`<`1up---B5YQ|xBi%i!w9U-iA*^F!EF7*R<$`2s^ z8Kv+qhBXzsFij_sZrl=jD5;cslwQ;+v+-@NmpqYA zX?JOq0E}*4Z~(__n#d14v9tnLGdm(+k4o0i<(EvFd75J`?5GFQnsz0dacdrJ$+jeJ zZl2YtE#hhH6&(`f09Yyhby9i^^{t<_n;h4Thy%D$NPA^Hy zV})N_)^k944y~e@Zlyw+bA=r5vmpo_Qv;P3LjIOA%%O}hfe8<*;d5(+wOY9dYvL<`v zj%#kl?$1=Uyt-*fe3V80@fo0TXB~0jw$Q-hJGMNNxw|^CZtZ169v!olnJ6HP>AqwG865#r0zZ3}VAwdo&u%I6GI>q{+eX%G?vg9ZnB&UxupPgZOAm)-mr;{Ynt0hGA1TKtp4F;i zP_sMx9}wJHTAd;QrI_x?9D!DD^rL5_>bi-N6=jdkWbYyN9<=OP!Rhzbz9ZChtx0Xx zCyqUb3xcBqIsB`-xRA>WTR;vDKqIv)0p}N*Wcp3qmuYt6X#;3Eu9fvGwfi*p7cy+X zU;(Ud1~-bYwGDRKAGO>|dE~a>tl7qEcf)qNhlXse?i9&k6sktha2b6KA(gyasR^{_ zcwj~e$tXD=TH|~*cXM?e+uS;fHe5mg$!7O72+q`W=~izfNL232f;x)ypA17f*w3fV zBTGqe!EiH?p8o)erUbX%9eYbvnllVBGm=$%{uIb8Z!T|2OF;1%cQJr zX6*9q`IEM5N5h^VIxV=llV{qb?g`2dY6oLGSn)Kvi<#|2iSr%V@ARx|Ysn0vNs+VE zXQ8W#5!q<4!8=@B>QLMHN}G|0=xdU^h)t}=9ED$bI01MSs2$s3G~;Sadr?SS`ubKh z+Afo*U1^?O+rc4U-{fIe^`H$sBUk?>sS8yDZ(>sK{T73sE+!KXdKMRzN0Ks$gs&HxF6>e!HSJrk07Ms7K$K3!lC8^sFoI1wE7oNYK5&U>}^&I~x|d z6!!lBXIOED#!2H9%J}<1yokopsk)jb*xp|}P$QGkZ8fPTxQoe>LW4Lx6>DO`&Uhs) zF?m%thS+avJtig;Xpjo zB(Su-Q;^%oPo+(YiWbwtX>%u&70UDd>geOt29c)CY>_Hmt9|l$BifKOj*r5ABe_d? zAet1Io>o>FZ^EMS9mb=mT`laPVo*YiFH#432|WJuMN7?6JEon3Fbc#T7QIXRUR?)D zw1Ubsy_B{;)^NNY4FGA~>lcsV+l$HV<%Z$nU}Ii!+lupl48bOq;ib6M8c(%_<13Qf z_ofCr>$f`3mXU5-bz%r{gT+UCYKstfBvh0fa5~Z}mrIS%d>ehO_>$jQx}7Jnw@t+( zToQfT`d6nt{f)%(X*16nT##D_s8K+yRI^(v1(ZW=8DpQAb*ol)(xih52HX_-&?62z zZ6*zN?^>ETpHMBnNdV5{=zl8ZwY^frCClB#=LS>qj;4X0U$6L5O;#IiM@+YoAz&6& zW9#i+qu`w==-*~!jyFsNVT@w7in=0Fv2)`#hHn$X5KAQ1sT!FlkADt?u^Ifw73cbv zr=@A1W`e|{zCP&BTvW;-8C;6r#4^c%KvvEO$K4frT~#1bQG?3;vA`5SqLz_);XCQ| z7&VhJG;y;9Mdn8A0k0Fg_O}s=-K>#N`XkmxYlgESB$y~l>v%BEWYNptfN4zE+R<+fT~Ao)o6?w zF!fzZ*4}rDLUuPn?de`^sO$E#YD#SFOePbBc2kuDt_h|G3F6HrbFLj~#xL|+sDrr& z?>OuS=lNCN1M2=R({Aq0jdC=&z%nr>g1}&L?TX2vqPDO7v#VZBd#?C`Tgl`Kvdbr^ zJ%27M(Bk-U;XPZ!cNZ2{%c|a?+Kitr!~WOn-lW+SG|ehsg}NQh)sC4P>eECIn!w^l z{`Vh^eFgB#Rn&Do2m5wAd0ahP}pvEW}-Rqi$m*P8k;f4v}jxU|m^S!$9 z?OqS!?K?Ubtx@xuWxPq=$hF^#N!;F!l_GJ3zEmkGG0C&c%9-r^x)T~cvn-HSldr_Hra04 zNy*9o04At8dLEIe$6&C>d8gb@aE%!*3hmf)+No*gE9)(rk)e?WNgXn1B2lry_=~{_ zrCeVeM#@I=5QC0AtL7gO>AHTcJ@%7nGraPth%$`%PwzpbQR`k0_&2H8cuFM`c@rqj z%!S5JAH=;!O7a~((@^mKt*YsB+n4#7mVV8X+vz}ZqtCouq3T+8w-Xy6_Lp(_&p78S zdJoFE$h2Kb(kU65J&bS{9O8kVr=<9PIJCGt#b&uGHl4iYs+N>o+*v)e@G`LDVZ-s& zeP{!svx4(P-!_sYg{F^d@x#?vC%L}VTF&wpSr-R!93O1ZWhRd5*Gir%rnMhu`zF(z zjGw^t#c+Qbq0|>h(kHiDbkZ%EQMM-vp6Bb$WaV-WSK#)qt){OU!KOifr#$6kJBRM^ z(Br**ljA9#)4}#lIZIWN;h2CnmKf?s<4_00-Z#6J;7MT|#6ctNjg`)G*QeoJe#tcN zu|*BUv&t8Aq12GyLz>bu=r`nbxBB*>duwcxMgESU0;)O@-m-iM*6-q*%e_lli%zoG z8NA|17(FpgESG+V*ghZlf#EF<%Hq#Sy0^QT0g;&$5ildCJoT>&)N~&Oc#p(3n)bV= z+S{}e`O&s8Lk!c8m`43gU0cO^rnt8-=~}d!WxcxX5{3XqzJj^W2I>AMxw@ZIzSYwD z#?gx*P%|ez7<+S1V^tJ-O|OacZAGrNe=|>pZ!}vu1LkKu9B1G8*GDUOIojUQt|If9 zg0djpBep#{ccu;}$e$YZ3!M{Ne+;Y_aLD_fMUZVVsUI#yasD3FH5sf|NP|_9+9?Q0 z+#Uk=qU5hL=zRy_kHft>#^8x2@k`5Q12m36M zgEcacm8INW8;~UXN0@kaJ;y$krKb2ZLH^#GTGMRf{?&B@%tgs#>59@axtwLG zsqr67x%hqHZF60ZL!Mn}oJFzF6>$ynZ6oY_&~iP&aq7fJ}trf4B3d zXnSJl_PQ3S4A$tS{3MC2rL0JiMq_j+8J{`H!TQupQj6HNZ3p}$ zo*ak7nq9FvYQ`FAae)~pq4()tSE)&_-GTj^3~gl-@B5@44`KLMG^NoK7+Cs4!!Y=9 zyfklhM=;zNi-JZ3cpY$@PAawzUek&%fXqn7>L!8TN zBzD%a-1Zj`Ex3vqmAnYD zm}CWH&pGFekLy+ZZSnI;@eY+QgtQGO?H5UCku}Rm0-))JUhEEkD&wr4=WRK5J&X2f z)_frc!;gu+9Mt?U`rn9k8+d};h*nW*!-Cw5uTjYMuQ2$5;N3^zCx`U;bZtV?`%%1O zFPC&lnl#Vwu^d+msqbnzb!g>$QFHMl#Gemze+X)xIMi-DIrfpM#bl3|;*{rx9r2U- z``3@b@Y`5O@0QP6Ygb{GW?YUvt9nnOIQgtyz3}73r-<2)oCq6$>T3mF_Qu^r(iEOE zxFa3EDE|N&?n|K5k2CS#jI|5xMi}kNTEyQe3ONTIb6MUSd(kA4u- zurt!M?+{$yL30#Wt7ZTz<`(`!u(e+fc!yuN6WLr%a}B!w_C>)t9Z4VOtwNJCYg-!s z01fop#@A+=(F9XOgiX7Qk8e|6)#CZ}Ju^(x<|U=xM=V9R04FxoPOx$W3)#S-4&9`f0 zk~zs04IOaM+?jNeCtDkc<$^cLvkjz=rE|AFBe}6FJTXr^I3o(V!TMBtGHN{x3!PTy z$ho+`cvP4D*i3_uaqC<>y0z@LXc2eYl1Z&%uc5~`skLcss%mgbP>3N~#I?7A>R#0O&UTDx)5T@O=-Q&W$uL4De#>Y0DgUuJ=VpxVLE~k!{>^ ztKELI!O0x|0E+yzGrVjkbw4`}gjX|fZ#$%Nq;e{g#}z!iOxwBL=#!Y=5~Pzkz!^Be zuR^r(JQ{vO1cgY$j+v@C<+-PzEb`vZsOmC{sU%_vEu1cXQO~t?R~p0?SE#nPiew{# zN8RI*K#`SsCYN&yd6Rig%0X;(HRW2Knz6e`tGl*H{cAnhtR9DxYQpLZ0^&N{acy8D2 zO(_hxBX;3|Uf1D`KE)L$yioYc^VnmktYs1p5&@r`g_1WC6mOO8qCbn6gvxlpQU^$`)zy- z&^{vQ+Tp*`V3yMU53*i>ybwp;$KVZcJsH7SAHpZ?Kkz?Y_(kz6#@`LK(JhtknR?G} z8o*U#wmB#_k%PxI@!iv(D-Z@~F`SO(v^XkL)X0fsR1C=DlacFI;)>{`ulv-API>+s z3^^>ys|%-{wT|xDI27hzFJQ>Y#&CEv6qiI;Ql4vW94HNp_4-x6^{OR}SJNPM`p|S! zMwOtS%!I)tF(S5Du1U)h%Akw&Ek;{H#4i zbIn{@e-xs_IZ#)yl9k>kONerLeK9%`<@l(K-I<}pz=^BJ+Ew2@melxOA4nH%; z<5}}`IcCr0gZ9n%F{u0@_=s=hvxe7Cy(L=>w4>*Y=ZqTo?%+8RdE;>d*P7Z4#zr88 zm&}y;Z~zPiPMBEHSRLS#yq-TQsJju= zjhWS>e6bkDeJNy3tLFv?N4Hwo)*F!=fUK<8`hPmJYVwI%Cjp`y@_NwD+HBm5P}MBf zIqc-Nw7L#Idds`Y0OSyV0bkdz{1V^xsFdv4)!CNE z-$=@=x+AXe4yS9Q4He=^kWMjz2+lj7)2)4HYbn&^P{Cu93xIe7iu;^Aw6f@Y<|S%$ zH`WOhP#ag?_#1%iYc90`FGj(B#yT;MrPD#eg`^NQLE!;$TNY0<50&Y~O1l|OdJ*Ps;LL&P@?VwT9pH5?MB z86NaWXid&{!+M0adX)08W{+Uuw;>(@y+9deKJ2 z#$C?i!TA!QNhF-c2KDLms*31mD|9CsZRNpKS1TXWIj=k~eTG{=b-WF}F0l->( zy4ahJ@ioPTjs5O(-B`=eZDC89wGGIQ z*{Xts@Ic^H)|NL8iotts&f3z%748x5W{oE-6-Xl;PCaS*=8=CLyi!^in7>ROpI=ID zHr!`NW2Vn#VQe)EZz@m$$mb;Y%{NymWwBh6q;BG*r7|rNdue79tE+B5DLrd{#Cf^3 zHtfe3``IAUXthxDb&`0B2cB~p0=%4qTZ2=!wzo+nW9H|z4mSx*(9}Ff9M)@QlNb!K z5ZjL}^!+P8L(x*=!uQRHNRHt_?geQW5zKYgnp5e`16m!+fEaYeZr#{JeHv~%Wbcn! zIc!v3x)f}*?H5V=L+g>vEKUn3807ZNd54K&)1ryzu!TY0z+7jVgLs{%!+l>kozl2a6XjE#q*aKuwuaYHg(F1sN0*Fn z26I7#tj z-A`DKONkN-MRU1I{o&g*>}d$!b0@_*R9+I+V3yih{>M6F<``U#NdAA7Uyjiyv^VOk zWl@xlzH+o;Af22ec}x?=^h?vwEJkk zwIqb(NHev)D&rf8O!2KJ!!v67ybxaEByNZOs_SF$)S7mnB@U8BpOH`Surcb@^PmvBcF}xk6T1%li=f5Ocar{ z{{Tu(2FES0T3y^CeW)11kZ=!5;;$h{SdGV?diAV;k4@9(X;%K(Sza@oV}`F7oUI7~=?>WOOFCC)BpsxbnzR&pic1mr|c%u92@t zXLoG(M56A=?~z`ut1XVNW#&ddcQW-=0Z6Kj#GIAITP%b=o>tU1btYVAo&(z@etNMPq07SB94Ip4LPijLs-x20rPI)cZGRXMzF^%5!YTr+e zDARZjamx|LD&ZcYZpIJx;$BZBwW|*zGC{{1aa|vRKF=! z{*aMai$ms8XA%MD%#mML89^AmQ^xxoh9~cB#if zUX|gMgHN-XJJP5ahF2q|J5r2w0~c45PSpO=kii><$Qc#m>=rxIYObM`uy8)@Xa>#x zn_v6$IYth!|Hbu=$1Y!WM=wb8u$t4P5mrrJ~~Dq3e zVWdEk+@z&v`MJk@epSNwVtr1=)uFyKNffLO2>Y}Nvs1+}%@mqM+H=C{LG$?K4>KNVC^wYr2KFgPHg z=buBt@Rq)sc4f9<^M^4mVf2xW18sDRyJ{)jzeEoX0B4?urfw;8s9)8ZosKDY`4=HVbVW zsH^&>r){dvph(eM!}0^zU{Eq$A4P`7IpmHs6$%w6w%xFpHdw3}&h> z!Z|5)rk_-6@0@(QNCe{<^scW>2#jNq*;sTqp~~QT9mbL6X|agJ(o6Tb9YLy5PZf=< z$jC(MK2QfkQU{a4ewv=ECAHcIb$^{ybRP9Lh%_4*V@9!Dw>^4LZFF%lH<1Hdi)3dk zcQ>YeDi|VvI6>xl?a2qG2c=X@jV0CP`xN#OsXP&oGDTg}W18j#bRK6J2OQSIIjgDl zi>sI;5L_xpA>eVJt#%Pg%-5&mw0zDr^fGxB>N6b`>-qnNSjeGkh z>rbS!6A z72`2QWmQwp(yiY`9QNRta-{VGB$@Tp2`%s2uwvePY?w}47 z4b++fdn<)52?qzhD!#R*$$IcjYDk%WUOheQ06hmqh8-)zQMK*2`fr>5xknp)Dm9F1 z61Sgow%yMIAFTj+$Bi`W{RdBy=E6w4=}E&M`DQcJis3D+^|ThoTerQJdds;93R|uS z{*(^q(FanI;Iy>V%wV)C5flM|UUjN!F1Kx`vjexCnd1}=#s#&+P~J3BC(Di0O%$`- z60E;v&N|RG^s)5c!v6pfcsIko6V)^;yIAA7o*4^BS8-+|<>#p9HS?|f@!o2hh3s~1 zYqg9~$-5=j*N)lG6cX6mKN0<&?Au647{D#wr@hp#t;|hzG({Vj!k*L!*S5H}O&e33 z#)dMX%!J_fAK_efiKh<{YcM3Pe!|Q)mFFK{(ttbL%>Zd6+Qll%W`vhvoO@PX_OA|$ zVAq~r>vcHX2k}<%MlyPydE#A3d{4STJ;ai1$KE3!O5^NwE3HBci=0Q856T?!PfjVc zX%tbC;9Kql`LCQDe_HOWZ2r}!8J});5{f#SNm!$mi%pgdL7CMW7Y7@M7~)5Y*%e>Q+@K$B^%F+s z3|e!~CId4$Asg* zy^*y@?NS8iY=<6ZI|^LJv55zcG(9K7ZDS>k^}eLd7XJXV#y`|He(BGpaC#NBtdLz8 z;K-4PW1fdR(rmjN$HadR9V5clw^}v5)zsqPwZvfW{oV!$&nJ?9D)qmG15UBl$*x}S#jsn)JdmO!v634-%?Ojp{{Z12({+7r zU?EZy(*y^Quu0pV_fqO7X`SbO&P$cl55#-p2jlT`_PL zCCE+&KAxtSn=a@w-oWi|dSv^>O0mxw;<^oM%hRHgB)a=G&NHw9k?%n-a#XcVS4f87 zm-&Vy$oYY8!026Dec%e+JJ zWi)6mE-h?~_h?U+fR4VTS8br_`k#uS8ivxNh{(z2Mz^nVp;T27$acDv^V zQp@+p&5oSb=CR^!F8jm!mVnmr-B?^M!kt1cbDz?n(~$8G0$#U;d}$7!qh3cXytf}{ z^6{5kW2d*ZeKGM9#uq*_x3`%6hRvgGh9IXTW4!|8JRWOZCieO$E+mLubVMD^Q@!x~ zC8jWh+@Rwp992cwlLk1iVvVEP@ML3dKJ{>y9}c`zsWzo~rdZxijOS{G#s`1uYednk zZP42A<&DLa{8kc5WVnR}?YZmdYpK_wT~+ODCB7B`SnL3Ra(E`2k`rjrm%_1K>C$NW zZmH+$7$nZ%0e~}}JMmp_f;4NJOK}rBT`G^?kZ=xotelLE?L)#kb)-#q83>v4S~VC_ z*~ll~HI<@jcCc&KcWU<6GQ}dfOasV2{c4-^H0HXouj3yK>0c83Q#P%yq(9S5k;$3b{YsQh;c(QqK{@AC@%5Fs%!6zJN{431m_*>!s01DkrJ&vDl zWXTb_o;K&O?Lw7}B60pANv!Ym_;lIQ;`#XzoafwTr`3D`q4<--+P?C#zs|`qPp$Q$BOjueFa4+MN#DSiXHYz8Vn!04$jG74#?emWiZ%HMrLWj-_+r z6xvb{qhVb0p82VjB3mh4d`HlKvh;=3^x2_}qW$bhIFUQ?>s>Q=!@(M#gG_!ERMO{& zl|LvPpGxPHY)PT;ZpOpJ@@i+qx54I$?PEt&$Pwcwj^?qxJa}WnehjzKd_!v*hq#^N zNgY7Q2h+7oYFk01cuZ2->o-u}Tyc-N<(^6RuT)zZTSP6WL}Ii;3bsD;4o5$Q9M=mj zhF!*|4YiWZZvc4k8;+*A3AHP~5?|Xvr>vHcNJivwoR0abi?CSqI1>8DexGP9mjlZ# zgYT_V@gAKOpN1~4Z*C#Bx(8%x>&%(-9@VOmEgp05{{TmyRldBsy1loxwMI~~I~)>w zdslbjts_bP%S*jMzTVKu=0JR6z?#jq z_Oqy)czlOgqFz;x(>xz~3zWJWT7QkL{7ZMM-Dz>hd8Q;e^9ktZgU7cOlX3Az_rqEx z{8QVA3$ay5@x9l#KK}sLikqm*>oSHCsT{?NMb#orO= zJ|6LX_3V12_RMgN5RVa&&)2SNmC(Gd&D@dY9u)ndHR}oVOI>3|x4zNgh^+S!03IXQ z?LBMU{4L_kEq3vgsc$rb4+E`SDRR9GCXBBZ>iFAhwJqHk{a@JEj_Y!2u}^0ajwvFO zIehdL(+PAjS`?eZ)|ZZsmhnk0LomlLj@2%`q(rw+PitcptkVM=P{uF@2T#(pv7}@> z#2*X%f1!9R_@2v3f>@jeRcSjO`0H5y2y4kaO{UmtSF>AblMR<$yte-Kf2Bi@Vvl3+ z{nnYGOL=h=@Z9-Qkgq2Jx$j=nt=mbiczVv_;uzpokAzM)4_s1~n+ddh<)wII>>e+M z=4f3l(MgU;3CKC}W600ye>(I13*p|LVo2GY=8)!A#s}d^S4Pgr^^1)k!nz-a8p1n0v+OOr zE*Q6|K9%#PudUo!$O1^Ro^iBv=CzEjXDXc!Nbq*Q6It9(twan6g`)4gj>ph-uN?7~ zt8J-xm})w0v@o=bw`voC^ra{eq>ih@9xT@MD=X=3TglW46^*~U_?n@6<9KxoyBqCV z>fz=+HJ*zug(C<(pJTluz8+V~J9SCNP;T>;LONIc8Wo&z#*QVNd1(wj} zJ@Re}6B*r3Ep-RxaaxXtq{#OcSFok5k%G}3ncUUpi=oVyNVbvr(1zr61DZ}+*yNOz z&r^rO_fu)i!r9}DAta8CUPT{*HCEIecX`{104OI1wtq_25+zvr`@vrYEG{%Kb<5ao z7E5yMkqo}|>%b?OTQBPz+9Lm0zzxYa#(&pK1AiICMkCT|NYK&Tx@=8Horvqu}RRfk$MxFJ6 z)~wRX;nFxy$@TWGZ^QaNf#LmGCuElDbzll-Xbb6z(J~f{tK(fFJxD`yZXI?OD<4n+ z=D95*!L9e*EC`2ywBS}JK8WwoE$ z1;a{TJdxA#sqW=NpR=MPlYx#0<3f;!OQqXEWNu`IOhr#o-nnS?%Qv1qJOxgm5HcA1 z)e8L%-89Fuw#L+wc2#9@)7G=r*;ZCA8HWd+)EPH(e%D-z-gJk|T#N?ey<~WYUV*QS z;$n_IYyphYdkdA9^le5vluL<$nk751f0cCb+-W-QpK^5jXp6g`Jc$yH1~5nA zL7OaC>WMxk^V`Zt!>)N?JwdKF#g}$xRbr8(Z6t@c-Co(OWHa}x#rK-;!C#1;6!EWw zZ=_4THsv)NIbu(iamUI&m_L<&Wq-5x#!Vykx&4~_JMm7+^3LN~TX^kt2%=+^kPWAI zeB{@+Qdf!Vb7*}Z@Q=hp!@8R2_g-SGq(%WhD8+pX<8KK;;*ASZ)24wP-Zt5uGT1og zxY^HC{!jk^;H#gr5B9HwHE)TwsV%3C^eNga_@o7v;@^;u$DkPetNC-+Ed`y?vv`sl znB!Mu#xM_mPSv@^IUJifA*K1ragC2fp z@Olt?4#d~=g{Z(cypE*?O0xPMm6b?@;&}f6i!_-v3mGG1S9n;wc|Apbdwg~HXAPaA zYW77utG&!)AHg#9&!%{;NodYVN1^z)`*QpVw)m^?#q~DOH0gB6dzjpLj{Qx0J;)h{_dUco?mt=4b58Nnw`VkgNQ--O{T0)1BFckq=Du zHMxZ2)N3$|d5qlWg{4*dOaP05imi|SwOkRA4dso)A~bC##XmEzK~sr>M;ucl$^0#h zb6S-LsO41IBtW`n7|&`KFw4OXpl2AVM_o2uwUn-2P`vxs*?+K)?FFd(2l(%$OM7>3 zr1%3>yox)}jkj|GHnHqUJ*i3uOl5QX+4v{%4@U7TX}b22sKs%h>bB{D8N$Ul9dX+| ze;;c5cFs?<*{dp_H~^2HwZ&B$LD`3q_GqAy)J-f!vAF&8BMhhN2_KDr7k}_w57-(0 z4SY_t`1|n7!*^F+5%Cqz+h;Hk1+<5k1a#n>lZ*g4{A=s77b!V2%ddv+eGPAJ_ZDJkgAlmy!&O*p-L4Omspjw- zC!nvWi?QR>q13+iGKLc?Z8^tYwVQbIv34R|!1X=NY`l!48yVK#dq`bGm|jm92E8js z*4gxnyDQsYm5{1{Mi0F*(T!s)5lV`{Y(s*+m8E&*US7p@Zqg)6fa9_HR?1f!M|a|% z75IMZ!!hXg(nBQc7#ke{JG+qGYv;45UCVgUD3{CV7y8p^M^~m@J(<|ZWZ&|hITdp0 zCt~_-tnwssVC_~Qv8m)kOtazLD(b_|7Y0{su=T+7t2&gaWaA@alZ;hZmXAKyFJzU1 zsVw85$5Bv?W3q4OmX#;0l@L+?S4DeIQe&h}CauJ&AD3~}pQ+D@2@q6M^MNMn7j z0mjmMpKi3tJjY&=;^<#}j^!9aI0WN&IKZwJ%4?;R86nxvJZCiS2dHR95RlI%!oj)| z#coS`{h2&>a6D-0!MbrmkRDsD!rG6BZnZ0^5$%A5j8#tnLPo{eZFdy%(hc^Lct)udlTBXdvi^inW*Bf^qS)Lt|1Tz`+B zQoEYZOPx`z?Uw;a_F-_&i2@KdcCcAAa?e!wC!7}*-a7Q&`QDgj9 zpxWt;r%MAzc_izX>H-m;@E@IP=(>iTbR)HrNK$11a7X}q)h0ehdF9>D*|nRsbWoef z4jVhU=~oNhO&cseWQ(2!Q`Al@>Ga!csjVZlxM@_W0|csju~`?pKx zK1v=zTxaR)R|HdzhiQMJ=-1w2$Rjeu3dghpL8ocbjVnu%Cq;Jyj>O`&B#%nh?zIF8 zEai`{nhNr`t+9ErOr&jy924nT)Gi3;d_z3<%>h|P6OO$>tQ|{4k_|3xMPo9A89PT) z=~)|eH2gEJSld~FBw-~a0=*4vUfk&6!of6eBl4--eQCuLE0=AqG{~(PoGV064r={a8D|k#~08ia-TIMA2V_DyMcNT^yw*pS=kUP;SbTx!d zyTmeR{w}n&NG!mzWhe>fY38|jbW4kHxS1qK_`x4|eJT#9qY~@FwsA=%<*lS~nOl1u zz5VOZd^xAs{ek3}Qbt4b0n`k2{VF9c!xH1g@Oe_{`fyvBmz{&sv9aQ9P=gkn6U&X5 zE1pg=dVUp{I9%a$`Qy6OU}i!ljm}405P7Z782H+K_DQlUR*5#Q1`B(idUVNj?0I5% z%TyYScS@ruLvP1kYhK%1*Zf7|2yLGC&WRklq-lYJ>&`2t8kx#AK9kTidnH(6y@8~- z3y|PAZZ=zgFb!3XS4JPmh8E;zAyYc<(*HOuM>*pBu?#2o2QOwHF#hYG_ zQZgAyn=>-EBr9k6R>y_3%{VLz zsW85iX(dU=!5`hO-qH(kZdOG*PCEDc&?6hfdVCXHTElN{!AgY% z2N~~PjSZ#kpM{~*BaFpy5^PQ5x4lm>T&^i$Yhb$IC2zw*9)jyp}J_s3?%0?5?*~hE^RE-D2gb*h%Y9jv7Rk5 z`Qe^O-2;V>aQoTxsOKpoxw^K|=e1>MaWey)9&=uCH-~MltnMebRs~0XrjqW;ljwQu zyBW$9_rb1dpU2dnZ8%+}K&e+DYF#%); z?)B|J?s=`2mn5@ibh1AzU5-yRpt@YbV89*^1deIgzi4$o+1C=Sx&aB5SKB)UEAWAdCCJ26OeQ-WIWaCs??>l5M$gyIA02 zsC*#MX?%E~$X zYDgs1uQd7Cw09vFWATiirAQoZnPYoxJ?h>@u?^?T1NfKU-jh;}7;NRfyN%T$QrvZ* z46Cg=Jx0}Jw3VYQfPllC)}MuLhliY9YD!w!MhXLr&}g7)Ui?9}`&9Dj@l4n)#xg*v zmsc8#+gobW$2!G34WZ64>p@(-3%V3KRsN?P&D#F$Uv@g-g?iI!T79w=R@=@;wFYup zo`2#AtuIC0`%fP9QoL7^#XZcke(6R=eR@-{je{H7X>;9OkDW$O9R3w+O1^{0++$c< z`^0986V0uPR}nq@zF2fN=OE|5;az5#;fXHbQyj@0QLxAd1&5%dQav}r*4u6GEkHtp z0D=ZVuQ&0YlX-TR5yl$|O0duH&}|)$89IgJGNcl#v&48DmNndY`nI7Rk!d7>epV?U zCnM9^mzd8$o=Yt^Op5AuiKLNEb|0EP+}Ds?#$>pTTV5N@2PdiKmoOf|adP&$4a}3H z37Q}Vc>HV1?R-Hcx6G>O(Vv%`nxH7(w7SyF&dk#}-dh}s?*1LvgEaBJqL7%z;k~+% z*i^WI?bg02(o{nQ-OM6JBn+Ootqohvyt0LDTVyg1k^5&oY1juYlRlMeAKKH-X%G}- zIR?Bt#=3RZovY2LX)sUaNUC3RHcH=FSIR}o0s#wPGN=#}5WsXLE@8M8tqH49IKWc{RNW(=N2g>oyWO%0P z@5L9f=`hG{V&10(h}-#4YSHOd_xD;RpQqTz6mna@GORj|IurO*(fIP~#0{s~UX-;+ z)T)5_40F`bPbP)y>Fk3G7QD52v6Ud_pGsSM32rT3HDkF!CyulcC1cLNvo0akC%e0r z>OkKrsW?&e6)vk{>uT+8NX7xr7&H=eUJboZBT&R_ssYykkPdz7)CQTy+iDk*>Q;$$B$Fbx27iXVS5LBQ(!wy(vZ*Hnr5v3C=2Vh3 zwb6~($AEE>(xaW0<|UN^$Pda+YFZJ{>5xDk6eW@~h0bfxTTZe26s!zJ+dD~M0m-BX zNuydq&_X0J2xH^t=)$WR+m3?7sc@6f@rl(H0sbH~hj@mbo2pvFb}I1;Mi zPB`RHIQgBnneh(uPtoJkpH55N(`U|azKf2XdQ>*LxYREumPq%8845>g3N|fm{5-b$ zmGL&Vx`tGR$IT$``B$HKgTz+TL2$NVWK;!90mw8DmDu1dH6OHGNBgCMA@`0t*F`3o zW%h-h(&1+$ec%Wj{b|M6ld$mA8djPv1h)3_2@tDgLBT!#wIr7IqB1Sje4uy=F^{ci zrUotKu~`IZl{aq5Be&MMhrKi3+bx`=6DB3w#sxV_z;@R9(`oV{NF}xy3-Y82{ zdDqPISnj}5NIux2GPoWisA?CI-%WRQ9^{qA%<-K4Yv{iWSY7LW8;JyF-e@2!aNl@! z{e$;aR*0qx;Ci)&A{B+AM$l^hX7 z-XguyY$3FX1lI++6VYe_Sg)_7Q7WTsJf3;3x*bnYNZ?CrVRbG*37(Vzui~gKpzwC1 zBH6rp;Xu)O2ZU~V`u4Az6y8i6%_N_Au?}<3y<+49hDA8w24B*yAxU=p%5#C7(agYn zaD>z&A$IK?IYt;q?1*SDQs;CW=UIVRk;q)?kn-las-G`qoE+wOMrep2G_k4p(h7fc6b%#WHCA5WRS zHS@H3mbY>e8`p?LTQWwu!<_Mo+>Tzyai@5G=I2kE?IV`fSl=66epVj2tbrVs-)pts zvTS5yr2~q#hCuMta4KC%a%A7h+tE+GboMv)I&+tGc^HkO2kz9#>QP4S;@?rd6CuKb zl^FD?u4a8gRelKo^e3iHb6zE^>NlP!wbm^3dvua( ze5?XhAziVYk7`1cPmQ$!s9Wl@$En#19YSo0aB#{&z#jc;xw80Yd#e4LOnpjgh#no{ z1!7s)jPiSZC*JX*(C5q{OT(>!HoL7?R{wlS!zMD=+E|G-tLdAM<)S3Y8qq~z(h=G|c zyMOwsI4z}yIhG*MvHs}6H8On%bAq|ESv4lM)o!PfC0xn5jxp{d$!a!=yCerqTDZ zIWiYC5<28@T!yo9+KuRv z3wcnkW62%I^65{LpxkUTNs{K;6-m}qc5j!HoaVjz!MY^nqq;95z+_$7{v+>MxRGO_ z@wbaSC*kYMO&?NwOOLif+tC;unK;IJ179|HrpNmiQL?@8<-N#;SqN~gk{7Wil8IJl zd+_VUwi9cX`ewBi&y<8bt+e1RH^#bFnR#__tHmI)(jsDBGC>3%Uj3_R=xmYaP!9%4 zqR)3}C4^HcV23C7zlUnU()<~zYGsTT@JnV6>BuLQ_Wde_C?7}ZJ|5D3$0eQR*nyG- zWmM-ZamOE8@?RNv&q(mTq?!e+X7X4-=VsrS{{RV~=ahOg>CcCLBE7TFZlsRME!zGN zr+RX$>}%LO72?P&bupxC+EvBP*Vy+*F;HU->GkLJtfje8k3-CUDfphpz*euV&1kpi z(uML>fMv-X{W-4>wD^zWJ!@Atw;D`x=+Z=XK&^ur?UGFis~bj{(D=K?{uS_-hu2rr z^qJ(>poEztDn4mjI4XUs=M6r86L^x&d38(a?w;WogBietHckh)%~hB<85(!P-EMtu z2%Axt?14k&Q=Eg(;&WeCMQIhchc2|{Ho`G#V+|r~97e7S#Te|d3tra1di zT=^`c7+*v0#ZZsKI=$ME1IGzHa>~?6@2!ZzM_F62^)t<{J-_b z9G0(m@ehRJ__62MYhFxn0AooC4X~VXvGH+X*@S-6YNJPW6!QNS*DSYseusTSArN;Z-%1P{{Z1FhC>`5*_%kg z$UBdvQe6=;i@EK(h_%wCihHp3%2$2~!C~!Qd3CD4#H~g24I0wweW|$$6SZ=2f_-af z!>KkaUie4E{tdCZ((f#9h8HB17?HXGTtoP-dwo3EYjzW=sM@UU$!vC~%ExZUd+@hi zwbdRQM36$^fx$SyCl%>mv~>O&@UDTPXqNIptLu}nXK19$Mx96?dQ(fFH1<4C!@fS7 z!@eDRPY=g%k24cIs0$Y9{sy=o5O~*Hy^-bBE-oG03W~}{%UURR4pYxH9eVv1MS^({ zGh~7NYux?==|e`;H7^$UiAJNOC{n;4BP8SI8R^o8O$*S`@yCrc{WrxCOX29mR+jf6 z`TMQ@b6sw!@gK%t5j-|LJ*!RS>6Y?&(U?>MSJ0eiALCQ(fk~c4{gk?Wl)(_rhvrtt zPimp3>sqb6v3VB;D5H~h0m1qjnL#Z9$m#VhLsZqt)GqFBB=X5IAYuaX`qc#2^-1Nk zid##W7~w+^_kOjLhhr{gdk=-?L4R)vxv=WWQmX`#o%t96!zT6g|)7 znl9GkQyJn9h!9OA-Wbz$Xmvd{93cPI91q5gL&P@v zYA@N97G&gP;1gIzF8Y>pJ|gi~+UzEpc5vl*3V8f0%Ps99oy3d2MPhoK^{%=`FLTuV zJ)=zeRq!ODZNLY=)AFuUN$`EtI=r`5bm>*!i11Z%?+0)q{B;IQ|tF9V?CTbn`spY%MazoCW*9 zdR9|IjJusD!`*jF(yeX`_L5wZK~1l;=C?2JX4GyT_WN-|&_7ijxvcDHs@Wca;cIJK zcs%ECpRNetito(UR$5$|tk6SWkTj^G|_wyu#@$#lVY{COk$HGAwcGWZh9_@f6Vc?Nns=-D=*E#=O2}MuZ(83I^33R7`3!=Ol6y>t)a24 zGv@Cdc$UY*xBmcPun|und`REIze7;yb`ki_VRb#UY*zC;5DOUvbKBA&qn9fJd`X-?N0BV}dZ$CLak5k^gHrXIc zm|}SoX&^Tosjhx&Jq)KObEUh}-cKmPPTrXu4l07_x_q*~+azUdedQg08qzW|D&Ok5 zN=`KB?HRH#(ldS0it=w7>$2(hQ&`yLl0X#}K6m@o7OAnm0n=x=zFFiF?_x3>@VKv0 z)#kZYD{i~lPh8*w?^(_CE0kzuZ2P5I zGm+Y|lzJL-Bl=m`!X|`PTVk-hF9~u7HUkH37;>#<0tw%|kOBFh(>@J z0o}>u)+CyAu*y}@cIT3`8b((i6f%9GU0zM!-6wF?@FTbMaR|)ULF9+f7nA=h_0tbpgis+>XbdzP0|8KMQ^=_-EtC!yf{C zSn!nb-DukGogL70Ab}}SxEy!>pw!KKrt)i+<=s{X2w4X!klc2!nm#7@PJ7)l{?;h> zi7_G^46Awy9A?w&fe=+kyi7)j1|sLWLWDW9?fQR7lN|Ip?=h zsL6xLBd0X$h#-&Vh2AU$ETrz|zA2-c!nEk_5-{or93G_Otv2dKfl>UXF2E=m?~b*v zE|w9Tzi2lK%rS((IN;QA=UOX`&e6N#KawUnX7# z1C?>eAbRG5rW>EuC;So%_No5>g^Tdw%fVhW))hQmrV=I&c5EXeKhFRkt$$Dc4c8{Q z(=-;@61$GpJfirzNhW!(^+2 z8tyBU&rnFOqkIXjTU^AEd4_1R4$=nUUOsC_o|2biwi_O=BoW+9U1LmRk&bJ&(PgpG zmc^XHk*EaZ3@Fc~e6(muv!Oi?j6Z0v9$)L;C~YUhR;>2#AyYJeD>i*G(;2GX2=Pv< z;LH06wE-GNLZcE6=RL`@VsY;)^hK&5lRuKE$`SJQcj9x=OU#s)fjeidUy^KZn~w|40uKQ=<+6{KZt4nAAG z1=KX(C0ZyEkq512>GE7z&SJV&2>(3IaI2GoE4{L}gxFjl zhAG+5qJnxKTG|pONb*^HJ*YuK{81GEgyh9zO%x!BVQQTxOBxj+d2c&6wjfCmv-MHmLIR^w9@qZKRO?RtLaR86V zLxjQ3>OgZ*YH-he6fP7_K_5!>eH%cwh8Qor$lV*B4sd7^M@Or)R+h!#K#r-{@N3KL z{86YZw2XJ*gucyKq#W6)R#8W`N0c7{PWHUsqI_Og;rvlMtSt0EK&PK)t$(6 zk;3GSpjT@neY(yNSg!mMSblU9CYFaR*EX^0WxVa`pDzQZJ!;L(%vW)P5g|o88C_u+Am!aR^ z3%eCA>I%xs$25vOt6%Wfk*(dml1jGB#fc!0f6glJhV?63E4S03jikF`5M!=uNIMzK z+|x8i)9-aBd9FOI%_$Ndg!UD4`$o>{((O_xWWd_nzl8f%iJ7!e(=`cf?HUD*U8OkO zI|`Rux{pk;wpj^zn?ES;>6*%0nn1;d`YCNAl2F_C@%|O)+E^qb8eN)Zi@GJeNJZO%r0DKu>fbTg&Y?&6N&W+3%A&)pu?=U>}8o%X5Z86~&3!Qn|6`qphS z&uI8#qFdRe!d^m*jMiNNBV>TLA1LYV zT^^U=`yU3&9=Z0m6V3aQ4?BAL_dBbiGO>iB&usA5i!}MSdBi?<_J-eU%T^e`Vq%Yl#%JTmO4GNDx8swkypw?Y~ycroj}f-WH1+QsxiYi zx$Rn)mO6#BP4?wBvbW5j_N6U^k<|ERB$5c=cQfwC-#txgUt4L?-3S`qKbIWi_=RL@ zmqMHlAi9xPI8)9}c&2M|OFoqM8hb*rD*)S%RnMpAO)_O24->tDL38G|CCMis^r`g8 zlGfvWz+_@TIq8b7Q#*7!R(p*}C zv7-P;9V@xhHr_=i?)J1_Hv{h)Olk$Dw3ATNu9poP9EID#6@#YhBTkrD>PYCNPtJM+ zO|qhTr-!c%jOfXHCDP?wvVp<>06f<#;yo(UR~KxUy*gYNVRF68%ZR@@gW(( zJxA+I4|mmc{UX-#<`|?&V~7&0#ASvnl+*3kR*Lm4;9H21hVzVpO+;+dz3|Pn)@a#V zTfxp0VB)x~Q^QvmI3(uX2+nxowB-(FRGdlWWGeC!M_wpVxSY(m{4cA^4xuYx zY3#$0bCd5$VQFor!m%nN$Xw;WyIMvzAg!s+%WWiNbUg^`T-Vxju~~L00ALE48A)n% zHddKIBun$2a8F9~FAiP3yr{COoDPI_sbhmWi))|k+0EL=yfbfPJsaA*)*lyLYThr^ zElspbXw1Zpn-8Wxl}Xb~uD&0#xz|41IFdNQ!#2^#&2}C!z0kDH7S?-Xy5zRSL4)$~ z$*7gyhKG;Oc_yNT7&1iMZT6|gnyCWF0eN%4ZUrR)9W0vC-09QV&SM`Si)rWeuRLpL z1@lDexC8)mS|kSCHe%LC5qXWA2IHk~+Ub^X{gO*LrCXxmOFQBhI*W|Wo*3N5j zKHyG&x@kErg#3>p@fH33rQNQD4xZ3y%ZVC8j5BA_sNKsfcQ)%3!bJm<=~>D`y^Gq7 zg4(5}RkgeVrd3fFE&Ob86Q2 zdX3%vwX{Bc%L4K!!EAcf$H*DbTP)W8Wx!MFYURXjd1hE7h=-{HwK3*rN#WlFyt)~@ zjc5BjiUz3q`s8xigd1E39Y0zNJ#xnLPS*5?5yt5` zJ5{%EM|$I>@cryh=EjT^G1}hL0kfg#v)oJei;a(lz&?al^jhTlMzL&$c=$U&BOn?K zWR82p`tT0kREY8h2j#9MwM&U-Bg~cJEuDn)G!k}JvZkAFE~LTZmu3K8dg65(yM10s zW%)w!$8lDr&8Pq?^2}k6-l-gX%}qYS&KS^KIAvx4dUIVZ_K9nw1${WhJglJP4Cg(lHi}&j zD%UQrWoyfg(Z!B7s^G11mJvHaFmhShiTo%Tep^dci6gd25?m6UwhZ%T&2qWSR7i{fipEw5*`uxR6UNnB%N0l@m#oM=8O*YqoS zygV-2^4V0Vb{HkSYNH_)b$x$Zzn;(c(t`*94DpXo=U#*1rPH;29^wsBH5U(_bMqr( zf<0=$!kMFm5FEz`X zr#D($(e1>Wz`#D(sFb?_>UR3Px~G`Q4A!doR!J9@^#;7R#r_qwS?7WhA-HAF$}xlK zSq$@}&|WA?hTkrB@;MbYr=&HVlv2R4$jjBU(A7pa5kkh^_IU#+8%_r7^sb`gNuN=; zg2fd)&z3dY##)~(fR*m&iU;uB&8L;*F$~)<&(k?>_03*sF+xznO>9fnna<$krs z>N2*6dnMhvL>YPs7lBE};AmQSiOGWU76I{}l<+<3)t09{^p3K-J2MhE#%mU=H0*7| zrr#>fa_+1TY}c3gg8NV!yfN%MLt`)KDH?N{dH}>gJHL(P)bT)OR(U^%jDRWne3qmk zkv2>Z0QJwU25pdE$8~u*GdY)Wz!R-*z3|G=#WD(K{3M?Ut013XFQk4vAVLx!G=%0 zZiN%qZ~SSkKAR4cBU*ilK;T57fdhlMb6#V8b9r?lt)yYgHXcvz3Qdgbpq|F!$LyCm z+%PaW$*vz(WwJ-Nw{px$BX?@b`hjb}+H~60*0rZyO%=S6TN|5p-OS87p!7T%w72&< zZLEuNZduiibIBsKk^#1tFLI3}XnE%z^paj&h(vLqn(3cw0(epDSsTTkQ}Hl0>^gip zyzH7}Qt=)-x3TrEFIe$So{?qe>6Z5wF_j7xN6owZC>i9QKhk0GUF1F?hIflvK3cF; z#>E)q`_`md&Z``@a%t`@ZlX}0U?gw`Gsk*BbdhOydcBdlha&1iQ)?bwhoJYaR!tjN z(DZvLXAf_1=MJ4h9{oCZrUg6IxzZjR;X49w_#>h9t_8H1sq&l@;kYvhB#%9c1A}4d(vnO=qwWM3-*%T1IwM;mv(XK`B#77 zX|3;kJE=!K#4q+1Me+dRQJfw6QxL zWYOo6J3bMl?pwKDI#5}&ABMG*)1LQ8vpS2$p|&Fc$MEZ1H;Q%bcl$2Qt?i<;mIpt( zkPcY-k^Xq4s2p~q;@v{SOcyqqY&X};-!i@rPfXW~c#?fbT=5p2;%ggqx{1of@#l!p zcOHZqW3k!UYu6j~c&?y}GDah3BO5Y$=hu(coYwa7+9#C=1ClT~W9vZ@fzQk1TjAkL z`+L0}7K#}@M^z?G`5*(wxUGcnwXcc%EvE_XWr{n64*Qn@j&p(Z;)6a@&o8_^qIery zZ5A7ryta}*FfW!!Rv_eL-p?=`!-{eJfr;1;%k9H9p|+&yR`ntLE!Q0Lq>^M^@+S~rOySOo51OJ zh9*TkH~3brg{ZPwYC4llj}!n(1N_IXF^bDnUn)F1P|>b58~s;VxztltTbW+wFE8&# zhxk7V=>8nuzld$zS*-9}A!hPO8LjFO$w6&s2F01EFdr83EGiDae^EPoC? zImKbl?i|eJJZs`DV$;L=mYbuzwzEvik}z$#QPfw?x*nrvrd+wYvlr~nL!+KaJ@Z;c z^(6Wi;g;Q3?Xc;EBWT80Hv})Xde_ue{xFYE7CL40EgWkeH|+o*t(1WC&k<_&o+;Ju zHEVlqq+&56FEVWy&U@FL>KarrT~Bqf#F79oqk;HU45-?5$B?JXjgd%Tq;d^<--qRz zKM&7pbx6kP1NmEU!;El!IW(oPk380VHDh_H1iOw4_9`|P8;YN)r&#Fjv%S8pG*1#f z*oL;RZ*25+3!;LSHkz#UK)!?)#H|X=`gZ8oSgg7 zV^imCSHK=6@Yjpj{{Un=Xwx|YMNgGJqw8MHqd4&CwtKlFdvo`c4nGlDNt&xOn()r2 zuWP;{)Zx>7sV(C_KGi#yxWzM3@MPN6^~Lt9y5Ccabb!CiCL<&Qed=y0K?&iX+8@N4 z4vDMyb5YSOCr4I_2Y1hsRQ$L;_3r-w2Yh9D;@=2rUM9RjYjY!2KAccz zYZ$&f{?GBon|CGFq{z@P*cAQd4T8VUxUUZBlWCTh4jO5Zn*(tlFR(v_Fy^tv__km8 zNacb9z7->Df$iS4VzxRCpJ{Wav~muTuT7v(-(n>*(mV?=*Iwf4(@rYz519$c1N+}j zYfr?wUaRF=T}^Hxjmr)X7|&X+ZA^|gP0&8Wd2w^)ndNcR40(Ryjax*%n&voUwwiZu zpUlR83W-6mHna^nvz_jgR1!U_r!X=&ZVtt^T~TW-fW!Up*<7|(bDyMtCPchL0xKS{DpPD>QHg&cgO;FFH^ovcKpc<+dOYo+VnEVr@0 zvzGEWn6Qml;S_Zl?bf&aJFIEG8`bWvY@zb# zcQ(=K76tDoR@)nll~dlIZK3K~{{V{~_gA7n8$z%41gmCTDWRKQ@ZhV8RSV^Yc4I<_w z`(wY$g+DkawR>;FT?bNq8uHdum_pJW;HzM$^`Ml`MVH~ugZrE5ZUi?2FEnKQfOa*~ z=$76elEPyWhgBtTpTs-Xa+5TSZe`nD_-@Kz`r=znXA^DvIsPHrK9%R+5G=G!Lsqw+ z!P;a(&Q=N{gXYH^llas&IYkioPe#4JxwxAA6tZ94r~`#%>JQ_J^gUAJ!#1|I7Df;? zBaq3rJv-;}q-4$$SijZ0A$eu0C5*6J$TtZ(e7WG)qz@5G;yo_pwe`)T%Nb(8ec}fK zf+a4ekVkOd8%xW`V^_H>%$xc7k8@W1Eo=6xd%OKXo9!%jAp-yt{VOR(#5Q&@*jmWQ zw*}e*ksu$&Jt_@PL~zDWvqGA18-@-7et$2R2`jq;iiYVhtUF1GS zOAl(4in&hm-N{(g5;4H+1v@}KRQ~{H5Y9&a%lCc7Zxzr-(Rv1!)4Vo-GP~hMKf<>B zW}0q|1>7=Y?QvTxq{1O% zVyiJ`+A>%ktMso>haR9OCDx22AbRfOy1`o_@8FG)V>A)7(JvGmt)E_c7^FHp`P;3wlBHySNqFKBMN_yjVtounszt?^%}$cPiQFdakCzZ8FYfwo`_De54M&`q!;# zJ`A%qHm$1OTV6DTr;r~KC)TPi$7CsWJfGq=n;wijyDPaQg(WHoOm6%ukc+~ar--z; zwM{bG>Pt{aVi)fb)C1bLQ6^N4So}3{V{aT$#$aG_aw_HCrxmTetTV#VG-H}3f0AADDLro?S+V~Qzvq3h}hts^diY@boIYpXG7W|F()?marz zE{oy$tlir3U`TQTbCvql2wxHCP+bTlg;AtN9ebZ@;I4E_nXd?Bk`M?DwDrYHiW*1s z1Mnl_SNtM=HPJ1lC@rtT$GB%KKsgQD7&X&;Z}67A@RQ=lhP-p&omLGlXlIL7f_XEw z$#6=Z-G7m&gMvp?~J-v?IZ9P!5QGSXV(8}sdszfW4y2NaLxyTtafTiiq-+4GifmpET+ z`qw`iT*euRX6{d=S|QZ{sme<>4UM*Sgbb@$vw@a8jNZR1d;K% zNaPR8t$$j-@NReQpJyhK;t$y0#n)FJN-5NQJ2lnUnXnUmtstnBjW3`(r%^vGf(C;jo z%3E1k2K3rx0FW4a8s`#e3V_NtV?1}Qk)1-LPb;GW9wpCDYH~ysepyw+oy324+O>>q za?f$fBg1tW`^3{_zBd~qREKH+pCJBqMjYj6_cO2z0)c?0gxa#Q$MO?`-|bLsPDZRG z?oiE@?meqQ3AV_XBmi)vo<#?BGwXlY`{Q=2@FU|thqd`N2yMJ8eJpmGlskXcseT-u z#1ov?_j~&}{81XszJ{-PZrXk9N`;m{$Q6JoAUWxRKU&IXTz5Z3G&$Z&XR*1BlI{-!OY^4sI@f^^tZO4X(NME*oL znk$7LG8XBAcOR{PF<%We`u76@SpW$6* z^4LnbRdPw%nd9=}zO0u~KV=fxxS7B^0XWI+UgjRJGP&f}rqk4RnLXB}DQkeSOb#)c z+Lmj*GW06kl}8{9e;2iP9IHd4yu5XVW_&w#_pT22Qkv%JP^^>B&;%Ug&XvqIe;t+3L4es#g!IizqH5RrgU7tLphFo5&NO4cYvd#xK)y|%o(v2YGX-Z)(P*EetA+qJlbuZmAO8RvivG1&A8 z^hUGr{oIkl8uCd00CvZx9ebP9YK;%$j2+6?wZ@V zx^oIa8@z>1S+mljTbf2zJNqvcE$@bA(e*Tf;yBcdgaLr(zf;z{cSEwXvbwo*8-1Om zEWXr{r#d=|txrZMiEbi=iNSU~O?4V2t=infx)b(yPrS!~J!?e~^At6>t`c*y;JiIT zgTbyM>?9M9GB(R|ny9N0DRegUhmLEDNpKQ4@=rXqdbC$-C9r(uar~*7mtofQnXDvh zi-^{B`>4R=isSAzad2cvOS(78yH85aQZJC&(X{^nwM5Yr4A|!<6|te)KASb%LKSXK zcXBF}jOMf%sBDfayOf4m_9-|;&fk1j&0ZGO^y@zxL4P_)_E)&xcm3o3aa3bt-h5N5 zS?c~FWYP>@VPG2yG26JVChpcNcyFbZgdx|AcR8v^a_nblTDF;W8pxN?gjd>C_&gj} zVd6bMP1I7&ttW+Kl-6D`J4hrRevw(;oF$T%cV_g(_gz{LJY}m&+UzLYAKT1bT zEX-LiyhAdWbrW$ShQj1=Te>!qw-2#oHSXbs;^v@sGh?S|qw}bDk zbr`R;DBEPLKn!>ouIEpaPSfRxqU~OvDCV8X_GeQrv8?Ntu)U_7(%2#L<$PgO0mszw zS}|DKz2qxAaS+D<9_QMbJgnusd*NG)dy{!&%q={gp8Qvz_&ZB$n}?p_J?f8wTa5iE zC#md`&;5~W=f^6+5g5ac-ql+}`0sV1rl$j0+ua9Ng;`HQ>T4$hXtU@0>j&{Jw|lDT z(0S9`NEo1Bx_zst@Rx+7x799Ap(0z$7bZ77Po-30VvfgI(?zq)Z5kmWFPXMJd9OCs zJZE!rrpINdTLjxD%Z|DA{VK(C63bt?({F8WqnRRQkPJ6Q=NPY~H9bDxQqb-7CxIiB z4er~&m0=`R&k)q_qPMrYfuu7NoxJf{eiYVUV%shR+jE@cgY8*O4kxMUFeU7Pnb-r3 z%~$+fY;+6jI|yz}&e(Io1Ohtq_*B{0*Qt}NPWF0wUWnKvgn-3z4l4!;Z8ZqhuUBbc z0VH;bGI$#cmAIhlBmz(TXZmZ^O ziTdvKqfpfJ`v_u4=7xD#@TGYl=M)+9Gr;^&dv-iPmyjfFJ2)VH&<1*NE8l!OZ+Cwl zoY&TotH00k4l;ZGlp01%^e+}&=`na#&evi!%v<)526vO+^sk%M3+j;S5<9DV4h||? zG)!M?{W$Ha2LtDo*m}mpSd}UAK=k-wN623F4@( z(%ku57TQSzFyoW-$n>b0q*>)}t7!Ii9v-=}nswAB3~nMVm5T)9AAqaY*DZf^&jJ}8 zj&P^FW>K_}v=g_Up-wPKu3N=YE}wCx>DG5J&MuU(2!84Q@7Ad;Yz7p1FOhj_v$oZ4 zc^p@z-1rwu*J6%IP+RsqC41l@^e(ypylS-$!Wqj1Jlaa{e%>6Xw*bv3%I zjzBC=aZ@pzzuIlDFGaj>8j^U)#dcPf$z?oZHw}UK6IlZ~Ce-Y7hPb-9+GABDaq^St zT(zx^m*TeBYC*a$y#gM%?OLdJAt%uF3l9wMf=d~{(Pl*aN8wBTfYw%5GD^aA1F*pq zdos@%);0NT5=iw386(}4&sG_(D$-c>ZB9r@3M3g^jux{(bZ?-{rBs7IAHq1S-Cx6( z8h4j|50c?`3=Hx0tssqK9;0mL)^(dvcxE=_EdHt7R|_NcXHAC&fv7;v3Bx?#kgzW1Nfw^rY687m){xd^tV!+(tPKx$?>mKO)R(dpwxoa&7_&3PBm?sw zK|rp0c8JY$49bx2E{7)>z#Zz{m5b?39q}yaSg87*lnF@au57LZnr5SKbvhi8G+5z> zzv*2h7KT|w#o43VfIaFba*mqPc7oZWEXF>&N#Iv0sQ9}<(r(djgFVX~hyoVQPhV=t z8aTg*dV~!=nR^OH9lIeTYiD;}wdM2cQcZ9j2IX&-gC_=P>9+Sejr0&r)i$Aey42Ip2w|6{#6>!|C zEi8J}QChrF!#30`2jf(=3ETV`csAQ80otxVJz>b@88ewQbQ1QW~(Tcm`e9x;LU zeg6RZ)$$Ir<84P%)Nbu8+k7n}tY|ZxpwMWeW2^9vjBYd;FLetig6U+&$vA8r^Yr4m z?MYxwN9>mS0;t1a7%SkT*x5x-lFd%Qa=R_^%^* zjFGIXf`IqU0yS-#J4liP0P~OQTK-kV=9@K6!rNv=}bm{TAgJ{{V+tX$hVmd2y;mt=!!!NVf&cE&&;@ ze(=wXFSWZk{{XgNx0T_HMmWJ^>+Wk_QXRGvP?l@R-T>_!Bx3;JufA)HmqXI^Yipe* zSDCGV^7n#w6Y5V|a+QKTk!MKIwEZtuyVI<$PN5tz`HIYbW&j>>_*XEVG}o@RnJr#< z8qs$y2{~SRRxOufeobYrErMEQm^Rk>`_(bww?}DYEEw~jN<>N|e`H8Axmk~?9+h)W zxMiF=oFF{ab21V(?lloVSwrJF_BEYo7V1_(jDw0fnSRXXJV7=YBaQOcK!dium zrl(_fWfZfOk7A%f=}E9rDBax1bw-adtS9d6HJx{BCB^bdaOJ@m#Un&P;;lbTvGQ8b zDLz{6IK~+D72|rixbh@;!AzVGdFR%eb~Bn8;oFle>jdfouNeabn(OT%p4NFLmO@Yv z%g0KmGcr5PS_!UNMvYmR^PV$MiLGy?du1pgLNW(qP&A44y=unQAk*}+XSxbIVO088 zW8t|q8T=_do%=&Bq^eA^50yn}2iz=qEycrIYA(*}HQ3{DUV^D=$nwK!_UBW)mSNum z*0d1s?8`}FKiP%jgJ>k2edAq6hvA1!xwMi{E>sM^Y@bTXdx6#5USbK8$_6r}hd9CZ zuP3`NCz$dsSzEn87i?umMcxQKs!PP08KAu|N9Aq`!yQEcSf4SIaw783{OUitDy5XI zCGeRXHf{+0R#EbDFQ`l zc0&`8!_Ce(HOXqW_l`?sI%BY^jfPaxHOs9VQ?|c|#`2>8Lw_pu8^w=XK=Y@R@^&B3 z6y+-cl#oTG%^je11dh1i8lqjE>=jm1k`HgjvSzW5Q=RebV_MT7)7*aT96se-o!oQ! z3h{3dSm^pDkPNp1Td)Ti4vrxUc{o`Sz?GTf(;5ELV+rcX4la z((FaXKqu0enma!WEEs{dL~M;M)e$V76DDX_qC7o#nqe zX_3~<;=F62rOucApKoCix_Er8?6}*{2E1}l3CU|8*sdBkf4V}{niv`)ER3h_84ssF zN??7*;QbQb>q@q@WS-vVZ-p^m_QQzqk>CQy6nN=h#S2@OL0oML4Zwy*q>oUi4 zJ=`i<-Z-1CJx6--%ij^Fi2TdBM36@#2MWXP=71o&v9M%}$9EjaTV?^qKDE(l9vGMG z@*ua4R7|>gX_7PQXc?2N=yqRbU$!hl<<~w~7&!N=iv+TcW%JM&SGV_Risz>4RvsSl zHjx}w8hxIe*5Wf~ z+IzmGcmxdeJbPEm{{R#|6xz0%d#F#VnrsWDG2-C5yYm{FPyR1s@QzLw_oEmdB50+uJC09RXisopJ}+;&Lu%422u z0W92lQDZV+3;1VK*Pw&@OzjO8_wx?cUOVTdc0Lob(i2yn9R+qMQj_g{+ejReMFw)0 zLt|OdU&Rl1;d3LiY*{1rIpB}QYtJt{8vX{>9>VL*n(k4{q1>y1>)WkFqKN229gw@a zhE^{yiOUXi*N^0D)2uZ&(V@JaHHnzpn1PUFC?lx!HP0w^5#ai%)HMMlvfl3A<&PW> zVeMIVo*lJA<{M<*dEJiw)nYnr8&lM@8>Cwlh24)4^ehKj^yvIatoVlB*)DYU(yv~9 zgcG?+c* z9hwUl(9QbG8r=DdACaG%k(`?6^*vraC+tZJ?77{#QMW%Xds8QvmRl&bJw`oJ&8NAQ zSLMrKE_ggwTW8_>;I?wheGIO}nc`o(qqb>Zxuji=wpp!oyGYh6c``r^-!0tL%{In+ zxUJ>$<+Niew{KpCqnYkCCUajLzApHG!rm^>z8&g%f7+zAi5~hzQXC_H5F?CN%pVZ- z%Ug>bOH%Or%KBtXWKvJwPw}YbDaoFP`!{L_Nbt?)iXh1MN5=(C=h35>Xo`01oK7_^VV}sN+8!4t}u5S|77C1u3nGc{9;%xHU_^McL z;ezJSI58`Xf;)mL&2Bbt1tzbn&p5J)rD;6m2^IqL(ye%t!@A|SiR~Mc zL1EMp>rIKXdd$VAF)g*F&lntLx+^~uPPURKlNI_IKh;Ul{cD<0=t}cE>s8Tgw5emf zhhyE&Opc0ku#?i0PSbz2^=oC3lgT72sT}pHiYYTM#uwW6hUeAv=wqE*{ajMxj2`vN z{5}&+;+E8P^lfI&D8ejvKXCf-_zJm8v9~flmee0f)n-Pt(zN>~1CO(&0OPe|H;2Tt zTRbpLaER)BxW-GI)=sGsmt*OTaqK=8cymqhSB-S(Z8XVLlOIVKfu5a5TJT8iZ2mIp z%keB*-K2g{j@-_0(Zo&_arjWGn8`AIe?ah~IJVTZn-$a{!AaPEtJpjHn#9w5MPoIK z4JLS_wPxB?MmG+XYHY}@t7%heR+B7q5W7z9dsmKVJ}A8Kez7){HKW|X&GOBTNFa<3 z)cMU}HgJA4)UVl@uOxePnq2N-w3W|F`ZwSQhxF?R4z+u6JXTDN9BR0pc*Sf!{UcJf(=J4?!0Wx_2yqgg=M)I#^*JpTMv_psHiBGajBZ-FWTItx ztzu{)9V7Gg?=9l`XhWQLzZBf?sG+xVMJ zztt|yo}C;1_-y5r_xvl~FST7dadQGrWV0KY2^imj#}%BTb7&*OZ@gzdo*p?}EmBXD zYkFq5>xq+6m8XSwkV!jx(HPj-M0Jg%7Ytf>iEI@ErUi8xE}Ly^?23-eH#SJgV~z!H z1=N?Jm9O}tU(zA9k506>npP!uE<-5Ct$7}Td|_$goig)YT}pjE;zklm@4PDKILB;P zS1phqPRrrAq_kOdi|ZjXW<_;5BzD}O@${;*>F{b67S@-tgQzI^n5IGJpdX!P(!Qj{ zl>R1bdZvTneJ{g$UAz#>BQng8{{XCzFdUFQE6aQz;3v~3k5trJLo1*XWS())=TOa{ zeGjJUziYE;8XfSJ^6*#Ff&DAb@3g5rQ9J3=>C!Y{>{Kc^IW-qX*GB>3jXJ|iy@JHs zO+1$F7$W}w3l7AJ^=}92`oD?fGFqbPT674Coa8$Xy^r(jRwi{GDZTpxLXk$-Gk1LB zX*K5>zJ|Jj54S-a&G*m|#%nn}Ok`~MV@A4y)^T>L6}Vhsj|bYXcw&MK0!Ig;_&U!;wM3E?^HF(he9qpcyo1DgEbFPu_J6d_(@Ev+j1m(){i|g(Z)2{u z@MzJjEw3YEJ>05Hs7Emnf2~O-mpb`8GBaU;QP!o;p`71Ce$!8aTX_i&_Je}C8Qy=T zVQLm{5`dAh`L>asMP_DWSX(4=N^Qc$6SigdHM9Mh9J`khmN>y3=qX0!TWu~~GGf!L zVnfQ{=DQelPwi+L=3Ev~31U9=M8e(5ce+)DqeE$WnKL*@b_|woxcv=g{{Uf29rpE* zi+3Y-bH!w73YI&)KgPPJgrS>G(+#`W9ESxnyFXgOzwsxXb7s-VAh>xHVR-Mz{HaA) z-Bqy{j1#W|TdkWqX=n|`P?f#={ zZD$;&$!0sZ2361JUP-BoeO~5kgttCka5nz{4r`%F9P^h#<(`A0X;zOaT(r{Q$WehD zlh7LTn~g%=ZBdp%<*#hEN99u~BbITw>vmVrY5ICkJ4YNL3l{_LW3Z^SABYw{BDz)5 zjEim;Xvo1mzoik4(FzG_bh1Gyl0zgi2OJc~-TW)f^}%%A`Ic06fRYb@fqM$}4iEy^l2UEv4DJMhK|D=W!i} zrB#E(5!ozu?{M#ost&tsAcpKpjH@UBKnB*0d(aGj-yd z8E-A)!uhChanifZGfz6Tt=;Qdyo%A}V1HVQhVfkw)Qg=CT@K;ztuF+2){_Yqa6ak| z_4cu!NcipWBH~c+Y8tMNjcp+R0G5r(Do^M7SBrtf%5PqW(J3abkE(y*jNi2Ep9lUj z-G0uVIK7?x3*rf}Vv@dE-sjPY=m))jQd*{f+D^B5G-cW(Vq%c-y?Y52 zNNRrvzqbeM;Qs&tzBPEe!BDEfqT1d4y2o=BCe~1P5&hv`4_;bN8_kQ zcG3%YRxOxv#N#|IU0LHF>fAHuu6j^rUxI(NPXuo&$GNkTcqXQb;Y&{z!p;r>9Wy`} z8oV3ec}NJk!)-j)96nQn8e}s1_p5=lHa0C<>K&&l2q35&=Dq&_;5WuifA)I#weZ{H zAA|1h^sf?Wnw)a9u#g0?=jVynp$sx9-CXRXmF&;-pZE>&gFyYJehGLN;^&9%ZEh{K z9X=s?B4ACu&|jHf9S>3Xdy4G!dnr;SMN->N3H24tHK`Mc;a?GSC!a>uG??RxXzpX& z8~dy|lFNvzmv8g=!YlBBS;y~?i~kGkKO2b#tmj%zddWBt3n2H*TQ_=#n$ zO%IV{c^<;7qzL)o{yDFKuI$n&2naz|=s3-FM`C2OGq3G~20Pe{WCA+XOD#X-o5~Cq zuHp}0O4>5e%~PPMQ;nng(At__jx9hsB@JV%)5e!vcr#Bw-g?A zq4St5>OcStWK;Hruw?#IL{Wn_KT9sZNe)k)J^%cWX9Svg>%sxAOBhf!-uY-Ox_&wqa zOKJYyWh?1&$TDs2!jh#<4ms!WBfWo{kL^+Ld&M8KZ^v&L_#;-d)DnApvl^z{EF?MK zgVO`A<6NqirJgygc?+b2km&Cb>CD({5+E2zb&Tk7|=(j~q@N5R3zTpFaT>=r#+Ti5iRJ4e)Q3lFso zrI2)C&rx4Hr`lcawJ3mH%y?0Ziqb8SD3{=H%8S`^JIT9jGQ_&6LbXd}2m7l&3mIn<&j%Ypo= zX?#zoi_2(Zj^aqh7DW%i&!q#g&r7Gn_JMH{Gi09qD+BGuDTEV5Mp%sc&}8A*zo**G zJkpsPWxrMD?^f~BAXw41ugl-PToEX{q4;}3g7vO0%wK2afn(CW8(h1O{t-FTM2;76 zgxnV=Z?UaSY0c^qtDc5%>-r=ERlNU*We=~{_5c1g^5nh{Z1&4#QJKqt-5!9G4|*g!A3*#$@!U3E z6xBQ_sKaX-&2qO8$XDiG#DAYk?X?X)*G9Fo)!f=nj-=&tn7+BG=MG+{oa;U{()Aa6 zNG=xPm44|RJ6D^-KBaEc21wzLIRQse+LyE^krC_OCeo!Y&uUkcRXbuk9KyAbG zuHVIwSld{~r0F3Z6+2ak`@*nn-Zrt}R~{X-wQ#p_sN|iv;8!#M00`u;-@|=k%$D(j zco+o#0G!lrJ0ktZinUudduur2R*?c{9E0stuP4=SS}j9Your#?z;bc`sz_$dr;M+z zbm;s$skBnt3H-=iMp<~rCa&Gz*u`soXtuW#N#&iAFB?y(s%Xwq=y}{z+r=%U&l!24 z|4L4r!?W-F|?PP`!tjI7Jj_2N_l#eylX1}@BEuo4=RXN*`O4X;ZeNz56 z4y495HU~pO2Oft@dEw0wd^NH&7aU{j`BoK=i<3*9Eiq(~WK=jf$j{cIQZ?j8 zYxs)k*5xL-F04-6)0$M2&-hLCYSs=sH~5j-}zP zLrb1-Dk)UEF(*6&@{i87ff9*7gY5MPd_4`er6ewhPt17QJwE^{{)ysS3*^)-1Tw`W zWT@UckVwe(IHt_hdze?(izUoWAI`|x`u;Vy;_VP>`W=n%l+Sdd3joOL-_Z1>%iP%` z&pbb(YL}Xo)xM(--P%VhugZ?Yl|G`HMsm6%)ojaMyFn=PRDg5H#(A#9YQNcbFapDGs~(iX zTbVv0@g!ehl33(fB@2_Z*NtEJneU;6HkX7pLi&2rluJue_L=r{y^mH1Jg|0^JlCSy z*}eUf>QT%*o#8+n6Yq~sD>nh0$BF*{wIR|jtfqyhF5%*E2-*PXYm3ruCetm%%JSPv zq~TQHuf1vqy!Z=Oy^1Ei)$Y9SH|`R73!Vjf#of~w$Js<~vJ7PM05k#NK047p*o$v* z9CFT*0~=#IS3Hl@({$eoS=b2gL1H$JG1S!ZfvX+LZ!xGrwE9!-^hCVUrkZJ;_MSlZ ztlhdAMVXfNHjAe%meq^{jHtoICb6NVuZAx#l4v0-BB;sv+?ta^%54(s&i&~po^pB$ z?EE~g+N=>;N&}4UP(7$K=G5)K;VaR!$yVC%tA-oElWA@a zIr`#>AUSJkeCx~PRA)&fA~3vpYhIJ2#Vxg)7Ij6&+#cej20`;k`wz%RBv$Q# zQ@4Zdn(UKIn)=o+vzXmO29R|sGeIgQ+}dD*(PoiZLFjW_mZh)T*+5{9cJsH45ztT( z(b&+7S{JcF6cZ?zq29#TocMxxV3>uGZl%alSDm>%YdJ+DLyy!n&3$c6&E>Vp(po~1 zO5b#xXOGUZ?4npuL;z+7@~pt@G&rxfERdshz!=VJ)a_mTE2O@$I;%)qk+-4kng*hI zzQ6HLR@AjCjZ*l1qGka;Rl&gEa6by~MwS{IOZRjWNf?tD=~S4kWoi>!8LVYD5-Y~X zfW!`+53OVB{v@%!c8(aym3Z8HR>%WFj%K!*V`*PGBRp1ThHa8x5=kkBG`Nj{0izzY z0q#1b{+XfL%`T@K-S1pCl$pkTfbCy5>K1xq>yC72W`-AHPUFiGX*Xas?=;CYs1QvK z_Iy6(Il!wHa9wJ0*(*q}+5$wuyRJCL=~$YA=K+Iyl#gez_6MRL}9D&b{N zT(3CC0Q%A{=U&F&RnrpJ%ann`u1MT}3g=$h_xpGk3N-N+HlBWJ3~#CHnk%GHubl{H z2vi(&s?*=v*zSozS8u!m^%NT(f8tBWyPr>M3z$|Q-@IJsfO=O$cdl%VeUzkg2!h5F zp*Wxpc6%Lu^GPz^POwiR4a%MBg`b7~&jFri6FV;8HvQUmCCH_xXeIAbYqe1sZVr9x zYfzg@wY0pmlVp<{YDB61QTH3dUppNVNUF}Sk;eiN8 z7^#$p6j_>k4MNsEI6#c7NlrOKj=!aIm);g#G6mEpdsjgCz&JmZW^8%ai6d+9H3YP` z0Wg^e0L5;2NF10D3c*LYp+v!MgO@~oIVV(e{Gm-Iyo}U@GU{PUVkX5t6?OaXFc5v9Nu$7I50MGGKE18%V5^3X3y=Q&* z=M1ErZ57Kyb!#N3_YyO0Tn)VQ>s1}cBfnn*Sont9OSyqw-r-1*u-NkeJcC^xvEUs% z{{Ut@b46hln+Yx+Ij}R&5ADxN*wG$s;;$EISDK7^HjZZdU|-(K2gu(}Dt$KA#tV4W zrZLLQ3z5-{M8(V0>hHXb8uB*N#BR+PQzDELk;p%-dHmXR5?@|kLL=PFMh9xhW-gfs zww~@VM0;P6>+f239w-lU9;3=tEh05;-pf%2FQpaZ~u>ql&=kTD2 zZb%{#T8V+&dW?5I^^t97gaKdMi(B_z<8y@Kqw2ITd3214&%i| zIzf1m!!#M2Cm9uTmqa2+Vp~`nYV{f0ipq}eMkFEy$8So^3L56OcO8lakijT8869f^ z$u%3OqIqQ*BoYYgNOn6kvrA;R%La4$R65+N9l8YEcDE<{#(^Bs4g&NI-`cuETeTdTQa-EtFbE6@Y#O#om20EBYvgw!t93wWP6BROnT3lqg7 z#<8=Z=y6O5W7Cn`vne}>Ppfivm&lrX!otFSkmGlDcTrx`cQ2Lq0lCiZ)K;?dn|VM z6EYpK$-r!nUMt`)i27%ntIU_paC0E}caW>k7{vvi$MEj%8EmaBFXU3ncBeUJ_ch%7 zM)2%DC$O@gOtnjB;tG=B{{XFUKKHTd`A{n#GJw@=X(a5* z6c%C^>yDHSD-`^HddsKJ6|J~08V~>(10I#*9vZdO?=0=w`CLeNY_2kB8QVwU$d?Cj zNQWex3iIC=Y4(;^F(swsSFwHK+ej);Y)}PH258p$pNXs^)U6@9)7LI{{{RbiKZjbM z;zxuuX)oYi4^W8eDnm%Dp|Ant7@!F}Bjby`7wvX_A)FPB35s7c?t$2XKhA5W@kfs= zZ8ZHV{=&-s_TKJ4FuJBf@<#4EaX=iUuBN)W$+5$u3>@>1!l{2|%=WhiI80(54;-I* z0OM_Cy0+GAY~IF8`&lO3%nuQcxi#K+m&7{7oC~FC8jI<&xdq-b4it3H`R_m+>`kd& zNY5qWUL;C4NKYs0#c`e^*7dn08a|1qq?bjOK_sB;Rqv8H?Lb)foexpRhiqe>2w>C- zW>Tc$w{7){T{-~%NV(jk1Dpk8-h(S1adYAfc!_USp^&U*ExE`%`gE+lZWPpEo;%qR z))qMBOK^LEL99{mKBM5BTK@oC@hQ163*R+`f-)c94DdMVSh_ZWaiLy4hOwiYo7Rk$ zkc=QFKX>U(BcUS}PYS+=c>0eexo({S?OL#E*49@40B%4exCbC@Mhw~q;|~)e5m?!LGgXgr>bf9 zGud0&e&}xi;ekH2pYej`X!QFDtckLipPFLek~7XlOIn#p7_Kd2lKb4WCVTF zS`sPN7Usr3lWLvq(z39QH&W2=ZLJ*ro@v`VS7`gysU4}Y(JjT@xG%e8V09$p0M#h5 z^0UzNzYFP4q&};E4XigYsVXG<%)RmYS2qB&Kuo`-_?|x!>QL#v9@BigWsoCI?S&1~ zk80GouIHKf*G<(&#Ov=5St2mx z4wE*MEsm$G8%U&NFv_Q4$Y5{@qA}38$nrnho8V82HD4I$ek<_B%vTmS)|Sx8CQC>F z!6)9bd@bOuBG%Gv2UWMZl0PVk3#L{^^!im7&vV^8HQ|2__;*9M&~%GCcr@Yr)`+MX zW7qKJsQ9;1(CwCJBDjjzZ~;^kwm)i_>zo*0HLG8@O)YVv~!_a0;zKDEbL_}j#O zEb(5Us9(<=oxGdEz!xGg4;?*4XD6vqhf@z#vzhf}*0vdK<2YTzh58D@(k?G9JWUuH zbdp%GJEc4nB>EqvILM>u>uVbgFHD}{=G}I9RaMJ=K9%7fEcl_M_;*qkmoeO(Nuwk- z3D}(pr>Gd3ex+lo-K6?$z$RQ_8M+^#uJCwn@)*`!#?Tx=Mxhc@XA~B{AkmOZyBu+q<*4Q@wJbd)JQmyIHtCFLlzA8FaYr-J+Kql^qRKZPX)7*}Cvl zpAvLJzH+9a1gI1+Co7Uk{{TLd;@d!Z3U&O(fK{AlJ|4N}s_irM%- z#9k=WPMc|Ma-Y2sy~Ml?z1S1hzMz-kEsdUnx=i-gllgID%u~C~Z&OsPFJw=n{2{#X z)|U<3(P`4mq!dVw;uMU6eK@R766sov_@82k^B7iOgEUDk$#l;v)bt20EfYyF2DlD) zxqe*s1L=z6^-WQ9ONY`SNsaJOOl~pHp*4ixLn%k0*I4L3VoM!P_Gn^hm(9w)O8SFc zF0ZUSV4j%GLXF8hM(=xeN-Qj;LIJ@Z_1kE^GJ$a(pqt?x z0=5aQISpX?9&7OO(tj~wV=(JlP9{?ckMlt-V%-l{>;qQ!o%=(%v3m|-Kb1A}+*FOALs=?w& zCAf@zo;k<&k-4BbOqTQX`QOA^vs>R?GdZ`6{LB|W#p(Y5)~U6xi28Io1?Ai!zrQo*H!T$hg)>C~3>K*jf_BU#0 zXyCn!1(91h3!HOY#J8Gkvovx^6Oi}|pSo)@TP@s02BaHJw4NJVrbD%NedfoldAGwI zZ(s25jqgsYX>W019_B}Q@EN*u{OBBGbK13k7x-G{-%-1s@(=Ai6AW>k&g2fmrYpxZ ze~9|7zpJ)~s%fyp17pjTSZ+|c;~$M$eanqA)9=2?Z5(Fi6C_|B-FV`>p2F^E?rtSZ z7z2iFrNAKbM>{mJ(reZt&r2H9BKZoTowLPa_LAz&y6oteL@)RsjZdrSWS63J}{`C4|6g3$xikEL^dESE~Qm6q1wS|-Vl zV9(3is?DPpGsUm9$nCC@877Y)?r&BVxfJ>>=A{&Nw*qzn9~k?m{EBJ}wECmgCpPz@ zD3aB@#si%6AXQfIT=U5up&)q>{msJ#Ppw>GV`%D$9(yK@^lORUC`)Z@byMqHgz*bQ za}Atr0=yCed#UvzXcz!5y~!O*G8f(DvyyL=#69iQG(Ju z1U9zvTUrJ3@PPh#uNX^)HmYboiwe#Fg;_5YWR50WU`c}_Tv$oSBZ6fVWu!&hR2qclxlUFSL zB-H#xuWGtZqi(RrYp0|6ZG>OmV08!5y&Lvg@l-wx@z$`KhOZ5tov4M5Z#?csI3NPO z2Ws$eF;KbmT$V?5@pDMO_%HE4NBFhiJJ}meOSHL$P%;Ay7YcFHkL6$4KkUo>)od-#Ul!vXnV)Q&2HmF@f0qzxwV)G znlIr}bI;eG(!Q$KJUyiNk4T?S)R)b)nl|}|B~A_q{Bcxy^?Z-zoBj&R`zrX0$9gsQ zihMtzN2+UH9J7*H50jZ@v{Fyiw&Zc?U&+6UZ4wFMmIJ@dkIvdN@}7iq(~w1L2hif0 zILRa0pi1u;C+`lc^ruJUz^)cooicv#!EbuA5w^F8va?t;+fBw<`I_7^;djr#%ja8>jNbTgKdHEshOqSx*h(s%0i% z#d#T2Z|_pM-3g!6{{Z|OyZdk7=-xK*&+Liu3sZq~?PXg~&}Ef2M--q1WKd6hD-3^h z*Y&Zg*vT5r42l+5*rb3Q{xy|O<;~sQo)rSVTM@H9f&zo)2?gzRn_$UPf6Ex zy(3dpX)Nwu-yjg}wDn~@E25Lq!tyZPwv6DJIVZm!m0H?;vAHwMf%)186}pMZP%VFU z2H;BMnj^H|ICqh9$95R>_Mt_btqhSolOT};XMn@CLWj$NPUd9%X=@$yjTjneRlJN6>JlKqmtH{brx{{R~NH{*>y zdqvUiuF}U>j^}fu!pE*VV?BFSGn&cU`ck&86=I6GCKFh zG5Cu88q;pY&AGR@ka@7=5B7((a#b`^=t*MD4d^INQPxPw>_N?cHsA1YPwYDR@ z?<};q{?4VD@BUic7Z|(@u-1%|ao(6xs zG4EdOH>HkAAEbIM<-pr0WRls4ImhW;O~$6uz#`ff5ZO=%Kb>nCSmT+QVX52+ZlEd> zHDFbM=jmRRqidIUR_|_KY-{qV^rHHirZ(bR3z_aA)Pm2wNYAMqDy^2EX%*L#a)IDH z{HL56(K79!9gdfvTIw=S$lN+8vO*Xxm>H9@Nq`az@pirNZ0WE#xkbDJ+cN#y`$$yVEU_)+T}kR@^^$dg8W7 z#j%>Ej)vexX#3+T3F92qh%{;R$V$r;dzgc{MaA5vT>35P&Dp(HJzj~THDN}q_-dzBywwy)->xGwKsc4mKc?@ zwDkg}+KkZAgjYAqYU;md&eD2US*vM|+I+CULn-b!AXAKh<|DE5Hd<#d=nhSK4}o-P z^qUvcZ|>grC7v?lkUD{iyMe~|tHYOxCB^9lt>pyeM^9?=rPMBM6YQJWlyUB&gut?p z#d#7LW8T5C39hfh@%@5nBMK$j3t;p)_N`1AZVQ!!Tt_V4Tr3+KyB=$TI;3~d+*&+a z96!k1bj>FsFRg+&;AcqPvcQHO*soC0Z)BIufWoXI{l8U1QRi)6R`<$hv%(^YChVBytF|iw%aKgFmCsWmLuI}E* z3GKHs?i_7Cgj2AWnbb9=p>YXDMF^|=z(;?rWmwHLH&a_EC=X1E32w#?yq9+OqIn9; z`Rkh5@ZFsE_lF`$TZY@&MImz@-)*Kz_7#=c5;fof-nhx{kM@nq2{9TR00&x3xXZDZ zd3Aaim2_Bh$YIoaRY~;R#Fr!$eyVf8thq+yO%AJbZ(#atw=&GK1D4J<{VTQA^;fj` zPMUFo;&+lvFYf^^0^=C<_oQr{&JV#}DW6ZV)ik*+qPmJ+sV6u%BR^4^i%``(iyIqH zv0HqM#JZ=wlL_H6F#64D4APt9ast{X*1(ZF?eH?k8wC z2E78;#8T>iV|i}mP?*3iz^ocNqp^eHtwQEo*cv&r7T%wYZQ5$6G*?AYI*LLZ2|hWOI*dsTmwa#-1m*jcsFh1oK{(;JXWpH@MQ|a*HqnYYgL@)@3Gk5qN6p zFYX{vE+a?zS$besOJ${6*iJ4bMPr|*G?a9(+{_;sL2lMlznCrJQI^L>uM(0V0?iv? znB;EiJ?dOb=S2&E#;%*9aX7Eu|`&btI4TcO#<7J zsLjI;pm(oUv9gNuMV*zc;oHb0VC0-)v;&dxO{DrpoUI%As@PMvpwD{pTQ<70k+v4Y zHzzbSOpQy+<=Y&E%7p&u!8PmN6TY?a4xepmAIZ8#*msfq=qVR98)VULjI#uHIm2VE zbrxPAnr$RoD2@2}PTZ9=3jGQi)}IEgWp5S6<+zCNU=BA{L{A=<40f=oXb*MmQz=-= zTb!n`s7DpimKHHYan#gOUOuB3h|3?9#sKe5F65N%bc=~vbyknc+m<=%KgPMH(h?{q zjKaX@aD3(E?yF2LR(8={b~kFxgtIt*fon5H54& z=a4I@)BH}C5{*6xWRceltOpDST3q06YmsTvNhGE)s@TR)EA3o5dbgO!1y?F)jTZHqh2<3MWb5K-WiXJl5E-hD1z0#*}vKI3r3HM0% z{41J^SkyIJ2Di9oXnerU$5JRQ&#`_S#L$nk6n9cXo~#94ww^0_yvt=VP0mhw(~2@V z%}Y<8Qq>;nDTs+jDO%c1oc54Oa-p)Ila4c6*bA5X{nJ=m!6YS%KN#TVx*Zo?zn0ir zG=5Y~^5Y$TwVToER98b^!@du)zPX;}@?x1JE(cG-rqui^r&_T2ixq6Ek;mgo>ee*0 zPHOtnEBIu!nN~x)hR@ylSDxzr71XVsHnfp$TX+nBcfZ%IYOaN~Bd;t6dR7i*bMSbo*7H-p)9w~%CXAIE@rL&mCy2CDr|9i>eFNL? zQ8X{W4!+dw)O^K{27Ezy^bJSDH<~?-{j;%_-bP$BXBf`!=~HN$_0_HVM!-fJt~ye& zYDc@tb*E}tZMw>V-(lU3mF7C9hct;d$vp8|#-tEw1{Z*4ryWj1hIYK)Uo;!*2bH-HAa@Z~ITb&HrMduN$l$;3~C)6kz<`NK-n%ud!a zN$1=v829HTh&at+Gur$=5wV41*q&xF%JenA;%zqj#J(4~(v|+tHsz5@CWP>o^{{l@AW)A>|wt!nK&uGiNsF5RI9FbC3xjV@JvMtNPLm@>CceQLy7 zMXjyNTwI9(Ad$`naZWptB#xg<*Q{(Hw~A(5ZaDVMbvhr1G~0b#YEa%mEyUqwaF3ra z{gOKx*v!`PKA{D|O$@Nb8k2xPub#X?E7)owEu?%046l#8C}<56;yErD&3Zh=0B{9$ z8g8PptCJGP8x5cyxU3%I@-NF{9iq)TxZJ}m2>RKe%B(t#eMrD;~N zTd>;AIN+%5?@iS-go@l<2UH7;liracbM9+MqcflLw_+k2uOyC@!M>Lb)}qbkGs7I4xjp^plLOU!GM0vR ziWU9hs3df+LcflCi$%BC?5sG)YRJ|;WI9KNt!&!f^5GSx-G$GkbN(&x$BAzIPjhr- zwmuq_14C|$%uk-@xS+F&)HKDm)9$pX7C7aU5RHzXO7jb2{g0@XxSwkv80V;<4_>hr zx0b1Q9E@h$fIV|vBpN)Q*!Hq&PR!qUsplVB4CWfce`e^iUA7wDNZK>acpryhw*Jt0 z#6hO#aXgSSK?khfT~L$$r;<%eYgkUNvpE2BL8M@AST?b8LW`T& zQAQYtE61R&g6~n2OfgRpCE0M~znWRg!dPmx!iIPKV0<)nC)webG{S@5pEZ)rM8kQLmr zt}q68AC-C}pAEImTFN`^KUIiZM8V}yK`uM@%?xKlZKll~n#Fx>9E1V`=bTp;cV%y6 zk|l{k?B$yWC4RMoU4ZA37)h6Ofn)+C53=vq4}OkzZ6 z*MrE$Yahii&X+57Bzx6Q4eda!+_7VI9nGDyL^7Lj%0@6~xYM91D#8{Q#z^%v4I_%Y zw0NZ`*pYhtz3ZgVbkw2Crt9_t0PV!p$wCWsh(G zoPP~c>^t-ue?E~a#%<(|WK501xlK+sxOB5XH$ECL59(-Y$VZ)O@Xu{4K;si~bMIHQ z3rJ!QCZ%!v(BCKnwMZVdqhG;h$ixOg$RzWRYSNR$_PT}5%mOrv`>cB8deAe@^?RFp z(=aZisUzn8m6@Z#EK#$S`AIYnm#Ls9)Ne6qBgp{C+qmQb>st28E!{(~U_Xoc&^}J! z_tx;;5x6+&$EHO-8x0!eq?UU~*fVbg^#+0R_B^-8S~Sb6Li%hkG){QuJ65mgtsSBP zdQ5Y(1uKqmK}smSu4uwo0FQ`gg0x^}UVnW2d7 z8(Y)0d8Vb{1o1G;@gk@vIs3$l0W-k$m?7{swskEIN%aerLm7z4fz)RJ@DCO1-W%~& zp{Z$7+T7du3|q_`649a0PFFPYVQag*u~wRG0jpJVXU8hxuW6_<#I zPJnLB0OMm~%-uy`yX8QraCdh1tQo#9rIwSc>Gn{I`C(%oLh|Pw0ic^47N6p+Z&ULc zV)4S`FCKG)>0OSMsC}6l_G8Qw)>b!TLe+sGnEe=(@HEcy{8;O_|c*f~hDRtwUj{UuqggnQJtX3&?;s86AJg z%>w2*&3jR}(_hYl%k6Rlw>zHw?$UfMhcQADuOQ|dnCBN@B;mfXZ>s%C& zY4-My9qprLFwdCy%XXkdUIW!;O*2uF?ijr0oxHf6M-lQeYa3V7XO8i87^1cSDMu)q zPSSgk)_^PMx06Y6aUe%TiGVV7-JaEMO*ZSq63TUpr<%zhbZCHsk3&FM?fe~KcckCj ztHfrq$;e~I-$PxL`Zb(doSKEKBW!~#0Ki|MrEN^Pt+6%Hx3jj6SqkKnxd`A7THTXbSW+S<+%|pQFaI;4cA}y`= zPp&JxwDCh(X%`xe`^O~72{EUu0nmQ66Jw1xW5;|y;|~pMUMo)(_@2vS5DNx>nQ_nn zdRNi@8u6cn{AGI{g%ypzflxOrb zMqSQn%IDM8m!E9Vbp1WNwU0PeQVGe&U&_6!;m?MwMx^q=gjx3-L`Y?V(&1QS~#qXu=Bo&de^Rk!w> z;z;bQz?Mbbw+H<8uO#u#zXyaoL1kg0#~eaT84#XGBa@NuNyg^NIvcugh_uajPqs*% zQtJoKjGk2Iy?REOrpaL}S5|S`yF5c1hC%%5c?{&5(9mo6bm%Tlu`)oL_Z*C1dsoUI z6!pCm#@`Y2sC*j)mzym<&m^ic8NnGWdvvQDN8R{0TWt?h)a@NCuVIJ)BWyD_P6c+J z0=e-t+GUlU^rT&!F84Sm+|#k6k?7hZ>v7*n=4vwipLg)DVb?X>>wX`LR2J9vahAeu zmBGuf9OMc{PFH8oTB|Ons$NH?EzDN&NMp+mq;=-FJ$-KMiEtS$&&ter$>~uvWiy?; z`*c=mC7YPx+`F8Ng|Bk(w}|{wz818O+(?lEL&_IBfd2qLtzgxKeJ*2NS>E2eT+6A< zlB;lY%LCi#U1x(*{{TzX;=f%~FolE0k}g7#+*BzObEWY{si|r@u)mJRGib;|Ngo+L zq8nA%+a4S8A07?^OmRF;m;jAlG}Mc$52MNEg=ApX{$Oqj%5UBd%)U zCbt>sT0f4o7qo-J_A%W{bLAMMx@RS2B=PzR!to>M9vRbhYmGu%yNmf^c+%ZdAzK_a z?AFm@tjE#C z^tVRNNadeqPnnKC8ux83&+Ix?wDY~Xyo2tqYqsa?0;n{08&s4 zjBt3adM}2$8tCn#Yr2KjrxQrQ+_nfA$RfI96ibpkmR|^4_+sKnt>l(VLfjl=<3HhE zwWZo<@H`UOIZOrOLD!E;iJ~03A}voxNp%>mX1I|dn0Dnr&tYFVc-BI?mBpNHC50S? z=kHXfVvjMnw3as$F5!ZBu7|=pRQm1ou*yP42-a$MqdJC7Dac9ZGao#ni02w39#tUc?_HGMes%M&hK0tBDu{)_if0UCbA|eP)TDFDS4XtN;wYrj zB!)!u3ho&VfWFn`Hr^`HbsbSGUU*VsPe4xW8nprvAFFH7Bc-L12RpYJLSr7;sLrRm zWOjEGM#VsUU}x5orVB&2(620@jTUJ{j>Oxmg1! z^7j+d+w`u}LeSw)Ao+?eH*(nR?}}qjq3M1fj{ef+WM-C4ub>-ri;aQA^_mS)Q%j*Pj-^u>Ad>o(TUBsYwna*`P{$>xJt%HrR6 zkIGhCD{-;O+Kt1PdOst%2+y>*Cj{d_@+9r0A z80Eo_kKy&8$lSBl?=^7DS+*AX{Fjc`u!gn(<oHtd*b6`wofdRxa8-7iX#r=P)8?su0gNQxJMMAk;^W5`d62Do5K6N zM6>A5d$pynSnE(<(9OYU(oH$7^Vp(M1!&fey_4!``x?)r7H#qC@7Z5PbzH zM!e+myA0(jgzvEMIKYqR;cxOb@ycer3n6~w=DSLL(g6VFVbF||p(>38mJD*7u_deY4P2P*~ z$KajRH!@#a__Io9x0c>v@^CT=`{KT^{{VtRe$v;!1HWl&&x3w4b05R+6z#SVT(;DP zbp$B{;Bt7)dbn%sV=8;2`lHu0ORo#xPNr6p9El*2dO99M3i>zUe~g#Jnq%5b*t>`2 z!Ro`-x@>v%B6!E`GvEnztvcrZ!Z_U~vU@wUC=T>+ROEdyYxpw#zW)Gb4Quvb_}QrZ zKGn2~gwrmXTm3%y;yW7M*qjFTV~lpiX#<_bAD(yGci7qCGI{I?!!YFgn&*_r@+@&i z=24sgGHT9gN2#9jeVj;QT2tq^jie;1@#|F869qv$ zp1zdHiZ($>RYHx++a9&AVva5&ie%V<2>DJoeQ6!kk6`#+@hil?2>vR3G5DY14MFTR z-3L;F;ul9CxK;;deGUlc*1yur_F(w`0HuD@-?Q(-?~QsIM4#FgF{YycaLsLSqiGM0 z`2>Cg)~0(MQj%wPekXS_lwq{v@UIH^kKs5qJA0BL8zdXK94mobvfSpL=jQjs-wfEx zX7cK>JW->VZVDVR88~1M(!ZA9_$ar)XYdD%r}5^E7+pH@`BGK@0LXufKb31ukbY~m zu`e`5etZ&gahj+jD-gD9G>R}A(z_szImf8e9PR*d8tffN>q?RnAasmjdXIXuB#O5( zZfr0$#N!WHB3oLLraIFzJ868aqL2$c61GkO6DjPa!mpUT0t3`;aK7FGe&j^om^ykX$q4}5F*Y2!bIo-TzhJUy-0OK&3sa-^MQ#M;)r(cpdNMiLN5a3c-&g`{KS-@KkrLbSJj6CKkr<$CV$2 zX5-9_W3lVEy4Q%jGZc6Fddl#=e8|>Myq)om^~Ly~P>)fuw$vjn_Q_lKvB)sd{ypm` z(`e-B?D58pv7fJG^g6OOHp)#%fa&nTa#e*`>vXX9@U$t|K> zC)wZ2Ws~oB>-kr_HK0UUODaN8xZHUrwlJJXtoB^Y;AJqq#|>Rtu+wZLQn-^K?p{9% z3{0ac+&Bouocf-IiwS3j_DN=yF&7tPwa_ z5zt_ho<=KIP}R<@V{4|%b1atIw=(YjKY9zcg=sWsY{R@P8yx_rTHVbhx>*~Cf@G6^ zG6qEkCPum94>g(t5Qu<5$5uYIhiD${3KHI1bsg(O>?7JVjcZG~(aoN#CAXPwyDh;S zuqTn9#MIC-eX2H9bhc59gZG7KjOTMsS4(a8EI?3r=cQM?)n?RfP+Q726VwU_IrB8S zR;_1ntX?6(U7b&^e>%+ghu}EwZCk`vclM}cVYU$e05?9g%_9>J!%3>?nqh|G_DhsT z&JXZ|+P5IKOZB*r$Fg?l#C581>^CG_)2*SikOqYf&-Z{meQU8u zaRtn87ns=$RQ3k2lSsE%v2MgROA$!Sp$v;1(poSNIcyA9eWSGS-A5EsFn%x%X$bWO zbUrO@X7JhB*-7MIBY`II$Q}Ox8tQyKV?37d{l4JIC^#k0Q(ZBMnwLYF@kOXrYk61w z9Z4lvWE|8wQ)yaNgL!es6m6Z{4aezIGf1>;>DStA&5gvfBTo~9gePk*E6lHFE2x%H zx1I(w$GNO!A+>S0RvLb*Xze7Drlyhu7C!Dd&VNeLvRO3P5o6|TV}r@5=VFWvIs8d_ zAxkEmq91sIde;$gtM9v3Mhd}(dFxYiM{SPe$!B$^HM=x74&V~my-`t#E{WlUxRDZ8 zKW8Us+$p-Pul6P6*1|pbd?^PY(lkoQ&bpt?m&_rGk$^qvpKG|ci|pYTsN~>u{3x)c zKF2^KcrDU!S(N*9t!XDCPV(kv5c-JJ;3BYv;siU zMy1%1^Wv@8>Y&_34dRD~IKbkeMeJ;zhTCZ_x3FC4GepqHH!)m-r1mx1$9*-mv9X+d ziZDRyx|&Qmk%_3@eX`c#*6E*M8;7oIi?p|E=1XV+ke0~xs!{G7%VV*R;o-cpl36D) zOr!2F&P{Z>4ucMn3~{nD;O=J6ENbjgwc?DAQA_v=_Q>(FUT$zu+ne{r!_m9Eh@h?XlXj?C$4@_Oo&i81$tVV>c6{k6CsP<{=2YlbWw4s~z0xk*Fb# z7Pb<#i>ssBJPZgD%Oi3du=cKpL-4~0hQI_nis1AWGDSvR4^i;LTItIso-Jc>{r<$# z>)sds(@7pHbW3Q5na66%=7*2!mg{XJT16ptd<^H59@W31NpYo4FQAb?i9zS7pbPgJ z`s&YfcXCWIE9YqH0rsgi7&PV6pn}dvy2uPzj9}0QB9_@u$_eC*Vwlz!7HnpkO~}I` zeFY(vo+&N^GXU|9-9W1H!4yD1fl+as3INZzc|n3FFCbOgoS&3ur|VE$OBR!{w#e$l z4hDHOq!5iAF+S1eNaauy^5At9y>O=1)mLL|W5@edpbyh5Z1pQZ*HP|~W#LHsxTtTW zo;N>Yw42Hd7b?5~QzQpVqRDq02xMcN?gW2Y-ti7E^uH`jZKc_?Fd5zMD-bwcJ}5Ni zg3aa=u^8mw=iapAgig~*<{~=rgUv8!58`{MY%GLvk2Y5%9fy_Xxf{(>RMf33bm^or z#cm43yFep6oY2C@U7^{|Z0)@BmKnh7fm<@#+f8*Clnuafo}|zx6TR@(rFEvu4YV2Z zda|D4yX&73=*=dbZG8z4?>mZ*m;+ZC0=dojkNYxfB)EhGP}sriisLM9tW-=UkVOn? zS%@76tx}NL&+4|?ey^ur>Ne8G%N$$QMI4@bgZS2NgQ@EtC(hp`u zEA4E9ZsuH!no@cW-3s>FOlC&6WZDAckT^BHW#PEx+Wv78sTdovn!wRVp!=AvOp-w~ zg&>R)PpI^+H^W{clTFlbQX6QdP{+&P(X&l?lHht-C0xSVrelkd;iE76^rrsNeA8JC8gVc2*uiIL~e|Y}@V+)Si zphC+YrJ+lDvp`nm1~Jf@?evclTPYXad^|LDfSgy@6BfGc4Fpb`#!*+^fUuy9alrQxv{rYD-6JV?Vh!PqUp~p z(tM3FBW(nC6bRPQ1<%{HD776jTOB?yz&=J_+z-mLH7na$EM$Gau6P~JDT&1EJOij( zTiDu8EQoU3w>t6{(z^cu8u;q>K=96{d^vCDY8Qwg^B4fO+=IK{r91a7F+OP5ejs?N z>rK0E*7|WVs$_nuzFMF zV)7=?&YyakmDSmMcY(ilG55glTxW>2%S}xtO9zw7jkX>*%|1pWF2_vQ<@*KgsAyAg zEH>mY@AR&?>3XATk%w{Qo(~<(O@>3Scz){B%#zUs=RnLl;-}FpZZwF5w-8Ff@IL9z zO&~o5++4)5LV&t}Gt(7|b*GeuSzJ3x4{zl_9K3o^x0z*mWN97l!tpYiX2UOH8^}RY-$DgOPijpr+D0grEwS6n`6T_B%UXeG38e97p zM0pv$R#JN4dr(w&Ii=DrVg@ULw9sNKjT^saTH9%+$FKFshxtpHe? zT)K%Pi9ksR+5oFQAJg?~y;3RnG7YEYZ{qi$b~;T%M260Io(qpY+yX%-8-ez#Hl8ffE#QhP%jQe3Fvd`h03P|EnIpcj zYh76`E!yc~MU1xWoNf279=x{j{*Qh3dtkF9lkFHkdApJN(ne=pr$?nOpzxNBEO!C9 zjyOKGQ(f^VhkPS@Z*OlTek044o-`x`T#z~M+y4NsOe}d?&w1ht%gdN7e$Q>^ks1Pc zUs~y{blqT0ZXie@C+~?f%G0nkdoPDHxh)~w5o4MD?Q4GO$?hKQ5_yjpBaC`b2btb@ zR9|1+-$@)B6}O-(jiR%pyV3M5H&gp@h6_T6C3qm8{{USAI7PAWoL^# zYaik)w=bjE+t|T2p>Z_cTgHlTqZtI6Kyh|{0@Ne67joJZk=byih~0x-FW7DL%~>r; znJ|h@M;p82@t{qc7t>3n>XEE>DE1*YHst>RSWl;>E0Wdxd4GR>rP^6TVP#_zFq!uJ z>?ktjI!Lu^TZcBnjCYfV( zZ_bj}#JZM;WhITAtv$X9nD^mZG!L7h%iZcta|f9uVmX^QP1&q%f5iHBnV{+Rx3SwL zTjtx2aD6(^Tu+{SSMg0})sBhbRY4BS-2C|{0OyZdgGH9tQ?k@v{gx8384$>% zZtukf9!=tJ6Gf-JjM^+|`|uHLrVhWuw}>n#9RxY9lfxQzggyBfVtra}&!xC2QI&niOxQY6_czISjaA(}F$g z=JxR|#M=I!rdV0aejU`Y839Mv*NV}3lgr%tFJJK%ou%l|OQ%{$ZXPhN8@J3`(QBTA zT!Tp4s5`Bt*&#^&CC^TO8e`??ThshSs`??O!oVK4qC%waW$Qj zeV``!N}s$1b9O__zS>I;tv=2veM4$SG-ZMhYu?i?~LZZ zKK>(oT=7rDUli(Eo{Jp%HJi%I8cGK8px|fQ6dOi8N9$|lk+UlWD3Rndd*Zz7#aC|H#l*{O_Jvq5 zi~>sLiAKhL%)sl%@b$b4YviHcV>o6f zsomDDENUIkJMf-^K8++&Pa;bxa?Sq7JpnwL_Fa2i(zI_5U(a;5=|7YP>GM zT)Q53;D3uT_=il?w5yrY2vLe#x!_IDU&o%lmB9Q!@TZ5ZVuQrC_i3x^Vb(JgZ@U}1 z3ATv2C)n%!L*NJu*WcNfmkDgwMp+8B zLytxD99J8z?zfs0$Js5RjZ`)k3ewO_Kt43f;DLm(%0dj6aC+Z{UF%`Fb( zF1h0a6p4&=K5p^Hk96G%ca#5UVD&n!@7h7%kr{!vqJ$a4M#$uJ~)i*4lrEgQcs4FSTCWf*ED2=W*F4u5M@_jy}wGmc+_c)EYh??2PB++HJq)`-V$UJF^f|U zEuEF*#^3Jo-mTth7xo%t*79CYZKkW4%t%V6dy|h^ldScR2Y7;AD^1h2Tay%)(x8w= z2h5_j{A2NNPPK;S@vUN+{G5f52HZ!t;aAQl8=n^VuTin_4btko4Vb>baFTs5uthi+cn zkkUI~WMcs4KpDTkITh)*dejDS6p)J>PvK@c1NzbI%xAWSzK`Nt3)$~1Eu@a)Qbhq+ zll#1TR&~Ua$#ML+=Zx-VhSC_C1!+RFIXjo0YtzreDDGApKeIjU+=Mrnr*SNODe|JF zWO)yabU8dZtiF|Z1h6W$&9V+b73;BS`aX@}3u!E@E$*723qMB5+ggTj6@>z5L0M?*6(e@^b zWp`}?i)O?sHgGs#D&5wxZ>7essK}_zoyuD{#YCb+rK!Z;c#W^G47T$btg*FJAG_;O z!D$TlLiT?zaBcfBjlYFNUZmW!;_H~A(r1%Pcv|seX7a-0ZU;|#_}(3IQQ`=-JG1-T zoJNCaU&6MC`Hx)EwO{SKjiSrQ-;JeDL-eka<3PN$k}H;j%Z#tyKg2z$fodB)M%r;Y zFqRUz&VFSzEyeZWvY4}OT!FhiDr^ZIW`lTcEv_R)nq~-Dj&rvHxE~sLuG>wwvxr*A z*A58D2a}V@p(_>a`<#`AwRfzUJo5#-3I^OBSp6&4^kvdlO@?I(*Njf~2d+AC+r3qc zoil3F#ab?#b#9LEUQHn@wDixRt;@fO_O>v(#1x3LB=c%iVJB}3Dz}xt{#JZit zpJ_a1w!Lv@khY^(*Te z*tG(YlDvGVIs7_SoLarK(nQiYjhKOgdFG|aRxRq+vgt7h)BPb^DMiBG{x99!b4;e?OVm@ zD~{DHY~_aGrn$EA_Ji|%?kk0oI~!f|S~@e2n5!l-YbnTRf*G3OnoGN|Vt2x+;AhYZ z^jmERS;1|pF#9wGys$HdV~Bp-3G#4|EE+^tDll1@@yF&XmT6s|Mye!_ulyIN-G0u07j&&FUDN*nwtOF}nB;hjpD-*q zbNYT&q4E2{y03@4PM;9G8*s2{bKOIz=*k-l43W0-xfsHbF^b;}G_28`T9#+_JNqF1 z(3*ekar+*47ve*Udw&^ew#jF!+Xu;tRRLIf<2WPPje8HnpAp>nXI@EwiK1o#PE6m?Ubz9(s~0tS%LqU5RY*&M`sFDR&$d^3ny%9zLR+(fq}L*rap=fk2@l z!bP@ZWDLrr9(`+FFOK0Z-G{gxs5>dMRwlK+-3{@OK;#A~kXPJS^yB{k2J-&e@q9h_ zqvC(rC&jw1vwz?{e2MgFuOIhzw;O(F)rs$ck98C^(CUk4_A9JtiEkv<=0tW*GQ5Tz zkL6xFu4xj@70rQV-rS+Cc}JlViSbXypNFh8>%CY)C5Lc^Wn5q$$NBSLji0q=!D}yx z-wieG22DQN?(P<6^4M}vavLYm{{WsSj)Wh|$BDE}SHoT?@h^w9J87f7wYg;*hgiE{ z_Z()qcyb)O;|H-FE2=WFl+i0m7?2XX)4H0dN0{tQ!=zc|MmepF8%snp5CBpakqVQX znv2asJhSuT&~+6Oi5C@`6~PD+E|@*3u#{0OiT88Qy+Vo6O_o|nrET`jy>W~lwImD? zw>eZ^`@2@hOkIy`_#N?sQTQYAQ^Gzm)7s(Sd!Mu2Dg(7*IOjc&8PBzUpjYg9@j4F> zcpt)=rPa;CLvv{lp6wuHytZ`(9Z!5?AAqdtBcdnh%rXavX~9xfPns82$aM7w(-j@G zYv#*kJCwJS5D5MgUUb%`t~Wm({{Y~kf3aqd@!R0%#f>LVxVO_hVGW$O&<0%nrH~Rb zdko+osITKz+rv}*JkahuJ>nVRvhf9@7;Zx*Q+Hq+tz{W*7C4x^Rj2A~(Hoe~&z3X; z?|Pc8s#`^QvRK4r2RH}4DMj3d?Xk&SX*Y{?2}6jA?kv52l=sph)a2PZD@dcv8Q=l| z>g4e%CAF*($MPu%O5~D#O0S)a{V;3i}+g@Hpb#*PuKp;)ucN|n2Rq?fv z+TcelfsOzjz3Vu`xd&for9X)@>)VDq0`RHapK9{^kA{9qOCgTnGReE94_wu9Bc>A} zeH!IwjybIY#HW_^7_Og4)g`l@71QkCn(Q%93g;?D57x4AvA;3E{{Ug?hs6`m3|N9y z$CM8M;4mqs2QLaM6a13gvgX>b+ zw00-4vz-jzIWg`%PeD^(Xzz1wX0uTwsy3c*D;e%@6`{^YrD`zBo8xWazV3R8?R6_R z(R82fD~Kg|Pux&5#X&|KuuI}SDQ@GojV@vsV2gso)Yp;R*~uO8jue&VW;`+AA4<|O z?qbtDYs20gxr*8uuA9hl^0++lU6sU|Mw2DIo!0*Vw8*89k%cv6N)704>9gA1D1d#Q z4aXbgJ3{-DSe^*+R-n>&gGaiK+V)hF2>UUF&PP7IXum?Dj?=|)N2+O%%y-7{Ce;jh z!Om;MEhf~XwVP0DXBtnM(C!?9LH_{jQ#4a8Tf(wW9mFlTvC8w(y^lq>g3iWvW>{{c zUE~w@i1e)Fh0b%{Blw&f!qfeM9ktZB8%B63-@SQOys&B-jC$lVNj=*@5!4b2`iykz zSjsmwOy*&{xwnuk@=WADaC?tR_ZhU^M_2GkkHhyWm$LG_WMp=zP-dMDS3|b(4XxY| zYg0>ahHsD#3Xb)2#F~HGt}Q3Ao<`im%~Coa^NP|ju%)>!gW$=n?~V1yhUK?*JmRccMOh46-6l6@|{;vdplH`&g{exgCh~Z0M$#KOZ#0WQk&VZRh0Loa*T9= z;=>j^9CKY2jGlVIn8%x+^O_8$W71%-^K7G8q4`PN4l5g3HYBx^M5Qr?0OqYogP(Yc zKuRkVU*ZGwtUHV7*Zn<_+Uf`W+T-tJVuz?6rKM`xcAKNz>P#hThQVN?AqRZ>*HPdP z9LKLE*@Dv-D9$3?f*n9S;MA0&a@voGOnQym&k2bTkbTdsbGKe2pIEdIKv8hn$Q+UN zq#UP3Z>HNxq(o$s_x_phQ+f6;qs^w?`E9v&kQ1-tL8N12gMA{#&c$Q0w@tC}^An%O zxXb%_W049*KxX3up`fcBov)dvSx39(mmH3O8mnclv~76T5V&>2BQPKX{b|_2qX+&I zD~RqcWJ@%>A9N@jztX)sOR}@H+o}?~$_Ehx-_os9CjAdY(tJjeyTvA&v0IhK=IPCA z>ItW;R+2~L?se_d)HG5#{{Rt7Z)2s2=LQ5hUI%=3ubwWoDc z)8&>@!UYF8JtzY1pQu^g+QWNjQbb@*K*$vNtj?<(eoW7X&)w}#z-7&6d7<07-#j4; z0K0mT?^%1y$~Ry)O~a|6Y}K}~ie0Ub-i|U)N{dsr`(>h{q9m)|93QP}v_fd71TO?& zg4oZedcKRQOK#6BYWAxAcXA2#r_6yPtlzQ^0KW`d35Y$(~Up zYd@IT!vof)R_Fy!6Zm@pZf%*QJzYrXYtG4%+VKHV*Qc!}?gwk5U4^<-A)NFMb|RjSId@9F!P+XXL9UN)UNI>H4zKMiwGQrZ|PZnD)9i*V9{+XmR6Cn zBmqe|=dbBiXJ9y(?X|5+@$T+#CXN!je$RrThrhjhX0NDSYW@h*bm*<49wW4j#Im%6 zhL5OI^yZ+|O!F4gLfZ*1b*5|Akhypz zRv#(gui^L_v#V+ag_@!b>^aXk$9iULr+iG78)OoE%m!7kaaJsBCDir3Hr5k&ad5;U zEM$;9%?a2?r|X&!Nno;Mjv3(|TMfLoJxyooV&1~t3=y+jDaHZezO|#6%3gF@g{c?< za&ibgE0nmpdl$HlY;RNY5x}h3q$AYoJRhfjZCdM3HRYTaF+=8{kmJnce52p|D+~KZ zD5fY^_sH0FPR5aAwOf_B)9zL&M02qK@z7TlrRgbQKb<)fDLLo*PzPkqrD|6;mKPEn zXLMmt@q5y19}VrMXm51bFz8Fq&)y$OxXQqJuZcWAd!@WP;ArjJ4y?n9b%YY5B-uF} z`%%uo+LqoM$qa;)bH;Jfy+1_V6`@c=oNZB`)|WFPPop?%of21?d;b75M|Od>wljm8 zyQj77?CdoJ7YI-RAs9cENGoj2Td78yd@Up+Yd7xm#%r|j=CKSHEo*yZu}Of@kPj>C znguBKGIb4QueF^)q_>(oPcso0KYel3e=6uaC8jFfUrauKIm0L?Cx8d^pt!3Zk9T8f zX{UXv_(~^Oixpm&uQjysO^QV|y^ZJ)mJPAE%>y}|Tg7ho6Btq0o&ZywwaO*hOLlig zzH{g?6}_2gnRp1oS3=X0Dxcs(4<;c{L%*~x^@10Cx>O7Q&pd1=ZJ@*I=x??Go(=G?_%RbP&W z2Z33Qa}*F6WpTU$PCH_NFmE-tyRZTf%fA>TV2bVh8*!yuX|vnjxk;BU8GD>}{Bc1m zaveiiHx`${Az6?D7>-G=G}5$-KN4P}!*wT=j6*7(Gw5h7Gu3Uij|BKrNWB`B*uB+} ze5fqcoyfw%n^9;WfWw zr^hy%B1*y%P6)^4iqZ(qQ|@uM);7>zNv9z#C{ZBKasL48tLq$b#)Ee3j(P7%Td5w< z*YMq_j(e${tP#@V28eT!p`ENF7Kd zA50&^@~=L>)}a>~Wtm_llw)o=ay_U4{v*@;n*%&*Ah==jgT-)jz?Uf;G8Z5>8185S z?Y4y^<{0CBiIKQBJXdXEvFPsq0O)Hod2FL{oxF@@n9nGd+Eto=IBhJ%j%w|#josm# zNes>9j;uIg>}d$!)AftJO4V(nb#%7|92LPFo;~`Sn$F3hYl#`g&q2m05@j3FZov6= zt1Zw6lT5SK@1wVx+EM~z01m=}WM76wHf?OO5X5!QKb>-(QhlMfmUw~n>+eCGj-uY< z!q$3S+K4XX)yswq0NSgM=Uw-O{vm5xj)Mk~KA#MB@e*KmjCrJb6WDuD49vf}yL zbt~;VMs$ojAW%w^(zsT8FA%`SWPh{<;OB}8zJ`vI;aiAij^XV~C^=KuSE9!}P(t=b z1y*Cr;}{--f!{-uw$mQTUMNGA4oKW`M>(d8bpHTImf*8WPZ>SvGE!yDGS0^G?g6Vb z;@T6F<(^Gu>hVW&1;X0MVpZW=IL|y#K6B3@7m;10cMkHfJUBdNwk%XU?<_5()2=1h%o&(2F-Xx!%eB+t z)DfqZ_Z2{^^{!jRo)EOr^n?Y6+^jA7^M$uiPZ7#zrk5gQ{{uFx) z*_QfCXNV2E&~Qam33ELY!nzHmv~nbC70SzoI3ILZU2)-Cxvs3%)GSe~$-ItE-0~?l zP0qVg@U7y#%UHNE+cEPpN6H6U<)OEWP?@dbxr#Q(CEh>)$6TLmRE5qm$H$%$)^#0Y zM2_xxub`L7jg>Hx1OcC876smlu#*y{rhaC=vOtHmK`dWx~g+OtP1S znmn%I+x+uEpDQbCI#tj1XuD;&onj$ARV;De7_MqB4_jSMgJCF7&&ME8YhyoE@QSXX zCGMQ>wOaw0k(K&%uSoE`TAr6@a|G_*Qz4Oej%WsR+V-Or#3IC7#U;sL!ST=1xy81W z1=)u!)Mq%RjAhu5SMc=KmQSxidjdv^OT{7ivN6-zyc=B5Z@gWnomM51Nn>ruGCLkX zHLo%ij(fnq2e`MmpIg1LmEdVhVdDVf(Ee4^__7TuB)LmCOg56BA2G`(9OsJ3n!EHo z7sc9W*R;(eOwsLG2A-P{!QxD@{)VpjGgbcpgih;9wh>Evc|6`t)wztTBs~jf)BGtC z+h@A3iR|<}Lh3y->L?|Z3h+Q>LV9HLT*B(HzNBr9!4BSssGyda*?2ST@2zUlUR<(- zw^<-UMp?HU{(`xWkNzdmBVP)-T(P+hV^lGJsvdy!IVUwPI@}W0$BzkMy@<|W6RLxm z4?SzF@HUHOsA@1lAK7i4+wZpknrR6h#R_rRoCKN!TdQ7zftAaMbk6tqaFGoD=F6<|wY6V{mW}KmB7zAqp*> zl6*k8(x+&&`*?K;o8?iAjQdsvt6yq2X{yYoJxK}OfsZdehv`kg>4ZtO9Xj^*@L%4_ zj|2;}NLb;0&3U$k6WnSVl($U)jLdwtUNX7+nOrF6Bb{yipLes@_*$Z2{fw>}3t`vRm#NQP5=4ptp*4Dx+y!`G?Z33s6#f9KVLX80#9ApEAHB zu$BZbBBwhD>OWfLZ@eF<=;Z_#jMA*Z$Ssy*ka_m4LQ?2^cZHi?)q_i^S*#X8Ld42> ze{w6;zu_LRT^?BjTurI%EzoRL1Fx=VW=>rXoTSurtxs8P4(er<(onKE7}|5%y_(Cy z8b^n;)|T4+F67;nln<2Wwog6i1uGO+$67jzjXGHa6mXkI%eaq2-n{F?_t0M2-4=nL z=J{0zC)$FEJU8Jur8bixYj~6ozTYa~cc=V8_?fBbejgT^b(AwKQWTnJA8`okxuDvd zPn6)lpH{l_U4))%khmXso|W(a01Uh_;#(W7SM5{XTUeM0G313E`hHY1qmdeVRn^w7 zt;wQEbchGd=9D;5oB^8Rd`saSI_Fuw7uPD!_W>h2aq0Nha<;~DTAa4J^XcXbIH6m} zR1M9XR_B7Qt!#A{)ioPrl>{a=OyHnB!S$@9u3;sq(dwTPQ(3&T(5x)2;jxX6?=~Ih z>U-9tR&h+1DJ+QusyPgCn#-4=l;d-ry1KHA{^CN1IA#MJ)Se;Me#zmokT;!j+-)O< z9)#6$vl|{~;oWCclTx&@fg?#LJgzVk@vpJ|7knAOOAx z6r~#*Mm9Wu#L>JyFw`{7JyKgpU(5SIBW#%Tts7krQ@y&5DdU2BP61x+Qf<%N?)47@ z_=e)prk`agh#?1z6@Q>?Q|~;4LWAD{?TF;m>-yocKk&yR)(2&<=;|?p6+$p4sz{)RCXDzLiX!I zT~W0tts^>eFjkHEz{e)4GbrG7e-Ze8TjrNTk}2RUaCYNA{;IQLZ05LzQloMO(xC6whuw=TPcz45$K-};J37cTD`u$ zduiiEF(xw85OI%c?)1xuZyw^}7FT$-yMx#g2j|GCmgW+A9H)zPJA1-z*^4_iLX+OI z^cbVG{mF!EM-9h%YHXfo&|eYQOKOdOZDy#g^KiV1(fEJkYk%!IrkRBDLAekfKY6!| z{y427?mJxI{8#Yz#2z!cxYsqUM%oMCJ&#h`$8366s%aW`hjjk{4kf($t+nQ~B@r0O z1(A03BegQQNVVM^BG3%MhDik*AO^;BUJ1+}q!HBKkYa zku}Uwg>RdgbLc&(U!c#HKFnI_;Ya<_u>cO$>fQy@UdDHxX~M4Glw*=}>-f?U^lqEt zTX^k7ox7heKfG;&Cb^A52JtSaZD-Q1<+M|{ZBd5enVg`{EAbw`Cxwx$EVSSi+X_nk z&V6f+9xc@GiH;U2IXv^8Dx*l15!SalV2(*W zg+FF%6kl6;{3wyh1kEJq0S}HruSf9bi>-V}Zf&p7t;8@dm9SuLC-}b%)@2rTy=unR zAF$d&{$mU@tia&=3~^pvEyF()dsNQ7;OE5&np}>Z?}<>In7>=QM$QLvZSF2921NK?^*Jkqa?mXwP@toHNqT#2PfE8 zeZ26=bs3s58kX+8DlO1)TAtfyrCU#@qWzdp#&;gR+|c$C>9M>qWdTB1AL1QrWQ`mS zM%wz?DcbH-jhksz$1KB1|^bIovQS z8`zhSJ%F#5z94uFbdMM5UN*bCnhg#uLL)3DJ;FdaI2rm>)uQ7g z*Y<~zd|CLFeenav+J>uOzh{ck(n}|2KPXf8J-+DTzeBtaJ%`87f!cPQ_F+6-Ya1lY z!v&5os)z72>C>{ZH(Kh?dH(={Lw?n^{{XXx?F)JEJI5NG#6Ah}ay^2r%>Mu+H)!Ps zGI7pG_2$2-S#+Q5tw!KwT#OJ`qp2BI{Ec?cxiunvd;30krr%M~HBSb;n3m}sq*pxd zQak-W#s4{IWaL91~ifz%Tq1{{Z$vZ`q&r zkMUoHWYg~~^c&lWH9Z<)cE=^VK@yT4xmF)Lo7zVCQ2VHe>FQQ60}Pwp4AWkV)Vg4ALvKj<+Hg zC!xp#f_}BF3c@z5gc8HC}9&Nj$?0fsCjtEHI0<$UIM`X;QjPa8!`H zciNoocluZ5cB>Qz&WK+zHfw)3?;M@musT%Ame%U-=ww^~Ima}b z=yk+~DB^*}#@g(604qUS88Sk!VsnBx;+fD+kR-2{X(Uxf`8ROHivFbk0N{}ywg-dn zJ`ng*;dhO7xzome8Jt)fNgw9Avv%N*_j@1bSWZ_==utnZe}%flnx}_uVzar9?(aun z%0z+8_O3?O9-w4?e%0x%aIz$?8ncbQV8?G-;HufYe9wcwZ%>VX3qBWo6V&znb5*_5 zJY#WdCB3{G_L;j34@1-Qui)?YjQE?Xc!R}Pms*yXAk!|K8+P(eW|O(kw-tmVc4sJ` zFwHFX?(@RpIUfLEbgrvI@hJ}?+)mF3KR#6ar`I*RPpJpGK|Q28Tvt}YIj&wJBoZhf zeFttk*B>pL&k4A)gg^Iy?ODclWyUu#wVw!Tx_zCuh#(U}Qe`72U}gt6&wBk2_$lM4 zd{^P*R5Co)*p5(6-rckHuF7>2(9Tild)AHQt-vIL<+ud&t!t@b^ILdQ`RkswvCBA& zis57P45*W+1O+YAHHWCqkwTM0Fp;uBL!64zD&}ns@a)dlZ1YC>9Xab=zN@Lg@WT{{ zz>k!b9R4+>jHkKhuM@29*bymiqpft7cLApo$=?j$@-_+F&Ur=P)LB+XagO9zi_%$rBpI%6D;wP|Q)%+2^E5k)crPDde61pC)1Bo}FNB8ZU8O9MiP`Pqec zb1F*k+_M)A^B$ElYFAMq^4!S3Tya+wp`&LzEVpfRgvRkPIa7j8eJj{}Cii!Cs}7+M zM&trca5L1`NrazMZ(Ovrw6S}L=Yr#%yFuhvE#VtU?)6KBh9>fMg2xmyou2J+XQo?d z(e#?_hfsJzJxAqUH>h7dma<@wx?AlGUmPE&5T_MyXhewuc;~U?fmG=G8eZ49BLvLjEIE&_cn@z+hc>&|nxm`a-`xWrGxxU08 zW2Z`6jp$VV*VC@G7}7WSmC6Rk-WjbM*6{3Jd{QWaR>N-{SkmNU=ZWSz?w_Z}A|RMd zh4L7$J$S9ir;AI{E^bRJ#;98*bH*s;Xon>9Jkw3oyvxrra;Xy@2^g=SG`M5b(PfN6 z^6Ut`v4Me2NXW{(&{`QT?d4}l^OLyn4RQ0>BsQgYnJ!h%PesLO2rOn(bg>e+;1E4( zZAZ_vxpXM|zV((sVB>Q2`u45^#NHf| z+fkP0CYA)>ybj%ZRdTT!wl|aAZMAtBp~uahrxl&!Sk9##jA12qR$MYMQV8kIQi&2Y zl3Rt-E#bJ1NJw3cj;Gw!p9kxfIxONjk>zZWyq~>~S~`hAo4zXXj2BvyTG-5wruj>| z1EcrNUDNd|E8PO)LxEt}%e*L2*V?JE@|@LVAL zTyc+6$I?67i|dG{P|@di%6fBM=7*-F^PpKbF!^wK29aqNJXzq|%`Qt@f)?X?ZXr)W z?_F1dHHfqb(kaV`f!s2F>Gq(f9*1>#KA(Q^>MHQa%m@u!ec~G^B)moQ zHjqOhkPbdxn~&#SIexHPT{Jc>sD<%mp>f!jZK`p`JW=9ZBQDotrM!doQ63|Nu{V%h3imxJzRyV45WT}I`X zZvnliHcH2$c!K0=8h(?0;@TZX>Mt^MP!8Olp2ocXSes9HMm)aieQP;OP%SOZ)Hk;3 z8c8>>`9UWY*=iOyQ_j+}q%bj67#%*fDohR~u32?E$T@p|yPWaGdK4BmwvDIVwW>=D zpDE8cq#KJx zxPm>+{CxDR&@dyqn{-)9x;RKMTIFH7N2W6?wT8T?pp*M>ygOCbN50! z3u~xnw^^O|QVuqATCT<{=Jfe)ro31!Tgh^9liXLWYFcI1mEecDQm=J5Xwlf?X&B^H z2&v(1ek)xr+f1}|l*V%Vx`XXq#-)2Uuckv{N)B?oau3#lo^f}k+Uf5)UMP9og;ITK zw-DOfSTsc=bRh5tLs2wbA47wT?YU5qvP2IU?OwNKZDoC>n^{+K$ex|M)@Fw7t-ZFH zr`ze!LvFUu!h{2gA&P$wTp4E(&j39Sap_v~pgDQ(UtQFhZUV(>bGO>FXRw~mSpYlZ z9R)Bcgc;Y&ZZHqs`qk;xAyE^#!28Ca4q|;u`|XhkRzI_S$Ms)BT~3*)TMf|8 z7!o@Urh?-Ol%~G%6ndq+8g9#LCz)B!a6*oMUX|B)jhUiLtyyJ?6kxzcg}6UTr7nRe z*yJ@mB5m;9T1rGGl~&_5Zr;k~_i8j~@(-72=qPA{&a>gGrH;`>yXE?lI0CO}8e|$= zyQMo9s}M7j=~4vnc#BGxQu1yhd97MNhXXhntPd0DmcvoHg474J-MTje1PTUow|Z(S zX}0Re<#l%0dEoRl?e=S@No=;#5D=&;Ny%O)3mgZEZ7yJyZlQTv*4&l_dLA*&ah@Bt z8qTzuvqK6riaB2DJ!m&d$Ghpi9MjfYi=BW?CIQ>fR~h16DrmJh{?KHSEbUcc!hz{P zxwWy^_;-X}D<))IfPAmnaX2Eo$f|tCEyfTIgYv36mXD`LD(Vm2XW5f>sRy}siqAD zyEmJhWzGlTL7bkaVA?GBj5DV988|!&~$NR zIiyi0rxS-v9PJ(J+HSRd87wBe)im`u=!c(TIQo|CYg0}HRLeNs6TdkusmQ_%(|K+ z^T=T%?__&WAhWigWV7(hpl6@uTY3$b+Fj?J5jo>`){u{5vRfC5^hmKlS~7qD4^i5% zG`|ZklCX=3=LmA!vAF$c1CH^gogJB(rIJFCk1;|1?QQroQe9t1o*3iZ6hs2Wc~E_5 zGm<3Kr;AL!w}tK5o=Dl2PvHb(_2=|8J*KTBnsn33$XR|;81wj0XpRCYZ)|QRS)`ln zkCzP0PdPjfYJs)*BOz{=%u;rrdI^&?RI8&DgsOD}j-J&dNjyeEj>TIU7|m(y$mX*> z55byxrNzrh7;!gLZigcr)`$Edr^3@;+S)+`rRMW@Dc#BEsQfBiY-*X{8m@<_TkBW1 z(?Px_l)Q%=p2P6slT5d>xYa*=Q3s|z?Ix@K|@j0Kj9wJCz!)M z(*gz~Qd_U3bUq!;#F6T;fE(pF#tk8x{yx?ww$ZGlf!ED>aWEtJIR60a*PB?ij<2NZ zR`WFRNf`4Gl;PNR{ZHjpZ7vEYDlgYOSP7#8<rTLOS9Y3SqT5=@BAFWsM;$xr*40)e zknDY+V;IFCzd|i8$|l^Zk;LQ|B(N2c;%oa2KGCO)Ow33dRM13voMxSTBCHMIs2k%@*nTz+SWx;BXqQw|h18mNG=k5Ml`?vsQB%F**5Ag9O-EH56ck*uZ4UwUJ(`oX?>lMIk%Yrg+dVeYfdz!a^+zBINi*^Be z)EZWYrrE(Eg4=!5KI{(v0R4Ig%F))_!90l$L&c16M^9?Kb7HMBIY5DiGJBtDMrBKl zH6s9dxN=T2UN_<^`{<{5Q9=dhcds-7pJC$JZMR1QC0DpISPECIJMScWxVa zC)$CKY8G=XoN_A71D8d!93Ilm2O(RGgl#*O&kV6~|`_>%?ucdIe@p!Xb)y<}(aU_<^M$ljG061J4 zBO4tsN3(c;!F&n2c>HfX@zlg~d|y*w7MOf@*65jbC&faU5XA6Ti}u90P@zwh_0#O!(yc)-UMW5s&*lXGDtT62A>>La=EMhVAHe^?ITTZ%~;zUW=qhg`XKx}cx*Axe{XU-lZ_{-v(n;We<)&9Y8 zCCfDO?j$^5oB{9tHNsfi#v=W_#@-J6U12SsP-J)QpACelPo@3gg^=o)B|158r1C!R=#*eNj8$sc{!>+7_+<@g8Asr zYE+gz2tP^*Pjf-2!a>7#XanW#8(G!k zmg0R`R_f?vs{(oS=DjP!9x(e9sC7LODdsPo<QZSs%vO4lo<>5-Bp)jfdJ6Q9 z40tl)*56LL)FPDXD%<`{fDSqV`Os!|SKbM__@!$nhGW&!O_@NOdocxq9F-X7JXI}Q zO(}B@pJ#Grm;oAbg2W7Ff|24nw~FUUXVUMi65j6B+aRyb<0qWgqj+;qPZDWXnw%0O zYU6}+f(-_aB$s{>-y6p@%ut76mfeCu?V8VzNdC{;YGf-Ce2epE826ybna!tOTiw2= z9p&RXvY5g?6$tuQfc!;+#SwUpJBcB_xV5;!R*4vubL);OluL}d9bbmDT}>s^F9gjE z+(*qh2RW~3wvy`hCKi#aPI-KeSo_qPC)n~I7svsQ(brIqQIg_m88*k| zFyXUN&8Rb@@OH1P+W4mS-U*T&C_%6X;h5*w@T;E`FRiuRQ^T4?&D2*{5;6Vc`Tfux zMt{$GQkJGtmbw|f6OJuAU5`hwnm@CySdgdXk2uaNYsOYK_C6rD(-KK9^tn(;_Kaac z$3my^6uHT4%x?zR$qO@Ce&$8MlNi9yV_16Uhcp{&Na3`&QZN9G*OF>PdB%~e>X!Z> zhwMvbvQNe>*H+<>v~O|hhs9_1~W9WfI<<@Jv!5l<2_2&^2t-pypzb1 zc|7UbH3K8*`Tmv0-gqNO)b*=x5UlsH!60uae++>4$KhKEn$}5gpy<<#efEkI8&Cy*5ja4%00yY*Z0?m>2Ga=^PD`H;~{@4xp8@UK9@DS+RYRg7;-p2 zN(|*28NLs?i%8Z5?CMIWINUme^{=oOPurIiomEN z=l=i&>32g@{{TgnW_CN9bC)iE8u}8> zOU+}%3c5NAFAm0p0F98$4{rFycs=)t;n#KBy`F(|Ry6=adMT$LP)#Z(eNZGpJcc^QjP$;gY_RAQfmgP?$AUVxs+>Nq3%)-EQu=y@&H`!`#Y2}p~cgMsw?>#gwqw{35@%)n&`Ku>y-Bzmuf^>?^a zEK#SK7$m4Uu6xCLrlaE>Q%`W$wux@XYpG!DM+6^AsG)M7N9f)aON}Z!gt|+hBVF-~ zv+jI5q3JM2w&`hSDPq4d;dAOMbnFV6JbwD=H2dqjcV!)RkT^cz(s)|#^3PDc zlFsZrcQ_^{zyObP>?mx_qtPb5)2&e^zm^$hZWcD>a!1y1D)A})1quM9 zD;>3+v~=MP};@hG{le}CzC)p6epSuGA986yBx3woO)EB@RF3Y1&hVO13mq#8E#Lr zI&TN*vG|Ty{{Vga9Yfu zz}?0<>s^%E9QqE(uO^9@V7Hdp6knlADISO6G}A6L zf+px$dH_W<%%qPH_>P)xp=qd%f+0w?)di{v)2$r694Xe81a!ZJ@VUQJ5iS z7{|VAL&I8LmEnK3O6nw)l%P4>9Q*rL5|xb`(9tlW#S)#>Ud4}Ck!`>RE{YOeM%}M&1a^i|=CdAl z_aok>)^%wtuV$A`V{>I3m@gpD$=bF>L7n}liL}jUL5kKJ7$X8bl1aF+cF%6Yq|voo z%?A40$-6gPKhhF2&R0s4VWS;6+Qdl3q(>t~#H>u)Je)Yp6oaWDrO=>3~g2 zj)Ze*W5ni?+UhVvbsUjhOb-g9p!cFLQKw_Oit=4J!xWOVR_7Q%KJl&_$Nn^33_&Y9 zZk(9-1mI)S^R10}(dMh-EjH?S&|b$L;mB{4)jdN}AKEt7`W(h>t~U(iF!Tn1+_|WD zH&DGuHA7<*Nbmc{9awr-YZr&&O)Vf&Az*$`SFas^O2%?ERC}D^@bX#D9MW9e`GDtw zKqu*46|J-?$u!`#xj%QN@5Z_1BRNo4KcG7aU}=PkW%7Z>(mGc+EXD#ESm_B%6mtKmM~{Z+MeWgT#6*zN>1X!$-S;)}~Rh%Tg!eulyDV_A~zghNS(I zue@F1ohs7v;+KMz?qf189^%Lhym=q&uO8{|U%>~AB9~8Pv;e|DJ-_=C>GtU56MTQ` zfa3~&yj91s&eucE7Y&v%6m7?YOm$dtSD8uAJpigW=MtMK-eg=j&pz~q1^Jp0CVKPQ zgPu_AXEc!``3)PZu_O{WpR?587@B}QxEzl}Z|irRQ}NMcW% zd3PX=Tc`&=h^{$qM52CC{?%Ut^sk8?3h^a{<-0ztZCW(l_lohiVfC-&Gsiv&)O-`- zYwrx|Ff0vezByDJoR;}mkEUx_H@S?XbAyt>V~%Tp%A{ZrPc2-%++}3h5;;=Y=ia(b zN|CVEw{)Li-{uZ5M@p7GsG(&HM>r#(HKj8ZqbNwTHOe$jk>F!*V^?mrlton~$G3X3 zXiHM3kmglJQj+A1cVB9;68)DWEbLA==|q-?Ok`h(${j*020nwedY8g4iWlDqej|8m z;trQ@bLPV;MS7s&UJcke_rc>nm6MLPJ1H~!SpA&;0BK!kMEGJpGWY?T#QJnva^6R2 zzj3&Lj5=}mw(=|Q4}w3n<%h+ugj$xprTBJLaMDbdTS)R)51KY7u)(e@L|kIqI-wh% zh#$14#tZM;bM}JJ?R9?*-d%W8!?TEPk~CooDz-9DLJkjH*OdPN!BPJJVjl=M!Ji0x zQTRz^ZKT`Sw#&O{mvb;Hk%8(6=RTsj+__?g=~(_}46rlFVR)=BqaQl(8BTGMJ9Me^ zh6{BpayIz)VEfk7dYto#>IyO9lfH1F#y(ox@Rx|DjxBP^;sj`C9$6g_rK+A+MGb?;i3wpY|3h}b66 zw%~*Lde;PJy|8tX-e9{(9QQTRVIF}eiX_$a-?QFEjQ9u#;fkT4X&dgEG!d&vMmKS{ z-!z;+zv4|cJt{T^Z!%nSv~iDW^XM#ZbqKtRW-`RAS~c!XL}RHkJ6&H+mqxI(k<5bV z#u?%x1x<0#>Jv*MZ;|7{&Iql!Oit>`aL|^Cyv8Huz^=+EwD>frzS#s{Xd@Zhh6be4 zI2j+D;0zhTR{=FxGKLXJn{!Mr#dsXhn{M%&ShB8y1E>c2am?P9|zpcZE!*(Cgs7R zZ=sB%)aZ3r)FE*qG?B&*eXEk!H6eJavMPoP_wX`nA;vb`(eRF`VWrzn$#Brjz@5jT zrPRD(b$<4O(cTnNM43MPUh-|~R+7QhN1RNfQnT12k zg~@G4QrOa}Bkoq)fHUb`euZr|u$N6TD3Lzq?)ACOPjlhRi|8bGw`2%F+&_l36H0=8 zCVMT6#fCR~{VKT_9&4$1Hv8<$ZEB$0D`zfo`PZO$4@=fG`Q}@vS#8vU0`f=WNyf#b zbef#=UTTg|v1LCnBkvzd=KMniy_TPuE*{Zz#HK(c zUEx$?Ir@s?{9Ui#YI3wjF>eUx3P+gi>RB?{~g;Bi5j&1xFWoH~#8Z0fQxC!T?R zwU4dXp@n6&Re^?A<>+VzbDAxSy~Od(fJ8d6J!{mwEoBFv6|88nVBk0RMJXUPJXL6@ zVn}2XvgD8rah@O0HBS_4cNSJq$gYw6?I#P2XZltx8^R`S?}oL7k5|1G%@&_$fh_8H z9OIhQ@E!fNwy9{0i*k;BQcgiVjU!bH9hbyr*J0IGIW3`v+2iLORF2rMC`m7+o#1p~ z53Vtq3buyLt>w}|X=5C2VU33%bBgqv0S>1eEgXkvJP+}p#Hr%D%j0Kvpjx}Ma!2zh zILHGvM+fDEw+>u{KO1Lnlbll#zmUk>kkc_F~e!N z?8i`Z*j2{eLdT-%UJQxndGBXQE!Uhm#zs026(Hm9Dj-K z9xV#u#v>a-!;m`hT+W&B^7~#9UA)mWMKk-)N>YH=nYCl#Z8uMaW0lxm34Y+{N3JV6 z^GcrMP(uvNkmT<6#Y>HX=O?He>p7b8K{MJcs}@4>l6bB6(*FR{;bnN;Swph=5*lxa;$3s^9B8h3LM>|N(5|hIA zsdBNTV0!+u<2mNE31}EfqX56mI(kS1 z$rQ7Hya0B48-jH83?RgSYY>ncem8?G^eN4*6o5M4)c z9Eu_iWPd@yuFFTTS!YS4b}YZb2U9_*>R)2h-UMl01lqqYNXf-;H-0I$o9(u-va?0| zxAx=z0Ixxmue&*0XS>ucBZx@N6BD$0*R}XNL5|AR?k6GTFY@z21+9O@I&IC$={psr zx5nlJ8*^N&)8NRlg;#J@cMcB}z{;}l*V#f`{hd6*PETX+Se_xc)~prY-Z-Vx+4eNq z@8~$B#=OoR^HP!q&KR-uJm#%f_=U{Uh9 z;<9wF4ZeZ6TdPTFyzIc}Gg^V_){?!Rme&l}9Y`X${bydc)S-eWkwnYKJ!=NQ#nPwL zbpHUgVt+C$ovH^I^fiyC>vP@f62{vhjehVPXYu^00qA%7-Iey7x;3Sk7et0KWSz^7 zfLERPr^0u)mMZpOqk;+G=Cq8gfaBEP+SHPop7wy>-;P@u5(_F?ULORM)H*8jPX|)Tn>8MP@he@P=TFT@q&LE_Ad^@ z7N>DxsU(E6C}xQCQ%px`d1kWR2&chRQV0gP9bdz+z0~u-TglEN2b>DdQs`7w%o(S- zfl|={2#1n;ijPsTxV*J%i)baekwyjuW@w;>SgqBAq<3u5FB}nqwV|iZFLk*ZD8%ri z1t$mZP)dQ{HMW+MTnnd(rfzob{&kHcFQ!hij&pn9DJl#*Z19-wY^Ss?lH ze)0O&^u8{!)32b038R%t{KGtQC@I{v;%^h$%i(+J^w?s8?7&9i+`IFP_XDMT)uwps z#J6_3PL}c6v{vu)oxGOs&r{HKpl7IGUd#3qb#Sn(j-++Q+>XM$Y4vNlZQDRQdK#grW^6N^wONeDNM~oE*0E+F#v1_VXk^cZ5ZGu~KXLq##j&@50pKixSQabuq zOQh*6v6;4+2TTF!K+3w;g>SAd1>^-6Phr4j ztH>3kT(H_OeuABiqIsW-HR}yrT1RJZJ*11v27H|RwRSYsS)YZ$qZpkDj81|_9%e#_k86BU8uTu6X?twmAADDOit7}!3>cdjC*DU1O zqapI=fUwJh{6js)4FGn&KJcEGd1Iz(+HNl4p3HJc!m;Y7++w^7!TMG1m#e*+iK2~| z?-}`9ngo&Gc&6c6dwAl7e4v@#kGkA({OifJxUYxF5h#bA4KbOPnw9LZHLc5efj&W+ zW|WXFxeblrQnH+;@9%q2aIw;Ox=lww)Y3C$A+>f28F~VJeJg87f_W}<^^iPCBZ6`| z4|=X;;MFO?rNTr|4If5yPgW=Imu;+k>B_JDPHy4dN|MV)uG;!zxB6IP)7UKsBLdEDK@; zQ5BG{Bero${RU-2qg#$aoAmzMq*EdY%#Nf^jEVeMS!gf$z~)YjC^Ey_Bc81!m)1KXsv zj?UNZ*BDkSyUXfLd7Hi7wR1Ga+{J9aGLkSywILf8D|2L!!K$<}T(I03cm+>R=e2q6 zw*fb9sO{xso=$T}Rysco!D(T2Z8ho#i)r2*brqB2vjmdZ!xE$J21UnUPfyl>GOT%L#EmR@B;eT zI4zB_MVGf?aX_0m>&-597Z*|>en~j%&2bmANo}-UEMODz@z#SD&CMj+>h{lQke9qe zyzM-N`hFFOf8cBDi;IhhrD$VSI8B@}_cd_bafy#*rpu;C9^rz%eryWvZmx8+wMMkL zZ!oXSHsGsLlems@-u8QlohP_?*;wEc&MKnH)^R&v1<5(1m=d{@36fibGO-TBsPwN% z@W+HLZuFf~UA&cESlmSzEy*X_@HC5zNOh>7w25UiENX)7E|G)Be#l{{Y@G$P+A})T81awKb)VoqDib z%N$`{+~aRvzuX!PvWnx(VYuh6 z1_eP@I}JBU(lpC;zqNQ(rRHS=1QF|4TE*r>)7hQsir-T}9t)_&GXl~_hG*bnw!ATC z_K5>A4y%urfl1i)SUgV^gg07MrJf{k0g>0I(AOFh|D<8_|Pkzblw#nT-T3p6q`A0 zcQwjrT0Py>%e?S;aF@hjf(Rb|^bGHqTg+phG*VH1oxMee{BTB>u z&+?!SN*yZK!@ebs>?%oe#0Mjiaq4T>?q{>s^wk$=o6408P5_{HJnGX;&~%H4m#rL4mwgHyB<^HF9_UE6{}3j3jFcmv-($*L8Q+O)Si11 zP<3U;G!p07*t^v1t?iNKvySPM{KdKv?_N9N+gLnAR@?xw7u>226-o4D$_Yp3&j`AvD-6U^AVqfBD-$T(@{Ko0w(uu|Tg5&o)x7(;u6(oQ^ARLuZRdepW$(q^ zLh@z2(t);@0yyIY5w{r4FKAD*C-9!L;)t`aIX4=Ja(uY>*txE?u4anmbyy}XJIDz~ zC*{HILY4Fz(7$WoJr~8d*BXweVzSE0afZQO`K#IvlcxB3JKZBqyYsA8Ms-;mEf#wU zr1~J|IIk4j>N>@>^v%GSp%1PzI zp#FKRyB!N%vD5VlEk?`Pw?=S&?`o51CV3qH00n$NG#z)uZ+&Xhz`>CvVtm;>25Q%a zG+UW$R{sFR(hWB3Te2!5?jB(1GfKv+!@BV0#1_{Yy~eL?aIh;#OMI-O+aekhX8`@{=z4A6q{N~HXa+ky0{ z(1O;K_IB6T_O{l$ZWcYBVO(zOz(41$ay}!~zq92=)gqc0OKmdacER+b!?CvC5p0u0 zeL5*V)f(fFIXrasu4_hZKUA4#Vysw}D9!;|r2)9uyLaHN4KF0r<7=Bu;4_eV;=13q z=(gO#XiSxa6_z)n~vemeJE_kPU8OnW~>)d&-Qi>?m=v1pQ-IvR)6gm`xTn3 zFA)LQjOMfCE(V8+W$`AJqTX0&H;~)v4xkeK0joa??6pbnt*-oQtK8}qu|mpYR0HM% zjDIR|j)vFncHScX!nYG@a43PF5AaIdXPn`K=LHdaWUXGRypROvSTJo;O`3QciN0I zY7_mI4=@KH^0n@^UM17CEjIg3wl>ko%e4G}lDYN#D6y<$?0moDUlE;F=`G3f;YTjd z5!%d8V~*6eTEl9ZeWsPRMlph^xR02hTFO_wz_oLvS&uFWB~x+<41i;3`qtNnd>1{< z#Nr2xp*!~z)MKaCru|Edj?+e%=$G(Cr=vB($&=-vIj?8b{1L2p*Tc7CP`R7zF#$K( z!6SEk+@T1napNJ7fZ)DIt_noo6K&(hS(&o4+Snzv0hfCNV zc^T0gk($)hyhxJF_VJ>{<`c$hIdv^F4h=qiQsp6%ZNxa&m zc^Ks5xT;Y>W7fPgpxSA$Lvm*kT zf=66pwy&&ZnhQjpA2D|Y-HxPC7drhq`s+cmhA2~Sd?y=eBh=>BwMK?fb%3C5$-w+- z<0}&6k57|Mab+7I4tDYZ`=-1%$JSbuFXru*d#7Wu2|qc(txAl#qK}2N{cT{4uj6>3 zZU`rg_pavOO3|mxm#SVdl>u;AA5mG&^g0theDUXpBwbp0p@Gye1RkZo3gTsrRU@~S zGG;BcM|}SPoYpOj^$&*n9=Q&t#w$leYzT5S%U;|*VGE=yiejuCRz0f#EA+oVb|K1Dk(M8rK0%e<#gGs z?N#lflN;5CQJnOynlBei71gXw7Ry%UFYvPCQ&5uPOGJAdQ0in5G&tH^Ka}2 zrYpc?@a@gD)15(obYGRn1Jaq3jgM}z)6#2L;oAkGBtc0JjrbqVqB>LtQ1LS<+m64= zrc$vtFF_oUz>t|I35@*18LT_Y_r#E-K>+SgHHoJ>F)nR&sqG-TvAhWq$%jV%F^Z#i z5VH%2)LxUBJq;EnZ0x)xbAPVb%(#kJqAeMXMj1%;s(vS3N>3`<%s~^zHWguvsOO)0 z3>?l~bq8A)fP~yLk_URqwbW2BNZ}#a@^jLfMMax3U)|cm@-!k?c(l0YqtAtDyImqYG*BSA<;qIg~y%Oh1(k}0%+2$WFp#+hfo|Q>-DMshXS3V!t zVY?|dn{v|fxZA)VTJ;ZxUJur_FNl5-@Sc;WOMk81TrMrhINEq8@Thwm)24lo;_rk0 zBJl5u_1_I@S9WtnX%U^C9v2{Fu0Q=%;eTzNFVacUNUhO`<#0-a@AR%Y?r+Otmx^_0 z^(o<&#wf#VA(dAct`=*}P`QR1XO)2-QYk+-{{UXIvCmSW{TJzkq#j$6Wak8Tt$jXk zwB30UMDMVM-P*khkvJ*Oq4KZCKZdVktm+;k(Y%8N#oqaYsXKmC^AE^ZgI)c)%4=9I z6vGl?MmWbEx$Rl=9<>>0eu;b>*DU@y{?GcigzqlxrtyxFk}OEaJ0Z`?=RBVO0Hu3} z{1UtNue<%2{{U&j@Xy2-5ySB3#3$@C$VL;-A1@=PQ`fC@(^t^w=jeZ16U!7AVoM@t z(xy=*yXQO5^di3F_$T93)ilWbJ9#q6A}8+o?deq|p@g+PA6M|zi$$r~-N3gRHT(~0 zcN+|kErtolwSS(s{1wCYCZG04{h)Pk3h40ON8t@tE#7yDC9BQg~rkTH7RJ|2XSR=jGtPiD*-GLgEIo70FbTFwO@i+VwvViq+H|W{_Sj; z(-_?Je*<{OTktoCyd&d}3u-4x@m7m`m+)MZ^AL@=S`=3dStkrgmII$r&MW%B)3g}8G5a}uSMVRg zPYvm^_=4`%T|-Qc*#_DC>=#kTQIq+en67MGIiTU(^l3=*57{I3OYld-pM-ja?~Wc( ztm}5NOL*>~p3-&swx0OTIIovJDf}{@;{@lxvd4G-00=WmZSQ7@{zS$+r@Iz7aOOAGacpE}vOT(`GF^sk9pDHWmePmtvA zcOC7tT zGlAS=HO5@&x7Paoo81VObde{v#|Msj``2X+7N&A)=jsQ+PZ!6pX*T*jtx4Dv+4p$7ntMRpj?oqvWbV=5n4g? zIVSZvYs8t6jGK7RY*X}`7_T5nol;d?g&i_$RA$+O;&?9-IU3y+gk$Cy?Ou41J?_HD z$_^R5grW+VUr!1b-Nmv*ih9zl_f*v4oyC%ksLfNyfof%lJLT{epa zirK7|&6~vKl@sodS}q3Gfu=*^Tc%t5+hCO3>U#F;UVGy$4SYXwcV!yGbuvCTN65#h zBA+oloeaGaYpXe!+{Q#Ixde*P@h+|d#AxEj8eBx_UtIZ4$xo8w*Z8*WM&%)3RMH+2h4>QYPLlSaDYZ!&> zj$2!KZG2yL@R*-XWnI57et)Jb(Yzl8tgekQ0SU(g28l$(>-<-s%cd2bx%c~yUl{3|wwkp`Eh+{+<>o#m9a4hKquS6{MC9iao{ImqKQBviW{ z&xfw<^&2OS>KA{PYLM8$9qTSg3{r>+y6z-!D^(P8N=4hNJ7}YS-YQ$Gt+gZTgfBY`;}~Dinz+ciLI;a z+Egx)Np92JNT;V8ee03Zd|N(~u6>$DVGBpSHjMN=`+8Eox|WfZsd&2X-(FWSxrws- zvDD_I@l!+Mi(5@jGRvr>g!w8?++(gfcQt8WakN+P_JFb>OY+>Vdi~Q~#2z2Bg5X%h z(X$o#eryBz(aeLFp~=U7G|S7h^3`pXh|YWcYuNP28eJ03<~xYwSpi~;$zQEvJVV2CYqmPNNdTO} z?}kkM-rNfJoqky@^qniqgM7?b%Kg{VkMq{7iylKJoRYk=TwoA#J?qeXJEo=Poh8Xv z+(s8X5C>`rM~ryK!;@*cqN%&vJ;Z>nc_TRKU02v=)AXBXx_qOOpf}#g1GNU6os9hx z!}_MZsjaPotdgEWgMxb3f2DY1Thm3uO9LdTU+#sqT(B2m^QV zSE@%Qm1V9;5L;U&xI!Y@xDGMf@T}%sZ(}dT+IEd=;rXGvXss>om9iM|AsOV4&c1So z!`3$Ti7t^NEX+@nf%kFK6^oJ3j-ulCUH-tcm&G;`LwfR*^D;`f2N}uyKRV9-%syY8 zCp(m|0Q3~@DWY8yO1O%~<6D<>F#^$me~2D9tC}tCxsG_&M6#I)D!!w?<4nlmJWb*Y zr`8rzCivBY`feDj_8Q-Yt~A|B-&uxMn*iJGd~JO7BOHnVnWeRT3gRnA7-i@yhSP2D z;MA>VNeYyFt_DVZDWE%B!>TNvWzEE%Q3s*#SM={3J-S=y&usH9)AN&CBrBShR`yzq zYc#hphFK5G-n;uLW7F(|O6m4+2n2D880>Qr8y!nfHxbIjk&czhYm#4BT3k&OGshyh zUI$Q3V<~qZF19@5Qt<`N?WFotQ;}+{9n=rv9qVIAC>ATbi5*IT)b{tRq{@Oi-Alw) zWwiM8>ovG2HnCE?R&?_D*{9I1<@v80^13mp|Ct~E+L%8tPsWb)c=eCmWXHBcL z<7xJ;vqaTzEJ%x3x45#^(b#!Tc>_FW-x#gY1%DiBAKKPMk>!m;0zvL;%XIa4uV7}& z!W-rTy-Sd+cb7Id%WN-fRK*({ha-blMdq-YMDS^aEwx!tqRd8cewCVF(Y+K4ai-eA zuDG7VX1V=(#?H-Uxw8=hKmZeu)}$;gtlwd`f?2_m;0*g_o}MMSK6F72*ZEm< z!wmE^6Ub*zAejh;KeOPTGgU4Y^&=2P9FM;_G{oW9uG3KQ62FIL zvXI7>M5tuI%bt4vW`H>8F5(Q#rMVb9R-KzWI{`F{2qC)ulouIU9e$@Rr}k(N#Ajwe zIL8LOa_$R-zal#vU>}%_P+Vnmu+X6wt8R>?TRR)ty1UC1@cgK3Ba%{EJhtqUK&2A{ zRnf2Y86&@j^6Cq;(5T#V(li(U6ucg8S*k05$i347wpmA%s8w6XKxNkYoR z;Dz-cr33b7tNp!ZQ5;wilaLtl0j_hzT2WgKu!cjsl|B9IIZLqP4(FH6qg^!XGoy&{ z-?db~h6wz%w;QDg40Fb6qMuUicKRCH+1SJ9&$4oJ$o(s-I?~(5AS6f$1QSH|0$o$Z z-`UzUlE(~Fa6^JJK=mH=;rIH2-N_y7QihN3amEk5VirB8!EL5xIK?G0- zooct%2L5qtENvJ(=dm4XTX}4zb!a3>UB}Gp$TeJ}EdKyxh>1hD<~ama4-weu_SS5R zB0IVU$v=14iqbK#jukY-je{{)jkzAx>RKL`Y_=BuNntXM#}z;~`)(^sqYj|LISxW( z^{SWG`L|+@#I8@)urz}-tSt2V$Rl|mX&kQvbPeijs#`&%*vA?LUop3h%lC++XmK7O zv!4D`ot5XAf4jlOX^WjJMX|S69!%tJIRlyi^J|S_J!8Zs>I5++N`vStPWM}q*;?3) zMaKNl2W8=hj(-k8rvR%IvKbqA#xi@KO7X334N}`!)J!cTw(BNhWgG<*0Q;SC{{U69 zj@x3ysq(f7`M$M-rJJ2D=Hff6NVmvF(ofvytpbtjH_?l$OGUhzHNt>{sK@y=$LhKa zgci2LNC9tZ3{4LX+StU2Z>mJf?~+(@LC2*!`p(7)%G%CWAPz=oE}2HdQjSRiM4`ek zTzglp=@Z6cCJ~Lp?$BsMFP*7**4xFgT!t0L=@Okj^6neC7-W?CjL;T68$r{w%jqsA zyfN^ED1YLvgHeLo-%grcHr%C+6mu8}>SU*Ao&HmH@MJ+PRMzTU|kA<}{BP-ZqSV>I;ne9N&jD%Z*k^8fZ#w zINh4;qSDgE9#;UVIP1+J%3Tg`QqoMzGXOyA$6DpA?7q`Dwsv%7??I8<=<#ZrZPLYK za1<%a?->j~rCQcf<5zWw(rHle#C_2~9-U<*_I@3)wVp=%3NMy~vA{Kx0}BmC+IWh{ z%E0G2;($5-02XR*XL}{E`T5F^@uZ)_mwMKavs%co$+R5$Q%c}x+xS9pD30aU70Ag4 zHMwu_zezgF>auH>^2GrXTcRk#FzN~Ptz!!sLOo5N5~Mc~s>%`N^8w^!kz1Y|g2GEV zWSt~=$IBT#7Zoyyl?JNP2P=L(2?^rtKzoBcsJn?si=8e)Nj4WGU zKPmOB$&QDMc(Xv0!!L_=KVgy}P@{6by*t-Q;q7`|7f#cnl3dz8ByIeXe;U#)Y-nTM z_>pe)?LtWI%UG7c8*#Vrr@h^*$-mCYosIA)#YCHE4 zTtbm-Tn>XZBC*O|$ur&@GsdB?3UkN3dY6YjNGF?2nt0d@GbzF8*AxNg7kW%H>X%|k z9%tXVj(H}!OB;1zv6KZ)FlYkA*AT4H2=IU&=ku?7R;!Jfu=71N)-XOL}taR9;W@KJl z9jcdwY;E+J*I$-va~#BoazP{1h`G9I`ip%qbQit!#Ye8bZj=~8RTiS1rJ?23q421<^iy2!j;Wv5!Mk}c6E`{jmt z&u>a;8b&uc&l32m)9jK$kgU?l#?#y0xZNB3Us|5p#>mg-fPAmj@+1afxO(@ft+gp*xdL>ErV4<2Py`afCoImGi#Zt`Yc9vb`a1o! z+6SGcIepA_kD#CpEi1rLnHuFS+S<`cDQoE8wmrFVgXPpSOtkhTLumPn)7>5<$H^aak2!G6;(+JDxtJpk=pFiR%i zEEe&HKwR!0d)pKfEskFGmgIvnM-EO#1}llXp5|$n%7krHo`g_2BIPk`gq{HFcm$Z)k+k8%p zy~o`?v;m>xDeQrk*)MIUxdS6<$mYC8?nhfIwOK@yC?{}VyhR2w^E}$_?tMnpCA*4C zd6$5!F^{cz{=I6*B$P4vy*toJ;@Xz7*1(I<798P@Yk}7_gKso&z?k2Xr$2Yx&}&a) zFHD2anWm5zVaYze_18|(#DRomhy#V{Xe`{en8#}vmfVB9ZDW#CHRk^S8ouACczZ*! z(k7j5mVD2dNDcw?9@UMQ(dN3osp3=NZ8O7qui9>GqUI0|;Gp{cRn7Q)E+p0MkjThX zZRe-sNWCn5J>kgiw2*eL=aqIHqwlHhUYV=-8tYN8(B{(~-+Yqpofr^f0RI5`jWoNN zNp~u1GwMDbzqiw%Dv9L~@+TXQ9B1>cJ}Zko7sQJk$Y#E{Pce}PBi+9`B4TXc>P&5} zl^};?fQBVm!W4=*P^!8H1ySV2`9e}JlK`z&zmKdey&(9uSAa_AoPCCFD{8 zE?0#OSjkv?hl5{PTWSzoS{WEej#v6up6Hr8O{vWpxCsDapo5%#AB9O0jgMxVM!thg zYf_TinF^TX#xMZ?0PEMI+G>(OmX`LZZLpwO3moU^?^52n5?#N&v9^ot5}2(nR{=|O zB$~?ABhj@>yDNQidq*?oV;(?eQO^Rjj^#zz@tu21*5&aIp>3k+PZoh8BHff^srRmC z4-a44Y7q%0Fv__sLlEDgt&L)R1EgENyQf&mcX=dmATg*tP7iVT)?bPe*`kw1j$tzu z+(M7KzO;1Wo{y_d7M*JhR`VeU z`&*3HVBQP1wy{Yaicd0bj0_Omi1ka9v4!;K`2*u5 zbCHij#YM}EtYBH)-*}ND)O8IyZ93gs$^u2?sP1uHR*`Y%xwNrn+NW{Cftt9<8(gL1 zuMa%>P4%7C!$)-J7(%D!Z1dD~uaC7oNBas1v_C1}J&6YZllGx{{mJ!D_hEJDpF_!-Tc9NF28a{uYz&*hW&1g3r3)hBwNfLQq%|}d+o24TBMAw$lbX!@LJvn6EfHHS<``v32ACb4< zy-!ky#nyU^vrTns-@0T6h{5XB_HL{3M#I7_E{|)eKyBuT!M-z zd`o+Aa<_6$vHgi#AcK;_-nEQu2ar7Ps>t$L?~WrOV{uP#+%De{HnhWDvbcd?=A7k_1q);n1Q^2#>tRp1la zzGwKScDiPuEH8wS&9ltO1PmU))!0Xx=^i7z)9$UMk5HP{-5fh%jxaratMp&NUOv%0 zSD?Xfq}|&#s%@irZBz}-x4t@$U(SOz^f>1QKjjWl^~UW~Anm=rjHjy)yGvx3G#uR%a3VtY2E2Q`4=!(JQUM zz{u(jewe4qD6@pR)uFL<=2@ac_Z0HS+MhJ(aVOfOAsK)nPj6~Q$5o>|R<>^F;Usn^ zZbx5Qrzp6)^FGw&6rKt6puwZhucmW&_VBBDJY-anY4XHGs=Ybjb*5B4r+h2pVn6VQ(7467~y>`_u2V39Ytj65K~_hddL>poIi^ zY}b#e-AIwYoXSWbHh2~3J`2&B^48)RuOic-1b}h(SLsaJG|wvdr{OttySQ4)QFUxV z2`lgz=cyIw9}F+_eKOo7_05~yw;wZOX~+Kns*8391bXhh@e9IU9MYQWN18obTWA;* zmm6awV~<+-$4dCa;(MPES<88KcRjd9hD&wfO6T}<(y2w26`|bTYu37j)Hl*-_ExT} z4$?Ef-Lu}kH{sr{G+XOG5%_*lZQ^LRd2+`P-x86I4^V42vDr-1hgE29FR!m&?)q7s zns=R;mv2%{c-M^lW25S~_b}T>Zxo73;S&memCGpHsh)PX8)9hHz&zvE6~JqrC6dX^ zcFE?<4tFW&D_V4p8ArMO2z)&8bRI77wwbJHPS-+PP5E>FrMD5azbf^e7I@%w-Ups| z`uf+QS}RmwqhjyGuL>uLydA7Vpd){5i(@Y5!BA9oTKwF*Ynf&i`h=0ZjBzN&HZbEK z{c7`C=yg(Ov3wfwI(#Sb=9{Y9ua|461hc$UAgNYADPif!ABeAE{iZw*9*g43e;jDd z{gbU4lT_1%x&tM|K|W;n%7e#TsP(LGW0FY!06s4mX&RNb zr+6=tHjEvoE40MG{l;FzSC#6JUMdLTSP~{UZ<`;8t&VDx*-B;Dq9DsDz$2cOnqFv` zWC&TqgNEQ@gPKmpl+lM)ltLhgM(1G)a-oNZee)AETpbSLyF{UQY8DI418el)y4MRRyYtz6lNQhxGmqC+7vAe#uib+;NKX}S}k6e0t`%syI{GxdO0K)p`gFId09}a42OqTMq zZ!3jxPC!BI2(Ku*za<$S7F_f_@#$R%&Z09Oc4vcgZ{y`t&PTOLB&eMfhAo~yhO|<- z$02^++tDEjBVd9~IIOmb8g`ILAm^qtlU7P)^;l%u@(0J)HP>Kg~I^sP0Y5180G_T!2UxU;A5XN+~fhrTe;JaeErL#t``5#27|mE|gO zKqJ&-V!yi|*mL%qo8uqC?+5t9!`E}R)=S7FQUfRh_t7x+J-Pr*MMQPRXY5qkHjA&> zq*iGfczaTbW(YY7#eQYuxFv=wiPQcPcyGb;-p8lf2h(*NMRN#2v0FI|Jq|$TxTT@D zG4Ox<71Q=7@W<^n`!HO1yF}5){3c!#wLW-_b3N6dOb{EX=o_Cy`2PT(o~_~iQ^UIE zvEhAM(tRrO#$PB$AjZEp+*7053$qEN2%qg9N>Fr-b_$u`3 z6R}iF*+M&PDY&=*l1J06WI@At-o_8@HJ?h`BwI#Xrq;(JADwVlHu6h4-V2p?`r`;+tTN{xM!4-5P~+=sOFISm@e-f?Vl>Ybw~%1RU(S&)@beHk)u@L zsIAPBH1973o|ks72zg`}+(+r2)rH}$3fozY=Rjk3BoIzEk^cbdtz#l>WtjbVp!C?w{%y&YjMYf~nUCl^~9TX7S|&jkF#9qW5Yx@*hZ zYgpB!xpEYW4C5Z>d#`wA2yT$tK+#|*A&y8m`M+G(Md9^LA5OUvtax=JbN>JhH0){6 z^Y%^mGn*6i_g|&#hZInmGH}p^DX-a(9!!C#`Pi z+N7~*k=mJ&!D8x8HxF;6E_5pwF7^9};#gTYiDwcLsg6LT(A!Sa z)%Y7Ks1i6(A-L4_W`4wWo%b~!7^ z<6%1hNn%SW=LWma0qYWrICPlq72XktLOI8+VI`@&PhisRyn%BgG>0Q{s2palS!xL^ zp_~bzA0uRE8KE;*BhBx$TQ3Xhv)-GDr-oN)V^Y4Spsh>YZq98qJk1y&XKCP?(lRq| zvFAF}*7HU#tz0hERm@j_x-bO6MR9AMvhl!V_xxhM}SbkrvJd z%-Q2BgV6nPQz+c1%Ez~OibHc^Y~>90<@ZJ3X|F7k#Vw=iKW3iZDb;YlkJ5z^^PaP5 zf2Ql&Krliy^k4~xZyEKkCGjSk_7iaH9Fe#ovb=7lLpc3D2=#qR546DMBy5%b@bomA zzlNc;)Kn;(qm#iI6al>zsDj2dg&7wZIUHnHU7_jvb?uWs+1Kr%gNDyx?M^#^TVB&5 zdo=Q|3S0*JgZUbd!u}fjP1D^>(ITnF;t3rqaT%A9+t})@0v+gF;EvRuAi2JV(iqX@ z2v1c#MNIY@(9Q79rz*%^=1eGVy~ZoE@h^%aykE0fTgNPI7*gZCVJ(eUbIq*cw$s|+ z%VMBO_u1Fi9D`T&yJ%t167DEf-JGi6^aCBM5|1_0KHQp|ZmqF50znw#HSNAcI@Q&> z$nru_0+KLu#W@n$Gg_vee8oR1o*0Z^*6xd{3td7P=0TQ|v`6nc41in%(`b zr>4D(C?m5ZkgLbmxOdWa+PkS@tJI%L(lY20M<4y5w#Hj+z$Q+82(A4#)+ltpBEU3} z0AFc2z&)~Q&5j$9Y8tiewvr&WondAmFg)>DI#d@k+Rrjf7;oW0>T45JTGsT5qtjCM z;xI!UssjRZ?kkT?B^`lD2pGu#^`H)yLe*Z*ed?tyVmVxjdunn%tX-Z-uV-@LxhE&R zTw4($;h{}7o^$lC2-W;cXxfdwjd!Qq#kyZE zIefBIx2NYo9+7opp{AJ(lUx&gPCTH!R~>U+b8!KPNpTv2irjP7fs^RIcB6J8bqb@C zgI<-ZS;J(BJE|#F>y8BiImhu9oh^xkqCBCu2K5!eYPylUnox+T8sL3s8$=pxNj<7bvbm{MjQk4J(saNj0_H zntkj!Ws0wMrI@C#R5Am zBTdq@`4i6$BL4uEn{kutipA9Rn;0HR122*0Y)5`O;)ZIOZaB+Ml7$Y01~@*oe&#sh zoG4);f;052x!B8-n7jHmheC z^`#}C9A>$B1+AO}O%k)@G6Bl{Ys@a?wYazwLnAAa2GP-vttf%5W47*LZ*=Lr9D+{* zuj&!JGsGcq`%c~2$f=TGRMqrtTK+g%z{_&M4)jyU9Q6Dvi?fbvIao^wF_D4~V^9ZW zYpWD&DzH@`4WmDRu9|&k?XU}WR7e;Oqny$Lm5tn1cS#=gW^Mu>=~}lsh3%%P3c%y+ z#C+rX-qaTx9&M}_v%QcrZ1bFw2d#8I9n)^DU}@q3VF%>w54AKw+edRdEFx2a!0=Cc zjr3>KVhwa-z-)|))yN5TD70@4*u!)I7*%n>0)t4##JWd`ZSFN2TYI;TFxXIAjn&uuUWUa_ z_D+=soqH5YjI+Xb79~bTe!ZwD@h=3~y!!Ln--y=IH6^x>;`IJi>AK#XXLYK}9C~$_ z)556*PDyV}f1b1sxqCdx~hfRpDznqJ{%W@ zHeF8fZkru(w?Bmje45zn?)2S1WD-Q?M`hpv_kC-J@g1Mo(%f4}eA#oq<;Ex~nli0z z7fn>SVjFV+aqF7&dmUyAS>c|_K#qhk4bIa+W>&4@q=II6Gv~V&at9f%4YixAopmpz zW@}P2w-{Og_8SYxyvuvI07d`+3uIREc!X)zQYFNUS*6KPcws;uWvpFT-z@I1yeQ6g z=BRi-M!Z|wiD6SDD7gfTfj}F6A-$7Nk>O0*-y-8DvG=U&omSt(){trU6Gj~Y+(U9{ zq*7NpJvKcy&qonjvI~W7LF#Hq<5{9FBZ2d0p7aBainGSd8Ja)ck@E4@xXpJ>k4+KW z+3oXKZa6*tDH3UTeoyUNy*fE=5*eT6Wp9`BHR<=7L+O#pYXJ{4923+~26oZ?n?97% zCCqJ*%6TjFJ*zWHwVz7U-|Z1I9ug;Wk_hQQ9(Suxbw0Ty(+9k{W4Xy3*P`f}@w5-5 zO>nl-6y6cX-yW3HunA`R&E5Hkh*Ab(3gab*Y*&4)+n)~T*4HYE%Krc$!TYV~MQoW- zzeCHcb%)hb>UnKt^O1~fNW%5)TDn%ZC9T|cteavdoOEAvQ8&;Ucd>fv-7Y*t9?&P- z{%Qm-m54hO$lgGCd{@1g`=$9W~psl14{Dd1LCuO*GG zzL;%idxllo%Ikuy{uB+E3u^b54YcicJGiTMHglVYMva|R<36;EPQvp{it61L?CWbH zfH?0}uRJF$j-4gg$ItSDI;}7=bVwk%isCuMi*Sc%%8`@!*MH$#m(x~6n87i9$-u`4 zib60nttw{m73IvpHM7VzBA$4zt69@h-^@0+OpVwkfH>dm#EL2Bxt(JnNeVd0u4>m@ zn9jCtvJg%q{{U#v2X%3KW2ajKeDC&>2Gq}P_0C++9sZ|gnp{$dSb-rVa52__*!G)U zX2o=vH25sa%LmHLPYyk68(q3_XC!)jVqfAa0OZgE zp^~~R8dTF=OC!H*6Zd|U+g)hSG-c2t?&H@L26AUjE&2%>Z!i5CKbYk86@}tmBHDav zcJYSuK4KG`4@yLwP0^ClIO9N73FB`BAA0V*GpXHA57^naao4$^3#;Ks?(ZhKkpw%G zjl^Sdu7kpU9J28BuC3?k@ZHODFp{x3faHDOt_?69sA!h9%M6H-?T{1GpT@H7yf~X1$|DtY2B)T3y86ST_&O0m74t0Oy~@ zN#Y0wkrkv*Y|`xn<2!-DKD|X+)~w!fZ*PF^m<)R0Ranu$!`38yBF-ClBZtj?g!L80 zCZl+>mAwTKjsXWElQWccE#KSEcW&x|o;4WUIL%`Ce!#q@%GI6cObShHlZTN!4Z!S-n7>qLfxb0jm--qRjK?R&e(0>>`Ya=70 z(tH`K{{U#%+^A0_K`gFtGHcg#KMz2jPut`$#N>u#q1Dy_w%Pk1X#raToS!w!ToY@OU6+=KOf1()>-QTC9fP zrqHF>5yb*=XQ@Nt1h~_!tjzGiY~abua5L-qSBUHSfGcq_IB0=5+unjtB(%})b!q0i zofMa2jITJ)dhL_p{i|5dd38K+#DEQqIc)XCTv|qvk@Ft0;SD>(+TNr6h%V%{EM#dM z<2gNsYnaqEud&=)+)l{ot+x(1HC*P2p55@jL(@EMXX4giZ4Hg7ky%$6ax;&}*AWh@ zZQ)B>%L!sjhjQwU4_xP;^NRFH{{XSuLewUnLj}xu zF^-{!`4yRr(;Alc5~Urw`%~NKI711tp;`|ct^#0ZKFo|jDKg1 z-)_e0--Ub4ww0sJX)W_a&awg!A;9OQX64v9Pb~3tcA9inz{17%l>~G(&gm9$>NdKH zyv+r|Cg?`YhdJnfTBO~Ij7}F))AhT5C9dL_#MvRUg&6e}tKqL1c;7*m8?O#{i%_w& z5(6|5<7LwS0CdsIsjn%ytN7mU#Qrh4)OANTT6DJS8%OBied=rprP*2u5v|opI~7}! zew5O&l$EqMJUxAFewPxUDJ)}2?tOO`u&Gak97M>e)N-xBC|`n0fW ztoI2EWf3F!6r6ev{VO*^(C!-VPL6AK4;lN<&N1&m&dXS}xm{lNNN(i3k;q84@>FA$ zQ{N{Q$wA_|*4pA9BH|$%kltXxY!Wy$6D6QNvkstRa#j__K5hxBdgI4+X&X4Vg%x&g z0~sEsf;kTi@dkxr%JWRH$!^&MXRp0-U+|1+8s((FV3TFsN8}7XRv+(BYL&Do#o+B% zOEO1&X*@CnGJMEDVeQ_zxa7Z4tm>9sgwfd$2sZdY;p#OIDH-zp za(=j~HNJ<0-}p1)kBR(dHSI=Qd8~ZXG4dPdjR){I9M{nPAHG3k(drs~y~`?K26L7A zbJm7CnLpUtMz7*6Hc9m98c`sUHBffO2XkKK;(Y_cem&9U(Df_d?CXerTXP=)*nQo^ zbQuD&kRK7~o)*^ZJX3oHt!=(IrfA6n_ih2~eKAhgJUF&jmrtbFrK`)A^CCjQPpPR$ zQaa!54M$w?wwI;5Ne#`gJLgoxP4x$*b4z_5of{?H%b8GsxgCDK^!ZuN{EjPI@z$ZM z-46}4R_!&*h~dKg>5c)e_fPmksYR{X>$sXAD9}_?^2m#j_9cXb|4y_Wb`b=)UAcxvTAxw#k`w{Rzlw}P}qaNbrMh%X)KCx%0=@+xTtfZZ;pDQu?*Ky&W2rRHO$#Wx;3gO9O zee+gBrmRD*_yH_!P3^SFZ+5O8GDdeFd{*a$Ce#9nwKj1XI~GUaan^%BXL8lo?Gd8s zb8225(&M`@D|s$eK2~gFJF&-F<}9_jz>@K7)&-TflaL5LrlL?YbPkilem=fBtZ_t< z-m0)4H_QuWy3Y`NKz&YGwA+beg4Nq4Q0>@#t2T;M`ZEvWFOM#Cp9Q6^ji?cD@(ANQ zI8{AMeJkec4S!qIv2@-g)S|kHhDXTh1)ynnzRR_WY~mS)`xEULv=LP`A0TvW`O=Nh#($_xe{v zUCi!FsM$enb2Xi{+D!~(fZyN8dWPCW3;U9rfWg~NO8N!f#tx@z=!ly6G6X`#1>?&ObAji5|y5^ekc07F_> z53xJ}6^5Ol>AGBMZQ9m7o?#hgKkXl-TGcgM7%!%@w!BHU^TEMB^jHrB_?JGhuUp;6 zquR+ctY;FdjoI`WuN}Vde~xTC1wOZTroe!o`+l!Jx192HXl@>NrKFjb|faB5iWF9lIn!@jBA$-iNAb>{TI-Zrx{CM#G zi{ot*PljD1PmX(al%&zb13w&R9e?`uaokR9{Jyx1TT5|kC^5+#g$#J^4l!Q6@QYK6 zNb#?Z6JXPU&Cc1+58@)<2N7?0`C2qu@O8M^dU(>9N z^2un{vZTf|$@}>{AJ(yGiBo+_i{j04HJaALM2ctUbme&<`V(Deh41w{TgX4Orh!r8 zIE9XKPo*MUI~~5Sq4-YsO1rw(Zfw<+2#r}Xz~iW|nxKgwxoK>Id11&xy)Y|S?P8*K zHohlqGRo#jW14xoMpS`{pGNV{w|522sk&ipDFnyd5z?u~x z1MseIQ23X7aLZ(qhIIiQ4?KHP4l`xzA6t&~IMKJI6b%ix3MQndY`M-98;Ho^Y1waJgoXjtD-KlCch9s9(-v zOX%fUV%>(vIUd!mrRpZ*V;1uwL@ZZ7=hm}x>`Y`XyM1L9ymE+>BZXBQf_s|fTKdmW zw}#UB(#ZV51fRrtz~k5Y)NXAbGs<=CF77Mjf$hUQhwi64S0}Au-*|Q_ONd@aB>@~O zclWA{JA{$g%l(pKj@CJmn`as0w@TU3v~4m-CV8eY{J(TANj(K?(<9PDH&hewE$n`ZeUB3GNZp0=xYx>?o}cYg)3MWlMWV7E;UuHa_64w$tIQ(r9-c zCBD9ex$>g7S0TyAQavj!sU}45H)Yo<5%`5CaOWHk^#FBi+$@x`B(xzMJYZ!Mt#`X(4+sN(irD%h; zFugw$UbSzd>sCo-meWr9e%zSH-3QjQmCe+9jl8wGo#FogNx6i^$K?d=emyE%c`jlx z#Ur_eTr&l1Zm5i%$dT<bg+)@Ja&g?%Eq>MwK~aN41VbY&o`Sky`Wf3( z#*9|FZQafNtU)DULl8R;TG6xC-fr0a zO>tDa(H*p;wmVN9_@2fO4&B*7rYi=FIA%eRMsvs=>+`E#@oa|nc7{JJZrq>@3={n5 zrB6*usiGaF>({!K(x;d{&Vc6~{$^hBZ za*@;dSLhGJ&2nFiUjQWVee@Df;%zP_c%wX$pz;ao3G4Y)9i0z#{{Vtp{?hl~vk&b% zqgc(R4hB?kL6$3SBfJ`2^xD%pV{-`duBt!M%;{6?l;s@ zeNUkN5qv_P>rXl?j>0Vbs82!#dgbNBcD8!VHwzKAxUrpNNe2>ugzfymtfv#6Tc78> z{{RIR{hu$s82n|`e%Eg-8eX$J`h|fj8S-|mpeKoSuns)5&okLg;Y z8M7^;XhdvI_rTmoV@wQY4rDSjF(clZb~z=u*`h20DSwyorM522RX|h#h6kyubpauh z8Fzi2+1}qL?_)TttIUEn49%XW)}ERpbgXGw<}LC*++%3T&MTnPb=^0exGmd?SE2h0vY^{lE2QRsaA8YWy;UzTmA|k`#oG}I*WMMPKMUvLR#uYg$gW@5PiCj zPip*hyN2DO5~@VfoOC=dsI8#Mlyo`EwJ@uqy ziM_UM&r&How+JNw?amH6R;FIev$5A_m_Uf}gVfWKF&u(BeEi?sAEg3XF+OJu9g7_H zsaI%5V%vMw!*ilCv0@99$azQ#Nl<^gpGy6s{{VtP{?vc)tGs(Z!Cw~mx@|tgP@nC3 z6Uc|jjzB(W!Tue?IUe+?KOS{1*Z5~u zzO}l9i?IYCV1Nicdm740%!x?$d&?m#AKR;^z0H9FE!#NVj{gA8y!!7$Nj&-EQv(iq zR4IgYL#-}`ow8++ua)!d1dQXH@$|3I4}l&no5lVUwYi!+ULum~+yUS8uIg_?8AqY? zJb9kf0zho^?^kTD<1?A~T5&2ShtlOxQQkB-mMe_j} zAo9c7wv4V~OMRnmw36OuaWLm$90OcTcaZ7P{g%pCjlnzcc&jp=hD6uOm(kr!`<$F9 zCm)4%k=?wumjKO>-9hi{D{^AaZqNN0?fl7NQ}UoZ3|1zVJ!DSBWZM8m8zzjLXX&8j0Y}$BnO_jy?)L~2b`7trZN4Kw9TP-!nwUPc%PeY0XjE!SXORML&w<;wg1cBDKbck+jwE5os7RQQk|S@q{Et?7-uv=UqOTrdv;H_Y$;^k@BcN&Z;iNNjWy({3O$SlUhYq>4rPy+AzBQi11MuBes} z!z>84_qh@I!16w{YTBQR1Uhf_h}0*uDoisfA1+T`o$DDJLv!0c3)|{4*-v?^Br|;G zR6;OH4sdhcuzo3cUTeQI#MXA^C}NO|DdUiO)S7ahUEqyAeNO4k^y~Ij!P>*`bK1QG zY2HVOL)u%Vy^sY=U~otI{&fySsCPXA*F^hE&!$Mu-exuxKXcx)?!EWO&6yrGkXlPe4ZeyD1;Y(6lBw|SE zU4D^eJ-wn_LJ?I?*XN#T3QPutKlZA#OfDjocwBwcn&&M1Nd6zzwapbIb7EiSVsoB4 z4?*AYs^(;vmy^SDIGPXw=Q$r*>-TtSZwxTIyaxO*DX{W7I0EcjBlt;&>L;6>h+~_xdYKujA z8VR?IsXck6V$}PS>sljdI*pyZ$%UH%fWSMr2eoR;0gg1gwv5L!E(gETv1q&YFKLaa zU&V24bd1gpFw4*3Te?1xD#dW~!qBK<0AbV$M4c=;U4`AMOpdnfK3$#Kyw2xS)L_27 z(;<~6v)p!!VB_59o|FeI+2^tgmx^|{vk}N#?ZN&ZQ%-$y=EC3X&`60h066R_?!iSD zEj;~e{TZb$#9)#!T~?8!&!#iM6Bh&LKZQ2}$aPpRriyEs41ym+{56MTrCi&i%F{H3 z^1zFHjFq1oAPi&VRwG%<|jx##IsadL(A{k`?baU^CO?aAZu ztthQ6Wr;+4E&?6OaloZ<+o9BGH>P53L0zP6+Ih`zpA-`NLDcm7wUXIwri>IQIadDw zAkqVG!+tuFSZ!3#hEN-JG6<@=-;8Y%<7|3-6V4>w7$B*VDHSz6LS0T|xm6*E1npb} zs}Ng7ai{76;&63z{Pb@ESxPI)jU@x_LCBC@-S z8{E$k*h6Hi{v8OQ6EgHYBJ)q-kv%N5JD8=7Q9YUr@V+ z;B~hFWEsgl{*_0<*EjaJUuZ=_j=v`v%>*;I)pc8~F<1LyG_{ejw+HVJ%DK-j!&rGC zw~?l`9J6DgK9n>FyQy638h)h$XsmB^@T(Ey1b?;oRhjQKD;o=xn)A-SJgaRP`hFC- zQL-TLrlBf$lSH+;it7GZ<_PRK3Nzo*x(#1m)h+x(tLe8EuJFNga*!MrrKVk6%X2w0V6h{Nio=S{tQ@NWx2{iWO5!$cpqAl- zqNq{MeQQoautvL^_oUVJuoFqB%V}zfff;f^Z%!-EZ>}#TaAPDc?2bC~S-63@q((}# zg_UJqdGGYC)V7r7c~>Y-MIbUY4bWc0JSfdE=)<*i7ZcoFSzFE^!*46{o^wF#XGx}C z>XXKyKYYD6j@8r+KUmW=)waEe!Lm++zr6;kI%;RN@p7mRZWkd)^sU`K?&;$Q(mR#s zngPWf{pN?I_>;qSdUm;Q4a92Ra9Z}9||b{hN|zlUz!FKwG32{5vcMikOA=C;Sv{sQr)t>W(v zt>=g>;j`6OJJmoTx%TT^$B48|8UZB21l;*z6+qhAp`r7hP&7*`>+5%tTuU6AlOMuI zdhPYqT|Y*-yN%_0sKS`Ax!>SA zsFY0_HSMn;WDZI)smRY`T;92UZY7OjEMw@|8O3I0BwtHAc`V{pWoJDq2%;KprkZq< z7P%@29)R@zMuJZI-dihDQtCj2;3#f6s+!G#ypd3<`9Nh`r2sbC(@WDdi`$E^jT~ea zImyrY6~)_GzOks>Pp00(3_BT&Y;nlxienoDUPSixm+-{$$&-M6Ju9@+bSqD^1$c87 zK?=jIAs0MQx_5`|Aj=45lOzMs0aY#Gv%B!R>M-0b&BUOX)VCmTbNbK+7jI*Icp4JF zJa{J++4xnpMu$*?$!P7>f#7?3{&WG)c;3cK;F3ilmVS~9^{yTr4oyFG!~vRJxM82= zPUS{cI&Tl!YBR&Hw41R{Yn~O(+2*i#9FwfGEHdwN-y_U$tNZFi`o`SG^QKL-` zl+Gdr17tZo;(|^F%HjZ0c@jj}Fsz`1kzT{#ZxmVU5#88bvwfi#G50-t{zjTbDBO37 zwL4D@Y4YmwqdX|e8Bl!OoK~b7^`-WaqUs5!%=WW6!P(y#$@JoaxjT_Pj)Si1miM*+ z?E*H*hTbwbHId@2CrnLROS=f9c~N!=4^p|Nt$j+mD`?Xgon@AAml?wQR#djSn)ubV zOT9+xP_=v$Ya`}8-k^Kd%gCd<)$PBtJTY^sG&abOIEX5c4(w;ArFo5&%(p&d#R4EW z&U2d1Z=mdYr^Bs3`%+CySGtzg-dh|18ct+G+z+lR*fkqHE*oerH6d=H)Hncw#2)yp z%1}Hf#qSlJ)7_@_oHlajDoqx9SwE2)|!-7HhPQc zLgvyeFkEG1Aa@_~3u4GL~~5 zbBuB+8bKX?q%L1fy_Zd$V!mk4mI=n{Z-nl(Mp%XJE>V8|;e$^74KL8v*YvA9eSekiCmZ9+Bkm=H^U4S9EpE0ah{8}`(`mqhY#u-N=f_WdEK?h5! z-YoVrPk*=U`!k2=1zXVU^vALi%tG#50kU9as*3ikh0}LEzI2DKXoVv)8ZO5;zW+T!(D}E=o zcb(N$7+_=Xd-GRy?-ko=B1!F$C%M7cq|j0A(ctSG1jyrnc|K{!ZYnS4bwCeH=)pYKU0%Ynq50okTl5& zA=Gevg=t@C^A`}ufSZ2rr3Ngir$Zf`vHMUF$PU#R>rdA8CcU*=OofXaW3>Qyzlroa z#lMEqHd#c_`GL^x3GCkd{*~c(J`>h$(&059F8b*mj6$6zYQ z&7tG^{;Dr80|^)G4~2AF-J)b@5H#~cxijQ%yv z>o(9qbuEk|%Vj5M@797YahFMRX2jgZwngQNgu z&hq+HyhvIhaLFpg@&VVScKY^|M}u2YyIGchG(#LKjo$2ix==QF&BRG_soUwrmhQ+V zWGXO2amVwnCjS6M)jU6_n~86Ht7m`R#1|V>di`iB=h0sXb>9Pc&f<7HNvwz`iME5( z06QMFpWV_5~(##9RsAOc7jBD#MX-zJNq z_^wiM%V#9Ttl1QNgp}ons5H+RYj!DQlIa2~Ev#NeT<<5YNvxjWq;R;`wH*a@WP7Vv zUkpsBM;Ygjdg?UU99jz`omC|p9{^>tdK1^ut{VfD&ENP#uN1wEajI@j%OD&RTz8B< z7ykfcTgR#0>5(>L^BzoryWIYjV~RdggU32fkMRU*w%QycPKCr-ak*81!9KXnd*$E7 zt4|Q_u+lH0ySbYuY!H#;f;+Z26r{8_gjLTkywmkfGgFT1QPi$k*fh~RhlT_Ab6Yw_ zryjF=BzG<$y3SSe!!L7K8Z?hnvhd!SJ*+eAwRzEth8(f&ijPsyW53bw6o!HqCIGp^ z4nFW5aqmqTHdpX}fb48+Bec7_k(Fi~%gYc?Q(Jx__;Y)GIflj;^GPhOtDK-2beD{o1{Qz)C9mjPY9n%{id<=I75Sz+Z8S* z@s*FFd=c=g`#ZwgR7`f0<)4d z=SR+$klVfO!=h%;G4lKI?_F1eH6*mYja?)wf~4mF3c%-<$FTT|N1svBqPVv*3wArB z1aL9b3h@m~;m!W3dXkvrk4)SWP@FU8->q*=BNC^Hz8W-8+e6{aG$vDP`Hhpi+mF(; zd>!!e+ey;j`)YeHZOFkXcbp2CMvX52Wy4`Vt=c^KbI>^^%jVv!xS7u0{cMF~~^sODyl+Tdm z)DE{a(b}^_xgmkzj%&a0=Y}JZL>CY{yC@38bMQv^i%eWaOjJN{? zcCIZn$zp}XC=qkQfzq0ljLoeNMR4f%@%gAEA1UdK_pX}bP1Dls$zyK}5^@gOxXe~L zU2Iz5tHQ3U_i{V>*PGbrMEH(5=O}F%x0J^x+dh?GeFvxM8b#H)meeh)frc-B4qxe=k$RxRzba|CG0(*N_UDm4B4K|+? zEDMYW3VFx!6wDmE4}wp&SQL0;FTVkZI6kzA=Im){x;?g~ zbM||?mQ0MPR@!nq*RSgu6t?~tfN9A*_W??}^#k6fO66Sn#&y6sAUCRf@AWl zJ`mDU_VMlllYnxpI-1SK#jhi@xYHrB)FVb^6F(@U_-f_WktN-{k}9*J5D&Nc#Ywzm zLE*gu!8I{`bR(Vw`I;-7n+8Mg z?IDE{GqRA$w2Tqfwrv(mKm& ze}5mErKMKNxa3tIi2fL##~u;5^HwX{+Y~PXvgEI>D~hg;K0< zsy}o`YVQ6Ec+*?>VeujzNw1;*0EBB$b+)^=TtAnS zw~#^LgHg|D3|H0kl!#&OfXh5*)G*!0s2;Wc zf4(x&A4tB{Bh>Be^!w;8S{W@PV9jddf~}7E&*x24=yKFYnF!v0v@62M7mFfuu&M!QKIJDxM&HC8S%9J`AG;j#|UeQ8vAjyAW;L8&x^ zfFeKYhdp_%s~KPsn3^?paslTV6}66tOR4+Q{{RFd{j|T~n}2CIehhe{S4%&K9xlbS z3nSoLUG!2|oP60MpIZLp?|@fm)r^b7M<@LBLNX8HF<4byOOrS~Q%p;?n%+g&9B@w< zHSx#B?*mP7px$e?i#zI;EwSQJ#E~8|{(Y;F$5R4pW&Q7GVuPtV}E50#q4m& zEFN(`FvluCJpL8@to&v09;@Jg9{86<)U?}uJ`}ko*oDUQW1J|hshQmIOPDTDgqAqK z2N=guT>Q|Or7VGgC%tq-a~UVQ9tz|M0CUa(sM(w-jy&zpBi6MdZo&cs=k8iw%U?~Pvr{2i%jR?%tt{AnH9 zA~@cRpb1cn1-#t@vnz1q`9^>>AFjpHvGtaMlyTyzV*XWAkqGEz9+G| z@Slq{e+whS6}7CUBt!DCRq8hVYN|;zv!{}S?8gPSlbrijbtBZCQ{MC+75@Nc=o4u- z5Uh(b@8skrJN;{4LA|k;OVq7?$raMwE(DF7#B-b6k3rFC+E#<7HO9F72G+I5y#>SCf0wwgvy>?J#$|}d{hJ~v|e=xbWZT4^T zN6%F~E7tAgu}IW2)A*IIgtmZyjf~)LjWIPD2x3Tc&txP`G!wDOpP%wz9{jofE%JqBssI+sH6 zQFUm~*$SPbxj6QsGB1}y$t@zYvbPZ=Wo_3W1?nq0$*i4&$iZW2HiaVwwv4qhnz3h8 zdswbjU@{%Na(bGU%UQIF;uz&p%HJ;{wK-~GYl%0)@|5E_ zP(6P-yQz3;{^!CesMxczsVy(aa;wKayw*-ev4gqe@LaWyv0`M1WcsE`pM3PLk6gFV z+f;{B)1#J0V5U}Z0b}3r>rKzF<$GA{Ze-Ih6-+Y5iWPY2gN|ym!KPfREPDjea;=Z+ zN3;mXsgb8Vi+sw=jDT+I)9YPkm8d}^%#-agC^*lp3R;ab$vi|n&1+DG$_Zk&4oVeX zKML8b42d}FRS z{HuwBz#3MKt79&rMWv=Kb?D@ zY7~ZgM}>8`Z0wZ-TU;UC=OF;`>CJiOjiN5QuIh8#TZmWf1VX2&7#%&T(;bgZlU%g$ zgtppd5?w@$qILt^{vxBi)+4<|n)+DnCY0gH94={r^YDXI)^*pk3THoP2o!L;bHV59 zUu9@EHkR5{9u3u=-sC|h{h`6~jyePH{VOS&L3KHA6zMvin`)O@Ma+=El5Xo1jydPQHH4X}w^D_VglsGuQPs5faitBo0OUq;c>e%C zmC5*v$698c42IGz(nr@Psj1~+XQg~H@s^k3SekHG?cyPXCzWq;>0Hl^ej#hi;v4-o z{wZym6;zHu*bbP+G3|;RSdL6-8eQd#I_=mD>{y`;KJdp;_|tAKOqOyGx!dVg8FUkg zABSFjNhXP;BWK+Qjn&pe;cJPl#FBte-Z zKzlL^Ye%;?5hE+c$L02{O>P2q& zqg%Mu^^3ceNdh0deOsjjoll1*xW9$~ZX}z_`7jSbTQ}N8mA;^Li4i>J`9W^LdQbbk9jn0sWF-XlY!M~G&8)@CezaLF&hSL+qtb@ z66*&C%GeyaCj+i(JeVWOwA_fLW=OVHwmS;WBvu&_FN0>svqCaB9UP)#HZZ+aQg@m91eOqBftydSv#GCY5ZK zw(7%g`!&a1_!{C{*lrbrFAoTu~=c{OtT(kt40Qcn3 zNc&wIGrih7ZmXKMhWEN0OngGm>&l4DAX?Gq0uC~I=XyV#dmj)BKWMm2et>bIE&k;!;t8&OuS7-`=0)22Q zmxJY>PPdv1s3Rg$z%U)N$6vyMp0TCq_K;W^S2FL(B%G06S>iZuH0^O3)>dd8GFAD( zpxHAzJ8gPv_0%jTbdd_M+B@dDo12Yd{{U>4%R5T4ZprG$+|W_c>Y9eN1*%7FJewI+ z-A^R(#ZmBXuRr#@&8zC--DR0o3jy*P!sW)t4dSM4bH;kz;gRLta8xi{0(#_rb+@a< zai;0EHcK-?io1^EjOLJ}##mj;_9GCHnNJ74YnQm$admxfx%{ERk~`BNpG`AFo>I2+ z(+9OjEu8XP`IA1vr#L4Sr#9ej8yCH_DI=VYcUE|?`y6b5nGg=^+M&pH8rD)&Z`p|5NlSQ_PR#uEFFJGl+UPT4ft-#Znn;@_5 z&neq914X|Bc$WN64}@p5zPpOjKi$b95)V!{cRee=ZDx6OA*X6OX|l8*ByFB~^%U$w zk<0vA)%-Q2*o_lP)f-ds3`Lq~V^URO{t~^oZo;ntIb7z*3-0$oF;nkde^F&7-GUD$pm#YBV>5b#SaYI>DLzerGrEiKto20jjhxAXYsE9mUorUn}V6(X16yT zowBCElj-YShM%at;zOp(aV@pFqIyk}X}7wJ zF62itw)6z_uUfs)uBBURl(Sd}UEt#Y1K;taW^=wX(zN@#1-G~n-nynk9>k7E^R5=i zTIsr7y_K>j?vx-N-jo5qXA(uC>T+F(mf}U-8Bv0qj=zR$TTHpST@vwh`4ELw^Ne`v zcp2|N9PP!7X=gCIC9etH!S=2`3n_fBFtEWSko|=Kcb*@%WkYn(u*f|JU!`Ms&99X$ z?qeY#Pnnl*IG_vu5!5cOF)~Lc!ai-nw){mjQ`odp#92wgjB!97X!dc<7m|^LQPTpq zJU5}QhL#Oj!5WuxS[ezj4zQ)u}eRpysztlHc@R_4l6`_w-$ABA&%Bk|KkE|=gx z2H8UCYqELSfCK}<1Jk`zk7AlTTWR#2KF(`XBo_LqjLgd8mim5Ty!JWn^;yi4v9`ky z%bp1Kti{S=3vEgZr4nvM^9e@J-dfzgoLfsB%M$XhLyombW_|VK_wg)KZVS6AJ!?A8 zL}lG?_NIY%7QsD9{{Z#XMI&exwL5wA{Gh&`76&KGVl(NQpHA1cYpd6qOY5tdN~~zC z{{Sk5^c3_qg^x;)#Iwg?diVNpo-l<6@e&BeK=rCNC&RXS43Xkzyfc{}GL17UBeDA1*ml>09eOGQk5{N?E`q!4%9{O8KvZ@M;<~gL2@!Ous97*4~lh z$=>GT-K=Jd1SjtkuT!U~s)^9FVzD^Q5y+ zaR{}SP?}a!cYNOUzu_B5V!56PE*0b4HjLEscNyrqo{TQ0j^$b}vh4wOj*V6{Ej*oA zTTWI}<(Aq#J?TquH2hm_rMHN54L3)&XfEV{eWV_CfuEb$6OY!k{{Z0*k)<+4aLEE- zWll3mv9>O$r|U6k;{O0gvxfROr3*gtK-e>qG2e=%pk9mEMdB;O&yle3R*;Q3^k`zd zTgF&Sgb$c?^{H-mxOauVKnWu~=rF#PJX^*0_c1&tW0{$~PXfB{3|&uuXC|3%gR)Ei{M>yBh#>&-9>23F52BzQU2)$@9ABr%r2@ z@Z3q~4?L)BlbmxvBzm;d-q~rzw6G*of&&~^pWM%=3&)b|uqsIhJPNqR=A4FA#(^}@ zNvg#pb3{&X4oLhfoUvP5okAEdWC)8O>Uam@k zj2Ip`tbIZ|t9bnQ!#a*Sev}g3%DxqrOM8onWhG^2!0leiV=CU1 zj5?XS<)WS11~ir9jq6YYaFu2@*Eym z`_~tFsNG+zfuN0U6l9f5b3vpS!{JLWh}tYLc!kp5^h_c$6yakX$Q^rEfa?AazF!sG z_;*9NY3-t!ZPAr>hX=k-KyoNFE9xEr)HE$_dp%t(St0`tjk_)N>FN5_KkSGjyFkd> zGuZXbClX}rRMqsTperiHB-=R{8O>*mpD+~lnl3~+@o6+j&*4d%HGvV{Mug=Yj-Z`M+xp|5e1He1+CS! ztdgJ%!wi0AOz}>?@W!oY;;Y{eO>G^)g#)aL*)kK;kEH-|hRem;cCM{?1+}e)?4aba z8Lq}Z5ep=pq_=k1HwP!FpqWPFG=CR(qf7AwI)#=l{|lq26q$TPle#tH5=1;bkL+RWOFI4zdl7!2(hBk`cvz|rHn^KWi73yW)n zd4F*pFv^(kU6!ODQqqK(&NxviSDIUJub*!C7#hNYu0Q@7? zucyU6g=H4S+S|ADo!RTnSftlO-8?_1=z3O+`mUVt+geWEb0L44FZZ+3yDcQ$UkGHf zk#4PyK45YfA46Q^-0bd?OVg|^FRo=tF5_bRLwu=@K5u&R-xXhtYsvc^`GGPV7|w8@ z-}n!7^2?CPp{c{kHlJbou}z{v05ZA z7?L$kW>MO_=Udjb4~O?wmKyq)wHA}iNL9Y_gWUG5BCKkCH{gF8X#OsW=FS(6*HE>w zH$@oa$hqh}`u$;k%2Q`<+H6nsJkc%A5`W^rFV9q0spA;f>a(WHs9h!j?9m zMq^?K`MQz%*MRF94gQllKA(DxY!H0-`Nyqh>6Gf7$AP?Qi3OC35mEU$`^LQ%ePZtS zRTlDFnC!}_1x`t7gEup|yo%6S+q9U0umMmGT>6@+t$4#*vlipSw-DQcn;qP4Y-1Q6 zlo-vPUp?LB>rS_65GUo3wg;GfK=iJ=Ox84u3mbcQf_P`85xw2*y}3aMjgaPk%mH{?;9()o`c%D+3ixr?IoVx zX}3s`1Vto*PC54GvnNAaOw&@^Tht+!_g-@WuytHlvv_Mk(_a?%Gsye0Fb7H;nO84r zZ)@S37Pl7}gE=Z2zij*0%DyhUyw`OZZ6mt85VHfcxhi{bGg(QQw<5^!-L{u&8qaYa z^-xYucY6%KS_#I+cZf7C0iPL5m!FF)V?Avui)D)8$er4GTu1RWOAU( zBZ0|1{cDxGp4s%dV~*|%tBE3V>dAu{0ORIA(um8Urz!GRhCD}q2Z*2hQWP;PjuUI- z^*obZU&Id-CaY_4ZD|tP%ODDyAAq?306f;tS2LPEchapLH3W>55eFG8dW_e!-)a|- zL?E)cMTmt`@$xb4Sk3e+l@VHL+O&5uYBzUNqHo;b9o}k;@N3&VKYec{s+3=pjl*!p zezk*c_A13KZDhF+C=VKmH=Uk>u{GZj>HZu`cr$Zw^F&$M6CyM3TE%K-$j(Pw@l-c@ zBv5H2=IAgey zdB-*8SH3p5OQ@oiHbwUU9Brn{j;CFB;w!sd5-Y0<*p~7_P%E%F5pkOHDf%w-)r|A&fO>ZsK%WJi8PTcMH_pMaB6V1@>BMqnd0ZO_64oK_x zR}x=c+lg#g;4h0R+(4q@?i*pE`4-X9@L zo$dM$S_tN7?jOQl8}O!{_NxGv*;A5N(vSixu~kvA^ZN8}O@8LUmcp~A^^z5xhr ztk_uxVk&z;o0GBa`@Hg>9}6jA0OCB9y@%lMaF(XFgtw35ywyGaIRX5^{t2j^5uW&Z#TTQ%j~ zyV+R%rMC`Pe-BL zy$61utzcAMqyox2O#*#c%&|7j?ZycD{&n;3io9Sij1gL1G&Y+u@nPcr4{QeT+u;cUF^u^c0*-PYC#jt!sMR7Pj|ShB!e3%Rzu}E6+5Y4I*TD0H1fS zRi|Q;R@C?%WKZ^-FU|)Hze>xQhf~3RBiozHhD|;>mJc&&G7dn;TJj6e z58Sj8WVDDzTi&{3B90Q?!sClf%&^NOA@Yy6JcHV~=B}(Lv*BNj-W|Nrd~5dG7~;3Ey(th}ZAT+NK6{dC zmcQU{5_n?P&JA;Jn|E^>JT7oS1ZOMy*A$|au69w^Q|@1cQfXfneh2EF0PzLkU3W~k zD+2Dsvoex*k5SgWPyPv``$+2_vIp%?q-Z`P7WQ5Y@m2Eanwv=>+0V+4u;(1(^RCJ* zHq$lawukloc?GVQs2i(dB(98sMGMMH`QD2p)ueYHg{-Bk;od-s;v!QsOX@v+X`uBp~OLSnU%=(#TxkXSYh; zDCC}nc_b`Umj!$J(zLO~BFL|VBmtjV)(Fi{xJxKIOgqZ~^JI6XTgbj{*%-y1^xRIE z$heHCqb1yfoyWMXC>b9P0YEuJjOlp6 z5nt%n{{RH6{jBYOZEx8#!2UO%Shv0Lj*AcWX0r(xb0T0C+Ibz1KBlH|_iSq!T>HaV zjESBgyI1&5E66-$q5ZPfX&JF?Dj232>JPPWPeNrIpO$|RJT-ZuYZt^46P&9l= zAGhFZ@CW`1Gy6YDX?bnq{TENaZ5<;sv5GG=ux`Zm!ThmKGt|udSGI@N4Ff61X3<sAB-Wl)Wk&wlh8?pbl=NQ@5T#&K8S zFp$L&_Bh)n4>;~A-=VBswm(|G;E-Rm#gD2AawZ-g$b^)S%il@gEP9Dsc}uXnp` zFHO+i=E4}@45Ba?{pRAZXh)Rmz97BSEd`V16-E_7$geWDDILl(;%TAIz~_ZN;=1Uh zDN4ubFYNX463fIIE|X;xhUZbYh}&ES;|>pB*1p8E)Hkdw!*LvaE3oCL*}BUm%Lz=m zz|I@6_O5n&pl+8gHZKD`D@Zeqm|i2((G?NA!w(dJY`d87P4@ZY}e+l?=NxRb` zwbar%1=PrMy^lkK*jDkCfkegEz8>i^#{Nv@We0XZ19#(IZK&xIX?9m&ZZT&g9WhUw zcItBwqD_Ga8{0iAr_$`=ivGq&b%-m1#ky1Wgr3oRtm)R%7P6WLlmW_&ZZ+jvrlES* z(n?0vbMl<^`qpD-F{xU4&dWaN&$V9gq_HdcHyc_Q&)zFpxQ;Bp;_KUcWW;cvC5Xou z&2d_l-S3yCEM`c&)+(%{I5<6hI#otCH0CdjGVa9^Nfb;EcK#~l^(R%hSr!t%K2<>I zYiPuYJC@mExtbr7<|m$e)!jo#ip>X^m2v?Ec>=8EsLq1VPqdy0Cb%f^0oOlx)o5*n z{lizSdRRCk1 z3!ZYdV%9sIK^_QQ%$VeYMrorN!J4l~~jE+mO#kwF`Q#|DDY#^~Cc$9VHWGX@_n-&*Ol z9Zyq($+*)ZS!M?$6SlO3MRO)Q&1+EBEvJ&gR##FTn~k;K>K1oWX)Ngpd6WaRo+_oV z?n&T#D>*OTTgx&hILIgNoO;)_Xj&`5u1O`tC?b_tZ#gH@v24;T?e)z%*ZVv*?9tiV z#;nW!+4Qd-)AdQGT|yrYSci}U9Idk@v+4QNsRW&l0@KI(Z-+cJ;x7*vU9RW34Cg=U z$Rv@E#8)e(cqKe(re5lH_VY^;ubC#&Mmg_VD_G6>p2hG(!S`A|wl$mkX0)}EJ-b&W6$m6F=+n)WO-PmXCu%PP-)lO zmN;d@fO+Sy*0PJUG(8`}wkZtL-IUyc!N47>a@WR|x7voSX$8ALkV+KqQULlBTLHrS zQ<~Sr7J4+6Hj%yj5}eG9{63icO?i%kr(WCZmQvgk8b>HBr=zYr&c-f+F zei%14)+sfVk?)g|Gt#^LPe;@>Ju(;y6E4m+p69(X;~Sn&{{RSHqi=ZYsDOkK_eMWD z(YChx72Uvs0v&b%ISCL81^U}II$SwTiq> zZ{fF*CoMB<`{|AaW(S*F4O8u_zCix~Hr77gwbb4Ht4~>ZQiC_dBD72Ef@F6afLA32&i=ZCPX^B;e9(5naQC zW3~qyhcpPyd1aE-V+_oh;8p7a?KQhi#7Tw5F`5AH>}Q`(wUQT+omq=>+dYMOt@_?v zYEw@;yIZNslhYIpc^;LZS*(^nY=K7BzyKbj)K>S1ttPVY#-*x=a})?mwm#{{8T_a> zJd44tt!lbyxYWzXCU{mkIIe5NDpycMSsFEpP|t(c6%s=_%O(r`&2i2I*QT(R9h}?h5MlCKbu{Htwshod9 zK#o^Z(C@9RlI3Jc(bsqia!B_btC8^S>V38EnMPt_HXg^P_|Rg{Q1E=8+E@3>sN9v) zm~UJR?Z>4ox_r;6OENk8B0ui<%X=In z%XKS}jzFLYbp2Z2MAR*{8+|-nOb!?xLH9M+>kVVB&8J>{n%>-|K4d)S)YZZCGIG~L zo7cP_XMKNZa0Gs9pxnd^mCvnl`uB%)i%aQr_yaj^ob&HmhdEN!63OGT*wGNY1JsXN z%hut7?ok|yvO|%>b~TjP;_me~w7Yw)A@rt(5bGp^oE&=nDc=#iB`1b&^c$-y%S){?_S~|0dEBy&s(&L@C)~X(a=sr+=f7j}fsl>} z{#EMNJ{+`-GJ)W$+Zna1cuppY>w2z z$GUh%%SzVZQ60s)jfK@)13YjAb6z*mEn&8~w0MHtx`7`*cihonv1>^1(r8{3{?Q8! z%un(h;~}wLe9iWiBI*Y~Sb>2^MX5ABCf`W8xj@Y-jlgFGj%%GWys$@WFf-ec(DRC@ z?r9CnG3lC>oKE)eVh8LFIQ7LIAMm!94yCJW^GR=Os3o}to$GH{Mw8;ym)6Z&Y8J#AZ ztUEhIV+ibji_)s=5-Z#ou46t>P{D%&8mFBB!1#*Dm02NmC`LfeO4lp%f`T~;I;Zbi9RT@FoJD=UfZ?j2L18LEH1zn%Wt5=fPU9Q#r# z=T~lq=>?GCPC^A7=D5qNn~f?-U`LWkljZBqN3B$12E~od<;)O8s3M7af;u*9(EKN@ zO`~csxkYsk^JRG)RI?dwbl2C2U@tU?^2+4o^{NxwM&!J+>;M7uGz*oOS|yIJF12wK z+LgE1c{`jCR1Tk7uc^MTZLb(@-Moe8E76awBGfyVHH)=-YhxTO{iDc{`(wBDtlRAx zc7n!LxQ17k8-PD|>+eCCB;FirQt&fj!N%`;V|ZKbH+GjH!!nY%V~)H~25!BfPo>>l zM~K*~W94jt_|%qhAF{Y&5+(;e)VYyxMF_0Kal1)2V#xpwwS@%9YGk*xUp32+OCCTb zgzjr%#nrS0hW2D)MsRB~^5!_8k|kl~4t`ydqXcunkhD_< zAO?JP6cSd{H2Zx@SuXA!H>t{JjGBY{D@VJsdppD^>?J4R0aX z<<3Hk@Id@)XI}VE7ME>zt6E%1dv7Y0QxW-h0q)?J73Hg2+%!@R zzjy+9_w7<^-YL^;bicL18$P2kBPSUrupabE9fo;6jj8HVUfoZr$#XTlrB25`a~*M1 zF7@q3EnZ89wuLn0Y(%mSU*E4v%+0I29hZl%ZZ$C{+icd_AvSiAkVmntKNHKKCH1|< zpf_HCb%t9*4FCk?(zr_%>Mv*_x7NU zQ|DL5TT^W7dE;9dl5$QVfz4K2OL;81>C#+R10GT3ki;H%zv`PZ+`E(zqUz zWujTw_-k0cc_4LyAhE@~W z`ie#_fV99@fG_&Po-%!?GMYV;!m(V~Mp27I806q}sr*r-4?f!V()HFj@@0wBK5-+a zeT@Vjf3HXVr@HbhNG+sH2lAI_Bo6iC8kVIs+>aDarz;>*HNV9wKHq*s+k>6NpGif)ll95|Zp@7G7ezm0D7rOCRhb>zA`r5--yk;4X zA2+T6{{RZoG3sS2bUfzY!MZ<#yf@+x3daL#>2!@3??ym7xj3&E(YzU<$$@zaDF-@c#gcr|@0#XpqAn_7GK$ z(oZv-l78?$g0Zk!8(RLWs!45j)}ii+1&a1H&3rtD=U(vctG?x}ucDlUQiK)cZqaKxVJAPQlpwCcwuV}yVJ*J}a zN4Q_ zO(xN;Ojj{^ZiE6~9OU;MtH&&LYo8Upv&zW}My4l7$-(E-){7dRkr#!bvWYH?mNuy# z(xHh4Zuu3{Y5pktHOvt z@;kU*S$3#Xp4?SCZ9(lVOi>Rhy>Xr2TFy@8bF;6|wfAjB1ebB!I2>-^a68x1z7y8$ zwFoS=QexC?qmZfC)zn|)61Sn;@8i3r+z_vv1dp?Jq$)3u`# zBiXtPs{_jdIK>9gk3*W(VAb_|tBCHeCGsBNNwu8u&uXvZ2w%baMBXB?w*J$e+^ZPR zB#!)gQDW?t=gpdz#9e1spMA?iZ1PKy8n*){psvSAwDAU`Dn%UchWUb#lbWc+md{k5 z!rIu8Xa4}NT=$7}86lboOpP0Xou{d-><1|g{E}TM-?lvd2EB_z zzqh#n$kHyw%Pk_| z8rAD5QzQkkmV+wseb66QQ)arEGe<97HiSF33(l_yPeq3~|J)Qrn{ zBYA2F&s<~w0IylLjG8!0D+|x6Y)~$|#eH)GzMlx0pkFGF_9|yVp6V_;Tx4 zzWYY1%`!*I?isC8(9$~|$Kf9r$D!&nSxcu9rFJ6`!u!{yYR#tW3FX14MR7I*m5hDd z_BpJ|g3!XXoBJ9WtwgJtA8M{SQC$Xu=32yX&WH&=GZIfewJ%)@O5$q1F4DBCsa-5& zxWCvissSu|4Etv_SHR1!YkI}hy3MjJleXB=i1~jig=-o{7B2qL_Gzd1Rv7dd?c-L8 zGa^KBxP!`{%Dz6e@RMpXTTW&O%y>`%6{1C+=VS2h!YfNho(x+7lFD;}1w}ToqWF8w zx0Yn{MjUT$LiFjH(Li@RL&aVyiuUl!Z!wFLj2>F8+Fh@T;U*7HNX^P&4+1yfVxm$a*EqivT%RdkQjV*V zdFfg{21{=cN-fMTSyZ!N@>F&e3PiY{LTHydC6<_Bx4VqXyE|FA9kEy2Q&m-{-<;}gz-e1oWTdym)^!BP+M~N-Y#!Gc&VOE zB`t#(-CN8A4qH5bO6N4KIy;{xE4NtCADOYsR`Gh4ZvOznDW(ZN(2%OGdBWhD;yhE~ z)Mb&?3n<}K@<68|T#usdH9LzLhUPLRPCy-xYVJHU;sN2Edra{ioML;3C05#4;I4TD z3fq+HlSk?|h5Siv;#&xHIEA(*K`{{?6rQ6UxvsrsGa^QW6$EEAq`Db%>th$i-VxKh zQ>8~G{1IGT*(sLUWIO^6a6dC&ENkBoHNAgkkE+QWhQ*o$jleArJOkgbuP+l8b*4`=Xe$t7k1t%t!7YDi>mS;0_EophbuDrocj7mL%2?hrpWeJce5JF` zPyGhJM7$@d%b<9RPSj%rx;7h*i~dD*GnS*&`yHo;#TrUnLaQWFuUv6ok-zX#KiSR? z+AH7}jlLdg7SPG#9R*)m&@KuFk+uR_Bt3Z<9D0vR4rxUG2fSIN%O0nyvgz~NO$4oN zFPg_C(2zm&=QZZHQa_s_`DnP~gIkzXrcm_@TSXjgSXGKv zoJhFxF^qbjT8?QE8CMw?$vvo$)XT6gQC}S69MsT9G5d@_18V&##hou~w{?E=4XzuiI?h7l9J&kcyLzC!yf${#v*HZA!x1FbK z)O6_^_sBkJVIbr;t~teiOMG+qU#58P!g}w7=4-jl8~r`%k%>?5 z7-af)71bS#qY(lbTuO59({c12s@W358y3dypnB6T+LX&X5hSBx_ZjMHShut12hd`t zn9?s&;bQsg)4ytbZ7~H^oFbg@!DH!EbVGBd(ywLEwM{o(vAMckPSlCu^2f~#ira%J z?0B#4Oa2L~`&<72!t3}a;C)rxT=?!R%kax>J_OJk}VAG+Qd@dEgx zN3ql`1`=VmMCs+oI*O@%6!G1$AZ|v)p5nNwA<1Zb$@_Bt%z8KNZ~HO$&*A2y4D$Gw zO0}0!(cUBTNQIbqKD3REvIEQ-ZnZGhambc4@pr9i@v|Nh7;qLXW@GrDo#8l*QEiFLd`> zq;ToikTehcaq*8(Ys^zhNgT?uN9KY-80ER?T@>ZeZkg+U2W0Ulh4uR_ej9fF%$DoQ zx>7Nf94lx1@N4xaL)PHbt)jTKRY)5JNUpfa9JM24bkC?t2JyH=eq0_apO)mk;Xxnn z^PG;=Ys}=IbGWovB!tH>K-l90?wZih?=Gw+lkCO3!NV08tO(v{3%I1x(->RsMTz3uWZ!bTgN1EsehPpit?LXb#5MORkuZsIY^HOJIAeD z5M1bP<(BYUAc9DgE_Sc2WHy`@aFfPfB0bwc_32suG4PI~qDa1Ukx6Sbeq>`GFdyVm%*{Dd-1BP- z)YIofI}n?Km{HaPuD4L<0@g~`TFNUonsx;j)*-)2`F z9iem0YZEq(j{8ou@ft~~p;Wnb&I!ij{!MuO{*`fUek`SoD}$00s*l2~s&2^%WfBJu}1q01@uU zfv%=l?nE02W9Tp{gnG5b?!6t<@&=7ESGa1H*{?2#t7#D0&Z~7IB+jQG=asI1;*FK8 zz8XVf(VNiTV8QL4S09J#R~Mn5F19>(!QL6R)b%km*D=|g05jFO>0agI9|JytZKqys zBFbO5%h9;&n$c7fiPUHo5M0^YK+(k`wh>MSMQCeUGVOG#&g=B_&a~9Yd$Bt(sc=kpAXEhA;4jb@$|v2d9kO^*7)J$do43W8U!(+ z7g<3(d^#}C0OyMN{{X?hD%G@TZXnaAo(X0u%_BF=*zKBx%~~^jRBiPON07n(ln&y` zIcn?v8+fW+GSPJJv&j~oUoHn5kG*XjjPyRC(mX|`YNp!8#@yQMOvp+5#QIl>d~Zvw zH&r*2-o-74l%@gvUj6?7N>f8l%=x%$lI0?m_QdBrn%~n=gQSIoY#ba8^_i*bka&yx z4^5I-Vf$laAxCprGx&o}zf?mWUH_S4(jUPbnhfENsUV!b=!9mbu1;KOyL#|5Ui zkBL<0=ZFEd zBYb4#R~^8uxb>TBJwi)ci-7nWNc8kHIbUEc__1VN3T;}}>_sdC{ZTkCk=xe3bGy^t zcUy>#=Xc9sbj>bZMtZiN;aJ9<6|^#`c>rwV8-1&vm%{fJ^W6Naw;*%h6|IcsXHBQR zpMM*~pJ|RlqDKP)I`j=P8zn_$Ec5pI(PJ{5-R`ZStlwq1W=Gx*?u-vn^yax80tL29 zgN?5%v2ok4YQgSp7j$ez6{^YsU>mUXt6G+o4fIAS3aJBdayn8O=a3p;4xWsGNzNyju7OsjXNEEf@`&y~JvzaE0um$88Z7H-(-L86m}k&WKiuO64fzDB5i$9pSUvtS`|LUY%z=|Gv>3#$z-cCxykI zc&_J4)hE%K!7X&wZN@wSv9s6fOPDNrE~?3?ypza^PIL2fT(!N8jjhAWa$;0|6rP`j z4T;39u3cGJY4iU8W>`Y{jD#qak3cJ)p7-rATdbWOTfsh%mPvDIbV6K5A>e>`sdBMM&D5IG+fTk0jUBDumLv#+ zkEMBkhx|3D_`+!|#l6HV*=LoP?*9Nf6s}s2R(dX*;AQaA#IJDI5;)1v2P5fTkz;dj zZKceQ0yV;+3Qs_LRTD2G#pSctwJ4tY?(Hq#%pul1VeozHKTy%{rnZ`RA~N}Fli!Mo zM3aTK)n{v1tRWKF<@dMnvgfZA?YhS!ROfESjRf*{8K>%+rl%^%(oYifUVB%jX7#hY=3014>rb@P>;%v*o|3Ce6O4vI)P9xS_`|}o__ALM zMWi9Hv9y%BD}2LY$Rj_EZLy~!FZj<-@Rx-=EpK-Xf&SWsu{?-N8AoHbyxKiUuk0qh z1^52|cRZ8ytmN)zC#aU5ZPXD;pz+5wPgT;Aa!Vg2*kdH%W}wfTQEaq3$gM6RTeg~3 z$qTzUoj0N_9$zqO5{nsx}+2T;e%7kCO~wJ8dVG>?_nf zC1GbhvRpR9&JRC#=}Vjqy;a*!Y2t$1PL8HBT>;2F`K}7bO}Dl$9jh2Y+`}HdY5?8S zW_N+2)GXE6cwTd#dR;>9>h3Y8%?hoEQuapfSV=`SK6=SI!SD$BsNXZKy)0 zNMR{yV^+zKbAaB}sn&BacsxY&NG?_79P)Zss_9m?mvCAeo8L0(JPby}5CF$MwVcqT zv@ZC&RkzbLSz|D?kZmB~`&TpY<{c3Da^4$R8X#^Qh~zmW6W2eTL4gO1qZeA+={EMm z>?NC98mw&=VJ-xlghaJS?+9?A0Oixfd`~LuqX#|E+YsocvUrCZjMR9_;z&_R7 zcz;Y-WsMw&nFj=C`Oz(`QlE2f`#`cXi@kzbw{B*~T8xOx_L3L!jDzmv zDy(=XCz_iPC|I!trIKgLR0BB3uDeWoOKV4ybVMJJs{zRR8r+q0r+~NiUEQ6Xyb#53 zzFCx@$Q^h!=3m*Dz7*G@vcA5xxKjv~HXpok-}4kSY0KR9KMi=k{GbhLh5+FSamFjz zv`D-qcXs;S>6#~s9kK+I<#C?l@%q&ABGR$)*TfA&O}z0ItEg#K>}}d&RfA`t#d5l4 zqL()h1i(Sl=Jln@C+2ZJB-6#U^sF5jGEVh5-I~c;Pc{`3Z#e$#X3>L3ai(b(2TG8~ z=Db6e&l_r})24z(5u7j^vP~lyM#U7>C6G9bqROmSj`d4Y)F-sGX>wY2ATK>Cc?6Nk z9}v$K!g=URA5p=mWV>sdmAH*CTb9~52B{*{dza+hB#=ukb_NBGI#<41+i7-Mb+yoV zu2xt#XKo5Nq5P;F(Z{y4c9E;JGDM7c1Y;G=>Y!@U$lC+Yk4|VJPUTMz={m-n7NHgW zv@$^<4z8g5qtNE89WCxA4Q&Y9k{gN*BCKdzX!E>o;5V4L18C$|6R7BqX>i73@=C{X z&1(XVo5Px8YI?<|nnk^m4Xh7FKELPIyUkwSJtD$urnd+W8?nVHL=PLXx}Q>>?ESh& zh|A_6-;kgVgWHO`AB&zll(wEZ9J6icaw-7rb(_hNbnDpdjjS^+5ULO#6| za0X8YwP#(lQrom{2nV5Pg5c6w|&e6USv zJZS3ZRal&DHJ1!?3usb(|&fmtWF}bWDdF{+M5hF8)j3LUf>?^K|;=SgJ z;i&YR%_mLNe6ZVPoE(hz{{Z#Y{HI5=(D5%6TSKc_8|YRWW|6YSFfp3&{a;PIGTX&r zYaXJ?;jxYeJCRc;+?NJ(_nK#jZKt18z0wca1B@lQ5>Gt*pmAMn&!9)AE}?aAX9R1s zA2D!8=gnm(*f|*Kg<98hfYJUxQ4g7N*h5h)J$s=IR9|wQ?C)%XW zQSMpsXTocZ6U5PKwof&!xsW?s&FxrvzpU9jS5Xm zUzXYjnN&ySzaShO9D4PtdOovrsNBIj*+(Kgq{}f*SDw8yLlJYuR_gkT$q^T*q=l3Z zyerP-j(eMzk*%bN=Kvo5^Z~I2q>DYL+AYkA4oKUbr`EkYM7+0OF4pI1iH;Z^xHO)? zd4I$^ohrug!5X|UJO1df=Z|q%z81IDM8^0`qRG<=q!3BXWoA1a7NxGOxR${-&6Wj^ zVeMQjwl@>qM80^9L+=NmBhs~sCA%Gdn>%Z8$zu(?-)XmPjks~oKg*iU@jbtWd@ZhN z))U;vCZ_QRWp4ZokxYobg}pAQZ{^$ zepTnS1#+XC@h$GD{jgz364u61lNela_+q*3M?kTcYa}S}vV!Q#%CMlT5NSGu5KpPu z!EF?$%kutc@(0u2xgQi?EK^&@1Pq&3=8zt(ngH_u02N(pej)Jl=r)r}fhl0G(eu@K z=bG#OA4#WaT3(Ui>-B;SMnECS1-9UFfBkiw-$ErW$Iv!jb_(a@b#tSQHQ&|iZUY-F=HZj$vyCEGI`nM5Nn#Gky&bQWZF>aDls_>PAj_9 zG~IhveI{)h`fEpt#Ewf~uNXL>xZ9y>@;zfujwXAF?^|&B+>EI2(z(yvUSG&ElfH6& z5c+#iUCsSlO|{fC%R3gggJQ94?dLxA=e{zu(e(X3*X;;A<#0pxUwYCqOG7zJvA^IQ zWhb$g?cN#Y4r51Cl_~4bd}6(8!#X~QZeufQaN5Mgz8eE^^rqiLbISV|-xV~AoetQ^ zZ+B@uypZk$FgVXb4R{}iZ6(!=(zJ8MG;A=@pO^vOgtW1pi`ReJx^(XI+)HU7YjlKps81w&QddG}t#}7mwEoq%o)Kw$$XDe!Y<)#+__y|%_;2BV z68N9OT8wgO_t9EPsAE#=B!nCT>CI_!lx}<~byz%SsV=LhK(^O&;2pj-lcC zv_B77Sw|!j$qXPg#{{#HoE9B%)AOL!BO6W8u4jcm(ae*#4YXt*!o0`CdVafUsY_&R zXSKE@?0gmyk^BeH&{dB!k4U|{*KOdq)9zrJWiF@?orB-fy-UL$0oLc&ttV!%(zLjl zWPQiyk$npP0Q%?y+CDE?_)0r{2E$6#BW*&~0dqH&HwjbI9=z9-*xZ?Hbvv{kRkBC8 zw26$VAbh#3+;k38mybr%t@SHSO(%PlCp#BEDfh02#hyHE64EH`SM3N`DP6yHYFt@v zHZwdSVvBtjiEgaqp4xngRa^{XoJXfz~VG_!Zh5&S?S0;vTqu~a+z826dmeOPW zW_lX+Ee}k$@TQ**ou}R<)Xt^m5vDe`dSvafo8dhn^#1@A-}t9ikV~gW$Id=oyc{3O zy5ARkL$a`y_00mx&gnq?)MWg)#yZqVGi1tN34Ci8jx`(WU3vVQhyj!LC=T9u2lB69 z)@*HLlH{Wovt`&;L4d-enU>^u_lQ0lcxvMI6BJfv;Rtu~)L}^J&2c*2?e~T(Z?ANw zM!biV0OL6HHK{fu@aK$ed`{x>=KA*Q#IgVazD_VX$*zY}(rzHLVSNs&{Qv?*?H;hRgGNo<)OaU7`a z#b+ehF;4oF?yu&xp56;9+lelAb&MaB``4k}Tw3b-R1w`nENFpz*97i3>T05z(VNC6 zrkOl0QrgE!wv{c~CG#baV3q@(27A}dpA{{wuC*I)uv@Op#C)Ug9{H`{`WES)YZjL* z$YqUN$ONuOsO?>^hFC#y6{ECFgQiDq9-k}BTXuFFpvSFw zeYc9WOPlC#Cz@1MI0#7q{uLg~N4HzebA6@6cZla890QyRs}kxG#L_%&SPg>*l1H^m zjf9!n=^9a*)jrz_ry+>XLtWImWs2H`iry7w84N(=)`^Vd=Z5!0xQoq>X}%- z`rh^4>2O}_7J7&FX4jhD2A_H802F}vI@;^Rm-@uF8ia9LlObXdw_L0t4+Itu7t#JXm& zZ6%yc!rn5`k)B0w7}!@lOT~I+xtZGDM*BDWNACN6mB?wgR=Rt%@y4&7zWDD=tFG|>0En-&hPA!65gkJyFe`u?=xaKL$~HZJO7TyK9mCIa z1E>L;BO5(|tdA7g>HaN6EtkFwNyyD}IXjH-N$m9~1eR7864`lj5X3K0UFL_ZXzQU~ zTHId=uT?yd5q@=UyO{Lmw2Lv8=PjjOMRh#4Dv#zXGIBi*GhK4s`7xPE9#}bIdIBk# zxN2h9__g(IO41)L;`YrX*j7G+oL6Due-B$)$svnTxboPBXxMU`X9Btqxep4|r2fgg zl)6hM;li;Xdt$m@2y1V9cO|v>wz9Th5I#2$J!yv^?R!*$*7kJM_uR)DVPwWP*588l zkp`hFvGV4S06F{E?T^N?l)Due*!3X?+b>q@$c9IJ6T6IkD*VrV9D!m;p3#0%2T*G_ zF6Qx8LoWO|{iSSm3uj2LI0XpFf2AgkeEMt`9&x#5Qg@H}(4LSJN8$ z>PBgvu|WQ5D!r9r6Jyscv)wUx)p!mQBgm+g90w0?El+)NvJbQsAep%v>s z9M&&vZ6MVQj$~}I2^WROv80<5ia0-rUNP|YqiqGKS*5;GUR;ltceQ!eji}q(+$-55 z#^?k5hG(EOGtUjM zg=2y;ftM}2^QsrtNNpM`i4s|fAnjfV`cQIEGsk-FHFCN2&+OsjTZ6Ap;hj!ML2^yEn0S$KjB)Q@ZCgsPm1YGTpSo#FViVNr zY%e2Qs3o{is2Ci9oxg>AoAKkrcKRQQwJ#Id*~~4kT*!qZz#tQbBlP?$&94^OtvOkr zF2~}1RQ;~ltXDQuKRcfUfz)U7uhMVX_r|t=89oVko8e!ItnJ{tv{4)-&gNAID!`sc zrhV#R4Gzfak5B&qf@l8GcR#Vm?V}`KBe)u0!~J!m(X|L=kSa4X?MYZ3GC23fMSo^K zCAP8C^(gN&r!#3+2(#O`Y=%}D#(j=OZuT6ad!ND|6Qr?AqFu^im40ZDpS(S)r^c@f zHlw4qyQe~pYqu^4l++T>NAej_<5|^MQuID*~a$-2iiH$y>4>UXFcUeyVRkIQb7dtBB2oZ zTZErHWq`o#TS4e>$?9E&V^X2y2$|1Lf~d){rG9dx@<&RUvMgD*R%a-vRYqHu#z3jI zs~HF^h)!^)rDktUTXO7cxeh?d1Ppij*F~mZPo&&iYF0)FZ>`xRS)KMO1vwm#d{s7f z!5`>z{{RGm{jKbOY;V~o!*goa(M|CO!w@ZwsR@6aqKqpaVym8g4StN?Y47IE5(Wyt zGM`ac)ZErl=y?~!JuPOi5=Utq+p`p~b%?uEUAIeSaSEDZPP;+01bISKAFjX8CUM(fyyiUp?NPr!&cHx@G)JDuBT3ln$Bg*YY*=?d&jIGRv?o;fMFGT8Pt{ z=3SlF_C@mCG6|ME0`QpB5@n3+fV%IedTS`ccl=2y)jF5IG zKm}pU_Z$;?Gm8HJgtqU)!F0x5@p+_$1FHf4753lk^W#{2Tj6Q+x%`Ol?WHs9cN@wc zfPNU_yD3z5)Kw@eYJ2U{ywMkpNR4}DjV>QO&Afq8db1JzYrYKgD%0p*w~9+knUU@l z?aOh;AXi;wY>RJl>vXLBq_`dR8KEa}Z zNzcegJ*&*L`x%<*3CzT>Y~U^{NHAy6nm&hTb)gHnSgqG=_QiR=tVCCB7SPgz)48pb zj3qAS75=9hM=iXHurWU_I*)4K@b&fhv=EJx#uyeXIRib7BRNRwZ>|#J&3wi_TR0f) zT}L;#4_5! zXr_COo?L1;{3|OO`$NMo;=3YeXj^ieW7C>#rPa(#n^-Gt#xc^I7N%{JT-+95&bS8v z*7l99!x@Ijqw`p}+C6=%Vr1-k&BNL0HZcC=BRSoSay_fewXH`^)GuSdw}eLE1#PE; z?^hU;8Fx1{y$&sMCQ&(w_UGn3y5_kbCV1{02v=2Np@)1Lu0iu7QpZe%<=ZPV7CiI( z>qhIta;#T#Gx?FK?l?bmdj7SYhs=x^ygt%F=9f#3%y#exrFHqUv$6%Sld9+5m5NO5 zJRN+OP_%H*=9T2B>x$)kRVDgr&2Hg=bC`3IK9rn#BIA49!yX#(MVxlJjg_R1uFw0# zJOlo5UXQ5iJ~r0;HKm^srQl0cF+>kQDmfXT%UxSp(X4H*oa`xv29_^~(|ChggiIJl zu1tzQkK6gt$i-wYj66qs9+ayK7PnA9Ki$u4*DdhRRl2s;Ad>p-LhUay9;&(asAzUQ z+r+vKi{ed4TS{XvhcYaTy*UUAW_Lx{K{$ib= zpIXEj^L%~=)hCltxsfvfl#~i`8A<;D_3>I7otC4g#cs)L_Yt3!wtx!#b5#|62ytc0 z4I+EX7Me)iC1bz?fGe-?hKH&|mvT&e_>>h;qZsQ=u85?&mf(VGIisFSZLPTO=eISp zZ>n2)+tr`V-GVXqY6f;UJ|$gaPm@iWXu_g^K;t+S<#FHKU0*x~SNRECxWMA7F}TR} zKM}Wv);nnLBDuJowy@9K6_aUUd3k!8wZp>DG@epiOo6vDary$J1G?c`T_CDoMEfT&w* zCNf(!jJG$6(CkKu74DCyYr>jU~0W_O6tNPL@ekPi%s4YDQq{HZJZX zduRJvj9?F&72kLh!q#_^rPQ)nt;#C`vYapG@R= zDO{_lU1**nwzjyGc~`3EARdE^Vzj6GF-Qb=8;$_Ra7_f**1U=+^snAKE$Vy(0HeYio!uS|b*6y_iNa-#B%MLXp$H6InPs4uW=As>DJ_|;D?EhSr1Bm zo!d!wsaa{ZX4Ss)0+|>cFi%=d_XC8w_;oz-+-n=Z(zlXR9cx4T2Ie>*m5GZO$i_MJ ztjke7631Nd{jH2kHS7x_aUwD2ccpR~-nXUc_vwA2tZ#QH&A?-Uj(U31H03j8)~DCa zy``A8jowYWk81PXQr3GNLgwD}gSxp=dmp6@4Bqgs%P&SU}YcQEYA0mZQJtWrDYgRxQ_AHcgzMGlb>1u z?DSt5X;D6(r`^WT%FZJUqdT+HHSdw?`rVz3@!RL@Oowvg_CH&{HvkmvqkzB2dU_%P0=){tYmqFirCy2jfD2B>BfN$xIF9IN0rXPia~9?kLy9z z33M^F3pASX*h=0?oG9#TtMG;NdbPFdM{{QwwcsPZ9nNuu9q0*5vBzs#rh~2PGk9Q4 z{{RzJUG9W*2j00kJR2UFBiuzfdwE7YzKa-rZrUB za(nwz?Qdtc**ccOupo}0=7RNSsb2WTE8RIQmf7aNY<=U5)s0pwNVH>jaQjvu3k>pd zJ5w&lI}Vv^a{@>|c%671KDD=|+e@d-7ui{U%uY%UfYKS!T(;JUTsv-;5Ocw9}{4qK!l|s8YD=iu3s_;kMGQW=CswKRX0C z=jmFTMqLgMP1UYqc`cQsVb^mUmZ_}uT}MmRqL{HE+m-bcSkUkMS#+1$b%njwpDRT( zE9IMm&;I~gw6&ctOYruSqUulsZ7EC`5ahS}Sg7P9kiBg-jV_;ct?L(SX=4r#2QKHb zkMXYxo;^2F)^!`*J`XI-DSmsO{{U7fNuqffBzkPtcTnER3G+7q8@6lJbc;!@<5RO> zUrzNBPpK{}-PQDcN*yZh?gjz`P!A)5YlN`VXNtuhdxw?r!!hfMkg-DY2-^>^A8}Z6 zTgP*C60$#)xP9Je5#L*B_A!s#feb1>UB@RrwYO(#E)|w0Xe4Hgu)g^*!T>tcH9Cz(&cMZNv9xM{4l1So*}fihB;NYL{8je1R9C;cf1Iye(4MX@mj>qL7umwYEa3g`4Zfiij_Y% zdd%?>Y4^Wj)L>}RXvvA2AeQI!9X~3o8kC{bZ>=RrZKmB2e7f}wiuEfEOf7}RNmXx| zx!`?i2=lFW+S=OGh)&_VdVqRopX*#aGF!B)jC`jf{N|!>prnkAQqnebmfBJQKQ>SD ztr)Fkw}Rehg~C7GV!wK_Fgoa@hAS_%eW&Nn3}dJsw9DIwR?J;Ou1DSFXbT=|Hzm-t`+ZiXT`3!3Dj9(Op8E7eaCL=M;>lj#p5fXN)L~Q5TMtZ%Mbb ziba;;kTyLzG!e>lx5_mEY&7yDi9qu~80N4wOWR!{R*m+j${6|z4WkE094+C*!gvt&jCH?Z}uLe_Pw8?7GqN|MsuBa${e zAUjAL5ufwT7b+*s_I?qHT}Mxr%gl-#;Dk5_KBBr`7kF1e@X~2lQcCjOTpunl!v}X< z56Y0`ZiT4s8v4S=&RG&DzU*Y=3bfac1Hj12sCu08Djd2Jj^^*i*LRv2ifCiMj@d{? zAa2K|de@k09xF@R8%af+kV7#Fu2hasZ1k&4**y%KhKe|3M%wbae52B{v?Xg4yO!og z^I3yNx!`fqgBEYYvUgohK^c{X)yeBmie;8mlJta7dUmBK+{@XVuDPs5rs`76hwUoz zZH+O7Vb-`yyPLb)scx1L1VxJ~58)n_KFqrsR?5;q%_rXJ?^WhyX`@6qJA#ak^=2&{ z-kWTeu}373JhC=<$K9sg$8U7SODjkZ80=^fw`HWQ-`Udz9Y{GRrF&+Lr`y@wHkYo= zbq1X*Sy<40=En_#^%YTeHjP7s@!o~ueJopjggd*bCvg}j(-rf6tEEYOHrH7ZbH-HS zv{emNTcd#S#+PxVSS(iaKiG4j=0plJgSeb?icV&!=z6Y=uUM_rP~BO< zJYRQd0}c7t0pj0=dS|S(OId=a(Wt`VL2n5TTePivb&9caN7?YgI|eTbu0%M6tNHxVAffc*yfIKZn|Z zo?kO+CjL=8612ST!Qc^E15itN(A^WAQGBfp{N;W(OeMelrhR$11_o#{&XygUzdGxPf@SIn# zrz_74(5M;MXeiFRW*W3s?(RYuRRa1=|CP!t2N$;!<7vir zpL)tmQXMnj@o5ZFfx5Or(;O@ zo+aWx8tNKx)Aaox%GB;>Q<)HOr_!lEg>|17M%P-bj|?#|7*o{ayG}k12)90IBgtXOKDF}S#S3p3=^i4tdl{Jkeb6_YKtYf(kHV@Y`y_UL6SIfnEzRzm z@e{|(qnk+gswpROj?IJhuFu0(dL^UW+i1Fo)GYV0S()>>MNylkbys$pKBcEFl^ikM zYA)N%%1_EW3|2Oo@OJvuB-Ax2#p1ITOpJ8){AeSQBc;-`L!ntsd#CBb2-xMZ9?i@@ z{Z;bMiZpE>#l9@NxV^TL%Kk>p$^(fCgV*Urg=BL+EzvE!8DS2;qa^RLaH_A-v5pVv zUbo=CiwUggl1buyKHkO%iIJK=;$L6#D;Y?hR?l(JJayrXAHvsOF|c2@A}o?@Dl%in z1~cESVR$3rXTy&i>K2-Qrw*}YeBq^7%os%{xo(x4n?v?&?Buub?X=f%t%a*<3y~Gl z6Z@}nInQeO%fxo~wpz=V)#kalal3MSyM1{7036fjeMvk20Ebe2yIr!0UT{v)-FOLuFf>Gsc~%*?sn$^riX>#F8vu{`U;sEX178qI9Ujl^UF>}Zq2 zmNz<#a_RzCwB89-8OW^^#?k38X%_l@tk#-(=G!M|$6`3IJ@F2KtV3jcyW5DZ#?}!p z$`$jR)tR^+SE6bfvUtA1H8+$aPO%k?XADmnHTUJVrGGq7Y1X&bX$iv36E_YA9QO3A z=7BpLkBBr2!QvS1tPQT5vN&0#0~=S{73O|9(lp-%+Ru0-Yy0WsCJl{~jGkN4vSi%x zyT29Owx4mRU)pSuP8SV=_~>hcUm4xXE+=#`#0kgDLl0_EPpFTfd>5wbz9{&2aXjgB zYo**NNgRQl-Lv>tJpKua&q#eX2M-J?cARH*S+_Dd--q`z_)}R+sI6^RQ+Ytf-X_OD zd)4n2YJN7h@pb&#o$I_4k2xViHb$qNpbxDIHy<)4xzK!5sm%qVHN}+E#3Vtuf=KD?KGW^U=IZ^FgjmEb;dc^3# zqd;(w)s1Q>@nWHj=jGcrMwnaHqb{iA_h+^0x{o;ECx1-@YeRn#Ftlhk~;aM z28gae_Z9R9{3_i}Z5-X{dPMhdsLQ%0Li65{vXR9{r#_vC=C+nuOYFj_;MNa`JTarq z6}wGp;gQP%1{jh$ezeoEs-C)>%pMJaEn>7tNVVKqM%;3G(-*<>X&SDY*3c<{xGcov zflr#mT=mUf+Q(J2ks97LSBuMV2lYQn@_GIYjdxhK)J4bkWt3xX)*0W&w|bkC$d5|V z{u5mIM&9RB)oyOD(nJQ?NdZ9j9dXy1F z(mQ3^CzYERmlig6cY1U(XUs7+(<1sGYP5<_IejWgf}5h7PTXTTBi6O8^~-qT zxH7=5K*n?P4|-&r+~-idnWVP7YgyXA-Bf4q8qR1(w%JRiY5H_) zsNBZ^+N2^dB$Lf?+V_k6G!o)F3|{Is=Mvy&XzhSM8cH3-DBSU_UtZL;%ZcqFLu?5E zalx*SNbt6tL>V>^cH5x9qJ}%rfFMviQ39Y zB_#&qmL0`SZK&Q{#9qz+~SLz6iTUsApon*f$uhG4QcYTMHm0MW^)z;-h7 zqmJL>PAfu8neHdkE(%yi85xG)2PAt|wcXSI0AgO7i#bFxAp@>Qt!Wi1gN&NOOH$&@yF1%mBKdyLa3e;O<$RnHeJbv&p;>DdT8+cq z{g^q+;r5m$t~wh)@+kZ7hkQq2sd%GJ)Wd&ch@u1S1d)UHwgdcC=e{}kb@2v25o+44o#ZD) z6JSJg8CN`=zl~QeuHtB|s?U9>+Ufc(t2C3r2niY!jib<4QQ=ECENyNU+3~pGmKojb zE1prZF>9gJ+{>avYa|yiyG&H=D%d&y01EOuu&mQ0E)hxNjPY3t#(KhHOoS{+IbwR% zDDT<{;f3(H?~W^2$PYr(?Go_AID2{G&UojMT}-oCK@@P!a*^jJX&fN;s~Pj3hz6TI z{PMu4=*-yzt5-+iZ8J>a|ZDVT^guzksjCK0e+aD1@s$yxR zcZ-gPuj5(~QU|~I($Y9D1^Z1K8RQ{K@-ll5%DA_g(_=Yp%1Icm$RT^-(;B+{pwAo+S^ z{{Tv<<4+0Oc&9_WvAB_h!5P*;)pmkFA5&bFor+JX@LTv!*HD`6fP5JL|6=kc%U^Zp4%`%dXUwGZs8p!h>px_|guUJ@^3eH`tXCyG7; zsp?dXzlxt)=!?2&)>|K?`Yh)~)h#t2Gs}3}ApZbL`q~*+UC@^9GLl=|Mp3dd4n`02 zschn^eiDDdPJRN98T=aYAA(MrZtm?aUsusC2*X0aF=Pj@Jn%j1_?PkSgmhg(>In4v z%V1oiBaE^*BrrdXTxM}pk>odf(sfy~QHL1*8m%iT2o@ACE_2g^^{q}PyFy8BA8gX2 zte@=kr=(HF-*s4HBsXdXh8A@w?7LK*qu!Qlh=i{SFg$MK(t~KS<-CD``B^c*?OXa> z_VXVm;bLKtko<~#r*se3FZd&G?SFgwCH~e0JVAX9m+-&Eu9`-qjLb16aU7d^W9G*l zvtQrsj-zjNVv<@+F73=|BohAs&sdmcTl#%LsHq;N@{d!R)pYfiDdCwz#VF@JtL0CP z9u2wF^tP7PH@Lg9QdK*=eB^!^HOVNMw0={3diZH!;|~aGz7%_Vk1pu^sDn8eJBB;< z{Hysg{h@vnzrv4*w;DW`*H`*mOCnkR=qA+9SM@ywX%=TFqvs2V3A=H+TxT5g9`%s+ z#@^$3X4-fp1I2Wsj-+nM5_yto7kpk>BWWX_#YJ zsK;~rgXXRrkC*}0sxd2+eW3eHaxjI8FWw|$iiW|AO7N1*ceXt-n$)Y4$n%w98x_g> z!-~^L+}k5Zc-Gf3IF=c)^F-s2RE|N&tCVbQPVD~Kzu=KywRPXd{{Vv8PLXwcc05I< z+NGWU0GdHtd#J`EAolYVW1mr9&_{wiTs&Q;!*vdP*no!Vf9ITlclzT$jdE3mj>yFA zZs2W*hXz$YHhYTsv-Yh0opit2Q}%oKiSVxO3v0bpTfOd#(kLc5z$a)YpvWA5v}@0t zOOv*z`Luj!_(9@7f!`H8S>Zi)EA7zTNMFntRbwFsVDuQS`{A#OttgA?4RppV7c;})C}~lw@=hBtTc3r;7;s|ktC;+Q7GtX z37$Q#>OXF|StE`Qwa1kV7~towYrptC@d{stz9+NRMWS3YN<^%B1wF{_25VRZ>K~`t zF1c;5*+Hq=+*=iy1c6nCIqi|+w-HbyckI9=tr zguyDs807QU+P9A9JhmrzCodop7hXvu^sX-HE|i_}85eQdRCFHo(*$8BVwJoSOw)NR zo0pb399K`L2^!yg?lOaqdep$bq}-ss^2u$j+cj?R&bJQf8*KjoJ!?6dQ(a2SJODCz zN_L!(c)|6m7Z=iLl3QFv(nMGm`439TuExmgH3mApouk}H7!?dbAI`k%P>$lp;Xcex z-1Nuttzbl!hg!P!rqJ42MI_MijjB05^`WWhw|8LPm3NgR19=?aR;M)2I`Uso)S3oe z_#;1B>Y`h%A~>a0PcI}o_0Qo*%Eqi3t)8b4hBl3NoZ}eUYCF9$<|{~#nFNHKa6!oY zC@DpCCDQcylI0RqRfyn&>rB@4Z{7(kOi3cJE$%2ZQAbVTX1|sThk^{sgJwflPc@CS zx>fua@W&+bE(DB7F`r-QOU&qsvBhbcQfQVYST3WwepQ>Uc&rF-zQ=Nm_kpgX)f~dIc^d#29G`m95fK)z;MNu*RJma{W!qWS zIvlzXvAn)Txw#GIXB{g}K}laj)h@LwO>;!I)TWSzbGcV;4l(ImP}6kDBV@OMQP|~= zPAU8-N(kySh~CLrt(Bx@A9M`xJ!_iPA(w01t+`1_ECz9!nKC6C9Id{gJ3Bm#Rf*@? zwo>O*npjdNXS5^cB=z>iK(sY3Z_`S(2(i4f6Uu?wp}CeVMihOBn}A-N(lm^Yr^7a@ zpxq1cBFh8+06$9VH95buE}rB^2xs}aaFo$!c^&?dqS?Oj2)}L9eaT%4+QtcYL=i-@kY6Ie`wZl7h7<+9CS72I&a#byWS&{%+GG- zn~1Mwdj0N{+Si9Z%FOUwEUM#cW6T5m{UNZs)pY5HY}hA9*TxphsC>j%S6XzsUG=Lp{{U!JA~L-R5^naZ~AqqYr8 zMa7$u>bi&8l01;Ac7P9B?d>K>Sj#!zCf+wze2iy5{jGm(t4RVph`X|ZM-?6RyK8I& zT7-ZHInLg5?L<%v(e;V1wR;UJ!rDuvox*?!1s6Yi2k`vs>M!gIT{6ylbZFU-78Hj4B=0_cZL(RHXLNTq9ucZX4e z22UTT{HsLCRL+x0)9tkAWRJ^GjM?eanr+pNovujeiwv^Dcmu5`*wtu9;wx*rO+L#+ zio`53p%MTvKBv~PtThOHHENMZY>lvm0C9m(Tw~RkI;V)z{{UERO4=p0WL=Dl(C|5{ zI%kTYisZaj;9Twd$DyP?L)~;OYTH%Qnpo~4n(YQ&CF%#Qc@K#7%Ztr)Srx^m(!=Nb zxHMRaUt^iR(?!#yvHtOt@qwDmk|%*)8Ca|57&OT;;FTH3QVOZT#dWsYTWTT&f>2dX zRlVyZ>}_k8BmU5W;K4kC>39I+?uzT}t*o;V*du)MYedR9j~{84kxisMoblbXihT9X zM0}tAwO#Ooiz|?;Dk8Q5f};TX(*sLfu$`vV?(bvW977?{e52gg4W{_>NND2I*LrM_ zqd6QCoMN)%U~BwCYkSQ;#wFBZxDn!13i%4ebgvNq0EBl^zTYjCv(B;d+MFxsiXVTwcboETam2E3eXg zEn%r>a^Buw3sQ<$vv4@qFX532d8LUX&{O8>Bec^~b&m4UsUToyttOdt_Ij(_I+2LXc)=%YG$SwvzM&Rer(<_yo?|?MF?Axes^_yq7iBRS>;BP%S`qKD= zLY`Z@fhDY{jHX@WV-$qqbKW0{#uktn1djYRPI(+u{vhzKu|AKeYO=?jCNiKXI4ll& zdi0?Ilc`(FVGfBDFe*Y~4y+F?$r(S9{HxJ)EoS29OiN40`BjT4CV>UpB$A@6i5zFR z9JO)&BAVV-TSSs91^Kw33h|1fmrBPYpd3KbUBJN497SCf0JF$hjfd%Vltx*xGmS3nD;6hmad;s z8g8u-jU<>xOnC&6k4pKj(dCy`)9-KY78~8bJg4Pva7S;YQL*$^g?VqNByst2q+75_ zAA6pns_J@ur-rpl%~sNRyopeJo45z*>p&Q~SN1ludY&b)j6KqpjifzzI3S8hjU*iKxIlv7X|AaxP(t!NeR0kONEz01E}?%Wn`#7?Yspd63YKpO-Q3Rb-rkj0 zY@}*F=&Ot_XsP!($^0P&rNplHigpdyb6Y+Z@${A#S2|_bj9c)rNNV{JGNz8^?^sPv z#gcN01K~*N^{xW)Ng8Qw{>>vofFC(mip|95aXF8-T${#EG^hgyC$G}9V7|JFTqABq z#U;6MhjG3m@jGdd$d=MHk0PjS4p%;v2ZVL0;a3+DO4jc98;*Icmyw~@YnN+qEgCVs z@q_9s4Pcm~3#kjMc0H+;81*sU&eq0pI8_VANgXPz)-%n09;lGRG;by&$oX3xK>X=k z)bx)S!0Tb*`@7vfDC1(Sh<|_%GDqS1)=!O~hgDq`Yd7-k;fo)8<_+#CpfInrR=Ch* zg#?VvgUR66Bco}_r%3N{_jhz|)B)%bTZ{WPNeF1c20R|MG~Oe(@UljiKuGMTo|*i`Y)PTPbp^eXuz_=qPBT#8OM%JwtHZjM zfv4F20A^2bs@t@iCHcN+{{SBNtZhEeQM9(cx;E=J)!Yf_2iNOav}WK-;rsbDNq)r;j(1ZsqI&m-L^*OFNt*)ZF3XUBNn}7$Y^{W}# z>5X+~a7>9L*&yJK7uvg-^@(lZkzr93b0}6!aY?W_4NC4-joF+k;GBPYyteyM7L%5V z%Mx%#YZrDQEcGVTZy>ZrVxhC2L0+vstS&5|)8Mw1o-y~j;-rZ~v4*;wP~j&e%EW*@ zYT&%zX5dM?9F-@GP){Q`sOMAmyNMOH08!bNs)x4BY}aMV06~n-Ia_+BB>Gr3&`KaT%U;U^qqF) zgkdC2n_JT&g47Q%*7e7>*#s-GQ-hyM&ePiKRF*BTwR4_EXe*HQzqe{06VcxBS+As* z2+`;6kMqrNv1=E1FXv5pF5*dL&*@acEgk2B^%XZj$cP~fJhR_E_3BU& zNWVKhPTJ96^AD3E>^VPs+O@B>OZdDxo(w8m2NB_x8mA zV(ON5>l<4u2^jJijzRXUt9a1F%2a%#7{vfr`$yU1350jgZYxUC!rn`Tolf=Pu-%OY zQ{3!~vPioT09G47QB~s8ZEP)WZszko(YNFWyL-?<$3d;@`kYrbR{3#n?zZ-gQ_-ck24z{lVP0CL*l(_VSWWz-QEls=zI^1I)+Y8OcaHtTAq zj(X5sH!*xqq*}>hw$si9+--uV_`R#n$Ar#;vg)h?rPAUoV+)SI)|t^6So8bW)hsnA z=Z4SiFhtv#ly3b8YR1;Dyi2NU16Z(}>9NF{ilY_7@r(@qlnu=nV_W2CZZ#7l%`ePc zsmr&mbuWK!py?Ny%R)675+*4Y2-@TM^q|ID9~tX@G}rY_MXqj==`4c@7T*LF=l=k$ zUGTa7(S`|SjqPM`qo?zslQd|@582%y*wUtc@atVA?&}n`XrkXJ!)@c{q-ImLwM|xc zn{c#tJd9&$_pW!u8W)N*(FFE#GpaI|3UU||{uB$SOMes-q#B3Hc-{!*bKH->*QIEl zCeyTQ874?R+DvQ{Y5BACq{^|A;vHHoY7}D}dJV%wtG}~1t97qG^8Wy{?giDpp%nK$ zcgLUbqTypE_6LcD(}T&+1DsV^bSLo!nI@-eBS!!vh@2H>`cn{iXH2@a5JIt-^%el8 z)Aw8JM~SaBxS^8P`sr5J1WBLb9*5R|Ib8!xh9Nwba7iPOcBEJU`tkYKvO%V45oi}0 zgqNRUxKJ?(ADJ`^@=xqJul3ftvAH)6=LpB{f$TkN*sXlc0?rHD@g!D7gnO8ApLzt# z+If%0H#eVUktI;UAIbye$F+G+#LtJ)SyNwDESgQ3NlnODi45)sUUq#13K+5Ri9SUt?eUIHqInCCvdLwPtwy* zNE*@*w-b@SJ$Ua}$!bz9>vkV)g>CNyv6J^oouvIM+59e$X+9ga(X{KU_nBaD#zTr#Fdhp?G%x0IXbP z*zulzrlFcd`J+tzq;(ke%Uv(~3f}9&F+0U-18k9jA9;^j@Lw3;_>aY&J&rpTlu0Nf z?CqWgcwt&bCW!hs!N0Rsu{E9VjPG@!1*9+ zO$HK;&Hn(49y9Rw_HB$>Rh7N0PcQDA0)bc2hfjL>!(M|*jw_8>JvjH&DNB;nE)7Qurb%3JJR-LN?p$G z{yRMa{zkNtYq;e=%w&vVPB|DnSI@pLmco5Xd#Go4k-vBI3=v9H%p}n#gf+_>2=Akv zCGwdFhG5v*{^QfNZ^NTSsIxq?yz$C%%3P6;YRu9u=cvo@=El>*$$g~U!?4B}z{3p@ z{{RZ}O*YA*bo)?`a-57D;)3mSe_ruDu9Xu`V-uF!9(Dy#dIS1b1LMyV>M&YqGtFkZ zT>%;3vggykN@UI*%AX7L#qoZzu3ofJM3$_QZ4vSxBOLm3`d8Fe?IcnOr;IedxWx^a zHPFHFcBwtJgjZYP@{h`QHa7EKUw5JE`lgSsYgce0>97srLU`J7)6~)>MDbleM1xel zg>Ic>wS(<2ufuC!4jb6@$nQ0M!#2teWFKCFn}Jt*94?nPg?vseHU9t(q}KPv z$aN=n7$o3SqEqIhD)@%6iFlRTF(#|VuJbF~LRE8YA- zsH|Er)UG5;WlXA4)r|d4DcOm#rJO z;fU-G(U!p{`=*-Qs3Xg~DD_u7F@5#6ORlBN~orlb) zikU>-#@2_VTU#Zpo1+_nXU`ieztg-UqIiZ0A-vQgLm(jhx#K-4sg~@GjX&X*gW>Nc z-%7BzbynQ(661fNp>$KBc(%^|&rXJSxnXY2D*&*m1nxQGikVE9#^-CST*qw?%B1r_ zDSt9H$&=U~kG52dy}^%;cvy2%0Y2^3%eYHl7l>xn#AyziDvN} zvqrjg#5-AbnE@FGy=cb-d$yIK++H)o90i1FxwBegYim7D4Jv7oT^D;UK43HHL9xqx zSNM;oXc`Rh$g|0)G7yq6z(p9q1J=H6(EM9_;#;WK%0x*U?vay#J0Hq{a@>E4JOTZ; z0c8PQn0c6Aeul6j@Pt-+XtZZDT(04}7~?!rZo=fTksXc3oCC=-$QPfOR-TWl9e!zS zwLuIoju^k*QP6#O6&}zTyK`Xhqe&5C5dABL2H~$6U4|=G|=RCGIB-E{-wrDQo z5JJF)Blx|IZg?1JR~8pi+s^a;@UF%@CP1Dk0iE)~xx5505#B(dD33-gYOdsc#!ta->!Fs;7E zM$R)`c9UhNX^^bav=1vV+^T+Td(t`N>`3~BitckK%*P#g71-!9v?(J(r)%*1ed@+r zkf!>b&WIwonn+}{WGX=!JUwmrsjqLWMXjyGa7DOp82N}EgjAbGRyahs)byC(f=h`m z5;M4YypdW{>w1Q(Y|xpeN!tf%j28Bw+A`{hG@VLoo29qCw`Pxa26@IiAJ)E{@a?{W z%M)Lt#cr|VVH{^2X_|XODC#!4ZSa>)46|-5an1*0SX%Fh?Jj0}YwPIYxR89IzvZDO zf%BYvo*%Wjl--yR^MLrss36ka1j>kD+mg9n4Me*cwoqRSPj_@Yw~|MY;a8~1?_55; z;Vnx^)MsTcEKBmR&J-{_)^UiAPWx;C7LyWp=cO7!{?NM2k*mr$By=Ki&y}91AB!##6lvlpZWJg5dW?4!!}x&z0B`C__nDgKIV^hqHLO*Q zRBUM5coyGQghrtG!v%LHL9Ja^!Rg`aWsYr#%z^&*UOlU#I|PyYFZ)9N&z}r5{{RO+ zhsAc-Rq= zJ6G2K0J5)+G*1oqpG)wkh*s+7OPH0ngUmZ5mj@ZFu69NT-qE}lbG(p3vBT9=5<%v= zZ9nZc_mSbqafV#3N6^kB#*V702R|KN3bH1F9w*LTUPZa6j68;$K-w!pbnP%}eo(M@L zkm1S4ApZc9*1d!N3ET1OUHy{(0Br9M!>LHNUIW#pI)1F7h};>#S1NcTBv(x+u4_J~ z>EA>9Kk;-?!E+tugGAbW(*35`smR#e1=LBG{wkm|NZzIcf3I%jQ=yFOLm7psW(hcrO z1ON>=qnG7%C`a)Ec_Z8OsuF=+rD)`iCSI6j8R?$?0Lr74ppDo^4%y29UmTzFnyBtL z=uWqeWKiLqj|Uy9%&R8#x7;_d4V65K)h>rrBy|ZC@}<1Cx7YT%wY1UC1o6HkgsIL` zws^1f1pfenEq>RwKefl~q2aAM{{U8(Q}~tPR61^?ld$vTiF37^)a?WD2iCBXzK2pj zSG6Jcq3+y@^FJ3@i7e!t#CKrEOtZ?*1DmUP$MJ3? z;C(->e?NclP_KYio*>aRUlsU!N=KU9Zecjc4g7dMhX#}hl0OBmZM=q5c!VpCaB@8{ zn&)pmTZAagQv_ojYpOdOlZ!jJ`SP*uAM;^4pnQSCd6)XrlIu0pZ>~vy2LU2Gd#zNcfZbDkf(I6!4>_^tNpp#?< zIsQpmv4uI}uGdyJrz7wG0Qe^F?HwoV)A9NUH4R5owD32I8aq8sMVR3vU-fcrJa9<# zukQ=s7sO3DC-C;PHH%oZpAy=nS9oud3z3bCM{UDl&wPL@o}xQrGwz0w*oB#KaGxt< zxTnP|){>;~I7@_W$^Ovp53v~)=gk!@c0ZE;0QfK8>?;nHt}pE=;GH_!+rwJA6FhM# zQyuRm_v4S72k{2Kmi;PcXdol^7Xi5o(O7n@W7wWXeTCqwxb;m6&L6ZvJklUpqX*_z z9f;3PmEQQT!Lexn01owk65rcSVh$ixjB;4>{Hi5UBR3X&({bP%O=$7pz<9gSpz6#`52G$(ypCE$d%8nKWCpFJUV5+hVCa9H&(?}l%96u zgI{=QuLhwCPXYjNGtO(i3#rW{XxvXS#L?%^$dmOmIt@n0uR5(TGlG;!f4!f z2GQf)zETDorVUoHvA0W87139IM)SriqAtcVjn6*RJjB#zhS3~A7bUwlJt|vGM(fCU za*fUg2O_VZLKGQpE4`D#tl=LyCb~&AREK_EM^ox56k9bbV&dv(=8YT6{yYx9TGxle z^XhS=k}IvUo(LbMS0Edb>GOyql@2Y{c7O+QRJ6Sn^>Y=(ByLwc5zhyj6g38ozY$v7 z_-xxX)N2fmhDC0Lmp!Vz-mdrh1oxH-in~0wB=UdGD@0`~XPbC-3E{t4?wM92$@K=i z{ch1-6*j=h76wi+nq+eHIOweH(&|4p;cW-0JXWAt;JMiHB)0AS(~y0|1LbFLW8y6} z8XHq?6_*2XJ*%4WRIlfYiy#u+$wPz5G={02hk$Q1`x|iA_YkzFEw^?Udz#+y4zH)p z_RENu?G`d*AXC_mI#x1wHA=^Wcz0E`vDV*8znqO5QTCr28B$pFA3x zq|h`{KyXy&j8$D`-p5e#VuF3`5g=os_NtVOwK=^@cA0Mu0?53DOz>-+)2@Eqs4OFB zm~+9v#X~Nc>$aL4wzk6YSxiK2Cp~Jr>9)5pNVDxP)MBn3i)iF#@H1HnrMa0Tw5lmN5v6AL8r8sS+eZ^gj+&dgS^|RaF>IUr7JZxPQMgh1POat~_nwELUgK?7UKwF2&JcBnT;p!j)b)O;!8T^{;)Qu%jD zY|}s9UP%D)gU?TD@eMjVTVX5{2lE#oA5slckjv6*ki}>p$yr#PyM1fcJSnAE>NeK5 z4{aBiS3EB{t*%Q&c%r{chJY0|!a@NAde=pDq)R=sq`R%~Grt_4YKcpr&I0d9bd_F6 zgo@tM)0w^hzhRraq((Brj=>e_iO zO9gG9=bTU`jgJ#77uK$`knv#rzO~}M74WP_RMc$s8<^8i5izwa_&bJ9-{dF@9afDz zx+U`%ZLOsW+jdAd0zQVR>mO&hydroZc+PU9a5L#zLcmXL6_hr~ZkF&ocsT@B4Fki= zZ1dXMf#*vjGKCoHoC?z22<9WS(`CIk7KLB!3P{I#TT5x}k)pdz+X?3#Ybh;sEXCIE zlS+8=3YL=uZ5)A`v1hCN>Ih&sRMM3%f|n zFc6@qIXi$EIrpH|OSzxml-a5alHNtcK%zO}hdnd-SI|=Ug6!EWvR#94r*F)0pRHvr z$8*cPL2-Yp#KgNVIKb#@mb6>_F@tY?<-S9=ky%PNDl;Lt)+cRAT0tz*9Pc^f@vma| zX{$ZNw|BY)q*|@aA+n5tfH>=ll~1{^Iy^s6@kXzAuId*zP{#%8%_7Md87s-__5QV# zx{kATA_yavRvBW7JA2luJq+Z}V(`4Pn+WH=w|hcV95+yXE3diKY*S8|S~Zqp1EC(C z^ocyvQQ{&ZRCr0=MtWwkG|_Dw@&LFjeqaYm1kY2`?=3CtV~G?yd2X$dz#rt+mW6td z!v&qfM-gsg!R=LjEGs*mY?^AWn)fdM0J+_RkI!>Pt(Z zcf_7CwYV1St(+2|j@8BL8rGM0DM;fxl}8NUd9gvNjf@LBeeX5I@$Kg)9Wg>c8e;Jw z^7D*=_eBL0+Ffc|8|oK2Z0#G!hBo#X$MvjuZ?0r=W_|CD8=*7{O^;ac4Vk@y7P&&Q z^=0eNrCIUMg9}D)wB%SWn4Bp4pipNRo@r^K+S$BocJ9+NeAygVb7^NDkts`eP=$*q zQ_`}LsTQGcJaI{P4Z^CU0{G;d)?J>cAAEAn=4ACfslW_B5XXEjt)#b_N48)FJq>2V zsOxrj)~vSvb+VGg=k9^+S^?@FE!G774gxuf8F1GCjAH=f`I`BXRiDjPQVQoI3r@ti z+|#+cx|-e;o>L+ILc4zkYC498_PeN|xqmW0EkNWxc>e%DNGaA zPN8)iGZ8FoP@TOv2D#bpk`|IF+i7r0^U{%_hCEQS?9<^aj<1a1^H%jK<+z#_a(uwM zaheQdjSFpFXcZ#dRYo}V`qk^5V&X=QC|_iXLt`I$g6X3lR`IXc%0qJsI}$^;bgODo=~w>P%I z6~$!0-%nEwR%pyrrF)wJo@R5*EabX>2^e**|x1s{*zDzjbb4WL1BgJn$;jo`ZejDVFXjV~-4XCft+714prVSK-#3 zZqKM|^NYRljj?o8!99&%@q6i4Hc;4Tur;@maN9`QXf@_X85D3n{{Xk8sD&-v3osZ5 zX~*MUU87&FpL2HvGDKr%ILAHcCQ`Y3S7(^UoAHVaDo|x)&JS zJUel1arUiZ&J=noNW0<+t<`*d?yQ&2^Beh#M*K;wSf6Cb79ctpuW3ickeR2M) zyK~b$D@Ve*Zl|j2+D*FoqfZWHV0s^K>-bV})VRjy(YG2>U20Z#H|-PJGb$XM06i<` zuMv5XYkHoJk`#$93}KbI+wDm^3dW53x>_u7##_iyf?K^&zPz=#h^nIGka#tuUBp$> zUs##{0MX;!3Z6XxtJ>a@?`8A4Y&4X)bdQ=d87`#E7bg5 zq}XcKsFr%Ef<)UQ%#Dq#2TnTrQZ+oP!um<|SoHV3%wkV2K;WOoyPppM>qTj}K~->Q}LUqB6Wi_GflRKR|2OqVdXjX4Nh{$ft^7g+>|A z;ZoyfTBdQUF7Bp8d3U)!wH&&da@#`1yE>>uJ92P$4u1;h z?Ch2U5o~3;des@!I(sb+*6Yf+y1Ou{NDr0{3t;s6S5d8KcK2-aS%~3{j^c||9>zzQ zHkW@b)zlYa2v9yD+td$#ezY!^2A&pqrV>i6@{Il3sY&bx-is8vo~q9!&d7oLxZ$g; z*EG#ES+Dw28C!y&V2X=@*CS)?)q(|{}rrb#q=F!p2@H#&}k;smyIirNt1d4&3&mG6zK$8X`=tLdy| zySUky$~FTWRxX)?rg&Aqh>wUOlQuUt%&tLJL&rSUlEry!i6dFJ*@4}W)QXn@don8- zy!-3D&+d6r}C{POQni=_J@%{DaT)Ge(=>k<8E~gDoY(DH6~p?S$LUGJoU%F zAIh?Aq|@cOxsOf~HM$%IWWj1lGR`-|w$|H{M@_8Ea6#``8XVe%o$@uEvfZY3wts|r z)~O0hq3OD=rW;RK=RlD!-pT1)yjlgt?B?Rpw!++n&jz0>BiWs0hMz8Rq=EcR3{C>sn@KIM#L+H`80maEhShFQKXR zO(xcBRJc>I!+@*nRt9~JoaSa}Gl9VXRgGI!O+Eo-Zy56l`^-5M0m$D@WVTy{nSAiT zZS|<6k;H1rlI`i*p~wuxww6{B0f!`xPfEY1>c>svnVL)_PsTIWqyd znSX@(RTE<0hV{F7<#oIR=JK_b(eCL`G-+lo#Yl*g?zXY+;TYnFRcUTWt&|Y zJk)!MS^iP9FvtK?yiS%HZHaVkK3EW);m;3|(-Z`ybL0;aX_{`LWSrf#tjQ?y!Y}&6 zpSxOjlV3-pqs0_*+^T>Aj&KDrU%5v>)gEbQOQ^}8qT#xl^@~jnZsLyON#th6M?ZFv zA#-8mH2(m*NWcK(8h)R38_Z>tmfM0iat=CB2by@(Pw^LsHBCcTaSN=t0zfc#4w+Hf zv%ERsO>aX>nf2m`n}e#Wwnll*4F>Vp*zvBQy1thMvnoXzU`Hyb4#&1lagB2pngn-F zu#l>LbA!)M&omP~hhA&&w6RArI>omc#~gLZuT;_Qqt-ONIc+VHD`Z@;1DOf#Pvt?3 zkz#E%EHiLM#?ApftIzyqkxOEa1TfE;0yqce0N`i(&_rKDFF{FkWNB^kpD6*c(<276 zEwwqdro6YF&f?nH7{&|Z_t@?Sr3Qyz;pXVs#Pcx81) zJ2G-lZ$p{@^N$Yr#q>Q%=Cp`1J2uQNFfopOYTm!D&#KzH+}b+KNf|x;4FGutyc&CE zX_>s=yN|-WLg&L4x3`LK%xeiH8*t7j8Zxx)J4vwAZuE;tS5Jp%AgbUw{{SMk1O~=e zc98j**ms0?On z&5_YAHFmq!7nr=}%#+~uuMPOU<2Wy^mrt6~Ibs-6u6jSv`__;)g3$T$$5Lo6H2(lP z%0^b5QGyNIK{fPeo8aFKODBzQ?d?qQDT+0bvp&)~fr_%)J$J)@7q2hA9qT$g9v^Wu z(#hmJugk{CfY|NpUpHu;0oC+-*`y5mmzch3NO)MAJ+sexEOWE#KLO~FYI;51p{Z*^ z$k?dNEy=hY2p;0GJYC|e0dr$zqT9o9XxuqrwYHB&93RGlZ*yN=@mGd?XQ5bla^FRc zIc?7K<`7t8__OsD;XXU?o~NzN4Yh^HwuuM_0|kaLfl0DCdzHL3qArjY0wfndb(ox% z#dgwZT7B!nw|I<_0Acxbra{YU`V3k{=5H;;`f@t_$PQR;?cWvjuY@&=T@uk_wzWyb zxNb&EC--P2%EyU#x5SI7_}5XjOHU(43Vf}uGOy@Ir%Lh-Z^Fjnd+9E3UE=%5pkp4? z6V0h}!kSbO=GJJIc$r8=Cmh$O>HZzHySTKl(}}dYa3f*6A2v@+)>4g)AtTyt?JsS- zHohEq)#qsoOL4ah%Zvs7b>n_6_+78qX*ashhxJ#1;X@&flo5b3arjntI^cZarF>A5 z{s_}tSZ`NxjYwQ$2OQKMD%T%W`xCXoJTb;V`Lnck6v~p&_x}Lds_xHGit9>_J2bsA zmyooZJov!;`wI5`M_IFNP}*EZnq{cK2WdQiIxcd`I+#~+cpJo$Uf4dVV48eG?_D@t zkb4hW`M2WMwXbQK^_PUaAL3NH@QJr3c7TRQVt(oRRYii2bDq+zBDuMR7U7Z6LEv<1 z*wp+Vrr%#iwznc}L68qVN5X^n_N|GMJn}CHNqeZ>uCsmRN`S^0$tnOo-6{!w9zvll zn({lSQMf2@8`6O$dIyC3Cq1!SZ7n>eE(lfVSog0$*E~Hv#kjYIXIZ?mjzH+u69drv z6?qqg^yqEpNN%o_h5hi)80lQUj^uw3Uo6)bjU&ROtZM%NyG0$q9C2BqY-O zcJkezk1d9C_r0smJVD`)v|c-)A1TRY9AdW;jgIHRUJNma+8boJ4aoiA7(S=csQ8Kt zh$eWi6#0tf0aK7M?@=}hhK*-&Evr1I&4qdq-n;z{-*TXXF*_V*(y($xA4K?K&r6d@ zyN*&nv~r-cHzj=l`q$6D75rFyH>^XXPvoV%WU*p0>`zXWovvDyjUNK*kZaa)-Gpi4 zBMb=X?_T?DE|F_sX0^6~+soT3NOE#Jtw_0<;o6p`1+JradKH4ceqTY&cD@4CAk|>F zNUbDEl^B4>1%Uo6dQ%9P+TVq)wYe{%lI}~@3ep5#00W!~^W7;e;kqGXhTCA^4hv$Y zQ#IK2e+23mTGpu6mRANc&$KB#fsTH(zASBDNY?bnu<-HLE+v~}&c|-V=aPEjt`ZcT zj1L`nGEH2(cd*40un&eCw&ZmEYsYN78=`3Ug58_TxJ={AIKa22 zl}HRp<%L6K;rJ}zoZimTT+YSAyL_N_08~m>DB?UbDBPu} zcy`-amV29XaIgj4<&)DMpXaq^Xfj@DS4Q5|W%3Jr-1V&^KI2r+U9j`-G@HhpxeCE{ zfz5NezlS5#G@FBNzGRF_jGjRq>dhk?9!YPdUfH4hTYmjU3C0a~J`nTu2lA#sCtRG4 zMmto>HwOBitq+4_xr7_rxz9Vo5HaixZb_m;X=o&pK#DLnw|bvuV<{X)pvfi7G21H; zIQAyFFBM&0+1lH@6DQw4Ct=WjbuIu{wefa~VW(O{Ex`WMpDNqeA#uebkMA!vK>T4fnIYz_glIK&NJ&14zP%Clt{g$B2!Q0ZVD%ugsbAM-+&7R>1`JbRX z*I{R2B=E;|GXChW``q(d!dB3`X>+T-(;|k-37$yy5sV7+ePYJO86HT#doKWzI#!nn z9QEdtrx#g~aW*=GfXC@vHSA$8rACO`5ZiZ?_o%syuW}6{&|KV3su{*|eFwdI)RwbD zr$Hrz(IX#_mpK`%=0%T4@RaEUF|MT?bKHTA>M*VA#Twnptmb7!j>&l>9<>bKE1~AP zp1hj1+Q(pow0-*Ku;aPZAh@_&n9MxxR`ngIIwKy2-kGY!qseDAz)!a6( z-eKFGoX}3ETcX&c8aAAh!!&Z3)umY*C0pxR8pfuENuVr|me0z)hHEz#Pct#&@fMw; zEH`spn|Y9x4Z-6bg>zH*t4P(=n545=h9vGgcb~?mmrIc3&kyllrD8QHAVK657}?h~ zCxmX23*#iJ-bu$JwkgSIK4yDdSFuS9lSJ{NvXv#500Uf{H#$7?tZgE1X2B%!$E`Rc zRLY(u(rs>Fl52Fgc!=JLhaZJ9&!7SFmc10TCu4Lh5b5=|4FTSXBgD%s?p#=EER zvMsz19;0h@tjdN%5{!93^ahLA4(`Za={j;dtZLhERhyCYuO9fR;(N(qx3-+0J(zhx zMhF<=IPF?0j8a-3w|}$;iPqP_H?S1*-Q^NVBBn@OU=PgK<+Si!#dRd_1gN_}C41OjICZObl4&l80j3S>_}7bGcF^mjw>$^nzO|@)I`PJl zuLE+{&2*67VB|8E`@wo~n)^TYsQ7;z>7{%~(XTc`sUY&*V!*d6f*&KHCc7!tS~IC5 z`b_@-f<}JT7vHq+?AmV`=zzHsEB&#^z1W^q(U@jvlL!+MU7t?CxHma^MCa+v4ymt!lh2Lsa} z*NwjT9HATY(~i~A2CbpXQaX_NXjn3xt=~OBq`7&e5yXiSBA#CdEmo1tIZ6+h)7VxgPw3YRhc?V{I+GkUA-e!Bd`|)yFl_4EV3&pM+r4 ztTjbg8~a|-i^NfRl0I@jm+N1Z{{SEU8QJR^bCa(bEzd9{G)zi*`^$l1-7hXp*?e3MCgmTrE{6BZY-h_EUY}p z-5ZpUaxv-1uj}*v2?_g3>7TS8z{q?N;=M)*JZ+;|CX=YdSc#&QarSw)AD~ieDyZy% z{UUrb@rCBSpy{uwi2ne#wD2^|Ne2WvLrEUo+yjL`sSZ~3^J?k0rr8GQT^lTU#XuCJVduvuw0~T z8c3irfsxX^3Q{nXdLGMqmW=?LZuv@sh4rp~%Pe;i%iQtWy5RLW>Lf)jrY($!L{6ab zksBkE-if3c@}bTdIiRR!n&uuduud?M_(<*S0|=@sJ}q5z}?#$yOjmk?B|Bv z&TF!^iLLawZmnT!paE9M&Ihd`S&FuwYPwm7D1hf^Jm$2%%<`j~f@4I<8ShADTu?zB z>=&6)D;=S`oRm8wBI65ny^Ow^wNdHmNhbr0}ZM+W2F_UPYC}_tMTT81GW#o~JnW z9Mz{{rLos)c5zFmA|xuzyc3R1dHgnECU#ObgMvLN+=C~@8f;p$OBJAHm2ghe&P924 zpvK(|gNG7>oD+(hi7ux-94zu8%Z;S<^si&kC-DB5Av%rsk!VvTg6D6ssOK#~l=UwV z*vOtO2?JY8TwbzULLuNTGL~iXp%o5 zW<@8jY5V719$RTJ^BLMv19OPFWsOkx7VY)|e zljkezKqhF}Yi)M1>r60=p^62-#bn-JUF#aGHx}TC%8<#o3I`nilp&o2(A9|eWVYV6U>uI_SNHFnbYc11F45&>rDMaiGk;@NS(7e{8x`8nyh#9!&rD9Ch zhLyM4qSK_G3d%VQ#+9yNFsLiqDkh94FZQP;9-V_DRjT2RZ;s#mV1?mU%s~Yq&IkMGleBUzI z5}R8Y%}kT%YXoK5`1e_uNvG-(LiWv_iO~K&wGYX8B1@JII%l;cpHj+qx^APW>M_|v z9@s$KTzdLe9;2Y&X}Yvlw`n9ZGOO}&!RUV~ustR_M6+bKxOMW`M?DFwiRZJil17d9 zL|dWnKp6Me`*Uv-LhIKxn+yTwQmS_3aY2Fa{tuo#6HBVXlN0|c#BF&E`*UzOXrXWQCDNX(zI&?msnuT%mSWCU&64rLv&NQ z)GY%x2k57u6xGn9znNaeV=m_*Q1q*&x`EqG;Prz;pHUK!IMw9~9HhG1K+G2B#@&T;n|-PBgb z-_J3`ah^G@8vZ%{*A2rDIAeBm)`Cw#)Abd(w6{z!U@!)HRX-6~&vcg8FgDkRac(~F z$4t;8jMBBs+2m`1DDvaV6(g-%yVoyuXGkv>WxD*oQR_e)=B+o_B;92wc(8Wot#X!= zT+ekK{v@6E4Cg;JOtu5)F9>*JOp8uinI2y@d0D#fr@!;4=ed6k>bkX!_NxuugUAdl z0K{V*GwE2HMVsC!wYIVFb*85rmbdLWZzLyK4S1J`t#wPGrp)M(I*b$pu@n?@R@z*) z*GnbC0z-%7{*~xDm)I^A8K5cVvhFIm`8}v6NU3jcxeuO5&j8}9S=rAHqSG|QC>vDb zfu&wP6*?msR=vmd4GoWsV%PrHmfqIZtN!&-0rBv(yua3Vpqh{@n!X16>wCb8kD z=DN37XSfo+*jWAL$sK*g0DA7VtlnApc3o^*waS34BuIHxC!7y%e=5#YhU(R%f(g9G z!w*5ndI0cG7;D#%-rVU@NA_6U<7ppwdemADjTCm@+6;HbG0r+rU9>ftYiZ>#12^J& zS4H9TXAR<|@mGP4Jpj!F8k+X6XKnUaG{uFPCBv0CIIU~Dm~G;UNtu3R1o6`~TBd6o z^)fCkG_bI|Q^%ZVZhFwVgjR@_u*H|%k&cv`EYn-5C7GijdF(z^&N%v3jIu*$V1F+% zAH1ibG>MkSC9B!Re>$Bucr9-wU|fOs5Av?Y8yj0_lHO~ZV{#X9`Nms{42=7hg?39D z1@`qd=N>GuzPWhrp>ZTQ#DJbwfU(7h{Im)I2RPl^6=KUxd9UDyY|k6?a54omWdpUJ zMw?BE8DV0`akz@HV|SVMN}*UDN2M{HYWSkw*76u)Bq<#adhDL=*Hf{XV|RjVaKQDe zjJgiT8F{K)>Go#E-Q&A4kR6@5Bi6icThu1jbt|`;KP?%yg4c-tDDV2YkNo?trAlk z7UN+D9Mf;9jM2M$qsL~D--#oV5lH4t{fTNw)3z=?avX1WH4WXEQ(0htQNcYVi-RQ-43X>1=#`G>}Oz0R+yOLGL~ zH9}$uo(2v-r32+=MxP>i;yDiNgWIXCo9nB%rMFL)?7(9LRjO|7lN zNG7^rxF8w8=kFiFyG=4^wC7o2QRkcyv~{`BRzP)z2 zxV>43-yvd8J?krW5u|Pgp&UtrgUKeetTc<8rJ7g|nGAT`GtM)Pm8?~e9^atc={i1? zW0ELSDl%K|R~4-NhU!TpA}Ql1a`ZSgS1va^$5qtLz4)_$GC-gbeHy!84SlZZo;fB@ zvLXlFllsy$)X~4Yv$wppCd$?cBO6v=IgpdzJ?o@Pu$FBt-r)!ZiNy>fvCC;X{MUC= zMF3Z@btIz?z3+;v;}|V&t!))_ zCz&Iu58MGjPjfEn6BYCslV)2ByN*qFwpwhB7o8zS*~!g5QyHA5r>fme;wVmgTE^TeDt{y$|A!4iB9gn{irrVj{p~vdB(oKCNqDE8%cKgPv9U$Dr zF>5_Bch)mjIAu)R0=eI_}}_VMdBYnb9zD-xLiame6%8^wa~& z!U*KtjUNY&luxJUTbd=)r^+CZOS1^Tlg52`>F-aQqBpU2=TWuPBTE@$jvp-a;Aa&s zqdlxP2G-$K<0Ezf;Cs>l@P&?19UiBaY|*|Yb($**Fzwusrru2^yFO8o%vPaVf` z;x84A0?szH8hmK(1LMp&J$dJ$;=Mb=mX|j0Lb9tVz#TDK#(l_~x*P|^TYDR&wzbn^ zgYE4i$u918;Pw3~=7~0;aiZH<&vlKU88P>AJ*v#^Sg^d)^s9-CsRKp<&fqz&s9$M% zuAKLJYQuTB6d35I)9|e17d%cGFMqZ#EG4y(BM0T@t#)relV*I-$uJx)I*QGR#na%m z@gceUQo#(6!+=vq_Vk-R$;1xHFO2aRibgclcv+C8!|Kg=uD{41qe-f8FT za4O@O3XW-~ZG|UeuG4%!6zuV}n7IW=0ftZ3x(j_HPKw#%w}L0afN(iOP05+_vxvUZ zrn8*FU0yaNxyM6R^#1@8>0Ta^88sQCyoWzBMau!~D>+8vi*20uh&)#xiJ2m^(w@@9 zuu#$unf>b_w3y-F`_;m(NC%I?p~JDEl?~pHE#!88YF{;QHa8eQ6@wm;ai~bowd326e8nRqdQyxmz}Sz%P~U0q1d~6Wzcv(o<5;m;P2u~6j&uVj z0QwJF&~^{D;_aH*+%RFvlg)ctxAv!nnQqz`UO2Zl@Bzoy@uX!apEq2~a~1M=H*XEN zY=%Sk#d}7Hccosz8Vj>=C{e%HG!Q;}SfYx3>NjMJV~kcEyy?5_<`9vNhabv;8D1r} zu)VWcEg7w*MLWqE5`Tqont%3jh7?RjyNE2#WZn3Fc zTzsn-KR(o6gEi*9D7@5sEqiHYe3HQ&<1vzl=KN>_S54F;n%QJ#G0TuhZ)$d@;xjyn z_OmRcxK?hYo|O`l*bZM^Wx2O7#StzaaOa=OyvJ9G-r!qZk|kGCLk@BdNAeWoD~|mR zoerOErD_*ijDi`W0o4lUa`*i!f5JX1g)A=${{W!d#UN14fTVWCP>)5vyPjArMe=!} zmw3p)IqoZ&wb1Xi9Z_S`(h+Le5(hXS_QeEp>U6#%&_A;5t?eeak7+?8d42x1=eE`m z#L~{5Txd?<7|>Z;P}LJl^5=%;DR-O*$?8XH=6qS=G}Z2G^y_%q(kzDBr*L-b)cq(E ziQV{4(!pT1mh#)pa6x#<8Qbh>d_kyKwbZsyq9S0FQ-aI&#RTe)EW5G0k{h{;!#>l% z0|)Y~D{ThO^7h_cMlx-YgAuot`cPfZFZhFFf2Q0?bzx{OAPt0MTyD*C8gw^uTELpE z@0WGU63fEpw;r7(rFjYahhY7-Xy(1N5Ke{^-PqjarvMbYe`ob0%`jR_%! z;UVqxu6Z|bI2|9v_gDTc)V0k*LY6W`wJp?uu=VF1ILNG9?+o~}#XdH(@m7U=8$*Hy zNix|-VcP?#>G@SgR|8YUUjlqzcj1V9c`br2u^PYGA`O!#2d|*7lRO>a`)zMsk-jNu zckrQ=yqh*g#Ev?U-NkPQrH$bu1IOAOuZ8u&sQ7&({>^EFCA*B3UqN1hp`Q(Sx;;N# z)F6d5J5Utc;{~(V+qF}A8c69ct?%wGk}nLXwNgOd`~)7D{Oi;7uM69~j-_{Vs4OpO z5Hpqevd5+deSe)O%c09X4jvB^MP}DFaNY!m8FW+kkEyPw!JZtv@s6FSLt`zB5GgFG zT+5>ryBVQ6kCbU%0&gr{Z5bIo}Yc9 z_>^k^-cKnCLjpD?4tTGiz9#CruDL9imVsfpjv`}?{!mH(04MXHN6DJ*m*T%IF0XX? zq`a7HV2pPCYR`szD|ukblEo|BV{i%yA5Qg3BUb8aYLaTYJU2HHskL=exE=`lS2N-5 zc6*zPtDCFY%YYHLpOtaX6-_jVosNh5Z%eww3#de9X6c@!de)TsgmGAzVqnax&O6k$ z%=sDA{4V&9rCRG&uwUNCYUlgoJo?w8c%R2U647g&9~tO3S3zxecY6iOS|h*9hB)Jj(nywzx(|t0!Cz>bR|@u$s8C!V-8Zilxp%GU z`m(Ltd4FV(?gc#!V#sT$LfxhStP&5fw19Emy&X|4ZEfU$W_B3Z2XWr8lGKGKu|~(@ zb>^3?3o&TBL|8MPRa>yfuX^$iidw~?)#Jaqfv+y-8>P4>DuDL>Tvm!FL}A>~@Wt)_ z0EeyDR)OS>&4&Y`u=cKpS@_wb+u6F=$9BNSwXkwa_uKhXRLvAm2G;&6Yd06RvuP7Z zkq6pibq9aeyWfYp&&2ofO_kl6`8Esl%{ymljQ!v}>RmCO*W#~;a9T`s%N6qO-Hz#U zNek(U$Rq(r25Iv0&KO)7gcZKB%gvLm<76cRrldZOPNZ}guX z+i7~}x4*Z#A|Sq4{m4D{d;3(V*j&91=f%4Hk<*cFVxHpR<=7by3cZbZJ(Z5Laj4#2 z-N5nNbdPZao_f$!V`D;VyG6JfdR<1>uYjm~)jdm2xRy4M%f1+x01xn=^O`!8%;;d! z^ecJw4Nap+q{{)uOL~z;pJk?M>@{mZiKVC^q$iSl@%S2KNixo*e`yVh+SsIvHvIX6 z?(N4F=LnODBw(@0yF2nZps1qlgfK-bTU2#TzQhNWmwQP05wEhtk?^iFJBXH6zXh4ZYirwI%O`?%U0V z>OF`)`R!D@6Jy4_SEZc-IoD2)`$|%9f-`}W^{+Y9?PI%wKej+OAsHQ%(=U+0Z3f3s zl!#O#qVP%SSFC(HG%A2Mo$42WYXVNYOG~IFVQpmH9L7`mKKdX&N6xrTIu{h91*?L7jqwwpC~cnPM_!SsB<*BIt!~iPa_!n)uA@lP0fFdVYzo?eii?RU(jlq>bKL^ai?J zT&}OCLvLUjB~kmwe!IKp+K|?Vh)z$3HBz!V%_>QfV>~de?-h8nPQTI;D=TIf#C*(1 z>rED_cRZU$(6t?3RI_`*FW(|2IsB{C_4_?nMO#m`LL{_g3SC0VE&-beP;x-4EW*lcto+OVFQ5zcWMq<`A7L3ENj#GO@?jMqJ_URcz;t(ty45J^#1^e+NP%}{{U`45=k>5 zF-BKt&rQFTQ1LFSZFaImh$fAdc6o|7XX{kylPMp)9y`$E@dt;R34w!ANj9`N``Gob zhyEyOmfjv@(=H&6+f#VMukOj<_dT&)@s_%rk%{xpp=mC_5s`*)**MNUDwUnHEYhp0 zrt#B0wV|cYu)k&h03V+Z++TPy<_NBB8W1h~*Ev(&!S+3??!7jDvG2Kg8E?GfSWuJpYp#I{!HX$m&k6#ypSbGwhkepTV)DRw;y zO!#io#8x)*NQ&{CGi_Y*Iqme#ef98H$2PweJ|Aj733Z8~msz)oritZj6ijsdv&i?X z=waQN(B+}O`w4t_)W2d++S|h(A=GYQ)4U<7T@61|kIpKRLhrF&MLlp%;Com0x2_9K zR$DI==+A35ji|zxcCtXhk=1}a5yyYjSFb4hsiP^L>+ny+bKKia;r&J8R)A(APc9Gt z0IIUTXpe{I#XbzxUdl51m8$vBp7|D?!_SBb;$0>= zlf%01`-G9#i#w5>@srz;$E|)W>K2mN-CRZxLJ;i^8#}$LNN91@eU4N{w-*y{69R{D zW56{q#6+Fjx%oh@n6r+1l3T`&Cz&}RJAvHO9@YriL?TiN>c=>%azO>CEwM+>%mzEv zr8d4>L$mj-)Y4Kq;jw1j!T}P#WCJ-Ov<;-Xgb*ZGx7u~|5{Z)L7Wv{MoT&T-RF0Ul z``iBjf)9S$^8VCcvcmi@@y4Ljd`<9g`XG|#Pu|{IjuJzjxmCgRDm`oVFI%^oPc=~R z-*@X=)uU!J$hCbMa9dFFH_D)^f-{vo5&34nK7KBIGQMVLVvZpcvOUGF)5ys=2j3vq z8&+h=AA%q7Q15^?zBTZ6r>xjp!5+VA0f_`W@DAq(r(^lo^Ps7{rC>{hk)kIYHq(s$ zm9;5%IjY2np=V?XzZ~#8R6al;fam4un(TqcEy$fd&I>A)a&kcL??{rXMVX&sXCAal z0vi+xLn<7pIa8XILa;oEI~;a3aYmejVcoxP%&Mmz#2a^(CGe5;i;I$NUL#!4>D# zM)63J4MB99xC)WxlfFFnBdvcn-|$_Z*yhv69vL6B$Ai2-aK=S3-7HK2v%VY`a5^gi z*S`egHN_{@mB^3dw@)|x+P!h@^sOvs zDD*XaEur{}#QG+o2A_3tac^aJD1D#sjms~Vqz^(_Y1ey43UrLp2N;DAkKJvAaR z=+03hv!71Y^vUh!X}p4>MFedpp(pUK)1QJ@Ivm~+({%e;15X@kH!=B}3(wb}tBp%C zrB6$q?$VP7%E^(&2c=D=1i8L~(@>6hZ917$1Nc{UC(!fis}wwAp+wM0Hk)uhQhKl% z`c*4kIrPmU(pltLuGx1tpgxt@dG%#skX^}mf;quf>(c_L3nenmDlwCsA3=(Iwla*J z&R0*1F#hTFZDqVYj$r(-o{uQZ#j)Hsa9;iOMq!Zd%CE5hR{S=bq$A z8QIhC5-FOk4@%JPty9l}>SPxPxe8A>_obfFZBk&tWNT&RanX;x1s-d6YX1OgktB_G z?>s2rb6c7%s%i7XeK6k=H$IdB7OSaQYTEY6OcwCD-x3aXjP|SA^IOE0>LmL_3Ypvn zFlYmfy4B#fMn@#VbMpcBYv^wZX_4RfL;F6#($@A!8I|9X#~cAk%D{Nuul=o|Unkpb zmNZ-gC_Hb@F@sxjYUwtPJeb4WGU16lXWFuIV`|0~wbq{{+(~q;zXuqvLGbL>e`?I&9P17rhZ>zURkWIn^?-QK@6LZQPQ;)irx~2+E;Xj z2xXck8@bCRblT>Z6jryFm!tqe+mZZOsOBAy53-hdu3iXXDt8lw93TF@c9ynN!DSuw z!Vtqd@-RU3H8b32O{i&5$!TXSq$Rs!spYFf?AFIjytj!?{;E`c(~7w4M>07d4MBaT zy3MFN+&TgYbIWsH`{4fo6k2$SB7@3-)Rn_98OIpOtyBY?%JCY^Vd0 zO>jDPtu^%8uJlxeerU>rk~r)5=CfgQIz3nHGsq+?$`p`KBQ?$4*~zQlHSkr~{++8h zGLkU0D=FchV2noGD)IW)Vc`D&2+gWn`TC{9NwJRH4WORDihj)+!d(vE!rlS+l@9vJEVp(69DJ0wGAX_dyjyZ!(JAO+UvwI zrlF@SCwcP2agLn(_pcq-;nQwsmgdF-08%;S}DP!N>s=&8%*r~Z2E?Yaco)_s%gAyrXwUMDS z?{18>L9P_sDoCOCG2r$BtCr?*-0Pv$qOpSQO`^wRu;7&kJ?o0F@kVZ+%7-zYSBwxS zs8)nkRE3Sk;8JAg`rsTA`gU9 zjNp#-i!_g!=a*VniY}hdOY-k8lm1x+V%WjXDqP*PiDxaFTU;RI@yQg8bUJ?s_=euo zQZZktRlz}!54L%$+W!EDWR@G7hGthSx+Wuzdr~ksWwN<}h`SM_YtX6t)yH4zD-`!I zTq~IW0Ogw#K^(f=Zkak;5i^owJdy2QnmkXZOJ>l)9{5P)mBA+z8pYV-lS{XOo@ki5 zmM)~6kWD>WStegAx9dT&I-47rtlbJHn#Y{yrEK14@ZBxPiFG@NYsOHCxwE(q-FT>z z=m!&haV)bW#f$AY{3|VNu5UFJh7;y*0}2m%P~4eIO#*!uSY}~9=(E(3-mGb`OrW!X z6d#wKc&!Xhf(=^hYeHmiFLB`eRz=P1kzOp`dn)shjX&bU9NQ5@Qw zR30pSdg{qFHA~Arp|j3?YuDg{#uOqXMv0dh$3aQ6LjHxWS!nl7Yi44L86+w-?ywj#cwZe7$PG;U%##dBWUzK4Hngs88B0)r(=tQZT}^l)C}K z-bp!}jJKDbaywT`rAPLtp^7C)5NanG%fm$uc?(jPM*N5t| z$9X)0*;HYO{4+?Snb)*vtkEQvbGxf3=qfE4Ab;Orlm~BG36t!00_7rr#cuQXFHC1`%ojB(61%4 zx=$cD1+Yl%UXKYj*n6jB{vcbu0CakPj0MU)i!f;S1nI#Q*xze5-Wc%2n#J40_IH>> z6b^a7&OJF48mJ@ZPl&fR8t;kpo2@rYk^q+FC2i!1ACH)ie027%s?OrtPY%bUO>GoR zxh(21Sdq}sRfgy~W}Px#rPRg<;)s>N<(sgo5hM+J3?PF11+awYN*vO~o^TPtde-*NqN=KVwZKE^is&HJEk4xHBgZ3S zf_m0qb(WVgqa(xQ!r0CJYSx+;#nE1I_OAeFOVaTZ`ktj@c?8qI(5Y2rd>((t6vD-bA-c1ID{Vq;?5s+$?mJa` z?>~Dc@bNIo!OniPfOF}(4c&=&u1j3-uNL3C_}5vZXqK>8#P*iuAF*@%t6135EgBvn zKV;D-y}6His2SUg*Nr*5xW9X=VZJUhpmX@u*wV(0rk{B%$uzO;KzPaRUXx`dvmC|Xt zQ^_h%lx#_rOm(Lfa5r@AXx?jDow8WNX0YvbA+j4ifcC4u@Q+&kuJ=%a7$ctNCPf1S zKDg;xNoWV3>M3w4y`{uUZM$P_{vlE|8yDo)oIAs9BW%Y&-D||}p!-GL#EcGFL(jfwD1o%u zt?pnzjpk$@rFAK!-(Ep9h6Z>?aoV+vhhjTP?{wBxwH{=Rh{$8wyZE(u?QDdX3leSN ziS1TWiCbQ^)O=4SiDhMP1=fxMc?yrbdV}x(0M@D(9t_j8&oI5d+hPgZA+zEFg99`!C|a+@C#bj!UdG{GC>PMer1 z`=`_NuQjk);B_uPct=Cc3Sv2n`y0viMiMYgxjj19q1b(*&M4qtxqvb|)m%*1zS3V) zj@>wU)q?^@rFM#|ZKp>K)M)am=K#gkkMfZB4X+mqO2llcm> ztoZv!v4L%^?=Fm{aTo5_BN@hOTso7;S%XlH`%j%?K6I(`E`ITBk{Oom!P>xlgyOVH2M-p0aR2`@`re z`jf~r$J$1zq{F2>(RrEFxeL}JbHjdLt#qFZW|r30;yLY6Y{PCuQ;pg0`R1Zg6M(bF zV!FlU)F*7@=acVOWkGV{S=8hK?dZ=YlA(HQe<(uN_UK=Hy-z6YbGBM_?aprG zwJ=YpL(Sj(FW(;BDW^~x#O)J^ zV2KlKco@K-iASl-UTCimpMMO@&Z-cD+uTRN55gB}~{D7!+s;xHF$3fR%>yRe4LZO ztP4#WTi0(*=C8KK?VOJ$CdnM}&vRO^Xy*JuXLTN}X=SBbUpo~c+0Q$NdPuxKs_PL- zw<3E+RVc1g<{tHp`WRcGtuBWKkDyxFT85hS56{(z?l~+Zfzxxx7~XNzb4G`&+Qp|E9abpbB1DK)2jqQ!`qT=?srYxqwmPUQ zC9LjJObz@7QQEqB{9&c(usb6~Y9xKDwDLW(K$K2*P}KD(pcc@|*E^STw8WEx&2d+n zezA9E@EPTUcO{dKGuY5kkuQgDY@vWlbSDA4z;l!Is<%=_1V&|0W?YexL1`l${86m6 zt+lifOES!(0f8Vl*Vckfw2VrOsGx1@$68|9$81~7QWb|! zY8Z}B#M*6+p$LM-rkuwA0KHYl5Oy{4zs07ywz7^rKTvyF*D)Q6Iv$3xlPW7wz6Y05 z)qF9eK_%w-kH|<|NW^s~>t2mD#r3_t#k6KuWhGSSzB|@#H!4vuv~3Ss)GT!px|_jp zobG6|x13;f&3$d~r%<|w!&Y7r(=_C`#LX+rqYWbw&l%~Q(@2XQw~oAHs%W|lns%3F z(p|_rnT&`1Nge&YE6eozsBUyA4!ixG5VuhxZGdHRa87ZYQ!Xn_503n6rCQ(XEgUj= z_R3g>Z>@0}smD)-5kI>q#!7h=5Pzt3`7)s8hLzL_XEmO)cXwy3;Qv{?9JK6t_@mnNB@VN$^G1v~>BTxwnGe zIHm*UBYEqC>x#|zso|KsU!z-Fqy3TMn9CfeB}?O`JJ1nm`0K^~5uZi3iDsVK+e4_eEVQjzLE2ISUOJxU)fV}&v{y7a*6J!@ib5qOhO)~?)? zXcT#IhEU%yJ%9St%$u>*N#d{VEjr%ASGKp9!}BXD1v~rT{uSriFT@3XUgJr)w(>+$ z5R(iHuc0+bn94Y81htd?tn`=$Am6OIS1XKVfwy0z0aDbP&|q7bRKCp0v4#oYPhMbf-c ztIz)c5~~^R?$&NejgUmXr27i?I6e#O7bP_fM_P{VY;Raqe(QVE$m`z9ow2k3tqNcP)k&{%I1c}fE0jJL6@r7N7WI?oE) zuO z4@_0LX=GPBILkCPdd8Tu!68?fcY-s8J^uieeV2W&Ug`Q3wT6e~>`}-g8<+B^Y^ccc z*lqP2?OW}4P?kCQ$>xVW~8RRBhXzWzH3mm@dib?t3E<+3B&sFT%4 zt$D7c;20s-Ep^RqH@CV%9u{J8j@8d84l=RcUTPNFZJOLPEq`vx2kwA7N$*$}?R~0g zH*)xVPXyvJ3X#a6d6n%CnIwzFIzFon?xLk9-c>RQ9ebMh0d1&X+Cg`6v*naI!5}fM zB&;0eAM68rexm%DZ2$+$9nE?sg{A3s7BWM7GFe$DFMyfJsVkivhl%cNVuDLc5frxU z+r*$_kLlLDWwmK7bqHXIccW*2(vv8~@g}QtYjGSFmhSA#Ji@2$k6P(;O)}3=Rkohw zJhCA9*nQld=h~$~7bz#Xt81j_-W|A}Xl8jY##e6afIUTd?xy;dr>IRNmrQ{CxM#rY zT@ggtT-3Ml=!44>OzSe8#Y*I3*EJQh>Q>s6Q|Zejl9t+X2@Cjkrpa+f*B%z}c(#V# z=H>`syNL$?XLt=H{I=XnSe>p&l zB(Dw7*D2z~(e#~D`z0@uAH6tQ;f~A~_hhm;~ zfm~JP=aD#pf%6DEaBxBOr6~0SmxoZ+j-xap<%P0!DtY==KCNe}>KcqU&3B7sI|}~* zQ(4#yO8hVIsBC0O4ebBtoNQ0h#d zL(6XUTf6xgC0KKSH-YI=#co&zR(TlXM9zLe7nWSOd@_00h8+p>?+8I!`=TX36>6-Mf2za|z5-x#i(L-vk zBq5jOMF*fhxUDQHM#p>OJr2{v*485JURc*9LXrV*dda=95kYAjEb0_vgOEPCtg0@i zEga6bsZD2MV~A!}BW_1IuPeLKr#@uc=V@E-6Vz5@TE_Q>beN@$R%q5vNGBE9T-n0} zFBPG;RSUqz?4N48^bt!!v!3SZ?d3@d;9<6KPo;W7_;NUqNFYJTB;aspmyvKq%gZf3 z>cV($Ad6`j&NG9Kn6C=d^njO5Zn4BvoG#J9{3wa4AE$V7>PvwU3lgta#~gOAanLmF zDmS*ednj%tjAmqG@~|B^ts^6I8(FipTc(=c*;6Nhvw`hiWv(rhS6G;NWbmpEaMby( zOp*HIu6#i89GB0l$#FH3i;NMS%GqJfc3%+uVWN1y!xskP3tdk7D>YFhFoCllc~7b9 zUB1l3_&3D*YRP+VGz##-PU4OVkZYT{e=gyK4t%VP@yNweR?rO%D^|SH^*D7a2^nr6 zJNF)pJFnwks^1TMPo#K@!@6#vr;X9HU^1&@DIIyDSLif)ou%_C7}P!w3yQJgCwt!t zUTG5;uB2$4VDm6)e8vUy@a#J1PY*3TpKuT=PJ;s)?G zwWoN%v&^DIir{a-@=3uTPj9VE6_L`VbL>yrN5NV@jr1J@;!lPrg(5Kg%!78*jPgB? zAp08rk$>Qf-?bS1q(5d$Z-v_Z@t?z*g&6jV%w<{{Rl^Q|aC& zv%84w+WT8499P+mDr&lTWEm1=6TAuHFAT$HX#i$x z{XXJE$%OX;wS7W6p*mh$-AQdRF>FBUalosC=y6V64-vR_wQ~Yz z8P0L{x#pa|=*=vp0ah7Y^i%39TO87n6|{<7-J3g)L)g`s8Z|As#6bGha+MZUn9efT zGbaE6QzANtd4LVjQ5c;NeF?3mR+I@>b}$8MTU|{J(ncCEhmuIaQCgco{R000f^PoU zSHH1W?N#6p9nGj~aC|Nok!A)@ zm;v*zA%DGEQR(qr#?fzhZZI6+kPZ$# zZ6&WQ6&m6pz8wDm7ac2x@sGow3Vd|23qSotX*8WnV-g4uy3@||*b6+xPO$fMHZb$k# zY%v2Q52Y#+l&PmBWADxg%P1}NjW1EMw|lu)0$kt^sPEdm{{TQS zWXPFv%OE81M{4DbZERHK(EDS+zY#RQ7-*JSorT16%tx0pg~l9puTpE|lGki(>f~f` z+P!)wpH=Irojzt*?c_4Q8RoU%w4I7WIrD)41wX=Tx-Ub|oJn;{53*aRjpH)+1GRE8 z$2ZK%WX^dbkHW1Ps95IS0e3qrz!p=SHF`#dvNUk2ZAcY+^{rrQ%4}4htmO3? zMT?lF@jB0Ed2erXXc)*C4Dst;e?E-{m0>8g4;8Y=RaK61bJ*05{SGqj`69ZG5EW$i ztJhk)+FQdW@+Bu}#&P)8v4?U_)pc(ZU1*TSX>kN_ZObk>k$p2%d>M6huH8PBab!wv zC5sN6^cAIseGB2=1xKVk!_R3HC}a-LkGwJ7xSxy$>htVPqt9;8BM-D7kE)J1$9jg6 z(T$%vC))J=O{a}xZ<$K&C2%|DzM#>or-eA9L0G@>4@A=RO&dKpWst-~t8$ew;-rcUA<|m!hk1P&AJ^2`_C8L$rZKXEX3vN}J&ji;OV;#ne z3qEB`v1aG^s`<>hPHR)YxYREbC67NZJP&%%u#)%BXyc#DT=RzQP|8s)-S2-cBXUBP z=ia*;32Y*@llO%Rezht#G&IGHh0@zkB#|>Y<2^yH&0{)Exw*Hq^I=REP;rq`=4lwS zvG5;@^c$T~;I(MeQ4x8NfrGe$GD-C7`d60xN$~`JAn|6WtXh>awh~TwIL}Ya)VFff zOq(5E>ibTQOb!bZjk)WCT<*PfE{@3eQOs4C3?i1m^}weXnai>59vblcS2`rHq9Yew z-u(8gHSn3Yo?zDdVo(U;wXrE2=AjLR?2>7Lyo=%v&n1hDp{ z%#G}MkBD^Jof>gwkTSaxM&XR}+O6s9B-XRY6;8#+{0q18s*6T4iRBk|lG|RT!$!Vq zIV9HHR`$2jLn(yB!FK1lt&=iQ)btBYA{Me?J1mi4g1!1yVAFg(Vd0%^mN+52M^=yI z`HJ(O=}FBNQ_>pR%fWXyYi(%vY~@K`yuOu(;q76(;}XElDZvfU3KW3#eLnf7cv?^f z?L%A%JQfF9Fgl;%W+)KmqF4s2ae=MqVu}}&syd@Q>DXaeW%&mtk-QI+)mO0 zW3e@q%ZoUF8fq3cdS08Ov?a9{nVhj)fP)-u=3_h~#GXCA@m8IucxzEF4wq{)G-SzOJ?J!nQ%lhF zjYCkh)GlH2PF^@4o01?uIHi_-vT={G_jAM?~p=hsZ33*_Y!<=Un1&*@sPDm2kW^%F^*=~7v+;;x8Z^PO&`hCjJEyLU@NxOI*y(y^JQjN`T5?x#0-AJ*k zBrn2(f30I%+dZ-j5}+J&Ovb|8TT3Kt@UT_@v92!uOSO(~JLU{LYxo0FSoJ2e zmS(oxKpT(CiuHYKU(!Mg8!MQe>09@TKb2<#)+}+(8FIOWdXwu)Xh%<{+G*Do z+J*G@5yVk^v^mZR&u_xK^_F*LiR2To&m)Zc zOc}5b;X$M$)b>fWD^IY-o=`hfa8Eg`3%?PqwYpzhnU`VYW32{D-Cz(94vo=B9KpL7=tF4+aXTa!BQC1?B?|h4L zLN6s-cTqsjuftk0>sO0qHL#KmzF~4k0IxvthKXgTXrv<#EG8ER0MG}3&kPWvN`M5< zZq?R!e)1^do@rJoCQ-F_9&zd@0^Q7x@}=#_mRNws3C;ykkS)WNfwpAvKo(_++T}!Y zG=6F(IX!EYZ4Lg_BF=wydFwzAvC`7g>469`YoXNQON&W?buvakBRxd`a$0@ey{@8> zNLdgt?b5v)#2S83Al+){9}SY$e`K}L(gq)?WPf3LV&_>S0b#*AXy8MvnQu& z2H9d@_b@WrAxT+r!Q`5|Z>3#nf*a{rCvHYareaMVt!svfTOZ!Y=xV*v*xsOR!Ll}t z3K4KdcA4Rurj%SVrp0rCpXXhzw}sLe(()J)q|Of=Xf-QEWpdJ7voR5d=-s`AZg^tO zJwn4$v(x2Zr_55==)jzh%u)uddCi5x#jVX}G=_gI_UuvjKi;oLzqO7?fr?MFJ8%wu z?J*p`ifr#1(l=>C&l>d|7*+<6IWdUtL$sLBUV@MoW7M>J8Kg*-GacyS;m=lOo<%{KH4A3;Z@ z9a~Pix6|Q}*?D`s!Zza^*N6Cy(hUmuM{gjJ9d|a~&EGYU6fE^vBFp@|oD9`#y(i5< zAaj-_)DK+J5q93qBoO(sv~pv=THAu^_fE6E5s@j_c7i(7F8Wx@(QKu;(%{r}HZf`e z$ta@(6>CoM7M$9s((chqNz;1gHL9_3vF+MxX~}ShObUn-1yo}kRtJr=+4V~aCAD`9 zid2m9YKlBlMezJdcs|i`uuP?M3yx1U^yZ7DX;E1%!a`nfKm~hNQi#(y{{V}cer)vH z_L#)V%e6neGm7!+%W#&^+(RH)Io(hrk!zXcxlto;PRF>epGwtjVZOGvyO^h#b}4R| z?M*9+O6Q>8NvP<}V|g4lw^6al8@eyA6hp6RdbXmLFL`Yh#ENzd_Y~X=`5AsDzVPx+ z*G#u+g!@Zw_@6Bf^2R&m4Qk&5NUy)~2)Y4J3EOC7}EWS^}7PonsV1hT?m zXCjnR zOtMH5dM-?P?tQ5?2XCinlUSI{Wr72p#OF2Zm)2I7UK@r+jZC@2u{_fm^8Wyj{3+yL z>GEl)hT26T_8jd#{{WSB+C{df7ME|PyDQs9K2*obKMJmHqBFG315ua6VkEXlw{Uk$ zoCNxc)0<3x4eFN{{$Bf(<}#(_VMym85Ni?ogqdQ@;p_EZsBxkcNI9y3S_ z5n4o1wFdp$s69to*V2|vP0g%CG=vk13}mctX*yHdPEzv^Dw23!1w*RaX}5AsZ+#ND zQ@Cf0RYq1W2b$bRYaElu8f@ok@zS|#%|3OKStNBBITf*G7Lxi)LkqhE4UxOGOKD=! zPaNwW_4c8o14~o7zJ+bt2uOv=T%T^=tyS}yO9{6|5y;)Q9sMgFZh|r+iJjH9eE$GW zmDuSQutjwQ5>610yjWF6<;5O@HO`N16c>?RTe)^Q1A@5q&0tElmKuZVuwEpt>y=^1 zQ(9b7I_+Ow*0l{f2^ECJVFiNqDhK!q@GVnQhgY1cre@uON3q3EF)XawRJM}|C5}a6 zIODZG%G*`B^Q5+kp4}WPus?S_IQ%O)7&FptEwA9wLd;@W4+V4caqC`ta+6Akiafcu zV4qsbXhz1FZm}@LV<6=5)YnGmPqo>5e9H;ngaA}VEDcESyw@LPD&1Q(!}yldRJ{>g zt+_}6`H55WA8OvivCEk5ql_@Lm`j{($Ln6H@XpPo@im+m#6@oCRg|5enmJfNTB=-U%NzMB1$lReJX1D_aCb)$wHV7DrK;l_?p$Ns_C@hDI;NB^Y~;5SWZ@8U zr`Ejh!=512^xN%DO@8675V4U?Z~*KvRmeYPcN6NC`t6~)krENSGW@s%A8PaO8)=r; z_Q`E6tTJHaWMmQPR4G97+ZnC2U$rPpdm_AmI0F^qelPLO)|8XWrNp-qhxr^Hxjh9; zlNTXpMe)9;E{he_<(;G&f(9l)cMwf>J|FScr=(lHt9fy2Ao5P|(S{4b>}w+@1DH4W z8pWa1;evSVWpX!^Dl?vy?Y{_oE1(@p`r}-_k>O}E?Y|yMfO-9Y&q_o%wXuPJq*~i+ zm-5-(dHQ}&l*f(%Jk~C%Ep8zZMI>kC`Hn{>f?4AJEWMk;FUk-V|H?wl?-6;{{6_xkkW+SMgkV%ph5jPuiq0Ka*04~IXrw9CdnZCLRU zjQ;>0M_<;tyD0S=sDUjbqqgC@ou+}Eh`H4*+Rx0DW!iBdZlHTtaUP*E_9+2-3ftr=Nl}B-^q>fI*|etA)+?KY zfd*4{INkn5dakzK9ELp(+RIZ(Wn{vrV!t=0JN2LnbHL0}C_qR1rzaWrthrIvLbJA2 zc+O}dGwxs0S46V=VhDeAGUif0i}Cg1yaUG`6R_3fouYzImO|(|;<0)&SjxwY-bWXQ zt}X1LkikD8QI9#Un?<~u>0}p^i%x`-^JfRONZgK>&b^e}K9zTGG6ne+c;0(vy_-hy z(s)b5x@0ykZM;S!K5UVU4Ej?@o171eelfKADARQ%@-;iaUwMC>m>isbHRe{@-o0~V zwil7imiH=K_l?M0=`45s$nwN3ic+QZ4Sao3xfF!`m})xM1Vy zS}hR=(>@o`ZJxr?L90ZU@kfIMg9?2B{{SMn4-nk4$#Hve1W6he+^Dz%-jrS0H$G9- zyq#M9<<>zgE>A#D+8RR7C!O}CZ<)`d z{{Wu#Qt4*bZlRv)CAadJuwXbmfA#3F(=_z;va*Hk?U6*A%a$kaXV$#a$6ADo4xwjb z6{L5vFv~FcKp(9Z7cw*a1L5Hp%RtM-EYJiSB9;o63H#p%Z5o}Ct)9!YZ}YO*B&EVYaJ%r?N-tpmUjODSL$(! zVHn)u{wnx$A7r?K+DB~d0G>1JSsoqG^pvz%uONvfC~|+iev}%dbg!rEwu;^bF~Fm5 z1B&HZ?h6TTY?c_FSpZgWx#KzO_*PTg#mMb^G2#epk~?Pd)VVy9j8{vhB-ZP3cWZ!H zu|^okCp`YO1e|80d2?fwostQ&oy2voC=lu`sEIuMAdtS`GFWDV89h&F@TRk++iEdf zybwt=ku>P@b;s9aeF*EibHo6HsF#@{&IemN`1}X+B?ll#CGjq_EtK48g!s+CM60u z>Uj08ddB`awA<6>LzvWpLBla408-~=^E1t@?d7z$mKpDw;od^*gy$Lm0QJoKE~Q_KX_Kiz(OgRv(WU96kF)JN7!d* zB>mxVTL6QMA9_n0yDPcw_D>16FNT z+sm@s5?U}P%+Dm}jxkWA(P`Z3^sQuCXh%uB()YZwh8GwdE;?iU^{+4SMwzF}EQ$$= zVUnk*HKb%{;n?bYEAYR=mv;90{PHxq!pG7?ASfL+k6P??h^>#=W0Dxds_Z})1@Y@u za%^NtYJ%OaO}K>!2VnjjR|Tm@tLmDKv)SrTZ=k^FA7g}ILCL|aB_SU|Xx=Zh^I}V4 zRt=&x-a$F_Kb1xC9?Ijyu-PI>a)*3sQARR2{W;BZwofrgcvd|FOOH?UiHRQxt_i=jvZ#*WP&*Ch})bKla3GbuS>8?OXh-m^CbFn0?rWa z+y|y;_H4Tz2jcG$>6ZHK-i@bRz0^E9ak*3;*&j;eJiCeICJ~nD#U~bvj9O)@FAvJM ztu@(_KuBU3ewEwk&{|t>NQ*+u513gpF`m?o4nqF`O}o?o0JQZf?)>H4NIP+b>?_HZ z{(W0ovxO38MVD|mJ5RoAa6X5c(kOJeZj8uh*_H(Jk;P$Xo*=ZdyOQI0iP846sO~`j z02<1Dh?Gxp(lq$Bt4Qw*POu@%NC$f1_1^;7_=8;2&)esPQeEy;1IJ2G+|K<@u1^l> z9vzfv`a4f8s-3~4`_G?W*1XqS@GP&YeYVY??QRR=a8A&DJ*#Ujrm>aIuSU@)+?H;{ z&$MpJ^{Bi_V;!x{wv|2P_H#`C+{yzVx=n*-(%?MtZV@4Ko!3&ppM$sIOKF*WGDS$J^uieeAn?E zZf$i)8q5R=2$6$i6YYv^4aZFkuL;}h7q{V{h)l}6nTI&~)t?mHU+Ku!VHOnLUPHH* zKE|_f)J-&bKiQ6pu|5Z#?O9B&d(~Pxp;r>$+Z>t7;Kmt>mZ&$tY$e zTRp(+YgoGs$-3}OxRiYOLW0Ogo{+;L7)Dk$u%E-oap!bKuW zo}QIv?nteCKXZ3{=rtFU%SfA-Vd^VLKBkSB+I;uI*b{4uSB&o`sP?XZMUz#$*OJRg zUnP=Iuef6%_N{re8`%1bO4qdbEro^o^DZK9nU#jpJCDw&ol`~CuP$S>b&1miCOJ`9 z&tooA6Iau1c098La)T&6YlFIxT)xx?X(Iq~-qoB{$gw@N>2DZ9BDF#}B=U3WDz&sa zjmw`Y({4!&2SJ{uw&fo$Q`a;V(RB1T7w+$QkXAJAG53k8+Mcz)dPY37W(VaxO-$gx ztz>UCDBi?FnIDB7rnuXUEL&a7(yRH8QBjLJjDf$UavF}D+O^S+5|LwbdhR~dq^xUBEuXWC zr}$e{_+6>%5M9FB#6!+D(tsFb@s8*ERQ~_~yeFjVnw;}^%S(HWIn&9C(7rNHM&tQc zy((vw?GHQsto$?J-2+jA9}UYLtg&P57R-mtOdJ3Yp|6TsGs-=DML9N9 z-z}ui7*gn10*1b;_yzF+Y`jYch2B~1V!Hx3mB0}x&r!t)(ESIrSBR(*q?>bsyzch~ zwB<3&846g8joBIIv7BxeJ|g)40PyO64{MLB*(aN#>IZyM!Zx%{e}%c~FaS$LEz!_Hh9Dh3MKVh$r`u_mz zTl;AEW5i{zZ2S{@aN1tEY6jJoH*6$_x5`fM!l`d#XzyeDa=p3JbqBEVE`adQ;q5{c zyR@1kxfn190QBph!ximc4SZSWm(uPeW{{i?f0bbOGMes9@wdRK;~xfIMiD;OY^F%C z2IK3`&{y#J{{RJC{hIVo0Q^^v#(oUC{>$*zu8a1&SqWI7yytia)Z@K4y-qra{7%S0slO zseRZFn+isG#ZhHub}hmWyMtM`sntwrV7S^h9R5|LvPSNb?)kv(YU3lK1<52`P9;$_ z&6BQF$sbi6$oz$WcR%n!Pur5~_JRGG2kid<<2_!(Q}~wDJNxDm`6*!HsdxaZ+ zFIptDv9j3xx4(ihmSW4eXP(Bqx5b)RzqMPa!C9fsa5-V=ToZ|$k@?y2f5K+pRMa6! zgz#JeHM+3I*1+7g_=W!f1q%I~*Wx#X?)BXtPL4fd1ZmX7Kry(8~dyk18MJ$rmIdB91^X&Z&Etb ziHxJw5HxD#Cfy)J+MXEBlGPA zhfMXwQM4C9k%BTvVIce}{BpQeiXq1*Be$(Hp&vv3%byvw@7e3)kAVIuSzJL5kp;+u zRfI-%O=`pgzaQP}_*eQ1{?5M_Ao16PJRjrReOYgs?!g7~M*HEGDHIrF3_6fF_A6Lb zIuE$CO>M-!!!rt5BwKn_AAl8 zH~b>F_~GIEC{x5X)~44{VG(~OWEqZ5GFP56=tX}I+EUM_>N9B?(lxH76Dmxv!7bAx z>x#+~=m)cDc2Hb6hB8u8rL)?-15DCjwbS1E0xmVkl=)IO0dds*Ybv`8_x}KcW&CI1 zeQU%s;9c4ypDsxTSSi8d@HOH802F+0eWtou$7pO)QeNbCW%mQpxGGb$tT{)ZzW_W` zEOmWnPqw{^eLhK*_G~}9W*Im>_4+NM%>~NZMEgVVI{o8bF zv_o+*x?6NRyQr($#f`;=noMxGU_Xb9iroRh>FXuaxt2F78yI7f4RsfqC7qF5i)nn> zTLwT5NTv-DT+bewiFCo#kV3Hat>*DP{Qdw?%81JB#!v4Y562Z3b~3U|%lLU~XRDS& zBoBAEWRrlo^{TqPrQVz33%H(Ek}tXyc?v;1kF7^9LAjCJSX|FD-bSk7K5~7%>zCH8 z*B-S+IiB{j zM;)>~)y}|hFi+mEFY%-4)}dbAm3-Xy>x#xi>U{gJTMa_x6%+_cV3Wr+pB9;_X^|PU z`OG&t7;rK_8Y8&nCVKUs_KvM48~#;x?0fTG-6c$jYjKXJF5*ZDT1& zz30zi?ja3~gNSF;t^-E@PO~H1rnUt&B?Ulm3v4-J*;*q3c zVYTJO-OZT$Oz?RU1}Y9X^fmO3k*VA3RwGQcy-y+G*!zbn*#7_;jzdeHX>D(-{5kV( zo^_h>{K(Q=4gn{Dk81K;oof2`QJcvCyS_^28EvZRW&tqjTC7D?&v-vU=%BXg&x($c*k8$D@eHV z;4@Dk!sqx!VJUPqk8|hGhg!5Z+P1iwqP%yaUor-B!!8FOp|48Qym9@Rtt<%w%a;Hl zJ@P9u$-Xq}u@0Mz z4|tnN)mF;lIqz5)*JJ(G9YOy93PnYpPY#o*=+Vt@s5QdbGi?NpIIH#=9PYB-+2q=w z8=G$&`q0@r!fa7lSVRIJWB)mn$GRyrY@tYy;eKO|)P_va-RQc6DRpEdwk`L7&lTTmQfQj3ta@#gwZw6gpD+!l zr$dSjAdY%XJ62?h)vjfo5q7Tgo;y}vr{MYHON~rU$Pqq%)D}VE$ZhqFHrcL-mN0Tv z*1hIk8%o!_D7tmBS;scu>nkow;9~}WJbLd=)N~yj>18)wtc{C+xDtC~(zI$R1k163I=r*VDE|PDec4>~6t^0Xhy=J+Wc#DqgClOwWVS<%kd>_6UrMo-#zL$F z;N=E-P;QSswzXusl*cNgcPG}l`^j%@Z{AZT`HN(8ngH~@B1Y70A-TDgeDTKI^Ys<# zUKkTy$#yQTQU+DbdF}`Gph{OVJ|N4W+CG(IsVUU(qJDV_+3)nLR=Vb!t!dHA3jLlI z032jylZin4QJc>8IIS ztPTUnatjRf^sb{#xx2r#MV=!P6~;jO!m11pCGoB6Y5Lr82Z?NwHdX|D%-I+}&Z5$_ z3mrz>#K?gFIW57e<^#{Q%X6jLPAz4BE><}Cv);ISTa7~f?jVdvvH_02d{oJ{G>Qpn zac6fFE(*+}cwU=x>-yKK=-SSovLu!^Nr(gLY7L^Tq1ra1r_U2avnSfre4q}$TH`!P zCH19@HV;49Vx7Zbhu`{8Gm(PLtkP)E?Pob`9trg|nWl^5b`X;C2jkdgfIVYc@f13J znjwTO=D?%cxXWEe>S@?X6BJ>Bam4{+rLagm#uB0_VZ$18S)1dVMDr}winP7A4&S8& zxb!7>#iS)6UCs_OOErg^14LUpz$Agw=|M-N_MDO7>G!Z{HfA{^ zHjKeovClo|1LjS3;KO%u6i>PpJQ3csd^sh>*-RvnsTj=$k%{ySIvtJ1g0VzP-k8ZO zPw{#RtE>1D`%Ka8?(QwV&n$`NMt5>YsT9igXz`2Ix`>U=rcg;f_^r(%M%A!oWl!PG zdJ#y60`<<4%#Ocl*xAByoyMz4qe-Oc?{j-27bkEB_=Nh|#C!xos2FY0D?BTJu(M%y@6Di;hxvK<2Evj!JE>*jZ2%u+2 zp;}FCbq(~eq_)LKWh0#Wit06cYkQ~(h_ozv1M5LNr;RO*%v0T@#DEFf-`=a%W9+X4 zQZn@K+upQWSrnIJyR-2QmuVi)IwI@;0FPGQo8o;Q<yVCY$@-wowu(7>a zWL8;}jBZiT*FoUTGRDDmJ9xxTK0Za@?kBGpskcIG&kEG^gtzhTuc{@yHn7VgnIch- zm=m5qFUq>V5=WbREZo%H0%C83uDG!m7#d^|CgL?~1!>BK$UtqKWDAYaj2!2XYh~}*MX*CB z2L~O6E<`mGq_eq&kzQSaM^95x%cB#V-{7{RG}3M$3#hO%py{vv`orJj3-45lO`t}|ZeEN^Ee^^M>#$ckBk9I2z3 zjPpAb(=YF)y|cctot5@5G7Z@W7{z*1-&=TpPDXpM9gaqQPij_s7s$^Q@mGsAFBED| z9pth+Hva&-k0XX1c&;%n_uM_K#FRV%*nMeSzh;cRTWY$+YBRT%BDu>wP8Pn5F>I;h zJw;VCM521`lc`)t5pGF)cKf*YgZR>MJ%>Y1-ISg ze>&wnSq06ew)gP4ipoR-V&`Z)=lWEX%-dLDxR9ihgviJ~wYA~%9ktT{=^jtaamf@4 z#XWuQt~}JSExWPCb6n5%Rn4cBeRi@+>(0UaN78_?zhN|gXn|JQgbKn zx8=se$4UfX#b%9j6i*_@5zA!yR+gTY78>omi*lwMXKN4vKJ}ZHpn5K&cQms@1+qo^ z+!3|76_4WRJWB?dWY(803~#v~>IWQsaaR^@m5wu0z18k??Jm;JIAOSr!MJw*F`lE} z73#V~%@vxwu?J8#M<ko;l{7sanKWd}_OM^7Hp-5p8C;YcXvUDJ(#fkOp&DUKX1EKNLrDCNKcrQ%1uo zM>NTlZhCgB;=MOa)MR#Lp06vw*fKQscE@oJA-3+rUtWMw*Ydj>;7?6^vzv#)ws8~w-Px*QzxPI ztqE~5?Pt2w+=;}IqPb-!jAz=k?kzDBNelUky+Enu=rtPh4@^9&{hS%g(s5k7PAexq|Q}-Qgf5})@CgoSBbvUZw0-L-L}aToDH}lyx!Uy zy*BcD&GUI|Mih(%$E5}?Egc7mb$_*4+uTKPX1QQmY@g!Ia~fuDr3eNCb*-7QE*<`^040G#E4HbMJcYhK_m$w2{PI5*u?OvCx z>$iHp_I8t}q<&mdppiis3Qs2<{2kIX)v})bmE*d#S(b1J+BWBrUo+|# zso~EMM>9p3<9(x?ZW+fFE@E;#)5p5Rdgc7FM$=4z!vcEoT#b#S&dC$m%wi;w@_KsG zQ)5#-N5eL2WwrdAp+9hrO?4Vhou=wKjy@+5b*x}3VacIj_?LV0H# z^4K1g=XQGDqYUy`w4&zRF~gD0eGOA+#&#psH0$kl)Y;#n$!;5ZsW}IpxUPD5V}Z;j z6(4=2M@_|=%+DLHc*h462MRYnIqo-PF zrCLjyTh}B2qqaNH2b$`7Y_e-_e|2>v>OO6!qK|L>y>vWX7=dn7BN^wfT&{w2adJXX>+@QWilVIMm}Af?)uPX+eba(tu5~?B#y!)x5>)8 zE=GM1wQ|I)%5D zG-n))N>ZE?Gh;2nShh$ z5svHcTHhADOQQI?4F+$9=I=>{IM>d321`rSgYDX>M#M@sIM{q4{jYzg>pJA|%+|?- zMkhP7)K^QWEZ5Sa#~@EBOlZH|UrJ=2Cw-=Prd?Iwxw;FbEQ4qrNcXQmeJ=9ZZGW@m zjSwk(mFBabVkG(-3F4?U*>lYI^AOn-nrF{#bY8IE8Wuiv#8*v$v3gCws>sp4V9jW-P zQ*k^o#`iYx0;rFkf890beh=4E#rN9%wAR;98%DrpOb$*l@7{u=6T7?87}!guXg2f1 zdpFGYEZGXF{3358BFL{Mg<{Q$eRG(OFLw^{U;%;7Cw1f3;Z= zXqwH<#l`NUXKfrwAmyY4GW!1j^{6o{-fI?`3V&!taBLK18!e6FxE1G@KNjq7{9h!u z3vWJ-P)4z_^aNz%@TqYrK=k`>2l!{jx-;w6vzyCE6<^DZh*?W;N8wRuJ{7dl&t;wZoHd0#4ZslF& z`>&3eKJ*ha(Y4PFUaqI8X>dS(!mIPVZ;hG%06lBNd`01l-w)hi7keT%30bm#6H_SM z$mDG<9`^WJ$r%tR`@rXQdghzrTU|2NJw8~x!oVt(&Q}$ijfiqHbqj&75%LGxK>3%b z2C+4W#`ylr5<(F|9DflNEXbu{r!U%k$B>|5h8eF`(XU0d<&#_7OALvQbN5YT=FOsE z_`^qgj}=;Yr%%0wZgwnFm(R?Z=bv7+>wXfm(9P(UGV_qXK6oLq+NLt>Y^7vS*0fzs zr!!h9NEOMHF#F5tTw_R(&l!$MZLO70n5I0FTcT~L$)6T!QC~3;rR4FPs}>V~wDCS3#!y zFSq+Zc@hMgJPh>QJw;26gruIwp=p`~I(@>)V;`9)$~Dw4Jh|hJUQX3x!1t_5iaQN6N4b4I?%z?0-s0>NpLnpoppMiq!= zJ<0W`bj9q?cJL>MZfq^mJC>g6w!!brjUq*n>8nJ=`>Q4kcA#zq&@+L~6-N}1rAM~3d8xe!`d&dBYIgCOGrwP7{~pwHuv z3+h^i_-3|2k1bvb4_b!I=DH)@{2aGG z*wI=CX)Xf=eb3N)*Jo!YpI|)WaSBKe-Of!Tno)fS?&VAA1fOXW#z?_K$o8#^7_DMO zYk*~8z{%uRp3rLh9UOAnr19RYYcm1}1KZZVe)!9%Uta50daM&7$d9r+f4h)RK~5<% zbAjjUBgaQk6&%Iiw*q&40d@nrL zz8|sEqqvgdRZxOl<)4n`wl01eKBuR{9MhQYOqgOuTW_yFjXqloob-PLd@As!mvZt# zB!cTXch1yh1E${Qyo2M{hiq>oy45VEj?rOt0u>+@z#QY=vzj7Ox$|#_poUB2lK5iZ zI3ylade=#KB1?vkPH!xh#|%9x z3gtB<@XgHjO75itbGscrmB{M$*H#&bMJS96lZxnsTQucn6}OEgw}ouxMxDXIEIWNF zO(xzwYW*Tup|Xk3JGsVBTG!e39AfTj{i+QP;o_4rZGV*Gt$DAEyiEGGrm{r~#)w8X z3}F2$MNY=4X{o#6{a*S+Yfmi8B!D81{>m4%2P_|LES;DRd|El8fnBdvIX>g`RU7KOSDj@6$Q!l~v> zxxne_Ye>e%67n>)aaUfs~M%3 z^Ya?-pz(?D<;I-RJpOdd6+{4&8TCGu^b((Qf>cSoWAOIl;%$zvuC46PsoBIQL??XH^LHGtv>=aR>Gk^5uxbVmUR@6PBb%+BZ9*g^^!&7kBYg z*6kt_9Hoai;Pu5{AgbgLIMUKAXAbDy;1W~K?i@=)YS5`Xwrz)}Y&%}R+iLYt;jg_Pc{h$%0wsY5T8O45N{8jLN zk*U~fHX4PEzS-5H+}X@>C?N7ZPZi9iV;O9JCZD#S!JS9pr^OlG9VX_=&iZF8JiIJ@ z^OMIl@eRx`6Es0fuqShRS4Amku5(n4%;ShW+=US?K1+#XFtZYPQ6jHy7UAMbmL*2a-t3sE{x zoX8A=vFb%#hhnk<<8e3xJkV~7GD_?uwvINJ%tlrRg#-L+`hNcaf+c?05csD<)cyf@ z)_5%SjR{iT*%EE|Ll=awf+;ptv6Lin&pTXMX);4->jdghq#;K=BVrdbwE?_4r z!1wE)#=WNO8_Q7-n#qE)MCyGGaa>g(GoRHwH=}s(P4ORtd_X+U4(qlOY1biuA}I=x zt^ovRCmz|a^R@o~f{*^pUMT&Q{{U&9h#nc&^yw~i_-9idqvh;L;%3Zl7u13?@0#aP z)DMiUHCK`2i_V@VEwq8bKaG6@;H$Z>tc9JZj7-c^E@*2&Wp4-gpH|W}{Z~S^Ss}7# z%Q*Y3&m-5ZX#7XL{{V!#>6-f94LVy`!WjB9AmC^G_O5o7!1K=x_@_(oUZ)MloFuqs zbX$N91Zof7$9^mHkHFq6wY~nxzh*OCkR)Vb^6l+ibYyc>K7+f~tuo(r3qti<~pJ9C=ohQ@a!@P4PL z*lPCncXBNDY&Lwuk?&sn;*B28{{TxyiGoY9a8z*K^{i!JJU;V7Z8A_4pmuG|$4aTG zsIxK7FgJ{FdXHMENNFB_;yb-eL1%2T5vO^(i6iFRNa^_s^_z_sRhPhUGbBxDRIpS7 ze?iF|X{T{GT%+*Q!}r#g*B2q7^0ojJt{DA)O4;!(gIVix-QMjM=Ku!vshC2U#cDS) z+oR8K8$k&K9&inE@#?I-sw{FnX3J2w)>7Zi2#yqF1AuW^mzmSA zltm#3=b$|)%0huYr>m{nLj~OIB2n_?utD~&S6#h^;?~kOkUK+=oaE!{P+8B}?3{?n zInPs5UtKkXO&egv)O(t!q9$p0Utherf>|brS}a+@mLD+BU*%SAraGLUnS?FBD~|QC zgrap9)|NA9*2dvg?xB-<$WKl&)AOovUO}UYf( z0LmDQoE*?^iogblsj_)+PB>siz(E1rucs~zRKJf<{VpatkS9c#q=SALqpPaJqeLd){kGu+iD z(D9u+!?&rbG&UT~BNDl8e+uaJ4FdAcZ7TS)J<7Rx0RAEeN|oH*M9I829wgVK7jwgH zZW}6~oFVu1u2WspH61Tekj7qnE{ec#-%7q~6DagHbUS-{;8JHWNEag_t!o;M){7h| zYiwmK;7Oi7Us|}nrc#ZJh&6pv#23$JBzw`gTpn}N718LaZ{Yb1KWCEF-bQkuW9Ij! zD;S#3iDcAnQWpe7T;nGo6J5`TZ0xTz>9lFCg^En45;siq!Tjk-bPM)1bUT=|r#2Ja z3D!0sIUs^5zA3eXUzTk{NmaJFU<8jGd~x3ugIx!5zMUI10`3K8jSd)qc&h$By4K{= zAh=71g5QY4^$Y%UNYW<@V|%PyURqefqUH&tRXdxfsjp@67sLHSSMc$?(RB-ZTga4o zgE=zu{50%s7u@o_Kft~w@VpkfnxytoHNk6*$XG}Z-WlwB*P&d;ZK|w50;+&8B=o7} zG`Z=X9J`jv2<$w?eK@BodCBShYcp5y#f--0$gQ%&CRvrSf)73Fh;!^>TjVG_^VxW9hyLi9m|cwCzDj#S|G8x;X4bj z68LD?|xP39t*U!fg*vT#BvWT0&%zB@SqGojCys?hAs5VIQD86S6FELmJQ^o{wDOV z5Yye9&AGQ-tA#P+mEwX~w-wc@HUZ?YDa(WscPA^FIw7M>5exPLJKox%<=Q_O(q zf86flmmohb`RMz}ad2WkuV6C(#%y7?R0Ms++QTfBUYT`0(zc1RGCcR=YzyrYuz@XXs_hC2)pz2`d6<( zf1BM)}BV<2H)NW*+B}k=^u{glwb6Ps)t9^BPZFOkg2_Ygh z3_j@X^q^-@B27m~(~&HcU8Ygx0Q}=UPrq8s{?3xZ>6>9afyDqvd1TEwot(PxFlo^& zP+H3?F%swH1JZyc({p(ll0{@po(~18{-NUOG_4+OI?@GXX5#~)_5O4W%hNAzbqLX< z3`oFi3<}tjS+$H!Y{9(P$EQI+>|3+fFR$QRD;tloWMh6ZSMaY*@hlf!BJf-3HkynU zS1^^FxyI%Lt^xl5JkV&OeCerpeh6h*n&wfH%9Gc%Z0YVS{>5TgMjiI^)cXp4g~fC| z?@CB?*dUn@oDIM@&o#$^|Hqlwh8yxP=TOCbq_>W44 z{{YNOhiNSW`CxS$O+!X@MrE^l;M|-M0#;B%NMF9yp#}t6C zGTO9{FOEWL(0PzSZ>OZN4)4xtbzA9nyPXLzFO*;3{hT0QZcjwl1o z*6r?MjA3L|C9*y1pVjXCsguiyj@z@+n9++Q%`~A_J)mIc9ZhXTx*$suGsSHabKCwN zc$-bI(XPBZb7=1*%63Yvj2h-OTl>EaHRb$w7aJkVhuzdu7pymof_;O=);+EbmOhP6^n!&*O^dG(A^SzPCDiyBk8s za04Kk&NdMR_k-iSm8FVSfUD#Tb+2*waihU%)5CJ7VYg*h$4AE%e5k8-GESd;;=Nl? z@ZPVd7<9GE2XlcYI%D##=S{TmXNIPZ9ZE=S-UQ5X1I(w>6z$l!s~$z-`J2R=toIgh zMP+OVDvHM#`d0~ar@N$S!rO$UM7rKMYG=^+jFgUX^FPu7ADoHWff;?<`!Lj-a8vPrPFBom*` zwe`JwO;@;&O}6_hvVGj-Df-j95zpzDOCt}o$ipMJu7X&iFe|DbQSVCNRaJQzQF4Qf z)7IKg?FeAFK(Uem!Rts4hg;Gov%ZMhl9u=w2d+J9TkQ98>8})4>Ae)Nz~%n6aolNK z^S=&whWo;PCYM#Totoh?rZdq_Kl~~~)24`g zMFFw#71p<>T78xWb!1XG2fx!a&0oZN&bxB}x|9eb04k`*(t~vbUecXjLM1@qM_z=Q z%+=U6_(2$nhBpl3HG}ddaq3&XpBj8|{f;|UVX1;X==x^CY}O@Yg*)yT2kBY* zrk(w;HJLR;ujt6+mSSNYwn##JC2A$Hzc)a75J5M0iutQNizg4%IJEz{$ODH9XEJ^EI zx;!s*k+h>bdmgo8cj|XGcQ&46c223cJZ|k+zCY9KnRM&Oo>Ov)P>g(=PC3uvSh7x2 z!{R8?@XX)5$l3?-R*GqjadqdqZ9+0A<}z{_a|=UwkwlVn#&OoQt)f^75;x3ye@eK> zsK~c@rN?z>7Fmo#JP@@kd@rIJr5O^6b_O*B5Z7WR4Fn!4@U5H zo%B|B63-&IGM$P>2o=^rCY!EmmfAh+*4sm2ncIZ=){&81sIjZ~Tf@pP8&A6>0&uCu z;y=l+IJART(=|1?vJpBs!?8Syw#Q@X?H|S7Ce$=rZ7%0lxVeQR+NMFDEMxAEL0>)i z<~v{QmO-g4#J~VXc+a&fhbcFQd^KsRTqTvZF0UUBc8u-gn(bq>)2u9AKFt_pZH`Ff zW3^8*CQ;DFTiX~(kr9!>$R@hmO-d;=O+tM;$@_AU-0)bME@3BQ%6vmK^1`;0;aInr zdGA>|Z1LILK{eS1*;_0`BitGGU`!s0&6iY3B;`$vbX#Cak zrjyIb#{+4h#>Sq|^Nkwj$567=bh~6r+1KRWy-?R9;~hcty)RDi?X8K^ZDK;V4&d*Y zdgt<~vCk>o$gsPX#@i6cQYBss91uEiYTdS!>pX6kQOyLZB`k+K3G997Ib`)Zo5^2H zgMFlnazc&$fcCB%RkzkPDWXj|V|0E?`cOz)S-P^?-F^O;J?pR3v=&_?J+q^;0t$o5 zoOQ>g0CE2S*!Pj!NWM>-g$0Nl{(Y+k`%9Hx-B#WF;(k&+4J(0O&%)O_mE(Z&D#oXN zPZ+Mk%fi}DmuMuB((5AuLHnoHj&6uzz>s{T-VtZSxyJuK{`3OB2UQT}^V7R5aSQkG3d zcu=L>-^HGGHMfOlj>2`Y-P2zouF5_%WaQm1bfwOBTi`U?c>#qoF=y(qpQ5S&Zjrp zZHi(bK?{NHSo%zwhM2E;r`}8Ui6m86V;r3Ef$v%CvNq&B33N-@CNXOoZOyI2e6F)D z8z9=-SSd@@cnBmfFZ1B!g+^*1PWx z_*Q=mcxv|YMY5Gnwy5MGfYgW-e_4@4DFFx}fSp*T$c;HlcIk zpBU)R;hjGCczq!9QRRrnOXrgR0F^Ljt9Tn;)8Vnxd_8?-FuzNE!sj^-!}x!dZflzD z?1_7)+AMKQQ{?%0-PoE4Q0{z_<7e^h<@|ALFZQhb$mpah5ecJ~Bo$V-~o> z7C1G2`@{Cl8%?Cxv504D1E0q=l%!pbS6hxeQ{}%gV7v{{Sx}XX{xSLu2S~2${v3SO-Ff2;{00tL})K^KP(OA~-KBua9v&HkKsU^f3ObNKjvjLwxeR@~6%V8d` zs#)hyn#nEOYp}|OP&zR0#wsNf8Aq|h_?zP=!*2-dG3c=BPpWGX$+glYDhqZQ>}%%# z02X++#hT`)c{@GLwv8;FV#gwrfkb0sR2ji){{ZPp6ljGmcVmv@>0Yhyui=M?b-Ssr zz=dHIj~m~3yGSwG{j`0A{FAXKEJs0GUk`O#9YJ8TFnM=s2zlgx zlj)OO@{%-h(Dj=;$@jES$`iLvwdfC|eY-_=wv09TJBe)l+;pi^NQp$@#-DYkCd-6m zk$7SO0Oq{A;x3tgsDEWkV6)v!lMV59W$F5L{41g}x;2XEaS5kutE$;swWZ2hB$<=U z7!0HypN)GwI#!S%Nx}<7z(a-3JxQiEaawk_Yd?$cv|Sz>i^!ml%$9K2P&;v67w=i)zTdfa7(d~5sX{AAFJny;K4p{fEDX_QJ;k&$By9rlJ%XxD< z51*g9KA!a)6w13sH-&U)jPmLd z10ygPW-yla>}wK-!4Al z@tO&8IqfGzxWB(}Ae|E-jGT;D(LNWmd0yJyS=g>Z5_@C2Rx($Yk>HbYSis$n zT4cCf?QMKpX{TD<+eEp2gC`ty{{ZV(pKJalYu_vE)4VdP54cDN>+4tS!9^Vhhx|ox z3~;QsD|G#EP6+&~)pS1)Y41J3)b7^R1ZBdx^c0*KGE1PhpB4Nc;k}VZ9p(Mp_*ENs zEPVa!isHOM;|(*!+Kra0HJnr2d4UsZ?Fv0{_*F$TD8%nIi~T3WM@P2uBa(C>KIn+8bfa$OEDNH=qTs8k0*04R`F&09uw8IZw}kGp{hoK;D~ZZJxKJggnUQi4-@OU zz?WT`dFAt4aRHPsu^kO2x(&eTH1>v75v(eb5rRqTeQTt$vP($kmE==!y-=K!^saV> zshu{F;k%t^xRCisIV85zk6~Rov(j{(J+#q#BHgA+?gQo@Us_Ow&6OmJ`X;k{wy;>B zORIGSgE{9tzpZrsJF3*&dxW)8h!od>%gu?@^*pNx!Ye4eWrDi zWZJ5C62lc{oXDfAi>pbZlEq9epp2z-ejC)UZenAq3_bujZ1L+^O5F#3hgBY-Wb?F8 zN*P8#IOP3mNSZM!Z&@dgKQPV@;A@&sQz=N}E;UBDy_I5sG-1SToaJzO*H08ss+Zbi zUIr*qu>&r3=(PA++Sw#P6tlAXcExkE>UUbEqPFQ14d5yHdi(yBs*(d&Oz?HmNp(DE z*-?|vPr%f7c3XIvyw2S8{HW$eGJ2Y}cQdLJfFoWo4_b!xZnYUA`4J;gfN}cPER!2r zvU@!}k(fx`N`so?G$6WXO5zgtTsChU&YriYZaA(#{vc0BQVb4oYAEHviX)Z zS9y*XAW&}!Sp6lm)*)Ngws2u*eUXup4;lXe8u$MIhMpDEwRw_#Pfe_pSnR6cEIq%OEL72xRVUr3U_=ienZhGi_Vf!-tK!Zis zF8mLw#XR<$po+t!Pi1Ms=lQU-nq|!>j(tAGK$K zyh|pde{12%r#f!23#SrB?YHLodiz)QkKk_(X}Uj$Z8h%->r-o98rH}5mAu>cDBtsK z2e=sr@ve#4#^B_StiB3(ig{wW(KQ(*+r5lg;0$)FUmW})2Z}r!c^}z~moa?suZ|4l;jA{1@>ZvD5G7 zh)gz+Sru%I#)v5L(P|v=}UQXM!h{x ztyc1P+lb|U8zAi@Q)rG-qT4?68#qh?cOK%e>C0@QP3pvYj=t2*=|$gC%FOVfjJNK~ zcdcJ5`%6!_)8sQeWNr$NwTlCgDKpTfe{DbTZ`bXgaq)-Xj;H%Ic=udezlk0Vl#2$D z{(Gw<${_ys(E!&#D8KUm0N*~9{SHq8%8e&LeMd^?uC=+hE~lAzhBn$JLHpQ_cpFS+>KLP$R z_zU9Jg>`RZab9;Fz{~?7$6hmvT-u#6*#7`PpV{ByuZ4Vn;a>!NM)2+8U&G}_ zW(@iBtt11GMnT%&DL%r#M&h2?pleGR{N&msw~!trL(dh>F_vVtcnosHq{8DTkGj?P z+5Z3qy#0=?KWPuy;?Ltglcq)g010o0m7vyM1jMsibyoB{TWQ8Wh}R^5{t;%9M7p}Q zk`{{U*@{YxaQqT7M{MG~Kf_)pm27PjPq!9Vut>+u&RS1OW^$K6(KUPBH(Hu$g0#<< z0mgIMuIt)_m)8$=p}x?_6}b2R0PEH=jfhP18@R4xx{hXJw*(R^=r4obKh`w;cG}YN z@>`2}0E~S6LVAK?=Gyk-MY@bz+ms3c9YCg~V#&1I>v%7Ow(*eb>%d`9 zc&7SoUs5;MFk7regY7*sC~oAoQl1#^ZC#aPb03^HE;X7$LcV@ddS-)2y$(xLuuGgtZ*H?(4mOYCs#l&6)h=w3=p#ceGqZgIXuj4r zT27oNAc@sMDr=dFEBm<(>6OA~fs?_Y$*U6G-5^ijqfa96KiR0XyFsZDZ*YFi^JgUE zZ8S~EZyv`+dE$kdch3@IsIGqM^lD{egr6wmzH?h8ZGhRr+v)y9Ox}9uIX!Ak23L7w z`$T(+o++5Q9*5!!Pqb)@ExgK(7<{1i`d2k%%OtQ{%Q`0Z*fZSjA!mKwwG646kgDFbqT^t&O^VnQz(@0pR zSxCSJx;vMtAHJB_XC+{mTUz?7n73$h_H=f~1}w>qJ*yWy$s zbv;hX@)e2VL6W3$bMIcGs@u(|tSN16lw5N06irfbwVt?snQ2hP3$Y?dQ2M`K$ws_Xe)`r%%vytAFhsLI~ao zonwp=PScUo^Q|K;gh}-|J8MlkeNxcrR`I~$f%#4_Ya7Qpt;P1YacOw58|a7cSwP9{ zpVGCti#ZKG#@6CFW|8CF8)RpxH9gLyJWCp>bzYw+=}1NGKEmnlE#=%LM>)ph#eFT{ ztvc4(BZ_s7UF(CMgFJs)!Lvmj4uS#;}*TZ>pq zOK*}wj+Bc`^M4AXT51zqTw6sfX}AoImFc(I!|D2SUM%Sqk;6F$0ebQJQytG4@qfl0 ze&WeA3uz;LFiISTT$cJAW}?$C?(Zx-`*d><;ej0~4C?JXMRg9EQ4lPOMsdj^xIYtk zt6RC6-rm~g=F&iZaz`Y33JcJzz97{F+7`Hx$p8==09NYV%Qeyo+3ppNIp>N9Jts=k z64Ok$f;iW4`3B$)1}n(*{{ZxvOkm^FxTKimhImU#o;TDbxJQ;80*rVI&2$>JucyQ0 z`H;l&rc`Gc6v~8qnYKEe)%}c@I!(()%1C7g9V;_T*R?OTBr#5W^7t&rIH1zUuSKlf zTN`LzK**z)1EH+VVo&YK(i?fpTrN9w6uFQdcdmGMR?;;opmapH06E9rE!LxFmgW@- zzr6%xG3qJY4?@wrR+hHSYkLWGQHbz(2DP;feRTUc=4qmX%=?`6Gy&x|J|(!+uCFC? za{C+wEOH0ZsL7>kQ0kHDqS%P87tG#Um&Qj=z|ba#O=B##5?@B1RIk)lt-QLGoJnwu z={k?RfaFlf>tS@QmhE+}YtVVu8}SHkGn2(?++D?}T5dMY1f+~9KXiIlEt(u`w~^_0 zYrHu^alq+aj-RcA

n7%YpAwOr>L}vbjl=1`&&a$Ru(2*Nf^FQEA%U#of`4D`PfB z(oZIWk=M_zPcD@r+b;WP*-(%(f_;Blx#0JT`Wx3EuRnELw3yo2+slj%gOl~E=0$TeF?>&Bs*!PHA=$TXKfK+|c2=78)s2d( z`7&%J_bU9^$4vF8p5&f)YbLp?%d1au8G~5ZN+waJ+sY-0DU=MWPlE&^fVfjygn^r zzPFuWF|v?)*HPk#wCzgr+WjLwZ~V4qIox^XfGlZx%ocL3tX@R6&7AHXDxZrr0S&ll z@e>?mTz_awZ7lF918NMBR_vySQ_>Pr-BV}H&=q@%^gGeySB2G^q{Fq!y?qJ8ugYWh87B|BB&j4 z)Q@`Ub&Weqx3#su7Z%e>=lxLY^)y_`$(cS2g2vOt&v$b(L2lrI#zLHWSE0$NTNa+y z;f~I5LiMC0i1V86;^GoZBMqaT)z9AOSK4HbS{8U%?p}E!nOvr8Bx;TG0Dbz3l07gT zvoQIGO!TBaMs~K^t^S{*Jkl#m<*pZD10uZ6>s!<{o2%s5E#f2u^KCH?RIy9d-N4f9f!)zYv_@!TISro&@=Lm4NaqI`i{2)MP#il(jjaP zdR4|Y(AF!V*y(l}t(1_Pn?V%n!;IIq_sqwTkAws!Yfm?(4`uU<(;Fn8(e@(9>%@pv=}@!KbS5c zx&(ZTjg&RDjjVWwjl4~NrD|_9ByHQj3OOH2^7f8j6YJL6wx@9Th+;C!!jshh04f+A zowc=)dF6@x{{ShrGXsFtiz34#zm{2BcLaKS)-sKZq_r`1OMfXDCHay=kVxojnU))i zK@@Pr#aLr-9cXdrYZcJa)2yW`;_4&j^aPA?Td;U~@*bgkf<4g~1v+(_{wW7yz%KM{Wg|~7?Z{=M6 zqae|qMMjYV*(jd=*>UnQ% z;D!bOxKhld01tZYE;N&NUKy9pi9s8H8pXn^;eqD$e+gV~?eJ<)z-7ATkJ5QJ3WRV1JC?R ztWTrF(?=MZ4D*G_72|qky#6cJq=GA(%O5nE7j&$nBbB3`$^OMM0A^^o?9g!Jdv=dDZ{aas5BQ>_V8FVo=|)OM{M`5!VUJ0@fV6` zjO_(ZLu1mB4RkrZMRhsLxSitpxZ@lH(y<|Xy-MylrI06)NS1vSw4eou?qg z9x^#B4QO4@HO`Y5k=jB)U!v7=nH4N;rc)ctrYk})4mz6MmiA4HyK1V9ia^0M`4NLO zw8XHunl!k%K_Y_WFz@IqCsm#ZFGzv-Cp0Bt#cD-&sWCC^+*kqB@m1Pamj-4ioq48g zSkta866qx@lEQ=%r@jqc&~CL$zY>V;0shZxkCrmIQl}gm##@6&tha@d&S~bdF{&3X z#P>DGYQQXux^!H(%g;P|)R@Uw<}dYcutc*$46c6mD~-I?wQWg+vow>a8+P~G*imF7 zO3oevIAOeJ1az&}&|;PdWJU=ldE=ApYI#tO*GKTguVHz8B5ciMN2i; zZf|9~^0Mb}0K1K_V!n%DE<9@HG>Y9FysOkx<>vu8( z_IR5QBL4sro_lq!dKrz~neK64hqww^e5%ohETFG@y=~s-(y0~vx_tNZBOr`qr**0x z7S-;im4v=z86*|Y-sg|fy?DJ3=E-Vp_<|^rzR@%7m4FI5@m$8G6scoraAA@t*-mn& z=J&3YL}Ozb(rIs=4L%K?bc_*wTD=EM_+@7e=bNd*zGOu1QUh~W8CcOf8lD@_88yp46GMBY>GqR}Eg=Ph%y!@~tql}TZ{ZH5 zeW8T$EyGA-S+=|A8Pb%1Hw`Zc%g}RDLZ!eT2?vSY(?U|A^bZVTV13|%z4jI zUOf857Sp%cS<(;y9*5~pz@lWQjIJ&`L*e^#X%*(2jzpy}9~tgz-k^f%-g_HMm3ZY* zleZ)e4I=qbjjdWwrD&S`je3@{Z2>oo`HheOAI`is*I&MpKeNx2l@8s+{pR%^)tr#j zPWQuUf99E|L{!1vN#NJ4_AaCo!C3jw?#n z!cyDmQJ1?-vHYJdGI8oVP-88QgTruXx_+%4y^t4IZy0GeN86#VZnk|Y;@)J5Ez;&S z2aZ2V3}l(hUTWWE)NQTxS-#D0CIkz+{bP5>@6}}%c7UlTro+UuNvo{(_MSo& z3%CwB>S!qRtE-!fWlN)cWR4-7!2G!SS8Jqr>c>{nu5WJP`(C2?iqb|=fx!fn>5obQ zo-?Cqzi-qo8^n5~H&Q%=ZH+jL1Jb<{$2up5U*T@2XAIWxvdCB}jJtfldmhwSXV0Gu z?CiWX$6$0ns{ip58nv5t5kXWUm^;$H#iz6-jrwa_EKhFGPJLKyEWAUVK4hgt)h zq1NiU&ZDj0O?#}Wz0+;^wt!C^O?93ey|j*4F9ayEMB@h-#yix@L`<0%#Vu|Pe^HB7 zyEgI6sfKva0^oEeyz)&~Rlm^NNwK_ih_>+Cau?M8RO7Hk_bOHQ0dV*XjBfKw8q(~2ZeOIC}Fr%F*Iw2<3E*nw~IVa28FCJ zh^+JE{o(v0y#S2o)!^|8K(k2-FybZPa(bHc>zJXoxYPr~`}oOBXOewI172oji$N{C z))1K|`HAv(9OT!#_+51^GeNVrg=I%l11rdKquP^pB6}VFpQ_zG)P8f!7lKH~sE}iBS=0UlRItsr& zl^%g&x4M;#l3;F?5N_Y>D$=%w$|sp?m$q7lqc*RmLnVc~fr#=(c=xU>*(K%E#ku5G zKQL~UQI&?zMbRxK&=SGzbi@|YHo{i`GK0zHx~*=)X{LMoP>F04c~A+@9>1LqVm^C= z;jhD=82GB@{!?*2tqBuJ4*h|o2Z9HG{ zC7(0=MEG(2n>?N&(RR*}1&w}eZd2bC2Za7C>wX@xw9^2F(Ux8LLC$`)gr(4)L$uaB zbN#T2HJGA*v>dd%Fckj)AzfCNqgwZr$_{YHuo=yAO}>StV+PmaMXrIW zz_X;c_A$2UIorVh02=#yz}`CW8h8rZ#QLrEr$EjRcYj0xq%JvGGGH%B{n5_AR%-w5JuzTZmCByDS5rhrLC$2qfgYjR9 zlT5TxW>R)$3J>>re{Lo)B?TMKJe*4xw;fAd^ZM@b8Tlejl}F! zuwuDTJr9w>Q zRo$BfOLwdp(+PDv)<$_Ip6S)Mlh2^5p{!EO$tjG>$!tGSSnG3MW6ZUEZ%u+J7Xg`{ z9CARe9({P3kCz*Hc{s-zt%#J2-y&{5{k) zIVaSiwwoE@2|HKmP~>eE&t35MfiEJsxRAzHO}WE281IUHrJ>zvuuXL&^6pcVByha+ ztgc%}&t5R`?ZuX<2rN~`WY1%RTz!qB>b6MN_V(!BUgu;%l5y+Ss!OSyrP#%a+1JlV5wg7S zyyCLW?bn|0fkexJRj~nbM@1H-eJR*HP5g=HNyM1;0;v+--Ub-8ts_LabXzLQX4wT`pr$o(DL+ z&^7tzTaUEb%P0zjlY)DS?yfH6`!?;{kZ>{Dpv1tl)=lNyns__Nz`*_!T@96`h4khZ zX<}tlxG@+fJ?QqHWvDZh)ig_&^F^EnMN{9Ptql{xPd&8vAsg)hfPA(980}KzXmNVJ z-2+pSDL;24ZR^w;yJg}Rm7tL#Mci@=9>0ZRM=9x=Z-ijHvipCQ%M+D?d|` z%T2epw3O|*E#NZ&fGJS56fBhX{Nz^*O90U2skINprENz(6=V5 ze{pwu5(Kwa%PT41dt$L}Y-7}8RF+m&$t0=4pyr%SHPVim3}Sf}xoZSuEB)ziD{_D9%nv^slwP4{4qsw|mVl z{^BINSk`8Y4qTIrAJ)Bz$Pc+MB9Bk-){%C8#x2+p7SX^X93RYnb@6w_UkBWLPw^h1 z=gVw0e=}qSQ~{DPk52W@XC$v<^T*;}fi;f;_<~InSGUc=t4L)dXmtmS56Zm8WP)fy z<7vh*=xa!}Qi3P&?Zw}RwcAa9O_U|&s4lX95hJ(L{{XFDtltg%VQ=Ft15LS0luNN1 zi-1lEY;x4)5|4D#_0ktTnOwCfBz*4xrH6P9dH-aNYVIYwLX~;?G?0^}LP* z;z<7hcnJP=n5D7#CHr&!$+~yOtvkg301Ym8TUlzhvR!F&kNIPB7%TzyI3w_{;Wy(a z!`~J7GsPO$hkQ?`!Kdr?cavG%+bGGm*u_I<-)KLLX$R2flx~j)yM`!8j2uil`_*{- zr9kKoGml&v*5?IC5nRa%5gIq%>ygmaU9xXgA^1CS{b|I-4w=?9U`qjl4mmXIL*=Ul zUEt&ETBo73UC97>3#kjYj1Kv&TUf=c={bD5uPd4wI_b0PZ`jZFl<^R#Gy+@s4@+Cb=XH zALnuZ00lDrk2UYu=k})fiQy~6p7+9ca~s_*bWfDp$js<7*W?7L`d8DP9wyA0=}`hlHT?y;oFkjbB}CSCv%|71kp#~<8YCXk{KFO7!iYXGCf;JZ$Il~k9R_Pq_m5zX0yG9vRnGob+wBA@Qp@0i<015*G>+f47rh(0^jRB}h zro_e~-ci6ljaBpwP6gGWl2kIu<_(~Btfjd}(pTE#SGpv|DPmbr?IU+2;=X>=Y_Emj zyp*}0q0dU2m#GWh-dk^dzcTZhvlocI-E8)gN?1x zzY2Dns3r8p?=~*xA1aJvnwd(&j82nNo(Q6rIMrc^zlis)7sC^#sjVfOy6y~0pHWRQ zGd7Q{LXC%UEO<5Nnx4IXsAAgT1ddA%2N=yUsaS52;%RL!p^4)XMjT`mu9w8V zE`2{&w}QZ1T>=Agc!U0|0so^XvsC5ZI4#`Tj;M~j4U|Yka+9$tQLk#XGy}aUE>6F9`&pY z=K31fQrtrrmC=hg&7QlfOTw2|SFX|dDrU($RCX0+Xt95PJ8I1fG^(QkR30loT)Qy& zF~`0;g*(1qyrz<7v5#@F_@`T!TeQ@#FK*|ZWAgt1c;w}H{{R7A=cZ~F*KtXH^E2Ek zIsy%9iYiLg$!Gyx)3_}}x)IKY`f<;IM zz~elF*Vi=?m9!d1m$iz!qeS4g;6XhHIj^L=HL62-1QSgn2Silde(nN+llfLMW{M>X z{{S9ZYL`u=?usbmYz7C1uQ2iK2IEruDYNqSAi-7O@!ZyYjMDZd@HNa)ymrpsM4|D! zKXg`)i#%C>r@6J$<^oq3A2(mELAjSQ>JJ=xjMItopt;U={c4OF&9dAixBDfEERmkn z4DXj(O=&IO(G9X9g#mlwxnCCelI|<(Rgp!_n80LzQIGz;Tw)`Ni&VR9MP}0(pgZ@n zV?26SXR5WO;g3r(@TgvW4RHBlwD{PgHYdg@M_G?so;Kz-oDBY{Ie znY}u#wWI{%8=M8e;Af?JSB1>h+I(p>+Pus29G*^VHv+kcJagiB?)*I3bQckuhkoa; zYV$iCYUaWu1xp~pu-j7OVa8n z3AG*V^Unt&qnZm>xsFNW-xfx5)QYZT1|8;|X$8a25d$r?cV0|k;%&td)60}*1GdY8!`obxW_ro13f-XJH)nf z+kK+h*3w)uy8<_TE3ds zV^ixYMwBDcAc{-e<9AHeDA)`QKGN#d%vyvbWaJagL*hLNb&0f?<-6GgQi)V|$n8`I zWVX6rhplae?UW9Zq1(TyIO;13EnW!c4CJZ>AwfN=^so+Fq@Hl3#;}vf1Dfeg%0~sg zqQag@J$Cc?)CI|#M7q@i86kvNp~h*tmW^))kACP>U&g!P1n}7HSxEuna9v$$6QtMn z%K~ixh8+*JcG23v@BWIx6bz3_ku-EVU8MIvyN@d_G3}bq)chjX5Ki}upK4Yl4w9YzFrttQDU%VUpErAbzHJyXHj{iuR9 zn&C{0q=D>xYl`@@qbzrNGeLXi+|CQM1NeIX08Agom>k}bVJ?F-FyE`jpl(DX8-cG& z(~8Avw`N9~HgXD&;h;vGnyd{Gir@VjKnj-kuOYY5wN=$FR`zjmZp_TB-FY|$k*_J- z*ytA1A+w%G6S5MUPc>Ri5w!0rHfdy4Q~RA;eFM_&#KFMvTev{j(Nwwovn_>o3)IKc52h(%W$Q6&2K&03@9br9nX4zE40rX z$s|bIjt2v!bUN;_Y`Szza_x>u`cN~=BAst%on2MpZi5_Rtvr{~xs7B3+zz?qdsRfz zGVXMC*EZ{=n|Wq4HZXE3mW`!ZHR+i`$^F#MFlgqsg_|BDv4NFhXjNDz@O1oZ$*;7+ zv#!{bscokNpsixS>}@Qz*fqI3K?4Mg*I(d>;M4EgRr1zWjgTIhG|P-`dc2xK-Fa>z zUo}WMJ?o#I3yV!)$sC_#!vl?o=NY()%<(wxhee1})OK+)bR&r=? zE2Wx@0)qs5=BhEcMm^4xMfg*DapBfmO}6@-${!`A92Nq(`=1MHx^|B6YOp~S(D@`} zeigm5^rd9BD#d>fTR(@A8_8ypSsBO7{Qe%*-fN!`HH(V~H0Y8h8?vB}&zgrcGtBk5 zuCMOC({!iI3KR@*1zAl)?0RCtAyU};#cCYJ(U7{8S4$)KV49uS&XfemET3kUS9#+A*V;INO`qIHIl=jehF^Ed84h~5^ zw8Ut`JR~qNM!|Ro1B%m<`de!iBz^w?m2uoq1zj&pX=a_T=Z$UMNWgAIb((Y<7L1K) z6Aicr2uRWI~u8U#NvLBLb(PAqCB-j(9G z;)N_Vhm+4p+jNW0TO5A1<<}p+x|ZO9ys=wyN1` zR}yM)I)f4}K|kK~pbu4jdO0mtXwRaU?9-^|}OtsW6mRaxX!M5+0|rE}NXb;Intc^WS9^Y_P2C^abB%IeCq$>wv^^{wmskhY>V+qWG@YEsx} zejGNYD`kf?iLTPX?m zJXe`~G5C{z@fYItr-pTpvAu+XM1^3&?qwOl{Qm%*c=*g?lCnQ+$ao{_QjJ>L%=8Uk z;l7aGB=JV0Wo;tKJZ|woq?PjkI3Hi|uaVQoJ}K}HoqaEhJOz27Tt{?P-gy`|ApZak zI6Xyp^Sfv1*lfZ{S)2j!rlavETUcayG~F?yk>!w#4E4$9j`gkkEoiB&{94w0MLSJz zqG`c&_~h8wb|e2H-iz^P>Ykw`w6NS*>Cz+H@P*WU z>w<(dskWGtE+87>eEcK zwua8#Q^|w__lW+z>v7ogeLuh&j9RvveKpIX#V43{0ngUG&soIzARlYI2P-Jxj@4E4dr7$*u=a(#vm?PssU*NXYq@nx_(;#+{~xY;KnJ zd7jTvh?k9rt~yt`d^|{Qu4FeFj9y|UQaojuiK*l;XxsRK;j3%afp6{Pf?>lFIr`)2 zUo~9(G|@E8VdT5iuFjr!G9vMoBdPr;c0y6HcHh9>9nZjZF-FFHL~1Q@gBq_3^5=GH z_P;)++CBVne(on5Hv!1{9^LAr*iKhIZPfKiG&e-NmTQ$<{PG+ed(_?>@h+Eo%p@^P zl6=5q;}t}mHkom4Ya`2TficKZI^wi$rMiY|D~mKmUEoSd#^FG@Ouvab^?#4w0oUBe2AOv9&XQ=AFrns!!L#O%{mLoW|wy4V1;@i z+s1hHpwco(^Zx)2XucrUygRE+b!&BTrP(uyX3zS>Q_1|QE59Ci99>vg_-f)wEhB*e z`3`rUxb2MbK`ojVHZa`lb8B!D3rP@0L_Z^AzCCNzbgvFuYXa`yRg!CDdsi_aT$x)3 zA5Q$xN%EJ&{{RtM_&>)fqsZYcgzW@vG5M39PWAORw$bWZjE=LcknYNmN6kR3)Z(=( z?Kw4N(oFE1_XMPDer5x%E6)5?RNW6{h6grWb);NTi5tTI=8h&*w0V#$Ax45%F-<~{Xrs{R1=1b;K!5q zTk`#Dl3il+MvZg}*&A}Pe=z_7s^Z9$Zgc}t`%E8WNaLLw3}5v;-P4Zv}l^9_4emh$FEo?|qK#Z`uRUe(Pli8*++B-1WnnpIIA@tlr78uu+5#OQ3I zytZhfW;=PuHIY%5aMg8KrG=W|;SRkQI3~QqO$lvxefG<@HuB53l5^!}(y9rU9f|dS z7T8)|wwb0#*B0!cG|VthwknpPsb77OT4@~G?jdk~?-kJ)lO(r1w&wdzyt_q=X7V%h zVE+I**oAz{mMH_r5Ku=M$?wf-Li0Tb!q#@$!fHZj#jMex5tdvMc;hvj;9m+)7mX!p zS-7kWEhUg`5_dP1>=$)kOspHu7K{PA7?0Ejd_2xwYt z7Q60dFz=D%aKTu6ip?vU^B*$nei70&8GygN{?2IS5=P2S*5{$cd6uE#j|uon>r}VA zzqGn#$^#M4Be?HcIOq;nEovIxqbG->ywKzOYAX5Bp*Z8MakoFTcBGmu-k2?{BPP+I zXcaP1kA2;8D>+jdX(Q*43i$g`(Y!?ly(0^$!6~uMI48b6E9n0K3~3s7#7k*BNd@)f z?B%Vco&rNFe{`Js)bi_cB`X|X{32dI(XDl}u3SZTqgx|1AhBl)la1N0C-6>@Y2r<3 z)^Ht$=TgHMAoL%l9H@_Idj9~6v@3SgAh+_$F^}g1xUUXX*JDuP5Ka^&?D?tUQgJ=7itYmGcxT;0T1?E*8F3fMoM0jT8&#QAqq@t=uhZB|hC zaA_AGyIABHCl%wGW{2n9T<>XZ;&&|jPTcy_aj{ZKA6@)0Zwu+k2ZuCWQe>IWpLOP+ zmj~17&37Iyk4n<~>%BTywHdUBS8O zlUUm3nRO%Exw-Qo$KA&u`qr?QMrX{=GS{!Ax43OHO}$Aj%dBOT@PzvQb?ZJI`*ww4 zZ7i}h_bu`kBN;g4)`oI+Ix9^<=X-<@V7Gi{Cp_Y|ZKZNT%A)~^b|)Ka9%f8rj^Y;6 z<+q4jc}XZAB!F_qup+heO)kkKI>xJSZ*>F7wP$m+b_$?3Gi;(z3N1 zokA_~NJ(IEwDF3~#=#?smR6ERR@;`y$6B-fmBdX1yW2f6$)sfDbWwPA?&b_IkuiWs zJcIPE$4#B|YX-M@Q8wpu9tji}7&_LcJ?!?GrF{wD-C6XTOZ0+fTNzzTZ*P}4{VF7%L#1pUB=P>8;hSrj zZl{KML|ekcAT5sk3dE0Hy751Tq}3sgbkn0AXYV*5eJY_F3U5Q=zZu=a`sL$611hs* z?OqA*UDtzrIX&K*+O*N{z#$RA71bAGj#3ms3_7A+YN-G~K3JQbr`Por?*1Lp^n1C! z&vkoerz6Bt|YP@^xo$eKO<&Oj2v9$@MfvzG(Ap!0D zRnIAQBKF+p?REfe9x-h;a!>bw^{e`BxoC9{FU|5coUmX{@s7r^enzTn^!+jF9H=<-sl0=opFR9(u${HYwOCerjmiY5iU*cP zc_O%tH$d?gw+?i;nipJQsZF)f%JcYo5VVPgK6QtR%oR}Cl4S4pHgZ60NMI| z#-NvafsK|Y+=_V_^%O~1(H)11yjh_xl=hlxM$x*W1nAMQ>-pD=L1_ca_LYg*$;ipi zH71iX@3n~xjTl8ui-*Gf>g7eu(n;n-?wpZ>-h-NZnwFAE7@4kTelV$=iqW$BWz5q{ zB5zgsvIjxwL5!kw+HR)|Pv<;p`$-2Qfmyottp(GRiT1E=KpbL%(y`7*IF3`be9k!I ztr0G(J?dIQvYVDtKwO0bu&8q`F+XTN3hH_;fNwP2L&5r0{-JRyOm3x*b4GxXjQiKn z(fBUn<5axWbn8hiZ6@6QS}r!HCxSWS`d6~zLF-Z_?bpL=o1HFp)MBy>%$xT*5HUthVi@!Z$5&u4RM_C!`W2tgc= zPPOtxwvBA5ZW*5#`HxnsfyzwFiHl+!#-sAxLH+%~pX zF#%-GcoKv21K*mnDXmY@A2LLX%8lcaVxau3!31WV1I#v!@d3Rk*JZrP5PX>&;DNv%mN}wH+(N^!>GTzaj@nYXKR~}^&lyAG zZvc3g;LnSh+UP4mXLJ{C^$UUArh-9PrehvO|9!(Kn|ywG0gTE(JXK{Q;UVgWcmh&cDJYWP9oIAd$g zBT$k;LWWHA&U$}3&Pb+e{A2Kw_=m$ccRElJ>(;-#vy=>!Zfp3y{{Vuj{?D^%-xKbB zELrJ4XNOyLx4$t*^2c<8<|KCA*FN;4Bc4qB1o0h&mbbD-!5=QfFkEc|u^zR9wP0L1 z;GWgIS;J7zB0nvpby**FE7t;TOZM_>b1?Z zazwdC?Vg6b#}6IivZ7)-3-3v!`n*1j1W)Hqr+E7fuQN zE0|y;cUdDYy+Z?!#=B|0r!7qgISSwn!kGfBi@BI1XBa+}&~rV&!~m6Z!8!UbJn$dw@Ajq zeBjvR^r67$g!>+o@Y~{li2extQSb-GFALvGWvJ-4vB_{CZL&{pSZ_jmg1O?qzHiwd z6IS1%|1&w?91GcR#`|7?%gw7lZj{MZ~PU*_Aa#jv43WJ&lPC8Oc%cv zydxZw#`p^@-Kht1ZtuXz1oczvU+2?%qh0uaSn&^obz6IwFKnfF_b~Kq8dUoaOBH-E zzfRVtyMkF_F3K5I@EaY-uey9K;yWw&EN<_oQ#4Vk;kdvYe=6E@R?yB+JzK@MS|r{a zd&Gj;)(OyNW&wuL)Q0+lUJ)jjrz$<`JSk=Vtsfmtb4I4*`!mlxBjaJ=e;!2|TwE=k z(J{z&603qXpKAR((e)QLdVGKxTgy@y4h}|Zwi7X{0>#Sth399>^()skr{R4X+fYl- zmQ|TD<9B~vwbL0KbBS|KL2Y#Km4*m66<%^l^{DlaCM>I>#kAui_^Wuxj#89zo10k| zl|hg_Dx?y}VtmCa(BV#QdMr0PDs2#`c@}~uJr9EQd@~_ z0ht?@$4vI2Xj$r7uZSM{HiF(X3fytrS3hN@Jf3Xq@S-M38-PECYKO>inyu^*UccFu zkdB;pu4T0l+KsoGh_my8eCdSdXGF#+prH_ zXe*HPzZCxf!arlDo8JyS^isO{W;s4#)6{maAJk;Fp1=?fm`M-MN==mDbNVKgb*M>k zYrQ+NW3c+yQ7?sV;F$;-g1psUkKRTXv9?bLm{{Ri@o*l7=RVy@cPF$gL_gg(b4A&!T9M`vl?SDMQ zun+gXl?IkN%}Y$wEKzjDR*5EybFn$VI3lOhJR+AmY?Cc;j_bj2SjBm6 z<}{upV0Ht+BeAXr;$_Xez9+ZSVvQh{?nd&F2XW68ve*pt(qz$OB2^x4FnP`?XTDpD zGZ|7!oPFA7Ih~=)r@=Mdj8KruJjNI}=O;DO=$<6Doo-S{9yUkXq>KVOQzl14JXTj% zmhT`!cy$Mzr`EbTe%KXefk99)oM0M3bI6}hch;{Vl5Dff!sqUvYWAsoD|siwo9QiV zBWvU(JiwVFt}<$5v@I3>6T^6@yx^A5$aSxp^5Pp!57(R!U6Ql^#zIk5XH$V@|w< zBl2a~2^=uSc>e%BtEOvcbqfnEMg>MnJU+qb6wbRQCKUXzD2PK?bF4lUalFMZ52vUPa0 z_-|~j12~#bxOQi!Q$QLzi;Z_sv4&_N7VsyQ3G@T4dB=$Ko2z@2n$u%iDIu4+phjhk zlUmPlco0Z-UT@iItuC}wu&et@?{LXWY~L)_w@kRvNgf_Vug!4h+VE2g)$ zwu7((dh~j@}DpD}WY*R~;;JkScwkrcuY;=cQV< zwz|B%oowTotxE01o{w{&-P_$fk0u7mLGRw0E0FUI zL+qM6!j`PgkI?3|ESeUDiBMg-pIUcCsH9c8U}Omj?ZDbV?rM8juQctlzsVaN%j!L< zMrd95g61Huk%`oft>{H$Tf7eoPRy^g;8LyLhN??x3D|q=IJZ*l~_pYT~ zw6R|Rv5goh~=F0UofCz{+_i-eIjfLDQ@;MX>Q*aHC?jLgS@t7}$fZ8uiK` zf;k9W{Jy;^2=)8xIbGIPErZm0)ub`nJO=u9xs?9&oaK1WwO{cJSCc^sJd^#MPfYQe zY}qRulp2AwmNJ>#o~FG+LGe5{EP<`e&IVgO>PA%7uj7u|OL&4o8@5i~r`os~F8r1$ zlNdevRYcBa=Y=i&tMRBRhYQ@ETPC->eXVKW+qtog=P~d(J5Nm1kZ}5ZiFpFFk(llm zf(Lr&ZJJ9~+YrddGy+AtyUFy3pqlCvGD^c~$K3{@zty4CB({mIi?d;O0rx82y!uddMHto^ zbQ)Zf!>~ze?T`&too!}Wp?IAaBn_t=P&Qs@{QGFF9F|@%y>VBd@XS`W?;y7u*koXK zpu*;bo}Z=a)*xX^f!l>PSfn8 zz>eR}K=Qx$kFV)izBtuwV6?YOWm}TOub88^tyBkN!(?GRtfM@hzO=V-%V>z38Qh+} zg0v9rD(+itN-3deqdED39YuFdERvx_B&p{frjwO`Wu=y|v&g7qODPA=0qQ;Ko~xx= z+oLp)w!z8oMa*P!ku(x9OJ-Q4&mOev#+(&KkfuoEqFqxQ($b12X>r z5hJ|-ShIu9M`D{H9qV4(QiD#8>N^<`ZW<s;!spFiRF1}_eM(if^7m|+h6z1tqZ^q@HY<2~-wz~YxK4iYB%17_ z)6SU+Pi--gB;O&JQ4lh!lGj&g3%w#cTM9y zoj#SLd8S*ds$0n`!|L1UWCfo8A8amyz>d#T`yVtaxj}UJqcprQ5L7wlDg?8-zLfEpVO~l1~G8(#OTuaYbuB zn|Nd{PC5(_e=6bjw>_-Jf|S}m-n8)*rmbynt!Yv$_IG2veyaz#Aw-c@P z?TEL7dqT!VW<2K@t03*P!9Dv1nbHO5D{i^VKVeq3M^Puc^MJi#>kiu@=bZg-Nn?` z*2ePEc`b_t_gwmlOlI`3!xLOBx|omvb~hx7KL7ujhGri8n-zPXKp6vr^*yK#?t1#9Si52jmRYH$rx$w?%T7gDRo zH4dZU{aQ4*)skgfi4h_ZsQDBO@&~Uqg^bKU?SBwh8)0v!eWvC@5Jp#l?oDWT$+dku zO>J)ab+^-?P4lKOs69^=x)JgxjJ_bnt7|K3r)mCflN5V=))?GRIrpx2Muz!yOE%i!dl%8mm5w4XQ(6dtnUnI8fKzJ-j}D_C4vmH;{@ZcAB6yPGWcImlGgWG zvA#=N8*{niBxQj-W4(6z4y?D@eDZ3mCziI(h|0tjJ9ruNsg!{5zXSX$oxUNqxiyuw z^hB43a~C=Q#K%T{BIoafUOG6T~$-P~#S&v&S#P{M{r+}JyP2fc8*9;2stj`r=Nn8xr&nA!9D z(dY;G(u}Mo&eqRg)NO1oAiJ=!SW&jD+i=@Qe`?Is?7z0HEVWlzE+NBt4b*4+n$(#~ zvB6vGdi(f*=!U_YPl-PIN6=@S`d7V8quM@+Wq9ihxn5C+%%55e&P%~_zk@YD6Y8PX zdt0dX`D_Tt1Exp$;;u>JO(R_J0X_scxOwu zv$waphhj!mV*n1_{lv4MkkIjuC~M2c~`K zDG_Kt1+-5L-0HXb-lW>3!AXKWpa{t9eQRq$@tpn|y1LVCw9#dxNCU3U5=QzChO(0r zh0Na=c!R}0DA6^09UAIgJ{iFm3$$)2o`ChQ4${+B@P*75X4u?E$R(S<`&9({Gu!+b z;+Q-|rR&i!(Fb7A(_BX%V1QIZF(V=9KRPh*eqHk}^6 z#@9^0cDoLv3-^u>L0dl!?e+aL`%U$KGEE|B3T8&h%Kref^raVa?9rX$U2{v+u8ozk zfGjP$U|qQP$KhTh;@wu--a&DuOz^_1^RC{l(-h1mcU}lN*gG%)l{}s+zOmI_ z;wjAW%dtO*`cO|R+{}yO6_d*PbaoNy3%_7xY%&r0RN9U8mG!L46e0_U8$ynDpXWg= z@*OY2GDEFD+hl}D@_C4?zcD%g0QFbYnofypt7&U%C8V-lqu^nC`+C*$vl(_9KZf4d za$CT$6;si9U#($k)@`Eb@@kh7K{RN)+~fg{oYBhOql{ZTqVM9Zui0A1PtuLm{J9=> z4kA)GKd0+ho)hr|u>SyQ!>wu(#`BT12Rlgsb|;SgD@7X{!WK0(D<;0WjM?16VLfmT zTiUs8QqEW*TSr$pZ@LfN=hB(A>}*-e7SYreGA|rgCx7{w!n&Al`5y|>d z8Q()1h~o8~cGl+Am3Dctt9ARt9@XPIc7t=`9b$j7u~-)^A;+MrE-^b8Kd^K>na#xa z*uVsQt4VF*D4y{RgfK-3Y_n%18cm%FHae*F%gf8NB!EtFQyd zTF4f%85!`wf8FUowlm{fguQVL@8x6+0&+R;Uf-u{m)d56_7--Kyv>b`j!^qn>L_UO zxiv2ojb`?JQW>U_LGq(Sa0k@&uT9ZBOLc3fC!J`KtkD(P%Zz{Z>6aT68#vIz9)FqNTJ0-WaciqUzL))6twYIuM zUoLiG)wd2m3c^z8X)SgsYE~Xx4|W|HN6h?ou03NA?)jfPiC#TT5tnnCXzH!wwOA4I zpp(xWtynh_+gjYEpb~Fh1yXk)<}EIDIi;Ore0Si3wF`YZOMH>4POb(? z8OM72mq@s>F0^%c@Ctu=WrCynjja096NeQQL8%-Q;*@b|9}7Hbd*I&`=(_v|$!Mk_unrkW>VGQz3HbTo{V(FbgEWtc z9vN8EQ@n~ayk{RE+0dZ%!v@UV8KF#pN@avu$vb>6KGkkbs zj`jH$`*(iK+Hb@gUl(biBui~V-bpN5fFrw6mE`fs8-Ed5a-3Bne+pk0z8dPj2JuIT zv~6PESoKIQWm&5p?%Co2`>8h{>AxIRegK)`C2D5O)hxlz~Nf)t&}8A7mSc3zzgX*|+PA{@qe#{(TG zI;l$96WYmZEQuA#-)hGb9AuUDuiel1B6sbTsdxv++Mn$GuABR^E|*g9qs-f(i8G1q zf&Tz)Ios+hIYjM*x*ym{({A;fC9v>Lv2Ca8iR5d(7?8dLF5qQ{f=S@A{s)dleRUXGKl8kvw|i ze`5>3*?0Dl*Zf=It2m|jXRN5zw6h#!1V=wSLP3z*N#j4lMPQmuHZ*=F+{or=t}MfB zkOvOE2Tm)|yglMQkzLqdTrxYR)#n@$(z?BwH#VQdSI}w6q^;fPuwD@igs8`+YtlX# zSVQ97AH;fP?!K0n*2rgpWgqJfe(rm9terF^Ee{v7Hu@)u?60n+yuDj_WJwthKwF%S z_^;KkguX7&JaOSfeHT(UH+HS$G;e^zjPvyVwX9-eDD*qH9THbbKn_n+>s=HQ{{UyJ zlmwO-VmsFH+~k_-WZu{{;ajwlP3Xb4tK*tm=1Z$kl7?x=9G;cY9n6Yx&Mo5dQBHkN zb5+bTNLE1}&`u6VTG=o*bm$<{-7Yo6~?AWq^x}i8DJW%!nv0XMp8IS?H zZd;t3R1xX%$QlcAwpTolT-I`pjJeM-)wEgd=aSq4yI6t<=CNMg;!u)?iOI$fYDz4X zBdD{V_ep2Nxx$Rpk!aFeJeLx}@c?)~-ZVI~RV$FsuE%K3jC{vY$O9G4Tebfq&&$RSLyFbA z)XtqeR>m>qfDY{R%~OIYNu$xUy;jnFJIcsxfwU39u6k_}*L;M+k?$n19Svktk-g!K zGRIB(Mbg5)N~!q(r$w$L*UYd57V2^bQ=fXMZf0-mdX$#>I^S8Wa!Lr?fZ?!z{Z-=E zk1w4(+stbr;~&FXibgCpepE{XJks12ExpchlU;NcGNrU*uO6RzfaXUq@I9r}jh0m> zn$NktNG=4kvlQ$zO(J=bp*y1`r12QWKJmT28@y;-f45Yh*_;4xfDl zw%0K%0Nf9klU$~+I!FphW97{V``d5{J@ek8QW|F;1`=ktf_WltLtx-Fce+*ENVd?; zI@?B$H%JFged`L0+Ahb{J~Gj*bYF&2c#}$K^(|T(aXKQ8noL*D`sawQ^?O?o!I4XR%Z}i6#Uj%@)5Myr zg4RexiuasG19bpX{05iOmWZzS*qzy{i$au7WWCXBbT(VNR*c*LOJ+7cE z?q1R)ytiOhRZ+NP{{WF%b0Fn89a~k*ai~Ui&n`tofxMXKj4X`fmB&hzG9?qJv9?Hj zIX%(;rwH%(K$6;QF~8ShqR5L@dDe>~F&#kw}d=eNCd@pzRjBJ!s! z!>BpnP!=$>)v=RXTiK*C11|R&&OVjyAMmnm^s_FSB#zs|(nOwa_8Dd!{{Wq5DReF{ z?sWsjFxprcw7Gz`n+!sLH)H<**IrYqc#`{7)io%V&Fvyq0a&&}6X{&iXH*gBaCmCl zQSh4B%^n?rcOdP^>(}$ID)BAVj)md-l(b#mM+gDxG1K`}lO@>s;@N)DsRvYPH@4%R z{MWo_uuG@fq(m}A;~`s&dsfld=91L2G|^ei%u_p;?$@2_db`heu@6(z`kLPddm6XIenfx20-dV7QJ+6-WeUitM!&vD6+L%W#Oz%j1k11ZC?! zCi@t&YoQw1!-a68mLKC@Z{vR%XtG5K(`?i2Bb>8j^V6j}6qxS}-a&b9_N&Qbfx;7p zKc!&JtiykGl}C88%0W^(98xtbL1%3tkVhF*Zhs2vyer|&AUw>$5v%fTJ1%rA83ymu0nDy^JRVUkXhSj4jgD-HsT}g(S9A(?UP8KMX{Zv+C1L40DD)N`08z9;UhW)x7z1kT(A7G`i}jmXs%Xqc6wH# zrW>2Z^KVGQFiZvfD)ja@Lvs}`gGkXt%+{cu{=z#8m1IES!2_I+{{U59(DeINyt0*q zZi+x5ha_Twa`!sF8UFynF+3I)u^6=5f;R2l%&qHQDQk6grCr=ZEQKL55OPVT*;ejp zf5KOFx)`7)GNj<+8O?9WcP^`AAiP$UvGZV&k?E00XItT45Zc-67DD+XYh8s%Jmb(; zNviA6MK$vUDQk?!fsD{K=6K8+2C1vv-cK~?C8?Lq+T9lfU=PZ@KTBOo7ZE(nw&VeY zJbh?4M7q|H%{moW<&PhG-n{$77gF0iXju_Z9JK&%#cX8Lt?mSfk&qp8)YmV2eY#@N z5I{Rlf29Cp#`0M_ldf2?EHmD{J43qrUY?WMMnVzuo}V=VW2Mz}YkfmR(k?A^AqD>C zYn006RCFJWa=M>~=a)sA@+<2lT=`^qz&R(-Q?V{qIqNwli7o6t)Y2q)>T(Tx4VB-W zVFt7=zM+Nrv>6738}Po-|^)|RiQGmCOrP@Im(6+=b(ciS)<1~3H|HRUe8l(MOjK6{+x`-;KTE#!!-Ay1gu>CHhBiO^^- zJ8AbeS!h=b&jDlGtVSaxK?61bg5yulIH8}4Itf~ zgnqOd#J8)(ZF?9q+o+vL!(**OeGC@5ES_wP?))g}K+iR~fh92q0fKNom3k$Vs7L@I ze}}oCOzCu67-hJP?xQUyrg#8KM(O=1LWg(%!hvDRTB1HPz(z4Kb2H z#YY_S4RJr(T9viTlEX7X{Q*RUcEd20Q#w( zIn(a7JEXa_oh;TTC*|tHnjA(_()>j+jV-~2-3H!&ineYeTeuaKmMPheN}S@cYoHmo zHcl1@7FKhPcN~*hXHB(&>NfJiAnHd`Nh@dvO|0H&7d95imTUHvP^Hg1v0hnyb#LZ~ z;rRya9zQw&vu|vH#IApI0VC9!v3qL+D>{M{jPp&JK^huF>1ztM;HbQSYeQ4k;JCIn z+js+ZGtm0dG&l(?=LR`UUn>%G>MPLvEd&vy&l`yDalm2sr~>`=k!>}^Pjbi(b5iSC z9+GrBW63(PQha;&7-qabXCb7m5;3IdUUfula(@LF6Ql?)L)=jnS48TClcG3 z{>oQ=M}GB9^#+b%1SJf}eqejh7CV-<{@BowXFt7;GT|KH40C~8c7Y^UH?T#htX3`w zP#Lk(kkUOSEjH3c4u>m(Guo;uG zrfDZC%Mc$fd!NRnm&W>ar-xVe>?79&v%5wd>#Tip6gkFqwAaAQQ;VW(jvZ=05;I zX{=3mb$v9jyqm(Y&fa;g?-9?WS<3eMExaiHNLIr9#~n#D8zhf3hgO==9U_(E!Q59k z6?aV6tfzO1;Ow}52JV2;XvwWiDRibwo5|!>b#s&|IL%3E5sPxVw0JxMDpFlSF*Rh@ z?qsq}HdkmsKX^A$o|LO~J;KkXTOgX?F7KPu6;0UJl(XT@42y$xsKBRb;W6H|{9)uq zi6j=m9#tVwE=E7dsdE&O=h|(IbKM`cCzPr8f7&(ZR*)~90WvB?0VR5q=~=d7UDP$3 zTN@d+jh83xbR$UTdO?-B<+3+x(~` z+_ckUjU4R-PvM&BZ7l5G*XJtEI}YDk29atjG?YAXgXNA+JJt>6pK6kqQ~-nd)^1vs z;Ah;y1lv^PAQ;IN&)wP>T^&OdBehz0Gbx~WxC%<7GE~ z0q<8~sG6Q2@QjG|&0>~>1tSZ-xRoU$2`9*w8lxeG+ zX!wJCvc0CA;XAAAv&u;!D8EBqli+U${7mubTOSYDU2UHt=HfGyw7}<|Y*&Se&3YsD zei-n%Mf+T4zDLV)=~p+u6i0&mL2-84oHtDrH_alx;f#N(vihwT_VwiM!_7^IK6t-dyRIlK>~#o|jH8&SX5%Ob`| zX&A5ZSHqql_=Rub{X$(+!_x?nneh;Q6R&FIk2IO;MMf&ej{G?BK9ix#;_rx_B(rT= z=tVQYsnQt^Ky05+=qu&_026qw_s188HTz5v&6aJ4I2rD1t|`RxYhn4FCU-}p#$ zePT@(`tm!k3N5?IzU9BwI2>*N06*5Pd}R2srD`|#U)tVYrtq9b$TAZg413knay;*- zd(E96?78rBK)Js0hs2MFRx!zWGOzYBG?`miP!X!!~hT%W()t8;RiOj@YlT z%YE8uJN{DR>>3Wo7m}o8)@_3>Ji>uTB=w; zrKFNkjie7lTn~=CKK?G&HG8m-y9e_(j;f&a6>1FCQ#1TK;yZl z=?rT7*zuoQ44h9b*YyefJhxF}Ay6^7$f> z03UGYB+ydPT>W|)Rfd7#m9s{-f;1(W3JitxCcL5a%e#-3Im6pKZ;XY`0qs#8OpVL< zEPN?z4gKM^mf}1~gMvC|99PP|Gx(=ttmwM+sAF_48_G8OHv$75ao7I<*H#D2mKsN$ zI|V7O?=s| z{{X^KW8&CaST14HqPj*B#~wnje4d#1?OC+PZilq$`t9}HvD`~{GTSfQivw;y3eTU! z8ibIy+8#k@gZFW$&OPbHF&kEep3DY2*@q4?2==J#?==`&OFK)MW4mQBu-%RR#;gp# z4{9DRxV62r)~#j{DPiWJI{?ogrDN;Yx}}2JeU{Z`v&#u2Jh1ej3=2y=C&X6wFkX4W zSflf$445c~f!D7+tH!nYH7K6?-blsOuum>7IxkU=N&xeFJvAV;eM41-8KqWc39}#y zhCNSD(yk-9irPfBQy1Dy0IyvtI&wDB&Zrn^3$J<2|1RzSoM zdwN#Ji1hye5Z%Fj1&xFnR90~aaU&*96q5$rsHFA4tt|sk@b|<0BI8umv`@BNvWVLm1fJNb_GV5j*nf!r z0n|J#CaiAmH2qm}B(W=<-hoG2@(BJR_^-tpdC>ebeIB1+q?i}V`H-4%i2a*4{4Z zwzOI1EZHCt@(*9-LCq<4GJH_?PohVuOTse<)tij{KRWR%8y$Mq{yj`sq_(Rm+!=GY zb~*l(5~R;%g3Rj44Z*Yu+eT4S2lB3`!kU`h=~~vEWor$y+sm>>nlbZaU|^rEZ@L?n zhl6S!71umJ;`^DeZz8#Ya_WkB$vMX!)zj-;Z>%k<_WR3C;7+1Y`f5x{KT27rMqPsYBVyA^X_xf{K*h)4%&sp)6uZc9azcbnC z7coQRDYpSh_w~=cdAEnYC)r!-pV_BU)ZvygLQ424J9-TMwA1Ws7@1!YyltrXHpX;< z#9V3@N6Z0^7Z~K9^V+x{0^7fhwJ2_;)90R8Bol^=5D@+yYff`bkEi9o)AZ|DUr;+C z+l{BW#d-XmBGasFwK=S=Vun;!k`Q{ylkN4PU6Uu+@LTT@_@3_OAmTSt*6CxU6Lmxyi@j ztEungn*QeE<`km~aTlsB_mg#|2^j`_XaF?HN zyNZ0uP5{o@q-8iB$>G)T-j}0J_k^T7SVtm^<*+!UzLM5GJ_NLwHN1;fXKieEdGUiPfZ^M@u8Pye zGuqp=t(lEw$T=NU`qCOo`kV)hykV%zdvBv@7PqtNEr}(YI8;vO^fl(QPbJD~8cwmQ zUR_$;H_aLQs67R133NIk1W|)XveIs+veVC<3$D=nGnMwua*aK-7q4%8vn)iiF2u>s zIM1bNb`00CyVQI;rpbRCQr*nCXuR)1_o1D(2&A$>c}5gMMbBw>J{VvHhI89&$TS2cc=Hak>|L zEQbS*)zIsAiEF2uN0uUvKx~e4SOA(Y*yDx|EN^zrns?;2_i zHs&{gBd+|hG=YDv{ zKGk1O@eJ3-*3tynI-bB9Ij^D2&VN?b*>xi&yo(BeI8&0ucdF-Cxz(yLw)RTvYQ&<*pn)RxHN0$T z7@kLXbt}t;d4%6D8TGESz}g+or*ukgXi$u(9nD3H*JgW+nk1TRa^6IRZb!;6I#)4q zbuGe)FOd>uY=SzqXDIa|NXXP08)!w?^A=OjOpn5|th_^Sb*MpWcL5aqFqAM$@n z$dl0RE$rJ)xd`#9uT9I>*c#<^3`cDvCIeuBL7SPEV+F0W#(3pJGXPsBfsWX(TJQ`{ ztv;aFM$#mNg1P(6^rv!Mj@w<*CDc`Bg@x79je`k;j@9IvrkJq0!Fz8gmMrkYp{LBl znVi&f*;+h~wrl3^$j>>&WNSVyj`~No7QtKltHvoarkT)qX2sTjv|Ny4z`*Ol^{(FX zB#PW2K2#^E9AdfTb;o0s)n|Kn8KI3XBm2CL2(D7%=j2lHGEJPR=szlPT9`{>kJ{wi zsUx{L;Cocp+MJIBFdz`Bjk#W}&wAR%1iCh$v8;(GV%xaqgIWyUUBR7)kcaOabf7M3 zX;7Ohl+_|*c8i=Vl2-=1T|dRsiKjA>#HrYTaJ1u1Ge}Oy=*8cN^=t1D6w#M4G=MhN zz*C-t*XXyynJzptr)YQ5P3BE3EUux?0Pug6dk~2eb`OnSEqfmZYky>WO+pFm_sWCj z^0C{1@=r`^MInny!g5S=_|SkO*R-j!6U3x}!x{^Qud9&t>pW!R=>A@fNLr zu4?}PYOpaclN(2Z&EG%M@vklYq&^vFt>NpnU*cd4-rqMTf?Q!c0@=6*jCrZ9{|Pi z1Ht;1m*%Wji5py6;W=jmIM28OvoM-R@k##x1xEM)-U{*VrQ>)!IJQ>W+;0`(fMiE@ zppDI+x?2a2di)gDw2$ogt#o!Y%jo9icMY%~6I2*Ed zk4n)aj#R;CW|MSm!GP~pnox0o0q%V(dlpiacM-JUDW|J4h3Dp8XeuvKOwlYXuHu=dI)tvWfWPWwQO5760=T5LGL%vHt@~qq1B2p6fIL=O35@9v zkn$kGj1X|Zj{IW3moF7~Zu`Sp_P61!LP*l~!Ne|#R;b_^;vji~K3^2f;V@8h?m%ThzUP!uwsypSp3>5Dyedo%HoTyRXY%sce__&>-f{=nP!Jx3@W92Oph&vv@J}9S_Enwxy|kyTO{}u$xW{G4?B! z1T=Z~$Mfl2wPRzUBhd9NTG+txwgPT3%j%-O4gUawjef~iAGIIslj8k8#>q7=h<+Wl zxV+HaquyF3T(oST#gGrU!sFkHLvgYGcRnQWMz!Hj6KdWJzqUx_w`Laa5|EOG``jKu z2Rv6HV`e13NGC%qyMY9NcAVEtYMIKLOz!+cWhR?4*iIN+s)NS>WM-M*?PWCWRbl&4 zS)~Vz<8UATx-MjTe7YK5eY)b|g08^P?H_p8XZt#MkHfwa@t(P)Yq!&B_E%A?mg-*y zX}K6*!xS$gImrD6)35BV!^>>Q>7SQ(Qax*>TZrbFLj&aT#cdXH$SvY~o3n2d4c#{M z+-lQklf}O5z}raLNgZo-G7Rr2Bg{-j{E{*;6t}WEm3;EJ{*`yS)TI*a{w>v^p50|h1-#fz(WeT1&!ue1eDF29 zqaE*qob;^>oMKd9tZ zu8g*`AQB{qPDWSxip8U(t9_$+Qbxh>dw=!osqp=YY$Hgla6V(wwgcI%G;K1^MZBK% zU9Jj#>?c6p`R!gIt$mvPEpMWD)m_X%bID=tN<%Ebx62f9!U!1yt}$J$jkWBOK#t|y zjFuqQ0BP$!ARZbvk;4VO+ctLx867Llblc0DomfhZ<)nwxwJ{!(sLmw{u?A!cK9%Ht zCBC^^fp6vPw`S$k^IE}~&GacP-NKl{gCleqJmS4ON1V%S6@!&f2Tq2p%%|dAD*f%F zzqN%M2W~O^>(8D8bgdo2?UhH($4b6i0SA#QTgM4-T}}ZWmC-=AR?$Nr+77{ha(Klq zVWeyLcIG=hdi8Y+wfiHgm@t^y-sZbc7TT1wjg+H#%bbr&lVuwoH>c>+HlUF+mw}j; z03JUY^l$9Ta}uB#m4Q;A)^b-U`X1WuLEt-08dnWCv+_r#?1R+(E9IL%3wWuuxMjPU zR@N!WBagd|1uj7yp0BIwmipB8GHm-aXsyBLum1pAx;syacKTdPX4Y`+etgC}N5(pS zKcyVDLrbAn!%&L<08+NO(`JU@UPUZ&ag6g{M;kPI8=Gk4Xw0jE%6{!;Z5Y`3yW$7K z>l+*KsoURqx1v4(IRs}XBi5++M^%Q&ZbU(LGKD0LhmJ)9I~(itLj%0~(5U2`{uRUc znrjQ?Sv2y}I;bo?TzXIkjcXS-Ffy4JV9x=#uD8NEm6Y2cm9pTB^FcG%>$R5_`vEMr zyq&!`uR8wJm8D@3blS%U)K<|kEdKy(Upy0AJk8}dIQR9gZb_UG435qK#Zb)EyS}!# zklIf$1Qcuv>wE((wxh0#O?4)@fkqDCb`#tBR&q$vEcE?89a0OM=%g`uQMvL}8zXPO zy>=Q5=2--DLJH@0amh8!J|IZqXEZr+xgNp zj1CjRS{2>Ch?wX0}iid$=hnc0f6{{VDRaY+{X3)_P{?jIj>ysK8tO8HSxP>LNq``vJ7ow*P0nhBwi-aueAB)K)zg2W9A=s z6%U8?Pwd3FmQ_bXpSwt9FZfLDH3x>(W0rQ9urH7VM0Pcodpp{R#EQX5$ZYkX2xq)| z{W&edjIp4U*hwL<<<$+QA`)F}5Z5jwH1Tv>!$XOTC2r=G*Lcb)_Bo7!sM zWST~KWCJ76d(_{dsp}fm#etp)E#vvzg=};+R{qX8SsFN$^f{;to_(vIF6Kz(Xv6N{ z4@#FywT-3>2wlH7*Ax<^eGLtBP15DIw7ir?^RXdG##8(&&UM=hG_`^iMUq|nnTh1k zQN-W*2v{tBSO5}p#d>Fge7SV(MI<4lkwU7t&fE}kKQGpRHQ~C`qSX@0>usuzeCZeE z`c!)My8wMhM6+lwBauM!0)huURlf=VucQFhKqU0=o-1 zXK<|un;}UniVK72YRO@&OQl=iPi|9tV`&G0UU}lr4&57La;dqyFJtU!nwYX{1}jTT z39KCiY9rpD;B(%nOK%b0@e{MINbg9QGPJjm`7qlwE4UN$V+We`PYY@~cA4R6G{=Ew zyfb;pAvnMwx%U~8&cb1^4>^enE=9p)Kr?CMUJtf-f4P; zjq4=)hsvOG4m#Hx_KUZ)n#9dKXuzTZaARL;r50@%*wL}P(zGo(&D4+P#JDJWk_B}B z7V)o#JW;3Wu$bkBRkkjGuR=XX=T*w=QOL!s=~wYHK+EPSDhM5G5%kNe!zKC{w#Gu> zoE&>rW_;zVYu~Zk&n)1HS0H23x%h96qa>FRms66tBL;$7F4}4qdQ2@Xp$~Q#le?Un zlT6f%=4-hdZ0uQ1(ToZSHgx!{W=DxcVasmo)}MK3ZKMkc0C(bolV&8kyrn$3qhFAo zgRN$2+Oyw?<5(6rm)3)0Hrn6KlPX7C0qb48g4tVKSsT$2C9&o7-|bZut$^q?7SW-e z;_}J{vx(awGo8NKuQBl+wdLFdMlJ?3j^oo6rz#po#)YUX`-y?oa7Vr|TOJtjBz=&Shfa*&4iP%mL(e$bLuN5NR`Nm z(C0X)=0HV#Vr}7P2vT0a`qwolhy2@Pbm2^^{OPB0q-2Ima28|p1JKsRw3eEN=woF- ztGgb))XmZ(y@DjS0bl1%aoZG-S=mdcn~5haa8J!1-?}}`12VNqSM9d;Th~7>0uh2S zT9;70l0_s^2;7XW+N6X~xR&^&a+|X5Im1_DZF%PDg(UK%+&Nb4X#rDHuwh{wu^ymf zY3c1;SJ;;G&5}+XPB43#Ky5?(BTIKU*(2GkO@$ci`^ z9N}^gTF=xiEMlHHF5!$^MoR|nv<)LeK=CJ?c{Pdh(%Z}V82+20 z`DG6O0I#(M68@vEN2DB@lX~!4Jyj(P_sq1 zbx;rEkEJ{9SC&_2OiB050a8@-pbitpIxX;crwk->*C(Z5>GA!$Rnv6q)(Z|m^Bmz* zp6BtZhUT>PJ(BPHD@jPL;hNs*2OFawcDF4wuMcb5b;Ygv!?nmhc_bKs>)y3)#WT%e zn@_g9xU|#bd2QmC8;=38+*hky_@c%{wuNM9+{Of-FWohZVsX^s@3jf;EiP^#^BNRl zHxJ_X6~Nri@>_{q$der4_cbkqV`Dc@&~GkdTdS!PYmxy2r?paF3hI+zm9$~C8+QKy z_H$7!>{X8HM}pE@c%1o(v}d2<^r~8gthYBPvF%0ZN2Nd#X`T|2=H#=hN$7FY-ny+H z;r6|As64t|q?Z!H3&_ja1p_9tzS|}ByQ-;BR2+A&KNk1jZk~NY@>`_dcJBZL8R#gm zjd>>1q888Pje+vV*05*s9-kfT(!?7%#sI)kPn65qvp2+2we6%cM$6CL`d1yN#Uf6I zXOUt<(>-ZePBu3l(rrfNRx*Ym$S0_%FBS;gTS$P;hcwhlA-28|+@eYu)V48J^^@gF zt78y~GmM{H^{s$rpQYVQ?np1jMmq}9w$d(c?wKN1e#ClWgC_$=Rf_W7Z8uJhktA|g z9sd9dwE%-kovmiL^CeP4f_wT*P6m|mTA2R*$5eJOiXwmrqdxchTTjFPqf7q@fIJSXvgNAahPJVD`IZ0Y_Q zp2pE-StXDvNIP}!ir={S$MEOE6Y3&8V$Z~q+qjNM?4;cJBaX+uD_?419GatcvE};b z?JKXQq9o9*B#jjWh$Y}iLHnoE@v54C?KgGfElT<3@SOTZ+-wq2D`F=<-c#sl`$M&4 zQ?=}8>OZsyhTh@rbhuMgicO5jg_I0&fsfX>m_9pey4B95tLok{{=|Jf1g6sS8!t1^ zD989#Zev+3v}V`BkBUDYzB6e4EAa-Msc2pv&@JwM&uwzH_-Xd_+D~t#bKWhv{i5^@ zZqCb5_@yP~zNG<@*h3Ihat;a-Pg>=vRPDiK6n&zEw?28j@pp^#x7BTLHJ6)Gl26`w zj6mKy0o$d0A@D0p*JHgu5VgG;d%a}9Rb!b%iMO#I=dE~{$=z7}uYvL!aH^*idN#B1 zLf=o+BC*n>wvzVtWwhGJ7_7|L+rY^0n*BWem$f_p00ejrUkK~>aINy*wDU@b3c=1u zZv8l~pRE?z`wco;y$_!M0BJ2R;f|f+&1C79x_z#&z|C(i0cjf??eFVfntnI&--z5XG9x0MtE;xo2WXSi+bv>(^ z_*?MWe;jM^_@l(ozx*P0^7*ht&5yO7$JC71c3(x#qKZe%amIBFzbva+J58%c)$R9h z@;i!3blwruT-nDjn2|H`cQ!vmTPWD%nR@Q}4GQ8`a+9ozbF}@|rs~`I_3|-I*iae}rQdnc+PJZLakQ<(fO#Wy^y6Z62Ae)Qdca;?ILDZtpJbY_H(* z92a=w$pg@4zFD!+d`&II%i38@F-9@28|7`M8KyJ0k>1h>7WEq4@)eUke+tD}rquO0 zAQpxzG~;u(-uhMy!dsrHpj^F}k{Od=7%}9Jn0wUPp1K=y4<%%9R~-PPbGcmdo6R08 zi08eKAVoO`sV2A$XT%zYg#edKhUR%hs8GbanNE7*g5wjF*E}_=>Q|ELm-C0zE*whi z>z=&*&}*&mw}jb_VLd4QTBfZaCKxf*icM17h*CRyq_1-+b+zyd|J$o~MAgVdU< zu6$zfulylaT5geG_8QX8B3YY-W$17?KmMxDJ&fHm#;^QWF1C-NY794wm0;YkuPy%o zgg;NxFRpbM%$G7sVJ0PH=hVkH|1ec{>Wlt~0h8n7?&{{RoRD^pLmk59HJ#oAJ* zzB-Bm{R`d-((P0GLRsRI%NZHy%-u6xt=-+du8XMI%CWpt#8FYBRxESsc^&Fq?hV}X zXl-8QVMl~O5aVWf#c9uBV#u-FB#4q7xj}*tv8pqa%x@I$dk6{x9(j(6Tyqn9dg6Q;^Y~-=1sFJX52}?(U9~e8ZIY9Vjj` zxy4=RdW^O+eU3N;VOw}3B=Oq3n$yG5+1#65LgwP~7Hpl^8%Lm^v!l~IDW&PU^3A8D zZKt%G{$=Ny^_cIkwT)VP3;5YI>vUCv2ZtCZkEazfkQ@h$*I2f`w<~Wil6c&$f=6Rq z{l1gpj}^lujjP^E7~CW%f7Oh2_U%yFN+p}02>6~|BxsP|EE4Qgo^$i%ef{ef!=DHA zeLq&zW`^=<-q&l+Vv{|1@9$bfG(CZAe8~~xhBQ!sC_IynI(pV$i?nNvTEVnA(f+|a zV|hc3w8(D9HQ=8B=o%gL3bsMeOd3y{m-<%!0FCW5=n^M)vPq#7VgpP$w*5^R7$;w_NT}vHg{eflS`LN)3qDxM*i1T<)u8M zcOZ4H(k7DfSs<~V+UjVd5=^0nV^iGJIIl3hO9UK2kldg*kXds(@)I$^Pz=H3{_=@XHW{{ZWt zwM~`oykmQ95V3;BOAEsbD;F8SJsZ=#Rq#Hcu3Xt_R&w5(m||g)MhiE;=UTz^9I4oD zsAXH3E~b&+0|O_f1!L*nDbsH)CbM89yWCYn0B|!z%wC5@rb%mW6D;~<7rXvYt~zJE zSk#T3m9%MZY4%(Kxagv?2(!=L?(72uZbYq~gyZn2d`F?*#iiP68`4R)2?OJ}lB zavY9Yu;;mTfo-pvFjY@P12mhljNem*vbfUq9Y$+*oh_qITO;ouYTWyDaF&4~V}tkc zjw>e2T#OGFYVqFa_V&>!XcA5_)tnxu@~L!7DHBb%z>vz!N#}q)szNfdJ8d~EStJvc z5&@1zcU60BHX$^t9Bbw|>K6s885=@nhSTk1!zl&SU<~IKSIcQ=7-Mt#{v2KA?d+jHhvl$$Xq&ky4u1Vh*-;PN? zO6s%?YJElFh7mk$PIfvFN%sb(SLkz|(RZV@#*%L@?ggoc111jAN2WX1CuYLt*5dNc zPqab&ETg#WX-54KZHChai{pdNY%dCZ(*lL8ykqsdyKy?=y?5W zURPtLo3_N>GWjK)EbN}%#nssk2IW5HzHnVG@*P??5+HJgQby~X_ol8}pL6JK9`!_4 zb_pyy@yjvC&F*Uk_eh@SUQI$9g9Q5oY#e1V*Cwq-<`S9XUNhD7+Z);8xO90zAhHe# z&3UP@)~;mxR*>x!IUwijTPPAzyn|AP?ig;*Bd!JxE6{W~E~nXKi5yWm1fHLXqQH-R z@J6oiL}c%t6o*5&l_E~UsA10&wN*5*sM{pI2qcVy$H zC?ZiJZ6a&f_C(If7|G8y#_CqnSh@>!`Gb6|{V6qbBc{=>Z{mYDA)lU9=LWQ;oo0$b zItEe7anh54l#$9wr?j(+gCST(eo@rdqG&qwx*e?d3nWoO0Nv_peVH~poiE2WI)XBJ zlli4i4+973Sgonq&2uonyoni!X3s1!?MEkKlo`kB7Pj|tX2sd#-GWH2TKB_VMs8kZ zX?GA;Jb_tBolr)WkK)N~&)5V?-d`Jqdfu0-=)NJ*?{uv~?%p?MRU6~yzHmiiZP4d+ zuMSF<(?zCE&1DmWRx8P0TI01FWmsV|BTKaWyG>jXjYAqy8_qnnD!n;5rd;Wh9o}4r z$~@;BR)$8Fk)t{yO>*&wROdb0>0KqswYJZYuJ3HE3&nFKz`64WBoBYCEA3AZS=wmd4Q(}b zZJ%YgDJ$a~{Kv1-y=qd>&c27jU+|ersLQIwsOox@))Pir5LYR*oP|H9Uuw$m?x%O* zyZhZ&OrGvIj?=MZ!jL;-wRb6Kk;5&|uskc{=hv(>>!|X`X)`RtsBacu->EZFKY9NqlOZz z7!08F#w!(2=utYK4r>~&nR{cX#d0iNB~n>b9qI_mpQx|Zj|cdY&&7HkpRC%Odt_+Q z8X$h-1swi8YfD`c<lJYvBz?O}MhPmT-o9XAz{X@wm&+ik}GTJY%Y-6+{6HoNH*m3&(gMhC*oU=3i!uE)+{bA?93A@$ngV) zP)8M!+ZS|w;rmYLmcJA{FX7*aI$U=at1LuZvZw`^4oZ>Vr{!O~U+_Tx0NQH*0LNbn zJZJkZd_eIIpL^mh1bNylPbcqM*pfiO{^`K~0D&5wjT)(Fe&@lgOQzgLh~ZWILaZcq}1Td^eL z@vq?f<1c}={{RR0r^K2!i?mDq3&dJw^J&*Gy6!uXhzBE%M>+SafsCYl^L->9bdkh9 zWo?beIrplodU{1?6%@eZF2+Om*L zGnE^Wv79zR&%WW>qP0JF(AiDwce<6bF?*CGI-GrL=l=j7cwlRg-)OC8ZvOyj1MKq3 z*z)Agat~_rCW(_jGCm~uTIvg3PfgU&M64Rx>?puu3BzOS&3`W6@KEpB_gnCH#BEQ- z`ZkY^F9cqgKv{`B9QGg#QjDx-(?2xkguF`f28~@op6jCEkTGU82_MTjo&byNr%_HT}SNS5cS6x+bSCl+nPF z+b*G_tfvM$rN;P=)1EtkJ!=W0t`5hk>5@yW{{Urpv|9^%d#H`Rt!U@whIQj`?bmnL zC(^wqNxqXrX%WOKLgtB1Dl8XXOJKKZ2T*M!L6}NbjvXVKFwewD{g?c?|RhC>wG_@9Zne# zPO7n;q?3|OaW~d4rfQdwTujomY;m5wdRDPk1JSH)6HwD(ISm#8!TzA=P2aU(IWZAMuQxr4nHjfl`@`BjTdJ*hud+catD_Gr)(_?5Izx`FE-GJ}(&0(#y zwUbu56A%LJC+`aL4-;w@udfI!ZOnE+EUA;mPhZNZu7GuVQ#I|HI;hy3ZU>s{H0HmS z8KgnJ7)DvM)9YC@1uNqQp=#+kid1$OJ;iBQ_#E1Ek00EzXvY(<5v>Z=sXD&&!z z5J=MoWeTNeAxzDvX*&o25ag*xB6qvlJWK`=`*i3? z8?rIltw*??#+BP&YSVp|C}y~D4-3x%xdk$fMmt!NMftGm$a(r2*2WyCqpybq*67iK zUAh1{HH`;_t~FgwI|~>Z>gPNt>JNI#Q#7X&-8>`kvd{Y>O*2%6HrC$bK5^hG^YY{J zuOy$sH(n3%Mck6iw-yN_CdC|%di&N~=IWWLbFAK4YO_UQV~s4KCS%<86=O};E^Y3u zq)Z!9{{XxMb*!03rp4lYTuvI^?8l}E&+dPOd;b6`p)bTu8$wGvsiB7X%*u?I&IxQ$ zVvfU8)O0OdNW0V{j^22-Zg`GC>C@?7D)?5)J!@3E)Z@06Ej+V7%rLA6AJVjmoY~TN zme)(T^6f0QEXus#a4VnFv}e<;OvYp7fOob#(~}fdrk96pZ)Tb9$&A8CRU_8Db`29v zx0XArubLQ?NiH9#_8z>}e9X~A@=MwGNp%&gIz_#TusAq1v3=qQQ%AMZ?ake>$TK$V zhhg8P9L1=bRx@2{HZj^P$LxIJ3FAJs${h~k*Hn;$7*t@ugVvuoIN0m;Jxb3;(wYmn zVYq2P$s;8`mFISL+5%2*glyKW^I=XhPkPZZ8t69n#Ws;RwMN@)y$4bG*I(h?e$IJP z?lz4NQI4XS9E|Ox@m=nwQq#|Uh)&;|isv;QD%$2bC%le1w`UuUaY3Qt^H^G1T}3P) zx6XLhauie<> zoR3mX0Cv}(33YpaCsmEV(ON$-)kh#>u4|K4k5E^#mjMuwyBQ#iiV9w0_;$kH;7GS_ zZLJneJg1H`jMoR^Ek8%nJWFu47fpYs`MNQKv-_B0xr zaQJrBVGBG+?)fd1?O0dyrG(}UJ&XZyyKh55aaY{GrPx1>u7#ZP7+x`w2+sAdP18OW zT3P*~_G^OE;3^}rAdg{970R|U^*;KYot){;C?77S4uy!%zst*@;g0EP{L#~7ezm`~x^?JjQShD&?PXF{YE&c^l?Qpdqp z7j|=*nZC~FrZKjVta6%`ksYJGv}xRcaaq4;Yc=w~W5x%dpgB>qqfcddXK`UDi|r0_ zj7KDn)dj7@mN!?nsI00uDnE*WMh1);G**_EmyyE}XF}%+Gm7A0*Oo>b*5Ir=LfGf9&3YD~);80n!pt2NNkZHM_*U^ZN0MurzN4@BgHXSfm13BTtYZqj zdJo3EkHETQejV`Eulf1g?;V^SrnkW{0JLYMI zJBbuXz~rg!D??iG^XdLa*dUApC zZak)E-MfzFlY-o5srX**S)`ULxmGwBWdR>|j+Lva>CxLqE#97i9h)w|ee701XRM8O zi3@`A9(d=P&U+b_X_XFGjih6}JAq?C@ar>8E!=oOqykSnsH>3V&NrR?I{p=NNz~(Mj)+y~Ih|MFUpx~%IYg1FODdk9t!pQCT9Tu01J1ZIdwMtDR&*U!)f}wMtIq}vwoh{vEp4PPOypE#wjAb zjf;7GoO)1RhnbCIO`lVm;yV$hyX_uVIbY10*osRtE8=X#*cd&{0_8@EmN1otiaL-` zuN4Nbr`}&hZ7jKs@$={SsWu8W*vLo|PdI@}usQ2kx346|XO-j*{Eu-=*;6lRM@!Rz zxw-*142*izfAE!0HQcbn6av+p41@DE0^~iTO1n)i%1I}Mp<=loh^{7S?yj{HG9s@f zgJ-n_@-v^;wdWS2o6Jx^^s4e} z7xvTMI><${C;~O?dCgR(*tHWH&r`ns(6(D^dDbRBHdD8~dg8%m@IxiR2*>3lo@+9k zY;#gcuIbBjr!CK&Wh901Zaa@!=k?pGcw;;6;au(mz3mlHne zO037Z9co;RoLOpe}4V73W+SCRogtSb4j}z)1xVDdL+_4%od+wxQ5|RS3{L=p|4NV9tF}ZE%jTAXJ}(P zMtIL!iBw4L!)5g*)MFOgI8WLZN;hPs_}R>JF86(%8EFmpXPO7pfM*s&TE{xHxrg=-d0vTfY=r1 z*2Z0**IX~)W=)k^aHq{v`JS)k*yOdn1{0TGDS&PYSOQL?_P58%A z=~GU%&R-L8SEYyP=Ia0FHU)xgQ4jO3P2v zZRfXxV@bPvx8El{8|hut>L1B<^7uv;v9GJaEH-j|m5WS>&6fTXSUMn|S%x^SE<{Lq zcLxE5Y3&aO5r$DmEv@PrkiWLjwAkdaxVgAXXeD*|OBMiqde_;X@Wa{|@UEM8 z-FUZAxvlu{jeA?uZP}ew;RJ&-gUe^2>0hN^4D@OI6KkRW0BP81vuGN7 ztP!dKmR_t+uYP`&;@7WzkLVnig#M>=kBcq5C80O%kE^7OYySWUoEp?RgaPK2wCxMU z*Eh3ivTEKChBgasujRWpJfCg_eN(UL8b^pfXZ!yE8K$Lar_X{#^q1_J@9$qs$7yF^w$W+U ziDP2|h@y!&01EnynwKp;XSw{{;^z=7PBCF1{n~r_zw$#Sx{x}^tXBslR?eSw72K$@ zt_E?_r@eb8<8>oruUj}cWgDVXyEv^F^_bD!BF@D)6dY49b-Tj*7`K}q@0&beQ?B(( zJF9iHwr?digS3vOgEIzeIN`VpaXf6yp|B2X(fl~@OB&nT9qso>$20*Zv1}CV&&i*g zY47h)T3_4P+mg)b5(B)BcofE%_0x1~*vz>bSOUlU)yw#v(?`eOWH9q_ZT6m!}+o>p>*eS|+U?g{jFM-=6WIF^K{F;~%AQ{vYtqh^`eb^_U@9 zvzAE7+d-@kMb-4{7%d~XxtTuK$0t22$aOotLeEiDjU#v%h0c1`4I0K)JM9$~?HDsS za=S>+0;IU`)U!8^)Spd@ z%$bk}`9^xwmzP%4TD|V2a*G;aqa@%0C=`~5F&?7R-1)J(yj;%z5hN0M8+cy1Oj6AggNz~l6wmX9p>g!+A^pB?OXR~JZ= z1$2aDus)vE#Az{&S~)Lch0@gt;!%R$hZGt?iD`AG>r>w8_GqblY`Z2QHm(n?e7)l} zn?Uilv8P;Jr`TguXihql*P0DZqrpi!|KhU#A;!Ah3Lr><-04;6TKMYgxL)%1&r zysh|emm3GU_pGF~8axl;Cy4(5v2|+=8ZA5Rw@tODb&xQQHXI+VdcT6M>?5~Z@n;s7 zh(;SHC9%}!u6;e~4IFgP`TJYdFJabot6Tp75l81;+!uojv7^ZQpm+SMoA4FY_KmM! zuDNe}cI}+Zq^OjGz&*Vxl&oga*Z7mi`j>*`J|eTzZ1n~V7+XpARC|wVr{M31`p3j5 zwOwaen$Js!vxtCQszB@q=06J2Jqd9)H2q3Oo>ziE;YI-mAhm8ya~FwpD)};_#bGv{Y zPk9WlxZ#6mfsam2RApgGeUC!%rj4b|Y^!4wr-DgW0g3EOvwN9rioxg>0w|Dbu8l~$k!`;EVMzBL0$BERI@;n zGDeO@11SRo=}@C`;EdPs<^8mP#>nVFBmtgkt-pu$7_ZT#h!}<(Fg$Mbs`hN%O2<_# z+@?gdAhLoA1J@pv$oRWjcZk{+F~k7{K#b3Go!wzcjB9i zy9-F*(jz;=kq1T? zr%O3}sZ&jwLB(tS8lO|ONH;u8A0$S7E7E*7;G3N@PqvZJJ+Q`E zn>qT{UP8I;52oE44La#nqO(=N3V0sh&YE>=c;bcD@h84!*dbn7u}NQ{yd+Y*)h5-< z@U(EDQG%f4fIV|uY}Pt#2|V|bBD$QSk;xUTM?c-8%#Ft7JqOmjtHm12 z-}r|1<>fQEd??QdeFvo%HH5kyXNTHLloss)xmOs-9Iv%(H-fBJQA>#uNF>fV?f6o; zs+ro|Xs~EDs`luCc9XaaZa($EUdY#5NgiW&tfel)awLIg5kJh3Z5SNjvG=Z1P?FfX z3x?X;fycc`nX4Rd0w)p%47{dt20g1fNgH!W4&~@a{{UK_Gcj*ds9(eFxkr_ye;r?((Z))o_{W|b%LdIETTx@4k2aw0}2C|&H z9ZJXNPsc9?Uw9u^)HFNm%bWZ4-0L%p22ywc_cijP7i4EK?Ql5Vk&mdXpf*>IX~b;I zy>T&7Tx*+s1aCbiOx0N>(k~KtNF@yJOQYUkp$El@*=% zhf=eYl5Xt_VSyu_nWUblTq4}8e|UOUzodLh@UMgZB=}xyd))_GvWoCLOc_y`K_HRG zIS1>S_aBFzFo#FEIs}p~*88iIipj2nvDJK2@N_;g@a4^;2^RHHrM4<@wZP9_*~Nbw zpYT?H*@wiM6KP)$^69q|Qjr zIuVY(^@AOr`XPNW+ z;08kf04!8w2%|Ey0-*FAMOa28wz4Cl%FGIpka72`L0x4=i6JK>VVvTFrV;3A*fTUU z!!X1xj1_K8e^o#5ZV&B{e%Iqa*uTd*#ndY-l4?E}H&OzKSC@?sUcWX6KpWPzryJfc zx8<+=1Ew%Pu1lL?ojsd>X|0<^Wed16V+;J$X1RQk zGD#oGZ;bpkap4_rQ1HI91h%@hq^`RixREoJVeO1p4=OA`&461RS9K$vrHrW=e6p(< zUUR|Z)BL4)Ljo1C!S(j8x@S9M^7{ZEd!ff_iMPj;P@w&4$dJoe)skkoX_{c!QMZB( zPM>IZk(pIg005vwO4l1g$Z&Jpy-OUML!5E^s5(Kq5lAA&w<)6iR`slr`2u%N3>Z!Z8uPfM)i?%l`;im zj{HOTwqCF=eR*7T;dQ8bV|QIeY-Nme}jgIuxYjO@36p(jc3vrf{qZyA`iNnwV_ zy8_ajhEk`mt$BZlG}yEc7VC{-^3SBStoG!9HiAzaO*eFEqU#$u2(CIoHpd{J`6Q$;E3;5^d?4tlkjSq13HpA8ZmvtXT;-ECK1yZ_>Y0JQt~2 zYL;+c!#dqsn4>PhW9KR|KLeWShQzqs>y>TI;zU)HFg%Xb+dUg$y|_$EvBAOXTgF`s zWfJpgv0uS7GNQnRdk!l$(@0BsR^3~82dEuuL}e)0>omFHx3<(4-ek5^Lne0xF2lDq z#Od0E8s?_$sShQ@ysqwC3ec9Zz}S0SL-zmSGvje++_`=*eOM7Ytk-CFxjxW?IH18@fcxW`KB zrWRIqbC?WEbQobu_5T1oP&3W-yO{3P;*^8WAah)`wUjsa0?i0hoOIxdb`k9tvuWB+ zo2PjaB(EGhOnAl!Cy#&ry?HjXs>i9^M6tmnQZFtCC3EXrC1E3a+S)s$OKFNp#xQvm zTf|-;Z7%Z6qr~x;!2x<>)A01ABr~n>^^(P6WtG(;X5-lUS59rMZmmU~teZ>ZHr_K) zVc6y_t?V@U;jn^8<`6zfL!A3n%N=fZy@nW8Lv1URVYlw%{{YobltOsk=IOMT(_KQx zyCjcKdhy*4Oi3@9q$Kl<8Y2;NBijy*rKPM7wkK?i^Uoflr#=_3yOP@a5UVK5WqR@N zS7NSX_~TQ7G^p*G+hnWqvz`k9>t0Kv*scDf9M*9;oFkY+yeeyK_?w+ zxzeP9B}n!HGxJbQ&aE|zC?a^()sv$qax2Sj&9wItPXm7FlZ^JMkw-zJZMsH^UQ`Xd z9Aws(mEfN`@*O_je>l6GF>LK(cm$fn+6d3_Cxve`yT-GdYWTXG}!K@xHi`k4c7T2ZyfSJD)UbY>)P`8yG*>(Zf=rAmvqb! zlq!24O2TEqSp5dlH2dqT1-*@)OMn9vQJ&pv=5L6eGdga$99Guw&v)jMLygS(Y$tV$rk09QdBoL^^-7=p(Vf_EBd&BpBGd_|~gGG@z8xjs~=P{^)7 zc74S@-$a;NLSEoZ#YW-ZG!84d=pGKbw0R#yxw%*s{z6^4`&U)tJ3T8w@HCdXL~5Fw zx0f4d80(yVVy#@RQ^oYdJpNY9G5Hm7HB)3?fyk{kQS6$3o`OuT!E8t&jn8i@*&Cmdw|0EI54s9U_! zqz7{^1P(<7MC&vyMriDD9Al6dRYj#wOpJ$*%2)%-3b+Ij`I@C5JD&o-`&3Afd*>n?m zYGw1S+=uzQA8*XiGW1%GpLZ3);{;@V1}low{5ZO-&vEBw1tbxkNvC6I#OyR54(gs4 z)L_*#%e#3RQWI-`0-g?k4A-V<*B5%0u_l}+j&hrZLkwhkQ*kessxf>)CAqh8_J~qt zINDePpQUiRUy0_>q<=Cw3w_oZ??a0Qj(1k^t^T2Pm{36B@HcU^XRd42bxlIzO$r-* zHuOE~Dh?0bJ@ZHkT4ssjJAFJg%*lE4W2gm>(wnCEid!G;2z3XB-IOp@>yeMA27oxv z?Q1U({jTx@<@sMD562bGNe`IQEUvDk@StOD0L@p^x0!Ybp<)k z)~oCA>Q_-&+iwOee4rk4nz+c(BTq~4eDFaX-O}Kbw`ZkgYnso9G-)QVw7539V};2F zmci-ttp>`G_?0DBS>uuBIKy_&y%sv2q_+`8ZqMXy$9qJ>a!zAS970wN=```uH(cW z5z%!ESfiOv*z(yY6|X8P2=kjwKE!IWT1Hu6OelP0SFzjZR`fUbxl=J)=F69o}PmrooycwM|q}Rt48m3pp^h|_|kDfDrY_5TMJ!6{^7OJdp*1( zbCek4zvWV_5X-D;u~_}3tWr$Hzx%YwQL)$C=`w0aZNLO=$;tGtLsamnSth#knGqX| zuSyCt6hewd;UPQ|*EO?lT4>kFUzvD0;)6vk4uTIBv{1I5)|U8r<%Da5MMzo^e4@?nCB5f2f%vI3wqL@z1qp zOXC?N))EOUrMZPp3C~=A`lvRHZed+mPvR|RTl-sCZ0+7c0B$_B&2+Q)PfdQ#t8PNP!`Ye{GZF#vQ@;0*el z)`iB$p?KQURn&C79{R!?dyPIH-AM5cs55|Z-;rKen(dvn%ZVW`68yLaCpDa<*nFfq zfYLP!XS{^%bv+2d&2TeKJ{xFjFpCW9u;+sk*F*3DvAW=0`$P6(!J z+G(`YV}@Ckl?W;U&ovVfDTsWhNn{!+kSn1$O7L$HcyjSbmN@0QR(t|aDm`g59EUlfT2BT1 zu}K?5SE)RAuUpe}$Zq0z9uYie?__6+kxD&{XsxYucmPp-3GxIJgy~VZAyjN#f;0^MCIs9n_j)+{^!3aVXq#W~D z*K=80Lig7T3}~OcW^;fAK6@7$ZJtTuU)pEkkB2um+5AJTu=!e&w{yxz3pBCscN^E6Ax6V?otPT!A>D+#Gg-lvU&}95EjK@_}aJ1ay`X%!G&pPalpd=~LPg7nQBRrn|2ch#baV>iqQaNrET z7&$og?_OO@%_pJ#iNgN?Mfm+*olJE{8k@;2SEbEw4Z@JwTIsrMG1yr^f;eMC!l)P( z(ZQxNMsb1eof;5PIo*=5_lOTM# z>P1?Q_in(Ierq{bKSuTnCU=NqeHI4QE>)wqRoqA!+B5B07dpkdS;KVGso(d1+Vre_ zu@dt~HL3Wb=FT>eAY3|-3m$_U*UuW?iR|B1lExN)v~2Sv9Wh;WCDi;c#|%P_UkKY? zZ_%DhqiW9&#OqB?XneaMk}Js};3*i#^R4ggMYEP$D-4@f%Y4H<^O5@3rw5_@lU2Db zO7}`HEHw$$)mbCYU%Ycz-U3soYW6xs-He;2nGqLh8-P6i6-S$iqjY-jhkOejr}48- z(k@Htns$|Z(%iUTk~ISWe_z7AU-p3U)z^W3Dtro?O4jzXxr+KITOp&7_Kn{E0Cuvf z^gek~jPdlS^+~_bhxWO!wUfvG7LD}PdqJd`Cz?bG&O?HyKDZ*jl=x$%U$28aKXs~3 z_mjyN$Ygx7px^`a>0VAG{;%L1r;?mqwMds-w9>TC8R#0OyC3>B?qZM1AbD@ke%Z(J zuUEQAu58vNbuh$w1Hl85799c61|U>zC3t~!!{l&@LleUXJ;MT*)$i@BJClS zvI#xwR`*hULrc-TNuex7CPdpNe(bA`f06uas+}|8vwD8>KEU{SFPPN5e zv7BgkK8*dH@3q(tsixoRFnDUsqc11gA`K*Nyn;Tst|#JlgW{hR_=5XS({)w4I*i~+ zJEjUC;fTkm?eARlRq7uL|k@AJS&DlgI!_v8Fz6 zR^yU$TGDBe6=acu4o**M{R)jG2&9kVTy`#X>rTA>DK_8D+~-?Lj#nfTv>wB)TDP=Y zIf38iZs2i(D^t#@&quJdc%s@HaNr;bY6Tv>T98=umuH-QzmO{vVM_Q{B zDJd|G3XaFM1Q@qEi_LV>2+x!_;CHUm!&lc<_Yuh)FY^4&lj%TM*1W!&;oKsa!EDuw zRY`5+iT!%eCW<#&jkG&#BaeUv3i^uVJX;OL)tAakxC9_H3zt*DH61qRP$JMN>y|kC zxT+CZN2G}k#6i%UP$x{<(e;_I%TZ0+3T8o07!_)`wmQl z-}I@rq)8oajdiFU9lvnCVHpvz=WoBgXn1DQ^5)|4Ze)cm%4HA_n>^%yFV?6>J>s7U z-(O!^+(&gUlNRjT<04N(_*a{13oWzB{h@6gy}CBleB}N-aZ1L~*xu9ROH~ra`?Jn{ zMQB{lHRY6Q^EyeqpQ!Clz|5IEMGt~B-9Q*k&arj!!_UpnV0%{?dvYf7@9t7KuG|K0 za#YmF$)j6B)n~pB9IG3`ryY6<*n%qvXEzh5iX4(~Gt!;<5@ATt>RO{Hjh@)@FnG;& z-`JLu*}w#m`3kuxc)|3h19X@?HwLdAfRPxHleIx0`eLW?7loi2eZ*GLN99ULU{jDi zy(j~VxA2sKfYrBhB<%K6>v(8n=mNUVwALG}J{AuBz1Gk47>h-Le>NrHO#e&1R zBo6-o;Zr8IH&L)GsZpZeyEJxs?M0B$+t`btmgzSl(W0x~`78evzl!TeL1D zldx4Dr~LJ-MtuJOs(5T_J|>@B)uy$RP|ui{kZp+c`EkWrmspjf7Vt?M%%>SAlHRl# zPjjBtmr-k3Ce;d%KIXs@jy2?S@EqlkyDiT=%a| z@Q;PGiL~uX@$Mj9KuotDLu9k(jE|-TYZq~zJ@Nkl#2N>OY#{K({)4FBU+Pe^`LUtf z5&@i!-9Mdti)(oXk98cnW$ve7<7-B+O32E6a6hdxNXMz`@O(${1>$M?UYU6-%E(O9 z+_&5~=O?*1^{meo_@BmFrh?iXrR#ZHxBmdV)EXXr;O$pa@U*u#9w&lkF>nI5aM{2l zV!fFr((a&#Qkn&4R}v{3jpz1+`i1@E1N$L{VhTuL z2=0BVdBk&`yEisw(sz$0*PO0ITuR7Z;IQKi0ayDc4l7i5_$+vEYp3*nSnp%cZun zV|#Zz%=ZlBGG_&I-lPtH!=4qlgH|@PUEQ+GI3>7N9^87@w`rajp2q4iWRcFeA;~-( z5B~sN7AZXrFUQ&zud2zUHlKGiLMa)hhB825kMqTJo)Oda6|nm?X*Xggx!TI`=~l@Cj8BqDCyXC&&b)(E)i0k}k_%b9*th)L zQ=%QXo=)?Jq2dn$mC*2F}cJtxiJ%- zwb$4;*rEYb_kQBCmtb(QnW#@So+h^_(lOnP@rvv`E8gP9=NQQ!N({LVG}J8T zySX_eqY$`0zgn!5CY*=M&z>>}&mx0PUWUG#ay2Mfv*j)h;7=!>)wiYiBTu-V8;K!R zM|{ZSq?XBVY=|;DW6&DAn>guli>AjX?>xnZH9w_uej&2TD%iTp&b$(9 zIgoP_cy99AIB#XRZ?uD*xII1VXF%2#%Ta)BbZ7Z@FK@54X3)=}^(`~a(Jb%dSYnfC zX2}^K_aeBRLsPe1EW`FFBe{)<69P$ZuWFWy=RD=S`Ldg_iB3$0wbpusmn+CrutRwY8S}W}O0ty7C|8 zUIuar>(;$!M#q;a+@bLgNbrA*d;@*s4Ju(Z-H-a6;0BvMnEqAp)&8rf=$G(a*{#e{ z?FVM;1v&h)Tdg!Rv3+&PHG7FawPldcB#R}i(DC%F)U0n6(DJ#~Q!_~zDb6;ZO!cj;6I{CR&aG|YD@k?;N~5V? zyt(Xp*2$VU_CHws53PT~L!fDz%QHN82pG4i?_Qq_QOK~wXJd|d;4MVoLVcZ%Q{r!f z?Yv{*4M#*a!|maBTS%%4mjrjO&A%7unx}+ybkj8}Y4q!sVZCG+2h$bFDHly>bUp&{ zHnH&Y#ri*rG~10u=V{R%7}qKz?n&%1Uu^tw(U;;bk7whZGTPYKU0Zo_oN%Nm87w>T zQl0fW)3N)*{{RFN{ip3dAbcqCPwc(ookH0>L*d!H?KX9val3=C0lDDu$FH@1+1xa? zTFtG}NhC5P!G?Qa@;{wi_cuP^()Ft^5b0L8cHuX9Kst}_V+Ot+`1AWbcvIr{hP-p| zo5cEjb7>mX5 zlO(t(A>uxSV!b!vAH}a2`~>)~@VDc4fbX>}Kg2#9)}pv8ZOcst;2l_Z47mgzpwM(e zNBV4j&L1B9HTy~Y8~Ateo5Q#8U1^%;pA?fI;jQihfXM#&3=g`R_I+9ymNB$qP=89| zs|{>3=U<6l2h+Sw9NHG5B06R25PZTyBlco@b6=XiIPi2@c-3_MMo%{G&O>K&2~tdv z9)zC!VAnS(gFl(C_$cS>{e9ri6I=Mc!%Ts#1emy#e;g0@Sbm?Keokr@EVm_EV5q+? z(bZ4Abil@OWnGE@QOF#9YO_P-MTk&&M3a(weJi3eIqhasbdzCRg>L4O1w{kSko3Sg z?^+sIu(K=1b}(Q&)Bf7=?Jj|n8+v}U#G+G;@Lkw%KzPka`H>g}#_#1#I~zfDFIvU5 zQ~(GB5xdtsSL#Rn5`XreU)lcv_K#l!c#`?x@IQ<%V*+0@$`&_@0awX530|3@8k)%&;aSz)fDCBOfl$ka=tL-{Q(+jBMJF*5yt}S&Zx1AIX ziT8OJC*G8VYnwS1Ce$t@e;|$yI9g;ED99p=5W~1VMMvYgtcVgQVs;V~oxAkSTuhoY zv~5OF=bM1e5xDaX;Bj7qqrs!=;#;?Z&fZMmtYZPOTLFW4Yj0zFJl5to<CV`g)T1XXdWS_s)5QEQ%8JPL->T-CJc+DI>^5p&0;XemjLu}x0?WVyGH zhR#@zO!u!_)5nzr)5H<3Vo>9-C)R;85>?c-%d3d4-6V;WWS-R&8Vp)C%h<^w9Y0b?u4Z*- zc$8t(8t*(SucAwRJBA3rd1Iak>T4mJy03`z`QdAZ3SlGX%6!M^UI(c}C3z*X1SaBg zea!_aGW<7jB1A!SWjSnDQys0P?YrC}{`ipDBdrFJcQyPcqD=awj-cmkaml$z<2C9& zEV;MVZc5!WUSw(_LaG7BZj=o9^Thri*0kF~x?0J6+mD&p>^=HdG2y!dHQWuzYJ<1X=DIBcT|-l_ zxSLT^4sxLrkUc9-LnSRvR&6b;@1ofw7@lLWS%7*)x>_tp;b~aAu zn(KO_wxTZJ%q)xu+s4v6)1~n)sjkZ$SJS+>91?qq)D3c^#sFf8o^jr+-;q2}D2;QT z4rxhf2N~iI4qRPbMyn!yp$Guy<^KTd*R5#w2TjrpbH-W9g*ZH7umg$J^u0dTCy>ao zOjvMENy+rA>Gb<;7C3KikZgP$f%miPK+g8hP_eaz;kH=XR*!&sjMh!{&9?Mb3b8gb zp2mY&I~@?zA+zwjx_n~X!6c$a1OiC_@%q*tpe^on87aO-m25; z5=S#zyqf?(!FVFH8U#9gFklnavs)Nzb5BXViWp{zV#KSGr#*iP;qP?`E^eo~xPV(q z8z2MAW1*nc9-raZQu@{h1+vM@AK^6TmMb=%8QEp(x%8~%5uGNQG+A_^a?(QLBZr4L zBv%8jc&f(6;cWCZ`!%;H>JBhXE=E#z4If{*Z8}R?+s$&v<~-$nD({DNU+lZ-ql(QE z5(29M>(>IN#VMP*y~^ve;wczFrvNd*KZR8qRN8g4doB#^zi0=(XeV}iH-&UNNVL}T zZIoR(2R$$`&1c+rJYH)7^w}PHK-=Xg&QH>jqJ@m8?5`{}u?^&c8)OV6RvfGGkL&tY z&E@sH(W<10BCqE`M>VTnOxixAi9D9K3Y(Hu8QYIhUQMHTf?akMk)9dj1c2y1_c+Y} zbys$b*Sc)>*5xA!^Yh6#>(Z%fL8Vf*>dZk3cY4qU1khaQ&}yQ#YApZX4;I`b80FBNJEj99Zm-o?wVGOrCeIgd8x?3gk)^T-fVDx3Vi66 z?s(npvaRHbiqa~vBOUp!;@4M-$H?CySr`DS-n9~FM^&b3dXrAXTpzQs&riEt#pj2O z&aF0~CEdiWASt(h$@Ryr2^C_6pMq~}4ZzZt8DhzI+D|_9)akwx^MXx&-bw&L$LH@WziHrlPzPP7>hKkSPcC6& z^K(#Y`b-+sMO9$NSvy2YgkD zu7{}Un$@MHvcq`R=_>%Oyn)Z4tp5NU_;>9-McuTC6JRrhVS|y!Ppu|`G|w@&@V2RQ zdjMro9F2m&^d7a{&)|!Nv_xqP@cq%j!&G}SNW#Y}_Ajwqt)!6o4jbjGvRGXrmc!#(h#rqKVY9{IaP25PMVRMv#gzEiWx?<&j(vTbyFA&#PQd zXC;-q(+HSgZ9S;w*2c+LkHYXlaA%V8;q9I$^2YPS1K<4n*Pz_oX*PB)W{y3Zb}1`@ z$Jo^Y!Q0tsI((9}7K*Y+%=zod?^-sJENWE(?k70SCI-!&$W@v7Fi9F)fL%MD2T$o) z^0R0}lf%*JJ|&HXlv3MVIRFRao|Vi`Y&7fp%NQg~!y_!adC&BzMM+%Nv6fZ0xVN(} z3rsfdUNh`#OT!jRz0&-~vVzK2KX?q{gA(MI0vpzQ0MRMW8P3mYt*Bf-knznSZ(Mhv zEP1`uut9Li5<5E_sK*4?b)t)9wl63?YYp32P-z(VA9JO^NV-ogH#a}+3X=Z-!dg_8 zmX9;VB$E8tjk#WN&*ed+Ag(h^@FZEfjytJOnI72j$wOA|{4knIeTqri=0yspc<6D> zQi-=JIm^2yv&%;siF$%RimUi%PD_15?NeLDEQIuNk@-;7i;J^8E_KuF-r>H<1LP1k zE(TAfb2gV>+4_lHq}?#!Fz5|Qv8&=}#PQlsd2JeP;SRtze~oZjuCS3nw&HQ+$Z@bA zO2wjFj!eq(I|pKM+tRwt4)Wo2>$@o3S{Z)-0LU}J?0V8hCkf&k3%xesCTL~yr5lyl z9@TeE@df994iyR_o*zA zZ5lhKNr7g_#dWr}uLNdM6C>y4BzCQ0`Ur{$^%*tm8~G+zg|GrWE^=~}L#;S`ED zgGqnwHkU0aKPxUeRR=Fag48t&zcC)#QX&n)4l65L)@L|E&dY#$^)xhRD0Vq@jNF*o zLBA|Ij+MKpUap=YSPsNf(9n?JtXua+jFa2a zwsnZ!-4b}CFKfGQNaCT(LD=PPB)5^s2<5r!64|xH6RdXI9vFd}1bnsUt2q~q zZq8!^7~Fc)N>(4TWw$U!Ns?%S_2k!^d|c9J@u!3@yg8)nGHEX|VWo+4kUxj<0FTDJ z+)gD#{ky^+2yvW2i&Low95UWk(fKRyuKxh=$1ULR3AcwlKDrfy!3CLwM=05oC$4fm zMr*jX({#@dX_oqBj1WO=xo{BzfKOZj?_L%o66DYHFM<3vz+`lsFwpm&@2}ohWGyln zo6Ft7&!tqLbOjRS)4CyKwew8ZfQ7IQ6z z@~ydXumVRuoh#Na=WB=~`zx{o&fqgmO2*No)`c+*>q{9!guoo0wdYehq2#i9w4&cplWM_Z*jRZ zu%65_pIZ4x!FPIhh$qx^`Rz;*K_kZi2Ot1AKZQ8UQ#zD8oR^C=rH@QqE=xODrde2d z+4+iRrF`Y7+bp`6NoGZi;55gbtNiQN!z~ZxuN`v~>(at5ivIw9pP|Xv#i7Nn*(RfN zaj0m{?hL57EC+u~R=0z+&-hI>%}+(qte*BLhZ`6YtCPXSdT@OY=jmbZu@A%vZG1Na zcyjAamrXK6Ld%XAjyOM!dT+yjj~*S;d?%=Qb5ignmFJ1!v}31gQJ~9h2LzmT$*nGN zV(>ELZ1t~#Iu-th;j^pj2+iU>Q#V&rIp+=hKEQPRE66`-Zx2Cx;ynz90`*$S;AQ*U z%!qc6&a$fXvGDl~Iakk=S4}?S=-=9TEw#OK;dYz-k1g+t62=&AAx7ZkM-D$DUqaaU zbHx50vC=F&Lw98)2GTh#Z)-NVy9=Dy4L+wi)}!9NaeJbB=2tGTqBICH35-8e56K32i{{{TA56p{5< zr4<_=n|>pUL2Vk(#QLQ6TA$ltlVk#1$!@@WtVeIWKDe(S@c#hCS^O^(=~{-NE~lnO z=39GoPn8=SanH4Ms3@cJJkCwc*z$i9{88~$mx^c$g}+WbJc_eSM@#U`;Z|Y_g&N z_w$p+26@RN@~nS_nho1{VQ>6XXct|&JK+RvYk0}vAE?E8nKcPYx^mecmw301SZtnJhuWXVh+qOBp-2H#m&y2eH_aiip5y> z=qOa|a>}1mg1nJsNfB5DR=~$vy`k90dj!$>f)-v$f8xh#M0+yrwt)<)ULd?I{`rsHX{nG*IvJ7F5Li3cO@=7Ai}uX$+%k*?KAl;=6?_*P-P{?K@% zP`@cZod8KEgkg$T)D{Mxa*|XG0q z&JP3%w`Z-TowlW+KAa?)Ql4GG=z)5V$NEws!&1hQv)o_D36#d8o!y(-yB$Y&hi*}< zq)kHMlX|N0&!No%Hh;E&}>L@uLlnI;`wW!XTRFU$Ka%(9dGuGK`?iOGbBVUwO^lqjJCn)klNC1(-nw0D-7JMz? zn;E=DnygX9_R_mvO!oAzO4fB4KeS@f3+5yV{0BKrWT`ro0ZzSw& zed^|XS*GjS72T(ed_QycYxw^FcF2C?ZS@}crl-)>2auo^t-4U#(7+Psm^+ywc5V9;tR`ZZFJk2 z*5YN@Sw>0!02-ScIHQ!0z+NcP<6T!*xVifzud!Lr-fp$A;jIr(n&$HDEup)-h=y>- z(DoFJByaeJOD$zm3GJ=XQ=%&2N%~h6b!jZq#6a!d13o&QJ5y{eCzb8X1d8_qg*m~ZAoG3+T+c--8N%(juOFF-2OkUH0)<$E3XvYd_cUmeRk3b>}@dxsg^a|7p8da zSl%r7N8vqQ%T?FlvA5H2gdt3bepknA0ml`&tW!RA@b7{pmhR$6Bxi+ND~8Ab9`(Pg z=@!fqHy|`pZps{I6ckXOON&&AQXSO%|xva7b8^cAS0RrFCb*x`wajxkq5?-#4e$tB|D*g}(uO zKGbxbM%z%=Z;@w1I`S%r0X= z^5Aemtv@m?5zJclr*5e$86swWpz;?ZJt`TpXJ4xLuS3?f>qU;@2$gMwf4Kp$%iQyx zde_HZ6Y=fM-^4v%Ow=wmLmcf6>4^Xi*k4M^U58^^;>U?}OZzKL3q{nH>rs%Fxl|`= zfO>va=9ZDkZEBFL?y3`NDLe|e=w&m`?oZffc@Fp8CRi3Hy;!!?X4`P5Vh8L7M&C-a zGiy$RPJ34q0Su)HUA;-J)4@Ywx_QY+{IZIDJ--@Yb^82mWudC2sF6t|@OcKlYu07E z)$WS5sznSZ<-i#Rw_ZSWehj&~vD8*2Nj_ncK;VyB_4`i}*_56(B+L#tIl-j%E0K-3 z@l-E=txuJsuPat=x1Nc694(-z)U z*sS;+^T8C1Uixz5=`;Yt6DXSJQFtdO~fDRTy&l@(o!ibbm(qdQ**v%ae*1_gWiBq zXJ4ViCckR1-b|;A{Js8_(dv2_a}Af;2`HOTXYPs(7n$eYD9}tAVM!61?OZl<&{Yi% z>TMp?cgk0HY*uqbN?i?IS5P-LvD`aJu$+bihOR2_Q;s-F+7M;+$4|zyGdQ%iMx4Cz z?_$NXj+NTjK^oZwEM0-;+)!?HuPvpvJKg?yYJ-Pcv78*j70V>ZYI**;B{Ot z${9{ZJ*$^(bIhJgdv+2&++`f;Jc%@hVl(aST!qGwtJubuH?hX~Cp%6+ z6-J7iHFRw{?(Q)yx$+!8rw%=<(=?mSM#oQeyR(<=JmFYifk1mUTeZKoxtToGa*U^; z?^}`G>Y7|KJ(aXlG5dyJx=+%BXj8W5rrvmoBlvr9ZLF=WtdqgMG|$bv@zc|TUl}wK z+g?oRbknKmg#FxlQgIZap{=6o6UlsuDj6UL9ePy_e)2dZo+!g3=NLU}IYP%2(ZS;8 zXJ!gKp}_a9%S(mY*hM2STyx(w24`QU>d;zd6a{8n0iFeVzK!B1Hfa{2Y|L1kkaD0^ z##TBb=3P3?oHGfbSmgj@0s*c!TGzhcWqm6`B6d01#a}U`jzdTLMxkcT(RnHfQZv&P zv!-c#r*!i2hylnI5`7HEc#2zfNbOkxmz+57?OtFHMb&4szLq%dK`bNAayZW;j`S9O+W2SUh1@VrZKGYpZss0LsK634#~z&b ztC~l^oqt!i@h6C{^@|j~X#h)CmuX|ykWPBnvCfY!od%547l|})3a^B9rH;vj&m$~3 z*yVT_C$U&GU~R}e zdm7F7O?LWK_LHV-w>pfLD!x$Kf7NH5*!%?+Ej7^fYrg^N8sCZR?vw2X)T1nmo+JeE zpVqv$_JaMK^dAh`&*FP29?fRii)Us+m zLFy?=A#-9Yhw~6f@8pg;b6+rgZ_;da4O0IAS=6D-TQ=L0xpGGXC-4=+S{+eQ-&5u0 zn!;T)?Yo@Z7HG_6O0Zs>AI`qa{hKuzd|B}C#eNRdrn$F*$uj`mxmq#PaP{p|2)$9& z7^4f|pT&O^e#!p;w4a1NCup}a>Gsx_sJ8(>cDIn08>7JXCcnFH5BSGH__g3)27Fxb zt?j+mg{|60aG@AB$0!NpanC=FYo^}nW{0(WDDgwvYKK9Q0JnD9uE*}zrufzkuVa4` zGF`!O6sW_T5aawSIW0`2&*vBZ4h{X0EMCjPU$sAhG&oaD)r#r*`HcWD%oO=@IrQME z`U?I(wY?T=2`+6y$L2;uZc~xZOn;vA=_@N7vZitqKzxD@<1&%PDkzi6)O3fPY8N&_*4;~%H0Kvcmy->LdfT)xSSViba;;f{L8*X5MGmgDzHjJ!Z zMqD#z36secW;q4Ty~TuvK^(|cnGYa)d(dqOAJXUi8Xc^ z9{WO`_41ap430jByEH|jHfYYHVD*pg=g=1PhjjwZo@g|gREvJOX<}d}L z9`*7k#$OCWeWu&^t}Q+Y0q5&nGJ2S^@*nn=_&cY3NbqL6qu=PJ z_fWTvPb{_$BmN#c?LW@Hk>8145tG3m5WG?0d*-x`crFP6SmtcqONkvL^Ao9A&<;^RAK`(QmH;tFMQVJ#zSF?$#_^Z zc`CrjqpL5qMK$4)c1MfL3`tCM#R6IuAz1D9QU_`GWR2_cg0#boV=5 z4@ZjNrR~+iK$+)p#zk>Dzlq}T=ZoaI(ZpP)6QXQ<}%KSI0*;;1}L zplKJD9(w~A-JJ9Ob6&Y`Ji-{Zw>jhr>qiXlbFs3E&qyMb_9^2e@IC5#=7UISBWu`h z6-Lm}o+{$(V`j>_U5UECNd&;g*aTz0t#%reamOSx$|G?Q893tuj8?qEQOZ?h?iE~nDAORxsBpkAfJsZvyPy0L7u zNg~}ixGy*)kVipLB*4+WM7y;X(J#%8eXE*=(I(#sjD%7_`A8s{Z5qiajDpzIxkb~SO4E(f-;w7t^HO3HsGO9N z-Xx_a<}vG#MJ#f-S=F}f#~#&_Vam*_Av70L800RQ!ydxBts7Ld6Es1*&A)gKF-SQ_ zUfw0d-cMK#LHbdp*=h3KNo^dli*2L;PCHOnBRD;Cb(F0fUoTO`Zg_WFxfbLGI~UbQ z%qSMers@75iZ~;+RLkQby))Xni)>48Aql*ZoRQG`P-vu3p6+;I5p7i52x3NZIv%y+ zSNg0vP4uN9eXRai+uRe6>p=OI$3~XAO{BJ0g_c7$GP&t4zVsrUZR`Nw;w`XODbUChhEe?oCi&LImL(8*)f^x2ak7g0R3$Pvjn z#a_}N-x{!etQd71inQ)qlUg0nv=UImr1(tzywpcRahsR(Dsr#LcCuOsyyG z*fvN2_pZl7N56s{KUskJkPwoVQ`4^*r^?DY`}<8Drd>umSmA_15lWA}$6Wpu<=59G zq}&Ej9+>8&ZI$hBh4je_%jFF8YUwAM6}R$abdia`P-qbYF|@Xe_be5OTmi*ak|X7$ z+jg%?-YAB(xkedn4Du^(M(e=uShu#3-A_BT7;(s^S<`73^4MwO)Rr)u9tR?^bxW+n zCzf5Eo1hf515?5g%q3{9L6k~D>>b5e@t=h>_%G+Zw@9@8>bouRoy-R<`c%1ro25YV z+sCy+DL5w>=8Zwx&UH(6^IcEOM{3Qoxf#{y(8npa^8xco!8Oy~CAOC=0p#3C;1kf& zE-|sQW#fC>OCcv7Coo<8buNd9I4O4u!4V zSzEyzF-svHUuDmw0D8##4V~VakwljkjHJlf@1MFWnDKMz*0#3~YRelBo2Mp#JVN$6 z?-F0x+sPsuK!rB3z+vzD*Svf$eL~r$)9s^ywAE!$SDl1*pw9ej~TguGZE>< zc~8XK``*cvc+m&47HOSrgdsnh@B(`=? zGq`letu+#q4u&rcHRM*Z>9ZN1VP+Wngm(QaJ#{<#I0UoV$pVKcLyR1QjQuL(64XQy z`Jzk6V~6*LBy=R!C-%MOm#NsPNMlnbesRkWZ_=!1aed+0d_g34Rte@wpD>~6ka98f ztf}YKFd&>vva4(>p7fir&d*7nSm(9#V|PXQNdus-M!wc`ts>oyp>h6#06FP`dT~nn zf#h1v<-WVAz}7$r#|UwZ;<-zY?TGbsy^7)9C0(UB!8Jf_YWl{%=IHVmOpyoKC?kNl z>T1@lcKW@uM*^E>0B|~yShC`-MPjDcVmU0h$ILUDsV$%SQzRio(hvw8NU1fkyC;U+ z#McdOcPj zzP`Sd}JM-4DFR#!{#bl0l<7oGw4P6Cp^$X;;xGM^F$>3LUe+9jSZ4jD2 zF?cM!jS1LCGM6$GX_{d?c)&T}*B)h#Tg-W*lYqGuT

YwffDc+Rrp@>l&%)#%s$W znXYv!Re782?EJAD0q;%B=z=|}z{jTP_j6bh@|9@D-k)0Lyfp9_?}hY+JF;?1l1z>1 zS(4G)Y3lJoaJWou-ScDR$E8rv(tC@^=H5Qea(5BZrTcV?Wp8IYn}W_*wo7$6 zu4h<#rHLIEA=?1@&{ZkrmFG$CFeA@a z>zcQ7Q_s9r;&@hOg4)fHp~n31!mRj0`L#LrA|E(7Q^y#nV0u=w;p?Rl-9>TaCg2}{ ze=6rS6|;_XkyT#pcoH6_kzB>u^gUz6kwY9;2#pdSE6s4L`qzlu_#4EQT9f|(Y9f8O zF)yuTE}AAJH04Hs6C{wH<`49_py^+ir38Y z#}SGk-LN^pro?7=lU&rAZ97f31_VFrKiVF(pq83^R#z7n0sQ1m!;Y=(STH#0Qr`an z%9_+LZutZdYp}PMeY!%)8igLb(lm^4ASkgzeP2JNfp=<>{m1;(96)rBIhD4Szh4ww`n$M^Ww#eZ_s8*&>tQcqF<2Cqjxr8UwC)T^F(uR69nvHgj{-$tyT z4+?cL$<&%!tNXY6uj#Ks^~Ret*%Lb>6OK(-eJV?9Uok@YNz`|*Cbf3=Kcup}ww4-{ zXijMpHsDoL{Y05hbIH2BoV#ik3ELQBN?taOR4Hck<~+{TdL)g%m8*Zq5CZS zLeRAT0NOU=;a`tugZ>d;5ZOs=$#S2%5{^(7?Vd+8#~NB(?7wJFg4Z9iuZZ;t8$kJ=I{>EZ}*!!EG9pT#S-OAJVIl?9CwKB&Qut z{zzf-gF+m{Jx_YMsA*Pu?T6Vf;*H}Z5)V<2O0Gf5Ei=UrT^{-nGPSHP)d{C&dIlSi{i7&Xn@f*RqZi}cz;k_{-k3w5ySZ4CZTpzukQ_1GL z{{ReWUK6{$h7X6DC6|UC)+pnUs{d@Yllr zD1_Q;`cIx;uCwzJ8R>>|b(?|VZ7OTwZzR@<82J@R$o8)!@U6A4kA6CQI)`4cl<0EKZlv=DQ5GSU zQ`d~+@~q_gGxyq>T05j5jF{NuhG5GnY>pn7;=leR+;%VX_U`-It#U9w= zzKPZ4b=Neh?k1b;@`q(Y`~j2x2DqwkWBZSWWS$L8e_9?}`$>3STmJwCcvHukEw(kS z15sOz#FZ|Y&mXN={{V)jpIZH&J|Xx|SWD@z^+Xo-{&>nJbG@>Cc;>2@vn)rtd~4zT z8&&bfqYs6&R9Mj>G0Aq|?SXNQzPxAftPhM|1ry=kkD=;XDr)+RJ=fW;ujFjQ)3sUf z7|NG+N6%W`f#NHQ2Dc?xAo6l2{h)(Q!R~1

!M6!Z0&qIu7@vo*K)Y95(WLtSAN5Y0)b^tj1 zIIpb9X|)G0Gxt5PF1)jxu^urB|TCkSgl1U6kAm2LR1Cl)sdee+9kq3o0%tllLTT?k^WZCJu)~Rwt zkWA4ocX};dzqOM~wsNY=+aj%;^L-9Z4MCPt9T`~h&wB1O+vQ7950shCPCu1nEzF#( zc3M{3m}fB!`w+PbIsx9Y<(e40!!bL$5-LhJ%ZvYN{hJi+1&RWlTYs*_mq!BJqfIjCP>yFbjgxK)NlS}2xw{(Z*Zhe0m z3pQ^qbiWT>yvrcIwnKmr9{&J^beFN_A=ST4do_q75!E4chUulS$lu0E z`_v=`9*8YWittrD{=LYExarOG$1d0}0S$^sN*-f%EM4 z7uOfocbEFawxK{iR8kcL{{WF+OK95Ev*`!@INRF@u_G43wg(yatFRtdAB!{_?M1Zv z+o>(2-dE-s-H$s;LO+py|0JagPx5-n%UBn*Q zt_R|Wfc#UXYmadTrC_>Q0$6;o7_xdEXelF$@J5W9o~Cshgo{x~WXTQd>Fr*PsNHJX z&DGqR#hjMjQv^oafXX^!@}(_}BP(uI*Ze>Ix8NJu)^=H1(a(S2mHJi*Bb5*dKcyp7ru=t=+VGo#R** zRE|>3weTGJQgR^a-L3Dls@tftaGR!%N9;X4>zuusc;&X#;AQ(GHsxjjhWb+x&ClZN zs1Vx;BzI>xlXpQ~pMX3`eQ@$msLl+lDULD$3TA{{V?z zB=MAS>B+0fVG`~$Tc$R$`k%_SUB}9icGFh7(j3|8(8%oPC6s;NeDl(wNDZV3zhB>csvLdF^j}N~FvdNXOFy3rCMsQqZ>On)MJzZI%5to_jvkHT-meWcxBct=bAk} z;tPv@WXRyDI0SoiuBTGhCetkLY@h|EVS*c=Bi5=Z9FpAR^c#&w#9D&cT1F+*!>SZe zc9MHj{vdd3#5#<^_U3D8Q%#G@`#hur$4$RV)kKa|Rq%99Y~pL%G=^RIAa&hd)pEw$ z!iH$w8sp9R;!rn7#{~Yg>^R2f%aC}}#J(Nze7nBcc_5Q?P~&ni&jfm6zJ`y+8r}Av zZyQA%GBE{#P`ne*G@4yac@eAO-C_u}iG}u|B7nG9gJlWLVElN|wZ9ZtXqO%jdvk9a zpR_D&Lr0#QiTc(}YHp&9Z-u@Uu<*W=x(U<{ud7Uc(Ci$yQIZGK`d6F&(OPPFHhmYw zDiYFS0BC51k%0;di|86~x+wirn1WM&dcICaC@#Ht z=cOZ_ayV(Vc1&RR z6`^aXTxk-rj$+6XV}M0Om5e2>;%k?Uc=6kdx7)Ze&tq5aG}OCu?Ngi@~EKBQL)c>&eF$7Al_d@Rf?!^2~fmv4R}VYDkRDpL?N@cVc?9@ zv5cbbXWZHNo?9oLIK$}B0(d7lG}~pC;=*fq?c#2PzTR={XmrZt(5awk=KlKPJBE0i zDJVAe#da~r{hI-fYhdoo066Jb&Lqh@nO|X+`sLl@{m*}T>GWMPT`k+}@w!`(#FBcG z+PS5oZ@+Wg^bxe(pkhb~yYg`!-apc+ZTrjWbD_Z68pug8NpHNsdAeLB~}iuS)Uz zJ4@YW_6glQuP^3QVS)(lMi*>jdaGmr&xGDUT% zUHzkcvXj?7p7b13M*Y5xaM6q-ZauNmwKV%%xRsM=Nk%~QG`Uct4RsdJO1`|lGfW8D zaBwgW*1J31YHK@-dkCOafFRt!k|1K17nT}^^(^fhfwcN#)|6-5-;o?Gu8lpcjFGaQ>_??0=XZD&jt3 z9T3|~DkKPYd4-#e-njR!Yf!e5Ekk57W9H5X;}jWQ%=FI;U)@;S?v7&e@}oHXtG?BB zEh5iGySUaCIj?@t=0F3e>)pEX?M1F;=FieEgV5-!;yY;XZeX;Dc82#OZ@XkwbjPzbLZ@Y2wo*WDbMNF zyu!y^ogi15jiT-@oL?h7Vp6BQXgMK4;Yx@gb@E3?AlSaE+4d1>6{Mi8h z5!*QH?Or3LTIpi;ZB7s<3%oe}dtEq*5WBVO>O)xEyG zWj&SDk>n7EW1jrij;h^>qkptXZX>vj8)AY& zka5S?fnTit5!9@;FAiwhou$v(gx286kKvQL{v3XE%-cHaI9^v*lOb?MJwCO~c<;fM zo-5Lx8K+oYD2P%r3k?4NK23AaQq}sO8+=aqQ5S?Pv@LVPx{TVSSMoAFu_HEHda*rD zO?iKW{9&y8FYyWSEuNuwZj1z1u_3}u4(_Zwm|_O$1HCQsmKgDaBHd$q02H6 z0VfU{XR*iYN*r$mfmIpc^(M5tGa$T;W<=ONO!6__smBy-vRmDubzE#{mwwHb`c2iR#P1I^ zs#&y#c_2VHsxcpZy}!n$H92)KlzX3xmzL9r!_Kc0mN*&v!#oa~fC?JwIEJ4@~SDt7!Q8g80kr09AhCK&rnkd0=3&@}!rf521kGlT=;GF*e zv_v1XU+pcTPp<2Cx<`O~LK9AyB)AsS=l62sxeP^rd4C0bRc{WhqWI5FypCNX#P)*Q zT2v=$Ud9KPJ`ddvFn##NbJSWLF+Se0zW&ffj2RMGj@cEvik3Y#>rG!`A2Jdz1$X3Sn05rScc^Z{71MIN3unf|dC}VE&b*D44jPU4F`* zHacv2hlMqm83N8e$93j$u;+|^S+BZ6rv4qc*iV{U+`kEw3uDiG4cMekbuIsaWE-x$}3Z-L-mEs0EH1Sp&=G zt2W{Q$^MlRF=>x2yRoZ`Y-dpGyfdjwrrnvh45=zUT=VK{q}63c((hzY8s*pbY z$nyy7F6Cg`{!-lc09R3@=_2kMm@X}g%BSRh*q{ni=yTb#2#~`FJF*8;T|J{bwt-36 zFC#sOtEae}dK{*$ZzYpP{%eLgC!W>b_+!P&nn|+?+q*V7HL_&#+hftyqSWlr%G)Ia zImLL+se3)9t9JtBQGP*=2^27m$~M}OvuBVn8UFWb=`;`Yl(-v}rIU@!G6&M7qRxNB z8f2D^B${CIxjR)y7_1vTAV~5`#j<(>>q9_wGHUltqNa}|Fvf_@v4Z@~pI^$n`Y5DJ zmfoRVk2oDoXQr&B6ST9pwUt5=6@bajHhnSxM3~0!N_?G$r0=Ox+Wj<%%REaWFY0Tv zvt*s)zsQKV-RvlFw#6xEbQ4@kwwDtjc2ylzWL71m{7JI*VIJUnk-pe$>(?2-~x{h5du1D5=%oJ`zxFfX(_cho1E*4d-Cmn3dH*AsW6U1|RSH)OCw!{^SU>w z#S+-FA6vX>>{8bSB2q}l2DlAABzu#Y8S-|W+=|3$75qb_&tm}9%^gbl z<4cJ~V;?ec!KR1G&brH1y4I2_ULuuxbJSFcIbSl}?iq=tD(oTVWm1CD$3x z&DOLfWOom>KW?a5TjeK?N2M|H*y3(A(WP3!5`~gk4&pQZuCXAy z)ioVb813y^M3wODPB1gtixtj$QrNbgHN0|yfpMN|L&a8>cXlrvPFs-Mko?QXsH9Y7 zb3L^SD=iyOhBymJ3hi>o@AKBW9}a3TUonn7xL>>h`=D}vN(wq%8tX^#6Y3FZcLU9} zayFcR$BqZTHNnB8c#Bu@MzN;bX}24#_Q~_93hH}<-=zZ}@dUTN8wT3{08XCTLc?xU z^P1*Y!TQb2_L`)VEbG6_E3>wEprsDytHY&SV%iw;#n1ineJh>Sd^&D#Wlcn=h#i>E zQ$b$L=Kdsj3sdl=j)&rF7~+#moy1`gxgENC=N0Qe1~lC!$3oOETKOWFOkLxUl1V2g z6c-wOj`QLV#Cp}T=s6=Y^}_mI4@yiuPu52Zgzvzi2* zSR7~57{xF-y;j=x`%!I1>NPUQh|#l>5P$lGbh;L^6tjh$8)A?!2U-B!@dk-Hw0ebx z`GFw$W4NzFxYw<;4+&mfG(J+t2x7P!q&}GZD&o4E#s`G!J}|cN&VVD-;d?8qP)sqf zQibr zR@N(PY``K$gMhqIA2QVYnLiEn8>qEOtmC+sdqi26J$nBDg?etQrHxZeTT7cXf_0F% zan*t8{J&b$$fM0{{5`7Pc$Uvah@wX;ZBBZSfBN<4x{t&ALz%Clisj;9VkB~>+L#wS zi(M+i{T@tB{7Z~&`WoQwt{}OZG{IJ8!O!!ez;^Kd=T0%IBQY5dj+qtA+}T5W0kgW8 z-2g*#>}W^`*3!i{7}TjyK#!4~aN$P6Osbb>t z-Ql+KnnlJy#%r8u*vLq)URfh}LbA3ws4q0R^xKuxq$eCX&pj!dMBJap>3g8Iff7k( zWSmNJqbC52=kcrhZN=5i-W2E!)mh zg~;kYwaIC=^NXjC5<8a9%sLujW794m`#qc!BS@1d4DabuNpdwf3@XghGV;LZGzrBP zv`rZ;>}0Y5+b4iePg>(OeGT;c*0?|%Daii-WYAJYOPyCy)FKhfBbAMIfJb3ms@dIL zOz=RX&2zx?rfj2Q+VmR;^t}u0cMe|k9mhQ9isSDtk~^mI_q?==mX}($ zhptmhnka7L18ILkdwbAmq1@8&n&0S_mi}$S%Pt1?U%W`~SNuyP8ob8x5Dyh+!)m%D_Y+*)7%Y%9nA??H4wbTffc2|OC^aQrPSQBz zl*PHufcH3zatN*-`-|k9wJ3p`>GT z)%3p;X~Rx438J=m#?p@1E%dK0@t26!`uP?K+%PYq~*!ul&Y8XNZCbnF-~ z>^&>gEH=mtks`?Zat=8Zg2oQFV_|h;H1gY8wxuBfjy`1r{{YusQ~iT+ai}f2#U{{m z#{(5y&tciI^V(eK_lIF^qXZG0SAC-Rn@_y75?lm|b!~*4jN+4bA0s-u>nmI4wA5rE z90Xi?f00D+Ay$n^Md_bfLG0PeNR6i58Bj*&uRujywVF8ug~{H+rOh1_s7grmSQbl`a3Ie#_WOD>s)q^@jJpgeeJqT@@h8AC>vrqFZ9N1H(n>}Sr>wt<~b=i zDsg>e?f4|+_YaTf8*1Kyb*fdvNU9cm&k^bV2ibs0F)^*r#bm(;Cw1yjmA3Taq zT>U7Gc(b=W@E<$DQ+2sjM3vtoZT-zA{z$7}A}<_MCz{yfBZ}s=S$wPFu*RNZFylN{ z>V1#Ls$k~{I7wNf)OBBq-V5;0hi&e>L8-;3Hq=%OH#;!T3On(RD~Isk#?J!y>gw!x zCtOWhSR6+>k+G9L)edOZmRmV&j{g8w)U>@e#V)lQuP=Liqp2hOD~kBXp?I&u-v_iG ziM|TBx7A_PwSlF}4WTb_ZiF}QHun3y`w)BAJn_#^>7kO|Db>~yEJ@_Z+_u5T;Z@DXr>v+G+((A% zyR~pt$3BPjhX;58k!6;hT7KH1>pj2l9lr(6eBMx$$O5^*ZsZKro1H%P z+WInDSz;@@FW2?13F2EncEjN#1-Kgl z-Rh9N#6DbzSHC?gLtF73hMxo)dDJbXySR+9!j1{rJDh$Mn`YGF+0AI0YtGjfazd>O z94XH^uDP`M4XkSb+j4}qN#Us*!YpNl;hHAGkl%HI?Ogu=j5H&EW2kD{6}(oyDT>_v zl5|k691M&%Vt=h`1h-+Tx<20hv;P2VuY%tle`jCWGs0dE(mY8A#eEjoLE=kWn+YL~ z85Y~ib}}#u-#UUelaP7Ed=cTB7-RE3#~Rx%?2x03n(f9^jO3hqFTo^y_X_3sj4ln( z#JkB(qhH~5B;&XDTK#oBKF%njfzoKhzHz%9D#SMXQOG8azN8T?6S zZRXcLrSduBr;`{QHcvhlIm6otwGz z_Oq{i9q=!JkZLz+s(9k!;y<&+8a82wj&s}BKZSTtinaSM5=~?Ml?+g$uvCl?J+e)D z^wx*+K4T|3j&j`bkBC}-i9A1Q*SBy=qwOnfqdS7JAYguV?Ee4*E~K&W-n*vW*ux$D z?bwy3W%<+rfCr$)D5*OuA7kN$7WtE$x+CbFHGCc63mN=x@iSaH7lEx`Y|{q;<$lP3 z^wzWw05ne~lw3EtODR^!Z5(Uy94wQ#!UjxV6rw9R#x z&kdV-e`h~&l%L`s=e=jUx%c=wPYZ@rB5ruU;?38IJTW(iWwp{^(`CcDs&X(rYvvCP z_;UNkw~}dgkh^Fz+ge36NOtIC$O&~wNu={VT0l)!@VB!RIu>#vKyx!afi>pM|d=n^X-QvA2^vI~;BY^{J(Mp2R6=dOv`E5bB;8_acH{Ao52)t#%PjZKvJCX@7Galt-kqw#7l}N%~ja<Y;W)43Z#ku(L@OIYD0z6=s zQna{u(l49K{_y12q?z$@h0iJR2kk%bxU9oS9wfeS%zh4ecg4t~`?7j?L7wFu$x=9h5}SITI&EX4PGarjrE zc$4;`ys@;jx$*x1gRJf>Jg_BgA-uL(5Ag`dily{0tB26&`~mR;!Cw*Lg73om zoHqb&^CFamnj$+g*Q%nJWmuzNH+1)@ap-xqDKuG`bvTuxjmT0ut75Xh(xsVCogsdN zo`R8)BK@b&G42~O03hcz(}?ZV3w9y*43kJlL8a;%HI<`7F(OcKihI_6r>IGNlWVdh zA1}%%B2jF&r{70q14A;FeYx`w^sKS1X>1x>p_ogAIRs;zWY9Rq#5(1spXULkMz(g6 zuGuAHfXB9L!R|a|qFU-QXcJj%y)p>=!UzSAq3Kl^+_LTWgyU^9Q@xa=n88@V`I|nU zl~?es>>5v(JnJl0yp~Mh^yx@PW2gK=`(^7{={H_M*hAy*s^`6Q6KNWbw`VWdF4}34 zT4_>87%BnD=8zvY__FqGGG`uSQnQiruR~rfszjHU7Z`qhi5po%9B zrVG4u9nX3hk*DM=(IUbWG9VF4F*;>MLSN7~D89lOUdKwFh6a8|i3cKT?b zxwD2jB;2QAB%099OI;5n({$^L?N4sIa~yU=0T>ENQ|@YgS5W@IS)q#JU$SRvjGSZX zL7|;vrwgm))Yb*_21_g3FC~z=cvN7cI)q4viNp;6}U_z;fv*00lDk-sW6i0d6vJZYOq~TYbu1c z10lC#KG>tdw{dukof`6YxLan*DQ*|={{THG5$`%@!oLs0VRw6ZsFW!Qn;>q-u@&bU zT)X^4E$sZ06A-cGfLF(VtqqmRdTM-3weZY_&hF~oD5O3~W+3fuoEo`jtLfUWh_tOX zTe+^Zn}hrL9DIl~$vOJa7HFsYOn6e&>~#CD23ecvZR1fIz<2}S``NFQd_UnWe#=zS zbpr&J=_9C}7!Y=zyn9yA*oJ+Hs^~gqkKtMF?X1nk`>5Cm=K`1Eez_X8q*N)CnjlpOPfp7?19sC`)MSKWt9xL8%KN(UrO>LKCd(~!=>b-{N7PG4o723 zF}f-;=+9!a_*EVK{{V*!5=9-v>aV&$0>p9iZYQv=KjI&bJSn93#Q0Z2x|?3Uu!&Y{ zl9-A^-BZ*KlN?tOWz*gh3p=+?S-h&)Xs z*B5d|k8rJm0s7N%=qX6(Q^ofBWDjqq{{W$3a8-EoMtH34O5*QP(jdNjluMR5lw&zK z>}w;Qay9%h4fd8T^*a}Pc2Xo+0KqIPPsA73TBHo~#$=L0OpJespI^?LU5uT|Hn%Y7 zNetIGZq~CZaU(_sa?-|)v`ecyyI59oZKFio z?h_ynQY&?^lNle2H0!A3(`|JtVJJi81UV&1>&1A&TSW$=bN0*Dy>THUc;E_Ur1~1y zmwGvl7%oCV2_G>FoR6h)`uB-^H~o_HX%ZXD#gocajWM^})>4;2ax=#w*QJf-x73if z|3|dF5pAed{+#(_dM-w6{op(QpnCM?z|&A*Imz zzCQ{!pWxWErnV_?K@&2JfT#Fzj-Z3hcqfV_)Vwzlvar&8`;RPu!8md0^{d>zSF;zw zc5}4x>N_O1xNHyJ3~WA?++1qj9?~R{@0QZ)a$B>``lDn?miaU6KRV3Q{12(k zCB(8vAca&pb6c8on(g5mb&W3XZexj%5)L{M(z{=US~SzosOynjOF9PfWE;r~jse96 zQjzXnAn^YHhOYGJ<+(^-RE+~8AH2t&gC6zd+INMlEoUZ6i8lu>GCJh+{b(*R=v=$- z(Z9Yj5evXc`BZ16L#TK<-s;Jb50dH5ahg{;BL!oJ(>xWWMSDA3NhQKy0;~W4j(S(T z_;XG0t^5MlQMgstp zKc#w4g>+agZ5&RP^G_fuM%?Tkp!(L4na4L{(xcIAtx=^VVl24ZfzK7^+Lefc?k8Cm z5xaLM8TPB@zND&$X>PW9312fjt?E{j@E9_*}M?N0U(!AfEb^xWaet5 zW9hlOh&9wJZlQV}tbI7DR~lOB^T(>&ZSv9g2-xI)BBz;%me%^y#8(LSP*@1#Q;#hI z?K$?YiKK!XX#^7OAc2G2Qn*;kZD&f2riSV z$Yv?SbQ$1R3F511HH}Uwl}Ui1j#Vsix6-tXt)VCC>>5=1Z-|v1OPeiHFaSpddh@_M z9-pOs2OYPGyjh{%i^xs(pJyMLA34I{Wd3#OTE!?c&8@B;8$)Sx5Q(L2xDAv5oj3v}k;H&}NBruNa-y(2q4HScV9|=)`^>t#W?} z9&J)M;I>n3Z!gSCf^dCvTau5XC!Y7hdVR=ik#s;LGH@%yr)!#qp}8?bAYH+vh?o%KGA_#fhx@jrs~pM}?t9muqd&8PXzjmidaJx@{i zRNn-CH+a+bRQ;elDe-r~?-a7y+?3QUoHF_Go;I9z#%px7I_cP`iwU*JT4|y~l}88q;Qm$gU&D=ZT|2}Ya3Gk=0N#XFbB`>VeG8Vy-t*hVsKIZl z>EuUpxM0KDzm*^OI8XLEww_M}{?;B8@bot^UovRkA`2Epyqx)SAIB(ra4LDNW0t35 z`1SD~oc8znv@IJzV3fzOdv_ky$UVqsR+JMUAaZ+GLT4peSkJh)3eqN3BO~SGr9&%E zaFD+nJ#ocr6E1PL!d6_`K_YYqo~OALUlN$rSs5IjdFfPZ8TK?5Wk^{RV~#oLQCpTt z5GsyOBl^=WGU#-c-@HeGWC~mrJ@K0UhyMWJ-=EuHd=&V{;t$zN;x4%cpWsgxFq=ea z-wO@!11Oz_;1`eYD5#P;V9)K<+X&G}rJXQ3{or~x;xKE@d{d_RwwE@W2hK9N8QN>l zs=5|@HSx#8lCF<$somSh!7<5H)Fw0pm#MvqM4h`k+vzw3OjvkqnVs-S&Z_E#=FPf@S$8ZM%wKk67=1&unr)q}h6+3y#>9$WY zEyVCTP;Q-vT`0W!I+#`Fh1NuT;Ksn@Fh0Cj_0|6X1cUvwwEqB&9thF?9C(XSzK6sX z%N2$D-M;3C#eoE%`{0kEtfd2V&*{^_o-h8Wj`FJFI4)x63 zM;Yc$W*s{U+{>Ar?}Ri)(lkU=T~^vx!x;f1!fxSG;%*GS)Vj1%;rS2=qtYqc^P zf)Y;HJk`l=Ze0WqBRZxrkLyTA_LU4V#)fUVJ%7f%r^2Vgsixokwj$CZZj7%4{{TuG zDlb#Wd`GT%+L;#C#99`@s5LE|fI!k1Svl@H8d0BO=1|pi#JpJV9!^2pSGcCw+Qkj9 zk_9a3pS{>t@s-SvK=AF=*V%68Qu8bkmtoKW?Ot1RsYT+6<-gNXNp?4u_ylv_s0^Fs zMutl{%Of${#|FF24YYebDk#!t7c6mtcmwM|Sd!yKj`i5R&}JCgzSV=RDbPr1ij+Sp zdgtj`OLCNMRnspm?`;0m(yWI#D%=xVZ==C;BFz$&I0LS6Qfxu0X*!0Dc?472m01&d zayoj|o3@ktE=5RB+5pPGW#j(<)mueqVJ350Zk2VaxNDUJ0!w-mThS%WvdIjgmIXK% zJX0k|^gTYxU0cJ~ntq=**=|VrWIW*ZfhHrC_A-mO6 zeGH^w>KaY2n+q!!`Mz=5y$eRO#1YKss|dojI3!kt3_6A8nR7EENFix9$By4x^erac zWVM>|ZXX>@XENg(mGAslsA;xk64+fn0_S!!&sxA;LGPYPqy{NjdwSMpwkYWEww-z> zylGnAL$%aD820z9ZB``vbkfAz;sot(O1p6R*lMUqtz<)T2TjNB(rl!xb>1k|q>jo3fCXSd481@#&uLoAO6aYtISzlf;(LAhy$x8FKhMoB{e!0pLs6 zlGIrFs)5daX28u!;=M}W&w|ty5p5@f{8Rx7z*9x@BUNZyl3TT3@J+?kHd8}zxwno& zk&<(j_WuAqsW~E{9;cu~eFd|$@%eHvVb`^B`p&TMUtEW_J719~>GZ7SBU70=hnP%c zw4=8jt7k*gZEvp8NEEn~PwUA|i$GhPMp3dYjO1)YtJ zx`k{u-l_!ya?s{{G776tZmK6$AZ{OY)!2MDe75uIGcvg(z6l*Y1v{A><6PuBI}}Xd zXQ{2-Ham;BBP?S`@tw!gkR8pQhh_bjJm}I(sDBOyK_2zONh4d{q9T(ffA5+NqK(#B zRwAr0tTXsmo!n{juA)*HOr@J4he`rbx!6C4bm(3`w+VdQ4aXfg?M>5dAdcY#bC9bb z+nRS5A-AhXtVtn`6D*JrNO9}wMuB&#$7iV8Tt_{$E_NR=d2Ak|+K{ZD(aXv0>k}1=#ES3ag=Ml1R4*vrhOpKQ>9pC+lA2ulz){@DIby zUtEJtlTp@TjauBI0#17F<2WCs1;t$RFA?~<&*I;QbZ-((2^aB1BcGgRPn);5Pr|L} zliyxw>XF;DlO$jqbATu*M5m;9p4qiz)9;>3S;062W0B}=hN#}EpAfk=15y&%7Y{UjLos5WuMtY8w*tU)KC}U-gGLkUfFbMj~0}YW=Lho zz&sAsv9ZcQ``Yj&5@ zD|v*R9mlU~s|LPqr%0{>Blk>kn$AyCCXUBN@UkuF*DYQ&l>rOeuTfp%Jnd^dcTUYA z=-tIkjg+o&*8U)W4BbII(?M}@45mbp)Mpv5M$$eYcyGkZHg^O-eD00r1|WYIwR86#4c1v04=75HhXml$=VplWt_?5Kt4xM!rS9arY z1Y|cI4l9P!nYEbiPSrbt@H390tDMrtR;6)s7+bqbw)-o9%(&0ewk##E)FTp! zl->+0400%Q>_qlEeGkKz7gI+f7n5sn7;{~VE6sBay96&0!xPw6MrBQQ#@;8C*t(fm z7bNgAUR85>J>!^eB+2`@r6*$PnEIBS(TG_GBY~dv*J-i6oun*gZ!>r2SvfOkmi1jh zQXqrNV&j_UA<^g5ZWi{(4#|Mr_o+8X=;hQd_NA2ZtWvKG-FH_rt=>JYo7|E&D-5U| zs5Fc_oHzE2i0;c62_X|ihix0v?j?a&8ojBYvTDWdJr^*w7vFKKZL02!A9 zj+MyT_-|Lxv{eq7V_VC`qAA2YTG0K|Dk}vIDER;~X zhu)K%j8bzPV`Gw+M7R+tGbog~4aWdiL!xN0Tg5HJ3eR)u+<{5Yv1JLa^+Bk}lLH#J z3aU5*>sxzLGl3)Fq)t!s4K)uh>y{k+64X1@uR zLQyj3(;?L-w!2xQ8$c|;a5=9>ytlCy)^I}62?`9D$mi=pNNZS|dvcI2=L@^1TJw!? z&3$F5EvYSW7tG;%dw#SVBaQIYte5(lnIV+z7&z@+-RIaX_odS)hwkBrUut&~ft@#u zFH(DmY~qd^A1p=yI3!lipM7aImTraHyg2tT0*w~HH*O2~^{FVvy3q9Nu_cZ03XH*b zdJ5w_f1!AD!@><7(VACe5~J_Hb-+En%>}5MUJmg+j;Cb~p0Mqf+>rSnez$xCHHfLZ8An zWBS*dTCI=k{{RKNGld8&%NYyQc5(7n`>yZuJ5Lk*4)}YnYqpw#*~@#Ts*fpWIadS@ zNcF7G5&SjqSA_hPhr&90>EaSR#X_#6j>n+h>C??65V=`eTtibKAaEqxPZ|+4L0fF*Upo;O!wM3#wUM zYEkSciN6iMx2<`{k2Eg=_;XO!?tiqdqlIkVUzlUcxC4Yf+3#IZ$5{MJkNg$G=D4+r zqPb@NE|>oRf_zpYvhgL>ldJ1ci>*!%-bdyRBP>6=pXXkm;mspQ(&Y2B?LNZF0PH{$ zzwY3VK3HQ4&;Is0_pW-l={=9A;U5PwtPH)R=_yOQSLtn!R8aCXD|IiQ8e}Ul$pHFO zZ!Uzk@Y$BK_M>wn; zf>225d^&BeCApG8f({OSYg5J=f@#)vH`A_SXYx~mcVeWDba~8IvRvFWYQHOd-8u^P z{{V)c1$F-bi%F=%rD^FO*&%z0B)ENw0`$kf6>6I>@@gKqO82D)}F7IumxYHCl zl4!XRZN_uYPDeHK(?bouv2S|U3p6D>nBBP~9(vYtgEx;U@BSTvcr2lhX__CuxK{P` zzuDqO5wn-+x3xr7nY>ZSSjyJgjm5l(06#eAoYzqk?g6krE-Oov@a^ml z2>s(Y4gT=y`BVHAH1k0icKzvgQ|>dz=|#fFuRx1zg_-wm9<@&IP>Lx6d5eynaf+xd zOe#Aw!2T;^YXD=!g*^cKu zE7rqOd!Nl7Gw}>5xY53=Q_nskE`zGiWj2AXHmR#xlNHHAaHJo*T)mCe^|ia3g`Nvl z9LmpthwIwC1sfmEvCUMTtomaK{52hg+T6u@8**xW2w*_ZVfj|C zh8EV-#BE|_Un)739G);g{Z+|UTA$Ef9%V`xb&7k>@;x8ouYtTH@t?;2AH38wo6Rrb zFNWjYZEElT03o~H?#Y~O8R~k{+}T*!q<`6DTH0iww?Tx7djVXM?2phgj0%&LX)Ryq zPp5`1BLKP0c<;u27Jm)+mqYO*%#qqWDCl#{a%5-o=8@}TsYOA#bUmlx<({?i&cj>M z?L12@tom-6_Ykv?%EWX``sDuro-5{eY2eW&xW1T)Fl3aIp60p~Y_5J!n&vB=q5d4w zZuQM7_r-dw>8AKX(SLhz{0{t|ZY$YrZY=ce7T;a8p2FY5FvLH53x!*i=kq;lIZY$u zaW(nmc(;zluZ*vw*DjjmLki-~4dkR_J#p*rUVUxw%f;HIrS89{c!oVZLVj4JY||M@ zStBJ_btCi@#G!NQDd6p~`jzlU!(Iva&+w-2;#RGv*w5mfVW;~Nu{pGr4npU#Y@cfU zcm1sVJ>uP4#C{?0kB1=CEU&bE_ZoyY@?u3Qq^JY%uSX3-W6j569ST*d%V&mD$RlalISMQ?1=yvqb{l5$ANKb=}>fMks%A-VuNdsloUc$Fw5>_2IL zGC7;(_Z14?S;2IcE=$XgxJTX|#;C=s27{|frfPQy+~iSQ zY7b*?43f&sPfpe9J{|D4+9!#xpmvM+l}-pBS_NZ=@kfQV3rn_|-DH~BISLo8Zt0qQ zhQ);OV&egb{*=UH_=0$CtWnj7m}li9n$FN{+flR<%Nw|6fhe)xu zw2E6xg&#f+Lmt)go~M1H!>War%1f)2kzaE!0E%}sI%zyYy3Fjhk}ax+<~94H+N#|M z6e*HiF*zW26(UIM{4r^z-hHlU;er{yP+NdVu5(=R6~(@)wl)`XtFp3;9;?ug)`8gb z&3@6D7td1iE>AVcHk);KvN)kw;M_M8#RN^*>2%!+I8X@!EA%bx?_A!i4Xjr!8@dP1 zH)HgreQaiI=rPGTM26v2V}0j$85P-hi%Pei-rnpMp6x*gXy6ZA)VXvK=Qp~nR(7r= zaIv0b4aU$tYX1O*uI#R^Q&7>ThAVvh>c2Mcr9c`!Ch<<8scP01iDw4H`DK{!S$#gV z``B&mErCZ7%OTGPJ4IAw&<`rS)ue}5NLKPmDzqs~5X*vHC!Yq-&TGvR$++Bt7$G2f`kQ;n=UVCStg>@pk863!8&cul{?(psx{l=a3g|g z0qt78r>)=VH!XLn+FBGt61<1*p^fn+xfYv^!W6vq=ioi{3!%z!p1-c|L9fehXRy3rQu4d0q(=V(p^y@ty zR<^c{SdiGkKVMqtA55`{4XjhgaD}oTZ(q-v%*t};bDEZjXVu#M8D)$_v8+2VHx8z# z>Cx}jBZ;9NX5u`&bBYLy)btr4f*_j%MpXREj%&;Ob@4;Q{vXwCSHe(7X5uoe%rd|e z*FT+HV{>k$zZL7A9P!75H2dvZYhkWLhDo1h4*s8=e9L{Os%f)b!X^7A3MTB2%ubLXG(QkWW@fo(VC>kzCppLIQa2l& zUxfTa1>TbkCfr2vrZVTR{{UN>^B;+xEQ)w7^k@oB&RZdRqk7Xw&fO0#@U`Zl75$`F zkj*`k%0X7iE%?`WuIn?!0JMP?+$&`Ky!|Tq0>?D|HTx)z+(+k356Y-HcKX*J;u}8_ z+|IX#8DM7|FZXlY(BaswL$uMYwMeu`^!aU*?IRiBWc${L*AqlY7hJtmz`)uwv<}p{ z89coYTG6g-uQaH2eeug|%n?XDf(B{YpNKB5?IzQ#1Hg_vvO?`_R*_u`gbyV)-X-wF zlj^ZW{mq;;GP#lJGU#gdCPz#;Y%eFJdBO1e+0An} zLFJa=eLd?LJxJ$g5w2P#)x-#hZCW)rU^ru*GbD67jSe8<(SoZ*82%?GllfQD*KKVf zCfICM!h~U+z;~{B*v#U!Ukzy5z2TPoPqd!k;E4(VQ|VfEdM=%yLaS+SYinn_3?l$% zJ$7Z%X%c$s#V?Zs$ZWv-`@c)w0JNY-$( zc_qf+hX;!4ycG;uK9zqRo62Tp2N}RP9RC1H1vu(qX#OJcVDT*0x{Zvt7DdL%Hl2tL zc+YzDk!)V-WGwrG5JoT*)XLj3?#;L?p3)-^F{>T^gaE0ZK-@O?R~ zE1NYT%Y+=0mOE*tWZy%~wOwaVhIY4gRfw=fZojR0?~D9Cnw7}7vT^2MZW+MGx4lsk zm5RDXn$e@hGReFVf}`}Vvex8TBCH{qvx1rDG~%^5q|IpV-tz7bIhs9(zH4_@@aB)I z+1X6MyP}q6Cn3EBXsom(zhPshUD-yWbF^+&+%dF{Kc#WA_;^WkcNijTVfRTNbbD4t z@X+S`RdTv45F`piZO2ZO%_L8&*h(%~7@aoZM?+AU%$c-yv}{^5kiuKy$jHt4t;NgZ1{s8f)B{?c=wZlqnni=mV|3w7Ly#GNZ{TJZ@|Qnw{GI z7?bUxB9MP~wE${Ca~zhAs)9+qPg80{+?G;t(+AeF=4KWwN2lC03lI$BCAb;DsUp%|DT+!1DZ>IrDx)FtGxu}Hb~-M* zsM}l%YjnLVvBx8jS$ktYLtc~MZ3^GQnw`&t9%$y4dv=8!w&2+VAP)Zk{d)Czp2o+T zc#q)IrPix$_Irn#Hfe3-1FLdzf!e(P0Kis$DE{BlbuDK0*56FCobEB_as?z|j&avD zycNu+Bza%OPZ?_Zzlc0U*DzbYog|<|8ccAgPb2}xYg6I>0F5mCJ)@g@H2(lfLHngA zmL&bsde=pcCq9R~c$>uwYw+7r)ciweiK(=Cfe@3=Uru<(=U+GYYgZF^qRv~hA+==^ zZb8Zs*XdC-jcHE%A4d4&;bwv2+bH}=r6Mir*&B%^kb;t6bQtennf^c1-$m9KTq406 z%d#^VC3*Gqu5M?09Z;7;keP%;PURJGj+h3v{4K8k0A%Z0ZSAeZma{d)O2rO0C~V;S zb**C?jz{Y+hc&xRcSf<-ZQ=VoR|8-Q*+$v`Bz;b6xAQi_j1Dv0_M)UTxy;$;zZ7&N z@kfPcF_9*xXss=}`Ns`XZ|`E(}a_`5c;~(1H8={{RFa z{if}FL*efee#jm;yu5u^OWk+j^D+Cea(0IG$tUPde?SmlK87303EKQ zrgMY;009+)M>R+v=9T+m{2B32!7qybHuzVs+8ry!S{?Mzv=T?OT|ivzm0P$gf)BlX zM{{TrVyqC!)c*kWt4eO^OS#2T27B8?%Q19jIL6^g0(nRid2@_s6})9*pO;$_IM|^= zGdbt!QLLVHTV5TKjEv`os#ET17}%-hNtcas2fw9j+0AN^=6HT}>D&YFRTp!j3d5FM z$Ru5;3D3*Yx=jmS)_gtUe-3!RLDZi}@lKn24ef;Sj#Na!&U5RGQ6qY1`cZ$uJ%4Jg z1NOrGnf@DmY}2(JGHprhW3bmPE#%+!Tcr6;M^VpX*sor-_6LYRevB0Y?QD;6T$N*~ zq2sIljvbmMIV$qIVT;trZj>{SUwT4#dMrw>03rNHj1%hVlt^>dgRnbMv~B{>;|^%dW>DBY9(~Qb7l`Opb_1 z{{TQQfZr01v!q+=)7?d?+Di?+js4QT^_g7(f@SZ@?fgexYwXVm>Z>d29u}T=lU>u? zZc?NfB5qZOsO|aJ6-e|pMfJ6t!`h|nP+W*1xM3~0Ck132oPRp}1^)no_kPCq{{R-g z6zQL}SAu*#8^xMn`zF8S$Gd7EJ0(1EgMpt$9+kw^oyLC|HX4FUVW{a-q#>KJ$~cxX9~Q z2dSBXduwZHcMPj0^k&+Pf(fsA_+RlX_;XOv^di&TCBuX)6p_2JC-bg|K7x|yew27t zYjJxD-N_xrz6V}GIO$zCi0pLtoXKezft!;U90BcHMfEwQ9S%DN)t}3d?qRi*j)J-S z+h?4Yk0=!SaBFDF<|fyNHEaDQ@(e(YYU}~e2kTwE-dm5)B5Z!^IJd^2}H$j}AtL+ueo3bGZC7(Rqnlp6io>FH;06BR**$8l3AjKR5| z%O>LB9jZeN4xZKNdJf%Y#&QWoMG`nX9=QIs5r{SyT1T00HrY0&-PtF-R?+l{X0^D9 z9b}c1uTBB2n};OdwoI(F45y;Qp6wSKy^JGB(=1+H%Fw2!f>2k=ARP3~21xA;qfN4fty3o)?erC&apDW9e5H{_(l)mp zb3wW~{{RhX_DOW6b^F+3?^5eJKAou>xc=0LQzJf=i;;1O^XG{CEq$e`+*{lSgFkcw znr4q_a9@{&x1S+SMNDENem@N}LA_;Z(n3#OS2fvbwqRSsri5p4j2`FfRs?<`wYbtuLTeXz z*XAv>ou}zpmp8Xpb6Q3uo)V*#QGmnVv645A$75q@rb(wyE~zBZ;x=f2T$gUbxZ5k+ zUzSjh0%WOI7(IXb)RGxM)w+N^hV=~_BP*^>NTywmWZJL8I*4m0k0rSpGl&uKi*=Io3{IKaTDwP_8tnh2No zXn7!VDHd|Jnw|6Bui3-0FHl!GKJ|9S_Wmp9lJWx=&5jiO$LT=qb~lqxc@QKJfDgjC zQf{mRHNo>@&(IM;l$#qR;$2N|sc8ud-^4bM-3|{*-kZjLBA-X`4uaOv*;;B1ADpVA z5@6?#PD!A+v&g5m)b!_&A{aUO91fLO-P}uc47bcC$IHzI(MPgr_M-m)LYq!lcy#^W zIKiw<1+H{kX)Lax-zmw)NgJ`+uw|8O((2Og=4q#s?B^^Iv(~LW;nX8Y9OVHgr+Pq1 zrdUH2+FG+KNaW#3>0NcUn+BO2_qOgKxKW(YTsJy@1^B~Fxk(dQn(Eqc=am5NP)|;K z{{UL?zZT!U?yaazXsourVF*ddW%Z!e$2OYx_FcS>96n^;gz;Tok*PMJZ@e~Dk073u z7|J#|zY@WgT$GI!vw}O~q|&Y>WLOZAI(6$oC#gver(xmwFSO{|X^dnA&vV6jwu>I5 zWoOhvvn%}PxuDhz?KM05Rk9M=+ceBO59BJ$T0WI+rN`onx#fZw%7zRu3m(~^vzNH> z5_p#S_6tbF5X5oUB-Ec_lTVh}olLPD9y?G6zW5XDcXpRHnvJqbulEQ%rUw;+@gm#o z5b44RBiI2?ml?)SS^(iK?k9wwEH=Zz_pHnLg5V)vnZ98_6`J_OQ5`&?kU{!aV|A=u zYrY!1(O9FyEPhg)V5s(>sGL5AiERh=UA(SLEwVtT8;yNO;EhVp!*=jIX$-ST8x60{ z0Un=?2B`6W82D}(d{L(AsdFSyD;H!_jMkO5nEoX3j+<%Wx3-EFl%olFIQ0iS9w-^> zJ}T7X@Li0_Jc$IB=nxWmlit2_ywt|EdwF|wt-bEp1`BZhZ21!NxOO zB%f>-OkyV)``rl@5tgLQoz=3umM<)<<$&YfulQ;R?c6zI$t*z?sgd*sfqi3f1+qsX zq|A2VxURzO7UI%dmYy&mKQ>z#9^SML$AxR&BDufUtu5e&YlU|5$sH5{U8T3%bbBfF z18xae&K0=c2c-%o@sC4?(|#sTb8;NO_*~>U$3NZ2wkx}b#BpkEZ+!)ylBG^mAL7To zZ_0F7`IA{qOIFq|Z?CPI7BjLpIm&`?e;V6ZHrcVaoSUe_}fZ$r`%`ci3?6z*5?Z-n2(GUzuR9|;Yl>P)Kd$<9E>>0WE1#c`+IUPi2$iTtCEymz44 z9*w1HZyfBi&e+?P2eGMqPvZ-%3rn_^-9_!y#Ns`K<2m=D#=6@>Lhn`AbogSogg|a* zMP@k2RUjN^*9NIxUL~cB@ZZ9_EoLQ}_PxfUdOIIWgYg#QP3u}nuv{#Kz z2_u>ZZs)9N*S6LchG8pt%DDjdIIlkNcD=4@UL(G>)nu`WBxVup1Z@EEocHNKa-!Fa zHHhrg7@eeb1Q5N=a1l!+p)Q%eX5?UUC}?UnE8OZg3dTEz4vKzKKb1>)s>m&(NQf{qp^v1qFoth zycc5UG7;sk@K+?(*AnWIY4Wx$9k)k8f_; zbI6lGy$0UodenoBjO|;=Wr^a1GpHb(ab8_YTWQJQpL*4gOb%Bm*RU?t4|uUh?NndxX9~lV=-o(ttUuJxLdHI1Gm;rg2>+k>cx%BxoaW z6|w*)I22gY2;)3Ys$S|BaHJOuna?2L6H>LUt?r2huBgKH_B8UtAH1|Sb<>JC*tKl~ zz1!M{6V1GYNFcXPKtb#Nrof?JxH!P)hvFo;b#L! zILD<^N^rEEo9eyaE35s-(m%7fx$!rKykB)GYiowQTPREOx;zk1<|~fy_kjFJms-}F ze;ki$FJ=*mIQa__4t+VVBCPJu@9ZWTG51mQx5kS*--mt>_B?$oYp*@Lcw8X1TI>oH12B z3X$9z@B9hk>Gb$y@aKr`8cj6DL{i9dRgQRL>C&cD`yWk0gk+B;@n4QV;ThF$wC@Z} z1p2vu+-y67bN92@4_fjaYeR1o#A4Maxbr3_&v?!WC#`bIEgpx|R`xrcbM|ofDdG=? z^WJznSn(E-@qX2J+KI_{wFV#Z$f(Z;rh6Xs@+5cHo)ht09uVd^ zc;aCWc;kxm7uVzP-Sl=kmUBBYTjYK6I?_9%Pq}AN*I!VzjtDK58HZT`B)6q{r^D}t zQ)=^gD^Brs`{^%s!_Jlj$#~e18{7Q*RmK-EsZAs3pBnzm5@@#i<&VQ9ynhowuPVoR zA$7gm(`oII&3q$s;(bTNckpOeyX>y)?iw45VnOoeUKo8dTdF#oRU~>Pv|3+=qrAA( z;JLbOY{h0KvZ&0zd@fn#LNV-ojMHwn3g!dNH+k|J;bBxHV-`MdjBd^Ygcfowc6FM-Xjk$o%z=354Fn807W3HoRJigTu!)k>kE z@Sj)G^{)rmT?|V*pv!}hc;tS0t*iG{GDNu8q=A~?ojYicTAAj0*_7Yu(pv5=*C`x< zMo!i{bNFVx7sXl)_l31tbaQnD@&!j(V&pI?5A~?z_guRjPB%Os;tjT?s_ELEt)|Ou zX8Ko_vq0{5Tqz?Z26;c@Sbhc6=?FD~`?c?yS$`QLf+)J`-^6g{CpYVtMk6gI4YwLS?MAJsN`OtM3J!{|euNrAS zIneBUO`u%OHi37!N&|xlIShmjhZ(P-p$jAY=P~B4;Jx0d@sGrhp;>r#OHTsFBV1okc88Q509pZO+Bj?5o>7haU8H`3-P+lGn%7UYg5EtM#WqD8Xc1Kb>yLgbtCk}YQ9=rq1c=c*7hxh&yDpcvJP*zJseF0;5mzEaE9GmR|g+ZPvH4Adq ztdTa%5Z{Gz^PfqE!$zDfV*Zx^iX%H5fnH|@lYmrgoX)Ju5Z zs;&wAYt5-sQ|@w{KT_((hTb?@G$3Q~ubZ{~LeAIXwuPljW|sF7YBAfR6Z{f!oK;eh z^-+zL&*%g8U;e`QZKB+GUt5CS!1Mq}Ip_CA&G;3Infc_U){h|o& zb>9=o5J@g(>2AZW&uZwW1BSGZZ1GLDnJ%4T*6VQklm7s%X2HoGm4T+&YEVd~1d>GV zx$9e=T}@A3@a?qGSn3f;97E4gr+NZY9l`C=s9fBwj>}79<+xG~)7L(=l%md85*;f< zxBEcU3Mcmhr~+jL91*Ado(9rAZbuPN=r2dvS4UlSDy{QLuBK^~tWI zFWQdFQxao5;|78Z9ZO9&H&MvM06F8D?R1H4EUg^1oG7e@EzY3x>OCp*bPh3g?gsQqKB)iLrTB;{u<37+X=ONce=E znaxS8A48h9*DkFtnk9L}Pr~DjS4pA^GkrYToS8>o-D9esb3jU64G$7s+DjY_ZwLnm zE!Q>Y@2kOMg}Fw-Jy2$m%_eBs-c2Ynvob{742%p{KjK?3_99zVh3?vA19AJl^*pIE z3G6L37^03ll>tw5;=21!8EMvbR~mPevT7Ll06kZs%|(#TKU1~SbumAmZwk)*kfVnB zijzu{`zudPA5GHi%&y@1*&(9?upX5nENk+$ovO(lyIe}d1GHs_J!_L1o3n+Kuv5p( z2+aU>J{i+=>2*0TZ!GPlWyWKWV|X32*1Ii3LeNsq?^t_{Ho*X6_Hg(reSz&;N6Zca z81##lb(Le5M$X2_70&8*?P(m1rrcx8JcWKg3S&h*8$;DEVqI5RxRT<1#p6SOu#VXE zKJ~987f%_E${}-d=VI}a8h~Yw4_%9hmK|N=u$2K7v+%DK@i&4V(A>91sOyNtbVbcc$qm&*vLfTph=uu8+YUDbp5nX{f6}#jqq()6#%FE5x>T z{{Y!*eQkShB+T0yFyOW^oY$P_es|keLv1(S#_)Jrb_38R3SBo7zat)|wo>Jxj@!vO zbDWRv(gSWScTy^vexM?2Pri{dV4RF+J#kI3gF@0YYt0ZxG#69KU1V3r!cRZWu(_1? zI!WRh2Zh#qi<$KZ)q*s*uQb(krJwDWT13Vwrp4i@6 zu-wJI^A6wrYS8gFg|sb0R*S?Mjhtfr7`jRiJv*APQZDFvXWAM@OI`1teq8bEQR|u& zf=dkI6h=LH>IZ6N88_%6fg*+_@|fp=$f|a?5$Nb|8ewhZk255F-+Iz9&{sZC@z00+ zLw&5jikf|IRa?7(8(n#4YUel~OjX|q>DM+FSi3JBnmID(tv3<2&#SckE5f(!6uM2H z+2Iia8b$=M$0t8plz4tYs%iHGH}-A{y7kYv^sL`zV=prPp`e>Dvt9Yo&jS)!0p)S) zT-K%KLoAxLoEFhHmdbkj$H>TM#KB7if(N$FGgdKRKm(q7g03;xRIyb~xc{lkrxO zrAaIhL3$+9!_gXcg+(mH| z$_N{e%159#g-KvL^% z+qcRx4;ZM7wbZK>tmB8tcqUbun30@kHQ4Anb(BUMn`=~QiOI@Vw=$F&>AE`UVg*e? z`B7R^xme`J4}4bv@mfecIpxja+namKW^mu#ZJGTIQ;%UNGtJidHQQL)ID-&Bco^sK zuVU~ZwY1X5*`V1LNs=N##yTHrgIJon=DjqEs*14?K4Lh{aM#`-ST@`Iv9DHq^Yp26 zMe{QOui^25n@Cw%CcqgZ3y<6NPP&n5*VU=>ZhEX@mbB4$od^Nv#x2neu&;=Xf6=#NL1mR^Ydr& ztj#-8xOi7k^4fR;?qvs%I)8;`9FM8Jr1*;4P*=Cw>x>YrL1nD{U&dGd9-2!{(u8%- zrsY1g8pb^j9@KnYEzQ%hoQ1~&ujgJbpCd8mX9Ab7UE6uH5$1vlfIjtT>9-S49K@ZH?ICvz;8Yn(T?@KYhAB|I zixfEik&)`=M;a~IwizDq{BWKS(|yFGdIrs=j2!TZn^c91yg)qc;p ze$4A*w);-kN8hn>%EP5`-YV5Ce35M&B-~($A3O?)M#RZjWn>$Rbygnqt=y9JrmQvPdx8tj6c+(8jB&<3ooh1g*l$*Ft0r)`>?v4W zsOi@1rs=o7EAelJ?Pg-OOL7@d z5*eIvl6qsFmGz?NdTy1hS>EavrX5Dm5d@CkGUut!y?PYcoM+ta?B}u6B{t(xYbQtC zw;M?*k=DLn_?zIr>^&b^xYF*PTX{44*v>M<^~Y-Jr=gWe9}erfcA+i8$7uu3tmMeq z3 z*-u*X&j)KZ+FyyI(k^V}xkibYkk}w}{zPCE!ne#pL33X_Zh?zj_I||Ak zMYNGh%E9AosmDW%S4A|5se9;s&-*XdB{9|6@-bJKbp_@ICJ((Zxr}5!JoB1f&4sf?jp^XiBcHB-i2_i=crXXvVN8P zXk2Ogx4J|U+z^oPc9j5hC$BlKY%^)fI_UoZJ%8XFlYz?1ZstiN$H|XJe=@qN04ABUztZZps1u!G0%|MWK-OF)v$8DQ!d@Z2amm5$74dm zEOEjFDDiC@dgt=33mF+w5?tIma5s;0br>c?82m!jycHq2dt_&l*_}4!GD#m% zn%0Wc<&=6JNAjw)Yz935rn3ihJydbly3TudEKP3h8cvbmqjKKAN~jLrWd&DvA4=8; zb|#iZg^9M>%s|{o=~3w@Hp#S zwHH&VE{C#suk5}kvx4Tt2~144HnJ(kSPyThADwa@A@KHt@ekqu0E<2!__7k3ABgnn zG|RJR6d_%~gG&rs8?jkIPtm9xAazQle8sw(Ktv@DB057g$gyHuG2rvRWo%DtZY z8QQ`r<7iXO89>YlTzZbRrz$xTvntJ?-`&}Z&$6AFAqek^vEk1SY7i`1jPOYJmhySA zpmW0v;+dk0KH>N|@fJ@J+QV;ft#5S`6m?^kQawd|Q>Dc%<3VvOhs!&TTdse?wu>;S z0~b(;wbMJU#T^bR8#tN##gLCIoP9m&;_Py9d7aFGb*rPK&X?)v@dw}!P9codVZl6pZ0>m!*Ca#vSx(tFZ93%M^KG zo;Qc1VE3j6S*Yq7bXH9~_R;DJrJING-m?CN%`@1F@|UGCU^fbT_npR@?0#Zk5EO4nt?ZJv&ydpcfE9 z<;2_iu{0SSZMLO0pKb(_dB->z?d@InhBfUr;jLk7cQ+>_x2Y5j9YgAgeRgBKMkrh; z&pzB%{{V@+E%s}8o$OW_#A@6o4&J=}29vTijIMAR`r6H;TcX1(bEnId>(BoHuDC5$ z%tK_7GLr9C@RJOBd{FzrQzui8bwU>WuaW%M9M9rK3A( znu?29_7~xqhH?)T=z8ROZkeRZtZGGKVn9;N7cJ@jeP}NFXi(FB!>HQrFrS}~tzOpr zC#UKfL9&8LlH@pblRxJ5f_B3~DhfcTqsHAYcly$Ky$&(y`h=+MSBp6}SHYMaMk< z04my8AZtmlW`8ZC8-OFNV$jSBiHaD4KZS0R)n3MN7%}uJ zd*|>p3A3H?J>82L?2pZL6YXWkCbc{%Xwk7R8QFkG%fJ)}^~(#PKFu)7>t}#XbC;G; z+3M5ASp|`Ev4G^Stp&ha#nNoAt)aJbb!ON*z~N7DYtiSk(tKIr$MDlxLM*UYW4n6( zlp3CSZ{cfQ8sTlBjAS;`f$3Y9vFCFMKgiNmtcy{T0L>lqqTVo>=u>Jg=GxV=?)HK^I zFxa0l{?y7`E_hX-(B<0bYTC4oG;#jzc>F!9BU!Sznt1OtsXoH-IA(Mh!0(y>kOlS#2jG$RT7oOEsiAEc@G0z4>??i81}Bhc(4T7Hto$Cjoytpjmz3e#aL+WG)YSHk9?@DQunwi8`EoymR}-!HQr|_r zk~j`tbLI^8&w7??80dL5{-JfIYVT`ss;(HPT#S1f=|8mYFNU3A4xbg#S<$xe`cPAh0&@fLCbbeSb;;BaW9uxQYuan`M*j z5w;Id57*bdde)z!Dp(2Ujj#aus1eHQE96{|CjS6O0FJfAT|*_c>fNhti1Z_|_n-ne z{{XZxx?{8+M{`rlZyaToHD!o(C!sVN#ywe?J&*Q;iEe{tPs_z=c%#7AdVY^-ePuJx zAZ7E80NS)%-Z1V{@b%rLgcCgAt--(trfb@C3suzY*$m8z+t-WMjN@P&bc%_`o9Vj^W=aqK;7pwv86jb^51 zFD^ji(wtqHs*#%7wZZ-L4I;)@1OwKoY5pVBR_QH78y2FUFZQWa5#$@|8!Jco>lVkx!#`qd|MI~oy595(Kfuu@1pD>Bzu ziakO&XHd#G8R&krGgu?kV=+aeUfrFs+p>V!;66_Pf1cICwD9TBGc=I0vY8P}1A$Pv zjpK98@AX-)B3a%e#{EYq-0h>(;gZ-{$`~rI%k``XuH%84 zc%C+$PBwQUnLf;wTIW%_GL{<{{nBwy)nqz!Zza9C#&(|Kw~8OLFtooA-C18Wii+{D zBX3Msv*=epZnN_XV~mh{RLUhN*wwd_PSSoIB2 zqXsdC0gZBc#D;ezbpdo(e80Q|^rGgz#h5$fO^C#jcs$npR>5{k*$f6c^r&?atZ1{$ zekA-!(!3cByUV6)dbF}QiB`%2 ztIc$MTjHB7GhFbS>egtFF@#S81Hl~UHStHpUlv(-d&8I0EIxj%ArV_3KYBx+)e=YE zWy!dU@E76ay6=Z>Wbq4$b!&;tk9J8rNzNDOI3I;-YF-?lM8CPPngrb&Z49ID4Df56 z#P-~k+BbAr?=*X>8_O8fUPCI%GP&R!^!2aOPxvS&?EUcX_NM)mz5@JO@b#9RqJGsn zZL`g%i#P$FSVTrLTRN{LTWMka(oQkB)k2QxpON^3D$vB>aa1L4O16G+l4<@2^W*Tt zUrlZ9uP-B#&r^nDYk6-d+V;|+!$!dJ2sz-_(LPz8Kw>*px@NiRQnC6~3pI7IkEp{q zR|}QnoL7r#+I{Wi>PK|md{H@QcOF!pxb&`L)KSp%FAn%=?w$)c;A!V!l|V8{#a;LX z<0-BFKI#4&@io=U={K=FcAJh>9yjFx^}+osT5R(%m3eeObU)!T-G>7uK$>b3YRG zON*ZvS-}*@w(VyeY`Nj22)RFw4SuBm0Kq;b)x2e(+-XqUX`gA*t>lEoBLEr_2*@7U z{OaQR9F=SPt)7|V&kx-H0Bh zNqidnGimx?hkRqG+3EJ{!oz4~W{E&OvD4cW%|lVTxs~m0wzhaD9R78|TKCZU-Vx0H zzn4(PKlynG%l`lZie&Iw8(osfp`RGZtr=x9oU^;X8QgP<l7oepp8?Miz% zSM9F5&h7+*-}J9I@O9!z_HfW5GjPgJLs=10Hb=F~0E+ z*>7IdwEYLfmQVI8SejohL@CJOik?Zg-230d`G-9s#)BBzO01F=Ds>LMs z7l~>@lB9xr*UUc>v~43?pGUd0nd6_z@@Mkj1!M;Y`FF1=%>MvDsnXdVq2Vb0&!yOv zY{nxBM|{_A)^h66T*Gd{DTGW@Be)s$Ci&d@Vnf#dIp`ai?352mT8S}n|HF~Mw~eq+#J4%w|H ztdGZQH05M`E#eOuYaS!MxYztee3t6pBsMB?kf&~Yo-0@3os>HEt9f+tM7njnY#J$k zUp0v18Rycx%Ix)W%r7*Sht+-rv4-oz+NG*Pr@?J(rbpfs01y8Fs@B92V;Ve?e4ByjPw8Gz*FCf-PH3WOsGw<#ItIw{O<9r1d+V87y`({C*7VZFH1 zuBJ>yU z7V*YPJU3oH%;LZDWd8s|=%4s0-|c_!?$5x`{>@(t_4{2%QN6lb-FERvXyHx4gnP#u zva82zeQWXu!IzDy7xIgkqEJ||s@8>s0Q{0 zcoG?-Q4ES!ONl!y31eB2+nE zo$HseDK+iY+pv7D(5!od)Kp2B8kYKm(9YKJs8#R9HsaFmYm;*nA~fT34_d{rCXl_% zK1^y^v&bW@BqG)Ybi0vb0A~z2W9d`P(8e$$S}qtK22Eg|w1xTn($5 zVo)(YA;i83()6tu$sNwA_wE6H6VM!Y+c!$HH`sYEl)!yS(wQ{nlPn4hczZ&E8d&w;PL#&CkwA8Jqw`iA~7#p*Xddg9; z4kp!&jLR}yN&`j@8;>=wBzN}r2JQ=I+mW{eJ$B1 zv2P(O-Nx_-PiOsOcBll<-|Uszmb7 zgplW`&rhX!+WbB6?W?qw6D8Hs??EFsQQH}zM#Q#rP2tU5T{QN;LU#!P8RrM5TJ(J* z!@8xGo%XRAy3dQF#vt~G>?NNoQAezD{r9Igj?^2s&1EH#Pax`YT2 z9!Fe*(-n!En>pLPT4^;=e+|U6VDEd zb7Lg#@C-Xb-5B=8dFF}YjdJ@^NOb)+R)k@g1I|0~RqXtW_I=M;(*FRoE+&ph^#1_d zzC&Sgf;-nmscL>AT?TC?EiX!2p&iGG`2kBNd3(X2mFIt;b zaLWuQmhUPAgAC({!I0SzK#& zR?3$0l3xS`3yk9xZI#N-=EqCZbe%5UZRCu^as+GEJbL?8o85L89tbVmT*NWTj9{Ny zz?V$nd{g2p=vVh~$kDmm!+qa+<7_3=wOfgzW{wn9Bo~t#hBMxrU428s&9;D^Zh6w0Q3fc8dEzCnb0pDud1{gx?ZuG|gM=H*mc372KOgB<7o@LuaaZQ^bwp z;c~ie=Vg>e$`p=$KU(Sa&xW2J)pXcmy|$S(1)t0H2-tT2G0rZ#4$CB>wa-lzWVIJ?lvM2>6QU!oDNZ z{6~3nsfgY=A2GO6xK7xwLGZVSo?U(`>)Yc6nv88PwCDTB)|{fo;&eLZv!mI(_R%~O zTtvhPmlkmcP3fD_Oj zg1GA)PWw-}Np^>kk0FN&Ge~@>^=Ld>9_IEvhjp+p;=Lu)1iP4N!(>J6QDIJ!(6(?_wDn#+diZPIQ>F~r9r63mri76+OhDXJPMhhJL^kd z>{!j_ohgE4K-uVP%JqL1YEkR0dv<)Kore9R<>ICSay`GoQfU*}rQ6-6_XP3}%6%#R zFxC7KqiNS#w!f*hiHTH25-C1(o`?C?gGZ3*9wgEHVCFqJ;zZ6>TY|$i=id|TCeXC| zo9hI)ct`Htf9IQeW4&B%T5TieO+ByWzK-Tuio{6T7a)`AUu5XlT3v>lW2nMlx|FB} z+CX?9bw5*AbTu=^b=&W>zn3EiaVd3D#~|nb0M}hNhgNIbm@K54TWFPW^Am$v6&YOa zEw!B^!}lt}8++OLO`vcNI-2l*9&278)%--)Z95xwUo4>G%LBOf=}6T!i1f`mYl9mw z$~WFU#dUJ{e@guWs`0A(RX#>?_!=JTKwY z`%JT0+QT9)B3DzK9-Bz^#cdh(F_exernu4eO#~b4nZ90l6^r5xOYQNNnRc^%-1JdS zOoNuubo+^Jk!4}!Fd>dQS9_=0Nu}xcQQF)6rJYD!{FBeEWh-oFGcq}mVo2UJg|qhu zYVP!smk$e=_61-7ewC4#(&|FnPkG}*X)txp=*9;l`PV<;spPkv=VY1UR>tGcIqyLB zJvunyT{7a~);4#}@ArKxz_mMDeL5{g?cv@LXYf{@(CCRB_4US!V8xwoCvTUG z^ImOtc-IrnB(9{k30!of*C|G|Gu69jH?lm~A(sD*}6FqAwtwnR&wHs&9G`lNX$Xm{p1gOKD0zGS! zzwn-&ty$dP>NC_@|SoUqfyw8)e8~?yFVee`Ryn03<9`b4nsho1=i2OHmr<1jakQr`AFF+T#<{I~;r+&~ zVP~i?NTHe8JjmPz0D6jt2)4@?^RGvn8X^*vAFEE@2!wbZ4| zWhYE!V`)1KJ&_k-CESCRS%P#=DEAsB6oPiEHT03gIh;&&7;5g zW8zu7E#f;FRV1D-IBzP!Oj+YK`j_GR%PZ?RE})TTw{QxTKHckXV;4;u-e%b_FdIC3 z*9Gxcz{}&G4zOvYH?ZPGRLEimPhOSBQR;Nkjg^niU2jWWH&K$?a7IQcfO1zIYR84V zM{(i573o^lslWR|5fYSQ00i<|wPtnsA5?ry)8p|Kt)Gf?yL(?I?MuOe35}J0@%ozn zg@53MU$vdjjXoS}f3f$(IUqhR&{9k78tBQjCykt)iIde!9D&9UwG4NAAHEi!XtvcM zOU>|244^um3Xp5=Zv}YRYWiB)Uzq2a5H4G|#}$JgGdVAa{{Rg9CGoq!K05d@<7+>* z_*-7HlG&6T7@ujwDeQO$KEl7v_x8p8o$r5UuZ_Mx_#LakcC%>LmlNA>Mg^_e&z8Zu z5LD-nT2Z$(yP3(K2I>W4K-S89rN}Lwr#QuPk#56^5;;=z5-!;?E9TK9%CFD(XA?Nzi=DA`pM2f1{856BG8vv;DJw zWY33R6y=sUylH6y={_K|^8++9NAmAs)MS9%_HpT&iiz^s9Z{Bt-@1jFxJe^CO1!IA ziulJ!Yn8l~MDr3@%vTD-A(tKh07~^$Xj;8j3-m?U8v@%5v?MS?9v^J_eOsAwM4}12ndfH^IZ}0Ii(?5b`cUV z6yOt%;;TBT1hH?JaA}!bvmDmx6RC%Lk%5zpR9zC3tW zN7E+wpWy-JY7#VmJ;jm!Cg+``hUe9*_*=IZZw20wtU@5v?Pq9Z{oc@9Jy+V5E~w5& zFj4f|q?tKl_!&6w*1a~%Rr^C*u_aD$*)^oLIb^jxpGxzfw6}OAis^%r===pxGxV+P z16{ek@fWeOTyYsqS{DZhU}4n z?^n`$-7;ItOJ-Y}S5l|U8O1Q>JhxJ|L8!DsAd-`~dRIfF-$xC^8haR`J4r0#?@$M; zcv)6Ql0fT)`AVMu07~yKJUyoBa7T4KF_M`e@sNE*OqkCv@m7^*t9iDzQn%S7!pNtN zd)7{ar>&rp8)(^LLCNd|XK@?ps7+?F+vJkp!|E%i(m%BhmvbbJ{{Ud&hdeLVkQ!QF z*qRBacZs(Gy>pLx@Lw21YA>!$pd)K?eSPT`rgByfJT4Yv@|O7s71Y5RPdG$n^OR?U zP9-Xa2Bi+8Z>Y&Xmf&s&c{Q>B012MOXyy@2`!*boIjy1+^D*z@u$kkQ&;cIMUp}>7 zCAfsf&=4aHf<3939YwXj+SshQiAc!Jb(&R_R`*(T(1&#m^MOF4=5>07)NxgEU*=R>%Z*tn5@} zW80yQ(py!P;zVR1d_wRkw!WClTx= zcq9{!J*(IC4MFX!ZsswzQAx=h3Qx#u%6`k%_KL4kxp~%T`XQDySlxRV7M&X zK5(P&eQPC z+UGl2dr~Kv6t!In<~Ib}IVa}8Ue(F#H`kV0UHyy}?KR8%s5fJ7eSbO%M`JzxrLB#M z+1sVI*p*!8KQ=i&-%7{1kNZZ_8-%&sj7Z@16ame};ccyPbw0+4iRslwD)yTJv9^K; zx5#4wL-iz3R8i>mR#UuD-cHNCeq=6iK^38>YWiKaqW&ORBYjsX%M<#?IB4gllV|ejgG;rg|=lx%8&;jbgw+| zo#oV1+E_;$s}(E>UZaokpsHx8r>0;EVrFigE6_9_5S<{~2aO|@M?YE(2V4igzgy@S zZ6uS9nXA{*Uqprnvt)>``p_~ylmWootP6X0Z>Y*lL*_y;!R^Ib)^)oZ9U_0-`SU2s z$T`{vwF0nsO|@NXN|M&^N{?2KPn`)uHUM}yt=UZQXqQrm7B~xREI{J}pfnVb;o95$gXev>$Lq^o5)iqn0ZEg>g#lBJeBNf`&+UjK<-NU`30vji{ zy#{6-uY;kqym=sP-eYh#=WjlptEh{^R#BE~hAEGi?{zd67_O%s;x7*-p2Thq1cPuY zbH#JB&d zuRM}J&sw80LwJp8FeR?zI{HJt!ryBG%U~NDeLS-BQ91&e~WZe7;JR}%5Gx$|Q3!?Q<#4hK?|JQ{4H|B#^9%sgO!{&%IQhhKXF-@SG4W>fCAy!)pz- z+UqmhOqa1hRqZx_**F-iO?5|*$7dDI>`=zh{gqn^sxzOVuU*pMy3&#lE;(HoV<3In z3L)3ldD2U#IogDgit!k%W@(pDiJ!{fxmkb4g5w*OujZci>^z}Wa0gCF_o*V%7G)!G zz~>mC*2TGsTB5|RvV6UNyHC>QwT?kBF?rDgAPtUjT5{cJJ06Mf>%?*Rj_T)6)oyIG z^+kDuH_LzlJ${0(KaIRL8h9g-u8*1JrWZIl#b#QjaegJ!;nUgg&@_?~A88!ptzcew z(PGm6&uf*uEIH30cdXo1^(|BCdG+Ph#J|2S@3`(PO+=m|y9Nj?+1#&0Cz{a*Dm`Y> z-|d#M`GA)S80Xf!&&HbGou!d+B*NB2;Y)NTg5yuI^OmXc_r>?KTX=5rYnb%coQrc4 zWl7H&9l!eY-w=F9n!*LsuCFg5)sH@3OsMPhpzDqto56n;<-M_+LYnRy>FrgdSc$_R zJoESp^nVEWy5C;1TadC^-RGEJ?Fy>95VDSh)yt0@ z>3#-*h3)iqvC0aV-2Bgueo@!3tvQj=PYB-Uo!|b{Uk)|-bnPnk&t35D#wz!6#=<#y z>PHwJ_3SnmT6(~@dOhvFp=T^2NT!X!1QC(Y@O`Q!V}GeNvC3S1ruJ8R=V?!D(6)C+ zPSm5)CreAQZ!D_L+$mKj`gE*$yBbrWXJeJU_)+kG$A1GgZy81L9{Tg*3u(?}v^NGI zmmnSous@}JL-EhW{{XWlqwsh3ET>9AO?RmWE+Vj zW?H3V&Dj*a7ic$1bQB#vF|k9 zH%N)RL3(1h{nG<+FUy7NjP>naWn4^|{SAWQEIt}MlwgwVk@Nd_^*lkS-bDhIknu(zSHb3~zV7&~?m+%lyYR&Z=D2rd*S}Pt&j1YvWCihGW$3n^Bs5I_mVB zi1U?f40QJ3{&nk@-XyTryi=;*TM_n2E}P0Du=h39PG_B84a+WL>yL%rBUvN1v-45r zh;2grjCvf`$iKAL!Hq{r)HVMA66iKG2=4Y&v8&Tz~-ck5WrN9uVm zyyo9Veu;bz(`U2rMYhNlP|oLh8Qg!#{c9)UC8}L&@=942<6y`G8T>07_b#lx_HbHL zN;P{se=VhUkrd~E0XVOvJ|XzK#s2^gJ}r1FT+-eopF>M#f<5G;f~p+|^krfX)Yi^c zJbXn6RB26LfAT&6{{VuAX?_~`W&31X_@lzs$)xyK;tq*zu9c48%7^eNK=>}3iOr!C^G_h>i7ceh%0pEbh8mtLTCBQ?Wm zvCpc^(#W6<#|F3??tO$~ba&bn?D`&~ZFvvPG%l{Kp17}_JWt{6dqVNPm8#j#ByIhq zx7K$+oZGQEVaII$09w|W=VGvqTBG`){e$c^f7-s+P8z^EblNqXR@&{{1dZou+Ce|W z%0T?jYW{k^Yzse!+JEhP@yp@YfZFc!M$&c1hwWZrA>}{=fJw;#!wmaZRO9ZcACqCY znw3oYu0;s@)ZnJyt4S}prg)dc?>|P-^i6pq6VJE-ux=<+V+;qV{&n@Q>^1SLNANbc z;uX7LYc{bec@n#oSiw*m^B~fvJx_lZPEbv~kLZfa_GIxN#=nBk;=KYG?Jq8&M$+9Q z+;95jl=^$u=B4M1H6PgP_Nnmxr}47h>*0>6;Y|wv0AA7Ny-?Qrwak$iLT>0(E4kqE zR~%QQt);x= z=To{%7|d`(fwd6<$-q#(Nj{{WYq_%1-Xe~yP6s*aYtFB0-2Q^$Y_>QY6&xKehMZ#+ z=@gRui|+2OA{jr(RhWVfBp&&$37=yPh^O-|l6ay=mNtx`1ZM)idefF0EqvNWphS|i zcmwH*#tTy_??csf&3Saa65=elx^iMGgOS?4QrGpCOD#dfW8^$GaC6RhuS*KLpUxgS z=Z=mZ7)ozhUB5-QwYbgJ6p@-alRC6bM0SH{3z1?C44{qo+OjQdP?dZBEOyW zc@F$YB5t_PwrkW!@#LqYlkR-ew^{DMIGgI;8#sr^=|q;@_O0^d&p zb_oz%4c}Vn?=?7D#I1~pCDbzFuNW;^(0<7O02F)`@WbN&0FEs_CR@z* zT9uy5LeXxHW(PYDzfdc`_?NC-d`i|1vv}7gC`-quLmuvdv~ug zvHHGAlJdbj9Iub`ElWnwouJe%Ac%}i@yb+%@4CK?{hfXWX#W5fz8CAB2Jrs?iS2Ft ze-?EeInv;ylc~=}2d00Y<6d;Bv+wZuRTy0J&lY?g_|x#Z3!6_L=-Q*{&~q)voYH~R zhROOG=DrweA)=F4Nuy>r4I8H$)BXxVc0IuDHh02MrG;Ew}dc#p%n zoRJ9FTBI|`RuE+10ILF->dfrILQCjBGxDN>_D zFIKdhlkcXB<*WOTBhT|!dKFux`I8@u^wN2-1}EWJH~iXK7qHD{kveMvQ}(KH_wOQzag-PtgL zcZ8rT#^0p{xmlkr_?FXG)%DA-w_M3^H|}OJ^;6q9?Oui9?LSS@KFb}gw93esC5A~p zxuAUL>A_j>1kzP(9X#q^F}kruhyE-lK%jTQd?CIcu_7kqk?gq5ywA5E6O#y zogrmd?;ry3peZKIg&w89rAKszypBEZ(%ShUvXsj+jQpLe(zFX5cJoOvYFd5E*~sTA z!#jpf3D2>jDVn)h^!;;9)4VU>M7xhlj>=Y;Lk#i7k{bgZKBL;a-MoE&VQR8mY4$pf zr{t0Iled3kT3DWQf{)^Vigc}0O`F7Tr!219z=kkXA?c8MS5BXTe9flcMvW;buOszfPw)>~T;`BRk^DgM)7@NOSn0Yn8v?hHa6v2v zI6lU{AJL=nrkAeYYEV4Sacv zt>*&(4j>rlx&C#NC8CYrjI{~%4MRz?H#RV&L-**oEu8V1@eAwKhUhHv8@XJt-beGP zGLo^`_#?v5>Q8xjb$4y2#}p=24mp+kD6W!iWLsOckCOnyV4a|6+NlWPZnRxTSG|y1 z+nC~RvhK*oTw}4W_Q%8D@Q3=brFVzVhvxq&XBdw!tKLVs+hIRb z+ce7N>}cxK{{UxOo0u9$j1t)`!5xix5016%dg{*F(@C@~E52HO$_Hc5N@=}=n_CwA zLE&4^80oq^7FL$_H&F$3ApQ5oGIQ%%-Ujf!?vp*uuB)luTe9xTi7;DMamRSCY{Z;SNb4r(@fOtV{BLnP`Ym^K@pE9fhTF7*vhZjY(m zJWcW{U=(%rZ?0avT8xm)%)l&8 zd5^YglCi7~Z$Y`a)O7{7y75iwlK6!lK*jsxIL&*$z2N(%v9P~wMoTM*#t<$*nNJzV zdSy3bGr&Fw(1py;;@j!2Aj252d1oiTwRgHb=7$B%?VYBXZkDkYiy;WyeML)4sSZag z@dLtk+N?G@t%yh(Ki$m4RC8X@gGNq?DX0m23Z5L3szO{~J`%`}G?EVw#D}Zxvq}sRn>Ko_ z#5n|QjmFZ$y=u>`>K2y}3w4r9BAa*TqkGi{Dkbpr5%{CTrpHjYm&{1lTA)y zA$%v%#iGrmK=-yHB`nS`S-X+=*3piIDCl?=qpRvVOwd|elA%Tdk@E5FU9W`vVSj&q zAh-ypp<=kj4hq&G!5*`zNby?D6WpXx0fr&6dGz(KpS(?~>h334N7}8TB*p;20-;k5 zL}zFp6Sd1Z;k1s{G>RdHEzUm*#qlqRwf_JV-_NJ&7XVpHBD#&gGWzqY#d~Y;Cy%SM^n``JIyxrBYPB(WkTR79X_>Eg^6pqXTkS+UCCEe zf_VdE0y$rL>-8-{JB4&g(&Eu6rP29 zQcTICBJezrZFbCkln%90Jw1(^Lp86SPfU(QHpFaLXl-nP{I*id$Rnk8c9I<)(i!Hm zhVU=l3_8;01Lq6NtDAoiU0q(1$jreZCmTg~tKvwS!Z^`d8B~M2Jq9U-jV&ho?a|0* zxX(RE{VNy5elpf{2AfLJZevfhDBQRV7*$3$Cy=+H>OL{OwT=tTZtz(st!9C|-!mo2>OC=A#t2-4yi4KDBJ)HGrJu5D0G#byWq8I&>)yO>{{U0eygwP! ztRxR6@P2Yn;Zo4!8yCDs;yaB)!?x>%j_n+V!R3ZMYZu|Y)16Y_{hl;rK+3YeQ`~ZK zShQ^z=z6b+ejr)4oi(++owwSjLXI)CE?&^M(xd*RWY7j>R?I~A-%i4DiN7Au0`#lF!x^|gvY}kxUT=M>xe>=OZ=7IZx{ATX?8C()?(44=_{R8NX%_c)aOrZYgCs-- zR~hJQ>A%^-O4M}g4N6^iRcq_H-581G`H&2D&p(BI1Zkvr?dW}R7P8io#~rK!XqfFd z`twitm1b^yC#t@QExazUiAp~Mj-w~9T5V`%erCmUeP^ydpvGq`O1ug(pz&SJ_lsp~ zA+j?7jc^yx`_@vCykpqqrM%R&#JX!%nBhbGzbNCiVM9IL_Ol(0%r46UVlyZ_1J`fo zNh_LYk4u93`o~LqD<~c-Y;wH=Fyl4pnl`)RZyoqETkzey=HpL-GGl==xtMjwZsU(? zUd+N$=zMqL-6vAgWRlkU(&JBf$C>3ygg)N9s<0Q2{jlZYl|r(1RpPMb`Q(7SokmTOU0kFr^kPW z{{R`hF&TOEtA!Wv`Gr;D2j&bx>5R~HME?4IAN)h`$Ht$Ae-HjI_)2qiq-*vO-LtE1 z5y`Y=Ngeqk>J58ugS<~Jo2Vj4;RZlH^^CUvFOn%3AWF4F3aLPXE>ze*}{{Z0N zPuTQ$!@)ip{jU5M8rkZ4a;=AnB3pgpczM|Gj(`$DC$SYg*3`;TKZ=caNVl?;fOe&_-+ zS+kBQ(8nW8vB*JRrBaoJ9mmf&iQO`z9A=}4#x5d}qgmnyB}waAMV&OweKn%{UP&mb z`-Tr{{g?j$f*yX@cAv9H?Qti=FB)ps7C#KUdyPBy(}?1R=p01&>6R?Zo})EXqs=Z? z*YoIhLq%iz?$h2Q6p%apq2tEMF~qTvm2bomTwcGYA^TimLqj?h< z3hjihj#{R6I2b{Wn8)i++vXU@mH`#h9gbHXgQ8qVAV4-R-v+ZDcUzs>1uDO}RXg-lSGWkn-5>J5Y5~Ox2BI zxQyFPBfKnm0OROu`bGZ$f*k(YR~8qG@F(JCs}04*maiSXylhKc*vfDVgWY&J9WW|n zj@Ukj^>L=^I)}?@W*67qA8)lqBnNT2wQ-)^MjJTw`d84pM0UEI5o)?rg6~AUjc#q2 z9N>|XGh8(yZy6TW4Hv}LTHl8}L2qlQcxwLIO*d1uokJtWz>k?v2d{p_*ZJ*#!C3zQ zV+~{WI{m2i%Ma{p_V8Y_b0qpiut-c%+GMhwy>bcKN40ZpE04(h%e~WHxwHX^`(YRW z4zqQ4+Vdl4AaXO> zgjAZ@9Qs4%tZZFy&5#)KeX9>!w)0=gf*eYtImU2nXgvrkX`1!LtTWmY$tWEwvGBI5 z75@O*MyAUYWE?&^oK~^0Skj9^hf$o6vB}+7cByT|UTi7q{4A49_v0#=z!TYp(z<;%?Is&tcZ}fnBDCfv#`WH%_Gqo_UK1Z(vH|?-vhbDRy@}$D zH#!_M9y9c+5tHJ5Le43YB%VP&;#m)HJt~%;<0!`4NP!?Q50l!Hb{aiLNP@##mK(cR z_FR$Wl^y>88t79%5nbHCul97<(hz-tC;3!6bS^rcLwR?pe{ICJa-{ZL?ilIKcgMq8 zJlbvD;e@Q^2UF1h0G!nGGWk)+G*D?4@^4g^9Oi}vx( z){kiM!m!E;g2Si1bGEjzY1ffL#xk3|di^N~^&L0Mo<%}7#mD1Zez_&avEm2PvAgVq zMmF?x=l=k&RTzxzG)pUMW{u#q+mF5LQuwD)ceZ^h(U)}b?QVGh(IjaJbUZ#gU-(C^ zq_n$MWeOwCIv$+Ys`zumdR%rFT8c9*?4)FY!*N*1=z*83!*OD5!-YG6+k?;f;;Kii zY9SkYNE4^cSrpMiO=Hbr8x`5=4|?fzyU1;oU9gP2j@sT?mL)&{^dhpf+lloF z-qKJ^u0CSjg$9Rwo)wDX2%=dYIe9yjbgS~uE`bHKQNu6F!CM16zM_D!-@&e1-F=E# zEewd{d7*gOT;Gd4No{vMzMUqXsT2ULQ#kpXCpbLz{lrn?-ZChFP^K zgQJL!HUK&i)`1r_jZ0b5JU)q~#}Sq0Ss!@L0RI5>n(4HU7GCQ*TE}|I3~Chd#REAF zQqd*8SB_w$k&-*rtB(p_TB(zx4i&t?mcbccr8^6ioIH_TCEDJ>bmHAfZoGdt=J6Arn+RBmJGP(~k5;2DBPt?*g?s8Wa z7Z+Dd5##bt-NEQ-SHkkx+*{vGI?EvWh#c0Cu}Vm*s>^Yx+(sggdv(op)^J5_rO$Ud z1A39+I{?+C^e#3yog#TIb(rUOOKFwAi}<~TduPjMv-?&Dx1E!GV2osTHI&h@x8Q3F zEkjW;KbX%W7gOoSrCafyk#(iUvP7u`$mpPQ!`8E~9v=F>xqq%3HMNdmuIO|KuJ^%<(L&pYt@Y2oLyP$o#u+%H0X>w8ze((TnDfzcbfe{}j( zg^qUG;V&nUG%C^Kf)4}mseH)d-cSSswPPgiBE_x5w?cFZ9R@pdS^C6RD-3TC`2zsl zau+pleG7ur+SH&=59k-Vg_iklj??8J<%T&XxX%viR`)G;J>=0^$mAY`7Wx{aq8pyk zqdXdli0y)~1K00YJ>q$%(=Eb9BQ8k=Lgs^0C&PN;MW@MeBe4wK2*IokOJAE&c3rNY zFT%hMs6pu^R3G_Q0$^_(&FO>58Ft$=pv?G>w#O zbm^_e>kpK>SwIAO*G$u;-L$r#e9nPi9+V89!M-1~v$*oeA{A`&*jJ%zI<>uxjEf0f z#O+b(KO{{T&Ut6OouOJW@W{u7gt`p|6^pxfOd zcew?VVq@^lV``Vv=<%c`21j-IPB>xH`Wgm96{Omgk!Xkx21@s)Y5FC(7nd58?`*4p zxIB?mrDI4(shMeJvR_;+n@c1t3Mm~}QzG#Gt*6{1Mj5T_QGwh?CZWkArV;9TtdP%h zYaiMkNtCEkNbO#4;~O0_PrJ8GHcvZzL7ORpt=v{EmU8>zXxco0dJk$LhTh8R-bokC zIRxNyT1H(7*AxUMe+lc0lD~LdnMJ@N2KA(kBnNpyAv!M8& zOV#vvHQ_y)M#L7&1sUsI1&#C`A&stVF5(cQg_2m#@T<52c=jf%nB$fe-0uD?{3iHl z-?a>Xv(JsZNvP>MVrUkZ&@{6c;<}bV+2j%Z-|1en@cZ^3)jk~R-xNG-zATkK16p`| z-D&gONTfEP82;@G9F@Sw9r50>b&iTyRoL*oPDztevA46gd4<7WBx9E+wkygk{1vL( z{7Jdjd~>GTUQ25+OKWMqXvAl^9`z2h-1V^ee5JBC{Cn{G!}fPDPvz*^mX~&$o-_dY zK#c7p9jkz`(Js6#sax836{mj>N&u4DMtISE5R(sHsz@}x^$mc z^Vx3y04+|rwd=cUm$TF(l_x=iy>LPFs@In{S9y&Cc}xg6Ju8B~H=;kMI3vJJuPCqe zsot$cwf0_%znd@kJK>g>s9I_b9leT+b@L2zC_9(F20iPf)vvVKuC$FlD>y8zEiJ?| z2uI!kpPL^~etMgSRZCH zfH|&LCU!=Wj;3~+%cxGyqxWlrgIRwabPYmJg!*ox(A$kA^%G|!Nci2nE&v~a{c7RZ z%ClB5{toCmCY$}AYo=+I{!~a2!>E1doVOysPdp9q@4|jN@I1rBJ{r*VNiF5fGBiP2 zG&$gb*YWi=tSMaZu{CtD>3#$FDdF2_?li9mXqt6^U|2&C+6e=kd)8*5@XPx$>4u&z z^tVSY>$@uL+}BKKq<9#rx6tW)J>px>4wx)2W0@xn@=OoP)%A~r_5C}?nq>MN!^F2N zn5(mdOS)nChkCOA=_U&r~^$2wMxFNSV(`wddi z*|Vt1vXP!Enr!`hB*ibPsXgR=fdKnJ1i$eJ;Wc zR?7b30E;5*E$^C>O55D>-C{_zjZ@7Ls$1{MAMXn6<%S;>!yU}mq3+ZxAY;^ygFk?& zsM+Srd!CE`00kudl{`)35BMiPhQDat1|2_L)ch-Z4a>nCf4;T1XArvN9Fvw#!vN>C zemr~|@om1ZrfHWpw-HYPgpPWtUI^#DLE^EmPEktzPnh7ID5H%}s~lS_e?NJ&wjyIc(YYJ^Q|JAuANDur>zdsJGM#?j2cUsjtfZb-HF|kTe{7w9}7o8JZ*t z%^uVsh9I~63cnqH;Isb#v~R;N+KSu5De$@}HEkzIvYOp>dy8`jndERuj4%vT1@Dfg zyWK^~e+77Z;Kp|zKCPMKDY)TjRH-#4*S?#VB3<`Q_DQYuKN9{IJSn8xSzJvUycmyg z7|9)YuXp~^fCng%vB%!dHrJI_UC;C{4w094sKOAKoHV^URz1GI=DCHIMLEaJq*fAF zN2at!>>7hZ6~iV{ZG;Bw4lCqoJZAb2#0^T)NZ~3r&KR76*&~to3f_$ipDo1s^*jX+ zZByWMj1gX)Iy}1{ z$GmHwe`(j1Y5FDE9zid|i=PPI$sVsXdYpGScvzvts(BnAt$w$Dz`h8+_}lQ;#&;eo zSq;8}cP5t%F(z4%soG8l0A{+Bb+P#7Wl2JlmqcP{o)WY0UajI?BTew;g{I#v%ZIo~ z0?f)7GmO^l*!NEjczaL0(Gp z3|6ZGqAI8=7OiV~h0UW!Z{-Y}Vb_Z0l}FV5PXkKGeV&=8Txr^jI`yn~_LngfD9kbk zwR2w!w0j=|__IpCwAJqPSnb%DB#nwm2;H1+9Y<_cDK4k0W|fcAuNVH+9|rta@a?<} zduemxFBIOykO}06d{4KMS%Krder;<$2GG1etLhrQj}W)}OMK}WJ3Wrxm9;jmb5xT) zQT?km%WIDccwfN=MDs4L&HSn#mQ(}`{#pEM;TM)0S>dsYRonLw0k5FJts6)1uhKU# zja>FL;_l&2Dfu?#FUg~BJ4C#cS!xipD69cy9e$O$EH{>yjcI8dlIbBnR&kOKwR)7% z{M(3QB#vu*`JcN7?&rDm74+Z0ABI}Li8V;PN#gk4&q}lj_De|@iJL!oj@|3BoDU+g z`iG_@^IOLpp!pyGqZm~ku~wjh8;RtEkglf~&syn>dY)xgXWnQJcX099%>}fZvxgZB zJqNvK>fRWZ#71SAOEQyz{VQ7>l05qE-Ql=Ur|zH3R3df)S z0AdEXc_KirNXvTF=oOKLynE4yC4lct4afz7bk})K)OO5R^tcrf}o`$(AZ4E9pNusok zRrh?V2SMvWCXS8Zxh2+aEw!*-X&m_tfT0iLUVY-N%JXT=#kMv+Q=P~zj0)@T zW%~t?V{HRQ7=kIcfDmMBU4$o`$dd*H+L;_ zDUZv;e{>8A^SLxxH5ncp$Wwr-2Y;;*h|C`hcySlTLsGqhX)GdeOd*IekbQp)SJhgV zj^>g{KeB9XEFpCfsyYS;qqYe4tx0k`{{UOR)wMV#uzA=-+>NJzeL(46JAL8ZM#<#! zP0;|5S^AUppb_Kx#*cS>tGqGW+}%2^a!D#N*n8J=pxEB%ntHyY9P6k$f{Np!_WqO% z?{t{VjSt!kNbE36biwXx#r$QV+Rdu1>PU}pk`uUpDh%fO7xZW@1+i%hO8M%&0I7b@ zJ6y>Os+&Q;0Ouptiy4-gay}^Dwr#53M{ga+0EJv*KA5QFHiXK$ z4v}%HIC;ohRb2k?;~$-JI=+YfmvMISK^mjB^5dP@qSn~goTVMrnX_4=jiJcH793~V zxZ77&)ovz?vZ>1Cj25QdwIQ=^@?ApEqr2S{jZ1k$`1s>B*+`ag>2{9tz}{?I@D2(# zPX@6vl#Uwa6BK6RUy>t`9RC0oE5=^p1Fa+`#u@D6edB*dVoqov^?f?mP?lx7irhtH zSMI1h8ppiR47WG)$s>tI3`lwt^`HyQt=z%k%a0A|)^RSV?qplZ0VXhb#bRkG;td+w zTTM?=ySlfT%#4!0<9fNiYG# zg{5X&h1g>xe7>f>sL?bQFi#w|l3XYwB!ht6s+Pku*F(`Xtx0FqEgh_KT2+kgC-Fap zVBOj2SLvuM9&*AC=oGGUKDDayA2H$Dq?ejLptiCk&XP&Drf@y0S+t1fN4rAsPK&r; zed;Vp*7#djx}3d)khz{igU_XQ8l|3}d8b8fC4@^R;#xt}k4jQ@CQ`BS=ZpL?j~LqN znr?1{#4%C{XufVaueu;xUkvzjMTXMm`aA8SDI6vOvBm&D)YK_mne*$ZH;Q~`1>T7c zl|G=8Pqg`Pft5)RwmDKg zE53gdYAmR?vQE(=3=9E$;(E9osUHaf931vXZcKBceRQfDFbu z3eeMB-fdDq0gB;{25Le19nXa?v`-D{(nolrd;7Oik{*%ZbmP|*?%pBsg5B7qj)|w+ zZ3wHGdE=?a>qjs<^geIb?X(t}?rY>C_!3ZK8*{~Zy_bme%_`|$1&>fgkgEi4&k)LH|Jd5t>BnMQOA95@J!tqat=MKNXxNY$0x6Nf-el;TWNNsZrCW?@3%X43Gi z7`Q_#1A&vqDxRsNCBzFR2ie?Yit{R0)buG}-!0lOH24H|w{Y$dy0#+csI2ep4MtD& zds5p~xjE+)>DEtjJ(F4*(&_q}Bqdp&AhA+<)?Bu7Mdqc`$qVFU5!Sb-Q58B3E1G(C zuMMVQEPT;`qPvYg^49hRO+|vJ$y1(!v{&eP(@cG%*xgLtT!|zq3l4gLT{IHu*VhGB z6K@VONEidyW~HWc7Im2a0J5NtRhB$A%!OPx73Y`UGm0n~=Xq|UR>l{%G$@-#%<{hx zUs>MW#dB_?HV7lBIjJRF`c}yoq3bbec5qq9){K#jxjgfnSC!n@-b-}l zi&D%X|q_DKKx|JlgQYBs(4_s7A{Q%$l9P7FaFzJ#z ziqz9I#JjmfwV%#AfFm6Z5x-Lxxw(00Y!c=jLhbg30b(oL9c#(;PqWxcvl$si;y~`+ z)wE^NjtHrC{(8m~p1ZM<0s7R>4fVaTlE^Ykw`go+4|>q(j8iH;r>flB+qAOm^75_+ zMy#1_^&MP8FliJ-K2eTEVzjel=3D3i~6o{iJ*& zq)Xt7EmiESV%1&U-sp_9u^(U7zbbq|;mhqFTcni6VP?vZe(A?Uu)o?P!T`)iJ%0|B`Q3eK_GzY;SlZg; zxmQ+PFc~}%^saNJiaIX{YFFMG@ji{O*xWRGBnZ)ifhv>DeFyO`K+?QR4d%0deY#`Lq7qKeL{(`!RfQ_?hsp z#2R5+ofh<^mzNm^Yc^tIkwNTGgT;IwePc5_w&YmwNY7Ae={uy^&rul55s71yd~*^x z0Q9P+(|n8>)5|^mD^rqj=thyuvK8gke(4=CNr_C}V4aba_vugx?f=GOMBZk``^!Nb!KaY02Doe65rH=k%}B z?M~Fo6QT@*%AZ=~ts65`?0Bz>JU0fQk9l;N7KAFu6WzR8g_*D zHc&cU=@%^6Zz%31Mg~5##IpMBJzpIM;vJk z1T!m1lljzNIg11;h2tOItqz#R#O|zBQ5BGb#~3;EuTS_t@n^)p0lq4DAL4(9RV2KF zQny>)%=V?gbw7qr;X^m3kMtY;i$7>T3;aj$C5MajE30i@!rlaXcDVllTYqIR+Ujxl zwiAqw$Jkfg-Uq*b4(iu`53FQ~d^>QjspyiCfau3Afa9n=zJs-LRf*FSta=+k1+~zW zg+!f#%g0v6GhdkB@K;aR^3(Rc{g!-5E}NrVY9AIn7Z=+s4X^@h>q35b!5p8JPvWcU zYl@^g1+B6Ee{ZJh8Wy##_)k+tw$$vWX!gI}WXZ;T$3t8myK6q1c{6}~?ZEkdr_#1b zZf7N_*J#qc*-6SYGA=$v>b3Px!xKI9P+j6_Vq@iq+b5q&<*Fka<79B@uK|V=Z7Ii? zk+0nt@Aa<~@Sln$&~8&!K73zib0~1c?itBaD{LN-1ND31ACI)Jh#EbfuF|c%G9um5KEW*sZP+7Y%57oM#or+)W+K(n?gMW9Ib8phga_ zt4FIv4ZblHK!peRdF0g{E5WTSV*b(M5z8R}D8^WI%>}3lb)#Q>q^v9>+rx%G%ByM` zChKE0qPN=DrcMDg3B{duk*i&4+H4X_a2EAYs*b?d5W1ZA4>Yg)%a?Pw`kG{uNo9X^ z1X7tKVux^5Cy&alTuE^Xt4O31!N{tNt)LX`>|vT=AWf{t8TYQ*4JB6v?M2Txrip0CpH7PF z?F%!cSX0YW^gjaIURd7;nhAO`pIT##QYhT`Rbca@R8Ul7IpF(OC3$5&n&M(dhT0-ih0k$TX5xB3 zhi^k)K%^Y@&qG)BJ5;dOB)D@QoX2;{K^3PtDkn;}X=w$(1~hr2*scA{`g_-mUp?3M zsSP0|2pP{TJ!)kun#MLd>wP}YP>d--JdQS<<2bFjf6yRkRZ1dt9jYX>H-NCgVSAg4 z=*GndYZJ=XE#ehOG;7P-ITfNt0k)2vdHoGyS?Bh!U0hmAa1=U@PaF?Q>1@pM+N`@* zIKc!`17pIrliOcNBb#!(n}+U-?Ouc8FAw;LSu^;0IA+zPa5?nv)1F3Y*bf8yZSB6O zqftjm6^gnLdiSmEL7(k**HXgKtn0l8sLns3pbqld*3mR|oz^&{&J}aZRcq}!3;iD7 z%0u>%DQ04DNc5x!G}=qTrbbUBCwCkgO)E{=bdxwfb2dgepwbVa?Y7q6V1Z_pcaoch zb3P!nxe{7U<+tzK8?nOinhgjqFQU*aVZOd9mgYep`^1nxt$A;VHE;MzwHcxwZL9(Q zU8f(F0Ck!L@@Z%+p+?;_?6*{PRucKeUJE12Zs3Xz`tSf zW}`F$80@YjG8ji5Sw59(`zrBt@nLSer74^zTE0VQ#LLsP-A_!lm+kh_#u)Idb6tIe z^62_(+P&4qvRJDH^4*5x)Z|pPV@^||u+#^LZ48!{{{Xyvu-*JZsL814`Y@O68)1?> zsR*Mv_oR`n&pp)j%S}y8-dWz~YVlIp*X^j^_g)ZuP}tYsq!?`7V_tDpVcB z@J(eUsFKvDqiUuL(3cIdSmP(9by|ksnn*{R4o5@Qu#~kEMz)-iTSjD!U1X48@!Gdw z`zQnLtGMT-Pct@AI%ww7B!cqYo+;C2(xbQ1yl-6ath!w3G*SNmp*h_j&A6!km9exH ziS&OET=;2bxv@XL3QF#70j-@2#Md4$)nr|2)oe~O9AK;U{{TOYD;8wxlDu~l>DIBQ zl&o`s%GGT%PmWE=DZm3esy&#SG$PjREIi0Vu?H*lt-T`R-r`4D!u_3r9>1MSje;)Z zI_9q(quN>7>;tdM-l5jD4QE-|6cDU-;Rg|?QU_d7Zsw3$o&NxVbZZG=DXAk)?5u_? z<2fC3TsE!X7%V5eZ8=um6D_kmA7Ms^Vv0EX2~rsmCsDkDSSjEd?{sT~GE4!FcHEy@ z&S+AJ*y;L!k{i#ns#~y&2Y2xbp$zuAos8`hHN^3uk=1!BMNp#~GmW&lj#gW^gs{rv zp%^54itg-hT1XZ=e(0W0b)d3_v2d2`kfX-Hoz2fm;WhhD?Ky2N?JuL6O@lx5&nKXu zsH0ZK+4M`Lw3-9vGVn;?{{WoUf@u)y?Y3ylOP-y&)-FczT@HuL)4UsXIfB;O@>P#9 zf`Inw2d!3X_rA@{$Qc~&E9vc0bR=Q;i^kSg(8CR-ylA^h1qVEi_2Bx3yK#Fovdlhy zK>q+_RXBr299oM4LXtr^IQ6dQOjWsoaE0IaSoIZAML}w9={hU6r3_ctF>g}API5k# z@ZPoXe_8M^#7`J%8m^$z3(1;j;bZqzj#U0erfl@^=*YX#jPD_lnc`(C>5PM3E2(&L z`$g2@w9&2Pc&C4n5)#WFIXS@Mx#uI@!eM1Ck?g+@JPW0GkKwPyj}&;VZ}iPWMZdSV zwm>jsiSQhS>UxvMrF!1?)P5XzYvMPCJ}Nhd{9h&Youun=Ab64qE*3XwBm3J` z7`{iQD4f(%cRuqi@c#fY#KlUT88qFtd;XrJy7$A64EPV?*NJ`>YkG#I@gw2fF+?KN zESyG@7K}44Mpr7wABB6*!&p8X_yfVdJ@D6sd^@P=%c>aK&Pk>+HM0&IlhYt}?_9O< zk&9~Q?HnWYeXU+@xM~kzB72kLh*-;?waGo8h();ksZu`B(lPc zSy|X}TP(*u=DKhASichQ{utT(9n^ett!keR;kZksvX=$-DacbV-YcGQUTpF2q5H-c z!3>5JRR=*do$l{{zjnN~GcDx1yt=b!t|SwyfQ6gxn(6#UW8w>66WM8AH@moj+Gxj z6GYabOOLantdafk)YoiL^4Q6^o<-sx1SOF`*4}(P?QDNq^LsI_d^*))@qdO;O%1#6 zn%Z(%Tb%y@N+lC4JxjYDJMoI({ASl@@s_1&5^E`svnd}eI2-^!0aW~R@Y*jKd_U8C zMR}vE>K1!Mv#9~31Ncbx;AXLLN8M%kmY|}xN09h(_53lc=@;59zQu;&8bx!)z-*xX}iui-!i*wCs!5pL(N6r54#*Q;dDyYD}04;lOh{f)jicn%MSL&th`#8cl| zjYe?LBrZ@&88MQo7jPb<-oKph6!;IszX-l2XtHa14d#X6zZ+>W_`k#KcKH%TI*BBP zGQ4FAecrgi?hRpIRc^=ToEyXO%JZyVI#X7~$ytASM(^ij-`;oHRFdB6HpN;Nj2ymw zJ*%;~i54k8cBNS3n)6&w=!`8(q|7q#KqNeS!LAY;wTXfM z09z9wZ=fJi$j-S*EzdrclTN&g?P5!H&OozL- zgeu|NXc^%3u3C+=wvCcBW4CKYYt22t!yh~%@?J{+eNQKFBwlk2x`ubOac#87(RJXg<@8fl{cOXf# zt44!n0^2V9zUs71z_)pMM#;KGQD1^6FED8_g!>85Tg+?7Vwcoc6HanC86SE1}Aq<7uh6 z^^_^}GOwWWe7A~uCs0W#NN(Yn6q$UZ*mtMQ&ecxiH9Ms6?Y57pBBR44$c`o9S=~|Em%bB6p{qn_gD^}opjKWzNQkx-&4ZBYtMkcu>HU6bKoD^AHaXM zG1UJ6Y#8UUI=_OiucO~G%ILFOC7%)|&oPK`k@6hpc1PuHtY2f)R_)Zhf&O0g_83ZO zL0hT*W%#d|RK;-?GNnY5jY&sN(DxU8T8eMZ`)qp4!#1*jFxe|8UCY7EMR(#^^j$jJ zNpW#|e6lPMf-=m+;~4K=jX0l_Vo!1Sc@C4|?~5J+&^|KwV*5|hH5p@))>#G-r6c7G z-MJ#aL?^RNJ5`d$Plw91ib57K&eiSDe%09s^gMd!Wo4~u5;3+?HUI$juSD?w0EV@_ zUezuwVFpr2KTlfdNb@JTy4ol9JAcI4;aij?LuaS8a=OjL^Tf|@vQ|KN&rwOc9IW%j zw4YPDMv^v2hc0o7=r1%Y0~#`I-HhNKMMR`TpF)${nCv9Cg$#^29At{GVWlv(7Z)h@ z(l^bAJc`W3hUP6++jP29OsqNcP~&K=ds*(9&JVQCZ*B?s*^eTs`dD}9Y1{etKPA1g zoCAV*{ObTh>v1`m)mRb;&rf=h8JdQxDwtxlxLjvEcdqY8)f#9PIZ;E781|+_qGn#I zOL)#4V4Nrwv2CEhusriPn{mMhibh5y-kSt0@r74bA46QsQQGKDd#S~2Wto?5+;hfy zezX{?bv%Q{o;1{NiupE|k-`B}jtWKdJvmvuRra~B~( zisy9C7u)I?j#Q8Ak<0UK7(8}0GFln9u7_!-=~|zN;FDZQ?c>n=?T7>Npnng&I(coa z?~20Pq0Z5sIH`=f5Z6PawbVR6;kX|6T38m{7kdWdaP`e(!KmpTDEmG3otD#`{#+au z!R=N`hf}-O{2yoipAM^Ota&$N0ro&WGo10(xraJU#iUSPLi>@vY@Wh`jt?3eJ@oo) z8=zTAZ`=1z*YK=cn@#C7kGb6!WQy; z*HNv)DwDY#2t0bwDMsb}55;p@UQKBFd=lB<=1|!HgN?YZ??Je-n)B^aC~T=IK^%v4 zbZswHM?%3QQ@NOb4l9(q(Jd#N%W$(mjlp5}s46kB9QHdyM;vh^U>xljuRYg1F|S?4 zJ;kMvn%Eton4A;dhKfA;`LyF{acWXDlpJqUkbOof9TUNm_=ioJ_T4S+VuLa>ZvdcP z_%)QGWZNjsJ*Bn7TRX1hz~{fxxP5 zpq}1Rh)if(rFi9ropUQRv)VS`aUkkH3S&N#@C?G{B($E|a;&B`%I)Ng4z+UU!q(Oo zvVUq?O()HOrF#A}1&=22Plo=G4CU2ECzcM?_7?brQA(nsA^x@Chif> z?;K=f&{H-_#@2%f)@&|Ko!mlObl&54InM)*{MK7(8i>DQ_aY{C8v`D5MaF1rel4}| zrJkKMnn~7fVvv2HX8`m3x_))p=zkV9e;3bvabaXMeH7qB2buRc#y*uwUBJe^))P{h zZ0ENrwT|(|NURC`E2LUoJJ_t=Losk%jGXqZOq_;)!at|A*O=gqT!m5CP(dz(qUtv`uwQCGjoD;X92$R&v>Rh<8%b@mPi6Vh!TFD+4He7O<#a86 z!rN2REE)y=&ikHGY+!l{sjX;sw|cCNq+7MLe6t6BbL?vu5vVh(@OOwm;aPaMPuDNj zZJ|7{pavZKSF+!J(Ask94Qmdb$z^#Wte#w8d1tXTCZ5dI)^!_AR@hsKVR+?S@<$o! z4KABusN2S{>CpMnPQFgyfx7k{hO~n-aO`;h0F3or14W+ZEBT~dP6>7}W$VWS>t1^| z#Asu+7Vz6L8G0)L+upPnD-RC*K-4WB@cn@;u2xW}_}#`UvCyylL3piwb0p=KM)?5w zS#!pJN||hDICU}Rw!Z%WguhPKW_wXEY|E7cjP$Q;)%;a;bzsi3TafHd#RCXyCFEjw zFNkh#RWGK?Nhwp7923Q1={7zh`w)|Sn3M)ZCkpG^HMDQkxTbsNrKRece}Z1uMz$B) zi$UjMSNP9vN7Asad@7gPWwf_;vsqki3o1F!IOdsLx*llyJQkN15Zyo}i9y-NIqXev zUL&`87b;lbji{rX=7Tp9)|+#zTSRRvNsj2QNNn;eR>MQq^{rCUYm1{2K)}lo&K&(} zWh)w}qrzH|=sFiN0SbuPXUHE0WV;(r&dF*7{a!b#UJ(`L@htvwjXwna%>9$@S(C(!eYdIMk@3`c9)qO)< z(>x}VO>r2$RSg(GdXg{>YF}n`#@0ST)^#mYT)v&!Ijv6iAQDL{{R>3ce2<DSiLv9F+C+|03weO{u4h-03k#!h_P;e(EI>UE zy>V8V(MB4Y_SbEGZLVWt*#nKZ=jmPOg6~j{2oS-sR}L}H;a@e0#PYpQufbuQmb)1e z_*&}1`ZF3KwspzpoS$mYvG9y~agy!GR&K<0u6X0`p|AE@Qf-QE;<1#^C{Ha9an`tt z-A3D8y}2tGhOw{yKB$!J*YR>>VQJ*gSRyPZy!e$#Iw+7#ZW zkWLM2Nq=+pDWbcEG?xG_dB~)17~J#Q%dK%Ga}t4WdJJHGCbl8obkZl5O~7yoBz-70 zIbBLZrHqRqKr@VIHRto&T*r2jKnxgd;()o{=r(J9OJ1W+2VglK`L5GVj>}Ayn%xp* z3`rzp8kuY(OH$V~=q+P$0;I*U^7L%`R#)4;#tp`l`<#H;0|!0F^QtnE)Wp>FEmrB8 z`%s;ke(LAixmo0U$q)qJ+>$y92Lr3NvySG;6`+hL``8?xt!(+Q#RO4HZT^g-ACIjD z(RMi zT)Ys<><$!X8&9zBUh^l1EK_{8D-tw=A1@nzwe&Np&jZ;cV~-1MRF+o`LBPS}eii0l z7q!WJJ>e)|pH#AVZkeE4a@c)YZu64W_soCkQ_h<#m@&+(l>rz}}W2W$GjY87;4Mh`6nh1+3fEYUrahl4p^V40L z)Y!`~>OrJ}c$T7f-*2 z?)uU@dt_fcx@{)|ob&lrKBhd!)*lviCh@nyD{l{229Ed$<4ZRC1}ldV~#vzX3AQ-vFW^gTz^ z8n>~mozHXlZQ~K)t$R%yo+xLPW0`^A4&TszHTI8;tWx(*x4*R9@`A3iCw0a_r6+SK zpUuzw7vJ_#Pl#U$yeIouXtpdh%?%En;uMA)nXSn?U5btXY#g4>1%DOV-K^Q2@OCqMyqva=&-nKbr^%glM!l_-VP8EUc^{M1x z5g-J9#M4AFfsq#HN}h8fC{6qr0`Cj|NvU+7_@ z-dbGQ7@Ag;d17m62>$?G6LPFS57ZG{)iyOb%}(AD(ur679#tsAALrV>9r)egn>|az z8nwdP+>a3HQZ?1P$H&?sISm^Q{l7nI;*@m*^C#jzg7jY#X;&T?mfqk&emvVeH_EdS z++znh`q%QA`&@h&m*FSH?QT_g?KJ!5B*LJ9=L7Q->BcL1O4^COhs($2K!rjaWFJvk zt-H#3B0{jnaCzpsPDzlf6$PVv8_&oT+EO$xs{#w@-lPMti707jHDYfWA4h6Z#Tc?aN%Cbo3C4D} zyj@Y+9sPd_;hO4gbNERA0D|Ct#8>|Svrp|qH^k2ZX$pQD z_>~_1)Zm2P?Y>o483$=#aCrfReja$92E0gbLkH(B2Rn%Osf+h)MAuT^gmpKKu5HMS z10FtcllXpB^q+$KNY=U<>DEge7g;SFgrAkY{{TwHqUtEb^zBUMg`kNa?2 zZ&qf=W&))n_F(ZNczN|*8&|lA>?LAt zLXVwX4ut2XO?~ZSIK5PzQ@7ODtZ`H>u#6#%Lhj`LHIoI1F6*&S79^Z^^`_2d&6_A8 zwq{uim(B(UQ(dLCs*6-JhgK&aH>DO4(daOLXC#jk;WM8~(reiDDIB3phQP->Q{@t5 zy0)KnVF*bPS=mDlG7Wg1xcbcQ!qVDzDEoNeVAZIylueBj!PDF{X6AVV4jV1^b6$$N zWv+{-!3(%WS3fp-lU7@%W!}RSGPIkrj5lY!Qk|0W%%zx&%&qD7s4Suc-%-{75Qon>k}=1<+&> zobf>7^*YA5hVs>I{4A#&dK!1x78n6g+q;iSOxVJ{Ytmtg2t2qLa^KdUd8I=R zoXI`hs<_|xj&t>_)WGNUIW);EEN&x}o@Dt*VfTIW`PS!#T}-IOnc+Mhdsd=s)YPDs zV(+F2CuMxb2Ue)!pIVZ_dyB?+u9<<`oRvN5lv$jlV8yB2X_L(*;QLQryb9{HPZOr6 zrM1LX(px&QjnMT6+O$#bE@9S@Ca3nBdy-=tSc9HP?NZrmR=ygFD@R!_7aqUPmm(@N z=vlMzhlX`|Zfx}zmfBXpjAH{i?rW~T@Xe(52_1=9QHD-Nc&bscp`oGaNuk=wE5;-- zeBl28ckrn1^{BOLb`i%C1{vRsW{GSElj^ob%kmY$&mHTTw7Gbk#<8|?dWysj?A(8& z#f*9?#6%m^&G5c4WNH( zTCL5g6A|5t6Q*)H)HTo!mdYo!j^gqcNtz+Q9Wz~KjpLn5R!DDI zSrQdezbNfUxT6kTBTVszw|S`Bc`YzzX&3vX_27MJf8h|Ez9wE}w$!Crw zfzB3i69PJx1E(8>QJAxcSqNX{0+IgEfRNA-EDsN{o+6ivIvwgGsa(3p{AW zbByz!dIU>tKCQ3m(a*nSx^X5>6n=k7# z>K1+}w$bfv<{){)D}pj}K~db~wK>;S)!$j3N1kc1yLa$cNo5o|d~#h&9`sS2`06R# z=!w$9W2I}*J=N{RcG_@UJAsnFhpl|ot!cLr&v69I*IIf=N;U}vI}#`=$6KR#vfE72 z_NwA&haH z*IlJ+RyL~k^T^161}7b9sIvK6IvDj05>x`t=XB5affxhzsy;68?zeTPY4PaNDkPGl zI=b+{9!5n{rfnK#rTwCKBGXH_h(z}?{{XDma%1htu1Cc>+G|rn%N$B^)l?`a=qdX! zJv>xHCnPNeVrxk)#okZFy#~*;`1v6cSZWuldDwnx2_!saZpaM2Y|yBc&$nZBKKT zmfmq|Bo@+n5-Ih_q;E3jC~ak6uC=9Fb~Q>xMYEfhK|%|4*<%G=0x>A)u+$XAxx zXgBg$O>yTls?6$lbGzm>Kr+(i>Iv>*f;KM@!(etbV$$;SSJ`PKK0=&>A?Ru*`UQm5 z{3iCYg|xc+Q3@E4IL~}mu7Z=z8%HE~aC!HxNp2jd?5v#{IYR=4G5|fzWc`Ox)u)Eq z&18~RBz%LDQe0r!OT+pmv8Uf%!Fpa(EayAAsOUeHb~^sErD-!A56_A3Q3myO}fNm4DrF? z=w+Jqo@E3|S>Y7|(s`4v^d$VWW=;aKx(S-(7r+G91mht0>Q2im;0&&2n>71kd1 z-H({StkB~kL5y_zR>i1yJqprjwR?DV9X17qH+;JP0Ce}Q%b6y((QjVTE%Ku0jtd`3 zb}Nw{R~7vFgOfVSta=7q5$tNO_ST!F`IC8bJ<7L59YCPcF}dizAJ*)ARV>yazR7Z- zLivO5XVR<-?MK3BEc{B)i9FWw_MBxhaDOU}LugVs9}sJHSGvrX_BS%fg#3$~g&vhf z{8_1pCWT!fY<#wmG`cxHQ9=8`kXI1%Te>0Ux~4Qs@@rNo{k@g?o${Kx@#z~7PBde@(c#whH6O?YMW ze8pp+v00LI>EGdM(tdtlui|vNM}d4fq(vlG5bBzx%Wz)iZbm)1AC@ZqhvBPD3ijtv zvXWG|mA>SPBvc%I(0X*Q61HI@`pY2jmnXm|sx(t^>eb)g&CAOePwlw0ND5Oq8l5#s$j}YHq z-mSgGnnXU~P&cf=nEYaS#KPb|rNw!&DOcGJ%UcIYe4 zKWV>)z90BMXQOzR!}{XgU%k?uQrORyMJEI0=hSgl^g$WL=y?{EtlMfRvpk+uN2zWq zr}nM9ny`&#M~5L)gHa}H1$1}vT-)i^jXa3%2*3mQjd5{U+iE(D_xACGm<)5(MIf9H zT<~_CYWk*{xAvy$+ssiQQ-VjcsI;XjLh8;eKy&!*|%29(;Qpbj|4{{UXJNb|8hQTJcK?-A+RvDraIKI2y>?St*!i4XUZ~yp zo2Eq<#NUSU+T5E>T_bzPb2+;vX&JvD6*ri#SFnpswgd`Fz5gVSizFr~E+hZk}}2h(?-(F>7=M@${riELc)1r8e!^fTwxVnhW zFBN>L(nP}~o`$$JSy#kbO@+e82H6v1uLp4F`cq3?MOG=dbM&9%hl+j|c+*Aj_l9SM zth_t_00`&VFHvI%WRR&24m#&>=j&e{f5Arn8QNa|0KqN)0Ae4G2g8EP#oig#;?d){ zoNZ`yxeU+^!;FSodvXtMJ7$$ckHC1RFvQ?1<^0d$#HH$_sw;iW{EF~^YnF!UHc3!n zj?>n?Dn*fyBA}76kh!llMIYC6;*=AK-uMSoxA0$x^nVgd;rm^GP_~#!4Ya5jGj!?r z*VVrt?<{^J==y%Ysb1UoYGsN&wlIu2$0TG5?ShXZgGUxIROX9`Dh4+y-)35y)V1(zEsv-5-+Y-XcRT&Z*^-nsSm)m#v$%&y74c9-ph}7WZ&8 zI|>FEKYxz3vu|S%j%b7twoVIU`BySlKV^!sjx^XI)h2sL_NyQb>zd#2zMC$);z@LU zKFzfWZI(NWlmPs(l6n0p*ygRKr-=U8J{It-9w3VU0723J0J1d;FD~IGwqk-v@HZK)pgMt$!lvL znIgI5jP$MOz|y642)WB-cn^v7$JaGQkHuE4r09zgTWJB@xnZ1ObJel<*MWRVvAMeV zaiMF;W**y3)a0~|U^A6G1tz_UQL?f88^yWr_MT%`9VKpOqVh>4^Rid-J5Pc?40Vs~ zjT2thwGpN@*66^Eu+X6+89#xq(hV!dy0?aABSh4^mis$eG@C&$8C)FweR_(Dm94S* z*MpolPOUlPDlKni>DTi)#ki7pRd2cvB#yPMs_8d+w}!R7GRdM##(|z7{TP6Fu1Qq6 z`@Kx6HnK;9cr#VhZEVv_xs4D;#Y*namO&!|y<+CIJ4Gb)~p^imKO*8Sz(e7zc~Es&^$MMHxZxWg$bK^X@MMswb}V=EtzW|cj(+kF}7>u=$&gq{q!@h^zNAhU=vEWayFkO+cC{?1Errh>4g8By90w&Dx zI#(Ns_SjrCkuAh=-r1eF^AzQNwU4FhN?Hh>((UeMpX|`Uk(ZKbNg-8Ka!JP&)Gm6F zg^rWOz7_Egg>?g>_=`c-JU6dwNkyIgyFn>OJP@spwb1xW;5MV<`|TRS@5UCM0=T%G zt6bc`BuJAP8OZ~msI3(SH(5n!aUMVT8}Wrk4-qz<@jJl~vR%P>q_3JW{?u!d zI&wL$EZ6m&S6R0Z_!Gmr*N8REMWl|;OVh1h;^I~Vd#c2Pcgg`L(-qfC3hr{eWNg{; zkL?TK%{#}5{{Rc6hJ)ejdkA3BE-Wr>L^sKC2-@oC;5x8j$UNsY@(!N6uB3TfEK1l; ze)WBJ8QLl*`8}9bl}fUl-Q?SC_iXM{#P&KgN-m~hju5BJcYQ0+e`b#X&+)h8wW14~ zi>)t7QK(Fcx!oY>t^WYmuSN&X;%t79{?$GSyYWxLy+gzLE|X&iiL}o%RI|U?``8%) zZK!_=&i$OV?Q7z1!OsZz+W8ID^pFTH=Pq|n??5CHBWM;$At zlTVveSQa41YJA;=22EI`_Lr72M`a{($g*+3;8h!)IdtjRJmYX2C_kkFI_(*)lg*mu ze@g=nww@s=W@&!_6uks;B_Z z91~YCIBD$lOKoB};f2T&;O|~BTDs=Btm!wliyoCN&9VF9F_IhC6%81;*zK%zrq-hu z(?F>*t_UOU{#A+MT?WVdI(*3-H!1TDdeSoGNcqEE(&m)SDyk5Dunl;Is}00@ilRdz z#f%mQfk8<1p9ktT4WnMzT(!D1Y9tI(C6A_icdsPzSB5P#-Bvs6dzmDP<&2Jwau@0O zRIA*gmFAVF7mjF?%R_(L%(`lOPj~r>CuIYL>V9?w5HTlQcKY8CBRY17d?F zc<+rg`@ae3dLEfA(%an1Hq1QDhtRP6f1NI&t=xZS!5EwD59NgUNz34MKUxHMMy07< zM$p=uhPp?XfH^rN^shkEbonjpuTsh=XVfIOAR%JA3H6{3bHmyurER&jC5qnl<;$of zfGgEL$sL`l+#REQc@xOzIgspWouzQ=2 znV76&E=fPbUPGvOk6*X5w;CPnnn+WLLoZR?NT7VTJo5X-x~BqtI*BIbC@`L~n70bCRZ1M6Oe;q6mPvoWhex1Muh z8z-$Op;+}TSH>55O`4c=_+d+U%CfR`1atV;#JWes-xb?ylHIk=rE{mxa_i(u<&{@= z1ZU7ziX%0CAxalfOTCK*_<#(+g5J2US4F$kBxJX@mg($>+vVh(d-~DHgx!y;J`ng$ zNc3y?t*kC2zLsw_kKb*BKmBU;$^1E|>R;LLU0cB<@C?TLKxAz7&16qLrC)I+sVMiYTb;bxuM~&6KQu=*Gwm~xe@@NedZqE_NwxD zO4DDS`KOhZCK*DUGUMKtIwt35rfL5G*xFPUNh?mOcMantAMz^;#G3Yw(G3$*V{w>X zL_x;ZKA(+4nC^V%sc5o8e7d3+2_MZGjsknvU7(h@xIsEfN#v5fv+GmNTA6ReS~Zo+ z-AuP(5MlPTgX94As5~uWrOs|HEaqGCjunG)RMIU>?e3dN(;-IGE(B1P-c_3z8Sh@{ z;NKBMEQ9Fw;_?{&WH{Uxj1FRYe&>A>~6No18qNb`u=sPrg#s)+HZ(7 zoiA6?f3zZnhzpbR4xG0>m850RhdXF?9y$1PqBWXbcymvK!k~qzJSBY&RvbV5tqUrI#%efjDfFXKfnv*SG zpzSYGiW_MyEZ#3BMH`11A88kNTCJdD znrO=)Dm@KwRyv#Nn(~qup*=ChSzgY{$G+({Hg=K~XrX)ABfu^JDn6&_UZJG;HtOot zCDW}EX}4~Dqp#ywO5-^n7g^j*=GqDFAiRKJ$2tJj${kN&d zq{(X%z_Aq)258irj{C8i+Al*$tq%|J?3#|HcV{L0Lv^@=@(;Pk8L4f2Eo-D{@#@#t z@w|-@agq1G*&g*WT9$de{{V<4)UBEuD`&R58QbOnGwIW{Xz8+EEHDe3mitPs-P!L@ z;#6IVnr^eH=^EYr-lchW9l2~M-}3FpU(Yq$%X_D5c7)u{?5)b2;Ahm-O&WVck&nZy zHA`!iW)T8#LE@(I2Y_s)K*gD*-ID3XJ*y<_XDN=-(mf_8iR4{?a)+KO<&LfWpQzj2 z!m+6b9C4aSGC8^))^#fzpAMZtUITKOX;D)p7uPlN?z!5x`=yWH`U=a{bgfTGyn!N9Kgg^~9OEOW;hOu51uG<(@Y#)CX3n0$ z?k6bHES^{x!wk!|C=zg_E zl8NU!&5B&=L_EetCpZHHReKu?iwPXg7E#1ial*rLHSF&WGckk5zfT~ro#nvL|!9D;Dz5e($kQqx0dY-p~X zbtGS7k`FH8BHP0Z3|4i$j0-Cnr7oiY#1BL3NlBJuYIe~pPalxZPfEqpv`c%NwTA1? zgt#F=80NH$gnHJG;EPQ@+%y-HOD1^*a5{5?RW&UF*G-7rNjw&Ie4Uv2nEh(32Lp2r zoQ&oyn7baeh?loklBz1FSOLLUL)NQ5vL(2@xh^KA==QZ;;$NvBiyxtqqH3?&b%eJ^@mQqGl7y-}o zs5xpr$3OcxYMNwsI;Vs!ri$jySjpce2zEIj5BFLXk(TnRX9zdhyW9T z*wZm`XM>Fz;we^GHkcW5%eS2UYpBySwV4)c!1A~NAU%y%#(vQ3XYo$0rfEk@Y06nh zLj(h<9V?Sh5KVI6t&zg9LQw+l_xG!{#~EsSFN6F+;g*6OCs7xwuf`Dk--c`E&y0Tx zt)uY;#9Dov_Cj3C=6QeX7pUAo^r&&M*G;5+f2!y&Wb;QRG8lq75G&3v>^!;U#N^=R zdE%5>HE%=FJ{97PY!)u=wcxznL?BSB;Ygj~_VYeSa`F@qfR$7E3W`1pW zmJ7`%Rf59i%3EpJ?DE)vS2^rHm9gQScz8?1dKLWg+*t@N1d}5CzHEICPvQ-7o`nrG zKArLRhb?u@9?!&@Eu?o|8`K%(NX(cqfu0}n=qvV<{s?FLS)9`*hHf58~PZjC4QwEdMlEurh$y36sO!1l4}n)Rg8Zk}s!Fp{@+1wd^2htE+` z{vK0v_6u1N%@)X;87~ZlkE;#MS2_2RnG%~1@>#;UH|4&IecKu4O&6&JDW zOBn4vYx~^&j{g8?jRWJ~!S9CtJn*KcW;Jaw6H(GOHYH%d3!7K;DoH;^R zi~b5H`z}TMUH;3yHuz_!y}J1S07XNrcy@P9-f#eu8RIx0k$``Rf4g7jU#;j@-VO04 zx!}!e5HD@7Cx9Fr7FHpK2*|+(vV!-TVaw3-T}IwrH&JJYdai$jU=d!q;T=J*AP3AP zcpMt3LqcAMzFF_M(dN1`hG_7oY2;?OFB0kI>qWas72vtfK?fKejbR88&Uya;hc!!` z2U1C7y$Jv#Y0fsbc{#7u4~H7iy3%y{O3AdqGQ{LJy?StZ9MvV<^k^MC!z!$DCOQ#C z%57w1U8~oQl}9NpnDeeV18U;~y=v=sa|X61@5)tQnQ>Y{^cjqQP+R6xG5@!zJ zkV@mOE3fcOC1jrBLK-zvLXNqu1!KGWe431kk^*CImn8J0zR~5;LVpnT zKC}p}s=t$YAa_Fe836S9*Ee?)-35~jRQga)A{iCE#_+;VxWM37M}H$rZ*IWh*?CfW z&{c|-cM@4$GsC_wkn#^xP}yJVFumeOI<(xe-P}-TGWDF7T7{&hNYXjf7Ga<3PJ-qY zuxLuFNXPGY9@Nar`hEC<=zvHgBavN(mSDS)RirJJ$4ZG5rDLhobek(k#IEYW0LtRL zQ2VcN8ewH1yJUfCt|fmvimIjN+QT{hMxv_gUTI3Ien z5vQeHCDWWVsN?;UjMnAem2Z2e+~kzH{ub;g8r?z{oTb zUJtM1d>=08yP!z2k@;pG*pzuC949* z_l$17fc z8(C^E8eB%ddyvPB=BJp|MWfVw{U1Wpw;1hy)aW+gaz2&i{wCDMr7{R$NK>IJ{6?M8 zYW+@j$`Z4zDq9Vn^|>QUZ7RVCDH&gwj`T`a8PI5&d=p69)lNYtC%rpd((P@ON?aUu z80ae&0(gE)Tlg;EV8Ypy@>d5V>-4Sf4rtN54`FD&R5B?8kGd%r2hhv#u9tc6<5tyM zQe-jRu~lqxfQoVdtq{&xcw=7c)EPHI%u-DXtfx!41tgDMshPjaf>*M zYrCtvV;ibNb&NI+a4REJmfuY>+PuDe?16z+;ZLOohndHHeRHTuXE7)?hQR69*1OFZ z2%x#PySIwtdj|WtE00QJH|MmD;u%^ve5DKdab9t4qTAn3G?QXmbbW+_){BAE&8A*K zqD^h2WTrzDZioEj*Ep70o+g(mC_gqk(gU*5t=bLl@R`1B{KJ}C_^t0Q-w0t*&Idqf z5f}DD!)k68ZQG7EcN8y+=h5tSJ1?-?YAZAb6cUg1ZT;csMF&DWtaz7FRhL1tnV`Cy zd26%yN$-zJ`XfZ}<&Kx63vE+3EN%8nBjDw++m5xgQn5}<;dFlw_-!>AXOT|W0m;Wz z9N<>1_4Hco6IxljG-;6(Z`2I*r(`3>wGCc-Tlp=B4ybTI;0leeKGNrB$c@KNlr0gm zMXftXySS0c83nK#PTmP8xUZ)CKd(U+mt$vo*6kg*|1Y{4!vU3@^Z{iC*E;w!ExQ08o7!jVvy+gse z(6_N-W=pHI`_I^u?Nf3kvCit(*Uzi8#kN~J0>oBcrfp>pf*9a{SWr<*!@d@eR@Jn& zzLg@=#G7T~Irpx&#Cm7ge$yV6cWpeexr{0d=LUml#PZ84YwI~R3GUJ0IV?jC2NhFK zx)*m_0}~UrIPFL!eut`E_(NZ~hQ(vMSaguba3`tbzHlp+()?2sYF9c3lWlWj3l(^? z&g^~e4N{Xu7W^%5r(5bT1=)cTc}dKpBOLLbwEc3=Nwn1NAk$Jft;-#oPD14R)XHTp z#kJFIZY^YCa}0P=yNU0LMoW}(&PiXrj@k9+^sPS?_&Z1OZk)a*x4e=a zdOzK;0~^%#C-AC_tZNok@QcF*h1Il>guk~uDs#M6oxWlAd%4VOQl@hNjjStonhl~A6g5H zYWRP*zvvAbuit29oZszjgWP(tiV+)_VoDo>sr-vZbFXp?lUCcU+ z@yB25SALA6ztG=K7BE=D3c%>NKIWyr)BeK&jpb)-JgL-jhot@9vF0JqFrfA(59zTdy=ZST3;t0goOwV$l?A^%} z9g%^=Y5UAfj}{+2MQmE>@yi6hd%okG5!$nrM2(|Qv4b2^S==|9F8p-jsQ8>ss_4>K z+FsphbGZP?5F6BY#(UQVd`~I+FNYow=2_MvE>zt*8aFnrb^YG&@LhUeiP1b4rRke) zWPL+Wxo6!gT}iusJ$e3Eu7gmAY;mou5hAJiV*`LatHiI3li2?G;a?20+^(929-6;) zuKx3@xA1Jy_%lfH&ZR70*^^!UmRPVu!2BF@_3K!&M`LB;Gj-wfJoc#J;x3;s_Bi6a z>XlnRNuh>ORz-{JyXj-Nzq!)xB2{wE%Mr;0^}y{{t)g4YM4kW}jE3whj%l;L6z#E* zpx#B|bK;vj5cfA4Ybwrwdf;*E$;anVY91f)o`K}atoVNR+d-Ycw7Dv9`RCL1`cy?e zhS8^UQ%_`M^1=Kn-o4@YJV~J5X)h;`&lw2bhqo27FWDX5o#NjUP4Eue;irqQ?Iv9! zRDC``a8(rWq~qv+3i9232DPrQi0&Px)ix?TnaN-V25R})PMM~3)zl%kPb4(R!Gm-) zZdjw$ZSL(OP$v<%+7335I-kn5M?FX#XY709A0GH)S@D0v4Hn|o*F@D6$t=$Jc;#N{ zo}2?;NPf{D3H~2wzY7Cun!9*|#u|&PVEN)gM^a8YVAhH{3Y{xzkAv+r1h9cE@C+(8 zfLpatzwm_jHj6HsFte5>^8r(g^U|=J=ybxBjU88Bxwq5w_+*n3NB6Qbn$+-wsWcP5 zSy|tLX({(6r8DS{hpnX8>J6xB^CWiBD-ef2y?k&6D?j2Nh%bCssoKMIi5xIv$#p!1 z$4b)X4u$nNOFc=gZj2ITcAov~=l=kX_JdOKr-yuCp)IEJ&7l3Tuod2c1H&PW*D#sU0KmD4_$C(s`9i2}ba&i4?<=puh z&~ayoL!sTmwwj8>&k^~uIl!+`(~ZWdr`tW8@y9ks?2eq)N2`LW)6~-OE`qL$WqTM| z0u84gqd67j-Uq%GekqT@diB_`(X~m^&RL{TRWjKP&!#A`^!Q5m*u~cLFBJaIKeQwK z9q|d8WT5`JaYg3~dtIN0nj?mXNfi`3n zBmjTUt$x7xtM+lR_>Dzh_Sq{3`H=?EUdAbo*rR?~U}QFqS1`wzz1PRaXa(xa0CZ#QuGJ zH_`PS3qpp`seX@!UPY*y>*x9;frJ%q=8&ekkXZ@EJ8{KZE4z}n z;I95ho_LeScbdZpq>#!8#s{xz>%1dAl_!BbP2n5caeR|p{i-P2 zlCl6vU=P;4J1ZZ~eZ;OId6FUxBe=sHC5~pyImyHsxWtwZBlCBai|J>O1lD&2r73 zpj1{z$5ZMDL-Dq!XLlk!yq6C)dU zQSsTvEk+I|t)GOT*RA3fw@z5H86*Rs2b>?Euc0Eg(mWBQ!K~_XM4D6xNtN&fqz-`k z)|~d({KFXprD*j(I{q$r$HkuJqKn49H0NNylz~!n5>E2ge!()#UTt zrRA31BgrT0$*w8P`uq+G$6U91rOXh#@$67C*+RLgFMLaWL>89tBdNzEV*~44u5R`| zf)M3K{*&U_?Frl(o(gI<%s9yIW-t8rqNdIVQO8~C>5 zOKeo-af9vjz^-rp3PbxT{6PJXekS;T_UZkKwciSBxAEy0o-(-bzM!gMSk@#L8)5_! z86^h*f*Zdgy-YP5-S$5(@hgjQ8BKasDXYS9sG7C)vT=WY{#QSf{{V|W9z1RPQ+z@3 z2gdIk&7$erpNKBkQkzcE(W0`AjB1~8k1d56C!EzK)8m%kc2(VQR~@U@gnJ*s*t&LR z1%`)zd#%Cd6VzM&D0_Ni@8 zD*5|Z@n4B#@fDV(4f3Uge=1wW9z4<0E$=}d%s5?@?c+1fRePOkp|K364pJ!_J& zxs+XtHwhSH`?TBB2l-HBb-p6Adru8tJ0g`XsOmUkr>P#*Ps83E@D7V>4e$1JQpmso zw*Z2BboHPQM1K`q>ULJvSAq{FEG%OKMb-W7%hby zIqhD%p~jIb-Nj`Fp}kob%wJ+Z&(eTs@>M#emZ}b=0=#U^)1c?2clw3BzNrP8>4>m? z=WDBSHx8sw*jV$+_&>9*&8(+&!u{c%YgXFzXcA6TUL6ohSxkYs&Y=Gj|fcIL@v*jzJyj--Uh| z_&(QIk5rz~FKnW1_VCDq62Gf^R*FW3r^c@Xr^KHPX*zd>bWION)^z7-3vJpaUh03s zzIO1}!;c$5sU?umqecf~y1qfrryc5vlx}za9QcQ4;O`SnqYI0hT}mZrra(G+sTJ$G ze~)|#uHF^2Tk9=Z@T#nbYkG{HYbiv|JR0-FX>+5)XQx|CWJe|2JTdkk zg?Z0>V~bCU=M& zlq4JvTF%8Pea}*V8@9JLpQu<|+uGPhqveTtVUC@1nxm@tU3^EZ*m#faBG*hXe6Z~K znDLXJd{!;8`4HVl!}fO538Iyzv?wsFxY~W|3Sobw-4QHmmNFpNLi3Mr%7~#lXU^Uu zzrL4Ux-i2&$udK2TWls?5ek1V#xw@V| zvhD>G6O|&pQ{i5(;;#W{lU+@zTU^-5ZqfNT`-FlwFXC%nRk5m8(DJP-Sf9hXt@gPw zlKTDTGB(A-FejkJeZS#NcGFU^vAc&&3wppwwojP19Wm|A9HdSsDdVq*NVm6;YOfdw zMgoilKS9NLgLvA>(o4T4XJjK{M!Srj!lF^J%P83TGr{-TKZxyZFQba*NSq>O68Sr^ z$-(Jdhs7TU>OmmX^vLbto#tJ}RmqWa*FTLxN(V{d`Q)~O%T2ntws~WW0_s2>wOhu% zEYfsME=$YH!zHi;4X@MGRVcG~MEPF##yYo%-%!)^>r0qyC43{J6@9+Mb6p+gm3OGv zT3X#|H`cT43Vw2bI?+bPre54E=r(dYW3RP+QShI{EpOnR3Ff<=>g`i|l6XBZYZ-YNH_+s@ zD}eqf)NW-LMQ32_%tjBe6xNn4E#BkLk!|-L4{X;nCdW0Y{7JL6xkz3x@hJcTMooA6 zX0c(d#clQ_MNqln06F^gG>P_Qe-UX?Um?Zp*6+fdpbf&fj}uyI&_NBAmCTNr8{Kkn zG19b%`kWNe>#{|0J;Je6`4qPbeJT@mtZH@(X)1vd0yc)o2mFfC!@omE!x|b&tsLnb zjH8o|aZ_tLSJ>_evkbPtXC!y@pbjqf+3(fEPF6y3k6Ki>Xro^$XZd<4=xYXm*U_~p z$S}{l?__aZMEZ@&M;f>d^J8e~iiZR#GmzHhi)&m4RhK#1y|G-*ojdB68yn0?6yq4h zIL5|z>UyP)nRjKEjpW|Q71R@gK9z-e;hj8Pt zB}v;BuFC3i#?PVN z-s%=s_S=Qd?59QRURif+-YJd~Ze3#!yenig5!$?3R2*e<*soUbXy+R1`xa;*k|kTQ z^Lb?RjMrCZZ*i?n9E!6E52pZE*5N)B+3`5KZtmwyx)1hkq^5hnK30%|j4)S@#CEPV znPa+F!ew7@CcQYb$eHvWk2SLCzi2QU)+k2S<2-O{#5_l(T~8x5%wjXY<=AnzB=xFI z^fNU)J!7ZaTf=Q7#PiNuX(yg5wvWSB*2LZ0Mo~}ABajIr>02N?Usbb!Ym?6#Kb)`k zdm3BI(|dBQBM~Qm!m^VZ31*7VVS&Tf8{z%7q2n8yJ4j-ZVIBwsDH%O0(Ec;{!%Nq7O*>eZQMR+VQ;2-E z*mK*b(!G>Yg0bwOu!Do}jI41QL}bES{kL0<-NtCdK0a01ZEbz90=8 z-s%|+Lf~OX7$2A7Yef`gd!G&JclZ7U)n|^wRi573DV>q+$R}occj;e1{3F$FelhCN z>Bvp=M1a%0oe!Z0nwdtxeF@`l2HSXJO_JK&I_k&<=%r8r9>$~aSA}f6L*WLN{o>Je zc+urM++e8ezwLFX<|W6e<^D3e(R8>igp;)XQ3!jJ&sv8`lS{ck){P)T$=*9v#zZ*S zU0YMrtvs8?5?frulBPbUy?5cJt!wdp(i`NTO%cY{;iN0(Ou!y-p5~@O8kRpg{yy4j z9vAUWt)h)RjL^yf<7opVAFeT9J5Ld~+za8=ax>Arsv{d4Mx$t_0{JYUoyP|}_04_X z`!{&+QIkqO8r1ILwUrYtfy)O$_f9_w=~3uAv+O&6x+hojFgO79_pN9yZsUSzBAQ6I z51R}}=UjE-Tzt=pK00_;P|!UFniAc%_XCVoq{7?ag@BrFS2RB5Ab-FD}Bq zVhj*J#<(V|cG8jWKLor_apEl>R`_dn8sU-EtR>n@^ZXzV`2IqZLGkyBzh~cznis{- z4#w7gCGhS1L?o}}d5Rbo3_FZxinz+sJEG6;C*aq{4-Ed$Uk5%Md~EQvvCXGzI&^Z} z`D2Ku+A)Ap)a+JhR0dET zO8)>5ujjM=3(fl;C&q7r8b9ql;EfI${CnXuZW z=aE|~%<(98CvRUtTb%r*ci#JpF?Gflj)JL}O6<>e?0qW+YXzZVSaRs>gKtrqa-2Gu z7cr6e(~38P=xo`_kw}4eGah>Muh7r0*q#;fwxsNS8hD|h(Dl_+1yN*> z1(Eap(~rX=y=zXI=1IL7(-~a<07n~pts_>^tZ#Iw5`8-2-7f6i8*pgYWB`4+70>E6 zX?1Q(2T0g$ek+Em-4}D?AB*1&&GaoJTlu=Bkdk{@amz=8l+UI=&r1B-_=({yJH(nE zwV_LBw@}}}TG(f4hU1Zg>_$NzxUOPk&*eMz%lIRE@QdO+_mCy7pQYc-6YSeaWpSOy z`q#&I2-^&Bf7#QUBpy-OwlX5GV^6z z_4(=f*ojKV^VM{pXtztkg@Z13`X5iItgj4eZDDlGJjk~;HaBYS+|E)x{{TkT=K14| zf~ziFGuEizYP0Hd&uW5Lq0R~);>AQ&^fGfipHhE1^U0A4Lb(9;ueU#EPl&g78g$+i z)-NV7SfE=rBR*g!kWM>uU6j^_O&@FN>m0GH$mO^P+PBFK23zf0+y33ma|DA z1I*9qR<)h_qQ@dG`In3lkH)o(Y)>|qMJ+?a6WH0=-?SyAb;=YuC$~!OyeSkKeXEr&(fe7+cg?&X=KGOJ^7{+XitN`lhSolezWFA8 zaN0!|o#v7QC>)&D8r@9{Osb{kBc>@>Bj#vZTTise=-4AXpSe}E``tlqv0__toRYla zm5nTp?$1%1TC%uD7c8nu$XH{V?+1kB)_f`r^z&N*zB?gvP_qBoGMAWnej<6)vfFuj);60a)0B3ok>SqPuU0 z8g0ev%@(07G03?J4;cVwoX`iTJ^hhS?90%I2g{HLO7gvTNww5xmq;jOw=On0{x9>2 zrP&hWc6J&khs~y&9lP6r=){L4?jpR4#-1P4^sP$b;xRMZNJNU~kh$$jMaDggeh7x{ z^5#}ABBVqv7;xUgy>QJfrecydMF8`T1xWc$OHz2|#HjnnIXS63Ie%}a-v0n-T^DFq z3d&A?T1(7N$o0q9G@F3;5zhn=x7`fGfn0X47@FSV>ef|k@sN7Z_8fOSglamC&D56C z#!?;Ia&yiNZQJP*S~J{A+tiY9D;8`|bGA*AO0T^}06w2e&Ph>jqg|-@1&Ak(DFLNt z1V$H`K;+|-$g5G1&J3)iDZtHZA22nZQK!vqa2hvUhGq4wZA`z3+k6nm8vX66xC4)B z9Bc+=gpk4Zi&OWM=QZDG@OQ}LplKYxh_#!@u9riK+*+iFcRHyj zIPd5y4@uDVoi9tc^Ilesj^f9u6zpHKJtM-jUg^!jmqUo+tWF&C&c#}2A!-=qS{<%Qbye49RdFU>w`>DT@GsFP}E~+VDe0n zGlcm%jQ6H^hr<`va9e72@I2PCFh`ezgl-0#OpIQoqZj%N98Lh`My{i) zBgU@pe&2O>a1f2mSn-S>@+vD?B}_UH!#Ndx(B3ZRwdi}`wYHK-09i1=k=y*{y35@i zFBz_23K72X9920T3u2wBjV99ZEnQ|#yGvx``U>-DE^cmhU{(>iNe6d&&1%MSTD#xs zTHF@autufZY>o~LW7Jo%_;*UW(4&!FZ#7)}%noyo^m2+y=GEQeT*A?*9$_P;P`A@Y zpjd7#jtKOr8QbVuGeH_CW<+0`)Yc3-UG;|UTb=8 zw>F!pM{%-bSt82hFg?FfT-~mjt=gt1i+!unjTs!49KTsSQG87Drzy=W29S@~C&cKVL#BZrp8Fb!wk-TkiMqAIfn=jm8U z+zWT|!)a-49ieBqZd_-8YMqMCj?&DGo%&+}q|!2HpjzIvc53MV06VezVzp95hSsYBe&Lw$VnV`i0r32gl}~(+Y&STymRH(TV;D| zE|&uUT@>?{zr(guBTK|^&-B0H$w$R=}=GCCSx z3u$YonIct$mdHGUe=1{2=C-SO_ANp?OZ5k)vcq5W!d-uS91(jI-ZFGhVr!s`HSx1hp?n>Yv`8W*;dUQ>^8G< zeMM&L9wgE9S>sq^NZvwsK5_}EaVjyni*e#RYgsLPmx@-CpOEx57Nz3dLg&o2d@#Vl z=tWVyX`Dsu5NdajZkk=_dD_SI^{aOJ6RV#zhqoi|3eHsyigfxT9&J3^-thb2-JhGV zsv6|C0()lCCbozM9$WXE zRLggA@UUH~J&kZx#&k#Y{{RMk9x`kM)qF~IrmX$%g*D{ATb16~=0%W_aBzKUfmAn3 z1~Pr?%&lJM^kyFk7^I@Ck*xYbL}x1G{Wukor|Iu5sR+_xDY#kcUUsJvV7k4@5iE8%T_Ot+R(a^L9z6a8O29M-Up+7Jm;#EPrhdFvbnQJ`b)5u6y>y{hhRr*%RWYg>l&7|@UO<& zN!L6(B>w;~w~%1V0?GVqhF2ZHU=Dhb(9xa-VV^n}x)eEXs<|unYCOyDNuDY2Ui(b& zpNsVkWOyp?UDGbtZTiBTIqEa$bIxnjd~@*v$KoaCk*s)UN7b}n4(Wv3J*~kGqEXZ^ z#s|~dx#b%k#X9cxJh#PKd>1pfiF7M51*(v@cF}@-uUAp&p5Ogyt)|>s--WuhaPXdl zR&Lfi=}ofT?wb~;6t-j_jk`BY``4D~7fAY?+I_(SSmg5Xcnyqn{KY}qk?kK1th8-& z$GSg;wE*To8NX}a?E7n|r)~KI8y6sC_a_3pOIiNjhU_=8I z9lPSGNPf!w3H&_|+aOI&-a`!1FE1OEU_PUo?4gSKJtFoAZZ2;y{$jM#G>y+}n$cD0 zX&Oc>N#?@gj$fr~K^pl1Hs`SwjY*n1O2$WtydQ0;*(0o)9iZ!>TJz3-xg53~cW-7P6UrbH4l;Y! znQLAfuVjY2XpzriFd^?BWXNmMnX|MD@71-Phn}B{{BrE`Zr<@S~0F`WfZY?ENG`hEM z!skEm*T$MZis!nAN7ZfbZQ_wqRNglsC!t)|+8!kMac6C1Z>;!Y5o`N|YlzEk^N!J$ zAB|5kGlJ!j@-?@_S^P`mH_`m5Z0&7Xpp?paXI?n=;MOO_9W5;)v(}OJ4={fC^i~Ih zNzD3;6&p3?SpBO!eQWVQz@G+uL#L&ro+9ww%tA}uzdJ-gP@BHK_1SpsWVzG4F{~Kb zk)emoZ$eYI<5M}d?$1h{8!l7Ozh&PE*?9NkG?!ZMhwl7A;SC2)H&<4%Ia4f>ovG8D ze~7L-{tLO_>t6(TH}(toP2rna^p6ehzM4HfrY*3naIh>-B!cb9^)<;ou75o7Ze{h3 zKg%-P-Za-WyGql4l8ZkjygjDsIxW0btmt202WjHErkhi}(lxle=&jN_X&sr{831%1 z^}w0^Xz8^JBjrC2Y8IFJWwer9&wHrZl3ND^rh6Z3ewF<_{?8sP(L71u?}zvBJkYXe z>2E3%pEO{MocAL&>0!^B%%v`0LxKIE{vOFDhpNw`LFK)|lt~Z#ux`(vZngHW!|(Vg z7l(c)e#PEB_;v9L8T>Kh9VbFQ7@Jp`K_#}NRv#^AR_Y{Rxgh@l7dfupYi@r%_~F6Q z&ocZpsr+=R!TGqiX)E;T{{ZdN`H=X3rrPPT>lQZ`5>Gl@%3+f^^MR8)kJMz>twpBV z6h=r;l6fRon>j6y>Mf@H3CGdCRI(Q6tZ^9Q)$sP5SaxK;HjspU34UnX% z8?bOl=qu%a4o+=Vwt0A7PVSf$eAkijTra}7Y?lu#CJy|LbDq5%%5A5w@`Ed-Ky3;vNF{O?~kLQMS}IDempGe1In0RJT8SBbxQFw9n>0qz@B9 zt~!5Ro(U>5pQUysOGS;~ zxjjXBHJ#c1fbi7?Ljz8a@}$1xShrCMus}2K>sGC2@+FQ&S7lcXh5FYl&tk2$K4JKi zqgywMHBEI^MVjyZU}obZ(01=!_l5i$b>e+O3kK9u$s8TUkNU;OL7!TvN2&QXdCe)b zkEeg)o$w!oqn}oPu|*a{aYC7r;~&btNce;CPVdGSc)Jo?Xfcp1^ukHo{?qfx&-wJJ zBjsgHx2enMwmO!vH`;`8K#V@?92Ek+cf-0JwX#j*g0r)3JbmL_HBWmk!*x0}wnUYL z>I3@Jb6UqRD;gw{50^f?*BwLau=J6rnsu+)mKoI)bJc5=pTnAaUIalLobi#;v9Z%S zO2w@oz&d^2sRElwqE~&H_b0Av!ZpbBs6H>>cxEf9?5_0tsN;4A01ilD`d39Xco^z- zS4Z!+>{am-NWJjxrSPWq`DXDlxAujY<2NhFI3CI?+CDMq8eHC8#-C-n=);K>hesVv zdUT_q^Yetc)sL3q)z62X3(J*`3wRhjjz)IYKZ1TF-uyxMspB6Q_?jDCL&0J>?lB`(0T6K`s0_{gHdE>5x5>X?EJB+;)Zo z^7#T*+CMB;S*Gd`3FfiM^OZpW3iTk*^CuTH+b-!>vaYi|mzM8%;A~ud{PrI8>oDsd z6h0p6I##pcO%uiT`qWdaBrw{$#c(sqwm9Twx>Q;7n5dtj{u__PUl5Es&at6Bo1#k+ z%RDnK86@rq>DIo4@b&Z>OG9I6B1Vn;KA%d}D;^Da^fxZNU3X%awl;SFys89)gS2%Y z%Bfpx8k*a)3z-r!K4k}n7114z1BjAFx|}+u$KUf~uU@t4T4#n$y@-UETsoHp^==yrgPB}kz zhU{Q4Pi!>S>OaniVt9{4qNT{KFhMu2VDqp#9{ zXUy&3j}qHlTU<24+9;*o0w48@o&m2^hUN&Mf3>WeN*;%y#RRsNha+uuZ+RTn^Frob z=WFMvr&w6ecc|J~pp|W%_B$x(J!ms*^;vXw@V=X>Sqph?l&cN9KxSV~Yvhee%E~QL z%4FILk z^HFJ|>5|QBeRi`-4hpv+dF%Qb^t~Te((W3@J4K5F029FL)X-{B@z#K{seLwUNn}^X z%>Co)52a#wcSgKx8P@$LisUg6#1|!i>(Aj(;s>4U`f#*M-BQwh_gywWLDrk$KM?6Q za6BF%NgbT-4;BdeA8NEqhJPxf+;2MGNH17&u~298qq=vF#cshh!HPkz8HN z1-cb10`f(DA>dtSOM=@{vb?u@sNu+fZ26-+a(Lu%Q770BTk#%)qH6vI)qG1MK9R23 zA$XyVJ+aFgj!7NQdh_1~Ur(**w)1Ot)*3{O5O}U+9$Zr}= zg5t);Td4?nLCR-1-N$Z~=NCT?{v_x=J<+ym){Ubq{%@TT7%`5Zk9xjyPE}*s9#N#3(2>kar%Uv9Gk#XDY=Ma!AeyV#7E!T+6AI%%|{D>K0~uumH0eT5v&E|EHunBskhbVQdyX7u zrYjk(OXym$v$b>vPcGsjHmU3Q*OmCwQJ(u+7FHJMwpP&jV{pM{CnWwH)Td%w7s4J2 zg7VViP`b8;^2J!~=MG#RN7B68;x~n@(s8Kh78bTwVC|K2%%1hp2@%e58m-~Bu(s3L zWb=aMm^TAH)yL_#TI^Sg98%rfShEZ&oPk@GnduSuX=1;%l52-aSP2|t5y;~e@17sj zZf#D!BvCfyexRDl zQn}B}ce)3OuI_##i#;0ZGR)po>OtGIl12wWd9SCueQkK!c9jxMEzHnJKXf0ScrEGQ z^sN#`k!Q}nKGZdD3Z|WZ2A?$c#!a^p5^%Zc{VU15Wj?#Bcu|OkDD>|*7JuSWeLZ?p zH?gbm(c_TBw({kZ3dcDh;=YH6!e83jb=I{K#8TCjC4Kzl^cego2Fy#_XqGu6$}4R? z`L8V0JWD@^?QRTl2Z!cPP<+{?Bno?!|iASJ`tCo0>0$%j*9^B^|g()?X)Rt zW>{=qrGJOsv1_4}lIVF2{P&Y;SBEVdAs}u%oO)JHwX06{v8~&(@(2L`02fNa+JrYe z@WTXmQcoipurv8rPvHLm98YI^C5PFbNEz^wDE|OeLPm}!wdtC&U#f4Bj@e#HLfX$k8)3PN}>Y$KRQ*7_AHA#qo2_oBoJLaIzm4>lpJV>U0-R&9Uy=Zt_LAcar zLu!r}gXUu+K9taVGwN>!{5-zZS~k3r+{O@=JvalC`d7w(6!m>ORq@TmzKL;l3^6ga z$Z{jxr<0FzD_Gm1e5l>F)17P+?-@OF-nmUiOT9W%h#p1fE&a-g4AjtdC=9||sKnXE za@FY8Fpf>vju;*%l};If`Kz(gqr1^inB2~_V((p=1UsnzBcbY>of{o%*|h4 z{>cZ-bydzXKb2!a;`Y>GlEZ62B~n)>srRj-t)TR0mfth!pJ=-m@?OsyF!FrDcUNC| ztJrE6d>AJQ1yFlWdOW(O&Cl+C0Ke8yWP)e23z@YmG*6 zaUQRHj^}DCNx23+2Ws`ILzYc>o__kAoci241>}}`qfIUBcsOB^k5lc%aC)>pA=UK@ zO>0cHd&ISn%B>kA%R(?osf@afM^lixk66`jnkTgLFC>%8Mf4t~zWM!=ya@+^bS+;{ ziDbFeE+l4mkp@)t+&-A4DHqDRorlHItX!*VFeS~@F2NjtSgG~Rc#fOm9b)NjH2(m# z$f+7MZS!)6^Q;Wn!RvO{FIrRh^g@htg_XGe zU)HvSj2YKo?ba+^A&M7Rz-C}M{C`SMhBDe|9wQb{s6DmR&zB|fv3g_yTe%|`(|rz) z_ND!uBRU1=#LG!;t|5xtPGs|m^K6#{b=x~h%7a&CdT$FnBGT>7YaCB zj)J?pS!43cWIBR#k=C)R9WFS>TN(cV6g(QfF8F(M9kj&W#NKC?ob6sPN8?|a7k(So ztuFN|D>aQJY5cO1DFJ$C>)h9yQQLF2j1KrPm7?LKpNrOX2_+N{`R7z3Vg zaB;vO*XCX7M)+NfbA~w|*0!a4YI98)j>ig$GAXLeo>@$89lG;c7+89&iy%{weJOMo0^RoO4se+muI?eXWAtwW?MG>{>zu!g5H#?c7!U zLd`XOF6IDkR^dRB5{C|sr*e_+kwlH@v-`mR0D=(y+?M|UwMXp1C&GUjYe_f7?*Nsv zk|~@0BJRj23nBjZ0E~|4Gxw|aD((chf&7I&Q!gBJu3SWa6QakA__IyAn#@lU2f4Q= za*>eB(AVZ4#9s+Eh2jlP!Z_qMGqJd}lz;-e5?M#{{7}xwdpnrE>*ug+1NqnUAE{W+XLWs|-%5?B*~nqIP^4{PT~uE~8B;mQ zVDhoJVg9uOW!6vwW8bxQ!()!5N^1j<&c`go@;eHWAC(90x#VPyYK)Nm@&z$O6%#lk zu4(Xm#H6xk90ekSXl!&5G(@5ZT1<=_41x8lcXn#fE2$B%Kb;2gmqVYAD(@EGFrJwm zD`P>{HJ=RYI#-KyE9mSzN2Sh}c9Z#8V#>hn2hj2{??Kl}T@UWl{t18kTIio1ei8UC z>RX*QZxbT5#k$!_3t8PptLDcfeN%7*kAKF$XuLG~T;67}rQb%{KBU{sAcD5n1BPF3 z^W2)`s&5u{6ULSZ_oV@u1{{UumcDNNu0Lm;5B9qKp1gbTA6>MvlK$e@-}rj&Xt#Zq z?Ezp_x`Wq|&I@(vUUh1G(QzVcss3&M02RI*c!S{Q#BUpXH}PJZsOXxmovKY{_O~M~ z9E!{v1a>&cuNc0M$)C>UNjNy|TPbK~W3TY{h>{mbw;5Y-JpTYH>h+7!sm`-lI@min zc{Ysk{n1L+Im~TN!^?Q)hDCG1>E61(3V6N`3+vWb(MahWm|0Ue3PDtx9mY>(2mA`IX>W2qzGG*JSxBbC4% z4SQF>e;M29cDm-1sk_N_B8H5%IKc-TcBqr+YLR2&KaKSLQ&H0_(6zIc5rF4{YPa^J z+GG>yrK8yY04c~E{VO0i>#-%9D_PGOLP=%n4M7H{ESY#pI`yGBX1d{$W&!xmeaKeF1#(R%x#u7SOdc44(8-^9eNX7f5UA; z2>eF~yYoa6hXm|AeMM%`wa-hsk}E-Q@J6X_Nh|>ARABK%)%>>lc9ksgEM#s9IAC)~ z4sXTU!f3bBL$&U2qhXW;41PbId+&h;nX33k!&bbu3v+RkwBYR+ALBusjQjhYCeu@E z8z+e-UcmANSJf|saIsT{+s;jG&0;xO#a!E6>skwGlMv)Nk{zQMZaV%#ypK|~*7T_4 zhVtF*od!?6Cp1!nW?qx4IG$+UHj*u;ka`+oNpkmsNLi!>v$Jk#bC(#{`iH~*0<-aN zgKgoyvq5$g$m6Fu;=GxBJEC}hRJah$0$!|y{LS}Ir|C{vC5{z-mDAj6mbyj$n{RNYS*4I7;AaP~G!%PoqasF-NMwaTjY(a@ zJc{MD7=GVuE!Iyy-*)4JoFAn&RApl-Jv;1iO7_qsZa!njTCFwtn@^dpqGgzzC+HLFUK?X;NJT{PN@0iLiaC@7dv4MiX^;J7H9{{ipppOt#N>fc=h$LJb@q#x&Z1`v69a&2x=#>&w$Zfc*o$Iu zgVC{5%*SIVP}1gyVNae`{_k*V8ykd+Hg`zD!NADrR~dH^*hLf)TD(!jvLPd!bTzr4 z>DapSFrV)pwPi$C=SQC^Z-$Gs7Vfw!xDa z^*_#oTa|toN1@r+Tf=pEC_<;^J$| z1DEkOuKK>DEv+p70CN`LWNyEORIyRTu^&H9Pg(?#PE7{dYniQLMQJ4IgWjuIcxUWV zm6|Xx*xE$~)b={r?q}1ax3Eh$xPgZ(I1!4}@!qkj=-v&{1%zn@th1DoP{VWd`F{`V zRTOkaT@NCIUcQYMA2r{1UU@a>x*fNdr`_uF+q>SCD->mTUJuRnts=Xc94Cjh3v2C3 zq>|9c%O}jr4i}#P0F`_H0NZq{_nS!45<-g*%*1y+y8i%?S;$A8Hk*BKsx^vCt!|C8 za5>%h*H>?=>HZtPv(uUxXK9}VsLo05YC!f|J2(N3LUEPJ1NdqW5H0=AnJgAgfslN@ z)ElW>^4n;xwYa?fUBg^OgvZ{_IN;Xe#SFk9 z=8h*nCWWfpUtCQKgANAO>9qRQ__Z+;9V+33l8zs^{0(B&id6dzmhhyjZyGA_2sV$$mN%!_u4c6p?6 zk~>l~FX-BA8Z@&Dzb@({kfWt>y7lbxYAa);K=4NH3pn{zd8>fzZdk{s+sk)lsb9f5 z#ttNp?zycCS?wAIwTQ;hjNp!s%XjQywBv1yMw?rE=b-n=yq`5>H5Z>d1I;DCFj~8^2lyB^Vj_P)(l=B zeKJ_y3%N~#C{;pwVwbcwP&x@OKGSR?-ha9Wy?Mup{61}GgtUTeu5r)GYFy1@9c*V< z!Q?9aq$BNYsRN~G&f@as7KsrsFi7uNO0Bm&JPu!15m8d37b!iGS8wEqyxS`oNsy}X z_|_Jo;>lIo*3}9j@1C{iSH;^ze_wb%^n9!Bp_ylKN()s@?%uZN=$Bh=`rB0Up=-Om zypk98^{T5NS(#+qs(2YSf?Od** z>CwX-6`WtW+z=}D!5wR#)FX}=puUVwSsUg>LfQNP&1T6_;6Y3-UeMCQ=Sx-6!PO%@4+J<=e>7PJPch%mCpg!yenZXzNc%fS_HBY zxH1*!06f;0{1t9nT{Gb){1b!2*H=?r_?@)tiI;f!;Tjd(YAU6&t5sLuZ}(? z&}@D^16UMldep`>b&>S;PjYVr`H9IFgu6ZqCF^l8IWm+>vB z)FIP#3k&0Es@uth*u)*Ds5tFjo#A`!MlXk2*M{X5vcYjMlIk<}?mC`5v;65sHadAq zdL5*8kHjK4_K~!YyIU71$!9!(90Ax>7UIr62)u;?5JF_1#PeIRN`+Ox*l~lC-jt)z zIdr+PXBcuGX52afjO15`YuX*pg?veAU8~058ru~Hh%M9+ahDO%I;H<(J2~$$P7BxbeS%J}lL=PZer9&4#6O45sbUZHI{fV~me#{j&HY z`$YJH{U`9=yq33Cq9D-CDLalv3iIiY)}l2Iy17(r+Bh#8X3joX#NrL$HLp4eh3y@aR_Hg7-b(Lx2Hd)Z5BtfaY*@R#C{#J@t216Zvp7H z5owx}{`x7}O^OU-a9_lXS5-fcG|hM6){m!LMs)jy2^G^y;Y4yrl)|5L{VAO;w=S|j zPk&)Q2Y5P72FG0ZeenxMviP;FBv!X}7szCVqDeRhALo(j&*rE67VqLGh`eR{VEi-q zb>bUqIVbRUhh)5as2efOEyfopy;mDCgU?!WOWC*S`k%*q7nsX8@kL`_!x>adwV_T? zi}|g6PtA=A@h+iOa(v;z_pYiqEo9#fznIV4 zKjDXmJ`wo0#=i$X5csoK@vnm|Zd5hIlPOE1gSZx7m6=Z&9ZhspR!8!$g&rc}IFE_3 zS!`*qs?bfwOI=j0zTWoh$#p(D^5xJjtYMlrwM&S>gLuGY9B^yZH2(lK?V%{AAaltV#j-lZg@CZee*@mVxJJsy`P-bz zrYjXX)t%)w+x2ee&KhTgH6I)6P#s3{;t1AZJ53+WAsIXl-RtPT7kE>{>ES72bhikA zM!An`usP(P%DHhBZK3@|;AaU_h7MVUNc+=mFYvGPci*wV_))Fmxqw=!WmNLEhQM5O z;=Q8EX(dH1!2ooxE~P{IGY^JQS{ruI$O9`WB!Wd(lKcBTo={cgPJr~ybGB9@T&bhT z;L-KJ7;2h}URt8tMv}-Gm<)v-hrMx=UnYkhiF+-X()9~hbS};J{XM#WO0_#5o@O|E z$@!ic@ef`2f#WY2-s*aGxp6+0>Z=u?BWOMU0Htwu-WKuS_KX^as{l6J_U%EOkMC#k zsGVcQj#}jIdrhULTC9+0-XN1liss7scMmRTTsp`PBLsJ@c}nNGPK!jh zcN<+)uN@DyQM`pBSgsJN{MgB;G@LZh>aDEa-U#K2;g#?hGXDSxuZey?_;*pzJ}v3K zBe0z=t#uoCu9o8`b4?k^R{HZ>(r1Z@r*wU7@YCWn{x0#Kg*vJ6cTqq{ zYk3sm&?xM2oO{>qfBY;z1K#{Px$!TJHQQ@16lGE?W*Cy^3&{iA=kl*koR2r^tD*2u z#XD~q`2HAENzpGf-wE6jt|IwoK7{`Op7rwI?Gf<~581=^bn&i}GwQl-x2xF8W26{y zxX9U74o@SfKb>~b*F)6IG4wE)8kOq1C`M9#iCv%1Hj{64Z>QPVG=_InK4gUQ&Uq*E zHPY!&Nf(zj%Eqj}dGU?Hy~+sx03&P7pGW@9UK+6R@5Vg|MT}RLdPz6;5)}-C9Rq&9 zjefblyLo>(k~>RKpyULJK#Tp}IIim+7AC8?j}^C-aM7eJkvS|+_kOj}XnGw<~arXLcvuVu(4fCJ6 zLC0#S%I6zqciC<1t(qwy1(%#2yi&oe-(T&qv}RRe2Q@}g+{p1JjjdQ*m?vK?hX*G) zt6mtf`z^ysJ2I)xaCxBTncw-g{{UlP97nmawDF&M=Wb<&+HpO@NU?!aD4f#Vs@^EI zn&~1y`xk?s;;S?3`f@hLQ6xo3!&f^VLb zcCnZrv=zuZe)06J42-W3Ttjbds9LCHW6`@UdG?v9zL_))m25E1M+UAjxp7COYF<6J zx>ziBNejB?js|KwE1OB9VIv1|fLBmx^o_D|0MNpfha*{{Twj zqO-KWwVYw3z{71c85>p_e}=S;4oPn#xm&%!LJ~dOi9GJ_ShpW$wSsL<%1lmYx-#UNcE~I-&j8Oq0hI;16crD0_buC8^Wqxxr}JHtiG_$a|KCi=O0Wu_D?6<_Tbunp;y7ECUHDRcF+mYH z>)i|O205jXUw__UI#ufr4&2)L6APl2LjWKnECmLf+8&c$X-(zH;g%*swMe;(D@cvjxiOVA>TBD=J?k+-@(01R|K;LusXd{EZ(8~Z3U zZ4T~TcTsddYJma74V+_jcU~5^()3LyMzWI5C7hyxx%VHX0Ck$x&)GF1+HH}U79k|f zpOt^kYJUlM_VY~CZ!Zp$745iPjT-^Dk5%`qYzNT38~FbKqIk`hOqWi)wSv!VazgNo zBna{XihCNh{j_f8FaW-5eAx@@@7jYINbC|@8yzjJ<(@W{ zK*R&pPpx=r*JBPIH{nyk9)wtZl8QwrJQ5%syB8R|VpYdfwMqo)?1P-eV_&ipo*34qBeW z;LT@Mw(!oM1=Mkf5sM>W7Hs<0m-ymq+l@%vJ+d2MgsEORAO5P^E1{fabLN(PZ^YNr zEtRvW1gKtvAoTq!(>y1o%ct8UnxqUaQyY^Q8Sh)iV_3Zd#a9+>b7OU3aT&SJJf(Ax zdSKS}n}6a7e3N@_*0Cb|=m*~PteYIHXv^XIUlqnK9vKyrE0e()t-ts~TTjz%G}|0o zZ9B_t8=U$QYD}C=%>&`ri99{xrPlSB#kzncwgC#Xqp@S$SFgUau1~GUszrC?+C~AE zB7lZI$MUO-Lq^j!jjrk1hub9*Jgx_lSAp;R{{TARJV)S!*EGrWZ7|7f3jBlsc91&b zrB^pYWh8Pw7WiX%;4LEJ^4{(n+t!eYOAr}}=QyoRBgPjO5NZ|**LHFV0!IT$qDnT(Z=3&7eFzP6@MIW36< zIbH|{+P!AY`tnr0YrW~h?IWP+MZTm(quQAfgSPUR9FgDk zHIXrAU7~4;6tT~HADAReB956o{DL&Yh`J0tp5OM zmj#0<$S3?Ogz&bhtAA`8IFW5*EH<_?ob~po1Jw2AxSH2wk+U+4{m#9*S7q?ONxQd8 ztIhJltMe*IIbcUX4LbqtZQ>iPGfg(r%_XdFmS3A09`)qP94Y0 zqoMpeS2Lonbt>&?bGPt+gq5u1d#yN6coawq4p-dQrfFUpj{XUS$_QKdSoI^&*7T{{ zLz=Aac^<3qyI9oxOC!S*9WprgvnmV|pIYrLJQ+2&*~pcljx{^E;8$!>!!(X}TZd23 z^<{H+6#Mp-BiFdD&Mjiv_e`5Qgpte>JWH^Q2wq=u82AOj= z?j32R{sKPkD_CUeL zJt`qP0nTe47=q^An%S5x-X9qi$qPi&qeYH2^M}mMpS%aPbVj9ye@PmT!;4){!K>jn zwibF=iBtvS%L6#a(!L4tyeaVK#IX2!HIj6JgvyQ!Z;YM~(Zri z>epg-iJO0vqyjsT5BSz8@hfSUzEzNGSQu;}kKPCPPpxvPSVJ`3Rw-`o&Acr4q0~jN zV1jY#ee3iG;T@K_2Y@fG+BQ_Rgvisfk(OWw^Q&({WV;xC0`WhK-Yd@!_=an3QM}N9 zcNoN~PDdE+(!5vVw04>=j;}1Ntp=SVz>`X;{0+e5et(r`B)S;XeT=;mRaOlt4;A5*5kt3#80Z}_mQkyCUda> z9YC+n?~h*&?L0H%ZAu*)1O1p7ubhdsK^~%lcX5&f3?F<~kBFsr zq1QoJ@NW_Lmh;4`4BFX|ub@E^yoWmwakP4LuUYtE;+rjY#(#%ey~Kn{hFc~JpDopT z4?uI$qMbV({O2Fx?-%%o;8(=I2z*b_Ze`N-Z4+0H`Q=@~$|LS0k5DmR=mGG1;~#?m z0BEm*o&fmk;N3Y4-G9S(c6x`0^*dC) zv6=@Cg&b!JM+6MhqUxF7pk z3|?6fc-pxvzlh`WuQsNd5`KSppFp+oexG-uNVf3W>UQQ0()_C&xZ^&DJbos>l|S3B z;9jZlpW;@fJ+7M_j-1mlxV8vzp6}Mh+w1>lr^b z1$vQ{j!LmEtV&1j&*Xa5IUna>aB=+WV~wG!`_NrVsRsm5kU0#oo`XDfpw)?}acH_5kueuU)ue8RbEM?%CTNI4`Ynh zpW1J%LoKAyi`W~?x8odlAJVwytj8&6e%hTYS&k}lR1qzn63(z+MxC| z?A{vF&Y?7LE*f_qE>1IAH`SOkUsuv6hs<0n5J($(8uLrL1-ZYC*p#?JLga8eRl;2a zeZBiIc$RMtTU>ZnQw``RbP^Z;09KrwW9wgd=y%gU{iZioi*9j_2j^OdTHymmfHItLD|0lCJ5=yx z)z$RZ5YHY?9md>{eQVToPY0!igX$L1qszAvFyM>|nQU(#GnTd0wC!J2j^5)-g7ygK z1jys&MpKLr*Pm*?@g7?tdujcd613?Wk`EhL^{j!Oe)p1yUKT*oIr&(gp4FjY0rEs} z51+0Ft!WO%Q!Rxnwd7C=`u_kb*td}+DY3>fIIW{DhG$VL+pU~&Btl6;@>hauc|on?rpEL>_XHF2bC7BcGB~U?f4A5&#}nszsK!sdG|>4O)7bd2 z^v@96kFi>`8?hok@e1wreNV!vo4dRPl?xFcJ5CM(qn!(to=+C7qsw&g!#X9jip!mx zbl_sS=C-!7x?9)_#c&j^RB?k#nLPsKh}d1*+{fkwLWd;tlZwpnewPKTw?0(BPFMw1 z9Anr~?8}V$GXDUG{0R)&#kKwA(|J;$^D;Q&J%2M^qL-GsMuQ!$op)%eknPwTy$&fO zPFtR9X=072&9A-bci|mL=rVd%uZ%oJVI8%!8f%#yk0g$9?^(;pq>Rl!T)mC$<-)i^ z3geBn=^C$wlg5x*86GilHxe^{2>0TnTa=nd%JNv;==#OwwBB386s)bVXCNK{{40M$ z7H_Mi)McUs=V=|NuxNb<-Y2@6*=#hz_Ezi_Ps};Mubq5Zr0QCJyQqDhw z$*MCpyfqXpY_UkHt^p@^71LT===N7WWP&G{DF-Km^q?$Q{@l|(%4E7mSqLF(&L`Gi zQN5BID9%$Oo-_2I2WXd<+Fjg%(2e;<=b-ehyB3ChRzJ6=$j$PSdKv(;;(b%i)sj1D zB?%gUeshjJtI+%l;w?D%cf^)gHqpy{GNQvH4q_nWk@cVsgTwNN*$u;_vf~WIaMhdQ zn-AVkHM!j91OPCifopRcOpY7IST52y*zis|ir_p~sDEU5h*&_E31zr^*!f63s2RBS zQ)9YnPDQ zNbx|sE)P9_S_{rG@Dh%ykTIrGtJsU%5 zui0$pViiMhNjL(XfaNbCb%IG^mCV3rj`Zyg$5Po1)H1|`wq*ynq%+=hh#oyP!jkN( zxG){*bgf)?jjpZdwtqU@?O+Bvdeq7{H#6>h2@U1U)7@M%MT~_D%2qwDiDRb6JIZ8} zZy@HEvo(rGD}Uk}4Mr=Ac&ri&ggD*?3ku1xxE7lq8&$FfM_krpl&ow$+{{;F9pmov zT&2t!#Mg1iC1sR07 zN1FJQL#66g^Xb-!JKadFEQH{%Y}a*dqv{&{l-4t{!(bqJPnd8Rg(m~l{{W3R%I1)P z;I_8<<(8SMX|^_3QzQ)S8;)6*C#R+=_kp$8%j;3=H+L4&q+~!_oyP-$Jv!Cdn{qRq z)U_Q>_Tu2Z*fynnuoRFFJ#$jpBS4Wt3*|rqCp0lMZJknCfP6&}Zu&$z4=5F6gb~NNU?ON{Y zOQ`Wm;>K8CuMRRd90pr{9?HR8l*R{F4Noj4N$pZ^yxD6P`@nnC1tsx$! z&_(Gy3#i3)98pH1P!#0zwAZvjXK@v+yccMTwL%?~rlXsy zX&p1c&uYn|XvW8rUt3Kcr8U-{3nLS>5V<60q5W%S^Tp3@E$!~3^6nvv=D^1OPwQA4 zMkjL?rENBaZ+w8Pk}gX3#dz+_PHBYs>kWgeA)1Re;88+q^aQ zg^3_@mnoCYVl!&)&oE6iQYV-coF4wwhv0oO<62{-{{UvkX>jb!`xt!3u4xF$@lCwY zUNw{$+L;@NV_Y*@NUOHt%E&*8t_HAON;bM&@$Px2GoWM19RWQnr_(fcfu#NVo#Y+9 zm8qqT#nj%$<#g+49#;$VF&?~DPN-puB5s^JGZD{fiJB;PIlVU0))aW-P^-AH1Kie5 zuc9^0%F6}8j@U2Gq;)y0?pj8Uw9)8#0)2+$$t;8;ZGU0gwQ?WulcmLqTHH1j20CXa z-jSptScg~$kj9EOj_NwsK_2~50}++bbk8-ErgX-WY?|_D0Q^7$zch#;K+7bn&hFL9 zYF;6V?2oh!@)OlXa@EA7e$U~@gP8pGYNVI5q5REn{uS5PW%wNI+Qew>wR4Wfs)?>A zCPa51PBC6pY*Utp_eTVHW0mBz;~XV4=9aR0$@kaKva<3YVFA?cmeMgK_b2WmjFvu? z$oPl*V@bT7F1$0Z!yH*=nXS&i2YlBAsyC_nwH!MxcvHl>UcGA|u%0QI4$?v7A8}fD zcFFdr;d6&Q2dSu&)bwb?)BeSo0Fu^bS+F{eDwX})*`F%-q)(Bxk3&*=RMnP;ccI56cdaH~%G8M?oPZ2Ur+dkxka zg|qL1;xmR*{Qm&`Rqq}J_}Stu7f#dsE#h-?a`0RaChjQCULb#qAFX#%t7F5&;g8h6 zgPs9{_MFqTjTgfj&WjD?8f#ok(=q+h^yhCmHTjqOdi+^`j6bxkgj#Lwz5f7%yb+;8 z;k`ALaIYxOog)4tZ_#V2X{vnhX6^S|{LhhuReaVscE5t0zH;|h;NSF*1=3w6v?(A) zgp4p@!L4sMWE)T?lDRx^7wKMAS#&>5!(sF+*-U3-nTXlzo}#7KpqEy#{?C%`NZ}tc zj>>&Ntdp_m#)XbgPq}*wgoa1*0-SwuTD~g0cku1q)CkvRFW-4<$zlg;PF)QZBggc) z8s>8$Lkqdi(mGeOXzGxmWg*W%X&NXIP3FZp`#PDR-InK&DqD;A?h)-Ga}u7Q^~GqS zHyaYRo}$>{dG@YkiPq@G5bYcidR1~0C84tw-`OU%5{6<}ZNTqGj%>!YqT9(6ui9X8 zUNFBiE9T!5x9F*bFZt4*!i4$?0%j6EZ^~KPX58Y(zMN2O}>m7%b;~tRpq_9SDov>u^+*G zetEyLbsc}gm*U{NO=v?VGt*~4D!rA@j+Qw>e6OK+b!^~2i#+9j5V*yyK%uDhn|(oRt`EI)(aIH zlDgdRpM>A>EY;?_)VwwD+g`BMz9ig9CxF3R}wR^ zLD2?DJ4az$btk2f@_rq7O@qlX&mB#cx~}0;jo! zB*yEAhdnon+8YsE^4}b4vBPesJ4f)%-KCtmJW|Cx-g4!bDbCaD{{Yvn+0?Q>49K`ju49Xa8jAS3^h>Kf zvd+^?i&wb2()75rc%&zC#mF3E8Lo=%%G&_)>UUz5q{z;Tl z!Qr8XqZ>vl%lhv3XMvqOcz02{wYUa5xK8r8!2stO{Ed2Uhj;e7NN(dlx<9RX(wXi! zq>jQTa)S<4+oANXdh%#3Z){+_63ZOYh|7VH3G8V(TXV_AOGA|SiKveXHlc44J+X>K z5y%^c^&iTQEvOk5l5v@1c^13^j|9% z`A{!UO49K+!R=qi-UZb!?d~n^*2>v$p_m-`exM&;YPh=|Woie-nhvSs?}a`sgTxv- zPp9h8HsLM0ZjOF>k?UWr{{R4Vj}d%AlS%lG@f%mX*6%MQV`l*yVYhBSho*C%%DSmZ z?0HoqZBhD$x{rl?C8KFq-YC}eO+LyvjD|IlOpa7^+AH~}{{Vui{B-zf@l#&#rk&y4 zBgByE5MAzxOboCx^OxPw{uS@xBYRx@tHqqkt{;c-Gmh-rWh6MB#?ovnj&xwVueuI9-_Ew%1_+2-Rzq3-`RMd3`vzBPa?eGJQ zzsUY|`U_(mNMc~f5&CniY z8O3OMbvqpe<(JzWMR=QtInFpDpuf=*$d2mJMI3ytH*=q*30TFu9Ls4ETlte-q^wty z^sFV*5_{NgG;6a9q@qRuWMFj!Q!pu^)4If8FiUA^_05Qqk@6B%$cQ*qP)1nbF&_0Csgq&eBk?@&_)${cYiwMS zvSekVBj53_Ht?;j)$PjJ{jI{eB(olwG+As+qu9#vgIwI}(s)`RM35*2n?JlHoWIDdxTA@Me$twC+9>+N@Fs1uQ&EcM1cIjuj8IyS8|w)Y-ncRF&$&zR&n>D&q~ zUn)Jr_IEl!@O_Lo&_{8pTaBJ(?2xCNe=7Q#7%U+z!c z#>#t{WiZ)Tpdk`P1(Gw!8S9>F$9x;${{V-6GD|IDJ5wy^?Htp};O#l;qo}4!c05z! z?}xP=2gRCcv4(H#iCuQd5G{-x;Qkq}M7#K(9hACy>h>~Ar78$SpLF9L5BW40$z19# z{9&Z{XTukMFVmqDMws%WI49=rN2PPV8@;pf(l(^fCB$)^&R38D{!|%zGmY^srDCrp zmuAS5s}|Y^0A{eRwHx-)F4s+9FJlJ;jo3d*2BX})r}&+w(j&RLgKYj@=?NrrisbJu zZZ811l!x1v3cbhp&{1YPEiY8Ivz{lqiu-;@$O=cM4SGhCCDpxz`fZ$^N11}eCUQjt zDPKls#UF@E$hMcOX>dV1-29|q)2?mrg`{Hoc^Pq?;j$0V&{Og_>)#GVc`A)AXwmXs zLyTvR|nj`ICFvlEco@g9dc@P9i;bm7B_3DX^USEHsbcmpY-&{YQh)l=O_Q0p?*(#Gc4;1*O?@@%koH1LpJC`bXWy!%c<=P*M^({A3 z2T;39*z@xl2LNZM6!}f#Ncz@0&kmmmzllz#X==(hd0FFcv92~PXG_)ev3in8DoApK z^fj4Ik(PBED;6&6_GQjN1F5ev@h1ImR+9SGNv8}|WS9^_fO+HBtwV;U6Q<90k5kYz zO&ZqMOOoRH+2B=nnMU}Wb=%E(N5m~kWYghDSuS+uVEdPbQ`~30S&u6*d?y~2EC$j$ zcrEwk(n&I;A4+`M^|gi6c9)P%IvlBBI(Dk&dm2XlMt{N)qulEDI>oiTliF_IEK0|4 zY<21FUfE}&MXWiB+R|rH4!>#bp~> zMo&y*@~P%ybjZ(yS3-^!SqJYj+gtB9y)0U7+s`Rj_rQuBik^#{e_GZuxsg4#n`JY+ znt~RI4sn{}Wwz4=#O|vaOOi+n)KvmJ)_)nSTB2!@qy3$wF|z~59nD?VZFILY2^Az~ z18Zj;Xum^P%K9-Z(jN|Jm-?c{e5gTuVqnX|dbb>dOq4@NAuekV5C7uKxGKmfHQPzLxgwCQP=~ z1nxNgD$J!Tv&nT>?PNDPG?r3*qApfK2;~0&K9ubO7$#mB8-jk7dr!U5?XQzeTiD)g3@>&*->p|6T)oUc9N$>mYK>tn z$NF4K7$Xh<>CJhyzm4A4RCw<%BQ}0s(H1`EJ*hZ$F=*Y?r0Jc;UjOA;~cAExulM|ZJY+7 zreT8HKU|}EDG_o@+)}LXv#;T_;2EFjx=kF*N)0Wbt=~LoIB&`UMnZWcGfRvg?sH^PX4y=CE{0>~x5xx4Z;gleh1E?@#AW{S1sv zOGAd@@=M5NZ!hm*j~TAV!P-UFmn%m+W-s-bC#HQVGL%lMUNgQIQ%qnAnSujfx!q?3{Ik`{xNUtYtMQ?Kd0Kh(6=DKP2FmgR7!dKTihK$JJqKs!| z@8QR#W?jc~_Nj?sLz(sb!9x2$2hKWIWf1| zgpoXQtecevc7ykay>{Lf@g;_#wI$yaydlEpaP+K{0yo(fd}i9-nKD{vwv){pwi`VP z5!8N_=hrqj+H4a|e$oA?w!<3|8GW#7)NE{z>8DM(@qO}JTHncSGot}Y2Gf5%g=_{gf|l8mW&<-eZRxnz1dFZnHQ~@@$RLm-A8ojBw!fxw*hM$=#c8S zP)+7Y`y>(&I~toBBTB|3wecOa$gZf48|BZIJ+N+W`9><=Q4hC*1>{rlyIVIiwrLEM>1V!-D0g$8D6)%f)Eo#S7mq9Nr?W&=8 z=8PSu{0=cfrpfkan%S#7%>FD@hGE_+Ok=&Ek zrS5K-`DNp2(p$Yq!D5LDz9JDf81L)vUSX(Oyo+u#z7$|idt$01I?spRET6*uE7SFB za?pSUxgg_)U^(`$)?WqdYpUs~bvO@%7%F(iDuDF6ORpyigdY5!mC1ZV(C$1>q2EuZ zx(#6y_efNo-~*cDs;*pQesK7UPSqp2z1;>lKYOB(PDN$-U&Kel+Q-|ag{MHHY>05t zusQu}Bd!kT)V?9m?fh?VqWGgumd0CsKn1vbZV13~htTvtjefj;!4dxeXpKAJpT@5f z{>T0|@e_Z-Ij*q0&?1(7%N)uw%9;D1;~_^=TF0?mx>)|I{{XYwO1`?W)C&30Hs5bz zKSN(cd^^?CTGC{;Ymp?ezRta?BPpZLJ~3&7OwzT3soBA*cuP`&wEb4mqYje7>PA^e z!NyP2WOuLgdlQcvZpFpM$IIOCe=i@A)^1k(xd9S9#zlt!iFe<~Jzpmzfv^|dr& zMH-R_0GxGh)ig|FZz>X92j9u-R$~>Y_@xaXSyUtc0Ce?HSErC2h@_RE?S_Txi)(#P zN}o(IEZfxW3@`!h^fmpkf5E+9w(h0z)8JkA?91b=M$`Tl4}lgn(t)_$J@%e>8s=8z8J`B{CBm?Ao=+L8tJCjoIpmsP z48b;r3hU{bN0p0%8nTw-Z(%{KBtY$P4Cxia#}YFD4^nGDF2~|P7p4sdL}hZ+_H#&! zcVQyOt6Qm((cd^%7$c{+75%vX0KqDMYzt4?6X5rTd?$Bt7Lnq#v4YO+RsR5WYp6oF zS5i;PBvFH&so=kG6q{9kJ|wwZbvhU~$59P=E5jN{*r*1a26w)5c^)@%jj zCvtPcsqI`fB5iFCF8IyxKf*t>hrzEN{1x$?q!+qYw`U_+yRXe>cogiB4^Y5>e++l8 z^GyAvz6W@h_HFp#@eAQEjco69yXy^2?W9YD#^OmLMfFA)AoL*DJ-y>UBj>F~%vs3A z0Wp^2-n}=%(zE@N>PA1iIOB}e&Ga&qPi(eZYltO<;E9qzHb{D*^&P8+@%M$N&>qc- zEb-46kT4u5BaG66=tnC#{{V;nGrI6DyEdwbZmrB>IU`iu$})1_k+0LAh2A;SHS0(( zY-N#Qkyokc#8;zC!f-t=P)YA@(GimjGCc)oq*B`ijBIz#3HGf{cMBcug{*Qwf^2zZ zPeECh_g`jfr~<5!^vFMUgGj9kaB6L8Uk>Ew_>Oa3$A|Un>%Bi$vXU!cj|1e6N`MXz zwF5j8OVuy*iHu=H@+5_KW2njG*H=ESZ_-)a;`5&%f;vzJ7+D^4MIK>1f(33tdp?tL zpv36ia7AkvnNM=X-SD~-9gM}YNgb-Ln{<}bAa^MkJxx&udnUx1-PUz=kwdNzy=Zuc z`!-!R-Zi)vS7RmDA9L}b(g&1BW+RmZY|5E9!RcPfrRgDbYkR>uNg?6WxFUl>rl;Y{ ztx_9%i!~2)rMD>i!~vS~8T?#6&vm6Zk}20H9IqgQ+doPGgG|)YOECLChCq5(7vViheLGZ!>85?VhFjY;r#T0+_>WtY zSo<>SGZwQEZCre~9e>8T>zxYETC=p&tfshvWpb^YfXY3;KhmMd+9y73<FeuE4-wMzOO0X;PguEvH9`yHcPvQY))$Ag%X{g`dA`ZGl~P9vLBSuTAUkbEWYV$z?&Lr8aEZ>GG)bUJ)<-ffB)*f%?|+*a<1;bgtK5pFj# zGkl44X-8=T-Z@lN8TokWNJW1YXisaWjb0d6f899mT(5_xo=B&b z-*j({&5?pA0=2d0h~(5`n@=*!Xjm(deqX#f{Ig#`UtU{%k~L)mY+!%9*yR3nn>1+i z?=kl?y1FI_%8r#Ty4ol9HNEbu8I7{OTfPS4pHuHiyAX~401n+H?W}P@Zo><|rg4hZ zacvVV%+kb)Gk|Gxqe#cO$oQAU#ye(9VQ&k0fbT1lx7xhA^Ig1_>8@T!T&~bT=j%;7 zmT22*x{jd=+s`w~nD5)(szIi`jMFqMpgG*wA9|P@kXxI{V;dAV-2*)<(L6r3ntX;E zrHou{0OP%5Eyc0u5DN{Bn<%811BULt_2SDcCVv_B0s1dZfLqrOIQ8#d#y@<=$ZnIo~(WYl$Ao!f1mQpglz zYWjY4waeybLuscT_(mf}KE zE~T-+phiE3=djeSF4o@ZBye)M95>L`jnr2VNbyLRj~z`jMLy>~`WCNnl3dxMFhV|K z^{Q9alf?111G4?#YFn{aJzv5PswJF|Y31N)(36ggG2a#9x0m{w_=0;YrntAdj$9QZ zgU?!JA4BQ35MS9Lx@cYyfHn!i;;`iKmxN=z7qduw)Q~zNHyed(1);PyH7{?{Dd3vf zg2or-BzLG2#qFsNvzTHtMCEeB@A2B7A+!!VRnzs0c;0O?<1Ej;iTdYlc3M}8XVK@= ztt7L!j^cQZbNoPe6%IBj#OtEJ)b%Honm;BH@}q9aW9}=QeREUN^*g!lZKF*wRH1C= zc{$|NSX_wm%~!+_U24v4+2@S(Y;^k79~0Y7nq9Pua<3z0zEjRU=q&R%+szFefwzu# zW374@g$1<9BD(ImD}j;v){0%t(dc?cryhv6cJ}C!O!xqi_j#_meSYHp$)cHg0|x@2 z)-X7f`!nh`(87>84VMJt9M?JVO2=u-nq?g`^!lI1>`v+0~>2dyP8HfI}ZeD_Z}?KC1kdAi4^&cqaYE`*DrIT zYkn8LlwIndZh_l!hD;S6oK+)O#>M?ZS&G)hu9J74w;A`vc}$x2si+}Y6su=FGAY>F zF;*{VnyuxX%EXHtu}PJ1{{X}8E1k zPp38IVlf?$?k^2~k626uV~Wj^t6TYZiu=~D)me1f<}Kc%b$>e~lO5_a*R>$DnXMXi zCEZCNSCLYyXY{TYEsPf|6_L&P##t1x+Qjs(zS=c{10=gdU=x#A#(JKFX>zR!-wE|i zW&SZ}`nHU#{hgXeYmQOZc~n$oF0{NCE6s)2#u671JnxYqCyDS)C$>X za>|lshl745{7m>utaztW_+#S9{3&;=R*#-f3 z^vCSGVTQ!X-#z0{|$e%XbRE(A&nY$BYwP zZlgWQG|O6Ck)&%Db}F1>(z+#zIioD4fzCPaQsmC)(>dLDM4s~9WYf`QyH*1SfWy+b zOsLg>^z*3@S9YJ#WGO6u0qJwx1oYrD)d= z8Fof&FeA1*n(i(>4Qow2M^66Fo(yhs-D{#2IOmIs&`ZCCo+5_kANZ7SUAwZ2ox{|7 zS2w8mRdned9Zt=mbC6IBAEj>?UsEY!;(5=6zhdtg{9y41h!fyew;bLnva^>|J|DPz zJ@N*@5gvn*2RIocrFlGBjpS(BKBI3gkF48D)_3-EWoERU7^_C=c?<|6nu$`<=alnm zA6a-sFWxBgTgvvo-oLAzhL;?+s8tlaqdZhP_N{ZL={Iu08!X#G^UmCy6UU$=(u{06 zl{zEzGgt7BhCFxs6nKN;)S7**p0nYLc+*e3g9_I&p#g)Ar#rF!O?+FaYN>PKxa8ar z%^2IxPa?aaWRC^EYbnKjmv6y8)Pv!F#V?6p2el>Cyb0n-EfB=e$!~Hz*x5+!o|Wxh z7X7w-W#QG-pIGqK#-n)Z4%pRM9}S)lY}Wk!k1G+9sXk-$*+x5tkufJq%!j&Otah{(gQwX_np>__^^HPPV?&HAP$5 z#8TVJB#LOxKy+c$9!+y%CGPVdoABmmjE4|na_aQjrwFM+R(5IH_I^$D^yqjW!~I)U z(ywQu~@!qCBDfmX$#GVzpU0JMTz5-UYE4i{W(BP=;k%NlhJa7AI{2|i36%_vf2`=@m zf8t973e&;L({F7!rmd#jBloET5?@Rh<@QC48MW?b%T-X;V668Jd42Eex;+@Pj0Zj*Pch~ zo(mE(ewE*}+No9_XXCLar4e^NmkkRTHohX%Vb>DcGadr&JApa&^sbZpEpJ|HyMm#d zmOg;{RWxF%FTo3pe&<4%5rHZ1e=NZ5q z@!zdQd86!nD9OE)>Q|Dr^k1nin?IP$hXZqPJ!`hIx7_KL8+slq%&5=XQRIIU{5x}P ztJ!O&c;{=Cb(d-7KqndebNSab;olQOq|Y9YbMv&hF?yd+E0Rcx_0&=B8f5mbdts%@ z9o|@sq0w>x9YH;hG@6q5W59P(YI>fur*nO-J9~~m$7TBCr@chaoW2LqE? z7Mg3zER(n&Gj0k86|{CCu7^_|!xU?cj=UUGt+iy9Iqf50NhB~m@l9m4y~pAo>LsLB%dm}@Yn}Fooh;U8Rk`^ zb*a-@-D}Nzc9&Z2r>l9(A^!kLxMo%P4^G0qCivmv_9{L+6T;G<~vv9?J?$vrFA zd=uf{?HhYUF^MLZ0x16gyu|dcrlB6E@Lnk&e0(1GUE_ZO!+E3Y6UA$yJ=naqv`KOk zBb={eoY&V^0`h1fkTVmEC>=$1rEL$F#Km0D@NJ}adaE|49FJ~SZVBX{T$=Y8ZM65( z-g_6=RDc4EZJ_e1GaYZPjAl2JbB+dkRd4u6V@;9FLP)s{{?HU0@{P_F2qVJ9-iZd48bJI1S;rp8*c`((4uMx=kjycC#W_+i0q%09QxPoLz z;*byt``*XerTCY5J;s@%wUnmT65C!O{{SsmoD6=Sl?m8qCH5PgCrP)C)x#)c<$WlB~D_Q)<1xvq8pk}y_6KZ}|<%uJXOzb>; z+Jh-yq2yOr_u6gbx3=b4r+fur$CQ0*iqy1!5csn3?j(>;t2t5TxIZ^PS^_NTJRxIy z;X8}FtLUN{j`E}-%JIg1&lTxfW#QJ{Me0evI2>?lWV)Agth&2C1=D5KnG1F=)mvqMpA%kg_(-|M&97mMe-Yo$foa33L< zj-+(-{Ka|Q&yDVW6j_@M9>yI~Rbt+BueD?y^XvImsaTmVhqqblk@(-k+E%4Htd7bg zSoZLl86a1aYTAXp&ZBc?ZSCF^lc50P6wDcKS@Axd29E1=kjaS1F|1>i1JmBM{u{QP zYo=UDq*_g<{j6>($L{|CpGpLISB~y(;PC*lw}t-EE`NGDWb^~xwLB-K_@hjQ?D?N& z)g*5v{U|eOoh81NYS!OpOL)!DZY5s+*sb5}_tRA_P={@VV?8J!%h9B}@g=Rmwzg)D zHhAA79S#j~e-LN5@Xd~&J-qVWz^moSZiD?-x&Ht@v<+y=UJ+^a6-%2i&*lI)74Mch zoU%a$uAt$}cu>xxKA6v?1C+HW>VnMQFjj!TGlEDNA4>5ri{5^j;n-~Sduw&QX%(HA zV1*~QuN5tVmviN>7U?oRmvgG`NT-Q5s-ChF=~zAnyO|(kFjcsTff!sCtXZl$onr1? zLfY`orR8D9ef?`w!Hz^&N5e*0I>i2>GK|_;anzuFjYGsno5~Pc$~b4$p5&>}J#M zL=oAeGs3Hko^ej*gt}jWR`tTqKbIH;@5cc8R~_Q}YtIV7b1c7QNK_SOC%0;sFuB55 z%G21zd2j+pCJ7*npK9a0L8V*UL2;;ATtkyE0Uw4d>*?B|J#JiOV!oBF+~1yr1)IobBbHz|28$V(SC%rEV2W0F8ax$c zI63#NhS3ejhwgQ4kG>}#yeGe=DY$`S;O48Y>V6^AmF@)g*3p?(AOYKs=Zg2+DJ7R! zp8iXpu|&YHmZJfAIi#a;n!3k^+gq}^lG)aIVp8RZ<8C_FgWh;)Ws*o%;F5O-reJkEP1+0H+>Q=8U-L<%pfXT+yKhm+3Y*U_xTdC|j5L!d?bgqcUOERGjhkN0F3*2hD zeU`Iva}>7(w3t;V%446s>t37U3u|@JEhMs3Tev_I88L?>o<&5XVy$7iZQNIyaJITg zV{N-h;DSBtoBsfXd#A3m4fUnGV&XYOq^o2zdW=ySTX5z*VXh;$w_9t6k|4($2lK^v z?~JVt&Z7fq`jgqlq^ltuNI%A^OQ{Xm=NrLRmx$Mws}t>Sm5xncS)WXRTi8Psjt+R^ z9`%z5%H``FaKK@CV?SwT#xO7|skzo|WRGW@kz8!vN#pXY8yR;*xsGT_j(Hw_gK_F< zbvUJx+2p&p3$!o*wgzbvC!zDErE@H|FKii!EsS>0v9D9`*MhBX>}S1Oz&0Rx6^QD6 zGxVyDnUSO6{TkLgmX~_%+<9@k@~+2DT~f~WOS?G-_I};FeOsR1l~G8j7H<48aWu=S z-rJy+{%yI*V0sf=$B8~5{{X@e>mLzYO>ZO< zLWV!Po>Y?_XULMl*X1BVNYFtJPn~{Lr2Wl<{ zn|RzpAYZa7q=>w#3}@?JU7+cAO+3n>-b|TW9jiH8pzL-Q@J|fr(U}zP8Oh++UnQDI zqTsQ09OZ^NtY;H=%c?l5%ZvB(Ru?JeHuXw0$yl7<3W? zk=qn1NKF>+JYi!kn6irA2DnAToMgU#y*t#G*AZyKuV6oK9x!-9PIY3D@}WQ zRJMT=YOd@Gr#=kK3Cpfa9B{N>K^&UjBsWZwA(?l4-M=c*iMMZIHG)K$cxuPQ zP){V1%N4?c{$nnFe_9mIx-h=y^b4Z4q5l8~&YR;4+v{0koi{(1ASO1>K41?9uyyT1 z*T#Mk*L*n-lJ?hsyO!gB2*aEc(08wKM#rBxBlBwWL|s3`he_28PKwQ!MhA8dI3JZ= zyt~n~%|aVpGVb0Pi~j(sBPEyARmBk!2v{9*-WyACaWhI4M&3^~^>4$db*~ERscWfQ zM`skIOA~Zqz~I)!$|u=AC4x;uz!T3IW`8KWXKz!^N7JQ#e%R`ecyjk$lE%cX?bvAx zDv-=`f=}h%nnyd+LvP`*w7R{A`(jIi#$d##`>UQo?OvhdXl-QGuA5JB9$2(xP6%GW z`f*FpeA?LXEk8(~SJ!S~WQrSAJjz@3HS{-ud^u;Q$vwrL^4`ZG+r571BhrIcGuB|z zk)=gx2RH9^0kr4v!V$v|K(5t~-7eoROb5WAm%xcf-vaLfdnu2l8ZQ z5XS5C1w7`yN!9H&2reDtgUU>mV0(&D+^EdJ`!GdW93DP)9;9+HU!i}q-;Y~T@aWNQ z43peO;eacHf(HctRnY_upIoKL7Z8Wt5}?Ci=Rb{UTi!dvGe+K9{oLoA8p5qIqkEqc ze$ZYTz0>dB?@wm?49cmrE*TF})$@$d?6Vh06z(NJ&JIVYu0LmFcGHpXf3wGkE$*!~ z--gY`UCQuaQ9!3Zw=tX@o;A`l#4Miu7 zN$i%k$z{pO)+&73LkjOXY@WanZ}#ab~rwuAW+gsKkNCQD0I1#(%W# zzxx+{)1MChKX`nn_C2-A+3Qwp_&djb9P!tMyfx!r z3twAmejL`c_;m{j;c(Hu<3X@bY7aA zlSLyqk%s;2fs8k;Bx+Z5X_N=GZy8wOl1QlW?Zj)9Il$tkWl^yTmF>anTB%&kM&nFC zyJ9@xaZxVMFbS09c*yTe)-kZ@_9-7SyuCm@g-sIqps`$Iu79Nlutlpym`bt-+6S$D z`~Lt0>;0uB{hmK){{Rn-Yf+C)@JEQJ7I(J?AX-j8)k(Lf2Lgt6Q|y0ue+K+VX|3H` zc((HP)B7*PHtT1oqRE(Tu0RDPQT#i`*7xV$zO&GExh5C7ee7>-cVi)m)sB3{?7;V~ zDu~|3t)Z62>UOrck)xD}t@3}>uJNs++78z|Wt=2s=#t_90 z_1F$0ow1U*Y%WhwR=oPr+4lbch9gAJ{T(c-tcmIZ{Oou}KE4Iv%)!OcrPm?StcJE1&|-%1HB zI^Nnx2o~<=ZU;YbRXOjz&WOLi%G~0`X6Dz9iUr}B~aS!%}!b{C5exs?TQPXMqEb#8$%BZ9e4{E1&igk34 z?Ez%QF^&yaBQcZcbT*K+<29Uv5a9gYr|DW!_;$|IPZL0l^Tu*O??*0zxqb~U^IEWu zNYX-%pDTg)N8?@1<&x-H4xINsV{Q3*aB_XBY;R+qZ|r?u&7vrmE|LSt`=oPP&}mvu zu<*jRsT{!UZZHqMBH*<-?Q6mIx>ekAEb`k&=I+d6z$Wup!x5&{D6aq1kT+X58TipQ)lt(83cAz;;-ws&GsJ+A&6FjI! zG3{J;ifo|KZ%v-iUvUdToQxY?YU59pW{O6Qho@2WuBXE~-0!TzEtK0BxafHXnsyb> zYP;0*y-QJo&sfo8y3_)lmn0p^f0bi=QSjxTh7ndJdx@4kvw+7L)oMv+B_;LduPx1zqbymGsy4+vVDa(z(rJPy0&Pi0#rll#dMCxM83F z096+$-1F^EUbnGvWFe8?cHE9Y_cf$#ZFQS?EpJjgh>(XwVUeGw*0PkYRAO~DPbQkI zuqTooN*#l@rFhP_sd#~}p@${yjEuZzDn6A4(cEsgZ1>jC!7H>5InFV~VOweQwjyD@ zMgcv(wQ-e)D4R1{-0Aj)NKnk*!l3o7Z7MT)3nZx|Q>Fu{9Sv$`@6fXxEn{}C8y9Yv z9nCjdd+ST&Ii6L8EzIm2f0La!^@XJI*o7!hJMqDw(IXRE7Z-$29l$~W!DE2Ky>VKF<*mJ?%s`Vb z0UQp7fN0<*xoNhnhb(yaHPdJ|9&^VWOxssKjRHLm)_*BX5yrdY`LKIdBguQHNMbO` zRmsnxtmZUt$8x$Qx~!m~13fy|L7@1BKGSbATs#=bT=cBX*OAnCo>=Z}T+J8()L?3&A{gip2^!U&6J4ako>n)+4dMv9`IrlkF1*0dvV*)jt;5_*U0O(?*hIOXkAd zWOeryp{F zcy+8NvShmrw7z&?2c;{AvpE*CvbALUBufMe0)nF))AcQ42ek`$QriS>koE)Cr&01A zgKi?UvA2o{jQg;~fa)<^2Z&mGjZ|7iV$hPixl@K8T2YU3;~vC1E!MAY^7%rakY_-jD+R}YC#`1JoUpvpuj=21@U5=Xs z_L>Zu=B03x-m7^*8~$2#`G@KG)eO|O)ogVgC(M9|Y?<4~rJY-&c~>JNsC|2XlaN&OaKN zO2(z#M^=IZD%rBB-gX5%SDW~YUq;Y1O(OlA%`f_vQ_=lT;7xPM*erQQp9Rubhj5Nl z?=T}jTvcY&uVrA8u5CI4now+M5<#OI=){pvv9fZw>MObM!dhtNQ*?;?l!as0IIA}) z`K2{RiWuGDBYy1XpGx$-7gY0*MqrO}515hGlae+^53K38mip3P$8sUG-X21$(0Y9; zx5P1Fuia@apx&+O#~Jg$Tx4MX0QHSz_0*#t(^vZqj5>9@6k*hgm}yrRIlBd#HOFu&C8Y=d1hUcJm` zdHF|ALtEIURyv}@RtGWRSC9`%?45*>@i4$ykgk+fmlY^`mmY0C;OJZ3Kj{kFgT4^ewJ3!PPXvLGZTXSxUW3Zq`96+uC@gvqe zR3L@q?cTe;OxCBzdrdD;@$RFoX)SDY+2Dbp+rVY=#|QKNbvCiBwLW?9MV;=0t=>jV zV^5k!V7Vmo&-2geUfVsF_JX6vp(R!Oz*Lyn!<$x}y;W3|Y;ec0{#D|#YdVjK zd_b@@+@&X-QBhZg9sdB4u83Uou^S(up9z0wTaOP7JH}G$+RMhreY{L}5D38s)7H8@ zN5xv^iKtxLK_{EGMo^M37_QoM&jzJFXJlT}ej#{@3tP#qEaA!zkSiQ8{Hrfj@kQ5& zP&M|SXjpO_FVFa#WY<(<(8Xb0?s`A$yWoF|`tR*8@S9usCf0gqjkL?Qy^rlPm}9@U zAM0(L_eV^E59v++0D|cL&%f}eKWZO^zqA*JbPG=mcx&P{h=*CWLAS`&-~hWg17Iw# z7~uTO9Q&P=J=5?mH{zT=U&i@X8MdcZGmN~{z6J7{Z{~a};Y)-%Ydo=sm54i!VTyxa z@&qzTyfTxFW53d{lFkpMhub7PTLN?(PlD+E<;3Bz)(U^vDMu zqN-|;%WUv5+>qk|bMk}jQ_gfOBuSuM*7({EPg>6VIG%DqAdlERWpFCluU)cD*()!YNj>V88#CkVggWHPZsZ{Xm;Wax88wsR= zCEj9Y91tn@o*jo%gxX)ta=>z%WFu+yu31%m4p`wljyCh*kB5HMHPF*-+U-;>@($-w z&KsV88tU|Dp-j@1Sp9RxNq+3Q-D2XrSWak4XfmGyrR4Lh=Cxi6{ zkr^Z**b}^CrFt_lqawMne3<-Lr^1pZ%Di1j~~>g%U8&V0tBjTv(9 zW5GTZ>)M~fZy5Mv;zx%q9{5EIL-r|GF}k-oB=qlI$NN}(T5sAFG+UTFD`leJTU!`} ziomlT2n^nUkLO*!(I3t~>aAJg;ftNqjr8wxkMMn_oj#eQCC!vcda&%6DE|PKgE=7A zrCVsQw&=;0D0ZH;&r)aYnKcO0rj$-{;Xku()d|`avI#Zlx^>iV1agN6-40J$;GB=6 zZK#|dk8U4Pdr0E)rc^xo55~A33uqVKD%ZuN{z21l9YjzZuPGmMUVgHb9^q42qmeTShX?PqJdFII7SH|#6>Mrm(lBWnKu z3Y5%o3eBh$-^T$+`^48r;xF09_MiA~Zf^DOgV)|9u|P?iLY;2-1Fw`0{{Ygt<%VpU zTu+6J`DHW88{!_Bq+c$X;$*welaTBK{5luH(brA+YfcwBt{n5*5mqXB%4| z-976EL8I+3SjbH&Mco^kHN(p(wUNTe$8Jx0>R?T*U}X#!f;~+o1KNzPb3P@}Z>?4x zUJ0NUir!q7`|wVA&OU(F{+fv_5Xf8rRA6SPZ4+E5vvVUvQzxD})N)xvGYg9{-g1Im z4@wStkSndtjk%6pLg2vyl6NQ!c=oPW#J(xA)*1B8DOT#zRq~rHf>ip7r4xpvPfYk% z@gK*(1ho0Q8R45f8Z9DrXP?X)o-)I#kO(K9=DeF+@Tk+SQ^eX?NN!qLB)CJ;QpY6z zwBxzSIz=1ZL7PsvytG2jkh7|1?;X7}T#v*L**oFa!@t?%Mg6Rk_QddKkMzw-+(~`l zQjm+yI_gXofl4`ZB0GgD$`4$T(!JchUABKZeI=>#3e)nnc>kIufPgV6p5#xwTA zQr0c+uI=xm8?EJvDN;Z>qbMW!*H>kz+OtBEu)`b!j%&GWe2yX5*tGmm?^L@tI6PGzY~MocY?H#5u^-(qJw^?1I-EDZzLcY~gT@D1MohzN88a@I5yo2l7Q{P zoEEQC(PfKOwze|bk$?jEr;tZ_ksRlY9U#;i&PkG1L<1^#&!^#DPj=UE$n!+lT>9~f zYE~jr=w5*&)dVrj%29Y8!n;ohzUP^FhTbAqQww= zK+tb|N#WtATV6f1jy5}koPHJNz7_D*$ADpyEBnc=uAO+0Z~^wIQL#zb=O&X^)HQi0 zmrxffT%Vj^f$8sC_nHows9Gc!@h#Kveqo==sEISJwrOqcEwsHVAf+SN6-9B!!P_I$ zuXeKD5?)TZIPX<+E1n;zX}4EbH<2{$EX)tgxf@rUcdtnB-;5JN)1cBM(#+D3tLH1= z#s_>-u;hBAwwg>f_ILO4+D|NiN-)DaPj9Vx-ml_&I|jU#&wb0VD-xcg>5it62N>QT z*DUWXwS8FJnI}&^2bBEVPp9i$PlRKEwL7E}h-RArmv5Jfnd}F*=pGtlc4JgY8PMRb zJBPJ)Gk7Z6%Em;O&HF-v$8r1J=_v`Gbzyq?Y}$>wMu^P2Qyp5obK(R}_R>ol%QLYH zC(DqdJk^Vrv8(XUO-(}E%hT>-d!5@AI&D2UuWpCI^TDTI&#c~ASlrscWZLh8BmV$& zFJ5RSQ9gRP(`|fNt65$qp*&4*DgDx%VS(-|d&Mw5p#`nBrenC0Gqqp70O|N*lSHVW zJN!}5?vI9ydSoS~NraAb$sA`Nm3Z%k=9}k{?XDr)@)GfoJvxzDax-L)O18ex6vuCW zAxnnH$N>J8={^;nD;Tf!FD$;FY^9~f3zf%UYFtfHXNYTGv~I29jeAqE@aKf=EUnQ8 z+3ut#Dn}SATK@nJ^*`Qd#gCKNeLm(Jz^t^ZnZS z^IwZmxA7;Nb$xP{s)GoGg>3r!(@w;i7L%;91XI3e;1)Qpb5qtH%IrqSR@k4Jm!?N* z29d*F{A!a-))vupNnz94PbFtZIUIfBxvxWx&qncvpEjSXT*Zr#`?Z*3dFz0G57Lnm ziOYD4z&duBYXjP-dmfPmJO*5LuPwgNtuE~EA-#VjE*Ue=IjvyPJj~>7ydOLkEiI#~ zV+8JOZXZhQd@$Edr?gs}>u(fFaB-d9f|QwQ+%0s7ukIw37{w7IXjSW4Hr^UC-HU6N z*z$a!qGNC2S&hQyMz-3Ag*V1*V%6hRA}4W${C)ob3hewNHLr-RZf)$Ngfw3~tU({} z9QUSV>9dLWiQ%cQZ}hD;)&pz3ffA@Jq>oWmyiMU9cF#_*(=1X^EZ}rFU#=@&P~>N6 z@ay3Zi~bzxdY-A`8z}8=H6;=cE?kw5j1TkcR;}W>w7in~ZAGWF-GdQcRF3(fM#S=- zqdV5q!SUFzI<2Bg++|A_8 zlmvt7DSQig4~O-ebz=7ju6*Q?*zkLOYZq`x6)x-STX|=bG#niYtk22 zxHi%-pA(hHBe&s1Uqn7scn`*#+usy;cFRjP!sV@H^BMmDiMjnN<_PVjvxPM)=pNq1 zn`h34lbYHxwuM;xJHYFuSol89OI5Zm;5?{<8P0#h^{RK;G=3m2055KY;{@(Sk_NBOM5<`fj9}V?iVh9lWuCBP^kYN3{uGLS+UXbnu2DB-cJW#zWMyNi(X6#e?4(J-NI76!U=i$Vp1yQj z)r}L8!*lnmCQMOc>STw>k>OVCyl^X%)b(3=7C{kNf}C{eSTc>T1nSpUnM;RDNisq! zoE&=BU#n|YOQ+r1-6BrpjirWgb4bc>q2*G*mjp3I`CD+n#y*rLxp@WDdVF#`xdY`L zdizjHJwHf~QjQhWE-dGY)9&qM#!uG02g8>(R~Gkd@U^K-kqP9m&rwy%%_AEYV)2HL zCaU^W*J9RXRS2>i5>HH2elXEA-9pY4o;atJu`Rr3HL@#Hm(i?j?Mg!hvH*%#j;-mM z&)2m(>FsXq?Je&u<&WfG%Z=aeo|FV{)WFfK*nqmNz3h(2N`-Btk~rs@u?CraqoKOg zWRl(`8HXT}%{k$7c<2aDQ^@=p;fWVHhIlDdzuuIeL?Mv zGc1e%!8qWGlG@HW^9n)+a0?O0`c}~y(aqs-mI7smaUUxZI#)MirrB7|?|E=m+#Yt3 zpTe}A&UqR_O)hUHdp1lCI^dE$YjDd8sz;oha7fN8Ho6$f`w!FN2UxeaiamzZec^lf5G$RM{#QrY7hNjy3HD&URd8<~C@@CC$kJ;tYLGN?NX4m0$xWU%;cqH1kt zaSgO`Ou0zi{_^AAsmTwQQr+&61(ZmTE5yJRIp}$>5BPl0CJ_8oZY+KY3n7VcXCN61Z14^ zT3S`^sT_A9{><+q4XjrsNTGR}Mt0Dl<2&dkvMGGZ?ie=0xg`63HOX1%J7PM56pZc2 z=LGvxGjcPcH($NTS0%RO4z;_c+dZ_~q+R$svPbDtJ&tyFZFd4`=`u)$a@$w~gO8vhw4QDySiMVBn8ly?yKH?08bEriaHbr6BP&rl%a2Gbx$8^CJ?)2|m8y zReuxMX}VvD7Tt1(k-}aHYC8K;>@ZOVaqG=a4(&}+6N(!JXtV!oQboKgFUl(+* z2~FWk?-IkNXqnK%GFM%}1*I@A~+oii3Pz!}4I6RY%_|0~n9JII45L(&gqa?Nz z;4N8B7tr)wBI0|}reJsHXc_BXU-93-)9SCH>bidE?O?~BDI_!vkKz2OxSYoU<3EM> zej)gEapHTMzb&-&46?Fww2T9uhZ+5A^ZUfQeY{swM8LegRf!lPv$wo!4#$z|(W=}` zBN>u111k0gy))p?il)%~PXgV|GFdx?Di00Q^{uJMwvW?W5gf4EHNDB5WQ|{;7|5=g z3$#~-3}8HX?Tr0uY9`8t<}bxh4MpRB3SG+SYaQ$bWLHvE+%F|a91($EnVulFhTBxU z5yr_FlVQgp4}ZqFUt^{Zpq?DmpFq|0&0@~sEUxWm^F*O?+dGW=*VNuNvQHHFUq|uY zi){007m);UDq+0-{{TRFHJ+yFpRGUeLEqZ^{4@B&;!oLI$NHJm{4?ShO!`bS%ehwP zoyv{ak=xV?{;}C-(i-aCU>Skh2;?7e^%$a}E_$B#@ZVh;rkDMlE1|i7V1d+%@ITu3 z;bxEHF9=(Bg6Bv}>FkzBZ(aSuBO~||{jfd<&+w1O-XicaY2wz> z(&6uP*-(ZTw$d?h7d+%{#eR2QTTK+R7FS2kcAlcTC_Af}O&N>`1CTM>-kz+i2z=o1 zNUpkPB$shxwzwid;wDV|q#kkaRT&)|`H8^bbI7d>lv*vqv6K#qyR+A&TajbfRH*m& zH4|p^$L|rmA~@KRdiE8gbqrdCmGzCnv&AZTcpXR5p~&v0kL)l04cz^--{LRBpAde? z9}sn0PxwmwET(@A9PD{*M_BO3Ck3&`7;kF+ml_A0CDc%}Ln!BthNBTpt2fl#;Jibk zU0mtcaN4Mj>~e;`J^nNNJWU^3wAW?0Y4q((n5R}B>L*`cuk{t?$=QQHEWd3(f!044 z{uuaz-1vDeZf#)@TmzD<0QnsHa=*&Iliw0}Z(H!jyQp|?TY@`1V$sUU7;NuQNC)!8 zZ9=C*lBUNiF7Y5TL$z1EMwckTW{qTzj#Y;}Yq~1u9G1F|-n_`!+&W-XNpg%rw?NqX zRk(H%LN&l?0F1WWa79NSk^uRcn>>gpce${s|HLOz8gr9exIAejf3rv2p(Z z2|kA$J|5PTzGOyU^%qUt@r5U^y?;mW>z4X`y`Hf=CDIQn%J%~#o)j_sIVb9Cnxg7# zrO_SajUr|P2nvd_!2bZ=QZhe7SspO(pM}0Gcq7E$3Or?L9sdA>yia8=op6k~5lYHH zAP_)3KOA~j4M-<=y@krp^MC!dKV{z$e#yVIm&DJ6`t)~GTUp;oZD#WPw0m}J!zSNG zQY+%y>lv(X4bqV9oQ^tHan)Uo$EodK4m?Hn$V{eBCUsU&4^hS|vOXUBKASv=EV4VZ zO3yQO`hSH?R-_(5J}>8LF-qv4M5vm z1b^{kxPY8ES6UPW{nmK1D%3wIU5>e_2P*}{CJ zlZ@~M5tl)@qK)p2Hky{#Av~LA$>e?SrAH0jt+7;`ruc74ypkB;bXQi+;5t_7B)O35I(#tPx+{fzJO!5DH^J0vUqZPc{IqO zjK(7*wm9PzQ^b1RjlGDrlq(~gkVk5g`B~!^J|)t$`qVJy(?iy*Z_{7X(Ik{lZxP@V(AO*R58>o@ap^j(t;C|*TzrZ~Mh*x+ z=e;7$Z?Z*grbBMQ!XU^8fH4!qnH7hd5#(o}piV{|?}+t33V4>@??;sy#ZK3a zfI0WgV&Ap?yM1%0IFekQ;OC}$P(ztKR&PC%AF~fVbIGoc!CHB>)NNYo1XH^|DdA`l z>^GZXl6%+@XPprC{#DJ{L92N7);q0sGi!4a7~)iH6<&ZGdt!j)L`&go`v9;>3&@!H zNanR|3>Mb&MKY;7c944?dIaKS>BczkBoM@*x&vGOA-x(#pB>aUNbe>TZRiiBCnDnm zhl9meRxk&YNi2JS#(6n4)kESB?Fg=5NCrp&LF%=Xi#Q9LV%H6XCDo4XirUiE1;R=d zw*XXvc&P)niuEM1n9CSRQ=#^wL-6L4EydQQfZu40968`0RiLQ59)08MXH7|Ntyeb7 z7>{c781Gy~mC_>xX8@mC3+B+?xw}NRgUErTeDhrewcV^%FEeb8~`YmpqVu2d8EsU%s-_>)zLg(qX3H@3t&*{!-RZYi4Q%I8 z1~rkuPTYS=t*gu>xw1C*Ie-$bxXEf|#$6eis2L!WqZaR-zSR^`h0G7|F$5TO32rnxp*%BnB1p@|Ny{h4hXHwcR<<(Ld&x3wGV$TTY(uvS}Va;iz- z^w0FIIlF;lPPa`@Pg$V5gC;#<1k0HTL50Yz_|va_CwdJ5cq;` zHSAyoEy{rVx|-q?HJTG_#xPDWC;_(fVq`2nZP>2r+r*#Q42m(hjDUI{V@grEv{jMK zdAIlXQcoOZA$K^&aay-_rrjg+g1$!Xyi{^n(L~3WNLHL(+sdPI=VJG(b{e0RBP@-8 zzmPQf`enqGHI0pdG8Cu)KoWGbGa|%n#o6 zu4=XHeJ(}9xa`KNql2dBC)s~iGPMsA+bfSKEZ7H?6_IP>SnaMQeO}bw>CGD4c zZ8q%3CV3Ukil;hCmtAgr^UjTn;?PK5%fIn#;hJOnr(7Z#U__2+( zzM(XYzRw6^a;gE`F_JkP`t+~O8*7x&H5qLtv27|Ol%#A%)tKj!E2&g=N0o-i;YSfu z6C3kX<-c!rSy=WRBgNLrkfifPBXFyO*1a=F*6c5)Hrd!uBP3+flezEFjkGcRYpFqN zYdluYWkJ~YHRk#qypkz*+Es|pwQ@-wwJlDLO%=G3*@%~>M|!y}hN)+#$En`He#T_- z!;VI2!a5z1iDnCdasiB~T;Tgw#5)N{wv2bKlGQ%s*Sck$#362xUNCdhy?E}ScMg@Q zrJOLvu$i{WgN>rO+UQzVJ9{w!Mr1p`rD;UlR5LFbsP<;iS{4=2*kJ9=LwjseKQh&J zuYYq+TOAQcJkiZ4D*Mhk!S$~>)4WrvYWmyhI);^hY>PWYvNlSTUX7o6&1<1eq@^Ka<`H(+ahBTM0dc_3*0-jQp2p&=e)oI; zw2xBKZ|vt&HIqde?;|@&!T$gn@gIzT4=#K=;%k|Lui0FZq#h47>CujwpCyLPKicI@ zy)25}AMliVzlLQKqAkjkw2tDj;P7nr@QHk|nSHo!bM&tG(>;jelWiWw@Xy7Up9;Pu zd@b?bmpQV#(zVMeWqyj*?I1}5=Z&RU{#Euj{2Y~S4gUb_ckoxl7N!Xj4~RB0M?OD+ z?d3cl?vR5%xD`$+%^%2qJ>hS~{5y+XYjVGopx5Tl=DWd~wZxW5vS4=wJRY1^ro|dd z8Z@oF_$MN~+OEj{&ci(sekP2%vZ&Y(rC|7~?6=t9v?bfj48RVn+*d28da+s*rM$U@ z5+j9#LmUB9Xt!26yc(sK+o7`7;{~IJf0Ve!a#8rO#OjaK3j z<4?3McOf|_b6v5C24-=eYJ(Wk63#fh_G#M-+OxGSB{a$5y^lX;cELF4X``kz^fqh| zFj5<>d;b8#{{VxYEAjkyzh_u<9XcpWjY8{)j~~P8eXFVwEy*pV7YqPqhBVx0lOSTYy=|`@9<2 zq-8@Gpk3>? z$zyK`K4Xa21Dw|Gl`Y4Ez9jfRP4K+wKZ#=0BUb?Y%Z9__9)tN;qfRQu6|pMzKKJ;Y z@alaN#Lwajd6~u9iLM(sB2qJt!5vi_qUUZRcr!k}ct!?~@$hx&(| zZjw$Hk$}p11aNrzit?u$9W<(^Cmyl!sQAGO@~Qo)d#rSYWdj)^_1A5fcKb_-o-#lYcbu>KB(5*KP=f0LnY#B0h`cvS?gCy`3yf*^k3$1ms z^KSj&d5G#s;PPt+$3GZ;Hhe&|kHEen_>to4F9g}#m`;mpFop?ZQ}V2Vd127tn$}Xb zhvA=Bc)GH!HR?Dl%QuU(JM{WHcsFVQs(W5Zr9O+MGfnns~Mov6cZ z+tMqDq$t~8_>`5%KK0m1@jG3(c_WJ2$@dW3$=byJ0=)W~AG~Gxny8aqOZUDs@dt`^ zEeFD|N2h6*(ne33K49c_VsJC>QfZzi)U4ni+6p9^EQVO~^I-O@dCz{GYpqT6_=k6> zTSO;;#j>tcxgQ|(JlCLj8%Xizj(k6__@lv|8`X7P7fq1c-?g~IgN*!&e*XYbz^huB z)WtM|w8u(s3&43IhG z8X2FoQa*+7Hl)5Mv$tnfi%`Kwk8sFgT@IlHlEorTjfyez8c?35a)H2I*(^FfqVdEc z@}g-KK+f!PN8}BDPk7Tp@ZHCbb*~la-Wk&%isgmWQyXBdy@}jMzD9o<_i!&$`M>Eo zD`Zqx{XJj$M9wHn_L-QX9vjoWbeDb=)n?IdZ>-~!ZdEc9C9=aA_OGj;f1mireb3qZ zZ?l~f!myQZHa#-d7bm+2$2k0JZqg{1%91xfFDECZdJ)+98uB~M9Q~$XCUqgW>&X?L z;w?T^xK)bbUL;^u0mn4YGED4X)~+sXE#a0hsHg`_Rz?1|4WW(}IVXa>u}sEqp+^4z zRJVY@;TXbj4;kk@YTULk8Q_}P%S3UC7@ zya%l#88WWPW|`$Mt`E0ry`|_T?|h3ll_-7392yB{Q{pnW^J(#{>m?e0Q7qq5)%=mx24c9LmgIo4n|7Qw+j)u%Z(IA0Q8 z+URpxHRZ>jB*XV`j&|ce;amDIisP0fm|1O$9dm%Dpq^xMzAE!>HMnjIrpdm12FL@_ zu=OR1?L<%@MI2HxWseMKdWGHDg4La*85lfqk6P&TrqOhbSts!mg|u9(q`o$fS`6hA zytugV{ojVKY_!D6NZX;24=TLz$FCL4cs@q8S@ippzUm?{0O+Ts1aj+Rt|W&d@q}nk z@o|w}f8wisAzoFE>NRnR3Ip>B3vfA+6|SQTSZ`9BeZE@x^Tl2PZ8}NrAZKK3le@pY zTw`$LI88H8x|K%N^L)NOrmD|%a`#M@cBs=1gP_l$p~A(bV%6l1_N_h432!2(41n+} z8q-~lDGj7IO%~y`3U+#cG`uIOYsoIB7Ns}ZRiqm*oMZfJvGJ-wf8nciwLoY}i9y?(;tDY2HxCGI9vVJkTS_S3$A2zPVu2K<)ClAmDos&bBQ4CuOV5 zh-{&qkq;$#B7sU>Og(o_j>%TZ#ETFcKp7wb+PTQ&DD45WK1$poZ_>X_R#v9z;fz;+0jh8hx%2yC2(*;SEgzj zyfW#N8w`kThahWC$Z-eq-u? zI<=!4PUj==((>xS-)dHAi?%8oIqROa?cOU}{{R#D+Q0UV_1>YiQcwvBzz9cV=OHaOB>~ZA9!QE0_Hl)Zvn@sTaUI|+dl3- zY+}6I$GSI%v`bT`>DDR>Df>#Q0yk&)c;bSiBl8R5Y?u0XiJtbx_@PMyfseV4*sojg z*N<-X4LKS=G^;0*G^g&lBaunO)7lC(*wn(g^G0f{|Ny=N$yPI{j~_%l^V^bKkloR>regAet9^&{Jw^B)yN_v&tzG=03| z9C6y9QI*dGZx;wP<+Yl{ptpGd+L_9Ide>`nXJM>~(I*g%ra&C_^!m_i86$Z zq$;pKRR;qg_7o9ib2+5*;#i|ICRe%p)iT=Ly_ty-lZ+KT%_%z<6WTr-_y+q?j`5|o zmOFT35*F;k+upq=O88CU9~NqQY}y<$PiGY6*~*nF7lWT}wGlPuM=$$E-9_-;Gl_N%UoOP7VN6;QTYCY-v9#SxOq85tku^D&a&jdII#7bbSP zZn?H7o>PWGu9#e43o-_2V#N>DW6_V!7#fr+SY}nhH_TLRPt-b6maATDfw{7d5dQc}e zcYZSPy_3zR$sEz$$vk30Q;`<$;2?TegZPFUO%q#|-fPG&AypXIak2Z>kRs{VM*n))K)Zd+0Qg~j#e0>AA28qoRy5^&Y~;JxmpWbN!c{j>Wp$v`R1tVx+K=u zV(J@dg|n_%+opZ1A{UXBs9nW1tZ+ImKXwZSctOEmVX-!RF_ipEKluFVZSWzqcU zkMDROZyXP$VCq`bWYoQgpmp2fvw~?T;t5=la7^z}_;nC3{Hs=3Vh#b@(;l_x-`R|o@yif0sQ{Cn)Q*JC zXH zz`~Bkyn|J_p5EX=Zl*R?>V0dXp5)3$vFWkPd84El5oJIyU4T}Iv6 z8N)L&{K0*z)UI_{_rW9DKw}Z?jkW`{dY^j3sjOnm`Mi0g!5z+)bkRNYCgCS+RvGxC zccxgam4=GZ-8tCu$l#z~RqvWb@*G~P<6Ua`p~TUmq@Qqb2q(Q+)is-aN5i_7p3*D3 zs2fjEN1^RgDBR5XiY)_DT|wc~OLF9?Io!SL*r2$-v9L>7F4-i`@AiqJU5Cuf=Zfk# zj_6#z8;sJ$;>(LxlGZ4#x6@eY7c|(%Y%HkVj}E%kLNi6`a}A2hjUg4~L#4@dfvZt~3d3?OM>J`;~V#%z#ec z#=eL6Z*M%F5b-sNU)gGxCfCh*8AACxdf3R;Mt!sK! z+&5u_&y_)+n6GU6(9s90d>ruRq2eu88RJ=}TL&@h_2a1>abDl?meDNyC8wps`Il0H ze3Se*Y!CD8M2CHBc~6JO_Ew)~tLj2KeJJHJ$K}Yze=LfntjVQ`m+xv?(K{!0q&F_J&x{s_Yn0+2oq_DD3U^eJ?@&J!^`KQbn3S-d#Z8qh>b2QV(3#l+J|oKTJLacXQ_nnuUkLutz80Ip_m8MW9gG%NGWot@^d#eq zdw)vfI-qzJn!zQ%n|M}eWLySDz;FJweHZY1#x^>Irm^tXRk^r^)>uQ?w2$&ZHb*@6 z#~e~NIDJa<#Qy*eJXxdsOz^erx>t-mJ#v>8(y76mD+7b|!LRfT{fj<4=)bkU?6L6s z;?|X^#eJ(SgmCJp7;l1L0AS#BA-j4JN=oS3=h0pP@d@zviY=|?aw3`hvd6#q#eI3H z*y*~yn{j7*65Ux`!qBijj4_|j2k@?0#KoV==lm60_Bg)r27%(edrh*nwehEf3B0yt zjI&?aJACQKUAz%r$zP1L_S5wn;_EM#N|CuR0X>CXBt+5Ww@j#6HaY-*Gf8R|R+}YP zfwTk2HPsEyX`tIIkUExlJA#zbO7iSUiW^c5=&pkhWLy}DFP zsJk-xxxArm5Boj-(B2^Zm3}&WEd8MTGLCf( z4^U6FM-=8iwOU9*%90WMJ4vtf*7!y7Bf@_e{ug)~;-`W2Yh7c)z9G}&zPFMm465v) zu*f+6E}pp^sn(Y?7m?DYj)zf=;YO4p^Ou_WkK)gPEPP$2UuiQSLwKayw(X`lhaiu{ zSCdvH9|zcJw%Sehr8kJ}9(_7kpGej1mG^SAz>g_{#&ca@&|ScjC2(4GRs?tBXbem zmd{SL9BVQ~^Bwa04h1pAmSe<7Bz{=%ao(-Q8J!q6kcvkj@=XTOeNU@@V}IH{@Ag^! zp}a5SnYD|{PXlWbE|cObc%vpcp=0vMSEltmgVw*$kKo_M?GMKO2k`E#r#k93S5~mv zYD64{QlrV3cjN(|aBCW?L#8LzS~Rg*LnecBKiY3CqYoRg$$0x5_u`p7g2@HVqRl0; z&NssA);T>^xMqzLKMH@~ynnG`{?MPZ{+Ihocvit-_>bWtEj7%oewxafDA8YWw_TD{DQ-M--m4@X;l#mnbsNtv7ry8rbPHW|>uOVvy}54m($H+In8BR+7oI zG1^Xk@4aRskkZ#jb}+oVI0P{#IPc9`NTa*A6Emal=|CJejc>Ipcwp0}Nh1*gs1JT? zh&!cNRDvWNoEqwixrCmld!%Wzyl_bbk)+uLgN%%NSEk^9gU1pYW}T zD~%&lzt?VJ)NdlZh+)vgbCdPWM=yw@(kFN!MoH9dQV&yD&PPQklK6AQ{vdnFQthO= zwvn+Xb>}#!ynLE{&CQgS!IJMJoOkP3Ih`>_mamC5y*x=`(oG8-i1Wu3`<-6#?E+3G zkuk#(NhY?BnJmToE4rCnuo%Z3s~tC^tU=4ntT0LY)w4!7K9cYyq>$Ua#K&S3+}Z4L zUW;RW;olL&Y$w)j^v@|yB#;sT9k{HdtTcFsh&))!aVDJN9Q9QYh%N=cYYm4y}pVGte6xjD9FJby$xv=7Cj41)bwp{ zO1-kTOIW6ii9S*TWBlT)+v#`iuKIEk@q*PdA1T*p(qB!Y++SYX`4T2Xoa8NYHs2I( z{5w6(g@%c3sYNmrGdEbzs2TlgO*u;XU&Xe(cNX8-y zWkzy+>STw?j#}Hq;^s-Egg?qT{{UvJYJMz>R?@W1Iw%79Q!~uWa$C~_+XAw&agD;> z>-TE%Mr4bi1az(YZBiRG60Al>U_b-bklar?)I4E)FK#4_V~$soyaLP{xkj~o9*rX+-IZt0o$-a%v(#DbrBK9-`FF}8G zZED(e#mgHeeZdDnO=SI+*539=tt662+vXorK#Q?O4YW@jZ;icuNvCL6x|G+FX?BtZ zNzT9zQ=Yl>pxQF%bdRLZ;cGjwZpw`dl^`A2J?p22JFERZ-LBYj!G=%W#RVAtBDGCC z*-s03tl)+UI8rMn8D>^eESR;2K*edbB z6b|RF_`AZ|98uX316^N2OBd{War)PnMWS4IhVt)Djuy6MUCV)hX@g}we@VHqXzWG1 zODuR&!1u1&Ic{vUdw8~@g&~=<$>XJGHWn$t;$O5|Iy8P#{L2nW$83S)$b5h!9`Z{XSYAdJ5Jk0qx9dlbIbSh+j6K*tV zbxktELlf9KBCPSb$qsX$!nw(9C9sYtTzR-4Z#`;dAvoJ|S=AN*Wn8aPO>p{^u#6bA z_(@`NNHrYno>WrP{?e*MrMKstj@7vKK6Gj39jnDYahGl8gG-Re>l-KshwgD$4>jHO z$H)Y6a(M14qQ;Tw9vtxmx^1M^w(il)S7>bV1$Dk3)s5q|rNpmwaF}K+a>G8Ntrr+~ zAo0ehCx>+CZtQI5y3{UPY*C^gz3=%{wwKzQ>1!6FZyBE96gYJR{sh+6Mu#KfPXndb zm2u>>3WMhu&f#3W>`|tj2Zo?waTIJMLAQ`_IQ=Rl`wqrehHS4bHD9t!S_Eg@GDb07 z{-vm6RkyTVKI81g33&*}tj(hv9IfoJ!z;n%rNMKB@w8?+dUMi-Qhkos z!unRH;%IK9(xUSriE|`}fIYKZh4+Uw2`9Xh=iaPTqYg4XDkT=pmCkjdp4%#*q_vtY zC1zuz% z9iNs%BdFsC6dNXRQ={BZBW6cTo?5hRZPsWEO1s#5awugXnwFLJSZ(CB4K&O^z#Z!4 z{gap>YskXNtH%{Q$mxdWhMTRtS~Pl0R`D!;cJ^ljAY&XFW!wv@M)r!uNd#q2G&vg% zweX^7HtZwRgYKLq&B>LB%R~VMZ_4fmP8EQ|GwsAgHyMo`*zs}!zi>dg6Tc;8+ z@}nGJRB~M1&1A(~J1-+XmE_gMH@W?V!~7?L%jqgOI%*MJm-VRId6raRw`aNar&~uI z;=C;wU`=vLS3bF6x}7(M{6VUGHSt!L;(rgix5!|+Sr;l0h8%u>txbEVTX?U-)_P^X znA6$c%W|`+w>-(P%=r%E0HL1I}VgpP{fIuVweR!|Z{{Y#G z#XcJGx54cnQq$%V?No;ND{*ZvO{98pTHNFI&!O_S?f(E{ZQ={vA3^ZZj`m#+(OnD# z6Eue{{SlVj~#p@j_&sF!~;aq?i0-|Bq9)@ z0rXK_5u@1g@fe7y95$Em6TsS^g*Cg6?E8C7M#+S*M-a=-r2NC`J*&$8HGa;%KKLu) zJuBkfwuOCj@bsoGW{ekmH7&!xqMv$Fq|xR}GK43~H*32i=F8s~T6lt6IW1fL7F8Qg zbGYNJdM1SgNUBQ=;0$`#G|}{UI=4FCnT{e%uo?WT7I`ji?dP$18Lb*k<~;Bicc&Qj zJ-Tr@y-hU@7JVk_#ZAtg=Mi+P)Fux}kqt zL8$KDw~)&OiguOm4S45_wAm!RxSbtYS+kMeu^b|3cw1Tj077e73Oveso}^c89n7*I z2#0HMeX2RllIS`sfPsAA!v_P3-nG0%O@=V&dmi;yH?Y}b4d=Gd2^bh1E1a^i4XA>s z9aoc|T4=(h@1gC#3%ptX01E5J7M>?-cGPS@D)!7k0N{XB{y(L8#nR1f;+=P2wqG*Z z;`&`cLKpp5B(Yo$!iITRmeaZMR;zoc`2PUMHr^T1(i_LU)Ig3UA2R^hIrPC5-CuZc zX+Ad8yc?*=6k3&xvEy@srMjsVtvjC^nBsY5WB0@MRn(g6!*E9tQ|88kOaOTuE84y{ zct+P=@bEK79CtB{2SJ8D_3BVs9~IBbh;v(?9%=X2x(dCLLmZHiv=i%H_l6cdY6V-X zZL-4n!yX&lSEC)zpruoiJF{b)^%civ zeGM4sY(TKJvf4Vv>-UaFHFrTQ z2+m34xX*g-;mL?A43*#-$Ccj42Q7-S0*oU;z5O~@)87bxX3r3OZt&i;Z@fvN_%_Pk zFP2$f%zX2P1C9nOrZoGR%Bn{TY5O#MUhub%?KJ&z^GNY0!?7fbKC`Esq-d*>&b?N; z?Hl8z&y9W{_)p=!n>Dtb;Qc%_5VU6vcFJ%`$6tS?bjA$w>ta>xewxehOT#Z?apBd0 z6HB^waqdX3%wH1tR>R>h#@!#`zs0RXS|1HB?_o3E$Gut`R$>{3Ke};} zGsmr8vt;0L9QU#3pR^ys-wS*U{iij54}3K7GkBxn#-*getm*9Yd8XL26*2D|5ys){ z!>?NEw0%=pxwM8mJ9c?C@JQ+^YFRdu(C@(2t11zdRcYH*=hW}?S=++@00(|0`0H1^ z5Nftp5l5!TA7EJ<_)ovReB1Dw#M+mKekyn~#aD7ecQW3`adKsHcOfHo54L|Q-j!B) z)vCW~B+uy%PYqi9Lh$LD*4dogTZ@=7dInv?pVGfJelqxW?#IA?7qmHTqc_J&k*(un zkmX%_S4~MX!QuRKQk^Nin>-`-GX0(WZ>o6z0LGpz&>+zC4Ga4bCAV2(0d8)dG8r&A z+6Orqub6%rqs?>T-8%eRTi@8~_jc@&oP}kOf(PT8;jJAmdRZ=O8u-f4gZNZ`_T$}b zbcmKFk&foHRC%Q+`MoqXw|vuPLCS|^FLJBhc7O6ZJIdGDc=bilZ ztW-~=r#H%aG4S@46}wI3D7QoAOOcQOepTk_`_)f-P^mB7V?DTE)QJe1ZTc`8oHQaQN+sETch$eO*_RN z3-MHTEj_K&E-+pvz*4_>{&ngLX|G>ci?*A5dG0#%TyB+}k8(9`WcY%Avgmq@lH7|G z+9P>eq(P3-$LI+)@Zar);9rCv1%5N=-Uawu@n8NHCY5>N__Z5|Jj9e~)0f6KAi&?t z1w4W5L9cHwi%#eBC(?&7QOfYxOKT~)U$-o6Z=XNle2uA=vS}n=^kgG;?WE&95Av_j zKZBZPoBsd`yGPP*?M&LV$IO~p)Dn2(9mi_=nhgF5%%{q(eZk=?7uGZlDr=~s^P`MH z#edo3`C_+jbgNr!mcD1s=kl)jGvn*CEmrE@aF9EsYDXYvBD7S!-n3iRfV}=8*bKhp3{%IsF8vw)DiUlNYrkg#`w6TSJ*$aRNsjkU>9_sR1%BE+6 z=Wrh(`?Xdwv0DEC!(J)T(g}4ZX>5=moyG_rwShDc+#l@*XH;Bs*@a1j(D?3=cIFX+ z4mqwuO;=L4)Ky|cgBpA+qv>eh$8{>}%*!YH6 zZsocAACmc3M#FoL#8!-v=yvud#u>m=kB4Q!Vh6P&GtOnRxSMXE&ZSr7Di2G58OmJ`N$};hj*;Qg zBfFM)nTcg#%zsYUtt~d@7I_?!(t4@n(&p$wb~(L$F0U`*5?#n`daC4%W7N`W`evW2 z!}gnlZ*OoT5qXM0EsmL{Xrvl1hbIwSJY{YX5HWB@FgU0+{XWL)PJ4N+Pud6|KlH6s zmgS~=ovZ5>`gXH(p~Y_`PNOX9I2FvprfU|_on;Pm$r$W*Oa|jUf6rQ{upVoy>pGJe znNOI&oT%!


M@%tR4b_#^#nsF)M9U!|SECH^ z#bw2Pb8_-Wc>=+fB~%`jJm|_&IL{H;ypJWsO4w33UiG1;T3U;7CB$I3`LajpR6{wP zVXmY{Yb17spKFCDg|4qg8di~SXFRZriBN&%vXPnq!SQCJ4b}5pED=GIks6P>1zGT~ zi5|mI7%(PRU?E5Cye0aDb7jc9>a>_bsOzQJ5`i8j>Kd- zft}5c)ERQJZw~3Unu|wwDx5A)%$OtduCrUewuxZ3v55=|%#KtB9D2~vt&Wr7*0mm| zGsOhIAjrt}RyB1ni!E;|nXpOqYdV|*q1cB4JyR&p$nUShxz9{%E_WuB0 zI;%X;Tb17EK>+*K2A`?TquQpKX6Xf(A&g*fPpt-qrk|=EQ&dm1M-0IR6yuRwnx?0s zXtP>1(%e19bHW?}pI+1oQMthQgX52j?X@+7!xx{~`f>pPg|Na;_p9E%4|wL|#hPBR zY2taKpH@tu@|W&+1TVcrqO2zpFA?chI(WIexM0bYa~B$e+T1|!%!VR+9{$y5 zQHAwO7(w%`xUe>EOIls-6`*!{{SlX4-EL;%S;n^Z%);Gn})-b3ys<1 ztqJrJk@8pV9pc-s9cz|48fdn&YBtExTipx-BOa%k$?(iWO3+|irMF4MV|fRm9+jkI zK5H!sS3WfhBvHpYBdh(@!Qbp_4^{C-n)fzrUheZ$G8Rx2l~ay+^{Y&xZ9`PmF0G-z zH}|kZ%C)}yD`UA@^Bqd)HPYNXDiogmzO=yUygOs&m~ZWzkC^9Z$2HLFQcZDn6`LsY zNDLPpX)`IlhmClPz*@R$?Rk5q7O-~P8?W$?IuTkHHfAp_)#3&izyWd4)>A|jHOo+6 zFvsQK;DB&?*Q0zB_?4{uAn~kzEz>+X;hz`D_BpKD(^Q3}Mh-uR1Q2*1QIK*86${L@ zEe|a51-o6|UTSh%>H2B7ndJLDvTcqX%udxFgEhyc?Z%yQ%PTs-4-JmBaolo|?V2Bm zt^UlB`D?hRTyvVcbK+fN&$qPG?dO_y&eDSz$6VI&iXikmUlHpEO^(*?;bWOwd$1g+ z^v!YFzNMv4G^HXJY(u*xRh#1*DfBB7I)HAtbW(XE z*A*PvnaOHzd@k_@m#j8!nnWr=*uw|uiu&sE*TLh%j<>5DPE%}48v;Qig51$4l^EFh zpTvF^fhU4kE+Y^q!v*7TuQRib3yp4QG}I-8hd3O_4;2L)dX}E=Ya+=DD2b3`1yV9=d))MMl zjEu1#rbzl$L+55@y`@`47?mRk;c!^v^uvPvXZY?F*}Sl`)~dKKEAB)mf`9zKKH9dk?%TGRYR4xy$&3^20XXXkbVlkM$V zdNsw>#mts>@s(8sp$Dk?S2?_P9jfToa1nDGBy;s3o-yxUQK{+xO7Tdc6Mh%{ss!X@ zO?Pgwxj-(m?5mI(QX8OMCr6|Gy& z^8soT3!j<0R$SWMgGCRtzxHFo=&vw2;8q5erhjT`$z~nxosM@N06z7q6Fp%=XfQpk zvqL*80lPdC-v+%G!`Aj%=9O_Vf;790bGyvO(d+L`lCF6!v#0&0^5DSDG&_RjMnht{ zZ8J@}7VxyKBZ2cOV;BduXEarg;@ZwD3qw5cB1!j&C$(2Pi(4n0teMUL$E{{mR;MAT zYBsmJi&@U7u(1HR7~7LuIyZ+je=ug1kYZcw@#|wy;_|IIm&*Jkds=s|Cp%9>ZsZBeypu$b#Z-bY<9YU&V!fq6{(_2s`;Yo;@Wr-$l194 z;g3$$mohZF>UFxtr#!8vMRcG+o>+2691qgBVAbcb(S_BCncPO(LXVk;Jt=b)6j=Cm z@fXBC1o2jts%hH1wy7+JJBX4z`HDwEPo@QZ0pbmFQSl5n-Xge}ZZHD{Y>|xea4KAl zA<)I~jf8f-0Mj+g%e!eb+1&Xt`JG8P<$kr|{tVZq)L&DAb$G3ST^BkIj!7>5o0z+(9_GU59vA z$lag+09|=!_HH-IsLa^j_|5>Q33fD(W7K{Uc;@TDz9O`}OFMhZcb!$ECx_1&Big@I zJUOYwtJ=qLYQUzz$DW@`)vXNC#Q3q`r0_?Lyj$U$2a4xPw7W3dOtFPVkI{aZuP3wArqOThH5gmV zxV3LEh3d)=BlNCXQ*9>B+IpW@`0^C-KZo=W9qE>l&u@PSOO2m-91Idv_8eF1cl;1z z_MEZ!NAb(WKeG0_HN~%md`l3X&P%BG^G{S{v6#v{xC(RCfv#4}=M(48+T-D59wP8%?})7Img@S^ z9WHnBCWV0nW4{E7{tLfu-`V5-6tBgtcFJpAR`WyFNA|vrGcWGKa#;Z!e5W*1o~AcH zI5izTl`|=fqa2N=wO}ZY2?LRk4gtqn?1MSx(LA!pBeu-#&N&rLt;0$k8QFbDKxkQj@@HCH)Fy&cKV_YV=phtgf`g;Uf0520`kk#kaS`~JF zczk^Dul6^IqwzJAkNusgq;}ezEI5wgNdi&+@gqM`>0g*1wvWN(@u!Bq$9ZXJ_jZu^ zGCnt%;$TV=I$#0@eZ_OdiL?1B_=VwJOTeBz@h^gPxMiOD&S@GvC<^Jg;4jc(xQocd z5)iC0v=i)oE7Pa3jLNXgBo7gcgg7Ak(y_QQD+0by$i^zsjG7>lU6YO-Nyp<*%`U?D z86v7NW@Te6ilL-ovpLRsRrnRq2^F_1bcjpBiTh?<_^ZMicfxNSYBm~&i99fir0R&yR%@#%5AJ8d z;kF!eQ$4J06Z)I*ZoOrzUh3BRnthYR+8|45dhNNlY!#7s865_FtJb7@S*_y`sC5gu z2(LP#HaVZ{tsBMqcB!H3*3jPgM_9L)Ox0~COsfV`xnOw5IQkP`=WqW21vCAQb&uG; z_NnpLfrX^!!Iw94YC2uQg3i(%a6UE@+--W?`CzMF-d(cxv9r=WHC;YWqOUcHTUnqzZIv5v|U2d zc_wX6%gY4kJBJ_QE8W9Mqt36YK7z9a;s!=#Jq~+TjJ{F@U`X}nt$GlB4=$o5w$d%N zNtKvlLcol7uC=uI!1d*9xP@t(iA46W({{RT^ z)85|t=n14Th6s(G2+wMgT&!{0c<$um}?hvBKT#j-P?FCRF2r&+e#iQiCd!_ zoP9rpQ+^=$V^Q#Kod%PsTSMfWTtw`P15)U9`X#hClSH$tGll>z zF_B&W0Ev7Ub^R3EY4S&HEF>{PGR!m11yp+%&185?`UUrf^{`CNvNGY7fg6Q;kA(GD zg^k3sf~;3)8>*&+yo=UeGL3DujRmdZHup*Z9>CW(b)eeErQB)=rW=?SD5}4Hproz2 z;4o=go~@|e-CNsC^DrkN2qW;XNz>uhqtUHxZtTFle6Px#PpuXm`WwC#(Da)Ls8bc=M6p*1ea*Iy72qEE2df`DFZ}sw=4_i`zR; zZea`zS^1T_iuMlywVs`#TP59==wsx3*bF;nl!lST>pGs1Ca*obO#91&b4{;1N%GuxPdN#K^L2!?C7ZN6V1Jg96v1$eevwaSwsI}B+a^&v7<2BD} zZ0?0T(jyBRP% z?Jb(p2DVih7?X~p+OTx1E1L_)^Jc(f@??G5OzAPNH25y{Yn%J=5xXo-@HsryO-3?> zT%R>E0W^fsLssI|gU6AKucdPqr6*9}ZhnLg)EL;Msl?XstAsnr6&0SbQRh&8#owadhV}h3>J40Pi%{H8z(D+%_(1@x%1bF;r>t7cW}=P%)#Jco;v3=fSkv;7-Eob&*f8GTV2Np zRd6I7O$N}|$)4^@c}1}evjCRI0=9I!+XJdcW|Js?FLC3oXC`YHorlm~|r={HwhG z0EC}Rn(@-g?Jl7NsC5So?kftFY<*Tw!FcR-MN11!$@wqOx6G-3;#(L2MMsdILBKW2 z>sqw;P?Ip(3XH1Pm59akNA}l)eg#v?oO3M6DPlTDbq_o2<@hhet>LY3=~|38Qfc=3 zjj2{wj!~6hMml=)SQ?5lNL&CRXC*-GUOejD{-mctY>tabvxic)FCrJ`Z_>8@%JwQD znHOsU0V5d|hdJp|rO>IS+C&;?k&Mb1w>;n;)cZMp%YQpW0YzePdR3jAscw7s!Vd*_ zTjJe^i5FGZB+z`Q*(~J%80MQeAm_0E02=wHP={3bCF9*sz&<0?W7RCBn>P0TJCDqSJ@fG#IhK515x{!`T8%m9kaoW6|`$&$@ zQJzgc-C~KKbM51v=D6o8A4x(U>QABBY400B8W2VXIX&v+Q*8{O9;9T}PQ1zV+?U#z6^|V7%A*euLip)Gs(x-<%?+jC;f#R!rJG;ZASNW zk?Z#Qk+u6Yyq&o}GM~=A!o1KUT|tuK5+Re22;kSLO!y2|E>5FIiFl{OM@zcB7SS!L zazjVPE9uYKL&mpWIM+3Af&Mhot$bf?;(Hd-;8}vSaiYfm04t+pV`*WIhxDg3cpO(v z*2||+J2ZJ~)g$I`P_3Pw!VfIz39;%2!4Rz-I*YHA>X1h|(MaSe?F= zik7F_;ogId2U;R@{x85Nf3xohHPFX{DNLgeFHMmOaU> zPYY?D9r3@zFBfUfi*Mu2A5=0Z==WBS&?@)FGx^fxwxE3Hs&DY`h|&%0sV)Mc9OP#; z>pEr3Z4!{gu>&=Pk-Sl-EIXqPPba1+Ehqas;$>zXjw>OXYRx9rQ`BdzPorB6^Sr7# zeAcko%6prW%WABO$GuBoG>dxAXKuH0yfa24E0EcZg=qIYyj*U6Vt6-Py6~5b^^X); z$>d#HYIh2Z#~xlKCcUp*i&4~keFu*3pcixMaS5J9A1FBB`*$COZw|-j*{qV9?tZ_1 zz`qmz$$hAJOIZ*}4b`v^xc>l_QUjj<08iGxQM^r}L#=7^Tk#u1dE) zJJftDV`+1BV5&^S?zA5p6z3J7t+KV~yG^-!a^~oQ}=B zau+q6o~PkHK0-LEIc6EXUMiEfmZ`s$*WQ0G-VU)EeU6)JHXc+(3`b6t?b>3X^3Df6 zPHW1l?tfxslJ_+|3|c`ZfvDdLt2k!1Df_7(4=zqVQQsBFC=ATtFC%~}1L`QP0Vhc1 z1<5KasMGJGEQ|p~>539Jlsg;gcB~#Ss>Qem(!3+$b;h4?W=2@0za+^cC>b?{Rb$Vu z9>(Zv8+x)otfi3tCaEUs~ks)d_dX&7oTQ(hhWZ$xB|+(NUzkd z*@sAi-@l4_+>l|<68?!=1UoobD;eyO7EJuWoSYH(n*7KA0D_nJDt`p{`{6#nsW4*=l*xG-I3_1%$lkw0 zpTe|~(DSevylBnFPp|5Jad@ubb?*~cYX1Ofb9WRg0B*uQK3scZy}v}b15CGAazcPI z4_e`>euW8LCWriLxr0{yl{|B!S{DA(w$-h#W5 ztRXS7ZpWAi7{|Z)^{pu$Rx&n~&*(%nXjII z;HCD>@blvJj*+2UK9Qh!qrr2@rrnTyro9C43FA9(--xdJE>rW0)0GTcx7tkaJV)XE zTf;xH&+Jd}PvE5XdcLWuX?GS{{o=mIhfp@B%Jt9 z#umocUbxh!n&CF>%a+Mu_~x_5#VsST&*4ToRWTTkY^^?KzEP7&{MDb#`hwE${S+}H z%Eob?MKan{lg>V1BR;jjkKK7rj>$6g(^@rQ&` z$5D-Cy|kIGEu5Sc8-8K>ey7&HE|JcMs>boChTOi>yNq_M9D5l`c3PhE;7uau#Zpdf z9bO~^$%D{=oL4>Z>&MOT`@=T+1%zp7adU6x%Q7}yxgZa3rAhPoo-gd5p7s|PdcLEm zYPYv?+{Z2uGd6bPJqK*(HSeAVzP<3L_GQ+P#(T)wSxcN38RTSpX17vXAC=;0x|QWs z?0&R-Fx31p<4qzxVt680qyZ$iMjN4gbCLDUb(+_K^!vR&?$*xKTv>T%axl*r^sTv3 zrV|ZkbbMLjZ6jOowy3bfY2<07<~bFQ%6&1~y=&pGfHZ%Io)+;1*NAntwech@#@y}z zW1JT5dJNW5q7J;Ss!rM+B z9F`3uQJ3VI9ezOn0Nw{Y15p?r$Fk-(G>-xNL-=8IH5Jt$zPN#esXPn2Y3czSgI_3q z(mxM8S@BC!pW;51WVgODw+h!WLW>la(4gc2#z+E`p`nw(Me2On@ax37biR7qDS~As zUO7e?92^jR^IcY>XAP#TbvP~d+sFps4sh7TaZ63i>S3(3Jp)R+wT=c8!eq6Q2Z~i4 z!zmxuzF6=qm;MFuZSRNVvrAnTH<99FCQBhX93J1`Yodhu9$q4g-2MCgjQ;>>eOJaF z5^sY(HMp_6wu;Q$XxDPK35|c{nJ3tOqP~Q`_*8ZKxMuLmD_qLK3<{;Z;!i+3=hD3> z>!HU^JhHj?llyyUIuFCI+Luo7o{ym4_+wH2!cXm3LgL-0Ex0s%pPL_J9ziWbvqrY8ZUCpz+>LO zGk58SP2rNWm+Bb#N zYHA#@hnpj-=P0>$;`3hBxW!D-Kld;4fZD?NFda zj+!`=Q_$@-IMoc&L!E>XwEi{bnx>I*v6Q`LRP+zttVPWd_U}v!7@9_mp6%MZsIKC@ zw3(TsSB!!KV<+iV8CbZUeXDpk!&h3N*KZ?@H5Oo405HSQit(?EZ{%t7#iq{DY551s zh;a!goC>Es4Necj`UiyK(r24qS#Grnen|YofUAyA*Ep`Zb;vw3rU+~j7*MXj+ec4o z#!BF1L#wBW9pv7vBxjMk1-QMN6Cwhq}fJerfphj>@THa;a) z(~g`?$l;~~0guztx?N{ag3>u4FSSu~h39v*XuBE8HZb85BnoYyK3blEbCaI+i>XPf zeW}A)OByfD82}yB5_4&BCam)`qD7dKjpGKTz0wvN7nK`kp|f;+a8JDed4=bMHEmK` zeOA^J9;OKMz(4B;rFB|PnSEtEYjJ3|KQMI;xd4vFfKRd3>eoeOO;&3q61;=ViWLf~ zPoVU!Lt7en^DPXlE@nbfGH_4fQ*B2SW&APHHRwEBZ*T~-(_-b2DcdmgZ~nDm(FDKWU;=DgOn@me-OAs=5Hg_Lm`A}w#sv#`U1&lfcP5|R*uOHHUGId`R z++R##O}nE|dX~>pXeu%)d`^z)@=I%b*x)T}pJy0R$Q?R$ua@t88FFWt%f}o*wxz#JbHUj1s!MNABlb@TU=UCEbpXS z;Y$I5BYqvn=Us=v%}xX2t6c+Gl)yHbBbA2W_&;|Y&q~Tr>}NCDKWV8G!QLG3o}*_n zPA9($aK2a@VHhJmpN()9ek1T6wAyX#Lds>hK^(U1aj=d!KK}sYQ*8;0v2VtH3GlX~ zExZ;wO}&YW8wxqylj>{J{4wy;N${tFrfp1rX}hPL2}uJOk6viGUeKqc>RJWfiG2`z zM09_ZMgs>vqwxJ}&#pBe4_fMW@m}j1eXGfxyRr`M%hIM)+a~RnJV)_YNbqg6ODw|r zQ}Ra?e=ugpwR7GF_=A71-b?3BfuuW?c5P%|PPDy~uqd;z@hzOIG*@AK=}U}|GH`p= zg`R~TvlH6}m7`?Z`#*<@N){dZ9wDje-|(;eMWU--*nlKAS&9{I1qPAJI%bDQ?<7oo}xc2%~7|9y?ovp3i zjEQjHyDCb$jC|hp^R}$*W2wmkFPH~X4_eM|XH;@Y$Zp?_asDOHr~4~iMvP%mo&{+b*c@zfo)wn*;pAqWqg6P; z>DIov_;I1zECTmXl-w$lk`8zymEx>N1>+05tvgx2dn<=aLoQ-XzjZob`qw3AVR?Hz z_h#-Uh5rDD9ExCAnI+RNEtV-EiA#OfA9$ZiJa3|EPjPMbFfaVkwaPizydM6QP(!ih zc5&VKL&Rm4c(!6VJw$2HzTh5VpfXYbY-n3`PSxeU5mvR;q}Annz`0_89)wm>Rt{5o=fzru?cDHrZn1%oO7*T*@*nLR!34_i zPuD8Fe;SsFXKVIJ(@!?-a7I)PbC0ESuxROd5EF)l!*xAJ(vyfLb$V5#)~GG5+`N1b zt!Un8`p?+bRfbfx^A1TIXV#af(zz_QfnbcPNbIBMJ$F}$YLO~ylgzmhyJRUm;os9?F%4rcOIfjGxX#PKhNbvw&Ny0MO1)``Lw&p}$o0y%q)GUm?IH1Dy<`IPbb z);^zoZ3K#UJ2-AV`Kz#xR`7#_j5o3)Ui&k=Eb6aCl*34Pmi-}B`{vZ$DKT6XnZp$;s<|M%*jMSq!Nafr#lkS5c2IGzm zS+ugbj`c2MZHFg!9Z%M_R@g3dI^B=&^^u7XEyjq@&hSER{(Yc!Chn<}jz7rH1283b z&#w8>JS}R8^8i~N>qAn9c2*TnkRLGTig)O2ndV+2v9*(FLPVaR@+ta4LWv&fHah2M z9bEcSmf8f9=zfI9sB5+`O4^b-73_WMOHc6Bwon_JxrC}l6?Wrj#WC`pkKqs5`%dwWg!=f@W0~4^ zL2nlxQS~HuuW8kO1k2!mhisDSD|=-vx!&GzB{TdUx#odcEf0XT?-5#COf*=gm7sv_ zRcG85nc*3uZDM%^vw1Ctlgl_Q#W`+lrLKphU0vASLe}$161xM1?hZJ}t}f$C)-?Ci zwJ4;Nt$-3_^k7dp9s2&Xjia%@2aJu5vlg)wtp%;rv83rv@U#II_zm4^Y?EVgTrS0^Ey0-f< zm0S;$Fkz9q)ZhwJZ1U%$vG~he(JtXJlaNa6Jud+bh6UNS))jQ;<~FHPKO#@h9yKpv|NBjOwC7Y%bf*DS|>u zMmcZsuK*TST85vhMKs=3*O!D+Kh|fc$mv{Ck5jUhTOQ;4KWoo@c)trZi-{UL_*hwF z4=&x490Gfv*EL5})I34(!^hemjJ!1W_TDnkuhK|bCn)NO`-msginY1l3WxX6`wRZl znjh_T`ziP*;^n2qyq+?SHMG`kQ}5fzxl$c_5rscSudBQxtge~jWw?b{JeXNX=s^Df z_0}~b?`S#oN7T~EW2|X+R)!`_f2YNyo6i{d zE@7zY6Gq!w=Ei3I{>^_Hz8!pj_F-SR5KN|eL@rIimvg#Iky`<$JXR^Bu_nkTh z$I}ceg=oa~Kb$}KD9`NubK%R2zZ+=!dtXfifQg__nn)P^;5zU-eQWXVXd{%F739I> zZXA!TcTkn|Fp*Uv^7b&p^Ml1j=Xq193eA(quDEtEVJoDQblS(T?NxlB7k&wB;FI38 zLL!<_$`NBwql3jy8BQ?mvjYIoM1+zzM-LDU&01Df5{4|UFvpq;rr6tJ?Q-`B?$Mk8 z0pw!6_x5Y};o@J}qvOAV{x9g)ut%hu$gH)@7yh zd`8d)4#9~Vm)n}D_U={Bs5~#P-P~!RRz3EedF4qp&3L7UBD zeV(E1dLCzKq-$EF@=2#!+&W8mfK-yap0%;gHv0KIh|ysVihU`z5JBRy`gHNTMxcGxIL>$#Ox6cyuW4G9 zo}8ADx0Ukj!yc97+NGqH*0Jv)=4K#+)9YHO*qgVZg=4C&n<1HzX8FG9HS{){@fSwa zEOd=MG}MM&zr2}Tl25*BR0{TG-xx)vUTL;(rznkxB3v-%-n_;;A0{CrFe{Of!0%2m zus9W#2TN(b*q&KA!5zIRx^1n`kYNEzZX+Y9t)PsDf5J2Uown*JK2h^*#yQPyUTPNq z0A`QoJMabw<22X`$_tw!p?6`PjBala0=>Gt+S5(t3!I2?FUBHvq z*jGH?L#8W3meYJQWjSbWLd?qGu*ao#hFvR2mPu|52<1QojO`VWjVb;$+}Y??ei{DB zg8u+ZjH}ze2IX*1Bd65MOw{O%qVNo>W+(+RDQq@qh=?w5Ew}$DC@CrLYeZ zM!SXvG0&}R_(Q|>7y?3ux+GzcCSRZ@g>Z+(_Nyf0@)}A0@F^wd9RK9NvU|F#FiIV3dn7u5q|A3 z9CM8N;;?SDeM;Ih91Z2f#|&}OuISlB+VJJH=4kIEcDOm`+vqFT?)A$ltmd0Z%urP%8>OEsRFmP5)L@N<^+ ztl%dr9DTllcWm=dAC}Ar7$cKiShh21hg3^>M9TXz7w==P1zWHwT*L8tpATq%+Va3| z0ou>BWUfz4R*#6hQ+FqVblCLGmQyg>Kg;tUO3B2yyBv4I%{{db5)bX`ye33qLO9#T zO?&pU;p;szQy-ETT*baM-<`wMQZ!Pz=XSmu)9$pJy&~e?NMSNFESLp@bJX>&8rR|F zq*|d@M?I2Jh+qH0h?Q>CDO{zFU zETTqX_emVnE-jw7r^`K~iwovgWcdzzS0Ca_jVe3j8hzx?BFYQ=xW~6zMyGkBP#)C-2^~fi=`vtF-!1O00zAJ;* zBGIg6)Glu=mMgoQ0Vv>>9X_=(*wFLcIi(M9Jj^aj4E7Y7nUuuR2Shmor(b%+46PGO zlTy2Af;6X+2fcgugZJr>L8e?3c!4LUMm41~qB81ty4|$8eVo@@gmFXxa7Q2-@oitm z)^{d7F4;eM87^f5s6DgzRZ1s8g4Z5oqE>T)G1j&%rioymaB0C9=a99Pg!U;x9p1Ad zTH8kV0KUR8+uE7pJr%qntu@87BOXct^8@ZGlnnU}I(yrD&<*_8$XyPJ7En)+atp40b6sq+l^TQQ&m3iFFt!QyMw*Ffzna z+FED^%EM7to*Ro`SaL_r?mZ}!K-ZhZ5qOruYY1*5g}jox(BO}Mtz6UPwb68S(rx1a z??4d020%esGmH*%`IAs-7@C&X$#NtT4C9|{*PQD9B7)yhOHVDEE&(-zG_cKT(?h(T z(*EH*UJ{{VqCSSQu>gAK~f3CV&LIob6eodrj+*Wbwn<=3AqaHFE_^f>=l1*td#~Q8*AG&L3>}z5z8u9d|FKAX7SmPtEYuT*)d9G^qO%>ZiaV$y` zB|u`JU}V*+6pY^z{hv_q-kW*$DB#p#k;AYjGJl?Hkc!fKsN?c&oVgi0M_Pu4qRToD zhNZodO+sBXoiXX;vHH#V0Il~+(m1GRYfhc01X5yIDByO6U*^An6`*04IM!=d$- zpW*koUD|cTGeoL0AYrh6HS(XtpN@K0!cP%ubLtx03oK00ENXu9V2V+M(4NRAq2a#~A(+J>-edU#1D@S+k6Q8lMkbR^G6ng8<35$cIWz8X)R7&e8MacO zJ7f7)waulp>24knxLh&MQ(V`x)b=UTGuCM|6uP^J$o7kdY<~##{Gv2Q+{x|EL%tFSv|+D}7_cCBlR ztC6N%wX}h5j0CPmcOOcq%Eii_wmmoYKKS|Y)53|ZXx|hpb!cLOLvayE%VGZji3lF~ zuU7Hit>79pgT_5T2lz8lj&;RNtzx1zc>wJf3T6u#imt~nl^=}nz*9cwdr z>?WD3ZMhNKD$1&UQr#N9e(_GTCy0J2c!n)d8yT8Vps>Ve0N^j;Nc=0liSn7fOGN!G z{{Vt`Esdq0ic#kCE?ZCo%io+ZBxDb82j^e0J|oesn@*15t=%U{KNZQVxm#$UC^js7r9?IxkGIJvpnxEWOl2jBvX)gKApdA6_+ zHb_(wb6#b6UEKPNlL-txC{U;H#U#BFvONmamm_gtROAy{G3#3yl0)?)j8`W%wm#bn zEep$flR`*xz-K2tstq$!ML5cR?lNl6MM&Pb*R4|KD>+?KR^?aJeSaF?v1sfkI?kN2 z+v*IsE`V+$(4R^h?la4LV`~M&{iZ^#Hsa-&bGzH~r10&^ut@iA!1eE0N?i+s)b5dd z*n3lb=3tdLaSz?)5DFeRV zq^pUveNso%EHE*&Ki*9DIXT512l2h+T1BUTwbqK_;?$Rh<7Y9aWzXZ&+PiS^KOfHA zql$6peWUPm#8(;}{k*nwJ*>;MjECh1@vq+>fu1fNBJfR)rMlNwjd2X+TXRO^*B?V( zr3Inl=JSH18kg5wmOOv(u6;5=;;$j>^qZ+Llg+}j@y2?3R$qty1N=(yv$A+Y!Ixen zg_IvQF^I98edEP-avuYa;;c3rjIkA}D8f6o^k3KJYJS+Cv5&_;3I5L7O{a&gEp?qw zQ`K$kwGpQyyXi5>z;|K%IROiF1(%$WUparlZ%v=TkJ&%=F8ztLeN{Cp@pT>krz(xV zY8H`&c^Pw%vPnG50nb6t892^1-2Qx*9^iPliZZ+&3z@1_B_`Th@~&+)y`L{sosYqL z3vVhzxs^v7aqV55t| zds(zYa<*?eWDk>^d)F=h00{&dQ=(tUZDll~43O5AezQ+BUemZIT7K5jJ zAk;2P+iyp+yO8G(juF2Dz^_J(50=Hl-e>d?`#$_J(*8evkKt~vqE89y+C{`#gozlD zRRm}9Y>|(~znf3m*Y-{EPwa#HLHtJjp8o*1?Yv{5TF({cpLZIN>uEafMUj7nfZ+Wr z(2XXebMs1^RZZ~+_75xPbiJ+mSx=VM@6`Q-{{VtXCyP95_TPkhbH1SzFdMl1#@a0v z4>>)#5jw3Q@{aq}tQ*Rtt1@<*mx zS_DnV4oK?RuOfS&+A*NH5?v8``a4}yM%O$$sCkX2>K5kSeWx2iAm+Rm!k+}^_@~ZE&%LC z`Q3`5kN1uT<6o@5@L8YO`u_k>{f+(`_}b3?OOG7*KUskc5U$~K6~QRTt=B7r=cWPn zHQO3*l>T+`M~tcD*``~BlzF9!sGz!8J4MUnM*xG|WM;k%_>X4+rQ`&X zK0pGhDENw%_2p-_d@lI7z5%;yw}z0sR=+;o$>v5gv zSAik)HKeJgv^lC&acAQf?Tzqu>*0OMd~EQQg6SG0w`&K8bhwnN!7g~64`AHpvpyed zdPj)tgmXz0(N6(r+&2J$pXpw8YDST%cVfnn(rNd`%sUh$g$#3%pL*2sUxYN>YG3UZ zw~7r+Adk&d87e*NI$AO(Lh8q%{3-DUiQrd`;_~6GUep(f!26z~=xg<(!C&xFuYukR z_;shj;GGWd#lIDn90$0!D;>Otjl`b7dN+Br1u2f?Pe(lp&R1!IVfssNiu8T@+w zHS|=UWB5NXsWmMNnmm%(?J<@ErVo1Wqm3@@+TodEU_PR{<13y7=HBLIz05v;Ex3$~ z`c|-WcG=PHUEJ277th zF&Vf4@~$}sm5iKEMgGQ<>=E6-q37z$p7kcydrZ!rRG8{}QDZ5iowmPaxc~y~&~e3e z5=!?L>u(8oU#k(`gCf29#*hIltQ>H_)-BsWiwSm5D2@r~NX}8}R!w#YXHjQpB!!3! z0l^;i=sG$LV%_DD<7I_{u+PndL75(_rD)a{ma{yuB#r@4TcveZ_ZF7_0B5taKwQGC z#k-O}{Z#BjO!C{Si>qtt!@Q3R9G-sfwPwq6ZE-x2%NLr2bsUOBzRc`VM-~Tw;v~nkCbrm5B3L^vy?fvcijS3o9N+I0R5O>}JR3 zU&V0~w1Pqo4RP9rnH7bk(BB_7c2oyB$)IPBY7m&N)s?}DHOhc9iqF!RF2cLb6oqvbd`81$}N;?B1Et(KK-V|F~%AHLkVFVEfU#Q<@h6!C4} zgI?xmwcZMUcO^%tuciDyeERN%1^vyl8`eVj0Ps6eVkUH+0hhyCm9^cz-|c;1Nb0^^ zgJev+kjgubMM15bSY<967-RsB4@}Tzd9~h;8I(zG<9>H!af0WPQ+Uz$oYnpZK_uG_@l_eno9XO^2(|G3gWQ5#Ew^y6Ld;tK) z-SQ20`bGAgtccCLa$3z2;y@4IZ&ChxP-P}*>Ru|-vJ8VK%IbDkFwU_? z1Xk+Bzt81ZTAjAIvcPQvv`j-Y4&ZkEC>hoGSH!m3)}eE!TElkt@nK4oJQ3S9*6P~L z_lRxoG-;p(6~K{M0o*|2ngGfE!0`T=;QP_3Y1Vdk>v9??A;Ona*spwX&#A68ybHE{ zJH(n~=^f3hi2(y>WbO&+{{ZT#QZjNqYs7vOe;RmCI>gb*4C{=$Zrn$wxUZhPOZz^q zoHWf-O4l#q0fzWk46Y7APs^=UiSjqCwEbInO!tpd7j$@!}~p z>&t6J(X_(0ByDLilY!~$(z-7J_;*>*u5}L*OLENKSC{r_KIb6wxACmpdYRj)!FZcb zlTw1@Y9iX+At?EC^BSekUE$~fVHw%V`ogTVr!qTr5aS(+&>jor9ID14P8bzu01 z;s=X$WRA;JlTQ|qWo^CV{>9|E%~#?hn0Zcn3t({8OllJx1Pi zxL4Xlrw7)XiU`s@&ToYWQQZzAujMA`NpFzmxo2UFgk4sCtXkk^kk8x~_mh~Xi z8^#G7hOTYxY~I3n;6fPe$OErj_dP3*j?wi<1&^ARYX1Nu1#E_2dJN}l8ExS^9}ldb zXVhZ3ca(sD4hQ&GuXtkm_eHafmc}AjfJWSg^`OE>oOsH|Q=d|M*GCqAdk3CRY!At-F>v8)>MrLsrqXO-naMZLJmojIShm3iUsQqV_50O;X<0TXMieCXa9njB*dX zY(0(x;%CDfdG*W7wYd8v#fvD3cCS2vj(}Ga;nkNwfvt6s_Uo)VBN5Zmg5xG&>pCUX z-Nctx4HA2S{Ka3I&AdGQ%r(AH(fPEObZ1 zmYQk?jyRRlFi$+1%hbFD)MGOVX6HKxerkkz#;0%ModP{7`$L7HXC!pHg@g6k^>*<2R|#Y7E_xVXq}eXswx{fIrL_XLA1ljdmU#*7UG0A-ZXH?Im)0 zzBr(Z94Cq+hVn=yjzJ#6cmu9$FF;#sYsO-O)V4a*%H?x*J>tQmxVD{QwL=Vp2Z8BW z_WuA6rSk6Xt={o!%R(eW6uA z!5HJ3ENGpKUp1^R5w0^6%1FmhN#?ul2J7u{%^kw8l(_?r)e=QJTSDwMFKk}wDKTi= z06GTr&1P!1w^n&T%&Fgu^Y2;5aYj}+TWk4lCY;^Cmns;AQILMMPEqDcu^A+Rc^n)S zu85|PV`@@RRyxVE{wM|DHL+%|@#QqTR zmxZ)DjXOhwbXJ>XWEnCr95sCBseD4w^$SPS;dK`=Ge*$A4!HFclt(DD(?4aO6t15K zie09=h8L1lWo9Haxg3GhAK_m|_^$lw{vVRmGZ|!7EtlYN#w$x)=a!88h4C(xBwirY zml7_=Ws@M_zH_>}&kVXXgZX!{B;a9?f(ahgO&1w>j{YzS15oFA1*>Nv$`G;~5muLNoL9z5|~o{3`9Lp+M_7(w!}QPVZ_ z_ron{t=6NUOxGg%!Nf$!zkfXc0H38OzKq?p;?eY+8kVtn;k|!Ju(5l~#9 z$Iu$_{{R9X7Wk&#`@_B<)t=hl=W!IrYDPf&rAJ;zTH8&JE~Pe)p8R+4v&HsfQq(MM zBW*4c%uI0~lyi=Aiuj+!)_2mSzNK=l8ko-HVe>0g^6PSA1I6y)7Y@VBmQ@d)M^9?> z9{_lsZw2cXTBWp)_IYLra+|(TxcleR7!|Z0hMvs*XYh}SEp?kaE9fMVV3r_GM<0jf zU1F^A%AzgGgy(P_sH&BTjCIs|{5aFTEq$xOI-Hj9M=~=+@?a9dPCjn6`ETM)2mTQs z5^CCQq<`r4(>xLukg-Mtj1Ih41@*DfNn1jek*Uw4>v~qXYUVqeNxaSbut3Le(!Qzj zWSW1BJS(SsK(lANnta>pELQ;>oCZHp&*4Ga27Z|T0KpM|YK#8>fFHDuyYOSiTAV5H zzs4mZwt1uquwG+ofKN@pk&j$g_8qBd68LLawrFle+)7o+1BXUjgZhdpMcFfMWP8_w z_2F@Bwk3g-G1w2Kd2j6{@b=5aJ`rCKt%~XwHf|F3+h$GOt7I@gKuG+njjc?ZKZ7s$ zDF^J;ZTmj{(EcRw_lB+JwfK3i#JaYHzA_b^xpY?QFmuIzT2F4!&v_e^hVm>c4(Hfb z^rU4`9Q5oL%^S|(IrggX#*O8yU+Y}p?l=ow3E1S4)NINFkRD7a!Q+GUq8v!bs)f6A zTXS_KM#FBcm1TJl>~WE|wLuCl(8aeoVD*>{Pt?|rig0CG4Y^nU9)l zcInry)BOFb`6KwD;3fEF<4t$Lmo0lO%uH^Uc@TjpW;_q2Z%SI6^&)vBuPlfXHFYJp zAk=x1Cn{4I8*)06UGZ9+)+8b23&2(!1CQrQ>iZrt32xP}iee^201udcw2`wMX>xu^v@Bjk&Dyq580P9vZ++EtsVAD0Ilo<1j@k&VE zC-h(c00c<=wC3={_CK@tjb2?=9Svj_=^)=F<(#LK89e!C<^*)F>*L|pp$?-Sm2Wnw z=jxg{H`+wR{MVK;bGQAVp@GM4dy3_#jn8!ZOq0Yd;X<&_^D8g#u&eemZ?w5>e$Fe6 zI(XX7{uTk2NQlQE^%$->l+#D>5B~rKqy32G{gJR40Y?D?Hw81lCehQ zv&4)$AtYe)w-xyxb!aZ_1fg=c+BW)DHq+30ohN~OO>?6_ntM-kBx*zH)ItjxW`Ixsc8xMA7lI=_>Hglmc;3LxjK}V3KQ))<;MdD>HTZz{TdkV zO3NTf&UzEpyQ$3Ms6(zumZm{#wpVe%>$bDB5K;3e4m01OuC(rQn^Wp2&SHg00O0X} zYj;3sEM`}E^9 zwIsV~;r$3(#c?#!JjJq6m*vOjT_pM^hrB)FEk46bxti+E>NRyCHi+1ak@!$*q;!5G zwUXY{8zyfpSS3ZE+DwRKc2-^3BfSE0D0s2qEgVtX$iOh%RE~4&OQFdebHKz6i_R!A zH2hVmS$(E9jT_4#b>p7(=XWfUfe3a+&POyA9nC20F5_!yWI!#BethyP(9W}G9+J@^ zFzo;_Q=XNSqI53DSMc`M4QAyYHXkr2=L7@CdgOdltLb*$EHOs}GNQ&(NXr~2Lic|7HiPl-9@0iCW7suIH~S3p@0AMzR4*ALy?KE1EQ)!q@_9!9~(p{grwZFr_O1U_?&cBF2d&W0&s(=8-LMchUP zM^B|?#i?fKkO5{GIqyKu%GyyF^2+79;B~If*3BLdDWd?k3C%>MZ2;vwXQAm9-d*LS zL1xF#&3W{4nxJKxw^W#oo9n))*updkPUU-5Q;NVk^${riHKm|Hyg;$<61$RLu1Q)L9Xj}PdrlHPa>a` zjGjeuMg@&T%)5G%?N;QG(-onuEBV$Dt+M{`^Sd14sp!#P!+Oz5@-$}~dFp))WhZiF z6WqKtZzi4QY8r7XECe$UKJ9rQ#NQC=S2uS!N1Vz-63fz@Wn()Yai%LxwJtw&-3YGY z$smc5qyu2!f!?)7(Hn7jr`}x{(NZ;51Czlu?%o!;3#V!N9Fqwx#$+f4Fn`DutR>K+ z&i*8LitkC)FQK)DORXaTRy7AZvU~nj<+@LbuQi9fhCM!eIO6$aQgebw{{UQ7NoZ7I zb4yRLxVBj?!!SbMGYpNtTJ*gtF{xW_0=If>tQ#*?u0K;u%75qs({36fKDdZ^`E88QlYFy~q8eTNIg6(Z=t!$RjVNhQK zi4U!G-w(B2A4=2i^*g(JcQFtEk$RtDQ0B?Bj&o7ebi0W!Z>%O&c5TECFmql#tlr5i z(kPXrB=U38rIwd+eIs0lNI)+DXj>h7S4}RtrLBRuNz7ZaLY`|k7HbF)+g@ldqNU8Y zuCp_eKp8B!{{R~DFBNOw5A^#XB>K&;)L5~K*>D_z)SAW0$Du}>=y@yt(YLyOf&Go6 zJl8rLjpcy~;h2w7dB+vt+RuhAz9rv(Xx-S!9j^41Ma* zs|O4o5;jYI?Y-Ocf8>^jq4+agJ`~n;9}tyh7MBTdgQoHhahj>|SH!x1#4m{6A^4eM z&uedY93dxgO*-sU8JAidV@wEZsT`t7va9p7iSc?pgT_1HUR zwQkX5(^=OMARz;GCb64uW7wxdxv8aiBgb0SnKkEyJSC|3ju_Y^t!@Sok>Bz)z}fhM z1=h6>4{8Y}pRHNAj^fVXY?dZIp#K0m%ay%O_`=6S;xf;qUfbK-iJ7B00Aw24@gKyP zHP3^84E!0V>H|yhexG^vTe#zsZ`&X*{WH_rl3mW&Esvo80BDbg8g{4fZ{dxt<)yv0 zp$Td2Te^Isa}YgCSI$~?hoZ&co0+A&xjrg_;4Z>2lEsdr-;dU*DD^vO(@#^J(>x`l zrS;~kYiR|%(y%iCG3HkFrHX0r-X*GimKG%K{`P5Yv9GX34xg*rM|x~-7ho(#eQTlC zZ=|+_*fR;ORuHL^kr+Oog(oHom5i-6*&AV1!0m%wYT6K2YKa?)$;+X%6^v`^`&}k< zlId5;-m2w?-O0!EBE5>!;U|Q=dvl=ZdX~GXX?m5+m`9B>u#v&*&j&Q)W1hW4qhxVk z7(ZqYiJt`Rr|~|UsIQLv7XkhI+Q*5l;~&J!-xcv6#HlTBbqy288dP#kWd2&r;P4%P zspsfTbwOD8?9Q(;X!oy#e-iaChu$T&@dt->AqJ5ntn#2gak`VoUX}e4d<^}fJPGl) z!!k>$>sob>iKDXG&@&CUtOf%q9S=?`(W3ev4T+AIE`MYjtGO+j-^(o9K*w*TdC$Wi zfts|xv=8kEEyjy;b*1Q@5t9DLB>wXt@;Jfj!|E%c(z)km8PqU%c~z+Fl0TjAiSFJg z)NMRPbd0k!Zy*QwRha((L0sN}a#0t_0hjzM#;pr8^y~zi)bxujQhV2qD4}&>!NBiZ zb7@yMafdPac;h(!b;i@V^>|ryEa}=tqYN?_+BZX$$4bcm0EAb>YjkFgNDM8Lvm{lk zo|#)v@SlmZ4c*3@aXTXhkI9g>dH(=BS8r{1J)Dq3I?W8BerV*%w@*V;E0pAly3A)# zfwn`Rm=JNCS0862+E${fLhNymrDSahE1t2Y+z%-T8=CzLH$~QKz{`hGW9p06- z;r{@!K+@biG0f#keB-CRcG7{vS{FHAiXH;e{wR1oJU(t9@czANarT=F=;GZfw?et} z_N4fq;Qs*FtHBrl00s2F0qXuF@z;%!;+Mtt7l|sn#uw&bN`($vAO*<%3H0bvR@D4g z#H=1N6=>AKLzy>ec`Imr{{Zm+080IbZ2VuN>zY4?d}ZSw2;5o$s_23#18MGh6bw~~ z9OMS=!8P~i!F$iy=iz6>uK@Vx;Qs)OZ!P{7-)l*0;tvb!mJUvz3j)7rR&Y+#Y-Akp zdYo6Rsl%D_?0y5q)pN+wl{X6~881iC>A#`+oAE2+_w0kKYPLQS@wU65-&$#{9qdVL zyX^NjBP||5Ju)kz(fj0Bm3QD87l{y$a*NzYMgQbuCv?vzi;tM(l|H0JBk) zf>J(rIM05E^RMJX_LBIac2PevG~f%PvsQvFrD*nMHpt@qae2`FFnsr^r08=axMOp{IC1T(SPq*Ssm>gqrE@ zBQx7=kCY*}2iqK1i&9r-_WdgX8TR zSMg_sG<{!Dj#+MPtyLHhNmdJw)~b>{AFQa_=glzbw=9huu#q0@mF!J>=j^}x1AIUI zx_&%rUKH`Bwc@V@=>8t?!PKX?(PUVpns=RJjZWY}z$LMY+t}Rs{{RvAx_Kr=i_NLU zPE=szli9Vk{I9v-{{XcQ?33cp*q`F9*Tc&_aCClv=vAy|Z zotpi98ab;(T~5?Uk&ig_1lL(@rC-}x!o^czKY4L-`z92g9iuK7B zOQ&8UK)fPGJ1VFOJ%xH7S<^%Dz7O!n5ryJBet(XVlj`}REe`8UKpN5i+iH1HkvjV6_UVPfi+5EAO*Si=yken2p5?yuXA{t8#{>-NC- zK{vwB2Y5%tz8Ua@yY4k%tj8R4+)WtFNQ)b=+8gF4Jn_Xkn3ZcY=6Kt{n%T!0;CO+} zDijoXmsa5^N;c`MYW-$zJIG zr=whCs<7EI;$ic7hmFJEy>m*UXXw(b;?nNV zi###nQ)RBUoa_uu`@}|Uln1tJ+r`SFZG&bUucXE?AY0rHP4rv$o7w(Cg&$C{^+Uq*h;Keca!d=uh0 zJR9N(<(o#i8(@)F;vI#}@7khiV~6h}^(0m&jJ2&3 z#aeXDaU;*DU@}SHj>q(>bx%tJ%?gTa_)FsV#yUKA6a?3m41V{52DtIwVN zE9|d^-?X2Db(;lW66@MVopBG}xH9BOeE=Qm(_(8m1sCX_dRNq-yT}d6RxxkVF#GxJfVy2~J z&ne+29nY*zod&0;eX1z!+WOsm#9-Jb0Mwcd`f6FGqF3#Ncvvq5?=1%^jBK1>?^cf5I_guUYCV zsc2f&nPryV^4;Q+79E{P$gE!i>vsBvm1U?c&Ar@`pE1IpS|b*6)SBpbJ|NX#(e$;} zp_Y3$g5nn3ue8VWec;`(*1sq|JXz}39~=H8OL4B=c#htEK+6Ti!|rBAQH&o!j91d- zIyR5wU!_#1^?V(^3(o$wjlT<>XYA+j`$X}_k8d;&6+kaMjXq18Sj?Mz$p^Q$75Z1; z&2G}}!c9IK1+sfLHqM}u2^|mOF<((mC-8LGjlqvF4{YoOp?tO)^fx!=QY{* ze#$wgRC22lIXPj}VxY;pmabMCJxSuRW|G;CMn);uRy+LgU9jK-o`RUHX2;G{S_@bUNqr~T;Q(?+ z1lDYcEew5QQicsk2;281KqK0-byzHJLIo}u{MkGjMruTweW}DlVPL(O=QV#)w=%+5 z$YX5$sz*u&C<1H>rtv}DRh5-=le(@9(rg)QCU0FeX zbmg+Pp5h||`KTKMBc6NlT*F&DZkF;oGY^-M_m8y#bL?`{TF*7)@S+ge$Ool)mHv~c z-D)yJ2Z!dkya$F%5Pkh<99`I5_!q_+#pR%vPKMnTRb)8op#9zlr+WG>d#Pg3r_waH zi%q*Wf*sp&f&~VOC(RxR)NXtS;zwv@x$?6hxGB|(edCW_O?!>ZkZVySkOwLEw-JLt znlWvbM71I@!yAMy1TTF&gL0y(Q-jtmM8g8V0qQQ!`)7Ke$O1xM;26* zoHC5_-o2ATv5&#Grh9w29m<5rJQ3^<)X>1|@9m}W6c+coI7`-Zk_f{OU)H?0SHZaq8ck|exz(i0}v9IL2}-q`UCc{ui(}I=Yx; zRS(JKyBfGelgjm~suUTde)Eakb6&BHWIyqx0|WXag+?sR=J=Sq&; zLnF$h?%mLRDzAt9J>k6;3%TCKEpOi?q&O+e!*`is!^KPyMSrN%nb*E(yq9*&e5w z+MmPMH>^GsLK1%?(ByxY9 z2DUEV_%WxIWRdP5wevRp+=lfT{A)K{(ycr{ZxyY&M|7$}Y4YE}Z7j;=qskOeIKic2V-Dw)Xx=>WpM#n>{6FFiLiyDxJzPK)KJW{rnJ z+3jC8$sUsp!b7O)Z*{0gGVc+gPzE}lY9QH*L+9~UiDVvcw%h%MW-(#d0y)M=tq%}t z9v-@gSP0{}Nt6|lqU-cEW~wNT$HUfXV{EfPhfY@g+OW!ouqCPE2u8XY*#LvTCd}baY&8ZmeGbRP9t^%%=GSz& z;Idf$c0l2`=cWg(WBfMwgRjA;uZMNhZ*gXs~Q0jxKb2=a)_>@hQUYUZd8Y#3{49@MpxUi8TTGKBsXjMR5hJrHd+)jPq3L4Zg=~KA%3dX!lpQHuKyl!CrFM^sgV*yge)5 zvq>Tq4f6cFuhx!sUF=%6i%YeZJ2_!vaBzIV_ek{VO}_BzOXpoN+REJk!2+iJ#m+v{ z!uIPDG)6m(*~lXsO?n=g92VBEVoI)NeE4$H#c z7|>*m)#kW%1-G$fIqF4s@?GgSMBHg*yq3U0D8o_A#mtU##F~JLDD368Qt}QkGq$|y z;?hKsUt!&h4{8&zXk=S}_b&wK>9>wYUwYe{!+LWywbq)~4CoJ-Sa4guJ*!@06F&0R z+Bm06wRU`g9uEqANUGL0Hr7%{JF2uqjpH42=}{?k5$^sFxYFXaapuJ&B1QQ-*6)bK zcQIW(tb!<5<{$pN zP&1RdpXQX@`7z4Go;V+cSA)(f%>$5x^b{8>8djGx#D+5|bDm2czlCmFI!YNOELX52 ztpz36(-za&vc?QT7aO|silW|nOwj;U2U00ZV6j=CY3Cv2JA#l0f30`=CZTI@ZY099 zecUk4J7%#Vt7>E1+s!&n8Qvc!^37mDr=_uDfE1I)DH|FQY3U@yv_EQGW2Y@r!q)I5 z%0`ZizK8Uwn$WIBM0FKdnRf>m;1i1DwLMPyDCFD>k+IG(QwWf9HX59dcw?M04DREO zGupdimSA~}^IIR76UXOTofMDS&l!9X@y@H_#?<^5r`_FYglv)Ikg7xvu;V-m`Qyhv z74dI?yhW<%9yM!}<$lLAV63Erl?U4&je5|~`MPm^4kAfx=aL9Rtdf!Q40Nu9-lE&v z*~b|wgJ253c=hI~o{cr3`WyQ!+4wfgz&X?|{{Z5Am!Ilq1h9{=3($<_xNnV`Kf{Y( ziPpLuo|9vz&wCG?)29f|NXW-t^wamOYT|ougFYJRz7(^AO|bGLcL9uw*$um#*KMuo zvgq0dsi@w|2iYy6eY^PcAF_|rX458$*a5l9o;?XZ_2>R6ytw&0h!{@mOXP*IGaL8A@G`gYe|yBU$ufs?_#)Mm?3;>ebZ-;+ ziv+raV(?Xr_crz`i#To)~(5Rp%PFg6?AYv2A;# z-OprhNzTle@D6s7{e6vGWzgiQ4O=~b#o7VV?Dc&D`Zv7$Og>vEILYc8{QB4BU+oX@ z!&LC{Ti!HdPt)ddBMjIt&tXel&Pc9@#oDHvijqSJjus~_Rdcx3J(9<6fdZp27{TxD zTBl=WvG%|0@$n|)S*L}yMjvM^O}e1TjDx@)-1M)v?A}L%D$UM1@tSf@z+SPM;w#fR zo>(@5p_76Qe4YDC_$N!ZzPs^GooH+>K-1XrH!!?7QHvh}JinUB`^9tkw;B-U&a{ z$fF02xX2`XA8Om;r1jbUfAGk*ePQ9K3V~Y0-$uXl9HC z$2*mWKi0h3k|i_wxBmcwtp3aw{{Rqt7vk77Zx5gNPBaOBwKNGBZflD{lQd)g1CxR7 zYxv#qWt2;(Lw#**=E~uuXJQUj)v!VQh^nT=C86e;jfw^>6Kvc`Jk=yZpsO;K9Ou1u zBbsQfF7^dergOzwj|di3C0nmfm3Gj~hC&##C_72dUbP3DWepObkBkF~n;S!8M%X2| zRp?K0YepuLFP#{lr)oz`c01nyd{XgG!G9ZgFXL~+%ZrN-8+d_3@8K;**HO}Ss|cgiA_os?e2cZw)bb8gkN6IG$Td@y z;mh0l{S960eGRT#JKL~S`Qtm6j@98FHSms|;#*1VFBUY@FQYJA?*ypNaz9%0>LiJl z=jR8+&kIT5KM>vcI^iuf9Y;*U%(>hyt(J<=2;@&T=Vp^K4HT(XRXABQy-#0Z!fe4W6GBO%3+n7r-93I6XjRN5`P zic7mEK%SpkvW9DM~NJ3{O?mj#Iwn&@>w>UZA>ektpp1b!)aE8@0-*708H z8j4*yjDs{h2Sy{VMougHcKx0|ZXXZ$mM_`%YY64OpHUA!mvb5rF0ES)ED!$SE%|h= zdBxc3f&1O2Tli+mz9&+QM1eiTR5GzmJr++Y%7^*LOxAMAcV=bfqPSNVLnKpLPVq2f%9S|U2VO91k}qCR@;J?6E8823ORF-HZE?IF23?H0z)+T7|E?C&>b zLUJ?Ho+}8##%HSh7dM_7zMD^ySR=E!V$Zwf!)H92`x{HXORHZoO0wr5sp(zRZgSOy ziy`+Qa>ThLRk$LKR4RZ2-yM&&dNlSp@dlR*-MF`6@vD9CIblu!-#{S0`VW+%bnz2F z(ou(!)=PO>7fYm% z1TY*|j_M68mvE$LrBvW{Gzl7W-pcl|+nL!sv(WdaS?Tu@lF2-tOrxfFBvi?0bwhK~ zJSV5#Sw{!ccNAdD`{#27jr>om|Gwt33nCT4- z*1039AaVYzVC9MYtHf^f%S1^u`?cSyMCDpgIAiVpG&Zg#x*7KxCGoLIETNix&B_j= z=~nb;bxSMAV3`U?TcO~O!mF8VWZ~5H?L)+$X0cc#k)Cb1!0%iF%jUaz?dAi@j+mv+ zh>Es{E2>_8{&bCm_1q|ou2I!^vgI|4@3mSiw$U6a zL{Iv$=qjv(PSP!-irN-gnL#{flh&w33u7hhhF1r8=dEvA2!JyXyVH`i7YC_hUXtGS z-rC~SEM%1%NarK36-epO75hfX5a8o)b3v(`mwJu9Brh;0p~T-{u0$ra;n zoMdjtBzCBjdV#O4XbXR*w1@^Xv4?T*UPrHZdOaggis)Rf;N&`E?ys(YKgzNK_Mc;> zwuNham$4hRk%6}#djlN)CcNVJ#9Fn6ypT@?S3J7@~JkgI@pue|_!_l0Jj=TEbR+s%$73NzeOwdm2V-V13J3r0}=2r1Em1?13Ui6c|N9<<5zDD?|9j_w$Z&>(Nm zCbW#M7C5{6cQ+uygeVXFH(XIb88we}W^ANz-Jt4F`O z%M!UXjbRei_Kcc@LTj6kB!Q8)rfZn9OJy@@^Gg_FaJ$X{&#eZrS3H-*ch8_*O>T^U z7h$z|2Dr4po#t6249Iz)(Lo)J)`;4sh$WH$`^i8dDg4!g9_WLu9BnK6cZA}6Yzx$9pd&Xa1A&v7)8o3_qhJD48$J*$SZvFza~ z^gRo~eh=Rro%QNTZ)FY0k~oUs$Od!xWY@giM#9jGSVAUAjy&KlYv%EFdLQ4vN8SVa zmIM1rvi;>`n$u`>{{X^ z;VAVv`FvP)JsQtJZ9dx8Yf{S6Y{S1jN$x7g!>Rlu7OORfjWqk)?GMZ@3@^2n*q*+^ zlb>VXp+O~bhlsSjGCgxwUkiEP*sn1#?>Jz+vtBFl68l`!ZEW-#d9D!LzV%?_WG^S0 zAuV+sdARC+n10WH5>LY&S4Xs#ds}S}S<_Ngxp&H~&fk|jV>!tD4SNsm&-*iJpA^4m z?Mvg=hO{^>el6%0si|As>EHvY!iRIKh2g$X$J-Uwshlyyv-2auzA0}IcxuN}OL=Xi zk|14Ms**54{cD5O^iA5l7jVW>Xyp>4C>d4r#pp z5yY}FK3aeV2jnU=Z?rndcBpQ^S2CIJQHi3D6lco^10x>wuN|S28^_APcCLji9@jj`g>a$+1n`muq+9h3#-TULetqwg*B}~`w$B-%Wre5LurnHo&5f* ziv0u8v}T9nzJz|rA@Jft(L^Ku8Pq5peSxj%!0|D4?0wLdpKsGz8ExUbvXhIOd3jlr zxHb5r`$zm4@L$5u+ILs@H8!zrao`^m*bRQbMb}Dqa-}^s=L|iKbw-);c)FK9dDDCw zbMWKG7rq+0k?(AxB*sV$9LdHAVc!S!ude(XpzHPt4z=L>*>td&l4#*<76YCK;axP< zosSB?F6{lH{{Vt{c%S|k{{Y21ABVms)ZlxIdq1}{jUe43Csb7@CAb`ag?_w#+x|TG zbNe{_8u1T~?)2LY7WV%DOStgd6Tup!va`pS)tiFA7|$n>n(d6NuFvFe9CMsiPA1E8 zEG(@Wwr|bKPCEJ|e+?QZ!mo+GG4S=~x8W}i>K-l7tl}?wdcQ5bu*){zFpLrhP&!vb z@W;Tu8u0eFrt5zZtW#Fe6rVE2-Tvlt$vyCK>0VWJtD)`#Q!@%Ao)I3Mw zSm%ELU0m*lCS1LadojuRb6Pff*p&-12_t+u?KQ&pJ?b@DvF{%WbWJnHvcab`9!BX5 zWt3%?9@WzLx8c0L7`~a(X1ddX!oJ*obx?)Q^@=O#(7^@fn)We=ba3)U>IiD=Z?yja z4S3VVhW`M>9v!fr7Q)LEY8Qd;ir3i~)y6aFUxL5zO{*V|m$9D#d}FcjcB^x1b8%^> zUPdNIc*w+iat=8MBP0y*UjzQtAF^ld7yBmOY4_h8`~fD7;p>Zrw})A=k!P}%vT()M zJ2zuEY#er?cz<^2{F4deW&vlC$nh!DsdS>-(oMFlkM8&rTjP>`f`bg)i4GovMd?dvJcFC?6#_ObN`nHj*OKqp7qYOga%87=M z4w*I830V33ZWEbU>bw>48t1_m;_@_=gAIk0ebMip)%CxD{{U>?gSOJyX}&Skzp@w1 z2`uqM%mVjfI%2wGUdO^`83b!1-Y>sx57}EtN$qrR8tPskxnY$ywpfkZ+~YrvE0wtY zzrG?`_)Avszk%;`KMHAg3`{riL`~AE^d|s*xT<)gj1PMWk)e@)Zi;SdwF z5`MK`#Cpz+;Y(YcW@L_Sc*Y^Oi2&Zf^*=$H=TBROdGf{B^k3QB>3$*jsqpDFi0$rS z8mw=!bA@079)C`2`X{{bwY}b#uIVXag5KlIF^ItVTO_VH>CQ1-)DiO;zGEoLn@>)s z=XZ%bH9v>-*{yDo0`E9XW1+9xkN71A!^QBQ!EcFQ8+A=8+C4+W8l1~#D*&=SooJ;| zcOHsg%s)|++Pw%tAC7$~GrnF5uTCHG^};{-GL!q%ZSy`WU30-d7B9XqY9ADI%_j28 z##)Tl_Rl&QB+_JQj8TBik`!b%2cWOckJ|(G0QiIZGWavcI*z;IZ4bp>6w@Lalot_h zSsKiq3ocGJo)22##8T!>pO*Lw$I{5^Q_3r=(W}c8{{WU-U$ve6?z?NHpXE1%=8jEG z;)#-2iU|ffFe8fhdpIpbN-m@GV%kX=uN}t6_oQ9-IXmbPgZXMgKg!l z6{m0EWwjGY88b@CRF?XBR&%P(g@-&@qMF-LV94sKMGR@$Y4d{0%4WD|O z>toKZhPmGBcY1={X`1zmOqbTOdC{^Dm>gpOd)Mi2!asw*5`S!O*w5o{#jl6H6%DO; zb~$X#vYbh%-oT;dNSCQQ7$0&#tEa8fJ{OL7g9(#hQlb%oE`Mb701j;r;gevcTf(ZA;^#+MBH z4^Ro~PoGwMi&GSLa3E&G0!Bx@YZ>%7F;cOW@w-7yKfs9MVWn6Dh|} zpv`=z;$I(Y{vo})(XJr5g7k_xx zViAIga(aw*AN^{C?vED{Ngqo5AJP6Bd`$3WtKqGC!}?^}-HQ3P5=a5_)DA{HhJPbn zPMPr2;RKOcX>#~a`xg2Ve}4o0^Xs>d(AKf1bLX*fwd{V5d?E06!#!)^?xk|_toq)W zgxezz-VA^MC#eFYkHCHozVi_v`!?pzKpcAUS1MLKwKkpXd@b?g_Hom#yl(F$zMrjG zuoGI`EA3#Xu@&TZf3s$haTnXA(Ha$A6~kdz*Pl|E`d&|)TAEim3%`K+8HKmo-&@DO zlM?;k#;hON=Rso<$EoVD#ke?N!;iwTP-yy3?I_sw-vxfj{{Rg&yUG6m;U)N=t6Et` zg`wF7SUx!I#tnS6`%3%aPp>tpVdA?>TZuf_-Y47}YMkdaGDj1d+}}PmL#XNY zmr>1a4AZ0=vB2DVpKAIaLGd@mzu7zXknm5%pMtPxUOmyJu$I-n-5HVt6oE@*kGjC1 zAcO0kxUFf+Tb_PpgpGPLp*N({PTp$A*IF;dbp4>U&lKvv5j+9l3r`eZI|=sKhFpcf z9OU#ISCe@A_A}6YPo-)%-UNj_8{?>>GTEeZY_`2%Gv$@-n)E4B=67eGg~CRK7*L19 z1d{YxBjB4IPeJh}hvH2W;#IDpp<8KlHK&MUg~HElk+2dpXV(OfYv4bR`hV=_VeuTF z+1KKhvGF6qcUDPrESK)`O=UPcOnzgklDNUa85Qs4^b++ym%fzMYDWQuink{;uioh^ zTgu$m`5Z^X9XsN1@wT1g4~KpqlUBO0ltnL^2#RGV=2As|uy|WYxVM3B^-D-CHCda^ zxQ-$6tDeKwz3OX2_$wPxC1cSpEt+TpK%g#0;5ewQ?fj=7C}YQJ>pU8pn-`O!CgsX@ z$m5EWPt+#2gd*jKVriq0>wGbLEuHDSHu1?Q&d^43YE5cM^_!-?dr089JwlHDwWl$J znYW=^`DWQCF*^p!XSn)TO{}$zwX-Hh7@eSToYc9ql4mVGnFgV0_Af1B-N+&)6)r_!Xvw1}2A(4c{)ll`As?lh@xB-0v2g;CBy;*b@WO24|ckTk;3 zwpARA6+WOEyLW8XdU=XRX~+O?CkN|J#!_!%o6xV`Thz7OLpyEDHwrV}o8o1L+gF=N zlJ0qx4)k=+*T+tMI#MLSvb0I0mRCe7PtB9ats9*NH?*AOo(4FeM;h9E+HJEGd1igY z{KKcxvle--*fg;pmm?>w2RZEC0Mg^sVZ67t`#hIEUP3-H{=0MEAIR68c)Lo1(s`EN zcvjXm zVe|viu;J2@=Wm?K=NvYE?kF=gCbRn#_V6U4Mk)?aRXc*Ry2j*$&wkVayJw+V+`7C_ zw3~)9zO|*R=+|P(IF{M=mBR5r9wp-MhQ2hLPdetEV{&wuWeYU1jll`*-j(NjBk=XS z`i;{;aPb4g!y`DL4?eWlpw=1-*krdyE@Nd;fslRcYQpU_-EPiNIE|!}%4P>2hG+xX zu61oQM76({Pzd(Wqe&x-5^?Bz{uT4{`1;4hGBLEVWZL8_bSww82C!`M4-zbisL6UH z-qJo;0gC8!-x0mFv`Hny!*0HZuM`ySb-Hckz2r|UA)g3I^_-!)@~snbkh{<<8+OTv}AQv>yA&>v@&S$EhoeO0BC*QWbVGL z&TF=kJz6VM6_TI|0)XUzedr~w;DB`F1&oRF7d+(s4FYoLj~wxZrJlOe&mGJ#I+j!b z3^Df=m1Uwyr|HI6qgRNa1gQIs*idMnbB;H9=b94kR-QjF>`uwdT|Byq zS-2Q14hj?L??BHrw9&O64cbP{s7*8M3Fc?-j+~0v(x9E^c9ojy-NrBm0-R6=7mI!$ zPpauUw7PAryUlG2Trtizh2)c88*7>**P`C~)@a%n1A)n0_n-`z{5^FOyla^mi5q~g zp}r2CXF~AfSnGP_$kQ5jM1ocT1D-x#%7!T)LR&|35}Q(5CSjFQagcfZtIoVr;aS?{ zFD>JZ9flgp&Dap=AWIN1_ns4O7P#rOWCxG?+(K?lnWwlUyvU=9f|GUi;*cFm*Klh zTl*VUnrQ6hMF8zz&py3t$i6XnbHuv#hpJlmUgp}{P$`5Za1J`2JK~G<4`_Jr!T$h* z{x0y=sdK36I;D=-;NHaNA&(@Uxvr1m=AQ?OG&uY_9pOvT+vH$F1IWkA_!=%hXma-c z0Fz7b{5I_vK&S}a!8~;p#pwDzpKEz`@<9#TNOnl%Wt0Qk=}O^s)ZrxXR#1#g zL3eed%PAr`GD0cr2Ws_e9|c9FK)Q;>8@#zyd~x*8tx{w&&HfN;QXF7+dVZUyY2_iihAo)@D-KDoLejiHrQJ<- z`h3z^7Qq2I#~ns%88cN)8z%XDD{5kmnsiKpTx795f1PH<;vFMVS&hZGd1M<`2cy+M zUdKa|*X};UYIO^HX(p00^I&kJ{N|~6f5i71@(GAw^RZko>sDtfNg`&~W3|?fku-)M zl((3`fyZj;bUjYq@>!;qaDflXN$NeQGv(}bx4J33XS<2jlNel%zWA$_ULCo$(d4_j zyR=pFLM&kX*y;`{T+N{?5ZLI})6UmAn2t+iIoXa{y&J)v9kkS-Yw0xBg4#7Xx0npF z=N&&<$*bL1xDQn&_@PJ{sXSPb47@=Od@mrA*3EHZ^-_f3oIldDKFy z_oN^nz;~|-@h+h>c2V0yDqU>=g1^P}_p6OfOtw02g+3j#@uaTaBmy}}1XtdaTBm}1+Q0`uO;<=9!-&;iH zD_`GDfOz^=L>z?oP+7vWT(U&uft>PvtJ6F$sM@}gwqMzbZX{!|@^>*l)D>ft)pSik znrq3emueht2ch)Mb1u@#6)->mjy**Lv{K&I5y~?^A?Edlh73uyD)vlwS;OdCC znscEgUxE*){V6wL9Pf@FPJ>FC@)=voLRf>qTJmipQkpNc1d-YqM&3?wObBnZ8B#HH zlL=AD{w$CwG`Qxs-dR}S8qq&TR4c8rNTe*Csme&asl1mvI*kk7HTF^VPqXQU?fg=ar zq?1KnKP8X)xAp6jT>aFBSpvl-^VNoGbt*fIlID9w0k`9VaBD7E+U@0AV!tpTk9wP1 zb7C{5&ACL;l-tvuXugRS+{GgaT7MAs199ZKHd zk#NibWCyny<0ieESn^dkt&h*EZ6-@SM&YAopXUrPIt+9*r6s1IlBChv&dwVrYVf1h ziyB4tJ0A^ddiI}vZqRDlgj|MbmGCj%yUkYWe;4?_MW0l-ce;QDwP_Ap0E~}*)luBO zZl~Lt72d1i?LOO5zm`cMg;m*H5H{nCpGxICYw>1ZiFVpAhb#@O8eP23C-OgydxCqD zfm-!Bq|85#68tQ-@W+Btbj>=?Q`lmWRsb4i004OFo@>DL{RaBk>~Esen${PTbR8Ex z{X0<>Va$Cct5}oc!CtThIwre&JOP}`vFZdaf{w| zI$c}F8b8EcW5s?TRf|g&@rdJ$$-_D*1TW-kROSl;oV+;59^w4 zsRi8j{!@J08yQ@R{a)}7h!e#A8q#m!nl?s^ec3m2f!7t$V>Zu4j@+*F4(!DG^IV_A z4+}%$-wkROS8TG&6h>GCodkoBKN{nztT;Vxd}E;7jSEYf^(7YC(oDfu_?MHPY;>+% zYOZeJoLqgL=_DpMAHaRxYikw8wWl*3t~2LAz=mI@0sIYr1>f*cZ-J8hA^5+n+}Y?YqIeU;Q_VhzstHjj zCwc?W5JBRzhLR-wvAwssfy8%^`8NtkE1yo{x#^;HkwQ7a$;Z8V3&`iFIy95!ZRJQF zoYUg{>KvVo+O~$rDPj>MaLk@TV~@Vax3yG&+lDGgM&0R6p{ZDt_|DYaeziKwAprvI z=LhLo$!c`dk*{qmViOUK3g;(|zlDE9pYU!c?V{fdelU24_BZ&UswJm@JXya`@Wan0 z(GB{X$r=(y3ji1n0w#B&cd;mmEfqYqK+de@TbmU|_Z({5sO zl=iPas^}6vV))tMn@imxJ|bG_meOn5I(?f^+`l!=qZ|fr?*-|Pr>U>Y&x_v+G>?cr z4)MQ)C$WlqxnOIX4Y(p~uPN`xIQBKlmbNiy{yn}od^OZQ6Z}orya_#|i)jM+_N>Q} zg@_>i4r|5dk1vuz9l-5gg%@>mlAC(zkcp;efu85-x>teK$#;BQM z81^+9J1^coVa^6SR=lN?EbgwvFJ9QE%d$uile$yb4wS&FY?Ha$B9vv$0HP@mp1x)r z^q{!N+qa6^S!44NwgZ+K;F|ro{{VtDe$$Y6PvTCQ@N33!Ppe#MSFNh}VI~2?M%+yr zXO+Oq40r8QBySpr_NDO8U2BiE>3UVx{UzZ#w}<6Soza{Zk0-dp531wVzKqbkL20Y$ zmYSLaExpR^V8fW?91usSHRseuv8k!OX0ybveJU4d^Bl3BlEQc+^8P}&D++lNU1v>-KWTx2x0p|BNZ$ej|_b)y6}7+ zRm&g<_f9txfq{Y099A+)`jO4i8lEGM#J_Gvj_g^&c)(l|Jw<&{@MBZ8ztQfrcf6VI z?cxqyoBd(#KE3ODa_DC$x1sHJMkyo^lawS^NU=d@B5Wblp8c!7n>eKdN;_!e+&)xX zZq9o9R}ZM0i)~4vXZ_X#j1OAqiqwK@zY|~B`DtpiBslqocw_5b&xR#m5-f!o7Unc8 zS0HB{Yhq+l*2LuueqPs8#}&+K6KZqVv&-i?#=BG#_eZr$iAN=GCDPnLVqCCbeJj{3 z{9S)xJU?u@JJcVP50q3WvsKD2uc*I>@2qYuG!IX zNtZ6in*RX8W2o8Q$D}|WTW|`Q3CV2nU6c57OF~7wN77K4~8E4!M_4KVRZ$Y15@b;T& z5eE7wpXO77a7p~@Get9)@Rqax01|yiNYyWwPu5~)3Z$Ge^ZJ|$>dFk;Lyxc+r!Z5E(`HE^X$jh#KkEw-6!73-FV z-(Ep)CZim7{%&@vCI)fPezoMVU)slZ(%z{m4;=mK%&v3jKL=_WH}-Lq-I(sT zjj`i`xb0qh;w!7=@idMuBx@;Hn2vF?1E;=dEVrxL#|D)R(%sw7G>7J0-!kLYxm!C) zA(PIG4d;+?K-8YcWdxEmPk9h^l@|wZPkt&*9_>xcFo?=-Zb<4q=p@^@(rlUJlHGQ* zk_q+t(`+>O8NwA31o=Vkrh%tpn(+;k>#9Wt8IhBDW7@4*X_gRzlcJVkjl!_ELvlH- zAhSafv2`4Rc)+eS-&4%Ht)HfdiA60p7Xm`*{{6c-vzW#tlT#yjF$HJ^oaJ>GsF#j+Lz( zX%iN;8AUyPt2DX{wrqXpO)N`q3adJgrfW#8K*pS2UP9KSYfcbaD=PfEm~h_Wrct>@R#4G`qm%b}?@6l)7;e00pVKwu`i-8WXMV9<%>HC2le?`3@QI&3j{5D`l2SJC0V0nTczVZ6(X6Jj zkIT7@_DW0VBk5IhPE>Q6SBPYS$NM?VlPS*Jo-+gY1gkYRane?T}(5 zZ+~9AR7zGmu=JJB6Y$h(173x(yH=5(-7(Mjt2C9C{D6WHLkM}$CGLnd*K!n&I)aV#pVf>i08bg!Aj%>MvV zvP`-ZC_;rbXvHL#WVA+&uAcT+C9TAcuET&jQ#Jnp82nBr)zWkSfHo_MDwdbH_ibhgpPh?|D-{OgYRkKxww zCXc5}X7Hx7Wh*_mm~gIy9m?OC{Oc&YGdkE_W6X5lA8VE#5})DUiDMSa467}??n!t~ zcnW{I4nHdWR{fg)0B9X!;$Okf5_~7W)Yb_!jV9t-iTC5}se++-?cX)uPFHF@&OfNw z_!mpi;P8#?*7oUfCZ5tWqRL4M3H!OKud@4AnnVhLx+?S>)-#pQOAkkvL#eg1NL9q4 zgASDx62HvgkgCLeYn2}D2%FZEERx0 zV4kA9r^LPV!~)sr zn#oU7%*4p}*I&H6@W+X@-3IRFJAG$Q)PCJ=GxI1eSa5!%el_}e@K@s>hWvA)cy9Ah zS**NaYdVQiW3R$@}2KaK@;itiCK-Q>Y zwpixXhHyv&?xDwCr##ojdd8466t}RFG9B9r9GsEYy>eBR^gpM#O9wg_Ti17~H_b0s z{{RBW^{<8h01fmn8~wXR@olB*X!i;uR}1o?JZ}09YvzB8J_Xc12>eg+2Y{ux^Xx6- zN%ZOSm7WF}9Quz+$}m2@RnpM*zk*u(TVCkeouu)l&)U;+5uPjWj~eNAx85DrBAFsr z19CAP{i~uev7~BV%=p?lzq55OH3G2>kUEO$JU@4-CG@(S7E)bAua`s|u=F1F(FmJ8 zU&#Hv{e<*Shf-_)5%Cv@d>;+M-A5&~4>%y&Gmcz=)9deFu^$uu6Z|Lmm+<3M_-FAm zOw&9^;4Mu)%q{PTkr1%Lly=Eek}z|@uEjxYf0SQHjM}{pE2&g z*o()%@J}y|7kYC+s%t;9{^TFNb+MQPma zwCypqjV39fhYabJBx1R{zXsmPl)HE%je*VpKb>OY(a7juQ<47wgme2c;pDaQ95MO8 zK)=en3t8s!%tOs+fcv?~6t2yFtdcs-9#;|u84f@{O7s5!A6>x={z`yucKL;}KQGp~ zs!YP9Y^-u#7`yWw(d7j0-RdjKek)8H#TuNmNE__2BB@2dT=xV116Zf2;p09Qk8bdk z(4u%t#GV^jo&L`q)Dkzz`^D-r>HanS6#ma1JU%|~Z-=igz=Ksbs?YP}F$1oBYu3X{ zq40V0wGMvA1@Ys-o4jM;Xi@MTf1Gsu-_^>FeeH01kQ&#;=FJ3jP>s zx_5zMzqs)~i0q+BwFO)VSYK?`>N_lg^$@ zwBAZ61araT81$}6lCk+-N0a+^O1jZqKQx}F^9S(8Iql`J-!pm73X!<-04I!nF<)51 zf#ZysLy^}V>&0?E(V7$HjmpwlruJq(A>i@SxXnfwQt8$r3y!rXrA{VN78j8wFuCTv z4^47ZEYq2|B!M67G0F9N7#ADIPNKPBN~+MdPRbvK-gAg>5*SR{1yGNe`#OY zQ@~#mz8riP@h*jD;Lj0W%d1Uqd#8P(YdfhFEUg1%U^rFCU`MA@P8GRb(eYeq!5A$2 zFP>SLCh1AVyE{9@sV#k1+o7=nT4dv66+I;3YZaZ_HE2!}9y?nY| zrMg>Bd3OH*Byp!!J*o3MA5{fy4_mzO_P?XW0M=ld-dQ49Raw7;jw{H#VWnJ4YjUf1 zaRW-Y1~~{I=dtZmEe!D#)70>v7yMfIgW;bHTWD8z`nCK}AKAGt7C;2iCWYkDkQgn>|8bic|PIz*?1_ zg{LjvujeJek$;H?-cmk?t$iu*+s67Ajl3^ot!Xo}&gu-P-C}O)N3Cznd49s$ncoq- z0jhYx>~(D_=_9zah5X2m{I*WKd)I^bhD}pV@EEzghIQ}XXnEuAL+9$<-hF3lx*QT?RP_@Cc3UbO11;3VSqYp~*vCmenhdbh53}1X1_|;&yrD|93Q4X3jGp?!BOj)Expd2Gs}FcvckyUc#sGHeNB6qYG;*O7i%Ah zf3&}Xd<&)i+}hv5-xuq0{5|mBiL}UW^;uA3=JMNm?renKa5o+WekpuT@Ylkx3;a>> zwvq5-#JBz`@J*%1k!^8uyp{(H17L0dY!$VNa=)&Y{13JN z0A-ziT|3}~?xzIu{{U#Nw>O;-I95@fKb9-)D=WJ@`x{%^M?(~dvSfRX)#=keh_R8? zwsg8_g6?#Kd5E?`L{r-mFfqkj)O9(wE3sd+g&ncD3J!LSZv-7bQ)jxlP<0h9FdLz! zYub&pdZ@6FJIcK62cY$!#iKL(dRZs7vktK!ZK3h=0q<8YWxdrkQDLaf71g{SENp;n za6Jg2vpGcGn@w1B%eIQ%IUNwNBy_GnLDqF`KEg)S5p#me9(Yn{Gd)TTT3uI1xBFZ+ zZ!X>IwQyJQ{3{Pp-+Kp^L4|S8K9tPm6V2p!ZLUO-5QjKE^{c5{ODd)L3K5fTS-JeF z86546tcK|n2ITXO_1|6#t7~Ky%2{!TILHElN!a8jx1LrjC;G9_j)UBDDFfzSywF6VXn0e^ zr%%0sR!GIjljIG839oOvynD+_Y3?I!#jwFg-O2t`8JM0d)Gu_+DqR;#x!K8pEb&*A~`4XN8V8frmW)9jmz1{2{0(g6*d9 z9j&$Qyy!zu6CC7q$gK-{Xn6EDFQsW}WsXZrzC!|X54~o1V@jI-=M@y3x~RnBvzLTjjicH z1`V%>CbPSF?I&HocO%odt$lCAZK&G$vM$*VbQlBy(-aQJkqEU5nWmC9c)2ae@AR)t z(={oU8+|hF30YYI68UYl&->jdHX_xu+j%oA3L=?)@c#EbMM3`n2<_&zV$efvEyA{P zpl2BGQ*cc9-{U8QekOQQ^50gmI+U7Zq{gtug|Y{ruFv6iyW>4tJ3CEhO-OB-2b7rF z;f8V;Q@KZ|>vPRzrrgII#xp!k9D!S^`WpF5MbUO@GHC+F*ju|Dt(=7!sOIhmq3M1P z(<6@JVH$a{eZ(t}#QXO3uNLu^o2Xd$iqp)Fe=%<%Wva5E}~=Ng_dzx#`6>sGB-lJt|KR*@T$vd~W1*HN(fJjap0C651uX z+FeT~MtyPVRTCEV(CfTny5Gbr4+L7bhpeeu&i}Cb%XF1QOYB|zf={huWz@=VQ|O8H z?MM4DAk(ictlf@8yD~sEv!h{42tKCF`CY@TQY_s(p?tE4-f~Tzs;&JNo|s_2}vmi#baVjhYU%qiDWu{1%#; zt{O=W3Hk$6npkC#E^X$G?Vlyeimp^|$j*B5^HE2Ubn7v3wC8gWDQ>l0U?rkm>Jyt7 zAIw-s0a%Kt5O97n@sIpW>~9*y=S5w)10^do*3lh8?@nvDoeLP*w&40xXt*Pb z*7XQ(HLIOMNKKu%&M-G@9)huC_>R6Fa}kE+;Mu)p$MXWAq@Jdxwx8lXPsFPt$!jvg zPD2rl{uRBT*uh}w3rQ@qv*&BJPJODQ6^6S3d3%M4>6b$aa_lbJYxlv>u+xr%9rQN zUX0YNQjPR9bUiEn63rFuH7A)PDi{`hrG5CWLtFT9X{6mBvg#5olN^P0KYQA>jC+$P zYpE5L<+p^l+(A5>%Lc&7=i0h?J|WoadPMp_ibj{<=M#w+Oo)t)kf7$!l+S z=1XRyEuO0{w@TlAN@e}#URin`{7|D}<1XZo>kD+{?(I#e3yiAm>D-Dg?7r2p{DU$w zoO}D%M0Pgj?0Htds88Y9?DpHk_JY`4FH`7EdPb3?Sn77M-CRKFEQ{t~0r$IRl%?33 zp7E378!P+5_I7~Vy5VxhxGxpyv1vLhT=~S8W7seZ!N$ws~qed4QP;Zvr;WD$+T$|n~nlErDxeQz1fK)P;x$%l;1(}Gq{G! z%Oh(CILRt{Rk-7xDVA8#-Znc}^aJZzb1jV)hf{M7mTjY$4Bzg?djJRj0It0M0LB-W zF}l2f+uSk@q^Jdlt!d5Bu49FQON*VYnM9!A=c88Tn|+%q?8=~SB(`(xD3<0h7|1ylMMuc}bND~wTljTboA_=mY~3ePBv#rs;B(K`wZ0>KNKX_@)|S^(JHqWA z2sm~m^cd-1MI?C3UCeKXUJY^LRl4yC`T9-6qkQq;LICF&>(aHpApM5V#aDV~hv6en zXw{3L!jZ=Z^65}j?Xkk$*m+Q3jG#6`~ zhOhB2$GV1Q>KzMuVa%=f*mYuc{iW4?aI0yGJiVQ<8jpabK)+Od#Ct{{@(62StMtb zl&%T_dUIbqYq2_c%K=T$BvQw? z;D^pgQhi2ibo38qeWP!7k>ydh401>u{VQirMiZ>eBVdPc4gm-1E0(J0R3d!2`$c>& zkHVT>hvS=T`z~vm zCC7yY`&1sDFD>9-A89Bw-BJaRG>XaxBo4>#ekQ)$&~+=F z68m&Jljq%!TIj7$-efd=Ii}49r=`av@yBxup%Nh(3`t~oagbE-b6Xtx%rMd*L5~>O_Wt+xOovvZ0G02K%8w=Trv*0{cEZ_9MX|6 z5=>FII`MV1-U)a8n(9B1vN<4SPBYFKde_!^t%sQmg=78f zXL6rf<*gewjTd9cyjy8+C9Ayf%KCl68(YnzKPwLZ0Eh?bEAuPHz8U`jgiBMo(cu>t z7kWJ6;>zHm{r$TWfKPA$#y!33hpBRonjeBc@Kf*Ee%9^u{{V@e5Yr`MQSSt&f>h^x zSsieA#eM)tkv3(wa?s?ff;m>tDr>HWipM2nVcbe$l#PTa^*?&8h@g9H66-lVF~&Z% z*$2?`r1c|^+b+ax@OJKD)}odjf!SQT=K$igxuhk~Y-=oe8B^Oh%|CaOg>$z&Q#7#X zrItA5L?CYCIOGbB+6E+}WWTRU2GMb4*y;h!dUIW0gnU)vPlsMF@c#hCPY7x{rH6_% zY0_(XEn5sgY_j`;G6ve? zw@?o%eVF=J1eT`k{{T3ziv9@Jej0p8*8CCTIO2m;vy|JBvuTac?R7thuQJ!+UGT{Y zu-bFa8K*AhaylOjYf9GpCZGKwNeVOiSH65MlJ5IdLW>uh05al2K41qwTEb|EzK3bz zId5$49`z$@t9JyLhb2Jts@@Or-Hw5-*iAcLTA_XOCewhw?N!o6^E2&V2J10vZ48mm zvIogWVP1>&Z_5({OeCe@Wsvb zt+l=5PZW%E!Oqt zNCs8783g@%R&1*y#5_A^3+s2%S=h^;QbB!YhNq$d+| z!Z9S;T1hiB21PCUdLYrJhf4GU?7Tu&;i$({~z{{ZTxCt=1W6xR0( zapojj9maQh)scB~A~mFm^7P}qXBjhIR6`ur5no&BHq(f2q#n5c06j%o({($oCg@tv zaHYo~vBM12b80hR#QN-)mh(w5P}@MlW2deKcpj-7w|6nz#U#-P@&f0B^{n3GHR6pf zAc5tN?wn^ecE?DvfvzUEMG`ktj1c#h}M^Rf) z*lIVA1;WO#MYs}3?Lz~sypGyyNh~E$(QV1~#dER8WpgY_tFb{G4k}){2+;BL@imT~ zi+HY(sXI?Qb6yF47Tx2LXJ>_uRF6u@u7gLYczNAnj#%@z0AyEfsK=*W*he?oA!~(i zxO2HqDI1)m7Srl7n2&2pqAkBN``2G&k7&`AkyNvclhT3McZ}jjA>g^UmT1P` zF%CgB#3rR8gtt}mh$AF+H9V&27PVCK;QsyCne~ zo34KvmW?4UhJ#r`%2kVSJ#k$hhwYMJAdyLPk=NRkV`D`uHw3q0 zW{_`C2iCN89}Vdi5G>455H z6kNQc?}C=25SvDTTXR>khtbb%*y z!OlHvM(*6|j+S!|J>(%UdJAYBNir%nrylbLNrX+ksz9 zX6(?KVX;dkUQ3S4Sf(mvE3Ur>!fVl{$S6st+Y% z*y?kPXVR*zsGj0E9YZ1>J*k~hq=_|c8%)(5o_iZzCUHD5bN zca=m1w&aEY@PE%rpJdtbIrkV~uo#+HTtuxZx3_P0*T3F;7iFkv!&^(JZL6YI}wIbKWF~{V87bO;7`Gy8+gq;b*;CL zuZD{f>2Qd=^;@)NEIA)5pOc%z1NE<37>K%R9dC2k0B3L7AHb7%Ye`)r!rm{?n(*2cBte;l3+|TMrLS;<%kG?Ae41G5+}(0={>X#=5Sl4VIg#>zaWHT*0FUh?wpov@kU%O5MU2%SKOLcfowc^eWhyp{1DA0yb6d2 zA9w&VN3AF>hYfsEkHULCo20>|G;l!-cF`sPRa{p$@$cY&hdw)eE55$dHCsI=;?IYK zm$t1r0dMU>7zk}WZ*Ys}a@)zSWd8s=pE>@}Hr_G+0D^~p$6vJfz;7G)D?;$^#*Yso>Y4?VF}!kI2#I8p zByw9Mqes1dU*4d=&p*j8fqYj!q2ZL#b$AlrSks)?-ojUDSyO|MeQ}!L#ja&@_8*~k zYwYRca+fWfYA>4Qm*o@Obg3Yg-rh%r3T?+;4No<+YD+{>7pNYUrhF%s-&OdJr&((Z>kF$%8nGNOBZ}&$Baa=4x81S*_T@RhZWBsB$f8kGy zWwX_;bSvoMbWj;L{otoPzXM*OuUkVen&_noCyG*u?9+EV{{UCgEnw5u^)6%cS+=xT z<$dd$)9xdJQ5zfvIIelb-di0-zFB1ZGcNJQbJD!e#86t?#~kKJ+Vd|Q%b&aHTs0ZV zS7V9rCBR*>2wT5)+YWEkHcQ==}nwGOWnJy=tiFw@jVr$MkSL2-r!2Sa9{pW~v8*6y) zG>g4F##onEWym=6$ge81)cwDPa`jdUoL6J;E5YmbNwh1t(|*EG6V;>1{&*GjEv@WR z?V2?agUKC*d6Gxre) zNwKil&#ih6n{)wk!<=J^%}Y~rvC(dP%Y=x&M_;9T2g6AJ0O2URxsXLMlTW(LfDWsU zzfNmYmlG={#r>ys=ZnKyPlM-~QaOWN+pzn}M+8^N{{RfG=e%aOjoN6yUpII^&ooL#-N$boYo4V0nqlg5#Nqr}*4Lj5{vc@6LO$Cyu#($&&+iq#htrDi z-vV9DWA;IIO0L1U4uIpQ=Uh^nxy6i*sh>mXn)D?iw*%)aF_ZdNZ5_~AqegCkX10X1 zIHS4K8Bjv25mP2J!3Q;eNV@`5m7Xl4f4-PFNie17wI;d_Kh{H`gOq0VST{? z?0qYW@vI&R@ony{@Xqz5xQgN;>gc>ekpeho8c}A!}RGtEXMC5UCjQ z+yk6_M?al-pZpZhSMbRFlI*lg+3ipp z8T_lg(&wHl=N840Ka1YH%8ygfr7bLUy55H$h_p>lM`(Y0aTyCIbvQrg@~OXOuZZ3$ z_(QC`X60>eH+ddgXZO*A^8@XUhP9(RGf7jrKSzE&c-}cKeiQh^#QJo0nmxuXR_IN< z?Q!xFPocoCuKXF|o4*NZnmbCKb-YO&!bu-$w0tl-j~K;!xM}NS%CCfPWAOX_3LEje z!Wysbx8eT)jB&$dr1)s*k?Hfj;Z2gVG0!CJ?~lM5{AKaRgqmlKylbp!NooC!s9#BS zXx7pPj!4+<1#!oE_NYkyDEdby9NwKdf6ui40P<;nk?y~;wx#0Bn7m=(U+k?xd_8v} zT}O7{gbp|=zpZ|rX}V&+ulga7>$)%o_bTJy0@96w{=%?*j~WZnHkb)@a!xUZU;R&S5e`E zWG|yPO6*gg!hxfASAp$5*>`5osXrIqiXUQZDba99B^DN zj*4ztB4bi_Z8+#n23*gf<89~2_SYK4v`XMjy$c&kcXe$h)$ENK=36m7Wn;)7Dh zhW-Tj(^v2=x#Md@uzfz&$?|uWk(3OUA3@D|r-fkD?<8xB+c5>c_TxO@A5X%I4A${f zT8vPnmeIV{PIegpz+O66o!dz*zVwAQIV7A6WY8ji!0@FS&qzLW~lr-Xe`{!mS$%sBn~T8p^ zdx?Wb1dA#*dCy9jUt|Xgng#Ww*D~GBaV$9{S(u%p(x}U)%_Y!~reFXSV0mWxQsuca zW_G~z=T1ak#w0pD2^`~Cvn1X54CAUMzKjMt*v_>5^j6o*F|exG?F zMq`Os0AnQQBh%|aT;0x6(@MV7?Uq9dG`kBjsmK@^Jk(aYuDfjn)_QD`SxAA70M70@ z^{fdnuXWuRE%GcVe z9X?Yn>urqzCQkfwT+W9br=1*&1X~;yRs(~d{{UWT8Xe@YNv7MR@`DAGxjt!JsICUi z`q#t}U5#QGq89V9iQRbM^i znIa^qa1O#fL8X0cB}npA`0e6*{V!Rw{?2IbUP8HvKn#7oE6Vj)wVhUdF|RJ)?PL(w z8N;r7aZJ)Q>}~%5WkvRL4a}`Q(%^^BKb?9Xfm8b)+G(y)nV1wim+uc;&}B4h-s?wI zkXjf7jH|J5IuCl2OVKPXqqx4fca5-Afz%2iF2+sR=(PU;G3=xkEw{`70zvKSD*mFS zboN}k%s%(hx8^{Z@(+#fW?Q?6kStK{`qv?54K<6`w;T+eYH<~27})gvAK+Ep&XouD)y2FLOO*=~1}Z(s9Dh3X z&_JL!kKw^1e0e7L!^#F2d1f|gPZC_ls(DevyZwyI1m{kFWPI_chH5lfW36~^p z98)>0%oNbzz56(xdwD_~$`4%EU!_{dXC!vp7T~jb0v4%Fo6|$QW8u9%TWK!s<6Ss? z?6Z8mE5p}Ew7Iz^Nu#(xa3oQX1rA!=-A6;y{5g4JYGSkt7U6-Ma>F&9ec?Su{{UCI z)NHS&f-p?6D(7}bYT7!GaGI5dxvF2>wy8Ds+>3;5$C5q8W?y(F_)TpsrN5t(ovJw% zvt0z$&qC1jIqhIKHz*OK9T;b51HEkMUNeVJ)D%ZNaCs+lFgWkPtmRCV4(DI-5673+ zz8|>$$Gr138JBmOub#YDg!n%H0AID%mg8Hvn(p6%pdOyNHH4x*M17&8YgU@fqP{v7Q z`LaEKoprk2jj6SZV&W(sMIm2z2ysD2f?GZAlD83Rw-0ndAZ_O-JXb5IU0U2c>A!Q@=vFyO|oI zS>2U+74D{I50>O6D{9YLk~fAwCDs(dC!hk6XJH-2mhl-c?k&-_nLc6E`f*+_8``fNE7#K?sGuY3H5&g=#wNL+4^hg+mIvdJHDr$^!-2K?X7}{tcg&( z?`*MZ-a8FPTQhn;4?sNBnn|8BfsFA@(*7RXrQ=6sBf|@~J^IpdMv4T!GWd0I;Mvk> zCbhe_Wem?4>xb@L zW^D|S+&r6(4ma`8`*T<~{vb^s#TT)@koPwcV0mf@^D;=|@vo?<1LrBT-s9CZ?N?0E z;_%*uc^;}tNp%FDb_n_Tv+0VST{`-SA_v~3w3N5o4TJugDG zu~)LWX0XJIe9F9v`flFxKL+diW~FtaKiC!2TnOXmZ+j*da{%U*X=l zZ6=GQX}%+jB;h={PI6`>o^f9N_Wc{enmD|-OLRr~l^B9R9k$kTMv5r;XT@3_$Be!x zcwgc+m#fT!Pnb-WF1U%CJmhuhUqX1FQ+-O~RX6ck>6ddxTt^y}PrIA}@BM2DyDd(- zNhXgC_$%UHCtTM2JE`1nyjdi82JDFA+;RSW>+D%P%bgi*TH+wWH*m*}fShOWtsyRi zV(D5(=XbW`scV5=~L#$XsY%Eh5mPg47GtW>v*TEhr@Wu2OGDZMxu0SAl9;U7=);2u8?%Hcx z*C`a6)qY~!00*UZKM#Cm{{RS|iR`u6Br5T)2rH1|BaD6(Yp|q#vgjJ!r-?L}H7j*Q zB~&`1;45Ofds&}xM)N=?1cA^Biinu9UlQn#;!h1<=_|3B5Zp!|laM+u*ZNoH2Z{lk zSibv3zuD$VHp?3xQyhM^!Brhps->ZON7pa(OUp^Latp_gmw~wP-`kq|pT@9h-x$6W z_zf*gBrP(PMb-XhCx!M2wbTzolJ?QzLUP&F|KfkpH`F6QGao0OfY#;AxDN(JK zBxIftftF0i8fS^EElk>` zhd#^oQU3rRHf_dF`?)9ZTJvgX%{kA`-;BNigT|g5)_gU(C(~~rGwG%9*nD!C_vfEb zEBOfhroI-W8~ayS)KYJ16dFq%GRzPAK6#ox&vg;RP zkCBdXno?a3m^1aS{s{^DTI$~izBvB?!l~5t7@$pRV|Aw7$st9G?Fc?lJwA2$aC+vy zxzB}uCer*!@JXPmX*QaK0`AVx9wNEp&5ZOPcsJ%N3b8t%d$iYc+`(rx!lu!f?o+Nk z>t|1IvqGO@lqK8;d|Bx0+P7^| z*)=6nOFHxcz&Xe9DbK0?TV;vowS}Z1nUEa%@y$goZyvPAHvqK3_`Ayq=TCxO&gC92s z-IX_O1&=kfWC5ZzwWpXRMKUcP+oqFm%rm%piq(B8Bc-IVswL7U0O4a1=oi4 zO&%M&PcF{kh)I~?NMBFNqEfbnomQ{*IJ9kO>C$6Uxrb~ltGFraoLA0z9=|+RaoKCa z@9mi}lH&!r$2E{0F0-@4Ut!nm=8h}k3dt5Z3OXOu*ONneFN?L0v|p=*XKd~~V>AKW zUou2kwtbNquX!xOf(c?7RJPqZjiahg(E z1YM4^#t_Y?LetyAl0}o23&MUC$7njulyF6PbsyTIU?0$&)&|SW;a^O=@fV6O^?OUE zwz5e901r&@Ry;;7p%6STmP~!nNvcn{%63yu<-XL+Hx0SZK~-)Y6KruXEuOf}XzB)C z!Sa-dnVq}iwRc(!7L!{!ndIEjoDe&TNdeDX$o3(x0=$u;^8RvI~@wGSVxLyaz*E`v$h0F~PyXK9y+! zABdw%tvAjN8G#sF^{*zlNt{I(4&{F6_xe+k1Kd0d4aD(U>Gu&r4l*5xP)%Cb?9)rP zxxSOmbT73wFH>1q(hs3Ofi*;q3y9^7OpHd>&pFR}^qpNk*`+cyyoEE%gNzzRhX;Kf zuh{?i5Zt^7{pMpi6$Gy!A5`W3`Bt#+ln&V@^ID^pO`?rmp^&SKF7 zIS-zs_MoV}Olz%X;_aCPna4QwsC4`Fw4N686?d>vxbR7!*!8vW{mtYyw>GG+zXgY- zb~fG}wT{(n=aMBdAGi-Sl$NEa9CwSKPPVwW(i&!-b_8G!7aq06TlhW%zmicoL}Cus zx7*C9&97 zb#LQXwQ|b^v4Q0KxLjlKpwcwU4=wYVA(loiFmihe>bx(i=?3mASsEFy1{-egn1E?C zZ|sea8F*sH#V&^NN=F7vI6rs%n;~aqn1~@-Cq-+Mt3qkSUv~ z0R7tLuLs&y+D0Vjr=?{nYoOAxK9a^fg<*x~ZaUXjVA?(9>5Ac!30vh+yP>O&#;}FX zzE2Bjx3>FbfHm3-MJpba&f6O;CV7&1Euo!G)yd?X^r}eNL6K{klQb?~J+T3dFC?1s zYrBi7CLieKAy)1=KUxN$Yc!DA+P0#|XURIm6}e;hdK@Pjzc6dGe=kGwsVA1{-K@E(A)7gMd0M zUePSfvl&otP~2j^QxNXY^@9h4jW{ZF)uOaXbW3IT9+_ynLYWYJyjM!{K|QM}jx}Wf zXB}&fQ9g==8y;ojDL&7q{{W-MDhaZLq7pJW=hLNmPlv?+0NO2YC}xd@NZZD08a+C2 zJLRy6*Z{#9Pd?(NpHE>rG!MIPIrXTFb=2yC(aUpSx;3Yqj}EWAg1O=+&dm`ed4W4QPOnn7gd2p z-G*b1Kz?SAISNmp=O0??HEnKh8Aqc}sH}2NX>7K!9e^-J-~wtrp^q-6&X%ieiP-c4 zx_fJY*#w?Cam{H7YIH|oml8Zm(lTK`oqmD-&K@T4&x`&LYTpMuA>nIb;v1GLdvH)@ zWyx+y9e6*lt$H+~dD)Dcr@gGx`<>4)@khhi{2SvRvP}or^}9C>9mGRyusAu~tT_Y` z*1nMVd*eSB`1j)1gcrxYIn?!d?)<$fTb)i%Kgx$W3$%}zXQ<~j)f#8S@n%;;9fx&l zK}u1KxqVvc>!FGN00l|^0D^b?Qt&RZtA5eH3%oU=>VFONzYj$}ieZOr1~*qH&W<7I zfHC}Q^4CPaO+!btyjK&65IVMhgpMnd6H3~nC=_xMe@t><@_}H8um8r zEU&mIBRy+q*;_r7*7725AdjtZ>W|msM@>#g!&YDLjQEN>+g*{|L-TJ%!NE1^8m;A? zv!~tIYBurS+FU6Pta_XgpVqo*Nt|`Ci(}sZ0N|b;E%+(>G^H zSz5yK#*RtIA$iYA>;C|6-;Q=4wdclP40y-Eo*2CF&x5=-r%9yg5ZtIquEeEs`+tXp zPz86Xd#!grHq3G?RI^y(T)%S&yDsv2JN%E4em6b8hWssS@TU4f{kq;=-Q}#nthSj` zv4}pS2EH&&7VA%pMQTj4Z_egCk(%d{6!B8kpJe->%%@P(}mrw^|(K0Y564s zdXRJO2sL-$cC#&yiM08lbH3z=OnLj=dwz9JnfDn+IyI?tLskAx-4xw6XX#;J*gkTYZnjz8AOt%fGc@^IA>LLHdJTwCQMnoF7Xp zO|jD63&bK+>( zY<#ED4~b<*jVR%h(zGWR@{c3t1s@1eTHvzD<%UbbPkpy;nb@tCL)j-Td4n_yBTKD;EzStH; zje#raS1BJ;LcNulrKWrd@fVCVnY9=-?GH*slRj13ZE1anHN<$o_I&u6;k_7ZkT-`l z2z<@Cj^$ZYd+j8HSxzR>#v{q%xA9h!FkM4LxY$k@+wPDN>%gpyZ${JgY1Zn_M6_au z&5ceBjq1a%YT}(Uo>+yk=eljP!>P!Cs9o6Ry(!(Fm%GgI2IHVBXpnkF3xKU&T) z*HezHZg4usfxJoK<TO$FS|OF>gUuUQa&d!-#F189M)89lbGD_cp4B>MEvo2twzqQX zwy~|9hIdJW_fOWWY1)FUp;AV8vz+?Ye1^^kcc$M%X>|mWIt3>jpIYrS&lu}}3_Mw< z_>R&Pzwo5HV!kn+b}_&pcjbrq#cLIz$6A_kX#4B_3Ss*h_}k#;!S8}!9%5zIyghy+ zwAA5F4xJ?N`H>Tza7ID*9`*Sd;7d7eXOKqA1dPP5KBqO&UXLuSeske38{zZ(sp4q= z0L!|Qr!QDP)-6Au%=#`FP(VDuOqj-dS0}39M+upkwwz!LRvt&|F^QXHJN%O>oOT3t zt*g6V?Fc-eO1T(be(9uNDZuHMulD=P3!x>o)J=iLH?Q}HwRX{6NQjvS0Psh8+8Z3T zVr6_t*I9fn(@wz>*a94m0L^){ekzLRL55pv=%CdhlL|BQC>@)%!W=-Wu>7<=vj5ZnX)(jT3IthiU8jSHN~Z3#1Swn3hPSLULI1 zoYyO)&I#iA^(9XVYZj{%4{viN>_m|u95=mP8n1|LRu8t@GdhjABLMs6g>*Pesa`)H zYL|NcpW%q2wbSloKkM1PQSN;!N}1LuX9_596k81y(L zOPSdDW8uHV4S(QIjyzG|%XfnJMT+I3FuM}FGu1)=06bUL+EgLW_VoRAmR^a@(9;9^wp7mreMC@CQ=xrmv@5y~dd91%tbO@fldQNav6KwR(StKWOh5c=O@?o`a|~7Pjea z9jhd5oyvm%=hvlrv?^*{k>OT7z0EG45kADDU`2PU#ms`;zq57fl zayUE%{{RS2!u?}RAMrQSW4zOD$N+h)0d;SG{=I#FXs}v2)1PCq5&awY@N>{Y`Xe|wX&--gp7Litl4$3bvZB<+nkY( zqMeK;Tr;)EDyzMRO3c#D)rO)T8ta0ZmM?*mpiO^}2>UT<72#xY6z*RZLc=oe% zeKp<0(q<-BZ;tVspxH|2U!iBRxh#XlC8Qz$nJjdUJv6)gVMYqti$2CE;S2dWiwo%j!0XATl?pa zf6~1M&hho6dx30Aj(8cx1}}5UJau&yhN~W#tHjA1s2Vv*8wPu4w`%Wx9r!y$fXjar znuA|FYaDT>%@Z%@@999)tZ(>(PqdQ4>E^qL%?pGU<#{S|llXD@*Ox(i1)H*g-#m^n zKq;MSYnHRv#{`kY(lcOf9c!7?ELz&=2?C-&DnI(v64}e#!!DH1aO)?LoS$4)g_Nyw z*0*prVFW+UI{Q!|y5;4qw6aHRj|>dkvF}{ezCMRdKV;M%+6X#_I60tc9OS1^)Fhs5 zF6_E;-~vEX?_CC!;oV2X=@z%DYApoN0}ETmcLv89>Fg*pw{w2OTumxln^&B?s=ETW z10J=>-D(=5UYTr})eCY|@aW$C@Fu~`LGhZ`!vsczM$>eC=%)z!f zBO__{tm2D|tZw*DI5ml_qtva;w(c<@=(zWTILrBn zxjD^MpH9~`AVWbk@k+&aE>1mjNvj%0Rye&*(@@c(iVZy@R}uhTRpGh(>(ca109yGP zwzUGuI8e(L2G!%Y=TgDVnKEh6YWk)9KgKMk&7-3VUL?J3os4BC+wE)wZv1=V`IF{{Sea zK3?4PIp(S{v6DyCuxp8_=r&sChoZClGdOnncNqOt)^+Z!_KSIf$e(C%L*aN_)f35P ze3z~1_j24^O}}pv`RfR!cUxHhD-kE?N7LK}Vxmv@tA}@l4LFayK46wd%eO z)HI(COJ;6tY-fq&Stn*t#fP9hsIVDcJk&IqFD`EM=+YZW6}w*H6?Ec;kZe zUABmm#z_1>3YQYxdY^mvIBOT)6tmQI9TM|KjODQ+5U2gD)X(EB1t618ib!tnerV*} zxl{yjN4;j?%w&(4JW24XZ}>>2@k49+eyeA37%8>6ft2TN-)z&?JC&JO+`EGxm9UNp z^`#^vk;mSf>rXNmOT-EL!>XFIq4?3XTj=iZV4D3w0YrU4_o+2UqWnbH?6rRkJeT(4 zPm5?V6(j~e_3}-Ji7qtDqP7MEwA>FT?|nrEyyw#TG|zvgY5K%gNenJLveAwU4z=0X z>H3_9&WkA+90AvwxXYo8q&;j!ysasQFFHU&u^f+Tq%F|2o>~v~1)#F9o5)ts~7;Hf0az=XR>0X}S8oVp0SlsQKQF)>O zjxrSY1mdK>W_i`ej8qyy!)wDnj}Tf-p^VL<)P6XB4{)} zx67(qId>!M`;KE@Q}xAork`bfb*kLOEF00}IAuI_=m*lZfrZZ7Qt-49fpZ$R)d5P3 z){U}9VW+%$eY+&ApfNleu(6vhwzYpcJgm?`jBOnl4(7W%1ZdVY4zAh8I}gsWlN?=) zEpqn(QC|v-cs&8GO2=QmvADQMW8E)cauvTC%2B&5$sWhxFB?OsZjV#bXP#Z#GOPfP z*XvlGHPx=Pi`#3LG0Sh9?P)t_zw1Y{A-zkQ4y&W;5E)&<-Z=*Wzl3%loo-)hNWoyY z0l_;?aq^0H?p$Ti^Pdu4>cZyU8#6eE1V|UTuAbM$e-I9x4xbm;{{XUv2}vXU=6Vm9 zQ%vbnJv&3WX3{NJRJDiggFayd?yL=O$DSAP(!6uQEcb^bBDQxA@vS2(1MZCrU4Kv1 z^yO5^Qq)n&Gt67s0GX3T_+e+urkT}>9&GiNF?ZTs2grN+gn_c&{9QtjXOlKH8V_g1?d zHb~-@8QDW%hGX0WNoCJ^tQ~t*)L?6v*dm0lOoTJ!^PwbyH{UzMbMX)wHn&pFD6}!bbBD`IkS- z{{XLCOm>!nO)3pS?l7bw z8I1tO(g#7(xP3Rr(%ikw5tIN3LHE8*LLs_P8#u`5GhFQMQ0`aLHC5E^XI)n7a<(@4 znE8IS;~p;Xbb5b`r_`*j-GIUQe&}p-ilrMG#n}1-;Mc?$^ld_8tXm0SMG8!a31RA{ zzR&*vg|G1bZ-?51x~`if^3NXY35tN(JYzV|;ZNCwrhM1%n)6k*@#d$mU$v|@VY3Q! ze1pbEL&hq<$6HN8^H%=b(c}9td5hvfjITK~ojVKK>#4+9_}2RBT?WiqK@73}>76t4 zk&~0}+Pz;^);vwE!v(djnkKV_OI*k@2vO2-KXl@zgXW57ZfQf3NxrAdUMSoby4%Fh<(XXB3!_|H&Rv(OS--3InF*f~c%@^EFp%Ok+@qLAqhH0X^gVRH+} ztqYyKRCg8juk6L~2IoZ6@B9lScb57NpwDjmz#?}!CxcN^`gSo?yh2d_;p%|+la_Dl&rFf8Ds}yL+D~^V~pwsV{S+s)uA#^9VM#oWD$~qX- ziTwP3!Crr3=lF-yF3hw}=&onQE%o1Twd+d1s1r%R8GE zd)q;EX5hhl5gGF$JRU#KO7klrpPRoCydfWkbx#oZMA=>@nQrNGpxv=Qytg^|N2wV6 z1}pII{t8k1J<0JC!qWJM!WtvJ?WAV={a4Pcr{~LleAY2`*Rh&EUi2FCA~ucVV9WtykHgxn$9Pc;a-iBycY07bmSUO$;|?DOpK8`C=0oO^ zyOigeO`FqX_L|nU;oVO}@fU{fUdLInx=YJ>kPOD?cMSb;kH){dKlmm80PSa_e$#&m zyfJkg_7DDW8WYS#RTP{j3EbHxDb4HNZ^Dm9R06Zo8PW%PkPfGx+1+{{V|EH4A-vNV}U)c-}lI*iX(o z5W{H%bq2X3Xx6{;FU$TMTI_u2775^gEo4S~jNpO|dJl&6XNt<+-&C26#8KlQXEn7> zq^O?3;ca5-N0DHWA&`t9Z(n-#FBV$qo+$9NZG2TVOF|?c!ekvd_3vJM_cx6`$A(3( zU1?EivFTS=He%9k=#f4#&+&hSew=tW#j)#N7SJ_Rc%^9}2-rE?LF#+@SD}a4#2q6Zmw&y+)FH8k#~JkUFjN8*hROVdWu}2lPg21*_#`WI!qwQCiopx~J@nnMw0z#dq@0;i8pd#ii9dwDG^r&x<-L$`4Qr`D^VxtoFDbKGh- znvm0GWfLdLU4a3Hdm8os00(JN=?=0=s@Hw8I5edoj88_A%JsZI;v4IkV)DcuVn$bo z!wUJf+T|~1!i8PSl~OUE!l1H!Hb3kJlt8NX(@I&_zE8b$%?6ctk8?chWT>a8$zzTM z0CBNKx}2GXaDd?c6{DzWmU?BZ6RZ+XBQ`Jwa%rW|4sT4;^nF4NPJcS$3+UU3ww!zC zJt>zOptO~3Ey+a*!+&_zsx|_QvB`TC%tB0;T%LN=_F8GPwZZw=E>9gQfW*1fuA1r? zEoFI7FvuP2)%-uHN2L_|YN;)T!x6;*bN)45CsNfLQi4P=Iu9@qF`C?qTeq7?g4)=_ zHKa%eN3AO*s1j+KrIeycCU|%lRVS~~xye~IO-AP4C69r-YW2lsCI&X8V|JGjF6K7i z6)Epq`VNt$jXP7k)j~uOSIRqgK6BfVM>86BF?8*E3tNUrjJr|J(!-O@dm`u>kBK}M z`o)ZXY%$1N%VWy$GI9A*ze3|34=d6mvC?lQdxG}23QiE77}u?6-aEFv(x=g8fHM~_ zz~JC|&}+)hOIeN!s|Hx$+R?X}@(z*2_VcQL?ual;TXD zGJ01PESiR>?QwTzBMwdioPa&31cmL#RVtW;ZC3Zqo^@djac>ftuq5!MJJX( z*gj#A&0!_n)-TV14+0E2cQ?qvdWoH8;12j0uPE`4ilo(8>97Za+%`)o<*`iKoKGp#bh&pl&@;02KT5HoNYPzF z;vMghFeo~fhoD~gl&EtcWl3Ah?2%m{G8&Mqn~5k zMz3!@oRPsZtAT@`;;fg}64OkQINl{vK=d z_r_X$ek1W+-;8c8(ixC6HtMaF+1rnL=BqQ-!$QXto(sD-WgFs;Q6_t*eq}Z$$HlHB}lOg{0d)I}GsnGu0`YQ0Ulf-7#BekIy>#V+i4WFAw zsOk*IM!QRR7`h>80*-)pu3N!(W=BA*L{4%u+*g57>VIxfqwgNQIYG5y2OZC;t9ovo zd#Oma_R-66D{-|~JXURXJ!)|?d|4Kupy*n{YC3i0y|gRlw30%006XUu;hquJZ1roa z-K7MIszyBs&0^zYrYgsBum+S6#C!VI^|VS@CPQP=r0Jy+j=gKB8St}(gjMQCop6cQs#zvevW)~Ax#+<9?y6Xr84V`@?IKSh2&cmied72k~#7MjvVFv-UOhIt;D&3vU5 z^^J^!R=l)gwz4FEXK7qG$pm@~*QXd<^DuR}sHpZX>p;~!SNjM2SJS>6*iGUc zQ(5p#c2RA_jWx5vsLny_h~3!Zo-6n~@aCkNXNNSsItk)?O+DJqXCKAolE2VaIJ$aR z{#p7URcU6Fs=HK;NT$16p5KlB#{nPZ>|k}9s4$oZfC3J2qj zKgWN!_w5mV;h62$!&)5Ho*spwz+W;5@hCp5BrZL%UpradymyeuP&w?l>%~=Au4aBG z!&r&SC&NywZcY(y`?k{D{TlFRhHSs#3h?sBZW8`j%RUGhIXy-`mE7psW~HUOrLH8VApgVQ$y6&H3=DLozLC%#eDbijrENpR9icY>8l)qOb%oO5HVeg zV(<+r)@RdS6XCP{tbb#V4fsb;(`~iS7FfmQSY4{(TML+1tBvu0M%c? zw|Yh1qYF)`+FY2XiMVu@GF8-%UJYEO)cPI=pR%cl!ONuY@|LIQj2BRN+euAhLXoZG zxK|bUjN!)LPF{kLPD07<6HpaJA3TVc7bo_C5HEsr(-Oq<#}?mhUrZ zHyVoCY7xiJ?wv?HeKYx2?jMN$D!;%F+O+tePkXNtd?WGnQ8nAZ+y4Nwuh$4zfxrik z)K`5CkK(_i{{RNOc4I=i`*f!dM;CP8{spI@`iT^YG%?K)-5aQ7ow`w`NiIfVj>-&#gu&d#Ca@(UP~b-;0Fq4~iaH&|&7?sL z0fzoPcGsdL{(sA~E_kn##Kk7h_V%2vhdfaLyNAuwHO~0IL49LJXl;xwa*QP0db*5d zPwV;DJtI6u8=YC7N&f)BGhp#9r~5~EW8jQ;t)c0@DUwMQqt+FANcP;@Q)u*vPqH!7AAgrFIgZwYN*R;{7_(@v#Pc5^l z+rh!X{0(U7KL>RUHr8!BQi)PF21oN8oM*Q*dlSvA#F0_8&oR63s`y6scZs2Yn27hp ztTE|=EA8Kf{{XRH!v6r<+xBtzhhv~ar}zWoABS%YHrMts2%1@pMWQnhIY%LZ1Ex6l z%h+pUTF1L+$tR{Oimf)8`tD7RhBpgO7e(F^ijsZPS4QmCpXj37 zJJ>jIACMS#6>q^_KlqFAr{V^a@k8NBGqFi+f`7Y zF655|3gBR`OnMS4+dpaF+qdI~?L(<}c3&7;_%Fit+H@}*5$H)UGL|5=_mGp02OnDR zRqm{QPfNf&jya|uG>jUR2&l$4_iVIHuC03O*U#g-TWKyNxt8gC+o@QY8M1e0*ENNz z=vp6!>~$?s?O==KGci$)e-5?BS}E#&=SL5151%|yCF5!jbkGZLlrjVSN^7(5mawud;_rt(GtsK5=fmmKkb z%TPO-8$N!$cXo?D9o1rA5LjzBwyZ8;&KNPs9V_)C;Qs)|4~BYwfv#?E?^i|Et=n`+ z!Mw|+^z_9Mwe>t4R3$Z`f$<08JTF@e*ic!ZH!w8Vt~{VPsHRVoi* zqS!L--?y($^?=y{yg|gV{vZ>h;)m@k5Gxn zn{HHqK*!7vuN6vGJnFDGZw&a?Ptzw5-RiJgqU2?pIU}`w8Q^c)GSk7+T3^AeeWoa7 z1jDy*ZhO|A*1<}iria9@js6euABv&zRCZHXysjjWMuoRFIp7a-T^ENxXrB$oa?2Iv z%x*^rV<}EJlzOnjb96q4@VD)RH0x_EJYQT#Fqh;RJD2dRon!WlwbVR%+VR!xt#uPB zw57NuazCK1h~g7G{7zE0N9iVs`$u>a!v6pbbx(|}iKX3%( z6P|bn@tV_IZTff@mb#7h*yfGkP01zzJBEEteO3bewm;6#q;5JjIGVLJ8#qP_*WFUT zmW?l!&(lZvgQ$FA@fW~5p9>cAZ7suJ7G0|Yput``XMtaJXxF}c#jc1+nfDxelV035 zKbmotdvrSYXeHW#&hgjWRSVRT+iY-{-rRlTo^x8mbH}L@9_BG{#buBL$9m4PfLhF4 zXUjh?t}9cSo`t38iEzt!1i4YqCjfmbW=ohnrnH4aN)B_5^c?bf85g>2ms^(MjB@Qb z^sLKGEiKTXb!kZ3yEUW?PJR43m)C|n>xt6aJd`*i>07_>j$1=y@mO5k7^GpjbDWXT z)`Bu5(mbpoa7g5X#w#~aLe|oGS^0Q4>p_&A$g~^ywAqsCOFh1&9JX;Wcg|RY!K|el8BAu6{*Pp~ z?&Gg<_p?%7=@vIO&m^fAoVmgD9@LYul%0+m-(E$PtpQbq2>_GV>0N_ro_3yyi5OKo zi*zmZscgidX%>xmjAWRTkV=DtR&Qd{Y+fYOjv13OA5;EuQ5)P0b=2%y?V_ACVMi^F zwaoaF#5Teh;g5FB-3tBhrD$f;+~uOaYdO;41~Plq3(HtFS>ET%NbXA#2pvTQMOd|^ zv4bjDp$4=rZVO zJx{F$b4Mz#ePR^3?JeSwb8FK;K` zHOF{{+S*H|mfprF^Nr;PQ|f8l+AmXryjOwQ!0E;_iq_GXYFid5P|che{XOU$-$QaO zJs@j`e5J^Oik*&2kfH_8Ogq#jy$+MJiY})=`e2&>W`` zqG|sC*!GddcYN2kak&b_V1@0Uew8nYWxCbvOKHG=X`liYZmKiRe<}$tOJjQlvc;;X zTg{+gbB;Kv{3!*s^!JIX$s|@$t16<6tjsfKQ8l=ll7nvp}Z5|yIm$<=cVh!@F)suKMpwvbHlc2_2J` z`Jz#`8UAz+n&*@F-@*R?+HDcj50$7scD6l6Dkku>`evPPZ#0iR;6SnxInF34BxAv1 z{zNE|nE+77c;}B$YsS7Ncwa<&SQ1feCY-TlQbS;R(PK*^p3y(EENmLtC-R*@z{YX~ z3orU&&*rz4kU2Fxy~vXv;+;25)x>RJlcb;m7&!r79dJ7HTwbX9r-pRxI)4xeBvu!mrj{!ki0lo;!?;CM7%IM|u)Is+3yT%gqP9zzC6)FUjgQNb-iI?- z->J-Lo+YsG)zeL{Db%87$VViwKGp1r;|(vyT3x&NYSED+jBhfXzG43W3X!;+O~s7T z%`{{f$T?u6wRsM)rCbeFF6`h~*?2e~dk3u}E?sPTe}%LSV_%N$-g{+hluhVIIrQSW zza4lhShullNZMR#7vO|=;7qXtfq_(`eGPef8-EM@Gw}~d)3rPMtvgfEG>g)xg5UtJ z?icyjtHYpNS;)v;BxA!cZ#)l-E9Z)dO2sWTJqN)SjL<9^)xf$) z*?-n_KaX0<@fU@>Ijc{19fI2ZrYTsvC(IAGHA$AHVCoGtRgD)O=Z}UVW}3XAnam+w*6y{{ULL z8;dwJ*jiR;N+wzIGEEVmVR9pl@kfrYZFJwV=-Uf( zHn-Awr)Vz`3IIHl+*Zllq^x##{{RZD?CjFw;%MN!j0YfdxK}AZilEakj-J;3YOHJX zdSbOvMB7^xBJm&D=Qmb%_XzmNVm)gkP}KDuUSIU~_e9pQ2tCmc^YIv`OJT0lmd33tsM_`IV z1wdN|y?0Vv!KdcZ;>Js)k-{vojO-r1)suReN@d2kuomXd${U}vW9RdUV&44!04gnX z?JWb{Wnl<&yEqF~8TT;e=xANvTU^?$t-Z1|jV9qQcNpj^nuyHz5<_(c##4Ym#}%#1 zOxHoSb;IwB4Y(sYs+zo>P*1b69&wCxq$4Zrkxj5)!RBpYxDNTN{{Ug|;kTYEb%Cyx zfh*i+)_^Cr*Q~rPYdo;o+j*w}i$ojru1m!lwXcYG&vuCU!5jcTN&w5z8VH#dGN~9~ z0}j>ITuB6S?19(?3gtYx?zE}nFYjJqj&{s%3dK9z~$i~UmB*2dXZ)plfYg2&f1 zmgcc#Uk&)5QPZq%Bh^se^a|U#C*O+mYw4!db(x;x6K;&>U=5x)S32GxisVRv8aU5W-h)LF3F5T8MQJVk#Zoq(>sH^y65BwwYaC`J z7zCin{Ao*KWQ-dvKI2ypdo_%3G0)4K@z~b>pQO%RqFBmAsk?FGC(^MXrLEe>6|%(S z$aa#$>EAWxg4)JNq~80Y2Xguf)(ldO$Zw;yI(n=utnSzwPw?Wg?d+j{E;ftFD7ZN} z=hW31IM{|FUULyF(B}gqitQwgBDRg9+z!!@+>GL)psY7Zf$v?Q6RIj5+d#&BtE^jT zPX3wPq}Hg%}-8dS8f_LX%9A4NiFU zsSf7fGM&xx@Vjf>vGcSR$AI`>Rq;&vj-97kCaFDyjL2pwgkTRD?m7zgU3v+$8;drA z8Ux=t3d^Si1Lw#gy+^HS z%#5YEt*=L__)zGYhMtk!MF`5z3|7yNqkXd4uv(8R@PSXmsLZ%0RI3l zr9Ww69ByrDK0eXynHx&eWt!#|+bj8s0x&)E(z)|p()4AB^d}>~ zTB&MXHDlu6i<(rrcaC*o0s(0onBgeg1H1Zu-WREYCc0Mg%B+cgey0 zyVp7C(0W|Y_>H2^p!lZGP`cbLc13>_ByAbg5yM)4?F zfFVf1zzg-H!Z5k>KZ-O(dj`8RxGF&i7lWRa^UkYjB3|A7vgdr+`2wymJrCThi z5E;}skO9x|)>n&sKE5jO#-*a%%!W2i$`yWa-9AIu^Im=>TVqOex}Tc5pMrHA2gUc= zGuz2+(?O~Bz=bg)r-=%RmBzn}T*!P?N01?@I zOz^Iq;(Jz&FYSr5xhlhP$3jQp)Ysep0Psm~+QI(-WUtzxbe(?sJ1>RaCx$y)`55hv z8TV~MM{-HQ`qtE^sn(X3KeLTj&4TH58#j)9Ht9vhv!Td%n~{&@_*b<2FV_U2w27wq zbG-+rwP!Cg5|_u%0H=(66L}OctlEW+Z!N(bgZx2HZU%n}{v5yHsz0*2d?5I>55)ff z21Ne=@UA>%l40A0({INPhw6W?*0PJS5=i`KzOr~VICOjIQ7>C6G0})0q4um>*uZv; zASzVgu{>kxT~yyghOBxV<HeijxhJ7TPn6cde9~I9ljOG6ln;^cWxg zdPGd_+Q}5S1b`{?vBz>~(ae$^=_cO&jc7+3yT)T+2^{mqYIRfWU5aT{oe(r+U>5A( zO8r>>0D?9C*tfs2{{ZcWrD(n=y}FO!=Z>a}NYw`Oqkt94&d(mqL$}J~4P>{u2KH z3(saEckvI0ru$Wh0}XKj<978Usad)zx`vFt-cb7! zk@;6D>|rzb_5G{<2j6@h_?xI+^wG5`7hB5w@#tUKylA^2(s# zFdec6aoV{ij)mClbjC=PQW;dnxRL@n8P03@ivIwEia%pWyjkHt4gS~u1k!GvOE+5& z6boqbQ*RN>0421H;%GPa_%1ojmL%hS2Uy1oz$eZ zIjQ1FF2T1Y=5ko!c>GO$bMO^r@a=_)&L*DHRb^=2LPGnGO6a1=#4Qi4?Ken~9AUH5 z)K^J!EwVI4!=nWQuRnmU=xlj4G%7Btg5{u=cPMZMR~W6^Uj;Uy3)~yG`S}4yIIUxD zr#eRdm*DG@=h{S5C;(ir1&wj~-j{vh{Z-)9t-jCQ7@iOGt8+t8W%%x#N3^gf>(Elb z=rssjfXE0fk=BIuC8ICLu|&7C>bAC0MQp@jS3C;NpX~N}ZMEgS^UoxW^F@=G{|ls_vc!_M2GRWMhtxFN8#_k2p5`ODzF;}pzVyAJqJcJx ztFD_Ry_KYBZKq(RfX3cB*Li1s{f%<>b6i|Sxk{&%)Dj5K(uXj$k3P~NztDVIH4A9n zBDi7aNC#g`*U~NH2<_~?)NQTjx>K<*2Ll~XtwB*|gzB0eqp00YJ(z%RV%+iuPc_%B zgQpJ1FKo2E<5nUC6>Qz>kcqA#}yASwEmf#rVPb{_v)~Ue=!108-ZiR1SsLLUHi3kcY z-?#Fvx585Eej&H9zQB&nWD4#_1apC(%Ccxl9aqGyVeB*rv>REQ%p(lyal!3hG{Y?L zTp5I?E0Clfl!i|w^p7e#%)o=5y?(UIySBP$qj_Hpdmb}D9d(tR#*t`~TQf#vJ;wsH z?e#h1Xk?XES4Ib?1lEvXdfu1ey*gbwYpLUjZe;<62SHw0;@^k%winH;X|v5es>S=y zFkmU~fuCB?E_rh7Nf*m+nzk3umI)IqUv4<>Kn~J;H$9|KTwVbJxhx4C25Q!?wgPud zv&PsX9Fa*$49}Lw%e5w0$wD|ET5gXA_HLDS5)?M_4i&nJnMkwJ7A%TJ6Lm%KP{nzqqYG25XuosibO9YA`Y(R|v%5slmq- z7NU8@zKtc#^!66-B#XG6_{Sew`b)!_vf1c1+GI|#JSm6Vcw<4Nc07My(4xK8&Z#pO za7Zer<;HsoG;2${eN@Q{MwW!1mANz)q|Wh;AZ7%!lF&No`mK~Iyznula9Qc-fW-w!q&Q<7o z4xKBy@QsvV#k}Yh@(>KWRwL;HQ?xO{Hv?+mX&X9`?Dx?mOPvf zx^c*%nx0V|wDvKdDZoyrJxy!)X@s*~neL2?K4nrq=&YQW(&%jJ+MF;fZVuN|!2+`k zntr?r>h^I>X&MM@wTcoyUAwoj28r0mRudm-+SD4 ztzCTXu%E-0mY#OHiUfXNEuMP&WOc4evpu{tZ)CSS%?C)lOKmxI6oNbAsw7zYAsl0+ zdPnwrkjv#n*ic4u)Ys2rDxd3Dgxn`Qn<2yCYkv_d%WWklua4RoqKbn zwyNs{cTrthy{oAm0}i9!xGQLdv)Mv}V?%}GsRP!$hdoc!>Bicgy`nv|^Fk+c9Bja3 zjD_dDZG0{Gfp=-~X75eVZY^Vm2qnujVYjfy-OsVD;~fV&yr=0;jO_IL-+~@5@ulXS zVSi;7gwWmFgc+5X?ca}H_5AW!*lJ%7J|*hY!~X~BPa7CP z#x_<;lC7%(KrAYnRy0#Yx}30T8b!sJge1g*t)7_A`TQ&A>1>9ZsLd&J zzkXYcS2VXWtjX`S;#C&JDZLB`-gr1Q?HYfKEqrD0`u_mKzAdtu^_06wE%vbTmNA}3 zzXG%7*2j&ClRk9#wDalSD)3xoBbf!Wy}X3-tGkeYGx=0r0{D}t{0sQY;O`h(-L<`x z(+MTmcO%Bw&PU<-*QJJ;@)?BOX45~ay$Wv)e0KP0p=-7i+s$RD*!`ruZVuN~JmcKg zz@9Pqd3U60*ZK~#r^#z+EKewB1aF9g^Lq5h=U%KOq2b`O1qr%r`^)|bDf?+^9wWW@ z@9-z%2Z(Ma@aBhW8~A>C)UwBE7<85ue*XX|jezUJSMy)u?}qSrN5wx8^gAnvu5=gI zZ{ERxAU&~}wiBM@Vz9*2ylj3e;Py#VFXKGoP>rb8U4aqDLtMhYOs2YsslAy-(~4RSQytwuX76Vvxp#i9NWkpWsA^H;J^*9z-4D zg6PA!*X01WaD8^xw4iY2SpNWL3!kL^CHE?_Q-k zG3HI|ehI~#Q(9O|RVnT8$I?-^=X3F+Rq+MajeJq@3*tr9f>_^pqr^A8`E5L< zw)5yQS9IBSYFZ_{un9cNsG=Z`Q(W?PCk-VE5TzZWlKYj9)2#;PD{E9(6cvUgO@Q?v zcCSM4_4&DgiQ~rB&Irg9Q<0r&mOY!odQIK+we7~1q--HvFBPHj55dO&0Kw@ru%GP+ zP_&%aR8fR6R;d=BQxoi;)0K~&;tYcgkEYdlsWhFuuiNfFtG|Q(FrUYN z4ZJJjYrESE{YK)|P0W_V2xS}+2W;?h?_bWR{2WW8+(oPY$9^dgMfPa!^@|xL=y$Ym zl~e7*AI`L^KXsqwH-lM!)I3PS;bg7s>q<8C=1BYtv%8E0M+0#^MRj&eVb7RLn)!TL z{@75}8VtU2l_ikWdzBb0gzg{8y!7mL&N>TiE!LT->3Z>7{${*DNjt&7J<8IfCNW zLHtP|VFdle3~)aIUZx(awU5oXuOh?O ztqfI2CsGNeD=Vb;N%{3ZL;nC}sP8qM7H8C;YjigWzkfbvbN(j3MA9UG^hj+W`!>TK z&AbulYtyHx`5t#3Ny^OfeM1&+t=m3+@rIcV&7=}v!6Y%qFYii@RddaKyZ-Q(9)Y|{MQ4yFSwIlL8Z$Sc5CGvvnS2RAlC*a zD(wAx!3pzlrd|I4UTOaT=?J4RXr0Rva&igpS#yCWnA;99`PZ9dkJn>MLkc@)f?qa0 z%HWJ*y(_}ngw}T!_mjgN=vMiXPJ~s(>QAvd1f4EtmPpYeQb_=I_N@N^62Wb&X?L1q zm4T&6xZZvz8j&c-voyTg*S|3wGRC~6U zc^vj|T*eiF7|*Z0Sk*03;>60RJmvX;HJRztiOO5ZQdDLN!>2Tm$jdn#Z|zMdu;%nM zZ$x+2o?EI5fI(cGWY;U=8*NX+Q6DD|PRJd7fgDznJi76^JX^#c8T?asqru?aW?=-6 zBY9KXjjEtzbMAPqQtQF*sK9PxStnvQGXO~jvXeYYw5)OWI#APHBe++I`tmVa`WK9R zG&L(7CsMhB!r_=I%`e?weB!az=1QMK(tJy-X!<^(3|e1_G~IsHSAUraBc9-c>0LgL ztHY?ovpG=CH!e8hwTzvE+1T7|kpM)veDRve)Fi)(;u-fwB14~ArpY%gnA{@DTN{RJ zE5vp}^F+J~p{`>6+=n*fZwHdcK#Fa)YowNV((3`<9Lkam+8{6=XX84Hii3-3F%8L z%cg1<4y55^nC-{8=D909JVRS;pF(ax>dn$z^VXY=kod z$m80eyS~&#yGIHlN$P8=Gd@2bPCAzS4XW#q!F6${h~jl-Am@f(r8h>A9$UGN)?YIt z(AJtW!sSOo+H6x`$r=^yT(62eA!+@OKB1+}ab@BthHafb@3>+33abq+hg0E=cl$?3 zvlo#8e-vS6QQsZ;t2a8T?`YtSnR;fmr1dm$)bf8H{3!Uqz5@8|@sGm(75H!C4~N$_ zM^4r(?7UOp+1ud$o$*uRMxUW-vOTtoYh&lIwq2lr zIviKoV4)>RK8*hWHhz$?ONy~g{{VCU08PaGWbmKDUj}?Qv9_@Aje=W4gStX8OP;5m zmF;>LhM@8qMv-^tCq1j!j>q$+B3HW`d1W=cbF^%%{WHy1)9i0Z)r|$J=+6S_qZOU87qj(3adkW6dXTOyh z6t^GU9Zed8MpmxZ(OigH8H2FpvD52VYY&$@p=r0j1Rj-Ek&BBZ8e2NC3&8c_y1xy_ z9lJ;-VVncktv+t#v#Pex?KM4K8AZE04t`EBJ?mcQ!c{=%6{wC-0qQo`O;V=9dX{cOG)>Fl50myQ^A94jt zsCX|{(=EcS-M*r}SYToMqdko^0dgF4nnm!DC7v~aD*W3HYh`59!UGhM%WxMRe(9v) zVq7~MCbM@tN~;WD?yNE!89&r3bP8Rb6f`9}+_&N6tYV z=~$9GSS|$8OOqn!C)&Cz8%4sfDoHsby)Zf}c^OsWWI+d}IjS1Qmt%9MNMuq99l-kg zPzTSqa$Kd<_G=4lCjeuuaC*ddntkjIb8kPD8+n_E`A@g&K+-gIeG$B8Zx*+23{VY& zYJ}U^a0lUDdoF=}0}^4Cp)NNo1KWxR%5%OW@TIb`k>z-UbPLGOrE~rt@bS|cMsj4C zn2p%S8Q@S!)=%Kc^)l`a&ATcOoF3WjQ`>k_dx&<4q_~P9z5br`5zBLu)?rER=CY01 zVpRa1n696}9vrcF8Q^wEM&ilp)D)GpJ(j{*G>F4)eB&J}3j41D~8o&pG;>Y`Ejo$O$Ks}jH{c-br*`^>_WpD}p@SkVbn} z)xE{mps8-ku}b*fGmL#HHF5H@(f-A2rfE>e9NuiaFUyigPPOJfFtZ*f`yH;d^Ib=7 zR7Rn(z&RCwtXYy5)ZR63{%ssK))e~nhvw5yv$hWx4_Ooa>q=7UJy$IiOfhV@NT zT9Ro*Qrok$KH-i%v0l;O-9Jv!Evn=5P0I!`+MF@3;-Fx`Wy&h{Ey0Sb}lZvSpq-y=v3!FTN0?dX93{gqKp!Zt#7K*A`P;TcmSJ ztZ^GIcMx%meihEocWdFDH(%Cu{U#KeLhkDmZB;!p)6fb%n<^)ZXqmBZcgj&Z<;oOG=l*{x)-OIhXr07MOd3E^v4Sk*-%&UL>5+xWR& zI~({^LgAPRm3OG^gVwfm-8$PqM6$57w}FvNWGK#lluBI?%&)TT)Hgg{UAEn<*!8Oy z_Tt%Mi6u|69#CicS2U&30XCbcN1#kDMcY9MLanv2n)JN~R~pZqD%-~BsDFSS4|7BS z$?*^NCY=lmG9p}OCnKn>ogVK_j>6kfx4KBeoaZ3t>0LC$+2>c@BDL`i<@L3I5-4(m zj=xItdAuHwYL^;>s|2zIDACFMKJ}&g8A+JUWenF#1Q4mqV=JC3tkblZ>~gnO(2TG< zopXWhSMNbV(~#m; zIW;G1fV{I4)9+@spz!6f*?BugvPbt+=M7nepi{m`Rv9CN5xcGjOnO%ds9(WsrUEjo zaO92!23)4rhc&2@%0X_Wl#FActqoU0)f!g2w@BrY&zTya#|N=BxY9W*=x*Y}ND9l` zS37LFjmD~?StDIJM<9+#pbqYPIcKpA6gW8Rj1!9Ut0nUF2@>F&OO3}M^*q(aHyL|X zwuV?y(d2nl;QA3sU<#nXBR3mbBCb)WscFjiq?aa=tRvt`4OC06+RM`Bjh>InQBAp60NT zdrfo^D4aIje-P{StjQADWSUr_4%i`c{57&VV6`)uu2_)9RE0<*{{XM;S8N5`6HX^6 z%6VLl)H73RTl6T>BcyD8P@~jS?APr~0A2izz@C2!%5R~RmZzd=ut9AbdCs^Tbf({H zx=D#`pi()&!TvD#P*glot zd|g>}y=iWx2`%81$k^(+1Z~Ip>0er!K2DW88XgWqr`jdet+GoS5`kty0AM?NjMUoA zrS`2nFk43RIs)vg&PRXq?NKwe5b2XzT-{mtXIQkdSkKKAjDTgm3F}&m2A^lGO{ZGT zy5KUBp}7Oteg>fd?NNAZPqup|)Z~ukCygC}JpuJoO@l-5{r;+nqaBTdCw(p>4^tjui4g z98q(&jI4bJ@z26=P4Mr)UN5w1?wmxB-EZjk@dDbNBJv=GK>?M3+({Mk#nzP*Pj_`RtoB>JaKoN|{Z-Ke!KtpN zw|pq@=Y}t|YnUL0BNEIbRLBF8bH#bL?OpKq;n#*d2M3BJW=|7ZUWnz5WB@vzfDXJ= zRc&l%%zVM7=o%M_ycuz;*&ntT7j*Fk07s5N_r?W$nc^)r&Gj3ZqsN`N@#sBhPTL6c z4Mx>gcXo}H0NcU)!oJ4+oW3Ml>33Eh9KXGW%F;;|7#Z`09+lM@XeN))DP}W#kxq;Q z0hI5G&`zN(%K|!Nes$&ECh^(lYARntu!YNAp*_1c(l!S#$7|hvQ8NNk5Y^m+^)Q@L!5KL z`c_s~v61{Q`0K(N#*HAh@ddm#el60kZZyqO6=1+g6Bzdc*OIxCE=hI@ijl8Tho}H_Xy0enc%=tJzovWc7l8wyJ`w$m9N1>|l%O{vOw_Y#@ zz|d z;VCtws(xgh7!)HNITbCPa6izm{s{B?b7>#8FYJfl{Zmuap5x-zgkg(C@hmR;uJuCHpU4d?`84P&Dlu6vtA8>bZ{uRiUrgDk+xBmbI1^t_}{{V;|4fQ`4 z*;~a1qbQMNXz+ZSmHz-_blr^pCcl_@Z7*%b=AWuW@ak65m}ZH`Dn)eCIi`v`0{qTS zM?Gm}mKf1lotK`t;=3ucl1oy%LXs7g1FU&D`FhgB1Z)Xe03CtqYf?(*dlT|!Z%#TI ziD&toVEnkiAH--jhQ+ISN&tlv@J1W8T!K}2-*DbnBOa79NWDoCHE7#;KjBvVlX+wk z*5X@zPTp0zw2>PHWMJQWc2j5eum1o9i2by5UyR=b^#1?{>+{DJypJB8s_%3D zfqsjKrc=}jIv>Wrpl=8Gf;;^x*{{{$yNH`hxcLMy<3H!pu&R!f&Fd>mogEs;7HDE) zBnLUl9&uT|Ht;`%J~jM1@vp+~7~2b<2>6=9TM3sR>ZE1BVV(nL2chH&^QzM4i-YT- zoT7i5KkdK!G5Fi|O!)r*@fYFOiM0F2wy?T*qPX&Ww7Z8nj%6M9E-T|nWfP#55^;?3 zJ5!@mnhIamgxKHk_N?(r$N`9{z|Zj-_YEfRNs0k^sadVo^eR+7(s=dy)0*mSO|qO; zo0Q7CAybm2k4pO|!?t=4hrA*1{{UKDLc-y%;*dNcvSTXU&*S=3!L_lx+iJ(T*lM=7 z&_LFxS1X;s@C9}@wvgU5Q^^^5z{gter!&l}4NR?0(lK2v1`&kaduG^Qfk0}wdl=~yt^NRzCu^KD`q)kQSyWxF@ETOCsSPPu|O<7f8O7`-?MvceG^Bj9tv1PavY;>uaquJF?Sof}zP|>2fwNoUHj-!urR6!qy z{3g1^{ic-+*u9X2P{;3cT|bF@Kdksm#JYZk9h6s*yaq?PjlMyQa6S2`bisL+ZS;Ay zsXV!X%y}e|c&hVgHulzcab4ak@J`1adFU%U8*>Y!=~gn^%{QEp%8b5H&n?YsYwvI% z(=F^HS*|6NLPz&={9o3Q4$Sr8@buhR>Cs%?uiAnPf$Q&Fb={o4AG~DLqB7~=kj$qY zJ?gniib&=3{{R+RMRztKnmcik^A6Q6qvG_s43W2&83jkn*YTuL&e)>J8f0R{jzZUD z+Cpj&sytza+z-mDn@~7-G`Z|`v7=qUWQI^mF&}dW{{XLDw7Lb3n2B|ItAWUD_N{IP z2BCGJc%7lspUakP?TuKB6ZEd}ZyUhc6nZ8ijaVsTkapvz(y@~rj}Gw{h^{rO^_6Ge z0_AxABU#HGnlx}o`yN#-z~EGY%IXlvw~Gb21-EcX>MKu4j^;gHC7Du4R|S;!KGX>G z%iUT_q~vSkOnyE`PYW{x5qc$ zAk!{vBXqX03KR&G{`h*Fccz#e#*yL6si2NWl4zvPKr7XM8tS|;rkH$11bUKwFY(!BNNs>AZYfM)>bizY;TE!74Cslj{$>7oyrKzz7E+hLquBJi< z&7RepcCjR@Wh414t&H{}f(d65pn`~P9&cm+k_n-)7)2F$O;bwMI z=xWX8hjHPZGSW@a`E#5o2b_~ZyiMN?m5xbL=(W2j3>p6bioFWj8*7MUV4_QWehooJ zMy}S7EK=Ex(x@TOjw_Y5zVfc4y0{Ax?gwBzP-__2^akPf1nkVow5=<` zakZ=lD6N>5+*>&{YeQ=ZQUd=yvBGl8n78Dk}^l-RX45v zr)=8A&)Y9VYBxFgir{1VP$YI*t;`U_rqqXv$pZti$2H7&M^PF+u^f!J66F_ny;mu; zc0P)Sb3)R-{{Sh}u6=R{uNkw@wO#Vkh#p3f30?>%AR3-htYJl=Y0%u?UR@3M zQrrm~9Q@q}^cCp#GF)kvlImJWVe%FHJu5{6dmL0=BGxbNQUbR2tj;o9u+KHSed4Rz zKs4)leAruu`S{K|QJ2RMOKTGup_2?d3WYxA@L{6pdWVT87V#M3hyrp?=}nu%y1$37 zq!-rvBi;fKILEzcZOVFXg0@mXXPQX2ebtPfb5-@EmIg60DvwNesglr^tVXwRT-dF= zEMUC~LpUP`=qp3Rcb7KyPoqTA&2ZVwte<=F0~Lv-G=2H-yVlk1_n!X%=?-LO&fNB;CTMV1HhP59 zvLtd$ynqx{9WNF#U6~ZeK6dhX0DR^^S- z++KkpQa`PH?Rnh)09A1Gd18^@TU$fqu`#CLdk$;PrO@>$wTpwNz;EHk@*@PYdgi#C zb+PCwdKx+ph;0VCG-(|zucBe*MLLx!&v1KJookxTtMJ$29D1Feof(!JgE)Qv043xu zzc$m;JPO{O&KyNH^gmuc9eh;qhs2NBPvSnYpxue@Qq0FSqOfT#ijYWk9D%{+zbZU? z;g`QlJ$@LiQubI^I~aW2bfRO+so6;~mW>tE5T&?5=y|S|(mAoSX=ViR>0GC`6x3{v zOT?DC--mov;g5*6kj-;Fi4iD3Nh2eJiu)(vSH$g0!G18Z@jj!cO#TJb?uuNzE1$AH z&V_wH`t^LJKY6B_-6A}lJ3bu<6vea@!Kbw-Gcl}7WY5>dTwWB zDs2g=Yv0(KWSWdZDWxPLBVg`h#xeNUjd+(;z0vin2iI)OR`(kvb2k1V&y%(cD3GpX9o>c`>KO0T2J0A`H(fCbBXGSw}0d$DmQvvDQnq8-e#{{VcF zPJdeF#KoU);SL&joDJ3|%UxPMSzVS(X;LKz{#q3~N%qbw=idtaK-az-UC(cMXC&Gw zlWp7|bjm>?Sw90^bRD%keA0xc7LVO^mh;B{0Ps(T{h_pzZ>4CuEz`*&JCQ8Wh6y0Z zJ&EblgI;OjABkTF{t$n`COk!{_}cae^}iNLeiGUV6kJa=3?}QFG-s(vF`|;<2wR>$& zf3qNgV7U$_$zLgzvZrw9as__&crW8G!5`bd_G^>&Q}~tQTRk)4o~fb@KljlcvR^`= z#dB{V;hZuf5s**JJJ!+A`7a%E>`p%^!)6(O@$hq1FV@lC-j-5pvVKS5U&kNW2jZvf z@veAhLio{XX=UOIfhy@b-I+34->My;Jea_cf)3Mz&p}>-y4IbgY1$@_t6kc~G>EFe zws*HZe*sAS--LMA51imBW*A2KXVLDOc4_&hn)BUgY-$=kuA!yKmQcVPkjsI=ub;eI z;n0)K{*ECogbqjr$4}O-4El&xcRzc-U{Bg^&*HC)JQwi$PqaP_yVATe*4l=bl`-GR z9zTABV<)e^54C)k{{ROaTK@pWll_`CC1DN3UNe>@d~!EJyno}gRBMr+=e~QxODyqg z1eg52sH$K5QlI%-Yt?Ng54UjIz+%2@63_KV32s!)PcaE!-T+6b zs2XVAVs`nAIODx=p1Y2Pg9Nuo-~j?2KA!dEo-(z64tR^e{u+Z&T|)O%b)6-Q<&z9D z7-O%scVW@+oK5bepH_am{>?ht=^7R0iFt6+UnTlBNXF0s$o)lryZkQjotKHcIjHOI zhDKf>IQdz-{{SOiy(wsaJ9v$YmKGk>bu|7fd_M5+#D9l+C5MUh@ntrg#s2_z#{U4s zej>aV{uUR6J|1{z=$c)Yme#hwq_Po~*^G0~VOsMu@;n|h5s06%hjYTdCh1yXhUV`` z)GW14KI+&{8$@y!aLEVUb5j2R!9J}oZvOyn4~1`~NL6ig?PhDfxbjWD+#jnEk8x8g zwtkzMVkEdv9IC5HQK^5FBz!gh00qu(K6f)iqhijDG^$io6{T`t$eezCR?&$V8i9j zV^T(ZjPUP>t!I0$2nDCvcIIWhni->cK~F4n&q3F%a|B|0 zeYUAB!@^_@<*?%;rF4kO>w-t6HFjLKI6sOy4yUbn8tiDX`P$u;%y*E)qnT76n0`t> zI??cbhNG=`Rt*orw({#Yx|k8YoN4n%A?$q*C;3-RI&Aq|@y3)DN{-0=%l`m^Nqj#~ z4qE&}@t5s6;u~)bL*N+;X&Qahf;X8S5`5>+-c<(+j->l@`4RC$TYnJ#)ZZ9BDB48d z*n0k}b*Ne^438kNR8}6lR99T-+6%isEa5ywd|wjc>ZJa!P7sV=NjG^my*7U%Tf+Va ze~32vh3q#QB(#}hkwYASdK`XVoqX@{A3%~j?-S_p%0=CoI~W29!h@gJ^sYHmKX}2- zIdU!0Tj8&YXVrA;WJY({i2h(l%sS$}hPG6>i!vSp@(p7so~&MnGku}R#65@%3C~)= zjf%{^cIc%9u02g!TAbBt86G9pAcFK*q=pF+6_L67r#*j4-}uS#8^OBQgM1}<;pror z#4uZnTi62Ooqzxz{=HjD&9lv|SE2I_zr)+l5oY^Xw+gDlL9HFB^ zp-vAKpDH}+lh)>rz2W-{y&qBrH2YtW&l?raTm0s`{{Y!&{1EYegRS^S;y;IUd(BR0 zeA_v$Ap`e|!9d-)#cdi$^Qu=!`=7xdvPZzZOX1&*JV~W^Cq~onqSNjaNrJ@=!-fZ^ z{{X7L7qp9Af5Nf0pQ}dGymQG4JY=277=g!b0HrD-ShKyK#aeu66t~7(XcGXlDaRGp z7%p|#g|>u{-fFU-5JK&Bt>62LU^fiq8oW854d|3EJc65)5J_*0ktjgte2gAU? z^urE4tA5K-ivBpvOtQe^zj0Yrg^En&wVw~yCqIKu6tH~m8*%9 zJAxbn!#uCCu1UwKNa)Py$^$k%{VUJBSEWS;sRZ_gXR?`h5>L#nj`fp9@j3R1*9IYm zQ^iI0>*tiljuhvgYQ>|f6$@T$`-+*RecT>vGe**7&~MyYyFH!6rOxL2u6<2iG(~Es zsLv78t{xkO{{To{2>$H=`M4~jZ_>JHo)#+Xv-Vf}Eb@f{FsFCYxZe%0+3k!oJ2CTE z?)KbpKP*;GxvXiPTjD71G_MkAGwJs&4ZNVF zv9}x7u1C}Q*P>~|Y_{P5e2{u|t*FaVoO&M%{@OQJ*1j{*^!pzYYyKV5ukBCU>}+pk zh70ll+9r)o*Eq*fTEDTJcgf-}8{BEe-WIgdQDTk1)<}Tmn0~eO*=(DNNBOJtkd?Tq zzob9(gno>vcBb6^@uW3 zNeaez`qt)#-et6s+P3xN9&2t}YI(CdIOBztR$ZvX{x!sF60~=+L{2bpxaew>%w-#m z)9(;mv`dK2IrKkD+)1}1`D>G(&lO1LXuYLGnu%qWeUdLE9`x(Y5Jfx8lRV0K`cPnG z>K4f!)@KYz>}ylQH<8%9@3ABpI1Dp`TcOJ2u^f;05Sw(ky&S1lmjz-#W!}B9Gnrnw~?RN$hjl#-h(0GFsoH9FXb< zIHu`3p}vA>wIoZV-+;&axbIM4@6_xdu(OuVV->j3EU5-YUg6JQ*vQap_`nZC^DPqTo#cBK2?R}&|5>2ceuvisr)D!b}48U))v2Pvar;xwTnS3EKGoWq;a?N2BFqrwzr1x zT(zt!v5?5%bM*J1Zb!}9N|Vr5d=^5@ZT{NH<}!nvkC@O&-B|~c)nbiK z#~8>NtgHPde+eURopE+)RYKxXBp6CbaZxne>He01+nx z9<&s8AMles?WD%DX&JtXd#j%`TqcTI0xux1Ir`OjlQZD)-{e;nOkws z$_Mv-E70%n*ue8%Nb)u@mO0Kl&`g<^VdmYTa;*Skm0WUGo3CG5cy(4;71bC5dC4t7 ziPd;h#3xYEQyX*0 zG#XhWm%L9d?Ji?3>Us*U*V=?rpR+=Z3!mO(;DPNxq_3g1_M2U$?8VYtjBdf;*FwH4 zwrJypt>lH%_ii7Z{`3k-8NML!wvpnP;J#Lh-s&O5yLrYt;=Xp(^oewhNXKU!mziOS z6mY!z&+D)w6$u!r2zIYtqZ5_d^WQMglKMVNU9cxsd zPq?-gSNZ+YD~vudUDmS|{-Yf50TQaO01k)Vq@=B}f&Tyq!z2*ApS`#$H(+q4xou(@ ztfD?pa*V(dI;{shrQFc)FM%&4ZBJKA=^==r{{UGbJHYHc&TFHWMXF<3 z8w}pV6?d_pKBqUYT;5@{Zx31BYhGQtyDG<$IOKjD*Ds^^bHuma1@R`ecc;yu>JZDe z-WJB`6z8C=E^8f6HTZvXtJ`Z6yv=s7xeGo=%B(u}>t6XUif=TlqM8KKPctqIn+Z|J zr4rb#T}v8Qjp0}t&tKLBt;tdb?BEXL+O@6jbh~RYbC@*jzj%FBR$67FT6ww3V>Q?MzoZqVvG|W`O~NPa$pC@T8Jg*qWC`v>I)+(XGRIkIJ@w z?>#9O&d#S!M0Ay8yH79^l23Z_{{R(5do{$O(IfJs=Q~L(O=l&kB`*oVd}MF!01Jld z0U57Py3{Z9dn>ooEFry@a^cGI2Ygj>A){MG*JRepMSU59Rv>b40W}xIZ4T-5`K&Ci z;KH%_m!0Dt)cH}l;65ML$A_-w(=KP8OWodPSeDwg?`*fXHdgnxEUPO3Rl0Lf;i;07 zxHf;X*xt_?+^NZKnLX=+wY0jwy17WNP0R{ehd99W&1Yj%(ey6|X?`lv?_&hZaRQc| zLu4vr)7GkK`bLvtmU@SWb!(*Z%SSv1Dh4>@9`$fY2sL*8*LbJMm2y!}UI$TH+E9c* zEf|R5WFvw1c&%(hk<43ZGgzxhl_i;nmf$*a*&i7jh&dD)nmPnADf4aZ z?Qh67Y9m$7UAn(MmFFuqme-3M6EjMLd4oACimqe_ zM7pGr!1n0SY$q*|k_We?dDOGpuA@A~L$D{Prlr&@W&Z$eDV^hzB??a%?@!dVnCzMf zt*xYE)M0av!iL2t+=5%^r3T_vSe*RZK)}z^rL?bj>C-&rZ^3X=GS#L=7sA2S7z> z$)-=js=*fQo)~lZ*DUrXOGARy;)s6eG2Oe7p7qU}KPkg1g5c-zsf)ITHZ`Tbp79gy z1$W>f1Ylr$Q`#heB7mI!Lann{B8|e`Ir7AT_c0tEgWj-aE)j=Kryp9CEedBlsZR~F z5YphV&MP6KH(Qn++X{o9e@bdd=O1fhy~I+mNXh;#fY-fzIq=QB^iG_(N35AlbHbj=>-<4Du=m?qRgXr)&K75B|~j)i+-w~s3#eYP?P zUh$LP`PD_cTqPSHv_2(>#|7t&?CfBK|TiCU9h8MVj_bcqm_385tyiu!5f2?cw4QFk0VX4g^DLSX#ApZa_YN+mMV{2a3 zJX3e#4KfI4k?&%RZ!BADV*}>LUX}E(g{@@Me#>{L8B>1NZar&GWG0S>;`QJ5gjz3# zY@JbLUorf`6e&OcpWQyxj*oCAUQ^GYU9O%J8~BjB%yo+66k z%HLL7SyKwvGmzW3&UTyuUH<@%?e#AT=(=}?rqm`kWJdE$hYT^#Uqk(BxmLy;+MhW1 zi&c&*!5T{IdzpPDRx*y( zKSJyp(R3?~V*13(X#{&*HgLqL!1k|#PF>x zR19_N_4?M6he8j{txv<6zk@aXLrv6eFLbMGi-szskgXniu05+u$DR=Ii?d#6*Us>) zYQf!3?Ck`M4|>K*z~!m(cCz1OxSbd#!g_V$ouq2N*;3ivz>{u-lqD)htkmM41kqK|JE7q*x|X*7Wt(bZgxXY0BB$ zs8=}Y{vB)c?_bicEH(X0Le(7v*3%UP9n2%_O>oXS+}fOvJ=QIboQ-lA%u%<(*})_q z(!RIw-nxDwd@r!qtX3%eOJNzbyM@~X;QXzT*N#65n8fXlwm#7R0D^FS(z=)Ix%)|I zULv)g?mq`#vcaxH8~l?iw%nEJl{h~@Yx`Tixze>8OAU8GyG#2U+i34C+yFRnoN-#p zI$f10>U&4R{{R+Bkgk_^AY~wx1oSnT@!!DLUNG>B-e_nO#M)H9+E#8p@hSJ0-y@pV+{vT(u>Syp!hX+sCV}xg!oRdn!|e{sM(~%5M3#E}yeNFzeNH@*?t_kTf^n0A zPg?vcWcxhR37MEPvB^!N8SE;ct)UeLD0f4#iu1=c1a?!ky1mE~5uBWL71JG#Np5nt zmfJVJ(YQ8#g0h-3A!$F0Ir>$_*v-2U#8^lSi?s>HeQQeGthmhBkeF^pYI$_I*9Xx3A^!k^PX61spRot+YvD~_QNFmc_!;9H z-|XKMMt)?DXFDR5qwJxNBy)mCd{_E0O+A*SqS@W()2+pv&?VKIt7JSZGCA+ueiW+G zv=sd8Y}vqS7T+-5gruA>$4c-Iiyjm@zlSe0$m~ARsoG2S+Zh1og*%r%gnwUJ^6F^x zB>d^|Ux#cpD-BmeyN<%^O4i5O+)fAjEWT{)OaJr9Ih-37;&8|_j)@$4zGMdjh6VCoN3UX3(i7XQ?zBLt<-qqmu~4qn`Nh zOtk+1N12S|%$vFn)R|-DcUN#3L}$~rKGHyv1rEsFM-?tNH-wM3KVd)GLihGx{i3`* zuiolcR-X*~K_q&9yr=^#FT8nkW2Xld{(@fzekf^vInlJw7TW4IH=1?xrM{-|eb{8$ z407YB4lsV8)-#RHgX&vL@3liDBoDOOw$Jz0sae`x$Kok;!uirKAoC&r0H#u}QTXJ3 zwZ}AQo`>R({1=<{F^A)?z@0zi*M_uxJv>?Aq2%lH1jMr0kGUZus75))Ix+OG;butg zyzNHX_R>39?dE98sm|fqhu5t|INI?=J&Z$#zPOT0)(2|tMI(ZJ>(EohU)hkw zZY3`e!jQkhDv3zzw6E;Fa%f)C=1J{b2g|N8$Kzgo;`Lo8QI#wnCySlLj)t$4anRoI zjF*@8cP%VJD1zYe#w%mWg4arUbot|BCgf}mqx>nTy^7{IUk^cPZQ=>z)y8e!J`Uan zI-k~;Rf;>ACx=Yl*6aSPw9XH0d>+KUmW*>?TMhicz?*IRiZ7@~>*~CZ%Pm z%W0@v$>v--=0zj!w|sv(qaI?$pJPHRJv=wvp~6idjE)r{-#TQYyzuKC>;rg4)P5 zvu@ddPEXRjKg4?WqpL-Er)o(Y7ZJ$YR34xn3I6~Jj$l0DAlDa1yVVv2pUCFpVdEU* z9s5)Q4 z3p|%-@Z3(0M&;ZHWj~F2zTI0=)63mlGf1nBzk3t`!%AK(Zf$`xo+`quwHh7OsRT4G~{X)a(bm z-|DdHkV4Tx6f&e?OCsZN1HE(F7O7>a>XK=ZJH7t^QO8k8)la#Lj&vr8z-PjL## z<$CM~y?K1{NpUJh?(W5b$sKv1&9m61@U%%|ZK+zy`ND#%c{~i)A>un2A4`_;$XkRs z13xkPPzO14s@`fzq-nlfFxf#K(pNi~iSPNE*w!>lpATu@Yj-NL4az|EpwU2w!y1a* z&uecYJhJD42Oo`n0Ge)(e`L|>vPSX3q10nMiVHmV#*Gw_Shk*081PUOKo8?g@QUj5 zDYu_KLE&4mpbpPd(iX+ayG1D@lBYPYJl6EPbVQM0XHaklzpVz)*pdw`n#A5*Tav(V zGmKVcj)=Z}Hbtc0R8x!JR?-ZT--spWqV zpw(|~A$wRu!o2c24{Eva)L73A)wJSkO-5OPgfJix(Dmusg3gD;v*{0Y0z(qQ=z$+R ziClNDC-Dus!4$gGN~t_<2Hu5~`hHa6wHi8a2G3!AXLoa|!8-0zu#wq^e13J;XnqvY zyi2KBUuH<&)EQJ2;oGJSZK5tWS{}_6s@^L@G-4%Bx&Xq8;e1@iXbrppBxM9C&)qeX zWuwk)G&_^!PjMi5`Wy~3^sb6%Zf)c8l}g4=7-yiNNZu^q{BHyrMvAu7`mDyM;(V6rkPDjVhN?OgJG4WP;F^ve}8 zOK})^c)aC9HBzP_{`J z6*7=pq2$+an6C%f%a5NwDfh0?b;)#TEN;@;M@My5A$U>hY7HUS^j#-YgH+Zmtv1A# zQ<52(zzhC)u205VOf7MEmNFR@B1~i+<=7m2=;eU$W4^+_pD`~P@M|S~_%WITu2@$~IfH}i^dy4Z% zgF*54gl+U~b~#q{9I8%-n7*86gI!+erAJfW{{Uit9ch2DuaEvDYPyey=lGA{e-QX? zZ8BR%*gUJ9*;i$J0vHmfjE{bY=gZmQ6Ttys>XCq>IorwO@ZeO`lw1^TvwxxE;Idkj zvGuV|cZEp7CE3TG?%rvyyU-w167R<*wpCU#lc)u|n&D^E(vFs7vSR59kV^L%;L`!V zg;L7WX`-|;2?~b5&(fuxk%5=4X$Jhxk<5_JM-E0nG@1^Le|L2rleKQHiu|5m1^$Av zeq)ldIe!`1U1<|r+ulJuN#_y^a5pXv4OsZ!X=mcEgdQL9j)pD2v@KyUUlciI$4rjg z3biihjfTZ-%^8Zko(?PVi6WoRXm%Z(e_g^{<)r{{RWt=$eej zOdegda=PutK;+YNM>ZMrO~sSiv#5ZD-ILhYC*wZ>cvr?+jCXTr_O^F>w@EC2^3?l^ zxX#S=mR}aNM?>)6O~3dt;_nLh*TXM;sZFHnR@cjK69n9eBD0{*I)HlD>u|tcQx8(e{JW1lE{=7G!^(2y zr%#)j+q?4G-*;Z;%w8e!?xXPn@%4RsQMlDLIhm%CS)X%mJ${ws9w4{2v1zWDswOuv zJ*!%d=jeHUQ%em>IC>G~gc3=1OGC_>&GkJh=Uvlno%Fb-Fv#F^Zg~9-MW$P78tj(Z zHklNY%vii}sQbhY-<5FA2Y;}!m1n3lH*%0w1#Fl zBPq^msc3T6rDIoL_=WLaABB2X?6IME%Tj~k_lY&Tdl)p70Fx}!g4iH#E0SApO2_@R z{u_KP_+#bgB*%;{V3;W=y^6@ zMy4IcTeJF%{h7Wzd?Wt=f{uI*)&3d$V(`wFKaQ;J7Cn1PlN*5}YTnvDGKVBy~JGFvu!+AlHfi0KrMWZGVX0wU@(Rf!be-^)Ce6Sm{0{yprNQHA+b| zvBp(oWXTE$C#SV?)vaXDf#QAxz~&j&U!6@_wjO#l);haB_Ij?@eb3EZ8tNvyic-%0 zz}K_svNWhM6Aa+<*1meYkLet?t>a^G*v`o1p>#R#=~`CyHt?vCPG#?!i0XYJe(ABM zY4`fQ)OHq7toO4wl^PNT<~$C+TKUi7wa%{<=Yn-PG{5*qwao%Xv$$+-C4{?+vG*7s zm3kO>p8>{ljCn2J^k?dy!aYRVOQUO-liOWb>QF~`9dI`}``P?+U$WXy?Fr%Q9TUSE z4}_k=4L(a~#l&O{%RVsK{HxTX6Z!9ta>-^2oFepFolnJ2h*}gL2h*(W@2##cFBF+J z92hV<8vMhUIveY0r+e7mX$dlOxE4Gg&bri5^E@GvO9?4Di*`YxUtCG2-S~8*DGjW0 zGMsckq~r9jtAF5^x`vx~C+!jOGehw0#;4<756^F>>6cO#FiQlWi4XzY6(sTL^r)G) zinZlKhOv^Q?BtYwQj}u;^x63l{{RJ$@y@H_uiLl5njON#iQ(S~LvJdqoAC0vEOLE- zAAqlzG-W|&1fE*w8OR+)a97;@W9a#p{ab}_bpHUl-~I(BFVxy`=42^cdsbAjhGqsZ z--U4>z0rv^x0a+K1a|sYL#M5>28v}FJOhsO8%jORxa1M3Q`)%i7OdBLRQ^oH2hZLI z1XRiwGEnYE;|~w$z9;xu;a?Hi8$|IIpEQ;ip<53yIc02mbsvR%(|4ydwzJ6y4LnjW zQ^)z@vXwEaea}Jgh4Nj)4XxCX{HfKC-8J07Z@8`rWgPHmj7KG*(&_RwobcQ)5(CD1 z5$JuZ4_wy#Mc}Kr_5T0`i!C-n#z|z4D%S1B89toT_ME#OUS*cj#Zq*uE5(_f6!HH6 zinaT_UjG2cJ|e&IKA`vl=1C4%4v0YG0<~wHaacDGJmUKJgS?U>BqHw!~XyUO#OuQzuAArT4%+b zBg8hE@5BE96rr$qj3PO-`}B;Gyl}|ik`GbHHM)y&a$OJ4_>;sMSw9hF*;L}+*FB_f z*~LY#zV`Az5xyVaTxmMo`c2wANVAy-&DBXbudH;)WX;F9TOw3SW(k0Sv7HL6FGip40NS^Gl8;ihpN zs!L_!yG^l8Bu$9sMfC&eUn^-=bLtmKEb{M7*;1phHH4*Of#MTq&~|s*V1*g?HUQ7C ztH)K&*ns(alhU(OCZ?#IYJV;rHz&Pv(OBr#+Q8Iw*i3f{+wi2W8`if~T1TByh0mi~ z_LKOb2Z3bp7M*z7c8_rpiem`@$T`W+TKUFkH?oa z8L4;|_MiQq;TrCdqIjAM+X*agZSW+X8C4E*+#HX<{VVzV@KjftJ@<%wGjSo^rs`KV zN}bgbLKokrDOC?>dad+!@21@wnF=DN;au*YqgmcSv%vAOW6%zwxGG0m9dLRYZ=*)J z4>LsA=ucYWJWru&g3YyEGG(}E2`_Fz`Ij9o6#pag}O-U1LHgnm3HRN6p*s2 z1|S{pn@nFk|0QjCd~!_)gvv~3|-K;Y-^R@`?XV_X8b z>Iki4D;zax+|JhZac^lHLPjj)sa)clq9Xm8BExnMHL^G*OzR?r6ZeXwF#RgRUB8$E zu5;dkPIJam!EkhxMK5%c@qyHOe>&*&wUJT_uPntPjDhHDYAaGC^*#grxM9>S{BPlQ zXk(TuizT?-k@plREWe1ZH}-Duf5pvj#a6yO_-%V(290hFrlTXaeA{;6fL@2Gud~YE zx~_klUrDH?#PuI|L-IdX^!*WRG|ORZ^2t8T%1GchwM1u`T>P7udJb#oV(fo1R7Y8- z=_dP6dDzY+2cceqw)A-Au_t?BIL13r<#Ucu=w7?OTgQj&cRQxsK~(1$sRo!YZXh?U zD!QEGrs|UkM#5ZZvd27z2peLandmE4%E(6^^5Kc#u72%nPh*;cRhOFi?HEkkjfSpz4k38UUpK5-erw|JWjA}<(r0fJboW4wL3kNto zyH!0J`pHGcVQuU=Z&B}7rc9+{o|jT>KH~8J7gp|f2+u`6)#-i}Xl@iq97_Wg-L*#m z)m+5V)iqm3-Y!vH&}C7F4P3UT1UkjVwbFxXA>>AlfK6v7*vfm1n%d4(onCA_K}j--!j%)Po7iw)hBk_5*iJep|` zqjIslmfqY4K7Q_@s9kXu{LfEP2AK2K&C1kF064%I|aLFWLGq z?r9m#^e`JxSREn^tmN?-U~2^`ErE;+_%GBp1Hd4@5<`%kx8mfOvbZuKmk548YI zc9HpP3jhZ=tY_5VutB(lVsp6A1Y%oj~-#ILhi~mL}!7>VfXVu9PQn#8dR%&CCOY6Pd|34YZ6&&w$e7AG>;=^e;E9z z1IBHo(!2sL>}{Yn&m$QYJ;(2LBv&1%c&|~_?&LDClg&5?2_#Sl33Ydif43wx_P zkt)7N(-nJDzqI=@$$cN23LV=(>5obUBdz#<;vGL&)LTp4HMD(Dy5K3t11E~^d_**R zjWX`S=0Mj3f|5rd%H!NnXUgt)?~xJ)h!>RZ;GWf!s>L|l8E@SmlxMM^yY~w#JFO}u zd8T=kjEwgl_1aftv#|hA$lLc&}81HF>Pio zgqE;_ZxG;f*V4JGtut1)m+eqrmQBZcGUq;+^q^NeYkf-VNVEHO-Jp`oU?ITjM^Ra= z@l#9G*`c!0-p`QObGeWB3JZ)(-D27NL#O%66hm%8<$mct_2ucLTxj8AHu6mBLa{-d zl6ufKv^xu{PxKhzKv034h37uiBoJ&!<0!Il0V+A5#JwJ!3bQ@BZHqjE$*x<(Xr_3r zA&Ox$5tbZaP&2*o{MPz@n>3ez$Pz!fj$hl_yxFYIuX}Se)}LgEzUcAX9@yAo2Ifb7;|9wo@k~qWhYt#^D&;@~HK{ z66pG(YPxQtED*A^a)mhD4R@B`5cHe9DkRinKia}jvO2z1m!Qh})$*gJFwoS$(=?4w zO=Dw!Wdx5f!$P^>_0JW|_^{95{T(OL$|LOqdz@#UwGxr4M}p6(Nvhp>^2sAi>`Q08 zdyS`vv>i9X8hxyma=rR60n}&Z>@iRl1o5Pn_ETEh!wW|{D>AnQKA)Xbk5U3fb(n-a zYzL(%nNB@TTmJy~NVTslS}YfEM1iDX^6dlGv^+epX$%ulFe|fe0yhjB>xxchWebh0st4DN36z^vzoDRTM#zi&&-#{S0aj9Xa>+)VpYo^;<+!s4v z9N-=+q0=uLOw+E`;chQ3Qz0Yh6am_<<~K2K?Pt^z%?x68PKUR(S@36s;F@{jp6FX0 zh19vm^ljk!!Kt_$vDDO$y@TTZ@>&OR?|mX`fXh& zvXO(6xB$85HK9@7=SQu0Psg|R5s`epYN<$LpQ2;ZujsmWitM6m4-`ctD$#|=atwzZ zN1&``m8^DCi#wd~$WXN0`oEpKv)=NXl^|TUNym5fc zMmHMdt(k3Lfzc)ppPf&ywO1~dF_O^hG_MoAgo`t?C905Q-~2V~b{-~!P>wXQ5(Ll8 z3g91l&P!7ijYzNWT1$`gX&{M5%Euo+THzYX6uP*&0a9F&{9|#c5t}8{aT$uMmSc<_ zfLAj-4DnAY?@2OF3C=|TU|UCh45n9&<+lVJ9!Rf7wzIdI2;Txm!6bSLrohP5G})zg z*&4089>SoHKwD^3hms^Y!93*9*c<*Iw}vaFd1pP;oN@H7w(@%?EbzH)ybwnisWhfy z-f6MkLi0l-B)B9g90OTvb9-iu5#I>L4%64`LA+&SDV$Fu4=sLUgU4FdvXVHGV>1_# z03{f88SPs|kJ=o*vn*1xml8!8Yz{I&s?b3z0~8^E$T`PvTA_2ZPVUzF8K8zK*6CSt zWsH5({nK4lmWOt>GwO~K8+E~AdXw1JbLdwEy{mv73W*A>@GiFJoynw%3l`;=@0&AanTFmx!x#)1^<9Ssm4+mlv+rkt|V& zq!KtsT6#pMW{v!B;z}k$rQ0eIU z&Y=T&%`%|`VD;nqS9kD__FD0Ok6zQpdgiaC_)o$TPNgm;kLSCH4DCfdPbZq}r3cjI zob^3^=fwUn(L6JCpjzM0EWSXDI|9mAzaI6>U3gMkn^>mPfU>!KGnHIt>0hAO`7Ts? zPKT-g0AO3&{k8+*itIyCZ(azqDb=JX~HwR zepqC%>%}+69y!xB4+uVyVX`Z;5CN4i@iieiBhK_#_1_ZO+v=B-NZ(_&FF%-Y(_jDq zJ*$@RWz70-h@V;1b|eRTEOVygo^TKO^sDCRM74S!KzJkL^XZ->i%&XbgXz-}Wt6Tq z5!)5!pBnxrUig<^y^l_|XeBBHQWN{L>EAS8V--(Q@4>Hwn&-ry6~U%Wu3K9}085LV z@$kyy*V`xZuSW5Q!Fm20_|L>vdR5%ImxiT9cwEVnl3?U!lZkPaj}7o$hNGi=Mw>{u zyLj}yUBoWWljWYEitPMl@Uz5z9q|^Q;%ye@Ic{uaF9;ywX8QKXtlP6ktCwOeD=lu1 zc=1ogeSb#yL##`0r>b0BTcEh}B;B!xKQF&p_>3GiZkf8CLK#n zw{BTZMmrLEe~oO}#?LtMx5GUL$2zI;CElYU5Qz+M1Iv~p09VSN5_~NF8<^U{sDo&K zERJ@bmCtfdjC@a`Ew#+kfg#-Foy7I__O30bk{MPsBjx0i+PZ16pG$tte-V>I)$Tkw zDjRVlw5Yyk%OE@!{eN2hJF>jQP@^n+ii3c1Fh}cJNoZjwriP%|F)*lS9qYvYGkiOP zSBl@n_JSq9Me^=AAe2$Yao4x&US(YkDPKe6ZF|DkHg*dv@+QDZ+D1bR*8c#(9~{Nt z{{RtR!K#9~HP7xIAsAo_{JXLBH7Zs;YH0TxyDP5?_}%R-br>4nTo@QG1;8M%+n$)< z=D)BX_$06G2c~||KeKH92))*uTKJjaTaU6`i4X54gcG!=Je9}lwWaQjkJ5{4p`zU_ z>bZr{vUu%ZS!oJ2Jrd7QNko$}ZtK@QjdRap98bnC_$W{8$EEnQLh;XlEUfJ8E&NRk zmzovCiMUzn3K;R&7TQO-#eWH35IiHS_-|a-G+kp&ztc6HKI&^bxMoeeUN$R{>~WfL zB2nmhyfcuh#a&1}4PQ4tWF&9fyNr6)@a%BZMh(Ipvq(7|4hBVYvg~9p6a2xjz;~-T z<)a~($1*58)Ps>p9L*YtloON5^sQs5NtZ>u63Y~!m|=FGda)Bv2I%8;56~QO_|=<6 zMaisgH7GM}KiTdg%SQWhH-VM?K<2-_-}oU%?YO_SPwcS=!yg*>kZQjgejg%f*XB?b zORG}9yMOk+RmOVdIs4fppSa=k{LSF{AG4Q{Ci0;}ql}MZTz&%M&pz3SaNPIV*sE- zjMt$V9JLVl0b^2+8+wCPr`XtcUG4_ZdVyUi<{*wT=t{6t`4du*fB~LI9VjX+VP^z| zI6bP&L!-K#!1V0YT-8Wy2zM}L`FZGiRp{VvESO@PN0tZwg&r zeXCEoNRN{xlVrt%)DRBC?!D`iRVcD#`X89uqDL#6X`@GvCx$&~ngr=i|wWSO5Fb6$r2{dmR z9*wK(Bg8OS_;K1v;bY~(a5Enn&$WF?@T*C`)BGWAYpvWm>UOW>ta4|2r#Ni=0Q~8~ zYhr5bdQ^96s?jnHUU8{&dY6)lBX4+ z2Tuj;{uiF(`!osRDS#N~70zlJn`)Pe@3a&5ln(Wx=roUL@Mf>0L#INsh~4m2qt9Af zm>=x7Zxj&-OC6)Qt89FX@x2>bmsHm7^yY-5*7AiQ^mOZxYuUA!EaKCmzP62HlwcJ_ z$2F26o>BJrzSDB^ua(cDqnFao)f$t)C)PW5WU{@eZ4y+1lzBx*fAbvh-pGdF=J-pPXq6LYteM+qmkx6XW4}# zd#}nt82oCqu+N|Mp8?$1>ykaS(V0Q>2_3V}KMdC?eRrx`JKK{XjN~EDN|{@r6b-Ss zj}k~4Q-DQX5`SYOz|pP3Fbbu6eJVkikX}z5hviU1WGL!Ky>??)lH$Ta3KW(#!C^s{ zF~Hm0?Y(GaR%R`RYV>%gk|^WD28#oZ#UTB2R%B_LEp)JtHYv2rcDqsD`8GK8LV54KFA2{ zwJ6p{L%*M1)B%>dZjWzruWcK&gXbW0%}1|J`nHbt(g&Ds*|Rvtc;=b9J70&s4bk)q zCu^v~Uogx~obAtQ?=EgN7bVB-k z#zsN|g+Fv>lUdg~yf!w=Ab*iQQ_m)XxmjyO@e*C!q-$g{#dfeHk*FCZ4`Dz&ZLmcl^HH@8k}8E$J&V=8%P zR&uY#Wm&vW(#UC}UBv=P^w*S8yyBl7x%^r*W?G-&vhfWsQE-DF^R;D;YAE zW1p8(xLISgzOqfMbHJ@@Z9h(t)5?ireoqxAOiME91_m=MI~d?@1ClE`9X8pfnWO-) z2OGQ4&WP@L^w&&M;#;`Qq*2Jhna&0Q>t7T2_Tx^!@wbRC5@_Di=0({d{vnfqGxhyz zmb8_f&r*W-v^TsR;4M2#y13Tu^*Qgg8>}FWqrkO5FjOCZ@UL8k-Q*D4ICd&9E9bFp z?Ee5;JRISF?4BOOVP?JdxuxqT&G;sl$lK9d`#Z#1C7$233z>v|SRFVg`d85YHH_Ko zx;BU5l!HaqqK%&63+1*Pj{P__<~6DM{R({#kUl49n*RX6pBZSn7Nw}gt$1t15jE|c zk%O3=l3F%B4AE`>DPnb^RFPj(XaG%E2G=_>VT2XGmpd2Ran!Pq3fOt(3j#@ z!98ol0`Apy*e+y(Xk(ZOA_{N_@6SJ#e64w?UD)`ktgeiZ?NJ#ded^|%hh}Qp1?W1cl zCXPar4po%ktwh&TSyRyG{BPl{TgI9L*;-yN_LMK@+j))E_&EG=UohM2ek9VM)Vw{Z z+eu*)v0In{K3s%!JmWphOi|}n!*d?}`zriH)I1X>#0zWdJ8^Aw8Cwtu`B?B+eihbh zH|sR+rAb){bH{wp>}Nv;qbDxrRisZFvc!XqMtW4QZ7RTxw=)jwpNGeYs5r^LU38r0S{y0)hu_MV32fM#VMGX4kjCcI}=@VAYA6nMH@ZEC^n zHERpATbq^B8@!Q+#1#V}E4i-{51M~eWzVObh zB714wQglXEE04T0(zE5%=ETNYq#@gq?SGT%#jiix~eCM{c5lB>yHttsX;8_jBvi$7!SIA>+KKO&J7P(@m`(w zs4Zk`g>c2t9i*xKYcsbMQ9H!@3;qxdGXCm6v0RuW#sHHTCbw<86|7mhh-Qn-2Lu3d zk80?qe6}i*PUz?LNhQePut3 z^o=*f7T}B2A1ECN$3b5*-gtJ)#SrQrY1?P3L`s8?yu;R-N7vA=RMfmr@n_&xxV{hZ2}Zt?!*W0ln|ms*TgwBOnX%9eWcIJf`93G=`XsaIem>Ce zd=ajPXkxa$h{m%r@$#_%5ydLBtbGT7o-8c$0J8jCzuIUdn{QdIxwpG(PH#4y_0z-r zL8Ex5;#Z4p{5$=fYou#B*fzFA3`dq24ad|P`Sbn?Pj_W`qkIAQbuYp_FX7*c{1GqM zwM|aYD#xoSfDOu20#%M5=IBpT$v#b3+UN95d?c|LoGVjt_H*X9^Lw(5pZ*1Zk?|LX z^tcrgV4w_+y-sV|w8&r}7{OmbUL{DMxaF4R(CE=!qi>l0B9Tiebt}#)smH1G@m}eB zO4Kei`}i)coX0G3E2|Enf#R_~CEDpaw}?Dzf2!#-wWhUfw-Br#?1trV9Fx#zADFJF zPn7tMHo-aJokYG9*ned058`)=^c_D&zP2|09!D_g*AfG{RCYe!=ia|fqy3!kyf+4) zt3l&CsqR}1CAb7CH-2&bYpxiJAA)1^dJ&R}WDIcb;%*cr8OHG~>i2g39=*6|ui%Qx@*x{a z4@Ep+{&n_$!~X!wh9q=c_%cSYw+de7RE#thfu!x2?*Lz4I`t2DYH4OxbfvAy-Yu<_Kv?tN zrCrdYE2i2>xNIxy+Pv!3uFvT%2FjtA<fkyoFsX~LWNBnr|pI!o$g`={>bzj}&$TYIRaibO7lh6lA3_~*CMl%h{BW61n9seC`s{t)=P zz?#*K-LJ-*Ep$l)uoJR-RwFrV;D9%eT;sJjNw+fWxI)1}z~`Dh)oUEngs-XS!%Vf; zEfUV+Tc{Nzj%ekH_Q?#W!IjYVAd2U^$s!FUYE8HLB<;mubICn|5VYR}iBw%1AYKRmT4 zqPFn`h1x>s(gj&D(Fi?%TKWq^WDp>Y!$vsB?^yF6RVg%jmxnw@;ms1-?^4x_^W4NY zK#I8pk6QVg;y>*r;w!tShef=a!ZpsvApD~~oK<^G4+j?;$oZFD_=Vyh5$a-XO77Z4 zY;TktZpU7=+vu9SEU-8csucij^sZS*?cTO6#LI?OLeNU;@~%OrE*f<~i4^At z-la!V2}h$ZM{Q_gyN2ydkxLs!RQJfma=!(n@qfa<6~$?%PVJ=2B#Dr6JhuJ@2d@Ve z(M;o=CfWC=?9=hHN%#li4~hO6mrb^o!teb*O?b#EW?)09#{d$0de_IEE}F+#@u!JA zO14(kcUq0)ms1Fr3%!jg=z=sE%xjRzHkWf8DolZR&q6CF!*@#>C?WO%isO^i>4Ytz z*Gm%Ig={ch)YP*pm0ay0gOQLysFb=LF43_4 z9OJEX&GZ>sYbT7x&IZo)deYe>b@Ixpx2Jl@3$JYPO7XB99DQnkAx_b-6|RdJ&L=hF zKMj9s_-^h?NZu`084_q@QhRj-XT3$?Yqgr%IFVT;MFK$GjcHBvI4VZRb!#A9;IEiZ zV_8~_$M$@3UEIi)(4Z{L$AMeIH)j;LIjbFB^Il7@66xA&>K-4kxQ^aisQzffw`1wr zy&~gXg7P<8J9M`G>Vv@J-n%HnQwd8`^WXN&mK4`K11;6aO+pJP6hR^5$}N&d=la*s zKd`Qab!G5seM$&E$@cw5P1$VjKu$RA#w+V`#JLkc%}=D&Px#5}CDJhe0Mb$R)Ckt$ ztn$8LIHF4{J870ejL*hKG0l5xWBI~;k9+VVX!_TL^-DIgj9wNhBqJL@&PVB7Uaz5> z0W@GH&^}yusF{`fod?733V1U5-%yiM)}Ycgl?F(V#7~>SH^U4LkqV{s&9 zwsHJ8se^a1l;W&)6WXw`jyZ~?gk+pxn&$2-CbWz^Pv&>vXLWT`eGUq-8kc&E2_7w^ zP%BzFb2>>Nbav}n98GjIrMqReSRIweC!Y0`E@g@q5|1w29u9g?XDtsfxwzCPzn5h4 zOA$TK71?-eN^M5=+S%Q0-d7Or*6UBv>-} z2+cM|eMcs%Xf|`UprQ#jqp>AVY}62SUl8=AI(DCXfcFr_V>}bbUMtOXjan479&}9w zx{SLxAcIX4w#QJ{x;6AMS}QVKu)ttCinpq1I(4R>1dvA~x<*9%j&gE(dU1*w5;!k1 zDOtRsv;&?hSA}j-qw@*R9dSs;Q8_!kH|*1&-M^SUMQFk{MY=$KfZ~HAQVm84f6>*7 zj03dPjSHl5u`J1-kWdYnvu~A7^V=eZh_RF>q!ZHsTIIk0hbz2=$@@ZM2h&S$v zoMnCc&^wXMCCQrFS7Mf@ErL1g{{YslX=H`1fMxU1{^$ca%>yl12eF1hYSTd}=l6(L zk8IUVKK=`Dv|BqJ>`B8pV&44F1GP)&G}xAB!$?QUp!Ge4Y*^jdYIAnz?Sc*rzyn7gSmPK{P;a*R#THab}?FFDmjToz7^Yx%;>pU)!#`0a=mCBs% zZg}*?dRC0ucB31ID;&kM$j0G79)qN5fvytHA;>=|Bl%WNtKmNoN2*@ww^n95Pb@TU zqoF;I=|Pi;=N=*OR;{H6x|}R9f)ubLIjo6v+e!3s6|~YkvL<)&l6`0=sgnkp;o^pQ zTkK%`<%V!Rm5t)x40wLs?q|}b=m6fM0nP;m*X(BKR~ENAeavfo7DOK?0F^8|AIhhK zDQ>c6hB0%%J2?h{O65&O9?=+0AWM(nTz2)Vng*0^?S$7?C})4VpLdU146IzX(x+FD z6frJv4s)8=yYTLbtlQbMptIDVC-=F@Vd;!txQctwkdj=ZkJ7$u@rJMAjVejB`L$bHjaKF|Ac;8uk=NT5 zk1HCD&kykDgLOG>7W>2uh{4OI)yC`|5Av?w{{Y4|`g&YxP?!5odcR@qnwJi&ri?2u z8EOl;WR+))PV6ryK9%d1pAfCyD|=fx-ZtZKWyTIU=7Jj5=V1OJw2Mf%yYnKslOH06 z@9J@1K6tms+D*jrTdL0u%C2NM`A^cSK0}0h9CTWQH;@tXm`M4)l_WY&pQuMAf?Rn~ z+#y)yLCHSUGjxwd@ZW}I@P3aNl52~;41z}-xb_t{h^?jZCXpKidxm8{yJf-rsz+nP zMwum@o!+5!r_T)WIYA1p=OB9u?Yt+WF24j4T*56|21xwiQy3ixH8yt!j7@#s30l(D z2J=(zIOr=5-WhcJl+@fyH%~CLoxhf8MkZ2yjr)yr#7i{mra|Sv>B`2$2LAx-S396K zyCf58dZaV`i_9zLBAv1GjAz%1w+CZ0m((?VMmg?8Q%g0Qu`C$$_Z7FJXt7^t$#-k4 z*~NAw0}>KXT;u86tzzQD-H)TRt32t};zzZbQk(u$)7qJ)G*DmaCi%pwpfZ2~*gwcM zBRvAb_eR%ryNPu8mg40hZWQ5z0o2!q{hE1%&pgsibgsvh$8*QwRm#m`j79L~v92+L zOi;R$HY1K!+NbJk2U1;c!jiR~vkHBoWGMbo+@taI;;uCNm2QVkru;#(vC$2^j*k?Y zipi599lsjO@ZXECwTrvYwpyEbixJ5FRNN4`5$G;#B!DQHgsgA~9Ade@6U}?2+U|~d zGK=z%IYq3Ru`V__Zx3o(mak(XF`DJ~oV0*$Ve6Xd*Gam9(p5>YxXDu7163BtXBVkz zQ0WY*D(}JP2Z3IJqHB6}-klp_G@X!aUs3B%kjhc&cUmup>@`?!CBL8S@ZjwwfWgPT ze7o@@!%*p3{E!+qCdjgMxhR!eXD^J72#JnCcWQ6)^yM8NFRUa!95j_P19?Mum_F`2)GC(s{AV8oHgVNXKzi zWR{>$Z)md@+GT}R^5Aqe=vr2pWV&q9?L!g)oVE$gL97wXTx17CV^Bg(m5x+G(J-r z=U9sD99m<(RCF|&R;rTA5`=RXQcoEA(^6=YterNong$6I^dr4!CcepIai)ogMp2yf zKT4Ls;wQOyBv?0PI)Xcjd(Zxk@y2rGXL0@$QzzK8`xp-l^A+CB&vVexXp_jmpaBCM zk~uX)i)TS^XsQpKV@Ug!?_9Q}GzmLHZstebv~4w%mZSD!(GXj-Rh`OH9{fhtuPpo{qRV$@5{8=US1Sxlo=)zS z(@KTRYE`z!-Cqp9XP<{Z4&l<8`djZDc(I!fLKAClSmdw!U3!}Oj&B0#J`_~E@eIzA zkfzeXWc}1?a!Cp}2lcN;G#2NZR=kgq{57c0cu(6*GP|jdab5?%JuADgiXSz$q(dF? z)9GJRvphJ==6)@ByGOCm^zX80H(Iu>1b|3YepMZa0Co2@tNT8DPSgBQJYlBY={kZW z7U>v6l?yW-2=&D!*r>fVKAi9lpJta@ynZn-Xm-qmK`TfXry%p~+OpHdx<0QZ^{$gI z+6)pDEC&trsCya795;(^HAi@3)FwViK&Y?OfAy>9Pl~z>x;6ET_S&OeTgZS&uoJaO z8Rdl$F>RVZv&Oyu0121HEhE5Y8>(A$2f%{H;JAa2BJ+jmE*3>1@ zwFS&#CEP8YzlV3{`Bk;CtS_O8F+AZb%osqr0w}>*Q@i^l=*C4tRYuc@a+D|RC z;|=BS`A9vRwK(o<;(IT{KNHXJv&PNh*>3MHq9`ql1ZE}1eq)cXdi5`ezYsMK7e#lf z>GzNs9$d&&aHH4?(V2TRe7|RUmwq$RW!0{x-)}FN93B*B8ON_ZEA&IcwlM0NRK9iC z)Dkn3mE5Wb;Q9`=!-~3BiR$Il*EWY0@e{yWKB3^ty*b3<)=3-AMd4U=7$e^`^8S(G z2{b(}I~!U4)hd#R((-UmdMMN$GMeVO)oA`DvC%b+J4e)RBeuM`eAwc7{0#?%f$>f5qj9Ok;3BcenK9I# zt#Dp7{hDX^$FAy{*TY+xe$s*{e$OPkx2Va;UW2`5J;xZIo4*sh6Rmh-QP#XY;ypSz zb&E-iOcWib2Opmm^R}^T_9aqbiJ_G2<#Kb8)6$An6G^V3l0{uA^jhEBuw{nkCJcZ% zP;h!2cCXd%gg!Nc#{M0#zDsD}y@3Qb2$F8Y4g(*pcO#ugq3)5o2Z%EOgmOo%Y^}69 zg`L))I-|ni=ZxmKE61VHO&<pW zF27_C+E2jW6l|~Iv+!P{B5B?tiZ)~Cqp$(W^vdTox?0%ir>Xs^>oaH`BDK?eL!eLg zjV}JtFCk&~NO7DmwR)GruMww|G>Ke?&J%I#^rYj_grj25$A5YnE%BnO*G3k~!`4uBvAZPQ{q@U$NO- z+Ie8bAnTvk70cna$i!ty$*l|~ih|)Jkbs{kt4g3SAg&J>G}E!3sG4Iria5kL#zsX? zW<*gk84sGQPBU7@M%3hNTlv=RSTS7Vr>%X{{{RHs{jmH)`wo8C9t8NMcdp!9{4dp= zG>;NlZ3a0ZcMIn29Fl~F`V4n8()W^X$nK}u{{TsE59&HEiZs15TF@@7FSJcY);sM! zc$_*(6M%564>-@|gWi`@hwPzbF)0HoK^?1ttQu}Fa?gzZFnBiW#kyCByeuPlCPVh! zE^LwvgPaepI(rXV{Pgh#nGUIAduga!7%cANYb(TbBgt&zCyvBt+*dM0PhiLr>zp#VWrqvZW<{7Sj=U5=e*ir>Q*l6{NBR`MoN>eS#3{rEUPg+5cREdKsJ5&T%Q z@i&LOBk`uv_TO4ddwXkd5QvWCpHG-(3DAzaK~PCK9M|Y3n(2K9lMxQBi6E7FIvznE zg>z0Nm$cmm-rrZ6^gM#N&ndd0S}Bz}9^v2dB~@Ay~L9}mB2ABP&Yt)>lr=|sgg$_L7>dIAr(6_jqu zl0Kf*tu)wfA-J-UW`b1`K*xg0Mnz8?cCQLQR?p3v?WcQcdG#U}`b66Pk9TLMhl1sB z=-`atS3jpsd8Ni}CU$=><$U_rVlpL{T-yRNG>G{ijCQE>wu%*bWZx-cxDt9+kzGnp zL#onawca&JE@QxbsDR^dsl|GlTRy33!YiOKK3pHY#Z;D-8lQ8`JT;}uqxa@cC(|_RjW#(07vb1}o+-wC&1^21 z66)q;nN`bh7>tr?%$^Ilhfsl~aS9gPji04om`}A1UXvS*&+WJGsF* zJad}qtR#7u$BZCe=dCom6p)f=`mN@pZ*5|ZXMQ6f5Hn7OJ$FXd($@AlJlMwl&N8|5 zHKd}z>o6G=oq=Wyl^9INRb~?}_l{!!Md{C5P>@&NLpIV^{THH=8 zrbS$kMmvyu&}|uXJqZii`7%7)7Z}EUs;%CusK-2V*}RBHAcM&?6k}+9AWsp!%({#_ zE~Ax|ocj_pOw``ab2r)U<9QUHkREYB9No0HcA>E3Cg4D=OZ)vlP={->r0OxXPall~ zF)g(*VQX=x+Z~cW8P5&vR5gDI>Wgg+(O^8xIA2=QG3st?d^(d$wVzkCxsp+<#fAaY z;|D!BuV=CeEv3w=$_hqg=cfXP6k3mSjPR$AuciLd(RF)kTY=}Xf>c5XOq>Jn>rC+! zml_O%Td{&mr*EB55OM8PqK#4@(;HX3S+zlNKKWA&nfX*!{*QMRt&H=rXShRxr<3)i zb#knRN3M-t$W3dtK-@8mX9v=_yX{(5NaB#6EV&%jHf%HJ(^cI{kjEg3?z}a33DcTu ziIHZ{%B%cFlakm8ZsmC*l~zXQ-;7rqcGB3vG}1`s5Hb_5N|@WI9R8QBjbirh27_!! zyJPur&3D%pkl1N=4HnK)&emXv5y2yt zY}a++fMuP_N%JSmjCHPdi>8No?c|0_CX6^$jIS%xn&o^ie9e0*w3%RXa(hxYhUc!v z?JPv@^A0dRmCNeuJ*C50#?pSm3IqXm6UT!L_kJ!8$;Dw&&G_Z5{7rig=$9413 ze9ushJ8NW`MYdR2oT{%yt=%)ppKGZLHY?}rRMh_fS}D_N$ineft9RiYYed$hvv6W$ zxq~N(_U9}3jMvc9_>;q4J-*R?HTZJvRO$)#OREWR8rnr}Mn4nHb6oW4Cv(32p*%0) z--tg7^gBIT6}RyPt>Cz^k}1j2^yiVB_*VPN#h_u(bMnrLDv-1E25q6`?$c z(U%8)2X9*1GHAD|D8Z;+E29y)K>&hlraGJ5#L)R-LO}!`n8j}iYI4-1aDE@~{{V>m zCGi78@$ZLkoi!U7R$F%S2xyLZ0Qz&%ziGTx@PAYNtN#FG%}@4#x1U0`@h67F{&caB z8t_6tc^ry9jf2bUMdI{Gj6XqHb7d`9q8 zWWz0@E2{@?8NOT+e>&w;JFC4}`b(i-TT84ol7!kp+5zZm-#i%_U$nscZ0bvA(!1!N6XV8FUmwC)oDLQo)n&H>pC}p0#9;9rUm}d1}`P!<;iH$S19N zc$_x&KdZbQ`at5Pj>Bcy#GJ1<#xv`yO49Fs`}gY4!Tkl~^6kWo$gGM-BW4tSlQVB09r6~xnhz!*l&Pm4o-c2YEQNTPz*a~pgpQ!&wdZxv8QJbnJP0O zSjo<7vyRtG)~vN14^%JxpK}XB(yli_kZ{9{^*t+i!sn5hOPUT3W_d@4eldJ=_yOVz zZwSS63uzEAYa5gslJ+zANbQ_d?z-Pn$v2YGhe$6y9SL0d!NI#esB2Z>hn~*O+!(d;_hWp6d~B3 zEqws((y*?5c2|?TIZL5Fli`aUcj5m4iS>Sd(Pgx-Jya4$dcn}_AZvw*TkA-+9k$~ zDl13Vc26Vues$!Z544RdUGdk0G;b2a7|?Yq`0Zwpwl)U;04BL5PpOpZBdGnQ{s-#+ z0J8r8#XU05%$E1Sz93URk#Ot8QZL_to|)tk>}wapo*;((jkA!Gft|VO&tK8%d-ILmFzdvvYjU6$Y@upM#fQ6zNJcRXuWZ|pA?c!<8AV}A~-Yyz1_&kKS+Wk2V? ztv^GSZ8|7mC(KN9yPTTDxj^(yD)kk2s=q#!vErR7eQQ95<4n2`-`l^Lf-)r-`=*yE zgyUo8oli);)o!7)j>Nt2eC-F8Z1k^5NUnS_V-z<=B$c|U>~a49*Q!xxnToEWbs8^( zJVWA(3-{7A>zn;m;E`?ML7y>*;Cp>*gVuj#d!Gh)I?u#^6E)o~>%=!e5v1CK#@tKZ&P7-l!?kqoJOBnPUJ#)p{9*3rB?4m?jE&+KFmm|=OkIKJ8+x`hH z`v`n}@aKkfKiS{*nbf`re$dUQLh$LjmZsBL-`u$W09Im@{LamV#B6;+HFn|fRK4$P z?WUfm;Qk|cwTa4QN_aYc(J6cD`?l%ldmoY?w2#0~+5`3%_`LrB1HL`!+GYN*_UV14 zYWh5c+G@6pNZzIJLn%@SAaV~F!9H1O*R+TPRdS_$Ynp6)r=VI%wWCQ{gh2CwTd+sF%<_)tj~j@riadA4 z*H#dCj$1%tp5U(i;BvUf2lJ-cT!&;kdH!`1KwH#pf~vDG?#b!zQN*bfXy~A0o+=_V zi~5w&%WoafjZyj>Q?&MtkdjL`P7g}hnJo>jT^co1JHA{o;E#IpNNi`(HBDB|cOG}1 zSRnop>HO;9x#!n*J9|s0&KW`8I)h$2@s=+T>b4MAX$9Wj?NN#0Q;#(X!I!*5zybj{uJ>piDNS9x?ZOYcP|8y{H9&2_kB7ZYa_$fj{1BMZx=Hn1TKGwf!4a{ zvllH-fIn@dir?aYgFfE}?xoO*Mo8e`jo-??f&GSjVY}g8wc)UkZLrjL!6+wqMn7?d zeQsL4%OB>a(ngzHQ;2=kKlF&7Y9-|J+{thk=k4!Wa^6WM=9o78WQ=sLZaW{(HJ+C} zH{nN!BT02D2}Fz}!vzByexH%AN!6fRpD~pS_Z(2w&Sva!n*RWbv|Ta{KHeJ>XQ{y+ z8Gzzbp0$Oec!~8bU=s+1XL5Hc{HlJPsq&dgo`I~|OL=&ZEQ-jgGmiBP@Y>ofva`y*G&@45=VUe*!!ooVCcG<+KiS*Cy?0Yq{p1}8=Yp; zSJQm0LhX_?1fT=&8sZ|3!R_a>@@?gX&vBY$w(N7aD{rG;TfCT6&&tE4ciLsNJ|anw z%4A-zwDXSUf=oSE!MbLfCBV}4DWyd~z)HNIQQ!IYuQL~aXS@L!wJmx?=*U%5my)8h?i8f`2+R-^t{j)uV9NQrs<*Ce#Cr z4m0(j$*zQOS-$@ODZ=3JR1Tkwbhg$HY=MKvwBrN41}22o7PDDMj=P<*32wr?UTCC+ z-YEtn4}=1?*yHBjzy*V+Y*oU$a6Grn@A zxTai2ky?G61>61V2gr{%)wD=1mC!0TJREUe72?khO>QThQ)&$GI#5hwW_Yw0aIM3| z=QOGqjCIGTuSrV?1+BfstS>97?-35XP**D<@sEt>@v7(%Txn3~*ETld4YA-EHu09n zUJYPr+7H{WE$$Pcg`2E1I!P2`g1zfs!@2}k*71v(76{`x zB%E#(8I09txwqEsVX?YP?IGjb#Gkm{mCIb{HZ7`6c3Mw5TyDYOVuF>-`^$S<1iXUa zJP2~Tm9R&>G7VM*i6XF=E3Puw&VLG-XlrBBygB0KnPW?nnL;nm9Jd2>HEh!EbyqYXsL&*$I_iLnCHVQ}73;;Xu@y+{3xk));NiM9?(H5w^mx=CGDZV&J%t5JV=KfKmU8P5%XK)8@i2+cJADV`ThQt0eH<8h zV=+EgVa8}PI+LVLa`s9t{>vDUd5w&MzWwVvQ)%?QP};&^k_ButF(WJLIG~3kq_l@f zy0*BGvU$=j&~yH+v)AUrSpu4Bp{U@)C6RCx5bGrbvV-U(&giJ zV$Ohc_BHU=j64~yHO2Mk_I#I^AVuYqy@BnX+|X?l&!l`GCWCk2J1sv@38!ne?d3Ah z%P>9j*Nj)s{{R$pNi8*0dmB%;q-(d$h7e#Xe!gk3hSQ!bohc zgG%heG&t*;`f|@qwEqBvaOxKNXW1o=P!uwJr9kAVq+Q*vdDX{`d__IwmXoJxjels& zV`l)LEl+-&SD|=kTuWD)2;o<~PCtB@T#-m>L95;*l1Z%1YiVz6pDc~A1ufr-;=D!T zT{?Y6z-f?2YY9N5mAdEBg1N3-ztipFf=RZlu2f*D2R%EAirUT#`zh_GwTa?9Au2hh z4Cy=o%Rn^0DQjV-i7e%`5=FD+m6PuC*!~rl;@x9Tw$m%Y9kn9K3@T@!SJIW?qCJ(aNv*&6K6lSuVh&?|+)C?MYNb*e594NrX zMS3$!r0I5z_HwP~L>6XpHxt*d;47HXM?$BDS3+lb^bJ8R?{1DK2>$>!LB}<2`$dKq zS%lz{#Fj(cb*qHB7j}`suBR+MB8A#%A+{WG{9M)F7HRex#lfBkE)iG~;I?=B{cB|U zqE!2yC8BG3PMzW@>~%O9Yz|aAj12VRx^J{vN2tXVedV;dNC^f<0^?(S_)_-RuB_Yt61PV6f=N2z9pjXs;;Nwp-@p?@^Q3^B3-27k_L z3sCrjWjao=tVr*kyms`Yqov4{Pd1KdHJhhdndRJegd>5?dhdrkF{dr$GtYFfvc^UU z!uI1Ig$iayhl;O_w(C_%HU&9kV~^6jqVGnz)sZc9NajhuF2`wh}~ljgu0jYC$?-P zWC5Id)^0*Dd|lxCOKs0?h*a^v82u~BH4P$LSj3x{F76I-lTP;`+^475wAaFQStOKv zy)&Ba(#GOQgm5U|>(DJrb|GBTi^Dcn*6O!VD7kN&f3AJ23dcm7PrJAY1e+LwKpX*C zHa8u2}uD8J^H9l|zj7YLZ4prB87#_6&CrqmF{DT^TIxi>oc7p>EguT;5wbDpiNh0PkFq-P=QQkqpSn za7KF6v}&Vb)~IEk0}LgD4!HELP9TXdlX!XP2|X#r47en>iq+zbER4rH`;Tg^AMPcF zNRfyq48x$LM5EN{lHj6836Z8n>7Po)zPQTZ#uNq^!Rd<1Pf}C~r7G?+X6%CqL)Rk?#wu^U8atAe+b*WifAyN+Pfs!fn4I`40d%O7#9pbkPNEtsh zcA5`>?`485LwrKrn}8S=>s<9~TVt-3Gu-rSXj@^L-pb^-G5+!}!~zd`>NKluGTzcl zd5|QocL1Y}ro3wSmwO}Ar3GW9y6{bwfp4eyhRWtS+H@jIayUiL-sitspW-KlyeTh+ zE%og_XzcYw*rGoy4>;rI+luE{md=e9hlco81=Ozf3{DbQ@Ip7rQ}gdyM#IF~*NK-y z(_@=jzLRh6;^o5n=DR4y?8;A5>>mLB$oF=J)5RYXuP4!MnH8YYf%7GuoBP?|FZHjw zJU!tnog?g4cJ_9@8}MvaidqOTjM3*AbKgGo>r$j})RH%?rqVR~8@(UET3(&0yI{1E zH_Z?ys63C-s3(GKq;LvB;CL! z-61YFHsYt!wDdhc#9E%64AEQMnOa;js4PLxPsY8o#zj8~_>030;{9Jm)U_K{zmR>N zOL@-`w{whVrg~Sl{43IJJT*SIsM%=xPM2!T$Yqs5iN{dc#{~0RMkU`v$9!F-@Gk`JKIHT8GE@7bz<3V39}YplzuYijaH@XFslM_lKSPo*at zBA(VhX88Bw?SAHUxUkb>NbKeovm~D@vMIsaj`+#uxNj5cntzGcOw;@^4fNM0FiOqQ zn0t!OFm^F$llF1bbn6d|Gg$bF&P^jxnl*T?S;7U8eKI`_eev;6Nt?vq+0#vVZ+596 zLPsS=I63K6%WcQh`Mbw|Zun}Nbkf9z#_<_M%Hsif8%Xb*9xIgarnjbBHO%d&rTwJH zcK|R@k--hy2C6%W)MY^w^GP6$Opr5TL<6D|Ug@O#KC#t47U~J%8%UtkEkS4VBqTWG z8E^{|rn)sLwx=Y3bgmln5n@%^$z<8$Cf*zaE$T1Bm=iFMmc^@*&a zxY-k-Culv7>G{_!4~d=FsHVKnLh$#2Y&D+|Y1g+%wA&!mLu32v9g12whUQbAxE%d!;Vn~7Ye~WxH)A~KjMpBA zT{L<>!2bXrP2i6fS*7gT^gG$U$$HWpfQ`oDRr#HfKdS!#_#-FnSpNVW{{UyJzk{AFo9!PHJQ}M2NoFlHwx>G@&s+hIzUx-xq!z_=n-oiu_~n+r-*c z)|2CJ3u_Z;dW3R<$7-`GFg?LgIp})Vf@&!6z7=`hkEgwBhpEjKCDg*Er8!h=%#6fi zjMY3DIgP+fZp@#vqA^f#zXmnj^|;h>ay)>wGMyoNFV023I0c?tFv`S<%m>9+8AjV~>2VX)Kni(sZSA1rq(o!Im(f`2ODYg-W4 zL-N!1()b5!@weeVuXOf0mDZzc0Jqc`0Ky`J<+wd_^5Z_${Eut;J>Q1BL#_B$IrF57zVm~8p?g>zO znu1IwP=XZo#R6r2Ed1Mv$o(lJlgo5$fO}@HF2cGjT(mQlb{{wx(v^pZs>HGc&mHTNytN2EL+56%( z&yjznMlH-zxOdewml#r4yF`1AgEjqGd<)>-w*U^!-7+39pCMw27Gqma#h$@CW|@rfg3Kow%>W+x<0V zCOdr3l?6%Y-%8GmTwtQz?V+D7h%`I7EN(zkFPNAdj1SJfwD@6v;q6Y+@9j2mwdm;R z-*oiJtm-jGMPt0yJRhXo!KrF+U2ay0AYQ=pTo;Fa8R;G%w6<90Z9GKdEWdb#Z|jQ6 zH4B#3KTUK?Y4xuS*{WSZaV?~1k;jZNTy!42KUz&X;n`VcRz}=L(l9|4-AY{!DYE^{ z{#oA)j|c-C8qS(8F&b>=CzI-HvO5?Y@02{&Mpj}^YUwQ}RgIx#UAXlAb+i_MQu}6H zTf~JRC+0mX)ch~5ErbaQ2+UsRp`udgI~&(GnnOb+>fFR{RgO`4KU(EKx2C$(*(Q&C zBwzvv&14N0v@0tpwH9d{3x;yrSn@ue)qBQPw^tL}8+lMd7owiD0`fWNbXo2!S}1Na zd|v?%@n_z-I}Z!^p66AQPx}qj({3Srwa9FJDcG)7dWMmpwS}r1>t~AX2@kwrtvg$h zB^K84PB*FCG1X{jgJfJ>TxrP?M}oW(Ju8sVW!IzDF7E8K?=}lY4w5k8j(HS~CRj%WYK01;xGI!_SsM1XTVn)_f->p1Ps3 zNi`2B#~&aRW7mN|9s_-GCb6ch7lq+Ma>_ai(b05ESXjo&v!NSC?tdBpp+1_COK{PV zu}R|{s+hb81Pk(Y>E3`bFBW71cE-|A8RoTg8Lcj^llSqg$;ln41Ce-*{=cZhBofDH zvfw^AVSs*L&aW-1S-Dt47VVz3adrlJ{ft{J?5|!7N&p~%Qh0*u4PJQe-Uuz^*bwbZ z1A*7;#a}uDg}-R6Cbmdbr=<#Edc6~pq*D}$vN&gJbh{l)#!JZ+SQs_BU(-*MgaA!>yHrIT-w6}CLD4A4BRf$$gZB#!;_P0QP7E3cPBWYq>K8OgkymNq@U>=5X1Nlbe8gcrVCqpf=`y4 z0VA#`G%C%YJhxEIYJ|@26zv$|yDd{mmK`+`IsVGbG55ak??FeCJ*0M%{E`=$PbR$! z!ST!qJ^rv#vnbz6q7M8M2ZxgCS0m#ooT=G0Cs2F5O#BGpjd9^h- z{aRa1K3SsDW^X8yfJaL6onk#w_Icj`e9aYXfq^&r;Rx4Y>tK0Yekgx}5{U z+P%74#d#?tagpEYLq(p6s9R|^whtV)4F%}s0}sDmOQ_vU*9&S;x*jrn)Q-dLw3M-$ zJBS)J%M6A;dY!Lo63SzMqs6zUJQ@ukj!XMNqz42BR>$BgX2(yvzm#4)g`+$w`qnL) zsJ3c0k$SQqFtUxiTaTFHx|p>WwYZTk zBpy#}9OkMwMJO_j-lwErPGDd>!a;2HBAcw~HkKN7&CtAs6rgD1-U&IXlub`E@U&lL z)Ml14kq0EmGt_$4=Ci0>#Wc{xIhNbFtn4(5n-}vRaAUU_BQ@zd9ksk-ITAtUKVPj& ziZ+B^$7iT%I(6D6mw!4gp(JIX48U&u>(8d}RN5A(kxIF_nO8e|5AtexR>wqOY3q8m zpM_c&bvu|MxNtC=`99dMGx1l%FAwPYZQidn^}B5hB0~JL)So6!m8Q*kxDnz zwXRs`{v`0__Lt&ISlkGjOJYtPWF0o1z3alX%e&nM%=l);Qw^L_tm%?+A35f*=4YW! znm&%xd~vOKhQ(K3yKA|l3k*lHs2mERb8I7HAb<{f`qq(|=u$|U-oYO-84gcT=~+75 zvT530p?VyC<~DFh;1DzYE21>+u5=%ASbP=mkHnt^cy{kavTHlr%_b|Gd%rUv&4LSZ zJ!|26<%DTkmYb`Tmsz!*TPZ>gH=__vJ;o2?S=FSLrW2@my{^p`>S*JTrM%8rS3L>q ziu6kvr&<4)xNc|ZUR|;rzRxRbhpURB~-fo;%8}SN9n?v)QF!IxCe>Qgk=`dy{-M{9OZUGa`Nz^>Rx^0C+&b))R+#Y#Fm zJ#|j&?r7sYZ>L)8*M1$+^mn#hLR)usj4nA+M&Hzab>UK4Y7c3wSrWFlLf%zRW3==6 z*49=yYf?`4KDPe=f`R;ShfV#Pe_~JAx50@Po#6XzDjyU0nPUV+bt)j*2?w3>yzEr* zoF2ly7?SBf;Zkdwg{{bn=3C@}VvYXz0lCF%iJTmhg0iywwfo+u^A<^#O9d=Tm&I1K zN&WKE{{SUO@(aC1VhHIYM%@X`dr!h0bI#RtOM^bc9onXMV4UPvEt6+mT8HV)o#R^S zQpFp5t0_=(+cor;!)-%@QMQGSz$UTjA(vNe&#Ln#X3%zC!5NmTmrn|>+Zk}Mz z8Tuc<*9U!|-*~TEDzUuU&C7_#88V-G>5aOWPd}tI`KzutYn`viPx@ejuD+4DlyJZE`6q2m2IXVY(P zC5)@xDr3u)iQ$VcRvkzr^VjW6ZWZ4RkMpm^jD{I!5#umam7y886uL%U@?Rv<8|C7^ zKY!q;o*hkh{t5N_R%y3!rlP;_jmvWyxch}9jlujj=kTnntq+>vYP^}A8f&FUKm3^= z!k>Zky+-##&|K}B;M+#Tj)&zO{{SlXdmRd4Y>PXh$&t8Zt%s&xn8ji1I`jl2T7qMFM8(|_d&wkzO##_bO zr`p6#aB_!hAw4nLlc{6Ht3v0Zcz@$(#7zTE)^sRf(QdSR&Awll7(Kg=jz7%nG779ye+OC|soiW=&e-TR_kD$Y^TdbF<1A}=2 z##y|+<$ZYP@UOZ47i)0%pY~+&$ZbmYBp`>`z_EY#Du3X6sUNai3b6cq&eH~mk z;mRM%zb(8aYW7!F*H=?QUE(pzv$K6a6HS?5Atai8-{yOkpDb+~1Us1X$gKn}s?Cx4 z*EIT`{R7N?B$v6={3m`DArWr3kmH#%k`Lj5NRpyPrBpW_LWwdQaDR%mj801I^NmVlqie~jUt51?qWrh<1WN$0t7D zpL+4X+M`hLhl>6t-fKS%JQb*TXTuL>vA>@l-?dB$CH7?P;N$SkcY8Z659aJPHm)Za zQyx4l%0_rbHg*OmRFt@Jk?Yr;;p+&Md##?AO8S?;C|X)2L3z# z(7plqQ{nFqS?c%R4rvJS3^FW{-`md!ZHVKtx49Vy9qaMB-%arTp(_hWM0Re&IUwyL z>0W+hqbjYzXni-)>m;v{@XZ_^GfBJ2r=wij+4gH=OH24;bK(yjcmqI_Q2zjgZ^GKH zs=9k?4uGU3fxzd1leBg2E9u`G{{X>1el~bF#3I+j*B%)0hJfhOLwwQ*omV^tO!dd7 z73ZuhnsQwa+hxQQqd3#PuKxgm^H+}l0A%mlbHVynqp#^&UW2b`mVn$yws)%2fyreH z-yHE?9pK*_>l*dCM|C~@o$3OzMtD3Nb4kUm&E75#Q`EG0^-W7%(lm>mZd*%x%aw=i z6TZ}pw*V3=&^&AKW8zQ4y+kbfbo$1U&6w}49LlT@BZ|e`Q_QHsN)7IKpNU&p(KSsT z_1f+^UwXW65zBge@qt=azY{f!8KAX&F5dkJE4i|}KD92RMzX6JY<4hwSes9Z6_ZBu z9!3Z-aul8he;UhA5g0G$Z9>{THvG2dM!-JVtfel*B^Gy9o-@*Bfg+aVte|!4Q`!7c z&~%H5;+ci)N`zq>88{;~Ewa@#&luLcL8e}6@2p8OTf5~(Wa=~Zu9DkV32hAVZt~cC zkJ-N(kveG`$5*x0ZR6W_662`dlE$_nniFj0q>Lnd5=|mGt)d#YmKQd6Htio!_z$g<8A(Kk2yBj3`s=C+4DNtP|OZ|yy|7I!Gn4@T=y$dF!3Jkm|NV%R6XYNGp| zP9lAdN^Nge(>1ixn@@3U{Vp5s;~l;ItJCzoD$`Q7j%$e(-HE{TBD$%qj~b+%&qj|z zifbkQ(IV>IzCxh#1~FXKzKEI>pjk#<$0W9Tp!BZVJD9oZetiDjHdgmKr+{ws_?OHP zOsgUL+W|ekpjXi!1T>8Uz+Vo0EfRTmdZp#ETwHm0+#LS^d)~gUEtQe}eElV`-|>;T zHSt0Z*LC_^QFZDUKOV2*)Mc7-68tAld5lf`)jYJYcue&62D_F%`<&v@M9uDy`YSYaXz-PML zaQkpEOz};nrBAnm&7`~{-XCoQZ5j1UrODVpn z#NI`bTU$jpV<+!$O=H<>M^Jd()#G*QF~)whj1G+@L{T~h*c+%FYpJmc(3^{h%P(w_ zFeoyVY*dc^*7@hQj66!Mu$CMjrE;3CimxN8Ntm&plysnjD%(m+VzL)d-HA2W+g;6T z95ckgs^cdV8%5}1>a)J7d}s1h3<3Dp8LnKiMUOx3oHFN?pnS-SL6SS{$24V~TRy~B zoqSw@tn|Bxw8$fAT4*@ph_j*?Q7_D87>Xf%Cci{ zEs#!qD|+JNP}SstMZ-r5a&SKV1F_cHXcPUBFTA&VQg&_wfZmmdd~NLH!!h6dsdFGa zv&7oW7cv+NeEB?&;x)vZw}MDm%Onhp4pjZ&??M^UYC7_)klxrz(y)(f#2c18Wxt(j zMdAz9OL^gGOt~2Yu=k{*BU0LHtJm{yWiI>jMmnu~o{8gY?+ti*dq=Ug^5#|j=FQF* zJ-sSpePf*B5IO;{=n&K9%J@E%7hfrt>XslL3G{^%W^L9E|9^ zA#~T0!z7Km-4D-$g2URhJa47x_BYF`>38#`lEz(;jxgSh^sOTs3f&JfibvJuK7ags z=R1^kHPGmqCXCv~pC+WD<4g_};tPgv#+!CFjBIm17ycgj6HW0Y#=qfpwI+O4z< zU&|o#k4#t4Q2b2r?fsp<*mPY|7<{Bxjn`y*zl&}~1oE?p*1jQIX^?%RM$#>;ucVau zfzRJV{62!L>3%EHU@dW~K@zK>afj-Cg#`OHZ0V*S5!&4tp5AK|%N1rFy7Bl|A9LYo z^^??%6~BkR$!M?>9NYoNuhyTW_;PqP7XYiks&*(j1-9bZW5v3V zu}jGUx!ev)jQSH(V_3_fo37|yB=~pYYddM;jtG@QGs5A5_dBupSFiYT-s0}w8|jwf zZ#ZvU=WjKliENJZN|rm8-E3hi^8iO$STy_FTZmdo3~Iz2$T-Do8!gUr1H~T>EOlt^ z$dWr-rUb z3}o6mdiJjX@n)+onc@r0Lf1qm}R(5Z9WC<3&G#HV3CA^3w^(X=Tcz=d)Dm1(6mT04nOy?O>{HsHv z524lAX){F{A2LA7K3;p)JKEhre)34HWN87&914jePHP=5E|3Wj{N2tvRs`BOndX`1 zm6JJQY7?-%p^|L2#$tfUAkG)@HFnNMfrK-!mZ0OBZdw#-#{U3oXH~`&a(WC^NaBiF zJcc-r?&m!#noFQuxQ}fF3{{ERdC2QZ*GQ<$8Fw~FtS2L)D&|~Eb$m>5H_m=t+2Xwu zNcd;0PZV<9LmceH9I5N<2Q|++_EtM7QR--F{s*zM@+6FvxXu|sz&Z65xo4*8I%IHc z3YN>%ZO(E#R~<^%JE2a)b%>u3Pa4fJ`_1fXv1`&TwO!JNRtdB|KQUZ&A#-HyvD`0= zwZ9a>7Mm!ywvA7eyBF^$9e%ZT?_Nl3Q%KaBN!eTofEoO%snAyu9o8nZW z{h53*qL|4yQlBh3o}6Pj0P&sycMPRFH(TP z;xG6}FCHM*A~Bd%y%RtEYS`zgO#I=}?uKL=-c)me=)Z+}C6|cxPYPQ>1%ygc<-d4a zA0WZx4_fvQADg2*HtWFJRhNzRe-n#OwO>m9e*FBvkTdkJM)B{&xwOB9*E(g6nC0Aq zBeD5Mrblk4HEBJKV?7c*GxiwN=hb`*;`^_&z;#J3-J0Pf%!oiCNIi#6E7trAqkM4i zhNt3>5o-FJvR+9meTqfS)`$~=dvlSWrC(B|HM2Zh;|GJU^}QopZJhoT)9tM_-xcWAcU~v+F>i1q z1jaLi(z-c(bzrRa@`+_hTnLsVBms`6(v+eovy}L{npcnf2(dzm1lEg{Sr-N5$-x|T z;=X?HM38979*kFes5#FkALQ11Fum1|y34~&V|}XJK|Sx2Ardfm%KaDeuVek6ek%A& z%kc+>T6D71)<%%SjmAY%%in>V(^uGBx}P=tbkJ;czZPmbq)=PIZmwm_ErsNsNaX%ww)NG`wU_r`~ zJAHVq4O2x!s>}VIVp`ti#^wVBeg3t_1K!2QlFaq54tzAairDHJeZr!~o5_^qx3zq4 z@uttkb9lzgXjVFu*7;_*SY>4lM*!^}_1z7R7NqXYFA#hw@oc{iWbx&jM6$smMI=*( zUCMg3cb@~iKd))pb+!Khh@*;2Xf8lUh@H46BR_^}jJb~I_UP~r!ygwmi}4Rn)~y#> zO9h%}BbSBp@w62k_&gf?qxgjlj<&;8wYG);5e_35Tm=Jx_)#4QX`TnF*u@|oOlNsJ zNcF0EHN?7Zsc(KHjvI)WY#ICG(4R`|r!IzkwrA=0!B2=%_`gZAYnw=|F4Y8XyR)6V zXYv*G?}Aznw3oaL%p7e8*0QR!HG%DV%rZ@<+(8n-bqugPQ$*k$*-|mc?V9{f_?hAB z&kXpdUDK}Mo&|rOKA3{ua0n%$&J>J&KU&>N`Xi=0p3D0m{?YS($e*>3!(WM~TD;S| zC#hY>r)$X?Zb_}!fJ?9YJT`r+`>T=cHGMlw@s^7Am%bm>VO!fdVQt9D;5GptU&xBn znK-6hMXBgt4RvU3?E?ff~e+y4M&_|8-Q`oJpTY%&kfBR#!mXb$6v!^o@nGQh*!&u_WWwJO!5=CL~EWh zdwbVu%`L}`{$KzWTpn>!d5WRKAy?po>p+QTXx;&}StSeDR(x{4@sdv`nVo>%Xy2?QQVG<9>?h`U_sAj=YjH zZJyFn5rM}-zjz+RbDIAEOYa41+6Rw3AK|YS_*Uu*?+t4facUM5MJDuM>KKJ1w;+#V zDO9KXzHZO{8}@{0;kl;G82P504{44pT{{VuUe$H235%I|Q zkD+O>+-WdMW4&ZJWk&#p1Gog5nsc)yqw<1ZA(+h&4uyVP9t~EI&2au&#HzUbMRvuU zbr}OoCzQ%urZ~y%RX51FZN<)W^sb1+GGl_D-@*5 zoW=`(N|FcpgS&49xZ|Z9rix~}J18o{BRpc5h^|X-V8DVl(>maK*TL_Ky3fInivAM# zv7pUyZu(S<_O)3&w7P(>42*t+pUS_`KlX9>y$8e}gx(nVr{SyneS25ZY;Er?N|5cX zX>tL+BaH7cl1JgqbJUK9Vn0cID|4sbq&NCH#(Y100$$lV9n13!vV-h$KBBuT8|Ai; zIUF(DAR@SGZf<-h{{RIp{gL!v+Y|O;@qU7I#6{gb;Z4tf47$xV5I5{rCMo@Hnexcm!{F zn|HbY0D#xGcn8Uj=*<%Wx;=+!#(Mt%jb~YPB1rZpxq>Y%bYHc3K4gw$Do%Ev{{UI8 z*TWW;T4j_L@LkC)UAV~~TJ!mcZ1mp<{7D`Q)spV+{{YUliN0Yez#f49b@W!BtXu1g zZ?8oj>r0GCr*8zG{{UTgQK)iMM`M3!YHg#CMTI>;?_9;wvTZIV z#cewc$`3poV4A%ql(4fxtGT-8HPr{u4tn~+Xq2>Zk=tp!#d~Mv{*G8dzkHYOl@fL zLjpRQML3mY@iv*L+TJd*^FqOhEDlS1*PmKLZGCvxwwK1{*KqR4KY3^}a6M`OmJMx* zBDWG@OSl_yM@qu**Th{y((Z2#>Y7v*v8}|aSbz(rcqhN%L2n8-OFeO?o}#A+BM!aK_;5TMG4r_nfFvDr)E39K2`cHH)ODIw|KnNm`9!C18l*t=P zR^fQS8L70^xQQlfr`|}yxa&Y3r||N|Emt?jWVcAmB$>u=epA=$USr~)g_ph?z11!( zH81TgF{d-Efqv+2cK-l63ye&qg7RH8j9z9p3^5*_)k{d#?yWCpiv2^b06~hVtLRc) z&dN^_NL0LP(X!xl;-iCI)NUZ1XD7?Z!2_Dpl?9f_yJ>j$S@V-0!W%sC-n8w%(N61y z-3tyMcLdgQw?dM!=^hPh3wb7R=o!#~lZ+A#eEs9Mw!hYAl*jwi5Rq)k_ zxpY2AR#wIjYW5o@O+2J>5Rzk~e}w}>q_!~Jm%8&NiN@iy_NJt%b2L!J8s&3UUk zjXfh;mrv9NZ5l|CxC}Top{;6P+w(yr;UQRoK(VM$2e|J+qJhQgnq`fg3FT$k*n&@L zW|gY0pBhB6Y;bsPloc4*t0uWDdXwIZnH5e$D)cAU{QA~Tv8|;0E^TCVkwMAF-k_r< z+V!uT$U!`H^{wb(LA7!gB7R`qt7MJhb$Vmi*r+lDSc%T>O7Aq;lX_i+Egxg+S;=Zr zSJ2Gy1QBa@Ng_rfC^q4F=hnC>w2P}4XTQB@UNt8QI}X*1#>@$Idu!CRiZZV4ksbwe zI)KT<4fjrb)(knp|PoCf#sS%?GrUwSL>~(20*)5eq?c4y*e`-ffH)GK) zH6wI}axo&1O8Qq{4Xj$ygK&-HsT-ReDx&q&?1Qo6{{R-Wtslep8g<@}D>cm7-+{Mo zKb?7=m#N(=r`lb-v(F^;HL-4J>0>K3*V??Ws=n2cuT6DzedkB!c`Ts-$-u|81UVAJ zqFyeZmnk?|ix2=j;8m5jd0@B~QWtHf1n_GqF~Fl?XDl!xDQ&$ne~Py)bqO@)KqZmb z9P(-onrMkG=D*idQN5eYF~}G>;Gpys^m6LDW~UaPERsf8qNyjU;+4&zx$}?4Ukb`D zAH?>c-6|6pXFLuG82Z=dmc41>tM43X?{JqlHgihZx8WCeXlghu8J58NH08?Ra*GSOQz7E1Ji2WN&zXT#5^*p_X)w z7=Utmd)J|ze%g0fM1nwr0E~0ZIH%C;r6Wq-W@QB!bDGK4tXEsn^$jLT9b=gaF;mY< z>8Cc8j+sX1)*rBU#$6BLSBNyP0epJYe%tW&-I?sJ%v-=uJ;ykFv9FAGE{a1=8BTMPcBrkA6aitXUp^Ezxf|D_>aTyG$!dI z5wa3P5%)>04+?5IMzhFtOq0(_;HY*+EpB=QOK!}vz}aEfHOA|jhU@7ehDCk=I2|i9 zs+_uxu*A87TrkCLMPgyv$PPPVrcpa->~F`tpn2s57A4$!Zm&P_RAg8vGsC{3qa#34BM;C0$2Ay_sXZjxqlL9)#zTe+tz2Yh$8#tHhdK zhpAtSD_Lb#o$ly=FuOfIuFE8 z*_Xz@2|guB@dHcIt$rj=Zr^9KiW0IUhCUiHKiWL~JJ;s#hx|YNk8cEM2LmS^$>y}O zRyE40Vm+--Yw%ri`dMG`zn{v-cVj4Q#>?~7=;CO}Vx%0?vGj4Lp)$tE+ty5yc@?D` z?89oa40f&4GOJ9@xwOX*9mWR6M_yhKpgS9$P{hw|;J@98qhr{}|n?9m$(s3Msje&q}z5f9E^m4Vi_i+;ePmHx+ z2W!@|2yUPj&(8I1<9D|ef5KN+ItHO=lBt!Vkz`~YTL(N=kw?p7=rn$+>ALFb5m{d% zstKZwKsRUjMt@Li-TW=B$0W9K85HLO1oN8jq}QKPlL~&G_380N zcN$rEn@@i(=H6v+%hgzN2>h#c7IV_6X;|%kID9(M{C)73!~X!Zc9n3DOf@vnwYVBA zBDrFl)b{y`6WfztmOdrDzwoDu^(X?w&$!EI`M_lu$Ul$stvOGm$t$T%#dLN)qtYjX z#(opiuVb`{?q`UH34%k8zfPjRPQPX!AO8Tt#Qy+-cYJ^NE#f^^J6{|4cTd%ABDK4d zYc-=Gk^>k#mEE~G;2e6_MHj7)g7McUo+lx0j9jYGsZMcAx|&Z;zUybtzp)?fr+4r> zSkkn=iODDYEA2wY+R47myx2@JiClN;N6?!7kTl&&!&lSnb!{&08|^mc6`tN`&Q@sH z0;~_XBD<-+hw_iotApi*&8g9k`9@~>~xm(PGo!E^l0e3m9Vv;K>46%?sPOR05|LZwu0=clDbEPGWp;hVj4Lu1^B z!f0B+S~P*xN_8O8Yd0`x+FkAc0NEs(XqR$@>G;-%pNVJHp9*gO0JA<4_@_`he0SP) z<+x+Hcx}o@2irNX$}fm;{{X@};(b1ASbVK6@<|tl=^*F)YY9H*&$(XarkkimbpTh9 zhB|Rp-EL!VHVw?6^~FM+ndo5Fhp2d8Qu3H2$UA(;xUJnn{{ZbX5rell_NsEZ=qMYy zPN4(}zi4)aHkD@102r?(uyu!DyOsxy;b%M!)pvvRw;@~8r&{TZ z4?4S1)t{NVW}f~J@lCgnG+Vof*G<$IJE$MIDIr(JJupps&+QpyX1d+By=$r4YdUVP zZkmO?#zPklIS1(36_k~cRN9o0^0Wg!6P6iJ9D0E8MCG_vCa72$!>J3X=IOa zf^g$+UZ4KDRS-psC9P z>FZrb!JGd84)~(_?OcO-Zz=;6h(Q43pQUdY>tp6KOn)smD6{9Ej{YyaxbgMQkvwxf zv^Rfea}wktb|4PiSAX#{;oY~v%?rS~{nn+Yxz`{QK;&VgZK1Gp{_w7vXXTmpXFgR; zJ2wEcTZt92kv7$k z9;$t-;y>Dh;69(=?+<(#_=TfdN8$ZbU5er>>oS;9$S=6SQZFD=SW7|=Q^KXf7 zVgCSxDm@@uc{++-MLJzZxp<1>kEVIAsXhn%c+@<1{g2=u6D_5;iLB7aZ6cw@pfmD} zo(pl(xMq=_DiWKq=>Gt;e}Xi)w9g4^dYzr7m#@bxizEpcLn>pdkHpu-UN6$DUrD*t zEg-j!WWXw*4CJ1FO602@PhTdlH%{_AtL!pfSetuxDSnN;7z~iZk@|}Jo8T9YJ|Fnj z)Y^Pn@Q#aVuUK0G_i`x$_h%h5$skryin;5`tgUmx{BfrEO7F#*)z^pg_0u%@r)Egw z=&PP9$37=`TzDr=(lzZR?X?SQSouKv{{Z2)!H?P3<4?hl z0eHQ1`E>6S$rqPA(UMjfe~3uA>-4SdXZAqw^BpqZTD-ft@a3}-7S2#sQP}WuIHxQ* zojlg=(mpl)rv4J>KL`9{;A`Im>i13ItzHS0EhIah8Dl)LK8N4X*Pq1=#r2D#PGWZh zr>%3&jgI)%<~kVkJvti;Wr6Qu)>ci@$-m@vz~C?ETG~#8ZMC~?W@sVQEkYRPwwLbA zGvD?6>kd>+LXGS?dU%rlEi+GpMYDV`w?^S}>G@ZGp=nkmF4)&9a=?zJx*-dkQ-Rgr z=$byIW^HG)wvn7;ES#zKuN2np^^XBE&lGnzI#VzkV_n`~9dqf$byJDKQi19|1o4KS z;>$)hfJpKDva1{w$6gI~`laQCwWCA~K68Abax!yWG_7-zbRExvzih7$N&f%}(?r)} zx3;&thf%-c1v#(8j>8wLMdzn>Pe&#qUyYr#R98!bXoL;M>UwD4;qL8)e$!?em zGt#gxrW&T89vEV^$N(afQs#5DW7IUFG+h;@TdlVW#xR?{d=b~_UO%YM$OW{ z5IUcFaXIB4hGm82#ntIDtE^baPi)Jj*qlH!6vj86NdntzT5MFsUe~gY8OdsWMs| zygF^hg4Z!zT(srbkW^p=^r~@0rc*A@H|78e&6zXQwCfloh65^P3g-lLrs|eXcPvY^ zkGje@q(haNn|GpX(A&X#V+puW;ayZ@oYsBxGFc>vsoTp0+=7lUYTD{dnad)EV8Da{ zzbfrCj}h7F=)y+I1;GIIH8vpG9w4;6$dwtPZ_gFTUFi`QySue?k}l$qta;SGHON3P z!HU+jG5JWr#uK2x>p_g8V`oQTWiXI-XE?66`$kx-Zf))n79f67M?88O2x{jgYjG9H zA{iAQcj9W}T!?^A;yit5GjS82?;<2?1CIZUtZI3l(V88;_9 zj!3ULzMJin%2{@KkGtO#0*T*fc2-eDOl%kB&pqmfx8WTpT+`;YR=N92zFtCd2hxK? ztbBRm&kQyI`9KE0o2XpaNQ|3Y6=9A=a!KY3w1)x7`2i=r1#+D%-VwgIh$_Os<38D~ zeKbi8lv+jHF*C%(Z`wC8`q5yquD%=7uUn9i5IgnFB-VD;F{p^QmJiHS=N|Mi7iIBM z=(eeBnu@i%Fn=hX7>@Y=06lBWd{L~=a)7}IOJe1VW1f2o#j9>J$!_44?o@!~S-mnv zR=cw&g{g4^&AdzC?Rp!Fgd#B*C0j3yf1YZ# zks8Gtst{yF#sJMLSPS%-JMtL08qjI_F8V`r{4J|Dsj?V4YY!K=)qx|B!UlwSA^l9z&L$PN~yI5mCkK;g& z2S~MnZDg}k`_xg5yyMvZ71HP$Hlnk%?G#1;0bHNFew3Q%YNg!E@tw87S!TIVr0^rh zKIB)={xa08?ey)I7VTvmNtf7pcmDVP09v!RLXVWZN#hHP?u9M%$U=8D}; z-@%c<*7HMrRiR=-?clX@J}tSm)2yzoEG?s&^+6$$dt3-6lc+eEyx)NLWWk>q4@k%Heb{j>lUlLg3Z7f z8787Jxt}X%j{HdR_k-CDnu?w=U|4*tfrJT+%Oizj>5fvv##hnPUwS;<&l&5iMQhc&3} z?c~#+?L-h54#zd=UIFmk-Iw-#-lKPJj${X9ZOI<>aasz^9;4%r0_eUVntPd1epU>? zzbt;att~KV+J2VS>>VRm_Ml#Xj+J6^XP!%_$rTUqrLHVUx!9ExU6rHnrh_uQ7 zo(KwgqEpI){c5>Uq$=5*H;1$xKzXAS9gv;Py({7T_I6pgkIZem)v?~Qt+d2TnPs{%794FNv6OCGMz*7*MRTUCNJ^4P z1&=FUL382nvRtgi-c~|*BZE=ObIBdg+NHVDA%+>ev>4pD>MOa^b(GRHsP<1hdWgVN z8{hzX=M;1>XO8&(`%u<5+s$!3!nA@+2J4Uhy=!;DqV|+JjC2VUWd|#`Wiu9 zT+;DQpJ}E~V{dJ1aWu^27g6&2eK-}Zr0I<$LEVrK;!-+sSWW76C>sHme^0Hxl|4Nz1=;6)byB$>#=;wuNfl2Zwi;gswIV`={YIjt79Yqv>lTYlm51Mk{~%$!JXZ(z6E zYKa;Up$ca?_4-#n@mt$n$Em%zpJ>6zCj-+JpEDDUjg`KS$&bs2%89euxx0}av%KIE z?Z?zrLR|^5jFbJQc_D-YFQ>M9S6L^Ah0I9BG64C8c@<>xBa^<-SAN@ge($zx4+(8K zSpy`arYYPx5!LC93R@|5-IhDDJ5|88+z4S&jPeIseC!-_E8VnEs|G5J2;#YO7-o>B zN|w$uoP8*AxsxP~+CMXEF^r62t1QS?UF@;?d(@6AQW$Nv=1rtNbB{`nduvOWE?#Mb zGG`@^RiNI*bg+A9$lM)H0-XKoW0>s&2aR2ham`~VsE%fBQQ{KYq63qXiaOP;H%QdA z>8;*4uJ+^-u`WuC_pWN%E1k3>bM3!{-wM17_FJ>A>E`ZN0$5s1fe{^e$6hO6Q_yBN z>bew*4w8~FaUz|{gZroQuLiwsPg za21d)0Kgq9o;6Kbk!_?InHdpX+W-u7u0zEl$3?^6y}h%(N0wX;N40cC-I>mI*n{E! z0Ec{S4)&39JRWnT^G zZ>4C(S!9$p3a>o|GC}pPMiDt2jjcDr_80E0sH_^L+P+~{T#(i2J{z%;E5?V#HqvRj zcg%nx`G~>W)O{;r8#&fncsxOMr}%wgcv4VhoseK3O!Wr0wY#X{({66BV~* zrfYhxxvbm7=Ic)_7?MKcmIt@jiu6y2x?Gmt05-Q%2<`5q4%j$y7qRv^trX6VO%De6 zHSznzpA390!0WKuhIVi*{k9QkGxy(TH96ehOcjV3r_0F zj0}jOzq{%F6{t#+JSXC>#S6_l<3yTOmFmf&EuWPN$rf3k2b1^?_4411G#?kfuRQui z%ExH(rOaidAjc+o$6h_D8b&rd%YAdiI(7Dud8*&Op{79_M=iS(f?N2(2d-<|d_Swe z63141ljUILBnKRSJkco)z-6ALb>jQ0)Uulhk{yU&Vw`_U_N^n}$A%^Fi}=FZRu=vx ziG-S*OxR2g7hpY)PsXsgIHYnmn$DR#8l}FT(91F~JoQpI{_=a2O z({-5(N972&2}X0CI&{rDnM=@T?E&EZGUE4F(qy%_nnMc2#w9pmjA!}R#$FuL^&JLF z%^XK0ai`A|vJ3)!u~|!FYFaCvz3|&!@m80u+-ehET3xJo*%*(Lo-lJ?qdG>sPJK2*oqhG_M-?W^aVvAk=jzUr4_55n^(1RAi2yfj^ab z1)h-?H_wQmOqKF zj)%lCZLR7WZ-?)v)E*)hOJpOF#&9a)x-w$VN%2>~JFgf%pW=6YLM=M##K!UCD(BGt zKhC}+_?PfM#NGp2<0?xwj}Y8dhx(9u4k%LSX>;Sc@pOsIMe~;xdhp95VE! zP`Iv#(|!-t(p!kd-p9xzapxa}e4qPP{1>|MUA>=;G+jO3Z9QEsJe4eN5ai{)oPU#E zJw<69P~7+vz`hv2)wLP)$h7YwIb&sM9D=dn_U;cA)OZ{>KMMXJe$0OoEPmbLPZL^A1*3 zw(YDtW|(lOc*ixgb`fF)f0qx2>+g!uw;Pxczc)&wSU!ctwn<@{(pjBia7Hi=e>(ok z{{Z0K{{Y)^=i*nwePi}P_=B!PbK~y_6LX+5I1*gh6aKGnQdf4|`W5u3=F!CJia(~O zXm22f?kxFoaKMgK*PnQ%$Ii5t&P5(-lJQrcQaTiVb9`XYW6=D4W2t{-S*D4rM)vn% zPTwxzDca}U;QlzT&Hn(}Kj4%f68tIR4Fc-k-Yr51<}&@Eawd-$T%T^AjbwY(vg4WXu^4LN*LgzysLdjdj5)k;D%qdv-odP z)P4Z#hT`j0(w$N(L{R7oAw&+8xIM~FY+0ln6K8C%_5Y8qHS z+nyYrPnm8lW%;Cu8==_5k8A;7P-(iX9wgIr?RQ668pi1ee2f^}a6uKpQ5{JdHadj2 z7lJS)`&EkpBC_FUjE+W67$A{f#h3gSkM<>Rfvy5CILoQq8{ts&Id>MR^I>+XK+d_bN=xS;$EN3^+^-GxK z^JBWUVBI$ZoF8Co*Zvync3O?iwUzux9YJSZ+>_~EY~yBP&rH?4Ii<+un%Wsuw&zwE z824lmspfiDhDxKQB z)JlJHT z``rHk`m4_@{35Z9Pg9muirI4Ehs(5amG__=u5q_Ib(XaRk!kI^MPhJIQCU`67Nw^N zY~hADj6`gWc%YNI)pXmPbHesk`iAIc^VVbv+@r1zbNCAL{Z7kPZBkpSh4U`91@k)Y z`kD)jJDlyVjrQA#B-9}>N)O)YlU<~L4ioGTa<>Vy$}NMRnEF$(r?cu__;uk;Ceu_& z^`>-IlqqiEeZN}v4;FYYMuSl^={GAZN~2?uo!O@rWhmJ4e;irg+{>cFAc@l4Fd008 zbN(i|$mOup9bWUxUn}M$irJz|I!}!+^$!tQK?sIzEnntSoxpnv`aF1x!jAfd&BdUN z$`XncC|02>0m16Jcp?^K>(iZa$4t;AWM43kBMW37;Y-dB; z-m$OZxwO>*nf_Ke$sH;Qrn;Tow8?X8vLKQW2R^jN)9wr*e6UoU4{8k!tp*wNYowT< zGJ~C`q59UG`jW=dz4LzU*p3g~raK%=R#DvR5iXYq@)(lmKgzos-8MJ{&7w((6mSUV zK8BFu>}Kg2jsA@cu^|b$fo0DOE25vqt9xqNQML;!5%aP1pw=wuf8h<+CeTKtmXS7{ z4hy>A@O#&sUFrHX`i-=TBsZx1jNyO!^bEIsr@ zuCYqjLAEK!J?lc&-K2yG7XeUFS}dsI4;-G@j~j4TdM6{<$C zJD&;Zk!l)6?3%Rj$1E+7H*)HFaa~leeQn|WPU_AFy|=WFE>wNY^vR_tnyZ=q6xQ^? zX*~Lz@!L)177O>X-j&RF$)wb5<7*j=Hm<>m2dK|OSxP<2Q0`6Pj}GZ(3uQ@TYot;} z2i>hn{u*f-mCV|M+{l+~z!hP*5mU;IlD6i%>AGw-r%t$y6vTKq#&KS2aiYmKZTRu>))_5)(4p`f9w9c594*l~kU&!pM2mWp+0N8VnzsODzW_Bq>&3%D;L*muJ1)ON1E z+WBR+P|27PZhmO89&3NgC>02^zT-z3hn zN_4xrloe3Jr=@RS*<8;DlCdKm#DGP3RV8+Rqtp|FC&n7-4sRCgrcSDgGW_>b_<#L};Y{D0tGLdm3dlFs+d$C!tO1y6qTy@t0jsf|&5 zy-%Zjcl!myb*0<*v*8blE~3QHaksG6agnl(qMm6Nmr9Ky2+UkF^PmC-zyJ0+#pR-5KQ+pmi5C`jD z55J0Sz7}}%N!IT4$!D>ATfRCN$vON%!Tjr{2hUehb7$>`gzv2UdGII2b{do0KZfS; z)y$E+j0#LhI9#4GIj_fG0NCAVwzj%W>XcZ)jZgQ67qg>f9ma{8Q5)t)qGy2zDHCAVliKlqA-1R^B zDRu4V!@t=V;7qpHX{ek3035|{s7X08eUU_RnBziz;2~7w-`>7#@dt_S^*@LDbmkP2 z6ow#=_;;?E#UIDqGmD&J<0tmt<730My>ia}!)@O)pu%NG0DJYWLrk~P@0v847#RsU zal;-uS3RtK%~c6BnfG_X8x0d(@B|HNL6*jUvgdY6uV8;8UcU#1^_?c-&r`ElXR#l6 zfN~9XQ+*GI%rKtwvFcXZt;FIMl#?uKGur~bh4^^WYW9~x*bSJ+7A2EF^QZM|KzxH+IQHKgz!?ekgn{n^wAt<~VMfQnH?F zb_h#nwn_W}t39k0sm;ngb^Q*X_I=dtdE?CGZe0BGuvM>T@k>Ww#?8G`nV;{^2Uo-6Lph*rz1d=U76nw^!kp}p|E z^IXD<@}YZI%Jb=xKMExKpUAkJtJy{}QoCpQ>wG`c189&(99vZ`ZU_6oO28k;SGH;P zlfx37tg223&3yHDd!O_jkx%`SmA{rhk~-}Hte~22?Pz3pO1CT292|bQtaBV@C3A4wOXdNldbfID;fRZkE%o2Fht2wSO)Yy^MaIOuAmv^@I#kD-5IEB^qAUmSGJ zTlRYJ=Yl8kSBT(_=Jwxw!X<_!8%UL#paql)_>bd9!<~P?J}>bvfj%O5dgnm#ev7L~ z70rdo4%W`ca4N$fsaF^ysIEHH-L8CfEc*oWN#!bk?FtH~F24o&Z+*AvzN?|j={Ar? zfjpHVxg2z^&EQ*LEy0D+fFYEAmB@X59-fvWww)lCV=90SI2EPkv$&C175ddC`W}Q~ z+`W5kCEkU2(G@;f0jtYoyN^n|w4Y%x$m);mYhq?ycc?!tE+Jt!UCVbU@jB zfChS1!4(+wX0EQ4Mb!qs7OV)5xpT$|B{6T)e3(w|T`&O@7Vq;&*L4I5GGKuj{#4-}rmkg8b4y9|JHA6~ z8;C!}TyMbjvXA3efEMfp(&f7XUEg$!jtzAvXnB~KyEE!v+9LY@0LC66y@K>anr*o; zK@cA(P;2AMO;!FJYd6}Bj0s^JkZe0o-o}5%tvfU0>rt20`5xy1;f-DVQR6QXc#`VN z`$JZ^^DZr|_7)6LNdq4ECl&HnjX!B$5d2@dmq_vK5n3jfE81DX$Tp~?jier(1q!O@ zetDf?!h3%%RqiQYon21@S3_!S#(2rbK>b8yXqek(!!p(15(XHP1 zQAqIion*Holb=sd^O~sDCku!7lRkUUJV!kDD|#O0-d2!2u{#icnEWgBf5Y~E8Sw{% zv}^dRZ34>x4%qpULD!$kw{=yleuamWd1GVa{{Y&e&dWvkH{u_J|vB+q)PbgX@7@ zuZQ%X8h9VX3$6HO&f`he_npLyM{$mu$G$q(8n3D0V(>0cM1I70SL5D|r+5#;UMAKC zmi{t(b!)pNep^T%+I(l(z%?CMmDvWlM@U&`qomF_d03e z;~f#_mS$}i#24CR({7a;d~6T!oa6Z#^czgFFP2Xuu5n2-M-2;M9g3aV!N*$VJb9#Q z8qS+%CY~a?yt5_J88QPY&g^~}u9{OkoMkJm1K1ptS_&GBo) z8a{I7J#o^yOL=x6 zjfmPuYUboUlbG>tmS>I~Uf4w)#2^U>Uz$|UPpx!*7P$LVOi_MejEwVICD6uEJrd9& zqxr%2;FZU%VQO*<%U80xMf)@T;6-e^88{=uFErWwDSX#UqJ`Z{yndu*Jyq!yU=cDo#i)LTYFqvciC2;jZ>@Ad@oTf|{RhXor-aP!p|!b$M#3oN`9o*a_OGYD9Nt)X%fq(*CAXeC zT}T7=i$~zXbJ(7uv`ew(RFSiAJfV<@c4VdJ6)~A8*^t~%hlGfJIZDlT5k8GYv z`jTiks!Y%E4zFPIhnOo((~vN0h0^pXp7Lws3{7siIp_v@QaL2S-Eb zCp$^|qJc|e%kTVEHPy`CY9d3Ev)2{9;W;elxRg4Vb^!ZO%ui1@7WQ$VGHv5H&p}Q8 z)U@1$${H+!#GaInNlM3I9<}x>Q#G9X7w<0C{Ec}&uj4Iy#@e_|LJ03J6?O+eH!_c2 zIW!G3I`c!lLa1Vv0gcBZxU0KXws{MKw4S5AF`7C)rm(4sQ@$b7)EesS5fB_#uJr*K$5~`+gJ(TOD4Drdqu5FWJgSKv4ev^)HUT z%c9yUVBPWtP-IYG&k2Hih1OyaLqE<5B?rpCTJGi&TRbLsBvo!hVaN6ZU4eT}@pN3^T%=h#+_?wbXqo8W)l=MBf+ z9`$$VXC_B#gymvfjEwPJ9kjQ0?;LL>I5Y<{CcQ_V29OP{jARamxqq_U2*9~HJ=hFZT&$BK+E^|xp2;9)NQO8a52bbI zRgEHsC<~*7#=>*Rrx*o@p5s~91b2f$ipt&*lJG@SdZ0rPv?s4KPh?{{S*_LoZR0?Ot!I{6o_GVXWQgH-uS1X)eeW!P-}@bM>Yr z6VQA=pm=^OG`d@8vd&8~pS*o*uaN1{ZIvzK^3g+bI5ecmJWJwEt7CNV$sN2f$re;F z{vdlA_^aY}rjkyn9lVzCxcQnTI{_FR{c0h-%Z=IKTAznCbcW{g*43{q%94O^Pada= z<8*nBe8#pgToJgWomBU#luZYTrMSF~1prE01+l;t^{<6AAleB8bN1^PQ!oyvEkr z*6L*;x?o1GHl?5@Kx?&oOt>0WcC_@~4zzel~*VYs?? zE5D%Ux3yGuI^h&^cD@KU8l?Vo%XKbtFmgFL!2Ig2v*E2`E4F)kcb*IbumhDfML8OJ zH-vmctt1v7+0KmY+cH2Vy&FvM=Aogav0PiS81N3>-nBBPse#Pgc)IfAR2CXen762^ z9zsC?4B+JBueD?9-Yvbc)K)8TJXZM2D(4D*wA5^Z#Mv9#^c|L3Utl`T=7MQwSOY%Rv+2%s^Lg-OI9YA<6Un@OM_`7 zvpj56tg-Q*#)2Lk==5KR=I>C3TfIGW`GEPA7a*VSdQ<)*c;`p)e}`^7H>PR=eNpB~ zCM5Bd=m-?Kfnkxy=uvALWH#$z0KL0RV>}PSz0<iRbxEk#5T<(?WKmFX*OSX%)Epn z*0{Y-!Wx#JJci=&8ZEmTFu5VUb5&rsbDv!@_Re;dXM=-Va$Ui13<|ONuIvFm zm7JD_e$3H}!}d2UE+lo_FvA_rYrld^NaL07C2hW05wPstvskuLjgLO@9=8M*%=4?s z5}&*WBB|NyaogFf%kv$(haG;k&TAQTF4*{!Pt`QtQa6SdmtkG9bR_y$DGahnBE`5k z>A~PqXGB}M(#33-FbJi%l^|1+6#7xC_`5-EEa^8uya9s3c6`Xh^{Oqa=yG<~HWrcz zrDmBKu%{f4%DX#Bz}m=NGtg(XOp$}$#SLBo6or;GE^x%Jdd519#LFT!)rol?tVLjB zCTH2|7ZS=MnVn(>9ca~KzjCaRn8zSzzolFjq)JvY?4X{?adoyqDfvq-a4WD)ZeYxl z%)fMC4yLs+=IB*TKsKWq2qgiA?ZkY)LsdLWeD^wxR}H3HY*Z1Ii2{R<;y(0Ps69?v z;%kXsF=!elVg?uZMRZn+bOuwc$rEcGAx$K>?(q(m~#hprczRL^kdQ>#z}>xyL!Lc9jb&vzDZ-q4!^eJSV4V-`ZXi z@Lz|Af^_C96tjiq-~o)6Bl8vPPo#Kn!|>U`;oC?q{6LGgTfoFKH~GbP#U-J{qU~l- zwD3QPZnX)ujc)qJOHI3kC4qG(zddVC!EToF?!wjv@|8yS#s}eD5M;O=Zk;}lpxs+p z_-Fnn`qQVM_H`TGU%p0tYc4g`?zH*!KNpyEYs9!uJP#OJ(m;xDw{ zTiAGOLmER&7tgugN;?69`Ssv&T9Wv}&%^%!4c|<7EwyhIGL?I|KI!CbDh6seYH`fUCpE2`UB-Oj2WWdi{A&OZwD4+0w$d`o{l zkBVTs(QVS%rG1Hr^1DZEwb=NFK=F5s{EbFMchRDcWx(>zNdtlDjC;~I8M~oIAWaHMkKZE`}@!y2}NZu2UYnv?%r)gdcVMint9-}p@kx|s@ykqe1 z#jh|HH)0_=tPdtW`TM8Rv*u%zdm1*r6S^`9t|msd z2RJp1a!gtO?3Vo@YblX{j$yEmew{{`RO0G^Quy|hEqZDr^M^wzY8^- zaDlAeKvlOcHphX}>(@2;-|(}-THVi%Ebla1OPRF;BNv5o!cu!@+O#>|n;)g04t^=v z*lCh@JH`;EoW!(B?-?d01mhfgSDSoUk3sPcfv9O(OZ}@;WRft?f{eI7HV-+dw^KIk zelmE1&_{i!Y5Ue`V347ZbY}km>sOpzL*&oCV;=B$!RuPZ*wUY2>w7#>M|W);DJp&4 z!|t%J(%;$N#q;Z44zX!wjpkQ7kc={%41=EBR+8A>D^u>z0$n7HB%|!?(&9BF@~6Fe zyR+G8J|WU|D`vX;Ob-cANGfyIynJ4oomA2JDdIf>Zv}YkU(jq4;?mwbk36_@^9R8j zPp4Y(FCJ;O)>@6+q9)yP{%&Gm82i^fI**v@iawR_e!r)DQTSPXqD^gked2!%#H^9a zhVx)zIo<90S8w|s{?OXb?34RVd^h;Rq+ZDvgJ8S+9;s?cAS9$CkUMqHu@&jil#{s< zTA$y}m#_GD##&E?{C(kzm^B{`>z1o~46(LVizp`^-!MOocE1hvxHK(x{@VFR+2_W_ zKf-wb00Bv^hEj>>zY}yjjbFoZYB~(>YplRl>e6)Kqmd5bgY_TIzn4$=FL&(eqxk;- z!QKb`x_lR*>J#5tD(GG{vbKnBw_tXOBwngf*skJwGFLpQ>b#%)0~;U6_lY$4t?#C? zwPCP6)yw_ga%+V0874k%K3*}NwcQPld9H<(Ff*w6i)T2-DrAtkkSIAEanOp=F}cpr z+4i3?f^EUCaB&UmXboD zWGpy1uXg>Kem!`v_E7zzz7&4aJ`NVK-Dui`acYsYra!jXxd|c@)9#k*>rrbnst=+5 zn|}!YEcj>RAA)=%@iW4Av1%R^@g|)PqiHN`8CFI>SY#42&VHo&S7oc|tu#j9x!jrj zMRQlB%O?_?tbFnD6T%vHuN}hQT1PtE#@}adhAD^LKbZY%^83XPaShGwzOiI&Z>=PI zJx&r%C5xaxLNI;53gov#88*-7Z~h8d`!l|as@!L9R0L-qk^Xh~ z#S0me?GeVy3j>YA2d+P*byAYGjHXe;mXS(i4mhQ@LaNGCf!4a9^f?$xvBrl32R^l) zkiEGww9M++IM3ayDlrr>VjK7Y!Q-K)7V`@#fk3252g+I}2Wj@DNY)v)r$1iQ8q+UH zAb}$)rdB5y&3C^I{w3>Q1HK{nOXBx|8Q}3wi+HzWKo6NT2mNGxc43i@l~Rq4`b_@# z{{Uq_+80dt^YBCA@5Da{+s{1q7HO_%`@r+wJpTZtS-9?0=jaA&^=rZ&GVt!Dr|Gx4 zRF?L-Myndl01d)99H-PA@my76btZT5-1#6oMg+>+T!GbnYvs?|XZC8*{{U-`*~8)o z!JCU)ANWWF4XJo)=H+s*UZ5p;>NAq388~CQ{Da>4@W%KPR*eqsk3anySL6!6jafzdwt@RyJDuN!E|t!Wq5^I0=(RnO0l zr?q+pmv+ych|SJ8?Oxq9`ka%2HlYhgI9Y-73Hh<?(Z+?H0uE47~A4O1?n~h-!D6skgq>R+ zV}0$vjd_Q}?LKWj*G1Db`-x4yNxMK!8?R6NclD&kCxWE#*M?HdQk2`>O3$?0l_04e zykivocT$H?)tc=BMJ$e3l<%KPU}5W1-T468f;NrV9qSTb652wx=I%9(K2ef>@y!OY zHub;kd&`|aQqvd=g%gBo6xzd>6ex|cAa^1zSSl_ zD-rkc*A=a!c%JGzE4xd?7fL_XH*hgm1Y;>&^Sk8LwG%w7<%(B4cUKYV2*Ln^L=9FosX=kK&}=hZl05 zytfUTR99342258wspwnmVVJ+p7@SrulvC3tiq+j@fo1FoILFe9oiaUMb9ZqJs{qRN zqy%=R3n@|< zbG6qU>x;aeJDa48hmLh@^AnYi|FHXBKdoYV$ zW6m|1gqqsPX>_yMh3Own)xQPZvIxxV272?-f%3CYSC-dO)5W}Z90dfGKAo$Fx3qC9 zTcm}eX2;FYQ?RT_ci`_j(2;W)Ve=J_(>2Lznt9Ti-w??n@OK`HezY>VjH0wZNYb_MI4h`uEbylE3oj_i!}`!N!E11GQ2nAWy&xaa5{Y{8(8xnv%TMl zqKQLC3Y>$Jh3&}vYtdTJIQt2dJ0E)Il)8ZioL@`TA`1IhHr_cE>H40jWn-nR^2%a- zgSc^ztwWz-qsp}(5XUm#T*-6y4&VXFYP)Bu!FvKIMl%pG#b(QjXQ+5eO+pJswY-zd z4U!Y55mu#L}DLC3Q*0HZI?b^agui!ZfG@(ndYC{7T3DmwlM@J zX$;uF3_Dd13C}g&wEs>jtAjhn{(nzd3F2f?d~+uEMI3V#JsFIB#)}s)3z$tH+L9~QI2@W-1=9} z;;LPr>9^72g%)3sLlG$2b^Z70s*mBX%x0Hpw$~CmD;`dJ=DHQv9@wN)2=Sf+bv40r z`YR7lOPcmqMqFF~1bxV@JB>cZ{vfRihbJYwf$dct&q7f=16z(gV^Hxeg~>_ueLi#` zNI1a31pYOl;x7iKqkrLzX41_{L9`q;&;cDs;std>sqq=!Ez`x)irQCShKK2=!QFD^ z+TTsnZgs;It1NN4NZ8nWWAv{g{{Vued>+!gL-2#aU$hs7Y_0A5SK+;4-p5e5hvhTb zISO|X*9DP=eN97Ww}Y3xWAoR;8r-XGY=&2oOb?s0k6QOFA-u>#74OHraL;q>FjDAr z3ou6*Aewv6yf9D|sDeF(M_iryN~^}P@N z7Jq;sj(-T=r}}IQ^BXxx40ew(01kkXPd=S%YSCkm z2aN4n;;76~tsILQfrn{#ag*A*>t&cl46flpKEI`N9W>R>lv^EBPP@}gh>=}JVLQ5W z)Aa(rJBCjXcyC$0@Wt3BYk7=&gJfJF=--ham1_iTDmouUcqd=g?0hqOpv846Y4Y3~ zhk&+5^PYcGS-P#Ao$**T3utbW?_xy+3bT>nmCm<7@lS}feG$ATX{+A9hxeCDV*dan zK=s-MRVrTP=6#v%fm12;I%#3jH>{yIAe2^+FDKfwwRXIK2$jwI2|ey+XLY4PxCNgW=Sq3Rlx8imcd zjoRG|&V_(GM^XiBXi^KCt0iE30#G0A3$xeNFLYpLIJ z_~!>tk+kOj-ncugt_QiG5mWPdutE)XD!@3MUB-FJF zTL*=&!j~4|u+F17AXl;YM@D}NO4oBvVu_S1h8=6Z2ZbrCpFsFOQ}B9tk4x7z=uOp) zre>8@a##g80n~zD;{<6 zZ^LhO<#?A(l_8Y*b4anA2P9`ad)KIb$Un4qjD8XPbNF30v#Yy!8sk=vPt{UE<}$@F z*b4dpSx@0t4bQC1@;W&DrmhZJN>P$e)m!jCqm6&ycfucscitoT$>Cpxaol+3D{1DH zw9?Bp&~9G|y9A$MpXFV@!rvEsH29<8O*dNbb7{BM%D9r<)Oq%DkGzs6RbXq-gnA$3 z7CSh`VqyE~IeR@d=(;aUo#w0IjT={f#%Z3YLvPk=k?%()HGSO4I=(2Ep-bm zO6u0;2J0K7tO!2&74P~)i*)M~xCa>-ub;%zvuFJQaMe{)14g8FaEtrWX6^0ug4xGt zk(lljlG65N>_44zZFD@cAqG{+#@=&Ww9l%iv0^Fj!WC2^EP_D;HMOP#9O88wW*qV} zT@cv9tWSIWpMExY>-KB-!KD0U_-|q1y+c=y+G{J@EA(WB_TE4;p`+zk5HN6S=1bl&P%+_{gnm86HgkT0?l5jaSoobhlDf#t21H;FN-x0=5 zRCIldk4CxFxxI9;;`%1hZy5x!>(6TFrE&tZ9R3yL%^#sqfu9$bEb_2*E-{d6r?vS} zLjqJ|@u@rEPg9}M{6}G=KC7qQ*+Vt8<+H}Y{{V%t^04;=57xXh#On*`*KCUNTqA~! zQ;pcqN_QKkb-oI{xE9gHL8)pRwn(t z!KMu=F6Q9zRlH$yrrY>K#I2~R&21IAlVR)rc{PnwmDB8gfB2tExsn*>NZ!&p)JYLv z?w?Az;ax&lE+MgZV&G#W@(p>?X7tac^ho^3;&Qy7eDhuXp5@`!A71sWA425pU*8aM zYRU{R@-}@B2EJ#vzqs%(#M}P>4{H}I1gY1-zksWebsX*Q{H{3(cIc=aGx)*l1@DeC%KTzFT++Gm%iDGde4kZcXpp6mRo zopb6ibR}cN{{U^TidNn~pTgb%@OwuUhMG;y-0O!~B;(~Ia6$f+`Q55MuLa3lt2j~p zRQC1hT-7Qzdr-qkqqgv`!Vez&LA11+OwqMZDq>zIh~sbv2atVfx7Xex@J6Mn_)o+U z&2Mu9d2EiGh;j(ee0^({?C6dSbuzS%5#9^ux10xv0#|njt$Jm(>~~0|olbBLY9%v& zt0l3^_@7UKwHteg8CdP-9asF|Rke5)7{o-Ax1Vaqn&B#TCW`1LQ!BgDrL~2G&m!ei z_M~UX%pH5ft8;x0zZCAbaIco}h5rCppZ#N2H2p*XA#R}HRmMb09nI)VHs_FRiFqV? zRB}ii8c5%6&YrcrH#sWMxr-&cTd&&JNV>m_pWb;f?%?$%zOC?Y?LFe(2>drs0QfIQ z(e!&+NhbFhlmqGhMRZ11IHi`St3F%taMX2~r`B&x#-pnsEY}hecju_~6+=MOk>QKU zws7nLsFg!VVL49D4eucH*Ou-pa@ZpcgZNK+l|JW3vmw5@XJxik{nj#aKU#(>Y4nzg z?%hX~&irsQR!pFE*1EIF8p)8%eL5P$)U^wSbqTZ%{Pd@DlA^Jh91-1l_A`c=T~FQQ zgIQhywwy(CYYWPrL$qzUb>^;`)a0n_Z2UsdzTNQK;skPto>bFhb>1_`1d9A3v9-A= z1np_E6O0geE9?C0>GIh7)<2MbmNC6743~PJln+9;zO}T12Z2}33>O2buENvC8jZG} zI8>f@8Q6eV(NjN(E5Pdf5#so-CAQP`i4E2KfUXp9t>|mrt);%xwGBQ?C4vCBIDCxO z^v@d+O!gb^5`@y?frri)=f@$9eGBl1$MC8_rnST|+)Ex6bJrc~rkXrjwAu7jo+Y)9 z$Vid)lx$*h*9$a`V;{R=&P`PNIExa?A5us}+`X>|Q+ z=6N*RbhWl;B@`Tl_Mm4m9+0f6thjvi>6+^NHyF2`K=PQ#AZ_)aiAu*;eH(u6OM7V1 zz&o2gYOIsS(W1!baOWAI$+C=h^1P0gQy6BCuN4i&q?gaW<8-QehUnA?WEy-{+Zm!; zc?Y*|O4yoMF6_;qKwEZldXH)aZsgW_Y?^Yw?x6tyfu2aK(-A%BRgYjJgO1b_D3vvx zF@>ku-q44WBazfsnBVBJS%qa%kGnWMC^8Z$;*us-e6ai6cdjD+WSVf%Nhahx5OG1Y zTG+|NW@0a4SL2XJ2kTx_uETKB-P-Av3(w8Mecz=89wn>a>Io}b+&rNp%Ay{}+OxFS zZgox3ZFfR;jCBXTXc^XOejPps(5-ddl3hh37@K-z#yxZR{*}&I_?A6(-bJ=y11Z5? z;(-&}i45Txut!|+n(QF4LjaJj)=`}2ttN!!V>!>-19?EY@sZ*7^*s9O{j_;pd8jV(RgjK?v~>MN^*d%+k-X86R1UNv8YHxuTV^N(hA?yU3}DvU z3H4p#A^Y5C8OP;Yl2=&Gz1NX&=x}{=kySN2)Uzt;2uE$Jj%WgTHCWe9ac;q!jQq>S zYc?6)>H>vXcX5I%DKI9m)9lvk?DIo#rcR85zrAeVcxf!LaF*wLDCG4t<38gx^vLI3 zDC|iU8II)#AB|&wW4@t%mlNAYtPV%<3cH%YmHsDcI<~uYqIfUD5nNf8i8tJ_VgLu6 z5zv#`vpiMdp9uJW!^@_<=i9trB#D-QZuxP8zvyY2#wHett9X}47gk}K=FCDCHOI_O zdXLhjZy)RO+(Dtv$!PJ(w6pb*2+sn7oDl6&-qTUKduxdsaZp2nz&^E@-w*sTJ&onH z?9X)~{_!42@*IxX9W(tYC1W$jyl*5rZ1JUzj%14fVH0v80~sstUpZ=i3BH$6ntMBV zrXPL6@Kt)B{{U4n7}|e_S5DNP@_1P;2iy;kJ+dq4PYmjc;w-Wui9tU%Po+ezM5A+h zPl=jcvR&Fe?04}+pE4rH6}W86|vwxafBJwEE@ zd1Q@%G7+^3oCQBh&DBC#%IUPtaM&&nw9i ztxH8V8s@d2Uw>z~8$9GIyjRh_6S23}r~70YbTfxLk}@;4nVkC_Ex*Fp4z6`utM#># z1u}>a13fnVYcF56u+v^y#^`c#a5A|3XfTxf9IlC=+Po9p>2boA?~@{h!C>7<@6CCR zyWk7!eOB(`AoEzsfId-#rsP^>JFf~&rg;r6e9gJQUMnW{{^(lHCT0*J=O?X6r#VN% zv0F|qE-lE}8Q$t&klY>*==uXswv}&@ZD4177T?fku>5P=EiI>xD>Byq0B4f` zyBz%0H|S=~h~O6zFu2dzRA7_NYn$-|I(40_=X9~|TyIw3eifu2K^`-uFWYaB!6amv z4p_E6Kzi3d@f*cjW{EM=p}V!Z)JuW@ZNqQAD^R~d{vWrG#F|^m_twynoS<)*eFbtl zlv;L|a~w}~CkFr#nu#q3%F9vSiPc`+_r`rrGga<&S#uA*R8 zSCx+-^c9gd$3qA&>9ih#vU0FR*n#aX6h{;zYV_lZ_*Rts-B=117UI*cCma^lKk z1gUH!-?Z|1#bUtZtaTv^O$@3WuN(7>pQUa=du{etGP7i_85!oSXa_ZYdu*a;!!FZ~ zhN(gJi=W-wtI9eZyzTnb%68n^ojp%V@Gry2wOf&QtbMH8EAEOI_z(W^uU6DNB$_A^ zcz)V%A-?=1jOXjcc=()8L(-*8)3ea$xQ!&Zf!0tnv(S6jZKP?NL~f95LBPlJub;$L zx!oFPq(P)Xr$Y{?F74$~d5<76pG;RRKD~A|n}agjrH)jp0mwgJO5u!d&6G4Yyg{vL zI%b5rg!k5n%n$B24eWaWE6e;X@cZI#$E{8qKMv`yYvH)1{{Tq2kQEApuRRX}z1$TZ ztmmnw=jeCr{qR4)zYR5v==x2zt>ScS4N~z&$YlQVt}&l__w7O$JSnQfs`!rjJ!@4m znJxUu6_wcJ?E~>VSF;GVwLHqR)XouW-YAx7U(L~MrIXE(kcDH{f$3hsqj*b5Z8jNn zdppbfwL7k+&QuKJHMc2;wCHc^dS0EU!5ht}M7v0CxLkS@S$7&HrD=bnY8sW1gTeQT zb9)O00|X2JJ+oR9*H0v}Ok~CgMiSj=a}~{{X@Z3_c~* zr?)Z9Zq5||9IB6ht#zb)#WeOZwGRsFQEFCq{$;4MhEus%WaAuTn(8e)YxY}BTThN? zJeecerES2@Qc3_-slrw+(|U%Am&5}c|dxBTV5TX!MdM`thFNZ+TD2}oG>{p z=yS&=ubCAc8TO}#JUwsXPY&u3#KYt&>X`Xk{DWDxz6#LR8SHf=vm1}z*f=!|)iaRS zbSn)O&7{yr+hs)!vPL*#=sMRQ4~vW%)x1w=wy{3kfG`yL^GFY`yd&eQPZg!LmcM6Y zE>U&{RolHm?~iKbd~M-r?L1Vv=Z37r+FS?C^2o^Jw;igZ5lPtjK_A5$zr{-nyVxWa z&2oImW?YAhJb*jqwEj2ve$EX|VDP25)9-*EGJ%-#dBFN{TBw=IdZc|L`!o1&SMdyA z+q#;@>8D0S@Vg91*gJUlz^XAfbP0SZ>T;if=6-{h>x#3?C zXnqZz;dLS|CrF@&}A%Txaif>sh$m*;GEF_&u-q zUeeC?9bWoT-r@GHdEn%1A_j%`mjBdtGJMstguMzkTo-ojSUv@V`wW5^o+yMZCjC+CJs+or8v3P*k zS?V@=f!^QDE+a#5QAAP0xQ*Eoe`H~#6BtLT4ty%{7>b$xP~IPat^GyILZ90^ZUnh4Np{YWDJ@@<6{zc zf)A+U73cEVn?_^)6?n?~!agpx)~&?S>Cz9g&jD?L<0k~Rdf;=4_Ya7^47bv6Y#CCP>^cM{3@buC+0o zN+}lSRo&AyGdGukw3Zdo4#y;-K0+`i0CG+SYAGaFWsu_|j+|DuBE%9q$e2Qz?AWQG zbO;N!WX1>?q?u7g=%rM21xtg+PKLFkM$}-M#`YMV+0>(}C@Kf8J!)o-i0*${U+``J z0PUDHe-8M^_9pSZv|8s&CsFW(^UfGN8Tq12oQ?P;-VA z&rus5PvRXRT(yn(cI#8TO}+3pdc)gKti=WG7It#V1~Vt#J^ z(tibPe0kulb4QNO>g!arwl8nA{{Y9$yY(3LUD^5*>0ii)#jl6=zY4s6tau{+8SPOf zBF$ZJT0TiW_&ilX>O_&|p+3yAs5_asJbsl-ugnfMbI?~}IprSXXN;JnEw$S@105?j z$^{i=&d&VxtBYvPCH03Q0>TLbF{{Vt1{@EI*!C#2?zXH5d z;u&8`yShv74M%YQ0K2xhC-;ye^#RvB9y4FsPs670%wqdOw6vaY4{B_>riV0)LAAKf z=^_U|-rf0EEneqjA4BPeYx|8h(^r}`gUbRLqa*KNV>LF9tG&$eq;b3xK>MOC(T8#L zJuA+rwJEdtKK}rNg1=#_O(VpXAGLSG%_eJI6I_hLt9_O~-P`IaIC&LD7tBybNAUxm zwfv^Z=A*3JUa26NOET`Y!-oHWg$d<-Q zZH^@8JBRUm*Rd9GRNm&z^_9$$LQ3HnXCu<1irQG^Fw75=j;5K+ z%U86T0eP&Lfs1LuQ=a3~6^t0^%yg-I*k(*0yg^axL9AkW$A-1f7De_%()D!y&U3P5 zB$9ozoK}~J^vy#36Jr4NtJb$xj_V|+WWaHg{HQW= z*FyfYtXb*$bI8cPb7OCzuPc~Y>spL9_h}rVh&xziO(cVzo{WF9qWcD!7T6ugjTG0Fnuedx1Ui1k&2U4`=ZZOPzN4DzY2_RTSc z9h3NWjw*lcT}B@!-6MUE!Q+Ymr*9UcG>jTNDQ;`hw1^Hc+rqzfJy)}ho5%yK%i z5>$ob7_KA5P)VnFfmce+)vF!*kKSLc28Vm$`?0P=1Q6j{I}T6rdekuZSH!wzxNUU{ zM_AfIW0)MNAJ_1zQ7J~}rd{b8TIu(fm-q2mtSBFIj$0jtaZqYDTD)a!W_HNHAax$1 zj#9mt&o<-3){&vSboH!zUooYuCR1otSn&pgc(*i#!h!sFZVrE^4zn#7Y?-`lN} zW#D2#Z%#VbE3HX*tr>+5(bdOONVv+zZh;K$U62&X+;BKN{{UK&{#l~CJCWS4AbQYW zGCEx@Uotq@qefhJ?OGO)JaU=ccgMJcp7a=+FtLf9OC64QT=c1?)2;3;!d|k7x$n}M zQCgl^tOV1X8yVH3fh-~7kS7S>0I+=Cv%>fO=1m3ayFP_zy}>qt#r08sraTViyP=6wS@))t9}0fd{SO! zi_C*t_-i=R;?ykee$!`=w;Qp5eJiHXt*x|M6~sbf7kML+FgsSNDA?q@G2)*Q_>Su4 zS!bSgF5)fVuEhs|*V4TkLb<>DOhZs|#2g+eO5H#;t!Eb#T1B{!a@ZUkRt?;@GwFsY z2H2dIz&@3cv|fihVH}nd36Os0Jh!cTPL1LVGhz05|aa<0SAlizc)#Aar8U#EsF8Kl=6gr2ZV%{vmkG-&{go%JNVy zq<8-SQy=$1?U7tn+DQ985y&d$c=|XRA00_3uPeJ<`7Pg(_TGn~=z2S8`e%o<@9f<+ z1xUh{ELef}iS;$tUkI#q8E1}7=)fL2SIyRXpX^>&f}@3@3^fSy!U;wzvWl`=>$2*4 zhwROH;old0VAM2Se@}+%L;Dnnca!qVgS3yt;;(#f_%-5h3+paFvad~?$9yuzprY}d zaa{I2yd`woi#}@be~T`y^=(VTI_QquRf1BAnLMXsk8z6kSnqctl2v%@I#RjmTI$Eo z{wB7INAWLcz|P_Ls`FQ4*TYozqJ9(q0A)?#O@8x2l1QYrwL5nba#Wr%^uZPH z9v!;2lTM0QZWWt2=e8@7YeVetO2*XlG=T7^-qoRKV`NTQobj4e(eKk&MzyuQr=K6% z?O?gL$SjZ1$DyascQu`crKM?)HKvhr+oraRksO`*Uihh~MOYs`c&kcTl517Bk{fnA zlO3_#el>@t>S=Enx49xafN-noGuF6jZgEOBXGiBO$qVz4-K(#*yb~q7K@S? z{_#i*dt(He>}x~$2NO-KMO%L~zcb7HU3A(fk9<$ztG7?w-8(?U?cRjvIQr(gJ9{;} zv6lAIcvdxtzs}g*fzVeifz;5-@W+WY7_~h!S&Bu|H5(~Ju`z6qex0$J{c`wW<22WN zHK%xz(n#)OxKc~6LU_;9t#wk`$BB!nbK86mt38gZZ+#n+c^rk}a(Tf#jQUsI{vMV; z75HWe?yarTatcTnk{jN;&xE!*j<@jh#xoneM$Q%e-k&)C09qIUfT!;dt}D=lx}WD3cf&Y5 zmyPi`U1hh_>cnXtuZjC1Y0PtK*h0`KjwZUlv9P)Zpg4W(X zA&pRbaa{D{(ETEuv@FCRWh_A4IHJ%d>9?_qZ#?&{`D~1;8?YjjK@;P6Bp*uiABcKA zyFne}rooaY_u zPS56r9f$;;l?S0s7n?|rSXQ?zu}I2MPH=L4>&EVUKdV{XKA&|tmE(P*J?WJxbUVE& z!tMwYaw_xKb6x$dm8aQamO#$qC4o5Rw1enmJ#8RprHHXz-3@cm8SS+OwkL89K_{(l zrXzmZc>@-e4&J~D)rw^beT}i%8UTo6EL>d9B_w zAbh2D) zC!w2{T}JxeSA`GDo&o$%737~8wGRgPi(aD=9JZEg1M?;>5yE&|nnZ#mW zG4WrGd|;jysDn(in=B;RTKP;4@l z;18{ASj7=RAsdzd07}L##&U_YY;*hIqo-k3;#5MQt{WAvGBV|5$kI2I3;+)YjEds? zU8Odeai`qr*ARx0{{VQbrx?#8>rUay$HzUx1dIkDxZCuT(|TBN zN7|nWX7CjHUWai7m6n+PPm`;Cq4y-JKJi@i$n9SzHkT6kqr|qF5;Xc(_Ke?S$Ncin zNAoq(>{O$n+ISa3vhhcZ$AWbW_^hRSIWCnL;LI1QFZ*BPSf3Go7TSCw_=6{h^jYpM zJUw@59;0USHs(#-G9RHLv64CFindUeV$Qi0u#oJ0h1#dmrNGCP6txslEKI1!vB#xv z*h>Y}KW3E!rV8ynvsw{27?asPk9QJA`O}EP41Ll&X18O~LV`X;vCAH36UwA)DIxQwcuz!0m(f0cAXN0nA5)7F}UYKWIeHnU;AQO0py z4WW(~MpPnSZn-tN=hjDUqD-?+V3}EDz$15h>|(Zs=1>rB``*CPlF;Ci)Wz`#mMeys zBCpH91Jbd-wPH3#8NiNkHwsWkJhw0SXIr$A-hDFeAtS%afc5%{yLsR{IgzGkFe7B1 zITdDdOLjB+CJjE-BDV%eSAcQat3>wAFmS3pvDT51*IDWj!10BR9EJx4LC@!2E8~lK zmsFbJtr<7^ch9w4dkLb4hcx@wzd;x=tB>Qx)%UKu{t=6*W^0LNO}Xd~El=5)xElI( zlS3S~@-Fo)!6&s=w|!C@_~5aF3A<|&dJj-5Go8lAQzYgfJooSV)wpe+RClz~6YY0v z8I$EbfXV(x@}QGa?@YhC(VhpilWyE{IvVqhJHfiFSF?w>g<)VerZKjee7(*e#8TgB zdZNQQaLRI54{DjgICw(gf`^5yCDR0=GTumel-TZD8}-K?}_^N01br52ZI29H#Dr z;)`z(+1uLRK?S*1BpskI`kYleo4aUSq#Ie)x%4!IXj$tK&22Nag)-493HjeP1BSvo>V+@&TEF&lJf1oLXt+x7_jX@GKt0A@6*;s%e-sP$O$d< z6~Cu=TJKf0TeMb0BRDJ0Xb8r~F>|IapRE0!`UaXKA1KEidR8U&nSG?RnuUOi%usx= zS2PrSmEy}8WVyJO;v%x|F2@}*YHte36cNuHQ^5t(1LYYy1Mff`?zgE;t@uK1G+ZC; zR#2r>e(dA_0Iyz2p!hTU7T)1?SlTPLk9zEG3m$~$@u16`YH50u@|hu&I;qAxiuA1q z&(y8fE0mHZPu=pk&%FgkH{9&3yck`KjEG|+9VT44Dszlf*sfg)QQqBYsWrXq0(fv4 z3J^K>t=m0f$Z281#~iNM!(g!X_MtltCNpb=ib?i(?WT!}h8@OuHRsx*!20#6u+#q4 zCDZMBR~c6Ks*JmvM|0?_ABTd|MzX$P8{d^VQkoExBx|HLP za#VVn^nVG*B$p&*jAeGPQ$a&KVWivI0=Ceh4xl%d!#F;_oq0x=qcPMcxQRej`8Q{r zd(mJzA>u^SX7VISUHBV^Kx<<`yobaZoxQE?>glLS#O^l(j(Su|JxG*Jg7-$WX=E_G z7cy-*m<$F#jd`x6s>5S;utyU#s&GwXEsY{}R+7JnboMskA!JOpK|HT-#jvk?PE-mEdtg>9(xc&HgnUrK~c`l&$D%{0@uWsT2`4g!b5Kom5Eq@0xx0t57L?8 z%_`Ty*K#eXX>47H-tCt`kbYlIlzT&(P1u)Gy?Zz=bzcx_HkM1dq=ln>=2h$%e|o&i z^TZbV!p3q|E?90j-JenTQgUWCDe3cHX?FJ)O0d1ZVV>2^+j#!~P1XM2r@Y=p+;i** z#D08Hs|y--(cE35#U$TrP)Sloc8_ZCABcKI{CcBF0hLpx#o#da6>(3gPE6+XT~0kJ zM2hC#W?5J#%BMN>u8RKRd2S(=1rM}gbJPl<#(mB%VX0~tvzcusSb@jPFbMXp*TViB zv9Q~%JU0tC`6DByeLt08(V_Lf!p#Z%T%nrY?#g9sznHsJW4S(^E7Y}_9@1l_NpTdO zTWt9U1M#e;1iFkL*}4?%Bu3-RhjJLkPJKSU)#JLQrS#fe+!qo9`;x)B6&|%wkk60X z#rl_oyh?2D+3z&Qa+{xwl6U}$-PZgWrFhY!)*}Yi_Zi)|jE_p_Q$W(a(Qm{4ADhGS zO?Mlr+$hfA-Er;Sur)0L`(M6}>(87sK1Uc7IW3JM`W-ZSOxi`bSsN|W8611oOrS*> zx=qrc&rY?=GMsK^$sxKzQxWbR`h#5bk=~^S&)MZQA=N8gDA)ayAamV=A8x{Se8|_(x$^1&kmG`YoWx3mE zKiStdx&6sN-A+GB?(Z$_QVVJARjuRN7q8xGQg$T5o(b+evPgfJ4tlL~`m9ZI7z9x$ z<2cP`NCK-BMXM=9xRy~w!bBs? z9B?U@6ErbNA{9pDbNp0TO>`+)Yf@XIJ=|ru?b5B@c#_&^*{qgm?l$9N^Uf-H7UPM+ z!7?S^nR3ji>-S^L6K`-vwl9X;2HjMigs!)-pbE>+SsOQt~@Z9V57kXk?8WCNQ}jYtCls zMi!-QadSFdUPAU3>6uj|J5|@NN9DzNCZVcdc!yFNKZUF(*ELsljS>J`Zg>Ra-n#JA zF6_*uQ=#>*!%x{eOVKqQKg7QrW*X+K%&88E8|_|s1B__O9S5a)QHjMP(POnw?cEYtZ0(mricj>o4o90G_eZ657rL&G zrak?qgtU+BD=8#xu@?DQ9(W?PP$!h+zqd3C4Hs1&AcIoB)n%7$u!%!QgPe!-9Xa-{ z7T#TB#U2SVi@jUIx@0#6Bef0(AoT$DAa?CrLYYfLnekVPrF&G-ygT8WdAvxdq|cqE zLDPZiYa$4|F=b_W{{RWx5>2l>W9*isWUQW`AHuZuX35;5-YmcIHPyAIxdrsz9<+^N zXI0wJrhmM6z^|UZH2&2e4m=0pT}!|o7lPNtULdw3^^p=3MCh^H;pof z!d+Y9ABOxVsc4$b?W~rU1YD<<`bkSpRIYL*iYk6 zigP5fn;jl-pS{lE!Q}p?sGe(|NqBomx9~o%dw->B;VigMEt?8J{vtiad6$VkBMnaL zP|9YIl-@) zd_mz2R?ozGRirkt#Q`}I&(N<>vW3qc!xs z-;ebF0EGS?xUkW*EfzgCW+mi!)V}O}Ka$NYU#$GbI*0lk3VGI`*D&?ljea!UY zysyJw81=m?;}(Nzx;%P@nKbdj*64>D4^mIH1u97U2jiZj|g{~&lC!Q}K z*|3_{;xH9lXPw>8fBwCGUF&`yn$~$Dkdq=Fer)I7lw=ClvC7E;ZDn#DlyWiDRlO5f zyVAA2H&wJ*gImn4n8!OiirzA~AF+Q4JY64%^h<4Bq>4F}hVS7gj;6gr?2npNbGz?x z-m;R^r0iEZQh1|B)pRSPB3ax-$m+dV;NX6B@xR2cg;(AU(#?jh9@^qH`CH4{%)LPR z;}z!BRyKr>nk9}DVBtiooT{+K+*jGY4A*7&sqkXwO22|H_((KK43<(lV{jkCp18oy zMQa%y0sA_B(jGkhnLaxFJovQ;2J26{jv1pwIJ$+L298D?<8JJG*ZKr$-YD?@0K|U^ zct7G_hbBwy16;6*^&~hpztsvo-kE zK5p!ec1Xl}9x{FF`GWBUm9$$-O%$t*>bdo*p(C1aLy!^1gfLYHIXrYUkL9sqs(1R= zamhW%L^uU9Nj=R*@ye{~Ku1x5#~AfBr#c{vMdd^iHr}A*p82GRnB20CLGRwPE*qLr zNbziJVMe*0QKu;jgI@_55)ff75>iO7`y}fM0`J*^4rB89llGJ5z0_a z2I1yJRB*wUBLs8Jf2WV^!SUz8zqHT5{{V+y9ef#f8%FU4oeZ+DwY)_lU&g_Z8$GGw}9{tH#!v-MU?Aw+PV6tT+d0!Tb&la8zAF zDE!9pPL;2CYgoB?{#%L2e=`XFM$@y6h?t`vzj92&5{{RHo{i*yl`&RzWmcA$O{-c85njs z2B4M=M@p9C%m^A6B{u&66m`W?Cg}6ui~j%yye<1k{2%y%@L$DYWzjX;LiTci3ADOV zm38+8RQ2c&t$&+W?OE_=SpA>=E_nCh{{V}0tE~@H({*X=CQ_J1bz}4TZDE24;DcC3 zHeh`1r_5QPcuLB=GGKN0uUGKLjGo$fAh@?^wmDTf>+ecbtV5q;+EMSd-5P5*pEeSM zkXx_eUQe%R>1wiCqHfyQQaT@{L>9IjWpmCniS=C~`s(K0nkl3I08~NRK^*dZI#=o! z!4HT};@=DD3#&83dkO`8$2*6pKZSY`WK>7eKW>0PHh^T$$j#8z#*RCzZy@gA;*rMdWr=fBiejBWR{v-GS6>3D9e_} z#%rnYw}Ped4~PtNPYu4EG9N6Ed0-C*>%|2lQ&+z5pTa*Ct*m|&y43Z70g_2$97uT> z&N}{e^9PFcZD++EBERt+?TOKCWt51b3(Al7y$uGu-Hks9>Q{PxsT4^puBvws$Aez~ z0C}!yzuCpE<`J`GXQmp1IbW&d`a)aY$#HKL!(Hu>j^cB{IsUYo(%Qvx0$^>x>CfRo zB@6939cJDFWt#}u3J(UT&*1m9mMifi`N%g9EcW-HS0&dZai>{ae)+GKKtAux2Vy^3 z>NNdM<5jU1*Ahy^@Y(A?&P!gkhfCDFiCt1<;Hf=0t}jx#vVS1={z4i z`n!t={J%SJ1Drm6Cg2DdIuZ1}qzt4K+{3YS}bfkf!5=yu{ky6V?X+5mkoy;-C23>mr%hpp~Tv^;) zX_CP$yP+FP4hW@TomP`)ZF31Xj=Ml7c6wJk;wICh(=Rnx%B_{N1d)L0oc8<;AUTaT zOIyabNQi}4j#r@-rL5Vlwh<9Ybl$9e2fYT6Miqvp*67VF5xxN!=kutfzSM+k8oY+f zcJsewhERFO zt#^NJv9N**NG;T?Qg2qq2?y4&HGxdprOI4R0qdV?y=i-Hkg9#0+cJz69nA)ZoA{pl z#I{QDt;PCTv#U3j{9`;5U6zBbw03c=+pMx}!Q41uj@7hV>TY#9Wcqcjyn-muZf)C? z4k;wmJOgFfN7KdAPuW_@IMf9&SqnM|Ejbo_rR&Qj=a7~4TU)o-YSIygbs z*B;dul`Y2Gc!*gE>+4yYLOo4ovviFiX^J*5aC#c$HOpIg!ZflnD(B|M8O13|$7L9w z9DG{8pHbKJ-3L((CZ8Brv{Hl#S)T-h?UDJ`r-u9wXW@J4WpMM{T&QVcKXN_>++g}( z*N=^!mPhrs(MyFMFFBrNFNY5uJmoavzFfTCcd_WQz?Kt*n$zv5Mvqpd^s2qbxJF2tt|84?nXeYyTs`~C2v zS@7?~xb)jyVA=SCLA|zSQ5aV&rAXtrIqzK&k7LPI}$yW8+eCAn^unB#uDA>`d~uS0tWQsgXw|Zrlkuz z9_AM?=Yo>zUigpUof6w$)8W%K8%=K9s$JR5A1Xn?!+#@R9hcJx=0M zw=lAGgaSAx*!tJoUOfGzbzg{DHjQn2J(62n+D8~zMg*h`Zf|-eQpavvLQc+I4-fch zQ;=OYB;x~t_wXGKCHZr3|7{sTffcoJ3V@J4zXvLy=404?u|B<^h|bB^&Pg}M7QpE;4F^3@Man({vuct=v0d6sfRZ+UL} zd=J5SSQ)jU70 zUR%i;eT7m-Rybw^ftB^@E6DtBZFi_z*lL<^{r#XmYAEJq=ln!^Wp;m9YCUX`Msa}#$@Q8ddDWKP**fGW)HZEl)0Xxn3LB~J}cnH_YQ(r7yL znntl{s6ZokhDDWBjDkVV4KBOm8)2^!2FbX!;i}gwiarDV31% zzrT6yV3|~_AG$gK593`CsO)|Z#koB?bz6e7dY?;tQ1IWw9RtKLd`7Ut~7Z z#Lhub>z(1h9=}@oyG7HqsjY8x>tD3RXEdeY1-BTZB%PV|&1)BP@~l)GPha>``!U^o zMezi7S{}7-(W43OqH;H+B<(l{8OIz7^sj}Mo*?)=<3AewB-K`FbTqk=eKzkuyL8Vg zyzq0{x?xQD>_t|zKGN{5*z+u8X##>cHTS2%`>4f@&8p5?SzROw4^fPNO6;c_9%8BQ zYJR2sGqr-l_AB`H9Fd42XtjA*k@vEvpVGexJbj~E>o8BH%_rKGtf9twV5uL{u2DXF z!y1<2Ox^zgdWZg-F8n>y^xJX$>FhR+HS89aKhT|;g~A9?EFSOvU6SZo`><5j+{9>%Z%tzqZZ{HH015l z-q)4ir@dr-fAOO4#(xfUgYgsLwux!1EtIJ)v!zEESubsKhiLKqYB|TTuT}6@jl4PI z?E_5l7l&`)y0y85X7cxsG7OGY*Q&5N2R@agpF{XsrWwwUwOX|7{{Rag#s2{9lG=5r z?ZNw5Sz4m1FN#{@0CAZkQcvT8Yr^BWMGDc8-|(*%yValW$AeL8gtEmi`Uj)`0H)$a zb2wzcQOA7MXj*Wkv6MVlJv4r+Nf)Dt#-J5FbJC=a)XH}%l50ab>}X9RY*-X|YtUo0 zab7Uf?k;q@$sxIkB7|;aX8E7#Ts2Xhj{wtdXSCIfEMLe94=0NB2__SOV++8pDZYnw z7?HpqdZuuv-n3&>ETKo#4)u}U17gZNIKVguucdK*D}}V(e%nxdPZ1~O?Vo?jgE=!( z!`I(zS9U;7NXO${L4Uj>Bgw5`#c@Ka?fHfW=~S=n)u)bluoI!nr(kaApj#qX&WD2OZX5(Xz(_)G_ zq(O3S6(lOHjBWt%Yp9Amx`YbZJm$KgE{v3{XicZweV$07l1L(MpIGkEKpO+(4%JFb<&;&$k|B8!K%llU?@(F7)^{L+V z9q|MgbFIC!)>6f}*CQnkEAT^0vAVX@FC@Htpu3xrxZDGg$F~*kV56!0we+Zs@;VOx z0P^)|{{U`JUzh52X`5?4Cv{%0PY--#d__whxXYZzLAJBDwBudl>1ikjgKCzta|zxM1dhGFgRjITIf=-=hkOoZQ z-czU`1IA5f-gs(6oX;C9CG9c!`hHS1emHN=nvMi|^W&}8Fd+jVVsN4L=+jyV=f z-NeYC^k1cTUH6W3@3hE74*OrOdwNwUh|BR#sp0Pwn-Lb56{OL(Uoev=v93zbLcX!o z*5YeqeJ##YVEd=Ip{7eaO=Cf_yR-(0PsYMOn0QrmO-`#1Q0RlONK6JkI*g z?*9N%S(Kk5LRf%0n(J(=V@Mu3pJp(=yif)-5NYz>O={7JG0=`HyMpFR8+3w51ZqBH z8T-P3Jg>zPt?m0{m5v5F*MZ5Q z+uL79_K8~FAtI|d8OOdT1JG>rTOB^y=I&iY-D8v(z;9~hCe-YmUHn(k-(9oOuVgK4c1o#3k&mq|Q&X_j{uuas$J%^$Ndnu(gUl|6 z4%j*5{RLy{9}lkdJ626TQf=Y@Myk2U#WCFRePdnL=bAk(2D#GS*@%$3{LXXGgW9&V z**@8)UR#|~OIwD8khVVab_epHRy>G!UtL{QUTHqr(Gvp%p6Bu6wjp4g1nJ%3m)Y4R07^4%hi0Sne z^M{G`F9h9qi&N33xVY2w&4paK`@^0+`2&go@aVi9VWi(&>N;GCVQ9+bP6H|Sr(0`M zXd+oHJhx`xs~|K1LR;&dXwPvHe)Y*_0AmN~Sf63F((M-F>gQyozj-4aqdwx2WGRig zv3uJ$nh0Zw{VUF`0bL`Q~khQZG!xe2Tznst$v z_oU^AdghbR(lhLD>B8p1b+EUYqgOk+e+%k5u7#&bHIrN1TFQTU6Al@Ntzg-& zIlm67`lh34d2?=&T)B4~VVxoh>9;7)8Hv zbw4QfuO7egE})Gaww?Zz>IqOs-U79ZNQzg`?Yt%8Zx!p-GgxYt)-gc%L@5{!2=~X* zxXp9Gw_Y374zp%W(#-y3u}0bQn?HH~08T3IZy4PAJHa{~#pa#%=mNgoyW>{LAos;{ zo;&bulC+w!)XFK*k6KqHU#Z{t-^5z4 zhcp23>Q|a$NEF7<3=`~sD&#yP@p|>6xL*_9kn52Y%rU$UhmTs8fh!)Rr~F-8>w9Yf zdofbMf;ZiNpseo|YV-J$%d%MU8>YkMf~WDtTxpbfz4wA`p}4n#dyv6^%DBnh+pSBh zUylmu&u}b-%ZBpSGJf&&6{jKto3z#7*GsvEYb67fU`89$n(3_P*=Q9BWQ<^YR&rW` zU5-0iz18HAQ4h(^ayk4fD@VJzDLB7@&f;*R0DkRAN$zS3y)~sr zni5P$IUR9W%+@lw(fEGadGy&LNuOxxgVg%skFnk?vquaPB+K&hzk5EFnMYA$q#?3d zub>FZ_?0!Ffw+T$eXCeYp_HU>(CahlGDAFSrraKw;2QP~H&Sh1 zM~XnkIg4j&AG!ynTSB_APg9obPl%{9qrc1v{*{ZTYEoP&5)jfc#^QKib5PZax-Uf5 zyV@tYS=+lFg1W6gPl_d5xi4+Jp~z4UdR9T~%q@GxGu)W$Y|8mD_Rex^nU>H^2cC-Z zI)cm_jQuH)aXO9M-eI@4a;^?f86vcFsczKmx?PGp=bx@CYn2ym4^fj(5owTJtdO!y zxeN#-W4E<(ch>&^X~aaa3(wMvgtr-aYicx&h)BE#l6qscagnszYb54mch7N9a{KJ~? zDoX6@gbw`q*EXa3Ceg00(Mw@CE%h}fovrA;9MkUZFIDe#P{w0!pf*6{fDc-j!tAz- z+CRcS8+=+Y_=8fs)w~(t$>JMjyG@&vo>3F49B1iYTKqWpZQ#!YOtwD^H2a;g;t91I zv;t{}IV>9-4z=r0rDKk)k@TLYd+_%|wi>phq}%wb#V`=)?D^RJIX&`gnV(A6d}}?X zwW?g&=vrJ)_Jy`nwB%B67#!u6& zU%k5U&%(~rW(Yr%zwE2cD*g^!n{r;!?E57)LZwc@QpZ1*)T{G>So(@@~&wPF-73kO8`RG*T zRy+n7G`&{p-R#z2plx0VC-5~(#CoQwq^$NaTA#bQT=AUt&0uToZ=vMcmG-5qpflae zZqb0DRsQY`cm4&_FBe({>e+4{TX0pF=NKnH%us0?v+Er{R|J7T6ziYFoQBUABSm*N|JGWSkpvS9vf=`KQ^ z-8%mO_3HP4C5^N{7I=dGT%9TrKah+XN!NE(U*}a6DbeZJy0o(EmR1G^MGEhL;PwD_>0J?l$y0NM_{ZS*JY%T6{)Mf{ z8i;_9o0k(ftX; zo(k4d^^z;ED}~7{8?XYtP_g)Z<9`@yFLshFDFc8ORQZ_+{vUp7B&^L~kEuKn;m;B2 z7gkzspC!$byBO{pb^?!ZI`Rd1kL?AfYI<$%q2RqsSC(~=!H#4&E#D*bsWyq?UL5eY zvi9qvO{w0PCYeFGMFEw4&-M4Oy*vf*Tfi`Cc5+K2Tx$@21h;jdRB^?2~_A~ ze$xIgx%f-tZwL5peFhy4}&A|Rnu!acBf%yav^B;NOuX;j(`w({{R~N*Z8mD`E{f!U38DCp5V z`X9ZTg~j%hGshGnJD86fvNnt6!?F8ogL4x*5R z((mMw*5oN)wAe8%8z?{Q;2cy_(nmCpk`@?>2aFTwdm4q2H)1uzdJgsIBL=&f0`6N` zin3-l&r$bj#zP~AEtPKg=~~7ljl9`wJ3$2Ae{$I1pKoepk>v|yh9nb%M<5sAkv8Ru z5(fjgt0^SloMrGjW2IHz%-S-!rDq&>R@2+u4>4r^7U`bf(!Zwv0QfhL_S=WRo;vYg z>`CLzdStfORka@q{h`Z41n9e-G;iU~17rP@>&|yNBesY3GiL;vlwpd6xQvvYNAR%g zTvorKrNhr>APW<6r~9V3riwlv`0e1^u&`_Pu_uvatrns&pE5I?H`H*>lN5iS|7)!?GNy>=iyJqjdR1#XM1I&PF{N@ zttTzg>luL)&mc2K)jc*ZNf4?~)8*5x^}oPoFsjpLP6OR;c9R|g>bS4uG=mtvHV zWt;CZ=RFSU`hMER z<5I)jBYCi9CsX`Fxhh1}BQHnO?R+D2bhw?&a>&!$hv#9*I3C$G{NVop!N4D}UYqe3 z!a7gwRp5;(N7Tm6E5s4S7Uf9>L^l$V_dwwZJaU!KcD4&2#x#jFjIu!X{{UpvZNGOi zCq!UKARoe@U1Dgi6`l6DIRhVlwv>9AxE}f74-je%V{&F_+7jR*H)SLI{&lUdNR4rB z2_8$hSL6-3>5tR%tXws@2S4K72TIdCJ#j2Lj7MHeow8eyc~4({gnl*jZ|tk$Nbme) z{tMN#v1_DDXk?1@TNslZ40>l3(E&~AsrN0#rPh;nmUs4&g~sK`;fJWLtt(N0&QXZk z8yug~wT!!*lV&fA^$ASyBxY4WHsc%`+3=O+wS+Fkfo=&0y=YG}J-Wi?+g{M*wwBN+ z!B9cL+g^>~IgPA#kXk5pg>VQTbb6W@sc%!cvDEczJxbWcdopnD>KGQ!J!_xwM}su` zts_+t+r*Ro^Z{|2l=L=<^ZuLRh&1gvudlA{t#4I;Xv<`={{Uy(ihblwe*`v>x`@l< znxbkQ7L(!Fd^(WNWo$h6JDtjpnEIbuXB_|@%dKn zgDg{DUQMdqh^5s(LMuXt3SHxyA43;?Jf|PD{+INO0(tJ@LhqU0& ztlHvRltm{i&ws=8uR_$}zSJEe-!vC0ess^?_BEtL(QY^*vKCS$y}S~mfhfleKgOTp z?K@AnzKZV7>KKuS?_(p5eJU9ezeCR_)gaU6dw4E4C~OeDjZu#B=4-j(XrT7T+~+(yZK^E#g1wC9*)XhKdyh(=T(wwyo2ylIkdK=qiV9G% znWeL=!0bL*>EL@iYlIT0&H>{& zpc5wXpZXp3ot%;Vm1T%byzt}KHDQ(uT@YW$>l7-4CJ!!XE-d6cHRG#oF~rl9mu}!P zer(q_sCc9MM^bC1NggJ1$?HL>)=zx{>B;svk~b@s4BhcwdfKDhTHI+jMOF!B48V@0 zXCKVa7dNb}KFSnZy0~0otm~HRtSz&Dq$H3Nj4=bJObSw!ij1stRd;ATaJNAbjAXGS zbgg4%Q#c)J@=NQe-XkPwk(?es8t(K4w6L`jPT?kE8AEhxy$xe-hMmh=hZkl+5ng?X ztgTzbOL|t_Ty0U4ipoz?jyK(`MF!!}_BG@8Qps%QBMI22913aJw-!%fsIwWNSKxNf zO6#;cR=o2W)m6tB&rw07Vs2g8%N4UAD8QUD=dE)3-HrB_r#7KzVv<~LNXf?I=}N^B z=^EYb{jx_qOB~n$g*h3l?-yyZ%#p^SQbM3-ADv|=*yuTp7T4?w_EM~XboM_=*6|I( z>7q7)&g_l2>rl>$QND(5rQ-`-8&8K&)o$RnwkHI;bDH^o;~&O{)+GMH@S6xN@rb4` zi6wmV^8O#Ka#fv`&vyrg=4m0eciOj$^zRSe_=dnmeQOwsFz5p)1oOw%yIWLw33A2T zc0QP|3m02kAL_q>90?qgAf*X^7O(Fm>m{P^q-}NH{l(TNlss{(W?lf#VVdpqi*^c% zxXO@o_*a(asrypGa~u!FpM^SqkABIi>GRuZI{bNChhfFS{W@p-E7d<`?~mRl{ggaq zq-r{jm^^EvLWTviE?3F_0BtjnfBN;?N=7v@bu`y==--duAGKePdi~#wHLFyPS)o|r zgSE0_?vLy5UnX35cSpOHIpl#-WCb|R93Hu?B_pE^ltzs;PCW@^(k=06 z0Q9d1_@CqLH^Lg7v^U9g;&;#Pmv%ANHOBWcuL#B6onM3eH{m~yT4nlpU&J=w+xGC8 zE$r?W_p^G09r{<7w3^3;bt{b%RWl{rCu7GT+HsT6AEje9XGawj&cZ9(IO2lh3Aafg z%M5TU-@Xv|GehyLdX@XmE_FL8VrZ?v&iwVr{J%O;jn7s%^<(W15quW#w}>>qpGR9O z*&qT~hX_ymJaPRi=9@p+gG-mhH+HG4Yg$c|tF%BIxsClp9@VLt)8clc+0?^ zIrueoX)lSaT3-oX-Lw{3rsJ{5KXuM94Rx0Cz+ywYDn>!iT2iHB)64TkT0GHyUvWcL zj!Ua({EU5~DFlm==t2IK-0B9`;+BaIitYS6CXcFEMwZ&TfDs*s0mr)v!bdci=r)F6~_*Z;+k8h|Wc0C$3i-1{{XG{IxTKHds~OU&UX`wnCptQ1S_r?x7 zU>=ooXO;W3Y#jHjnItpGJWLg2u$!wa;`W(jzO-Pdmoi?btlcuW9zSlo+h{P z&w`u49w2e4YS2XRId#VM1LZmI)9H%&?kx`c!2Te*veeBm#@ zTxA_vH1r=Fc%Q@GE{|E!bqnn-cLq46wr!FwbKG`0uT5QNU-7Q5{h6rhchPFkDBC+o ze8g?tNk0958tsI-A2W=?Ca#aZ^gSb7(sWQS>=;dA$!m7#c=HIzKZpjtvG_0I`*<}? zFvzRrx|mK+O~U|>&bpzo^08j=`y&^OJUgWR#$O#Yd37igRBa;Y!vnAlDUk>peR(|k zSK?*VcMAGr%MV)^Loqyt3OL8-RL))l$tvNqT*DhzNY<4;Uo{$OU+-;vhG|zq+V*`m zX%;vp{o?1=pWc{CH!jFfZCH;ecW={|P z(z>R(Z?61V*5QWS=+Z{1Y_MG&@xs5x&VVD6$2lKg%)L8W@js7#H+VzD8im@A9QcRF z7PnUy5W~XUJllW+)8)l=!dh7TuY+9-(>2U9$uD{mcxd+Irum!m=99mYR_}l7&qVPq zh2m&0qO!cTy_N}{%Jv@c%)B&izthmy=f1W39sFs~zBFn6GWbdHYfJE-!|AoCuJ5c_ zU+qv^ZVc%k1s^{$fOhp9)|D>yKg>)HE)*(Mja7KR^U(fme{bCtyc_=j1p)o1G)236 zu=g5m`H_Y)(%P$$_-4Lw7w{sWS7u}AE5)xCnf~Q?GhJ5UOtzv{{mnnZ34ViRzGENm z)1Q7bQbT)oe7&%P*!$NsBz~&}q0q~%SjTN{zForIWUG=g0I6WVh%&Xj$jsexdRIzj zH6v{Wmh)*cvyS!j-@+f+%TM^x;V%_xH(n@B68hdTsaK1 zKtWK${h{kzHK=wwu=vQy=xa$Ug17{*Jw;^9<*hqhV_^*I<3Jh znB;?84~(@dTifX(vfj`_04(Z3Esk+gXEP(hdY!DdcQ*cRB~g$7^{+>QaB=|Wp&pfR z+)yPXPx6MwILEDDj?iDi*6d0gaf6O)RBA&V+iCJF7m5{ev`Oz;5tWuh`@+lGnUvR3 z!rU}OLa-U9|CuO}anHP2EVjw-XVH}oG3{{X@-qS)A7U7PFOxj4to_4leD5j2af zBf*!RBf3$)%t+D^%Y5DboYxfK`W|guWMjFfUV{#iy{`BDkGf32sk9 z?a+7YUa8_g*%l8D&w1hR5ZujiZUKr}V>{O;kH@WLD9fqjRm~yI%8!P8S@6F1;TMg6 z;Rx1jq_>E#+BECMB*$|BIRs~%jEd-_Wri5a-NPv-8&{~utz_cX;Y$>!qBiu&-Zl

TUE62K9()?#uJNO!cd%*1Gly--ypc2$b{v4 zdJ|ryDwjFx#Ow5%m?d?Mqi>jUM{3E{tlUlhiU*UP{p+Pj<~;+#@y7Op%uteX#(UPC z$Bbss<$F78Xx`nqasA_(kS;#Eqw6|YySKETOuq9%ZD24xPJPews`~bYu0f}1I`)#$ z+(;(~>c<%auRn-1%8EVbMU5`37UuFe+3+&QsXgnQ_<`b2?8xmWg{|T!nA#8xz|9y%W~<^a82G2ew$a#HeWt^1^X0B^M`AvePx}IWXIYl>$c_h(CQ!dAUV0Dkr^;E> zKE0({EcTaENMo4{K3gBX{!S~#<*d&+o!4<|Xl^&~oXKOTq2vxSbD)YD3^{GwlY?pJM@dTQGhHox3mAGRWW3`AU zKJ~}k>ylc`RvDS%10{f?m5lWJFC6$^N${+KXdu<~tAJth*)kwfKK6ZU&20Qf<;>fN zL>U7Hw2W+0DSyIp)>@Jmn8_Gm-FQ*;ud6iA5ZYe&ZqHPwI*(&TeDMdawJw@+qopy zt=Vh8Xo@6I+yJK?>6=9yL@ z2a`*;P5ta>c8&+VNv+$ix8Ym3t|5Odqa^L>Iqh6EWPYFE{1f6_8h_4?qgwI5ihNh$ z4++VrCEdn}q(m&Orx1_=fsL%#=Ky|{&uO~sQ^c~w?0pV-HRV;Pf2p+Tt%cMWT|(h_ zU^qDIUUPEtB1nWP4DB_~?HE^u;?c?Yui`Joy$iupcxHbP>l&ZJ>7UB`HN-+l?HjHZ zL-Q(=+c>Wd@WW|V_mN#%&2edd7i&CovO6!KWgy_ys^`j8$|$R}w>=8^w8gM^KFrg| zNpRB0(lIBvW+d0We#1KVi98$eD@gHXgJbrqOB=L(Pfwn0g5V^8i4dL-8RCwc6pSrbE8Hy2q7%#c^*Y1V?bgXQv*u^EsS59}|eA@2T&4SBEC?4!hx`@dlYHX;LV7ZdZUt z4mtd*`S|^!JWZ;6F8!x|B52V>>7`q03pJoe8zhUVAXmm>lRSE{KSR7Z@zcWoBJkhC z?->m~-}_1B7EJcY0;w3oF#LHn^<}DF_{YTl8S#a!+KIIFVR*UbSXf{Y^gC;jM8Nv5 zPVqg~o{?ER!s}0dTL-se`qEx%d-Ux^MZ9y`ge`*}^ zleQvZ-`I-d{wZDE>6f-JM`U5t-9VRW;GpLPhhI<5y;@N|^D36e^QN}Ey@bhr&RNFZ z7ay3Yw2uaOTH5r@bz>QYuxH*k1{v#$^>F9Y#>WN!00kb>J{`s5@7aof1>b46wl^9D z&6UJaFx?&mWm%K2Cvf_MUo2ey%|8gdMPU9S@m`s6rs}r#?fdwoDhm3r{Cd}^8QAh= zS@K=2ZvOx=pANiXVeoUtc5h`J&b6eqvfBx5XS2R>mYgKA9%-}N40$Z zC7m>mzxI#tb+(1^3rN*;X^qB*eWgbwt7M(12pe19ujOAj>h^Z`1zu>DP7XouUQF7# z=p*fq+1ppX@ehO>L%fa@Z7(9<`_e*BQS|=+8u~rFHF4xK1H%k}D|%8)!m>P@#8xwD zS8&~!%t2cujw`tEpNNErckT068&7jj6He7%$7Gk67k25wCS|@ zVbWuUEkYTfLJ^yga!08dujshTsrEE63B|?rJva8xgIM^*;0+!~?JoZSx3t7*bhjvc z%V4-T+<7?*gPzs#ZkZkR=9y>qs8$=ag*?O^m;s;Gs&a2uevQF6n8K5$wneE7-b49d z$tdF;D=yyXmfGN#2L(Or6)PWiDcxB0uL)>3dX6qq-I^iJ2(P64IpOO_tzo;nw~8y2 zQbRXt(QT>umlEb{+Iu)Xk0kiTue>%<=|b>BY+rdHvAZ7i@L$9~6veB-Hk)Oc;Xp%% zAnrAkwJkXP2ZB;LoN?5=C+I<3B@ zf<#~x@;Up}qjfM+HjEr&7_7tD5l41oJ6<#R8moV(bLH;X+3iDi6Q!VC+rfKkv8gEh zFm*U(KBB#6!`~3~YltkgZyQ+Hc&|W$4<;s@0W5#+wlX_+{5=Iw!cb=msl{Ur{mi;l zW*atQQ4dufmBH&QwpTW%1t*=4mx1?3O(G#cgQkkW{f(k1!#92Vn~ip|sGPbbS) z3PHdgv>GcTptZJ+*=a z=BoIW6H<`LG=5~j?%kgCeCB^sOysWgZ699Jue>#{Y0=+lH!HQ&kD4R>tCfG z2dBF671oub=r%VxhN*DgTreQzo31O?q2_$XKQ6Rx&)r`Gcz@y7>~;Gyc$3Cov<2pk zWj*?}#-bfWrI~^9t>PS#-%j{EV!xLkiJuwue;(^Pma@iKw8yxY?9saIA|1zWeesIh z64H&4{LSDz@fr6J=6S_Syeg7~JMHfFT{N?LXykmg;s_G@<)jgvn~A|aDk}?U{DU6N zgmKcoa<5bSLKLm?9xPq6x%QwvsPQ(LuiJQa^^Fo|nivRsh>-l!C#UlLE0N!!q0Z?y zCgw391S^c3)xR2PI>(7T1L7S6Nz>BrQ+Ujl+d2ENeoW{amyr|DY8n|k|X zjCqii;T!AeUG&-L;p*9*VR0S2i;IO(x4tWj@n?qR)8V$(ZPg~SW(Br$w0nx~gV6VI z*t;|Lv;GN-;+yXie#_Q2I*z9Xq`F?QeWu$5;KOPd7}Sp6d8_!X{k6O?AHyHp!}g-l zv}M$_O&%W+$mZ>o$%4eQDI>TiABA&cBkm*k_rh4m3*yFWMw+scl%M^);V1XGT(jZ* zNhY$ha56#wM^3fXi|Z?&GR@=&+%6BTeEgCAfkta{&OBwI_}{~jzNnrI@eZe;ZY12< z+cfHf8To>OK=-awOz}mAtEY+W=0=VFUU)0)M^I}vj(U?vpk919L*NMfb!DmBJdxdt zd96bL+ejE-Kc#Z|e9~LGu_q+@)=zVh%I80(Li(?dHCy$#mdjbv?BOTqpP__6Sw-{S{@bqzN`@xG3j)U45h`TXF9Uc~kM{W-YEN6prH>5osg7Xxj< zLAxEQ#5YZS{;Zz3=~^Q<1EJGlWh=M9x*L~*v-#j5Jj+a%D% zc4P>p{{V>O06#J-_Zk@dZ>oGd@HU;TYZn)jS=d7@sq>taQZff8gI<*;d3c&oe6C9N zXXl6Q_26ws#GeoRE%AR#veTc%+6C&_>gQ=$t}NY$%yH?@UwZJLAN(x;0EJPncv|B} zzB;Fd{6%9O<&>>}QeC-pJ-T4kRDus?u8O*bkFAG9p5P)b2}FF8^~F?|LV_SJG6SAi z5zTq>-o;8bA~%kkt@!DHb5N__EOA=TaMDDrl^(xZ_An8<)c$t*PUi5#aKy0hdeV$n z$@BjJ?Z1hs1QE<*jm{Vz!o6!wu}Spk;>m0beQW7y^gqpKEesZd-Wkjd6RUfQVYNkl zjf{55?^~SmnVfDO-hU-#*mHr+d*^{JZEjL28VpPZ3if$wMuH4EJ}8vf0h zB!WOl$8SSgUL5gV$A|*T0v*30Aa|if9OibdYh`aV^IW3bqM8+BY{?A?rP72AIoVZF>j4n8bEfsf=8$-%e_LW-Lwvs(CAZW7gkr| z?Edu-h1=Zv8X7W`J05p`;~gf(;!6`8&Y)+3$Qi0yP23ud^wQe9lns)t)QYY_avRr{ z;_^e~fd+Gfjw_v>(bgNJ^T~Ye#yF(oVRAE`wTfFwRSrWj?cTTI(ygzgM7)Yd48chU z0B5~iW7N@TkIfI-W5PD);y#}wS8?Ci#F7o_KI>#)WE%PZ0K~cuy{g}7aM)T!XA7#r zWK;ogFfx5jS1@y)%kcjI;X`R!tWA4yX7k(S%&`2Wxa(aXjr4gg=4U;9 zrna99=q=T)<>z)e9QLjT>fX}j(h^4GJC6RwrsiCQhVhDcdP{pbAo7+^kVsdBHK#qb z?})>#+~FZ%g>)FetBh5I<6{cn;f2$bQadpTBx;oSj2id z@Eh@}aYAM`p{Kf#Q5Ji3gMwzKxJ3!&0V7cV%r6*uLB;Kyk z<(SYD^a7uMrfIEjBN@w*xh;Z~nH&$1c3y!8J7YL94X zDRwPiLp`iYt^fe_$6CVQ_J?0Jn+wqAu4^I_A%fayZv5C|M~obkj1yV6y1uJ#eI4bc z#I~|4XDDz-wQB@~Q@hl)4My%u+vy(a?b|HJsruI1K`4m~tTMn5G19D;5_qkhpL;6t zo;_<8`Z*Ama7Y>UthtQ&S(pRJ&GPc1vt?(A_Kx(V?l{Egw5S1eRYKBmFgw>#C5yy~ zF^)yS^}r&e)Z?`a8Rc^%GUYo1Sys*VaN=hXF#E&at}wZbw=?xm71?R<$dO7XVUxG% zUQd6n-)mPAXLNBK4WxChg-XO+xn%>Qou!!vP&?Mpv~v&&c9K4P_N66Zli5I!vI$0T zbI)<_S`u1Xv}#dC-cDtrpLp- z1-u=7_Gu&^Y1MBcDQ9H4Dd05KV{GOCLiqc`!HEHx#N95OZfZo zp7Baf*D#~o+Y{9iGnE)TWb^c|w}0UT@mx!5;!hWN!%p~h;Y$WSPlupgk-R~06fQ6^ z$N2ZI3A3d$H&pnO;y)ascuV0mqS|RA4=$v`md9eia(%0!@bAIzvT94MYbNhp*5_3d zD>*SS{{VA1rlN$;r7ZM40_RDSOVnXa26)l7I{n8u;Y#+elYTPzMeck9uIc_Ap4!lf z(1s+SW4M#~^ZC_Sl_QE@4ro3Khr)g;(QU@I*G4N#>uZGH1amRQeF)@Nr+BOOX!vd8 zYj>OChr*8n#kxUr0!d;XIoNZwft&;EY4VrO&eu=yy^n-6v!!?oNVf2{m$wT912DvK zfI|8YO0%o{O458WX>Vb1ZT+FHFv}uK`?&!1AN_jirvnK{`H$i^jqEM-eP6_%5tsfE zUkq$vfiR4O{{UwvHTY@!NdExAPBgy^*=qg<{hDoIx1J_3o9o2$eqbb{8S)BQjw9*z`#N>bvLG4^4&gJCXf;A@?0|Br) z*P$5OLz;CiLm3kW4tL|NA{e5QMr7VVz~`Z@DeiMhSI|MeR~?s}Vx?tvMM%};#xil% zu6r5Cys!|dC-DCOcO5G9Xq&>u-dNy~ip0+Pmj$-=I~cb(9Cfa@N6^}SL`7e(BY{&X zSm~yzhuAoBUP31X+ISI z0BxJ-G`|bl#pnM3!Y$^M5@Vm=6*+JBMRC@vZ5HRJP8L62;P{pB>%d+egW>n=&ERV< z0r+m-F#*3@AsAHy17lDZ_EObAmpemC$SY&CS(?zMtW{JwDdO6r}Pb zL1d9f_m8g>b0SXz*DPSUo;G$j*8%=eMsR8i{{RtRUD&~;Ud&P`2_95~kUgm>Yp5L6 z?ui}4+uzvP?Yj%LWIcaBN}I!)UxIuYucwQAT;eImsi>&G^d2IyCrRioyF~bQU1wP%nQg#}N z;*(t6KbTTqv)jq{xWRIG&TGH;een9*BIGKjxr1#BpO`1gegTmhobl(rz zMJBB(Y8se~1Z7W3(^flCR&1(~BmQh(i5GYg~2f6QBsCF}yyPRCVU`4q5T;N9-CPH}I z?^Tk@%TTwCtnYk_NpM7irrOa%xrCk1Jk}tCN7d58CZADBp8?|ph2yJw3hp#HM}?r0 zOQ@0*laL>wC%saQi7LrGuB&k^%vUg@V;}>7-qnFEta2oU7>SN^gPc{VSP1Pk>#a7) z?B`7N+Ca%_$ro>Q!Q+`cqPgVrntbfZ$(>b==8b)6JWr^k7tw%xvN{e%e@f(UEaZ|| zc6{i~!Nq4LTvO_EI){X&7?)s;$uGHHv$RV~?KW1D;^ii^1c15Z8jfPl;A=Nh#}qI> z?m@{6dVMQnSeC|pEG@H$ZhW!3Ey*>kNSi!wQL}qAUBl&KeqmTv_nMuwr6IVT;5=>5 zPsXX+p_-Ag6c-CPoBekIy-sU)Qr7OZOFMj81S91;W7>G*Bzo2|hf`SWdDgFK;>&$b z$@J?_wP{RqGBM>3sP(SfNV~d)wzadYqpEbrt#dfOhN>r_X>wXiCz%Di?;~;D>s?*U zaoonB#ub9#`Wm>d;U{elXxYKN<9OAbhSdl7ewCd%>Gse|4Zz!gK+ml+JDil3<``06 zl>r2TJJlO&nAT*Fax;_eDS@-B_>RtRv%_Nx+Qz5@Z*1iE#Z_7C)bCkioroK;k%L1S zR`yLeyh131Bn-D5YO5WBI~3jJKO+NyQ{-hbhNWuukSO!m#yQ;FVEt>Bywe@6#oEXS zEr3+=4Q(0pGbzDs9obl9xPcfhJj2&DtsL@1l108bF~&!5D(+z`YJMqrj`A3_2h!m~ zr(777XDBcmC;tGg)7rjm@#c=YKB0R&Pc6zUjlXCIaP_ZlFH@E~9A<}Ly4CfhkxaJm z7W?mzG4vJh9v<+M$Eu_&aQ7CfPni8OzQVONjJh7BX{5!VYT8`nHPmVghDRVMIQdBR zuKxgB)pSi;OVk$f$_eBM8FoT90y`7={b(&o7Cs)`{5x$5?(%uywUc(mRETqtj!$lJ zUV-q}LYq&z)LXt`Qd4WOT+zJ?klMMeff!)ch;rjZaj!hex-D>e6qNBMyX~EA5L< zhgx649|L%I`+r-qkHi-klgSZ*`^Lus{YRx#V`8~%kBNV2ZyD+<@drhc4>tDNJ9QyK zlCAQLk&ZL(S~_pRKZ#!vyc-9Od?{gZ9kK;!JfGg}Lc^1u2SZG8*&gen__?sIo6%TZij2A*MFxYZ>DQN9tP@Qg zpOv_w0ArrDLr>LpJE^Z143?<*-nsckJNk1~e&*44+|jYV)%2T9N(&47yGZ8+q$>#X z@2?w6 z^Tys^l@3=Vd-GnE@K4A7Gx(3F#@;d0-^2bKa;68CLeDA5%V6V)@u|YB!A^}DRLMo#mx#?dFG;bPf zz9oh$+t}yR(&;Aon*me%xc;^JA*exVXQbc4jGu6`yVNIpWz3Iek=GV z#6NAfO*clgj!VmHqm!IqW9o1?ug+f?cvdYU?n`!8m_|8bcqDeNerr1p$nkryi{^w) zq@CMO@YHq}!p7zc?aY$fy2=?&3t;DIuBc0+E13Of_%rbz{u3_+={Iu9m$$KI8JQnD zMh4&O`B%|;M~d%kbo-4u*}^QHeqMh%!mT9qWk+)!OUE}&aU&UJ-Of)+_~Z7G@KvjL z+fLQuPcKNmjT}WA96=xio=0QP>0WJE^1Tk)U5_ZW@Rh~!dpj}vh~g~1zzmwd@Mp&9 z@Soxyk9Bi?;?Cl4vt6~rA1s5=vW~u$bgFC0baI~4`$~8Q+Q#ZX8R<86w)#e@rT+kQ zq=b-i2tUKy^snk~{s?jVa7Ft{{>@N+&;BsKl3$D73jzyhu1+Sru?K28l73;2myhnP zchX75N%a2!G9QuqE4{65%!;Hkp8c!op9AYL>mD6cxjAI{PEKo*R~&nuC-Gmxeipi2 zV@>f!m1le4Eq>MXeQpV2-yE?>3IglUjJ6N4HU4{FxA*Lwul~pX0JLAke}dYoMIVPP z-0EH#xyv`&Y$kRnob#0Xr_iavBbt~?QY3zK>QETw1<<1o-u05o8_fi41Dw}%4k^Ti zU}i$f2w-^Uty_*IIawqloc$}L!cn;gne#HHAGgw@0K{?uE@(65Vn(G)9G%4Hn$WkA zml22Bf0ZMqnY|o~@~Jtl@8R#o9~t}-_?__U<9EYL`~4@zUKrG)zJg0&2cH;VT^rR( z32&iEhcyZbQy(4G(dt-b(!F8J}_yXbDTuMla`HQIxdYjzh7kIxJkGM?Wr zy?Z97rCi$l9MXvle zgHS=J=^=G33T9!Os2FErp5y_KpdVV`DIbl$@KK-H#t(^J7CQBgk7W1H9Frl0;Kg?y zatij(2OYy#^BXXp8E3b;f_rP&Bxq+x1#s$cMk}U+(#AD5DO|dyWN()PxT?|1v_@Cv z-OhWhcSY!V^#z?|VnBqMN#h3@s?pm7iPhDS_h%lTT4rOdR2F}_LYz`Y<^bUw#+g5j z1;LZCSfVV%$u=@L>r6(Jssaws21N$(m5b=ip}7H%wNDbn2}e!)jz~QSpy{U1+t2tS zC+(qg@B`x`{1n%9eNI0KYcsUAw)YNR2~mzEgb(33JBQ<6-FJm2gZnNWD@WB$?0!+b z(jA*|ng$!N8@@4*z|>SnLPw+M8vMHUoo##+A}KLkA?(25{{SOSid0Mg0PMwIE>%8t zyOF^e>0DJ}X=C|v{{Vx6{{Uf#F6PpIYF`KGQmv+`EP8*4%t@58y;MF$$?l>+rZzn? ztDa4NA(KZtStY&1Sak(T^xJ|)G5A(CGn7p)4BgMAyq{<%?1XLOoL9G6Pit@^hRBIV z)og*u&uZkW5)Wsy)9#0d&E>p<3Z-2;sQ31-6Y+9scFLvJIIdqfLAi)-4^Vm<^ys1{b{02)F#s6c za4T}^^(2jR^0M$i9c!%QlGMMa>h|kyc9vNWLVH$q{NHMMC6&rJ8-Bjxf==&3^4r5` z(ZI7vGRWA@>XXBsF4U&d?`<`!Xro1uyr%T`#(1FCF*?r&_{A>n8&8sO`$jX^)+fX* zCf~(3wwA2Agd#Dtc}_qF+AH`CcI%pB?v^wv$+ssM^sYl))Nbd~uC-;i z`z(@W&IU2~3aH3ujoE4++7PT)O}^x@D#O1#SE1@!M0YXirUz3nLFTDF5BbGfW(=u& zr`+k*uPkzIbvQWW3gcwg^+-I_o&HVTJw;HCw#Met%TJ3|vqm>kA>96${{TO&RG(M6 z*7YR5zmjRDWdnP1bJC^76&GWrv(ysK=`9t*?*sySSE$))7Z%z}+*w zn1fzx6H3L?a4Xz(tp+uoHCIB1p5uy3cotcrfx~%4x%yBCTR(wd)FD}HZxIogphxRk znsa!|!86-v*Sb<%Xzbw(@is!|*mSKGjg(IFU-H%jw}x$vC=I)J-8Ic$Uu){{+r&RjmuLiT=+84po;ET9UD7%;8hsy*FklX zFo@eo8-{vrPXmHg1`99H z{{WtADu(cp!7Zi5(5E?PMxkGbkjK7*S1dG+m6Nw!P7xFm%Ywz|f-0G>GZ zuOh0k{-{#-cV)BjLqieoyttA)A1E>n%fHc&@YgkW;-jlwY1US641RsmTZww$vA`y| zB*LwAW9<9Sh2A35{uB6@!eeq7XSrB1BPudmJ%%gtcJc-A$B1XrCXl78OcDk? zM<e zW|rW-`6N4>^(5Bkhhx+4Z>^s3%3B8;q*3!I&p4)VV(6rITC5s3hPB({qiR!X8Z^6J z2W9!d$3yR3eYUF(rD`CWMFSTgj zSl{UWBA-q8ZJ}OxyGVcZi+uc^Qy!xSrziQ>hmMM8=lP90Jr1W)U)y`e-X5~>XNRDh z!Ah*ko^#`B_S*fw8vNh=seTRkv*GMoKZ(8|>MwJzB+mw**)H48K7HPqHS@KoM(XFt zVhumpf5dIA{5kO-f$S`;t~Gr+;jZFoW#y3b{YT|rfBY%&pN;%K1%&rQ{UPGpBz&^$ zJx9HH)o3Wmqn1=H3_4FRaquR0HmebZ=gtsH?AZu6dZcx@d7a$G{t1 zK6{(}J42P@w?)jbxge-KALU-H@W;Y>mBZ=UwXM9RV7rVE1`4n_8SXk)&0=c1pCgW+ zL-kim@g2UUYBfE2`QY*`icN1RA#N9D(!Z5|J72cP!reNd|eiSV78Jp za!o31j1kUz09Mj29NER@e&ihHOo9DtiqUT^w5@Yd)1`nx zeFUCM9tLsi`PYYuM|~%$?cWe(U3cNPhqYU&1HPLhL`WI^(dYE}tLKeRMzR`vUdr2( z831*!o~tIA>{E`0?|^(!sCXw+)AfxiL-r(p^n@qE0vpMy(Hl^^dVw#jH)_0ML`k1D-v`EA#&VQSmHyQieKn7iZflGT_G9zL-6@DR6<8?iB~W<@s0DWe`wmOLOY*EuLfG&lBHW zcp}d?5=6Gk_Hg9=#vMPFYxPI=LiogdNASa3(XX^$v3Sbr?i&GiSA25EyeK&O;Nrh- z!B&%s?0pS4E?p1NFWS?>-XZv1;Vl;T#%D*9%F))^E1Naiv#4BPgU)_zeKB8)QCu0M znXQ$hiI}+0P#EX>*Qqvr{{V&+onLEJ>m9y&+_?)PNPNy~tMHe@;o=Qm+U%Bw-CVO{ zqk3kcBlMixFj#65s?V$RjS?*eAry*<032X-te+Wprq55(u4IYSA}#>VGfrurhpMx! zRn7Hh=Lg2kLtEB7O{ZGgYIFYpWlI2+f}CxBK3x7krFkWmf%aFD5F~BfvojXSt~t%# z$LaY-8Y+}uR%pM6Cbd6rwpQJ@7$>jNt!es`qFlxy4C4WT>V}kM-1@juRyI>jlIq57 zR4REW!59KKBp%;^u14olDCRKVDBur4R^{B;BF&ZDPaKGPPX?8A`raikK(Ll zGq#S0ORDM+>sk({q|IdvsXA=j33jAqB&STC{`DNlWtq%rgl24> zdF@#Du(?)fzI9Q!)XH59d5ijEeYZ}6_6LodB^fiy&N}{8)kw~AYh&my0{m{#yh-65AK_obuM67iPi*2VJM$h{ zW9+2h;~&sgm&6}~_8t|}^j%*~xYM4_=X1v#ZVN|_$MY51k1|!~7jEa5eV1MEexGY~7;8GBl=9wvWuiCR~x4)N5y+0*7!;`R`pLoNkKGVJ)O4 zdpujny)d<#sQgj*nc(Z4A6W2DjWy2-_>RhDxVO5sZ<$Ezka!~8_x{eqpLv$+}~iA2g=S>eMj;&jJF+)dpiqgViL0a>~dDRO&`RU zUK!Q&yX`tfg8B)TSeULtusIp6QO{C}l5l$-d;3cKV)19k3;T#Q)23SLo*r=aw${tH zWB&krll|-r_Um6c4;EVMR<_<%quFX`3d`=m*P$Iz{JCE(mKzy55A3$SN7)~<-^9z$ z3`-+jyoqTx-!lV+_pjFP4|u$5{u+*LK4|Xk)CD_EK*;M|l-7sTVX6DqDodwbBbi!9 zc$++SqrrNHpK;=?CrH+yS@e6$q_dZM;6=FOHQgN|dM+|iZ6Cb<01x!v3I5360K9qQ z%_hp#{1c~G$*Re17GsiELDwuX&TIIW@#n>V_*@?qelvVaz0+f`o5Xtk&Z@9uaE)YQ zLge*0t~_N%mnr<8^l!pTG~yh?i7LO|J4LTKJN^nO8QMkURxwP8XBpnOd$_8za{UkhmRTHV{o66r4$ zTg)MQ0yBf{UzI<$-@z&V7yL)F_@&`XWYhc?;z^v|*s5$xJKX%mM`b6lrs86!Cf&~` z(eG}iv`B=~t+)U(XM$^>x3@Bd1P;EH%T^XTX(oC90E@I;OF{7shl=!h+90_}KyFxL z(zkR~&^0|OT}MZ`x{mtjV)`7is}YVRi>^&NjI;WQr; zE$nLQ@v^Ziml@i6boMpVO&nFKbUtLTmiGSu#~Q4YO*B`wck40@=WYW620nmS^%L-G z#M(c^uYo=i@gARZ72Wl{xV4{X8=)XzD`USOt$K8ioyJy`mAW(MKaHLpy43t3jQ8fhD|~O_dHhS@FNZ!GpH-Q)9Rl>FznBJAJSfI{lg(90*!5^T zq-zag?pBSbZOj6xAawv@p}y53RAd{5atS@Ff===}X9Jv`?$*W!)UNJgg3$;C-GBhs zRi;FB3s^5=k}2(o*IP14a66T0+s<(j&ofHEY4=v zL*DGOsz|`(6W`vxf%rS5SjlqpPBA1-LaTId^NJ2?lCkQ#=8>aarNy1ylq!sHSPn&a zUy1Z7{0z?eGevQ1TYPMt7*j_is&p_fAs!-v8@)m`^B3kA7#aG0HRt-hz06mCXSdv_ zFi!`iXqs$FS2Z-PDhHl4xB=X-05IU!QR6QSLt&u3^crov@rDcLM;Xp)>=!)G!&X|) z+LBn+;E73M2*|}<)wH&oRk)Zi^B89;xCGLB7*A6sZ8Gw}eXZG-r&@yE`Q???MkJo~ zlZnpJzZJ{nZ?7)e1}Z|Z``PP(it(L24~B2#Rhix~^5y>kinUVGzMr)8Zx`OHfl4cgAn|M6tlVr+PH0OZ~>QM$4rDJ%TQI^)%exB)Un=t#E zByrF6rkI@1&u@tF!+CY8wT;B{s!6{tNg=xN?OrEqscQ4+?_sE3z}qDyHViW7Jv-7! z%`2OlP3Ea=BaB>6!r(scTkBnBg{f=PYVp{|b0qOU%E=++PhX=w2JUnY7E8Ucvc_HGk6`tH!J?qPo7gCej;wa>Hm|N9+DIiy_3;i%3PeCIP#g zjyV-qR1FJ$ujN@ys((0j543Q$2G-66!!Ot8rw30N$JHyWkl>Dxw3$t#bCE zo(;p-y<}V3nSeV=KeYlGB+UTZAu7EOwNRek38Mxnk)63J1vKmeMW-?4unFTd$NO-d z5fr>bf^*I)oSwjJv1@n^;=|WGVzMq-r;UdaspN6mpbl=|Qi==DDnRJ0cAh%dT_hSb zQLge@H+36`6?jkEUy?)t61T(b^lC2ik|q00WWhO(C8` zcXgxb`hCQ|YeO)}RA6&n2dsFedy9z;xF0ih71d4_+{SS@=SgRn$iTZ3nzsx{8JTiq z&py@C;i1acLwilS5YB=3g(n+;&2*E=_PdKnB51bcu16dC^{#q|)}LcuYd9i!W0D}Z z12`GMY<3l6PSJcpuWNRG8SsXMbK)Nn+z=Ml9(=s_Y-bh4DI|I{sh_WZv8VhJ&%&P( zto5IWpB(&kZ~ljHrr*Qy#!$%V$ysyrGL!QBqQ88;75HjhL&D49pMv^6iSS>;dVlVo zc))GK}m`PMEvjOl(HYu7iI)_Q-2JQ1hb_+~tb zu3?X9W*iVyrY{Jx@_Xkfl{{ z$F*q{)tpV-h$<^E0hf-Wy)|QwRRMq_Jp0wTScyu-go*bLE+SNWcB_%v?`CwAr`MrA z^^;^NGg>`5TWqF0*3L;zMQX#QdAmxd?@wRGqE5jYZJUv3;>P;eO6@$dI!3n84f4px zphO&!PAm0W_DlZ&f=>R?zqF&+c$ddQ{{Y~B!R{V+y^m$>hq{lSjsisG$O$DvA% zkLc^*kHYWS@AfJ1m9K-o1$;Y$#y%in#w3zSKfNTRWrjy?Ju^=6uZ+`Cxwh7P zXMcO*9YSKjX^;bwqxeDr)9~ZlHNfSm=)xxzqg>p0{s{)Hr4I*qatX{#m=Vll?8I>0 z2kB8+X!<3e_Jkh_E-tmHED2Yf4bK_xzZpH~jBZ)xx7xnHZLP; z{A)6Q2439iQ(k!UQMl0U$P?O#@=UASb}`qVr9_f5ze1;pe0!>{nQx%!8a9s|j3eZ_ z+qPEc_?sN@UPU&crO$ezX-(d|!1-||3m^WsT7u)`ZNcFf?{vGJZ{jDNVWzGbAhvRi zCrl~m5Av=rTlkhO?cme=BcxksI(&b-TZI^u1O4O1PvuD29!;t0g681}GU_)+=4qrm zh-23Wx8YD}+7!2%j4O3%cYGfpqA55uoQZO=^_PJ^XI(eMs4lgpNGv0d{yq5JAwS(1 z>s`l!ejY!8{9ZK8H%p!k9axCv+0G7lCb6~5d0w$#pa-a~0Tu!35;};ptkoKNGwaqUo!o>(2Jtleh~ea;iNIYLOh} znJqLV)PCEh%$L?P1(k{D`2w`BwA~{1%*UmuM^H}191H`VDDo4T;}`MWLwOX+Jjg*H z@y}Y<)%B~LM$$MYNDr0(QVM#&y}q`E(T+o&Ti91ib9-p0x3=#DmeMg9R#HdQ4o7NoMzMoMNUp8I znNmVKj2e7*cG{fMI>9V1r*25b{{VXDkjwBamTWwylgjnQbZe*r5&*QHyLCe{VSf72Z~=RFp}qJBys@s zpy-Tlc}BnDXf*xLHNu8QAm`GvYs(o_QvTh$|8MqPLEcFCr0J7!?sRcQ)F%%ejGoo*1^% zw>`zuuy2@%#&(|d&Ch10@+mB?P(WV<5%=nxk&Q@belPrF(66*@MmM#&^KLG!<6uV6j{#|sU6S5y&uEgB9%1LH`(r0OgqOT z1M;tC_&4@~B_i!^aVd|0Ey@Xw{*YmvU*V>w;$Ia!SM%80X!lG9GG(`J>R0ryvVJdE+k7O{ zbT0@^9CPXSk!B}H;YyDFhp!Zw9K8<#)qW(~CyOKS-Icw}_b|j7QWGdY*{?PDr{bLw z&r+~yG@FY{DF)-YcOi4eI3DEUqEXbYUWd@02#>+{+E$A!aamgG(JK~_=E0X7fC1^i z$Gv%P?GN!*$HqF|i8Y$V3>tbEUMvu*bN9jMPC@+WS5Cv_XO~@gdS4b=CDq~vwrKd0 zMLdjj73?3g-^7m+{2Q{am)imj^ZCVA1 zfc??K6gcZ%0r4M8{@2qiE+CV7T9R2Z1{bzJ6HAnFm5+z~UnZsEOI=e!g7K}teTG2W zh6kwk8LZET9tPDkEkgJEQv1y$j3HnGj@))M;MrJS@zR zlG{7wvD1z}8s;?{pBVVdRk!g}{u-Z1vzFBdmPo{m2QC25QYnqAojsq#%SoWK(yy)U z?JpNGEOEXAFylD&;<=v^Yc?=NZx*d1z3GtoTyTmr$^KLrN)}-?-Jgi`3$bx?5=1S^ z4=mx|9V)lNjWQ~z1_{Gm!&#GED8gj3gbOE z#yZ!TYX1Q6jSmVL?4)1q8UF59B{}}I8Yv!U4u>AQZ~d7v8KY+m7j`)v4;A%qfpm#( zbxR_a?GB$34?F@%TmUx@$0zZoorbC&fiTkB#X`j$N1-5bUtCyxE{+cewa%HVNpY#eZRaDheDfT19`&{Q zlNlcu+x$xLFNS<=pleq!Pcx;#hU5#6-K1diymZZd?WBBI()>*$CWB~@T{L8Gp76;4Ke z%;3HvX?k6%UfA84Ew8Q@r$My!$nRg1KOg)pZSel;9ah$6mEK}jICv#}4u2oYprry2 zfgcidt36@u{8w#qklcW6r&H4a93R%cxR2sbhI~=seNNL&z55oa9`IUWvkJNUr1dpS z9VT;{C+z{H+xR~B!TO>}Z5u3+N)c@XTd}ky~~#$sH+9EY%y5NgndY8?jzx@f*Rv@R?{Ax_nJA zyJR5@N9SHUSDjjw&WJrvj4ZrWs`wW2^G1xtcQA~@D7hcJgmlQSKGbgo-P5Zbxho>M zPox*mh$ zzYE-3>K+`{t)srTnidSdI))$-^~m-jwfq^a%cbfIY-ecWbMp-U06NBTX|z-k?_MJC z4SJN&dG8uAsKAV3(%D5@K zv~VSj_a2Ady(sK*&Lb9CO8`h^9r4Hlu9|!)G}ItvQ5S*eN*c zgG>t27CW0^W4pCW<(37b5&}E*;-Y2K+`nx)xDb}ZZR6C|)GOviCA66_vh5i)k=sq5 z(U<%i#rt*Y9|wLiU4F&i5Ij?4ejE6qWV-PB-JQQ+zECq9Y>U13Dr>4f}(a5`Pt`lo#_)o2Td+}%CaM!J8*KH;m ze~fe$dE;e$ziYSXQ$D!o@Z+U<@>-1}^TWqp2-Cb-qb`*hx45#^_Zw@5Kk@By4odqL z>G+ENQ2zjLuY*^A4E%d<<5Oq$9}iyLHHFG5?eb%Z=1?E zBaYQkV?`1qBXZ{;+}j^3h!Lek0Qu*!pzo_dO&HS;EBj504DGaS%w zOxM%AN3VECUC_L3;k)a*EptY=7jQHj7sfa~!~>Dvn*Q)V;GF*ewN>}+A^SRba_7SO zoO1Z*Nw!UEO2x-AI-lR!NWF>Y7|$m>W0fVL)|vY^;NKF(szYO~X;8wR5ZA2*%CfgM zmt7t!%E;m3@A5qR1Gb>S}(Y4X^) z7~KqvK376|IbAPXkIN# z=p8NXp%Jt`TdMuiG55Z`>T~e>!oD}r=briJXNZ-LXd?$C5t`+4QD(IEJj-49VQZuK zYg{@}8||Vm8V19h9x?dhy8i%zpA;^2J6lZ;UXEC`s1yvlb1DEZ2jyOd8mf{lu7}xH zOC8c%T}Lrha2VsL_O1D%X&OH*h7Sh2jyi?gYcjE&yK|B{boZ-LSWc+Bw@IA#pv?3i zh2A9a{-2u-LLm**Gi`8^D~Oh&S~4U&JzptILBdtbNclRS-SB&vmF+s--aYs@dT3p+Wd zwQEaTt8xk$-F{LJdStmC7pv%2R@b6yRwy^_!te*RRg(7YE+ml559%w+A7CYVX6JB+l$!J-Ls6S zseDDJ>-v4rZ93s*g`gw^=XhoR00L=6n!|I=^zRK#d1Er)F3Zrxm`HjbYT<5tKdNch zliG_-@N&XXdi`pmY>}UF;r&f5qLx@z0_Si$x~_lv)pGL2C@he`vO9tIy(;1sFl{_R zs98E&`L21&q0b)Pd)ztgxdM1xwpF#JSw?}mf$h= ztDYI3{u51V(@B>4%GU8geU5RxM{1_gv=JV$@Z(Fj*JZu3k;xYxa)8_^>5Ay>tZ%N} z);E?xf*TdjQJcls!e@A;ngJVa1cJV`#Q2LBHn%An6q6q)$2qPVk3;DAV>J4fV~56C z{?2ffzr!T|07IG3bX`{d-rC`8r*vq%iuDU$g?fd<1)e)nczu{3F!!$u7m18j zn?KX)oJ$Rp85h6}2Et8l*HO}AmeTS?nov_7Q*p@S+P-J_r|`1R!}^4lUI><7Dm#Ud z9nKjT9EJzjfnH*&rJ^y8a-{8Z?|lw`i@rDbM;Y*sinQqbUM#%3s~M1(?~zvwSJAk~ zHTaM53soA9xRzJYC-&vN`z-J)fYC^-LkxR!T@XEtCMh*z=pPKn=V^A=@riKAyb+DK z9qVf1_$*{IkCdv<4d{c<1q`V_J@JL zXPaM*9|rtujhYk`VVKDZw56GhZ<1o+q-@w5vTsPfYqxP)&2pN4no5#F5X5&C^{$KJ2l#Ug z5@_(9MPCp}D{^B~{6{CCHS)QX?0il?Tc1IAKg1gE#9s#Ac$51{i|OppmW1c!1pMEI zE69E$_(Q;dw1%Az!_9Vo^toeecyHs{OGtVL9q@27>t8cgsqy%#e)0Hy;I9CDWc`{x zJ!;xNh$Dj19UoA8Z!wATwJSpZ04YAdE-UpK_v3$o^ax?`Muu(m24vkOlZ>Qojz?aV zg1$A$hQd_?$}sN3p#2C)W@qd6NOwoI@4wf7Ih%a+ovp|;gdZW#Q_AwMhq zDxo9L!^X_^&x-I#;!h6gT79@M$p#y5P)WFZ4%(QxD860K!I}R6VK3Tm#5TH@#D53s9v$%|yI;#9 zvdOXLja=+-dy~f%?VcL=(XV)SPH%=E5`G?PR=*K+wOKAL@OPEytiGWC0EHO3PnO3W zY-2u>_SbqBW|we)|&A0K=Yv(y>&UmR)LWK*Bs zEQ^D@bjZ)JuZ_l0*F(a^R=MB@lm0aP zCD66+0C>Ai)_jdKQ#MVhX;%#Deqg8N1Rnh{?Osz&Gs%>h__Oeq`~DT5#F!wzns_v; z*o3jmoaSudmp;7L>eq#Q3!(V(>qi>iuMM@lkr|Qy0Ei5B_wD%7_Ken>H9Sx7a?ik; zKl~*=8`ZTt?Ky4&`Ik}cWPZCt4F3Q+_%GuRhOZ&#a;{7?qqF36>lKy<)p_$?Z@-42A@#6vea9{-Xgk&JJ?1*T#q?B zHVt?fx?N9u4(^VVPt`Q>1d+z;y*bRn1_ z*9m#%!mg*!wsqW&IaeOl<32BfT{8aHR57w!%H>$&g*~g;!&N+L(X%=|A}MBotVboj zU~A`}iGK*^({+L3D<(mtNQJIq#tJ{JV~I)K9avh2&OS2JG?)s>xo&WPh66i&jd2=% z>Cwka}+PuiLWNuVobXN8V+)PiVE+`wzz7v^R`@ zXzvPHX?`%BZ<^8*5+>2K9_KjZ@HzIcm$g3%TxizqaV$w39R?5H`d6hWr>Xb6J%^40 zo2N@=?sFDT1k;EdrdajOeIMW%MU1xb&uCWPX&Z;FVxY~qhZO75bdlG1r(T7l5Twqy z2PAf{fc`Q3Vb-lKC-Cl>4Y7}Q8fO_lLHSm4mviQ_?7w7ql6a2uRCwgOY_hI0M=M^b zpy*I*=FZM5>w8O?RN`5FRNd%Jb4^{JqUE@LSfoJKl2}hYjNpBu2PoWwf)A~6zB5fk zCFTB$1+(ftURFF|WFU8?7#~9$C8_tvf&T#DpZ@?8bx(p`6ZoU8c>BS2;{M5QZZznQ zN|ykt`GoS^^U}Ui@%QX|@n^%cG16}|%bh{v4{dKGfuo<(=Ld??R9%mlz;R6sMQW5{ zns9d4t-7!29~*efQSpz%ZxUJfL*hS&^-l)taxa-5n7_KZQOEAw@ZW`Xx<`m1yGZ0& zU4T56;8!h5O!`U~q}`8N(XFmEWmvShT&*iR!)bi+*!*A zx{cLTfXaA3jbhU}V(6Zgl9;1V9Acd*1WoXZg?*BEe7t^Z97`E zl-u0f&NjSH=trl$BbK2;!s>l4>Occ0Br@ZvuB7UIXh~55oMVpk8K!SrY6Peth{^mZ zw|5i8aSldv!Ox{>PFkDCUCr$_dsw7dytvi^yYMc`}spc|j&1yq?1%<7&mw#x5?Gx1GisvHnJ&Kd|X-lVe1A$rc zSoEn>=G3hn?8TnwKJZB+y>u3SCKnd(W))IGMoAT{4)`Of({2>TQ5a|3bgs(7oR>~L zJ!`0QeGQMXXJILr&j1?mUlZzIX7LTgP(uv1o3@2v$m~r_rDKhmK0)1`VX zmHVnSxojyN>n6b?7UEf@oS{2cJPgwkc2spZ2R&;!OQE>$v_<8+0wcnonDi&oxLZ55 zmRo?~ce4?i$PTs%8KGF*ZrVOmj%y-lBzeoq&$rXCu8Mt#mW-h>YxaIB)bDRJ z>#JL7Ba%C02kqd3K$ksmafp*Y+}ZaJ@04z#iO zzZ~FwmMK9p{XfIcsCb4{R#6NmVj<&uFdSFkz7PKZf?xPX z!^VCA@u!HqWvgmaY1))puA`%}{{W)O$@45~!>GHB=3=OQevjN`RsW2E$pX)Ibe*;sl10LC-LRn~MpJ6f>0vMMdS)hoU}3X|V8 zQS3v3=wAW8D)_hH?xmvWUM16{*1Rl=_SZ7Ow3#Aq0b%?^asD;teks*_CwuV&#WMId z*x2}bd($K_l`2(_-WdAUv1cA4iQ)eM6TBy{cyGm@@RWFJPqpbc%!SccCKdyb-qrdg z`wDzv);thyv|}W*XxgRV7goi$CQksM?fo-daBT1^P<+i;{)fCZ`ylB502aOkc-P1N zFV&~;%tpfC>Fym>PShvNkg(x%f%qE!OZ;18wwm;s9j(gW8%u^(oDuuXF~J{|bYdyE zq~BBH_%n?onPah-C`R8_lw*GPTK&y6=eg6xd>ss7Fp-X@0U1A4d5AJdxR{{UjIiT8IJSBrcDtqE>n)7@@t8#!+& z@%M@RYw0rDZQTAA`eEZ!#9;9M0LvLm?`eLA=?08oyM!|+>GIau(ytLj!DJTM`@^8G zaw^C11f|uTW`m_$gcH2G<>`akr12_RHKM^Vj54<6Z+hM@LkTk*z}_3WzSN#qyKAN7 zgk=CI_Q$n*s@X1x(9Ho5XP=jjX`GcLXKI?{)1$(!OozR3dcF2kL2(I@8F--Ns9{Lg zHui;~xAUPkm}F@Q~CEITe5Q5k-7pK2uCh&qi){6DPd z>u%!RFEOz42Fwoi^Zm`T+dQ`D;FM#6JJXHKrRHhrl1QpIu;1zH?_K7bWHkgQC0%(r zt233liT?lyy_(9>v~Aqvo`$ov9VDWL3VuV|(t{~J!>x4HXc}UhLBJ;;%Dp#6wrK5C zLn7lDAoiry$z@y5?P#x{NTs(CxgRchZ}Y`ZsV%;%YbA{GyeA*PdCdwb8S^ujyq4!p zvrBY&Bq+N^{&#(Ahqr3$p61*V?v6)VjUew!S=5)@qm!SbWtP_0r!V-Ob>xPM{6vaj;{8agIpuZ#GxPrBei_#u3gV- zdgWJZ2Ef4URH9s2v!eK@+sy&gWH7|7+~8uqgwyrE3f^C7D`Tu#S!y#CB+PawBOkbJqj71k_abOjiPjJgb~;4-m-A) z9Ni9jcy#NJ?HHksH-w{p?Y(`y>%k|}q0;Vd0cKd4_hFCS=cm$$$GHugx<0yWuAj|Z zTLs~<&2{=`i6EBspp_*tZ7vTuHKCNAqjh~w##ENwBuLvC#xu?fXzunDo>XFtRPv`C>y_5+b@^mVsa7xS?Zs4#cW+b_Pb?9-o3CrJJYc&wQZ;^)NUmW9y6WCy;##`iQUvryVLcg z1{a7gOfs?}2IO!%Q*C63pmYQ_Fn+WMz5T0g3=(e#%>ycN-#tH_Nu%Gvb9hXV7GLW? z8ybPPWNgA&#{g%ob9-ZUWQ7Dk3=xU|&X&d>I7sLn$4)C=^XzfjEV7pp0niQwX#@sU zw}=wm8f3llf@GD?-mX7X_>w2M`vk$_mt!z| zc@_(?w|O)uIL_K=T9@o$aL{3-ZHG$!b3x5={R;j@KA zL&yv=b6?U|?9KZvdAIhbS*`1Oy}p~`9eU-ApJt6mlN+B!#xvU={c4JF@dM&#h%e{5 zM(`$wZzqzL@ms8GA`XnW80XiT)#u+CRLt8gLNPs3lV^E z_}8L%PgQ$;D(Vj$=-QMXCTBoxq{9f`oaFV#PfxhArHNGg~N( zpL39Fh`;e;Y5IJ2_Ig&8;%m5^C!2E^Bn~p!`ee`ti2Om(Y&HAHb?+4Fvaf{Uixb%S zn28Q~aoBN@&lSaZH^ROJu<(AfZ{aJ6JT|k;*A~T`7-dXkekYG=$B~*wNgU6LK0aFb zQ9L{0>o0@Wy5_ks`#sj76adC!BWZF#>yOU97GH|Lv#;!j<6jwgui|%$>@@EZ>aqU- zXhEXJLG$7M>kMG?+uFNm(34`7RFBBd+Qa?|sqrJ@#m24SFNQXf_#@%mQx%0GI}GXS zeKI=={KLKRFqtPvB%kdC$&sXT%N8E4GHBqDHy*&d7b0IEAY$0Z74={2<@*@^ z(qFXSiL^U^g}w&VH2(ky%W)icy56Y^M{fi_#K?b(k4|fvwL`Xyd!N$3?A`wW1ls+M z{{UmClgAz?j!%t$9bk-1uPO7|+Cls=#geEq#!gStzPa(|iuKQl9tOC()V28h3#CJV z+B7ZXyQX;Q?bn>wn^IRjDC&6+hHw0FFNO|{;4L;iBS)1PKHYS7g&w&)pI%7M<652< z)FSwC3_8ZA1b!v)mANezqIxeq0%ND+Sy{?_A)Ab!`n?ljH7I|EAA_2mlIOsZaP0gIrk<$4dAJVkgH2oV-j!T%N zB`zGC?8Y|wd)JqE+r)GEX=kWi#FBy%HFo8_fULRh$?9eJZ@?ZY_=D#y=BEdPG#H5A zb156bj^pe2)`qv@KZCyuXN9~gq1kJGFO5ucYBI5Oo%@`9f0byFwe>zy@rT6iW5pL& zA*7OP?Cvp##9;OV@~=LROxEuZt?cs#lam-Z3Vo?cJq?ds@CSfrzn zze9c!{4&vOY+BYmKHC0FV9O$wBR-XkV|@%NO!^l~@OG1;UBL`+nBzEb0nS>w?Po=? z`y1T-kzQakfPi3r710PBa-GjTv(>f{0FV6{U*%KR-l^(V2T+jxn%qapCnKn>IS~gl zbEm!9HKeQ5;1GINjhDmSJM8Imtj3Ov$73)CpDG$7zO}j0C$@^l+Bxi1@W(%KeT7ri zHI%oFdYYkos9Wjw)2+(@gYOpO6`YvPO5X0? zOQD(21C|Z#T~3>Rx@GLHi52Wm8C<&O8SXs@r5SVsn$@Q=-8ry=A-wZ}j%znw_<5^p z8fxEKUPB$i0O2?N;(HO^uGiEC=r)(SbHXkM&YyX9=bH3M0!wZ#Jf#T7B;y#Vl`uJL z$(1giJ9z}z8~{32o{4qjw97a}a=9CYWFtdW))B2*!g;f7<0V1JuQs@b+SO#1(jDvm z$g0&0t)*)4+eLD9dlY43@^i*L>&o@rO6nP|-pvD{W3d6~D`Mkrr_WZ=+v^@9x?dCM z^IIr#BAm&M!_`RXUbUt8iq_WQG@C;#w!uJ+naLy%T;_&fG3a&|I+XH=EmdPuayOHL zJq36Aef%~yNo}nJw_yJOH1Xt|9AF>w-mo%k>SMlu!yTQx%{wz;OA6_%boUb|x{*Th zoYr!dqGv;^MIN7PF8Em^k#dH-y742P7j?o&c_ST7M>8cyTaZ~SGe(x#c;sQ%-`=Iv zEnu=QZzN#J{pJ;P&0{McBz#uzC-#cTdt?2f8*cfwx!6W~uS`{63tQ*|PFrnK@_SuQ z1Rw<;ES}!gZYN5q+;xwMMxA>!4ZK9eDsMb~74$!YwL8VqZe@}SX`q|;d65Cg^%V{X z%BH)AlpviYXOHi0BfU?mL>3iT{$!JeD%ilLp<|ns9X5&J%R8MiVAr9J#*m30sOyU4 zpz!^*noANwk}3isAKf)GiHzE@{Ox$3P}O`x;%h5Amq(3JVRGb_UV0Bo=zMt|n`x-{ zUrg}&$#jryTc^)2Asts8hH+m_6{*eC`WwNX51+)w#NAltXtuUM>D!w6Tf!d;Ep7Zo z9j>5l?9y@b%ExCwPbRfW+5?gE55+%)EZX$5UtWEsM6Knyf0c50#y_2K*S`xawYU=2 zeMK!^-a#rzWC$3qZ1<;gH!Tc*3~RdQgLT1or(a8I@J)wS8(}Rxxst{)b-tC$I@yVbd7zl#RQ+|_fLeA866FJH;+CbYH;c= zqH7)(7BQ@w+4hnF=t7h4+JmAh>|HZeu>Q;%?Ums2N6Ood!VWz@&r0b282EO>;^vjE zq?d-?;wczyBL$UCOAl@-Td7is>>9U&ZggJ^ShcP4yfC-#mO^vo^ve6@zJAv=<pS^4<|oL zQC1vceOK^4>s!(VsO_I4g_pRZ}Zx`TU+q%rGCYH_M0oU zaB=~l%1-279@4MvtQOMmY)kkmvde`A5ZCcDxG>G8TAH7Gc=XYM^NRK9=#C)!I1)&fpHgkbQ-H zdEw6y-{{u5ltMU>CkiE2KpTUcXSD=4Gsg8#8`$XI5a+$Ow!51C^a#o3R*kx;~Gq_@GN=Yjg`nSYRsS?;pg92$DWj@ivv>jZ;~_OKo^hrbRYkia9o;DLxsHWv18k22bKlV;Wj zkbCo9AMu||(FUvFTW<#EAviy$Boo_|1VnfU48ttV5{yaTOiv$fWv6|uFx zR6weP4mTeB)iq-;Xnbq0cz$EQ_iN^ZumZSh^J|+&Ngg&B$4)D1Y-)YUvUKP@Ag~OZZmt@Q8!1exOx_K^z?GI??V5BOub*(#F zc_NW604x-Zz#d4h3h*?IL*Y-_SHP0#o;kSjmY*bxp(e1D*7wo}~NiEhzuikzg0(+)o`*1oX)p}Z5NYaU<3PYr~) z)9(+Le>6#f6rELoKf{{48hbx~BVjCl+UK&r8CUVZ^ zZ`s{BLzu_rDhq{;vaFz-@N2d+?qPo93eL7d*-lvnp2l@OC~`fX%v*fIbNc)W0{NLjw}5xf8d=zwkL)^Z6DcZ;eW=x7408fn%OkZ z5ZcDsHkYvtjlFuP%JI9Mte&+KT3FsP=zW>5B-8ouGKd0*a{J!|9{>404bsL}CwFB}H+sKhDl5ER!xOEjsEUN7u3pY4oF`5k{ zBGgF#04g~7yVa6*W;8!29cVU$tXQ^ea<0Jt080H<{{VtZ{?@v;?92N>X&xEAy0HHM zgeO_N6WI%iyZ|6U-@d1{yXeS=Bju5DxIVu0TcO)dS3kV}003+L8M^+=mrc}6UJmhU zeY;JLLaH?T;ezolI2`Av9G*@q>3eJYg|<|cLHj@M=NROUnXX!qHnq{0G&W-4^z~37 znS9%G(+%xkfuHbQkJ#eJf7&NQ(rk~4d^rizd_kD@%l2kCir_HkF}WNbHo52J zt~RV^B!3XM8g=%Sd#LDo^aj^lvOZMApTEXK40?=yb;vE`@LtC42@$Ju2T|`uNQtBA zUxgkjTN#Wu0WOp&!ZE?Gr@Skz>a)RhV{K;=MJsX`41ww^&#g|*=Csj2#9a(qct2Fv zom|Ums$>xYaECc8KLPpI!}>>!Ei61qr1+afk_j#>?n4!El$A$S`c~LD>vMl*ewKJ2 z#(Gx2Wodt>Pj7K)G-6TZAC*buui$bk*Q{j?pOYYtE7wZLB}!*sqFY(k3F9alFA-c%Wb#35?5E|(BL|L0;a;bqc=K0_O|{bQq!U}h z#De`-KK}rKtAtIXvB&tr`@|aE(YUpiBFeZ_3&F=iarFIZ)>^gwrIep*hBlZdR><0G zQJ$sYEn88uwOOFLl@?G$i<5#qD<4&r;JSGTB^Vz4Ii%y z6(fTZv1tIPg4Do|O}3KdS+13%h@X&SCl#A<3@fNQM8Tu#IjsQQ)9xX4m`53qrwx(7 z;;mRr&gwS4IXyVVXM2|gsnj*St<)(V!mLI~$6D9Xui>y}Mv1(hkDh{(fwhRdOX3Z> zW!mU!CA|PT?%)IITQK;m#8X*l_Yq9KTp*SkI(ufTklHb^jcwx<)b;0v`IJiXV32y| zx=$JScT}*vw!F5HA5Qx)l11CkIKj{7P|>Qf!%M8#&k?jlg=NM7>N8fX^tfhtVv;ss zakv3gr(yFWsZWMFZNsJXrC^mtLNLb}sILIfQh4M*V$aKg$K_Aj3Cj8-m(ninS6BYh z@PLO-u0A`M>Q1bX><%qk0|Oh&1-5mm)f1MSO-9OJngAAj>dkGrAd9J%{Ht~ zmoO!Hk*|g)^co_D>J%&2f1$-ys3;75fjZ zdSsGmx(hL`elXM;hl-c%I7`$XB1$!)cq?7o~y^P z^G%P4{yKaQ)om^gpEiYeY<|ywrQbumZ9RD$jyu=q{{Y54220Nxc!%O%mlReq-(H*R zh><=)xSiOqevLcmevOxA5t8SN(E4ZLjkF#n_;aFa)|SzOapnOoavN#EV#f4^PUzCorF5=P{Zq9;NWBQ=h?}8`ds}lGYSSt>lNak+yzs z%O8zF;jaT)>6&bwC-APQA$z%uinB2yB2Gaa@y&eP^>#i>7cEae{{VuA`~~qBi~bn+ zH&L?I9&d;rWfx_wQcY72e8c=@u9qU5vUiN!eSU|&aPipq?H9MZH zDx{BL@F&6F6L|Yp(CqB&n%6+RGAn9QukIpcUD)>|1B(2A{{Vu(YJU&>FKMIrd%?>U zhmG_S_FAOYfp*=D4od@`c|72Z*4#k{9WMvLdm4m z7k8NUZyzTos{a7>$EA7C?FZtSymj&N$H!VFrH+-TwvqNEc8?-y5%&$`dz1JI+N<{( zIi*tipJsW!2l&5Z@b6sy&9c#cAlX1*)uWCut2P${=HnwdKc{NjywJWAYMQp47mPd) zVQj)>ihGN26tWxuam{>gHR^EIM=|jm;U|N>9(ao8Jp~@t#(lC|OBBqk(UFjH2<={D zd*Q)zbz-pJ>pI1j@83Z848le326Ah{oYl@7bUr=(p#BtS%|4`_3bK<(vy}w)iz{t90t$KMbhY^eGzI%Q?$!Bonue%Wys#bxo_lFDq?_%2NdS<*V?MR=PwhjdS>5W8L8n_srCUn`Q!kQos@qhYeNK4# z)>4JfLX=OAbWK+K!CIZA&A9taqFl?Kj)#Mq^*m6FxNAcf>Wz)2q$Yt{*K1|l8>0Wl{xrLF!>Sdu>9dgiv z^C|C6)BIm8%wO4>bn^!UD}Z@i*Vbh8^;SNM4OYi#q|B@0y9wKErNogNStjU05rd!1 z*Gu7zQ2mPk07ATfGUnRh$Ru<^cpsKOD*aChR$QqcxNyE1OAMxubnp*|<mP$Ts4wa;=k>u2ql(jx^_=WL-^!tMiin%N?>N8&{YnHwu z@s6ao7FO}yT(jh;IIb#>qCG4f6PVX-HD3gnKjA3RHEk*ve=R3y7{0f}p96m1aR=MKehQ2t0IDA>*>(;Qnj4;fEeb*k$06&dqQh}}-rL;%ZKL;n)W3`Xs zHiRGTIz9YG^4v+5^747dO!1$}zV-dId?(<~jK2hY7xBZv)^@gDGSgjibsS+{NHBNB zAstsB5uS(ZTrz^#_h{F5Nc{HDwFhbJwFsQs-Jk_r9AhG>`1aDmT@L$HhB&SD1V%E- zfD8frSn2Cr(nqmMOxW;ekNi>an?&$W#Xkz%pAqQL&Kpv+DV?B?m}jvg{P9oyqCO#b zC*vNs;g5=*4AXA3pAbE%x76)j0Ny&GBz0hO&!uARVaXm*rGKSEE8R>|Vbed#u0pa! zHs$NnrC}yxYa7vCo#?X(C!WTOv7}2 zKpl9`PQ9sabs28%ME5N6J9RnfS}K>&!dOVBb0=T6H##NpfT^2|CnI%tf3nAdyaDkG z#`?d*Pl#8S8Wg&fp*mIKxIiWx6v^PXd{(epnOCpusmf_xqp$db`!0M%_+jFGOGCH2 zxABgX6A=sBrY2PCH;#nk8LyPQM|W|d-QCR^N|He3WQoBTZ$s%<%VVPhn$oXLRD<00 z9}nH!-&ope2&uAU4TY}e(^Q_)Xcp;&N#A#Rcj$Ca5T3`OUHF#5*Gd!G$!~XZ82;sX z;{%-jb@M&slWG_9T}=x{JkOO|s)}sp_Ln-_DC3EbId7**>Ctl%HtujTJt|FMFp*0x z=*DqKu_NI~CF?mYPM&0Q{v^8=(F+7bh>|{R^{N^Lj1n0hTsdAx91~DaIy*??P0N)9 zGtad)OGH<0123o4_l3A(e5nT z8_h;LxTKCBG$TLFf--pSYtyAA)cpSdli1!Y{>d@SnrinwF&xgZxJJ zFtz=dvUx9NmjidsMj3O@-UA)0!2UP?0KsPd9j}J9eLwbn@cyZ;c#YyQ!>a0Nv0K@> z<9C;mT#le;73j{YQPH30#C!jkVU0uk;w1l3V_V%wcmfa+BS$95jUptAF+5VelSydb+9vDnK zd0_;ilI*lA%>j$${n=C48qI^@euME7Skkn;R`v8LT1|<42>Ijd*VeG7PgAO;G<{_! z>{H_JgFgwN_|@MHlH^!P~+uN-u+pJeAx%q-^C*~OYtOh{f^cC~{@9h#?6I=F!1Mx0D<*vUcXXYSK`$i@){$f981jTtcbM%@(;^TJ`f@Oy$=~S?Amp zRWsBI*0$0-z0AqERA-Z3bfwVs;T3D6jUFe1N%78>m--`W`VI-3x`Xa3I`Lti_VP<; z1QyKYqFjB|C#6S`WN^p!TuN7PJ#pH)3mfRAI5;D=DDnf);yOgSWxl||^c*%uK_0oU zJMkZdcFZ*kCdbNHpdIT-%eXkAy`9R)i*I!jy7j|~=yV?z_@lsDrJlLr3vCKpm}FTz zo4AW3VCNVdS7a(4eR?O^-xojNp}!ygE&Mf);jR7MpMZQREF#|a+e^4*7ixIgdxhtw zYvVXPB^=Qu?Yg0I0)viQ0=g>Ja<$p={5isSY_c;c7cMn3WNe61fUe%9-xUHm7DOlkD{U2U({G;cF(n>aj<_3@v; zEpC4X{8ZABgqM1C@(XLMoL~TON9$ilmrBar&-2geZB@@bqfY+-4JG)>fAA05+iclJ z!Bc8544&$GRe|CQlM}`yeVEvCYukro`2tbU>%1*?_fUBraxp{qfvVmx5{q^*9qbQK zd95sR&tk`byg??9IyBLl@^INT?7EJzZ>h$pl18BNxoi6cSl{iHqG z4aIZXu#@^(W2yLt z++0dZN%!|DB)8Uq84cpiUJJ%uI{7zm0oBGvGlDByS4GwAM7I#LyX2N5_`2~(Qf5`I zkE!Z$Erq1d71>{u6RLnkE>iwai!bGV4P+&IRtvs^$VLVLtD1+(h04%#2?I)?v8Pv zYQ?J#-3epxA+Xb4dz z&2-U1aekrx^=fVE~ z0&3c=k&#y8Q;~eDTX@OAV<{Npt_6QeAG1IF5=-Hi?9l>zQ23i}-yOVo(5Q~x&`oEj z5JB9K;N<5Vk)E~YSFh0>^yygrPLslSUL^3p_K%NsEi*>=b|X}eOND%f3I{kIy|Q@~ zS*&&Vv^#AN;Gcxe)||u3lHsKdwiDdA8R_X>WZlk#bK&>F{X4-Aaj)ygSJt(;B?x@^ zT0<7%I(q|ORcYE@l{Jx*R0(kw24fDPwt?7FQ4?p9Y927twM|-kO#?;0vWnhg5tQ^& zJA>A;w8t84_MviQ)HPe#pLjAkVHdC+0IhilmCo11)>hiDhm5y+ybxc450lR620DXZ zK0?x3NiLaVCzTNeP7Zf3dX)jGXj8lK$H9*UXxfK|=hrMeU94QhL+STGhDL6nf^vTf z^Is8v!m`nP0ej+)8{R?SpA5!;!h&T$2VAHpfyd)rRIv9ml}3IMe$!v@R_Jt#ZFk|v z?DwMD-$M_ZZo2I32Jcdy{e8Mu;Qs)PymjKwi2D7jlQ1r_KBD0oSwanVrMpAjsWbASh5j}1I9gS>{h@KfV7Q}2hxIKuc5hZ zpxr!fZI!nHxa4CV_3WPwJ_~$D__N}jKf)gkyft~^&1z|q4=UM7@(X{3+7Ijrv(>9=>U4xyoGsT&0WWI=*J?oaDNjm%}azo0&oqS%Y8 z?V5(5$i?H5J;)lkJx|7uCFC$(T$r@=Y?TKAM`84#(<78V-KqG#`qN49wvzB#W9PkS z&cy!!X!?(*6}_uJ!f%B(t#{&WO2fx~F?he#q-3h&`@f0wrR?pg5>DsIUOo7at@ym( zBx^5)^pk-M7V_c1{*~d=!FznbMDor7`Ob1pS2c>Kd!DJ_e}*w@y0wjk-Q~WS6Shsn z>Ofzw74@E%@KZrf* zNL=DP9fKJI*0+poU~oEGSdCR71o@&(#apdOgK)=j<6sdz%AEmCu z>&v7(7eef1oEV$#j`{SjRkpsqyoI5H(nu}JZTZ*Jy1dxwf9+vW6gV;QNZr$DusOiI}yMcx9d0A;tnXQTW$UV{+EYtAyIk$!_9> z61mDc{mz`wLvL!!_J+tH{{VY6!;Ly<-cPn|g!RcBQ*0EqGW87yPPnt0JBXrFf>42j z_*Q3zejjM@tY$}f+n{L)Bo9GZIU1iyT6k*FtSy8vMu&~1de*k7qFCD6s|X``3W9m$ znt|Bh8h9=5V`a9IIl61EHZ435DyCi%Ht=h)@ZODM zBPqCi+a4KI@+(D5=A7(*G#dB8j~TwUe#w6|?8<=6upQgF;{(>PHIIjX5%k-e9dKD( zSxX5L;zlJI2VKLxeI2Y|rjM#V2>f)v9xJn76?h*03rXVHx-~voamNE3bj^BBuj6kP zKZ~w)0VSdE>&$Z(B0#v~2cYLQJxO-C=3X}OBP{btb8)`hws3h1Tol@@dbXC<@mxw8 zQdTc4uR8KBE@L-Sd9p7p!TG*|nRY$D;Rk~B zpY4?Kq&oHfov6i#mJl)+j-dK_*VEoOwEorb)ym1HS!#EsaxR#B=zTNk#RiK;d?(^- zJzCL!v+tF3^_o@L8l3Tw`q!j*0&P#>_2l~Ptk(^uU9XWiV}x9CTls#J8d&s?j2{@Z zi99!@TWFWFUD(Zma%1CR{_3Bta2gf$rm?N*QD56DTD)Yt7RCr157+ddjzw!8m8bY> z^FyA?P;EZqFWw2Q4#V@1Pbz!W-EZSx#J?YE5a?H4CAhfJ;h4rDVoA?Jr!>r-hAh7h zby<8xHNLlS@I!FFDcO*V>Im!Bp}zQWqj*jW-BVZ9Tg_D5k~sOB(O1%uk2g`eN5oat zw5>YE!r~^jjmk1H%V3Zgk~`O9bK!;fZ{oct;%CE6Ox;^tTZnHhS%BEs%Y2yY??IJH zwml=po;DsV@J^)Gl0j=V)IlVQKzNh;#CGPsZ?L&>a*^K15mA8O{p0E?R_0#T`WQYc zR=e>OlWDit5yG#(g~s#$0PC&&KgCxvX)|e;b6Wkn**B|!wV6rjj{W}tT5)~Om`NR9 zz@0Nj@$bZ&Uk+>b@y(~-$P!W;Yc^MC9@X`Kia%xzFTi>w(9_Yi9XJO}$su;P_G9gy zD3q*h-H(j?JKzh=GsL=#AjT{~-wP`f$tOAeE7KzI?zeU0-3v>3;Ge_NNBjGd$2<7r z@XZQW9gL5Nehrhtw@auclv2tYavu1u+rys_?*1ZtHSrFcs@vUK-p6iWfUJP|Xr~!b z*wZ3W>T;hAXYk~H3ATq+j^TA=o<*KnRe{Kt9#`1N$?4K$lYZEHu9t+R3N*t4$IZ?qokS z+!7cM?(t8f2D20s<*IzN-BUdwI@mN4XPBhwu^SEoawX{+%607H`E;i0>Z zR*1BZkC%)eTG2f;EcKrRYj*l7U(Kj#wu&vSzjtuRNG-R6lf`qN1-xB*W#jJ?Uua?h zWqGkCl0Hdrb5h2Ay?NuEZW!jeySOqf+<4A%a1IH_;a&;xm1exK@b#sRv3;W6%;lMr zjrhsNewe8yQPA}dg`ORsNwv4vt}mn29$*q(gAAk(;;et#BF|RVv;@=zp|#RiF!|~^ zkFOxrTcOKVI-XbXEBh^Flfs&=zh!T2bsUOrWf%%}oM#>TQ$7}Wf5DpmoADdKdbPw? zx0cS+SV+yg1xaDgQ=dw5mZYdX&xw9Bpzz0vCeoy_nhT{FFXe4T9QxzZzFya7-t8ix zb^{6kr5RY;lT!-DZOK2LGiA*nrNYS`{tC#BJaUFm$iM(`!x9K&&S>z z*S-|^s#w0#mV~6To>&ayj{Ka}F2>%>i}rc=kK&)$)AqLTr^W3VS5$pBP>m;vSjK0y zEEWE7+hK1}U+8D1_{+op02F)+;SYC@(K_j`&e!29hsqmVp zokxMZNj`(9p=V(munawG=+6;Y+Uxo|IYgd0A|Q-sAd2IfFWH~W*ZdXV_D|KmBz!cN zR`CA-hhJ0iuY^{8M@joI`R285WQecv0oN7$ZFr8=fVb7Ht%SC+lN{@}1{p!Y80~@x zqJy>4CRC0B;T)MF=V0XXO}DXGV`gpH9A>*t8j%>#EKb9ASamq-OftJV0E4en&{e4% z(%(@o##%I&DsoR9Dl-f|Mm)p2INEDYRB05t7Of)K?6Ni?13u=oU1Mcd0k^5h$7*Lx zO)Wl0i5M5lwtp)9sQ&vse&^~kOY(KSAH_|@U- zop<4Pi+m*!R=>84>RLl|Fv^^er>+R??O&G`a%gvU8ikg%Vz1%tdIN8G8$amtjuo-k zs{%hd;|6~({{Zk&kAZhz4!mYOZ*QmF+DR4H*!5VNEMhW#N6&u0sISgq5U-exChnnY zu8g#?g;FTQEr3FX&N=F7@@eG@=1-Fx1ztg})Nn~^P4;#9asnq9;{??5TklaKZp!|& z3dE+;EBjPgltU*)?a#e(_g3>*T|5^A$F;GLawq~epOLWhp7lP*AeKL^1;O+zZ}Q^C zI(Mtl+|3M@H_-$)c8)G!W5HQh1xRkAr8BmRvHh+80Kp}HYF`h2*PjC*@GhmSCX4YJ z%1C6fi_Y^F#{LWps~%U(z{u!%ujsDJUX>%$bsPJ6UK^!LTe1h-m<$qqIp^`LW{$|n z+qlx_j>c#qXK5|Tmfl9>k?ESk{>_KPGwV zYt!UsHAB18wRqAoapku3IpkxCpH=ZHYH=_`!(-*eD;&o)>1ChZ$Juzp>`EM7Z)~z&PMlJG*lg&})l--F@t1sHe`&j>}iR)Bgao(tR=p zwvA(6{{Y2-pVu|z7dqqIE84pjlarDub24U*a%p5!<{5F@uQjI{rOHQ*%unl88FVo& zNxnO0DY+RwUOM8a*!Xt(;_5bLjudrc`_2nvoC8`kG>)785zS`PLOQ;iZ1)oRjFUh} zR=^!ct!rtzB(G%!>561`Kz6d=sXdJ(tZ5k7&^8k3kQ;efpK;y^9N_kq>Ey|5xX zmN*3T#WKVeF+|T9kQQa>jx$+yn%=iy_gZoo+evZhk{kL^Xs6uf7fgl?Sv3`Xl7`;6 zILWU?zVTM0s#^$VxRk@RDFo+%+Ov^qo^@?$b8~w82}Rs?RHrxw# zJanxX?cjny8Mln_llN+_)`o`E^JxZqMva;|R1LtK;QLkUn^^THjKbuB#}zUIm+@bM z?)3ivD*H(w+~hOvC!bI&n$oqi12f%5VqE;e#sZP+PByu4J2`Ky?_rWBjS4XAIK^@r zoxQrKc$soN4mwhmu5?3k&VwZSovr1oJBU;j&rE(b6J1_2rKgzl1mF^Kaaqe_Xzp(_ z!nT4r!47afm72Bzu44?xXHpM(<(fJYC-|N4>rVKm@ZbIszqBouwP`51u$N&WTpouX z=dE#n3_c_LW%wjz@K21iD~}rJ>lyntq{Iib7(XhvTvvse;FQ(T_S_?#&ka@6zKr!> z*l*&FgCFf_AAvQG62+%n>x%a_(a88MFv(Q}^*QW4tNJF;JVyRGhs8QCio7v4iQ+9T zf3Qx)2HWVrhDGdq9xLYMPnDmyWtqBh-27|(seD0m;UC(s#6AJ>mYt?*o*vaSc%`?x z*_k6FfJyb+iuiBhU%{kHi_>8wQt8s8Nfc!=8FAXZJUwIejE6F{E?b@l`#5;!)59@% zi{Un-YZ_eIY7&bdFb(me9P&Lq>)EwCDMi%qfw9A!gT;Fk~>D0dYvt>K`@WYWo-Po>}%3=ttswjw6~jLG=vNu_4ByrW5mT(wa-RA3b51K zXptTpw&8|zkEL~f1^9aUSBP$WMXu_pWui5qPbPfqkpBRAefh7C$4L1sbzK?I+5AxO zK9{EWi^FzWJ=VLbGBQOg3`ey091uu8^n5D#b*y-cPS)@Bon%3!GML4#c(v+BPs5*T z@M^m=pE-}GTv$};u~8r<=eTJ%-X-*#(nGa^Y+aBjr=j=?+p)%zY8=- zG>?cjE+o_~VRIOoKkxhVL~5K--2B_{CyqQ*@Yh<8N4lErbu=S>(sIMUUrt4SseB^% zn!4*)M?CJZ$`l>vIrpxIDBnZ6oa}y*d;;))i2QS@>zX!$rCjQ_kg8lo<%}Rv(CZji-jR%UKpnn5BJ_Z5)-s>Cp3CxLwMgDpqbP?H?e1-kuS1f!bLW#VH zlitM)V%Fz5Z!c&d5iaxQe+ zl)tiuE3AnXv9yNk(!L}3CE}ek;rHzYW2x#kmoVr$!E1Y#4YhZk21ohMYZ%YDafOf4 zKZqV1ZwzbNcZg(~B(h)>$-AsC(C6!q)}`^E!5cptX<8@Ryh^ZJ+%n3OMA>KvKXt|{ zrOfK3D{g#S@l)Z~{41{#T3B36Z*8s^q*HZSJrA~VT&vjHDn`aIG1s;$%Eik=+`?2g z^sfisc&^sw*G`rLDx+as<2+ZLcxoH{1_slv#6oE1bvWtwkMysW#P6Z)Lt~+Pc`t6^ z)CJ2&Brm-JfsamW=#Ph=6mGmW?Q0y8O$ktBj5ohZj5SV-;lxrtm+^P@R=K0;pAq~v zE!J4Tk5oW#;2hwQ{(qf$7m0Pf2V2wQi&B_K>N5raJo?wBmoyF^WOzog5DXe7V7s~z z)K?YaJx12nI8h2byMF0C>M7yw&bm&>^5^j0r{Wu?k#doJ;DF#YdMAN?8{29cjgFrL zW%YTbNOl3avQHcid)M7%G!#-gKDlLM7vgq@ci~SIOQp<$8|z!8idAf`(i@zQrDjih zi{tx-8?CLcAQC83lwvxMugq)gu=+b6(ViXF=gVU^-Tn;sjU6{z7RV$F0qb6w;7xXV*SCSl(E@yI4Fo z2!&?JJ7hTOD(XtdnNEXxpEIVk{vp)oSynHcl7l@tucW_aO&Wc7;})5r#cyXYbtHM* zjmyq)^sakc^r=O}{YlZZ%_(j#^vz>K(zT5-p| ze$!t8w3xg-qgzY2#aa|Z`6US-zl}!9xU*zo+HpK zZZGusj@dk)oseTWAajl@!G0xbmv>(fd@U%`po-AK<*+}D41B=!CZSWYwOmez>i7H; zx8fa-iS+Lm_$F)17(7E{<*l^oI5!Xs{(psic-o8_7l;k4*6(VwF&jG*UY#jvW5uae z^IY{!E=UsU%TPr_vPF?g4B&&G>0gCE@KVo*HXaZCu5SEg;oUqWI?kI5-+i17tm?QD zH@-1ZU8AoJ%-Qpg!;c#Hr@>m4^qNh=K8b%G%cz-hq+=QX06vxWCW-OpFZfe>=fcfH zP4nz$Y{fF17{NIs9+l(Osj2jMT1}rlLSl)7TZQrm1Jb%XJD6qjY_6e>dpXd?>f<>E zxaB<$qQlcUt9=?D2PMs(nQ-GtxNI~9j>0~jD*T#7uA`-@*$Ay~0mkCFQV(oa5|=}! zRE`$!K-6@38sg#>@<;Il@{wDxXxiQ0i+!zWdTrLCmeF~#EK9hA9qTietu~Hzbzihw zi^vAmU^{fJUjg{4T_eP>U0Yavy7B?$AaF4$&mew6x@ko6E7fTIRsEhkS#9wKU0X-h z+fdOwN2kCiw|0CMLO$km_37wq=?!Mb!@Ayyspvluyg8@%$3UJF6Gd?nl0Cy?HR)5K zeGX{j8fWAe?I-&%$NN3#)_)p46>C?|;3mEn+NP0pmKtig$dWehqoEzM#%t&=*%#se z0POAiKzNPxpN?M`bsvSk9KX_J8dc@3!ds-*S-~b*6sRCzfO_-kgS>Dtb5WbLZ>h_h zXZ3LSI<>Iz=BXIB72Tzx{$ z$iNbz!0G`!j;F0<_-9np_1!MtP_evQmS#B^#sIDv;kjLpYaq`SKLt+|qsz|}?b-ET zC!x?vsq+a2aynN9sA)RAwykBUY1bmzt>qUMvPLlRNHh9$r3Q53Y4b$=Ecik3YsLQn z7h6ZuyiEnFc%M$UK_%)iQF4R3Wb#M#uQ&axd?oPTN!6?-(e+IWSJd?gOWwx|soO9= zHbCvobf&tWFsQm!IbgItMbqbtNkoFpLPo!Fdo3;Iy)>G|vDU|*rLfr`g+OTi{VESe zl}U9npIy_uKYXTpwEoU%HY*c>j@(yAbARE>yvc8SXz!8tA8{n~;B!TdKDEoa&mR)5 zje6Fa{)ghf4S)+IxB6tz#~>Zi%HZ_}uX^chd|9SyX$$Gvg_X)b+}j{KkJGJFgGRJ7 zC`(k%qRRVfZJl<5{8-@ENn;Ey#lAzIUX_HR&q6qq_Ggp$lJ45`P!KdYogD2Tk_~n~ zAGoq#56!1dY8Oxv2T6eY%l+Dm8pf%kji6wB&Cpb~>*j_@j^o>k+5sw>8ur%SS;DC~ z-ks2f3|2Hx&XGs9Hk9;}js|dR zStHMLSFyxt0!e~`K0tAhE2q?L{>NzYE+TTg5;~gXsT(u8oUV@@g2CpwcG@Ij**O)X zKANkyXb5qWS+hf*c~acT5m4>O!R=Yr={!@J6-SlUgiZCa+S%QxMQG2>j{U2)vv@9+ zHJmFae|l(VH>~(=68WUk{Mn)>AQRu(rMk0CHrm);DT?KQ$Thvmk}+=dyL-uDb1Q`y zV!fLc>2{JqZ*OfHblN&r@s-R?Aq*1+X;L{;7(1(%zO}ZqXPOlXr#uR{ZdyJ7{j+VY z=hr?RT*8ptJeH;IFmdHey91A00r}U>I%nFF3EIrM-i$nKyfTn;!LNS=wm;2(r278= zjG}k`NPb7{AH&UFZx#GG@MgFnNY$(&S<0Qo7;*D@6N>kpFT)-f)N~h~;LP^~6O=q~ zIL&)d-2P+4#T>_jv`92h5J_$sqq4a>PdQl6t}D|#OQh(rNY+q({c(ciV|Tc%PbNp0 z-08`sIy6k}3pN2gs%=50ia6dYgxbrHz}ApCk1f|8Yx}s!C(Yp!s@w$fnSYwhsi?cVZ5q3qx|z(usF7Q4 zE6p#iAi3LT<>2J}KHAV2b1QTRS!Y##ebhy$u92jK8}YOb)nKeEh_9sy6qRw<{d>Gh9H}#JaE-VRntZ5h9qnUJwEjWk!jJTstERAXN>xLR-BizCB%Fci-35c zqZu=@`%}h|u2yE+4+6AcNG@Y!VilMky%g3lT9SF{+FeI;JX6e%l6JR2k4ok>X$_+^ zu=bY9|hoSic@h19vUmR+>bn&QUnBakdgU=qMSD0$n z(cHL{$>#1DKB#j@S647@?+kjM{+{@A3);qwvA$AN@mU8d+{f@`qeDEY7??^9(}SFIo@=<&HCtP0BbI2fa*u{` zIc)S5oY^wmjrB{*h}4FalRPeX6`L-vw{#OBM+AZDYcfQ(yqn5(x|7V1G1^aM>?;#e zZ!{Q@cI58Qsh|wVtY!#IV3YK%sI3F2^9n1g4o_+T$-YHakx=6q_RUa&7mSxLzddt6 zi6=g014dZ@ILPT$EUl5Q<1vln8;HkxnM%NR=F7~98Buq0z^+F2-YaV%~Yol=OpPLLZiW|kcJ*Ci6Rz_3zKsjOfb5c}ebClHWJXz!2M%z#D-j8?| zc>=8FBefH`=la*PN&78Z>AG#zzNxRKt*OfryiXPpA#>C*>&0zP5RqSnGa6cOTRizY|=7E-h{ekxt{z z!b@Ox#d&hdi*RKt0-jj)8U&JV9O@A^-GA5HMw+CPT%i+>BZ zmQp5kBrZB+4!@05UHh%gt!!rGbP(9B*0Lm?7&QBNQ0`JTsXtoeJVkYF;Q@2~lVf#v zGkn;L?l?VgPaWx{b3>h<$2vZZVl`b&BEPuu*qb)XFd%dwe@gkk#U3HmJa^%(OJ34$ zG`|8{TN3hIT&YOnKzbbWxR1*<(N2*v*!-aVrvCtLuYjKcwNa>eW;FPb@gX4cUl^9( z%`3nRI&W_40zO}yjlOp@)ofCB(p zOoNPYD$=6@&Q+05U^-OE^b?hbEKYY6Uz{F2>dZFnGR(6s?X8YF8pO?`Q%uq%xR6`M zSrJAtitDuP7H6F4dUlh2tLv>I#J1L|WSN+pE)hXIk}EoswueP3H$QlPW1sjTr^LUD z+HRTgJNAp!-{E(|*;yx>O=ozoW`JPf$>9O?>(5I4`}l3}%itft{Wbg%`!9GGM$<1~ zj6-v)HLm7%3ykk>Tc$}T@b6w_T8*ByI3=PyU&eQr9uV;?el78b#Aor2w5(6rqed|x z{^ysB9{#n^_-94ZzAg&zjv6j;KU&0A*r1)1y zx1MEZA8B!&-LiAv^EKsC#o}!r#g@J)xz}LSEX;vTg9Ui;oZ*u{tzL))@m8ZX$M%KZ ziKl7$MDrGWKsG63>FHVLS$MRVtp$wN+NJ^X4o*J3sq=I~IH%Cj*1k=j#kcya=HahyCpbYYq!RtJS=6ayX%nN-ycOaNecB%)bVfW%e&{B? zhxlXgvdhDMAhNgd9lUo>kjyuNr#;PbN~>(89*p|iQ21G(_{BeeZyk-KZm1s70%Q-T zTJ_t13F!J3j*vCVG+<#Qae{C=(~G&3qtN7DUp7~@w;}Dpa3+td%jxlLv*SW#RM zal?#O@Yr@bXsxEaoJ+VzCQf@~SE6Y47I4}Jn%SR@5230vnL_U76joswTxXRP&fID7 z-8@r8xO1MpO$KjsrLl~_f;LAiIl&wn-HEQPqmEcZ#~g{3|ZY!`>yj8U*kxQCYXoBQ%`HjARdfwY83#Q_%OH6?`R4M@X^NwCjU= zeJ!{T0ub3a>z>*EwdFT|4=?;Vslldewo>U*x+{5XFhD&pKQGRck~c@t7G4d5NAQKk z^}V&sa}&N2BH~tbS@j@Lnzp+c^qfbqnsR%9Mya`YpLt*HFuS6 zE#)zho`c((>Gf|BctgRLJ|DH#9%wY1oC#Vq4$7y3aqGo3Cd~b(L)dKp0A~+^9wfGF zT_46adc*1gr;SUMXh|D@Dmov^xE&+lM7GYh34a`3Ta_~M$8K@QzAA>RH@WSa?u)Bv zKM$@n+t{boCbx?gR}u^r=bytB`P==ut7&?*?Cl~)aMuh@(f4u38TwPdLR{{8#-s6< zQ;SHqnmDDtyM!nTss;zIUMId1^>KnTCF z^WTTQ7jh=czn~ABS4{cU6RSC2I>3SC=}Zl-<3HpV{V4(C5gl?xXhOKGhmX)HHmcHCt8 zS0$)uHu}x$OKEP9T_7xDN5)7V^wxrLFr%IwIpCXEww~VNB2BtuCwKnaqccN>UceI=wFd>gp zJ!{LfPYJf4sA^Ukwe8!M0NXP$36b9&GH`!Nn}&$>CGh-uev1yF9Ft#MBxiED2XPtb zKPvPOfIbW#A7t0`4IUyM)&Vx-`~%n96kL}h=*!OqSom8=o56bio^KtH#U#=WS#Ur; zhqU!3bb*Xp~ z;gs9S1SUfcda1`=LFT=?kLAv5RMTWQ zbv#GK8b-I^*0Q}wWw|rX>uzFfZW$+Urh0yr^bhQ*@UvdA_@igzEnKqc7l6+-q~{F8 zkGY9Dr+& z4_BL;$+Sh8n5xRtMpP%E9qRps#mf*3-sO z8*7Lpk=FMSVWT+U@$Zk%+ORdHx$#}JN6SX?TjpHk_pYPBzAS$O`1?TdD!GO$T(qDM zmQ_7fhov2Cc10g>{CDuJzm5DG;qQsQAGR{wgf}y^QjM`891;g!n6Kyq{s<%cW2cWi zHLHHbelOKp9eM~~R?sDtk0=;!i9zTAB=OmrlvVDHA=v(db$vSPOD`LjSyYsNRU*Cj z;RlJ+SFxK%xR5o>BOnvW70V=9=Klb+Z^Qop?M({n#5NFpr%|%`%sBr5T@e^%{Yd&6 z{t7?fqrbAf&+PsCKzNaKdke_E8~B#kYdRy$fl@hGmYNkKg21rjtzxu#ktuXPDD^8@ zVY|5^CfJ-FIvSwgJS8EXRgnC|cH+CCBZi>{+{ALfz4z})C>tWe5?7E%@qKE}cM_EH zT)P&L11Mey>zaxn<)bbS;47eInGA~}Dw072_53I`gXmeYl2)9C zKohnPHPLEEP-_V0(k{)8t!*M)T1*Gc6w1J>De5^LYZ)DMdA)e`eD)>S)@b8KuxNYxoA}WDC?B#dH%q6@~S`AOZK6xUbBAj6My}d^zKNM%MDltvny%6=`hTDE|ONyyTF-i0SM| zzhUM1GN zCE^(4j{XT>$z>Q4!Jm|m<@i>V*_7gQ@!Gc6ogH^CKx*t#iPf2wMt+#ZcTE50w&$Vang~&|B$9MyWyr@*Y8FCpRrhm_ov1pgpKO1@J^uh{3(whO z_M7m>inQyiojXF+CW;I58~m}lpON;SI-DP3YyA&=0r7uE@$ZLxC*#{Y(HDd~LFL=u zAm{8Cr=2GN~GkpeFJ?fO504+78}`Z&|6#H zo$LU>59|D^j;bxh{FVOzg1i34w!gJ6?9ZzBheFe2z4*7_$RxUl?8*(sp{8RqL%04~ zU=8ZLoyu{`bN+q4BGATxeSe`f+uY3?mQ`gc%%t@o@+xdTQ=PN4yR)3UizGp@@{_@@ zTkw{!_Q0cNRV* z)FoR%X{WOfvWCv$Imjp0x1pf!d6u7fainVcUb$m(_L_~PqDZ7(zwZ7u`l;}@$MATM zNYeGFXIqDw9kVGT_i_Ws!2At&8OSq#E>`62OiZ?i6f%;hVa}?q+Qxh@-W=86vB1so|&$q0d=a$V8tVJ z&KW`H6x>myCD7~jKM4J{)vZ5!ZTCn6jANScFB56@+CHS#@K3#)lb)*84K0lkiIT-O z4afMarm=&3MUds!pvNH9M9sso-&%NTQQ^t_LwF9@LE zCgvH7!FI&vHUps*VHmV^jJDRlDzan{6pG}ve-Wmh^INsNQx@PHU@814F3itc;i;r^ zOsc^^10I5-ZwB38+{ZnuJXVZzy@w;|K*sos!~X!;3uQD@wZh1yTR*@-t_|bzC1p{| zoD9^;Rsx0Gs?kP*Fw-kw`r@_hL~*y5G5K1uxlwwXIyI%LUY0_^LttcN3e)jViek{? zx3QWObz*jqnce4QjD(H3^ktbQVGJTJr$iQ6o70Gyt{^DENE*WLm4$a4=b6Q0j z!5R8@h%Td>?0_Aou6Px@BHrI7Ll{WT(khB35k+qBnI{c!*dF!P>Dr7sebiR+$+;Ny zUT}TuDeeb(t?E`cdU`^oyw2ILB9`9P?sAT)oRN%ms2VivpfN~dc=tv|G3{9wo)>G^ zkbR-8Vh1V|WYBcM>N-V-Nsl8onIsYp2@S>oDHVj{9V^Dsoyr;2wCd?5p87?LGS?X}=D9 z9pbNuUlDXm?;6Wx7o7vj8ReM}3>ep(=Z<(j_2FYMH@v$aV}#D?awtXn$Mb3XYkX|e z{7?H*_@m-X*4m7I3y?LYnr;vwhCG580o%9Iw)`)7W8#krX?m<0j8}GZ0wHzzfg>4T zuOhyG+H$k{ABA%p(u$X4e7o`M;P$cM%|=g+UI@`1<*c@iR7QXqBKP$@!K`gR$67|a zp;_xT7oTbpFV4C7;%`RxuUiX=N9vh&J4+WdPZfQd*H%eHQ(0a|vS_5i9CTn0aa%fD zTgwa06D~I8ao)OWSJ3)6;_nlw(AGP-2bu!9pVqqzyStkb%(jm+#5eKRitsV@QQ_k; zJD!>F%UMr|8efZU;#->?XGyddjT7=_P}nLt>Nz!~4D#OJM?L%8Y8pGow8k47bKf78 ze1U$1Wy6H8B@V|-l{aZlQ+Uvr1b~D=QHVk&UyDk;S zZVCSYJ!{6Qc-0;BIsX8MJ|Vi%w7Z=@P`jT{Sf+3p$t94nDoORmE4tNn%lIy=ukB-p z?2edWjE5eKJBs4wF^qLSEd8;*19)S_ejCz0FL*0UwYAl>yp3Ac)-a5*_jLoPuav$L z-u<&w(=9Y_6KR@U4h#PPq&5x*IQBiN>CdUz7@w~{3cqfxYv50SwTnLp_*d=TES@s4 z>Mj8hkT5<|)DE@tr;7eKe1G`m;vP3N9WfRV|@4M+v`_ab?nw(ZiM`oXpTb2JvS~5eO?+`CXZ5uTRRT%o~bUM;o0=7Ye+9{?pOCw zvH7I~uF?4a04nzl7s3MP!uB)h&`Wo#$EW?RtNDy(Ua1O+V4Hx;!zt_OO8mWX-nnrU+efE{s!O9qulQ?Uie!u} zfKecCQ=dxm?-5>0cj8Soqssz2gI=Z{mD$Nv+e6-bAEjv!YPyDt3bsv%~tuzr}4Q$G#aJ9GApeY)(GMdmxQ2(EOkbe;*`+jOM<- zE{&{tbt-6i$L&?%{{R}=c;d^WL$%fj{-GI>bz zsB@FauWFQZKHgRNqI{$KMr)Q*_|9!I#$hmx7a>&b81MP!zDe;-v}>ea%>%5rW-`jX zK5tCcHRO7DOIpnN*Tdc_)h#AibvRny^#1^NfCtyTdr!fyjn}^hzAAVp;u_yGX?B<5 zEkXnH86l8`BxlpxwPQ|tmo)Z2p$%KcUK7=?w9RWq)T|!IRe^6JG5ysHGmo#gY}cFo zM)5v{ckuhieiGHR*)=^ATGOSna7I9Kq$%gOHRwX3G@}Qx`1SibYj-~bwQXy{mzLM? zz%K^Nf%C7H$J4(8xgXjSz*k-=)x1sPF9M5Mt}LfFYXUyga+x{u*Y(H0<;^*x(E6)- z9%1k^;wG`-uNT?)*FbjDHMk{2cMet5uijQ4kmu6BS#-bJ4$INP8IB6^7iC?ap2DySY3F3{t`=>BN{|IvgG75fsnZO;=eP$XbYQfh#n)< zd_{86&v2om8;1(H=szL(QmI|FW6{H4tbEV#o8h#-6Sci(!}?72kle$#LLBW3;~y{U zSQ^fet@tCw8pniuRi{a$>lUxK$#ed-4@XnnA5mUici8$2JuX#dYv}gB+7nyY+n{;n zaEQ6aNi}v@@3g%_=Sqn`fI;K2uUeE(7M*t`%vAWx;Jr7+{{Rd;f8Z%(YrQj3v6dqUagf1D zQUUi-&3-)mFS>0j;7^0>Z7g88@gIhDtE)@Ir;QBL>OhyxBV+TNtK}l`pStV7Z3M z=6gvQN|uSru>3`NRn6Nq#S2`+x5^V)?_!lf11pY73vSsngvfK{C@O7S0x z?%K=3ng*xhTc9^O+97?b>PW7NcW0H1sZNv~N|I5Gb#3U9^FLO<;GduHPOI;Wy8est zqvDjB4abCZyVr{2MUZc3SujVMgm=$F>tCuLwEqC?P4GYAcA=sCYw%}+ydR`^M^}Jp z`o;9tyCT!3=^T!LZBS1ey+^puyN1H9Q}{2$uN-GQXD<9~%9X#N;})cz6iOtMN+3w?V|Fy%jl85Nz2dg7vaT73>)1^Q%WP@l8S=&F(L zA9eo#k@261{{Y~Qzwl7M3hQRxeK+AJi>8&`ZBo}&F*V^FpD%bFx#y*Mmx(`NPuuU| z%qDLY{>ffFy|IbHyt)*z>O_Okgo|-Moq6>#x6uBf$i9?3F^ZI7D$bq%0G>AdRsR6U z@EvPS_=(}ILi11YKf#}jUKhKz8I^CmKQgpnb=&|XW1q^o%_rgqg=R*-!TIaa$NmkS(?fEPk<@jmmgdyvb}u?SXLcCl6^$$tS}BoV zG{_~ zq-!v=!WgFcjt3`zXmIQ`QEbcK5~uMu!^ZHQzvWqK8fDX~f|6w!M^Jq+SiUXS;PGat zbx#k8ZnXJ8eX)Yc8)GcHha4Q#SbotJd=abZ_m?`Zk*JH0w5}E={^J~V_Um2Tx^}gt zOx(wRXS)fo@}jp)%&;}Pc!5iyBq4Y?T8*7G9jU)yEEH$9YkDtR63>9YY+Kj2@&1+J z&<-0X*__&ZJ49(z{szo!2CBq%@3ruBcF<^NBLs~{{WJw`k$SDxBl zeW}{Ox6C?Yp%q6lt8b#(M6B{ATXyXFS52qdI>gdj0vD$pO>GyU6MYV2QMJADTBg#@$RvSpk9q2Nd zv2zI6prBRCmft{ zNl3~09PYQE-8q_Ap_&u zdTrIVp=cH%91}*zd2X##uXRVUcaO_2kA4jnAoIOnSH8TCWk_UCn4GA|6E_jE-YwE}c@%91GmuBMd2fhpbsrAQ`kl(X)rHK5V<_bhp~YICaX%tB?cV0x z2M-&t&(fi`(X%lHi+h@xO60j4u>?gCswjGv+CMVm%9#0)lacIeDQrhKLqk#9D7nV)N(2LcWoHvfD1iB2Hql?IUNVgGtkrIpUfdlp*x;wY%-0*B!Pf! z=NPIs&|jaE<<4=*>L^S{Lmj{R7SI{)^NeGReQPsKf@^#7%$yv9o|TlPa65xHl?zhj@6^jLCat8;{S0#Gfr(7e{`u5wy^LReiHPhxxyK{yGKp%mwOJ3G>8SmNr zh*sRM&4bBq;}zx06RFgojJy8;3tD)GMxG1E<(F|ALZ7=|B>1o3zm2r3$-lC6cfPV1 zWk5-jlgT9YuR{xswv35UJgKz{O+NNLI{jr^<|P&tP0|(z7}`0_ev5v}zwk_7j^DKA zqh;a`7q+4BgW%~wa`*SJnC>ql&)ta|2a%JS^7F5(>1+2!M+~UB-eh=c@rNoBX+?|4uciML*lRPiwSip?Vn527;f1v5s`g* z@mko47*^VB7AbWmpKo;p6Xn+7vcb=;O=MW0u+rg+SG%{>ui}`?6zqUVt&`L6IHpaE z8^0BJ-^7}}r+wm?tnBowW(MBiI-t0V9X9cX2Q|g`@8VM3+Af*leK90raJMoY&Zpdr z3|B;AX>@!a@%#3n_#yj0=ocO&_=)1{S^RhzlFrJ`Q7<3^^MDV2+5GGI*Zrq|;H2Lc zzBhkrcyGdYv-m6F{nUreNKVNvRA=uf=noa&MxBi1GxKid`bUy?nn`A9R2Ft@l5^Di z)d{6OTCgFr(hOyiNktqwLomfNHRm(K2{w9H8^ z^}_t1a!)y_krG6ES_W0gUUSFwt!N;7g*gBU$dw-ErM{fO0VQKh_3N7KEi@Y#Adc?t zFt2d#fm-?D$~LHjBG!dtZ84{5M`OZdGy19ht3MzXk(SFZ97(VXxPwrkF>JLq~e z>7M)XSH^eR#)mB55&TnSpy{x-Vz7mbOS9AE13sMKo}AauaQsNtJZY%uIv0cViM%!8 zXn_-IMjSoD^um+Z`d1@&I#g_JC5MK*5vb}nwh`KRvr)N^WQOwJcqi8fxb?3&(lsbz z@s6c;;wva^ygC#2F+uW?AqOWNfXEdf(U{t;z4TW$mMa2VETpW1_<8PY%x>CrxVdTC zOUdJGjht@!P(zD4n_Uj;UeFs?zj0w|tQF&V1ajlp1E0#QX*z|aw(DICx19p)GCoUV z9m&pkpq6sl&YuLVZZ5pb$(6&R$Iv&p?^W--H6^4L+SiGrT{lLUlC+xYv!{x_3Oz0l>KNS#lUag2E_{nP$63Xx}Tr}&rS ze}|^EyzuqL-8l*SRlBa?xBI~H?bf=>pA~qo#J+OtH|+((jQ;3g0)4txv4w>sdq>0D zT~ouht3Ca!chNjyi_E#m9?Fw;%B~Xy#>XqbSEeO0$&Om91~?MV-U~FaRpfFdOlz+J=c9mpkAH z9fm;uv@ljmz7#U`8-W`LRWYa5~+Tx`GLy)E!AVVH*sL9{&K9 zT!Uh1#uj8R+p#s8fvjGJ7Mg#!y(D=c%omO)70#OPiP>8zWrG`NrSIvy#-xQ7~_;FXf(FbU`dA zat{8q?UE46@J(^25rFZ&w4~k$Fg`wNgC{P zdG|5e_M2T(&tUPNm6Y)HtRF)Phx2>zpTRnJ#0hL|8usD^SMu1R*%J_IOW-$owtIg)$LB9XuoQRDbCFC#(Ao7 z=w1OxFQ)NkwPB}TSjXmDmmsr~#sy=_WR|CxYTDj~sal&&J-5jl64Ds>Aod5nd8V`D z4PQc)VAAAE`(_KZ2k^HU>S(dNDReA&d*g?Rt+nkvb%Jzzc&0%wmUju$BjqEv9sR5J zyT%^}z7>2>_&?!Kh|^qJTlkG3S67Ym_LH+9ALUuqT4-qL*&i0_ULb?Q*6U|H_U6!? zfIDYzJ*$%O-mjtSULJ#8@KpA;?odR@=77y89FRK?dd9{wx%2jo@b|_SI?`TVUA@)3 zxG*O2yV&&v_Z=(EzAyMsUXRCidT6zsr&R;UQ@Sv?>ZiHsT@hLc^#1_aZ^MyVd_}vT zUtLp5(}V^nK5x9^C5iUnSJgVbuBBn)j}K`c64g(MtaTgM%z_h>2q%>%AE)J2ZBY%_ z`hWI^x4H0dhf~73mYp;jz_)pK`gsS)>p!RXN5z zt0*VT*>u(PJzL7z!C zrE|H6&#&cL*y%|03+;Eq-Wj#GlTnf=wK-%Fg)8%89sMgpdD(1=4hxb2dmew6s;o90ncHglv!!9~x z)-#rx73|shcm1srYWBV>hU`G_NFF%@@VxO>yiakg>(^JezG7Y>eeu4|g!=xqYF8R< z9PPJy_8(TAsb6Z#Z(_~E7$Eb7rHP&+lmp5`Km2c?sqzWfNr!cB_Hkt+~!$JZ2!=0fTIDbc)bbN!2{TYZ}L*`y)7 zyai>?@nf3z%~$rbys_|xiSYMF@KkqN&4gZDmq?ry!5=6CIqCJFqvfv*d{@+Ne0Oni z;w>Uay<_D0XfeNkd>>C*_8o6od#ycg8qFh^9f)@Q-)byGqIyrmZ8qyy@V(xxtE*|I zC1>)dIA-m@`g2|1?C;|Ud?)c&Rnoj9qR#T}C0Y6^xNbNf=bFw@)XvAKgZjd}(&l%&%(lVH^9Y z&2vd=X%>C0B#`UcL%2k`SrL)fvjQ+{@k9O!A^QkJ`%!+*zY@F)r`t~-#IFlHz9;at z#6YvkS1i`}$K7sM8S2V=Ruv(mw&cwp!8W<3$n##k?9*D@{h~-`hi2D`R3%v)b|8x3 z?x9GhK1gtbj!t@4Tw-%hJxZQn!{j+oc=oCO&=xWP42pO-#tm7^C2a~`f0*T4g*@lE zrb?gyLzPc@Enq_nN`@p^09GTfVOMP)EVyDWBUU3R&||e1G>y6%Qcjax2ZjLx@B#*_ z_Lq*)b1v5z197BpO#Lta0D?w-+81B2zwMKu>U#aopx*?%aLc6lia6Z7HuD@TQ^^-h z0!SouQr&Zd{)_r0-L?LVi)SP^R?iaL*-ocEYz@ks{-025I*~dfE`}BOnL^EJCfTx8 zg?zp7cfm1u%fni?gEbp?lTZ?Uze$*{G2D;tpL`F;~oF1KiLJ*z=in30YPdW5WZwkz0GDp`3G$5A&eP z?&XV?j#DGXfeCDZ*=aWg+IJNLuM{0L*>3jE*ILo;Z6!BW_i99t&jW3ABb=|lO8&pU z;D*1p?VrUT23r2lpAz+jzSSc!*<7XJ0^%8y{Y2wEcWqF8={0p@zMiQ5l{Bq-(oI_D z#&#COYFbfU7hku@Ewm4j%Jk@SpL6S8(RHX=&eqy(zsYTJ51AB$pgx(dI;%rckctT= zT}Cw%&j2>p@qf=qh~zNu$2`~YZ~p)Vz5R(H{h2>#JI@jLKTVlD1>#vBSJ9-9WePKH zp4l9I?ddsp=N+T57DQ_qGK`Kn}opTJ3yYp=qBIEhGB|o^3TbV)H{e+zgvZz#Xz_ z!fi1qp9o*tHJ#8f0cXJ?Dg>q9|w4y^c#ySW2aw#so$NcA;2f= z#%sO~;*vi`bj@;mSkWYioE(A|n)WR+&r;Q`n*J4eSwJTPpry*rce!OIc%|}Y3$&az zMOxF$W*tETA3vRh^b{#+VoY0YMr3Gy-xO>E1@ke0r#0*PXo4t~G#yeRd~E6r@y=fPfGnxKy6 ze9QB9=aN4<)*BHmjr-pfE12-^%v5KNhOlp>H(=aGH%vKQ$BLsOYa7{Bm4g%u)Mt$Q zSGMRn)Dr2DSe8F%LQd@c?ACITYDOQ4<5^&Lc@-5;et_44UR=$0d?Q1`H*f1%mbNe5 zPqIgmP#mZj6;j$;*{)T~28eNn^q{16a^20NX%fp7yqBy_U1J#_9{l=OlIj-vjr=!P zk^^^R$Rsf(dhi8YS-J1t4)IOBr-yAc+lZOhU|Dx4BoUs6w_2~O%cb30PYiHI@fQud zxD}ysZ1WrYTWDcxh(xGDKS^qKe{dBY1Udn=7juh!!!w%p>J&=cOP$0y`^v zI6mDdjp1b=bM0JAT8+iS+$2amrODmgP-zFy=jDQBxLKT&BAkrX+a|NRd!)FJf5=+{ zj%zu@>5RG&DUqWkUGTgN_N`qqMUQNfs0q}9J62}A+E}xx$EPaCs>L$>oN&OLVApA7 zu0yEl_V(%*D0-92aYc<|BL`er;I+7d*e@h8uQHy}&ruDhD25B;@}#OZv}E*PdX8%< zle0BAsRqC!8P)K}NPv+sqP zYuG*==&xgS;oCPiK>4F9mKkgwdEoy5O87j}2P$*2KXc&x@-CX^-o~%(Gx5($_;uoI ze}jG#w$pq?sox;`Qsf=0jPb`f^skt{8vGyEK00`d#qIE-%S(gA@J2<}g%XtW`yhxN~4af{dX_TV%6?=&Z!5BJ{|l;e}umnJQLzyhW;^V#P;^Ot+PTeAta6QG2z!B z@-xu-8um!EyR9W7hRzwTpvY6@jDcM>F>9Ao>G1iCTyJyNbPEe@COcc*MI>Y-NXz}< z>0LL6^)usbOT>5a+882&KpX+X1B_sQz=eGFGZscC5Sq~ReG^2p-h#r^Y4b`pNa`?T z=e>3wFtE~m3*lj^Ug{R82;5)HUOMD;X2b4fyX|jtiKr{4c9QMZ|LasT81a zeKV2Q>0eiB`i-rMI=#?~oP4L{lOFYOjoFfs^S{KOiQX-+Rit5^ig>Eu z2RtpNCZm0+_`M_6HCK(610rA{JnbXWx|Iu?(yL~At^WYR9~k(}^=s`L!0CCV+C!IH zciQDK_mzM8_3#&pJUgv;SK?KdfM(LK-sbiexV47n77{tnDx~n-dQ?=vUvt-?j7Z>o zQ>1v4!%uNGqh&3vs-9zX`J(>-c-C#7i&MyoE0}!Cb~s=x@p&t$E)d%yCi}`^0N2HtmBt7j=yW6^S_I2JVW5k zM@`Xm4MzL^74E61G;0I=-(Z!xZRdf|epUKg@V*T@z}^*)PSLDld$}!^Io;DNugS=+ z>NJ|M<>F^!647G2zPg$~R$|0pj2^Yq!w`QY$@4ZnE9@}T?<=3V_-Rqm%baJ{P5ubo_>thl;Ur7=WP6Knc0PD2Ys~b| zkG>|*7Ck=B8(WKLfe}31?dPR>ma@6}ej2ATxzBiu#(JNPB$EB~+k4GIf0c?aL+xHw z;vWe3rrqH;z8=-!w>iwdQ7EI|6~S9m-J>-V7URISHyV2ztv~HWhsfYysr9cU)qWY> zT3p-D3R>UUedmdZ-h_KsCaCVGB`ptL_-pa1KL_}h9XG_jCBC%KV1x+a3%J5@{5k$v zudglt0BP$V9e5-D5v?mwvb%vKW@*BW?mGkc){3d@Vdy4!R;xX|5!E#%*7Tbh^es)~GEeq-3Z$*;wzag#F1#@Wc8M&P z7Z9!lj&~OKCZSca-A@3ITJWdDO@8l7pG`M&S=kel0F#D3xXp7OF>9-x6I+_rU97OQ zfRoVw0FzXz-$P%kD4s*`rBhw-j+5fO8^n_MYs9v9q8o^#d>H^gd=BT2!oH;auY4hS zs%hT`{9`VuXLGJJ9$fMT!^;-XequVFY9@@FY<#r^t=*Bfy|u$KHVDb->s=@d#?ziFE^dcSH_+&;F2Qw? zNJ{N2bxUy!@m@lgak`O*JZILf4^dax@lT0=4PV8Y4yAG7vkGf52AM4h+9wOn6#DVf zya&MkGoMSj@b0H-TF+e5t`)B>{i$|OrpP)YAL1T{vZ#~T!wp*z8nbhEi?=H6 zroVeJ^zCIXEliL|lB*~nsjhEXidlnPBA1kMaokrFw>@Q6>rm2k$gbMo?PulO2~Ojl z_4=>-FZiQJ_#b6y0z8(Bs@t25nFBRSRFTy?~v+}2s&n01)9D>o~Z$d}sU(<)fOHT&; zV*Q?cF=48%o#Rgh>$(_*>w1QY_BRDzk6h>IM;$BcaD1&xQ~bH{^MP@BCKiq|qO)?f z*LyemAIUH6fBO;mkM?Kr$Ha&)bj@$X-wQPB$Y-;>gDtwwQ@KNq%%QfQap_)%`w{$R z(!XO5i4lBO_(OSp<1c~!C5kIw6lgwo@9avS_2GZ#q7uX$av8^ST~U>^KX$?8cz!71 zNK=3E_L~0yw`XMhz8No_kLxDeS<}8M_!mj>Kf~`6TU==g$Rn`? zcB+5yhH4UOHY=#yEzOiFtgNJiyn5H62;BbwI&pOBVQSA0RdUV^#jedeHTRrn#!rSf z-YD@m!EYUCS7P5-@V2^>I!MGV#hjod%75Cx82Y!ZeGAXc$?ICmlInBI87CC4vBcbI zx07q)OX%$N4LGZQ?n_w7Ja9J=pVqv_!{KkhFN)qC)NM7dgI^AHOC`FR*6P~x!>}n5 zBM@>KGtW?a{aWU}X0CSA=+b{t1oo!}fyz0EJoN{{VzdY;E=1 zh*sj}N!CcLEf{3nI)nFDoR9K+8ku{&nf{pY$Bx)4IVK*yV^^A|Bzd~NZdBjS=f8O8 z{s^u6diVnN^!Pcx8T?t&;zfAng5+6Caq6NsZWw)W^{}_@5*_Xw- zo65VK=~E@Zi`e6*<6Msj(>>l5`b2Q{XBGS3XD8BHTj#3zyB-6mcnjkwvhf7%@DJl= z?IvF*QZVQe%9bzbD=!Q6_Z8%pe-N|?V`bFtZggq4V8eX_+p>}V_yVw=8eI?BvYsr! zVy5Zgt44BK+A>Ysy^}k=FIThGBaY(6^4j*@x!)9lfc%YV>Q?|j7;Y-R%DCl1Nc!41 zl=_kBwfu2PZrV z^iPMM4E{TOUew^z{t^5g@yEoAsR>Z_)~y}7VB;-24TGF_r%r=x;morfJ`#+v7^$d2 zJGY`gNg1=`!4rekd%$la4;~Du@HZiZJNd$Glt~=u2>^J*A ze$U=L@Xvy^-;5qG@!f=Xg3rVng``U)+HUnB9EiaILt}6NkTch%dXT}Su6_%J@z)EP zW^VzM({&*f+^4eA`!8E+&lCNkzhqAud@+Yp)4m>fhR@bMRKnOYpyf&WET7L(6iHlf3X-pHuXxjSHRe z#~+se0JRV7-|+|bX4WizCd4Jz{uOF6By(QCGHfPef#&)S*`vc=E4I|Mn1a4!BoIma zz=|b8$D@bEUFvJStP)=$3@t6dZXA$+4uE#9KT4bIw#N2IUQ}P32r@vgrolzoSpNVkd~U}3ekR6F_q5vo z0Kjb@(#Pwk?9pXDneeATwgY9ftY(Ry?+zR!v{DXwNa6bwmNGC7m%dx&@_jQgk*4I$b|F)&Q89Zh-H zhOckzH9xkj(#14Qob<;u!1h1wgw_1H-d*zNcgw~Nd54U&`{&ecwF_J6VN86;pkVXg z^{n~P6B}(bmWC^c!70Z4e-&K6x>>xl8jyMtOn zY0PNbhyZu1x?hLi!dj`j6PXeA$+R~Ej+CT}jIMgMzm2>!0?DpkeTz9*$CMZ`$4<4! z>hkFRAhWo+v$xwEV7M&3PpJIrJ(x-LIo||d>UR44cUo_*W2e@<<5y%^6aw4xl5yIC3NRdo0AOdIdcKMsJhT9F z*V2G93SF`ktngUe#f*vCv#uoEx8qq>v}1EfMEb+R-wgCm3cy=WLmk0TaN{}8Y}a$A{jvZlLDs%K=*oAg z=hGGQII7pw@1suVO>DP!rW-|KvN8F0wgIkjd@rg)tzAug{{U>$m=UxLc}-q#w7J_( znbysFrRkb#tF#DHlObR>k9x82)4_ifKWNVp$>EQJz7W)WM{^SdxYe8YR(5^2G>we? z1$R+>jU6-f5B78a0D^Y@&;I}b^|^du@f%FizA^l7X;x=nB)z?hkNM`9Il=FazLomX z;oUb?y}Q#jFB;kZ0AT1C^DXQVaIB+@ZSD2v>t3ZPGoEPb^-me;z97}2(*6#3M#o8# z(ROMxm`WBTkV!pH1Fd&f9|trWYp2(B#9t8K%^E+L31yGIHj&gH{{UTfMI4Ox*!0(n zM$?i>?WVMiaS|psAom@6R|$K6FNiFrg2XIo6t5FFJ4z5p=RZSTDOib0$04d&*vAEs zy^`Nje3cB}Ho`lfeksz~S``rLt7)m}Z-CI}<&h6#nhZ%k+o;U;{v5Jf%^$+cBJFly zVT^iX>Frz(#7`V}XTX>DHufV*@s^_s0~}EwzQ?B-=bk+)Skt)AioAXC`%Spf^=}gV zQ@_!C3#LR^Nn&S6sCl-FluCjZq3YhP$EaRi+`IqCjtq2(kB4569-MGldHRa+l9TDG77C%mPUmf_*#GW6v(R?Lkb?|GzQ5Lq^kcg#{ z6&M>x=m_H&?b5l8H{vXpHVN?G!B)Cwh_!iU5gl6c673g3xuyD!p68`=a~+UOhfwfW zgZw>XszLF#?$^aWB(!sJY;8_pKt~@hIUOs7*1TD%-9@5W=y2(}euEo%j>bKu(Bq~% zEbqtzy#ClGJB4Auhj58*9&m0c5sdcS*Z^K3n4IoWxUk$QZlopMN=teqp?rB&I zZC29fQNOpm)b1q_N75MBj2v_$y>xnahII?1j`kHzFG+K;?qzL?r`(!C=GMoOd_(xH z@XO)VhOG^Tvfe4zRa!qTA~we_uLqxM{POWH#(#+(F1U&->$|1Uet#~|%eX`j;ry#! zYYxW|W#K(+qR zA4%HyDs2KdQ%Z(Lid4anrreI=x{U+DbIUTc<)UooAaRProRivg{VjA`HWv2~$&=5P z3ZKTTS=?C9aED%iO>V%iT#$Whc+a7aGb~G`z@}!>wIKFRHu-qL{A+~PG$yhwbh3W$ zs}MR?(UpXC5cszL0Q(Va#H;0^?D;_F@va)tudZ&c=5=`DE$hR5Ygn1h5MOKhmX~z4 zBGMUc**6@&%szs;?J5Vouor6QV{?(!X`HfJo!pkzI-ZdncXK3@!Z;_;bgwGZ^*gIg zLg&rBONiqDEKEM=pn`2b#L$*8dFvF+2~|7_>IR{vKA&@Gs6diUE;h&yD1E2{jj+@7 z@3#3He7kblW&=B_pNs7*bdY4Sb(RcdpGsav@mdu;1LEBWSBmD^%T|H!VkKG-*=0Wd zohzZ#Ev~MeWQE-)2P>cA`q6YVl+~ryY|BG%zh}E6mGrAN8k6Z3#q~?Xg58MAJ8i64 zoTPdpMi$UrMI>^?jD`d6S2qT|=FK|#Cnw zFj~5`%qXg*SdpAnq$A4jwJT$IvhQ^Bsc0<|fsxeKv0526Z)x&J zETrRfc+N+9si}o&RydWJiS6m{RAVU_*E($R74svO9E^js)~%kHq9jS>R&3`u#woN( z)M>3Pstgde$Mn~TVKQZ++^b4WR?Xk7+$KrRy8))@3mJ6*v zP7JEaEPP0D(>|SR#Qq>bKY!C49u@@ zG^9zkL7qLoTFB7!>+Mfdi6gU;W_G|B83#3!X3%KS@#n%@8Rj~&UR~O1F~$xTfLM-l zJuBaS5qwa(@Rx!ubj?olQn;|Te=U5+I|2{s?^EPybkXF$v@eR1^8Wxx)pXl=ZFJ*5 zo3UMvI3sVltp5Oqw^GHYPM21)+9Z-0Brr*=)tX~zpW#Ql2cj51XHO9O) zx~`wG#m%AaR}8Q0dHl_MM{VJ)BjF-=>s`OoH181FUX^6EbQ7Eor*Em|fR36TN#Q*+ zR?{psj~e(tMY{0jppv}S){nVa0VfzzdSHIF=e|Gvq5N~>c`X}Uu$M%#`5Mf>1q z=Rb{U7u?+Qtu{{(>i4ng`u)`Z05K&?F)QD>ueLr8d{yvp(4p|<)!2u`7E+bt8)OF^ zM{Ivu)jJr$Y;XO3IMa_Rmt(o7b@cSvpt z#`MoZze>uWp{9)P{6YIa_!~sChSS5=mv0@=*>^J?%?b4x!2|qj$+X=Iz@H1eaMp6_ zw%XO`aS9e0+^4oH316YnPTMoxd~$Tjd_Qe-9I?Y`H{57gZjAL6;yyB#eP+tW&hmSW zWdH;g8NnX4l8Y)#<0kN?n{i_;p@}Wofp^`E6V|XHowVe*M0Zr$P~)8O(zK>=$&Ar$ z(WJO(9pq^MP;>W3(!HC*_VPB6?HfYvZbGk_!F=bF>(aK2Zf2R>>zc>fv|%;2!8)o( zBAyEloO@ta7lNelowlg)YS2V&?he-gedE`k%k-+0I~vAD?bpHI3=0`Aw2L{C;z`;< z=-iz8dRM4U-Wu@kg=4Efhi$GkTR6hVo>H%zpdNGAb!N_l?vKx3h_`xoi+n>iso=|N zT_;jP~HQPHk*R199=4FV6lPA}><1{603bFM9{5|nc zihLAoygtWIyKVzxfs70h`hGRndFMpA5mVv@c#hCm-aeb zydO81$c?&=z|qZZ5tkwHZ|#cuw}{};ZlSiEPi`3H2?4o3d-VLP^f&fTyw|)R@F&8y z8m*#5tldT=+^d|#pkq1bx9M3zKI=yDO(X9whgyz};unc;7|$AjWdP%z_3?-N6xYCq zRqzLf_1_5SCVP7;{{ZxfAcVfuJplu!{{URqHA;4~MyUKJ@jr!c>|Plz?B#?=0oqdr zJdEMJE6pzA@&w2bGY-bP=`bor;#iRRTf#PWZY!1^wfa;0Ir#F|Sko6x)UIPQq)X*6 zlWE2EvCT8WWZ1bh!#RFX-5iOC1@u6eGdMV~(Wckq0^CDN`uMP*|p?zv$L z%1S9OD8@2Jd<<8>Q>*^(dHIM1xbNv%*xnP+>3l!pTb~Ht*=v@|JeM)J3b33o=hnXV z_@|+1{{S1l6L^2ez850L)R)sif8Naih zV>O)2G4ip=U%=+LN$2wN1`Cc2cEskaWi9i0g_=(-Mn(@)N}7pKI)ZA5l^HbE~J9&m7P=yB8J2fw@({ z{7oXUbP5WQo=zw_DYH)2RD)|dXA8*oub{tX&)OGS{hYo$cqig^lc+7XhbEOQwRqYP zR3`2uW7K1cX!Iz%ALxJkHhgFB{{Y2*4|q%Ce}`@D^<>rUZS>C*t+avTWePl-fI9aB zJ-FoKpSR_nHodv<{3+#LK)-3TB!8|>xL?EiS2alVH!f(4YktqHS*s`7!HVgBy6f`) z0803S{t7+&9oYWXKeG)xg!6jQ2mz zE5-g9y!d(Jtxv<(al-|pGtFz|wnSh#4;k;3Y>XdD^i3{%pAqSnT0WSlx`Zm}n zZ15JRVW}SwG&^9ONNz9#XRl7ZYv&|~$-J|a&vO@*GDxKk(#1|k;l+9wdGslx^snIG zjN|dIgZ|!RQ+Wi!-sU~UnHwAueei4Q?}wV^t!|f=meLipY%2hByX#$?$ih)OJN-6G z-!lr)%ELJW6w91mK^=4kcr2v}*;iG$f&-6J7a4!Obg9)_^>zX;v5 zk}Z*uASC>`=}6fehL;TX8={?=tx^75`x@`!)hzC9W%8AhLB>ZzL8N74Q$bgm4C;2y zdTw3~T=5jQmO5Ozjl7o9T^8Bp=N(6CsG?grKMCvJB2BSgm7UlVft{fHSAXIiHq%|x zZ05MJNbcZ5eqKrS6|z<)O!==+x=U;MA(S*kHUgfax@az~nKnjA7#KAYiGblWOdSH0 z0Cg3sq-sJNg+V7HpGwFJo+8v|)b68(-K9%nxg$IhD=a}AG05g6af~q{gLv$5ch2wT zvVFxrl{V8*xMWxg?30Wz6b$qYD_4@qCbqhXE+dt8pJANwT`jJaX@6ln8fBzwyb_^D zLsc8}E-#_Z=^hoo)1lNJ`Q5VF$DsOF#h#r7(zGWE7-5g4YL$)R>`|V^3q)v8Bh}45 z>d)+QS!yyz8WkV~;i;P3jxP=A*3-oty@R-a$_K_Lf~K?GmgD#912l7`Cy(~S)yqGzzzXD zPo;8j-$SKpD+`Q<9D&lZ2`dxcMfSFL^A&i=6~x}&Hk|SWd@v<=>}V%hpyJMlP2<`UIZ*y+V8mnZ0a5_>n zi?O+Rs9M}wq+3-a^IMx$Td5|D4a8$3(u1y)gtMPXxw{kU)>e;rm_aFwZyAoNq^IXj?LARFyP7h#f`lS7reh%vTWwU1KBwUyi8mHeYHJ|1xbrc( z88gGCe}|gzaZ+dAWSE&#hc7kN{{THt)!!8S9PpLTf@9b87qrxDynxV68QikIc?TUU z;@CX@01n^k3@s(o5<~mN+qWcR^XMz*E4I(9h9>Cf?6r%XXX0TQ^C4MuXA~&+7lxLazOxh8THTQTn!UBT>F#Zf5Y{)xX?5y0k^tvu(?x= zjP=LkUb*9+huW{(HLWkfch@?v_FDO*v-6Jm>T%6;)O}8N(dSxzg{;~5qQ_Ldf8Fd0 zAZ+K?r{`X}-XPPi?q;@0qAb5DP~3xFbf0581%#1X&P#)^^{Dx8jf4YvLq6Gtd@mkB8deXs@6#lM@W}^v`tBbS9DPGk(shGxCBrW^&72M7 ze-8xyHI-WTJ1Nw%Gd0hKpBTSo-xhdFLHMwmHSUkBDK>Yu!M4R90GQk!{Em88(aAsd z>=sCq#kk-Nj5x18tc`uC=GvEpZ8WbO>KgTh`@P-7D-?_dGwYFEhM#2>oZs44$(t0~ zCy_XCo$*{!W^$2pP4Pr}KE0`FmU^r@hlVc??q_j~dIQJ#=DPm?8~9qv%RqUW^21PR zBJ(jEfr|TaQlcqpd~1EJYn~Lb)$F`J+e+@eNSZ*ta<9zF2|OHb{Ka|~z(0w4H^;vV z>t#@B^I0${1pLV$&KP=dYiedP(DZ+a9vNQ`crm<3r$-y#Tep_ch1|?K$QTz4&4Ai%q=KBk+yAhNjS~$jYF3fc4L>L(O~*@&5qeKl~xlX&xZ>W8t3>>wXrB z%qFU-9`mQabH`EdSjv&_;W143pHt9vOT@Oj(&Lm{&&s&TOf#DwvUuniPnIG)| zK4QZkrE*G-W7&o^Ycsq+FI6k7e{S(3ZkAg3+?rp9kn@^q8 zppCgz_vfv0N;W>n1FeqgUlKBy|)`yP}T&P}C%V-s*0OlKf_S39U{H#hONpKPHb=-K`wRTDag z4xR?FvzBX{MV86sZO`So3QyCedQP#dYI^3Grs?{P54nae1gr0w<_ zR!Irxy%v(gJV#@pC!BW`&nXhLM#ZDLM#`kJw+_Cwn|EU>Z@7oRMd)ja@t4B?00(%BU(oOkQ^(q!Q&wmeuN;YOTn`YNHHu`wDx3pI~L(14y zKIXB!52@I}@lg0%#h0mWvCOO_KQb;`<#j#z{#BBmrD7tKU5|12_dcoM&1T2N`W5s~ zt?A7i@La%nnMOFs^&i&0{_&UmB7d~^?7QL!d|3o@YIA7<>fUvXdA9cfau_$RKsB;w zn5teWpOBsu)Abz|!aW~QRu?wJM9=>KJvQ;X@vfTl?KcpZ>_+L&pzBz(uIDSIYct2J zO>1!Mto`D4O`*Hr6-NP6e(X1UuVv+ zAd?dV&R4M3^$nqRuWap+U`g8r6zB~9ghMNZJBwS9 z!-*iyPy%ocFnIN@$`y|v=|AE28lDyz))tkjb6TTG>Y8?xt*6Ch%=LFl`yRF9ohMS) zd@-x&+Ag}@8`md=mdf*BVGQGyB~Jur85QHdvuDMB9{f!3wz@tjcs+b0;>{~ieL6-& zWQS7-0Q2Gv*qrnvdU_7@?tc?;iixujUt8H%U`oRSAqQzS*~ehhqU_|d9<&A;$a zUljN^Rk4R$_$A|bttQqq+sk#9688{#xQP!O4HvFX? zzo+JY%v|}c1j!2&n4#Kz4lCt9i_-YY%HP5I`stUE-$v3|+}%d|qebPH%u~T!jAV+3 zK{N7ezB(gna zAQws1m^oaGgSUWwmBU{It#kS-!at=JV~51j%X6>Z(wvl3{?u;mcfT@M*RPw{{D<&{ zgX5ikX*B-;4fs=A@m8t5lw0Z1iC#dxN-lDE=C-5pm9K_8MR(y(8(8c92=O!+4`r)a zy`;)W$oXUgu^*jzH7HpB07U6#^u4FD=3Lv`t-IT?n{zu!slDBV;(Ind6mWg>Tb4S* z#Ux+>yF7#3S0v(kUtEh@okpjx&1Ydf+F1F&DcSR26X}}s2p_~ABeom#woAZCAzU)4 z_015abI--*yqh0j{>|UB1;>uAM~b|2;$14%%F0xp3lYzl%0U2w_p^?b`_w;ZUlMpP z!x~qIz8P8gf58rx!Zv$bM8Rxw>bUuO^dFsixOyog@ZS=$=bigH6{OWTw%T2NPnLXl z@e}rs@y)W>YySWqd~>L2rS~B>R7ucgr(5XO+La z#PUsd@}y_N*(MJygQtY1qka3oR!J4^p=)Z4S>e2h7KwrVK9%`b`%`=>lfWMnbf1cz z4YoG^AMsvb)GcEGM{9V41celE5$tzyM)!Qk2LsKas7|+CrZ22B7d^X-)3dU z-8-|B`q%E~z+Vter{3#c6x6O`pGTK#S{V8M9_OcA{&mk7*iytK6ev_?6k2jqil=l&|V?3hn{z_|t5!Cvc zH4nwvbt(1htwY2Y{{ZpvcRNkA{{RAmv=97tv<9)KTIts?T|@h$#`HKVn)-|;i6i`t zyFTPEmuYU|B@;n*gxa{ZqO_bJ=%)5Vt@+;XiZ9@52E6bR>DK*}H zd0q5ol-h*%Gt9CdVN8kw@yMvE%*VLzTEfSg$tTh6yrr7zGO_|O=y6?6g3v*>S>Z`B z&>o_?VX=&+Zt8bBTC&~63`;K2xK%i{EfW3$8AMX&?+%8XqjMQcp}}ew)^c7*vAXQW z2R&-X{3DQFS_y*1CnG+hrZBP1H_*epvAnZjAVSIyUrNllhI@b^4$x++duvjefjQ=g#={!Y9@ujR2id@pJNy8!P@bgkmFF_f*L=enK7t~Rg^ksg@p4KACkUyt40qq+q-Ezr|5 zzeB6=ma}SgMUv{(rch2}C+`7XpL3{b_j9eC#0_T)jE2TSRif#h4dW}>#-k>k63203 zqacj(bLm|dg0;(AJ8eSV>dnYr4oAxTRM^@o=fWSfkA}2+na-_b7S!Y>OMp*8Mmvi6 z6HM@>)}Ck7VYm4wI}0e__x`kpIGq-yqqvP5C|H0&U*%XbTgz<15_U6yK5oF!a>_Ot z1*5>t5p%;F6*ZIM%|>{PJ0#00;nTUtr2>xUAEx-|1kdv{>_nT|(4(y|2uowI`Aqcy^+xIIT1tte-n z+C&?fS0^LZvYIWfr&=e5<`kC!8v{N0tlRlSF&B-GoKGBPpq^r^H(;Zzj8%{G_o`Zi zNhS-zBwN+SNIs^g+7%ew+mltbu(pw|UMGkGS$p)ZQft(E zNu#oY7+_();y6&a=Q@3hy=5ZBFTT#Ml_@GhbEd9}M)r4CxlvP%H_(wvdc7 zk=%;$ahRvE-AQ6ge+_mqxgSCxYYF< zxRqfWzHYg%Dzx~Ms`$HCkHS9>d^4%|_r(`(6)g1VjFLr@fx8?i=e=DTH#&AdNxlRB z0KqBsyU6tK9{$%JB)8G@(hbGGhP2Cu^Cc&cB|Qll83T_}EA^-0@5A}DT^mdAU&3z- z=${V!2M@_{aw9QIGUFdJag+XeuU3^S9Q7(5&!)}b&xO#(q-a_I@jr|2WgD*+FEzIg zPBJ(i=DYj<00dn4i&N0`Zx`Q9Z6wkw#{_chBiwf=&-no@(P=X?j{ViKetVh1z_rDjcuj#dX0Mw_=^0oVL1&)E(rK z>e2OJ59Xvv^tyd&d_o zCB!c&XGLagkR0^n^sVm@_}}5T!;b@M6MRY2H7nh2CTojDvvDI90O1)%NFMmjYY6oO zeCH?aCE{Nk=`mkg=*i*Fhp}U1w-4nkp1bqTf5+axAHQo)_$gn*PlS4wqv5}XdR3>2 zymu^yIOjJTypj*zK7h?I^dC$C;X z72v;V!XmOqwLVo)I9l$Cwut7dK7}@vZrY%hCmaeRD9TiZ5_%ERw>V_U9^5K|%-i~L z)A6a}jiHHAkDlc6aoV$#yBW*KxVB1=$Av9dTk$>A>jYMblEsO~Bn%FH zYx*Spia+3ly8i%)KGE@8_R-d~&kT4=$yT(`ZSHn4Kr{RI>Cg8@Ptv&Y6&}d+X;88I zE#a>L_$$B~W}V>A*{{NyPlo&pr2}nye`cz#s5sr6WS;z-``3TrZBxTv4z>MS$HUs% zd{Eae(VRi3#7K{)-CyD7`PZ8@sn;5II5~geFYzah$oRa8r}!z5h;-X2FzPeVf-&eT zf8z&?G@UcSpV{9Eyftg0-CIYt+UTHJLFexg>DHvw@Gk&-Lzc%*p7X|5(D=hyC}VaU zD17zDx21DlCBN1+U9(%Yt)8E_w2Dp?TW{+rTmmx^+yQmrT zt^WWDp96SvN4?cPAtmOia3W#^M*<>ykD={O^;6T~;V<&cg$d8{;c1IQT*xjjf9 z{<`MdN{7vm*jjJAXZyf%#++kwF!3jdJPF_nD0OcV>+0H&$C+l|DGlkKM>X-E#h==f zUh%LRSB2)W(0nuIe9)w4E(bz67(Ht4k@oujj)%Lb#Mahz1Im&_=o79^3UjqC! z)%;8TkrlJGsv%}Q*Bwn`QboyG9$LGA8r zXEw7RvrK~w2V+jV)E?f|?QfDPVQ!7Lk}AtQy|nq;QV(Z;i$KMS4un@#Hlc54YdyRZ z+epM=hjH|(Qn8e!(DHk`3B}>N`*gBQPkxHNmDbtoS6XBM7c78hYM!;Ck&L5q-kIZO z)UMJ`Db21(bdQ2D^{gKec&|%0GDs|@eY|dU>+EWY_Gdo2t?sFDX8Lu4qC01W+vSXP z{VUR9x0>b%zSjhx$J_(g)`Iy)5Qtl&{Zw*^{ zz&K|NKnHJ1?<~AJx^<`wj4{v5IjvIYPbp7Oo5HPaF}W{seh~bCW6Nyu_+vHZfZaTey2`q>e`6ax;oWr()hU8T91-(|_dv90l08N3l2i;v7-x1XV;M%q zUcISY-Cna>j6xU&j~zXQP}H>oe2*#!;$^@%Jw+mHbovdnSAj#8W;}$hxBe0RF4zl; z>lZMF4&3AQpt#fSe=_<_vshZ&+8dYhmpfIMoS%Ps(blyaO)Euxa#r(L6UKbLsXU=+P4{4=WhYQ(krP&%=Hl)O4e*XfQ4P(zu^!7zrpO{#34EDu;(? z8m6af;>!yiR?F=gAcM>^6Tl$-z$>xw#<`|0i+ybknv08!m;?0x0Czt_R1xz$ui$6K z-B;nuc&Edflg}lk!l;cEip2>%Fi*c~`V&vruQhE$MAVw+%xLG|CA@C^w;|>-lL}J_YWr|c`K6K^u-2en#lUJ znk9wAcCw_(0g^W)6)~tM0;ky?=U7~hf!)k(g9eJxx_%UVIlhwLM7!1ProFc@WF3d* zeZH=E%4uiR?a@=Dn`(M845(W(_L6mkx(KF!nWYXD_p8;dS2? zI;&}xGDMQO`AY(NfBNgF_;ulJQY42~*VXRTk5C9v>HO-P%Zhs+OlW$S_C?fk!*LT^ zk%t)#fPJbD7i!uzscC(u-N<9LB&2exfJR4uTFC2$$HTJtCNB=^cN1x4t}U8lAsER& zjd~}B{CTH%ds?%yva-4U)Rnfr-bn|b0+V((<-VutUx60h9WP6kTe#8QHJOBDWpnH9 zE6RQ>>bl>9d~7^vqTU<59(gxU5g;=Vcqg7etz$2W<502iFYPPhOTUUfG>UtBG#2um z%p*hT7yO`V4h2k9D1QoghT7&7OGsK(c{9f5&lTyy zMimd#tsBG<>y|oxp>7!>oDw>y1>ROMCKW1-_{v7y`;7g4|PuJ{qDDUkf zSwv;kTYC)jU_ikg^IzYu!0(OPH|;z7JNz*C>EV$Z$E)el9YGZH1;9`Wu=NBo=lzlE zQ1ywrS{;vvyhHt!uUVUU6-+Y*WPSq-^Iv!A_m;ZOn+4P)G%}z*xZ=6yiI&IaXZ#fp z_E+%d?VI~2{6+X!sEhFvLxJ`04N4*pA-RAPu{-?VaO0-ndBuO7UyF1*xooYkp3vIf z$1IlDakxLbWII@A>b>h4F=}$`?EZT{!6TMukltIRyo50f3F8$&+$I2DTvwqNbAn<` zwnQ0j{VAbd9jfL$Il$($=w_JWq&kq{_Vb?AAdzHJG)8Nh^-AvDO(F4n7}I%xfrjpKVZMw@5G<5r|oI*{{Z8blRSgLS8|Oj#Wv;6 z%ez?}M&bwYE&~s7>BS?W5$J!V--G;1p!lo7x-W^mD|>6Kcw1Mpk5baEA&^Lo8>nn6 zcN~m+5nS%4bw8U0)M`U1Dt}3xNiQ}Fx@V=L--|F5O)~C3&@Rx{fo&h2rVV4IP z`W${nzccUcbsr91eT!7l(&xn5RI^!M`KytCYI3T~JA$N~`sdQQ3qPO#0Qf17?6$f@ z?c#qAh;Ja9<$3sbFMFEe@-N&U}OKW?} z8Lj1wCWW(=egT1K{KD**eFA_l}hkIr5E5NfPuWpFP`&UhGyEG>sFe#oreQO$s=#0;-{6BZ4YTh5R z)-;!iEHwz0<{}0LSZDd>xjj3?Q%iAsZ*Y#f-k9Y1X9MjK_uKUu{e3Hfdy_5C<3s)n z+4~4v{4)5j56ABWczgaR9~Vs~q_Nr{jiA*C%xv_eoaH?0}8GOBRRpWVRX-W=u|Tv_~}T%^_I@ApCZ0&S z;hM#DyDhOPFI->Wa zUphTD)zZ$*l_NiB3VwpTqr|$U&Y>JpByAF_ljZ~7nGR*m1umjtcqT8gNZ@hxuIepr zSnSKACzwG8xcn*eGFv=*SJ958boVy^88;UBM_Q*IlPa&57u*7`+6apiBo7`)m#0eB z@cpDRp>a9L<1PHFHZyWnHq$T)voJlnR$ixb_IqiGQi|Pk>qy-5CcKeeWsO~x&&)~S zS6^+V%{H8~C@jEpv~&~!9gM|fNT*}JqUXLV)%-2usJuU^Y0dUxa0z4Dt}mf+iF3rh zB}~ad%3#NFE+Rk>4NZr6WCbcywPvQ$HZe?Y6U*6**wR87x_KiRvIgicq z%0$b{L*V0Wb$~-s)c<1R%=!4Yh>@@30Y$gF= zf@H~U#~b;spGt#Gi|lf&DRVmV;~foWDH@!=iM0c7s7o!l+QXfMZRNGx@yI0DJv&fpW62ZT zNhw8;C^-7oOogqcQRRkA{J@^n8q=3TDPyvdDdZ|+EAwYK1M5Yeq2cDyuEpN7r-BXw z8Gp@Dw8HSE4$Z%Po;deI=bevKEne}Ql-njgdgx!--cfV zel~mv*Y%4luLo+M6g1bjz1w4O7~d*LGL5&E$j>+=a5G=YXOBJyHn-w!cf?)`@P4al zs6`2D%Qc9Z8B}M@PBMB|g<3Ja&(JatZ5k<5-5uZT!TVcym*I`dcq_(wl=`=VE(0~N zyFw8d926w|*5mZAvVJ7%vwUOIpTvG1(_^sHAcJ;cBLx)qBdM>R#ohIN>3 zbnBV!9}2T?J4-S3&N;6lSb1Hfb$e6xyT$(i58&|C!SU9Yb8h-9ThiW0+%RHDAc8%G zY5WPZy1$EGx$z#KJ&bqWV1n%b01+KMayS6jn^ugNy`kfuw8x8L@OQ_XKMGpQr`p}! z=oa@liIm4QgM%Wk8%fC|el_H6;U9|;TF>JR2g7H^8eCC}xh`yE!bAzi*XlFvn!#b1 zdsJvy{6_JfxeQu?@XfxLBDq;1kYgC{TAm@&ykFxF2gQd z!|xSa&wb!~`J^z1Q;6g_00MsL_Nr2`eBBS){{RDgA^02nLw?RaDe-rN1+AaN%{)%d z@wrJ>;xbudku&#L0o$C{!dA@&wKkJ);wx$NdufrB+!Z72w<+0&ZhQX#lWJzSWYhd< z*7Veq!hR5Gr!tQw;#MCZ9Wprg{&n?d?ALXwd_1!8J-2|at5wDpvx|C z*BR+rtFt#NYHxf;@z;lbIY(lj5v*0xI|qu{8UA}akT^VNxWV?Xm3&X|zr~s~7CP5~ zFK2_0kNeHb$8f!mN>YGEspqnI^Ig$=M!H{(w9D8oU*}tdQpqp_k~@#5{{XJOfw9*- zIjL#TTULH))5`iB^O&KRp+emikH0+EZ90}QsY>VR$HAZ4cg0@@ye$uf zbnPF*diI}gfZNG-r_GGxqOk4KzFqjC;_ncATk&R~+U<-M7Z*g_qN8P4=Q&gCaa;R- zf>cTV7Cpv=;(HqijkW%-EP~BqoQ;lL6#(af)bn3Y=$YY?{KPWYQ8q-tpKZrE%4fz&YO~$D-)&Y#`fze9+k8Rr zZ^Z~~9vvdid-jbPflxP~UZZI1LY2;?Ri9pbCGZ!4Z+~Zx5MFrF3q1?P_7b@X9HAT> z;aPLkA4>ee{iS>vsd#5z&^|cmWfJzp1iJ-DH}<{x=tvya@TGQb2{~wc$AE724~X9l zbsru0a`MXKO|*?Q_l=EJ`5{E0hKD!~xoodP? zJ}2=V*TZiIM{jHqwL6cTZ*EA(9QF0D55N7VJW*?-+t_Mxz-|}!aWq5bC$A?T<6iV6 zmWchgD$6;SGF?w0Z;ASki1l+OsXD|Y`>Mx~YutP*Z!3qriWZ#|0>li39{8ayPtc&b)b*`DNz)-oB%Stha2CC{#oq$;`x|{dt}hLoQh_9L!ys>)-yh1mX+rAf zqN0(3;x7w)Y0-WhYZn?cG5D6lPTg~GtMbpZ4yrrxUoBpK(6*M|1GMobn-g8%8sh9-m_ zw-V+^W=*AW`VsCb){UpU8by`t1jQ>17?>ZI-n@#`8b03-UM(vf#+l*?BUr6(6b0Rl zz*nGI>K5~cY=WR<9QCey9)xCaJ}cLwdzdZQw2=dX6k@P6>oqboid@7`8S6nZcQsvn zw%dYY&r?rZWb%&QhNY6xiLTo`mQg~h7%co}sl{^|XNTsq)f(H=}hPl^vjI9I^wqr4g2<>Rk== zWk5HB_)__=aM|0m1CEu_s@UhLPUlOac&A#@A(qD0_EBWxm|a6B;13n#-ZJrrj&$!6 z$2GRGe+8`ZmJmT03nGK_1M8n}O1D_XG}1aR_(<=s;Ei3%WCkinApZb5t0A6qlH0)R zS@T@!jk*k)HsOM{MR|XYJUw}Pd2Ql7A&2&y0Tq$I<+3RU07^l%z8=SpwMG@8eGgml zCywtfycMGzR>|9BY8e=ULh+t^_phP;6Z}hyO88f)cuLytcBO?Wgw#u@@j7h+1gxAAx%x-RwZy-8xN>8)kz+GN}8Xge*wNB>Xu#-w9;p| zxxa=2V|H(tFziVDE9tF6Pq){!h+g2bh9XF&jNzhT(5dW2d)Pg!elNwiZcIy(>d)2B z*uVC_{@jB~_%rcuQAoU50thsXT2}!zNQVlN6VgyHGv2;s{{Vu8e#h|&}o_#iE zMt@MiaM>BiJw<0uT&MOGdKBx@l`7HZgq50lrk<8(?Z@nU{{RIO@Mp$}Aox-7t6b8& zJMjV7CY66F5J#%<{;kRRQgQeP_C0+s#y_@ed-Bt1!4n{IFUY#68)z98GKx*$}*fJ_S5V)w=#Nfvr_UuN3AZc zZ*8EwvABZr&Q%gcEKV6DQZgAx;DhQae2-e`bH2y(b|Rdq$MJQ!N!g#>9t-4jGky?QecJYv<>k!VxBdepe^Y)rZGXl8 z01hv8KZSlQvePwtnGz-}on| zi#$i-D}UNY_HooFUx_*{E}ugLq?f3ilWi#E%sIlIPA~~L2j;(rAGXhrHEX>u#@`Ws zA$X2EJsr~4>dSYRJQFF}=`>@OZ^N%N*sjJf>t;?_ws{Y_X2XPJH*Hp9u&tl*~xx^qVMeb&0475>>@vhTxx z*<)Am_l^Dxc*g$#UHBW~Mkd*U29r{4=U}i{OWi=e4sF+-T1hu85-&l|%ED`T#2msQRoXs>kJ? zw%Vo0(|l*)d--LyVv-`L3>C4_hhP5yQLnpx4t~+sH)-L0H&H*?n%o2-Ok>UiuQkr6 zZ4Q}X+t~fY@D`<0RI4cY+w=d1MEd$ zqjr5A8kUXE$``ke>&(1Z{D98wvpoS~Ye&L<5x()ih^@RcX>0p}R!f%K(KFB=Q(r@c zNBIk!)r|2IoODgLe#v+%!_a6R9n!S8r!VBdgO$eKItuOMiJ}3B&pcOY@>rUSR%Oq7 zarTssF@^*2uC~JE*4<>hsEX6uq;szE)Z>qO z>>#-iqDJ^u08-{hEVe6Zy8W))2=SGnOPGdGI*d)M!u_kqUyF2Ca+@%yiu5?0|i^&zG>D}$Eh%a6DZy?xyO18 zPfW3~vA&E#w`pj_GxL9Y&{h8c?E8HwS=vIt@sfCBK#F$v0#7yL%WXX>-ibS0&vGY> z#H;smde(D5(M!ZyrLD3XRE()CqdRkwc&-{<7`54%{KX{aZ%i7@!K)gu+Om-ZXwDms zJ661!L)pM?hSyEJ)p(u@+d(`K1V%q}j9^nI zl!D5|EN@ojhShEt)K{P;qKFiTt(1BWVv!a>#H~#<$#9lMkHM`6Gc70z*bGqFmP(qJE z{yx>u>)O@cpKAn~T%K5s^N#GkfK)i@TPC)>zSd$!gan&tJ9EkWD>C}iT6q;^h$@T% z#NdKGs}qu;HJsDL(?K*WxLgOo`H!_>c#6?3V0Jd~z0hBk`Wi-N4vD2CzD$>FkdfEx z?OvS^hV&KF%w}tr)I8AZC?jD~IRp{c{QJ;t%!@uM@Q#%hm!{p=UKyukD)F3rtPh~= z&3Uo4nM#O?hEvT%-hs@G1ytD{K=VgaP~XI6QRS)W(DXHvAyDJMshZR2v@aVnTZL~^?N)7z!M)}A;b2Ap^#7Yv#-5zVzCM;$m^v@`X5QtG@EFqw$N?XD^xfs z!6O}xD`FiDHE{OQ{EP<(%t1W%ubQt~?CXSVHaOw%{mMms32SFNS%~3lgYo|W#2*fL zLJ*0l882r$ZDB+%(?4Yjyyl{fCe8VJGvEIJXRp{F_L2Ro(@ybc#4!H=1%3&c6x_>y z35MqW0gU-^wl?Rp9xL|G;J?Bjfxok@ls*9cm3|u7>Ygc(AGK?;LFUOL4y^MKN#~q& z>&JTasZukkQ?c|J@K%MRS+|NlF6;Wnwc?P=DnSdMv)f8f0I1GKJuppry6B!P@kWzn zCY`rW@Z5{F4#K$4b@#5?a5$wdhpPBn;l`1oz?watnRj7&SM48clok%$=jO*#$LU+Q z9vHIH^&Kx$y1A16<|%x|M*bGYIQ?s;5g_z$6ziIdLf=%MQMI@5r;=J|+Tm!jJB;^)rOX7*v!fEtf8cl9xbwjXx&;ow< z(!Vr6X@A=5;cx8yzgqZ@D)^IEh_Sb_w46H$J0p*C#dcDpM5SZ!TlT2`0D_kMSorSg zrRa8#@aw_KSUtRR4eY0&0eB7XUzfL9gqPZd&GC6;xsi_NmA5l{p>BX%dyLCVJvp?5iQ(@ zY!F7dd02K(JJ;+#>?QvI1cCVN`(N8w_|L~u-~1%_K`91lCy2#+br?MPVB-Lf;yhM0 zYFk6PjXP?8N#6wj0A%0T{{Z$*(Wdxq@GIe#kK+#-MCxw!T}Iqo%4Izn=3$mRbQm4R zYu7bD6?l)rm$TmdU(|GcPSPMkSfszXFk^){JRf0Re4W|f3!Y1Ey1$O~`&)YpG4Rvj z&A}V)t&T`iaxgjd$*%KIyzqyGp`T9hEEZlN@dA?@>WbMjFzNE+io$DCvMBg##-9{5 z&kT6~087?9Wv#u8%PB1cs!UTT#sMer>s`l)ej{qWG>*{tcHYBJ)25I}_{jwiUBBlQ z&+S$0Ybs=S^6A=Tj8I!Z4a<->g+F-KjlYI1t~BW`yi2K=EgesnuyT0lMrz|Do=c(3 zUHGm^Env`Xq7vJ{K#EhD$t;o1wHR9|m~G$2z}= z@1mDmzLx&pQX71SAsl~?HPd)I!1~vSWwegM+Iixg#^02JGg(daH)_cGo5LTosE$k6 z{6^E+&TwOi6-S>hCdJdSE1@UhnZn-Z=xvz-H`IiI)hnqoYSa%E#aSr{utFY zNF~40wA*es7MVuYU^}0}y)q=Zx4M$gN?$!T;1wJtU$Z%7Gd}mjda;;IsUcO6WSsT- zSDH_yeUDY1D`{qeWyu3QMO0&ATteAgUIdolqht)R#%q4sFB_ ze~Pr74k%Mqhr~ls)MNqWfFT<*>Q8*vhikqkNjF0|*c0Vb(~7A_pzYA+ZM6$uG`w>H ztPVDxy;M_8mhSy-M2QZ6yx7myrriR@&5f0<-l_IGvcPRWFdP%M)0sau;#nt0rGL-$X5@;zTx*RSu3L8597s^2#B!n*c3tFc{Ar+h0L z-DuV@O`*kWAc;?yqXeFMpU3%EPb*x)4xH#ieaz%wQWIx4u4$KgOkmA6^_S)hq!H^} z2C+03R;v;uMpZkDXOmdT6~2cnFN`!jA7!++R_T0tAz%p}!n^H0_7M4oJ)YGMlD zWpVFV%B6(krOvWA@2%vCR@k+=k>+Iaitks&T1x3}YSy7{umIy5eaF_CS0U0k+s_sF zTTE5HzGSs2!;)(3J}K~@iqgrnSs^IHV-eFny=#AFFJ@VjMzFS#1Y#C&NXndpTOZkw z%Lne6NdSDgsz{lm4(iHXGi0|dzTL9QG1HpUhf;lA7zGSfK+bd1j8z$)bK+U;;*vPz zwA$t@Fd2a>5 zKf70Ox%yUdrdKOHZ%nzj^7dTqxaT{N zm~{71t;0IAJV0Xup+2=|L-A$(znveH;@=I79PZB;t&p9pXa4|iz0L7}*iJHXAB1_uKjb3#H=XYxg= z>NnB-qSD!C|Vs4d{W^JG;iBIE)OUZ0QQUfnZ>Fg@?# z-;MQO16=4AjUSxCNb?vxeR1ht@9{I@Ri>$Bd*VN{vTzyWN8CxR2kg(EFT6nqiy&jB zi6j6G*ub#S1L$B-#>)}xF2o!2VBwZt{|6FvW6L!Euh9W zfJJY7Gq&*`iF|df+3UBl-RUAxHJDHr%R|P`bH;xfnKBQ#H9ZI6{*~dGF14=`==QRM zx65;#qaVkPmGJMxeIH2CbsL|F9uI3D?D-U#F0HsygQEMMpPh5L*qJtP@9`H-@!!L3 zLM<~^yVJFeg+OJ&lxGBccdB0tZojwmfum|6WJtq6M5=MdMo+KSntcqebKX4Cw9gBq z@Zu&_A1fyzNA#}qCX>l5rkdAN*dVV!=>~4=Xhr<`L_`c^+ zcpBS9U<`fLuyQ{d`ZvM))y|&lb#H2u+{W07IXPJf^{r#Ew<#6%?~ZlP6y5&-Xxl+= z5ny6P%K|&|+ZEGl)_2zWT(?ul1kyw|7~6uxdJ1Mt^H%Z97k1ESb7&B0*UYE)zDnjm zPIK+)TK)~P*7Q#m>8qv2s<*MaNhbq(@&NqL=~knuH`d1|;(ysE;$DT~i=BJNS9Z72 zT+X*v>l!gZ7|s-A{WD)`_)AOI^muG8EhC;Qg}1;^gl@p=pQdY6^s!D?JcnHPpW>ZW zHH|Uhmeu2t)owAvbsbOguMW5ICFZZHXucBFEq>E;aU(_|jdI@Y$7*&%n_(&~nBUDw9vV(B$KbWu5jWbaAL8fUM65UOu-P%QHrUZ*B%zJ`5XF05$X4SA^RLQp9cY>iek9Z*nPO|ynblip1$pWEipN`rF`3~@ zjXLvGhSJ||^p|HG0^XJAy5-2!?H(q%A1dt|k45&X1Lv!lv#-e3vO{o)Ks@8}uTno1 zwY?+4bLoyF`yZO4XafvMz~|~{G*&l!C3C1w(!osbhn8O z+QpdTa8JxVC}lZV;{F2Z`u_lpwc86H5L?4>r_U#n&k*HX9Wr~@+I|ZCntVT~OFpph z$8V}zZe?OVVmZY{L_)3D^y&T!_|r(zw4V~osG?~x$s}@lK;-`bcW}=gKb?G$@sC`T zYAvN1uJ2XBiMD*gHUog(oK`Mf4I@(Q*Y<<>8L9j@_>X;}cwbjC=$98iXw#*Qv-_qQG{ST-<5BLjH(QRx~ z#I7XOe7M4~97)rXYxJAJ(du{J628&&TWf#qJABC(mI3Iboa3nARhYfcMbLa86zdZ~9p(O((^+mInlr&2v-nmO9gLgQ;=E1dcn$8& z<>Ypjh{NTT!h{*XA57QA-?Tr)9~<~;T_?m^P2hsg?o$|+Gln5YMeW+Kja!>SCr9v` z;`fNWU!>@Fy37XJ?bNAL=n3Ta=Yv!}Bz#c#li{COLF2iZHUNcw|%=SwP@twrd$JNQQ^y{-vSn9v{^&biGCyEiP>)FtWPfoOd48 z+30%A)&*{D2Hip&G;f>`eUH5(zKraBqvKl{zB_yt()?+rBv)Q1(g&61uPwAL4o6eo zzf^zVgZ}`xMdyLMS#$d*d_ljv{{VzzU7keICY*lm-sMLzucqQS9-@>bYsGas>B{QI z^%JY;^V#Yww=ry;4jiA*kEpMv{to!M-c29-679-PjC`g&$E9;MprsuNHO(tNEAZB~ zRz&+P+xewO5<==x(DopP{VVu?{{Vu+{>rw0voGzx<6Au*&f+hJem{u#pGi=Fq&JSo z?GXdO05Efo!*ABPo|21RYw*A5a?U5=pNxDzHjQ}7cbJ*W0#~u^UUJ{-BwPhha53v$ z^v(*D^&%|boRC~}^s7`OB~`fJ4*&_>7K*2Ii|O0)-aoK$4W+#mqs~Q zmO_~juTp!}@L+wdgR~GvDVxFcC0S6)OknNKIji&A+iDh*>6faP5X>;a##j9GqQ_M^ zAK5Sb8?*ayY9ADS68M+)E%D{-6Z}H(N&8oaZXSP{^1+)S06gV$x6|fcn{!{%&E>o@ z+rz3RKFu)sf&LfnE1t4CV=J5{t6^__4aJPHhHwkS*!!*RUmO0={u8>JLDD`WX?FI| zYdSzWez_YBrtZ=51is~QgPz0QxFoeG{Lc8>@Ok`y;Z0k@*W_Jlc9!pbqpF=Y?rXX%<&u0N5JqNjn?V@QT8&rC!j&t7o;%P2 z?Rb>8AoUrk+CeL;NJ_}ZiU>)e$9#-fk}z=Gb^I#yFEEb=MI$@`+L^sR$EJKD_?fNz z5%{6uPmI19mO-g#(=Eh`t+l0u96AI3?oZST{{Tgw*pK$3@XyEJf<6iO)nf7LTAJx` z!>Vimz1@@j);RmyN#t^JYGkxKsmAK(-#!+!wbAY)@b#fGcy{GY?wslT3QkHKd!O@) z=yksjth$}1xo?Q>BO4_ka_jG06=G=OeDnKTe$So}{i}Whc-P=(iY=|vQM|S{dKKd) zO_re$FAS)0kV6a{byi{Czs+0YPs0xqd>#0k;!Oj_HWTO?t(K#8Wp!&hZITI<$Yf#D z85@BeL9TF7Jl9#%Ear~d=GH>&Kr$}Q6#C}3d<@b@sHCWl@)&!G1L>F}o@v+1R%UKF^sdGWC}IjEjD{U+qB6P9DA?vaPcy}CAb=4eILP#@-2+Ry zyO})Gy4-xzKoNzH@5K~C(Hr);*(FkXzoqTxGKcs*wo541GLj;)O8O%Qwh0t zvgfb8a~h3><)IcXb8H(ua%upM&L^|q8c5zla!DtTt!pHKt$ejRv6HwS)ByxHlUm4I zwg{8$+U!U;98&@vK`bMTF=*BH=Rf0Iw0fn4R&xkKt;m1j=tneIXxq?d zT}jt_CP?mT{{V?Jb1kHTHcjAVR~#BZah@O2EiNvWH$gOkfOS2MdTzU+Ty1 zE_mb$Wx@102GX{&JA@CMoDIQ3xoW3#oi^qo(?o@rId83RHj{629kt1n#?fK2M|z`3vq@)&qKOYfoQm7Gx}6F< zO^yfPC^s)P)K^i-6wVIe$*sQ)>M`k#VpQ`RIXUMdiviASklfy1T--(q?{Y`5tb0pA z4a|_a+bHkrSOM2s%3+;tCR7}Oj9`lIbw#&_PD_h$=0qPbBx0sp6&GWSms7HuAXw~v zze@D~01W9-YZjqfWY%&f*4#2HDR~>5CZ*twCqTH>buBW}%aP9JQb_>&3iFF;o$js) zRzOa1o|Pphsnx}-*+p)VMv*w=5!@eI=JhC&dr9Vn*j;1f{{U*TlRD`}?D<3E7sX@Y z%c0<#ON4_^mNk+|N@PdvyN-RUTB%j{uUn-cpk`TT8^XP{aVi5r_{4}IkJYk#3{+9d_=on6Z-KrO()B%KN*e9k$d+GQnIq+A5=YsmgvAl`p8{-5Yl&?}To|&&cHQPS6oh2O)&OaZ1 z&VDWUnBG3ud;xLc?ON7*r?{6z-eS14bITZq)b#bQjyxIhr{aIW9~V#H4;HSwrRiH5 z39auH!N;*YFrso#bG{PN$o(7eCbi+u8)^D)iEK3uJj$F)2$Sa{9FjdSabF95(|-oM zPvC7ud`F~Pom1g{sWF-hi#{aNt^;I-?m6bUn~HZjVJ3R7!{6I)$G#r;J$>-EUGn@@ zqr&P^caWvhAnlTHNX34-e#~DJ^xqnO&-!1F8(EX=mbWrNBy*g}5ddH})c3DGQHi72 z`0Mtj@L!02A$(Bq$H(sh>QG*5dT{#<){!Rycro{*JuB^RfWNhjzYBk6Ekoe+pAW6a zi!bK5X%c52yGa}7AmHSHPw84=@erjxX0QJM4A<&mR+Eyk!}!)+80s2Co)^?D?`*E@ zl6lt~O|1PIGwaTI^u=}m00Dj|YTpfRyl>#Y5?R^!li|L<41(gyQS(J3F4o$5VTVy( zT~{58RN2ni_@7(w&YPt8S}j&v?+Mvm87%GR`Hi~ggbmji;}!9D?M3iwO1im!7x+r; zQ%$==Ik#2+0FP_F4o9H&u0;!-22bq6`$AqD3%>$g8GJkOMhV0+HM=x_+A(7Rh|UlH z0A9Uw$DS&d-J{ZV+qTlJ&A}7-oMDdy{eQx`Y0xz1F8Fs;_-o*OV@)@@rH-ef%r{Fi zzs`X789hg(c3O|^5#Y@(XXq1bAk zAGNp)B$YAtsLxyj{zZ5%#=A`uMEHw+Hid6@;r%l3dG?-6g#r`Q4_>vD=_8_)`ZJf) z{CV*X+{0;UuGwl9$S{UT$aOyCXFrgyY|=hBd_!$M+Rw#0E{m$9asZRt3`!Icj-&DG zTr;QG>QU@{MWp;*@MZ3ucDjbH@ak)Awix6G%ni4IJ-)U1!|~6-QTVIFx`widmO74` zcr_h5aJb1<`<;(GezlUORIYmW!w((Yd{ci7>sOOoNpo&uwwrVP*#hmuckR}`#PJ57 z{hw<79oF=lPdjjw0-)^#af94+t4Wy3r$ZcRQ0h8avPWAfqJ7CGIU~^j0G{>Bc%Mtv zHCenjYXZd!*%n_oCJP}Xkbf4ccM`5+_^ZN;6|lK7l)5SmS22>VtU3^VL9Uy_o+{OR zXQpa82}aiMVnu>`i-W#J!0H(H;;J;+q;Uw~yi@QeP|^G~ajxjI2`{bN%`mGF$hpZR z*SP!~&~LsXwcUi;`r1uvrTwbS-5f904Y@x^u0qp02>@ZX7EAd*iL{4?;*uW-?5 z+Lpgkom42Fj+@BA80i%A&KM+0|+-W*h)~eP3=&}gFmN(d>KJLUE z@;dadV-HHlMLO-u5M5e7oc{oUI&X{q7x+6-@b;sw+)EA6P;JzZiU8~R*U+t5~L!JpYP_JsYU zVDUb`@b|(H!Qt&SGA{LP@JDw2aS_KSAAqiyL7$;vF?6uhIi~E9iTg-?$G;c85&R>v z_}Me)T9%om%^20}EhK3rw2hc4lW^eRk;kE{U$b|{>x~}GW@{KVO*ZZzw-)8I<|Ym> z*!QlgakJF*u=$lbtKB<~5By!zbT5q_9w2wn+)DCxN74TPu=nkuC&7Jvyb0nt-d_Y= z^pXB)Y$iM$k3pW5`fo3eH2bfJHj6yke!rmIz;12kjlXvyusG?^^V8VY7Dq)Y9`(+1 z#{U2WJ`;HI)5I4(JJTI(XR~W>w#0VJX86juBd#{rpCqLRfU{oqJGwa{B#&2JQONgFRX1oo_v+0M&HQH(-ic0k6av%5@V z8Rx0(Ksj_Pc!Eg8NjyvgE;v1^g`Mx(e67STN9RgWAm5JVCIMssuR)R0p`HOM6BK_+ z%2BY)nc|h8c*>AXRMH)UawLE$2NU@4Mxb<{p{o)cI4Y}L zZ;Dy$mrvA$V(LgH1wlV_f0Aox#LL;UGf~x-TGSg?j@AnqB~TtXmkXSA1KzqlGG8Jj zVyfpH42VqT2%C^@Jh`u4ewD3Nyd2Z~JM}!J`0ztw3E6n^0;>b*T6p+fMQRRsM zZd8IZpVqoykDtZWv$6V%@vFiA0BX~I8Ee*eR=P%ys%bt+ml#x+XHV3Ab@_YXy-QTG zzPYrzy1co$hVn?>R%{2ukPbZv$LC#ik>TR%^*>iXW^WnT+Wogi)euF-q@6u5Hh542(McUD<7M2pT*3&*q2<;AihXvw3T<{CLv;%co?XhGpo7=bJ$M!C#-cx-JWSxa zdHw<6-j!jjCE51A_LpBfJ#2nxe%Aj0vsJI`vGHIpgm2~5ehYY+e%s;ZB+LDuA?2<7 z!NEWXDt!p74}|*el|1u!cVAU&3z8EV$Ia_m$)A0~xxH%HeJSGq0E^1Gzr?hbp0_yv z0Es`dFx0gPwXX*1P}<8JhJPke_n-U9bHVyolFQ-m73+7l+6Rtj)?WJ63PW>qGdLi6 z5>FjCHJoZR^ghCkdUIEi?>`H_YA@PH_IJ7w_)EsOnudWBAbmdVOz=7=#tNM6{x8^E#4i5Lr>?1LKnw)2Fkr*f zV7KRA$#;h0f?X!_!n%_QUfp)Zk;IC51bzqfttvf9`XSZl%5iu`wS`45{0b?5?WgOX z>=XNITDOCv{gQqy_^bX9w1G{(hqaY#Gh4GC^mjeEZVrFKzhb@;{4wzl!(SijD{14m z@kfJi^wpIhm}S+$`D9lFjD7E32a8`7$&i(?Wy;8zX0VU%V+ z!v36&zgqHfG1UIF`Y~|=#&F`oOXI`I$9>}c=)W!8QvT`fzAcXRbnQ>!-^5FF*E}yc zXr+R5+<{qf<|nuqAd38@@%O@C75>j!-KEOvZ{jb7m-h|!4NZ3yw_(cD|u=piNZvpJT5VTiqf8k%wuNx z&!m56Ka0|QKk@$nhjn=+^Xy&L3&qdMs81w=$8-7D?=`-sXX3pEE6o<_En7#BZ-u}G zvyO(lsl5*e6MLq7^{r}2rE9kqcec%^+%poY+y=*`YsGUE_JM;pnj5!6S{h-SQYU{l z_SxV>QVv1lzDD@dsm0-+hTj%`(macX(;Xutjrq<%HO*E``y9Jgk@&^%lIGbo(6-Ve zz}S&;GBci-JXf&C;746b-^6xzGD9|gP^92<&lTs%pG`uY(e=-PKWQHpcz40K9}0X^ z;!8V!4m`!}-MDomecxZeSA^*#5MD@SuWnSSmteQPgfVJD%5b`s)GE=WL8-xZ%F z;^{BvPUS7K27NxYsxWJz>;4_qV*4~DBXS-ZKo zpJ;K6^ImtV#d2?!1RLgT06;%C<48xM=)N6|tYe<~NmAupG7Z=R6}70`TD7ZN%Ey7% zzG;EX>GPya-dvlMaC6OeZQ^YLEfH+s(wYrh%*)(w$YJTWiviB*@BOKGzi1Jb-^K+V zFTDQE4DSNQst!nAc&Kn9eT`2I*?qPzH)tD|A-x4>_@37P08X%&M~_=iW);d^K}Qc%-$Ga zDeXq5;~i4>P<=J+oeW@Sba+?y-Q3nnT@E>w;FjX!B1T+f_xq#PvTp9bs zcg>O zOxL*hBjH{AvT64^m9^!J3BT1A1i7|CTV9z%~x z_3bXoNo?baI}hBG^8k7urF^a<65FypT5#@7b7y6tMLe)W6_o69{{SvBNbg>0t9atm zLAILq@=JD5r1^@&Biga0P08H3I~gAc{uh4IzqXHz=J3bC4+=VXNn6Ri*6(tb)`hq( ztbXwWKPbts+<$-{@K5jAkM=v8M)5bqJDEN_e0x|@Fw>{nBe$15Vv7tD2O}pZj@9c@ zrDF-ywukB6zlXd_;>{N3{{Z50>Dm{=>7xGtN3o7k9EKt=K~Be~;oi8biyPfKEkD8E z1AH@eqgqOvBGn@xsseGAeDmvp`qzCpGoEricj5QJd+!NeODBwV?MKDFBbN-`XdXx; zWRRUZ*RJ1bNu)rxQ}~T^yIW*t`x#86pH2w}@)f*c+{Dqd_=h)%^b1ey^KW*DrD3=W z_dw4F+lq{9Hrm446w*vOoJdx3B;1n`{6KcC5(ai2Esw!Bej2p3gH?IuxQIt}YczN< zu^1p8gmte49u&Uty4k~`>2us@YNs-n*RWgz9ZOpb4r0sj|TB0vhZ?8@bO(#sg!;me$~J5RNoNzipN^; z7wr8dwx6QPO}x6$R*p#%oI0N7zY08W;yqhj)#lWEOX3}8#JY>glQq=kv+4*Z*ZNnd zPBuB}o_Be6E*X^WDbuG~%?PQ$Qiu-&(zQpOKQakkLcv0=dxrX?s(>h;@=(W z`gA%^!_5-IQ-pr(>x(H#9eNgH(Dbg4Ows-w_y8`cu&fGK#bvYk7B~_b( zdxadQU$;nrw(-fHLWAwGvZAI_C4)wBXv{VvFg`8F0+Cgi(M~D`)%RmslyOQ_jA&*ms`3i9J<2FVhfXQr#ngP zG1j~3>TRRR0sL||(5Z@|~Q}13;qIhpr@lLN9lGUUt!(%uc z=hCsAOK57PWPMNJPl4J!l=gD?rA@?5GRVDdo49$QCirZ6g2+a2MXTOyiWFQ)gDN zxYK2VM3&xFa2Zt?90SCnzv(NV5q895l*)y99qO{rYlrL<}z$O9cs1xIq6 z2|Gt4O)P0H3H{;5Po;dV@dx4$gf#t9=F3{v;nLw=ByHgBKb;pkBTV4D1Mx$`ULn`y z&@_!n=0t6aGiPg`t$UA;v~5bl4ItWT(QUXS0Egy`gVg&PT-FB*8eSaLthDr&Epp?^ zxIjX_K@7vx*Hde)HP4+aOAL_X<#E=oGclBUl(iqXmA8WO&fy_{nO&EL2D-Zol$OP< zF>eBF3cw%+P(KQM?1rps*=om6h3!Z$Xjl-q`?&N!okOT<7R?}%-Hs3UyHU=>dC!cm zwF`Yd>h1jbEn{87Y7_jc$8`Ny`%dTtos|z99t}$a)3k4dz83KY+s$4Zf4Aj;l=M-9 z)ctFq(EKN3;knWcJ=f&~?FTz+Da9HoEsp(f#5R&aGKn3AIUKLOanjnzCIqsuJpFyD zqZ<^N=H5Q|Vd5_zTSaN3$~38rfw!p0IQ6eLg5SiR5oolVw~otJP=0vMLlOK#>*-r1 zVYAY_2dns|3zlt8@$W5|;0?T~Jx|iUg3>hIM^?FvSjil6Dcr@68%M2DXDrdT;=c@P zEv4FBMKlFWr3feUozn>+B*)A44|&Z6Hu zk~-v9j_R|CE+jUn(hy3uI~aPMW{=_BZsOEmK#@mofk{w)X09K{_xI~#b75}r#eB*{ zWrqsbts?@gk2m;#W#g8+x4XT(wpd&QmMk1LI*@bU(-rj|nWCbglqeDp;`O3vOp5kB zKH$h_o6DU1py$1Lrl;pK&enl$mNHjx8O>zTCU%Rc+rgi=LhKo^K<)Idj(aUS^<u(>OPgXZKP?@*neom1E6iCItAjRpHZCrR&RHx7_HNG zdK&H}@M1%wO{g74)<;qajhij_3eaR402+7`ynbS`_B|@q_4Icy84vb%jP3{Ci-`VX zbYBVT{w(q6@Xz+Ot*)VUKh3&9l6{E&b?rLe!zJ(pZ>H)AyHJfwN6z6t(4Wq|YrCQ?Of zUjo=@7vI`C9Pesfvovgbgy+ z{?E5xwQl**$5G958c*#5t@r|cH&)cNi9FW0RdS~xMtgeHNR2i^Byb4#r?Q4E4=lAia^~ z{{R*KBKX5y*Yzvbw6udyc+~>0-3J&vepTb19F;HZou;;yaTLw9s@&0`()NE@S zN7h~jvu_aSntlD;3k*BJ7;Va;vwTah>0Te#4TYO5`Jc%~UWNYv`uH_TTSA)Xb`f}k zTkyV`JY#XCOD>kBNsuN?E6|p%k5=(!ovtp6tZDJWEv5>~ym2oBI0y0KgDF!qFZ=^sJv6{8Q4bJSH_;OKTaXSmd{byv#6Nxci{>!Rtt+ z8y_BgI{1;J%i>*A!@e`qtXEHe-hvk-s}ql$@=(A~=zICk|Jq9ao1bl(qt7ixbI{{Xj!oA!wBp+c-Te9A|DKDF<9CxbjG;qM7+ z8V<9j!E=0(8CF*%im>$0%S){*;!ABAKnH$fhD|f`YC7+4BEvsqE zeX{#{2w4~Jj(2nUQf|g`PRE^mDQ^&Xf8uwAyaT4#Uq@p#*PkWUaFMsEKIXqsZ+;?p zW8sLnT}ti=E|?!I7WrKB*Yd1t%SB=o8S{6HKW_KXWYfGCJ(iy@hIJ{j*9yZieRI$c zTI0Sxc(cGdAA%FaS~bp-a`OQ=k|*9nWB7>UueE2&-loae>wW}kdRN4+g|qncRgTL_ zju-%Im^O{X3}B9=^skowB!t#(?7Tr?sV&`v6Eso+dG^8lKSNt`G|i(>gHQOm;~g>> zZ1k(Kapd7*R~Z1~7_X~-2>ey?J+0uLX^dC9P69FcivkD&w^6v9&waM|p?RYev%J$< z8;>+e<**<+6W2BET4%?{@h^zs(0nbRFWJ#Cb+GU9&Ocg-!=o}Pd`HkcE%7SaO($L! z*0V^e4bCtSuOmN7{E7I>CD;5WR~`epx4F5qv<%BGeo&_%75@P1S1+-)#_*fi`Xlym z@Wr2r;B7kIM1tnS%O@>@+<}kQzN_)C?CRP*{N5tdwS79~3z-4bEZhy;FB=Et{zVmI zV@`3tAn+!e@e|?Bt)*)Ac2n9}#IeSt0MM>+`FhvnPsaZMh1Q-C@kE{z(XXFZxC`dQ zVm@ZkjFmY0)WPa2pF4kN+RbNk6}ech;mBpi3moz>>si;@X0@VO+1}sjmuY1)1xGQE z0Y0_Y2@r8ja?ss8qIn{4-+3DZbJD)C_(AdJ^TT>GczaYxE-e~QGtOhZkvZx8-=%dC zGwzKWP_)%7ZRfOOEwri~TO*wR09xuvlG-F_8F%g4d(_m4k@6Sq5Afpp;@3;@KAy{W zD!hj3C|5Et!NVTkg?xs#lUZ%^jNWc}1oRb&y*r;#{>;A+?0hxi^Wp2MHreU`lN6F+ z9e~CF_32t3Ez~?u@Dt*T_^ZGo`%AyF)a|v+D(w?LX8qu2+nx^t^`~y9TsJ?wzu8Cj zitz94d;2u_7vqM7HL%nTvRdlUXAc~!@{&R4gZSXBeGB0|Vk>P$9aunB_~!ugSWY_F z*!w?7HoDG@1k8ce#tFwmU!1@2Qcw6Nr-FZOUxFSW@cqIaJL5KyVKlxG);)rAR#SLDK{1U)iVQcZ&Z2Wslk;;cx9R;LkK)XjjPErMldhMeT=4 zP?74SivIvi4}t#x7Q7wt@8NfXJ}G!g^>q&hc&f%7QqpB$L^8StXxjvUa(Z?-9gSsE zRCYyZdKRmt!l=1r1dkD2xae`k2SqtumaN-xp4xb0lF`9N z80CQ+*Y8jK5YzV5gW#9MJ5PY#F4T1;@NsEY$t7*kO9Y%r5eKj*a0Akl*z_qg`)T-R zdnDRErJzBneYz_NzT2bCxHC&;{{S#t^f&}`^fm3ts?Dis@K0!ggA$VhIYV5PR)*$S zw4FhAU&=WO4a6zPw{P}OPFo%LIr~D zhw$%JD93@hM|S6ohco$c@Z>_~Sz^120QlJ=0B{XmiLSgSu3KH$z=*Pw7~TN~gWDMO ztmcfF^+&-AJ#WVTBC_!1rJy?8@0)PE1M1oA2YRvM&k@VvFNi)X_;2H#9GlAt3LmpR zR^eHAU`XSru3Ks}?0Fu$;i#@5j`Go78!`?-{vT@d{{RnohgA4|twXC?% zGp|q3b6qsSpQ+IRED6B3dPqZ@n^OIW=a=NTxZk(cpUQbR%ThkpO zfHSuA&#yVEU~a{%t4R{V#un+jIQ%PTQ<0~&5@kvfK5u%EIBi=}I(!pbZ4x}A2u^se zGfmX>8*?;IaVx}ME1tvBt|LtDwDp>C5prEP8%g`M-Y%H$ZbWOHyn#yMIKL6wT&!&n zC0Ozz<&)%SAe+I`a z7c zy}6yDc!_Unu2yQi%GdMGw)Y`pZ#5fe&lP~0o%5LOrnkxvKy?|#Jy6SMZKKCyGI<6; zxpFWXx`ol9eKttL5i4NiakiXf+ctvGz}CD!aUH4)SzMC9241~usDi~}u|#l^N>dCm z?bfd5usPi}(lopY2>B1ov~mS?H#VQy?6O8wI|19D#->uSqdL7UAf7+pENq}>>0Cw0 z($1%I`^1k8#w#J1{vwhQs@n}VS(ubuoaYQHcHa9?k|wv6i$=o)lS4G7ife82w&nKc z(z=~1#m}K6FxXyfD<{sG#}%B>(-@9T) zIZv_`c3{o8obYQ2NxEcPHgE}cn$L1%Apu6#BjyzMUNZ{L~#vQ%X zsphNy0BLx4!_RT1wY*YX+yVQ(?oJ0!^U}QRPcu%(&}H|O;*t9GbKz}2Ncc_QZA(a5 zJeYL&;+Yg+L`cXWekby;ptMgAw~2fOqv_ME+708|i(w)jhx^0O{MGr6B3i#w_FS`~ zKQBLQO;+yqJs-jvtnuqQhK+Di(({7nap1E6G6yx~KLz|n@vp;rv-rQk+Ok+OL}I^+ zDGuADUO9~LaqC>lrIGY0A4PmG@tvH$G?T=4`n9c<sExqSWHYn+eAto~N}$>zyz^D_ge z^?6Igm>tkK11zVyHi>73JxN5uN?!tEpAKgN9%;x4;$cP5=139T>We8n;ne|GpBel_=g zr7yvs+5=3o*R)MS5|WT6k}NvJ#B-6>yXnN`sXHGwc!Tz4vhePtWnET#%{)jE*LDFZxd93_Nr7OL& zuid#E{Eg}V0M@Q5rqt^nB;0&BxPn{T>j|zcF3TU>$TFagILFeb@cbSpyt;=;xzhZb zq+ri1VC*ZNppnPSQdCiF`HUZB`8wnFIXy5uB81fglms9xLlzU*hk_ zFBj_?E$4_K6WKws0`Ml&x+jI?iY+e1Et+h3geW_k)Yi(K zj%e0*D*Q~E;s}-iO4-Vxn2rWL4ScyR#;0d@9fyW>S!}enV-aO?tr=)} z7jwSTeihq`8;=e6%JL5o?YfIo)2~d0WVMwJ@$+}&_5PKi`$qoJ{w(q2R(>DVXM*J0 zTMK59MmMPLee2l6)3NqkFO>af6$`Bsx$*9Wqb9wm#*!#_Re_U^F<$AZB53+$z|$>5 zxP*iej!DOA^r%wM{)Khz?xVc@i$CC-UNrd2um1qT&-l%!TWP)-hUneL1>S#rnaEH( zo(Hh6bN!(I0Bn6z;mzlZJ_Y;<(sZo{PKY+1)5icJ1C6Z7j;HxoY-w2@T=Ab=#XKx^ zP)W1Izh|$EUKG_lKd$^H_{U=(h-@`TUdK|3?j}BR5I}LCW;}KMEAkuT*T9Wi_C)x+ znh%F{8?8s+?x`zXcz*YBac>J8{hi;{dIRZ-%1X!7Ww<)fttS2!Wq6-Rm&Es0ekQTI zg*BKEGJJy%g~rqApIZHX{fz$rYX$K)!fiLs zeN{NN&$jg4Qr;^ojY+Q~Mz@d8g~<73!59Pcuf{Lh^6JyXzZbO+h)ZUcw=$KtoncbI zfV>mNamH(TR?^3kF#{yl_@cubx%T+**?kE6ojE`5{Y-;KZUkmxX5>E=sYLYog_=hWBCT9mN7l3e03 zlar5HnwXAl8Sc=*SsZoEwXNKw&kD=jWOBbsclI0>9#zGdZN+dy9M=TnbG|f^(89Rz z>Rj9gVYhL}!0%l&KeF%bajtj{)8ik4J_KuCC-_S=?-Cal_ zkt$5Bs7V{*IGIb1xUNEY&9%^!hE@0OYEm{%<;d<@LN<`9D`M5W{phZv)Ed??v2l^P zYid~vGh}D4y>Z?lU$osrU_yjUgOB1hMx4lwI~#Zcpg=h3R}mIGC}4h+0+BbGS&cVlIDv?*&hacXqFn*l`umnSyVccjmzG@SG*hXB-z^!E>E>txI0ykDPENZe71dt zRUoc=KZJZh`rOltfQuRsV<7$P*HPk64lbo+)7$L(LW98_YtmED{LdAIQIkl6SMkq@ zynXP`P54Xk2HM+J(=_G=!tKEm!UsXSJwMNC`9DSSbnh2Qq}~~AZz7a54p#x!J&);1 zQaBV;bVu11dX!gtAcjPh@H%zrSsLeu?6sZVa!2-(FdY5iL^mom+EzRpU-16`jJzRz zc=}@LclveG0g0mphC62m(!KBD$H$L^cQ*bW@E`3V@IOe@d@}(NF1@GbIqeBQe3SvQ zJwf{ByXmtGXSS-fRMTG4)@Hc-PTP4S zDS++Cz;2Dm?_b4#$FB%@tKgT#PZM|_#c4L3;{N~->e5-rx!5JL-MT48NukGJ3o2H4w5vZKq4qpL1PQMSL~UW_Xyf0|jhg&EflX4F2l3ne(U zC9HIk{JS5@XYA7juZ;dC+US?wI<)XVh@Vd@VLjv^+g)9u{{T}Xag6o#;PpIL>vxU+ z0N|hT{73jf;g5=b6!?K{;LnNTMYh&$@1zZ;%QpR)jhC2+J4kGhLF{Pd=G^|s@ehjS zk<_6nQ@m!?{{X|S?dF}d`E|MX@9e2R#XUpewzu$O_LQ@-)}_->Y4&>3NUsjJWK^yg z_bLWAAG{B?PxCGR00k2Li~Lpl6ns}6G4Rcly6^1Q;w?bWVS8*z8Xe<4e3@~=EixgrMz)#XomtXgcdawSL&2Kohqd2^-xIX>bzcTw##Q5y0ca-17DPQk9-_S3lb5Y!bptllcn(E$-XD|*5*I=w2fupjMbn{cSo9Q%6^Z3!+Msep zd`0_o>Uw66@E-1TcqE$cXO3OC-l@v}09@BSQ`^DH%=}CEd2ISUowclT2_p_z5I=_} z1M)TX_JORyEsR#OI;tq)Ph(zPW_^ARdK`z2bQ@h&9`RZOaS0MH%btd;czQcFf+v^< zCjkEdvx?+BcRaEXdPa|=#c6FFpj@YA#w+P5pXS|4 z?V4|4bEc7S$W}b#pGv!?>Xy=7MjgDp++@~=6y{mf9_!6Xt(PDacJ!rJ9lyO zRt~E1-CRP}szMXadsjk6Q;$-_nsua7ZIs2H4(@<)Sdz_e8pwi3g6G#iod-109-pQ` zbGl;8>${8|D@Re&EMT&BmK9}Tx8@Ynv7b{4%4883BVqP+J5+iPO62u+zmDQ@r^_@2 z$R9RwTPA_K7qlB)QP2%Z(rJ!I0|OqouA(g^OO=r}%BMXlTSQ9T2I?0r8mtHo?^@?2 zStKkNl70GCMr4B06$$or*!cOs+Nl>xb%;9>P@LqSyFeO#9kknbB$6Ns2qDLM?6tz$U=T2IRrO@LT{`ma+Sp$r#?0tXAW(Bj>Ujo= z*G%(^fUw)h+khjK_BH61itt-9q@cr$bn8tTpq5K{pfMz9vk&4NAO8Sdb1i5~IIYa2AUAbiKBN8klSq;x}b z;@wlmFvT>MPhcmM50ROE;0Cgr#i+&^sjbVZ zymthm%%3SB0CC!sU5*-&ID5TcQq%92<_P34u2IJXFg@}4)6##n0MV%odC#D&lQ3xN zEOjAnh9!_Q?fay0ST~YRmuYq7d9fpgWCx)3scnKwsp|JKcu!Q*;nXxe68A*7f0{@o zkT@K5&#A_1iMfs1WO&MqWPNKlAu_$Zest{e##%w&Ju5%N5Fl{qf;>0g0~I1GS!y>j zu#JXeQH0q^l}405SI*Vt_U;^gCvVUPpCr9D6eG?K^{d3iFLaU4q&|k;WZ|P(=kO z+~ze6R(r@6TX+m;I3c=@de?j5PlYHG^K9!|?;tew6RC{v_X)xhRt`yhI;%m0gLY*UTOw(>> zohE|Wa1YKHa!0jjYkoKI=YgYweP2?B-YH2UE)`dEa#B=y#74;0>3bBX7`gWhAtXf5+12Dvh0RzySb6pUDna6m8TD#Js z(_&i*uWlYe7?^d8bIJDUTyKbFfu+;u)b$jOX&++5>_2!pThsNZP$ z-xz#i)l==7U-pZ5cSQ^wPc++Loj}PW-?enpfFF-PwFmqZ8{y}HHOIC1OMNGdyjZUB z%mEIOkT6L-IIqI*iodi!j=m!5T8^jVjc!Y%mD&Eu6XG-;jq6^8Dr8PpK4aEAVK&A4 z8YR3Nj{~>Tyz=Jc%OhM&%+AM?n(Ip1BZ8$%k;5|wWh@yn#aKw)oU;`xoQw)*8+Q^| z_sCcen?1W##ez`=8~{3TMa<;vL@dLH3cDmee z9Dc@s@I!A0cpFdBeklIlUMtge3xs97gTnF376g3#*+BmQTaE??9`*ZNJb&TaeGcp4 zzrgJR+u@IeEiJ@0m%n5YEQ$dbOkiV<-=eyj~Q5B_?zPAh$gX;HS-%xkPU>Mp!VbP`c@K&qK9&y zg>|SrPvPxfN%(bpYh$I@F<&X2WAjjB?w$eT72%#KRK2>ggDZQhB)j3s-ckKQtW63D zt9Y+bp65#Ob58bACzoym5Xh&s8aIdL)9sFr0?fKoKK+uN*gm;GT8W@L_QNiAwttmx7+6gF;P{vOPHTQOxW9u= z)MwN5ox%L8M#ldDZM}tf8`vhc;CYUW@&-91vo~MF@lH~)nvX--^iP4BzO|!Et=I&& zi3c8e5t2ac8wB*PPyL_19{&Jo-fK{6T9R377WWFP6QN|;jtC$gxUNaNi&N}dUxfCz zW+<+18Hzqh1c1Ze+P%`o8(kf2(@oRkig?s1kR8Fu?~16zhF;VzZ#AokeOd_iTWs@v%>OKT)JeSW`dZ4&t(>9dYGWIh7paHijc3Iz;p^+GOMCm>RybX}nA0yY1E8^)89|MitGM7r;LK_pW-L0U}CLPI%4`CX!v@|O|tW5&}`thM$0Oy z4go!nt#{h)y{+lKA6;iqTc5H;5h|_Mip{{c69?hn#0#$)Uf)}48V;#t1Rw;SMEPGn zmGnKNbKAiW*~!5_C(88j&hot`i!cD2`c3OR&r*bFzI(cy+zz7FmY0znx23Vzu zfg8C@^rn%8`W~64_$uc5%-#8s0vIO3c_-;!VdEQX-w#P7Q(KY)U}KPf8qzVi9(i%` z6UC8fm)cE^k*CiSqeipMh8&JYFmYck*I_>q^xb;S!6R8*NSxzg0juYa9joek*}q$5j@Ze@ z+)~P!grE{awyiawb z$|8!=7L1`oz&v9dgI;CgDBoAq+Ielfgh7+Hxb>|Z(D?~8_S4}XDF!7t@}+} zk;1Nna`yyclaezyj}g4m-&`b18?Nt^FLPc`_Wegoy1RJp7=|Z;IA2jp$b6+J?k?|T zF{Q+5Dd3TgKRWO2cO*jIR^CPiMh#}zaulyLadSK@B$+lH+llIV7&RQrZ0kOl(n*{T zx^Y4|oT(fy>uf5N2Ppwdo=Fh>bJPGk5PWXwa$2^M^k?n8`0h|o&ueZK6c-z2V7w>#G zFNJ5FH5+KQ$o(0~Tx|e)6Z#7J11TfSJWmCehP38y6A34^ScGyEU8FWJ0pqPNz^@+o ze@N2x4GL{I-C23EENvkHm0LeBBzua!Qwb(wUHFFdYZq`!_6Z?ZD;SN7ZW-hHRXbl8 z>vq>KrQ1gW+Dh4Ce)uDx>HTUmdW z6FeJxXJpn>Ewr-8zi5S{#!8-<#eC=B*3xt+)pPyn5c}dK6CG1 zg!1@Y>ElV&mt~4Z-bhn`x$Dnd@n0|a!@=+1j~Hs#c6znWp{L!jxs4_{WzVN3tr*H@ zW2S3fA=kV$sQ7;4U5D(%7mD6S+J}yZJXcNdTfp-8u2j;s-x5J#6mzh*PR?bdum8R9Ag~vYr{S;d`$5kk?~8wHhRvLE}NxUm3vv5GmE5d zyMGf&Gg!c>@yFtA=ZidD4A&7m+D4I>+S)Qvc{I;gmPTl zEErcM_$$E3{{ZXIOrvAhyle3%L>Bg%2A!xutVqC1Eb+E_ju!{hpYkioyb0lGJXzyA z$aO{&!?4atkM4{fGCK6E+*!vZW5K>U`~lKo*YB+_uQeSq%0c^`om4kFfX#fJ;qL~= z@ax5g!unhv@Q_~JhWj*3zF=tp{&>d~3$an`eWm*}c!R^=25x*+7mia%(!67+Mdu3} zn6WG1ebfi180Nl3)_x#r-YfApi|)mvY5AGNR;UNb86*yzb6Ty=h@Ks1;hzxrm&DCw z6t}jI3asH;V!t*|O6Ytm@dL!Rz9qcy!E5O)9m2)ka=&Iwb)OC*suZ1N|meCQgFCm5oDx;{m74CQc015sm-+Vv#d*TmP$LR>XHr@~$gabhpj+?hnN?EZ68t7n(I_sn69A%CPSUe=mtN}rFqYS zekgdm!CxALz8lt~(>yb-IrFzM``~mQoK;6~N9etmiDTBZS9$J4mt%$PyWchO55^0L z{Aa2xeigKcYU+N=BaxlFb@%O3(Qs$d{{XXB!#@*vGe@6U@dlc0r$rWbZo(1qGt>QQ|ol8=_vW4ZF$ocZ4xKJ}$O&TAaejoVPdE@<2yglJvO|7H9X1BNu z<~D@q7-97_!d-sM{{Rp?0r5K9{t^qDt!g{hX`_%5-dda-7SDb~N3-fXo@McK_H928 zJWmDvt?Nf;cObcx&yZuu zy^hvp09*NlZf4+RjyME=KdpV*o?K+Y?5q^+ET<|@x2cqv0KURnxT>iYS)lzRq`ZG82%0TIDodjuy^cNwr%`%`#yP?Yjw8 z{W<7;jed^m(_MUS_*G%5MQdVkuJk;sepsxkE~izG zr#=k$nr9Pf7xygN&gcQ?E6}`cuU}|hP2Qbuv)#m{(Od4x>ZZBm>{V zgkScX)P6E)z7ZZ3@W+ib>wD(9#vr-7M8t{+`9zr8k<|6?U(Ob_q)5#@+y$1~cO-W{ z{{WR$7i|ou9_J!luI=c0kUi=R*~SkU@7lUfImEFXOE;Mt?%{aA>S~~dMP`L2lV}TEQG%fZ4y#`+x!K;YO41lM}w{}N*4XKk$D&N~Y7ZPoS zl&R-{2=uS&yZ#Nx{kP|^zwvkM5%CwqNG*1MYIq7)6ISRa7QEVp2ocDku^ueUm1QAYP!P9;>`q^w z_#=ul@<|`(oRE&|kAhhrDIsdx&nlZJ}Bv z^cMdBc3bO3{{USBgZxYLWBGDTe!BQS$9g^NdLFxJaI4`@5X7@uN`CA!9c<*7DC&mrkBNh9;SiW;w!ta!AU! zBZHdoORKA0a?-;xq!L7Yvys=6&0{s8E*+0<{g!?%UU(1U-JhRrZ*g&L49yJE3@al7 zHvM{jRqGxx@TJ#`{vhgJI@T?m&v_wcls{aY;}ywLAfeoo;$Mc_;g+4I$9ygCtnU#^ zh<;-Vlfi8J*Uvu`{554QwT14EmxkQL1lS`xi0AO9PIhHD9=GrV#M-6jhT-sTu86wD zuIVFr2;DS8vg58l&szH*LAa9A-5TgQ&j+?E)1^MAJxG`DF))zDCdrA)oL4`4q8SoR zLU_#5pxhZxAd2car0i6(z58s-X>!b47#TIIabtC8rZ`XUM+!Y@mP>1Ca+@Ay3nKG_ z>sylC-AilaqV8aM9=}RJb9$UJ-p34g4AD9;3A@wKR-T)qSV`o=s1vg}ETiTarU$0! zdKJ8?t!pOmI%oK+(lq@B<{M;@QD?`@(I~P|Y(#Y*IOTkTcD2dNh+Cv~57fHtN|MhqXlCLEOKnYjIysXXmO1 zjCpDs&>Hj=xzq3Avs+{qvIWC)!x7%IH%C2nF0W~+HM=4{oxx1?-QV!(RO*+W;1vh)uD;(;()9s4-hvkd3?B6*9Nn$#`YiJZW^0)8Kn>hh zTH3ays=dKM5|j4;>qrd~r+u37gwe9|fstCxG!caZ@wY5?w@Arm0KdtNk01s12(;5qrCX*i3=r=~6 zck9-^e(+Dl-9p>MU+{?PdTEbViclklN6NEgaJ>6;ugGzFO|LWdtf^fi=ik~x;fIQB z{wc$)>N-W@SZazV^1<8@iR?W;`t_sX!4JdxogQ0_3+-;riR~ZcFBu(wTJv0wq)V~( z*T5}r_Gt0<#6J$`viv>JzR<;@ytlgbLY(}$_3vL2c;ohV z)h=%5@mGNL5BNpAUv64|vPgC<&fmNM=yT83qnhVr4%^@t$J;wQeMe65mGAZ*xg2jF zlY&HyGCp5ygI%5X#j)ZKwc6>&F=Xy?KJfOgI_&i5Lg$@c$9;Ky<})#~V81VAHPgO? ziDero8@+Ry@+#G_>rtjtIs}3Z@qr}WF^;txXjjV%Tw7bZUM5K68Ty)vb z{v}%WsYvnbQa^63@3fy5>2`NoT!wpjBMcWGG+lT#k#FFu+gruBx|tF%!H_R;=xe$& zJc{tK?h~hmTS>HNEzDOwUdc}Ug8ra(t~N_89LT<6M63w;hp*PAO`M$U-jBlfcL-Zg z3czx5X{q3?ZKZj^-4NOK0>jSWtfi+v9;Z-rVngD&Kk zO}G0p8N9&mfELN;KVEC!r_z4e;rm@zPKE(*aG$(b)NsS8Be$(?s0-_62ZtaKUOY1H z3ILsxKMSscp9rez&S=A5acFKF4bq`|&Hx$wE;)K|Odu-V+{7Sbq2xl@METEb`{ zxy5{0g75wn{{V<@tYJ5o5kOKjQ}YKPk&nv0VfbZbCa2-sy&J@qc+_Sobp^uwtqTLl zKKcGawxEw=2_C0+@h`?nXQ$d(2{U&LD+!TDCm-Z~Rq=m{b-^{mIhV|rt7P`CZiO@Y z2Z8c`WkcG_c6vX<#x^=^b0iW=b9CY{8uHQ-cne>nKMVc^X?jkX505@5+)1abae44* zgyp0lWO4a({{ZW+R+Tg8v6AHVdK}-z58Bt_N5l;yPw+2-gx&@4j4ERn7OrBJMH~Tv z^!Bfu^qmJ!i|sQTbh*8ex5+%eGsx$X%*UxFx}vUqRzZ_SistI~H-EBhq?BG8YiRCN zZTTY${HsI7pAS4O@n^wzUIOv0qH3BX{{ZT;aMqHZj)$nh!NpAJBkw5CR9>CX{B(kgNTC*dg9thM!? zkrbhT3}?aJk6tTfOG9c+CVZ3e{{Z$t*KKsoL*kdf_K!@|EtRL$bQ31%t`$a1k%P*T zJ6Ftp3GoJ<<0~s`sophzFKoE%1SY?7? zy)nq;x>o{v*`G;4=xFIstdK)1O$)OQ06F5iq_lDr0rLBfm2q}9s*)tUmrv33>&yGZ zjnXKeXgR<*>&1H){1a3D3W@P|_IK1Zzl9pD#h-}25ZqqLEtGe0?;2w{EW$R(I|(`3 zdJ<1_Ud~;Mbf?b^&&NDu;cPy6lg}-x?Aua{?I`W~uSdE2v*3T*H{y1WZ6Aod2M>m| ze+n~6b0(D85h!E35vrfv@_S>0Tu+L>ZV!OJ8Kby|<4^46;x7nzr7{~?(nMDxL)^NM z7>+-PHY>NCIP#ywH2e+5P{e&_2UC)ye-q(vj=mB7j=XJXx}SzL?GIJdZVu;?$}?kk z2w{V{0Ks5!_iOXd#NVK3yGtwbbM5UREay7pgy|I1`U^ zYz!lW&LZa(r#DsW-F_#Ndm)i6tXz=K7*}p>HaFyuJovH zAh|5kE*Fe`JlBO@g^%b=w>71Sf}JOH%Q_~t0lg1!H^v`4j<~LeQ?$*+9iY!W#rd_v|ZcvU2 zG46jVwNJU9wMU#l@<(%dWvN$>+wbNTWMzR>;4gwY&_X9bn z?98fStV!_WUcF_9$8JK}>9>JzB4Qh21|ugQ?vr0u{BZb5quzWru=vg4d+S*3=8!be zsmjWvXL955t*O)QeC|ImYD>uc^!TR-_Md~&*;LFTl+E(5IOF^)=Z^|SX>YGvOQ}jN zq>fBLr#13Aa7dcT8yEqJF%@ioP^v`x;1 zEP$>6Une-v;hN~BBcC0H=A~owN8$I2yuY*DKz!to1`ZDdSJ>KSr3L<-4bUsMZsUWT zSEo(%KPSzoIL_x8d*UrN=UueYGZOi~CgOSD>HO=C@qdJ^16`JHB5(DOO^@Rpt3$z* zPEWvIH=9ZE2!~yfXN6a5VQ@j|!LM*_TTQ)~-dNl$iN6CUkUhm*W7NT`8rr6qx{jVe zDAK4Uayt800ezrBeW4_##VxN_D=IMiE{0C4i@EQgvUlwddHX#0iai%uy1jpf zx7RU8aR&0~U`fXGUc;RGSC#(&!D~JOSnGZ__;>q3_)Axo?$cV+(@E6Q6%K|p`J$A4 zLty5LnyViRM=JV<8ey|~3em3_LVl_@UwxPU0(=GV6`1@ux$t(aZf=FV&9(8jo`a93 zE0^(qg^rJTZuVCuSX(1wbwgaJ{;{Qugp2+b@CU@77vC>dTqk#gI}`!^{V3t9$4@mA;Bboz-Og>A@MKa{{VqL zGkiPopTS>>uvlxK20UXA+B`YpOBWK`ERKPc`GX=i$PA>Nrw87(l+!l(H0NO3m$$unm9{_9z8%hCnP4bp6xEej##Y|fS8D!GPmzgz zrg$sj$HQ%V;XjWwST1}(;LD)ufk2kV>@UfO>IOjk$nVGG)~n&&QVXqL!~Q9bdv6oz zlfA6rhBp;B3_hcu&bTKl6^y~0WOChTS24-uw{z#ib&>Hh$SJa^&$03FzA)7e25 znXCC=NQyuX^sh=1=w_*(MSMQ+?cazrtw&eXWV5!?Y}J~1Ws?Ztc2nG(cCW_I z+iPC1@syKk+8~zaPO+GoZR0r)f_VP`K9!wgrh@mZkIwxP=G41+NRh@LZq@CNYW7_n zT41u^@9W4Ebgt$lfK_GBVVHA6m-j**}tV_B% zB-zFXZfkzaM~dP%c`lg9Iw={idoR6@;;*IVYf(HV1$;jApPSJyyI;K9v$t5>4h}tQ zxzgbm46OIvhV0bfZ>{vN5mgj(IfxY-Uf$IJ(M=dJ9JxCK?zcC8LcZg&Z16Ih+A zu&B>o^@zHnTRU4^d3(S)VcwHQQkO(G&B!-UN}+o4E6_CONi1QxM@DkEVd!a@mDVJ= zkR*rZWBFG*;yp6^O}eoAFPQ3F89DiJT?SH-V^XmDY*AbJ`N$lp#d5lag4TsZQ!_7o zo(%>QF8FTn!z)_(iohS3V}V|aE{OWvmX>k42;GOyP5{rn24@?tcryP0!CKw!kAED= zB9Q71NML!$G|_b%Set2Vt>j(X#D#ufdSgD66C@;4+u9grc)*AdTLY6@^J=Pz4^sW_5??4y)KXUf7Ew$)pU+Y~x%&`sN5LfxoVD~d^bqMT?q0yO0`ElB-YB!>I zo5_%>vJWG-;N1 zx7Syfx{L2=+dD>a81}BJUkS5Yt-`oS(;d3jQ{2+$8LQh}+g;pS+T0@{LBJRXKD7jT zT=Cl^&dKv}f!`Gd5@a%47;`j{nIciRsU2$?+FKXOq*A1Z1$f7LxIIo%^m0pYa9rB% zZdd062DY^O8C_>D7{M7EyYp8m0n=YkV+ESW3NlKd6NA)OIV%Rn)i~=|fmc3Tj5f`~ zw|cLud9y^S$+;9~H4>L#A<;C4o_*tY&(L~)71rPBZDnqYB#0fb7oMiG8A59nw1s5a z6}@xTnWo&uEy69+0<3u?^H|DS=p$O@-pwSK#LDsH^Pbgc zN+E!U+a5d)f%~H<Nk#p#UIK8JCJ`$*+#^(fY5wzrFg4Y)x0ew$%f|73S^Q!tGxEjRk{Ah)^2Px z%h+_SLiW;a_V)ommOS=vUY%)~^0IFkTHk3;YX+|A4Wi_x921V`0N0G_e-|w*WV_P* zC#zm*_EV7?$-fA$ILi^h=RZoQElp3)584a%#qf8)$S-ZRzY$w_$HpbuVzxySLfPoV zuktnc8T&_m+J73pHs8%K)~)^@_*hC8>=uON#yI1$=iAo1DIqtZ@SdgO?J^5nv!xKT zI~R68#>crmYsIx)QtsmAT4!WdA9QjXp0(di95rN6m0C;(1Ez7FwMnp4jkzP&ir$(y zWg_s5GDaRWOb$w(zgoW?nntEzOYzc_ud$PtKxmsky8xf1T8`DSf&TzyUx)S( zYHb>%`pCBq_b#IVvz}Q00QLACYl5v?=yy}5cDkR6ygt$$cj9&A{vz>m%CJRb$Yq2{ z>Z%S#I&eKZSDAc4wD_y5Ygz^TT6Ue`uL7~%wIeES7d;0b)YmhTI_boGy4{b1?q5^z zhMfhzveE5%fcd3hIy-)K!)w~5pNe$hb>bDx%!4-;`?3pn9`z2Pp~Bkfkm#^1S}-=c zdpTxN#xix7sb)Sj4l7JZbHc^Z_uWot(IHwwS zCz+oL{Am5LuB_foC*kF#y^6;pZfIPIGI<-lYxDeTUN88Csa{`rs_X5(Wy4A3l21Hf z_5CYeRE<&Y9}NBrc!$Q?loDCl+gj;Gwmh@ta^L5Q`di`8!oLJ~SK<||rnzo43)ti= zLcT%Aa1U-PnxY~{+*ckP(sku?ZD(r?M%mqV1Z)Gw^H75iO_ z?Z_mMc@^w)pAO$?fJq93WFe#PoO{-)na?Kr9y?{?xcnb^sM^VC4b`NvksC1PJf77j zhP-&t>X$QKY4Xbht8Li*yJnv%Lywutc(28JoZ63{XQ$mIg5}E&S3a2QT(y^qQt+94 zowI?vW2qmQKT6G-BxU~q!d0#67dKY-8cn^dAeBZ&&PS*ntC_pEp4N4e3#LhONsO-z z_|t1V`c2)-!*9yNgNF4uucNe$GVTa1;{MQ*^4mB*Y2|8W%%vuF z^Y~`U-WV>euJ_%tg3G%iq13IVdopa)#L0lk$=ubMDrX_4+FZ57iFM~&?a3Rub6n;7 zY7tyqL2nA&NHVC8(T!3x<}tiCp?pb?Qn%E#%?2BN5>o#Fz7k}q2aYjbmvyKZni$#4 ztAe|Kx@z3a<#QIv!PJ0}_b(a$0B4%|H$l|x>}_5fljp_dut296Bz661bCP-Qh&3x{ zZp?N&!Q1m^k(%gqi-f(lTX$6x6$MT@)pH2sueARFuwG9c(jk4_Na!jXjTc1J;ZvwQ zn^A+P5)}l~aRtDhU{FLG-UK)BIC5qS4y4%q7TqQJau^=B?~m*xYGS>SzQnG#h?z zmO{D5xUQ>1)fZ2aC}wwdPzOBbx#s!?b1wrE;?0Sl!(hv%G=l-LZnV zE00>pi6f$eN|m8`3!-3i^9=oQMW&&76f0<;UNAUZiqbJea_OnyJ~-99bK(C05!g*{ z;rol*7npselamq?{o3_AU6-&6m@Te6@;Tf%THZ9q;<}%YddI;_e-df>e}^vhD?2Hd zZ<{NhFCZM6;QWARLo}#_ZW5K0fTNu9=tcCZ7EbT9~ zi4y)Q@ErpCXZyfjA0!pQM z9=ZK%rMb~G=+e#J0|JE)<;&2YQSDMu*F`_}x>}1UEh1Rs!iC@*ccjp~8?5+_eNN9; z3Wir`)5|%+{{Rk2??s8`M+vWf&lZ-3+6zldn_XC(AsIek&s=w|E5*JC@$bU6TPtl7 zUUt-=BuNx_!2|#gr*F!E!fBmd<>tNc{tpUWYs%MmvH*V1aNoR7m-w?@ZLI$QW9!<* zwykSz9g*Hih&BK@LB_s7KD4<;?0Zg$VW`{a=Tx!#JWR1R#b&^43i0n5>TyePrs^7z zg)hJ`fUJID)c*i4(v*D8bCSQ*CAE$3E!pLWE^r4TzK{4vHH2Oa*Zf~Cw7V@+?M86> zK=#M2S)>aVf3_!uZ*1;#+szr_x{Z}B5`BBPi&0`b7YkQ>lrt?78JQ;HEwjybsETOMMyP}8qI#DGt3PtCEo&O7z34jQM--?X>JeFw(gDAlzs4(3Sglq^x~ zY=Fw39R4-&kAr?9+UUMCwAA%GN4&VTe>MpT+QGe#K|%lSR_9(Fh6@8ImK5Ysr9{|g0$}#d^Obdrtt-~ zm8>M)9#NT;V34cVb$M5ckA}4EBT4?wnikX&H}h1tEWq)fN`|@$=gHnG)a~Zfe5>fg zz};|rp4qQM_+#+?&h|gFM2upI)RVs>pIS*+T*s;E-WKo|jr>ZQCEkw=6RaUYjYwte zN*>j#d+-)N3E$XiZ8M!ElzDL%-pHf78lsNtR@Jnh3|PZps~TL)p`#%3NBPBhCHIMS zJw+XF;U*CwRAS`u>qt&3sh{?AhBuluF9RN=ec}ar{{V!(8|m8bge|pUaU3_cmn(B8 zoCnG`1BCrY<3SHcWP6v5^*u7zM$nr@8ln+O8Bbd;&+NZ3i$r!Ekz`j zd-;pQGmXlqJvhL}6z({{`WjE$o5vm(@P46brD^s$q<7;JiJt{VI)?0P?;qIL;hnPq_o^cn;z1$LQV8^+M(Ko=k?}XjC_E?OPmB7s=Ycd>tR|M=y#84Ls}F9R zkzV`YPl+Bk@z;lLH7^j`MRwY1qD3bHMNWVd-<QCXC^G}DC&2`{?8fk9cbeT6u+q1MBaZ_SB&yRjQ{4UjOWVrFRnPn>I zA&MRwZCnLHpB)2hwPhx#5U}>9X1V3LtXEUy%|FBP*?}yJvS7QU3V7qFuW9%fWog?;}?ZBZvgn$PVpClVlS*)UM=REbr@nds|F!I0n~ff_R;?U1oi!; zt-ov!*>l2vKAtga<1H92m95*C%dClo-HyDH4?d^Tl$Fuawm#y}^_!gwRkxNo92Arl zJvP_ck;kU^$3lWx0d#fyz+kImn&)cZ)sM^%_$r^lUk`jw{e}KF_&Zb3#dK#FpWk)* z7|LA_1=JvpC!J9L02i-H$y^2ldNL85cdtSxESUA5%G{2{eGMdTHsf;^>yzK>OvX%1 zLn^wkWShQwnng{4a#W0Z&_Oap(WsRetzL@de2^JHVsKBTUny{X38LCUh=>iE^zVn? z5qw?nKjJ5VK05q8)DD&7pA28ce`_RcLr4P;GCjQ*I)(*L2Rzbh$7CdbrVs3$`$%{v z_Nn+6@Z;l`gfABB!`>y+qc;hUp2qYp9UOLG%E0=SC%CVmF0{Ggf#Q^n%gFUL$5tls zdLC8cC`=a(s>03@(7|+|<9ZN5$odmsojxw`4Biy+#plDBZXmlFhIO9|-jlK8W6MH4 z^4Q0?^sXY0#eeuHx9sBHI`HnHe;f}4)3cfUq{CR`hxa8$4d0kPU^s8~l8Q%c|V*(q{iVn(h=zhfi0KpkQZ2OzqlWUBHu~WwJ(Lzs@`}jU5&Nx3fzLb zB9vj?4CjIvf<2E)ijnG$w0$k$<h4Xd-DXWwq38r8bvvxWgl<#(swx2e=^ju9Z+m zZY;jg>Rj)Mvw{tA)QBI>_xu;9_ArCuN5c&#_M!0Zj}+Seh^wV|sbPQ@mdTDHx(qOL z8?Xocm+Cgx@hb$E+E$}|q3a1HuBUG!B%txQXNMnAisxt!v%;@3c&fqSXDr8PIL3M4 z6JK;`UNg7UbhuwrRIDcNQpBNeP-9knqBstta*}86Ep*Re+cQ1 z(ALhI{ej@^Cr!WBk#(ItTnR%)Sg6lK#d19u&S&BVpQl@Rvqtfsff@ApVr068DEbgU z+=unAt8^`9Pl$dOwDD%00JVl+-N>k*1(8M%9jms5L!O|q%PKgHgKiuX>03(95kofw zV!b+YxydwDi$<|o;<=1@QmYbu>u!74?outJZ$XR^gP&T^B4X^+Ug#O0F(2-ZgSKnF z@bg(4rH)j?1J$}vStpM4+Y8-B#`eL5sEso$YB+ZF_O32h+nuekx^YYm{Ucwxu}>`w zvVeAsjx$|`q2gUe;?SE=_VOz7xFc}yNN1Snm$zDus?s@_#lPkb2lM@1aJ)owdSWNZy}d~+;ub?qCFu}@uz*}4Tl_xwQX%O%QHmpvp%`a09l=Uq&vea zb>wnQSCOWYIOK_%-N5QQpLzi4bj?f8w?lq>$&_s*4z+sb^43_IA~KlArYUlwqq$N$ zxG}N@FCRh;ar*9>Ugq9wYc*WHTOG%>DeQE{Ry)lX!yalwa3kP=agIe|c-q2yLk+T{ zva=ri3dGS!;k3JHW4t0{E0gk^bgyjF4w~A1{+X+PskpazK?(`U9DblyGL4NX?tWwZ zN7UcJ>!|7XT6)@PCStKjsCmKT>0dkCct7pq@8TAhaq(wN)8M^nZ7p^}!btx40C0Z+n(|y3^bu!EJHLRwC)@bTLAbWFu)So& zh&Us5agN0;~o>Ve+yb`KyO2-0Y+t^o zPl|0CWYf>@?bzfVn|*(kdDxj~diZnPejj*iQ1L{T`cjZ}37cS5;2&!D4J+VQw++Un zr(Iknv}y|{nET6nEqE28+dUXoNZo&f)^^smf@$VUg>A)^zW3o>9k;`+4$9AawZ!ul zPUB#v)|cz=87$`5VQ53CXx=v|A|Uw|CvPF@m2_Uga8g zvCQhD&aU9`UxRK|(e!(ZyGL~k!SCtCdM%g2T|eRj#o`OyGAlh=+y;ot9?}?g2iCnP zY;o3{Ybc%$9rIBqukiu#f%B-E@{?Ik;N#?z2RcET+lCMHP5mgedd zl0EEHk>8=K_HoH9Wp0M{7&txaL&%(uWbjO;S);dk4)*>W_OE_|);nue5+N}-&m*m9 zrDR~`*rR!%>6(?ZssR+M&=3GM%3OF$5j>(;QJ0J!^)r|%hYzU4A!mYB1u=|@<1XzX zh9#AD?$0ESXs0brl-c9{G1LX+tJup5%vHCe0muWeuX^}@;XejX@Uz3(&XMC7^({v9 zv7W`*OWQtqQZtYTPL^_^#5?Eg)MdQ+m!@05(Pe{OgbLW~X7G-P~E+ zGmTOvD(JuG+OVq5s&v~pD-VgbmfDmycknf}vycSK&eQMdUq@(q-;%JpNF}$Oa}$n? zD}rkP@WBZ`QmL+JUOUHESfNcWkxy!U6@sK>$qboc&uC~ zrMo;IT=7kuw-P=4f^V3ex$Es;GHc!?u{xs@9J^$kMH;Bia&Rl?u+&<$&+5D$S?uDW z9g;s){{Ux?hGR#!@UM-$NvFj=ksO0$a||mm!Q_9Q_4a?n?+{pgLA$fMxQX=mA&1IU zg^t6=r{iADIN2W=jf|?|V%E`T=f8=xc{KfI@eq@29PI>S0-IqYMIw)v%437iO4F9d z>v?RGrxuOr5M&tGGLzf2U$VPs8BjLm&lwn|qjTSZ&wN?KWa1S^ll2#o_qx1vz zBi8=_;V9O|k$)r>x~z8+MCwm|al!Q%uhHKTXp5w30StT|n}(iQ>y=(3#`ix>15S>5t3v6@~Fn_E_<)ovpU1@Z$Dubx^Y0Sh^K1 zJ1{-Jm3cKNv*{>fl0HVzym790AH>plBjN^$sCYlbk^b>vy2i<)&kY-Qud1}2U}`qd zT|)87j5{8c%_y{XO20OTKk;kC_MQazf2w$oQiU%pU0T_rBPCgY0FQi{_$%SH_4T1< zg%T?%=MqN8woY(>0a}9;q5wG zsr4D`!}-HKIImKikBXcl%+DwBPs6<(H{V%VqD#Aag9Xn?OtG7Pv>^Wg zNV5L`Z9bLx8RMS;X&w^$PMx6Z$>O~Z-gk=HI6-{h}pl8*>4L6wGA@vFaZfeh~Q2NBCziiS!LI zH5rMHNW>C`EV%``8svTu_>TGY{{Rl^dWL~Em3r)!^Q4MVlWE|e=UR2S$vSUxhs9el zYw>r)0u7}u7+g6Gk-X#lN99wk*Y;+WJdy-yT?(jS*n%@!LhRtL7qQ9wIPk1j7QQBc zc)heJ=G@*(N4X{>o(~7szQyq8#Vd_7_HnlOFQ}!Ky!JA;lXuXR+(=SC9DOUIo|-eq z#NgcBne$V4ZtulEZSek{v90a$7-9?t70*t+E99R8=sJy$i*@gZekqM@yho<9E18A^ zl|4cH1z#(%;bv6%C3byP;O$N=M^4oA>wsrifsK==7{LBwzIjbIQ}F)1cVm4l{#wcA zTm0Q)CxQ4>@|+a0iBFXJQ^MN2#}sKa+afpw`d3flYkRw$IxGDy2yRSg5)g10Wc8vl zvGfsYQ9WPbAI8m7!ywse3}w&*1bCfyd1t2OHTvoBuT#So~%^Og(n$A0RcFW+5 z4Du_!jYIR!D!^Jk(g%WR`q(}&xzrv~_N#N11pUSw99Pz@4xg^*z{p^mC|O86lU=cu z&(Ety%=wd0@XAfDNQf0i?5;Sjn@_RUG$wH*4yeN@*vM+pBbKC+-1VOdc#a)H)@ysS z8eK#_VY{#AUg6*`g||NwG+lF0({36oJ7cm(L@ZUgAJEp@A3dCARPfYgTC22C^EZn0 zeN(`C-l3psw$FDgZC$iQcwevKora>rzWf=i* zcqbV2pmeINMJQH-x=l3y0Iwt9uLe(}{{UiL!Tp)`U2YkSGi}D%2*@N4ehow8pM^L6 zE70M%)9&KZbroSGGh-tl^dr3&N8e!cDaEIAmeIaEe$<}>HpQS#prla7BT3`1^9zCN z`FF2)@K^j5XXAdEj}3favC_P6;Cr~tH)$LKIpI^+0CgOZgIcQA&{@v|;WKybYA<Vd!hV1_=2~7I`~tl&#ibO^P8YA3jsVrt&K@@ESl4GtXX~YG)(! zFQe{ZH6(_A@uN>xipF+_P1d3#g`1#|eQTC+>VEp^b1NP{Z*5`X8zqitZC`YIRkn;80I$gonHkl(fUXG8~A7TV*RNv2ZVk!pA~!= z_}Z{}w))+@=h^LVWaMB2@*c-&9QHNWT5B+V#{U4czk@Unj@n=REbjp68i9AzbVl5_ z_Oc;Zrf74JRFSze)Nn|_KD1#UW~QFEvtKPA&tFSpO4E09AIN<8ponIIk|GJD;avC~0(kjiG+a zzZ3j_q}}-c07|*BwD96ti@2hbmbkzqh4<@TTcQa?yF~0f#A6(T(SgAqn5^SZQ`1sQ zLuO4NUqc%f+N&UuNZ{lj{6&{D;cfzU9N<^C1NlltR)Sb=o6Y&+uAfTN?QUEuh}`uo4>e~q zF6xn6TPj+t!Cd=)I`d6yOt^<6u5-$eI?!QZ-XD414U(gL&5fjbdRFXH>QP;bNW;Yr zaC6fX7|HZH;RLD?m4m)}8qd`K0JWsqYRNO8V0vb*8<14Fifd68;_A!#)d!YasfDzJ zg5312Od9A<27_Z@v)o2XyK+c9O;XbQWqGGvNno-z#B8fF^rFH&BKOBvo+-6~uP$S{ zxq$>}y+-VMXT4xGkz{5_z|TDQspZz-Vd_mJ5Iak3V}*LQ+T!0(X)v%Is&n^hj2TK* zxXKt9nQ}O8gnesH@=K`1YON_k0Cis8^bsjoyK!Qc&_gt2v?tfKK>E$PBq)$RRA8L- zpwF3$YkFk5S4F|d!9DA|niwu^N9;TfH}ZtN}1U)JtGE%~IBAaFY|q_fBg*-%j(6cc5ib!zUG-Vg^R3tHY

YzNm%*Y#-1{@(yyJZucFxp`oM$cZaP<6@JHZR?IrtPc!Dhh z;RcU?Wu%!EE;U<(DQ{}I=Pr0-gV0u#DR(*QNdAz&Wl#7f_w3dCA?jLQz2b`){w(}; zzX%^u)fdl-)=)B5B1DZ0M6iIpS+`>rqxbJDdn?Lx=Fej%{8yYSrJ zFx2le2lj+;?>3hNAzTrASOwyYaC zQ-O-2RL)xKO|re2u3LyOs8 ze&^~*1a|=YS3P~=U2k3*o|)suIuw@7#>^uYMqaqb8*|TY)r)1GC8=uv0BZB$(O4Kr z!b*8kYaY@FCv>-x7oSnyHah16)EdiBIy-$n?%wms)gh7yV>!X&KZR-C>XBXVi%Yjv ziGfl`$OL*-#vpNe&E2Mh2sd&)?4)EWWZ<7_;$V{I^u6w}t-+ybh)lS43%)RaGg`(S z%&m5KU&W8w)4@Ifw35rh3k~FQ6BAr4d*xCA%LCh`esFl};;)T9D9s~VYnqvYV!@hh zjjD5vxdWQFqR`Pr9M6RO4|S~HL8L9@lizP1W3d~F^)>bGgYYWT!j>{>_T=46FwY!` z^A_)c&lQB^Gv9s9xcQz2~sdlM_RR^oR)`mYp>p0 zENyP?u@i>(t2f%Tl1hMa({~?wwNgd~Ua@rq(8MQpd6jmrs2-KeO{pcdsZl#`?u7NH zexkXTs$KYc^Gh+xqD$8KO0x7mpwu>=7{Al>`1LUylUq1DTO1r#PFERH<6g6Z&P!)e z<{o+J_}2sdlP8FrNo#QSLvaDn4oBr#N>&}%%}&C735<6sKJ`rQ0~rKY74|)9_UbFk zM~uRUEF|s+r8uy;+vqvE`l^X za?*IN82-g=_E-WGDV@h}p+AjdcvHiYX!eKgv-zB1a4(T1j;6JYqy6f_XJH zrKP@^G`DceENsW2IUj{%%dLo%tV1}JuA1srM@Bn=Jeug?)mj+T$MT*qM+1tb12dbv zW2tHg*Ucfz7Gk52DK2zNa^WoGGb0{1@P8W8#*vqEfcTl_Vd6VW>+K&UEnWb37{?p2MU8HE{{RQ{7&W<##r!hq?3nVzr~@%L z>*?3@uchAJ3rJ0jmjD6A>``MWG+--9YjpnrWVvBE>5@o3mFO^B>T@J_62leS@MIx2 zgX(IcjE7JE027_&-anXev=7p`OX~v~wnD6mdCKxDTLIGAU7~5?&E<`ds0DNHSaRuF z3|9#~^0SZ$KpO)!jJE?GdmARYORE4DFt}vSa%-c9T#j32xBDZL}|Zv4vnU=}iTVeO;rvP4l|6t;uZv06NQp!Yi25&GOv=%7QaP z10MRyFSJ7hPzA|knxzJ57=n3%$;Gt(f&I>y&F)WKFH|kl*7=m60TQ?!9k$rV%CN zVX_V!9vO$FWof=Lmr1n&fr@9(ImZNap~k{FOW7mUCV6Ap<&IxH>&Y#ADIK1vsNCH~ ztUSZDf#fOeSxQFH*!C~nTWITRr-gS_$$q49-niW#;0^ zOCdPmf;v_g*{#uI{wq;3B@saD(u&-YDHR6p6#oiRu(o=ChxfFq3DS#p*9rN|Cp>Ri+ z^<~;SD5NYYAE#2;+Y~?OxSJ<&B90eZOAN^{~)4m>E-&tPWY0;T)mKA3q zOJsKBeQO}t^HJh^-6rKU$>x?RmTj#Po}>~p^sh21(CfYV?alyVNb#>RhmO;X%m)n<>cav=wu8XABnc?c5_Q zc)Mi`PH~|A~NN7M~HsY{sq;% zW+U-mhc7KnrIbq;iH2E}3}l>F=H;i1<x-8SMG9&Th=3X`{ts!Q+wL237?hJbN2EEVrh1WHWL*TZn zq<9BcpF;6iK3t7%`-w&8?)vu6tzybY#s2^bekE$&B-1pV7sS)wU26~n9Hw=_EWBlh z^{>$%2Ke6M@56^lYo}{(EwK~)$j%p!l<}SiG~|~lQhg7BH7z&BUMlg&NF_Rp4KWJ}2-mi@b5+onGGR-e~6gE5OnnhzCMB_NekOly$Mw>iWK! zd8SW)Jcxm}NXUbgZ&TX7WbqG(pqb>KNVtSt;Q4cH&OV=&T0|&Z^sQ&aka)|%eg_(k zqAzuLAY*bFFhia&e+uLLLZ!5AD^0h%jUy9$u_?&|BRqEh0P9wX^fgdI>vz-mbL={e zjnwcwKyNG5pGxM^S*DWfS1CI_?=vB}C)66IQb(glsCctW(Jdm?edJl%Lr_#JS=T6ry zY|)>~l@+isIvmna&{jTx_yOTW42FB)^a7yBjGQM8V87c8?Nc^;)XB_R%oJT&JOOMm=)*J_~PqX z(dC0jm9ETFaS?n)Q!_n%{~36>2xvo*&ny zx6?9NEmbq+wt2_+Ri;$z(S@u0MY-0zZ?9eI&2qQ5QwGUGFfr7AIj^dI0BhFTZi(Vq zJXfsCY@v7B$VNn}58YwwkL6UJmN};j>~P;5JV|%rUkqv%{uRE2==Wq6C=M{B^{mf; zel@Yx{24cg6(qN~wtcD}lGwl}>DGj_Wbhkrb}-^&ZsC#Ja6QgBufIQKFB!9F+P8;p z#P2k7nJxDmF2l*&`TmvCy8~z0u(J>tk+A-?hvJ<+El*0G!bS!;F}o*#I}$${=BX0n zD<7O*F}~D1KdWmxT(Lt0(Mr)3Zb?Jm9jnhg@Y6!ABipx{9ydYCu;#Kl>CF9+_!(*8 z-;Lh|BGoT%Ex+L+(4%Pz?F5_*ap-ZH`xpKRh5J_Mzq6O^X`*~JpHhz7z+O6Mv(zJz z@fEe=sS&uzz}#}bjc4|(bi&rL{Z8r@H!pp8VC-Cd_~uTIhm~M`#eEy_Z^d|!_;Tvx z?F*RIkMUMUl3O0J;+rcAf`e1Eg8u+XxQ0tR=p;bPG!8I92dMA(SMWFg00kudj;;Ry zV~^U~$A1s}Jz+Fo3OrE9#2y%D2g-sua%8tg=ytY187BY}*0Yw9PvmmXsraw)1H+T) zy6osoOA%sGM+AD;o=pl{get_JrFF$F11A_gg-l}@z{$s26s!?l32h^oyp90cqdCoN*);6d z^G=w-$Xw(fdL<*W3sd?k{{Vw`KW?Z#5qxU#7wlp2SHvj?!|xaFyYR`llL=#}4opbL zh4VNdcVz$!w?ErdQcbB@nRlyCZpI0ao}?bWYjGfvRqdx3{{VE? z$Dgz>fqX};_j_w4<%|$aVY=Xq{${-CZdviy#vLESpBOv=Y2y1E zHHyPq&8Djez&5&y0yk&)K{@{b$E*22{k=bDiGCY++D{hSY4;Y01eUs@H$`xMM#raY z`_~7#34eqNo*cXQJEw21ET!L z-mJ!B2Ik06cN2_LJh03JhZsJ+=rc58Rc4juc%z9&Ksi53gY9EuLSx*W0mTNi$41j+ zow1?}kaNkYGb5lZ3Y_DL4$4Nwz0RkmC5Ek_U5if;>C!FLobC%0kxqC$dkX&T{{Y~V zf42UW`(ggi9v1LqxB7mc@sq=L={>QH`CEv94wyeM5AD<+YHfR`bP@Yw;T>cC5;!zZ zA8E*mX?(s$r*F4uis25{&mD3P`4#O_Lj>MiFc}=F2b$rkGl=oVi=u1#Ua8@K6X*70l>Jh`{O#xRsTL+5v4I5n3Z}g2NsNpMq|?NNvxiVKo|FiuqUmz#H`19UjIk#f71MZ^NIo6= zJafehmIOEq4nHaY;;f=WdL+PDPb6cU`&UZ3(^>9=YCXFRpkwZzS_@Mu&8wqAS{DZg z8TYRr)nH zuQJ@LZ7ZCCO&Y=UBe9NEz*%;jeBbR?Uu^~u4dq9Cbu^7jlIe?l@&5cI*&TW{TPvqq z`BwKa?tWK}?TRi23tE`xAO=)Cjw<9>VqtiA#&-e1_N3j0P`S4IET6mHg!90z#?sU6 zcF-3)CE7V*Svg$YGrO}A>6Wa}JZ^Rof-B1J^|`0MmfKN{E@Bz$)qa&FMcB~ObhtGF zjR}a7cpb%1@kOoPlMHup&YRWtY|kM2)Jk0rigG?T_^B!JE|+u+bn&WqZKNqRvl3O5@Obt2ugGyxwMirPoU&JnKR&)G zom1e~i4L*g$G^YuEcdN5*_6XuDH-67!xi(rpNwq2BKV?RLr#P(>)efl7$CPCSDzYg z&PUQf`&+@bI^mg&8g;M9gZoP-SaZaUf@xOrVF0_qW_6L!pM+m8$oO8#MgF^+^&%fx`g)s0K1+Q>QlKtO5m$h_32a4`g`EFh~n0KZ=hL2cX6lB<~Pi% zovr9`_04_auxl4;#S49>I3>8va_+}8(N9#<_3;6XZXpt?DRL@+>nU>4bRlpwU(OFL~|HGdD?@8HQPxeo^=_-cCk{dkLOPg6`MqHYaT;gxEFSJSJnD_IX z`X74p?+|EWBy18fD`IX;I!*1IBU7p;%b--$mD^{)VFdR@k_B9u>VX193TJb!fi^!)4d!^V0; z>pJ9`ixtcKxhIj&aa=fw9=08xV|n3;t>#HF6%>8@Qio z?S>qh_UP2^e#uu6$wAAjKYjcy<9mM`_(Q|i7S=Y<+1o^_n-AXLa((!(K#NW(6e{b1 zfq~Rlr%qQtK7<@**O}!X6Z{_}YA@0l*d82!Gx%48MW%?PQ6w%m9Q3Y-6YjEXPrGAU z4K7P*1kD_~Gm)CgpH+(6QSt<0K*t;(yY;J3KE{;PmC>~Zp>zanSj8UTbLq`|Gy7=# zKDh9=i!@)_A4Z75zSb%JrH$Ur>kPqoxvx({9 ztG9L7<^KR{pV`a9UmpGsc$WJ|(=9ar0Erqr4S%BDM4Meo0!(GPkU%3I_4z^YH^q9L z&WQlMo!apj#c-@SM^lC$m^Hy#7CoAEHf;5uj)LD-_)V?6q8Y61;xbByl3V8avF(BS zSH$+8@h|Z0rJ5hK2qXeIK)}H~ZX??jg*1Gx5l{E2zK85*?2FDZ?TP{&UWU*Xx zn(nrTuZEXG_2!Kt>K2#!WN^msBBO^ND`en;JqR`Uq46a&EgRzJ#;=Dhrd!%uTWcR^ zfkDcy^~(ScZ1ecnEm++88XG419=q^YT!Pxr{5QW){u|T_C}J`#T;zwxVP3a$`yc#7 zmg%POo~_}%cGg17BgsOFJ;@d4)T4b5qQm0hP4Bt$$Blds;w>gin=M;NkA1OZI}YL) zam9Jwo1oa<==z24+6AQXZX+O##CFH$Tyw*ox7Oor4hu`QyVmtMZG_R>z|H~?KdpN| zioP7*_zqnaT|_COsr?Gd0JwK1Pl=dm=b%f1boV*y#$67D%8_=S1}oUdxGq1jQ1I3~A@ z&NhphW}z%s(O+4)f>>BOxat@l2(Ksj(W8Br#87-olkIa|>QM+Lokz>&=b;0+$LcF; zZ=v&<<`VRr%=-(SOTf*dYucO=zJqrsmvG?o7ol%K@9rzy{{Z1x>E97;biH3jXfE|_ zuJ-NcVO??eeKK+Ut7is&T~*0eQ%9LYCGMX+<(2Kb>6aGLn5T|mjf5P2RqH+(v(+yx z1nFmYbEC-SHl8t*U&gSN7JZfr7Z#P-e#=nNv`4$LmJso7IVS{zUjG2_hvJ5@;p?gG zyf=1jbo;nGnIR)7AoSXOYg$ofPAdl*v2kawcyq^kJ;t{BUZQ@%s5vgE;{s20^{={q z9m;3$edX*=8%1oT!!h8Fn6E;S`9^hsblW@wP}c4)HT#KU!i9W*8yzd?uL|ps>vlGg zlLK7F0NBb7>g$WK@)h)UAL3sL8^n9coZa>$E-)zy3#{i8g0@H)p`@UESwSl-y) zv1XQW^TNkGuVdG~ewD3{3pC4V;^@l{U0yOd&l~GEUNm`i%|hhQaQ^@?C*QSlS{3or zG|fP~Dsi8gjxkxwT@Jh+8Z;?Jl|3S~UWb_Y7sHTiULe*c5;`d*_Nm~4M_Tn;C?CUD z(nD}&xYJ+wSm$rh(oyJobn3gyh7z!o2Y<-Tbqz zsS`ch9nZ!NeQ{ab{c{OYl=X?9Yko9gFSRD0aBS`!NGuOedeSyJ zr$Q|>kJo?MNA{M`ymMjU?}MKoJVBsodNq<5V$>HA%{)6W6`bd2-~vbVtDm(W?Cbjr z+W1jF;R^7^jqyfliH3C2rAajlB{?Ekri>^!JyhhLIjwYSQ}{ED@Y%l(@hwm6+s2(n z=Y6i5x>nhw?;Aed56-Uzd=}L-fvVbkAo#66f$w6(v1z_0M=2_fiIxC?&>ye0cz?$q zhkqNi>n%^h{{R$x8>DL5Hlb|K9mbHs?b=*qI2Z?aACayq)Y{nog5XaRsAg?p@lp15 zzX#skwdnp$pPC*K)ov|hi%z?WYgwR?;F2j9YbjHXN6==yrDZo(Wfbm0bJn?T&($Xc z)r-1)ow_}=tpfd_4nZ6hKF6(X_=;&H(q>1Q$&D}zIV653n!jrHII3WwyGM##9~9nP zXtLeOCa$iW?NlD_IlOzT`x?A+r)ks zm})Re+!>-H=2Cw;)7kerV^TXKz&-$cclep7cpB5gQ+Sc?v{sDy5wIKW)t92M?bq`) zJUV1XdD(mv|^5w9eUj$z)%@#IzOH%olHvoTV0$gffd<zlkHYL#+6p!@91UV;!)&wz>c; zk-T`rRr@n3YGzwc<;ehLF~!gvaa~Me&VRWg7susN<6{{{Y$jc( zCH@nRhJz`bE#l4~dvPL%4UBfpW*b=IQ1>dKPu^+_#_9fB-6N!hqUpitD|%gi8FpFu z!XgdfT)^)ff!K4+W9ia)vpUHcRR^!BpqC@5j^YGi@(lZQ{A%oP1hO!aMUR|< zO$16twWgzOYrHJ*3=$I1yDB!)Kf4$FT<;2rdd7?58Vrol-6daaRiRuM5mrHj)t;w0~FibM{gwN zDN1g}?$yja!CBXPvnV(;xtPtkEF_se(4k&GZndlZlXE0C*LqQpa-7JI=smj9Y(~At zy6qa<6htGi9SuunW4cU9AdKfc_oN3q;tfkiwONGMB4*fdsBwz%Tb*9w;iML_Iz}=8 z2dJv$Xy}SFTE*IbHe@RN4dio@c>Zxo%sT^+h0=j8_9^Gw&QCpAnDRZ6AmP6m@E6=MghgCOi4y(iQ&G43OKUFuD*OqcC zI9XqE5Oa`fSbR_8&yBt*w(#%4?*sUc#X9ugx+$i@^1*IP0lG|Q1M6H47iUtL`(OJn zf597*Nxag&BYxMuC688ICB$AC(^!R(&uO|62cS6jui8HV{2uWpjcH@x?}dL4bpHT_ zp9pP6$nPR$j7q;>T<1CcYU518qdk93u<(b3=eW{zXy)+_x?3$h)P_xrILZv359RGy z(|j$u*6!i)7mV*`xq%MkuvZ}o2RX-o#PQ(^gJlU_nASCkDC= zLtN7IJL_#c=?D8p=OQ_!izsp1Bw!leI|%C}y|mLUE$(HD$-O-kHdU*J)xWegt+T;# z9gV<{7m7vsoqyS_pvkeAZ*DE_9@-e4Za~X!1Or+AEb%{w^vyXW)NUY?P;hoa$M0ZP zu~!8Yw>~xam+=o>yzuqr-9`Krpd)_z^fnYHe!WgVE-Ud<_K*Jnf|~p&{hu_AN5g*$ zmVbz!5ap5Mp7hK}M)hXr2S4W(+e(eel=~mg$Ho5ukG~XtI_vZ6UOMq6qcm$Nk~>CX zRW}Uv_UT?V13WN=3^#`?NEj{kuK2>n6P=3E6`Dn91|3fXcBrHqVWZ%hW-NlH`F!RT0tDzyy#NS z&;x?fIpe=d{*1q8PxvEm!4KKP!^z^$+OxzOU&IfIcYqkIWR#0&SoB!X;~epm>E5_& z)##5_oGgBe{3`Gx_-yJrR)MG=gq{_ORWJ)v^4vh6aez7QIrOf##-A5-t6K|AE5LsY zSHw56xr*al5SQd}yFD?V!o1XUnlgA3;jxcM@t2A<@vUo0m~9exSVhUt2cbMy72{8e zTItrbYb`IsR=Q_`oRpZ`pDe@u(p3HL&YECzy4Q#_Ei&mW^aZ`vr=0nW@r0I>Bd#E^u7*j~mLE86HHWg2~tAf-S z^Y_Hxj2{ku8l;ge^LVRNOqP|T#6gE;_3dAje-wXc--wH2iaRb6fsNODNe=U+ox{3`P-ZKsOI?KvNEMc|5v>O+}k%fMb5 zTWd&cEMd}hOL-W-k~Z%d>5B9{bHjF$_;zVz@}-U_!#+pd6{oW>b3D7lFzMHUW3>^_ z2LKc~09R|Scvc%rAGce(V;_5W9V;>~bHnd^U8-5iscc}D)lLXKTh^}Fc%M<$bp>GH zDiQLI+)yhTTCTq=GNkiBB`U)JAH7hw{7hCm+2aee;rOc2`Xt7)dBWeyh{{ULuy3%!tEhKF|-YKr*8;m9J#e3qmGb&nZmo^rY z!#Iv2{{Sf@boR|jZK&!uVUjN)*Xf_uqEaSI($gZk8C&FyA3ws`81=0QB~+aj7?S2b zg->dj>dfTsWNKUHkzF*HgB*X;*NMaLxz0 zr`~E`+LkS0ZKPRW`Ee9N@%`RTdG+f|3@tZH(ybAd;Wo1lp?JsRSrS`ZT}dsqsB4rg zKqU02kd3Vu!*_Q|R_-)O2g{AzkzIQW_$?%`wPlVyyGD7z_pHEvgQDMB#=kqyaKq;c zJNs1~PS47oVR4uVKRAB5r_8|Q?ryDOErkrgj(Txe_jcCrJ8byE5yzRhv+h%=Zr; zlrVBmIPF`P6!#^y)NgKQ5!y!5U}qp^tLnO)&BGYx8zsg%VuMpI#x-#?msbn9cvT%u zW!P&|+e+S8^FDqHeQJ4;GDd#CsHM%^V)AtIPETGIu(d5K&$fA?StX1v6~N-6Y|oXP zw04@-mn$E$eWKaeV8_%9bDEA=?XOjrbEfCPJqS6jSGlB9Mz)a$_DanOb8`!E^Ny9P z27{%%ruqhw&P9FrQ^rrVAxc&+{{U$;GKi#y+kQBIt!e3&5zU>G2vc_A0OQotNX@gd z(weShKVYL+^;jjXh&qSMPd$XR$pk6*7!^3MqC$)Rc5?wx5gf7%m5 z(8aLeDE|OBq|RA8pEu}!3|${yxz#*p95)ck&c()ZxzDaU;=7$ENU^`TxQ9l)C&`P< zW%kcbJ*W*t)O;~#bqd}+#1it+c}JG%$*)WB)`z!86G?X!rLx9y#j?Y;0PCLATpXCs z3eMB&kETO3V&P;`2_3WjYqI^LyhY;uBf|Hd0B))`ZMtv_2#F zJK^nfM~hgGQqyi4?p8hWTmjdQrFMP__?+GkI^KlZ3Z=Q5%}Lrl>l)@nb+tR#esO+$2ZL5Q~Y5RkU`DfxMfi$^1Zw{;B^nqeqfM04HGKS9J4?U_} znY1w0Z2G@d__g87Jv&CxZx>TbDD9L+6ks%)er`xObd1SqG`BhOTYP+} zJPZOo#b?Uzar-+nvGMo833Sf^$*4(ZJ+;iRAG5ruKx6CE9-LRmo)h?W;@wW=FBeLb z+Cw6=(l-J!q+o&WXoU5CL#I7X_v2^$Bs$iMrRpedA-%IAIn~^%vH^kD{A(NbdGThe z;Y~-xvn7&DF7{$&91H*mJoT;P+~|z1kI)~6x6t?t;jX#jJqt>XJ@Pf=(<- z(sb_<>K9F@NwV(e=Nq$vPB4ABsV>LTcOM2k5eAPpj5I52GS43SheR1yILJSaE0xl< z?IXj`+u2s~Oq)aRaQUgb~PW-t-DKzfth{puo)S0SeA=6f5xC_Kw>M%d3|k81L{^ed#1 z?dM4gsmS9MN!X|}t?-VOJoZmKk8KUSWR2VTBy|;=@a`Qi#vd3hv|UDdVX{#osBGcf zb|2$g8Xs5cKMy<_JW-?Rms)-F+BSZ0@&fAIbS9|dj;HHD4+sCPRDP$JVz=iFC zj5ir4nq>1HC#&mU*g9m_*APu47VEiCt_JLM{SA4(k*YSnWNQn|!Ei#dEAVS66l(a7 z;qJ4d*+`cb{{U?hHU~H< z{{Rwn8RNO0+QDP;&T=-l8ONsw^slgWpNl%ifjyswt{z*65?|aBrT1iH5stayoc1~0 zH`L_3Z)M_d9BS=%;w=(c^p}V^nnVFe9f<8-CFA4ZO+V~X_)^9_I#`C=lvfN3jt)I5 zo0i)NM%ozqw~8zwO*>VEpHGt9M)?G0TpoWq`eVYL2Gss9X;&%XeI{*5SZ|d;KPr*W zLEAK3tJw5y58(c(@Xl*pI`B;mv_LdbNIqryS2^)3{u2FNbg1s6ztwaWo6Ct1l3^$6 zdS;8JTxD$!M$ms}t1lS%dOItdtBo#5VP;7H!7?AGO8I}qUkY_kg`Oe3(Y1X*>I}PC zBrW%W=cQSrk~uv}_d(PwesiFRpuHt79iq zTOQ#r!JiOW{2bG-?ImlSVpw;y8+Vma!3PJ_SH}JUyx0C8__priTNX`3GkvN#V%xNH zj1Gsb7t~67pG^33>+1oB5MjL_UGW6N$1bJo4j;7^N&gX6stDZ{qrSb)JQ z+p&^)O6jwT@F zhwWkeCU|F5*6w3}iM}3%G~Hex;obI(2X6QvZs+}~`)YgpjSBwW^51wnzVi0=tYx{- zeV5^_PS?eL7PFj6vrf_c>-){XE>-H(|*X^g4UU)}WVe><9 zqar3fb~XZ>X9EWZ70rmH&l@e)tJN9QiTnV5(SHoQQ{b-|YkmRo$A|TA2>9nhx@%oR z%5=jtiZECle9^bw3^*WyE91RaOqp1iop+YN3^>Jf(5cNEoK;|A%V&jX<&i+fPJ7mL zaAivF!OtG`)d_TGC$lfCS&=ZOr#Yl;(Z0fjic)tqL*##)C>s}!y{g9VkxDi(>DHju zD#K%D1OVIynol)HD8s#ZkBrtyG_iawG zL&IJe)^%?Uz07)dhkQ$M_M2%B9!$WBf&|6H@ zkjKihj3lIX+!sHEWUp~Fe=8m-@V);4g?vS=cvn=8M7*?_;}SXMc)|Hx4@_dQG}x9b z#~}xC!*kGAp-ybZq)gk0(Jm!e=H8&3dQ>dRxk8Ha;~Wl^(s507Gu*ljyb+(qowb!i z?D zkxof=+tcQ+yMN%Ff3(Ml{{Us5+5^Kn{*`iVG+j#VZSHo+7s)E$A)`xF=B`&zXA+G~OHaDHouIjYGftQR)0ArbrT+keyZ*+uzqGIH*LmXoKS{XNekJ%e z8Eyf#1JBfS!ascpAI3leMF*Ur$0wdSM!@+Zmoo6o{QWHaO3RR z7F|3NOGXI$!``xIi6eOA5xN!o-2LP9?OpNM=H=AC9nh5&BZdN@ivI2dG21aj-TWi1 zF`WuG_N)-XsyFmLwNmd*zOr(XTf9g(2d-!xit*cAE?uVuPdpAms3wADWMJk-&I$CO zMHQB7JEfP)J6q)^*A>~@%v#=Chez^w$OG=s1=ud<5+%iiss?>{HBVRZ4b{xBMSjw= zZws_{{{T3ktLb7(bht)$L5P6J&s;> zCYb{nW@+MA$3TAd1t{u8XCPHeWE*qe9qVe_Hmn#Z+&Rgh)ZfzPisZ;wNC%$Cd-bcBuotPMiORkatgKw@LaEHS#Iql?pgNpq&( zv1q}Jo`CePNP(^IF0C$Q@@~A+q#-#BbI^*;Xt+I3mOp51W5WLc3pE{DC?U3vQ!6X0 z3=Ql${{Z#{IFEOlKb?R0Hc7V`w2T#7jd+}D!$`$d0+UM$i)S)mtQ z0`CoS5ammr8CZLq{{WL-T}(!&u?l(~yWt-kX+8?^w}md%Ve<7E5?e#TRcwr*_v$|i z{av!SOZXtv;)*4q;br-rrfHeY?1Wp4|?qM`=oi} z@)=>>!S=4G%EvVKJGRp8H7hACZ&h6ik;hYCI_mmQ{39BqX4H8{JCmG%0qI>d=g{P; zde?`%LvgS9cDWC7tCBN~)Xjd+P={fGPu}@}Jc=bNoRg1JM?<-q21&kf!;U(d`g_6p zfSTGFl3?980(q`x%q0`kBVju3$3apF7=wY3J5Z$2jf(E5cRMFO!o2UqkVP(4cAh_4 z(i1KVQ^YlR8VjbEcL07>^Ph^fJ!4(?fuU*|c9nCjTj=*tUECN3WQH|imgBIlsLMlY zan$`F`04Q{M7#KHHmPN;9Z~+mE;Rg|-ctn|k%w>owSH)L8&lOjA==sa#_g_ct*#3| zcH~5?4nICCn!H}evxBB}-ZSvM)9E)B=K6M+MnqRD*MY`AO7S0sULNsZgnUbR;{9Jy zf#!QN0E`SAl5$UM^Ze?tcy4K=&$`Mmifu&cJVmKpc!urRN@GIbF+Q2CYk4$nH$&BK z3?kxa;AV}pf*T#H>Qx>@l0TzzN`A)=8c6)=@z;tKE~nLRiX=?sR|h%d*9WKgy3XeQ zHS-mdcp*nP!KVwJ{wG-2{f_;Mz96@Y7C!^asabz%K#cI2Fot1(c8`8Poqmp#nlT(V z2+)+kIT#|nDhJJCX(cAZRWv=X*mw-UG(PL$ANfn)^H9XT}d2_!mpD(DnO);yYV7 zgm%v+bBy=*>0W(G);(HS3!Nv7{yOU(If1O-PZ}~YD$&Ow!w*r(uadqo>6ZGHhKFZy zY$wyCjzc3B;ui(6$I}&u*198UVEJOt(a-oMZ^nH)QPOo!gC0EA<6C=p%y#K34VMwI z;Cl=Y(z(x#+B1AR_|2;6vCO)AM>&^Hx!OY9LQma2kJH>%s{C~n;RrrlI~E`x#oMvc4%XM~R}x3$!#g%qNWG7y zMRG%Pz~T%uaZ*R#zX5(A-*_8b(x$V8E)f_-FjvR!&j&uE8L!yS2&J!#G?mo!8UE8| z++Yx04l{xW<6ey^A2B+1e9YDG^wJ--+gwKR`7*R*NVq57vnSCRyi|3;aN-7tL*#?U zUbWtyhh-;cq3T{7(Ng;Q(%C|1CPTbsM$w*sD*kxBIoQdo{?b1ZwT8G!oo@DgoeOi5 zk=N3>>NDD-E9iDU3A5JkFPBg7>@mr!v@T;-I0UMe>-bmDe-FQD--%jggKgol7`tv6&TGhgS8Zzg9;+>_f-Ip6 z6Bx(Kj{g9qbFp(FhBT0)+eXFe-8l@z5Fdp%Ey{D1o|>%JSl7J4^`to2xm z9fo1VY&#RjrFjOa@VCbv7=ag7(OprOdd&`6IR~gUg=!4?9432CtW~<7FxhPxoujl_rd;){Lal)_8i_{d6_gt*zSc zM_D|%C0;@wLPtv1pHkSqV($_99`zA+Io&&^T+{E8U-@W}s`VSX*6y<$J}U6t--WIk zXSa7rp(=TbRXi}R%2K)FW|95GqCw-21?v7F@T3+n$99(OvNx4sE~6f!pyNE&XTYr& z#Sr+DPw-{Gh^%xW9mxXfX3TL$IRN?^^(n^Z;~3`QEzhm>KLh+bPl}!vkK(V1VuwkR z>14jYumVJ$5V;|-+dFf?Bc8SHzZJYg@b^Nq*KNKJYg%RJg&7q@f)V8~DmXbELGQ(N z`vZ=KXEijI$Hy8U!VidkBCymvRJuB98dsaOq_;U4Jvctqq_&sd7kx1XnR8`z9DtI^ zf%x{Uy@B>PJmxZXx%VH#4JYBxi2OmI_@Bl4XZEIs6@}1^fO~0(KQj6b_4IGYjc>z$ z0low3-Z%Jh;$IJVr%RQUCDW0@$*{Lo$$X^J4CHPz7 zTt91D<VJze+%or4S}2OMk|soZIycN zj~K}7*QaXvhvE;6H0ub4g{3Z0hS?Y&ylFUUa!|&?qm&}`i?j8zf0IU6fiL9I^*F9$ zB@ytg{?PQVrqa^aQjDzOWrdfh?MET#(PxTyv3Qcej)UJFrOYSh_=N8qU8Cn_w<&?U9b@fg5D@ z{eMcvP<;=tp;0xd>z6+c{6xDoBzZ5Qh;KVd1xKbuP|$o+;vWs_hWARqc0EM&SZ;HQU)4W$bmZhnHu|sgMta2YtM^m3# z-0=SZfIc8cuETYx_~zc{OVije)Aeu_WF@}hNH7L--}9}!nf&9${vA-l&Qk@lHL~n8Jwx(9nVVZM=GxF ze>uMgB7zMr#ZKg8LVzBif_qodR`NZxEZG5@j+w1v6wj99J|lT{Q;5c1&M|iX029(b z`7=b~Czc^1uH)ArRB&J3+DKL*l+HR=t%Z)4KgzsaOUbiZ-bI>rX$~BYPj97dpj1H4 z#gKE&chfwokEzrD0Bc&Ut++&3x()~HS1q**ZR<2;UO|J>wvOf_^#Hd;8d&hT$n>o3 zLqgN#v^QU8Wp(6`c&&_NXUiN02=*K(8R_1!EuK#{Qw)-B2ODT;i9HU#OVm85iMf$c z@6H_{k&INmfvp7|r*yA4fXx3^(z5s^Mtz~mZjSjuSg zyUDNQyGZSzf=E>I*}=!t71mi{V0A)=i+(1ZN;8s-j&m@Lu#|x2)0M^o;=$y|RO=x)Iu4`uPE$vZOD4RIz z??IfS)Rx&dKvhmj{VQE`IPasvJ|#iCgF%^_eWJ^3i*QIQo=T2Dr~QjSmd(7_S+5(F zeEr|Tf}^?e$H!e-4KGPsNfoAv@>O%lZ(qKpwW|ds zr1K*Y5uBe|<`!{#?{bJ&I91Q^fkF zm!)VH9vil{wewj+y9^VOJ!`~u4JK5DC4lY)k3PQDJgm}7L6Kfu>Gs5-Ac2-q-n2B` zY}`UG(r+RE0EtM)9)wf&W+rcl_3H(S38Dy&ppTWl{{S__TzIcgmvnHFfN}DkK&#mr zLMD7#efFa)l9iTHPbBp<*l2ze49aDPAU7cPHOo@1j{0=ZOuW*pZtS4b+Qt=?QXFpxY}4L&nKy`KCN@2Fz$BV4)A1l5JRo%afy)|?{Zbn0l@&) zXNr7Z{e^fTvb=`(Pq+pou?xCJll_s&K9$a=a`_SZ1^XI*!6*JQ{??WnXT)!d+ME0< z_%Ae~Xl-tIyt{xNNDaaRjAZuhU(o*m!!L%v20vx*55wSJ*+<~zq?(!mZ+WN-QS-9@ z029dFPkw(PT1GtyoVp)FTKJd3Uk;>i6?{h2qSQ4@h2AVmZysR>fCoK&k80J^^p6w% z(3Ua?Zf`yx_*2aeEzyiGA|FNm9Q$UqT_z^bQ+{u{l|tiyEooa z;vm9B2OCJ|^sb19ku95Nci$@I*HS zqqUA!4J>%TW?}ja*TJ#J96oD2&2@0>WRhtZvpFZJ&3aIZS{$>PT1R$gJGjpT3aaw? zV+yQaJmR$EIi*lmSyy8?WM<^?)}JD)+n7*+DLEWc<*|&V+?rTE(d2nRTg||142A>R zu8TA*s2HdnN3ABTV&rMTr#V6*1;EP+u?3Is7+pxIv}Lk-XT2#hqfGAn8Q}eY#=ar6 z@E5~R4{Dx2@r}y_j>k^<-3uH7%rlO){R#fbpYTFo6kgbApAo-ozY*E^cf;2HUBnt5 zoi<)h`z{!a6Wa@%*ClGU(H?~=cGUiXJUJeX@Wa8{cY=Rr--j9}hCD3}B7H&|bU_|C z+(M402cAjBb68s6igdjO*5>ELUL8LXb@HQT0dOVtJmVSnuR2F$Zj2aX*EQC%)_i9A zW{;&Y2m3ZGZu0v9+lt!Pe0c_wrd??s0JB{$K#=X&P-HIv~}rx7UG0X!iY0TJQ(h_Uk z4tb=qb|gtCCAsgMn%lY>eY_COGqm@+fNz%~jfm$nb&Xc;NERa@wSaXaispXTb8`r{ z)1jJaayH3=PvKX}nNgL_3&kEi@VCQueNV+&)sC&HMw`XBJiMRXZ$s^02mEFIr@UX| zPxzN;@-Bzr;-!VWV`*0PIQFS>OH^wFe2|jro+P=swYY@b!66cT;!8JjbNE-Td^!D_ zwXJsIHhVZU-95PT9SI6OMRUrlHNB6%ycO^hP4G6J<4;RHW#)`T*B(jSpPzc!v;CYj z$@M!w5#N2Om8Qxpa(swKT%bIDG*d?`=6yi^7tyrHY=)I;(n5%*_lhzb9Q5s)_x}I` zYSz~pTH0y?(gs}NojP&Sy5k!hl9A18R@N_na3V`}ZNw>2fNRP%4QA@reM3alZQyG+ zL$vP3LG`L+90!Iitb97sL#70U8O!YlJ!;0g;@jr8n@^5XZP;Y5p{yDi;gZCY%;}c- ziQtO8V7E3`F*U57LxY}}-AM?wtKUx1i-uvnPI(<`PfhWihN}b?GC*Ny*l%OdpJ7@? zR@|t@=AO6XV-19w3>th>LQe5G05(Ud{Oix;y|C1+_RHo)bfn}FfNMD}hKd#>(>#d0 z=uyB^!5z7)mO5^k0$-b3sO@IX?U*FWf2CsLH{@5d@g|cTdWMm!S%0SO4I7ptV9#Ge z(AEU{#+RqzUQq-j@=r=ROxz8*I=+Hn|I$wwZe zueC*|YEN$LTF|Hi89mRf7O^1)tonu1TFVhrA3_xK%@;{G+mV{}VnqabK?lxzbNSUq zRyK~si>+JjMmQB9ide^>U(D5*^%T1?!tqN^qRPhk2>niN%nIL zk>eZ;^XzI{4-r_$Dzx#Wk!R;P=xY|b0ke1FkL>aGojw!gw+)3E=hM=$C)01W>sHmJ ziN4B7`H9XCy#qYoSg|lp(S{7lH~?3aYkFR|&Pu6WJ)CbWGB)}Oe5~k5>-;%ogtuj# zj7I}`JYv1s^b1Q1TY2ESj(dPN76bvv9V-VBGZIUgByEzjB!l0zYU%gZHcHQ^O}0Mx zJdsYBi@P~pM^m+);%~4{&jDgrcU*hc=Z9==rboIA<7mrd@GDy}ad^Ilo1T&1ybZ8D2}$C7z!yU5ZBqKf#I>qU?4+H8_Y>bb;yTO+kUP4N`|B)MoN zQExWV&AoAx^{M7M6f_NX()&wmM;DMhQbtJwsOJ@pZDXoWB0Z!0x%q}Oky1mAjVr$k zJ?6)pzm^CrpkpLgO%vH^`diqq&$NtZlk}|RE`-?Tw>`I+a~xzv$lAl!xt%R+8uxYO zqR5%~&>SDY)?i(}k02~zwsslmRV7mzGqg_0j>jC+NXAOcOKByY;M?T9K<>j1ewEQE zcw5VWvgBlA-nU4JY;W1=l1k|FF3b)Zw!h&Vg8tRxb}uS|#fxJ&tz#5qrEL#Cyo38Q zakh*igU&nFRmQaiqyk|hJ;NN8WyU`m!lPC$GHm{Pbj@A{WQ4j+5o~;?73#hPz0|a= zYE{tZG8xs2qd&?{IM4a*Uqo|Dxy2uipB63k?R(*zdi|IDBiC$(ZOMZXB=Mg?#aW*E z^TGPYm2rK#cnqqN$Qz6w;`gRQrjMjPJa~7)-XZu~XRK&8&u4vY6i*`@gu7FcL;7^< zUo-p`@w`xfY5xFcBr$o)_R@w?m&ob~=O5unRyt1;_&Zx`Tm4Sb`7Jgo$b=40Jb*e@ zW}D(IQ7oadjvI@)ScOon#!quWq#}>6z7Bj6jv)t)yhEuy#-S{tHnxop$k2@PeR!`Y z`1RnA6ZjkAjD95zb*^|nP(c`!zU8!G(3+lYY#z-s%e-%|TzFfpx-N5PU50_Nn7f1pHXh)>-v3MU2~ae1j#IC!y)jwOU0e*wgrn@b}?~ z_?-R&_;0Lgnmo|pd2+CA{(u~FSM{%h7P>9DOU-`Wb;z*Wozy8(JB~B-q&F)bYvSJs z*xp%NJa@LYQO=uoqver@2P3y4xjzHgYQGNrLngU@B)7K6p-MbsX+h3?&%GBjmZ#UB z5PxYX{vrG_v(x-DZD$0dDI{V%;I0M-r%Lg^hrbc*boe3AwKTJXP`mkEWg~XrdsM}0 z$W&R>d}Gozd)+HdxA5~>+$6_++!HAz4w)Z^YVv;ycoS8I{8_JpSx^HQDe|+A{my}ZV4iVdz!Q)l0Loh z7wpmDZx;M1hWEkOV@8G58LsW77?7T)AEB>k{hI#(V*daK_&30lYrY|G_(}DfnPj*( zix}M!f%ijpJanxhgz76?^ZQ?gUKG0cfveo>i>m`>S?xkT;z`aj4*+m#<6W+eVXiK! zAM7n}DBK2i0mwg~r+qarolC6`&R-VznLJ68YjY{n*sw6V;1iqzMPv9A!PCurrp(Tc zujUY^Xaci0jJh9I>h~~34w0nl!Z3h^SI5l!X9U$Pcf#>sSwnxPTEZr^8ARk3Q~X)) z*ZEMLi{?k4&8@UENdnpZvi%5D0Oan+3;e6;?}a`I)BYpa_*+-;Eu{K>v1xO@R7pu7 zbOE~&RVfRY`_skJcqdBuf3EmK9X1(W^54mhX%rbFJp(E1Yx7r3{gJ=2^sQol6l%X} z(cRkW-f{AUCy=Crlg&kmDflDdcYrTnQ_*}(A=D!g?Y0H5=-J~3(!R_1eW_|c1iUeA zW#KDvIh6t{?F__cx%?@R&Y#A9E}zBvMvJTKx=;3Awur(;BWRpt;N$bJV)%dX-$e1B z!yCz#-p!?av=XC@>mq`9_B|^%4cZXzgOXh77n;w7{9hziRxHE^Yz{%-a6ZZ!Y8Pux;Mqv4f5Qfe3Oeo1w_3N6(z45<` z{4J-ah5rDxbsNnHp>z_tZHKVqwkR({&abr-thl|u3fF-GlD^zi^i5a$BUsXPFEUu; zigYEA@q$3+x}&(|6ZO-<*Rg9_Rh{BbCC2EKvByJ-?qP};qbgaPk~;RHp$8@7F9}(A zyGgv!@6u+nnFx?0W4HeRUcWrQ;atU}UEgT>iriV+BeZDp5^|vA9QEm3u2x57INZd( zkXm0DZEj;*b!-=0gOGT^uhLBuUbFbc@J*KPKR;2^Ve%~iB#^_5ob!$kKGieW=v2>A z{{Vtp{?@Sm#-FxEpJU=lX3@SH_^qPTb#;^q)s*nx zX%nK{+DL~XqHaO{pM^xWxuNM_3w%o+m8wT;G5-KZf8DkZLTl+=TTV;J7D$H6lwk3= z;DS4ffIpdE_&6)}B8$ad3h?Lct>7&^An^`_(doW0iY5O5kDC`@i#bu$qc#qCA%~@Z z8Qvw+F0C(bkSr}~UwyR5*;y0RS2h#fl%V=MuSc)vbDpPT&F4kQNfXW8j-slMC^LF) z#z#?JiN`cOT(AtIfO`7S(=mMQ3~`P}N({*4jlz?R{xrzJjg?FC$21zoM2@A3f>TC8p{s@u#YRCH_e%8|bGVz|HYh&TqYuO=LVv&5g(2f~T6~$5}r_Ns#{0-s15%_Dw{ut9Uh5YT9k9sTcXd!e6_#vu%3GvP3(0JQTzK85DcQ)`Z6+ntb zW6JNq3Y-z^pQ!!lsPkA}4CX&zfWK)Z*-;Z8BMgZb3cm5S%k^Zx*c5o#X}JXt1}ad4A( za`Y8ek^W?yo-k|eJu6d@kj6;`21ol|;=AE9IZL_JTWba;iZUg9@q_#|zNnYbHUftu zo;&;3LXm@J6}6Mt?@0*cpTe{)VvM?=8<)0w)}lJyAho>AvA_m7c zoKOc5btEyX`3_}OIOF(DQ-!b_&VQF5tpH`J&2e}`00N#f+*aiCyl_3BFXgzyV}Qbd zEcjN=U9-d_Zzp%i4{E!l>sAu#y4I1ZScaJbn|Y5LPI(^v59TNu@;kZWwYjs5C?6{0 z3*YNrUE+J|NYRx}$pHf&)`MuAWu)6!D+F!ajCQV?3ubgy4ax05%NE{DQ-zRx{p+r_ zvKpCdXq`(1_4}fLF2|w^X(56~kIF5VHLraNs$0AU8<+!-dF5~@DlW${bEV$gTuVKp z9m+Ql25X*<@uo(V3D!2V=!xiJsiM?;!>aB4Uj>Z8S|=OuB7BFzSlfo;Eh7_ zM7p%O)A5(LQl}U`{V+3J@`CDnm^~Ukf%s#rc(VEr4}3+_(%R=!(=QQbP~5s_4ac~z z+s_AlK=?P}3;ion@y59yhitB`6v?!0RGcm_52qFITup@Ms+@W)Pt>?}w=67m-xYu1 z4DdI@hVh1rthTeD&mj9f${e7{#tU}pE9M^+Y918v?|`Jxd|@0KmX~l!qFfE_YDoL( z{uS`G@bXOk28Bz+{M)vdQT>^ID(F5TDgC+NDJ}v$QIe{wzwcw${{XLFv;HO4o58*g z({<#xFlgG;X>n;53EHiK0s3dHd6j9(&rOc#Ys^l4>d?m0MbLmScq5)`=kadGqe4f|{yFf?roVT8tZC8jy+&u;qo^6p zc-^*{W#Zj8R`8~~X&u##(AgY>eAe=V!C%LU@_CP1o4P(fhf>x&8RJ&)cE4`ntu9QK zvPijH1HnVs;8*IOz^{z9cb1X(cUiu5wq)OK<#Ho$O!^w^!;@Ag(qC(Z|s(TpTj-R zhjm@cCy{X(D#IPVmF!m9rM|JJ#d3gogzau=OJkVQw$fzs{Nz;#dFx%5hIK~LZjv^3 zF|ok_bgWFJ6W(-N?==fBZHJodppH3IGLTQD37qneQoDq0;NTxh^N$xScFUO5DJ$1J z=Bhh|J=Dg1D#2PSJEX~|42qjrb z>t3wle#?QUHkHxyPsWdh8b^=(J$Y~N`@|Mj-Xc_KlFm<*G5+S`U!S%UYu+2wZgdY2 zS+@esynbH9m;u#>_zkPR?>!bHi1+A9hUQUbAUhffFC%KT6~~YT@p*K1J{i z{{V~s0B6675U#ss^Ft|E1@t9~JVA%dq-O`7mHQFnO=rZP8om=;OC6+IzM)}mZf$Pb zG3P`Te(7$w~=M;YrEVQ^LxV6<3G&dhP8+#Ff?kncM7g^eC z8noJgjYIi`w|{)pO0I{iLkRV_-6i0$xqk!&mrO<4c`) zN{yGoTAaRoQ!gSHCnqMejZIHKHo)GKw?nD;f8&eoH&oLE_ls_lGN{1H$UV(|+J4R+ zH@VR4;l0u|Rd;1j$r}<5dm8kp$oNY1oveMMVXEo+&!6^~8adx2uP#%rguXPgs)F8xLiv=++mnDeC$>P>U- z<5|=^4S#QLZ5~r|W>{zUd$OPt>7QEm{{R90)t)E#TjK2}Qq>L4wcz$BCd*~42*=E$ zy8Bl2s`oxuGKT2=m-v6;pAP&>@Xnp%jXv{8@dlN8ycpk@*o>U7P;0u^G+QkXz?$!f zZ7sChn@fG7TU&$;y<3Bi{Wn{{V&c2>u)R7sFC~MH+mI zaR#9beq@ac4po;q>*?>!c&CT_ApR!*0ELaN75e*z7^}=3H}>eYudJ@F2C^QVsk7;B5rLNd%n}pY#e)LzE)oh_`l;< ziZvZ8!!wJWE;7$=I-!1_!-LU7>O z@gKq81^8Cu!uR^*-XHjr9s;bg4=Q|~obvGdrhbU7VayGMKZ9$G(p4unfmJE0`vRYX7a5#=x zCU~xm;mvcx>n4$_&m{Kf$HYAKVS!g{W$dkTH1IfVr>ppgUeLPFC z?ADie+BC+;QfPdlNQuz>;qUKU{;}ZAKULMEyj4C!f2{~GPtvtabt^N6yVGaz=C>Nz z$i)&+P?5+L^;d*`An1vv-05B=v`te*x_OHFAl55(mx(QYfyCm z0E?EAX!`cI;x7&rDP0WI{$)SVf*!8Fg@^?5P zzLie$X<<;&5uT$R>nO{)-zs-U&b~G9Ak=T>*R-8F)?4F~BC}(0^%eBjgnUP+YrnJR zqv5?~N3rpynmpSpg&@e$=NmcBM|$X|BZj^b`yF5G+3^f%y8fG~Yty1h0|7e@Hw^QT zJMmvy{?}i$ov(@f4*ml0MAw&^Fiq_%q4}ML2=~V|(;4V_m2ho4ADR9V(W14I-WZ_R z*%>5bC%tEYRWPDpEv&7Z<)7l@msWNquUGscYwlIIwM5R)Nhdukp_b4^3YKs|Us9Ltm?Oj;`&FOa&Xwj)z1U)tnCYP%&F!o2IDMh42Np= zlUh!}3d)C(wDF3i8cH^@+rA3{ia>WZR$(oHQ5f|d>I<0dWM_fOqbScKkw6$)WUCeW z#URQt8!=|OaW(#HZ{{Y$XJ6uHU6R_fgG<*f| z&r(fiR(P&|b8QQ5Mh$_UnBe}N_4AY#Pxhj~Mq>6H(t8`Bbvu2*qEf_>jil&3bI;lYS4+&^C zlR$tB%j!o0y=Oqs?ewW8{@8%MlLG620Vf=DUQKB;)TLtXnXdQ+Z!R>=MJ~-HU>Sf8FkNL(AO`sk-gFEKeKnh&)ReLqSh{SPlFx> z)FAMk%Oo$YYBuc^m99@R79-}s$-v34=zI1`{{Vtre$St?RqA-Z$Ky-*@$pgA4>ou~ zio#$%Z!RObK*{UZj@7j~Ml+fElXdXdOu5r7wf_Jg>Q{OfgjYXhv(u#V%prOxP(~N0 z*B$DohCFRAi6?&x{5J57@AhK2Q>aY~MI69)E`Il3g1S<+hcxORLTO$F&@}7FHBC!E z(y#S(9K6tnQhhn7*TZ+0UL>1Q`&2eo!M8^Zy6gZB#0s`^wrgsQtu~`)9lT~+RUb3w zudx-+-Rkx$s@!SL$py~PSzo`>q>HnY)$Jg;x{S$sKF=B4HnuVKqAf}Q9>}A;zCYHE zi|%UU2Xg&SCA#>Jp!j0;;@3>nl`Db#+y2&H@K>J|_>vuW!CwG{#(}3w%!2XP=5^`0SXbhY zh`d4K9}?cKsp7qJQSmOR<~*Kl#D$JquUhqK(d9=yR*}y~G>Y=2H7^?e|y%DFCxjB-rnK}QJ&`Q@Uh#(rJiOd?x-D2ezAVX{{Zkx zzmNX_w72$0h&~}{Yw&mBDRj7=>rjUmSFjVxsvo<+>UgYbPTC%o7??>?$kLG1t&0yMxna|y6B$R;IAKe%qUjF6ctv)?Q>3mV+PZwP47vy=? zT79IyD)$KSgN`}l^shPYb|{%1BewXD-fG3N;Q9Z-ET!CUwG;!2tsYRwE z!L+L>IKv9(b@|`Jb}w;rbLHEEjpTjbt#%n1I&J*dk%^_a0~x~;*1VHk)+E2Vyply5 zm5LQ7uhOPl4CU=4yNOy`VDZR*TCaU?sk0=aV-`UU0Kw+55s##JM^sz+wJY}Xtui*S zIKcPqPw@_oc`epHhA(3x4LW4$a-&*;SWbo^eis&#oKN4!N-(1f2_QC-p9u#0N(y(2g&fXI=^14cP zfwY~bsl*ErUpX#~-17+`aQU8bLDJI0<%g<+0;1!`t? zX?>?9szY|-)@4Gd$}$-H*NgbYUCMcL`J8UZ?r0HfMbx5-(IUBoGm*n$s9!8XebK{! zdJJ%DDS?+g)!M^7yX*k+2dJv{GChTZ+%BO!o7+1H;eCZkqz9~)_vz-NB=Q#8SaLzG zf_)7?u_aleA}r((Kb;22o?mv;*}*N9ydcG%2TTgl(Dgfjn=dAlc*f9r3Ylypu#QE! zg(WI{;7A0Tr>WUNd2Siv@}=mtx@XaP;C)GjdewFGP zrjG@*5^3<>gl)JIDZnQjS3+T9=eth}YI=ULsa;E`%_}n%XxXwD=eMO}>qz>1@*Bly zi0XuN{3>M@HRNzJ_?FPh(XHT#P~nGV^v!h|Jl|_b=Thv-IAr5K^_x~V4SP-3Z|*HM zDD|d$D8X4_U_Nh59-|f2_#ea{WVn(zqzd7FZR?SbY}B?y-$T3Ab=wrSo+0Igag!kQ ztVwLGQpGM|oh6n2ZJ6X%49LlNC%aIvt7oCddegP=)OL|A)%B5Rh|ccff}<0Q)o*QV z?pZ-sfSv<-Qh#X8bdD{o;RqC}?>PpTN(ULDpA_3_Qh#e$>GrnoAt@rrTPvP02(L|0 z-eS!Yqs8f-0j(6eGnT9^q26f*Ta|^7E1>il2C=+Hs*N8pmzml_fQY&0@U1Vk)@$eFFm{{YKCz_33#t#}? zYB~zt>H4f*S-F9D4sq9~y?Q6a&xZDY3j8-`tLwJ*dXJl_W=RX?V#Mc9?9`9;N|Q-DTl^dMx^>Z-Rc|hgQA2 zR0DSXv9KI-Ny_G2-OfWx@%Fu-U&E$rR_@L~WFkC>f$YYAEfKI(!LlJ4xoKU%QTTpVF{2uZAh&S<_drnk#Fo zd9aGn{L>KJsN;@BQby`pp3@zqvcSo9T1%Lt+I!$A@A+4E@KePe4z$%I*EI<(p=)V; zwiv{Rs69tcznv@e4r7b>`S8z6(|l()#ovNjv^Mch;z0yNCfRX@I2?d^uQa&Rto2x7 z)is?>2Z)>nm5P#GkEt~=mqRH`=5?PA>Q=fwuWDy`o>V_)k`~XG^*Q?2n*1=;yhq_L z9O;*K+J)@Us}+?ckl+E_9^BQbTq9Fc>`#c_ALh{`(mY2b2JZD4W0Z1Chd!P7#d+1w z#tUDGI(7AwpJt8;E(FaRE*%(g-;wmFwuX_J=XUxWabG)Jg}4m+*K+4(I#%YlbE;l{ zXW7YdG*;2R^#J^}nG&hcyW=|nrD@(8@g|ZXlI9XT=n_wwPDdnrgI({(t4{%ZLGY)A z(tS=%1I0*+;lL4w`9?-ZQCia!Wp|x>Lj~UThrd0ja5*5bcI#*&^1fnJNgWl>AURuH$<+Hes3wvkNlU^C| z7CWWzcZyBYCX;e4oT@O~WFYiXKRUuvFy*oNPkk`3kuC4%jpfO2l;aDYGhVyk`)yVA z-69<#cuzSVi)3ws!$xVF|>MSrzMLbPh64l&Pa^4|q`v&McE z)rN_#O1HMNL6|OA4y8E2Z+>VRT@0O8JG~oJ)O9!!l53ef)qLOv000N`uhJjb^2bru zye}5Bb|#Wp!9xmw#4`3jl__jB9S)b`7mQ@lwRvpsH2cpeGbl1C0Ar^$;a(~6_P?py zN2X}Hge|8@F3X5kOzb1qn#wV_`464GAnF>gfF-x_PM@Scsd%z&yAh1CpwCb9`PbcF z27V;N;=L0ooQ3*s7K9%%HVDjkP=2+TDIB)9V{vDwv=O>V zY%-;kFrG zpU%FpiDQfaCfpnStm3wkCsS(1Gdi-kA#skqYvpg+bHf_;g`+{@SnPk|SmYy0PdLsv z{VR%bI;qR4@r(@-`GE7AJHCHf`eWc1#96!>;*By1?$Rw1=1rFYnEcs20O^X&#hs9s zL(#u!Z-+W{uB~n2?Ic2)ZORi2!15&oFlf(AgJ0G+{1N{E_OiA8r+;TlF9Gw&6oD% z{gix7`zZdeDSv>U;~>RM#3S~HJeKqH(Hj&WQvZZ%@>qtp8QOeG$N z=VqlI*&X(Pp!XOf*w#bE1d+Ln{QXWlSFH_>N{FKnBN3@=V}qJ>a*r{iEZ~9Gx8yM& zBjEs5W`3jEnCz|Pm5i%_S+og=_r7REWgjQYoMN=1WSSVsK#VdndKwL2%cvs?vKRTY zjAN(0TAxfBjjGE9^p;wUw5fM#Hu5})(B)iXk%Q?$)d!*eh@bFBFWY}d{k6Yij{$hL z`&LWeivAS08V`#t$;_pr`9!33!vViNK4$c<)D1^ZZSovu+E1AeYURW&ZjOkv%e-&l z%k5u8k~=}Z{?zY`5%-WDN9CW+zdXJ$Y5o@QH;-)YG`oh7~m zX!^Ioj}v%q$@OQrH+C0st{OO)oP5WwNBGxODRd@VA1AuaG_n<9=%>=EO^=^rZ(iB$ zU9mW1jLFw);a_^6(9)QjZcLjGZ)##CNngt`f*9umH1Tf2NMw>incx6;&(eS`&t_f8 zA((-T`+HR+w*(`Dx14qBKoX|YDJ&I-Tn}2&62utr6FAK?u9@^#?4$AG_x5f0-Qkaj zFlv`}S|*`+4VI>Xj@4bm%aJJ-1pH&SzqFr8*KOj{HKewD zq&GlfH^(Go0msuPp{S{`(;0L=+0$i$Ye@9%!0J$PfsZ76R@2>23){I?WN(&0Pu(@i zP*zdFj~ z9)lZ4;a;tv+{JT$4!>a2tF(A@W5VR}JJ%&hlHhu-rG0OCXB>V(iMEnho|VsdN-ND$ zd(8rA;+E|W>vqOCImUhXHOVJ!#G*?!jj#BO>OKui2Y(RQIFd3`1&>^>em2*-d@R@H z)%1INJzm!1Pu6V-g625@$RO~3hnn7$%Jx@RJ;L57%d5JnPSw$AlEG@t=P#JK?Z!oV z5RruGnA-LAoVO}%50r6+=B;SvNhDTv-HdhbT_#7U!1lk{?=Vpup|S;YS30Wd3UuWW zrNGN^)PX=8eAu;iCwE>r#!XbS9(%~H3okwTP$ukYS=pADO0km4a7Xv6L7)>!J+#ZR zGk_1J10&N?eF}7r7g_DbNZxaw&Zue44E`uHR4D)IbGH`aT zat=CCU>rOs+LY?{jSC|j9(h{n?0h$A;h8ROCyk}Lb-~=+5HpNXU^4FR?C(&lQzE}O zIsSFSTk0=ub36s|Q013BXamrEF|68K%{A<+8GWpqTye<9^{+VBR_aZ5Y3;G(H}K<+ z!jY^Fk4=(Tlo?V@;EXMI`put}p{!Onj9Pe$f;yvmRmHBR&}W6|mfD@N$hXoN968DL zt77a*?-^XAGZ>i8PTh`A7sB(zmg_w2|c?G;5BBnu%;PtuoqAWTI`qXwEQw zE0n&D8))4fkImDL)tqB_O_- zBk^D1?%&zd#UBj*AK&O+B=GI+tan;}oOXsJh766)4@&&?wD8Zw--nuRn;*o#4c}R5 zYZ#I%xPwgqj1S^qIIoSx(n{y*cu3wT>LJklG4V#-bfrxzP)Ggcx0nG}lOHPQwrix& z{{U$1Z{l68x5AGY_o_ST)mZdnNcGJ+IW2&eDE7}E z%%FGEOo+gbMO2n+N-3(vkLfnaNP21Pb}-RY{(`2%b~%hv7&3B^qX%f8q91 zt=qA5JUJv2F9%_COX0z2+;@?rSJ7`_V;bR~X+L|`kh}SS=PG#PwR#ZP<7KOhc!tR$KRxww`h8v=pzxxS(IS&+PnJ=Lv%xP9sb9qO*5WK+8Yr_ zj-z+p{&mavmriS#8dV$D1bd3wJDJnm`Kwsj1d~OA9ZmqRpS~h|Hy$>;gHW=}9wZDF zDMuTJq4gErK=kOvy$%b+{wDE%!EJlPn#J=&cx}`q@PWBhW3PO4JbTrz4t~)3&&2y5 z5b1jK2^#75S%KK{$iuhk#e3Lgq4Zg9OH&h3LZ0KbEmnKW9NNmp6T@I|aqC`Jt6ohC zv4VAq=OBVddi7M2(I40RDUrhsg^e3(w>bX*75M)EUy900NiJr7K35&2g=S=jrGK3xUS={!T>jbp=Bsj12P%N&JiGmK~6yt7{Z$JV#UuIW}9 zqW=I3NT4#DU=YKuJ?oR&YIM&98(PO1WAM8E?@@?&OIm<$9%ILFFsR3{IT!-He@OUe z@sGngjhvIk3=0tRAiA}mD;o?RaqC@FqX z>s*(KJev(8QPgkUZS1Wed3@F&4cPfd;&EK{PpQIgkICinES^2_W}~m_R+iTHG0P>e zbvY8CZV0bp(H7b?i)3IT{{Rj+HRn}G`phBd+W!Fd4eD6j=@Gr0#x+^tEAoZ|8B_1p zxqYo}+XEfB>s<9Bw@1BBI#|WM`z6bzz1$Go4B-rl4mr;roYmb=R`H&fpthgkjdxJd zR&SA&Gl>%zE022Sl6?(*l0I2qi7;#m-oZh}k!{_knJ|g?ja`i}bxx z)qJOav~)T3_O5wtsntpdwQViKZZWG(>M>b2x^;(%?Qgt4;(anLOG=Rnh^BA2Pexxt z4QClyj=me2Soy!jU$ftid@m~B_!>(;6lhT|+8!@665EXOpdP}#xAuSdkK&&ST)^*P zsOgUs;mX_-kHht^MwMga@p&Gu%X9S`;Qs)|tsliVSJrx-wQHnYh9wN-D!W z1=lP$CgdQqaa^@(T>3070YzBzja^J825r0?6Wmu%qDrj+61VXJGhA)zdQqigxPs#d z1E|~6fm)V~QNudpKJ}zs(Nd*!Wq9Y|--LcA=!Z%14076Pk+$nSMj!Q-#~uAee1YRX zg8no3e_^IYtlsIG=9cZXE>k&~bKP=%s^g*JV=!Fj(x0-Q#~nZ64eqOHuh>s_qR6@O zLlChy9H{Nn^{=sfUHe1bd_mKeEh-P}%_+uwuzqG8v+G?^uVrI`o=~~@nc-L025VW7 zok1YyHN?j%Zwb4SYW=Oz?@+^7*n(Gx5~Q5gy|vjzJAgU#tXn#LiOt?!I_gT%jilf( z?fBJ(Hf*gRf;go-l7kfE*y6;{>~($v_S1WLaYy zh8cO!9<}z@g@53s9~bof0^7j<0JSfIv`>mUHL92+@ja1Pbqhc+1G)Q(0Y1u+Kb4vnlJ2 zzvS1ZcvIo;#?RWL;g`lg66rn@xu3<}9)x|0OCph6YBD13^1=a`7=g!g)6%_abrVPP zPZQuLmQbD}74E1zKl3;L0B0EdP4Tng)Y=Y{;f+e?#n3ph*EArdWrGI=%C~N(@UPW> z+4tZ_!heBY9n!ox{g2_>%|hyLwZ(BQuv@Duf^x{&A20-TuR;wo`TqcqIL56WY(5@( zy>7c%erMB`EqS1PNrr2G1PHu0E}H2ksiz?Fqix}~yhEOGoPpb=e=eW4Ux>at{?fnj zQ6Cy>7&8Jl^n)OsHm;l?4)GO3KMH}1mCx2gJZ`yqTt z{ir+@td9cxas8jHw0LB;BG+12kOU(GmKh8)oLAf4JMabep#{#b;ol$Xei+xD-0nzN zY@2ZBk)D0Hs`h8UnrAerVpV!CnSMv-cZ2@`XCDse-x9SLKWm*Q!oLxI59)C-)Ae~( zqPWxUH)MINgb=*9BM12(*T06}3qAsT9Pmz+uKYgHJUOIzS4`97p4(E6K>KZqmS^)x zt1Z)e_QbWOFS+Pl^JT|6u#tpf+m_K zibxTk#?>KUsolZ;cd1rw9AUtTAlFO--)#Ht&5?n}6 zo_gaxwcY$J)UG@~;u-X7+i`;i$Cx?N-Kn3u)r>Ai2h3m}eXxUuyGe z#hWTeuUP6=S9UPEKII?`;H^#um_J--qRrB$7DxFc`q^SR&5t zV7@lxIuQyw&Vf(=_FTwcCtfN!&-%HSAJH@|AR6wzepW)1Zm- zj!j*-jh|-$uyeq!h`SzTQpKE6OSrJkF-*O&x0S>yS#!@^R>_z&Thr|Yfql0QQ1s7g zz}KwruZ)jxIu#v#O*D)eGdw?|U)bDv^RCz0MhNU{xwp~-ySaojFz5weD==}flY4EX z>2n{pfg83kD=WoTx?Fm6Q`^duEQz}q#!sbajQM+#5>4qn?XYxVfFf)(Bx~*Sa z@jdiQ4EFA9*lrk3cK-mATR~_(RA5?Z_u7T&F)hlmU59aCgYfBH{{V%w`;8^US89@` z;&7)SdE$v#3E1lOPY&r?#B8&wM-+-fF5ae=DD{5}>7p$QQj_ec;hrquap*pkoLcH+ z{ElnIUNE}WY|=Np+cM<1&r@D|rr67>v%ztBAD9;)9x{EaRM$czv^!l3OVoTems48Y zJeD$#-Xn~tJvjdW8mV=u%M|2CzXWo?@I8$Zb}?p-m1H$JLQEO0$jRf1^erF4dMsXZ zm{MjO2I;o5QZnW|>&6jV>6(F$XpSc3N&Zz9i*cvjZHTl$kU%|6NhaKOZ3Ju(yo15amvD zwz7UDY8O_%4AiwfI9h$RK2Mxys5A~RvH3@@YnS@Iqk6iPvXOJd%XIvyl;eUsI zDfq48;o#qeIv%<42gTF27Sh53=?87nNCp%G>TCB0_FVq}f*xp|7q!v8BYxK2D;kcV z0$s)7YZ3y-H(jzY<@*EBd(jw{>L0ou4)8XM7l!RTDd6inKZgDif)6MxaR^i(_4#=` zdRCT;d*QDKT;6G(37*%*+SqNA+<9T1HuooiR&%+YgP`~`R`CRjH;gZm<`Tihx(}5( z@9SSh+G)wAY4KUWVz;zhY*^F>rrF+&e&duYGwL{QKYUsE z>EbO*S@@aa4NCt2?SwMgtcS^jspI7*(!EL%vN5SU9y4~LE6E7AjsknA#ZtMP1ULYZ z#w)TXomQzrIj3eDqh$bK9>T1uynvP=mpL^_bUE7?*3vtH9E;|IjCy_*b~uc2l0pUp z=Hsno<6{|LsXP{9KqPWPo=Tp$tyru^e`vF9ls`UKyEu$vi`%g+vSVFjyQW*kM{7y5U zt~jn2?3y2jFCn~_RvshqHM@Dgyc?bz_UVjv;-s^$@iotid~u`N_=EluNVHoRW>t6> zYL)|>ZS?i8J=K08_+tB1O%mV3;>%No6kOg!SggEtIXoWxR7?(2T)MGRzFpGaH{MWy zPwxU$4hY1({O7P@VeQ@JBDvgNWpE0UXC((Gho zsZTuDrHZ5=^4`LojY8*0lJeDW{86k);Li_k`R61Ik4zp;eXHl+h~Kt%fj$vwxB4%_ z=qxpRvh5Mo_BHHQT6UeJK^!uq zNaaTCFM8;NdYrQ~t^9A{-8OZzxOnan{$G%CpW#`b6E#gQRne`Wut?;FMcUz)2DCD4 z`PTH_+F8B45*Bf_yh$eu!SwJ|z!8MJI6pk`2W+VStCF5Ha;5Ab(VuAO{&t!vtq zx7)1kUf5fO50D5T;0zCL^;#J?*xR|&ZDv$*Bi>IS8fE+m6blq^B4_U8b)n0lHt2Dm zYq+xeLYRXCz$dkHgY8q@OZJ70t;pag!Ocms*jI^kxL!eoUP;=nXO|ZIin-QdOgLKqV}F_ zH>#uoEN6qoavIK>_SS22aIY*Z+Xe@II#m#0%XecWBwO0c1E&XZ>V2srzf1Tew@9`! zjfDHwQ`|;9)}3{1BYUfXaJU%9VN%#>V(xW@7~S`M(0kMtm5q&G!|$QN3mZnYX2b6X z0M&HyE$q5{ns{Ys$tMlKC+ql7YH^-aYa>lK+*soPvj*w&HQ7}tqHg@R^QJ%FsMt80X{mg-BH;*oRmmM1u_h^r!@ zx$}pJd{^Tw8(xN66}OVif?v!TC(w+HRz1!3t*p+H-c347DfHkUb4=)rOnLMeG}pN; z0!;Iq%Y*lurCPM{9-*VH#jU84*%^Gik3-h7p5kiS8aC2hYP(QhTqJ;ljNn&PG^rIN zNbcDsz#k~V2Dzl}VJE57>9*5I3fxH3EHxfUurgP>E~NSgJ@*qZ4p;uEa@6- znr!MCN4eT^LFX0QYWn4*dOKQ8r?fIVefIuBui2VLT@M1)JR5)FxGwFjEp8)~kc4#y zjMqPDq4=M|_cl6isL;;{`|>f{$FS$xp`!G$((5l~=^RRnBVddJky-kDj*KFdv}CtN z?^2o1Rwtq9UMT*>f_R?JDHCB)la0J}tw=S!I_B6-e`c2l91z^Cc0qMHxivZ4Ux*gA z38+}brpu^XGkGk4V`=Pj$F*=8fw{eL<%4R@;1!f-j^J}jbdx(NX|eem;5|Q1xzL|a z)MQ292nwWRao_9Ov5&%!w)oRQ)OUR|dW%)CH7omrG|FWNeHPgP&i*ozAE;7e~~mlJyea zX1N|?O2D2;&3&ceUmnNs_d%Opnmap%OFz0)pO}Hb_w7to-_V6z<8_ndH84X2G+|^(u}$l>LUw}v#7+bPc75aG|Xjm&$qr8Xy?a0G&EbCx{7UdIighg?SdQCT)8|;49iKGayVFrF4YSj4 zG!N`4E-i1rcI)@mn*>*Yd_(cho8et&Nwd&(CW0PChiM zhSaWZqp{in5ghIM4wcPcc#dsf#TO7*%Fbb6+}m zNj2>=T)%Bj%j{8{DM>%pD+BzfjD)GP>E8rsnvaQfohMCrZX&R_eUEjIk{+LU`g2^j z?E!D&Z-hQ4lS94JB-JcV2AwoYSWM((gYDn*sc~h-lj?iN!tViE_}jwLYd$Q4RnzU~ zNYJVfS_dN|Jma-={{R&K0B2ht8F(on(r>QixU&SS2E>d9LZ|80wo2L?#+mXjz;D@? z$9m6=wf!$y(kFd9x~-(wA30Jo2l&_TAADN`yu0wewLE&P(P|cvPUCx=tjV4~ol^MW7LBTWA=LG+4o?)iw9d%!l?7v7 zqi;Dsg=JR!x*XGu&&SKX87G}CuPhQ7Nau267_UO`DQ{S4a6g4N`q)P<0s#W zvXZ&#UNEt})bxpMP|3bXNJ4&Mj74}?hOMqGzR_o>Z=U84-0pG6AaLJ}1;z#!iFHY? z57~^x_Ii#LyJEh){fz!I+Uc66nc*9aZXG*NhDVKAoB-tZ`kp8>KS=d^{{RQ;_Y-QCPCp%Mek$<3p{l`ec3Mg7i5n4-T|svkDop=_|n(n2Z^n;?+!i9tVt=3c8@p=r;sau!rmINePY^c?PBF4iIvPV$Vw{= zbBedIq#r}{=iyvhJ^qIaYPLE*_F0Yp0DmYLlLMye`9oIHejDF>P?qb$w*nX-xY;NK zU^jJT9dVwuo%OMOPhj}3r~&ZD#1h&60B22iWo%n;7-E?0KN|eF_+#Vf*ISeOMMEia zu{h+O==w#9kzV z)JFgpGCL}v1gT?=KPr+fsmp2>?()2QTVU#XS08sAkxI%VB%bG{D&Z>-n@6F1Gx0Kb zFI#!u*>AxIawln{{X9T(0;$AbIzjB^eI7~e*8SW(!MbK zE!I3Od}7o!Ej9x2ZsfwHTS_6Yr?JWKl+e%3x6@wTJld(A7scQdVqyK3A+bqly( zyXvP5548~9%QMsnC;#$!952aGfGk%PmCR*ygOyZ->6;d41Ir||y(<2^gc zyH|<mS2fyY%1Cu)Ut1RU-5KD7f|wo9)J0LDAk zs#ZA4zH75F!QJatq8}kF+~XpU)Jkl=Ta{?Tq2oT4Y8Om05Ljd71oWhB7}&cRcE-|A zWB670)-lYORY`ZNt=c^&4NExKOV%p4Is3^FiBr%%GNs~s+Gj$2u}n$=*` zY{tY=QbCU0Ij;ctui;xgOTu0!(&o}Er#g+dnQJ*wy540u1y63{^7OAdTbrMjJ|?_L zSHoT-mekB5GHHGx)3*HUAKl-P{oMXQpGy2V{{Vune$Vr)wtg(|<-1=?qC_XRnl#E@ zTDaYV^amgC8X+q)Hzs})MR^6}Vq0k4VvugmI0w?R=1`o4`SXvhdQg21S#CgM=XN>G zGHrkXf~{6bU88GfCut|ItzNd1%yf*hu0bO`MF40m+?JcAjU$o3$IafcP25sG6d#!2 zgV_5}G+5glZQmVjmr?LF&`lkN?f(Cxu zmfj=q_Obged|bZMuSWIL(WQ{2f-&;LDBO8$fWJ_`LZu#uOk;EUy0V%`Uru1N{{U}j zgUh@C!0ro5rgOkE7qWn=TUjCp`JN3+2aouI;pN{qMS<_E%cX&@ZAQ2>fOq? z?91z4#W(yHANB;7;ZMeWOXBatofg&p9{9`6)omlTOf`n2qc>0}^ndlM)2j@8xjgOJ zlNZqbbBCF!SV44TxRveDs1hHTV}cEJo(A#C>Fyz)F)IKZGWXB_09vq=OKAFcOPUQ@ zz`47DA|T+Laa`n3$QEfLo#E6i-*7OVSOcC#a#g2cLN+~5;rEZU{{Rtc5qOG8rMK2Z zfHZ(?A(xCWucWQ@j|1vnAZ>TVGC`y)n`4$sWePKl0#~PB>siN5jUs7WU0K`C(b(LJ z`yxq>KnNrsYN>U1C8H{bX3r-z=+b6&3kOUrR&B+Vxgxi$oLV4NbByPn)!7Ho;yQKJ zqMF8Q7$je{oDqS^`ci22_O_axrS0fZG7Y@(yEw={l~@`-6l}De9!(}|DdKphKxEth z04&`0{{TL<=Q@1*rXn=+Hw(;f?p zD2z(LpDZ>?j@hO&$9~f#)S*;~0OS7vty=nhipg-2D(#g=JpTYXaaS%e?rLcs6qfH+ z)Fjj;6T<9>P=*=)EPBxFgUG96t!h3MzM1bBsyGN#@-ypNekbvWxzXC;fF)PA z85J&LIK3fC+8duSm5x{`&Re}ADo=3J$Tl(l=;YRHr4g4GlG`aUWT#I|*3O@E9JcYz zE>*M8_M~eajpo$tWdIBbJwdDUc$Ec=aS)9He7!lQZ3y)$i|smXJ;c$loUtH-+PHXx zb6rWb3M#fTJJKxQvbuX?JT|4qM}GB9ykR|r>lMYR@{4WUeJMDN7BwFgX;V*c403Bm;jW~C&Q?WEa(dIZLu!4@N4Sz}S?yw(!c7}PB7@Wsf(WmGemHzMO$zqv z8+b%=##z@OF7EmLYnp4J>QJ4JiSN?jTrpx$=DVMTbNE{0#`-Ro;`v%FI#~jlTY#kY zuOAZ@<74e|JZCLJglI)RGo*pLu0PFNM^Vpmn&)l%I`D~BQUyQ#2o8TA6YoGX6 z?{PPP?`Hc=y{6Ou021t+;2%J9k7~#G@!%QGpQ3)yo&eKU*I&}^BTo`o+sBirTbzFP z9^B@>Gc>`t-1aHJ_HPVpPr&M1waA6Vh1y=}gp&mEj4XrHeig}u`HuD|N40%E4qXqL#nK-; zua?IJ+uPEt#U272o}5>&1)<};$jV2vq6A7-TLUjP?8pdz{!S|)qFZS5T z;1*Q`wmVjch{sdry=pa|QIb_tCg#st`McsrjwXu!J3R(xjKl};LgNG;L9a^< zVQ$YQ)vYy;iqCkHNvJDZ0rrU{jO~?i)G_PVwLzeGD$`C>(DYSDyA7FSZmsE>`m8n? zI4uv`ygbWe3A&O;)SeOWJ+xY3({F7d*j3$_^&ct8{Q0kiyiqBGR=TqD0|k+S{&m+X zc1Q1dTX$~fmTFSXb8_*{8bEqyxvs~G5fo zu4l5z!Z6?;TJcN21&g<)8!!KXnFMgeCs*^Y|7)=kcd^hnQ;D3y~6?fs!5NKK^qj4c2 zZ*A3Mo-RMUKOQQd!~Xz-{xkJ6$qT~Bs0vN_!YR`6~1sC1o6ScVS}3DqEkkazlzW5}#6Wnt4CeS6p7KBeIw9efG+x8i?-em!w{d#129H`{jozS#1TVEc9YRyApLHKB{U zvGl%)FPUorbW|*%xbIpQaYKqQgl^3bQ8FT(CzQPCNZ-h1w%;jK>fi zil86Lg*J|fQj6U4O=nNNw!gO4BA!DmB$ZThxF3ae9vju>y!l#rw*!{Ugzi6$Z5o#_ zmKr;roCxv|m+kACt#>qXK`cy)*c=@44KjV5wmhrEcDv$PK?${qBm2Npv{%dvxr-)p zIO*+K^J`-}9jLo?@|gkJF`B<+s81w>Orc}W1_xT+51?4zj&=?PMKSpEtF%c?ml!0Gg9ZZz4F?g^x}bv!b$1#3f9x3|^w zU2D&p0V2ZEe(+>T?e#U$3Wu3n4w>`!hP-b*ma8X)g!0)#fg%)goaY}d4;A`b`zwCi zzZw4kWseufs`y##yl>$j_@D90-^E@p@Xo358{!tJW^JXuyO|@knngKZ zHg)-OL2sD#<2~#2o4^`ospG#N_>0GF;!g+otKs}*Vbbm_9cBArC>flx9itfo9nE{# zcAC)t04Y3L@VhkOTu&}BbJAHq>>CuwoWBv*7|kI(orq`t3- zuX|Y~_rLfD>&#kKiEE^3)(x!c+VpWoBSCz{n*e&6@t+;)o(%YX1?P!%yPZzP$w!z_ zMI_OHI)&Sx$X2Mzo;FtZx{Kkj3iu=TnfO<%>Q=2a?}u-aTSx=M(Kv8$P8b3)&o%kK z{{RJy{iO5{*`M}9@IUPJ@Xf3t)qGR4M@XT&`K>JC0i`Ddu_W+$?rWO9%=%sk!%H8W zVX#q+)0}R+ma_i<$x}a;4-R-%HkKw?B9qKu(lZVT^cD7Z!e4}%s}q0WPa47fuRCsC zI^yrkMt;h>usYX|B!8l_!me8+eInYQ$1jFhpW-jVJy_`q;y<_Ax1Spm?!Mghuc#Nq z`Yaw4)3w4h_%0l7Rgr?o4muH2W6Q+h?6f?_ZB~C1Y7yKj!rPx1L&4_0sPG?zq|>y< zH)@X=!)!mq4`EZtj}E-~4gE9WwD5Ra;upjjrqjiaofC*HDsr9x)>^_hIx=heW$I%C`Obj=hxD`U&S!PCxi8CnNr>hSR!czk~Yw!DZmHZ z(v;5nRS(Haol0GMRMakIns1tS+6(Rq0};oydxn?dcewC9=YlmGJ6%UkbsuMW7cXqt z87SSdGx^sX9jGFWy$^c!X-A>{UU-F_eS0^=V!5vwP1*S;X#N&Oi;JXL0EROg3iN#{ zVLqK3N>?CZYtf27IK;~O8P_)P-MgyD5!JZKwh$`nkHe33C_)NL9yNd)Cle7&l{EQBN)elHNq!f=CCoa&~duo1r|j${C3mJq1ym zrE{x=x0u&{=jdzD^s7slBO!osoR48!M`NB&=4Xub%@bUECQE-R?Enq{<0BnDxTa}d z57RtJWOOUhZv?1E&%bLb{d-jy%3X|o58>~I^i5K0CwXt#9J0GMMt>gF=vvm30@^Dj zftoM63J%z7H51aesFG5M(A1I9awvRge~-%(qO zLj;>VvOA7ix#4AO9mYORaqUB7%dnAZ^65;#MoN9&I#t2rE3Gm&Xq6>KZP;!zL6oCo zn(-S=;xuc_vjTqZcppmT^!IBEm|>1H9^TmLNR!|6*{#=0+`%P~ugpQ|T;8MQn`w+| zuz}cjpj}P|-OEX|rs3*p{{WjUw2FvZ1pLFb12-U=C}NgZP3Mz}`H$mgj+WO>eKOMG zNS)gxDb8rWLg0^qb**|QyODs*o3dDSA6mwnRGLLW<`PdQj%sA|9HP1yP+aQf`cR0| zTjQ1or{PW-Lq|JK=3Wl$c2iiHGZ$9S<-5F!@(D?08yQIZ!n%z=Nq8YyBn%fA_7t3v zmB~^IXSjIMXycncwa9pjPrA6do+60*PFt`aN@2{*{W>Y5{{TnM)EOeJY8R;#2_vxi zYB_beR=L66c!GA3{G$84LE^Dm7S!<47H4C(f_XJ&k&i=K-^24;lMj;HfX`gjrtr3* zE+$J`fS`6~xBP8%oKKu&w z>2y5?!^8=H;!hCAtn1S`5ybNowTBqn$3K~=GLts%d@lzt2R&LK?kJI6xvZ&D;d>zR#3;w zC%!ACZAs?SSkEh4I(*!6F-#9O9y-!*FD@(~GH#3Sl0H}ZAHuoIy*3?oNzJ6fJ-;#r zZb9~-4EQY2qc)?d+1Zdbkux#ljCs~<`5HrB^uR$vw zeOZ>|l(G!``R+$bp(VP=rO6y*{cCtV4k06tYMEV5-=|7gRGrQf%l_|d{uM;BP4p($(C92Qc9~J#ihwfAdMNd;Z}>s*r^i1RyhUf=&xD>0)%<

NAf-bDSEdJM;)rPTjtsM4#8i8|d z5mS-!^<(Nfd)Mv;kZ!-Q)4~4$2=q-G;g5$cRe_lzSoX%b;1RSgaog9ud37pZQ?>}e z)O=@iqvjrZ4j)#?_wSZzsNq#T98 z$>0jbORF^~cx%O)pNp+uLGX?Iej4zbq4NIGDODU}k;kB~Io0%CFTy(fx{OZ_r>in~ zQrshNSqJj16pFD={t_irG2UFd2W}$jGwoDYMZeW`6@i zpqIOI&H(40fPbEA!u)&j=i&bV!;1z_KF`GdBDvx`vD*n8p18^4w9yoPZG2k&rM!3X zV)}hD<5_zvC|o$Vjreur9S^m5m7jyP9eeFdBrh^dcNpRX?{9Hf)T!9CtbJ+lbM|hU z{_bnNYSMMl#A>@XHeR{g3-m9wkg6@Aj zh7gC!qT{AIX14T;T^mifSyI|5_O}I)H`gM%BOazMXVJQ5r*7ILQbj$g#@!MzjD8j4 zUNzQan`yL>qI5i!HL8m+b37>8UtVgc=HhE|@&aFX2EBVyI-Z?qklkHHe;hy{An@7r zG)Y*N`yP8e;v}swc9HYS6TqxUwL7~>&CQAk4o-fRB}O)8+>>c~g^OKXG_N50$_6Wx zl1odq4GTArc^=ggmtx8~rj=-x(9LajlRqTn@-awmrns_05fiHXqy3u9XJKulCFYrL zaWfbvPEVG2KU%}_9ksC2jL`_i&US-}LOhZLdFF4o!TYdq*gb1%4-d<8Bg>{-bg#8g<2+v{AdBFmlw(QMnWv$B1;zRPKyDf~X*z=QXE$eSfLT z1g7HWY-F4%$LB!h8yZiiYIE4V{iVgT+D1p3j7H=18O>r_F747Q9l-t2IHcJoUa2Oh zvi)bjR}svOGuNj}_X)~y2bvp6tAT*osJmdOCA0B4Hv{{Rx}^V&cX+REbXjGG^BKX$*~KmBU4o;l-P z`qVbX+EfanFk_Dd4EuB5t(^|q(%RN2rxP~8ypzsxL8NEg=C1Uso2#x_l?UPZ*FZc3 zmlkl`O*$lucN8RZk9y8lB2`U$Eds&>hsbdw1CxWu_BFTm2%{u0-7ipaShynxJ#1=N z#k&#A6_=v1>MOOlyK7B4QjPL12_Ceg3k^)Ap`+eTCM>>OoE+6J6I{y#i3E|f>(x$p zTDE~q&(ZZs&PHTj$+v(j3tqEbTHvITMEZdF&^hNF&-wMPX(no=*yFBrOXZZ7jnNPR zy-jXh-P*>M(mZBeqZ!6cOk-h6X0-5W`i-n;ZJohvAD1H)YSTuwQc03%T4?h0K{5Ow#y}@yf9ple|Cy?t_C{u&1~e3nr_G7FxGV| z1iMtacPWs&1~HD+)c6bbrSW&eUjU6Z`qeetmbsEiR(QgKx#Qe%>0a64!Z$k)h+noZ ziabT(OBoWzEf&UT);pNXZILi=HXqi#pW#=8H18kj7FwT;u71&E$juW-cyo?F0mT+H zRP2ux)qW#*6T`kOy70!Ea4xn6jCl*XFxkP+80nhld}ZOCJH;9fuXW&^I!lX)qcckq z0L-WGACKcmxT_uk;q5Zk$5azv+1*)AR}H;(kUo{}79KOQwX}UI?b7>CAfn}YQh$h0 zXmnl))aJduy71PUACsm|qk{MhMtcs`OU52K@&5qBjaqLD>Gswa7SfIJM1E(LzuDuD z{=H8ya;ALc;(v&~HrE$Yx%*zBqh88XmAA++<2+~6t$Wvid{uYij|W-Jo4bud-}hG% zK1pIb{{UacsEU-1uR%JiTwP5y^s_+3C|rHR&wumMyc@>eDZlWy#5+w)M}G1vg?C~~ z$>^i;6;U}{bv;YskA-#r02Fv}_1il)i%e@pp5i4K&f(bRywmnz)>Fb-j=yBhai>hu zI=<&6Bt1YsjcLqWZP4~>uN3Mx)9P~T_uggKotT*k`PV%gp4H{PIb9RP*6bu`#n{TD zZRJ?^tc&IurP(st+sfojvEXm+xbAAi`n|2)o}p~6u96=phCJ|p#8Nekj(bDXb%)h% zY~-}KeI%w*Rq3BhRShCrt1lMJ*OLDL#H|j%iidb?deBljBOaxwT`V?6J%pY}<+0km zCrI%Ap>v?kdp+b=CfxnferU<;2eoA}c@OZ%h&AbMb!DE~>+De~q%$0;SM>+KO7pLX z66)tueN7{1*vTIDY!X1~ed?3~$Jsv%JYV6>3&1nnYIk|KoS?Qrf%EatKDF!~Ch(8^ zEboRoSBvF!204TFS8(s_(Rg(HIAl`U8mOCG0f;=At*T}7%`X-Mw)K3r-LI}CCUuUh+qPWV{g6n+`W zt!jFWrM;x6(##rjx-vNc;PoforsPVeW8e=Ji+wWo{{TRa>23rv6h;RntL2Y~-Za+iQ$aH)U#;~VYd^bI{%#hqkX7a3M z;#`Qq{v+){q-E6lOTkt;cDZ!gd^ZAlBEgV<8suaGJ6Boa?}y$Tk43rEQfpfq+kRs~pRa?&9nl{n)k(!8Tc(`T{1I@&Ngno5@fScU>R{{Rs7 zrf83>yc_YB^7F;F+Nn3w-A@c~T&R$Q3>WWXpeH@6(KP=6i`wUcJVX7o`aQm(pgeAe zdE`hz>QB~@r?WgR!{V;D;C~V79}xUMZETvf`-8ypVM?6wkH)!M@7gQI8n2II@qF!X z8;FE0Y{U0q@z)&>98*XfEP4llW$_lWz984GG=$SyG&7{K5Eejs?H;w89D~PHq|q<=n;d&R4KC9J<`j%!!V~i;?0+ioNd6Jo zcxPC-y0W~U;?_s~+-?DA!6$%fjZ!G;KMMRw;%^bzY5E!@`lLk33=V#6z0c`fkH+S^ zvbE6sIjq?@ztaPojmeS}=Yi`?X3y-|s_9q0I?{BzR=1WmU9(%L!>~B%?Tpvhe;EG& zW#0tr`W4^AF9&Jqq3RZ7i@Oqc8Og}V_s=z)%;t~G&l7kCZ3QkIrNhF`#}0>j@=iJD z73CLNbB1%uqYeQTF_xxwC_RqAvA8OmPDnUEQD0yF%byW0g~{+u?A~ERi&kkmuV8)u z0Q%LjbmD!_CGyJ%X%6KFmc>1Oa2GgUxuna4kCOiYXdec7cY0TgblXOVn}Hp}n7{#Z z$p`Tj#dwcHI-i8&ytIvOk`&xFjO{<jCX2-CGKHT-L%>5{&ed{RLwjI3wxZc**&{uQidv}b2A{U?9H z68`{e$$mS06V^XxpBd_QnyPOZ*B_k<+v|38# zys+o5mUk)7_iOU6TC;fNWGjVIb4D7XlDhL>c8~EnYS_z<@1n@7Anc~0nqMuXRcGU{ zIj*ygTa}aMa#X&3$69QG+c-OM)aHXouvY|@b}X33<4GHU#Qsza*R_T=aUpg-cqxI0V-jpHtH~5zEgm009XdFqt`QRLN*=e)(#4wuTS_gKr?lJq>Ud8d7Q+ zZlR>PQ6wtTL|eWFarzqbYOPJHTT`TDqADRU@DS zng)qPsK^pzM*wF%^H#Sj1lp$^=r@eInotn9bs;c+D)jGze--u5f?pOqJMkY&Ik$#Y zTeyJbqTC5#j^nT4SIl-n>tp>I{{UrwkD4dNzkxpsem_`hG3vIHX_0CA=ana!zA^%= zu17ibB=M17d-z`F+TPr0u()JDytnjpBO?{fS94nywK(OqxQ|wicCI|R)OQ}W^M~zU z`#5M{wBNuV8+<9gf*EyYjkO;ST*`24^#oF5Wns#KNmK0YTo161^L_a1@TTkFcf}oJ z!J4j>sQ7;6?ye%9*5s0G?$OAWCvKVC4n2sko%P!?lOH9Q$_yCo_B5nBA3%5;R!vt+ zw~8ms(G8~q109d+UYX$AHnG-qE9bdugS4Kb3Yime5OcEE2lOwEcey?WHbUmHaL_jqp1R@(KFNZTc5JBTnAKaR<5(GTNvQFy&imHJdzG*8RjRsFb=4 z@yq*bop$)$JCs03+x``D`$L53=>s>JpS|r;GZtHwwApTvjnOXM$KI#XZCd4?M_e~R zD6l3bq^88w{V1`lWKgvd+D=re?F5_?T~vBfYPO6OOc};Xk~bQy zdKYsaRlBv((~Pc~@C1m$ziDH@#omTe8vM<5|V2Nmjm9tth|$xyZi2RZy|Wcn2uSZ=$x zAb7+1Og5iN<}~;`iO$y@&sxqd#)?-vcp#ef64-w2h6dm|S6g@Cxb*!FDGkwkhH|aP z2ao=}IWt(w$Dgi+sZR1eyhjVpMSS(~rrv!**3#nY7IPkLi{sO=HOo-$q}lo3<1Y>U zmPeY!1W~MqdY;+uTuyQLtdgBXbW!UTs|ucL^uVrP%uO!d@!6y21w-)j;s%T0>z!Xo@okJV=(j4?m(fnS z0yD#8dw)v!{NBzwA4v*&A2s|l_?h9a4g5jzPs2STYg@eyuBLqG$@bkv6;X8TstyX1!4?oVEjs>yyuXl{ccLXoMX6=sk z*G%G@=tmTB1Y+Q`A5PWJ-`(0;m*n95yz_%y4mufMp{d|c6vN@oWbTog%HSBJ4ER+i zARpKC74AB$K4q+PGl?T`2+yajVKiwLdED0@WVs6)V;w!~*gPHLvvV3+%&U@cq?*i5 z9S>Eum^R)H3B_~XA=l!tNv$60G@aCqyT>A$jmo1zx1r)%_52okRrIV}%d_Mo*B$HP zjU!6Gxzx3Z^+#{9yv)(7KJ0=|l3HW2ZIu6x)mxPv}gSE?9V|^=4;_z9UOxrpX$ZZPY1D zrw0Tc_3+NQcRr=5OE@{)-zoIwxhqs>>6ujCIeKh^a>V z7&`s4csBaZ&H*;1Yjpr;lHM|{8}Xduuq5+dlko532aJ9j>Tv6x7u9tUtj1S6vf@Ms zl`GSsBc*oJsCd|{3+#OZKkXs#KhU!T@IX&z2i^Bf^ z9zWolzZ@+rd@b>U7``9sT7DMZ?$&33q+nx-Bl`Crje1n8$Eom~OPA(QqwRA0IjwB^ z`5#VvRq02TzImHH5mpk0hF>nRlsNB9bDMG5OWFTmg~6>}&aZ z@t=yP@z;y>KOf5z#TKKsaR?-=B#f{C`_yA64pgGg8^R1ueTn+R&fwwidzV(xt(TIv z{(GBx7O82q6sX8OMS7)-i7G3^c>4CQ6}?aB95p*5q_&wE<3S=S^vO8py)VU{2Ju&b zyg#D&r&zIyOFBpV%s|E)=@{n78swT#?p%0GQ**KN zFM@QPQ&jM5z9_by$>F!THnT&&_lfA+eGWR;M0Js&5=WZ&`%E9(^IyWQ_A-UQJm8MClcve#pb@!64T3Y$vzFv?ou#6?4qN5M zeq+sSTdE*rcFHjPsT4q{Kge=%jQiHK0Y^@c#bznX5aGQ9Ffr1eF}#LAoblBQ?}M3hR0Ek+3n_W8u@?~B%BVvTKoI< zf1mc${f_m0L&X08v;FRs<1Yx_#dBLM;KsL#&8OiKZSb~D>L&S5_n?+ zon>`0%yPUcE!OdU8oyNk0Lb@Wi68J?tBLeIZ{Ys`#h=;NRrq(~E2w_QdFI?RKtVWS zs>%o-i+xRdC+z$G00nCJ1Mu_0dKZVaPleYzvR5PUWGx8V!e1Q@yz>Q<<}%E& z@7&~RX?J&RSIX<>*`6KZpV>$DuKl0v<)qKyTJP-R={9CuW)BG!G@ep{APq>g6dzH-D&<+!pNs~81^BLeAl#o&_4~oup;o7dm!;i zPO*MEtY9r0W7&R5h+;oO)p1*Rw-U(-;bG3sIJ!5S4(#z{O_k(0MtR4EP+V?^rfxGtYG`V8H{hRz>NLPpxv2YVk_( z{K3Ox7#voRMrGYf1e(+kK%6PT9+in>Z5+E^;RE(L6<}#yM{R)=1(Ao{;+tb@aWEmn z91;(;22xs+Nu&mijK?pYGuo?5Yo{uz+(R3<;4@P+(6y$=Zlqg~5-jurt9Xx3(QM?7 zQGqi6Kt1TWoSNuo+3SvHg>B-HLdtlZkb@@`q0GtOz7MDkr! z#BjspVb?uPV8ZgTa_%<{0M9j?&>cmKO=%og5lE`Xj1kQ?O+)Q6ya^kExGkQ9n!--O zVbHIYaK+H=$gTUGYS7v(pV=bcf~EP-*0M%2iNW0Iw$E}Vie}so%10HSd4Kj&!0yO6 zJBM1`B2G6@)t~K64U-h^4&2sN-QCuuJa&U@w$6OQC`%`a|z`hQEY5Hi7Q@>xl@&kaw(0`2*X&sc}WofoEYFeCL zV|hU1BOGGBjt1zyLq~l$^eoAs_;%eb^*v@gTQrP<%_j;* zcm};6;pgmM@w@iW@fX-W0(f#A2g5Mjh&3I0>L!ZH72|fy^6WV{7030KYb30HNk6iW z{1Tt`fBlg3jUUF>8e|_Celaux2{k*!Nux=}Q7bF^O ztPr0r(jXC0eF}=cdz`fy=9U_sx8h}n$KiIJrRi2N%43>fSQJs!hkWzu1$J70!95?r z+O?;P;+4Eft=zDZX(WBYAN#oI2l&!Cq|W15_=#yIsi*j0_-|6uHFCR|$1qH}{tr*4 zYo^qEL49MVL2m|{t~n0FhEH=z$dk*i{7Y+TsoPs!+#tH0$c-5N{0y8|Pc`HOpRyC? zFy_-){QF5ASP7`#Ovhi##d+`(;abVR$r$OHq^JYd)1ckLJd00l+yU&Ng` z{59})Wbn6zrE_n0F*%&7{{R;}l1E>ychaG8Gx7t*o;khNFYhmPZB}h&`Pk-bj&gmo zn({mCQtEb8X{MJef=zlbr(>S1jG{{-$N>xJdsJ+2LB~!i&o-opqSB0i|e>+eRUK$Fmub0f4}s zTh}M@uQs(?ov@}e#9lOmL$SMm6x>PTO?-UutUl*~vy}h!Wjoke!l1}Ey5YOUhv@0Zw!cfO=8X<|^HaQ2s(!BRf)Zlj1E__8Cy3)zK zkj;V#_Z@LkX&Co7t9@S6P)o$LZ|v(J%z;#GJaNTk#dCkETBe0#Zx!s(or`w=0DVvU zcqeHUN{2688#)4lGY7uJ}uA!7d!w7vb&MQjqUQ3B2iPjA+6c|!)0Ts6>So57r z#i?g|aR!KssmeY=%$Z%-{{ZXP&z}%JAlP_an)k#Sy`0y?9hT8PTR+_+JX17`JD(f; zM*X6^Tdirv%EtBdEf5{T-Zli2{@3|6@@3wU;?Ia0oL08*U0uqu2aSVZ9(sTEswy*H zUZ=JAfA)R4vAtID9-nikBJC%5+rKsTH^T3S9v{*#?bpMabR#MAdFZYK_alr7yNUnY<--VT)(V4&}n)N1iC<8?bo>mQ8YK{P=H-mj%cxw0+u{G&YR;t9fp0P2Hd?4&WP(g0?hm z8Dq8&4D9UWwg+m+&QdJjTV7lJk%$Wx@0--|SQA}C_LcG`Up2m9J#ksM5Ng@ScXM*& z4US0Z#%rP8i4!D@R&~i6yVWRI2_n_)ZY?H>m6GgZ8+sqDb5|0VLmoE_^&+SaH&FBR z_*f_=E>8xtbp1=@Niby@{v*u^f!RZ;+TYl+-9n*2!j%9T$GW=~isIVcnofY@ue|_a z>9gE@s5QxWW8Pb72j;EmH7z`EUFjUyCvG~52$Lt#E@am1C7Qz4@H(?D#zF}r`c>;& zEkxL?SMW(`d5p4=z%>dwimEy(tc{b839~B$^;HyN+{R2^9o+-RRUNmSH311AKu001wizWLcMZak%>) z^%K}~jgFhbcCp&YA=GYL=R2@TAP=QzYWk#TW=P6M8RMtQMPxz3UED@W7t`#b{{)>gM4MwT!dQSB;s^*0zkg65@>sZs)UiXx^%1O>T)^?`Q-a!&FNU{k7ZbQk(YR=%V)T<=2I3!ui z1Z&1mJH6@g$1Kq>isnGux-j4xMoui7Mba-U92w_pha|Vl(DPkNi@Sg~COV9&&`I6s zS{K`*+RA~t9Qst6o|r9z!VdkT01ngv%~@(!*6|B=i6DK%W81Y!JWHsM@?&l=R35Ye zv!rO3Q6P9=^N|5NPg>@0?&FT_cWJXjah6TQWMk`5DE0!gSvAj@BTQn#@BprKXm6o2c|Kf!l#jqBYMjDW3m=&10;$`GIu?(T-;GyN2sm9yPaVmhC)s{)`?i!DC!QU zvvxwtnB@;UhrM7&6fv=DcoShH;0lRLpwH&Q4-zH4(bDx>JIE%QFFTRSbKbG;ZY^fM zK^pnVxP(^Zk?&tfc+~rvw|4q(i0v&buA@lhjzsd;`>l`x#e2`jKN|R-;b(`m3k@kQ zlHOZrl2&9Yurnyg1M=pBswnx_Lwh3y#<}Hr_bN*g56sMZpL+ZE_9xf0`EPZ7XT{ni zHrg>Q0|!6rQyexwPr{Sf(osHe`0Ab15Zx7wWJ-~v|E+xu28+^h^>FZRO7j>w0V&Yj;{g>|or?25s_f|#u3a@4MOejf0*+4Orx)t=tk@zfP3qHuok`r^Fe4;O3R74dYMC)srC z?GAZaWtQBMWE|tD>+k;n>ZvI7&xPL;JSV7lhfweyt7&g%J1aC74JZ29k7M-C2iCan z6x-@4;tS0m#2R3?nH$VSW4K6}$Ul}VbQV1aO88j*I`CT0ZLMjVZJZ7#5E%e@6m#;e zeHnA{V@dE=!8?Bi+TB3|!gtFMZ}qs(KHUXv(8_7O4>tI5HJ^{?)-|swEIg=*X~FqO z!NB}ZKgh34_;=&q4&FoJKM(7A9mTe@XD9kK_dZ;!o;|ZuG9w0B@dt~%Q>ouTx@^#_ zPy(^U>+-i9jb{8e{iOaX_(N0i$ASD&tEGpBFV-eiUEW++_v}tToo00^Mt6>WFKF6U zov2^f#x*@cQo9`+EU(j!ew}ON_S7{W66;p_js4ZwlrtZgasljU6Qp`ow}f>aM8ge( zNP*lbZGezFn)P20d@r9w(e17-E^W1~GmkbUT#!dO$FZP}M0sC`z9_-qOSn8y;k!BJ z)f42rjxm8U41u@-UqJji(shs8Q%suHDAPoa7g^F}as-Ei@-h12lS6c@c0MTmndj8> z?P|^S1k*JbB4DNY^N0t9KBpD=<^F;2cK28C-;DIl_jBbTlHm%*z?@<~QBb1ODHpso z;j7;XrS7q(+Rb%oa{GcJ2G}v4KPuyVMXdOvSiCPKq}H&4Qb?rW4@1RhUpdXmqv|&z z5pe;T3Bc$1S8I9jp6cG;!}`2NPweKGF1QDFI*j{q`Or+K(E9SO)Zj{;mQg+^D0810_?pUSj+ zMdDpY_qW<%Q^M zxgYHd<5_%XqUp_IXR?Y3t=V@hOaKf{J@~B@JAq5Y-?GPzz8BbO9~Jx`6W!`Is*~JW z#7N%>KY0hR&lU79!as|8$B*>AN-1HzjUr%fV|MG$Qa-1>5`wjiYCSHG4*jIy!9DT(;FLqS~TW^BZvm06j%-9gc*L)-MEjw@&f5hIGwx$x6jEC}oQ|^4|mb z^{+#LSyRj|%%EcxZY*57nLZ-W?R-V2%V{(%Bu=;hoPqdPhDqV~@WrEO?E@rHIVz{- z3^U&~;$~j$nd)W9Hqr9WkF?8JwM|yy-qtuFnebE(TKfM0_G|H!9}&D6;xB~y>I;j@ za27T^yJdLBdmql83VhL&S?N`!rO}uBH2iGwpX@#RQ+QY6&xYYJ*;!u6Wv%Jb5CzSf zFkJ5Il?OTOMSp&JAB*(gh`t%{&%|#H$pz1b_1hS4?d61mnPmiwjx)}G8uYJtCv$?L zvEF!BUAoXEStFguEI0?K&3#pOV4A+21=iO6>`Ni~;*rMz9sQs7Q z;!!+|ELXvjZ#s8|Ke@Sg9LQowb{U_SMK1zs)FMb+iK?V|&0a{*=nNHItb z8C%eUk@!{^cyh{1zQ2F`6?f`#&L@{##K|Zq#Qy*fPrFrot%64&yyOmR(m7mgPXesS zyGh@Z+tQgjqgpJUKAeI* zh^sf+bd75@++_Wt9wY;)6~$U6$CUV+!}?~Sq+eLcZ4J(isYKC8tN~PW(Z0Dk{Oj{q zS<>~74*vjZcvn=hX?6bq4o+Sm{V(i^=rPv-5s&w|u0fxI-|$jj*@nYi(yzQt@czyV zO*-JNr(({ViX85d0}g~8!}71^*b#6p83Usul{pv$j<~M6FH0QtOyyO$XUSdskD;a` z%@6v;Nfk)OKZsXp%r;B_T?-M{6-RTBTY^t&1enm6z&v-rJt{;;7$r~B)`60|WTP-# z4EOC#j%n4GV-TS7I~olszJ>VP&T+i$Cy)nE#Suk91T_jik>HiKz)w|cgavEAvj zDI0YQ2EhY9!1|nX=~-0YQ>k}8inF?dR=dVA=wv@*0 zrh@P<+G8GE@v7s?le+#Dn?$*2Zg_uCUkz%u=gso%UBEdXcb+p}S?OLTu^(ifdoa%I zOpL3AkXJ249NO6D{v+6UdtB3F)!~fT_=XdUV;f^~`~E}ouCGO#PL3@TSh0#LeP%RJ z?g06SKmM=AxSBOm(!{rZFV}n<TulVC!F1kaFZXwKQ|nz&S{&@p@gJBqPxN^ucv*1D21b2roLiZ+%f!Ai z2Z#-=8~xmR;;7O)7p**11>EKs!m1VkjQaXjtNk)~MDR7qn%S_+gPdoaQ)aP8P2k-E z&RZu-`R0w;$X+{p*CBJJUFrIy*qUaw4n{H4o(^dbkkT52mada0ndbx49&4`fj=3ay z(oG2oCeE}Lm5$TIej|#`c+JwoY>vQ{;Xu!&LE;JE)GVIaW!q@z0or?G)~4lH^JbGt zw6jY~JJ{uzAMYK@>`CiZY|MKD%Wxe}01n2eEN@zAHWOLS*KkJX91?l1M#D!?8#{F#r;6?@^!s^2`D#=yIuE^A0q6cKu#GQ#=-evf7z3qQ z@b0d*az`BKW{7t7tlTvM=ZiJZJtMQQ^COJ>`*v^-*120-cQ~8PbZi`)bTqk5AdbIJ z*F2cUPny60dGA(k{9irXk?C?y(OZWP^Lo^?rV;9T{{V(j^w=S~S*@q@234{f@WpvQ z#*YqZ(C8O>mdMJpXUoPg{c~LNT@Ko5CVof!Nbx1Q>-U;n<(Pm-0|x*E&UhbQE11yQ z-r8uUMo@t8LE^mX$n|K>#_x=LK?JgC+Ln!{n00tU{L#6=V0xdgrGA`#&e~^!J~Ma- zY9miS+xCnh)RH*}D*SxGdkXR@zK8E#9_9*E9Vu?Vuj|nDj~RS0@h`%7&y4&J;{8g` zLWLGv#dK%;BlaPWARK?5{{TLGLC}6G_{u$F#Qq=C^^IRE=H0Xjoy*j?UX}A$<+?va zjYQSY48HhxVd7s7uCL*3N_`vRHkTs240tX6&#ro8A9}U$Z}x`xmoLTJ9|w58HPifA zZj6k-!E{CdY#&kE+}FeAI8JM|xt~6#+NtpxIJJ0FQMne4IWaot0H5h!LulHShljj9 zr`}lWaot*k@hggnHGW877ZP?MN~8A&6jA6oS9hu$Q8 zB53q&P1xzBHbgV`AN)F3(`D7qClv$HuGOryiJ_FVXiq8Fd(y<<&7Gx_HTSq(lRi%y zPjf`6yOm*#07>J~Y5I95=GQ(pUX#P`Pl|X zKcW0au!sPS=(v&J{eHITdyGPPGC&Z}r zzlT?mUzk%~P_dqKy*c@ZzXS8HGt#YZZ)HnMQ1i1Ls&YyEYwB{!T;BIX^gbQRxhiub z+k6$^8;u_JYt3o}+`l?!w-u4`AI7ji9c7TEx(r~RxUZp=M{Be7tg?qaMRVfc7x?~7 zX7t-zyBk2*$F)$=pbpGk3$AX;lFj8X323qBS}@kdeAygQ}%hQ~zK zPW99W(gXpKJEAX{g$NmbTE3lM1-pE3eq2T6J5{@sAsP z81Og7y&F>S{{V>e=xnv}p)B>7Ap+(H{uXBL0moYW%h9gy7Yn&vb+={}b3v7D0WzD(t?yqBGd!lHXgbNJJ`6aM8Uqf7{muG2s(?tSC#c}eE z4Rgs`W6+Kfb~G+D>pe=?7ettmhEkyByyW;NNL#yr_Hb=~mjQ8sQ_jq4;3L?M!{K*^ z^xa(Q>tPMUfPVKSN1)Ai_c~USHM&7>8o?&tyMcjGDvZTpQrP5wvr^Vp3ZWPr9itV~ z+1=e)*@lLF@s2Qi)?C`1)M3!MZK?gL+DN4=faP*JjQUs7npf=ys!8xx`{6%~wA)Q) z(%gfm-@E?uH3uVb$5GQh=DI0XaFy5feFGDQZD@X7d`^c^({){YRMM@d)HFN3WQ>2y zHpVw&>5Ba~{f7SlYFz@);l205Ux>|XbESieJM!C})yUu#iba58U0?w<{K zzwGyO=?Q+4>C&KC@Z|M&8JN08yT+`5bk}hUrnS^j7==Fub8TXr@dDZ zICc!bH`2H!k9HC0Sn{1f7{hzk7Oxwq^I{Q8lZFjYHv?M0jfg-BfDDhNZb7JWmJaWdeV1?U{t!Xazbx_>)#R^w0F|l`HP`M;y)|!&ZDP=?7y=?;2 zZby9+eU;cQ<_Ght*0Q@Qs8Wqu8Bb$ z565Yw%i@hTFB9FYS~c3F1-Qy6z&Q8k^shCtv4g|jAk?(jwT0C*#BbccW=!$TZB3po zF0Ph7z3}J5eO50F>HZ~>&vuxyr153&7=xaknHBmw@bAXcYW^RvzCk6G>?$I1jzJ`3 z1|FONUWGX`{t|pT{inPcb>MG^)^8S=^7fcaFUFJ$fH+ z=i<{z@mInhiyk}pN#kp{n_tndaFfJH7naTbu24GyF~xPpt6HBuR|U-OdmNq&xA85? zU+MbA{{V+I6(1~?(=>S}xdOcdMEHsOUw+Qf&ElVj{{R_$L1}4}3FTk8%MP2=G3+_d zVO=oA+e7B_z6`=+sXADyN^$d7K82V53qkvQS`Q1`Yme~%0K}8nOeAZEvc#8Q51Cl! z3P|n%uhs8@pYUHl+1JL}c8R8ZfABBF&xGD9RE=(LY(rexLgRw!QL;1F?vsw@yJ_O$ z^goz9OMmLJ;WkCvow?zg18lY2hb)4jJpMtl|j00kcXki2DdY&<3VNO%{-vC9}S zS?W$LEf;*upIrA1kxeb$?gURcf{Kx&gKj51`7{6+5Q^QkuFXC^3G|g{9iKVd@)=e0g z7QjhmMPt}>2C}J#Ry(*u#jJJ*GNFsdPE}z_>dm)kwPuyyZk|Z|xbd&-ANzOw71EaH z#Qy*V?fiG6LWgztgs#@{lhn1i%z$^!Fh4r|2K|?RV!s=B%i#CJKaH9d){h;-rPT6h zdb}?k%aoC$%F4M4<&pSdf(YlD;hhJ2Bl^EJ@%JPC%~;wq=DShl+DiReeHV3g(KGM| z_TBi!<9`->aq&KlNel)~4^At+_)X$P(RA+)YO>wm+36RA z{gUEzc;cIH2V{%_k`Entt|pz&+47onVTOXG@U*ObKR1oEm|6vn?$+U(_kf1n6nc^} z0MBz=PsdM>9wOJRv@JeeLe^!|qY*-%eB&4!K>q+dQsrl*B$rd%z7k*Ec*nz?$fmcp_cJ{6c zuc7rgEOM5p>NFcoNv5>Ev5ARR4iBY!1dZY?YIeKTlut8bG68~d>s-=_?bF1Wo+i?@ zxb$n8G@#FQ7!9|Nn0gGF!SKGBb>f{a$4=GkKeBaluf5%}uj!t{G@}-F#=Xv)!P;Hd zfpw`;SZx7Wfkuo1550T5TAI!^H(M(vTd$mefNX5%D~_FOOB$xyI0^1$is|jxIya^% zC6ZXe6^k2%cHw#>@*f=QN}mg2r5DmG@0?R4w3Up=vMY1#U2UQT+@YAGdsop=jkG_^ zd`9M_zLxhY<}eYI<#XPtn5TwA6RYm`71;>&Jc_<#lRdKC>DH3M>Sa4}tNhJ+d|nIF zQb;vhLh#0@6^3$hN4L_oUS|}RrcS4E9i;nE5(lSx$B$Xl?ixtua+CA}9MUnAN(WT7 zw4Zdpyg~>(4gsWHPSw|J3Tcj;a4_Jpls@+9ZWDpxt_ zTg7N%(Z*>yW~FheOEi~q$!FAL@m`yxSxqF58c!T-25`q29@NZbxxBO7TcblbM;XB5 zn&+g_UQ5@XZspG4eGLSgF?f-5=%Z0;v!Zp$#%ivstjBnZFpNZ`XBnyFMpHO>p5Aqs zOsK$v$@Q-}FvS(a#*(h^Nf_-^L2eB~>Evkc6mgIbb6b|EN(=z(dVnYcN;{n<_SQ(5 zWs3eLz{UU`x&13LElccI0UW7A)b*f=uBM!q*0T(m5pqu%u6FwV)T+b^v+l~849eDW z11hj)+)2+hp?hU(s9L|BG1|Q3brcA@ph2dDMU4wNJd@m3)%-0aZq}-d9RO7K?84|Cbof~#X)xSm`&L0?jo1GG zv-F#pjCUWpjA!QKHN{`*AKLF0ou|Oso$R;?6dGVer z@e5T?h@KyxNQ&`b)4~;jqCloUrUw=CMZdxeT_I9=VHc~rEh8>i`aKfxaiG@WP1-Yb$r2!ab|aG2vRz+p#D zdR7jnF{{x1)BTmd;E);?pK+x8Mg6b5Pix|RRU?k(4+vPuL@_u!l_kN;k;kCUc{Tf0 z;Xe&pe_=`CKMZ(I4}~5Dfs9D7Tcja|JM9=b$Dq!7QdG`K&!N-UyxtOo_wXN&k9kA1_H3hwv85j~WIuTn_ zq{>M7tKuib`83-*-w|t`EYoz20tm}9T*?)kXR3PrEAeagum1poyl6fS)3vV%{0&y| zPN^J5IWI2b0TsFst~&iI)S*O{&*tCa=f=;8-xmB!d*V+Wc#`)~j^a}zSZ_X5et{P_ z73FJlJ)?=^nqiViUDyf_U@Ov$Y;#nrZOZdr8?X!f$G5Sjv_!hd@;P-J)f_b{cOoS6 zPu(ZIM$vCM1miRu&G#oUAVD5Wdh=Ieu`;d+5#yx>YGv3o_np)x_1b$3Zml+g-%fZ2 zt9NT`yBrO!8blX{?=F8Ux=)&zu{T@GHvNLuXzD7 z1s&BJ7|&|{s=sAl*z@*a{g1S3EjPltK9BJq;=)G1Y1OBNUD`qi%uY#B?7y9P)vLFm z=u)T9`isOqE7Ua&)A-9%g3`tkP*}!7A`ZYVI6c1}^~LHM_ltF1PSZ>9){|wU=qVQ0 zxNsqu<-Aj<->uBjY7;8X zPJE%p!P5i^lDSVgid(HsuA;Yr;)Q+CUa^E{})`TdWzba!`l*38lAHqqK)K5c`qzGwr@buSP>rb{f6$k!Ka z+1s4s{40v_AB%K*t6f6-Ue&Gi=wm=uEON&^02Qoc2g$z^KWdE^OtGI$@SGO55h9)U zr0$YVFnR6XzdSWh9$t8!=JQa4Q@FaGV}SA;?#bf=k6KcfV^}kPL-=v7>*;MB^2s

Dp0wp|?wAQ z9}8-M;)2dgdnW(|W4i|*<5-2+=dEGk**?=Hy~9Gga;gBpVP0{lU8Hvg+%oxjIUvv+ z-N|fqG_=jKX})qW`CJZ-Pm<40zm{awG?*j|xn?QAq}`5~%H>m*c)<(hT}<>|2cR*G7f zJ;cn*L?z~5+>9^om*+p={#?bAJ z!#w)eb*bLz^XaDRe2H{N%(&nmtxQ-Rd26q|w6Ya}9ufRqMQWcBX?M^=GWl_-7{qy} zV!2HSt)ta6x7iN#WjHP{b6$6#_(#OLZ}yy;lyF^XW>6t0Nn{5n2BjiS%55|K8aQK9 z76&8>s${*kxL8mm%(w&CRVe`-)}J)j3vn{+k(;os{T?kk)u&1A?e0#(fVz`|>r`g^ zk6iE_=7*=;GAW8Fz$I5;IW<3zZ?xvLp5hY)#lo&mFc_buF>7Pz>m6qL`66q(d17pl zjlBh0yL)M*45*=p9`q&9f_)=R#O2fyNgI8u*WlDH?W_a^9rmfm9V>C3d3)k0=8|}& z)8vX$cJF2D?khStM7d>Cj)T^KWYR|@5wR=^ft-rx?==iY!PGpM;|DakP$W^)HLW)0 z@=Ypf;)?91;E%y0+O9_-(r%__)FgXi0Sk=cnOuxkkuF_Lq>9Hscp9lJkU+HHjHoV=&smYEvqvAyRSQMf=`s_~dU3Z?Sgj97)4WoamNCMy?q$zB5Z_wo?IpMI2BCQ!(k-lLcsRgg z?Mc{r6!rTEw6=R&Ta=wyLlz^ZdkW!XwYtby?iiLi8140`Y&lUAT{H{jfxc1K(w5$2 zo>h`jv~ipcDmsknhlMY$j5jvv7>7K9d0=WyPs4hamXORWjHv$rE>Mi8xvTb91Msur z)|v40PS@>Vyt6ufqVS7(8ZaGD_0Q$nzG#=iF9q9phefy(SgfWc-}i&{-HiGJUix>~ z`N}mNwIbF06XOf5W5b%~hwX*doYSY;6c7k?Ad-E(tMz@n2jI_){{RndEWAahX}4;Y z(ZhDZ^DrZW$EOsfD=VGxsC-NDv-WG!d=sm@9v<;crk&x*_KQ_W@>qfM0guYMIXqKy zp?m}JkA?g#rCHr;3d0w1N128P-356EAR5j!ZmwIde6`@~ZxCP2ZE@oLHuBdjtXbPF zCVKVcel_erW771yukFn?@=HgB%BIIE{SRDL!}iG1@P&?v@ejloHoELK^XbMmc|jp_ z*FVah-?JZtB7keY64veD)*+rr(h@_lMLFAn?NaA$fk>WziyD`QJV~dez|_`KzODL5p4L1&uXt}>he@^m&W0t9?6@R2>_8nWo>SD`6fTM%5WXyF-xBpH zE$_75CLKFco61>M6*woJTdjQ2;y;Gd_%Fm$#s=7d$Q)r$x3wq=bS!6mi&BeShSK?S zqfG!InNC&n&*(?xSU(VS4LUtjOw;0d?ouKqK*NROxcqCTD#+uKIWG}vMeP#a*cFim zWCOkrPs+Tz?b?*yAh5sw&xs6w>jZ3bwy4jk_HTuC{{Rc>eguv|1XJp7AsZSnT|gbl zV;`{y)eN8lW+ND*A#?o=psw-O?Mm^5APyL|0ZE<6&>AoqqwR=m2 z4R0e1lKoFU_3tC%eea2MzYN=4!)c~X6ec*?fhG9vN%Rz@0=ZG^z82CfJX5yAS@Pkt zcuM)mnE>OiJJ-&i8T=jp00>3AI<$84%VHg)Sz}xb`kKN@&d4JA9|O+U&}$2+=@MPq z-TC5FbH*Dyk(&Jt{hq!Qd{OxK3w%P>EM$E)2^z>tGx0kw8P0t;#c$+mrH{7nzhx4> z8q|-6{Amw{HCSxkN3|*&=K~}t&U$9QF8p%?MXlULaj7Pwct_d1!v6qyM+9TF3R>9C z=Xvn+#9k%QFRfzJF5rhxkxX|ml*-DOz{jB#_WkF>yS-1s15fbWn>CGEIOMmT4>7sU zSKE_QH)U}t9#`V80(?sFcAsMwrF_=$f-*XX~5h3~_!hZde7@cx}`xgheaPtm-E<=V0Iuff-phjk(|?&BR+G= zem8tBu<*}@bnR#1-k3EjC2SaD;4VLhpKAD1#(Fi%hT*LUGx3iy}C_O~!-+C=xawo#9?DxB>!3z)_DeWL5PUL)0=tW0*6^8J{s zgLdgb=L5A-_~&b`c%Q`Uq+MxO8fLwuTB_SQOej{#81^4|h! z8t=nxIlNP=D3WC)NpEg*5W(m_06Nz~GnGU1@8M^}?*;r^@J6!*>J2+qHf)fYm?|g> zf`NNxz6#Q;ZhRN5_=fvQjcsnOCTQhQcL`H}1bzmzbj;O5-mQEWbK{K`_RGXJQ)(7d zDx^=68b5F6U!H#&J`8G}0`ZQj`UKj8*zNgu9QiHkd!K6LsFZX!g^vM(8|bArdaM#N zH!SVk`jK2$igd%J>S5Vkpk>{Vc*Z(o@u^PR8}gq^e#}1*PMLK#hV@3-Y|ZIvh=P5`P-~;1EYq-8o?sEoeB%bZ^WyYk-%edtNlZ~i#Kni+Tx0wz%E!~@ zg^}BVcAeSrw~Ym>T6yK;XxQ*T&f#1qfqX}({6F!okK(%<$t~hHF^Q2$!^huuxUOsk zK302@YRvmH_KDH-uMqfuK=_xU+l@lf>}|Mcz`)Pl|k*&zM1$} z<0sZFlSa8_*cV`%MZd|6-NFf@RX{c_Oq8MAR&jX7U*9%{C{y)7gnJ zl{~Rh*vRb5$IH+42|P)0GT+*({hoFC{x0qqQ9fq! zypTu?t)Bh9l@yBQ!Zus*>0XRwbCPSI&FdGNlrFsnJ!+Fg33&px*ALyD))- zjld_hT4S^xNp%=F85y8uFEVu*kh3OzD*RA+k+gzb40Oc>Mc7CP8*<-2PAYY}b=;tD zRX&`G4!TV0JU`<<5d1vxuY^7$_(|?z@fMLVoeXYcFAzCoBy|L2VEWhk6@S4yziNg3 zqkm^F2K-rA!)qE8aofyz5=&-PavL2=pVKs?v^(IFN9$IPso2PEE_C~ZlS;pYO>V&O zNgXrm)}?tawk_mPAGE;bWl}k0t}2iwP&i+V9|k-*@zdci#1DmjA$cItHTx%xCXa`* zxW-as{{U%RBY(hg-oMTV_RaVM;-A_70OOC0bbV_`T_078Q39n?^rg@NnFb6)Y_-Ay%HSS+_YO%MYE=D@CLp>iU=y)1V+ z$N4%P^R zYPjfn=eOrpe`l`}%XFHDgf&>MB)@`D9h|mm7*+?4h z8J&qFT(Wsg0~J%&sT##wL(QAR&{}E|n`Un;{onR$xziGPJV`QZmoA!tH#VmmcXSy403y3vZ8B)|NR}!5*h*vOIU<8t ztq(fB(V~IYcuwg_JcZ`8Y;>FW6>mw9+ewf!&=ElrXH9RY5gx+a1BMx|LeeGC=CLht zmXjPZjL;~pPZse-^b+bbv@HaPjB-bBV_bZmDR^aefGjDDZ41_#I$(~Y!yYVxW|lV3 zn4|{hrFR zjPyNwNz$(L=n5~{=R^0@{qL=D(JXMmBoY8uJXA_oH%0vqNK2cu%EIB^Rl|Virh8Xu@inYIB>XwM(yy)Jvc7^K`=T3J zg5xBf^^CVVX`hfk6TCfRABb)3p5iN;S);=411v^5es#dycyCU#X!O+7ql?TLQllPS zaMxNMg(IlaG#x%GON}mZ_PhQhj$_8`b>hB({hU4`YaatXEopuzx3XsNo}`0M)?q?0 z`8Zd>@9*@l3m2jK7Y1fBr(ekZ6!_WuTKFBl9r)A3o*lK1`&#ND6p+fh)>!`lmUHP{ zKkV4LkBxL62i>Kj1DCU zk-1ooq+r+0*O}0&A7uDrL(zOg;7tR^7cyDuc3P4o&mMkkk@Iugoc?v--YD^&t?+Ba zw^nzhZK4ZRvKDY3<#jO*=aawqjK-VlMv6diYjF3!O z9D+Od=C(Y2;ota8^b2nkcy4=5LL~j{%MVvlI)1%0QW7MR4b!n)yT8-WHloHuo zK`BO33cPHmzj~L&u+8IQbt&Rc?G*s5fMA9LsQjzS_D<(yH$1$2S%<+kSBc_nKI82c z^8hXh=O6CpkZaYV@#ls$tq$8%)2^;AZe|;>tAK#?!S%0W1asmkp4af-#E;_nq`P1Qd!*3EVjJ#iAVP`BdSo1suu;qG#gU@=~or*N| zJ#PO1UboUAG3u(3OCCW+0CenY;r{@P8q6Lc@rl)RsLiFLjfNQh;K!%ySjtDUgrsp6 zwlZA*0HV3XEx`7!l0SvIj-92Y%x-lp$0d=0C<*>AO5X{F=XO530|Hwe4t*^I33-yo zoQ{Xk*VUg5JS@6xw0fn|W_Ml4eJk#8Sbt?6Mt+f%M%3(%r^X&Bk4dtd&dynS_X58@ zekFL#^;_q&jIWef(q3pBZ?@?CJ>JOjd^mb zW`3oIp?yunx4P5yT`R<1AJit&^{Y4E6pC@UXO&<(e=6qx0BRqLx~Gl2dGOxvP_%;E zRgX@1-ca8y%I*Y$Jx^Ncqf}Mt+f(&h_7L%xhkQ%$TT@Rv?PkXK+g-+Abe6@3ABJnx zd|}}$S){p1UC?KIZU%BI*Q0A3H0#<{JWoQ>ZtOf+JTR!cf#ce$2iF z{1TdkUj)7{+G+Ob;ww4j({(veVf>ykoOS1%f3#?-w6XL!TtYkp;pOaFynooxJd$60 zrZ~aRT=9>5SG4>__!04Q!dhLPwI_scp4LQ0TpmvD*#4iTdDDYEig=i<+4F>d6Yl&S zt6k_mGSKd{YrK>Z+(bbqu~UldVAkz*9hb1pZ!9u%^0!LnlD6k^sTmy-ubB#hKKCH{ zikMo)RC$1G^&L%M*g8m~d!$=PrQ&88J^NP`sNS`MEsMNyDI|wIDx$7cI%zYu)O384Iz;Q{UF9%R=d4l04!&XeD>Z@5^Gb?_x`PoJ7oH>ATvw zC#mYug^fKr+$dZE;0*IxvP9Bsa~I4zisxwVre#d5Gr0BXSQ@BRMUM<+EI6o?4H>ax z98ucFgdN$*&2;y7(BA2`R#C$WNe)K!7-t8wdg7;-L!7|a6ybB9O6UAjY|=qvE1_ZL z{o%o>B1G1#lB36*;B)O;Fk3`Xvb&pa2R$oQE{usYI^qEqS~5@ct595SMal1q*-4qn zXl~i6@5^OV+PF^@cv|w?#EW~iKeFe97(i^6Z_$U>sm|^{m@Fg)ZEckQ&(9#^g-|oT(WdMwGoYzD*Jo@oBXVA3o7HO9rAH9!GFCp_H zo^;$|U=Q6s_3++@uTN*=pA_gf>9Tt}lN#l5y*pP;H_-V^%C9QBKVyGp=_2@n@Y>GR zZ=x{9SsoWZ>aaaOI_mr(ttW@|S@dO+C^tw@2Ouc~``4jN`D&FfD<4UCa^fL!ku1@X zyNn(I_BHuk{{RIR@I+o4{iJ*u;`>-4S#>=%qnL%snPV7ITl1=u(AtboG4P$?@}QhJ z@f%NmHc;CZ51^BKbg;qK4E!x`WaOz#7AzMFB$E|*jdLHgIZM;xB#@qdWFMOs#se2#pt`6TrDJ@@W? zj(^~ zP2bs*_7M2ZsO!HIe`sw_!#@{4XdOdSH_+R7iuj~)$Bs6@SyEzHobTPxaqImL>c0j4 z2l%VOc7G0aPlmq^HGcv?p>1@Z?8|d&YzA;*j4mT1CzZkE)Vfh7;(n{; zOSrE%BWWI;4lC!~BmM~``zH8v;-;bTcJKZY=}=u8%Uvc*^^Z@n=Q~K-xs-E&SO7h1 zI+$f+<#2vJaU3Tp)T_?iQq?PI*2>!JuYS8CukAVFFWC#=SAg|>Tf!bP_x@AV0-7fV|LEIS)L%)KA~wAlMSV;D6)nmFdXC3w0t?@ z{{XdKOQ-5Fgh0hqgZ}{5s7JL*4IZ-EYHB)cl3J=d4Du_1vYHz$K>~zVSH^mBD|C9) z7ek@(4TRc^M^m$oH@%PVfsdSfRc#kv&9rg63X`V{xa3ljJqWD{C5Hm1=rqQ0kD(Jj9I;&5r)m(z%SJ zZpWhOm$09-hG^TkJg$AJl)6+FnHJ#75czj^BDPURZLX&^d8tKik|cnk2ZC#&@Zr9h zN|uqWS#yF7GX~DG$58t*Xi-XYj1ktZNvck)teI&+>zq(wCRw-DUMskT~$Hcw~;zBO2B-l zu%N`XX(4c1b`Mp+s|#`?oGix(-1XvtHfhT|HsgFGDE8@6S?aea;Z$!@er)s<7_x0z z`A8~l!l}T{I0m@;?LyN{ww~(xPcGgiEJk^6VND}QK=?1>2gak~T~g~yLuoaQzUX$5 zlB^G*ubppTiW%k9B8(xC&md!(sVit}DA?mQIA*yr5LmI~;;32O+`^9&Cfp2iYbmV= zZpEqfyOV7cQ`}23u1Fh>6n!h4xoK}6Co{`{asW8ZVlHz=(&}3kcP;lueznyvh;{3T zjgF0=-d|lxzbfn?XV-UOOO+1&4@~e+?62b=9lf5R<9nF&yGcQi#2Dd}c0Tp`Rq$i> zbNF%K9}cdyYh$Ed>M%rqeLQ(FpH6!Au6nu~(~0L_623iOXxg>6gLIphlHO1Rl0*WC z&tbsnUJw{^&LiL@-6KkP14Nguu;u%9j-P$z5SQJ;GBOIKWObsP4O4U zD11%uH{kr~z95UX>r+)AvbIKJ1avt3EBb}~ntliV&mRZ;D+h-@1o#I_wX$n-X>qEw zKj{r18+SB^EXN}}p1p;2(t|mwv#*=O{sQ*kwy%6E$BT5>U&pQW6Q>IYCaylit5H!D%%^C#~G<;h{olOH(b+T`!pKfuu>Vg1R!p4(;4erw}>_E zI_lQ{085plu&^Mn+EXEb^%(C$M)8kBz@WO)G|vv|Q)!+jwALlG$uE4vb4Qc>N2`CF z*X2*`Bl~}RAN`;0^--tmI=_wlNtZ8Tq)ikOk-$-th0ks)vV|jSS!jPcU$j5%$ML)N zg1@`5@kXfr74YYnWnDJWwyO;Mx&1m<#Wy;=+{()|?JTU@-N45G0K&a`bnJ1|m5y>v z>>c*V_&LvWM3^dfISf5(L(Qo&TWI4uiB8orDmGEO5!;#$aCp!b!tNgR3=z7{NF|W; zpw3NfXuq?u(%G2AxirCAXD5Th-PUqAgv&ZbG@!$5L)-5z|fj$SD zUq_Q<`rXuQmNs}eB$7EJwSP>1vS<7e$KiME-5-bkApX)f+IPk8h<1**a9Aa}xP1pks%(qIrZsDJLpl;cz;jT{8Daj(%xMk!;8x^oHjlG0M2UOpfr6xAs(DX z(nC{L3=dEzQBi3)3M7fVi)6_G(j{AJY$6|k_Two}~`4{3J z$BzzpZcCdV49K1&zmYy^BwPqje&lgq2>AQr_O;>*ne(VfdaA;$@~QQw%VR|z$Cmh0 zz`i^2^wzO?0%ww3NZjp>Pp>uikHfFn-$K#S-%;^p-N2P%^BxF}af8Phz%`p@a%~>% zqI@jVr?^`!8a9&ATm!q71K$<(u9e}I(JUd4?CioY0~~$Yo>a_bCUu%E&ygT_@KuJ> zp4Hk(@{@8SO|8Kob*izElX(KFJ;l6g8?FZ#uORUTyhYB}#1f7M4s%*Y9mI0>em=Ol zyN5}h8RAXb44C1)&37Ma&@CVnUEL!}=YfoZYPnHXzQ>$uSN4||)09%S=eQXM+*De2 zm!~ZD^R}ntBR+E{8$PsJ!YX)+WH)IdUBi34XDHdptZPk6UeL7xJ*r#mW!?M52N@oQ zoLL-*Lp9c`b^GLnC2W@1I49{^ciI=(1-nIduI`|;WD&Nql&(>qKA!$beUY;c#QwF9 z5D6?X-lo_ylFQnpYBx4@eP7|FhMRX3z9+FwO(HMkA^qSzvJVyGnq}3c*6XnI&l6-W z^~Oa3Do0lY_K~)2%ES*lbJDuaGU5$QB-6l(SxLZQ!TK7?W{{1JCtvW+t*17i_ZJ4{ z6>ae@&7~L9-=XHXp9y?G)NiMrJ9{at*4ASfm4?>H#X)DL{{U_-tXZyE=9_j{vB@n@ zb<>NhG>ZkT1qH-T+`F_O$+RA43Wy0yrENo2e|d2 zEbS)**eMUY)4eo@Jso%5b8IAgd)>K3C~yyKitM~AbA1Mgwz|BrPb(126kul* zXlBhziS+2L-bRSKZ7aa<^{+3sxVbvBF-I}u*Py3iMLX(xEED;084qG&SS+Q)OL%MfGxqw_vJ zGg_#b-JP$(ZESeQ!;3VUb^WFC6S@nO+T+)c@U5+1OTiMPW(fi61x%7cu(98bJ}BiN zA92>T&a*sVPA6p@2yf!{r_5X;O?Q23b!H305g~yXUQH#W7>#EL2<$3c#UmE}?l_V| zG-XhnXVdVk_JH14-+h+NZl>5uxCE3Qv_@9Y6s&xSJ*SJ`;&qI2$#E5lkZfhh#sSE0 zsmJACP-7FaP@b8GUIKvsWC@pSK zd5oCLW7@V`8%J$UKT_7<)o$)ZklPU?W==m5TwTwFbq_VJ_7Yo$Z1IosX?rl{Ea+Am zie1SBAY8+cI`pqdmqw3Djpm&qi-EYX6`O^G=5n_>g{9G!BOqlTbc0$tFnfmkJmj^y zbC7#dCQ|Hmy1W`y#1UHBiBN%t1obt61aO_kVdX@J9QVh12wRbAuxau_jbc`I#&)k` zS+i+#`2n{Ch#Zy3>r*LM+A7)@mn*2PlwACup|}FL0rtKs6d-kTy0T;z;Rk8OSx*y+oX{-;am)n$5ZcH=1nJV6wy`gMe)T(Xj+4hPfpu85P)e=+_r zx4yi%T~29coZLuN%dz=*>MG`mXM3kYnq2YCJk5qh+md+ej`itM?0EjqvFAQ2_?zN? zhaNW4VS>b)IAmERjnJLZ5y>m-UtRcT_LKO1W#Q|a{TEWY(C+0TJDWoeNyr%^{{XL7 zDBTZ}L+2lf-xZIGHT?)^ZF@eP^Mk%ZK~g=tXP&k6f5WTG9Ro$V)Tc;(%_$Fb7z{ZW z``P25$KhExw5%^?&P&H$DbV~`;vo)$VHKo+d5R(*BLT;5_2yUFPNA$^zMCbz+%Pc# z-F`qn8rnJ(skHSz!uSjDlTFucZ(!5nuuV!hnHWmjOrI$VGxe_p)F-w0Nq4JVSjh0- zCHsA*7ncBh*f=M)GsQVap{!R!(tKy&uMg|-S?jt#l`XBz2`+Q~u0k?bKE}M-3kdBR z?@qj$ON403h3uqsu1UvJzYjK+qNa^`ccLZrf;6(hGVemCE7#^f8tqESrb>d z`(45XR#!hdj)Sk$^s0jB6(-s;yl>;ZKF>_jl0P!yXTmEdJ9y}QF@sp%9g%!b$@1Yxr$%g$@h=J4LFbK>nfJtI!IlTNrmC2&4Sus-+y z09u)xQ#;LWe+>K|hR<2l?|#*FaUzit9zuhHaB=>B3g~}ot51f0De%vLyjS4pY@*cJ z6=o2|xtJf}az7e(I#u^HJ`a2`)4XjJzlX0hiyPxUHW~1y61?Od-Rsi6BKQg&KH>{2 zVP_S@AVgq6mBNf+4x^-RdaD=fD>a_O-d57+rSf1qN&M)BXu_@rO%B z@qfXu8u+r#)(0PH(*?u%doD@IT%NV3Ez7a`4=$_W1^BSqexc$WI^y^_Td$tb9DWw$PxmlT(j+yY3i89;n~YRx<2Vbv^4-_<`Y%9O+YkXlj;e zaU2L)By1SQJ^8PiJR9L{4qLAhTI63}ODjB5nMn$SlfeF!&#F419_In$4~6>U>lSnA z@lH}L@=3KxC$0uCc>*+>Ng)mN+1FIP3WPRh@6daB1Eh)NOSL=DO4f3LODHSkIv5n0X&H z>RttxQH}3xUgq{@ecL8%f~1U}z-GTzEmup?J_AEEO&-1WEh&k&j!c-`kC$*2x3uMp zXu_+yvG7;J--uS;DAMiq=t8SV9Ud@vjD{m0rFWLzBl|7TRJkqA0;^{~TJMgh9YoVM zHU9vNH`kiSg!~V0Xz|;-Nh7)*t&YE52hy}IJU^(d^x9UhrCv#4aLQdBFtU!nonuxu z2p^xn8}waAz+OGqbXz+~-%oGfK(WWlso(;C3gG+);#=8uJAEI-5@OiCLhZznJX~3N9JMNliSzc zgC0^(3|@HF&dD?#K0CsbC=)PmmP3xi>TBA(8{zG3{uJxF2Z(K9)-@8Xa4tgNz`&FE z{Jd72`e;O=?0G-I`Ik=8HO*C~DJ8^>6GGB_%Go33UfnCRztHvjg|~-K6Mtw1Nl-BR z$_OMM!n!@74x8pa?(kzf=$3Z(kd%NG45~0m#t-9Po*%VEwy)v88S5Im-OG95o5@sK z`Kz!(2674Rd9FI9us#Oy7ONz;)7`}9Vb0-P9-()2s3N(HlwL4LYKSAIEXmU^Zgh=e z%Tcr+=_xAVi{onNn*D9~bK;o1W#MfrT#9I=aso(0g3RO8d)GqPXQkO(ZMZ9!^K;7M z^{G5T6|S=rT3w_rh9a97XRmtYs~e+gbFuI@#En1u175w+=XDV;F|IJJ$@{19uL9Jr z7UAZCBeY`&+PUb(t4neOMxL8tVNVnh` z?x!p2j#{xJXw;|?0?*$)=^{pn435W-(ALHlH6)(i^G}T(mng*JZVrFQu6|IYvnk-7 z#(@o41_~bCz~-#L?2Z#|^>d8lr8Mkm141P7rEtmzQa_5ZnKZSXz+Noz55k+Mls@ z3rp=X;^$4iwvrp`c}xjqtex@RyWn!vr`VtYGBWJpO+`NCjhp4k zIKZt=W>E~`0~OCXsS@Nj8;TRycc2R|9EBV=%N9pb(vmSOaG1jt1cGtSXaX@4g3Xn| z?^+N=6j3(bqm%yC2K3otD~uo`E~Ma$SM5*y5fAp@oAzt{q38HP#qc0oBU z1-z}n7(4($>Gh?`cT&1BwOC811eR>jfptJFQGNbaVCEjQ>*E>Ik*)77Cwpd%k0Wmx9>*2E z@V~@T_+!P!?r7QUSqyH33@{*$d)8GqCCbOB>UveR-Sj%sMC)kBXq8tPP-<@htQOuQ zx|2|IE|nt!rFmuJ2l`h9L}>@9>)sWfZ7;-AM9l^EhbJl|AH+$oNAb^vY;;>IKOOjX z53(|{rPr2nBj@x457N24qfbL)w(!=j`ivI(rM<|yiGXe6kZad;?-9i{j8I&pYa+Hc z;QYeAf}F078nNh0tZ90Fp%9%QMYvzRw0-J^%Hq~dI$JB)1n#Z-to2W!uDH9LrOhKv zxVe?0gQwWL!_#J2$8j>>BGrDygF zA#m!ML}V0Ln&Gj!kraB=Kd2m1`A+i=ix@m_Gji&VyvmB0I4)Tg?5wwDbj(SoosRp2$j32&?60COb80lCy7jed~95@o^X~6417|Uxk3LMD6 zU5;>T(EK%T5i4(rnL+@ za?G|U?8?Y|!IdgT4oBlzNP0od;Teo2KaB*mkbf7<^$j9cj`H2a z@g9MQ{uA{XAB}#7d^^`Hej|8)PuK0_w@ZoR2I}1#m}CQ=^YyQ%!b@Yq#lq*a=z1(# zT1c$L0}Oyq6=6QZJ+TS;(lqdD4G zjsDf<;u-orMTGV$$ru`Ei1iN+UPY(t5G}fp2IHKT?mAbv=~vO;TE{du2*Vt0uQpBI z$J}9~?%3B$)``SYGHxEHn(#l5_LIYP;LjLZLT_QTb89-Tasz)C@~)Z^BNq$7qu0M; z?~jAwN5s8nPIfQhEodpYgq&@D`5w9FJ*)S+YuyXP-WFdI>6(SD&Yv7vkZ&8p{{XvQ z#R;D)QVlzvMc}{eUlMqp;!O@?EXGf>{KFea_5ADSAKSN2J|xg|{{RL(wVBjyTg+BQ z;oCX+vGlI1rmlJvYPF&8&%r$_PPXyIj*$h-GI))O7Xb1weLH>X{eFAz6r?tGz9PMn z;gU288H26|Adb}z7doR|oJYj(fWHbqXxmGT3*t78qW)NlTIx2fs^Fb@X7K<*%jqfT&K}dmC<3Q3lR*Y=bYDx_{ISGli1zC=EXE6(Yp_C zuQf4}F~wEoi)j06_HglUg#2aj(R>Nx2-8rpf$xZtXVK<0Ix#(;l_0rrX^r zs>U#?0ahJP)Kt9>w4sEfY@EG_6wq z0PXhnw|2-KVPk_Z&pUnkab9b0neWV!Ce#C_JJK7I*yy~d@)RJ)sHJN^FAtn!(t<%C zS(|YsRD0H6jPImtEgwy5bucTjR|5<(JD&Y2WgCi7xz5>cjT?sa{{VWmV!8@2&GOKr zV>uRl#3)Q)Hfyf%Plxm!YhAX}d_$?WlVv_sTw{ozA1OZB$KhQuS{TY*3{MfP{vEs2 z^bvCf?AG!ayy(tWKn^kw;aG4z#IFkOdB+`2cKs-3Mupa#nt~9~$GmZzb667Tmv$2Y z3qIc2?^u--Er*Ew@b(uGm@i`|DC3enMRXP>JCu>b0gQAtYG%fS1(kxhK3F_sty=Re zWW2VD=0OZHNU>#(GEZu*WOGhM{{V@80=oEr;w=@db!&ZJK-4Wn%2AYT|h-AwbVm#wvZj}dfcR3o9rYvlg`iaKL>KjSt30Ep&-@icv2G?6BnJV&_y01BU6 zR`jNPmUD-0o3ZpKz|V|{@W;d{eRmz*=Y(aG{VYWx4GQoH1Jjag><=I6`VP6NL9X~x z{w+sDmu%5(mo5S42OSM|!lSYBoVxROKAHG0u0!HI9i+0jGTuOT%7pVC2RW~pziu6E zJ|cLV!ZF&sEV@JjEy$ziz`^I=`c=B8r-h==lC&lAibercTJ_yJ_^M%Ba}IeuE1q(> z>eHp6#r#XrTUUbK{wN~zV~mMkXD$ACubwUKO_cIR7@%HX&57sm(X?|l>Y$uLG7hTtwqBssUD=Ybi*3YHnvp_>}W}++;|!xu4(gX z6WyZ-;qv8d#816*F1v34)G={U)s0!g4eYx&l-GO z_?4FWpR<0S z;C~0~xK9k&YqyE_rN2`%GvlddY>9+#biiYx1+>SL{XNpNIbd zZt;J>`>Wkf!oU~3@XgD!&ngbD6L-g@dDUqjO@yZ0Z7t6u@HdKJ)gySqv=>lGG=j4Yr+WX{^{w@;D3$z#!mfHOa`&M%rBW-`Q~JJ};YA(RGWDBT`90 zRCdRhr#z3-^{PL#hr!FW?2SzZSu;iR49dfk>su_+Y&RQNu5(_V z6#h{9S7y!_EG`LssY+k?3b+2;#e(clltI^nk@stU4K^2sIb{C;S<2$Z z5}xF?mv3xEs<-ZQll8Aa(`|>@gDS4_bMIThbv(L{a)sW3E&a+oFd0|)xbIo|n>C4p zY)=;7y`NE99JLKAeO2bSR9Ozu&(^aY{?N>!H;{6Ds-o;;Er=$TNJ9ix+&MPlZwDRUjBL*R!KplRxf-IXreZ{wc0&P- z&<;%Md@027MHZMSyn(Z9^V;+X{qt!^#Egf`~)=~BxKa|Brc z4c8~NBb}EcKv1Sj0l_|^uEnx2IOKNrps1}&w=zL3xLLO2u50CAj-E9B#?vnJ*aF8h zkO6Ohf5w`2I-rlw8O%+6J5UIQn8aqFp)gY(Sq3oFVNRrrFcig8r{S;IwqBMc|YA|0}7|G z&ws+DMF%PLXM(?G3!O>D?~C;qqbY_K9^c~4H^P1niEZMI63LW5l*jjqaoFRfe5LUx#eO1dAF%jRXS1+(9%}>9eQ{nk zDz8L(G%0sHuFpn?#1L5A-07{U-lUyEV3r3T(y#cR!$VDk-D_9yXqGX2arGFn8Zub0MHk4pXV{g;2>ou2?d zWzl7+zMF6HtK*b`e9co(j7qRK@fcL_qduJb_B%q7Ml~xRsrPm^_u3`Co8t{Cz`~>$ zp+ymSC$~ZT>&|>lXYsjXlSTMfrRY{Z6u3>dH_|>D-G@v7Kdp2|CnT!e(D45N!x7=H z55cb8++O(8#)!e@6P|Z>5tG0k)%5n6txKrs5F60&%BTmGAONQwE20~iN=GMmZD%d? zH*IXGa+wP!vF%ziogBmdn;o>XjzUN?&1z(iG}UyQtzzj=T|S>`r0~3k9^$-udG2&? z7E9siw8&pUQM>JsxEq^1;W6pXYc4}`Bg7se@VAGJ++H5JlUdXp<~W=l9Q7UXUjzJQ z{i%E<@Ujg{QuvYLT{73n1Vv+QFlK2p!nP}Vbc>9wq4+oZPyXNk02V$cYudh#;8Abj ze+ZG~hqnb9Z&usegI||g=ZG}eG|fQX-(2ecAd+3pb1@89lafj6*1bAWu@x&=@SR&y z7uQWQ0W5%U*!?RP8{>BXXLbS4TI)C})V_j5xpt2s6CC99sF^(CKn=MLIUE`e8L`pC zQGxH%ihJ8RV(Li8IQ5{-vi+^Q%YelZa86BY*y*qGlL2wJ?{@moOk;gc_u<#WuN!<< z@nxriz7_aCS@GYAWOWALPmI38PaBUwGhfnA>~;SD1Q?mL4Ljmz?VqmM*g8lrAn@&+ zfNW97jz|7B>5u{X*EMRk(H->ZG=Ay$P7euuHP9jO2f{xBX#W5YygLX8CbqX!Vxt2; zE-=InPbc2B^{*OuBSVdJ<#@bD;>leWHjT+J=dR)D?rY4HwL2jWhb^gib6J-D-^6$yIp11}OC2g0CV?gL-e%yb z6;|^@)3n@6b0l|ni^}cfQUeO_T^GWc4{@SV22`+c#Zc9YKIUmN5gi9=&Q8TRqMo0rTS+8#?+)V`9Osi=gz&{XrPOX-FYdKsVnYSA zQb-yLf|on8qdhCUx6|Nw#nz)H>)Z{VpN#-=diLdI`#MIgj1s-;k<{)Dlmb~Hj#WJE zCmHssl)4&0pDXy^;e+_6Tea78*BWiuedl1#>~_a`^o7(;o21(5_X-x_P$+$%b6H%~ z%b~O2`@0!+IMZ8KHq1%gA6oBqMACHIx1T_mM=u3KkDKwuBPSwps@-^nnms~s=WHOB zY-X|SH2pC}#7-hkxFBaI+|XAyMrU8?@!81jX(W;<#{qb(_zmi~d89i}@PYSeGHkm% zMoCqcU>k37SK!oQw`7WIsKf0572ui#OLuv3tLgW4KW)lmkbjE2y|f#sr;Zdw3A+W~ zqKef|xXym#Mbxi#M~QB%yp+expyZH!E3CDX?CdQeCGG&i@ymPGa+r&e4M&H)Nfoov zxy~!ChF>_uOaUXnI8(vLt!K_Qi#L{^ZiN+m$l+X^4#u!!(68;SjP|m<)Vq)H;NrSr zAsBZ)B-C_xXOej0WZVJC#y+*c>K-rCwVC6$F7Qgvg23Q?1zBnrI#@MZ8+apvV6Pgk zTRehANXw_(**w-lADOpp9AogN>IbtdY1ebwIfNjAf4&YmuFl6%x%r^D-!w#UTxT_( zIW{dx9kj8LX!Eq zHM&Xzb2z?TuORK~TWR5&?S2CyMz*&Y zz+=#g(ws+Qk<`2u;vFLTX!QwgTHk0fGB!Z^)1!(Ne=2B$Hr#J-;Xb0b_Gq46ZgaYv z@!81BHS|)p>;+NMsoDr`ci;t?umBY;yNpSrYa6snh}bA2k}Ii}`s!wm-6U4Gz~^=V zr_99HLY!9y#_1&&CM7M?v96C*)a3CTQbQtwN`(1GU@`qF3|cuTttN8zki_XA91_2+ zY-w^mi)@~8l5j{JX#o}Pw6aJgwV9+jD%c#UtI=w)%WNVfGh-a_PQy;Z>Cs+Ea-l7W zjB}pCw`I~)dAAou;mP^1#|P*uDMZys=jOPzvyxaNa_WSRYnhfCEk;kYT_DPyKEAb> z%i4VK*vuogEhzLq%B<>|+;X$q;6RQC2f3?^t)l~xzp}Z)%3~Wx8CtJlB1l3M3b`W( z+O;No9Sr)0pQ75uD?%=1ZV^;{@AJ(rldalnnv+9ubq$1JH#uNVJ%v{@FlX~6tL~dX6eDjy?jl&^{u})*5}*lW#m}F4Egon{Q$1MbVsXUZk|6}HKaIK^=f7H+ZK0HIas2aM=LxPAhNXw~0JU6gt#ao*%TexngI9(Ke7s&H(h! ztq%K+I_h!10KPH&Lhyam-XQT*DW}>pJ-o>)f+Yu|CO+w}oxVKkS3WE8?d{ixwXt`h z-Vjm*X26tW^Yq8*R&N+s_Ai9r6k^f*EqCGX5NfxxU)j2#R!l1s+djC*PfGfSNbvJt z_*wi*b7Lg2N;q8n(F2Z8JvppuE~cp*50$LwSM8`+TwJZPFU+cXfAzVq4e|Z_l6Znm zV%%NH=0+A+n;2*H&*xd9Cd!Co@fDm_s!U9a_kqtf-+Tq|XNz?|65QH&dsSUV=GIq{ zVMWe($WzB!=!?+v*$0WQwb*=Dd8BI=S1Ah0R!zu8$vc8OS8bulmUn@CxBD;v?<4?z zl`fz~TSK4mosWn7RSX&zh^-;Nhs|kXkVpIF82h2UGma~U@Z3HQyBB^M)zykw9sW?5 z29Iw!=kuhb%^bQPPW%(`w}6|)_nscHx{PWI2oU*>7jAlGx@Ns^#X5I}=J7Okcithe z(r*k6BFQ^p0RuaKJPg&ivA8qyr^g;9);v@3I@(P^rJqN(l=($46ULCHynvZ7aprnuPY!+uT2&3lglOcVa78t7=n`_O6Za#=}|o`|#hy`hKJ?-dIrV zd5aRv0+2>|=e2#i`(5}qR`@~SEl%P#x{ptpV|blNDkLL;*ReI7XJm5EQ}dfm_^5UL zHrB&g4<+5ZgP9<~KkoX9`tQS9SA{%n;iS1;KGXYtC^Hhwn@pT_AMIncV<_rWA#IP& zj~Qt)>i+;8X4BsLQPFg{*T|70LKZ+esQl}nvDUTkhn_oq64raWn{zjm<<3Wx4+K=( zq1hQ*L-xDiM}aMFv=OfAc1d%4aSE-!o`I3G?0D&1SHv0oKjGa(Bnzj#(2%PHBMZ-< zsCT}ExwGLLBYwK-Z@BaOgYUBr@9dlSzU z>RKkBV>QW_%~&0WTyoXbPIp8~2dBToOT#vcui4t$PbxT)2}GlCPyfNZm7Hij6nl__!0?tD$VBx?x zJH2bv{5kNF-&t4iE!xQ!jOK0DqDKkm4xkM8$Q;(NM%>*GwtO1@01@`4|&n?va8LjBv zEwX{NDDSPFFyWJ=nZX~Gckn&B+Rlbb=q2awdQB5yU`!CwF3a&@39XbPGrs00}IvV)X_Mf?i`oqM& z81gOeudUVHZQXY=IT!?ba=)c#IT<*glcK{>kUhSo50h|%Yk)Zi-_p6ei6yjVfn8Bg z1cBCwt7vNoy^dZ-j#(NlyOjK-k9zvc_Hglq?}s&Epsmfknq2r)X+HF1V~%(qTG|L_ z=smpNaz}7kM14dRLX8R9)R#adZtwF_AQJ5>Jh3FSx~ zYwgdD8a9{l8^HEHHPf`lxVL+7*DiyFY<_$Ye=4SL%zo;B!M-21s%!cNz55pYOTJ(2 zEj!G;@Wiu7a`9xAj04kYIpd5oSM*DBVqw&7ULaQtL$A1~sI|Fg(Ek7k{8{J0ABLvG zZOcO5-j(e##Fp*$l~q*!HOCCS>n>Hf6F-D+_$|NeP@l7B?L)8l_rumUmcIx-BdnUW zh7%FlYKwz3IUFb@w~uB~+P|L7Q%ie!t`bOmiGz?q?lXXEEF@BoBGTG@+kO@~=8k=> zo)%Ulrs}P7z^S$c`sAAKIi^%V%B{4vGx^d-8X;wn9iZd^L76(VVHw0@BcU~3HfWf# z0!DE_(V-cU+D5@~k%Q@45U@mI&&fPzwNv5hgbMr{{1IxSgWCeYp!D;1m7coonJ&0H+QA0M`}QPDedPP*~(&G1bcd0J29~LaN&f9JhaJ z>WjI=*;?rWZVDKBZRz;a0z)Dz1qH$CI#U8hc5v7SXT2U&gepem+pYlVKo3&oh~#>T zoHGK^;|)QiCD3}ww`^*lkb3%6`0q7cJ?ynT7WC=*m89u(CPDKkL%3l3;}jiGXZMN! z00e>kuVDSEzh=(}=r4I?W$`P*XV0}r<@woE;#itI=Oi95KfBYM{`F}Zt*z7%NTE{F z?Q#g|8~0QA))I--jXgdmX_gze&C~?#Z|^N;{6g@@g}is*&k*<%#+DZPr-gN^Sv1So zWdN&3B9%GM*E#G!HODGof1R)V6vOsG@h9x7@t4KcmlkbtX{TMKwDZ83ON$vY*4I9u zvS2Xmz}M#utHUMCW+|CgOc2ES)-#TT$o9VkUEP+v(6v)_cc*PKLn{obj^Jaz70_xH zx^=dlJ=T!%rNmMx2wMS{zA;=iMF|}jfqYY8t4nWlakdLAbCc+C#eD)+U2jOfu}RwF zNR)`=L~pz?#&KS4O&!tJk3jfbd=ucE7UM#{Vvi>Ffgh3>`VxKXwzh3LS7(GS##~pW zf|R4Vh8Yo9LIJHM2GVY9_o7BeJ?GP!$pIUuzo zQ=+y@RpMmo4^O3Yf;&{YV6D!28UVc=tdh#GtZvHOgW9?e4_`lquAWQS1h5ALWY%&5 zhl%d2^)q>Rg^)8BPi}kH0Qb#r6p1pky9_ST(v()CN2K^KUY^#@;@T&X&j%-*8ua}e z#aA%tw<7XrjHQl27|89`wXxA1&I`pF)z!>+(;aP_a<)eWNIB2xPVs+fIIN_!E)4je_KomHp=F_K8t#JwPdt2tLC!sE^HcjTP}V1bHTz45E+Jtt^EnJo zc&=KJx;+{)x$5!UKACF-X?EUQCJHNYjMrah^QGh_;2w;#JZlKG@V*QDn?cmmB}A4 z3dDM!%#KPJRAZBM&AIjGC2Uuo8N5B`xlfC%Zp9DY^xe}yG|HuFsZV!JVZ z@T!mD10;Sx*TmMLW9=hd*ziw;{{R#;?L)=i7(5^F{{X=;Uu*YQOz{X~9$-Rn!B3zd z{{Z#t>Q4y%&K?u-Uxsym2zZ;u8mEPRAlxjn+X)B;DH(VHTdyal6&}f2;*EVz&Hn%h zcqr?(e-geH{8+m;J}S|#Cet6uIBzjngqV8~gYRA^;%je-KeL9lZQ+j_%QyTZ(nlNV z`iUE(xrFrjy+@^ac+5IIY&~=8PlcZ!XDMlCX?kxhE(lzb4#Vmz*8E5CZEkKYJY%3- z+FELE;^I{e`?-M!f(IG;SIJ`NS={z1Rk`ebD}RRC-@t8u!k!}2tnNHPac1zgBgBSI zaCdqN{Ezr?`#*eJy^dS|01I6u-jxLAIqf8385bvM_vv14$4qJ-pQ(6zSTum#N0GfrAmh@rG~GK&)9&P1phumCHy-~0TKDKxJbJXX6HwD_n&-^6 zNAifn4Dt9^h5S?S)|Y!CMSUZ_)e@-Qeo{x)qP0`E4M^~PGTzDqJaL06soFP^dK`DJ ziN9-IBF6GNDD?}2XsGKXB~PL4^{!~typlbNbo9_qhPt2pC0ag-rr1F=GJsM^T>a6U z0&DME4+&|01<~||)od&-wK)1-#Q7HraCsH)U}(GQZ%&(g6uedAsV}nzpAVI9fJj5$ zuXs!0rS7inscMXDtrjx=XZLf^{&n{`b{mp6KVIQnEND{Zd$YhiUvYC~t7;m2rZz|= zD6FSDhpljj%e@n_;n3Cf0(T51d;t473J3UN#W)r!}^TZ zI(xByCSFWgJrs`B$0U37DfBw=sL4D+aKAP%PAfL^T(Q?In@hX5k6;Bu1IcXlKT0XR zP3llQqUXRqEbz9iW#X+4%6&&jNkT}_uJ(NO`Fij%UvcA~$G7yYUli$P>U~PpFJhWBE%sTL z`@iQk%%Nv-)~(E}d8Uox4-x!1)Z^APE7!NwaB-3Qxmz6>eSPco1NK1FJazj@>5^G! zUK@(fR!q%T$!B%`t%sf_OGvAp*Z%+o1pS-71^f@R_;Iax zE5++CkM89AKBcCKe8G8@%S;pgS%p8IN1?CGYx$$INp2xhB*8cb0M@l>r0j*^zH47F z%hoFq9$7af>XXy_y-}&~*TPBhA6V72s5L8VJ#srnxP>Kb331K`}jNs!r9X}f8luy*CR7*y38dNe{+}v9`v9w@Hx^wz|RW*j2b!GOllNr#G z!zY^NsiEpZY3OR{`n=I^is3?)J?p&F?;^Pa<{N!04s)gw=w8&FEv?u_{{S-#dRISV zZtjLv2RP3)Wt$2V;Ag#R{{Udf@jR-77Mn*h-m7?UMm9O! zUqO!de8I|2sz7BJ{cD^^FSKZj%Em~7^2`1dbCh-(eb3q~8gx@8)6%gZ)@^lpE)g0c zsM~hqxc;?jS2?9_rnHhdMHezi?a?v6!~*UCeq`)}y9) zcgFr3ZwUCh#9wJGD3N9#>#ZCgy&3KFu9|0wj-sU&k2~`yh@71a3;tEkJ7ou|XU zi}Uzxbt(KkJ*~i;JaQ6xl;IE>{9 zKAjD9nsn|QE(-(K+Og)lJqJZ0HGdOBrR)A1(KR_1Jr@2|hUP+egfjpM{7ol_yfrWE zz*9BK)}lmVV>E+2O0h$pTexCmZBlm7rM)qOeUxz7MkYvR8I=$<6Gk{L9%a~z6JKp+BgKhH|$ zsT&f` zEgtUjHn+HfKrmg0QO8{3u_iA@&&pUlKY8%G;*Z2XhgT%2(=|6(vN#bj$OGEFX6_}D z)x(wfmpBK#BXvEjadxm`X(9(}jyUgI45%P6@)TF6hK-NmZ>1(KQqJhoZ$(Lc?o$5% zBxl=*t?m`@OnLdMrIPRkjX+`#O7|hL{HLl3A-yY;vzIq+w+AYxoYExF)#Qp)2Hi&o_>OCt z(i$6WV%kZp)_9qY_0BUvl%;dKo_k2!af~SJE0EMYME3V47ywAy0Q*oS6Mo9f-Gz{R z&5VKtUou528+jx?YVpr%1Y}$4Q`y|Smh1x~e7yA)+a|extB4_i{IbLbW5y^EIq>bJ zzV=zBYl3jh&5(YBwQ~L`@cc*?IIRRXINT%v;iv<`ub`d_wuF`rrw2Xjw(#^{=xnkS zQoN36FlLnIH$+5WLG-F--0s*&+3Vhe87)Xc%(EnMkKK-Q`I16-jl*N`X~v4up@L=CQfC-YwQl=Wory z>sko~)rF$ALdlXx`#$v`WZlU<%#AA`^7iG39E0?(vqSi8;=Ou%X=1Tx?ExFhkGv11 zGbID)&kz32Ivv;9CDrYn=U3d^WAZihuZ4ab*ys?1w9??Whyk#waxvdDoYGb;Q`GgV zPX$jbakN&j4^ zg}e#jhw&eaC4I3h5tFgb04~FY75DeTulObwi#D~Q_~Z7l)S~f((L8fo_-@WXW49v* z6L)UhXPVL!$ely>k4gAt*LtjibBV0bJO0je$ObjFR405 zBJ;U=8q;GlkB;|Sy}X*fzA?8VP^Qy2v-P%rb&20#q zBz_rw)!*<_PYzn^8n=PI1L{WZ>uHYTS0w)E5%-kz&PPi8Y4LBx3A|6KKB?m`5bB;M z)tOoR$w>@(>Ws~oz9qj5Kt6`UwqY1s5t1HVfBr2UEi z0N{$hv{&saZG3a_N*lj~KMH>Nj_6|U;v8piUWzb!n&z!m$8{=4^zHjOe$3yqKkP5z zdoK(8Deyh6t>Rf!B)Zg=+umt=v%WKr$XBsyzB;itg6G9rt;VHwaK<<-RQ%16#xM>P zasL3;uR5g8$kRAode6mr-14lG+xT}#G2${84Ub<>(AF-Lwi+~VVQpn$cXNUMnCtUM zaoqI%D+enYC1WDnSdwRvwSaA}P>>^yw=05sbpBP!>YA}Xz)KDc&5k0b~m^B_2`27GBIu&lV1URQ~jk%OAe8w+t2&_ z;o>~52k~=S#x^NL`K5eG;$3%AxxASgRwvc-R@t+aAV14d%( zq;ZpzT=LwO&#!(TX_gn7Wz33y;$a$v2)N|>{*_N#vDbA_ZDoL1MUtD8jz)X&R|6S4 zoi~Sc?K{KJ2|R|C@yYc+N~ENV)Kr%LROAmU*l%0;tQn;~}(hF!5tDwh0 z$*(fij?ej^%KrdXI(j<&uOV@sd9Pvd7lw|T zZxLIMl@H%s;g6+c)r{&EEYkvCncu>YbGGmjTDH7j9iJn`fx=B3$ z0Nn-qgmpf-tULK6)B@SetMeQw9Ac(X8aO{0+{@w3Ij2}9l0|F=jO35Pviv>bIQ0t) zWYzT7B2$Ru^2sCIoPRpV)(Ge>d^K$qiPUt>P8MzWHsFyWpI@aVu$EW0YsuLp#xvcj zTQ0_`+(+gZRm)A-_pLi9Ev(B*$7F5uIc|g8(=n3N?Jg}Xn#wtBo6L|dS+V!4%;vb3 zIg8y!(frsR^b%9K)l=;#f(Z;vKKT9*VygL*29#W1JBCsK2Zc37BqoDp4V=Df31@bGbKF;Nr_Ez7uFSSGSt79j zza;)OGuWqNyVh-O?kyn*V|fZ^E7;ecTgQK-F2=czcuTS5hA=|U5 z1XaQzb1LdfRn$=eEL#+mip-s3DwXAJcHDarED%_ zayN*R?z`HXiv}e3sI<0Ad%rnP&AYBDC1IX~+AsFj4cv^Z-0th2dc?cDwbQMaN|N3- zoH4}foxo$E=M^cUWg~~U)Sy`mUTBsf&o#NGYm!Ga0?}QE*McexPRQ!02yKKh9-S*P z{zEK6MFE$xj;4S(=%kv~=*bj#UD!U~TEAnh$LC0|2r4+vd(#8e^gVYhNi((i>HhQO4qbonqYTQECz;Z@^ct zD!mRE`5#>TI`~DX+v(Q+ExxvfG%T_yYz9>)zJ0}1{h<6cb*Sn(PQP%m%K?PMzbFCF zch9d%h|cT}nJ;gm@XoDisX=gU?O{+_JmegK*Xdohi{tyx9_d#aK9wccmLv?PJRW+F zLt8dVV3H>G{4t@zX7_w32yt8G)mQLe9hexg~$xc>lFama5> z4z;{?Ik{WV`KRIs#(f{hUNN7<)*4Nwmt}PzZ!S!$GkW{yt!zo+dp$zN-re5H84*vH z6lsPa^(6Q0Q|#8k?AkKnymG!`Y4YBLU`F4+*QZ+XZ;O8md`YBh_nt4(A&S**Vp->b zRla2)9zF5J3N|!RvE&ioY8EnS8m@qoL9BVPJFeV3iVp(5vH0!d&k5@O3e)VZ?)3imsRnd#Cq&P zX=Z}c%90(}LW83f^%Ze;6q-5fPZ^JZ`p&Ox5^Kq?qcM4k`+Smd!S)r(_!r_1uc>Mp zg|4kI8g<3dF|!@nLUIr4Yh-iv)aiU*;%ol^4tT#t*L(@$ThXZL?ve#}*&C70-Ye~Y zi{G?ojelsb+2-3z*DS2tQnD#D?*o!&Dedoy!lXH)W=ey#&xE`MtiHPi%Ih{Mq?qIq z$8+W!6$hah;PL$H?kf#vSnzGXhx~V>URc~|8<4Do2aaBu1bWi3cGkzrAGGI=bWad? z&qVQWg&p(@$o$D}E#p7(-1XXhJJ*1CZsS<-)~|18r^!9up**HC?0Pu&>(o^8qgbsq zKXSij-Cx8yAAw=;w~emmgHsmbC?pI{(a_^P{p<7V_Kfg{j{Y6$`p%_e;vGX)wEJ62 z3=)!LA&>X7&OIt69Y#B5pAkzNG^2ahGvn9v}B%*jN-nl_*45ec$RMg zPkZ9Tw$i@IZ<~@AARl9n_@yOizauu!gSAf&YZ||fZ@fJe7Rje2)?slbOo|(>2Tp7B zfs!X_LhsP({s8{c_rDNjzwnic zJW(Tyh?V07w)QzZ{#E-E;2(*;2GYD8c-|(zn@zk}w`X<Xub=!+;2k$v(NZrE z87!oCSGQ#!HwU+;{{XIoq7r4j3*ly|s$JRGX|P8-gd0l`8L`c2wy%F};#o93TS$`E zQ?)?y1C4|OfOFTJP-)EB`U~)b;shxLrT&L(n_@v6(MWO`v4Tgnc;CcthB}6`@n%02 z8_P&EiT-<(-b=_yJRf0GCt~9w@5L|Kf59IRd^O^48F(v6O)tgpK&9>CY)2}p^4Rs` zHTaR^JttnW)+e``&J=|tXq>AYf;i4SDq${$u-9Xjj?Zd`&&s`iUQKLi8l0LX+G=r@ zR*Z=TPf!j>{Bd10!N$kxPs1M;+IZu^+CHag6Ix%g6_y4$3xGas=J2njKwxELu0-{{6VbcsyZU{Jy%H8ZggEn-%zoAv&Px_k4pO*#`FFXPY*$L6RNza zla9nzQg$2jKRdtRqu;Wf-|dn6D|px7^i~!N*#0Qaug>~YFn1d}h20Y^VK(w@+HNM2Gij~#4i+lGVw=(ek=F_@=YJd zz8cjn^*bwwxNswIS##VGo;n(5MLD18+4~WG);<9Jvi|^PUxz;&yeF#LUPGx^#SW(e zx6NgEqil&H^->rS&ryTWiuGM`eKPM^)HIl;34dq=m?H-SoPQ%+)naarL&Y{<+S+N< zR?;igjSaQbeRoE{j(-mI`AOq13`gOOQ(X8-tJ$&AZXQivK)Ukyg|m{1-n}^bXQgn- zS%LYL`*i#PPl_K6Zv10urwHC?+QU?hF_e==*Msly?E{QuBv++6WEGIFTZZkgSAz3 z@>gs_VxGSBWX4^^iCQH)$q~0|c#dN1QTF43iVa0 z;xt!e`Hujcag$Ppgd(dQ!Pjeodr);j^glp9;F%w_cB}g*e$(CtK5{|fU1L*@DO|`= zqdDjgOb|+tdsq4__#4F9F14oUw^~)y6ZmgmfprZk;5geHgk;B_gOWcCR8%_C(DYkP zZLT6WF9p@6r(rRMb!GnmSfjmn%@wArWSJY_d^p8&&1y`gWAXF;3m^L>S^RML9XG{2 z8^bHE_=m&R(!s353jY4{M__lA$KGgMi9kQXUkBIx{QO1X>(2%Fi&F6Jr)e#e_EY(O zWW#BeGET-B^%$;cZbj~W4e-asJ{_`$QPcIn(Ysp6A(V~-lpq7^UUQ-9Q(LXf7v#-u zW|M5$$OAkK`tw{BA~?kBt-L*Oo*dSEQ>R_WFOeWev@Od5I4VB1=syPhe|(k~OAVZs zb8>b_ndd%)R||%xT{!4+J~#NUu3zhA?^Uhd+F>fNaT+$>dB<*dTPBrEF$NZLPiF5C?F>gT^_pRPfAkTU#vc z`@4l~mSfI+s46><>beD$@zf>zLt4)2T>u=jdRK>$eWYt%M3ItJfH@y~+)!+fWjcH6 zI$QxzMJXBN)|Hos{?A~s7gl||oc-fK(Pq}>-$Owg+oHa4kzQ@$Z7C$x#-VRrAUNlye;Ukr zNQ6b`dLGmprZOwrS!MEkz>*J576VW6RwOqn zI3)5bmAreqrGGVZ>5jFRD+83gd)SenaLzq3Qzn;jePi~Gxwr!!Urg1;HZB{Uli;rm zYBmrx-Nb07ShA>kgIHSpw^nyXDM^kjobyy~9n5RNcC$ufkV_K*)3?^5xI!WgBW=&G zdQLYsI$aCIn$ChVqiQnRyE5bJ1uCBEiIf#RdXVi0=#L^KluO!oa zN8zaKF4aER0asjO%v0Yr`OEu4{4&-&JdJhXxT2O9ec^b?LDXllu4;#U1Ln&}((3Bo z7ZbyF20}R?fP3T8y3eyDMJ%C>r<)tHh47Efl9<`=wuwU6(&lUBl4-|z+ z=DHm}OV+heJWXwC{!2`L(8#_s9PL+YvOsh;t1!^s8xZ5JxDF z%_u+^1E}d-GIouQhlgq0evPU4PG8!q<2I*d;ka+D=e_doC3f7cDhz&o{{Ra1e~w=T z{4Mck!Q(=nK-LRx(*FRY^ofWWR6Rf+(zq+e=i6&*ZvCl&r$HxU$nYRQirsd zw&3gi-Q6qnOW=3L3p?#5L9IKrg31zN4q7aC0={z}ME5ZAK8*3dhGCr})U<;o?v)~k zSuud%kMqTOKf~>3OZac%tKCmjmPm97P_4=+;PvP5wK3lsaFi#X%-s3!m1M;pH!}=^AF1se7s#xpA)k>tSxZB7)9)6Wn8$l@O zevte!@m1CLg>5b+x{mtvCzUw^?wo)6>q`F4<4|~HVDU(gy>^^#_BHR&s&Ukbppjn3 zZtvvzhBYilpcV4hjWxy9_3Qbgm`H)P5T}L5YE|kTIC!2zs9rs->)ZXDs9})#;=T?2 zu%w1>_(p9cc7kSYn;EcWUZjuGwZZ$-NcHK%q4ambe*tLP2gA<}YgYS1PP@+IlEdp= zzPaK_uAMBSncCSn3Qq#RLCfhT?_=M}u&Q+uF8EtTzSd_~wO4C(Y%#|K=Dmx=elxtX z($0{eT44eZry0P;PwQV<2{eAEm(fm1c0NM!1B;vaBv}mX?UpCjuV`9Iq^jWqGgQxG z^xUeRnx3&|WA-?_+yuz&M6p8Kq%o^=*12U4r`h4D=yIMk@YTM%;O`JUr0r*_#SnPc zZ^+{~IsCNB?scp~7uiKm8Tpt2{EO=Am z&w;Jt(!34hS0eh@e6iYIj!PmA0B`0Eahfim_YuOZ!+^Bj54$IEIke}&2q-CD>Scyr&^n*RbDT2 za(T-Wt^wXYa>i%{_nu{4FA=IQqydoQ4_uJY_p5=b2i6OqqqsMgfhjTq9Vsnb@9 z(Iv7S;jMoA!n&L~?u@a$+LAfrdj9})n*CS(k<(HAsxGxn14i(bwWYL;_8nB+LOhrd zuPh1l>N)FOG?J6C<>xuW!r`ZgdqrIM;@b`0?V8hSF*_dfl{aw^m{ym6qJ( z?Esz#ztU0!96~oo-0Y=R>wXM zjJc>%#&W(%q}uAQ{zu98&8%p*m%4w7^vy>|)?srU#52THtAma^5y7ns9}!(>_ZIR@ ztaSEZ7~}4Y^{+CeJ2UjG9y%2wr5B?;4_(y~_Tx{VPm(L!6N9}^UMr-r^5ctnkaQeU zg^x{DEye7$yhS3Gw^(;~-N$;CNoP-r zH;yLX&}Sa?vGak2C4a4BHDEGtU?{)3Z{ByR@%fhU$u`1vrsJA`I15XOCAyN~kS<)1 zE2UeFzy(}j&}AuWp|5JL6<#69;!`>hGi{TH5S_Ib?x;KmLXY*_%X$I#Vfm75TE5ZDG6dE?MZE%_} z(fmgP{hL*U97j8YfhrEf_5T1k6=Q~^*`W>UUqr4|cL9&3N^)FeWk9O7raZ**Nb0{g z-5%AWr^%6!GPTuDbCSGHQ^cy8W!q|(Ktmj{aVoamxX)9bE1pXmuMz1_G)vXUI zQr3Hr*z~|^>W%uI9a>2<&b%q&tt(FP9oB*_k_}BHIklA<85MnYFb2KO-&BWak%}Qc zl@gQK)`V@LD?B%jU9v`VpGxU0WZSeUJwG~wx=QOqmH3b0O>e~-OcLl&!E>p^q$F%{ z<_zbP>(lZT@A|f>Yw_>kW{IPC(@8pC#eWV&5iT1WZsJjch8=jp$FcRTIgWa?wr9#7 zDYx-5Xx27qbZ+hKBpV=^jum_C^r*Z$b0H)ZDggDUY~z%5I>}q@ASpc#N7lFPAuALy z6Z6oWj&oKxok;~nR-XI&J}ZQPjq-i$R*{!NWgD2fR<)M3gXQKiOD%3q#3*QmXP zj;9EM>Nw;;Iz(C_=myQmPsz1tLgLFOCCN@+X+@9*oyp5{hls#tu8N!9|e3%sVv61gD@ppmB|jqRan$YcS# z4DZ@U5numsWw6>7Sa~zSkLZ`6+@$?>;u4%;{rW+32oLAf{zV2_%O%!d6Zz=uX z%bs|yhE|E80IIG#;=On+59gZ3WyRB`&nuqaTB~bwEEfV}Ap<$Ch%FB`rsuHP>pyAI zqj!=fWgU+us7G}?jkLe+o3?sY9B*RVS@{q&;kOK&9P%p&>V9Oe3#)BjG>g_XBtag5M3?0QwT+!hfaR*eF$PfE?ZlHX8cJWh#m zj>qp)u#R?U9tZOsz4~;m3r$Mu!F=0Q-sc@h6{3KP()g=ZX98$2H)rKuYeruYU21kQ z8H1}R`F9RQ5{d)MwNm#NPG^BZ2h*)V8>!nGF4a77#}$!-H6bd$B8`A9DI^jTf>^gs zy=X9UAQw+;?dFZ{dU4vS-J;wnVhiWL_i3X@Gr|5PL9IojY7M0%(o9r@!NyH~f9bwA z@g|+CPo&@5$!~om#Y(K(&PnKh!mj!oMqSTN(>xpEEkf987TQ$LDQvnCf(P=h{{T(+ zFXAnDNhQ<8rUIaCb;us|nB4mwyWy{b`UZ$%g7P%fbqCrvV`w<~*SOgDPT`R>yGuVN z2*LSOe_Bo0&zaooEuw7-MYp_d?s^5a zjk?C3Q*V#%gPO+iFM@QB5ZN`g^7+~9MnN8x=E{A} z{1os{!Fy!z{{X_z2gee1p6c@5WVn|DuKxhTHQ4HYF8F=nTf2L-gG}*%h}BEWrneFo zC-_E2ezf^cXET%3{4wzl;(v^6C)F*r4+H!;yokJ($T0h}!fqeKjyONgzKziQ3!!)= zBagz?DP<5NET`uu)Sp_?Fz!P&wY_Qy1;6&RNvk;GJ?b2fYV%D)#@bGiDU(+gTrgZ>HE z`%Qk>9wV}c;irZ!{5jw>br&8cz6LlM2^)k8{1Th?Q~i;z ztbAkRTT5??-xXsAZQbN+GTTYt0OePl^U1H(FBSN!O^d?|e)`sxq-cmXrG!o+5dqK@ z@AWn2PFK|Jj1QTw{7>Rv8BW?qhGDeQbh5zxw&epXr#-m`81Io;dYpb1@Vu#U;(4rZ zHAP_@Hws43w!oPdVNVW_-Bty zSf^~`aXqVo)pfjO=8#I@<7Rpq(g+SKT-9f{w3|`ZZy?ch#LnL{E9PKl3+ij)Uy2{J zo#u^sC9i=`?%j6DG^_%Z?~b`O)T3ZOKm2v^bHpAf)jr29#qIUmOR&ctTbA|qu8ZN% zzz-hyiux&a2ySPxl48Pl9LA^kdRB5)9qfLMcsKTD@J5BF zMlL1*d2FO$R*IRAJ9?GA8+a#My!&P4q+{kFDu?^ug?86*y}P}g)O#lf7$cBsy_rP- zuPQW45e}pCu1Zs-+ets$V~sf64mujrD%uey&mZwWh+>LQv-!|Zmcpu@qO&cgw7f=; ztHCPp0TsVDb2BRFEy#EzVzFlxpBp`sGFn`+Dedc7w{aY^t;Cv}B+@Gr+N z3hRFkwS9e!`T;eR#}Q5!8OLBi?knqs@n*NI+G+M)AV;v05EQ~A3Rl-O3T3@lPm52} zEvM6N!^tTuV;x67*0~$2{XrrM%=lrBMPSj*JEyA%`ijNzJ(PBqG94#Olgf>8t2PVXqT~sn)b|GTal1PNExZ*W9DO_@a?U&%iLz+UD)m1#}$84 zifb6-^P>$D1D|10VH(|rBa*z*WJqRo zw~-=FOLnb`TYU>r(Nf`KtK6ImoT4pgOM; z_^Rty(q_)kxEr>-(`J<2ke_JVjN`AhGTP!B z31fK?nhmHR$>!j4{MSm~WQ=kLN%g8^Fk57U*VRan`IwXLlJ;|+P>}3n zYcWF&yz)j`+E58&j-(3l-w)p2YI?M`aiI(k48V=!)P7Y_T7mEOnhT|?dGe{+Hk598 z^sZtpOHk7F3#Ajr(J2fOhuvRF*b#o`UQJny6C`^ImCtX=u#Ji$Dh6T)KZRjb(Mc5U zZ8YYFSj#fMCppL;TIB6u@;5;lGM(GLTIMYDs|_{ah5*5o5tF*TyTF=7vY?X|(p(e5 zk)A7RY)#nXJ}I$^dr~zM2E6gZ@S4(!)$INjKvXnYmo zdmj;M+GJL2+jwl6d4%hV6g>=cnsi zHgGEby6NR5@w6^FfjG5aI@FSYT0ohGNHJ-w#(0bp`T zFW$Gckkn74Jb$iez8lf+ExhP%bp&$?M6v=yFR1jdiTru4+v<{wWz%f!?q~hrZJ5a) z!|C3$Dkp@=;XO{nT1%_RB({Z;jy$@_bGL<~Lar$+w z(>7D?RMxfaN#Itsyt=kzDpzEMc<<7$+j!^4O=B!E_=@@5FYa1q+)(x$_V%i=R=MbZ z4?Z{ek4ze#m8{;!G%p&a_82PNaz7f|(e+8Sj~v*%tkXf}d5?wr;QE?E&JImoKjBhs6hj?d=eOTA5)49k1DnJcjBFAUeYvu zOHI1dVlsjDjN}g39`*Ehh&~^;f+n{blQp&YWw&26<8eJODqM`^BziBy*v67BW!7}d zYpDL|eYr&*qu#!R@gIwR7x;_AcDftshC9!*wX@1fw#DqjjOMeHn=y3{kbW8bAkiDe zS8!MfH8>9CUo`Gy&Oqy&4n=UEw6DXx7Ru_=N)Zct$zy3_P{-ydaNN<%!`o|P<_`pF zTDFg@cyi-Rk!syo0 zc6>MSHu>+O1j26Rc@A=Ydz{u!ha8WxTcx{hWF?3kaoVcpi8HOa@Ya{A#!HtMe2_^v zEO@V_z6$A|*xDWLhbv0a+*=sP8D&Cy{{T8J&63cmci?La2=CT>3ug`GjAZWQ^XzJ; z!|i$gbh9x%4M@Yb0otD#M|W!fFa z)lXgHq4cj#_yzkr>s}DmCe{2^Ftg3b^4UQv!R5ZEKcxhpZtJ@AdLFN2Ej1Op2;>c| zoujWc@~`bb@gG4l_-97c?qXSzVKvN*$11Jd{$h?>iJw<|9Qc{w%_G2(_;wrHT~kk< zH7kRUEcM84{i`S9ugCpDUx(VSf;&CiFv0@l+| zO>q69#&{Y2Nu67B6Py<4Yt=OW0EqhhcUQU|qj(=r$YozJfu7`!ov3R|6Uxc_6RCVa z(>!lBt>K+TVA3RI^BN+;OKvfhV0-aS_`UFjekW8~nb}v6N`X6tlexLkM@qdSWY2b|}PYvFr zTEp6y<+grW88P>pk5gLnA+>YleG}oHf#N+j_eIq&BOW6P6CP&MGaTfedHPqoctY>M z{sQp49tzPBbj?aGC5?#r+n>g!Q|uN#Q24Xq{{RtN`0_1!2wCjzaAauL<&SS8KGoTH z7go9Pb=Ik&L2u;UMx$|yf^s<^4waBgW9n~${xI=>!mEq#3_bny_O}n_MKp{{#G@Z6 z&%SHb?e+Ul5Nq0{>=xFyy5!Ncmjoh)mjL|DSvRfDX~O5v`me=1Umo~h#NHO4O7d>) zZeB2aut+LM3^?QvD#ybQg_;+P40pG3FuO?itZJmJjJ$w<`t?gqOx+tYUx}X)EPO4f zw}qnq&$_va58>^eI`_qVm*Ty9{t_FAtdinrFH5hN<%5+Z;C>Zo(hxo0!afl3euH_X z>o*tLm6Ak0T#c(aJbHHauA9gHCGb|0sp;M()vVwbY=R4>3R}%^eYx%r=Rv$zW9VH2 z;xB;oZwoQ*geWrA4PGLyI-{{Tv%ExO5U94ROc5BoLK8Ffa|mWQ_f&L0qOJRjm4 z%_2sW>Gw_}#Eq3fpS+_ySLu|o#)jVQBu9vV>Q%a_?^iPk%EjlJIY20ZkdB?J!#`*r z3Ac$nDQ_^-tfZFRe{kY4kViP3T3*{SBscM~AMK4dggjs3zu5QUKZqLR!+M)bapA)#{oTBSlM=D@A21%Hj}cV*Wc7)HG>?8iL0A z9{`5qp$Dk;ui|t53y1p-x596W+8^y7;O!d1-{H5!NtN$pjc_#WU?yE(u=6lZM^+8T zLUEk=Ed0{@^!)5)C?C#7wWm*Kdn7lui*9c}eLXrF^yfL;OBZ5coFo3k^7b!dIrr{iUQ_D*V!@`|%%8KtK5PdGp+7 z=0}KDEpz)@O4cnH_(#NcpJcmCY-<~}KP$JU4_?Ebwfw$+!9jiiY99?eU2)<|OGiex zxHh-NMg)ty0logd^;D&1WhJTk%F#&8D1Lry4%n*S>IqjYRF2$=^k8wyJqkZ&W+BmA zf!orYCIo_1?gt$zjBGwhROEuJ!1_~CS4WwdK6B77MWEU%Lc1{m!6p0iPJ-uVPT-_a zGQpBb@Ic%6(nA}oo#bHf81|srnWZJRqJGadm2(}osRWBPy~7XnY&|~;{@4Ei;EBJs zMw9X5;0k`v9woTBgW?8>GfAY&EXBghAI-Bl%H#rh;N<#pq_nZ$Phsqaqjpm`CbYPy`jYRQ)*@rJ)21w z7@Lgq^c^dftZX==#5B!+QL>r7(vJ+Vxq^6iWlj%JE9qZ^(T#fkTU{+;n)X5av|gl< z+PwOjYIW0%(A{s~E}`NbdGyUfKeM8jW}0Q>9)4T_{&@P=z5dHS7x01cp1JVLRcSP6 zqKkYNA9gb->66lxJY}>-l7g}Bce;A%8m6PC{h}+RieidmISiw?{c4oga9ccTBiyIu z>Cm3_?NO_AndjAlFz+B!D$8!if2J#`)6wp%R^DlvTpmMquG5II7KG5Ap6Fc z(dsrj{n}_YcQ-@I1Q4MA00{K1J5zIWDVpGhRy=x8Y@NnM5=vGmM*cchW#o}7h^14v zk<+~sXj^V)P6M%2JoGXpA`Pez7+AbwVnNw$8CQQEU+q+ETfzU9dnMA z<@P@f^uG?>I}JKDxP^#f!ntZuzK5qmyIUL|#SuNkaB6a_2(hxPj1(s2^x#(a!4HUD z3h-vJtLWOSFx_}(SdR|U#-(g-K*sOHoPV5GgPP$#cI6$#1{Z;Y~n(?&8gW3gsCG@)1cIJ4-?4_ z%WKmS5-{$$9QHNB+3LAyd#}L17$%i1--xFPd8%DINpxjXyUcE+gWkUHPaj$Mvew$l z@=I+Z1h*iS8+VYW^*mN{h*RA77vheE;4c_jYZ^GdmR)5fZh(I5gX`A5MbLH65PT=r z4WEhTois`1^5dBk{9V_#z_O6ps*0rApym~>qKCbI)AW0Zy2z|J0bv5!w#P1rNYgD+N%HU<(;342< zyQ(yg(DGa@<;>0(O16}dA!!`vB$Jx;4HNw}_i4c1xCCsA=Egeo`WobuzQ^ggbtAE| z)TN#Yt(+lVhmJ)j{CgorCuK{C^^_^}EJmQgG-H^hQmhYkHNe_xSKkf%Nv7*MJP~=; zjwFprVJ46MdAHX!4IR|gv}d#4UVJY2@2oDf;cJHQPmG8wd#BEUV4h!9Zr%R?KDFb% zKJae2;fqWA4OYV935;daE5x95E9y9`XG^i@(5-D5=6WWOq6jBzc*Lbc3=UM{wwC)= zx13?bu?{dsc&>L&$7i>?Hf~xAt7a~(9NT!$t#Ou~C^~%eY16lsfNl&&4M^szswry_ zzPE90sF;7WZQ>hDKxE+e6x|cTGidkksM#S%nDe+`uea$+GH0DUHQuMD>H4OrrcCo% zT(TpPy-DDT;=ViB>bk#yqt>iphWaZR4b;${cMd_|`&UId^f)Tu(oL1WV&9K`6YwXA zwT}wx?>)DKwSbQdm<%i>Jy;Lv^{>}Y3V4e`pHTZV-dW#SG=s{y1MjAIBD&oBo(Hm* zGidqi{t78&q^QVo6z;} z(P?UQa!ytik``GX(>VMq?2m@uvJ^iN@ARz?;-87`d=aJJ*o)mZ=E>Cg?nek;kT^NV z9X;!fQf-|T@iC_xoCn3P_$OD2yeSFPJ`a3Ov+;G@21J&}R01;~9FHx!0&!oR$?+do z(fmsO0P&8Md*PoD+me!7U8z=P&Iv=&myV#-sutAaSl(+NLHK6c_g7OkoPu;k+{#Wq zUtCwbd^`B(@o(U&YA^8X#nbp&dDN`S97@7N>T}$B_N#=PSy+rDE7El8E5+`PH&ytZ z<4+Olx4t>o{70(mJ~Wwsdv`pf$Ux|-dkW;f5bF@=KNTatYne3b-9$8^>vr9;gVS*7 zo-3*|x#Qz-FsDn|#c69;{Rh^372pqz77}P4ID%KyrBEQ$qakOue0}2I#0R~6L-CK` z$BTXl>DG7NEz>WxkB0KYmmb3AmnGM;A^*b{7`;Nd9T}_9GqiM*E;tSWWYR8txze^CA>H1s8cLJTt<7w!6 zSCn|ZQx>+67-Wno1asDr*&2sYqbwrTBNG`U>UhQ~{oJytF)9v6TFy+=ETc1mg+_X3 z9cm3}(#K7_5;;&)8OL90&9WxXEww;@d6E-7Yo|ayP=hs(F_EWe?wj-XKb0-*$@?p| z4%~IEW3kZ_KTZXlxhIpH*H0K#U=!vY{pw`i!f57O!}CS1zlbz_U;7gEG3La%{{TrD z;2PfX)~){l2^FQ4&FzE+`WV7Isy=Bw&#CvRQhOY-iaA{;FhD>+<$L0_*5Meo;uXN@ zTA1>psgb700m%0?yt1dE=a^{A_7vB|=CYS>IHXjYdqUzcx}`~%l?-A%$M zbS$_T_7&gRTt^^`LPicTT!-IKsdRPrGAwFKzsfr2psse~R9Q75EhcExJ}?^@s=q^~ zdl}v#)1=faW|}SDVqowI2SG?0_RE3d{{{S93)Shi*cY0$qi5!y;L!5W6(iKJl z;&9u4S`HSqCZ6>z(UMFDJu3z)c`_s;eojC%2#zlbX|n1u>R)1rU4xz2#tnK+oJtS| zVuu*5qb`RICOwZ4`1N-b+9s17?#8y>E!BVEL!Z|*;=TpB)E7;03zW|bo}RULI%rj~sjX;NQC{hj!p&v#Zrpo}9RC1X z{&PHiVJ?gNO?*a>T-)4C+KHQL36 z?Lo{m-CauvfmOp2Ya#>^Pa<41Ce!z^)X;OZTKfu}vO_qOlhAt73)!G185rOkbgiJY zF_dgrvHL`qFtV`<$F6J92A6epWbzgg066EGp>nf?T?bTKvp9_TAmcsOuHPlqqDK;q z&U%j3G80xSGTpOBwjY1(dt9Q*M9d2bOW@Jf}8>37W;L^MjF^ zvIK2jIV@xsXj#Z0s69n<26vpswwDsb;ek<})X_x|Ph$?K(SMDh7tu2eQuVRBq0@K=8Ep8l|z4-AjX=&NGVj>(2->qsahacanJNTvclw zP=h&Z?+jgPMN&&Lw-Jo2g>%heTX=SNy0(_$Nn&_q+%Rw(9ANub4N2VTgbzu-yc%pG zavBI#L2RB4dcVRigx?x|JtT?n@4=d#zJ{(6U0(Jgut(23KfG%mM$M%wAFrRY-|PdV zd>~};exYe)@gw3SabihtN0|&6{_5v~I&|W`xzwhg!5VAo-YeJFPt#)oWVAA2P> z^c6}h=bVo^)qF+qC*sp4m+;QfydR*TUo%^pES6Gv*r%>XbH#c;g#H8gXTe@}r>Man zi#$y-5hkTC-_AP>3;=P*PAf!=j_$&H=+Il=mX%`p5liQ4j(}6I=e%S|Z5kmK@7@Rg z@3*}(DM;e(u5{>Kt{^eoOwIF0l1iG-y3oJ2-EMDVMz+CI6M#bxN`6GAsa|H%{6A#& z!qyv2FQEBGBl>z*m+GD_@U_j%ns$}0gQ_b46i7nk_avSGtszaDpPk>e5AAF4PvEYT zsb2g^@tk^=tzt{ZV{X|piUJ=r>I=W(n~CkToQh~)^92qBVYjMitTZ>hXr}uU@}aH zAff5k^`$X|QMir;K1Oj$eTXB0pK-@I?^f2(3>}y~#%iJ1hRYB~y8s4boN_wV*!0ls zSQg)$;0h-C0!8tszUES@k*bo;#~W+Zz6g9C_@VLZ#1`HS_(kANd&YXqr*D}Zv$QGh z(k}xaTIH!b9Tcf`Kd8^xhyDm%;ID;^qx?qwuJz3~#hQa}k5JqmQrF?IXxLfZDr zL(=2aZ`6SPVzQP00CbVfb2mC)*stubwVA)P8Ho~E$O#M6tzzVj&W6`fifu_PFYN8K zEfa6aBx8@uucvcfJL4Pu5=;AyI>cRHrsml4AuHFp>G)P=ZcL}5&m>xN!Kl9VQcOsP zh5RWlY_G5F9_rTKPqQx$<$ma_Ww}w{JAk0$T4FWroH$JV^N!afD@H^jY4(R6Ej ztLr4l&AVhN{{U!ubgdX4aC|-emsdfbPS&;CJA0{E6R-eIKc#)Q;oTYyKSzU2g3wyq zC(Y&Hed@r8zJ*PH#F|%zqKw^@LdO_x0Io|^_?Ke#BJ$2Aju0}<7|utnYY5oGm#H%N zR{sFUc9zWUr3GI&g72;kk@s!%;t2OPBmFLEOLEf4f%W1wP)|%zg`KN+bZHh=ZHPCpo zOTLE2883$QmN38qGRk|?lCX~me+ePf8fb)vB(@!i+I_QHI*qiNL{J<#LU4T--lWP% z#Ekv9)I~G-xz0blD)T^zEKyAHm+#Laqnv{FuM7=s64^DnUGM=TIj$9?)--#$E%o~p zgs=}2AwN3yIPLn@V+6VTT%zXMd4qJ?9OLq?lE+)Q4uGh4LNk$DMcisuHT+4cT6mQ# z;?*?EIp?;)x0uGEp~v@5KDEVaI&Pz?5Vkk6Th6CD$lO01(-UUBq!+Q<#}(_DCr&pm zaDJ3r#wAIkxk(d%QIzyGl+lcl$=tQYvb!p@{f0W4-GfrKgHHx~ADDFxIVaYjgBE>4 z;v8N;%PND7gz;0_Yj->2auOhOxDInctS(a3U9N78(kO>G00G8*Yi7^HTHT$hX>#c^ z-N*j`Ea#1e&-f6avPrKs3)uXdwJNGk!as(wt*qX}PXxDD7i#QSE572nJqNW*h^|}F z^x0tZ5-`k59>7S(zD0d~a(XExl(#5|g2S3uZZ?s)D+87weY{U}E!|!w0)>2j(iT21NpKR8y z>ZgJQb@wvCb7DM}5J~_zC#^^vDxxj(yP&t53|~c^W~Oq10U;ASl!#- zJTj~iqk`~Fpz^k+B6F4yiZKI_#7FW}XdC4T;?G2nB)u*nDraFeqq0~kjO^So)6ZpGPx6HF{)qS%x%<2 zyx~aAN#Vx5^V}-=vamS?GB9bG9G{Q8Kdr|kmqOVS4}urC{40@+O=AH`quS@35zp3} zMJ*14Otyw-*`7x7j~fB&Rc<1-wz!o5`zT|_rB5n0JqJe`g`S-Atf_GcLJ*VCfHU~l zmiUuX)in#n5ymGGsa?!*Pn8*{>teQ(;ro4N<{0kKv*)IJ*L$dVRrE`6@Z7ACgUTLo zD=8$4im;kYR`=;0?Ume4gpZVUQ_~gcak3DwT_P!72ONV^or<}_>-q{$=DN6%NIU`4 z@UBlz)9f_4B$#RHju#4cV->V^0;SiCtu0vFT(M30`M}|8m(?{Tyo`v7?_t9p2_ITv zVl5JAtmb=Jp$<<2cd70xu#7-Y%yzF%ovSIK7~0;OZ)d%&gWW|S1mJYfTF25fRDsfH z6c|a*C-kfwI~qasHI3cyxk%lBP27b)rFVL7h#yTc$qmrAlbyWdCbfd-RJ@LV#NH;m z)*aSK_g&}aY-Ae4(;yKjmgSM6Aok#z>!-Pq`6H!#Xz>-b+}1X_X_DMAi2VD6c^D** zp{f>sHfmB+n?W~FBNRPlkdK&Ijk1ovU_3wsS55#*0xV*ZS2wFJ}w$%iAq+k=< zjMu~-E&ZJQQSff=<51M@=GLQ;vW~Iy5cK1(YN({0ii~ZeGIcFqPL9^v8~Ze9SZt9T zWJrC*dxwPnF={>(@YS3?2hy!Hi^Kv+I3UWu+y}70t5G&lJc4f>U-*YuywtS`8adi> z-cWK?dVALV*B2U++eK$=w=#_9A9xPf6uA(jk~rO8QvTFW?B_QPcBnv!IU^i&{43|! z?&p?yEWC+iIpN=eK;ZFIILYi!J)G_k1F}B8wbSSpa%zk$qOud;HsnO_+yhMOrn(&s z&%qBF=yovc_Z}a<)GZ_h%*dD^gVWz1(!PuMF{Eho=+AMj+HRD}3~b{CR1?7;Tz*uB z&sO+}pxtV=k+zdF339s-FKl$G-vvAys(5<$R=(D6y!4o16J|Db7|-MSP|iun_WRue zNjzQPyX!``y3pdd^DkAS=Z--7=e>Hz?LXoF00jIyDg%TGA-blIN}b1NiT4;lCYR-pe6%x{J!#@#GQ*zaIYpg=~COgI@Tn z=Jw1;mtCbr@hjWb5{sQ=m;m^c*?7UxLe%gD$lLvL$3l2c! zb@#7lkKxaaynEuUCig{4tIrC+jBXv=uv~Gs@WH5WTbrs$9*eGi%bpnV6lE?h<=dNv$uDRan*-oo}K87yN{VI4ogOk3*CEFu!)VM z$17qfMgtDmHTIu`yfFG+jb*7YjEUp``oLcJqA1>YW|45f3=%&q(vz~eN0(@y5Du7&qf2bo`htaHhxsx; zgpU2`b?=I)EOr`Q#huriBM|Qz0;2mb(Mcr#6hOt+FbWdYGv zM=gdR^1SsN@m)8=eFw%G*NLw6Yg^k$^py-+-r_Js#2g;9{h*wzaXu&h+OYBWiF7+~ zC(~L*kqj;SwBwL5_}823FCNVV*l{(;R%J2<3U)divEV4M`skU3hOn)IKO`w;F$n?rn7f z%GS=VR1TeUUiIORfSRX|{vheGzO{9Gc=JWIqLbt-KZ`u^ReOgy^zX-ihkgP0YvDaL zyhEqiqYcmq*QF+c_my{3%8y zMkje6#C-?DQ`z{U4K&(W-oz$oe%BYe&O+zOiYkYBqYN zhaJ7#cqnE=z9v#Z=cXyx&Bs&hUkUta@ehi=AH$`-o2TDuI&9A*D&5CSHy=(b;ja|v z{{Rp*ABwG{Yj1g_TumpR1a8DG8>ZDfWALE3B(y!3M)CdX-)Pz=?8;fq#p$SCc)#+4<)4f zg}KyhQDSs%3-lZg{p+DCtw^Y^q4Yd)Na~;x4hMcKV$4Afe%}|`A^?JikVzQ+wUnYt zT~E!gjlT|Ud;#K(ZFKw3wQ1Un-fTI1E>9#6etTD!STwW5T4>n<@q%-Tj)!CyQ|iyz z>%_|hbNCBZxq^Kf`C2b7a5jwe{BvAZp>^Xwf!`DCykp?aUgJaYKZdm!^$k8~n*u_u z(E5Th549a`bj5Z*zn|F`@Qsb!QwJx<~h;x>2>VJ7JWMp%w31 zCG47hsS6FulldCXO3ucI*)~6B@n?r@q>fUA02>4DupHOQf3~meeWQNXKeDgHFMyZt zYPy`zwdR3$C_m^o>6VFs10Zh5IPAu`YerIojCbk!bbpf*Kh4|YN5fANd^^;9LE+yX z*~_H((?Haw(zSbO6Kg>-Ib5G&06&d<>oiV^B+O0@c?UJqMyircY|c7{Tg$PDU8MII zrFN1?83uL}oDM5&YM92ZKo7404@H(X2JU4qi*8_@2UeuC%+T^0He^8;1;p zbDxw~`aS;u!6`p&yMNnn_D=Y3@h?==H0%EW8tK;G@Q?Vu);R%dd$^9><$A8;hsR*x zb~Q6v9Z;7;^nXycOE#7$ANNO;9YGc6eku}PS?Sld%*m-(Nu8&V@tp8Sey57ys}k;h zVtiikG=3cM)!v18k2i)qL=DEBa93!xn>l49dSL#w`KkM7{1{J(zYQ;3=}C31=_J_d z$t-v*gyK1U$m#eB&IC;UPdsJeTfYN%v&5bhxiZf7cO?+FbR#1Mxmhw;C>s?0;%mAu zsmnE~U*{1J4lz~m@&-l#5y zKLbG0EUOhzs0kG>n6qveJWy{P2}F`^3mlG97&z)amG!6WJ^N4Vf3mObFW|o)S?U+I znjOu|G2i)F1mNR1=z8<)O$SsN{*9jtzAktJ#$FQeU&WsXvwy-p;+Bu?Z4_iJt?MY} zQT!#aI`ujA74=oE^!HIs5r6dCcF!Fo70)%gHZLcccOhu9Z6-`UKZUFF%l-;e`yyF> z(*FRnRDo)&X*L?(rr3({+p!&4d;3?r_)2{{#5XtE#))FKcMikN+x#aUwdVUB zS~ZtrvbWJStC*zKU5&FvDU7Cby?uWn`qR}Sx`F)0*z5X{Uqytg?%A9**HV(mfy(X= zjx*?Ma@FLwT;t|7>c?Zxu=Tu_+1=Hgmg=m;(__}|gSbnUj1mFor7%ZrqshI4mJ<_! zk=~&3F12fJvcIKUFdlRx~OfUySEW0?>z8*s2W3} z(Xal&aU3c3sZ{aDBv(J--6O<0t;~$p^4mNzup9I8fN7*}7@n_jso!XjBvOGaWpVSI zfnIrYt3`Kyv8*W*6Of{YbR%(RHr`5xL}J|3*S9NeG-0L>85uY|YdN+CHSVg{J77Li zM2uK4UUT)U&_|+QTTGXNW|YU3BeQ>nXK|i?so%?ED#ZdQMf5o4we-u8e{pDT;M^OI z2Tyva%b*^=cj03On{Ht%a|;c?VEm`jxd+puytKP(g?m|3g;rd0Ju1|VqO>@>DCD=6 zXr5IpSna{b71l0;Ydy4gS1y81yA<7;8Ha(4KIt7)vT>6gS9 z+?B^TG`2c~UL?7iZBZBPEt2I%0~(n|=FzEQ#2yClzOx19lj17}ywT^4k@kJ`$l;gV z8u?GeKe7&qq0F~>2aJ42HlHla(!n9+K|E(a<6Lzqr@89kG4iD((dcn_%i;e3g>_F2 z{3`L5u|4LIbgK)rgLjf~fLNZD^c)^H*FR@(6!=crwQ02v0ZKgmHu^bBi&30~&!Ml* zbDSqFW|qh6`3_{NK_61Z@wV&6tElQW9wN86hV@K$R`Hzf1a}=eel_qX?Sro-ov(Z< zvyM4#;Y+yK7?bAOatb%DIsB{U7up?Bvbl}Rz zryV_dR=o9iA!yFv z#DIF^-n{3=9uXct)2=jKP8(I88-4MiKsSX0r@6*!ixV58(!$E;o_sNfQSi;wJ{Iu} zxsy(l(mrpT;U&`3g++Au)R zzAM75dmX9iq3o8Lr`n{R%JwKttBs+7&hKI?)jS*HJAdsI@QviZ>5-^5$2>Ch!9SH@ z7Vc-ubJ8ZZxwzg|eeUgw~iMI+2mw{Uv0zrJ*%n9W9+in z_A=~r-CFW^Ah)%ebdo>^A1DW@{HyF83fD#OW`dTs#@Qx{A?6{JZY+B7oSawbk#^Yo z><$}5k@IK9y;9FnffMalMSX4YPS@e*g*pe0TA$7e--NfDT>D5R-Nx-wv5LRZa`m3PDZ}VvBBKgTU)fUM2iOnwt>JPRzJZT$MGM; zcsw)W9Xj6X!s;n}qYxyS0l*(#N91dsqcgim>HKNov!eKqRMGBjr?I+)@v>33BiL7s zc*DVy>Y8M?5y;lpkPY#o5~5+~aa`^_4XMWJ#~t8(TJ9wl_pmjD>mf!$e(pW{*U%A7 z75ovgktTd|fsC3Gv7@A6YIwJG0d{u9W$G7cCYe2}NaQ%!SF;LdJg8jo$M_|n-fD5` z`evhjr(CbjZIJ+l+th!NUq*Nn#l9f$kJ;@Wdx_F40AxIUIIWb9Ibc?&Q{%rI4-^O= zRGJv&b_l8tGuQ!MrQjdgC&6DDyc4TOVd5QA!=DjiQf--ekJWO$!6yc<*__qVgl*XT z>G6F2KloqbUljZ@@y>+We~PrrkpzPuE!;$9WsLs-b(fm`F#V4FTd(-@;Ipo!tXyia z>9_23w3R`7QIZ*R*BoZGr%3tSW-2Y%`zpg!d&F12iA3EPKRb{WM{o& zQx0{uDI?bX(V{59| zT)&dXbfSC zt7wBw)2?2^#&I3IcLNB}L|6hr?S;*MLH__BKj4yI2K;6FBKRN0{{XT*{+RwY()9Q> zB%bc)&;Hu|*en`MoJqT};PcYEDPh#Feb3LlTJbX-!^;U*4;#XD6leY$f1ls6`T6@U zcyHjZ?TPU(!(X$<#gB*H7x-K8h6`(rF8cof$yHmsh(`$;jA4&0f=TKD>0Br6i~j%w ziT$bn0A^he#Qr_-K9OVb8^F4FYn|Fn!!)80bDt%K{DGW-o}Z0e@JYeA?zcX2UOeJ* z4Eh)h*|$crQcd*cZ)fG(Zkld>Zukqw+N1vfW{pzX^G=HB1&UMAWawjmM#wx@sCbea z>&fHPZ&M` zr?pPG+IUw>yVq`h&!)iB+$tGL4!c0-1HEAUOt`hN(TJ4_`Df?jnk7xz{R{SomuV^I z#0m_l8RS<%5_t}QoH?wyN=)4HjGJ(wRl4G-Yd%H2ish9FIQ)B1yBo)2KTCf$J+ckH zoL56-^4!Ki`BlL=?lVkhN#a>_jY9S->kAgLk&p>c9IoNqdsjO=5YH2Y+v3spqX_sZ9-zo;&hxOvWKK}sVs6PO7zXj_*3Vu9jmk^tcOf81342_8x z3~gog!Os=5rg_vcX-db){vT*AV~lNGz+m&%yLjvsH#MY&BbugFQcJ zx}MXf&QdmtHXdIfp1Xxp)%+)-TrmU;b{*?VW)-8<^Dl{>5ue7M4AoK<5^5I1?Kbh_sQ~1U zeg%Bd@WaHv*mo1lacq~iGsWdfk{)AVdwLK>by8=<@dX7Zbac9p#19czc#BTF@b%={ zbk@?W(aoGIWB3U7uiP)$bK{IYJkxZYP)!ValyPmng>a#W;jlR3y-HKi{Pz=1%=-rY zZEj~WMF>DnKw(}_@hacNOX2-uZv{;ZTKrKLfIlk4cExNeM?2tui#{*$AHxGLiQ=)+ z_4_Mn!==PKcCzFa41dox_$hO#&8&Q8@us1D1+))wc;Q)j-L&9y@7B4iGw3ifK9{hP z2rM8M4HQ!J9QCEv5?QpjNF-65h9BM@mBCRTRfe92CE=|C3kYfJGSfDaL{CLU%!vcFBO8piVJ6XL;QWm)|9F_$=$Yf z78+dFNwye+MhFLv)z{hSFjzni3dx@R&38w0#IG$%_qL+)GakXb9Q3Y2NQ5(p-9qz@ zJ66Y^Q>mf-pA?fVz|KIy9gTGHv{2fV1a!_1Y7TaCa_T!Lby&g2JdU+pW`_Kk3`QpJ zfyD0=5?5$-o=24v($8`xiV!r9veGTBC1R{!K@8(;s&()O}hb+ zlbWc@xrCk0YfHFm^6?-i13AZ9xp!eJ0uf7v;~33qNyc93vc;2@VbgD|Wy2DO3aS=R zai2;6?DV-z1fc=OKJo2c63WuX%-|5b40WbuDHGUF7Q&0sff**9C758$(;^RgFVLIx zIq4Q9BqJ7V;+f<*%H+01AqzdPlaDP6Nx|ZuZ6(wMO04j{cVvnh1ERLnZA^_N!iQoB z&%IA^a}i{bNGQEQ9cU+!9LA%mTdZ%n_W*OZ70KRS3#P`<{ zmF_l&*at`0#S^@VDdRz{G4-rVSmYdRPT;GUpzYq+z4+S)WBT0_Ss zyo%KhghL!RcCumD$YGpgxUOzb58QaaQyw1hW|^q?hs1Xu>fy3Y;y?D8x+tiIrrgKr zSM2fs00iRj#o^JsU;9RQku|x#Nv$+HDGta;ImEzqB#wvrSLz;vqS^RIPLsphJ)Ne3 z;f0fQ7V#*JKpb)FT_$d2J#*qFtD#G4rua8W)pd6&Uw9EqcRJ z(jL}L0w{I0b{=$rinL?Y@y;o3{v+wSL@?QE`sSH!s5<`bLxwp6p#wPlYU!4vW8|-j zKOUdLw)(cO@dL$P9q{*rAyQpM!Uml|?78d3e>tDFFZ>nDMYh*w@c#hp)S8k)^0mF* zr#Kr}jtGn%aqnJ*3S(}^;UC0bi2gJ9ovvy=B=M(-HGOva;!x!!nCw6aJTJX@=$Doe zsZGth73oGPXpTy?tU09Ith-1#^r*ao%17NJ^Qy7u&UY9gG2r(n^Qf94U+4S1XfiIx zZN})CPE9+?o=HFj*N{oaYE9SUURO9%$v>sRX=Cpz)KAhtjzXj-va- zH)q2iWQGd>w!kl%kgCYT-G?T;BI^2Py=leFvs`C5-P4}pkTM&cV*68y@pWk=f_2G{ z2k-v?g>c$Cvfa%D4VdJAn|C-q)EV1TroLStNrA3pxRvk0$Ckfz*B7XGj%lpsX=VE? z1G1b9eJHV^=C?PeP@Q1Y6g=7BvBu+EKE31ZJK<#Ssra64KUJB5D`>KYWj&OEpUSq3 zYzM}l6+dc^8~Ez#{{Ttwy}TX{@Vu&2tXxf={B->5z%rew3;@Z2A;r%D;n)1J$Mz2 zre@^NqHVNwU>-tx;|*I<+i7+-H*+=2Hn#|cqu(8Q zZyi4>^NT%IqrMQ^7^k)*0<1c7iquh&^$&rruB{@6?DkPQG0(}^SETA1m7LH&nLL*F zOO{m!8>lavL&|(b<2SgsYXNrA$emR6`kL*0F>hrCgQsf-;tAuOH?|1*dGAd!9GM@8 zZfzm7S%^#)$RKnT=lA-x^~%R_4avB+3yq}b=|d6AUF+8dKwL2WS-T7T?3HL)S`Rq za{<1%vb;~73Y-y&t#NgAsKF1~CwcB81%6|mlnpHnT@ubH(PWUSl5la_w4Ui5%t~*gOULUfgZnCI2Aa$sdu~Ci8%{Ib$JjfWdj7a0q*7E7F zK&Tuyn5U%|H7&*E?P#P#+t)3|Dp++WwA7Oi9I+AKoKp)4cd0=woHr4alpcXP{cAGb z-g~K*>NAXCh(6R97oPe^Cz4!0oCzck;x*M?c%d~7I?6GpBut65_ly(oR~Xz5W&Y1_ zB)6RzV`0G^Dlo9Jq7^d4I^ffk3W^wJMLR%Uoq?s22&aXR7BBVbS+r@)jLG!fh>bcj zjO20Fv2HHi?nSH%z1QzApsZyZ3z-@b%JD`6Mx}F;z{oV+V&db(R+jo{k|b2&Jh;>x z``~l<)xi{8hvCMtr=(NeTw6V>DBB)>VfC&<#70di581T)nHU^qG$eg^y(>G%Av>q0BPTCc%wVqWUl`8=$3LtccaE5wPn2v^W@}asL05U+Idym z1{TgMpo34jf(D*gBbpMp9}UMW>n)o}C<~kez^xXyATmsUe5V}u z6?O?D0_RTKIbw^Bze=GE>e}2H5_1DDr3QSbOBS>>S7`1LdI6k$<6NhS^rg0$wG$G{ z9|MKpQ!2+5Yp5)<$ryp7bjJX2N3Cq?vfABgsc$v3EJJSdG4mg9!jYn94!$P8(x8S5 z8<+AFm1Sf1g=tz}S=_jgm1JN`0D2QZ&X-Mw*3wnENuvx;$&=E$WYs1p?>L6~Gm*58 z*u`Z%z~U^G?B^oZ+`_FflWMP1n)RJORjlHpjktJ)Js3u>S6Ez1Lzy=UE zU#I0){wZtL`kk|BazI|yqYD~4g3%M-wPzy+d>!!vK>;GtEbZ;5zE=n3Y!as(YHR&6 zT^~r&jf*wC^8*_xA9n+T_=+Of<2HDegjeh0nc7l9DuMwgZzqy_cCWa88u$*{_rto6 zh_7xfE&P=8737oU$3HGPIjs$OZnZg22k0IZK0A+5)b4E+iD;qo4iQUn_3Mi2yhZyw z_-@a{y0o&~!KBPovkpAA<2)R6#b+tBRCGRZ@gKv|FXde#Wx2JrVx!1htb_8dW5iJ> zf-kgPcE%U`R0w67DKK|?`wo>+k-sta{{X_D+JnO0HSk8S;GIuQu!B~L6-U~|%I@cn zOz~eoc<01d{ujKkI#!hQu9w1f)24cMhwzqLOTP;JqDj+GGAzO@ z;ITYl=D$LI9qYag@N|}11a|KJArg!;b%61mzmev&I&6&Z+LHIhy642NhxYO6T8*ux z#kr8HMjy>pA9p>o&3&)?EPrF_KMXuq;cFc$ZNko8S!CeE<2eI8GEeJJqwbhZ=y@;2 z{bYC*B-8avdy9EmOeWrq>HRC@y=Pp!*NU~Q@p*J^ug-QI49NvS*)o&rE^| zVAkW)=G+-ec_im?z|ZGh#-roE5cpH!?y)+FE}5cO;0|zilfchmTJ#)bbAPk%?L*`3 zBg8Ll<2^B8(p-5TBajYGJNK`!JVEY65_d!uRksCyv}O zuRK_{zA;QnD0x&q^Cyae-+VyV=>K-BRlU(Sx62YwmV;&IldvvIh(04r#;10X- z66eGE2AAV2OXSqy^COXN5P)M0LgVnR?jY*NO3vb%1O4m$PzwVY(a z*E}2Ir;R_cwflCkhT<2xg--s9o&o3Ao|WfN>U!3t9pYXzwrIrpbF%F`_a9GM+@3@1 z-wXUqv$^n=m8P(Y>sz*oVM)NjUg>!e4+|-^INe-^Jp=Y_4B>7IhJMErL!*VP7c8@sHyl!GDPt`YifRux;&b&)BXS zCINsv?c3Xqwa}fJNut{5bIxUNy6Oh#|OAk|+aY!@u*Ycb+@Iva4EE%CkzA@_M(%N+UQGsFPHw}+R(={67kYNdUvZPmjdQ&EAFW*Yi}7WAeJ6)} zQE{TCldV~<5=C4%;~dhlafz7)=858jztkUAj^9{`Rf1!gAB>M~xvf2aUXNAqh3<OHkDfMb3S4rmJMKVEN7B8sR=A$l*{8R_bvfi#649B@ zWBBd=0E2};WGMVC<4+HM*B%J)^m2F?#tRmU;_!g%vDBC4is{E~$~Ke2Yc%saZ^cc3E?VOeC6qexicNzOV{Q9{bwmBC!&0C%9J6H+bg zj4(HK1d5w{jKNec!R7FlAETR$lk`u_m`00c_?xGg_pf7=~ACF1+_wD>de z0i)7&L@%{1uUPGdVloFMnOOD=Pil7P&XkYzAdzjGNSIsBx5hPDV3AMy*qa4U%I=v^nGa0X)0#tOTLSf1gp=dd=CA+&3<>> z>QZ0o7TVUXuxh$v#%y(Tz+p0DZsY1kGtF}+V!3XAI=}E!KiOeE9P9UdlonFO1Q&6D z+m&!ZJu**mUVUYw1L)5R_@GA7*=n}2UPX?qc9!kbSI^%Pbk()i<a-J#C<+0SSAZv8BQrnRB zbv+2K>95s%W=3Zdu1oQ1%TD_}TP9so8!U5garF-<5=G0o4cb5RfOmVcQ zIODOZ@o9H2X)dh4bubDs!Th_{#$joy-&(qhd71~t4m*n6x`nTzS9umwjA!1R`T=Uk zPA!HmLH_Q4Q&4IVO%&@GEgAk24Oca`H;%>aH%pduotXKOoD7lFd)IlPOE!}v5-^F~ z7!VtgQrOII7Rhk;M&{nyBGW&Z?6?7bg1K88xK{0L?v<3DK_ZYFH+K-UBoXqCoOG+Y zJHaH1(Mj@mKC~AN&Z|V%BhmF#x!Si#8!D~S@vf5l$69^0{F;Q;Hjw$5%u$Rf{3}Sr z>5NPrSH;>Vi7jVHH2Ca79IjZNeXGmJiYdgZM&NUhI#A)*e1?pd$skgaeBkxPXI&ea z+bLy6ws?H?^B~nNG-t-%zKTFW9 zFD@9(4(PXFF&yH$4;OfM>=qHpq{B3d0U&3sS2sggw0OLFZnrDUE(1qy&4IWc4QE_v z^2;%X5h6PEW1J6qmoDb2I@sFq)wD;%I(C_=+`rhQaTJ6ck)Gr52E9*P@a=`Pw-z?d z_KRS|M$9^`Gf2k9HLt>PsoKb5dwVDQ<>bIs9;UpSJw9taPD>xO0U|j}uK?3_DD~YG zz!fafmF}Y%IXty;-x9nE6EC_;urH^&JOE@F$I|?X@VZXI8b9i7b(i;b49L0M9k^nau?#rn(=Y z@a=wCSp7BDyaDjP#GV!KUZvoqJ{|EU)q9JWSg6S3YmVcJ{H^_^bdMWY{7SUE@ipXZ zmUoG32E&DXx8DozU!7tpGxcm7uM_mE;hvM?PXPD_P4UHsx2D~t^g&INk>^G_ZcuB7 z@lS};Sk~u{UAvxmZesG$n37^|UwZT98zZ_g=#Cao3F6jGcKX}xcJ|G*N=MzVKh?B5 zn@x90@uh{#-`SBxQ^_ENSiGg_x2y- zQT#plhhsc<8fLv`bN!@>e7WNXXzPGU7(J`WuZGp0#THBA?-}csItH;MGPU)(N4>54 zN&(J3w4VYj^uHO$t?IrNyo|q)X1YK~+DB#sp|1|M8CplBNuNU7B$_Uc4e4jpUP7p= z&<}sopwsVHO}tH0X*z@_`7>qpS^xa=$=B?it$ z2TUHPit?`t_;!C8>XKVcA|AA5-n}TqA^e+4O|AdT)j_v@qLS z<{T(H2VZ*mJH*%Sy0!KDTr9W$K7Rc)bi!tlzY)eqA)vyYuP3 z&h|e&{AJ7sP8#UKrtKhUydiV1R2T ztbK(H%AB@67Ro2OfJttiYWsGo$54+?x_f7wMKTPs=b$x&ndnBMdlAQd1yuf>UCvt5vG#6}@t?r|0JIjJ27%+P zIB8!IB7_8oIkfC8pa?0OKzsc3ZGH}D6G z^f+y%yR;Vp$^GPKD_#w*>TPFmEgy@O;kR`BDDdct23_7sKBg_*+td>dMImuF;@i@s1UX4oS%( zzIgqI{xoUc0`dOKA?;X8T-mF@_f>lDXiM z^u=7DcHwaz@=W>9_LcYx;ctlF3Vcsv;#e(U)pW~ey3(~V{<0SXg=73n_32-b9|`Vn zqtdM`Z@$f`2+4_?8BUpsp<~?yeZc6QAxWI0M_-yD8PS$L8Ew zk>T-;(ZoSYJ(@n-`2PU=F>5-bm2Nd{emvIIj zG%=CZ9}Jd_f53fL>V9);U$hUv-x>I`##;WD;VYjAwx=7*CX+k?KeO-u0EvLW+m`AF z9M>Od;tOvRSjKE8jig3oF%z7RT-S|=se813(ZV=7*la8?^<~YK|@V(Zbu3FrEmS~Puf&0VKv%G!c zZ}?1Z=D8^nJh(3y;1l19)0;~j)a7$KO=Px2kIGaPutXAJ!Q>vkm6X~#sk2T6+*G3- zwT0q0XsuUruKoEQ^_kTNp#3FbHr+A~4RnKKaP0@>J?OCID+{T|b)rvYZ>w9}SvAyN zb-9rUS(DXILs7;Yu#-P1Y(HWV~(D+>QGGl`#GoYS)Z}rvA@EP zi9S8?RgQ&eq}#re1FK1KB)e5(2e>^uezl|j00r5P;f|-_AA!FQv~4;IUmIy!tP)&( zoZ%MLP=-b$u1?%~el_hvlvN2zd%IipKPt>KI+M?^xI8?xT+*MTR$s5)kHSqWNc$|t zNLED8Vr$X#^^zP&NYB4|@h0qk-9`-}_kn&mj|KRlZ1o=u%X_2!swP{QS1$?AB>Pu& z`%7xtC&V8T=)N-W^1^RngKUfsGAAGg_r@u6qq;oDnrM21Dnq%6Ki0cNzj@d!i?uq8 z4wVv-tW)Z98jppnZtext2(U^?-dCd^Qax+Vnn_{3xV5-L9lx372PcImp{Y6QogSO# z={k&>W%Jv}`*$Owh7LO%k5P}#y8B5WGPYGi8V*TIp|BLh8bCjGI@Ub%?wNKd+7CYU zq#t7$yQ8tu@4vI|EU%-943W5Ur=tPbk3(ND{D1HkpJU>d_=oWS06?D0!`HEsso6qu zmec2%6m|!%<6A+WHJH%4Z1LSSEpL3Wb+xTu19AQzt$hjbzrVJ-32lXu`2Jtt;%?@jy41jJL01GrRj=1_@ z*Mazc{ykq$g6M8#KBEL5aa=Qr^;jHL;+fURv6Y4x(AY78W-Sc<~hStFYPUpeQccF`p_gwRvclGEJD$BoQn}KgF+47QPLvpyG@T~e#@2U8S2(~m&9&vs8jw(% zRG!`H)U^Xb`U_j7R~}Geeqf^&$m$w(y|vJ|f-RBYWluYgtzS9;mf;KTIbPM$T1^B| z%CF0jfmCNUWZhmz3#y?B^zT%s)F)L88+LmWL78GEGcx>vN$=@eF|<(5id4!wka|!C zv69hLNwfzT9XkDL?x`(>&XWvLTSm7TELe3T(vy{jd7adfTQEn?&+i(gHm4~o3~cN= zigyHx@L68!6YPvW{Np{Vywf}$_WK&>7Wum4rDr+VxWl>DS@=fUM^%|Z0>kFbdQ=j_ z;e9y7h$Ocpf$y5&s_tl!4UVg7OL?oF;Af?C-XQpe{gbHa)*5BBm)BBA5JL)=k%{O6 zj%$(AY|;q()8L2fh4CljSkwGN@hsnbF!+4qAV{QL-!E{h{35?!{ttXF_;2uUOOHbM zUEs|xMm}Gb_p?SMxttE=k3xHj(lN0z@;Vi+F3&6NiI5qzz@h(64~q;WFOcTvFZLCvxz25sgb(l z>s>{p(n74)2h5d*2=}I9*)K@B&BS?-*eKy2M#kUt;-sY*ulbE;g z_LT;;KDBt;^=XE}**pQzVyyU^T+;NND(rZfn#)gxcO=jZpIi}pCRI{2fj z-r3H+1=JHw(f(rh_akF%#z@C*Kb?LVe$gNBQ{N5z7V$>0rubh>(S9I!gvQY|!?9$7 zVZa5t4n=lSrE{Z{{(ZhZe$*cre`sx2QPlil;wzggIVK@3Ez2ZmpWQ2*AFX`ZIf8wH zMGv=tPg?b16%=sSorJvI&H3*0^RB)ZE_Jpe9YwZ z0D9LvrPR`zKKcEcf8d<|02%)PXiZ;C`_z7x)_w;Gg|tVstLBaSjUSM^)_ zB!0o)vq$WOr|5dWf;0#`bK`?<7ENaK7iDAA;EoTsVcxv@_4*yu;(mndy7Fq!!1~ql zGpZ1fMe>9mfky(oms7XB)I5nSU|Ty4k@9;9>bguf7Ya<55#xch1Q zRgO7dtp;+JL#DaYf6=74zPLVqH*xD;Z+EIk1d>As$l&tCVuDk#=bERAj3!J-E~FXY zoPl0fta#5$jV^AyL$4)>1eoDaNh2PWyiu|~N%)2POx#;VJ(q)-ETAOD^GLg-bsxl? z#(&Oh)FhPJv!m1z{y%XK^;0P+F2{Y`r(>$DPla;)KGZG$0JLY0c?iNh z4ZR;eA1K{R!r

APDdhWHZ#)}M`mxA9 zxaNYnMz*=7_=@}u65>746wQtGjxS@UBwQMmwAiAE54QIZDFiH)>~U*H}8{xN40mlR+(dUr@i!= zjkfR(QIE~^rx{$&m7J46^IfooS9WoO+*fZMwSll$ZY-g81Q1E(Pqk^x#Oa$lcB|pt zD#g<5NxPuH;8!22wAWWnG%g;{<6?#6f1W8=mrRmZxl17x$eGVo$n9K(-k`QqDMGqLfb-3BUgeunKcM)72lDygbav@ypAr?pgc8CCo$iDb;4Vf<^0l|`zwV5pRKC#5+{ zp;56>q_t}nX(WhCpH81jy`sjKG0(W4G;}!YS++|vwJCKwSt9czN3$wU=IfmHu4d+Q z71~Z2Jk!^X)s&sYXica`_DPylEQ|;xYmU+H(@VIOAl)i&-}91K9OkMIp|o~AB3}{Q zUoxP)7I5q*?{}+5SkYv&n%*r&%U6^kS6GQYTM^gmTHm2a^2@yvE6ag9G?6k$8Adu0 zUH+AO1%}^0%R`Q&b)*KJ{mq23B#I(C$6RAIjd^wDB!UOoxDYemvvcfcG;o&E-CJCi zDkP9~KjB?wiLKp7BRWDAS0S@W%*@cU*G1l;JQKiC4tY`E>0OlSlj&_FH!6w;M(^~h zjK$23Qr;`1xJG7%OK>rabDHUIwR;OVBWpWh6XOl@edFs^Gm`scm-0&$!whrZr`EY$ zPfxd56&ah#1J{FB4ZzgVd{KR)PSL|7yc`cvirBi<&B{q|nBAP7D^M|I)tE+qdhVW> z$u;7d?~C-EKK@Vb3)5)i5+jr4+5zO?&{B!+zYSYT*I~1`hf}q=v6W1bylxIL>s?oi zJU;i(h^+48dteD*PC2M;+)gKs#RFJgG%`YWD{XeiQCIaDA&wU@#*z#k7}X+DvEsfU zOSX#Q2(0!JK|&8Wr~Et6ZeWh~OT9{W4=HtyR^mTl?MX|aSLk|NP>9EpJ{-UkJ;ve2MxVU*G7%a7Feaca}hp%2iEKj->0E}R9ir^r)wih5706E$N z9+Z1Q`#y&DwW`N#g-}5|pehgyH5HN>bQY^W!UA8O6JiCTZz9XtpnU%Hm=2kEKC%tK#?U^GK-g!sOP`S{2Sb zAF;T>!Z6N9tya~wb+&+*rDu<+P&$!RZ3&;1J|y^lJY}j!;(HA%Pq)-IkmeWy`G?nz z{{a1ZwFkpb_(-h=mz*N!u$ToP4AF=A(<^yuK5-x$w}1 z*G{@riTUAq;E$yRU!l-jcz)tt8XZ;M<5aduR#76p2?2uGH$}-2S1&AZ;QSF zcq`*y!yO~US~j6=X|2l6k1Pj)8RzH6Zk3L^m49^b4G;Er)P57odv#-Vrt8~?k-o_p z18V2xC)ev(+W!EGhN|k@Vq`S)1%j=GowW*ca%5C zPhNjoli(kPye+E@Z%Mt>*5>6wyNt7BtB#1DfUIq}<4(u5#qiEA5_p;&D_FI=HqfV= z6!<%F$j0nrKHl}#cthb%f%`sqpTr(AR=CvsEqJ8ds(@T62P3{Y{!}R051p+U^Zx+E z4MSe>H;MG!W8wT438%yv;&~TwE1nP@Fu;#vd8RuMr;kmv!E4XE&aDRw?IK_Nb;eQC~ z4S6NN)GZCWI1UHjUrdimh(Yx-aM0+yRsE@@ww+)hj_S%uHZd)aEOp(F!}Y5kI@0aD zLEyV>HU|-~b#e*o)1SbKdZbKaW5oPr;olHh>2{Oo8W-DcOoIoSZFAx~J#y+>OWlrE z;eY{xfx!N?;QH&^$K%a6O1Pe6(_4IGMgd&*C)iVsEo@ggsp35g!uCma+Of5|zqO5I zgZPJB^T!qBe-S)K;q7a|w%=p4w6@k_-La8&tAaRU1#F^Bn`aI1Pfqb8-dwfJmlHtl zpb^&$NnMJE%k5h4-8!Gbc*S4oUdg)x&3~%r!J&4&fmt`m5+;4 zSJEcD)9n^@XLv!vlY()9>(ahb@NSKL;f-cDlf&)hB*l}%y|?IwVaD^DT?d zwKG%2ek*(*)O>1-sr)jxlFt4Z2)cqSymtzt?+<)e#gKS^#yT99HoCMk!!q3d{w5i3 zFLyZur6Kd!_umw0o)5W88+|GRYYeduH6%NPkB@ruPZ#_<*SsSKhP+Ls+LNSA&KZ!8 z-4J`zNQYFzkK!(|XR2FU&inI|kT6gA&2>}TKaMnwR#b{B3$zF3ejUy_sqSl46E16> zEu&m~Lee!@bSa-#duK9yk|`^}3vS#P`$P#;~#=gphHJR%3F|*zo6vVEap5 zM9`UYyaINXImQR6u8MgP^$;yUM^m+w^UY}m)IFi#zB2yD@duAk&t<52fuoPii;pSu z$sbz%a`;8!jWpq*W=u__XbJgxVL*|&MDXcjY76&Da%Tw zA0RT5f&ewN8KRB#XXsDt-Qzn?5ZFoK_jHEx*cLz^A;29m>&1Of9K)O)(SzHyT%E|} z?r1Hi+CdE%mfY}EjOM>Pe`p^7w}pIfb3KRI#)GIakyTS@Nk?C&70cA#nzo05T`aa) z@}0Jh2*+Cb&-Ot0k8|Pg80%gQ)g+ov2kKB_cuRbd$lPwnzx1r%RL;1{#{U4tZw>0d z2tF-oo+j{%O>cXqOq!mTaTp*oqldxAzAO8f{fU2T{{RdA+kdkMgFY!*%LG0vvWaxP za@|{)E@Q&5VbpSRGueeFtZZp}pIYcTlj&Dbn^{b9D`YU@zO2wZNS-Ir*h;%E7Xk6m zpIXjQ1Lc3(%iu1Z`$zl*__zB#c#h5s%|FC?WTQ{>IPx!)ZjFJ*_mvy!pm(qHiuk$k zyTzXhykp}Jg`Pd|-PeaadEu+)(yy(iIWDMvSycB{Q;@@ho(UD4Ae5U=avTqt?(LCf zkcE(LW0gIsg9S~c0|DRKyCU>CrxB8ubssU~-lA0bfyh!lJJlJD7X=x-re$IZu?MKA z(Sm>w^Ug`22_Th&`E4goYU*4dX%SSD?@a-6J)x1*g5KQ$s=Ah+CE8oGF0tLkGRqv9 z`J-^af~0Z?AR4C5h_n3zKj4R-w*BYrZTltZ+8>OyskN_+egu%{TKKte(_LGS^;2Yh z?55sNB&(C0^ZPq{V;V%jH}2$IisY{oSnhd$iu7ppzYgj;9mEJ&f>7g;^fmc);_rj^ zzXbJ|b>_HTf8kGve2cD{DZfT%-8Z$@pIwL{{X^IA9#zxdVpbSWH(kzA|2*8B;(TpwW9T~ zNggpRvbOJ(s3*CkbVVBxH_2Xv9*3Pcm0Nr#G7Y~@^(3>$EHR>}RwRNz=qiltR9MVR zcnl9(uOJHGru9Db148+v1A)`hrHWS|;I=!^B6ULiGYYV=6k_QA053ofdJW+t*Zu?i zZt)lF@A03(KNvhNmgZXvsK2yha#dx6a2uN+-RqkF07qZhx8t6N@o&K%2mPhIH6^X& zI<1Ainc{e??tI8V0C{%<>5wvUfLE`0p2ut%_ce~c9J<_|7M!2A2u0nTgnYLV9_o4? z+;+&W$Rx3{%oH8Kd5iB{b&;X+kL|7dG}`{tU$g%Jio5}74VU~THlejI4$nFQA-qL6 zO!iq6yl2_HtNi5tG5jUJ_&M>a=fk>Bp?laUh z{{Rc!NvB176i;&sMZe9AWGEd;uL1GP-iMa&%#!xin+o{g8uPEMnXC>IK)FVc#O|Sq z!sP84uVm2fA@M!0_8VQQY+$RF#?}}-8rPQRR3CHN^}incV9>ld7MQjztZ8r}`7^TM z!5HpOdirnS_r^<~ik}X2N7O7D*Iv^dt!@OIG>gUx`hopLZ$=8~igvNoLwM#^5w64h zt1no;xiW)0Hdy0zdi0s)RYltkk8TJ}L_^Saxuk4ii*_d z@8bJ>;#g&PkRQ4aUuw@=X>IPrXwoSs=HsO!W7|A64WdAe8Q$A+aylC6r_-jqLfQWS zM?7@tQ9X-{ta;aqmTflI`#uQZ3L3O)Eb$C#E~YB@IA!)%5h#v=UU%fPbZk^ zblk5UPrYds+z(;+U8Crc>WOu&PSHD!vJ&09e>&&BHr#1`C$ZE#B6Oy<(vcbd(yB>k z0Fc1-^r@NGPDkWq+PwNNjc;#a-x5IESIu4=f_`k*N2YkISewKWYf;=H0EgvN;5V=T z09w3!YFw=|?6P@UNuRC1vhR-@;xB@&W4?P>^(aO%gJ=L8VE%RU_wCPjX{dONTUoRV zsVdvt2-UDlC>dq1&+&A<=6=7HJH;O3`#5X5ABg-HrZ0!jG!0hYMb|8#`(?axDJv))LG;M)?^#MJ#*s&c+UZyNE`x5qDbvoKs7$6- z3UZClBzp9w_)aTrb+s#fK3I*u(!s#V80&*vHDGsAsC4=_hjkr6HLnatziPRf-G!UW z!IA#}xu3)JtN#G8guWc`ewp!S!q@7$cZ}XbliRo7QV&0e{{UXRYV=;VJLy$E#BTyk ztZ6oyywi(hE)hu}2Cf^&9u%L!MjPFDn|l@jq^Ng>1miqs*1W%|Uvtx?JF~JH4uPcG zY1)mwYSwYDp^a)bS6UQfM!W>bW=r_p8f9ORMn zy`GgYMw)13+6M&Zn&^HWc&9|syjHgQt?00`c$^tAz-)2);=cNe(KddWg~4qR-xoZ6 z9JbA8;q6un%f2$o$6!AESBqNDKB09BPNG2M2FGgI$ol-Z17?y(qb`f5S+o6&MKpN@ zWCI!e>f{jZb;-{;tenr%GRhW3uq29RV17b+XRTb4*5X70G%Uv_8Rr9 zd|uadkBc50vhaSU+D5k(%9v-jkgT@O4=kh}xX%^+0JgQ_FCF+ZP0_w6>iUO^+Itl% zCFIP^s>8N;A4=|p-iY{&=P#pPyeia+bA$I^Ro=&d_`~52r{Vtq3*Kp-9`SSPJ{Gx+ z;JMRpq7o!%!vH38)7O(T^)|0`z%8k!EPhe?#7RN%Q zpzfLU7wpsGKM(kq$6g)NJYPI=cw%{!T*9P>k#qA5j@Zq9#(ZG?kH2HDihdSbPXfoT zcq_#+TZOm2vzdws4mOqrj%rmE)bwYX;#A@6+PB)d_&f2N!5kC%f>WNXdmMV#XQ6nS-(9e@f_ai#DL`ex%C{Xwa#W{d>S$uUri|)zt6e|C z+MR~2r`yN&i+0@;FwWm$UYD$VWAP@s@ul4AVi+D*L_N9=E1696KBAtd0jSLl+>Yfw zW(0sc8t1+n+8DkkX%`n-l$L2G_`za!tK@B=Ntn7En;&4G7-~Kmmgh$CW`}R$4-Y%w z$h@+9j`;e1mGckBKL&V5#2QYc;y(yTuv|c@;@l9fbDZtu=l=k&P|>vsc04yglH*K* z4X-OixE%GbMqNhMOLm#%2*7d)#Rs8tV@%YouAyXM45t{|fO0pUayX?%O4c;8j< zuCWh?d{d-D_SlzhKG%*)oO6tEo_WP|#%{-*i>9R=51ssPsa$y5PF){XmE~M1aNod3 z>%p&|H9rM-kHgx!-o@eQbz6AAk{g9TD-d!qR~h#{XBU@qw9)!8@H_T`@m`r_X{2kH z?JtMhWQN{hlMCaWr?q`!;_uowOVf174}rB87g3d%%g}}$vFXig8umO|`5SW3{1*7P zt!nG>M_chOp{O|VyqdYztnU}(^9W!F@^SfA1RK+bbMU%O@I^OJnWrSKc%^`7{RGTo>;)*Pxps<^r`Bs&kqG%LUwHV1NMmj0D^e< zqvJ<|d`0_4cn89Z;cKl16CR*YY>QXf^E-MB4*vkozcG9-XC{>eyTxzzRBVzJw{!LH zTzI@Smow^pwn3Xv#MP-vl&IGJM+^mg#K{D4R-~fPbc|VFg4dGu0>socJ_j*&471!~y zk<~3f#=%%5dQ#eONdIg0+#w#oum;(7!iisk(!e;q_t2&>;S0i zT7uLzB~VLNw9ZPX$hx@GCA@;qSFyC!tbi!c%(=>u$Oovc&ko+{{sCB5!qyLErK4sz zw{F@qo=tjmW|Fb;*_K)DWp;gy@W=M<_?_TK)O61bt)`s~+7CK#qi`S*l{n$6=6{Ob zHt`R{U3*dSABlB~-EUByO~y-!3y?hqdRJXcQ9eJS9tqqGM5=K}u9@WXk}K_4m@O2BM`M5i>Cfd|wvRpa{+#;Vy|m9{j1lBeN}=tO+od*nwI!~H zb#JRA)yCRX$ z)u}U^6GG_uvsUOXQH*Xwc)#`ZQo^+Gg>$xVaII$09yUx{f>3-2za}|9woT( zuCHrlu3AC8;+qULCPxaAC6xi{{U%CTgN^$);uk1eKeL9 zmomc|zFApR0cH2a_4($4?G4BGUiDKw&o{_!PM5r)8TUd zSfeZAZ;S2xC7|3iYA3#u-JLS{Dm_O(TKwhIntel6xYo4-vQI8N(1RQb^e~G{pUi(s zEbUXn;quto-MPN%-t2z+%kDP(Dd9V>8R}4JIyzoJ9#vT#7nD$PdB<=u_}A+vhI~IS zg>>spJcdVAT&e4vSG__yAHw*vxYO;fbp}^Z(YhXTI@ezQAALgE;GGDUA1Ucwa9vL# za_Vpq=@(JlO=9cH9jpG=y>HrhE=Xia=Vd(fKgzT@T#ao@Pm0k5YC>cR<#+i`=;})Y z*R=)`k$MT8!!%`E91-bQm-oT4tffwHc*O<{j)jY0p(@^@n%1&3p_PdPuN6^^%;t%v zS>fA-%y{XJezm3H%j+9mV$S1Ov3*NTSIm%xE4+GSbgJYsIzJM}qut)jbTK`)noj8B zk+RA?397njXhdoxVi(uFLj!bQY@B(}s04Kas@}A$BY42s-jR%m9{O0|DudYjRtv9~ z?9a=4&`EyM78_0hjeSKr^3g67?I5rnF+ioU&Mc8eS~mbN*|C{hbM_v!v^Fp( zeVfdXJ0?i!#&J}HQbNvT0#4kDpfv4|+EhSe!ml|MttOwkJ@LCFgN$SEPy$LfKvCpX zlNdG6PpL(0ix_jfb*$&uxa!JJ9p<|R#79ozxusCiK+l%eJ3C-wkVqG%dXKGedfu|? zNxZobT7m{x)($ z*EQA~HFS?-hzkAD&`^<#nV+WddvO%ev~up?=Z33y_mSA-h}ubdV0NpFRf#gb)2&Se zlTK6Y`6U1tIP^7MPZ3+iYGROxv+|cC6imZ}x)t z@o9ac+G~U1{{Vzl{HT{sB`3I#zULUmeJk@PP``h)&oqWfCzl3E9gDn#cVc>)^l8G# znv=1BW@nJG8uRzV5eLegvCT+eQiVXrf2pm}#MnU@ zNf{Zvz^gYAHy&EP)A~?KY`tZs2{x(V?cKM%Z`x^?4J3|`TPG~fzyhEQ zzh!@n-?cA^q42lD&jk2@*!iM4HM#7Z*~98fV;J|Z>f828{{Vt9`~dx%^otLOUl(VC z<6n$SQITmPtHBK2ODuehag34pR}Ffd5#LUc`i*y|*d~@2Ow(cTmxNISG1*3eW7@sA z1KWz^Bh+2uHXa@}@Y#|Ha-if7O7iMEosorzW4BEn(qTKT5>E@g?S@ z@=G%%qzRH#4Wo*}JC<_y{{Rs6YYieuw20%D%2&e~0KoSL2b%Lq^-Uh`0W9|l+M#@i z!2}WOpRH;J9-)7KCId|A0^@=)S=Qbq8aqtZVLbOzha;#o>`bC^+Ru&RiDWa*KGBc5 zr>U0e5; zh$X@*#BqYkFi7{TCcm+Y-sax&H@Xe4$^E1!j0l!>}|Hi??#klZ9-2*q{os*(HU; z+zY|EPBEUMtUd9U=2;vl>??3MZD!|Q^COPJdqHmQJksh*W7@a0>*=iEMv`GKAcNBs z7|GoAVH@gNBWhNccDED4pfp9kU_Eeqb6#VsXg4~n>vU3BW+xmDGwX_I=VcbquXLFs z+NNJnK^d!mW>}_zc}cf}lHBlWoNQDdLP_teEJCz$f?2r0I5g;W8{I}1j^>7dF;--33ug|boKpg61A3SC`YzuHU@ zplqR5Jg>O*>p+p{ziMcaU{~{D9kbGw^3O(^)t&92nr2c7BLsWZ#ywH8OQGiXdJL0q zg4zgtvG;PoVzA;{yGL03-?B)q0ndJU6)g%@>P_PfUVB|OFSA)4PERlcw2UhEHRrM2 z#dvqhq9dKXF^b8+#Mpuh8sVEtj=EHDvDJ8Y#MgSws0(Q(Q9%vafvt7D)h}ZVApa;udY;;rfzHYVI1F`}7QJmUqw3fq;Qe3xN# z*{$xQ3vPqXJdk)Ix;X9KLZdUQkKycT^4XXZPo}(ZCCV4;*Rl4lCtDNT#pSXED0u$> zBDDgAvOS~?BOUm`>&l8bnyj(i z+&$cps>n`QAi(?ubNA3j#JUzmBjp&VIZhh(37U3Xk~lo}6+C)8@%c9r%N$Do05a@w zcMSS|b#%b?Jp^cXmXB?8BQhxDlY)O5=S{h_)MqyFptB4@u{;r4SPlD66eLkKv_vy6 zPl%*Ea&t|Y)IEM1DDEO?X89R-O|4XibEv z95N#B&Uig)EoVj2Z>?bwrMx$4{x4C-fES_L}vpcyq)Twwjzze9#sV#^1bd ze(&X8wMg4Tp2yD~57QgOx<;jYcX4^=8JK0xOiWKtpv5-FO3{2Tt+Y3vW@%iBWan=F zD>ZA1?OfCG?3zD`AHxaZi0vd~i)F^qf}HpDG~X2Xe%2i=^sCEf(~+Uxg^&pg?8gTg z!8xrAThhnIzBcf7x8W@@FRdPF>}FOeF_$bKJr8d6=N=l+wXYG}TgiN~B!ih4ws`HI zdI?PX_uz+z^~>EdZww{7-rDa9c-&h)zLoc8mEbP`>s}DoZ6NzR+RxaQF&CGYSw~Pm zEa%dbk#J|_XT`sQo-y!+)a_*j>`_vNr?9Zuc8fJieJeup;TD)xU z8y}Q+3r!nyX=CXh4)}9Zj$8Yuxw*NpkcK;XR0lms{A**KE6T_)mgCue|;Q<4TdhuPK#2<(Dx`nya ztgT>sjp5jV^D~a;>q&|;?qunH6E}Vry|>h@ZJSP2^Cp3a19k`vv=*n({V?$ti?l00>?hIUSt4};;xO1Sb>rW+=UflPUl63e2i9#Z zOpO$=e=L;F!;-K6Q*7 zD9e50?_S@aE}d;{c($&y-SNz0D){f3b|zBN!7gs?8t++OEn~@G4=O(&!n{*b@oPik zD}S?HGTLy47WB{Fp~tzCeUGnv1>zkiSJI@=XSjgQ#Bj)@F!kx4{{YUp4-xo3O!1zV z;w?T4xped8NgB@p;yDLQ{$H(ODA;j~x}FE%?}gfZ%sP&R;yqg88H5iTGaM{{1A=+u zwS1rAFM!@BgHqFA)8xAQHPq!JnVg431mLOk=~o$QX${ZRkAc1y@wdS%TL?9cYg*Oq z8DdbgF@3*{eI@Zj;#Y}u%Y8oAT8h$dhu4EK`RnsVCwwvJ4+H-I*IG)~Ewp&|j(iQ_ zPZ@YuP1W>GNt0B8Oz7y}EN&0nCeC=~@{d6h*IF>Ketx+-68M9E6n^ zm2bpXx3$Yy=+?TOxL1}G`SNp~a(_zFPeS6^^=HG+iI#UB3|%p_cwp9Y2$fSC(;W%* zuSfW~@JcU?f3u#Ys`ye%IDBPkGS6*w*egxJTca@Q8@S9IC*9q4GvTb}@YeE5B= zGTUD0*Ntr*l;d!>I3u2S0nbd=DXqit4^i-B7WUT@-sq70@`ne7>{lH*r4|aufl#4sxAb1P;yjqo?H=toS{-w3>E zr)i!$)ciTBd2mjb9$b5voDc!WwI?Ey?tP=;J5LJuk4~N~S6H#NnpFMDZsXh>*W{<| zOYoW>0c#^z@cyM9v*FvU`7LaLzHm@ z!beV~wWcMp+O=X_rn;D{(HIO*y zaywRpH?7Th8h4G1A;?qn0bYCYW5IEF^TM|}T+$$w6tog-8uPCjl_k6e0CjbOST+6KR)jU!W*8%cz)j5KYZyo6;>ha-{B6F=_vZg8nSRm}Q7_yB(1Uxk|O+GzeSvNv!(R@eY-x_H4S9%rP z7kW+YqTQpEPR|^B-H&MuDJfz7O$@yjNZ;@b%x9J3l{av^g8S zPXHhL>c0p-;HTfR&FjYAEbu>{sz+}c>J|MbQ$E~}sHuyy6q)!G=`4a7q={lu z3ER6nSa3o7b6L#~&eAKD9r5d4jXuW>NQ*p?Hqfh)j21nsI!ShqEGI+hTA89exFaB| zcF&~?AKzvroB2>V3~h+YpnTnawP_Y1up_W1IRs*YLKxXu$YNCYC#6g0rbygP2DJ7c ze%lTZYu3`0eoK+Dm;KUAmI~Sm96I+UrRk zU(6krbyD1a8nt=#V{{ikogac<6g7JXYk8X1>c&K9E-hwkD`O#-J&5MHpA_nPC9b2c z>3VX{HkorNme^0jTjv>7!N*+J1gUCQGd!nI@R_>MZm%?{NA|^m^R`IX`%GQH_Z@2| zMAe!fvRtIC4j4BX;er1E8l@W=!e`hTZ|xS7=rDLQQ_^DDG$z@u$Ix!~7F@VCV> zcvc0UPKH_Rp}8hp$GdtH`t|)O$4!Dv`hQH-V7|DL;uTf3a7q$$f@@Ol(mT63!;*Rs zbLn1{DI66LX;FwG*}MnnHy*W(d8$bT>%!^~XB-;sOy@dFJ666yIhkOOU^__r-%7iC zVQmC4v~Fa7>rC1QIxktS7CpNoQ?&cnNf(#pfT}&{D8DN_b_F9lA3M5ssI-`_wQsar z9jd@#3H~o?2V>GaG2uI@1Tjt^X?v=kwa<9wC~aNsjk0b-wf2exad25pJZNK9RUI+Z z*2TTl_TfUfS08(d3xP&$O6n|_?g){I<3G-~ZEt1q05HciFkYgmDCdU9r3UI&Ce}31 zv4J#rzBM@q)FlE&>G7hsn^!a)O%N@cm19(c4UKFkv)M)`JvdHgDaI?Cwsr_4BP zj^V+2*3QZmhci??O-Yba} zLw~8w0cHD4QG>(ebjNIve=64fq;;Jy#(MJj${RnjJPEa5ISQlzN&Kti@fdsRe@Ad; zUa>fM)_)3iKDPavd?n$39e4`oO_s`WB*qxwxPo1qSm*iI%>Mwi7s3x1e#|~Be-ikU zM%Hh96LiGe>K;=`1Scbj8;~o;sf9iKURTK7j~LRtaK1X!F0C~OeInh65V~Ln2aw5% z`=j6|iab5x8*dY@h~DE}hFc?O+nWc&&f2$Bj~rkDvTiXX0&IdmSwr&hNwV ztcJze{&k3wLKEMwT=V$VF9_+M*zO~W*==QZ^2#X3df}8wj)$}O`@&u~@NSdgABqj6 zTSMU)rxxpJuH+HCS1X;-NI+nF6VC>? zs?)LP(vkWbI-FDIR4IUkO_DOXMC5Lpd zx!Ec$zkTXl>TT<~k>$DG_>vl7n4@!YYmvCAnatDm6c z6s;@1huAs>rK8;VFHh3^MWI@_jd0R!3gCA6fX{mPU*ZOXYySWV4eVMom?GRnW3C2k z-HylTd2_y}2_>DrohgR?NW{&~dSus6rbilVk|*QX@G54{(6Y)sPWMlqDHNe|>5O!) zg4!s-`O9Oc0<%8r14_!n6*gTul1a`-wQUPVxwW}Z-W3qY`5kf;pXpZ}8QooJq50!) ztZ8~bigbS*+A{>O*9*?r`^n~&Z2ktnqaOzN-8HWQcyq)XjG8===Gy4EZOTA9NzY@N z^)S{yKgVLd`*uBY-u~B9u}I|EA}|LdoQm?FkDs%)k@3gipN)J!t3{h#GTKdA)?X|W z9FdK|bJqtI=<-I#6meRgg@3ZghA;Jhh#IPCtk-4 zJ|&mJo-DX{?F8E)m6YdU?ee$XBe)xI3~{{T<1@fU}6 zTXu{RL1b)vq&Hmu04n}+qwvv6N>*M&L#; zaod`OCXY%nO&=(07n=8mJXJNGyKWZJc^XJ&1BOC!Kb?Bkm2(}`3m*4tX6m`(o0}7$ zjiI9_l-pI(Jm=*&HA3rGc=Kcozb_fjTFuCD!$p}IuZH|J;_WGP?SDkE)WDEDQn>x( z4gSjxYOjaV>wEqATUd?+H zN>(8wl5vaV~_EVhAgkmwyov7A(V-V54-_2=Uy}Yo;-RyHErXchw?$=uLrDVTi7EwyRmNQ zQ>y{ZbWxW>;P`_GuG!>&4*YTA&j4$7TED~HPV>WBoDu^x1Qc!g{x$sT_p|nF`1NV= zpy;u9w^i`Zg?vpA5nf9)f++4-9$(WYy*hPlkAcKsX4`ODpLqV;AGdddehdD~Bj5+Z z`^_uF9w60iTTZySgsY?pCPa_i5^_NF;=i7Vp@iDPg(KRaa;uNhrx}S)MY26_3Ak!_ zDB^JyugzL~-=REe@ndP^9EzV-v^Q3d2c$Z&VZGXSalUfN(7o7n!jykU<7A9 zxfKSjDhH9oWTG5ojzO&I9W=BpS?W_;Lmkqx74EIrQ#CDiNy6MJ`Dzb8?N(=PIrJ^X zsY5cyu&~@ais>}ANgShPusvusI6o1Rbw(M%&U*C~uVB7pV5tY13}v~~>5x9@IOua* z*G!gnFLg1&=ml#8VNxfVMI&k&gp>TGcVK%8?<{Q$sHwC_Pa98q?2L{%M&&E*JlI^6 z@=Owrsz*wpB(gpu!#+XF zCcPTbR#=sQ$XXH#ax~H?Sbz`jJ&ii@`Wt8(CT)+5414<4=T7L(u(OOtC018rbDVUo zD~%ot`24G=Ae?`+xy@7_rTAyRpAG4Hh14)= zx^=v_aqxwQIIP@?!_bO755ktw>2}iT&uoutv-cT1C*f0DX%kC&&{{{nM{kiwb3`{g zZ)4?8jg6`Jj^j|Um0@vhRUEK72230JuV zYa1kyuwFUOYPdTXHc`F0LAP&lilol5WymU&OK}Wak{wEK1GQ?|UTl?CX2O$>YHVjV z_BC!Vt&ro*U8AOZREc&xpaT;h*R2*aBA)RV0Ps2wddPd^ZPBcMIPdF74LB~q3IJor zHCkDUnVu&s-2N01H_+yO&vP+(S&3g?O0x#kQ@z^@+|@=_GBhmiQd@%pA!Ce#>snG- z?2Y7_+^gq|ia=4ey|j)`Etd>9BOPizLtBE;3Z$yUbpY}x)DBkXRBO~L6YYE&=i`EB zAUJXXr!O+2x$1riN3ys{!i;C5jOXyLOIyoZdE?#=;z0RDan46XcRDF9EzC?&P@1i6 za$??Gm0x=2QoA;0Zh@tE$KtPuqVSKx%@0!X4y`P!3&@Z=K@Y1J9C2T-pR?!u65qid z7L!HsZ^v&EP2=Ab2U+d(glyZ|@D3y&#m}u>jCqgL9Y4V`_*Y5tw2fa!@Q#CSIkt=U zD9h*+b^L3|b?=Nzp*v{a3bU}+rIm2^Ob?Y0Z0-Q}&lD1B_*>!LhpEYB<6ji&Hy$MM z8y(9FIX3Wn1kMNLp82nIj@HpoPiJEen-~}ZMDVpE#Yb$c%{T38b~+=mRmjbu%89gWm+y1mp}a9p1L^-*jhu5%tG z@hz^2YbE%X?NF#L@kaS%QPh#xd)MY)?Nj?~cpKsVh}w+aHL%h$*cLAT06Q?~2dS;% zuFk4(Kc7F^8~zGU@gL$$_u3bL^*h}o!*iAs-Ao4T^!W!|SLFALd`X304E5>Og{G$j<hrn8)f7@nQ*=fGYm_=Dm|{2TE1!dlOa{6`^J9p2BfhJOxtV^u`c`7(yd z1JJL(72-M%jeJ34HN4uj^p`iWXLI8lhv8i@hj2cj(|mC!i8MI1JIly-Alm9*<{%C@ zuQ2gXjjdymj9cJ^e~g?O(#0fr4~YIU_;X0fu)32~yd{;xugIsOmNM%W8Kz`{5 zIQFOLo+Z4>t-_2mDeLtV3CO_E9!|ML2Dbm_IViN7~>V?o)Z56goJBX(Cbz+TgMYHUCV&$pO+to zD;Ydw zq}I|gftoMiV72KU4%YO`d+6ZTAI-NJZhDiBl+rSkPVHMv*RB>QAc5_}6OJ+mrfUzy zJ{!~za3h5Z%5HBru%d;+(>wjxIEXK=^C}EO~O=i2SRb0 z90$tTt!%be*OA=M8S;VY8(`L?noXl$B$l&C)>*+x2R*yiPBs%=&ZAV*G+UiI2(2C{ zZbmXjat&o^nsdhK518{X>Q||&gnEInbW6*!=E7aGAD0C4Sl8M|h_rW)`&Q%3fbpDd z+x4pfmvdX&p_wKOd*!qFS0i(&Lp-toI6vO)N?QnJrTok!S)mf49sMhqn%db~MG-3_ z6O|``O<)H{qiJ?`HZIUf5bCNIt!E~YJ*J?h;#gygAS)iD+|W3ZYY~)?rs&#L=uv|M z_=?YuR&6_Dd5;1f8S{))$(<4ND%>QO{$%-SV;_!dobeBXbj?o1%+?8WH(V9Z9+ksa zR(DgKk&~rMK9Xa%)1we7;R+PT1GRJsJnbl!KrN-@k~{q>X~x2;(>eW4@6C=qB%YKU z@{dM!O&eWW+r_5btIqhq>H)7b)kXcS%&B)CFi1aIb{8#-q=hc6=bz5J*uwO|OYM}K!Xq2vXLFhqcU^gtctLKI|-JX@`8bU#80>cm{);m=)t9hfIxXG?s+Ea0K zP_u})1?kd)IS=N#(#QJ)Rk@1JNZkV!W{;zh-o10en#YRb@fEJ6rCnP|rNM4i;uc)) z2ZDbLb$jRg%#oxQ@=uaQQ2B+Ule{7d`8qX?GsJZ*G8QTN6k@)9H{~8>5qW6 zzBJHu`Czc=nb@4f{Hf?M#~msuOQ6?d)4V_NFUQ{vZ9GAHXW~1%oi_1Z z&`fs}&+vLlb>A7I)Du zr;!*XSu2w0PHy^|PqjT3A{Iib-2(@{Te+{{R4g zI-?$qXQah%GL`ed%kzd)??9E$n0#I1eMaBLcK%MUJX%~g3bG+=d8a);4@&w+#2zfs zb$<)}qd~e*zF1jIjxw)~KwnB%H&D>v^bd#{=9%En6L?QazkMmM07+$T7U6vt(DTwr{h?w5*Qrzt2`V&*@CJ1J-;qE%aLak>2Vn8oo$rK2aNB_pdkc zPlxR_>258hyPdCh5|YNiGT`>6jHZr1P_nkrC9;O-O!vh^eq*oBThl*_#KnK@BDbbB~~}p6#^%0Qg9j z4K7_t6Hi+=7 zaSI&+dwUH|-yE4Hh3NGjus3!i!8J0D7%B$|iDmlI4PinUC{ilU~9VPX+v0Z;+ z%O2x`*&G4+SI)YItK&=PWYjLL?Qj`&!7ryc(QUTbe4luyn5XZC3E z55!-I@OZAu{^Hj7OdZT>8_p_vZU?ax zBPSMkUaR5D%|}X_{%EDn=Mj=lTa(l9uQAc4pI0+jMQN!1;k={92yUDoQB`(|rnNqj z@az{Bei*a1)u);KuvJ=PlGy(7^{#f)O46<;*337N4>l*05-=+p0sKFeS258T_dGK8 z_WI5xSZ=~dszZcc9RC1H^#1^ddcD>Cv9u2FC>e2shCbCQB|R07e$e#TbZf0U#c(aZ z_N}DK(Sq3g{j2F;jUG1AJaggUsokU&-XWIRS!2i>7IWop#z|j#mT42^{{V`b_Psal zIKCg#Z?B-xgrq}gj&TxTgP(lYAMtW4%@XoY56^QYsM`GFXX0L4o z6Hg06E6*kvaB#m`!V);zrFmXG^Hhal&2M^Rk*!%o-i^>6)%q>_I{5lsb3|VbYF7$x zY!xl-_Y5@Ws~mkvt;uoF`jIatQc;zWI%lS8+s75%B9BVL?zVr{{Y$d z$NFD{JZWjA>i%MQXH#QuKko{pEP6Hvsp7i7j(!Q(JSE~8H6IJ=SJsW{pQKx#u6wv8%bM_cwxd3m*`8YfjW4nP>AM8_Z;U9}$3i0>A--s4TsCXB}RubvcqkqdO8AuGBaM{KWT!r+mYLHS+64`@4&G+`J z{hPc^`!alO_`Ul-c)71`_5T13-?LjxK?{Fi=P*bC^+LV)$ghU(;douV(l>+H^scNl z`I2nssWP)Vu6JRVp~q@s%ey#TiQ7G^q~o6UDwT)KS3Iyhd)0XznnuW9H#r~-aX}jm z0Iqf`b;+#_rSOs~xct=+xJB9s zB#ysPU)xXo8`b-7>OUTS25Nt^Z^SKX3%`l~01rY(qcoE3xzzNMFqw>;w%wsJJtH4g zC85&uWw@Q=k`2YgmiD}7$wzQb@19?tQ8Xr_$zWnrIjxOc^Q@{P0$ALkwWR(uih z2khtZ=foODtEYcrGhR)nU)k-)*)<5*?re0~AOY2f1U75u9}-?cE81MlvLTP>X2%1s zHN!HwO$KTHz_;*Bh)QH^VVqZ)*nu?d5N0mY9B%c^P0EV1)b8y3Iek2<1kt!+Lm}y( zLMz;S6XGutcyGg=A@I(lX=>S%%z}6S09dEcig(h*wtAPrFC5?aiqh{!)Mkmb8%w8M z$To*l(03a~qhMF8W!y?4`RHAIJb4>);L4hZ0JimeurG?#y9oJPr!fJZgk2cgF( z*z2z+h6`kZCSAiFINR+~TXP7JfZtR&ZfDUd)9+nylWQ5QlR|a^ct3= zj#o{syJv5uUD4RtPN4w{oDL`*&f?R=iKASHc_MIl!#6`%n%1{vtm;=6UQAI3##K)T zA6f)KEVkB&E-c1&jGXkYLgT~`-6Q_xQSflez32m-VD}LrGLazaK#R5z&>rwjQU_gJWLLR<+Yz zu8}8L%sci)R0AsjhVx>XH-8G@$-Ae7X zktU&f@)F~7O4;q$cA%r^-G1Xpn?#1#TqJWp%(5$RGVGa4LaKLTj>^90`7J~50{>w(!AGIhVT1Ac;8T%*f$D?rafyZO6Ih;J_`M(d;_aJ z)Hb?Q@r#in+-^tQU44kJj`cli>dsSRGcsHZD|=U)UMI7KsFsJi{2#Wny@OEkWOsKS zY!CK1aNRHo{+0J;rQjVqS@;vK_^#=sV%A1Tv4S6*e=70n(^s+mtKkM;7m>zqc{xAE z-=X0?82JAHseCE$PlWCKEhMR^rNXq4yqH%Q9Wm+8=U>o2!Ht1}RE7_lMn`Meh@mimQKNG)ZtB={M_K@+1!h5Oi zkAfwT>V6oSMlFj+KkCDG*iPTVzezu4e}+B_@t1(SPvI>}Lw$NvKWL3dpB{RQ`e4`2 z(Sn7F8NekXiKw7QOMBTW(|y77{Fk3uVKE*9@o>@uu7lSh+jmzs{M zhSuFn_6ohguXFH^gmkylEw6Pw5;%1z$v$ap+sY$QjbIQJPijGWOCmU{wQdA zJQo@eM`hZ(*$*SP0CukpjdZN*i$rT+jC+rnS82ZwCFJp2W_QLHkgo+R+}$86XG z3{ek89OoT)tY=vszF$IcsHTsl{{Uovj@}j1^r^J%Vo4&F$^6TAIWj<05>eN#bC1ft zBK@V8PVryGPY`(LOh^*q_UC(*9LO?y{*}c#ipSpN^gnpzZO#KqyLjOUO5}bOyB*rP z5(5*Q8uMz*`l>YSh7#oNQI+)C;MFeX! zP98S{ls==175g^$H%jrgi{dW{>k-HOr0e#Wr-?T{KfAZ_ z{VT}zj|trPd&IhrhV?e`Z{n1MM;jQXcsM^wB&@DYI<}RW)_g<#lssGF{{V&e-X_xL z(&wJu)=Q{ClQICj;~$4g__M$oo}p(Qm8Pn!_aRD4@)5Cz7(SJRr(=3ps7r2#zNPE} z);Ub*uEzi#H&-F6Y1dJ2zY%`uoS$mVO6PSZjJpeiG>WRhR34S+aX=ar0W#l8+B+SP zinWSY2yM~IkPm$NR|9Q+{(F}DyU#wA5-X7%+#5^~%y3zSYDI1(M!@Y*VOAw8_!?Uo zp)9}!C-STh2>6>=@Z7&>(lrZ<7s)NLhz<1}DwM2vn7k^J)VqIirfT;$+J>v4>6f>6 zCo)PQ2*tgATo2N@Nno`}3nWG&yspwzuh5Fq+Oy1AbQ9RCs_F}WXqGn~WTYMpj9Ihm zlg)MdQ>sB8S<02c&0{K^&tnaTQP~@D6=Z(?nC(~9w?s;T7;`<+(AcrwZx%I&nl%r;8$=Kwy_Lg{vjgIbx7;#-*mu+sa z3wziWLJwc=)DWGFj3nCJnlw|zV(pUy$lF8z0G=vaE6qz!z7UY!YMqVgL0-|0)ilZF zoiBuPGvfyprKLJR$dZB=J?WxlSnlAB6_xSw`yLHq_^$b*SS{m5*iXz)rEebS%i0-Q zL~x;J!t;*_L9r7BMJ%ipyQ~H zW5)LOpV>3%WXLX9f(ky;q<@iGo)q|r;!QWgmwpzyG2Gip@`(@M1KiTo)c3XHy z?*YL%;oV21hiCB>&E2(yyWC40 zO)Dx4kf0Nv(!7ID)L_$fS+x78Oj0DfRk6byo9t+03P&SxB1x|Y8 zS6&{4&1O08iln#$*kueI`ySmq`9Rg+kM;X^F3cr zon&-JxBb@dlw*&jYj}f8f;l6&wvWh-zVeRs=pQdpnefLfF)3Gk0ot_e?qx{>1tX5V zGeOE|T%@UMoyw5LtZ;vjN< zm1;fCdD!%ASHsqtMxQ&Rit=FXUUF;28g{w3cw{6FM_SP%HewAlT1h@#*cQ*sdQ@-1 z?o*s`k4mIrC1W-26|#2%>T!cxRwyo`!=IC*G=jH|MyJu)f)zY-Ch!*yip zpu-rQCfJ$zlu&0fjkW9fU}NPyGhHs5V-@N&Y|O3hFb!!30G|RnZ zRwf>A7{>>_Hvl~QP}DcfN|xQvO3rBHxFw_kiNU8B*j&OW3d8_Hjx$=2G`6KS?Up7v zJG)d=h|@i5!8T^`CT5X#DF>0#x;=fDrxKgQn^FC*4|HjQK9cY|`XLu$*3@1x-DKAEgkEIaf+ zWd03&D)3jreJ=As_-)`@Z4XIc3B1SexZ@?pIW_1v8vg)?d@(#QUR+$ssLuOiP=(2F z!=+ZlIT)TJ(zO2o7TgOz7`@r>`;Xp18;AC6}j++hoOIETf%@VNe9Zn z`ZfU1UX+HJy`XqwNAQYW!w}sQF^~ZH89tuXX>}PcjF$dz@|XB?&MBG7S2HF7A9cEr z-OXEFG7E){;^3{p>O0`lB_o%<*KV{6d&izgjh1n@q3K^Tc)R0gm!#?@c_GnssF{rS zGT~Y^9A}eT#M&{j_Kd?nzQ)jTEey5{%A+WRb)w>MF?QBd*Ioc8Ho&*#N| zi{2&pk*PO`JZY|8TwV;HAmhtHlZ-F5?TfuY=QSj7G)l?| zIXx-b#w@cQpDeCp5uJo&liIW((V0}8h)Rvz4%HHvk~ZwL)syV@RyOz7x}@?5;(;M7 z&QD+ke$xKOfAB{SjvutfnPcLQij!P?8~9r@fZ|xf-rYhwg5Pu+zAz0ANE3Tn1mXJEauz8u;dY%s%4*^KNYObg|6LSSlh4mQ*iE2Dmm@myk2cm#i4Y!4)T`y zix1Meqp$^^#62UzmUByYaIGjij7<0&Yry<@@t08XeD@JYZ*QmRDgLFR7-t^+{{R|e zK6DzL$A~XmK+Bp&FpLAFNZoW#Z3?5Wcs#?;%UCb(z;5omPwGD zbM6L3OqtkyV{Hp*8&*w8#{_py#E(7qPv(CU`@mYw2{ zCfXyD1cx{y-}RHxoqYu-DTfb5`q6(c;t4%p6~C z01?v_N-az6lB}~7krUMN!_tBCGc!`tt+ff*C8NX%-IX79uUka+$dLkM+x$$t&>YNN zL1KW3l&0b`Hu2A;EPCXztZBMra52f`(l4ELC6`p?C5%Zly}+)@)>yCflJO%Y!u81H zdr(Z0=yOpBnkJRw5wIi@MRQl0-HTkUl3V6{<0Jekqq&UEuG-I3(=B1tEmnNDBWdgS zQtCQ`+%#7jgUATRcYL+HUsE*CF!;scJqyM9Zkaqc!Z~31(UM#;vFu0T{HvSO^ho2j zv~moSs2vYlsY>Rtk*5}`9j2*mrB4dQaVOmb;J4DfcF)7tuWXa3*#QKc^{i%vG-6%_ zuwt?wn?3u}H2rVvI+Qa)Bq|6T^HUAX(mfLI#7Yb5Fk7T1B3EKbQGnH?ZLM`E9@g;gX29fj`qL^fIa}`x zU1;$c?B+gOId3h=AP=ocZKhsNr(NAV8Hk(%w<=mw98E{M~CN4iN{fjvK-60d;&YiiDceS zY-1JBYOqMwrrbp_W6uMT#RhVf^f2u%H7zkmnq^2p;|GvMW?%S$?y^!go?=O2-A!~@ zk@j=PCA{v)!MNaxi|nmCrNmQt4!q<0)r^&dUc1%gf*;?NKQB;w*C%pgb&%)95R2`vIo53hMg@-t|887CTJvycbd!BDiD-!MXIU`>h7sPm_FP zumgg4sGBBR997-(q|z$oQ#ksHhSO0N_fX1UEOXI%9CoJ!WLbX@%c$SS6n5eyH@H9niY+bG}bEc0y)o7#w!(}yeDI7TL>=g z4Wv;;XAq393yt37_cg<xQx0)vdB({3eHdF3wTT0F_dVebIboQ1QqnJq?syN1S zMQcqN%Tub8#+Me>*5wp$MZh@Z)G>I{^Injp>{1koS7~M#`T<>LGD#M^N2KZ3I$B>t zut~UN2FWAoT(zaNCe@qEec!?tjL_K!^MPUEtJ~X|uB?!oX&dH{9Q@rs3d__yM|<%4 z`pn3sB9eb8LX3%zQmyU9dhRBUqCSEBoqjk8yjS864{NVsW2D^xmeQ%qLC}y#*1p5> zuD#%k9}B~8u3K1ZHqxnkS>!k|KN%n%ovIu=9JM@;oJOnQjY`3F9UbkAN%FW0fx*Ew z!1$};b+v?Y>3UwCXK4_KX6gn%9y(LAGPAiBiQ*~s&k4><7f*L;q2)$hz%dxaKu(&L+4Vq>~l zn{e|n$MUbQAoy*mc!x!@@kNXm7M7NTZt|N5`Rv2LTEb9dOR?l1vC zy2ppLYb4adM$r|Ja5J1?y=$%baqyQ^WuH^Awzsv@{KCFiY&?i^aJ>C1q9vu!_x}J2 z_&N`UvD|pJ*3#%CQW<4Ci9GUhe+u$H+9SrkBk?WPiL7`Y%I+8jiwda2mei~|D24%9){@wkdrfLdij$-?~vyZsn?H;(Pzd@>< z4>ps-}&MK*Tc1eEx<#Hnek zPO(R@%QJ7`SPb>3{C%Za_{H zBFO{_`-jCJ1H3EoFH5lTUxzLs@TRpTnmh#v*)i+2fIoQDIcaeAXUTWh-Yf8Dh_5_5 z<3+XeV*T7jU67T>aBHIQ#fOWVShUr239b^;I0+dfwn6A=drrmJ^?w5C^4?$Tb{-|Y zznamd^A<8Wjr|5|yVPy2r@FM#^rTh*WmV5O9dY{BPF)1q%y`qnH@c%c8FO2^HXb*>aPr{4K z8@+Q#)ow1o)LBf~Do0K_j+OlT{7Lb?fun1B=CP+oXLT&sMoBG}O!*{{o^z2xdX?<@(mq z>`bH3`2PUKo+7sKPN{zs@UWE`p^)QlJuzRaAFw};HMl+%Yq~C{dvyhr2&rklP|9#Q zQJ&|g9+gQo7DA4ioxh8I0mt#H!u~3}((NpUzOKV#w%L>n{Nw$c;PtP~FC6?k)P5Ri zR#u)NxiU)}`xV3QV%xns)>QOKBG!guT-w>`f$k$O0BnT=b_wtL*RT9K{j9uS@G1`x zcvnEOxYqnPs@ugE*$@z5l(*g<-2S!FUg-L&FO5GIBagy)OKVHx8=Pk>;;JNk63)A*1t8<94&4c#Gmcj0}*=_U9`bru?VL{okf* z!ehFdM2!-~=2nPj%iexr=t-?39Sod19-C?7JH1;@iq&K*u}8>H-1=9jcxLZIU+nl} zvW2xB;Inlt?T^NX0$Q-28!w=;@b$&kgK-^%NWf1N`Qty*yqm!~FZR}zBEfo#Fo~r* z0V~ru9@Pohag~h=p8@K!X%|=PWNsl(nWa@YLGN5%hZeb^POE6fQ7oJ`api-Gzi4Qc z&!=@Q4(s~M8yPZzf($afPMtNo^7i&mxpdU{BRJjyr zcxFve^n2Z2)Lh)W193>lIKk*Y3fS=9?Iq(21xpPr+TLi}C?q5}knk56s3{}p--G@F z@!yIq@BDY-3q=0g^MO`%9&rraM|0A#KWLAF9}@gYtZ4ot@ceeEcWC6@yT(C9+B*Tp zaZxE3$b8S@uZ6nU((d(lw~kxrfN7O@<2;e{ubM9{-rC|o%DZxUb51h2oKZA#GNSpJ zFOCTHuCu_tGQIG3iZrcKJGG7^lakyK&#$I?S419!AFP^2wPE5dA5YZmCo`+Wrcs>j zbJP=CFiuewVO|FqBZ`?si7S~NH}I~9;{N~&YkDrDZ*wP~4&)Kzhfs0FeqC$UcUo2T z#-1&vw~Zud+{iv|4hQBr&1NWeG47(wERoF7It}Xi#?~C<{#E*8;rY|!hrvrYE!x^o z5^1poOgK3zydPX~`cza`M^sN>{{VtUe%Sh->~;HLTKI3pS0hjOVdC;M?P4OuW4F5} zYD!e_c_b6pYa0IBHSIDv7j>(Pn^#qy-a%{eMNKCi*{#8-TWHy9mb!mL!nP{ z5+^u0>0d>7t4$h(xoF5TD9%M<_Y++Y=0pAq{re^AzBcd|gg%jKT7nDc`Gsq*$k#b!Stuj?7@F>yTQQ6Tzk-CD|8`X{{S%q zDh7VE#Ra^~GjBZ5B)SvZ$Z)7Z3=cK4wiN>)xzBF29Td@a-b;ANK*8k$fKTXa=x^CW z_K)!o>~;H7{44#WJT4|{dmEVTHOo;cjyt;sZL$VEh*C%-5D3mGov=UCli<&ed>!#` z;r{@Iz9RTDRkqcH2+oa)1X`yWK+zR8Z9)_`3 zJkR16hBRLkXsp+f{i{UOAU4<0CtMNN`q$+b#jl5&pMpG7ABOxhfBmVf_;yvk)1`I& z<=vxa2;SR4{W{kXJg4GE{1ijsj2{%dE8-i|;kdM`*10#De3&6%m=BqK!8qf!e>{M5nEC)oC>!Lj&?G!e@tUFU&|_ro5=&5dRL(hj$0A=5@8%J z{!dZfs?19{Mr`xI&q|;sF!@1ScIG{^RLblQ%A23K&jx@VKp1HO9{!bf)QJNEQ;tE; zS`A?O79&-Wqm{|X&J_2nJ7L=EBx=zdf~TPdgQ}E|-tYJzXYHwV@H66={hqvAsa_|6 zwTp?K+j-vvu@kl9E1aoZ=Z}A-e{jc4)hE&qhjeSyY3c{mYuk-4 z#1@MM-K^5vPXqIkt&V+&{&mGT8b(E^FYOUcyh!;@3iKa^VqfVOmZp7b(PWCvTo&|F zdVeaxMT%!_;Qs&;!q;|Y_GWYpH+#PIA)26g-@q6 z0nBPob8#S!5=ygVlg=xwv$b1YE;qYOvX7YJfD~RUm4X5cO~KElI{U-1+FD6<6UO_1 zI~S;?G>%@*CNc=7iIA4YG1OOKbD%V~u}28s8*p-YA4*2aSc=z9hf9go3W-7IJ?p2B zQC&*TIIhr{(}2hLaX`vecDL5IZ3!zayq_`wMyaP=6rMFg6^1tBr3FQ5V)#dXpRU7j z@IY{OpD<)&>0Ez_{QHe+{^_hl3MD7y=vUNMYFe8Wbo6;qnNtb72Pds`IxVzOUWpxd z;j&jfYiP>Gu#Zxoimk4uxNF#KOm_RR@{9m$bHm!Cw!30@;|q>g6;o!GI=yqm)_1yC zvk4narwxP1KJ~)cT=|xAT78_wmg6LHsaPE! z&Nq|1g~{mPk)OuDN4^m@k*<6!)x0=Fv%vtC&Cr~P(Ujnk>{h&*&s(3}z7s+#Bc!3{ z_uZeBpB=m&^`0Aj6g z!dljetm>9GV#CA{Y|E<+vJ8C4an51{~S4ZVJ_8LpyvHOqkBF4gf9(fJ)dX}Gi z8MnN$-}4|n@OqAiiu`;30D`oB%!k8%8q)qg{5i0+(7bP`K?n zRiM*9KB*_|99i;r?C0^M_=e5AAA4ps8^pI(cLNwF(EUeB>mcy9vEpwSYB3pJ+SWLn zg^_SKC?_QPU;$jwh1u%m@w+}#@lT6Q-POcav$*nQc!?ZmX~D-Fx#&7 zX2UT&4|?~q{5`clOUQ86k2^k^@L$8rUkkz>c3X?$a2WDG3d-@9#JvZ@caNe?F-x#U3BmG=+wAvT5|z`_iXHIIk_S(=L2iHHj=*C%Cm;?-|bQ0s+A9 zT+@m77%V-Jhk2q#_TZ4KIvz^!YX1O+Zl|)HVQHC$2>F`^vObp%v^(U!jw|RSollnB zWLKbC&tr27y0WtY`3i_g@0C7n4r^S~bRB<4yU=_`q+9D+Jjzrn@X)vSk-HlC&3*vr znl1PCo{y-z+r~e21kTLJ$J5&!R*{oO6?~~wJ*VN1iM(a-k5*l4!*{|a1bJwF>iY5T z&3m4`@n^&z5TF{avv=pt1|4^O*7|;RYNIj#09RvspEdaN;fIC%b#gVy1a>|rOp$On z^H(2rusJ_k=Dr%~`uD@lW=qRC($gmjAp~^ko_VUihg~e1F=waS+}k&Zbv<&%-}^67 zy*uU*Wn*UNCmlJ-ti4X^JI9hKqr|}HlgX?lvFp&o@|@q;UPXo>s)NJZn>SO+>-9W8SPlcT?v$X8kokw->hWYjVudK0{WDM=fX`Z!Oo4JQt~Hek1UIiFFMx#Cm&~ zE!iY0vnW4x*Q0UAHTMsPJ~w~| za~R~E*68{PHS1r8eiPJmYpe8@XN{oyJcRB=Bd%-WU2DT$6~9aCm=-%LqFPUs0l1%9 z=k|J^KPr`@E_kia2$IJ0Qo4IfTW7laGjGbSaf<7#4EOLu4cXa|hDIEz_wP{%JJ|b7 z79#6i&o0;EzVO$G9?JgH%Z@@?2~?7jFFg<8Ua#SswZ60^m3+kjWE$GmN3jWLMdHL3 zwoc@PErJ^rz-h3g%0UA^&a-UVGwyd9Y;i@hCt%T$`Bu*89olT=b6|2U?2?@_5npJQYauvw?*{x|Vg-TY@9{&LQ zC4R~u5I<~RjIHp`!rnj7{u}su3sHBgUd{x!62MM8xFIJDNduF>_c#ZC;}`rAyW(%a zABo;9@Jt^S^nG_!w}k2%A)YTPJyO+)3XH>rkTS3%=z1FT;fK6=kI3^s6zSpkik?8J zHsu~?EA_sL-if#UU*fUir_ptYyf5NSKKDTJJS<_J*5)z;FgVILMit%M%*gQECAqhd zV2ldFQL*~28xhW~j*9ohm-?bx$#f!F5dv;i0Jb}yQ&{@UQQm3O9qaa`89|(G_O5wI z^wfJC29YMqkh@6V#s_0wk!cDQ0By;sCzTQEUK-Oi+jWZO6CLbLz9~_*vi>zubV)4L ze8~**4*ktijm#>~xSe5SaH`om9| zBbsQ2$8)J4xa%-$@THDGo zZwv>&O4`;sspBIpgt5Ag<1z2dK-XtuZ3K3&aIG5^27;wo9v9*Z<dhm`_|Qsv{ zoRuk@&bQ%IyuMrgCN#BjFiB$Td!o2qlCDALJcCthoONZ&j=RFJMR}}R zSjr1QBdBreGhdMW7>ab zKNjfz9`RqqJAHa|v39V{jl}2oY)bvl%pcCYH(qZI>l#OhuWq6#uf=%s*|bT8BQ27D z3{c5<>*-oW+~=Odbo)h?@J|eD zw{}X`Y%J1pu*(c`MBHKH3^DkM_V92&k3N;0N$luhvdBx~ZgO38Nk`=GFPic?&klG~ zOVV~-MW@=vcWy@m1rN3>u-0rBU$iH9`%0bI{`Gs5)`#%TTDLMZ?J^h^FeA*X>MI*w zNzKBk%yF+IXRT4eHZ~@Pa{gFlbL~NiE$xKMJWU7;2>G&cie>hO zf;5mW{P)j#(Ll;?q1Na+Ev@CFTgxj$a#RSgG70ysO*8F288chzFB#hS%Ji)aCO=p4 zmxtQe#w3~UbArr%O7e^CLe@)_ngCRR&MDZ=!z7(9F)9FXYNHYJWpJjPS3@c8VBSKj z$c*PW7_H430;t301f20(By-Pl`^6)YfC6*+Q{&wV2+zygCZz}=>V2sZCd;f|AW0p1R&C%nF%>9tpU#>yB8N{3n~7oTSDR6a z(iTF+Td}RsjzafWowuq;&NGbGB(l$eiHa#b&w2pAZ5p&B<-Gjl=eVnXXL+%-j(X58 zQgyOKC?s62eqq|LUF^AWUqgHk{gwVS z{?fYcp%;NPS?v5N09CoxuECBZQgD2-e(@asRnI7OH;MaU`!jyYUkyKJYa2*3Ef&|} z2aV%x^XoT}?~*xBU4ZlhwSBdBqG-Yfzwt4e?pDJH%k;;f{*{|!Xz}PiIOu*T@qORJ z4GU7U@ZPfyLP4n?A+8j6Lfdx=_FV?T&diI6Ev@eFMpi;da8IbLTPKviuJ~HY`tsja zxOpQAyhN>qKT+Pfy;n-L)b#7SFeI`BVP%NyW%mZ0NtTS`7h3x@q_&pu>RO%b7>t%5 zd+Nsk{c6UYro(@!L8?zB#ih!wHVH^m>{mE6N%kP^rF4qkXTV6+NoGBTc;>(HCeKNV zYkex}31=B&A%Bqvxim&5v5k+*uiCHv3K8&g;9a;LBJreJ*NkRXk}W#gMRL!NyMdq1 zznyQ|NA~OZ&++3{OWUn={2AbeY{zW`hcYj1>^bOqd)H+uPUgzXQ}c(!UN$gKa4iBe zvzBQTa{2FGL#gW*m(riK&m`pXbNs8&j4W|isAEjWi4Wgic&5fxk#X`jr>U*u8ywUbpRzrco#I>FI?v*V#e8p??(qYpE=MIs2wWb3bM&v!Z9@8cw}G`&2A`$F z#CFiG$kXV)zgqKZRBY*tY*%>aySFDv3N6EY+;fj=v3>oOrRlFJPqj>W`G-SX=7}7l zc$Z7Q((X;_O=~=P!sj^^~_h^fpS`8LOv7X{U>Kc-rXv*&V4Y zG@BPixYeE}*g@D&98wvL;!hOYCi`7I1WLJFlfbV8*F0HrvKvj$b(a1UkSkb4jPXy1 z7v2}QvADkRhNT^>0B-V^9%miOo`Svr@xR1788sW59|^-MTatE7D)QOsz^=-1=m(xf zpk8Y-?~q(xPaxzHNC)~>?wjyqRn=#O^(%?2qut8D{1NDC=K2k@?Z1WJ2DI%9Pq+IX zm274U#Kt|&tL%GM(_S6${jH-7>fb2f5zS;_IUbc9g4Hu_ikxGoO5*h!eMURHHTAZWxqlEC!(&<7u^YcamdXeCJ^d;;Er zui9vlXz{J=Fc9*l;6UO302&S8dH0DmyVsG0#l5JE4UDY4MR8gugRO21^61f7*xeFa zVLMhrc{HSJ&S|?fgzXjM#`7u1TA_QWT@1$z${}t@tO;_s%S+qX5uwO%*vFx$^?^O) zLu7tM!hwzb4QmCVoR#!5q1WfrZ6vgNYgr_2e8JUzhNaT{Q+|QqWmbru1}j2bERN&D zme#lT4?X-bPZ>EOhf3`HNv3Fax+Tl$Ht#Ht0Sv5w;k~~qY*)62=jX%syz!TcyjiB) zLne`NZ#$@pVnHBqFh390y`IId!ZaNE@7*bpLvog*UV}#?Ws~3J2)e5D-g_1qF3tS*m{EE0lmU=`J z>Y8*m(>AJQL;$9H4@&0s?Rhn6+A|o4k(^_X!nHDJ;%syn^$FyIQ0ByvthMO2eh0N^ zqk_iek}#oFgJdlRkVl|+Yr(ojm}`xHPP5goq6{LD)a4JTs(vf+b7|=C#{@7yxJ4vw zA3;HOK6}-CQ#AUE{i#H8f(pKPKGn9DA_#5offJ)H;j{Tv@*+7=+@`PnrKDSJj3Z-^ zMloDQqi}5En+xVR1g=j8vU`%Caq)PPZ}fupD2_+VwXuUzCEeB33p}6*hZsGoB`Xx5 zhQ~Zx%UkZ;4iD0;$S1sI*zX#5!0TCDqoK0Xr)X3ua#Zn}>27pOs4Y_Mk;FL3HM#?h z)^Bwit1|>_t`uQIb+0*sZxJa=cyF$uw^CTczbfBa-5@;&Og9o*!nb7>Y~ZrjQFG;5 z!5L>sAAkp3)Ji>!@-UxrmZB z6UImNted%SCbwXW%QsHEP&FHw5$Rqn)GWT&r$=q}wIM)}hy;$u9M_|0T85)(YSHUf z>u-2|T!-8#+^#|$W_WHb(lvoY?)&53xt7xHt&&-%k`{mWhHGT*L91fgUB#OyxP&+u z``s(e?|e{nneT1jw2J)>RS0jn&r!`1MMgc&I`hQ0*UTZ3-(wS!%bZ|#HMgW|@b7p` zAwpqTk&GW|#rYKDZBJp+qJr|sT_pC-K>){txYv0OucLjHZDfiVZZ;LjURr@EoQ0hB zhW2l<s;ipTtkGAY#Aq~dI^)c zdc|W`OatZ)dRJu$Vlf$E-mOZ+nr&wS#$;=jFN~bO0M{LS+e;&aI43Lyb5i#MH^{Ov zNg#2xfF%!lr9QmLZuY3)F$6C?4In)DUup?*(OwU)l z>GX|81bMXpuG@|+i!>%icjde$2X zQn3TyJgXvZ4=Rv(I0xxlnp`{1_DzfcP{8#*mAqxp#E)5BM^8cp#N%+sOxE{@WR~JI zTe$YZ1~;C^(xyxonfU$iL&Ix-;frXl?80148nwpd18KE6!GYxN+4(Yn4i>-#9+@X!U&6v*D85|MnEA&cV+9$`lKZI^PKcX}+ zB>Py#2Mj>RCm9|1pqWI#hvFWu;(Z%VvDdXpH^Y)n{{WN{dBCqk@h+cdrFdscy|KHo zy^iKT->MaGxg2D6IH;62v6=bL@n_+^{)?~8u6Tb@Np$Op18j^9>cgB8eR!{G_zU7M zh!;tx+FrCVXidvTQ16WA9Fx+iZK=F=KDhX)C9i}mJU14rtZAQTy(AdKpcFogJCmRD zihyZe64g8@J(t=nQu^JJc*@GV)lM?II{H&BMDeX(U(kLZHnpp0T2wOH#~Vtk<&Xq~ zeeOE*lV6?spNpr}HJPQll6mI2nn%w$M$SMVN)2O8A4zx{#&;nvi(BMsf9yMjE=nS*1u!KV-(1%> zqRk9f)^c9Nmlnmc>zr^XAo?>#v(hgmvedMBS{PxI=Uia6LEzP2iIUjMcW9a%k2S)m zc@dL@&rrU!6LZO3ZfvzU8sQq#1I%S3hWgi4;hVii;^Oc{CCg4`q`J$^4q~`blNk%jpI((m;f%9#z(e!uL$vt{)1@H>v~#B)5P*L5r@l1?V9D4?h2cGl}*WGe`qV<}WHoUOQ3`i%(~BHJovam{@b38}h8wO=BAz9=WPsc$-FMvgv*w zzwqqSNfN!#od*2i=LhIHHKLa254`+eaDE8*HW!YcY7H?^m>0>{clvxc)V0!28%Ahc&|Z8v4fDP7-KwmbYan zgc2|Z9V!Y?(DqLU{9D!hIc2Q)LsQV~uk`Is7FC)-^F}>Byw+`=iKWM<&2JP_#^;#u z`SQgfSd!OIpHjA)PPe~*K~-aehVD6`q29;T z-ySu866iW=U3@vQ`z*1TqYnV$9Ai62*EQMrMf^#scwx0~6<(xz&BO?@#f`#JF`V|U z8Q#w2DOn#J__VD4B-AvGN@%ow8RTfb((8q6jzRXX&i?=$XtC+q)~#&>mX~(va>6-a zIS#(HG_I_|O!H72OCkw`pEfb+RwT9A`^$s@NZL>LYtyFs5Ph5bHT+4qRn&YZs!wZo zmsz5G?PLS8`u_m+>+R%mvNi`hfITZljQO=SEs@=wRgU~;gUGLre`(K$&1Wr-jcigx zhId;ll~4l4{Y0OS^{#i=aF(aYD>^L8wnb*i9eA&Q_z~k|@NbLkEnS%Dm&KvECGod8 z!2|KAa@NOOS?XW3$HUpQy<<-CUW~p(FCtt;B647n4ngDB1D|nU*nj*IKlaVA{jfh| z-8V_`46?`ZPr<6XZlfHW$vj|TA3eh==jx}{rD~0!^glzi^t;pbXT61+W_Zu^udF-= ztjXdHIm0se4TOpb*}V11c} zJ?s45e{Fx+L&V>*r^hddp8u*jK8V$0>Ip*osdXZ1eS`1j(LAT<0{*qZ^L< zJH{3FFFv%AFog&Uza)0)L8?|ByF_7;x3N8iO04eTK4_I~9bf=S8@KwvocFk+MFKz)j1zC?y zFzkPXXZqiG7V^^HSA-cAka??)hrUH;Rwl{V<8SQkbY8BgGbazMuA6Y3+45T6+|o zLkOlLAx3eG;~$lOEMK;N!D)UMd`XYQ7TQ~B`aY>Ilk)x4x*dInMO_{44Rk&^xrO&D z%)lJran`fu60CqkRO1=R?Ouc*Lz1LNLy8_1;2>(=e<#pQ+64M^BIW1 z!Qf(?l4Z7F_51|@K5vucBXabo#UcPg5D4ImP%?OoXjVoUY+!f%s%WPUXDVBEc-$yD zDah8*H7#F4@fU`?Vd1;`y%${4u0_-{+stBq7!tW1jt)hCq38S)C-%|OKWo3)tHPSr zk*OE)=Y^6ut|4Z`vcjMTR~^W~KZm_c_B)}m`oW{IlHu;{4&5tJUEmIpIqE+HTJ84O ztfUI>J^iW38UFxSwZ~XzJ>$;>_;ccafxJiX_r>;~Yw(|mEGE;hB4Lvmk#V_m(SgAS zu>kh3^Q`{>f{Omhz9apYK0J8GLDZy_(2lt6}ys8F@uB20D)5{V&OCCYt2(Zp4Uo)P>L&C+k7x}Ty6w#TOE4-wYl)~ z;x&o!P5%Ic=aFrMk@=QoA3kyK$8LE1YH7vX)!6!1K)8FD%Q47P#dWdV0FQ&fIRhPQ z(WcHihOUFM=K1ZUEQt8)$Q9N2t3=YgEhIj6qhqPt$f89tx83$R=xeCK%K9T7+IVkm z%+~TJm&w3AskSmD)yqcWLZhQlS~nlU+McOrdwZuN-A8X3mQAOfqp7bnjv3~g1z#Ob zM{~Z>Hq1lBq>j1up>>D6iQ-|o5D)?GC=rowA&G{-c7wnjt3oY8M4!uPn`3Zt zXdGRQSS3q|%EX6$2W;1011-D_J2*{)KQ#u?mCgmOe%pT}VnOzD*;?72?7uSYhi zcc)#(e4;*A#&QR}WNJ`JW0Br8E4Vf|uDeLJ{{Tt0bykyU%X8MZHjC(bbdy`hV?LdF zkr-tm*C2eYURsbmz9SY8s;cBKnU9onPURiOq2av`PkXhyk`$Ixuv|ty^L8WFxXTSV z$9k5=R-M5Ea2U_MV<}wHEcK~0;icLyn5!m64l9n-w39Sy@hLJK;MOvcq34ZbbZ_Lc znOL@X$5UDk6GWLyj7yF|{MscDI)(jBFZqZ z^~fi`U(&gx`X9F{50v|#_V(88ek1r(Nbv2g(30OwXO|2<_R>z@)2)0_`xty-hru2$ z)O0;pQ8xM>rHh1^4Z#~Y!Su!#^{lGG?^EV;tewsYSpDeuMf*&yf#NL(PclJ&y7D+} zj1pwr5`C-R{{Y~kKNkEQ@fYA-*MqKLe-HSYc1a39KQISwN#ymfD!vNr{L2@^bM~ss zQ}DCEJ|Xbmfjlv6^5}N!;>hP^xVpDEGaxt|e!q=(ddJ6oLgK>t^f;ikyts_RB)fin zq+s*wT-5Ly-JZ@{!;`->k@6I_8iQQ9OG|){E_ZD>$!@=yucp2ictUL~$A4SXM|>l&wub-8Zk&zkIA$^JsN zoV%Z*aNbs(q|aCIhlS$uUhUWhz&LN>_OE2oW?NQV$FYY3v2N$;7%U;^cb+A>lSRAJ z?b#)OfFwp4s|9@;7iRP4(*-niDke4a5P4%|o9|^(jMo zUs%C$nG6Bu2LR)>O@@&|!XF}MEJs{p{3`aWs_7Ym23e4UkaL;^VQp>_OdOSQ*@g%; ze%9bLz=AM2Aor$>D!|%(5&TNA*;*ujZe{{4m#r8rCv6r-X~#?56QnyRBVF`tGAW?4>de!{See{uPHS-9%M(w}l`=`Isx(gjeB!yX1=I$|B8@QU#Tr&_rZQZ@9*O<&pN=^aoTg4pJ zB3fS|lO;ZKdk&(w4~lnpdIyIGigfuIe$Omw+eQlIhE9H&{Hvy#K65p)r71Rg_rPD; zGe^_!Zf(3vp=o;dk9Po$QqillpI$wAr+D*B(ls4gOTP}oX!?Av8A7JR5|h(!w?CD4 z#YWag^TsZ&HZ{Gny_vn>kA{B5d;{T|e;Q5uJxk+V5%Oe*LA>+s-~jbD*fKV8{2=?{zE1I%iabm3{SJfi z6Tm+aJ{)SHu`C+Ck2Ea3i8u$0_cfhNBS*i%-ZSKx%$+PAAvvdRSEIV@p8o(NhS4>> zA6k-2jVn^I)FR#Ud2$9SeaBJw*KI4t$~?WB`f*&+rq<`{H1SGByEb3rAaUH(`ec&5 z(K>(I9C#6f`_EHcr;DyuGi0@ZVbH~P1vGotZuMEDu;I#3wHN1%&zE1}%vI_hA;OB`Z)wDRHp5a>H z4=zaY$}r;<=|U&Y)WoZt-|a8(&qnx(@R!DZ8Pt~DWERHrPnJd8_LD|;ZbRE38vJYc zU#=3y%2|!n@ycOhe~bf+*0PUtrw>-__WuACS?Tw1+clt#ZkjL{udku27M6BTrnRJ& z-!?Xu917r+Y|l+H7_|FaXwozo3()4BEz}m%MsB1D4tAF#f%P?XpmE}6qZcOhM|q=Z z7NX)C_~w@Zae&_|eMNeHk8KQ>A!aCT_U9(Pj|mGS{HpPLjb)!_6UDEAd$9ii3cbE= z?Y}l{YWh4rOg9>B#oS7{-5zqLvnSPmv(Z>c%QoC}RtC75uTJBvU;59ndFQHJOP7Dvu`3$$S^z5N!3YwX8}uLc;_7}GgG^oJ7NR! zIppzLMkX@ci$(Dj{PM$Z3xwOj1B103rU2|V8Qq*sw- zAG$5j`ubJKqG@gSgXOQ?=CtKUJ7$iX9yg;o3-qg3F%z6H$4aXlvyls1Z3-skYi`}` zV1zO_RmVB+S#z@z2_;r-=ugd&ny!O*WhAj*U*}TT3nAX90^x^zQ)7gk*#w;S>S+OL zD=3u?V2!T!%5@J=rY>C$OlB>kaprtvnekLIt3?ceuS#1Xf9 zbU#C1uG%JtqIfUEu<3pjw1dNb9!1)guwhgTW1i-+oVpZd+h3HI%h9ydj%g0pkPHLv zYolKV-^&cwm)V}@8AK&U{t@`2ph@HIeyh}u`gEhQGyTC)yY%asNh@Oi<(HHEb(_Nk|N6Ks=j z+IU>_u4?2-a^+dfFb)noQzl5MG)V+f!)GSvVU5_YEb(88Ej%x3myIgw8h|@|sL#w# zybZ*5o^9L)MnPaTdCb^n$)Sa=at!r z{{VL-w*XK6J zarXeg0=Ua6XucxTVbmwHoo2GPjFlnKfN|+u?}@xmqG~34O(x-H+QlEAx_#?88Ymu7 zXrE)$Z!Rvb9zfUu2>C#&dbRqsyyD{J&2c)f zk1e7P9o6cy07&PpZkIzy#PZEg#g|%vaV^4G*)Psrn{NZDB-hO!5Wi`S8^RZG>E0TL z?V6Z5OZf6aF!cwI(zj8txISOOuA^D?>ES15ldsT}~Lxig5Yh@N3Z;($;%HZ!{~CFvOhxloXNX+J=`M ztH}+dnQUQs;;ZTU*NU`t7T4N}-Dz156i1U6sG!{JH4QSy#1<^i9$mm8fameAHnX{x zLey?_+sjEz3ZSgGJ^Ozu&SNmwM4MjLoay%y$uS2J=OEQ<-7;Mw;9KfYT}2?zB}m0Z zgvx^YOG)6IN9VzuoO6L%+V-Ig#a77X765^cM;zAC*uv*MZ>FuosFcQI&Q4EC*3@h) ztkoXbQRM^HnWr~WKMweZ?03T6>D3{Xf+2RmRy$;Ybom?z zt{0G_+2f3=rYn0(@m9MmE2Lb<4ECy6 zp~oXWv|Q4fIjv$Ffpn;=W|o1Ucz>57RYS;F2yD>)Ia*9R1z z*|&4LnS8k;QVN6E(FSEEa{BL#?QJy(^jU7=j`XP_GH_UQ;=64E-%h`=GhI&_P6tfn zd23LQ6MJ z{XZJn_=}-v_nLI^4Kg|4+DSS$Fk;n~?TJ6)s_WF*N*1kh3lnOx^#dJkn#mk}Q zdf2wL3zM*u#!p(pw$g^#E^WXp**$qRq@q7)Z$+owO9XDJur5aKde)TIGtQADYOeY2 zaal4OFC7)F9y^J)WPzM^s>ySv+23IVQ!qGS4-^Q@@g!2;LaPK~G~OE{(y-#Ob&Rv4 z9C1i#*x1o^N73aBEu)orP#9!q9cp`*n^19aExyz_IPIDZIm-6-P+plKd0qfB`gX1# zS+o|?m1k#%9dnwv%EoP;XQ}HEcz#Jds2buoWl~YFMo&YUqR}nv>eg{Qak1Tkd!D(X zQn_$NnY5oaXkv~)j;Eh`>_>+Iu#xU#a@-I=#X+M+$Azw7NQ5@>7EnlFde=jG&_v|Jj2~D+}b^_6FcnC`ZNj|x&jE2!(eGcbOz9RO`;kI+0N8S~s9M(}X zh)0x)*~e<$F2r&kgK24^c%x00%U8GDp@VSyPJ0pGu&!%U`v#j6>DF#qH77Yd@#{&l z(&&CFd>Qzir0c#Nyzus*29bLl9&}Qcz+=u-{#E3E5Vh&W@>|O?&jDgpy6*gI-)9X~ z*z;*VA!s^4xVKXO0NO7JSr;9>y=te!#{U3`+0`0R71NRkP825Zl#qMi)(sePpI*fQ zxwd)ipn0~iCu)zBpQUxSZ>-7Ty>m^swm<1`d2$9gBL|H8R(#rOYkueF=BT>fg|A*) z>X#O+<=hq92^&xjz}IcyC_EJ}jI4DXctIVRIAS?xUf@>BPh?{%wmzw4_-~=he7az@ zp5fPZyD=GrA700TD??B4ev{%zCpU7%Yd+oayD!Rkr*=oQ?tH`JKZV{U)D7K+pW z$R^t)L=_vlWM|sFrpoJA(fmK6EHIl#AherQsE{6csC8^tKV#C(UQ6*a;FrVC0{leMJXwDvFzHjeuh^LJo~Nfuu}Z1Vd|CK^}82qV+hu$RLc)$P8g;rVQ@9^8NuU+-jf$Ec#>bx%5%z`Dhh zcLpnUlgj|JGvgyTu6kVyQq$v>@@r|Nh>x5q8TwLd2;c0a{GA6Nx;&mhyk9O5? zeJkCreja$6#oB$gr{Vj5FHnacI^>KW?=N~}d7fi;;Ex&Vdf3vuQF*55x`^EpwEPB9 zoH6fRkHf7RNC(|G+0dLzCQQ{4IpVgEz+mAj?+*^hI0=w zs9)mGP#y1C;5UY0_-1uo7V`4*QIZk1Ws~K119yIXMMR}!B#&tLQQ`et#5xRf z%R8A&?+mQT%q3WiWD5Cr_L=x$uV`Afxvs@`cXe*cQdpq{!3X$<=UK`|@n_1qZjG)% zYh`ty7Z)kCNc)NwPevH$=xfom^Lup^FltjvHNv)AaK}EJQfSwmY*W{~OK0I+CDF<< zk}=c|rF0s8mto>dICYCz6=sehD*`|&xyMQsKBP)bp1%y@vn!hG!Gly>3$WRuV-t5 zBUd|ex%SO{Vf!`sa_;xXmUpi#gGpF~cL5lXjksqcrh5KWN+{JIQhwMzG>_n~g7hV_ zvXfAr`zsHb#4g8$!Ty!!-?JC(C-DSBCx`rHqTA_qs)gX0(Ul}pIZ>bU%|$OFY;AwS zzwq~q{8y^@(tn6{dM$=?_6a0ajhmhT^si^|uZa9JZ{gErqsgZuK`2J@v4i;5scB*( zE{x@VCSK1A>GwuSZIRb_*xxG*cdj=^))M|HGaOUn3Ihc^ z_g8`kDU??GvEUQ2e;?~!fAG`7HvTQ}&x>wsKy9AM|^`d5!n@b=TdTBfa|+nZa+KGObMtbu_U z;~v}-NaS%W&4$Q4U<2Qp(a590 z{ycxeFR%E@En`KS?KTYEfB}v=mG#Xp!!HtQ9v#RK|53bbg=fUE{MAAqde1NCR& z4!^7T$3V7^#c&n1c?RIT^1bu)HSbFurScWi;UOU#HkJ8!?_AT5Kt4kKt$Ym~_rsk- zQ_`LV)sXp~RB@8go^nqf--Ui+>AwxUQ688ZQnq++Bn5s6$j=t|GV8$_?xW$Gj9lGWOZU)y?Zp0_e=4IP^Q`2UzuE318<4M1!;#b6 zbf`$`i$6oY7x=Qn;;+L6Ky+9kW_39gXR4WBZ@gmrlEa$6nAb67N9NAWPdRqal&e zhH#{Cai7Z`wblGJ*I!E4?A{p}ZRS2)$?IJ5(?(s7s`V{9?Z_H7DEuF-ehmKr!FvAy zV>@q-U$d2$?G@o&65i|LkHgY#FIqLkx7tbn09_kkeA@}$GH?NWb6l8+Hx%Q#Y5qF> z>gdX(PvGapnj^)kUf$bA&7jK?&1~4naKoNE5sLHKcOq^XR6L6Gp!yv1jhRiiTw}^R zPInX2H6R6c?->~5-n21VXaQN!eDtyf0b?0vZ_hLqRaA6+r+1gn9`#}=Bu(y}h7Zz! zB!Id^;xV+j%X|CQj1D7*d|*7e+lpq?&qerQ@ju1?00Dk1{4@Cf0PyPO>eI!Z6ue8t z@}=6>5QiRQN7Y$(g1y1Tf2arSr~5F7m%Sbp3e0QA3#UIf>*J53GJ zB0Q#-W<{;~4qOh~uzz1l%>zG}YrQu6OT4_%wU$w;T1_M}4DxoiGg;DkLARXb56-;` zXFWokO`XgDA6j&P6$s1qt(F80oN^s0-& zVYKtXpbIg!)gu64@m7==%D4dc;LvMK&_I#^8AB-;Big@Mf8dSZwvG4ft@~DZQ^EJT z>skCg*X9XuvM$)8l#rwrKBJNDDM@I06xsfQo)gzBG|hTD1ieZ8C#=LZ4HjT`B9b!E zgU^4*1RC|Y%r}<_e`hk86Xcme>OIAB)Q!<(mxc*(r^-UBVd7!xEAc=63r+hW=-(ec z0bP7%)AV>7#hw;{t+m&RFZ7#@B(_T_9ZXDozz^`3^yiEZ;EP<*FZ?&+oo_;tNu6yb zF~-aY^P}pnGwoeQfvSC+#{p*D(}UKcRue~D-wG`?xF*)pOPC%rks1&Lg!>Dsg! zKCeERD@h-caKH|v8qQV(taR62BYj5l0Th#!+EfC1{YT+k?e4#S;qMXYTBw5MCW27R z@s3qTCq41)TfzdAtbUq&Iq{r6C-A$Urp33hi&lmtCgQ}6(*QG~ua=3MA9avGkn`Rg{_R^6B0Nj(_u)q7-IuI zm8)T_TG{zhI++3Mf(H~E9>oufG^>9Pyt*UY!Eo`kGslb!9=!TjjKzPp>g9H;76;_T z0CDF{y12T3FuKK^!y>nBbn$K^AxpUTpSDAi6?2}I&FW#{xNVJ+I&so~JO2O+ z8)%`nxV)8iuqBDd%4+Y4ue8gXXrr^chFG5}cAiuZT52W6EaKifdk}^)89?I|ZrV?` zN`(ILagDg-(PLAr&~EHf>Fuu~c@=&`kKp&HwB1^Cz16K6*hvx0YGedsp~$F`(70}S z&EAu!w3oMb@iAm_hzY=9QU3sBT+6muRNF`f4oBXpj7>{AR+Su=NYb;XKylu^IxRj8 zIintbC*}hkYd|S#n!SvwpfeCX@y%x2Oph|%+Lb`9gS(o_Z=tL%Y)?L+sK~KCBw@;J z99D&nn;J-yOx{%JazW!Y4VoT_XDz;@vf5n;<5vS?p2oQ?YSZi}=?urr#bDXAe9j)j zOuuXKeIti-JBB*}>rB?P^Q_%FxnVATU^<#CbVX=(-W>4NrH!0VBvH5bar`yumwJVy zngkY24ZN=#VF*wiee+E+u5*&X1?)TBHVFi-(vlVszEX)U;>X zAF_AtHQ`^`zxIdlXN^7~cu!FAZ-*gEkEPtQ zHqfBs3_8=5k&O%&GqLh-iabpIDY}{&i_CWu*C17G6T;HL63pYwImb%kn?FX$u$-v% zEh0ohw(7qyt@L&03~~?WN(-s?m`Yj~7Ucq*m-INQ5YB>WAxGP{ky=>yY11{Ok;S@f z&*9#vNhC8W$8i{Prz@VI(mEqdgTy*^pM9geS8zom5%O*vsjeHtnkB}Q6xes3-Q1n7 zbGPYOPCX2zO^f0^8Vy3!OAWruga;~rioDW24(b_OW5^;?z;aK1mBlEIGI8APJU8O2 zO+Ni?Zq5v3EQ8Qh=hf|-#20c#{$-hyF&uWK2V=gKL#Trxqgd^hRx#s|f^(0| zn(Y=yzR)(>+DM89urqyWlTirLfj$Cbnu@iWfHfTNR5M&V$V)uEZ=kr`MV z5Zy&xweul&`!wPr%2#$i=0O>*syZ`^5lZoB_-^;b{xJA^@lMB66Uje|bc@pQODu=| zBHMOOI}?s8_xIs1#$N{faq!lQ;$IJH8SxBI2Gne)Atr=@)PH-SuVNEcKO~x*Yfdkt zKArJam!oTc0e&D$s_F`p$z=BN#L@$ij)hODHT>l0`X;6D=U$&ryM{=uMa+*J$}+AA z;BnHXtn|?OoR*}TyXbr7m3tlfD@N=)=RIp-T1Rk5>DL|W%BuA~{{Rl%i&qdwb!PUg zh~fH@I#(y9$t9iC_HwZ<8)(g8&Cu^m?Je$NAR}!?=xNt4AVo2sm>&J>STmNZ5b6-y zra|Abf)|mJpI0NqwRl)shwu|V`&HO~+${3sk z;^Tb}(EVTj3Zd~A;b(w+H>KKmLr(Gch-E?cYu!-E8(pVUzhPgW6}3P76N^!45xapM=*^ zYX1PU$HadMd~f)8(JYZgt;%h$pdE(bO1Q>8eaAWID;l_H%T#`!;r{@S8P^VCA(inu zbtvqoyrc8`OV?H1?0!uALbUjc@H53w_%GwH!_8~qzP`bVJj}CNT##^lsnaOmolW6w zdJRJIX|$`md%JzvY!Go?HCk47Kff|e@`g5qaX4vnLRzMeVA3^vd1WQ#Rg?_io(*t* zBbIx;P_R?wdg8f{aaFl`%4CKm^UnhSA4=G5O5I(2sUu{^S_yOPbNY?!D=NsLLv-iT zy4@o7Ic<=Uy|KnSQn8&%niafHdlTtt5(4)=aQY~(2=V=%28VwnzCuFf4nK=I>-qkb zwKRObWnRb8pRWQ2ebwEZ^USkod>Zy~prGeNiS9i8#l=~$Xpt)|@geoJ(; zN#vBP$3948_Q&|w1xO#OQN>*lMW?;a{{SgNxK=pG1mI^J*DK*q8u&xTcbd0_^y}Ms zb<0*FYbk&Zz;z%VwbO;6c78?U#}T~0hbuTcO0A&3?d|^n@>`zErdhSTDuyz)?{S^Xf)A}J332iRWXSs zI6``ZSlZl((HLSQo<6m`h$?B9Hkt`bi=^e4ZYI5kO+pL1J9~?H6`8rlJ64cH%VUq! zv^!h3S(z0Wo`7)GgRR&>VFHUpEQA4qdK%Q{lQXP-Xu$H3>6##27A^{JxC+m+{U?6)9F`jEm`p5LFj$z0JSoux&TzTC#V&2 z3wLdyB4$3LwE$mjHQ^2B45=KCTBmcSD_Y5!yqt4^)_^(4*{uOHI+W?itUXUwZ!w~Q zmtps+hUNwgyO^&jzF&(4!?%ADX6(=~hhCvHXqu;c6RKo%{c zbz!+5VB?Wpm5V_g#1`=*+-edKBDaNiODQLy0ifv*PHP#< zp`q)yAJ|${kt;y=dd!(2lbznQ+iwnDYga+FX-U(|3`C@ieR-_R+>b>b8y4GQv0Opa zXQ(vmy-!op5*08t+T$O zE{m_+!eG=cEoCZ~VE+IcAmcoB>sd5exv5>3NE*)SPdUa_)Z}O0v+s3XS5CE(eM06e zBJN>~Zu(ILs2(-qUyj-hwu`A=!LH~UJa&Ms$hf!*AoVys20Pc_Z|#%+00olxZQ#%C zFA4k)wqF$Z#iV;FZ#Nkd)xg1Q^d~-*-A0x79gpVw;~&SLi(ecyd%aiUSBaDE*y^Pd_m}o3{{Vs-c<16Z#+l>) z0NUR5JPY8Yxfd|#Hu8M;i`03isQ&_F?^{)W&uf>lKcv`?DlQyBOF)E|)0mnmKFo|5&J}LNv@qfjhDT3n4 z_V!&rPG6Q3f?^Ik`eMAR!&)bZ{vc{YO48XT=FtHnsI@QozEoGynBDC>Nnbdh;3tr5OWlVhV_(&1?yJ`8R>J64>X&0`*?DXjRH zQ)L>IHZt4GzjyBX0Z?hTf7=+6_D5B2xf~yAg6w*>iQ-#*EG3-dD%jdbIISNM_^U#m z0TkB%0KD0QAVK=lXw9~K*{`M9hVT9ny+P9FJL6<-LF{3#qOCi@w@hCq+2ODbO0kvX*J5^2~E_*r~-vt3n(Ko+~=O zpEa`!JGhmYV4`u4Q(8#Zvspni+RQM1X3y(Fm5Wd;N#r_2w-(}7+^42_&3b%(EAa-7 zmeJ1}{ei&7{s0xKcMBawo~w0n8(l$h`>>^tJXZ^<_}twYY?fS+_rKbvCXwcvq;IO) z&9$xTd3DhlounJv5*cS2i?#yjJsNCf(BknJo{6nMJwI-2u+ zc1fe&k<4LmaI8JM&@NP7hsn8L-bz~FfO+P+4Le1<5ebn*()J2_P$d%^Tb6G)TP#~y ze)dIDwnA7g=k&&C37gUQW=WZ*24fxp>C&;ae=fvwR5&L9cN7^j#Qa62Y1*Xl&pnu$ z;UwOzjFmOf=>iJ`c^ouHZg%>LcPcUNI@4FO)T5j15-g4z3;@R3w+qb~+?&rd)S04< zjg2c?L#f4St4gq2^hYC{{{Wm)b=r86;w_+6?pAY-f{p)t6~MGh(dh zkEaoL8r&ARjmkI6j2v{RlevtyI(55_QydIFP%wU#nc|-hX_8pOJXfnLI5|Zeq4%Uz zW!&;tvX4%VO^n7cI4xYfnhmFnEpK#fZP-~lGUsW-dvRDxbEXfWli+`Zx<`as^3Ky$ zxwzBYlu2^MJ%KgY+{QGxWrI&(c8mb0oK&VMosNyJYBxGMTHeCXYJ+mQ>Iv=Z+N@Z# z=4X3*xe+nS?(1Dpm5zBwsj`=rx`T)=E#7BL9n3h-*0k>A(;I0CLgs2Pg9Y#fnJTGXxCTPEqV5ZxwJV8 z?MX_zUMf=J?lle5`E2GD^K3<9MYID2^r^c^sU)o zP=XNNXu!!G=$85tbNZcxijkP*k7&-|M>Wh?gtK!z5a8#Xqpf8f#VwBWP1Q^85=MpC zgUIHatli#_o0L2tV+wf{q<0~2W^x<+*Dy$=D{+D=qW;Cv?d&5qmI-Y-{opz<_N~oR zvF2L*gHSD|!D&l+r#P=~p+xd&{|OXHdW}8@GEOsT3BbKg1pzhfRC9Bff@Y zz;p+b^vJFn&iLt*GD~T3D`zE;XRk`eXi|}+q-xg+w>JJ@13Aa@tvIykts*Y7yc>BO zcCL3FY(ULh#6RfKnI0xcROP_O=UAF&jyyMiW*pvzVBE8z0Y|7OtsJFA9dcPib#5+f zCW`4;21Y~r*MH$=xv-IDzJXROFnTE;daQs`<+uR*29ad2KceTsLvJOJZB9KQfNn$Od9Yflj)TwC48I?2dn z=XEx^7Z-E+(eQ`-B$`|euE%VC%NFM1J^R<33azeqsB79B*Kth^tP;z?qrhUvrgP9$%^z5KuVjl#Y3*-TKu&os0UZaSqQi}ky8ahj_>Mgl zFH90LTz>7hsT_`n>0XEN0`FL`@QjxlC>J`T<|ns8L&ym1dUvj7Ot(KUwOwOYj{98E z^++BKR5_7V$p;P38SCj&d^Xd(MdJIvvc#!8&~J4L_-qV(HnXI70i5zHOBp(SjzdQAM!6@5wHfa<8;ht? zL9jGfRQC7nUrYQZ@!g~9ce+f;Eb~Pln5u^aG3orPDMztB%=vfrh44SbOTQD|c%I8b zzPIq~*G0v|Dp(%)ZvApNtNs!3*NJ?0d!uMtjif_ShBS!ArwSon1AR^_o-w(!bUlOO z5@{z!he@&1;QrHvhnz|cr?Ksv*Bjy8Z6i})ntWel+7+WKg)BSqj%wi@0K)OkyQ=9L zj)!@nO>=K`Yan-yHULOHKb3nAh_u^}i+%`qGnjg!Rkf_;42j?l%sRg{uKC+MezrP zbr>%#^tZCO4Iw1~mkW|G=ci7U=lbQopJck3w6`}1V_}ZVpIV@BXz|M*5iP5&yl^17 zM>*Jj<$VqCZ{qFUxsy%4(x%gQNMhdo9A|YL=~Cl!cs_^dAMAbcd&V$b z-)Wleg=2N2w1M5p9FjRB(>brNzi1x{*y|o18n%ydWi6!f{L2u@jN_wvR#jp-MErGw z!~Qza{7-jhExn1fNw&qZLQJSn1mtxdmF(%@8Gg@gf2hYINUU2baX~t!dAG!`3+VnP zw6KldD{Gj8DP;Lsm*4#M74!Ao?y2ED_s~7;mTKY|gg~)n>5p!;x@NGc(Vp+{=Rnfq z)1mRdhGf+(Qc@agSs3nP-;b_q?oWr_AAc5Gi&>x|8RKQ%!~IrN^Ys+lG7Nem zJ|ACrr%l)6)UWi!cXYUz201KA=g?Qro*?+|uXq<&*Yv-K8th-$uMt_IQ^|ZB57f|^ zHrGSJw0&1z)_g}{sl_$S+Mus{s5Q9KMr*73~F|kS24jVn`tEAsq+CiKj*c1Z;X5qXJz2;3oY|Q z8Mn7&MvXprll`OKx#I1ijnB+)i&M6TbE#-LcE2MmfJqvxq!4qR-=04z@4sd*66&h* zczadVhM^OYv@pw;=O^B`j>d{T&$czoJI!hdWUyKF3u`mBa~LeKj(+#0WB7AQkli4# zJEkv{Qh3cWB^w_be0lJni&Mq-x~;91+h}rUYb1wfm@|+CeB8{JmY&P#=eJIsnln0W4eE8RRd;|aVerrzIJ z>9!YF3j;=}AjlbCPg-)0h11mdtHQn!@coaAwJ#P!9o3!1{N`EV-@+C=?OubL^zRUS zI=&tz(zPoKiElL7U@}V^f%~F*1@-C8LD9---+Vi16eRY-NLdC@uH_*5*V;b?G;KFe z@OAc=VG_l3F#%}ssL|l%2=?NUoSE}C$E^eV2UyVsrrQlMkMRdh)wB&7;@aixmQOBl#DJ(yH!nPWEA?kfl0Ob< zI#2ec-K*Q)qRNCwGQ;ahqjb6)Ux=*q%~2$Hriy&N$s%G7SLt30@t@)B8qb68G&@_k zG;7Z&$!^gONk2~f(&aLjWAYcreg^R-hpgP`z93b7LN^(7&&|hD4S99VptELXQq7VH z$6B&UzQk?CrleK8vyq&1K9%+_?6Kpkc=f$c!@9Ph^F6=<0Kjdw861=ESIwXwpgMes z6!IjcU4g(W(AC-JnZ8mxU=S-AAvAnt`%QQb$%1(Q08TT-ENZsbh>N(m?0%Uf=j&e@ zMQH&NBhMqrg3GjLch-n(X$PU|9|is*>mLsMVP~r8sTJ+8b%y5JWAZ97!DIC6_*dEA zAN&b#;_VAh@ivVifo@9AvIxFNqyQCcAAjpgea+zP&*_i;2%r0B-~Q150JHqR06ryM z+spA!!EvpUS)cVz}e@pQ1iS&(sK=Bo&wxi+QM$$_iLfT*%C5hClD=F+jBk`;n z=w~DR=D*;h-?AR7`zij@pA$X{$86E~CV3|D2ZZjyEF{yVaztT|Qim(}dSbsRbvs5^ zSrjl*IuV0L22yn5rta2_?RKu6^bhuf7IT^>Vy=VQAAbI1)ZRG?w zJvpu#sM0dI@-N0Oh1!>jEiWU}F5|cHMwR}Rr?Eflky~>{4_-!i`uD|tZ}_uDxYe~y zTT0a|1;2!~#c1y(ae-%eKJM_enF;dSQvuUq+X#P&KY{_wG>PRulj2Ik`a40(|Jx}iE z{s`y$W!rw%{{XWdk?`+Z@dleG#g7gmNoW-Q@Ujn?HlBF{81IqTSMIKm_bshx9wf4v z;?u7!yp2W;*&cA?a2=0R_>W4)ta}}>M{{P5XPUzG4(Q*_fzR+H8v~8kL=< zui6NfIs*v&+JvJe#*Zdyh$#ZrQgHg=;v$A z5_}hieHvyZQ-Am2V$q!QfIAUil>Qvk{{XcZMFrX;x6K*Ij^|hr}#(4YoqEP z*;143bML{lDfwhN1)G2 zmn}@i*Nn#1Q)yW-*Bxt)v(wsd+_@}-=O>`WXoUAQbjfuqN0uni+`>r(M>(t3QOOBVJFsiaba!l*cN` z)$Ar?8H*Aw>>enLu2gq0p|HC*5+Qld`#CrjzoTjP%M-%m7$<7gT-cXYirFoMA-{Q? zjGmPrhs24xMgX?%1q=?IU=hso+p8pua`^r%R)({CJ+6&&dkvS`W>L@%N%W;-Xe|yq zMe(%DED+6RWIKw=xci44^IqX;pxSG;Ch9*bFch{JU>-VsXehzdJUbK?Lh3TGO1u^9 z_2xI1I=#*KfUJfDI94Z&dI|<~Hx@Q+rmXRk=da%cb*ya}QRI9aMm}N*>T4 z3r)VXhYuN4ar&Ce)#tg@?p@(OXO}qRfYprOLr5ck!~X!0f#L1M%Iik)%)IeNs3tG|Py#+ruIT3pXCV!o2E`S3hd-UpV@n zeMQOIGrS-Dy|?~NYnZuwT3nX#0Cb@%_X_!<7AR&p=i1$qdm=)wVkPxdyYu^qt?F7(0m>Jm!ZP9&|AxK zfX9!SMk{0Dak!;>9zXFuJsQpj@+I;Z;JTBJeXHbMWv(tw&9$Z6zDpmOLCDQ=)REVe z`|>mN4-7T4v&ekYoSdFbdd;*jBr1Y3xC5cCCePCH>N^(R#uD+*YY&%j1`a=q>rb+8 zIf~#Tf{{DJT374PZwJ1FBYi=l^wVSNl3|3dSGDx04m~qeel1={{Rhc zv~LhM1uA^)J0510#;UpchD{p6^>(gk?j`u1fjC_OEqbxTU0|z~O*F8mT z4w&j@YctBr3>kCtR2J^(wMZ(0x!n5}>6;Q=#;{?KG=q%bS37eAcQHQ5)8;*K%GOfU z=c!J{O6c*x#CdBjcw@Jpt#g{*hSoO5^(AGGb~(=#l$NIy>+&4Nk>bf?23W6B>IEeT zSuzGIy0P(nmGMYPL~nM+X>&7LINfY*Ppn#_`B6AI7~H2KrjF{@Xu)!rIX?KLdep1j z=4@_lX1JC@Kun&3w`|%886{J^=e2XQui70Dds#?H2TH)Wxzla@M`dAf%Ot=Fj9}oh zW{y%_QNJ2BjRVCRbQ-6CJTG@{mMl`>sa#@_TaI?w|sm50QIVW9sDno!n$JJS!>6*w&o78S`?UN&SXW z80Cnn+<}4E8Z^l#m1l|2iIK2IbAwn;B>P<~c5gf*NVtY+aKvM8b6mZASMOJbK0_Pd5T@LXsq*=&ax#VZ9Whj~4?`@-m26+0O)u(53C5_BCQHEAV z$RpOA3V{7`@_kY^g)rsT2Kk!b8<4fpor?)n` zoFK;(@qCOu&#iU81|-ye3HYAZ#X2>^YZq~*8Y#(Ce4atYbSm8soUfHebLMFJ_gwhn zu6XxKmN@{@t>tph3}*wcLG52Mc+My;Vq&OWu##Pc91>R1n2(wfxft1gGXe#ajG+xD9Mu09d`CA@*B@Pa(L*1PhO1-uKD zMm>W*)%}a+4ye} z@ojiHQ!wwgOapkxez^{V!opAkLeXr(h_FWJR>LZ$2t$2%Uty% zE70~W6=J0uTU2|w25J3+DmRz=HD;HTWY&_uMD1^yJbS_3G}1gPjq~sClRT$jLykVtMkMW<@2xwW~s z%00B>p;<-<99F#j5#Y}(=G^GMBK&Ollkp!&xzTmMiM})OPL5Mxx4hIH|IfM~yr;;}05G_*cd- z2_k4@a3Z;Yrw)MQB6KuyO;t8%FDdqkHW48tx7UZ$CP}0_=l-@ zBSD7WOju*NnblHF*l{Zlmj~0Hp4IWshqcXHMe!xCkF2jHkHj!0`JaqUj1m}nabCt6 zIv>a1N*wBQ#bNUAvlzL*Hzv~4%a#4->t>DP2Jv2lq3h8`U~8*b<|){=Fmdh0cGhrD zG$>?T5;MW#y_i8G`126G+Z(p1Eu%hv$^}=}t&;anXzkb}x!fDltnz9|^4TDs7TF|> z><`|}ZQEU{!m&GJZyfiaLL zv<{tX7ABDI1C!56*b4flr=?Etq%gwlzfP6X*e2@|@JSNJxZ`lht)m+l%X1RrQM-;} znJj_7N{Z@dx{GN82imCTlPlX=#Rgdc+?;%^izhDmiz zMj;^$=!!-FtXr|E_s*o+UYTnD0PvARXMd;#+kqPP=l}zX=5*~2^TZJu?BE(bn;h^0 z;C(9sByLToT4+p+h;HV_HxZs{{i;lpE}=VlasL2!6r}VsXH43gT;es`3U+MZ))t|v zeV#!IM%P=o$Qk_W5Lf7AU1`W;TfIm#!`ET1cJEWRjhSOav$J8ehB(bNeulA6sq@Fh z4;@%|M?|}W!glF2$lK(dm*lt4IpguK%s<*Q{tC(PYv4bHF6{hK;$1(*zYx(F+uJ~a z!w@(dhfl`3X;N=PSj7HQ{{U#u+i&8x?F-{=Us(Hf=Y@PDe-r-zp=GB$S{IvRsyki~xMI7wpnIa%@y@wqEHF7I5>B&30R-DL!?T(i2S~)V(jBqPo%CNVP zBfA-a^42)eyR-3t6mm^xDH~I!ez5+>Kk!RW+AH>@pGnj&^vOOO{4r?(xYTtULbBY$ z!8=2J)BZL6PkzgP@K4{_qxLz`lFz_?57RtP<9SZ&oo?nOc|6Xwm3 zV-xKyQt9q(V{KAs?iw+KRRMO7Kn4Y638cA=Qq(L~{`?bMGMjAD?_uoYOoYlHd5(F( ztb6TZ+As`{%ba7!j zmDcf)Ct?kG&bi{)nb~1rk#x>_;;Jg+vEv>u_@ATM$K+Ww^4{Yv#C)K88u>@Ze;2In zicP5MQL*KbRlaULYo-*$e5K=G+9u;wh4igCe#vY>V#~&T&3w10_@`g-9;GZ+8M>9o z+sWkr0Fhe@nQV8y7WgCLE4#aGSH_pqNeR#TG%5SE9*x|Z`@`W^!^>S3+S#<5NIuNU zesqjynoV>a&#Ux*4I==qki3T(B>md&tTc;T0(YuA3}cRlg&P@4M!n3Ivc-wxM?X$Q ze8KS!^H5D@#xZ2qT5*3aR*yTQ9gaJSW@(f)zX|B+q{(*`#4ySec-(QHQT46^;m33%=||zD-`z3m=Dll~JuAY0sN z>kFoEz+kl@`!narCY_#1p+*sd#de+_jyw1+14p`J@{x|7^zK|~jJ`(GZLU&SQQ_KD z0(kn@hRNbfoj&>Flp;XPa52zQ2NLP=6DyL4^5l)AcILV`|(u2lEN8?*539g4G-a3lYRQn0Hk~NXSF(^PD^}pf?^!sS- z=R@baumGUWb6H85Nm#a)Y4&*MD}-zu8t$}B2Tz6VwFsm~y8bBfz#jCxh-mcPe_zrs zw9#uKkL?|}RmZ2Lc_px&?u1~*;GRM3C}2M2BDA=YIZhdS*Nu3yP1YsW?DY*E>1ETC zBH{+_Jwf%LXGy16d8m@xGdnIfDLk!x0pT4N&b3SU+?9_3uzuS7pF>ps$w+lIY`n_Y&$im- zY{s6B%OGw}G1v^$`$J@NUNF>?M~q$CY3A}G*uwHude$Gq--$j8)%D4|IjFt-I>F)| zn>TtBQ|(pkYwVj>Jxcphjv0|H<2w_EAKtDfP`a?5_0kB8GLkYBam{F@bCyuCw%Rg zMSGie!Dy831UCb`etkh6 z@J3h`2e*17xQ!3B?UXEkC^*jUwa`M|QU?Ws^*nT~mcTPo)FhGvIk_pb0B5PH>9+PY zX|9ZbfIaGfkNXiM1*ExcGj3BdYq_;6=6D&(KYv_TRj27wE!;N~I{77W zv{s5nQ#vM-?2?GtBv5!9e_Gws<+Uj(l^h;~fzq^$u4Hpsgjl-$$##n*^H|cyFvx~A zCpa{~*wQXm+CrCheqtUD4P2HhdCY`d{hvJi^!Zsly4>dFTYo(Lp7tx*kmPOu0QFX! zT7}KjO>WREUZqZRR^-YuwJi}W5=)0c6pe@J%V*ZS>sGrGMLyOL?Hmw#)!b(QYBNf_%&fUkg zWT&Z{XEN3pxH3Fqc*A9vs5R3ywugOe5wyj#mEQ$CtSDcuYR49LXTmY*Is!?fJTa7v z7{Fk_)d_rQFts-NwXLt5v8pQ|#v9j)ENv8XSGLQkq;o~K+W?Zs_{Y6vy@blGvE+<} z##8!G9H{O5H{pv-Tok(9Be5A%(TCEzNjwpy_?RFqyA`9{`J#)ui zwX72*o!z~brQ$1zwL7gL^l#n;WGDb;9Z2>y*J|Dv)&`9f_7f1whC(xqpnBD}V-~D) z_O|ycZgoGjv!r+u1wVDY>(KlQ;%zTQ*J0LfR(NCxV^)X^pFn-HSrU7H{4K=Rt>>_I z6UlG5K^&3g2yVIcJlB}`U&3}eX1A_hTv{NJr~wz@s@Po>(zu*2uFv6adBRQiEe8CVX3#6JnOfX#J%C8!b| zu{xaXIOjb3`&Y1N9x}D?cf%?CF$5d+DH~+7g&#QlX-Zen51*#A)qF$ZJ9hrnjS~d~ zZre};+}DzL*Ta`D;#bn*Ygy&UjD>85J&45#8%9fGr}!c~MJ)RN0E4DfOUM^Cj8FqE zPt3l+0ZZcu_3sbrSNeXa>kP6+2~|B8+NvQchnncnt)0Ezrz)-7z?P8#`L=_>{*~P6 zUNFEySPH4Nwu7pGdS<2fyLKMBvS zE$yI|DN$Dp11bPXC-nVld3CuFgFbe-(ryE93L*MeR(JP-0cr)Sc-N%J|PvWTH z(QhJ>OH(v}nOkWnsyVKD%+~!6%&!*c?RW7lq0^Exr>HJpY3H6RBgdXCeG<|wCVAsU z-GR_@eSa#-7k0R$c?F(<2aRU47RSy$W?O5Lug@co^Tm6Hm+&i6wS!!WO+L!+Nt!g7 z$i7LsE4cLS{uTI#@o(WwKMeeI z`UagFYLPsrX(&v~l5ks&m7E^7HiWM1jDLq-E7Cp}{6+gejdZC6t;%^(lNkj`A1`j_ ziv8RDk+fUw3r>>o*~@8ZsDAx-N41W5717MBDbqcB_LumbWWEKp@bvmrqfxNBS2u8Q z>mK2i$9|n_<$oCbW$=Eh;cYf8BGXV?i+EUFd8dB=0B|wKdgboS56ypyIusr)y1elg zmoS06yhV0dVJJ~G!nANZ2e`r7hnT051I7j77g;EZ=2>u4)08%3XOcvtqf zzVObub9A=NABQys*{R34eB&KQ>+UP*9}RqI@J6Yn-)j0j{f(rH1H4Hq?O?xo5QzyeVw$H zI?Oi(nHn+-s(X*tk%W^xNA{xdeTRwsB`o?g$d`7Pkjgm&J;^`!&3t9QUr-EMLVJcQz=Z z;&fc#9267^PUpgZwNHhuyfxzeItcF}xqFB_{{S$icjJOH?OzV-me9`>k_3)C9EG6I zob$nbav+mWl4kOQ?-@L1x*rGYS6(02Y;SCp9#Y|Fb~p-v=ku#jDE(>hH;kh37Lljx z2)l#E10A?r;B>E3vXkwKON=NO`qVYh3{7WAwZE{`^!xi?KTEoa;FFI1o1a69{F(8G zg|GY#;+yR%Yf0A4iIUyG`ATP|e;So8hLC*>@rf;5+d!)$o^o-Yek=5A_J8qhkB@vc zZ}9&BP`hW>tzvM2-zvbb%lhWCYjku$9oOu+@%H}!_Avdfych8uE*{F#8w72ZK{{R*~ zAL*ihjz10|Z9>pmukSS-JOSrhvW{QmUEp$lRs-)E{t3KiY$UmlQi2D9(pc6`IwSOC zVc3Jg6|E_I);TA!<+C#(K4=&ufr_Yda#wcmPwQP~4cJ|Q0_1beSKF2f_}iaK1X!G$9F)LoskW^sUV= z#C|OJf8sw1{7&#C_|iOIpx?u(>DN$zC5mX=Fv;{d#wsMWH>Q84AN&*B_POxi?T`B| zd@uO%;rq)OwHwPQ>^w(p3zBTF(Ly*Xa#U^@=dnZIHTD*xqhCa3+;Yby2<|J6ymvZd z9*329k59V0MAac?j`rN(?dy+P{O|b1p-0oOk%ABA+%WJ_b3ZOThXOA*k}CSjJr9-j5v6PkMrjlu?I0KZekL3wbJ z?edp0o_cXi#HzCSVNyogz;Q@Vn;Xc|C{)LK1muv}ZZ>Tpx3>bX#Olzo$IJ*I4zvz3 zB92fz!6D)mwyOllqnlI}&7 z?k&J9Rk>v&(x+rJa{8bABRAF(UOHS`YSD!u*l{PfsIHg8`e%jp{Tb!G(&Bwe3>erk z1QI)nQK-#Sk>OXi_I6tLDW9SH6XevSMY@y)M`{5=Ky7fUn3{{UvX%VfnM z=o{-@YIjCV`gN{1*+3Mi!tgs)8)*_Z-_+CUb4c9#QPgDe*;^R=fUIpp&$HVCpz>QK zTO8)LAxPEmbbD^(c_;a?kPoeT9;YFi)^MvE%a52I{`3})GMXzmQbJgyySN>(Tn?bl zw=TttC?E`UqQF8g5*yfM-2HeymFzY)O@Cz-@R*ImI3tcJDA){3wUXL*bz-D(k=~=T zkpz$D=bz#osh1g8=XDv`=Mj)3khT}rwFSM^g}idOXpkSw&}nk)9wS(w%aB_?G4J?S zUv1(j?XAeTjytPq7v)x5f zSjyw)@t&zJmvdkiH%SO(-Z@iL^eJbQJU49{J0HAPkx0@zmo;l?Y~XLRw&f(L&2t(< zy`wyHY-rg1?@Gb5Yn^S5og9oF-CGUSf#4eIS4hW{ZR8WaIrgmO5!~o3?_$#7xDvQV zz##k9R;#NEm;+2>nkL|J!KsW{tXaisTK%n*Y>_7LMjO((d39g6D>AOYJw<9+YfYN% zpciW!vnV|}Q{=f>Scx0Ua&lDmtYx{ZSlIPfx7zTbZKt<-o^KXSwQcZFVa&3SLa`-{1+^=l}R-rm}B7zD=59tCo^JLrF@7z*)~ILRME z+umtrEkZ3w$!%~W-von@Sbqr~{In66G!_4b@t)FgqAHiBzhu}?9UNKs1QbyzGI(=)7_?hvu z!@5|xZx6`qki=u0V<$g{;Yw93tb7wvsZ+@KU&dZH*8E=LSAqV;w;;w2;m<+^T+r<8 zEun$lP|`35=N&$^$tssV?ivf2bvn(hr#55#c3oPfGP$%)@yV0Oun6sOJxeB zoQ>YqN?81f%j7FHc2eI{>L^pV&jkEXz4&S4O;SG)X_8;~FIBb{?JPjETg%yq`~mzc z)BJzqIdy-Ax~GS}~(&V@E;TNjSZ@3r1q=3(7 zaV@;5JAcnu+!Q!G^dDOJC&%CLO;6fy;g!4I_&>y&Z^u0>%0`=Wr`v^=>L1}O0U$Oy z@<$zOqIh*JVtzlDaqd3>RnX02qS{~Q-1!T}?eQbvuZitEE%B$}=ZpRtYL^jt_V1}% z5e3qY50@ayoO))v?++?))I;KRBK%7Z;D#lrP#+kezoMDBaVGrSg_Wt=4*XM z*aeP2GBM~!af;1J8mP8?FX2CpHkN-5JVo&PQSils-dzGk(ttM-2PAXT72p<8eU@nk z#!R<<^)jfo2NsQs#*QW4jfKZN*KP2ZNbpySd`~um;|);h5l?RGZ$9mzCH@jg;~(Qr zF-}6}X=q|zXzirxm-JHD=Y*`Mo^0{<`DnpJ;1ENte!r$snIf+_JWY&SzzX z3ZA1KYnD;5>T_Jf@y4U2>GqMjA%VtAc=kgJubPUS-8$FF?YwXWfw4NkPArJj4Tg=;npl$lm zV2o_dRg6gi0Dfb=V$E#qtq@R>vD!GG%BNG$U^honk|_|b!a>ODb6ta3M>Hx5jo9r; zvz)i5tJ;Q%S84-H)~z7Bv6!1NOSBV@Zk4?w zioEQ8f&T!(FTNm6@YD8{@qdX^$yu&^IrcbIwh1Bkl0WZ}T+i(l;@w~3XU5MOc(25_ z4RfvC$`m#@SeJmK(;k)SMtO*e8T?#3iU?#jiLDC!uEEz z5yL0^OkfHAvK}&c^vC62SLpBkpRKIge6#-mXBEl@7%F}F{41&&oVc3lO`lQIUFFU5@$;nt>}9`Pr_bXy}JM!B+-5H0eC4};KRDu-{{RWqsaNY6C+O2hh5p=nR6Yj% zuRbX0Hqp-pk*RrF%rQfe{BPm8 z4*PrSM&Yg!Bl7vE3m%+}!?`unS`IZFUqiv8l|wV(7*eS2rAj*asH;D{BjZ2Y&-P;Q z@9cl^(?j@y@Ot=Pe#`#=5n1&;6%&=v?;8&G>VM~%4hrW7A1N79$1B2b2B~6_plM@O z1h-zb!;7M$D=ks_H-;J9@!3@=)_=T;<(I55RhuNQ}LN{6-v*8OKWTRAX&_b7b+#sInBnAIhRp5~h*R$E{xJ5+p4f z$qb(=XQ2Akm@Y-!%_D_ZB%iHhK1H$AS?I~A%^V(l5Ucbr)2FRswwiQ}M&=fdIM_ZL z2Z4_Dtu4jMu6$$rOi5wlUlm!wq}(ONjf91dIVa`dk@c?!(Ddch^;=I4gmXRKQ9v2m zxWQ`r93pnH{&M{xvp;Rb)uGLG1sJa{bvD27CjMvYf5WX1_F&HsIi3R#o4Lng(d_?H)a8frU1@?JBTm z%W;v|Q*NWXlHMtrK{Qe^#t+@cts_2h&{_so3{$5b^z&egArdl$+wzg??@WT)#v93v zlO3~KmUgcRX;=>^a&kBW)}J#pj89JZZQvgqd|2@omEq5Y{vOn|{Z8U>7n~s?+8;7vJJW?Tz`FtPT@$6uvn48-u) zhNZByM)7vI+TOa$my>SQE_(&&JuAJ_^!uxX@>Xdrt&VzeiVT@U~-nE&mdz@d2z9B)QY12mW zuBmf_l#J)gJw9w#z@HkwY3~JmG12b)P4Pp=`Yw^8!4#JZW9H&QfD`fo)RSEl;95VK zKiePv3nk-^i?ZsT6!;NiCx!ebs1)D0DJ|rA+w>np>tBjmob&6m-OsLG&#m3u$kR_W z>`OBflk^#{Qk69w$(2hZ4ts*EBZ)S~gJ|}usK!+taBFuXf~7&}76@WV8O8@%ca?-~ zpsziu4rxe|*-J>CVeWfX=C|I*aR;8%7?z{6GN?c^o-3lV)55%IcN)bG(}K-{O%0n; zh0m^kW^dS^_JsYd{9PZ1z7qHoP=iBNA8OX`P{jg_^hP6-U)4A4b^ibaVE7&TGOdS= zelNpe@lWFD**dM#?uyaz*$zPbYm%*Ahjb~Qu@;glX=|m+V_~FeQD7txMiBrVKDCQ; ze*%ZMvx7J|$rZsl7h;LANf1i>$PP_%nx*u%@)(p9i>5)YSxcbOxr2G)8;EV%(myek zzle@2f>S&<6UjaCy^YS`r>uU}%_&^jM#bBmXe1%7Csc@Wk81KS5O|Qqbu-y037@_W zL8neVO0nf$D)@n8XJ;m5Tf5SyP=2nxt3o=V#>ckT`E0HX8IZ0SHtal#+t)hK?T*l zx+cjBApwc$gI{KRCjFlO0I^;RJB>9anSdr=yhnbtnFrdMAHj7?bMq?3NM{6fuJ1+A zY~#Ro`i5|3CQYgZS3x^1W6oL@;4Y9XX#h2ZN;R%OsvWmu1zy1BGkHSG(q_) z26tBlsYl_<$%Jn-4>->CBauQJ9;XT7j}B=%rjK=IlNc2ck%NMMmGJJ1@Ny3dc)o8C zX!@?DX>zVu!te4pJwX&)=z;7vUMRbUc;eLO@*#2*9*R$;b~+5`*I#6s;x>)`;m;X8 zsTwz7W7fsI(`o99MP(E+Hyf$~&sS%kTHzQ~SAHY{xrcZhn8|RK_-vPRH6`Zy&l=ORjeI-Oz20j36 z{{RuLjqI5=JEOnIz3G-FGR4_9NAsJ$lkxhUNNqGFpp00g{G^gI=o8x z+JJ^<&-voH9A4*CXJgU7wd^&iB(S%R3k#T+Ybhrrf!C8!=@48+eIzp5rNc7}Hab^T zChcRMZ0hw_zpzwCfUHLx_BF_ACRZ@XtA)-F8O?R3W5|fU+Ofn7LWrZTMl)Pw`gOLy ztJ_6scp`GaKuK}QtM+%?r5?va;tz-Vot3bN>T#ruFr^$F!|<*@O7P~Pq+7{hs9s5_ zvliPSU`m2>jy)+#is%NVwvVgnvBo_4Z!E)PyYg4syL~dx?eMaRp^jBK+RuV&ZEXyu z$mfXL`I}rBN2gO+HhP83^4vnHaRiBjzC|Hh=zGve%bWZ6D->Q!NL!qqFq&S z^@f)+rSkshkM)C%hu)CXPe#xz^y|Aw8firB_qPx_cBV-%hT=$)Rq{#W2De0&uG$4A zCsmUpI6do|mPsx1_GLSB_d&)fml#~1(_>X-y2BBiGW0dZYn#+5ia_bR z9Q8G!syQW=!$!N7?g(Lu?Z?f5%hv9ZtQIl~^l)TE7+N&HW)>NhsGC+zV% zfyybt09VesuBUS@`I6G^Qn@=2a!Bk2XD=c0jMKDBYp5;t8CHER@=?1ouPN+*D#W{w zQnuDs2A&IxZNDj8?%h~QT?FDttKuyx>|8DE@xs{oLHxdz+-bKuhNChaPG|Xu0I}fG zQYFCab+{%ibs zEtaRKTgRm_lS_~XxK$-gGG`%1J8@kmhaKgxiaG6>X2xUO4jp}K-8|Sv+nk@+b(?<| z+gvT78e`53&IdW|k4zf+gIK;uJU>0unysv}qMwk;43cNKT;`@xxvF+N7en|F;}47w zU23ZVo+B$lk?-5E58@+_&b;5mAG7AM;ja?g$V$$hdIwmC`k=kI>&+z;ij73iRDj`6NKFbWi$kz;aEMW2guX%qN-9(yH(Zg&S*;X}n8Qcd#c$)kBQpy|oq>9O;RX;D@ z-P7sKeKRhFt;OLvY_09(z0)-u`BO`rsT~6Qa%!%QnA7Nw3DvE&{T5SgA}aZ9jjm72 zk3nAB@N-%^)c2ZBY#_h#n2#_57=fH*kCfmVlAJU>i{Vf02R?!E0W^EK#f8C?BvF7! zx*6btEA-aIU*mR_1^&IE>NYK=IcTmOFj)Gj&rZMOR&$N@GM<{AVd9N@;h)3Ja^B0u z8ti&(v!Qt8ashT7tLH}XSHr)G{{Ru>u)nvqNY`kUnR2Cj914nYPf{&?PiXN6fxHFq z*(23_5i?6@;}04gz%a&09kcx^=Y~EdT51TeUFtJwYt}WLNZjCb{VQZ=%c=5z?G3N| zK#Im$;eu)O2xK$)vB$lWC!Bk6(!SgO0D@m>ej)MqhIJ;^?FHSfw39p~^N^(QNcHFR z6mN5AMEzL!qo`SUE5a9Z-`W}M;8QTPgyoz7MnLX(ug*v`zXNzVnSNEE57MLukdiCSdwTf*L+=z7>zXbe4)U9=;zp~bJ`}l(^#D4G~ z@;-!`_XJg|XA68!w>G#@(lO%0!vKEpS z1QZ!P2iClo;@b=ky*5j=Mv{~xBFDg-1;A9_$&5h@Ga)0 zrdnx{!fmCQP~1FQ#_wP9Yi|4DM~050uY5n&EVSwF?3tv7U4Rt9HH zXpa>5TjESwCZ%s+x^|xMEQ#fCrGWe2tqmJSEaH3vuD64l_B}&S)@&?NHIf^qOh)W` zZZ*_P<0*Be*0o(O>gVk-#kra;#Bx221vsBF__FiGe;7O&9plzUo#yx6g zin+ae46<5@nh6#XK2zA5`48jg!~3ms!(+r6e3QPRr?Gip#|;M^>zk;dEl-0j=5%>P zCn|n#UJZ7>2l1|{@cYG@Ka2GL06pFo^5%{_eDVAJF3SxaBi(*TQ zGEM+q`*~B3QR!3c^l0jf(EZ4X(%x0_oUDuYNIZjIS^PfnRlcvF#Rb*c{{Uz}HopF( zW36*Iu}O72Q{wie<9`lm_kR(5Cv0`wT{R?KXGq=h>NXBA`&awx_ks54K{fmkf5AyU z0C<1k@9hoZt1k&P*ZeC#7c+Q^L;cng&E;a!TdR&Ru3H1B93Dj|%Uc*YpOZS0#T?Vd z=-z5f$$|*vdR9-G$XJNOI}NN6uA`+~^d4%Eb`$78{(iOQNm-P)KRtC@#9PSq zeRKUHE5vO-ShYAHAG+CI20}v&BJm z9Dgp=#F)XwXmc5Eg)@P_zcm~y2?2<8UaSv#3}j0fMlK`)NaTGf@v5|hsctx+(j>1N zWE1OCMnXp6iQAsE&bmQ$YS*^0c_@-i8;Q|NZQROo276cbh5rBq3;ngA_|5R|#6PpI zjWvt=e;sMkB>H4mE*wVcyo7$ZAY#2hjeGXV>NP^sgQ0xt!Wd{hzPf75UM6 zZ^vAN&por(iuPHhv6UhFJFo9od?b3}xGJK_V)Eq+bj5td207G^zP-T}{5gNYbU$Kg zeii&vz40H0veR^=CX^k0~1!zOmHpJd2~Y3Hb`cKV&`nLu`6+#Y(<8b)p04=85fAAa>+G@~M@ zm}fZcK*^WFusKIiK3)b-1lLJqm(g4OnON;i;Xt6#K*x$}qR!JM<<0=dO5D@5*fkr3 zNnI_~jtgU;pj?M5f1%xJdi1_{Hx}v2I)k**-(5{KVh=GyXP$dgXlfly6Koe_5ZiN% zdsnLHR*+li%XrrR0BVUw4td*1vzyg!EpBg7tq#Q={VQU78zH5`e7CVk=Y~$=g5dQy z8_hwWa1}Sj>zy!e(T`jFnU0ish>V)5Gq3^&Yl$OQmTTtm@l- zeyhhy^$j1y_TC%&HQef75+eC%Gr5TZxN5-q3^t84evj+6v0V6LOSrky($eVLMC9We zfn0(=3{)Qm{AuCO4awro2UF6bmTR>0BAKHE76XBvzMrLYHjnftg>$(}E~e!zQeT2c zGvf=>_JA$Z8_7FIL0P(VQ_COj<1GCSJ!=E>oHk^o6m&LvRsE_Nni)K?&T-Pdu=oO& zlHAWcaogP802Hf??H;10aX9hVj(FJ}r^T&W-&;k~BAk4VOROY=!S?H44C;4w*ZRfo zn_#Z;nF>DdZuQAf;K1QpvOB#aLAKNE$c8BX)zE@HYnjz_+jeOYqc*c=BLf(&L+|p+ zW-gC?JaSJHGRmZ!6+MM^`c2)v*kmu{zx!XsO>TX*4i+@uFu4HkQCa$f2?9G!<(%iQ zUuxD2`dm7(oh`&gim=|x+ckP7QEo5>)6O%^Os0Bt%BvA(ZHt99UT{+YA+B1I>~*7> z)?j&29Uu3L)ON)>#FbT)3}jb3kxf{%vpNUd!#U0>sE*?P;yZX%m5JbkQ*+P6Nf~}A z@cy?OrI|3jyRXmlat&6|JQ!@GK|4lelm*;5IP@m8jY}R4XvSNfpJ$@ocy{VA(a5<0 zm5A-_Uq}2u{ii-A{35f5Pw@7usWp>Jx)hPa!EWE~A6n_7UzS>*2gf`u49^7VMcQjr z{{XKe=xsOl>(M?Z=@NKH_PqE{;SY!&25CID)Ge&lq_S4yd5N=}1J!UwYt8&${{RGY z_)+nTNPiuE!Jiy0beoHf(=LaoTpOE07?ZU@9%NmH2tS2-DaNAI{&RKnE)K@p{M2Qx zyFc=4@bo`Dem;K1KengrbEgj%{A>6#aj1MaNtPKrL7>VmqDDLhmLPXVq>wT|$v7P1 zyx+io5cC~#FSOd~mXds|3V#ygv0k9por$30?9b^g0r3|Fo#EYlEVYZYmX}ZE)3fy_ z@gIy}WP4byn|^xq#Wz5>GTKGwIFY)O+}D#1`hU99NdAJP12r)n`gZF%-P+ZH)EJc$sFFa>hUXA8s?*ly@R>rp6n zIuy)ln&(J-g3WAtF&!&P+G|^gi(y%he@e*KJC2=qt~YQxX02(?QPmlNIl$t#rpzkN z#XTN7tslnG{kBN$HE6%mwA-khhWrTjBaeFh3Gs%Ds(#cT0JZpZ?E=eI@gA3EOpJ^? z`I!Od)V4tS{*~y`li2*1h}>0pVroByugv_;@E)mi{htP#a}~rF5Dk(E4q04qRQvH> zsDmI931L}DpL0U9al1VC#`dh%_SZ@`fiMroNEP+Z!;7B+{B!t0H-YtNtvo&PH%3fb z%$QSq5a@en{{XG^rx>PAGaEQXN}jD-?(6s-Rd?_|$FbPm%c9%Cty{(mNRhbSsydu< zYsIJV;j>wc&^5e(l2itn>4Y-L{JKQJ)=0G5h- zkH7lS3#PO%IYcavF8(s@o-t`7uP)PEL!26)@ycZEC^@l`B!8~*?X z>S>#ckqa2%A&Bk5pXXlA8ib`5*H81e>V8MXS%oYWdQht?dq-t{uGhEV&V%6|r(xm( zmUCZQL2W2zib8M+0P*;ditYSm;9+xa;Kt62k{Ar)wDxD8hsIi>K05KAhwU^QrPM9g z2+g#NcdlLtEOlsRASc>a?vGmLojp&`FmZE-F*F`1y|lIa1F+nOYLIYo>0Z_F1L7n; z7x>lio8msJV>YW7hxNFxCRA=jBo%xP{{SiJ?OW1~naiH!5yfFD(c7Laed(j_zxXUS zfOLNpLGTy$q4;*%UbW%7{n}2cHLlX~q>H))b|8n*XLKkyPYw$i#;z=ki%^3 z7D5JgkEeRewlnXINIOCwT|ozWlOK|5ns;Ff^Gb9@O#JJFZdbpM%v>`@xO+z zpH97sKtP!R!b%Co4e)1+{v7y<{u4Eii}cv!xr^ojWs&|dVd6_)9{88X{{RfUMr2mhZQ5AYL-(_v*EXo z^fbNjcAzCjask?`P98k>8^6wL#(X~wkA(bBs(5!!zq-BAp?~x_WvM%VVE<^M4s>Cr`bHR*gxunXue&hu)A8T3gxb2ogcRj@6fUpwFgA zB(#!gAnZEgp~PoHVJ*y&2Xl?M70P(3ZGAMoNa*nyE+j%S22MROU08Z8v&G^J^ADC_ z>SM7|<);O9{{XJ7=)BJ?(Ek8t`|l9gNvms~B7!!Z_sa_|*$Dpc11J9g*IudNuY^7g z@Pw9^dTo+5@*zUbx!d$6zMBn7$o~K)IHNq4VUDegm;AhxrT4baRklHZ&M_bu#cJ4w zyt|IsvQ!^h^b|XvCt7DwbKqOnw-*+(E99I4d9Eu|v69L|6!GF=$4qlpm5vFRH#Y$w z%X1*EZflngyNOB;YKKLmYVT_#PRD#?;EeS5uHNoZdHcWy)6mdnT(3!D1bjL0W}o4W0uVM&9ARc8a#@&nCc8MT?R+_IBC>_` z4NMP|`kKg@NQX}FZ;5*tJ*-h!T1H_5868aq ze8({*-j_YZsv!RWNF3m;M{}r)KwR92)N!=&NxchEC`ouP;wY-oG0-gz*g`Bg?({RMbej($4$V%JB$pH$Rg&@@HQ`b6^xnZAs8 z9qVdvHjEGFH}=K<0D{43e-AuEtavN-aMk7UE$LY;?`FASBq&BkLu2MO{Oxk$<>z57;NDIBUJ-$wM654vj@TS z&NE#yjgLB{$R$y<6fM`B(_>A*F~M%!RGh8#B#mWl$Z^*^RPaK{BVh~Yvv#1svu|&^ z7*egfjCZcO%SrQM^I9?yMoA`u;R~LZ@Z;epjlL{+qe$>S!tV^~ek1Ws%&M7&0?|Yd zW_(~1#})k|{=}c~LCYIC^xue|weN^-X1H`oZS)A7D#Al&2OoR2VODm~@25`NpVB9U zejoTJ;irdm?+N@i&@}%533z(l0tJFFjQH+I`d3dXT1~XD^Da7X^{xp@`kFad<~3bD z>QY6-z}p@I)@*i3YJesYdt}!vrPLzsW8dpm+GC_`B8gvs4?=5)ySn>ZPaXV=03?{m z<2A`Q(AE*^ar(xjEuaua;gL!Ci0fW`bK*OA^CB{Nql4{PrF{)jJgddNE&?WYaLv0R zLFrx>sQCJMzSkT&tXgWQEZ$>n$R3%lx^Oj&d!HP9NBGBSq3RDNjeQmU*nB*vkPpz; zz`qkdH0qaH^f55Hy?Lby!5j_1p2OO^BOZowj;79?;9negqwMdXSVYk<-tRbJf%LDm zei?iZx6va@+q=2$uH+$}-a)!FJ;17R=w#r1Q{f+k){#s0s3W(8?%lMnTK8=h!%NYy z(!jE~{@}(9Nt=sC{*$R(T+eZ6k;b;V>XF?= zacMHgDl#1KNIh%6(xe*Ljw{KK+%^Z!c_xBc(CXIfZE9^xoy1@f+PtGl_FG*R zvASkWrJ`PGa>1$F!FO~NeBA9)JAqVWh7`7tM&&18yN>mgrE;&(lET97RQqB^W{@A4 zft|GdN*!`GiLGHfGxKqZkrQY-ZnvrGNd%3wXXYKTUcae}{{Rl@(_29my2XqZOdR{> zsUh=pK3DPOrlG9q{#KcHHlHMNd4@>(u=GCF=bjAE^y^O%E&jSb)h|0=jlqb=TGsX| zFS+X%8e;kKPXkX1Fu>e%UPa8#CqPCDr2x*Fy9mi3{X6g=BJ;%fL zcheXxbs+ZdfD4X6BfWPM=?2-vQd{p#^~YL+GStg%ZB__jVBlf0E1G>TQi|>yi)SJ= z;n4RU)B$;-p3T+W14iwG^7Ntg4L)m!i5$kA2iNOVmZZv7ItVn&Z?G90TFVO^xXxQX zwdOt`@YX{`Xzai-%KC#<$UBhfmTzVZD$g-vj=esWc`RDu`7Lh5@$BV`sTua6L%Ech zt*q(EYjFZ;_sJ?SQr{=tJ;(E}S<_N$`v{T)8JlQP&NEsPaegp^#dbF91%wRD%nJkj zOYL5Gx{ryp)ql4riI|WEdw-1sC|q4#UNLoyNiTZWx3ZAJ7_z855uR%~h?7mzwFr#& zF~(%H-GiRq;<^)K6p;wpHRR{76)xaI_B*>W%^W9a>9>(qqwwtaHZtoTU@W6)0kO27 zQTS12$-hH_ZA#V&*>9!|CP>C|O>^4a=8bJ_B+y*_mR27jW1pIiR$B5rg4XUkn}?H7 zxPt2FF>Tv%y1g~vPjEw)Z>9T=XO#wjk6d8I{pR1Uj|=xaVfHqJSGK5TVq zCNiT;!*O)}A@5x(9ZD%7xzoySNe2DHx3|4qBheFcplw$7STWn{S3($7vBLBo!mDaJ zRk~o>UnS%#z&#kBrFGLodz0_0&kN za9EPq9`&hbvv^}#ySubRo_nk2Eu4|ck9zH*mMGk@ARPYy6-@Re>|Fa&GQ3`7Wn1`t zYSpfRbw8bZXg5O|mSqE#_pD3`EhK8MATH&4fHG=lNp2zDh|HMJPL$FEC2f49Hvoe! z>}@rlHlr%sGJsP(M{3ql8WP%ZdXsF7?m|Jx;QcDPX;%UdO%9i3r@j$nUZZdwMt_xUCc2uX)CbFX;xB=*dVBF&s}VY9rrhdH7MhTKhTKQH zcH`DvQH=PKE3N@Bw%MW zieqqP!;Xa4Eqxv9v69|IF^*U<=kTG*#_`xlEG_P>yy=wr*~SUzDy^S}?cuxoWOouk z`2~*SgO6&>%b~nphP~E>4dhocE%e6d@fwbe^{yIS23g)Vw1urKrZL^J#}a>kto5LJeToaqf1L_(sA#8FMtvDN+oKM*ANIMkzAvzs_0%I_Fngr92Y1FO>Eo)n$QXJN?=&f3qCcWbdNyv*TS@CK#I#7bQb zhwV1)8#IxYpSi_8*OKg*@|Uq3n$69bG=D30YvO+oPjx<|Ws)TUxd#q?PI_0Wct7F> zsjA(@B-Zo7LWO2LfISe`(Q~7T$#g!D@a~y5tqXmQIPQemQx_YF134M!YvX?%YPVW% zi8TrA?`|w^AXY)1&A#W`UjqIwfu~s7U200YlR}FmaE*;2$6hOL=i{+aLnRZ;JVoLU0crZCrE_Be)AcDI?F$|TWL)() zs=hAx>uacZdeZgmZKs7laL*E9o43ta@*74cnD|@A-`clj?$Kwm-c=(6j4!{vdW<)k zb+wbnBPa61XC}}Ms}X&z0crYx$tQ`D;AS2=85*W z72|mB3CTG*W%MKY(PFH8{{Z7XQ%KVMSAB6Exx2DiM#CFrq(FLA{V&8CABnD@w$tQ` zPnDDfjmbNyauFzKao!<5BJj4eb8B^{YL>ACFXsqIMhCDp68N@v(_x6*EKJ#8DN7fI?nM0?c93f>9?r@Bty$(&m^b=iVY7$@b87Jbv-#8 z%o69W!kG>}wddY5_+PDBUbH%PgLkOulPD<3zyzO}Mth0{%#T^{2ZuCMrCPyxs9ae} zVIg8=1cS#6bN+E%e~$hd+W1St>#GaPY4EEcc;p1QVd?l98|q@^bLATk7vIZycczpU zp=2Q(H~PgsqPi=e3pa^vq=xO$+zf?u&gJeu8VilCab7?0mxtRx&@W&SX>NqYc?lRK z4DDg*+w!lWeivwdDc5{CXu4&k*NAjG7#c}s3|q<{%7axa9#`?A(@wD0boPQ=NpS|| zLfH!4Ptv(xhQ1ZmwQWw~9V*&e%emN)VjVdD00BXyWO@gNya|7&c+*VOb!lcubmC>) z!wk$igZWqMN5fCr@8MtkAv0)t--@&;Lq{rfF8Xl#?{>cTE`tU(ntqw$TRSaI%IYB-MKCUYzPWxkpFKX_8_P|+^q(X^?P zb<8kuah&15E|rx@a<(pOGf&0e8#I54f7qA$9n2BwamHe}T=5|1lgC_-w(8A+u~U@ zcr2wpR`~w_)kZNPUdon>wXc_ zJUg%WTTQsOo*OGk<2%Zx91sRc9eF0aU&J2>^_FzFzqnbnyMW;tKKx@i9CP~9GLvZf ztM+`={2B1;!#6$+*7SQ@{Ypc+-ugxT;B0%>)!z%Qba=c`74ES!HlJ|5TkrdbIpllu z*XdBxBblD9t8CP@2ehzbd89|3gB%WPmH3b0uK{biRkg;IduZCqLQTcEkTEQyrry;& ztXi|+?-@yDW2Il}M%F!+szCCP2G2cl*QIzjfPNx)h`yl|vde2?_XVQfafR)g*&+I# z-SC(8l<{Z7-;7pTe~9%pZwoq*He{XW?&IE%jXxN5HSu1*<6REtRFdB721Sxmu8K3r z9s1Uu%&6$fKLEAcuNC;WOYt9ym0P9;P8%f8f^RL+t4#nV0?K0ByPK_Xe zz+v`=0g!>nJbqOYjf*}Z{j~MVT^CHU*Ss@nB)1E2sVQHWgvbStpyIwb_+jE3CHR43 zscM?67PgW`%Nbguxhrb_%J`nM5g=5mk z*)=Gx5H}KrSrGHnwRm^OuYtZG@Xv;A2ZD4+wXd>5j*&)k5r;cl@}Q{7#cv0ELAUYG z!*%d~#9s{Ccx%RsACzI1A&FEBVMow*`d2@pXqGw$hqa9c3p7aQf4svjfKLGWe}JIM zbvh%R@TY=rbeJ`3{So~8c%>eC3*KMZLuSLd+_EP+f9#?8g0^@<} zQ6^yI-lylUiDGjDlt)L|=6QX!3@6xtT=%;pl3m&+qOd4~`Ay$+f zp>hRa>af8hybdFpIT52}aq`HdV+OHt)P(GQUHn(@ME?K|{7rGCLXrKF=lv?#v4BvX zRC?nz=V^8WVpZIo2p#F2aGCb^?9Jmn8(i@2rSQX7mijvtSp}}+xNgB9bIo^uve%6D zKiQ}DsQ7L1S3;TXWYcvoBKp|5PqaeKf~-fXlh=&WaGEElj$!@;6$iN-= z?^rGG*erh(o+U=|V82UAVYpe^3%Cj$_OmG=mB&y)6~suAhjtup=jL9u-A$O(rd5r0 zkOAmUYGdR^;zd?gW67;fR));e91Y>4>x@-NBqd7%K>Bo`%bQX)kuVDpkEdFEa-rR` zz|J&k#ev7||PZ*gW-S%yO7cCR+7)VrUXpBg?Gcw@r8FMV1|nJoN0 zt|rT(%Z0MK0DwnqA8$e4zdOHZ{{V#6{{R*~7VEkOt#4zgc!xu_bn{|R9{SCR89t$S z{0XRw)N+;2nP{HjHb zB6TR`_i%C1Xeut+4Q!c0jIxfN^;Qs&*{AKWE>=*tF z@l}*fbV1@foxGM_%y#?o54C%ihjV2fuXW)YiQ{XVVkfoiOlQ;7aa?sGZh8a3Zal_d zsl07t(>3sS?a%uyPy0}Q&E7Ehb7cjr{y)+j>mC)jxB!N@ML)SG`?4u`$^QUpPio|_ zALl9Yzu``?@N>tqcy{|rHWpVC$tAom$CAO1nGkPPVBA(lnWpLbgF$uWubB=Aanuq2 z0P3u28z>{)R_{Ua4}&f&wF_M8(C%2|OcCrz_2RyMfZcdx`8RAQxQ{F_Huvz zO(byVk?MZ6r>5R4phO%v=zZuqAoV4eQCOyXWRXkf10Ab>L%G=@^PDu;#way9ORF6@ zB0H4%-+18Sup^2)RSy(}+mq>zXbYDt^(578Zozn2fGL(eab9_|Z_D7T+gVwqz@2>4EWwusf6OWh zXx-_rHL8&yM^TgV@mbbBcAA1zZ=JF@?^7*}l&*C4I@F92C3z1Z91f6g-{YwK9pkb|byHf<#Awj(N}j09vTq>IIc{0?rN?e}!btV?O6(mr#A4 zA+U$XIsPj7Z{weXZKX&&S7Bh1+(HW6Mx#5EKYJbPDva)j6wXE4{@Mw@) z;BI3V3hXfJVbHJCit}sE$I@Yz$Lm$*ucm8X4m=Yy zNjx{LqQ@P`llWvsBah0yQ_(dWx7H#aRo&(9oYC!qHaI(o8Lv6B`qPB7w6IX7^waY` zztH{_Ynq*~zP*K200#$y_}6#;01EQf3s_Rp&RAFv-V%DAfI=@ZRv>`wPa=QVpk(hi;)?&u_%o;LZ7_m8c4vp%~4hfN(wx|&uwVz@nxZ)w*y zOML{_&_!`?jj}5Y~Th8V95Ki$gXmv%hu!VDoM$2}B;Y9h$ zxTLf?4;}bTlE%tt0mLI<$j=`2q8pvfIMH}zaIQK@iwvG?-N+eCW_+H;gCK$t40pe2;&&(n%WX^XNSaD z78@|3>@iSMkM*iQS^f`y!B@U3+e3Na-`aEGe}_IY{4%^xB1!C`M7fGH!Si8YQdP!s zFg~@n@yq@RfBOgi-2N8Sd~^FB>bft&?~BnwFU_u-{)|rSos!$|2RvnX2kI-(r!Q;n zJ=y$E#ylsQa6V-m*C?BKc|BL>8FaJ$wO2owUyr}D7wrZ6CV0zM(0(@fYfzHf-d&OE zaYn`|BL{{jr%v^Y;Xe`EUqTL_G*=OjFu>Q3io-azq>t>+4|wklo#3O3!@pJ4KF6f# z`kNU?Lfyd~D_&W5;PhJZVd% z2TULFu3yDAmU_j4+FSz5<^#7qam`P(w#6iL`aZ3wL!m*V++SSXS|Q*_nbA|H%sN+(Nvghu;uv)6#vW6W0QD3d2<;=7PF3P3Xgmtovz7#H z(s2Dbt*Nt`x+?gd*ZW@H6t#{xwJ3r6J-|3+KA%ec3jL7&1pe9H3jLcrfAP=Z68tRq zv!`6eHP!cqN%|=F6T3*~zyA+$Q6(M`50SLte@7+r^#-)GY73De+4{lI|fPjw|@i9^Ho-$9#HJSnZ6i z?0FxLtu*foc$J~i^>M1{4Iwu3Y}iWm!5+1-r0Q1pn>O;Ca!-1RTdA)jJsQg2F$~7d zpSo*?@nzzhi#uJY$iFZk_o<31521R-C|)Hy0XXN-RkTE1z@Z+MCCg(zNWOLor)^ub zQ3TM=fO&{_0!Kqq%vvgVx5T%1mu(E~5iNq)UiFPV^{ualwF|3>wh{OcFnRqbr4!A> z%;3BSs!ynRk4I}m9Gk9!ht5i`IW_wg<9%K|BjGoOwJ0r;T~f*&lB*0E5ObW5$MdgJ zgio5rROoURx($}S;oT$R2Zg5dqMzoLATVQ*aB;@@9O z{@OP`V!lO|8@p#Y*b#?NcOPC)Ojpt2sh`aM07)#Gt~ZA#TMX@24%I}{v-fw~U9WFD z9}s@qU$K?X?8B@-#jk`qeaycEZ)Pi~*(hln!uKxUD}&eU%t!#Ax=2&iN#%SMc)FH> zV>RT9KIp+Mo(RQt%9e-1cwNTtJISfy=-O4O2NY!OLh+pyx`Gw=;5n zul^YN8qVY5cCD>=Q&8|PjjntX;yEWr)25nImXcg2A~rn%Zk_AMzu=-D4t!tn1H&E} z{jlxy8SH#t;nrOP;trVAj*=$yZ0B;C>@IB*SVjQcIvjMa8AYGh@s-kNQKnr>1)&f~(B%po z9A_g3Kb?HXsp{S~_&M<(Mfj89jUw@+vXNXod`EJd^2pf!by2y?Rt@NWn|w#o{44uY zd@IwwBIpuY=$<&Si|rHINgxixZb~24zdrPD4YseX-NC1)ovSMCDU7$uPan>-vCgVB z4nu!Q@mttxljs_R{{UjtV}C86lx=Q30qQH#udHr0T{=rSWesdcn7QeYJ62Lw(AU~_ zJkL(^Y_1G!N62t%)pT7p-(1r*IZfKbac-g2O7S2k1ZTHVNi9m1M2>ZA$S>M3agaLH zk=lB#n^%5|xv9A}1dNQYq3uyavT3}D z4hDMSz4}VgKZYtuy>(?G1ZZ$Zalx%EEnd-u``xqBgsx!sB8u_tKxd7d zsjF8WGFylyvs*ZpCsFehAEj3yh&0`KEhBJ@K5jA770c?Hq`H;Ng~@S@44#!BWWjC; zV#g`e)Z*Ge;w{QyaqCD8s5IZRA=;w^ae-TQ+GO_%i-l=A0g7Nr_A6@%(oI5W?8f3y zH&@4?>TB$8+57fX_`Ul=YEZOVJNQH4)5n>$d$`IwN9z)wU!`R!Y6tCaz|Ywu;ordx zGRl948eASA@nlELxYVyB-0axL8;2G2)UhE3>sPpjTix06vG-4~=~=N$W1`WnH4R$a zrL~yTtrv~NV}HF8>QL!ZKA&r7_gaDENw*+=H9Y8r4(9Hc9;qA;ai}tu$NIXVZ{iD! z>27S=-K|zLmEJnh%!*Mty+c_MT$HpxZbt->z%+^EThp5jLP>FGg_}Tklf5B4z5qt>N zwL4)vJ~Z(xQEoO?^N9>{9zN*f0N3*``%nJdKO8@5Em*d@tRhE`;z*X)O=*NM2%}??c_oi>N#>mQ5x(pa6ppyBN-EkObz0Xdl`I36 z&!#)lILT%Jj&V^aoN|#ciP$QXJAHj>)K-!wR6?1^=aEoL>{*J@!Dy@u&8R)gkeB z$4TM%bMS!*y4xMmUEL19Hh59evZ+$XT{?Eu{;K{1e#;*N{{Usr4e6d5_&M08LX>NYiJaLdei1n|S{7Lan&|O@? zX)GrIhAQ0Vx+p;1Bj)cNe00(LI}6Vx!PG8MzGMd>e=OI--aPoZtoX)BH{4!XT49s~ zeYppxPHWMG7Q{+j5$3u!nW*@@wwa{Ednd?4OoKjI^(6H*^v{AnWuFFKY1Y^NBY*8p zaT#4%qQfa2$)_jL8J}SIL*d=lon;oBra5%@@@(N3d&Y<1Ygu6-t&DQ0^zT^8 zRw2n9W}W9)H1I46;C#8qBZ|?q@P*azp5_~ej#WbB1I9j-<13iXea>Fa&hFn>S2uFN z%fVdyt?yp72aGM@f=eAi14h9Qm(*6u*6K7!)>j1y z+Au%Dyt3i-38kJmo62nANvR#q`@>q~_L^kYlEzY2{{UD4``E72Pw{n?&W|mjw+$}r z0VH@ldUvaeGn43NXu6f$7iQ+#*~;!Y%Jdc6To%`nfRN)HjDJehgU!!{MxOVOE18x? zFY}y%p5IFO`{Evq`c<{v#+aKmBn8mtdKWxa>WxQRkZ9x;RM zUZZWOOfDk(EN>b%11RKTxuqMHbY4J77E-=jbr`Lvd_z60(i^3>y@zho9D^Z&9YM`C z8yRymI@0bqu4a`CZxfP2w>wQHp?!55B=N+OCNMUNV&-MLUxG zc#MpKJDhvh6L}mq?f3K8qb>}!+p=Yef}LE#0l&}SA}>@3o( z#!eUjI3WEG=Ru-APtbKc?K@tJLA|oLxVS~bu>_6Y#=f-h?wu^UWHUXf_)MBxz z68TxxZA(ZCZIV{+f!eKT+Re1Hy2_G3#{qW=jWK&$Sf; z1}BcaC?Zb6t-DC1`MGd%IHeLx1fMFqHh2QHgluBn%>x{lC^8DZdG*auYir9%+{hGw zeq0aIw}e=Ytt-mD`%2DIJP(ymb6$1hEf()ok$%e!yrB-?l|Vm_t!OnNd^4rJlQeQd zS&z$=2LRT+?YtoEkw@ZcWgCx~lrN>V)3!>;H})R2mnOG!BZ)2Mks>2$0lL;sHXIRh z-sQq8Z$7_T*R$2J9Ee@e9vB0HN795}Dl4qk^G%hzOcBwJF2;5*udK#?g~(Z0WLGsx z@jBs#xyb+_LEgUGe$uyg&2yw^mX?}~Z-r?dFxzZ6VQj9>vgg9Hv`MM!m(7)J>l!f}j(M+V_+#T86>Y8~iZ;42fH#hIx20(Y z+d1l`W83EOWE#egC8U~n*|YxuEpkH zaLRTT+z$lTM`vL7Hu6a_qO#+u`_&w*Y1oG9&8=e>54Q?_=sjzZ)ci|r6v+cwa2REQ z>-DNs`<2eg?KL>=!?!mhdcIQmIjapJHiFDHjusp62V!mMI;A40qzO zFCOvyn1cfr{{Z3~pP{Zc>|OdDBy4UXL>B)5=?F3i8O3zo8r5Iz!rI`=P5?Otp%q_tOl546m9gKOdqSND=W!TdZjhnbN z%V~Fa7x&T#t%PeMbqmIGRU#&jPHzj{K^VAjj^2RO322MvZQ8DbEIlg;BQyEN@g=8; zb-fOg9$2^f#X7~rF{mKBVvFu~+6pwC*6=g|1mPm{zx8o#)W zY*N`_xM8#@bzzf$GAq`+VXj?xi@}<5SuMq_+`t6#V&xk-`S|aO4WlE`{ttXQO>r)U zv87pR7xKbTw1AdW9;Us9=k_`9oy#akUY;}!BxiM%@>_Ql)SStg#+OXdYp@^X0qcBVn}KkW11txLssQ)$zp zK`c=pHJIQ;q~JFn%CNp5d?4{3gM3kUtZLe5)pVd=WbtPqbJHCU*R3n`CS8q9E5$l@ zhV$iGhLU#e~I4^d>`Sj6L@RFdZNjsT`un>pM~f6d)ASN;&giF zfFxf5FOB>~;uy6X`KM&Kh-Y=UB;y`}y(ji=)$RNtajciI7gEj))`tvywZ=2MpwC=W zdMg^o$n|Y2N&f(Z(_GfAE*YUOZqf%|n+KfaSH@oyeh%wD3~#5219+1{x;|~K^`r#( zZJ)U3v8;-6=zXpGBx*kpyaLy@7y4Dso8jr<$hUvuED6YNxaOPUj|S+|c#~6>Pax_n z*^|qVV`)Ce9q4acA|)qsrm^thH0xmY(X%`;iAe{Q1Oxc>73UgVwvnyh&3%11mRQ1} z5_G^l2tJ%vZf0ud)B2CZS!{GYGXDTU)U@d5w25O7spl)5q<%x1@y`-|(S9`6ty0qJ zIAm9mzR(_1!utW-)@F(anrJ@}_4`DYJu>!vC~jv|R~T|nr=@dVF7bA`;*Sw&^J?uZ z*6AKT{{YIY1~XUe%SUD5uNi;BE9B~F1lQ>k2|h(KGYs^{rF*BvuZnhG5Og02w}z}1 z(tV;iQdBCVJ$9(*MJZG29M1PTFN7WwySKB|VQJRlDe@X7CwU})A&TTaD*O-9(@K+D zS)#SFpUn+~IT9~8$Q^kUD3Q*2Ps2Ow0OP^75;exF3V{@3Cvf*Zwe6OgcZ#%#qqXrC zi!^B??ane6Jvltq)+P35C*x}^Leo&vFKo8JqI6s$XFk2XE89FD@eb0`%;`GJ@FS_- z9gZJwwF6Pm_8$WH^5o5VKACa-p{FCAvN^(lI`8)4zdODqckGRpw?Qc`e}r?M zdi1Muu+&edz71&_Jo*%GYW9;$3IObcbq2i);|GoA@DGQ)Evx9-v@DY`j%#Icy;vM^ z&0{86oAB4gns>x)R9I`#+uYjD3{s1P+@xc+dLMCKE#tp{EAamS#ae_`a(N7sNi-^c z=nc+5^yyetm6-Nty7+I!eh{$mWOJ)LUL&?6?M)kJe_UV=eJh>ukHRPM_K&IF!>?V; z(n4qQBqf4#*b!OAtGM+$Pl5h0ZvahUq&4QDsKI1LMD3D5?Vn2eD%0YvhmNnOwTyY{ z(jU0oD|^=Vxs;bfxA70c{{RbklSa3?yoMWHLLelD>Jhc~9>mv;LEu}>3VY=745@Pj za~~~$`HX+bP2sqk@jE}?$^`8>>V?^;*m#3Xm zMT1g`Bfo6pJBMC=l@DWR#Q3N7f$*1u(nY?u&|vWO%3G{aq*)6h{{VRU^sj?8J5#4# ztdOfY4TU~~)~XTeYL1&%@oc)5hi|7z1)7+?^Q!#PagI%NUj;rS!Qf94TfwSa$!DQY zAl`@z24X-TO6h_T`hRD2Z*ysBs9M}C(8@QV2Rs_t-RFfYH)D(%nMTJuN0fYD_+@9~ zpAShnxN)jl#va*9?!X;DKhnQ9E-d4;xOf0hmDyjm)(0QbvQpN@^x3)Ly<+FV`u>aJ zOD2+LvSRFjL>5f#2ii+;$ ziP;|W@cUD;@m7j-Yr=x|9JF!|ygiL{k@!wXHR}y>`WPj8FBu43c}W4 zk^Cxu!ES$IfB0p;+N)Oa*M+pv55femKd;>8m9(mjs`I0gAScQ?V9`)*Q{l< zxsoYW;dJT<>r;ffjh{yU06jko5hbC@yJv4bv4Koz+0~T@-VZrF1$qY@(S4O7f<5H* z9RC1~X58*p1wbPwiVUR!0~1NLv#~+odeS0nU;*fG*%a(zX=ep+PAbqY!B{!kG5FT8 zhjV&tzXi_Of*}LbBZFV2U+_s^+eYj54*jrvC#+v;7xuphJZUk~JWp>QHt{jQhT-Gq zm1iKHyGweIQ;NNg%547tM@cp5P^rNSJEqHa|G07_e}HR6O^1!iSG zIIlXi4NnL7f#A&>#Wt6|8rN*CF7&NU3~?D(h-U1-_UH8aSLJ@U;9W+`U)Pe_2;Td{ z^F5}or@MmpR+zzHImp^U_Q~|kau1iO{PBOmPX7R9+kH0bKN@&u&9!v5-+5sBvRW4z zU_kyQ=t1re75If6*t>$*!cu5R$=lf1RTmK|7E43?yy$nX3YhxQeDbxXgDe-E_C zqSHJ=TT!!nSn>8PRx~Yf6ECFd3yfpt4n6DnL(+9yu#w3blF^u$&gsv#4P~+`nDRX< zN}oiP+T&ol+)HDpUf+d!9+5N})Gc9iBS{G)sQ&AEig9L)g2d18_gB-rM3WS-X%ZXB zBy3_m+%|o)U!mH5sPgI7(lIwy(xS-(!2R?+2tDhnF2^+XItB%8(Up%p_2!^Ui;3h_ z#_hcYZl7b4WvfYUqrHuS<$sJG)ztZ8XPFx8;T6F-itTj~Jd((S3~f9DXdGLLZ%VNSrJ%*&|O*5TF{Z!hnBqZz8kKQx21vYrpEBVscdD zf@z}Mpb^uWQrNg|bW5h#!olK&Rn!7cUTaM1w%4|gs9OuX zOfaN($6B|iv)aeYGYs|>gElB?E&ZbVRz6oDyVo;+Y_Z#vSWC(dK9rg_j>H;ujok2n z4F~wT7vsJqz9A}(X45W^y?96~lRknBHvvp~$Zmpitt>KwjNMOT;9)`Knah*7FvD)rXfSO|CkB`m4&WkE_eq zHIeo&gZ}`uyj9^n6G??-itZ7zVgX&}ztg3C+3;83?vdf$C_Uzz9qr7k%#wgvSf9KN za`N{-aLDU4qZQElP5c)Hjib-ytbi^~PD!sN@h$beuKQ?VUo;ZA#Z+Zu^_-&+^gKIK z@in!QTsEqnOCcZ(@Oj|ZjcYpW-YCBNC4$H;aq~6~)AT;I%T}rSrcXBPKTgpTMRdD> zhnufGjZ@Ta;z)bDAhfdk4#m*Ut1TJtfRSK3q>j#F= z*tFCoiXyR>*ne8c)HS^~OJB9?Q(8r7ou|zp2KKJ1bv4xNsRbCee#-vI{{XcV9yRz~ z;q5QN7q)`iP9oh5XgtWIT!I62#ttim{i?hV;ctl-(dwQ&@bYRp!>5*R&&wcBKtSWK zYVK(@WAaRwEB09Gm1OGO7~4N{u_i;c2Bwvdmp8F@{32;W%$K7-5XNd#|cLSKk
AKiFX=*a__Eu8Sg zV{fsosZ&SGW>}j$9<}fmJ6JUBVjmLe_WGeSlLVZPBzDK;58!6R4>KvDcY z)!Q0cXnaL{TjsIG_?JPGR?+V5ka=_LI~&l~ntUwM=eF@&c6zO`xUyi$ApSGe z8ygDLu9@|3!yke^EclISDbNkIoV#~H=VWd;>0QKM0l#RUgzBC<@J7F>Xx=5$AI^?j z2QjkX@&*sg4{&&`X+_%S=X_JeIb)Qv>{{kh(XO8}>-{(O=kQPME8+bs;NR_Q@H*2` z*JeSb+-ny0>nh5`V=}@<__NgQBxgAEufqQT+Qa?{yW<~)KNvMe{g@it#hx6vM!bVX zYml=-glA-VI3#*kOStYtu=H*$3?m#{H&2vc| z^wG5hO$;c2dLC=Bvia>s!Sjx}s-}(O5j^>h)xq>W^~HGmM~-_ta3i=K7A7*rMBHZrAF~{dyOu?{)NNne=YfR^^%#RT3QfSsIbsMOdlBye_IIpJv z0AxRmUM=`Vty*}C!#*n4d^=&RIz_11MKgV#Xa4|cPs^Th$nRdJ8QI+YgT*W)F?c_! zPgL4xq5jezvNf;8txLr}5mg@l)?;DOt;Yr6{_4&*2+h5l-_^xbq z3%KOCx0S7(kcJFY;NbdES#>+OXE9NsPY-W`DnD|u>yk-=E(DokbJvQ1>Mt7ZX3kG> z(zqXE?derahWAhx7V^R)KnkCj_OCQg5m-UyN;N$+OB?NP^n@5b{LvQr3UiNBt+DZA z%jG;%!pH|zV8isT*4M?1@fDrb%Y2}Nj0&!1bINhKXF=1iycw-&UN+P1*7noR3psC@ zQ5!ph4&DC%3hn+Scy89>;y)F5X4CCHAG#os5`U<3&N%H?t4CESE^DL7^<4(*TC)%& zCvvbOj%yYT8&lE|kizP#-xUsKovmXHGMN++gXvtYY<_G<0O3J;T!L>U)Z}y_VPyI(`#+o--Ujs z$?->0(>@dFI)8{h&v6~ar_DT$4(0aruTKpwhsk3qU0n80*?+`(Rqur^{3UB}k`*Ro z1m}#BKtJcDeS_c~b6D^;ziWNr`%GNZww2fXU$Y-;ikf~t2at<74jE`#k81T1;ZoC2FKNI{I z@iw(>{{RUGhxG|`$t95O-x?p0&t9Vy-6x^^G2qq_fRSi%_7rNzk^1V_nTFah|#@5^vz`yeupd~tqV;3Q2zje zciDU{z4)DRapV0nPu1nVw|hHzZi29czomP0sLa|UXh`}X5S9= zWd7OEc0O9zG5zEudMkAHt(-3#AA;t&&3qpiEG0|(8no9h_@dkVu2B7$-8^Lmq2T+0 zXqT%S%LFsFPVx6jf3$I5U;GvLKjP07Y92k)r?Iitd<8oH0AcvD&gUusl`$NcJT?Ph z`x9A8HaXV(=fR?zyn>~M!yz3{c2?c^6S+S-LCK^ey3k7~@ehhOkq9uWBF zqg=F_4D;-{j1A13^l{kp(vD-!tz^%rzi6)m>7N%q5^3KXyb)(*{{RVoixS*iq%nm1 zOl17Qfa-tx)!`li@m1!hpjh8eYb+|m7;(ybRkd>%%b=Q^cC+epU0cGa?tW$i85OCg zyzvtZOv?*nem{zwU~}TJF{e&bo3dKA{EbOvfUl7n9=)of?ueF7PH~S~_OP%^L;SAs zGm52~=QZ)Syj!$dG$iMJRLyaCygSzilqf(_?uiy=d%ybtxPAcA(;T?qU(` z2RJK{pP{KQbqNgPDnha61Eq8*^e}9i%EB`5bF?Wuk_TG1bkH<^GY#XKo8K{+&fn*J4-fpL>nCdtLFl`+ub-| zz@z8AS+=y1WKHq2=ZcvyHCIiYu!S&$@yAnA$D~||kqlBDyqpSOHtGyFX4k@lz>S57>Wz{{Zk#F97^G zI!}%MFG&}~j~#Ch4YWsfrItF4ob#XMU#0eXTP>Be65815x=cVU5JMWqBS1J%1}hLC zZBBR|O*cTaXqmY4vGSAeU5=69+gRLQ>W-KCrrhL?2jNM^;BLIO8eDRV*NV>EbA!M? zO5-p5OQy*y$D`YCoem6}I6sYI0!6PpVEwU6$~z9#lXrV8(-~e^EzpiT8bD?n*rpGN zBY{`%%;W_F)SiO8gU22@(|j>{w%RrQw!Nw`AMxt`Vkz_|q5LZ28+N1so-SKnc%olzX_(QkB-w#?-51Ak$ z<@_K=s)*%(CyqaWjDY$=@AVQS~87I&lwfDE|h5rBq^8KU#0BfCl zO^d?*44=b30+vEwSH4C>WF6OxpTe@6vC|0kKdFz|5B>>(@E7(%gG#ww6HW1_#Dyj9 z^*P6wJj1~Np5XrgD*ZQ#)@`tvu8KmRb~R9{zQ7JEhNR8Y>U1`&4$mk6zPPP2)@$;} z7Dw%#)q{2*%D#QURwwyE=qm>5aRTmk3cjYfYE0gpGv?one-|__0Owzf(IYTe z*cKS|74z@H?~mGF#jP~!mNyA!2If$Va&iti{Hum@JqS?H^i4;^@uW{8GDe_exHaK^ zEcmN!pgf*j@n1|%G8;Imr3civ8*F^9@h{^ItX8w?I^L^lk-k8QTjx>quYWsf8t)U#+1Iy|Q1c~EhY(wRKk*ypra?_s{UwrAY{KPMe34;H?sJ*kG#;|Dz) zaf$|b{+;5(r1+;z(`C1o=6PFd2*yNw^Orq(HZyd@R8M)jKdI0jD82CAJ@|^s{{T(7ng?ZBP?f;rkyFTP2hj096L^PFwexL+vcsR7EI2jG z_(#T<*Y9y<;utL=xQUp>JQ@As=Z(Pk6mlZ$dMbFE!!}7e>iWDob@)(V4fkgM0A!xV zy8i$O+}LZE_MT1ks$}36Y$-mO=|?FON2^b$>H0}F@|Yvb5Loy8YoPGvucTUE33WX* z-)XWdD3UkE)9O8O=~QQ7*7o`)t*!ZKc#CFE34h@k?_5vB?}u6@n{zLfsMud4rs1*o z1{vw?Ot>Bo7lzWyKVw8d4tVcfR*QJ{(nfC4Jioe0UX_&5QrPWvS#7llQ55-nZOZo* z!`#6t7KP?7o(DZEGZT~3b;cT;noN>nRmslNfHUjTyBmE`>}7^hQNj>#!yx_?6&I=2 zM}MW>+%~BaTcpjy?HH`>ZrU6CZA9Jg!Nmr~U8SC{ZRT8BK{Sw#I2i)HCq>p^IyCTV zcG1rxsTg#o4Di|PmfHU8*}~S5yO%pj9Qyv1>i!iFPi$h5QsMAN&OTx9PVEuRsZUqa zb?F}BEi%b(j?xw)frEQsgI*D7dwng{!d&RL8ceAn4x0d6=eM+bJiv`JG!~L)7CSoO*FoOOerdo+q`_O{1)A7a>;zt#}5dp-7i0 zJdw=;KO-XmiVUSL&P1E6=qU@8i8&h**f!o(STGW~Ov+sN7#e9^y-2 z4hKwnRm&YJ_WofUvTRHqN$F7;6q%DQiFFpE92WPpEDHH>pdG`|){dv)J72LGZSGjR z5(;<6tyxi#=YQ~p=`q|j(2W{ZVV_*q#8WlA$ph~x>Frrer#5vl+QMz#SS5+c8D%FJ z9+j1Hx^=Rw@}X8i0TMr=rL9Mu<+JXK?wm>s)q;qS)VwMgF5M;gj<9 z&NvlHn(9oExop;UuN)-#>Kh$7HPEzrd+d<_f!DS=*04q+<&M-MFhU$KIq6dCT7GTq z?>y+qCk1={HK{D~eSc58wPp~R5(!7j@wY#Lt!)p(_p<5DaTURtkbL3K%|Ik*=sJ~+ zmG9VZ&_@%$FSn&t)-5#ieJqx;?}t90%7L8bwQCH~DzHa!!so4c{{V^nPoa1=1(Q>i zEm61%P7mNJWgD8tHYV_AjC6k&G%cpxv&7j0Amn}@g?dfalN(J8&`R6(fJd+4LXC?! z-xXNTXKOtAVsE(v?&GPfUk}=A7ZxzJ+DMltmWw2Nj`^dG>;$DejRv|Rq~i$G!bN$EIDE9dscp*@F^~JNe-u~T*!to z5c3;w0=Q)t)bEXSmWQP2zXR-01hVm;?VBC&pwfF7)HT~V>@eV zbdGx1hISBme%DmC6JA*ah?3g~;}t%i;O`GSugrJ`tPPJ0=#X69%^lsu z_VEBZ4hhX@>z0vea>(|Ad#iBZ3=ZD3>;_J;EINggiwI0|ZTq>&>0Sk?>AI|!GEL=3 z4@?urX}H*GCq-j-aT-Ab5+zmIFlzPYt$p@nj%0)&IO)l(Dw@VN8y&@k#gj>Jo8{@X zmbv?#GHK9&Ok2L@I*Q|##&X>1{5fEnC}{Nyo%eoT31SXO`c>P=AQDK{AE_jT*(_5G8nS;&wA)C<|ead*GR9YtH~O^2yxCTriJ1! z_(ydMP}b`HWPyHY@&-BQ)1@*b&v0)To27w%&jfLD>O%g8ykEtBB)*SRw}J>H`!ue? zM_vHH{{SL{ii}r7@)y8jPZLjWbPLOEQDThA00a%gu2(+Q<)0J0Q{nwI1!-oB!c`3t`id{K96fA)G11X53z~Cf!#r1{{X~sUZ3ON6eXX_pybQO#E8RRR@V`#fEnv8}f=hCwBErj@d)89E!;HI_UlTk# z<4=Sdj+^2wCry_B07?-&v$QM@2plOM{MK*7PugEn@!+}e_lTji@ZH=h?-~USfr3Wn zq zGv7~db8l^Tq@n?rBr|6`74{X^d`ZylwJUu+JRPTA-58VisMrCC^c}IqGSWHS58>{q zaimErSeZ2?8-hqUj2_zHG4L^++}F>#&DE?rz4Y27)25$r z`;}ONKs=C0r6`Kl8)s=X#j3+=aV$3Z&+gmv0;BN;gL`iUo$NCLyq6i{{smbeaUr|~qiOlRi8N;SWuifac z3;zIT%7z&W#y&{@0K7drb6$htj|6?St__fmTR7%1#t9pT;ntzalY6t?>^w7b;b|?d zLU}UCgQ?>mO5^_kX)hS*x;KSm@YSuN>JZ$(vp1C{OcRylthND6+pmtJwtXl#eSXKYknK?t(~@wb7OC|HdE$(>02Cp#MPI}slfa~ z@Vd7UABa33Bk0u^q;WiJ65+bnsb~`a0K!ciZEJAS+N8yQ5O8r$=6uO)UigRM%?nJq(KSuCX=Uan z?Z@s&xH;pu_}6da?-_V|TkwXBd8TUC_w$7E<}3G?j+ykxqT+QKs<%!b@62{A5I<)4AVeNS97@BWnOvUa5`2M70qI`)br2Tsykgy zJImYYKGUhpcid%qjz>e%zPi-BL!fv9&eK_GqbRl#6g=A_z71VT{8sYUlUM)*dM`e-+AUPQ9Jv!Bp z>7EB=ZJ>v_g7Z#>drjGrHW}N_Yw0`9E5p-xJ5AQCqhIX9vIcG7m3(KnZ}6d+ZL#^i z`%3&X_JIy^1~liTat1~?OK|aoCHNnD2e{-De3<**@MUOc%Q@X;f+>k z*7m>`Pgg?<14$XQkxTrw$Zc;ACn*sS0e*GYxAS_g7|qSg}gy7 zv@Nc!bnDk1S?Ua(`0d)Uwzm~GXJh9DzG%xumko`-HGQA^D){0lmsR*l;#=wO^xL!M z*;~mWD#whf`h6(n>~=<0G_8DH8k`9IfTev0ehelylIGXMHT-#*Yfz#e1deT6{7{RfBnQZRBKi=tg}(sd4viY-K5ihGZqLd0xelex`7yBT&| zT_gLz{{Vx1zu=%&zqDuU z#dq*G$NnigpT=K@&TS=IsWEYVrw{c~9P;~DgEdVwTF^8uSAIxrF_T#Bj#gc7d{@ZN2f|@g9P_ z=B!eBSp4Al*YKKO6!;^=ehk)ZqW;phhD}pKxIxCDXyYv!`j9inv9II%@9xF6#m>pRDm0UScN0tlc8LsH;a!YVT+S|y= z4{r2{iCOYDWOO5?QJj%VefvtrGmmcd403K(^FH|LK)DH{WN6!R{`0rBED~))5l@>x zdmPYd9m)L7nM0BfJPN%FF=q1|9ixnnXgjGhuK0iP6J7Wr@k78L82lx1G#ajneH_!I zFSVwJAd!*jjN-r2ul7CttvoUNM*IQzYw_Dln%_~g)U9IE^~hm;?F^UzIRl{tbDo25 z*0Y+>>%NECo)U{x&~-cQ8v0nTv>BXFq}&F}ENnBezMYS!)1J=$Yna(3wE}2?*&=tY zDyWmhKWI;Yx?jhyg1#~MU8v0rH@8untsdpaI(_m2(MS(a18{NtEZ(*Lao@J*z-DCA8M^aT9C_Xjo3&>u2r{x8)m?2dviW4N@Lzj#bz z1Ow|{li@q(hG4A}D*$hk2ZqS3EHkz7AB3;q?c3ousOi55Ae3XJUWfE z>atp~`56hvA4-jxtX7sig7zzIX65v~O;`INxR5s|n)^H9Z;A9dbT~d9q|oXYc0e0R zg964JbR+evjZVZmXQ4Z?gSCq&IO$rNQ^&g}8?)CPE2^B%SwQFogG(!2#y5La*x-C_ zRvA2Ew^Hm%Rxo9@Z?#7Va7oDLfGbklO0h%|pOR(!*zZ^E3Nx){vV!_%5d>Z1f_bg2 zNwoW!mF(GsYBS02?^+thCJo(;`m~;2oOj)kv186R8s%R`*R*|2t#y4a=S#SZhRgJC zr+?0$DKd*UrPVFOKQY}Vc{%G=tgj*n4i8-M+K^qNqf6lH8vrn;KU&vG1hJt9AdUuT z8jzCPX3&zX7aVcTW7=tVlT7|n?%FfyL1tE^e{mGaZy^fkFx*xmY7gc#es(0zK?kiV zY;6sWy>EkB26x2R!NIOFC0jjGdxpG~p?q#qcu`mzK^=Tn-)n)IB9F7?9QCaEWNU|2 zl|o9Vr}eF(%>izWp$XN`zcq=eUWS=Whb|5>2Y-5PjXMp}=V>P~%&z?8b;c{HmLD!D z9t917fsV)Cu{Mjjv*B$z&<37mgj_!^fafN;uMt~8VRqM6uzBH|Bp!=W=WPw+BR1yx z)vaImU%hei^N-4{cz({-NfGw$azN>t!cyvOO=@-?Dz;rR+zdwovIYT&01sOE55|8J zhld*K8x^*{xWgl0gSXs&jd9eG>EWo|*!gbbUA@&cOUv0WWVm@p5eClF=%e1ftKnzC z&k<`EDX8nVEd{%;nH(T)WhCShdU{u%QJ-~_VL7CqWAsD7zX_(Zn@?;>1-xiC?m_d{ z*cv6QFeSB|5RJ=)86E4IO#N#orE47?w>Qa^TKP{n(y=7Cm@_w`M#_7D-bmkJktXpqzE6YA3d_2)Sci=s1!d@oQ zW4Mxd_D66dQ6w+e?#55&T1uL>r|9@>Y-bKxZheR0Z-Bq>P0!jl_FwpI@SEcXk!SGB z;tz*mHVboUA+wn-!fo@`U^cLF1N`~t_54(y!rmVEapKP$d@a+wX>H@E{5`12r(5cg zoc+25<~BGaZovTZc@@EkrS9DPYr{mC@rdGGC9TuTWcv#+TGu+D3SrA4vfW;pyt2Mat+HFUQ>K)eUw z{X4_9kj1AY8x=s@qZszDO1!gpty*Zy2FE_=R=jF9~?Z!vf>MK036v4RJNBgadGd z5Zg}}J8(uhuE^KY==y#ZkJqu3=*i!I$)9Ym?4R&Y{tGetD`=iBw$!YC5q{g=6Sn&! zYnE_`%#J!G!VYA%kmQcOTQR^OvcL0J@sHsb$8Xr*;^qGU!C%^g!gBay#QXE6YVm?} z{eB$aNd&)lCyqGhf&s`LwsPZ$rm=DOo|0N`ZT|r6?e^aKpJ(A`9ag~SmAGRZ?I_8( zbh>)ket&;kohE~=Tg?ki4AHs+w;=RB)#%z(t1xFHuX_0U$o|a0R?^I=sa@{6XcQFz zKsfJF!4M%xMJ=ADxn&dR=^6~7W5LOM^{L>wWKgNNALmXg$5FJ6yBm}t#ZlDC&0}#K zqbrY;txrh zm^^Sya3nZAJ!`;xAMta<9}d@5()EZ%{i{qS7OejOHN2qY6h4O^=eMIqqDSYs{t?z^ z^n3dTc+cT4#n0L2#(pR9#m2khDV0RI5NHos_J*{i{xA@Fy=uLbz4 z$66Mj3TpPDo(q}p)<2#*taAH~;uwMn1Kd}ogu%tWR<}Q%zL30coMpL8F_}!{{Tu=wm# zyyTj1zbu?@_-b;#5WM)&r(Sr6LD4=QYu+H5+R3jq3mbTZ#VyqR{1MOL&34`l{jxM@ zG>eZ14*>XPEknxkjlJvab_c0tW1Zhlm5;Kq`mP%=Qj@2Dd1}{NJK6pZ?kwn$Z6Jh&(ZdntNH^CS$n@90GkShD|F~ z5w*q+(Ae9W=AAQm)zq(Vd2<`Ia`L&!uG3D`|GR1a~+3aaF5|Kksv@f;L2W<0L{{R+M?tB(wznf$b%opVcARJ)+bkaNw zbhKy7_V!JuU+K|YEU_tI>dZT58U1VTPl;BMS$r<=vRkrW;t@26j0r1%*#33jN;W-E3Gx}BD>ZKmEtW7z5m+H<$sz1%CY z;^L|{eQEF$<9+YI4;QYnYa(5EKKbK|R<$Ppu5sp%MqKAV&b5Ewre6m1tp~?m0sW(V z9SMfZ#LFFquF#Auld1-Sd}D&i!97V_n)MUV{$b+`v+6uug3RfAs}QG3rq*^`(D}Bv z?G(G71@QC6Kie8IG+fQSfA*C9xC38wqyfC_M*S%A!A2%d5ILh|O$# z9pXO=>v|;bZ*-nzp5up6)9YLcK^jiQN-{Iekrm>u#vD%=!*Wlf@@e*R@D6Oi}HwK zahQBeekyJK%=jO}9wR;&@nxp7r%Nmn#{FY*qyl^5zgzzRWUtzPMfiWKc(iLP{i~qs z2^^P^I}P4yDNx*wat;VRb4M~hFU1}adA40rj6OEB^-Vv}_#^%bqwv>Q_?_^N!QZwQ zgYRs$q2cScvy<%SE|yI$!yLyP?Ktbm$n~$w&j;(tt3hoymJ&%2NHTalS2b%F;2tV) z%B7c9(sU%^{{TPLo{HD1g<&kbp2nfM)X`m_cN_x$ z_)2J`mMImj&c-E3=LCc5FltWOt{_?lG=gZappEDiae>~%q&ls)y z8)+Fya6WFCuV$1if1FiYa%H=HK0AqCFu-tfdV%$+Ep&%jSt2WepZFDb$77OB^)&2s z)-sjaRaEooNvn};@slkpLkU2E@&S|n+a)1JP zZ(mx{-x)?}4%P!W1Fa~do=-zRG0Iql%8}lwOKg!abYZae#cE(OITA+Baf6PXYTS^C zz(zP3pvqFYYAqEU0vNf+O4hfw5N=*iY6vR4sSCaUm+M(gJj#Am2y>kJ&|@ve9YNwO z%mc5dddiVUSFjHPdOjca)+@!Qk%3C<5i<+RQ*$0uk2&v~(*d zuG~gYC~lb*GLRmHZKPVjBUOto58+nsVvZ?oY^*fNH9cN=78osUFXW6oH9>%*#rTRR&4w?eXraW)$b;TINNf>j92r= z@}vg7p`~gOL2;*PDIJu%NRHu`a0eU`D;q=cR;i@hE}O38s+~V>ROc0HXnu3Fkh%_0?wJHCW8gF zwySw{s@w$t&fsO6)Zk*g+v4^A0EfIK1(v<8J^WX3F?b-0cIFY#Nxo92`eOKZ4?8&2z zYWHT}?U`iEQ8ozPnCg0(?4wTX*(30W;xEKM9{gAFEys+$CwQ9w0L7jnkZkj2k+6d& z8%B8RTu_jLa5iM*f!@7}P_i(qI~C_5Tp0%Hs~RIp#3^5!j8k$v+LI*^0V9M1aq4kT ziaZ^%smM74)~B5u?6LBl%wr+5#ay?y^IvMIIpE+_N>?&loejN|7Sbc!5d?jAHv>MI zuc3Yhe$PJ{{{U$36zRSh_%rbHS=Y?6h^M}IibHLajpX#leAG%-Iw1r4kNu6m;Dvt+ zeiqqjelq>1FRgrc<9MIWi%s8{Q#_0>f2s7Z+`kTZS3vLsRdWm;OjAaP$DVsv1!MNc*o%cx}MeF`DzgsJt{Z9HFF36{t z!H8YU{>c9T3ivbP-|ZEmTVF1Z;U+q)Zn-xsy_3!3>!YZ_-*jBOwys9 zE-WIR_{I=Ru}L`mE9h?y_(DkBWdPgAP%%)~LmBRSFNUmSw~!%Jbzy)9YV36nv_lbv z)sj459MVy-%KIEfp=$T=&1txlVYhc$@GJiShrT1y^%=+ZgclksfY#Q9Hx=B z#)gC7sdUXjbxUnR;TNmK56Z{s{uT5Nm8@y@wm`}kc{toV(?XWJ4ZPM;Z}{}u!#~5p zsjams2zz-`3&%L8V>X8yyIl>WzZNT~+vFBNGQ@jx=}~y5`%1n@?lg;O?PFyHm78`C zdI)kk9Y03!(VSo1>5C?>{1c83(DBo)bx?RdAu0DVrYotAX&B$Jq5h z5?JXlYj<{5MT+@P8U5)WUrKzzB#*1Cyg{(ViByK?cn2g^O?y(B@?mLcH-;=a*4n zpxg^o$Q$#`NnFhL4+(g>Z4*Sj&~78OxQgVD-m+wjdK%_6IiN{0jxpB)m~%6UyS#!) zN}`W2b@ivge?75|SQVpuj&q7~cM<5fdWN~CY4B>$BxP6zSrGE4*N&CrmzOWA-ZRZC zi93?cdhR*uO&~h`5^GHo)9jk1;kjqrQLqL9=nYGzc+%fR)RtR$j7r}j+IS+ikC+~h z;yqhQ)wFo7lT#~n91xkouRqj$MLq4bHnPrc1WSe7e&F<`MD{qbcv58#CQ$WXTD5f0 zHUhR+-_o<2F(%XPVB0f^{y;d#YT1hE#4dy#!+_NQT(r~i3A$F?=oG(Xfip- zHGU`nL2#Er)ZlDC!|z(bSkIM`T+g}(jxr`BbzY$RS1)s^YH`BG=+8B{KU@!`Sq%^V z(OK=|Q6N$>c^znjR-ORM1lt!lARZ6aft+mGg~-$=p6AUQh`}S}{40C=MH1azqIn6% zHqbFV({QTJh7!5P;fnJw8+cPi@k87H0Bh;?_i;vg?D>H9H7<5GY>UG_3eo&I8m^A7 zYRacz>N&4d(XDkN(7Py{kX4wThNs#Y^NFkI*NcgaDo%ON8KTDPPlDa!Fu;$TGajJ& zQ06XXURz1-$D0K4EC7?Yrg2#^-AEl_+lJ0QTFgwZH2!0(ZVq=2anM%u`X#Bij&U-U zWgYmXVHK^KI9DmyQIHOn@Hg_H&&@SKX4|Q)3UFiFA4{E1y zmi{73v#G3-&z^U3Sk@AWyk>E_?vHASh+&c>LN?&_6`x_@i}y%pv_m{E$PN4-T9ruO z+8QfscVO=vs3AGUKI%KhMVWCk3}6%Yv0BERjA~1v-syMEs9CLxSu7Vr<#63iP?eKU zm_>K8AWjr#n&^(_B)1s%^->}-3u)t)O#Gi(!?e{*4i2erKgvj8famZy zps32`gdQi7-gsxW46%mC%s-f|`8-E)ev*kJi5O?1;2LEdOqUlf?a4!&V1GJ;?2@q# zW^KgsPkNb3#*i;*wmN%UD7jFr{o&K`tDYy*G)W=1m7Nje$=r|E>s<3@ho3Z-Kq|*J z#9!h*wU)ORB5yTkX%xRtO2CP(rReRiWu0V}M3UPX(t~8B8#huuh+l&K(D`Ue^SzKIOTS;@}T7A}Has_NFovx>4rCLCqM3L>r6obh% z=doB@eX2=s5+qQ5T%3{bRm%4riW<(P_DGT_qj^_$2~&-$?O4|B7N;Om=L3r!*Ix|nHShRHZm$~h;tS_@ghrz=vvc`( zuYO0&s_gSEXW$N};CpR5SGH@(H2E7X=O8Pb_w+Po3GOZa%2M9$Fc)rm;0|$0GQNhe ztY+Bg_j>1xojgNvG@3Ys24r#{uOJ_$E8cCiPllcVztX%zb!;wl!?q_fNro%vzV%0R z9*3%G`j3RZA-if{4yX6~Ub2C0Dy(R5xuH zh50Vk2)jw|2`e+26HH&bht6I`&jkclLOVO#x|$6l2p z_Gi$31o0<^w7nBkvGFo3ytg<@d9k#{{`u@`t;fP&6l?I_oi66~<4%-r4GMzF4tNK( zB*}4Sr~EDWneh|heu3gY1bBx+p5opZyo))f8%WPN1J|v5hpzbZ#QOH5s>gY4scE)S zN+U!#C0J*kJ5{+~QF5M-@SDNDBJnll#)d5Jm0cP^awGfT0)Fu1AEj?x!#|C5d*2ED zkImF9rgT#x{P`IJC(|OS%)L(^(Y_3PU+~7KcXMl|MAt%0&lAXVw>%ICA6oi5R=n{q z!v6pdLE?LBb$QDqQ^zU>E)FsR^ZC_tqe8Wx#CIiFEC14J!ED{gPXSghMV#G82LLSFQN7!TO!P zoMF_XxYOW;aXmJVqXyWPgA;<_9TqYWPVV}PdiVoaGnLx zwUxQImspM?Yil_wyE4H!>yb|8XX_{I`SDl4z7X)ntEr^+x7uu~5$&7|k~7YGV!k{0 z$MH8?xbeoJtVHWBlgJ;u$yMa%AEhhw3!cUBlj41@rD3JqSn6?Hvz1l~aAR!rHToTQ ztJ_PU!>4M{BHgS$V$RGM;Ed-!n4zL1^gcZCcZ}7ROHd@ZiaCMZA3OtIZ}Cf1)BJbf z3G@l=mP^}q6WdG^=2AL>dvqNskCo`plO(iVUdB5@&OT9)-rccUmVXa*R!CJMDZqY5 zAy22_LAI+y*K|(|={k0tw%0|3!G1|`(Ek9mE1vOJhfwKKCSkd@n<P2S9 z7@s|OXIr|~5*yPD_E&`Lbs(=l*1nMVa=O=t{6}f1zNT6h+Qt%c7Mn(jHa^0>)8EDL zNq=PJSro7tKPmM0uaSz{*FufMnHs;fU5|>s9q9TG zk2Jf>Jx9UKB7LD-mQ^E=-u#Z0;C>bH=Y+L??Cn!fNp&kJiHQtj1yAMmtnawfKAreW ztJ&ynsa|Pu!Kg(zDdb3U6nEf#E6%@ZYiN8*Eznvmt6fIXmABzy03N=d{d&#KktTdy z;NOK;H@+Y`O{K&!xC~<7CoP5OeQK|Pd}ZNphaMol@CS_Mn@@i-MvmoED{jS!0sg0o zxXSE{9;vU(W8+&m?R4o3_UKBijBql0{*~sR13n(<{wCFRFNb=Mh%NN1u`!AympPXw zh6nK#s*T2@)c4y@g4cfq{v+u&T858tsA(-DEb?vMtAU*4@z3+FC*w%b?EFD;`gC^o zFi4<)hlM{*-%6VrSsx&q>9qYu;^M{4jOEOWG9Q`W-_%#oe-C_Vdb&QM`o5oQdv_{% zVo9S7$8rJx06bQ5DD6HRYPz{eJWZik3uu~eD3YHkDsaP(#=TR;Q_HPE4V%qwuv~_Y zRSZFgJZ7^sQaroiHi4=5Gsb5|eMIUpvlx{XhaQA}b)WHm=l&CIR>Q--GL4o?Io=32 zrq<+>_qyZ!D|na8e$W2Px`mbJ!c87sH&KBbOSVf%9yx$!2ci9I$9!ku-xJ*U*H_h3 zQI2Prgdmd2R1$l4;)#sYSP=ms$G(qkb*$T9S=^w%DhMRl=vs&T^CT& zykRY@vf1itE@Yj-^x!Y~?@;Bf%-tR7L&Yk z-NP$ICKRq6P6@?Jq3dm+>l$XaXEc_&g`~>qA~{|G=DFBi9q?X)%zv?00#K}*V=!FwSNS zvwG6%A2G%s>NmpO9Q+cP(ncN*YDaSnGzlSgQD$nfQXYljloL>_BBc<5rUKsIol7DEz ziLhI0h%otI;oL@j^HU#)Q$G$h3vmSRWpvwSg|@g(bNJRokLBcKm_gtX&*NQ`&MJ`r zj{DRQSAspgsa7q3hGXl2R&mV_ZTkl}UU5{TjIn&3t@NOj#}-r@e6t`21oj53qedkg ziQnm(xW$^rS1l%FC4(|QBO|qGLQFCv`HaVm_Z2oeX~_Dk_A33WwNKcG_NMR`?Fr%e z@1W5UYh6M07jMw^ed^GX4f$>AYejo9#gzqhNZwPCa5b9cW z%q|)>Nf0&x^yCrjMNLJa(pc3ZQ*F6O`$Q)MdW!L{7I-s7)~$7YKTr}bi>uqUwaEvF z+>8eN4m0guZB#oSk>3y?@h5<$o5C8Tvuc;V6}WY_V81)tF~|V_01&`DdV^n%AMjF7 z*?YtOGVt`CH}GsX5~c09zq4_Lc-V5t8>a^}Q)Y5U^PMbLF&UwnK=VfaTYx_64xrT{ z``D(^fF8cJ-%RGIYn9l}KJ$>7;YWH?B;nL7dp=wrdeF=pbH*DxSW`rC>|$6m6O+eE z0FP`@Bx41eJdxg{F^z?~0YK2jnOA5dKJ{TGR*-sYP0E2$NZEyHiUlKJx*;C?F_Mh;IYsN!iE55+85u61h9CQcQ2el`$*G@~V z{GJ}xG%vKI{wUCxPi^Ibe%WkJg!KPl5{T$x7`P* ztfq=Rpm@^m)57vVjpo3}(Zo+k$sFhKubi}FokSHwj$s^AwSgbM)^~7h>7^Nqm;~9v$%h zyQRo3t*+olc2SVBW9C|d(7Hgfg>3b%s%+(`S({as*#_od$Dll7rcV&M7(gn_*zb;O zt~(skm9#7+)9&*obS<8PtzKJ+THVI%WO0$!v`{HKoYO7BO7cpeusmRNtF3ov)?mjz zCeI_*v_{aEMnk9G-`MK9W!;CAXGw!Fewgq0*VbMq(-MwFZ>rc_*~<)uHr@^xj_d4eq|m+dG640}}@h%Zt%lFsRESZ5ok1I;z-^7D@{ zhnE;EJJ&4IHuZHUkL6Q6jbLAGRgeP^WY5dbIilTmWppRYdt)rr#`j?_yon+nd# z%N{o13}&Xa)U0knkUVb3r#$@)R8eO$sa_L$TWDDQed-8a+G~YrhR6pklg?;q^&cs> zX?bY}n%1owt`2>wou;WS`N(FF=cj6uNXEn?#VM!V#z---J%=K-XVq;L7Uxj75!(}z z81<|Uif}xS;upkk3Fxr2)^j(S8xf*>++)A#UJU;Lw06B}?GJ|Z`C)g;`K~@u^#_{9 zsp?RpbCK2lGWfq*^MwgUGqCyuGuyy1#svl1_y8Aat+Op9%ab)3nQWjK>F^fx#bl6~`m=Y_A2% zk?3Pfi%GO^G@w=F0bXn39~)c*NbK#F(UU694=wLlH`M#=x{j$H7x4$i@>_UvXMI)X zl(AifzGd&4_>WT5v@6|a-&nkvCuJZ=+4+FaHRo5k`W{h9-$T*$%?jS;!0P@HPwhJ< zkIZ9K9GL}3Jc2rdUTm*(_HGiRCf7FQ*t|^hTZra} zM=$Ynf%sPSmZo+E&SGFc16G;)ep>@)%qQkR8`#we<6D5n7GE@acA)yoE8Qp4-d0qO zcES(6iutGZjW2KGuL#Me$g^4O$Y};~#tuIm)1@zX@VLS)W%FyHAHWZabNm_oqdYgR z>bCP*+Fh8Vxpq5a^4N^A>;^Gk)mGbGcf+<Mo|$!OE-mGN?v2JesTJ+eiTIWt zyRv7L`AcYJ5+TX?TDvQhk zf*vcr@UMzvys&su?8UH3z;T|{@4C-|ejR*z*Ong^_&U?VJ~LG;+P0EPz1A~>B7ib` zlkZ+-N!eKParNaJ&ixDxU-nk<-kmtpya(c~FI`7KZQ+plbMe$M^{sD(8uyF59pWuZ z!5%r$F7!K}F;*6x4jsFV#8*0-*!Ud7h#wDR*jBjNnfygn&{7^0mrw+H@NA6_e! z)I1xdzNL8DH0?F2yKMmHaIaerE1wx0-mf#}*yV0?N$g~D(XzzcejdCcgD%ez<8~G`iKaD}NaH z8REXu=T9`*Ilz$M94mhh{{Ua{uKU8@75qKp+j9<;X{c$J@Bo*#cViMmCvnpl{QkAc z%zqH(d3^BLiQ(tG8&Blyb`j`lbFz5z8{~Y%@V{F8fBm`OjeaWXIuxvynw&sgd0}zB zHptvNV!I&y)9$<_*FB{lDSzoK;r{?;UyYtE{hxecAB}z;YGX;%o+Aa!QVhc|^=0UP z!oO&AOW)b^{tG+%KX}vNPwfTZtA7mqSkZ>%xwnjY)^Z$(@2n+ZkO?0&dGFjFJ-o8I z){Nh~Js;@)Pw=_w{Uf*vwi}m<^7(SspyPj(mn@f>ZC?6Y(_iH8<5%ow@z?e={h;sv z0A{a=klWwc$-3vmJ|Iwj&#u{Lh8gK7<8qUbbK4AcpTl~`gY7OL)RIW&Ozzyh1$j8k zEUC%DO3feB9vAqBht9Iv7{u)=k=1sR(o5viJl@Aw{?XJfCp?96xzA8P`t|7cVm4DE zV_+E$}#xbp@#D4H{! ztTFr~k9wtg}gI~Au^zA|bK`7DO3@1EaA@m`+bnJw{{{?Q&uRwIn$_vN~pI)92Su5_^^GlvYjcsb2-RF5mOKXCB> z0E;Q-S!FDA7c81w(SK%1E3fkM^CHrO*R06wB~97JE23R46k?AYP3?ikYbUAq4re<4 z3DYhoyDolg=Ky{0VO)Nr;VIzEmf}ldcsKZ zm~?xe6nq)*{{V>%oO0@xCTkho44eaiTiZG2yAOw2lzuMojG9iO1b6X9Vh9O213dme z*1cMAKLxLjwOOm}CS1@Vx$ynMSnqwPc8%S5>0fVrA^59*r!rYjI54OLD>nwasJkCW z3Vza^(f2Qfd{?LVi%bSV9mT8slCP#~>~D$R8ukAGiC?o_pTjHr8*Nf;Cg#@S*7tw! z0zz=A!1n;-KAcylPIu7!=ZpAmjx*Uxy4IBAIQdFDehr@`_&IH4)kKlXE$&GeQO0Z7 z^&Lx5(%LneCX(NwK9y~pwBXdWJXgjkX>%<1X2v$PkbJ`&3i16z!Ws^zr%bl?HlpY6 zM<+~sRt)=GyAvfFCVAh5HC;==o-DVSZW`JpaU9Y1k!$FGivB6O@s^9AG_jY8(&1Pz zJptplYUYvexGBmqeGi&^Po@6=XX-y}wJjWSbV1H*Tf*KWz0)U{7ct1|w+GU(=4SGw zwm(jO0Q@|g6@LP2`M>ZUo#JZ?Hqy1Y zB3)ZcxR+13+J5syNYDu(yQNT4}ONnz#BGX!OUpVXdv(WFKTGei?w9PU*c(q4i zOL@v3z@aw4_#T$Y|9+23T0WkWMij8!LB-t{qC9E=o<1(W|B!dd5iMx zJ*x{`mOJamm;~L>kOwu4Z`7$pShL~yZLR#s7Q!$=u_-}nqDyRm-gOmQlua5 z;qJ%LJ^p&LN-Gm11%-Eh71P>jQ=kEe!1k|7nm-uCNhM@!$E8OSZi|OMtu<{Xc@)PP zM+9dAx+5!Sc}?{@4L44XD36~QY@CyhMR0oMy{p~Nu#yX4aax$lLv1wpBJ#*^&DX6L z+I%-|l01Jpnha)Fmdru1kc@hIR7{F-wCDNOkY_bPrr56LOtSaIR=L=*1_bli)`k;C zGO>#pKQ3w3*KBS|<+l2f%?3wnXMYSV2`huahn<=|CKv+D5zIIAh7h zXPe*`%3t0VNJlAgJmR* zExO>IH;m`$P|ILYv`!a}0j%Xd!gOp^i%8z(oel@Jb=DS^me%H3wp-xsTyj|Y0o>MR zQio&eFN0sQ-^LG)usr%^kp2nqhnNuR`hpZ^=aPzXjywC;>;C}3FWD>MH^AL4D{l(v z5_pfrGDs)7)wLhrIhX#K=b#+WLG~@E8hlNCtlbOSlgM1>^s91dllZa)%1@@-=kKY( zB7!8&io;3MJUo%X1P?67tc)^A`qgBFY5J4j++LQ6`XJ*Ug#_~u>o=2LplBqP-VxP+ z?OcR9u9~ST=@F&%_TsWX_fMr^V@SJ}7WC=tCAfA=h8#vZS2?Qq($`P4xVrHb_Mf2X z>6Y`PJ9lHS^)!l#x$%dN{{U()5qOHvQqcYzY3-qD2+bANxqhI4qxhm9*QXup@`LuA z{{VuI{5tqSp-Z9O>-vYpj~;AiSz==A8D7NTFIwrR4u?cx(EfD4X)oH};+O3usQJDz z@iw7rrXv@()8WcQk@i;r;f@V_l^xI7*KAS20t3-g0N1TXos6nfu|eeXOF7TCr9}JL zqhQ}C8&4hUp|j1aRC2FQq<<=TP!u|#+z%r)iOkt{D`dfSCwD?UD&kp9DOqwj$UJdgmteTc$s_`;4cm9-Z1fOk}MJ1*xQ#8vFOZ408*2&af$sL z{>1+P@IrqP_}BX<;z#Xoe7YBf)+Bf|2u{{>-_7GBpKAV+J{SBN_(|{|!vn$}1-t>I zcuP%H2yP>Y310&l&r$f3Tvciv5P{N$NZqBGKLAf9cw8_IZ-Unx&rEcUjEhQn)iqXmis1!-Ztbl zVK>m$5$bsFi@bNIc_D3NK5h<1?rY`G6?pLpo6oy2?a#``pTfE2PUmD*kC;4VyOsG2*%qS@{#p-fPMz(aotBX z?u!N0!!MT1!wjR^zNFCp1IuLqmrC1f1_sn_ReuU*ZhenL(flZyT%swhh?fAC#|FJO z{tbP2TE2joQv9Thc2yWj`)N`&nuoluH#g*w3ki++CBSlx$o^v!L!6} zW&Xm{9d0AqnaKbIEe(X2R8P8GeL9%G}Zwbi42$t?s=VKi871T=5v$Bhn4mmu~MA$}>HV5B? zjzehg|*FAIiJ2;s{~W&_BVi;^G;m`p|6|_dRn;veY4t2pn%Qs2L)*t*tc( z?$6s|jbk_{%lwUFDHP?<_RTiUmr06bbvu+~V!3I<+TBSP$W_nF#V0PNCUxb_#k6GL znDh8%xnD&V50{UZ=BxVL8e&{VwimF< z%m6rVyGg_jJ5|!ItuB-XhHx-|tyI18RC<&Ki} z_AM>L+eplDfPQ75r2Cq7{ui+E3P_V&7^DhE4T|%B5oqh9Y9`6#X<|kjT~0y#MOv8T z(K62?LSvQLlw$|lta%cECG!{|TCZqlC32%|l~oI3MIU<{nubW{osuI_DCJ4hAX|wN6nhSxYT^RsZuoBfZ&P>vC=`R?uATop&@&B9`&6)!Ur=I5E3_W z>ra@;#KK#|YnGN`?I0LmYU`}^i!DJ`8I|HyAx>8W&`HerlG4?0XIn|P!W-o$xUPQQ zlrg&UY z&3ypwE-mdRv~7{ZMmmAgywU9urf9bS`S0GLl%&g-I#XFdC1fLvjwy7z_wyrVa~cE4 zBC?cS#C8+vw$~A~5=PE_eJh!}(=Da7V-rWiX9w>ZsIKBU!>Zg_C)qa38o9^a=}l#I zb-D&lJt}~*vk5k;sNK-!tx0hr#9)$W%tL|eiU6k?rqbCA!-0yNYH0_R0ZsB2;DP+; zG>p5Nx`w4{_OV5Y1en3De$>29eCRy1ZjI|nq-dD!O7ai0Ity54b?C%%T!ppvq|357 z86n($Okh(T%QvlaJ)$)3qz}8tPJ8;+Rg5~upsN%R8DrdY@{mCFAC&}3{SMbcXVA46 z<+_i}Vs{mg^~EoW=h3yfp_)5rpt+0`-iIV-AK)k#A;L@ID~}B^`$`A2AhS%wVF$fi z(>zTMwifQvMR<=Pknnz$qL?^nS-sVD8)w@T_XQ3!lk(MN)uoqmnG3KvBvo^xDMzCr z-Q+q-$`_or26OFJ=G1L2+hJ8nS+Jwtj$&ene8 zEY?S7x7ANNHa_PFN`#l)c(<@-7U;(9G3A9VUwKt)09mS^Y6rM zH%{==`Ia-=c``9%UEzx7pd?q4S+1p{w4N%uvqywC&m?1&Us7u(Y>%NdACG<&*8CBx zTU%-tch}B_%1ETP#F6p+2h9^n2} znpV(=$o0<#d~?$N89tw<>o9qUqye#T%6s6B$2ImV*!WUCded68(lqEa>(z$g!U55g z6P$OeQ8Y({{7KifdygOA=`q{NZG5oy(<F0=0jv3t-*9uIr5LDYofN(t>@CNA4ZISY$WO(3Br^oCBCDY zq}$k!XmnmL_)*~d{U1&7eZHlA4~Xox-J~)$W4e>u9RTakTKc!c@%%CPz3>-O)~_M+ z{7@ihu1M;qq!hRXCxX~^3 zcr^=aiwlVi5;EZJKIV-`I{yF<_%FiN`t+U^jp2I_N;3!aIe^UZlp$Hy15 z@kYO+K9v==opK&H44*fYJ1$3Z4r!XG^fRsOb%}RsdR3{rAxxMckVbtg>3@f?>YBEk zk?M9ZTWY&A<*EJ==|D*1J|m{L;Z<`kpL67}W>>}(S0~`DU;9GFH`h`~H<6ZMlD_3= zCg{f1bId&mXNGAO8S? zhc>4MrQpvVcxLkM&is^F9Tp*LD*pg~j+q@PD681YPoc&5r9404`y1VJLya`OM7Ns* z!UhI8Bj|l9PXX(9-Yw8%woNwoN!2ZKlY}Qc9EaneBNen`rHNAReJy$Ma&L)02KBFp znwFVqsyJ4+ib)6E;=D)0zYgH=zKLmQT1UA+FfoM(70V@NT4S}id`aQBEcJZ@Q@F5` zlF<*lAkQNnrw8+|OYtv=wC!ud5L{i&aSo&8BmsIlHOF)+90beKoJxE9lyenqBDPI{{RCEEq+fKYThS~?pToSw~@Ym z%YsN5&J8ccfotR68Qt7?Yg2n`m}CRX+6xS?HPD35s()tPM_=%dhp%)?$zx<<3gi&W zAJf-0^emnrvb5Cf7H5`Wa^+RM z{1K$Tz7~!0DmDQ)J$Ur?uh2gU>spSz;XMn(UNX`wHA7`<9h{L*7%DKkcP@MT)TxQu z$K@BszlYFh{xI<*HbtZIrYg||-~*fyUoKtwwo-kWk@jZ=vEH_)BRNE^eQWlFRFS;Z zI6Z6YpV^1vS+v!yd?Vs3K-P@DTt#IH!~?+{dE&Zaw6Tjm{*G;_xdui~0XfA^uPc~V zH6b(ecgd-gY-7!>&xZd1YL5a-Vd7XkY2o`rC56}S?!v{iK;-oxe>(X|Au&o~xlpB! z-k+^O(G%;>*=OP!cxS{nzYq1Lj{Cz}tR*A!utW{eoE{HRT6)TO!}e_W&EU_8-W5r# z_3aZ?8jY)4osDq_IT&y5k=vzbEg8`lt&i_#_GJB_bWhsH_H+1k@!P{fB)Gb=jxAc; zAD-Ue0Hs)U$RLlV+V*`jRr@XFyRacu#^auXxvDEl#_0NsMAV&@8_hJ9I0u2#iuk+s zsr`h!5BpgB7WmEZ-&(Y_vGFFW6JKaoO%Na1+JdPl=y8?#g6ADZYYlADE@%1Md}R1z zu6#Z54!7X{02Aoa=0V-|F_U$tYVH9fSV&Yk-?fmOFW@Cu6bsLPc=Yh|h~YKKv)r^_ZveovboJ;;R^pcey2n z?Y?**dX7I&di>e(?||+6N8z1Yz?13EcWWv=){w|^+EUX~ns6$Ga(v8^2Ty7? zw2inqVmKo`Yhxl3uY;6j8O9A)V&5{aEIVfzpb1Yf6ahnYs1?FSV~{p_;(#nhyRglW z0MAM>E4sQa)F=3;G^S`o=^h;vh8YJvzLl}0c&}aXM~i$b@gu@A2)t9G+$GFRu2iyv zlD&K2(r0}m{R+Qf&)Z@T+Jp9O@F&N=30b_}J@DPUcK#*P5C@X-({3a8FRhN2E!pY5HZYz_{>Vi7kesqFrR+B_nf2dVqiW{V`nAM$I0zp=w`i^Q~q^x4pI| zIaH6l2SZ$M#b1T`55_+Lc-P@yilAw{E3Vi*yGbA4x09;KhqEgMVeX^exSG^Q`QrZo z!A8Gj{{R{O&Y!f7p>5*5A`5$ash-KEw1>)$=0ra%#ZULwYXUgtzC_Y=*#7{uAd2cC zBr+YO4nHGVRA%dAsqyE-=d;qxz8;G2?CiVdNne=y^vB`pUnrzaYpF>Th{)>LEW)sI z3w1qL!Wx^!e;O>{F5pKU4Sh*w(ChYg+l+FS{oVl1Pt)GHWxj(wH{rLBt@N1N;qI%c zL1S*WC9KkR!Dl0oGxf*eUq;=>aBQK}A-80-QV@_h&OK|gh0Ll%=dQO(rb~>4=rdbd zZiKgK6~^fEkC$=9dQg2%NkoS3CA7LPASG0VJo;9?n|1x5?Hq9YtJ59pM)bIpY;{ZF z@qCI9x0%lM9jfJrfGuRW6S$CpjHw(7n99bGM`Pjt0EfCK_Kn7(C0A(5w$~Zmk4p8n zmcrM~lFfEWfOY|apK5M>jgEeH)3u0+p4}2qr*g}V39p^?Z9OeD8_1$iHnHFgQs)ND zxMwou8H%bOn0r)neU8@YC5-XMwP>Yr9Zs35!c%EL0M0q$C;&0%zddVDOx2^aeXIvO z9m23{p}b{n4vSaSu5WE4f>=kDoTCAZR~>8iyD6kB8_VhltzogDr6kELC(b!f)Ydyo zhhUjyJbfum8o`pm6zFC#4e|9S(AHV;j-BDlh+x%ZA7ys=n;rqD>ayrKw6NPL8SxFv^Do4%UD_w5#c`u-Lct}OnD91)%m(!5W{I<>BeY995(d(`8f z^XXiZpF`?$+&-u0*N=R2{iS<*6_nFS2qX+1H&-Fy?*(6LHn(>=z2ZR|jAOrkgB8a% zwrA@6IhMMUNcS%Y+09}0SFyTy79q7*91bgQQ1GUQtEJ@Ec9yz6rulPoZkQ6cZQy=2 zF{j-9uP)2gHmrFbtKqqAEWEkdF4aa1s4=_W6~)CY`gG!0-bRRVj9-Q}1<1wCUt2C#l{VJ*HE1Y@WAKKw6Q|^z9yho}-tfrrDI;G~JZh|mFZ7iVlZ}Zx} zc)#GDpS2WlcpFLZFN^M(EVTA(drvs-^1Z#+n)WD8$KbSRa;F!%KS;H;()EjpH4P^I z&hFXUKfC!y;432AMz>s7?HxbzSdU%V*==*Z-;TEys+Z`AC2F~+U zy=zpFq*%@w*aP_w>0e!ZJ@CcmnEV{2ig>6hOPHPqHTH#9;)1lbco$K5~UULB%*L%h?k zLfqdQ3(eT_rpoT;wtCmELYha1Jhi2%^#_FYl=0H0nX(9PnSdOC8|ht_i}m||4r#C8 zXlIHE$=M-R&i2PaT~b;VN`tp4^Den>V`Fc7Y2rNrZ}%zkW*Jw7yD&Y+v9F%(w4FK> z)Mkm&HI>OApS|0k(!8up7gOwTHRT)GpKbom(#;owA=6caR&hwl66cI&zNpc(YikIa z`Y2*qWybeVGD!8W8d22#Zt)V5hH+b$t55Gr{{V^UdNK3k3nYLk?d$Jfk)QBU-73dS z{iL+X;=41+bE3qY^<`BD^sdN9+&v!$BmV#yE*(Gb{{ZQ^9}sEf;km#WPPO%)!Hgu%rF%&b(P~Z)A^hq?dAUf1tIVU z?N#8Pg#%ykwf_KzJ~((=RttG=J*WvV+qLC}PP-clamF%7I0X3qiQ*j#$Kn&I$7W26 zhYUXV9lh%F3}dSVk`Y<>yB91&L~!F^Vo+i;Yceofr+Uljh%{{ZP4o~hv5vJ+!T z9it5HJ#YxG34-SLO}cG9`WdaIQUO*RgI)z~?vLo+5zjuePm)?m9p#1HrQ`)AkmsS| zoo#z?BWnm`f3qpzXMxY9C`q57(UNG=`$v%*76E}Djd>2B#`9UZ{q|ukfzLx!T+PdQ zJe{$~4;)tVK2S1ecTj!mqi&~}iEp98YDs$DAe#2!TIKE-JDt1?e=fD@8e}nxc+8Om zkDPPXx4GkcHm2o$%D0xL9s3S&3HnzD{jkzq`Bv`s_i#$D9EjK`;N%+GosKH<(EUjG zJMnW~_^07N_(uF!th;MgmcJ5DNR?Q)Kv6CyBKCtA)M(&DHFt-yYr>*Cz!} ze%yQeSE))jJ|_~PNxnsEp8eom4K?iz^qo+db+{Anlh*^U<6k}eSnyTek*M5SU+MC_ zyr{sq9186AdLC^YT2(n&`qlpc1jPNM{3r1z;g+-e4*X{pGhCZXi+uu1!X6z`&Omos zuy5mBk_YiAAYg%?=RfwB{hGXY`x$=LI)}lJ6zH;PejC5k{{XZ+F?$g|XS}rYH)1yR z0DwnP`BSM+nm1h!$T&s+0Aul%)M_ZO5G!4?~QiG4;A=2#7l8* zb$H_&B*tH+0-wwEuNKj7{A;C2c@?gUF0$6Zr27a95^>4TAaW}|syC`XYp;rhNJ^DO zc(d>S01y7cKeVUD7=9RQ9})f<=~}#%sxx zEPr9aoOg)+*Wv4zHww@qH_x8g@AR$9MO)i+^1zv7P;zM+xEv0l;VZEBxP>RTe74p5 z%6)5wi^JC*e4^^uqM`Xq3}&&FCt*c2MLJDv>k5*CJaN{xtS;P#ONiOw#t9zuLMJs% z%zp-JIu3z-;(rKhm$PX)CZlZ0ZbuQBiOA3V2!6Hm{{V!}vEZK`Tr=JaxD=Hvt&uYB z<3ES;=4Q+WCXfDY4(2NbkxHZJ_<^fM>rX2%#ktLA+lU4OSQwsdPoKRO<&Po+ee>SgfvTN~qx8(Yg{y-0#w05K*p zlU~{Ii$~HvAbdFS-kGcEqW4y^xAWk5+=n51{RafrEcatks(j0#^WDaYtXyerE%9Hp zM8v5Bs^sI3rD4nE-o+bdZR(J`4oR$8*&4l3`T_6{;%>Y9KYq>s01^C4G$T`MqVmsa zI~A5D*g)7jgXv$0{twlgSG?CX$t{)xs9xM&82H6$gb$`_bmV^6c%Z)o=PA0w#%RrrgN|s0A{5 zai4m++HJc6Hjw9>=A}U%w5H9SGf9DBV|BX%x(I@<1Zq?cmEVV?eMPcz3m?NZu}!vZ*s5B90k2Ka^vU@yM?! z*5i9?hE^eRcUFcHm55;d+)X@;bB;06rnkJ_tXT1mGeMJgD9J0!=5B5j@$XH9e5CHn z(~jnIeGN4`F_FO?YXeXUa@&e1=C?8u+S(hCpd&kQdRE8TEdvdZEIl)UL6n}O-ogRM ze6Mc&;*D8&+?m7simbZkmQYUZvK(XQ9cvd*)S2MY<;BIJKnTtkp%u(u*~HRIIE*TR zo)4ujXem7o$KkJld}r~KTDS0@!z~JZM)BAzw{j_1Esy(5YxSexPwYGJ{{Z1F#ixn> zE5zRs{Bs!+EGRQ=X2YHoXD2;{S28)|?0$x5dTpipM|1>QMvQRL+eW1oM{F-@^eD`? z(fyA`wnPds=Hsn3By+Q%(mXS1YqjsDYrD4Ohdntl@}K#Bx$F93Q|F(Ug_yY5hT zVBqmyLE~=|*=RQi%>~AxE4WC~CERj*A4<#+!Gj>ai@hNVYa-8BFp%wV;lcay)u= zpB(9p&maJ89=WV{dK;zC@h=(tUGS6|oZ1D2+g^B*EN|GMk`jGbaB+(Kp8c_ZYcBx& zHMzRH_^;!QGsJU5yR7V>mvXK#!!M}yt)Wk`(G_F)@cp8{;H2La{w961!`=#>)4_fN zb}EqCF%roit3SSaSLU|4<9$~C*6zygNiQLmQz2>Fd-LyJg&G5?QpcR!UOcWP02B1b z6t2aTGOFP4MRldhd39&0QbQx1sy<$v3L@UPXIz}s?W;JX`j@=9fQ^+`arCW3wHp*F z7nePIR&pXOvs%+gdzCU`KSxCYBI+*r%Rwd9Uj~_EG(U{{Uxy z*(1X-*!(o`&Y7-w$(4T7tX)7JS71Fz$^KmTu4pbatQZ8jRj#_`yNYeHWnV z(z)B)o4c7z7U*Gw9=NV4O6IC0EoTG>%_LrI{DD z*;6BTUVZDNv6Lz_Q)4UBJ*zoN#VDA1&xi%AQlv8h->rP%<9{08U11*ORy4>eTZ34e z!E`=K@u!WUibLedvAQ#p_iNUvgKkT5SV6I*Mro6h&$5GW~7S@`6s;JN9i3}`IA5z|)_0<()89t}H_z&P7wH&QVST$k25)WBaP?WfHBT$O-IFAwu@-%X=<#XWTT7*tqCvq zE5|y2i|lS~?ybMF^+j(itMC~5ilySlx`xi?*3#_~>uE7JTprXD%c zesslY7}wfb=@$m>BfHllsILI{jq%UJo({Yc-PuWVCg7}={IL8w;)@r^de6gOjb9D? zf8o`eO1zpaQar~bQVamu?VfAATl;H>%x2`GwnE_j+C<8c%-&lwKGZ2Bfc(Dop{5vA zgwz?r_u4v8X3(=)s>B}7@vCl*yl7A$YtsWRMLD!Yp5=n z43-;4LFyan>0E!rCepk|a&CM(47y$NxM>mBDyQ4j8ciB|GS;1U18M$U{44h5A$O?Y zf$BdhS#FtmRaW*RtzywlE~T-rYSwmakUK|@;UgecE}P>7U0&HWl@eQ*+U&RmN2nCi zGt*0XJx z2H0&QwRHQ;2QT%iEgw60%T4jLcF24;4X2om^BHn5J+ViE+U4!;U&MC;9YP`tjpqfr ze7@B(PoZi(j>&vSZ8$MT-ekyobj42{`kR3)xMa^m+OiXgUsJn^CRudU3z4|0p7qIS zK0F%D)y=y{HNC<}V`XF`<{q7?#ROx}?9%Sy*~HBxutq`J!=bM()I3h@sNBJEc9Rq& z;GSt3a_M4?w~nLKZl2C4N?bs|5W^YtuThJ|R`=FxYSF|lvHTzarlL$<%+Gr(+jV(& zqvw&H)igI?ZAJsks8TXL2SC;Ck{g{gd2-v!{o%+y)j<3|5Zq0vTV7nGk~ZlUMl6gy zv(mK#tI+hFE*Nhb?PQU5_B|`-FCBbIgTtODIvZ&^iM3_Q%A;})d*h`rI;}eHE4ZS# zP|A!q42r)SO)QKeFSH)Vr6Oe%SX&7ul@;c~lb@TCX}ZUQwM#oVwQD)s=&%AJ$Lu)x8_>{W91G^S4-qDN*HRuVorMqZU3 zf#HcSOHDKjAt&Wt_027m3+FeN`tu)Bk=}@4^zThu(IbSEv5T=M6*7se2ySkzW0;|I zb|a5^#<-Q^cW6OH9Ot!FizJTz0RU+m&bZGjjsA8O>z)b3siG$>6tNA|S<; zbJHh0el?xi17=2=ObfR}k35ijRsqy4Y;TqY3ohouVEyW-%cC)t=Hkme6qE?<17P#PJ`qqkLvpDJQ z9_7nO=Xap*OoLgT%5;b`M;jiVxTfj>r@1wYksd-yNKv1D_0!nRrs=UuWve62#>H?* zC`C%wa-w2oNzyA2y-f+Zb*{Hxh|91yB}q2Nt6<5uw)noDUVNFZjFYdXG}uiMI(_EQ+Q( z)Fb$FsMy%*QcjwF@)$GVw><}Ll$tIo$I;EZ%N-#5y2*()a zqwxLbgxRjN>!~fEwGb9bUA}U_XN-3|^{h}ipDp}H@w{k_bW0)8z2Jo8Tr( zyS+ebV%1XKC|yX5?fcA6Z)%=hEMGD5<=>CB81*kVQ<_JWKXsCr-;Rg!749Aq@hz{3 zbjF6>bo)X1A7?oBrR>Zk+2)=o_;GWg-Ao1iepTUVRozeC^c)QIuA|{^fORX_?ppgy z7cU!Onmnj~Pk%}|ZLyy@+oz_XPazFvFbW3c05EE5w%i zexq}wMG@T2Ah}N3?^w}qwCzbQTIC{gvq(-D40?CuSJHN#Ak+M5 z;j4=cLU$I|a2Vv0H5=n3aOyolsc+q~D*7KMLGWJ3;l916c#i5z>#Hdy$J=M*o_Gbj z8v4sp@Qt^Pye_ia*uyoLZOI!9gVUk)rzvT2oQ_ve(DdsM4oRZi+dYcoYD@>s2>$?P zzAQc#ocMG z=DjOYywo)vN%f5ZogEy!Zwc6}zMo3aw;rXa4fl(zE^l?|ouggDJNK#)o^xCljiTz2 zYm>t&t;U$-qG3i9div+DO>cdDjC7*K)~sWW?aY7KeJcHd-%R0O{eNQCZ@OcqDbQqpge^m1bu6=@n3Gaqal#gjy1ED)h4@zxp%DMC}j683k>AG)+b%)cmrPl4O)Lc&#KQ!0` zVV4-r2R~Z;()i&nm4D(HHQOHy$8D!v$XR@}!hLbsjU>J6k<|2WgI+xFhNmr`hjlwk zjS}@ykszO}ryOIS#=hD34+n*0z1A;mg`_vJlD9Fj2xL$=ARe`HOgTsC7M=`;U)S!e zrARc{CNC&LKX%>!02=pC5BNvn?cI%<>hno|9L!l?Aca%Y1oi7&@`JfiR?w&MPxgAy zqJIl&R$9f)?Sht+!~sQ9w}3`@#&cgR`0K-RX*RltpA*Aj2*;XwG4!bA8S|dE7KwXe zvsmgE5IKy7RddPDRmFM8z1H5{G^Ls3jsn6d88Ypj=hn51ZMYYc#rk~OLDRMUUVBA{ z5rlQ;C)1Hr>Ao`1d^u?yo&Drj7bzl`Vv~$6au}b&x?;2$`n&L##yVHT4~AM-juty< zFh0v9F`gpY09Mb|rq;9_W5hN$mbRLD-07DiWUAwKRcwbX{n_D9$ zf6&=L4oHAYgJKI8aDulO6qxmrQsjju%@sDV55%-flSHRt`lc(EQE#DSN7T z$HoH6O-^ADQOTI9?q>VP)K}8JGx$TQd^yy0j~!WFO>sB@8CAG4Z3GZM3h7d^My(I{ zAMu05-YSl3%e^XDu8WwPV(cmh9V_qOhgKR-k9<*U;j8DG)xiREb^E+$^Q{8*I=>qD zuf#tO{8-)`)AcK>t8fCVM0Vmcj05^{UU~7S{t~SxOVIpVq-YPVUff5rJRl@CdXho* z{VNKI+TqTQE8s_jymxv1zv5pPT7PBV7B2)&HsBxbkH)rqQR4kC!+NAvH>4%x#QdO) zwmk)B%C1bO(H|Cke(@KDJVKM|`fL|#;`nYntK{;)6DBacdjr@10Iy#I_<%w#Un<>l zSG8>o$+^rjmqsd~dBTrMn!-E#4Mx*cvzy7kfwGRH1&5_{LG%&&o$!~&pYWY{Qo{B) zW?e=Ic3ovg00$em{&nisd&@jgG@mKzYUQyBYGU}u!@uy6=@OkRu zugeb-=+EJOL;ELDX@1lsljfK26%24s;aHo)v6*42YC28)8jhbLLvaIcjJHBN*XS;% zs$cwO_)Dkw<4m`PYui{B+UG5jqzq^I(v)s(7~K6k{{Vs)e%OQH&&GSN*?-3RzV8Ki zrOWB!<&T#I;2-MHo<3}FJwUJPQ^XoHR(hS{M}1avBS2l6$QSl?5rNcR5#f&L)2 zn%eh6xN!HXcgDnh;5&bxLteM9T)v+*t<}1LC^_l(fb46X#=?_7kbn3%ANE1D@JGZy z4u06a2+%ip3&qh5AI1hG9#y6Cj6*ztecj_KPfV%F$>;e>@g9cSMcmf$EN>PEmRIg= z?Y63$TP}wr&Mr?P-ArR3ocF4W3K0^(a(}yBhcuBWkyjhCK9sU44g^fwv7VhMC)t(o z(zllE=to2EQ^Ly*`0%6yj+oEA1jQB%$Q@A$$9l4=*k?echbEb{U5jwZ`?%1t-Jaf+ z>z@I>GkB}^X#JqR8Gg}z3|5z0@YUQh$qLHReX`iTCW)AKWGp`u>rCpVf2arS-TOg! z8}^s@E%5K-FM_o%wfKL;RuSANILtE@`IWK!Squ-lp0(&Ywcq0^&Mj22l9pL7GB55a$m3*)iaA;>B6dVKVLA-V!9F7^28P6Q{ ztJZdrF_6f+!*P#V4ys4&xBL-5_T0Apl|N~Sz8Lu1Tl*KopAzCcNf|LDjmFmMJ^uhd zTK?>OF`#&5JUtJ9yg94F`Kb#0SHl5M4v7&EcOHSb=wGa&6>D-78C z;GJg!+MpE$_itMuvP&2d)9ubt-YnXqQ>5E=;O6)rEoaQd+GHHrgv5n zpMJH}S;sqnqRfnPaJlVFsJj~QXeo6n#XP=Lqo*~kH^azo;#md8##7XD%`Q`8G-z)H zkJ<0uLaUHlKdol#cRE;t0dIz#KvRzN>}yQo8tgZjxNZD8R$}TgLLKG}|%Z1@VuJAH^8HyPaT}ll@31jCb^|c}mBt zMv=uoi*3b?wwHKJ;zrxJ92Gd~PhQpBTgdOEjgvxVKPbt`&MT6wOKf^nsS|iN!oDZh z@0&`uNiV`C>E-fBSp6&RUxUB1!X?$dp><>=xm*&=yd3`k`m4>WRQs%lD(3gu_wR;$ z52onIq3suHo;@-vJI30spQQ=lvKHe|+r48L=kWBdIaNPPz~K2~bIE)ss_K3({?UtH zwQV6$kCv$C<^#VN$4XP;O+Ui7+J&^Q8Zqd=^ggx4Qlalsq+x%;#-8QplS;e>?LjKt zaBG3_RQk7!JU4%Hs%jQ7>Ne4|o>R%So33`}t#Qt!&vysz*`E^lZo*Ac>Sm0*(TSU< zI6Juq@y&bR**?vuL=do$3>?-DTA#Z3eFahTGke3*O$-Jc5eaOAU92s+LNMK)I#%(Y zbN31uRmxHE9-jrLh4r0H9uee33#*KE^!%&Ed==o!uN&C-p8C#pd2A3f#0E&?KcG3R z2Y+mIWWk{DU%0BR}Nl5xEJWBop)LsZ-vQ}bK z3NjB*#=ecv^G)6}ArEOnRs?JMISf_@+Bkk8_IE%j)XcNk-E!aLda*o6Jy8 zQ}13rINeK?c?`JVV*bT@c0WepjK)=|I7@h*{{W=ujM@dfx=fDcK^|Yz(y%oj0jG;B z=7&|%2KD6_$AYcvkzYXyc1O@oqH9yn?X7%g;JGHe(?!pbZ_I`~zSSA@`c{Rvjh|V% zhf=(_H&d|96wjk4(=_iL_-@+j8Q@!#UoF%eo(EH3D|qYS#P)Gq+v)8j zH>!8X=-93*(7HSD__)GWXTE;OTHKx^@V|(33%faD)^v$j%sP^TA2<2;udej37ihYL zh0HpA^cPnM8!?9Yl#aw#n<^J)7fyUzoEr)ze$0R|;IFi%X@56bX@cP%w9}GN4B#_&@a!Mh{ z3!VtbtSi&8@EkFXhCUT0wMuedEgC+;@b`^%4Kmp-3&iRHA20_1@zSyHd=cT_9SLxPXrf|unXo4{JG?h*1YS$(jO5{@jUUxbPrb>cYQ0Wl#iRoPTC(<_#4K$m&4s+ zE6AdTOL)d)M_#Hv^?tSZF2hLiw}JG}6WC7+&2ojum%szCHSExrL-X9`uPWweI3w2l zGps|a*}%dyB`%N-Svl$cd)HOtt7|_M_;TM?lHAJ{FgW|8-}A3VC(TN~zM1gmx8coa z!JZ|v@fU}+E8QmQ+I6|KySH+ZK;YyRVcZ(E`*Z%#zY@MW{4e-xulTO=)5TsO@Xn_L zeYSgLTa0wbVcdbwt~spzr!I%mRmo^#YSG3@H>pbYeXgwj^ic3zy2r)O4aeeN0BiQ} zYF6?Eys?osm2f%h*w&uA$=_jg}q^+-Mdg=UA_^08oj(=spkDfIBpS~n$ml_v{w5x^|=km7a(9_lMk1PdUl3*_|hKRtfy=X)lva zHPM{rx2oM-OEre2W@L6!pD@nl90Ss?cwOg63@kjQTm)Z1Ty{S45xP3ape31s`MR3I z*I`dciaZ`9}?Jkcre;{qZp4FqNX!bUiVeR2Lz}paO&)8nv$H1qNseJ)NC)LT_^;BRgkKlDKjM^tUVX2_I>Pc9 zf%0Tv3Hf;Ax2<)BbRYU)A32L~N%q?B5^sxvM)&MS@hN8=5D;XbjeURwst`<2zx zax#^{Q~6dh?s_z7<649!X6v=W29OC0AhH^Czo-B z+AbsD54+a`*1t4-JbaWyK#17ry#b=CK6}G#CnX8ifAaE8{{UZ!=n(9E!a{d;6zB4- z+_Y>r5rgYkpRQ9#%7WTyZ(I^tSmbfgS5FR?YXRRQZsVanE24!Pp9|s#8sYLx4DnT; zy{{_n?V%j)yDFSSdgHZfMqq*z8`a4i$h)Ih2;}_L*-i(}RB7tR8B9olh^~)LzJS~LGAJ*f!xhsQoE24y{zNwS zZp;C21tWU0a5C~yYl^FU~i5wLSldVq`se5;me^&a}CwHt}+_E(1d*=fqrEAEJ zSw4qP9I?#|1&IWx+$f3|%Cuu9JpOd09SI3yRRKxk+NM~%wIBs@c@>eA_azZZ*l#SH z9*4D6yS9#aNFc19^!b_3H_)-9S;=ILG-G)ky=qNP_TA$R9Bi`mY;>lX2RHV|UCJaU zkIK655BOG1a0{!M&_urY$nQy&7@nbUG(9Xs1*@!301jER$g6GQJu(;~Fx zsTXsiG|eHbS!$8OC6eA^H~^86ilwSp*viOlk`z(~RZd20IK_jFiWcxY>NeV5k!yLa z>h8ig?5z`gj89GnL0@|OD*ph2di+E2cZW}kzA5;k-@w{+)>17c5H#$*>;WU*wMgci z&(&{(zXkL^3;1_R@b!*?r)ZjeiYk4gID$!Y{?i_&zJ-B2Kc!q7Eh;GQFNaKk*fnY_ z!OG^E_*d<5n~g!%A)Ve(7y`OWD{~T@Rf>75It18u%jEgB(_u9z>HS zaz1VeBmzhu{c6&hIw2mX^Y!~of5BHZYlnxzU$eZI(Mf9aSUy_~d_jM&UEN9NO47{4@9qF60e!2|p-3ew9Hgz72+3sr1wX^ZXDYtN z2PRC{pp}kFwFG#A;h6E>tU{5D%Z{A^?^8a<9N9WW=7m_55bo-IJt|2o)>lY^{cAH5 zYSzbVs*(3V;<`J1H5o+gJg9Sx#NZR{Qzv4h3+#Pa`!IgTpR_maH>)L|!(RvLcK#fS zXydrmZY_&LwT?19cm&t=t@{`M0Kp*t0A@egPR_%{{x{Kd?}|Sbw+W5K)M3TD<2X=q z6c5h1DpWe7PRHxq5+hs36{^9e=`pU=wS)vk81x-~8W!UOE}b8i$G9D9mB`RTW9G9> zE3ud!MMSA=8HA&5d)8BzL4dmL} zd4X_Fe5Ul{rF2F%6FuX=Ukonw7$bdV*%y(O8Or`O_8)`(9qE?Q#|(C1As_?tgP*NY zgs0s42g1J(wB0=(X&@3OWdjRdji+fbSvtubx`><5cB$sp#uAmysVpG44zMwS{i>sR z=tOQtM|z@5`cWw{kT5K#p{-qBSgtL}V2vl;!96Ggg%+RL=_T}Wlz<#F0gbt;-`XE* zeUCqy0l;kZ6b!-fEVp(Mnc*oUTyAA-fm|)-tv;t_P%ycS4&6ltnpovN9^Gl0Ka6i| zAV#pdxgthJ$Vm@5Aau{IeOzx0Hr`B-spod#-hyqZ=H5Bi-%rzSE?~8m*tlGlk`>?)*j2$6rp~@iAHrJChwdkq;#Ae+$&Ujn-rmN(ZPYE0YK;ZFBXH<;{HF$- zq1e(gxyb7}E%Z}NC1U}8ep8H89uLxPW7Iy)Hn4A^cM6fp0c9ios>#GTx*nUTL18rO zVjwYGo*Rs2xnCD}H^EkkV)r+9wioA=#xP&=6zpexPC^SwAj0{~MtbM1cQz{{SfBKB zAkG5;%}k?m4DT>oOj(qM&JH??wWxT4dqh4`d9fUI>MCG}lInT~g8Y9zkkB+LqC#+T z0|A~hgI!09X1diNd&pCBvB?UcVzeqJm0hj07IzJB6MoVP`W#on{yXv7TzJ0MOVIAs zuVIiG?c?Kc9h;0$bj5T&g|^gS)@^L=(?_(@Zb~STBghSo_%vQd_HrY8By-n^i6i5#3!FkWEOl{B-8{=zjO4~uX)9vAn=T$yeW9?s+ zo+I(E#JvOJJgnm4=EySdLl??0M&MZ0G;7L{_RfIT-Ybd?Vk;=3o68L*!~-0AS6Lp1 zV+GV#_Se#jlA8=Wj^4e;Ox6`5V)i;gb9_}+OqB1(O3jivT6I(e4!rlSdl(%>l(NL| z{_&$A@JDL*9}ntK!)nQ`Tijhh7dc6$gp=uh1rTIHv8KTDT zaCrVz^EZpFH621{n$F5Q#9(u@eA)V9tVio)@f#TwuOzcO{>`PW@*3Ztow zofMoL)?hzUww}?FRCZf0&@jyAJ(1h+47WRpY=6pZALrFZ@lzO#GFY2FEZ zu)tvtHHoQb$2v8|#Hn_RD1@A3kJ7yD?QG0)Lp8ilfz*y^$8lI@o8o8DWN7Ul$X`rw zYnr>(H5>gw<+?!YypfKZX>Fi#qfzeQ^1^Ko$4qph+H`|+DxCArYC>>EV``9_nD?E? z8;?U*yg_$ka-Zm_^KAjP4ti4(fz9c*-dyW6LO|K*MsruSiPj{8?89`&{bqY}{{ZT! za_A{Tu*m10OI?6$9RVGyM?<-7K4C4yk09NWbHyC!o>qDWudiF`@LRDl#QOrP00*$H z4^@u+kd$_rl#V@WfyJRLZFx+q{ zmoRSJn+`L`9Ad-SEufQoG)?d1Z0CEy?xWpGLS ztE}2;n4@R9Mo+Y}1Bl4e_ zPBUFx-X=waTU^-3acRh1fCgX3y>uisAeu{Ct3-P^5kjw39e%av^1yB+yNXwndkll5@l@3R4l+0v@=+-NDbsf34lY@Xr#di9GY1TH-C!C&Yu>)}D^Qw$k z;_O9e@ajwDG@C%*b6C+d=F@bGqiZ9k2*>0N9!AlhL*fsN zz75weJXLeAT&264i5Se0C>bN6AbZy};apqkH*wuaA-P7}vG54bYAkIXQO?2fs_Vj< zw0d@KQeq-J3IqZ>-|+Z`x2tcprQ%;0FN(E`n|Z9~2H2S3kR}xJLBkG&5%sL6xH#%~SBSMuNd!Io30Qh03cTbr#ZmPpZd0iE}ArHk&oxC|Uc??H@J!wb z($?cll55+ifX;~`k@F7OJ$W5{>&$cy8Ti6m`@38D?pj7sh*fd`BiHbtafvRabtV15 z({({ITqy(-!EXE!Ua|0seIvv2UFvq4fpwnXv!Tfd$}x<76c5>)_s0JKi(34iJFsgl zA`8t9(k;=nXKo26I0wI8J?rS-gCDd+_xDXBXz)t5_USAU>6Lv$OG5(uT%JC;~QI19Cxd_(2$$ECp|@Ipjw89sC-Bo z7mc(z^jmwo_;hJm84PFUR~X6Tr%L)S!MB=iufvTiNbtSNU)o#S1$j#3thvDi{sN)X z(!t8@W5IqQ+v`iGPjL3rUZD&I!HvXr72x_WhHkI*S>-YLFyUlhGmXc%#Y%v$W7j-U z@IyoK1)i6B^1QJ!Bkw$HZ{knFzK8vuG!KW?a$I<4#PQ8|jK61ysNJ_bWcR93dlKsQ zDC!;`i^3Ylweb5$wLjVS@<<{L5h~bh<90YbYlvMw+rU%Fr})AsG~2%`eYA2C8d3hv ze>~9`nK?Fi2aEg~+SaE2DAS%#vpVg_L9~3?>s0<2d`8f|82n`Ln|wio&G1y)xzlGaBHFu#MpphHKAHUMwz~0d zjjqQx*bbR>aE`^qSS=Cm2oyKan@Q|^apMhdRMtFgabsE`aP;%+e%qyC1geN(|Yb?1(j=TDU$=U@u49ASq!QaW|6 z*6#Df5ZKQLhh%GgWr#*9cD4uikLOxOT?clLs()v{58LW8Tf^gIHs5GgSx){7W3S_0 zrQ-hpgI^G?@65?%!GlQfBMaL9~wVre+5b5 zO&3tn{6__ciqTmnwUsvqUcg{+O;jJD<{u1oFB<$fi%;;@pMNdplO&<$vkX)L-Il*+ z{uz8#@YEh3(gvGlhBW;W3yn?YHu1>s151uu8Nn;t ziu!NF{{ZlUX`UF>VZPJsF5#USoa_yZ1I{s69W>GT*4Cd2d`G8U_@Ch}n{Nk*AqF`F zacxK1PEI zLwn+@oqJV=2Tznmkaz6&?bugnpB!|55KpD(T7<$BfGj|>{Hl6q9jKKvHzU|}KOJf| zH*x9yRk>A(5gCH8C`ScPrF^CFGr%4phs6+h?^e(xn?gwuBA00)OCP*@W1q^fl|61{ z&tu5GBm5CvL&leWDzMZekL{?haSD;OxZ?w{=N0+M@khd%$Ao-Ss_B}P8x=`p&usQI zl4Dgn9&DlGTX&7aZTsMk0jcjUCXt|)6-}AJ!RuS2Sjy+Kd=vPsec+E9*w|c`O&;M4 za;qFJJ^sJpU#Z?6p2G5LYuF@7BXtZt2*qhMGpW?9JjIscFjLt_O88Iqqxf+8hL>aG zjUpJ{_9ii0#;Qq?M{)1ovMM{D6xq8j_PC8s2^e0(-oA+aoIW5}_&dh8{vFlsq=Umc z?YOovxgsQ#bin8jPu87|gm<1jx7B_cc;`gd{4;aq>e@}xYI<$zXM&6$fI5N2e{#RD zx9w4-{@7o$4}rcc+g#c|h~tE5`s6W_nC?>wa;K5o@L^e7-Sjp-y|C0Syel$l_Dsnv zM}NwBVd-CA=^BJyFYtzyuf*b0G+t&$dgLlf$ICyoFTp<#e$hV(z9Rn4o;Zi?ei89i zgpfkyjn-FcH%7=w#&;@^JwWxZ^N;xF@NdPx3A}Uh3*i3%j`Y{ld~@L)Mom8M836`p z6_1xH1IboU2yTbB6hYcvzo+~;%_Y$JM*h+$otz^D$FCJp5+e!Pes5atj>jyXgps6S z)tWysdK~umrpY)*I|Hj8nW{+6QY)_4c9KOW=y?XK7BV=&@6^>OkXs1RmMnSBGwDv< zDIjj-oM+mOUZuuXExgGV!5X`E&tY1zfpr5zB)ei^(SMPo(brB#^u7N82I>CX)BHU6 zf#P4-pW;Tn_ALWhAKHEllJY>w1;{_Vw^DxYcwjx44o!b-@`&zjR^S*-+<&{5VdHS? zSyV?+=eKZ871WW)fvqG4zBm1-G%MfuLK{=kEaaD8(k@o+Csoe-T>R)qUYW<%y!q%e z;I9*CejD+1t`Zw&@UMxj%tI~3rRu1`@3)eDfHnM@{@s7G_2l+cA*r78H{v2YLv?w$F%NghdAy9cT?EolI~EMeqd2bgVLc{ z985zDsNiwdtjm~s$+5uHjNq#;YX0oM;FZ6%KBfCj z{>eTLmfHR)ek%A1Xs#fEB;7pr$_Dt@6V;O={sKK}XR+T0(Efz{5#mh~#@-my{8!=o znCH{);}U#_K3n4qr_h6*Dw&^DfL`goVo!e&Gh5{C-oM>7!&wtO$~Thfs|3%h+9UXX zQjhG~j1w;8Qp0HsJq~g7Ccl6`_$*KCm#u!t-?guZZ~Qf*3r`1Y@_%gD%LpPiQs?9Y z_;5!extvOY`Qfd2ihmSCZ>x)`EVZbRdA~QyDByB4&uZa3SE|0RYi6<)dzi>VK;)>U z$XUQGu|h#&dG0wC)o5)cyvkcD!MlpjW=grccckrk?-k;ka+d>cHrHkFTjE8Z!@nJ9 z+K#TeO9gy= zF))k6pp@P=Nr1!OId9uy(VwEPUc@) z*-4z|cPO*DwhL;bVu8oKI>W=~Qnc9D9$m_ljJ7t_MqL@SVqj{XZiN}Mx-ncgLRXQW zTHez9KR%^m8rC@Hnm|S}GAj9zx{Z!l>6(SJJ+^iZasyX0cXvIstGE|k*yFW31fGOV zt~^Rmj(?S9-0Cv2J;ZH|r>=U6k7i<6w7dIAOO4$9IL&%Aehbt5L#8F`Y6)dN%$V`_ zzLd6QMQdZvuKXD;jN$y&kgFc2lUmw*GF_Cw*x>WeT54LC?9I#Ao&<_;LlM^7pw_)S`>hh-?6~WGbO7NJjStYqfN0~u5BcS)Gay6!4 z-*}5h(~JGKXw}E?%-w^zHs%n~y`hJl#mexCi4Wo~7*0Gejv(}(^KBInYpfRXz z%1&~9PrY$hI^^?)JDj$0v>NAct366gyQSNWLh91$`2t4~B$9sU_w8Rzcss$Gmy0hn z>m4RHc-gXC0(Os4ToqaLIZhH)rlOD4pMbv!SHs#hL4S16CEQt5lRV({t{Luq9Ta@Q zt9)E<3D2o%_9oWwPOTo|nc42AwS1T39~b!NS-YR?tr>z`D01AO^{gcp&q|z?uFpaE zO&|OtiE|#Ib8~xfDcthAWSYD2AHv=y@qV#k{fVqgrfG)@FieIcij{?vHvZD32Wc_w z@JnCtIS=7oYSU6l0B43^a-{v@2=)H}IIWh8QHY4HBg+mLdK${66{GqC!fbsis!;3w zBdF8f)uUBdL=3nDXYU%_hD1~xeEG@stlH>*LSeQl_>SBATS3&c&83n=+*BXDM?w0U z@}Gs@5G{Tgc+MHMc;b`8T8=F>0k{t#&IaS^Kf;xc=*cBx=${>a&U*B6N8;ZA&!+gF z!Z+*ZTgh)G>=W4Izu{j!c#_8Y#?w>q?xm!%Pk<$gSoV-cdFSeDl5lCCL6zd+QWn{x z%2z>x*K0tsTTVR>0=u0TP`k2?!|j^@ZTI@tdmfv!M^R_uZz_0#mbSXb@Em5e^^0py z5eVhgEUa$s1~VhVH@-Suudn^0st*-D<$`6!--o9?NOE!O<_m4HsgW#`; zHD3()f5#ekiQ`MDVDlq|qHmSsVe+;;vOg;4{57L$n$&l?{kAWnSr}mkLayVF@ULqq z#d1wHeP<8j6(=dar@i8b90^QP48+jMv;ysGM$(qn0xN z01G_YX4O0)tqoe=%AZbKE9h-j4Ijn!klg8|92Esg z#z)q;>Z0n`dz{b0b=LkBd`7$RE|sRkHlK37P4sLyanm^ZSEG2d!&)5vJsvjjwdKy0 z6tRN#z+nR(PT}7MxF*%k8nx4?ru$g=8^m7=e1CEA0xuHyVKlq7S@O)_?q$y)SD${^ zdaT|k_<`_S!{21PkHvauK*8UnV3OD#gpp95jh~`$<|>7JRvp9Qf`5_2d{xsVI)%2f z==Sou1er1XU|^rpvVI@jgz*NKBfCSgP)P%*&w5T5KU~7py)=G^f5Aq+5cq%Mr~DII z^Wq1IJUc$PG&YWF8~Y+mwm?V+nAq*ukEMS#-w3s+E;Q?S&=~}QB}uyQGB7_Z)nXv5 zkH`EV#wlX4_$B`UF6w>X68#UZE%gPDO`H+Ey-CGncx%KL)>kvFqs;)_o)5oT@}`g6 zD&dr_ndzP!@h+Qhti^ZYg3n^@wdEr|UU<(xT-Nu+uL}5P_Qnlw!y1mAb*fu0n36=B zQdK>O>z`l#wPfOa)k+m;)lNSN@h`-S4S!nF?Jjh=Bs!ck2@Fw#xv|^)`c@^Dq>)+~ zHS1ZlySV0eVul9NH zwB8r+T4}bL#9Ho*vSt?qWmNPS73)!jtb87Oh`lzCYPz=5u5L^Wv3;S2FhJ(K?^(2y zM1tc^XrxP5V%vX*KGo26J6Y~l_R(wM3(A)Ly|#aJ$d~r z^fScTBwD_YZ+h12E@Kj_738V+togM)xW`ML6>(zPRoIf<+CW$_<_E>ho7D;^&I085>M;GU$$#NkgtBOcuU z06hK@zxze4t;MSZiK7w#df?P!BdyW-$I#a`m2MSyIq2wAoPJKzzuzbK9X7Rd=B#r_ zrQ3m!I##ELrSk!kVUVc+XT5oxx}Vqd&eq>+7hq5~yN;4VvMCr#6~*wq8r%qaWs?Bo@b?aigwNnt@TXD_Z60o{{Ri|ZTDY2yPq3)XW}=9F7>xh5!_iri4Fvc%F03RtT;9L zrTaGcx4_;uhT}rB@iw0>s{l_Se89>{JqfO5hmvRXO$^OWIy2&b+RobRMEJ{kx{6yW zyBL(jc;NQ@*0=r?_?}T^CY3yK7#M=C$@8Oo9<`)m*5%Y{N85e{)z;5T5}TPsLm-7e zdmZbZ)%;zkL8xDSigPL$%d!>8$GuU-Qx3N}9|n9wy1ekPySPX~upv~i%IDg&z7oS@ z<1ZOqcymzIw4E~E`zQEA#9j`x_+e|Qc=qVYGu~S?VeZ(R0PcCf$3c-)l1I*Q z23ub;!2ME;xg71Ul4+ljKM{T)c$4E#jrD&Vc)~kDsoYBD-YCZwu#=F2vu!kMXyFB9 zXxQU8^{!g1{UajFqlTdhFxn|ExV(l~9D;Xx8r;*gX)YfCCPCT0?Ni7^WM>qq)4A#9 zS)~je30JQ!SjTqFscll-3tFenG0r(PQZVJ)d3^WCuTqUWALhS`ej?Y;anh4^r5}ZM z{{Vtb9>#DAe7t0y^&IG`+yl2gE77L|@#>Wx%(EQh$}181v&}Z$r>;azla}z6Ea>*x{(gK+5b_ z80VbyHD((Wk=V$p4st1+#;LLe3Zwk^;)J!G2h96Ip54VJOr>HeVU|^3rGpBKOpf6v zNSyB(&pqn{7W$oZ*KJ}q3t=ZD{KB~#%kw;p$cnk_IOeTD#!QWMGiwth$7-HAHJD|d zX-M2eN3ay!QrxuzX4=7L0hT{8`fxhd-JI7^ptFIbiNCrID>Jg3QrxgKeNy^WU9uG% z5B|L+*M+q>i>oH!7!Y$ouR0joI@$%7P`Z}Tu)^RIxcdRr*V&%{{{UiNjXxP=(|k*F zasL1aFT)I(CA_;*liWxD08GL4=9P{*wGsO(@K5$}_(AY?8)!Zqcvc-t#NmU@tX_{Y zX&4UMx(xGQPEVmnrz>Awu)Dh?xsM!V(3Oq}$aR&ki9BMBX+5->2AP7Oi7_D=?T(+F zdY+Hrtt&!`F>L^OzyQd{EZ*drW)5bIka_H8W@Ny|+O6iy%2ilGi{I9wY?mft>bvgk zwrSA`r_Kx4KHeBF0^Mp;%=dBp%AvRwk+H(-ekq5;b~=Wqtm@WUcA0Lwog|P4VgAVK zYvE6dKeYb<#19vyq2bSmmim8$ybRGZ%dB50^Be)oCVuGmKD`fmQMt5YeiM9t{lESl z{0Ng#(R>puKM}qmGrY}o&%Qn3h~@sj{;K>w_~rXT{8{~?b-SHc;xCMKTdNr*Ge@Vw zUpaQ)L6nc(M$ng}G8)!|e5u!#p??bvkCIW6FyH`)U(nhl2smzfl<(l4GLvIe)h~7KaTh}Ks&+Jwl=e#+P?N$E;bu~Ci8 zZxHL+ev559jXJc5KIl0)uamwc_|I6@H1j>q+bsoy0>o{}9kW!Cx?K;?4~bv2=Y{?q z+TB^`P$atCNM1QoOe!!r2hzVJ{w)5~I`_p5YU9>4;c<*(2EAKI(U)Xq-ef(w6pW^h&dBOE(2(%CP8A|j0 z9td7X;Z#>wywi$X!}3H)&#Ib{8FE|y0H&qDxOo+h=E>rzExX2fi&fl-w<{J2wHK81+1G;1j* zXi15=B(8Dvu1mwW@@e|Zl`6=?{aXxXr8{gpoergEsOwh@@mVt~H_L;?e7o^i;Lf>y ztlQm9rkE`!kSy5*Hq+Gq0QKqfvE1%_C-C!7@IAiGKH_JxnlT?PNX9x>Q68GYWfuqo zj^J=>Ib6%Nm1>W0OQK3!Zdu);dPs}?|k(8dKZw{BH?P!`;Rl)g(N`ik8**t2NWFnEz z9qU;ji!g5Wb%oHCX-PcbX1d=EYY{;*Na|xy*&?%XWyJ3FFBn_jk*1kQfbvJZdEB;c z-fV~-McvMNfmaxmQoMpBiNK9q_2gGEB;StX1cJ>gV? z&*fdNsj^5wfA=Dwtw1Z-|VO*rC zET9!npCgZ249?&qaLR{ ztB}5*JJQ|$M(oF}bAbw5PqZoyyz}0z#`m_Q2|UP@pS*K{TE;z1BNNT8{w>PBBDnCH zXs>lNBp*3j83(^7`B!MNn}A+Ob}{?Ds(q_?#Tpbfc_)D*W9Jxv`KsQZHNdpWG@%IK z7Bt43Q;tD$-pDpl1loSwsRBd`lgwwNRn)p(?7dl+=1L0>vW3)aE$WY$Fq_Vk2&_OR4gl< zF|(4^+`MfX#KQzrtu&oBTW6A1K6yP9cKX#6pJSNRtb}aIZbV>ved?!kqd|RYOt*n0 z01^S|?N|*I&WCYrY|j}oL(_J8))A5hxG*wE>O2hzEirFjtq#mWvi6h>VP0;rQ zS?%3eAx?p-Hp9kNULKnK-a$Xver7vPNN-{NE8pa2o~W~{_{&E9MJZ;f=joBb~8HU~3T z;lBj@MgGIR(orvM-XerX{{ZU2>OD9=%Dz_dEsuo$0{DjY@BAfkdl#FCuL_A{ah`;7 zPJ31|+}fJxj+04?!QT_FH1ntEU)c8d2hQ5b`^8hoexLn%^8WyezYeu8hF7q@ho_g( z?j4#ojD6P0&f$vZRdun|$;+cYVDV)7)#M{n)J#zXB^eQV4&A!ef5JZ(K9S?NQYqn@ zSR%@-#DyfDLHvbvQ4 zE$pUZcdsa?9X+bfcN3=Y?34KC!@eTWyfb|Ew=ECaVr{2mHc9F`@_#zuEPOHX3fIYP zZp!`!f=#8Q!M3giBJI)HVotSe-+QG;%U)-Qoyf81Rj{KXG_%o0JL9F zg4)v)K)cDu4I z&0cW-0AaYc3~yp21;HOKN3JUxo2wGmwmqZZXNG(!;@^RmIvjefvDXAGD3G`Ow!p+^ zJ$Ma5 zWBFIr{{RDQVYcz&>ItS>OK)&c7$lD-L(XzN^F*Gdt8RVa;xC5Y1-re}yhRp~ZKOKH ztRPXh&Bv#w(!Vl(EBq?8)iwFG9|YaoCU^Ox%iuP71m~P%9<{{g)T}jRczO6)ap2a} zJW(#S=af`-65y*RIY*7eVaK0DCP zonfwG+Blx-(q)_ggswud9k~Ah>sE7G89GfnpCEW^;)a>weQ4Ugx4K>BJh0%0!93!< zjs7RxYudDr9+fTbl`I7O#|xZe7#Q`a_GQ5}x#gZ5(rtV@h+Vrq>mP1^LgN&neSB)XWl;z{80Wn@MWFUf9a9^ zl|$jTNgH5t$I~XhZ1{tuc*e~*V&d+4$AZ2yO>f}Y zrSTrO6qh!zVmWtlk-%Pm$ge>7EBkdetD^X;;b+Ay8Vzesxrvs>`rUJ|o{P_?9MsAv zN(`G__@CjMYkM_ooJ{fv(8zf?;8(&wwPoI_-XYMg?wZQuPP>T6CIf2*9CCk3$ggI6 zwr!=i0orZBha#Z1nWQG%l-xZy#WcDV6=An3kjV?nCBS55KPcp!@t?@e#GH z3ADTU6Z=8}5o8a$o;r%$v+RpaZb@w6Ry|5zc)s#wvG-n%%k?BnxbkDyu ztKC22Kf-vm+Zh&ZcSRyAguxC^zu}+Ozd`>1;ECV0ApM{J0BI?{0(kRY$HNaB2Kynp zV1m;89I9uw?o?;KDRS!3ykpS*y?j|7siG{l;xxQc147I9Wkb+|?km-QXWty9xE>7D zcUeIpXSP=#C?}{>{XUh*;5nYp;++w#%Crw8QY#5!k$5q%IRqO1UVq@=f7t@o=TGpT z?cd=o5@O;J;qM&5Zyx1X$tw-Zc)4%=+{rgsUH}=f^ znZ6nPb?~+2q>^eHbZ~1n$bNe()leNIT;veIj(Ux!y+qcBWEu5FuCT0z-dwbN0Om`4SGrlGmAp2m~1xV^y`D5ar0!!h)8u+W>-J8O`7SyFT`YTMk zR@O`sV-3IuC#Oz*tMd=`-}nO`#s2^UUTc%-t)}>%-qu||REDio7{Lg0=la!n%XW{i|v)(K6rx*pE?MyGt$9%{1&@Q^s-09+lrr=BW}ORkB!+ z2Lh@#*9F+_Z1$}VIqpFJ05hC{fzP?9rdQkna0WP94H05E);LP;ahA{4tIrZ;WK?b0 z>+3+tRzmwhTrfNg)au}qyE}Su+JmB-v3lC&WDf!+7w&`H*XTd|6ASjk@dxZ(`%n0D zUXxRW{0FLBM{B9UDJrO}cIS6bf2ge7b+PC{pXf30pU2jI9`Rn8X{KD*Kf=EqMs;5g zT|nc@w7p~xBs_2x^SoldtJJLK*$%K24My7`favSo8s(|jxiXx|W8xbNixN}pmvJ5e z=+*gM{{RJ7{g4y(k^PrjQj^1tuK4G|B+5(}TZ@f57?WlPC07r(zQ*;gQAODQ06!lT z_+M1`ZQ~t(!CJG<(%Q&c+Gfr!t;zWx>y8i7u#!}g=*W|A{_yM#HfX2Nu{1E4{L~}N zC*}gRw55tzi%O*%9s5>OMFy=T=>r%U!e<8u?^hLbsmndB&51yboH0%qel$WoL7!Lt z&R?|`jrTC3gwGFWdIx}zSZGfalsP|VV85d+hjwFFNqx+=IV2*@2PNXF+j#6Q||_8tN#wpBHOAjeky`TgH;I|AYF1a`8Dx>ZT&~`vd)DTY;@EVJF)ksMUl|xD1X1kn zZi{waCDXOVE{_}J70QnFm#FAQQXP=(&j%l^S1q(Mlx%aiHgGO&rSjjtNbOkHI%nC! zq$3vIfOMo}<*6Q@8bKq$IdKad@m`&yPb*ucrK18@g#^^fH#Uan39ak;pW7$2yHFJg z&mD17=$H2LMKtRujh7rA0j0=lZowO0U)i)W{^7E+eB4$2cHUhE1iM(I+Insn4fLnV zGs!${@j}~9(Pww6NIWYHiE`khlftkEu4*L{s+}{-Z1v>T zqq?}&waa^Jpc+zTkl=CmR=oQ2#8#MkB~hH_N=6|Jql2v*2aMs}-yh+f48= z4D9jeaP&3$#qeX`MxUYSc8qM1G0L1^jw{TqQpfCEKb3nZbK6#ZKW(Sm=~muX3Wzdt zE6la89O)BC+Fib(5xEDL_i`(SQ@QrkX>!KLkodFW28-c4S*5?bNUv3QqVDQFYvG@a zAG995tyymHrL$c`%G;e=A1|<}jXq68v%ki z$*!+uWPBw|=ChUDwl)^>>e^CNsqLI+BD`jsD@rmMJxh)@;nWf};zhSt7crIX`AuMyk+mV!y@+pz(H+Hve1n|qV zXez+uF|Qh|T0hVZ7~%?8x@x5fR#wZ?9?=9whMwrk)94tp%`bsy}v7(01azFXKm! zd^_=;`$&&znMXoSIig6~jt$1AIzCXp@b$!Zz>~h*ecTRz8l@$qs3iL< zh^L3id%N>3BE*#lsx z$3Mt^Rpa7a)s76sb7AKj+UcL9{{Ra-8+WMqbHeg!HtXd}0_~MQi?Pjm7mhv~HiM{I zX^p77cMBkB-46~uJ;p1{#Lz#^uW7B1FZi)-2ZD8-0&54kA8WA0n_nq24oE+d$Kzf1 z!aZRl@YUwFjSia>C`^&N0p@#crG`yABiq0?W0oE>)_is1;V*@*Z0+u0oC6yTsV)yH zameDoL`Q}Ed4J%&J70@LlJ*$XM4C2nC+g%xU2sFj=HCcv}Ju3!q-T=kv>-$ZHLf|*8`)e>tXm}Rc$MuI9&X5 z__5(#Y9!RIZ47Zf^BC%HCbFi@f*Q5TBgX~ z?NJF4$>`)~lj~kNr;D8nQVlF&B#p@6@z$%^Xnx0rgNkrx?1${R`$zagSN)oPIDXIH z6Ld>Eojvs1$s-eu@ZDQU4jEh?g9G{VU&!ae$ZmAaJM0YBxwO5xgZEs5qE;(|^dgoq zw;121hvl9h0^Pp^4+_U>)x<+4SFkU7&cnU zWs?Zq`K%=MXY5=fn!IKPo+?|*^mc!WFKG!h&ayfANf`F8RMM=amgi57F~2T29l5K5 zKBiJf!T$gfCcM7*$KrLkEW25Mb~-5Ba!==8>)}}}U%{6VqzxVHd2t{;SJ3{v*P%;e z@?7=`b>x>rC&Tj2!8R5Sq_%V0+P_Ty0ArtwmbUt!_+jEpr?7b!HZ#ah*|Cl?PhO(E zDlb#!^DI9#7oqmQ#TjliO-n)6E$#xwFtW6K;B?0yL0*xkE}i0iE+4j-?ohAZUb(MD z9}4QYB-ZHhPl(?R?=7t4xYJ0M9#6X0=by&dby4BQmRQ>2OL>(NCHwD_{{ZW*I?%Sq z>Rd02jcQlwkC<-sZEM0hjC$D8H8h3QWMCsW=NKlxLB0$8aM1i$rP}yg#21$Oezk2F zjv*`HN~id9`PNW}Mtw|HnjVkh&kWmnKWK#&qzn!RaD6L-(7Z#e{66t6mE!*Z4zoe6 zX;PcJM)Y7agY~Z3Xo*u&i-gtFx_)Qt=k1qg;}4Gi0I@HGekyoo`IF(!xuBQvO^=dF z33h?zG7f-9t_j8l2TJ~6bRR29TWB8k)Z0b-g2>-599H>-q?28LKEH|l`}A=C2Y(VqPXQa9CreF;qMktE{ochIGq)>>h@^c`Z-tigP_ZLdHOL z8@+o~4O%}iL|5+v)}+!;LjIi@kqCF>alz?Zu_SSv7E_9OS>3lm>ENSq%rHocGA%Ds>iAJ@9gLMTYP!_obDmD@MnnR)qEr74f;*& zg^^c0g)B}h_jlkQ{1prKc=(-VrFd)NM~Q4c82J9-#kbjYKvv%Aj~Q8h=m)3FK=-e6 z4^?$PhklXX0o2A$dG<*g)q2!|>;35Y_g#12f2#-Vx%(??GtJ_b_zCbgSGv3g;!F7a zIcF!@w{l;2L%Th5lbZPN<3H>@`xAU#@W!L8d?;Urp9;Pq>E314rmf+rVYl++kMBiu zY=kRDNZLVA!151c-|XWf`2&OeL(lSjRDQ2HxKn=hHs39;s&RL<_Pws2$Mbu4`y77I zAGXKs8K-uI1jzwBHS~NN8N-A2rB%5oZz4T|( znjicUC*jqmlWU;(i{n?sZF5OUcStR*;j)@k&)qU6Nc!Ts-x`0xJ3a#ZG59I*Rv!pk zc%xFgdt-TTKBanYt}NLXAG?r%cJ(AwJPoz6_||3gr_F24Lk&t4;@ZCL@2b1f&uy=5 zwbb|?$NmXB@%_93ZLV2-O!#qi9mS&E{{UwQ=SMNR?#G;dUE5F7Ij?8&u7m#o1l;&{ z@I>hzB((7Mjqx_d!Z;d`+y&p~)i%+0Gn|+zv;jXRLB+Ql;JDH&;MlJe;;Z zwZS*g{=&dulp_@Pv3YHl+@y#x&p7Q{5y%}u2Mg=#T+TN=*vUm5C7ziSu$Ptd^gnjD z?BIQi1V`i@GhNgv^*@ikksc$)No4qEtX<^%?V|j3^S5SR@>U!N1hMt3*=5-);XX?B zsnb?Jj~z{Q=qAA-1%6T1foUYCZa^NsmDw0r=alWC8)>Z*$K{>JKE11~u(1UMjy=AW zXAMa$hshjDSgFY7szA|CCzhmb>4VtNamrmwlSCj=3vOD?mewZAob5c-DOlv5#anA8 zS7{Y_9R+CHMLd!yU^jOdqnVuYb~{ZsNBc{&5|Q-a_onOC7TR6A$R-cBoK%?{g`T4o z&&wWq^Tlc#Zz+YsNwt9-0ZkJmNiF(HuG0~@dmi=9!!5gBv63Co<0l8%O5f;>*SCnN7xKGx>M3Xxll%DzDA**N^`Q^6h+@z2HI5<%gghQ1iob-7+a6t})n z`!&C-GxRvCQaS2O{eu0Qe_=m{zYgy7{{R+zOE*6eJ|UqdIL-~7sq_ob;=e#HyeTEU zvPY|5MQfp;{nfl+BE~%ei~uWb&Kb()u8{}Zk?&va zw_SSY29iV`eXIDdRkqYV%#by<(nuqt4A*UF6y zN8QG2`Mv$8zu=<(02#hNwa13^Ek^6XKMm$zDmz;dY@Mm3N#d96B7hLo%=2R$G-u8Wls%R=)Vhm5vRVm@vqvoJERg!TnrzWjGyK8uctLJ z1*nqZW|CW;r)_!lDjHblt!<{%*_k84cF4tQX_{}?rewGZMtb^JJ79HxZi);b3jYAD zM?KtSS1>86pqxwbugC~UwECrd+S?SBx28Z)ch~vonAXA^#1@3-rngCAdAe5~1Wiuw9;R2J|bR$2FC1$zdkpCjpBNdQfIw zx$$N54=pYlNCtjdulA(9QrY>BZ%V6}%X1S`jp2w(1cg`}8g0GY_j?taXyIuJD*6#> zN%ko}NCBMCUUD3*g&I~6UcH)uK3w1fa6zQ6^fl;Zw!Hvdt zu?zpco@sEoy^vm-Wiwt*G&f8Z#{f zOUp!-!JH--4Z^c@YrQJ}06Kh`x4l!emTsQ-sz}Ls7`nfTbiWKv@oLgah;kB5wS^Ck zbnQ$ViyM`?w$68{=qmk~S+k(A@otZB>RLih?@k4Db4hJBT`+-%13hT=Wm%Bg#cdOm ze<^ag=hD36#u{h#oYGnaSkSM^>Dse2M->bZ*j>kIsK_t~OrA&AHM6NTmYW;H6rX5D z9O1b9CyZKPw24C1sVvefkJg|~UW({0J!-n35Y%n2jawM`O7y3*ze zI<87M$UfE2rlI|zJd#{NwpKYK(9|{14EvV8Ti9TZ26$M2TR6b3#XLJ~U`ZValyz*@ zGM1oly2hD*Z>Sip-JyxN5@R*&z6#M6T|POS!Ef~OrWozUar#z=hAgAgFU{lM%d(*=OF`PA-LJXelfUTP7}l0>UKK49DnV`%ji zPBt--(1l5aa_-9mn%|BI6$IO3EIk0`q=Nx$9^+D1x7`$(`G7oDzNw^Y8eG=tG%ovq zead)0TDT#do`5vgwRrWn*=9i)LxMQt73A~imY-?6x3apLQqD|l!|sgq&1^L6P}ICP zdSPpO)_ZnkJ6{L^_;r(n?Mucd5^nz6C1 z+UcUzC4x=a&wc=|FV2EC4FqiLqk-yalVeKv#4SCFS{O`Y7$lx+pS8SrLj=2!$Gbgx zP%>++E*)wk_Nk?09QDpka{mBfhSua-%_NclNeo9SJ5uE-A}IBbvRy|U?%PzHX1!?Y zx;Cxh`0ZU`UZ>0n^Jg6it5G&bht1%dAMJTHXjvX|y92WP+jG*iVutOf7Qm~vKp3qo z2T`i{b5w@GURYgZWyPf+@a2)6LK4j5 zD1+Q}JZ7QzS>i7e_>#g6OT-gf39?V_GqsoKdKwB#_^ zG*kpGMlo4E&T6qoH+ecu9Lh{nNW&;W=xYkln2}!PnH^kw`M~_EPGgwXlT{@=xg=>h z!NI54-^^ReMSZ?a`D|v_O{^=l1WwL z6t*=;^Y0Jq(Y5@-^rNa0GN-@2duFAn=&h$l5rpo@x!S*XkJg1EoKGFpB)3`RX8BRG zk6PuWxQov#A$g%7F9Rd-sxXu2dWMN(cXt$WT7X=f5P0IG@g9Ow+DX>kUgbbI&M`=y zW652UsEmF!5X(clfimL_rUEhR83;qON)Dm<#^^N z3aoo%aBxjQARy$?9ySbJF|+@UKA8;k^gMmlDrB z%-D^$Dh|L5fr{jOYo%X!XT@!$UR;>cNP#h&V{c|3on+X`*B=j{v%8Jujyd3U54t16 z1J56wZ+L6rb@%p~>)H*q z`;S9j{{W|WHhojVPvSi#zY{9=d}~U>o5XoNCm?R{KfsQZf<-D;ypPv z7m2PXV{Sxb5SRx9pZE{!T=iSMhUR>erD`4@yqd~=YWfR%38wPS(YcW143YIU?S3NA zJQLv$hF&$+KhggHw*|KA22PV_xdYppe9pvL=a7EMJ{j<@jqbENl@{0fxxJaMnl(Ft zEI#+@E62g3tiVW-9p~q;uVyIS{51e zS3kp^bJv>G&75C{b-QW4B_@HPM6v1U=+hYw&%35QJq>=8Xj<=vd?~6}Y1daaR@$VJ zsf?@gPBVaNWPzUko;;gdjWn6rAe~8!Zs5270A9H{d=W06t1P!r#P;$r-5D6>xauW) zl6;f6MDPMoekh-ZH-0N(Yg!bMI9up7w*WhOy@%T4TBQ*iQ- zrv=hWBfzlppVYvbEn`#m>JX1Q^>Rfu0KVDXx!x|Duq z+I%P1G>e}acwfX8ChJFgmNwD@kQAKbcY5kP74R14!+Lz$y`Ae{LzZzHok3uOEDOmW2 z;xEHb7I+#PO;1+R?^92^kog5yDyi81mE~KaNz}30z<_Wunz(Lc>Z0Y%w2f?+rbK0D zE4Ms=G0FVv(LND)whsh&qS|ZEFj?H(#-vC0vz%tN6P?f1-8)ma)NNtDv6ZB^byJcs zPaO!YV|C{%z(jsV2R-xsD+wVf^gdzzrF<dZyvXTymh9DKut3Jn%3hkJh8ZAEWW({mFk}w{1vEpL&WiG z`Ypxfpn~E%{W|&v!&}IQc;Iyh6m_}P3F?1rfACI!+S(7=^Y%vYPl>g;((mFvhZ5=f z+#$m-AY*%DoG{{4d`0*<;m?bo4}Ky18u9It-}pnsnrzyA(vS|_=u|rAATZ8B#&QL6&YF^O zdomh7&D-|0{hWMR`!{@T_@Dbe_@_^}w$(f@a>;3S8w;q}I~ImjQ`n(j&b|e@U$e;} zmNFzHf(K(=7ohy5S(OEEDT@wCkzit4dS{Qam^88 zr7++X4USjbSMNXk8}a*Y$@@Ki)OX*rUyb}t9iPIl9x5i7mvij5lEQ z=v}%UP)GM;tJ&RN#|_n~ku@7e0!$tyL(#s3bDE)d5L8)+&zLs193DH@6w#^jC&u4~ zfAEp%T8wtmtUBG8Hx~^Fd%tm^2 zuDVh=>UkM50}v(H4&Y<0RcPK#jHE6GdEjQc4myNkB#Y;mp?r4fRanMlR&w5M2p=s1 zi+u} zUBi2I4CWccQU%CT0StQg=y>Zv(N0J9z5f6NP5rXGJ^M?3&GtXDPmM0DEIu-LMFrlH z7C?6_ZImiW$UN;M(EC^PxA61FRvtI-ou;i5MDn8>E9m!Sp`CbO!|<+p(bmUjDRv7x zTM6Gt5jCtp*BB-Klm+A>_z_o3M=CN zqpJ8`##p>OBbQvzkCT&iVIz|@sD9=bBmjBZRQIpv)yat=xVC9OdQ0JlKz&6@>{Ys( zwtjO)41rE@+kslq+A~09f>Xiym(*5LmCK6mXxK;`2xn4p-y9#psB79}a;r~m9ARSzX0eUWGHaBA@S&05;{<`oJ&3Q={{Y!*<36A97e$BR=DP9^6xpec(&(uF07;1# zkmvBOx@5{d52jWNZ!$F!HyoUfhPLf*qSNM7l~^MT0xLs`q76p+!JPT3BOOM2)=lEt z+(QtzSj?-F$9mc%Cu5SnhVVwx$gGi$xvqX&mX8szXH(lhtusz@rSQG6f>R`OI-u(q z=ufSBgdQLkFi5v-k`9A#>+L~TIV+p{eM;e@E3=b2o6R#&(@NeqD1<-S$PLhmE$fxX$y80 zC!hoCUsQYz{gw4wo3z(FMQ*pDb{PD{%OUI6vFltF>K}8$862zDRV2OCez^Q2_&KKO zo=n#ko8rbclYw7U{{Uv&X)s$PQG|p5TNUJ1mt*$KHW_nivOZ<_>+w1d4O+swM6yS8 z30L3Iv&R_rugl*Qd_;pw)vvWwfAsexmtVclYUYjZcXFf1b#D^tzAd^E++E!@qbALc zeQS3^@Z|Hs6{Jj|7p6yS^siG39;d}|UUwWlKV=8+Gwc5VhQ1Bcd_8R})7!G#$bg_w z04LR}f5b)^3fm+J81J{a^{-wLNc?W5GE%7JBbQGqIR@4FdR4TZIM`t4(v+#(Ue}n_ z(xm%L?Huevl5v61R~hlQ;dEXq)2wIHp&Fl(h2AtQth{o1b6k_5eGZy9mrqo4Uj{U# z(7Ze?u4K4(jh#d{5uNCyoDO{})=kfVEFaGCjpg2(roJOd?bC6NMmSPe)7HG4P7ccG z{inkJ02MJgJ~k?D^krn%ZM9x$6?|vldz}v5F6}NYwY?@~Ed|}P=PTQA>JPPe^by@# zv6Vy1wBe36bf!SrqZdV?)^Fola7VcqdWRrhAy}h3%>giK8Uo z{{Twne#5D0*Hih6a?u6>RhJn0R~<*8RPmA7omBe7mfC2QSIU;5(T#Zv|;O!I=e$CKWT(gV*$=@n4K@yk_>- zcB}`J7*#QkPW9C2MYH(dDdA6PE@>?jK1BG(<6Ub`)9sT`o+<8PkhQ-*cbpJ;;=Fx6 zCTo`#a$BRxY=mvfKL({>mF|9>f#D21W|~L7d<_26)x2M!T0#rRSj=a~Wgwa_1yT-ZGje2x8a*My;r{u|eWALX<@h-65Ch*0~ zx@G0U<=_MNa-PQ(;yxtNE_^L@4Zn#k&8*9lha5N4HSAKKL*n>%h!sSsP2Oum8&sOc z^3309Wfnvm*Pa0tk>Z^q$KnTu-^M-?v5Q3U&YK?F%X@a%mxwyP(ZD{xpB1tCc3oBI z&z*HGVYOX6Jf)uRks&81J;AR!`yBdvwe74eEw*sz2Tpp{H6v}0)G~Q{ra#0D6l?ld z+M_YYeH27TAsrXc*VW&%=fpiX$3L@=#gBlVJk<>LH=1mzVHDs55~?1J?p06W`QZs! zo{oK%yjBa6KO7uoA14-`o^4%x&w@W^T}9Wymwyj+3;67Hi(8o%INacn9hZ-$e@b5z z=-T#!tIunx4?O2`xah){J(Z8Vrq?#7>sR~}{{Z91!~Xyf=>Gr_z7G6M_+Ox0h0tVp z^<{xK-CLZgicE~L=e2(;_cq!lhw(?_CWqmRd8~XjYvQd!Ju=>AJL0zUj=e6oSog0cq_sb9!_-Hlzz|2c0ggs%O3|W|A(RjYr71_L*FNNuNHkl!ZED^Cw`kx8 zUNSu^=r0HU(*79MZA=>F%dVwr!V=@}rrtUAtlT$8{biyt`Er}0Nmk>np3{86I( zPS+DxmhB)jK+GldRMh+TD*3`4MG6%Kn}kt@T{YJ3I0HmHh6FL}ewFCbj)?r9 zG^=c7OKfl+ADOIgn@GD)BJM67Pf_^(b@ac3*je1^dZL9A+T1L$x$2~K$Ln2D(7F_r zMB>lV$$lc*c+XGKu4RoPVyV0@MqoKU)$bk}u(h_+?6nOd@yb6f2^<4nj3j<#nNZ}L zM{j*=CbOj7S@~bSkqW2#*y6t_e`(2%ouldcea(!vTK$#S`#?j1DBr_=r}7mQ9nYZP z%G|SYx$55wyjh_9P4G>mI@Xt_Uh0-7?5>Uv2nIW2C#7?KGx$B=`Qn~yT{UcOOKw(; z04elgSSP9aH9EVUZ-KRo=yc(u_<}^fNN^#zbIUKIRlgW$Yc0BJ_6h>+D&cxCu8MlA z7wvUFc>e(4nBFz8_{aMpYJUm5LSvfyL6+~s_mMnGL9~=JM8qB&hH?J@0k7p}$6o_H z5AfUe!}yEvC*zliuJr!^gxW8PUe@ye08jnHO&g8ThQ>-R2+lq6U9~;vtMosWJUYfy z%X~r3FcH_ZC-HN~UIx`X0ruY%_-;=-!^ty?i*{^0JoQoe{#Cr&OY z^3aqV4yLq>gf8+Jarx3FspJ0u5aDas%ZVB%QGx4^YH!1<=Z?{=<(cFl5A&LFNmHZ*I>T;eyGoNKK}qVSOJBmEON#6 zo^zV)rH!%qg?|rn=vSU5ohYf#;%RT{dI#*i`$~LN{gM75j~;w7n#)wu=ZEZ?u8V$2 zhVm@rGPhNAB#=kzU#{9;{1&^-(d3p-+51k5#AzqY(cX_Ghjt$>?AN1DAEu|_9x44E zX=m8j<7rlOq?arAd6P?Lx@qfYz4Yy^ZF~L;#bx0(h8<`2chofro-o2oJzZ4+^gEEB z@UJ!TFZ>qA;+KxJJzGNX{{X>H2zYJ_*d?|yU0=yOkw)r9dIcv0_NP2{hvzwG(H@*} z5tb(u&vZ(zK8X%4De=Ol|jb?Nkf}c@)aLeQS{W7{ip>iXS%$h+8~yT@)HLP{x3xIrkkaYE@dy4fbK>q+Vb6n1@ zCamk$mo%jA+wRQ?Elu9$2vvZ<70*v*t0_&VBdMoze$X4u#~k&n>PpCZ9hJ79W2CYqNgA^7Gt||4{Xriq z8v`bB#cmGc-J{Y8GZcq`$@hWs<6Tli<;_l9)O1o&Dt z2w}I30^`-2sm*l7bUCFi=cU1E27@2j^l&cj$3jO0)%#Bl-)p5O@goI`pWP|Sn%yfH z9*Jpd9gJ{V*uflj%DBiC42@-PbVDECKd(w`o^5P!y4{Ven%q;#7u!dcL3I?}(mP`Zk|x-fExWX~Q?qim3YW{t{Yrps^ezD@)i{A-;&y&w-r=zKT zZb=He4w*%+>J;1D%B)h@{BYN`JzK%S571G^n8YAr1~FP3j#}7}RTu>$Ztj`wPGu6X1Ou}JAY(O* zoy8_;$ELi>8319>=e1cDF$oseE9Y=WeJ+{cp`&4dh%P)SKHsSH|z`X z@Aj6K*5^v_mZRbC2KmFyz497D@f>{MjAM$0I(!0n*xAS=+#lB1B{DT-L8Vfl!mQ zZ7|+F>Q=fcjEoLP6bQ;_Lo&}P1Ov~tPd>6Eh{0pJW^MojIr>m(1=R4r9(+OY&w?>^ z@dLyV=r+Z71e5QP>yF=zeqQ{4{kZhIShXD!;h=3-b2LjlXB);iEd485aWzNf&cEY5 zW5iEA{{V!{vE3>OSrYfR&y=dFF2;Gc$4Ygch;cM*$gm1QX`P1OGYp4E*>lG*w%@cY0~_)A8I zPt>4-;^Z8$Dc9c}E7~nIWxcj%hQ`?=U+%^in#Y-#PG?!8m~7w)DcAw!NbghXR?T+m zV30&JkVi_sa{(-L)q-;?He|*Ry+Nqy__%ABW+1S^T=k=zMocjn_wJN}PfSy-uG&de zkhE^O7(MEgjHZmOM_lr?2rMq9SY?#rFx+mc7t`KDC)rZrt>n)+?0qScjqO{)H`khV zwbZhU)npPb(~>b3cW zl43B7hXoJiNM1#M?J1e1iPeiK{vm<|Pp9g!+gvG`7Gx(FYDRN9DK71Al0bqr?XVnT zxC`G7Tia?ct6QTj$QyF4#y*u%b|x`AgW_eJ{wL9Iygzw%`c1>Dc{d>8haHW4*YKM~ z@ehS{o81G&J|mY>wUO}*fB>A;c&+$I7b7yr7X=?sUe5&i(xjkD}cx~9U%94@tmN-93$Y~yHCZqO={MlQ7 zeCDl9ca=#u9+*5(2TlI~2z`vUu4IRxgTm%S}H{v^rQ9x{Ay5Zpc<% zKl=37nAC23?eQPt=B=VFzM&t6E-&8VK$0v20T1-auE)ckB)8S{=(R?+n!$>V@k#fQ zvCz_G`!l1D#1`_xe6)^G8-^XLsL}jPx3=$O@E(v^x(u`6DQAh@-;jZ1$E z5y%x@$63A5WrE_yU5Ksw#UI4Jl`)q=@|@p`yiflC2?W`RrHGuX1I8=}Mo& z)>iVj+hg8(ayZQel50{z@+q-k7w-@TFe?ty^64gGvuyWT4Cal&B>JRp1;VAm0f0#4 zR}(*mu3ASsqlz^L@up!UJ{>Lo%jFpZH>m1qwsx2LM*YumBt^0}oa5T5L75gDUz@n) zu_z|tfFp|ZZ$A51wrF)YBZ}{~+SbB3>+9<)EiUIzys}v(CkZGga%0=xxT{MWuPv_a zSsgd<9k4|(i5{t}-|9&fz1|gL8x;OO{<`x202J!+=n$D@nRgzH4rsBYVtJ;Q@nX{c zchUx-Z6v$M@|=MA`d6d)f;+7P!>g`dX*VJXWAh?^ExvK;zO}C^*xg6D@OQ>9iQX~1 zcd^h+S2n5hc~TOkTiU!c{t{mq>9@9*_i*3eK+cOKFaX6f+-C&P>}zy>fP5|2Y%jF4 zBRTm-#*Rh9D_2XZ-Y?slC`s~^f(bRvDReTE>`E_W5g;Eq#zx_twb24Dl|x z@fS$(E}3Bsj2ft8Y%+V1=}y3UtY+g-h6!X@AeeGOw*>l8D+_CO24viGk^S1v zaVM1tXACl1wBQC}aB?e(@jc{L&|N*Fi6m%oCWNS_*i^bx7Tf{b#+M64T2|#Q} zj&i3ax4b*zeSb!^iW{q$Z8R=9clHi@z;B8)~9M-ovoijD{1r9`~EWNSTs>6F@ zJGv^#8}b--pp_kLZ$qg=1+zDw5-Rbuj!i|W-#Y2W`rgc4HbD7(GeKO3hxn4_<|mSS zW|rOgW1dE8*Mz)Rd4Dj1H!{qz?qmmydj6E|U5{9@TkF3vSOW$N!1t$V^T}s+C%a5a zIeo*LsK^gMxbae52m{XdLNvhKG87KNv+cDgr$HnNg&Xp%Ox(3Pcswm@;!8V-uOW@# zb-~Xg1KPM9d%@awhnhIFs8TpuEP$hK)*Y%Gmc!>cHJao^RZ&9`#z%T}y3Z}E!8!Rl zoOG<&jFE|RXke5_ZEhh!_e!3kv~8s^_4VgHyTUcRfT*$>?2ftxfFCa0h z9XOvfkaN4Bq!H1SF65n3K`~5&)OM`hF3($@c-qov3|qH02PJ*I`c`S19)WYKU0T49 z&I@iEazVv2O4n?f2Sg7PtC80k_pJ>f6AtF`*{+ubh|f=2^@};QhSN>Fw#_0mc*x^v z^{nKLqU?Ch{*P()$9T~eJ;d?FZ)rAPY$hp5^3-KO9cd^sr81to;fXDGOEhfpu*zew z_pB`v!$cFxnxaTzVS$5;H)_=7mgk^c-NUDw=7dxZK2h^>4(scGIGkZwKAf=2bj{3hj04o*eJG05##I|U2gZIUztlV%28$X9qqTN%wEf~w zPp@Cjy(i(9h|Jyt(zH2jXG7F=Z3+oidw60IwCn?CcTt1VnvL}|RWG5}wc_e2t6J)}X6nZBMqs4|BL}zB zt$DYPY&<%2U$et?9qgz!`D~a_KOdz(W^Ckqy<_8jXGxlCWsEE~?p7_!kmI&9S-QuF zyi4MZcEA@vBR!THV{cGnBYcn9F4CIrQmY zDtt!Nrt$B_ok-h4FSLuC#O=-q2Ox}e>L^>>*+*mSPk^5j@BANi4uNap9bqQ2jL8sr zn5yHVdVMR${{U!RXX1B^yjiVly8gE{-h$G`V2D5ZfsB$*T5`7I@b!<3 zG`(G<(vQvM0hPcw=e~Q2`p-zZ{{V!~!8(1LU95LvF$Aa^CPRbs0aER21JLo0g&G%# zJ_h_zz15-dCDp!w?nFz_v0_QiKToZF#p92TdN0IXA4!8;RKBveBg;uZat}r-PeN%_ zS5^lur-jWQ!|x6F!%y*^nH+i*@su^Y2lCEw&Uxmy{{Uz&4S2&`@J5~SGs8`&T-#Y7 zd)T03nG~L<)qB*vHwN{w@>Y%F{W|{I-SspO1|eT>UV4oB)yoFaH0^$IqUrayQpx-B zu|!$qk38gxvUzn2`&}9@i5SqDf9)HPfMjiSkgj%+KhG8PW{L32;tsuaWiO7e7fZd; z<=tckPue3qsom-`K+-YU|z!J{i>KOKBq_NXgHcyP(I=*N5C$YBIi^Z+7EUnk4yT zb-^RB{3}Ztsp@-w!XFMF?W;?@ZV_u@&9+Z0^MHFFrG4MxN&E+)crR6!#%U&hC87wA zpE)pjW&V|nn@Yv1k7LBYW}gK7Kk*NVt^8Ggqs3w%l0vB@ST5P>2=&0P(T^EHr+BYJ zk4d<@u#-wLGWiUlL<%^;;;^eegZ7O1U&i)+2=M;^gl_F5Hnvwo_jd9j7;m8bKU)0y zw)ml`XxCTz6!S>WY{c8#p#yin6hm<5ISX$T>OM7{pH@{DVVNATCx5ul;a+L+GvV*{ z0%;n+zGS<)c8WDeB&U2I!?kw75~O+;!VeVd*BXw4;hT7#ThWk)G{GZ139qfSU2Ddk z4%alzYSAoGQ<)`(p{)A4wh;a`kA7vrri%-g lWd29Qqyz z8U9u9zr$@O;w{&USHXH7$^0XCI9Y_Hvx0aF&ou_hC);|@!F^xB8l{qbf*ngsL?-a2 zSjCakAD`)8p4yj$o z;oltidO_ktYXnoxo~jUyqdwL3-@vchPUFQIt>=fesUXrXriaT0LPqAsFh3v-YL>(w0F;6#++o#k~OUE zG=|f!wEL+40MjxIE)O2yisxjB*6JBm0eILlWZ)|fhPI5moe+WgTl+eA`q#z23R@em zGCgw01b;JvzaDrm zQ1I7^uk;_XNe!*J200FKDxN_HrYj=j8ytefu*vg`uy9o8p&bwBiv1P%U9Q;tcK9wl z7ku$Qj6iPM zs>gI&5lY!RKquus&0pHiy=7$%tjnfLzQ}0r1N%B~7t7Dwe^Fmac!v1HYLnU=%rMGDb6g~@e=FbcU*Cm36Zn~NyhRFb1V_sv?~Hy7M^AHzYSb{`X&WW{kG%ej}R$-`sO`{KVuFKlIqPZOzlxnwx5ddS%G-BQliRJ4%_GU|5C zxexc((AVcT#?OVbcza#cbqy;_3E+NTL-v^oi z`7!)Hz3X~UQ=UhiUql^LZ6Sf|Ya(c+4gg{0;=5w*a>)&j1Lf{>lbrPHQOI(|f`GZl z6vr6YRy$BRBq88)QKk;o2ik#=&faF#1pK}IO-uKHEX|JmP-#!Nu(Iz276Ym3D@4D` zxUe3S9Td-|e`BxO7sOw(*XnI1QXDeHJw=99nhARKR~rTI&0e`vVwJo zP=SLf$KC_{MRRKf$AvXoBf^qNoQ*W zkK@k^q`KaYV~=}X#3Md!xgA(YnHU`I3GZL$HSu%d?Ee4^{ClW)S=!=FA%Cb zThjIYCid#e;@W>R<$a)nc@6Deg()DB`xW4yiEw;D(e(XAql(t^%U%9o9&f+ay*A=h zb+$Nm+Cd!mu9(Ffl^|c#tRU3v;d3;x-41(Us|!!lt}Jd@+Cr)7dK%Ff*!3$f?9D?; zzp&IT1IA89=HVZ(e9LQPAtOI~UX7`PjR^@ne;vST8J*BLYDA zxE<*^4XrF@FWGF2GRtusF6RS#V4m6LyQ_QaYZtd$yW1wVCmYgG!A?D^0F5?Q*1jV6 zKf~T-rmLw%zi#N+2*5tz*UoqU02=1hH5>aq15aH-OIA``93Vs7&~;O$Wb5A&yhW^d zYWr+Rke3lmk*+d%#y?v5Pf^j5_ggx(^IfVj%(1kGVI!f%2c=4x(s-87OV$@i`z(-e zw^b`7U}QI;sP!#$OZHthTZQt_05LJ zT85QlX=^E!?b(9omLAnCsP1}JpW=6x*1{&2=L4V}hp*>dWrl~X_|AJ+v?#vXjUuO; zxNHEPPvKm%J&da^sfntoQ{4R$_yhYjI+#DSBT0giT4w+Pdf->-Ux&N{qiGs-t*myc ztgG`J=W(t&i2jYr@`z!nMwK+fGeX%=dU0B9ozf&dt=TMtV^`P(+kXNaojCVOSI z(OX0;!>1nAhkvNSG=effAY(qJyN@Y57*}M&DyJkKMk+Xok-{psAEgIfIU2BBU0K~D zLYtKL^si2~m2PYs%ykOD4hJ+?r&FQJe`DK4bm~hgKVNFY)ig-F_p@Ua%p`z>4cV?* zw6CKyqd8wgsXIUizE2Zpx z0X%j0uOhAx{=x7|#$T&Zj#G^2{n=l?N7~NT^7K4A#l8{#%e|h$@fjXBDji7LNcR=M zo5^&E#B#G3cpHhY9<3Ic{pXS9e$om_-7}?*?kP|_6A2N!)$365vjsvx=CD4-HJ2%$ ztayqq4%)7vEt_5hnFB@}8-ZXAeNW>bfW8&@v*DlkO}-pC({;gSWR}u1@~nY5+P;UL zF+*JsD;r+N$vzpo)%3*+Z*w)J{3Vj&H9Z+g3^Di`_dNpp!d@_fO)Fctu+scM_-G}R zVI(-^Pp8(roLpMf9~qhA>PK38o@3*$0=Aw?&l5o#u|b|y{lWCFCAjdt{{V-giu&Fe zKFkQ(LE^lqO7c9|XEi4tNuIsouZ$Yp{u{gSu)Hxujl8b>ka3FjU)lHK9oL6%ZuD(- z?dH)Xm5%oLiYe+ce;>}h$`_JM^Qd5{#w|r2S^H8(`uB_AxbUUSX`{iDGVd&91aQOk zu0z3gcGvbW8-T}-pnc(8GKuWcf=M4md?eNEyba?0CsDGK%Zq=OV=Km4y8gBME8uPV zvRU42K1;6fGr=C!G^K41=AWb{4M!D)#Kr3<%0KuEO@HZ6@IIpOw}@8X8cpmA6d-Pj z;GUoC*U!JTcZqcAZ2UK-!#%C^@qnTFoE+qS88z8Pdgy*9!nEe|I!$eTPoMrA+`)5a zcV#oC#Ux;#TEC}U>OL6pGRa`!EgbEU8}7)5f)CVJr51lnVB(aldC$a;14rPGAGDf# zLq375L@%v&o)DkBzg&~~8sqgpve^fPfKB5gJq0}}zb?Ik>>1$pRm zUUA`_Y5Wi3k*ZqGml}MT$OI9z=eOfrlhaf5TpSaPj|uS(viANvO@Bg;G`zLGSDG~7 zv@Ci0@N@WA+EF%%<1H#1+lj4imSqwv#(wXxtYs@`doCX8XUX3ad|j-3EYbD7cf(rM z?uD$zTHelhW!T|}IO)`OBi_F_Ad-8HLibhGXZu#Qdox^J+!4&uvCA?2YmTP68NOJ{ znV!S&zu{NLFN_{CwD51i%@)_iTEMiH{zxXeSVVE5QMeP-<$%R=9xQ|6Z-cc<_woM# zfpzZ-UfEnVwf_K{7DcqGaCZ^d`t&)jSx}X^ildxRRsOE!@7nhA*z_+Ac)|@r&Jr$T z^6|R_ftvI?JGCJmEwV4M=|YQ3Q|Rf{Qd$Y(%~o-wS}*#v5)ywd_2RbEu%2a$0m~Ee zj)^MVG@~CYos@QEe&6mmeuT zx%bU?J{R!?ygGEY_mIlpC@SH;>tOzsvFK%$w7WfH;NQf*vTCDG*7ZSgq_o&lI>XOT z!oN;DFRx8z)*{wqy3^(Wt`7_krFK%0^7-}=N?gakSj_h^z=(El#sN6NuZBNtj|tpr zcXsjV_Ezz0c7zGnAM2D3bB^cwR<11YvZ{`iRU~*Xz+0PbHhoSMNFce82a*;bGM+P! zfBwCFUfxvE#*?%2V zc@IN2} z>G@VOKTF~4XEga*J{a&CU1@rjr=ncPF!CLIrtIoT#~+3(=$jP~#3GRX@bk}cT=PfV z(zdADg^HsEQTWx6&m>p{atSQYm-^uOTHEt3g7|5 zMO3ZwllKf za-*J{3iW8l$NAOc*B8q%&F4a!y*fVX_4`ln`_e?$+Hpq`DH$i63b_@(mk=xq9C7Vk z^x}RCDJ!6lQ$=$Ov9d7ZG)VT>8R1#8`Bu@~nZJ8NwA-DP5sCnLx+_`xI>*b3w-6Qyv*MT$3tnA-KnJT`jW-cM_||N)CB4t@oS?;XzLH zuufwDHdV9UgPwBgUy|y0WQh4Kw4R`Jt=mmzec?!UjPP)N?L^LU)T7a=e2RS zTC3Vf%4SQ95;!$55sP+3gY42wW$}_h= zGY?_Z)>adhkEi|!e#xI1emq@i`h#gR{5SY&>>gcW`F6=PfAq;c>-In3zwF2Gui!1P zkHFp-vGF&FB>}EA%lN#>UGe-m`=D1uW7x)1J)+0MI(~z#zOj72X`Wxb3OU-u^Y?mY zy$Q74Ls&@K7nexW@sokgY@=hHyPI~=*;zy(w~Or)=a&OHtM7SlZn2xUZO5|E^V;JSa8rugBl`DR03a*{4gq_*wfl*y)}u)vcpwT3izqu~CnjKr-!JRA@HN znbki5zAt=m_?z+XQlD7(nc|!6M9XkzTSR6^AQ{L|na3XW<#Nu6AV{D^Rvfaf0L6QB zsPdkDdZig3<{=3yoEl+;RreF~AAZ%erDM&U#bGY!yr{w`7|*Ho`qqemvNVoz{ryd3 z+0Ij2X1H&fHc+OwZ6F8aF>g|F)4d=%yIUw?K`fH2XumX`!`8lm{hj{+W)F)$wEqB% zQ^DU0{3m+zO1s-oxQUhoO!W=ZKaE7{SnH(&_viL|{{Vt8_%pzIWxT&0{>|ba62&;0 zI3YP@lOT=VvFv)+^bzp8MALi|;ae{X=^h``{4=FR9B78sb~6PS#|3u zf5J_sS#8s;;b*yFfWTIbuZQ&=WyH5r$kzRoo|TkXrgfT5gC?BPMv4|bFmqi}q1m;_ zdQ&kutyfZt)%=-ARO-0v^sYYZP`SNn5fzp%TF4An(_~o;j{g8RzZI8veHyWXGG0;W zY9!vpMmI7pqr4W^7rK??T1A9NT+48FD*@^2UzFdqAN&FI({E!`R{1{Ap}F zu`Ca{iyk;$)ulMLbwUT^2DS0O;*ZBILT?oK{{UXpH7KruXswH#kfG;pDwI){2?Cvv zsQFhNE4C4`HEPG6d_mS?(lpDvVKim14nXV2O8Ca&Tg^i8+HoYoqznM$fK3$+c72EN zm%@Hh>8~aHu-eMo7#>7K_x0~zba*$yDWv#@-T{5~t4}dVo-RpWVO&#JW^+Emj^6T5 zCM9`iw_XH}Iot1EzoKdLOQ(jkR^J-s_{cPo%RR~(y|>%po;L>CW*EwGgIL-fuA^rI z#dmQe+fN0#%~I?^rE{pfNUa*Ijhqm8sBUf~^3p~|iFoF!G42ODeW}4>;yan+Mm;j! zY1T5O!;6T{@TWa%OAf`471 zhI3iEpNA}7B?^}QHuQlCz+WquviwC`mFEJrz+VUUveQ{Jt z@{Xea01@=R7{vyo4dtv+OXWH#+>ef=_Z9S1dY!si!i^yp4!<^gA8Mi4^FJ2ol55e# zl0M~3fIz_>_263f!wp?-;?ym*E3dOf%%Be07M(s*+~yVS4YhTi4cR>F|SBOglo zQ%=$Ev>=hn3Z~GxBL;#^?PkYMmc=DT63RM^W19K5$9f#Pn#R%GOK7l?SZ$lILb?^aeab1drD){N#u62Rx4JJ$iIYifc>0u7}7 z?De80^CCMSIj9F=#xs(MHBoGc`+1R>nYV?M23LQ~}nyj||5qwFE1DWbitiGB~Yc6C+1c)2uY< zvu_k`z~qJNT#mo57}g)Mtd{bF^KR;D*kz3uzuE)8~$MofHBJ?!g_w;)6)bq4Bl%gLJ(w#Z1=h zZzQ*vJ6tQB`5h0gIIp{J_3Qm#;oMprH<8_1c?q#(8;ot=Z>QlyW{2m0kGwUh=(?5D z1%~!!`N=`fKAzQ;r1)3Fx`v~teT&2Qv%+0V%0K~E-@Rhy2i37?X3Ipj^6gtr)C2zU zqa8;d{d(KebgMh)<&x@qpSCFh6doIn^`AFF9IVBkb(C)$h!wdXH)^M48>DQaH*uZ7 zj&V&8mZ#K6P$lD#4PxlF5>YQ zbg@W2g0};bxz(rhwwazG(39KnuFek{-B?&jrrU_jGA`L1^O4u5?;r1B%7)HiLhmYZp3|Z9Tl#W@!KoegE;EJstE30DaLJzs62(}D_9)ILl=uKY=nZ+ z=j@5J@<-jQOPy5eGYMpzO4#EEtxSNR*H)q#UTw;AR2_c8)pvnvf&7 zP1CG_LEFYb%}p++Z4?Y7NR*xnW2FFcN5tA&-8F{f^Au#@_2#bIOB~m5+gMyi74kMQ zeQ7)@Le05cV2pR8O4JulF^g~!fW~o=^fir)(sv(wtlV90LLw>-cv|L_ zZxZNBkg;bB0OX1jI%%Com#5iYUL#L%p?!~9^p%1UW-aZc-Z~SWm8@OO4o_ClWwEwf zgm+|S>+6cni&DDN-WimH+@}K_MNpfuX8Q7dYS~n~u~j5s^sYkE*6h!+FmHMLb?`yEhCaSL6T3D zqMmEsQ%^&VFedRAh_5Av7SxnH%oPUyxUO-&9$omtD^sCbLa5nUP!E-X>cD!{18F1c zZ9l+Tc8TE)E;!lr?L}Zwu%06WjGE)VC-`5)nhWTkX|%C7 zgZn)EA-g^gw!a#jSF_70nq&uu}Z7*k-X=*$^QU6SJ&PJu<+g0o&0EEw`*wHducX>B!R-3 z)v~3cJYkz#@m9U5Y4*BsxVFo(%^GrC6OeeVy$eX!WU#zVE<35D+|bFjIRtT!&bg%e znKO>kY~R5?DW2cOT6NX3T#({vK~IXgl*mOX z=|pAJj$KY4LimrU{BE%S0EBW)KFKvW%YzN5EYfqqHLdW+;g+wX&*DL?X;SF(u`L@) za-=V*?cTTMTMb6XN#K2M4QIp`{usD;Ww?zQmC?W_t_C~wtj`d54)*I@)NbX5S@iP= zQ4*8XXOq{Os~2Oy_3sYa#i}KgujFlI+`iuR=^qWeIb-3^9$8DR>Fs%-U%*m1pP1us zY;-?bLOKiiG+8`#ZKvK{M+%#TghjiyZ~z}qP;Dtc&~xJ6kUJ9e!tjuP~7-NPu>6tE>Cm#vn69~1 z^*N=^M5c2V*O0G+=kV^II>Rti9S(cnAlXrtByxQs|jx`H#o{ErpKc&FkQjQk$c{3w=rPMHD=cuA9qV>|)x z_|&C+84|JcjoyWM;QdA&KU|7P#nZIVhm5Ersq0^1d;;-DhqOeSTEDTky=dSnfur0A zCkOPcjP65!r}%5)KgGEyM;C91I4C15%bI-CrCHTR!_d@HDUvI}dup5@Zr z6ghmIr=~uX8uNEOcFV)x@Q7cD?mo?RX)GrQpyRmazFqjs6y6loTg7&^Geu!_x<-*k zRvf1P6`t<9t6eDk6Bfqo62P$^Fbt%E6A<5p&XH2kHw!Dct6IP4uJ-nr7o4J z+sLdN_(X(bJALbPXBe`t!8?6ZO7R0~4{dFAcLDPtk}fa@T#v%K&yOD(CGifmq+7rv z)3qo85`CF7ymNxxyN}AO-Vr?eL-7UXv12clG?$kO;Urw`CA$6E`UAj!5RZVP(L7ga zcV_yntfA+MPvKG5>s1>gMvr;F{l0u94aL+eY&ARgfwx2ux0jyz1Gl|=U-6&E-W~Y8 zXKAh3G%m(6uLzH8LcpKbnsJX(V+%9Iye|62i3I-uWxKsL%%w=(_gB)W!)bAQsatEh zee+x1K*C5_MlwOq&G^=ZpIB=D01>=p@sGoLE|KDcY>jB5GF1Z^0{17cIH@)54_ceU z_R(n8)>2%nXLEuKV09-QYX&B|9nXcey;jS^jJGzAb$W}p%Gr{{b=nWowmdE4jXq6$ zYVzqfIxWP0Sh$JF8&6N^NXk^Mc7G83C*cnsMPX(Atz$phQII??3q_vI>DIqH{CnWh z;aj=1qX>9oa~jI0BaQ*0#By6kcwVO*c8(Ygtj&Nx>rwA{B2CP|N06W2JcUZ|%dU(HV`gdt>A1vwS+{{YAD z3SZBmr-EZ{uidFbz$R=4qr`gJcVx3NTlKkm*!oLIvnGtt$$d*@JdhH z8rSxx{g(7yE5uV@&GA#g(Z{9h3oL=;l@wuR&sGEgbJrl$$~R2wrnEmuCb@~OtmcKD zH;L9o8T2*w$Aopa@y3Vtgal7+s~h9L7|-ck6OThytdA-9h4ACSo;z(FlXNo^#kJ=OBXTW`WAGPT=PbR71%dGK#rOf2U zK|Jn485nd0P6-^6oDz39=Ogp3bXd%h7VpMarDrw|TygDP@n;O>eFn6J^Y=$!F-Z@Z z13vA=I)yzdjK)aMAY+2DpVFY-V?*+W-NrwyX&C4Octtrp_BpFDNUWI2+`z zLgZmolwc3^tB^04&k`NE7(C;TYH~VY`X8>J@I`;ya>MpE{j@CnG2=VwExrnP{?;8I zQj9w+RyTpR#XAh(exIQg zRODqSSo~6vqLL_XZIHS@RqnNx>6a;j2t4uDyJ?)#jh%>myfc91yJD+6URYqqKHin7 zCUVH(&&pjo0qIur9D4#2pQlOyh`4DBHW%00r1Rk^oDu=!jAnw9up!HaRy%R)R`SiX zXOTg)BtGT{Zmn7d3hXfBBRfd$J?r|h{{Vs$e$`fA68s;oe#id+6nsM^?x$@E+-V|a z!`rZJ$mrd8IQ+foHPG#*e^}oRJZ-A@n?e#vZ}xqAMVtFKRe^>i%J8m7p&b1&Ubm<~ zb&F}NZk3Lobshr`;5ElqIvNhqEu*tY?e6Xj_jbrpoS(j!?_bCF{1=b*1&hO)z5f8k zUx)e(L&MtB$*fr|ngwfX#2c=y@zZOs?-UPK9jlRoT@U4c6ZVu31Tw)G`A3*Az>dUM zq ztTQ#l!Gbn^RpTJ$yaQ7Gqr5`Rd1)4tYRIx3j%4|q55s{{-HoF}^Pe90`&RKClx<~y zGUS9`} z*TL6UI-RYgGjC9n?@WdV{{YuiTv0ur#Otj}{%G|0Ur)D?hA|uv$J(#>j`1}sR)Ic3 z%ZJAYH8RlMGtVMfv`8d~PWyXg@srxH)Zfo>CQAd<9M&f1Q*UDTHqpy;xWjM-SJeDD zHoGKABi()a1J7I8yr-cABDIOJFAkHAma%ffnphjkrJ z`%i*dAcSmEHm-jT_0H$m{o}*F98{@1RYmVTk8k)@YY+Cux1>g6lF3{5NT-sr#Kc76lKS-;k5az*JA*SsyM>3$@>g8u+P zytdRVc;3m;eUGJkVkeYi00EBUwR%+HWn=TYx*c7#*K%4M$haH~b*ff&hURtzvtaUZ z(zlFs)WJ`=HRX)zLaOdyc=xC2YKtV1&a!0p1Eox&ZwZ@uNbVLTWO)65`qj4u$Us7{ za;J)uNXp?Qx!ff>Q&rb)3dqcKM;N+cxS@;LdoKdH&DKUR|p>2GGjiZ;PF*;e}|vi z`WBO~X|dbh>DNiVGOxLnPd_jnE6c>vKhd9~--#4+3VwTaAa^vowQSbgW=PW*_wK^S9x8Yv^ zcu&RN6xX%Q67mf{#}*$nw!8(qKt7qTG1qk~uMc>4QPseBZlO@k5O5Dek&dRl8agX8 zmNi;-JfFdz5wHA9s7>Wh72pkrM;Kte#eE%Td8I57+}K9e$T)b|@(**+R<#-E)2pGS z;d3Uv;$0_Aj_2%~?vTX!>cHn8p|9VshL(5QW`m|%-N4Bz#-|6<9Yt}*Tc3dV{qKEK z{@?!q+YeIJd`DxXSl(Y>0JhM^WPeZq?O%=_IsL0_b>ECP+9snK{{X@wk_e)_SK(jK z{{SlJr8^&;_;r*@z9Ll;_*eD)c^_MNC;KXCpt#dD7_RN*j5?J#=DjP#77@#)3yzW@ z2XO0(_2|n@PuS_ulx1dlSBjM0*xAbYnrlWfMY#RmI)6IF@eZls-xTPYQl+xnYSAbX z-~byP{=T))_CB92lTubZ%T(~?mZNU=HxZ*D925K|zG&5aJ3fozm^5qooZI=p1GwRq zxN5}xLn*|qnWOti_*=r>8~*@=8^`|u4`+_v;lQ@mtsE8tJb}A+uQ{(w@UDX{hof0M z1s*AoOtGQk4bKDfu6mBgw;KN8@PF+`uW8!*oi5(aNbjM!+p*uK3CSbdn)wS*z56A+ zlB+6(<8vOBj9#agjH{vcpX{09t$X3O#D9k$6nr^#C9UK#t(<@yd9g|Nl=_aGSL;W{ zuL)?M74;7lc-u`j7Z)1cs@m$-mw+-nVQ{RgjBo(tbHJ^lx*sWv!_%o#&vIQ;8?ve2~sI`%fyE+b9Ebs%w3PLb?Y z%u>;whjHQm019e%DF%&pZ&0ooanIrgc&^&t;m?5VEn~CQ{5yK^-Na!Mp(*9D?l3X= zn&?yyF0MNI9x)&6{jONUtjVG4kw_wQHM&k&frw+|BR^h6a@wwetZ49Doodio*(d|; z3fWAbUOrxZX!a{(&c$L~tj}in1viC!S9CrU_@`EbOVhQv3^3j@gZ4>rg>c7!Ip-%8 z=6|%G>`U>p_A0v5{Clh3X&)1Q4Qdy`PQRu`Qe7#W{Ec%E&Jgt82>|0b$j-2ahvqr% zbqqFPPMu%*d9yR&@jPBO@ceeVlK%i}+WBE&oIXZ9LGNB|ulSM;9Il-kVa74E5?k=B znm(%sQZ6?~dEjGnSgF1%5y$0Qzb*=saskU+^Mz74q4VAeG$XS&~fs&k2XE(dDwZ%dy6g_Co3 z=+BEhap9@_4dZv$ZDg7aF6sXObBv9QdpG&(UsilS)b90v4O-87>m|_OoYr#O{Vxj@ z?Be>JKbpata6EC%H|+NJP`drxf;gyWeAb7^pR@;v4~2Xst!UTq+gzpkG!C+LG4sOv zoLA>}iY2j=!i!@lYj`6-BFR4>1C0JcvWv09iKWcZ_Ydqt`%G!NTOUs`-n?l~E(q|dmaHuW-ufe}F` zZ6($GT79{aKmy{qY8`4XsmNbnKA{trCE&;h*jEAL4F=M}`WDjUS@ijkGUb6PNaP>K zG)7$+n_Uk<@J02+mal7Z5m6ojHhR~pz~&@JZdmoLqZ^!6B2@7Xi5|V9+*>n7uamcr zn?G9cTYv2h3hC_bq6EgkXFqziQ?fZA&B$o%`T)= zRx)(kd76K-+eS#wIIiyA(mQah(dJRtHQ7cz&&vE%;+)BBBTfcc z9YGjs?{tR|+mvNZzpZ+-qJNoLgq=qz$?D5@GQqWpKR@!SRyu~AG*hkDn35>@2;ecU z*vFyc$ymd^SnhYU4fAJ@ddq~HRsbEuk(~CeV+(F!C#krzBSsr?nFlzkvCS;&h2Rx=@Y8LR9LmAnRZicq>TW7x}-qn1`y$5<% z=wT@qHBBz+$=VsvsRO@ir3Ik44ZVi-A1`5=%bA?=ksHN*79qJ%G3oq5tgYl0>I0Cy zxut%Fcj$9Eo}qbiOjZjdyyJmgZi(P8?Fiw#)I&i(1dQ-$H({Qwr06|U2{w#imbH{6s%c_%F^U9Ne^wRc*ZNHoh#^c zBl&&(qyGSJ&y9byHRh*aHM_41_&aODkXp>auGIHt;PkJ9E$w5nkIPjuHg^|tS&Ms< zUabl#BMQ~5v>oPoo?`{We_CLb#v>r){~A~oT#o=KVVOj#?pA2xk!v+(}_gYI=ZmKsDiTAkwUX<>pk zkf0|3u^cZrsg&$(PMbe#zhn>iBlnNKD9a~`eltvbJ>fYl*5=(|!DbtQ+DCkjEBc4{ z8}L`a{{RBKC7^h7;lG2l&kgwyBvM@>F8Q!I&m3fo*PT|S&bUXR^fZv@_a0+iS;cjz zza`jbC)T;ibX%M0#ir>Zha(#f4l9*wp`@qS^<4|X78-g-E3cg=Uz}$Z*k%|9@F1;H zGb1;UDw!R^FTHX)r-@`THLa9oiQ{!ln(78Dmh#=kt#KnX!2bXhSc>w-(gu!24Ba^A zn#5`>z`jjSQB(F9BxncTZh(DB;8(|gv?uL}@GtgU(dX2>QLX8k?}}r|I(U?2arCDc zbvkL&Kbk+=5B>_R@q_k))U_LL0$k7G{{RBSTWYMu8F=6TJ+WU8d=B`1apT=`PZ#)_ z=K4t|b308aEV92m9P)Xs;~N`neu8QG0$EzYZv=2A-s(Emz0Q=-!1I3WGNF9703xfN z$j(yid~4&&sr9W|`Wa(XwpS{XCEcH@QyzN`2}t-ShzTa+?M8>nHNm8=}dl0NE9M@!T+(F9v<=2gaX zf=zj>{{R@TejHz-h;DUzN03Ev0vwW^&1)S@TnqQV7;H6j6X@_FhivS2`H&x4?DS8F z8j(b@n@qKu&4=GAH)q`AKdo=di1uekc8PNuY}lydCyM3oKeUQ9oRfa%_)a=hyCNKH zaXPn!wHfX#t{USGT2crWJk-6$X^sXOR zifv*BvP+4fkgv+owitWV%q;gh&jQ{&fppDXjQ&!5j7KbS-o5j|iy4{VWOk1`Mtf3# zj+<4zO+AA~+nsuLt`A)Jm95)C-`SUKXLh*S=b)`XrKWsAT~;YhwPs?wRwI5l2lxDH z&Hk~cY8Nm~5h#cN>48Hlm7b%gp9$)EGR(J%F9PjkIL_}-eJjH?>&-?h+nYT)W|>%( z^1%DUH8$4bDtISG)b6z@ufE51V(509oMYbuiuxMu8SG5=a=AnRmOVhGVJ7;OlF|#S z5j~yEcS=TnQ`)h9#cK*o*A{WO@40i4K$ATB>rwFJBJe|^LxKwM4<6#Nd>?rB`rv^B zHIu$TCpZ)}(AGCSuKi%r$QE~IbYgyC#w&vH4eqHWr0Fv$go0G_STtI8I9~_&lS#DH znk{k`c$o_BP&oW6oz`u%{ZCn%EiL3o3HcSe(y>i5oW0Yvi#Y>F9>tBni@5f!ce|aS zj%jWacT&0OK`k7nsd+4}(7G%C0C#UuT$Sb0TdORwA<4#Cl8uB*rj0i0IU!YXHZll) zE1v&4nT#wG4C6~G5y#QH`Y&&n%hG;2tpD;&)nm_IH!CWN~T^DSD&=H2CvRP%F@xbwETXqL>~eV*=Cw#e#7 z6vSoUXf1boR?b*%oQ5%)$hSl9>aniiu4quj+TSGL7>Hr{YO z$KhPpg`8R3hA=~OwTamwG`UjP%6pqPcDjFvZloqS;FS(cd$=N-dTg}Bkm<0MUASO* zKZP<5PRCG@?^%4D0&+O%UcaQ=eX1mks;izdJ5mFvkwJ&cb&VZ5gWRe@G z)ns0WG!Dlic)tvX`NP=c=srZ$eGU@NAsYolu-05+fEIjii=Yi!~bNu=9=aoqQ$Nq0)NzGzqN1s)=BPjE#;tLa8D zBOogY<#XPeLOh31@N9qDk?PSyvh?t-7>uu_cX}3)eP?j9+$(1vDv{1TX;^0Vq|(hG zSV=|4erp#^VkeOua}p95UsRhDLo)POetb6N9SYPRoiCcw5B+H>39pw^ic zl*<&pTvD-O*dsOD#jf0GpJx%lERnl~I9%4W%PeZ%BX_op$!~B5HtZmb8si%AZxzbO z`Jepy(5!aw25 zTTKH{HwEA#1oDn)Ad_Sy(9G9`)N!q_;5TM>p{w;Vzv% zg>KiDkz8-a(4zz}9r|)B!#p5vyc<2$s?Lpcfs!>RM7;vTF0 znql*AQ0;M@#DFu8r%LmW+cU>5`ks;Di%7+^)|iZaox+jZXvcr>tG1~JDmfp49~-_W zd?3Gu>T8*=d=qgSEbTYVEN34sGw4lwW%tH8ZEpvOM9Sm-K!LImcQL@yGcKUldM7e1K`|<#;gTcNf(sbGFtgmlEz0T<3P2Vwb?OHZP zozJg)5f!$QVL#dME6S%KqxB!3diBo<_-Ob-`tMd-cs|W?JjnZnJ;?lPilb(RPmI1D zNAXip^R;NKC1}8zW|@Mld|+quuMF`Yjyxmq=Ele2mx??yABnWP+k+I6fsqjC7&q4) zJ!&C$p!|$K3w$lmJ_&2rzYsKQXMYcg5=Aa{l`IM5`hSH*@lW=E(7aKl>slX&^vJBW zNwMc#D-*eK+omgcrp**C&xv&Z01tSlN4{9eebyd-jowMbtDOJ4m#PTasNgOdz%j`6oHZ9@*ltY>6ZD z`@tR*d;3(>FW{cbY@t@!@(OJ{9Cqo`>0edp+TDe&l$v~(E%udNi)s^OV(`|f_HQLxGz2^P?*4U=27&PN;?>LQ@XusQ#3VN(kV5mp z>)M=R?n7+wKaCJCitn_)3}4M0_L^rFbB~pzLUDqApU%0Thn^$T^bJnm!1P;u9R(yd13+^3)DAGU4Yukl-2@HW4rS;1-c)=LNE`P`hY>~Y(^E57)} z@djIu2(^;Lf+v>=2JGY$&>zIo_FnDGYG|}M4}$u7UBM*&SCq#iYklBr*maMGI!B8x zo*(S^=UF21?he3kG2invxh!KT>to9P9DEF4hx*RD;vE9(QCrJ6WRM9D$`Et3Hb2I? z8y#v78TdxyP}Q{0vEH32FB+<1oO6x|awtGi%G*~UF7?uvyY6@Dx0UkZGCsd!_>7AEt+ zH}>I{?l{XdJq`zKbRhfJsCXpU&+!ru7#mA{SHt^6kt?WTK<5YBAIhP}snDsN$H%|g zLq_m}>AJ^plr+ucsChynw4lM@)_n>t1%AB~3xf+(9qfK_R%~9@S|Nmf9Sp^2v94 zL~s;Nna(p_m*5>QK(qeQk5{ycf3!wGl$?}qfb;2FDA=Xscm4#^^q&dqnyuBLxW18* zf+>B$hfY5-Yv(VB7SaCzZ)!JU*X+=|rK5c1fIUMR8`j3L)R)0p2D7M4)A)8Phqy#C zG)N9)UjG1&E9qZ`{{RMjKjXg__*PF4-OZ-hPcVY+*{2A@wp+JTQ_g9~d2hylgLeM_ z3_dUGo*U9+y41A9Q{+1wzc?XIJ&3Ohmg(d3;#7FHvo6EIBpT8(WVoKW;SEDWHF@?sYuTI2`!HXhBx3*?lD(PgzZJBNFX0b~ z^bfYhG}?XXGDO(raDMA!k6OU^>*BA4zBur`y#5C|ZHI}BB0241Az6qYc!9@SluM0| zlspxuTlimCuzwUueP=ScX+&;v>U-@xV;HXM;;+KZFU0x{--~<|;t8*;q9R+Xcl*)* z0K4tSHAYkOJ_FY6(g&J32*SBh&v9IIS5n8gHgnrN;;K856?0QX)qc-;Yp6vWPVh^- zZ(^ZH>tCs#2t0Xb<1Yzm`jWfFcyPW@83X~0gZNg(NgnZOB9v3c)6Y)zQ&ZD)?N-)n z9YvIB(haj6ySC@J6_n9FXXR(ae+B9u1o57$;rodi=EO5xTFm1NVq=vD{Q6fYsb_f% zwwE!M-kWj)QTSJ>{21{J-W}DR!bU%2xFK8<*YK`cMCoYyGsONMx4cs^%JLxQC{2$CUI#Ch&H zrbtOqxRv(ztqcl`W<@McQ`5aQ{!kcu1fWzLA8wT@L<7ej6%KWwzc%x749^xPXQ#Rzy3Lca-LrnzpR*Q~r+AZ6^Zqb+852YC1Trx#bqcS^Fek256O+zE`&3D2b<;m!?j$VW~w?Ll$aks>R( zgY912b*H3`?u-Zu4F=TB80IhLN#&|2ILD=WufUIt{wMvMzBG6%;}?UqTkSIX&gDMY z<(?h@!1L`v-AYILJO0Z50JH~yzBYU{_3-zeVjW-YWqX^_YQ_WjPEx5nR<5LwlZmt}M`9+H3ZAGN32y*O6z9r=w%o{{UL^ zUyuI)0<>?BUj_VG@SDUD+h1Hy3B1vzknJ$tpe8f8at3%f?9E&)bS?+^yZ+Um2=6`x z{At#_Gj*ftS~NGhh0?XH$KJ8Kjj<#?m;@3%K^5~g<6T>7DSV{}10OFOdK%}c17orm z`gXZzWg}Zh4g69DSrg?a*oyQB^u0z~dmF1cjInZ(DI8?MR=>8_S*6d@wxV}jXtAa;$NHmRJ`K~3n*fL=`$St0p!mi#t^GwYY zZ6j{las2BiQ0R=VQee_T-)Mw_hiOtPQad>1irL&Oa;yBSj-sW?=R{7T+eNw6wpwY{ z(oH0+V;)$@LyqJqGe)sH0VJeXXP)X@QP+pi;~0oYzO-&lp+wOJ3Lf6XG2@Q(#juG+kJbN9b!AGx|d) z!CER2S|gIP)GYijsOoxvxDiBIr1UB}*T??=9RC1mPYp|Zd#1r>6rNiWlc6EV=dC2w z^*-8;6}=JphvT1$SDq%2ixYjP{_(mUrMW$8$mNexy`D*4ONp)t`=`IPX&Bu6W5q5d z`n&qIC+~GWtN2CWT|-2*v+)kUr`z3GN~KySKXj0P#=f7mvbCE|HrD{n+rD@su7SgPQChmk0){{n*=4R@;Yz;HZ zY9D|5C#7ZSlU_k}ELSC22i+v&KGlm>I$0$fdUz=eKG{LT{nf z!*^;eZKZ*Z{l7Z0;Db$fW{^qP_N<*El}2G|z8|&Kqh!>eORId3k-#JJs`Kdj>=S9S zcw<}p2A>dLv|B2TuAu$jZapiSwG-+1ONw!MPC6L;EUh>{_z&+*q8}1Ag7Ynv^!Ct8 zFeOpk4t>3|USF8vdK&`%6p9ThVl~Hr7&kL+E|$ z%c&b`epAI9cPvVDBJE~+Hof7vV6;i?+%P19G0@kM>SFT78@skuWr;~q>S|Ouw?93} zGrEz)#-e`=zpuRaKZ-vEd}Hv_;a`HjHR;-nUOo78sznd>jMiupZ5BdCL#|F#e(Uu9#sGXY|$&i2kz} zPLk2Kne(T|KZnl;h3x!q;0-E0GsN0VCGXnRc8ll-Q6l=_b+4FpzlN8;8+;!f*N1#< zrFd&qmC#8Q%H&9daxyp^m8`#Stc@E3|M!rQ~F+*;+NdpF)BTz?Ke zg1dC_eZ7;(rr*VNXMUq|B!g*BsIGdHPFyxMZ6KC&Uo*h_4<8n z;td;F(H8Q`?kS*T`IMiT2_BW`QK_N#x#movQ<@tdMSCOpH!A0GY=8*rE9bpyN$~`_ zww-gMU7LBKm5h*+@=TtG^sb|W2~U<~@ge#INNmoxq+O*orB~ zQ{}UqUnDMmp?=9prTB;8_k{HbtfKwi<(L)AD}V+MvMejCpJFpROxt_B$~2WZl`$>gxnktk$vl5V+_%8tr}%>HZa$#~OXNiaa@E z;yn`Zn`^5{lrqYU2xIqm`Te-@0a-}U&Bd`JC{JP#JDCa>`H&+y{M zQM58aVG8}C%w1zV05cdobmOId8hF=S)I2HUt$)J4I=0pC5}~TSss!900jvBs&sFKUIg&>fIJkpR(k3rUu(6H zowx*Y-(G(@_=n+V$GA1PQhjd7X?KH+tM67nTIh_r9&Q^hYB%bAsib&+!v6pkJSlml zYC2WEqNPhD%6@2$2^GM2OT&Z032~!9?$D&n68yrp#hs(eE(yWLaad2t^=Z|*vpzBXx^>+!c+W!cQd@nWT(JOL zr&TDq!;h|OL+bwk6*UhQPXgW9$76OzWmwPdM3rWaa!M@!!yjZ+nMhn+VCo0FC%FC-%rZD1H*c)wdJXe z#lDRe*1&l|Y=`&Te=p)1mc zi_g3Hzrw{h=aFXIK~fJ-O6e_TpCR|Mr=@ySsh@#Pv*pz2mu<`p3myCpoof>I+*<;> z`TqdWYpp9B&RxkYN-oykOOMi){uGtkXyYi|55K(!B<0wvZ*KT9NdEvXc&#YnjQqI9 zMn^Op(`NRcBHOyhC(OC6d*3QGS)*4Gx1gZqp5`33@wj$oP;;Jpn$7!7&6|g{k>Hdc zyuOqi^Lp5l?^(N?#%||k8-Uz<)$Dmlvd18i4?BUP#xieYXX-kv&X|HZW@Q){9e$OS zW1#B#`#$EmwCRQ`k}4*GF|q9)6Y#C3kpj%1TwJN-zdxa^=8khQSlF@?!NxIMRU~W5 zZHdfKM;oSO_4TUe;G~4a?xV2uu5u-@iK}1U-d$U1Iu4n4;tvo@go4uCZgx59anN(t zzd`;4{=ptM)Nb^z68w0wgGh+0sdfMsuIEm*)AadP-rm^X-1IJ2IIg7=8A|6}7MPNllN9~{CuZLQGr>^+d z#Ma&uu(w8Vl0FQ;XN4KbHN80WH;in5Hy^c6{1v0(M~>f7@c#h9D`wI(neG5<=Q(zZ zp(ww?2sQZQtY6&gx~=}buU}8B>km6fX1S4_h+~olPu9J96m6+BXUn59o>X@pUik6T z&{JHw1SU&nx{orgTaW~D!C7#9YITLTjl`85F-dnhStMxSk%J)z(ylIxxR&D zTZ5e7(`x*{l|ZOxmj5Pxd=>{psTXa%;$bFML|~ zWAGP5pTxfqd`+iE<;2r9h?IG(0QNizBAYgiJD<-N?WO+!1(We!yJLCb4}h@VXG;_~HUFc}+Wzb4irTwcnK2P)key^VbZWRpP$mhhBO&jPv$ZpT%n%=Z$)yU9>6 z6q?c2R#voGtf2Fz3+n_NFlje=baLM|uqJ(5G=LK|2_vW1jSu{{ZQeD&?4i(zc4w9;aJzqFAM! zyv!fZ4U#u-MPy#-Hm?)O5;Aaeo|Q(2o=I$wOzJkx5y&<32gI)vYF-@HW4B!~?)0ZQ zW{;Olo<3hn4I>`oQt>B(7ij@jT;SGi=9Q;jBzLyCx4n$*ET``eO3rA$Q>yUAg`-X! z0q2en9JPC{oRUEj$r^bK1~chV6DfHRoigWDm^INQbJc5-@mGWv)G3J#!WXtEgW(%wS)VU&z_IOe&hpH;QKY2q1> zc5dc_Hg}!|@y+eFqW=JIg54sM+994Yi|9MjaO_~@wh~)eEu1qu3?G$+P`i&$x)8;E0z0eZHapfpOK;)W5sa4P zLaa0B4SHsq;axWF%n!Co(t(1YJI_G@XGm<^dfG3qOevAX`)oz1K6M17 zULkg5xrv#O%Inln(i)#|j_MVOb^?+P`N!c}I(DF!LUb{@1UUJZ?;mOxk*6{nF0l=? z$qm#Jx}1;gcHJ{3 zfWm zDH}L#w<|`XUvbE&EHw$>yNWw_=9O5T#B@x0&^X7riQ_0dVW?eN+-Ngj7}3F+IDqAQ z=QXjX$8jx;aq6;MwbxU;;QllkSm~`81%(`!K-_{dMRd1%Zk=%lnQxSn1p0GDh?d3* z#T-hBI^=fGda-PTJ1PbW4;)}nXBT2!MV@F{JB4z~^JIGaS3Pg3>EIYkFPPsiEBxyz zqeUx}Zu~oKDL0EVMYQl2g*o-C=F+t5h}kmjDBzCGS-7H!{P}eFOGlL;U}Lpl+Uh#a zr+abx#g^NEJ#*hbr3xtpg6`q0=8{(VWnYvj=qr%9*JQlASndRTFj7w$6v>QibeevN zr)pY-qTLI1j4%b)ou7qvTK@oq^b0#jiq~zyB<+#cmS3eaXiC~1I5fHJZk?e}v5%M< z?PAeWU9vY94yl|Cpy8-5oUI>)lF9Batu6^gz`<^Uv@I_V#fRlyc_+B7ISi*XZT|pg z*rdxlM;oXZsoFa=E9FO?aukmAN3qP=*!Xi=8e5OtA{NS%j@3Vkbpxo{w%vt7;|Kav zazj#R@#y13a|ROrkr39I+GE<@BzS(^Exw4aCKnM!<8DxTe^P_o|l@M$pKM z7Sc10O<~Dw)-C{#%~v=e57x7o5ZyJMlX=C>sm4BI)xD~ulf$VfifM-9#zCZ@i;S#m z+W3D>w}uH#xR&W#JI7KhqSB+eaME4r-c7h;v9q2%eXB^vuye8isqfpx@i7vJ|z57)+~HKW35eZFZPYXF4eg>XD6}u{OK*gKNI*yQD=719F-a1j)&=*@o9WLfAKHJH$E=DxYYcp zW?!^9IY&9p4tjDasHLf&Df+qa^WhJLH9rno&#Gv#Tw2c>5X?YO2OM_K9sMiGek*tb z!2guKDv+);zlUFu+^~6>eTTjm?0$lJ1JXgWr5xgq;N5qk- z_;v1XV~$fjvuBUJ+ZSUv$-xqiE5IKaeky!SxYabh3eD}~QmPm-?UhLB!R_x{kB#)3 z>#q^n>6+x1aCm|QS5b@f32T%8Rk~4zuB7@n_)l-WIgDv={ewzDu(v*0y!% z=kUdTN&HOk4~sqn>ItOkR+^5d7T_be5uYwq-Ov$L8Ccd85$T#$=A$lyVq`PN6o+#{ zP6j@o=cPq+@bgIV6}F|SXtT=&%EaGji+cr`hfqNDs^_tzpJVEO*q6up6L@P-_-lKo z>GyKL(z}a;xH6vH_Qhy?GWb^qhx}3FrirAq(l6QkxC51lbDV?ko}Sg6Nm}MIi@Uk= zXNxqwQ^Q^@g5OTIxR%T9EYq&h`=vYs>@$;HnDD`#+V1Sl=FJcc(Xl5gM^W_RoFwgY z8B-bXqh8YG*6*~-#AZm$f>@gXI$)2=ytCrIo#OuhfL<)qylvrvBJl0oi<=P2c0==J zf%VOFb8Kk{YJRf(DEQefx8ThqR@ZK<-r8GXBoLCXhAIKvJ?g)O8%wR7{{;mIU)tSQvp4p6bu_>;hT#*5=Eds8}9wa0|-VpdNr51DNybGVPo zr>EmzJ^V=U{{V_?e$V1PG|Y4eoGB=rsm~<(@%}ZuUWYuLhA)l`wow~-jCV;H0f_mx zR{sEl{CVP0;mhdt?OtotxFuBz?Eyz}KU&rZi=HL%Z^V8U@!pm^HFc)S+UA^cvIFwIAMl6Uq!M3T*}&nIP;}?`K&=AjN3Uvjn(noxt1B4J5Xh^~zH7+tbjQ%X zBTJ*Sisn}a2Y-;W9&z-*>qU!?H*IV z?cj!k3ZO*2Nj(QG5|?2)p0*291Z>&WX>&!vniM^wx&59+%9hLN|2nl!yB zx90~0eiiq3z^{nxwdr$88Os*oK&-w#d97z@lWH|hinsHu+R;H zNp|gRED^p;dx7-iSLg46{vc`|7P8kg-BxI)v7X_=2^jpzyM`W|(owKQ7q7Ij@ef+l zEUxaMN!KlJB#)Aq83R6@1$k_G=Zh?Lty97m8kN1qgAAbU4#elwA4<|Y9S}c6eh+Fs z64tc2^xq$)p093@h4V4E6vt0qIIiZ}KLvPy!uPs&gYSRVNdEw5TpjUbo-^ssO2&H^ z%#Ve!rTGv+Dd zKSNzD=8dO#n@QACONk)8Xi1HbXKVY?Xt>D8@O(PHg4Q$JGum88LV0%t$L6ki9DOV6 zjXS{h{wG;tmhL?lUPvBj6�B7daU1_|#e4-ZQb_ioPJ#HEWOUm-|Mk6x%+~ZQ|6l_dzL04i(t)c^wGOF;b;tPIP>+u4&7s_@Zg7Y-F`Yl#Pts zgwL;f_MZ>x~u6sTgqVxiTDq{x!mW z(mx6Gj|q6cNce%^%T%=0w5zyfbwl$_w2Xs~#+-;XV!V@Aj*IVR(Mwt>M3kt>)eLTL-@!QzMq=&)*P!9{7(*)uyt# z(@40&@K(q1wgSN`b?h!Q087ZQA9@HM*G-9*j0ON(GXcPINmr~}xqy?(g4OL?^0 z>j}(kk_I?EKQ$A2;N&qCjG~^5%A}9;d;b7}m43(?r|e_c$gA^V%P*gW*2A zI_X|4fd=RV5;oPEMgIU{h-{8=k;-_c8#X%nmo3*x<%!>UuoAc zIC$oPlo7RuTvfZ=OA6hL`KiNK9a!`%@lT0f46*SJlc`u;IFn7(5QFmM!ua6(eSPcm zoucsukEq>QPXU)-@avHzassb4p*YDsNGqI=t#R7SO&^9|@Kc}JLrc|cXYqH0Z4lb( z2z4zsW=<`n&(9De(1Jf2{&S~}{2P~+*x7`U;V8qM%5Z;CT~zikluTJrO`n_Q&*fQj z#UyXPcHlVrS7JvT(9}{g%1LvddTVY*Qllz*`%oUtb2%p}7#dj7QJbB|gF&ofBCE*E zs*STa=A5tuV}c(CrYJOwEIFjZ6&dM+Rx%`jtbk0cr3m#D9TfW?(kJ{I`}<$ZY2u#} ze#T!B^^1F-2WxiH!=|jP6vX%>ZO>EvRcren_#fk~Vl4|-_;uqMntva7S-#6V5a01I zvd`{r6rQ!xO0|#W z@BRzj`w{7ywWXKsA>oZSShT%jM2A!IhsmaD%D9exIRa3n81&quKYG8AE0|}BDXlLp z9^UreLlnaYmK||W<8xIcVp`ox6~GEMD&dDU>Dph2HRrW4>E$jZEVzuGF`xecU30ju zrN&l066)T2n|oNLM!2|h&@U=|>(0DErO9b{&|TSFTHGdfw2QQ6rZz8~9(8}F$i&?5 zkU+nAm$i5PAC@>Ef*B=QV3duh4p098uD6WzB2u}#0}DMxrM6~xbHHJoeif~$Xz@*C zZbO%mx!O3zT9OiWIlFJ|T`NxuVwWFaLU;ffLFT>$orLwxFM>6vhgNyDa1FbbU92*3 z>(6@9F}Ymq(D5W!BKk;l=kt+VHwT6X(z-7W+<1oAD1{PIhjfp0A!B|lIs(XRlRwkL^9bZ<}j24$H(l8r=Jw1r^sd2HQjm?%z{{RT~pw(6>^Yk z-`T43tbT0C$N*%M>x#_UG1kL$YwdT%`lZFwT12+);9xG&J@6~(KL&g))I33XYp2U^ zIDCQ~Q=T_36z$I&oh94l@39nc9OW^7JQ*`&YHq%9KoWr~jTzc1C z2;BZH&2uWas?w`kSCi^}%cN+RKiSst8-4yz+0z3R={hB^lM*9Ffckc>O2F-n7pbIqe=U%-pAM8 z4DiO2cj4)6QVl0m)5_uEm@9C7vzqzW#s2`ZW|;EoH{T4jE1eGPxs{R^1Q|K#F^qdx z%GABuXV)$u_OkYu*5}4rpNMt;00?U@;V&4mit!{WH%3>!Fmv9c)?xd0op&^E8irHJ zIRd7fk9#b}e)==$+C2-y{{R?u=>Gs_{{R>KBiEWcq@1})P~b2)##h^DuCw+T`1PY) zcq3T&BjPEvpY4llk26V?h>hi5>&Ds?FJ_>v@@%5})wwY(8-s-l=b1M0fjq1NK9lsjin){z;3B^a6TO+U4 zwQm-DH1Rv>T8)?4Zj=YagAIe*rE%X8JT>r_<9C+&p0#oC%i=>3gaCyipp4fo()WIG!k0seh2D561+?C6UN$? zi>_|cTX`ih!w7PILBRS~rsQk}$21iygk1TXPiuhls+Fonc zpJ})rSdcS}^!LSmf&Tyr-R6t3eLmnNv}7?E;DCBkgsgondOp%7N5o&-3qaL8N2XgQ zf&HK5qAkR>qY4j9mHaE}oizAc$9^Bu{72ynsHG;|Os$YI_~iRnR3?1v^2ZI2A@J9W zj)mgO%PnGSIjtoo60E;;6W8lW@n25UB#t|)5{54@s*(Id*0kLnv@cF+6n+!@0M$Mu zUTd*NA%-NhGQwGo8v~u*oY%o08U7>dUITqY;Z>#MTSD(7O&-kPrx^zyO2Tlmxhpz^ z>rW5XHvCVGzQ|!_k(+xStVb+;O>=%Q*0k2q-$=f)X}2(8AO{PM$NYV&A-VJU-Ck-| zJ5SjM_J*6_AB^rat!RtihuV$EI~bO0X%D7zf$h@2bo?vvL&82Jn$!COQG)6lg%U@D z$T|C`-n*&D`C3wEw0OhfKZU#v@W;kCy5LE?`$x8pF#iBD9j7FZPL=u9`yhCh{^wco zHkCDm7g`ME<%BUmB&nuLu6EAY<1BLj01)&=Zxl&rjR1BT9DoV062_pKoyCpKgmFfU ze|oayH$I)KNG_+bg3ThTMw9Av(%#0_>2EqC#+@s%T{~B` zy_(xRO$xZ)gm(o=6}>wjVHsYVUC-*n<5k~-{3-Bn#hx~|vePWQIjiWvJ*C8Iu*&jB zxi_feBoYtQ^UZ&sPsHyCc!S{A#XIZ2Ev-Bks_HXd*(@>`Gg0~Lf0_D+`!#;sk@!vgAqT|I49VjC0@`$lYBuBFhbD0qB+KhnQ? z{1y9P{>uI&Haex2zwn#Hx+bR>g6hXy(@|!GcShW}Jy?9ekFQ#~b4Oo{J{;!MVadU6u4-8!))Vw3&%UHHWtXhl}-`QmVsb$Zn zCxS|_M~C1ah#0Ear;=uJa+6PzPWQUi#r&?*cD0(;==`_+wSFj1@q6OI@fE?hNE+Bh zaT^i*H~{{Y$owys+Ro6W>$L4D+=mzd9)i5uo=5gA3JEJ8pue-mrKwwLI*pc(dvP1e z#mbjBAdWyEopstCxjTGEz0&V4T4;RI31jyg(xxq)T#-!r6IaoHwCobtBSg8$o171S zrF@U^58_l`1t8RqhjpuKje90ImKXm3SjWD7GHFc8otv^hJa0A65P0{-dXJ1eWq$hB zw{e6ru_s~!kfZ5c4b7;FV+hKq+Y63_*9Igq-mb zLx8(>flauE^HtNe7-7@yJh;FnVux;hja)Z5Y93pnYqmC8fVGn1IIbCp+tB16O8Qqx z`!m_w+?MklvAVa5vF24~?6O7WGNXd0pQUrxR)Xp&B6SXo3iYdU(BwRiS@7SHy z`Ee3bL?<}xDyD%9(K_vsm6+wd%}ZvkU~sD~!^`)TZ_VW&_%HBJxflWX z10tC`YH+9rUVW?ErA4FoGPQLlcexz4%*YrInY)_avbI?5##nB~PkQT&Y;wxYm*SQ* zK8L0{Ra?e}QUkYBjDb{gRFPR!L&|3zDp=ge>Nk?K9E`k>ZjFvO=|IN>say|Elo&Qm z71E*Ps37&tS~`~OLhLcy)A69^lQQ)SvZTh?+7Dw{QQgY!@M8#h+2`PNS^ za13DJA6nJ17q{~yEpF*4qTgia=E1=gwQ)VHIA{Rm$eI5DmTG!rR?wt#&S&hW!VlRK z;9tUf2w?Cph9$l6HUiJ9-m!TmBOfr&Op(&QqqoxG(}Imn+WO!q3K-`V)d(E&mCc(? zGXDTjkol@C>~X*YlU-$=pJ%6_NF!Azx$0|UDNCXyxLab#W&p4}3X!DQ5p(h=89AcH zXE*(`=etE^12{KIjJ5%vhu9qCoaD1o`XCwMo!+#q; zY7IZbnqIFeYFc)g90DqhV=-&>S<5=;E7m8V9 zxXrpA$3OnM{4V&(@vq`{$Bl8kN%1?x*SeIvtTw2}$%Ri~GlTW7Qw>L{RXx;sPtLI} z$p}yY&OIwWVdfQ7=daCPi|l!Ir>M^;jP7C0O&S$o*vkDo)^ph6Yz3^2`^n1m$F*Er zQyUdPbJNC16tDA+v(QE?(m4?EC)}#$D)r@Q*xrUKFj@;e_%LQTcW6)RiQ~M?V0Kp%>XFu6gY5pwnOWgcR z_?lHs+uS0(xNLHv2*Qm1KGlUvmOCJi(~CVK8)#=bq$)v2e1 zwv<_E_Qc~Hfm{=n%{h-ox6mD}(pig5F&W3DZfV+ok}~PDwkwtHNwyR&0LCgQ8Z;oe z3VKolp4TQxU=b??C#St~*49v|X=QcW-!z<&QCBnWwTp`o@YsczX9FU#=GE+U{XX|u z@oueS;mtAt43gbSBLJSj98qqkOcD6y`)L0F!B@T&d?>oP@OQ$f;MV+C5ePL1rQSDm zCj%f1*YjiX+xD0Eqx(X5qUT!ipNMt4XPYbbXeA~l8SCwljw@&*rVR0mEf(TvTMF)( z>yCoEp9S~}Qt=L{64}~)sugwfK5x1+)~&k)r`Y``@Mngg@J5|!Yi$}#3IQm`Q-Q(t zuGUc(Q;*)kd9enPP7E0NYMtn_V03!@dx0oW(X2?Uc|%6Dg1AnUzO_re<8uZgsvjuJ#y z5)G{+Wrjw3SLvUGsM_iaaN^mkD%`SWvRZHuq@o*;`-NF-vLwuLAA)vh4tX%o%RN%SijY}(-+mTZiL{1^6XPl2wRbmzH&Xy}!Q%^TAgu@?RNvk&A8nM=Go9*n%!bX5yK6^<7HiNRnvcnnsWbKJg}l zDN4pRpJgK5OS!-!kPky$v<#9)5UmS$#>ekVx zBL&x{MR}fqq1wp|*H>=Q61%`7ARkJ~&vsWXmpt21n#cQUT{X%?yTINK0nKz*T1)8m z>X9^eD*pg7Fkp8NsHCogmDuNQZSSX!JitO{9Q75EacMQUU$t%7jC-1V>?EI3td=la zf273i89lvgPfOHeG8koD;P=NBq+Q7+)MJjtrk2&u%rk*pQ{3KMO7Vxnj({F%fhDe& zc!ioqB|+mSifziBGG=0g_XJXIz;5aOB1LHY$ep7s1_w3Qr-&^hxdmekamdAG%)qYG zM}ADAKP|F*XBB~}X>-Vd;XC%6DMwuROjX6CcPKK(ZjFCr&81w8B}xT9CY`r#VJ_jHN83* z?<7=VbT?yg!329^sV$AYh%$L`!iTGNr6xx?r3O&u-eRY(%5j>Zso6_=Ae6`q!=W`C z=Bbs|&gRLYl5)FPa(#Z4u&x~xsca5v(-geO=i4-G{3U&=J8Q9RyiP;Ki~*kh)XZ!o z?Q<#J5NNadiskREpopVo5@VmnhHDs{wz;d?+3D9(O?f@O!O#q;Be~|dzYKVa4Q<`D zi_h%^kNsmt#OywXur9}@Exhk&uXdy<>_=K#RgT*~WPy6}pmg`3L33vm54s%&2 zR7q`CN!X`73Ff2}Pbl$zyQS%K!E-h5mlp7(=YUDTuU7Dl_uA|p{7V(pyg&lm#~G~L z$IGE5-mhmgvOe_PyY7LS%GECPTcwTGKPoTc2dQrLq$&{8>SjIdoNACPd&wCXsz{dx za*>$l57AEqel@yx5{o+9O*ZyMMG?M8&NI@WzH7U8W%H!oI63X~sghvTh%HtPSd^3r zomd0xYjW2>iU}DEYr)-|RYa3gV-BA&Rbbc|Aod?hzBTPV?3tpvM{Hn6j`g)LI7{%? z;mL@F_vmZDe0kz;82EQkw6W3ShVCCY301>ol=c`Otyt`O4v($s7q;+ST)-iA11p{d zb{5fGTmb%9A&+52x)aKc?I6C3Fq&i&KTs6nyW5{1r}j*%BoFq5jO^Mo&%G{GT{t82 z@8Va-FBNINBDd4*^rgSH^3GJQ#yMXvIH@JkHDZrh%o)TK=`rs*pq z@*CnG!5tID{twZ0O=oqT)OJYFh|UWQ$C1xmSIJtR!o{+)k+dtfeNq_-Q6S)=jFQJb z-7D7SXCZe_({J@Cm`FUppsoPtj^ClLF4e8#xW1Ar>oaJ`#xy5_N7Q{P;_hW9bK3kd z<4+Cgnn<;H;kEM^K_eK$Dy}eg=b=8e^sj|J4{07V@a%g30E4x=du=5rEq1dI9#jJ) zV?FaqNtv_g8^03ix_812Z^PaY*5ij%w1H-U444v;!Bpq3Ps+R(;pU;@j~;334c(N> zt1GdUdY0z^)W$tnqI_NP;?u?!{yM(UXR^3PwL=@*k}}1+^<1Z0i>(=J#D~awdRP9eQk;ecJ%BJwIjPC57&huW9JI94^ z+uv%h)9FldiS;d(rK)SzT4uN5rII}`viY&ImQpd!IO|-8#eE$3^6EVX2Wu&02*M?k z8yo@L^vV8oSi)8~F9qn|6uci{t6F$ZUomQNOM;lpt=kKOgNz<(cGkWopA~4Dz5LIr zTr-GnTH-wI%z2JXeaoZJy;A;r=K0?rME;Vb5Xmoux`t&@Effh5B0FjgFUtMUv9k$YZ9Jdy_ zY_{6u>dSPpC&~dBXp z@WihAW%|lcE1a1Q2OtkxTj)%mLxu62+ET8gsOl?kGo*hpa7UPb56-@LwDH!JcW00eW6@lYr1KFwGp*g9Bm%{qOdiOh}!qWEeB5U?xTAK zruMJ48+m0r5sBmj{VSm@3ye>$z8m;o#daPGv3*iYm=5)Gu#bhi$*% z4c9I1v{~+S!)+mA1{O90JCEgBMmiX|cRwk96?lH{;y=afj}Pg(oKacW%I#r-ETB%*HCNe<-j0)LkQSaZROOLbtbWzE~^J??@wH5Q2y0Wb8q& z#!rP_J-Ya>ajYh<8tHnSyRe?nu_YUJKhM&VCQC!<-4j96wCh-H<#ubeLJ;*J`_+pL zPwX*W-f9sGXNr}if%6UAx6ylZ^2&$Mdj6>iFFGw(ObqM zV;=xyV>tXjTEO`6`#Shi8&>g0fOUJ@9d>(i8pM(1Zv*cW>q(kMT@muX!OQQ78Xt&l zG#lrh>dtm(=jzWN*VxzAemSt#{54|FrpGiF5T}_EkCbl4X)@GLm3&q4JI0d3JiaG_ z%MrTy6G0x*xjkFgkzT9ttM;Y%i>)}&bz7*eEiF@K_luG`0=XRUDjhWR4qk^9@c`6}-hSonX%{uS`*X>)16+1jX#!wbp@S0k}Ml_^C&nLvdOo$_ z{{Rkaao*clLFH{(5Pz$gLHUUl`P}zDHSk}LZSG<5h0dvM0+`Uo*b1YsJ@ZLQn#^ui${4q?-li~-0?EH1% zty@NsqG@g+Xqd3hGCNn!zX<*f+;|FUbj?;sFQGyfGGiHB9ONFn(l4DJgZo4LA@K)^ zydejUd?BPP_ga6;bs8}qY)8I5Yx5&m(X6GO>+KUp*HPt4pvO7sieb)=C!W{Ixn*3U z46bSz#F5=wNfgZkMId!=?&G+vqV7@paqtV`JpMHBwws{ePK~Krv&R8Z{;_k=`~Luq zeHCW;W=2v^@}Z(#?p$@}SKgnq*12Qj-veKKGuN-u`%#Pc%etG_V7$)@cVc5u;9!!EmZkr(?#&Tdh zWfRM1w@BTDW926}swxs^Xu}n8>)yJPxyK||k^&fqz##UhiY7^o zm>$NN1e4(T4;Tq3{{Y9Tqa*Ghwz}1RAB4&YvlNDdJ_wJvgel*G-??AN(8J`*U4NFINl|mFjhGipRIFOTAG|x_AsL>=VQhxT@@5Ks8{wr&;Q1D&`ZfIhY7PjMdz{B7_=ULp8(t@uk+ zcXfAdLql>h8$2{$h|UM9*YYX*Q+y}Y{vP~F)U`CWX!HxmXJy)U!sD+Ui8Zw*Ly7Xd z(2p_IMh9BLoj-WXoOkEFc0ru7iC6b2oQE9ojxcGgQ_noxK+Bnr0)*tsB{bM&Cn8=YT+ zJbmI{g&sNZx5ZBe>eqTti8O1d?xKhaukBmmXVP^I zVheTByj=uxDR;LdAt#QiNNgTJek&=Xt{Wev_IJ>YQ8YVsS?uoN`&Eqj7;)4C@6YIK zx3avJD={_V1(q|iZ}F}Qktp-;jK2rGA@SScSB^du__z0-9M`Q38<63x=IWB6{_?V; z5BF>QU6f1%_Al6`f0jygz zMsaQ%Yh-6RDl4h*9JdyiR@2KmE5^!In0j`_bJXfPpF>*sg4$G>p50B)nY(aoWP5%! z&G@!!y>8Yir-`L#m|>WbcAmukb(nS*@aL#eN1EqJK8v8q5s^KJ58&9AWqnWidT-9|6H2qpT zm_yBMtf&{L#($SJk3WR`J8i1m_>K!$W4V{-+ZezH+PS4ORP1q@;?Lrn!~LIbbqV1F zvc@vN4`0@~(G>8x!jPcy8;z#1xujQfQOx%?t|f&SDBzDu(C|lruRK>gfg|4uU{!!W zk*umzvOP?<4C+)!`>)~8z)@ipr`oOJ+Sn)L>J5E^;ol2rKM!xMFZEqK&805WD=!}} zv91YMx%&P`mEOw7b>hF;KKsDl9fMc!uZ3;=Nu&vUiB%>5!k)SH{{ZXy8sF1=X%CM) zGo|>=W|vQk{btvc0+}5TKJ{^*bM>sFC~0#aH2hQjptKJT#UiPa(-ZO+ZFkV z@gL(pxvo9j%Xe`tqY`#xfCn{a=(LVGEj{{R=yFvPgU`-^4$e_xU4J`DIzs%zS(+O-KH zpGz(_#zz?JO@4xSL%>>Yfol{{J*$*ZcPYkwtJ9|oBlB95vG3YupJO(KaRgsyXw+|D z5N-$S*1Y`|D@leyF{#c7>slPHS0}hdyPs--8XiV_S1qaAMJ($ak)a(2y;N4Fa+QvP z+6#MoVsIM^jyi)}?4VD%k-PG>shx=;f^>>cEEArY6$08^&Vgpi_Q*7)vAlOZ6G7Ep zCUdWvS8?DdIS)LJ}K!~4Ry#w&`C zOe)6c452^w%>#_PklfFCKM@7oJB~0ZEH7t*XNp3odysloHDKD%^l;T}vCwFKHNMd= z9jtEJ+z>$-;i~@tia%>#7yKhgHOO>i@jjcMo+oeO_OAyQgubZyd=56!QEc*$7kp0m zar;|c+3PWAR{k6DY*Fu!tNhFU@E(=&Ux{tJQQ+Zw1>LOo)=JC-kes1W(2?t2ETLy( z^h}=^*BE zPtvSBNFueow70m9Uyv)Vah^Y|dUUDke9mD(DlU&^LE~S89~FKK+uLfk4XHPUr;tYq zZ8FA^dN&zS>6+(te~1g?X3+F6k4IM2{4;9nzSb9V88hDlJu9c!pPOT8IJV-CsD2%O z!r!u|$99VQ;19$*iydYrS*OxwyJ*@nNh1M1i2N5}9E%jX znuWQs2RKq@k01h1QU_YW@xR0^GsC_VxVD)s=f9PAM>hW0?TYfN(6c{y;l3urU@7=sa**@Rmdc$?Mm>YZ|8}E(=Dw z5_s44tsk@Hj5hxO5AQT@5$YFqKwKbWm^0howSGWr-XYdJbK*Pi6nKhxC)94IlH&yN z5M!O7Q7XL;k)wmvXqlSa1jXTW_^PP5eG zmMfbk^F~1dm}euW*0*x8@p)EvPOQ0B==3>1Xzvz$S@?~hUg~-Vj~9j^of7{5O=cio z$NWT&+2+2#)%+vi&kgHZZ^RFT_S&z9EvA4;f2K+^5}bYL`8Gwh z@x7mm{v>JA>G_#sh@ zw$>vc?u?Dfc^JzUaGcMI>PvNB$-tFu}^O5 z206$jP=02=o^KU=EFT#D3+g&Wu8(V|>c3?>?f;nt(Rr72l zRihkC?dbOW5&5C;Z&#Wdo9_*3u*qYr*iK-Y-cVJLsUY$ASJ_tDex0dARqfzpZ{jP1 z)6`cNw6i~;Y2l+KZiiX$XZEuA&HE#38sPBvjXYa#;nwCWc&^$=Qv~C5FO?#`oA{~! z00k|*{i^;8>3#$Fjo{rL*HN;*ic1Yn!ZN;4L-&gR00|?g2N=&4y*yt=em}$>5a283 zl=FH~i1#UDs{2_}ach@PUqjV? z6#PlH_<7@9GgZ~JiM3rF35sEE;ax%CIL};l#eRo;1G@d1d|&ad_WQ+pg^jO-HC;T# z1h-OoQ(D}TK4$DOk~8$pI&zOwi#NyOV@gt>uPZxx^ggxtv*KUbli;tzUle#(Px1c% zhCD~&31DNU$>#}Wll_hf0RBFe{M^amElb8;H`lyD;z{PQ(dM~gh#PZ8g#Q3RQ(D~* zD}iws*{RmYCl@Pd`W+^x@aMo@9<^KD0`pRqQgGSaz>;{t8SBMj%X6hd<4M1~O*2pm z3P*OPCSZM-4z=f0Zu%d!U~v4`dj z!1Uuy$3xU1Sl%UJGGl?k=Brw2u_mT0%dQF94tmgb(`QMnL5oQzAbER9IIkeGzEP^A zZ1I5H44(a{G;;2GMDj&zZVcoCd-{)R_c{DUbMVu^R+@w445D(J^jUKh{obD27g-jaP-xzf1H{2bzd^CEKVw1 z(|tt{6OaI>{{UyUQbrlZd)K35=4!^)6%}?myny`J8SPF`@HmJP>U!YNb4j#aSk_WE z4n;sA4JP8mC_Eas1D0|YVB{*OC9}m?OLbgl0G^;!7|LA>@uQeeRTUT7Vi39jSbr)E zWb`S;X)7opPR!(!Rc>RIK4K2h$iSfGnA=$*o=E)XP@||PlUkG6CESH<&|vf{L5sga z)|KGPneGeUk+(Sjjs<%rm7&?eZmK{>z{_H}>d&CfKlMm&ll zxCGY3z|AmJjD6zA8*8WdXYlvpAI3do=pPGwD}UlSmBP(+ENqtWjNqNbbB}7$lt`Sq zAFDqAzhKV~{4>^VJX7&v(#OS~HB3nq4gMcFk1a-h%dQyVa?WauqL;bOT;G(_~@C~EfX}&bR);vTv zH}-X|eBIdKV?Mq8tNGse>-%ARaQN`|fAElNmwG3Mq#;t;E+i?F^1XLZrE{lbe5ET! zyV4|$5Vq#P<&UX7>4r~`4c#l&ryf*r)vQG$DZ>T;`cW7Pj8-ts+lo?=<ZVpABhV571*!o>i=Bg@EId z0PTw2yNb@e`w#@T0KSlSK{HL_-1fKHg@Vk3EO$%t`DKx3P&@?FOoLQIE|k;QaIea##!eGA~f0qeSi>23BswylEs9joo1 z0{AmT(QH)~(g^N?ft+B9nasl2Z_n*TpH&EB~c%#${#L4o8VboV=sA)Ia3cPE2F0I*)HxAX)6NYg)OHUGB+gw~) z!4Dk?agb{Z#7_>RZ#UbZg~KTX0g7#0gXe3VI^VZ2OUi z1&5)nQC!IOO*+Oqc$NibSwR@*`PZZAzGP6JJ};m7&|x_YeO}@znL;YA2Ok0;7Ygd|~ot1vuwO4Q_vbEaLR+u?{+e1nncUB&IC+i4dj%Hl%GnE`)?>sqN> zKs+MuNy{{sjKTTIWB0M?T-C+QLClayBAguUCz_WaJ0AsD-QHYDb8&jJBY}l(HsIH` zL1zjnS1J#0LsDlcbR9It$v$7Z+Xk}Lt}n7gd0=~Xq(#fN@lLAgF=QM9r1hs=zL<~* zN&7xQ9Ctpn8Y!GhTgGKEvjyn$Ad=tbvvNO-pwyGFV3&TSm7D(bQnIWN8<2r21!v^$ii^n9FUeD99l2*zJn( z9Zyi!G|fuQG~0N-&eDGMoczFh3eTLg*Ys&`E{q;wDD97&0rLJ8^?rkJ(dp5~q8TIF z7pGHNMq*(jh~)~yYZFr$3In+1$4m;|Eay6lPY};8n>CHX!tmpquPy9Nc<#TfY1&)N zjLQf)1xG_n)+0IDei&mZ(_FKuhk0ai- z4~cc%J_3>0!+&cl0Vvz|ed^;Rjbjs>ySUvam=np}$rWbG+xte{j+&`Eu72ss%{fo8 zW;@2@JX51Afa3?TrrU{;Jfh9Fp~XXHb4IO{F-e8+!B3$#1^iAQbyGYjUUDZ{x zM?6zV1d=GO(|e&wx&yZv`qp3BH3;Vm4a9A3K4J*#?OH`NfU%O&7>H4hc^&I!+Thv5 zB#oCnFgw;@VrsY7SF1FH0-K0Yj+NxTC0`oBX>&H2rkl%n*f3bvEbHIc9<-#*BNK*i z4_<5V@6{uFRv;fG)G-I#S3i4sdEgB$z zvSC$zoaZ(4Bz_f>?DkVi?QeR79mkS=tF{p^k=)x(_I80}iDqnLt#cEbSuSIiXb&t& zQQob`sn0f57q%w-;Ae!3MVhw8+ z#Tjh&KZP!xtz7wvvMGi&I6aL|Ih>u2hCB7SQjV>-9=$lM%Z*mv2|#eWJA!)qQO?U! zIByboe@E7C-tjbhc;jLUHZ!y7T-}bDscDzUphh9x#t&*7nWwZr5j-j5+l273Np)L~ zD&0&A72}=ZNAUoEAI`8mKYOS6ms6W%)MnoqW>)!I*9Y^jZb;&9sh@E6J|B|y8*NO+ zcQJ{{>T}S3b>-(yeO}_}{IM+ChTL)*rkN3wIgMLJxv>+&c?_^Z{V;F|_N%`SwNHrJ z1>+qfS-yu)h_a+^<<-IU`c{UXr__HAT0gPe4O0F>(n{?-jBqo9!1U=^-W>7W_k#RS zs@_=MNV;;k^1?Pq=OiD-lVm=}9VVfv{89Lus(75+TVAZhM&4j5>cH}S#xY*;sd!Z< z@V)K4@mbg`T!JzrlpZnk??%X;ht1c18t~?erQgIYvH)g{mAXGYb6+*y=~vo?>nMee zoB?Ore(}$7Ow{y!8{#gz;e93SEZX^Dhy;t~z$@q%y;8CGfvUHQEpKlwFR$-qkP<>< z6WK|siqx4x=dgH3;y#z9_|AE}QqQJZTubuuK}-%w{Q6fx@lR6H^=nygyfJVz*dmn* zF_W2y=XMVxrBsm~$sU*Rm*SqQ@fS#!!Qlt?<+5x{FWp=aG3~}{?mroR%45TSvgO~8 zHEY@LHO00!AcW_GoF8wka$=>+7bmf=Ewny!{hho+;2lDH4Qo%fjtP=M8vMaRNzu0g zE9viwNe!}V7ExK-8H$NSv5*H$@s7titg1oWQ=|Br&9x*Dynro76Y??@d9N%B7EpJ|_Oqi)CwV;Vo0c zEOiN%F+Iaa^2_c$JLbIhJ%3Ar&Kvd+C8KZ_KbWBy{t?ryZy5I`H5tr!!(MC2);L1R zYakm*8%qEyKjHrXhVAtYWo_>57UC(VR@?vvJa;GRD?_3ZKTZ5gYjPSnB43~&e=e_G^}ZzhPg=BLK(QM7CQ zcEbMU5&p~ww>Snazdx_H;a?v4T(dR`lJ_DtaFs_%6cNz+Ni7_=cBO@JkijEM;E_vwlLiso;w1z9;-~xz=@g zH46uZ4bvme937!gr}^Tx@|VoQ`8Y zpM?mxyB{xjj@r`B;p7U>GRSs?Ui~t0Ud!-L;unc@h%a<|)B{6VLr2fur1LD@D;tv5w28A`%Tt>&(!5OsYZHQg(vAR- zb{lh^)oNPUmlDUrUx`*)L`1Z6PiWE>W!z66;aT!{{{X?C@SbV&+*}oo?YG5+$|)z( zx)hA%N!X;kU&Zbe|S|q=+shxOIWf@wsw(k=qseFXMP3*1jFO&v_Nh^1`xPIxsCB zbCo}xXDF*0wW08fLwTpct=Rac(itFRb%~?-vPaz~BaceY@STmdo`tCEmNziz+Kg_V zTuw%1Q=I->es!NyCU5ATCjQLTZS~ZDCsYg%o`5L8`d4+Rc+!{H~O8=+BCF0cJ4Z-y7zKC5eWs9Qx5c-@?gIUPs%SI4?;k9nwSk}?3W z$i_rL$zF4VP+Vemm!1^VEcVFSUBrr4df^E;K9#^rt0t9xAVAP65hJLKf_q@`NYMH( z!WTL|taOblUew!9(&UqLkBsaGsjnUQ)1!EQz}_aam%_S;*R-3LEhtm|q=Ufvnh8wr zG>;WpU-(x~yx#g;$i7-3E1Y`cJ!@{>(@e6_ZTv}htX|!%(LQgQKoDTy1?|p7RAX|I zJd;ECg&%{wX*R!R*S=ITY>`#|UtQa4^-tjU#3;To_;F{`Z8px366{6+QSI8aQ9&q| zWJZegL?rUpcG6E6_p0j%ZBj7IkMnKKOp>+CWUPA*tTlTt2kQ}OmhjFcw=lB4a9D$n zZjstH!#I!>w~o)spU5tea{~9gf)FKYt$mEA^j3*WlMQ z+kH<@Z#oGSWx&8=ft-Fdqjnj&6~mbjvTlgB2pxra{{Y3$hZdeY@V23DsEMt{rsCFj z&&jY8wQxJu0GauVsag#_V3N0&bBs$LLW~In5%tY=9}c`*sQ4Sj+GmKYt^^2@ubhPK z^HA_|eW_oe)lYNppN&2g)4XNjeIMc$kdW#&7Z&0!lSBQ0lpU0jI^3zXQGLl@`wsC>cir|coYMb9fsv94;)^Ofw%5GWN0-QfR4Si?u zlf?(bngq7jQ$;<+tNDDKl0E+b&w9d3LZuU<)#Y6t?8wk8x@4foaUR@Ca~ST{K{ByI#A9|2I(`*}DyHlyA$nt_cf(_br&7G2;HtMhDg}-} ziS7q8l{J`d-e>!(4!0&HC)|gzL+hE%s0rC;1c;6t z;n&mFu0=bhc6_7xQ(GNWjuLt;_rarC(t?h)@UK-S+YdhH^88IAiNc;!+&2UtX zwgccDW5e2?g|D@bhPs)z)~+mEY8o}kOw3_DHlE`gAH(tdbpHT?i+l{wynW$`d{LlT zeUj?(-a|YhJ)#T6>yJQA8y@uGU_Y2`OHaPhZ?CjHP%7${WJ56>So)vJvMw#N9`z)- z=DOhZIjSOoh%%@uyVsHl>rK3lGYXi{M&C}gvCh$v6noz%?ql<*x1b?ac^#-36n4SKPVMp=JQZORdPCGy#qx>-Zutgw2(SCogKy2n(WyZHfQD-KEbi;*S&oQX{lP@+sCRa@3x(MyM$r>t^5A9$5k6R z=vvZr$zpNAngwSE!*0Ksnm0Ag(~;{O1{^YOPyva%Dcy6GMx1wQT% z`YqTa?v#Jsu|LA;>0E|K@V%|*nud*it@v|Th}vtmHxCq$73MIljOU>T9ewK;PL;%p zk04f4oZ}URR0p70>)&IZ+9tSHl#!hDHS_~n9bZEi8axRk&lXxGIo*#>Q(RRxG^TlH zgJ*+Q)*njMp!*fN%e9wp%n0f~&#ip{s(cQgT=0IYtawh|JIzwj8c8kNFHfm<#Htp8Jd;E(N1NJ zci`fmrRsMVnv5vuHihfc2D;&~j8&P}_=5XV(X@ZHTZP_8QO0vm@CS?T+fa(q<}(XQ z+cHSQ99E7!PKsx}rhsj4G_6lqntOdNXWO|*AY-mYb+>*I(0o;?3oSQSxU+&W{{SBl ze84ZMU&^DE9SI|z)-+phhu2pdm_>3_0#I_<921XTE5mhNLI$~*s5@nF5Gc;}Cx8d7 zV>=^QQ@+R1e+#|_c#FmJ!xjCMx_+Lnjgmq0hf=4|SLqjl{sw418?;!TO|wEURg`_& z@$ofvvHB+u<(!spc6!hDMU|zzaN66bkxvGz>QF;-W%fJy5ZaN356H!E!djoOW zNgfTaXkG@iKOaMMP_{S!*?X)lL6Xh8P%YlPkw4;3w#JpSM%T8Hd8SQRo z=iB`M0IPaLeg?9$(h0Uet{0pR7}piyUkYk^--%KvY;G3P2O>vwE4x0K>(aeCbkY3p zI@jF$lfnKUgG{w(qDS0uf=8#NdNfk9L_}on9c!jE>~l(8&X>V@)z+J-T*$}m7V|`6 zF}UGRJdb{VO4YuyouzrUVFw@)S8j$bY|EDS%Qz#a9`zKd1@ude=GPJuV9`6j*C|LAQ<&F>@2HNo)?Ei0@h`j^|yeUD)eZ;^`7NWl@cw01p+& zK_dd_=%qRV=}Jhb%eh*0hSm~bKpBrD*B!3ziZp1{q=aFJ{wjwPqMcT@IlBlh?+f6$ zjYv|!R}K3>=y#qZ_*tp=e@ot)v{DJ}<&5FO0n=NU`b`#IFIA;I28yJ!_Tl_r#>qyba*Q)_A0IR=BjeYD zt;z`RFMy8v+<}E-Ap|o3e)a=<)GGJf{GY^M4yj||%O7^4+5U&=&%v*cdQZlC{cFSD z4E3!e#9jo{Y}qcnCE_{ORJW6yq)gdhrzCCUdv~wRU)opx2|N2{{8jOF*1Pbl!e0zL zBjKpoj25!$Z0oR`-~|{1wP#kBGCvF8-XgEUxayF`CuXeU-)5in-1*f10KqMP;G+H) zw-TqpuMGI$B9@S8I^1gH4(hUFJa!p1gK6NO+9%;2r*7Ud{hfX~_(J;Jv6e|RDH;$5 z1c?XU867~ydDU=k`XACfHRBddj{V=YP@if0zjM968=n2)+y4NFpAfYh4-DCSDfpSI z-OdcLm(gZMV~&3C72)3%z9PZ!!%@~e8LjDemOduQfvv7lqng$F;Gz7hilr$n&%LFe zVQWp%r&2PK=$dbPZR?@&WV(g!uc=LYs7mi~D*|$Q0nk?5dSbIAfMAaG%;ferlv7qA zzgAT?ajM8$gU1xz8$**vSYE-Vv1B`x#7M!X%+E6$gN)UrevAIkAGDm-dL#Ht;uJNCHow}3UD4i?hwqqw{X9y^kNH$(WE?1Zjz!(8l{(Ukg4u z@Q;UYWzjSZX2GEsSB-@P;gsi)efh7bzAyY%)Vw$F<45q&yN1uiu)-ro8Oz2=%Cbq`L9%{1X@BU&F5tYZ1SUw27}8OGkZ-(C2#X z&rnbteJk_Z_E_;{uCMU^&N%$*KN8xQ{F5olNwi>t^~n8eX~#rD~MKQf4hXLb@QdE)_l>7X3qx*gpVi6?wF_O|Wepx){9@V0oJi7T^KF23#J-wc+&m$6~fZLd{2irX>rP4L^)$X+~ z4}ep2WaON7Jdb`2Z5Da8Fp-MUA3}UQv>FeA?=?T{Shabqh?&Z$W3*?053POu@TcP+ z!jF$00tB^uo&dV| zZ>wuQ6x4P7AH^?YaM9apmQJl5^aqr30m8O02<$r2?k-nDr0-7~+|V$@f| zQfm=S4AQ_x=-8e*pXh7czh{pg_*3E?g|EZU9_l((tjX{X;@@VV=b zmDSs5i)vD7io1@-*1G7>a&|roj(Fb-li??buPsv1b!@PF!JH^SJq0zBc=cf=Q9l+#o!tsWEKR6Nr_NgUI5jeVBQ|Lq{Ax!eW~V^XJKs3DgYH&JR&6hn2tT>93;GKkQ}A={2ChNC7>>^?;)u~Y`nIrXTa zyLt5(G))svyw^NKAsa1i(6bEpW6%n4r*kPY^dsOu>?NvrlJd{QAG9^nX*z6bw=wv7 z+%mn+N6H=l0GO}V-w5~{NATW>r05{B^8ujfDZnEwERm-zGI+YbtO4X!ke z5?N&}sj_UB7$fB4j`h<cV*bJ zvF9Y7roC!W@o$NXC>Ay`7j`GH zAaP&0AF;>$5clIB#$W939{$l+C*hBQL0Q*GRm{^Tq?zlH+uov5v9uu1>JQ+T?Dg=2 z_ImK8hlPF$d_U1VI}|Dr?uELEW+V8s>T#ZH-Jr6EWS4r6oi)oGob}CcRjJV3BGsjo z*OD|+IffC=D^+xrw27K0F5{j>b4pe!#yyU&YPSrxU>&CzBE1&UdwYmg;3H?C?O6vY zm3bq@bi;N~fybp`OKay`lOqs>^v!1}bP;|rWnjN4K>dL|YbQ~A-Cy@Mwru?MQPb;L z8&iq%kH$~hgWxyp-J)M=KN9>|WcvIO89%aPky>JV0zWVQy?;ADwU7K1>*GJ|4Empk z{t-cO;Qs)J+X_b*!Z~c?KKvZ!gV3Q!{KU}K^G=p+PsI0kI?lfAT6wOeGCLnko|OH2 z;uO)^y}WU)pkuV)=Rb`uW3yw0(R6J`#v05vc2SFoWCsepYw6Dd{0sXu_S0+V1bH7T z4o}jk%2KiQ2AgH4XcmtMv$u}ju%zwhk9yfiER_~iVvpEktrt0^E`pf`^<1oE@z%Cg zZWGE$j`d-XRMrzSEypWCDwbTXX}Xlww5*u>dZ+uJq4Q0t`6i~MVf-f*$bl5nG*99P>KW9XWk1@w#Cd(c>@ zRq6=#uU3rDD!S}-J{0(icj2q=?Ay4YHbJ>0^PZh6sqrU_Qt}7#0NHC2ieLr(G*kHj-rBP9;Px` zSi1S39(e~nD@NB*lH4j>CzykU&tXA}MH|c5r=7|Gs(7sE<(}P$g5|NFyPmWe@@r$N z(X`n0HIhkX5juj*3I0@*OKAk5HaD6M0qsdUl+mLV-M&yV=Q-_D0?3DQx~6fEI@Kp) zk&mccYZh#`ejmOzcTun;_pVz|@gIz>r;k&)U$k52_oK_@s`<({Bk^Ufw(26XOEw>U zK|Ou5UH*;YGi_?tOrJt~R0*Sp@dbsQ{o%b>Vo5>W$OH1GSZe~@7}6DW#?q{Kap-6i zS>S&V@8xOchC3K7mvJZ**Ow~II1=nT$67-@cj27((!%L;0%SJT$5CG89D)df+@UMe zr3NzGr7RL%=W4dhpmax4U~5pMx_AZ~h=Zon~E@!d_|<-OAC4opyjf3ZBwrV6aH#zuv56xX5p#wTV2eu_Wgp=M~62 zHj-Tho-}ix%ig)?w`gK`?rhs2^V9OK3tXBz{Y9GbN=94w zs>|gdlF2Q%JWl2e9#D3z4GTw}@_5a(o?vgfPki>EiypaYpxi`;IiYAIQI5S$X-8tv zswVi1;+&0A@DD1QnSf5u*$srdF^W(6n^`UJQl3hAV$fG5K1}823Xj*_ibMipP{`9TtbD>BcvT_!LZIaQn+mw!Di^mSl{ymfb#XNU141 z5?uX`=!aBCUZ;v>jM7-Vv06hStM^gTgG9`m?K)VC$ms6m=QW&TkOcrYUc;pX%1dJ0 zHt#0%Ac5r3mdW{h zng;LGn5)eJQ12HVk4oS0@zZT>uHn??kh>-kz`;{NnO56E)hwX7Hu{A6g^+xpk+(AE z)Yb%Aoc50@-$J{$5ELKhKpfrbrSr1~SkRM^=~UZK5p11g8)f`B>QPf#9fVrZE4 zArDH2NVzjyNYXOx1CDWu!Id4(%P_;S#L4Nw&T1C9SNpE1gX`9jTONa<$EG}KCEK)3 z)tnA0&GxYrK*9=15MV+6^;}{_+09?xTBam1vTn~#hOu7a+D2HR#^di=jY`IK^`+3Y zYt?A74`ayuDy%n>#{+q&&dbW5?^2XX_J%TRhg7}$3{k=$UU)b;?_FHeOC70%7Z@A` zILEznR7Q}M&pW--_ey4tZL)$v9W$EY{7c{|JVB=2THUjtoeHbt?w?xbCL3zMhPdSbjy7h zY+My(#dks{9GfxqJNH)x%mWsFVBK-;RJ8l{mf^7sPlM696y{()=Jqs_NnR9I=Y<_U zm7H}8E0-!}M3*?hHJ!Qv73HwBfXb=#iQ)L0hmJUyu2UQE$l ztT2`2Ghk=f=95>`?d=FzrD&!72%*GhH$JFhQ5Tq{6l14qr*Emjad3lkBj*H@!y1uT z>SVfs;3}Z3tBm5g$!z}8`{W-mm`TyLf6(1$-~mM1CQ>pHGAWs#^t^ zj-Y3+LtQV4{ClD6R`Si^=aNkG=Z^J!y-eJ?pFZj~R~pWps5;9!z*VH$1~%Y& zb*~%HZzZ|ZVbHYb((6-{uvJCseGjD~)Xtjw!qZ89-`X}uO_Y3(0X(ViUW;+?{(C(J z$57L>i-{dZ<|vsfj(2D2Ky$OhWs-joT_I~30;J6u^A`?`2^k>$KU&pTuAE6_Gdn~+ zUB|Um^s_BW=ec|e@Mf#v4;1Nt5bbJD)E>T#O=MbbZO&k_7r_<5`R zKD5%b{{XPu!uB#oQ6>>S*MAao~@D9wqR%g>@V&M{^YH@=C|#!GFEC z>5BS_O9SGM3SP-=b1b@*ov=xlA2TQz1b&n{sLrgedC$Rb3uvA@(!4|AopRCckyW6c zCIwvve(+yW#cKFN_Ih81Hg6=i)9RM5b0fv}sW*_h;X?WWfm$nWa!u-d{rggUEATDv zg)J}aZf8#sZu0`E1a#zJas_^K_!c|uFIcu3lwjHY-?Q!{9Dgcz3U8_J_h#S3kS3h^ zWts(GP^4ft;%di(Y$wn)h~vLoTU!@p5E6FnAornW!g8qn;O12VS*XddJL0IgNN3j7L-LC}0vsCf5KS??I` zw);8a9F7A6+kwSYC8dYVtbFT*?eVbYo=Tf zOD_z(7Qy4E(zd62YDvoY`Ym7KZ;EtDFKlj_(%F%+k(LrG5IDyf#w+#{#`bm{eZblBKDF{mut0mtcDTS8vfKRs2-X02E!r zd8M{{X|k7igCnzlBy`D#Gm{$ti=*?$yJ1m*Ovl{x@hkj-hxh zp}w}rwqgmAQhhVhnvYa3Gr@c<@dnSs(>9ZGIHu!ZZpW3~_`~8C!~Xyh+u3Phb*Lh6Ws2rJtHuvZ`r^Fj zQzlVM&)vf$RZ8Z8t>>;4I#^;J$^Pa;zR*8*1hts}4_{RjgCb{tA zO1BrfcBNut5&&B=LDJu_ATpaS8&Yd87@gHNtEaY5 z?3vr16pW01mFR!8*M=t5Y_v^6%4NE~vqB}wK4Sm~BD7kQeur)FtHZD_!VAk!5Lz@h zQrVIe$ClnOS2_OxJ!{TB4g58=@g>d7@Loj)?pQ?>hYZ9XRY&1d?7>TO>a8-{L^ih8 zT85ixJ?*ArR&^kpAG&{9@b8HK00XrD02o1eabu=D8ptK!FaR)m^!}9`prm|=_By4p zo5R|hy`HH7DI|OGw;sQjO6mL|@T*JloH~Y?t7^Ats5vIyQz-q(>~MPwRGY<~J>oqp zSnvhy_KU1Tadx)AW>#D*fRo7lhv#2d{1=PDek|}Vp{DCMcCBv{eAed$oF2>QMO0a* zH$w-+zXyCJsNCunwpRBs+i=m8IA&b;J@^K_>)`(YjKY8Kuf@Px6f*7oWqw=JCG zsC;(F=}zF}dnbi{An1NS_?f5pC`BZCtnabbAThbQ0Y~FrdGU$b<~sTp9*|Hwz<;mZml+I5lDgKW&xGB^yywVuXql9QvU!_ zmet}BUFYQ509HNgCV>3O_?4t;o*&n>Z5rYWn{VC}D&qmiW*(z8^R@E5q|X%FfX}5N znfGUW3Z;DF4^EgB_HXRj@gH(Y;muay$8H>XEbMJY7|noz>Op z*J|Jylwb^CjPY5@JqCOU`%d@*4KKyk-YKxO2SvSHNLDZw2|45O{{Ra4klA@xYvzVz zBrem?RxKOF+hgw^*~7$oZn39dd>_|lNwoX8iLq%W+F_9Y01iDmesy!H=f1gLhJuR;-VAYn+J9*?|4b*Xu^%Jf`f;x;9Kc#pb#6CyJ+p;UJnaNTm zWiF`ulqhb5j+GE^kl_1t>slO=T?C9E+@$Vcc=e_gaK=?Dx2N9Z8h0i!u^tqY^I^wO zDnY&2<2($1_2@Q(=vsn3zkHCVgI6Q+gR-E`XgVpHEU?~K-P_A;9pns+8%97m$j5)J ze^?*zZO84cX{h*X#vib!jrCvnoN0TtZwSjh&zK(EoV*LT{H0i)26%Tpxld~yFntf} z8cVo}L2x2yTpg0D3>71S2&}8fZJW-wlm0wz6oZa-p2ocT$g|;(+D}NmvC&h-_JT*% z^l1Y`^X1_39q8SC_~gCS>@6?Rns`W`E`4?`*UGTK#U zkrhVZcI5V|?2Pg*;(xj`T}LA+mI~%FxF61zJ)6NQK=t&X6B#6!2g@A~ZnXd*hTUdx>=G5+jhA zU^pYLR=JN7_B5+;I_VK<2ahqUTtm%`^r=i{orfzfLbK3q9(&$gv2@vdLQ61}FU zJ-je2tkJPUw0xj}+P$h$(BqTTy4t1f{+A3>BU}i^Fgn!QQ~jFeIc?$d?#cb!csXPB z?Ohzo)@G2I+<1b^#ulR5-&MW1va-2A{#w35(p1n(*CtqsESGEbT9~4OQ3~3#kacxhB5M_&NJ9TK%fuRPimUUR;(}KvNm-hFok6ddd{^;C$HRUvw6NFiAWa3-`LDR{P=AO4*BQ-g2%oBC7zH_5pAdXp z)otxHoml8v{k{E@%4JK4E((Vok6f>AE9PT8-mR#^{iCT%zLgFfU zRsuC?+nwl_pZo)%np-GbjFVj{GahtwdMAf3V!Sgrl>j-z4wc+q z#d&Uz<{*+H0neokTS4<9&n~SUotOg2l6qD9Ej{kCjKMLJl6uk(WMo`gNojP`@63MH zqiJ~*nPw-BI#3+Qo>#QoOm0W_s=&Or`!mMsR2~7&C}^b2?K&?gO6+$P&fIsX?e#CU z`G^kdW7MtUvYPdkSqkKH*V2@j%pE&bZB3?u zl!VSy;*(ObnUJfd@#|UhJ&hnHjc+})iXAqmaqCakZ0$l^T!<4n_dsTsxW&zAf>;svyMJTa)5qt&hcSt6AD4(Jn?xSI7 zq9{QB09p_FxjEqemGd=lQn~($;P}@J^7?qFJsM4Y#l24V#hwh*q0oF{ms06N3}lZx zHs^vm^U}I^@#cdTjj#A&Y@@ojoii27j67?c;~#}|;ps^|PJGLXsnnpAC%d`X{>(l# z@O-vDHTZ9>UXYWz&0#yQ$qb|T3GI?kKK1oQl6YIi9v1NrhJGSNZ=-8g@UrO|qyuXJ zqaj}%a&gb|729*+R%2EbeWf?6cRp6o{7*I9a$D*V#+TOeG&_|40IUGxcjMN(trzS% zmba%_YInb6j_Oemk-qAa>U(rG=2nf_{eytS^I_p9yG!yr-;Cc5tb7yU_-E66K@OoK zsac?GZW-vyf^xi9#@-sV`(^Q$F-sUNmIFMD{{V$@wQUX@RS4Cnu6o6_gRIv2g{9V^ zrD_o{c(#-| z@ufEveI;w!`hUPXO-ud@A@Cbl(&dZ7Ul069{vz^-YkRw8Ljw`VIQ9Bh^F#YupBH}A ze;@TPidxF(9vX&NV}=VjV?Vpve*3plPp>|e!-}gD>pUOe>}FAz%N31&?<-5ywfbE7 zJI1~Y@fX9LTEf#?wzqvg;dk5J!zT1`@9EyU8(BoQhG>BD$j?ggYR_9A*4Ru$YDF}2 zD)7yC_;46@&sywkjB>)UlbLD4N24lS$kl*4gRo({j+K$)c_+HiCrg`$%8V&3%8}C* z(;0O~hl#p^X0K4k^XyEzj)@;Rq?gl8l~jy_ogB8 z_QuiLx+%}0^VRTCTAlv@?DwlbggjTGFpKxJ4bRp@fSfAzl_{a@9sE?U-PjsDfA zO1M&oD#}Jd&3f2pbMyW(!#Gn@M~3Li`YrXvh(#9ZAqq3lR=0_KHKl8DnSes(GP0`y z^L=Z%$FcKV6^;J@ZH+m7qK1j!gtOD)k4S-Fi5ELmU}xH!r}&M$KdLppv873=X`z9Z zF~c&ByM60Bbw8tME3RJ0>TRd&Vc^e+AF{Ts@yGU3_?O~+55!uAk8>>gcBgO}+Gap} z+gWyiV_}9FIUJ5KYw@S{UbMK<^y3ZG2qszGN-Jb51B1`h8oG%i^X>-YI=QYlAA!VD z_H{6|Ie*0$epzd-wr{nXYjcMG0D_ch@x1>41iVCJCs5dJRl@Nw1G)Swz_d2G)I2d9 zagdUvM1n^I*NurnoQnR(y955N#`D!7_XUM%Dj6* z>Z>v~;73zle3qxtP^ol!9*Dc}2w}(_I{VjZ@N59>$D#G4osDO)%xYG6x>@5pNx?bq z?_S67@4@~e@$J>Vm!j!XPcG5}fyQfPeUCp7&!2uQ>AoQNW#ebjd|{;CXh|-7sb!3W zl!MPWu2SDpI(DsXug3m*^=+gOM{nm_K=7-{Y<*ks1LJ3gM~d!z8RD0U$4=E_DGkJn z`?Y>SQ~lhG{&mcFH(a{?oxf;pS4@^kqwqGbF^bwq&LiB!?LM63*Ht+y9z95(u3D|5 z_?O{#iFMm}M3)iS{_W5K<|jM8yjS8~j)!Swt7^(E76f~_B=VSG#-+Gies$3)>0zl^ z8yebJ+iF@R?Sn17O5BzKJ(|DE(8w-6xXnfXIOggvm56l|kzB2yA{x$fq`xf}8;?KkB zG@WC|9uU>;q?b*e6%$Em7tDN_2R>%f2nVkqbJtH|eC~b55zDZz6;|#lQBTrRQNPOf z`5%=(4z&;XNPI19*S3XPZf1?gBdEb1qM5FIHL}pPEhof&3z@AiB6BQ|xXP=8!5)>% zEjK>Ol{YnW?hgZg*`6@J_+6-Y4_dU-V~C`dO(9*!ZV2Q2YvdKtA^y?0yRlYRmPT`f z*Ce0oS-D)iMU*ngNm0mUW@$B znmHNqzqbB8Fardd%=Wn?(U8TrKB}l^hiV;<0 z#sKsrb)v>HmB}6l2_&IQ5!cvOZ`(vl7x=pUDH2zgQl9P7Eyr(64)xyXejG^_38jf2 zBoYYbv8f08G`k+Z9|vxi2v32z^tDvnt7HDRydySLn|3-sDLgH&TFTy%0y zkr^Gln1?v4mRI)I$jtNjZ&46u#mM3{6@|<&$YlFJh@2_PRc4%gt zougpozLk(D91o6uDSSBiL8n}5pB6lMrTAH+LhEldfXgSK$Gv_T{??!HS??4}sZa3p z_G;48PqJu?Ppe%f)&~RBs`Gl&p6~7AWc(!bs9IqzRbgp60p8t)1@I&Dzm0 zKYUX5f|loJ;M+-buM_DPc5%vqW%<0bgU_$Eev#TP;s~K(w zU2e?otvWIz9CA3Ruk9CUL{ORS>s&P!r%e;*{{W173r(d#ctScx+^}9_Bh=T-@mjHe zFp}@s=D4aO(x)8<-|80@!WhU1I;$R;qFpjAM%iy}F3r1@ImpN+u9Fp5ntu$uVQ=71 z6k6S0tW#-*QM`1|zI#{cmxTTz=~kE4*BVhjV4Dm&1JC(2>C$JJRwmB5u1_wYT--1% z^QseqN3Zg(i@{pl_d24-tX>#2{DJ1=w#E0aLK_}@v_6ae#G6PfccaNK5g*7#9c>D@wMlK^*uPmRsKnsADCCt+Lg!KtzeO1iC8H2$e>!Yn4iQtCBxfj z*A|A(`y>f@3gh`y7dBGDvOIDLkbiXNH7)2Sj&3>kNXN=zr;eQ}jJD2aj#!zO2a%e{ zRy!+iF=5;tf(o9b8tdfoBI+7-zMpkt zV+_$?3DF2?20x3p>01P4W0a3gxw_PWwwf^!``eFN-j)ZnfueZfnSZ)Qb3viZ>6ThS zzM5T;MIp{qj12l!?LyU{Wot|n>PYQC%*&;b;UfXF*ENkArq&IVanm#z^H}42Tcg2y zW%jmF_La!qwd7XnlkJCLSq4EWIiQ|n(!3w1uAYZw%%3yv#(Em|OF3hi0hsxX-y(ud z2&A30md#YnUUqWZ$(&JTbuOKp!`Fr%AKaAI-B1 zE#i}ro)5Kp$HM(G-$K(|&nS$MfS`Bu#aA-}y3{pUjBn*g@u}bu+ORdfasL3a7>NAa zjA5MmRF3C{O>Jqc2~3ek=I-E*)y{cCOS*VtXO#~p2IaYRz^NjK;tWbHOok{anv7X~L^mVnGOlmN@o{P`jKBm2k z!a9Ad3Q{ny3ls9^?$&^GQ0Wlp*Ee!n&33U$+qSVKLG~T1Kg5Xlx-Hv8(>#g}LbeS6 zc~*kI^2s$VLfOinyv4A89M?lOpM5fhdx3Pwda&fuUS&mGth)Q@O(bx_CQvZjmm{A_ zwP)ft1xyi$8?HSocx-0idR>o;K!!HExQ#|Y>(;#sN7U@~O_`BeBgu6&MtqFtd|f7+ zrpGc(s=*9LAUWtoe8H>FrOT*Eab>C7U)v4~#Bwq2DM{F+O^M-~jSF6T>tF3OOSp$Z z4?fiGPC2b5c#EvDt8K_Nk2S&4YjK))l{|`!aG>%?uXRm7M;aK5DC$rgb*)syqV9Pf ztD|Z2A29>O!HES-kRXAXA z^)-};u{=^<+dPm;fmEJ-t9sK|jvHw$9wX)!46G_ZNaDJccC6lPP0kM|HM3`?#b{UU z!vOQh>GhyPHB{2x+WW00IEHCpxlP?9iX zjOQFuQUtpgSe0^AVm$tJX(e&BnEasQnzUMrE?#SM#cCr|5+*)gYnao#U2&cUv$z>tii4#XN|xSE$U$ebUgOt)fKt8ZOp}WBSy-QMAC4I7PY~=3mNwP|?U$QKK1PhFG&px$ZP`+adA_5hnG z8l<`V*-mu-cKwbPaw$USqI+w*G)7;rQCe?Pb3kkea=T1{vlcRw$t6u zD3r*NakLuhj>axVxAqBHkqeI5!OvQ`f8m%kyEt#4n0=+o4V$|0*A(nSb}=Hgw$<(A zi6%&H{_Y9yUNdp1SpNWMTYK*eww#L+!6Muofsw&Jwc_3`@#l*54P6oKLd+%59t?5O%WhTc$p1ABx`_d}HDL zSHxP*qp~?AoU6{w*CcoL>(;#QL9(#aEM#<&+7wVit2W#m93RrX7}BylDAsJ`r|{(W zHn+F(Brb?{msQA7p60ybZ7Cj`-fq6ywM-5bnU_oErJF zTffu%C#f%obcz1}(o~Jm$k=S3LC>Xa6`{)XRz0`jG$T^fMxU)f>lD#C7CZo05y`2( zAABsg_(Snl!^S$Wid`@5F4L^5y%|ezRQq~VOG1-6FO6rw8rO_2b)N|cuCC>sW^i$_ zkNY_3jMj~|y{Y(n!xt>xbPzBF8~7w{IQ?rfk~~jAw6WH;xf&sCmu)8fxXynH%lL<( zOQ72}qi70M`uemV_LMV9YUx)#@{NhF>XbJ$jqi?IElQ|Ifu``;Jqa9yqB z7g|w^cIgfdeMfGUL&hHpG$^d*@gANcid4d&*iV>o^Bnrtkwo&?`EEZHKZg87tL8GY z$@ibOJvipOFNxkMo5WrgXOB*XEkYmOtnm$pj&oLP4Ua+i58&+&#y<}HcdTl<+}8Tc z7EK^uGnA26IX_;XkJ7b&W{dBNw_Y9B?X*o=YfB4t^ERpb>JBi&--<@9El;d`8>4u$ zRk76Veknx+7HAe#nppl~rz8XYDk*+1K81TGkKwIO@>?jF$P9<&Z){}q#bR^Hp1K~Z z;LqBd!FN`+IxmZs#?Mq|1>q=ySrlgkSI;_^$4ysE_}i;!TBBNj!Vjw_`X1r8b7wdN zbpCXdJ?#ioj{*Iqei&YBTAq{QJsEGM(WjIK5jO82k6d=-b6-E&_~%>rU#MEgrQJ_4 z5@D6H&ZE9RTHckmWyS~IUkd&vXrCFS)2#KKD$Orq8w_$q%de@=zcu<7;(r3`UKa3W zqAUh|21|7P-UyC0Bh#m?YbeZv}+*>2yJ6P?;!w53#OUCQUo_K4t#dBHF~t@xyjN+);?+_OA2cm7SpR9Cmv4 zrziG(zDvX|;_8<4(A^vJsigVa$IlV4szXf1Z_%`#nXe z_#?&kRvL+cH5jg0BbF|g0grE9)ueCKrz7g$i<+N-yh*0&+8>K$TeIJWT|b*B%UxU*9UW;1{vSYPBmM=IDC{q2oI(e^4`9-br@FfL3FcQJ(eadL#H( zO4c;%-D<`yLf$4>W=WJC+-9Iny^3EG{{U)_hT6@K_6?4ob8mfXg^oxE?%ps@?!X=T zb6;rw%*$h^X*ZYtB51C(y+Yhe6ipaMjTmu^^&|S#a+$ch6g*AwAH!bBO*E2SX*W%n z_Ky#dr?c=~(L%U3-T;yo8qyOuo~CXL|6cXHoRULWy$LjKCs z8Y?%3d$&;jc6ee&f1OV^a;@C*D~}oY<4o1G3!4U(@oh-ngmB0^0(*-3Q^a2oE<9(Y z={_T|OS=dng#_kNyUca_*&g+2*uQ3dE%2k_ZjbSw!g3uWPq($XvBjnC#oLD%9X}CY zFZ_L*$6o~XSf$Z)@eQAr(lp9;m1g8~p7}Mim8?&*K7{>(e08OKUVT=};tq#2nxZ3p zh0K_Z$o?XIde_ljKGNsVd`Ui^rz5Or-+fQr`c>52Jem2!`$_mVZ3D+Kc&(w6Piytw zU7P)GPXqDhydv9OyR*AXi+w_SDbOB4tX;P>i#mz#CGl}-FYZO{!BPy89PZb?y4 zee_*MON*%lFwb$iNW+4v2Lm5aDrBrt_NR&U3w4pkT=)0- z*Ti25d<){MkBK+B^!74o?J1WCCHZ6k-asM0%V#VHpri-UKLjJ5&*Sa4irO({sAxB6 z$0UWhBz4blKc#-_d_nl7@Ymzt!LJo~FU39*x4YEV*vAwv9{kEc!y_J?oZwLPRtAs8 zABU1%ct=pxd0OH>mTIl{9I=!W`OE@4fCm)YaDamy+ zlRjwur93C1YyKDTpTst3k(2jtv4_t1JfHL0zcRdKEvBSdtz=KMb|V-#_57+x<~;UT zr;Z5ov&^}pdSjP&mxcsEDB z(=8f1u@N@_pS!n$ew`KP;zaHxu>6IYjA-KXh0Fb$=-#EHh_B?BaocrA8HLD9;Sq3NP~M|=acJA$X3836dS{HMmv__KxNy{ zPPOPC41Ong%it%)UjqDk_;0D*Xnrv8<>XhXC9~}}5rzffb^bMF$SQa_!Q!ql?se1H z{{T*J**o@u@E`4O@Dt&`$DabOZ+tDNOk}#Yk)m9wQs_E1Jq>lzkupagb!>?JR03+Ms!XMbWj(mAxVxM+ zBhbo`K^a_<4mx$Fp&LtN@9B(ore^{W5nZHJ=f9z;9X!S*kIU>j8Vv|Ss>mA~Ku)cOaY2;?OkhRz@SpwQ|^v-47fSf_)g*_uKHdL$lIk*L*vtYE5(DYng_%;pa&* zkwquY$cNKAzadyviPsmQ^rRP-Gg$q$U9JGxFCWZSEu4`-sLQ4>KVq19kPtY}pspFl z%xC47{1w;sRntB_`~}s#Z*8Nc?y;iU$p*5pAQu-pc?7E|@8vn(2cc|quk-TpmV-g8+KMg!et>Kb&c3XRdU_*nGw-w^%6tucJqWYL05j<5thjq<7 zS+m_sBw}Lgf;JJ(N49Ig{v!AXThUIL;&>L)?@qqNi7H4pCw+u^j(DybH&RS(6s&GZ zKoP@j198SNTu+WChD+$?vuR{G1&%tOdiUu_5kn#mC)o}IBIhqEb#^JiDg%F8(S#KqOJn_3h%xY z{1MiEAi)LY#CKL2bMhOFZ4I@;#saex z!y5W~M)1@cL?Sq0P^vk=ubrMI?EOD3!1B9xAE;gJLvIjV`702N}o)zM%MR@J?}cXR2$qF+p%0Sh-H#g1stK zt*P)eDj#87{hv;F;T6c-Rf20nXe|DGXCz?#D;Y8K zv&`jz?c|k%HpXm)Kf~=-Q9|1=iy_Z`^&|F%L)ggBGswl8obEh|iqg}{w2;i`$3H6y z4H1tV6Sd1mNh7iLt%)K+hAd;Cpw4`jBP(kxYF$s84Rw8k(Yd&dK$SM!G|Fi1p4=&)iXlX^#))fEFmKewATKGrn+1- zvV@oB;1NMbPpW7)Qb!E2sv;f=_CJMVc#}em*;`vJQ`x^=B`2bS~=}ewD69@ai_v zPFNIRM{4*&3jSP zH6?fj#+!PQVpv>lZV!LUt$mr`e~5k|_?>U3cwDSf>WLG$7{rdMIp?_IxGT1{KWp&w z6NjyjjB4y+i#RPcw-W;d;O%h4j31?UmN3TXqnE=1GtNB?d6Jp^VM3%{#qEAunRLmb zxOpdCq$npRr%L(j;bx+(sp_^-%@WHT(r%50JinNnRx@IhzkZqYG*L&jn}0dzJJ!S^ z5~xTB*~M{AC%w;o4{7nQjrHvt;ns`bJv&yJG-r%7mgUKfN$eM=Ojn55>Q|PMr0~q^ zDD>j8Y3z6yoW7bnS4_z?~>@snj9zmxB z(UvCGZ22LsBe$DMOI@h~+(sk>900C2bNE-@nw7*_VetN=t+_4Th)4(xawK}}Y}^1g?jd}r|Hq2TWn#i?1_TfU8VB4yS2L!SQthw`sOi@|m} zmW!wB786{w!av`|k+(c^UW%FU89q<-d}6G+YKqn(I5)x>cP|82G2&efFC#ZmDHjXQ zK&U@$!Q&jHkJ9hh4*J%A*wglt@bJ0R^xb04_fRtVE^rZ|ETvb_jDuf?-?MhDsOphx zT2-Vl-D)^(HuZchi@zuRtfYw0Zf z_5Jif{E`53l09pN)O6d8B*4T((njMs?kj?E?t64$W6`ul7ZEMYds%ja$75Yc-!dt| z8-H4uN1=6Hk;VA8QcWV(OOx|5=L6S@`;+!1@rI{=;nAyG#SYUc*(_ zMxM|#Fax0wmQv#-Q}F-Sjp#(_2j+{_`TwP4eD2SI$Ute z8b6nHWpbD@$`>NdXPpRGMk z))A5wy{oF62=?}t zY_?1hn~-~&-w2UL3!*ai%>ahm;O_yzv}1o-%E z@ZZSsAH>_6pB?;7M+_nd{Swka*8uhAx*;1F&Y}0^hK#VP+uTPTmY$#Lt>Qq4gU~4H zU9G5<;}&{7rVQ-%3MymvKxOTMTtQKR=~@9e&V%@KYZJ_!>LA ziM&S#j`drNy|uNp$8=-1@C|fRS9%?Br(^IRG{askV*bsU#*V2&X?H z=erJ1(!Oh1AhzBuRbpfJh#a@n*RMi}6R4JmsMC3j6@e%{X|hKl8_?x?b*{_XLx!bM zqwj7dyHw4#O~Y#EJXU8krE}10}dM;Hr}KsQ^slWyX8!=$L*qy79j)1D-wM1NbA1!YQtMN?Mp!L|ak+T;s~I~QLI?FZ`x^fM z!5lshd=9wMJZ159zu{o`^@~tX+vw_iL1G*plMeZWJkITz3?!3@{)JK~deR zWgC;ugq4?JD9Bf*70BXco>h?igz<{Rv~$x5tgatwEU>Z9J*uX&;|pCgPkFql8bne~ z(VSK?cRFIVJo+z*dTsr!-QKyY*;rUYH!*h#*!EuLzdn9H{@?n4h1&1JKL>OuwVg&- z@&5qYFX5lV z!=>q(w}vk5bng;m#z*$u1fOHPMUVOg56-b7!1lVO=TcX=JlSbcW(mN&YomHd038Cv|jVh zjInQ+55(6cL$Z<0YBIyCY4@6JmY#O-Kt}%dI5qMQh_uJhXOMX;Q3(u~#y*wBQYWDa zBZs++CtL%#ty}U+EJWQA~-E^0!s2yYCljD=aAmvKB3d&tXBde9c>% zY2>s`N6SP~Hxj+6EtYAaNu!zMQI`+vHG4 zAW&k@Ez>+}e-!r`PPlDeJdKTtbRTaRON!yX{FGKMz| z<>VJu>t8}x$!6B@Pj4(vj=3N(;(~cuYTg@Uon(#5XM!`qr(N76KO@LU_Mk^Cu3p7! zYV!{^MFS@l^7oFsb*cdx{hYKzAU1J9tRQ)IkK)VLyB}+Bv5?sct-B-C*U{bw@kCca zp}q4ZT;*9u^Ps6xJyP08Zc(s4O0RsHeYK6x+AYM^yH4zN1KNWrM#s+98m^6JsNJoi zwAR43)MLo>q?5!c49cd_-YF0FG8fp>DhR;VzQglfMKnsqztx@(;a4=v?KWFhj_2&g zX6d;4dRIF%QDzPF-d)DbsTu9i3el3v<|`R*E#rzC4EY-dpV1}K*D1@j{~JvgpcSkYvLDG~X%Z1Ou*MO>K6q2;$% z78+DiK`on1<-SQ2;3)T~W7j_3s|Bz=ohrSVq+~2nKA$r^%qbu|@&Of*b9gQ8%3_<+s!Tue5Ht}bM-fIn0%VN$z2*rlp*~lE%Jg&~3WRGFf{3^Ot)VEgy%9>6N z1`ib;p=h$St7$Bgx{QU-dW9B@D$N@n4%6oy{ImD7T!*k}yW(j8_GyYnD*I*`+EMInFs1s#XhJ#JG_!woeS?dSLKHbUJR8 zy-}pORP}6*YbmWpqhf}xw|1s=x0>DMUWARn)+M&FJjDI3-Jo?i;0!Pw>I9;Wj>lO@ z9VCiPhducfXH@YlxBDPF9n|5SPf<$tA;jlyH34ig6|#GQPt)%Z$QO8xm}HaMl4Knp z_HCWc=|$dTQ^p5c&%d)Q;xjU!=u323Y9mg^Jl9Ka6v`ec8A%w=>sdCsos6DjSCSDX z;f}(YqL|tB3m0K(w*n^50G>^3*&AqGS-_cllR;O~<*WJZqyR$A8STid=;2h}Rzc;` zlIUeAT#Q33vot~iM&2JI8LTZz#!%&Cw%B?CIyFM4+=)9J_?pVb@FmQJLE{JfDxR#~ zeiqK-KT*InqKT7{V?)xWRx(^9E?1Tn=n;!H+Z?`BXR$r0*hs832ef}7CQ_k}2&WkX zwmkf?Il<{kvskl4qsJ6(5TLG&o>W~n!H=Aq*G6Be{Qfe0Vp_Wq`BXQ4a0O!+LwQI1@NRJ3?WDN6N zT;N|r9BUBd=PEjVYbmP?gZmk6h?X|=$n>i*O@2!?umr9G@qlUu7gWd8aA_~-^T^gZE&l(vU_?8=%m&(mN3N(%p_sc zZZ_7@T>#Lti&43CWFcTA4CAd-*DPj{T|DVhLNG9Td)1jrJx&p3zPFJry)xp@;ko;r#ui!VIOn>ay(&AZS`^>y<9X~4b--X`~ z^m}bLTmJxrQ5+IeB zPgnY??!L4k1P&9Q*i>WPRHuuXIiH->5uRMyyZC2C7Cf`rJ zjxRm{RalN(e_9Td&s^|*r-wW&RxM)28DhGGgh`VDiS8?g@dv|eiH@N)tao;Lbf+=w zOkiiT3KWGW)agDSe{E=O2AtQEv?zAO(i{*E9Ftr6@5A2;YZ}`4j!Reux~7>+1uAOGGs*` zF~{Ja7Tnz1MWI02qj~ue#7eoxsn0(3^e@Cu5M5}#5YsfhOG1|4P*}Dw^3OP5ew__N zs*${6eAi=pHKW_=_BSTZY<$ru_Vue;=ZNn0eK8}D+-w5{Gm)Qa(K76L9-lq-i{f2A z{?X-*6<}Nh%CdvgJ&k^={5{a3@y3s(OC*-C8?_OLgXG15kDJn>qPiwWo%qYZcE7X4 z9wOB*mrwBzgRdpoIk-*Y1}8r$KK}rfd^4`=nq2zj-S&>6T^dFW8V*Wx+uE~?b-3fP z+vtx@YaH}o6?d61U7;Oh|9f+pKbdHMG;Vz}GUTaePFuSzUukJ1UsdV-w zW1rOV>scNU)qH3BGWb6BO=nKBi&QdA_Ne6rgK}`Aj(dJpoTY6G-0QR-7kpyz=Y>2+ z;tT6PGfikj*07=d^og{bjP@1ceh2Y)_I96RZ>glS`Of4yT(ELUA&=)tN1*w7BM-$o zSN5lfEVa!oiU`IXiOUX0r{i75wXNy*7TPFVi))*ka;v&w%Dus;?O1?kv)xU$UG`TdJi)(y8oH?CWp;9>Ztz|BTa*6PN z$4KY+iK4ct;XOZ8)8(>uklWrq*W84F>wrD6Uo?#q;&+T~q`SPH>rgQ51jze}MgZgg z0IgY>By-*?@K&{;Y8pko?SsoCvM7(sAgL@m6Vv|y)n99TIQT82>pmT^zrVbe#_kz6 z4Y6m+IKgA-)}4(Mk}@?<4{Lf=*12OAq;GU78Fqp(^DcR>n7miw{YOC8Ev_z-XqpKN zMR2TC#z4RX{&ZM;$mOK*Blyup&Bmc{&A69eF#N>ucY5`&rhXUrbHiQ`wzJf(o*ib; z#3gWCZ%mGd(+B!hMG4zuU*bQ4^zRzzQfe_<+qIiFSotyf9Mql<@D7E0@S@{FS#KX# z3h|>XV_{K%p@w^tRm-5Gu7}ST`fZCR`*5DGG0)5arAO8SdDNJ`fllF}Lp7o7R%^p2Q+3q7_yApD}cw_ii z!q%P)(N-Ic3t5hRBH}rk2&R>Yj$`%f>rok}p-{6e{5$xksC*}vRq#fqd;P1TZf3T* zRPz!Y-@?BB_0f1=;x3&wvv+VTXVrA$l^c!-Z>P0cr?W&b>vC9X8tu*9-1=&==HGEY zzCCt>`PT=kd`G_V1;wSNt8Cs~xxz?C&H42rm4x7rYw(7@;ayJZ9TQM(G7FoPRDxLm z`AF^UUsd=Y!O}(H{Xw6>c~f!;|rg#&0D^WTBmix~^>YHx=62a0vX@MfbOkiU@6 zEPYT&ykh|Ik_CA$?RhVXHH)!*Zpn9N<*Q8t0>Quo1%2yYis567wgLyB=NCd+^a`qYvv}qMBcf^uG}qX1KbBdy+urPnmzOO6ZhMSv^mjzi5p%+r|DB z)olLCFYj%gXSaO($r|L4zo+Y8n^KjQS4UuZA&)`^YZ*tN;QJk)hA!f?S?w(u31lm^ zx%{X)-mjud_TMn(H!Q&a01);R>{2~@O8udHMECkFmA#TCoS-a*WnF}k&INrb@WRq- z-xNdQ71Z?aB_BRd%43k{k&jBsNgBpBK7#m@;A_S*c-z4GBtqsC5={hPe)UIPzMZNs z3H(m+@q!DF4Ww4hDtU83aS8JQ9-fCHl6}fPY529{e;8=KDboB&KA#-6mlq-{{jp*| z$M~{3*U-9lg$IdrF8?_#wUqfI@|&Q{na6}T1F*0&? zk&*gU%V00t-N1#ULzy{Ur}D3jziMv*-Ax{!@dHYN=JwqXTj~maVwn4_k3s%5je$$C z@#T}4ZWXc_O8neoAlKS|vxkmd+r%FaHCyJNLewn+*~CWU1b}q|(>S2&gSssIG5D+F zf7uK6p71xty$qkW_;*zaJW;ugZ!H{Q!2|DQNg1#2$HPAp{5A1^;jhEbjD8WhR?~bz zr^k5V7!Z<`1cFBy=aK3S6*Y<71$A_Gz6kL})|0N<+(B_IvP#O2wXhuL(!Sun(&oKH zyR~(ZWQ-E0_<M`U_IL4u=oJ3| z2x1veU-gHI{{TB*i2fG2wzT_g{1IAfa9l}gsiUC|lSaizAoL`R^Vrg+<;`w~6ywnO z^7<&-dhK8jBaBvWnEZUejAFZCvBxqO4I3i>%!iIDQ(Fz-Cojd zQ%LgO{{T(hd1be(ymJ}$Af7u{n=Qcj16X|@R?&3}i;GDPo2gqprlW7OK1=l62WD0S z@-_U;e&3(7*0te%LhIrNjR&1Ilm7nIVfm-GJsEw#Ijf`x<{M4t!*6rsG=ImoMd$Gq zohjde8QR&&?OpWFT9Gp)YyzPCndYf9dx~u*0RDAm78LS+QV@zpAOj&{t)AYr46i60 z9Q?+e0+aJdywFr0rRbN;>N#ABu#te9xCVo!p5!{3$rKUlR;@gDw&YI{jPe~$LC4m= zzEAig7ww5_`&ItOx)p}CsmeYs_za6n`*xG}vp}PRjQ!Gsj=Z7ushm#e$4ei!IvA7Au1xR7s5J*2-{s_O|vR|>Tx9~IK-->lHpLC^gMs(rY@-g?^dQ$bBk-l1N=%8k#CjiE!ImkcxKR@nW;kD3b}k2L zXDeI4qE%+{#&{l;^e=$*cC@+EOS`3{rBBb(70F(oGHB_ivGvxu;U5cYmUfzp+}aIK z>`ozU9j(XRC)bMj3tZQ=LL||yXT306fG z9=CbSw@?ff+Q%F+`d6a{V9%^R3uzu3hgG+|)S4?8(LZ#-2h4i{O;`BzZMS|Rq>j_z_w4pHi>ph|5k^@u9U)cuN2YyEexLY9;f{}I zXJ-bVr@>@mj|XmkYiXTB*;_(U z0LP|lmXf=<`W^;1vPYHc-XqccCt&yY_mLDkoMrlbYxC3NC+!b&tX|z|x=qE*7F)LB zB1B+%{*~=erDT4^!#Q94yq3uLYsEhj^%s(R4L(Wc8&3I&%PVof2d{eJOcI+%ytqe6 zT<&7n+~oH)=*B${&OA`!$y0w*pzYknip8#H1~HdBAAhZOJ{|aDt@xW$wY1aZdlhHF znE)goaBI+^1NrW>+jl=h{ulf+9tO0sx0`*;uqYXrWS@HXE3HEMSt0u~1lj=myna>O zmqdB>CVB!EY=OrNS-=^{z8kxsOkrM&RK39u03Dj(eE@0Bb_Kq5x-;RwBD% z=#SJM)JtI<&Y3JEfO6O$m3Bi;x4N-1+m-VNP{ObSkJWTnnmj~|AF0T|QY(&?E+LJB zxG&osF-WM38#IwTZOdbxE0sZfmvS%4ZO0=N&5P*Kq`_qpBMy31h_3BtGeV%a807b$ z(g?5S&kL0gxp~JOE27e-X%QiIA7~u#F`5kpou!iISSF3##~1^FRgRG}+RrQ&Z7hf~ z7v7zQS<>w;0xXl;$!=SMhqZRPe}^w-l_s^gXwiOb0iE8}T#U6o=B3re=AKe3l`rlG z6~p+ePr22S8Ih$$L)xUc%KI2vM0&=SMY`PF%@a2uw-wUQZF_D~aNq_R#(ALDGw8~< zHxkPPzbVKZ*F9@K#(0^|_uyx^q-k?T^2K6AmIm`1jx$V_Syk;72uEfCv)oWrWP0=8 zTIrf#j^V#|<&2E=$gerPxzcW6nj2-?K1%|6Y@yEhH3wYeLvmBc5_3>;x;u?p zZ?$OC-XyW`#~>fNPJhC@)8Kc8bpHSmcB#hsBU!)IVXXxAZ7rA!vX2}RajDJ(mBj-(H7ggwncE%iS*cfP4qN8 zPpQMIrk=%D%!Ffu*S2eszL>!VRhwbso zf!T5OuI9q~TJXN1EVg%d7V9eE<0KU)*A;}SYD{pq*zdH@7|thIFZNs(80lQ^k8ivq zsr`!T>rJw>b#I6x>&Mt)L1&r0n_l(6=8Igb@-TBd{IYm5793z+o#pP32H*2aBnoo^L1 zbF3FoG6F!#f=6EU5@*riYHeffKiE%R*Yq!s(&##Ux7&Od;yohb4PMN+^4y>sWZHNn z2FJK2zcv0Zct=Y8n!jzoh`t^0#l-L7Tc;P6QOKkVO~kWB?x2zZ^r)P@+n#O?x3c01 zs97qMlYVY8X+OE!?mlw;vOHm=_}jUX-vDft#;`(H!SA)yIAb@Lv zyFXLPaZ+(y$Fga22<=Q^5V0G1>x%N99$85Z*7y*xI4lYKquRJ;kFKFBp?n!~ZS9N~ zD!_&%PCFXze%c}|iZ^GErDlS=(DLt!f=f*b9Yhp`Qsov+!0@bb{cG)?_$AMYbiGC& zia!eVCt3B2dCkt8hXZtEZWunfCcPRA{Qm$x#Y!@<`eS&uHx`%LexSd(DC6B52ON7G zSL7${RiWb7KuhT1yVWf&nIO20cD$&~oDw}hrFO?-lM7dwoKJ;ilv+g#6Tu8Jd*ZKa z8ccJvfnbh8`DR65yYGt1rsvX7*yK}F{>-&|NVoiejithB3f&7$Y8?v3%U4ArNzmiXC!r(Ok;PXIrJ*;%UlQv66TY^6 z9$&KM!nq7U+AH5aDtOxa$67VLwykh(<&A+EkdQI#XgSsnDV__bX^RxCBt(T`2^HGf z+T6>AkP#5?kG)kG-Pp%4#nQu3m1?r(j8)rbL2D95q$nYeaaKfNzt5IEGJ990Mw$L> zc*n=m&a*b){{VFjBEMf({cKl~*-?wB-o2{CTV;uf%66|xoKMAPE4wmfi)sZVzDMOt zYi{Q|&zaAsL0xdBXBt;7%NF3Ee4o;oU_2Kay*;aRtX%1)Z1e)sE4fZWG2zym6l&T&D_IUSr=GTR|& zi)ZUoMXFD88yOfT-+r_l@^(i%eR&)&B&I>U8p``!&Et)eKb8;YL6y#nM$yEwJhLuH zZl1pN=`rXarubAufPN;ko9H<n~TqOXZ|>&wkal=d6$joR5>gaa_$d$uce@*RSub zw66wf*WMx5By|Z5qV6Ln_`L;wgZ|Io@J}BZd`h^o@ki|qsXv8$IRxm(LR9|%NtoxI z-q`+itSOnweUI8d27DLrPs6)Z(>@+sLE)bd1ySW7!8jdvb@i^nBC!`gWz&LQU5**? z(AMfH9I}zoY5p5=D7e&QSx;mgtFDe1p-`xc8jnF*#vRUgA?LkTp6V-T%#Oh0usvx> zSd`8_?(0O!f5@mo%Dvy|ejbJip&=g1P6pwK$#`n;0qhC68u5&?4B9&LGtWY>*k*Tk%R}5dU7ek4W0DkWBIrJ zsXuS+U*m48sAxU`vAfW;1y_n&sU&5Rb?5kf{cH2G;r!{%?8`K_8$z?YWSaJH*nX@h zD4_wcPa49#u(?bT8$y5T~igtwm5&Zc~ofs4yC_;zFh} zbJO0oEo@MNcCOy}?r0Iv+UP9cG=s{EJzMxidQZdu0ES*H_>baUH^Bb@3A`zL<4+V_ zzC61~iwMB}Ct<)9l-aCd-2RHcV?X#IEcY{M9~1uoYQ07%(PT@TeFE1wiE*4ixjnwM z{Udxh_)p*uhMpON!k-O%C#3jGLPQ9Bm_o?-<0OjWsUp%n1`RQE@CCW^WY2!Jd+hVv z?K3x*&p}*rcN2CrBY|T8Dr2^4bzF6+F>H6?P)V_YRse&?J?doi5zF1IFg&cAg6EN* zwVidUSzE$R@Wl4?u4%r9R92@0sp_nu?yhEv+RL20j1@ron)vhMXYGyf$Kf5WqiJMp z{9UVrD8Wc{jgR|1>SG(7a7W{Z#9xhGB=~`?$$Ji^sOXw&lK%i^f>Nr)_CDU#=1^{w zuguPQ`IzLI*V!F3faU#Xjk6Q7cjJ^c6)$}IuM0$nowe6#9@}q7hQZs|=(z$BK zq0>%h!?NnI%Z8E`w4Dh;9CN{`;E`s!v|uA`&H)FE{VR!@xt~xs!XF3tk43aiVmsRw zXahxa2nC~K+>YYBJ6>&5z$tU#HoVjI-7saX?lyq^d-0Lm{3#IG#@RAlJXbPIt1=zm zFz@YOTl^pK;>`pe8}UWMjJNtN@FkT{e+vqCCB*s$2qT?$EP{A_d(;hR*0L_i8KQ2Z zy=xg<SJB6eMnth6dzKmDaCuZ!N@OLdmdaliskDZ=u;4 zpDHvfeR7h$thSAg8P}0T=9zP5kWV7AIUg$#!wON2i*jW-Mbp~udtmFIn1PdAl)q}z z^<6(!u#nr_K=}^6K<+;(>ZKzJhv-M_`SB+1{#LTrU~8)uDg!HJnQ_VXucEar1YF4a zj+Ls%6sr4#Qi5{6mEBH9ol|qyd?6$kmZwg79o5??^ zuEP&5MPpywnCzyJouQNt2sp(d9(AU&c%oOd%S&{m^gD^IYwa>! z0U?o~lqP?He(Cq14wu8;CtXAvCT)_Z2X|H#y?GE%otOps(O~i;(=R^FGqVErr;d7x z?Bl$(kceXr6}TC!;E5~(ovbY*kQI>u8CL6B8D85Nx~=`5po=xU zep`;99OU~~o83pccXr%~Ws9Z-B zk-}a)k&t=g+MHY1&Pay)N_)E(i219zanqr%pZr~*TG{E>kY6Lr%6?Wob5!N6jiI^n zZH~R7%dE<5ZY}PfDNJ&zod{(>XEY2xW&jX7R*1;?GsaD+_HL^oTo`$_2!+MM}X#z{dM^Z=( z05~-heGMt2&AeHoHmPwN#WmC$AIx2c0Q(xmTQ9W~NnT|rP8nE&4RXpxgLTX6yJe2v z)JZM?JF(4l))yL-c1qrCo?hIQKD8;>iI?=`g8u+}w9!K^r%amNu#W1|Nknet8@S^Y zx@ImnJ(oxEUb|^wYj1K)mTK4q$3c$Osjc|A29#%2UEGEl?dw}aIZ@%$>hfQ^v5q-l zEyfQfx-AaI-^mvel8z7E&p}iirTtUv^V{!= zlDTNNay=_gQM9&OsO~IW;~hFwwmTOd%_f2=MZ)>3&NG9bdg;6~q+MQKD~SStyq`+A zBqOlb>@6XRHo1W=Fh1}#<(i$fo5)U_jTDSAf;-jnqd9A#N;oweIF{s<5(CHt)`Y%1 zxcd~A(=O0P!gI}0N(Y(W-P~QfG%`FbkG+y{TzB>it#a2>UU~ljE)H|g;Ygv^5t~IY z#6UyGUX`t<%<8eG`8dbkJu5lBf^xCZC8|xmfM%5SQ{J=nMS>{&iLKoqJ%>uokr^Ds z=+Q=euvxov(yC~ddXwE;H=Kb;ByR6myP90svDIy&oY~*Bam;>Ek;ZD)uRW!Y$+|N) z-NGExO2kbXx&`&Dh`wZslHdmCrAw~3iV0*#55eGf^rqz2hDVjOcQ<3sh?`jtX7sE* zLgs5Po-{)$jstXKOP!Y(+{nGOveqWG)F!t3J=|EsDdc`WmDSmJk7V)MqA6_PEE{1TonrZtNI;N3 z9<{NQnTxCFQeH_Mu(V3~!)1Sm+PSNXMAIiQum@{nAm=8nNR){Vu`;?Ps+g6&SM|kc zrlf$Y7Tk-+J!)kx=CO^9OJ;^=hIIj#J*%R0v}m~?K012V5|zp+!E@yX63D;~6n3jA zti+pDBvRm1fq|^*7pS|UvWn?~?obqEjdIqPR~JL=6WhsYah#a@sr2Hvh#rAzlg(~g zW-g_2M_skdPo<4Y=1X^2mKGS@-k1cQ2C>i(8x&6~?+^zRwwkNkUnR5<28TJ29uNEk z)XE@sr69c8s2(RHfmRnvp3o|oN}(Ca;8toZsH>VE@QhpPwv!+280{Y)DRm?tsTK1t zj64UYYL6whp&WNb7?hL_RP@T$@v=2hD`+;*_<9p&o@usRDDTp`>p1MMBumARyrFi5 z2j9}JEg?7^y702wZ18Rf%;s)MF9``H1d2Rou=|(^H+fpD@b`x!t>*j3Z?4+L3$XlxvErn?bIl(pXr^c`CT`yLW8%g9Ed_3GT z{J@WFeGPpaqiIUYK`mEUR+Ih|mVITW)7+sFq!>3lii6LF}?sL1j(*b*t-_f!r*ADt=e zYb1NUjP?rlOMYWzMi^)Q5nn`FzKN{Cr)Wm?E#Y&R%N{=}&dkC|^gNTsT4Wk^?3VT` z9I^rj2LZ9%RedYM`rfx7g2czZRUvZO=M{X~T$G*9mGwUsc=yA8FQ3BRC$hSRD`$03 z>Oob{%ERg_w{1`Rb4<8~JJ*U`yM9)~CV!Esl&+IHBNJEQhm19U3;4T8(~JG89GL`; zgue%-@1=b| z0PQ^o<3Vv-ype2|adO1<`ewcN;V+LM z@V(`og{mt?yn&y)?~2sQPg^t9e`rq^X`VLtL#$cJXFb)_MXp^)8y#`b53VcoXT!D{ zcZpWo?%f*A;Q0(K@`3#gB^wnJ=#LKR8V$S>>Fsl4b8uoZ0FwN{zq|G4^sYx=@GYxP zaQ2qR&0*N}Bi4^n?s?kyeQYj>XA#f49E^Syb6W7_-l3%}z_$-E*uWo+Pp^DH5o;F^BtaZDCC)xm++(q;es^;ka(qTRtR8pXY(Hbiu+gNmxI0={BZrBjG7jsqC?`C&)aSMw%pBy%cHknTxPJZ z8!lzgtG&;SKV^RzN%1pCZ-pBD^cpU^qt7%Df&!L@pOl{BytBpH1)qn!d#iY6I3cu+ zWh}AAn2+xq?I+fvPnKS$shsL*w_YFdf02K2aNZca+aD?ci1q8=Khm_kN$__?Ng&n| z`sC@dyG8<6x)Gc9S zoOMy${V`V=T*1|`=ROP85=K1%qj|r_JmRSKkn13qL+7_xG zD11kW^{d-!O+!qEJx&Q(5?I{sZ2F&C^bZ2~O>OiS)TF+PeYy;Wa87gFb*x%8jZF_@ z_*9_wmk<>!vkdgw1%8w0f3^>XJ|cW7xw*a5lGn#bjkexmP{RG3 z1IVnZM&-D6K6tT{#{Mh#dE&1S+}kFtcW8X+nFayLI9&e#o|W>q#L=YdnmD&QMY3O& z8`&4Q@5OUfk71=_;=M;nx3tuvvbsco7Ya8H@Lh(1lPYt!5tk)XVrNb<^d^}6Lzw2K!Tx-tr2;mI#EA2dV$7-}oXLsQb z^!-xGTZsjno^DS5i|_5uEA?OCZQhUK&xbxb@W!WoJ&%eawJl*eZL4r_eo@$-pRGIT zV>d3x%wG$B27FEM9=&nm?RN6$Y2s(zib)+#GBJ*o?w%;|9+Tn=QE{kU!rn;owm88n zoMML}WiH3d-w^}pHyUjI5@_uP^CUzQhU209ze>#2{vh0F8h(f4-wW#PAB!N6rT&=8 zNVotD5;|t7RAlm>O?VgLW{>ep!@8caEOOZDaN3yWiev+8mBIN(Zl9feC4Xj-YPy}C zVv=>4{^H@ww+`QsJSLENs%$gVP8LL%)Xf?Him z!F81+<()(B`X9scu5-dZ8Ps%*J?>@!lHVKH{nkF!u%#QC_x>fcx{}>XBOyCm+PsVQ zmG}>({9Eu&j}D!3Y&=bFKG$N!yuolra-O3c@lxG^M#torihdR9eh`1LYH0uwLGHdJ znu0M&30=84{_S~9-IR?a(J{j39Px@1xppxzZEq|BQm9qN$0ULqw<5nx{{UtmiGSPP z7?Z>L#r2H(g^)W-pPL!R2Y*W5I}rSjrB*oAi>M4UoSLht=$dxFrs`TQs|0gcUPfV% zH(-0#a$1wisrh%~j|p7(U&T7Uk#`V4jk*!j_gw*`@YjeW@V=vOtXmkPmJ$~ykCc&- zn$Aq>rP&{5c;3@P_^t4tNAa$c5)DS#3|fu{W5><@f0cg5{{X=Ye``DYU2DW2vDd_% zYD>*{MRjUCjbZ4vz=+}S;>f-R;AVsLo=6JKBa9{7_6 zv!+4e{ax8Lct3WI!--e7`Tqb4=f0LSley{o{p0C!TVF&8WpAB&Z(if_ui~%%3$gnY zufQLRk^a&?0<*Na_&4zm@y?=%n-faa%I+kPF}6>cy>b{FU}kOaCUH$_e>9#U((Y|; zuHd|Q#PPrUvdB`sd)Fhdvy2>j`d54oDXq%x&VWV;bGxo8Ska2J5_YlU+Z9Cfl0WYD zEW={;`qo^G8cpEz`=`AFjEC-Xu|N!S&0AEH00zLVY4#|cNC?P5VV}3;dQP2EA zeLGjeAGJ@x4Hv}z1=aOih2N;y%Ftfg&B>kuFr^Q+2tS2PWnr`VC-|fA-&Oco@dI1% zj-d(LCz~v zic%_^uPnf^J*qZkE&IcP>6})+=;I;=PzvFXUs|0rk_n|U$r0W%PD-bt9YtANobDSo zu14G%%;9}ns2tmyY9!D4Mv-ZJ11`ESod z&1^?;b*5PhiPA`+iF$32oKFs=L)*OcaE{j~#~I-L(eGP!Qo*n`<;eA}xJRkQ zQbg^kEIR_W3m%|#u201phnmrbUzlT&-mJ*xt?wsAJI;B}PL;J~eJf+kBkz8c3ChQB zq}|HXFjhMN2OhbvWziKSvv}6#A#gGB9<`0T4(49HeHNb_v4>6l8oZ*`>M1TAZjKPY z13juhW}!S*vk2lRY0fZu)S6X->Q_nSxQ>3OJ;$X6@s-VOZpsTqaVmoO3M+^MzyW(%90LL`>PG?f&P-1=8%;m;9Ar>dm!xjh@6m3*(L7d5XESly7Z`DX_M zj!3MD@1T2DWmO#p2YR1oRBzDcFE1@sgz?A=j!J>eMGm0a%!-i%8!z4lpxEm4>ljY- zmN5Arc#7igv~RKB&ke!HJCuRikQS}(ZQ_(8fcWD+)n8xIq13EMwrL`lhE^Qnf}-p# zv^Q6pbKBfVUC+uJ9+k%xpGmne%&z(VFKP~`Go{j`Xr&Ugjj@jv*XviybEQbx$xLUC zqNT+il?S(x<+4o;!xJ8O?T%`_%QRrF4$=;CItor5kFd+}iD`4myi4%E!9FV!wx^=N zx8({)bqEOPdmfeLS6{Qe)tf{8kK&0|5QKp-`GNK$70ptS`i@D&u98Yj^&4#(??Cu_ z_Dx1lx9ZRmUDuyAf5(dR-vfBFK)EJpE@O^Xc1)<`HhNc&il+8IsQfYFNaIwZ-myKF zJE__-{&Vgpsp@M&ElOx~)v?}M5XFL?%zOTo;#N%k+Y2;u+pY!7o?&gBN7Ap9Sz`*o zvS5Q;vhq4=Narl{JIx*L7Q*6TX)_jhyEc7jzW7t)tDCJQbdLmhpHqiW<_5R3XA&Rw zNaCSE^*rjeBOPSydFO~z#9s>hMxGt`gW-=5cn@6+3d5<|ygP?%5-@AkZS|NnI3SR| z`7w>%jYO&0>UH2NQ>z6!a#BxbwMRt^8CWDvb6Pjv9I@8)+nqa5vyOOX8yL4hD;a3d zZk+_t^G9MU!n`lyD0JOQIAyha4OTYYJ-mofmA|cZQ+-c? z%rIWgcW2NV?y&~9;iD&56q8LvT$RT89wZQ@H3xkk4yNMp<8@P)qFXmYL@zbw6_JMvUVJDIUk*RG|x8~ zhxe}&>yH_Df^QV~e@wL4v1$-5BwP#={>dKLub=f@GD~dBEGLuc#Z$Lad?h|z4@me+ z<84R58vdQE>9@~msanV$CsTut>+T5S9qZ(;_$YUZn_2kB;r{>~!Ky-r`ouNT;08$u z!l*yzt#VYIm5*MAUrpj8h-=mM8FmYyWnb&Vs* zZLf0XK&>D>NMBm`oA$T8@SOhu5Fobjmbq`OXeK3*BHQypE>3y;>!X`X9yKU9v%>T^ zniv(BD+cEPbgBF^;wUY?FZgFn)n<%oGUf@AQUZMB1tk6kv8a2vYML8A5&SW4@U!BC z7XBf(g5yV-@DYYmR6d93c&`+fNz!~T@dH&l9-xMpmfFTN`OIuzkCk{P(4k7_@$b?P#D=euVV|7e;-mV%mu5i% z6_m2fT{Ff_ZX+ixuy0Xd#J)2;M4{#F43GKPrxt7|vwywYW{ivegW-B(f=t5Tma& z9MYFoPCTcTdJmziiSp(=jifMC#HJSv6RTK?P37}pWbyj6|dpg7JH~5D68{#9cd7I1X@&jWys7x zqYkF0p7_H1F_i2_Ls&2}?tD{YW&}491eoV+LzZ*f0=}*I1^XI&V))~Aruc_iisRvT z!|4X|b$cErxlHmSH+{vY!NhW)Fs62GtkB+6}I$tOrusobiJ4k^ET4u1{Vo z=-pL+v#%2N>5c8%<8}s4Yf}kI=R;?w>YCH5UaMKz0hPxEzO~wE+C7e(3ATxMo~@2e zTw`;dQZ(__p`DQtnpO)C9M+B4=e^mTJnbw6EEr+9-RW7d+Q+9r^Ib@8C1c$1D+c?W z5RJ||#NHqpU6sZ4)5jI0X}inb12Fa-O@4U%YW=9Jt#rLXY_%OX!#ZRH3xjiVs>Jpr zllAFQ80)FsPM=foC-#^B0D`1xJ|4Ka@K3^MEj(S~Y1QMKRt!uq9_4evBiH#?;upj( z9r(xMSBmaDLF27{^Tadn-w>8URw8`|Kr7M1(dubASmb1pgDWDY?BlO$rt%%k7=jN< z^`h*oaaF0%XzlX+!_&1sB?X%+`gf>o;gqflgdAIcge5nfA(MfiT(us$(|Xu@c#h9&j)F8YbzLAjaqAU z^QB-ho!xzV*Ck4qH9o1b(r*^(TZ{XaxeeH!m3~+*f!k~ZF@w`RMQ~J>wgTif>k%!M z+sA{l93kH3J9xI+z4IvYR)U{cz z!Hy8hKT}^fd`kVJ{uO*Cx4Awo)efPlMhh*R5&~I(=yA{GQ5Ahz*-i)K&&I#oQ^(&G zpu5p@kF|Jj!x?WTAG-MLMh_fU#?2hJ^GS1XjdyVT$nJ7a*EP`y^*U5bv1zur{p4#F zK5kAiRZoh1A*Ln5UFvr5N}o)FN~KF0#-67Mb@5+Alg<{Z(v>(3n(|*4d{NY|tYw1H z(mQ8t0C@~YsINM$Q?3-xn)St&QnO64ETrYijw-Faq{(iVaL6SwIKtk?OZ+kug(J|{tN3?Wg4=AFDv8eJ?T+;hpkoz>7(5%T#F`D}s}+{693*CC z+9uDT{43YB6Xi}(WQs){(BvP+t}^U%)`5v~Rf2{L81$%6%WWH{oW>LLVDnq^oGk*} zqbVDdvXDUasXXWz0;kC)c^K(gF%V_qaPhg^JA2ep`TDK3-L=KPo{}j?j~Q0DJ-G|V>lUHo@+TRbvk0sNv>`n zh}(&yCm2$Au6FL)NiC*jP2`LnwWTy?G;I7B_>ZXgBgC-jmwKEQmhws?hj`^d&&q4` z+S|qd0NW73a&4A80sg39H@L3qXBAkT--kST;k#R;7gyrTP>hVnC?GIChQ6cF{BI7h zAc`4n6c7S9P%~Xn*y5BAQ@p&?u5^g)Zmq4ZA;8N71+Y4ET*HKk7jW6Pw@g<|b~&18 zw`t-s^V{jtJZ1twB=r@$s_1%k+)oNzM(FBCPL)KS122R1zlVM$gTy*>%RQ0;8YLMR zCndPAX0+Ede-_3rWradE3jx6Q#Z;n##!GlY+QRnc`%jyFvtWQg%GQaAXT)-680n7H zCQ{LojW!r#RN8#6e$}g`TEi5frIDIE@y2mdkvBJPU89*+786J7S=VlEV|b5G?$Z(H z@@kP---{Q2E&2sx)~sqa&v=pjnWPe&?f`!(U|Z94Cz8?QyHP4*qjetjqo?U!3Z5I7 zHG9EpD&Q+A~*_kz;O?oy_sZ z0cQ2jt!(I8E7$_17D&fTb;VD!G&>7>W*NhQ#sDLM?_P7R+uX%GftWh(I6k#$TR=R! z#8;O0maS)T2bmDa!5!->!&X+>d@ExCo(PHgRmmV^`_^;ZsLIEuSXo*_v|dJ&DuQt1 z0N0#q@mpEkyT*nf%udicb6l*iXhVdS1p*(RcMp%}PO_5V-6fsHtH&SR^E(JgZwTpH2A*O!f65wwmO>H0xaqhUDz2cq)3gDo(UX^ zmc%?aD)#NejD6Eu#=se7=JX5rhnG|l@&$U|9a5blB6-1^? zWc8@VnQwJ&W`gzxd}jdj_=>~~i6xfF0fHenI5;1zXh(Sk#6e_LOOCvC%>y$pwTSe% zCYu}a_qpgRy7*P&3k_CQx{g$MmG)rg1dgJdSf0nw_WFL4ekGQ2LJ^P;O7X87rkkeR zl(+K4xXIhvw=qoerProuS{sSk;?Enn#X+f9rQNrkYOKz1Pdrdsk%a_4RjtLO_OdIJ z^18njoFJMwiIE&et+tsmk+q{i;H`4r`Cn6r-oiGONdd&3j5}5as}gC>rqGESwkb*- z$SmkyBAy$Nbt^Ry=kF=x{*}^CsatE8QU*j;cFq9j6%LpjCycbsM%9FxN66uoUvbD$ z-;d6@8_Bh(EtWwh*3NRHtwf<=m2|6%9ZLBIvvAO|^SF+uwRO6!wXdE(v+f@0H((OD z+&yYdIbDZZSv)(W18W{Rsjdu%JKU4{Ru6GXCJVDd?-49lu&a`3`gPr)eg0wGIC03N zR7|Gu;#|!Uj^&{_7*~_u zTB4~&+7ASe(!BcSVs2Z{&P#V4=o&_@n`icikbsZ39r23O`!%$im+Z_4{BUbI_5)_y zOHmAMZxa<(=K~n4k}axFZjUzEiQ!F5Rlx1-v@I>s*!^?AJwc;dmo~XY)L{z{$sYq>U6&$6ffiX&>muG~b+MPhYKI zTlj)Wu94w{<912xwDbv6Rys*_D~s6@ImW?^3=9gZEx(h80G@c`tx1fdVw_s`qBUp; zb^AJwNAYJh=~}mm;ge6c+}=y4-eP|7pd#$dA$4=)GsQHebCNUI*PiNf`O{oGd5esX zo4p3aT4t9W(gvM;*w5jSTlO9swt_}Bq(r&S38-_ng>x5mUkK^<@GQ3|vdbUM`1@Bd zbt$c`3}{r_02hv+(57WMbT*=bIbm63D^&bBKTG7)a3wR8W7lfRU;{aAN zWgdlRc#&+5SmZGJEQjAcbDov-GO5t{*weB3 zjjL()_VQnNa(zBj)h*{}L3G;ZZv>Ih4)yI{2s}F!S_Yx8UP-LS$r&4Q-J9B%Iy$24 zQtWmhG+) zc?oT@MIYY-jzQ^OPp$adRJ8GIV?`6TlWTK?^IsAK$nT#@2V>|xcf{IuwD!8xcW_BG z@h_PSTzO;x*Y&E}FT^{q3f)`YX=M3o`OetJv=0Al(j)H{G1k${H;ok^+ zO0&{+C?}fTnUUQSK3+!ziuOAX5ouaBv#i}(-oq?6MMs$z-6J2}?ZsCkHRdsHri)jS z>rJ(S)>xz?aoe2ao;|D8d^_NaTPqtvY{Is~x*(WQNyU=p&lUKQ;XfGaekK0K@ZN;T z9|)5_D8Tv=-|Jp&Hl5?Y0m*ayy$5_*Z5k&M>+0lu1eg6Z=WqALFYtjN!QO8N`n$AG*A z;{N~&>yc~Pq#7TJW@HhmO~HT%JI}95Qn@^bic8@6J{&iR?Z&fbaTVh;#OTEt)Hgyq z^z^R;)*!XkE}A(JW`}T6j4}lgW|4vR7r_4j7U^FOFT5|S%;9WOMUBx;eq8>XSJYn< zyhY&4t!{r7XjidsbLK=?e9@9W`sS!5MEHlt-Z9ZN0+!ba6qiXclolfkj-S@N=Klc3 z1t7D4h5I;ss}7+1pGrnjrDLqOxU$xC=~g#^?hpw$89tbL1K!$k81Lk~fucCend{OaTkHg!a4&FwRKh9y3JB&}*li#Ik zIK=sf#Ig9h#D8qPy-98LWV$S5jXML>ei^Nwhn9XRxxSB7xxHJ>3Sw433EZT5eqHM+ zOQEz+R`E5~pWxJn?&{$eAV@c3sd=< zrW4Th{{RkrQt@Vq;ax++x^Aa(bldDlBuF#7o-%6#S2z9{@SE#iB(k`BM8s`6MsQDK z{HqHZ-1+lf)O;J`E3G^GJ%!xHV5OC^rGW<=eJkky0EpfZ@a~WB>%(_0_NL}U&D>^8 zmSP6cx7$CcqRkk!*zvs!;YO*eczXB6UL3a3>R=R54LoSmI#6DVssqEa1H(KYtm%F>k_521iUuvTnGQU*9YcB=#PRfgDbPGkrcG(7{g~QGiS7Ku zhf+A>*P)`uO>{g%<1d1IZ{vwCJX>L*JeFwzk)??~UI#ze%G*5JBZ%YkukBo3@Y zs~$o0r5j$zXB_ao#F1`5%BOeCJJ+WCJMk6&0E2u@WvN;S;*HoW{Bq0Nk80_P&`0YB zg|(QqtshU+QHw(Hf^sl3-nylccOZp+VA&_I6%#;wt@~4W8s}8gtiB`IS_h8EeUkNK z;}IXa&G`QSTKI`)DJjCNu=<0X8p=yUdV3#8e$Sr~VbC?pp9br&nfx!RAxHB#RCCj5 z_3vH2w>ORd0A}Bf9t!x0;SE+zGgZ>Bp}Dnk{L2Ag#YQ+I9t5lZ>TjcJmbdoP6jYH(+D8L5&nW9- zQ|{}ShwSn3U-onHZLPGUQnHqP5_ywx zu)a`QH$&86@NhbU!@Vf>FshI9kNDN_yTslM*St~T4-?s4Sa{3B*K+Av)wJ>XZ4{9? zP{4bDJ*(y^VQBZLSKJSAgIzS8(Zf}BMsEor-ZvrrO-Z-Qa0$T!HKEMnP`Gg;ADy-e ziZ)3B2)SX!0z`|s8BXGjo()=xOuGWzJv-G!8pW3*k_3nt&f~b}J-w;WxQh)Ia1Tlv zXxb9!XhAZoDa!e+j=cxgzi9se;D;Z#B;T>$?R!9 z3j2zmau4wHCsY~!fDIHEF_Q$1GODbRNHP1^h{~QltDL^JZ!soS${rfHsz9T{J}dk` zgT%T`?w0y|H^*aLS;@2+VUZMsPII<>JIij3goXM#G9 zpf$^2Kb_C`DUa;esCZ_3pA%@-sdaS=8DN?u4raA(Mn4R3+P@L*?Hr;B6hg%T*m{HS zU6k34Na$fQyhzByK7zC6NlxZeCj+4AU1t>HMX`c~DmfYCRc3&;S;j!=#RViaV=a@x zImcXLtT5$NCew~+83c!t9F_oMio0mL(C<*Fqpb$ii<*7q{<*7Lcu&Dv4zJ^%7fdk? zj+qIXP{#px1qW#7sjumS{t3bV00aT?r;7E@4t#O_wr<9mq1l*kwEqAK#US!svAg{t zha`>$(OFcLk5ZI0yFaL{8^F3h!X?uF7I-&PYflRzo9_#;2No_cWVadTZh8+)^slZo zj~B@;j+^2cp;_%NWcwxfkN#N6(|70neJhGn9HV2=tu5Z#-sUS-{ny`!kA7-|TDwhZ zxA@6{%y$v`uS3OT(V9PuKlm?y?2~8k%g1_8#O)(aWYMo?lK%inyp9}1sQ&=#tzCy7 zDZ?&#+H3i#yS0LN5^po+Jmq;Gg-n))(0vYr;r6+4r0RuG#|9i>i0UiosbkP}tvdQ! z)l^oEiB%i}j^5SBTVrUu90!3~!p`bgE!$#l+?YH!(!G0CwzSnCOD$EUipkdmgUX)G z`Qp6kvs1#R(e5C7%|Fa*=eGsH#tBUDYq9uormu)+h82ap#gr9tGDZ(UT($8E5pwKr zN}bQu-vxL+;!g~v*jZ+tDDi?m?;HVKu8r{zLhydEC9jNp%X^6=A`;vMAoTaIhs9!C z<#*KgFtm@Xd^h5Y4-shaYZ_dOC8P1hMX774AMu2UcC9ebN7P_x&CMiukB)vQjSkA@ z8%a?bKv#awN7FU=yW=kvOD?T>CC%;C)N(mH8S)V1^arO}`fMyu+jw%6Xxd$m8q|D7 zv3Y<4jPZ_@&Rpx)R~DupIKYL0!uR^uw?YTxz98`n#p3xB_hF~`nEHj>=>mBUisS-n z-h`>C$!}s~Gu%%y!;YMjkMXZsl{51?i65dr3w{vkdJdg!6jmz?fd=L{$@L`nuT_^u zTSjQf${sQWdN7IRO_hA9>s=rjh zwF4)bW0gqSIVZ883Q@o(AR!?C06OdRO)v+JONNhVVU_h18BFhj+C^+-i9~POv2@K+ zXfLjAV3n2GLbeZFfBNVpXhC;#d#T+RpUr5G-uhHmR&hlt7+d6EKROL#E0nc3S~z3g z#5w!9q|)`Fqq;TclBJF}5ztl)wCs16+P>kwXsR`<7+D}{z|rU z%_C^a<^x+x<`_|d1CA;1=|!ekEme$- z=c_jxhH*+SQC#Y7G#gma?;r?Ja#tN|=g$)AmeFeh)>t+%Bn~(j>}x}!oQf@ZbqawP z7#xl}Q>{Eha0^?>{;Ez6dr)`MosHW)A}g6=mIqy@?{VI(-}pLZf$odRBy38kE5I}! zg(}u}Jn9WAQFpnHD|U86(>&C2#dB)Pw@6pFu%#&6`dlVGXql&DX=SKKaT%Tr?JDuG z&frCS-{UWU(ly#^zYea}$5k17ivlqmm?Y$5xfQ{PrF75Hct47&<@mT)ru4eH?zV6v0ZW7Kz1*P1Jy`mtI)c4@gPNDdxj##Nv z!P1R4X65=Hp?|a&g8l;haQJC`;ct$92Jrr|Wp!`ci$z2pq5LU&pV- ze}j5TKHpecXzG)J-(IhJT-qabuig{M-Kk zhdn>Sw}No7J1U+0bK1QU@@suM%H~kzqfkKiHODBQ)ik8GN0&w6-7~~KD~mw!HM99z ztR-yZEwmX9N8ahd#c*CL@JES03;4?0!#*L6Qr6*2wsNV+DV~J-=7^zIr_7H@w$vRG z-bQybf(o$cDu;^v3*iqMK=)d{kiXi16&H{VuA|=qy6B_j^Q^v8rOg$49G$qAqv*BZ;%e#hdkG%3TNh3 zang&lw?6*;n)OH{o;z#nN4K|;lMf_iU0ienKKQSMzi7K%PS@l0_lYza<+9Yi+7Yf0 z;Ycn)7#(=UZ5=i`DB={|kJ1l@9~SQJv>i81)t(#6s4c>In89p%n)ZD&#M)no?QZQP zfM)}4PeV#go{VW~Rf9pfvAedsv{61J8C-Bid)LaJ@K7u72+#ij2z9(Ve7bJD(4?0v zKrxa(x(826<*1qI(Vdy_zKy3qtg<=>1m`%fMX`!Flgp1PgPv=eX!?8v&4}+Kvy$Cf zK^{*v+}SfqLEV%*_3Ki*A45)dMh}Vfw4JeMZoh7uj1!Ij0F7Vxf%`sw(7yxx38Z{t z@ejkx&12y8;-R?I^r=45+ChK1Zes%~ha=|ck^#XW9-34qB__Hnzr8QboLKzcjSgRH zD|0?o>h@pPp^M?)64>i@am}aP!*^`T96B%{gHm{c_6aS#tD?VURVuss8gPl`VzCM6 z&$>Tl9|HU&@pr>5d%)f@w7s*|9O4VRSqi*6vOyoGuUh>3{h&S%c&GMy_?>Iv-CI+e zUhu8*td<&+3^B`mvA?Te){OFb^*ap!!q&0wIgs?o;MW=POTk_u)@^M(LE!-!Yj${* zkw7ml(n!aqIIdcfXLSux?E3eQ$Hm`-UJRk=GK8I@ax#wawF#-;u3-mR#M zsi9A`NC0M0jo$oL{kEJfV+|vI@YhWWcY2?ec%#Nq$ugRl&F8dNc|8~1yYd|?oGJ$@ zat|Jrctl+YB;&n%lp|$h{LRgCTA0j4@ipD$CfoV4KP$`5z(MFL?X=7oqaHigrAjA- zUZvz&+Kk(Ve=56eEU3gUDhSCwmC$6-eUv^M8)?wn!N_63G!Z$HO%lPikzB>}=~Qmv z5(3Jho7WvEII2v~jc2zGWd~>Sq~DcqBw@SewNOVa=1m>QQR@mYqBQyej1z*akG^iv7WVVTVk=nja z_>=oX*=V+xwptdU46gCAyUG9w$0TI_w3Kdo6sezzf3+|C6qCT825oga7xAd^caGL3 zG3nNlZ)~5s3l0Zb{&@a4{?-2g7Ct-bM)z6P?zCMlQr>NZL-p20~qzJ_dhc*+z0DklBdd#KCMpT9pys|o-@;>NeVoxx

56plGc<%r{5 z-*X+aj{?-c2pf5i`oVOCRh za|m>{lfE;a^~*VQG_m@_r|I`zTuF8#iWtV&;*CP84?qQP?b-lQ^sZSl`K&Go2O^%J zcLK1PE>|6e9RM{_=H@G9CPxeC3F}!mVocbt*5EM&raNb?Rc%ff1e@7c>s-|&YYJx{ zsCb$(?F<~gNUtUF*TnA({5`RgR`HgvXKQFON_orX9D8Sv#dGX)=3L9~M zEyjcJk~u7_)x5Wri9B~ZxIdMCXlvdm)V1wG<5kzM?lpZzc?*eT&g99?2e7V~Q#x#A z!q-ATSRW|#=C>J|C>TOYNJt?1R*ytg%MW&DjZ#oIfzQ2sgYjqJ#+i2aJ~8m$ir(8( z`$w5^r_BEVyKZ?ZGs!>XR}EvPn>^=FmS}hHY@p)<)~f0;$t+JU+((@8+Ptcp>UF{B za+;K$WvBt$AoMlIE%4K4Ru`Kk2OtxW*r>5a-;aEGAB!z?V+NC>*k4=WCXy)j`MtA& z#(nFjQ3jc$+r6HlX>sPDNurTKWn<_F{b{(2#MNI}k3lMQhQHGHZgPkZmJb;|)nCJ! zUWVuG(E*GpP`h9EZkAy!M?QZR1(R@VK z(iLMA6PNj%XM%leNF4QJ-1;-b5kqxv9nOs`O#v!S?%Z>V;u>qXCkrzJA541I+^3mZ zCaNqF1oE7j4mt{zt)x4*3@|;q(mAd|h|4A=GGpGitQbPgBu;VZ>qzLQBgj59cvn*K zmWbCHMcji^w*BGUyOb#H^skJrW7IT=7RvQAKP0keXso3ZvJ&WKeUUYL7BeVGRQ=^W zt3E^aSfqemiDDfNd7=+d$?0Rub?qr`OHBpK36Zy>#(rqq)K}^M0PI)s13>YIfG#{W z;wi=7i1gF7mgIpWN00$L=il-A*L^l&FEgQr1zCE1Dx4n>XMx$|#K(cP)3qTwXQF9d zDzVpXP(Z>t4sxXQu7=CZibjyhn0jE2l(g8!Q0#P;jwJI70LzXJD< z{AJ+Cb=maIL9Zl9qi--YPD3f_f@`wTnmbD*hD3QMQ}@p~tzjOZXpKW;gpsiQI5p;8 zGsH8OwMgfRahD1{@7Am=Wq3mJ_|7dAywu&m$0{q;wF@h|C=&kY?6({S&qMD(k}=hw z)ZJJ*GXajZnd1u^jaNi%I7osBl$2H-{iqrC57w4m$JM(^;5{8qmS|D!%G`&Ds4~0_mSPt8)wUM6tV0;^sgw1t|1n1UfYmH z6ybV)H4~3fo~Z?%mwjxWRl`RxIM3l+w!5alV)B(?X_qH(;F{)~dWgf(E$rv9y>_{R z8`#J`Lv>-(ifmE5uOc`H91-bI28?1+`?)4o7~l%@ZwKpF8fx6a<|I}hF8=kb6@<*a zYf+m}oxH?CjCv^RPt#@7Y^`R7;uxU$xDDUwR}vI;FIwx?%_*~#TcjlIIX%9Wlj2P) zPPaoXkw%o|um%NOVrY2v&bKg}+sHq5J-@9@XRIs1A-8cHfb_>&Qe6Nnb-TYY;WJyj zr1UFWWoLrmyong(76A6B0`t7Q5N%(<0dbt);HN=vJ;2uzO&*@r^+1Td1H)-N|b8)K4 z_Nzxb!7KAA{{Ra555w@h*5($GeK0$5O61E!m+=$JrQQTHE2#q_+tsrwsRyjLw3;1oMo5Wgm;@Zt{cNmdK+v*jd0RY^G0Nc98?4q^gE?neROA&n;<@JRP}|E{^^N6kE+JxaO7;C~Gh4KhD_G-8 z!srGzvhodPNd?i1%t3>KI5j2n9bNT})y=e%z>A;m zgNo;&wU|KucnHAy))ogcoy1E!1&A<^al6*D>@2lUwNDhbvMee=R|AF>QG;OybjcmX zs;b^Xs><13Fi5K@smvse6-Sm7oQ}DxjC-1oVk+O8Jnpu6ZN1 zK2m3~=$;k1wMc|gO&-(EU$?b!-X@y<9by;KyqV!HRo6TLj-&C#GZN0HreDjar0s0Z zhm(Vl4SC~e(OgM0G*bx!U}vQOYe8cjykl+^{{Wp*o=+i+fQILhQ7GyKmDSqXAtWui zKa6Lfu3KHzO|rH1p6TQm`EyjGU^e_a<6pPh!y1XL~5#rS52eX zrL@j4cOSe+;7~U%=X)G+Tt*|@qiGaUEX&uArEpi4c1-Urq?vs3Hedrn zhK2*7w!1q*e9@lW!L19sBNe;6sy1Wh2h-NAB004<*3>Np#u>Jfanm)->vE;!f;g?u zl*b?LwtGLw;!n%bO<*_79Iw+9f%0d@h75DmYTb=I0>Phj^FP9kooJ!@q###-Fv zG>vmr)Aft%OY3-UG}4<>8QiVUC%32TS8p{&H&U!6RTy#p%??LIB!4bi&4OsxBgWSE zGFabR5ZMPA^e5^4YwkaQJ}kM{JQ){^^(Brel2adG(D?V` zgqmEwKGeKRq{(j}mm#Fa(_aYi z#(N88u++3&LgIIk8_WpXL}%5%D&ssAZLRA1tWaHA$o^vd^6bE0sXSLiO(J{k?}zmd z2EHz>gw|81%F5q#p83sr-QA3rH*!e<3Q7B%r{Y~R$Z4%FqJ}evF03{;rZHBfb9;1WpnNR&m8!10Z)F&Q<>Z(LcTN`_vPFG< z-y3bMQC3@dWxGO5iIK{a)B{@b8O{g3{6F!Rg#1JHcbHfpm2$5m^dHi_7sWmo(R^Rw z>zzIeI9}NlpD-w9c0B+;=cQ*leGH_UJ|Fl^;R_FhUluhvZq+qN6NxP*8D$PmIr?V1 zUya@k)O>ZTzN_Kux&HvL;BZtj44*;xRx(k4kboG*Hv_k( zKl--L91Z^RFGrClw&_GO`Tl!e{-*Ja}W z00V1l8nv{Fs+ego1A;l@Bc)LJ5##a1VM&eMvj9sj9DULbGgYm0CcJiP-NZkDzq>RkZN_l#*$d-)W7Bl0|H`PxP+G!=5!+t@T|N;yX3-8DkT906KBdH3e9K zei`^$cZz*N>|QLaQg@JLm!1JQ!LKXS{3mB?;wTNh#AP6#DCBJ{KcJuwYoEtf9wSpg+n0CisTBttd##$cQ zJUOQAwzaT7V@Ur1*2N-%8`KX@YPXEEyZsZxx{NYSA+&W>iGyQlI6Fb@R9`n!<6F%a z#1JHxw+VH1V=RYplje2jzqN16aT9obEmkG-m5B_;r3Ep36XH2^Em%)>#!F&8Xz`4U z_Vlic#r`GJJVR*lX!0CC7|6&z_^OK3$-vN^hlsQobgwddIRq+_6l@k@)aSK*8Sq-d z;d~FP=`v}t$*4uXS24CipwG?ECyu{b(ndD3IHd737JefdWcG&cIR@uw+k&U6h_YWMYWVU-Hy2HlUPgP6wk^300#Up(e%HIl4#dDJ?@upYkcxG zypfgKN$NXet}E+*i$4YQj~Q56TIlyWjkG(X^3^k#Wa+s2j&oVMnkGb~dY8k`+3&=^ z4YYX>YYXB?WK|ar7{GEzK$YO17(NQkrE5*%IJC(ju((nT2$%_yeq--PJ=q-R$o~Kk zJ`r49TF%W?T}S3VToc&9~pFY}+7(@_fD*g2=sy}ExtyvWs=u&KrSS7s(XVwo4R1%c z@rp1@n;WT>M6n+DJof%ovHMABzh#o{{{X@=Xs`$gl!)aHBpK%%i`p~6^uLUL z8L_ssj^5!LQ3wl=<9KgM;r=A*-`ZADc#A@K<-JzS(7OHc*Et;x1*hEd4NK#l^|ps+ zZ)2pqx5;oBnL!db&niLVv9Gi~4}4khcaJpl6SSIli0#!DOGb}tV;^|-=B80B_8BF< z))x0n)8_jUPKG`@bn4aQ8bACKE5*Jfj{C>Dw~KAHOW9*Cu*Lvc!6)TW+qGtg8CbjU zr{M3!9|B)$9v9W&c(hn0*%Wf*5<$mLrYqd8ej94KCy4BPNuyhcqx-W$!*WgQxK@#9 ze9ZZ$<7a{{Z9H1~zk<`xow&XtHk--Fe;=a4Jj(KFnDU;BS!kqR4RkTFZVV_OaVOy;pbTM5-MnkXA``6{S z#6Jp6p?K3!(WKK}$~YV4Z@RJ}`=k!zx8Yb{TOCx@j&o64oi#14EduV1go%X*EIz+V z`)=kuD#t+k)m$lA?D<7vH@I&9*DZUr@*TkQ)KgBIh zdp{0qb9vq$dyXTwpS)n60Viq4sITe<{ckKUt}JgOOraUtav4a-BiMosDvPQ%O!_zA z*Tkf{g!+; z;r{?1X+O3^gc^p3u*V zKWVRnmY)*79_wBdf-4KJ6X?-Pd2KolFRYI^Q~X79k?d>u;Q00M*HHLl@dEo!)NR1B zyOHF#nMW#fl7x1}ZAFtUj}M+G*%UAVy>ZgAE)*y%0Nc|bS9~@&rMZupH#6?eGC(y9 zld;1E+JCKRqjM)d#0e)~IZBbi_p56hvu%(U;{za4Xd^3{pV{&{g0QoJ$sOzLFWD3J z0{x_aZV!lacq8F0h+}0PNZ0FNN1O7J8Pw1TTN0i-iSR;S`Y>K8y)Z z#Clixy!>(aO?mK3;zqULZB1^Yv}bwk1fTN3caZUu{>cP>6dELWt@5?9E#;F&Ul~)L zE7LT;7J1q}p9{t0-G$pRLy+Hva@3DQX!)HEiU7JArIQDTaQOhr0oB+uUAFD(P@aW>!&$SI->>Kr7{?7ky864>+yQSC8TChr?F0RdhcuBbt)>Sf!Xq zr_0A-&{8eC7ZI&)ZBZm#PQ43q2&{{pKGJuDO%ast!sKu(6t%M%=o)6799AAhxJY0N z%ASN)?w{a|KU&kHy0*J(cUd;J)6o4rI@X+saXh=ko*%l_*JB8j}!ja z)vvs}VIh2+H?Xd{KZo~b&F|7#Bu#*}c`I5tuBM8gbDS}oX&yM(mK;%UewNb}yHM(L z!y3rZD`;)S6n8`fY%hEsmD%`C;?lt;({E&0qa>Jij$7E)GGJ(Guv7+fBo!rrw9L}qhP>F{ZHHzA{k z?F1DBkG)<)d*W7GtL;Bkv9u*i9yuT$gm6D94!TuY!OeFBbF9`rWMqy(;8#IxWWvjg z9D|T+3aI+5pE8SSPe*cjv|sJ-F2vX+(RnkFfUs|K*19hce#{;qpF)qsnnk{&X*ISa zM~IwmAHvW=`_8vfq++v`@BP+ks6mpuC5)}%0>E;$s2 zLNYO5IbB)U{@%**RBKR$YBJ`FS4_q66Zuo=_ILJ?2pvd5da>vFX1?tGiabRB0NE3G zUrLTiB)7V7AP>kOlbn4GDiJ>z@pGE3ct`BTelLH}`=7)=wF3Co^n5#t1UiP41-#-g zcOXCB^)>Nl{1j8+wx8oK+4o2B^gdi(GVtZ>W-@+PHu=i|-0@pVC)0RcP8dury3O4D z_wX&@zS84oQxvL!&PO>Qcdt>nk*_o@K~!$I3Ic*NyRSdWx#tu2935-wb6S?YqWFX1 z@><)pmR}HbOTjg=GGI=C=dW&``1N(45d3|h{Aci&hi`85+nZkz+8~PKcpoVPp!{?B z)TDY`+8%vn1f~HJ0_6u%E3(n2klU4Dqa^h2TPI>(+8O%a!|NSgn^dv8eIHT)oWR95 zpL|!GMezsXFN5w)gx3*j+Hg48w=6N=o(*-=s(dbY!}RLDXsaIC;SbuwO3^f#v|ko@ zV!|m`m@c-Ikx#h;n)8uy;BOpwh8<%2#Fnukzu>K3 z3p8&BXx<8jEq)zt+TuX=Uoi7wl@w$ge-01p_}4pIopH^itJ9^*+LiU~Ykp_v4}dMT zJzqt8nC$K@pti!vDxo2Mr?qu9*Nn5O$06U-gUxbQiT0Q}$mBdj9ENEiR%jVdRqsuL zd73pzKJWvab*vm&>c*bNu)5pTy^%S5$ENP=nLY&HkO2%+4D; z^3J55ImL9ykQ7`DwmJ^==+mTsJ;_U33~NGJ2_x4PT1#h*h~TL`yH{*uV?JX}*3d=) zDguvFThLp;P@RZ!GgK0&K`DSJBjp3FRkyg`AQ27YG#v7k%_%291a5M@v+G&z+c2d3 zzs`f6Y-f^hAeCcf13${MR@BBwR{HT*4bEw9MJ=(xFY^0}&ihhESzHs21!{9MJ?>?4 z1Sbd$Q<06s7G&N>8OKV}5fN>C$dME&-H;RkT|Jt~1n{h|I;#<$I#Qa{ik**Bj0vsc zTXDd^t?eSo?=RrfG^;y}b6Ayvt+Wf1lhbkNqdv9GC8?46H}EI^3E`>uy5i5pUmxY0 zLefE5pwJ;Zyzz{IBaf)B*^h>Q4m=~^zX)6SbHaWb(>x!hKyW_G7*>>jwB1iylLpS; z&#}|xNObrO-Pz-K=bv+15oq&WvdyW?()aSmK|ze9ZChDEX}DX)u&F$OR<@e1T`pwg zjOjL8lGhS6xjYP0WyFX>GR1Cx42qJLr!#v!os#C={KK4Nob9hA_=E8}&%suWHlZM$ z_T(sje@YI@RFBF30FVCwxA()(hZh$U{6f}*I$>52MGJz`5;#x+&3`Xoq8mGW?f%hO?!8JJ;c|yQytRJKhErX z{KuNl-qHcMvF5$HaZxy`*9kW!cmDvZJu}qO#TNEfbMgb8f0buaS7!w0a@xks=Nx2X zigbBXv>%_L;!y6 zr{djBm7{{Vs*X#NJDPxyoTPwMda(^F(gMurYzw|=`ou6mUX z(y{yH@Y~^+hCCCZTljCn9vRX+FX8wwv8B8!ue5M7-AToJEw#P9u409Dp8oa6Idmpc zB}n8fOGr~um$oZb99)odV<wCY`G3W;>K!pzqFc-!;~GhU}1* z?)dMHmC+dERF`qzCUDfT~Ud15x9d_RK-%z)Y2*+?TMZmx#u0Q(q zk*X)y*lISuWY;ma;D@2Eq>ec*hqwGZ_{lc3kmy%>NU@e2F7Uf|53hRm^$=X`Xf9xR z&mlK*Yik)wCcUgPB#A1c2}UvxdhV>|OOzQHZkVc4v7adhx1(F?T6@JNQNhZUI5{5m z<$ABf$u$cZq_os7ZEj*Auuef<;~gr!pwBQK8o0Tgt%)l#Ha8A4SYHw}i=6{UT~|hF zXSs-c@e#xN;+Henb~wL>9~N|r?O`;_nb%LhLV@FuV|IHC_pi0guw2_Iwz@@TPQ;LUE#quMV;j04aXj6?ODuxtog&@ zkAoK4^>qj?ptvkZBeAR3J~h=KLYv~cAnp11IIYpAvn^=eGqkw9OADrN zpPcp;>FF z<)*WSE7>k!44c3XPkdGTO_It+;xoY`y-cDbqL0JYb23Q!jFzr2Llb~8&0L#TwOBm0 zSf{x|wYs_3v_DKqsH~?J9)0=gHM$en;2|l8mT9Qb$fe8xK#)U>+e%2+z%1D z)O<~)>nj$bwu%D<`3d>Pdi1YW(RD|i%G|V}2+EPj6^)DKvFJJts56yIjgI_oV}Vlm zlS-RSbe2aCkPa2I$FCHKE6Zu6Po_gHuAv0-H~Pp3JAwXH7LDP3DP}kKHadK_2alW# zu=K5C6jPD2bp@<~SLLk9Z&t&4JaNG;atPx!W;5)0_PMCMwP1 zR9LR1j7bo42prI5%1L!~YUvCyMpk_E9qP*Ij$sqDZn!ugj#KmNq z1oJbWOxJVg#t~ycBV2S9F--)SvuCVK@%^1)60jJ-UU5l3hVHJ0?d=9vIP|NEyCkU= zgL9PS`<@|%xwP#n)=Eg$T8OfJwdib!Tq>oiEN zo3pl%j;enV#TA3bwhbZLOE0e-tIsYqJ5eYszEZLIxyIkEHiXf37$DR(n^_~Aaz@eC zvGqMMC5Ov|O0EexS{fO{y31x(29U^ekC<~&%VBZmhmb48-G^#SxFSz3*2-9wVcPB2 z0=K8URE1p~rcgQo(zEu3xRfWfSkZ;?c^i$rfzPdOT3lP(%HmitA{Zpj0x&GkF9c-(@89RNOS3$8X7pexi2Bww(cbi`Eq#LJ*!&9<87XJ z4Yc&ERG8(t-`OR#%qY>8PQ$fywzkg^R)s-e*&&B&u5wIGPIjK{ZQ9+Ubv=h#t8r`< z)m6$dz~`W?5e{V5(dw4(h@%r@=Fd@3>UWPM0y){EVsVd3wGQS+E|uZ?d&%1BTVW!` zc;}@>t!PbwYo{ZlJ9ixpX}EMZj>kBGxY_+84MTaawmX=~u3c6hW9LJBK-m5!Ty*_ETA4(tTcNY?`@y!h7B_w-*CCHpv~S@o6ku|3@5Oi@#*Y&CbHM^<4rsKXz2*^IIe_d}U@lH{y%^A#9on)CLR&6~7x!f(RsUEo67& zcfAID=X>Js659AhKFYUN(=^{Id1N;1*Dc`G2Y${_74*H)^XyP=hKjC8a&bh(nH46>yJ)rr}(F-Yqy>q((Kdh=Sy$i1a7SRcp&yP z#bcYF#=aTQz8eiD;@kUETrl|$x-pev+%WD-YFhoSld9@k7n;Tu z1jv9MaC`dK+aC_}PX&BW@J6qtc>e%JzVP;|1+)E*?l`wTSZ5sLrAee!wLK&DTKI3_ zO;bVCG`(+8gHyA#XOAX8t^g!%AoU{xyfflwgmoPY#2Sy-z@XFhFy15l58e9 zlLIH^2kY3@RyE~4!{P3st9(h5@2jHe+&(bUgaje#x_*r8ChrzZvLyR+XpA2BOJw$Ty?$wfbNY*0{Z6#N%Gl9^X`+ z7qV5r5&&_ZOxCca+~t%SK5y~A!g((=$?m)km#}J}Nb;`y#WL;AIOKQzE8`s>!&>y3 zcCV-E*27Ddc4%5Wk)CnRYOP}8&KUeJe+=Fk5yu(T15@20p<{K zxSsV+sX0g!g%y?ex7GVvyx;cFih!{QA?#SvVu z+3qZ!Otd2$U=Dff&1$x>e5mssQf)fw<}3L_X=NMCJ6mfhYWiPQzP8f*8EM7m{#2#e0rD@1HMwo|)?^uHP|F!O3^UYw*ROmL_>Vq?<83^J4;{>+89^MU9mnTL z5896dS=h^?4NmgPRFX(e#$HAUI6s|u2A%s%c&p(@j$-h&=Bs-IEq>o-hG`2W;<4z1 zpvFL{>td2V&hgLfIpA$N4+`J-<43!VZcs0q8sUp~Vt>2!t!r-{_&Z}2N+(y)s&-QIM~}?9(Y>c;f}U+&2l?`5ycMGv<-tIk0hIIp097I_;$xtvz1=nTtSN)d$AAZpP01Cc2d=T-Cg0_j`_!>x@FZ_C4gu=>$pkT_6^JL%EM58&5-7 zo5N%DfBp$Q`)FT&!oRj}gS=I%>UTP4!VeZqnkR}PS1oS{V~DODG5jn>NaqEId>{0Y z((i1wojTU{MZb#oOSpkAEagT7Nec{&dXA!^rpHl*tVOdI8#X%q?mE|td`a-1{3Tu+ z)wB|VO*;K{vXBT#N8N8@l6m*9I%p5gU0+SrJSlM{#-(X( zXm$GHzX*Ter9ZN@miQnAjW#>Zs$ z6ULljjtzYw@UP)@w}}4H0^7Xs+o6_H94^Hj`KdZ7#LCxvJqLv~nXI)q(JdrzmOyg5 zPaK}r{V@Lk!MmRk29xpI;y1%ROH$I+weJqYf28F8@uasc8OD3!Kz|Cxq3BUZ^^Iw# zPjKd0OPi%Qec8w(u4|%`O^hfzM%MHl4SDn2*u=X>vvqW0Fn=oWuNP<*x<83PhBu4D zej@pcDH|;H6dy19yMP?@$Q{oxM2}0c@gAXX;q5=i5!tl*hL+;fS+|Jg+7ZW?2Yd`1 zb-?$pb)IV-Ye$YqEyeN_pqOrCczWXINFcVjC;LX#ytxnj^j}}ZSMopq z00rm$if{Zc<2n8@cpFBrUk>Z4*U)T_{yi_(o0zaWNC=R7mK~@%A-Vjt%WJ3IqA8PM z$CgwKE_?Cys@e>Ye`z+F>;XZ>2Sv^+8JeD>dvAN-jbg&mE4Vcc2KE6w5+_Joy0G=@ z`BsjhExr3f-GdR(I4Yp`2g}Oz{O3g=z0{S&(`1BU*dI!wcvmq;<&rEKW4sJ0No340RZwj zueGuhui^{{SlPreh}7 zht${iA`FNeGWzGeV=Tyx<^l6{KK0cNj%NC@KeYnSDj;WXN}vnTH#14*qb7O-)|qZv9Ch62(i0e9-TkV~w6FWMa$D=z zRJUP0S=1~-L{?B$hdfmFr51QhpkpB5)-9TyCcM&FX>wfJmXQFVieuDu8&>|tRGDM@(U!p5^!1>)%I7cPsGTmRjqP6mbGb2!^~*g$qk>Ch4doGz zdQfbpaC+5*FwEBr8B$Jo?^u#(qfwR?QbL24;)0x!)9Kn1Kq4XbuUO%&aYr^_vwZTObGh6Y4>JuK_tMiA%YoqB3BeI54 zs@!%UdSbqIy(iTE&+tz?t6M5`l&{Gr@=ssR?Cd;yXW(xad>PX&EUuvc0EF{Qo6Lwu z^1G=gRu7} zijXWVDxg?d#xlXPk}=x{t!;F5@cssGk_%2({eB0-ej3wGo`N7`gsQ4wobJHIdOeGX zviT@JmCaJj{l_k)XxWtSJUgV{%X4;M5ZyZC%|U{GzSZV%NIX5Nohnn9SeD#QGILni z_ajYM^sO=D{pJ8=Bb;`t7V#La7$7?d&(gFLr(|{zNBgxnJH0EwynQQK>g^r9yGbGi zA9Uc7PB|Y+X`Hn%%0#xwZ>g2iwQUwLaM6YyWLVz5p!7XOUX$ULhRV@LY+zPiQZcs% zw}jc`VzQ`9baQa{8plq!U$NcZ#L1AO%phd<!GL9g;b;q&A zZS7B-#N;&Iwk}xsa_;#jxA7JA_lRNK9yu?rUUEIYVrt%{;X50P2_msJlViuEjyIrx|1zZ(rtP4Qob^m~n3CSm3abj!gYISr4-zf}JK zWp5wc_|r`~7sNYb;LjD>qL`lLe5Jlja1@>kbgtM`K3f#Inc%;*Pm7|}{vpF@;q7YT z8#_|b-NOu=N=HE0>M{@KUOQ=LrE9_q9a_%bdv{^HFzfA_*PV1ZDd6tT^GMTtCGc0o z_j+VLAGE#F<%@hXA;Y7Qkl7t^pMS!+4~m{6{{V%fb8mHU)1ZNTxI@g%x7-4F&1WWc zEDBniKeJxHqj)>T$>FaP-$@>aG%U9$%1TV9BcEPt3*sMyzu_41?zd^6YS#Mqhh>xP z7PCZu)hlzb`}0`6jo|qVcr>evtANsm4~!g+wbNT@7O3Q0ZIQl}bm?866~^8m;j(N$ zw5;zZdoSyusIlAFl#L?_PfjX!V$KO9sPwN=jvmMGw;Xt#kIm-YSy~HZwlrZ0G;11$ z-|th)U=)lTel_XSr(^QzVl=wk&bqhqwy#wtwk>T6ta35wjB#BNhjW^xTfb9WMH6mf zIX$seTG;~@V0f!Jr6JJ58JU=zcEP3d8VJrMfW+T$StjAiOUBYG0Nhr-MmomYAj=68BQRi+jpP@hLoyTE=EF zmt*O@7s8fWYp9YzG>gbi)zeF+T;H%)V{dKHsOm*zVJUVspwlfac9>yQVc#8U+>)$# z+zxY&1#1|XNbk04rCE!`e999%&^D$Q{_@@~`K!_L2Vpf}?6; zEpNhq3a&3T-C8I6JL)sZl#Cv&8t3N6Jl6DS-JQ`^N8`VXymR8O9qRWQ&x|}ned2qW z33&d|_hN7MSD>ygSDl%QouklKwMG_4JzBj6AUhdk%K$T)mMFPvynSKv`&0ZU}@TbAQ1Zg@IxC76=5CJvAOSefQcq96CuAC_K=CE}P*(O)kkhXJ!N>aFtTfIz2BS9GCa84^a zdyg~kxi4Jvk*p)s=Jj1h7$Pbp8SjH$eS55d6p~%sL1k(_^p19_kF9g=byI=x&&7Y+ zL&9GU<-E|eSJU;4chASkxhdSJoQaL`P&0z)Fy#IOmVk zt#wnTbR}cJo>3_SiPwHD$#X4 z(nV#m@p)EJ(zzw@?dOK>RLN+{%5bbxBkPP-Jcav16U7=7T8e$9OM7>l?yyw~54i%o ziM%mrmlLVASlo`wj8s?^L!H;Y9@uKOvqbQ~mkq#X9e%a&ACJ5_f8niW;tPu{*2=_^ z2LiL4dYY<-&)US&eX>cA1W?B+2MtgU5ntIzk7GR6qm9U?8;8AfPA0Lac9CCs>1%M3 z#P<&$?-Y9Hp%vTwFYy$<3-L_){Faj405Yh|KtqgWYbO+1lREuZ#nyf-@l=|n)IVUk zxRVUvb^6y&rN`j8W4^Py)c*jp^|d~AyyW2+kKs7yo+(D3V3Y21-U#^7;!h0t-89`^ z!qZXEU6~qGUWw{+-oEDLyqTdPi>x`sF;fKMNlHjbD`{QmLRhqUXRMr$eUq=NAu<_tMf3BwQZs3VA_ ztQK-f9qfueSMCqE^{#V!5nEa*m6}G5OrAmG@UJ@YUx)6NdF}2kvtcq8QaXNOx@j{S zhu2@RC&jz333#&O;lGH|%54W!09(x?^X7J3b~XAxscE*+YKp`pBHvp%jaAOpQ`~cpO5GUBN4aU+ zqmg5u7(c~YS4(wj;jJT%Kz;E{!OWQ6$tne%jCtTOs>}A9MwT~qkq>fu&?v~n{>gyK z_X>&`j!p$|J~5KU+6RvI6}h%2=3L{7-<2C&__`SM==@uKc)CkD^slx) z9cy;JHPS8G#T}h8rGk(+p(19_LrXcd`^9$iQdId!3~~8Z+{Lb!d}__cO*4*rnXN9| zETD{cHEcZZ2vWu4#{<%?GVVbHP34k|p!#OCt}U(GPk**Y8jZWM4+K_;-(Wav9TQ5E z&5&NB+qgd~cJ>v*_>aI*S*+T|lN9}dWH|tOfm!nOH;U{{;oVTp0;5a4!Nz@YT?sMd zu_vx^=}VP|GT8Gk9N69K3FTR|j_Q8sJdirq&Dw;2*)yvfw@e+46s?@pjwt3OzgxSf zn$AOMbPpR_D&Cw|Uu%7;!##+S;w`xbPB?$?q{@nCs$OYUzC?Gh-LIO11*HmOM&-+$oyzAaXimZ@rJjphB4_8T{4_7w>TjOe0Mxn=8vcO zv5Dt_)lXDmfT1dzWw;T{C4q_h>{km8niVI`|0ZViwdYb3q)8(~{7B0td7{vyh z#kSLL(jzno${W5o6=J|m1EIP}B%xxAtDz@rWP|-Hb5Ymy z?MA{&Tf1->zUwLbwPh%tI2KzCNm5v)do9F=Cnq0D_p2D~H4QOZ(m>7tI}d-tf{&Gc zEm>{VEt^l$ZnrzPn&>!>@ToismniDDvKfPs@{xiCU3_6-*o`Iiy4>U(h9{HjS~l-tG;nvbT&>Vqtv_?ull-gIJT0u~kZBXy+z}PYd@{&@ zg1GEzj0|70*hQ%|#3>u7IRK6gCZ{#)D~Kdm(>cIBr~@lWzL;G{AC~U@&Nvm(T}N|1 zWQ4P4?_<)kn-h{atw+K7cA`@D>8=v(TPVuJ9-#jKFe|A0Uzu!eRu@758DZ!u3b~hS zV>j9`!*pkkdsjhsqzD9M;|!;afr=1~D_FGH(R{m?Ne@wum0JG*T6m-p$8doG#&ewF zt_!FY#=6(V&=hbuBivO@MtvrqjgBzeZWac!&JeU{F6?VKN*`^syiveW+0 zXB?L@d4nAKpL)tt=v9th>DKyoNDBfED$+%981fyKJe;;`5EuJ3(oC6BMb9<1uM`Ny zIL~9+m=!@;%N@I{w>QoMA8nN)eqd)E;xvWtxD+=PH~C>WPEGC^*)4GA%`W0BVsx^%vL?h2wPIQzT` zz)bXwFk3-9Lt{vQXYsDG;q<$!R=0|2V7$*IPB!MQG3sLFbB`+a)0J}4C9wH zouu=?2bQF6=daW9sBSMTui<_4^PY|0KmF%Cyx^U}Ca6Zl(0@rC{DJ`vPc$zV)O<0wJu2+j|sUZOqM_I&tb<9{OO zNxXzKR_Du756G~LVUO0k9d7E9NWYIt`%S&gh#xrzB7rj>Qt`yrDQLP)+u5QW0dx;Iwyy8j}2RD zmRg0l@)cuf<$TD^j2sT)mB$2l@5H|n*!arQ9|-8ypJ~*?l=C5s4<%3k0AD$8~n46EYmJ$Rz&&A^F#l zPA#<`h}IBZ+uAe+Qld#XWnz1NRM^kZ&3oZ~n%V}Db))K5HlyUEs4>gs$@6(cXODVGiAeb8#$Gw`W~<|w1eZ3~*3!%(gL<)K9rqt<`*-$z@rIq@ ztyt-|)7xI^h%gY0##H2Fezg4o#^-zcL->9@f5S6)mr8LJx~G?S99dO^jtKS6Gx^u% ztWqo~2A3RH7aLhq<&2M*p0tVfX5WdmEhEI*^_PUT8%eZHX5Cd%X%vOr7mWRC^@f|S z_mP7u{R8bt(Rz2Pi2~Xo~b4tC}G>fmYL_rrTg$Qwu25ad_{tfBY znhe((1-uuti2U|#;4>&4#%VnaC0575-YC+v9bWz&Uqv&)brg=0#7_l*ApZcL=U!h2 zjW4YHK`eS!n|Z2R+bNRfNKQPQ9x^-B+^TgCQos1Q;mvaVU0nEgPm)zvw&l#R z$X5W2<$&V8UAy?Jc$e>X*5+XO59S>1Z(g(`UuU4d5Bzf-&bHcR^oeU??hU)CBr6k^ zE$A!Qyldm8zVM9Ne0TyE5-WlCSaj##(tvP2a60YP)x>j6aU=837|F+a>HIb0%}2w! z#4?*peN#$dnWACW2OxelG*=?(eM{m002};2@s6u+tVyES_tAd^;V%q$*Wtb6T6haezOgCgwagLZ#>92q)DC)3)`l`aH-0Mo5!E~quR#lst=~?H(U%d03Wb#ViX@*ws%CG3w2cbOQ;$^8(X8(# zY+U~E?2vZC^v_zU`$yPIpy*mpiF`9{CbI?Tk~`=kAHB68V|L!)=ZeYso5kyM=8uP; z3^gkNZw8Sv-P|h4Ebg6GIU}!OU!uPTe`Jq^-x76AA5$8w)Edkn%^`Oom4F0*0qA+4 z(aiggQ1Cy8bS)M1crNtKKIK?P3$y&w_UJQ?oqg-`xAvm_qxAm(f{AUW{{W-w7ijr- zqWPJ>&P81^B`$^^!jB$5#-*~mw6VIg$PCfC`t!%NeL>?dgtyD#>F*RYx;i46rhuQ_ zulrt=t41=3#&{NKuJt=>ofiCR3klkOV9I|g^RL<;!aA9}gTy`_(_#?F#N2snfWD_6 zT8SejkB@vytEHGhsZJ9L6tf%(=rpf{UKjDdhjjk{5nAf^R&z`^SllTLIp>~-B9e}` zA3H?;A@Fskg{9iaHA`#FO>(6P`?&AN70mdbO7T?MHH3Crc)ru_lX5ovf}r5>-=V9q zi>s*>zlXHt@b&JUb)btSo(tA=?-F0=`kY=B)fO>5v7b41 z1E3?l4Krmfr`Z1hvUlwPZ>e}L^Wpc5l>Y#0S-6PZx?o8e&N1KKxDVQsOP4}jC&pSv zk!P)GamruqMKWO8p2frD~9(p|^Q|)xF0R(^Y~}}6DH7nQ*m(;UK4KLXUCd>hCllC6FDL-k=eT2oe$#5v0*=w1a!2D{Nfq7QoRN_M+N>Lqo`*D|ZxiqT0EgZsvH0om&-)7IIKQ_n zU}Sc=|%xbVsaild*v!g+4g5F(fpBkyF&iNx;8fU@;#d=bZ{~cIsUchQ(Gby zWGquX2-w)fG`}U0eoo4tG@jt}S>VFx00_M)&&yX$Fp{5QZb_eg^4TXpI zS0^NroNlajBl-l?ZQU%tRD;=cfHm(ZD4~4&IeIn<=n%1B3HfNGu zA=~>qU5U9_5CGmlA;0~}8}TQft$bhc7vZ*@@gKszB=~u7@rk8{^$iYZOosq-7JUfx z?kk-IkK_CHqxe5@@U!AI<-}IkR=Q>M&m54tov};_`Ipchc(0W2lXD-Go=F5(qeb0Z z!lLS9Ot72~OLjTzYbtPs_Qd3az~;JR8=S{aqr&X=@}m6luqU24udqH3YP0BC$M&a} z6~&FjW*eAafwcN#{Pd}1!D@A17<@gXYj8<>X>9Lm@r}`;`@c^0)qcT$wBD2ZF@Dv5 zv;P2%JVmL=qiMP~h*s9_=}?kvZcmosi0q;AMmfQ$Xz!$dq>LJ+jog-6)|EV0x-O*( zUR%u@ZdX?s$UQsf@fFmylC&A$ydHS%UVT`b9Hy^sB#0{jtUgogURB~<8~zd<9{WHy zEd|<l=x}mRPzq0s9H$_%FU(g)}V6~!{y(PLNIgO5!$`G z!FS7}>leQd^#!+Nfd%H5BA@lv$FTnZcc(!T|~Rq)GMNKNF5F7%t0>uq+KD0A2xls?RTC^SFK^Y*~_A1A=yjov5GCbyeS z)8xCF1+BtZGNFCu7&omE!LMTbq4H8s&`m ziX$J&P<`S08s;vpWQNofV+_101ZVKCKCDiZ^eGfzM7QN$Ng;&yezfIOI66#Q*`rbpB zrHpkOeQWByGxn(0t}R08*QH)m#If(e3-qrxcur@b=~J3W`S0Sljdjl(dDleGGK~3= zNBl}F=8L#>)UV|vr;?7OmM7Ae#5!M-2)5Fs z26DWX_3vKHA<*)wRJt4Ce+}5##I2}2^Ug*XllOj=rQ#d-Ah`a|jG1i;75JwCP5 z70~CA=Q@+xE$*B4SZ=3Bkz(xv4xhJm$TD zrrLgPxBz`Cp(|)Rkm-=xOQ;Kppax_lD-q5suDUQvqswB09s3#yIEnQSD(Q>JtibfD zjp8{iZo{l>HyobAg5kO7kEm#k9iz0?qFEGl>JOo-$tAPe0Scz@dV@i!$?B0yc@&{p zzD`daJ?jHSn+l0<(f9tj*^Qe!<4HT!FHQ+5_O$9#0F(qG!&gqGByOai4x2C`^t zO-xNgP`XH3G*ajZ$sL7x@+&NidKvd&6<29vYq^dfZ2V5Ve1xItJXzi`G8Ng6E2ChqSXRTU3op9{%$TplF zlpCjG&o4B~Jr?WBNwUD>B=)Yt)@v8BA9TtSZ`OlFGnR`5?gTbt6CWv9n|_o-OcTwSmlsmvN9j9Zk^3={wmSn)aR1vp+uRFBn$)i zSCNaur*rkc3Oq!XM~>#Htr^)#eo|g*U%mRCO?Ba|Q%jyn?U5#dj^-*oE0yskgQjbV z74)`IL8`{VyyO^m$4{q2UKLtSJ0IT}MrVV}aM8tKq@@XL%XS)#@};{p%=0DyCz3H* zT85*j&hlR>Mp?f33xIg^70Tap=<@tDAnuH%)i%N$#!R1D=ybc{-~!ptze>%>`%E0H zj>6tVlp;o_XV<-Xcf^klo5}6wKRpmm# zF0-{BYp0Gp2+Og`4?ufYL}1>>&f=>=7nGfm$-$xC+}&KsIb>%$*@?+x?rW*jv@3}C zdDCZXb*{K!qcH>ZT^6CZ1;Afq+G+q(6fP&XMxaS?~Wrgm1 z=4IoCPeK=jxu20@9UD)M;x^b?V0b4LzxH@tgBXLb?r8d|z0b(Fhv^+sT=ei%((K;9 zF(tHD`Bio}sG+klZp$$}vMaWg1+o0!#T;Rb%`5wSWci=qy$IpbuQjWI3~Hf(By;Ij zn$mkWcrFucs&H$%G%S34s&hLR;>s!7dB>+piKlYgUvc!U;~O0O-AfU!eq1ek;7 zJ|_eOP9X-`1_z=k&VL%2NXk;^ew68!k!kko+LU%_wL-@najGm}3}69GlJfUZoo(!G z3>L)Uq$`TXPoa#Z(CO@S$ZY^Qd8PjI8q^8~IH=`0=PrUX1sNxbq-TY*wS$@*h>E$5 zeW)ZT#^O{}UT_a4xD9i~OB6xQp#`OwI3?r@Q18&}rA+yw;!o`%qxe<}i+wj!S*1cj zxZS`Q6*)NoEKz}9%*cG&jk?*U%53T8E>Z3>f}j~>Kj z8Nd|~l1Z6~Qc*`9mD6*~sXORg^3K4$hctO?u@c+%pU#oZH_*QooU%h4jI6+P2d#7# z+IJE1M;*IV%gD_mWi4%Oe5^m6aK{RfuK67LDh^4n(y!S+{t1oyOMcaNBKFt9cmDtk z{vSxHKeca{WV0`Fszyiu0A8?^tZ5i`KdOJ&-~I{3@Duh)(JjBQ{4b|?pW-7bz0R?7 z7{%XO1iMGEF{dux@5Aw0x?g0eyfRS0zbyEVFJUV9^yQgN~JUD^!bdT(LgA ztC5w>Z4j**spA{HDY7^y_+qR$q#}dd%n^`*oOP^Nbt$8EQ#V80@mb1dv4xENOI3m_ zO(Q1nQCudk;>mV6wka513lqoVTQIoCAPB2d+M~(N3Ark@0=g%XxU$S93kp z@c=Zga$Abdn#8`=$PMk8dEt-EWHG%xr zl|tjlj+u`)VwJT{Goh^ z=f`xiMK>?NBy^=2Sfco_xSq|VnVK@(1_uY~E9+l?z972458<2XEn?N-Q!G!r2H`sb zJ$OHl;aaH}$?APhSgI=>!Tsu`+sxTiUNMR!x*YP{y{1WZ90eo-MP75<)YsC95q5y2 zckfc5Ns}I-cV#?sLm>n(VUe5>Rpl?+EBujllQE9M_>1amqR#+3@qk_xg6XsOUPZjXs@{_VPK-?Ee4(KHV$ZG&rqF*KS1xw|ZDs$9T##hki zlzNwLA&ylMGM(AuiccjYLmQTVLsVu|Hdk^ZO9ZL0Pa(V42jZ^}N2-^P0hsVW^sQqi zZ3cPN{{RH^do4a~PQq!Ty$3#1WP|<{rSRLt7Ty}Ymc&Z7vw4^!ZUa@5G<(hBo5wd$ zOul0r`x?CkjpenxmkB=dcq@*S9Fs*7ziJ*_v7$KcJJgaZ!wVDxfkB*^hZV!l&RsUC zJ-SxKy~f*VtzXNUC*Z4$@$FjEEgoCqJwiPOd2MI12G&qYu>KQWkHc>e*j!oO+RY5J zJCBgD`BZa}gH|&)SJ3opYuRrs;7dtlIed3MwH>yeC&GyVC)R*$%-6KzY>3gaM=8qj z-o6U>;o+<88^jQ5FQ~AxD9&LcgP!2jv~lh>NP1(2w-Y=&5cSIRG#t`rmd$nKUqd1)$eXjxU)A-5 z)h-~8D|=}EP#u&3pUSeH&JqhBGZ5BhmX2#-9??F#yX-wsH0efa- z@|s7sCjjQCPZjZmx-nK!kyNvS&HP_%O=ycx8Q?bTc|8h`H|bYc>|z5>vVwST6lc(xGFbJmC-n} zTR>VBk;?T0y#R1a66!jWLw6e`x||N8x(!Q2v{WBtA3o8?S`6k?!M5C81g+&t$GHZeRRkoSk#8$usN(`wJ}JosoG8zrcL|D zPfYq%jWPG6CiWF4jEr}wHi>fk>>ChS0g?}I#*$!k_L}qgk;S+J(>d#1bQjNb zt0eE2=}Zdum(Z{XPUhr&D>^x2UB#mtNXBtWOF^8a{878K&|4^Sc=>rX4Ys24Mmxk(78v^l;q}9dT&PDjNsA1i81jlLr0G4N^ zURbpWZSCdr3Ps6f>r_RKe^B3ZG;qTq1y9U2{pzV}B$hX5Zf(m%TOB%z#j@io6YF~1 zHxYRjp;9gUD-MS}E0Pk+Yba$nMm&+tNt};KvATswoo+WeV+cnL?^-XYeX{AUBaI-L zj!w~qBl=d5>|)nKN7&LKb@N-e^sAOP32f{^2^q*Dx+%VbDR_z$ctq(6JAs48Z+hZC zw4>8fc+nHhBjwLyS{E2x&%5!j_I;$c69tWc{{U7`-ZkM+{8QC*TkDJHBZ;@Mc8q}F zAEDxdt}(IG=^qp|Um43K#F}r}u0iDp3&;1cIIhP{`%KIpMrY?dcC2S2jSHA9=6@_J zxfsrS8o3-+u|TSu9lgzG9_BK7ns%1)&4hW;7il0jdZTk=O%zGLG4CgUGtkzSkqy^@ z?xB`6j(t06SlB0X&VNxrkEwnS{9K+HwXGw{OM8o$mN+LQ4c@$06Y&$lR~p2ceyedJ z8CGdkSU2wwa7iQ3@%d0C6UKfoX!?b>g<%%g^O9jD-ZjWjI}&;miupH9j?pAZllN00 z8319_`euW8Y<(y2=EGKfb4j`TLzoC95z{ca;SLYwaUx_ypc;i@D;e8g} zSwL4@Zzr7o9V!*>V$mJXi>JNtyf5Z8wec(jn@&%mH2(kq-Rs)Er8H7qwd$5sLAP!X z*S%SnbMzPf8Q;fe;obiLj`UqZ_Iry+{MWTp)<0z(PZfjkCKS2*WPUf6~ATgz5J;Z8eEs z+!dD$IqE?5_o&yYqL!CFYEQMT+;;NbUN}+_BQ1p-b;tPD#;M@@t9w_}nlv`XEzIb5 zmHz;H9VoPoy`=PBY_dzqxZ)gV)K447BW)+8Pd zduEvmXW9BEjpw}3tY7Wz_IHIWRggkKx9jX|N3<3}p0%D}NuWA~th_C#X&RlJX&&z<0&)fmG5Q+kd^z!I&seh2bnQmbt)+#6 z0#6QoG3)*{ag~fC4sFk~BJt0LSHPDL>DKbWtRksqVZCKM@BryvZ}8jWwz)mbnpV4Q z6{V`Pq#&mZnZ_U9rc5J8d!3htG~b3W_>S;u&1Wse&@B{2*I*|k_u!iIp9)!cA`cRH zm29KZ-^-2Oc!*QxAwPGX{p$@)BS`so#|_}k3&acdJqjyPEX{|`?Z-JEO8Q^Hz5$cQ z+Dtmujcs|RO%fn$dIO6{#yIhjNSbjj^z@bktNU9JIH z20;h7KGo+sW#+A_YPS9l3vn!xKE}^KFzHq=ZG8>@01|jdR`6E6Z=-mQ*)3B7B<1kqoZ~-$#})AX)~fon z*BWe)gA8*jOCUgY58JZ-knJ66&|DG?7TF=3BY@-k=u7!>)Sf$A)8<;VrwbE4aECl&70vCe!ASaR_NVX$t)*J(KNhqv77*}T`IFkU#?+5K zgYmDy?}~SqUNOGE)-NNP>R45o2L0i|=O9$jsjY`&L-uU_p?pp7-^OrU4LVu$B?j8y zP0yC3ec%U5{Xnt(xO5!{P1igbHPlzycA*a6E<_}@;edAzoomsIw6iJ0vE{$Bjo*ko zIpbdy>v7$ioeuPpmg>ct6z8Bk40~61@gL&#u92zT+g)mKe`m}9MQ7W*9>?>gE{1MB z4}*RtT&IXNW=DcSr?V+V1b_%Vb6(5fW*Rn+XJMu4R@1}fZ!x3pDW0IxNXgSV?;QAN z#1hYOe+>7Q_U#ebxNuLXHDmU0)I4XcN2pkMiq_%b(yJ)H=UQD0*&jjt zRkF9!JSTJFxb&G;c>YVd!Qx%S;{zOHpZ>Lci64$tuk_2kJVv@>osubVT@OIto@*id zJ0DVb8}@qfH;8R+d_kva7U^ujN@a~cX5&2KxV=l^E$!?cB#Ty;QPZ_i6p_FqbB78} z+>G%^w5_4==8@t502F9GE73HqRyiHo;HkQmNkiAE^{>!7kAs^2so?k5WkEfT#SUWS zfG37H=sBj{!dh&3HIAQa;VojzL$Wu}YPTh$igEl$8Rovrv(m41&xd-Cg|*=${jS@} ze>3kd`$LYjnj-yK^GyE$4?IWVn?d1CQ&JCRVeY=;T5{n?X_(cUKpIm9I^#spdY-e{xn5gJdXgh_=9V$d|9>e%(_X{beQjw zVVFNq zMRQ@|4J%*p>p_2OG5z8ucaQI6bBg(j?l^>(R`zKevLuE)U>&3$Ym?ep*q0-KxwMum z$qnoxDEfoz_*UnE{91e&;_WwFh<@oEW8gvFWQeo{jPszp9uKc z#^yOZbEDfsrfZhy+lZAw8@+k!&#$$8j@O#SlEr(c%45EOiDLmqNgcl)pN&OG*|Va@ z+nyHJ?tEL}-5*@kRDGr60#rR?a0d)4=kJPN3H&qTDZU{5B=JR&pW&axZ8BXh@h~xI zcw=Q(UJla0kPl`Gdsb0>$dpn3d;b8nSM2ZNPua`k7sStielj;ruXtxumODFwg@3d( z_8Ep!4`PfCGwELuURcQm%#lc-?eASQr*v~win)m-N;j2Y8#n@*pvC~fHL1rT#hjz= z1FkxCsEV{|Nmg16q{_{P%Z2_db50vK7h$!3gnF8H93G{m^ENb!RE6UMu4*dv&c)K#~iY$8y;5g&ot$kJd6#msdA^nNJYQKg*v<8QNas8GrqSJguZg&{v(_~;J zBo2fOFg=R*=|@wxlIVY@pTplBct_$df_ydOe+u7QYMvO@EMmX1xPimM%IX{BVc3EQ z_9Ck4w$CUtL@_jHBivUVSett@%shADtpmjxRmG09o_?2k8MnENjyV_y9><#eySec0 zrK0P4*MJJ#N3ZD888q1*PnuhCk~W^Fjz152;0 zK5~o}g5f^$k=T>S_BH&@>iTufg!+b;a|HHUg}jC-Vw3MKKl;_#NtskRpRx=Myl0b| zqdZ=8fdoJ-V;KUv)3M6;HFQ~}x4Bkz9!Eoi`q$Au7V!s{XLAG>2qFpQ5I`SvdYVkq z5$bo|7xC)rHnzHb#Be>tWU_#OhF|ux*1Y%P2Z83*?e!PZEevz;>xCQFoa7$F9)Akc zm2P%ZiT!?m!3RI!raE8k1@N-l_CWa2u3A}qaPWn&x6&@IrP}(qM{{R+i+INEH(>4D96Wk`3 zqIt?5<<15(&*ffghfwxs$eQ2nv->ODe$-HWBk$A-rCJ0rR*{?%^A<`n>{)0#Wx$Ev8&-<5uGmXHj?4vQ6TjB ztGw|wjf&i+x23=QOKw!ShdJ6o$3BL*tJBiwMKxmIfwc)*cWoZ|p^{g^>^ue>SJA#7 zvcA8)5$m!n`jX_cN=YGyYVj*Usac+#H_+ViZj_Cn>Wg-pkj6-5?%iwQyB&H3YIhqL;JG7! zr>$e_+Mj}NCz>5ESGBrS0fAnm9^h8cruR9gROapUq?+ad=R~%RENXY20`3_xyN7Oh6j&RW?xS^PPS45qx_Qg(Z$jTD7b zj2_gBEJX~GTF8+Arv&rfrtrfwT7taj$$&xQuWA7Gd(B$QP}AE@cMOkl9!=bY19Sei6-Sjmf?2T{c|z{S&Mj(d|FN9^w3-rxgP zuXP`?K+(w&X+vXndQ$@?F@Kpg<(Xf%xbozAZZhkQw< zK{fXHbrc|}MZhE99qY}0()wNGu@z^sUIQtnT6a2~GUC>CVnVAq&QD=Xz15Pyg|i4G z2b^#!;{!;`pzSlnS9cy_T}Kl76+PuD`P^^?NrvCW251WIP@Xd9`qTkL{ip@q;SHxYL}yok!8_ z_wD!C1Wf_G~}2p|#F0Mv1h$ zaLcfA_H>^+I)?D>nQsG_fmg@f2d!k0Na2);})K{8!BJp6yDm-Ij&BL|d3wA(g$VZzbT6 zd2U_DwRJ|7kIgIRGLvrQ>nP<%-5@H2@@qt*mj#~@lj%*)L0dfOpTHJt9o!bXIA6Pa#}LUZp@GE+)~dO zoQIrllR3?Fjx{yC^(e^OOGX#x&IcW8SfUaP6#4yoiUKX{So}PMM%m zmtdCX%4`g@eb22`Y)Zi7g)|)Vkm!~u3UdkUz;#jv`$F9y|E?t67aJYTR3BR^u%x>IA;u;Yqs~N>)E({5RnpKf>AsJ{Rzg zonzsT4I+Rbw~QceJCVuhUW24=v$0zpJelRkQ_dP1&zQTnQo^mG0Tmnr&G~y&?!yI~2ljve|@?1-Dg zW#*hB-iN797Dw})@z3_}_=oXwTkSu>*O%TL@Xwsf=0!K}qywgXGsS#0JNeUG-L=Hm z7t*%*WoF9~dsnMN4r@|&GbZE`%vri~=~2X>A#lx;UA(qdJgU_R$S>5E$LUU3&hs2> zI#e7Ikzrzyii5`5)Qe7eP_aij0AWW;4C1cN%F9Y`B($VPiT&=?^#1_t@%tqFb^WI` z_&h!EpW)u8a|hj*Qn*7Myh=_pyB&GWOs0|32p`lZ>_`6q1a0^``#rvu2RP0`@Bu!BywvbEAQ_=d!{woQlt?TX>4Ge=`-A`qZRkOs%4 zNfd55cHG}e=YD1_mNtROBvV}A5)bKE2;{Xp+lZ%E4S)}7tuCtMqnt23dsZ`%tRg;r zNm|^#@ViG&_2&AHxUoplK&7N7^{#13=FpE*%KUTjCq(c@opGsnuJGAK7~xojB>p`s z^DpC9?Z+0QadqLp09#zcY*%d41CSfkxAYagD4XnlYxtMM+LpDfUFv$J<>mD9Nxw5n z%%J}OvZRm&S4NgrOg_+Sx|&@{ax^2iX*UoFa5I`Bf^g?~20Z#!u6>B+xiqm#r6R+5 zZO~Ui;r{>%O{rZf%FhA=j-6`>Pq93V`a8qE46w6U{{VC+l;Z@iO7`s=PPVj#5=D>G zrDEk`S~uitTS&x^;2iVqT{eSn{j~{_HX%X51Ypx9QnA@Xq`_#&SOeIfO4VIDNaqfc ztMSDKahAHCN8_6bWVwp-?GxEvLfKM>3i<3uewE>x_13X|!_9Sjg>FtcBD0@kq8psP zsjF-0W|mg~&uZBlagaW>^LLB92mPTulOHZL&T&~a-06x(z`q?n8(G|m?vbXk)MLXT z1c2D*`d7(XZK0NFA-{Adap8v;2eos{V?(ad8~Y;kwW`Ezi93*t2mCA0Ej1fi=Mb!t zMJ5AzS>qMMQby1=8$^!jCAupc#n9yPJ?n?Ou#y|eZP;emoTtgoKDCE4DA$P|D|l5Q z6DSzz+O_meQtH;_Z#2~V9r|Te zz~qDPTQJ(AHXdxpl6M;DIp(^S9$Q;gK4hg1I3u+}`z~1uNs-?a8I`7qL*ZNn>6)+h zWMw-7vkphrixn4Q8LgtdhT_WN0V+7!=;Ma3gnlFZGu6B^tw}DK6tL+tJ4jMTCuqt0 zhwEI@M_eC63c?Fntz}@z9n5EI#{FB|R(7XjWi_d0LbDua^RUzCOo zpU%Fj(X61F(m5b`7HkdJ9OkuWG@0}_g2A@a1UEBDCUJt}7_Q3GOWAPOmU|VOhV(V0 z7NVI+h0qs1>1ci#<0^wVPV8V9wB~<2b-R_2Pag@MZRot;0GIGOU|{ z{`Cb&^$iO8Qivpt&|{-^`d3XBy}oC%-M66R{pt>Bq6zN|Z09PCo-e+J^`QPu#AxAg0Uyq_d?(@Aw7Yoj zt!7N~xE8HOXkKcN6Es?dyE9_|f%kptrJ}`i{{S9SlB0|c)Cjq%+B{lh&n6~t1~b%G z#b2}sfP8(b=rZ_^O0=I;)2%V*AnGFrI3KNNJDbKw$^HPcw_Qv7Mi`~GncYhxj^osR z74A2QsZVnhmYQlfW*dqffCJwZgrd!q&p`110Ee}!8@0LAA!&4p)GkYX)93~(y>ADl zvibT-AuG;eDC9z9SvH6o@A%gNgwE0EM&MNOj zn(;%6bn_R24;ZL)Zwp>r>M=C7?2#u{VNNRA68z7hbX^+i2-4aqM3D{@VyJ53Wp~oG z7~(3;ie_#mMaP2luk80|mPWi@7oG^OB%4fqKJoJ#BdOpTP9s(};qfZZw#&%hDqs_i zwLFkY;625+l@}v*N3$kq;jgu0r`#9|m&|mU-=@Nfu;m5LAw8Jx5wiA`u_TibgWs zg<{#EcS*Rhy$K^cV?D9US7tQZb7>{iQ>u_T2fwhZgEN}yajh#nZ{|W3$v-%*ZK08+ zB3D^q&!=j(>|-QZj>-o~0r>*sk6PK%?$XKGkOPk1wSk;s&D)FJGV0l-l6JS5Ps*TV zAFW}q7d8oK72_KChD7J?8SJB=_BP?Is z+sEf!CBnsPW=EHuqZ|%s0|?vMw#%kFZb;e*>?-w?P;VwcCQ;9(Xum)up65>UR6wLl zx8@k&bK0LBtPGP&6oMx_fJa&Yz|I2J(b!0RmBo~> zNV7tXk;4wEYcA#liP}YxT0C=;(wNSDuG&U%00orb5nxz`8G)zbn_40UiF$KOMoJAvQlxljx$78ahdvs zwX(0-+T+TQ9BxCwte7;7L&%<6EI2B5?imD%*&zI3w4?6v&VIGe$D!&nGX1#3>@q%F;-*jnrPqeZ$suCyryWgl z8m5~hD14Bl1B0GFDp7@nCPQauJ*utJTr{y922g(Obr!d)Ce(^HM;S9ZBvBjlo#(FnUu=Mfr6bmA0A(2g@LHj+MeqWp#BqVBp8@IW@Fh z(Qta6QSm2Cxsu8fZSJ;$aA7AbeeqrwX=!a7aoRDvj&hrsWXW(n%_+08EcO2Y2Wb~J zJ1!wIGLenT_po~!`Y%e30c;15Jkx=ndghx3Xx`~E#cs1hZVNHw;=I=G+U0ITtFcwj z1F`y12hhN{w~sstEM;0%8$bh*Rv^^1TWhlSHi6>`3cDX(#yqTRYOgtFxGn&sZ=^HhMx_K+GW2gupv zdkU1o=dJuYu&{?wv%H>3QB|_6*&9!#eTn0kGzW>e7oYGh4bEO(?_A(J6bY%rJ@`@dBLT# zG=n{l;U=3OfvoH&@dcCpj7SRyVgMP(TJ)cY7k}`QTrQ#En}d09ueH8HQCA!eIVPpZ z+Q(_&&k$JnB_v-LXxG-(<^d|RL&KB&L$_mJH+*jK*MYtv%+P3hG;gRtyQ7*Y!m}GG(FxZ#F-(9EhM+cYl(X?ll-u2rH*;*rqD zD)1FY_}3rf4}?~;+fAp-cWVr?x|q)1SGeO9pR_Yak)YN5GOge}KwVhftFRKW*~WM( zPt;aT)&8j)i%YA^n}@cO2g{Q?{{Ziv4Oy&bsoJ-QEqppGH72yUx^^q_Mm}N4&3$>U z>i!q;{)wh|iS$L2SGSEbEQkwmxX09VrfB4Gnmx+f`S-eMmfJkCl`EWk8uUK~>rZhU z+RChx>Tv?W2peJ}kZCka?sVE`h%_ILIzG0(D26DtJ2_*C<8Z3%GmL}j(!NXaW{snG zbHw_-k!5IhB$!t?J^uiNj$Ees`+}pp*(gZjX zl0S>qmntd7#$Dc{1oyT_RJQw07;QtzW9%#Rli@Qhzl8>;V}D@;FB2h0>JHp($FE9` zT@0kOK5`!tb!G8}rKBk~p>9UjU{2_B$;kfzJuBZeFBuzu1-*<2E|H&k2Mn*rAbJ|K zv@?|>#cupXuHJY<#9kYMDW!r!W{DJT5s*Iju@&+sg`w5_GvX*bR}wAurEYR!U;t+x zxua%gp=N%UYQG5lKl?=dF41nM)6SdX`&2gp!WG-bLWcVGt`}bTGpOlbv*q>giEO^x zu4%Un!evmQbHG;b&zexJ$Kn@?wBLt%Yg*aK zaiVFLC7mSsPTu8D;hNU{4IEEUx%h{od||VXNwZ6fTl9@m;Tw$QKo}mJSF3n?;YY&D z4-ZFiuFV|!rM4UFic0y64+Nh0>-bS5X5wPsTVC2E_u49bt4~z}%LsQc1Y`89pC5R4 zO4RgSKUccY7TP5tCy_b9$KE;Uden_JabFI+UEqnewa^lKTm7yTCAGz~R`F>^ZJ^(7U=EV$sjs_}Ajcjr;?uY5L90#<2;v zA=N_>BKz~tZ>4-={iQyiuN@%UJQK#4k_jXJ4#J!%S(_(gyR-1kt@LZE=j;(2gU>r7IWju&6mXVw1zvtzl5Z7v~? z%3z}aTYt~CdZSqE`%Y)Qs^`On8>ODW={+v8H4u!8qzhb#i4co_) z3vh9h_iNk!73x;7UqfrA+oRjcK$b)IT}?EFW9sjU_dgH3Kj8_!9{A4w%`A1uLqR-1 z6+Cx;;pzI<;qQnv?K9!;iEoz6QnJ>xs4hu>ftA1~p*{WT;|}IL&gboSz(3l1!5W{y zTO@G0exqj*gl-`>1DujSiy5ypkK&iY?PFEET~APq-lq|wjCtgmnMYBm-&5qDjMiE; z)~^fM-kV)J?Lp$$0K${d{{WuV^)JKA-A78(;Ymwh=+`#FHb-IuE;{5M)hML2vpy*J z!>elWd{34w0?DU~Pnjh#LU%lhcsoBj{RjA6;w=|klS55LMrQKSW?5h7#yK3&OIO_X z4-)tnMDaJ;G&_Ad877U(Lp)8{u`fli`b9J4uYosN2CARJZd8`8#0s z<22l_qcN)OvF&~ak4Mv=Qq=Bk&FzKG zmoi*O4c9Vk&5#v);KOe5eMWRdiAb~YRJ|RKIQ$G zz9B6BXM`>;uBBM;B8;8KJ+b=N=susS88o%EXOTjZKx5D2RW);dQSw|zai>pdcBX4` z7;FQsMl16d_J#1mcrV2&&|4dOd$5mgsJPxqB>Q(2hbf|c4-lFYHdVo8``8B`FgX?X zm%;5z{uYPAT}MaPE)06^l_LmZBXi1_>MD}Z-=Xz~{1T7$oVfjze`{M$1nalZ$MCDh z(u*6TBkhjL^+(9q&J-Nrlj~pD)~c^*e%?cg?br!nkPHbChCv_a)~2G;=R%S0{{RI% zMD3`yjdaTPwWrr#{*}&WC#n4L{{X>$zhcS! zYw+7c{jvNJr6isw@bpn>zAl0_!(Hjj;4GjHOCz`B!?3U7-^O|aX&Qv`#_4mWTqm0o z^TvCAwRGCMk6-gS>LbhLwRoJA8+pmiB!G|?N>#* zYEerS%epM6V?6fyQ@2yD4^#T~{{Vw?{{U~jM_cgDwfhfzO1QSU)^sT3y6~;pl%KR( z?$49Y@gZ*9VEb3~W2ib?#SF`wHw>q>Wm#WSer9sFnk}u&?P+}5bos_N58ytv@!#zQ z;M;vIEj(QvqaP6HY+ddkUC%wXM{nZ5&OU?Ey!nXu+sA$y@MpvwKTyy@TSuU4md0yY zX5lTa!hEa`@PgcZ4?QdSB>lPn0B6l#;cvv*^^5o$OVidzx4sOY^3(WRKAZttQ;{-_ z&w{TlkQo#+ZByx7?6A0y?NG``e%0F-bCPJU0eIMeLPiGw3h2Bwc*j#~1$Wp+O6Ttb z=}f3>dVPxCcxPGCHN6(%E2w(U1ju^y+upu{(e>>r{#0olt*#t?@)9{K$K5}TYX{Kj zrq3bq3i#{c5088|@w?#;xp|;?*Gs%h%S)SFtdX)D?QC^ZjzxcWzwk@H_$hCIzu=)? z1ayVgwQVQD{{Xa)hppDz#2PfR2+he{4>~Y;DBVH+5=cFX&a8Q(ZpU>uq4n3s@7r7U ze*KwreRBT*;$MsO=)6H^7o6H#%%Vx-Xyiych7OSNbge#lIi?9s5T74){&`QFvYSxi$3DqSHJ|j1;gNKt5(ay4}xa6{M*< zS@aa0&(#|nyIa^IjY>39Ad)h@2qU#E+qxuD+sa9ag2)GPT+@loEzTR_x5FO`d}#P# z;}3>@B#JroO=`{U@>f1YxXMVs?JI?0^sn=j{{VuDe$BeK?C`2Q);J^RH5m?9CgX0aWLnxURcM*6$kKZNqQ3VZbA&6*Z!*V&gMo zNY)odl0g~>l(yrA0PfFGUq}2u@m0>LtFm0k5a?9Sq$EcmS%YT-o@;HI z{wbJVi9-&A_Z92LLcc?LJt{qSOP(_#tc-So4SCL`qH1~_>=rV{^NBOGp~zr8#cxg> z2$Z@Bs9Ik~Y|=Ub20m={6`iH%O?bvDb&nfQD~@r_E21&zj#<8kp!hD|Rk-mkiDHP8 zDVQ^E=V%?P^!mcmdm9TFXN^(BN=oCUX(;qLWx3T~YZfwScJM8#rlS*&lK7;aaEf4d?9UDLpq_G- z?w=-#_ZE|^Vr4w-Ad01Js6^}n#=(OD?bd;*T=o4U0RKP$zg4n2dWj(mJ~o4%p7qQ4 zgHc%St!?AWGjdKk&{}pdu5X2uvgRPU$0oUp*08>jrh-C~V=OlHH9Wf9**ltAOfH|g zcMTg5af-QkA+<>gE@VBkgH$sn4Ni0nw@O6$7(KDtwBptFmh%+J*ct-lNb5D&{o;cC zD|<~gMrOBSk~zr1IL#IpGC9plPD^Q+#I3V&AcNAebpY;)vJx8^9MCRgKg0J44E|Nj zcxLEG;=N=0bL`$xv&2|j7G5*QYGnn-h&1h9*56Il5;g{2@w=AXhmIEPsR*l}DKZfqK*={F=Z05$?9!Wg~B2N6anLG^} zso%p6aZ^WSYceQ_m7BN~oXd=?Lbk~j-rO>{J4hz3>pD-JV$w%2NmO(KvNlt(!+~;a zyqQ@a%j6t#Y4KT3D40*;mps#2pt+dx+VGtCNK|a-4tY#7uBxP7}&w2;#42?j^ zr(7=4fO+8bH5=Z^sC}7aQRX289Ce`3?XB%Duk7S#26m1>@9kA=G%4qhL}P8ovFSh} z?xm+Dk!)pH{HN%0dXH-JX)e6^SeIZ)$p^J*85XAcoo1H>)xbuA0%8n4Z(7{e=P7R- zEH+#q;|8BOv}J9J9v-ntl`ifWfWYG%kZWm^$eo$gI&>q}vNw#o9Nqq%<<8F%>_<7` zsoY!X;4JqFsXBeu99KEhPOY{p-u=5!g+`v_Ob5!!Gm6xMLDnvGpqh)~`9SC~y0Voc zXjQXMv2(+)Nv8=UxU^{0o&h}wu3KEylJimW#?b0<$E9I92eE?9X9@EssMnoifnlE7 zIU;7xN&{GzUK-M_O0c&vWRtmg#d6OKnfuoRc+HN>ZA$#m?DqL~{gGz9l8pQo*JK8?w7tuq*4(R$tlb_eb;ud~w26rnR#<`?5^-{lxvF=Grxv!7T~IuSRw!ej=idWqWT%(JV~Qgr$4kU!u~0R?DbnM zA5d$=B}%c_LXtV_>?z(N(|k>>mq_g{R5AIBpS_V&^*L;Nlz8h6X--o${2kzJV%{-n zc+(gZo>=FtdbO{F?NwGcGG%x?^`$Hd>T%ccmjQ&QZhg8PRj-C@5;ZFeH#L4g4(Z6k zL2e6vbmN1H=zf2g{Up_#X+i%0pWFHfCpppFl0L8v3 zW;vBc=RR2WPx}1=T{Zl(Bgw~H`c_1Y@Z=y4LEzT$q<(2%Gn|`kn^tkpDh#7GMsrq> ztY2^iZihYVNYl2*6tPXavu?%Wkyiu<=~k~aHj*$j;KdSrIckQkB| zoOd-?TB8s^!1b*?nUimGVh99*Vv%=8j1PLDs9UY7DwB*JF~viRE}VIto3YSYT|AcX zvasWfRUJT`tfcj)$js)f+DA1IVJQkQKT%rnJ{xNhw>5E%jMRIVfigRQySrx;v+j=r zBX4|;^+uH9R{2{1g06ZRgLsX~gULM5Q+d=lsIjUx0y%#yoJ?J^*QpHfDM9%Cm zPB!MFOOt^f(T>E>bIMmNLlm=-yasIWMM-$FS>QHLy#`X1j9G4eS761xK&r7L-#?3wDth<&^^w^Ltb?Z%z;v z1HWulD4CXY_wt@V0g=GmQF&wR2YUOf_HzA;zA5~3)GakX5NX$c4?Z1ylC|{Fku}t0 z@=$+DO%o{}xBmbK{{Um3g5L%7v`+>2Y-;-3urlhm11x@k^d8mqOg1`Aot$wM^Dh)_ zRbJJMo~A9A?6iGS{ew=;ZD*14_aeLdOB;Jc5yG2$6Wr5KIi)KWSw~8Z&djl36jf}D zTeyiLNC`&VD>DB8R0v zgQ4%uenWVl#hxee=B(Z(@vf_RtLm~BG6|&KHxrzW*!HhW4Mgf{$24YSR}t*nyEp?F zs)dS@Ps_OW?_Q);jtccU4tUV*atUB+Wwj;z&`#c%tfcOFbtY&-Y?#Odzo)fXiqQ)Y zu;Gd8j%rL2xzSr_s1VO7DH`&{xBw4Y^v?wNAH-fc)FSZb!;J>_#$F+Esx9p!X#%r! zEW>~~q}kC3pU_wARsR44Fuc{%O8ATWR%(|CYa^uJ*inL;faECyp1;V~^uO@S;ctO{ z6?ksT!ru-2E2elqK!rjqa6|*h0LRRF*Bwb3-5!#bv7;7M%X*$ks|uv`70TI@mB}`b zN?Oir&zoBiz8I0#v#zFi@TdmfocF9HE`_9IU0WFuS%F`#dg1k(h^*r;6p7}8%GWHV z(CViX%(br*rM->jp?9cTS;GpJZ!%E7h7Ept{9^sK?0i2J=9S?qG}JX!R#PVLy2Ct! zP89BS!5^6ZJNU2TpNUb;CyaIb%f*rRh!x0H8Q>o0w_5VJiIR3z51t1->$;sg6Ei{V zljRbx&HU?D*40Ty1MdF-o-0$HOH)NzRzeh={W@1mqv@vh;3KSC8>q!&DHfHFVbT00 zrKkh!X}ovEclvLG;Fjhg2@xngG1jr0=u4UFC&KV)(MIbsnAmgA-8EdscLaDk*?Y4y6!~Hvv9^i>F-`K;_nIn0AstD$eQ1(%7-}m)U<609Aus!o=7~$ zo;Qmgoh!vWLu_qklHN#*vl2#o)>47f8C>~W;>UrGyK6k~L$Xz0y2igUJYC_vL&LM( z-Lx+}DC96vouk&dYDb~88G0Qa?&nK}?JfRRP}v{D^{&C%-savPD@<>;#U34_>c9@a zTJvg~Lvv;+Lg|s+K8Tisz9WjWa0w)%Fjuk`!d zRVfw2l-vPQ!-fXB;jxUOX(Vw=lMq)w-Rn?!NWNeZ>~CtLoXl|qlCrZD=AQ!jC7b3T z9-fp8zZ3bacgCkZ4tcI0#X39qn%7m)ZtVQEL>@$}cw^V)$2EnHnC^Tns`z&M!`hCc zr%5q;l$DR~I5^J$)@03?*X<1)Q-k*b;i+22t|-jAw$vk#NEIZuAeP!WTHy7q3d;T) zkh9BcF<;$)I-gqF4?~t~srJY0Pw|UHmim8$-aKah*jUN8xOBmo1M-z&^%)=idi`PW z{)qZD?0$Pgb7jLuQ}~5+#prWQbv}%>v(vAwV_S5MA8&KF1PNDwD(=n4hDj02bQL((UaBz9xgGqU(-Nze2JVYl?sII7NL^nQM_>-r;nR7kWzMpk{ zZTw3bWxoO5yvxB_Jsl4rJdvl%?XI)+sGoh zpAKr5`qhl~ULY3JPrE50LJE5WL6qi==&h0@Uo8XR@&#dDDt)*~wcsNJ5#EEIQZ&>h z;s$0tde!*hw}=hdDhC7#2sAC>vbeW9m6}CtjMZDa+leuzAt6ZgpblfiIt}H#J6$A3 zW&6p&1F@=ld>7W%$sBXa>9-BLsip<^w5v(!xAJl9#fwp-gDr4V)AoQ&b6c2!Oe+laPRqmq( zt*65k$(gu8oDBZ}I`{to3D{}+m8i7xJiD+6C6DqIl(#JGbpHT{_iu30NvKL;Vm8J& zTJ|eH3PWpTt0rT7V*{l?%qX-Q7_OW|%OjTgl#1!1@a$5!o(Ln~fC$GFz~(RXxomYm zn%NZ(&C{)DT3g$(5+ZDqCm@PJb9M>Y6oe&ReJjs3JsRs$)>icDQ$`S<-H*E7=72jL zKE_l;NsBu5;<h3r9Zu1$?IXUkkL<-pPhn6&+-e#(gsrql z(@4CxW|21-(}hoLSAt(z+*+`eP(8U~2_2{cZDPhGLM5@=T9@58RuyF*JVG35*M05JS@NMarso5H)AUD`|K9) zYdWD^9fS^|yz=Gz`O3#0#V3wwnH6HQxPo%q!UfJb>sIbAr!Z`i60ACr-nNdwbJnx} z0HrSuQ+Gl=>*`;I&7f-bGTYB_Y_}@HHUN*;)3q~bv(3IET4|QoQb!C{{%~Rjz%p^) zityXAX96p@0=I0hTFJ%SzGgDg1h}Mu&w-?s! z5k&|<&N4gJHMN{qH%J-QFnGy0#V3BICHsV1FzTgTbgVRsS-0 zm1K#Ol_%1GIeYsx1VW*d6Oby+yTNZ65s}($ z{8Mci@bJIUV50bbiE(#QK^x3zXN&b z4F<+`yQ14Hiwy4`M|mv{@hk(19u>0G=XJ@E`F6_uT}#LMP<%e#dc>srO4l{3{e zyX$+H1h+0l!m#;s$*#rq86-gvP^y0E9cf9c5a3y}mgX5lM!~@T@Xc#QcX4`Lzn25< z=%b}c1R90vTgIz2UT-{*E6TNr)&#k^l0YoM{v(1v3Z)ijE1YegjeI1sO=6nWnqKc4 zqAixkt}CU7RhQ0;THF(FyZ3GeGgRrZax*(u(c!+hj$5~p9b7nMasm3|sH^bZn`kCj z))}9m&r$9_D$J7Awxd1FjbkcH5*#=sc=X0-x=HMjrFT_@Pi_bmN!X}vW=pBs8)N1n zJGcRtAaPt=`bL_!OLW%JxnaR8*wo5Q>VxQZ+EUp?8r#OOqPq<7&mF7KtSzE~0V0)n z$rd8PUA}Zi+_4KP6XDM*e#;mc%r1#rZ6{Tmz!hY;@CbOI9 zQT)_+C*mEmYNJ6m<~fzjnM3!1?Oyk5a`N4(+an}$9#D+!=Dv| zmR6dkr1IH2po{~BB!F?A{p-g(L#OHf6xME%c7!2g%N@A~r|Vhlh?24Fe+o3KtwkNIC5cRqXgi}2ZhvYo6h8quZs z`A!MWPCw6j)c87cGTl^ln)+}%Br@6lbNpH9V^8=2Z4+5U%%Bwz#gW|`-PaOCj z8(np$ZGFbru2g)n0(vt40806?Ukqq=ULp`^?PGmvlI2-YDzVQ$g%@bGGh4)d53`?9 zhU(W$wM&1s!qT0f0=vfSk=q%sr9L_6{{RTQN#M;l!rFI*tdqpI1T;6P5LSe3>JNXV z9O88}K4G}{19jm~45jRTB#u=^5(s0L9Y;HdO6dL>$91gf=S$Qjg8KW+AaRYO(?69z zXeU(D@z#TDs@b-Kb*IH|EM$;lPnd4wJHHC>$-WtBI&^XA7g~kn_S0n(&3~C&8RDm$ zN~zS^d=I<+&YE2T7Fkvtjpv8slUDpO@P}Nxk~Nai;IfEvdXh&{b5^I^y&1aRI+H;X z_*oLy%eRqLcJU@X>&-lS;|~(p_=8HlGCY=RAbEi~C4IjN8bahp(E6`}bdQSmR{G3# zODx0?6f$O)@xIYf3 ziPF}6KiYU)1kBKLKc9oIJRVwvS(5YV!Eyf?0mn z2=h##wiWxN9^=!BiE2t$XXrnI{xE7fCxb2R;`;>3ue`$&g=fI&f!ebCLGgy}`@sG# z()C?AKe8_2GE5{K#pv1gCZ$ID8mJ@luFp?~@y+GD($8*^e6H9#x$DPj_I*p@KZYzk z4RdEKv1%Sr5Usk7M_t)b?^~D3&J*FM#4RS%#1^Y*WyIKxWJTpa*>2*$N&Xr5FGTp6 zsMy_V8janO#7PR0VOakFx6Wy{9H-P@6#Nlq;J=14YI=R%TPU+^NY2J+KBV z^N+R?EUt18kVY}nBB4uL5Y^Ak%grZLkHk|+V7iEvn78iaXxZCw zKX`vC`eVZW8`Sl^2t(pIE(Ovr?q>52S$pJ~-E1@IkAoV;){d#BTyD9xMiH*p`HG$Z zuLAwBbWav(J|>S*yU=wzOH~SOW{x)4Lv_z$c%>wh)MwHE00cfO>00lGv~4?0)n;v8 z-rwx^5ir339&$fAsqrsI@bUPC;Lj7>=rS8wt`^eZL#xvjao07MF4fj`RP>`VkOw*to(Uv@%Ka3+B@fl;>E(- zql}40dJjYY0N1aQJY(TPE~K`NA@YojlE;smKDD*XwrA0w1+AY}zOnF5oU#kKqakpF zq5;<@7_F}x{>~mSe-v5XU*EO0v`i#{q8Qu(QIUJ>F-SHW=g21KePS^P}UzC3AqWLFDqpxVl^utp_kjPb@h_n|UU zXX)>Q_23nHrR486Jb08_U? z#WN$qz7_EHr9HLXoDkbwugrHG*@ma^lwJ z4NlG&;J$g+=T%ThJ&5!*rSN~i(dqg_&8W`znv7+YUB*f&IRihJ%C{J}h!$?YFvk_a zT*Ldum&^H%IvxdVji79JS6sR9&xtf`M^BaQgmM;@gYC!rS^Vqu!{N7xYaopib^sF#xeTWiTrr*1U^0RwB|k2YPL}3(NFieJRY^2mZ5te znYRSKOa2L~`%UTp0JW#=jo^K5;z*O? zCx@-qOx3LfyPO31LlM`Ip}F;HeJpgvT>FPbztr?CR@+ywmEo2tL*Vo{?O%U*JI2xY z(@eCyvW1|y+6}@m`@c%UNe)r!Rq<|*qIkDX@gIP^Yo^-j-VxTVCDZR9odZWSQYlib z4`L2KA8P*qIiK6d_CoOo?3?>Wd`kEQtXY)O;dym`4BoLNbqzLGB{t`ruiYcD1auj! zT$E=P-^Hh|U%_1Ep6BKEuN}piVIsJfB?lagAO5v-QQoP@R?CCWwR$nw=91`X%`v$O z?)hPX)6%Q7(Y%a6zZd*zcj7yUfR5e_1%?#IBX7CpylM-^fE7}sEL-K{HA+a)SL{}~ zc_&FBN!~YbMn_ez-aq&t&+Ub0@K^SMz5Segae7zbzl~uQR?trQNbdgthp!nqAP-VK zDkP0#Bm0f`d8oal?eP0m)R1bLSQ6N|KQ-l<g!`Iq2v8nifRko7bS+t$vnl>bs3URo59uE|r8G+@$`!uYpZZWi; z2s!Eet2x}Ltxo>{SA8zW#4*_1EHOhO;aebp_~2%}i@vWBn_^Gh zewD2zrKjCRh6N@^R@T6Qp$j(Rssw>Iw*$c4D?pRG@EqQ09Ly|aQ=IXPIhj9y?hK?KPL*l30TlN4 za!9+$!N{P+qqvV#wYt-;A$xWEM+~x)(0f;$>WeJ9cF6mI;DgqHvAd*P-8Hl^-@;T6 zx=&CmUVEffA{jCdze>`XtV*`rOeT;PVc*ia-6HK4@BkNKBZJu1h@+wL7lbtDNVSVc zXy0gOTyeYC6_stL!L36adWF1G2%9KaatQROnNdSEcxoix*D~6oTg*TluS?PI`{@1 z(2~{Ww@Ab#z+8Nw*GzS51+sH8k#;!*{{Sk=Qs`>~A4}F?)Gs8omNC2>sRph1m%?|# zCAznaI zzI{ep&7<8wA=TX5T(m?790h*F*Nf`5*7mp3ES^qUO|iP4y;85#sMNDMh-~Bj$_XTU zr7PDJ%E-t=L|CUd9kD`*(@zy8v7={aBO*jw%q`H7Mz`U{vx+zKVtCv8r$2@&j@mhl z(zVQ}G?*82G*PhwBP(8oqCsz|S*&v;W#dvlVOJQZq1{I}oOMjh)U=ChVje4STmlar zYm=7IcPxcSImaTCf;(fMR^`@A>TEQmxV3hVU@D~WIn7{1&2MiU3P!8Gy)(_?sM9+_D2m&UD?&?_g5E4BTzTziqe}yxM|g- z1&ITm)N&lMtX96Yoe;$sJI7FX70cbm79wW`9&^*JXrhsqE|)cQX%lE=C70_`%>->b zI)jpWXQeR~lWo4kkhRc7e>ABYsU!i42g>#%l*&|q{{TN)r)CeB$stgr@@OtJS$~|c3o0v+4F$S!)SAf|xR89p zw&AutSxFz~nr1EtziiRlWgU(WdZnpC!eo^jbR=hk-h(-L6z83=0)Wli+Oq_V&R1zI zNXAm=Yew%RMlufXYC`x0NMPXNgN||@ExynLE01xS(6g{tS1b!-&`@IJ$YPW1le%Oa z^s1Vz+D?k0PT|+uf=qZVUgQ-;ezn_pYfPU{CVwoUV0ifGOK`&K>$?$IrE@7r>Ov1wO>aPWta4Y%d`0x8jd|CaVwd;*j#~S?UqY2FR z))6s9j1ka)asEwqP@%2a+MSk%fs2x=5DX{X!0lD0ok0u(06zA5SFui=j#{-wMV-Wf zxSrm%ZBinuMCAz}>2`Bq0PmCf5NFLXfc{o&|y zTh_LbMDRjmmiqbM%Zl3F3&}H{0)-sVIK=&S{fa-}kRKa=X}jGk#lI8ZQ}|QxpLy?=G~{Od=di)P|R zrA9W9)1_ar({3&$2?R1S4yOl-%2K$F?@I7X+)ojfKP<>b2^H>M8TelkPYk|8vy-=Y z8LZmq2dhEgAF`7puG7;4y=dvy5G%5*P3NiFazB+P0~s@ZSnaLAk5C1mZaVa<$r6DC84sk)5pE^ei$R7*`>0JH( zi8iOYOJ|ZYIxrnRm2r=7F2$o?8%0S3jkg~-92%#sr`c?`$8RO>ICRHPr6(I2L0Iw& z*_#tQEG^>Q_ZalAF!6L=a9Nl|AYPkCBD0>yMKi{{L#IWm>Gwr|SrG}qA9z>5-x0hS z91~wKG0ANrmcuVYTva-nr(@%U*R@{^-(1;Ec{zl!!vXTL6T*@0UDtD_-8rIRr?h z53K`^;@vu`2o@zwe;=)92_8I33hqOZo^wgA=S(*~dHBcSgw&Gr#j9u|k)#6S%N&#I z{OjVo>v4TMLv19o!MuYaK1$Y7HaBeTHA^@piVLN>%8~P&oO{+B_U=E{sN6gI(u|C! z5}k`lgkk=)*G;x;5uB#gfW_>${Z(%E&5BJWDn5sET6#^dTetG9+mi~)vV4|)NeEtJ}I z)58lo+FW!j$Ak5#F4-1b#?iBmH!pf(NX*r>?=mm+jnhhtfsU<;$BR>j;@(Dph?sr# zB9IM=^4?|G;Gri2Bc)|(+ElEE%O%HR4tbzu4K~X9(-O$SRbOn@cDLeKY?4*-#4_My ztvj2ZU40Ffr6JS|0VL|hdbifF^wy5sQCT5l8V1Mv)e>NRap8>)+gZ`zzKK{ejFLK5 zh2nV#V`b;woLC-XsoH<1rl7Mr5tS%71XWvIZ&)V%-nYnVh6;++Q1+ z128*JW6mmN5F`iW8;Seapo@;v=Z+2jY6%pBf<*U zoceVYu@#D4Dz(H<>xyWnF>j-S#@*upvh$7A@}H0F;JMb}ytCVFc7!Uj^kJSst=b{8 zqqFdQnwFHe7xT)ijGd<#tai16A3INZgvg@;H3o4VDtyXI+)+P%0rCjX@$2cGcKBlZ{M;+tu3HXOixfd63`L^oB?+2CiuRNYak_1bpVpBNdr2)=! z@#+@KI7X5+W78)T>)G$6nNrXsgdT9+y{HS3$gL|z(a5<6<_EQ0c_Fqjn54{uoF7`w zYyu0SW({zG*F4qx%OMm?b#AF7Yss{;j&WV=@yR)jkyL}!x zUTe$kJs-*l@%xNbD|IeDXM=oCyzv)_Vivkx^qNx)?vgRd9)R|%pAYVJjXz3;%Tbnl z=|Bj^Su$Aq)k*20tWLu6=thNrNvavjIz^oj`P`tH=X^+d`jz|@O z7ni5bt!9i!KR+3$a$`CVv`a2s&?=Lj1_`dm!&>c)^L>;u$>ry9&v0>yK>Uu*blHOd zXuFSk#!I`n?ip8mkb38>TpvT6*}9fFV?>fokLzAx&M#$(WNSM16ZFEa{a~zUlBgamau=+iXy{g*;6U>W^%sYEjv!XIMdy8g*`9ia% z56g}Lt=nBf>efxKA@WGUQ|nX8Q zgmRvpI5xlb+M`G3nripqA;NHy#D|?{Q~%X;;Urxf3{U2y)g+lN`ChouhzbW z7;@-#ad^kU`j?4xtwU3>E^US)aM?_bH!%8kuR8spd>^3ri^evWUKZ41)%2+?VrDU` z4=MORn5mL6sE)(Jek_B-8W7X%bol4g;B|I=*xWJD)`yHfBirj1&3|fQveg+&c~OF- zAEBuBdfexf8G{A>qc)Ef)}?mWv4z}0Z0yP8dvvcN{{V%u;ja{F(`p(^mXN-F@&orV>yGvH+Wb@a8LY#n z=^E@3B>Q~3dE-RPJoCHMW4&Vb&~IH2gFZdn>lRO`-S`{C4|AlngD`9)KR6gYyH)=H zfqoP5#CHc=)GaUVQ7|8Te=bk0J9if$>;C{0HE;MvrFL6?w!-K)w0JD1AJV)R#~;~x zpN6fP2xo&<8=KDDatZ0jYN)`;#hurLel%F=9vai2*6ei1XN5`=$ae#boE~eqkHYL|J-dM8k@!`6Gerh`)8l^#YXa=+8zZ;6au~O-sINQmy^gVQ;rOPO z(n)49vVfgPnl{{Ur~d_;5|F~VHWHLNNpwZ`U`1F6r`^{>_Mg&!9*e-CLM zC2d>6)7f4sk1j<;0r=-|Ipdm%M2SfFbK)0^w2v9<*OF<_kyf(2$(XmNWY#333PfXT8 za@ya+`L+A)Lsp&zp4e=Vsm~yCI30O4-uyp~>J24zYpW}pc#)(;<8I(HjCZC7lK6*C z)bBiAnuV3@rzH8Y1|(y*6|1OQ%WrJ0G&1k#bJB@yTvv1He}LLN^V#ZgN{eZ3r_4Cu zl;8vTn)H8)ei5GMM{8XtPPJ?6XpG`iP0~7JIXv{{vXqN$Y|oG`>}Pw+IH0wnX4U^r+CC#=s83`L-`c=kPIi_0FJbR*e!%w@vyRr=KK0%G75x_is zE9OmCUX3*i%Ud|Ha*4PAe)rP45+W~B&%=+5zA%HuE2YJv4N~$LPAzbEF+CU4kZbGt ze0kvQXF!`p*7SWs&r!Iubdm`h1Th%ocER_mXx`_Ncz?p$EsdO(cFxNT3Ou;kvR@{= zm&U#qv9j?I)huDS7KDX#X2@LQB>Q!wK4YVaJRk7x>q^yQ)1cI3l>-)tVV#e0^slpi z8u;ehR7)%01|`flTNT>b+YDHC$m`Obx`_M3Nd2NMz94ueZwFpz_DQJ3q8pTu;pAl; z0(1J;<@buMv|kncSkpW|C97%n^W7MkW0M6)=O2jAT3ot_*ZAG=m%@Gm)$QicwOgyJ zlt5&TLH7Xwfzz*A;q_mL+9j5cZ(wx!EbhowX^9(1+k!tnX`)oR7JL!oU+gCu%i4L? zak`h0c?;YV`B&+8hyMU*&x9Wvd@XC>-x}FzmRG9@5nMXE@OSogM-Hd^RC}S_#NVJ4QMuAC7;AGTxs{V&d(D}UB`ZT!0U`t8OeBe#QG1z zD^C?^ws5o>t;W*`T$GK8>+PHx^GhER>YB!_E%vi-4h!U%*#7W$BO{8qyXZurbJ4yL z{BYO47yLk*P>Vx1&?qJV233@d6=HFNU!^_)@&5q)Ev+v1P`kEE3&q5Z5pjs~#s{xB zq|BTwPkC(dB>HTMsLtSg$_V^FI`Y4Vp8~!i_!Hv4iM7o)!`HW(9rOf!qBH>*lh9+X zIjm))xuiF-x$)~<)qWL4qqM@otMRThupPY%Hyrlth4;2)K<*QI<%@v1mAU2gJN6h&|j)^uWo zjEwa9R?#tLXMuIwTWP?PQ1WI%tF)fA^e&&MUtP^4kruhOYyipI-i}6d$)2s?&xd-Q zj;SAsZskwxx&B7^K2{^2nEK$?tk2^e8&0&;>})i+Ew7XZPbH7dj>H_&bi|)S!F*rw zs?O_7({;PO7F|D4w=9QCz9XAWk4+c4B;+;BUSF6XUU9qE z+N0T;MI+&Fih5LbUOU#8PJwLnTb3+ z0e>2n(X}(@6nUk$ax9+|A$6yQuw)S113Kb1U0FdPmD9Jehi=yt+AkL_4pTwhux#@L?n1~E>mM^JEom2(=z5j!-= z8k>1W8G8d>ZDcziG<;h4TjBoz9%(P9>bG*~I>mr%y(;oPu}HZ)Px~#%$Gv`ic$>p5 zd8OXzcOFI0h4r;-E7<`XVYpwo=hFw*wriNtYLDgv_VfLoJVW3w8tU4O&Yiui*`k$I zHoS|w?`OCJpL+bozOo)#G;$*&a-~md>ZLA*Qi;ag+lbwwIPOV3>oRfh)w}Jb}#xC)kN+ zCn_=z>sM_xZF@qz(mYk++q;{6YfQL~@&}2qz@ul6ekr4>okRT+{{Y~aKeiu+e{Emc zyTD%&;<=LV;(vu8O+Q?P^XGYF43d9{e4)L*Z1k_zD}8-a#CG~CyUpS4MgsP;k&u!O zb{|9j2C%6eY;1ZhrLNfHis3(f5x_p8vwUIU%?HMw8P_}$;(I03G#y^nTMMX}L065` zsR!SlJ;iXfW(WD*{{X>Ezhv(b{?1<-d~s(coju*YmoM4pn1U92R{5>&6!rO#fO}*b z{Jx1mXqX= zT09z!oHr0kxMXfsg)?O?=ZJW(!O_@jZza3N_AT>9NAQnIhSyK~8zsVH3-^gM3!NL9 zj-_QaimJEoK+bEBhUyhna}w=5b4aAkt6SiVP&QQc6@Bg@@}yN^ySLVZRU??b)1=f8 z%dm$-ow zwCgA%I!Kb*^pD8eB}24l?i$j!(*D4cydk8EaXgQ^ zQ73RY9~kKoUfRWV6psUL+(tTA8*Z0&h=a@`HTLUSNr3yCr_|-PRCOCp4?QcowzGll z)n;So6NBDR-i;-t4+ny{Wu=#o_? zf2AN&G_LJ0X0{QdIu74T#s2_=Us1KXjJ3SL;baGA1RAbWXg-HkZKcn8RZ2RLcJey? zD`!}=kHYpAl3XH{Cm%TKYE4JzHWvDnk>5x2L{Dy?O6Gnd=)c&vw%2x(2e6zH26%mjO(7$a(WJD3P)( z$S85mcemau({%QZ+TcrZ5yFC_CXQ21W6peCEw$Y99VA@+m5x*~`G@6C@TP_}dvyDB zZXFImJm!^&=0{Vj#U7Iu?W*w(2tQ8s=Yl*iY{1m71+B;&J~9cx{x$gcW7r%s5((mg!SyufNTpD~vXS4`p@!VZ ztr!45PAfh}g!;t^=v= zYgWz(mGH&ncS%$IHnC0oNF=e^yxHVBnPFIrX6Cl#KZ9ytvylWwV^s+iwvy zv@EN*yO5xY2`#XQZFT7KE4wJ8b(0YN=(73%_7B<|@r;v_E<%<2B_*L-7!=3}tA3*TOhU`2o zq;BL}f(rraPg-tF!dsr7w#L>eEbJp`t}+Jfe_Cyag(kU>O{?1TEBTN8qd#pQh(8*2>)lJk4R_&R56u4nxLEGwj%SSb za=yNwTIr!nnC(i(#*#|%TpPRViLWmXe|;kseEYHMRAiLQWB`+so;z2uN|H#*rA~;B zIMqt-ZU;)3+8>%S7D1f!>srcIJo=I>3s+Jw!ZtsZPvs0}2C+G1BVyN0^F}$r8Lp<^ zOO6X)wah?JZ~^MyK~m%-`X6on${(BRh{_}BY$__M{Le-HQ&C5C{^-{}fAvv$sUn*96K<-XRg z=hStbO6OO(l;!;9+&6lR*JV0o$=J#^cy%hcd~^e?YC{6s#y262y5k(0>y45zEhU}R z!Wkl6(2lw4D_+vVdDUP2rb|MDGm=Ff`chYo=F;68$AtA9+@1@hTTw2 z)1Ts?o0?6fLpJ2Pfqcd22=88F;vE^S?#z};GNR;_0+^k;n?4EgMe9j(r(DM}h)Cu{ zBR@l3Cx|Sr^=pXrJ2YmVJ`U1GL95c{EP^QIOK~GJNSVWA{nP1PW{;^PP!qLdQr*V} ztDOkxG|gtxB)GDb5c$2wO5?Sdg_~T>Zphy$U>R}^WZO56$IAXHv^s?DzHG56Y>~A5>e5I8u9f$!P#gfaE#on`_-$#3;>L~=s{{ZUP0+KFy2fb@dPABMx zg*B}M#hw_`?yMHzYY7=Qkpqx~e-IvqttGwGipUjAK%SjzrYz;D5}H|Hn1NA~#Z3fK z*{%$~A#MrnM5SXQ%vQ1q*iJ;&`3E5Wl{LkbXxmmJu=Mq)b2o&JV^D(DXeP6}j5J(= z2*^KL_~YV#gJJOYqW5}zx}~)44&+|vxvXaT9WZB=wWCQOm4n91#|Htc21`^rqwlz8 zg}_w|akSPzSk?6VtvVGRTCxH|I5`!g@Gs(yz3^+t%eL(#@K&bbE^Wx-B6^T|VAoYC z7`UINzwomk!TPnIiTpcd4~TS|lBE=bvEy%E{A7yylTPvFzld#?@*4qUk^oF#FF&}M5Ji63Ig z&0}g7GP-$|Q*sX~f29CZhB=kI$X6aJ!k@bLeVXnL{<`o?mwk- zo_x`g(dTzz(trq(OW8UDE=@LDFD;uZ<+(iKfFEsY{Kpfhlc?R^w|u#ww`K(kfzbUb z;~RnJbNHU)Nw}S7w2;6-+DAD*O7Xvl7utrizT(x|)pqCQ0A`zky4d;3@8U0tw9Q9P z(V??j>v@=?K5)UlnCaHNr%a!0G0AZ5u5q3^R%PgY1K__I-085#W+s=&=rDL{_PZ$) zQ?+?sH*N{~P-iJv<1h61E}8t3zhO87y>d+(td9#TuEX4QrefJ{-^ghfdq}w8j8^Q{ zVWJ|@gz*p$p$3o`GNkZ2sN9R_!mT4o77CI*eW(H}OOS4vT>QD@5napO#T}_Axn93Y z0Ol_BXs=+B-b*!K_K7*gcwV_BjF&Q6h!JH*$m5*W;6)CzsM*;`Wev-DPB6)yD@w<~ zdVZ;;++W^mhTiy&7nLHhH%p=Cv*{O0GpekPi@=x+=CrLe+lJc>>X~Cd#40+O%H0oC z@Xe)%kYJ8T-c{q=S6h8|_I)}_PqGOJ$yNiuy-^2)YLdL`K2~d4Fn0zWE6nvRaCmwL z)Glu0j?H?L#U=%7PY`MP{5Xx0Ne|2l_oyVX)Mb)Cvj@h0Wgo;UWSy)BLLo@jBzI+H z19!QlyYghVc*{Hz4u{&DRgk$!bR9YMVzBQohQMa8K>o(mG+S4iE3lhKOw|vQvF2LW zjrEsltS7i@*mq+)v&gPqS!a1tR8Z(fSQFBLa-$zo&~3FWBN;7I2Qo%TWj@s|m8D(j zs}e2jw=pQ&xz1SqXc|XBXQj2m$oBsLA?K*-YYOh!?e0TN!*Iwv)>A}ERxI0YAg%x% zezmC5Ga(UVFc`q?P$f{sc}lQg`xsAhr%C;l7}n!gNMHI8Iuw}iRD&m7j#S`p69E5y28pW6iX zQk|LHaC(zmC1ah~Cv0~#!<~^$rCP+Hru%?#&w9y{5(>zS9zKPAs|F$BKiwpt zg^V0l7Nr>`Rz`Vu{JnUj#-ekUdVS5kz*(a+sV5wCuAO5(SWVk-dI8d*%Uc?k?WVf5 z-m52?j6UyCO9b<+!FENBLFYAO^BcEX-L#M_ZyN7jGn(hV)fBRlH!FWS2#R>k6O&tZj~eQoRy4m%?78P-0iuZ5E(ws4?fkcZ>7g=BF`1UEuK_RGNt5l+|2Nh z3CGJ^o~LCsrdXkAhvCIzC8@E`{k~{3x<)J98f~@b+lx1rAy9ge_o_-Ypt(XyfJk4+ zS4U%iV{2%_9XcU1HW}2M@^hL1>9o%h#W;B0-dQ3CZ_matRc614U9h)fZrn2_dwc#> ztRvLQXz1d(g{_1vv6;!-9QFEE7PeAL86loDc!}dawY+7}QI(IM_3wrr81Yrq^2ui` za=d;?cx2i^^#;1{4E!q7yd|Q=9fYql$BoffjU4Fa~B zenF6N-`2CVi`gAk%I0Hk`M`2>$El*iQs`fo?8+Sk@y{Y0ZuRp4I(<{JRX&$9h`c#l+o z*vkVfkpTYyJCNO2=DXc*O0~IbE14DIF&z1bUr+l_kPr_- z2=v8uKM#C&rNJuM>Z+UBgmC$b_po^*j%gXq9=YPS@ZP4-+~_vaTd-f=0QpxwqP&*l zOp@WIVv^30lY&M_ALoiLbJU5Yr`h`CVXG_>Ty2s)ppH&+{{YsnlJyT2YQ7=Ut*mv3 z?i*BrnK6v1vqE$)Cg;Z`)@F%n_?`yS{7g{{RW<{utFXdpn&3 z+*-8iAIo&dmD>RIG)ZV?>GeAm@Nb6iuC(1f#gsbS#QyqTq!2jgp#K0G`D5d+!ObT_ z*5HoEQU3smjF$NjtKnCioO{*{*^Nb9>%Ii|S5egb34LMWO*RXXlI?`QF7fUibL>A_ z`ya!J;u!RuTG6!T`wJ?@*j$aE4W#>wQk24I`CsBKjjZ~MtifMt83goirFfRD1)O=) z8d%Co2h2Dt^vybK!d~gocz5Avf>y?K*5=f;2&Q2s?=*hk=a0kMy30w%l>_~X)^TWz zQDtPpl@-zorS?3_#a=Z_^fp%OY~5Ip26^zD>*G} zH5(p%;j1l5&einG>HLdlJJhCE9)qoRo*ULR+Z{o4oBdAm;>>U)5BxdkK;xxSvti71 z8slk~7Z>_;cM{!0KitaYlzLaC_+Q}#rI&+S#P`;g)1-`651bYOK{>}?O0HBxnID7h zEj14%p@wJyZUl?>fIgMz{w&hJvh>L2me$%kd~f+z8^Im%Nu*CRJ}A`hbxk{4OUqcS zp3J!na7!@HAJ(pTzV7Q7!9L6G3YDFbmKSnwVt7892b`nN~T07Ib8B9sx^C%)sLrqW#Py* zU2DR>5xyMh7Wyc3R=HX)mqkYlzXDN{4F(Bjr*)zs{;I<#V1X ztZ0_<+M>OavqG$ZFy%<}u8-j^v;Bp1pV?qVdjSVy9COyL*=(c8A9@Y>BVV)76abDj^SH5(1H^a3vh>H02} zb0zYa@0u|7?xbvS@9SR&c=Fp=)U{1o);D14iQm$J+`l> z+C9qo^Lb!^H)9`(;=e?`Cr@wS?}z>!uynXdX9|&%_gxQv>p>1@$6h4x1MZ#cuw5g~rt#MC@CY^a&%plx8DCpNsAyWI zs`{3K@|K23z%6Ru-24q<&6bCfe$&1Z)_yAKdd7!$99Px?BeBvy-b6=mMYCo6_K7A<*eU{j(fw;k%drQ~w(?zRo;kMDt=(t45^a|!_)o2VqWl){uA+?{ zmbYj&OhLCfz;q*n&%IYWF_k8J?z7=-TSkgF;kn&rj7ujZH_%thpBTIwuUuYRYrYS> zxPt9eEb7FlE8GFd&!sFUY1OUSTjpJuJa)xoX%=JOTrJc2jtG+g4^xVEmn+!bt@WUn?UCWoZX=P< z;#TCK}g^=*dNCf^FudO~lcrHDANwoNn;mF1r_Z#E{cPG7PN>L;#j!t_Tr4t*8<~V)6TJ6R&>rP%|3zon==`?8> zcQhjk7?KatwWDz$Cnp1<(l&Z=A3K`0bD9Nwu zNB#+6{{RFT*0haZ!e6yF?JMJ*Ld(R>* zjPD)6ug(t{_+5M_;@wYAnkiqy8qjGVkPns%kTO#pj~l-~TIVHpKR!QfZ-tis02Mp{ zH3)5zZx?8B$!)0ak1s8uA0&-J)T5F&j(2-=w+hh{#@gDE z64>)wnB9p+Tq)oZE0(y8;%%FEDdbmuGm2Z4Csqg~jzBPT$5BvRY7>J1nt5kLBLUl| zJ*#*}sU_`0Q2SJ9Qb4BwHamM)KjtdCF$B~0U`PA6WtbKu40WmYf)tkL-?e7Y)3Il3 ze7i>Cdey5{b;|$>@}zd4>VrRAzu=2swgjKDAMIbFcxzbk3R(O$@m!0h-^X=6A@d|S zQbFKgpU9tD{`|B%&$C!uXttMdPa>hz^ogA0O&R0>N91wcaZ^?|)a_eb_MZiKp}cLP zX?pFk`#s7rg8JN%x+xUkgZPT>WVnGQj@{c5w<-whTooaxACtfERzKMbN&TQc58Qa# z%SE)i*L1sCEcHSY5?pD{4>|5)avQnBH%wRg^Z3uf8o$H;02_FV!5Z@z^&LLpqD3*3 z^CA8QT=fK2EOt4#OeXnby@U&LKzAnx2mC3v(o3RhH#%ZX4bGb{5xi}lKc#cjd!wS7 zK8^Tw;-}MXO`YZK#pStSxfl=cKpa)N%(tS_37zM4W!d`jax-aS>v{Qm_cavuQ~05jMp^Y zBfkF4lS;j~p2Ja(kO2gYe@YT6D9W_)6WpY*Pb%CzZLt1b=!aEBkmXW9MhtDx&{Kmt zeJ?<^ynzk;KoS% zr;sYIsQHmBA@|18%EN1CBaBwm+Kr5tOBtN8KBtpfF`bWxbvdl=)lq|5bn@7A_pex< zdsywHn$iIAI{d+hL*B3hmrHv+THfVC0T2Y7gOEjeMxks(lUuOLkGetcSx<6Yjs`1v zqt%fRyd_RsJuzOvW(V1m4Y-bT>r-NdeI|SBmAZmw3cO&C!ji+($ zC7N?~avf>qdKNZRc!Y`cje+-6fni_DT?WU?)&H2Ar_%P>m+`18-h~ z(xlQd=+586nr)m`(oc4=Fb)V}d0Nf*k)y+`>5x1oDbYb?0A#KxIwLNO`FhJ=)ciLb z@T9Y{hiBWj?$=2MhpYJ8N^ASM5((qWB1mz(dv>P0&0{XcWv_=Off^GijzBx|Gg_AV zW~BiO7JR1Qka(e@)k9bQ5%rH`(y13K%C;*m{z=ygP)qZERV|0KE!iMx<1!E3WOc5x zT}m5e4Qn5ka`_si5i~+7<<4lgz`6V|TdxE2r^Yu9Yu_t**<=Zq$??blDxD0gZ8_~P8)0B^ z>DI1VXcq0LtpQZe7X1WH#Obz>B_YTHsV>@k{>SmU&WGUozJg8h3{CZGx%Arm>31_-0 zq-{JOYV9=Sz&99ID0Je>X!+kFD=IZn8eiV=}`)MQPZ16t5)%ZX0_x=i{;)~YRd_C~3 zq`$Y2n55ODa5nY(sn_wYiZpMz+?9{V{{R_y*Tz0S)u!lJXE|JPzMV z<|k?0Lo;q~rF&Fpq_sJ!)wYE=)Jnxml^&jy^oi8Ef_iqXWh)#Ks84Snn8R|Aql3p< z)mZZQatJ*!Svg$BQn_*qcuQtgW{5UAX9l{vEeadvV$#KD1~_*ZP=2)}o}=);;K#&| zj2ZR-0%nO^uHt__wKza4GG!|c>DrpjjE-|z&RqynZI$=uJ%1X^zrKRmOGp4;TEcSZ zZxnFX{w0Dv=?M=y%+=Z17})&K_}Tk# zX!ce*u8H8V@@mT7U!MUat8?F=75QW1FBGseX9`L+XK>(?ZkL&kO!@GC2b7lD-&79o_LUzDh+QaLT-zB`X;@ z9Y2RWEqi+CiVDO}TvyQk9`F^dnyj*0MJXyX#z?Fi>dWRmZ%6RrTC&O`U8fsxI#;1s z=}z3de>3ao(D2&P<7*gK*D0)%LSke7U1? zeut%MWI9>FWpd|teD$bgM3L3p1N^8R#>s08L`spPp1df{UJWc(vOS`#xfx_92A#xt zmy0Yl=COOdEoQZRo>!)EReUe3&e}!1THL-x>VS>EjmNnZU!kmHq3CfWO>Z2LPLG~O z4RgLC)Gy-^rMycrf;R$r$E_mIKJgBp0^2R%iMNCE5IR>aZx@+wBkjmMWDb>s1IK({ zrx;`x5+Zq7`~If9r(WEsQIs+=?a!z+E>-^qa*{!saZ7A@_I)m39m1fn%vu;RtrsKG0rEyd? zQs{PXakV6yB~U!PMS-(V}pEFw+uiH&{rjm>6=JP2@_DXhUi8}ET<>x4M%Av znJnVo3!`W@pP7l{+w`XucVkx*q3~yn{7>KwO|@?i8=Y|&fpGzl26+7kZiMk)p}q_8 zK9}Q79W~7<-qwAa=e3aSk{`hK?Ok!z9Q7hUQL~W9ZX%qb9&^tWma&qNhi^OIJ!!Zc z%~;$^v{>C55F3s_s;j6;Zo#&Rx{f;v&QY$svVj&DKip>O0nay4=;nOBSP= z#wldB)U_SjWZahf-cb5ip6WA4aWuBJvPUdKA}JTWbW$^vY<+|91LDcmd_Nz6d_i%h zE%lh)7%F#x*eiDx_n&|~L1SX3)9(-kh~>1EhT)%=(!FoO znly4x41)8@x>JA|wySa6n(KtmI;2lww9-P1TmZ5W-=VB~n;We<;oj2am2=4Lk80U7 znxW25IWnA+=4bP!?{Gi^Y0f$COw6}$eQ3UHH<6Tlbt1CvB%TQb_Qp9NY>v77=mRUw zk%2yD06x7c^cQ$>m-%~|0FLKS^Dd3P;C7F_>q`^atF#)4bXNPaFJnvviq<<9GQn{2 zVC8<5m#Av5EyA#ciyjRO3rq7vWmEI^=cQS*)M5dW;5>&I{AtC3&+91#!zc)u&r&+q zpX#0&yqPWxN|Hj#Mlr}Wq>Ujihs@fhk8z`TncC*V%!NSOHu4U7{VTeP;NM#WNR~6V z7$X&vMyXtzOP^HJyolo`Vz4;R0=|#ZylbjQpgX8*cOb?{A9zqiqIl$9A-j)Wiff%> z_S$bWl7X;{JuzO;d{w62#R!sQp6rkT$3Km3WhfeU);6~@A>I4z=K%E;y*8TmNRr!= zx1W=)D;FCR%3{su-6{Rp+z)Y3wVa5ck`d3#$*CC(8dUdgSpia~8-cEZSf#ar?c@at zuREv%9?f8wNEoSKTIDr=2-#{A8prLC9$+@6M^?@g7II6 z?QHE&+7{00-a)%)A+QZF@;uVVPPVjS_K>7!*kA!#ziwn~5*AL_;*hR3Emh&1Njym} zI03(l>snD>uBS3U(5oRi$>Sc>4E3)BTj;uU#@a~LBqw+-cqh`m2gFu3GTOhA(d=c; z6m-vOb}N|quf!f2({%adXm0Zv$@0h?u{{2??+f@;U&kl!4%N@z6ohqJpN6!%TR=o+ zDHLV0e)V~D-ds-pSqi(b26!|93AuQfEM>y_sjQpZW}NxOyuzm>R&@xJOV*8QZBx&- zc&-7){Ph)nSgnLi(VRB~9M)!huVbCKk}NWT6DiGcNJbR zzJ|3kaO`H-+!)=GX(VtC4r^>l1o?2JF!rEajKtM0w-SO0Q5P9KiL99AM?$Ei;B$jm zJGlU(hz)5&~w7_Tl;%#1Wm(>eF)R680n>U&ri z)VaG9i_WJO`dJq>xTvF2(sV%_#8?@DHo z*v_}`)zEeOG<)LC0rfQ`FkHmUE(ey`BN*r@G-!>8tq+{C`5WR2K6UG#N=dVF>^wzl#_Aq)-$Noc7&QQ9GNE)?*1>r15S z2qrP?^AWkmJJm&M4Dao2BcBsn!m2n8&28OULiSG_cFK};-bXq5*2YtP4tg;0g0~8? z6zA(xHIr%^e7F0&;F=7_-)UC1)`-!MCQSYAn~ibTm$x=4B)3z_*5r(W`q z@j}fcEHJ*As%;BO?{r4jVT|Xc4q%a9Xf9^9Yj{|0;O@^nR&)?u%N}NOQ5yrEm78Lg z!{M}=OTr^*Jis%!^sd+YU6@A%@uJGA6crfHxfM6o#wMk;-Na~CMc6vzRyE!9t2)RT zx}FE|QOk3p5<0&P_>$h<1sAKfMIKE&-uk`bB`&rvh1!RN zx4}H760E_{4pqI!YVr%oCerU?wEIt&9KR#{{d4P86@3hyTe}o3JXNRJYp`io*78qj zAu&9P0TKTIwbr^VbHaLDA80x)@wGS-2M!g1Cp-@H+-z$GeJkPhxYxWACAhw~7T;zz zvz_?bsxzO*^{qCKB!DE^s9wSsp6i|SqL)5 z2>D1ItLX0%cvr!mF!20$7gH?y#1X8v^19(1D)PTxDM~)+nwva(;J=8q4SV7x&xUkl zhT6v0a@@SQ0Dun)JLbORy4I!e$AmR0U`ums{{SQM0Y6Ore_G|KNt#Mp9}Rp*@YRor zygPB?-6vJIg7PbZRT0Kz0A;gZJ?lCGUM7`2)R6h^fzX#N^{<6)v|Ud@p2F#Eq{Id#LVB_OA^hv4o>Rj7Mex(%{)unoUf$az zQic)CuEC>jq#pf6cs13G$rBqdEWm`}vyfC!2dI2Jd6!F?SGJhMT!!O{_1n)5+u!(L zYI-i6HQk(eOO%Xm^00Y4bQPS-Q#{+j2HQ^7wJkA8gHO1hY2A;NPC9yW4RSs#@g|L- z_?{g;+Gm|%U~o|3fH?XA#ZN0{wm9p(V)Iedu5ICgQZ3)P0OYFRb*_^{(=|y9i79l> zHp`Bq+O&*pOrTU~Z}e}7z8jAFQF}-pQEwzI(1sj2KbPlUX3B0ShnrfL^3&v7&Y zDG4AB!`8V?ac``zP}!r)rZRotIyOZC$c#(4T77ds)mq|9CA64Jxq5?NVR(b$&Ax-- z>n&>EQkx7^9kSv`h{q&;v=5g{8G1Lx$)=tyP8*>zxf|!09oVY6-|cL^8}W#;zR<2U ztqN&Y2_%h%Fi+kq>BUQe4pYkhBgvt7+r@X68g`j!r$r$K0;FMq^fkw6pAI!mFH%{p zt)P;@nE9+ami4SGxy4ulysrgco-EqG=n;bUdpM_J>N^!btA5ZBaED zh1}L_5131hqXB`h67dg-E<8En^t#bB=+#IKytmxX2kSu5=ytynJVh;#()B{Nws(>F zYvi#DHa$nwSDR{<7ilv+t=M~feAsS(Isu-`@S^=Dy0Nf|@hAH*P|>*=QSLtq`ZME? zgnTWo_-jS+j){L9y3`6*>cS#7ISYZu^*)sBM?Id0$yOSKb7}1@q%uT`3bGt-M(zz( z7giI;Ad%JN2WuvI!5!%oq;tAm-ifDcsbMP%WpA7*=mmNey|s?3s@grir7oE~WSFia zZM!@ETvbHAW_@GeZ;bXgEvIRkp1Wvugk^?BR{4$q0l!N6^IGu|TzC&yv69|PgDe?I zf@E$4V?Tyz%WH#^KR5N88yO~^EA564Ft?U?!93Tv{5tTin|-6reWt1;&@N@*0=-U0 z>LgHjd?ZFW^Vp&1w2Ne>Pj9NTn;eK@(^*tL@ zX(yQqnC4@&bm%I_hbDW-@wa+LrV=k!YA@EoB zrW~*p4Wb4Q^R{=moA29 z=%>SusDEd#A4j72uxXN9 zMwS|cz=OA#Q#s_p0p_4JudV-dS%Hd&fO8aAE)?N(H~;5xJ&IW@W*$g-A2&O z8*;9PkL#M_mYSGJbU&LP_$zPhRj7FD;oh~NX%<&{p1a|hWY;uDfkR0xx%rwPIT9wt=PcP6gL9N)!0+o-=ZX(F6;pt5&syj)ByEa-D&@K#T7i_sgOP#jL2yNuxU1EBY>&|lbd{t0LMTYterHJvKs!k!hr_)+jmdw;dJh_!2W2T)w# z3w0fH&nJ#6owK@>I-lBq>{tH)1fci<`wHj_q-lN|(L7N| zlbyc9(!W%63B*5Rv{h8LMG>S(Fo>XF06JGCNgcLJQ(MJ4a?283+Nt|YKQfRy)2A@& zdNr1!ipzTj6|vOUBX=@oYml*}y~=Wp^038x*YTU-yt?k4abu>eO?K_)*t7ImM<9N9 z6qlHf&urWF~c!R|DEd#tGNAU%t#&*va+~j+82j4aP>;C}3On+xV;NKJLTAqbt zZFMYb_S*@eIa%!(=dXMMe;VGKNN3{I(?L23;sxU;<LP6P}bTXxQ3RbBdrKk}!(z5d?vf1xX7dz^vFT z+~gdJnXLewbHb}}?b@tGFOtAFAe@s~Sm>lhe$KCLs#v48qiG_~ZsVfJq!4)Y>tEj2 z{1NN+-;4IL{g*r;Yj=HRck!RVdu=amB#;R&ZKD8ZZ&C_@>&W-3lyp0xvHNr3Tg^8` z@k~1IhJ2q2c#1J2MbKJa0mwg5kH~u0wJ;YG1h_>LMt4R>aa=Rlq1wD!W#*ZAr)w7R z-su-{wXMuRh5UK1cUXj;Jf|{FZ&{Dp9Fp~>X()_lRlYhR_4a-pd;;iWUNXN zCqmI3(XjTeNp3XH#M!J@Qqx-c(RV_xw|F@YKgc!7#M|YOBP6mMVD%M@(Q%R4_H-dq{`|;BXU=_HRWRI>!IC7X9amH-4|e?x}T+S-XPLt zys>E_Ih8r*s;zR00tcQUIP|l(9JHHL^L|IoRwj)<--dpH8N_oi=NPnIQ?XFu*qM zq)-P$Z&PLwCxs>}Zqq-}TAD9R$zk+B1E_501-Z!=|#8ibFMl+A4dRK8PW9%k*Pw0+UGb558fXC0Hrj_ zi?PG5gBF}5b^(uGm8EatTM7Qps7Etn7-6@J(7er#?@E_Xv2?a)NLcW9cdVZnM{NYc zOH&i>83lV%1I(`O<+@i46{g+84mhlvi}@{PM96&plmTMK{zsVa01nviOL;4j=^8U+ z9!Q=+B(A0~4lrtfR9l6@p?vi;?oxI;trcW5ukRv72chRbO7)8!b_-)2l;Sy1 zoD+N2uv>jYi^9tc=amKhl+q+GZBMmew)Fdpv5O z5QVW;EGJe-*%)mSMgg<)SsWew6?Jm_W5dc};vjqPtW zWQtcnShM{LPQbPIO&iEMbT@In9YIafS&kdZ9Zy-N5IS1C0D#lgY-AgL0 zf!T)#jzwo`+IfNla>4wp;FH?3QFgEkV-UZB6@&yi#(nFsz3{B|)}na|@Vtdqi}EoaVHk z)nt~`TU;wKJ$T}qS`u&?rkVDAO3GY)y0Q-1_$Xp%{ za4K3YyPY(iAhfZJMRJnKBJ;U<&*4~_j;xpPFpOadBmz04T9-qI@=Q|+i~i|)@m)=> zwPMzpiT6l2#yZf^yl33R)HQoc$jp9I!s8(G*WVSzJP#c0BaP8|&_8HMvcYkf^YiEO zt%%fG#)N>0>L?;pD;b-6MjphDjXzQhlRikTQE> zw->Z5K_JTkfu6i_D^@f&0HP0=bJBr(LY%Rf_Q#y(ueDQ`_j`7qtwhOkWVX(eqehNd zzm-a?>7SQz9-^`^l*p}Ofuu6Zi@zr$7|E;gKwa5D+DYJ0X5EcTJ9~K1q9q}e9!WK? zWqbBipA#rvfP>bPK%{av`itCLvT(;dbLmv1v`fYiv^$9%Jt^!nxX|=Cgh-79Or&5E zIa-qT!aGaCv4v21AbM1LKrJq@q}ssoOCx=tbBtFfs`#ILa=dZ5LGtzczV&feCVL$Z z!#{&R6}~rJN2dHX@Xhu7O)!RQ=~0#_dFP(>`*Hg;f5AAs4e*|5{7vyL;?v>>jirG^ z5o2^(aqE%()ozuJX-~2GgJIzfI?qb6wYX%0D|q%r8UTS;u)wR9_L55N7N2kA#yIma zQ!d65nbX+mky?OR+G#yopUSm@bj>9Lo>LIybj@eWs7D)^hUb^lr4yG!G_K6++msQs zmrR=g`%kukrH{{+$|(SrKsgHIs3#w-V^W~(e@~wRKW3kUpRwu{pL9}$2o|$fQ$j!r3uF*=CKoY8qu7B38(G@f@m-oaOawZ zj@<4z1J=3C>A>Xmj}qEx{{SeE6YOip{7K^ljtQr^xrWx+L1N6<7_1rFPMwdA{wjXg z9s=-9wAPwjv1_`f2o8*K6JxGEwfQsgNA`vIi}7z#dGGaEth7FMTgM{?JmZov#wy`V z-b%-bBE7yN^BL1T0(w^EwW*d6%%BX{RAXZ)O2wG0S_!g)G1G3@KmnoO*o;*+Wx1uM z_+t9}2eyTma{<8XUeV#NhI0wxmEdjRa&jvM!pG9y6Yzbi6iMx2bt40eel_WKo)e1F zRhHaF(f319Ere+{pAsPn7(-G+x)P)?E7S0$1WS?7B-Sei_GEL=u6Y%ibM{%8#2+eS zkF8mi`WOqR&viak+C8Tyo(*U$7YIT#5WNOZS_C%c(nyH;!+VO!FED0`MmXp_r~@ts z*L3YtOrqUs%%f&W&TGH5XO;yL#$tR`S+FR}=d@33=0OoXJ6AoacymG2?Oq*14fCno zr#QhK=@%JTgGbXAGM1Lk<7og4^&a)VKA7Hi$w*mx^U|f7oM(xV;f1ZRff!(%ab7`d zJVoIUcyI;bW)CeH&jvD_a%Mv+ zf7$gl-$Al`x(%z->0JrjX)bDNd{{SsX+{dM3Tln73TkzDn&X+B&qhOD) z+(O~7-LsFzw2W>Zz~pT{Bk9v!n;YFm6eH#R<6zf)YpC0xDHO=jIQejR`ii#!N}0)P z*LU`JP|a&|B3l+2UdI*L==TFqMZrzPXV{w0Z3yJBlCsWKC)^IGx}Loc65= zBC$(Q6+n;Q z;xYi|1&7wTFAfRrbmW%y*)1f-cDWf-=~+!35oU;mZZ^km>ar90S9Pb`Oxj_#j`aD% z?uG}Nfu41#Y5JergcDfEWn=fYoPKq4`x8*K@-A-7=!!!Eu4>~e0i~wv+LSlZOJ#Q> zZEPHKk?&shYvKv@dpOx7NaRt58NoGN=2A$vZ)d43x7xR$KzZb6@~ak>msh4ncSbnw zdR9aP_L`2E2{OWBX8s20^{P@&b94xmo=)7*1Qxno^_#Jk581ls6%^M1F;r}J=e+*%GVkyw%39%}#$LG!*v9Se#)V_WeZ=A)_1(#b1Z6Y?n^cDei~ z+9PIjxEzjglT$6tY;W4@cUpDSK0s7c$vN*{)uH&aOuq79l68jbZcgLDG(}%RWfNy! zyV4%Z&6(gT068bF1$B-tyAw zRfa{}NB3$?PR2`ll%phvIs7X&>`yI)4Gf5>bf8Dj9`$m~Ep44lAhN0F)}}JJ8&llJ zbtDEmgSi+omFu5+?Cm^c+H6KGQ*4kjl_ZS*HEDDMhrewHTGSRVwn?-$zbzqYZ&)9=)8Az<6Ef1Ucmyt@TkE2s#ei%q98PhBIKN{ zK;*P8q;}TmcE%+j^PZ-u>hW%gE+T-&pH3?&M8tlVBOn4;l34NqCzDd@_I9#NMUBbw zo3?sX*qiI2i5`|2-Wg;*SO>OAH8qk?VviJWydP1{DHKg}6sn0dWkdV%TDDp)r+Bbk zD3Fdh^{pXsntFw^+Q4GChv&w59E#@rphCI;{<%GCK^APZXS<)vfkyMrGh1z^$88Ho zDcIciCR+oX^`uOUd+DH+)qIVB3>H1=eKrFI?e5Y<$AONN3I>hCTE#1vKzT3^J^iZ+ z@K1VVkL>8Xxx%hLl?JI_LmX*$R-v&r{n-Fx?$=$WY8tJGHrD~AgfH<7mHJf4p|}t8 z4Z;_4RA-evs+!KW*ANy>@iT4fLYB5B$8|OEOCTUnfq#T`HGsD7s7E6yM4S!4H&#A^ zs6|_SKUB8e=eETM?vB;B6n1w2Lve`RjsYU6zz#!M@a%S%O>r6XEwjMK^R8y=N@-Uy zt`(b*4@%3~jY!44(I!4xg^|Z_y{i73qaKuFxb*0a*+X=7tdH+I3~(9m+TCsVza z@*?jm5~nJoujO2}p?NDKS;-uvak*V^DkSVufyu6!XMdGOnh7`d_O6>owS!3V+fyHD zToR=5k3;xUgSmW#J#SG#B0MqU8RQN>8uP7N#y3#en^v}n$gFu@2_E&dW87SbyQ5yo zs#`Y2`#wkuwC6S4*y%UY$pmvu$F~QZd(<(w>0_e2(4H7rrOKVkHsh0;=CsR8%U$;R zfmv9RHxA?1>qx}vu5^iFuvzqpB6+tD^@p#mWkaUiNh>tK$2Q@X&OoT;*63ET*TOuw z9@=8EDLF5UX0dLrEbSgswWL+~v)7NMXq|>~jdmJWXxx~|ByHmZ(zN2&ZKJjS08ahV zM!j%3710Pcp-I^OU~IgJWt51}lKYjx{t?=}M%v!jRsPJ9YgTDvA#x8=1_w`S?2J*J zTAap+@im5(t(^%LGVZKnT>Q_D*!;gb=)N6%V(}i8u15A=evNTyF?e?$nY}sm_N`+Z zoUSV8J@F^v?~U&~Rj5yXUg|r-C1ywH$FUxt<6dK;!{W~z-$-M$L@*&~B_{(ugPPeO zRFUS|m5+=xzZ2eBYLX&fTSy%O1GSL!1ZS@m-f3PZ)-{>nlUHeD4In~UNIh^k{HmRb z(I0mF3-DpqbZu`zyPD|)P`{SAIQh8;@W`*9?q~5IfG>4@Iqjvkwvz0|qz%F2=s4|I zPje|tQ?0SMxsKA({Hu`JBRz+{E75!_@jlw$QM0p}M26gdtt4X}`0MLRD^g=~Gg;LJ zy{~FAT1O@Qv`@S`1BV^Sub#YT@qbmcyScQ|<+;YApf4y&f=vc9BMnoF4w1#k%&{&nv@FTU|jzOAZgdX3)u2VvzFY#_)W;P>QEXsy)v zyTw*(Y5k{Xrs@~gsT(uxNtg}e{Ag{{R#$l22)H$g!Wijm{`0O(U7{_`cWl>&r{Yi>M{hi6?9N{cGnt%guL4 zwy?Fe)uWPCAx>9`J--@fI(wgbd^Mg6pM}@+x?4x6su`Djqc6uHM}PjkV0q!ub|Qd!kT|JrkrU@#8DV?NtvL!a+dju5kge%no4(d9G2x!x1A+&9 zbma_yZgu>*9jmtRFT>3%P}8pe0O2)R?zAa(n|UM{ z@{bwk+nTOpLf)_DbS4)*&hSQ`;2W zF%iha=2blxK9z^8%X6!0Hg|BCgvg;tE5Tm>0MdfFN*cANjBVtM$vRJ_M8->C0o@rO zWD1wVI>?&x{=-vuONERuF25@u^O|H^q3?eI?z}8~YjI-slbg8$w$qWlfyd=vS9r%l zweU8snyzC;o!)+AmD@UF4ro1YHq{t`)G*P)#^mwmo!hUYc>$Gus#^jZ2WgU#{Eut1XmG{os56ZHZ$+CYhF*LY7;bO^%dijXfM|uwH&&E+v*+; zhUdap7xuCwvc{nA=#9s(t$c&6YMM>%m8m>YOKYlINKv;CM4aH@R*{c#lus=1cf?(5 z!QL~m)HJ5Hd03S`YUgkn;}!ao`z!w1eki`bzVKb=lcL->#vV)wFiH7GrxnVF(-I$y*|Y-HBZ9YQ884Zz8DKU(J#MzYhcwAQ}5isBI<7;e3K)-r%7pFsGhRMEAF zY&`Xj2!IgBBxnR}v~i3ME04R>mrK;NsO;@U#H5J#c_5%)Q^qTv)@5AzFZR)w$G!^G z0Kzrqrdo_Z{v@Rdgzo~T2Aw>)m4lu9QqvMzBc%U@K@q@!+YsP?w#ettOQdtmP71u z){O!>n*Ip!w~M?jYbKf`w$v;pVDGjdBu4)LWS-q?-Mn9@_!q=K3iVB2#PWTkSd4+T zLz0o>s2`m~&3RAEzY*BztY()%PxKUS4suj`{{V$?EVy-5MtPj!MmZw08bz%WQMl7} zi+P~A7FWpXJ~c&As?FST2XJzB|ZFJSp3Oy>X+ z2k0xA(EMF<;SGMv#Wqp-vsk|L0rq5P=Fhe&X`R&MeYf#A#yzh zUq*|kE3Hr4X|L`rZeqI;i4b9zj`j5)gk@h5cy8YQ-Q@dpV-m!Af!O~5Kgzjh0FpUB z82Cd^@dmHq-D^>_OPiZFHuI~dOt#Jnvi)#)`U?IaKj5z4u;Klce`=o)Y1&Smbr-_# z97QIt;fs$eHt@_?wZ*>fnNo5GV9TDOrY_ARo=E&Z)@>5b<)CQ1xe%Dx9&kq$&rfY6 zj-<*2Ky=4??uN%5R8n!Y$GL&W6v^Pm7|E1loDS8|8FV>}`4FtTcM=CVq`jBPvACWE zj!Bh%M0UVtJOEGE6`Z7WQb+C&>|Or=1fOUH^#jN*4M^Xn%{`#l1~Y0{{ZMW zfk54FbJ1k!(3bvQ_4&E`O?(j^E%3Ir;oWIrxbZfH3yXF^lX+(6Am_d~KSF&e$8bN9 zkB)y2HBW^901$PL58m0_!KK{H(^^bp+Z=s=cb=SAjVxnn+yEKRJ?p-ig-DpXf&q^# z7af4CxfeW-^@H@Ts56|dRF%%s%hb}nxRMDZh?pN~$NMMO6{wGW@b;(hZui0-0c$-T z^F#Qjr%ocj^JCv_tU_3l(q#4Q2NlSCZSem9hx88{&vD^c#jcHg0?+nUIa_z`6pk=? zq}bADm%u(i0uhdBWen{ZU%CA2DQ;^7Y*@BSM}Ru?uf0FunLo8Yq5B(t*S`&XT`kp} zhk-SFlc#Geci=|s6ua|)MnTW0qnPfc*`Mfn;mu~rZ?wxjE#SNGcCP~Jx-HytZbf#( zGH&VI5ziwB>-8p?t6N=ICG3Ftuz-(_waHN$*xPyRo(T7{c~Txd&3<)%!Aw78eLMD( z{h#$qi!Cr;_}jx#%X?`MKu!IjLMFFt^#y)$=*h=g;bf$Lo?nmt9_oJxJY}tXKD&ln z3s!fY$+_7yC5}DvI#-NpmY-p`c@*LE>ro_ChiU4bX`LjKe+9PpuV(P}tz-R}cNOi; z%05SuI}Ulxa#yF!taeh7a{BVt-(;3o3oHz|e69+$QI20Q957`)ewD-Q+GnvsvF83G z(IBwY8&{43s@xoZ4Or2&D~FX7GI=Tn(cNphk>}#!X3u2P8ckkpH%^tq+es+-RQ%cZ z{Hyd6!&*g-gW=sjO}2n#S9>-wjEv=!I_ina z<#WH&?JTZihE!EPymd9xL7`hr8d8BKJPZyoOwmf`DdKxswA4kH=8Lhe0i@k0n1xw~ z9Co0q7vk6NtlbDyXwZhi9c$4vkBd=h;ymeb%*9H&IUpZ?4PPTJFuCde4DmLb@du-JZz=9H(Kr0EiSAe)LG(q$krg{AK)-9?=_VS-EcL;iB zq1NfR3x<(0jmJDzirTDG#){jCDk~u;7PJZ=i$Kvaa zLiD7-2{XfIueA;!Pp+-q-Jn@iv;_0J`c+FkGFYwS{qqIS7;cq~tOrLO#l^pq63)y4 z95K!-TUCN9h!$5Ib>R1`r64)TZ2r&t`D8pcRG!AV815yN42a;$271&C#Hkjz`G%l>U0~F&Mj!x%K9r9_mAsx%O0Izz;ZF^CkXOUc_L~Y}+trP@D zqg>pc$9xcRO%L`&5jg?9UR{G}n8>J(KxvqyRHoQr}!b6cMp>LN>N( zo1IO%+P#E7X0{PJt`9$Yv?4(wKi!G;90EB8t}!Lb$CzC`)LO8U&e)3MjBs&YzaFNS zR!FHJmwJ5I9XO_zqJucAi#w}GoG{%9&j-C@>HZO0>zU`57 zBVe95s4!&Og{ii*TYwa{dV|uV(=V-W9b&q4wZ|S|=soB&pJOuPRE9YuMPTF-0}k~p z0^?A(6Iuye4Ce#ADLWC$$n3POQWqEZ7See+Ipd(OW70G$3$HHr1yy_iW5))ul)IWn zHamu~)9mexilG$-O6R3`myGqxIj`D1Jqj>T3kK;<2pp_=&YKRu;%#7P-XGGn9b;K} zL@`AaEJTib6WYIAzh?gc_$F?ntAA$r&*QGNx^kUCuML&(gXg>~l_R{hIh= z@Vi9tHjI2d;O!>gK=Al%ga`u>?%2t%O_JIjCt_IJywh~t21nyf%;uE38&;ZA+=ZV| zca}rQT<`^Nq$?7IMGB+PQ4P!`D`+$_v1JF5)}NeblT|79Gb>AV6i8*2f*|f|gw=dY zYQAsT(NvCn!&w~^sh>D}N%-TT_#Vva8m-FQM$A-U@yPmn*W>T)asL1XA=A7iWMEBh z(hE!#g4qh0WMkP!UiEN;XQfV^kLRP~ukD%fbK>OJnmx9ub>Ytsu_$6m518ls%tvA? zmp~tO6-I1(M>a+Gw z{{Vt%d;-~Ek;ok;BHtkNwP}DF?Xs?ickN8*R{{Y3W+P}ts5!QPs z+Ur8L$v}v}4ZS{GQ51GYHaxbZ z!)+U5Br}dMYf2v~BxwHWzJf(3ddmWvjfAR8lYIpVXFx)UaLHn!HVvXz7sZs2sTisH}g zsSK9x9S#ZhH4axXaxrhwrW;e_Z(7Azr&MKZ7GKt!I~g`|n$E0r^l_Gr@ObWP8^hix zp7!WO7kdn3XRd2e9;W78qr|&?y=a)Uu#AQh1CgH80WGbq)b{TqlyzTzYZ~&-d4oJ8 zE<4Z#Z97`>;ucpEM$;+ao~E`NSOs>vFk$K5wSwveSMffc@uj?n%bXk>j;5)$Ze=7n zDtcn3Yfu|!aUHeMQmwghoC?>yxQ|f_6I`Xd%6?Ohm7KOKZ4NtM((anknrQ^l5I~R~ z3G}ZJxRLB`Oo6~|<&$smEqs0PbK%5aYr3CFFC;RPjEola&1EKO8FW83{vr52{{TzYntQ8%vA88< zLOElezoGo8^yGqjUd;}G4%V7ib)xkv>601@;R z#U-iH4UK(1_fdsmvuR}eG-?(t=O-Up?KC?@zSJOs{`MPNcWen8_FO_}589v?X*mVtN-(7_- ztr?&tw*Wt_b;dS0DjW8`G_-|nw0S0pE?j)Ojtd`3)zx)dgQVQXCtFz+8H01l$4b|j zRMGiuetc8ne;w;~UOv_JDYPV<#}?m_BtlL-GC;+5mM~a+E{gsS0_)eZXm<=IYj=@~ z1|5h!{{TwSGpg&M$#|Q?_WuADF0A%z2TRmqm0nojeT>BOjyhMd#p2HscqO!L7FW5| zZ4nBioV$WONcvUtvLugslf)y$S_~#gTHfF%I2biw!`kiUmmo2QxQKrVJq<~Nf#1jD z!*e=W`EkQ`Kw=xyrFGV?st~i3jp8S+X&K5kI!j3-mzGbPsp6S;JQoqLv}I`l#ygK{ z3?_`WjzW)sV{z0T^_490#?i+hDum!?y;NO{WfOYN#@Qdujz-H4{i_ee8kN<(wD3i9 z@@@O3wnL0;eEEB<+}PdAbvi>mrVizCn&eje>JI4=I-w=74Mh7I##S_K^tsj6@eHWZ z_B}CPg`}jhEv4h#!phC}cMOWo!OnXWhfUQqxEdL(KG=lhGpdq5AI7{##2T!s8VR<= z^L9KAXt8m3Ijdu7rJ%mGxsT2#B}wb=S{fIO&}srOVvL65=dB`~Pi0xBzlck3G>E4k zb-LB9K56Y{26?5CayZXQW>Srfxyuy{C219oc|3}Bznan{FhcJkJYaOBWhPp>)i15p z?Ieu!$35yhNi_SI99&xloMeoi7MRqEx`RNf64e7oj(ZyN-xcXia|1{mMb`zo8XGPz zQ^nHE+`QqWff_vHpS|>`A+?jw2*F38%_Cy1^b%Xlrc~VsVaIy6X)UrbW(+WMp5y64 zeSl`OeW@7I7^Ic$x;9R5E6DXfhuR;B9%!#l__54w-hel>T{hpr&1qw%!~Tk(@CN{T zS6O|jMRu#@K=Hma*QI4M8AvSb&EeX~lh-|}tdp&yx~>*n@~k@4qD+}JE2jD51~yau z&a}&kwM|+PwVdOObm?6Ymr|p-4WdnF14|-1OM{Gc2Q|z1i%{3~%NeW^?(PV7nDRyn zk80bQ8wbLl3CX0nmsq-s&B4r!c)+h=zP_{lF_FIUGC_H6)*PwV?#QI&8u(P?3 zB#=~vswbF!x2fp*lDUo}oSt#kydPK9Wwf}NP-_ki=Hre`c}ND zDztJ=jKR8pv?_VP%DI8AcNpSSUqU)n29HpIS~x*$4x_bCv;uoYm7`H~@r#3=I%2df zuI!=AlH9_sIOn*ja%ILQP0h`%>xp4LL03PWZ!O$L)Cn`Y``)!9l!~^E46_j&!wu9L z?sVS;CZuD0q=*4*e|Xc5P2#zhleh&Ze-nWGwnDyJ!-kMuFV;ckVf;kn^o6Dwf z=*Mvw_gaxObe6(zv#B$)$`?7u=~SY(y1QvFC6~*=+En@u^v-rVSG=%=rM8!RT#^qs zHCEGHxsl^p*DTHRU}F>+Ugx)HJ|4B!E!WR4<*$6>wP*N`!ADMkXNaMWL9`VaJ$g`T zc#Zy?_R>lFsn99s0P+QGLusRHHli(!6oUYR-1^q^>RVCR{$edO`<*U%ZEn-ak~b*P z1fcUznZ18PT~m}z^;f(smoF)*xL8NPXg+a_%8aC}s1y;m*XzY^8Ea#bQ)Q2g9v#qRveLX&;dG3Q z1ePDYDJ4zRNCArQNrhAc z?y&r;ulTd!`^{s-5s7b+T1GoI42J}sN91Z;M>wmUmXGkpD}6H2Zm$R)QDt1?CkLzyY4K-wGUNs=LJ7Srvcd_k%v!=Z#hOeD&B7d`FDrDtIt?usjuR+-HjM&x;-) zzwp0{?N-Ly?K*H`j>y0&4E3pdhb^UJ*FGLUhP+>+>Uw6Zmh(HrU2?f{2**E6=Drm8 zpWr=Tz+Nwx#2yLL=bZe}&bH$@1EEptR~;SABf0Hgv){+h8feBCyhEa1%czOOf4xGx zV<+zs>MQQwkDe;gBluaRc(=n!kEl%UZX~J3+q?$ zTRWJV%XtdUJG6QJmHMNl>+>63J51L!T|G4g=2sTmx115rZuPD8u$)hr{AuuGNASOn zKjC27>VIXnc~({cW4|hY4lC_{4g5s-bF5ov{{ZlZw3DU8LOZyw0DLgu;k^$uoNgt# z^PlZ2;2C@=uV}jNiETaahwgz7wm;p)>y{r+*1iGwrD&H|aK{C-5L}c4Y8{{fj()W& znGGH@q-q+khop`VK3VrWDJ(O!2s|3q)F6Aehd#@5ExYu^uF#iieo<{jC>xBDYM;a=No@iy~CbEo*K8~f{Iwk;Hh*i#|(AFW6p zd8B+*&~9~x)9>S+))|M*Z%R#i($7@AmJ500wS+hB^8DhNoRHl|L%K~m=EfaL z8-R!!5^_dxF`s(%uY|uD@AR!U$HUs>p>+#W@*ldSXWx$Bty+L6cRuI%UGe9^7Zb^* zT_l=S#8?eJKv!eejC93#$L(*fcqd=+wwbDET7qv|RQ=>Le64^12lV2l$DqBQr^Od~ zy}l)i-gbeV@J8>wRGY$gnuWjG?&G?G86V1yR3{nFA29ll&XX05y+dB{x5MiN@HdI1 zxE2yDa>DE}=Obg1JL4lY;lCI>JEUk=l1-=GBI);GE=-ovZX1aCfjzm+E@Mc@@sAPs zM^Mmp9RmIG3BOyq_PI63WJhw%5$@TbIY4|tzjf3n)nMV!+}*jNEM$4)*nTzVUl+V-;Qs&$T0yDY>kKYn1hfsqZ~p*i*NSrN zO^dz;@uj!LZwFgJqUv&K?<(XmZ@AvL?b5w|@5Mi0(QT|*e$}f+n_6AJdjlD)B_4ut zK5X%Ci!}#>Qu|HHCBQ=_);Jj)iv0Y%*Y%GRYf1L#<$@z{P0R3CB>L1PXJI6JrSv!2 zD6=|4%<+(kxbcs~AW0EDl@wic1kD#PZaTXJMjGli;>>QVEh_2rG^4{au&_AA(#qLwBYD#L;g z<6c{RYSGH-sKK*Hh%Pm&Ud_KDN3RuXQK( zWx**Lq2@Ltsr*e+mX-tbCfns--LQ4+bDY+Ttdm0M6dbKfLp~4vq5Km+hx|bPGPY;9 z(RB^5%d}x_rCymGvtKVrzGJ<+h1kb$UVzl{*xnL8wf&m>Z)#Tm0O5~`Cx`4J-JaIr z)Q|x<+DEUwdMCi&j6O8|ia%>#ho2R+27(_CTHc#oN(VR-*-e1ko3I(k&q{XG>8H8< z_~{-g(EcZQC&J!7@RYWfJ{#5SBD{iVWDJg3cN}Bt593{T!_OG%J_*-^cObr*I1sjZ z0OzmrtXk-8e)_{gZrM;H@qQ*WzY{8*5$_ zy8{wKcM_B3Zt4}(6~|2NJ*$rqPnr!ScC|~*YQGbbq5g6{E%5ZQdDl9O9!|9c(pcZb z5Q7EGXABq~hmOBW@=L&WNQk9)z~h|Pbtzq49CcIZWU{JA27da7IKUr|oE2hi6ALd{(> zUGo`GkDKnl_|^S!Wxup#^9hwkQ2SOucYYnYhr}KpfQdwx(2ck!<{0%Ak*dQopt^N+ zU`TIjb_3_%ik<Fzh*(HXtVf}LAO~nxe#C2$QO1<87fHb4pfT% zduLxeEeDvYtW}q8Hj&!9sWTZqrbDj(05M`?xlT?+Rr8VXs|qXU1;4#rCp?H=FPMUM z z`d9RG@ax2yXNs(?wOdALCvoIn!JMkfyf^9%V_GL>jP#q08b-B}(kTv9?}VP*){UQ< z*0Iff5}A}34=mboQ?EOTB_iIAVCv$&tt&mB&9b z(8J8Ltw9adjL}OT@Z4w8yn9a{*}BY@Z7C6{91+PKja3)W=*7nRpG|xm(Qmbn8tH;H zf=gr!#B9qG#w+xW4J8{+Pc-6H;{fn+UaT4O)#GD0TPiT~18fb*{*}?`vs$&I#U^Zx)D>y4HCTAXaLq*{z(SlUQVTXE>Lx6|B8p>3Mw!u-Kdkxh9H4Aax>buE_nR}f634czq= zuW>chyLT1`rcDiZH6oVIHbA5n_Z)Lo?)2NAv&S+vW9gqtKqi#4vb1i1Hb~Ao*F*LT znIJn<@##Pr$n)OF*6bStg=}=L%S^Mh4QRJ4B)CEf9P*}sJN-gOytOux!wJF8a5MSW zg?O^gEgw~Db9R%%AsZM|Axz7TN3|a=;oM`rRMi?=n8Sw4cJ-}b&FS_i>AFUzc&_ol z&Ieu(A4=CXq`mmS@VJ`H(b2a?7@H`Uc=B<0CA72S>8Ko?X@>>4tNH&v|DG>)@UT3 z&G|?Kj+EmNFtt4(lnoKkwa|Qe>&VIP0N-FuBpzXxn^lvfvU=O4Ym4pwunP+J%<~1DYcja=DpO2~M1{ z+Q@{r9D&lg`|U#f$f;`08xzA3oK~nVRi4ndmpsQVeMb#l_l6>dRCL0l9u9aMR5b6Q zaAwZ2r@h6oiZ%|we6{DY>sLBl43`OpQ;g%0N>?o85w35p=A1(8r=8gASKzz8wr7Fa z)+Rg(ixqMDRgyNM(#q<^k06ef-(EJIZ)*`%8OJ1!X&Q5*n7Mp9OsZsuJ%_z@QN;nY zSGQgW=O?WK_J=cYjpwLjDn~<#=&Xt)EX}lFW2FXdnOcmH-A2ktJoWXiU&>2%I~1KAEi)Sz9o?e zC5b$7n%0Gc!Alk2+JH0Uy7H#LKOj7hTE2@MpiZQudHkwmv>nX(wFqqPRS0IwaB=+W z(3S0Obkr*d9A|Q#MPfshj$V7gEK=F4$G_2sO5$}3YnbF{!7%ZW??ImAo*vU0>h3#f zn-0hCG2*_2@aKn?(lHFGiy%4395rQAv8+zM>GZg*FJqq81V&7B#?$I6kJ5F!9X=_C zn->J*Jm#_GZ*iP2h`e^5ehZihBp?|({{Ra2uYq5&Z^d8Q3Q0AlvX{U<5+)~;QM*m8 zaD@K=0v>u-QjLr%Gxv|+PwboUyWka^3*ie$yg{v>E#}nj;S9?l7$rgJ(!QZKdUR3? ziHMr*j!r*_(>WycI*m5k^5H>|O})2a+=}TTfg?bOxC8Z|=aj5Y7jJrod6pDsAe?%4 zreb4kX=fLf(mYH2K>q+0W$Kn4-Zfvh>K4%>WU8451Ju{T z{{S6-YhM8P0@qi2pA%VGSldMHGqjs`WB5jWX{B?%l{5LV{i%Q8rMjPuUs2FL5ns%7 z%Zv#I~_|&!A>+NSy>Lt05xkK%qmFi)ro4KT7%P*M4$KE|p zb5%U}o>YvZ?kCf&deq``RGrIa1#-=|1L;p_Uk7S@-K#mA6#_U^7ghvtILBJiw6}Q- zYKTJv$u)t4S34U`5y?rJQV73_M>q;SYv_-IKeJ!PkJ<~wu=r2l=YjQIU5t^(CZi-I zTf?~h?4G#mNxK?CC-lqv9)H0UJ{SBH)%2eid~($j;0qR~E$4Kz@kzwK89tGN#wy}gzJ@Jq7Yl@{qL!sa)*ain-S&3tC*Ftxn$(6JtM7x%(xv&w^ME1$pM5;~A#Zn$BhcLGC)&9ei4YN%c0TLg%A3 z%u5NGq+Nh#Ij#=-#yDx9wF>g7;Dc1Eqj*s2eEZ|?jeZ>PD;-0{+ME!ke&LiW5&bLj z`{T#$->Z19c8l=v{ewtJo;H*M1dGt&zl)`8mClI5$LGeauWDNUqduj3eRXwpDJL>X zkbw3BwPG^epa7EU4mTdvyeWjG(6eo5UuysZ4*s>V6pVz2RtP<)ZpKEXwT0FE@rz4l zk(hy%9jn_sG4Q$O3v+yTw@sL=B{5j{Z5P1$eWki2Fd${)m9It9bT2B#MUCTU2jx;L z7ci05cy>t+ZSO42y90%Aavr)_H2BQL*DSvECp#9zz$GY0$_;MZ+#!!-B}$s569V;) zk#Bvc&2i_XR|(TS>ynx_wUn&rc4r%h^Q|Kr0m|!|Wrn7!yez>_1aNWbT+W~2eLqc^ z?kt{dk3VaQ+f2(=@2#y^Ymf8PsbfOc?9DMK4fnH07{mPk>wsI zOQQ$f@=olIGm&0Xd!YXSYevFG#GOu0OjdmjX`do|ZTMIQCK-x>ZW?j+e@O`#Wjt} zY8IKuFVzpB71H=N!XF=BTw3^mGtQ%EkjAPyNYIJXu&E+Dsf#P zySHap@0g+w;~hn9OysJHSAiyxk_)3co{fxS+N#*v%><<-aOzJS=Co%#R;KA+vpcDo zWVdAl1avj!zCZ9o_`gedrr&KMB(n6V$sa#I$49ue#!>?1isNZRJ*J*Dwb39V3 z2^9YT&o>>#c2k+jQYYx=?CtR;KNDzHJ`30G8TC7K*pn*!&G=`L#eK8k`#ng*_9VSl zVUU}fZbf!NXB|kL?v>%oiLdQWs|-)KYau+~`sTieZwyEMn&NABxQH&}ft)TqYob0! zE$yN3_l)q9hcfH78lcmKs<<45Igp-o3+ayh&~?iP4%_v!um|B z=35j8D!zx@){&8~Dn^c%tn0GOqDzvI0tV1dMk}bA%TUzqrVt^j^3xLV>rFDP z)!2Dei1~QkT(eqV#d9HXC)tNgrT`)SY@3WD3TNdkhPm; zCdQGeLFF*qNF%7OPh2uKqL&usuzKgPqy_tPDS;hVuGMOF@{el9(I$|=BeB1?G?avmD)4T3Fv6J zNI)6#&v9DCj4mg) z)ZF=ysrBNoTlhLzt(xKqqv1<)+wiI*kmT-Vmd|{93O69}*0EDTxz*j=Y;lfM)g&C6 znUZ)y=E2_PUC=4vMtYH63*-F<#k!`cYbJ}U-Dz`2Dy!{4R#BdYlSLleqiHwGWeC*3 zmT;dr>7FYZ>q%#wq>e@m2>eB1Br=4M7&e0P#^C2ZwbkfGSKcl`c*wxW&MOH-MeDmu zWy;4OjgNfRWul93IVG2HZa11rAanYqg3QEQ-LwauduF+9BGOd3`#zw{dZ3lxjBcys zMa9_ZuPwA|G!n#QCvPd7VAmBcxioii+F9C7A{N7L=Y!lDIS`w<)>_*UBr+CcZ}Y`_ zhl91XvfFDUdpam$Y5O!Qo1Q7Uj#xJ{$Go8!ZsNQ_XO`Mmkbr}dYe>f6bDEckrjB%C zf#T02IQ*(zKUMpE(|PKUM0#Z6wMxRUy1F#JTEqnB(MZqXU2|zx!%uRFLt3 zk{QdvXqS>D+O%r9!BTOG>8~v;r_;b@G2<8`oYyp%SYiUzGWX1(sxZHuEX`w8P z(!>Wi{u)~wWe%y80P&inV>xs>gn=!Ts}4Go=xZNUxQV>9v@)q9IU@kmGLja`bhm_y zs6&!5lhg95^DJ^s#x;#3z&$t=T*UT23*73~R;+HKPbIOnRCe_>uc>&R#n4!~n4S6( zb3xGwbvWH_Ye=Ektdq$7b_|uS8rbQ{cQ2iQz#IX_KD3_4LXFSn55!mUYJM!ey0aOw zl2XZ&k_L10R_LA!39Pl{p56&kK(V}!g1Nx_x>uzNdL(($*K_SJ1pH;vZeh02d`B#j zEFdY8G6vuW03Q7-#r`{K(Cb>G_`ktdH;HF%6|SOkGq*gSe!s1CC|XxJYE#!iz8%nR zb=?-*Q?YNimIO%>9mPP$IQ)M~^3RBRr-^1(lOa8ZDl^*)dNv2_t!ZeXw-(=8Tm_RoPIUKxtGP-)$XfnZFLN+RwY6FKxd-1H*A?cTH`mX!l?V;@AT#wBI8k-*H4E~`$f2tKvkp98TRR4uX=xir_wwnd!}h|?Kbepv6zko zYylwtmDL$F6pm`WkIBy#KZ|3(ydEc+q`Fsf3J;aANYCSn`Pxl)QI`8;uenuJ8GoeR zPLa)efiB&5E;$%I4Pz+;R;6u2;SZ1XD0JO(!&)8Qq|u{EB#?4o9;AIUUr+wbzY`Z# z)zjf;#Z5JD^h7{Y?Q6Xh90GFP8z-8BstF&WJ`?yQ;BST+r240a?JX@d%c5=}RCOUv zI)Dy43iHikOB3SzJuX>bj^^cwg?E5u`e&^;?p?c|D1P2P3-RxR(?jt-j}6V&gXMuO zZY|(!vPf6vG67ys`v;WOV%DuLZ?5dFQt`}DO2m@6>yF*)rje6cAEG+H#a%Yf#n#^m zyi;iwvtxY$TU6VUNgOcrJc|6|`0en5>q_{PE^MW|gH4G@Wtq5AdX2uFKPrdkL+b0lhz zqitkihROc`CYh`m4u|l_-bJWMJkeW9kTkzK9lQ>Ly_?|ew}!2)F7(@&BU=_#hT--V zZJ_c;^Psa6!ZtDJpA)a`^es+CvO9_-hayzZaDA)jPm5o&kB5FQ{60P;@bj*jLD!;SFY#JXj(-D=BcXAQjGREeLNzMT739=WMl>2b$vVH(FU zJF)%Y{&P%@eNSunOW^%S#ddaj)Vj8xr$O^OFWLeC2Tj2K71wx*+2YiHvTxcu`24`W zWG8Zue9%f~KjI&Qmlt++dc}sNYo^>oB1oZ*Oo_N><*Pps?JaIBd_RAnULf%jy2CU` z$M=oUV00aMqnoLmq^^3`f;<_lc!PeAG=%DlwH;V(IU}Wcuf@-XJ~Qy;_2!$X_Bw~P18vSo_r?-BS{jQF?4sjTZQrnaK~ zdOz;he_FnCM9uFTcuZ+O4s?$a#jAOG!#HF^CmbGg@BTIS&+Ln-{3rOM;cYWX)OE?U zjb1p}o-36D5`%%9{VO>w$Zv1j^@{SjYt^-92}3rxwYtKdZ&bZQ{b!HTTct?aYok=A2KWGd|#*PBhIU#eG^{Y#2S~dP1{6O&^!cQDQ;oJQlS$r*f zm680m2G&fH3LJhI>0hQl2{o?_c>C?p&#l{9-Ng?05!hl@{^>rwYFIlSYw?4@`c1{h zpJA+8-3_Ir5H}p;Z8h`uf#Gc`&Uv$AXCfEe!B+*3sWp_0xzXKfzu6I3!(fmys{&Lv zIB#RvSCsiM+-eVDaPWwa190Qsm%b_J__t9W@O`+r(N;u8Q;j0B1XLin+k_C#8Eo!&?D!W1?PZmW^wy zTg&D>#C=?PH?})fTydF?`%QcT@a6rq9~AsCd2grQ&d2*g&O9n_7|9AcSLYXsVvf~9 zAqjL33YoIRl!y zaRc>};kSux{8QlVFH^R^gvimapB!Y8jnk?1uUxlrDNwDo2^BHUTbgr(iS zPV{fX^~H0`Moo|6SN;oW`z~qU0Y7Wh_=lm{N1*&V_?vEZ7@-ifamA`A9%=sW=PayG za{mBK{txPwGg?nFTn+nOmv-D|pGsIH;~rM6Z9ZK;0~tWhwXrO+FgXC^d(?92g_%rW zBOap_-g8QtBbEs;$UrQk1c8j#CpVi6(#Fv;vfz(K`cPCiK8yX2K09Cj&cC$ZfPN-l z>YA39;OS->Mz(Fw$o8`Qp_~p#Mj-wb{f~ahzYk^9emdQ17QQOI)+EzP_=84~u5#Db z6DZvp_F$(yJt}6jI-<|rtrt?XwrJ8Li&q>g9#mGpiR=?m)4*8&0C=DfSHHb^^^s?k z*j^nz^;YCf$%eQU$|K96~S;@xh?!*=%3dE!fkz?pDbY=hW;yqQr0vl2T;@9zJDz6WK3|tW1mhd?X7a=2lAdhvRg{MK>ce^ zW;aap3;i}}pt`V-Yy{>u&*fhfd~Wdc-XD>Ccpen{JBT$H+CAQUO~&T+1E0e_wLG?F zO&<~bPxx!4`0v5KF7N}~+TBAWO@E@wPs_ZFyhrLgbjYvd7xt|9EhoZ1h?vWKn^S=Us^Bltw;TNn$s5 zstBYL!5!+arHCSss=FXX!*TCXL>55t5)lXInpOZ~wb%qC0rH&mslIkqR0E#1quS#p zQWbI!%(Z^qt`(PI!0%ZdRL`%!VZYj+#GkRx?Nji_;>LvT`V{vuY5L`$ZNF)@W&w`w z+ebY20>9DQ;kS=GAllD{{8QoCtq*~GYi5_0_Yn|chUlPd=Qta5mymsFOJTxAopVd_m1K%w z_T+rH>7Poy;JD?NQnI$Xi9W}ZxwmpXtAehFsX|*L)Vx>WxpX@#d-f5}V>WQgaw9(f z0H^0(2d${z9qcfvm_A8i#@dQcTOO51c%MrC&U&;G__<}bk~NscwUjp`WcK_`evA3< z6N`C1LJ#F$y(E0zBXZ34;yB51xk&3(?H(Iq6alq;YqH0l_c{pmDCB^n9gUHKD%=sX zB(3Hz-N*#>phi5A+Rr0yDzXDzMvtai9nR)C4^EWPq#|kFcv9Z-DGU;Qov?d#HRjE2 zbz?I{yUkT%F^bme#_@JHqrZS#Kv@Dvi<8HCxu)x{YUHGhh)!^85xMp@?>tou?(t6< zlG;?-`R!S-==Sn?a@!z9Q|ZPiA(~p>hi$JcA$=iZn)OZ`XCE*5&13j)M!B|-%XEmr zc*Z(Y1KA_fAbmXEL{XRw9F7fnhl*_)(#5ZB(5eIT5zrb7=OOTGTI)8Gyt1jgM+>xa zKOcUT>20If!KYk8_VLLX7+mCSKDWD+YR zh(QhyO21|mBpk` zyTm?BU}B@0h~T`7Ti2E0ky3CvcQsX{TV?`e4#1ApCb5@8)4V^d>5}Q!I((}fD9CvK z0Bal(T+DVt^5NIb3X74r&}nm?)LE@AS`|`PKQ24b6wb^x{Dy(^9jqv_*%1`M-yDwh zfFZp}wmPthM>!nONoeV!?+0<-ysj&?_<3_G>g}doTm{JlDedn-9?PwGPR!lOEvqxG z(ZS?ry?LGIhOUmFjI4`m$YsYl{{T6lT*!-A(eJlfS;rphb@{x(+N;|&&Xa`!m@&c6 zLGM80F2`@DyjKb4OECFHO?gj^Zglt6NsN`ZTzsTsC%p!q(CfSzZ>G;{i4-`_IUNOJ z_@hJ3#II@cs^qB027;81M^3mqN?ZntWjN$u*F|r2ZF{obRyfULC#gqC_IoHSw!?-% ze>$5>5KR*-E=Isf$f*MlRgf&_a)H}EwFFXV9Y=q^{i{)&=}ij zWIgM2fR5VuON1mK9S5yhnsJ20cx>Y}Rx^~k5k^qEAXX3VD)f6I1h`U2??XmnH`%0K z0S-EGRhE69B98QiRG#EEPnXVdnzdsyv=hXBWj^0_ffS{)o?J+cy9YQTw_>?_Z9FV& zdU6G3?XVbaBeN2_w|e^4)wZ2+JaOI0l7ELhwwZ{m*~$7Asq#M5nPjIEgL@Im{Ywffzq_)^l(O@bS!ZQ!?# zHH{*QFp7#g00$LkG^T0C0!y21J})XBgppd7dL^Z<8IVmcT(G8dN?px$;~W8xN?ee7 z@lQhr$~QWKKz4v-Zr~o3&uUt{7UgG}P^t$Do<&KmI(nQwt>ft8w~?ipEUkdf?Bc!{ z_`Ca0cuT``Y8rZYg3{XQ6D6cL=hHpA^Gz;?qe_wZd;3-Y0KrKtyfG!-hvA)8=fqwn zQ;b@+=+#fD{Qm&YHTZY&SL1)hFOApwuBY(_#8=bXO(&TRlt*N7eL(B@*M1)lskGge zhm$c8+Q)8~RZ)ds?uw7hO|CZ`*sod;vB5f>2gU@^0*sqS6)bUWMd4Z3j-6=dG3L1} zFtnSMes0H_*SEIv)j?mFR&GX8k*R5+Np$S&Hm_`o>^vjj{aeL)?Z1Wm7va5g#r`Cf zu$I&f>i1?mc3u)b~hwtuxJmOtG{K2h13BK9$Qmur)Qi$TXCV8|5db z7|lteYVRNj$-EQQM?qP}F8Y%udM23h1G$$u?_B}%T~}lC)84f?=dsOBzhS&)ELbq* zNyQ?|EY8amfJ#9sr@d~GiGNMhZjiODobUI;ePuuX9NS#i*FIyaow65I=~}Wz5Sr4J3-}0SC9eaxiI^ zaq6vpZf-*3Z)TLY`x4fdP%2G2iA<=Xk#WV76_#yLGJBUl_Z zxTPU@o)Xz7@UI}eXke7b^6u-w=~>D>P2hQNjdWX^%NDwU9%z9kMFWg`*XDP|&xfLR zp7=)T<*{{;e+jH)v^pUA9!=prc4oJZ!R3~4gsSd1Ao|y)X?Dq|`H6QNP8a6KLcmv_ zRUJ`iz}I{~r^$Y0v=iFK$0avp16^N-E#nXkyRh&k0T5-*0J`6kVn|C>V6dXgQraP+O$tG3%)519x^yM>~YO} zU*gR=#%+63(x-_oQYrSrKpA6>2=}gtR4!3Isqj+XX}WEandM0KsQHKKUWYu<-4z!K zfq%X0T`-Z!QP{1yZ0AOUY~Y*`o-teZY#9=3IMO0|*YRD;f2X~>FO)`PWybHJq>Nj;92M9GHk#I%%{ZNh!`~WfUkki( z;qMmd^BHvLCkE~yo3}^Y;=gJ9IpS{({6f%dd}rXjN(=2K=&KPK!&^vyg@?NpyY zB#zTgw?~fZ$)r-Jx#0TOn0Vtzx=Rr@nu1+~1r9TTNVv+!5v%x4e-da(C9MAdWV}Ix zwXhiDqgO}ZjXvwcs|sGiW>fN#ztW2eQaz?yn-{fHX6?9+RP`0c!DzqQ(cQwvE1pw$ z`uF^)7)ka!X(zpi#|-hAK{zhGDwW2ca?^=z=P?ZAk6Nh8#4`7lB)eJn2VOtkuQ=4s zsif-6BHwjsD`l7ddHag4aU+lMR)=$Pi+dERZH7xGK45FgM6GKs8QX9<4+Yx0Cs1JIMmCP2C3jz*%d)6n9FXQm0+lzaZwzCWSz)v6N z{AiSW8bw_BgI)1Wj<2btR<9sper|eZu{BL~GR$1AGH#7N-w?~2G*Ic-8l zWXOyKUgN2%`bL>!uD01PWU`PG^O46Lu|N~e18En9BAq9Is81*9T>)o!BVE2QE?lFKAi<>!Dk)1a;+-?*Vcj=nw80O^Teq$&%_WjZW^XlcLFv;qE;kaBMLj|mxG5wG%;$g@ z^!nFZq(u}6iEwEwi6Lc&qGI&ygx!|O67m}7w~W6)-<522yM zym4Pl_(8YaR)ku4@>}f5z1N_vMq%Agb!~AN-6V1=XMu|EEqqOVb7LGgtg{3KQHp?Z z=|PN)S@lIg@wxLG?+#5w~tUo@-0(jS)!v!s*a` zE1YrAj`rv}fE>Xlc);PSA8c1RONK%h9$3iQ60b5(}huNWfi)0p#;IjZQ0Qy&+#RP45h|x1`AA3AxQ*kCq9)WRhVr-C) zzqg({*Pc#c^Mbh80mn5aOs%gp&u+0o6~NBYyk@ezFEr5IkF;h~0~m4B@u`Z`hLP@C z#-nt)Rg{*q+q~@;%oOL#!Nw2eTntw?7p60QV)M6oV2(5CTE;gf4%?gSr4@;ZMY6HGdB1di{jW z_B(Q6mN+BAFwYFfx#v0duTGwaoaS+!44w5Wry7BIN5hRQMPv#?L|dK5>BW56;f*0~TGBg9g9NH_WMTL5{VO=i>9W>` z+P?{O$lp;*eR?}xRs)thmn!ES!St_YviKR{OPkZE>AG0{)Kz&iZozU-I0LaBwLHCr z&tv6p5ouOhFN*YH#BuW;=bHMD;a9|4{{RU{{{UvbxQ5N5R744obJTq( zap+tp(Vi>&Qv65or-OWNr)vHlwVKaTy@n;eGE0OzmpgzTm+4+n;jbHNn)a(_6@)hz znsmIgvEn0)^rgvUbSdb4%kX1G@b8H<>9tFn5gw}yjSJ(61F1MCBc~bsMS6e5Ux>QL zfxIbq{ev-|QfU5CfS)X2f*P@r%~NypCNCFio+i|9XVehfI57#kZsKhQ1)U@b0O5c@jY~$FVbp z-~d-2UbTe{E`ky0d&h$xTeG@{#9BhMFuM;nK;>MVbr`Q(u<>oijLE1q+;JCJQ-awFAr9ecr1*lRYQ6)fRRK6Dd9GRe*e$jQeX9R3yIFR6H2#M;~0cv|r_4Li-* z5AOhBgTOVLr`XC=?tO(PjG*vO!+Y5D^s=+nKFnQ<5+suYkPlAv@z2ApAH-i4+g|ZT zfgY`=FkdC63PQwpa&kN7k7g)ox%QWXw9giJH^MgBkBGcUsOmxxRz@-s8}Ry9%YPU? zB1^0MM({t1JQ;m8?wxCO8cQ2K(+lSedh#<(FL>QMpJjNv&NdBlLopmz4Gq+vB<7s6Lo z{uuKiniyt;hT9y2AZO4Xooc?jcLCgCg}j%1?OxfWq-2{X@cq169;Y;xZzrEB2hQw; z7#t|=*1bDOp4V5mxU-%&5}sAdU=#00Gc_9(iovQrmvu3UAaGwf$n>r4H^8^L3DvKy zWSUJn^AY_0I_D|*3KWXD+I$rFT>^NPTg_@qYpL!Jma>pflA*KL@vpR`@jr)r6Kkkx zdZpO3w77xbj%|Z_oN!i^-or}g<1dMPW#U=c0#2jb6%{{R!BgIl`$Eu_~m??zSF5r_Aw{{S8! zxIf#PP}6kVs7N|Q2SrdZhlk$ z00A6kxSxerQ|X%anW-*{vq$!!=f^Yc+B3m^FBy&cp^TK2-Fi6Q6 zIX!EK)b;taM7O(v$_K*p>VN%pnQ@PEnDGybub|RStnDq*46n)jCZ+IBwED%;GQ^je zh{(VU?H$SV#Ui;;_Lsu1hQ1HI(=Ii89cn4>-X@x5k$@19o&hGhE9kY6;r&+b&rnp- zVJGbf8%h zpC9-;$kn{oKWq`;Fg=O%;+RI6)_B191L8l!ZGJmVVItJjNbn-e6gM3)-@Sfac(cJ% z+3lTUR*!^f0o}+Q381vBc)qQ&IV3>~Mg|v?o@;Qs)G zYX1Od*r7jmIYu+|pzDG?noo$I5I<#qj-CSerQr*SEt^l&65-4ws?Tr6rb^=-Pw?>6RA<2IrRp=q3`%5@9mZ1yKjc4!}CdXuKZK@c^CQ< zt7hX-(;R%!`mj-fRO6x56ZWg%U;Gp=Q239lA=Pcy`yi+`av{XI2j_{@e-J$@_S@li zi}b%7=vp4Jqufn-q+TFjGDRco@7*8J^fir2M@(aL zK_cyC!;#g&sr5BcRu-wh)z<}WTf!4p$SKrV166dt$tk z#~Ml0biF|&vV!*7;ueNgbquTs?kkFzFId3N! z&pk&C`B&uk{1j96WwZF7;KSno01aD19j2iZmuS}}*5y9(|Xr!s#35D*79vEs!ES;w2%OW)z2q^P0OGY6~`e@6@Dg= zW&F*j`?Uu2m|lIF;>zM1u%I%P4~&!~b;W;MAMins+e+`^Ps4pn_DuMltXjUkp~NQe z;{*#4@#0pcrv5op?1jBTJcx`ZF`F4bZg$z?d)N54Fu z>t5R|FkV}z02teqAat%Oktmwkm>^gC%krOk{!{+|;J4qf#+|7D0K!4z4+!W`*}kWp ze?+*pV4hB=AN+jV?di5aLx4E>&!uvUl^@6L;d^_DEM{_U6tHzGf~*c05!i#;s@UB; zEL$UXdS|scq&ppqn$k;dw(dlVNI3)U*IS^&Ya~l`Z*lYOJ9hN1HoQ*SGCqm$UaO^e z-@{smg0+bSrmR$XOsU8`jDcS{c%#Bv)`fq0rt5a^ZV~oHE3VNuUW4$gX{$5SOQ632 z=9k027<8NIt(xk^qG)!8#^xs=SL@c5C9US~wZ}3|o;Qwj=xf@h?vEE29dtCOXpy6d z^4U1S^sK2Y_ectXwECLtJjs*C1ID0j9cymQQ3D4%$LgYj3eRgB$sq$7IULjNwHb8v zc-RuT$;SqRSRSw8D~lax{T@q|g5=|BxA9g#h`c`rnRNRJb}gQn1e#`tF@2>Z)~_UL ziotW%xBw-MnPekDA)|Y4@$aJr^x~!TXSGzarduTyzyq7wh)VEl6GP9ZvbsR z-nAfcF={Z$J~r%TJBc>7Qy1(zb(P(;7muyZqG^&4^@Zh}=&ccdOqI;DoK47P5LGyBcMATQFpnfyfr*T}LwOD=La{*)+zwW!)?+TFU# z6^*^E^5b(U$C%mcj@9SdpNH@nqPX&12|OMRNEh_Tk*(4zhZ1Ll#d97ajN9fbWdNM^ z=~2np4i?_l^4j2B%L{BAsr9bWH7V}xgi(#H-Lco&tZ0FoQH@-Q4*-D2x8Ybb+}}Hd zX^RYCZ>>9jyU7fc`4Crmf~@j#mUR>FGha&|BySQk7AN zMm%mkz3ZBnO1smpXS0>JFmf~MC?-zFNnobJGjTjj$fvODSMRSN)gY4Y&5{sK-G{Cy z6l6P2fr6u`8?rNAucGOif0-S`-dqx%_`#s79UaezwB07=3tPL4@8n~im5qO@+T70a zTaqn5hdpucL6e1!yG(5`+QYoVDzN?`k}Hzd^m`3QQ6NTl6 zVNSEuWweq;KzBEx-P z>zK|<=B|B;R{7NQhv4dIhCZ@UvhBW<0SJd8Rh(m8~%t7}v*LK6ibH6l{o~rcd-3nZT^qud^4@CqKQLU77;))IGti|>{BZrSzu=%g z81QbHabY)!{EOV~wSpE5@&VX@c z&3{-Qvd`=t@B{Wy@cq7>@bAL5SDMBFn^C%qJdXX?5;M(n)t^G;*!xi+!Q4wZ_wDrb zsrGu;B=$0FK$z-j{VO9GO5sOJnM%TnxW)I`S8<|ttR?kwP7SIGYW5dQ#bF9duzH)(%y7Q3h_lN@o$#_z9EKhA5GP;J=s zAqyXt9~J)qX)hOiP`{Ss-`(2jvN!J44%4?h1MOZ7B3#|1@<=3^8Hr<#GHa@p8x<#F z#1=~kU8L<8;MM;CEP_Z?;<|nmV%W(6astG67jRqFEpd< z6}XouQ6!5z^HmjdDZYZ=M4Fwt$N+1F9gilU)9jVP$cOjJdRE3}j-z{Ys07xs2~csk zVE%OP?OS`h1&Ui#80*J5pbkpz?rV1<)f9qx2C6}JUS_wrA`RREJ0E%gO+IZ-+IeA; zbdzfwGVzgGGc(;t45xEufH&hd@>spHyh$=A0f*kMQ%_d0y^*ft4-o5v#Q@Q%aj0p= zGCbIz8Q?b@)Eaezyy94rITg9!gT*@-^0MxwyUh6bvAonY z8<>T?tDU&U;CcT5^;T=>bG6snt$--UE%mI+i`2;R9j(=*L1(vNyQw0)BVEztl4iJz z_5%NpUXx*ZhW$5dyYBQ}=tq!B6TuE!GTBXJh?%eX&?kXJ;JG&S!?=N)ewFo0mn8pb!?_PYHJE=hJ zyf_j#TI$KwQfq2$j-+gTr)Q*EUU+WO*lIBE z^7p!6f~}5#)>qhXt#s)YX(PIcPs&G7J?qq_dDW2xyJKl!ykoBwu?DB-BU&xKF~?u! zUGS!H9%Xk=9Kmo$+f+ z#Bl?hN&)IUtK^>?=t-k$w^kr1x7^Pg4&yb=QjuKU4NSe24R;i4(e& zGYof885}%k)Nm`-Wb)&Hc}f(IPW7}lILv80`D9?zzm<-Z_@YRy-a)!RKK44*7&cdC zQjH)&=zV)u1Q*tKv(I477;}N;xxs379ogr8EYR;fGjy?{&1BL`lo- z)-C<7X>Rgl>}1YJt!}p!%hTFf+uY_Bm}KOu4wa*&?6;MkSV6Zu?%SMHJ9H7Xexc&? zEeuc3L)=y^rlT8NEHg&vz~iR}=~H02zc-eNmD{xQ(zt7xV7a_yaq|O?lz`3Ew}S3Fh%Mw?hbVUS_3d8y;l@w0qecTE=OE^;8;RWN zHb@;^SnVB+Si5+iVOSP7zz1(bTgFx-w+dbPK(v3l91IE(Jl6(T!hnA8^rq&*$3<;@ zHJYkhE?1@pTvVFxh4eoa*uAE{v%R!~YivB$k(JAfNbpTp;MaxxH};t{dyA-}BYGKF zv190RPCM6y>b91;jpNyCmN48~Apjh7{{ZXKaa*%aWHMV_5(E)gF2WD#QBQ9OMZ4K5 zY#fuw1J<%LmAV?5bTCgCYg>rr^}+918lk$fW|^XBqaTs1>JoBh@V3=>$T=qt!pl; z7ia zNKM<0a!(?FJ!`_g27N{qz!L2rF5}H@U3@>evU1Y7j02I!U&geIQ$TsqPIjgq!c3OqHO=CL9r-DJw(mNW_BPmCzWBXp}!Z8S9TXsl2DyE}zG_VVnP2B!; z6JtM3*4KN8!6+MU7}m79;A{xhQdRe$aWik8=TmRA38cylaBGjdak%Z><-$fRTIp{uH^95{c6P0B33uSr=#n zD*E@XA5^e%8TK~u)jcZFRMKJ!hWvV*4*o=r5rFUMTnC7xQF6u-s}6C3de$J`7DUCfrU8hTy~`sG8PgQT#@xOoUCsb)c#wwT^mgCCb8yeRDA|Bq4&Iy^^p#C4c)rx|zYpk>X`U#*(e(X3 zH?Y5*vH{M~ka~S<)O<_eso+@t%ChPA$g2CI`AdL4>ki|Z)10`;y-zit#X7jrrqi!w zWf2mrH)Iwa{`9w=54^l=a~u5Bl*>uxSqe@%Y>F$Y<2s9>mtaZ)L=!y z+A+_1?)*F9r%w)QmR8V1eJG2|idO`*BXOU0tQ^c}aYespRN81TS zVUJDN;8yQ}H7o5eSc_ed&o#xgfQDj7jC*=ebgLgzUwmS*@y?HbYkg^LszTt$F_8%+ zv5c;LKdpFM=w*DZS4l^;3JMs>A16;rn87RCsSY|Fm&3mr>KZ-#aBD%~`NFHa0Ikk4 zG3)7HZfQO()7hj;E4fnS$Be1qpHWtG&1-Yy{{W0Sjf@xbEQ}guUF|4wfPMSdn|wIc z{6h|@rHKspnpwCjDDyBv5^#AHl&(tApIUrn@GrwnPs6d#;|p|4<7TN4Mhr}c?gnGi zw@UcG;l#II3-KiJ%W$yi%;?*g{_Zsd3=H$oRy4V}nwG}OO#OBEHFMyf7ik)nwWMBY z+E%dyMq7xGU`(J4GWz{1i}BQ!z9E)tKebz|B}x`y$JdIvQf6|KKRTaHyV5=)+*xXt z(oLc{b`wIF93B8Qf5p~%cDZ#9lb}ZPN||X=N9w^g)i9zr=DY0n@L&!ub3X%u-5p{aO}!oCxd%`Pr3 zZeklAMkgCT4*0K^Ja49I9wocC-E($r!)_x73_$g*6FOsU%X(*mXV5ORy?)l<$s?+X zb_^0T)9c6UU#1@dek*92F0pCh-Ety6(+1F+H!_@c&tpyMgnKW=cGa)+nG?f0k+Y4I zoa1x4AK@dnYW(}w{3Um2Z>fRT&@okgn*DDr@J=s|| z^ot!jaoepcYjUk-eX_nY@NT#8)*T;CO(uO}*-UaWut#;r-}N=|ZMTQD-w*i8!sAVn zdyOLEXydt!-*Tc8)Mx8K9OtflK=^m1YFgZZVPCU(ia&kx1;_CWS23e_V@B}o_ZAia zM+gKGnfbpyYI(`I#_Mt2>3$`>mqffU>GG}>19ct2uDjvyhv3vNZtt!F$#NGGCj5b( znf$68j7Iq5!x6z6-)#_FTRwX7`R$KS{dO3=zbu(ypH!xz6MqD+cHK8&&&^QYq0p= z;m-={ck#ypTFWdrjS&VxQg=GQV-w7^H%fTJ1 zFXK1CA06wyD$^&`?)>RuLAA%+opF#$dI47(mmf31CGdW+9fi!XDVW4qGQ=_lJCR;; z`o6WJz{WYHw_AWvBLX?C&1^;CABTP^@qWDo`gHNUzzxd8;f8roJxzUhKWC2;-Dvua z)|qD!)NSp_WOez*djZt+tsPwellE2krKD+^{ND@pT}n+e#CG$tB1k^@2d5SKb>quO zwJi=^cUQWDNxDcF0CJ_2DaHrAOyzMi@^8bsC69|fC0=N^7Rw}Nc5UMYTyD?(_04@Z z@hjj>#*clVSa@pY(?!;97BFMG{xEQIy@?|g22z=s@w3MkKM(ADGog6jO}4l3S})mF zXyE}R8%7Bu`q#?(m7bfY_?N?eCbqhTw43=BE4yZJJciCUeGWx3l+V^5h8`5~pMuVp zFqSFoH31#Lz}g!iWaIFzC-#B(b$zdR_Tx(MP2BIG$f+c9yf{_dIbVKw{4-h1a*fZO zz8rWye+qc#Qt*F?w8&=w|3Co0w2~GU(=pmax#$PiADwic8a!91Ev}j1>GVh~Z>*Pe zGMLBL<|Es^FKAih`Zd*-zW}khR++&a2?bbtReeX{_lT2P)8o-2jyr3a2GUfM5gpDw z>h4m7&$E18;2mE__-o;^E}8Xd;wf;TV5^RepP?1=mxjI^__JKp?CoWZS5bylk)=U} zm;;@s>OY-Qm4)ojtC@U@SRtC&+g+g9G-^IfV;p|9@(;!h7VG;-Mwez~)60oB9yW8% zN9RbB=WS~GXqJ0HBS*D<<7W(NAB3JDi%Ix}peCU24w-Q$mwwyuf7EqSJ|X-m@eR%9p9?J0X|Fds4>{U9SC-ySZ{rrR)BF?SHv3J~OB|?Mfj34_ zzgo@q5|PU3{{R4fD0nl*dUf8fCy}Q}reu-S0NnlGt$I(z=&q!)((YwjHn}Kcl~jdf z0C0BxRXoKX8To!C(4f4O30^|RLR9S%0)N7dUPC8^Z1suKK&;FshdCj>pN%kQ&${iL zT7ykJuq8%v1$mBkwmhR7u0{`PY1o+TT+uZxM@Q8n)pU}ca*+IfO#cgXft4S-9DL4z;HJc=EV7#)D2DyT0nio;g zl=iHQd5_G$j2{l}z8`pzWr(8qdh%9lHr^Sc^+xosEz_=MO+q`n2HAISD3UTy1%(G? zDRw_d?(d-Z#qd)}z0=FCwP_REO9PG02;jLsnc}}=Kj4F(wGHlrb>ja3*r(!kMC?zQ#b?EKbN9sq;F z>Ohb@lPO{{OLA+HdzUmn;unDKd|TmtTGLFpZ9l{|>TYaq5Rl=J6SaNFui>Bm3YYLl zQShI{dEStI)m`tKG&!Q5dz zxg_A{o_g1XY8NYaXKid)M3H1fgQC?dT+fon0ex)dMu>wOayUP&dKbX|0E?RU?B(&B z!2bXlv>!V9+Q#5Rs@Vc@cV_Ih}YXlw@n?e1gehm1JNuS{7 zh+ujh*Qsm=zy&AEESYgN`$E<8S;IO7r3OgWJJ>0d!bX#FufhU)y<`V6>kA zZ$dhBA?Q60hv8 zb$<##w;mgrrVB0ghVneJ3CSo(86Kn3l%u0Xxu4Y?^pM>&H%glc;l?=zu`jIRQ8X-} zp_OsdrfbTojHJ(rK0bUi)wMfe*U`M_*=ss zFVnS;3!;rbM)4)L+BE+FFz#C`z%#I(+m1mUPDOLY*_p`xLqBehfSRYnPl=b_B-8ZZ zo^``pYN}5#?Z^#Z1zv*{z(xC~jE?+QZ6$t4)gEUkP8Wvg))K@J*s&3d4nH! zxujelLey&P_7I>L}VBWlDgT9oH z^f3L9{{U$33;5l9GvjR!T#oy|9xs9@u3(VhSzZzMiRcL@{5@;+7era~#h**NkjP>r z#K-uTwQ|%)LWpWUAhxlBJKekOxA}6B)jiF8@%u)67SexcpM`!g_))7OJ;d<;0BGnp zncCLZXbD}d+c_$InX{VW6}lhid;56)&ARXG@$shqSfQRj3FxB`7i?qh9{E45eGB6aFT-CFd?1=$qi(huq9Bqh#%#Mv0l+?hn)0PS zS7di{^*$3CE~nv5YS!-F^EcKvLS5=}xk2O(eJk~2!aC>nzLlch$Yt|ow-P%)@tmBW z(!H!TMB|~siPZEDEA1GV;1R&9aj=66AXWpX8Qbq&(b)28B6f-7Q6hlA@sK*xqGUkG zK!K~ZeHd4)U#BHF~nV(^($zgjGkqKAk!6VYUd%OFKsM1i zRoKmeiEys}04d|zvbB96+uSq6pD7!@v=UslvbLJs2_XT;Ao^EBr{3Dy!7YW#9pML* zPfXBY%vQOK-2I+a8(TOdwQ5VGwf%{;nn@+L+qGMFBk`s<%Eo4o;j8^3>O*iuF#YJ* z@wj`_HOZpL!tH$Ek&GNY7DO9&VUX<91QTPdzh1w01M?EsGtI$PjktsHsvH zOQ5B9?l>LsL7S1Hs*tl4Mn?YjF@s9F%yCA~GZ|(>jAN|=xv8LBjY4^nNZtkma<(`k zt!f%fZ8A<2rNATRAH`clwLa$Pis~z9nc0TWNx|z}=Ao$s+!^+Ld)7=j`;h7S#A@-R zm{80HPZiu;>2c~7t0JIqIO|BL$mMVJa}+GDaT4bobgng|p4kMEB867qgF!(qyY{4I zF_^A1o-0090HJUL_4=9siU}G?#6mLpIIh`rF(gYW1;z&+yijcxQ(H?*DaevP-eVX7 zvu~MFMaOSSjzY=PU%S%LS$xNdxWES>)^)VgUR?=cV!2{YX*X?v_Dvg2wtECO2@6a| zez~q+P`iTKc`aEOFKULwSJFJaLj7&uVnNWF?r$_(D^(3{R4R;Q_oQzZa|+v0NM;eK z`LpX*uB;=tbhu~W9N^Y!T7z8+cWWcqi(?Y(CxeR3(R>G~>vMgVPMu=Q1A)}@&}N#K zaoF_jPr*mS&keowaziSCk&JVS#?|kPNgQxE2Nt>EEGM_NyH_@ha2OsJ>t45Gsp-u;ch02?4XXIb$E6k(k>|cO)#kmu zNZ}UIEJLZ;>bH#6$>4vS z)hQxnIS0%b$I_bf0tr=-OY#^DW7e>gy~{aeWFYOwrYmqPEPF6Jj()XaQQAPj9Cx4# zjR}?~JGPy@D*`B;rcfB~2Q(6-jd<`S3eAS^S7*77+!*}DXKnzglhA3LrNomsPI^4}xvb>LKnBG0qnqje4G`pxWwtp`IlU215=H=UGp4MB;EV z!EfQavkN0jjIYXm_q}pD_2s;oon?v%SCs|u&Ga4WqY*Zbq&@?F$R8NKI!|YLewSVd z@MMw#*V7^0ELrDh^)>wgd;|TIeiQr;(yi0L+B52!(?%A3Qt?AJ@Hu1zao_1wVJUPz zl$JXUGT0^bzizx8GIHNalETLKRw79Owzba#p(29`OQF}<>9)Fh5pIMxa!*>&Srmh` zf@nGB5=yA0owlg;u3G;9S)XxBY$A^5xS&yobDWpOFj~7P#Md8Q_2<4S@#U_WV09f@ z_A6U5h~zZ$i}R#p%SYFA2ws}$4ZN6E_gT`bn9DAXPY^bTR@o`$>)Ju zHns@PRDfgZb67TWxf)Q~ZheZSlyvp3ipNWdzkM?ZARl?#fGG_6i{L-(nelJ-kMTh8 z&%)gv<`|r+&8SHUWJN#3KMMY;e`6o`Bj>CbA$rA~;oD<848+HI|+yf$|B@LAbMfgBK^R6qv<0<}?pD&=zSNct-oGZ`@$kKFWL<(s?RQ&^p+ zzP`J?lP3=`%X8P7+MP3LOF^;Nk`^J6R-&D)u^9&d{&mq~ox7T8EK?}P5cI`g()4XZ zQkX|>rPFo`V}b2h$?8e#x(CCFBVjGrR&L|e*R^Oq0+TlG$Q~a~_^Agjhrf7t!#0+X ztE_)_wmN-k?f#h8O3@@p>CehX28$TVspeXLg0$OhVqHQ6HuqvounUUy*SU_?)ly8i z7|8Ea$cS|lDcfn5w>Y>`S$g%Y86&o{KrpVo{Y6BhVqD6@Q-&mXz(<7sl{6O?Q&~)b z2vVeU=~_o)Gm!AkovGXE6C-L5ai@}YtNrCU_4Kbu`x&;7M2?9mImqXlp&NH{T;D|% zzNFE}$~LTkbB{{m?~)s4dsQH*J!uUi638?OI?jSs$p}v;^RJwKGwZ(*G|Rm%3^b16ke(d!GwQ_9h8D3QDd?$WFtW zV0sp%96F1w-I(&5)6%mp@AD9g5y{b_QebrYJ^wO_YNWSPs_b-_8sEzX0b-f80Y z+2fH&&f1<-iac+{8meg!JTX|c$`<95?=5*Iv!lVOY1bOHn1_0dG*U1ObLczQJkfA{ z4~D)k{4|GNwsNrB`NJiF9D`p8Szq3GOHtHxS)+HJDLS_SfhQRLRmWBrI;peMwC@n3 zEO*nykTE$te5SeyE`HOo;Smu0@z7V5UY4h+MCl%A^zAra2uzHtfsW?4JRk80&u4vM z0yV2#Mpc!@RzdIDyy+_*g(ac0;pY29v%qEYI+a%8e+szzt*M#x+rsILVc2}9pI@yy zW2+PDFNMA@vDP$}((i6<-uB(fZ$X0C?0*bbpxoZ+sT)Ih?G$ZHAc!eN37j4OWS#kyn-nCxt%?=)%;Sgoo~Ab1gXwzgZQ1{`|V##ywxo2QagySRv=DTcm7|k zXC-laMtqMew3Ds9$uKTTvo|0RfBMySZ9h)A^5@wM8iEk3DjXLchO#T#9(&?DnRL6@ z?q^fxhWU|~mS0e6Z5vt9Z?74xu4am5m1In|)qV*CrwqU?* zB#sHKld;NcNo)oIU5DvSxwlJQtc?V@Tv zBDK_PB$64Ij1i1gTn|FNE2-$oXQ@VKMEj+>srEGnmvWY{BpoAO7uuVVQqw~H#nq(6 ze8%g*Ve48kUP}xD+DOt^K;egPts^Nr5Cs6Nf?>2DyPD9tn@*0}5=sg4>&h2vyn9l+Ms=Owh2~zl z$4ZlPp4E-L)w@WLuKaacmln5oa%tv3qCD;1I3v(ksCZ8{mZ1}urEn4M#FkU1I7D>+GuD%uMl+aO?Lc>IIV z1Ies=hMrrANPz9nrYZ(!Nvlm`I>q*4=vO zp-9Z3qEP-(??AbYD@`KYK_o&qRXuXq=AN2uy{v3^A0ZB1LF5e3E@Li6fJkPJHrNkb zcCO=2)@Qe}Xk(Q5TsG6wG&18p=O?O8m#;fY=nDFe(!65lz!tFU<6p97OQ#uS4nqE2 zD>pMk(KPrcx!DcW1>@q6fC?PX1GiA@@MmrxnASFGbuAQ zuUhL5wR4zq^jrjGm@)T?!CeG#704vNSBtGmie%?!FrFSDkGZpLb-= z(XIpLk|HrNyi0v`B*fdpV=q+UJRu20IRpsdYCJJ};E z5S97P(0MhBOs-^)z&G%|nc@9X=IR?acv*u0RN!ZhX|3ZMEeiE*+hUbbvT_0pJUDc0BElcTWD9%{{UfW(m|!0pWaG%60jY8`Ne#>r>*_v((18L&mGOUq_2JYxbQC`*HZymj=J)xT`H_GNyfJSl!Fp4$)De7Jf z)$|#@*K?plWA3eQ)!XDHa6QRW^#FO?HH`+!{t53f5N=#?^)DiNH5{McrDQGE7<*O zIV}N6nRwdO~XL(H1$7sB_ z`$dNphjHOA1Zw^;Z9d{@Ed1YPJ>l*qrC^uJgm1mA#>lM$|2BlUQc{Be|Fk!}6ug*yNQ%*)^-}Hr@*d$o4L&N|#o%uW zUFcVHcym;+R=1UL^0*lvGX8!2E0gipjJ_y%zr_&hJ`&Z|_88=d%LwZ(TjnDk-Kojy zXsPsPseDb)Y&=<`_*=xXczWjBTevv7bcm^qlzhBngT{FEuQc(OjQnSB{h8tUQu6lM zmukq_C3wLck4nSZr0gzJ%JdHZ~+E#60ajHb=Iv&SHgmBIeh+GqAgouTX6Wu$s- zgz%9d*~giZK3~eUOq0I-i!~1jT*-T&YPW_>azx(}$~O|nxbMem`Xl0pjkTW$c!ti? z!gn?@OKhfD3uQ|I>OUM+G-TrMV_U>OvwwqNpTnQDo}FzDk*H5@w>P3k!4r{&WB~BB z!hB%;q4kUX9?!z|w|3H5GJzcEcX^<71oh}B@-&IzwmP1f;e&7DI|g?7qg9NVpvH{aSfUmo??}!=?gY+#5`(3h@=GG<(&Zq$ko~6%WQ8HwY zk-j_0;Xe^;nrDdo8R83wC6$H5F0(1z{nX>Ncpt`XQ21KMM%A^4b9pid*^kb0PZ{>b zXUh7LdVKyJ(R>l`>%;#56)#MGXSqPqG+#G8zERIUwbS@>#kLbcrFhLg%=$TRI}g!- z=LB}Ge8;NykxHz7Fxc9uU@baeb!R`D7$WW>KB_ z&PTo}gr(5vyi=*i;wzJ>SX-^UQggOGK(Cv=BgZwFf#!vLi2+t(djbA58MEf^66v}% z_LmTbA#bP#!H}GXA5PeyX|CUJ0!pvZ2mnx zsgB1N@q^&4zrzhm4L47c3!7OXE_}Bwx4twErEfi(C9C{ks8wHQk4I@*xxweMl-b9+(OfV{Q z)MmN}uOm5Viw7KXDrFw1$;A09_Mq@wcU~8;@gAD$WrAWZ(m}gvJqnJvuY@dP2&AKy z+;}67MP_SFpJ)Eb9x}1hyhE;dD_u7WX@4HbCNJ`-KVJE-TDjMJLGXj(R)O(L;oh!v zzaMyeQHJW=t_$2j=8fxv+Zm~Q-1KS7TOZn2!GDcfAMG{Z4+;EX@arkJy0(fNv?u3| zbwC(6{XYu(55c;uT2etIbG%Xp921Yix$3P=ne^43s#z^>V|}b}-&*{W{k=b8-7Djk zkK+%9unS0Z-xk_Sb*8=w{g+UP7f@JoGE|HXqt~T#DL#e=@U`Rr00Vf3!5%a5cYr)! zq|Kpt)5G_&Y1*ZXoU~4iKwx{T0g!vwoHD-V2pp?%jPNV6oVuA$a|T_m51v{?+(5@} zYa;LWrH}$R`ADtIWh)s|ED{gjXLd1>)EdCMT!9$@qdmd&tzZskO`v>7_?h8P3u@j2 z@c#hBZxiYM4!wUeO*G107|(r*P8Xo*>0EqqM+rxG)#n@;SbXj7O;{?1n#f#kE<*nR zcd)0x$A8~DvH8@=*wQr{FYYRYDL%bxHqB!*{W(4bd|L3&$M1z61o+S3O+|Gt3iyjphW-#p-wUz=$iNeW zo};nI?Ovs-`Oj;GU6Za)O602>6mXs+wwTz(s#``HRLV@JqoEie`w@{}l=}9Cbz$RA z68I|e87*%<(Ix(j%6?h0cM%_<2Rsj2;b>>(=k3+|JxB3dz73W{x#Ld@YhDWR7OUZ{av$`IX^LCQI2SQ?U_Trh>7=cpg;SB16=gYa zjn}7Ip_W{-kOxn#cO#T!vKe>o9P!iEs)4r|AqH_k50RH@;RZm)M|xB{fCTgEJ5U4x zpUil_h#onnB#*h5KOya&lnlAI%TPgLI{j-#I3m1-;G5!kHRq`&w#{{Z%u z(Y4PL_`~)w_^GK&{hxk~d*Rux56^8nf6pf4k;8w$Nbg_SlvC^09vjmyA-;=KztWv; zuA+1EvMIsI_4oG0VOA%4o`<9)cABlB*$VxN@;vm&2Njj!-M04lj0`ku8NG){;W55w`UA;|twQ1el>gPUr)%4h| zn&ph)BvN`GzCZm{^#|KBPQYjt>J-|`If1kh-3S2}*9qTRd~k+Q~5 z-b0mPp2nYXrmWC3(SjZLAP#XsYJCejC80}$_iXHpk|$UgP!S{9^&*&@1P zuiW}j1>4DOrGi+OY>L2);Gys&H%J*z1`z|Qx>+D@GVL2x7e?ndm6mDp;!bUKs`3&*m11kA| zpx+rIrfbLT+C2{XJIHPp6%D{VVyVXFmnYY}Pjj!!Ai0~*Kf*`SykA`VeYlZ{EWZ6k zT2>i}r&!IYJgXcnw;67D&2yK!bkZ!XI*{JX7y&nhZHip8G{O#Lu0Q*j`5-$ecC-&V4Id`uP!u zmcRqe5{-dNxstb&KbTI|h;vL^q+ycB6pcbwdDH+&0-}m7frITXc|S_lFSrp&8vLPf zKV<~h+nieox>1^^b zjTw2{(AF-c;-kKDl7+&Yl5iAy(t_#*&xPL(J|}#3@e*kM1n|}FuM5f{H|&S(@SO5l zzJ|YTzh`gwCkMm7hgTNC41+>B2-k0Iv0;d2LoLEfxsR@naOsB`%1sW1!nXKbv^s=ID+y(z;cR5N$vLk3otW zGr31ok>G@s2M2;kEdni>s0Ima9@pKInpmjy;6y&vK zt2!yuJ~a68`$IwS+e^Kk-U9bguJ&->>c%>r!?k}upR|Ac6u-~9)b!sDT^(mw!3ZOl z_i;XYHVt%BrP%9?c~SV^@gL%kjD9NK&8c|jSG>AoH=MSqF)+vYSDSh0=vFe_cmlnO z6s%0ESYyV(WtS&Dohhkr8Amq%06q^spx0gOjyjcYNd>cW8#x}-?;=qm1x&7eD-(jG zjacnp87M-I_~~5@rjId5|_4`1WUPu=zcr>r!H;Z%aB|{qsDXZhaKw)%-sHjJ{SBL_-*i)OMMUF z*Mjt~3fP`&^P)-Trr2`yRWX;$p=}5}M8NkjD zHJ^2T1+tSQgY&GVE{8=rXCJ8ex&RDTxRye3f!4fJ$DT5WMbmCIZCh1?Pqa+@uOQsV z&@WoTPWmIdojYiLV0>o%upZKRbZ-c?z01f-JgVPxVD;;Y{Os{Zi8Y@TYIhg>MD6{KU(*P7ZR65h&5SxYHiJDzJ=JOGip;g^Cyu7r%`F64|}5~pz|8RM-j zot^Hk=&?ld<%;eClXe!Tv-oG>gv{2G-IMbkR~7U&k>D#!WR5#XKym1mgA|$DTIi{5 zB8lP|<0BR6b{5uQp)nwhMgSP;P}Zh0k=0wWS`p=ev-pR-X!%gIW_ZpYsTiv;GGx+T z>OnM62j`p)X_M(2RGXayXc^4-h+S!m8G=aeAw1-DU#(>(%llx` zFFkTaXDJ(|OxALF2*F5I;2PeCNS^0UX#|Q2_Z{lcoQ7%EGPEoal3ACWblp*1%Igqj zjM_>MAR1-``z=moM26y0@tzfl%{ucyTZV%2E2NFN$Oo^npbGwN#+XEYX>h}X>s7BV zqn1xR0FB=r=mOQH%y$uy5h7(ggWk8ah#{V4`$%ZW{b)0kOZtR%c0t%UWIT^*;;x{y zy4@wLfJxBifx(|Md_(X~?Nu*sZK7|OvdNHk=hCxc@YKf8NU9p!A2kNbW@LIwM2{45 zw8_&1@+y>#HKb1pw2%&ij+K<9(64B68m5CK#j`&1c7*ak=QYE&hjbX*m=;AmXQ8NO zu-xz;h@KOBY2<$_h#Rg(LYn;V`0Mbx^4v|S+K-q0VzMah&0{E?FqMxK@SUCRtzvY$ z%fMrkAx;R|4R-oQkp3J*v3uz*;Zuca8z=LxGZ8J(=;5c)o%C`^b8ce@)5g4&11A;G zcr(Et@Q_{JN2F?6cAtG3?pQ8m5t)6Eo-?$sfcy>)Nx6HLDeE4@vO0wAv;5+(eLlow;yFIj?g*DuwN#xO88!kC}@Og1uZZ z<6>2{I-3niwHqd7EI{Zz1y!(?TN~LXk`|ILan`+RXOk_>*&|&=(GVnMy-o!(EiwpQ z$B>fbWT_byqa??>wzm_+kVWK4o(?!Qdj82JwPld1O2d#-A%$f&2g3gV75oKtq+Xp) z4KdeFl1+us9Auug^Y)-ln|B}DuaY##0Ox>nz^OEhPP5Cj*EE$zl-^4ll^fTE9>?)D zNtvfdB*6$^#t@Lzf!b6 zigD_CymzSU4Wzhr0OSn&){taMJ&&%uDWGXu&4TM%cBZQ%g7U^s3g71y>mC``EHwL= z>@L{Ja<~dX;C)4J6?2wo^-*HCNF_-DWAh9i54C4p#Mbb;OKxQCjk>Ic#yaHZ4BO zn{vu~#zrc%+9;ApIMGcgZv#n@eB=G~Ss>2YN0Fi|OLF_VX$baEq_|L<~ zP_*#^Dr}LqI!MpBdy}8%L9Z^BJi9^CJZq)+x_BbgE-rL8%i)_iKAiJkP3cxwK1$B_ zvcWe@E-**E1s9o>m$=(lsG433c9>UM6iG>3BWgVXb^rMyNlOCqAp$2g!3ORY_Aq6s`m zxah!jtavAm+Gb$iF+QDY;>_hPgqo%FffN)Bq-Pzgg4h1ba|1hDZX-V~J-b$%sFd|S zch)sD({%-g)fy)Ug<;g!mU!uPoo!ZqGJmmN#@=Ewj12mEQo2V(R;Komtm^XEz|$)w z;83yxatW_N@W!_k6Qs8Z8owZh0M>2vHE5s5Crs7$PiqR=&J=FKfD3wzbgw9y(q&{< zo#ySFo+~Msv#8ST5`0@Xn!Nxgy>)A&X!>*Q)Ns+`IdPiJ0iSz$rI~|RLmuSE-Sn>d z!&}p?G<+`Dr@0HCyhw5EC9IN8;U90fEaHzVjj4qML_oRVM?0M8Y0UQF)j z;kNVxJ!^6~k;iz8!*)8_Nd@h+a}&q}SB&ev4e*Yg9LD0(RMbELB~}Aq_Za@QO;~)| z90F+(*|BJ+YlsIRwOqNkvAQWFQ!-#+D|*z}%2VuUXjaK=&mP2wdj>8C-ZjzOT3u=w zKvv<03CB34%7+K3%wJnir%aJaZzxm8Oa-jzWO!KaftoC5BD0h`8W?w%wxp_HnSPzC z9%*GPqBJa_x$TO9Iauj5t#T_Ek>j6x0z(YrZE8iUE%f3}9A_MNpocSB^^n4w09+19 z7_K&U^A~2)ho(u$pt#7Txu9mZk^#Z{!0^JVImEGqgCI9!)9YCBy^Uihv7py?7Jgx3 zs5=i@xozTK1M1Ijq-!%vWq7B|4qG6R(`fblYe>e$`!>ot#IRjQG#Iv?}p$$A;iw=v8Omv4JQJk?9B}~Mj~bNu3Kq12p9m_sXSldfo_6G zR74aIa@)Temjay66Oz@kQDA0PJfHrxbp9P^VFujW#fQ#I3Z7PGPpatm5ZywSf+-+% zCAOUGKA+B+Yh!h^eVt=T{bXG9Jn>pbu+G~}Sz($iorgJWjsULcPrf2zn4^sITE+Ac z=ent$=5`XhNJD3*dgXO39`Ht9G-qsQ2Z~NiX&iOswatiUXx!j`3F%yRv9DQKZMnLF zbhpPuZb|jcMaJUH4Kv32b^f5%sdI?{8xLIbUge-(&lYZpiSfos$KzCygrj2h{-rJK zjk-m0#PsMYou-R@EB&ThcZwYFbCLC}$w=BrWr&5^y?T!IdK-wKkrL%Yv$hq1>Gi6P z`jIHy{HfM_8{v=N=?77=ySda6uN9NU~!ZL^XpkY9QYlpSzlk@YLFz-MG#h- zgenIcB2O0TJ``;%-Q7d-hj@wQo2MA*SNuDo-|6wS#PT@1RV~nyk?4JCJq6}+ zn(WeQh{mig}L72103LkKyspu=Zm#@rfBq|51)`@ z&Pm|(uE@o#&-PtOnA^Ji(&xTMN^Uw_b~1Gl0|)`@WaFwdcVTcr0SMZKC^7H10oNY zalt3kgF!rp$o@67)vi26C9G{MQ7fTWlcEA~&$WHY;V*@nu9fiKeL~)GbErpdZWb4O z89*5%A53PGeZ=68jea5c!eaLfZR13b2APnNK}M76lTgg|w@CKM}#G-P=cX zX$0Gp6U2u(=DS}Ue$<+OgnUVH4flsW&8IUdgrb)~F@m6ROO+eh9<|{g+E3s%p=TY& zscnC!O*R3L{^%hhy!XY{);C@!e-e0FYqzj*(OhINf{!W-*LSS}};0`MxFm%u#$p+t{ne7C0jQ23AGd9^Jn zYgN)U3wfF;AetkG8R?4jPX~C;^TmEVH)l(d)^>?J!5ZaM_apT`g*y#WJ?F;%028P2 zrkP{l>syibjXA~)gXhnv`~`XDkF0ptT-6}(723=qNeirl?hN-M@Wmq4K8Mmi75GBF zB-QkdGX4lHnimeUDcW6)Oyz++&3=1oT6O%=B=M`O1@A zh2`qWbF{QCjl2{6D~tV~wOqe0i(#+tm^^z9ywV+j`gs7V7I$0zU5;*6uoxy;G8w_aI3pN5*XB3vd}Gk`dF?c6?J}LY_@dt+d4L^aj zdz~l5ejb(tXk~^_?GQi00R4W3zdHO;qH5Z1me)~DbZy>Yw|5>=vkZ=Yrj^1Ix;~G! zvG6{PYvGR(Npl&vg4`RAHG`tJAH&o0uUE3wbbktXvOgDiV^Frm>=C@;0#!4PhaQy5 zO!?nZ@pp+ezZL4ZoBKZ0F~NxZuanMu^fl|B4tzDLNvGVrx`nOPgfbH0-zBnh!1fuS zu4a8Dpm}peyG>6mqKqgJjs^#s5CBTR7EnD6S12B(q4?E2OW^BI z2;XXu&7ne=jwireSAU|ehiBmnuMEuvr1m8bkX6ATA3`Z|fz*5~x0g(c;vF*9NiFvl z`9V8$yj9*@V`e!R=|K6JgQa-F>%$uMoq0W{nQGSp95V8UJQ5FXEA(T+ z+UA|&jXO=%WzwxyMI1;I86Mt(ua`lzLE;+^2I^NTbxkJH{^}KWKt^&%;=eBbJbX0q z3|E)B)|sbUN2D<>{#yL8@_6H=K(6k5KRi?JB3PLlaRho1R^YbZ1FY#L+;%*lrfXV# zhwTs1ui2l+uz0h=vuIO>wbV4_C(4kF$g7O)J@7xReLESBWb+T*W6*J1N(L@rs%cgl z)s^m>bz-+kacBy@cyZ$YPM?EGebJI&~cu6{#mcJ{xHctp{4k1$J#ZtQN=ZxigC9k8y$Ck6`Zy^ zqJFXe0KpLd0Boym6XJ{h%)b!O>6!+s5gI(srDKxgt^*(9Jm7lQ^S%IuTJ;J&o+oaqtby`pYhnB!y%OLNPv-(s+Zxx4M(*i#&39_E#e2-c=dc!?@3` zKU(EvGx=rz0E2^nVoP5I_~XMLw$FmBCb#geu#sq9E=VHWw)27en~4DE3XPfQ3W3z~ z{I_a$R~8r3z!h5DHt5}W4i7oU<4T0}aqMFwo4Q{&9IQ>af-%;!uC3YxdEJ?j7m?}j zU9e{}T@F6!#F8?Wkq9{*g;A0uVg^cW;NbPGVD%-t6=Y4aBC5Ut#{#=eFTma+)MT+) z>?G6H=?s>J;A|6)akTX399F?|l)1LPvALSk`rYkr5y~`Ys*rKbU0BM*9h5rf7#(V4 zGQ@1BV!3Ps*mbMrQtBz~S(wEjF`N(Ktd5B4e@~zAZXfO4CxLa(5dOs96+A^1u8F8g zCGUb-c?%+({_@>e^f~#${{X#?PAmH%tE}ek{<^(l~i<`Wz4S=N`(VkxFC#h zYvwPH{vNT^JQUAwrAH5obhkJ9RrFEfLyYc;i0Tjc*Aw#wkAl2+cL$36BYUjr_EyiQ zYW9t3slcg)Nr&<6#sg#n^#oV)(ffOR4Y|^Fm+@wir%0Ffa}>B#7&2S))O~raDajEe zeqBija3umnR~aDos&c`$JjlhR;}{j!8C>L?Y*q?b1yv=gvBQRltE&QYnxX+>EQ|@+ zj^4DYl0;N6DthLCA!y8w^6njadQ#v71gRswJ5U4dhJHR07?(pOZKn$bNfO5&z=GO zqBQMR!d(+qu!7TH5WeAMakW=2IV*<1=N%OH%@dA?qZm6MX82A?tlIZPmS}G6l==2k zMsgk|0E~VHq15jz?(VI;L13ag>o+jn0x-;;hx9e)Rfwe?hKGy%Bcc3G@K=aD3F4?0 z^Fh_@-Um~RfJag84hZ^J`N@C5Nxx)GZ}vg`r2Jo?-f6QhgfH&idnW*8)dAD`@G|d6Q4oh`4(EJDSpzw!` z<`>djNfp3IE@W@I`;Hfnsjiw)vm$aoQY>yB&6?iv)m#8q2Oy~#2l6%3*%m6-3Q1GY zitU4F<$PC;OyvKq>b;{=#O8R&@ZW;ODJu+iEDc1TZ=1 zJ?JJk_LW)xrr`hD>6+U$545o4nXTy*3;}(-i5kn^{u-NWHg}4 zNCfupL9`K}s@unN47U-=Q@$&Zjov4Pm4mAF_4?3JwWw<{+^km8znK_ZAje9gx3a;s zWA|gB#&=K!AMGhj<&{+qMnLAbkS?M?F5gVh24&aUVz`FYiSo}K39g3APCL>VW>?6` zJ^qvd*J<{q+i8%nZbf$X^1*(PCL?A+fJb@&RN2dkvcuAWSkyH(zqD>M}Mf? zoy@6kjkxZ|Gy$gqS=*L!h-6|8ML>19;l5T08^h43>}VQCQ*9#L7$u18fsQbJYRQc~!y5xRl110as|Z~hV6 z?T+b|i1WoXhMCS>CzkCI59X=BBe&MGW{u}VxF57He`-dtk=6Kh{>K|i%kwuC*;{z8 z>@OSu0O!}W78_@I7l>xRv}183jmAhE*O6W^T}DZK;PI9{Mk*x~M>%mdlMckl$T{oU zyBi&CUfIi#ss{ub#!EuuvCr$V!#l)MK=Nanm%^8~8g`(P+l;hK3uJbzqO~-PZhIe! z{xoWz*y6@0E%wSla7U+cUK^=+lJioGnL!M^{Jq6&Zy2i`=Ywuy)gV#;KQ4J3iq+OM z`+JmVL|{wE=e-2CV>3pvT`$ddP=$I9xvULlduzGoe=R$f0Cmjy~xVoP-E z)~+({GdL?p<}$HY>6(g3)@Xtj1-tv!f-&AQg`HS#6-rs%h|29a?kH%eyA4Z{i??{@>Uakgy3O`tfxu+O zFh@g3$+D9~lSt^UqB02s9cz-iv_o{MBLD$B^%NBt+_z(=%FfJUESUSibgtshM}qb^ z=7Tc2fW^mpnM%f~Sm|tUA_(y_gXJBp0p(Aw%? z*ojNA`#0d9g+3kd4w+}7_&Y<>{4t|Ip*BMpMwk7jJxQ-fhUOatYh5}sJl?p@54{F5 zk*8^=Pke%1N#s26ovWgbHHj898&Gg5obA{d6}FZDka+g0lIk{aN+ElNS$#byY{@H< zT-{qo6B*=9gmgW{c&@YJt2-O1zRJrQ9Or-ZseO*RbdQ>RYw`QSx-8e$mohc=`h)wF zd^0iVG4-#<-`X?&3L~O?JvX*Dy3CgPiaYsM*3u6&IL;M^Zk_6(8?(`jEPfXJfBm(- zIDB`S=SkGH)8VfI%A_rvGJm8=?<0=6^!Klet{G!_JgCCOoR-HdeM#?L&K`nCJ$jZK zxCK=s?;5YRJ77vFKwF^iU2jc}3DhM*&ATqaPwQ4~V`x>mIXr!9GYLz%dMxiQskxVq zmC;&Q%R2{9OJoDbN=8XvQ>?JjWV*O*I^N3jQ@&yqEv@4$?oX%ZU$39B=ll{c;@|B7 zCY|D+i7%;qI{14FqqH(05?sblUA;l9YRcLhMw$IP{?8w=zrdf_pGLIPJ{x!wPX5=5 zJ&&tR5c6bi@Aa>&^rn_(Wx0PgRrRkrtyi)%_Gamda^nsaJC91g8f{PyHG+DXl2i|I z8Zky-8{W1vlt~rUhC$+?o@I?mX27VFx)lfNhgEEl7N1&HboTD4&vwzCl;bcxropr;{&NP^I_r0Dk<>7Jsv?RM(o+_8u>XQn-93!MB6 zE|i_+Ch7;hUa`EACwMLdGQ;+r@WxGe;ui zXV#p{+@cAb7? z^3_#_4hAt?y~`pzr~=CoUI`qE%1cs?P50WDEahPbI6W&C=1W%JJa`YDO=j6}XEmzm ziQ--McCp)uWKu9k-Z-z9d{^+|4O-Is!#*IlTSyno2;_1OG5rN(^*bq_m3}d>)_x0k z*)-ik-Z76dWHY*ut- zD#3>gG0@cN*LV83lFkurF*#5;!S=5ny(=EQC)nAG?S)0mAO*nw)7<$XQxo zWe4Sa;~!e(M)H--?Jrfe@+Y;rW`^oBfceO3_V0xk53gOH4^1Q&uF6^@kbqbZO7v(* z^6SL+=sY?7n(|u91lncD`G{aZ$5F*WcrG6@6f9Q*fnK#ao;6tNXN{@1c#&Kj^~G9i zr9hI$B#VGUbJDlm$i|mifo`KoRgAgF_8zs<9YQ%#Vwrr!+ki>wNx=ciYd#oX7C|n6 zuNK>nlzEM}V|s(yzcaog{3_M-U4K#2b%4;~Vq=OKrjD|ow{ zlicGjXSRmr**J$iD&DKAX~w~x)wjfwgSH+pMn+CE zpKMl%zqk1zlo6le%>doa%Q)1;2b`}HcJ-@kV->20RUr;@p41U0X3VjqzGP~z>T06g z!zAkgWL%tmDVUa`@ZZJ8??E9 zEl13_>F-G0Be}8h9P!T$%#t+dz0X>yto%u})E-SOteP2ySb3}dx9EG&ZgN)Hyt<7e zvDo15J6ElA{z}B^CMF~&oc5uCcKboGi^#vV*w+p=m&YVj&8O;iaoXQU42^Hd>BVIh z?hPH@gW_1Aw`)m}M7S6uwRRS|s_hP?mA;j!l%r!(O+a2oGP#s=HA)HP^VZ&2nTa^a zpo4X0NOKI}f$Ql_k_47NG8f+$v8#ccw=(C`E*>x4T*{6Q8@b}5I(*TG>~P7Bcmkychl9^*`b_MXcG5rtkPEL3>0J(yptiFciz~H>y0Aae zwm@Bz;iZYSxtjM_5lOiI?bMv{>x$xS<)Nu_tp3oe zJ3j<;910C18yeG{I%otWt4p7hip-ZzW{1mwAe4`lk2pT`8$)xD@hy&{r|I)u5$8&$ zX+=C&j$CQFhN7u|Z0!xwFnz8%dvQV87opi`cURX>6c>-=F*tT6wLDd(rjoAqcc%U} zAn%Nv4m}Svxsch$Ti?%jBY?rvZ~&g9_Z8@tI(@uFB%Uppgo&ImoAQluoYVOF0~*EtcJYPw@&{drvce+6zq{bA|8E zN(?F;4W#ap2%|uej)NU5s)Iy(*h|GO8yP%sC^9L^3O8AkeFEB#urW#Wh;d*sSaL$3f1 zDG2FpB~b%Kc?*dK7jWrUBD}PAYi3tC95CZ1wSbJBL6R3&5xH#Ti9A;`bK-cVxe9@h ziEI&%SV!HL83=3zNhwe zGyMMmD;|1R%DPvM^*Hsv?c0W!+)DUcb~#1ouTHh!OAexCPMP;N!w-m_0r6as+jz9x z>3Xpkg=H!{(lOAS@m{3=01tdMXQ^BG!uD8Yg~5giA(Uj3$OpD7YZod!1V;Vxf(j-8@4E^l!jsU80v5DoM9R3tp z{9n;^{deK?md|Dxo&gI54nWBn`ewd2@aCCyZyH(O&Tj4@IBc&Y9gnR^v}SwfgDtEj z)SBXFw2Hx3CMOu@(>1ZCTIu!|?KpzocO;Oq4anK!82oBkaBZF?;~fJ{)b-`?(7J0= zJjzw0z#|7ddUUU(JWKHIOaB0buvqEZQr+C!Hu3=6@+cg$9IAf%lXQrR03H7T8q)m+(S_ja%P8WT?Jyt? zHpax`-y*tC80z*HHg@*&Ttv|Ps3X9`8bos<)r6XS-WAk^y}TBe_Wer_z7I@&DzCzC zh;i9Lsf|(z9&2sl;UEV%!NDWmmr&*w&&D1a@s_zP_Ch1(oS0-7`E%0-zel_^@gKli zx5F>&ZBFpR;u!5--rZweg$4)#k8%Dqr5y-wq40jO@M3Qi4MrU%Nv?ISTm)QvqbDak z6VkqJ@W+ESy(e0l4Rc1hx{f=BQM~|1Pp3H1Gl$-`~skN*H$+P%}me+P66 zo0#IdSDDc7Rw@ZjIXv|5Lo~U!tLXm#3NJM6Tf(>6wwFGx$|JW&kp|Y}j2>~5+upw= z{D0wZ9BMv0yYTb)VrvUXrYI-IaJk{v*nv?P>vj^7x$Rm59;?`8`bqY^ld{>v&^mJx5&x?lKj2FHTlfyc1h^K(q+p&fy`Y`q9zHn<-ZGk3Z{94xaKOFe*_=7^Rw2MrU zluC}dXIx`B9rzXK{{RpCFuF=Mr#-t^T{C2oKJXl8@~lbK99PBtBJ;!kDYWs1lMMIz z9ovYJqf8WT<+0kgyd&a|68Klf-W%~6*+qAyvbdZuC9#ZTAI^cPGwffA9~LLjw7&-U zr^1#cH0Fs-(-kC+a8#dOm3!is$7_vG!LVqi`sUv5=GMvCq$_~Hw+<9WtCF+j>b2hn^Tb9<;=#d8?D0Lt;a zhYmdlKGoV?OZICSA4^{#428h!Q)0TF8{%7ic6~bHOSMG1n<6rLFFXpf`!MTo;eU*} zZk6I|JLS8&Mo`-^61eZk^sN!4k@U~TpA~px!oLz3yhJ6ov$&WT@&fHvJ$D{}s_mM>ef_3Ly zD75&yqFcxD6Hm9W)|t17fX|xX@Ce6G^Y!!Zi1wZnx$$%OCtcH^wu#Udos%)ggWtbm zc&8?ENm-aS-UQREyh&-K>AoeizP4~YxGm1*VV=8jpGv#&V?cvLf;}?!%HDfvpUaHL z9s`lwgIw-fnn3Z*LdQn8(<9SvB(=3!0T_@H2cX4qUJS7Dvg&s>w=+j^p~N$6>&rOz z_N^gM>WoD3I$hb^?u^L|&Q9_MH+xmjhyE$?Ev?PXq<3y*x&Z_mv6|TpQ##Ej;_r<- zHatV7K|Rf!GL57$2h1Gto}#(iOQEmayz)vB$t*zipp$d{5UYrE=(X1SHPq=bby4^F z9&z;IvGr@o^~YG^v7K#{46_ZS5!)SmR58caEmF)pW~^K6!{9OaB0>n4aVC?NQ8hMVKEQya(dFJI1#+8m5u5+BwzY zOK`5px{zK8{xb zNab7~TK7*A{7IhIM1sx>X}tL%FwAqoQ`}J~=wT=y3|?uPCEl^EU%`4F`B=2J?Ec=B z^QVX;YrnQ#=vT2rG!93U&BtDzwVFao#}R$vr_&^{y4UA|Ng8hy&VzHCd0Y+2AnV7!O2To_N9I3^yfr45cI{&XYiM2Bk9_v78cXRO+}k>Yaolyy zX-rNxJrCh8iSIlQ;te|D)Uk=&BeOON?rulxU#r@E^j9!NJ(P=eZ89v0gPoZf!9Ll= zb=<+DsI_htcODN>Un73io(i`XHXbn1WKsw2uNA@0^W2|KYm#eS4w^^9am(fnrJKs> z@|yb-;EuU%<6npRpTdn&>RZi1);GAZXMdy;TC_-T@lG(O za`haJ{fMcW(C&k}x%D@Od|CaSdv9HlC4^Ec%Fk8)-CSZKX6Z@*(p4F+UiNxIB-`(6vad#lNk()cuU&gcz#B8V(5rIlb zp%y^L87uErZP~ZDS0!_vMPqJ;)Y;hhTgSdF_*>$?1N>3&HT~Y7;*SmLkm}YmTY#!t$(J6>?8YBcnkK*{hIs%@u$HWycaEhYL@z~zBb8cc&mvck$S5J1as72 z^N~txL#Z?AeNRfcvob46KidBQ;U1mhZwxPq;hH;LP5^Cn8+k|kd_n=+ zBIBk80Y2XKigqQR%fH1>16_PO@vftwIgr>%E6HS8NDUbz;1lW1d7D5QM)RNdK=j3T z(w5BTsLax+lY*@2w4QTIvKC1l%Xx(Qb*_T~w2|*cR&tCv&$UB0DmNeAUEJ~;|qBoMoW+YONCH2D;_deBzMY+JdZ-1L;Dx_6RvBP zdVaU?uf(?z%j2I3%eLBZ-0C`MIgU<1Cj$rbud8(Z7RKp@tcn9%AoJ6+8sn)Oj!#nk z^@uj<4TJd?5aFZ$01Esm{{VvJ{>ZTY&_4k5e~OxZl&8d6EQ@V=+X*m6N!c$0fExgl z#u!&5m9`Q;h8=%R)O77nQqVj@Y}Pu>r0opwyn70ea0ng29S?fpWJ7CsAt8=?`ihw= zgWO3cF1YkboUX9b|y#EhBAxlmC^=sH$anRb_PDh4>npqWa> zo3gTTxnH@>BnEkBC7GRj`p{9Qri;k6NRk#|8yxU?0=+)=-gUJ{Wo^gvpbk1MZhJf7 z1Gq7hh9vST9b;XAXJZ&q8w`DD8uK_<ABY6h}cp&=JmT~Xl z$)la!PnjR5dfi)9)9p}@R!nD()D)v}zInVr?GS0l2Lqa?D%=+nMDG-eIL8ze(nmw# zZA$*&&1tIzoc-l&RrJ;V!FbWY!(!(n(9lCNb$gkw0c9bMH~{B0$*sN-a)l-YlZpgu zJ-e-dnnZn^jn&UGm6YxWY3M};(MM;XUC(auMKLm31NTYqUbk_7r%7QlW-z5k4T=gp z^4~zTmf~xu)+NSUlf!*I>#x${(%xHe>-(@kVV)L(Wh1Kb2lhR_p3ND7c68gta9UQq z1-#7>k#@1*FraCW>-ufGVb(aeoSooxu61${#j6nnsN`p}pa+6GLGnUTUP#FaU<>^sFBdNRnz&$pPIQjk}J5l$M0@ z5XWt7$gInT#t%8oS&gH%9#L{*>ws$u7acS%NSl#oia=w?J$qM4VR0NqXNk~~IbZRl zqhm!Y8JeY}+N7dHI}<$Oxy?e_^GP8?293rB21)wUH0MU|gl4+7oXSasn})&dUW2Ua zpJIqy&POj_K)%w&DQllfM*0`owv7<3qKUs|I*vmpSDqdew- zAbTWWxH;#FvX+t{4j2u;rDrMjDH^uwlR8JcxX-bz`FuL*wm{+HZg{N3%2Fz6jIFhu zayay>Z5{5a>TIpcDQt3mYFw-}7H^FKbn=UOrCo-4*8_K^G1R2Di5a3NDhFIt^O{CB zJwLW`#eRMKb^Wn? z72!P#QPed*66tz87V2Ad!vW@cZS^!LT=Z#E>VG!>03ZJVZ+{y2@5DFB@XGYqKu+O( zAYjA;{63ZN1?|4KuH4`29w5|a)%B~nOt%*o2Xiqeu{G)8aO-w!QdUM3wnhwtw>`7z zRAg2$sFBDy!RLzgbVre1T9PHKr=bixXT4Y!`T1CuBlN6J7b0k^p9Ev%9Flw1yf$0* z#~SZqKp7ncBR$#EMW)*6=w-Q{IN|CBGR}R6TKik}SpA4TJO0($!~@~?f%VNV!0Cs$ z)-Iv)coGYF0EDfJ8|d+w3@|{hBBE`Nj>Kcpg0u?zShtsWoQhZkZseFI&23xH=Pt|X< zO(c?W+>H8mttr#Fy^=msyzqZu=HHOUz`#ZM#- zQ0!gudRB6FGmXuC1Ht;PtvZQgcp>yXN&c1eSA_l<>GseDp4}dCfIeK;J7$R<=cRaV z(!$;lAp!Hr$6EBAJ4Ll*M+$)d01(Y1Ih*3f)->|t8ynPh6_9-RW>k_!U=9H^8A?_< zIPIO&2!+No#bWAqQ^cQWwO5d-$xP!k7?&;953?(TFw3_mBcZC%S{VV!I47+JGL_3V z&@H2ohvd&dD|Q9bq$kZRr=~MOC1j#E6#> z#Wvx)IAS^DDn($JAu}tj^1T(3bG!&&}wNbx@=wC z_xG-%J7{KxIbJ1p9r4nDFmJCC+T=C5lwdjZu5w*o`L4tHZt<}kr#SaDmpd7>w(W3+ zO}{@jm-Zngp4E}Yv6}6{^ z?E)+aoa7vHS!r%!i6jgQb_DZ5jEUD$k~p@p+KSmdFIr zPCU7Wc|Nq4(#n`g22dW<2*x+>5efix&q67U6xT|-2nc@i`cPb1g{Wxh11FydJ;rOJ zw6sHRjFJJzOmv{tGvuGzGeP*lH}-C!;5~LA1dv_ ztm~c-wvMgx#BxKAQC;_fb(`HcS+S5J#PJXob>M;DKaj2I zNu1Seec2AZcdcpGO@A`o9idiS<$(0hrBa=Ml>)OU3_gustrmGTlDVYTHd4gXv<)LK zUV45N$zCiFxp+U--@zgg2SCIT;w6XCXmkZoOaBg5zi30UpbkANnrjRy%ZtGh7m(owCXmZcz1GCHJ zPhN!f%@=wPiQd7kwQVYEeW%JUxj!~K6I$}47b~3hgQs}I&6+JGQcGsa;fWhPb6qZ# zZGC00SjnqfPirGOiAuKtdFMWqIarhF%ddg!b*uP)#U38rG%{Vp#_bs4k$q3EO8tfS zW#L;Hw4E~g8^@kfszlurc8)7F1^sVXkIc8UV zGU!6&GDyG{Jl7bP?DENNGVGKeyX-4N5%a|p#sJ3SP(^JNff7Xw+2bdz06O%|8%D7Q zfDQo9TGO(*)Cz^Tk)@BXJ*l9vp&Lgef+7da>&19C#Vb!2X~i`U3tUF>#O2InXMg)O zwTW>$j{$g}T-9_-X4b9V*HGL0#UH|RU9ICK+#)-sEEIEt)}~f6XwR{@wv8IzCh3vS zMK$IgGm*s7DPy=EortWNa7UD;ojug8C{;iXdea7yZe5_>L!L%E3c}{mT~4D+@RjVc zM+vuiqvMb(&==wLh0UWZ*3g-8*nGmaiM7lvKf^Y9Ez7b;yMj6DD~RztYbDkoVYx;* zre@|>vGbZViQ94L0QIi5?sY3`6|!jMdvXW_uK@jNF!qLao29Jxh1u~ZU!{7rm9?}m zCf}X0#^chN4fi@7D#jVyEQ4qVsO?X?wAnKG44GE@*yPY=vGmJ8Qu15aSx<8_hDFYC$9lRvGjSx5;wMR$ zoDq=KkRI{jJq9SPpd~_12h2}u>n``I^$XjM^nk>@wu1fxZ!~b+k<)VauRE7UpTkqN z^dQA=A;{*s20C9AY5IalmlqJgQF&9wYadci3|#5Ubpr{=Zi~qj*=j7~V$@O{$rGJ} zAPiSOs6dmvHw2fIF(c7yDWVR8PKlv_%B;JFPhR!r{x9)vyJO^kXWNU(%lylnV0~zU zLObmPT$1BXwwhBUQxTR{KXlZx+SuJ(HQcjF_Kf3~AP;)b4Qo5k?8|{HH)G1xTf%TOkdMYopL?#(WuxKEq-8nEx++>&`<^TsKe^0au5h*oPmpvxP1 zMDlUd+|^s1dD_}Ij5fO$fwW-$G#aCfyw@XA_S2`BGn}4rSd;1&7bT)*Sfo*aJ!uZc zj+uo;`L{QG{{TvtRE4wb1cg?DZCaLgo(jFNiR ze8MlwrfJrR9llJQ}2qEg#60!Qr}!r>@xQws3!=G`BL0ox8YyZ)(WV zqie&ORmH?;_ZnodI*{4MN#eWfi(?F7WJbVT^yy5`RB+m(dGRtrSaa#txg9r07I&?4 zEMh&!c6(#J1i5rOo3m?XBV;Ks#_WTf3cY3G4K`a4)4B2l?zbzijM zL#m{-%Ql;8pd44%g#^nQ!%j3S6iEFs>|~pH!X3O7xSF z2ae>0Y+xLBu2TMZ)yvyVS8Hb?fHE6dx|=bVY1=EhWoeVvw691L|ITIr=#D;b5AWe0CPzO}3trYu`IFJgS&uIRxkImm2Q z+}m!q69>t(eA{|fpno4at+mdh9h8m-+EW2p{XVta{5<%1f2qlLCG1mPE_cKbXBF$p zb`)jUpTxR$ui>3S-aCyl>+GbF9HDuS=zD!>o*?mOk92r>JcQ{x5{&$Z>4(V_R#o~UOJ3oD?66~b|At6a5{Z! zWb9`sT=bn&;YOivqCT$kz_&5B(-eb;3NyuJ>E1r^1eW5?=_88IV2z?>8-W7@^rYR) z{hA-6d`j^bhIH*m!&)rc^m+G4*<-pQbC5lbYnIcsD=Q|F^rQKiCBnDf2e0*{Lyo5X zmy5KMZGH9|!#m1_w&R7zq5KVUz7P1dr)j#O;sB)x`MnLX3{c2h@YeVOW z{v2K0_@?t!xzlZv%fiI_6qf|&I32m~S^hcrabaN>1xX(!q8yLbV@@DJA%nz@BYo=>lMV$R=V`H{S2ouOMLPob|X__L*4i>)qIRWXFz**p== zdv}PQ$4>Drvc8!Ot2&Uy$@xzmd-u&gTQf%Oxr=M?+5CCp-6F;*Az+SYBVb`J25=bh z>t9;w8Yjc=2s?OtR{qPjzA~oki5wld0}Fwia%r~qLiXJce(;aNi#c^W&k^`}Ba_O2 zf2ot@z~^us&+A#fC%dt>(r;p0lV_+%uNsv&Wo&gnQ^h4Bl}69N-yZAUEQ`mQ#pHVB z)vm2?d}7J@mO`f?vD8=VSM0~2!SPp0j{C&g!&+OH&>~w*9G?6>zIGRl4j;9sb_@7VL^vf+gTHDKYB1s-& zJY@;z2h*I;D5KM^JWHr)z6rY1@8Xi@P9R7kE1ir1uO3}m$H&s8ftm|Dt9XygJN?dj zFZfVx9rZT8A9#N2P1P0JKZ ztqY9wK3Vu%z7rD+l{c@?#h#xESHGNWK}c+t#y58G;=|AkL9of892^=m2tNEB(^i9(#iYia>(5e;A>bQaxdH3F0&Qe z&u~(Gr)lm_p{`?1wAQpIxsqv~WG#hYxZ~cagVH=R;wXBVpAaUCRknF8ZT1Fz=b-vmseDeAyb+|!sCa(kXN%y(mZm}S z$S_DJzo+L}xtm57J~Y+-DtuP>x&57|_?JwUE9i+xXNDyQJG=Mo-oCr|Yp>thLmroK zk}dKtl_F!NMmY5ETE&`89j>`)sA+#Rk(kDJC?k{JwzO{)_O>4P?{}wgh&kfFNPlL}iIVugMm`a`xwl)(XiUnE0CoU$ zQ;eMR`Bw3j%;f~nr|oXSsO0ONztPHHE6gi-k| z;!h0T_&ZnBv^_~yIc=wr03()7$7%lnK9whf_50lmSGCr(o0o$6-z^>vH)p6nl|j`{ zL+w3!(?s~g;JqW_H-{QE@g1aoUZDU`9%tx5UjG1E{a610f*=0X`gg+LjXKxBKM?Eo zL&2UY0vkI!gR$VdKt>nbl14p+9FF!oX)7xq)!w_HrL?bScCI2M9vkl|T9kV991LS!qj13n4_(OVJ*1}6*%oe!geZ|7%JnT00#a3+ztCT{?k`qvX{h7YCCU*UOz29kZvT} zEj2-bu^Xmj7yuru7aoRX*z1GP{`lcheP9w&9^x!u{{VPnApRqo^X+~QoKFJqcwt_B zSd@I3@sHt6uZ%R?h@?<2qXv5!2Uw&4pYgANd}ZLxC&iu&k{wNL~Enf_m>22 z{K5SzkWC-X-~1E<_HVuL{+}+WECWqr=3H1$7a~YWJw36S{Aan4FObo+Y^=Cpo<(-h zXEfuXm{A+deEh?wwL#`du!SV!t#z0(oStNdd2Pq11Ep2NyX|0e-`cgNCn1t$Ul|#s z@}00lW1fetTSXQZ<}4S3(9?^$CzMBA1$l$MZx5v~0T#C|34M~Zwm z z#TM~NjIRjcyPd6q0q1K9{cP~Ark7Bd;K$jfUp5xcKu1dEsO;=?8&;FbUU;qt`dmc) z9cq_|d_SRh`@;Sq@P~*j;=a%|J6SC5qF@MRbs+F^Gu(TDTr%88`ThR@!CSv$ooC=b z#!XAaPoY~pR?_{B{(E;UvRbj-ZE#0ysTt3HJ6GhTww{-exty|GDLqC(9k6OyGTTFd z)E0GiMjlfJBR$P*_+L<#8ALKmy_LAEsv$w2V0dQs`rk~ql@IQmV2orjuOsno%iU^s z5;c-Ss>};x1e)ijwKj}ydLQi9<6A!m_^$6q)$T3Ei>uFqNXM5hFueW(zeg>imI(}Z zAG_Mv4WGUAuS%SSI%i~ygwIbxYM`EJNRC87gMqYiMQs^a=ag(~#bq%AcnG=YCZW8v zD1=1BI6k$hgrljkrfI2ku?ZM%C#`g`_$iuJEi|#O04W0l+)z!9k5%yIl_rGtQ!X4P z1E|9m`qzlvX%cDVqx9qh>p+?+h+R@JNzb_JQ`lT3tf0uFuRg+nH|?a2w_L+mblV07mxn>BKX#mCq}lm7cSu#oS7pLCz1o0C$sHeWOQvb!hg1_}7?RT0AJ~ zRh?AwXg7%aTgQqb%1+#5WOS{Idx>vx8@7I(=oxo>maF!4Z@PHNs~Uc)A-GkU$W7ei zwE)Y0FVz}bSYd)dySQQ2xotjVR8^Iaot%PA0B%ivaPjSt-Mul*WlO1F#Hf--FPDxR z(t_Z%D@CbXtf7R=(4XNarEIAez@*LlqA)={DVmux=r05=Vqz4WsXnznnPYb}N6%$> z7e9~Ekgi$s<$cI9F~%{9kIIqqj-IoBB@3+iyG24@XXo~IZ@0v*t`))X_ zhHi~o2_+2!NT@n4I@6@TOROnU#2#`wQn>6kEF_zv$}fCY?xPXZY*Ax%+&Dh;!J`%n zd#ga<7Y*MAv1ioot?mqR09dzgPkPca5pGLlzbPh8{Pyo%4v`z_{&LA0s-B+pm=4wE zbwMT$!RcJS-?Wjnh-~$s3vCACL%Z$w?O5_iEoON4?>%S(YRc|dqh0|*JJqpp(y1gJ zx$oY9ETKq{63jh`;-r=#ItDl)c^ugI!!ii5qX@(xOhqMmIJi@YMJ7D@YWsIaAQrX=$NFq{OmYc_q(KE0$9>NRLyr zit^QEn0(976UeS=Ju<*c_J$Foi~xNqRG1WQ{7n^%PLfFk1qlk-!8M`q^Wl%hpO4zf z(Y_mKw^vq$O3SFqrETIli`RY1_eaqu`z;1d-_mGgEh^*p6;Q%*}GRge|-|}lJZ;=_eOEe zOr>Js8?(v0PvVH8j%fsm1TiTs&p7Rw)wXggX`7WWo(EKU=k>agrIe~naDwfPo-WcHhEAfBFKNLJ;@grJoTgLt*z0?t9 z-xZ#5419K9O7tjE>TKs@kcxX`k-WIlBxBGF4EogfnzDouTdz;ny=qXgg-VAxCiz|D zk(m2ur6NL(9l_5yr#H~^s>f zs#vogIIm;)NAO?bKgI79={^?tXW;Eu#n-n5SI)MDo;dP(EJr{Gdd^blX%%DoM*WLF z;E6sC@Z{QekH2XP@Ayc3LBD)@QYiu!2O(H{SM(X+&j9#$;r^9n;qM0Mx^IUx2oNH{ zZ5UF+{h}+DaxCsbg&0)=nqy+>!LYr>a?5Q*N>>128elojMk@d#5QUR^oxZgrFkYt= zHZ-neU+VDMBQbSSJ!{5%Pw^RcPi-41alpl8&3z8KbkB!AA^y<1XM}I${@m1B8*t}x zD}3E~z^{$IDSp`6mb2#A_!>*gYX>bEm+qWnuf1zd2U=D~#QMgkuWPfzsB2n{)~#}k zaU=H0=}|78Cs81Ck=DCm3mHyDp%hm8Ln!BiiV_`+bJI8!$Be5U%E7d{ z=dE^j5Zy&<8CeySbB3T+u`iOhkDY)pIKZsUPR{n<42T&AUU>q6#j`BP;ymMX4sdJI z{4=WQa_KGSua`auXxt6ol?I0ms%aMz+|1T^k`u@o>0JCvHk~S*9qQS`4k}y_8!_t^ z%vsPXHhyIXfNAFc0Dj>EDPD2`srFzXN12pk4e9Gn1jOi}4ngWF;;bht9Ui4&Ec$7l z-gOc#2m_qgDu(bv8QGP`Ri)thDHLtbT=t++jgF@3;K^#R;5<3b8J1kD%!yeqpsBhC+R?xnmKO}>Kddv zEY_C9%!8evb+4N5P+k3@?yZ72CvvzHrLnY6Grp1-ZdonJBycK~)c*i#w|HfZI%APs zlRBZH^T&(y)R@U`V2GpTes8;9mLIeS!@;5I(|C^3IW2%~juo*PIqO!V(CUP&eC4F- z@+9vmnSn!-^Vg_pem6}_h!#U_FHhZ!6I^wvT^+EkW2%$IR*^|-Z*y=`;QXMG$@&fRPZW1?8er(_oUQJpI=~#ql+G>v?r0J>0w{ay{^N(uuPYz$L-G$QJ$rI(UrB6F? zQ3^~`tdFR^3;5qc)P?^5hG*1Fx9|i=qvv*e5_^nSxn0ZTFf<)<=oaW(E4ZgVffu)@c#hBE8#C42|PvNnMe`G zDih@7^$qJ^s(NOj;f+4$`%}W2jPhwRppg?N_j%`TGut%dE~q6A$E$oi_>TIfsU?Ba zH5O=qaVx??NHf^i)wbG?+9NVS7`0>7S0oS4x*;=`tunXvjPS_YT(Ia@G})|dt{HC_ zI@|%b0C9@wM=M1O%M{urgzVZmTz%@TXo{>Hqc#s7)CiLMZO-LTHz@1rR&>uk7@e6^ zgT_xZ0W{uBq%mEu>MJsRAMGkO%8mW(^IEAH%3TbW(S@T0NdRIq^6^v{%^76FyL)%6 z$g!!S+eZF#OKfC}p8ORx%6PxR*H`ivvz{+0Na2XiDH_5yI2n95tLe_)XF}xt;f^s{ z+BbqF)Gm_pK|Q>kdSHGv9?aT09;XZ%kB6s$pb;IU41v13xouNbjpf-KcL0_<6fS=O zTE-=FBZ1ZQ_?6tS8^;E`JH~c4Hgh(hv-w*`?*TXhj#fmsIO|KHq?-lzWSjoGqo@#9DzqcGHgjmD1Vxp6|~~SqwdP?#~99 zEp$CkMAQ_#aL*zuFve@4)E3=Bv@@%>v7pXS>}5rIzG|(=%I6q0YU)&tc3ZO;yH!WC zAjy@dXxq$2c*c8lsG}^ZrZr?DwgWF$mJ67TzMuq=w*+IYcs{vlV`kE&s_o>Ex#`VB zqHb}r-8!Ey46E4snwr&aq{~Ce9OAK(1FO;ENv_v?GR2dY82xM1ZLDo$c;vR-C?c=} zv(ia`y4^ry2N*c*Q(d%TZ!9U2EPd>BrhuUwNEx>9$EOwJ9}@<(6i*eVWpd+chQy?rgO?oiW#pC{|bcf0UaKsa%*v0Mj&Y7`#Ef9 z6-whwvDIu{mM@rtg*{CcHczq0XnK8?lXO#Kk1e)ki7W@y*I}yNTHU&}y|IjAr>##S zEzH%?HD|FZv&Nf8-37QNms{}{nFJYaeX+0$)pjmVRF4W|UK>5#v_s?SYjCY zN$Xkddx_7MzbQSt3Jm2Va>^K=0r9w=^`U#=`+K3f$^5C0UUCgoS3*oHuMegKQkQ8I z0!}eqUX7;d-(`+GD);1bT5=*>ta1J;(udolOBIdOU~VU;y;hS=me$qQcEc#nbHS-_ z7dc+R@134GVqJi6bN8v&(fLR>LK6U;zO|WWF%{gBJccV(L_80!d)3)wdzCRTWWdMQ z=}J+!9OR0S<{{>dzb|^}G+PriVbRY{r;49uT6$Q%_V6@<#`f|xM(XXz0=fNP!q#ZH zg7q15{2rC8VudK2t-ZANPU#ekP?3yqaa|6Z{iAt2!c=v=~86R8yAiZbawtJOIvAlX(5W| zPn?XyA_AoJ&MO$xvo zL9Uod>}I6yeGTIejR8C;EG=xUjr=RJ=}P31N8T0lr-${|*6*$%hD4tAd1XL;T=cCA zL3rB6gx69=#u=m-l=FrjhOw=+Tj_7D+8b}Q?{FC7j(g+1H0%ZaMmbyU0gA&Z2Y@lQ zv-~rpX)<3K?=1I9gf}BOZ16=sW-e`Pd-UE8y}pM>)ciMaZDt#o?#p4lfX8a|%RdZ!IqMrXSiTYCFg>I`c&dDZ`l^RQAyOmqGF7g>R_cY0+6*Uo7CpkGJj* zQC>IuL2FU?DhnC((Eeo7E;dJ%u8_|dk(eYJ}K~IzCRII+-qY@ z@_uu>qw~`qzx{d)+-!PBhyEA%f57@6yYS?ZY8QKk@(J@<@zf7W@eOara%(!gk9mDO z7uKxtOK&q|?FRt`Xcu~`V-AI`>NjF2osdB*{ngJOjb%>h$#*l<_iO8$?JGpJ)$~>u zOCi`oo`<+2=zm(|e0}20c|0)i+S)uRCKQl9KylR9M0Og~@DB-iqVq;+ZZ$jCSfXvk z-H8eZdis;bUK+Cai{VWZ#9kO{eQ5w+w3d@|ET7)TZVf|4T=V|`4g59J^gT`++xuim zBHVVC3$){$6Vj#e2aFQVPe0=e?RgI!va} zeTQ!K^Ph^Kx3=*NdbWuI!7^M2jUyy($>bkVOz214zYgZmZ8W6T^|nik=fU#G#?Ml7 z$KhH!zO&(Gu<-_+JTS>+c@qE(VT5O~s<&Xd@LlGss`xWmxVnlq2+V$H+Z%y6QIDm1 z>|YS3y@yYdSTPV#rx_%lQ$vk~W4N=uZxCL<(MIgij$b({1y=D^hd2Br-X2RU);e;| zl6j#3+WZ`x`|(*$Hzh{L=-eL{?X(>V-@@J^@~jHO81s~d6Fxp)n?8oThsAy@Tiihv z#w{{f`ES9lDzJCDD#JV>;XjA}01|Y4PTqY%E^cFuw+MhO6sma7sOesD;NOED0Mz_@ zCxtvsaUx!nltR*xy=1|_=c43PM(Nm1o;j`^f5Ezsi991Oh;=LN3`_vEk&8tc1cFzw z=qr-bEz;sWLJv6F`HI^c``_%E>V%A%JcIiyQqZ-umF;eAEtT70BO*+9_7wjB7I?{_lDmirdpWAfVMUD)dyh1R(=aNijZm=tGm z=Nx)t6-s?i%!T7(!GSm+S4>RhBhkJX_!jTQCgv}-LXfruO_CcYu6-(}imi2@30z!w zN5pW(B!)&XOt>pL9)usq{N|{en4TTbt#&=vnG#F6j?S4muKPjI?QgFnid!jX)Fb`$ zCNPX z(Vo43O3qK9)Q+1-x@VDmOKYgfZK$MxM$z*kcgU{i$9H}&yq?4U64)19(zOI!+%Vkn zgN$JFj=ix`qS?Gz(rB*#01mEntGip4g2Hs%tDImDZrv*v_J#O`{i$o9$E51BUg{+S zJfL9}eFy7R$=um9%sdhCM#o2FO<7H@7#U<^fIf!4@%SD6ljHvY6={=cxA0s%sKAAA zL*tyEQZZU2OrD3+9xCwDJVq%3P8T93`hWVX<-dsfEcd<~zOslcH;uVfvy62WSLkGN z-vxC)8Te+!Ec{ZeZJJV%%A+wfW2SzU_IJd8hQ1&1r^C2sYa40xD6NIcNebcHB=ElC zrHv!=U&fZ&uZQ&FG}v!-5~zH@1{kRBN3D3*fj%JX`d^F^&sos5TU%>{^DRq8KyO^0 z)lqf`!$a6FekpjTPuHbMte}4iT_)Khl>FHl#(hWm_O4e$O*g|nFSPOIir?Ay9&(np zi9kZTy8i%^+LL0j^{2$EUx!~3^x5^zGV;$x*Z#^SjU7Pq9~jzBa(mb1zr`O9wW8fw zYYPj|Z)8|5 zA`y>~yE*<}m3u$NEfd5)4g7E6uZn*UqPEdBXtfyi8ylDx+*YD$@4b{t~-eVP&pcD}d0>g9j_ratZn$YWpWjxwz5DXj~}{8=m#& z*N(R~dmlzw!zB7`kBD^FH!4>%BJ#+>yc6P|?Bn2Xj(U%c^e++H7Vy7|G+8wLO4xz2 zD~uhofJQfRdG{5~$YHhicK-lq>9TzB zOrF0fT#mAhPivhVC0r@m`fYclH+qVoPabV8dw~=Z@8s&Z=knMgIW7 zDt~SLFZR*>lY9&DHScZL$GTO#dMApkk-_q=&;ZT{Pzhke&@dVKNk5}g!TZ?~P)ri? zjhf}H8(i4n^_@K?ifc(xyw%B#hpm2S{9o|Ieg^UDc!*k;&^3ePT|`gI6~-{6dS|EQ zUVVW0NA{ffWd1bpR-fY7ombvDscs z(^{gzuqHn86Z+!1D6=WV@)wLp^5KuCwPjqq(5tcls(SI(yI}epazqO;goSiFh~u_t z?;^g?*-3lVp(!R;*pfbZ+^5o=Bw#M~#sSCHtC{Rka^48pS+_FqPJJq?AyXqD4e3%; zcNre_!P~g=^{dv#<0M8xe5aP=W86|Ysh_()@IcSoO+RMOkDBl7-|-+Q_)X)Pk}C_A zkc70nU{zC-z-`#}IIr$2;e5K6hAy?g3Eo|{r*CNH=TDrDX0~t`W3NC@&32Ls<+qe?jEdr#)UHGFul@?j`!s3)02{so>OMWQ z@Z37axuV3@+SEuk$#td>a@~3I*@ODvwmMhv1>)}x-gqa*ekAa9$UkVaoT`FP`lHJA z_QgR?IvfVMW;)1?yLVAl40fwx`ji4Bxq}K+oEG=}D<=kLW9aVz_}fmKPBs%DjY@*D zF+U@Efn2wUE=|s(cB~7SVo2UO!6mYIVcN5AFSLu;mN`U5O#Ha(nyyx2&R*>j-YF&63a_ZHDoePZ zdno#F9f4@Ty85lY$#G8uFt`{{X`lzh@EK5F;RSjzO+c9Rl@TzRxI-fvPCmQS@BMl z4X1{n)a|dMxSXHfMotRXklAVt6vpVn&$j}Q&q>pDfpZU5jQ0n~XN} z7cCf!6>rkEBojv&APtIt8VAhFR+^NzF-c`80dvMj^{tyL8(Y|aD5oM|Z~(~XsjTK#Ig6{?O%%dN+4hs32Q=04X9@xlC%C~PvouVxx637x zF}uA_9E%v-@3;YHNB*;nIi+t{$mx$ z>pBEeNS8MG4gK6zDX?*7Y&P#?#ayZ9wREa2-Bie11DdGMxQcqD@r!nfB4kt71Eq3y zrIzJU#s^_mPck|;wgNTY;Y)O`UiKsAumM;DoZ^Cs?Iq3?m@@i$Rrix?7{K{J?LZ2% zDvJ=bqKiRg|5Mt{IxPANn%@%p*ipaRe=P#>xiWMwvip#f#=bHIv z;*ZC_4R|&-n*RV%M`9cIVaDYn*V30Q&gxXp#ZTIM{t7pt_+0A}#d##x+enVq+E7b+ z4Yl}V@zeIE_?_|2?&{ZA)Gxe0;UmmeFiKQReP0~@b=yM^cd4^>N6Y?Ys?0=j1PU?J zsrAiN&Lun5_YuQqiuLK!QCgf;XJSTYGAU&tK;Vul-^u~Y7h}+l)ZETVR3993F&GS2 zK9#Ett^$Tl>UsQX8H}|xEwtyDyh@{a>CQ3ruHQoNt;Ve-wT^{vb**c1xQZKlSlUw0 z*d4tq30TcTx%+GTAAi9a{vv!_Yfm5ic1b)f;Gr03wA5x-nNL#P^Iy~N?Ctw6{2Kk7 zyeVU#{4el*j)}GA|j6z=ijY6?v&w zfyl-xC9t`c!j>G0i1(};u~so}HF)hAmQAP!y?I}Xd~Piq`BUd_p{!22RL`5fAbe=E z(k+(bSJal?+c+n1$UmKadVEyrt`rPm4TZ zuK3pO;_q3wl2>LuPI#_<-qCTG6sV0&1nW!0ANs>3h z8m4nfR~rST&FqP>BypSq2Nml68t@I(UD3@V zqxL7YSdT`Q3Drc3=NSYZD_F+HQbnm%tk|r9f2B3qY`UN-?D!D0kQlf zXEo334F%-CX-jy~^YV~7W`bmnFHy6;c~V5U44Ad#bR|Mj#|IoxY;-Vcv%;g0{kiW<)o!hBqE`x0$6WWI4j)>Q(@#NjZvI@&g&_Ae z#KYn%yE&fW6{Nw)1C7)H>i!qjVete|Hpy(}2j)f`itJlVe>~uaLHW>UG*r2s>d2K+ z+XruI&y!ZSm*sqSIfDStF zYL)w>YTyhp9VimqGfBxPU-Y<8=3h3y&co-gqxjp7?kCt1?%Qr7j?{Ut^K z+yLY+U~^Mw)|!8a>~6%`n6$ZxK~y6?VeSQR)u1@nGNiw{(=X<>Zeu_I^(MW-%TJQS zN3ql_Z(@+m9_B#Yq0ez#E;cphx!3$Nmfq9FQRc} z!YhVA&dLdp5=$RiadrzFcZz&XsCa22)W5Q>wM{UBva}>`jQZg9t&x3cs%go6YSP6U zBDc;tt%TxIx701}3)-tP+$hN7f-6GKW<@d1K3tqPt!qq&6lYDQ>35fmvzg9%I-k4v zS3js|0Sm!zGUF!=j-t9@u?j5Z@3ie>OR%2M0QyzhnC4vMNT;YGz6tT?!lB_^M*jfp zI;2u)EiP^HoWu`opYkcnH!G0yHfwzzYjvAaNa98dyquvV<0iHIRcCQ-zi$$0_Yk=Q z&9-0{IP@JqD(0L^NayW7Yi3rEthhLAkU{(_^+WbS_=n*?8hAn-A6C{r&96clHh!y= zU4Iq5;1U75QSh|zq(Lk3aB z6dI;;>%I^Kip=2ltqCQSAOQ{&)O7}dlEroM0>HZt!l>QqS5UgWqxnoak6PL>u+CG( zH`lXTO*};n*!hp68u;tPo+oW;YwKUMN%pwO4-o}OJdT8W8l!U`;ntO__^A1@+skgz zN>#vOM+X)3n*22JeXXh1AhC{pJxJ#y9zClmv7TkB{6O&N)a1~vH0$j@UWX%WiL^NN z9CAJLP{L%?E-l>{q8@4l(dyPPPYHyXWY{_!^fl-fCV4`HV)-5W&~v>BF0G|Q^OB98 zhqYXe?kMfbNCb`09ME9*A0Df16b1=XmLn9qV`dK#8*|Y1tsyRhjBZV-!KYnWukJvU zFQpT-(wYpXij2~#*E5OIofk+qIeT{g*b&v?<`ebe0573QY8NQOakxHD`}qo#dp zCOaKxhV|>ayO`xK6XXcnwg>sed)Ad2%N#6)RO30WaUDZO@`Hj;VO82GHjqX@>p&2} z5#DzO9Qt&ue-Y@7eQak{4(rA-)~}SL?0E&2ou=PUJ)PhdQ)dC+Dxm#qn;LblpMQ4@ zvqdWIAze=ddr`>B_Juu0CYY3gmRP>EnvpzENh8`UsE3ywR;I)@W+ttuTHKbkx_B+N z;I1%9`qssjgX$i1hf;8<>RQv4Rlak*xo5w3bSLK%hG|TVRj~rHz zmqS>}=Dxe)eL`qbTX&KdBP1!|jdF3^zM&cWS~zZ3kr_TAFr#_~fLc0$2#wdScZAX zz#^oQNM_0-5_4F|47#ySU`XRVI-GW@OE9$DuIvjOXVlV)?gu$PgDf?xv#2C0m&!<4 zSBAm&uAbjbfNX+R*|cDuxT+J9E!*jSRE1sENV^kL-3vQqX(f$BexP8`Ly?4*Ivwib z;H#vB@ae()D*djI8QvRQEPVmS02OhOQIhC!ULo-2tEOGt86-!C0hejy1Kj?ViEVLv z3aTjcI*gv8o%$4MSl^q80!kJ3w>ceZ?y$C^BOFV;2nRjX`x?xN7+zamz_7K%n2hB~ z=ZbEl{jYDQJT{Ut@whc!geh3@4I@|hjihUj7NKNrEiM`3%b*}9T#gPpeQV!z%Sdi4 z}g5GO;`kJ5c0` zFqYXq-m8MP{qQS#O(NP=j$q2NsP*kx3NpFP>UPZ$1r#}A260toj^%b30-}xx2N|R@ zA63%twFtJ^G|^6@Ae@@aw4YS7SB~*F%B%t4fJd;WV%b{e@!Cd_SId3e40f)^N50zv z$oAy%*mFUYrO=k^Q96+@#Tul5e7s!)4?Tn8INdi{FlzID|#Yw2D$hUKFLviKPieQVlGP}uhmhq`3aXeMPy zf~vHLK>NxEJPO~?v`t&Yx{jV~w1ksTRB1xUrvfl}-gmwLYG(_;7qfr!=by z+FYf(Jn`HNCtiX#`x_q| zeg$}c!#)Qi`I#oA5P?w`L-BndYI=42n| z#Wg;HQD?gRMb)%#6>2w6r^aH2XDpzu8Mx;^jd?b&rvCtDTcxeCeTwN*2*iEgLyD+N zplXjeyOUO(z_WioRlkO*T-TXa0uZDDa z4~Jeqw8;^UNZFSU-yfi_jD8~gY4J9#tlZ13*}-cyu?mQ!p$4yKZsgNy2Ur;WZL z%$^&!)HM0N-EVL)G-{=MuzUXiD*9{oB=~`@_;2B-kME7`zuJ7GEDtgr%7FdE{OL-i zqb5%!k@6Rgwad?o+WxtBuY|O@Yllb)8D$=s_pcCd23mMSQn`ZqWw*G18B`K^CpZHh zwCP$2LMD-IHjbmioOA*>h8w+Ij{*~@lKL&hJr#_=)cO|Sa%05DwUA$wiYD?zS z^SjLlT=-1WX}aCr&HAX^2+@wS1Dx)X!pqAFQJO2O-_@yi& z2Ixq9(ekfMoN-*2#J>S}W5(AJYqsk8KBo5V9l*6a10LC+!cNCA;Tt_v19k4Ypo)sz)p zah(1&>K-ZhxqGZ`mi=Dn924co^Jm_ZMXk;Y#S(a8d)q$~X_jo7lfWRJQ;f*Kb6jC0)-RWsH`e+gZv?<6@*QxiaAG10Sh#wNPyO{M@EYf+c&;gVrJCAI4uXgaa zf&2}m{0_a;JY6m3sBakknWP|nkPnz1anq$C^4R&`!df?od__L3cWYv9ygvp^QzT@u zUgVzLDPO}4cYbc7lr%9o47l%2BUK~3)o$T~N?RvM9BcuRTLsUxX07Gz&8f0MEU-!r znGq!B^K$ZvdJ}c9FCZxwGy~bZy|RPRcuEjyT+a3lMq?dV2Jzl)3@v zIuZW>gi_U|yOYSd+E}q)ybo+uhPi!e_f9h#os%{qWgjYIoSby&P*hQ;sc1hCuCJuh z%x3=pOkLTLGR8rUG3oWL3V#^*%fdG@X!^c|cc|Jg%7)%D<&n7L_B}YMl1v%hd^1lL z_y@$ddfl#_J)W0(Joy@AAVx93^sUbx>o9neS5FgfNcCl6={zh{u_FhO*Qu%GiJvk& z7sP%iokYtu#Ijr=Z_Tv4>H4AktoCS!Ge5EO#|Ly4e>UPo%yg*=cZT zuwFwYwatu!a=eX(Nd0S(_*LK=8xIuR>x~EYjBOtKc3c4;9G`yl;)#;b-PU|1;XQNW zqoV54*)t%+#qI&FqW9xZiEmA%y}H}#Iy`Qz5FnP>MU7x}UOo7au6V~z)9u$yw9>?J z6-gpOq-U|sc+P{Mc#l)JlFrjnH=2Y`@5bDrPCs}7>Z?VGal#KwTEJ+eOcg7jS~2;$F|-Ok?$<7 zCj-lQm~52)0JG~}m*Z~^Pb^n($nOo;BnHk2{3*EhGB_P7OWiv`n@-hIDNKw=+sIsJ zrhRy?SN)&9A?ow^iTo3;>Ne9v#K~-4Gr|IYcl?LGYbLq@rST_4@a~7>JCSjx!2{gP zPQrt3J%R02d~5Lc!G0s~J?^8TY5H}Zt7=T!58reHKQA9s_);19&*KZ*Ul-{5wwa+1 zv3RDz$L{1D$bkOD!UF&)AX)xU3E2#yB<|7qcybbBzUqx47^~9{Q>x0s;9;;g);a{TGY+vv0)il zq=_(BfsCKZr=isvosY5q0N{_mweG9?C4SZk@Q=miu6`T%&g|H~J4Kby;bd%{6}cac ze`?y(!xa8hEbVV1i6DRPp&S~@p}J?Qd^y(TNF%V0@s?*`n9mjTe2_(BYHkE@iI4(F zTx9!KJ6eNB^PB$w1^WGwzu|0r8qhy$?}r)$SKdDGK{oy)hB1k6baRq-e|yU(AbK%B z!;1bW{7Y$Wmr>s7>hbBfYv-dA_n7mHRM3wsoP6*1{{X?c&nP<_J;#|0Y}^2Q;<>BF zX(Vur(nh_9t#+L4YGn5bEw@WzA^kevGKl%eWu(24Yk$+$OkY<*}ntL zdDSCk2j}05yfNZ`1>R~}4~W**{{U3e*Jk+0WxKawfPWF3*Wf?x=leUZwWaEpP-*uT zQ#_A(rBAbn_UGl!Ii(3%lO%o&&1XHkO>cJYE+carZWttwQCae$HX?FcZ%Xc`E~gzt zW=IQ23n$8_0+pfMRz*{QeJgXBd67yICeGFjdiTvENUTt{enCO9CyqpH082!}nkCCf zb}!442hxI*u^1qnKIQct%}W%EAuoM2bJ*y*EYb7+Puh{|1v z`jPxu9cg|YYL`9>@z$fKYAJ7T;cL^x&-W4d{eQx;p9`xMIcCSEcyw36{Lfgvs^{$v~a-9~B1|l;^318(> z-D{YhJ8*^V{YC%=tqgVfS>gpw&N0Pt@WR%T7HK7S&vQk@ZQJUuCPceIHKPKue|zw# zCDUwfU72&R4k-zvLrc=4NZn)s*9Qc4s?Dli=<*8{SNk!^Bb;J_k*hRz?`D?>=g(og zrvvL&v~3Y@kV`N^!}Xz})H;>5TO`nKmiJAPNGC(cQIEt`i)iKXBobU*JE0s5@J$3V z{e|Vmn9pP6Gr&*YBfV(pu8n$b7@{(qg*_-WQ%9@+0BHG^@shEkk-_z>Mx7>@wXpK$ zUbsDIDB(2^6>5>aD{X!mywW+Z0H^#dI!Gn7tCTk%bVa?5YzIA!h^ zA*-&^JWZyyiLj(d#CmdS)CfmCY2ujTyma}%&tAY)+l@)@T+Ali6mmLJlx#mUl-1<8 z)S@v7`C;8j4+uEc#nbBD3kt~5xlmXP5wW`>lgXCt;e(>!cjwqunc_)p3Ksd)g!U7G!dC5PrRUZ zuDRlg(R}oHBIZ+Na9a0{ zV6~0~DjH_$ELRbU0irE?H6OxWtV>E5~`tVE^M`kO`4E%cOItG4@9 z-(Gn+uA)n8?NA{uZD8w;=B*gYM&-4XHpmt)nZF)?Z9fToJ+jmzl z#b#m7ZCgdZd}|rwjt6?_?ew22C5~Y@mD>>{Xj$ZLxK-;@EsH-xKV-l7Ca=ej+S^;w zuPihRuL%4%4ie{6yoI5cAH)_E7%-f@Xfsf3nSt5@^~CUNG?(#{28#4AH-G zzm7hY%Q{~xe;UClEfnGe8Qe=_1Kz$L_^ta$_&39LmwHrsw0Bz5 zWJUu6xchTTD^t1($L05rekORs$BlmXbKJqCvuxUg^!nGB+E`?e-ejC@`H4J!HQPuf zGeQkA2(!2x)$g;~s&SCn{HvwN<&=g+1IZ_s8kgs_b=p6JZ?z1WRgyNr9CWNFGHiQK zhx`zheovVakD%*byQb)IKo(R|lK1qkX-m0$hp%ZMMFM@G_Q0*n2=-12DBGShST<&N zYo?@$<`S!)O4zc~e$4~TyLqP;2Q#Z%&kVv?B>7vap4G~oQcXU8p6u??qT>}!C5|*HaRgE( zcL($|3zZPxYR-iXuq=a&^u=4!wJXKBXO?L`%-n6y0MHz!#Laya;_A-f#(JUXYAG-7 z12f1ZOOE;J^`LeuNvJbOi!udc#^oFuzT$8rJC)LdImFM^ZIzKH+RKBJ=xfisM;*P| z+xfFkn4B{0axwM)0163?jOjc#sQFO@k|eoIU=li1SC;sl+8_e4%?8G$o{K#3i-EO} z4E3V!3wh!x8jb72d(a0JsCa7E#p^bWZ+a}X75k*NFl)`M{0-ut4_`K&ukE^qG8HZp zte;iwPQZG^7LeN7!6mqLkarwcbELGFmg?<033HFFBPoy6V2(&!84AtF73UJjBDxXC zaGAg~5OfxIS9Wh3+ca)D;Ed+97f^XyY@j3iP-%TE7dIF}zyr@r*B^Sp$OQ5ZC?@)t zlU>bb;Dtt0`d2-u*_*J>0xB`*Bi4cQlGsBihzUsZ6yuKc*|h|-om3+^`gNd|&brRz z$eYvmXh8XWE26TU6L*-oQ^ynnMH|~ix?_f2hP>xm@V@C+%bHha>IY*%xx#9`9JsS| zisBLxhE%ZaTt2U+h@){B+~D;c#YCmhxFg3kYgTz#P%@nUwc`FT@O{cK)RAP~P8*I0 z^{IyDw?99BX)lBk-&jxLD?2MWFXKYNK*Qv7*1tDzE#0Jep-{670Xf=2(b)9=01V4@XQ)ATWKSp%@q&I=!S7$A-VO0)m#^sQ zD)|tVP#i{Z7mn43vSzSG?%Qk9Efz>8jGSPw$KzEmG}*y6kTSs$INApX=~^Xi1uOL^ z!=%ZklO@WqY~T_xR&IRp0G=6D<6aD8aw)~w&QC!g2v|s-U}8B2q@5j9ou7N5uDWEx zT?Vs9ac(1Gk=!UF1Y{q2`P1FGH&wK{wnr|cCfCNfVI+orqWCxB4vpenM?~=slQh~aj)}pS zAo`AbX1_~(4Wi$8qeWdx7lz?N24bu^`csN9o6zg5bvX2gT{=`NDz-TtE4;JR*st!D zkYgvB>!xwcf_sO#khVh*dseodtj>|o5pmOzTNzm%ou}#gBipsS@B+nf0OGifb530< zb@I{G1_-7zFIm?`=8q+l%u#XIA9w3sPiB+HGs?~-T<~$)kfiK%pK0@0Z(uX}Rm9X1 z*#ti>+~XkeL4g!v=by%?X<8N34v8J0lHEAoI;};Cb3Ic{ zvyNCuR9)ZQt*cv4A&Cg+7n4ZNP4qG~VRfahT!`I7h$1hB!S55?kmW=MWETLGCHh4jWb_p5>dB46Gx*f#ss zo9#}^PKBjt(`j6CdYaT{&ps^H?Jh2^n#RsR817ONf%w;rt?KF%Oc9%MNMmk$&^}gH zmMfU1k)f5-j(sbp(yy+PBNWLILZ_A<*v&)p6|8f2&@0MzvXRiATF<$$OUrh*mT95E z7%1gP!Ou}yup*zsx7wskAPne(Bc2JavrX{Mqit^s-P^X(GCk=CxpiZw;h)KsFAfHC zg#de1Z|vA*jQM1V0l^rcb}{ac*;$dF=glp&S62%ARD7d3&st{DRyaQ!>AoVnx7(s$ zJ+;D+O6TtnO1I%f*Q_j74N7TepZJV~9M-XDXGbBpmt&L}4bD9(bc!hvmQ3&MP0Geo zCWlU4tRPLK9&jr1={Lz6JYdh<`&79th`Eb#X?f-;ofm=Hpq}0_ZqIFQB%e40b~TVD zPodrF7U9!Uv_*53`CGMV>eilpm)aq-SHbN-&Tb^U0M$S$zlB7J8Hop>>r9gR2$V|l zZE|pPPQhaBwfL0aNUoi7D?3xaWsC_C9xmSW50#uen#$VB14l4i=DjCO)R1Y)_RkS- zy~*Z~taDoCp)Ju#By+&pNIV~EV$T$12Q~rN#h+&R8b~- zz>-GrZ6n-QAN`Me70jzO&z%Y7O0Ek2HE~xWQ8ceK=#8p4y$vTBT=QHt%#zs7+ zXq0Ry8kTTeNQ-lADRIdoH2Xh^*BV;Qre0e)8}{%z4&2r}%+(bp@pO8P!|!P#V#Jgu zj8t~k#^u&)akUiXLY!icXeNvC#dU7v&GMrhj(XOlMdS_ThIa#zR~cNCtUfD9Z{9fN z1g7jCYQ3uH5yB&q7a>&g0Q|Dn!F}>04ne`$9k-`K>q%192cyKwqrit8+;mc#}EB874?Gl53N3`yp+eY3*8O#O%zZr8-% zL-tt}rI}7LPB{0iV=IZD%qNOG6R&(u(Cy^2j9k1d3^_Ojj&YA#^PdcU&mJxDJ)BoC z+(Bi1Z7-8GxjDfNg535X99N}t2*~==!oLGNN#WZ&Yl!Y`q0()a%8?%h$Rmaaroo#tff%VOw|6)@wSm~E~Vnzi)}fjjJn7e;iAVJ zdYp8xguX0mx85Z29D22upkmY@V;ZnQj>9BNdJc=?e-V5@@QvSwWxcw%y|jzU zi3lZF*AwKBG4pmDVwmmNx#7R~OEk%^FK?$8cC6lFpd@_1 zT=YKG@~6cedOcHLxQZB!oSDHZ&*53ia+Dd_d@0iGd`@)TI{hPNXDU^(f1c+HoGFT5wJNuuj|ZlJS3 z>WYkj{h*)jn)@rppR?`$vGB7+@kfXB^@)l!fz)Ny$MCnH{{R}^#d)4_`!9Hd#J&OX zeEuHS#-a8XEJRYF9!7hot$u{+x6oZ_?ZzzaxtH zho)+N5b;Hpo2Dz?Y0owh-81E>JTD#b>q~dz4L?j_rRvs#2XB=aouIKC5Pzj+Ly3WL zrq6kM9D-SYvz(}AQIQ(|0DJ!ctzL7jcxO|z)F()9Zg2FpnsjAh9WkDVquG21@Wsc(i+HUyN7K#MmSblhD1Es+ zeNBB+ss8|B_yJfW38z=ido$Kje+A~n_+&&1?W$>P)4~MS=Q9X>4W>}byn1DU%`H>QnIp5i<;-$xg zVAZ@YEtGfqG`Y&i*?oi%Mt$nwwM%Vs_V-Lz@+O&_!6dvWkV)d<| zDQhebv9X>{<6e*O=frvx*I#7RWVL`4a<4GP2poQ9l#5N7xBfHHbzc(A4wSGK3=&Ty z@UQ8P)$6hNXHvM1-rZx_a!Q;Nj=x%hl#iZ1HhAhJGH4Gx>8nPBN>#9`y)%*c*RXsA zxv|rH8DQ5f2Bwe{-{%~$C!VLA9&0%#V@saLY2*7{3&keadTHw*GR5Y4{{VC!#C~;U5)Si))Q4=Ivv?w<93szd?>_6dso|lRr>pweUBK{v6q3O|!qz-Xz-$ zfGYq;Ad%as74c`p--CJ$&M&+pZw`@hZzF8AIVe>21XVcL#_ah&;&;Ny8%PhP-N7EG zw23p4VIcP%>*rl7!P=#j#hsk@ruIoLF~7;i-@ta_mF&&oCVlVYuYsT2zq82kH-2amc7?Y=Ez&c+Gr8YMvd` zUN1IJmLUHCd0YFTy3;KD0~dyE%(B4KTr8!Fx_#y+nz+Wmb&+c4QPAYj=hJN9jwwvB z%!%_cBd5~2`)?IX;i=8VuvL{XTWG_T&p>H~kI{dC-ZIjBd*QpiUfwAtg<}Dkz+yU% zTemo`8TjpauG@IB=SQ@?d#y1QJkKwlx#Q?DL*B$VJD)uGr^3_e+D(?Yvgz|!J9$ou z{{T9kz>3!JUxQ=u4}@>EZ6#LH^-C~~#tGY!e;SzXQb&{CX&2rkxpQ>{%jSZuzwexJ ziuD~6!wI2T$1Theg*ZfCOm?a%XpZ7rn;lgi(l{2<)kr%J%t6Pmy?G_{viMtHI<}Q~ zHwP-}r>=Sf`Ot2R`)?BX%GX|9M#oZ_tsj?#jtD-W*U(-N)b)=QYOI=_qFF^6uIYkd zUpeI9b**Wd$=K~A)I15`uZdnB{@m4VA6A9@%Q>KzfE$im@y9*u?P+zpO-}knhggbB zLZ7>wvDuO`GI5_lRV|E+KZm{;*SuM%>v}(k{?Bi6gv)6%$Tm+H{_nmsULmjei&5|= zkE6S{OWPT(<|wYGla6qID#}jb70}E0o$-TM_^0D<0Bag;wd4zHbe6KnfST(=9Vuk{Mjw!*q28=?94N`{>(p23XNUD$9dk>w*K964 z+i6aD>KJtx{6%!B8B}L!E!s;6a$J+w72rP}JRdKL{26rikN*G@YhT~nus<_;r}_7+ zCS<3n`PQ-A9rpJ&^TBYZYsTw>4SGkyZyntHHSs(;j`z0HU4mR9j4538BC|Uwv*|yN z-WY=7eKX>3g4#9K%rRcaBw1gbPT(>zgU9P%*zf!k6ZXu~KWyLGC&IoYyn96WmEq`9 zOxEp{_c}5Ra(eTP-}lu-wmYfD==}!LHGk~eq`8HPfWf~S`vbx{wbzRDIj$OYaJWJ` z^H@mVl^%KGy$?p!w7(R1TgAF$I=_Q;%QiH1ztbGGDCNy`-nX~#?-O3BSBr{7Q4{LEy2dukDd zl1SW?Wy+QGHOELH^PM7Lx4%8>wQO-zMOIY7k0)?GwIA8Y3Ih!L*6=xAk3uPDXo{>nk0fM|wo{ZDgHJQI)!a2(RyR{s>$D00jk4+Q0T)(EJbM zy>8-PjNS+drs~mOAM}gcP&UUtPc9e%^LnYzCz)#M$5c<qvfDS^fA|hRL+f7*d}sJc zZ{v>%>OKp(5y-BGQ_^Q*Fvn>n19r$AJwcFg~S61Gtq~m};T0GQN*i`QNb*__&QPim^ zGR$56=6I;(PM3&K|(V#zX$^7r+O0$Dx7}r z82o51p5~&2lLA5*1Dqardspg*{1Mak-JkX{{i6pjuKe@goQ08Y7S ztyIiFnFb&HYl@+;+naQ}Np0Oc$X$3p-8K2q{{RI6{he+8I(!V&wM5efqvH<@MJVb=%!Y=(Zxd7PA*cm;)TH(b; z=-QF=PLZK%Hn$0NB4#&Tj1jUAy?Vu`gmm}Q&Bf$!OB9Ep!8z;Fyok!jOFeHygHO28 zTJFwaGTX38K{#m6I3!l(wcnhn8#217$6l51VJcoXX9Z}Qtf(RYxye6(tm*zx%@8@S zS{ojFT?@9C)2*{0c2&j=Rf=fkm9Smcp*2D^+Ib@zRd=TwYFp?=#GRrecN})04s!0~ z#VW@PYIow?$iip4c}QO?=Klb`r~|THTIMTQ?46jzpLac~oO-)jOeeqt zzE1{&p%!P>G?`r)3=bm=fNDs!7-h7bSNAjL04eGyCBVRw!nRtpVnX?skU(r2-?Q+Y zv~VS>aHIIMO)+vDUcceU?KKEpC1hnM2Rt9bv!jl7klHMc&w_ZNvLuarSj0-j$=;^3 zXVhkEwAj)n4k&ya8Ft-JVGb4cxFgkw>ytjq-z-1<}dD|k^HP4 z4+K>^U~?dtxQw0+2CzoXpQ_wx4rYL>dlC1lz5cOlsLqm27><6Vdi^LhHXyr;?8_an zVBI+CD^tq5k|mLWDhDSWr~@)ojyV=mex(Jouay}2 zK;7?4bt26>PlZy%&;?m`5P_R=gI$M(@8pK*p^i|9!x%IQM^oZ0TwBX*AvilmK|Kv| z!q!b@>|HW0LE|0GWa4Mds7(XGISi_0T1jo5;Fo4cXo@dsNeEDGMrOvktsbVkFFod_wDTVRai%a65a|8%4@&)l{g}VtoZk(87a#abJ}4FVh4CG>G)m(( zwr8$F{{VWoiqH?z`&&zBt!*uDUf$Zq)iy%}Xcc1~fDff#gUr;oTj_CmQLh3*ILEa! zIlhNurfDf{5_$gsy}9nh>U95%|yhX!uv*^|j+zUc)@-t+>g; zjD9uvHTzKi0KrbLwcoVq{s(EbeNIASF1%YpeR4Yf6}>7~I*-PG9DGIbhmZ9+wO<+P z*Sd|{v5}&AGXfLY7pF?%Qe|`-6(fus0HXrEsx<6nI-LP|$PM!Sdeg*PqR#BM^A)?1 z$5Nm}0pKVbMP7!?%H^~2d)5au_BCMB_mi==VD$pJy%R`^Mv^(^7OBx)@Bz=gAc{VR z_$~W6d`I}t;%grb{5SBO=ZNNM(I&W!2}M)sTE$ zsh>W4Lj9n872#Hv#^Y6iH4r{XivU~o&3t#`uiB5p7Irr`(rTzKKszH+2|QL@jPIud z^S9!6?QP@#02h6>&q9?n-6fM~;~V|(KArt*=4q~H)#sM}i8Wa462lJ-Mvq8(exE_o*UMu}W+Bofx~E=clE7>Eq2?QIlCk zvyHyaya!IC`-~;kLNiGEjG_ z8j?Kd7=z|!fHNaWyplGLaA{TUEORU}G7n7jpvFYeUp>k?$j5bM&uo%!NkC!S+JI5G z$eQ9dRAeSDohttTn-L)$cAw!rC^kq*E@MzMc$4uEYZ6quvw?A~_wFDPR+bJt7i34Dfo-4`xQLa9eWxEhH^}Kj2 zBROxtP*h`cr|`FnG~H_4JQHlm+Eu|;Q|LjjNQU8(FDY3_BdrDdGBuILN6rteXGLvz zZpP>HVrK8vXe_JZt0tD-HfZEKGoN8z6|Kn~rt)1^Ki;fmxY6XAy~V47@R+2OHVzt~ zk_FWC@UlS}U=CNftZwdW%c1ix#4is)G!oiRWU@qZ8$HE-Is9q(b8+E+7f-0!AUb67 zxRWOVNFOOseQ{kdmqRAH9xZccBQ9iLm3isXx{nV30A{tKCZJYWQzry-p4c^FS`tSs zo{^}ec9KUv}iS?{>2IYUfLi_IPh#l&%%gw<@^x9+k}F-0FnPYl*d6XrEWn zZ(9D@M$)CYQR|Mi^asHojM_uXZ=maue`VcVx0MX>$@{Rt{{R>xjQ;>ipJr~Q*!xBe zBKu9fV&#yr5BIVNBdGSS+xtiC>XO_rWL~*E)H-(@q*}T0ls9^5u$IEc<^z(lvi|XZ z8p5`}u$~EGcQ*F`9iu!N&)K7%PUUEC+2j`U#xaa#c*Q?h)-?-6j?&R$xV9XY+s=I} zYG{)d>iFbOBM99801shV5350J?R=>O(J9FiF6BQ_Tg6-tkG?(lU&E5?x_6GWtv+ZZ zh?8`YgXQGsqW(s_&sF$^;MuehjV9*TQw(EQP*f592zt)}5Bn;^Ef2G$y|dJkJF6?fb_%SS z$0NTr+G+aiW&pDtt}r(N*1GAOby3=BR&R16mK-v5>)N_oZAuGvWSRrV8@=mOnM=7~ zc!?ljrWTNN45PojM|pETq=d;Mlm6Fg8a27+T9kKt-rS-zO_eyT2m{)dh%1yQq3!gf zMA>!cjKUfa9mn4Xip^V?eAf9{SNo@$49)Mgp^bKxZ1k!ZI)$oiTf(uzPSARCc>Z(& zVl62rgimiG%O8GvR+8Aq9icvY?*}_^)|+KUHydQ9%wi-d$i^z|?ZnVNOPkN>@mXSx7cjl;Ruwogl+4l~a1HEH#CA7Di&UKL`ZMY*CuENUg-Udma z48yqVNC;)I-px7?q;t0wOYF%m=FDot*NP0J%J5jIoRvJDI`^$q(kF&eK~e$9#b}^G zw9?(nZcr1)Z1Y}ee7Div2_u(vxNn&laz7drH8g~}8sFO%Yiup9))fR1mcY-ocwdP$ z?E=!`c1R#%`G1s*{y3!J*wo_fCA1-eDg`8rfrDM1lN9kp&jjGEGk|(lGKnrm{g$H0 z=&q{GyXN&3>3U|mlPbhqA#T9qG(se)Yh$5Qv62Sca|%z_md1Un#5`AXe%EF-n|-Rb z3g(ii(6Fln78pBwOqXo5*vNtOXe>m*2V?SNj1+%vRIahRs6Bse_EwaxN~$C-L38m ztc~;IBOn%czu*OHf$gfmK4QsW?5)*09n;Ic!L|Ok`}bxrM+PZvE?z$X`4Y zu@H0uw{)wrS~(U%w#0NJrCLS|@9fz%29Dm<1k>~w>TAzDL8|H&H?I=yNXaUGUX`R` zCS*EIsl|bI&@&7icKUnP4zF;wgJkZl7hLxyiiAX^rudyK;FMd)ps~R9u4`JjOOHN# zjm1aI%%eN2nopsjQYkH7G%>r5ar1SrK+&(SY$1f(e)cYfTb$Gq-Hpf|=JDfc)fGCB zYoHP>u`C!N`qr>UPDKl?WT0h+D9d(a9MddyIqskq^UWwslb0AZy)-McCh`8mBT5&1 zUj0pLX&xxG+F_kzg+ls$<5wu$u5+951h&^ZWQ<^!$-v_t)y*}@NrSY~EMQ_BbIV<4_pq}sZ}0p*wXEzvsn-N%ze>W%2p0rpNehbFAexx!W!>_G)+96a?&)I z5s@kZ{oM7>wS4dJ(RBJkP_g8e=rhpobmeBll7pI zwm$J}^sh(p7suUt`&jVr!>F1@Gt^Ig>rsefm63&9w6*nabO&$mjncGHcwK7;sU z`$OGNp|^#v?d}e>0vOn^z(5WL3H)oB@dt)d<4`)|T$E|sCoQ-y;o6IJEyU?OA*kAT zV*bleHzLtum0Nz?j!!xK>+}oa?vF3VzXSMSU1}2C>0l!)aIs&Q0oNU~{Hi4qTo2BV zh+YTruftCfTfml@_0^<-q=B9$Xvb_5-oBdnK-#6&h?4k@$t)d!7?5Wk{?$=;MpBNK zJudsg-Wbr`PY*!cs+ z`VH03h;4jbr5j7FJV-%!xxpPrABA+!u4;>EZ8Ump_ex~Mjt}~!#{`2xoSQTJed2!? zH^W_GKM#nlu2~p2?*bVHIv(fgUk!XevDW0(H0?uPEd}aG!CE3fAd#Kbs*53^j{tVytEX$OKU32tt@&$%@}gPsqu z_$91rmUl5d?V`rl2_OIkBckJ<{{U5dU*TT~=(?Vykwq*0j&NjX!*9a(z~>!n9&JXX zSopKx-6O({XE%nmi@7bQk8;At3l~weudls)wWZtYk9~P_D#!N3kb$>6pgm9Ke>!yA zY|5iM*Vd($UE6%Slu)@J#qUJ=j;W|xA)4Oe_DFJADC8|1w=+wjw>OGBCI0{j?3VX8 zlUwR*$|DcH-N)gBT=$23L#1Eb#I_e1y4{bM?E@W-YSlBQG~JJ(eii&m@Rpn6sp9c# z{i)VBHqtwQ1c7@WY<{)lUmCtB>c0`S6|$31H-BT7b+CoAV%3J{s5jA*fjDOAWe3v6APJo}3(hb=7GLsQ8X~C${rT41h6?N3pF*aWigwB#{fd z%k?&sec`xrPrZ43x4tQo@>?APNc(8tu`V<6C$4c@M_`P5p3&i7gj(K>aSw~8lE+m? zPc~afj?xI_nX$<|Yv`W^__{4#!ELS{D6O^_#FK&oob=CLI#zOxjVzBD*FFqK<1K4Z z)MSLisUbgRb$^mX$42_%xt%jd@rH+Iujw|DOJtr`n5b|7+7HYR^rR;qhEA999_vuj z>>}4LQukSinBGP?=x_(rV!gw`Z7+>K(QhCcjk;ucZn;neH4#b&*uM|{AX-`2$Km_C zgcgaIz*hUXeek%*(KwWay{`_x@ATu+41~s@OFuyY1)hzBIX;l zF-vU#!Xo;AI^2zPE7+4%()QcIDGZpw>)6tbD{2yn7mBHQagX zYoph^QE1muY5?7Rhi>rA)9Pt9L$Wt~CwBU%lT&3$tz3MppU3sA?+`_6Z57%JD9p0_ z<;dg_=x9>tYZJya?MGI;*4EEXw3AZ-!b|0U2`9Pf>tA(v8pi6=aFP$RvnW!n&j53p zr0i6W68O`n>3TPe?KS0!8~wgqZpgVR4iDY-B-hp24xi&~YvJA1?}zM;r)M>=JEG|s z$KLkhsmkiao*usvelUDEwT{bBy<=@|zq)y2VI*sw&N}p}+GoWJ?-!#>uUo!Mtj2jx zU9;Yxceba$d@<4By1TfFJ00+Xo?Zt&xfS+`?kKZW3mMW0NyFrtzZKi%}rM0X?FYJAY~qdLbf-Ve;D zsIRWSXFrM07OAKBBK%J`pEk=0b5lOT<%Y zdZXzx$r;lwK*1-JfAjro2D%#_^Wx1FWr|ClO0{vW(&XKv?D z@iv&M`W^C@!8mANxMk`&7{{%79n1?9toQ|3@qyC2>C2(TRg^!xN{!tqVO`D}ouH1V zn%)k_6o{pX-QGu!}W(hz#DhX z)05V%tf&!r1m_&qQrzl;)Y7*v97kk|#Bs>veiimd{1e~yxW4^{e`}A2e;DS}?`^yd ze{~*{;%NS7j!Q`xDRx2K305CUly%d65A?6_hl;eH9C&L<*ZengWqYA&HnHF7)59Qm z=ZV*M%0@;x{IOflYHqBUJYgzJ?5!nOL6sN`5ziIJ zh>GPkrz7hx2>8ioQD=J;kZoY0h~V+pHPL)R@lE!Nr`msGpE2HKT;~|cub*+$?Ta|= z1L6(#i{ot$TY}%&SIy*V8FBz0!g13%|yXpl;cYWttG;FKa1085Gl!|a$B&dXuxOdH1TNOdPoFF|#1f_AXOe3Gkj5{wU zbvAo5Ez3z8?ik7DgHL8!)8&nBV_Ss-o-^L9YbI+8n3~>5e3=(;3V9s+P*hcj+TJV3 zmRVTIChUTLgwziNusClsEUnsso|U9{gG;~DBD1_vZ>g!nF+VJW=}^aQ3tV}S#~#pe z$3sBNcb2VjYRITJ4?$dPtjWF!!2ba2P*R^mm$|YpILZ`1Mr7%(IcG2jf<`smI*<4UfY$-#>(J{>2^2qQ?k0B${Q#*yShF+`{@V zWZx(_80|r+wWLQCox;dapHbM?a|WSng#c`b^5FW?CQ0-%FXGd0+_js0{aG_yrTwBN z)D? zdr%z4p068SGG$Mlk6x8$M1p%pV9MJMBPWUpV(L?DoSmD9>z_)_ZC)5uMpb;$eo##f z8bS0c&%R(7Mc0xmK2=T*K6=hk>{)8i7?c(OVz!`(H57F+00$iPtiZ$j3q^4_jEpJm z-ntlri*-o}+wa7Tj>O0^V|tb^q~Q8?++xu-KktZZ9bMkF&x z>f`>j5W6rwpG(rtm>>A^ewD|p7he$0F{_;ui)hkhHe@W+HaJEdq= zFpa)?!lGv$?bp`5S$v2DcJ?v((&HO|&*xM_pJQUn!(MxtwL#`LK)$uu+uA{FiySem zXgdK_7~H~AEMzWfl(+WrF^%R$e@eMKXpE9D^$X{C+(^p=J^AV@$NWd)$TY;5MA(l% z>kn$k>ZM5e2jVyFBjIlc>P~fA>uplmRQZb(pcUiS*1sFSYR~v7HJ63$wVOR7Q@Wm6 zNsiLO2{%06fr#TC^}Q%u>`}4!Me$?yi1?-PiHsg3)ee!NZr}DBc?mM}$dSD<>0S}U z5WGregA!ebuYD_(0ef^!6mV;#VNKS5ec z0Z2@44c-+KS?$_*Z{{RGI@fVNvOD`IJ(N_}qXG4Wl#iqE!P0n+-j@6XvS!if~ zOP>aRXYYmo00Q*OEeqjig>;_}SVahmON6&kH2CgMUTfZ?wuTXejZ{|*<v+3o`h_lLMDU;9>&MP20d}B0v&?zp3c{gqt z=sMBns08j9`qna#>C-sB6!_=E{uh8=YTA@`HmZJkTkfFuuZ_H2`(1n})BIpGUlVI{ zT4)ZNq0}QF#>YH{8RL#>Zg;|+kIf(3GvepNA02qNPrUd?eLdfk365K}$XCvJQhJV^ zee2BFbc$BclF z74$KypocB>=~Y_VZ9z*z8{>95bgZW?ge83r(?sxOvxF|Ou+Q;Vx#%7ivxvYWk7EVF zIOei8jBI*spNEW70SReT;AD#Ibp0#r-z&xgXY;6(`wZ)CtZ$%V@Tp9W2lxG}a#SRG0Pod@aHWy|z zxD1GMh8e26GPq(?`x;z^S0a&P;ZU6S&2n0nn{6zGf?{BEk}ANSEivz{N=S?H@I9(U zic3fY4I{Qadm6@Dh|M?iq>iqw{xzKjzq;+M?h%oJBR!g=4SBcDKX6Kn(%QoLDRS5! zOjfX$Ks3CCj|MgkpL(jAjrE1-LmQabfG|5%f!0rcvZQ+>Wo8|H52Z&Po4U7{SJZpZ z236E6I=J$~FyP~ZTn)C9wn^`H(9 zTD%%UdG6{WX2&MD+rJnX%w-v2JHLo=iU8h5k6L?qrJK#;I3103Hri_`Qi}2s#yuzl zq+QngHkVzaBpSH$!*L1uaVJlu1WH{IUTC&JyU%Rr(x^1h2>iEYY7C6{{$@TxC^@OF z{I-BAuE|I1L2;F|G2ptnU8^9K`dF=dkW+=JtBL|tOs!% z?I#o%wcPW&zX;DX;bafy?(8xL*1ao3(|*ASjzN^hIG{;%AE;^e_Y4H!><6geitv9M zcso?F)?}AQ*X^}E4rL5sWFez(Owe>fD`OwSwlY||Mqw)}HhA@~bkY9S&?%JX1E+CI zl(|E()Y!_U_Q?s9^ckCHZ+B>*r62eh;+O?Az>udl`CV z4@wOoB#)46J|1gYP4(>enz+9$A$aqZ!uk=Mel@;)=#`dF-N-m39vZTmH0DPG<1Ic} zt(sgTvFYq<;_r%n0#6ZXI)ra)4aDfLAYmR(K&dm5KP<1MxzM!>{RdRBjW2Vxi8p!c^2RlxavQ`g#;x~>U66MtH|b)aB`<`+t(D^nf75> zxXwAMFP#}P+Wn}kVV8Sn1&wnTmkDnRK*)uLRE%+3rD9z}lh*8fJ*;V$R##S&Jdz<$ zQSbrv#yPKmylth!;eAp|E0n+z6A5veC9vZw=r{fl$b3tnjaNXv)1$kEyvgB{jKe}T2h^t-t9+r%i!;aiRvSJig*mN#)E zsQ`&c$mY6fvx=)an`^YNw+f8RgN`c1TCJladC|zko~N*_&N*&%`fS=OKv}+59P%@o z%ZFL9Yv;6(GDLb3rw8$%l9!0=t(^JxGNQQbITh!Vo2bd%AY}}GTz96xbn$~|Cyp5r zx*j;qU|1xV_bmdIM+D@PNDij&!&f#jt?V~QGYjopoDYA|SbmLN>gO!(XZ9I2vUaZ7J)7-ih# zW4~&~-nOzzP!gopKs{ZWMaaUE0OGw{N72!3mDz;2!S|rfdz3ZnNMJ{jJfn_!*8#O| zm>CHeJ*YD_wB0k$x{XWxx#^y@)7&!Y;Ky-rk*-KN&re<}DQqJfTG612UD{fSImQQZMT^eREO!j?0oeAe zMs-?k!X#fSCPy6iuTAi;iL}@^Tk0~bO^z9l6yqD08FV!KU90Hx>5U34rQ`6xj1mW> zd3Kww+Ud|VhR8Z)j#q*z)B;jvx%@)6vFulMj~y8FuN(31w=RQj(*Ug>J-cSE#%GRb zemA+)Z<}do`QU?`*Rb1b4p1{Ivkt?(Ccu+Yy@v53jD|^9%&WS}&A8cn8c6 zQ&_e$m)7iNw9eUPLOCEB%hTlo=?>=HJCn^J9o4Pmu`862GW6tgT;`#2i0vlfxNuEp zF<9qswdB*VE-rkn*Z}d?tw*mT+Ct58mmsk?9crPlMl8(p*7q%!fP#7SHJ@_Q#0p+o zi>P-G-)!gbu88bu7_x*~J+;j8U0W;LsX1H^z4flP!%S_i=*;bbo_o~JJxxMaK`O&~ z&F3&UKa7R-ok#=>Q@n-hu*vj=ipz3 zwLMui8~7GvM&8T3uIzLe=xbObNjn~mH-|LcI?WE0Jh_J)j)Yf3VP?$~GsumT)RDn8 zv}1E7Sd&P%++^CUr?phnBe7daVOX9icma^(9=R2wibiskv^hvF+S*t0t|VN1xd#M_ zuX%d~)T}3VXUG`qpRG17X3Eb$l`18f#C??39;+JM78gmm`h6>!aw;g|WYR5GcX+~y zhuz7oOI3EX`#szW%oikqn!us9vDwLcZya#2Ve>H}y)xCUL~4;oA~86|IHr-D-$S9b zXjax#mf2&Om<4?H9^aL7_b~7Cq4UcE!~>p1YYm7kSZP+UO>Wa%nHVk)HMMrJgjpdG z>|Q=ml0LPpU4(J^t1}~RD)|{vn)B=PCAP+iW!;>er=?qv7xZZ^H3?eXqj@kxDvIf^ zbRYCbl3QztaCvNGkHWK*t~(xQab~c}-b>@0?&(cBgCSL#Pcgpe_NZ~WaEb6Psqp7b zyzz8CCtFA^H90K=4AGH=jQaM?esBKK9|~>08F=5?J|wULj^yL+62 zUqW)ztI$nLz_(VO3Afj@yV(~}MGNGW+F3x!8TGDP!Le%E;IN+KP(E6GU z`R;UnA+pyXyNz`C&Z`VWJnRltQ`8Rh%?raY_<`rR(^45PVo$UfRAIt*Y*M#kThQt> zZ9di~T~hN-9%>((?FcfxvO%v=o4`ID@s^!upj_FAH`bd#Ek<()irC2)Y8Oa-J~qV7!ELfYR0SM>3#`oaL=V&PyLy77un0(F~g@I zjCvf^Bpkg9o-6Sh_>v0^Z3OpB2Jo+zF@w-!ALlifq+eNTthVx*A$DSnt_Wl6$66Dx zBZu+t!yQw=x~h1iMYy-U((W+qr3g@X$@p0H%fgIwub_Ws?-clo&ryd-yt2EKL}^rh{qQ1;9*MYT(uE@VkEFk7 z{{V;@cZB>h+Kt`3ny!q%BE}-#$mgQx9DgeL!{H~#&ky*H#_z-4AdgD5g>B11$}&}s zar1W~rW+W_HSTi5j+KKk~~(^GefNmhxxFv0zpP1zO^ZD1SKZ~sGcBEGp^TQzi z4vqB`+zx46Id8fEO3Np~%$pKc57Vbg)`eJkMWU023>bQhY=lJRVbK{2{y zsPB&d0F6m;j+&i6!v6pnU2Fazd+!iWbrq3eADz48PB{U6tJSYBjrg+D|`oD*6Y_(4i5vN>;&@@g8up^R3wncou@c#f;&^{Ub zK-Tn4Zb^oj0Apo36>%g?Nx{x~gHYC_a-7%49~432&0TK%II+p6s0=<#1Q^E{{A=eM z`6OAE_7^L1073!#;8tc*fw`sIUr5ki+^L1JouqOHy>|_%{gT2<6cNRhGBcg<-B z&~a8gcgL5u`t6(=wwDx85<-YpK(*x z!;Gw9`0q`;Z9>-K%t<|*&IrQsk6Q0MG2^XQ;nkg&h-A~hw2(Q6%Gf@2@1MZaE>c!L zgVKC)@blv4gLkV%2lhs^j3PG7xF;Q1kJCKYo9g}}@Lz>B@D?Z zZUp(xRr>u8w_23One&dNbsf&HdvuE&DJ-TyssIV}uf6{OW2+ktPy0_y)u6hW<%Nx< z=b6N32bLbx%6>${!9Njv9q~I;v$xbV{c_klTonTbWZX^{_2$1!w7(Hwcx%Ak9oARF z&8NE$-TX>WUXqz0Zi zWNp!?$C=c6dr}0fdPl;YG7l8XWuacf6i3WB47dx=O7!m=-Q4&OUR?~_7;NLl)nkk( z?lJ9(VwAcb_29+PJ|So;cj3K$8@D)*CCBcF9FxzjZ9bK**my_8I!B70ZxLB65=9$e zpDYo<$EfCpiHv)n5BM+pJ5SVF_ez@T)=%{+PFE@z{{Ro?T~Eag5^oTAX6oBeySSd= zN0}U}AypXX4eQ#K&6P9dJ3oc#;{7Hkfo0Srjq|-hIOnc<*HxkEvUoO2YaK>4NaB5) zT=B=Kpi`&Z>h;Yp!#*syf=J`Ax4mZuIO7;rU^^{)=7r#mBFn>eg6>Ey=4VM!0%3}R zbCdNH9MX?Qd%TUNX`UX_wJk0iWxs`#vg74s1atN4T))Q8i2fGw=96W8b*AIRHi%J7&px>|$xWplIRaa4GB4g5|aG*O8U- z)BqiT2R!~&z**^0-|5OPAz>)oM&Z!<8pV&=8Cn#J;q7rEx6@MM9vz)j0l%>I&3#AV z>%9*1OV$4XwT!k`Zy9JM36ip4;2&dJ!IY(Te0ky@4(d9tr>HKaXR1pa(u7H3LUy1$ z9FCo9^xyVk)_gtSuMNlHT}a6+Q(O5UNHe%&p*_B}rL+{HRQT24i%oV7PJ2BjKkWN* zs3rq(87HZ)j9~EQm*Iza#llV`a&q8s$FQYg#dkf&;8(;Q9@E8_-V@alc-mMu+fTC* zt9lm4wSB9uUWBnotmKO83z;@HK%jok=ZyHfz{BDXg|&?m86bk@SXf3_XXe4+f1cIj z9|nFN_@}|TG}c}sfzsqo!{uy(qkur|oKh#*p1-VX_8uCum9H5DY^Aw4$gc*z{iF1| zzY^)%M~7@>n@pH&R&^>14luduNzGJaa($8SO<^C5v>|VQYZzs3F%^d@c(07VXg`9w z_M2~e;!P%0zPEzcbha7V+w=E>RM?MYWAk@dw4LsyS#6E1i`OI^`tw-Ux}3JolR(cM z#0`~^T%l4q>OO+DrpxwykJc}PUNnox{tVM~QFk2rqC}$M0O^5%bKbqC2|U6P&f(Be zJ&5J8%=}L9hMVJ`1zqSjNi zZ0(UoK?HPcj{R~m60TWpHJkI*i0j@Ylyd*}pGTw2Z64a~zJ9=??HB#o48Bpi`d5D5q;a6Z13uoK1mmu1Oj z6*`#rg~?v^fvg#BCfhDhvgfb8S-6mDP)%cX7@jEz8*n~cccgYxXZC&n00!^=-8a7z zz8LGjvY*7wTGH?0CxSLhq8Fd{+J>6s?Ez0+oFOCCEBbuAnmd$-RJFmiam{5~J&n!} zP`8cbmM1~vN)9qIIj@92X+MSf&EAmSDe&c>x$!oH;^;!0J=Li{I0wD~{#EBmY6r)E z5_Byy;$MNMx3jt}WvN0Xgh_+sT`KeR&Pe=5dROv^`)Pa_yYO#|t~^y~X*?*Uq0~_j z{KG#hW7@Q&?83*umjWg^Rw04N;;Zh-a;N_QuU+)tLy~21A!!Ql+TBUbR0GX$FbfaX ztjLAqVa7I`_o6t}G6=}dPJ7S;Ou^;ChDgU8Q@qDl0c0m0ov0ap2AWwn7XmOd$?H~s z)k)?nWFCH$9dz0H6aN4NyZy7Zzu1TNyYPRFWxKt%_-o=Ds5E_g9s8mP><6Ax)pMNt zA6owaL!B4J{u;j4G+RpvqrLEli7iF`i+65!!@mKxh8%au_UF>GnmXgL^cI6NXya}wS)wC2cZV|-K^T)gU$k_yTtis2~ zy1t)pX6n$7zD`edH9v*?OL3)YFv`QvMVKj%pd;R}l|F3>j_2AQ3e;@1sKR-1#r$KQ zYu;nh^gUZcxq|jWCO`~nvv%Y4?O!`r-Ib2G9u4B}0A1@TcV%W?L@Bgnboy7f{3O-2 zOT7jg9}o$Kv!{V;F5|m=WA3>9I@hI_*ZU;ZS|3JfvnhrCX4(8X9VFBF%^PhPao7r`f^g)W%eRA? z3NA>ZWJ1F%y$_{i&v5uubC(_cC<5FU(=2NnjP_g#ahC)vto-rU27n^nBFLUoGcY_F z-HTVfwOK-=>`~VT8K7nR9~n-TsJBWsvH6NuSvH?-d!<|I&^k*Ku2((kngfNN?IE4x zWC{W4in9wV8D$cDgboczj0>xS_LM~gscokNfn83I1-x^|A#4ouK-014GHdeb5VV$x zuN#7m^dh)by^`^68RL=yjDO%%$IM~0vfSOJyk~5JUvAzNjedsN8h$KSW zKdlCy(8;#HmOG=DBjzB1*1FcWhVllV%?ecs+m5D#Hq7XhM1=_`2=(bnAMQ|qK^&R{ zSkqU0gsg0&o_MVr=&r4%OfFHm`A13yLH5}mXgS*8fzNvGROBzrHu__&0x&gMVMJpo z0r&voxc7|QN)rRG98ffAB(kh*rB2_wkLWD4)0IgJIDHGXvYf`?(=4*Rkcm#8b^bI#pgG`MfNY&hRY6vwN;yBfqw@%&a zt7`U163X`qs(N!;bD8oxobI8nO*k=W=V1Q%?_9;^uWe})Nb)R~x#uULs5Yle@qdUv z6?DG}+AgQ!eMPLa%%7he5IqNa{Gflz-bp8kf)_o zBX?uAF|qvX{C54a{7dmF_g2$9A2r6Gr@1L}c|Ps(f7d)?9CxpX=em2R6I@SscP~b1 zW-flYHS6K%*qO@6qTn6ab|H8JH0fEyX&)|}WRA7fCv6euR;V$fUy!IPjU*?;~Ch4FLthZ=u~d{Lz8o(J#`nx|=qiLPVrf7w3Ook`fF%?|E~G@yfCm5p?Sa6q8j>{Vbf^aM0^xDi ztbvZzi2~6U>lIgMk*T6UU;&YCo1>TBhnivIw#J)eXvu3@vg zg|2XU$l6D-u4e9c(xqeb-^PEpPN^oHt@vnZdJl>qxP_uEa+xt_j42)K^OsQ6rPQ@a zFR!3Rfuv?wGxA0W=m$#DoLSV8AE;j0U2G9RVpSVJ_Nc7jh~(owmD3euVK!((WMiMq ziM{Yg6{MEe7cNpg#aDy0Q#qcj?=(LG-CZ!9gC2*|73?}Eg5gM+Rw3$gI@U5~k&TY~ zO7N6XkT&e&j1Gpq3rX<&ama!|7d(Ay2}#M7FZHU>QdMRwKw_a~2Vp9MqEJ z&C5&aL|8^R_w84pGR=Yz0uMOvTU?R)hNo+5XCRRW$_d;DHNfcK6tpY(&XZ}Ww3D2b zP!0|_#%XgQq-)7_Jb=2nWG9{}v0<5nnNyBE>Kw^&Mjg$>i*(T}zF1TDv&D0;>bDVU zhT8Jcr?g;kBA$odw2QfmM*O#ngcjwHbmF=>G}L`QE3Y^_hpL{{6A{fdv@$-%8@Z~V z@Q1?sl3kglOpI(jGgB4ZX4UnKx@>XGkg;MUH361$DlY>kpUS<9NV||muX7g69>=W&$(;+& zYjDSY&@qop)_dEeY#QC!hv`9yG=Yo+x|dVI;<-z!NsRf3Wpls+fC(+GpxY`d75*%6 zR+c4o_QgTXv~ZJCAq1jN#H2^2}9gaY>8ynZ*79CAqsjh>r#2K zNR2sPE_2%)8VH#SMGIxY0sTE{D9*y!Aym+2R+L+*{qq)!t#Z1qhiPzR`zOg0o!G~E z4b!=cZ=joL0WsyX!Nqr4ZLCo)Un)mj(rBXIr2&andqP733BuOSnW>_xeX0=088pP* zi~57xT_|WDV-t*eR|T!v%X4h@>Wk*D9Xilw&UoghqiK@bN?I{*bflb-!LJk7G)Hu4 z?b~9GqM~N8eNQdbA-OTU61i=szxA&H@eRZ1I+|Qak-fUecN}CNueD~Kj+BpvKWblw zx>m0Ye-XSdqbK&Tj74%H0T=IQr_(0B9+D`S0>>kvIPYChk};_fx>1F14%A5^s*hA_3P`K%|lJqbS9Gu8asqR{ zB;vIrnVh|exVDx#m>B0)$Ru>Zt}EilhNbv}WVZ{aSjnqG2>sk4Orsr6I+_leXT@4` zYZ`U#qoS>}+E$|r7|au{3k>i_sH=K}R~s4_%#hxxD)}6T_7%lhbUNX&v7~sbQCM2T zQjFX>?LjM_oL9O2&Yu}|e}JD6;nej~^Y|9_Lb5DUU_i~r<{q5aDBMrgKNI+nT+gTY zhem=$vYjKijls&gu+DS%{uT8H!>=CCsp;0x$iiG82iR9cCUaDebJ)`F?Qk@3t1Axp z;0;(qHan`yb5-Vk70mvP?(h-v-?AHKCI&WW6F;(ra3{uGm zFSndz^q{qS3pDdHhG*QrTDcTbOBiBC%GxZHXI*Hsn52>y1y_^LYJw}MgldwEGLGHp zPh(iixgFH#QC&vUo^#%_W>j@DCJExNORvEJH8uyC?x z?@$&g>;52??m`+CL_A~+ip|or_}|Qxo!5+xdebqIG#2VxX96`m9^$k`A_ z#)L?-Y4*(t^CLMcfI;h62SzKntAeAPXRU0Q9!=x@9($OQ_5^V8@zs<&qyRS3NO|)ywNCim#fki`e3y zH$fP#R^Cw*^BJP;p4DF9*bvIF!s*Y<1_-GG4Q%b?mue3#UfKR3Ol>Cm-eA!_T(&_| zjwrAlO`WaFAZvw4-`=*amekq(ltmnjIx;Ug`qVf9$_p#VW)hzx9DihukvJtmzySXM`s%#QGb|-aWLj2iN>BS>Lw}G^a=$)=)ZzpyL0eT;;eJP?kS;rjr zKwY2!us_PPnJ$@Q?OHwc+r<>N>2aLnIAQIIy4Ke=QY^^Q3=V^#_oy>*W3DwnwOS-M zcJL#Da`@%FkL6q)^p?@w0*A`S&B64f$tX$hpG~#8;$RX}V*_9Fqc*55QMUDWg>sVtA**_O`}5 z?JD$i1>*w&jd74%FfSaago@LZ4Wl0BVZHW%6rakceOB_`);RY0kpeS?~n$Ere?^(ll>BAj!4=$2T;ScE!-A2D3{eZ7POc@VS!k;V&)H>ZR9Gw)Mt}PqEuO{X0n(}w-Ko$&|SK}KB03(XrN|sm?IQZ$OTF2&z_`wF zT^6O;K=x=Ca-ZL+>*}%`K{b%wFaKcvH3Od z=KUU} zzJ^ZkL&@bmuE)o}2Q{55P15Wx?4MbZ9hW+MhYcHTz;!M+c+c&zX`{M=YC39Ou@$9|dUIi+G#+M^Az%=UgwLBh%b_RC2wI zBYW8Tlj1Lgyd@vQ+3&0)QQ|wxVGQgDD{jNMQP9`NUkYdOwf?zh;a0QMb(pOrF~M+= zoufTMk7{XebD}+uvwS(H>l&@hb}~HjN~D$#)j+Q!{jc=T?Ee4-DlV9i>S7|QBZCcb zxNu1CSxWXv3Q|YKKM(wGsOkP1PY3IE)7iv_bZT5=@r?1)>0Zfg9jAFl9>JVm&S zssdYY)Koi?s}&;nVd7nPLDX(ENXj%(7k0=Saohvf>0a6UK6tl8`$RfVj-?j*rKo80 zB81+mI_LRPDO9=XUmw0L_$J@se~7d_CqRo@xsgJKQY2u*IBuL{HTfRe%obLn@;iBK zcm+_V(oTC;)X}U_*m!b1N5!*5wil$iUJ&vC_5Ca8PYP(qOz@4~k#li1(nvhNGb9i} zt)nXnYe9n6-@>*6Yncr3BIhpIBzl_aAp0MTv>R=2!&P_GMuHqwtRgAb8Ldk&Qhu3pEj zYFZb<*tC=3`#lcBMZb*g^VDP)^{{Z^w zHZFVUaoP;}ZjY@W8fkZlWqxD|=&}%4&Id8r?W2P#NQO9^|#8*>ZNo}E8 zPj5W1?UUr>=Q-_G{2}nSTk&s=w1~Vz3tHH%*gkkU5uoq4tvihRi^hMm=ZbtWaj5u~ z$5oR50K%;f;uH;ufyQ64_N`xqnsj%%c9T2>kVmy986e~y-<2!$1trk>f5ra*4EzV< z%l#9?8ep2oTd+V<-_9htPzhuCR*s$Va@uQ~ZwE?cd*n^2Dybs_x7MY0WXdyz>+e;HJ_qLcW&P70yt8HTC}h>_KL-__tb$Y1-dK5Tr$=Vm@9$!205dROmj3)V~>S zG*1I-w>tE5+gwi=DIBOd+vpGBSiTYcrnCrA7x z_-_6s(ywmr{=+G{w{j7Y0o(_C8nN+b!(KA@k!>EgWqoRzt*AdN#|-L6AW$aHSN(xL z9e9?<#C{}>YfG6z7Lr(`ZPBj>pUl_k?~bL>JTKv`P->CdBom=o9x|k_UW4Bx=Q(zM&;$Wwqd?tKApul$GGIy#UBiQ z%w8ki*{L}9ZL?m$A5aU2T zInM-m&&PU3jjU+bthbQP!EK&ZEbIZ!SoRsN$Hy90si}BFPSxxzk{xQ?1!$5?8 zsqKmh<<$2NhFWdEjs6nqdUm0r8$S`n8I>et0iz4a1M)wec;~~91L=D2jDggrNUUYv zjFSMrGUN}yk<;FS(lY#Q@GryK2Z`g-$pX&VIP7u`!j0 z_;bK-;0M&9@ipRJ>d;NHDbx?%#!12cRqgtJiEf~@3hyGv>Q5D$iP0Gy2ZcOsrr+vP zX`Xy>-N%6<=eg;M^j$(|agr5+gS%;|<<`Tw@h|Nud_S`+BNsEkvPxniG0Dg{sQv)> zKf?Oem9CwuM+BO+j&5OhAUWXr)kY>#m5;1%OX>GkGwJ3zQ+R8P@HX?)9rKUYytm{0 zZLjzAC2Ji*HJ-v{DIoPyG5u?j zQPi$p$MZk`00nmai*+9tcsE|X(WAI;75H4Xt)xpD{{Y9$p*y5ZW9IB}?tLrx{{Yvm zh-+r|Waex7kWd?D_IjZs`B4h>3xY^Kp(h#M~ zBJ}s7O2yNC3vf2=p@%=tu0be*;xY!qo;c}Jc2Z}#{?A_@_5T3bTlR8v+%b z0U+Rz4o@So%_*y^ov}%y)8x}67E?myT4?@dKBBzm#d<_qm527K#)kF;Xy%277ZDIc z1Na4Ap|-t_HRU7#;zBX}U4FT&;_MD5^4H@(2|t89Nvr5r*ACM~DGR-D zS##IZrE&7an?6-yz~_$j=+kF3;$vrYm|#_hA4<9QRabEvl7lBcwW-R=($5CXptqO~ z4OjDkWhW$b^`HjLT?sR<~H>e{iT1w0zYfm{yqNA_rJ5Zj`djeABnyKn|74)Hf|=g2ju`B zP6kts4pY*UmWO0ye@tE&yBfaDUefI+v6O6{GDcDRfJ3g^58fuiqCV@kyjayz85T&HLnCzDq*l$W^GfJ< z6keJ2ucd~^nO-Mf6qtysDv|H&UC)Ot6H{b_yimRlHym<3>v+jnp!>6M$5^XVm4;iaW$m9G&VGIsROZ%)~jC3`^+ubF!q8zg!{J@~4CXTyEn$S8< zz?|od)S8`yJ3i9}5l>O;L8>sLO}LF%5Obeu&^j%=$XK_{$N4k>)2GK9fg>WgJ-byI z;fYxEe@;43I~n_0+2fT-z&xB+qiOfnmzMrPDAAP|V!6ThphkMwTE{!Ih_4S!V~X8% zNG&3=fC%FY@~AyMr~{t4(-EICuU@{jmv>31IPolShKcyQRG$( z6!J4b9VVG^YVkZQr3gKGb6tI$u-t%*Qb`lPwF4^4pxMVbyV~2a_zH(rkzhoUDbOEE z0OBs@dzUC!u{|?IvNHK2DJ$33bX#wMZm&9>`2Oi_sgK9%UY1(bI7 z5jU0+Om59#HdI!m_fK_l^2Ym~61eNqxVx_oFE=b$>^TCmNa%{xV)(A-PE!PvszR!9 zlYx(V+W2+w>*6=Z?O^Et01Ui4tKRLGWViA_MXDYL`p$=~bwUW$*&nk100h6_o1P5# zdkh-K#C>)z8f$YZNhPA7Wwn%Z#zrtJ^p8aFeU6E1X=@aA);eS=s}wMxRZs_@?^fcD zc{8hu8;j-^`dSd3H<7@u(@XH=7NI4){{Tq29OU#B9E`x~FaQ{;Gu=aOj_wZ8-lPr| ze-ha>%#hj>D~_P_70*uAv3a)_Qf(bVgZ(KQ#yw64Qt`}sN=+@qzDAs+?rd2wZ9Tit?1exhz7B#vaLNFRe>(U_$NvBlHU9t{m!9VC?%vhg{ZM`d5vSPbjI4RQ zT4pWPlqNH~0P+n(D>maBFVNRQjfE+T6l}nT7&WtCaHSD4z>eK0GIKj^Geo$)c!`aK zMD?#;@aKi%v?(Ep9Q4{p-l&~`YZLfySv@0`4$`7q$Er-m` zp3hB+7)c7Hy7a5CX^(j7Ez5bi#@fJ>dPVyjCf4Y(IT*>TCbLN;E>AwA(t>3x7J?!~ z!A2Q+4E3oZxtcU4CMw2)6ty|q*`^&{&+ zYG~{2JnK8d1*D^VH+DdDXtF9MfDwD!g(j zJ$vGVCd+o(y2g@8IylF1>0Mr%aCINDEEmerKOh#Mld`$d&5?>XRF`nh;A%Jh{ir`vVZ5$}ZI#49;X<2F#+srN@V2nD0-n`S|uZixzvg3Hw zW4Km0Vc+XiosD3T^IhkU{BdV$w^~Kg&onL=DFkly#tnTJ;cJ)iK7(bfO*o5CAQ@55 z%p1KoAeucA-%OTUZFZ+siGR*zkV;^Nlq3^77Lka`;H^v!Bph+5X* zs4Dm)`qMS$HKj{djaWZEq*U=3R2Y zfZ4?YIV;O?x=8Ie~bJvE7)E`Bz|lKNH_=iSLP4I&kEf5XT(xN6|||Q$Qn)L@TWDjR)ooPINci5 z%`!y}6LH2#;#)Thck(mywsW*sLCYu>H4O$EYYR)OeMSq#Aap-IeZ_8gCtlOE z=exGnG^=enl7;0x~)|3ALXdBxGcx}PqSbWMe>t95C1o+tA3-Kt@ zbwL;QJn6NhcHte4GmplwOQEkSKSgitt+fkVEBh;mF0H1^EU`9K$Jg-P?m9 z9hi(`(z%=q=4anuvk&b9;#YXF&rjj?keVlo4Ya z!rBh9uX1L;^Pmnkh9fFJt#tZ~7xogOxNE3b9)~!qmJt}^sP75rMQU^ z0Y_YZH6kU`*Y6t1^3< z3%5e0wZ+ZG=-LqJyX7OO6|1K##b$}7W{C0ErE3IY(Ja$kS*u&Tg^>NT@hGt=b&zz#wBaCR5zokI9tVz0{^C)a0=}E4sV5(ylarE-RSs!59pum7s%%>W?Z<0jHdLHx|#w_L=;x2`6BTIc}s4RSj@`mi= z=nZ1uTxh-~b-#iMO{)OwykUU%py`ZR(dn8_l^wPsZ!e4ix2;`EX%jJn`>bFJ!Mlyh z+nN#R7P8A}eyWDxebbIsyGb<5lLCeec;k%bqEfMu#7`NJv@@$A&IcVU67teJawH*L zKItbJtfaxjq%M4!14dT|jzwwQ9r&6wfp`Pu>P-&JvpsqVm@TIGX*815^u<4L7pL*Dq%?%q%wz5c4Cr>Dz6m?NsdWZTv(?bYp zVFx2P=CN;6HzSnPb#{U$j|XvF<2`E=NtoQrBVOB(F~L3aQpTB=uIajLk|J9df-am7 z=T-EbI$Khw&sm_)7#!9G^50`eQMRq477OM zM{V5jPaSLLt#)gzZP~RL{LCDD%bcG|`V_6P!5U-{czan%Y_-I-ki#5<_r(tN1E5kp z>+dfFYu**{uA6bE_{Q>O)K=YMw`V;V41a|IC>{y6PYP?lWVE}FRIq7GQA_1#%NfTf z-!=6=fbF!)8SS-AMg^M1&e;_QAY&Vc=b9OxnaKF6_xmDEb}bK6l5H;Flx23#^vO8@ z^f|?H9|nFkXx<6DmMwcpn#LyHu}P2}ok_+IVnt2*8%3PIjelt2FNp=;hfU?4qirJ; zLzPBSa&ksDabB(Ae;?}~v@y}FJVgRL&@Y!BF}q;sTksQv@brt4lPy70!SELvs65*>m@7@4wmsr;(Z#M8CQe--q3^sPrz z({(F*d0>u050b!)9^(~@p!{0!YoAYpjm`&Nn_#b(ioCbpW+qjlz6 zn1pSR%5%FSy4@dASRs|L_l{A5VY)YNYc`g|sA+R+!oD)p^!tm)lIzJ zT)qxZ5J4WRWqV^A%OMP`GlF}X#zyhbe}VKZ2SC-^NAU%+T-wX>$l1c@BP9N{(D?Vk zzYH}k4t+1f+AXu(eCr$MvG1ShM!TB1Yi4};@Jr#Zh;%#u01)bWh}~^y=Gxs|0)_`X zk5TVh{yO-Ls_3xY=@DB;3}g5N0|mWF#b~5HQ_K7{<2k%_KBM8iV#eJjScplITmpLZ zKb9-i{u1c^F7OxHZEo#h`xM~q^CJZ9CpiSu>L&y1e-!B&2BYDvGg7y+wEJ48mn$oV z-N#H<3E|yVEgwy}w$j!z1`f>U6rJ@jl4qal`lgSm>PB13yNfMg6464f@=6C?!|@g4 zek{`=)U{)*S=<&7Q^|Zwqb{KFK<_F}t_Wev3hmqB#g47vTOj(A zS?UsT8mnSL20m|UagB*{v0G30FQ{0-BFQt~0Vd_#*=6?nR?erO>sno`3#P*GICKpl zj2*c8)sWqltZsFAu?l>cB=$i=~s0iKf#R`4ONu%8~d;9HY!xq|g^!k3E zb83x(WedGJ;~jI!{{SMsd)2%_duefZX(Qao3mv<<5Irhe9AfWt$uB%bs5PzQy!gR# zJfqGBZ>@Kp0&D$6B9ceA*v_YPgPeL%%FPc<)|XM!UCpG!$z>|>k-H;(I^&-AK{hT~O zBKU3{K0ySxesM|TVe>^MPu@Mc^r(z=Wz+1Bansrl7WkK2(EKCgO$$l!V9Z#EU* z2aY-a0QJ|!-VXTX<4=Wu66DdoBIxm53v1&Q!$O<9upjSk?xa=1Crl6Co3DvK0sbm@ z147h1JFIwed0%1j(4tLhHu4JaP7QpMuXu;U+GW)C)_1xy-b*V*3zDQrzJoR9;_1(t z(b$_G3;b0Y$=5ZVb6B++Ti`5mFbfey`=-4E;it!a2f#WaPP$Bb&BVySPi!(z%6P!Y z>)wnsSdR$t=j{XH4;X6=f8p5(flgZ9;ykYH#BC~iV;w2p47%6+M|*7z?Sgrdwix3G zt?6EjRgkY^=)Vj6HSt@@^656#v)V>?%LHljZO`7|{{Twc*8Dr6X;w|DY4UxJ^t%g) zg5z^zl0TJIj(OBMF9>+EMPIkxOC#7Q%7@1dk6&Y4?z!TqXVfg^(Qei4{K4m_QI3Dk zYSau9lV{PM5%|Sr@H|Z>OulUrRJm%lT zzZ&SeU4mLi3~PTZLE;hg+&b>Boje=k3%y@bnI<5 zYZR)bw=nA7gNnoP1R7n0_Er}R_WpXEkB%C#Y*CrH;az^u!|`0$#dywNIDBy6_BgK$ z)uPojUlQJGQfx~ZU(B^-Tov{DhhZFIyz?U~SHvTa1-O|`!WqjL345-Qg>yKV*$gX@+lUW-#X(PK)vVG_I zP(zW@{4W;^e)^QR&e}^ULkoP%I0R#w+wpaehpsL!ZnU`G-hH4JQGuLtK9rd!g)3fZ z5F3f^n7PUsNx^j|rD^zc!_ewJXYM}KtlNr_kUP~UVW!WhJ`Xe(I-T{L6J3Xa*L*TI z;4$0|z~a7%_?rdxin>0hr`<(0ys?Q2uLdLU`BsWxe8+!h`^{=h9U1z~QB=AMfrvFILC3 zdLwwA>Jmdwv@zrp)}4lV?~FVzYvb!zvD6+;U0q~|;go}(KPvH`8F(Yceg@R+yi?&> z{{XbKnA6I*wAuU2XYT?z&$TsUIUd*WYvSIG;zXNAzl!ARF$R5wv4r;@TI}`Kn7hU! zW=6pQMrtZVn7bb(e0}iUpNcMFzqQfr>@HCjIVRhaF#u=joLA?!i?pZHH3=gYvs*-S zfJbV|Ix^!v<{q0Yb{8<+qb01nf|&~EBQ^TD@Q1{2;tvQ|O(dRdks`$-fsd#8_N|cQ z&ug@vBvy&Xnsb58a{mAlJTiQ9;Va(_h$Olt8R7~#R>9*vt0|z2kI8H3C$rSAblb~& zn_WuX%1slg#Ah|scu&L=czasWwRkS$gHg4aWQni_LoAdJl=d2h%)T zq8QTZL`QjH06a1So*TC#KZSo#zwkxB+M&N`U)jp%;TMg3M|XYkN5SlESM6jp(!dww z!+#JUV?RnyW{#?RAE$>uy;Uy?B!Phpr#{5j@R9!j1yucxCjF6rYA+CYZ%?(j zw)k=5A2VF=#KAw&!?!ZPvUJLxK=do>DkGyYoR7#m&o*y1-gw&9WO9s*dK%>nY#gJw zBpy8lcEO%}-sOvBd56shltIV;0A8+_Mcx^J+xpcQ^BJEwo#bLf8SmfeRUc=V&N4E4 zo|SM~kRWZO5WZ(UDe(-musmm_RM%3Yqbw|q<|3H)CO-F}t3p5+?j1PkSshf_WO)+C z&`TJa2K&l;ivFcP;M{-Pl6?cj9wGgRJbB_7B(jxXRPeK09m@eNnJv)v$KC_C%}&?Q z?ToZPvv^m`wRusIq==P%bDVXqH(9o}QspBC+Eps)>6+lGR;>6>_LlG;h_C!4);=3m zzLQUXw%DwlVZjVSdT=^__04=|;+-o&_@&|dT}xQDks_8KvEMQ#3=(ZB8HcDN@!D&Y zwW2?k-}opm?D?$xHt{{)z5SDM8L_x9PU1h7<|iWzJ-G)p`I|qIBUwa&vcv+tGhMWs zv4u@ee&RjM2pf8x)ca`_w?^*S>bMowjwx^7qm7YH$Qx^5oMf;*ocmY3cvn)^ZY^&#%~TVqT1Zqee|xh#5SsLv?-+=tjZ6_8?Vd> zTzm7=juup1kMqm@y}kn8{?Gpa9yKjWJswRX!Col1n&~81$&MSuY)KYIaC6T-wee1| zX&{0di$(L*{_75ztlq`BYGG)ajn`7kQ|-FXKBY!Ynu;cBBb;_$@n+pxcpP$ ziw!d4QWv_Ooo*q1K5P#E0I9E{bSYL+qD`(d$2IQ5W6Z41%OEk&`o6=`uG#8Wc8;<{ z=OFb0sO362HD#QnjGkUGxM!N`?Wc*NLWH$xO%o(}?~EdlT%l0DTV#+&@~=H;wp<3< zNn?!XrD$Sw{#q~vJ?nc#CM$siY9w6aj%X%m?yt1e zg4oFL9D|Zc>0GkjTi;C*K_c$X+=InC8ItPvBHb1Y?{VMP=}yzEh34Cm!z<6z>p&VZ zT3VgafC=^;>yOkdO5G~J=oiqAaY)t+snBWBNpIzy+j0D>(m%FidqR=qt~t#Emc@7; z&7&fIgyRRbbGNW8K6H>cc(d!$gCmo;nkjb%KQR4jq#jh55-ID9^ri{ej^%}_Ka;)K zf(AR*dcb6WNg}Y99Qx8NPr1=sM;qAU84Oa654}wWmR(qrmIpcSK}uIM<{&e|*-@Nl zu4%$1EDk{(1qB@iz1)_tsztOmdv>TN)b8WB0he?vzcD_v6De4tJlmbb!c}wMy>uEq zpOlg|&BlR7SJ37)Ij$|I+yPVvA20Q;r^A}6%Hatht_e8%)E0IZ*XY)+RDIF;*927F z2^2GR&KTtW6akv{v!elm2d*me!yp0h#z8<2ig`o%QY$MCbB>j?qk1=-ptd+BlXe-1 z(7Mj2XjLbtsIIcg&=G(__Q$BKMx^#OqtarMAXLY@rU2%!^?f}?)`1bR!3L$V^Rp^A z9u`R=VvGply9*6&&fFEaUoPPE&+%4LmCLj0bTVH_C78IifX;;DmzK5>Gnb5Q&VTStoomI{dT);YKP}IPw0)uC z(jsl<;GWJqabLGS0Qg_wp9T1G$HJZh(QUjV;mC&HDj32EJ=lugG6v52-$Yvp4YH`a zbHHFfomy=kc&<^e<8x{bK3q-UN7T6CAT(XmF60}k1$B;+pq zSq-)GTC|`)@UA-7DXHqS-tY6~5L^D0gJzMYaQE8ng^J7NvhmhT^N(R)GJI$Kp?o#) z>qt6`nw`F*Bcl;*8K0`{C)kn^}RseSXkO0nRWyUA; zRr?)(!4mZEFHQJ^`%CMWcb7AinmrN_L}`w2LHZ80{TO^Z_-o+rhdv#)@c#gTyg8?M zS51i)B^L38W>7KnA6n(9P}w8UVzo#~BbN0elU5WSNydGvf>OC|W8+=98OWrSwua>9 zq|8`bDn4z-r>$J9LWa7KNXnqI5Cw8qz95p?c8Eqcb~TfibEcIu#{MmQPw;nv^n1In z8f%u?aM_hXBJb(f+P@KgE`HP6roXCQ+ITAU{{XVYtr)nGkKNB<-;ctP)nnxA?Ly;G zytu!-np>-h8zq?asXyg_MF*bVmC+SqWh(?Q-bW7QQ?Q&2RXlCD*yjYC4^nF7F2*ih z&Fei9`tjB{;gicJmjk7HH-jP!jcMzyhEOlN0p)zkf*F5`INmuq$e^sE^UXFs~;8P*9Dgbj@QSE$%7 znQx`XdZ2mTThvy3or>m1JE&c*uQ4c`k5P=)M1i7Q;EZrZPa`v%7~ryexjpK5;4cAi z$8hx+rD6=}%rd6gwl+UHjbgQU!@(jftI%eU6=c?R06e>eX5(&1;EKzRVSOa1i~}!P z205m<(x8%IAKFz$c6AIZ#&yff%c(Bz>}VYt}!bZPGGm9ppnz~_-#x^1M_QV1uNagW5-$r4hN zPyWuHWmVvw)nY9)UUL%u^S(s@QUgJHPE6)9?CqX}&_UH&SvUqpR>ACRo7F|#wbU{}J9%NS zRE&xM*oIeh4B+e>V>O|6wkc|pTimd7_mGSbXakX+;z=2Xd*eQ}nLYFn6^2QGO!3cJ z0Nh#L?@o@+Fp`bj9^$##?1W6w%B^nxxa&^Cv4wf!4KGdFHCx5CiGPi{3Uqgt_o$QE z+^yBSebT+@@-VS=uAU&gH>VV%RE$mK&OkzNHwr?ra@z9B-rz80Wjx>>E3>`3wrCQ2 zbqd4}YC}0KPBV1AV~k1HHO#`!vpSRC8TFugqWl}8x;SIykJFlFza)ChgV zFb4(#t})GI#}c&69a$GR0)RQ+6k6PiWLtYEZr3=G9OEnNUp;FY4vS_c5Wy{rhQLf= zbJXMWrgTM~LE;@cRua9Oj*=G~=T?i0}d zmC!sB=@(>66gM_fDag+1=!Ci)lX{$VQ{8`ULb@)KKBVa~?}KPNS3HsrYVGw+OT)T` zq?50Q?tkH7>AIGU{hg`llEZwln8V-|Z*%#c_2ko8ub(84I78TGuawz7#|QBf zMAH0K;ft*<{{T-0`8kf|2@D6J{CTg3Zl=|Abe~VSoo`kQt{bT%zvYVNsS(`syL(%^ z``NA#IE32_=BKXYY^MKH!W@&U!Qj7$6s%yIK#Q5rE}PR9r%GK)IQE85iw;P zcILj3@h^r8TgQ82eH`sT3`Sddh9ZgW|U zPQ+I`V%_DchCQn#RhuQp27xnI0M>}sOyLuD(en(U#^ z&+KbD>8FTnkh868%t;hR%5pc!vyA;JjojW}%M0yn=j&NW4C#tY#jX#&Pg=6ETU^FR zoXA&@MM%@JVhv3o3vQEq_`w;gw$a*5BzX|;KX!m}WveKb*|vslxhEv_u7~aOEM*fI z=uT)6dfQ!Skix;4dz{r_Z)Fn zrd&5XuUTu~4;eg(=42-s&jP&C{_b5t_s9#mIms0#R17JY9mrv4&kcjpqmn}!s9?yW zrs_mVYHX#%5?Uw99#TGFYOa?9O?Z&SC)uM1aZoTD>p>^D>6#oXZwsu1&y0{OBUsY1 z!W)2Q3~~=#PzLUSqWzlPmPsQDdIBq`)3m#0nYRSaax=iq26JUCTTh8rc@i~a&jfTe z;+o#MJ*D8cdwELxbOM4~)aPfrNu8xtE1yo)m2nYh+1-`XIr)bolXf+WIeXamM&cc& zOz=%+4K8hHNo_n{TLJR2E^~q2quL!bk1xOQeAbiA3{r+Wjs`1JNYY+d#0KRexLlLl zBNZ-3Lp1ID`w74jEQy?S>s@}IDmLe3em%IUFl^|pyp@*SLv${O zHSOK1OQ_llJAwx2iQR+s71r9@$GrK1M2o*Qnx8`!tXRC$JlNJq#`OmPlhU?4FQ(Yp zPb8PN@mxmS5Xue@sLgdj^dY+%zA3Qqt-ZorXm(F(8x6OnTO8IMimZp^3!LEb(APrM zYG)}Iri#(zji!JXL4sGQHOcG$0AvvYK`)b)$5B}_YPXkM*rg=8m_+^Xeky3@VPm zV6Hm)*4K!2H;&KBk`TdCnj~pc32(B*#G`c){g%11kO_8mIqT16Z8U}v2D zE26j5;GQI40wBkK*1Bn%$8y##t@yOp^kq04P0i*b4JsA9y=e(I886 zZufD%@eJ{%Fmv4dSFg^_c+_m`^gUA2!@`!D6#9DHNVy(kzIQS1Yt84r);u|>+)o^k z#VN+X4)rHBq-AmHZ`gRk8!L+|i?~eeWK$*=A#!;*^sl~r6uKU#;cKhSF5=4i(8wbg zAV_)=KF->`W@PV~z1Y!_5kPD@xWZE~R<8G-CiW0na{%kIue`_$%Q} z5=lR{Y@tmS=~6b5HJ2sW3}91FvC^yeKCHem>Si${X)Z?95-#wg7{CU;K=JAU!yj?YYPKd%q0`T$_yYgFc zJUt{2shfLiCYe;0Tx6c#N|8l$I?obm-WHMzEmJ{lIacXI@3nHk@y2t`YpL)bhwp$y zyt|#OiTl7{;8txjRUYR>;!Oidg|!rEOzH*(M=g<5ejZ!si>}%oNXI3tK(CX~9y$^E zQ?N^8-o7OGX>`vGcz?v+7}24vs_ONhPQ12 zMc%^~SR4R7Ygo$Wt6dL}d{6OnU$^mkX_nWP!$*-xI5;sLpW$Ay;olxhq(Hiq=>^md z3~h`O%l$sJX08bE-x%x1Sk{wKh&7~&?X)Wq@{`iGJR^Q@t#4ttxk+Y?unPU-V!~)a&yiquZa9#Hk*5*q&jcgJhC9pIYr3eeN6`x_dc=FY^8%uOTz+X(RVAa zAd!)Z#TqhCCE8qDPG;N+=YjZ&8X+>TiY=Po!#2<)R$E}4;7YtHZ`ZYb6Y%HZg!1?j z4-)DYc6Rp19!!y-WhWmteYo#j?e#Z{(D2WT9}WB!qw27DqexpX_?Q64%3Z4z%fZ0x zN%XIqd`8-pzNC}O0eDLmX?p`gEabHh6+qW;#Tx~kGm<*D`Qov4tHG;WTFrWv@FU|a z2HXK!#w8`(^t}V%&xN%O68pt=+Kf%6LJO>J0cL!2pRQ=|)~DeuJ6DF)Cyw4h^Nfwk z#Cv^lR=2UDXIZY#pjm37;A2s?o*{=3mDot+523DEJVB;d-xjozIEZk&wtK_~XM4mKSDUFv|$RjQ2Z#D)lQFFZ^ZVe>=tyI^IhT^Ky{< zjM(bO)YG}w7^Ae*yb-D{oga$)9dRT#ntVkijT>i}N#g(!n(&)Tzlb{R@(ng^YU5h8 zou*}x8{|-V9RC0>dPPde_AiM)7n8@I59HAG?GpOOQQomgte<=+!PkGZ5WXc+U?4K8c$G1wR%^9d_iSz z;k9i*iwoG(&IOz0X5)eQR?&@&`46Uk7W_rk?SvYQr0~Tm=OhfPFQN4n<3AE_;?lLo znk`|ax42^_)^mW})B{vCOt~mYJ;SG8Inc=S-_&PxwW)gX+bEj^GtE~e-Zra)NH&L z@GHY|Lo9kN-Ik)UvP|Md^8wE}_2;!|PF+rUO|y^Jbr@|YORWa>NUf7Qc8qTx^&0$F zmra3Hlu0a@Rzt{a8rj7a8h12&C-ElB#G1v{belau&umwRc!O2d zHLX6`K5w%`t>t88mpwuB=CQL|8Yap99>^0(crR~YZAKafz|xpNNYm zgKV_>C?~p=+=q%a047HV`Pa@iudIA5)wHh?UoF+og)iJQvPg3agY$lMq*}SD_xFOl zTi_{eBiHZPrK^C@d5jsAPh63TyYT}}@Yje^Njx{GT-?~XNq0s{G%PvlJ?l|6b^ibf ztt>U2P*`7?o67s_Q1WrcJ!{wed*K@kbhevKws-?50a>$_AB9AvVp8aQQ)A$vru=1l zp$*N8NdqWUOe~y^Pt&D+IxOOj6_!=sx2PhfQ|L^QiFKm*UsuumLvN|+iFmJW?-M8A ziNMIg{VVa?;x>;Z-lwUleUiZPro+G^aof+(R%9Lm_7X=s2a%gD>;C}RJIC@^ zYZ~@}aDLHZ@vHe#xx+RvHXmcoKDE$+AD|XI&W=@MX2x^cx>bm>e3BGmNZbw$O!hT` zJ`DY+ejdrB>$aXO(4aqMxsMm9&Hys!gZTUUiuqnB-Z?>Vh~VI4XBCOr6YL+^$Knl* z#qHK+~OzlOXu@dLvW+ui7z&7^nGNfFAD$_c?7cL(vV+u?VL z=kTVtX_+Q_S(rsCb|9Yh%-2Ix>^*NphWg#^VHpm&W&ZFr`D6b81xx*mw9nf+_B`=_ zgsimIy7;T%1butM4vD&HWQkb$Blw7A+?z%Qc6wJ8Ze<4IuGZeCHAtW5zvGP~f03)h zr?r*J6KQt@hYbvCxR$r zlx9KP9G>-*t1}h2e+vFXekJ%O`{DPE_1_EMKv80lyizQCRe?Rd>#CWAndVOx=5Zly zx%BN+)+pj(@XQo z)EWS4e2=*@7#g%@aOPJa`vJuTLvqc$%F`)T`HB21Zs}mWwVKN-xZ>W{%5IFD7*EVWtS zYdu0HHh1yASma&~ez^TAD#YtOO4=oq+*^^DW&PxCI#taq7bR|x8@L+*x)LkRoNUB@ zI)Ct5@7S0A6W<1Si^Luu^6fN@OCY~XXBt$Lrs&lE)+!LptFiBslMr|(uZ zp?K(QkEYbrr?F`l`q!rm1DnZg2pIslI11PTuBN9k3bBeVh)$7%+OjBrbW?0)V$3hF#D zdljyu430+7*&(_$G=zGtyW-6+R9O-fjtOuBBJ>y)=7K9Yu9D@Wk-&U_oMN4<#?FsX zu(Z5ed$`N)#&&vDOPM3Hw~NUkS-(n=6|D7G!{$-WcIV!yYF8{|^ALRC@O@}5G6tUc zU|BwP&-*-8n_W^#JpvNX0>%BVBN}p5uOHbUnN`B09)Qqk84tU7A}t{U(10sAUBR9dh3nFSit^nt ze=J5_bJw`8ni$mEsgVJEXEmKf1|`Be&Y(hlayhQH#=~{Fxo6px{XUhL5W}krNoFw* zJ3MpS-m~vDKQUd3Dz<*{J!*M+jwdy9;wTV^+#r1Y>dBi^p7MC4Qiu_-DkQZxJ;%ZG zEzO(!;4+?6p0(PeT11Z&h*f&zS2UTd3U{e*8VOQF*hWCE17Gn{X{Z(!VJRVYr!L;W zccPlPXS;j_{gA#q{?PYU_web`_y@q!9nxwVlq5SZa*Ex4wfl+i6ZS>;NAM3wn@{l8 zfV$U-G8wgdl@8_mvI02fwkA@s^*)oNt+Z`5#PUxtIl~;9?6jx2ypzb17KYoVcHq-9 za%W{7oDiz)jZ}_@9Mj}6lwkW@dKz(dB*4GdEN!EBnanH)PMP{wk80i`yPEJVs=7nn zk3&hjmk9Ma-9uNk(_A&gsXV=SewF3kJNUDrczVrmH9blQEeYCA@s%FCbIl{JoDa%x z+8_4ivC-nY)BG*1t)#)3T5a6QzQeVCEBsgesk~+4O-E2i)Tg$L@Eh+tYco1@)d zUL}^DV|}dZPWx8U(jz3U-hc{Cnn542U$J-m5)s1HsBamn1iZisfl>rl%c_<97!p_Z>OoR%ioUw0Jo-@ro8?e_-_fm*Abas zc3sJioc5sZggPIV{x6aG~q-z5@lU|eI&xUYa5j^PagP&YdY{!wF z>!A22OtgtnEd~dDyqfBu@R5%a!5-EA=@mTXD0esP{3UHFmnck~!LHKA$LvTE5Da^C ztlKWe+<~sG$c2P*4mx+Ntv*?zlt(CJeD(FDVA0jZV1sjmLaipvZ3$JT)u zHuBAHKbWcyHLEHm)_1C=?@rVKU+lqua+%I>J?gCSUf8pwg|?oYPzDsFGk~}ilPq)F z$|Q(j`**0A7i7EpLMWOxOmyO_1%?;itf)^@(>0JB?zeG!9%QzW9z0-*uXn20PvO_K zxznMCQB1PjMsP^*+v@4MO?u=V<1W%Ol>eSpM!NkbKK@~6E8 zCW{l;&ajDI2UR@{Y6h4wWvU8IE}b2(X;=9Vr+X!q)0$4iKgfJbmi57Mll{va)$ogP-@P z5!74X26TncdUIM=+8WDfZUkyq>CFIh6GE1lIolO+_qS@3Fon#BPk%}P$CmBk17Twq za7Q(fJ+tauurY;fqXEdEsP1*197ofxE!t9Lh<)J4lU+xN@9b`^q7g+KWN=93X`3D| zt@u;>RlN1MSX7^w5J+m$(6k@ydv!)=-B{!mIpgWtsmnlU-f0jyjgW1sdW;bmg9JwR z#X*dgr$1v1K659S(q}yn-L9@V=N6(8S>s-Yfk$$T_j0lFd~z#p()A;U%aCLGP-M{;o?(%sNgD*`o|MbINg#~NBJK5T{5Uqd5$%X|uQl-vw6?G;?*lYM zV|X1a3G8)3T@EF!t@R6OEnQTrdJb#n?-KZFG&}3aE!tV3aKq=xz&&ddL-T9nr-U^9 zH^j1Qx>c!;0z%1wgY`J{t~)?W8_D5{^6EQPAeE7qAe?XxKPuJ|=wUmUHz-sa&{9u#Hq>t9-U z3*sCeHPMpP=vTR)QgkQf2fspluwpluzoY2p3fBzDJY*wY>~%#*;4Ty*zg*<5Q@?g!bFgO*v{eBv4zQwMMZWk{U{nG zFeS{QCt`uUMn~gcC;W8yTXW&QG6hN~i5s@yDECbsmSMXC#d&o?qcu>@}Ma zb!R+KP4|I*6bjf)4_mZRsm5cuRXn^c_jBv%TvaqW>BB*<4b|x;U9ii@$>;K~t-oXc z0E=>X3&e4FJI69jE{Ag7LP`KC%6f6_St(e*X3x_*_H7GTw$-$2+k4$MVy_#g85#X6 z>2D8s+U|WN3l?;5m)9rjT1IAahjM1TxVhapSA|DKJ*&{X6>~kpIy}H_&nMT?w)Te{ zqhqAKwEJSbQoiC(UrNYb5v=7VC-XD?>d?u=&A+#}S-x}%!?7J}Tf_3eBo@XsRyoJk zwT!wMv{=`XEN-B>YiXso$IRoMrnDx48LXmoWhl$L9+avQbKh=QGZ5 z&MK4umTeEsbFuuHGD4o!&BpXr9?x9XFg)|B+yA^+^;U%&rY8JX$fUsxfk^eqpy;{gA{R;HXi;RhXZguIkEKiEAXds2v$jca-!>0H>p+ZsJrZ;Q zWCBcXDV}j%MV+BW60Aoca{kl>&qwgn>k`dv6A1pzoO{>0$Ke!~)K4NSIb8Jnv<%}e zG_SJUIY}LWJdE*9NfO%(%b7b01UOx-!#4B_$?7<-G4YmzWj-%tNg`~O%ATTuG>=Ee`UO?N~uTHdOSp`-Sz-yW-q+~3zHNJlOp7k$=^aC2R8Re0|$t-)& z$~xP<86arqbquO^gP#84wJfcE)wu(d+PT8|&;&kh_Mae;9K5TZ4;!lL>NmHjt9BP* z&PLz6K@ydVHug5tkkPX%j)!mF`qj-rWsb??iP+!}c5vK!R#QV#N1Iye*O9cIVo4%` zMhW?cHPl$iJggkUCVFi>stQi!>$${BlMe2AQ^jIfTmf`hOC}E^J!zS|-XbGO!=d zPl5bj<2yY+Rnn){%yu^D(%Z?n2I==P?rWXUe0}15YS#Nn@c?`FX|Rnj!Hdu@x4nAD zHAr&oPp!Z#BP5-&Dc!UjpTiZx>MM7Bd#7%Aij%i%oNo3NP~6Lz^*Q}Y+V=AHX!Pjj zfl;zJ-UB0H5VLZa@$IOtA0`_W;aYJb9Ur9q+FYIbMLxn&Kt zj{}PFAB*1>bzc%_14`0#>!TNv5aqy*Cgmdea` z9I)rLdoRQ9h*#QlT1~y$Nj;-s9c65F9YFQshHGQ!rq}e#)QT@ID_|I(Fys~$<^KQ} zEW9nPY1THjvBNvYe8!)7!!aJ7*)$U<9OmsV-{Hu$x6~HPS%HH=wD8{N@fGU72L3AR zSK1z-XW|$Hb4MwP-PJM*fy-y!kh!g)t~Hsi^?1?bk;@V=dLC0dnjW$@mi z;ExzdrHxMM&z2GhV`lj?+#b}_Y;PFY^IK~zL_AiPFiCZG=WyIfW*zyjsh2?2w66|X ziR~mtk`U@87~+`QvE~q49cxp2J&uxYKXf-)lM^m8j|7 zT(~N;uIvD~;HV!;-IUKLj&Tb4yKqjY1sXxV%$hSyDy%;+){BgK3s=G{?pdt)lKt7<($Z> za;Fv8YwHJyBaYQGL7&4tPsu9Wq8|$P)$Vs@%G4tsU4viv8Y_)Ed!-&ecRH0f&5$e-MBn#-sJwqBpQ|hvDAuwxkLE^!^RSO?Z|&`6vbk{2 z*B>rEwfFDB{{Vx&81aUgadD_>>1U|P5m?esx}JpO<297z?QfuFhD-sS*lcI%z{Pz=JTu{R)vdLu?QNe`L9n@876-j%<#ZlLd!=ZeEYS5Ryg{Md zHQtKMUE#?s3jx)AtJFMI#K&Z+{{S#we|nEma-Wd@0JJxXem+Ix zT_arhgJY}dimGEv$YU(C4#f8d9<|(Q5$c-fge~=JS8Yd9bXW2uC1h;lo_p5x=B=SF zo}yUY-`Mza_WQ*OH2ES0yp~`KjN|1z_U61}#C|)5&L}Uemwa%(=E=#~o=3kG(4EaA z8#C??f%aYy_>-YpE{^dwu_@d3UEnkPyq{|Itz!0X22H2vck>%1NBc5Hsy0R)GtJqCCMwZ4YxfrP05-g z&_8I;gW4yEEi}DH2)uz9t86ko{bqg0p-{W8>csOxAkNiFu{!Y~yTi69e_6 zKWC`>pAu{OShSYv(b-`koVGzT`+ign#>bO* z^FzDv7NrJ_uW9n>*CYW7HcnRnJTer-z0)0KJNYA(*r=I|Ct@RrV-9u4p z8(m-&J4*#p2CBs}q+4_d~;jQXEF>o&N!lL@!CwKKxH$?(3rr)svhGg`cI z25q0j0qKg|=#JMvSiBqJi*FR@RvP3J#XHNBCdLO1^sh~{-!GO!0#65?)S0qIZ;AXR zqcHK=CZBGGmh;D-XvN`7`1j8uP;*Ak=(2s$0ng?X0FEPe~MXeEZf0 z&|@@P$#lJAPSq`eGeG$tHUlqlUugV5u(tS}@UGj$dU4&Y!huYRIf=Vt)BgakOzBfU zqtEyuSM8x;@w?!C{{ZaA<1IuVANWCCEPUBMdy7!tD-T|{{70pJ*4_2V$JATym-x|Cbq9w1vUx_i9Nw*teu+>M*>Q|x%+!%DpV}ZqgKKk~P zC5y`hpgfB!j!#9&$LWfUJx3((x@~`#;bWSmGnkP+MJ3mdPSsr_l2Gx01~d5AamP3i zWTa0Lg2S$TDx#+BZCvA}X-vw)gi>tAPTc-f-GgJ2b};Nm-uhLst;u6&D}Wgg_VlYv zhsy+vkF8}VbD|^SVz23pcdm}!?L=;p<>GKqf`0HLnv=4b``!Nl2K#>8wtus)?E$I& z$^JOirnLB3<5`57AKKlBgH*uEBj*En0|519TzAj+ZE*xzo}RKD-)M&*6Z~t~`-8!( z>qkSSSmEyU*lpxZLI(K{4!*VXKgTbJ3F7?=QPQl!+UmrMtv+zM+cNS8Txjk%tkfE0UygI*w}^R%T*VFgp-Gop)1bB}7KC ztcf7=HmK?eT0yu)Z0twG?Kmj=8C;TZx0klXI zuTP}|MVLf!?_>dwWgV+Z+h~llIxZW9$21*O_dSc?AI9$!e$2ldJO%OV!MdH!pQ>p0 zYb405K)8UAB#eR7GLi^2{*)gAJ|=h*<5$Cv0sLL??2#vid|ju*ad6;`v0X9`zm5U* z_g1K>vDqDurhE^mUqNxLcvD!nF<VQAt&6MKpq(#mj{g9gWXM0A zdG!X-$$U!i28;2Jz}_qPW8+;mEki-otmKIc4q|er3=d)tApZc3f19W6m-{#CpR$_-X%mN{fCGypNlZ1n_Sf-59|`9D*$xny4}uq_Tik62A)x?pcZOOUU2cFrh_R1Gw&tCZHLYdBO zq~bWTxW^?efWM1~o(eNHP~ z+Ze03IabFXt}DlNGM4(&%NdVqHbBQ2pbpAE5GBp36<;OPcIP$B$El;;&RiDYfsy*t z0*%a3%{geB5^FYmlmURsW19eF zI#tjb2U!$wdiu~bTP7=|{rArxInFt$E#yPM8$dXqwDcu;qEI%tCpqGn^W{VG|0&25-4t^gn!3X1M$S-LEz z1RNeSTDMR|auP>S#SZNM0Ctx$1fN4DXc+Umc6wD)8>Fin1sytesB<-mZT3V1DLeCy zmA4L|5kVWbJvpr8`i$MvtYNsCJhHmuzw)kz?KH?V*{zNd$4+Yjo_le9rrW_JWT=&o z%5#iYn_gdByz(ka2;>3jT0sSjlxe)v=Hq^Qjw^QF*iX5`g(I9*G;0lx!^0ZTv(*+U zaw0q)dRMAy7w|L!WSnfr>0I)Mb82LM2JpAUKa0AppNBpe=@(uh)FqG)Fht%|E1p=M z`1G&X580>w3FY8V32Hijjs7p2j~95hCJdGZK!)B=aDC`ev7#cVX>Jn(?_!yQX2d!}Y4W7A9qxZB>}|?ADF8360wb2;V{oS% zeznJHdYVA)u{n1;^9t&BXIm6OkHtN=OnG|w#U#&8F2=C?el&gF|ZU|r3;t7klpYV>?Ia2vlA85-7F zYs-lS80X~}u96Kl*dnFFux1$xw32>;vy}QGqZ^-ce#_smH|+`gO=|Wrct64So*M9T z<9@MrHmFj0+vss$)K~0p{{RG-_!IjyS;w#H`el!gejyk0TJq`4f+r)K8t0VFRBfU9 zv1Ow}Y>632;(;&{2*x8oI$?WO+OK68`d2iiagXxx>zY+p2b0A^6Lusd4yK@V+=W5L zYn&93QEbsTEXBL~)to9OGk_{(D-{)Tq}P62O(Zcq`+9}!E8|)s*G0kx>K&`yC++)3Z zhlhS1wbbi9(}qlEXdP=OCPyLb_FfBE%0?}MC{fNU(6nC++$%<~#(6jy?@~mfdp?KY zo9#VC&ZBM&C)2fP>b5qJ#>U<a$7?ZZT< z2fwXk@A63Vz#yLV7@9F^G6oT$agWxwtaK}_M$T)fgARBN+|VPFzFDnHB+AOmoR6he z)Adm~Xi`NICnZm60N#e=yMRW=Q~B1Wr*v*@;}U>K=yBG8T=VO=q-G`&hX3=zkK*ntp1ji1CJ10>jkq8V z4QmM41%}$zGLc$FkWM>#n(nPM=?X(7;(XoMdew}|)_f~#Cb4Nd%-&HUhs)5_sVrX3 z>LytpSo?x|P$Qz6)5GWz^44}+l0I}j0rskEsoOSU-G=Br=q708b-}u5=MyYW4ms~# zCWm@pMn>fc$;jZ)Vs74A!6YJh!l?f3bBjDiW!k}Tamk=(QzWe=pp3Uc!K^1H09jY& z&!q;6V<&mqdCWVWZpBl z(k)un`()6ra7e3+dz7MiY@ZfX(=h@D`X=M#jVHy49Vnnu#q(C)=fQQpnCWxjY}rg5xmV zjK{bYG`?D@1x4vV`Nt)i-XAT2j$z2=rIN}a8$|E7wlhJI&CjGYiF=DF6{P;@JXTw3 z7tEwc5;e~t3{X^eBC)<%=XI2Eo(*=8!?_d%1bWn|bT%y&l>pn41vQyZ%OVP*WQt#H zdn<%rv3;ozuR-rpU0OZtLAK!!1Y&|zQOs&eo*n-HN>&0E``($ZUf;$MUj3rO?Lm3z zp0v^~F&S~-$#s|-<--6-h>ut7HE>7Ta^rlhPXjXP(P>gCz zB$i|y#Xk0N#w#1eo*T2jhWAXgX!RRek4O1=$G=Xs6N$And>tpl{YS$(j-_k%7Sikl z#KKZd!PmLRZuM&4K-6B|<~`k%v}v_7!fCYcjKG#ZQ%1dwmstlri3 zcfsG<7hcqDG~GJ)NJ*KSGJN9;{?M+N#>C9~j@w`RMw}!H7E%GhAEkF52GpdTmUxr* zTlTQWPH{~0>K@5vY1zGi z6|<+?#{)EiHGbTV)ts0b2nL}c3Yqj3&FY$bi8)1tqJzm5ao7y$?;bcB8Qs~lmCs7d zjiHwegvB;ZVy{b>BTLw1KI*xfi zcAy-39%R=qZ6v#pZUo?U29v^GC%9ctRk779rLcu?VVxUrlRn+LP-kP+taa25iuWQ| zk3*hCdS0EYS<0#;o;h#_N(|)_rM0-WlK>EvZJcD3Wp(rv>}O)N9Hg7ZA@#y%{#fIX$C-k8o**UEk_yVqX!&iV_vl~!QVM9+Z9-|?p- zbGz{8i0pL>aE`LaGH`R#HQ7OVr;t4CGUpp>5N5`i4~K5#I3r1Id5ho-p3Dg2qEYmhS0x;UxYpz*kvoeI>QJ!34me$4bBiio~0Sx@nozo)nIi zsV$kf+%01T@y8rie5})-L(gP~Ua-~?_8+q=fK(2?ztX!)>&Px3UCXk34mQ?`4H=m0 zX8S|HhD@B)>-LhWP;5W#R#Pe)m*KSee93LYsRVQDTvv#6-CAj3I%UAOP}z0clEctf z4MxuDXy!^^DRp^E=Z46sUd_rXAx+KK2a#C8vsp!0io((0a7@LNk(E6KblzN91(60% z1a_}Rk;hZW!_;Giw~KX{)0gbyHtyb8Jx@_xa5>G`;?zqe+&4QTR?b6UgY^6= z?bJ8d2njMwN!)(5ZJ;&9 zSTtuOh99kI+3K*}ksq1m%Z!yZqF~L>Dp;l3WD>^MR;FHfxiTer0nMirgPka~L8o%n}Kyokpu8<3;q z9ZwnSRedZ}S-{6*uGn3(z5JS{p2s_6P^}Ns1Dfu>jaJc`Zx8$&58y#eE%0i;Z&*xI(y=e}0h1c5;(o_`8u`U_Y9l04vG;B+;rfrO@4 z(=XE9aM7u35r(Y0%}Ledo#2`92wkTf)JirbPr1r7LeebB9Pmw@$2}UlYaL4N)X47f zZ6pvyb2M6IYwd0=Mt`%Bw|M!n#tm9c80i?eluIN;WD(A2u*{~`ti{?at1>Ye!9oBZ zTJD-H7UI?kY;QhiOvt2dDu1nRI}BB}wzg)tCT~NUz zPj#T`4R0mG+CtCs6VbharfM3MzKdvlK-Xdj*AC3bIQ%Q!is)xHj)-`p`)=MF*4cKf zfs<%2s$aC8?5aVKwgL$m@jc@I4<(frbl|%i~JwdKxUeh(b4lh3D z$hmB>QZTzS*Yc)IJ)gr~Eqz17Fs#DnD}fkTkb#1K1Hi1S4Pxr?H9Z?puv=@Dlo+Mj zesBjsPaWwFGCW_$w)VEVpuWF-lE~kCILY@NDLfyl*xp`RLp8VCTg~Bd$id?j8$w6Z zTF->FE6pa`RkgLbf;nA;VMh!=6(=PPY zx`$G+p4U{3NMv*;4d_OBtPdG!nt#OI_6-bH_iHC6P7CL$`gNg^7peBIz~2CTJJdV} zaiI9d!p`LcVifZvWMu$gY$J}f`IGUh;ZKPE7I=qP@XASbsQ5x#hHH5qQ}X5a02p-x zjw(5|vDpb7ckJ<`Tj{s=9w3>8#n#WTzjRxmZZ zZUH=SSRT}`sjQ@V&yD^aX+93|w}8aT;4(?j@B+9sAd&TX??9$h(Fp)lL^G>(KuI zveluRjm`vXSF!ky%(9Z~!#T_I^2SF|_}8P`cw*O6)NJ)FLBu=BakGGP*C0?tqhshl z0b7k3VzRfLmdKBl9kcmny&muE@1|-Ow)aT|#AwZexf~AX>xyS5%lhgkItyL|o5l3_I zUs%#LZw%T!lx;1{XaR8f$;TUqtyB1$X+FB+QI==>L~n^U@wj8ADp_ZX+<0mYI>hRB zseGG>^GlzXcWe(@so}j&CAeoG292>IvF(bEU_H{pOC3@OhM8($GPc;rImzxT$b5UI zYd#6o-&u|4NTqGF$iT8jz+<1N6-G^KW6!T|H4FP!yMi*1955-+`_?RxKBsV|B#Ebs zZZeq9uj5*&_bD^zzlXjwHZP|5b5@2sT_NNiV}Jv4M^AeCJ(o}LhNEwNZ>U45+sn25 z%VWC zTOE(FrwJO|>O2K`bN!`g*Argpt8D6bjBO*-=e2&M_-j^!#5xY28I$c6(jZdH{9I8Z zIkU9A_+=f>hg@lvW?T5wvZH~3fM)`~GrlI=Tx$2zUCX1(Z*dfY-r_hDJ4&2qkLmAG z*Ha|Uzrs3SiH4Q-{VFMAR9ux#rvtrs?}?Z^4>Nd>fC=^{{S&l%2zJ8I!^)oN%3Bd z@bqgsm85?x4##Klq3BL~;~Z4K1im$B9yq*fq?#=r0dVk>c5tMQaw=s`CJW1nWSWWjr%D0BF8}1 zHE$DK_>#)W(D|{Un5#rrj2io&#+o07J|pSy-wjoD6jw)*NF@E_4m+R6HNQ2*DC=}H zN4fhA&6bgMcpVD`jifyOwdcPOZuDrpaTkcb(I$*6id)x_8L>}6&kJgh$U1~Xo1cj7A_5o)@ohig5wax6k{vVGaUp8aYpT7l-0d?LKN zvDNi&?Dw>AcQIB2Jn%s4R5V7P!>y-UPV&Wa`+yiEAI6ciPWMIliK+Mt#1_{2_LTR! zHRJ7x-7*H?M>!bBCz{{!mx#O%qU)9mr{36T@km3orbXIV^TrPyXcI@U_#;lxZ?808 z5?Z~Ep{S`0w}?4@m?66V0Fhnq$K670X3s^ryS76$ykJEmj4^C__oUg3q|cmfr?K&I zj>lPBXs#HL(#X7#(~vuHSFF4{s(5MAOB9kDIG7lxjYv+v{c6q0jZE)#{{RtK{6p0A zn?Dmx9m}j@*``$+hoNKNn)$ECJ^|GsUMdbZCMTmNyn!(FqtPr>D(ja;(`0kU%^TYssg!lHONYRoT?;�|nYNCB#`#F3?I(71RcJAWd z*2;XPx|p)Tx}5rd_3QLEMAQ=0tdhs(}wtLi#U z&x~|y0X^-ifpwPu09c)|>C^n?xy>n`58Ccw$k?FZVE6Q|roU%zh<4gXi%*1ghj-HT zRA`+gBV=b71ZR%F)`NJX*8UlMOz}tTRr^}_C*xOyWLsMcJA{K&fes3Trz{ zuNd0fHml*8CE&w-7Fs>6{5d&7eICEgW5<3PxzH|kt1WX)yVCqerro}usar^!O})ag zRt0*FM|y=Qsq%Gt`r66A%kVko`W_{4Be!N7go?zRf!?XNp0Sik9yKRCclNHx>~U0) zRgi)tB#e6Z6!_O^2N+T~syUpx4=P`3Zz=CoXGxYpAdrx~c;c!|q{o?j?<|6+9WmaS zEzF>9Sn|2WHyfjJ*^=90s1hlBbv^4&2{$S({2(~#(ul<9gu0j3{{UXnE;P>&cyCjm zNbw$%eFmkb-9iVM4Dq;N-%cz2Aiv<0{{Xhtm+i&-C;UJ0%(uFHo;$F$8fS>@V2~Du zXw&G2YzRw z_|4#LUrg2}_>m2yH$EQJBo^AU#sD_+@)em!VtfApfvEq5j;hqTv|Ljd&>6_O#c8VQgM_672`J6 zcNd_n1Lh~?2aMNcIb7$ejC;#Zvt}tt-JBn4uB#g0D(yWhtm2jKPaw*L86a~|CfKri z%0M3U6&6^H*LZE9_B>KZia~Itx#Nlo8E>^FY?sy#D~UTBz}d>@V>%TbgL*^K}ml&2b?+a6vJqd0ZSY1F&yeQrV-n z8z0wyhwtB0v4>N$xM8j7t}QR3CoHNk2I2I;{0FUit);!QI^HV-Z#cwxVlRY;@g@MhNX#SEgwLoYgIS#xoZs3GeG&x5HR&v~Lz@ zejwA{D|d=f9G@Y~h)B;Ox#KjpE>F4ot7q``JwnPIQqJ{cNn%;h7rN7~%|+Uw?)Mv8a5@g(J&3U*h(yk%6fktnfK-H+J+i%_id6yTL%@Trfj^CTHocDJqp!W4U-$ozByd1$WBp*BAIEX+G-Kq3xJ;| z03Tm!KrlmTrb?SIWc9`m(w`osZT6>PsU5>}oKgcTUz$1bbcQ6j7#UN}E10{|n)==D zkT91xInGbL0AI7VmdeHL%yGK6A+gB%S2-oSwa8>}O12NMpa~<9#nHokbKbjaG)tsa z;Yb+#XaffN;M!dXR222&t!Zi6fD*>8eo}GBpbhKjtpr9~AmEU3(zye6?%@dmbC0C} zbZc)K+pMuR;g6d>wT|*1HIYaMJ&gcQ<;+xI2InUgOHqStCnPBxf!{O%jbyKva&v=> zS5u}>wbV$(7dScXKppwjt=a<HA#G(@gt7~BBQ z9jg#pK4XwM_Xn+HGomeVV{0AS&J!I)ayqYxXS$HOvw%3k9cd``8PCspmpeBn%tdCb zSe{LQvV+u$)-di=O=Y$c9ovTC+O;g=^4W+|!?>$)MwjSnL1S}sIarFC_GR#V6f!O;{22QE3 zOF1(W{ytBn#JkzwuPG>Qx;7RX6q$AY$_u_}`AEEeC)ZO1|_Kz+YBt^3$W4RrL zeoFq(-?tv0;_Ex@3rlD;ije^Yy1=raB|?C*pU+PaA8GZ>j5As9iiW z?DE*0_Q58;T-7{ZaJc-kR@)wbcYh_%EZd|fKSNN$#fR?!IIid( zZA!N+`9CNqd;V2nU^~Gemc?1m%vg@unS$**PgccsRyqWdx$=H!M<+aBWB&lHNxKAD z?*9M(#ozEo4+VTRI%kajKWeSx ze-xM$E}ljb0C~Z#S;**#`)lBDhMG6S{Uv-Y;VmxTL-4A$R^BumdlT2SdhN7PK^nyn z01rywsXmC+=!q6QoVyY;`BkMD0+bn(b{2}J%to-!tuVUA2OxcG14uxLeueY%+oO~ll-e#MBNwC+b)h2arv6qXoMmr zBZJQ!MQGiIQ8r+{cV~l|*|v$MMvbIb<0EwhI20vr|LVUEU>l-1o2t&vX0+dyn*eKOBtfy>z-?chgB95E9$>ISse#j z*auu*=vTMjZ?lFZl%5B0JuA^*)Z%?HZTykHIo&`M_cX*Sg&=gQcdp1#1l~KJN&vvQ zlHxCvD0MwJsdUH^=K^rCxa4PoC<9Mf(#Ef7kR)nlPK-D|onzZ9+EfVy>mx8fE_wZE zF_!0bX{}jJr?hg$5?-AvhSkxKG?vk@JF*TaB-OFj+G|CQ=07TB?~WRqKBo|gvfnWD z??4>d-NiJ!p_FHLBQ*QzkwQqQ+cU`nr3E8N1 z36(x=jsef~s=`^L;frq12Q&yQ5s8&biM@lI}_NH`#&SJvxd2&9l7J zB%gGl{OHPrSW4#Xp}7MBj_a7PEFd8dv(9z%T7>K3!?xn6J&3_g{dmZcv*-RT!g z=0hwSfaH$2ti*4REP+)UZXS%*$Waa}a~9P*15wF`w! zmhcD1VtCChqcpDJ)JHhBjVeiv+ByZj^l1abo<|tuU%aZBXtv7$evRX^XG!K zJm`tRmpn<~X{>ymPRe^*i*P_>1Qu>P4x+f`)LJ}GreXK53(Bl=wRUMI%*ypv$Z|tsv-8b)# zCR5y1-?zs+F}~&{K;SlaA6n%s>ij=EGv3*%%+Z%%8+QO#-+u^v5#nDA>iTw}I9uHg z=W|CY<%0Ca52sqV%+6=&--c{Xsby^&I2%HqxF?GBtus~s0EBAM5v*Xl3dN5E5`PNl zfyXHHDBZliBfX0939fAk+R_n^*kG$fwR^DzjvXQpd1=Gt34nImNw2cJ(`49dIwK7La3%RzlCHO(cmFa=obU=}_fn zY;xM?+Lz1wExXLj;4mFjdedUDxoE`J=_>)(j&o0(XGNt-jC{Mcc;z2=BD;MzQ?j%Y zdGi9tmBH$2(5z=_{x0zpLCutrG%7HP+!OURb3yU$voZ#`kL>pY`==oP04mve8O|r6 zX9HUvra&GGx$(cU5-*Vlcc+PTofXx#o_TEl)-s7HcanI^yjl zUA+gdrEnUO#-vwW*gX*w0&HH7^flM$cQ=a+)~q8aMnT3~{PRJ9%lLsVtnN!*Gq(2Q zj-OhiZzKexBLOMzSjlPzyiv+W`aovnRxgxWERS)@|MIt{#0 zVn*9y#5987$aj6(&`ZfY!1oa(s(BgdNQoMnHmHj^dtxGXBn_vh(z=N>NpCIk%2qby zan#nZeGIH}y3T->(8)9?=`P%zrnwC>RY}lWOpm;D1%I7WT>!x#FdkKSjE!yH$m>DtWqR?(2`q;%&X)TmgY zzHRlz!W+0^cvO(MU8f%Z0G(fxO`ZtS<^anU0LFXO6&GeElr>AGmI?0FlgurS`0d3_ zsafheYeXIdLdS4$!0r?@Y0Q5(GI)O1Q@6W<IdW~G);9qGg9$=y{z-u z-CoTMPKR?y#aHk>JJwJ3Rn?Sd|5Xh2l1o$FU1y3E4)F=sQEx)kSH;5*2fv)tzyH&`kW9?Zxz;`AU;fN zPj7tvKU(fQL8@B#nrBZ9*fo}+Xhi4CY^11r4l|qsK~agoccc$K3>J}{)^xD~Y*!qru{{W2!6OrXw{n~l!eQ!0~ET96- z#?m_D@vl3U-p5(j>|a>Dd1Gm^@&l8!_0O$u2%{UedIq)QZ70E2=F>>KX_Yb&Rx&e> zZq?U#7vf#D-lb!6dkQn0I2$(a9+{$0xwI+0&#b&B@oz-8)MAG8{fkR!F|pr;A5qO_ zc$ZSJ@wT@my{WamM{Uu>+^7eE)YlxKXs)+7>rVws@cnfbcap|1OrBXBDI+)@-{W2l z@dx6sjkJm6yzq{sG`S<%%m~i#4?TUeRT$W~$u@l!pB!{gjQ;=&ETi#c7LoYI(iLla zs8A@CM?ih~HNyBW#hyF5@b`&4E?F+6kgmLWO780pwm^4Od1nc%)Nv-p9hAh7Wc zg>z#fu`0nh+Ii!>dF{*UT1*3cmp4R^J^7$~#lHdgw$|&!HhOKs`Hdvy27S7W*Qx5> zIT|jlXJcw8nbcrx1Ifo@>0X0x;LnPB--ESX zcfxa>Q!-}a+)0;6{{Y?e;;qdGA~gOPUE02ubk7#qSqqKCsa3-x=N~b~PfnHc&+RdD zVRNlCx(1L7gaM;qK4k<0f%w)kGm^H)qx=v{tq)GK)CIM)&Y@mt6kunL4R@aqHR$yZ zwp?4zRhfx5Hp?PPC;BAK*0x^;w1?WOEc!d658c6|>EHw~u^bZ{mLsKA&->+Y-&XZKFPM^*^mX zP_gqwdtx^>u`47aBW8H2Ha642I=FI@ZsCIT_NqgQ=yzJRuiN0$?_vnoai5ixWrT-} zid|FsQnPeh0 zV~@Rzb*}4C);tU1xEIR3it==u=TJuC4?G_Agz1^6v*&+{QuuF5`#p}AZt=}3l-w6N zZb;5La4X|K8Te{>EpK&*&>7U>+z!2Qn#Cq*1!BL$9SZYUO+ndhu42Z?8w9LFzH90K z0E9j=gTmJGXgZdlmrjzDL?e|_*#Sqe09M1~N7uJM6SX}9!xvh5|vlc;r#xtx~{D*D)(NmOPwv10%j^sUT|RFU2h%Lv2FZ{{T+&tikv3cCDwuGrhd4wTK)KYMD%j6Wjj)XAckRKM!Qp^l75CpG4Fh1S_|5 zM4*HByBy}ekof-qqUqo8gIM3`aQ(jGHV<`Z>$n9N`G;fN{uLh7nJ06>wRp5|7Wh#3 ze@VGE*9{7mm0M^-j)Zdb25w3h|uWEL>jmx52BW=q_Ngx559IR;= z-1QAdRlIKwx(h)u$rxYaAbZyfpxxbB_?t((*7S?Jdwd_6PXwNdTNQ}hJ0DkTV^JO* zw!gE?*6siqKf#~>09|=*sdJ)O*$aJ6XzgZf`E2B8B#!x|a#78AlfnKau<-SUyQo8Z zd!dFU8Nq#{{hSUvR|o$9487xT7x;E>9_bO5cIEz9vS#{d`F2h4%C7qTb(Hip+@aBN^YcebefC z3MCb73voUYwv$hnQn-pK!Bk?UM^!oQE7&|1>HVu{+G#{>mhX!Os}}&z}+ zCy`IfA5goxAE&)(2dO;051>3HHRZGyw!xgMCc&P-`d5kg-8Jt9-e2F^-nfEqn{y5a zv95$<)sJBK1@TS%SE5O#&3y);duG@nTke8?yZKj5@gh5YCJ8)4YhoGDmSl`%u*Wzb z(zBdHl>FZK#o|8-`1bBQy)hoj?J^_{^ApO%2Q-n985L)%u6og5ox4?jVt8LyzKKYEFnu`_AJ?wfNoeO*}_t@Lub2Kx4YMkZmYBZuR3e z`^EnN1RDLYpz#lebwAj*;#}}q_=`$Me-F#%?`fbM@t;rRO%H1wH0PoFx2{;`Z^L5(zQy=E<3!Z06Gp$8q$NO7M;Y|4b7>=`@d&)obsz0rH3XM7>|7xnNQZ)_ z>N8))-~1Pw_DIt{8vJ(AziQ8iIwbOZDDm81X7LnusfhILTyV3=mwRVv^UwMS~T8kS%fkEUu=j)aQ_ zH9(Iq-OdGBw~Y~4Z#z#Q`chJ{aD5B*@-%pNBWM1EEA?ys2*dklkJzvF$kH^=5MR$} z@RQ;Tu8*ilCfN;z=|8xeZg%oXL!Qh}wO)s9KF9hf=@;p(>1feiM|$dlNaY{Kgk&Gc z*Dt7BnA~1@Y{gCv2TJqm#M0UxeXVHFZq;;KqJzU4+zk!Vx@A$Z!(-U<{{ZW+&OZ=% zPI*7JJR_)~x!1G_WN$T_2I}7@Zar`_`5NLXG0^-O{{VuVe#=^Uv_3ZQ){Sp9y~VR# zTS?TT{{RwXcLyW#uji{zo$cg|PL7{3Rt^9lgM-qwrz>bg;;cW!RyJ~Z62jhAS1*H| z$DjVSaZ=j`BVj9D)Z}^9BdGO)RNAEO&vU@2-9Bc(8<&trIr>(nO6x`{+wjsB;kn4_ zYR8(RK3LvHMhyj)<3$^H0IB*`k|nrf<>v$s#)G0A2N>BIN-lQfjEd>L7kpIlZ@^!S zKMwvn_)6pK`nQJlTYKpeEQh$Z3_Qd*>Ildq(u1~{{)u0+*X?8A&y0Qs_*wf;{4><; zwO;`ElG-gh#8$z8YdJ{9=3I<2w&34P^P2r8(bPIiW@Ha)_?F&9=<0a{eMNEAfww8p zJV_EqJAvk>413mJjeH}d{6z3ii2NC=taE9aot&1=SwjRYygoaXI6sAQ5PzQM{1lt^ zJ=MQwuZddUi?oe4<$O5}>)2~+6j=K;*6ggLc1ItF=US z)%z%9l4VvnjgL=S3q1{h9+B9IRsJzOjzmnk+g+NsAA4irw+N>yd0W9a+f!A%PJ%Y83DjK zuG2=ZZlkpfNzbNSZR zhkna+VP*L`WY7lH_M2}sj?zY}>59Tg8Vjh?Ycl7qC>^vd>K81~g#nknU?sDea#^x@ zKJ*I5NonUr7T0`&d-kQ0#kcu_fGtBAgoSg>XKIj%3ClO707s_j-#7|chH`V>v@YOL zD-~^v(11J81r(MXz9oDt+=8{wk&||2OVev ztd|fi(u@}Qx(@Yr;@PkzgY zFm5%;?iiy>Awn=$JPKqIK4{FM|9ra6^A<-bO%m;Ek(FPR7Xnt@tPV z6#O&zENmM~u^PvWVRe#CVbmWr`-~COK9%=wnFMfU^$85J`*16oa~Zg7?sW+x*gTtj z;2c+LW20GE#;UQ0lNc;})*w#urHCPm6zyE?_P(fg$lg-=W`H^AHM0BC+wP?zhj$85}Kf4q4Qzo!PGF z$D!udsnHHiu?3CUT(>*>5T;gwV- zz#&ET7yxO%M#)Zh#u*0qgPpwQN1GQiRl^mQ>f)9GQ%EnTa!111OO)_J) zKD3;!IKa-i)a@;}nsr}Kdh-7O8+hkP(4aROwy$NRT7@pASpt{Gr|J3BowVuoXXY=* zANVLFwifpu9{5Xf6x!@%qPV(dEQ`-(9r4&#;;zl?Qzy;kM<*u?Bo zeY>A}aaTGlV+%Ffu>}aAbOWHPmhmJ-fnS#x9`&}!LV2Z02&9mES5>3vcbcI@3g0pA zI#yD51K4yghVKliB&5hVBfbrLo`K0I1@$UeewqMz@%5K8L5)f+Z^vojyzU@|n6E@OsvSnjPFW z@8mY*1GO_IV%T~1vk`X|A{`B9>ROGXY9ieo4td&o{uEe7vTWF&Kg&^EMfQj!MQ(k& zQUaa4cMx01XO&LRm@z$TF7kHNBJ&lA8N~op)8m#L#^v^@{BvD8&a9hqtVicS7A1im z+%hpT0m$^OckRq2QjB+x(ts~ddb7d-Vvavr%Sc=ykW2HgzXpIZH5-pD8JuB9IjcG) zjgN{f9(ZPm$e%CY80$bB-k@gDg!b1LArulL=da^j18a8|k0q__!gUAb;-R$Fq zT}Q2DPVEykPQM}b83uqeTG!0Vs}&i@_N=`_Ot{!WN&B)o`cMZ2qj+;$)9-UG zqa^BGnrBsruXVSD+5>YL^e?o<|1T(ImRd- zE7;QT?}&}e3eLV{EHH3#Yq?m`TV<6QSoIm89Bg4v_n4;)J6A8MX_4G+Gp6`hb3iFr z;zx$8ZLb!4dvshMl!4RQx;+{l_tHedNWlK^;Qc5D?sV7I5df_i`MdGnuIVpl4%n{4 zA4Bg!CtWSf9zaO2R19>kLsqd%XG@Ph-R;}14=eak1iEaRTu05DV<yqT5Ms${Ef>3UP?+Ye%Iewga$d?m^<4e*`~eaG#{M8_M+;2h8>v#Y+bwZ4MdNTo?g!^Ys& zve`u?lxSyU+DCqBl$die^btCMpoYf>)}1pnF%`!3J&2^knVeRk{g$#x=UGCsjzPvU zYlEKN&2C+q-8SdbibcV*$vjP^+bdj0A_9^tE>v;_e0$<89rW4m?AjE%vzZxMDF+Ov zj%YTC`62Pg;g#2id|P>Yr`ek=8t4`!7~&(7{PSFvm7qrjg1g3WKa7mj^P;65#$KbO z$7{0U+&Ue^k)A6S@g6Ar=@)P(mQl~)Lz#+JJr~3F9u?H>#PaI1S!!_re3>K6a}W2s zS8=6lV$$F2R`&L@LXsBBf%+QGQZ|9=ejJZY@nxo=U+&+UIP1kmw>4_#qNnzR!PZHdO`VSwl95`i`uXv!ow@B= z(>bRS)#K=5P!iT_d(IU90Cm2VB4~eYg62zk72-u3gRtF<_6MzP9nN-)__TIN9}^-n z^McqUeJYlxsU&u-2@APKarCW=jIE)=%L-pZaKX?l%226LLC>{(XYnV(ekSlAitHNE zbEe%xzdLdlob!&HS3Kj;-ZFb0Z?0R*c!pWz$0s~+)sbUj(4RO+8A#6`*0^M>&5^lj zcO|rDTOg`$4I?wD?=%%X?^}x{QlfxB#j#Cuj}W(}EScAEXx7H~t#d zBDA_hjTGa9l|Mt$y+S*0YVfsUT#C%wBl&*z=ES z)-t(_)~1%TXn|SbCO|nE;<;1%^6N7^PQP@H^+q#gt0Q*OM4nhODL;*C-%C7@F=*Mb z!BTmqk&#Z%Q?%1Ig9B_n-3hKE#gl3`GskgZ8chcLKRCdxWf7s)f4YqbE#{t}^cASC z$PQyDPaf5gauRfALCYUOT^^C9yFwev{pVhs(la)gPYS#$&X3JrSh2>hCszuhAaIw znj)Zv9AxIRl6N+P=yIv5-#z@s^41s;Sgd7ENgm@IR?VKP3dmK_o-^s|OOUfV@>BMb z@up&8dLD+bE+M3Vbz zBofHagOy{_y!zkAHX~SFFLvP0R0^dAH3NH9FzsnFg9nVBmBV;~D=GAu;gQrg-@rU# zrp%+}+vJifsa_V4+y4M6#)D0k?&V|J$VuI}o&{$nz?WIJp2ZO-xH7JA2{jF+vrUNe zxlcJAt0COogTipy#%CIolW#lOB4EYnfjlIbsJk}w7NrZg+?1ZkEMA=sLyiJxiUWQQ=CxZi}f)h zvAc*F?b-H`jCCK4ZfVahWAmc`j&~{QY9*u4lc+_NkbvMJ=7fz|l~lgr$>$lXjIK2#OS_4eV}%2go&`4g>7rs& z0l*|2aZJ)N?qAWoadB=ux0*ema)+U+I)=2DF83+3VHSwo|E^~$e9+?A*)ZMLytgT{O2yC|$`EBT+b>_30H%3gB zHkUE5ySMXSsx~=R{{T6y?KavdibEWR2jlN_tb)g`*+mwk1Xi*ePJnM!!Tf8I*EIW^ zIV6Q76KrAzI1DL)Q$y3OUO6VeYrAG*GU!fl4@}n9rDEuzVwjju0JmILsUjxqe>ndD z@QqF&H<3!v2ax11M>xknrEnMb*ZO_!?TpR7)uQs%3C70p?yYW} zEu@!WIb|!xN2PjifFzUR29@?3=&o!oB6dcOQH5po$Gux-=covEzY2I>`E@8!H29pV zv`f1Q+XRe`1$hdyldpzJ&`bD^r;ar1GZeQLqEunE zfMswv0G@GNH|-y)%j547T6n(NG@0bWg;E{1bosH|bf!y--Flue7DQbI{j&+X(+sUY1+uBZ$`AxDz zf*66v7_W?cMdOV_N!zUG@PBAPSSn$127PI$*tCzZz7+g!);v$(X*A7t53pUhRr`bq zRC;%>G}k;kZFk~JomKT4sl%?(9`BV;s1-&vB9AZew}&p^zJ|>rc2YNR4%Zm<{A&}! z{teOQ)^y3W!ed37YXkfsnrclMF2}5VLim5+ZEH-oHg-|Nc!EvRhAJiOymhZ1@a2>m zdkb6R9$^7~P6r;8`PsZ>(4pchE3HRTORIS$fni|qYvD~pQQ%L7+(;)9d>+8 zr)pjkvYtrLN9M$2CuzthXdSwW{X_kbd{g1w7WxZc7T^B>W6buY{HfC$oQwcL?beei zqryLE{Wj0R{{Rv-S$rpPZK&wFgT2D}93``!c3^a`huaw+)9Q1E$ zQDjN3r_BH#|19@vymeX%ikPy_OA__#9E!x-su{$wWCDDCpgK^ z{{UE3oN{(&r}%c;OPfNtxt`)MV&@Vr;K$HchiiI9qb{v0>DFRf4CKh8?i}|Nf}F^; zn01{N&eu`3gx|!@6|zc*fa+M)mGLg{12U-~WDbMggLv*?-YSNY=FT){CoRWX$B$U^ zXM0tSAlraA9S^kyxafM{gWxuoR@WC+=Hl3paKovuezWlV>$06v#>u5ZNLKRjMmVaB ztSF{<@5I#eV!P8*QkKh5L9nPe!R&bYRv*Go9bbGez86}&*LwU@Or}vIoM)y$%~jJi zKHl*K*Mt0dqQ~M-4qx1Tqi9>3H(VQb0G>1cdRK#LUN*JVbi0ie^rW=g;Z@G5aW1nZmXADRfLAWf z+XjwSO_}KaDp)*m@Y}=?_&Zj4Zp2x(SUB?t&O!eG8uJfGU<=-wSoEBgS`kPzcSYrD`(a zq99~?H$$8s%AzZATT7i^iF{3Cd9PW=bv!P+mLyWx&OJXW`UcxX(33=IR@6M(ckN-( zed=Vag)KBaL*axPKCPwQ-r5*pn%$Ke58_{-{43q{2>dyyK@_^7NbS76uODV1d*Znz z%oga+io8*&X&w??Nh7zlwHwcuh2VpnQTsc5ebaT_YsB6K)wE$f$&nh|x)mf2rG2@s z+6wDYdp@V4{6~-NI`#IGWn*!tmjTi?1fQV)06pvCZxh|k7Nc{g-#W`YZ;S=T2fb^` zj(O8Kiy2o;)F!z?k(2W_;lmo$(taFWYF;Xb#x{3wn?(j+C=3|erx>lHqcW6w9*yEZ z55=f0rRcl+L@K076lam^UJv43Yr|Hz)>bx9EYid<>in?5>fV*FF;tT$Z;1XMZ7jiK z49R{tJdZ34^cBk4_|oU?@ab|#DTd}yn}Fdn(C4>W#htKc(l(Jnrs;PUw`~TYZrA|l zIOEo$@dm4>c#}c1@Z-k@pQxD?EpBoYwmL35{{Z^xS`%*PuXq!|9}%RC_+wcXn+VKB z^OhLSeL8wokBA=vzu_qG@Ad`cf(=1t4HK&2!+ZWCr@cghcP02I@ecFC8r0tezAk9? z8ik<&V7Zv#m~_wOUt4LKABH?RX?x+FCOD_?wb~!_a0b*Z&PSmJvX-REJ&(<=7yi$> z=Y;+(w~KVWX@9Uy;yi(Q0D^cp{44I;KZv?brOttEuGw7a^4x%iX#V5+FyoKwT@l!u zoM-I^r|9|$Xr3@7FJyP$m2dTfKE3$ns`#tocY_e@^vl%z zs=M(8)Z!<&vM>j73~HqA=b$}~EAL%D#$F2W_rlF5$nhWVj4K=4+^*M&kG^>n&0X2y zx7tcyS={)C!*eU%5?$2>)nV(N{pyFquO0o9#Ts(W8pU?90MW|CZ|AV@(z282Qi1mV zo$*%p!Coe@@jjQRO>5;yfX1?6W*O+i)01C(_>)=EzAk9`KCL9$W!20`B~?VvmdB{c z>-qPm33Mh=JWIq@wzdiu+Sz{5xb7%;QS`4B_^oXYr{Fz8d!|(Ks=?unuXtoG|QOmXJEo1?lZW4b@4ZfC$>vHLc&`@vI1kt z>ZBe>s1&@95Q-$Yj|%SnNGF3`4}?5hd*F>m%T?2)xkQdo(yBSj4Ek2_*pu~}z&<;) z@$P|VuW7OW003K+&nUyxcFlT368X`PaLeygG)z^rJZIzIf*Z#E9ec&M5o%U2kFy1g zlK2OfBhtS(cSCB=3r`&Ghs$;YA29Z;jo^Eiz%PhT;BOVl1lIyhFHp=8DqJLHP7s^qxgHonw`}D02w?C7f09a?g(k_VGH}KjQ;=- zWEsilD*nX&;M`h46o>c9_VWyadRH}MZxfW(Y#_O{y3=I@q2@LNl{NXN@&5ot*Zd9R z9TVa_Hq+ebsQ&y$pI{HC)~XwXv{pV>yJBGm zCN2QuCb8AB#TisExJw3x!mShg@m4{8gHjbU=_8*Wp#o=B=O%@l#- zxLt`S?)g1I;)AlBkLW-C2sQgp+30>U@sI39@gnlqP4HKUpnH!GPSYQj^pBb~T2y&-Q)99Nt-;W0V|n2>11@Dx;|SB3SRPZf&nE zGS;p(%7?eow=6A9nmPw1H)V6$xMsBx_}l*g1$zCNZoVY^DDe-E{5zw?u3KE#e`ENH z$#5iO{{WUZD#w7xepAzewfqz6`Yxg2J$F*@PNNQ?X?J5hmb+(+f}whI++(4xezpS_ zT+-4wgwbTS21y+aL!w;IXA&}C<+&%f(zBD$57TeicSX_lxW=T$%I@mfM8*c?q*2MQ zzqG#zcz0N_lgQHa_!;x&?uZ@0objHYg?Y6Vj)=2I!`}gZAKBferxt@{4xt>I)_AyCp&V>Sof$lfms5;a5hR!L$^^B^+skWI{op~qxSdK?SzLfyo}H)y1ts?3ep>4EdpDI7 zGJf=)!hkPoGqs#yBz&+q#wwcM!pj*43=T8tKn$IXuIk5fH$mzuyl|CuRbzm72ekli zmw>{nv~L_XPX?v8mL@{E8wVds0Ce`>yAmr0AoQ%)K{SAFVuPW7>iIz07G!RvEQwSs*eX+{3EX9ZGrEZ|>yBUX+x?W{w?a zeC|>R{{ZXN+s_nYB~%!fq2nVJMa1Q9wOHo4cgc(sj(UC-kAAVswoTmQjwm%UWRH6* z#<@7>9qVG&0@1G0H+1XLfnTAk2AshJgb=DX6P_#5J{o*F@z2Gbe@^hn!#@pN_^(sC zm18cdL^k8QGvge3P&lT3-Tu!X@J(+9d^w4HOYxF__)5HGGyPVHPM;>5bsyU!X#OU7CurBu0bZMF}cwQ zpU>aN-}oqwt*Pr8o{`|4Ni|Egn_~wD$cT5wI@inEkHxEB8)%VulUMBNt zJmpCkH0*iOWsz#~x-dT|9dXvRtu3ZzDynmgayrv&#wzUSE$!fm37Hy8fq)`GmTdIk zSLqk*ng0L;-}vqONorOaoZ1ENgM1D%=Fco=GDb&y^v`PNoco=W;(tybvKQ+$fqnJ;#o1}uX1ZCO6F#MpQ+kd>e1O;i04V4Vgbp`eM{ht7CD*|9Bd+PbBc~` zfPD>X;i;ms4`c&#laXCsg<&G0Yt5;SqrEg@<6~k-kuxL&GWQh~wZla*bO${#K@Hfx z(#(-aaN9`qt^z+0T|=l`SWO!Y9mvDI1}&X-m9D(5U}g&AjPxhoy#r3xytv-p;fBIK z_gZK~P&_lqByMAoNyx~qV^q;J^Qa4zjx!?kJ;gaP9Ln>*lnRA8=}8<6ppfS^B=ZF8 z=ECVAET@B1Z8W$o5xj|u##=i{`?MF%i`I}Nmkk>qen%B0-Mm(0JWKO*Z+Z&3me+Iq z#39;yiika`N9RejPmFzN1H^o3<0aEBX19vyqJlsj!LB#q{{WBmi>*rgPSh`kr)``g zV+@(>dBLVvL)(1Somm}&Elxx^Qwvw)@Yh<*vhYz-+KgNyGFPBJ_@SHr;u^dqz8>}a=oR= z^4lCYwPQx&=Ha3MoF9~q^aYCgk(SFXwC&C-77M3_QE;rqTZ4)SluelBSH!T)TmzO< z#ce@zAyN^a^PtV4hIdlV8H2YKemPQD0?mUrVrUUs=Y6n_M%Yof1XC8~J;o^lv`jOT z{4@a!i5ohFBW`##dRrDq)rxW1hiV3nQ&)K-w~|&Hwt`x|d)40ORl5snrbPtg5P6{7 z^sff!x~+sPvm}VDK?+AfUZB2wDxePB&_v5yAc`-vTpR(({{ZXOP0X;*1hZP=czqUw zBaIi4GLl9>Y;@^eJX*GvVA`f3B8(0>rUX&yYV5$KT2o}~bWe2}FN>spDU%)CdgYZ?W? zcr_z)XzDQ&AZ@0+hVxRnzmepb$IaAZr3I>L$F}$`XP-`nCX?q?9edYLb1)8VSTJMy z&}AqZwljzr{Nym~PiownNbfcn%R}r1dA#Y{;=@Cp5DT;DVchfhb`ht z_OQFMDPw`1qt_M2$12^xY{IOB9iet$=ch^zNtqYggj!HrE1N$p!N4pJUrMv#{{S9X z==zK!P_}JO%R8irTW21b>MK~%Y*3MEUmhi{u^zGE05mT+?vMuDK=(cW0Q&Xx2Zj7u ztLpJ3{8vIN#UZ0~7|Hb_pR=*o8C?5czZ|XYN zH+2=QiKuC>X*$_mAc5B)2j`_#Z8J)ZBUpn&K2Mo}@_qum`jTm#bj)2@pG20%;@W#X zLKpeu&-}9)=tr*~t#t|Fkqj0(wul}LVhPqz6!4^UBlD*gXwmy$@E78D{4O7ba6RO) zKZ)!WVv-``egNz5+w`wn@UM!V*63;1bB0uHqnwdjMVQV#4|<3}aTIfsEsjgp3lH%&=gqF+{bCNJCbCzdH?v}C! z&e!ejSlXtmAo9dY?lXoWsw~XsFEvEA{{UYe5S$G9)C(=#Q!T+nlTKwj!Rw!I)|{Dq zt!j0tZKU6%GimY|h#4WhYI7B~!5gV(&H?nO9GPJ>;|m9mY^Xm<+qTs{%P5WEC;-NB zO&N~6mK%(`MYsCb9d!bLrkyQ}##?yJ zyqOJ#=8i*H9AAjMGyR=tO@pkC1{EY63ivi@2DA2MMmIe7T-Pp^>8G?YvJRsh16Az2e{pWIiR_`5w+9F7R-m?c=Qm z5|G%gSOw>C&N!_&r*>xCc;Es%Q%=K-x(~dK=E68GgkbxM;K#%L9@|IrQh(~JX3xYmY2RnW7T=PTZAzfclzPPqsS;g!t!!|HUuHxF;YAleh z#Q+dJz3VPSO^Q0z{H6rkKa(O1Z5_|Oa>r4)ft8v~jydFYs!GB&Z7w6eP?9hbxA6m4 z(?GhFRin6su+JxoV>&3b(w6w0ogdinYiGk2)~j(LSqGbtc|EEn7RI7=x{keRrTK8& z$DQ7yvo)K|GgQ-7L~D4Ndx2BSrO~8QJWArl?xmStNaTPX205%ttqme(#{`UlQqe{{ zHg_<2(a5K6alq;-obLdU6*3Qc!dro}Zds97s3Wysl3Qp(NYIeqbPzIgNf^s=h26o7 zsg7s)xhEX`D`M8}7KtM_Ea&OcwJ?`!vV6Xsq!vZQB zy-8pgk}z%$%fkGl>sh&XE}A^L=GJ-jPc}pQu=yh#V!b{sBEk={O#_9TCgR1oG@~xY zhoEWFiS5_SW!wnJ2d!>cTj@jR%y9+zfQ7N=&jd z+p&Nzr*T~d4cL6Qf;Ap&p=2G&suF5(OZ$T)Wxv`upvq3>Wz3>DnKE{f*z~R&P?kG6 z;4(6Va&exdiU}EYV}&cq zgBX`$KZ*Gmk_5s6lAJ64a0^CB(Bo3cd*b~<8$eVNZ_o*$cn`v_0mXTt_?q(W-e_!0ul99e^AcE} z!~sF1U5EGz^z?;HI%ku|Oz|MR0uUY=j@cq544SOP^z5&3&2AMM4 z^Dh>7cV5*rZE)z43y3YE5(ZJbcH@n|TF3ZB;M)jp#g~aRp#`^@iD4wSm@(95f;o?% zrSR651Tqai(8TILb-);3LIC<#id@E{SVS|$Z?;pob=~bj4qeWlSCR|Ffgur=MfpJ; z4n0kH7l`7$(jGlUY$UviW!y;Uy!915PJ27p?tDk$4JT3X2AASZDn|QCF^1;cDJ_sb z@fiOAIIoxQJVA8cRolfR5Em*zT%2dGtx>FWI(ha(Hl)jdb^t$z^w5V7#)pLKs8r}o*T zK46L4kTKJ5YA#*UJageThp60m+g8zTW0J~QB=ce3IKUVINcG3-UthuD)ma|PP?A%0 zM$j9ok3*UT%wg(&ANw3PR`Y3#JPd;XCk3RQAC{{$V7Mpvf#(?FzTf!O@SDQEDezUcz2W;c zv)5pNM`e2fFoHnmAbu5;(@N$teNWDfPTyP7ZFLAdMR;`?Vh3ptouGQ2{p*0xb&C%a zT;497Zr2u&kdkwpwmJQ2#S-1lzeVvhUk|P(vzZNp?DK7Q9{e1W_?|20y>nB!);v?F zU&$*g$su*xcscD`8S)9zgq97(`VBBD-NZnU9PFVCG&td za7R!_wE-G-J8y>z;eQx-Pg3yiy?1eBXM~Gc80}S)I3@Bc=U)?iKGt+A{YOi_k~yV_ z;u+%w1j&<(3JsT;QrA&+vyKTZ)X5ksPR>s}*tPpm{MPyZIcBUVCN+LYeYf7x5Mk*E5$cf zao)l9C6uy78iEuPobL4JrExzHyd!rPh;)nen$ud)BDzT(;Bpy#h^t5sxqcV;yTRH# zx_!or1c_kk1h&}Pppk;4_paXi;$5s-mDZc3=yyt_`H;$_6hqv4))I~P8eI>a{{U$Z z2Yf^L$D&*Khr{!oOH{T786ZK2jsUnjK<{4#cp}GJ@IJZWy;>bZ`!8Fwx!(b7j9}o0 z&w9h2&dAc~XnvbZ;vH||JZq|IPZLWlOAGl&j+iGEfiHy<;lG0~FKwi01ZCT(^PfF^ z&sr2r`T8Fd>%Jz?r`2z6rPgjOuJJT zywg{gNV(2?iJipGx&lh89rAs#y&%+I`1}Y^^OOo+w13Gc<};K6@Jaui>5EmEgTpSn5eF z_K`9)VdDYTGDlu}RN;!8rgAQO{nL>bfU^zR?|oxQ)tTj^WQ8 z5AvYuj8COJ6X0L?Ol&S}{?%y%M02`a>@A)L*13O(e+axn(P{VkL%}LpTq%*%?I?5A zXeC%*0{nXM7Kg6BljF&5E-$TA!E13D3SEa8$LP%Yc$#=_ec**bA{{YulPI?Vk^Y7XhUe_bj{5zw?VI-?-GVXz#?vxDf;~%AU zQ+RK|-w`|wrPyh@VY9lDHAxY-Dc%VC!?4Y6S26N8h`c=qhxN(yu^SdZSOrqsj&O1G z;<3C%q(vQwn*GGlV{r^IvV%o3Z8zc$u?L2vhr_|O1+qets>8bqc=^9Rwf8T;UxmIG z_`9KaW8zi*m1Pd40yVA2lA8hnfs(z+B=hZA$~{X@vHDdv?1AA+?H^3k^ttRWa~4r# zOnIb^!2VpsDrFF76dqZ$L-zlR%$i(Y_@3m&11nV{fXxt;rZc zBDmbDNdRu|*1sk{XkUjKx5M8U-0HV8#e3mBN!9G692F%? zzDpmyyC>GN2+Z)-CPE4_E95etOjq7M9o1Lj*TQq9-k4X!7Hi~~(L-f6_0Qo?WOT-7 z?9coVNA|kB@MnuWZ~GSfQP-up(Cz`B!oGeA!`F03dmQ0__BH((YcWlwYSThPMR613 zBx5GCt-a3JNc#)mhmPa%c7b!@9Z6&U*R@jdZ9jcK$NvDYRy=#*7(8j=om0bCWF*|Y z4Bb)2dVOnwtx1;W@ooPA1%UmUZoVJ*+SB7rhLtV9hIN+y$<|&7w|$=R2g@q~_d|O7 z*Yp1X;te88Iiw6#$T~79FFC;A#Q&69Vj9<>Jh}>dv4%ATCkIe5=9I*bo$dq@sQ;ErKDc@>C&Z(E`^xk z0m$P9tCX_umr?VK;%9?CB={<5JRhO!b`#5_T=~`#N=_z(HbxK70r_;V%@6n}$L#lE@mIkuhBeKb;qeWtfMjy<^ulCdksre(r#_dh2@mrXO=eh6_argP0Y#<9AI-@ z)TDCNBWqqg};vFb6+M zu#7y#cLkW9{pcDk-A>V{MI>>Y_M+A_a8u+uqzY@M3 zT-{mt<3Q9P)a>K~NdARdBI;=nXL}f^&d&swA8&@1iOu+okW)8pS&@g56-#??_LGpBK)d;YiF$Y=;T-R=H;Dj`o&Ck}_t{{Xa| zrG)nyezPK``&Kz~!2p6W`q#-9Q#9_#sk9&B73fmY92HR*FK-xP;l}J7p0!F#z!>aP zkFQGfAo?7099%SNSC8vVSqUK>ikh-{*{v*IT8)jrxgwUz>Q!YAhGp&tZ+Zirn%b4x zNdh`MM&s^=Ww=rV+^-HUML$T(=IL&Wb;_|#~cduM$~O&f+)#YXPj%y28(rs;JZ!d1a(0Wq?io7vO-!Uxe+;P^ltfmoVh#NcmQUTYO zu(lBwB#vv8yh2=%GtcEf2?D%r9@Hl%(!FC!iUDsKEU`(Bp7a5mtm&{bwZUz}zD;q{ z+O$NNz-2Ad(tsvaATC@HS{Bf6ak$`rDgd`Onhb3$ZCYv_~5^d}4q*t9b2L zDiM|K&1K(dsRJ1za-bfR0Fjh7>fTrl-LcJAl33Bk<~#f5hQONKK|F4|eqegl$t@#= zP`mC-@&{VQyOj_VTf&$F3_beRP0q9<6Rd?!RDdzmdsLbzoXYC)$^Z@Jp4l8$1oF@3 zoVMjBo;r%&BuQ8qT2aX0ewA`NNgY)fGcRr_g_z{i_6Erq&lP)2f!kEJ(`~IT@9$-B zs|~stAD=}O8b&rhO+RO^_$SwkJ}g{W>%SE4H9v>m2u9p&+C8@#f?yCmKsEbs@O$9D zggy^wwwf2itp>|P(IUY|F{zyTmV9TPe>#au$3%8LhT?b^F~u86bJe)c-)4Dxe~&{Sh{mehPjrfK%3Ww?u+{KdF6@=wK|+FQZi0@Lng)^*6>btDL* zkTa2wUe!^J^fo^XKWTsXD5a*6b$el?-c6{_aUoc3tdo4}96l&~Z}IoV8E@ZK z)NeGcIpi%2Fvvp){T%-QO7y5u(^6$C9v8lG5-N`W0EzcCG;_#>gUPvv71*@c=AB{b znI>R|=ID5-#2d1p5_5_Uc~mXO4$>1iZ*KLc2AHqA%Mvqn%OQRKzuLn?-iWdl3|&{yrQgW)YR!#YelPJ?AkNmpEP_?{i1vU@c#f$z0`G|657c$K$8Lx zN%resksllX0B%1Y{8CA@FAT=s7Vxr2M)gmg;AgL`RAY0kD`G%;d(7nDVpfUu*b#!&Vw{ zTf-bHR2+v4q*uSm`Ki1dJIa1m`{I zZ8hT{n8Ts;9V<>`VKNUjVBZAr{D-}B8lA0_?qx(lF!UVN8JO^;vt7osmX8Oh<2Bf< zZNZ86#Cv0!0j`E^(_P!SZ!wWG-m1x|xL{bE4)hqxHZHBiSJ4GvGn`h%t(TtYk;niX z5kVsBnp5fOjFT%y+~YONG~QE?%sD-~&<5R>p#p6aM9e$mii-B(70FUvN$6-Ab~9qW zwl2!R!;ZvpSemSnsSK^xo)2mbqp|Ww#SI6=m%74gI!>OqmOF@jvV7P*@rvH~Vc?tX zG3UFvZL1;PRHy|_2AsNF_STL_nE_B&)K*5jtKVsM{(X#MX$L^Z13vT+bRHM+EzgQH zm}Yx4w3$g+6&oXi*EQUR*%GYVo6zE$0ar2p@l{*j6;|@}sTl+e;}n49^;?-42vyv^ z!o21kLgLp}j!}Je2GfAK`B+c~roN>5gfZLP5J~UTHJx^!V*)%7qrCuBhV2o+Spa|M zTee!ylI)I(5RRsU3zsFn-ojwJlcig;f9(Y@#zIU1Je+VS5yV~io$TjJJGnFS5CG&? zM`=7ah>dMJ$eH{_Um)ymTE4&)ke+aII@dxji(52Beq8m%OI8ue>iT=#sfdCiVS-2V ztQ`kI)AU*7ON(T<-q{7lcKs+!-8~OZhHGn>ky#na4Wm7WrE^+@q8Y-+^DQ8gGA}L* zKvmR)Kas9t)HRowZHYy0pdJkdC3}d020)n4QCSMmD%V|o5AvY#_4%OAg zByhv#zyUbT0yD04D8XrFQM8O49+ioOx?^=`bGZi%gT(^{hwU-6sL1MgIOjDLwVRUX zf-};9Eid{R^OXt5PzPFkQzhKMu5=Bsm<9H;D4o?94*RI9=m#o19 zCERItqj34TG!ZSdCR=C;ktRNCbOdo$ES@-7;#N2Zq3uDEWvQeNJ2z}ska+7vwvJTP zH2BOdwE2oT1p3fv8FV~q=G|1=U@m7-bpz#C|n&;`TDB5)T{c+G@rw^xMOz+O{1xaLMd_>&MpG z-*XkpIXx@34#qs1oh^@so?Vw8JH$XF0iB|~+re>M+0Sl}7i)IzzLkYax}7xQeJSDp z02`kJUM17CkEcl>S8nJJay={Ttv^z=*0fdBEpHi>qYQ^Xdp)ZN%+^rQ;8<;$;9{;F zvFpu8ai?9_K_A&}HlpwqbDyPlLvxO5$2}A`O?-aTv&0*aN#N79eIi)`+(so4gYytN zR`xI|TiV@NJ9(2wJWK{KbF}(agci`kHw%?Tk%?^cSx!Ai8FoHe_{;FW#GW4zc;09( zZoDwe(lpU>A>;Uf=N0pAv#&*SY?A5MF*^_$f#Ztdt4QgmGdj^fwH0EW3~ELO!}pK9 zZP-Ef4e+a(3BV+e(y=>Y?t5RsFN-?2!XF&jPbJ*X;q6926w#^2lEh>3IIq|{2=wWo z)BI7VUnSI2#;2}IF&V-4trWsrA6EQ2lS|hjg4Xu%>FiLTl&(Q;+4lFY_R{3(dV*Q( zS>;9mNVp-zX%=wQiRiG)E#zdpGAF66J7_KK2I-<*y?GVVmCji%hZo{4cSF7N+(CWSrl0quH%kJ z8LKQrpzcwQv=|F!kck481vAgJbT^t-nIc5SIHVnVbo^_eXyr8xHr{601VKGG=~=>E zM#F3`XwMHI9C3;b(m4MB5a!^IP7bj+8Ym#&%KRR zgl^y!RmMLvUd!RFH~khgdu2x`2OhKpo`<1nT5j8fS@uE+18_fg>s=!_h};5v7A3)n$AkVq{}w?w9@TalYY$4m)C|CY)0B|+_n?M*cf*}>;yZV?yq+mk02F5gSFlHQ8w~H?*wAMvb~UXQ z30rAkho*W}-LYHCwpA>gV;v0yD3)TmD*pf=4-oaOi@Bh>wJ+twk`8jczY5+v8l%K~ zQ>M0|yDZ7D{H0DfuLJR~hi;!oyNRuZ;-8ci9Iw4L%06N?msYnc5-Hp|?gyy#uJcQR zX%T0*fWp|@n!wU5*mg^8*#)BdboZo_Rhi;eu(@F1c0GQyi?M+%)~jM(xoL25TV;(r^%B!EL*w75sxd9BvK`2~)Z^(vEgQ=zjx!qLZZbx3 zRpP#m>glakXv~VEjNpOW`p_d^>~~g(vy&UCC*{R)TEprW1c+iqQ`aMrL2!M}Hs;yw z%NZD!CpkUp#hsa-bCI5a3W>gkrkpXL^Wk*~I{dg{%AciHD<{kge7Wga6&I;-V~|A7 z5esz9W{aCsBYmKt!NCpdQBc^)nkeR!goPzue&DONkt&5*V=6EP4@#JBOrD2tqQwF+ zRZJXnj+NC-rCi2|Eu6+QBzMkhu9?eGl%*F4I2WsY~o#j~@Z|@F9NX`u@Y+O;wrS7MuO$EeuS2s|X zB3*-pUt07(?FYEGjHCe=4oZw>x#h9ZVI$TS)&$O z51XFdYS)XtG{tuDvuW14h0u*-`$%#(oNKrZ^$!qFt7>;6?89P! z=Vwq(f5N>Q!(DqwbW13pktGklSy!<1ApZcKYhG2c)9lr>I^9;oRo6t95GUH=knLm) z00X}mtNtI>zu^PWt}SG-K1Sl@B@F(&dgGHxM#AON$AfBGeZPq{=hyVB7_G0CaU#jc z0O$CBm41x;F1zt8+C_`r!)>nUMSQ!DGv^TT_eeEXHs$wEpFT4DIMcM>h&ooIVH$s6 zT?TuIp^tMyr0@at_N|>4;G61yVAS-vAechz!EuI=V-%&ZN$F$1Uxrtf_78h=5=9&i ztW!J#*YW9GkBlz78{@fjJvU6ehfUWk6_({zP!eJ|2OhjueCAR`Z3{&4UxFHW?{9mXQ9L1pck51QZEtcWnkzIx{l?OOA?(z7?Q}I8Jbl(x)ktUgT<>gouDkvav_4-j_ z)GU2bsc8$V_;%`DBTl-Nt>WBSc_4NszcPLy+e0VBOM9!l{ia9E>md2JFEyKf^@>Ww ze-k`aYAx;UG|8@!%CRVTU!sBSTn~b^XD#d06qTzr8c?{;LnD9QF&>o&n3Ba zF*7i4eAGT3@PxhwhCN3>(xbi8B_4FK!ljw9+n=R78LDj@m&9A)%ue{41ZxaD5M|8^F3}fi!!4LKpje$zRf*bBi5G>fbop-Xqg9DZ84lxv$?Pjb!;|VdMfLvx_HEP6Zz6#je{lBz z_4K0sz>?crF_*QT_G@X7v1XNz%zEP|t#J|fp5`mt;X7O1htt+`P@ya(aUeP8f*#rNJXu&@uOmeg)7$@!1nY;_-%CeWmJzYTnM z;vEab`lYO?X(USKEr5LBWaJ;hywBqo!9NDvL8xl_RQFb~-OOc?C&^e`oSbven#-lc z*^TgLUDkX*sLai9ZmrdVKn#B_2M6ja-Zjlm*TnKkYjGcw6vt$kJT7~$>p=NWf%Sid zx>TMb@ehOMd2S;Tm5N|~X3tC$?kl+Pjqiy*3~O*p4ejOs0Edz>m%u(jBO6W!Bl^`T z7Zr1=(tLB{8`Re{S&aJchiAA+V~N+8*^eYK?So%ucx&ytPlJx9p|z%=JXY?FZzc&` zsRM(-{c2gGXU`rT@lDm^-^q8U$!l_s-etUr%JbH}hr!JSV95ZhO5ySNlv}bVeb&V;+F}*UVoBJPBj0cw1l7{8@W@W#Vfo=8`l& zDli06*8M-ZOh5CBS41S$6Kv zwKHg=*7V!0TgAF8I#s;U!+fa5+{%7cY;j$$f_xpQEQzDft)h5^e|U={;TZtsKpMYK z-p3>G%>~EE*zpFpd*Dgf>H2_<-Izx@!r3g@9PoW=#2*=MptQSb9d!-B7gNh)+w!1F zCj;WmQ^MaAqmF$p8FYUc+cqM61>C-barxI>@akU@cz$@|)$E~`-Hz9c9FRY}54`}R z(USaCzS1mpTU#e(Z?wcrTfgO>9ES8Y?0*M-CU}Fxno01b#ht_&b3&#Uhdx>y@t;%2 z>sT_mbh9x$YjdOcyI$2iH{%Up=;HlZt#08TJdy#PqrP$Z*Rp=h{tEFnjp4hM)}|VS zaLQqg=2N|wal?%D;C{8GC1WY89`W%j;3S_E{3mlhj1tqtHiOKz*g{D+T!CMlHk!YR zygz?);S03XbiHmjF*Ge6TY^A4v5soAS{OMU$AJ7ZapI^o2>d}EyqfGuA&7&=U(X~C zp0(s35|-afN%ZHpV=hWC9e@cqxE?AUoA0($z;HzK}|;QMIw{YLiM_$AvCHelx%?d@Jm ztoX0Q-V%!T%GTyqvv(~ZcIW86loXZsIbRs-SNhhAq|a}Cd3AECNk))`GG~sRamVLg z<89zwC*!BWXVNvzXpLIT4U9-8-It%|L7bJ3le}HcdD!B+sVB%>MQjN;4hAU;Wh9bq;pJ0rDjUa3FtW- zsjbP9(D$oLg#d?FRJh*ZJiB&_4vcS@2`xr^IiB9xf2Siu^gN$zyXVjH}$n2?-!m)mcC} ztETMj+~%nr51b^ol~g9xTrmgps)ipeos5H?)!P%#sS+6sPC#--1_mjCBTxcmht`>q z85?3%W3~G6{HnU`+yNnZ>p`+CsdvC^h6f*7vF2xVU~mp<`NlcEZLSE7ha6OkJA@lh zyPiqt2&wcgGO=n)J1t%pw7h_r+XLn5y!93Rtbf6~AGYFrTli0_e#?Iqd_!w_@k_x# zjUrcn-)b6JIFBIx?T6$z{{Um$m2DZ<329^cX1z9(TgLHYV~iYh73X@rkSR5!#5@o8 zO?kDVYbSH#&yU^|@YUyr8&;c7k`ET?Qnaw#MsfCtN{~_i0LT0*;n{TUBg7hBtKdCe z1)o6H(`+*p+-+yU+E>#j1OEWk&m>l)*#1#}Zx7kyQ}{*k9!uuY2A!wNJfiKk6@B?6 zJ09TIz;`JV+O&h^W%v8l-$!E#sKMa8a&D7p>b-}(EYh*u23MZ_>$x0KmqG@Iab2x} zj&n^^l|fS=VV=XKI}^;!2+>H~Tm#ahF^rCWaZXXOsQK9J*hcm|b?sA#6=OzS;E#R< zN!3ifZH7jMc4b!Xrw8+|+TZvgzwN1~{?ES~^$*#n$JZCH@YBZ<{f^ps;aw~$SrA(LmJ_8i?@v&7uGLJ)Fo&NyvP+x)C2gT2Xnum%nyftU9 zEw!Y&XNV(FiKMe}gp(h|v4}kS_XCb9gvDxqpTER!hd2KK1wJKsv*E_18Cn~rlGVT= zUfr@#f%N@r&9x0FZX|bi#z8s9O3G5w=J878{uYu5FOt%A-4h%zBaXH8L@+)6k85$G zYExNjR^#_=6Oc&v1E}J&o3YS)2f{Df-^5-S)$F`C;%f*s9VuO4dy+EB{V;RSHTGt` z`%q~97@pfz(@)q6#wCfRKX{I`Mp}+==ypCL_}`*@Tkvg`rKScgaTxnRZ@i8=@z__7 z!>M36B<>t!j!kycJo?chdzYBy18oBYA6ivX$}r4Wb>ppe!*k83i%}7{Ks@xt14KLF4BM4_uVYiS#6DR?+{4&VZbp-` zMjLQ(oM2U}J8LV4Z?u95=OeWMXa+W+k{JW2>F-%m-FdQ?ZU%c$2Amg)sHG4;tzWdA zeASldoxYxifI4j>U$Khp#P;iWIvk(7`BG}I$9K7*$}4*Ipl1(xrul8T2pFuxbkVEA z0-XAa1XfA>%&AfcJ*j1nsplm6bf5{W?i$g{72oN&S44F$HZ}5NXj`f8`A{iJ!y8n% zFo-2N!OzySjQjG)4i6nD5|FV+6o^($!d&4;sjbNDq1*W<`{QAdY+1 zZ2CEgQ&3U@WP*KaB_KOL53QWhg?HRfe@eHh+wE4|rN(&0D9gAUmE5Y6q$=LW{hG6J zVy+=M9$@NyXL~4w)%|qsBZP#NU;z$sOwNv9;P(lW1iG zbI9x~NJpuy%1OCg9F_;5tpOI|8w^v^xUCHLb~Lo>Hn@~F2wdYB>s?jU7S?gB_cAOH z3@aA*>^$yA{k%g}jkob*O6O z&f+CG9B!bc8=h~kc$ZAlgWO$C9zc1=Z>@aw9dX}Z7S;>|Y9$k)k z#(2gn(4j~wNh9RR?<9F& z7kOYao~P?f=ed5`J+meQ2G2OIhwQFGl>>M6q}_nlgGQccUU3^>a@=$twcL0g!QLhD z=Cf^}cq_u%zln7hV28+siYX@mk_BTa7Z@MEf3f%c5nErr)Us{+*)53gTCaAf?T5)u?nv2d`?{O}g&8vQU>m zM2U&u4>eXu!Vwy z&INNCzlrU1&BGzsd($+hOz^KAd}r|Ih3zgi4S!p+uz^*Z%Q6kkj@a#AmA@VT0B)(aWTO(C~qV#ds%Ne*&3tw`iDNFh}$-G(bVlD5K9I~@zccRIs<_BM?(_nV6M zKM(ji*33qc+p7QoB#yPt4cPRpH^Y*y(Gq1djkr9D^nVX{W+s%R@G5+{HjYyJhKT^Gm&bMh~D%{}K zqTb)f1233%_4$WdxNa6XElB00yxblfW4HCJOSM70<6_D0L7dKhIJF5RD`z2f zCm?3M3s3&hvx*iDqHsCg(9mXH)bC}IAoGlq#sJ_~GjOr7U7-FwC>d_fIV4h>Po-@` zrpU^74bD4IG>j|Q;*Lo_cA$g5_*^(Bv3g%Tf_o~<0)Um`Y$rTPc@_crvdWN zqh~mBe};o2rPC+3xrRu@i@AR9J!>0V8iX)ASQ%oJWaJFwQ#FK7Dn1<7@9&PTB%N3d zh9l7P*A?u(3$q3SuH`P&<&mlLGS2QJC!gi8=lRz~1d+!Pi)ynGkC;+0Xr%{6is1rd z)b*@wLfQi34o(jo_oO1a>L*KZ(?;&C`c;8FuA~}qwON19N(N(J-UR|Mq18uz)y_uJ zPa`ZyPCcj*O7iqrk@k>MKAW*oJ*B0>2aR^fdE5;EZRybzh{nj+^~G%Iwv(5YV~9@+ z0>0qT2NS8ss%iJPmN!~+&tl1yVfTU0OjVBx+0Sb`y}U^+sV6Z=I2By14T(jyjIJ%z zM1+z;^vSMYTk!zVqLTIEV*>KUYDZ$GjpGYVYB;W~ zE~zFXd@~)`7zVoE4)|`yJGjN!lgRAKIvN1(?zBxlA>^`$i1G_{YQ(tFEkuaWBP*%G zk=1^b37ut}Okh}~-tGtA&oyglk1`0!e9&Ub+HBKZOEzO*H;_R*;;Q(j(iFEzLX!{# zI6bHl^A5SDTSavwkU0#*o=-~id;L7D+xTKn-u0{})ZRNBH;lYJcY9)ISiHtwr>5aw zENeP662+-$x{PwJRDs4x^dCyY%;>rBCy%sK;VpjaP=+?Qib59{#_xaDxg9r5&^$q? z8@)z1+{v+>MoArN<5Js^CPjUrSj5R>(9b=oC31%wN3D6rz2TcnOXxnsdnC5%g^1hV z-|1R9r6~6{{4J*4Znb8zJ)DL^H-BZ)O3$Ncd?xrUKt4~ zCmx=)`PZxXGW+{$RkXJ$rb!%!%Z6nk7-zBcu35zCr7cdENta8rf%L6b$l7WM*%G7Y zJ-F?HYhuRME5|BXgM*Qgoz=ln9q`z%s#`&D3=D;&!5Hbc-oD@co<1*MTxixl4Ah}( zYr7OkW0jwG+E=p^>siNfv-I=8xANP4mRVYDm;{h`&3opPCFk1hZ&3{JbUrM zKxwx&*H+337^NeodK#^($gx{G?red9-n*dAL*qY*I^M1QuO*}!KBz3V6&3inG-vOyZmhy;1#+LC5+k#aVYSv=HKXvyfkt4dph0HFon99Fc~?JnlMwOpo-fy*E_yQb{F3*&WZ_sRLrx`b(BcpdwrzhnjZ1ADpq=t+v-4fW-h<@Rp?_ z-a`=iRGwA6Yv}zc%(7OARQ z+M~)2BhMAe!{YruVq=2(B%dWnCbv=SX&Z`{(BB3*EOU&J*0A-7V6eB9;wiYRZdP1| z1ataSPhyXn^*u7k>V|u3bn+XP2apYGT~vuO9sX` z9Yt}`PY#~IG0!~->sYpFa@%T__Zz~*ktxp^tnaW-G=g}QL`pK)6pUHc>7if&<;vvZ zw4^$9?9oT|-zHu78=C+M1T}8rf?pVm7d+Rwjt6p7y01J48sz_>Gqx$s7pHPY&c#U%jl!RuW`jIV5q z3xLVcaoAHdHLWhvdAy965Gf-){i@2@yIdBD+!NM|n9Fk2{4&|Sq`qA4j&`vFflIlg zVJauh^sDD2>6ccxlF&lI7!HRVis$_Q05u*q0cH$(j!kF>J$)U#is^QW_y+_UuVW-p zw%c;iumd%Ww=`2K>JiHF3E()Ldbjtg0FQiDD*Ln}N?t=Oerg z8E0H7pOn&Wz-M1imT6r;exASz=cJR)b1FP#bGK+c{p%S>(gyv7?3Q-EMcffeo4#R+ z=QTZg9V=3v?PHVd(gFlZG87E-tdv{a(C_r!H$?FspAGC2A3tc^oy}}TphFQK=!(Th z1a}|fSIUhpi?-T&+qohV5Oq^kwKJhQ~}A`Z-3&&e5AaQT#b!c^#&wY~`i{=S4uN z$I`MqRVJHc_QJ)a4YUbC?0rT%R!yC}?D{j{{2G0&rM|ay99pKF!xN;3?&Nh9Q{r=I z`kbozN%AcG#!an^svP5<^(tC|sQR8s;w=WxLeX@|tsX{q2j>IO*GKS!;*W}aKOVKG zHS~ffmwLkSf~p4t2fbWLjaGD;_l@uMTT81;wTxV_Asaa$^TPgh_3y$>KTNgIY-N&o z;<=gycKbwue74Uct~*kcO6O-4@yFsdj)7n-tYsILErBb0U0=^$UphOkPG}2_W%DOjED*TT8g()8=?C zt>pqcW1MVr+ubn zVnZXUzcHvCPqjB42y-|;3hA0H=AEeOcCDwvP-5aif--a0jyI}mu5 z!rIn0HpTGx8_CFF^se{7TCDPEim=Hq+9GT$XQ>0Yrf!|jt9&={mg~cw61k6D)2>rk z!181gZ2)J0M}8~A_0Ji2PsW<#YC7emrGqGZ$kE`2Bd;Fy4jSC6A3J!$Yiq4?)*Df6 zJ&y{cbq(#B((#NCcyCRznbHp^BEI;?JoY&1YND)-V;uRQ9e(jWYwBMCd|bKG z99i02yoI4LVU!ghjCY{UO>B(~OH{N?F7nRfPKhLUX#G8Z#CuN`Ys zTg3XPxRT*iD!xD&&l#^N&@br%|+C$Z}4C8D zNj|liq&}Svryl$0t!`Z7EPms~#pd`7(0 zd_v15w6?Re?P(cyD;}91xve7`n#TP{_>)T3;hM_&*7!*T@os*3)4UaPgLdDCDr0yBf?YZfNV z--u19>VnoswOcJ_IfKs;!j3(My;#%q&+VIE^yuPtSjOO^0P#qdBen2`qj{xTUc_wX z`vR!9Db#w+Dz_{XJa)5&RUw@_R8r8bDp7z2)KIhhe{o}J?#ioXk_@MVOW zb&0aqPysPmc%MCfZ}Zl;$u#kGrP}z9Pns#?c*}Wl;N*J!degfuF*)A__=@88`K~nC zCX>mTR(K>hF%8`0es%4C5&kB8Ik493ECtP$i7e5t&Va7w0B$GfO=#l9DsAX`uAlK< z&ra}Tf5JNYWUmfG-a`0Wl_P+|zqNj1{6q1UwP)h{*0-~Q2T238gCD;veY#Uou?nAa z(0m>74@J}(${!G3+1fl32|szjZb8OHd$;Wp{{RiVa~6xK_&)N^`sL$}OMr?-89>J0 z%9#0IL+5Q0^7l`;w`hx7yk~PGFKqt+^{d)p(sa)p3mru2Hx@dTxWE>qg5%M!dQxG| zc|XK08(4>5h8-$swGBUkHs>Lij-h`_^PlX05dE(fldsDl%D5vcdWvY$Gtl&{Dhr($ z`RN=n-!S{ccdux)@luTuB)PXkKa-8AJ#?d@?LesU68u*Ayb2><=a(uR2oTh&1 z&weZH>1~qBNP@z_;hsq19Bcu%W7pHIbH5?Bc}IbCuM_y2#=0fmvEj5fme&mO85lOv zk_J8a75Z~~tgH~}ww8K&SXxC2qQVHk_a_{lYj`aTYDnS!CwRNW9uCsj*@);5n zo2b~}1Q5u zcpt?+BJpR8md?{ng|u6;U(Z=F<9?(AREE+?KzwEqA&yx9HQ2I@WQ$-Hx8sL7`5 zGhSGkMY(5nA3GHXgHTsBk08@dsd=IuM@7W;=*Q)gE7Lg`{442yfI5_#_L*^X*2We` z*>JJ-R_XJ8R1+y4_3;-*@Mf{$8D-Zj?CkF?qGpcijt)j^^7F>9+ucbt){P6HCu1PO zk=lTb&n>&tO|7EdZU-m$O?$8G`{TPW40wXt##@PCvzdc9clleK5PvGx521cX>9UwE z6=Z{JLf2}HX3-yuqAvlf4 zB%jFF&QKd^U8A{eg}B?C5;ItxROEfj@b6Z(__6S_R`7nObv4GjVH?G2@}PGq*biI` zewF&?{{RFa{j}itL*s34_9pnNJke~un15&a=} zp3Z$QTe^-n`J$5{lyJkSBl*|Xf3wexM!77S2B|jhGBOc+F%^SG`<~aXXg4;O*4I%2 z5(xyczxPNv75v8k0KvpRv4xEKFNOaAZl8zxYcs(ddMAtR?cz8vl6x%VK)v zK=;O_JMzBI{s-z~IP^b|4SP;YTaEr;c-?ov(XlHck)98F;pCTjJP_;h@-g|>Y*vSz zRxK6wI|VEW8S9F2ppTYi-JFbc#WRlWZazic!E$}Q>Z|58ARy09dr)-7R?(BNb%{s- zH%@7>lespMIO{>7aZsv~+iBajfs?z_+L#&<5}zzDhW`L+z0dYn{i6I|`yqbOz6AZF zd+Mw8V=;$UW^Ci7cg5&%R6}GUB`n!ruX=$=W>Om&J$(f+LM6!4s4k#=dee50 z1ciVk^NzxUWIyG6HaC0vQ7cT6A{A2+8B#y32J1rlGAISW1aX{orEOpn8l?9#);5X4BD zDHjVOIuntG1+aO;Dd}ISz8lmn9(Mii%PYVc75@N*i0S@)E0U~DxvqBx+2kHdJ}zTD zeMLigqG{I_x`mFZ3|AUm^bKoy3;o#FlxRa zT{;W@00>!3UdH+eaWB{;8Cd2xff*nVo=cQo>sid9Hq(5cvivIu)?X|f45voXSqPYXg5=cju`R|(g z!^E&y4Q-{+<1b*`GvweO_G{CnvFBngT8`BwMQAge4!!Cd$jT^q!N@r2jMsHEd6g3( zX;qXG0C9}sh#O_ZV>krhb6Xf2*82^@MDD&>I6QT(>K!TtvuU_1&~rc>h13y!q^m|1 zGt^dW$k8cSe~6yFs5XYiS|!Rm1dx>P25VVm2ug+aq1)+CiZZtBRdD0JC?&+^XL+W$GacZrRDwE+)v}43X(MWM9`p;4=QGuK`qHDBrX9Sw46ZS)8vZM7oB$p z&p7Q<$Kp9Igwe+YZmY&g&VLG@W(PlZ(L`jpah4}PLsg$$3mT&mTzm8s`4AX0>dkvQ zq7S-w_ol?ZXmGN+$JdibDgu_+qqy0>BRrb0tN~(2numZrDuz#Q0zAP;0gq2=>+Liv znIrRvcTwmmH)83duK0D~4Rgo3#5xayG)+@l)TEF`9bj)J0!}jT+P`A{27kdiw4Dw+ zEqmi8p=sj1VVNaOItc#&aR3+~KdH@UDu+}N`p@BS4_bJCMuSb#wEZ(i(xX70RjgqH z06&Y?y30>3$+y#^K4TuZ;<=?OlwF_0j}m>da3*khL0wIq&8@YVd>Eqx?)McSVczR= zBk!_ND+|op$_T+2 z;~ZC`2-xARPyr#x$H|=3p`qHrcLScaqDKtm?q7~L!f-OjraIM&STi9kr*Eb@QWQ5g z>~zMFqbh+{IXq{I>TL9{woe|PV{dn=YNduP?P4-W-kb`?Oz48t{c-(_{{Y~UzZ<`3 ztF1f5KNTJ?hQAHT^9&M(Nv>EZ9+Rj|8U%Tzw*{2< zWhb2b*Ckq(I-rlU?rd#sVJ;clxCG=c&{l1mvAHT_DyOw@%3Vu0ZexgANa}ZBcC1|z z=HBxn-Pg@lA%X2&?Sa@102IZI6q2j7nnnzhI2q0{R3+6c;SIiU2-sJbT99 z6m;JYTF-NNbhdCHB$qe@SLZLr&)c8F+I$xl9tN{*UiII~Su?n2x!urxYiP%z*BIMG zeqDIu;xCK5e|;tY0Ew@e{&v|4IoP23`kM2lkIVAWRaA5U3<~Y18z5pjl#n4^x%TF@ zZQ^iKC^nOf;;EP&o{^?rUOOakF^klS^?wX_LOAY&OK!3fIRtdBIqqC#W7~Ak3SC_| zj?&Bw4Dc(^^v?`UY^t{kRQ~`O#y<*xl#c%ZORZ=uag9+;4!om7-#_*Q0o%+I(JCDd0@ zBORm$_r-5qUqI=+F4k_NA9l2+X&LuCd&XAQ`l3yzdHW2CMnSGhz_#2!c3CHVtqIRqN%;lAFBzZ=aa%H$GemUzk*`F#&+&Ay6DcoopBtLfZR zA0fG>jnJWxY;1SzYSi;dZmlNld#we=HaRQgSy;;)q_67xkrvzmwEKAdHg?olAD4V;cl59c7QkZyHbpsQ=a@+NquE6+2fYpa-%q5-hdZK zAzx(9Fb;E9wacY2Evp1S-JngJ%nv$7$kIC|dS<7N^4=g;aLk$M=|K^Cnb)3Fnetc! zKgzMKtWp_XZK2M6C^RX_CAE#}&e3=0-nqXYXo;@J_MITfWWWQ#!32Nx=rfdhoL7h6 zTen5F)gOJzkcHI!?%A&1_fMJ>M=Y+4a7gC{f_j^NAJKM7Bxw%NbH#Ty>|&KxOK~D+ z1fFw2ago%WD@=G8#R|vkj@6$QgKEBHk+VTAc);sHE@bdpPi>c#y#9DN=qjc4?f@x` zz~In9iFa{*G$vIn>zp5I!(S5H+scq!=1xcib~Ftdv+A&FaYGSQ3z5!h4=e1MDteRu z00N*2USN_?B*@9^D_+XZHJI&vhu7AD6tyvGC1_7pGxcWi69cP#;FeDo_bINd`W1b48`Mlvy21Qv2^(?Jf=qd&DTN2 zZxArAEn~QL$>%*sddQl>7LD!hQahDlh6H39%3F@+1Ne5%*~{6-_E^vGj)Un~`ks+~ zE!r8=9eBckfG1K{0*$`evVYwyyawrmZF>fra z#`tB9CmG?0=RaD)j7MiMjaQ)nb3tl-%lDB_c^N>`Ku1Oc?$g&xzVaiS{`rS>>VFCe zl&)yN?+6PfK;t7Eis|0Z$$?~MC0J*tN(m&ifdsLSEhB#YvsvCEiCQ@$l^4ln>Dquk zRPi00Hkyoxq0vus$gFuZBQ2XsHaOj$e}=M})Yb)iuMSIdr%aB(piGPmjMvG2KG7nv zY3{@d*8mW4-k{zH`0wIwgJmvKf^g-$^o&3sFw!1@=NWpgS$%w((agOO1v z=xE|}Z+{*jkVCu^gWDpgNv3HREjHo{fI^Ye70)uGxzc!VM$;{!No?+IT|g|*j;qgH z8uo1t&I{<{g4H9E<(Mf9a4}r7ea(*M?$cAzwD++~eBkg{ck~s(Y2G050_p|}mbXZ@ zoG15MojF)f$n}2%cj?n@Adryok`Fg1K9W2C_B-YtgV^wv@tp*VCn z;Eeil#bo%eLeSy6PwWf!)U65zW@z@1PiodO=w~IN%w40!r!9=Oal9_u!wA839XLI4 zUn_iD@J+{*+P<0^dDj^ZI*j!C)^m5z)|=G%-tu-fvc)<>48V{X#~{`|o2lv+auF+e zz@L<_8-E($sU2+2`cgXEO-37(b0Yby4l;iAGehyk_k(;J4wRrTk$Foy-1tu9S{OtWsSfIU|xOB8Abq<#SiGjSAl0 zQRP3Bhp52DD@feQ%(-``i&r})5-2{DLoCrF1d)@s;Z)*FmCQ?tJn0Ine8a9g)|?9{ ziBqbcD>o8KS7_G6l154GQNwgvHr~NP`_e#Q%QBgmjB-ykQt7VS5afVPLF-y`fqDyz z`!K02ipqQArF3t96qbiMW~q}kr?KUpG`iEFw_|m3V1MBqtLE$YztaTJF-OnJLF-sd z>4E9~4U{?oJGrY51|uAwT*UP^W?`|c&0pSxqakzB@)X^z)Eh`>p9k^`H$16l!SA#e`#7>LiXwzbCST<&|U`Co?BnD+*}iOxWb=GVA1OEO4F*1 z-qk6ye=xf)Fg5=G#Sb;ud9-c1{mNS{E4}$)L$OwO7k+ z_Ntn$uWLLLTfh3wMq7+lbA1YOJcm%0D4C;76;qBYDd3jiGehPDUQP}N<5^2$j7!L8 z5V}f-aTyimn$Wnlx>YuF8*p-8906Dx#24&0TP3rQNC*SvJOf=FjI+cURiEtqXYiz* z%;&k#M*je6cYK1_=Zfa_J7!)`0952)bTrO>Ws<>MPp(3*wCu2xNm>SBZzr81y}>SnO{ZbTqtuZ=v1U8~rNk z)^yx(Hw@qo;=VNT0_l2{0G!r4Shd{DWhOD40gj@8j7LkQIE*4}RR;r#sx6)^ zvCAHNk|->CSVs9fQC~P5@++;-bjVs&BH%OUkjK)ZQn8G;IxTZeiLG};-~vt;9dTR` zhT~{Zhl7@-8T2I4^I?J@Hm?5wT-6;q_SWX@)S#OgCq0j)Z5LoOb+|30ET%ssug!t! zT=KwOl-rP0jP3@maq0%`rLq<+a&Wi-LGEh?{{TgnOV2b(BC7H7o&|HwbvBDFT4^TD zBnIK;Zn$C6qq?@gWru7MG)xW;(y}y)E!*E;Y4%NS>W!aO6 zZA=_a=Ehf@7i6TOaa$j5`!WTaJeuo@F_k{Yj`-`w_C6nUlKSnfA|#+76O&N*H^vtF zz=~@NwVux;d4P33^|?OI$Eizs1=KAJ>^^Qet|s!;Be>oq;YrWZvy`5~YQ)QTX>zKG z7?F14<{f?O7UBVKA!da(9&u3EjMkS=pUjR(WsY3oPBNylXR*`K96E%U9PmF=Sz++>clS-GMQs{`Z7(6VpS??&7|!SOqvAV6)qE(om+2a; zf4VL(trGL|dh^dd)#RG=HhN~0Zzho>Q#dEgBpyAh=_MTE3HECWAC5`!e9GiC7Pm^uVuQ z_(AZ8#vU-W@paXmwZ^?@U7K`{Hb8{rV?T(jr4u%e2gKe7@!++%(OXHL>0@%?VqNTj zd-`;*Ezz`%b4k81+?JU~2Rtx2=tVAj6Bt<1@hn%yTN}uSn2<;vlc6MfAEtjg`mQ}^ z`&&rx)y0CtYZTB3zF9KJM|T~MO1^V#Epx{_XKSrn>$2Hh-HlW$j6|mx8RzR=t&hY# zE5MeE;rqBzZZFWJWsW?u7eCZfj;K>g+8zh4YW_O3)~-To(`q_wkCRum9XqL`*xV4dFi!qWEuX?x|Mw#k5Z^mC8YnC>~_s^aOZSx=_^OCn_yeBa?eiaNHDbF1h&%u;`3TwD_z ziGWxP?E~VH}S?+CKVH-JV0XfL5hLMdI#4GIv@jRf?*nq-CCm?5z7QV{(UGW+? zygsbOlFNpW$C9xebv}ZVHTG*`gZPiHT;AP5ai<$=t9e+R%J~tlP78Y13nZ4)W=YDe z&e8!V?;6SZ6UnB9uM2oSKNDTOwbkOWIPFfIkVK_zGBR$192O3oukoVV%0#xbu$k^G3jFbBZqj=L?Nm25Yy2+o{(LzG zrEha=kizJ@B>U11_#aC9OHe)wUjbR`x`u;iHKM@qyUYMh_~5H{q|SNNmqX)^4ME|r zwO>373AbY*RmR}QCb$h+;$0h96Tq$Ivxv~fxY~OfV!P^kWL`CneJrl1%Pq#h23M_N zcz;yVFSSO6?%E`ip~uQU8V1qZ#c5@DJdKeT&)%%>5qNm%tYoryOKc6gK8M$*duNoI?%?=u{2z^^Lsu9Ejx%?*Tkx$_DE*El%O6bSU65oj9rn_^#8wU#lne?Q&m z39p%T&0br}>9qdQ#2;D>BP(cj{u=Plimmi1^^Hd1^+b+kT%zpAKBL;b zQ%dlCuZc99onqOoBfE^_aO?-1x)99v<=DwGOpzi)SwgQy6XC!S$|}LC~)4O1v;M z@v{xt>Ibl(99i$$ZO?>_rNzF#qKkXygrRuQ1Ds%CI%nRzZrXhpz}B}nv6fYZivr+o zY?4W)5qh4L@G8^6el77${LuQbmL>?FXY*k=$j|eyZ}>5;_@_s= z)U(-d^3@Lp^ldr}M8z z)R)2<)|nmlf{7NXjiyM(RmW_M(Be`@nQOb_wSB?kb;wrts#YE$x{|;`yj*e)Iv(9B z8Y`Kd_rlK;wv#@oXLVx?wW7ue8fq zY~XXd%X5%}wi~bKR-;taw7a;SBq_8M&mdK%wjVCHF4${YCEcyQg#_sgh{D~YV}MU? zwf29&Z7%P_Z*MbC8j+2Jpdp91Y9wfjzqG%FTVL>+>$+99+BG{#x9!=2{SFZBP>ZAsR!xOz6tRk zhxMNcPj%t{01(rbYSe{9JYcMRT{{ZOVo;%iEjqtO+S?#UicZq-~ z!|!0`w5B^Bsy_!lBd?FV8Kzu|gg3TB?9*F_wwQqF&wBPtb~0|>HbzcqO6KF-){igTVGVugVQqK)%p5OPxPbjhgP&gihNqGoGXLtPP{N z=${TgAZi~Dd{3t9)`=a&CP5X%ZVugtjGTH`&_5amui)Kl!oL}O2_?>#soBqMtLYNk zoEW518P$mX6O3Yxw>lxY{i*)TKeQf&`(6Ico&@;2pj=u%iPpk6b*pIKA}N(XVe7%q z;76r>74YB0qe1a5n|tOpl+nl-9N-h_Sjkz~>52MvCbw&>_*82U0O;|CWd|isdie|D zUxF+=ePQB{guXG2{73Ms$GUXdY_`*Y>0@{0l?6CB-UdCGDXgazB;hTXq<@|#?K%5A zc*pi{_`mT3;3tgq%cyVsIjBsQGrANP)GhqQ``KC0)XAVl+B^Bb%qy~4ceX=Fc^m8^{RVlQFaza3dk@|TF{!>JGkbyxQ!x5 zOl}93_9N1zv!qPFW^^f2@H4IZ~(Q$4nFH z&-NO!MRkk&P0a)Faxg*ntZSVJ<+WRHB6&VmYiT$*^fmDB?GfNx{ZqrzY8pu0t7!9` zM%8wm(xCguKMe8iYs{AAsOo%OulSEk@#ETSx~7+HbEWDQ;@0(qVOb6~?j!ra=kc%R zH~tDk`!l!0pNN-!Fw?E?C%2MKtWf1%1NUSD@~29sqLfd|GKsy&Bt{P0;e!+ji6@P5` z{{Un^+KE0Lc(+$`@N35VZ0=H5#8!80!a3&{IVyYMvtQjegfGsoCy2ZWaD{GQ+o|YR zVE+Ke)C6aOI+2c^-u0Db)aZ&m_riCv>biBU{IBHSMm(w1o`i9OTUvt4KbdSmFi5{E z1JKugzv_K3Q!v7@8Kasq<)77PyVG0xtj)8;k)ejgh?5o&+4 z-^QO4{3zGeTGQEFFMG!XHg|^TTx}0uYcjKD%=}Su-mEv?UgtlnjBh+-q6&1|!Hu8CPKAaC~?}WOZ zY|&K39AG(K{V~#~TQ#`y*+SqP{VQ{stw~Ov%2#V0{m)w3wVGH_VHZuo$qat=0l`t_jF1y)?RVgSZJ8nupx4@Z0 z_B};&>2fX=%AtcIuLCtD{L;q2 z#y~~=XbTZ7(lAL00Dlp!1-pV%v=#D*0OCL$zs5o9Ko!ypc&2U4r=BuDohiDoM^$E0 z*&}G|eP{yAcd*49ENlb%k>0cC4{%JP;|xYIK$&|_hDg+<#A0RIdiM9Mo4ZFYWQg*; zy=XDH&aS0#9J4@yo3X2w##>??KvH{9YZffG;hI4z2VTVYtk<=UaLh7>gGC#W{f-FA zyh-zCIrpascS;E-rzbQO?8$|S?PdX2KDBYB-@E`UU@%O}AdwqN272LiG@UdXR(SO(6kLEbWYbnVaMw$C#@XO%G zgT5MRP-#8_(je2c_JJau+7aeV!>be4z3S4&#>rHo@3{Q=u6au4$y-Bq&q$k4k&@xW z3yzhq;rk(@nXP7w;Z9Z0Jbh{gO{(j@Lx`YNlldCw-uWa}kjOUoQP|Y;bU<;Mw!G1X zL5L#@!Ha zWpmHn?N)G3WQtkx7>w41wWphmuQjA)WMXPsY0|^FnjZ$VWk3xI#o_@8oV`HW-hS%3k5xGy0eEB|=E@ns2S_gxmNYz%_Ex>KY+*fsJ;Q?$> z_5cq&4wcU)2d#K}MN4lkMi}l6Ypc78)CP`5Q;|?i-Hcs5ZR5FUCw!+nb6Xm0mbQ1_ zFbs!``g_o2aWChE?_HM(pH7F~u4$rlGRh`UgQ%cJZO!GRlNj069Gni>s9dP*$4$yhfG#RsAn5Q3{mrw#cLH{GMh$=QF!hyAw;=OjgF$V7S)qtt}woo z!JC%RBdRQb5#F@C_OwTj%o`5?pGpiF%-qhF(wP7Rlhhi)mA2fQsCTaJy!D`{BTaL3 z1_#gUPWj+vE)ML9iAS-iqbZT2ONdC=zj=LX`Ht30RFP#26&fTjMgm$%yE{-<3Jc< z(hGK+!b^;tdsHg~%^OG+nLm{TN_~tQjmaQ*$IK6E*)ZE)M;pn@E;G#rL^E4kc}HUm zkA7>GyLKCtBZ1uGtpGt2Tgh%z$Wle@M<%NYC52CvhEHrzT9u2|{{Y#Vjj$I8R&_tb zG0j!G(q_1}kXt9pJv&fpa)(Kh&RCv69FAK)wbaXN1hK}*g?Jr06YD`7x|j6JNdpuC zka~gEw&03b-S-Tz_MnTGKeUl{tDh)z&uUApPwc1^u$dTe%hrNML#@2l?Fb6}vU-Z; zuHBv6C6%-5KoNbi@))*7I+*_ex<+e;ywaXavpg;piOEuUGy%}s+q?>_8}P288;f~j z5J;*U)X)W1f*~*gzF>Oxr@KiLjfDDp8UQELZY2utkI(TMSv21&!Ng^}{AZr@0fnK> zb2JjI)D3SqBz)ZG2e0E@wwSWKK)bJ+r|FzfB3tXklt#@C=@jFGnu0q;yWg-RE&)F= z0;x*FFyix?Qw*jxbtG_jG+f%x12Yu-`R0(!hTL!%ar~-Stp3(a4xx( z#Z!*=2su)fa7gKa-m_1k)RFMMr=x2c7OuC@S($8H zvrHL?KAcy_zZ$$IW4x2amR1*O^JYYdoMY61Q@Hth9#>^~G|L`aY3YU;#dV+A=^e7% zV6kqsjFyIM;$hcd({)(m1=KTOx}0qu_3nBOt1<<+x4Bnk1HN$5YVmr?JNS&ls@Y+DQm0mwWIaR+O}o-OJ*mayT)TNQagoVidI^I*FZi|azR$qgh1|31cD^9+{p*u&u>A11 z`$MQbE5)rN(=8m?+)F$*eG)>ui2Czfbs6YVkuq4MH?MI6rOl{sk$}eRRo2lh=6Nn7 zh%WF*4e#$zcSbipm;IUkIqJRv@jG}Q#1LEG=@YSM`sWFC9Fg@F+aa$=|iNN~X!X7C^)8o3+q><(yeF@_otJpjz<6A9O@_QSPKF;hg z<?!!tsE ziG^8ql0YK>h9AzUqc`M7r^h^U6L}0{pW!vLBOr6+1CK-eH7{XvYhy1^f4{4CLbsD>=uh zPAo#r1n_NX&T^$f@N1yI(-P{%Oa#YujDgfvWE@u6>=?&+AzzyZo(ZdqVFRJKNr8{9 z0iXifTQySdLtx{YlkH7x!s^~_h^IJH&20uX7JA2qJ|G|w+TO>t+XKuefGgMS^?PfF zF{H@&z{okRRf&}|3&fgg>S)mJ12`Re*Eyp67|}HX+J)uC%1*8u2u>J}#+A&PvDv|( z+UUyA+eq%Jc+GkL0FJFJVzz0ahiuqCFz#wYL**;~026B(X00Sw8fV({wgE#g-VL6= zO7u%;rIygm7-d!&$E7oCnX}C~MOhaZ>BVpwocB`B_LC1i81wS<70oF09m+>Q8hh^$ zl^wCbHKlCJutdaU^NN)b8tW`pYOd^|9Ac`^8pu{yj~VaZ=~Ttaiqq*q(d9xB&TvYtVz_v;7zOc|LlVjfCBM9V>Lu7`VW!Ctoo()Ifs3GF{{Ysm(X?2t)9p6s5(Cpc z%|v2i#I>=4@Q7Tf9EQQH?Ndd!vhxx-mmk8}&MNs3MB?veySC;PTYw48R<_sf1=I^J zogC^9A$sTBQshR~Cd_(;*5-lj@Oonzt;l?<7?;a!uj`&oWhnF$h_h<*`701(FF5Ja zo2Sa&Y@y@x5Ru2NWfiHMqhgMsZ1Q=_3D{0}J*u{iX7&!PaG;?-d(_uN5eHAHHkCRc zWKS^Q9CaeR>hNire68iOTH68NfTFb-G&f=032o7@Tn^QItl816Y~H z?$$Yy85x<&aM;d$tEqziJ8M!SwG;EfJyx)kY+BIc?&JGh^F~C_9R1*&52tF*xzWDI zhhgVNPInQE)j)1c)za?D$UK<-P=5?pNjqIl5Rsx$AoLw8c+SM0Z{jZkMdG+F8&JE3 z2Mf@rFP}=|{59Z)XnCF4l zoO!3Xq-8W?+(K=xRGrYGk%Nv6Qo6bmF@G?z>_tqOkp-pgqB^UDXFP=`8O2R4wVmR- z`Do>i2+vBJqjpKN)y`!t>2;rrs@bzb+*(z@3%b4#|_OAiYYrDmXpIB*cP`DT|}U6$NvCcwB&+m z5gF`EB%hIh`}NN>4m}U#s_(~|w6_;}UZ}G?N(5lI!m!5!`d34xX}Y!FhLTIWNg$P& zsENQM9f)tGeJSU}JwY&Tte-{{YvoUbBj8yIWs60G@s%R>pUB>p)n{ z@nn}eY;b7vO%Rv6?E<8lqtd{ogV&t@q(Uj+?70)Ob zN;WNPekZe=K1g?Mqbdheir=)?u59#kdv4DiuubwNcHoanaastmY4J+m#c5)0be6T$ zU{P-JsvqAI_j$)!^t*2W#p4#XlUBEk?97oDA9Ul^txCle=J-vm+4!0Zs4k7(lGqXQ z08#2k_}9+g6@DP!crV9Jo)PgWHc@O@QJmqJFv!|F7Ja3#s-H5E-na>1mrA(Bj^24E@mv`?(|f?on>`oLU3?;*WSOf?dO9mJUgrS7saw#-AR6`u_n>FKn`fsk7~|O z_Ja6DH-Ija#2y)*d(9R{K5dk3{-Yj%SCwiSGwQw)hgQ<9uTH3=9$6R|@6WAgxlog_ z=2};Zyh*0%ch*oxaFT~H^OiXVps}>^7OQ&#UoFzgAAg!qg<<%ADy8OiMRz@l=SqUZ zPEBQ8$t)^S(nG_aQTbPuTzHdK)$Xn#wvsqwE(-!TX9J3;%Ep|C`WN7z!&p2?s@UtE zc)gi3xkG%bj=wEg_}TDZ#4+l&ciMiNEVk@e1%H)apS%a*N!78OKZY=aE~tmkR}K|wV>l9dDr|RE~|6rTTc>}Dx3Kg=h0iG zozZBWRTYZy*n@*gx5}#k%3?bJP)mVExp=m+7;F8TV%o7c+LRtnq$4s z4b?RreO}@#3FNZ3KPd!pAoQxg2*#mh;+Z*{Bd zXo~_h!$_MX-lXM6rFn0LJ_g0FT(!2XaL^+=I=o{I7p6JwSt(eR6Va{w8{*#xXqvW* zZm?@m7~V84+1xSI{{Xd)_2$0`EH6AgVSQz);UY4-ruI3HEz_UIsZY70*z_Gk#JV=M zZF!>Gt(=z;9g0(~MtlA>;WOQ88Xm28iGuATa`DH|)t3SbPZVkzzlikf7q*)1Wt0qo z_gB4p&A-9@D^Jva;Uk}VXx9L{BdN%LUEb6h91gYNodV0m(95S>kt&er6#e1vk>0zg z{9kKpa}*Lv>2SmmlfggZL7dSCigkYz>a$zRrs@eK#zCB^Cur^ZRDM2#Sk&|v)Dus) z`65-FRY(j##aV}0T+3s>;H zq~F+=5g9VM0vQ11Pd>CAFj}5J<1dfiE1yh;(%(yt?N&c8WQ2mCp1Hvp{{RZ{i)~X? zy`DIwdz+hb3p2?fX53E$p2M2XQ8!U9+4z53l1s1b0Scs28D&X9`HAX5{A=EPJL2tH z)*EON_DwqC6+T}%!2>*gRVoH@M-TA_<9N8&wCh=9Xf8nsC^3*+@-v@Y^H*Z=TnvkM zdZ{K;8>Abz1IK#SH2WOVk7H8Z?DZ>DlSa4+D!G%CzKU^1Gg!FN?2yL8Z$SNcXd-3m{|4oOk^z2L96GEil^386|!>^{6c?9ueZ- z1K$Mx&`DBDo!gN}<(JS`o1J1}H47I>qPd5OV`ae}lnosp!<~Chx4w!ixb9(*CQZc` z8-YH)oLA|kmYw167(eVDM@ai2WS=4l^=emUi z?5bous^^OFE3Xb}P->S@!4=XXHsy1Vo9Rb2wi-QGOlu484x0^Kq8ojwR>r6D?q9X;YlIFkM8z0E<>^C8s~)c?LjB9zs|;9GC9v#Pf<)nn&mWE|T&!|R8lE5U3&QK- zDYY*J>+ty+GiEtnFS=ak9CqZ7&ZM8ix8DZ*XRCN(^4V{+xiXQ*GONcT_4yB8IR5}S zsZ~3Rld-~U)}9@*f_W~{ZQ|X!IN$E7ZozC4c^{5H3erf|l=>3p z!X~u2wR>3Zpm?NKNqABUk@<|*=0}NqA8VuQn!TIF9j*4~bjKTzl14u~R$_9o<|}`z z=~Kv-x3k)#9Pf{U2exZg_r!^*BEF+5-7wlW7RfmJ(*-Wa)P4r>XN7djeLm*aO+M+` z9kW3(+B#r@YtB4JK96UrwyS3pP+CbN97oEiC$(Q8Ec&Ct@M#*3m7(hPw$`?@K&oBi z$C%7H-TbTO{{W8u3)1{p_Zq}@GA^|rndi1Sm3o8vR9LQVhvycxqgyGQM2e?zEw|U+ zyv9pNr%8s_CK_^BL|Wc_v5$!0Irm_H;lTU zdj9~yC_iaEU-oAB`5(Z~66!Zmd^YiGHLaN4wmVC(o|XMiUPUFm_cl_$p32-e z_lHo!^fi@E=VTG~AMCyH3FW!I@CLa%T}3KxhDlqf=ZyZJm3=Wk!;2ePQfq62_Gsku zV@E&gn>ole&o1MXZht+W@Nh@$RQ~`Gej4b1wvWS2IBI??@Qg;!#P*ipX7fyLvfy%B zGQ^+uPI?OdCVWR?ws)ZEW#rSCd6CMjN|1T#d8xxIUN+MI0G_{{&RUS}alzFYzEDZv zf+}TF7B(kq6JCMAQZ_3|0aq>4KHQq3r*y=z`2Zv9L6AJ^-!VqO;15b+X4+jwJw*i~ zMJ2Ye2S3WK#yrTv^1PC0HARso-K!ATcplY$IX`?IpK~2a8=>CiwAp4B;G^#`0I!~&#n+s;NcvV1`s#k{it4mE&O`pqE7jP57 zU%Wr9c{O9HNgtSgE%5w41@X6tbgfRsPlt8zZY+Oyh~k`ZLbqd)oOkBF6#cCJ4cUBN z_-U(HKAw%@4K67ak4AfL#Cnw`vWl^DNAgMIzX)A;7sdMj0E9J9I9yxG%@aCpGNC*i zewF8UUm*$@q^JF!0Ix=rjtcq}8Y!Ov*t|sNj^A2ml8w4N;ny|PaWT756LgVe5rL6W z^8?cZ0Cb>ZB#qgR%-c!)>eMp%ZV(|W^`PDi zwRV?MEEjfi%N^~ciFIwUw&GN6z?^g1zq+6JCO7T1bNf+#%6Ha3sq%mlkydqQ~xJSn-euwnMc6xES zm8H_IW^r*7Wg92XU(|oI zbo;xhv~M$6(X|O7-S&+-Ml8{Z0Qrg%K_0@nWdm6DKc5W~RD)5`E}~fByOrYG9Fk;h zaCtwW6~^i|ds$|UWQ$~@CmbAitffr2v)}$5c*^EJ?c zi=FIRM3a%zwRx3g%PS+HE16e+4z7buac!ncC6rlgr$w(__#1to_;Xae(DgUjYjkrG zqlGa@amgQt>s!&U(2A6gsOMPVM;>HFLt};n(3(Tv+br=;tIuxr>(Z%n%d1S0H2I|h z2_NQB$;VpIwzCi-r0jX%k6P`7x*WDNZmqv|C4rSl;~DE*o#c^>#~3RvarLbLq@I72 z!bjXYXSFszIgwS2p@VUr;($F5P4M-d-Jq6YS;ra8Wq5~0TS%dMR4Xdv;EsN@0T!33 zUuw%8l+p=cPCjlhX}Z6MH7i-d+q83`P(TCLfof`LIzh5{Zl)`^@ImWcoQnm*6$B#s z4%7_g=QlP*)!o@kb;oMcv6@TW*0H`D9Ay6hDgfjz>@Fg|mL_5xoE)5fH6^{Q(4*zJ zCpq+>hcRWiDV9P*GIcJV_tUbLwhjXratZ!JKynf+lnjUc==QvH;s~b6L?& zGSTBX;2H%LuBBP*Q00+E{O6j=isBFSgniq=#Rkz@>MF*MxD~`_`O`kZGjH34Uvtn< zZkIw2B4lqUMw>spJJpyh&(1*K&S*4L$gge%x)->_F{tZ~roNK+8T%>xV)*fXA@IJ9 zCY#~bQ6$==%0fh)Nnh5YW|5}1KW=^me#Jiy{tesd*VaUMqs8i}EZ0|%EQ%!Wvp%0n z`^!zytQ`#Z@j(p0?jc6epI|GJauLx@3o^u-eY-3q<90e%L8n>TTHA>x+V>sv*w!w6 zfVkIbfct{FoC3Y-z0RrTMogqA1M{c@g4DH?Nf^WfkL6x%;vX4U=wRN-b{PKv5(8BP zX&CoB1IIrYAcsu7)FjkxEo`EVq-kD2HmLL&$u;=@0P*kk{m?WmKJL;Bt0?CW#oUq{ z$UnM^oPL$rN|ntI#6OLnwco^_9_p7i`b4p5+B=dAvN>rRlbir};=V_RP`O*F?mp9Z zJkvhuT1g9UKaF~{;F2(_R>EJ*T@zx0`0d`Zqz@_v0f8MxYeUYdP*~KUTrNg)(zN4_ zJ*o z9{6S9T}#ATmCS)dEKRaJ9=XO1e@FiSvQPXGH$m|HdT)+?Jhiuo_2syR^jOXEq&OU? zPpxuPsbjJbKYl(P{6FxAfwb#=AHkj;vGB!=M-0R3w@Gzw1TNVLeLRgum`Xu7fSB7JkJ~HS>?e503s8_;_6SpHqamBnWqmx3}p{9T8m*%pZ*( zwx@{vUmezq@c#hq8a9_CrDUDK!=N}JdC9MZ<+q0L4N z9HU|ZYvg5IXCB;Egd!KhkaJqOA{#B*Y42C`@dE&hvK=^g3-zk#o!N}vN~%n} zk8YF@S(|;lOd%u+@tbcFc$N<1;{_DK>KvXG_RZX95qeYmMSKdQ}gM0d@# zvyM$=%)shWTVWp|BO9O!Q?CZKZ41vBd12V#{&W^X>J`jrN~tvgwwfeTzbXE73PrWEoWgD*B*>?+ zs`^dC-@C_gYWDXC*d>SF9f+XMot;V3_p3LQtf}fNk<>KE?xc{~sESoNz&ubtXj!$= z9#{mMz>#|9t;1&|OgP8&pqDF;yCNhmtAaZk%(uLs=Z#rjGx|_TPWCZw;qV)A=nqPQ zMVU%T8Q8wm0J7V&K-Uo5s<^-?bCXsqEh4*x+D1ij>p&P6)+Tw0jZrbwkK&;$U#tXQW?zOT2E+(;o>b9Q;OiOHQ+7`ah-(p?IS#=XMS=h2E?!BsIyL&Vb3x>~7O#o`ctKJ0?TepaH+>wIvd1EVr)LQP|OLZ7nF@jI7Yq8NT;nR0n%LG>l1~ZH@ zS2XR=-W1VmRMqFTw43Zv2^a!;;I&ENi^jjx?e!R>GF)yuj>4mZ&2qD*F*}%BR@7YF zX-^tzO2LyOzqM_6YvQNGO&`VpJc`OZZHCT_^AA zE1=_+<$WUN*2UwB`M4zQ-QKNUTluBl(Ll~yr)n%@qtx;L0Eiw6y77jMJ)MLxPjSm2 zag&fU{VU=>vFd(yqo?ZDf(x5>5f%z?&F!DUxoSl2qO>!t(@@jrktR~mGvyaQcDgBU z?+wb9i^{eufOF8-FEyFn7h)@o2I}s6JzC3EOD$5;PckW&<}3JjufM((d`h?Re~0wz zEq?Xq*Wp16wgxagyH&nxLpg@8PcmD0_ih{%=;g$NHB;}zKl(BfpbI;72PZ00-4pS(NQ2j@?1 zsLAGu8YVdy9jcCVrM$YcSVV{?X9K5lYZY~{k%D8~$B#o(J&EPk=4JMofyySaV zG`?B~nR4F4wPI1P4z;8UF$DHAHO78M&j9+GwQU@?TjYqd4D`)1tZiIav~jCA#(2gv zRiLx62=V=q48PtTMLU-jVmXl&O0u$$d-_*3a&1;uT&uUQy-8+EMHkH5dLPcHGb8O7 zBL@Q`iUFH8A}Et)RTnump(ABWLIa>3s-wAqQY)z=aK$jW^r-Ic9&?ZZUU5W=gt`T- zjl9a9VyZIp$mw2V2kTO5aVJ9;cCB>-1pwpTvtsc6q@kIvq*&Fn z$mbO@jljp(?O0m0ayVc)X-N}E$R^mJ;I4SA+7WY7)0!eNCg{P*Dlu46N|40S z#>`uiM^Y-On?qtt8RVCHERF~qj+NASSH!nEEz~yGPjPc>&$JwpN7U8xBHT}+^!-lS z`WW##k=Ne38(X>I1Id)OJ@HKCsS-xGX~PCm8~N9p_`68FyMkS=XZ|OLKER zW|Bl}a8$bY#b&{y-j@9=Hm95%EFtVJGdGA&3ZSJSq;EkBWel$3=BM#?Cnl&h-HcziL%3f)=R`Pku1U}?- zq;wnFL%U#3f?cBno@%zF<`!jDZR~mq%1cmWHfCv6iB?dj2Q}Sk8eE0}D*pM1$iV4P zVA)pw&&^2*bxAsWqPd+yS!`Fy-MJM(8;2yC-YUW{Vwvwqc$|k`YZraQ`h>AarHb|= zuhO>U17^}Wq9rG{WQnu8B76Gs04ARuGXv69ef*yyzD5h}FNKqlFeaykm=Zf>n& zu}zBt&Bj3-NSbQcA(hjol{1 zc>{YaZH!@hlU-C0T`De2G9Vw`Fll!*x{u<@l53|nFJGRhrGv2j~ zY%=Y&jjpe831mou@wrX_9;eo~6?E$tOF4B6sXIXvT$jup*nRe$R`PTs2 zYpha912H4lxUA(JNU}NmsDv`B$ab;&wXddyF&BnH&(7iL>}jaj(9P9m)MDTEcal7g z0UQHfGvbd5_?}$c-rHMh7NvJdBu&sB*yq%Du879Q%016KiB%+TEIMQ5D!_ujP;0Bx zyhkmZk-;8!V;r8Qn?%YdRpI5;rn-C8)-Dz!AY&7Ow;Ac2X1=Pn*RA2xkV)jT1rhBW z;M7V3jJhAl_P3&qSsmjDSzB{taNk<&wf_JY*y-L7)AZ|gYisz)*(XrM{{Z@{*ii0y z(`TJatwE{8mwJqXNx%dgJ`Cz+AbN;bk2nTRST-Hm> zRyv;s_)q>3Jw-Jg@m|}j`HLLr3JUb;ekp0bb)pSA6@arLk`5O>y-hH&wc%}g&&67$ z#+EN)fm9Ef+kv0uUlDwE_+{cG@kXV8;p-IEY{>BTKj1-Ocp36F@qu7h8;#fFV3`bS1r#{ zPaXLB*Te8>cajIV(;g7}qg<+XDQuAwEKjbyOP3WaTvmD}~tQfg%SA{>pF z^?f%_@b;)~l))-S&Abjm@!z*f`C8+|dU9V~h@(DPW3WCBbIn9!aahQ0R>o_Wj7|fO z`DPD4fUl$cBk=xhTHj98;WxI@#Ol$>8QR9Qim-b#+O?g3#FuZT=#y#RXjO0Dq^th4 zFLHfOYo_q;kG>oHHIzl-y(NFM?hfXGV-jF{Eo^ zD^G3aW9H9bKc#6+;wYuFw~6Hs96X>3I#l~U#<5Z#d#u~|k4a52qqj*Ek@ChAxIKk!9#1d+zL2LJ^e`qFS@dsngg0pS}z1?dfIbE3}$m8?nvg2OU4Gm;0X zuE)fFDYe#ZVX(Q=W|L42nBF+a1#{B?V!7uReMK2IeAV$%)5i0xaB0>oB8+X`2PQL| z{v$o>;SGBK0K{4+iS6UmBb{A|%BjfU@JRYrlu@FA?D}7gW4XD4E6JfP#Et+3!1eX6 zka*VVVxBk$*^|uRG5g?jBv(y=Q?c})fK9FTi8@~CR+nvc7{hH0$bD4yuav$Z{66s% z9wWKDg44{gVTFb?!+W1YSjskG$awatrAsXH*&jaE>fMK!q-`tp^{YC6j5R$qq0nCW z1(r)BWpG)(z4}vw=u~54*StTaSopfuc&EO!)8-Ak%wd2BwKv0$VW3@2r|Of&Pn(Z5 z00F=}R;8b5d^hkEJ~p*x(rx_tge8?2<8c1~CbP89hS$1hi~iR0$>gSCdvJ22{j7S{ zGJ1;0^c&v>$qnq$*m)~-NRA|tK>@u^c>L?+Ul)8n@lKnqYWAA-jIc)RS~*kzl6sZL zrDqvj!JJRSuK?QU+Um8keX=sl%#!js&T?zXd{1rtwc<@nPSTW}!b6dVA@Qv1=c{)zWZesb@c*i)% zB7sydd@$FvjZ?%H`gXGO+gvXNfca13UiacVn=LXOLrVKxBTkw!vP$DBi|TRdK`=fO z@t&70p0Nbp8k#H1Hp=A>%G~|oUGIjqoqq34k3+k(xQk)RZW+n;px!dE-S~S*xt(B_ zRJM)A^X5Q#ZMm+7KMiO$+K!=hr$anZOMsEcKH&$N3Y7aDR)uY8sLM8;Yvjc<6YMkT zn&JFer>=?pq?&}67P6??F~C#np41V|(DM5~2Y#L{?@`qNspg>-a3 zCzqYfKBtPOCRZWrdM)I-exQ@vjnO|0xZwS3w$!{k;*T0!F0rND+-b1DRiz0CWKO`J zYLX=z8=oBh8fvzm417J}9XPnV+;ckcpbT)tbnnG^CDa}O@z26NOHjJFk4^Z2XrUvL zG6LKY#vhEH^pha)ZwA=?pw7(`EM8{K!8vSq9@Y9+@T;EHmUk8+fV>YsVVIOxFTP$Sm3UbDp1C#hT*IBWJ2Ss=*E!TfRMgYDSUdzADtb z`?nSuNLcR7d~;YI4ZL@+_wbq>_%#xrGn|JFeW7Fw_)`NQ=tvYwWyZ-!FI($lhAeftHnHj@VnyYfRg7<)bx!$_87sDWJWtjxE$v-Jf}35bLJbH z)Re~8u!}jE5W{XZu;cmFogT*cwcFgdf(Bs8fso@JXpC%UchL0jhaa>zh5i|(_JQIZ zDBXGPR81AWSwJ}jTO3#EM}fRUqxi2)wY;~wXc4Xa@Y4LHfL!tKTJm-*@(I2+>2dr@ zweXIotlC&ZaHGoH4nt&)PfS-^@l(SVvuMq8JdiwF$P%yJma>#V#PPoY=!v9wlTX!r zJvE&7ODOZ=Cn8Rm$n~!G;^)G2@lKOztU4IAxLKMo0mAY1{VOLM4%*!O-|$j>Q!&d>7(bbn8p|%_-;8 zOo^n1mcy^fLLsC5Lp zg7V%#0g*}hIQOrYZZ+=FteGe(|=j{3ROD5EODL$ui z%uB~?4)u`^a0eugmGQ{)?X?^IE>xP@?g>nCMIhSCk7{w1f+_VfX7LpETD`Tjt}W1^ z8O{S_iuTU}UOnB$p9S5={7K?CaVf|E`d36+>Rgkt_G{>q4J0>(H5j5;_L$_1?pz+3 z9AiBzO)Rgq4LWbP7|rWOQSiJRj2g~l+3b9M@f-GV@d45NLE>ElP_taYq!htmc*&;g+8w`*G<{3L(~@JmQoV4YfH?mE3M^pH z$X^opYWKmuAk=gl>5@ykd0IA7er1dkw4Zvh;SUgx2zawa@f<-K*>0n2jOXrjJdeVW zy))~-iWYNc!@m@~EvQB%hUGOIN$t>)Z76WSW7J?*_0Rhg{?r<8?Qi=zcz4FHX=QKY zjVuc-V8r9*WEkC!qa|s(T#=3>H@JM{r z3or42dK!iVc8Jd+v5z1=)P?% zeCP42z&4&E@YbiHPO7NG?UoZL8?EJDcs;X^&lUN4Z80I+vn;>t#?ObkC7GUkfAv_Kn_6}#Y9#;ilQ*v zhCw`2D1u1dCJN1;Uuq(G41;48UVu;rx*$3Eun5V`Kr&o`_Xnj0@z~O~l0XI+DN~+n z^jH1~UHee~0K+MM*ggfg)+f4y;m?b+q-&8wAX|8(Vm8epo}dyl?V5=rwwe9<{4l-n z{+l}dHPdclHdjb>eHU@!RBxGCE^71E6*O4=9f_gvIaO3NZ5Sg`9Fnn z)p{BjUL4ljP1PPZlt+fb?HI^CjeUXOKM^LQXz;zWTHPdr51u4kSCxob+}fPaUY7pq z3puXieBln@I#))ibJj&;)Xl3r>9(ZgoM%(wQmxyj%S_ulj z%a8(!?26FxQk&rB=Z+N2dz_Ryvv`omC6ph^sbXGc4#HK-(0FjqsjmhJ6BTr z91=iUDU}>9RAcWSY7HYRnKl}RtESI1PZ{z_#xc^j=bQUUBUWR)_4c4*L!_;lZJSlS zxaO2yUBe&}NLg2rlh%MTbvwzYLdfJPJb-zq^!urjK!v2(03egrfI2_78;|vfq&FQq zQY1{Xq_B{xxbKPp=`Q2buAm=iSp5885!8M)$X{#f+$+)HjXmfP&mfJG|f$Rva*xU8SVI1%$La70A!w`ftJO! ztk&$_VOPd*dsj0htl`cTN@u7YXbTov*_tK?bWPuyub(dif6e^p0vYugL`w{WXFWjc zRG^L-XCgwwcYJ3a^bI4f(li^(;<3XT%9+Bq)7G>#%`Nn>kj$kVj8JsN9JDZ8JGd%# zj+ykXm%!c&@t?%aPRBv`d!k+I+N84ta~y0^70xoorv?Ie>&3j((;`pY#s?uE*1uQ$AK@Dh4cNn`X%=>x4v?cCX1864N4W3BbJU&mDpKfm z6UA=?qCGkg$GGWTeu?4qmos02-|SZ`-$OG_?c>r|#}}56^#Zw_M_5VJ{gef7;>~6U zIJ%-iy;@Aar>%0@zlj|qkk2xzFC&~2PR5XrQ^7o8@s~rgjjdAcY^Fj(yS7K^(!V(V zI{wvO8t^cd;`>>!)%uehGyJ3d<6SiA^fW&Se`ufEkHlL3r!}X9buT;3XHpT#iWDOt z`~G$LyRP`3S@ABpbFcV=P`lJ_p8-QT5yAle6zDncUZpB$HCndO6;@cT6zl;rllAwk z#q*WQ2Kh@Ky{o9;olfQTVxg5!&)@$5ty3xlRy(?$)KqqAbU3G-Hku9ox77(kP=Rw%{}ImbTr%Gl)eCIl72 zo+=+WM9PvkC#St55`EoHYmo5ykPAEA!LD zUN!M&jdeEGJV~m(<>_MJD;Ap)Nv&6IWiJgCmz*ug^6zC zoLosbQOce@>#Nc{IeB=>UKdEuan_)TGw6Q@_#)5uctjTf3>F=0+H}7Q$pVC7xpUj4 z25v`pr)bbxGC2WPJY-j3v0A4pbAdrOAoEaMDFbNyt6#{9Nc_Y&{Ae+g)Rm{*Xvr!A zxA=hVTx3@Ib&0GJ4QS*&E$CK#EBC#xsi0wl=a_%NHTPhu(uHCUQE?k9DZo z%N>-zXSh?to}Z0#lIVJ+#h8x)Zjg?Ltql$`?sAv%-02sPTWayV1&9Hgq0MXDO11$m zQHPb0md`=!S^G0XN_k%6%esPd)9$I_r2Av+Qz0#m`Jyp*0ng__HpVcjwMh5QZbS5S`6;A`7M^v;e4xrxFfYIb1cXfkGum(3Eq5#x1pvOGyMNMPAB3=#+4 zphF@OOSmMSTl#v|jDBXok}%!VGy#iyEAJ6FC0mU8R4`jZYZ;J`Pi}h92REy=<-;r4 zGRE7oc+N#@Y4_3GLmjo)M4N%=8iP4p+n-OiNPbpQM{bpZ*3JtAR*lC(IyC}=)Tei2 zD6;!hQ=pX?Zd~(mX6{ex2YcR!eXd2na`oM9r zf!Op*oj&Bl9LqWKSYo*SM@C>wkuwqQJJ2JR5#C$MRh5=MUs~1E=Phu8a(3i@lR%l! z>oM9iDI$NYBd9gzl6|1a%1!`1eW)j#oInUHBqu#o)r)ljmun5)longMh`evI;6nI4 ze~a3%blL9hCt*2K{OA3u0Mu)!noZ7u6!pbsTuE@3khQtZo^aXfC58KP#D>=;O)UZs;`e35@9g|0eGOwM~U8k@>U?7y{b5}AwMr{ zbf8u*>5>^7N5AB)*zRsLxeTzjQ=tTX>J6f-i09Vexs%KYs>7}ada*8`(^^Plk#_;W z&w6D=9#yY+%U`t;T0BtwlLbR<$^2`^wI38mr`)8|A(l6Nt+8@f-xQ5`4^OeMv%S-; zHBB>6j%#^WES=QW<%ExHHYp#{f@N)vk4>|_lIkhp3m^yPRwMvDtGm>u4+?Ay3XD)@ za#BW;=1k$U$sOw&`bJPDhzG}2pbXoMVZU}BF&`as(yYsKZF6cCa=Vz|=72bjUr)HT zoEXfHZrw3l{FZkwyoPc|p`Z;NKIY=u2Z82tx#VNLZdu&PE(SrzP)7!UI$bvADCG#~ zG2KsbS~n3}#O2~)&Jf(dn1^ZN-$3Mp@YKkCnVx z;psHX*;6iK>Iv!iSDvJAJ3K5o>AMw-w>v4w^S>E*ZC(q3Az>&71Re>mhrCy!&!TFv z>K4fRR!&NToae1!&83c%?s)IT{{V-&UyF1&{86SsFZ?8yj9ryD^M*2iJab<)=^BCZ zgb1b<2j@oNl==}_$&8;+Fk3^uCzv~)a0v>1YMR@mF}?o)+aS1KxiN*y|H9O z^Ga<8BoUwFMQq=c)K)3(oXs%6$Uc;jl|$J69{fSHk`&M-w7QQ|h!B$kcF4VffeXFRpIXv!>4NcExZ;Jyh>SPbF`8$00UYNP4j2l%L6LH1dsbB5Zb>%2>;W(GMVZKtLyt`az9xupt1 z(K1MWZp5CI#ob)V1?-#9O%OO!n$w+_xE4I=E)bA_6Ug?gy+R`#2H+3g0nepL2R|Ll z$sCcg@(4Mqo^wXbpc03SVvtykOk#B0*bH&)U1f~YSp&9h(KZhqr~|EsQ-)oFRNkE_ z^4r4?@8dfUp*?A(a8Ab^tldh!V*Kh!;fJMpwav`1T{E=D0QINJ%~XwBE9mFOXIT*T z&o!?tj82N`ap_9IC!ot{iFS@c0-lDqt+d$f(C#e6^vU4TF)}XLsbo=%Qd>nU1=>OF zk6LV~mo8MsM)mTWr`Ei)#rBDD6U-M5r>CtWR?bI7)$JBCmk~O~q=U~R-lfzp-r>BR zJz3D>@vP-8gE`GYD~~O_^&1Gm;<-7rX%S7zLc256b{`WWvKSCk^EF*q2mbM156x$_*m1H)pZ(DhFVc(rYrQfCjifs@W_=xsfg zSd!v0Hn0TX)hBI?=N_j=0z}9OZhMN=Z7Ra@(q(A8$%xtrY;8XEv5zV~dDrv{{UcFj z@>1g6oSfr~R#vTZXZBW)%6R7=Oi(^ld6ndIG?F?v35@z-%<*4J|@tg*Qc2p}GDUEQaMuH%W3ins%~>r4(h`%yFA z26+BrGIop#k**>Uvk3qobnieIUu?{zhhy6wwB1#n`qngwHiSI!){&<9{HGGKDG1R%Kcyf5o zOfAO;1Fd2;fM^;Jq_L-CQ_Orr;Ja(rW@zEHy50V@Q<0ygabw|i%UnYvOzaX+!NU+9 zgPv`lNqB3*+J2d8Mcu43e7NbK#+!ZNO)ly-yMpfK+UIiy3iwg!$4UYz?2qQZ!`dE? zsA!TRT-il>zbm0{oe!xU^Im`AzXq-DopQK==7K=0la1NWLHK^P>vJA@I6n`3G1YYq zLI@rNMrQrf7a(W)*L`{6TNaky$lu-DYW5Bp))v@9`Zs=+L`~T3JVEg$_R~Vrv~5mp z%DG8gV`~q8dePDT4Qd+W>E0!RWs^^tLKF^8(UbELoPYYLv6r<*4~zT_dExuWG}}!& zNJ_EfAC^S~p9P{J*Mb@5Q?Gg>IBA>mFTIu0^b4byy z8u-a_(!cK`XTlIj=skrYxb!~j{hoENhx7O@-p!iJOO6$HxiXB&Asq_+F<+YB8LcfO z@z$!=J|c>3Jl#CdTp$X=oDqZgQf=PkxHIYxgZ}^yKjAs>k0ZhcuU=eo9(GQ!Qwc>H>iLYuvexn8F$s|`n5x4MSI%z32w95Bdm zNaDU_@yEi?h*}oBEgQqv_VG9q2W2~COn(nNRVZ-Bltr93LbqUpFMgw;2Z@}x;zTo|tektfaGPTyNF0|?O3!6Zy zh1ceMbu0dRQgOKXQN7~di{1+G@@p~QX{~jtS~2+U>HTVB3lySYcyGa)ZlmHm2wHfpWPg(`KbiEeaF^kJpQK$Z_gCL( z2mxJ(@L6s2RewA7=}Wwu=|>`5A&Fe#3Mpys`U;p{E(KT(Hdc~}V&OCTf49m{96 zVPh)f9com;)SOV<_@Q+`mesXI55!LOlS~Szx)Yd|Ceh z3g+KS*Jqju?d4K_R4y60`Fe0`=Pw$3YPRt$p}J8N(<0$E@Tf7;vs8?nO8)=|{Bfr1 z8l}8ihLdk=2pIFCeeE`LoDa+Mu4ndu_-dXO_=%$YN$|9mjiX*PFkbBWR^B$_4m%vx z@;ixj&m5mY*QFYl#0$MaBp1e6WCI)6bM4of)-1M@ zMmC9g1T($FSyv>U4hUo3y^loIukWp%#^Ioz-^EowI93Od$26KNlu&SFORiYtZYiX<86$I8-m!!B>gB0orRx-b-xQ*KAq%!i&T#w_WuAPxV=Nd zej(Q&l2)45E42je>GF?Eo@rbaOBos+oz=YXY4>)eu1Fl5oDZ+9cJk>m>5C-IZ;(by zV>^ARjnuiw+W5lPOw@^FTeRK*PfyCdF4yArsiL&knmiE;XC7IKL6yh2$21E4P0tei zRlD(r!&!VGX7k(LnVLy)%x#g3VyS5V00aCRs{An;<&Lj+Ypum8LlU+llZ-ZT)bc2> zxvY7epTln%_!dYbxO+`UL6M1ybOiC~^&KnMqWJUw00@_Zue>RHrCmECmxkzNLJ|f* z^)wFX`5y91yNz1+U9m~l8>u|$R#Vd>x4jov*B3Sutf9<6WQFQ!H)52mV(9F$$>t@a z+!X+9&m%vNTJ_Hj+xTW3X46;x$&SlbKmaBpOP^ie(y1b)KF8?4!@rKU6GAk*`<*=8 zTU+^y=C}{FLEr<|{{XFCgQR%N!=DhYB)7cOtSx1EN;HxjfC%Y|u0x)EkI!$~f8pwQ zQ^X@s@b%1EmXzj1k)S^!a!%v^d)Jou1H^Z6XrI}4&kUqDELXp#di1Cw{R{JW4@>b? z%+9Fkagr3HkQAQeSJvMEyhW>MXub~dw43z%I0&=3QGmdnjDHT5q-SjnW9E3z?H%x6 zTJYzNw67a!SMuHXe^EYluaz&)8B>#zdSlbxy1S2#l11SQF9+%+r?|mkBeqDurlobM zsz(*@)8k!-h5UJ@MXf;J*q2i(%QKy;3uge9>CYAWDdg#XC(&(gbhL}?W*|~TJA|X2 zf6t{)E`+n<-y3`}(|_SMlEcK_9b=|l4c}~zFu_Nm_wQdF{7djH*TX*%q&64FQ`4tr zc-7bDfjW$zL&p^sB;K_6u=l`1l2~lD$2A5%@Yg71!;UHUUmh&0P@}!=G z{#4o`#}9GgKZiam(cpb(oi64%K4~LNmP~L*zH5!1&GaUc*G<%g#5;CJEO{H3w_fxo zU_EQ#*17Ql&s;!nXSmTAs!be+i2&(7MDg3j_Q!N+ z(E!P9!x;T*@=xM*o#nTQwdgN&tGzNvZdm|$_T&SM{)VR7no~SZ=3GiuhkPzO*HPfl z5nOm@#adRg6s-xtjnz*C^##3ZkWC+{z7*G@@fL?^u17k$+#r4iGJDrs1I-kN17qYB z$E^&=`B(Ou_k-anOuYkTK zlU(rbukh0E?9AKq3(EfhGoTq8e=JwsKk!T++A@FHclNTr_*>!w9hbuo7fl_#$euzH zJEM@T&jYCyc2?Bvr=vfv>+J^G%Hfg_9^Jyv3l2e3$RPVyw0J99p6gcnK;ff zisGn^PpEW@Z9C!@f;GPgY9iivu3%`2KRadq6YaXg*VXPs|`t}R0sl(p9jD6tjRMoh|Gg<^*se@aq{#SR1N{(Ni1c8M+$R{V?TO= z3Z8O;S1gXbvEHv+{n6%Q{7nY2G(>4I+E@n9Bhr=#3}u^tev}ql^AwG$ez-WRb~pO2 zi>he8F7U-(?6Dp>cJG9oAO`sjeBDJU3i7gKZ zmf79dg24ggiq2VzyCiwYY-IXZqfFwG)UPxF?07vh?Ny2UKKDS_PNN;D8KZ8>=^U6O9&w6nyJIFaT%70YL98D_+zK!l95_u{JE53;H`f#9vHd)*VE3JVU9bv*u^qunAmVZ{Hu~` z>7tGoT7o+bOa+(s=(*Z|hy&KWui>YSTHPbJzEnvM-N@=c$*y{|6OG1?vb-a6Wv*$r zHg9J0yCLNd+|PROkBOfTX3}h=y|G8SvWV_f3U>zYTy&$ZrjBPL@UzD<=pHW9bj#OY z>>IWS;j#)psQ&;xYwmqERgP4iAPC51+;fp${U~U0S7){8ej=5k7OXa*^sSv!O`IUO zMUq=~0P;9m={(sZoQ}ihW|7p!I%BO@ni2`xk_01@*w(R^Lq1k(=$ct3LafTnYjWaA z?Dmtn(Mjrh)tW&aBzEy@w#jfIOL=yH!A?QI{&fYummGVZGKXR6$E5`sT7}{B2oLv9 z&{Jb(Yj#&~Xv3+=EDU#@#PgHN)R8)n%R84I#({H{CXC1%VxG7j)cEa;VI6|{Pzpue zp|F8QeKEnPWk+bFO@wXs=|N^)tTGM8MZq6;9<^@W*f~i97e3u+B2u=5;^Ic1V@#7C@mcRv#CJRzu5r_Ng$rX-nr=}0RsTVd;3s;f_07K zK3U8A)!iD-YnYkYKIuH-rdt&a&sgxP&ut+Qp-dd+x?OJ3HB^GkMsBq^+hw$9GV?!W zQTbL9k=0E4pY~|~0D^jW{{Z5Krw@rfF5XAruLMINGHI=!wA>-&4nGS0zxZ?ThvE0a zi#t6#;lGA7{T2wV#k0;KUGsXeJwY{_nYS_Pme!W=11siPz0W4J?d&eEeRTo?GK@iaKwH(fq0H=a?ZmEz{^L;cp-Q*1i+)+*-4Emr=g7WE+)W8=Rl+?agma z9Su*$Puf%d3I*og-dlKn(ton~B%rrBX-;}RPX@ms{B`kb#a|F^?{7Bv%(2goG>*M4P0Q zkM~7>f_}>%@J?@!f3$~)blVtwJF9p{!qP@O>$|AR$PfO?J?k2k4WUT>sy}5v_$Ob& zU)f*7R!M2$ts7nOizpM`$sd?wY;r>$Nw3gNKSYWf7+^qEBOkj!a2CAE)eg8obXK=( zDFw%q=zCX1WgZBOsX6Ftic-0$u!2O~8FP+=Q<45s*dwv2Gnq1N11Zp))qA#7MP^Ze zbCcSFVzoGpZ(eA>bqn+Cf1P~eJn+vKIrYYV`%ha-nwbi zEa2jeWmJWa$T<2^+gPMdRC1jFCc0E?7cR*ckcHGMKVjCiG~G7$Q#g*&VsZiEvXrhT zx$RyS_Ju61=jF$1j+kCu?^se^S&+KXh z+e!|15mC(cG7+Gj$2f z*KQjHB|SxY4wK^uEUlAHokBa|Rk7ZZmvAn$)1!%6R#airJW@w0CU&tToSd4p?gh9Y zwve=pqF&!h&vX&W3~`Wi-k7XuEUh7gINECDlNh$CT%YGbGDOyzyT)EGEHa)stcmw4 zv1P#B)`K#%v80<_Uu%QGtBE7VgL4huvF~ad$rad|rLYGP^wZ~|sAXTL#H=+-grEL=Nh z(t^)k@Wz{J$n)WMuQ>FqUl5B+tEP!czBtVQb4K>}PFI1-%>dB}Mp)5^-8ndv|kVci0>Q!e%cka@*(*I16@aEz+;=|B}EcqWhl3}L$DRQ_Mt z%Zqu@&N@&8mXb?%aK2onC0uU$S6Y&ZQbgXR#{?Pxucp~Z*F_>j32rgi``1q{pL=Qq zl1K7ms68kdn&3vK=ZKJ>RtT|2NKF7#wZ(*a{NvAoU)(jONHtcWB4>l6HY@WFH&wu{_U3y1_HH)ju87>u) z?hr!xWceBy&rtBqmX~o2?Yn9bX_wnP!4E+MJfp9k#VCtY8u$ZjO3%BE0Ib*5{`Op~C7CU%aTUe9#7dQ_XLz zNZL=6ab>z)j4_;NKDB|YrO_W&e#bsPOJ6{< zhlVvYvDIxFB@P1z=suOv861^a_4kHv^vl~@18S+}05V5&UbJpo$VC>?Ap-$`u9)s{ zPjbDbuCCL_WFg`wI3t`=UTH5V-H?r*^|^zS9+uL=BV4N}9OJc1Z)$Ft;V7Yc0%#=2 z)Vx1+r-rzX_pyHvBc*UxQpS?Z!S-bL=qNTzLaNPYFhA)Kw2S;X=C$;#Q_c@&$^(YL zKB9v+26quA#0AM6hZWE2w~|9Jh+MYa!>Qt`GO-0~>!S^`i-3-scp&tz9@j5C^^!PA zABS4MXaye$+s?raC*Ln zXBEuv1Z@y=k^$*aX%>-L7L`}$2Olu3q_r8Ns7t3!0tQrBK*`9jKh&p0Sr*(X#!h~< z0CEyX4c74P7DeO?RX1^J;V{fI>C&noXWk)@5gW(@e7`8k&#hk`5=gY?yk;{G;#1m% zV?{paI|LTCg#=NU)E+qGSE~41#P=3tLN5!%c-q|YTBz6@&v(+V(rDwA-8y9RTQ8~o zog|Vc!01nEW@nc8t5}w1JD6?GK^^PFwS7wZ?qz{wP=Js~9cpE;7qne2Yy8D0%!Bxk zVOMVaEft%{;pCk#F~$I{c?~-pZN`{|-w|YTGmLGlne@5iMHcP*z;X}05siTDJQd*` zV_Lhjd*n!EQc!K-aC_v}(Dq&uiYSaTNfO971P&UtI3 zKeOI9D<*n%9M&YUtf)+E2tCiG0*s0DjUwtsB~e@!ATeCzS5%%HxrL9Lw1P4K9ch+9 zb7608p{}71Cn`H*isJ888N@NU4n{B!NWZZyh? zq(O6VueFtvpG?{wmTt8uOw{`)gH!CRox&=dEjK)|zjUBX|@M^A10) zTDdwF^(`_Wo1%@Ay>ho#H?fDeR#!khIU=h|YC|j9-&{bu3~vy}r&`Xq)C>zY<}Vg< zOYwtKZEPb2b##=-k+%2jGt#{0#TVBo?-Yz$A~JJZ8`71ILq=Um?@Z}9jvV~T8-`l; zeG=uOMcnPMj2!l)*{`%a>qu=HAu4QS$qWyA@=uAL0JYTY;JMN#meWvTM<6o(UX?0J z;q4Azz#bLXH0?oKR(PY28*-fi2d#ZEr%eP-_Vu-7Cu^c{!0lD-4WlcXudKnS z!j|8=k7&;Ayr0InooQOxnn+49$ie>r8ac;vlWTdk5_gpcILH;(=(=QS9^0V{oZw@P zv?-ZNS2VR7Gi?C!W)8ULo-tf>-cmwiNo53_@M_Iz^hfhQrD&RVf^F_T*B9E#>}L&~ z;Cr66h2z_qRJ@uj&hGnKbYX*zxSH5`4^G?*}NhQ;ux78X`B(iP8NH7OD`cPq3q2b;+(6n7!5X8n`>l?j&W3WHHvTM!$G2-~4a`k60K*Yk0QrwR z=j&Y+u8Ss{qhE`dtZ!so2@u8@wgJf=-~DRJP&%n!W0mmzkASs53~I|TZL=K5aS;Ci zRQV$ZJ+f=(-G9MX-WQTD5sgRf`exRP%Vr&Okl&RNcF^jAM!$y^!%_P-tz|q{H*v8C zVc~f0Yja=L?dP{q6hPcYGxIhB5Nkt3t)XL2@f*VuLm3F}ySCIi=fn+KV+FmuX6{)2 zMMrFWpi<;O+3sEh@hoReg4S!utna?ee88ZPUmd-xl-9fhbK=RZFIH;=5Y54oJ;lN6 zfu1QkWb1S6FNafEXdV!QMwa5?-Wc}61~IsGC-4>X7sRiKJ|Xcv-lJ-;xU#dEp^hw` zqrYL!MP2U zwmqv;nag{b_I7sP6LkBHFG9LaKIUlMVxB@&qYUtUI#ik+<^KSItnM_;Xq(xUJdpX_ zpKoew;M}9ksTn8~JQxkVX__eb6vX zAm%#{iB_Hp_^IMcePd9t(|+iJM~OlS6m@3mGw)vz{80FRqWF8n=`V&=UrTM}92~kF zkOB1^e=5rIOpj<_+IU9t;!7QN*5-RFlsgehoJc!@KPvPq>3l_bZlXx!^2(}`2S6&| z`Vgnk^ZRXHSoL$K$vhya`BmQ!ob@2~uT}VQ@iSELUcS0~CL5P#V(R4WWzT$d>rKSC z`JRd6UyV>}+UAuF&G@mu5&1D&#lk*2{eQ&PPl&uds@WgyLkiq^(1vvg7-053^$s>P zZpVUnHvHW9lUUI*x?IL$6#+lI7~`j{QSpV2ucvsKEUwB$=HcRt%Q=r7dH2m)3+rPt z@5ef>g*1>_+gy2Ypk{rHe=L0~&^!VARqHymF!(E9vW1+uYiSod(Fy3;tBh_l(|$JG z>$g4>(n4w$ms&J(?zljujAe&P_=jGEX`WoVHTxS@3K};bb-UA1&<|1gaF0F3zNMu+ zsec&?N^z0tgT;P>Hkogz_*%)lOKESYY162RWMl*}^gjLSS`$aa-xRF$&j5J1Xx3ME zSN<5eK+v#|vRivLdU{t~;TyY0j3YF1NZ8wo=4q08SBi9B1zhPc&#JH4?~1C&BE|qc zx_Z~do-ELWT9x#6@RW?mN^b7H^d`j_TSjwGS|m>-P)HtSUtzgZgBTHX1cz;_TURMjN4vzk9IXdtgZr@!cHsMY*Y;B7*9^px=xo}aEfq9nDD z;Ii-w7VTBa%w%->_rn={9pT2;+Trlqa*j7=Bd9#_#d)8@9d=7U8(GI;VlJHA1|$$c zU`BZQR5502e2 zSlF1|oF=Co)RDtA)REcUIXK(=IPaWR=8LLFcWC-frws3M%koI4<0KyWKh~(IBKO3P6G`xn z8;u9WjRo4<$|Ell?%Yp8r_k4=_*cXK00=%Ld^(3wy^m(E=We(XI2comV0JVQmqWn5 zEci~>!TP$gy0|Uu^p?ggU6mB@NL91OC8=wkdw_`Bi18~i^S zMv-wW(_7Ad&+~H#KX?P~Yvmng=lgmz`y5_N#-=>PFvN`HpMJlURAX~k%Ey~)R#zIE z+vpIMo=KYx<{lRv2|rv{^cVXL>Q^>j2rRrM;wv2QXqQiZVGU-#@`O`rr!uxP>o-!$reQEFyRSAAAH4-O;IAu8F9`)~jG4VuJ z-YC$T&NYuscM&tjgn-!NBc8sryMd3T1yh$okAwBr z&^3!4Y7%0a)?Ms#jIVK;`gh{in|I=!14{Uf;hVW5)BqRub3mgp+@~rsJrCzeyB$%U z)<3eJ_$N2*A!GYge#ia;)+D)xvkjRFC$58vL--p=(>IhwlRdVtBfwrpB9M@9@oWH3F)r3Y0ckJg{~BB$+_ zs{Y6ywwH%|9pXJ|;?v;Q#2bavH4!YEZS3!e+XM1&Gs2VZYyA}9hAYiEL^Fx)*+jPU z4nv_C2Q{5#q1wBgcBgIzCj@R&>0dMaWAMS%v^`SJ3oCoOJGJ@Mm!l4c>&g7<%xKPA zpPIK?cBO4`e{bYVVXEn_W0pA=4Y!;(BalXG@lXB=U;8jeucfDrd@ZLyuz5ywl(8yg zIozke9-h@udXRrUExTpJQn6X!m7$jiR68lgMtfF5MZQAgr#-vZp-r5X7NF5fIA~E- zn;7T4H}}!1MvBD{bDGq`NRC$rZcr1DLG-93awJp9W7>l_%Eiw-?pVTx>yy(I?lP=| zZ#>Xz856@M)+CHJYVa)J6>phNNI%6v+f4hD{t3VPTlkCiF#W2$9pW7$RCqoc_?G$| zH^o|Pr#9~!e5*Lm-DD)3{YOG;`}O!uYvH+ovxwq7MxVq}sO?u>uDx%@(k{{TL(+mH5lz5STKXboFa z(`+v7JOSc4zTIVTsCGwi=l8JZr^?x`cfE@~Y}R}?XRT?sm#aO!jr3?430@`jA6oMr zGUjV5wzqi()jLKwHP0u|sGoFv2iHVb5tW`zvf?wj_{Dum;@vvnSWeAlZ!9HP0_qC5 zAoR_7ZcRHISp3QH1&zj^uU|){g&QY#O~*K5Nx=MT?@xvkTx%W}(qNJN``A-;!vXhm zjz7<>d$?+sin+^L2fA2UeU3Q4cwCM~Yt=0LTRqm6bjzsWc0dGV0gyT3yQ1!SvW<>H zX&t9#z*PseU$Ad6!faL`^dpM2jLx>kB}Xk7O!{`LEmH4nj}xe2*BI$rfvw?7=ZLzM zK3?y@)Se)|7V*jUXnh;*tpqj=Z4B2o5YjA(8a zdyyKIRwt!uy_t=JNEdu(s5s3#n^>)Ld?#gM71(#~YoESWX#|9_q3MItfU#mI<#-Cl zH<8C9lk}l1Zc+&(l}YCtM_LI{?seW8@T=DKxloIE?>>!l3(t@L|U6r5!g_4TjV&x1d)Kf}+2vZkkd zcL$FASCo)m%AuiGz$a?{zlw{E_hLnEAe0Am+cYbFCE<9+@`IlK^@DNGBfk-)7#*u>(o2wq0_-2%1FZtFr)_5v%ogTY)mxvN*V4X~_#OK*d`$hI zb$dN4!1@-U7My26E~zE68)QuU-1pDJm+rje&w(zxLt3=Q_RK-FiN+}!Rtkhp-lOY;uq}$;17k5c^{1L8sAip zA}C21mAwxj{#E%K@x%7W@z=#2Ze2IS*7lws&|}PLA~D=o9f$au-kl?BSosI+FFfyc zdpx(d48__>31ZFMjNVy2Qaa%9j9F;a<~i zrfHIC$Rja}f!h^@jLM4?s=_^)3;e4_`qnW7eGM;~?>j;=7Fw z3tP?Ud9Z(Rh@cD8+{hj5+1Zs&0Ud>GY4+Z5RWcWEZo+^q+SopyaD2CEZP@f<(xlYy zEs|wTyBv&+3f3)whjD&c)pLhmN|rl|iP&ypNT+sXCiXP#Wp#W@_YZ$czi|*@nA|$` zswA$KPU@vc9@R5g$m%?>&DinMfeUQEXKjRT=a6cR?0aT1!n+AP&;?0eRx7mU*A<^} zd2$d(AYA_dF+d5Y-EEL5;Tx~DZY0XmG)mcO0E*#?;Yh=E9`zeWE_}Z_2+J?sY;>Sj z*5&c1?tnh?f!o%ymescstDF-+%jN{TwJ77}9CO;JMQ+yQ>~EM*1(>ycQp+)`N{V`w z;2P%SzP*=GGD#z+JqY5M8%aA&km_7?$fS!;2{soyThfplscS8=5gHakG19p$LfMeH zMQz#qGeDX!1dr{VQK@-ap zx&Q$necBBI3pwugO9jTzPI(#Pt!hyS(Ib&SkPLL|KoMBRk-}6kLC;!bmc$dvy0@hO zZfVwsPeC%PI%o2(Tf|1u5ZzZ)g6B68+lzehw0hS+X><08h<(U2 zf$u=gn~2ibZwJgzP%ECE{wso|P;LVp3JOsxm5I*cIq&UOSzTg3DhQ8aJ5v+fj@g7n zE0N_NL0eXl#S<}ze67tP8s1Y73W9j378{Q^2;2<*bO4tY*GLIwE`Pe!lX9@Cr^$!( zpbV=mP6@80w+k$8r(xc>-Sn=S$smemWXxIX??4yzDD3vD#xU*I+}0=dX}HRqY|c6D zKoZN~{{Sl4<}$3RqdfXo4K-h1G^nF_*3Oun^^cB^Gm$&o~t*9byHoR@!P7h4i8F_M>95Xf5 zw?M<3iu30lr%XR}rY)xEyX#-v^q;mq?z*G?Q|=o`CkRMiMzE0_C97u5;&surAYq z$oCb4tLY3dEecMJ_f&92Z_T04DD-DFKAU-Lk|_lke|>TJR<@O>HIx`~u2_GZ)=bh7 zJj3GDdX}N1Uh7(NJ=Ujf7Gh3YAa*0tz8~>kw?3xgV{K@Xq+mM0n|8NydUIU0Vt2wv zpK14(EvY03(!7nx$orzbf9%mTR*$J)C8TUX+*dgKD~YX5PJ3nUldM>Hi$T6syR(Rh{ppfrNf*ukRENK4aIlYZ)UcQ$Eo6VdKfIrGsgE zh=YK`I4fUzX+9K8V$ zI?g=QZWec zxK)jjfFSjtXw%kZ4P*9*U}tRn%snfC{@F=fq-f|t`G=(`E0^sJc;M4DSd5WgK+**} z)tdw##=QGfv65o(*+^Z$z|CdK%1^n;4JT26mzWr3qUcW)1iR)>PUe$c3OPG%ZS60e zVwf`{a;!H3Yr41b72LL?5ukI!DvXK%$5^J7-YKCu&lu=wgH4{!X7budTO%q@6}TM+ zpW-{~Rw`#`z~kjS99HChFxKu;YjH9KTf2#r8QuJ`!CsYvaRh#Ix-XZW zY8vPw&Y5|rSWbMm605HO_pYk8LE|sMb zs4B<|=v+1r@Q+G-j1PO$V2;iPmH?=FjyU`(kk_x|xCrYCL<#4;YLFbKi|?nri3(5q z)oyv@is56|=D37d-za#KD}%@)fGb$7j-Kl@Hn0a)-GIGKX=}Q^p7zkp7BrZySYz(c zGsf@r^=X1fu^ovS2Dr^aYq+mSXxo26b6nD3SX=4s!b`EGOme=p)Y!>mc!AR3MTN;w zc^=iDGc%M!L;TCCSk_}<07>tF*fvMYnYl_3H-o=IR}C7 zRwwZl?VBuff21(rjP5;+b1|>lu3B^@o2ErO0Z+spAA88N zaSMFBZVOquMUK=86otU+){q*qX!o}B!!%%sU(|J}ZnS5hSPx`4Z}GHyk2%xmeI?QN!eZJ>}qJ$-8VyBE|=PhYwSz;7dN2=yM-#6>K(R}Ct= zjlXyk$2A1XCtYVMs;IbO(;S+~)GVQqWQ>%MlhF2{gPM;`OG!zF74tLc)}z$CIUc7A zS^bZ6*d!7;trYv3#TeQ*!x`<-pHF8( zpSn|=9Gv}Yb4~Fa8idPXcO2HE`^+*w56YBd+{Q^763e4RS~j{6Ie(C_`}HlP@F;IF zf|2dku3H(9>kxgS4c4x)N^#2!@m%zF+J>JQV{o&EV%X0rD-&pJPiLr$w0wD(R>8<4 zHM0{#au;J|Gl~l|V$%ea#XG-22rV0SbKp*%(fgvJ^*CwCO&X&Y|i zDiD6~G#N~udyAKlLz5sQ7z3qa$)?>2H^=t@#@uzSl#Qvg`B}f$biGGHy|%a>RL~(| zAjv-4ee2$IKMuv?ZwG0b(X+STY=KOQ!5M%V%P({O7405mmWGX&i8RY-VbksAd5msU zfIw9~{{WGynqpu0raPPXEXcQm%vWvs3KWr?`{IL|r86SJ(%$1#8l}4lWy-6eIf#&Z zuS)N{Y2wcW>RtfU{4mpBSzOB(F}4h8Am~u_UnZb59HoO{*37fa!NR>I=*PmQBEC0&smr zWZtI$)<7x0Jf!bq!u&_!JAE(0_Zp@3%n?N6%JUrHp1kp2CTMWW7mBZZmX2*aNC7ev zh9BMsABAdNI*k1U_z!R4J$uEPbUJg|L8_oZat;pRlhcm=mGnRD(c!7|Uxqqnx#0_G zPzPe;8Ts>#xatQ=iA3v!&&iEL;=jaeKMUCZ0BBum5Z=c!hf$C=1Hb_CI@i%UFO75$ z9QZohP=POP_3L#BI!%m|p1;bgl^b&$wz1=x?U5}ODJ2n*nc8p`wuG8oxt$p)wX5Q{^ZC z!N;k^21kbYTg0P6xxTkQV_TS~C~}=}PaM~EuIhhjvYuOenXIRgOAI~&G0qB#ZJNbh zYH55k_=4J1l$s8sdvmS1+=Aj+d4-Q(%Dp-vqQj=#YC4tNSF>aY_dfu84_ZT%dmc@% zd`q@3J*JF`5+)xnTpsv8(!H0#{{R-O^l@vYYx+mpt*(HE8Bh$XA6_#;re(>grQ&-p zhLSXzweFb}wf;GszzhH%F5i6DiNN|%)%%@b{>$*qrlNH;y_s^23Hg`|ccfBRRy=n909@0XT!T{6perQO5=tjl z{43ItuDnTg6~)Alb#$O7&G)b>Wv0b7*nX?2Xub`YeZNghn4P?)Nf#iK{o~ra3*ugq zy1mpsB=A<8bnRgXRZDY(QIYG`oMqI9%uJpy*8D@J!C|RQIJ!_4L6QqFSjOe=iNpW!VUnDCJU(&nph`$m1d#7rG%SE0v zusft{m|U`<#~VgPDKu%$j~bs$@t&t`rR!I6U23-XQ!_k(Z}NHmFHURGWxGuyN=Z`g zcrPP3+NwV8JD;sU`O(r@_}54AR)KA8dvS3Vr)c1W>E;~gC+U${zA%cw_*Uaof;)LH zqH%^V^A0*~sc|AwJoCa=ej3*`2xPd0BD((oR_BEZeNA>=Ch*OyUuL_|uGHIvEX17T zjPdQ#l8Zo_NW@Fm*YvwvYlcTi)uL8a8R~kT^@pYWCe!>^1+~_oWVY1p?#{-Djk3p* zFxlzasJPVVeJ`#2A@HV;;oTDcJJ@u6LNYwrqm%DvfCw4L?O!E)L-4dR_=4{4&hl58 zVhV(CPjKVYwNjHR=c4#;aGcy>T8Rn^quLU_$9+fy<< zO*CumdfQO8xM;2fLLIxX7!KI)>s>$G_*o96 zbl00%RoYX%^ffvYeurmc2E6(t zpKQ9{3byukAx1k?8Xm1atp&tz!7^S(?4V~M&~dn8l94fe&RHMqT;_>H> zWbkgG;7h0zQqV3i0Fo~2Y8oerlSkAopGV%=jI>2CpzuNI(!K0> zgIF3|_L4(usVjjF=IW`(Ao_tpo3ZB7S~_2}5v+*{IM{$=oPND)u8Zs%WN^tffrZ;K zw5RUm=bvh6*k=)^d^Yiii9Br9z8N>Za>QnaZ!0j*+yS4Zec|w8+r^D%JUWz`u8-m? zJ*#zYvJeJ1#@?O9bV8~n`5ONK8oy{*JR9Lf(r#|Z-=pO#*{JhP2|Ju8!izWYCx#bfI)5&Rm|{vGHx-X!qar1tW}l1&>n*$z`XfEADMlg0MB=B0C{ z>k}$TwE0aZUEZIVG}00E#)Sm-(yTJtyFf<{IRdypj(-lU{B_|uq0?cK>&5WHB(Suy zVkQ6+gWot65{<^0_=viOp%wkb#FpmF!z)JVoRoDqBlNDXSMfd9iR~>CRbM(7$Xp&+ zdYTk0ZPQa5L-8HwhIM^6RkM+h+Rm>iUZ8it{A=|?!2T|?@g|w4T|(e*k93$HDzWsc zF+CzLl!F;K&tF>kWA>`>Dr*`fJ~#U^`Sy$vqm41<3>-fnPJWabt|X}sHuYlb-ix#QS>jSX}G1PUcV~m@^)};($=*j>r27($~c|nkBiouqM{>SmFfS zTQMW|gSh~ndf;{9z7P1b@V`s(u7Q2wxS)n>E2!G)#D@e%+ez9;^&EaxnhsO>4*jaW z3{CKt;(oQ{+pVU9bjD(>oGiIH$6=cJbU@O-k^-ye)DPCXDZ8Tzu_{XP?=l9DcTNXN zuFh~uvD|n(^{%vW%VL{Hxs^F9obozSHUg(x~M%b;mSGSOFQm2g9mr)ubyjp@owo|$0i0x(W zMSnFP@Lhk|i(S=z9ZjzIO3KFX!Z%VKR@quGA5FVl83Ga5j&a*P@m!Ne=kk}~7Pi#v zE$waynG}SOMtR`i_4-$zc&k9L(zUHY^zm~ow(ZJXVS@YCGThQJJ3ofM5n}Mpp>CIw z#{d$3?|HyJ#=hbo5N*6wrrD*10_!-C*opUN)T$YVa;(qU?YNipD&YweAB4HH6Zcoz{iQ=dkW?>YW zO!WhUS`=}tt`zSLxE_M1wuz_05JKjHWqyX;v}qP%WaJ*C;EK%D6*rx%QS-p;v>2K2 zNj~x!&fi@1ttiKs*^H3b$KgO38m*<)-O&~!I5-s*n_Y)rFv;@ZZ6bg>2tHRFV~%<0 zRxNIP*-TDw6z7V{QW`8hp66y&J5PGfFnyaXBQlKRnuBt>wYQqmENBm{T{6pkEEeGd zvH3v*x4jLNqS?O(gWlB)@*G6m;~do{(;|-J8${4`>AIX$Pl0>b;?=ibv}e_k?^is^~V*X`UU?v{-GBBoM<0K^poD zR(6>XSjC)hkt&_FEsWUPC6uU_jg|B@B=g8l^{m|CxhEf(BePk9tp#F5l;MST6^kBnMXoL|}cY|9ntZK1ae=A2{E8^$(2 zJN`3%(>@yTl)92@x}AA zfx@Zdj+Hb;mm7;K^c2ns%b|K5+!h&8#ZGO!?Z+7O=7T2t8{Rv{u=xw@NJKVejaH0b(WeUQ7ec-`G+0GI`^&`wGR4lJ$?;7 zI0D5I{KMt;t$QsQ#KuW6u=cJQ$k^TcH;|x4pvF3kbfs&cp#m?rHG!O^*tE=c7D1NB z6`KXyvynIvws@dXjmo!ri~zE$tZq33n#8)-r)b(cb`#D&g+@vIDWr5lCxUqU;@5=y zFQjT3w}>_CEhbxb!@}}`BYg#aT6|;uySzcECZ(kOIbj;3`Au+8pg%*7O>GKhr|0&s z;_ni8r&NA=RBSOnjw`aAI~mRNCb&S1HhkC_sco(2oH(~u zljt)}a_DAvz8ml>>T)5wSppG^V;ME{Mv34NX9`0dtWL-WE!5XEn9oYlyg3Bmto9%x zHs6?FSD;zwme#vUMHfsA4wa0h&{sB=(bR()oxe`?zoWp-xh34Z^%OypO7vCb=^dmFDi?GZXj2|4T1tw=@|xf)#$ zB4|?P76d$QGOR1Xt-ogf0ETh+u=vAIhT})orET-9V+ifjJReHYNXg5g>Q?>-u&}y& zi%r`Un3 z^*ifGQaNBMTcaqiJk|U_?K&(+V9#??Ct}nrXI$!6rU3AgWE}C{nf<8uc0k=k*~fF5 z#G?*L5#W+Ih}uE#(x%ZM49cwK)Nz7&qz6Mjnu2*Gjy^cYy>z;Nmn3S5g>k^=p{9@* zmI+pNNtA{ssjW!kxYONaJgD^UDwG%tHmuSxE0jLfoa;Q-3i6h5(M@QTfV-&Jq)QFl zYOS{dO!oR#ZT_iY4XVhqM+0OPqNvGT|+L0X_o;%P_DkAz*#8N9)szSTCRq}t1FCbwbcf%5}Ejzjx4clqETIQ)%iT3eXHw8Lz`c05o8Yq=zO zhQh7^>5AC1Wpw+WT#5j_Gq6FG8*zX|bJE<;1cYrH37`i>bMuZqQaQy^p8c)mX*QV< zap{Txy#}>!Bo7nBu1`WcR$cl-Al|1Oa7SZ69OQD|#dH=qe|AsIGhMBmlPHc?IplSq z4^CZ6PM1wbD4u8?FsM-CU_Qt6FGCSsiB<-Q)lglYA-!l++H45L!)P_bKjRIFJ zB)@FhN#q<>(XfJOLNbh=qtb&wv7Xx3b+}?N(;cb}LgqP~ETnVI068L42#6sonpmN5 z>Z9*xr2upfsreR-1Hzz%KSNyPA7Rut{ifKvgOFH#+6Gy+wz0OAWf6p#P64Lh1-O05 zv@kRXWVW&`va&_Jhg@|vl^ifdER4yp^&=D#w=gfK#O5%Y(4We#z_#k7<7;Otj+7KS zOr#7*X(2JmJP9vC z3C3yIsYIg$2oa((ZaK&}&2*YosF9UeoujTP5o4&9IH5%5SKHOqO9OOC+ypwNO{ zKh9^FRIE%e!#q}X{gtG4azOUc6R?1B_kHLtGO^&=^@W$1N=dds)oYlFc%WuU2G3*D z6dFcXIByu}kZV><+H5fkfI#_9S^X2>JWXA+HWnlj0n%E^q}aD$I9Qd z4~8FFx3}@8n{Nfv`5{@Yhfpz<$FCoqe6ekCC5amhQy3w-&{c<|P`kK>F}$4cbDwJ7 zZ9eK$jINpFOpCYzfM@Gm)h;8pO(9{^qQ$+k78{P=U!`sMVl=k5Yg?Gv(fEyf3|F60 zM)BD0EbO3FZ?nj%>~KSWDkK;7izNDViEntEp(o`gl{pOhN8wkEW$_M{@M=>>YpYuy zCPh#{Z-1vx&b;=y(qWM-ZUfCMk&pF#cmo{rDrU5?y)(f4ISjC@GER3-fw+N!YtSZ_`&tOZ zag~-MfC=wjWY(udb|`;k>QOj~_R>oxBXBM_BD)WToO`{JcEPB zPC==N+US0vcw5KTQ#=}tlq&)-Qu|5UoD84OHToCuZ{j75&8V`T2wfcGaU7}j710-C znsm=@@f?%s^2c#$I>`pmz{kkx-n4u@;%POL9i8NXrBD@4YpM+5sRMfd082}Eb=}E5 zLF-)X`Yo*Nvk4?ghX+0DQ7H> zxEhJ_m67+T=)~7!FNfedQGrY0M%{qtim1CAMqQ7XHN6^34SM2uZf_%3!uf3ErUCTn zn%B|bMV~Su^FhviXy!KNJu+QM?ex;jq_1ARE1c5&PM2m#(1{A1VTDO9Mx*LhaxaxE zIFz0Vtc#m`GPnU{&q8|8W^GuA;&CFeFN`;#uHMd1HX=%IT=9;y8PqSWw%!Kqx$WAz zO(HjC@|Wg7cm{(roAFkxbi7*>kVxEu7a$7pol?>(=aN@^GajliMF3X1mg>t*Xp-S} z5w%NquPjLKV4KsFV;l8#kCRm&hcs+iVM%LZZaNA6= z@JKxISd81&^$i}v-6vaem>n@(wwdDHJ5jodO(t``HY(dsMh1XAlTVr(%U3rmzI-0t zPu96;w?V2RFjbFtZn&V%O{3g&xNYui;tV%oaf-;)G`JvFm1Dza@Sv!>o%wYVO0GnCd7f%ZF2F)qK=oRO1Y%ipcRT&Ay>v;RNwrbQ?bIC@wL% z^8T|IisRK>SlmS=lI4P&@86!@)cs$_nw^cfI=Z=ipqT;^bJMpqJc#IwQM;t;7nd+B z(#Xvo=(y=VqGfy)JNy-nq&q|I{6cH&C z6)T=I*Xuy;Q4*xZ0F-mk=dDy|?@aCcm1{6Fka=U?fVhU<-f-kMlzWCXn>~s#M~ClY z3`cqb<)LXbsxX;MkF7RaS>kc#AYL<&bImTIGHvc5YpsT5^A)jMA}OQ2^F+?dIt+14 zY1rG5ZUUpDFi^uI*0Hr$Nt795R+V}Y!KQ1>aPv(Rllg3ntW~^IULK*P!1N=O9 ztAc5nGjmSUt$d=B!5hd4JK1x|s~4JlK3Q0bm2P@+DyD=|w)5dKLxh=m10$tpOJebo zfH5SJtjE;mv*l*7dK51#XIR6=tsKMCy=!QQkG9@$G1RtjO(hb}`q~R-RZgqWRvx3_ zYYBA-?=ZN?+&3TPS|}oU&1?Sv59y6%6t?TPYVuD!`&SCuUDR%YP|l@~E5OA$N3jx> z%1sG|M~+fsml+M*dsZ~F$sEAqM_g1C@58f+|X!DBN&&XJXoKO;1Rh88s<~2*wiDs@i*2Q7*Kc)w7NIQa zVJMK9wqml(BE`{9UJ~H^m!@=79&F_b8rH^xB zJ&T10zxA(5kHisc-V4)?p?fZ(WrO5hz=%8Kj>OQ2XyJ72BEhF<9$1~qmQ(NOYYR~D z^|Z+(*jQy(-lHTIB8Kczk=*zK?HUQ~wMbSt(6+|FEKh9vaaz9;ya_#zg-4I=1W%^B ztSuS<83@ivAFU}$!OVFl!>Mjs>Rm?InRKYtmE33LeDo&1!_u|QLf=e=Z8G&0M~gghs9R4o?Xr7NhkS9TD&5U_0$g~y&r`V7p`L4X}{v!N6@wdWH7hL#zRE|AH z8HVdCnDD7^zKfbUwXl-tYy2`@cf-ChvGGv3zSD$!%?9E7(mHdR{a^8i?E|FU{5OZ~ z`g>|t@<59zlMcpJA2!j?uUclwbUqu@G%pAIK+@-tq_xxJA*6zCg^yrIsIE8RcY+ah zc;nY~8<_3l%0H5$Y@G1KeJB~~mtGF=gr5*?H2pVFO;b$U<~(i0rvzt@VoiN>5A1#5 zEks-EdOKcOqX5fwdp2>n50n6VWY7o0KOKA`o(k0E(3RqJUCOMFlE7n-dH!|6=-(Xv zA?Vs}ouNUgTK$p}wmBU)Ka_f{0_8+{&w%`AtZTYHuc6u4Yu2~wB@n_!?b+o>^{>19 z3-D)0)x0Znr}&#lYdL3#D3#*NLc_Q@;(?zi>i+<)kCh zNHwYBk4Un_%KO5o+(7iFa(UJ4a~}~r8?0*DJNeII zf=IGRHlbXQFg<8fv0TW}@kf9^wC<&jDLlD?loBcA3i8WMGgI*JI(^QgJ@1ypGj!TM zl#>!?vUncC-g}n0TX&i>9#l4V^gNGx_I(~}Yb{pF>I)$D(UmfxINj!IBQOnTDv(7CwNG)~$ z03z+Y*?|R!1$SWcir&|CHQi?v5uvnf;feXG&{(af-@KB^1Z1%o`A4l^lUBY#b8B$S zRY?U&{S5+Wq2aF=YML$JlHT@dt^UxVphv>KNC8cI@5TQB1qQIwd}HCoS#+D|(QcuL z@o6tiW3@Cxk8|gkJTH5qq?eYDa_!4Gn6p^HKJYP@K zJW-)|hWg6VH1i$&!0(*0=diDL(Y0NA8w+cFL`uZuGUM>YDM;SsofgvS$5aw2k?p+D z`!SHd)%9n?meB9ynpl-ssRiRP<0SUS=UKPhnOO6mk9v*w*yhmeP0SI7SBhBIxH%)x zbp31QZ6Zxp(qxwXmhHoQ+lEUF^d9t_tT^^QwDBKx)K$ooZQ6`> z@>qT~^YeHP^6GS+!rf(X;gqo47@j|^B`s`k6ZHQ8;pUC1LEy+O^=n4BK?Z!E z!6e5Z^dWQGrF_)|l)e}7PNArxO3}?IVmI(T>2m63;C&6@-F|zkPqbSVWhB4KFg~@P z;(bF&z0+rs;^CsXPIj_nH_+5cZez%6_(#BYSBa)CiO1REyG+{LARjJz9<@Wq*E0AD zTdxnvsEfNc{{T`_Oond%0Eoq0HZ+B{K7POPo&Cxsk)Q2N%BXhx$N5*L_yLwVo#qb& z=NtpUZ+fG9A6w}k5WnFF@ZIvyI@%@H0W8=63ZF^wg|CY4boaPO*3je`00(ma09wvb zF`R5t_@ku@Zw~#dK)Sb?<^KSddq6lHasl?QpL{#v&l2BimWihaww7$54tA@K`1hv> zna9laRPc?Slc*$Gz*5UlP-Q`Wn06zTpEvD2Zs@YVUfkf>=!@JK$`{#~leO!6z) zY$o#VEY8XLN*ME7T3(>`@}ZJ?zi1LBv7uD&GSTiV=O>GoQUtMcL; zGY>=gaaMdg;n%RX^1R68W=*6z2FKGil1#y~F3Z9<7d|GqxL96$Oahy@SlDoJ_04?` z;m-tkLso$_>-gjQTCjNxoUS`@_04LPkRM+72jLHaCD3ix`$XE^sbvWqT&m;cAo^#u zeEspS!u~V(VW_sfVRr=fQXz4344*Wl9=ZB@;)QUz@fV2vNPJ)Bon{X*R*?Syt-)*& z&*#l+_$m>lc^0}_ymmn1L_&I18bO~?%kU>l@ppkWj}d4Ob7|sBR7dj}_rk+Jbf;t2 zo@tQ(GLWaHJ*=%(9Y(`@5K{% zb5*pFEw+-on=0TO52w<$QZ(h($JzcG{{Vz@P55!E%WK)Z2?isG&y|%S==WC3wQ{bUytrE|jDmgh)2Cm0Vn0BlcJmA_0B~`~M*39RjjgVsWpk%$5Jx?fv9xZ4 z4nY)x$K>b4Uj|%!Kk-hrqO{qyS()Ke*JCm1>?@Ab^?gT2ztgoHI#83vD9B@g%6jC` zZwVh}d|A-#ejxZa!~Q7n?cKU-4{Z}k_IV0~kq$;N(YUYbKmG|v`$*aT(|@xiw}rJ$ zT05_c9uH$)*}Sm%?FIR5~59mOeXtaQR>=?;ym&7$fnBvP2=QU@l!+wlJY zizM+LgJY{Ku**CfVz^a2sO(7owZ%}^n&+GReekp@x<|&HBThH>Hn6p(w*rj)uGNMP zea8fQk9z(VKj5ZcvyO@INA{K1ZG0;OKf{k0=frw9lOEWuCSpvmK|NNfg9JWJTjUbBfT$Le9?;uGseH zlGO-d<(u1sb;sjOykMDgpa<5t$uQN-@?{D6Y&nG;k_pMd2QfhabjG2-ccuN z{uusM$Y}OI8-L)VzW_9UiM|%O*Q_k0vcHxs(zI!{5_Rkkz5)De`If%YFSM)OQ%%&O z38~u6derSF03&Td*EAgz%dKzn zgB*;l$1C2w`}RTop>-eG6ZWI{P4SyWxVp2_lTllJeFLyb?Bv3}duN>cVwyW?t&j9o z_)p@m2I>>(+V+n2b9fKO)@grhaS{E`+L;4yZr?UR`V(JN_#*RAk5ANei|cPH^2$b4 z=Q&V#Kb3j)qHbKixW&{uov7Ud{F0CEn)A<%e+#s4kADh$XYij~x3ZE;t5$mll|cz8 z2Oi_886AoAt}2l=gFnvW_NDkUsea6Vv@XBlEmFqkLW$*?NG-BT2$hJ=exkgSTYFt! zN=dDf8E#x;G3wyfT!`Kb@qK4Rdsb5>*VLWBq10>t6R2$d^zK*=^bB(AKbvN1cdAU*!p)04^AF zkyK)UF7K4?71K=fq`DHA_9&5v9>=|2)9x*!!!mDv{MM>B5>_osJC@#x+@D^53R$N6 zLX?rWu=N$NGZlc#5I*VRo|E}+zivBVde9-Iy!YQDvJi4B8#kQ>df%sMXH~c*KUuS7;;av!Qu@yI7PB%!*I-LD`*V3_DeT!_egLLQb1If*7 z4puc|cDZ2-g9K-ao(mMyr#oAD4V;tKf?SO4V)iL!M?jPG3_rVAH`ArOO5#$Wo(H8S z$x*q7bK*GGCX5w~fOGF&3F04$x@Ek#R!Rd(K?>~H+I@u)cRHgEr^%lcJ~nCo7_q#4 zU&L_OTPha{>~~0U(MR>^UyZ-CSMA-U+*>Y_r#Q2^R*@1&XT+CBusr@9tG10k=8d0_ ze-VB!_}}6!#PaIb@+O`n47TLtulvoOYsoGrxwr;XGj$mR*QFTP;;UD&Ryka%2G5<7 z->9nra>Hu!26I$!%BN!d3dKv~9jb4#^lapc42@kr#pfU(cRYdxbXHnJT}Z$YD~<$Jh#&B#VtR^@sLD{{Vtcd|&wd>#h7mvpxs#z+@|Igo$oq&UZhj9jp3x z{hxngkAYtRJU44&;cpCBTx-!oTneslRVXoQ~Xwp!v?_7=Uv$j@6xK=0Lk~dV(KJhP(^dAn#b1u27+Ubu985w14 z7ao9m*XGa1U)#q^*3k=wf!d zXN7O|XC6!pk>qYT=nZ@4hkhL$J_U4vBzEh7E0$8|2e4`04~e0Sg%C^!7+UomBSg23 z+%))k*SR$UZpFD~x3=FLQLaxMQfSE1ULsuvj@-9enMUSvdY*%Gr`arE#@n{~9<>gd z)^Ob{QnG|@IifMK1^q%eZDkJ(p@SaBrC)+AKI>1A%FL4X?~i(*Ja196y|urdYjPeA zg9DI7YUvuBp&BcY%faj3fCsvYONCHJ2a)MluI*sC945#0UepmNjfD-gB{zJ%54~l^ z3d~LzDKzd!DcHkxqa~w@U6;l+1C-gKn!#kpwTgIb8`%k zy5o55Up4sa!+tu^bt8FYr`>8=E1$g?{{U7_I)hC+6rGP^@Li4Q(jog|pEQ7SJ$);x zI&96m8TAy2xh;%x!*Usnu*#>59A>(!ol4>18_wn*#X+ApLzJ6YCUTi<1NznW)M0ql z%avurcznkiL`&#^*OA>lCFF zfc<&zSsL!QYXzw?qCqy?DfKi9kmkHEuHRqkBG>Fwy|Z$%05*#DJLuXd!l)xX{b`h8 zw#=(z_k*~r(Z^?Us3Z&Kjy|-2*|djZ$rCEC2XR(y6v-J5-@G0DXaXpFPyL&y+uB}P$jaaH z)F~=|8mrOb$vmd7V^%$2rAle93`>ia=Lrqn1$2xJ>?45!2#| zaV5HkIrZs4&D%D|%Xb@jeF5~ZF!680-EUFUAk=(6eteaae6cri>ODKv#MhY}euray zV2YZWv25UE^{&nzF5OI#oD<3BrJ+h)4H%~~qd5m7wPjr_Qn+MaDTiElq-0T&IS=}` z#ww&zZp3pYTiSvu4Y#niww76ba)&tt@G3a%^xN+-Z8ZyMW?qV1E>EX5T)l{m`WrfI z4Hja!ks4L>Am*8=-a-P#U4a9=Ua1?!*zms*=znXy4R0f=hb2#M#;~q*Ipi=!Ebknv zfw*_9%apnvr=wWUX=;%%-Y^D1MHxVcr=@cGi%!WRmc~IJN)1m6*DNO*gEX!QJuz4wA%?~XA(kiE zAz$7D$3D~=Q#{Hm;paGrkl8rr7&Y@p#vcTYT;DDF{iZ2L868ilryb6SGv#RPVUF74 z!&lMykwiSTQ}X&(!(R~eJx9R)DY%B^V*bdukoj3|V{YKpU!kFyK9_eC5Z`H+C}3O= zRe>O$#8&X}7NIrFZF?-zGKCwM=XbVimarqbpH~`?f(vMIAW*wg*1GF9lG-$eSmSYl z^;2G5Msy@?+s&t>TMf%aau|?|I{r0BQrBMA&4r(q?%XhR&OO1Xj^#MmXM((2saWb_ z;iQAgkYRxs=QZ|jlc^@HX9TLOwr{3G!UI&^HJR6R4#}%35eG^I7 zt>kM|dx(r@5isRR^r(_Ir!(`f$1>XZL&R4$Q(4_wo#9XvJ$|)T(^2!`S*_$_BOl>C zYtN}3r*vg=p_^0J?%+#3L8m)L#oRJLt_xh#^$#R73zS^^uAjnvX-7s|XXy{@bMa3? z@m`Le2l0lIsjAw3>|92EX^H8P-!=Lrpvb-&z7oJyP@IJws?sv3&#Am8;_vO-6tTjjn!_u4p)4fXs$c@@&IX@`r^{KRZ?QeF*%A1tqX*|}T zE$J5SKF=hJE=VIamoJ?=5^`UsH02-_9&k#h$lb+s)_-bCcbz^~9CA9;fz9gy^#~-1 z=45hfl<;npbZe=F(yK?kh;;-GPh3*w=roUI(>3@kCJN5;#hek2D&DcK={JZcu| z1RK6yI*O*gB@ijt-LOLp&`XKR-Rpw(>6YlmkpBP<(OK{1UMt5EkUN?II~?`qfe70= zf|IE@e&W3H^TYPHUT4~r%HZKt_0PQqk)EWs{u$L_gsa;(+0=j;I}duvpTXMQ_Nit4 znQ~&cMm}n?y>HO1Amt8IBOjwAB&I9&SGeOAxQ zlh3uehDGk7vsH60V;*Ia;C!~@An-w~`5-ouCe)D+s2o>0v}ANPH2k~*%vvVxWwUz~SQU>qg_O75Zm{)9z_j?|dcLS8vTI7)&WqhE1bB;}F=vS6^ z3ee1sg+N}Mlj}>J0ikmnM=|>=lOMfiT;5!?MiPw)BLzYJR{gqPj5#&7XCak3al0qNNSR@Vs?rV~}(zR=(^CN&qC>aEvGg?71lx%T#+HR(z zS(9U3g(C#;#`Y~eJmVA@l#G(B z>IvG!XWq0IP{Kwo5mnK!8$36qM5WMZE+tvW+PEFp917wt?eC+#M7MU|oa5WtmpQ6O zOJ}QUHhfDQ$u}K(Vy>@?JlD;^Rc!SmrB^x!65ZCK(pwndx$|O>bA!mN_0;byRbR_z zMd%NDIgy)Ph_h{7&#*n{nZt zVof(yi7$$8TX}{zss7>5CcY?_Oz~gYVOeIpo)nX0(5n`}JqO{%dlcqzMf5vQ3V4gg z9uBy9>@>Rv(-RFSo;=7v?hk5rioQ4a+ULyDG-r-0E5{8Tyok-YPy0iW*0;H}k6iF= zjnr0FR~{pT4T!Gnod7)iq|}}#@g|Qg(OqXyV`P3(#AS#BfHPAhLum3{Q^EE(*Ga8t z+J)zwnccMEHhnXU^Iay9x$5)9;dkf0K$*fEu(#7O-pyO7*;Am z9Fd>pp4DH*ehIqp{+DH|`73j3@rU1x?L6ckeho~vB39V)&k5Mt-uQ$)&BXRmyun$H zcIVYsrF-{`X1MUbg)TJdK;gC&Nh&-s7GJG{%pfd`qW9mV!MJSmd0bBx4&%9OTtq z5w)vyhRaZzYlsQ?7YAw_Rf5UCzx#NdXnU{N= z%_n6wYBw|X);*`gz5(!Ni>-gcPieTxBx8FpKR3E<&lC7=du#m`2e=l_&a1m_!VhoCzeju{`%dY8A<^d2_3sbfY5IYNG9@1> z`G8}RdXD^5xCD%iH^-Vi&Z8xkq!Q}Y$;mkYkFTwK-SNe=tG!!K(Y!gRJHjI}PNj$o zxbPRJx8+&1b6E3@9@O|c=13*Gx1W4LAIo6hDIEc>`@(v~<+bwP+f5`9jyA7TPQh(% zdVh&@)V)nVR*L=NfzXMfVUkcXFHF*d6$N@7s1(zGIu_}_^07D@Nb5+-ET-1A8KV` zuptWz4DxV3wc#EQ@zmOd!Likr+8d;9s4%P#y;AI4bKr%FwQj~$ypp89mYX|3*@KUEkY^yx+Bp7!yEeqvVJ*OfIf zmq11>zL$M}eH@lIPYiMAaL3<1=Dicc{u3A4nV$CX;AKtHM&lww(~o+tWwE7^>YAs+ zZ7gX}YWf9~5!|GUCBzFEV~{@hKK}rruQ2gXjJ!!BX?FTnlX%))$O$ZAh$_p*O7!(K zb0an+wmu-Rw^r2SmfmMl!Z*mmcCIaVi}Z~PAkI&wX^?bwN+i67SpZ3*Acn^$p4H#@ ziY+>CvfXL7kW8+_&Wx$tzux||q>UrF+4y?H!;`^mA-Nyg4EWl5V!h+TUJrr`ON*-! zBszkScSnJd@7}U;X2|j%8r?KQTC&uv&B7c8X;bE2`2^R;I=;83Tk3}CQh)5^pD~5W zFOQ{Cfodn{_ruSP{{RLrehSaw=EYA7KO%jgL*@e;Mh0*J&*V-k0!=>p;!B9v$}RC%#k8o<2`t)xG45Kn??A6sY`hy-`I;H2Jsu8nDgjs*gQMp%O5@;F^=|9 z#Ta+?{V5g5%f2O;cVp7kZ*uTcpb{fxuQ$r@lH+V<>hw ztG|r!cu0wjyt^J^I&G564Xs&fX6Y*sN%{UFjoz_0Kr^bH!`OgrlMQGw?Iw zPM6{@58LYyK^&HHp+Mm0X|6l=nAGCA@D8DM1dj4XP7ueC6S=I~v0RA!xwO-D4M)zF zHFa=zXBY?ES9Rcx%RrAVGIy&4{~;aj~bbh(K~l_67&q;raDnl(^7>*1EKs^}A_gh^_F zm=Vr4l6`%1UqYMhHsa+T9a_rQQ}VZ__r~V*p}?{&d&Yh+z3}#@q1ayBTSFuzB?RP1 zFBgrTQlqoz6^Gezh=6xmhZ89wc*jU&)+#{0SSmB4D z6(@>*9clg{_*JZEI^LB$k=!QxBJqu|$F2*5gLhpmelSStQ5G z>yyy-KGoD|UmbK*@kXDfYV9S?nROeZ#s|&*f5Mq3&mR&re-G+@In^wq)Nb^+Z(=i9 zCCA+0{oi9>Ao%-2y|C17^xFXTKncJ0-pU7-eFtn(5#!-RM{AwZjw@e5)}`>~vuCPl z%^%xgV;~LGj^cv)pRRunyiX5{d?%-CF*$Y-qRPyEWPE+nE4M7I^0r^_pq7uAKWQ%o zop(%+#MYMf(p}raVvs6)?4$Yi=D$8IkDh~cZ4nKOAL~JIKBM>n;(apG4M*Ybs~RP} z(;JIvdig9n53YK9*VZ4gzsKEU_A>phygTCgr%f-w+T_coYq5yV(-RT4SNaoB_tfd9 zy^rh_ZV6p49bZqnjiPM-0Ce=P=iB}YSNj_3{yy+O#BT@a+8Dp_&xOzY zBt9ORFPrUlgmV&m{{XYspHo=3ZAqFxjeitagp}SXYin#W+(hFK6v2pX!?z&UpF=QZ zeTpPfab2|Lj!K$tR+Uvk@7y`#iXc=jB34LOlgZ;XvC1r)q$;N+Pg;sd7DNd9y}hU< z#6?oEBZdboLoaYC&nD(kwU-=o*iceMvJqb!w>j(WOU~t7kiB>m8bKGWZhVlz_W*qd zTApp1#ht~3tj0IwpgUNR$RWFPiVfo~hxX6^00#4Z-uBu#OrbcwQl@dM?^>4gWcKhj2`1ga*9^Al&MV_4Tl$=LJz$SvLGu)I&)N~8t@ zp|6VmJA6NDsQ&=AbeW@%##$-!;faP8`q-bDbKd}eFG};I2gbfX(EKUl=r6Qe>uYqd z)-B4zfs}&e4hs8cJbE8${!PDbkAW9|3VeU4_=eunSRyG6(W0UP$9MVFa@xJ)n zo^lE8O1~^%VEKpd9QB~m1H`JTk)n;`zAHslUmJkqwkS1&)Ug|w!B7bXq?Q=yn5kc2ZNA`pdN;h~?E4bKwzS#WS<8s%VII^Pbeh2>m!E`@jSUxR$BDwvc{vGJ{?c%EyS+2aO zcSzxLzdqPreNBHIo)^_1xs74EQv@THzNx|5Xd1pKv3f2W@W-n7YFlka%1@Nq$m%4E@bAtmg4CN_ z&?kaBwv$hjag4^nh;ix%9ym5>l5+Mg&<)RAASp9VZ( z;g5(K8P+XsH$ZYT{l>w^@~d%29cbM3BxH(0u${}CW}&;(Ah(ems$_la@I?oiIK7Pb zlkG9(PI<`psxmClrw0<`9FxUu4UD;(HekI#n;G!ncO7do=K0riMhhJCR6cf5H(+sDG15B$=QwVEDw|D>FJzJ8D=R4EXP?S~NiQtRIK#F<>C(1z zjX!qqRBSjKz3Vx?fNEW6>uWGolW-h0S4fJqkwr3x+&cEG+XF(~QU_nQm2JG|b}JWE zS#?>8Te}oI00wrNiB82vH_+(3JMjMiQ@M>v4H7RoZiH8(Y2F9ZE!|{fXEkqJncqfh#_A1J;<$KjL+CVfPb*BfxZmt);=xqe22#05ujq? zX%sXNH=qan``6s*Z56x|soNE!$Yn7o!UsLT9V?|P5jHYQxk{+Cjen(dniAVgrc2O# z#p=GE^vuWJEv&M$!!8P*0PkGBvw4287K}PZy+|CI2N>M*`#%vtE*TljtWG`G>s-%` z{9kFNXqUIvnvJxYlqZX4ByS(@cBtjoQ=*&?mb_8%W%U^2zm;1}vkC;Wf_$i3{iYT9 zQ~OJP*&0v7TdUND?$Z8ox;2oWyZ+LS_^z5X?rPnS#BYnAwKtCbBwgH#ZB|J1w=CvK zPGo%a+ByMWEV`t=WbE%W%1KssB%Jl@UY$C2IjYqw+s!-=BAF!E;|C|Gr!;dG1(!MK zdsfNZ;hegL$Hw(gTpm3uMiUqgF^LGyX`JQDXe5ycP!wmct!>&_ppjN)+M$BBeNRf6 zI~qa<+JCc$>|^nB_KUttO$SB0@PCIMO`qCQ#&^oU>@GX{*Yvad8~*^oFuoA{6SqxI z#1<{$O?=w%b$bTlCLh8x+PJFJwutP657!+NO|;W2ZLFs>g+f-qrCyMW+kuH2)l zGsbqf_Ul|Soz0@GQ%Pkd94{HcuUFAzhThgcF~%@4Sk3e(*STkP4GZNv;<=giB!SE` ztEuj5889e|n;p#WE4~j(^RE>AO42+(cLkQ9w-LoD+ODWrek63I85>3&&I3~Tm0@lB z$!=mxW0DIt+zR=B;(zU_@aMrkeT{?N>i!~7LdJtCPvQM>TS7fcKQDeTe0}lH#(h*@ zYC479m28i&K#%^lI|jvgw01eq${M@rM#Q&b#8!$6arjk*w%Vn(frH+!ofx-sR>MY? z^n(m8(h>l`uV>Ld8-W}bcLWv$Fday)c}z#W_-n!PM;vOAua-`JQC_=cq4^6Jn5T>m z2U^4qp5Dn2FbX;8?M)C)9HA5eYQn{yc8%3s=jG2@=wh~tClSaJH}yU09LRAl$jKT6 zR?dCv9iwKI4t8MrQd90kklET;$wGNO%|rH!#ZD$89-R$nNX57eN0alFAfF4i_Jd08*Ol7bhjXYeEU&4u@dd$65fpslj7?0cgMq zKSN$ytn2ULnB<-pJaLavK+bbb_>T{ae9J|%K5C!!n{Y?}09v~{Wj;cNk%Wuu-iC)H zO9K7#f;sf6Gij!GVi#%8-mD1;JU=ABJP@nw9OJ!i*yvIsMACqadlAx_jmBNOwfipp zr+N;RUfT0<3QMB|6?@V85vXLJQGLPx)L7CIRqOPH0x1q6cIIJ7%DPd8PG3`JZGQ(puLN-7p zAH|+)BIex|7F=YGMkoUXtsUg^BU6>_>sz`l*V*Rzl$AZbCJlf3AIr}?bgdZWxRq2PR3n~y&<5?iujF}e^0qrxayawCNZ&Sb$)E=6 z_7@PM%@Xch{os05MEhp7D>8i8>p&bG)r@xXl8!(pp*7BUk5kn&YeRi(f_RYU4cvNA z2V3Ef5NX~g(qOx_f=DJ_CRXX1*1Cyp+-)6b0oLn2;!r70rz4tzC#E>BMbu2Ik#hyh3Ut1kycbxs&&MN1pMF5fu=qy4=nCRDUadJ zbT;IRa|=@N#!v~Mo1&I08z2=0lL$^&8gZ!72GUW zKi>RmDK#ru;AC}H1CLx#Gde46@(FFpIP|M*Cp&W+Z8;hAphQfsY*?}v$mm5ZO75aW z06uz92Ty0I#~qxJOKg(JI2q|xE#`{oHxF+pZUNv`)7(x*t`bB@t^&xQ@M|LC6=@1* zC=Ujpo^wjtCsZM25)VP^Qd?Mg)0pKi5Y9SKQg<)h=P=$W?^Cx}?zG$Cxp+7shIt0JG>i^Q;a7|N zTVbr*>AJqFsN9Fjjp|r+&n^Bn_QTt*sb;cBnPM~3ttM!Z$46)7U6qlQq6eYxSl5PJ@xSVAofv zSc_e*jN5=513;u_wz0M>NrQpu(z%^e%)CZ>a2cDPc%Tu@O`xUHD{4p))E}E1SB-d& zPief!)TFy}jCxRO2hj6KbT_(?$i%`|Ju5fFJ|An_K@;Lh*ClxC#Rkzn2l%Do`^z0p zJIG@xdaOwq;glNrm*Url?0jpWU@desRfP2&Xau7t47{j zh+id5dc};oa!#=uNUkB^tC7gXV^tQ8($7cI<(50^c1R^ZD;56$KJ}>cHk|pCB(UQ- zuP&-OW4R0$cKV$AZKGs-XAS(tOCrB9%V^LyIAh3RSem_zg}Kn}wOe?#iPpvzkyTxr zXkvR0diuw~8lQsnOW17U)*k*D*K(FSO1I;h^eCf}q3QQGcD{Ic*i9Gr{i@89+n7z# znB`UA;B>C|qt25ex4RoW$im@{K=rJ9xD}R3L_0Iy}ryf7&rizUd@EvB>YA^U}Nm=izOJlWA$G z!QyQyIpl6&P*0VQQHtfPb<=Eycs9l5O?0<$jN)bW_2#gW-gqr%w3=x33wI_?6B~U2 z_pTG6+~qt!t?E7j@lKoKZx3F!n=BU!@`dAg9jo=5z`q_(#NVEcVh`$s{CTHV!e(eQBp&Pc4*lM>@_ObDZ;Ab1jZJqI(@`<{Rkk zL8NR)Qp5f>591|*7p|efWF59wM@+8?%z~SiGpeOv3{$eEMlwcg1ILS}ylu52Do7b4?+Ol>oW_r(*usWH5hLRmIOeD|+v)m} zkozOZHn#L=IL_^6^ zI*R6E)GV*0bp$5vaC>t@Vk-TjHF+Xprv!nH;;q|i5kSF#*yGf7tfu-KM`FIEtUb_G znpP^OsqI@Dc7tWCTP?~;gcZ*`)kIEboNAEErRp-;07EJ5RF=jYxf!Q~KcOS;nrGvqg6xYO)oF-sD%^xgg1qv8vlD(c1-(cUMJ|2+d~k*6OwUT#b`Gx7~6FlcWK!-qaMeBR$|s~Bi@n-wifw# zj8by2&oc2X*|EQ2X(GsDJq>gk9-uDZf@#Jk zY;@==HzsE^b+2Iq0__-gZiICe3+as%3hm{~89#_MB=VKu)8=9UalbuCsV?kijEPKJ zo1koUr6*%#j%NE)ibQB#aWV{atVIIkx9)OJprJ4?SZJDvxVN~1dx+99c!Z{q ziDChvD&TY+Wct-3DN5%LHKY<;A%@~;Wal{J^R4)|t)YhkW&R?=pTdGyWBHu%j<@1( z5bC;gnr;%rBBZ6xaG-R>dOUirg{F8qYm1A$9y^qX2_j`4bdQsQymYUiloHVL>BmHT z`u_kEtu@*8D+q07Yptf)T&@(5KJ82Jw@$UxbqlxF%$AQ4`4OYeGw5-GI5jppC3UIm z9xCyaCU`V3c2Goi`=+K;59Z&nM6=Y_MfuOOXTBe#t$D% zS8ed}^qcOF~?t8@R?g!ywfgi zMx`yql1j{pEV=T*Jrq@Lv?AIY{{RU7AKYr1o!q*N7S^n}nWT9R#>W5;LVYX0_@{FE zFNE){buSM*3%@IHWBGssqMDvSvGF#Wq3PG~zNck(B$pe;{HA1;4s(-_(!CQ~vc0qL zs>7y<6J&U|M~@+~oMhF-KBG~0K1W}QejwAe2`%-8O*-Wy^2#VHg+89O^q+!0CF_@# zFzDBp5?{BJL{3*5MshcM^Viy_*OdBW!xAOWgSA-NCu`N)AaFnc4!nLf;F{LIsjPEP zaMRkro1iX)N$gJ+^IwxM$ifDuX#K3`*Ab>m-&o*vX*_TG47OZcBG z==fCwwm%A_>}AWTg<)Wr z3YfI75Km!yVKnv!X(c!+Nh2K%d)%HE({CB#v`M2@Lb053!kyXADY6|NT?^s#%V*+g z9GQ0*+GWoG6M>QRuM_dliF`MCtJ~dMSxW>MIiEQUN&PsbVq+)N^1l~q5ng#Opj`(D z>RUf~lyx7CdzZqbxz#OgyxVdPH$LvE_;>3~nkjTW8&{fZNdCog(!ia1_0P39T-aIY zN&<=G3ytTm<5DNCi23vW5e;ivz14Mp55sok$Z)tj6oJ?eTvwiHTA7c>S~Qx}R~8;7 zx4Id^?HC7~`hqE=SkgZ9`0MdgL)Cl-g8jz8>*M_J#KsiN&RRA{*XNhk#h&5dR#c_75LtE$PBOacW z$LNi(S!-*iYc}&m69Qj&AO@>PMLQc>uAyhA>w0T4Ts#Kh0a)eQ5NDUqps&(DgY)S7 zZ0{fv%Mn4JF^gqKudO3dpBij@6XGc^{{XOAV9JQhWc=(%<-JEErF<>ozl6GU&;L;?C)+K{sw3HUPi#(+mYM+Yt?=aX+A4$Y+Pz< zaeHX)zF23<5IceEoK}MNw?A=y2J3KG*y!zg2*KGXJbv#0WBJ#2@q0+oJNz`d@n)9ZBCvqVs#*cPV?Z~c=m_uA^cC@3nl#pP znD66QPV4|rUOWD^idN9pI-{o2pq(vbwOE#Am3Jeod<=RT;05#3kI*E zOFTFzzcI#0?nWyX;?_-5RJZ#oi+i4YwI@AKJXW;Mh{orm`F6e>L1W@;XrY=sxRjr} z#(tQur2ZC3rRw$qPcGK-Je;d0;L1k>6=sPPzA}6v@E3_ZA9JW%*u|&#njlOvM*CP1 z+=1Jg_>02U8nR*UZ7x#o5@C}do}I_B>zbIS)O^VLH{orKi|X;guFWh~AcDk=+j44u z+8AkiC9aqKg?nli;DhDH`EUW`_m+;IxPRQis|mZ|;-+ zdsO${0?;fqB=GjB8^LxM=G~+x9gYTS`I$C8^!=XgFSIKZ)3o@++E3Z|i2?oA)71Tc z&sx*?x#NqiWm846j9egHjT(#u9;T2VIBFVf`VG~ktH4Aq(as6O5 zW8bwe3v2!f)io_P&rp3|gXIQb`Ce|{{RzwD{}JcFx*?sD@aRh!HI{k?OwyC{8iGtK^6Z1hVN{nvxmqJ44X+-IsOx# z4O)Q?C(d6KHU9tsc$dQ3=90J8@2T3! zB|$5ZjE|>U{I2+);Mlwe;>}Ay@_x(~S7^7eEhx#QeQY?ZXmDC>-1=^*YpdHdklw<; z&idN+7j7s_q0?F8<8h!n+|LW074H9)}H602Xy+azg{u)Trgg;zM(e1~{(Ml0}whMJg2R z##*Sck}zBYgTMxYt~ncER&Y0FqLNLrF#v|36DERC#K-^`=bE@~oSnz$Dg#X!v6q|{u7(XwYR<&ULv;ug}&3I zAU^C4tIGm<99Q~dd>HtP;Qs)Pp9?%E@ejc|#kQ~Ey<*Ng+ex92GO%?G!Tfr5=}}fU ziPWQ|&WlsiccE05_tBm!%zR;?N2*w*)Q~IO!U{++%OUD3&6?CCkIa7`csg$j_`g%| zO~Z(-^#XMr4p%u+2nC}DpgHaD?O&STw*LUZh(0HH3sclCwB>_VNPfwB>Y3Xj{nzyw z$L1`KH|8$vK@e7h{58!DeQAqL<#0Ht1~7# z0glxRMjw9zra7*(b2y?YU`0XY{n5eatsvgp27XSTK|t(G&=}X{Uza%sk|%jG+m8P9 z4Q^;#uxv3b*!3MM6g(zhCE%SMKpII)W*{l1Z0l*Do?pJ6;;vK z1bt}~ZmA}hKG5;EABUw-*5j7aTPxdjXNixMFFn2M%c&hrEp5!JjT=YtW{cuqhJGT2 zXVP_RSt3Pz5Hh43eq-_#{(K+sQ7_rATK$o~Y9AB$X6ngpyfJdp&0x`kv;x_{9{g82 zTAL&0?HgC$XC!xUhl+T@42&|0^9@%+HWzbUK#d){ImSP&E^8HQp40HM;tQfUP zy8=2_HCl&FDo3&Cy1lKPw1P``9!WqU+R+*Ahv+z-1=j+X-XwHA7y+W{fGQ_XB`VKb_A2 z`c+u;n~7ve<(d4Ta8PtLsfn?5YXU@y0>+~UBei5)YCmI{Beo)CVS+)RM?G_>eVLwA zomO8$YNn&&7i$KR?r81f3-`0ZrfmhG@b`|sE$FSTYFa;q^^0HayLbKk2_P=r`gX{# zi+(qL)!rTO7Mpnwh;C<>RQsuHgk_lbEnCy2-09gLjDH$`Z@(4mH(IxcG+Az+PG6cd zM=JtJgZHstnw}}~pNf2Qbq=NC{Xz8!&@fofD49LIe;V(n3v6-KtI*_8<1W5akfV*D zV;;@Er(2n}XxmtjHViWL;8xA1j#$Xo zEgUh9`Q(p!9MIzq=eGPY_%Y+3iu#U~pm-z0cN&{q&E%QnjI3%p5)L`Ve?fn;cl;6e zOYqKyzYu;cw0i(N32niJ z;dnqRjye(g*VNMK_S0MLx0rdOv9CIExzLr2wQZ`gNWU=P5m;Yo)L_-j7ZJwREIwBU zkbUbZO2ay3w(`oOs8k~$is`gt9n41Ej@cLWtbpB)MYD~B(hOGx;vGT|#nHl*{Y6Bh zah`Ljc&^&P7~D!NqjjNo4KiFVK$)S?6DVN!6LmUK=38S)59g&`6^CMMn)?KAmy>| zdMAKwRyf|;Fs?drUZbRVW?OQR%Loj5yFiW@m466whIF(30(-@{u!4c$+9XFQV4 zDuVm}0EGGq>1B`0l&Ozwih7QQrdQ}wmt(268g<2xLI(c;r$bgFj?JNXom9B##bjn@ z{g!)YW=9)8oh`F-R*%TndF z(R?n_orPrhn@_pEvXTo~6)ryVk~luqoTM&ha=Hzspsia$GU7OuUAW0-FnfXpR71Sm4^Mh?Xha-?{Q#m3vxxTiUAlvqfZh7u1 z%ojICO@K%cl6mbxCd7J{qoSQOEWXcwSnPS;-$Na ze zpbUwb`9OC^-yN!3NKY&PKhA(GO8XItxK@>eB%%)6QZ4FF-wd2BbW#km>u9cqlTX~>8IY;E0W8KY-^ZEYGj8Qrb)ABrio!SM7&tYux#Kri>PL<@6*sL-&#DFZL__0>4a*b;*5?E)!UjjPmt zHS>qWUj$uvruJ*wJJ~F58%l7mv7YB?9s3UqwW=(4xSK zsTdgisWM!SZud#FxR~sGHglZfu^&&ej%O@<$(M|Z#i9%GA~7YK1aXgAv*tm89tU4e zl!VCRR<)U4HT9IfNn_|}GUjDSqk=YNG39%MR@Mt?GGkvYJv|Koq{wgK zgUFF3T&^*nO7U+IXen;;Tv{_cL}wW0gJk<0#*+q*sH~|i%0V)crCWoV-TFpqLb=wY5pciiL(>H>$^B7 z1%3XNt9G}y3%1_v)kqEffZx+iqph4R`DdlSrqJLVUC`)>yzkE2qPqqUy#>qY94(`WHafuw(hNG zI~2e>8?U`OOO=ubxAJ4!MmG`2_p4GwavXWnX0@FzAh>yE>I!jP0kqUuCB@8$6fRdh zkxaNm=kK(b@1UL;qx)P>km^rSUl;sA@ZFDxwOe`Z=exJlK4|=xY@j*MTIQ;b+Gxv$ z{{X{rY4TfKMDpBk1sNai4*4DHoYil%*%U>k-AQRSHl54&tA(o?@}7OIKyD+F2@d7- z9ELUM9|t}uUU)N6k4)5j*VBxiQhbGiZU?XD!K#e98Oa~1KMs6fWvE0ZwY+9Sf}r)y zeaY~v#a1#+4TbgG11IG34}VJ0JDkp&K8w5>B$1@*_QAS>4|gL!9vDtE9mr+cnG(-lJn~c|PX0H7n~<^ZApb zkKrTujZZ5MR&moZTo%JFbDnCr)8r{3Rxvju8bYyH%XSc@)InD~Fge{?`em~by@p$^ zJt-SU%+k7=J5`Li89Wbq>VPQNtW^c^`#j4Jo21l6>)wN1&z#=9^<{_Jt0ku6gb&)U0&R2SH-O z>KUzXatgU{RQ?#vZh-Pldr;ArRxnvzM9jG#Dd5uET(c<*%v0$>i;FF8@^H{8-Tf;n z{brmK8uAaXS_NYUOJcDVy-6mF0x%DH!4`=ac8yA|c){&iOy0!S(4^;S1^MmXx@&zu zDzV*1BEUN1ujg4!0aAYs!ylPFlJ8aIhi*?bsi4@omugJWWF9);(@U_;jaxyIIAgh6 zh%OishBi(>^{#F$A~y&9SYggH_i2Fm<2Dj21l<|n`_r{6>sZuD9k4kkcWNvbIT z-JEk-_uh0V908oJGB+IJl%voNR{qx7=*J`5tTQU@-a4Lo(=DtOC1pk}w~_wQp(7bR zO{lIu$_fBgyN^nm`rg}6(%w>Mx4KeW>OZA#6=F{}l?*fQhCwQk*BuQ$H@JDyMZS^< z@HZ#}4Nk?x{$6C)b*}_#P(~*gx?cYPCOpDjh&dQJ&2?9LCX3=(?ryE_E-Vt|BUfoT z^1bo+n)N-Q=2MZJzY5QUo=e!|g8u+~+p@2?@;Gmy72bG%PQRYl`$o>pf35QIz~?>x z06f-)ve!cIjQ$epGwK?CvmNAKYzIDEUpQjR&QDG{SA}@5N7S^fOvNL)R%~Fe`m!^e z&}GY|hhH`Iw}(!lqRlGZzznnCZVm@v2d#U@fxKlUzk@DpwVN2r+#<-h7%`uJU!`Rr zM~$-Bz4iUVk08q_`@snLT+A*=;cx%KrV_RD*Jx)(0(^1quj-Pjv(989Kn?~nagkRT>tV)B>AWYYYIad1Qd+rzzj&{ljQUs9 zzYO(F98R+9nshf7j&SPDf}_+L*yvL|6USEm7PgJ#(Pn|IKKg+98&6~JUJV<=Y4)qV z2nlZTT%>Yyo|qn$lZl@*Jr~3O01EYqFD-5_#kxx}rNG?SDmv{x{cGr$bkDNd+FM5i z4>GqZqmft3WMwIrz9xJq@W+ZgA!|0f8`)eP+h#%g)KU&uAFuMS%}%JPjg{HW&zhoXmMtU4%=8;$IU-%>AYp)7u z+J=R!TE!jW$V$khpD>2)pIXxzFM@t9c>ZhkQ=x0|X);n2lExzHCBo_pX*I(h!0>N#gI8704+Eib(vY>V#`Vu~sD*Z~kJR8J1dTD+m zxVx}P7)1MHzyYuir>%OW-JSQ2G(^y+mSsmwF2%_Wj=!Zl4a-C8KY||$blpzE??&-8 z^w7MPo?LDaef)jmKLcMKd~fhl{1EuL66zOabh#Bgxk&&%?&r1u!Ry6mDC=Zv8QVkF zJXhd3d{?1a_|L-$2DxJ#NhGTe%+VkmpX*;d_@B+Wk_&LVP^JJQgU16EaEM9V>vRn_ zQMB-~TqNcTg~}2K864nOxA;d!{{V!i!Bauv6u-?K-= zts`CVW!{)()8W_b)rMJuu~U$E^u}tsz?9 z1YPCE`~#kV&}7!6o+ZDO%Sb-g{LiVHa> zbx^=?Tn?w}kJhZ2zK5uIyH>t`c{

?ZawM%>|#TIs$8-QQ^1+0t&>{cVWcvnmp++iC5Z)UIRQzA9@r zR+>G;FkJ4J*QW2Se2;13`@gq~D?t)8r)gFr1$&%S%V9IoW>&RCk!BX#lx}Qt)#g4f z()Dd`OP1!!f3{v*oW>;?ETr-Q#~f0I#&J!Rej41_X_}3;m8;JUo#}E`FnP&54A%=A_3u_(V`B@zzA4nSms?FL>l{!G=9E^{#S%26%oGJ8Etg=^Q<|$ip1x zn$9yB>o8e9r{R@~E6FXc$Sb-R*vJP$5Bcd`ufv^O{hf5*6zeeDTt+@u#tV_rPx#ih z5%Xun4;#e48m>Gob#DxEviYHu@avP1K9y7A$Ai~Lm&0B)v6IiV5c!XBA6OiN@;B18 zj0SVM55(UR>DraHwG0w#jSwZqGIsk8=N0X?w?7SjH8wQ84mf;CGh*r&##rN?2ebP9NL|la@p;OwwF?4NW$H4v~@h*en z3kI3uc7?;K8RG$leTVa` z7InYa-}bKXkHvdixb1u*_f2oC`MD9i5;op3+-D-cwb^IW{6nK?UOw=p<-VukZC)k0 zf@oiIg31XWu1Eg>TCu9V)XvIs(DomJ9xJ}^*NkCzl#Mc6M=V8ipI_3x$Diz;8}Sg@ zt9#)+Rwh?MI3a=Dr}g~3>z+{RQTY@5Z+^(W8~F9`i{h8;`7WNH@RM0ZHoM@viB1a0 zGU7FSY|reZ-9u>@`5nU7*B zIm$~QDV%XZP!Um)*!--$D({oAR!5KmKZ6}dtp=rmwPG7dE7+cClRU`ry6xSJ9yq3v zQFb-soh~e{?Ija!c*?fkql*5o{{Z0JuiJGSN7p}MUx=Es*y~zZ{?hPu#MdE>)w5-u z921eWl5jgSdU9K#)d_Szt~4De5>)l z;ccIa^i5++hI@TK#C8Ym`aRr(hsP!^dSriJTKwPfSBJm1Y%eYKG}&)(KF@fHcLjfc zp&zAlj>q$L{{RIV{g`zRhdw565L@UM33D5H@-%n?XbAh<`&Z=a%9j?=+(o$CxZJtx zT~wu^g;FDcnPL;^+M}4Ff+ALSC)T@S?v5!++7$tI+=vItc^=hau?mJP5p&btn7PS( z$yduD3?6#%Q%52rZotlQiVKX3(MuRRln3_BNYY5|!AReX@!Er`6EqUe+fuT-u$Tpk zSjx70``7f_{{RFk{ixvakHd{)_B8m1tZdh`t@pkWx{=6WsN1#%CxWM(4#fIY$z3#d z)0zE9_*3E>`lrMDe-i35P5%H17LO;{b!FH=3cPM3uRwoF_UF8|yn|1k2U)Cc;tv~+ zfRSEhOPWeoGOdH$$s`vDZS`v>4-|uf%k5u|pYU5>*zOP7AK*>D#t#eV$v=#AD4Fga zG4lmpc>|N4N9A0SG=u1W6PgY6^}XEsW~mH`dv76DRvkI$ea0)K@jAsOie!cslIdF^ zcVThdn#!kg)3Hn8eytQ*jl>s{ye!N(2LVU7t$u)bejPsNOF*t)10lQDmy2w;%edE( z3%oP9kw+anR_DXm@BAU+NVWKv?e>@|$srq6PaiL##c@Jfl_#P0v)jX|>DJepeX&U7 zk8XbLGmebN$|#6)ZcXF7U&-hhbG20AESvLc!qK zAQ`NSeOXx)Pxp(T?u>T+mETGv%174L*7mkG@x=1I%f>K) zj!Lh!Xh(c+0zyZYgN}OFRAXbFQn|Np6cIvHo&EFOXw&tbIVX4~xKBF-0iLwUO8OjM zi9A=O=~ob2YIo4->njwDyJLCu9=}TS-BVS+hT=J_Wf8`HU|4YD+JjhAJcnNRuWe^} zGTgvET!Kq*PqlpE@dx&l@W!8{YRRnYKiJT!7Di^tY<3IpT2qbL(-_$NF#Vx_Z66KV zYuE4L`+IwRX|jSybLU)-_Lx`YFT}5l-Zl7xu1$BU>en{9Oih?#50dBH*P~9Aj4Md; zPd&pr=XhdRl5$C>O3cX^TrX06>!vZW<~Y*x8Jaec2R}ID zwQNDAG|ZwT`M#Yf8b?o|=sKpgeIAqH?IQPB)ufeS@*$0#w-d)fU$h^xSNsxV#(xx( zPVra8h;KBjbvy0tBVDl0op#8^xaw3Z2jQUnBfcRvR;sz{ANV(dr{8h|pz9E+1 zQ<^7lEaa&SX$>oht$5NfUKNv`M<*DspS*AJ%fns}x41qfxp?B*%^OC*o;wlvRYo^9 zjBI{pd|Umnbx#sQeWrLkO=+jI>{(x({@`SE{43&ZLi$>j7o z9SvhCTr7P7;XeV}+JzC@g4hE%>0YI8;rn>rI2n*J<2e3RAkSUWG8%R`0I%cec*Y9-eb71iWO~FY7 z`qzNTCEdOJ(Z)$l#0-BG12FFu<8sc8l6m5rWps@{+2ljcaA*;7OO&x7D{bRE_Nbpw zH%z8iQlkQZIv)|ip-17FC4%DFFEBRc`6m_gew%fv%PgYqNcM(1cAlbuJG~vQe|YIJ z+C~VghEeA7FniDi_L3oq7YEj}@1%KP3A~K-Gy#`wytqkZ2P6#CSJM5Munet_dH|nH zyuvhz&U#l>;jLNa)L%{17s<42ZIJXd0n^{v*+kBwL=D*28>*~P`Fs6wxC#KVWo)r+ z-lgDfq*a-1)&}zxen4|vX5xToZH$trD(a!R8O>L@jl-8MyVKf&d092C zob4QvqplBcTEk_yw~_bd264wq29qvIqsU#jlP8*bsx)A#gX~2EL@yB9TMLZiuS&wy zW(gapBlGJ(9yQ`!M(8^zko>(D)84Q6I$N$JxOHKk3I4PJ=+X#hVU4-yao(*iodi2W zILD@QiU5^XNTnW8*rT;qziHbnesmyipbM57wAS|JVstD90=Gk4(VqC+H1nX1nD#UQ zYFSqxIZ}jkQAuNNpiL3L9E=(OtM*$JxEI0%OYChj0n0C?ZNoFOaGqM9K|mIeKpd9g zvsy+)j0TO4aqB=Dntr(J3&WBSj1i8N$=$`W_TqJ#RuT|!TOfS}07TA-m63+h4RAV! zvlKHrDGbA}Gz}xoJXx#j@M-hvS_}s6Sg_3z?lV&OPsKmmyCK!|^J?w^KB{Vx(ASk% z>*s;2ZUV#^!9$*7* zg^xf*b($^I+EnW3+nG@Y$P5WIfCeKi?Nw2p?3A}(GY1@Zsgfpp78x$0#zPP)NHq(qdBG6n2&SXI^vnE z51YJkqUpL#{l(Uq2x(ZHo`$^Xb!p*8k((n2k6K4eS;lHwkknG=Prg|0Eu0axzlS5% zzB~Af;Yn;Sm+Z*0Mg8RIid@LmL7pwIXtuh}nKqYvNR7TwM{j!g1I6AE)O;PTU1&GX z(W^U23l{t8PDk?djIMtlVP^9k>8} zYmTRpyf!x{)9)d_w~-?ql%C8p&o$Lu*~o~^3b|EKM$`9AamrRYV$E$cSys1b3@W5x zvF}+ruB{YOOkj>1rd7@{gNoXjg-I6tALA`1$5gU=nWWR8^MQBH0MD&`m8EJadv21) zd6=>aVEy20(1cGua%Vv8y;(vAZ|`-cgEAm6Bt|9}bz#@(Nr^G=M8Z(<#x`^!wr{4j zlGP!K86%u<+30B|Qg%7(%`!->jL@ro9nE;>jl3kDBhas5`y6sAgPf-UiZ%aZT!UMq27cW2gPL@+c%w zh5dScYOb-O>)sZgJGHis^4;5d^Nt5jd(@^(kJ1m>3r*2}Dd`sJqv|5VSb{kvx>--k zTpo+YeJkpgy}Iz8q9T}w5wQia+t##$F_H9dhBe9cOAAyp86shim#!<*bcn^i)ZFAS z00MJ^T@ZZ^O04RxpuUY4%-j)&%g!<>_SXoJ{_%-$F`Dd5;hyGA=B}`bBi;jZfNPIB z)KbV1;So4EJawRhW*f-Z5gPypVcM_6W4OXJM+3fkngHmJ*rBszxwkRNjt((gOrjq- zo;Hhd$t0QxQq;np z!!KMD)~(uV$4`}_yF`)BHuKGADFuUAo*ixgZEf1sutR*c!&_Nunr^CyZDG9Aj7Ku( z3>)cL$=Kd5p^$9%=k0KTDGwattuFzj#iBUA9;Oi)U=Dp zZVTI%Uo>(?aA+oSG;TDTX^_6)T#S` zuy}g=PrI{*-tO8{a+y+bfWS~^DRe}djFBP}W{e*v?{pP{m(xpxc))ORz@UW2ML9CG za>BuLgOS5kM$wqFut6F-XMEYZhk(eljR{VNHwjMzNM zH^Up}{hZZizMjf+ZzKj82*_;GjJhy3>~GAlI?T2A*SqbOPc6!+J#*fNKEqyS zFPVKbAzpbAQMY6aX0ooYC6tumSJ$mBb_TD9Be!|+G;1IyC)J0gZ{OHyuwkG~BWLCG zts@}vINeG(QPjo+QR5Xx)g+xA5bomugMtlE`B_n}@9ggu-f%>SbJMTZy%#{$;b_%w zZCT4PJPJVK!&aWu$V^PE%hYF)^{!6k*6C$Y`@dZ9D@ZP&rDGn`?Jzs}hjb&8?^~L6 zuI=|wf`s%3v8^mVc6Vc0zF1Z?AvS@yV!2S ztz;x}LxPeJSFog|V>cvDx|%-bxwQ&Ubv%!Hp>eGhcZf(*BfvQA=|?!Zk9%)*yp)5#CUVWo-OdViSG2PL3eqh-ndZ~ zGN|luPvO_vgQu6N^nZoCY2q&m&8g_#E7F$ZM^%5Z$fyfQ{-wP;SIWLP)SFcCE~lua z%6*v0%qn<~>-o@T;%<0yTT2@dWWKcW&#wd{$zYP}1N8A;x53^5Z|kYXSv= z=F;FI$jTU=2d#R)gFHEXt6fc`+lZ!y;a6*J3y*Ebr6F@3zomFE*d)*kIa28yi2ykq za6Y{&g7LqAXSmlioo?I24`>o19tQ*k#&e&q6|5gZ<0~AWhP3@s^I4d}to~9ne67?2 z$v>CtUYQ)%liNtoV$URG{E5}T?^bA~t&b;NddBkl_e$5K*o>^P?p%n@M_<;w!0A@{ zE~hlQS%OF%j!a`{q-hso^TnfUqHQwekJ{7+RR<@pTJ?_uU2A#+m}Pk9)7n9T!)r#k z=s4!GdT40mk7w6n(tJXev)xA(&CEnHlg~J>G5DP(rQ$0cCf3^8;>K%M*k%%(N|?sb zy{X1lF=*v{1M!Mqhm+n}__I!u-^|*O+=m|`D-X?&^{amtemmTFp)PNHHsaBf06L5n zUWED+!L8!aE(r1O2mDRGy1tUzQPp)lQqgh4N%I``>C&{d-wkLow3?I=n|qlg+{CfN zk3;WU8OjMAhkFAYjQJ7=8d@ok^twWD9gDwN7jE1J|f;~Fhg&u zOtwqOj#&ZE1A<5y=Zf?j9cNRI#-16H8-$xixRHg#oAa~|gb%2za@2<#pHqBm)cg@` z;Jb|iJB7Wuxs3!xpA4(CmK=R+@~`5LgLJ)1PM^fq6E*GVU5F8mHemh)bgoWqZd531 zsqv1H6}|U}KFG^2mZY+(E^&fE=kc$(JO%LY!f{#2s(EV@n1Wwsr z_5CzMBFfIM}yL~G~jm^N4H<ROex#NWIvhHb#Fuo*e8p>!XN z5NZAyn##fBT|!89nB^aH+z(&yrlgG>j{%cW{?XPR;%i`!=JFY^8z-%OtMIo&wrC*L zn8iAjBnAEw4KoS8htfJOmo2lU#ghL0)Pz8PrF@t1U&4MJ_}k*kZwL6Y?(WN3)20ux zWC7MbK;ZuX4<@CMd%uG|9WTMXF>LHLAMNi9&l^V~$1YSUTy1Ypr`EnX_>tht$hCXR z%^pR(wr%eea)37VILQA1>(fkp$CBvYD7?3|n$rGh5d)vxy8XuQx71hB9}T==rRlcD zOZjd^u~G`g0VngVVzgwn(C`n5T7u7T`kkU&+{DaD2stA@mCIQ8i|p{p=g;I6i!IIx zPkN4B46S2tN$~}yq>|fPxS7xcCI>)zRb4~F(%l)g2&0vmfFyOmqnDw)U767QHPTM8 zszax07I#0{;fhWIV;uHBoo;xu;KsS|pT|+$Xi?tk9u(EkNVj2j2tew*QDa_Zdm0+$ z?xSsG9M=AH$r}Y^2eI#7L8y3(QF$ej<^m!PR|NE5T0>10rPuXKn`mQ&=bFtgM=1CPyo3Ju|pUSZp#aCDMx`mFV z15IM2Jd5|$z|Ujew1X6*bMK$obK-W1W2B<$I<$Iygo}b@&OrwQBEM1WZ=i1vom1`B zdZvcqRx6l}=;SB2)OuEvmDZ;e@b@>oH{rN$9)GcYme%+uo3+3Nm$?dS@+0<#vG{*) z@l#f?z0$1hWkcpHv8X5?I3#DB@zS_zQ@oQ1&}i{5_*@90n_JkthHSy}ugFMlHvO;PEBsjNY}ZtGUYV+rJ&EpNMZI(rv!SaL)|UN3`T) z<@c+L1A_3amW$#a5hkA6gckG6q$6(5PBgW{5stgQzs|IN7f2UDz3~3M7@qNR5>*4|BcWrA^rsnE zBO-*q371*d4yA2taQ88hA_U`Z)124Q9u>LqMV^p!yQ`^S%8>DgC0u*{6*)&mUeWpXIELSQ40Fb4=mCH0}qO4c&N5lUB5NkJDkCn1} zB#g*5edPnWHMxE8@I@5XTC7q`(hv)g$`5MBQn6~1XT4~j4Rp(|2VY*=-&=XGCehC= zf&PD5_-oP@vjnipGomvv*E2v#@cFl zYs8SCN0DSITee9Zee2LQUy8mF@SIclQ^dCi#C{pN+ia6tzVjAG58oK?n(tO8l<0mP z=-PgfJ>32nk@dS+cQ?#86B*>>dUJ~T`{PfJkvwgsc&FjXpTb)8oTaW309HAOAP`5O z;)M0PD#c&;SsItb;5@N4xi_G9rMgS>y?%iRhsUr3qcxAG>0 z74u}z8%BHLuS;lWG<@azLVnAa{{Rav^%=Y)sy?Hk%Hly1{{XMFCz3Iqg1om%h~Icp z2ALe)#+Ww{ws6C^{c9d=49`RO8R9=37|-MkUB2sr@VFAKC**i&*jH z&Zs3zZETVxLN@t;`VO3PNy#k&$IrJqCa+;4i-_h(+XQ8B4Pf5F){-sEnT}OCIO3vG zDmop1+ojYk;<=DGV4HHM2N;$ zJZs_a>{n|^%O%1RIp|3At^fpRX0*7E&a{>?lE%X!!S7EuFniN`dWMMTOnwp7331(!`U+Aa!XE2iCVn@jk)v6}6AWpN02Va6t&v?CsOe zLN}RPJRhxpKwt1gzuJ39_^a@<#6PnC0E=}gY`lBn))y8DJfyY61aYt)!x-b%rN>5& znrWZ1ntkQwk$(w^z>!~}_OH1-3F1p%82BvO%b>#!isqTQ$^1joA=W1F zpNg#(Xm!mh;X_J{a`3U*=)<~|CnMUwlTY|A_v}Gs@C)O1llwvVO3oknR$ma@+ug}* zn+=|)w|4jc0Ir>L*E!>*Wagu0``hpT0D@yZ8T{mG+FaIi&jjpz=#B^rkIt|hZdFYD zzSZ9ik2a{g0{!E;dsTLdRuTU1hB!R(Dvolrkt}!tx(@wwO$ZCd2~=awO#_P5o=Fe| z3O;`Rl_VH^xh=b=JuyMKc@VHz)RqKf@zSA_a}c0NTO5KtC>k|jRE{)U6q6aqJ!{iG z7kob(*yQX{iM7z`&9f5 z_eL=6GuA#e#8#|TWqm*jouM<dMgpl5k1%py;Q$ZYkU! zlX~;Fo(+1R!e5M9@9gvOkKtd&?+hE&xzP1^=e&yFIiB3$NC@ag+|hpLZ8m?PXTgt- zo(}P5m+h=?3lehjhqr``m9qi`M}6HSB|1fnQC%{lvizi;8|nF1m1{Gv z*xesO{08xA>UP&Y9k_C5SvN*qur}cEKbPTNhvRD(NuKd-+_rG%9YuQhN!atT6plMe zvqC)7UCK^)9V>R?<}`$`U4=$42U_)_`yN!_b7Ez#6^0L-ooIkHaOsOTqdV!bEi!kM+-D;a0wX2HzrhL zeT};~FRu}nD`^>m@NvoZ73-c3@EzUz$0ns0*`vtX&D?s|4kD^Yqe6o{uS@XMT4R`0 zM&U`rsI47H!2(Ejh2t0_t$7tH-JXXb=9f`}BREnQIT-C#yy+MS-F{5tIHgWEW^&lO zq3Av&@s6P$iQru+wcSnMVB4QAKT=qFdJ6p@_yhX~#15I`Z;A6-c%J=Va%thptS#=J z)c%#E!>7S8@8|OTrK70tR7^j+a=Fa+JjnX`M36_ zx72)H@V3cxZAVZ3+OoOx;Y5=XkT7yc?bq|Kmk;e9;`@IEY1(Iv^*cjzr^B}@0_+~= zx#?F3-JL5$d?)dn_WSsE;OH;ys@$9Fk<6YFL*v@rQK4>>9eDX_ub0pU-&zQ$2b~^iXtZUnZjYLR@?i(5O zuE-o!D%{RV5bnSv=LV#N2_2SDz~`-5#U@;e1u`&DNY6vkwV~76e8j1S9l+v~b{&oD zEj?nA8%Byr?oZuFmnHs~uf0EJ&)5Uw560a}+WK2fOT#`En&Bg99x^17GwG4X*14)r zxzPw8)BgbMqyGQ|sX&%McsrP!^VYvfY;?&@njS}5C zSkz!I;a+t~+}$f0mgLA*IMW9>#w%V;J^Ym=aKQD&b4p!~f?;hFs-cZpv5u9M1(oHk z=v8I%$@{ecbOPm+;o~8P2Q>LFEaL=BM*h6?skw2D&LdjBc*KUp#*&3Dps)ae^{O{4;Nm*T6gTd-PwQ-HjQa*P0m-}QboR^l~3$$4^Xizyx2xIw?iv0EQ zm&ETD_~TQ1?RQWw44*UGi*1y0ZUOP@LQKuip`9G;vy!}u)3?>y3#i?kqb~y$qLC+4H;pHj zGiW7T5y{PR*Cu$2UBNlrIUt&_3r%j>(0!#5j(%X>YGoQ^tS;>23C?kjlnAG(q%&p1 zBPkd-u3SP;$W@r9PLu)6_^!iH)HL>n(q>lRj(sbe(6nt%+9=Gtk@u7ilnm}5isJ|Z z>|FO4&03x!yI%(?YZ-1L_9Oc`JT9(JZ+hqTNu+{Ek;WCc`c*|RIs3L~kD2B&spEsk z*12!(wOhBhl5Ojp4tO=79Y&vgW;<62wD#{^MV-i%mvJc|=x76|x1MR85>_XIGf&j) z;Eq4_fwyyxxS$JqM5rTJrBSpD0%^C?Lc60}{{V$#;%6%vHqkJg$O{GZs4j%*E_ZY} z9`&SEjLC(_kb^6#_WD+iZQ9x7ibWC(^PaT8!MD}k3631QXVj-wYr4d#Mous z(E1t&W3P@$?!2()Y^lM);MY~A?Y3j~qz@VO?LZXorrU4@qh=6$)QvpOfHR-RwE`fD zM9VCVx3)z-J(8A1erN)h+V3seNTOW&alxu@dFQLeDiFi(1KNNfwMmg#~kEmrE`rNN#-Mr;2*+(Ih(yQ%6W&{V`t-a(@MkHeDa5L6|WP~n}r&CK6)3TTe{n7NGWm($p-!edkbp&NV=M~uLm!3_j z^U)a`ci@T!Q-bn0xpgHv;16o-^!OmSiIdNZaQ+kCfHQ96`!s>!KL7bd=(EN&U zGOeY!Swtjmi1h?@uSL`RIil~1@gis@$ZQjkO$peWoffGKOpMC0#>b!oip|rlytmyZ zRQ4F_NJnQC>?;N!a;!UMtyt<&;}eX<)ZkEKEyi9owELRgWrX(Qt#k6liGvauy+?X! z5;o@QNFaAr4UT$NuYo*uYpX?ZXFi`abHyVgZd?QYde)xIxWwu1Zr}xr{_K4#KH5g} z)I}g|$Dew%if+c-noQSNkwA1kKo!dCIz8T+?IT3S0qxBK=Vn7s5C|iTtASB7nZd{> z2b#)Ar6L%bG@X3Wh_lW`XiZ}Pl`btM4HI<(wLwE3-J?EYoT>dQn7-ART&=OSkJ4I?sJGXhQ{ za8MqE3f0wNj0o5?av>SW>L@7~uv``8T!bf%YTTC-#kEU6mU$kO8pU=zXUFC&= z+DfXNI+S7DPvnntl)TtcQTEwpRG)l&Z=k19~*oZcMqAa=#bAe0k_K>L}ZV8 z`F7Ekd-?3;x>)9A+#_LwT-6|S7H5v*PjPc5S``~}>0J(orfHuLG+WDCKN!cS>v6u= z?5@VekPq&;@e9Wvv$u||JVT^3k;e?C8|a{Y=_2~$p#bMK`mra)t8aR1w_!cL#2efWySvw& z+FV4l7~PKINEo1%4&|%lAyrkBWPR^Sj?UL59ppz&#*=n5Iu|2o3P$X4MTB!Ykt-3; zG@~n>1=)1j<;uVTU^ANFJZGY766vB_Ctd1JYZ4ITj{&F01v#U-rjc~g;9pmT93 z#yI=gpnRBOPhZ=VJnPlh-4qMB-~1SjL_?%McfO_ocOh z8UAE&9Zo)K$k8*Pwwh~9gkXNYwJpx7Co$SRpU>3F4_ej)%3To1k`{6Zc=q?l2Clr3 zq5yaVb*nLK)6=!1X0D~Hr7z%J$hD(pK+XKzp2fw++=|Mz}GE#;Wf2|Ugb}fC@j4H06J2SV{?UzPoGEB zSlaFTI~!@7s%t6@Ks;ao+j@{jF;O+t)(F$K4J<5UVYi^qV^|l~mr5pO zjo)u9M`2ksSj!Wl&OfEZXEONR0WNV z`^^O8x{sRx^TDb1eTHV;*$98pfEy3p^~GV__)%8cTezKsVZht!dH(G(r(`+rR zlrG}4ZYQm5Txhp95iGXyM(%JinyAElnq2ekPSa9d@WfHmIAGm}*0G@bRim;hC|;S* zKb2GLXipuq_fo8mH@AG8abHAuXHT$gJtSCT3&6==YNg~vpJSi#1UhB3vMQ=G6O;1u zUVS>mN|i_0#~mwpyO|Z8U{?W~hWpoCB%CcLBZU)3=g$6Pq_IJ{J;3O zSkcdjE-o#f%!LNvc7@yzIQ=WG)91Um(&5!~2xO9I&^tmGmtR58Q(obODCl~C*Uvm_wCr-RfC=Z5$28v+n|)PnCBAjHdBb6s4fz;b=M^sN+) zIW<0J@dUblvvktg$rsvY4F3SS9CfU{F5RSt81EV=Cg?*Ef%P<{A(SBUG`)Q;k~j+^ zkk5c}Kdp9Gemu6mwt@>t9s-P0a7;5C^{H;-JtyHTms*~oaMLsl!N|g~B&TiJ=z7NAA4nGbr`)_u_Cf2<>{ZB`BXLyo);&F^uH9}wY1SK&5M$Ed11Eu3e54B!)+Ht z@SD%2!5!7jyoDx;M%oIVm_7T|##RHtJ{ovYF0~t(KwlxHA%=5~dsoyRCGd@c=`h-~ z@uH-DVwGHxA?;h3Gr)B37x0TFU z;_Wj=)O9TvSkrGTp@_(@9MI%Spz>0(sUC+yR?yNu1JHa~D|oNLx*3weV-DeQlwVLk z3iIC`=$hT$lW%e1+pGI)gpel z5C$vVejRv5EBnS<$=2Q!jK7&7;Rpx6*B_m0%!zU}?(E;~N*ZnS90h_egrz*xv}Pt}HaN6oP=^i5x9%b4?#X=zb!! zw3*~qONjx_!_yV>_s0z`*!ZH);!c;QN;PEJ6r$Zp%z5NDbAg%)gnFDOj{J9XCYPk# zcvr*|TiaYX^X=vsRAJb9nokbuS32#4HhR69&vFTABus!s28szp@sAn!I>7387V@}_ ze8B2d^!#gQ!}?Z{Yo|eEmoeK$k)N5^lE<*`PUdwx9Hgr!+Dl$T6I${S4*`cv*O>V4 zOtiAQ)1k8~YcqusWpF-Y&>s9&i)~CB*2ky#3&F@m#M8+f5gcUT=2MP>y`xL;)|+c> z9lFCTD<>MJ7i+rKRXPizTZqrNID{Q;Z*_WO$$AuCpv~X_H?|Eu19n+{uP{-rkuTw z3j0mgJU!wCOUc^DOe%7i``!NlD)ylj&xQ1BPZenwG3$CeTZ3>dz-EY((S=Dzu6PSs z@VAO=u52}}G(o0a07RlZNfTqQt$g7(f_1G2#JZet{hH%VONVe1E#{_92em_$nWP!o z-e}$}pTZ5SX&xQa?DX6)nqZrL&OQ3o4-J0OUl^>sC2!$x4C@!x_BO80u}vu`&5jN| zYLtysPW%2FBjdk^JUgUaYZ{~)ma2rK%FIAee}_H)0F`+*x#F!~;sCMnZmlE5Gr5(< z{mM@~{*gui8Gx z!5$OTyf3F-!=-DsO3d(0AIowG#=-0Kug?z(T*DQe#L|{{k#>dW(y61G zO4^d?b`n8#9J}_bVDZNl>NXxM`wF$5=;cnMBM0l6%4rEijtlGCop#4jOX<9yFcw8P z1asECt-KLq@Mkn@$zU;AGTF9gO^k_;&q`l3f$BR!yfIab1?0&`gbZXO2Zv zw2bmAHmoGe6Y8QH8H8yJv8ZM%A_rFBj)#NRzCyLqZL~icUTfMw7EsH?(PQM7l0e(r znrZhbNuBa)7crZQ`#BfR11BdOW}?$Id#!6%h)Zq$mdsHY9G4x%Y08b_+CKC6d#X!i zq=b^#+Rmy2CVu$zHO+X7#_IR?AKC^hf1Hj606m5)DN*Qa85p`piyCX9hI!(*QHMy| zu6xzZHt~kBb8`fYjO($zO401>QS)cV{{VyO;g(KBpAS0j*d-#Ox`yOQ)iGt=}vN5a?FFv`l2xCt|< zz<;Q(p?(bbTTSqGs(fLkYRs2Yg1b^&Y$KjW^{RL(l^?!88dHdJ=ymq~AhYl$k2JPALR`ha zd5#nT*VL)w)Ys2Hw0hY5Lhycz@iV|$bjMIv^6!}=%Uh^CmtOt(tYuHB4)?j{ULcM2 z&xQIu{Lp=tTX$u*m6vId_Y8aEkIuXY#1{6qHjlMR%mCycyhTGn72M@Ctx9tNw*lj2 z`AWB1)bQrFec?|P=>8?OM`gB{8A35vBiQ?TRl+9c>i+eO;b;T*y@%Ntl@~|SHB(elV6-t-6Ok%C(F*$ zk&b#1N0C&|WB487yB`hshEEUbGo$I+i!$Kk2;7V=PJL_WzlUEGbzj)i_N4f0@$XJz zEnv7?O;7iS%WD~MuaG#-4+php)b6Iw?YmF$9)Z6{NPbi{&GZK1ux0i4%@PY;-^LKIx*k&IVW z38_Zs1z43OPypbKynSiDb378oyskzvI)Pi9t~StxN-K{tB7O5v%nXtiQI#FNC@L`` z`Ph}g@V>rP?pzEya!S6tg_s0*!Ts~COoNDP{4n^>tEJq!A~0M`k%t{Z?DZQ*N=Q1 zGijQbW0@znQ}RjbeqZNYwPV=ni@EP>cV($Xr+9}+oh~$eLN#K_cnp1L)GQlNwR;9o zZXjvD-duNaFh@{&dJnB(DReDILHBwa<<+BToDAjo1B!>jy4BsTscmgL119oU1dOOX zD~_YN*G->$>5@aK_*HeyCgM0|ffP?~BjJI^-UHIS3*tw_E9+|r8QJe%F|{L&hI5+Z zjTYUJ)~h3~_!sd){^I>5Z9Z70g~Bs#=N`5CWBsLht7*~PIvH)HP1z%@b<(8b?9MDi z@1cd^%}uQ@?<}sNNg`wWyoxm`UJ)_~Hblo94A-eovE7|<2@^8=T9(z zRnPd>Ty{C-5~4ts@`)B5=eRz#G1ML)@w_2by|YZqm6;b8Qy~iivoiyncdh*c!dwgRp-G=tcz5B{8fAhpOM8h_e8eZ+_NlcvpG$S}lx-uU4wc~I zDmKqroGfy3c#8K(yMjp}S#4kC+IBeuBP__*45Wc+cV~hU>-xe-G*9go$i~hM9l5&F`A@sKCNU>hHo&+4sTU z4m7`J2DZJMP}QuY)uUnlfg#Dk z?*82dEAg-Piv6~A?-^=$Y2oNJ`*$nl%Nz<)6!huT*JUbZb!TJquf$r__lhT;=U%!u zQpnqgB<(}~&!DbSX+IJ?3 z7}>y5LFc7kx3yQ96@!hZsT>*!v$@bT5JM4?S)sQ~@=5)1Urc-t{hGcid~nw6bYB5! zQy3kT%c#i#XmQ*RQ(V<59WaUg6#mHH@Jasw3w%4g(!6iu)YH6Cs>5)PByy)Djz$oS zV>SDQrubvSdUll!mX+bXCqvjlKWBs{;sysw^J>*QArqw1`LS`exkb5HN3Ha>@Ydvpw#E?+8AaHZrD@ro@*KJUe@SIEPQRCtUE7d)179ZigW^AnJXfgP>e|Ml(&`eNxKEWq_O9A=`kBh5k3Rm>yEjtL zDr}oOcZ16cZ=TZ3By~9_{N}ev=XDv=S-5 z5BxK_^D};h#&SRyuU*i*D!P2Z76O+14hKr*l&n$j`bUIqq=GeK3gL+ zRD~a%WDMG|jyrRJyW%|$rC+>s5yquK^fhpafskVRP9uSYQ)i5hE2I9-x`r6U`N$bR z?F!Pw$=HS)YgJ~$?OsnNxSf9TYX){we5_|Z=o&fO9bS9l(nljlwDr$g>g=`4- zH7*)~&&_fzYx<6_qFYI+JEo$5D~DWeJEvC4nQg~^{$RPTYJDGEIh(`5yeBFVG!(FXE4aS8BYThUjD`hjys6uD%ts$)YLXd zD9HS{<5DslR(g-^3ET$&uRiqSD-h9ENYmy<;i;<(X%PX4Z|7Q)SN_BkKc22*ldlzS zLv?JbjV9&kL8K&+#p-$&+wRhRLnv>IHb@R?DW)x%!bZ6XK3f;%005VHO6UM#eN_g)Sl_$VVVh z1o8*kNmG^Un&Lc1q}gi_gq0U1y6w$t1T^ePqi9fRmhPh3Hdb5%j-K_)-}rA)-z1iB ziKAvb1IVGoe9VhY(B+Ci_qK8e9lGMX)Um=Us%3Fmv`G}OLeUtv5Pj;Lml2{1a-(wo zlz^{mDEYwYn!O#$#5}#52e6>VSGifFeeLCvQ|VQja0-H1oD-J&wP(hfzL|5UmW)Lss6ThVwOF|s z%@X2Mp3Wsdyc?p&TIDrap25*9-wNblVzV@gHtenSE1PKKXq<79F;cdXYch!^OiP^d zI#X)J8Cs5>uxv595%0*X)-4hZ-~{^8GLdoxX=5!L22Lv4+leAz9aV>|1QxU{DIRjS zQ!^@zWY(s=X$_PK_E64y=72bMjhTxw9zTY+EGF9|Vp!5u=yTet+7%f+jBgQXT6U$q ze6Xh^haHW0Ubps(SxjnJASFgeT9agOx`vl`sL0c)0Im-_6N=&WixCNPyKTq!K&+;X zV9%PoZ{gdYHd}!kv~0w5>F-}VYMMEcYuh{9HhWfFZ|vFh^rsm!t}OUV;-`gM!urj@ zwYM_D#2ljizPpsm6pO%X041`UDeXvUR;N&*K0nBbrK}LOZ?r<0*q`y z_C{6Yg5dCnrYj=eOGxKU-u-MAI#e9?TAHv!vhv#|A zyex20-2#;-wPR786y$ietd}w$Dl-h~da#R~gN89NdiM^`8{!*0&oPFvQ8F$g4o zP;8GG@f6m#(!7ZrMn)Xt*VeiFO*-5*Sr#`vFgU4}#>tz}2&}fTjh%QE?Vb_5(~)Cm zB*5bYFI?71T#jUKYW^A1?xB|I&SZ_4=Le}Z;2PeWeE2UR~R3AsIE^?xH7qlHva(Y(d^9SvB_OQ!v>T_y?CgsBh*nuzGQMl2>_9U zP~&4LvqIwLE2LBrkt*b8+|_$+Hd&<*xeJmryV9kjV@;^>n9D0LVs$}w>qo!%LS1?O)_P?{vxY~`;t1jbEj>2VTZ1dC%=Btqwko&J3 zPEjIQB1I#q>yM>yHy5{8mrO|vg!HRM$|xqV)D|c5CooP_;GW-F@=06bL^{0EHNstK z`T17_@$XIBp+{S1cjmlt>WMY9tVUQ5>0W_zuU$<5vXI4hZxV>(eVD?IgFR~*q9l%9 zW}QPDa0I*@9+hWBwbm~sn|uf`eo_xw%*5>Bv!2P|S>Ro{$@Z?ABW__TA}-DMNk4X) zT>$U&4+Tf7>DM}dXg0(Hy0Z<$ds8nZ@MW}VZ7dIIGJWS^yLb3jo(Wr zqw|(YK?Xp7hMsOT&mkjdfo$MyS_XM-Ya6mpwCLT{i%0!q)HK2p#gEa zv175BbFWxwk?xj7jD`c|=}<>`X?#TXcW}(a^ix*|jX{uKMXAdOmd8=)RWvqi?&H4^dqHW)r?v&E;UK>At@0bbbpDg zvvikAfz}n291^|#saP5`Vz)@hVJ_$HqqSbU)HSPXRQ}7CW*tw>oE6VMrfDdQbXu9z zq-MUI1@IXx zp4#elFC;9C1~Nt~oz(m)x9|vWVvl1Sl2@pvX%>GVBf)yz!+4@N>K-=nMgE*_gUw+kNii_aRCLW}a|y_~;M<$6d(P8!N#%_sg9XZxPbal{CWYYN zI@eIs^-EZ;ZJ3or#_XW!*S#)towst`_k=X9E&&#qX6PF@Sy;IT9lyf7b4$^d`@|1w z?B?4+$jDg9dTbY>$=_Dw2d1;(Qi_WM>uT%0Q&0eH8s@4(*FRpTImtp?yd00cc-!S zuSd{rt?oC;A`dls)XF7T_aBFTHnh+@L1}9|Fs+eL3;AP=k~#J3n)*w`dWVHIeO}5z za=O-*k(KgU!k&5H`gN>a9_1*qKL-3S@YU9-sp{Hxp#_$QC(Lb(g!vDHz#wK>|4#l1_S#*{@Bu z_^n|zjrNsyWUkD^%YQHCQV(N}m8lIbry=6Y-3wi^1+DhDK)*8r+w;_5R|N6FdtxnS zfiR@wjc8SdwM{F>J=GpGx`{Q1Gqgg`{^D_fFQajii8Z-uV0} zkde)58iaz}TFrC5K1V06YmTvrB4&kucAHNv+XJBb;)3FedIyO7TcSg(9SSu|StJb# zvSc1dJa+3|s=g!A{9cWB;z+_=d1HuEnHwMwNa@~&jnq$|z7cDF9q`i6XKQB^_N?Ah zBcbCXoPGwq4)4Q07x4q!M`3C976@Bo9Em&naZ$;soTJqFL*kx`py_uoojUH_waCjT zg_rL8=kxrkFAwW>uWb}lNd>H*anVoA=AR&xPe$Gk z-Wp4-F5)D4)NF0Tlp>-?=!7k~7t+9mQbZcy7wYmR&s(DI5TEz~kDW zwsoEo)3qjf3%QB_e(?V98Ly))?xgUihUR@EQ*BHtd4NCPVspX%RnZd(BzbiI01!2+ zneFc3X)SIGe8BKR`+#fI{1x#*ptvus#JbJ0xGxN zZ70Uw9`QAmuCt-s+{1XLM7fFc8jaW)&rSt$I)&Z#lYF*&+Er&&{o4Wn_03dg+{RKW z>oDrl-C5j0c_d{R6;bzGdNphOP_ojse+TI{(IdmGK*Ddd78u`;&yVq~NaVPDEBL{0 z;p-^;9pe2p^|q0j?eAg%3>Y2j+VoF|@J$=t>CjtEc8$6q#~TRgk^VGT-BUbw#n(Ev zqv9jtJFuejcIPE{VdyKLlG^uBd3G0NJd!E4S0U+8_;!0A3ff$WSIM3;m2L_F+Xkih zeWa|i#bAQe=>W$ylE?&lo-RQZuFvFcKIPg1n7 zE-fSu%loz?8LtAow((E)%>HaQYXEWy$N^M(W357Zis!5NS5&*5q>b%c5U@;+GBKR~ zwd^)NEsonva}bi+<-YDldr=scjw9ip#O-~4Azf+SC78n|;BD>|$QjN6_0J-|Ks+&| zSoo&ieLqr$8@Of4yU4`(WRJXmFly4UKO^KX9eh01JUxARZ*?8r)|EW2u}hqwPeJsq zHFWvBGi4jw!8OIXV5BD|G3!iBZlU5`X(NUh=4F9N$Q@d|msy+6ygG%=?bK2N3#oI- z2aY;b^LHh{`UBy2k2GCZQnt`Fty0p!kf1cJjo|bH@~@*WG(9Iry`Jw+)}gtvAT!6f z5!3no4QC~CJ(Z6>)qGtZpK(3Cs|Sg}3AAp&uMyX^lxvoh!cj&~AJ((wvl@ZH+4#=- z3#*u-g(igl?5pxld)Lxmv*fmyUM19%U$ceeSi{>8d0g}-@-?Dnr@deNQL@mr%gY;S z7GEWmgM{Jv>6-aZ;#b8F5Z`!|&20p6+fO#>C3Ce-f4DtqjT-(F@gA#dsKB2b;*ug#K0)yB!s~r*^Thrg@ouGirbM1&!E{`oGbiQ2 z{40Cmr-Go+jQ$$B)X&Xm|JwW|)>qtkV_@Cj`w~T%r zYQNZeg@&DHKKq*lcl)e4+w4w9>0ba#;k|mo)@U_#f*bG(Nwby6C#UICEr%9)t4A)M zs$ya`9vGidT@I(CU)UwR>HYPL=m>OdkEhm?mZw4V{{ZaAFs}D*D_ni1;AmJ z9*Tb|sUu}Jtz-9x{s>$9Qn!k9?;HNee-QQCaeJl@KR{{QY4WmuMPBfdGEAa z-3I-Wgq0fvbr}_nR_}ANGCsigL#f|*r^4Efk!yDf-@-S?8y>&sitBE4{Z((gJ*i&l zCLK#plQBvcrh1I}9G)uom{o4Lk_01;o()RKuw?0uP%VKgJeMT!R9KI-jEBzDwY;#nJ%19yD7GIIi zuUgIW*42k?vxP!V<}`D15k2IV|$C#7oI2lAJALI)!qshyOW zv88yQ#GVH6XM{c@_$O9vAI4rD)FRa_XGYp`j1CF(AQ6iH07;MdClBp`;J@2r_Gj=v z#h(ve>GNvoZnm23jBS^*x>1MR4_sX3K8IQM_3e@~Nov4Gt;!nUwXHH~ZC>AV zi@00Ng@NP|UR_nKg2(4y$IUX*+r`V`FD-4N)QGmahBUwvbl%?N=ku?LK0ACRpT|B4 z*8CxK3Dj&MYpWpZpE@QPWnA^(h6C$ZMnY)*N4`3IHof>|i6@Nu_4nXc+`FsTBelgR)R^7N*OU72?6E<58D*By>w?k8*o3VrCgj$2}g z$d1eb`A9u#fRP5pD(5t^NJL>!mIHz9L2%q|06^Q0?lV`QV5Ej@=NowGLD3D)$H5*t z*M1RvMDRbwuL_&nU3)~-Ai9oQHYnv5K+dNfLjj8a071{$ljCoK{wjDc;ot2?;N3vQ zqWG6ghQnUBR>}!@7?cm=2Xg)ytST$S>xReZ?wM()TEN~PfW-ikF)gBi0b(yQAX-A3<0~o4%!Up6_$wk)_zJ)}FTz%B+7={6T9ijEQw1OQ>IK#(KB7ttrLq zV^*3mblq+#Wso2#lfds<5^8fS%C9kG$Q=Iw4R$CqhG_1z{{ZaaW|tR0lpuwFaoV$A zPrB74RI|5vW6uW|tg24M)2DWNMup%XHVE%$j72gN+ppHW8qU%f6e?TC1F0Bg9PwTz zClK#r(xpzvZ*Sr$V7DnF4EOi0Q^Y#*Ow1-bSGM6^eyr#`m&86Ivs*`wNu!S6B=UVL zqxfm?_u?PLMYo4fv6n>98No}*g9l{?_*ag;wbw$KgttFaz7~GVS|5O7(sj#QTW=BS z+m>64iBopd#z)QD+uFY5u(s3eEf#oUh_TBQ3NokASECi7jOEbMv%b65T_W<0y7b!I z99L#+1%yh-R#FEndsjqJjHRI_n$Z68RCQL)Fb{vFW$G8N4a2mPe(0Wgsv$<^KCR*l zOHDM)voDlS-p@+;+r=Lk^t}z_oJj@285v`NO(R%D_0ZmulPb4rMJ!`Ako_yaz zc;gJn!yiIAR-_h-E1jxYmm7hou@P6$-M6q)woR&_9Apabd=KDX8Tk8N9v$#!hi*07 z@Bt^uZJ$iz6_rU?>5LEDFWDFV2_NE56TqG}_|u`PL`-1Vc|@#ZIR|kcrGG~s1Ak|4 zh2I5qC~dqU;jKQ}?ls#4qA)zX_2U>d=GCinst`SmZX8@Vk|45Y8-m~(=xw4hqN}3w z?OYOfI--upP1E3tGQ|V;sP66(Sp}StZ3l&5Dhe}7$);e+eCQkWs<&6js7~*buN1Ba zGkLBoKoo4R>s-#K;t36`(hc$=_r^$~DYBxEmA)o^(OwhqWv%Rb#K|kf4g_zUpF%70 zqvJ2em+|(zFEsmOr`w}r zsHq5fLCW!5b7h{PABWX~c~CEy2V8Zndp#T?2bMjm4-H$S4qSTDNLX$MiVL~c{jg0mCJDCODb7L0YoZr7I)g?h+GHQaK@yijTbs$+A!tY; zdLLTOXNGzH!KF%kld?SVfnI|j3T-2kpMEL^Xj*C0MJLV) zQhMi#+KH0VbbZ(W<0hfN4UJvwu56N6$NFEW^sZ0s-e^>0Ja@-hmjD>o3b+T1@${!c zvE;NsXSp5dP-aq*nSC3qi7L0TsbikmupAYwNH4*3ib|+*?)brrM*dxibN^4J}!ozA zNYWP`emNcL#F~SlQ7lY2@7z$(N}qD{7YgXD7;GMTS5IKCA`>cpVv&raW2Uo_Aix7_ z57wc+)S5RXODR5-5>~L*LfogC0l^vVU8jid?DcCabhZL3wNL^68UWzr@Q$w0o0-bQ zF_h0n{A+@<@nO>ZMA{aqrrldyb&5uh_i_(r^`~O_4#xigT(+BFbRY~bPkOZ;q-+&t zK_{1ER&~0g>EL2Q7K1ojUG6lPR9&tj{g2;w+)Izoh_D ziUAXe6+T?&fn6<(`@=_pw;xIX(HdpFz<8xm&q7a1#h%%1Wmug?I#33Muh^6_vB3iz zihA0{Uwi~NsGtb-MMt&r-YEF!aniUYo+#vNdBJ!|>*+ulvPm2>vRX?4}}UBa$eds01j8)tkN>* zQaASV#LQt3%6&Q-p$4qhY{?>pU!^9CF?DI>l_Z+cR|l}JcFyf2m5lBa2M?3e>sS*M zOMP;Q<-Lmr1m|!)s`_3$${I!+yAwfHG_3BCPbfEvxjm=br4ytWJu(F}M5SVAZDh8@ zfDXUsH5JwD^0$lQ?Xv|3#5O%MWd#ywEv}Gy0tA9F1E-e==F0P?c2`a$wYfepF z<%~x%DLu|;B%m5Lb}TqG8{r@Ke|Py)8e`*Rck<*w>V11xH{$&wDWO@RiWESjIHYcT z`K%d|Llu*5lXgB{)xqjocB^eV-Cf(62UEJTk*p$M>skWqkQ;cuM`gl-a5G;ec+W<> z(d3fGNcRM62kW||>5OcA(eWF?R{ki`?-t(z{6@u_9JV^w=k>j!_*Uv&K1DuKNI>%m z`MKzSI@^^Eqop@mE#xm3+P=+jig@f#rE}KtZk2>nDUUsUD;kj*)5T|Fu^Q+J)DTLZ zsz-Y7bX$oaWs=#7xo$9PhFhDaYh7xIdvaRf?wMHUCz{-f`u^g`+gsduh!^EXIUki( zG)$$?-uPkTUlDjC#L;Q@7WV%D*w;kv3{T4`&p7n{wf3#FpW5t# zl(ahdG%a6Eb)W2^wB=37GK}su(rG&TYS2%nYH&fgwo*kHDn00Nv71IdqxK7R`yON8 zy8!pEJ=OF)lQb%EAVpM3IatfZ+$m3>jEmneDyf*rI z`#6euGsz9}8s(t7xwh0TwE`ANVR0m9x*t(m!DwcdwmzEE{yXZ|nl-+keRDO!+u>8p z>N)LSV*buQ7F)!UwXUrl!b=pUG%SQ8`;OH{jQtVNWVKfTpjKmpyc~gEsMuRYk|Lp0 zcIriKNaCuFExdCrt;<-;Y|Wknj?~+>d$luy1LKc+?TTGYEOE1Ru28--Gjvm}#+ z;=D=^iEF3b&1I;r)p3(1e(xMq8Ymi?cBIE5|(>x_^ADrua?hLNd5%yTMk{Y_7=>(8g#D@ID^ryVMy zwKa@SA<;f7c#iv7n#M?DZ9X?Kqmj#C{{Z^y&^7H|2ecEsiM{yRy^U!ooe_!0X;zJV z!HHmi=OEXhY2FcgUH!}DED@+6XThV-pDdI;k#{3m&7Z1Tl8NXq@g z{59v7R&!f4vK_}9W}T4j(C~kV{yzTzglH@>gS_AdQTIlAnmh&Z2J=!9!pO6sIR~ym z6&5Zu(dfE;q`HQng(WaC{u0>!b?7(t7rK0L88CPUAm<|$l&#R2M#ckcdW>q~DTo>4 zj@6#8ESQp3`LmuXe2Fr3ZH}uty9vE}epQceH1Nw2dA8*BJbpC!MQu%?efG%A4=Twj z=bU4TOKm+O{qmf@TzXci>8Q&l{vnlV3`KZ2sO_$;S)@iP-G)Up#${_U7d~WZ^KBy_ zbgZZ#@}NYK+%k{6$C?V~W~$1v+n6Msgq-p{D>~2Z7I$jXBzHEz9ORHm`cNF~hr~Z- zy3C;#-+_V;0-=WGlGn;f5Vr&CQ7LFkeaFM8-#N63TPtbNq}pT$YXt+0de@+6QL@Sl zCzR#5@0?U5Otw1%qD!eV%9qiigMy9Ptc@yLefF~=`I+I@)7rF*Y)Y1)E|aa;pq|eD zF}W^LQrg<6MoU;#Za!{< z@vVCc>oc&3fjP!I3K@~L6q}@GgWbS3|>pHW1Yj0zUHz6(5?2VGYMK$;1izpyAGoRq;~A9l5h{D0AXvoJ@&~O zHD$=o@5Zt;t7#HtOW7G&k0b(krkECIwbUcLh3ut;k+L0Is^g&*+FNQjR`#m1EPKj~ zg&YdeOqoXKn0T`0d`TjYnfT_s_dwNKNYx=T!S<$}Ot#eY9Z%#byYwZ*_uG5h9ZJp_ zZCRmhr+7c!$?5u3FlqN`14#;*WX|jn?^DUCl+mkcdm+J?n55(oyaQG4W_Yq(6dB0o zv?es}T8G4Tw&>Q^MjL>iHW+_eJ-W5GDV!6S}8t$On8c~OM6WL_rt zo1uJF@HLsdOS!dWe>J4IISMw60q?-(zHHRzv4+m&KFINyxeUDT$9z^^MSC-__sXe*%t|P-b_0-zKYG!C)IOya8-&5b|S||o03y9#!E@`-TW*d3uiQplg3Ccm?Iw5=uM~Tmh+kP_I7qw z20nm#P-#z14>i?wX0pDTGOZloXXOM`{vOmkPpwZ3b~mdf(?6Du$7)Bj-6LE*GcLCdqf*TjqEJV=2<&JqH2A480k|xu%sV?pS znpwuh`QyjRN2&a)YHcg**CIQ0Z?os+Vmnh3iR;=dmbz7ntmZk~;ep0B*Hf-|=GOAk z7?Nns(!v#joB%sQCe(?GM%?62? z-xB<3C&SAlWfg?;TzRMgj9{*P%~|+2@n+*vnq5ZnNp0^ovPlceyr{_l`gG>5GO$>^ z;>{yK*8E3#;tNGDdpHHdIX^Zrn)$!SHae$=yiT&geQ*1)0**+1-t@1aj*H%D^V)pXHwXBjgP7&dq# z9+b^vBg`b!V3PY6cP}v#nUiy44b!)!dgq0{I_kawGFhgb4y~h3cHPInFSpeR@79YF zeLQ?MWAW?3cJlZ__QkHCk9wILefH@Y^ue!=b$^7uF7W=THLkN^X|@+WV<=!ldW?(_ zQ^<~aN1e%} zPpW8IiMsQyZmk|QF^6pAXRb$2rFw6L-%imlP|Y2=xnc{W9#{`iR%^}J=)NG{TX=$7 zgW=^{RVoz|ZbCLWF zdiqz*7MEJbjD9Zoe7Bnhk|uRYUB}MAXCuBU)KV4CzjeO~>o%6wS7PSk-dRy(5}?3t zI(k=~_{YJzuCX1o+HS9RVLPc;W$35Z-?ei}O7ehb_?)*KgYHf78Baq#b zj1W8X-!<}2iPFnT(=NW;RP7;ms6U|msEaJj@Ex_(y1ks1cfL)M$`(~&)PIv-YWzU( z=8tKkS(_{Cd#U`r&m?j$%rWVjxjif?PRGUixK_J)V3}S$#Rwg-T?U(JqF-st72LMa zHsVW>lDHn7>RrJzfbj(WWR~`j#_Fg~?-!%gT4t+ppQl_Ygxoyrd*6wKwh z_pZ5R7m2jJFT}bX*qY8r(cL3pOh*GC`g5A#@AM5HU4~6M-B#1Yp$SdEY>)xK$6S&s zRmeQg;jX>m-wt@j@g|S(UoLT^AO5^$*_Zv1ue8T!+iJJLtp zp4yb6j2lgOi-5OEj)l7V4|q?$)YOcVzP)2#%~NW;=REo%&BQ-87C>_nDALXUEO zwZ-e28a|*6jntC|U9TA~N>kr|Dg54ady0S)- zOKog%y!r$E+GL~Y@bFvcc8UG9v=&qVJ`3P?6N--|OyU~} zBPlPIbGc8b2kBiOfd2qy4+VIJ4P(RC5}5qZ?+l=mw3D1>fIP>Pt(o9Z9=fj;s+T%>T@UfB65&Xq2 zP6mBFy}hf-zCL_4)jTgWULw=)?X{f(;Z)4%Hj7yZ>7UA`RtujG>c&T&L}*)hCnv6I zOMP5szgoT@c&ASB zM~3v>Lea+m03~-}w+G;S-;HV$*!0M*Lc$n~sK-IxyjS*z@G5xUz-=rrJ8L>~{h=mB z8S>6^yVtHi8cfbRpPBa-q6uV$goUyB*R%W>@!i*lwb^t>EjEvIs*|gXsG*ys(DeN? z;vTX4GW>M#XU1;{!G9jFr)q0Al@K7!0};7%>5h4??+4+(#0?kY*TOFXd|vRy;$3MP zuAdyQvy%k484TXLw-2Z_oSo6Mc0D8E?xCo7N5ppet)=tZt9+L#8;4wV#eRusm!I3( z3^#02Ws!2e_0J}1(>{3ppneQ^OZJ-hC-E=#eDT$sHyVDmr_BwsI&N!u!jg`e=*qw_ z`WpWLHeZf^2YgBJhsM4(_&wt*d%Zu#UKzid%0ViXX`)vqRbn>gJVuWiv2Le5sDu{`%mHswD`=yb zY`AgzqydLeKb=us!I+iG_Vp&17Gic~V&Q=4T6T%@i5P-MJ$i}&u>M$8C{>uAMmkjS z&imCOJYyK3>ZZ$fz&Dul#)dG%h8eHfANV3)?ZvA8$$z!Ar^CMy-D%d}2)uhZvzIO+ zTRYG`M?CETvQ+(Pq;^4{=q2XZ-&osUz(vKZs3n3xbCosC>U(DL=YSo{!(>;TS|uMS ze0=z4ZQ^|z@6CzDwEqA$_|6P&IT-Zk75V=Fa(qDzoDX{p%dF{hh@4y@%+Z6})k^;W zI^=Nd2jh4A6nFM;gH?}J@h*X;s_FOW_u6&90QqwP^Cz(c;~tg#>Pc@bbI%p>$hR=! zDPh_M*#}zbr0h)gG9|WGmQ1ND*k+F`M!|A$PI&EI)ZasimbdL}H`0j}Ln;+MW^g&J z1U5kE&AoDcDlPkdP@!44=e+|?#h8P#5K4Tc^z^BGr{fqagPINDBSzXxqrgs4muqBk ziv9Ed0D=&H*1zzBc=yKNvFF4sbWPx&5$?F~;h6leT$Rhlxj4@Ofb~)9N?Ta$f&Fm& zKGrqA6L@D*@Z6WH2afzNaH|ZHoc*rc9u9kgGBfUdE9omuTkZC+Tuiv$yJQ*8*2gvH zRYr$BcWE4cZHpXp=0txU)%pAX00m6_l{NG+e7us!d^Ag z{88bJ8&}e<)vc-1~}ANOQSX1qEW5nIV*N zQm-uc65OnCoy7F5IkYfT+h?bESHl|3dD}rU(&vv&@>AxIFS^MsyXAm zc$mul4(fF5bP>+B;gF!i999;kclKiK8D7KKn(`$pv#u)0$JBM0;>plv5Hv)!_4Q`-fJKju;E*;A;Cph|gSEEh`ElQ;}xRVDxGx^dqrGlNi zv0X8bL~vA_EJVP7N_^ciMOn7A^BmxHZk4%)riHzP-glNGcTDm~;8$CsXqP&Mu?Cl? z+FfdQG8GJ#<1VA=T-7Dm>8AtrhxS|l0D@oqM)H4pWpw;v*4jBZ-C6DIVdS%bu zHT^UE0R4yl5&Q(u^s8MH!**AyFE4=n4IJSIK^mNTC8r6DZ7-TbHsda@qfcU3>Omk ziR84kLzgPx56jobtW%oDaxXWh!QxBlF``)b(v^ zP?uBHwM*?z^@m9xD!)NcTf+AY0}cVM=*Gr!nbEGEs~E^1<5CM!6eI!6ov=BgQn8EG zogRnbTfKJjJ9#1Jg8cQbq`Wck^2bk5XSP{nI8lMZ*EHrFnjYz-czWL6IMhQHF^&aw zwic1v%l8y0JXbvSAnJUvD2eSC_rsrR)soxKP40yst9@$`53tkrqd8RvHLDb!QkD4_ zd)2}{K(w;9^p|K1Jt_|pK$^CjI!4AhwqRp|Yk0=wIU~tF9BRHU(Hi?j*XK8|30T1H ze~0{Q*6pK;^_YfLm#Ortlt^+gd_iyKTB!_oqj8QiSoS!b0buIta6#)?5^o(V?T92; z#Hu>|DH}_&iUJZ4jy(kfPQ@rKB3V-|sN=nLv0J2Y1{12d_n<~3w@v4i!7b9Rq!X1% z;$?49KoG@qADYojyA`O2X;l-jl{1e}v|n_Q3P96)dFUv@w?BF6Od96W;^NiY7%84II?y6(i3P+b zf*-CcHdv+d!Hn%-am@f&wYg+b6o3=zD@|od3M{0RJZ6A6?MiE#9Y%XqE%tJ9jh>>d z+v&}B8#1=}KTV&C@rdvkFNMn#M#%DCxJIZL@MjkICXJ)?0wFo;gv`k z0)q)kmM$?hg=}5{< z=A+RX+To`UlqZ0DS4AD$#G*FI2c~EeooS0`ZKfO7YLnD=prs^q^J(!UP~1f#zIuRb4_AiS!bpVqss?@ND&;$L zwUj85NcUr|Y4+^4bGm||54`|4S&}(zn4=DvI@;TAn)G+|i1)VZzCv{7sx3@}@ zQE#!MtWqndJ9l-Uml8c9`6UE91e1#HwA*F5g~Gar#RB9r?ya^GyMbl&tt~18c>YT% z;AGHDqhp|55*1Ril1cULLd6xNtIkz;=C*>+fw!8+kqnV}Xm<_>HRaRmGF)Dmijp^A z7Be0?D91|Jg3d`}9#8?j4InH$ZwUK^NcOEuJyu&~P^zuYc^zmmmgdB|jjhT@ zCQ&5E%oJb)S6cQvV@Xx4_#X(T_r!8|wfps1srx`kkw z)?~_O9ct6Or>?>{=?pd)LY!;aYLKo;ZsF?@mfkC`k^R}&~+uG`+KtxO%IL$+?-TBrnZ#)Xa9dX*GQ8t0(w^sf`v9~3c z`@O|^7mfTX+MT?U!iG0dlE=MbbjC-=UMJFpwbY>;s}Mt;+4@(+KNtK5b@r(>OGtyp zgLhm8`qt6dqvx9?jiyAJBO(Uf?OSuV*~2E!CHH>qha(>JrnDk5yE=*3O%A1n|1~;U-az4?{&Uk}R>jG6lUqZisbZ z*W6dq-vj<7PkUqig|1#n6wpWltEmBoP6*<=X^O|$wmvRfdq=lrnoDe8gZD=j&fU#! zCHq8CumohX_N$a`M51Oiw)3!YIyTY>3^Po*+i@E;w5R}VU>>!Uqhm6%MDZZqwLNk= zR#u~HX>;Ygr(%qr2YO9(G=cIT#xDceNiEK)Z3Fp8KJI;bn)$O$XrxmOt-=d%N~tFR zV}d_Q#%R{(J*v-lr`<%j;lA$9j5F4>XIPE0zU*9Qu6ts$ZpA}$Cfib5cZMl$W8Po* zc+Wj6?Vo}^F@wW$L~odVlX|x!EtBa>n5jhlR`_x84?@-Ag(FvEBMcT8+n&a~{_Dh+ zb{2$B8kn$0Cy`wg&PuR6o^4LYTE3C20VoP@Uz3(rP01ySOn<90Q1u{8y)_G;SD0rHH{!xCRN7bKJl)S zDaMsDDz+nD4>TFnIt173UMU)4u}BUSAL13yU(B*dhBM|XatI&JgO*VlrrNo>S-Eb5 z9+l{cqg!5Ek$5-8I#WimXO8RI7MEvvF|k=Z(Anw5aW_Bdb0jxcFK@B9!QlOAxf**z zvhcOk7P6!Xapt*m#w+M8D^Q9!H!7@T066JLmn)oKjC@sjJFTiQVcRG5uRn^-HAQIe zE=ssyN3MNp;?R$1(ImUj^y_<*D7aM}cVvNGHNLO?s>?3HzNSJhUD?BQfo6qSI%Cqj z#vHhn_^3K^1e;!8|^#1?~_8li#yt>mwci%ICf%#TV>0p$! zGmIcR6=AclKhmD}FfFqqsoFTm^`#VMak_-XfU8T;E>h1sCYjA07!x{ z=0$YDa&T~X^{l|pjIttr;TlXF=bFo!(PzYRMo~MTO3_QB0_s{p1PtvMW7~?yeX@`O zGPXJjnZAH<`tsetjT|Jn-MNEvw0lwEsHc>>Ok~@^0jr)<>}?&7NPRZaXf0+~fsqdH z_fM#;J9gNpL4LR%^--0~fA+hJmRTmvzU&mo z71vs5m(W+Cj4#F&q|;k2mub^tPd_=$AIz;Aes(^C&C{Mf9m)*F(a!i?qGDo+)G!ScAYL zJE}Fb)1?ucCWRlNKslshyK9^wXzYJtZ>X|I0bX@9%i#peeblq*O?4!H1I*d?+DvN>#`$PQntZN?)M(DtP)+Mw}BTm!pq_~bLm=fXF z9$&s|l(g|p*V|%+M)0gu$fOMZ6c~%ISV^m)nQk`AjGj4fYO&y`?rdHga!hl#Y+*q? zX)&o-^@z2bI~n3_O+w8KnBUXo?rYZ)=fk?3Nq47T!yp(EE4B&es2-Jwj;;U>qA7;{@HF?B`zV1lx5FC zeR!=oN{sG(V>iT&E5!D8nueRcd5U>$9Gs2-0FU$9yxME)t9yx@$anqWTlIVQ@ z0P$+Z`%}~AjK?+8OD69y{KW^gab60x)-=Sll~#KlKWT~Ia17@-0R3nN-H%wb*W&R0 zyQf)eOCd{~Y$uK0-;Qgl_?__E!@fJ!{5L(F{8nN?8F=Gz6b_hXJm-LEN!X5Oxz}HO zCa~~UhaJQzYdzaAjpJ4gD*!SWA46Q*_-|0Y7CM%rrb`vG#_FY??w?F_&2u`JG(Jy>a$gC!Wx_G5Kmn-=Xw1!+c2q z`alK0k6rMPv_S>KO>vPP=+4z{m}+TsDE&D7jr<|4cw@r0l3qrw9OYzZ^2(!0jGSh^ zxA>*-<}V!hPhBWyZEiFY+L)sN%t6UkIOqQW)+n0P%17mPxoIYeB=4!B!{jj&Wd8uG zBdD()@fV1$rkP~5xRdN#Nkfjl^*p6UD)&Wi1$fRFua{4~x?7(#kW8lsKEv9*AI6>! zwAWJJ_d)w#n33;t08;Iaa7SuorDBJ}`#6zqEVUap7Ya6HK3X=%2j80a&x2a8i+n9{ zCXz1hq(q#$N=99j=ZyObVPn!hEorvCFtM|>dD`AdCEjv=Z>DR6(>@(q>GRvgbvnr) z8%a~RW7zkpaC&Ogurz%jJW~X^RkodddeWGeVtm;jg>bsP^!iPW=B~5cUE858T$(nraO+M`M*6in#+I zeR|U51JwKh+K>F9*W5hQe9q`qqmW3GODt1XLAdq?viO;l}IK)*}|OmuJc9^qs4S4h4Kl;as?>6jOy(5M75eH zK#_JNnziH4iBF{2*;@-p1R+-rt@B9j&~^IN7|Q0ahxHhIYvJ;?pJ+?vAmC&i`c^&G znRTXKBzMr<$0UbpmKY7~nwcXt7kv+F_)Fj)?F+p}Q`N1d8ca#Vr~y7<2MR&@57xV% z4&Qij?)9A($IFuX)yqo@4Y_W3{S9SfrWdjD$BFzgqBrdo;ja+N*6D8~%PYX_HwWh+ zdJf-(ezbV3+Uj}@wVi>3`#GRUmLS`ZAOpYGHCFdgtfis(>*5^}`{B2X^(di4Ha7#! z0Zvy9+Z{Ltur>V$M)7`@)&_a3l19v)Qw1lS{{T8ts6?b$w(u+IItzKgyjTk!agsgj zhl5LiEU=l(7Xbe6w(fdURS1l=G2z!5d&zWTKbNRMhCw5J;(Bpj^`-03*=aWIAa`V5 zPxsAeoyt6qRG#-!yu6KV+*q;SfPG2LakqLDDR3h(C904Qm@)|i+;dE{ms8n39$EO# z8&!`$*GgRi+cHT7eGW~1C-C>;-na1IR83RG8q^Tl@RNyO5e|9e)vH`mIxpIz#!z_U z!qzudTIQ3e=~u)}Y;D+lm?J#;@zT88;m^XYKg2%{?lsG}+fuSwJf{b)2;k?_r7H`N z^?we0Gw=#&c2`<#G1_Yp6S;%rN;-Oad-kSk{u#5MPSiBZ+eFp0=|NKi0zhueJ?j~! zRgw95@u%UH-^2d^5nKNNXv5`c_xYC5lyH4ikzNS)lIiz$_mPw^qk`!D3iYhxJ3UPz zk5JY;3u&o%XHN0njd=;TG7)iXIV;D1Zfn&)XI~o)Gg)s7-QU~8WjVx3c`Bg(gOOXs z+#h4_I9g;7>^X@}?0rBM_#`x9X$vhL|jdsci?gpG+ z%z>m`zj%^Y@ZkP6&Z0_pUiDO|E+X0E%trw!drW z8_BprB#notIn948pYUJ*0NHM9Th9xA+Wrvm<*nwAHMDw1iV5FbM?qsvxT!zmyP}S=%2r z1_3_8tt`3BL4teG1;&v`Pc55)j-BaZVHBI4N#p~L^czA(nUW=DjTr50kf*BiQ0g|a z-CM_XZ8E{B+OW8_nN;tFP(cN8---^%NdEvr5BMTy?XMT@nfotj_Ff>nTQ7=!6H%jU zRxLL6aDWAq9Y*j2eRE&38pWbpBFd3~j5*__b7CTFc@K##B)x)r204lOPCM6ud`9q= zkFWS@JLvSQRM)h&G2HDN8h8(O{_!8-Tm-hy%)g7D3pAe_Xuc%)e`MEanS0$Qc?CqL zCF5_XA5H~-Cf~J(!VP2L$HYBC;!80OpDgVi!P&IOAQ%Jj!Tjq=d)UeDd~txYk_!OD z@JCEkEH_Jl;3?xcuIMdH9Beh2M$&LVKb;bQO8IS;>&dN&5XR1fmDacH7$2GH{c%Q^R2=OO{JbU3A+l@QK znl18b7Lr1CzV%>!Q|ds)DI=~EKhOjAIsL2rCGq#*hr<5=+9yF4_p-DRY2GPUEWsAWO7} z%Pbs`-IlKD@26bvTZ9jyY7jNO!XBGgWAy(38sVQ~NV}iJpZpdt_C3D+pZ@@8O-IK5 z8`Ewi(C^&N@*+wUkyBC;2#p(=(0f$r5vyFURuU>7_rx%#CR`DFDTUAXm-Tq8B+#ct>SrU=t9|?31jvf*Cm*b5CTDQ@z zd?3Ms#{HxKJXb(eGL{MeEuS}Hm+`+W0x7(>s-Ch zj;tfGa00_@2?ub&`qr^RQPlAd6MSgXv{ateS~*%pI|g#V`q$@o#c$ekMbII;8n&jh z#Urt6SRdv%{`+zkwS;a}kI1i&{{Xfwv*J0EO0?937E$gH!4M%L&-a@=pRImf__M^< z{vgz5yuP?MUo#a_$6yE0XWF~zBaWfO`NlvM6vh7x6XGP6pc_3wYz=Cy9J?EzZ4qn(=kTvSk=8~5j&a6M zQC-oEj(JGEY^cb~kO|_iK{Ph8jo)>7^&+X5H*?T@JK-I7#1kr8+ZBbdRfz5MucEXc zg_hc6G0Aj9^AX4?(z&NIbI`P30NO3Vo(K{b<1DMzy`sm$Dj|kUfP4GaBuVr%qR@P- ztYn{?JkxHpJIiUqv~G!voYJw8(P);@OTL9bZzc`~Mr(m--WFiscfs|lO2%@P!8JL;2%82h{#BtHG{_lAWyUjA7h+0A!a1i> z!z_I|iof;-x7|E4Nw^L{J-(H&7ux;-mEYo}d>N3LrZxD&J|NV<4D zz>S_pdeytDf45t_uoT_xQU{yPu3U#dyh3x6TDEr&um*BePz8wOf>$jW4JhE%<-7Yk zfgmfMv<#BzVfkfKlh-(`=edoX?`7T70MTK&8PHv--85`>bJCVXw0Vz~JfYv-l8uQQ z=SL7|%PSt-(Ql{EBO8zdL{DQ(4eNV&B_RtC{V`NE=%>;aAt6&6bG=S+KpdUj?YwcL zZe7{$-m;=?^LeZOto0NWyv~X#@ex&ggVWlzH0d|Up}uerLqOe*igOF?*$T!pPL4I@ zq6dy~p0p5S-QU4+C)t*7E^ehk>r@^kj{%c%&@pC-quVAvQ~FdmSz}@e3OV9|sGfO! z;z=~ER^G~JUR0IwxqpM}U9##SAXk+zgl9AZL^n4pbQ1_4jtQylt*-(ZAy(SGaA+ig z`$(L(+BQB&9lFyr`(5&RQzIfD(9;=i_eE5Uv_MF6>5Nk}#6%!USB^OxW{_OgTWC^I zEL#sa$gYwbxh?I&kC{91(t#YVsd+Kp_Of|$f-5`Eo@7^%M&<90Xaa<&+p<}C=Cv$s zZ7%k5Orzd`r(#>H8)&w)MYo3MG$bbB(nVHAUcQEb^E0M^La~=c&N|ja{{Uu@ns}oL zCUcB+ppz;qwZE0)MtGf1-6ICHZlIB&hiV@tSRzx#nE7yA(13kA$zZ_W;l^tPh%4*&nlxa%8c_}{*iH| zeVCv-?lI2c(0foei^)BrBdbOoPxpuNu3qLHlCg*qgydB?vj(g^oxFjB+a*SaC=TPh z(xgLV)S)?zm*xiy4+5JVm&9t&5N=wvj^saJC?W_q>bJl<oWn{ce=V{@yTpVP<6I<$bvPORC2cCYlGT7;f z!|Grx>?0sYoOI-h%P}U#dE!|jAg?2?YZGM8kUlH;Lf+Qu;_As#D4cG_JDT|`TekCT zZ!~-Kx44D!N!jxQjydaFMmN5nCBPd`W>EeEit{m7JQi@x}yZ zIbv*J_0PQ%S`vD1hP4znYXsJ?m2N|4m9CCk{P|Yu6(k&dqm~|~xTh$cgIq$w zTZo?k0!gcnr6e$wR!58yyOi^q!Y<6CjC(0|j^qp(N+I{tcz2T7rk|UAVxUW)eS47q#lkA#h#+fpbB#uW6 zjsEW){{R}^#!`{ydb>owX%IWv1@z*n+27g3P_^Ts!00G(=tnv_YkgTRAOqx_bOiSm z%wB47#L}PxAk<0)DH!)QmU`8s(OuieFemOearLi;ekAyI)52PW!pa!z?3!cpf-r>i zu4$U7pFG|+t2D_oBY9zn8;=BMwON_37Bxb$X9uA;#dFj~k@72ABgUno3>*#1#(DRz zr+yUcX{ugBWh4%cT@_>pjn$dC_x}Kcb!ogipeLS>bat-7XK5;j-LyuV@-%%>aO#x3C1eI=IY9_s5uJ5-m-NG)j`SR9{uPuo9JUT#l7PI;H1Fu&r0evsaQrsDtdG2 z>p`1Fl3gOPWpIo;16S8rzG$8ZuDEZeMKM_9+R|fi?<|h!dpAK`$B3+KZSi;tjdd26tpvn@6j|YdPFO zKgG{90j9nxxXe&n-?!N}WurYS-+Uhe%ciZ~@MLDjJuyHXw$Q3@4)3R0$Gv$rHV_5r z$m>BaR?zvg#(GRpPb`qaWOi?uFRgjDm7&Ki%#6+DKH_=qYGtt0u5Mjvuv_ek;j_+m zk<;FvX*3qY$aqOsY;In{u^Fj0l?BpfG4f}wYn;8(Sx`K3e4yhLz`>VKdtI`ULleOi z$>zOi&yloB1`bX)RjKy_34YXW1h=75MLT|8m9ExtM(ZN9Zlq_eXe*s2ldHo6?t*h0 zFBl!`qitqel#%WV&l`3lkwu1bcM`+A{hi!k)p;lL8!R*GX;=!=JnHJK50-fp;VRqi zcZ@{sz`(4fxEONS!KvMBGCDRoR`!#lZBcBojiB;C>MIul)O0kpT^CWXjV>b$ElA4@ zbQOc7c!@6Ew7D(jUn#y_zWv(%eWkbde+OC^8}_hB!j!BHD+HF!3&MqDS^Azl;1;01>UN+DDP=soK$Em~qsaur6}2;=Vx!cwuJSv44CybwDV$KD-tMEXsz-7TE5TkkmX$8UVp z`#?2R%BW$O2@s58w)BXt(p3&NjPN~0TwTDo;yph~c-m1MF8JTLU=dz)*ES{yUqhg&!-@B zGP4h2deBcP&gvSCyEwCXB1spVn&+f3Fk>95ptc8W(?YSWr&wCf$qdf35Wt*@@7Kan z+pnCAe4;b=vIc8tl@yBiYiSf05Q{5!1vcfBaD7F1-OcCOZ*Bm!O@x8+j-K>OV@B*~ z+1;d(36Y68AbVD%y0y$!;uSgD{qA_IOr-TNC)5OrTVPR=YP#NMcba_2*n`uNNUCg# zN#mAB@}eGJ-5KdwcNbW2T@h{Z^AY!e6%#t3&*wJ7$G`B2_~krB;pMr9N{8luF*CVv zc>L?>t#jgSkB;mu^;jWTGZ;{r=-thI8RIEj`Rm2rC7vWO+stB}804Vo^sH-LR^w2x zkS*w0SC$e3nE}sFLrFWD#wRBaigiB+Y7h2CxwcrCf2@$@v*=GX^zXyZ+A~|8&FrRx z$)&Q8i!+{Ep*SB(WX_VYgW}H<+e@wHSyc%hX3z=hJ!_kj;_rp@M7XfN@-AKCVv5g( zQU?bVxeixK$Ab?LSorr?{?CF9w-7(d17x;;8uUF|;Rd~Dr`YR8#HEhl@;8^0kLgdA z$3zvhJh#LebLkq2-l7;Cn{h3{e@gWq4QgL&v{sxf3cNPlWcpBD`W=Ryb8}r!i}2gQ z+ALPGm5l1P3o9TfcAdQKIP3=$7U~>F#jg+At6axm`zMZWIsOjfzFfDq)O1^y)a4Ho z7iHO!KWSiGx-pDX3D zbCTS5G`*gLoqd;wKeQlF1c;kS80<05E3&w}k4W&kG;IXRt>uth7G?vfUcKn{WKA5G zgLRRpYSWXaEz>felrJgYBOcZD&xU8TztC>9`7GnOfuMMxj3~;v7|we4{c4mAPNc{r*F`Y zdio>b&Bw!?M^8-?T+;s4bu5GlP=yel2+nGGi!}UE`#oviA+fsG^u0#q?(HNp#TMYj zV*@3ZvBo*CKha^n)U70r1%>2^wkJHW>~ZT#PUx2#oUWVVFB0m$FOS3bvs>BQz;+$( zc|Ec_3hjJ(@n(Mq*<1K$U9ni6G3GmLIhCQU}(<5-R5v@g4A^N zE^r1q^y0KFwY@vyW#ygLr4*K|vTnD+@=5I6{{Wm;zRv90F+IA^!z;(bPaX8zpIZ4`!B*B^8agB3A_jbpj#z61TI{5_*uY5o>Z5Za~O0Ypd$ z87HwlE9-vowF7hbN7rKb?IK;_JT;>6$&hzo*;z62%Vb#CiFMpl6mZ zh@OHajsiH=XP!8yhIbVAG!_*@27l6D|s9WAiHP)3a!!@(A<6yxgew8taN=WtZ40xYR z)a_$=ZhXnd&GPp2uTxo=X`)6$C7Xh!x{t<=T`V^~h+l`=Cx$IGE9YCQYaPnKA?VCc zVffc!CJP`L0erw%8v#aeKd!uDH(Bo4zl$&`L{`H*r1F*LVpEU~d>A#ggiZg`KwGFaZ&>oy55 z_FLf?ON^|54nCc0PGdRfbsBZOrl)4`OAKh(#_%?kHN#179kt<>*6F2GB>|CeSZCYm zP7H`WO&eW8DR1GjnTt;2*krzZp~RE5@xg zwS7`cCRCEtf&{t#Ec6vJb~NVdCx~t0iUqd1g@1V&Dp>U9xO-NL*^<^N5EDN64rkHrt(wwng9`u` zgMsV~cAg+QEu=t^AY7-OxZHc~C-FapG1&CK1zg!{J{XHv&{1DY1S>p$bg=b4 zy=%`k3tclx)Ni#{ju>tvIhTwV#(VxXpDv(z4!Q7h=i(oU^zRjDw=AAR?p>}*u+Kw} zPHXgQ!1p$qcY_;E)Zv2qXoCIG`^d-#JmaMjj+PrfQ}OK99w+gJona_~($Yx?XLdMM zt-ln0&(>OQl_!ckF{r+-yF*B3Ju7&t3CW&UWYgQbMR1Iar#T0xt$X`x9c}>)ng_Tk zg~uoIsvKq9r=s|y#9j!U;l38@E67u5e@4}=59Fj3A(i8VU&mBif{b2Y#uV|hT@J^rMJy!Z#IE;WQze!x< z-_R3V*lqMWKN3x6rZ8O^WHGt<3LFd`YnJ$JiI|<{@Gg%zWUF&lMFT zp#wfOXIIRNw(`0e70ba%amIWiw2ARB@+*15Sg9m)`0 z-zBob9k?4v+;*SBrqZ=NM@Q8xZ|tBiI!J?Vag{7HgWHPGZJ(__47^>V_^ZQl8%w)U zsM`S)v9z0+n;xC3yNcoRW0g=6am@l~@ju#Ez>xTx!0W8S>oxs>2_r;@cbAew5`D5O z^N#u`p>ySKC+W=yxE`bMlgG1oUtf;Z=80`Cent*HR&Ikmv;Gz9ej|fd_*vt>4}4ni zs$4;;X?Kxdr`hxS&7>9s9-z}UgVg@o{{Urwj{Xb%tN#FJp8@=0@O;6qo)xv#Vj%gE z+$w;<{lNr&BEGWl#; zd*f%s@7d4A(X^Ld9lw!uxrR~iY#8r}z(4G;74gmen%ld^{$~UqeEZYFPEvw$(e+#F z)W)HnV?@M=h56>5v8=h%^g!@w9B9VF`4@_dUVRdK3d@gxm z+JmZ^KK}s!0D@rt*!s`x5&K~Hd*Wrq&FB0oPZF|eUMRMV77>y_j(ww!2^sdyf222q ze0kwNiJBd@vEjW|JF6>;Xs;qu!7;jq1${>~omkx+b~1HaI9N2%7V{AFuP5=AnGE*R zUfG?kEM_T}9@x+8UUb!%G=5|Fr$E%Kyi=^`X6|qJNHqJOw7@aU@En|vP&$4U`ECCI z1qb*GrTj?n#ovr{+ewo4=^O2vAi`SQj-5E?8>vOue60Rq_3bNB(eG}wyTo_Aww<7y zu*L|_IQQbPw#Mp10u6S;T~W(cBRr**OnVi*eZA_qg=5?pmt(-Llbn;}RU3J5I%1L) zATin$G31H~J?ZobDouVWHU%2W%)Yb_n_*h(EXwR z0D>p}*H%9UzBcMVv!}!pW}XE2gCjv}mD(+@m3FA-Bj*PL{h+n|ko*eQwT(AN*S-sQ z!tN`Ld&9B|tpf9_Uf4Ov1otC9psXvdr(9Q4>KL_eI?frTw)2-8B~U*M)o38IggvZI zQV9uY^U+DKDxx$$KEL3lUjj7mj9&ug@ywcez1BQ83&E)(sbg_s!1K4h(sTLO@Y&*z z3eE7($G#!(6s*@4Tbk<0n}YB$BxC8Eeig|*8F7ivX;zTFyB65eHr<{708d)_ufu*A zU0+V~CAWfc(+qxKeMNco>hwCPQ`Gdo3U~+mErs2@eoHAiC_4RX&~;r5YWA_qa};i4 zQlOEOUOik+r>{ziJoe7c?QTt_o6TydaIGIvUY0e;caI-lmqf{#xBxIXf8}JF(niyDx?M-M){iq!+C!Loo=%bx~f#Zq6Cu&!%-- zyDM}u+RUqN4o2<{J7m|K>faKqZEc>`>iQ^AL1rPk4_X!+<&5quRcpR%D&)q6|-$&s!edOVvr3bz%EZvJ*z_&ta`VHG#wJg&TlL! zo>RM%-k2{9gwxx~LI8eWdbq;moc^WaSFkU4Dvg=i4?~*sx%_KqaXrJz=Wi!>VOJQ~ z4?FP(k2F?9c_&m{l`?MmQ;PW0$3L_rJ{+{ZvDGi3hel~z%DIt#eWR}4^`v6h&&tn^ zU$!WoE9iVPs5P`ELb2Qz4JQW&k=XNJm>&^7Flsu-+9s1xnolwJvKa{sO?A_zVN#{G zK5f=~K|SdqHmdq!xvAQBjSDJ_^}*}-S4>roNz7%qWo$DtuWVJ=tjjrdZR)=_&Bkk@ zD?ul*C79q+l&m;YK7{xu`#Ahn`2DKe=syj7HFt3D zBEQ!>MA8G8lzp~kojeTvX1pq;z)sL(;JBWYbPs===+I3H-Il$GX9#x|A3@J*-W1Jm zWPBy@594Q#d~0g@eV)H{r)ZM=%@_xB=keo;@ubwQQX>@aB)sI7JDC18-3oRwl|jM$ z+!9FcIO|XH12*ESGuEuZvtq+W)Gr=5?4t8BdXGx=e+c|Gx=V$hSw)f-egIr;9*5Sl zsV;@aJx{d!AK_a|D@f&zB|=nVj@9YfK8bC0IgW65A*4 zi)<>(!unD&Y=7A`C1ky`jV4q%WFoaEy@OYfME2&|;P6)*W}S&58b8=rT&W1-t_CW^ z`n-;wT&zwyXPQEhmp#SA(3D4SFFg%o%L_CuoG}y_k=iUytqTP$?^;gHWgf`UT0d^o z2#Ut#7U3E}mCruHx=lh$X$rg!0mcpmJFqYyj3lhmN4_F)&uV-ch25RVYk3copSwU6 zwJXDODUgA@^&{4^zqDqviGn@{CXgKM#l%;?zQ)P7bF#bVF6~xGR1=Kn6b{8G<7r@Wt&#^rShrS^oHo|nJv-1AFM(+yM*dkw zTnv#_uTmKIZ40~Gy#hF?49_cMGV{hOwb3r6PcAt=U~!S!f!Or%xA(9~8w1pLphuwDN2kwXkg}>y4_tMsbLrv{(C+o14;|F>Nz+wpsU%=JsZ)>6 zw=Hhp3X+iIai3ZM*=v}RFEEuW(1TbnZ1OY7YD&aTcKT3Km5x7H(55y7XxKH8Fr2=f4J1d(}vPi@F5PDX=pLIM$$Ghe34FWX2(jA#eV!diN5Rcv} zeA(uJ6wI=1Ah09btyWl)SqW7EbDU5Hibks&2>?Ue1Fcef?=9K@z>lw50L;2(R4$-r ztwV1+GJVpy^zA?##=UhtgT~U^%Fws*sLna>Ry6yDP`42~dhtLV)|6nmjh=FLb{)y zpqWT+Vvz`Pqz?7Z-b(O005Y9H^q|Pfzqq`f)x<7cm2#sUYX`%RtX?yHpXv2DdsLdgnyCu}M-GRz(^4M7 zGC7PZxz&+q1xa`s1jsXHn8^t`bYT z8-_+XZG`bbac488C^N}#bpdF};QCjf*_feKM3CirWYAUaZ9{VIKX(5BFsWg=S!4?+ z^5h<;tpUn(Ls3LkQ?gJ;N>d-2h2si?>)NU^uqdOE)?k)JW!zj3QP#Y+SoIw~@Z8wR zB7#A9*qmeOT63Y;?zAm>+fkh?WJw^p+rQ>s4h|1B(D;Jcr4X}~ET9D|$I_xwxEQg; zE8F=l;hVRnYs~da%j;RBiGxFedLFfurDI6LxyZe|I<~81_isF956V@D1M6Pl{hJl6 zcCTZ0Wo$0y9Xe4NTyu%LakcGL(b47u*BP!eR@Wrb;A!SoS6-ZS`quGRMiPkc4ETXO zQEny@M6ON_4l!M&=9XZECbqd(Va_onuRxD#lErR8wBZHpw zgj1d$vpTd{3=aSb$JAn5k(pz|4!NM-EQ-c^1V3k+0~}!0#<_|n&8Y!TprB*|Nv53v zUHCj6_1J0NTPEk1V=2KH=C!8!12jzNh;cg1KT%#)(Dh_z-TR{QlI(Lq> zJ9}B#!MnBt0YJ+irC#u_#UBo9`h>PtSFZ-4AK!vi+UR?N4OGx5-1d0xVz`fa3fc7j zbxKKL->`-U>0Gnimjc`ZJD9{$DRmyTvuPA@sEidws23s9+5M12=`_&~_DST|4}8{k z*D`HlFnAunN(}54@7t%Bk?>A^4lCmg zd&B<#W51f#RDU~jHXpdnYNylTvj-*YZ zyPMi<>Y_$6Wmu1tb*(nLf*E51O|f^}YnjHy^5|WbOH0_0tgy=2#{;jmX3eHe2)LTo z$>w}#U>yDxy()%sk8`#7GvnwyH>uuR-iymSLov58IN~>M+r$1U&}M%+ zXtiXWTp%ATiU{LAxvpA?9kkK$rlDtHr)n1(ZnYfNGRMMT1GsU`aoU8|R}xJMkkNs) z3fB!odl<0k=;-Mk+eIPyMn_uT(Dlt%!#B3qwro=72M0O8$TgBG$Ju@s_=jG@YoH!_@0a`5Miw1&S&Sr@O}Cz|?Z4OSMhPqVVJ zl*v7DT~yaoj-(mJ>Q``1j4|{6Mz~kG^CT#*fHRuV$Cd0$_Ndft^FrW$b)9nQD(({J zo|&MMtYkt=s)j&4>!O2Pj!ROl1ZczffaFjnWi8lSm66@H9x!;~txu`KjMCeckFOb~ zG;#;WZkHm)?$YU9n+iuD4_wk}8l9!+Ro?EsNN-wlw?kDFbFj6v6JsoZo(MSRx+`nL z6xQ;jl0xYF)scw)T}4S;sOs-Lb*S8E&u^*QM|J~}Wyj11)~RUvHIBBDTr`Cl#!1d` z?Lah%G|vu47Od6<%+YQDZyYeqeSe{8aq0SGFv3(R=LUloTKSckcK~yaI#kl(R4&j# z^`OR4Jj2Ca6Blqvb!?7|2`6VH8u`xl+UCyMY49+U4mC9p)`Qvyiaj0k^>@1I&cY5n&suyZ^f&%ni&Wg zRbz~wPioVg%aNT%l_8yBkVf&kjPvi-yPIjCg(ET-2nRI%p`=xbuGYd!l$zBYA@n`# zO2@+T>I*CHScxD22P9P*Mi(K}d@HEw)A<(@0)wVknwI;+QO9OwH<7%%19Q_pl`@Y~ zln*nW+V;-!NruF3p4GXd>$B;15${Ht2Vf*1{n1&LcDJ50u+^g$QArb`lDX-F=xdAA z^x+hyXc!5-xS)wcvD0Y!guXzINYu)|#h<-h-ji_h$RSKABoCNzRR^ihG;dz`a^Mzy z&=HLMr~20ybEj=`7b6D;Z)()dXl*5&1rQQl3it0^Cby;)b0w$DIo!P{HRd_FE#Zj* zly1L>tjmo(?jvPjs-C2B4Pzx@j9GM>M7oOLyrSVa0B|w>MOMEO%loyOR8rrS5q1K! zN#w?mPX1(_Jj`-ynbfSWWSxX=ixTiL)v9MMrj*g6rrp7$%V{m*Nbzm~*F3PTtI4!| zP7!xzrZ(&d!2-EuBY4E+;wuf*sv{wfA%~@O);99oA(13&KEN|jM zCU|D(RGf2NwwvJ_TWFeSE^cHWdAGS?ll81kO^6^^B}8TpI^g!HuY?ofVw=c(egpHN z39g5c>-HAcGyV0F;ZA<{>sT$*a?Oe^k+vj<)C(Xe5dVAH_8#67I%Y##a))} z&EWDLIk)5-?c%eR;xaC6qYZ@s`%xa4OhKY5?b9BW15U!OHi@~fcz$~pg5yy{ zDEtD<4(g>8=!eO-87MMJbW!WYX%}+$G3C{+u5Ru}+8$U@f(CKMKE9RQ=^qC)Zy(q$ zp>^b@vaDl{IR_0H>T}bY)+9e8+Pn+Di{;~s;W?0iGvZxDEH z%GlV=6pXw|hpPeC6(Hnq_-g8V?L8)$WOiTmnCiHtxU%)T(uS4r_5<(8i1Y)B6i#@SHB_8lwSdt)GFq(Eb`7w@3>5eNC#hQTlaW0~^6FkueF9XGlsPxF~Kq(&*c+29yiu`@7#})0$ z>N3W}!5Yj=k*Mx#^dI4mjy1c#hk8}!qo%%}{*1AH?>NX99-IwM{{F zTf~;yd7)L$?!)|~p1G>BDlA_NTWi)@o!!QteRFLu%Imanxb!~azM=4kif^oR=wrQU zQtU2Wi(?=CdXc`&^S>MGHa;z$YdG!gV~{9a;N_T)TJzX+5vCVdnTI*~d(#d>&h<|g z_`^W)6c-SUPACzSJZeivG=urMz%u4I2ezDZv=(58^8+_AL5y;m3=$T`8Wz{TkxOYotLz z;TT|oew4-f7fSIDg{;%W8fCrXh*U>A#fKQ^cYO^utc2rZ;)|UI$3?nfZ5oSq z{E4boz8kl=xs6_FB3FN#%Nsu-JHRMOq-W>RH*Js^^FqW zM}_U%QVk$h1fg81ADs?YA<39NE70`GQ7&}+7F>{c-GkfdTyB%$Ypqu8Acgvp4>-rQ zNgT}d{XWJ|3`&7ON7>bD*ay^l}(BTg6OatHxW9Gd#`;LnP*?-XBZz8}7YWQi?In^{iM zaBuS`i9$8WYc51v((w83P}<--Q$od zXB(>TC`yH&m-__pcnZO)IqAzg%{lG}*tc&#H7CW;;w@g3xscFKR{slg0L z71e4QcH6iKbxq^$=Y#KBa+!6|^}h{xZo^Nvi&46c3Gxnj=y6;>kM+GcAhFX~;=5m) z0FVz_Wvlf(-@!g9@dE1CT4lR6<)nyKO~WG~^!`=qc3Pj>E>gzn7Tt*_Ex;I{w;c&} z9a23z%9h01$#fVP!wiDi;=e*Pi`%jA-^2R0yWzyJNTO70i)(CeZsd{HhRj?JuT|E( zJE;6N*7S`}O@~ms7XJX~Zs;=^C+6p`O8o4PLyq59f^9)2({$f7Na_YQpeMa$C(yXV zq3>T7d=cT@GfL96Z36xsQ$)D8SIKS7y8}N=SIRPJ_Nyl0Gi*O9p2DEg$5W^4cDgK< z@f)8yCp%6TC+l4mg!1YScP^Okat2*c4qMoJ)`}Vnl<9mG@#b#{_?Jo3yh(Pj+Pva8 zi?_=b4@L*4Ij_*KkG>4>H^e`MmU3JRdu>q0CDZk27#RH48N=g}IXqSJ>?fh{4}*Rx zc)Q^yi>>@Jzte2Bn`?;++FaUw-RsUqdVlrnnbN#-*O ztm3r`oezMSgtO{8E%bJmzc4QR07qk9KjR%kQIl9{t|Si2Cf6acf$S?$NJyj9=kw>& zW0z2Y!SeR5SdUMwdA5P#JL?}6UD&(-0B6qw2@EovmFJO<^VWhnZL#i}zlbb#y9n+c z$bV`anOqD4dk`zluk18G7wH!oW}_QOyryI7$2{lqplatkt;OPx3EAjF!`gY&^rVyh zTPYz3BkqA;Xu;uKcjBMJeL3f}Z6Cz;2kk_XRiy(25Z{>mYLu)qguB1-M~NQGL!0|U zO1-mW5&^(q53g`)_O-6+wq7mMEwxxJCA@|;jNZkJ$b%Rkkp5IkR}+%3S$tCIc#iP}nAUD%{4m${}Ae zJ=g^H9;UbFy^b8XgexEiAayj+v~@kR;TMW7wEb^JyokD6NpKeFV1ma-$8yEDq7zCV@>7YC3!xg_Zu9a#P8kBO7CoJ^uho{G<4z;hXOVc(Yj0ucKrl zP4>qhERm7XPkdBHT?GSxgY6+nu(wN#l_Awh1CVo^*V~>H)S&U_!`Usozc)~`IC2}1 zz4v_x6y+m$#Qi(}0D>m|)fS%w{yJ;Fvrmq-Pb0zpFPcWtq>=teZn5(q^v`d4{;c)w zH~S*?YY`$`#*8*fy%-UYYdP(6rYRoV@Mp(QrplT%>an(SfOFH{zK-z@mh-?a?TJ=Q zIL8HhTc!;J=@-t$-(SsIw>;L z)~|nVw&mZ=$tv5(2zxQdp~Zh@AMir2+a~AZSHZnM;U=fA&!~K0@B^)t=(}u5sA=bv zWha*kK3~JtsF%ZIt};KRwpcD!JNQbyyn}ZhhPa(uOpKY}MBfafj(S&{R3z?v8}aMF zdWEK|W$`1!P~E4AbbO1HUQG76=m&gu`d7%_F1ClndLFT%NoQ|9k*!1;DI^X;Xn!m}w_m{7{v3Gz@5EYem2sKh%f3K9P|8otJ@H?kaz!dhA=rW+P-~)_Icfm% zKn=fYEqy9f&C(t#?CXf=EcFbz`_GPMOCv_Leym2&6opn~s%2gu9bQ z=?mdX$hg2hl_ZSvVL}A&kwIhNW>S9OUjF8+35Op7Bj}gI?Eew7{|C3{osGWI{yG{8*kd%_ILPa@qXq@RQQFUV@UBFN-)VH;12sZ)%E)=<9=L>~*%GXL2p3vYH#43#isqc+OOUGx~o@qba%~?!}O$%x82&e-N)K ztZZ~IGS!9srOmw7I`yERN4NQ^KX?FR&Q#d)=*)aj&tDCk!(%5AR7m2v|VBLp8qUu^hCShAZ< zf?G==Wje;YlpKa2W521d6B$0Ir9mFe;k{ZtO2LXjBwB!Nu7~b{j@8%Oc}}JasG2Rn zfya9J%Jp?UiV;>cw2co+(WQp>$hIs_PW)h>#=JlFrtp@(;=c_?;tv37c1x;R{_^J9 z2UV6u9hV*Jw=b;u?!{H4eEIu1e%9VB@Fm^1gFYwOeXmM^o6C}Q{pzb6Y#HGH0H0jf z&|W(D{qU|WUK^bkSGu!CT(U@jG;P1*KU_T1=jR`L9CrvL))7E*Pjo7Ruxty8m7CsP?!sT08Q!vQ= z+j0T=SEx!XMVi8q!wfud2NiIMi#e8&Epg;9MbCbf&v=7fx6?5+@tJU>f)7JhBjtY@ z{8cY~BtcWiQ}-18{{Vljc$bPkEm~=Ia(NdqCsuWL3KV;jR~Ui$Ru;yKX01hv$Y(OLXSe@pBZZYGoIvJ{his1J3dJ~ z5_=BS#WmE|O7h$S#Cz9DjgBgkDtV0E4NSy}U?;V;D6z0(oVeLLtr< zv8gRDqO@I;o#)%NWhZl38h5&dsk9ToLviyct|s?aw^VD0vQr;0&nr@Bk>vg;@nxl+ z=}pR`1NYkZ z^t%NiR#bjlj>5ibyPNGZ%Xuq2_YQt{bCTbkcTBmQo({0F@*w*pVpIG? zWS@HWhpe7z5I@R^4KhJZ?94BfUY3W`q$$ z^M;V`&#i3;2yq??pyq*G*?XU`zziUB!Q-uCM|0*~eXW%cjBo{4D&)ir--^JXcW8JiO-_rfYh|zKLkJH*9>8K*{a(q)Bf}mfrdpH04$wDNA&4QbF$JSByO(0$E5&qwwk+Yb4?4OXd_~vo_YFK{hho>Rd#%b zt~*c%O$5swyG0ag@t!`E=-`z@Ix_{$07)E@NZwm~tTD;$T}GLwt;??V$R4x+?OR1_ zWBZvCZ*iV$fRtw8k&8Dp7|E9Af@tFf332EtZ2XDj5Z!>Q)1O)g20H%$OP@V&!-s-w!$?`&XmK+GSqTg2hwQ@C-{6|Wqg zY+yTXptz$dSc=M7Hz59X=YA$cX?&nmKH_oQRul6!iZL`DEZ^#Jz^!57Wsd@w*< zb;zuZO5^RMs>Qbh8KBg`{>^Q~s^z-m)Nu)7xK%1b&<6M0AwZ23Bg`F6D*c|PX*#xA zGi1|Q%=U| zM#WV)ZaR0ZNs?AoWRR{Y3g%7Bw@J0i7s32ZXtkSMz+@5SfXN4_piPuuwwKE;Cdtlr z`c}1-vE1kk)r6}Jp@>p`p}c^8U&B^JlIh%5zj z$75bcb>UyOhgo)U&tA2Zk<|%xIGs~L8d+A3B-joP2U_sYi2fgsP=ZU?H0b>040o#X zNBI>7=gIQ<>vKFemhHEv&tDmQZ17Up>(lFcWbw~wBw^)OTrhuM=UPSBi*!DHWmk0y z!7#$R3m7f#!YWAO;2h%}s~PNB*4f$LMg&o%%gDVBE1=VKxV3Q|zN>U#1o>>8BPlPnh0xNhRGGAE(fg`p~b6x%AuAiq{L3d?+Zsf1;B4LL^^r?ik6r*#+H9bBk z^+mZ^R^NM>T>k)iy~p7H0E{&2OONb}?P@!wd3Q$($%gt2`ewZfGU#$nne?^fO?7dI z-I+0xn}HatyWJ8AllNP^&qLa~)Q)Ex8PREx#HE>xGW5r-c3LxA+QjO&s{jj~tZ|x| zGN4|x)U?RUMRbPd*^XIx!R+x24J^w zTx^dj-0*W&-%kXiMpTSsj`RV^>rmUY#HJC!!1k)|4#<^XX~5*I1*shM<>T2d*%fDx z-x(B^TK?xnEa$ce=|DD7A4K6V-Z9P0pWA)(4uG z7hfpd!*|cEd-sQYMK#@w2{ppE_i@yU1b2FR3$Vo|k9OSiR%BVDVdp0Y9crTNE@iP8 ziGgK_!OuR`$7|jW)3rN!mgWSFy6yv!TN_h8aMgYY_!R4Ft;Q{XwG`oB1TznQ)zKdW zD!|PY@$FoUsH_>ULHcHi3{GK?Z<&g|g&5@3o=}|TZBXw^u=1CR58iLsw zfh4Hp{#B5!1_h2&<-(4)g%`hct`&LNR5f-<~b&|GUa6-?aM4Ryc0*}4B&PBE1tc) zGLy3aj!6TpF{m?)yOrmkEQMD+xXBe1&oqFAC7T|+)-!z#QZO##yWP0MEX+Cu>fY4Z zVrGa=V3Hz7AoZvzM?;d9`tj}_)JD@=sT)f5&wSR@I(_7uWR3>;Ic$!D)}~t;#alw1 z=AZVJSsF3DbGLA;=)Z8xteA*?hPmY%l!&fWNYY6bbB^6A{++3tU8Ue4;{ztBM^C5A zWpQxgSiHhe@ZB;+SJkGow8Em{yJMiOlQ5I+a2MK`mf@qfcMFg>9Z#iit(Drsvi+AM zZdsS86+$y4iQ+2Apf+=iS5s}`okBRFg66gl!gWjv_ z(pg+1v=iKAh~se^PvK5UBI3_2)ghiKVGuJj5Lb5Ye;S8Rxw;drz1-1mEs(%uudy|l zNoaZ%g3CGtGVEMqtwzvY*<7+p{{XpP;s@_l!I>BB);Yr!A)Irb;;QO0c`-TO0a7uM zT7l=cQ`|<|%9cG&?tE7o47k@%(+gw^gid755rzJqmYKeMie=OR-&{|kYfr_F9 zEmpZ>LQx^|e_mG$h6EUY&G3vsnaVg7s9p>xTnQv05<;r%w+9Wr!96S>?)yRQ$y z=Z~qbFHDB=%6Vd%#^wTlh#Z9^^!2A>t}-Rn{7l-NtezRZwvBqUQj>`XZVzhl#+O#m z^`x`Cww_HMW(yq1#J1zvjcXNST`YPecYZ`l8a0v=fsAur+wkwimNUa|1KhQx!!{90 z?Z_VeYea}^q3T~1yl1ayIxIK3YP>Q>v^fe%QR`UHd_X=U@b;3rgp$ss4kYRsm~}s; zA!w1wX#NiIP42QAPtzm6c;yaCMo1}~llTheJ}cR4^6In5x`dFh3KkYX6-S`|06nP~ z$mG5g_;bX!eju93-stJq4g10n?O$MhYrpub@YntjtLP%RVis+(M<8#!7b*$Bm$|=QNl4eDcJWx<#>Ra9TE1Ex(SOccB_WT@L`(JWs9LT#Yj0Po5oI z5UB&EPU3JnSJs{Z@P4xfny=y#VwvOfV=kN?GliyVoy*sM75r1D!>VW^Idte({(xVes-uHF&hcsKO*KBDmcuXO6t*6vD@rcz@wmpAG!ly`G&NqK7HH zkIYn@_3xZlwAwba;r%-2M}}g$T#6lG$MJQ~@~M-u29Gh+EG5+@B2{}PXDr)@;<*ct z4sa)DeaJq6C5Ci3wINoR~ zGCZG3)g?>RmS|&!>4c^K)_$~{b(qer-Mz=(rsGS2AK(W zY!=)-K9$RVY+K#H@!AGNI5@^IC=t(u-ir0J1rK)uZA=WLCJ zaz41MX3b$P=g@iu-M4}KVWQY;R#V(*7sSU5;YQs0H>PXMzBB&L8Xk>%sB0FmME1Ig zX*X{U6^|qX�_bOFNo#*z#|Np9?%EqfIf_?si-G##1uz>yCkO)1a>Z0OGHWBEQft zG+zzszizU(V)mduT(BI2$G7vXqf+EKwtT&9;tlcKrmGCUX+!iKJ7jZJbUz!WnX1Jr zT0P1R&OT1P>t0dv_dbr$yjyK`BymS6iZ=ss&H&G~eIE{;t4C|5YWila0k;xtmN3AU zP&jqaZhBXb&#&r7#P<4dOP7V1<0#l+?ew7McfF5p)Or$zB(D=wZ}N(xeWBs{6lA1~6gL}_tnhZ3qJLxRT4mM5V)Eb?GEM>A--Fwl_P^Q3 zT=5r#Y`jC^ORKYY;k)_&0CO7>!VGmPr}W(jMCTPFvFKfuC&`Znb+oK0hQCa~ND; zah`uV_OFD$5Oj?i{{T+bBGaLJb8oZvSSqI&$@M3i)}F(Rdmd@=16$H%@vgb8=~`sg z32`TxfHS+-80lRHgs-L6w3~VJBE^EZW6xgoeGM(4?mi9hKBM9tGgQ2^Q5>+wULB90 zG!CO3k6+5ZWcaDz{{R$1lH5ji*z7x^Vf(~v<0sm(ZsM8pvqyInCKU*`ir72H1D;MR z((LrBePd6JWJfco2XdSYccL<}&naqS-RQR(Jn-DZ4a~5IAnZ-tSE5IE2DNQqF05fm zZTMCL<~=wyv6^RbXQ^9D57}+!SCoLS8Ru`Ma9%9Yrnb6*eMw<9?%_izOJjOIx-UoKZpF=r;Stv*rm5~jiawMOU2$8(R@kp`tD0cRMaidOVbX+J&)sAIO%dZ*~xqo z(qF_{HOGd$OMKT&2ykMJhUkYl$LU^c@t5J1?|}ZpE}sy((zg~kZ<^mHt8?|IYZ}I9 z&M$X$ER4ume5S!-KJfOhqCNt6_rqF$i)}RRT^Xj{2I&XL0Un+I0Q$zZHd?JqUmgAz zX+AUfogSy*iDS`ht{OfgT*t>!M_^8C(0p^^O?$yU5`)8!eRXwis6*91%_2s*wtYKNSqyQRml^l3q<$BC67g@tdkfu4_8UVK&d1D;4ZU0Y-%&`$ zRz^;x@DoS5zSZ^3E(f>NB>w>44h*e*Ua}UnpcS}G@FUzL2+~uvBNVHjz@aZ zH`tXU^aD!xHDlmiBS_cnbr`3<+)cu4#t8u9p0(I$o-NQd?Rl-r$z^#Ac_JhuVH^+4 zfl}g4-ss_NG&{uB{7K>2V*TaRhIprEz`h_4j!c9DJIn;XkbTE!iMjL{x@d;4nG#tlt-WI`Ivyxbb{X9p8p-h}cKWRlAJS zTN@*v@NbOAhOT5t?W3Cx6lCKZ^Z9dL-{P-;T0g{nBzWsgg5JYiF#^|6o(LR_jPlvy zm>wH(VSS_{+216oDzS~SFitqn-dP{q|dD+_CTN|V555J}=`E99oI^T!>7`nH%w()(h zh$fQS<{%mcZQpl(+^6{Xtlpb|R$E9QUNSHN@Y-WiX@mMm^>Eb=7EjKqW<^@A19 zfNVe>OwNVh9XVXrqWn4Wc<`5qS}}8RYhiyVhGidfBw%K)*ENK$dzXx+);uMz_D!Tt7gzQiX*g3ZE6UPOj4)- zl05+*k@lg--8!ME^tPXR+D-MmsKhF;!3P!gkApm5n)QS>^AqMM0G#l`xn&y~+QlCk z_%FlWG|_xl@bARdcG{1HJVjwHop%JP3O4mC$j5w<_}BTye%s%(4~su#e~y0=J_dNM z)*FY@E}G**nmEY&W}P7{j0xia9D8yr3392X_j-Q6=3>u+9xt=)-k&ypn5q{ALk>WE z{taEpbUA8lR`OX<6;VLP9`yv-Kr^_Z;NaHwF>IjHMZLD4)}Uk?gO~X;-hw&FKtj*3 ze4T1`+{mIck&rp;C@njeAassE9kAFqCYB~tcOmyUpxT*sDSCusyFB3ZucZF~W3SqG z#NV;U?I-Z><8F(sO$M1A=(X2jU`%&bQZQBy2X!AXJ+VyciqQW6OAms75cEHao&xaK zjJz{_VXJswR5squ~Z&C0YTX?Hn@EyeP8*7JaogV8r*m{`A`j9^n>0B~p#q>Wle{LUv4e>AG z-lctiq$6D0qeFFb7|AX(wb*vx4t=ZnUGYzZH6IFV8pnq<3vmqg^AHI8vLPn~RDa|8qRI}$!-FRTapMvgW1U|?ZNF$E{An9`&Rf%tBoq> zRrqgtZW-;fd!^hj-I@|Jv~}zU9k}ZR25U zI2$DBN3DE~`*3^1YZdRrKMz~UC7diWZ*6h&Mn`jwp7`~zF0?c*8=t}7 zh`bkb;SY%#zMrcJH2I~vkVy==4Fdzp1@_H*o{6XG+FbV2+PcrD6yTnWduF^GWOO|` z4Ep=w_mO>LEa?rXxB*E}a7VZm)A++p)-LoL+s!IS5G z8qTTWPY;>i)_YAt(FnMMB(jmz{W@38{v-H|x^vvfH34lh@yifFuS*3%nAVq50A|nGAHW|9bT`wyBcwy4EM-}4Cfa3k1`p4S*W7vshxF|V z(R{0TH9LYf>;pS}@mJ4tk-p}npAN6}TZ>IbdG2(J6CiD|@DH)}uX(ZX_LZetSj(j$ zhVCKr$Ultwinzw+5|JjMsF$7zrC&d@@y%ds7k06!m(B8%90GX!YgDXBz-qoNwQVl* za)d!#K_Jr`BgfDd&^``QK$7QrU z%vaR*0>3MMH-6X}jT9ygbl&dT4&!uS?+~kz5NfbMr z?ij1lTQd`|mNjkIgKJ8$pHO%$H0W1QzIF;NQL^lFjs<>~e$F58Pj88T6t&F;@5h>8 z@VAC8A>PqCGRV8W=`G)nO2VYyxNkxIwKnva%Z_H3hwmjn$?ccRn^%SBC{;k4-i6C zut#q6L3pv;Y?08!-4DHB*csY}uJ+Qr405@}XML?7Y>edl`cgE4D^KD$BXzZRL}S1? z#%ss?bMYrk@LYEhmXx>bR*2kBzo0|?Kc7Q6&2K^ta8ot zEG@QO5GmYv>DIgb1Hrnst(A^8SjSwgCow@D`QcxN@mWO8du_egjBOvzy;2VYEzA*x zArUYK7{y~L_cS}54@ZwqlXEn49>jL8_R>i1T`i8rDtq>!Y>(Q&je+AI zO2pLdtst6Du{dO)%2()8w6?o)Tynm{n(MUNn4QErfMjIjaTv`w#LC6ZRNMJy$ZgB~ z>(2FSxhBjQV`^$RPTNhEJIlz@q)%O=e|1EF?V4kTbPaL+~XZ60+Ci!3nCJS*V3R#E!oTf4WRM|6ajWi zGvx+=`(qr{yB$2Tjo*==169zbn#$qy*^w?b9uG{`FNJ(psM=dLmEt=nQbi>cq5H$u zw2Va8L#K-F*|H+?Bwboa|`EvdwT8?hCgrrem7(pY1dbjj~P5F3$d@+n=&*}%nfSFlMd zG?0OUXeG%QlCy~4=J~xVJj*eO#HF_O6bdr#RuW+-%12NX#{QpK2-6KN~LoXDm1tqdr(@3a@D4-wGtA%D8*OREvLELaRh2W>O}^L z6xLRVe*Jr7*F~hyYjUck#?F)pyBBZt)Ja4}M0n0HL97`x;}ou=BhrHwUW&;kgo5BO z9V?rPdF*bTEyD*>{{VeZA#WuY(mb=nvR<4D=PqB%%9a3sIt?Kbta~Kn4)t%#SqM=~^t5XUZX7#=GkImE13w(Op?0jjpL zw%HU6ftt#@y`5a41z7NC0-B>pdSaxG89E`{N3W#?!Iu?d*z&S5+CF3HUPa=~LJ4je zpozdQ`|tqA-zttu?hg?Nre)75A;gijaviFK=K z>d3+8fFJc^sQ&;suPBdOjxmA{JwfeLBy>hLIWG`u5J~3wd6SF*>GiGx>d?-cT|ak% zIUI9XoiUA%mwqC6SNl5Vdxebc2h-)neB0vv4@%YatwJ07XlG|apaWIP#(r{m%SqI{ zE2_1uR^MpT+CmlAk1ccG*BPst5xBOvS-y8e>*?)Eap(uNX&SJ%MVXG~&OVjS>fST9 z)9!+p7DaggUfB1nB}mdU?riCPEEf@^_FABFBq-5_&er#?qI>;EP(bd)TxY20O;571 zT*&3GCcT#7qrJD2%uWeW!L2y zX_?1!o|#q4M-+l0KPr`qB1V!ona6IcLq|rrF;+K zT_0A_uP$`?E=*FZpDmqvbz}-iK_Hem+&TBa zt~o7DIay-P>EOAto>0Wb`~FjoaC_J2@4-JA=)NoP__Vp5lI}1TD5M8GXFp2ToJC{W zEGLH6;}ANyZ1G-=1)O&l=^-h*Xe<|;1M6K;MsqtY3&irF;9 zWL9o+K}sMUz9Ih5b(&DWFCBRY)~>;P_c1a> zHf0Cp9@Re3Qd$`IYjHM2i@IJ%70F8`t8FzPZjC@2Gngt$!@cTMJE|-;M3+oc6|k>YC;hjqM%NP z*0rv66`$u;*u6QXKUN=WJsPV z6yaD7pqgLw?JnIRo=xk~oR0Mko2rF-7nXaZh%>M`JF&%dy550%b7ZY`m@@HO8NA3wf&1%o_zr$2DHrB7*H9x`e8*ATT)}jY9~nY#PReVX3Oc6}(qPPDpWC z5oortN^NDaHjkWcROl)>UdEbiKIcYzI2LH#Oj+;2CbK-aS~uQ%4k~MXKHBXXQi&s-tIysz{{ZV(QKo74L(H1eM`R#w z2auwnu7PuM&%^%!+7bwJ7?rYqYybswJ}B_Sws1&o#7w@p<3C!<^ocl&mKx`;f~Oa$ zeGZ`Mwbh759OJRBx;dH_jU;z`p17@$?bxlTui4Mu8%_yqbgcO$R6yhgPNN*va|q8% z=?%+l5^Tm)`c==i+*@Qx7WHA3&#fa!#PW|GYC6P58?7?pOD0K4ol-sJ(+7d|IIMpJ z>)M_5!wbT%-z7@7Uf|YlT@6%Ep){+g*NGeDUZ*`O{;RIo{hi{8UF2_O z9-R=I%UCAb=Z6EWv;15@2u+IUd!SsG_0romZ(j z#Z0934rFtUBtk&NLvw}4T2rWPQW$P^IRiY8t!6HCZCKq2%O5a#yLSKv4>iAMEK!D4 z2u?QPyH=2W2%A5an~P04;u)`}o=9TA1cTePY-yI-L|SV}X&`B&Y;DiY_04)T(c!`` zW1{fgweFjDcdAaan=qy^fLV5t$;Ljl?p_=4o`bI0E%bMG68W)*+UymSXC3?dS6z*h zX&znUj|m%-m(v>Hh#{9aqJ=j=ib* zw-VUGidrRe!i*f}1Jf1j9}z7)H{uqD?Y8k9N({3)1wj7*=bBv1%arr)2Y91P@ZI>* zMwKL%5=yA^CQqlp`2PU#=fVCzItPsOO*YfR z8q%mc)GlQ`azMsMUbRcZ7xNzt+xTZwj^1%-50^Ud%t_>*@b;&7)Mp9t55PZd@Xn>G z+s3m6Mh)|AC-SeG{1f5bdsUL^TRnEuNe}>ho#Yu*;~_!gG~+9pr=jjis$bacw~FRp zDL@-t@-vRL+S$viNogLTsN4ld;c|MfLHwwa(1}Rs2Zctdq+e<&CAXT2Ff)zg+P-S> zC-$wZhRMW*o>DhQ&;ipmoK~ki+c*tuUFp`VbdKaJbH-2OitW5P;+vcMYZ+~WEL(Q7 z_G9$zT8TjVOT*?pM?ts}MuzDW?$01E(;R>G>&vzMdh1cVhf5X_M35%k@s4CUq}_)V zZ466ID$;A2rDT%cSit`PS={|AxbXI$Jn|^=*6Rc|#2skn2PRE_WhLx)5!^4A2y6~B zx7xhJRnw)?Cd5a~CO{M@&H+8?+-bdzqe_=hjuurcjuhvPwJwvb>(Iux4ps>_?E@V3 z#yZmFMv;xryZ#wRH;Vi-X>G5hSMLF5fwA)j#y}s47301>_@St47stW3P`$6%9iiTw z5SKw+i79l{I-0CC+0nCc+TZW_CF7-dVZGjUY3=D z9i)z*TJ?{Hy5EZRORI}LEzzwKCUxJ*YywF3;;d3uI}aNsvvr`fs-|~|0cBY>kaO+L zcsqEDP}l9?w768=0+6T%41ZtCy-fB6q2}?(ZEq*Hm3HjQ9G;mcnr)`5CZ%;gn`=DF zbgaK1;FUec>rEqGWA0yvmi9Jwb|>sh1h@iH{{S#|_5Eo+DZZbl>!{}5NIuZ0%1R%c zkUD-Qna@(8=NCQ=I+QH1+mD>1g#kUtaf0G^bclvajwt1Lt52a?} zQ`qxw6iS+<#nq%}s*HA#jxkJ(XMt^Cx6c75>2MbVGY%l#4Q-u zpcP~2e!Xku{{Y$>!?%_ztLpLDT*YXN%I_Ky6m!9>Y(%7fY|Uh5zLH5U$TRo>SrBO!w6UuNi4}~tHva%>0I`xYl6|Q;Sh&lf<+>)T zaSq!ZNL^dW5!;6!%D#i}os3>3jkI0+G~2Zi$-5Xi?mhERrKzVkQ|C_~e#~Ap(-%|L zd>?yo`o)`h%(6HVItIuC9dTcLe$PHN*DpR4EsuzFLvP|cd7FHWxOPCe#ygHHRLGQ- zjxy&@kHs4FmzOpY#fb=wq>PQD*V?nZb!~Ow%WI2kd$V(Hz%FArTpxeNro`Cr&w}1H zUj}?my^`xrz11{Jow3UzvCK{n0H4Ob+wof3d_u9*q0=FP;@Vt>RvF!l(J0)}K>Ydf zpMz)8FD?(+j2}B?0OQ)M{3y}%+kX<{?AFD?RNZmiHu=@>6&H|j=G*@ru=4_;>~SDF|5kl zcPx3q?l)J@-xNL`TX?ea4-(kx4Ww$3O0tKH?Fe^girW22QL*|B;Tw%($NvBUqt*ta zZ>Zd92)54gkS36f4ae5GAB0{#@Mnc}%bOpF7VLcBLtQF`WsqlYJ;$|2TNPr@iTrb> zYQ8!9UXiH7aiNrFS(oo`&j9qV8Tg;#9Y@4AZ9bO9@;iBde1)>hAGhO*iwQ1=hdzye zd2W;G0_NGSheQ}G-81#Bmq_s+jC5Tl>%n@ap?5uq3cgH(0dei?kx01PsmEVhNe)G z!Euu6ybJ()boy4$#@`QH>2~(sBe1=a&c@`K3~Jvh=c2Yh3T{YD>HZc?7Kh=x1fKFX z(&WMY?`-p&el_G@wBD~{bD-&`M!ju9@!jI`<0UpPWAEOwW4Z9HMI-um>3jI>}S*z*#&xACsUrj0Y zX-NSymQFe!&VlmjbJQet044x#r217mt7|*UEk?&uh&`3WEg1wH1KF|dSxP-gvH30I zuMJ-K6UA406FXk0mPt}p;gw0q81xm)nUYA^$O|aLD;~@_2Nh`>Q_%X$!+Oo1j=T_H zyIV-FEmcsgd>Pd6bM(c2o`1m^KWS;c1b)-^e+PU?;(L8B;m3(kM{fnhxIuS}1q;w; zIHvm@kbMv9yIa%XwZD?yGOr&G8+LRfAdkYm2jQoPt*muOEGKahcJkLIxaA{BE1ym3 zdR+3^8Hg-#k&dFj27lnYKe6Ve@z?f$u>GVy9B8em{7>*)OuDQvMY?OvH>>pI>_0vS zKwHwdac(h(w41VyyI)1W;eE9+l0S#v64-7wcW_4{iDC10mFerB#2WL(l*p1wc5Fa% z&wS$*>7xpfGVb*ki*un2qaW}ZsJE>y;6bi~nXZL&jIQ@pZnb7S$r%#?lhcm07`0+- z?Aq}itT-TlDshzV48Jd^pmBCA!lqoY&zYQiRPZT6-fqGJV;P|7re2Cz<8na3ss7If zp>1($<}n1Th9q(*I^xgj>;4Ve{j@JGbbkySF(l7*qYy zdv+$jt6RIv#F{x}L+68u6prJVHTr&ID$bT1p8~Lnm?9j!nS-;vX zCsB-!2DC$A-PmHbX?`)>HxL9V<^%!2#_A;Mz^vNEe^ZAPYTtDEVzq9-JE5={& zlIb?AVOx+SxPyc-bMr9t$9~jB*@HhTXN^qDI?LzAdKKx%r7>DWie)klk`cx|E3OZr z!&W3r5GK})mCqyAiIyFQ$wyLgj2;wMT1PWhDn{|HM>kKLU7&d~W!A8(Zmb=4wq6LGn%{KQ|-z zmcJwZ9C)4INwc=PoXu?N8m;-RUHT8HmXNvuH@K=FfNVZSy3!Uj62id>npB)Cl#d;C$dDSO!_3wuKOLb>= zd7$YMeUTpy#c-$zuU7D1gS6c;&I`oe*OD&jvU7&6nsGT~^*XIrTDQ~C+TF4&3(qv` zZCz7OY2jfdn+@Bs+Pcy*acuLAL*fmUwak&*B3;Fd9>f~)j~{$MusVIyTWT@d-XiD9 zcff8tA6mG^!VKsz1O zvt1U+l=>>;Xv5m?{X2f(|qJQ+AV-MI`mBM=YgsRkkJLes*K#^%Zd!Vlu8D9^8u8n1a=%gBigt zLy>@;*!?T&?}4APKgCaty5*gYiKg6XT00!Q(_533>5vb-VN#*2Bh>zg{{UtW_$79i z@H!n6T=Bnyv|U3|WDc5xL%2`e5OQ(XrGCzMcftM^(EK|NpKqqx%@GL1%DIvT1EM!& zuRf(qoiUA(>6$zcm=|CsFfsU5(*Y&CqB1>e5{ad-`&@o}OkllEgjTh`pDmMaU@la5 z?^wz}ahis(_Toj7P?E10JZ8NA08sISs;v^teO0$~s5OLom-PPt7h7CJ8t&nqa5)W8 zYCb#CtSscYxxKeb6$f@)0xF`ebVfbThQ2j^)OseD=GpjbQEUB1HP4p4M?Sf)fqZxI zXU1MVo!?#6ZrUJ6mlDcID}lkTn835lKSrHv6+Eg zz1z~aH2(k&-s(mswpL|fj)t>y>|rR}_CF1LE}4=$+qB+t2Ta${{uS^uK`c>22@o;o z{3=|T5?0Xn-8aFaIHNI`w~h*$%-8g(w20+&+PdkSQPXc8U$ne?pM}pA z-1uw8H_bd3PNG~e=N)J*#QIxI)t6PYiP-{3IV0CKW=%TcOvw~(>(`2AQjLYQ)DE6o zBRhH8)dr>FXf9QDs7XBqTwRH=ggi!8Hi#3vo-@|4Zmwmz^FDu=cJEG7>_UOV>K18o z-f@h1ih0Kb*Gb{!`wT5A$FYgzW35AzB2ls5*j))#$Ow!%I?!oVh(s&_;ZOHr7_s3cUM&{SeS(#UOA1SBFCRcK|&D#_KN6q_42**EK zaf@jAMn_JZ&;ulZAS9+nJu5y%gmR@&gPv#u8s;RFv+g0Ps;gP2+AZHFKQIP>J5LSY zCDie(*dVqDBD=j~L9>r+@sO(67#;Ya4n3^|Yz#z^nq|OsPPr%6fH35iWS7a230C&& zRIV)%96rn*ohSlJX(oY{aN9HaS3w2N$pbzL^fUo9x9e>&XiBtQ#bN3YTHi>Q2(g(5 zM#oClC`}YCp_1Bd;Nu(-j}VoUWyij=o+gcotMtufT(6Z7+b76q zGBRVfj^q}13Nzlh{{RvN)2!qsMI??G9+bv;u9M;k+GbfLGsI2?M>XvFG;47JyP;Rl ze@Y9Cx*Ko^1e*a|spMAQ*>H)^%6SxrDBP(%#8$fun}^MUKxEvZKVVqv4CzR$k zAU$ADZr1=3GM=NgL9AIMHh~^B7z@)iwk*~pQzB&cBfSL;YepqV3y(opt(6gjr~*!u z0R*;9doYedj&s!2H_{}weT%hu?LZwYFb^Zk-Id$abq2ZFZJf%{NdWUe48OKkKbW8l z*{z<@`O1UX(FObqwPu8?9E^kBfGBF#`in$GyyhredUdV_PYhgKNxtBQaDGyzvvAa| zW=~@S+Q?$U5% z!CZq@G75Uv||9C49Z_Zck81`p{$PhzNfF_K8dXWXc`W4!@Bxa&cUj7jX{ zNp}sWwkp&X7fpa|enmVVTDUP9v)bFF5&6(4nMmi>w4#A7ZCWS-$13(GgIa-^E}7-K z36sfj-D*o{<&r?6RoT;;&SsXZ#6>_S)eP}upJfp^N+v;|YBaF&VuNCr+y{BJVT)4JJ zWCZd#sG8_>C)DFNT&O;BlA|Y)S1t8BTnOB%u{{q%P_%lR$IRyZbEoOrww53;6E7ry z2Hby~*XN&&w5!M_yB0_tOE%O41Y@;qg(-GEJMp}K+CONpzJg0j)%mdFjD2g#^vj3S z)LKr)RYFRGjGlW`P9}0@h3>n1apv1w+lXQ$Y+!Oh^sawWvS@spo9y87SpNVGXD8fA z*y+4K;j3Hgb!%&YvdJK43UQI^n)W+C4(ir0%F#({J-loa<$SXrP(3)VS=7|p8jZfU zy1AVG=5I7EcLBv!wVpW@puCTcSB})7Jxi2G{52hyhc)!oG^v#?_x|!SeK2p^pyR>5zs-f3B{{V$&@bHBpOOA3o8sckHYn1nhqyfro z?eATGfqY|o;Xe>*jbm`kjX5%gY~@aKTGNo4KR~QCrPd)`QqV~X1rAp~bRPBF=^Fjn zjK(Hz2pP|6>5R^KN1@l*Ur8BV(q#4PU51&e%(5uX7diUYifqBIho)KIeW6sV{Kt$` zwsEkYLg4LQbL;e^=DDEz#F|i zYmU3~?{<0ck-H=uXPT)k4V8*;I$BDpE4xj>E9xt=hFH}SL?j&N0APy1&RZIm%*}@q ztFa{Fwr#CaRASMn=epA{GxZG#=T;FYBOP=1YW|gJsYPxP?i(PDyTu?!NgGKjymIX? zj2h`YCk2(hsSuh(v3JfKoCZCCpoatLdplAsp(`+Ku0aPirv;7vSAi<@Jl3#eII;Sq zjSaa~a~!z96;nmHo=m0DI0vm+CtYu*+RXlIq7Zsu*PQsjPfL0HnBwzeX2B!)Xe~*c zde~2;`FBjG$|nno+k?f>MQI`gJILB_b6NW`lRU3bShZW%m0ZG0bU)!)O>Hb}(M;;{ z0!HQjlsITqS$j>>@1hL$#7g19cxfp=spE^*H|t&5AX(#PS~ z)8j-grI(JCt!wARRa*q(oOi6{E`_-o2lu;txg8ufaw_`XN~%ME#CNQlB39@{_QFW{ z2K?jL*7dv*My1!~$<8sw38p}gEE32qkSXUG>6+=Sybzam&e6KZIXknS1yb`WCpW3s zCY0@MJ4QAf79YfG5_lqgj{_Xz^Q~iLu+&PjL*~Y?Oc*ddLF@IXn@^q?$ck^3he1?Z zS{X^9>koMY=}&PJvwXn@bM>!5w9xg~p;_-*M}(dOe+i~%$~~>jd*f)!^yCVxx>cRQ zR+ER%P&pKdDNo_`X$uI{g*-D3ht{u0WY%!BDJl@$u^r82GzO#$ZIm+~nN;D4>ME`0 zm8sjba!s*FBroAm2Ll&}#8Sxa?JAxCKg0B@8jXpGhwjPe83Xyy26mn1qs)j-z2C5(CXqhqi4Ihr-lDLz81;KAi)EhLP>cZ#M^QpS z%64{ob)D_3e`<7AZcjDB-)XI+-rlvmirRT^mnW9|J9ev3B%e=<&p|ktV;I?vl|A%# z(m}o$qh(Qn>yc8`ji7Q@IwjrnpWUiB;kODtr|Vwyv9Xv6L_P0t+r(7ej_c4M_48l~ot z)^V+&m`Ja`9Gnh>*DvpL(IFrJ?5@C-{*Ui8Yg`=xc9c zj{ae`KY0(=(zwqUUihZ$MRlpeEuEVo+2yG_@_L*PtvegRBzi}|pNAUJYcCP8x{3r6 z$MZ8XvXh=k>FbYr`kw1tir-AQ({FC35wh)79IGF3Qzg*^k~seW3+vk6jrN7oW44mt z%`&^HWy+p5=dkCeN`fC4X>-YXb^Du`Z^AoA8WE6l#^6s%&y%4tg6Mdq@5MVUGWtOa ztoG5&3vJ|+pFv+)TYO5=d`sbdE!IR^pCoyOqYLyLdJ1ll&r*}%WX9GL-+?#^{F#EZwu+RH+ow`t!aptjH-7N_fMuPT=-i-(-_SK zqJ5KVF-_RPBa`{_So03&BWdDoPQpu@eKz371mLF8{{Sr(vV1RpfBygpJ+$6IS9wkj zJq|EyV|#Qyv~L31+`|>dvu7Ti6DH*(k2liFJhcye^JwD+cC2x_H%WfZ9 znMUL|^cf_QIzHw3NcH5OdgMl%9FxfG$9DbTw>yuZ&16D7k4o@Vnx>r%<)-Itr_31J zljuEboEinRH)hW3bP{eawT3!+Q*!8Pk7V%Xy>H=d9NSynh!u%;$v-JM{{RzSU9WsR zms5jR@m`Uy+3k)`HdvoKrQ<&@6{3oJjV`B)f5O?+d<2QAUPU7hxd2 zw8>b<5G+o|Bkvz>1$u9YJWXk;+S$Caz4VLoD@o4WbOYM9IprR#x8YwA>H6=7wFn+I zvcHC5fX%~t@Of`=XoT1d0f9 z--zZ(#jrCO@&qM+jQdl(N%8z!Uh4h>@fMo57PCZK%ajk^o|y-zAmW!Q*se~8!#*g| zg6enIscaP;cLJQ{ab-o7Ith6g!+T1j525@o-K9tGjHgEi8E3mqaH_RA);l?R6 z{{R(O&v^>JmI-`1=M)m@nOfD&>Rv3qa>WUNMbqYo*9pvfn&sB-8>Gd^F{uc6oDpHZ7nmN4=%lzvDf>05prJ`>P%!+UiY z^HI1e3BWybfkdydyc0cQ`$N!T{><^R%LulJZIxMo9=OlpUVrgA=S1cP%SzVZ)hy&|P4^KT`J2?%giN7n zt!V1EI$R5CZWNQS3`v~+c&-D)z93RA^vjtl_!J(WjaFlT6MkJ zKu{9N=55=@r8~m6nzUN=#FkKts|%$N$gE2ec^Sd_3L68|{7-2%i=-gFLt!%?F5HyH z*FVmmb9dpt68LJy_U7i)c#6|8+<9n2Og;Yq&T2r9;dS1Zsrc7Pvx4#)L=%N&xnGgJ zm=V*O`=i1B4bkj8QE_Q|rs=nL5@me6e&~h=9S5P}fIcz!yQ=9Q2Rw8lmRVFY#0U3JW6z~$&QCSYXIt>6h4rlkv_B2% zc8hInac>|wb;m$`dsl#bV)#7g!a8?~R^mx-wCT6byY{0eV~?n#oM|5<_@3PBDH)F3 z3#=7=tM|Twyqaj@)8>r8StLP^ob~$CjQg5I>CX9V7Uys%$U~JmBEGi$oPH?SXxn@z zH1_C(hDfoN+FuUdP!1WXuSow?gmH2yOtLV}A!qPcs z*DWxN0`ka4Kaj71+S+L063qtQp_C2r>C7+1<9UpzAh}-)NeIFKcrQiV8~`0tg`RdXf0n6M~X)lDcLr{{TF% z_$lA)X?gn~{?pz&_*V_J^{2yqNuOHqoa8YNZz~ot2~Se2SP|Ecdi;~VR;Z7rk+}V!>*edR59nXz!E48xMv6Y)*7Vovj+b6+L} z0A8it6p^k*-(lK<8n~075eXw9Q$IHqT|sTFyDRP9gDysBMLVQ2M5`WqF&zCWL{}=r zw>b2m*)h@&l|g;Oxg35KdfCww#R~wV1%@a(Augw-{4e;!;}6;2;{O1{Z;zeh=K zN7kaEx;Klt^pDw5mTN)-cSaty!uX3%xxTTGLlBbg0$D*EkSorb)Mw_`#EU3&{{RA@pC@tXeO{vCh9JK?QQQTTDD>Ji%bFU2U@ri#K$ z#SE+oDxE^)`gO@Q&0acO?u@Q|8{r$apG|Ex`PyAh#k`qIkDY+%$NcxF-dkN->Lz%C zHH^uJL)pD+$*fd&JY(b6!pl#N9|k;Q@Uv8c*|k9f+-Yqp0vUiMlkpk+&3_3002Mqb zs(cRkzpeN?Rk6BFHLj16%7lQSj&by_BD{JXw3+q4hrB0$Y2oXAO43-q%{*%)O7D`u z*ODf=;+=cNOW`d8!#cjT;yEN}lG@55;PZgY-Gy<+k=gAMN9k|u+5Z3pwgVc=(do^8rDmAf=IFURwJ(! z-Ab9qQlaefTeh77>DmF7O@k4Z9FNANwDA6;Z!~v$q~N(bwx>hvMR!7($2lIq9o?K( z3Sup53!qsL{{R=(sW67hFZ4!9B4OIPV-{g49(k_4lFmNV=<^PCw^LqcdGRJK0$Ytb zS);eIbt7x0cAD6@wtU6npB_AVjpz1l-K>(bvxQawerKhAY5a5jt2B)vrng(0Ta9gH zWLOL0HXwB@E25kR?tVD@W&NZ4S>o>$LveMfNoasKofIy7k`D@?bg!269~56*OLK8` zBHX(%9C3hp3hbu3ob?JYPWR=ID>|^+Q1g#^<1ek23x*LhGK0V;rD%>hNTDE?c~)bz zpW!`gM%@_-3_JVdr9OlkD+WS|LPZX8W$Zq+>OTtp5cuojuB&mS_&dXzoz=8XJl#Y` z`=EUXuWHV6vbnW7XYN<*PyYY}vV&UHB-j2SYB9~KNSKezPu#{q$WW)fe%JgJ_%410 z__8R6g{*F@QA|>NfT~+Ei*$t`9e`0jFR%X+im5q*eW6*Z3y$?WViDA1? zK<({ZuAy?a$5t$2(w7l{(H=TgStf~O3=kzlk(pj;2tIs7k5N!ZuSC0%#u}u!BZ2X( zmiPK~!G+Oo`YPj-?_VnFz936Gc85`!ZKsYxyq>tCFg8f@pAvr1dJlv&wzx@Qy1hVD z#(CZNcdv-NbMgNG#NIJ^8V8q7wQT<6t_NO~*G`$G?2i+UON+^j*BLV&r#Y#mQ~)7d zO24gdC2ayT?m7$1ZcxK_L06%+y1Z3OSYBBP$4cjvt~qLYuZ8{?YB#o~TexFI+&)v@ zzKihJfZ?@NM}-wpMldjHOj+tydI~6L!tMMqitMzQ9>Ks!@sCl~gBdfqj!FEmVg+1t z(vw!Si&)d7OR%XSU%WUupmCLtlzdy@HMlcH=3$hbnd)l?zes{#fVi zGOa+Qj)EKG@|1i&aDA&yZY4)qjEA2?L6bUIwK?7ej{uDKuA@O3e9p}}B2A9{=n!GIO7xnLc>d%%Hnv^aXq^qlo86-mCc(p;v6 zLeFmyhDQ|zzuTfgkdtjaG1`G06cGtv7ZDR1f;TDVw4rGwQ5$xkXG5m>QDbxGj@8Hb zpH|jmp5hBuQ3+Ay7Cq^wV7ZUsXfC9YrM*=%edcBRr2AK+9nzHmjAI>W5ftz;5TN8# zX);B%H(>PUkQFCq5)%L={i@to{#aGK8#)}~fH&ce-r)l*$m&NGg?nKNmUVm{gnG~h zGupOUFiMk*`qquUh-8iV`9SCgN-P9lW;V_Wl8mQ06}bBB_c5$Rox<_R=|B&+zt~RT zTRa{r?c^JhIiO{cSbg6^KwQCNPt^E$rFi8_;8|0&zzx<_(07-K#3*(Qg%!f0z@FMFQkUIKBi}uHl}>M)E@j zWygPN_1!kzE#MIp4nW3x(_`gD71NQg9pi1RPpv&KE?~LxUQO$rw1#X)WNx=)ZqHwO z#MX4jvsEx3n;j2o0L!tuyoj(?&U%AgWu5K3krlXu%3yGP=mD|K3e3y=9OIgqS|Z_2 zaC=ZokuA0LuA4Cr5M(`aGhEiSbsfyxpi$+M^q>^F8Da-JTq^84wf!2n;md%fzaGCGkff#y(@n6ne6K|&# z3@IhHUIMJ&-C@RPE;6wki*{sRGTX^>f^pOEuG+%h)_X9M6TcsOzGyV&MF}k;QdS9! zkDtn_Bo`995ff>lhYUwnc0@n7`)ukyWbHT7;tbXx4QDlj~V*a!*NQ*_J_^d(f~(bM@pU;j3m5!IrrpN zre(XBlp?&KZEpFldhbo1IU~7-U{D)pdk)pk16xyA zU@$v}bN78~A@1Fr#7TUfg!G^YWxtNigt95y>^Q0Hd~4y`$xfJVHeRnGS#h7ntwgm0 zM)_i7IbYnL*0Sw)p)8U}MtI5TP!0_2Be}Rp6?Z<`%#!5{jHSN{2N`rQH9b4+F#hQp zM9+TJ$z1q86^-tI4<0gAheJh;qbnXwt?3$GC0L?Ve0o=i>i!#lJ*8d$03qA}>-bi4 zT}@*nqp{L-`{;hlcXE(91a5F}IPZ%2tKz@H@9gij&t$84ZUKKfFT2eUW|6kc{L=Wp z;n%l!xfb(C%7pNGpL+R<_A6OPnOynH!NKW6lM;*E=rnCN?Qtu{N+4ml{{Z#tv5M7| zN<0?VON<3&4OmoTgiR|rEg>r$dU=Lkps2uHS7D@_x))&_ojE^xxTN}>RMEI@(g|6l z@@EI-Jan#R>KkW~wnnPCINCZ?(~)*7{{X@>_I=mPf^FS)j^6d_e-6BJ28pX#={K!1 zEy>uMP>={6@zbSt!e>0`pJ!VAw)WjZ&XU5TDpi5}t2y~hm0t)sYcDda~&&iqh?(;a$y)vNs7nLW~EP8*VdH z7wr&AE}~a27$XCr{{T3p6lu(THSmk#PN6FQ0B2t~j!+c<&j%f=>%AkyFi9CKHZ}m@ zbv3b@Jy%9Sa|xA0V~$02E2rNVhXIu2ayX`)wmIZ?`dpI4sS6x|(E8VX1hJc72>tg= z`kLJ2mc@u=BmH1MP&!m{&dRO}V<6)^)$?g$V9zSnZ700A+(StIW->bpu@$72(GB?C z4;3w%6|XN+;$V{6MAHBOaDZ?r-dns3S~f{LW2I#3b`+Sl9&}HJa2Oo?!;17fO->2o zRAo^je7touDVRvNr@4~gHaEx59<{GLux$YYMJnWc!;IF1sUsrN?V-CaC?1g&h>pl;@WjLkvx&JbptdA-d3^HwCMwwqT0D$ zKKB*okT#j5-#n5)t+lg^WlufnO8p5+=R4wwH0%4uztXLQGdJGbz{x!T>?@uvv?rX6 zydFrbIP#;V#PBIj7SF{9AcYor^|N}ESCQO zDCC@Vs*A7_L1iFxjx{OB>(C0j;yph49XakT;8vLzAawleU^oj6LjM3!l6yf-q^FroUFO&^c9q&ZGg3<$7?KsPXPMylUo-WEJ^br#(P&h zkQvhHGAgX7p|Ekc8LIa)%N?m*jGP{$7{yc~Tv5nq{x8s`)MwMB)ZvFxj~}^iq#pI{ znr5Rf*i_ozsojuKPb2GFaxu7QVBTB{=_HQf7FQgcj;64_#7w9WLLfZ*QgLK#YX1Ob zltSBC*FA+}TtwFU*sHS-;h`57p+1qUy{m?bK(hmkS8W%H9Uxmvh+=qfes%19>tZk5 zp%v|}_b$QVCvx${Rn!Hn>a7cGJfD|}8xvK!^(a@I_UU(rb2Y@oWv$`dw01GtbEn)11gYgP`@{G}ZQts4+MTRJ&S~UT z1JeSOWpOwh*tNTf%f~zUN1*Lcy3IKzR##q}^cA-`nI(>ybsMAG&U~Wda2+w4?IqIU zc%4z)oteQH1lDtRHjc-g$tC1>Zx5ESLJoIlsjhcZ&BH4!o@}_}H>Go(D2CkJ#uUUF z7tTjLE7Ek!wpgH(Qb}Y^hX)z0Ao>{8HD|n7qaqcRmm>-XBDQ0m31TSu!5r?cxa@N_ zU~3w0n;Cma2GDyRp4H7q1IHp0BuYN+7~>|Gi)gUPFopK*Lyjw`iq}LRBvUB3+wPFSB(wnh#B!;_9VuWg}7;(uo^7HXGT{fgiHrZr|$3(3Lr3FHRv zUvB(m)TGmfpKE(#3Dj-j9#iZs=6B~j8lSXbQdeif`nIEWJ>>D2mI+!ya2FXF>IHK* z-Wg3*K{t{Q zFE1dSwAwghiX?ns1k7U2{@H5E3>Gh!1O!=SUAHk0ncu&N-g}$kEYvwbVVK6@Ju=V8h&lT;T z1bjVX3k=rTtfvL4l%KN9Q)8j;BNRkL-5^}w{>HEeD?S9NPM9)@aM4laDOW6yhC%P_-c8s(OC4OAJ7U^9Tny^sI<*?0v!D*r&441UhB9 zUFvWsZ$@uybgwt@FN8crsovY)4I=K@nTrrm61?&b54AY%XBi~V2J!m%k4cA7h);K7 zkp-4T+79qD>-g4hfqZXx_V+fT<=W;&WsLy@I{N0?w8AK^*yS44KC*5 z@=RJ>G-;5}uu=PA~ism#=h}td9;JAi3Zgw6Y zciqp@f<2wfemJupJ%V|xZpDi2$nuv1@UJt|yeA%>7cck16@Gd;KX}p>d z4G6nisR)c@s_+HD$Mxaq^>(j09Zu z$E|woIu4ly-Nm#w$#)BoRzvcxaX_Z}9%JJ8FOycbOJ$1U!8m6Pow)5$L9E)|Oe}RP zi+gSV04zX^d7ZKNRLNgMIIT+>tdaP7dw;RYRrtfi+3D(Q%Y1d>c|1ux7h-sz)RIxQ zaq12#j+h@!{66t?-`IL}{1MyS-rJlmGxLytioEN_ca!+j#1rb*cFS*mg@>j;-S*;u zay;fawHvKMeKu1(NPvyS4jcXj_}0Dcy{?-CAQ?^0+>l4D1etP8G(nnTe3E8P7|6XhySRF839-{9W_cz?t*+u3-MSc(iC{$5D>R($Mn(C9uqe$O8Z z{3+n5HT^GB^6pf5MGU!FSMLX09x!;XhCCxLi~K_jT0V-x`u(Nyk<55iUD(`5(ylV@ zQ<3`<`!0MCn!`w*)5Nn!9sUXv7lkJ9{A+*V_O`u5V=G(Djq(B5 zbBy$?>Q%84)cEJ&U+pt(;V&HAcu!H&XM;<*jYCLd4uV0*82Z;m<8O;Pj;E?jB)5WH zB0^gv?bzS$j@6>G)IFBAJnzB2GtjU6QElPrwJRlCiHO;sz0W^G&33x?g|#0Hc#BZ7 zT~^al(#alL#zERoCnQxG#x^eNb{G1ugTBcfJm=Y8 zvpx*GIsM94lxY#!L_ zK$P{=`FB^l)E8BXEkYY~)umvP1OPKI89hHA&b<@D+K!>3%WHWRyE>^2jhw0X%?7CY zKjQDiy(`Bb4)l0Gvm%GZHsrfb09eSt13k&&z8JajMx&!@);CLWZRPF>G86K#KAE7k zPr2)Hcwfb_%cXdt(m3GLq?kL&82Py89@X{NgY}OX={Gtji_=wx`ouoTV`I7cV+WcD z*!l1Ff$&D9;!hP>_=8U?d!k%O6_QBuVLeIq#&KU^{3El|yffi#I?6kUn7l2th8a_W zIsX6(zCvW|cqN~JbbFtOH`<)johtY3TfFGhAaUr}>N&29x|ogSnMX z>>T&++LM6~T@laxD)^IcZzZ;&G$Pg@-dv;KJ#k-E>%JGzej;fZ)UD)IcUgSoQVGY< z)Hv!tW_iw&`#jm`uwQFhZnj-zxX+Lql>l}gmF8a-k{vU`8nC>G$rM1BMjz_{6@=61 zXnt>M*X?kvabkux3_u|L-^#p;QGngZ?%@2H-Ic&KoTp;x?sZ-niq>>%Tj?f>%O5kK z$x&Y6;XjAE8NE$MPShG%VDjaHLzQ-6^!~M!@pd|63!kAs3$L`l5Lz88`$KPtt@g2p zAL~@-pUhWntm!w}OwMJ2gNDaU(^!=ECaxK#Y+8IW@rRAPC#`BaPK!RFqDBmNMKH{# z9d`Bi&uaX&)&3Uvmj3|8y5EJg`#YPtqL92p02TyiZauMA?bgK8r23vaspyy5Mxk@1 z>K5Y9QH8d=Y%{cj+AV^ZkqjWhHE{s~e0 zR7v|Ie$$#?hOcif+u`qvu71aVxZ)dmvGNi+XOc7TU)fHj8c2{_T8;LT#wLPZ&V*!h zRVRBhYaXNUFUPB+>esp+tm>As-|(~iu3yR$`5 zzOu?=A%I*C!>t6VS&_#ggSpj$=kA{MqZHwG;$A1LAzoj@9(aU!e{i@A?`;w1O zt$Z&uCTUhdga;R&(Sty~S*#?}OP&^(#oS!R z8jr?*0Elg+E`E8{R|x5zc~Ok|k9y9g%^h(+WxPA8TI*MFc%Mj^CERXo^%%kBm}l<~ z%>F0VyIJ)eMRl8vGIWpoDpr+IEetMDHZ(NH*7t_oKk*2?v_;>a(gY$G~5(_ru?c zzqCvmmxA?so4pId+C;+M=UDR2=#-zhxE!&;#eYbD0DobhhF=YI8$CO5V@T9Mk?sK_Z!SODj)>cn*6l&4;Pw=iL z*TxWCcz*HT8EqCm3*+wkX0=P8MO^ti#y=J9W4NDBxYTy)2;aMq9=^i9MfkJ(LE7ln zQ{H%wT7n~L0gT9MD2NTRDbkwbty z5BOh1yVrGzTg!qQb=(Vg+($qvWh)f~e$IZ${{Zku-y3{JeJ@z}v8&Btrb#S!QCOqw zk1BJq+ta8bzop-SpR%XJ4~E_xn?sYrx-FKXAu&NMtV$7h##{T`_pdJ#RmoW$bmDiu z4)|Yl;XP_;ZRSZVw~_*kZTeTXwwkg!6aKgkwaD*tr6O;!d0|}wq@em@wyo|5T&he5 z=Rp#E3vY6lF|xSBS1Erpq1sy*??9syJ@ts~qg0X82lcKWS@ABB9ng%F zjWfVLCj4B|d>gf{uI;n4%ou#<*w^Ow#m|qD_@h&l>7ZJ|Hy_=u+~>c)TIi=twyd;1 zT)NdRb$R1^)_aY=bhkTCu4{JMD1;^7al!6B^>)TKGZy0JCW%B#zz=oP^hqrt zP4IbMz*k*k97AXz?jNNhWX-4~@|{K%g=$+|!!5v%zoiBTpjq4OfJ{Iuo_>^Nudv?B~XbBNHy=j$y}6wR+o6ykFk{ z#3{iv4N0N5mY#bA1RRdv*0Y;W@?vFdhaCH2fO0I@i%C)9k<3>gz(-8`)p)0tDT>@o zq7mHjK_>OKp%KTGAaFQ1?_G|T-goa6j^6YP>lefJx}*&uoS+<>^#;7|`p!#RiDAgw z{3q6cIhk&5>@Jo=7?v#a?OJo{D|s3ej~~*2GGv`p4>a{SsTM$}zb^DVbm>5gHrMf4 z7H5RI9=PvQw!NiG7!Z<@dz@1#L@n z6Z|!B+p`kDnCJmT!bHlFHe04@mE$8b6a#l^Qg#BBwZV!&8#KC{a0tfxof#tBbf9ZERIQDf0HKRsR8`E!NsdE~9A%3iRnf9L$Sv^E5*vwOF-^+FUHDf$BKL09?D84K^Uk z!H>Ojw%Ww+c!-ILN0oVr;nNe>w~1ut8=Sj|4aKt(YDw zbSp5ypm$pl$9C}U0GC{zD!liJb%c;99r)=$`ARaXF3}Je#}w9%W{b^?kn7fiHvu5L z^QBapQV8R%YL=N5gkhWLXd0$uTWXV8+^n)AvWEG+g>;&RsTJx$J&92xa7HkH8Vckv z?yfHZ2{72-PNJlVW|;}wwCD4tM4@8hTM{w>EzpXmCZ&06a4p{2P`qt$I2EKMO^rF4 zd$`FljlgGc?_9maY6Hh9Vf^Z)5J#EZrl!-(u!+2eC2DOSOVun|Q*krT9!bM>6^XLH zQ@MuYPmr&fYnKnkq88b*`?5O~WOGb;>@z$Ce= zj!a30K7*}IAD?QDaKXQw1i5rDZf@PDJBBi9Na07r0({SU2sWd&X(A*7S$%37fFc0@ z0IP60&w2z!7Nc_%ZUNuyMPS`(a>(FH6+V;!YfQVhSrhFnj~46|C$&wf=~nPcXSbRu zVQeyhbBbtXIW7t&WniRz+9zilZX%Nljz?o#p%cp|od@0oj^4Eex0^V4)E}Xs3Rf2k zZIqdcZR?TNv*);hq7y-ShCmKb^%ab_1C)JJbijkTbKF(gZ`4F4R$n*iijkQ&_g1o6 zvo+$QkG!PUmj3`|EZU*EOOjkS3=iF=ZhGCR)YdrTm7ZAm0G?~4vvyJ1I85+M+!JR^{djyX4c>dj{ISP6dNBq__EE? z>O&lPJdES5acN`rmt9xZ}F!JM*47)mmUqAT6;N^^#7c*&4p>)e0Ip@}!pJPbNx$}*xOQKvh zpEP?CGq(Ws713$;;iqpbKGZnRy>e8MXK8ILhBcNjoBH(o)n8J(D?EQ{fZDrq9ajKX z9L?jge$ESxt-3-rrG4Zej!F4U?Ms21y{);)SFU$2P#E z^xa)CeM}{>!0MKBY4=7|+=@P9gTo5ubqzsp5S0`8sMt9i8r;a{E+>qDw}rQ{H~@C3 zWsk~8CbFEQc)=ZiIu3--5%{5{T5Ec3%QRnQ)KSEVEN5urs3RTg;r(9v=E~~g*81JH zqu@9hBzo2oT@8~tokrtJY24}a%{uYCx^3EVoMSYxPA+W)wqx?uk0D0xeNR(ZMcJAz z#5z>BS{|td!p$Q^<_2C#UrV^HKFcGi^lg)eV z7xvRzhLJvOZO9&!%p|okq`aLzOL;jb<@K)fM7xxvD>wzZel@a@%+9r#WHF6^=y>T+ z`D-({PhBzuWLGW>#%|~w?;p8NypN2^L&(PfGPaCTnnrOKd-_Tw;u`seUv_f~=92X6L6$NTNtzbYCwy z#aNAVD+L~AHxbgZE@8K1b8#B7j^uWrsP1rD@wTW`{3ta>&Zl5th32-4dJp1J+PO!(jy1!sQyk<`VtKk3bZhN4=Had9A}8do;egej z;>$(23nr6t(8|9v1?itk!q4$1+!TZf%d?yqaK1eeKJp-XO1*h&f*91uA2K+SwJG( zBZ1Q=iW=w!c9lG6&TbnI{H=(0VSKLky#xby5Lt(+D@6OAoI*N zszD^4260-!8^>ewBjc`#srXOEi>z2&T*GQzVw&O%ViXOX+3qXpABTP|ywx&kj zU*XL<8E5i>z}Vn}(vp(d2QxgY?D4}XiwGM%Ktf_r-)7k>1mKM4y;{EU6^DpT)w9^F1yn_i zpDSPvMJBE@o|jEsFE40!Mys4BLG6mE7QbVtTU+jQ;?IVL0?D9%HC# z`h0f=3#+)|xBINej{U0kpKbfywwF=eLQZ$DrDCGPnVn2_*NPK*gAx0_{{V$$&jY2y zo%=G`VwaqA^7P}{l(rgnIXSG;B$jTyYXW@+ zLokzPoP_S&4l!7p#!S`%-ZcR&nKOZ$aA~ncJhL+H0z6~`RUOHj(9^Y9;{drVyT2Oh z?a~{YW=ByY0C*=HS43ToX-MQ6Q)48SR-lM8xTx%XYbN_ln^$w?NPNM<9OIhUad$82 z`ZeC1i}s+;CuYY6rfVq%`A~s7b;;{NvVl^<_fgYWvOk^ka;^O;d%M}L*qESnm5*oX zSjm^jkIlVi=fU&o8jp!!w}N@mNc%dUn18f+&MWgv;w*j|@kfee)HLWMvl%hWh(1<6 zjr6Z_DV%ET*wDTnCYz^Q&EdIYu)VgKXM{?dm9fq%TjDRq4-$B$-%g9gM@>47pfCoF z1WMk3@l{~RzSoQbM*1Y=jS^G%|Z}MC$hjHt>=}N>(Ha#!l z=Z>y49Z*IAqhQPpD~v+VWJ6+Tt-B zk?+8KjzfD_Q?6TB=z1;HlG;G4B08_iK2S#l8V04<{Qm&)$(qkoxrfXyj5jU^>HMpe zv+!2AZw$U8NG@g4oDx}7wn+D>aylca>)KQ^>Rudz<4m`J+#GFPxFa6bG@cgmg{`~l ztP!pJz&w|HNQ1rrqn#5parSo#WZ(QTqMxV5=*g$Pc@VBG`_YwuYx!F95!?4I^CRF%ovhTWl@;JbXD}m zI{Q;RRbdv1s7rI8!!ue5K3&VouhN8uXWo2F_=llh*vz(<32N@FlQI#w40Sd76W}k3 zdOoS(u=9%>y+KDq%ScbD2Q_@GhfNqVx*i7 z-uS4Kb{>b&{{XY+!XFO&Sl2aamipRRVQ(vBjg<~L;8(x=UGR>b;C~NXPacV5XQ^3R z`DLI$7GR^P{{U$E(rK$AWbL8xL|!t}^(ZX0JAF2Fjhq=3@VEr?)6<%R;wF)6cdht) zUhvJ-wz_*t8e3+6nL1}AcF#dusM(23`cq9F9ZwBGExx8&<&b%ixz9cEUPY^3+4x%e zeL~2`J)wU&ih_4~@k&cmRW8O)j

R#$FSS(%R)E#k^O>7hUA;&M-6n73x;HhK*sW+m(1PZFg=6PB#HsiQl2< zT5hXld8jq5jj@8;JAr?@&tQFcuChzRrfE`LtkFcsamnSI(;a9sXN%wbK-F$ucr}rx zTtv*+K%52i=fAykc77MMx^@~wHum=nFscY#=cWY)kv%KnjimZRMW$=wOPN49G7<-0 zTvr+Kvh8$l6D6LQ*@t;4EIDK=j+yrUlopLI2i{$3_OaVuCg@3B;Eqone_FqL;MDM@ zt2U=%KG~A}Qw#K*1zn z0qsiXJmuKip4NMf4^f)ZMw#|`ihyT0&pEFn@ZO$$Rd8=s4e>_J{ zT>B?Y@Gpe4tt(rNVSV`j07qowYkQA=E9W~)RgYhu-s%{p5l{1iIKer={3;yDcPeW7 zC7WuqO<=3@66+sf?bf`r#gl3V35i8()CCi8$X`#wg+AtYXQ6mMz|;8C;qmbeoyEM@ z0rpP=p$waNA$@C&5yfYG`gPo9Hb*J6uOrf_kI?$V;I5INOzjS#0%{JR?FRz`92)k$ z3*i3%gD*8t5Neu?t|XQ)*;W9c9gu!zvXXsD)gA@$0>ebMztkeqf={Qbg!zEnM{;re ztBuk;Qf#i3VVzFUS7`19C81?MiJm4NAn?`2j-!0dZM3SU56i}LUSIGdQvSl$Z8aOX zW|vHnw-T83%_O(* z0vUYVraEAb_02I@{LuKfrCaz4=G(+Jx(s(V?8nWTG|7WLznAi_AlJNQCyDG*^G1e7 zg;!?8Y_gnllT`xKIS&b04O3gUdmyoENWpf2^Dck=RrSq{&E>VS!+0IrfLVtl71CYK zyHAb_Pyo?72?wa7ohP2-Z_^?>(PWN{6&G+MN$_eL&Jt!g1vFKW)ULMizp_c8dQwIgxs~zW)aY8xv{sWz zsA=w{T~Kc*dHk!&ygOqm*nIbr6CffW&yBqFG|-fE)WEaWynWz58%HI*-R_sBO2K2E zJeYTObNOPwMzlW|=pHZdY;#;(Ks-Q>2$dU&!RwLh?@T1Dj#tFL2mA-DH-@}rZKz9Y ztJ^z$qAlQght<8ktFDxMF4i?&BTANAZ9h?!aXMjRSH~GuqQ-vFoF~N(+3xbsTC#&n z)KgIKw9n>#=#W=Fq;=%XzFT@ZMs7ggHKh_}VeT`2z;}nmQ zKjAsoyf>REBZ(4H-dO{2KT-bx*RQ%h1b)|gKlUb-;N5J<@+!BVykX_zhV&Ss$(L@Y z*ZvyuR*|aVqPs$qDP$hJ8u5>aS9({7^qogUbV%;hKbP`kyL7?)s~N+gHa|POH}G@B zt~^By)_}(YJ<6zb;b!YgUpg4zJN0M3AD98m#&j5SZr|eeeGnzgx z_>rw%_?uK7Ccd?0yO|U_BzWD&Q;O%j2jbT7my0c~t=%JrPm)~pcO(IkTGOX(2Bdo@ ziZtmUyoXlP-IDqzTgcib`>%|Rr`M%_V!!Z8{{Y(OOZ};TW(_w<*KQ?G9(ZL|#_1jR z%2h@KH+*1zmD3fYLq9^|vPdqHV#kBITcI5BUtD-k#M*|V;YC>_X_hmye}AE_c{?CH z6ZVPl)%4y1lgHj0y1I*1(?g560}z)Gu*MvBUuymhe{Ii$+Lyz>jlMLpztMb+2Ubz7 zX^j~D+Q|7XtLfLLYR)w^Ip-dS=BA}%Bt%UiS8k*Z)j3RoMQ;a^%(&g^-%8Nsaj~qDv5k>Q5wX0CaN z909nXZgJdD1fFWIQS){*$k~{*%u69X4F$!Q?3sg>+B)&=T^5_-pAq;Q#C{g|k>H8u zv+=%#cOCtNv78;sz?ILq2a0EHHh-kg{1Zd=$ncNtpZhTQC*r?`H49xsT#nT&_1k1@ zJ-yN>4y>JsIs6E(vTvqYZsbC{10Dr(*M~!<#|N)ylj>IY7V(^1pe~v2MSgnxS<&pY zJ#HK2w}#p)!R22ke>*!=kFOt}wRzHsq$SY#1LJSPi+_q<0PzQeZ|rSl)F8KctqaGO zkuXU?_0E4f{y%;>d@j29H}Mlz@U6wQ%od($Hr`;y0VgY;P4Vg{4ipTa!q?S5u^;VA;-A>l_Komw#tjQl zXfz9pfn~4QD>mEvLckVb&@%8r^%PlkJ884~!SIj7zX|DnCGcOxi!Dwy_*3K5g=V}{ zz6(o-Kv1_(yR*kmKpm^=jZVgRW_t-tayk(4x*wI)jDkIg=Db`?ZK2l#oYmu7t8XX7D7?UJO@Gw$(b6#((-r6h49__O$5_7<+B>CgwSB|C8wAqVX!6YOcWc}Z*d_m)n z+6MmsM$&Z|EiM|?$eohApWL6XsjcB2hS80W%CCz50Ja{Prt1w4hUA9-09SWmHQKms zjJ-CmYW&amjqwx4zBkr&T~1AA@)o&bWM?G#$J`#Dg>^y(v5!;8uA2B;M;*~ii-o}6 zdy(FqKBO)qB0#Ai<$wSKTP4sW`W&XUCY2nCs$0U*TskasAU#OqIQ(miyS`aBZ3L)3 zooSpE9;Rx*^SO;iTd%cm=~^bGsOok)9*?D5>zeG$1a{CyS(!=p&L}ZayVU(C{hvSJ znco_IFkPKP#aafT;SUS5AcL;fCliaK%w;f>OECqhqG9lM*X8 zU!`r$3Nncie-ThKlGLPl*m;r^BaXdlwcXo&jb@H@-lIGkhcVdam&I!nH=8;x-nnk| z%xujv-@h=zrL;lRL8id!-$8CaCGmN%9E8=g6{{Xao{NhB> zRiuq~D3MP_9<|v@1)ml8r^i~?i7y&`LiXGFB^B}|RU@6kneBTJ4KS$yP?M>!QnEYg1x+i!}%NJ9bJ`qfLFVQl4( zYk=hOlT@Q~Cv;5L7m?k?G|HwH^zU5_<*|EKnOEf_(vw{Sot(UAB7CU^pC;JcI8Zsw zB3m3IpU)QxLar)1%ZZUO8DpNS>p+aVYv{v|H3498im~?RNir09MDhrr1(G{emMf%n zZtS?G>MLgGvc~!66Y{@|^c_$puM7KQ(Emf{9w?z9NqgOFI8>#;Qc*Q_Gd(cUjsoD9! zs9xQ3T!gE2rB2D_gBe`oJtza0)VxHttg6T9?@JepAZUthmN!$*2U-hJHd9%G;@w$h zjbu0*Skw)sUCA^>7AA>?a8F;Q1vuz+cCc=VVvt~g(Dtt5MT#jc+6E2BdJK*`#1ZRy zUZoVaMj0&Jg(`9wdxQNeskEN%=E^ZFY_3HEG3R+8om*+Z>_u6U<|~#$6a($rrbtGL zSR+Iw+zWah)tP?^$_#KFjt_c{L7G}+l&cozJ6wO`)!+DjIOL8#}?^#+#rEjcnf@LsFpyUzM(gN7h?iVP5*)xi#bENrXw9$Sz zpbleOwA7)F8T9op7(Xz^aan$R)4+n@lzd^hpb2cshiH+G2;>@!v`-<1d~OYZaf$#* zV{38-cqi7iAX3N(`S_p=E0{M<7HIY+eJa{awj?}j^7P_>H8ky2CY7VPWe83<9V<)w zJ`&FH%e@K7?}`kh^)fDW_l?dmw>jg|sZJgk!H*;kxa~otUCdjVe%ii7<+<(+XNylG zYW%|ohM;GmX?M~~Y?jhLoB;1qUg=QoGsc`AqdjN?pN?dLeX6G?gXvrCs6_CEWGH%Z zKpC?Kj|}L>Cg&d1Te_q~p(Fax2Bc6&cM)b-{K43cqOq?TEu=|p)uM24MralLh}!Ml z(h%+>KA=_WOPD8wML1Ia;+T_6rz9h zNoegIz)4~}9w;=iV(B!=WBXOSii`(CRIN3b+Cu}%k-Gc!prcCe^1|W<9z#cPrxhIc$y?H7$ zCMh6R#{lD+Y1qzZFLgZeD0_JdW4EPb%9omid;GR$#tzY1^L8M~ia20*^IHLP!Q&K? zYI<|H5!}K_9XE6NRC2ROHc0SVHYJRpa5=%Hj!n4OKPsCRZQ4mK%q)^eyB@vjq!$uJ zDMUEu7^Gz;b=o9K)0r*^MB@h>R=&Mti4OaD5xCuo2t4I&<(_fSUusgn%TjsW0CX24r`0lEm9eo z!5bT=JmRwhD$`2)OpIcgdgN|3R`@lVl%2rm3qhqb&UJgB%W)n;5;#7!$9Q7y@=ZzY z(a+xiG#KZ$E7SCed@HLW={mKqxOD&-?TW%;A zbR>WJ#d4RPab{SFJ6i`G>olKI%1wJDQM6JP-S66}Z?=_Lrj64B7$UcZ#%?U_eje&t zHi@mlt32r28BnMs1NE=ay*~R()%0s?y(q;qlnt;RQ0BTJu)Uiw^){MPQSw)(J*%9& zwOB2lMR>!3yBX_UM?9lr$aQU5n&}LYz^wUx$pmqYJ_BtU zjjXxPBeJ4Vga3{D2$aow!-P!B!SxP`_i0=1Cx>F}@|FP4r8E7Y3jb**JA?PT1Ak%k66Xf=#a z7rE4y;#b0vlaH-))7pOY&9JNIIaBir2G)l6nRWf1g4XP^sQI@V!AJAhM)8SA?Ld?} zm9CaMOfuW~ZSE?exx$xbZT(080A7OZK-Y^S7??gtB%f;KZl&_B6vBRNlZ!pfv5;1R_~9OgV5gYsm7>O~_m&DH(0 z1u&_{@~e7$_Pn!8Dz`$tsR4FIo*5P3k-Gj>p$Ca>;zqWdiJ&6~JP>HPqMt*}JXzu0 zJH#PF&m54De8`w?4ed#wXwc}8JQ3OzwhM&{Fcy@hV!6@M+TO;qByvXHUtdbynrPn= zp*RPM$;#$P?ldnJ$!BV9=C~V(Aa6g)yzj;yC!XGI&vv*Ubng4v?ORyhF*zL{#CCqBETF=~LQW-WODdd@*CcZ>489 z(8;ccL+0G9amecL$mXuDuR5TK9nuWtmpx5Xb|uHLjW(^QMJq}gbc;OUyH&k6TiYv3 zD2{TikQ{aT)tL)C_PUy+W)xP=aqCiBXxCCoRus+wKQB>A;u$%bBCtwde?oCwUbCQF zTT5}Mo0MqThXD2Bv6kaG{Y%1@8vT@TPYyiJc^p+w5BM8U(V!5+cXJJ>W3-0dj(QCC zsVkSc>zZZ4#Ek^39~eI{u76g7D~pC`5AKP{AY<~Ng1x=ULno4_g&g}-vs_%ukrI}R zAalW~mc_<5G4G_7Cd-eJMtJX9Hrkc0$WmC@Mm}N%Vs4;iUTZKe=-x7Oow*ze#Y?-5 ztm!Y)j)IvohemH{`mC~*ZKKUh9+~IqSEV;sGAyw%3|pSrtz#pe#O4G*uQUM7$lM#J zwN-)^wYU!p1tjHxHEGzW#M+MjSC8y-NbbA0DE<-eRD`kH%P^UeMC1dSxk%YAg&WW8 z_qiWuEa*T42K%QK&&_pj6z+mTy>adJu6e$Ou!;B|qWITTpGI~XgFy=gS#sPu`W|b} zJWpn97V}iKK`LasDs<<)eKeBjd9Y>w00{W!PrtJJJohr%-$8(4cIvt6DzAz3+gWCs z<}$aULL?=Jd=J!Aji#C5dX|fIeR`+NXyQlbu+O=uH2neW?{1n|Qfpk22>z8WNX+T< ziFB><#z<)p?cNW~^sia)MV6hZYIep6+B<;Tmksk4m9-Qd0wKs zi)poM{{RdNJ4=E6uL{Yr^R!Aak)LiqT9rQFppOpIbgvY6kHz72dpp=HV?Z$MFwdUH zt$kslcoRg@(%(|kt(Muy-zH8=IQ2i3SxsqUuhjf`X<=gUL3Eb7r-FH^g=I-F~d zE!@ew!Qnj90^jom9Tkem5SMMnOYui2;`0B%2@NM6R zb!isG&hU?n`D3m&k5UCS8>48w4qw9_GJQ8%x$x4@_Di@W+N7@1`R={z>#q#yy2prg z6ir?<}jDipFlTO;$(i@u1q1yPi{%9>Oztd-R0}qdzx9e43 z;6KG+@wTCFE#0;pF9t!u3fx=3CD< zA1H?AoTD?=;cj8A};li5rK}>qcaIB6L^2da9!RD z8%ws0mj#nQcQxx)b}(P63yB(do2m2_s3vRce+cY#O*IaYCDoPEFp}OsGjW&@ayoSO zuamrMq~2&PEOMQatCcE74_@^OI+mt#k;w!)a4|DpPFp)vat~lD=GjY%VlIWVyWUPFJi#~mw!@h|p9uOF2v zUBM0%J9&oykKzDgf_Vj#A*f(rh7tbI2cB z0Z8^$@z#&6#Ph=}MsxvNV-6S&b6#)bA^ov!9Pqhxra85r|UPvL5|@iS$N+W&d^6BV!nOx zr-HTb3hDy*+$F}3=CozTe&V0J2lK4$+{VoJ9|dU<-swo|c#9LqfHTViITdsjElwz8B2E&#v>`twTV#^bcV32AnA_Lq8G?)LGL6LTCe&q~~rS(01x=V`DRHv#6A z`IKX^>xwRI6vyhCp0cyF5I2_-fx8Fq8uA|&XkI(}Q{Q-NLs{ouWs@X%hu1#1q~wjF zZ0WiU{idCBt!maca7Z=>bDgTkwtqU|d@9-}#T{E*@aCVbX}U(a6G;>iU2*n_7x-7! zh|2o|rg0tv@h^#f6#PQeJQ?HI&9$>gV~!6npplPt{Oh;)outbTj4oCLFs;ff+qvbB z8SCG#^RAS{q12m2yYWAT?cU;Fv_R33^9K9N$6ES3;OE7wUlYYRp6NuOlpj7r4wT)x z707eH6xU4f{{V}oHy1j6u7z{~^TT0P+p+aHKbWry@hWM0F0tlCbp^$eHr2R8jmmm| zN{L56aUr?W=hS0ptt5MhU+#iBR2HIN2g(-S&gilz{nDr20Q4QJBU*4jLH-*2Pw<|* z;c;PWdiHwRw!wx+0a3Q~{{ZV(jA)lWAa4@ubKcxTdv75EFc$*@Jw1BX4eCBrv^D-B zSlQ3vO-D<w21AX+j^uZz7G)^e9%Z3; z2gF(j#EV-Sp9GvWRBhqV1SSF)Zv?HX8jw5kut{nU!t zOR<^Z`W)`2>_GcuX5WG^dRE4ztm)dUP{Vs|6w=1voR7VaQ}|YqmBnpN;_BuH(XHCv zKRQK?m@4uygV*w}718`_sOp-O7dA#MCsBrCrIQDMNWeUL3bL$veylHLwVzYfpZ6g* zGst~MTJuZEEp=T5Z!~>EIM_QV+J0ms_^^9+pbtRNwb(pa;Z@RSc(0~}m{%ZSdFS!X zQSjVa--4ifOUNXN5txFx<(nJDUT{{R)Q{3oM$jb<^4JmnHPq8viq#yu;@JYnMv8T>h@ zc~)~Z;~)`{fTeNM6$a5q$sQHAzr8xNdPS7~0NN5eIEo>IBX#Xkct^p$Cf0mkXFjWF z9yq5G2#y)luOJGgCR>U6{{Y}`9?Pm}R(=`0DQ|HMYGN*aVlj+o(~9UdUkhJ&ip<+f z3SL^|nA>i7?}PbLWH+huACEo@*+Z?imo#f?&by)BLIosq^H(YGpZ0scwDFl5#+3Jp z3kXb@QeI@qCB4Iu||9+87gS0}~Z3DoTtc&&9i7?wob z2Io?7`Ha`npYTo(+MiJUk-uuq4*vjAziB)Pug?yTta+>iICsYKy)p@^hW2Kj)1m#x zYPz16d2grc+6~MXIxX}oacL?zWgv`@F~$Ku%C|fV<4sFOxjJmDB(sp6z@9%U<&x-H zne=vpd8S?4Ug=uA33;R5#L!$s-5DCcn*RX!DL?FGsrb)M@uiQ3?S#H4(NN6zr|LH@=WquwUxwdW4M8cEfa%+8yz_Yyx+)3nZOIQ9=^5LPDdqD z8B$V(7eALcs%YyNc=qnYdiAczyPT{F$g$=nDxm#pGi<9Im_NO5PSngs#*7r_Esnl| zk~UaeaLmkl=7AU3Z*wC2+gM~{ueD1Wh9%Z98iIHf7X(TYbltOPQ{OnnXxhr70h^KB z9MiGcO`ove@I;^6pZ*yK_NB4-RpJYadryQuJf1suIWfm$sr}VrNx)YJ2EV_?iq}`O zg8sqQXqX8ialnyC&mWyGl7lS z;EzsmUUbkS;XQdStPzM4uBl??BF)xV$m%`6$J)OWzu=|cvmLjHG&`>!=n&i7%Rbp+ zWZ|Kct0Oi#j%p&xluze|OJdIHERmapER3M~9Dhp9l}ZsDYnRUede?n99Cczr%Jk{$fh=6 z5RQFlH$?Esu#t`F)9F{?XdX9)VGBgyt{c8Z2VFPN{+GYthkv#nm*XuHTm6Q9HeSi7 zX^xEE9=e^3ihvyKR&Tn>+=1#3t$$B`2-LMGbh*4GuiU);A<_wfBx9Djfld{H@5lA8 zJ0A;c-0Osn<|yrNAbZ4!lyQkM*FN>-TF#XeH;o0#EVhhu9(z~L)ZE@I{FeU!f~Nk? zHy$wX(tL054xeu|{7?%&5$Ud^i-ZH^nNLiL?LXj&-?Sd7uKYRi{{Za0@e@{^wI2<# z-{?(omSJZ3J3}78@yGX#c3|gi3O{aw#{?OLzHazEYbxhii7liPA12^_Us~^4>~l&t zJcC;CgFI8OoeXj&a8%=Ud~@+fE$J!Y~t7PP$1aZi&YPg<=xYIvir_*$3(Ji#iCeu%a4pmipRk&g@L{dO{_pS*} z=9(iy%El%qE%T0fHF+*=q1>_}mk0Bx7qk%GBC)^$N#NDg)D{%ooUd?dB`(FLV(M2m zH)uqRiak$i@=p}&LrH=~wwYvLGPpfOLQR{&9t*Gdo*2B#?M2$&+aELMfNSON9(;Y# zG>C33EM`mj0U$Q&>ZM51`dIjz#$Ob?LE=dp%D#~;hJSP$zt*^mT}x6H<{vOHVsbY6 z*P{w{GL*U^DD21#(y3+ZS1oqNu2ldXay=^K>|||N!+Wa8650Y&J9+J1pP_gm;$Ziv zBxWNR9V?2YiskChpu8X8@ZO;$Es057;DPB}CAOje00^VPbsKx@+XiEwEEX&L>qx@D zcX|(sblp+bO*UUJb{4?1IJp@lG$#ZH^v+T z>C&{P*ve;Akj%E|S1haR*jF#&FBobXVq4ikZY7DE=3>|?D*0CABS%J!^$3#S7Wsxi z6{UBlO$3U@LhdXhTUz1EDkQwbh8%Oh?~kGg$D1RjOqt4Za7w>Is)Ye!JCw~2v9 zJLnOKsIo+=K{>8FQMa1omTl|PC$#{1o}r>Y+6=SDBcM3Q=O0Skvhd6oDduNlVxy3_ z$WQo3%1o%Bygl+dS8Jx(JNaQ4g-$){(y?-9X!ejKNb<%6iZQr%qR!|=Ce%IYn3HM` zBgP9LbnEY$<)!fz$~cG12m@dY(`v&yRJW4m*<_w9BMj!SJco_TFRyBm9Rzo1$ck|r zbgP>ZXxUv9OWA;+1+;sFb%H_;-kf!=(@&l&RADMFJ!k{Zd}-qNv`{2P*$z+4)z9dD zBRa`R1a63W9i(QhTd7)D^xI7)%IXOwkSa(9e;Vg5VSa624!JlqpOGaXCxLKvq%cF+)E!IaqcOWlB9AZ$sWQ_ECm+o2YF+uM99qYjp{Nh68l+OnT!rL zzIZ42sR4&OOiQ9l%n!d6k8z}2-GDsAj$hEz0)pDy+03mZVTj=1@lakMX~d|zj(HfN zfpW&yJx6p+CzRav?N^|RYXWzifP0R#fXls?&6fiNn$WSgfsusZ?dS=h8VijY2yr#6 z+gpBdTbgsh6fNcg9QyRCvNN`(Rv5yxvbgipvy&?-(rk3*9GYpWellb~oD7G#}D_vOK#9ApMkwM1cN%k)> zQ)vg@pR;0dv2I%l^z>VVlji>bXRT3b=DjL_liM`}iyogV+$JO3n}$I(e)`bBr^`<* zk0yelxrOCPwSj&!o=;l9nmHOqh^~7Kcc9pOdP6)?xSL_4X<8P6 zkndiY?_B-Xr8K*NUNiWCRH9=hF=F$TUNfG@Cc1qtKO#1NBX$OTaazVUE)nW{_whF3 z^xa4-9Kg+zc*aG1-KAb@t>RRM>e~7!`6$HY4nO^L&WOjk^hJ#KR+dci$11xHj1M(W zO!0(=P!@B?7(>w1%gj=Zk72O6N!37byRa)_JsV`^M#GP8^_7lUBVt#M3vvKeJ-w?E z+ILrxX1QiYJZ?P&H5N&J)m2@jhDhCy7|7&QH+c@*QFjB#9+a#Gou#df<)|#aO~C7l z=5OOLvjTYsf;-Y3`WTYlNg2a+_7#_V{+JvQw>>G?M?WOidP|47LH<~ zqOenW@@OSH9MpGq<;yDV{5n+8+`%i4l?ewF8b(Hh z_R~m%$qE&Pc*lxhxYAjtbPnOLc%ZY6gI0ZAN=p*1)4|1a8s)HqdJXMqi}Ww;i%Bhv zDEmPpcdydEG}d(6uMcW-Dk&d6-K1b2rE|(9`!in7N07%XY2~rNWzPfNx6Q`ai_eHG z!vr?oxHZi*TBdfk+QQ2j*jXHQBju$307|^Vc@b`7l4BK&x|$rmt7>ALB*E8l#^KxR zR^rjp=G6ojkvpClPI#)0z)?$UjVYw_t&x;)2tTcT3Gj2r`gWY(*;kKxlJr(Bz|D43 zh#yGanI$PTwc=bv{NQ!`YoFDu(&7Z#^9ztp;hr&F9EUYS&gat+W@6}A_36bh#{^En zqu;n=Z})1{3=Vryf+dbwBVq~X4eefcsmBHNy!H(QZ4+?Bj()X_>6^!6su zH5q)Si%!Pa)rk4O+WvLsI;2zCT-(EDsU}<*ceh3Fk9y>sEOenRbmf~eD(sUP0Q9EX z+B6cyIk}SFc-tybv7f@Ti?Lj+`#0goj3c|!Z7ippeYJ78vHR8ZhlcgYAlV#@rFUkx zGL^whql1@~etH)lSTJCNogxQe6 za1J=FBP%1BqsDwsc8xnklDe{b9(k@RYis++w?%(7tcpPniVq)+DNCU3)amqV0T@9W zH10WU{{RuK>9pi_S5U#p?mAX7dXjXyK9aKBK(5Hq?*+N(Uszc9KSH?B?W39nCul4| z9e@2*ab-o=`R~NK6~2voaJKSg0}{A7z^-!t0K_Poa#}@i9IP@j>zsWnpwcNGC$8yN zQ@T$GMj1SJrO|ICvXlKL2bgdVJvsEHak!r0;hjz^dxe%2c;BxAzPs?RiRaYppjq4& zRRCn?@T-i>r5k8n9O;Cc$xJDDih$b(r)cSCP8jEq+& z;_V|4ZiPM3=ZM|y}32rt3%v%Sj{#1!CA2H!9 zi?zGvxoGUJr@4|#g^dCnDOTjv%2qY!FRu9W9&&TVT(Xi|cO!Xc&T;8UPq~|CLf5g) zY|+ga4eUBrEzN|}AY?nxbU5i$!U zqi9IwFFZA9<)pR^M$Pin!`Gm|@AM%vEi+<6JHjtMoz$pb{#1UEILCP1{e{=NpX$Lt3V==ZBbog>V2!Co02(yYYiwXYAvg?yWhj(V^h*FPWHG}2LsmmD1b01>Ax zO`^={FP3>WNf=J&JYf1(exSD&@p+Kt@W7AdQQB6eep$B$o$2kgI{uC8>V;+Ug}q1Z75Y zayhDB+SYd{n_$~=3EXqf(zX(niDAb0!r!% zIpu_7lU#(RStauo85pP>^&eX1sEy+!ekvxNrhjF|(EW;8uMYjL+vKW^;m+#8T~l13M)z+cj(T)uPa%}2shTv*%5 zF-Wp;wUeehRzxttqTeJzWAktWCO87A8GByB>vL(EW669i;Dwz=)<5#k-m5>1CYw)! zcqg$%N5<4(4gl+c^sa+Q%=3*-2s}-!L3173S$;Tcmd`e=XiVttak-Rw_xe}T9}j*m>vnz&pTm02n?1IuVm9qNkU+!r zA6!*h<$FZ*JaYd4#=a?^QkKp;<0sDCd1NC1cn99QT@%M`t19Vtal>h=K+E?>4k&c` znaX_+LQ7pr>UcE=gMGYXE=b_#rDAGP*(kPBpLPq8HtlQAhO`c12sHD2Q_YT4+8zeUGyXl&>VXj)G@=JH+ zNp7vPD~=DXLrto*D5A8*8B?5(09(6*=i&N%$(lNwoN$ zNhf(#0-k!GdfS_^jIGf0JvQoF{X$J4A-R%tOzsHSU&p0+-;X{S-gt(~Sht%>y+~Fv ze$)m4;Pf;CN5od%cZcUlWVXGI*4{&zP6(8%5sdZ8#eSQ9&;BEAPeIaVzKq#J8u_6L zjH&Iqt!ybrOP=lfL|EGR&*9dMt66JSG3roVx1OM{n8SJ>>cstxiwvn@ zfP3&NuZnfA?B$D+QL~mkFeoWUp~dMM+|cWmdiIZVw&U(PhxuAF!Q14$4XvSTTZt5bx%h56 z8p2UygionFHK_PsMEHN=uMhl6w6;xB>Lq(l*ONy+u;-o6$1fAG`cFO9rkt=@QQ z3ym*avbr+CDqIkt=Pmis1tji@ld?R=_N~wcytaC+oIh>xMVjnqPnJdlkG=ZW4e;OM z?00%yzlJ3v~cy`ih4zCR2)@yRbaq{OQ1e{lUVd1|K-brJq z>C=mgMZlRe$r$Rs^@m+bb2=SYNY^!ZpGT5wYbQDX0FRTm81+8&;P=+L{{Vxv)v~>g zC@qOs-M=A$^rr(pW_^M1(@@cG?zF3`vmNz_Duc{FaQpM^Uu*nP_-o+3f5DoKu9)^$ zZ1D$Ghwj3qa&SBIRmv+Lh+ZerbuSF-clvv8ia6#fBqZgAc&-ZGYx})geLiC=yJN`; z56|p<>qxs77@fJ-HE#;o%cQ^BtmY_S*g?(+#tnJprJd!jWVCcyRku44@5%mkxoq~I z2zZD4Tf<%>()C~^nVbkoe3F25{{ZV(fLLlPXW}hF!W&>T=4LD~N0-hrPfmZO1{OV= z!-mJhSF?SdWS-I4T{e!aabHc@-|5~j@cg!KXzg>i2h1F(1E@KyB_869`kaQ9;W_Rh zS#~U2Zn%K0DNAZ_~ z^$k1wD_pX;FxyWU`4s1Sah`p-t$&91(rB8^wf)p7C8%?|cTj5MH1;!mY;;2ei(80EYPt$(IaiF2L z)L@SibB=3{y1dtPzZYrRwVj%^t2XJRjj&MX(t^2>b6V!awi}16>^J(`QbY3O6NUwqvEaQ#X#yFsA2JeU++h1*CPnj)lRm6z#5->r} zzm*#P7G_Z9G+ z%u+!(Yytu7I?^0b=^g{|EM6Sd;k&qnOme!%AqN||!sqBscE1#K2h$9Co}Q842_;#b zp&1HskU{N^I#Vg`e_229Mo-#e-}Z?8m=ocrh_%PP_=n+QV~#0KBzStRGs)m%KDe*b zd)vF~W?+jV0OUX$zcQR;54wHpI>}!`kEFgHYw~KkCA^O2TZq0%FnQy?D+lA3golfK zKV{;*Hq-4o{*r}G#pdD`$RYhlIQ*-Zs2|1e{1rF$NxJ=?J~KCsG>;DpFNZ!eNbWTG z5-cQFXXcR|hZ*L-9yMJqRFRTM9^d9X9tHufnk!2j^&QOY66mT}vYheWsYx12@)aD8 zyjNOQIOo`sC5kYnea13z@`|l0<&@i&EuM$Cre;=@sRdMS&tLJUK!{i~FzbQsK+C&P zce=N^6un{&BxWVMcAyinD!VS$U>FT#fFZ4gHPIn|6sLE)Fs~*OymwWRK2YkD5-S;ayV0 zTer8gI%${e*FpM#NCCeL*UkPa@D88xAHp6c@IC6=Pc6)UYSY#6gD4#V>_|VQb17Na z-2O=a0BYZXcV7fPC+k`-_HokfCM_^dyIirz9-T#ek2?PGSO!v@=e>5)k;PYHq>l4B zRdB%d82)ssxMhgvVdo3lyUrPsPJ?PGJq`s`EbAhYbKBU^5V3aMnM*UE!Q-b&XhO3y zD!7cCu^9i)+8!a08w0X$-W7e^t>|KxPYr&rrya(}@;l7jcXW>?@X|H%UP=rbh zC+4$%;*Lcet`0#Rj~_eEhpY`(|=Q!Y3To$I0rhEtSG4;iJ|dli@q*+qs47^ z9rO7%?#JbhLNdPnFfhBl1K^T0=*l;Uk~puq*Eyy7=l9%2eon3s9a;*^=I&6=xAQuGn4aiQrk8C zl<~QU%@M$1j+Mtb3QYPR!kVlpWU&|#Ndp<+*L!C=O6$FLf^mwHBxuU z!94TUl51<-KVo@d;?6P+YfTw*Gf{NiKKj;gJmOq&+PJ%)3t3GRfuN3ld#zZUih6H{ zbd4_JGjCxXy62IO4R*g^^A|p4=cZV=dW!(-8TD(7a-?>&{c@lvytq~aG+(34hXIJClW@g&%NnO zVI0n;s{a7HECc5vxwSK_g&1%>Ybyb+AU;5l%2l#5JDP%6x5Cf6<{!$C4Ys_Myto5r zzE5#la@rZtD98l%?Lf-s!-&e>dj^fTb@C7V4#8K~}c zD75Rf-)AP$ag;;X@SsOc1lHGxGN;NTrDWdePaVSCTFN$LWlyC7G)s>!YXE&lI@c>L zh`PC18ZjR^7&HOcTU26j9e*0T&y6+6^_Dgf3| z5lzH^!?&#@^R%ci#N)jHXIw|8U)sH{qXc(RkbYKC$*f&I#?sCFh$9gq{m=(NPW=ac zENR`{-CH9x4%>kB>r19jKA@+3OeD@T>qtfEZ6u0D+>DLu>rJ+r2(D5ai3BB%22WZ5 zez6#d2pE5HSoVOQl!HtS5gc(4L!HN{s_(Q+2^+EBxTFFyJCM<25Jhf9rd*iTeC0d) zPz4*|9ju|S9Crq@F755F<1<^jBZ1qB0Eb5qE!0s=QDy0$Q(lLt=$6T1CQ`C-oMcn5 z9%*-L8p^v}Lj%&a{?}{v1&PrW*No9%GKA@~Vw|pOM!St802)NOSi-xz5;%2ITAd6n zI<&Dep&a8KXaysr(&CNf0!#tZ>0Pq5j8I688cD|ktpyxzuC})*#740=>9@6VO{9IY z-gygW9E{K@I~?0a_Qa^DT|wif_{7DIRUG#c2{ zjLmZxKuK#9F)fffHY10>nMkQV;`+_5KUtx zp4J{*%5#(6fCw1`fCG+u)r+fW!-iqE>E5?QxQ&3KlBhzC^*ZWT_U;9ghjIBx&rwXI zjzh#Y2T;o0K!u3lfyk~U{5x-E>gy9JUYmw_`qau+HH?m?!6Uta;xZPK9H|@uTz0eI zC@v>!{XSD1s6%WA8;xe4aY{!~qDeKpFvD~|e50IKeQl~glKDG`7y~`3pv+{9ORM=< z?q+hmap_UXdun5iywwEp$>?iC6C7JlJj(X-y}K#vlZx7cTdPn+^7+~BJJN2zJ#XeN zr5%)KwOhNpn8v-fk9E_}ojCba#<{-nS?v#P)Ygvc-&K9`wNO7VpZGl_2-})=kXqbtA^nvY_q{N>bPve#YKFt>!y8?V6f( zW0l**UA=A&wOoz~(w9>wVin-=GuZ&=_LJT8;&O29w-uzzFG_6@~ zjf$?8u2w_KF(2N?r&`rPBc>G3q5K!(?K8wi((WS@MEE=!_iMPc$#mf)1Pg@cr!85@ zYhtAXiDi~a)@ZT-IU%cB@5E+DggvT3AOTO7I5-&TQgcc@O*>2Yt|1aS?$13s3Z83d zZqo=b2>MV-LM;_7!gx8h$qW=0eHH-|w&Py+2=~E|Wbw;7`rnTXtXEF0U)RAxw@z%ai z_^si?B3xYBMqN3>dK$#no1x%3Meo^_qnWVT+w&aax~olc<@~sA;DO^t*qAxO=hyMg za>-~ubGe4{-USL{OPDe9Z8_Ug>AKt&w-H>}BF(kK?30yY=xZ)r3g<^XSj>b}O3C!15Ldl+w-oo^N4B>auoRt~FSCXS-( zNs?z}&oT8i*G@v^(&xPVA@TLrt#1TZk=;V-#Uxo51bf%N-Nq#gA{H?){8qZulQWVq zZevKpq7eLZkz8(}D?3}L{v7~3* z^RF9daq2e0Xh0GGM<=~}jjY;9YkF4dF}-?#Kdo`qiM%FYz3R^^LJ-9wdv>T=cef1e z9!2_RKT72~BRvkw!hR+G$<*MHS~ZROZ^&gm_%-(jhBbI^(#};PMtH+ybo?rm$&`P|H^0@K~ z{Jz4v%gq|ghqSpqVQg$Y4P0Y(WZBK^y|bUp1h1g&`PZmu-Zs~C`#_5zk$5{BkVSPu z2yu2ejc>#gUrrX{J%x@=-h#Q?iQ^emMaDn`^HnJ5Z4`1^zuMLb8qs6>Li7irHNt7K z_=?9}hHHy^S*$wBdE5_d3}U%u9;F`VrCwXOSuI&Zu*n{t)$V=<*U)C#;bVcrW0Q^4 zK*n3x_q#h0bqQ$XP2G;}1zEb$H9NaTis53K)9&xCh$AgdE^iOEihS_Us`cxfR`#2H z4A$5M9edV>u-xVK?JGoR?k**?j8C-uz~I---Y(O$$qOtECzd%Vc^MSVPdAKD6rv=F z+7;vwc*muBH;3c4m>`5KBm!I?T2~adFKSYl-BiL@lYz$yD!r^0t{GW??l5a9Ou%i` zyq5DUayXJAGNpQAtB6raUNAWx^#drRQ8maLa{0y$b`WT=N{HwV>|o-774;1q!hxfg zYUeCK?OgiLCPXpFN@Vn)M)X=NH#&RG=L0WHF~xGyY4N0u9H1v0^VYMQ=rLqhi)2wq zJb}mn*FmN=>Z+I+jmMRzObZt_mlr-@xQ&rU2_SP=cRFmAspdvWMmhRdOf~}nu5~jZ zP?4K(bCK4m-s;iYME?M3Sn@^{&+wX3k7G9z20d+Uni*av^A8H>dJlhU>-7C@%J7}+ zU2(}hjb?O0EN-VYmy~6;xXWiAU#)S|-C5l3jl+4|@z~Z=eGT~;#I4FL)y1W{;larj z=vq#u=^6%%q2W#kPkPLTx*nUQPG*J7jE4s}&umr>tplkOTC(ijjif*N z%-(UFcCDi;6XZVQRF>~#w+NBBI5-#vs!wwSdrGJ+!1~k;yA|cUwO}Mv8;4wXtjpWK zwOCEIDC7!x0P-mj&dt9GO$Uiyvnwce7|2pU`u47KMC@SQXxe4e&Ms`^d6ynrbO3|auG-nbXs8xRqdiG3NEE=k z=GsAWRrbjmkVBpWSE=|j#9CFo)KRgung;n<9~}D%(h+7dO!bS{JT zVtUtt>b@S+?3?Y7LZI$HFkYV3y1FrUIpw)F&e82XbJm`*J?+v2hDOc^$mo8xEU4^M zzth|TyS{AaC!G6NEqABR$g_eO%VQvZwVRF2l+WgSPw|eZjcFUYTqJnqju;B`4-{*c zJ|)quF6`rPFv1a_A9f-*b znGvDWZK6bqNtFoh#XT4t5fx6WAWL(|l+6H4V>%G~W>T zQb{eZtUgH)$&K7{O=Q*CoR+pckHh-p{uI;UyUn%pd1H8#{LzEehre3-`@)x=5b<|~ zTFOPUi&e?+k$$EVHNBucVU19QkZBx9N)WFBEvXad|z}vfM`@ zT&ChM$Jgna6jCFS?766Tg6G8=3>GuJxcNM?>bNdXUwZRx%d1L_jjBuy=3huSNL9|x5o6DHSrwT#job;yUa*l7r7doZfR(hqP z%DRfSaEL;;2LR)YeQO^?zMsTbQ`xMME#6AGW5PCj)S1df{XK5H9jjjHl20r<-^>K$ z$1pv1_ODf4G5lett-g;9n3^@~65-B!pIQv1ea)>8K!-w^ZZ(@Aw@N^MPfqpZK0MWQ zST(8FOnClhCOEnhDtWasZQM;0!cc0^+22}Sq&IRiF%EDeBi_9CQqwLp-DKP>NZ^JJ z{qsVY`Hfu%P}UJ1HMp8PeEguXJ^SbRS8kKzRDx@jX>V2{RQDr~{J6q0#2mth8~a-WUm)GFn6(4@`PfHi|jzf5JDg*(to1Dbi?(!t@|! zykzS0TO^QNNMj+0T=BaU8^M?SA>yrnOrGr)@$R(AkM9-Eb{}l^;=2pq9Lgq0UdY`= zC-LKff!>1bc;>OHK=<;*Vfl-0+DC6{*3ur;ZEj(j-2_ZGDd!{G6%tlP6OFbvbWIgw zcY7rWF^~Z3_|)2dq2etw#2e=ky^+CC%ba7esfU@I4{*};J55?7kbsggCt&C+M&>Im zGkxvFv~q19KN&1OwQ^?giSzBhiF92@#FtAHczD^Ag*YUE$JeN)OXCQwwIqh=cJCza z0Dz;^)bc)}_GbmEc$VHd(WA}O22;9HNypRiuUqgZ#AI1s(rbUS2!{RGA!JN-HA*%z zbkEVRhn^|${{V)(G@d4#P1E%_9^1{7n74UD)N$!juZX-Y@fOHWX6(9CMq8qexMe#lB-sswPv!UIfj_G9NLUZ?!e|z4rwBHc;N5Ot{T4-qO3p9m8 zWPzSPrD+lBThzQmbF87ef^u!#2aOxB_xGwg29a&zEmmkX**uG6P0HanWZ?Y2r7~I} zzVHTvp@|<)vbGN?-sM;3&U@FFc!$7OKWR;OPrJLd2XtisINOefmoVcio_nZxL&ka{ z+jxshxP`5jQsy>Kz3;p0TUOUoYS8)D@x-@rj#U?-^%Tv~Cx#}vw(&`{^Q238M)I!Q z1Hj1iuR-z7pK~ZpF6Kxkw`KWuwoW}o1@j(vqiEN*cUJM*%n}Gs&%2y2psw@BmX;dq zHhPlVPZit>5tFNCrFf%D)T}S>wcA}^LVuQ9NnDnV$3xHKUwUYs zCl*=`qovs0f1zE#W1bLrae_|YN?J2FKF8-B--T>!JXx<^*#wf>TZVYk_?MHz8sdCK z{i&ntG2K{6CYsy#Hqr9PJqY!uV@OS&$D(UGw~64l({5&IB_%+458dOZ(!Pc828pQX zw@s_8?`svZ`I5FW20Q-%^{W{x9Wjm15%HhIonPV?#H~BRy4I`b>DLP-vRr3xmxK3x zxUUGiyB`O z@W$6c(JXvpq3M&saWf&6h}@oFJT?bv(o(j@Pea?j0{mmwA@Ci)jU==eT8)LnTikgN zVfF)!+>bzOyz$<*@cZM2t7YOSq0_ldhZt!*z%lb4=OTw2y$t1j%9{TG!hZ{fy5;Tp0gI|0668JUYoo~Qq zXSpcSe715$E-*)S_U4m^Q(GQ8@k`+ryW#%;5L`!Las8}Re*+Ro$3g0A;r{>>F1Z%3 zJi3fI@}F+k&Qy=BOk-n6#=~y>U#nVa#_LOzTgZodMi&9V>M>uSAG1%zJCBGz4c6{K zyIQrC(o?tu2tMg2`PQ*lOmf)x>*8*;XX0;(z97=t;?CPqgn=!u0Q|>0m((2Mxy=_# zv(xVE^@~-GYse+sV`b%VM>Q#1b0;IN_{DFfYp_}BsMg|UL}^~#c9KXOd*h{WUL5eg zmMxYi+d49wyPuexcQr}037rpzybs~1^-*}zOKc=NCXoi@crD<8>u|6lq_WZ(kt112l&?3^Id&AQg{R8fg8vGnSDn! zGJqw~A6w~(;p>fgZzz*I#liZ}k+@r;aPx-!IDK;Cg;_%;~$2mc(Bg z{1V!4!x7@G4jI`k#tbZS(K~+-80r2M^CyJ$6xaMTLc5)21qMY6fZTPhsjlQoIvn-a ziZ1m#TiY^C&BPxgd5fPb@ipX{--z`MKH6((6gec2fZ#SdX15Mf&xEIs#4ijF4YJ-p z%kno<_}8iHKL>S>4XRD4+sY!He8}557{+)s1&zN2>(+X0wx?>knj{RHOfAkxF9YF8ifu>EW8*d3a#eb;7brT#%Ct@qlb!l|Z?JG@o+D3`3$C!m58*|jq zgmr)Lw+5N7>GRwz#-fg+pgWt6MS35M?KKaHz6h66@TZ8S(Y3fyr29PJsh1hTFRcQy z-2A@rRnLiK6Gh@Hc1!qN$0k=D`j1-REoFG59z&Sq?0cKnF_Z133Th4vN08n$OoGuZl9;EumOovU1UeH~g0pt1yDPS(#j zJ%_isuddY++IbR9t^;86*A?hSdR*t0=N0iAM7Qxzg*8h@hD)c8GWO`BJ6j`>Uza!f zZR~f8Y_`%CR|vt*3VnU+Hp{26xqsoUTS|^kwOLLAW43wg#d}|aB~KOjE&M+*z8Z?F z44$lU$LXKWw5KkG$}e<%7yAi(e7OCV{{U!@3V4MtFLYZuwKUW9Xi@l*79$QvO8)15 z!JzoN!&*m=JTIw5s_5FBLU^4HMo0vM`qHWJ-4)6n3)BaLwRE0Fir&TCEW@*Bj%(~D z@an~H9#|qwxK4ct{3Ah*lc+Pw(M=M;$96}N_V+x#F71y+hbmQ0_=(x{Rp ziH700Y&|j7pb@DgmfAtb;Xo6SvtZs%dsVpQ42C7>dE$Y=YDfYo+{A<)gS}aailaCr zgX(%vbwL+ml323jVL|E*edYfE1kL@hHNV)O_Pg+pj>x<}54HJY(zV#qY$I-95<;Cm zQfZ^62l`3ry0($yj|*tNDA1*jT{BR&OQ^BV3k>o3*B_`^%v6ZZ8GkzS>%`FTzl)y^ zw7(vBV)sYZ4A#ji6%$4|R_ssE;=eqX;rEHW9VPdM{8w@2YW9pI)30I}OPG5c_H1If zCAn&S&&(hADA(-qY4H!h_kK0CfE%e-%AR=Bbdb)YCm&o_^98Hvms(Zi_IG!mXuFO^ zRwg~CgNzYfSa;Cpsj-hFX%-3{k{s?ePs?j}43abc73o7`&!|l#o_i~l36E}RmnkDc z@y8%vmpSyRAv**UZ-oQ4Sa5OcS4+Dhi~!j5>p`q#anZ)Dx6D7h9qM^k%2i~L1qZq7 zLD5Z`kxuI#!r(SI_OIE0_#?0FgR6W1_@}4*HP&^^=J`q#-{w12~&34BcOJeppv(A!-JH`v^sKFc`h zLv{zDALQ^wYHJhlZ@_=GAH|>eC%?trVm}SvYC6xux#XF=L*aIqc`K8}#j^BLanN9~eAK@vp?< z_g8s5rGGgkf4s!?{{VOCT)SysVUlN8Y2BMAob&Bn&_xt4(haN}e7M7YRr8OC^i{CB zlIAE3cCR7Yae&9aOLj9gHF&i%dKlwcfwo687@!wSL`S3iT?lutMOmO4M$1w zKgD+b%<%l-e2W*4h$I~4$UlcQ$zHESYZxEVC&FLZGr->kw7B%259wNdmw151ERevZ zCPR$l>t9{yI#rgRruiCb+r)}<<)FaG80lVo<v#W5PdgvDN2j?~v_Kt}uSJ zaHh?Ywuiv}IQZ$Pc+%#0EJxXGztyCOz-}JASI^qcp?32GlI7-=P6=kteQUa%GdY~C z<=xSZk(iYy?+&7+(=1-$$!S|??B}g@-p4GSrrc1xQWeQ9o-i|A#);tFOIVgU6e*h?7F`BIM(a zIj=I*JTIzz=#b0isXYf;=TU6VTb*}@bS-q-!@k;O+wES>IKo&_N1B^8gH z1~&T8BL4t~Gz%CbkW9F4rAYkiV^Vu-J6DD{<9Knkc;r(`;d7DGC4{px#*xe$KT%p& zscmtxRE-&Po}DOa!XS<Z1af@GYiF;m06KEBBYesat|{6@-PNR-MMuCVr&?fW z+-pB=kfead;QCVSgK9jAuY=rGa-bh{meWA59E*|EXOUU(KqFP!bMMxm1ZXy~C68aq zrTZ(p0x`CL956iT~FusgHfr83E7B9dLAG!TxjPj9tE&k0nM9=+;& zR=!z4m}lHjZbzs{kRf6QPi~dP-OVHnuN;o6&j9tHOw02Oj9da+IICAJY#+AXa2uf;rGS)uph2plFyXW1;Usp~vb!G_M#y2TG0zq#y?BC<0q= zE#75$0y^{0f2C_dXdDRxF5%nOfGrDCDv;pE+ch*=bm)z`c9e7g^{P^_E>k~5c)(rEWEuH}&tx$1g~)xDnBCKfeT2Ll}qONl2Lsoq+= zh@m{9PB`dlD_a+zGDdf*@@gd57a36(7#XSyZ41cHf~U1gYza&b2SVfNQN;G}N?K$) z0m-e2lx}ES>v}|l!41Osg9BzTYSi+HBV|AXV}p*h5~dN2jQER7m3|1$IIlVJm5UU2 zi|_vcc9dggTwRZu^*Iyw$sm2|NZP}$E98%e9yx=vB7G^W0_bf{OCI5BH+Z3zX!KU3FSrGeNyD$h{nU!TC7{$&bMgEZrBZy zJ*YBh>Mk!JnG*=8LmaL5SdGAaMRK3;hdb%s zbdPTL8-8=QgY=-*JDx$}4G&YbCT%-snysCr@WQ#fzdvI|ac-haVBl6#M)A<{Zyb1j z((25-JE6G75BS&0ULo+coQT%)$sd&5F~)KDR&5;!_`Bj)f36^L~fMr3! z9>0}wT4nP~14IXyG6%{sYZ*j#Ju24AQMI#&?9o4#>JH`{fA#6`CB?4kr-4=6bnW%5 znsyON=gpnLR9`pvlyxGsVTDb+QY-9L{uUh6sN89q7dAI>TCDagK?|INkWFS=YFdd= z6wkevgMn8L#+>NvJSVJwWojbg<&<&(0QS#%`xi{q?QV4YTkAQZyNX!B+73$kgIzFW zG$q}nPNqzh>JkK(XgSXru9&S1B?FhZNTx|xpn=8-Q_+ob(^@f&!U5*z zk(y*2lB91xO^=uN#(dnGC(WG7&Y$N6kjxGjC%}crD+YdIBLl6n?kycBe;q;-H>-4E5Gp6 zG0A3Tni)LsNXFg`QOtF4fa#5eP#hjA zOThMbk(qSKqe;VLB967y1c39cUqQRDQx)>aolbGV{A&W8U6 zTK4@f$Cizz$|knC1(Tnce6`UXh&VlG#CH0NNFbP^0mx%q4X217L71~oBgX7mfjQ68 zsiB6c;#l>+Fv4Z@An-9dIvNAeS1Dw9mzR4pkupsWwHJ@n~r)#LOw?I^n zm=VGHR&qvCmqV-6?p-3cS(G!C845aAGc1q2ol8am=~M>Bv(Hm zS0tDOT;qX3lI%vaD*o?y9C6P|p*H{%Ad$Lf*0P@F#V4`5EgZ2-t8d(OHPz`d7`A{( zWBjSp1FUUA-ZUssIU_vPEks*f!HBS`7pI}Fif^DC9GZ32q=rlew``scc(0y*F6w&i zzMF9RE}b;tdSQ8E>FZh=LOo6+;g+rADC4-BR)S`up2as6v zfsSfsj+nGnotP3(u~KkA>sD>8<7q&VSIs;O^#ZvkxZIHY{W8>To;bow(41pD)V9bT z0*pvuz$;R7&StD@sz$r*=T(V*^5c_N?XLXThn#lfC*HJZ#K@BQt!I&(f~+z3c><)q zT}7=$#-DIY6%3(AAp6xNV_3_f<<`(^2JvUqW@joGFx!B{o-5EHxt1kI5%5Q+N@bUB zHLG;Ci6lUWwnr!HRqf+>+%qX<2OtUsV_MTnw^X@BVdnw3ESUk0dJ3y|YW9*AOLatU zp=p@C$l|+-BBfM@5E7_Ix9bUw%!3=5T4g)d9YCRiKv5Dd@EG>umN1?8$L|lh+ zFNpP6WJZSN{DtGEQB?H}b62^I400bO&f*B_f6i*m+9S4EuIG*^qi->}By_Jqv(YbJ z-OM1Jp1f8Kn6+&T+s!Ui+Ah!{gNOAMiKs1{2t_c zAUMbv$6x;dRdW6xdD(5A&L-YeA$3eLk3-yjD?+Vwdw!en+6_`Gdz*Rm!F9AuCudia=xdo+u(t#)E4%7S?S#TF7kC@h2GrwmAH1u8HAG z3$0|{_+H*LifL8cH^^5!oQj6pW>+8aXTzQ$)HFHov{|j7zO!N)84t|KjB%dT!2BNZ zmZPU#&jj|fS!xmDH;|qrJO=kxw-WyVY3a7t>y6%5H~@9#y??@g@QQ2tszD00I+JDz zGBdE`-~s81%ZD$QfD^qz;|R?yN*sG+pHmv1=%ii~xv+rJUPe+=+La$%Yl3g8dBj@h7{iw9iP zwLcC`ZE<-7-)9+Ij5gn6Un5>?5^8$Q>_#h#bdEx!aTq@I6&dPwnj8qpHNxD-xd>8# z^4|5?N2^+h1XmCtjx3zx1%du_8*{R=>2OOs>K68b;r0%8X9LjJBdcnsPrHuNND4;E zcQ!B-dYZ~xkmcO$v}?QQtf3*8Mt)`6oFDUw^j#+7P1P)##_HZ7daPT|X2D$cKGgvh zEuNcqYk4)biD^!86R+GO+PkZ3ol43kgHo~=N>!sVu_Q^6kF5sr*!epD0KpR2c$Rzn z8D`%hAgOHa$<1||_l92D+QUz2W2HN-S5{Up+8C(weuUz+FSRaF>aj)$LWeB$Lt=rx~)k`D&QZ56E2S~>`cM8_V2rSN~l{{Rcv z_*&;e3v?PtoD7^Y?mhniTFuqe&Din}82lEw@YjZQImC}Gx<%$jBspTa=rPy-0IgpD z+i4QTJ=+(&^NY4on2^8<48%H0#4ZK}XDG7^ zGq!~we_j@YjnTkEJbQ5-{kyoZ*~2>dGIv^pus_N^Pk7J9aib8=)0 zBSKa-A1gB-Q`^0G=B*EkbnQjqvzhiqjhlfu$87u7k&kmz2T$?miS#X6Hq4H*2+n!lRP7QAO zKjL?c?W`?syy>90j!!EDZutquMm>rBYAhB^i^N)_Hq*AESID{Lw*i5i=lR#3UU-i0 z#4rWf9oxnUM_#N+rZcSYRC=V^o|zrO-oZ0CW-GwR{u5tzYdQ~!^&bh#ccw`dtCFTj z$l^c&#_V>kYKF?8;NBScU3S|2_NA!Ur1uV?$%y2}{N#>0QR6=YXgcin>*5$5;#i3g z%%^OTHa%;fne1P*zJz+-tDyJ?!dIVVw^;2It2BW+9(w*JysN@r9_;);lV}>k{i~nc zF3h5gkQ)S7Od`c&>3@QrBk+!ue|w|6b`xorYW{t)s0%9)Mo9I~e${sS_G<7Fwx{Ah z4Qkh38H0bEku2kRbIt(t>sq+I(B#rHqtznNtfbR*o5t0f$Y{ip{{RT=Yv#RI#`<4| zb?6#+LTRx`ts+FfdOV(jqm|!N9#qP@kHmcg{t_jg3kR0c=rbrr+9Oet0rcxxz7+V4 zq(|b(ZS@InY!1@a@*)OO!=_2-D&q?k?9wFE{wGVR_~S~_wQHR&eGkrzO7A8JT=RlB zuiw9e8itACKM!b;>2OtBtZ7CcXNVXIyn%WI3trIc-$0(XT3qIu#?uu72)%3tlG?Go$RGxe7NO8 z93Fp$ze@iAW1kOrCqnpnu2|n|P(ybb2YIK&X_84fUgJH!l~LJ*wmvoeqJ$gI3dR=hD(kX`|YvQT^b0kF9+L z@Y`D#+DzI$sc5SxQX`%a0meF-nQRF&^UveQ_SS>(8&}eGD|yn3X0{42-h zE~vBGKqnx72SR--&aW3^vXVMK4{L5`iW{X>ZVM>rJ*&_!huSYK#ECAS3$XI`lZz)mY%FA5RWQ$N})Pjr%!DIeKeT5Q>m|{M0+yKEGZu-}CHKClNskf#^(cB}= z9_ZIRXRj6cx$z4`yYR=v9b(S*&F!roQ!EBU#GARrV_4|JQ@PvtXxw?Od{f4W7*alEU-tO9mn*4aWo;{xkmo z;JiPvRjDlWx|rC9Uj z!b#xq&T1oZBbRWX1Jq*xP;|y!3x-1?LKU_!>*#95<*)XZn{%i9k-UqAkdh2cIxszm zBAL|*bU(Lm_&4MJ3I%oX=io{Go&G25A8Poe;N~z#EUZi4>Eq>!V1J8`l>G&NLE76v z8>@g9cUtDeM9}2!tl_whNGDD3xb8odd=L9gXucxR;7i>m%4_elvhKj$`>gYi!}`~m zII$ln>Y7v@De&d?gCbjM8ZN5|L}SQ;d>yUqa%=fm{kwhvYQGA6eXDA3r=^v+x$^E< zDJnrH3^?QK?kUo3Nirsn&%29fC5(uL_hk>Y0yJ%b$qn3BtxjDIDv>LMEZcUl>({kC zwnnNX7&+wn)`k`$jba;>BRh9?9V&TuDLZ~~{{W!STn8&>YM~_bt7@&c3?(wWD~u!#6h{@R8|v5!~5f_TZyrr_q4H6w|TQO`qGR{1bEb zxbWA;FNAtFx^-562Hrt4XnXBg(Pw6IP|a8e>+jrwOKqhs7Sxsks+GO zcK-lZdlBSpZv12O_pdJ(Na=)*SHybD%N^rd2qV;DLeoI(7jlf`;Me1??P2>}>AD@Q z{ilcJgL11!_H!meNsJb*8hCT0{8jNc#m@?OuxhgSs?c3(HyOp$XXj(+a(?Z6MdHYG z=q0;*7#7~!`=EW{UZn~aA2p7D!k#m*vzB`+rJ4!3^2>3^Ju~=puS(LqS!aKCmZsr1 zTudG!rmQ~S6g1&a?}EA<=pQU3sfVf)%u6TmpTg^7| z$~&=bERiy#qn(8Jsg$g11)=k&!ruva*TB+i_C6r-BkLA(&Sim_xKZpodg8q@_g30PwM1AVvD#PLt#JPU5I!L3`aOYr+vu$B(O4DT%Mt5c z6ytVT@Ry2zYCja(`PRN4)W2{T;hP|i-9>zn;tv+ z+PNnq4pZnq1AI0YbD6H8-sBCq83MiL!@|jDwle`#9XQ4-o^m!w^vwrGvz8`94rW2Y z9{#nbK8bXY$s{;};B*9V-qnzsG_>0|?jnL&m93}#Fnd>jrg&8*%an%eza8sX#Ku!6 zHgxt1-8XPv%qM$yg%Xd_PEM2l=l`z7PQHCp@a7WWFXKpZxH zV0jgcw*nhIK_Ew0GDwPe^`~3vmb#pB#;)6e!31LzfNj*`z%E;J9zClWrHN)&NJ3|> z1psKmq2yx{FkmyBS1+kwYt}d7OKmgl7D`9Xhmdp66{3n7JGSwJi*ILdcV{?884eda zPrX@^83GH4&h%lCN>M|8Mk`4ov3;dLI5hUTid6}K8nYydOIKozg%OVRyK4+`;aPy= zy#RGKT2+X(aLP=~cscJ_%^bE;JZ!C#_f0S`?p|pN65l>}tjkN8;Je<)c7jWND&rpD zcDEYMkC2ZM3fS+)O>>W_nca|)AU?gS(y$nF#P)K#hh{_04{F!6oXZgkcYjKmfoIHU zMilL8(6qa_bZDhi+1rk_kQus*`CE_$+tAfrJjAkvEAsW}KpPikBtbMmk+abEtcfI^ zRvTC$pov6k&pbf{>-eb2jM_QHackZZ94MRVwPk{Pa`$VUB_pqhP7~f z#LgQ$8VxLB{{U!5mq^&QPkx57u1J-PYQ{GliUc+WyNfYM%F2Bz{ew*m-dSMkPkI2e zeH)zRaQ%)dx1DztxJN%Q>S!i1xm?^cBY`7s&N}s}^!t}W0AfW29X+Bppb8Qd#~_aN zVhI}BLKqkAKp6U|lYf~UeNXWAu5VDjxodV%Hx>NF4UHp>w$?Az-Z>DmXR+&DCAHE_ zRUGZjLYc23Hd{{#5t1j~y=uLPStKhgq%S>tRhbs#g&~$ah7qylmW$XD6-R;Fo(Mgt z5tDTt*^Ok442VA(t!r}e$sd@f9*4a<8A#W>h8bW>h*XSq_p0|lW}3(a4d!Q|9VoE^ zY4O~^s#8COYmG{EY)Urcp#qU{m4<3DMSB8a*dD))b5mHdfC*+?W1ew9+>DmEYf|Xe z%F$s4fqTZDH-LW7bCnaXPrm>J$TEV<*@R~S#3IWn&9djQ=)BEJd>Gc_$v^Gdo$ zwU6W+l1CMK*HIVcWtA2=PbZ9I&<8;aMFnaQgC)=adC#Q=a){=O%$U45 z$5HE9cRS>ES5gA;K?W7hp%t<=>4L6$=cQrT_=9ERMz_LfiQ!2cQ#6cDjNe@Gup`Hw zLH?C2cMU01=M~2rb4aoan{C)|`N_{p>2w_r?Vyn=D|Er{KpA?^hOVsUnnW=c>NfWk zk*D57WiT`Bke$7H8g>=UvTh?{t0K&mVRZu+E{uC%(kGA>?I)9Bmd9PW?@yjrv)jhy zZ(3#8&vo;p-mxz32g}~GFQZtc#=%t$hB1qlH9)Br~*Qe%~}2fs>N%V?&6G(}99?fq+X1|_zRk<4y(fi+yzH5axS zn6Bb54FG3Z>MrgiE~(A|%~02DE@W0MGCH25QognW$gjLP6~vNx(WcB1@0#%aTj0z( zp0^bDHdfN6;qw^!^Zx+XskP1FBiuYS;D|IEAZ#NFSB<#FE6_B!CXQI-on7O{BONO; zn>st&IR4MR2#Gkz2BOpMRpBwda;FE{kq&5;t?eY2BXT!ytxURl#hDZW2PDu;r`U<7 zi_H7LH%iq0+JY^xyl(Q~Vb`?;65CDogS-r{PL;Lxhzvp|fOE#>>p^tU%IlhAUBioT zUQR$f%=5 zpGrL~5O{2kmGYmB{10Lkcvno-^c(w0 zLmTbCd3vrh{{Ysng|8x)!}y+fzmc)zB>>vFA9z+0Z(t>g@)(jd zf@wo%lx|ejcbPuY?9oPwf4VrSxY8OP4>(-FGT`^_J*(Qj9eA0v_e%*GrMGt{41Vc7 zzLmW>n%c*?UTX8bnx~fvAtVeAqPZK!Hz=cK`G-dKuINhU5_U6YjBy;kSv(P*hO=(; zutAz8UD@eW%nVDLINUPJ5i8#u8t1O;EbjElG_62C_IM?S?!h@CxhgW?^*%57i{Z1R z--(QR1}!ef724h?KUV;uX7GbRQA9Sw9vT*^$V z{gNY{^4a8I_BGV$usV_=LIFON*G*_lTWpV3)7s!Xb4Icz)5{9*9cIlI>Fr{VY01V9 zHD>WgJuaE7B#hSg4+hVfN$zVN=E?iQFi(2QayByWbeJTBG@!dM$Gt(M=#jn5 zQQFKBRqDUq70)RNv#^TR3yfRc85IW#0sgh=8Vr{9F+w&8LLB`60LqANB{M@&)sp4Y z%eM)RK2ya}dG#?1O&FKU&&!PCitC2OT(1S|U2e&A#|E};d^z@uNM(*_=3$HyJ9nx} zQfS2DH9bfynR$@U^oW2E4@A&lFG(8 zCLKW>epRUBD;YBAjS@P?1OPGRfabEL(syMfk7|bF9sTJ&jZ-h#=#jE)Ds$P7IW?fR zO=#-UL`raZ9c!J8mr$C<_SC19wO4=#tzcU##rwG9M@;m`KU&7d3{O7gUBgCEPp@ih zZsGHsr?CAiaTe}ivS{I+HfNWi1XW-7m>_d*@%bQq+hqpXlHHEB86tRqP&w8Z6hN-I9yR;C;vDjq^ z>Ty|CMBEp*o>S%V4GMn8p4e_H16G-E5laF-+nVhZDlJu_RU za!$)ixzsG9MFe?c2d6_)UtG^2X<;a=dCoExv!3O_ne*MvaplD+N8k>aEmY;2b#1Vq zPg9&9!M0=IL~;nU_KI1+MBNp5Sau(D@C8wPY70BOycIN0p8%{Iy+ zWSAKC{nPJVAl7ZIfkGoA9gpi-8A>My;yrdN*rsR-8FTWC^Il1DJg?D3W8zrd!04+9#YNf+AW_4>c$o zK1%V=#D{$@+29k{-pat3mnv7>`U>N`KjIBa>c!=~xO>!O#H0-1XR+;Dpe|{1we8xY zD#Zrxl(FsaR(waM&a#(+RCvJw_VKiPP-8D6i)Zuy0CZdB$qk+=#h#ya9I&)fGFz6% zBRTe z>#M6tl&PL&C1lCqj^vv1i=<0!I(=VEwsyHj!|fyHBpiM`8X?%IqAvw_%f#0+U0BZ? zvf767_y=$&ujNkhPlCLC;olPI`pwphCFYeS(oD0!*f6Od#y*7Bhf0b*ywz{~Bd+{5 zZ68wBbmy8&a^(&X#Q4DH)1GVL9|Bm~_XtA85(E6`R z@HCoZgK%S=WQ!oh&KQn_*OhpWP=mr=F4G%JxoZoFCRC9?8Eo)LqQ(c*-ZkH&ctYfA zFA~ZvR^i;9K*#?8UcMdDZ<9#5xYXCqx>;rO+Y7k1PoVb214#OV!P@<{xf|MT78aA` z$#ezK1tcy_aK0k&%GysY?Xt5<X9ud>{h1ymA!NoGM|$!*+f6>=XO0yp z>~|8QkZ1z6tU8XG#fwVfGCz6-1Aq1FW*tQ@Y})13f}tdn#xdN`Z5@wb@N3!Xb|P6F zV+u06fdP-Dd5^@YY^}8jCRqYLLUMRwPfz7pNoq5H!+tN*wF@@WbtijSqfihcj5nv@ zTAyXRdxJHgxp>YCl{^YgHUrFs(M(xl409@8T#Qy*p=vPZ`9*1!l zzKE8RRQliQ^9h9YVk@l(9z{buWf?Bax4- zBDv2b@DGKWo%BCI zE_`cmrRet7bKg7Y*5DKXkCb}j-n`St-?UeNG+i4?)UK4lZQ-QZC6akNZL9fh@63c(2c#iVs%_8!eR(_cyCy|bw=#4uv zd0xa;Hu`1r$t~heq$?HMkG+mFT|a9(1iqI`q#14q_kzqql!MuB5xVBD$C zbv4fEwl-~&>but%U@~YEiR=0{qiQteu#PA5!th5-R$LxM#-^<-aqdhKrAPVgKv><> zybC4fy=kt;3%-v!1uDu2Qai8m#d_w6q-oYyGI(m{@eZ9lTZGIu>;xYDuxJtH_nre? zHtO$8)GuVevWbX>K-s|UliYN!ufg6G(xw8&D@Y_#_}-v`4NR7$sWYJQ*TKCh;An5A zcsK!BTkmiWO#0WF*!(fI(5&9=trH3ig<*3isUsv5-*87LpANa z(4Nd^9$yQS>MJrb)NKZPhH9ze;E8P+iwS+CXhIz>u(Br2ByGzc8B4OF8=23O(+Z4l}nwdG8fd>JFobf4+>jfTG~nHTTPY1 zOY?)+9DCBSoTbq5T?$_iYubk0O{9@9#aNv1PuQ$zDJ zk=V~ZjdP>JXC1srsY3iX0B=Ls`~Luqc>bfO#b>HqGmFs!xpBSsW7ryIYD}@=;O(g0 z#vv_i$~a+?&7PyvpsveShV89qP>T;(a1LQ^S5BjtyGRV>PUdI85=J9{9y{eh&DP;oV1B)bzP^ z32k*i7Db9ccD8#d>FfDWXEb^Sx2NfzB(RG|)wKt;wr4K`72Kim>G)T|e-=DBKZo^; zjU!#Ow=qYLCO`pK&T)hE!Tf1;v6YXWX7M-tA~IY&*8weDg-@5E^sh_sU&RlyT-r|s z%ExwqInPx+MKPY!sn6l>7FteKIc$s3ik-|Jj!>o&GwwB-O!xpZYbu;@lT zKgODgoUV1=6x7=4Yh{|z)HXL`sIN=-hi9&7{t&j+^x5JzUU!gKI4u$Dl0VOSMqJ0r zem{>^@uZfM-``6$%t(t1=K?*Xe}#A2CWEOihY>UVrrm)gj_0tTu46O%8(y}xj&w&n zkny46MtYprXW-ux+<0c`C%=Y!h>(rKE_m*7L9#xR_?7Ul;cv#R9@E5nwWOBX#IVGv zEv%W`2X*n5i!7k-U|B|b^P2eU_N?%e+-p7<@eP_uaI%6O z5wccJoR7oxtSUnK9hiSJ$$Tq6h&&&2Wv@pGksxj5cAd^gApoy$_{;I3JWb&XKkShV z7ltH~SY0-{NPh6^j@8WQT(PH@ACKC% z?5X=kcq7FYX{x55ZK)(WfKql%0b#>n=b`#>UaW6(&r+4zXZLMsspwx3{3YSPirx>L zU-)xZwM&iBkX0OxM;vqf^IBdO@h#tl^_wfpWfH^YD3J-q7d(;ltmPh~N9eAXt=MaN zBzJK)%E%5qIIomHYj4@h!XLI5?CtRv;2(?a7Fn*XB)HNiEw!z$5EhM;j(BWjcLa*( zsSCxZ=)}+SfcTy8>s;_>jeKX|j}>V0=sr5|?d+Ovt!VL)^CL2=d*m*1E5k1!LS+%B z%vb|}c&%`?)k<-x9;)XxR$(7AcvykRI3&>OGOo&`6VI)898+46#U29*6zuEGMRa38 zOiIMJ$}l_o&_Pu)v4mr_kEd#~^La%CYrK(;MF3k_)qw#@9G%|uyNFzEAfIlu8=^&x z)S)Bg&U)6A6Esiq9D5%0(bpZ%p?_sB+CRmAvTyAn@ZaO#h4mdliOgns7o z&7>JDqx-#U{V~28{6+Bp0LQO{{tx)0;fsq)-7{3Oisfa7RdsF12ss~GnvwTSjb@Hi zfuVesUYv7Yf8zZZ>e^deMvzN1e=94fZOiCE>t0TxvX@Mp9s%{P zgOXd1SpsAP?Sg&j#%v;)3XBXE#{|$+WzZHtsM`+A^gfk+WZfGsSjq+mp`g_4Vh$8UFx+UH;PAXYA+uN9q0u@t~M|CGq2pI{dTzmY2E2 zQV>rWCmHRW_OI=CO7V@QuZL5?J~P&>BD|Ev=$0EL%ek;MQZ^ z7mR|(V9z+N3cr2Id&aEm3fMJj+dAnRPLZJ$Q?O3O;ot>KRLL`}U5 z3|8KzbnBTE*~uKK-)QMrH1{K%(9qf|3E`NM6foRByerkNpt07|&9n;~gk%B61tg5l zYW*Y9V0f;PH*hnKd8;~3sXeR4VJFJ!Gh34+Y+c+9P?0JGe&h^hqton?7h+txXQLcq zg9DY-o^3N$S!04Xv~J{NlUFqRi5}>NK#{jA{uBYwOK48llX7<+^;T$n_$0StS|SKI z>p&dmhP(r#=(B1UR&3BbpE(4Rxaa=>uU*Zw@!P`C%yzagt=6_uLuLi!qT)GVm@!Vq zs9KrgTyHx!bRLw{gm1@fZ!A7}AWAxMRWB}LyM;h*c_v!)KV8!^CBl0s~UZ) zNjuDlA!g$>AZkw!{Ia+MAmkp^TJGI0Bl6-vvX1ltdqHc94>6~VPMGC!l0`MVS*Kdv zJ+GD(oPE>Uw2VrM7E6mwMK{LCSRcB3Q`=IS+BCO~Rg<_hq=(4J9)CEHKu~dH7Im3~~`5CnCDrsg31; zo67mUeFXq{%fFQJJdAedzwp)+y5+Ttvfc#R#|Zhx?`qjx4A#1i{nkjyDi1(-uCGh` zAdOhM3A51kssh!-EjyrOQl6OWTKaXptSc;X!V^Dqj@6XFtuza~ahw`#moT7Vxlys) z)U*daWRUMJ>fDpptycR?(aQ@U!si_*1GBR*+#+uy-`caU;1<$5q=2?*0neE-z%V(j z9V+2|){v3Z;0gfgu3ktb*)lQ_%8+XxQ)QVH65Mz7plO_iq-+D~?fi*P)`1~Lr>a%M)LW1NDo zwR$i>C=pKpssVc)9rJNkW?PM z>!E9M(Wovq4&$u^HZ8rpamYbp$J83VJ*B*e#K^J9{OP4|j^_uccuFa}#xpx^90St1 zXZU`QN@s+TFaQ&uO3^^wd7E(BO#&#CFq95)-kTcv(l94$ip)j(R%Mk^Ot)cO98%v{ zGS6#_HyAZ>ft;SAU29hoN<85nD=y;F+F91}D{e{owvP2&h=f{-F})cHU8bLVX*`J2 zDyajUiq0zLs%Yh|-b-lOWPC6<>&<7|>-XA{q*o~#s_+P{c}L8Sg3<1C`=UzY)|+u0 z?Fw_A zu26zfH_vJW%6Hcnc7O}1!@zhP)d;Skx+2&pEz}&+Y|q)3WYcAZRGg}N);;sx+C+ZD z;oGJw7HML&mCe&Al0d+o%~-nYYB9(f(%8zQk`(ejl!{S0Ee}P$)nGC_PK~s6?OGCO zcXlq3NBh!v>r|w|#%;x&{4V>g-2n6%2Dr^%N|N=T?GG>tK^QoyawN|F&2bW>7cP?y z*y~zWw)ZXsR}zv(9QUli(w9QBks3w$CIgRpI4g>; zELy2nn%8rY`A|6)bj$5s;zYiU6@fYDJXOf zWW4(@67DL5R_{f;$upU>J2jFay16+g{tc6bh>_ zJn=!Ys8hJQ5=;zbqrv@sYstKEp*8YJAaDr;kN&*{#%IUgGq$zU=9)PZ4hPOL!OeVM z@pIw(&1~KwvVt$NLU+3>ecbwi)Z;WXS@ZUdtJ{s1xFxZ;XCQ!Ux3-=c5=d@Seor|( z;<+j#9%gi!HRY>F_IAzF0nxeQy$0h*gHW|$8Y~j3@wDQ(CAqRVOPxCRNQq>TUQnzT zb}|NiYGuE*5-d*<%YP6YEk`N5OQy{uVIoPr6mgS`nu0sFGNK7?ZEhnzWO5qwUI%!h<3xzD|G$!Kj%@;`_k7>`raZW=2~ zS(#fqN#y-2edU$!&*qYI_++vvZb+j(PTv; zV0}2LQ!$b0KM%ZgJRzz>eR&_*p;9Af-S@%tABnHiUkd8>+NPOfs@mME#=vd?zUe-q zl%;Ycx}QdPA5e(hTUx7bMmRX_Uqf8zkr+JaCRZvl06pl6)WUlZ=@U7SM<^=b{VUgW zyvb^UMES5e$6D&9j2bLXn94fi9R@nqrkM+)hQVd}S5$Td8ydQ!LnX6?O#9-#eDNyT zHm0(y20MlMNdk#%Tz4QzZH=*MQzNQc65Cys$C!tp`qoBL-01Z4d$AgMOGKarW7jq5no|pgFa07ojz*ahoYdLPvgq|2!4tE|;(z(0a3)?HEm1l2Kr=>)t zVUf1KbOC`vp=0-#j1gU3wx*Xctaoy$7z1$_rx$UOK`TRZBcbzS;9wfixZ8Bf`${-H z`%@7F@)$u@BO`&D<28$w*d7A$%so09Y9M*x@wJp!a9fSss(!z^M`K!~ngZh7mV`L9 zhIG#-7_0U=gg?Gh3g;NcF}9bp8g@8+PFYR!M3z%Tsz$@vzO|x~IKW^s0RI4h)HD}4 z>!$M^-Hs$v@}BipHkalAvBy$r2&H>}2y}?f1laqe{opElRhHrW?ccjmjk(}c1G=`g z*<^v43xnIe5On2uMKs&M&IGsiCw2>87jDDuJghu3Q$s-0>WP&7Y za7P)d7W$!&czD$nNCKRZjmhtI>1Bup5d;bbRAAR1KZxXs+b#n1=dDLDj4O>w^5s}S z7h;ppe9fO)$A;qXd!&)P8&5eEA!G2iEh|p7(bh)ue%i+pDLfUdj}U6QrOuf1Lenz9 zp+gkh5PE+)_aKiZ5x%Dp;m?jY)+r~3HP@2z!gQCeCTrZDwI}7bf^=>T} z`#S7=k|-!zG6w|u@@rFdqdlYHW{KhB0k^QYNF_*4$U(_s2OnOQ!+cTGJ|JrPn-2+D z`NC&YEOCNP;BkOG{i!r-&Wc_Z*LA-SYNtlO)3r-mnA|8y(16e1A4>W@eQU<@>CJJZ z!zpW++S+wk_j$3A&O2t8DkfW>oWBv8=06kO+TO-e^4<3BWFV-|PsX-BA8O62rOufp zthS}MWCAeCJJYc&@1wM^(P9zHa;YF?3LmBqzpqN@BhY2lwmdf}<>xG*{qJvTnM%Z% z{w4T%aicNS8q#@S$IPqqhCP0iX<8)Og{!@U4Z1OsfMla%IQFSi3m&Ow;6D)Rw$a6> zhF1)pVR4M5i zdAkCcG0$IaYF%%`8e?gbn3iIQ+tBXZ19R51lGNv!^8;I7*-d>7&CHh}?0I3qaYHFn=dB5fA&+SOc0 zjtsqkBRDi0Hhnv1@k-Z4)1$Z4EKKm*Hd1>>F7js_p1-Ah)A63{`10dUxzm~LuGR8p zA1iqtSnKArdm2z4hgNy^RE8@QqhoHt)0})_T_=f95X1O=9CW# z_>=Je09mrt?P{eLk`(0qF+nkj>PJaS z+gIBYO9&f>rA6W0D^Igq-96)27Enjs2Lt~A*NTZtv2lG4+fDGD&V^@lacJv0zwexG z1g?5ucJ0M^r;1|HwHG#;g2U#p#^P{eKEB4Yxo56V@N2=7{4}xDG)wLJize9}pLX}p z=UF}siu%IVdrRA6EwDRRs+PyKE_PMN={_TqOz{=uuVR0*!(c{Kg5#zM=xdMhc9o@G zUR~;58<;~mJKuQ7Q`C;M!<6*D2kPDmxzOIzRZBSaLlYR-54=M59;Uc$9>z}+J+Mwu0w@4{1c`Z)KH=faK{(`3h#cFA>JaLdjbnQR&XSK@;O7*Z zDaCXp@a(qt5}00SV{GISahj@QpHJ1UF2nt%DKI!ZaYFM88``F?GQfh?d6C&URy;4# zxy=XS2a7a$8VGLQ+8pjuql6xm%;jTO#D5UAUmMErsmBbLBm`$g#_S9NY7Y$QvaB}^ zGT|7NG#v9UTiwH?-zB(=FkTcEJeutFTYFHl>kviuE0=_Pshki!kAAdRT&HR9>&6#0 z`a0-$lfv41kX57^DBNU|_*P$ud{Qs2=bG4WwvDz1kBkA+Kb2Hf%j7)%-^O~xnuX1^ z+0LHoHtpe+x^rID;Qs)K{t)nTMm3{6mlC>0u3RVtp8om8U$YW==yN}`_r$LmTt%eo z9tkjueZoH|43$s@3w?jBdPjl&Hux&X!PDt}JGRs<<+zOmWdICiE6B;<^HJ=yuqf$c z!aOg63Qratd63{+jU@?)N;=YQ|{B0M9(8H^4j?#8ijgD}Qj`fSCT1SU`Ns7nC zTBY2YZRN$o^2G)=wmOn4p77II=@!$ysDw(#GHyM`x8N#OH?e9bAL3seY7y!$4Z=eL zfJh79-xZM-tq!!X%J4b1gV~*}mAKR5pZh$1{9|l`f(NB}we9zbd_{SvN3PwQ z+hsmj+;UMzKxwdak<)lPO4s$P$?deefc7eYsYlBCb6rriz3^V5_FB3{B#aEDqF^`Y zp){P3y_s_V08ne#k;UwYu0MqI9`(!H*+SMA))Pbao5?v=L4e0RWqX=RW|3CV@rg7| zQt7VkB+_StX=M_|r1PFWhPzz>ykTQ!XQo=~TK$wtM))P1m6ZDJ$sV<39n_cFt)0qR zYEUxH#D`oHf$Ni9R*Pe0E#w-9mJD1M&!q&(=ssO?>dRM}!$7{0NOQG{WlIe7#ZuPv zg?q2uw3i7xC}cl)G3tNMr3OdQ9tik%9hR96t3Awdz)*Qy^={zSf5bgPYXc>d+sEg_ z9#o?7Ctme3W-@x7ZKPbI#`ibp%5EGca#Z?N-xO-PZQY)qZ}vEZ@q#?)&n^%5y~QX# zgO2Bw&2@cj<>R;^(TU(=BhtNN;nuh{DFvpjZqq?LC0op2x=%t6tzC-fn?lCJo;9poz0nY1>|f~<=n@btBIbC z;fw9D`JQxJcWew8Wd0THGUn&PbJ-n5%vcQZoRC|eo71_Zb4c(z-4bjGVx3uXLB(|* z5%C<_b(ztxtexK@Wxxk+(e3$AE?0B9mr!ecHfyqxHKT%|@y2~Wm3hB~b+{w(HM;61 zDc~n_BBlcj{{Z#ro53GcSX^48+1XjhZ6TKiC1Z>O(AUeKv=*I`d1XF_B$gkr`dlD zJQ=IT>8fi{TL}+S7(cxK01EfJm?l5{{V{~ z9c@d(&wm_SrM7V5Jo4SnKOmw+4G*OqG|WqUAx-NwcKTaIKi(D_=n(4Yr{5I zTHVFH<=vBQ-L2Z-&#%{qDnzgX(MOzly#ShWEmj zzAw@&0#7QA5SL<}x%K4NsTti|=A9$@GXDUAAO6=Z;_rsq&+O&mU2S8U(G=+kaKm#T z<&*+)c^#|vV^EFeX`^7!NEm~T2sxs=*63WP(_aDnV2^Jnhjk0a`$S9oqan$VSG&&A zSzX6_Y<9~VZ(sI@aroCGdYQ@x@?ZY|2L%4gcK#3eh2dY?yTLvm&xQO&5B7J6ngrUg z+>f~Ce!X@fX3T*91wUl7%e%X-R$4vs{5~FmZWqz(+sed91zDN z)~YV|Iby+bMk~{&vBy1&IcV1e4Zq5&#qzrlz^^Cf=QU(ptts;|3+?0{1}UC)?c6Rw z3KR}#70Uy9#KD*5#z4heiKSRV+$kRBg5xgZ)P*3NmG?N$(x-*OlBARAnrB@(cQ+D4 zEu^pniK1jN$Q!zm&3{(E@NOUNn$qc-=j?yu9d7PPtkv%{R=AXrHMwuNyT7_mZh%v_ zM0Lkw`p~@6HX)K+tb>pL09|?Bp#ntigp`I{sXm6hy3y2fXU6{k9zGe_>e_tQleEdG z*&jN}c>0{@Ao_!oUj}L37SdwWHFz}=*Lp6ftp((H{{U3PV{jdaARofHBcrh=^R@o~ z1uFfSkHdcw-1wJAfo4Q+-_0C(^HIL(Z>DSVURY8Wix1~S%ex?TuG$i^v4vQTc0!v` zN#KghSW|XMVT01Uqb`RG;#i3TD?I4R3BbXjBy|r4cErb{cd9cYjw6tzi2(KWtI^4~ zaTtbY$ra;F8`;V2tz4P3CPNqX6U9gQ5?hxsvJNDRVWY#4{xEOoI&*smhRh z5Nq#*{{VuJe$vwXE7HCZ>z*M00ECXx-F%a(+;eprbOmJVxDNekoiTSlB=H8Js(6c9 zyVX2FtZIHEypc-%qVjf;&}WUH@IJMj9A#ML+L+(-?P__zAkH4_8trH#-*;x>>_)Hw{IpUJppWYudY5M{>Fb2 zyal3Ypm=)1Xl^DJw`xI+wD|*L=L`qw{y6h77^NKz)dTb=_F(@2f>T&&cDiSeJa?p< z+m>{5@&g$M2aFy#uh>tA-v@jX@Z#p?4Ie_Vk4}+63FYCDfa{*M=gz&y?5uq=qHDOc zx3IVZNaOiYk0n>oSEcEiJa>jG*xTmy28g{$ZpP)sjEf?Fq^GufeQAw#EvYt_idB!@ zY;fO7)Wx#JwyuYDu2xVE2t7q)>z5M2rd*f{M{*Y^71mZ9L0`N#z_q z-ZFlb!|I+Th(U9673#+d51AT3HvK`SqjRDVTb~;IP5AkxczK-KYKZsS%5B~-57xdA z@o&T{zZmLIb$^I)A=|X@-u2N=nW@5RcIh&i70|K%A=eei>iRVCTD11k3DLV}q3@Ah z@zBOb28jjA&OFG;0N{h#yDzXwa1ku+9$5>4v>pe!r73qIK=f?~z}FXdaGQl_qR1Sn z#eEUs?*Z7`7(`IU?VZGxt}2r>v+-_oqXZiyNpICU6bdfbUip=BLJs-*K@l36P0QvNF;5UZ^D2mdGeqo zQz#G3QY>#d4!<%Q0I?mqGb%_IZ@+qyTL|Hhorc%y9##Mmn?N!Xni?I%ar(E2VA>D5;`&HSsuGI!` zHx30OPGlvcMJv1o0!TV;tnEV4#DPkHnav|6VQR8Z1Zl$vdJ-!t*8a)MLn99~5sCy~ zd!&zQhui4D@+;GPJ>nVc;St=3?ycBiN%X2w9^05YrPOBbWN3EUxhIZ-xjjoyx0)jq zqB$e#r1q^XWFtFFSoHE^Q}U8AU1YI&ku0|0Z^md+0((2jA^|4^u=cInTd?7Bcs=Sb zs1_$5xpzPu*U3K+ek!kpd{1GcUO9p*mMV_?AU%OKv2Z(I4fuxVR+Afq;KZOIAQ!PlC>{k%!^9Ay@L6z?k$P5AQfovNiB0Nm4LwOI(gUzfMP)~V`CW-neejI>Ab4mhm!v^&(RZEWY70O}%=J7`s;KaD|Vt3BcJ$Ufc00CbXCn^sWe zSx;)C{gE~0%Dtn4-3pUH9OkuSCZ98T@g3R5Fz@y2K|C5m^qAr-Q{`RP=y>}{^q*t)9|_i@&MGVRf=q$WIV9DOP~$b7;X zMnUVv1;$0KHr^$3mFKWEV_wkhbqg6d@+Jo%mx5?DxyRd2cc&-W(pES;Ztq%l+RW^S z%`v;@6bZ!3GX9_#dN$c0OPG_tfAEh#6kycc4<0E;^cDg;X3sNLQzb7;pnRoWd9E=03 zNuKA5%{Py38WQ`|j1fsI4#pkK33RTG2hC8~X>T8y98i}F{n1& z9SE&iHI9%-rgUL}yZCAi4Cq^A&e6Lf=Qz(wzAuPiJitipK%|FBeLD&xRI*&^8!)fGB zWLYH&e}}Q49>+$KEhpGu9QF(a!0atJgT7|M)SbDvu+hcOc<&N0xLApLt_@Us}hBm)hqL~gs&N#wA&kPzHsE?yeF}R`Qq>weo$;I! zeSND6i@6s%xGdh<;yGcEC_Dk{_}5_;xp{B5%|?hX@q^yD>KevZ8Fzgqq`@JdD%fV- z>rva;1@je(FzJ!fu#~KHL6+N3n8JL94;rxDxbsv@YN3>p8#Pdn<*{c<*WX3If=I3z zM(i-`)%6aEdUY)=CVW9 zu9KBBms=?9?uF0@Re31G5iw)@>$$z?opLxevC&Mu8P(;CASDvI0tt< ztCmYr;}WgrnP~x?!UG$B2|3$eL3|tWHO8MH(k?C~mLgTvi*+89LvV4i_osyKC)4j1 zNhXpRepU)jGshp!zL(JaSvp1)m8T8M0^iEIV2)|P+iw%4wav7TZsCi8f@|n+3~Etd z+aUoM4#4!Sj#(=mP35NW9yovc)jpf%CR58~QQV5!I~h8KZEkY}EUXzL#&e4B%iGIo zE?J-|#J4562BL4FY22xd5@ot~1~ zo-Yl=M%eoCikA08Hg>X43M-&sqyx$NS44bfyb?NF}%}59GZNHWybEg#RhFy<|n$ijhUR2C_L`FbQB+1DOn~*kti`^xo<>;5mY`($ozJy7O6D@$mL|7U4I=J6Mmtm&F<4B( zLJAS>P{}G^qC5){07pTJ#u{YNLS!(wQIb!vu5#lphBCFZ&gMu~ITYYA7%VEhivzPP zPQGW|z%&X-+0){gVMbywMhv+n*5L-2x%@gnP+l=~qR4;3{B?wQc#c6Ta!n@R=wx*56nWE>4bJ~Y=$!;Nt_&tagT8{V&3Tbb>0NFh}Q~E*+C(I^!+Jx z?KR+Fj3jvT`c|n}M^ToCZdI8&U<~tG2!>F~L3JaLD>Btn9wgO$@8Dn5FJ^ia>tTT*Vn@syq)FyAU+zdFte{&}y4v_A)5=-wx|wueue*G58O zS+GIt$ph2gmBAOhQx>M$jkHY!7gp#FWi9@%1Leo9dQXBheMxQY?>^mYBvIhW6AUr@ zD;7iYKAh3DpEQKlwAe57mH@mM+ZiMISC-uPXGhR{MX2kZ8;(sj%Hl%C(|+YorfH?n zsK&;YrQ*3X8|XD?Ab4T`NZ}hNc=Q;qipC+XTqW6Q;!GI^(nnt0R*{X3ZFFP!gTXOH|#XC%6Bh%Dp~fXXoE!$3U0g`|!zurhgXDn_KPPxrdi$ZkiFc<(4i4oT#L)n$DYR zXLUWiF{)dzIDB(cX36DeAz|YqrQJT8b#FY@j_L%F^YZhMPB^YJ;%9)DSeh>q_*Jz5 zZW&DJpT77wQ|dUYj0#Ar;a?v3tHJh<;Z0FvT`_=kc0V$?JmcFK74)})^^G51(u|Ny zf3)B^T=Thmnj8%iF5TJay7jZzUNyayz;#hM7#PXPIR5}VSIfH3hP53BQ`PKE%$GLp zJdF&hepwWr2==ARVx2>R)O4M08SU>N6B&c>%B4hVI{j2 z*Q*1MnGTtlLb!bhs>=LoWkz?gxJC5Af&z4f_8l~JfHd=u;(FR2v zEuF*IcuU5XAMlCzm_WLwH^)53h`%BJf1d@R{1?_VU2ftFtxrqUw3ryQ zB~&O?>y6#`;)7w~=_b0ixmeR9bW9Fc9`)GxYW{slBzFlUvu*(u2j3r! z1NNuUxBmbPC%o{o_=eiRyeP+U&m)eQuL9L#Pd*EEw{>Ik;g@OM=}{?Ji=66oF9-Ry za$T4hTo6L3IM_#X$0MzC(A{{aMAfeJyzgaGh1Igk2!I?5r9GNDJcUVABC>3H9>c6BD@$oROAv*t$9C+tZ%HmV`HXkQQkut zaWrxSK3H&iXR)o6`-dseYX1Nj?P9)%L)AQ+!3hz3iUD6t{uSMLYsX##@s_=%cxzJA zq_(o%#LhQwDtRh99%`SESo+5Ez}^$Jg3@gbOfy6dS-=KlJc0*qD+gQDtxb&96I$9% z3WW|w%$Vs|4EZC*pA5W8zAm%YH1838t4nZX7SKCxi1G5U91&dJt*G8uPi~>sHry0~ zcw^~7v}JRM@g3H^s%jF&Z>P;Y$`J1R7$PUJ@AR*0@OOajHIECfwQRV!fSvZPzc~Z= zzMondN2>T!!`gJyr}nI=X&7J~*x&(GwGRmCx*oBqNpE{)tLg7C^2k6wOmsivSx5^$ z57RUs4O|UROu5}Wu2y?o6+}VMf<1Y!F!-Ykw|at`85_(@k~d_s@Nf_1P(-C;o6|Lo zmg%Qmw&&=p#^6Y$mTTKIW(1i*>zoh`Or4AztZGv2?KNb6ZA+DH)gk1Ube@uD;JngTvgEickhNf*24--074cej>O#cy{NobXIW=2E-^?V8ZE&XdDm z5cEsfXYk_O+@`A@6saE~l6`$?y5*jyCE*v4O3;(F7@UUUrb_w{;i4s-RWO3uU-bUzJhTCVtQZREPz2~Ytffm!;0itco~ zxh(>mB+QIIiZZ>8Y07G%blT5}@4Qnzt4nhuVMIrsHi5wWF*hN^sHzT)lWg5kMVjO`))aw&}UuZNnIj=SNRH188f z9-+3_LzxEWhXakKyw~D4gfuANU01_X&g&W|nOObSKBJ{(;1{vvT1K%dIg0W!V^fUh zoO)EABfPOE%C>uWT2%_HIm7nr-!-B|^P8R(O>WBCcy5KvH(P%EiSn`aTKc2lt<+v1 z(DfY`#J3MM>yWUGp>R3^-rUel&ob7m^&KNuy|9H|X=9M>55k46>%iKS`ks?}W3FjX zLwy-|hM{D7455?oZ3iz{5@Z^?%+g40j?417i<2fq7t$dX}t3A7F7IIkL z*y{GK=*uEwa2$NUms$16Wj18~Z?*n~xpdITg8G0Jg>E&Zqkm2$G9q~@Tf;WIgIP+p- zgM-?+D@5s`q40-|VY~3>i}k%0>BB~nd7}h^p!5KD=xfS+RpL!z=GILzZ9-|R02qYw zF1@ehM_uY)>9f#NM5IFMWZ=5;}i2Tk2c&lS;5 zFP6gQXU$&+z98z~viI#T;6E4mZra6S{?rV7*$PG>+zSG8jN>O2{l)kv;xC52F?cJ( zzY;too3zXL6w2s#D3k%7mDKfx`wHg9ldIl%bHsLc(Il*j;2pgPC%t|D0O8$Y+r)ZB zrlk`j#_P`BnXDQya_D$R?HTYR!k@I~!EcEF00I18YaPy?tJunHUAnz@XGB6!!}=ZmCe@qdS}q_mzQoU()RGM?&J9Mr;Asc!4?{{V+Ep4L87 zxMz!EzE%2q;MGJ&X&IH<*Krlw7h{H`Ud6fhx)4yGQI54nMN_aSBDGHD1b$dtmIEN* z=e;M{kYT_hza6Q7^4O6{lW@j9m2|`mY|h7U=7Eu&vMS^p1KOp^{J2m^Vb7%pL>Z!| zGDxwvY~fGcuTc0o@k_>kv)9GXho2pM5vWQ300|C-sX=gKl0vA~!M}KfjC`eX2&Rs@ zXZlzE$RD*ogTHGZf&L2kui>phCyP+AjjmzH%rXIjGwYoGmG2tHndS*qM&;_JxbZaX z%~CvD#oivc)pWaKDwd?-?IaWPB?aYzy{{WV9`VV7_*O?_? zK2QCtJ`F#`UxgZmuN{0K0eu@Zd`E_P_8WnuCj2em^XQGuKs*P~B!j-#^`Wmau~5(fsKx+yjlP=o@! ziqz+m)OduUK%lZ`u6k9tBTq1y7wOFaqj9oIfvjPYAb5jW;V9{aJ=dYy((U(SguflJHUOV{1;wx_t z_(M&(hr8W8B!uSxW4?K>-7neS{s~Xv2GPye#Ype2^;?M*C4w+fZIE>=r<|PEmyE>n zt0TUYbU$}~0e;S34gUaVMYLZ5rLL*rxnWTfvSE;c(oBv>KhC`G_TTW1pYa>Pw=$h3 zI~iq+!t%hIK$H)WjyiM|;8m@6W4Tk(<`4W6H{REx{=2?^fR@6e(oUow0nkLeqOEgt5({*rmbrnMWv4EMoPB?R_TzbT;_Ej z5=W$6A&^G+Bb@V8HBX6pMbr$RYKql*9MwiQ(B3qxeB1FexgUzeQMvg!II zlIfxC&KM{P2d{H;_3DWgjs(Vn;P3a~#H@ra|OP z58or@!0%rz_>#}XS}%%iH9b1s3#};}8-*nA{63YchjSKvpWuy3%UXil&J7y`RXAQc zbJo2(P_%~0qiZQrRlqq1rCp5V%xmkvK6vDoG-&|G9+gV^G?XhMvbXY}$cszaG{QL? z85h*_u99143N~ewbsn?1M#G2WoFjx|D3MaFs)%>Zc#p4Eh^+n3nY>wDIB z%PCd{fG60D@<^xvCaC$}XJ$a4ocd4(boa8z;3}vpc^KxiWr zXN;&|e-T!+>y6h!OPt7?zHU2EJG*Lh`hwWcANmp7k;?j40yMa-wFRA`Y%%HwY74Qy zc9zPUqdWca(z0ImK#U_L)_^9{uaYohkq+kXO}v5V3w($f|UHR6eIUMI}FRp*3eS6_uL9aAR zXC)*gaBERiIzxtuywQgOxhwftxQ#|CXR(8pwkXMJWZHKa<@T+s8Rxd$46GZ_)+0wp z3$(b7NYRP(r!PMEH+m3|Fzs=cK{akl>~d zV^*eV7h+EccrtGbTUl7cDY){0MGSI49`)`PcM`HBlP=dBdl5;=icGsah+SBw-+WR} zYLi9|osf3Ljq78W}e}6Nb+1wId9FX<#?7TrvD>pwlIIgKTe?r_!`iuo{njc9>9A zm+4y?YN#taZ9bxoa2HmR#bfhU6-;n&E1rtx)?5`Nr)-LVC%BPe5#VnJ)3sTF?BjHv zWB~N~(gE6v*~s5%w}h4V!LB1yk)i~{A>G-1C<3OLuPxk&%mu*XC$1_>O?v7nBa# zFO(0d>}lWHcIg;~K%n*d&`E0A_R+pzK?B;B^Hp|9E#m`$!6JdDW6bY0d};+Q8A6UY z>J40b`xM)`_Ol!ekG(;nnQAMABq3rKv8@f(#~n%a&S(j0IaOOF3hp#Sw-(bEjxj2N zHwp~SzRu)aMnVA=Mo1i2Ew0O|X)L!kjo!w zBKU;AZha==JE$D7P{uM9zK5l3kogX@TebbO6n~iVD-Kq8OItLby$2n7&`W^RXzW1@ zRlwsN%@QuaqE`8by#gx35T0U;%7;BqO0cm@Z*Ww&3Jx+lFsO45R%kZVD=MI6~ z2rg#dGu%p;ZgcNh5no$f$X?afR#HI#^O`_xg;^kZRFriYA-JwVby((};uU6Fl{mrb zXcUc2D_8qY_^uJ7nF$<@qPkB#OhOwPPfE`cvj% zV?m*I0i|wg5&O0zK7O6(xQfj*%O-aam8)+lgeyt=)b*nM0Ic)8^2(?~#nWl+SeF`o z(_96{BKpz;qO-ILgKU7X_vuqySWekxP~>xwKMwgIm99d>5<;3y@(Pn zUuJp8tYx?wU)iq89RYU7YUQ3;QMUW{0$6gHpb9#Vrx)fqzZ+=B`mwIahxG-h+?Lfy`&mEzU z%aE+T+*X|0!%V>(f`DRxG%U>0ZSuAZbJw+OFqEr4a@oZKE33+g!H3K_tjnLZPLf7l z!k&asIJ1Me@aEGz*HSU+Mn-d7yta1nvnJIE*XcpI&0MvooY1)ry?GVOYj;-g$0H~y z5FBEXRyKymhj^OE>b7%26=gUqGuYS3y2gQhr`+7F$_N`dQb$T=iZ?!d_>JKUU1rAS z;ouWo$Ie0a>t7GsCDw_rUunT4x3@_SFnDbGRLK&1R*kDCl@ISCmR0-6Mr)zCy0@Gr z2+16S&{rK;7Y)c>63%B}d#6lSpHW!qr?KgpO{IkTd(G!FwlGnL zB>PvLY8Lkv*E2Rk+h-d{`Kn@GoDRx+NH46B4oN$Vv1FG1M{qB7h|FmK3DNK zgsv>^E?KQcWF(v(HrJcUVJ(8FwlaBOZQGpw70FRq>TekpTKYz5tvtEB(7A7v;8v%H zb=&dF@`~;r{>; z#c6htI~fr5$>di=cQTT>^cRHm5BN$vnJtRC6UKV}747;)fpeib05P}6Cp`^nna4DD z7MBy;BF7s3XRU8ZKiJ@DW=6mn>03fw3^@wXU0Q1ig;kL@{D4zfRn(-t$hCg;;#p58a#_E7V^(*7k2LX^u=?^nX)-yIVuw3 zH%tMz5Jmy@sjW0vX1Z2L{zm9};qt&lCtIs{=LE+Mw2U#p#%jd3GBRyX zyWjr+twAP3T|7>z>aP+0bhFs~tyWkelYb|HnhS>K6>*`>cQYHIGJ(qE;{b0548!8KYPtgXqxQi-S3q7YF6Q;;`iK`rAq+vnMB) zIQz%eptg+`c~&A07uKPM@uS?v;gs>UML6zdG;|Q^<&YVJJB~6n1v$g#H!CYc2Mvo-jhsw*V2&J*yUqiOhn?!X-_tIbziX=BklfnA$icaC4G64{Ax8 z*oF;4#h_c8QzUm8+R6bRjZEGoF}PPnc!KkT&TB}^pw4DpaQUK5!Bii*1#LFHrC;gy zVXqL%09D=AwHJrffC1S7%8F#TC zHa&eS8hI?|Ra~+$>}#5Pm|t6;&0V^^-Mykn#E8x^PvKtC;XMWzVYa=~byjQPHWoE+ znlX>m9&70;PgZ$e$*m59#NGz+Qt5h+inJ>OsEbfO(+F%fKfDj%Yo72Qh&(&unFH#Y zd}i)3u)s+hfEX+fs6VY`85$*H>P^FCP7)ziwzM=UsQvbu#*+bF+ryp;Ez*{+SRbGMlz$@ zHRhf(_$jSLsA?WB(6m*%(t>%5eJakcX{FqgYkG{!jfA1WPCG(8R%6(l@M;sWo0oF~R`6Yw{fz$rynAPVy3w36*IA^&2ZlT; z8a(1b{;Zc=?jzQzO2B;Q;`_@DcIyz?HN3GoK_^|u*Xdc>Ca11=KT@~UY;NPj5W9)t zRPb^+2DL@SyPlh<__^Y;p7QQ?P)6WXagU&`XGZZow~6ms1iXskSO^Tg;|HciDJ=oT z^*)Ug+FkfgJuXcpuoG z+us@7!=>uiMk%)Wfn}Ge1EJ4OmFhkw)I1aLt5vqrd{3n{xt;!BDiYZzo-x7C*S$VN zN|DmY^3RADIxe8nYQ7he5b8h??7_#sTHv7gnc@v9#A$lOFwbgS6p}c3jC;3Qq^xIS z+I$JA4NphA7tSsgU_>pyXk7Fs>0VE(=yw_o&`f!7Zaj7BbJm#odJ$iERdua8;pH-< zvMEx_!NKpJTGa4Igs$}1&Cyt8p4fb#x6QD3&vWZR4hODZd}G#ZJUemWfu~u^r|t)M z7<|{3=!kXwMk}j}L{sMO+HgQUj%r*?&!#o4JM6v@)7mR|(6}JF0iHiv`G-)woX_@K znUY9jB!_OG=cQt48FV^d>v(`RvZG9IO?DkBy+7NUq!BWyX)3nPfz-S^@aF#jL7rR99z9C#;0$hY`!7b~PqTbE@btgKTjp&m zOuDj&Hv8W!Z$}Hz9=!2iFL*1&R@y$Xd!yLjwb3F-9xy)e$^QWBQ@*wc)aZ$I*~+9~ z50#jbdoDT2tTOL9LlH80t-!$HkFT{2qeU~L(KJh_=HGQY>?|_7bF>dikHne{uBWZq zM`O)WYljoc3&L)bzRJ+9$Sb{hVVYFzv=G=bctP zdq$jjQ8PHk!@H+E)gl?%{6CXd)ipb-NbT-!WQ}*R3BU)M_pK5;O;+W!$!1o#9RNA@ ztzw9~F+5MEKZCWqYuWALyS5Sn#S?hI=aJ2NSk^or<9#&Gpd={DtXxc1J)Wd=;2Nt5 zHh53N`~3^T-xK7v@ia?yrCqscXNElaWN@cFJARe)M~r+|qC*YNlcz-%p$o8*D}qK) zdUfKZ#MJN~6xrRiicJU$6EMc^0rlpytRKp?`x;%NAz`~|;FJFV>!X)ji1+UT>Uvj# zWVY0#e=-bWV<6+6qP%C~Ri2lrYnraH;rJ9=JjPP0F}R*HP4_fX?r=I>7jWDp#vq6e z3gfMPAK(PAxL_}gI0OX}I8_JVHH$R4(`y#mZj_ICV)AHrHBLi0>@K2Ij+YG2`zb>V((GE!`x~w!bN;ihBkRGh8q&OK_OA`h z0SQtV#7}>El)IY71r0mmbI0NhLs-zvx;C-q;zxzHhQRjv;yo(MGKakTm#*YGRF zI!kNPSnJn`2c06NqVb0#l1S@cqR`w0^JkJcAy)gMH35Gi#aR+;f!2Gp4H!FjdUX|U z($?k%Rs~hF)SOmRLy3+500~K#UAfZaM)RW~bB?vp&faEI8ymf2Q5`g-eAD|y=!q|f z^v!?lhAW6J0=?3lZqFY#;A`OxO6KAj14_bmEshRyE1g4KO}Uv_T)Mj{5w;KEU3Z2) zBzT*{%_W34O7?s-K4wbCj@ZXT&wA;nPoVkP^wbP%(U$U2uE|{>C&7w2Oh6MFpr=GuB*(+TRFH0Z3*D&2daV&Gf z$nlb-ImkTlPd(;+09Y4GTprG8}G>3jC$6- z=(;9U8u5_}}pQ!&B2QJj+it z8xuspV5=$5AC-AiR@}h&r$)Lqmsc>#{{ZMSE81Nvr%2BSk6!is?|;Eg{{Uo{@VAL> z{7;|~=#1Bvl4Iq#g@MLM{{TEvrz;uE{4}|OR6r$oC6E)$ZIEz%YcMX^4o2ncob^7H z>Qk3fhN2amsZfc6c=}bS<3IqA{KxgJj7iMl7s^ludSrB`my>D*Rbi8pK}uE~7*0b2 z+#jV@kVb$qGdkn}#RjR|xdd2NzzWBy&nBH1k`{Pfl`?wJGDKGl;m^uC3iO|ZKMkAW z-^D)y{5xL|u7e(_cpz!mWO2^lsp(l%XGJ*csr`BW%iporg#H=m(rJ<@vGKK}NpS_p zPu<)`pmFPy)E{d7Ew$6*)im3EURbTuR8{hBwx9-31~(DwUp0wx>U#8tXwe6rZ5kN_ zGZivhqZ|guP(ROlpI-3$>;50qG`pAs!y=WCZOK;v?LVD)yFE_jEf2_>=yhM&Q}&kd zZ^s`GOl&lHFH=qN9D8uB3pNAE>@#1!+O6K1eI1syrkLf@FW`>y)@Tl6ksN0$`PT4} zjM>HA-&|?a#_u6yV}Zp?_m?+w+wO=+Gr=9}rA+5>xSlABQ?RjF?czj~kW|PxVcb`i zYW^(p#B&>0wYydO@t?eDsp?!}eEsn+;|GUyOIdHcL8%KOS2-*Q0Cmr$eoTCB{kksN zeM?FBRVBUbyr{UFm_X^AQVw38bjqppYAVe z!_vHU;;#=~+1_Y+l*t9E`F~`X<~f(#@_SdSN$F#rqCUp(Z;rHo9{7LzYffk_uGEB{ z0Dj|l`g7X5{VLGR##{`2I@XeXPIJ@rUkqMq`(w7YmNz3jj90H{UI)|ku^r9w7n?sY zeuB7a$Y;`i7x0WXR^J~vsTStEX=j-QP< z#FLh~)$ON6MO8tbPo*WlhHZ5{#loYU5X65v*bR+6rSQDX1l~ikpOk@sMR$5exu##v zi@b*)eN6<(7j-`&CJ$t*I_K_=)k;QqkjUujxb7%1DceT`&L&@yUs1uW`)S!j$0VDS zjtJ~&pfV>Y8bxQ=hp(}&UiQj(u7tMtjHutk{6AXRTW~dEp6Vn*?#`X+M!mX5`EbKL z5Grh}1=w|2*8z^-Z1t;tV_zteB>?Bs6!{PgeX)<4FW&Suojmd*BcR8(YL^bgZtO!X z`D6@(>MNDj{7XKS1KrwMOLA37F{f6*?Mg94*xk`QM0E>TE><}q+@Xp%!vpARrd#&8 zjE6v^RdTL?MG-FLN#oLnv{+>rU=Z~lm60yyedW5tBy5ekGI{o`SZqt8OpK0)pv?sw zFNm~gZLZq>DC0+d7=g*faPw+SXLkh2AS$d09q0qxbX{)WQ?-s&WO;Vr z0+t!?Rm#B3lF~$*avTix#Z}ZSk-?Hdynhh&6pBvA&ptf(e7e2o+qCpoZOTk%vge$A zE57i>jQT}{7K(pzgKiIMxdf$it-QWQvryZTMeFZeyb`SQkkTsS*0VB{N6&W2kfa-c%wv^*N(U8Vx6^|vf==={&N|jViSO^MO0uk=FyMi~sdBc4^x}Ng;y;Pr zAn?Yk1pZ3RU|5NdLZjOi@BR+)m8Xj|xNdEVHuKIsy8i%LInmSXbURejav9Y}Kb<2+ z@esJiI2op$&T5gdYEL#uwvTk2dw}(+&}LW6<+wN+I{V{?ZlSo3l%#` zp1GhIrEwZt0ygoQiZ)`)vQLw`&|}O~on~nW+B5A}td>MWAIra<{irH3?qyzF-3cU) zbs6XY=OU=VF3D5{Pzk{ppwQ`Hv6f+w(bI*s#hk#LvW~pa1UIrzBx@2!y$@Q*g3*C2 zV?qnDT(tsHZ z5N-p@5xG5UatOkp=nVi)w%%ssVU<3$kt|7TIErG(r#LvyC>cq-(Jt1LIOH0)3xkjk z&Ct+9rDKoP>~5sKSBiO|T;ze+S4C!*2^vYc*|FQHpvc;XP((nNHmum{M^jh+*K0Mq zv@;FZ;ZIROjJ1eKATv6Fp1!p_nl+v9QnKuoPp>o@C>hh~(^yO}`AqicYUGh5u}Lgs z?i^Devp8)>!k=xOZc=$5pC{Z@v1pP*8l~9t%ADsE4M5m}3s*)~7-5W25}HeusnrTu+qAi`~3?W83TW3gV9k*VrhjL6$rW{t8)Bc%sH z%;|Ef$noAQ!6-Qd4h?m7Fj?Hl46&q)Ip(y4x&hS-sO@&)Sx^jMRY11aQyY+q&N$9F ztq7AfR9Hy>Rk(@?hXgU}T-Ku#!@qK={c0wJq*H_}ff^!M=M~Xg*a?s{goE^~hNfAY zOJaqUx_VZ7O3Fab%mzOS2BwV3?qoS)nC)3#YmwQ)gSZ~_3Q{gbBgz^nV_tdBr9%~? zK{nmaBW`orf;pM9CY}Swxi;pl6r_|B*MO8Z+pMLZKDq6IsZDSUo_Nb|zdSjZA z7~&MSBmx*yW4f}Hyrr2u+>x}<1d_5Y0;oLp6zgP;dCY9&H@_I92Aui`jmcYtbv)-i zD~s0Rn%FpsKvW)c=|CJ(Ms6h=k-Wfo+gH4&QWb|o-hetA2_b>ih0J_l6wfBR&nC)S z6DqdXz&swb48|Y4+&6SM;>&jJACM`d!;tB2|4VEy0H ztq|Ge{vWy$7}&@bVs?^EdScugH;yJNDI=bFtZGC_*sV3&%QGMoBV=totE$o9x|N68 z?ab1a%I)sGtIVk$$4xeRMU~1~Gsfy-kNv;lHN^OW;_3_5LYv_|2t1nRQL(X+HJcls zF_S9DxZT#Zp|$%g4=tkGMX2Divz!8ZS6wD&Q6E73Gx0Rq_MR=To;z(`FciSKA^pLx zWVN+|;X+JIc*s0geKvAVD9hArlG(p^BeDQTTm$%5Cv`M2A&C^p+=|@8m!ZkNq?_6| zgn3}&IOjE?ZEdAqBN-u$y*C3>HKDaQ^f;duXg0FiTul|K&WMC4&MV{(6Rov`@}dQb zMO^GWX1FS&p(|)|@@kMslE)xer7NAvxzFQR7Bl^(MSErQ5b_BAD#Z-?N8rDV?zFEH z+QF&9mb!ZtS!CVF=hDAjYNc8)N8Y_TL9fw-cC(z8swX@SK za~+{o+J5L2+Sz@bphFw}{{X42z^8q_(0{2bQ{nR6^mu1cz)#zSU_NOWAdQD2C zP>(`eJfq?+oo6G>GC~C4ZUl3mYVdir7%by>r$>Tqxxf{r=IrZV-kYFnd(;AUyv7#y$s~ztWtzE^sn?S0f&hup`8Hb>kzwCrk>h2Gr1gk&NPL8%WEvXfesH>lhti0I+NfRD@#sn0kaV%eW#d zVBx!BvNkLPe2@5!^)gq`-VD+65?H_hU~`lFs-e>E9bW1cV;Y`s-J^uilvR|U_0Otpxs&NBp-Y}8|2`oeBX2&WkkJK&fZX8|2 zS>nK8NzGw3)M?m_wBzNOt;WDcTbyxM?JuxGtcs;^_02#x-0n2(Gy6dc$s+8=OH`A` z{f#K(NC*UN?kiYGMcX@+yO&_=*MVL2riNsRSANmlpIT7lP*F8Ekx`Bz`m-DHU5!x3i9D z;hISoZVNEv8o-j)WHLz$?jcDa_n@_7fY)ygnih5p;9!(F3Qc(VE+lwo^9aH@ zQdc}4K7yK+i&D_^e-GU%My)K;>} zwpXZ9IW)^C?QRPR310jTMRU~dW5|C#S{{=Xx(iciWwVo~IbeGq*0_%mU+SJ2)K|-S zY-5g95)!9!f_o3fzK)_i_|&=f2gAP=-fBJ?n@@K)Fi#jsnZ_7_{x#i#FLYZ{*~+B3Oq{M1@h{4$rbd=v>off zT=gcanU~Gj_5T18cyjm0w~2ghR_f+e*%2d^1n>c`koDaw#9kZm9;0LS$z99*u{vYO zJv#ULQ;fO?G4-#*Oh)v{hUt1Ohl%JUgOao5T{9EB`ZxO6v-rD9-=6#++%7Kh` z=~SXeB0GI6Oz_R)ORU0IaX{W|U}rvu+Pa&~Z^N-@m*VM6xq*Tb2Gls}X*lQ{tobv+ z{{S3(XYl_3##c64KBF$7;fY+x_H3Y_Ju}DiuFFvIDe)$(`nsjENii)Wg~4w@pK6B$ zRH4+v)^)pEoA`9g=Z&|F2*-65^moH+{U=OD8k~P^vUmddZ6O2kp+MxRPod%88@vgn z=w32if5D2kHrIG*E#NstY!Yy5W5YTgr7g0Vj8<}xT$alQ_Rpd+2TBo?yFAm@-tH4E}v99iDS##z$`6wd_q`{ zqSt&urfKuXwr@58{;(m(!Z$NNIzr6&?Cr@bw_J?FdP#JmbT>5)R@ld(&rR|T_>%6@Sv2Ljk_#Cyud_Jm z+*Mx^cwX|_8%yg}j_TS)FTC^keQILtQJh_#nN2px>7NfCCaWpcs_%;IIeGE zx|11P;dM_6>Nay*-h_K%tX0<>kSj9h!na-}M%2-r?rp|+8OoE4*0EMPBe9Oi=WcxF7z@Hwq&w!fdzu-?5>5^+& zMxgR+S5Gr{UAsx?iulV}@nNv>cD1a_r7fMj_YE-+fC$O!imR>0siWzAKG#mvG)sHo zb8k1DA1E9aPpIuyw2K`Q-qLyXRW`;Z8z(LTDEI#W_11D)nABa5K(f_zsjTj8qBhSf z#8qTopn8hubdQD4;y>+aEcLjoHOwipl42D@cgduq+{10lQ~Xfz%-VIog8V>al1n_< z%J~ek5zayCL9QFa9xHDPd`;4AFPz$0T_4_0BYd$D{2+VQsv6wVHa|a5D)8NXy7#B=HToH{Mcm%nHzB~0Xo0QAq{`qM4M@9(uOM_Y;z@VeWm04nrakHh{S)jzat zk~CkivmNM07#`TDb1*#z#F~TYcE4qpC(76JzgEm8fKLldXtKWA;)vkJT<1L zoU+XXGRELxTxPoMf5Ojg7n^Q|%I5)q=LA%?Y|NcEP1I$QD^D?7apbcc5$Rog{tt@T ze7&!0DH&+U``-0YS2^Xe%+IGip-YIsPbu+`cpsP2w@uBDh%~)I3&>J?hFz%Yc~Q{) zYMcyCi{Z`Ho}BNeU0bvf$Ak~lfIpRNd`j^CohsUET7A548+^rq{{UEdAC*PTqp|ac zjepVZtuA3$E$&HGkSg&a`f=X4+4PI6^t$^X#JJoFuOo_am4-LLiFa`xrDc02!(O=KfDI1tGFW-TZ57k$-x}+WOtshhq3Ir|VW4ZPZr?o68{i zTRrpmSI#jTJy%VKSdYY!+1;*jvVE-^4^iKzxS-yeI4>D|OHUSA+1MMoA6vCXftpeP zl~EMT3oi1bA_ACjzSl3 zA248g{);gIe)Tjs24scqIThC*&ZEgXzcfuhYFQ31YAo{(D>|0UNty4wa#t zqHWlTq8?dp2dS-%QB`!So2VrJ07*srglBiStfs;U`B%VN<^KSPe0izCdjr6h^D>rY zE4%`6Us1&w2VprqD>jXjvB`M%!|$r-H+FefQyUT(WN=)+(yDV zLQt0qtDVe9`F|dHucozaUt9P|@jJoa9{wA@_Ip^|M?apUaoK^B$F@d3l~V3+6{-E6 z{1Eu-r+j_*5AeI(FAHn-GFuqsPq0F6|2w69qiu zX&;q*jeDitBa+jQ!?rQSYlW%J1kPH91khprcVIeaJeo*@#Tf@L&VLH-iOS>9o^g*a zaL#ewn<}8(5twdV9QLL`mWt}=A205GDes764Y)Grjyg~T@;YTuzF3dWp^R)`#D!tT zJ*X}llSMMFZDZTdJA3u(TJS{C136{mu{_Xs(q^WW;*S#eD__ulBKSL0ywQA9qTWS) zXDlb?R#Fc>pyL>?^ql_yf@pr&dKc}F`z?4E;%%MHtN4y663bhKTyD3yj0JGZ+ngMF z5l(9HIuE&Z+cbhxBx(dL&mOhsy8fAOtLb+ZQ$8eBCNM`+>0U)x*@>T={{Rxa0XKzp zYn^0A6X@5UEyySSJ=|vm{eQx~SpA{?82EGJ2f{6L!}^__#Qq?%wvtO3qddHQ<370L zisy^55=Zg3@x$TO?|?jCd8LV2wA7whiikEWT;u|K*NpjS$Pl6zUjCKn)0UPvs>F0& zM0sfdt3Xu0LlaQS+vIF8P`x63KXKpuk6=+Su;QX~&0??34+X5BdIRB_L>C=H|PZxCBN_C`e`a-OHPWd8teY0zn?#^=ks zPT8)iW?YQ&KOcNd)GRch_xhlM%012to&Xj3o$=@P^wE4CZuCzL+*x013m=vYOTT-b zE`j>{uQvooj#eF+IGH$&3~S#z6X4rB0#2QJ+Ts&b|!PwPw_=bc_!VJWS^x; zFNI*1;f#t5MD%6pT+@)xPVlUDz8PrJJBWp>*j7yNr#uhkUZ-=Si8sk_gkgdQ_kpR5 zZe=!ZXnJ**ls?pnBaV4Et~bRxeXKgF+}N_Bs_nq&YgC9UTFW1jz_>?K`P4T)AcE>C zET=-U4goz6(tt4GfhQs`xN?48E40%!2DU}Cy|nVBUN@crpa`|QWWSB4iM-ZcP7P(~ z(Jh`G2@RZ)p0pUb9aK84%oE2lE>Ipp=xbwC@eGcUG*;;(L~UgqM;&M+&#=6WT~~6XRS{- znXM+8UesJ}M?F9l%W45x8v#~D6rB4QY;th4kLD<0xOS|Gq%8YD&P_?WB#PzjPz6B0 zQPQFyN-W4*48ZFP}7a8LQ4_ykUr_GrnNdCcs{A{ z@vkH%@uOTe2;0`TydUBCJSlXL!m5^x3WQX^QhU_c==PltXt$Q%gmAdVdetk~9G{k~$jv(-yef^Jz>1ZwWLXAS=dqv+ z`?B(}b#c3{X{xCp89T_J1I$R=s{&B)aZuXXLYHz)ZWT9rb)mHyDIP)IxEP&3f1 zq_vU-RGCs=?vqUWHm5YZqbW28wmB5+CXDvFHZm2JdYo-Ns?fxT&qTtWxTG@z=F-yc z;g=gFUU5}tvN426fi74Kj?@#*i&1EIDTVVlvHg9js_Di#gjYeJ$^2*?%^37pWeyfk zm~_ut&NkB9yGG5p1Cc<@Sg#?H*`p{C*QdFxiP>HjGcMqAMmtakD|a&?1}4w*#Z6&% z1Z}!f-0{+bI)=sEseI9tjWVhf5HXsX#bQPYEaE552N?!~GQ{%19#~+vL&sWerk@@0 zEP%w+4SAKG)ve@c+_Nw}>mu&)?Obx)_w=CLk_|?Cw@)yKjPMP5292Z3aOjI4$;RXB zKpifj;Mgqf{MA1(=LGk!I@Ih+t14xCgV@u4LpYeCzm9e?D0s=o9AdiNDjQpk@rf1g z2V>fiGFLh6b58)YM>F7LW|+ANO_j)q%IJK)oR8&L7gEet zQEJP*I4kQ&qcSO8c>!_@cOAub_9zlDBzPCcc3jc?v_G zdT?uGWg=TU8%y~^T@taAmd9%5wQYV64{9dK(XOJ~o=~1XwM3V+jZV_ycxBi^6UwmZ zUZHUXpV(4J&&+a2MH=~UWcY?l&;f4B4r$L$E_TU23xz^6pnUj6V&#rchJE# zqnNG?PmJ(+s2o-FI9aBYJ8dKmoKtkxnQs+l1Ft55$!dB{xJe*nQ;vD|HIs91CA6PD z3}>MNf=gEL!6*#@-N#C$Ab2NW0pRkaPzASfr-fk zb*@JH%dojidG29CPBWe;G>Mn1%{(^cRYa=C0oS=l%z>( zO_?VT9D$Y8`c}j;+N+d#(IhkWdjGAr+$wuvk5*`=|CBJe3rUy=eSjGMy_vC)#94s zPa#2zJdwo!V@Ss4X!e#?>_<^vk7;)a(}Y5KKGTkWtpHxr+j{WjWe2$HSG54fAto^X zxS$M}moWz3NE{l0S(b1Z{^XI)I#61la=(e-TU$eMYjqnCKH(Mf2DSc~e&7T}W61*; zG#f?rIGgC^hTuk|NgDc|devQNH|cCQFU)>rZibU~H%G`GFVUt;+sTpu5!~&^Lti?0 ztHVpL*vY5eY0%HGF&mU_2kT8URRiI#6?kIj!Mf{O8(AQP9q5O!>z}7Jucqo7(Oz83 zD|3_DreW;P%TJQpNYu@2j{CPGpW*Grdj^TG!4{ouWp}39T`IUMI2d#uneHossk9NZ z;#*s7TThoNduQqU(D%SHkhFpBP>s)e;jYi1~Fb9q2CBVk+qOk8~h^oQo z2G1Vk*7T8-*zXMLI`4(`yJv!b^d>F4cUt=k!(J{r)CnkL6DojkI`P)K>G_<}XI>^t z$QC9*PDu_2O2oOaXfVWN9y42+>2sX8(ni5>e4>ol0CgDk6#`pCis2N7AC(p@I~f|8 zSmE8fJYcRkuaUkg_)aeQVPo_n!Wmm-=y;u<<^Xj3E8YAl;(KY}jU^%}5N$c`MQn~)MD%zr9&}k_Dpx(L zp|P0Cg+Gg@xvk=~G8;X!7bFZfVmsD_g~X9EsBVUtl+K3I;t5_zX z%67xOA3QdC(4%6};yx(xCbqs{jw3i{+BXkc%1s{IRZaIzhg>rs=}g?gJ`>RN$>zAS z*kxuV!i)laYoyYxtx@BaIUXzw8qLqK6KADqTHcp$brdqTRPlx%c-O9IvBb`^!0Y5U z@QN(@869)mSw8;&GA_MGT-0$TrJlr%JgkgxI@QMgKug#nyn&)(9ZyX5uNc%Uqqn_# zN0Jl;j#!#vld;gtq3Pe*{%nm4OpDYXz3I()e!UVj4{en=2ZQTbPjHJo(mQNQsUiYF z>yEX5`!4Dk_wOM{2OVk#Z`s5FR0IhJLyq-w>OUnHaAN+ws2FL_Xr=zuB1YNybKF;2 z+F+J2Aa%GqbAjnq7>M)DZrasn#IQ@bd2pN-uZBJ}-CkO~#pFrk#Tyc#n`l0q*2eL7 zHa-&lzg2=KlK9TXAY3U2V|{DsO*C3r+}qn<&QV{W_8saRSTuLAMPrc?&W0272K5yz z@C!V$vdVz+-jym0z`bjK76f32e_FK_+ean?j=9Evoi_k6Z?(DNygT4S4?Kg&KT34E zoD&5sqdanY)@8@BT1)uk4H6ZJ#{l}8+0%84-9Fq~+{FyadaxPhmnd?Wch~UCJCuzO z9!}oox#iR%TYw^O-YMgbw8^n7{w}w-x)JJ8%9ih)(nh0deMf4~O=rWpmhZA^)|2y% zpz~TrJx9uGTiU@c1WWUJ=ZX!3qnwo>_r+*sXLFgqjOIvVVGc9GpS@i4mypFG7D*By zpq!2cXDD_o>n-)|8t+drx(IGm=Q!b(rqL{P%~}hqn|pv@Ua7b+$)|U6S z@Ai143P|K1TC=D@c+sD?Td`m>+~(m@C2&!Dar z9Uk|@QZ3!y`6es_Asd*n?VfAhmdA>HZ}7WEgHF>$#pDjKt`!4g59%wY@jr+3Ule6t z*_KF#;j%xvdt$L{(l4R&?}u+}w7ZM#2UE7xnrmk(4ALNe6O z%&{2vVYAmb^s8~~RgcllF7rgttn4MW(`}8pi9uNx=3|aeu@hzp6O+wz(pgJ!s+<1+w975`0XH^w;;!Yb&rk-Lsxa`=`^2y~AH? z*Kk}}vU%~hD9gj+{{Yoq$*14ywsBhtVo4WZ1r+h0(zH_SVJq}KL&A~6dhEK5xVVHX zWBrnPV!a1S)9iOV5`?$MO~VA5*-GT{bZ3}+O7Y?Nf2zS}b8Q{!%Ao{tAdtwo$trpb zam{3>h&(moICR}-N1o;xvRSSAZ0&~i`cjlmh(|-B)b7(zuuFM@1!q}Rfam2sD-!F( z7FrqxyDDvg0#aK8Y3t2o(WQ=4#UBxW;T@U}6!>oKVz-V(V2l9;GBJ=k)ejhaLbv#x zYhyeK0D?%#n5iVYbMp^Qf0Zi*h0y$6Hj|;v;muRXx<*_;?mlEA_=ml5_mZH5u()Yh zXDr9>eQG5WDMa9}JVPqo$7rw9J6Ilobsw#IKZdREwN!>1P_q}$d{E<|k1M(Mm&4D6 z8pnvf9VPM6g6j|~ACdPNTaG^f39pfL&l*|jy5yQ(w`nb_LnoB#z!F%TaqZWde2CFS z>~zOseEtz-DI`U_c??Dp!GpmMq4c=f6&Utzi*hrBW3 zDUI}+Rh-Pw>{71M2BHL*LMNw{x$wlD%SE6_hKkc0`X}XDDv?(SjxyCyKkHWKLlf&T) z?Ne2`OBk9fr6mzSA2IdmQR{vH@nzk!SzLLxmod56T=5|H;BoClST<<*W5Ak)hWo3j zh}ghLK_LTuE7J526WD0llu2|g?lMY|p0!I>M3vo)zlfTLh;M8nTL(|<_AMbYWZ+|r zSIb@+)Vxclc&OgPBnMJ1t07Xux)q-#z`ZoBB@WQ+Ub4~ z)%CqPc8dB4Ool9EH?>QFN0fLY#&Bx)rtWbC)B!dqg@)plO%9F)|Ra+>obaoNjmfI)K zf`EgJd*-xHsf?DVig-iBSJqnGdS8kp*)qQqu{dscVr!B3{j6I_szG(5&y7dT%3M2O zBlja6M<1sd{1a6)26n%jbT)P$ACv4#B1`~<9VCIekW@g zbr-*|mGKa1H*L;&8ST^QTyubvF}yS2*4Fe5O8y9Z*rFlbW*>tNrHn;Lr{jG9YN)5QKBgR%+O`BLp3{E4-ax<3CaY(LnsnB%` z88rCHAWM}bInF~L=~itg)ii7PC%ldmrccasWaSQViUk#OU&T_}>N735@@`#za>#SI z5#RN$SHr#)(qB=I8_SePneYt9J2TtqPQ|EL_RV`hxUssilE+a((0OWF1_dNRjxqEd zYSy{pbAM}PXD!@Id$=m(jlo7ZBhrxMi{2p8Z?uaID^|Bvp2p!Bj^14uantkxaJ67;9IXy#O)~xN;-s0gIT$XMy3uB7*{{RN*aGf&RbS&!2 zy_+3RaaQa?mvci=bhf&;+Usi*HVd)q+ZE_OAn?|$qxf>$&6qq=#u`5}=Ex&C7_6lc zUdMv?lf(BBY0&CAghT94mJ)%`gX`O+XW7H2UPWy7w2rNooR z8@|$@HgLz@u&rZ#L|)A_33F(fEQp1OPkIGyZhbT0KZ{-sy6_I6;I9#0!n$dQi$??f zOr4d7mPRk}62QGi^8z>}wwK(&?F{if1zOfW++t)VU+2 z6U4KmL0GQ+yI6tNv~A;NjZ1w2^{PzDd!JVR%o<&U*LvQa705c2kM@O$@G_?vAfKo6 zuedF3(O^gwKx8=2tyecf4J$ikm0j{Tsm2XI`#bG(!k%o2Mt2Jr>v zt81;MrEPkmf8PD*@;P5`rEkL)Bwv*A$6CqExm$Eo)#GS`Ebuh(V1k>myV}1rJ~wz; zPY-y;>i*i&3mC2!e6fzDyB}VZ`ONRFj}VVgX!2cmw&Q|3Qq3=%Rz^5tIpVCi2?nA= zM;^d7kVoO(zMJ?v@e0=FI6MjBE0n_Jf+_~e*@=b}p2ohjw<#h+aRUUE2ylN}1~&ejI2YwYS6F zCfWR5p`fwx2!;?|TOxUKM?WdgUdF$Sooi2$C4x&?#J2JvkxAr`duP_U@KRBnsim{O z-~Rvx`~F51B9A`1k9(NdZEWZ0YN&F%esRwjBE5=lq0J>`PPxcN18#jPq~9wPQIVc~ zt3xS7r7IYY7!a-Ap2G~h?-}&zL6D8+OCulv5ICgR$`r8Op17d6qI*c8cN3^SYUBfs zg0uvUkf3>up5lY5n=V?&6DYwP_XnY`*^l@k@9mra01UJHRwu!q5$a%kF7ec;&m7KH zJ4^0?lbm6=2B~&B(f$7bEb-jfGV?97FPU!N-$TeExUECWU?flktHvwLuC*@O9u4sq zO1IUt%~r-+cxAV`h@n;;8ype-d)MaL_>C+tZ!OkHq15aqF-;pB<$7{G2(C1>u{{sx zhyDto@X8+wc;+7x=|5z-(6v(1szwG8&n0~`&3-l9M{8*-h&S>E?E2SjBc8G`*_Bw~ zu%z@fj&`uzd9LVea7k(mRz_TBliRgvMP%~Bx-xe9RT4!S8+hC?9COm5Ng7PH;s;=R z&;*MYM<>k3J!<5CFbaon(t}7ogo>atu^Zc*RkZn(2@~b-k=CYL9hA@0{{Z+UH|;-r z`#XNn`Y(hvy>jmJzM!&GF8c8gry3p>4HcWoeWi#}Z58WX9 z@%Y!Bi-wmy3TJhtTSIc6X?Ik*iz?tAqPh8l> zHLW90)-?O=I{6vxrir4JJ9Oc{1I>Ooc;Cf-C;gFrHR(Sc{4~GXT3wCL*!BBmVg=Qc z92Ukps36ot=t}w@tJC~Q@c#hBPYY=O026!*aba`d&05Va;&`MRVI+LY!#s1E{O9=d z`(OAE;r*_qr@^Ynb>b+PD7TE{vB~H<^~H2^Bcc==KPLV({?gwRekso#ul9_-8PRjJ z2wyU?_Xn{4b>X^4gso?=xobmY&mDQXrXP-I{ND9O5 zj`;kmlhiIDSd5UJk`wo9T2f~nba~FPbY3Fr9fAH4+}ERgANX4T01$PbH|+8~y|&ko zUjC$3^ER!}3S%t*#NepR&@{r$ps?5<{&my}0?t~i9T-^v~ z(X3hnys&>!USF-+wwlT%k>o;2R>Ay_r2`TTMCw{&wwA&52+rIdHlI^nO{;2G7BGwG zC5~KR=bzSqWvvR%>ehM8w{uNy$L=^BdkX573lio{fq*|S=x8uy_p!B>G;4WX6pWRq zMwuezg9ncuyov-X#<8l0j1$?a#h#*uacsqRbo$T+gX!jJ1HccP*m~7~lQfa}@qY0= zM=SW%L23t7d{J?2Y6OWJ#4ryW;-Indt&EE_VFLliGtk!70~xL()TMBY74zxVvaW1r zhCqyjsXa$ZhfEETbu2b58#>`eL9Zj%JZoZBXk(pxdYnA}+=qj!G;Ta}I};?M5`4sq>Q6H-;T2=Rvv*pIqu8t6%_ zqiTjFkRV_^4`W@nm8&GeTX`c!Vms0jLngI_=3@{Gj&V;GmU9&IouezBL7<|Jy`oy$ zqP4B!+#?`zRQ=L>8sTlNFJto}o&4yF9f!6lnsOsv*TWH9Flb|pu=$R7uG2=eg5AV- z3$-)bwFYeHF5-!Z2>DUd+*VcPw16upEP&&uYC<_(K(tE8tZ`YIa=CVjWdtzmiU3RN zBzWgS%at4gI@gEXXm-|`>)qK{C^9(nHjHQ7&FomNm8SAua&uV`pr zX}@P^=7wZw+tRUaq;VRfo#?&$gF%~RyE`#_s}nZi)Oy!KkjY~SgK_Vvc2$7F-;RR?Vih_Ai+jZXJ(9R-y(br*mzr z$lxcFFgeKRY1Tq}W!W1$FHMKNNHx%vrG{r>>SC7|X)iD8*e)pW?mwIdfB8{<$% z+k`%6=xX)nm2(U(@W;3g7B_-DozqT)MuL{50f#b2{EJs)1xqMuGt6QLv?osD^lI!f#b z+;fg;domnYx7s$#ad!o}v}djddgP?G^2-DH=!c#D= zbbDB5GO5F{10#&$m91XUmf{JSJC!{RBx+?{>R2ZqD|%wN>Ge%Y((PT5{G5O|$ZXc> z65@|gvc7p@jhk$22X6IKQ-TL&Hz*~@=QI^#o4aV?onwI+I}CQM`%9bUhhp4H>F7^N zR{`>?5~e^;ennrhRY_wzNm6;rC=-eBQm1&3Lng&~Yg*(u3mywnND1t&QBX4g-kBU4%fG&u84(cqdCwK1hj2KX9ameAS`iC$dmY^F z2dAj7NW8hRFbM*IFLn2-*fTpiQD+M1YVmKUitfZ{Kza_|$5&+oiUK#Ng zJyJ;C=G~+cDxItcN=Y3E99u< z4L15P`$^z~kF9VP5zH=I`$3i4pde#4T&x;8+gaMqMrcCq{^=PN&g;{y%K}-E)wf}I z6(TuntA-Zs<^w08^sZ_!vcJk1d8&+VQ%0TQL1_Y9MCxV(J%6Qg{{Zlj>M@gWY$ly| zaAWI=(NjW4t$15jx77;yaY-G)$I8P7w{@LHI~Y}`A!8>QKD3=N9K<@MtdgHDKvlZ~ zTd_pW7Hx#Z?OC)}DVMHT#dQMgoD~_$p82mly6}aGNjE|x-OlXvG>eS79u?wE0_Mu< z<~XhrMBj|5Ij%}e2fEpBAaa26X-OMKRyl23!?uFj;wfNP7$9-THS$l4^f%Hk-R+}j zfE%P4>MK5LXmvrJ2k~p+j2yAFU!9b>pu?l=hAgMc&?D$TQ)cL!St@ma_Do;7CxVgQ?$y-VHzqh&fo6T z$u+&q4;{hUPI&`?U2)jLS{RU9Si8NspOM0zq||X)!EJJ>cv<0NvmkStVpA&XS|yVp zTQ+F{&frJguO9Jlf@Rh0Zfw>?MtIH%86*DyuUX1EnjaNw+BU7>?Miz~hzwTo0fs)j z_N=`!2=5*4rf_m_aC7-rJfqas523SrrpKo|T8^K5E}>*0kbUHCm_Pk$zu}J*>Util zZ>rg`EexQ9V}SmnG^4q^V{`V?;KzzByjkGeeMN7r+UyY@lb@Jz)K{+PjcRYjyt0wK zw)MqoWmYHC+76Q(FhbFi`;-s8U69kxRilt24^H*0Byme~QS4@DmGT=rR%h8v5|?gz z3bUQNn^w>wfisLAl@6-}S1_Z^BgZ>ZV%D5nv&bG%UEXpGHL3wDVkdvs>OAd%G9 z8F6Zs_VZk!cpE=410dEjL%GG>UI|>XI+pLpTG+IL;gx))UD(~$vl)KTC7V!DBD`fl z!;y}?tLSeHJ;X6b511GNK`YK{Sj(X&qD4E9e85bDsKr|QV#yFg3a;MuU{<_*+qv@D zlnndgyc5MAXY*v53yGb%ET^|Us2WBUwzn^k_R~)zMUX~&QF3jkh)g6?&Pd(OOqpsO z&PwR0m61l&&&qvks?hIj5Tf4%loO7bBC#dJhW_VHhVjOq1j?Y~7w=0Y`MpI#2vNoe zpgBy&vfq{5cAh$N1#0MacN#PXD@&V+;#{Ad$vmHaYk2HPYM1cJ6`B+?0k?4+pRIWI ztD;)#H*v#xV*??7yi+3-%{`%|rFcHW!}8Ad@Z0>y8AQhwt*U9Znv5zKJR3(K8F6 zhE2X#UX%c`81@Ba3gqy8MQ1&ToD@VEAFWc0DlFl(t82|NN0F`Ncvr6EBsF;z)}f?- zYo+u6M|&p^fq+JPes!_4K9ca%@f!%{hTQ_kmXB>~W3=0bRyZUPSsJN#I%u^7it#+? z6`~)+I_A3>b-gNkFuqzDGmQ5?T5GtuPdC4g-riv(Y@r*fWVb=H-#h+ZPRjFe^@EX7@OW*(Be+ww}BS<_u|V zD@%g=n4Wvqa+S@Hw_1z>KP*FqBcVJ4T#mMFr-Zq~RE3V01o} zP%)P0pe~I%pjgkI;191osf}SeqD3OIusAub6C&sHUUcniSBecsON`yfs#GF3%HFvH zy?NHH<1ZBWLtD0cO)}yXNfDkxcBuKVMh_(7zK&6`<5Gpsu|6GqRfk&8ZZx?q?Vjc) z-T~o&?}Oi^eHo+P=+}B28jh8IzuIi1U0XL;hIl^xYo1U#BO4zkd}*~he~K;qL#JHF z_Bl$!ENTwLbJY79^FI{m(#fNJuTQ*#?Mz0%kA@lKgHaOCkbG^YT;IBRxpNc| zK`Y%x#R}w*4F*z)^Zu)%YPUW*vC`qw?rrZ`@xv5X2e}>nE9h+#!aAOq*ArgFwV*+T zb>yCyAkyVI+B~ns+MTo-jMhkyysAIdG3O+DSCQ$yAkg&fMP=9Y`60Fw>|mqj_oh<2 zJ%M1+uCA?h4-UHhjlh=@fKGdZUCeq&31_L>$k1I!nH8Ar8T48W6Mau1@n4GkS8w7d zFJZo&Eiio413qCqX1x=_HkUpx(=`N|X+GMn5;P0ANyd3Tyo#3sF059Az?V7#OM0jy zXk;7yd@_Q4I?~UoB&^X3*zISHatIhXJrDWxp+>=_^ge|6X4V%vJI#5UneCc1nYRJE zc6rC)`q!mj*x72)NVbgdOTYzq=~iP>>D=)zjNcD#^-m2$do`O$b#E{cO&Iy3Jn&C^ z*NSM~9@YFerrl~#h+f&UvMQ+Hf2dkrqeT*^Xh9z<40XqD^;<}b zOt3Ps&{U{3oG!?_PsYirOtbrer>1E_?c# zr6trXd9D48uZDFaV;#qz8DNM&>z+9kXT-WZ;o-BE0GCB~jEt+TS28khT?~y1>TLpI zS|5|{ki(D5(wlSQDK7Pv^X;QHvMvcjjl>?9>55|JXJ;nArzP%}ri)3xdxcoz9Aml3 zuS)Ru!#y8V)MaM2W`rHws15B|%RuI4zr^1S+1dDNc(lkOo_K=nNr&C_!2-T+pTtw? zx?9<(j6O1A9W(W;%7fIU;J*>Q=CN%x-JBBakO@(jaK~ZK;a_2YZunnC(~{!W-XxB7 z`IjFuFzf*BT6;58$nJh2+jyGQZS>}f2_T3@0*o^HXWqOX9dlmNd_i#~S;^md(KPV>ylV2vS7Quk9-qpzg~*IZC-Bw$P(u{3J4$lFwsJoT zv8m|#j)A3}M^m(#ILZeORFYTM=~^>op|SA(4J*cz#*>oLAp{VF^MSzp4SE)xuK0gX z)#C7F-K1jPS$9ep{K~yDM`2lVGgU5!UGZzd9|yc4pxO9?!`iixl3=CnE47zy=>Y=+j!C7i#%?FcS6Zf*t7)2-*kowu zhvkt1k@H+^+0y}pAZ=a;U^uTj(!5PQ<%H1ebdFJm zjk>S4DLsJn4+D5_MYFY<Tw<1~M_lbTVmr{-YJjX`+UqjAV1oCW+~1XA>jPIGgnRtjQXLz z9_il^{vY_JE2Cv@MZO@CM9aj)_U~VtzX$ZaN8v}siL5mizS9Sq_NvelBcBK5cV3+I ztB#JysH5#&TutIDw3cXzyUyhx;J4S-xepTm0BLC!K2^+fc|n5_jz1cSvSl9U525&* zMby&n()PyHuS~fFs4R=f;Bj9wd|sPTvDcxoTN(b%a2VUo0a5Xcz@!ZkBzON)cikilS;P&i;tJ6A`v zEx{kA{{RlHyk}*j+S=-7Q4>TNNNk25?|126E`HJ%SGs43l4iG#OIRckyM6Z|xcPDT zRLR|$I%v%JZSlc;2j*JMrp@s#$jyhleROlbICccCGnSs&9h1$?+%3h(fCwKHWPu5rbh+6 zyQJ2MI=YM=K~w4~8@MHK>TX&qS0i9{`=+G0#>a7KYYncD!ty0|Wl|T1oUUXvOhQ!ZE68 z3#w_?2&)#^r9wgPj1kw;r|_n=E{CVfVSfmk(k#EqIyO4`iqr!5Wbu)dccw*wpC~h9! z+%vMQd1LNYzI>Ng)AqDlWu#Wu(QzxM-fnovJt`#?xRjqlo}c1-yW68b!LgFuq^!G@hvF+5lSfP=(9uzE z6QUx>?8%VW`=`>MX=5eT2`yBnzf`Ck;=2Y ziXDP*5T4cFPOa6<v>moQxj4kzd)5>{s!g%l4i46XBg@W{T^_+I#{nQ4=Nj7#SUVR#R3-LVXXTMa24T z!ZVqpk|yIFYwWLw-YbV*(c+ON^JG!9%~w-ec|0| z&RZGckwIUbO7uTmepUW;U$-ahvEpCZBldv!jqp>%_ILL7u-*&54&MQoFDx0$FF)QN zbdSQh9bQ_o?JKW4?!OC|PF)X!uGR@W>AbM47_LaiLyG3*fj(9&9A}J*^rJ4PB}sJv zf&OG~nRqmlS~D<}Ccp>of%m?((2Ti?@+#~qp-K0sBxO(vsbvO%ISh_=0bSG~Vn?l5 zeXA#wth@|xXay?`iT=(@Mn@+c_oNRn4=T-o4mRVb<3YS6O&qI`&c#<8)ywO7nXI)< zGWzRG*6f{bEbd`#uM?>Z2tQFl*$H$%(8vA>0sCxP{@Ne14~6wR{a!6Y;%|k2;!&?e z&-=q9U;^ZI_N(;2T9P3MxChEs>+M{)m}+#!Ha>CjPmgpxEpM&$nG7W|W0^?8 zk<&H#8T(cIQ1HitHB0Y`o(;dyE;VVOW2tE~+$fIVC_gY6>-@hgb4HcIRL|x&_Ne`* z5Dk>}J!*sYc!kR5)fHL>=chz0_HJwI9u%&F&Dq$Lhpp&qo;5}Xnk z&;(DqFsiEiSm1kAh+rxZyB(nPQ`Un@W$;u1(Lntw#4?v)awHu&pzEZ`Cqcg2_9vbT z%SlDVEen)%VbH5~BEPcl_$HU_O9$;Q`#R`)HO9I9q45*K7UJ7b6TbJjj4uawbA=y` zVOkf1U5@H({Ug#f#IU}xySk1>)2DTYeWRliG0$&L#=CXX?C$k-Hmq&6CUTmdf zzKTBq?>uMmZ{XF}jXn)&9x>FkZwg#UX0);MnUP>-`_XhNewE}GIwkeIXH=GZomTXZ z-p_R@l1KN+u6g2~$I#)ZMXQ{#yPoUJ$UbTlfK5+tB=T+hJIK3;&JH>Eq7_>-txC&5 zx2AO5vL?wuJ?o9XxsWR{RXvZty?V46;Np?NUtd06J7iBgdamc_GI3v}KeHW`u7#pr zPi(eu&n$jik;u7e0Ubxb0=+nFc{N%0pTpfV`%)Ptw%i#>1##BBKwIAFlDsBIbYe23 za=%J#*yn8ZKMFx4&JqXtumDy#&34jhcQ%r&GoywFxT;&2oz8)&6}5df{3MY8RdP8Q zu0qeo_Wm2xuQdDJI(zLciv(cbGLxR1cCMJl=(94GOftQc;me* z2Y_c%gdsiNjK$A;%YN1%4pB!ei_JcQUZc3jq z8)N4=u8P+E=VmfGvksp0l>32i`#<|$JBX3|rU2K%{{R(jwXX>Ho*7IHd2Y^B`D#Yo z`j6{X&W+MDzqGXrgtxrY!Bz+6O#X(w=fVD7p=WP&*@EdtWKVidVPn$UPJ;Rc2zu%*^CRsi;-JDN5!-K&I!cd0*>YL}5NBUwIF z$2g!ylCX+I`TWGrD(&X2YAs9(iU=KZKpty+^2;;H86bAeShAW$MoAJkKDgvi19vR% zB4tF_@7lSE^hsrzi!YYSbC5dFCU%-HDz@yZdjpPZVAvO!7wmW*B_l_ z6>>~r=ovTK1Y1{(^yZ%{x*%{qLNI6pFZ)qp$~i8hrC-sdw$)wZoeoLBKGf0z+i9<) z-4Psx;?7o$LhgCv4xqD+wS2ZSayjO^c%SA{rmQZZxkeiVde&x%m8F_lRImge=Tu-1 z<|{bNJm;R20j~(Qmv5Ha{++6C?D&^>BXac_?LZv0@knkFH(+$+^sGHX=38jqXo+SN z>=rpqBgf0FnJnkBdr6{lg#Q40@vE0Neo!O^E83e{=rY}ghpXynC$xaE9^I?B($`Y5 zLk-*{?BHNiPzxOmo3@}GT!2^BsA`r0(V&gm7eB5Qf_`~ zRDj3YyL&qsyn`%?Lbo8*IQAjaE8$F~6gK?&RY~;+ie`)kiILQ0UpiVzugcXCN;kV1pb2iKEb=7_F{l3cC_@gCsTv6pj2Bh_s+2nCPc z^G5>&^sM8$NyEfC{*^%FYDsmdMQ&q-pJB$~*wtjV^I|2okErWGkxF|tL_S*WBbxbr6%dcgouonX7W@Teaorj@1xe(bR#}qn29i}(^1=M6##S+G zEblL8om3Uw+ZE8scQh=2a8gWQpC>5A;_Sz?MckcZ>0DRUq?8zfdC;*cf}Tz-|GujvV^g|oQIk~Z%~ z!5;anm4Mv0@U5<&r63osdC`Vc%FyX*k%Z_WrasCnvE*o>c_`l09+Kv0Bzb=gv|=>z>q! z9cQ6ww)e|+9mH}Gxm%H1*S1=6&aD7|sn6Z*SIk|z2E>Uo3$w00D>O!BEZ`7NT-2I! zqBXXh$WXaNKJ^1hJ)FijaM(EO#aw04jL}&B($T8jNpB{4gOGiVZA+$ITe3NEI^#SJ zm3+v~Wr*j@EW1H(T=c97e6w%`$t6c8+*T~i<#py@#Vp&+hdn{)Dm^mIj4ku7@$1yp zMphZfYc^V+l{%v`o}l&=cs^Y~%jMn#`#%f2*YK^P$I8!2Yc#i!r?I$b<>M*_4RRhJ zy73j~l>#H&Mi^y(yYE|F8YFLcXGfi9A8U-oli#VYTaMHBNU^g!0n-)FEr^titIGkF zNux2nWlN{rv<+^%C5x%!kysLWmcO9sQAYDzviY6=0NFnErRuVIB$4Jh4{{T9kLwLvlyFf(0@~tvkc+0^e?6@B~w(JZF>a?qg zn&KB$W+(2Rn65gpEi=<1MnmrZndt&-y0ADJIGZ>@9InvLS!tf zK_rgCyQwo8r_(+G)drz&98zj9{h*@|3G0E=>s_Pj4x~pBIQ}fxe0De|xpz;sit6DD z%&>RdM*|hTG+!3= z5^Gv^r+sc8PrnVnX5X2}>Hx+o=4&qvL#2qWt>!5TsVx~8}gziKic=Lh}wH&LV)divTH|*{4S^N>ITj(;**IIqX_l(Il95L)a zJlE+rhV@NS>hDj#`#@V)QuqfT_Z4K+iS}>99d7efh{E!;&IarQ&;if#uW_`zSABu8 z)4zJsGVXcRB6Zf2dAnmPh8$+JE%d|ZGqNKC)9F@WDA<;JYjDUN3OCagEzP~PwYg#y zw`ZZC%;IF0IHWQ`otelL!Fa31Q84nAl^g^2MO-%nh_mrYwE|KDXR?m9&1?Q9I)gZl z*sBa<9YrS1psaB6-N`g%ipZ?Ie8Z)4_gasa6GGAf2{|k3Yblg)*Q;wS(3aKkcqM%* zZ|w`H3bb=J-qkU@Za4-4ALEdF~DPAKzM5AC@n;uX>Xf69E#Qv4pw?T zpRHO>3?g{i<0FICwWU!cOe1CM$*X9Sp4UFwwvsKZ@_ed(hQ5E)KG_tE^C$q4NzYnF z&__Ka-)MJ;lBDEu(z2~|tGHxmhV9lM+^YiHy|Y=&qg9K};t>f2cxFG+w{-nJ!c-}| zq~q7pvnEn6M`;fK04_$~+jTzT(mOXmj?Q zA9V9uq-Nx{I6KAwF=cQ8J-IcUnsk@a0TeQMVDiI_v;vYfu5_!&;X7Du+kk()Tpzun;2-N( zrnMr}GRR+?^rX>r(ap_mwVG}0vh~TOxzg^hEewkrNf_(Ld{Ap*tQsYx5r;9$6y$Tx zIrgrG#$7%(SY%~moE^hBtBgpLx(>L8(o3c=?UN^JdSa2R(@(T&R9p!Khf{CDuHR?_uoZ!~Ekk3}qZhXlB856jO^v>j<&z2W^s zUeOlmB@w-l17{yM9<|aYt1IrgXJjO0SJJ1Q5jdBl)ZSqXa>%O7@5!yEzd^K4zyZ{n z&Q9h5BE-&&-NwOCT&c&lNlu4B^%}m~HEW zL89(RR(1iUW-;cVlH^-V6bAB0$mvwC1!xO0@fd`@nF0C}qi%t^7IxYsl?VMaD=#39i>o zvsjT7DOBK)cp%hr>T^yK6J9^y8&L+XQr{#ZY*e zwIKHY0BSO`Fo8J$pHHQHnd3i*I-Q=SE|vC4?95UH#L87zdm3D(mMC1!9;>EDC`Y!t z=<3W4?{V!{d?Vr6&Csh+5v2sQBW~Sks(AeQo5gmaY{TgN*dg zO78wK_~~?O1FbAEPLez>?Qg>6fa&XunhYI2r^tLf{{WuV?4A|8w9&Nbt>b8*xLmqmV^tS^V4Nm@&bTUllb z+YcMRyx+>ZZ7brf{5qRkJ74TLSmzjIVd#A*G_l^^_^VRYELPfh?cUNx$zta?8SU#> zmo|2ZrfN$xGItg!TP|~B5`w`?3tBe*n1LXezKdpS(;@ubf z23tgu7q@)jn*JS4?dH_hY3EYUxF;>2?;f?M zDmF*BG+HFuevzxSx>`$(h=3kj11#C@b5|Pf=1o3VvW;g5H*j!Q6%v4&K5NzWol0$Z zzNK*_SU6sB)bKOw#eD(bc)8&peSmi|elGZ}qia8Fw6rnH6sW2c@N?_!-o9?SvYzu;`#dq2 z*pN!FKX*LyM=B?h$9bsemOdZTtuO4^{{VU!oD{~~aoh2#8b-QxGO(nKCEOQlH$hZS zHixiy8%prqoHyF&YwzuX-#7;`x{l;#xhwr=L)NuP^xLpQqx`^}1{ugJ`u;YGN=Q~RXOYx;)z5~hb*D~l?k=tzdE3DU?x{TmT{4nABVG7`e45^$ zbYwRWt|P&1pbUYNUW4L0~rdIQ#fmKJ)u+K$AtVl z#}fA#A*MW<$C zDRe$;xzlBeS*{_sD2f8M1_2|zaPsQbsj81SC!U8RKK|c@IBr6Eoh|IPnw_~zHc^;y zChzZiewF3+w%0cIw`$L_G{)S1wWC@Zr*qJ}BjQbZ4P9&YRwbPn!HTeVQ$m2c7T2wD~RAbco+f(@L)|1Bvg{^Jwl)58E zvISKb87KTJtJJLYZGGRxQ)$*#vo^^bGVa6rujBmdsiNAp$Ef@-@gIWqNt;Zb3wiI; zBY7Ds#~7^NjFuL5c5e1FL#jfNk_=-VdmQ%_n}M6ZQ{$fi>9%wD_htNFV$<4c_lV$>~W5ltaZ9F9I;YSO{)A4l3;+%>AjX}TMAA1r77 zS=Y(m7a+3Mb@^?sEtG@8uqSIU@BL{J%+H(rMd6)p-r9LI`*pg76#0W4tCX~~)b*Vu zuXLykT8tlY-ZSbr$LByfv-L;euf=(9J{)Pe@Jh0m&GX=`83yy=me0lMwO@M30 zYYjpvY@}Vtk-y5DhHyuy=~Flv%5LX~X?N2s<4u)(#26~dIuEUVBjJCCnpUBr!+jaI z-5A0lQb{$0uAZjQsES@9&>)W5OM9qXL==($B>ouhR6IYTSi=-;wWQhiOMUODG_R%0 zl=M3*y-LzsRE{8#Ttb**j#{|GCG59Ps#?UelsVaqZa&BGsz!2=>=!!5o2qy^8@q9H zq-!v9Iyo3&)3L8D)AgH;AYR?wPczw(yo_|mrBq-^(rCUq(RJ?*-pi)l$oEL)8Zdfe z{EG8M*C&rqxfgMVvXM%Z&Imr$Y5;uQ@ejkVrR!!bR>@i!;}gXx0PY8%_U&3f4>di1 z!m_OX7raX*&h9~AeUCiVnkXae4~5?oEav{wgT;sYH(T>SjzvW=Oo#6i-@i;(qIkpM zH^T20=-1kfmBqJ*^~v`6cQMVhNsfMCIpow-i)%pS?0ha}hr<3a)U;i8#Uw~bMR5E- z`#{xi8~BdFx5K49$JlodEJz0Ir0jJ|X(OYN5cA5rbie9!Si;a7+}A*;x3bjz)4!_J$dc$BoN-NE**PGp&@ ziSy<4jozGI@>^-`l!6*D!~X#FjeX(pTjLLd^?wdqXctBe7sWQiYll2s3=9x`Yum!d zo;F4nwEnB7Xov07Nb(0pO2H;vy=n^m}nAj9N&n2Jt&d;8bd`UUmtEOQv%8CMzSHP;!K zR!YY~s_If+BKgHosQcLcYvTU^kN5Ch*b5lsdA7GDTOB|BRJnDr=1+6v2%(LUmOy&s z1~p4iwMW{~qUSi^cCBL@8K!z?!>@%pkBprqw3N$fBrIA1!328erDk~Nz?!FlE(Cgv z5?b1Pp(SIH>@!-%eHpwCcTCjv8#~x;H0ja_(Sriqh5+<6`=$Q?1hD<8t~>?f`&&q^ zS4p+KkS*W@{L>r{o7;+VeGbUGAJp!lJh#$8eS00KdzjYX7)B9;atN*80&25(V_%J8 zls1_=VnxO_x2*#LxIH$Lw_<$G_SC08Ra&{2OGqe-wNn z8T0MK1vj?2`IP&N?jMbERgRp?bpHV1{{Rb^${o+*FJIB*vx*(SlEW{N$`j5H)1`2d z+XPe$O5o=mGhUog$x;MNs~a7>J7DmCN=HeVWGcic825=->;XxutRV~v#lmMzeck0MGaY#{CK_O?s9E^0JxNa`v zB)JL4{82+q?;~Q-%uaBl-oKw;i+>+JAbek( z&#&s*hM8TE;``#td(n-BX@Aft(C(bPAD-FB@v(p3d5yo ztmH1})MOkUC?+lS12>wdFs#6Tbo2O9eY>61 z+5MMzV_Dg#u9$TQbsYy&iEs4TlMJqee7|1x>FRIoXS39;_?8CSD90r`{{WwA`J7@p z>7KbW!FyyPb&c((Kn_N0hP?3dY643us71|;iei#7cw|1m&b%tf?!!x=_&NUo1tIu7 zs(d@tVb)~QJmDVJwYs%I{-mCc!?rW|SLW1yC!Sp?EG7|Mz`zkMK6M{a^{+mpUC*Mz z)U<4K8mvic8JZ~qt8z2ck6Pz!HFB2{BdhFT@|o<_O7$tb9xYS! zL*Y+{hLI{6T^%3OrFNeX<2KI>_Ny6_8EjR`NXAI%{t`f%lAE!)2;a4e*t)wOAU4vNhF-2G+>ac>Q8U}y?bwk{xx`YR74DS z4}fw{UwY__NcLy6+IYWByo65Qy9GloPYqmL-YULrZU~~XFKk-`hUf4Vok*k}%=P^~ z`QlZSGb3X-WBOAsHI#u2lDI|BbJDR7W?Hk=p>#>$bvZc3bDDOw;(bp{wUbb{(xuel zj~-+Z47nbvJD+N(tw>8-8k#lzmx*-9b$v0Wja+iB3bG&Wk?U3d%QcKjkhUi5yvEPiJYUIR{W&D}`_u?u5+tQ8p&6f;^Cx!zR-`Ly6w!?CK{{Y_gph8;T z$z?2s4}SIK{xj3<{7oY~@P?I6-ly=p6qD~Ka$46N&(C@^fzYpw8z<&9h1im#@~vP~o1v8~u{9dc=b1m#x@xc>kO&|7zwD9kEbB9Ig5a~LOh=T?Qgaa|?k zXy}qDOpnY^1r7U95OO}1T6m4ZHW1``PzEga(gk1<$p;(?rEMecWN=9wPzJTEP#H4H z8`GYZcIMrs!Hf)!I3Lb{HuSALM5^R2?^E8k=kifWE6=E)3_FSB*g}oK6O8t(IVFh4 zCzu@{pd+;aX2#7Vo=}r{TylEW@7hsq_B&;|Vt_d7nD@-etV&>m?NaEL+MThr5VGVa!pk7e1~|h7$6<%WbSjB_cr#|YT;xaVEt>Gbe7&_MnLL1`qoZ1 zDlW%uX{N<-ZXF}Ta6qi~w~iT1awsUrnv+g+K`xvv98GN7QI7x~m1b6Dg_%fZ#&9SH zBZsadc+V57{{%0*X3FK$lUYSo|GCwJx*6yR4Mz_ zW(SOc-`=ydxzf>$50&b9=x8)Bwe4Ow8K#bH+fEw?gHvhuQR+6v>ItKK@IYaa^%T+_ zi}tqm_OgqHgZHD5f4yFzqu3E=&Evs8dz-4_8rFS7;Bs!g()`Db8k#f1(0q@$a$8%=U7$uBg4hZ$Blte)U zA$M$j!1nZ@k12r0=+CV~hhQ(-XpeHjTYSXX&PPF3r+bS*EEkcaj5;|P%?b<*d2Qrq zyy#DCeJh)7E*r^5nszpMIjunMbpHSgS|x)&+Dovrz9V==(cY;5hKHqxIz*(~*77VQ9Zpj&~8=Hv~`HBm3 z*V2F{k6LL^Tg;8K92|A3_jWKOEpZIY3FUz_U!WZF-P?fZ=Ol5@K~hH&N}z%WG=OaO z5J?mH%&xwKR}XN>8#FfU@(utUr~)k(&idO@^H$*fm50oXdY@70Uaw(nmq00#88`y8 zjD}d%G?^?&D8Pa9l z)xjN`Km)1t^x^Y&ikDQaj(%;I5`$p77DmFIySF70SQ7nF3&?~2| zITcQyLS^PM;!QBKHN0q`liIn>Lekdfb47(=#~te?i8wop6BOl@!!JyFQpT+u;fNp) zN<)t3{kEGO>PSEir`EN!?+@79!oFp)JBH6*m2iCx9L*60wab`{NRoq$j`b9pHMnx* z0s+a}-n9oZ_t~QI!G|OcNIj`+uU;3*kW)Ur>SnYuG<6A9@l^5{@x^j;E!Cs6%I;Uw z*0BT2JVT^i>Q5n#R&q&l0qI^JC2d(u1NhJ|6g!;hmE_@rJhr*o=3tll*7l{{ZcMI_3y~xFisG??JM5J`C5a zrtto+C57{qx>8hc9I}(!@~+#%7xD+T^VT*+J3u3YSk{h)==EzBjO>zRK3HzutGDy4 z<&EAc7G@oQHA@XK*Sw`d3{RWmLh7U)DS+aJNyfmu{aql~3IR+pn#CMc~at{u2Ez%Tu+T z8RP`*Ubq9P73tG@95XvOg!YUP<7ZR+SgmK0+UD8J3dwS+Hu@7<$r&8PvCgtMnSgW8 z*0e0OG`0$=e|V?Ur9n~L*VN`se#+w7;>sDW+`gw3@;8jUJ)&u?b!~kTM+A-) zC1=~Uv)Z$iPO4{y>l%H%tEi7}^dY#6f zdGbc6>&k=FFzhSzYv4ES1E?JeKM(4*@%@fCw&8-A6!pk%y>V8cf!@c|z6$u)E|IFE z8QRJ`3`oal=Z>}a$AWxP+Vz}Q%Oq2y9lMl{c+Eaj8Kc(iHJeDLSZ*is8y|T80F8HA zZS%4#iIL)Cg<;JzhN2_Ao@8^qRhQQ_fq5MAMoetrA4AfE0}6fCwzIUqINC=YYvt{F z;_B}H;tLb=M<7;GcM<1WhKF{MOLbxy%5uZo+PU+qPb6&x#51(R zImn_e#gW&3;WPFCyu#0*rH*Pd=3uht8pchTFlwH3XLeG;Pl%Or%Oia!+i|id;0zyS5X_6zkaL zRWEID%s}Qn)sdoC(8V{+Y|)#Hs&Sl}^bH?gvs}C{1kvN59S_o~F*K6Uef5mmi=*4c z8Qj_F?_Cw2fyB_r^27VzrEeIV(=(UBm(k1_S|nvVxZ~WLm(A`TX*#-9N>(L=#tLeNF&V74&pibR#lgYEaG;F<8*xR*!?P$yPMOd z&W5nGfFJ@sIP;lKWa+MqSGqB9V@G+e4YVrJ+5v?*I}YXN`E{ zwQX4HVdM@KiudO40Xrfx~8B&-w+As)Rdgo$f>tmg%R+Bn8*LL(~~nud!SL~saW zj=jCB657_*9lNKHP8-sLXwR``Z8qSsa}F5!x%A^7tx~zOp4A!6zuF|h17}>*UOEc*Pd=JFd&U~&uBQYt+lgLMr^|TLfWxUKxt$hCFKwXnlh2HX!xrQk zXKY#Qp9#D#70$F?d%2)>L$@c1pFA%e>)$+Y;6H}`BeHnToGrCUV)EuCfeiV^PI(lC zDy;Zx#orC}KM!g;mYt-=`h~m!nInmejCPEWzSycB5}#j*)o(O=+Xx0)IVBj~k8a)i z&?MW`^_#C0meQ?t9WPCmd61&8X8Xh+nDpbn724_$z~MYYWP;J<+RUzT^O4R4B_vWj zbH#oi)HQul(p8$`8JYKQNeW{Fj-KYevhZ*0_2a*ZzYJw%*K~RAV1>+4O(8qoS3SF) zDTU9NybY`Pm%-t@H{x3%X?Jfii#R!Kcl>dh_iqz;!%Nis8wIq&&Nnl~JaJhfoMAc6iB$=hhBQODTHGbVNnkQp`b2!@%Ar zw79liFIJ0iVY>y0+H;JCHKXCJT3-o#MX}fP?Mz#07Uas&$a0fM{oH1Y4bnZkQ261g z_>WY%hVI@N^zkCJQKKEJ$2lF1Vf;d~)AdgcjbULo@+^VbLuBLA9dl9a(VU=>L*f3J zqw01#gv_#RiGnxovyAro^Imo0KMp^JJVkCTr(4LS-yml^peH`HERw36tNMCZoBTP@=egA-Stm0&%H)oqcd9f~X!f5G%dgm2Tcy08Xtj^# z*ueeVbB}(NiT$^KX&r^_gljQZQ6y|g1xe9$&qrK%>cGA+Cg<=fDx&Hx{cbsi z3o{eR2dCyMNFmBcn&{E%ciN0H*rHd=+f#*?KRyK8j2jS9&; zY6qNqel@FSElC)+nJIKI^iLma zX3khNd!Y(S97<$jPd!5C@vdgsd}F9A+w2T;62WdFl(AFUn}B~RtD~YaRz9Bi9pas1 zLDjU)GhR1W^IVZ`vWNLqkGE`B)ZQYnxUib_?sE1;%B+CrJoYu5nz*G<`9H_{1?Huw z-isp*-K1nRdB{BVCbE1rV?Df6T8RK;`B)C4+LT?4T#c_3crM0m9>r2<=J||)6}eJ< ze;V@{u6$eI*dvY;_M0grD!`1eCpbABD_fw8xz$?uqULJ{m6|hq6npmPATK=EET0#e zc_6cv;i9%zD(=zk*nQ8Z)|V<9jnAh16?HZ0TfhLC-as4X0f6*A)vfWDMexw!SNr5U&dNA z`s&-pvZ{HTiU10ZPaXKDBRNF)$HtOI);G4cR{mwmWR_EfQS2+_Z5P5imx_E%EvA@~ z-QKjNNIdy!Iv=N6=W50_J0BJJN5$U`wOd%VT_XP8(Sq!mmncc~_NwcrZkBtCn=&27 z4(#E8^zBVO4dApHrfZrluDxldz+D~R=Q}VIdm8;O_)FqlKSI%LEpFBBZT5zUha4U% zB@<->EB2$hy7+hnzS(rdcsn|C7-i-`U}q;vxxO4$2Wp`=(FAv;fOgQSCY zezl}(4c}vy@GiM`r}%~MWoeSvKXxzy>&D|MdUO~o9pcAtOJv_RF_ z=Q?X@dJe5NrFz>A&~R7f81%10)h@h0;+q)nr_`cbwofZ^whAsfXY!yq5yr*g9}#ID zex=}~)h?iPEiv7_2?M=b_(!hz%y`Z8?ORRzJlAdnY&lh7-1>H_QtmEQ(ETmYudjZ^ z47!YQ%Ibq57Y0vy`3K@Bh=u2k#1?TyY|AN;(VII{k-+-@04jqQ1De;hm^8KCrKSab zZ!4bOmCyKZ#RATG(mPvul5`tYlMUC>f_V?AJP`8hb}~fJrIalh`GVjA2Y=GOH~5X9 zYdS}WwHB9FywqY@8e~wIUA+9G=~aG)ZYB?crJq*5f+*n&BQOejmd~wyo#7aDPY+ta z)2pq!=VFoi))Qf4V){E>N=B7}s~)+mI}IU)&CHhYHPlF@o;4i@b6KL4ZhZHyc(CXm zEqhsXyZQ9j7&}z6M8x1{9lyf8Q$tu}x4ev>EtN}x+y*3c6|#X&1l}E$E@!>7iP!)S znj}&IKH08sS+bH=c&)JtuMNk_d8eW?myu7w{u$GBMAYV%DMQb>$sBX*io>~v-dmXy zaS{gVYFx}yXE(2Cx`&7_Y~sF%-dn2qO8L&vIsy9ErTAOIUk|)0=^uz~TGmtw-#Nfx z$5Hg6GwyU#mWPJ?R$VJi)?ZfembC=7Z0uo2B$&Mc85~y;ckvU&S6UsuoZ5$xa~TDs zMmQtBKM&_ro|ihI6N9?cuC8torje##G8v9ptEtoN?R6!#Tfp2L{KM}1{lix!7QkKD^XMH_)zEvOUk@)Ls`|C`GPmR(DdkR#tfM z;Ckk~^T6H+({F4c@h8L0LJJw8lVtYqCjS65dj9~PMK?jT-(zSex%aQb&2Ag0tu1wn z7#?7&7%G_Bef?|Hd~u<82KLg<#l$xEAqz-ThChMGC#`u{iZ1p?QipT$Q{#VzZDGFD z^*;~V%YOp10~#pGfPVHX=g$WCe#cSOr+ep;%HWW(%h1M0p&W|oz}0lyW^O&tul0M6 zFX6_MqH8hRTxu{E#mN~mDFCidbH#kut?5ZFojbzq9mrfG5>9^{*H5?RmC3Q?Hka3C z?#?y_>Eo41F}Et=fY0I0exCRy`%sU;I%?d2VRtXRm*!)%cl>L*lQ^qwV=u*CF1FFF zW|Pl@&p<&0XSbz(dHhH58Q1k$h`X6&R^7L-=hC}WPdcJ!C#BlSs9i;Fs?WIKkSpEa z;G8%51Xr4VqcxVdpPCOZw6c8Xep}x)=-S?m zqIinP=^iG~?X_(%65(WCRl5*qWkT(kZ1Or`w@Q9S_kbT@JB$^ z^!;1U*EHCY)_*nf%m?tFLM!bQkf0KR-zm*=R9dsDC)6Jeyj32pVQ&M-49GUOuj5{a z;;#hwTjEEByhHH&#+HkB;q6}4?IbxP%PgdB2l1|Sx)U^ip5Ocw6ZSmu7wlvEM|j8K zMxci0!S|C%f1+MUTQl3SBp}aLUYu9wF0TrCvZQBph%m!FKDDkAuRIg$x6NqII;_Xo zSSupoM^CLn(#{dlS$DDLcY5xpvFFQijT>z(D-HSW&{autO2)((&rfq!O~w}`Os^!1<TiY=2J8bKy}Xt2Q})JKNdbFcz45A-Vd?y{{V_1@PZACr@hm>Kprp@ zoDagagt{GZM+d1SS2HZ-rg`!XUCVx1q?wua?Qx8C^rCN}QfO6=YOV%YpGuu$W3ndU zkMU!Q$mE+XEtv&mk#}SH)KfQ?A?uQTC@?9_pD{xzE7a1m?qrX!=O?`eGL3>;W!QH7 z=iZwXGVlbAv%2DfMUP__NSGBLcn+ecwbzt4nGgNo6@5 z1qSrwOtF@cg0MmL;MJCNm|L0JX#BR^uNnE3vDSmKoR8{@{s~+ANKgAvd;*){P5!iz zd};6t#+FXfpEmB$V`DczFd%I|Ks(p&r-yt_n(m*ZYC4s)cDjQ^v0kc=lt=~%&W>l-f$;9jh3vPWM+sX45meNgRq*zGKhc6=PSoiDPB} z#zN;l_2|-PmxyNtrdcZ9i>8~)h{~+T8Oa15pM`$J{20_MX43pWb!BZj!ch`jjtgUw zJqJqlAoM(%hv?6PEbT2sb9syqs3md0&2WDhJWB$@L;#O#7b;+Agliad#{)k@s65dRKoW zFZNSsBbPgNgIxwkBdqvx_A6&gfRn`_J6Ssqdh%T(Q@i+TlG)r|%50h1Mc#hsCpBEm zX%D;cbQ}a5P7ws?byGHn>;ifuO^xhotAwt4M z`>f-k2j9}X3*ZmI{{V>o9MPuJejo#PszD)G=2M?CAK_zL#-^GH$!w3XYUt`h|Ips8$jR%Y!HOplZU1Dd|t%d~B1$c9dt zG#H%y<=Bst!BdV;1k_1$wG6PGvUdZ$0BdPloJGrC# zK@aba(m(q3y`|krX!|xRs`mAu2(>w8zPU-QP^n(Sit1iSTThS70Uv1HKp3TpA!yrj z8rQOzM5`%aan)!8rqlGxEm>rJ-cNCXUU95xZ>QhLBbhdXj1JTcq}NOa5eQ-W*6yEi zA&r?=8640|nRedp;wE*E z=118)r;ng15i`1OvpqAm{%ySS2Z)!zGRxB%7OA59Z%=M>jx7t+#k?HG5)14L853{;B zEEgj+)j_C0up!<=wXHEZ_9D1gwFq7*m0b_DbJv;@OA$yz#^a&Q6GHZfF%_KFk{GVo zw>aHeUuJR$R#u4f$7;wN$x=Ibq7X}O9I>(PKT5RM7Pjy&mk*Zt!1SQZsxOJiz}xGN zwPrcPp;bSH06{MOg)mps-m?v(yAY~a^~DB|mqRAv)#P`LmvGNYhHVedwGxYY8C2sU zosADV@h63a;+I7!&m%SDw{3ahS>R1Qq}tOB;16GF*+#=Xx5M|hnvJ|odk9U-#t&-h z;IZn;KAcw7tZ8sUw2vEOHE@Y>m4i~b*K9nW?CDgXBRhfnwdg(<@dDj# zO-3!wI^b5x7Nm~oUFm-|M1ENYyvtg;wMh#?(T|(C#SIx-v2RDaj#Xe=KaEphQ97SlN{anU2G)U|&v;5h?;W>N7wb?S;s= zx+>};ecXH3efD83sEMIn*y=mexXRXc=?uGJQ3{W|0Ihe9R#q{Pt>}Bx=3r&qD~B<% zox`pxI#SUw;I=zfsfgXv7?lP7@290|#RNBVh+`o8dQ$^t!DZ5}8Yw0PPdi(RyQp~= z(xW7PREN{O0AXJw)QMay0>p&Fm zVe-{x&hk3obg1ng4hsPw&mi+rDQjRhE@6rk4;cu)gSAIzBr|Wcx@7^r={~e`XeP_8 zq{nQB=ScwWrkMqqnM&R<517@vSPRy+(fp!P6ShTl+EuE& zY!*UT5r9n>T>!Yva#^CdZR!up{{Yvnf(u~QAPCjhADw0gpK2Oxu$K=TqUVF_SaB8- zl#C2#27oTLj^p#5f0as_SDK+?VCSYO#a}=<%bhmj!KacSz?}52KVKeP*y@mJT8uCl zq$g~LhR>yJqJZ?MG+SAbZzBr3uy+RHt6b}?VKPB+8F;|?N}9f1E;}1qP4<&|zGAxN zjtFiDHL3P%Qwy>_!Oapt(a)}%BTii=krTMjTEF%|6red*`c^YSF|}v6IUqaZp2YYcZa&q1_mvRCr0q1EqB=zHEQH&T6B$j($%uE<$4uoEmM* zTqCI7>^gDKR=`OG%+ZG5w`t>=RN7oPLASjP0d6a$1gIxvCFaj1ia20+`qnayfbu^Q zO*OQk0P@K>B~5TT^fy;Ad8;f$Z3hOV)-gCK)9mm`Ec>D(p#zHN-(E##Ms>I=^8C~m zd54X3Saq#7p`?OK63ce;2-T>J#~FP&K7Wl z0;)JQ@s^o+cMQu4Fy@KkT@K>f z`DH^aopao0ntRBT69~5sq<;-*PF)P7x--wU{XOof~Rmb(R?ZK4d;Y4DfIiz zL`fSq*jx++Q^6JKP?nZ3a6Z@57S`ZdJhMbrTsCqJMRqfIR>dvkn%3v%U|T2djCxmc zS4J)=94wYeKKM(-k^`TZ^{fZ5c&FN8%kJPPtVz|=0Qt8rp zwzo40Rk#3f!kM&N>S14LuwFW}za_#P{JnEi_;Xsj@MfuQ?{=*KVHn)pF(fP7Qu5^y+~9@IK(Dj@1o*;RE9EiW%xxTj<>c*OpzTZA8Oia#9bI3FW`TJfoB3Oaw_ZM#N>?~4#O8_+>GA4efDYLiaFzQcNdu(XKp_l z^G}FcXlrRj!})T?I6kJRNckH3Rg&8FOKX73{6LQ4twk&@qig-{MFWx5>9fcIQsBqH z#(LC}tV?nvfkG4ay=xgt=2K?Am%r^>*&QMn1mlBVlX7%vZIvB2Tq=H5tU@mPoCW-g z8xv~IhuHM2VFf0a36wY;~)q@ml6ojvOr4#tj? z;hP(kS6jAuN6V9rmCkE=WR`bF?D7^F+Qj-$tWnNfS$Xm7IFY*ZQs`Fy0A;;0PJ~tfbY-JD6i7@T~y(G3h_nR|3Hvpi@H;qzp4 zuRrmsMl2>+f;Q|714Q3J!5=rigQdfMZtbm-8T*y>?_E!q1;h$vm;E7dst0jdoe_Ns zCrY(eW{JWQHxfn(HF^&YTHM5DM`0rJ-j$T1iJLjyTS#*hk;ZoO!Spr2-r3J=%$HD! zl<;xQWi5%ZBw92Q82-SLthn5F4xdWwbc<+W2)76do)|Y%SenK?NW59$-8$~g=e3ZB z+z3@4cNOLS9q{SAzK+uJXq}9W`^*u6o}bc#q6Lp1{3_FJ?Zy0eQ$eXJhC&D>0q#10 ze+uIKI}G+01Wl+-dc-P)l#Zjn6`Z6gPqFK^5r(%(nbDP-=26p%(}sOIG$0j>?)n2- zMCYi@a|+x-C5=O_F_r67A&zTlx3Fh9$OQDQ>}F4YEXxBk#&+jDIj$0UVtE<2w%$n{ zGwn>c8cC@{u`DP?;m979r(@!)i&ii?K`8sYpx}RvYNU+~7uD?Lf=Tv0zdJ@dnz5$p zN`wE3$)d)G{(}AY~fV$<~uXFk8msNKZGYs@Klh&2BkaN`APPq z5&XFB06$8lwx=to_C7=XraV8O=^i@OZ>;qg=d!=V*3#_S%E$P9xv!3O4MytDOFMbt z9#ABMCnb-!>rUmyS{S#wcAc;8d7@!(t`7$T@~?ULQRYKoeWYq8;AqbHLXD7zZ})z* z7bzVlhBV16wF~Vk<5Fg`IcPU?j1C4nWYn6Dt~@s*Ln}`AMY^vWXcf;q*6;2wr8j%# zF%#VJSr!&^ODjzf-0jrnfH$h?s#~EI=E>;|BGb2*du6#Xy zOsyQY?l!1YKPw;e`c{6m;mgw=g{`gJv!cuMOoy2B*@xx$QO=FkORF8tovaqFnuXQO zkg-r7(0(4Z=o&AGblI)$w8cStWd8s-aCu%12tST$lOHX~d^>V{B)7q&y^_{Re9ke9 z5>M$|kB+Xa{8y;k>V6!&X|CXJEJDwcz~eiyK@Nvg7{)H`e$LOmvUgy8(^a&H6GFZF zYEH1YY#ed8P(!Cd>7(;PrhqsF3MtMA2RyY+s_s_zFS-Qt>B%2NYET^0CmT$ z4HXu9e}%kWkm+`oT7{HF)RkE|6+w4c>&Jim@~>Dzc5K5Y9a@PHe@>;ik2mIkFMP z<91VTuX@e#y_JgFhPN+V0@JorodFmV~k}IqP3=>)#b@d{f~q2Tjs+ z_WN9Mg)Hrz?SY(Q^Q+`VD6^CrWU$(`)UZb)zsh$GSKhKUI~!d-)Oik>Zt^@jK8FRK^sp1iic(05?f?-KA>?yCqODxkvTSYTztce;Vp~UHzqn+$p)?=b8&~lrgKcM_YD;?x!V)vT4G|z^ zNfg7B=8mrojqFXV-y$oq67C%19Gq91{3G#piQ!L<)^>W##!UxMVH8gn-bcygfzWeD zDlwD~*T0CK67a^Y;oUIBac8b+@sQ2jzlZ!X!sATY6c6(<^v*qN zE<+_YkCMDc@aERfSdp!j{=yi#64+u-`Sq`)JO|=a_B$Ove!&uea(mRa_Gd(A(DqGt zTeh1(k?n3^5`luHxnt}r=kM%|FJIU6mGj=o{QeOzH@**F)YdXumZ#AB8&T6PkA>}Y zo1L@RA_Y)7ah`GOUoh)2X!=}NnswB1$s~$QWsf5qp8k}nhciBMx7MuT)g+gCLuj)1 zQUJlh72Gqx(tWnVW4N|P-rm@*h(3YT^RJ1Tmb`6kV}{ZXv8Wt8r%dfnyK z-R+bMJ&l^k5<*z6(~sfJY*LZ>hx<7A&%$~yg67jT+lxy})kY}H#Fs!g9+~6yub2KR zd`H%_e~2IOl6X1o7fXTONKz6v?euUu=7k+eaz9Bt74as+;wOOgJ$lSqt?U-j#djD1 ze7DDZb?;vwc&aG1FBD$tcFO>q?u;^a0Q5hOXlq*>@|LHbwVdxg>pjPr5XflB`>l@O zrBTr}EjHg+hQn87)9u(6H((br`(yH?ijJq!e+hmj!=l-0-Wk+h9a_p=#v9xKRl6K| zV->+_9x?FFyW;zg3wVxeeIojFWVDuM!bnel!kb09cRA}12j6%n$B@_??K4-k05o?t zt-|C20rl(S zk~WW8bb6@L?`QilN!3YERPgKXQy8=~+BqFc&ev7eBbwnNja`9ki~>b^ZnNP#MDX+) zo}CM_tb3;jq?K>~08p-k#m>(x(mZ9Rcz08|k5;v|n#Ndm66Xa;?hmN{02<5JuOPO# zyS&l$Yiql9P{1kN0QdK%&~o2%g}L~J98yIcz$jD&4H)b7u2)s@y^Y4L6jrv^C^il4 zjP7clL>|cqgnPvRNzMvbQFnzo6Df;9%^0a*dZ zMq$YnE-4x)*!k|}=j}G}TLn)kI82U!bj>=#&TF?Su*&OC!rmEE6$Z>b;c<7eOKWv{<)wXQ^VG9 z+g*$es@Up1J$Ndh?De)2u!WYu6f!PX?uHX!Dh5i?7NDUtamH3iZ@VO6^{6rtp8=hD1x)5Kavkr_=wX{Xc6ZTVZ3&q2*b9;1`cB^woV z-5W}e#X3dgrS0_j--aK=NguBUzNFXub3cJ}G}GaAe<+3)n87*5de;T0Jd>8XRctT^IO;3YhQ|b@snz%g#2SBx^{X4rY&@E4 zFpgjbN@V@-!oKFwHO&V8c`WR;y*QLm=*)4wNZ@0!su|eY>JZx%K4Qi*jl|$L<6FzD zTHHv{B(Y4$aCWdf({W&tp>tzztXN#>H*x0HPDT$a$2k1!;7^EO3$DH%c%H)6-K2+3 zk)C8ZGG{)gKJ|>FW2%>Aee3%Je$m>O?8otg!&h-$EPe>rW=k9R=4`_WV~xdn0($1Z zuzezXT~kW3)$DHUZ)`3QOA|vNZOD2aE1qkq=*B4Pyfd#ihIM;sytaE*ZLg2v&wBdr zOx3NmOC*-sPcax|8p+41Gn@~~kN7PA0PLNke$_v+z4wgt?J1k$--B3Q>Gu$i-c24r zWo&X(u20o{>-aj?bbqo>tTXOAE*dF|DCN`u*vD*)Q9=qbmAbo}bs%v}-)0FLGOSL0 zIvT4iYb>j^g7c1gS9Lze45^i_Vt6-TgBU!M-kU2VkS@Y9Imdd?$*UAPV{jX(Xto|)Br|yl5hw0_o+iUkyTipImdbp(y=s7B>7||S3D8cwk(<^V5Duq$35se zsiW%e*#q{B)jwsg+AqO>6yUj$JTEM%r|R~wAk6VO1Li*8d+@LA+rXOjw!LAcc!$GU zg{HCK&k;hGT6Bv0f|3Eodt-J!hwF}POnuv(u-NZ4EoWQNw8^d?O}%TI2l?P$T0{qu zJ$SED)2}qmcSp6qv~t#WP=@4SsUy<9Zxa)tNZ0WEw-K+|ZZ0>^3*`$8hhIbZSK){J z6u0(MdzIAnT_FM`MCMqP&^J^l;39W{N!7Q|NxdcuU4! z301eU)^(U{atIDPfH>o=c%O~$EOk9$?clnC@k5fOTkj90T%chno|W*@G_$o4!xXV^ z80p1&tT%E+KKsZ)T>b2Hq6*CBm`{CcaXPC?+mz%U_1|b3q*u_DkcOFf>CJUP=w@N~ zuUWjai)2g+j+Lk%=NWAdi2-x*r4S8qC(O zcGodZu^o&Haz~~sN@q0BZP2ejvy=!xPN9Z4{A)7nP`ynWnMoF zS4Dke6p*_i+T?KE=rNRRau7#*9n0I_sy(qkD|a7S>~8dnab*nfJZ4R~Y#IqUSd^{6 zM_(wjU;;bVozFr{6e2jc+Y|E<+JQL_({55LaU9VMHU}cE$dJ148AbN(Kqg+X*C4h1&i#iN zUfHU0+W!D(%4QA&gWtUa6|}4DL@cQG=83G|@KY`Y{#x%qIk`)j3z!bmcP zf(?0FPm(b3mFdr}Ya;S{R*eKnh8;-nK+KsTX)x+@>s8K^ZRV`OR6njLDNUCAgn>rJ zJA3iosiesmkOm%Sx$9LKSk*F#z6%>fv$8W}V?92V@~6Zfhx*K3F^|RCUaS(@NW^zg zFeES?_~>gzGgwJ%YWPz|xw6(%QMb6AgMIWTDo?2NucK@}WJf9$h{5)%GMhK8qIk0E z+tWE7)Z5FmvCt8pPfE^bIhAQ@^18baaC(znn?+|VVOJ{n#}$|u%WDUm(MrWg=to-S zb$dc&%DHFh_*1YKw3w}~tr{#9l}{wpZDP>5mNz@|h8>L{EL@*4K+Xv5T9$ugcosKQ zG7nm~JwULjv>Y9{>Fy~ex{@fF&?!B^J!#GK1DDj-daT(|jy99cR)JliX<%Z?qa=2$ zz^x?BD*#3+IA*yLd1V$zhfit%W!PqwLa9;QinjtH;H&iQO#!@iTtF0o=C687c)rgf z$ji_3tzw2cYZxSwE11v*&p-Wo-?5&=K+s5G93C;$(J5HCK8KWRND}$&$Qw^1jtH&? zQt+HtS5eNwITNnZI#l~ZLq;nptUS1_{$=Q(n(Cu@mNi#Dg(o&CA|{B+NacyB7TKZB z17Mz&1_x)Q#bCaL51NGAu+A&Z{88bl^#tkx1_N7&$!F#FB1*mAKAvp0$jfz?oz$6cj8zm1;{VUKDc?WFxm~ zkr@IDc$v%0%hv;~aJtIP6R|{jAw9s&G_F@E=W=+V^!x3rZ|5NE*sXgHhWtfscLEbNB6gXzG!`T#mT)tibB@hMw}x z1;Vr}2l0B-8QvM$LmY#Oc3@T1CAg9@%7yX8V_M5_B^g1p->IYpi-`Q!#HgX^Vu=(V zm~Zs;pbCzNtVUO_N{&+-L=>Ri(=@<}8)R%{x^$~3ZmeY8ADM&QsR7nly3Y_Z51;8; z9%tFWRb~Q!Id2hNtO#CNz)WCs-oAa+yjgW&sxR0Z&0X0eJ*!AX8b&?Oc+hNbb!|Q? z#!#fFKU#UQyti=ZtgH_rtwj?rA~|G|Me^i_ZcjNJ*Pm;87n^pM5!=Mfry1MQs71Sr zsVr>bo<;Zvq^sl3= zb=^Al$~e~IKQ)GPpVo)uQ%6CfGDB|m?=iT`5*@Lhr8Y>JW&}8B#~f6g_KTA)Nb*Tk8Y<6>MLb#WQhPp7|l4nL~?q? zwe`gD&aTN2IXFG*drN{ln_!Ym$oa=Luov#MXV}4AHUW^`ja0PLq*PSi81$imB>Hv4 zK$eM=4*1~LId^_wa|X~4Lz>D=XOU|udp4kO%_Ibq*OfV@K9%;!8UrdTkw3>uy z>ddEh!^h$%Hl~lAwR z70uk;M$`G5P(JRxjdIEz3oJ=AYKkNI4mxMOHs4WuaQ;FN-81X>);6&+S`yve$$bOG zD34}0aHDqb_qx}gTxt1zvdQF0zy~~@{8x1eS=i;MkFGuy_?b0LGTO%ZE#th1la*pv zsQ&=#4E{CmNp~Ff;Uc+LToCG8uhP9rZ03^G=PqH}B0OqWvG%Pdk_h3BX=1|werlGi zLMuY>$+8%x%D2ogd(vKMuWu>?99L1c7_U%1w2O?ad7s1|2zYZ<(aq#GuMW2yh0f2F zLV@Yun)ur4OPDnam~O4@tl3wX#dme#`lO(ynhhqrUOIU6NcJpetc^vmHy5NR;SuSuxfmXkai6ILYj1IdnavLcfag)-}wL$^c$}i{86SJ3lqRVsN8_{p#Kip_4n! zFHn6n0L6TT>_>X%yiuv!YLDdJM<0}Z0If@cK6dd(hde4|l50;gIRQU>=RZpF$gENu zuoeFRb`Ko(pwdw~*zH0>B*;GMdQ+Cu%waE_agaxDJ?b0|Nt;8(X`w>!HlG#RNILH3 zGwWRauZZQ;m8+&^ThiMY$V;-A_6bwnU z{{XVi^DK^A7$Z3ZeJW_KW3^x=RdnyoVkv^BU zS1U8hK*03+)juiVm6h19832k+kCl?6dAn3~^d0I}yt=c7ebW!K9;!Nztzg2(A*pMZ zMl@qLmk=cJ{8fz>v~>Ze4gk=xd$TMEYVsz!s#n8lIQb*44Dv#hG%xZoW2tPRRH zcN2$b6v{TJEs@7Qhw!d&NEUG-vqK^tIqGOPf-?L;;vG_3KeArB+{c^(sm?nL^{+Ix zgU!4ylQAKI;Qs(RT%&O6duN9oUJ-2|{ow98R>jVjV5fT_E>2EQ^rm4b^ex(6c}%dR zY@F>JaBEGa3>ae!c;dH}koBNthe;X`iz22Q=0nz^i_L(DG)Gk-u=?d{{TPIm_+_<{7Ylu-7-mT5?gU}6ALjI^NBtG0MBad{6DPOPit%< zSY>Dw0HpBU>)hl#c-3t3Pl`A5>2j>LRwmlnkh78eBig(w(^q|V>N_~EVTOF?etLaH zSnp_tXNeNFp?U1n~XB-ipoMO7`-wSIJ#~t>ci;1Fr#T4@Vcl`eVN)Cwb zWGwfdd^WfC#U^}^xyTsmDxZihbsJlIn@ea*e&`UvzE;m-I_81PbCmdhs9POw;we#; z5G-X`8C6@`HT7g#bi+@AIACa!PrAx+x9j;7rEf=XHn|O}HWX{P9(~1rvme#+r)jv5AZe=FN;`soCxCUY)OKI)=TZ zPph=@PZWF+^#>XCt8T$4cRatrw->rpvuT&H&26ah;yE zp;-8h7LjX4Wl_|arbwUYSJGr zAKa@I$>%t%-8WZFIqr0M1>VmzF;>pQo^mKrWk#XeUR&sT&5PPjCypjV${Z4L{Ighp z4?I1t=uLAB`gqhWiytYvl~R2@g=-aU4v1CI?YvuUdNkDIAxO7%T$r$UFeUV2MkB3tf_6Z?P}%2PLV3ebG5$dKC~G* zo^^KynWSnGShVROS0rTQo_de*t*6km+o)sIR%K@+U;uKb)X*!PpNIS@9i%qW3z&5$ zR@@mu8%Lvh)^4xig+3; z#IYItJfcaJq}k?WN8bMcIIeQJv^?@J7it=8(rIyAO=mJL6dZ!%>)xnpw^p7ax4Xab zGc;O-xB7=U3hRu2U*}pz&q5A=Pu66xf3c#p_N)d|KPmUC*U}}uqra0Qt1d^k(yhdn z?0H_1sXeZ#cM4ATIXj7C^C2Yh^c+^z+?N7nQqQ_Z#tumT0P9eZ58^ugKSmQO$t*ia z!D4HZ@kW6NxM^W{_NUFmV47vqX9KTIZfxNaC(4BGQ{KJ*0N{tje*$UtGe_ckXNow6 zM1&9#k74W9twiZZUvcrLP1Wx1bQ?`D!5Xn-oUh+p@srSfE2q=#EOk^SNad5w0AqiD zVNw=6U&bE^t@L}#%lM~xt>=|o$0WOgaoA?O^I!05#}%fd46b7g8NzgKyc(A+Y*o>j zuSI32Ky?cXX)SH!``~ox{HnHrd-iR!$V$byZOQ9Qlh&c>fds!GqDs5y_!w-7L z@Lz^5bPpEYT~BDz>30q%2;=uz;~@GIO5t<3j_7F`uAs1Kji$xKfx>{TpGGYo+K8>wMZE>bt zOz^_n4)~NDZYQQQ(v$3BkEp&R_;Xv(7SmX=Z?$Ml%B>=kgOQwr-xZVLH@1T5bq9i3 zrj3g!Bb7Ccf-=zd%Rkx{!s|`D&`pAcw+25jASH>$dG^J4kB@({b?aBXw3T;+z)<8! zg!SZO(xpWsqA#iDUkm&{W8zowKZCqaYJS|1GuT}rAi3%n9W%#T#3$27Q}}VL z3kw}*%F<+TBu9{z-cANPW19L}>*1Zf&Y5N64Le$nYq`ToaT2yd^u{^-=}KB$%1HAK zU&9)Wr`rO@6#VWC2L`@%@Xn2>_@h+uRhFrF9+uI(k=e}O>eYbA4N{$pgltdn>qPOM zo8l=JJB8H|Bx595E;?h6LB?@jmEye)!&JCSy<1K4^$7m})w-q(UbsDK?ro=2B3nI5 zOU*Y>vDIBt+>OY`mK=5G(zpCacdTlH&r*suX`+(~QMM=;=O9vG+PUAY_1xM@#Mcr$ zK}JvaPo-{rJ>RP8b6K>4>fjOryJMVjkJ6R;8Jqf@w6^JeXRB#)SYAUR$bP#=dh{QL zpAu zSE1c(lZMsv!FUeGPn&i?>}&sOm6rqNlv?;EKSZEgVn0BC#HGpqRHRMa2r z&J@{@cY-sIr9`FJafsb3OgfCwEGOoEx#~UZ+_X;)N2l9bMR3s0+eYTukNfJp`qFId zrAkfcd%uA7zlK_I8c&I?ZM56$Ft(aN3@!lstUC3slfphD@V=v~>e@4D`fbw6nMjOb zk-;Q!pT@YIHrdt5C8Inu;^&9-zXxk=Z=|>UOXpCb6@FAH8Log;VB@4r!zV?BYk9459&z-;I8U{2kUci$4t6 zXuA3Pb*iVzu6J!d-j%&NT?_VysivqcGZHGKP00hbQ@niamO0cmFgdQM(=nAxo&oX0 z;U>M}PYy@p{T#LCt7CH?nz{MjAclDh16P;SWZUleLrchX+iUm&=YHqjhKHR zuvuhl1Pq41Y%c;xDslzBTUt8HlADeM5SSTGp zud2Qbe$Rgsek4yeqoh>=Q3`?gk8&l^2{wNAQPomA7F{$EcM+a zG&b*z@gKb#3}-)%YrXLwgEYSw=(l=h%oeRH$NQ;HRpW8f2hjRcn$XS)%>3Nc?RB3C zUTR(%xD9Q0X>`pPf4VTihv(M6s_*zEzwJ$Z@%!Nj@YU-?o-pv{+i8OQzi5Pkh6;N0 z>sZ?9o`or&t#(aKVq+Cb|SCQK; zih6K=rDN?JWURM2WRJ=XO54bqSd4OP3{-9y>FHQe$NSQ*Pm}>U1CnddjJljv5nd~W zSqWwHVh5q`Njy=yi4};?VcNPAFl`kjg{A-|I%ArG-!Z(4B0tFB5!3RZ%$8TOX(zlvtbtXx1&J{7!70XtkvX4{xPW_obV6T9G z46J+&f2(*pd3A`9qP{W=JIu!if3|vlRrHuNW+Jky>EG(XITUL`|x6H(LBEP2}_#;Q{Nv!-w z_GN~av#ap5cGG9{3E|HY-RjmB*V?_2 zitao|a~z#`vlv)k=Dw$zSa!@Y%i(d`g+3fLiD} zy~{F06CO;%?+?bjS5b~D#f7Y0P=>>+{{R=#y!x@TJ&IB@?TnFcjl!W;BLlr^+iZ{+ zrE(FEOxDyS6;Z}`henxZGse4DJwV{ss(cKBL*iH_`%jkO^v_T_V!dirG(5Ve>*kTA zSoohrw3_xPe%oxSp@0F2$6A|3(UQ+ui2a?e6Q?62dsjuyX>5Ie;X55H*s2g=mv0<> z(^*=R>Q*-r!!SuB+;-sf9`$f~oRZw1PO}=IeZa>ej-$PGS_*|&QzG! z49C=;YIWX~s_Jn;sc3qY#e{`}6=AtpcLaZhZDQoKJDnQB;`Sf2%W$4)7|*}GdpEX6GY#* z`$3&hB-qAr+L6&EkqKfwTQ!T^MJwp;pjBiD!0;FvuWxyCD~RMs)wlrXuhx+6b@ql| zlw2aI{S7SkinFBcmB$->s5Febmu9hNjcy|cXL_36+C8~s8~S}{F6C(~LrMe2xzAj6 zuSL^5Eo*tFv$GK0#yU_4^Dh_aLr;}$)PQ~KnzN5lcQCgKIv&&+%Er;t9!NLbW6o9| zO3c(JxNV8EcNir16d91)p?o3vTDqGnNFxgKfxj5Z^q>hN`!%Ki0G#lErvMu1ZeWh( z7I+*K=tg*;mAQ#JBA|_MaCttJTg`iPl0Icqz$8#L6D~;QjH9}%r(9#Fy=_}f65*q4 zH}asFolTU+RA`)T$gH{B7a>>?jzu#f<;0*upDEq^>nqDy*CDo=0HGtvZ;(r4*0FDO zSG84{iD-vjItoKb>FlL{COMZ32nQ7_$-5*Chcpz?7WQ?{!}9eNl3+{Jca45-N6^qH z%EvK#14SzD50yW7cBjW<1^Ih9kuC_4t=@0Jm zhrMiwl)4&rml2j|)DRCCG`D(Wh0Acctfb7&a!aqWJ4Rdv9`$cezLMw6Q7K{D)EbZp zF0L)-^5#t7{o}ZWN(XMtar`uN}b2T(4nFe5mAS7kdm&`;$HD8ylao z%CNlKcN}adgGgM5XAE{Ofu{tv4l&0ymvK5{EWV01Q8F$*IDgX>)aJV$O>b{^TLnCw%U=~db#3%A~}<}VC^m9WIpY`7xL;=Sw% zG_a{<7zIZ)$FhdIj@N}^K;%*^=(P@rBUXUiP> z(^gqGAdyfE`g2Ihmzs2KfFLc{(~8`EV*j?I<9-(2kTq_+kkoCA(U4rq}j(_jeG zZ~6T*RbaJ+aW>U5FMMXP16t8wo^7}o^u{Yj?SwENEqZhYfu4DFx@k;~qjq}^^^bU_ zEVotz?$b`jkY|``ntU3S$Yi%LxhHW0?^gbgqf28fayV5%=z7+XpK-}(dJ@R2gZtj1 zpo;qH*~nQKpglcm%!IhqOp*p=JDabyUeoRtLe}oUcfmXw1X-Tl0rHe6Z1t>bnA!q& zo(~!9YGtq+{vWx5+TuB6R1ty(YuN4@#%()%FB7v4gB0Vi92|OTwZxJbm=JIX9cqTD zcJ_or4o4i*1D27dOwAx*wVLoP%ZrFxY^r(3f2{(!(`mO+IYqfdWggu<>!+F&F__?Q z-S!=gWj)2rj%H~7%HZLmV1ENnisVT$dC{)J_lO+Rgi5*Twsx9JX~m01?X!&WwAYef zG|_5OM{S7{JcG__Kr|I!VMdMBk5ENo-&@TThCncK2;!G05R1oeE$S(WsY1@skjmrRtz|X_oDPyGDtp&gr6=1zbtG#c80Mf2i|Zt_ zQ6d&W{Hm0V46(6U3b4*NpbkG#wl`>Eb>6u>tDKL*Rt+mVMHYJUI@3E5VZvq-1Q1Ap_baUA4# z^V-Z}omc{Tn%=j>=YF+;k#TDfy27uZ$Ih9Ux>MM`c^w{qh$cm^>81xk~iD#DUT4dTw zGo;}wyt5*w~~9@_fIt@Xr_OMpRB)YpgIcwXa9zLgf@ zUoUsdp7a{4bu%?6wFq{jBOvRaQC$7?#5WeRT1d$hqzvvjsdBNjS3~7L9qAI-O>=xp z7@78l{v3N(&we=YZNHB+xh*1v?`MuC2^KkGIl!srI$*4P5qqX<9vi=(Oux5#JCx+E z;zEq{&35`8w`FGvM|Ar)9e^>$=B#QXWo?nxrlWSyNMH=n6OF2KS>I_{q!Hbd4?Pca zTvFUQk*npit|OF8HslVwO z()7!}Ez?lna-fl(HlM9^(OQ|D{{V*kO{(~3Tw8|JqFZpnJa>~karxKWz7W+cbxSzz zQeu}(p|DRC>r&Xlc0C%*$2k_a5s74BoP)(W`o-ZzPy^-)Btzqos08>x`_dXWL&xrC-4;QOM;S5g6lv z+nW6&_(|gJ8^n4&xzl88Tlml!qIbbK9YFjIW`c7*mGH*1FuAqzrwJDCoiUxm>t9ak z_j+yht-R?VitZ&n4_2*{IBH8%u+itgX5RC1Fh=V2jW5J8uaRdl3vf;W>BV$K+~>2o z)jUr;WIKN7^{+M6{3)f$bkp2S$u2Y38@;KTCV6*=bjy1Sf^7H69^Bv%dHgGhTixtp zG0O>4f-zGhXr^3swVFMw-@HBZ$gFFXj7Su?8+iG<*DTjk?qtg7u2XL2J*p(IjO|xk zWc3vUxt*4sX$m4n?Vc-seGK_8ExP58P&uoFOj|5?LJRoy7KV5uFoTs0dsn$d6j7== zjhGlC99HmJi8G(^B$r8M?`yfh-sO_F;EwiV!c7hc1flTsq+O%Fvc#=0vNJ!_>gOZ~;`>P9Ew=x3BCUQwX zrB;Gdq{>4gq)ovjaDV#rBQs_@%{ZWz8<^dB%Bkpk)#bUhc%YWrc$u;D5_uFFD0ebv zzL{hgl(MP$NF6EiYV*k&!6K}Y0DfcG&^}W-3pg%ddy82jWFsSQ8?)R{&er8o0Yy=P zlR;N4MSE}x$s@2|dg&~Mt?Ct;NZGOZ8p>=8>#wuLC(P)hpvkJcqw^Ch@_LT-n~2k~ zO6FT=+0@D-Z1Kiwj5>osx!P$6#wny!q+YkzAt-=1%6Y->T^t&jNb?k=s7oN#eVSbnPmAHskk@GmW^x89B~sWcv@D z9)EME$8NHlXJ!K@80lV3u4{U-Pc@V=32oaui5!omVm@SYSi8Lhy1KVadK$@s{{T_a z?+Tl9Bw_ZFYZ)=v=`6KpzngF^ZgNI&cJW<27eXaCV137P^rp#DBU=X0U<+Ur?p*xrD%+(Q;B++k8KRZQ{Iv4|TtfKIP%CO3Dj8#0$yqttc;#rdo}{=L z)7eD~&9!8k=qefXnC{S|UThyJ&g^n3xeAOARBT7Qo0ID`&zQ ztHY&2IV#EXLO?zjT3P-PNI?C$yvbLwCT1t~Hz{N4Jbopz@wV#JJwi4<3 z_KKoOgW;3`k@W+&KcxoIg_eh?Xr3v&n#aqyVzQk1v10%?t}E0&9r*4&D&qFdtzf#1 zz(Ev?$UdXL6cZv{U2R(KbP>dkj#x0{R|_QZ++Rlw!5JNh1&4YFQfFCX@Xib8yOP4{ zKen_RqXgkY4tXEf>0d?oYfzg~@Y-p6Eca>lDbbcF!k@hOp_BLR4K!HeJK$yGGU`w+xT^~?Lx{Fx((+ESvk%*ALr7% zYTHkqZCJqq+#6go7hZ$VWAmXIsarwUeht23Yk7GYdzjq1{J6l$#dcG8hgh@FUJF)l zC@Bm(57v-CSRNqTyuoK4ts4Jw5u@p?Hf-vDNJ2l3A5C70y!|K~gi2 zJ5@EVgtk<-`$e6cFDQmMQFFYWIQ6db-%)uYX0^GuGOT;hf_An$dm1AS;&(P|yjCOf z|bwZoAkMsUgx85rli1Y4k=5`SiUTWbgL zMun)ydn5!FOtF{B9P&DTHS-3A;;0hw^y|2u+cTK(;N@^R+&g!qoyTM7e*}1|La<0} zp=(K80^euO3k>zedi0vMgRD$1CANkL*y9`U6rW0~2Px#=5&T7MrOT&DZ#AX0rMTN8 zk&yX5zm0a@81WQZ)rg7-z zX(W8)X9SKh`d7@idiJ3frI}%o5IZ>M?$V0X(hpPH{3mTci}XD~tgfM%)(Fvbbz z`PYN^1HqcMq47r24I*ouKH@9g#eAY;9R1?mIrR6dxzicg{lNamJ|oa9blr7qA(3NL zd~>;g!DIEWGSqxEZ{PyV_Ew7$ozav|8`81#FqFCQN?Z%q2wxnyNNvH z{xyr?tN1l3g}Opyl~;J!Ib-QmuVbE4)Y-VcSZ9ZNtHP`gm)(YW;=WnhhQh{{rSgEXy@u&PolmUc+Mf_2+SwL3W#S_{)4MUkARpRGZz==P5;l_N#w zkpBQOFe4{#rF&O{d{J}#on_`+yebAC=Ey5uFjiJ$N2keq4gIyekrcUxQdM?xcY0uV ztZi#T(k^tz7P@p6a{$6u0ET1kJ!q6f?{m*Q0itS}9;2z0jx~l?+J`%fMgZ&iR@aU6 zJNx-f>@%1hR0sKZIjni@p*+m;o4*O)&pS(}-pXYiuy7C3wlweUJ2h)Lo#YXmNRkh{ zMPEBA@2S&R>b4f~vA-rOVn8ZK0=w@B{5rgw#4z}?!#4tZA2j{5_lE&Uz`*)}Q+}l% zM0`!N@Sd%p+F#sU&7y0m0FLH&8C#MD7n9T8zc(kg@fU%7N2uTGt1Q|*#`zxR7Wotd z$IH|lRuP}P%^-_9hs8Zs&dAy5dfnaDpCI0_$tw|q+=}F*_@&}mbm?^cP-YV3qLIT7 zQJ$auYNcnPQi;l3wWaf!nIug2&JJr|PuK7KGivts zJl;x&biv~}HIoEhVcW7W&fISASWjZ$(dnKQSf#wT)1gR`;HkkUmd89-)V4nhF8o2F zd5?J|q>KSp3`T2;X`PU-%6Q+zKLhxyz@tvR*R-ha^hpbCxj-01I%JHTQhYsIdrui? z`lXhjh=2pJoA+`Kz~i8zlx)o?`Ykh94Dl zO>02Yf3&8z()Gh3iS5|nwgxwThP9_jbtX;pJ%w&s>N)0yW-WpTJXe8P{9e?pd~F|w z^-BRQv6RM-7C}?~(E4{3(xQ{GoKv~>W|6N%Y>{LUwXucwtb>9Ik%M0ac=Gz!!(Jk} z{>X7^%#7_EYx2kmKdx)$vnqC-&r=NaF#JBY`sC4GtnvAd*eby9U#}f0pB8)#ZKv49 zsOhpeS)vSNkL4_SAIOU2!^+Y$sP2ypw!78zDeSI`rOv~-gB)afWLEzGjJ$Vo;;UP2 zGDt0L?UM&+AA10C`d86V_)jvWw>Vfdi<{9N%Vybv+2{ryQTw>bG1qDU!}hed@26`2uyG$ zm1h;3qKMf8M6cE=w#r)vE_)8`k~ zk=#QemKiW(aCmC<(aPE4KOKG;!{Yrp^~(rix7Y2{<(N6$D`TAV>0B@DJ^M>*KeHFd zoiD}Kn&s45CB*Sr-q@=jE>y@2%ulB^p3LZ?&+aF~nzx6%S)h1(#$FwoJB=Gxv`fg@ zTrfhzJ90ShT`rL&-kGUe&uMb;9rz&hVeed$k3*#T&p@4Z8yM2)jpcg!*XEb}6@T_L zf7;9TW7da!v4 zm!T5LoP<)cXBo#Bs+SVWAZN}9^d6O=4mKo+qsAEh^j_5cMWL@Lv(?T~D*=Yb z*17IC27IIOcS*O`@8h`C;7Rm5#qu>2UI}mSar7taU(65u6hHQNy!db9X!VUM3AH;J zCU=H-!jIh^nLYc~^yOkXdLNcjyE)tgXCz>Z9u6ssC(7t|4A){YoGepmBVuF=^G1C; z(wX9YpvFSu^{vch5;u}qSSmKu1F`8*FPC*97G2Mp4AMF~of7UVNH3z02$&P=)3F_^ zAO^^0QTKTOcc9y;8J0;)f&c@KMhUA(pr8-VIiR?^79($&8)x0)@ULX}9r2IEf3yDp z#t#JiW$<#`KBJ~zLT;j0E9YC5!-8|uZbm6}xzzx;Ku5n$NB6hzbK*aP{xEn8!Cw|U zHL8hpFA>`;vPUKXic-Ai@z3L$^|qH)&@JzDm;&D1+m@0P2bNyDbM)_CHYSys(+PAs zjVo7!Q`7DBBMi2ZumV^m7-T)cu97S8gd}a{Ob$@jk5&goHhx0?0Kr8+W>`FV;ja?O zVWD}F-P*O*n=}ItZFD&}KbXh8e>T?lb3mg`o;#Q|n?~|(p^y;K$T&IA(!9FSJ)ASp z>R^aX7-<-9$I~=H6SRR!?m6LyQCU-VI%KYnf=CkL)>~O58OMIcxi1cC3*h}wwY$v| zGZx*R2R#R+dbC-=RtM^*?D_EvPw{n~ww^B(YD&t49y7;((!TES=YwXuxk;fxGvsG# z=RZpCia4rAq3Mli_KW50WR-f1W17g+tzK};cp5cffZmm)V`GA7#qjo_b>Zz|D+|kr zuWYB65i^W1IOu)2uco24(kIfBP>xGVbyAk*3iijXc?A3eq|%21hTcSl!UFq7Kr|y^?pq@-AFL7Vbo-EK!?FT zWeQYn2DGmoL`vBi27n~f?_LxEio7J}=~D~n3osF$y=W;hXSv*<#B*AfJ|(@kwJE>L zBO|XSf|ExT;tQ13f;+nzgJ*-t6-LHOi#Wb{R%qDZWOB3U&j-h*D_A z+^nPZppu2Hq>@UbxHZx`7E>IF^A3~+h)f1WDI&2Iq?3zSw!^z<7{vm%q)^EWpt~a> z?g*$PZRFv39Vi)Ib)H2`DBK1Jq)TU20dk^(WwEb$kyqJPr&cDjFGm+@Y;oDPd9oUd>ARI4huF*8`$rMrp zjx&mf1WDx@_M3fecvaIYjP3`mOQhRL6i;yr;n$WO>pKY2SC>)Uxr0nO=e=IGi^^p) z#5g?r)j16oWs23L1qTP7yoz*o(%Q%*w*j-)p0x(N=(`jb7X{{U+eZhAqkSq_kg+~g za#zxT=0jrf6Bx`UFPpK&SGl`u$dh7Wl=JOOq-D=<<|#PK{VP2*s|%t{%y^Vz4d`hJ zv!S%Kh6s`onE>M^lK#>zPnM0wI#6SCms>#urT)*l0qIv{h775-EKrZg&;+*k0w*!Z zeq3UnB=aOG8{`w*^q{_L?pymDqzOX@#ZbCO8-7CF=o*o!Yk3j35xFtA;|8c)Scxtc zSe0Dy$m^N~DRwT;x_frEazl^rA8yspXx5Emc_T|owe_wQZKiFtJrd5G;S47tHM$I_@~)LtbKxj+xTdsjcH+==Eh4!)VBM7A?T^OOs? zd0FQ*KlVHXNjw)a#Uo&{=Y#Yes59kaSj8jUByo}#I4$X3o%RVLxAPU%NL=&NHJqca zgHUG&s@`2R%M`K4!NKCRV1qWuSpm;OinOdtM)jCSh1AGn%dc+IX*9bt3ILAzmwR+a#NabQ4NS{4(KpmuduiEX! zz0ofH0moY9^}RyZL5$qqNXc)w0>Eb(^`5VXkVx%Gbrrl|$qO+(_~}Tl zb22-D2KO>{4G ze`l;Ol$MDLE_hIS9@XM{pMq9^>TXc&u|6+Eiyb<22|e)+M-gpJPYK3_8*?HlVm}7H4HW z`K$i`YKkGazU1k}ArpD_^1?nvbnB2SDm&|4%&ikEjyhtRKw4OmRt%>j9mQT>lmrXg z6}muNgU+^flOHMd9cb75MGRK<;jGU>7^3v|pj@U#n|on>8J0N;Nt}Gbw7y1T^Dakh z(r9KMh;+ocvL-bvFY~Vyw`hl{00YhofGj+n*)C&!sa|g7L~ovLqW%@g{fI zH1{qs?rdq7PZVkh5-~lx*2>(5f1P&cwm3D)#L-S>m0YIHqqjAhZLV5ZDvRag=jZ0G ziV`AGxyWkvT0ChSw@}DlCfoxI4330XrhEFRy2KCK1XM=hKy9AxA&lhV2i8}^FPB9ODhdT*|i8yGj2c7JIwH2WoN?HKD# z@}*!lhU9guWFcdQ_9c-WPI1#6O=D|%9Nr+XxzYu^mkz+N*m+U~OFANaHREpx&!g)G z+D5v!I3o@)zy7-BEabDW@@#I|ADkSFmiMe0Iu38dT2A?vTUioR#^oqFdm7XDd+`SI z!rJwf$v#9;vZK3mxM!X{DkBnQ6ZD6}UOc+F`!vZNtJ_Y#Vw4+p^V+_j@GpvYNQ*I# z%VGn1gH%hWbLt&8Td-SL*<;_p$=%kYeNsU(%L*~W?jFBNxEM~Ik5usIimm3`X*|F= z?8l{F*6nR|7zfBa(f3=@wIRmG&zh9CS}wA-&V23iZBYIH0M07Lvu-XR7fWWaG3Rjp zBSR$fiA>1M%uH|U4;6)Zb99r5T20B{HO|IO1oK=Jcwt#EMo8={t%la>SOmh|pJ?FX zfenjRSYOJWk|_cCg9_;Fd_Z!-H#<*Uaw?-6ktL~S3yoRl7ZL1uv+2!taColz-5p(b zkOl(|m8y-3QL&*WyCw8qRDM?SF^prH^DRp(qA6f$Yh#?#2gB>_k$=Fj6$=4B|{s}{D6 zJI2zWB>bTDsjl@qRzyk0#{(=_F**52117ISsrhh_#Be#| ztq!4ljHMo`Bqidw^HerE@CfZ)4W6&K1d`c^4TF(VEhQZF!sPY`$QS0}vZUYXnk4e`=BC zg^(1^1}mo1FXoArKxI?T4?|W`f!^9rYan#_Qe5Pac&kiAxkBo3(1V)JY#eMvA&nT| z;2T)XWK9!XA(yZrU zk}R>u92!QDT9srC4pG&&dX9wF9pujwDOM@Bo_bJfnT0Lg==sTTFmZ#{wKS`?1-G-t z!yE(msasJUWEXEa9&X{ZVDVaVLj}dWaOJ~icg@_^kXoGWbUHl_zSsf>|<0?PxaNgL!j=9f{tym5)8k^8787^+gRa+p%a_b{+7%J}04 z7_7OVapZ=b@TVl_wLW7=#MYX7dwV4)+wK^SwI!_5OB)Fz5D;>uPInJ_Iax*MBUIed zE=zPZS5k>43b9Dx&N=8oqU{dH^F?Fe>EZDW?dGX&A!SUMmLQ=B?te<^JVoJsCtQGQ zI%v_6)lxQCfCnRjHjexsYWGejrpGg?+glqkWqU5j5ej8^+A266$4C~hW2iOhPzhyH zIrKT8i<+ZE)9-=1va~QcJKyK!zs@V5v6n&8Zmln`BZ03KSa5@I9XKRnf%4x%kBIdc zCRuK@(bY-$xGm@j6~$@V&fAL=y@2hKL4sE$eRJv3fpS>-7s0xHj;XBKN;NyErc!ps zjf8a_jeT(jv*GD9rMJ{(iU~;we{=}i2VKLQ))H^1tb85u7Uxayua2&+^yo&dV=UP@ z`G-z2zLmk*_-fZ*)f-T?2TqT1Zzx~~V^Pcpq{nHfcxKu3`}wbJSVjzHMag0Af2~pQ z{{V{abqm8`adJ_W_QB>38>g>oqGcPIKM?Smi`fa*In)T;!oh}d)OM~LL(^YO)gTDd z-Nz%~7GKokwP^%r%6rtB8c%Go%@RA{9D%_Y>6*w-hJS0ZxNC_mBZb2RRzt>paaUkb zXXod{e*}25!8)F+rQby>S&${PmdKSmbKeKkAFVUPy6(Mk6lpujeIl;hyL`)z0H#`j z^d6C>$FBG}*=||yBSwl;k`kf5nd&Qp(X2JQOUJc}=1EF!*n@>2j(|{Y2%50!8lAlJ zTHZl4SDQDHwBRq+wR|(;9ai$_+s8lIe4^Nd^>OQ(4dYESqQ3E-v14g9tfp!09Q@ck zjC$8AJ@mTOoR>CiWF!H!Fvvcig)U@6rmj+tPP&qJw4IVPjxbxyY#+?`thUoHv@L$a z%(weq=MNOnjD=ih1pbuAZil)50K$5)qhV*a+kkSXlk97i_<=T+;_G`YLc%d`a~~|t zlG7Yuf;)Gh&QLS-o15!hItz%z@iK5!XE^s2avfU!O><7vE^b<9h;33%HjIwGy(l^5 z6YUKX#@a@ypkGIM98yPdY$NlPkIFXx01xF~4(oppG#fM zsT-$Ih$jT(`_!HewND0K`B!XYv){Bba8*Z2nHb3W63gPAlOCMbkj8$_WdS_FmSI%< zUGWb{xL8tHCs+)t8!{;?9(c+2tXytq%VVs%_*W;1{3~}Bl=ixfn<#zCGrJ?G&o$$| z7x+t?m6u(%fp4NO8yJv+xF;CT;rh~DjTD6OhKFZqXAQ5}%yTYToc{nA_7%Zto(_)r zpuJV|;yD5(9KX0VN%b^VXIo+6cr0z^w?&fNK1U;!Zv0eU8Sux5wB2CpHaB;(Mi8mU zIi=2uvN?~4UN7-c*PxQ)Pf6hjvH75l^far^J|%LFGu<@9R^|)GT_I zuNAuJ*2dXB-+Yk;aDyE`A4=!EA7icCd5fvRG;p-Py4-TxJ@HM<4gUZf*~_EZwf>m1 z-P>0CyD(Q8tDw39SRoxz80^)6;|mtrpx+eAczPO@}XU{!EP1M6HZ zji#WNuNCdIsT;Nws3#-eu%{V!Gd&x@9tpM6d_@km6B%D1By4z6PD!t-{vmjZFCFPn zcxGtY3uR9%CUdtS0!QR4LAdIC(eVSoJ~{BSMw)G{n&~)Cl0d+&M_xabat)?fJ(K;m zFZ9(?L;9agQf0+;EqGU4O&k3d-#C$WZ9#xn(z;&-{A;)PY2x&j=fgJo-MorRhFsyZ z@}I(sYHt|a`yWF1?w&UL6Wi(E*pf7bToaElp5S&I*LCqBuMUWddeSQ3I4ayXrVphY zs2wxlZ;2X>>_Nq}Vq#R1?08z|d=IW_vqxs~`PO$M<{$z%&ILOdN|HTOQu|b98@VLd z7X-2NJ!|Ms3~7EI)UGzY*4kk)3wKYNt!282@2fqK7-z? zU06Y<==ZTf7_t!$l;Z(<@l_N-^1iv^{{S0kdXbXPT9VjDCT)Z{JC1Te9=H|m`X|Lf zsHAZ=p%vDtDuQD&{O3JM6iPN4SJ3ZmFLiVebVQbI8+_o7S3Qk)E#oLP5pQ91ATuh2 z;0}JZ%TgtBb~|l1!y0YfgWXB8G7d4E7CzPEmln77ek0YaE;Omq-)i}C%0UiK_kNXv z(1R;o@crfFYiA6C2O|gN{#ErS?CWD`qG>m}PP=$5#IWt$ql}CYTk#cs(@PP|dT)&N zD-9;X3w=vVwbr!e#EdbVCq2i~zBu^1;y;Eu>~@Xe+c_;o)<@XpehUMPE_udllA~u$ zBxv|c_CU1p?}u-7e+p{Lr0VL1SmK=JT!E4WeD8hWx%6{Arndrl@kr3f8a{*)Gh9y) z*2i+Da=P}L;rm%-x6^K(>P6%3ZC}7wn<2V;hP5zCAjsNFXL0r)hwEK5s>ztth&{Ut zgpIKiXB>~`UuS$X_&ebL02BCV+-o*cd4!gN@;Bl)$3i_TtwQ=7lJY!bSJGF&UNnU~ zwDRpqFi4>7ah^{#_Md?Kb7A7USX#B<_Y<&^;^g_! zpo}(oIQ6ep@Na`WP2+tT?(`j63#-2{L@dGir{np5g>%NIL!m_T&lYHxI#`y{^3<&H z9kQbw>~8hw9|V3SUwBtmi%PtAeF}L5Z?I>{UsLVxU6f~_y`M&Xui~GFejE6sr&>vf zbo-d%XNu_*262u#{43+@zlSn-GgezIWbAn4W=n-lrI#nat|})}k=)W0`=3?(8PW9} zUMsfLwOfC(K)aESa_Dddefg~q7knu2e7APm?w6@Z`klPqY5A~s9@x(!u*72It;&s~ zO&c)kc5rEvNqKc|3d76pd~Y6tz8~>*_`UH>_07C1HK6EOv)u8D#}NlDS*$FMPfxv@ zPnzRZfIKA+&9|Wfsp=mTZ}lY>S61SCPIj|D-UrZB)5CWrrDSo}caL}?iWnPi2weXF zTHo+*g>@ehYM7*4b@~PS zIs8EW-O(<*J9i`8Phd-Zp_c);`=i`(Ueq=`>0J7VT*P8oA&qC71Yw3oJMmu$d}a81 z{{RU7r*o^=+B)fXMV*>Bf!OEQ@uF)&={Aq(5B><@`&%!LJ{wQ)KgIf^9}wwsZL$uB z%n<>=KbLC#-n5-=?b0Vu9X~qfuNyPHPr2-$4z-kM#-7(Dr9*%T&lT+nbS$M?i4f0h zz{fmYrHqUb{(FkyB1iEx{{RJ~{fo3;+4uI2e~Ld2^ov_xhh8^VxpNsIAie;W8+r}d z2kV;rBh)SLE&Rc8Y_`)c43(}P(Ta-M9P{pTaongXW{IFKNCfnyD)8XD?*!!LyA!d- z-H4Ur+{&&T=b#-btHSb`5UTsXb%J4 zU0dGhdW0hW-X1>JXkYh;{={Tg`b2mm#~u*%_g#{6nTgIXLB9py7b% zdlBlUxobx8^g7~&(rsXZ>hnaES{b7o&=J?%RQ@8<9%yW?qIHoovSn`H=Zf>?u}93` z6g(pht<=!RaS79I0BD$uY;)W5ug!1Tzu_&f#P5d}cDGg$wzZ{3;5NRto!Hof8fP2rws?ww*)7$})1E%mM}ow60c>zeO`u3=FWoGIPUB$35N z%D4fSC=WQUh%=R;%;=bHrMiAq5C}83<-yMtL`ElNr0V8)&u(W11E;F?IS37ZK z{huR5*Cyv{9I-!ogF+^W%yCLaz~>9QjGC~|vMeqchh8WGNZgi;Alfm=^sNAq6p}d< zl`2)RdwNiGMqN+nFa8LB`%|Zx;y>9V;x?n?iKY8zhHfq&qY=z%dt(EE*pc49rI(jd zv`crnhFJA058cW@$#u_vU;ePJEM$6}F=ts7%sZ{`ZQW+FxEb`?-u16(c+a{9LFdHT zQcqD{1!d6cgXmfDmV^HQ30H+K^yDDjZ8BRDf7Q*7-MPj;D*jGCZm)$>cn9L#J~6UY zv$fP%+iF(ZLgIDK94P7DyxOSsFw@ZZ?A;C-3EAmaZLemSAV3mO*!0{hmdB)?hKv`R zRO1h}N2Rr13=+)Pwi#=jF#m3+yZR zSK-IRNg%hIWbi%#T#>_jgIb@lxJEyt% z)faOC*1QkKem2tEp^uxsdlgMSpPymI=5 zgUbv$^b8bQ%0Q95{*|w@B2sAk3&C2n(cJ{Nw!jC69W&`()NYh2NLQY`cNG$WlYPcs zPY{636l`0rae-V!mo~m5w!N^sv$vaPP-;y5p&pT?+Uc=KmbS?Y9!OErwH9fSht2X2 zPwPp$4l^}A-X)AA=oyCry$8KQ)4)-ZHp+J$#bR0K_jXG@qVhC*)mu33)#+Lup>6hP zmH_awjA6QuYCv_XcqK)XD$c(BYND#iDP=kJ#Q;>kXrXYwCht*IE^i{VMKUo9o^jfM zH)C5V?NV5P&NGl|jm(gnS+`6hWf>my0nBOF=_zzcyW_2IM{sO+Tsw~~K`c)~Cz8I~ z=)Ch#M9j1KS4A?Uf>)vUpbdzX5>=W!Fs)YGa_XZB#+Vf@tB??iwG?|MQp!HQ^nlj$tm9S_v}og@^{8To8kE_UKQe3Nhj@9MYI_ws=&u){dN_ZePGCq|Oh|)B)%eE35 zg_k2fwb{q1i5YN5JpmnR99Y~<5p2?bu+-TkxwZ`(Ix>O59jJ;VEj&d$DI_j8uTGVp zcOcXwd1C=utw44w+1k9xwLqD;islQU5siwI&!t3`rpvK*?M0I`l1GI1tf@SS z+%zK!M{in^CSQgoi~_`xDpm$kN$o+IRx3|BX5S*gA7Vvw7uSPL)E3k{T%N}}s-qi$ zxoxL4-W{Vc?&M~yU1(on0$8UHDeAtpUd&^xZlz}O*sAU02fZx%jhURmac*NE;5Ill z0x&P7Fv{j6-5L9*{Ax%wBGRaJ+0b!F4vi8vQRb%ad{;B9+@+RfMPnaw0ph6v)98Ax zoh^!qm0n^q^LP4IgX#$qf1;ueeJfQEE4|Xp`=kLMy>7#A1h&d!lMj#1vy!kJZS})j z%&6gm=e0#~s7DREJnFl89RC11g5kND0$5KGWOOj&s*k%>Bb?j2!yAc{I2r9u#-z<@ zILzo&_v=(v_I7qjkVzNTk&KEiCvGX&clslt)z?@iRTGYZKai1lEt&?Xa;w>HLJ{lzUR2OS_g=hC>>HGmk)Nni5%QlE8|?B!kET zwG6KklFGn+D>+M`5-sA!hDezNyyI}7SJ6t#lUJ zR1-!wOr3qw6)I1=685OKzD~y88Y@k?eh-Dn8 z&q^b@5Wnx3D|ZI0WlPB-mBYfjM}KotS>4AU4mWUr3Z6s+-)TqP77C%@A4;zv@<~Q; z+-HiQ8w&v`VmA6!uOsa{f~pp7XacFQ-5W(TYI|UgD}mL#C2HnJDG)g=jl7SgD*DkRJa8SvyOV?dQoQ9_f8=$6P$BU2IE?bc-a%> z{zjsKA)9JENyA|76u{|IPJ_x*5|HPfy=zX#NV=175FB;RI#$uxP4p{j3pKGZNf)Te z70gW>H-N%GZhIPIB(>6@w#X^V(iKgoNBl45#{6F?r?7@=C@+r>1KuzJ~C93`y-RUD)MUGr1LDl>Q`d%yn#-hhPGQAmx`<;)Cx4@Z6xjXuPaFIbnED@ z5;YSkK3gL4E7YSSDv>_o_+8?tHJv)z-KGBkO+Xe{*|}aj*VBJyRkMi$B%^OYdV5z- zv^b|5JxmES+*}DHw@feHZne@nS<7u0i{+75t~>oI44`2ovqR=H2bbpgxfK)M+enJ> zt3>>%Jq=8@H-qSThs4hc+W4NqXMK-#5}ZwsMc{sw@O9byCBxgu36&X>a|~w(6@k?k za!A%Gp~6UC<<0=&y!TVK`#tti8_H!l=YV|(q`ZO1`fuQu#AxpP?FUv36t?9eiHn`M zI63}x`UBv*=-Ub=Li{LTdebwL?0tjaYdbA&5o)*4+TI)m4tQhr?OkQfo!*<6t|Wp+ z>6q9Me=2E`&L;C))bz`U?qat$ICWOp)kb>P(f$q8BJn1fZ8Rw8g>ZbqgPPolEeH6= z!In;tUbJZUD93Aq(!7&Uj%42wk`;Oqds36JGV?e~%QEdI=(lG)4)w;}#|%zXoI(#n zT+(DSO2#PmGug0@rsdC3U7fDHmey({fH+b{M;uiMGfP zacz(hoM*Lb0#elLrFra>vMa!#X9JAZZ`&li0!4Eh?&xZ+X%s$7o2zsYO6tQo1xHHA zxm1;pn#Nol=bC25rL}@RnVAB}Gs@?h%eu3Hu^!wo;T##PBYfI z4;P!qv@xRuWjW)htjmf=k7zC83wE3PR$+dtD;V4+2wd@>psn3P?pwgBvUx;$_x7OO zSfHX5D=g}&!>1p5x=lY;w2`BV=6iH*KumK^!h6{rfA$`mJTb{@a_a%_oQcHt=tmZd3O=Bgc;;_r5-0?5Q;R7Wdm^C(?0cZiOz0Y>dSEyWzkiD z8=oPwaP)$Rvg~lHE`6p0(ELm-1Z5EvB}XB^}$Y zXy-1+ZD}0PfrSswdGA}+v7kqE8FF$|9)^Xe)NXOUCGmCki86T!1E}K+2g_WpmGM^B zQ@LwdL^k&VVHVjyQ0@N6J$ly4HY?bpxVUDUbZV>#>4A`I67I`U6TAG62vM|So!{pb z6GS-MLnJ{2E?(vpZtN6&+UKrpU|WT_w~Q-q-<23Yjd}GMv`zaBMj4AM{DCkIdgiu9 zvlKBjYy+<<2^@;dqcJs&JMP_C%{V#aJ~sQ;ns}E}mK7o^R%J477(DH*IfY`Dk9PNS zA~H&`^VhX>(ZveL6sSbbIqOpv2UlwLtC>uQ+m6h4`qx{dUum>3jA9Uk^T{O;l zJx@W?wBbI*wFn&YGI7VXRo7wFbnzPtDRSp%^&bBKO5H?A#({1XU5&eL9CYhg`pxi` z-O@{7XUN0n8%NTURvCkDs-nsEXJl3@*QRQf^BahVmh7arIHU!5r-s!;j%1aTWMuL5 zHMeJ}!dU~!3r5*FAH!O}4OuSX5lJLc1Gnz;*15@V-bp|h^KqPJrcx>|Q~7T2{{X~& zTUu-8y=GgL{m%X5mKf@5uhVszQdppheUh?`&c|+j>)(`Ya#-nBUo=Ly7YOW53m*RU zrFr1e{!PJo62?W`cK-ko_Qgq*nk(Gg-D&JCte46Q*CQpxdDn_&y=!-$k1-BcCxJkF zLLC>y6aA5F6RXsoA7LODfkkzJjzeru9NY3D2qVCVqv7WjRrE}($H=Zf+ zCCpb%bP&n8A2?s9>t2VWT}7o`M;yi^w*VKF&)mm<=Tl=&Tb-B04Mq)9L5^qCe$?MA z8&$q+AMSz9E6F@HX)T7SBpQ>+YiR0Zigz2fpYHL`r{_R&>tjn>u!~ro5*gW>aA7h& z)B0C)7K5p2+I6Ogr^lyrU}@l4v3w|4NufYJsMW9K8BgMsv{9Uofz9Z}y@j=8wlXGTjnuJb^vLO4EsucZH^Fq6fR%D~sURLY zvz7@E+wV7|@R+&!18@+j*{<@wX@dR+{T5-D5k#{y*Z#l-_{=GP|dD(ke zvrEg%H_>O3dj?N83OLChbm!AQrDsqD`M@3<$n<*rA zGf!@Q@(?2-ouPkSd>7mAAb$o`; zaxv4bZ&^ucs9awpSFmJ)%%z9T?fj?$-Hx4WF}O!-XylA;0JaPJ4|?6knSBCj*KciQ z6i0z7{pLN-6amNT`V9JP?c};fXc}&z3X9Z9Y|m1A&~nNw`$OSAr=aMzcK#m^r)*>rMneTu!27It z;&v-<_+$BjeQlSU1<7k;>iRyS5Ytn zWKCDbwqZPAinr;)6%kEuj9+GTWEI!hEGiujNclTSL+Q&!+B?pn@MM zherXn*Pr;2tnR#$qB~_tKjoSMxKa_bX=4IG9mS>8R{#OiBb;>Rx;AUQG}>QkP_T;v zT;n-k@+)|YnEFS;8qbBiccNYWp|t&854y24{l)_s$nV<~@V~@8HrGV)1?8{V+6g?y z*qHgSI{{hEY6|BwYoesVW`;#bfXf0p{VGx5S@lb)B!S?bATXeuGk=^?PRC_5dtZV) zHZ-QQ)TS~EgdScq@`J^DMz7*|b$u>`4p)y#S2Z}TL%`Y=z2W=0qPVq= z=Gk|y?gQ|6$E|bz81Rmr4wpOMnC7}r8!(U+R1?&7tzmwkRq=<2JUau!Z*0QcE*CG+ z&)3$Zwee5(eS)1baWvp^2OCa0RanMRvCCR`^5<8h zh_7N>oitB%Zxc3H;Nix4R{^H2jm7HQ!!voMhUGtdlS$99ZfDs39QZ4yYyJxt_P3gP zc!%fmqLIGv3NQ)mNw1!@jVkj;mGry&Ike458*Hg5!aw_mze7$kxs#d8+G>e3@<(ja zG_e8;Cj@;Bcm5UCeKllwYZ{K8qX zLX-R>wR#uCpMoYhE%hG)-Pp}_3!|3UQT7hUj%gY~M~L0{x5rv^_gZ$NY~l-nwo@VJ zavrOm)!KMY^)D`>xV(7XgD6&Wf(~mrvqdW(aW;;V_;$)m3FF!VfWj#bs6}b`KdC>s;Q>CsJ=?%s$(5=Qj32G6pf$x?Mc!`hL9*uWHdtDky&` z{^V!qd)D;nq|D}wuNZ3DZQbHeV*!Q0-oY2;X77sXejWT=@h`*Yfh?|m*QP6%`!kQ0 zPvv%lh8hsD0d=}QR$pzxc9-#{mz=ru)WBe=Qzl}Eu z{k<$v+rt`-!2kfZGEX(dR;}4eosXRK*o5sj_JkfxjVVxAb>#m5L0#U5;tv)09{umU zCp@qa2$8(J#>#leJ&r3FyB8GE$m<%-$BORmwFhNPutwnFi0W}&WuL>XQ%}(J{{S9o zuFY!sM~H*-b?fO}RNp{#5$-<*zAaek`jx+f{6lebY_fta-OfV$X1zn>UYTj*PX z(5zB-mg>jN0LI-n=iaiewTXRCkM(aB_<~8U0M)O`mn9IsRDwI#b>N*bFErcjM(B`= z3EUVG%zI<;r!7^8IW0|RySkYzVQ~ewhq$=cO_civP!#{)ooE2u5hD=C%!A{p9pv(M)1|V64=}MPJwn{V{R%ru4#0R!(O|6YT2Qj=1=bq zwP(QI7&ip1;(6v1d*8A+!OK!n3a2Vr(U&yEJ#qjG= z@CU`+U&FeUyTKpYT*%{%?g#2P6|Fe?$(Tx4J|SCVffU3?mQUmLuKxhxkBMjSzl(H{ zV=?k4oQcC9m9jd0cpt5MG?s@oL-f~4y%JkSC0DhWsA8wL_*B~8hP3|x6zOy6x`cjg z4vZ9M0b3j&VVqU9(8@CCe68?v;?}?WFn-b=6!8|9Ji2JNx)%3XY$ULj`^0|{AJV_I zuZ79tsM@?Gt_h~PJKUAg7QBwMyxmO?zQ!% zi>+JgmZ{~)Bt{&1k81Pfxue@d;@|ivSL}_X{?^~KCyx98uv^39jW*s*M?kvUmyU1? zarlgXz`d*d{k&P>y;Dh_QPKQMY;1f{XK>c~gi;(amNT<F~}mBnHwrLH>l2XKD9J$yKp2A?)y*#;XdymH`cXn<=Tod zlhZUC(q@zpM>@0&$`r6>)_iEC@v9Cc2Ff1g2FMcY6>oA3B3 zZ|v%R9cx;LinN_EZmjMmR{KOT5*{}0Pq4@3UyfIi7M?k682M+eeJi$;GoIEPF+vpV z3xR`y)~jGKWjzm}>0Ol0N4TNTF^s0=#sI2$R(+^8upK=`XiS}n;@pg?kFy7G`qh+- zyP0Ke_&od2N3=SB?OibF@1{*@1IS!Inn~RrKfC^am2)graf6UM&{|}X6pi+gm(D>I zy{AT!${uzEG;?8k^3=z z(4HOrroICFJ^16HT-yDn?#?SsV%sBpHwrek9!d+ho=OBAbNa0D`b z@)akcsWkhyk{D!URlASmm3xt14R~1Th0)j8YZj|;noRCf&l{m*z$A9ferx{#!9_n~ zojc=~!!1w7o*XkHrGwIIYA$A;AbPPdUWNbk2b6i&|#)(o*9i{ zy^!t=LlK859TE-{2v}SmT3Cmy+UIp&s!u}xF^rH1(CVC@VVhG!_s1CE?_ub%YJ9NmAyO6SUW8zVSBDH%1BfRrqI<)@0QL&R>O zF&D;2>0JY~B}CCM@>ucDO3HBv#>QRbtW<~`h6g`dYw`}6EcO~O0H-vK)dk&0L1Zls>Iwt+teMbRQ=QGUZrnr5H{7? zbDym?DI<>Y9lh7fbpo7j0Dylw&yG1}RXa`ywt&Oa;6`N~R8c;hCuw9D)Gns}~+S2oND`G-M38Xg|HIxeDMRS{Xrc?vO# z^>(?oSQwHVHz9%RKpgC?2LAvwDzgL9tbc02me&g*NSG-jcTCkrBR+n-_=6-m(SaH+ z9~+Bu2hzO{P1KiBRcoIyS%yQQz%{M9GfqPF^!lcjL5M7{uplw(SoS)$yY_^gB?_Uw z=;owP7XD z&z!9!Ng?T$6+MA*HFnHM1Om|RUpGSL6MF@2Z{}@ zb#`8Kp;<`ze_Gd-?dDL@#=dItoKOchCa?Bep$rOD8L$cLX=R@A+y{(H6LIfUrC?=k zPAKjnUE3cAp{3IqV2r34_w8F;z|)0>=O^xy&0J_vhGSqs_n=2TsX;CXIUR?+cseI$bwJo)T2d`+W$mh+0h&s0_?O=}{>nr1Uy#E7uCK zN!RID=CgTYb}qRD9=&Q}U}t@pY?FA}Evs9e8_h7917Bl zP?}Up1YkOzMI&nu)bFIYjyUGGLY;^e%{uu~phPG-(k4+im z3`_8(ysnILPF{?Hqfb~)y z0ra5Er1H(?l`gIcQvo0DK_o@~59<+evuct=&09v@ zrxmR}z+!6RbdBdlFBryi+PL$3=P@YcI6QkAvl%T-n@jbPgjW+H%Z@i5wO;O7m6+S9 zl22~cNeLcltN5y01}S*HTB{TDcIVc#f3=?K#tDJMPuw1~+D6IT+R-j1dLBAe%M~{WJjB@fBObMsq$ZB%OP)(yARs0&gHY;M zu*z9{@11)Zf!N5m2=k&llu~d`D}Fm@ZEho$K^4?FED6|S88wG> zsk|~Gyaq)l=Eepogk)jd$Qk_A03kgqHuh_kf!@^?Sw|oqm9$ZzmuacZaExSyVVE2h z?M}GX?U!x5>WIg=6r4a3Yk6S|Rd9NL^{J6xLl$8Jzg%>zK(ido`6GVNat&{3t$RF- z5#+!f1!)8qHRG{mIeCJ(+HNrmhilC?9S|in%s_EPIFZ8JTpx0QC$GX(y(E=wYz3EjH>-e^fVMKx86zE#fcu3 zeha&Mge>z2NEsWu)XQKp^$8aVz?(cJx8#p<$D@KvEy2! zJ^j!Ec_VGu1oWt^{53q14bui(^N-@GG&#=|XxF-AhDakN2Yhs_iyQVZ`EwE&bsn`6 ziKJw5+N)d1bm_fq)rrPWTH*E05A8PcqAD=jd;0oTe70tX%KjwLr_uEbi5?&=)Bu4- zPJRCXO7IVh-w!46j*~8}Wn*t0+)=StRU3)*J?mQwTc4hjSlnpWcKUv+C9B{0nP|px zexH?lHko&8{g)csmrIeub6oR@tRh)HB-t`8^}KHkQSDY$!*T0Pmi9}@ZQcG+sXuRxC`f&I3Y*$I$$q1lL)GL$+I+mW2ZVz(7C0sT!2Q3?Hs7ed*i6A zyQ_Oi9zv3*m^yJmQFbt{tuER(wTYC(_|HFh*TugZycd6=-o>d#h}N4~%8ZPh`u+#= zsBktsb5GS5PI({@HM|QK1PtV#O2}#Ay10HxAI46K>kCM$DTwV>}9D+Emb|%SWipD6z#N}iI7|&YA z8q}5zA-Y5MOp}s5D@Zg&MP8V?;%B+-sHx;HjZ=ktrSX5#M*uAvgSFMiC3;i2D(cxDR(4`^D)kS zYJtg?;qQ87%)m@G}7fvZh{bV$bJK5}^+ zfn97K2$Ek}N}(fAI42n9v#3O+)ZsNdTukF@Z2E9b zbI#>Jw=kfWJOFvF8AMT+R6;bT0i?i5SmT5I>942VIt}Vshjr*H6Ijc*TiXB*#ld~&Ww5iUNhncMxCMZB#nUMKh}*{j!k?znw-I!esKI}dvr#)3UYCrcBx}Om%j-3e@M5~S{JyIKQch3O}PYP8ODB<(dt%^*Je{{Y4sKBqLYc{gzsk01q+PI~9RTB4MDpG5fE;%rfPR^7Dd z=Ze}(a%F}&H;D+y&(^*{@HdJy-A7i{t?xB^n4v5rdv{!zfhVCpwJsx!YBWPSsFAAzWpY-*)qz4hceb2Xbr{%X21Ns+Nsbr}4s z(!3>orFfMl(xlTZ{Pt0cnE~1q{{VCj{8R@wQzKURb*N}szuD|>CWR5VvX7WLo}WQl zH#fHy@U5h>GN8b1x$WygoT?pWhvEqI#YUBOM}v$Gxvo3M`t_E%4V<h?~5v{m4^k&YuNjiYM~UqhusWb6RQLPKM}Ij(cYUKPDfG4Hhdb-83XbORo}C^l0qcr*JzczGpVCiWMD zC76P6y|Z0!hP+oG)b0}2ONF?Jd1KR>iJ~NWyXyLDY`R@S2?`*2!Q%(h>s}|~Ei1y_ zGS&4RC3T|6(E#Do?mjbtj&gXZQDn!=564U6Rwo-v%!suZGj8U~vs<*<`%Fv`H~$P5j6*0tf^vR-O>cB~#1lM36$ zbJLX+bMzx#r;}T08h(|iOqQlL3Ryn(1}lry9(@DG@M=~QfoqI9l;T9se_GVk_V^mt zT3@$Yq*2R_>Hy_xrlY3ZT%*AAG;y{$&+`2!6s2O{hEnqK>MJ|Yw@teNah=K!e|qRV zVlR9>r^Bo2HnT;iljX%G&KQs3AEgE^S1>eh7DX+s+B%en0F_n7ezhDw5Uq6x=d#k~ z5uhh>q2+sZpwciM4~aZZ!fi6wR=R&NgQ9R5aqsC+_;beoJGazsMy6KhO;-wv(%@qq zhg|(=D#>bTc!K)Q>T7LwOFu5&75(z{^B5eASGH){Zkc-pwZ)C{x;lnvKtH?4hnIMda_%~bEZg_4IaiMH=qak)^S>u zW9Y8|U+Q{#S=vqI#|{EBlbyq_KaF}{j{HNX9XV}dw)5{u{p5x7+ZYvgMouTqb855c zSFd#uc8Rd8nc+vRb=I1kau_Zqibc01Z+1U)R#J_G;`cTOiga*C+0C@7%u0nh2C)2h zq^7f?UF&*lL#9fRgKy6p`XB!QRY*A4^FIT4t5CSpu5_J7;b*&wMw4T zBT~|@w5aZyc#HW{DDRGyv}JQW4v)cJAJsfOml~dtsQsS7u);NMr4L?t$u;LbIn*vS zZCXu6`bWCEIXlVZns3Z;mZu)t%yGvYO2Qe>%Z%qI>0Q2&sDA1>mR~J_9FCPP2j%{(wUC*^Eb ze}`}Gqq34KsRX6L`GEV%PZ|6wfyoYs!q)dtiHJ#|Su&xHcAmM#ZpEOx!tZ9UJPG&R zSLGhYhG$Y`7<8RF&fzW=1riQV9m%e%#u`(7bqBJz!jUS0`?4zr?sK+ti{Lpg z>`Y@)jr_Rq2qc+^72?{jhv(Auh%cox!eJ#80#uy$_n{HV)bDlOU&NY~o|Is{xn_aa zkG#x10sjCR^}B6bPSG^2KKEN+^i{!_uinQMNnb-n6V7~PZ=&2>!2TVY=IYXUNz8|F zOy?P_-}pwt>N+&D*(B1eqkHY!v2c0KCmR;x_CELcTj5(PZ8pkiW`+oE9I?yiY0rA# ze`>D*Lv5vLx0a?Wsdo@s7U70{e;?AN8QAz&O}2e8<}oV==OeMtY}cjeTE2@7!ZqAy zb1%%9!Bg#9Mpr37)$s#s@LJhw`c1dmVe^;E$2l3~A5Z?heY@Z#PZM}n*ZW6A{>RnT z2IpLU^>BLj&q||2tbA+xM`->{`rOB+OK8#I(4fZYI)1tOR~_*0!nz-bG??zZLvMDL zs~~oT307m=0yNnb3W4(7b)$9_J(ipDibzEont zqTzw`C-AI<&z&xOMXPHqb#&7_w@6F#!5>pq?!F@4&1oi^sM;I#*s+r$MM$+TWEB`CpT?#eFUCZ zX(J3V*BGlenpCnt@?D7{mmeeb-CVB`V|dcJr=a{lyVT&B>45MO9oJ?-RrbNO+lyv?`<$@{*>zey~7JK?_;+P;P3 z4L-tEX9P~shAQ5lN~-I)>}G4)27};xJIFNWjS>|m40O+ISLWZuT}JQ3J}kbuxKvq_ z0LvI3yazmcWBS*dQboo$DtKo>{?)!8Yl#dIDVLM?vD&+D5BQTt@UEjim8$tN=+_Fu zUomnMBLg3ata-}zXOdo8BVXLTirc(fiCl0Ry`RE5KDDgrH@Y>I?X*$4i6ORHi^VC&AMFeUOM8o^!YBW0P=1Lg#50%uz9T&j3$qB_l`=qHDM8Cb(K zK30usWe^GvmWLU~UP-TW(0msJFBBhSwvkI@e4N)KhgNhccRjuj3VBdM{z|I=F|>37 zwj_zx-^udSvX4$`)EN?yPF*ox0We|i2T@&bhF)tVe<+7i00D;|QCl4H-0oKI%|M%2 z$&6rkufpH>DsRAPFC~xS4ua7nO%uw|+%DoI@6T%163~W!Jxs3lO@Wz9V4PzF92{3I zBv(mwXf2^LN|P%u&$nv>oaViHY~!1EKT`f1UR-P57t=1JS9`^a6G%>S!~6wy`Yxrb zM?KZO{7L2SA~L_ky|eFHnJv#8{iA*v+xV};w!S0NHdyMGR?-<}36s>|{c(!@UjG1s zE&kT6;*SR0e$QSm)`icAY@;uxwa!$^fa3~JHRJ0C^D_*gFy5@t`lr=*H_Dt(C0=U>LZ{1;31FSYn7 z@yAX5q5KD-{{Y3k@q+n!h=wdBt=IR@I2(!Q-#(SiI6r9#E{|VEzs|(9(EfZiJu*uP zWP)(B0=UUPGK|+VCAzW3_QzrCUa~mq#Hl{jF{*+;haU9UkjD6P<_}y~LB?H3k%?m1 z9)hCs(G;wV#Yw=R2G1H4D8qxm_Nc^a$>k7KeQ`h&#(7W(^2f+TN&itf=UzI zSD%QDnXF^npIWg?%MY|9YHlL*>P37r@k$urxwjGElW zXpTe*;E|Ki;M0tZjD#1(ChTWoSJ@`gvHaa>@uopuT(`eUX0byWFfw;AZkerXIX=x8 zVi@z*gGg>%j&zVs1;Kgkq!?w%8T_mE-~I^O`&sE<3%)7pKeM-uuc5W@Uy9vMp3Zjt zlIRR7Zt2P7d*X*1s~wcPAJyK0HO;8K@aCeS?yY6byujzpjEsUkutBLc2fehC8~8wY z9sIe+LY#H4pRS$kbseUSXC$#KH)1*C1UxQBDl1!E(U$W~y|#&!Vz`LGD1L+l zicJ1Uf8e8Ev;P2yehYkXo5b2?hSxq5)j5(_)PWfv#g3o;qhAw5=_F-P28pnKmBmpW z%?W5;u(uJ0Ms{!F89hFg(b+(1Hl#d)5yXK6d!+sz(Pl;DxjR?v~e(dE)<>Q(J7V{3~N z+eUh>J?qa;hp+q};*qIo+T5$5&Ua!*JECBE4{GkD^)s3I{rg#KmJO=Mt4STLo!f)D z;{i;WJZBZ*Ukfd7H2~Aesb4*m%m`rFDZu0!^l6w$*!t$n#L)OY;?QZ!ON#kIS&xY5PzchNj523WQ>pHI@Xv~L%^ z-uN0#ii8fi+$)}N8P;0ski6pD$TyyGT~?v0*$pM_MY~0C%Z>Tq*9_LBBzPgz?_%); zB~$LP&O3_sL#{YiornIg@v&YG?0 zR+ds?RzIbEPvKO#j@@G}WPozM)Ehgg>1%WuT&l`?RL^2udmQxYV3CmY2d;Y6-7fX5u2$g39Ev)I9R*@ybhAwkt2p~K zVOs-%-mB`iwyKdven|l5+JHH*sJnyyE2b_1Vg2zu6VH0U-J#j$ICbYfMr$j0mKKboQs!MLFlRG3$oDrG| zQ|@O)9CG}?EQ{FUwPS~7A9AvL&}nfc`zryp7vGMRn)BMnu|QM@tz2SYL3ep?3dyoX z;{zG1+5)xkaIUSloO)IJFgGW&h0rX$MPCDmjs!ly9G>p5I7Si4! zv?B&RaZuiAP|Owb!yc3tnT+}jbE$Z)86+RV-RoM;)?0Xh-?z0fNiL;`paw=_K7Qvt zYDZd2D3 zm<8^Gdwo(Tg6ag9cTmE)i2NHZrp1QwqlE?peT_Ss!(&@Zx|dIw+wUmd2>$S{{@#B% zN0^|4(*m<|EY!APXE>VJM&OQ&pw^0*>YYk7k4uGMj4b7oU3;<#~7qluu(I(m;~no zp0%xaV2XpvD~`Q-*2$E4{;NH`gO|fAw>>zoHofs3o#n*B2?3Q3Hu_UzHT3;u%mOw6 z-=QSdg|*9vVn@r#=aMU&M`5SSB#|lExqqc^+3FHlgXJ==PjTLA7g5nOOnB0CQDvF52o6+aXyOf7I2Kr>zw??rLc?zEDZo&oTJ41h-0^qYn)3RBu=c6h~>fghiU+& zd#Bp@hFJD_tI+z2~doyL{I{#DcAn(pg3MI`%Il+W=CO4J#wY;_x1r3VBfWUtn=jJh*rPpJ?5 zBsW@Pyu_=aBOw0(I*U-dy4UU5%bc%4jAE|kSmz?kTBMb`hTsE_7XSOjMNg2jC7^E}J^($La#yJs5UYvBSE#qTb zg)E&gf1L#>9$VvI56d;9NVef51pLHu)$_ryk`r?mm;;hjgVBAcH9idZ@9^q-9dK(_ zamPE%F@#Zt11CA{*1Q(R{(E0C-R6=QLXt|J^h!D#reB^}gtpBNsMm-QSdy3kk;wcj ze@kn&bQeZHB%i#!zY61=MSW~_$3~f@3lqh63n*>G<7xD*2qHGDkxg#u#exBjwa+S+ zDC$ycNKnChXDqNVz$5r;ieYc|nNrwDpd5WgR4Qs}p`o3q=vqYV(umn+<8!FNKE}Os z;YY+Py%yr*M7>z#)3>0HGxKo9t~#?wvJW;`ot9Nd_TY@4ylao~ylLY7 z8MOP0brQs^u@Hdd6PivoIuC+8P2s70C3W^^d&`hXDqVAvo}aC8;^HgWqi?gMat<&% z`_>YTjbjTPZl7$ABm#Kf<<30@Ml0ywgT6Aq@Lsb6n|Lm4TF8@a*wFnO(fnCs z;tM+)?K&u6iPHzmB!)h`lU|3XUrIz#GKS9_cB7dR_B{_u)L!0ow~%bzfynD#qodi& z9mE$4BP$MY4`0HW%_Msbtao~}G26n*l8||0*1W^SUKiCMmCf8`CR5aLnsyf<=Qp}* z?kCf;2JrXHoNh5HQbr`J2w|JoYE#zqH$m9YsQycU$ zXrl&`5V>}WX0`-|7(SKTM|L5KIAxG91FxlY!D>XLS%NJh;JlM6d8BaN4PZ^CBv%qo zZ+R(G$Ck$<6{yn|C=3YGftDR>UdvRrojjS4M7m_U+wyFlD4oH~KJ zkjE@6tS|{H)`kXVp!jw2n`3(7vhE)0Xq`&N-~c}E4Pz&%QQXLVD&F!pH+!Q`P(JN= z&ZM@}Pb3X-_M2fQ)i1^larx%C<+-w#V7Iijg~A0?0Qz;UOGp87Q*PYjny5a5I=eeA zk&+}mK3*%O(CsC$cUyTbe5Y;YT0+1dp{|I_pdAO=q_>>PTV~VzT`Hv7+?O!231ep5 zLEHUlNvUBNH@u_a=6YjQYRaox5JAE4w0g%gs}IobktymJ7tbE zM#fGy;8Suj<<`fB>+{{xO$-nyxn zlzdPkmero^ad4-vt$gKu;|J3931gB&JRz_Y3}9Bqss~9Pr)jEK8KQRB+=32qSg>6M zkRuK=jFHxqmB%MzWa&40q!Sn*nf8p5sgMV)dBygXd1y@THn8vBx#dr(9K}0$^&5my z=Q{JA1!zwmrKDRKWRzYi5s{D>pG;Ok^ zRBZwv0o3))KWE(Ni@E1I*Nn7yWN9F`-LwMet&-K1XX5KOoJ$CJB((tf3QNjAvMVUDsV<3j!V&U6% zae>nnq5Y(iD1?!W_NULKi8F6CC=p78$RB?r1L<7c@QbIA#Q0(k)hCSh6#-*1JA2KF zN`#bfz#NR$-M5y}n6B;1zCl*U3PmY90sOXI-?o>owS-YLdmJOHjBOw1HQj1@RGO4g z-C9~n95Sv(Mstn{AFX`}Y7^ z;Bs;JkIsVPjyl%n(oKI)@dbtB+g_s$@+r=6e(ilP;xC9gb>D+7BA#1Y%Z>{!@0r_a z0QBlBK5b1oPmgu>)bzXSNkN($E31grCy5J)$#3F425aaa8+s8CpQMxj`NvqlFMjbL)n$qSb^3k!(nCF4tt$H4#t7zIshAriq)s{pm?CjYtG1G1; zIT@@~&olUiq4#lITQhV+}u zjRR{&i-!^X$l(6~3jvYOHRd`ksk_wQQ-V(?dh)##^PZHF14mNv6}(rV1w?=Vjf3}? zb*OaX;qdqRoHsGWc7#c>a0`=6EP3aMuXKCOTI*4g#baxR0sc&u^d_}@E2i4n>T$l0 zsouwJAyUy23Ip5)Ime|;(CmF*p?H$Od3KUY7U5$UE70S%J!>Cap4VTyxhwMDM-j)F zz&!Rpg=ffTHhlTwp9A=YE9muICOeyknS#7%pn?3Vjo*U2OQ=}Ea`rPd@*yH8I3Nz$ ztz)s1osGW_z4nUs*7}-=ZXXJflgoPJ*0nD+yNUIAZQwpZgoa@0#EN}C&uXTOr7N8# zjNVqE6tJ@^Vqo0w_6ddC%)X(MZN1Hvz>knu z2Ox8}Vzbin!F34YV(ECRwc;)7-xTaQK8JZ@27!M9>Gzi{XB3KeyRP7;2cRDH7lc~p zOutBBzLD*>{{S0x=lN1H<&oI@Pw^I;d!ff?ar^a&iw%Hoi~ZC1X1y}o#nb6t4~tsx zvqgP&maxhfIA*}~>&7Z&v8-b3dabXE?fiA6#c_2DCG?RABn+T!AahPUOod55 zy&bcT-D=|OWoDV=dXI;-&nim`$%dPI83t8joSgKog5GblY3pe4!6b}lyJ?q26&w<+xa|WxXYj7u!S*-Wj<+;6dv5LB zl}jflc5#oTX#pvosqs(38vg)*d@XsZU0B=~KsF?i{os0^!n{XG*DW=R8+(WoVITr= zj304T%!SU*e^}JD3k$VKbtxdVcGwtT0)HCxe*tR#DbN;Jb(pR7Jr+<-=Ui|{p#F6- zlCU;k)g;rOPpPLw}^|AKG>;AMc_MmW8wYK=W8sWTj+n z{2}nQ=Y-<^`B_^(FPbxSQrNK3_3kqSnm`Wonq9A#t3yd^#6i;Xpmj?hRI ze8%6LcR8;6QP(dcv$?*vR3tE6?mkfG*j1aO>5qpW5arYSJS@CHVLqQH4+Q8&$rqvb z#ZTft5$V1qP%ZC;{AVGQw%`Y~E>s60dEh?^-)J%t9z8%XRZh*{Aoj(1&x(E(*w|UY zsV1c~n_n#+!i+h;?Eg&nxjPxAW4XL)Ft|y*`Nv#(K zLy|UEJf~vJyKNfoCsu+xxpy2fL7k%=PqlP9f5YiD2wqs7rC0VYH zo5~r$By=^?C5^1Q6f;GsLweg=&5sA#HbUy!a3XD= z!;XKYbQ<@Cn^4xSF0JhD?E`?}8zf-*cB~y!sxZ03Yn~puy5Dk1w7G%AVOlfu0bN4r zSJ$2$u@@SWO$JK&XYWKus6DHuo-ta*OAcyy2T1XM!o5-t5W%KF;y(OhP{ZG&=G@l>%cTe#zgQc^(Sz}gfRUk_n1?MZ*wR&$E&ujEK=Ss)MzqDtGrttQc zacGS%+KMs9aKk(g%D+A|olf&nziX?DiDUC846Z@OGmKQrQ=6LFA6QB7x>)qt{6nPb z0%ur1c2-Z_zZor#GIL)$TwS_MtF1ys)<1Z5P~UfHc9tIemRH+oY%7abMXvGo;_gTA5d5ktfmJ}8?_U29dgnp-&uQ9d#l_pTD& z^442PB3F(xBXWu`O?FaEXn|BktvbKiW(>E003blV*!(i>})Ozlpip1z~CeV6e5+V@zqx3#)OR$?EYU-78B zW3`W=wC@c|XB2ZvjEXw}n)Xi(=o)sTJSHSjHU=;|*71*GWh)-B4vdQv#XM>}v5XPO zt}|89pp3o5YJ24R3T`$rY~ilqExD~fcrnf@J83U$(3b^3>Fg>*bQ(SN#-PAPo^Gc5P;v^)t+__vHJ!!2pLqCmgiarw5ybt4_5$Fzr3n*?R z5k~FvZQOB+^1FFl?YJsoa&iN89`)&AYV$=&8B~X3-u@1JO7T8{sX=Qb$#G*ABMM(W zYBvl>?cTpaG}&X+Z7r{@wi|aC-a2O)BkRp}obr!TPgS>y^GUh0F|)Lbw;AA%dibZ| zcZ;rnXFu8-!`?O0MAk{B-kFW6F+XXEvAICc806x!o|>CNTG;;Behhp{vG|GL9}Rft zM4H}x4^XyAB9jQ$t++eo?4Jagge`7AGOrA|sI!nkhWfDL$z*0Zmevw^r1g0^u=}4eGfWIp;`RK7XC;Ig?aVOTtT&1vD(=AaypvOnB0hT zVIzfM&||GiExg1I{1ek1%>@Y@KU47TEm+v3h9yZGx&i4yQQVOyMB9Wez~hff=(N3B^Fh>f zzZ2-m8tPUPt@K2a8+vjue+n;cPO5KH`*;0=ziPWL+IRMG@Q1_;tC%41#*{{%s;)sY zu)ycP=jv@IjuTj(_GTUv8g0c*Mx@*O&1A1q`pSIV)H2C-MW5jwT-K#^dSldX} z@3 zcF}zf3hevK_DT4;s%j@ky}V~zbz=?0Ou>%_1d-dn=U=MU7dA6V1;w4jH!;Yd{GGGy z+Pyk#^QxWa_Dh>s?qhtp>IbL2W89*mhL$br4>=txTO3l{qb7-^+?dV0ts1!f;yB0$ z+P-)A=COP|(&yAK6yMl^orfbi9Am$6U9^#$&&0nRi@%AUBh+-;ZFB85QZqM|CKyD( z{m_33^}mOH9lr3cj4baK89D@TFfc#;Rq9hmEY0s1SzUOCK)cheZhpmfMq`vNNHxo7 ze-`ij2c%tEYL@Ev(MBV87-1kCz&#Ci#x^rNtHd7~^}iE%f(xq%uB6i6iQ{MaQ~{BI zezbfz)@^k!i<(S!x_oeIVj^B)fJ(6guU_A+DU_M}K`(}URd?ZNH2oT3B<}zWxg!T1 z@m|sJ)4@8bXjZZ7@y%6TP*QPmWmTfp-D&=L8&cU9_@&p%A2^RqxMA+B+Qbk5aUDqm@S3PrW3OrLwCl z7Tw2QX_=HQ&AMHNxKG>@j+HjA6}%G{usf~D9Y2PEGeyEWFr5+8+;y&9^gSl}StGW4 zSX(8wy8)B!KoMHPx?_}35N8-2s{3kF2}kc$qx1u<0MRJBL%C#A&2XBYg$J2&bdq@r zz@MA$lRzFd;$H^aUo>(@VqRFJ4h(!2=bTs3z7Ep-tu7W~NWd6w-&zf#ch+&+E@P53 zbv$PsE2h&Tw6_P!052y4y#`I37mhqR7PT_$NW!qg9CZ5EJK=AKF=$WcSp`fT-@6!J z#84yFVB8=;23r_ET7%7GVgolFz3G7@a;*7^M%v!AvczNg75@O>LW3zssjs45$z^hr z?J}zM8*8A{?zH_u)}u#wf%9{ zg2XTv8DadW0`j$y`8>GG9=^4!YN=-8WjRsJGz5BvtdizJ>c~0ATnglGH48h}@(TmF zebPG6{D8lv7;U2vqO;>2YW3z)29*g%^fV(?6OfZonkdvY)J z$rz+-Ph&XAV#m)?OCwc9kZautrj)MKHpB7LsJgY$Nv3s%~bqDL4aKn^RS zv%Gm#gs4?d9Xg5t(-21z{GW8!Ev=@f_GyNmW%EEdE7rD(MzOKM_)l8#CFGY7YqseO zsM}KujIDZFG_#PXPnbJXaz=zVk=&}Wc*tNs16jI#>lqAp5&37a9E!?MQyEL4y*=Eq zz%&Qpkv(BkWVAr+bA)NEn2kH-b^ft2=^2LJkcX4D1&kRDmht} z*vBG(M*|(b=qfJ9FL5bJK#D=0{8gK2-gId80`$V<*4L5Q&V1x0dxKjteUDI!D0cgF zp^`wbLjW0d$nEJ^*U`mrOGHSMt|jFMNA>?=;%-S;eP zR1@BUWX*H3IZ`PX(zULsqC44N>RbA!(SEng&+~BLg7uUSD^hJ>Any6k#8y9CK4MXh*qvJtI`J%NS%H!PPW-6~)zsKD&bur2WXAVO5 zrU|2;YsENLQ^pTk)ClGcAyV!p9@T2emf6E#Z5@c93Yxv!ozmM|IZSc~>st1s~8p_1f!t=-MM*1?Lh$}{ve&c$-%v5e!=x!9v2FCd!w&SZ2GJ1JeK z_^akUbHmmi9lp80g3=pVSms9yibl!wD@CgPp**vRNgeBNNbwZ*3~h`HJX?bt^`O?> z4!iq8#^OUf7XJWdk&ZwHx@|7n;`eN>f;Q{T25uHLW$@*V_Eu?CX7&~4{xH&{(<2bY zZe(2TRtub;dUg_5K0mzicB>DJn?uy}=`CPv`7S}kpN=tJi4D9TB#bwXqLHT}D{4`H zXrtTU1p~P6Uo&{C!LwOiT->a#nI(uT_o_L~6nY*N<3A1Cc!NZ~vq(~DlrZ_1udRM( zc+bQ4UK`YJtzOJS5FujQ)A97hTwThJo0%F!rdgr4k&wULAoATCf~V=}Uqi~)@!6M_P?Ce+xUQwUAzTqnd0P&tm)K+Zryo!oboFixNd(}+VndE;J zd<$`T1UJn*EQ%QX-9g2CUw39K^#U3}<}tt-z!lFujo~AIPri6%D=M&c7##JlL9o>P zhg+!QmE;T2c_e)Wa?f)^?jL|&KGLU4JtJ6d2|9wlUfzwG>$M4I z)@=vcJ@O8{5ypITg~EO1)Jl@vF@Ey-=iXxI-Gp=)Ol z+U70?>x#*Y&`4)lp%%t(D|hhr&3Znc<_kF9<^dC~aQktQ>T6iLh(pv5?kDD63EEezyNU7N5wt?wbjw?Wx2Su@`mB_k(2mSUSZCK z@Z^^s9feF+4d#pu#Me!zc+*ma5eSlJeixoU3Tih6Bw=3LL8$o`*JtJ##(Nr`J6u|M z5Zr+o>`z~%bIu5>oZyyg3FCY#Mx=sB=}B=r+^H!#I}^|zMNDJREKsvCCZPjJ?6V;( zI`r>fMtE1nA7+EekeSg&03F9_>!yXuj#J_XiLd2?;8>UQa2pIb0={RO-^6p@&2^|- zqg$~B2>11^OXci)7LR8Iy_`r{V2wa01BO3J*e1&9;!BHoibmK%6bv6)nM%eJN2vI9 zR^AN9GN;S8?_(p@D- z!?R8bLnJ0syZA=}z4ODd#RO|K4C>5B-aYG6o_n3N_mWzI(p$53D~>D9FZD>SWROV? zK4N-wpv|6tsWcIp9JkG!b*xpCrX3tR6TzTlH;)!({$O>RduO~Fj3iw?R2Ol{BE2KS z8l95bX7zC|SdRP!IrOihXPo168&&bb*xlSg_HUk=w<)_ftTTijj1_Ug*piN@UVk?mZUhCUeI=pG}~Zqh~8?rx_pM(>prdJ5@C zQcCBi_`}1xjfKQEdXAiy(`^T4(ene&c>2}v3Tm2vg)SAWE!GK`gz~`7dS~2FVy<}4 z#t#|XUU-zXrGsgaACgx=wOzRB{cDTx<=2QU^#_TqC!W?~408j(C$>MW0@U_9d+V4L zQvTHQmB}A3Bl*=G4&K8{@eQmO$#9l8PQj&*04w8+{{WuU1&SU&&}`t;l2@B_FlP>* zE)TA20^eq(ZxyWfCgQ-191X>Lb3vpZLpM-q{5_{Gkz;b2g|q|&0!`WX$>ywS65n02 z8@2M{I10X==7U41@g9qH;g~diO4aRr%ZWG18Eox{cfjs_D^l|JP1W>!SRk6_3x#dc z;qa#ijANP!xdxl4JTnO0-d#NLBth^W9<-X4i6!9kbal3|X8WkeAbn0~8Rpm8WUnNt za|n(=aKMfjdsbEd0EAIshg#8|;9O)Rsf;E)&*%A2ToKb+_zw42(NgiP9#W`ek>doa zbRB-b&Z>Abz;nTRq`lbM#rCtF4lzNbn(BQ4qIfAH)NPkhzFSFIfrY^budlUr9}>PA z>o)p*roZ9X#r6H9Vq1vekbd+Ni~*b;)Etvt5m&)By4Im#9o*V|{4)`_M=Igej>prb zOX3Yo+dTX2<1!-S3^?YQ%PMZ?E#ZgI?sXVt)NM5DtTqtLr0mbqx(^)u7Sa4fEj9lD z2y3TH)dX!L+bIl^W2)rz&Nvj?DxA4p&n!Ab`Zc6C7c-<9k}(e+cwAQ#sd%35<5HF{ zwEpxc&KCgE9Au5F3%kumA0-wqw1LpBLsyviW5b$0t>f727UDfV<*o^qBk!I<{4+eLqMBNS0A#GLGADN$>Qp1M!`nooV7`y|6LJ`$T6W1(b9CG>VM1)Zz8(Zx!8J zAMC}rWyjr&XK?zChP8eauZpDB<I9_3jH=kYyH6dS@se-Ycn7n-Zt*xSt; zEQ*YY`s95p>krv?Oq*BHb$NVYVJY%Ylr7lpc231P#$#U3V?#Fwpo1j_O{uHrw710T}3TdD5I2=h5& zcKp36e2k3A0P;W$za^d-(&9M8vZov#57xbtL-7@ctESo;%S&i47ng7c$|=~6ZilGa zYSK25BoZ{25odsUVz^yaO&-G5_(^L4xRrM9JnSDz4E+u>OOnpde9)Fv=Y9w2RTo#& zZZ%VIZ`76oHafnx(asjP}#pTS+71EZ}8+m79^YZP4?(xhG~4S*ysq#{l-vHR*arhvH3R zOS!txH0kdqgC1c>%PND@AbvH)US_a`&rtYds=tIhQ)jE|8dbKT3@lQ6Y18G95rPW- zb?Sc*wciBmy2KjygY@b2RAj`E0ksvo-~)_T&*EfyG$uI4 zO#U6~n$>(OqS$Kpvgr(Fx7>DMW99l+n<|z%)dq9=&W@VigB8W4w4Y=LB3Qu%i0VH| zwPoQZv(sU4$Wm0_uytQ!@5Mu_ar-+KJQ?C$H^Q^tLp6o1)G~<>i5HY^aLRiSYtSM1 zy>oAIX=`_xBeb{a({&WB5VCF zA*pHiG7mP_&D-{JbCw>J>S5y3Fs#v$@pIyyo$+q+T}INv<4w0uk(BZa4z0W2n((V% z?6iTPy^R@0LI6PLu{G+!X{qGYdY?*s3-L~!W1-2W>KdF+D{dZM;K-RjcL%l&a(@%P z9Z#fc+J?2J-`VOqB)>dJj0-70!&6bGsh>JW&-XLmY40&;gi$d8mpR?_6}hBp_ZK$L z40bIt1Asx{K&+z+nM$EPuj5;m(bqzfM~dBYBS!ul*PGi~%_GA+d)-5A1$q4Isx;7| z&tvengEd`I;f~(gX(DFJw<8~geS`2n_F3@mx37O|c*QjlYcrxrZZU>cJyd%AYNfHz zk@`iUe$KuP@cyDD@I9i(r*ZqK5Ge=L;=Yv9J{~(;M;W$+n8$I}u`gjYpM#oCw#zN$ zlvdI%HoB6oKM~D(=Y)PA$)m>3B#qToe6IMdX^`dI_9zi#wpe8tlni?sju|JhVI&Xb zx}Gp=tsL@~Q?t^%NqZ{oy^y$WGoQRGq5FNM>O31mA^B)A=VvZ-Xmrbx@HX{t;3I)i zYBAeM1Fx22axgtAc@X0#vB|-4C7hsJ$>qzRybdYQYP!1KzuG^4WZx^H8D<^o7LLWY zWBJ+t0D`D~&bPh`@k#igPxeK%rv?X z>Jn+U0?O@W1SQVgaC>L}0M%b!d=L1cCYdnOwL61*qg<(2lX*T|-I#x$YV?tVmqYBh zE*f~FiGbQhe?Il|PwfxjiyLcuPZOjEcm_EqMBLFgIM26AiNw+msrrxq00egZtKic- zJ0I-pLb=@%^N86l%2arCdHtu9$+x4*J{OB)6U*XvxCCP@BTKj7d$*xC;ac-O(7woig! zj@QDvyDpdFq)0L&eW%Nmk$+#ts0+FX&x~nwj1ZqYO^~PXGx3gl>ls> zdl6DZ%DZA9^vBYIqU=9&kf?z}ZtGIZyN07*D$pJF7G8a5L>q5d({}S!zl>9 zSpDvK&q}OSgS>Kn?T6@SA2TG6_h=L}jCUNGw2nwx!bvGet!^LgxE(&Gzq9WP z{f;;XhbOvg>wF8F2~R#`Y%(x^E}g}3;_2Ncb;VqpTG1LkX4A#q9-1+#ArM}s@Aavl z;vT)n^fyqljhl`bA3`hB zr@7B5bvfV|ZH8Q?TeoWYyW>@yv0bdN6?9tEGdo3Fi+v_S=40Eb+w5cVrbGLJJBRwn0 zsCB|!PoBqy?wNOA4`DlIUB7Zo+^YD2T*H&@usGKD{U)bY3AzrACr9A5KGkYpT=l zAi;QtmaH*@$fgFIG20#OAo+;kilKL6k1qHmUgsD+q7uvr-B7Ob~!B% zV6%$WYaq!o`HS-GH3On&W(H48)y7vjq_jG1A44~ULgi69_2#Q;dVS7~bkWA;qaVdo zWMSM~%eiu@Q`gdmXrzIFWy#==N}gl~FL@lKn84fzLMn~Em31@uY=i^eqnJfT)9&qV z))@vp3GZF1!R5fN5Gw(Lf!3zOOy;#4G56Gsq~@tx+Qeo91au{ZAZ+XGWZQ_0owzlq z>jkt1c_&|&jC$25urAnZHaAch?Ppok{H@U7)j1<{n9C4g{{RUB zuPZg1Z#b>e&xzRAj><8RWl?TxkM zsY4Fh2m>@5;SPmJ_pOvy1(7Z zM)gsj)|8`jBU%d;lMfgG=>Nfk>PQ)w|ZsPt@hiH&@Scr*0GI=I-M%+-dGkH*vBBN*U-at7)yC0N9b7er6dFv zx>U;_pAbVLoMYGNSsL7v+#?|yCfY&bvbR7uD}!|rD>BHw_~ENxMp#@ZmN5MORQW*L zNMqk3pY?d?D~i(!|&pfg)faW&O-WB4W zJkm8Y9I}a5Z~J2)ibl|S9%ZCk`JP~vHn7LcI#)|+rpY|4uqv0&T=t~hjnvOc(Y!Gv zQ46V;duQe2rFt%(6e=T)mjn;II@3hTMzZM>;$TES{F z;C)_6beWXMT^%I(cI2M8b#=(E8SpTAa>SG2^q9cx<*l zQcr5vvtP0XM=HQK80}Xm+;OO3>(M5uXLDsEmR9Ik^fmAwkGwgkczayAg6&uAFPR~e zoP+(^=afz3E1U#3bJ|?TDQ`9$WE}POuVc{lVKgw^*t~E^5QbC9Cy`uoTAfkU-q3te zs%e_MQ%YrqC2ah?IrXp5&xKw(ZF<(yX!Q-~SMP7&V00BAeP7{^7G7!6T3*}C#k0;& z-WBvsrnz^n+Cd~1$qcW_J&(O_A0wT!(R4ou-(N!=#E4Y@-@){)>+Lq;(`U?CJ7%|n z(8lBtO6qZjAJVigTGZO@aE0&*;K#BRH=nk{CIZV4p&2TP8(0 zUe(y|AsBQy>r^Bb$j%}eC#SUvU5w=$k?b-8GI`@G+OAuz^l~CcJ15J6Tb$K%F>)R3 zmNwT`&>270l>5qi);_DIy`%_Yk)(?lB&{G(v55p$uN%nn1aZ&-$)*MoKF!%o=YdG8 z*w`0-Y$aEL>yEXk=5rDiz5m*ENT!TVAHq6|~N$t10RA zq*9Y+EO0tXhE;6mIU|bbqqfqA%XP8j+DPZ64keJ=S~N09ZJi3^J9E<&(8;T`c8_ZD zk@DjtQc<$79AaHTB#f~YEDr*#KbtNixPTal!NKcPDMsd++v)b!_O}){bHQ}EW=818 zwhdeV0EDVrh$N2Y6=@4$vUzWM2~aKR*3n%Z;t$2B-Fc_oM{jKsm{j8#emm9-&U+X9IjY)U zKz??Gw-mweip=o|ak>n7k+H(J_r0oQVtLH@x0lLM<$=fpimxT=mUx&ef;k!I6_ldQ zqKuoHSne1g0i(rb-suoYYb06nj?=V`hl*A;h~WVD`b<@A4=;yHKogG zk$q&6#f*#E9a`rtU{{X_1#it1&^V@MOH)Nb=n)4>n^(ZfqBA9t0w>IENBhXSYZ2GhI zdhq-B?)y^F;kk;_RGJosD4Hu$j>$5KN)@&c-z2#5t`Rg(Sj8R<@Mx3i8fKOKo-Ho~k~~ORbF=_5PoVv4-ux^3PH2lgv^xHoCZ5or zv&TD}{i*VQhn}4)mZEIZFH_z%pA~q2#Tq%BtZQt}BvoX=!S}~X_+#U)hoe5JrfSv} z*77OJOB%*Mb1wmqL_vvp1~#VX1hDuI{y2BfCX7Nx3CmHQ-v+^qOQ1Zz|?wY=e$Q zDsI;1T>9AI{6VYgTGo{$Oz=rF42PFE{BczLBNfH9mHa6LHrs)Xij3_i)6%SQk|4bB zW$MT;C%zwNWXd-0zI_NC>$mW}rEjU)wvT@WmA0!01*XY6SGPg!>Hak`*samh9}4Ok z%L`rV6>@jK0Y!0eOqv|?*j`5#)_thTGm<^~cdUqUvN3eql#^7NJ;n=EVrFB|XOZn* zmHnruSv7`~QGvKpM5uF~^`vFchQ@0?6MaWYxd!lC&Zxym`^29A0If;j-4UBfp2JbO zkjIeCk%e*rp z4YMUd>VFO>G*M>&vs`J~lp@bsy1Q7XBrK9=axv-8JPwuh-ihMvCM^~*tID>dL%VaI zyafU|zxZ03J*C~wpQT;E_Y%f-syNGi1$p0zd{w3D7?M!%TaBU4Ip5Ry&|uNR++IDC znIS4|j!yhwsII5OzY_GBROwdwmg|V)*x5LIgVc%)P8Y{5J?645p}BQ|m_E|qDL$w3 zsP&%?Y4Am3sV&ANbPXa5U>{LIj;~ZDs-npY+spgR@Y(5I--q<;OI>>3#1@MMz1Tvm z-dH*5&VK_#G>n=%KNU%>zKJHOrfLw2c5j##`CRqnb^L4Qolf~R8>w#%2PVO3C(wFA}kkEh_`*xcr9LmKA++NaUP?lX|w7#=L`y*U}vd5fPX5Bn!-nG zE|+EELl(U@oR6&A{H#Lk^B8f+#d?p2FYWZiI)ZJoxR>v#7(Yrpjnt1+)AdN2)$eZJ zDJ`~=*>F1^mGJMz%|B1j{6}M|X!HHEPH!QKOOuyOFQcspHZGRTZfi1BqXjEY3wsmD7$DWMEL&zO!!&i zPYr9gx@F`OJPROOVEDsFp4j#xr|~z3(!upzatw@XVY}IOQ=>Eq{Fgjl{o(Z>(exdbm=Z75j0`Q;ZGPj zpv_66veGT%OQtNU6?^Be(!D0<;q~{7Gz+DXciYAL_+cjoW*tZ!@qxuNRW7HGSonD@ z1?{Ym{g&l85f#BWHQM|(BHK~9v%Mj0B$Y$6r^*q_L`q2;>e_O(3D1k=D3vDd9^=zcEM zG|Rg~ac3T(ZJbDDZ@b5(Qry-N>U7T*ov%zw#<7x1Cg0&cmBZ_rG(yTpK@8J|$x=B0 zcQv9$(MzdWEv~Pup|`QQmeN%!SSjI$r{z|yyb-Czb#FF~ZeC5?rtI<5pMLbmBi8Ko zne6Pqo;UMQV>rVCD~#0qO>wMhPX*1q_X^-Ip8SyBpO<=xK87-hn+A^7^IUTAXId^!qP7cfx3JD06L`J#iq<(6yIvF=vKOgl=37<;k@2Lk7JI#tM4C!{{RyFHR4Z& z_I6sVm)4ruw-C;rSXE^|#ZfET#L1s9{8ji@FNU>CuNn9?^$VX5w=!9x0yiF|Pp`Fj zF0HCu6}G##LK`GVt&l+U$75MJXjd`I-Rg@sl-^vQXaM}7xo@Rt+Gtn4C$^4uir|h$ z#!i14=c!u9RX8)K(tInY+i7bAMa=1wjPN~&>s{Z3H2(k`_%z)3lS$L>CGg|0j_PQo zBWNSK^f>EYReVoF(4|TBJr7^-<%pVXOGUiAzO|7R%yNOb2^{q6&2|3(3BDC+-w}0m z@Q$ahe_%->nIX7&HimF=6F#S=E6A%-=Y2TaQT{6Ud9M69@%6`o{7tA^+E}qNTS!hu zIOGBCgI;~&1%D0d2@UH;(N8AJc~s;}^!;nks+-jArq4ss{8?>jq)Db++d(#-$9YnK zvL8|2yQ%&d$*g#4O?yn1*40oJjy8M-_Qi55^*8ouqvow|OiA^7jXLVo2Z?sFs$hf9 zTIM0uFEmZs1;iHGg^C|KDOi5;Bhwk{gZ(SEljvaMW314;OJc@Pvd1b+5TwZK_lfkb ze&y9Q3Et2=Sm%-IYqB);CD!P3=T_Eq>)9Z=j7=GDF&}8a_N{$0Lel(OdwDzFTUg!W zpzg=EKM`HjT0H928Ij?=Lg&M`H<~5wy5Av^L}tbUbHD@We@d+|wS!hxxD6bV5>XqS zz;_>=c1B%~J+f)w7gE7-r}>av+sGtB2?MWubrtj`x8p4yUx(Iq3K#oalJYwYw&Bz8 zrl~ifH|%_*+SSCa&oL9R&hd@`^cB^3C&hNUEO%CCPD_PiTQ9~loPqVtbW_6jF&S;A zuZ#6GSmP1E&+@1obK1V0@Hgzc;w@&<;AwM5Yj)>kaY)04JqTW=w3IB3X{WLJJNr3& z0I;{w=d$tNhUNbNgpw8!3DE3G3jY8WG1LD5uU}qxd*J=Hhp0#lVXVu7ryq2CR}}Aa zsWa)lH^7!Q5JM%K`Qd;kjAFerMDYAl!pK6P!N=CKj^IbAXz{}eHbjlcBht2fEpHXa znE{n!a0&U2D|%)!Ae|mLNyYoao?gi1F)W6}OC_`27} z^XPM3!7h+6sEmhlG3;yZFAVC5EwVhZDux*~r!hXvtKwZp?3WPB45}jIlhD*R+WwP& zVIPp{(}D8P=!PMB#oud>qhzJp3u~ zKZ7*|wtY-nGTQFO8-vAv96u8N6zd-fymR6o1Z(zpR=0L@u!AEi(Swhd*jGgdX&A~q z8Rv4@g_N{NRoAZJ*1As%&Gs9^6ypf*kQDUeueVC|pv+o7LcSSzhJAZTw}MF#?jcMM zP@=p2Z%B*8`Ze~0s9T%prBAt#3BWxKRF^=DKR>iRXJ7au@k3A6w0LIobp1d~k?z5U zE#oIWhBIH=x9s2XcS-om@UOytHPNqzqLSIfE=KU)Oo2fCO>$J&@24)O(iWFLX1KSU zKa|M9vOCw+UI*8$wObgaiez>Bqyx~3<&=7rBuDYb;J<{wX>Wp`5Pk-D($X8vFITaV zEz7851mI;^eZj%}4S$^H$IpU3BKRNiAL19nZyP|iz9I1LqcyWg%2i(9b|YX9VlZ>k zqLSsSeRW?gKUaUi!f`%Wy^N%<4j*p;NIWpdQCW_JAlgfiae>yoNIr)ov=RjjBqdII z9x00pLK&3^8P0Rotj);?5vK%~0f#4df2BttY%mGEfH=o`49N0f$1A*ysL$zEZPjLt zWE{JD_w=A@EQlE)&gBQ@{Ec3Pe(b7n;C%_8>ZVv&l4B${4qaq8>C(S_Kj4C2wfw&a zemMAp_G$QosLKz-j~1{xD3S7(mx?(7yKmzk?Eynq(CmY{KeC-eMs|7O-yGB1V1u8& zhmc3q5NjA*3>~;X!bN#?6`4|gOWcJn*M(-?A#L4 zMkAAuaB>vaO&4tpX0*`easx3&e1cb+d#V&6hamE6wlcBBAXxSQ#C)9wd)0?TmNhO; z#KthaezjiE%wI1NmXDGT6b>&M|<1|la+UZmDDCYOC4qhR0Y@~@XVbs6=q z5dEh95O{mzkHY@|82D3M(`|2A>|e>=fU|$Pdv&iSqB^NPPvgJDe-8CegdRWfPs8nY z+Urlcvz+~t%yYJA2LP^nj^e5-{h~=QfCc9Qxn$2$oQ+L9q!VUBaC=vMcV(nLoo#cc zUiq_Q_mQ~6D}RM;NfB6w_}oEuxH2v=5NoxZ$R zu}SE8^&`;zY4C4};fmrb>si)&DU@V6{{Rm4*=s%^hVu!rh$D`82DV3^QYRl60z=1o z`J?u#ve&GB8tS^HmjoKtkkK++TDyP;;Cu63)OS4kr{fNhe;%GKmQ6TWMi0#p#$(TF z`Y%B#CAGW9KbaGOj(8R6L7b8|8$`OeyGX53<=>L072$szyeX(lrajo6IPM`hn%tob z$_LZw?_DZ(GEqK5x3Y_Ik!H7!;ygAp`eMIV{{UnO{@dZ38#lAHI@+*oG+>Y$j(;l3 zbH0YKi%03NhkhL;%Z)cw(~NEiZ!t#JL!QRIpV7QA_8T~(mNpRqjDyMdt}4vhF=nJG zZEL>Udn@*A)p>0a>M56Zm~e1G>TAoWbW=Es812^L<`#4lAS&7a01B)vjjZhK3cX?Mn0M2NeUuyfsOPDy7Bpy%o+0vo*S+Mj=@tcH1RE#BH@%9Ga}C@L<; zF?Xg*Z8&(}%tO>wTRSiGMELJO z5?|`5q{J6v)))eBmw3rJ`csRuHH=GAX^#{>d<+A1IqzJ4rDLfyk^@mFmxu8@?Q zYs1k<>MB&kY+7DQtQJ&Z6CMwxUAhS(4ng#)i?|%5w(`5UEskqESh7jD9m6>KR80Xq z@Xl}$A1rzrn$R+!Sr|XD?NA3vV|4^dqCh=5QFAIQu|+#^`O#o(=I3Z7X8D4!Jq<_# zM;h&A{HexP16JF^T3)7++_}WaNd-v<{{XLCr--z9Ef|o%zaV>x=z{~od{q;h8-|r# z7z~0&dRK+VtJ}#VHuRE2J9+I}8FMqb(RE4h5oCpzYJt$#v*{YhxP})anrqTcxOQt)(8Z#?*L?H ztz=SmI~Xo6tpQMq=zdLt;-y$s+VZR2^^6??t*)3ei=%IJ%wP;WgXmxBQm1)$mnX+24qQS_O2raGDm!M zti49y+HI0}&fI`DioRVe1-QkX<-D>hMpzDTYn+)*MD|jIX&D@z0q<1?BNI^68qrwpDoMt3SQh>&lSkC;ytiqhb^wmGvJvzhjPYDs z$EZ5~1x=9sTo4y4W0=2s?rvWbD zfx`pVt*l6i<*Joo(*~13NYLB}yvY>p=nt)Mn!Fb$%>MvMXH4V++J)p?9gYt3Q)?NN zt-*!IT>k(SWM25B#PKn{jx*>_Q&y#8M$caGe~2N}ZB`|oH+9A^+0A-wy`+~hv*7N> z6q$=e652@$2a+O<(;l^p_5`||;B1hdwTh0m5z2U{Pq-GX6jL!_o`$?O^6yo*`%R_v zL(0d>*v{eaT3K4dF8C4PT|`DB7-rqm?$^*;t>cU+VdeIzm9`KEb{kP#uVO`8hg16+ zpE4gc2*ITU2NA96@M-M#Tf)XU=e2oXh<+?+@-Wif*5X`bF3e!XMg8>h^zW`rGk5YKlPDaQk?aMXy?I@{!HJ7D(kuJXVxS2_CCd5FGZccMv*9Q3T9 zwKP)haQgO_d1WeGLWW35Jjc~frYk1i>h?2n6zIk#Af3Yox*+-#p<}TLIUBH7@UBTq zp>{s+@Gp!OcY$uF1pKSDbC)&_-gnuZu}+m00VCbFDX#W)=`{{V+4xQi>b3w9kva8YR5 zh}2mgb&fpakZT7Xh=aJ(^z&_%l0+&`Z{n`yG_4-y(Wa4>D}@*sKY0BsL-d2gYxl;xGeX?sS7JHH0 zfN_tT=D_3YSa*6{@j)cT@&Mp>0)tg zmd8zOwu}{`MGVJ03ffyUJbMw-arwFKC}GNsne2dbwV1HrXSF4clrAP_l_Wwq#yXl4 zGjXxp>9&b!8HmURITa=3s4{?wf$lq1##S?$(8R&q%N&ZJjAI?Cw^~%QTdSmuMtK{0 z(w62YoLt+bwDKg#@VO;NAFU;m3s8K#vhp%{u4apjO*CjF+lVs5jDgax;o)QeGch12 zJu6sjYh$UkwYqc#RPD!3wbW^|+q6Y5?Se9l4goprb6Y6f3RNUPY-`$!j=f9m?k&X*6vev@qtolGE3H zN1owZdZHJ}FUd9OmR8nHWEF{gt}q4(q*-2F9R}Gg*`;M+mHzE?_HaTFdBuwkGma=C zQ92zORJ6XgX9eRq$DsPx(0WF_V;l&DQOb-4L%^-kky~EYY^S#iZz~4mFb2HGQAfCV zZUy57QM9S;Oe}JDik~*;--2>+)Ym6_4AN#8?gz?pHyQxf(zIoiGRz~`z!HD1E4+(J z(S!|aAXxrf?+uLNfH=KV!?w3TqY$c3-cmUNxXoV8?3lf&XNVJn(3(zG1Nn{dOqY6v z)y>>4)7rj5wtnfZcf$=lH*mo+@10w6NdEv{nEF@INu2(t-JTxO?e)I}+~1T-omMF1 zSBN$|r3x_r08UMKcAulI#po9>ZIv546mZppmCk8E^)C%w+h{t#*0dIVF7?$?UnuP) zk3;XxeFfrQ3u!+Tv>Qk-rk-7T;x8#KR!p=@&j;T$iFDrQ&Nd$oHGczZ7g|l-$~}{m z-up4Q`X8XjHRV4Nd@%&+dnJUiT52(|0yj?M_`Q!5+A2Ggd>`>E#B*rk!&teJ;p1N^ zPIim~jE}~l__Ius>fx?* z_-p;c}-K z`4n^~9qZ-IdqcX^E^eceJ+S)swLv&JHL z)=U*7ADD5?d9CiRWpk?`(Y(Lx$iY-cTsnGwl|xWHPCai=*7Th@b{l)J7TvyGyZ!#P z(Zk_n(X8gYuz7B+fZFB9AfI2>wSjSskC*&&ADyp5b8~25v9)s|zCQ5BKTf};U(`Hf z;oTm_H6mAnRNAcT{;jdob}>|R$79K_rMtb=u4dBZndUHt9q_q5Fp9%EF;e5U{52t#d>y&6}8!h((rAW zaFZ!K+Hc1_=@0I4oE0dNOJXgt=z8<;Iu0%I*w09n9ja^57 zbLmrZIc|0OcZcq;RLgZd3ItoS*&{xckAL88Q^c22E{Cd-dk`L6Tkx`s@-S!>k}}7K zwJ#66`gP%+-ccbZan28V^zQ`RHS#W0UE$2ic=*>2S_uEzfVLtW3?=r@57u_QpRcbGf$kuWtB7@k3tGE@h8gx3a!O zeU|4W6;7ix(lw@c7rrirO-g5u-WZxv%&4n?p!y1?vr9ZLCEt|m8}L`6=cnUZ#aP}c zZenU0=D%}md8KJe8bIHEKu^n#a5G;s>+$P07jFim1=_425i5_DT>4d9+AhWgr;9G; zx=lSdBs;$L>?k>}uRIm6KA5_7mBo$J_7XY3RCuqS;hvSTq-mvy(p^Y&WJ%DGV0zS)fZNl_IadxwwN%=^Ml*zUX7sqPSI{7lSaQ65NgoiuE;<~9mzhm zrL@rMjX0jM;NOa#A=1-O(XD(%e{H7BGEzy2KtH+%Tzgg=o+Y@~Zm%q_=eAO;WQ2~a zxb8a~{uP{t>7&oJi6gd{MJV2kcw^qJ2yHI(^ALeU;AE4|eX1L=m5u)Z18IBpYkNs! zV*{O}5_$Kldar=)F13l5M|;T;*zo5dgZ!z+sLWXOi;WvrlStGpr?tF=L$>rFK7A{? zu)P+Fw=l@6>T%Pj6S5?y=Pt@9YqHXQ4U@;@TX%*C=Ak;OhT{=q`Z(R!k zw7Yz~_N-3`>n?TEr)u*gnvnqr$j%RX&<~@3;T?weM7e8uAdw*%FiHGlJ%x5&8u*jp zYd;KXRx)Uoc3O&{fp>l8Vby@BovcqK-Hr=N{i9&h?zJBX$)?3~VCY8nY$R>df%NqD zuLIU1zt=VE+pRV@S4?aK5%dgCUcU9`;%1_*cG1FJp1q-bAkwdN$aOSppY26Wva9l^ zK7-c1U%);Xu+VLFShbrO;+$mKvyYIe9Ou{4zF!lMXR$*FmWL{y7|^eEX0?WRG{JJ^ zp=Qdflj-YSWWVs2d@s|kG@W5|{b$2B8DyP5)#KOdE6tWB=V#T;T_QVErbDe-O>5*c zW0xCS+wwKf>KAsfYR2zOXybN~T~~fYZR)jAmCN=euNiBa_lgCKn#7apx}A{uC4OWJ z=udH6&Bmv3;!9=IZnV&=YTMy?6cP_|IjVaa#wjzEzKd7WkY6lH95LjM3J&$@`p1bp zb))!t#w%Fhn@zcmN-~a~{{V$x>7;KPA^!jmv{cltH63R8;*(Kw5Uw+iujXrp@!yB- zBh;@h?d?2=XZe)|dU^`FYf(v~OW}XRh&)xRwUm<^JF=zYa!ASaBfom@yhHGk`$CrE z`%X1$FoEOwHk|wV_O7@$ZB7cdJTfayHM~U)l*lh^e9*ET*w{P&04!GDkNy}ZhGt(8 zcsBA0EK7+;lPEimIU943Mr*2+wLI#K;-i{vZ%1pnbm{GN7|Cg7?!^B9cveGRYPz+o zX?ph4LkG(giU$09@t@~johbA;*_*2*`cStv_h}b{Am+FR)`3(GkE*|Q#KToT^?wX0#Li!3ZaNfpI*C#mnhal4t7NOxE4@^d*BsTEgaK)7X+()f?7Kd`5VTRT5 z<$=Q}=7F|5S+*Z#EpUv{j)aQx_e#-Ya4re+HZVML8owC-0N|zn0J5y!DATS!DR?tqdix^+&+J z65U$rv#q4hD{T8b%12Or2lcPEH0DKhaT(-;TA4$0!ar&+1?iX8P2)W(#Qy+ngpAIy zMZ~9f-5_>3udDw6;FMpr{r>>Me;>{8gT*&GfBYhv?COz2JeX@Dyq%ftlk}`qH;X%I z+o}CdK`^;k*;JThQ6x>A?nBVmq5MD9Q$*E%$uM{#l!6aIn&Xn_Z6tkPX?DdSyS111 zi-uMQp|9sN{tMyz8{BI8UYGl3d^^&-)wi@Zeky_(@?J5*$lvasGxV-3M7a{1`z?Qy z`>%5e#QsP8N2cwWE+PS~nl+Id*o@Z>RV~PpMvX%r32wFPuOp76M;v2hXKQ+T`_(r` zS&h6hwBeLCaexjv6}o3B6itK+Av=`Q@QSWLAZPTT2qZ<=tcku*dY;0hj&X#Iw*03& z4u*qRmQY6f%ah*+9qGeih!+izewfRmI^uH157Z-M3A+Vh; zEv_x(*wK_bzbt`8>~=+;=r8{O1o!={w7=T_0QOk;eepKeQna}7g{89T+VnBLOfx6S zcaEUv2k67nzPosy%KBL5kv7Tmsm}(uu`$%t8wn!2up@Qs1ZUd5L-?g(VQ+hF z;uLSQTiqWfatF#Awtqj?y!ow3QMvOc#Loc#0K!|~&k%Sf;@DkXNefS>$*?wC8Nm9A z{!hPY{{V#=x5Gb(_cqr0PxgMFI~e8j6oAgTB#yw=^yEaN(D{L&Lh?6U_Rm_RNJc8) z1QpvBaaM@+X!a1GV>Io=e5J76u~*7-SZYW2$lO@=2BUIg*%@AQ*BvU)#A&km`O8 z)-9I)$&rJ`yM}&JI6b-d702px>(+L#$po^S%V`2Kk^ZqWgZgt`E+Q>x&dAHD>zXCa zv{vxk8<91<$O{Af4P7|M>qTMcnCxkLRoY3c>p^Y9cKc<6nWS-|ZGM z$S=_pu#ysfZ2daszaKQC_Pbbbt)*8&0XRA5(zq%frX208Z0+t4GqR(FJAv(4&-Qqk zg2*C3bDZ#MY0T?sSjM}ONur$P8a{&qnt#LJ6khl{#@c22?;2dWhU7Owx!{j}O?y}X z;Xoe0ccq!<)<0-|4S3eqP_&NCXIIW1ES_0Nuc&Qx1)bto2X=Z_Y+`wJ7N<=aw({q> zkOWm7GtGP(`&f9(U(q}vsT~H=>szpyadT}FlE8!V*Ig%LhHyVFyfg6k#~vVuRn&Fu z4_mjko-NkzZkaHX(<76{M{4>f;YY*o62)t6rfVK`)4;o0Q5jw5>FbK^jY9`W`%A)q z4BeoyzPGk4$h(Mi!wU1?kADn2S>rt}_UA$HwY1v5K&YE@{`WmU#;e*9?94yePvAYa zqoDYb!{aBzAFyijP6f28fP~w}bI3pEHTExu{uy|8;mgi+jW!!QL~N_1TYjA?9YWMm z^sj?FL366xTeaP``LlxH=Wx#%{43oW;H)UPA$tnuoQ9Q*$#m;`jNL~$j%?tstu3T) zYcz7G4xsWqMRPP%Wn%}#_WE@9f7%w7e`2`7R@ykO4X3%dE}%y02T@tWb7aJ}yqd|_ z9u$oA!3Mbq{8QrHFIkq}^72hnLzZE&2<8xY;P)S`YJ}PEI%buBaRS~an2|8Z1HC~# zjlK7qYj^{>;O^}~i!)X~?70Q7iF}ZHEpDp$u_NV|xCW4n+qIrYQmR=q^Ltf!APgCm zb~ONEOKo>1@{5qCy+LgR_VbBG?Z4f{0Cmtmo}|ecKz~6~TUk2Xd9WO!5L@X$8`lkC za8hW@am}0+2faEtWpFo>$4t-#h>}S1x#R0ot>fUsBaBl>#k-7B(HHW<^zB)bJU1*J zNWdWDr%KzDlW#$`Np6xYzyf>ruESK*#+p_@RpaZ&QCT?H(lRhLTgz*kRz`#dz~=*? zuRN0aDxzZJaa1$z|~ljt7MI#5|RR*52bK^BGzs64=kx;E#`a>_d%^^bN8M0um+9s7!x5>AW5 z_ck(#Jk^d+qmkTu)E9?MmO?G08Qu3fQsrjRy|pru`b#;OTEBc1Cy&CqjXP0};5=;N zIZqfp%?csRdAG!#qdTv#!?N->CZ6L}PHZ&bz_?02?CF z?oF1trup^^0tt|v(H_M8E9pNC_>WB2)6CQL2ySCOhnjMTIGvPH0hMEe*wjv9ic%TI z&^a}X%vvkXAPllaDwV48tSu@il^7l~=~)=b5xu+HNLnH!U#&@omx4A(ITR8>DY}JO zo&HmweAa!Qt#Y?QC2_YPe8PY|PR=VGLe19YwoTY$t#X>hgb;2Kka1TB&<fws)pNZ5HKr^)NkgB zeW@Yx{i@>|0a_hGZ!skWOJ||)U2IW{xIE-o!)KtPQMegfes^3jE7yu6h%Aa(JJdy3 z&CJ*P6a|&ak>4GKB%^ACiaq}TO1%iZ&U;YP(&0!d(Z9D9jJDFouM0~fcI#7kn?)CN zEp7DqB(;>Zs9QUa1!?{w)RN*d+pvlW_pM;H8RL4Mv!%~(aTVB!#?rXYHS#x!G^q5u z>x+#vY>r1RLpK>dmDL!Fl+y72wRH>!%7KfhAY=Hw>u|o@5 zXqKB77JV;ms7rp4!m0#-WS+*UOuCSqBCNP$*w#|mlc>{eE{t2QRFn0sdmG3iovmY; zOr(NSJc_^%MS?ei1et)9alyrBNqX|B2nr1L??4G1ymL^Wqo@jEYIc`*-6F^CaBg4^)XY# z4D%x0Tq|JLNpmHhqim&EF+2g9cIsJ!Z)+8)k||&MBI7x?4amb{Y7+xUorkAZ*HMFry6OqFy!32FP&VS)sPirJ{ z8;NIB`MK{}srLlWUC@lywsG4#Z%_sYrE6SS1Ld?JB&V%Uv;xY^@LRMusjv;wHjeVMg1nwiD$JU(j<>d&o9}|*BvX)AJ^d>qTkzeykr@muH+yuYB<>@g(KM|# z&h3Z`6ZOdz=`q=fM0*uVf!4BMT!J=GsK71{N{3L6BLfqGk4mV@zw2{FWS28g@K;Qr~?9mfH^CFrb?9JNtW^ zOO_KswK8%u-jTdcGsU_kp0T9}UNMzBzP{D+cZmEG1+Jkb>?!5*hXakr)X;8^1Nf`( z^*l}C+sK3hUQ2FO1*6A${NdNUIWCK0+V51|{B7@D zo}UfudnA;FcH|8870FQ!F|pI8wxAefE>?kV$G|>US7KWq<_(u;5l^pW-WxGV``^7i^wN?H-jinee(mkd(gEDoUY#XDBDvbusura&YrRA+!qWX+(D zjXo`WE|T42)@_6-8nAf;OdPQ8Fb^GT=1oe{3rSQgOv8|JxZ7NnPS~RUmvb8Jy|%xG zMF-1x_vEP_)!56gTuX4*+IpmStICn`s+@NMxu&(bQa-=ZhaP-KAl zMoA=B$i5!&&aSr*OJRNXh+0kR3Xhd@_f9*d9jcABgr;mdl#FAKdX|QCzIMo#2~O;sbLmshpxjGlZmrg^WUSHgzN{SJm zYMl1>uVYUOptDI37LefNa0sOmd6C6xT4bp!g6tv$VzO^8Qq}_+0`imkR_1b-Lozwm zLX$YzfyHmGrlJ9FCdQ2V9%-@;A5^hRlG4bsg*gM-ux)J7BxvK1u;?mmZkjslOE}d6 zbbier7Ffo>J5|MNU~b1jrs_!pG-fn^sLwSHp>qVN-a>3_=dTs94rdX5rc*Wp zIXv|5Rdn%j6s(R>4<9z(f`S?8+EvAruD0?_P_V+1Gm}lan&VELl|hli9s%h^fT5}Q zj9jcsI^ZbBdhvZ@Ras}ABfStDfO=LBb40W}w^vO;9j@)84cw0$@^vqny9kG$mE7!eq%62!2ajhb=kO;nojAY}z5tz*@HaCeAsaaHfyH6Mu(pofja3#H>i)e;+s*ET5l?FqpJ9K z&oJJ^jcz4iqmVP-9jg`zuUAsJS)wlp`rh-}+_&Pd4(hXMk!m_7qY5$HS`bKR z$nJahuVVON;@wkBwzH1j=2=-I8-~(LHa|MjHnDP*%r77OMT5l6cV=#Tk zWjqEZxO;6fZx(5-e>{RK;UPzls}FyrS3?O#$0w=jdPj#PdwoS@w~+qr97mAOdSvth zvafUrJz`Y0?pJ#4ZbVATNG`xIGueO=#xkD}u7CgSEH|#Y|Pirq4C;&y6mi)$Mf%TTz+i zmuZSODwyuXbmG2-@Ftg_c$-ZcmYIDNmj*q;85=AJ>&;&-gM#XLH^d7c5^py;VlC~O zv5rIpZc=(<+pTbVcZGEwCs2b`o9#=dl_QrpE_#F8igrlqgw?EiotD3AYKX>Y#za*ul8v<(ZwUMJEM zOS!QZ%!Q8Pcs+*%b|RykN^NM(?I*x`MujBHX=E*4B?UXHbJO|K>w3S2uf%JpX?lE- z1rW)xc{mvLrx{$ciSXvBt@vY7R`BGvAK3~D#Tev_pMPrfrqJ*1?Pl=`Sr?H;_Ci9P z$DCCX;(8B;{w~QKqT9)D12ww&FB`%e3+cNRt!%y>@vIj&mT)Uf;J20rer)^mMY@pH znd3T-j5O^7#CorU?kqf;kfeOaXiWCc^sWL|zimnzjXF~ZiGfuOjo#D~DA?4!)aRae z`&!5*WAhR}oowjVk7&s|mhznLSs3uN8A=_CTF;Lyu4hYEu!{L&U8JJ`ppWkkroMUc zUa@}-^m`-;ZthHr&;jZEs#Fk_GS!x|soL8WMfqEm1RM(X4+BMc;u80fn4mErX9Vpn z+lAno&PAnT(XX!J)6(J@Jja=1+NDn*`q!D>YPS>J+xdE(+DC3gh9!IlJ&Sks;)1Mc zXx|Vu-Dh0XqiZ-PiAY=`?R@%<#2WNJ7(pJfqnNcvWSLQ80ft!@9f#psMm9C&K0mwg zj-zLBGFaTS!MW%(JK` zfzXrBHM^pCa`xWMUg1I&;~h%#QshLb^fY6*M2h7K5g<4upVq7Bns1!)2=AV0v*v#D zzB>$iRH-u`W`}ATW}5c{`(G<;NhSR&(X>r5JRJq5tKscI+fTfY%)*Rs1CEsCwZTN^ z7gN@!)+CwkXOiAV-V}QJ8q4uct*K26(LjI_Fe^4v(BUmE-saUKy|IO)jIxOeV77ft zU|i^duNLy!34FrYJocuYnY<;T(P_5(Wp6BRm!od&Ua_TVu!~o^NQ{>(6f-F4^{FqI z<2+X!q_mPi-(-w$7#xB>{Z$k?j-7FDX3(w0t-(yZask)Z{{XE;iDyM+uSaI_WmTre z6b`LlRD2(^n^o5>?XH$6gS=s0LBP+gM<-(*W_)NSLKM8aZA!-I^PPmg~CJTu`B6505Z z!%<13S~guScxVqe;-+(G(JfA=!>mp09uBm9CVLGx z&chG2Ted!OF_J#D;A1focSor~Gt|68FN7>oIlMNvwyh%OSf*e~pFxh*!0Gq**Z0Rx zwF2J$S9DQ)b7N=vLF|rIOzA;OV|$W`*35gU%Pys_GYaOFU-MLafqZLF-rhMuI&+LuIU3Y7#BT`DaqcfIpUVUC+YH3k`F`@oD$kji#RSIE`eIPnALL-^kSxzFP4Hzi%F+b#HjGG_jIh$>>P` z0QFOj?G949G`TjyioguP(pUf8t|vb!Y{waxps>pa-b0 zMx7&;QR-HaB)o;5GV*-kN+%>{z4PIZ!5wGDGoopFbWE$B~1Mf z_(%H~_;%J9^;`QWXS;G)_h)jP`VrIESKK}s{hz!xKhbB>Y?{_p^4Q3nFVeVYCd=6# zlV$red^+&-l4?3Okdf`j%HR;g@Wp!jD4Xk>~Y#NB9d5DT_z~yl1Sz%0c`Wf6qH5I zO>qPWTtvf@jw+q)o~3VUmr%$ggpZg8$+C_wx3Q27?a&VN z0ydfU$qr=^HvNac)-obpz@a_-vKL)1*O zDtQiY0q#v8I-Mg)iu(9VZj1w9fKN*F_^iwbAz2U0>rTK=Bv6=|CmYwP70Y;ozC&Pr@4hk*(=-$d?gZMkY`*x-9ZB>tCr_ zKZvZnOKBdX0~J|7ae<6`ab5N?I(wUYZBtCX(68qaT3tp_-)?rEp#ET2=Ld;=Ev|S2 z#Tq4(>FzFUv0L+2`cj0(z5%3{{Rf@wsP7@9Do&8Wgs4V{{UQ9B}geJ32e-y&-1qZuKxgLzYzY+{{S8SEBq7j zV_Y=$H;*=y+X}7SixN-e12Jj{sY z3%?&RZh0Sf*i$8tLJLG0q&#CDwdq4+fPxEPB69Dv=O;A2Vk%*y`FdpZH9{g+2OC0^ z>M`k42%<4FMgvMudJQ8HN-_rX2F&xtJp)ccHy{rFlp2m%2R~*RXWB`H+ zZc?2BmM}n`&>!;G5*uH9}0Y5t=dEItH$pYwY(BO78}wwf=@sWaroEv$ExY= zb*Fhb^Ja?@Ln86!A>97eT{jaj65r%i#E5-77C}$|%7yxNrYz1$870?|>?(?jHf*Om49r1dK&kKKo?CVh zT>YBkVFA$cp5m09k=;q3)}QOy^m0#0g`)!PO zNE#c6PS#RRaniniyiSNS%)T%DK2IKaLs{_j(6!CI&9t$U*|@kWc*o^m$B)EM1L{8n z{wMgaz<2s~qo>&|^q*xi$An>$ct1=J!nh{1JvtHy+1MoMAQJt0)n$>VFAc;&a!JVP ziprX?*yW*q(!$x5yvGPSjCZboP`0&4WMQbgCKs{$D>S^y$SZO zqI?Tu;ja~2!>rrcTRe<1>LLlxL-OLfVEULIy=~#^7$Gv)+ed86fJQhqyJ?|YUrf?8 zDGkXO%xi#g>?=mh8Q1AP9)f0Qr&xC{JDd#Wq`UBTpK$Wo&X)5;;EWo8Oie4nRz4qL z9kemQ5IMl@-nONeET9~b#YCgjsYqMPEvT}iY(K?{iaqOYO7cf~$b$59*vV*8>L{hj z!zmqW$M52`(l1?Y6=H;vLgTJY1u0nIyjiGf(5y3QmT7c1fg*!~SH3;!Z74RNkh8$( z%t6}Yk?lY>eK+Bqc1tZ1(#Gu{$&8Q)sb{sZxoIU>)RJ-t>p>?qC87z5kywtL_N!3Z zyE?@ilD&EDKphM^YzTnJxompZGpRr#m5g8&pbY4WWr>I@9tdH@XUY4Coj}T-_~}3v zAecl^Ni2tqirn&LL=xII<^C=@&;?kagY6F}RgP21IG~f-j%A_T3jm2Awb8k z_iLrpwM3V2OOoVNPhq5a_1>*{YGnm{*vKGrPtw}sQG#Yv4#T!9BV?_iJQ{3pTsz5b zVv~&Hjn%laf>&fa9CRXsIqqq!mp)izW&{r0R%9C$dxU{)oX01~ z0pmR@&h@AhRUA z46QJQx$1hFwIRW3c_gxGT6Ni#FD6cLfOu+xO>+J@!{mXu9Otc3sp;A@ji^GhNPxFo zj@8nAgoHB2=XmGoK{8}-dAXL}>SYnX%HCkg{x$O-#XpBPuY4~wWVf0I&P-f_X{lII zZJq`H00@VPt@RjIZ9a5~k1WHd;a^nzH}HGu?3$Y_(J@f0GH~Ab{3w+|nmyP~u|}iJ zB#+LT8asq8t&^M@#!|k9Eg6#luEzyH>MJrkt6#J%a?7;mrfLl4b$)e=qAYT*@-xY* zmv>09ug6Z*SPpvf z@wVaQcRA;Z%Z}*8>QIuo&NErcHUqDZRko4^M}#YP&w8TPskpFBs!tfHQUS4tiLl2h zoN-$An{l;|C;3*2R|19e+*`V|Sn|hTTEM=VNpSm{dE%acbF)izZz(Rsq5SGb)RJ{r z+``S3Rj;u}K9ovX-vXQcR&<)gpR zuVc1#Idp#Okq)x^-80)tt_eXesHy!=3Xb7>e_K`&Ynpb;MZL+K4I~^cY1cB_vw2pTe|Hre-GE! zHR4*Hyw`Gtk>o0;9Cxm$YzKGYgAB0d8Nx~k;g4GS1H-xu8ibbqT0{1O+z>xHnT5|m zw}@Cupm}OQ=jmMpGo;F_Bi`fCRx*vi@3d_ieM;E0DnRFqR#o1S_6va}#33b9l^}Jj z`B=|I(zT5$TL7|%R$w;ZuL8NfO8ZYoWQ`LcxnV~m5tBZqjc&@yxdV?{=GyL8C&?!{ z#~e~7#>K9oJaMYalY!h*R`EQ-SLDy7Amv2OFO>1I`I94`YT3EDNg`8kATNQ%22B~) zH+K?1u}dPd9)r@eBa$Ry!0tWyrPR11D^i$Efs6$?9`)vW(oY*4Ze%&n6wRWpc|N&` z6m6a2VBf-Udi1YH@B-fIRzfKT=Ta_=UT2KPc?Yp z@_!1btBE1HLfZ?4j^aJ2d-TP6Ls)5lXIG2@-J3spn~Os+r_lzX8-$QE4teifh314J z-yDj#13AS=9P--vM8a4Y%Vbuiv{A&wGOpf~fZRy!-wPY2K&qFK+DRFWk$3*I4Lcl^ z_K_4f1X&yxWnZ{Dk@(c}+-gku<#h`@84;@CrQk)Jf@uSMst^RAdkiN&8n{5J8F8b|sp zagu?7WgG%eQY-BZD(=qeC@w7SBe+IIX6KYR>5A%$xrC$8)=R5+u0~&z+ZD5@+*!^d zR@>VL9JMkO3`pb_*BMw0h{yO(BDx7I^xa0xKa^Gd7-ux3^gAgdgz-;=wEbsE`whH! zyWB=pL{GI{XUQNI z1oW+7hhxt#{6lT2PFGKS1I7n$dezeOy+=~Hk0a()+D6?KN^;8V^docwzHlk?X}NQ zSf^pMbMb4^D*phc#)|5C1IOo6Pk&>12HBf_2i*g;T8+^XXyPxdG~;~IS|}5$jDw8h zn!(mIi;IXb){ctV%L9y4Nw zb2*Jb{OTnEYI)9=cW)KI@?IL`__C?vHE=q;Tk zj7jKmTs^`Mw1OPvu)yWhE{rUzhosri4yxV2#JhHlA{O)Kb_)S(y-Eah!3QRs$~Op3T`&RgT@t zLF5{BkBMH`o3bID;{*{ZhF+NHXmT}!M=7h`%W%ne2}FgyX29$8^cBeJP)U5BXjNXG zn9X8Y&LzyIWw(+URxI}Z8od^u9IVp86I_B$=EiaCYnnx*it{W{EAK$4s!z?p70g?B zjdbg=8(gx$+;BLqc|g?cTTuScb(>(5fwvWA!h3l_$cAq>oyz?b(u@TrbXJz~Mm*Sx zvCi%*L8pw8vN2hGI}=?HRx^}_UTRlR#SOkU+lJ3h^_8l%)%~bQCn2`wN2Ohbx#sq| ze!B$M5?_>fLjt=v3hK%JaAIr=ZmpV1u+pw2&4f(+% zob){^hMW@q{x_E0E+s4*0UmN7Jq})wYt-W`$u@Q?%{xUSXzq zrALS+X`_WL<7SL52KH}Xr!|d)yw1||R93OOn$}4zX7Zcm1MiPd%BlP#@s#>btThkp z_7@0AXhY?hag3isiqSP=K4-DX{7Ug1hP~pSGC2PLvuhwG46jVFQF2V>ITxs#4%b;CEc~!KGs$Q9)0V*lS-4r)*eKO7FQAlkPbl} zhJ_|&DLssR7CRf8g7B@hWG+t72bs-hd_~nRG@l|1Mp;1!>_;lO#zzOJ(t9( zcL&(@JteQL%uECB+F@?Qab9`kPpLeX9#XZj&&{5GlouV&lT6T?NQJL$5;!1iuay(?l#BN?m_BAR)a=JS07ArkI*-|4cwz9F5#yc_etvIgG+s^SZ zRzsbgSPG*lMDl+Y-fJ3_&+ccGTc{`_M%}xPq;{@%;dg>{XuM55&x&mmPzy47LO_1z zbJMY@Xq8O;9{Aazd@k1h8r*8$AG?P_)e_ZFY<$7I5C;HfzpZ{xnQvBmkF(7r@TA)c z1v|cj^QRKMlRm-tYvBI?32Ryzn_aTCxI)Psi6A0X_Xnmc$-G~D{{RfUS97FzZra%C z_hI~%9Bf57$^AK|S0%JMzlZuo_l@qP4>hzCq<(bK?&N2u9ZhncIkwjHWRpqMboq3$ zWjIoJbnN5mD=9rorwcQJ(!4W0^}J%=?F(#-K4Y9VI&)r$rRd+-_pn1Qr7V!2oz=!4 zCm*L@(yBV{ZGMMG;`rg!ETgfunrPI;gCHP~Po--7F3_dW5@9@1+}g^5C3#~6j&evo zzx{erjfC0nz9`bPX49m&*tWN^BIS1DdgHDu<=-3lR>tI+bcpAf%zk98w*gz*A3;+c z7_LX*Z5g4BWp!rSK;&>M-t>J#>@YQ*<+s`_q(ZE?b6=|k#z;C+`(-e zhas1u0)L2CXYl&=4KGo4nn>kc#|K+oX({Ce_P?lXTSV`f5Q_r;{pPk;r?mRzde-j927c)q5&y#?@zpZd(Z>%*-y*Uhq zFhD}bAdgW@ac`-u;ok=|+N9FmNWW&0fgx9s>T6fx7wp;MrGnqY+5$(dThB7Gz#Msm z4vI%i^)wWWi%*AorLL1SxAu;&3H|5*{_j1Bt$z$ox;5h6N940ctsc@ko6C#I*c!SMG?@LDzG?2j>z zA(i(Wo|!$X&U{hgDZGZ7)&#tpAQA~XlpfyrtyHdQa$gDPiL4>JjtP~Wu+cId!n<49 ztXodG(V=HXT#^+=atCuvYE1b)?#ob%T#zIwaUzx}CeEOqmG9pS^j{lmK-DRKb?@XFj_2gr}{IH!<>`F2I%YK(zNYi9|i4Il!q)j52awm@PwI6G3se=Yk?}f z{{VVGeJQJTHRL?g;#Yz7j|*LC@(e8O(~%jh^$`HS191H%I-O3H4c`9 zdjpn_#V}}k{2INyk|eRem;gK}^)>6hB=~`S!}oJL3drVfL)~5kAc17Ry+l zZ1yt4Byg|I85ksIs6Mr;3^tnOlfIz7M3J4iBX0av6r-+%9UN(%6TZFFG`DLziSQf~ z!-3PPxx3I6I#_MRjp)3TbOS+_oy&1)SuZ z)S}R8vWq!4rL&!_xMy)Zb*~>2RU^`)Pr2*54}@<#3w;Ffn>*_!+WuQaO7!EdE3mL@ zO)}~&R@x}M&<;UfIqD63{wAf}&sLOC&+48&(i>h&SFvaoT!83)NYA-E)=r~xEp?D> zZY6=$M#&S6+2?~?v7>i$r(9bK6GK9F@1CDD<0UxtXRt@oE+qW z2k`wxbwZttrBuaO?yVH~vk1l>lPj#too;=1Y5i`>pkyWo!->Hh!?yjNqcUFvem zuY}(cmhz&>;DNyFUh(m3<8G1TYjjN=(Ao(0#^}F%_ciIq47pA^lRh>vq!&a*1h9q4 z`G*X|@^edls9s!cf!uwZe+jMCG>&&7TOk|5BMTfSk(^@{=sp(sLE^s`OB&devJT=u zGDIvJo~l1O)0)Du`g`yL_AR#3wM`>l@in!kq8zK1Mas#Ha91Y3MKqs8I@C^&-AZR(X`uDgjL)4PzCll;mw) z=`&lH;SjS191u9gL?w>XWxFZkwQO@YsOdE~J7Q9Ov(Qz`ZFB5uJlBm^+-8Br7cTW! zZ&6+{i7E9w8pgZT-oY7^ZE`X6tBUSaVcg=h{{R(gww@wKmJ@ZOIvwNqmA$>I(4g@Q z7pW{(?pG_ypYW|qv70Ox&c)FKrg?63mPHfAf;sKQ zc^!r18fLV=YBJl~Zo^<;eQ6Cu_Pq~VwvCzXXY-M|9Pn!+#DddOg_dZ;V1gKb38!JW zvM&y6f7tU|M9bj11#vlO&m%kGEBsaVN9^I_nA|^y^>zOMNlc_{=Y}U7 z*QQ4y_EJP0iHvV2gY>T?__^Srs_AK|T78@Cw#ddJQw%Z>QaXx>qoSNobN>K>Q2x>~ z_ygip{{RT}{c1Jv_O!($2KvZificm3!!raGbtgk4ngRBYnJ9r{67Bxg75yuiSdWv&X@aD zd_U3+$Hb2cD2q~#JSe)dC+FSkjDkIle;3;3j|`}n5TtQJ-@OVSJx@QbYA`ZtbEf(` zuSUPl=2J%$ZT@@=BAy96VyYPSAQxCRV%^ggvpSl4Mr8BYHIO3=iJ z#)%MMLa5Ou^UW+MPia zc_cw99fYYKxaNbVn=XC2^G}i+-6mmct3c^}pQtrJ*al4;ZsG8BEr2Pn%6w>t+k<@t?2aY&3h2lLc z?N-zIaf2uYlw!Q9kptx)h!zDWx7HRF62{?f6pZC-=KlbRJ`nK#0FEs+uLms9C5`MQ z?bbn%lVdx5iR5R$6^vzKoVp*$SM7c9j{gARZ^V0o`bEvQopU+2`+-t90X%*{*T_#8 z+`)<3r=~jBZ8;qEQCdimWGq-RpZs>KNhC@O!hnSNwAuflKmDi7@G zdE$*4>*9ZhGwX&hC-z!LscFo^%z{ST5l2!z`d6<^^Xea?9}hktX}&bmEUpy= ztn&@~NX9eU73)`;JL(#H+xcscNk(6syXL||Z>vx)%o**r0OyhFJN1Z`|}71HSX3JGF{;v|9d zf_oo&26TFkk*LFKELLQ;6qLt9S)Lo!Z{u;M-@@xKUBr-Z-%s$TVIAytX)+vwvUTRO z)qcr42}+>{^Qw$)N;yqO$2VGjs+wiai*(kK45i8pqWd>-T60RXGBO7UaCxibMGko3 zWeQ4%AFWFsoNifvah!J*oR*^IL^m2j!61lygVWNkTg5s?QrH6B#YodKu3A_fGpe+eQ*8`S$!6=&HjYzBIJP-imi6H6MlSr68;uVH)C z0vXINo=6lKj*m;YTYZx`D%}n%&h_mw_Q{{@voYFpyWWFnY;qA<&ppDt=+0R3%sN-2 zTUy5)OXZH7P*K`xU)il~ zhBLwKng%K*kqOsAY4v>V*(d_5h_v`ucvOe%5GweKgo zia7!~9C61=W>aT5ZFhfj1h&`kM)+)uFF31~t8M~C8!;n*4>+wNlN4Qu?=7uvEn4B_Pg1O;p>iCLVSRUS4GQ9vJHE@-u?bl9~EQx&`UR}8!o*cq=G)BG9YEk9V9@3jk;vFj!19WaXW2mhlYGT~TsSynP{cF#BL|%J2 z83R7w;_qA21LRK_+}z3M!qZB`6O7l9>GqO6+edO)LpTA7@GGX69Dn`A4mJ_l~u@L2}J)G%kR2&MQ7fQRg4Io*+fg1U^xYjNHiK<9*u179Z5endXDvHQX=j(QlK#JNX~4^gHL#Xa9f_$qp-F@ zsr@gX*Epu-)xj;W_pPF=0wK(d7XK$Bb~bOkw6$1FR|ITZ}i1Y6S_ya&%Hy6*aTN5MR=wlj<~A2rOnrsCPQw=3`5FP549?^ql#a&K)}GU#LhUzDUMP(i{U+# zjVv+!osaP^b5q-E7o{3ov{Iw^v5eMygc|mqDzyl}+%9qk2Q^~nRP$kwti|!tsZ#Dk zk7JXUR@<0mK{)6|d3Eij$i9|eB2Ozjfjy}@Wv?>)z9i7}%L1B>q`(e0s^_2QU7v-n zVz>)D00;*J9^Zvag^Iq1qQ|wJWRDxYs#!=5Jkf^DDDFwY_|D@|u+wIm-py{}LR;k@ zHZl6w$UY>!wDBFa&QfS_3KU>N1Jk8$Z4HCL_m^;@+L`5%5kma^YwC{!M}Kz*?{dn# zWOt~W&>XCEn)a830pRlAuRZI=d_$w%ICn0HqmG?%SV?F{Hm8(b+aj}DmMJE4xO6p` z*3if#x4VU=Rv4~l6I14YiT)FxMRuAfBiO_hQh5OX0Q&3auNUZF@Q~;eS$R;+Fa)9y z0Y8m6!CYtN7sL+<&EfA6T*Yy0AjG)^hBE%%^@XHdtgh&jgdw)NlgO=IG4iv%yzs`O z4YKPtw>G+lo1KKleq=uD*A<^>do9fEV{s7LMnMB^E1q$&sz$^*X|%Y8aU(ca^Ds_v zTh`7D%#rXI@;g^F*`nIUh25-e0r_JkMsd)!b2B7Yc9Jo0lPM}tAGm!f!erRy9j>iE z(iY+1@_{GN@!r0$_(|iRKTn5Gol4yKN_jcleJjwW^f8-0go1H4*wCJsudRH-DuJ>BPQ(e?_QIkc)nJX%4peG0x-U&yCESs*zVUxy72@aYe>nEK4N$k zpKk!a;AXWka0H>qDpxmHAf+Qoz8p2kd-JGi9>P}4xd`*;j@DBH-_w) z0|L8GaZ)K9(C}@Ah2sk}`ztWPDbRCX@!<$fyW50;Oj!Z4ytQc-*)B)WR+jdc5bm{) z=NJSL)YH<{Bn=#j$VecJRai<*9(m$_3bmEA*KrTDTuK{>X%jb;iC2t7WvNg0|`$!i%ByDDd}JeshVQC*=$$Cbd% z064>9$Wlkx!0<@O#bMmR=KkPL84np9sYz%en`w&zDM^{zuOqEyPpTp@Nml?I5_$kD z19-E0O1l!en2JhAI0vnDS32FS=&{>?lBN`laX_TBGFwnpXWRlD_Nw1&lI~Er4s(x8 zP-1u5SBIix+{$*J?{vj^=Zf@y>^@ODt^^wzn#(;NylQ_N|m`YwS-&hSi#LD@Z)1JS}uck!{-xp(BiX zQ*6div7XbsGL>f~PdxUmR1GWvmO1k1icG3`>DsjXt9006 zbGH~_p7a|W)y=?yY)O=aHUna{R`dNGBZ?9ZbGxqLTZ&s5?-=tQSz`T?F(Q0~QKuBd&{lF><3#g72!(*?Y@A+0psK~#0 zs3pGbHff4o?K??0827Bt1uXh!iRRSOJAr372_&KZQ|t$)S`2C*RQRXh_l5j>;bgw> z`Tqclr2v*Yh=$i*GF7wphI@P0#k%LiKN?)!UTG3p#AQeUX=V9x-3SZ*deuf<%ws)l z&3zZb_ud%r^G|Vie`@e;PzYiUIXL=PLcTE6b=afwwJGOf7i+QHSPs}VqGwbjo~C5p zBGmL-$mSu;2MFY6Ad}YvwQk;co*Vr>6eQfpi(`;@PB!%K)

Cxh|Exxh%gRG#_vq#yvM~Y;@^b+K9j>fDX^U_ zWpx&}Cj>f?*KokV#Z}RyAiAD`WAN9+THlE+FXh!OrPHpU48YB~0PWw8rE*^uyaGHI zai!kceTp4EY07@+e68>5IjQG0=1FR3_y+OpuVc8CjP`Q;jtR=g$EU4W`1N(5$E9hy z#l^j(Hqb(2OO=b~0Fpa<(sMbgNnb$;7dmEM_k9q6%n0|lJqMtX5x!{QwRDgMo@ z+|4{uua~-2$jHwMPp4|qDA3;3bPGLB$_w2(IBcC_2_lz2GXd0d-mEk&h=hL-9<^g7(Y$W{BY|d>Ue;Ma{oIeck5OG-m7z8D+gsS6xVez+0eIX8`7{XP zbzNyRjcqjWgnZvP3V6qVPPOTfJI!wm{EAT-cB5ke(zqUXfL3mf^&N3=DCOhKPx?e*XYlk4n@bnt3HjREJT@?Z>@&*ToMNTx%1_Erj!5 z+sP)t?tW;~*PgV=vfQoVJwo~!V{s#0TktmEOK|I zA-}n|h-`?odC#j3#=VNoZoDxIO)cBY6E~QuPYA$qN=7O=o(JMD6>1k6mF24hFvxea zjsZFJ6~Z;Nc9X{|I|$`$h9dxx=~%N!$GPjVXdWHawB0u9U$f0~8W0L(I6v)Iru;Ve zXB3x7e_`Z1%;8G2XE@+}DH>fJ55$iLM+T99AdW$Bpn!+&v9E|Ur@FDcxLM*$Xh~%% zz&DmV9aMB z!FIVhUzl_M0PC(U@(b%Z+6${Is1yX)+poH>l-5h)Q+{$X%}MF z`5ty~hl7#OQzfDeR`xHnNMS1R2KgOE593rc{Z97ZP+2W*WP(LyljZG$TE@nyBippy zUr_NS(Rn6W_Z{-CI9&HWm8GmTmWWZE3Ph{4g&FI`XD!Fdjyms2NT3(U?IbUd2^|lm zWy`DTBEkU$x+_HL4o)#1dB^H%Ms>PQw>n1zsT)rW#No=E3fR8X^`%d?Vo8w)$_YGy z&{IsVW^`A+CbPBDW1msdX4N79IfyPxx27xAG@lW87hKS77e}{kKU9_-(poBDMUFjl zRm{O&$A@^kz}_L$b?ac7f?nx}eAP|aDthDaqy7+GTFSyp#kq2?CQt?80LRLI&w5_a zeC(53@Fmu-W2Ii`MjKsnD9N~m$tf?_-nR4|B3m12j-@0}x?o^umh=@jGxRoW^>L=d zJc}8)w|&93{{R5>t|s$ZhVI^2ZRL2F7C$lSX*nBHh0i0pn_Tn5UFtVCR*|7qL)eqo zin*q(&H0FdBQ6SwfXN=!!-%SqJvvmcvD{hwKi72`ZKe`iL2aC!;N`xR(odkrqs;4c zQ74b?=eZu$^H_@aXJV&gzPtFB;m;9xSomX6OL+WE3MonAIBlc19M_WT+T77;fnxJr z9kzLqw=3>zla;e=k3ZF6X_b7ymj~|*oYtP12BWAZpA)FM0Ec!5?&7qB84{WAdT)y@ z{2Xin zU}EU9H@})0FIyld-F@#Giq`= z=sZ~k%1HOnNd~A~x0)L(D*Y?fejI#K@OH1E>wXy2t>U-wG6#6&Sa&#F;|D!Hqt=(R zXIeb>#h3AFX>V^BM`(j2d0ZDfoO{;+rR($QI-E$$0!Y6!kUvm8f1MGeRgSvL#Xk=s z@ew+_bJ;_52_=cbwmRf>=k%^8UDmWiHPxJUkzQ%xj>&O?-FkkN*+!E%>d7O;hL(}c z<~2S+W@Q`lRY|U+L$`+7)<~Fqhwfl-wdldLa85(7F6O#1+lw&hharOHx#F~RpNCrJ zuc|<7EsBSAGqWiqAnc;5QW8hizYhNZWgENi5Jz*WT;ENnvnxdiK%ob4eRE%`ei;3j zM}@S_CsEVHGpnM>i~=KEdNir>UH!(DN^dzA0Z1SR1hL#S#J>$}zPn9P&rd z_ttGblrHTjjio`A&p8$IPOp9982n!fd3&sx4&#nD0zaWNN zWp}ZZa~L=S@Tv7{X{;bVX4i?1K^1Y6DeQ72+^UskUQSlMf5Dp7)V9{pPQF~R{J94q zt9VPHgIy0@dzhlNS*CFj_wP)%@o;2)J~;!qA1^#sjLAp2#CXcm^IFoc?4*L$e>oa9 zSpdTVJJ<6w`(^wWi^IMo)b0c^>F`M@2o*k1z>}Q*6^vxmlPi$?*P55?oBLU5@N3rvJ`s4U z8eXEL?S|e)KO~!a5=q)mp*1gat};Kod$qLH^!QfM%+`+*+*-&R?;#lk5&3=<1+<3d z-Bv(6N}am^Ao6B$kIf}#doPZ za6PMz!#_4Z;Glm3m*SU#4~yi|pwv8}wf3ACB|(6A>7QEuVz0D4M?}>1jWY3>+TLt@ z{{VZQ--UJ3^CC+^gu7h}K2@`hDyss&ckTm_G1S*$I4VFQjnm8|?RFT(C`iC`-;8Gm z-nY4pgl{QKiiG^UW7d{95>O-yvQRlbqL_jsmH?bCdgipmuOJcb1auS{K@tU6Q1rR-XGjC2ZtPy{(bA`aWv7_O`ehEmsZPs!?Erw%)TXfF4M&x z8P)Vz;!BGQxJt_!s3h@TJmX{0p)>gy{iyy5&-*=mSk?5^iXq`!`<&PnJjWq9*hk}D zO=hs)Z)wKH00sX5>((uM$EOLa89hyC0~VM*1d{*92F1P&jdxK-cM(Hqe~LU zD(^9;{IMsseN(5c#k>~L%t2fL4l2$WqrQW~7I%pp(ngCmG9HAF>@$mRmB2VT??KHn z)zd68!89@$#&U3YtqJdEVvgf_j`{6DnH{X(X!Ash6a)FxtpqI~blc_*C;_)JOKt(d zKDDa`r3BVZ6~tSH+#HUS0mv=X4{%_JnAbQNAIh~Y?H1na&1b?9)_^E@jtl8x6Y0|l z>Qv~6xb27 zT{qewWh>EJoQmI>V^>v;fc8DA?8fF&yHen=1O+(FYg%d(TdH|(lP&2j;ic1ELK3@Ha%MKR>| z;(_y&?O=epAZ#O{tqCm>Wg!m7BN-IM&dTwL?AOSjZtlzvTJxU}>yujDt+R<_g_z?9 zh4-XtnSVx##{2*!jF#gh^fgxI%Hq!W#RG0#-!2U>J1aZHjv)-85yyX1O}vo{1i(CX zqy=bVL~|wvD-oUtde$)kWwaNBNftwcTej8~tBH`E-~hpoL+weR z7UoBqHi-#Lcdi=a?e^2UO(}HUmFJ+S10Pjs8s1MbMiF%6*O$+vG?SBUAu#%bf(>cT zfbBF`?v)ZN$5|103=cKxHa5_-D}^X=oY5%(b7T&#jfOoj)~f#P5tbz!cC3h$MnM)x z;EbN8pu9G=?yD$XdR4^8U@)?bGK3xR(yQFun3+~NkEkNGuoQJK63$Co{h{}T&KQ4M z;|{nanUl>5!>&(y!Lse#hAZ2vna07D2l1}cPhYeI8+OV&Fr-P^+F0#`hKTPR)~%ZD zz}t_lG>oMqdeTOXWJKD)j+K#fwPXYgH&a*a#-vsgeWx*StT^YrSGm(328vzC$VN7S z(xt}5mZH;bXGq1wVM>k&9R4-VYZ@iXY-@YO@^g)+oKgamns3=-jm(PA?N&~nx0ax^ zi{_8JPnm(vK@8&ROKCO^!w0Q(wmJ>dA$29wsN#?s5!=ZR$^d5Wty{J*T3lPUQBqa) z??4>JwHgBPs`TzV*DDCQhE4G{)$d51^d-55MpHWt{{YgGH%PX&cMs)2DEBUnUvn&O z5#a<5l`f(7X99SDMf&xsiqxZ)yop(ZpOk$o#=au!E23E&jXvdN&Q;KLO6{i*K0?>L zO?RjnL4`KwCAyPS={_jY;uD5gGlz5Yk$?xetramjBe{Bi6o#_*>#s($*+78IduB7^UpR&W}*n zJb4|a>8!3d+vg|dSxK&0tqj>_bP0r~5Var@D2YRIIAd@IVs-Mo9ivvY&RK~8*?Z+6Zt1y(ZrdR7% z7+42Kgq1{z^5?EPRh>#3R)9#QV|;e+R!1?)D-$Tg94|H1#|gNIroipif?U~7dl=kp zkokD$(A6pYHg2t?mfGWMjP1{JNugi4%SR0HIEH5eQNhPd){}^1MM)%8Zrt^(oLO)) zW=W7NuoYzX?^%=TQkF$|Hw=x#9YslI^fuPz1o5uN>%}%$QHqsZoc?qH9oQ<0(WxLF zM|!iP&u?(gy|xu>VDKr$Y6hI5D`~vQp99o-R*X7?A~lLv0S7ycZU!Ewb!iJLn}jIc z$7<$=r)>k--%4vB^WwiuFGaY4NU}s}yS-fpOEVXCWJwer#@@U}1y!S4VR_ zqguPOA(PV_ipU5pp|;em8V0uxI%gc$iujk|wWZbUzD=@1(l;b7G4-nEWvN?3#x$=7 z-{`&~Ygz5?C$(t_FOC#vy?qa-x@Zcr+cSA@fr2VUCv$sI)J~yhNMiC}eih;VA-cOq zlmht4A2&)wo@C0eEAAVcIO|j|;(K*@5S`t!dRB9fQ)p~?FN&-s*W-BaCSpL&ThI=l zrF^xoSf-OAfRij4J92vpgml8zK3@34;JYsoTFreJjz=J|{`P%q;fuQo^o#Qn#vyJ= zJY|UDv{KO7C1a-0Z!hj3D;~%pA9*(nmd`n@$(8No+#o|PF~RBeu4;yC)PmPhmu%3( zy>d5>y9G`xrxPU6+!Y`l$VUg?HNjDpPjjM1N$tYQzr9>z2d~znO*##m%5cXd0s7QM znx)vUeW2M~TRBxrn2T*_h~$rY-|))6hi{_2gDDEIK3WWsUWFO-GLuD3 z6ST{8{9-b=-I2{(pAg(fYKLOCIL8VrxjhakQn6)hS)~rI@-HJJsinJHxI+HqGO@>{ z4V1JWyu2!eY<2C=HErabAP~$gFI7~KvX78tbgZ1&*G-=g{7mrt_BxEWsbw15$mEa) zSLyVxD6{aUi+q#Zvqx)r6MTuY?|RogN|rmJ2(fPTXu^qORFGthW08uZrt9}QE~2+u zZ=0pwC&}i-21xfE>ke~IW{=R%hrb&Si2OIE*AdR%bELBxzyb*{*4a!YfFT|nLMP22O-S2N-Z6_x-TCei7NppNH= z>TyA*Y_wULV9a=ac+ERR@cq0uHurWgi+NS|e(Ym*LE!#ovy{3U9-bm;qy6#ux^?MM zTU#LcRYvXJm6;Pg2SM<1>V8|@LAoN_iDApFjiY;06W%zV?pP%sC*bR#3Hg<^#a zQ4oL(^XpYj#D#z?1ABL;U?aZ|b!Q|(O@Y*_b6+j^t4P=UIUtrWm-bE@p!xHjo|IVA zm7a3iz?WS&`F1X_PSCftxVg?%}~t*V8!I1JNB0L#Jp((Y7 zIZ%Kycs!r20_9`kcJW9ta&|>8$Ofn{1a_d81J>-kOQgqQk061j63>7g7OSbw1T`i#Mi^o4iZm ztxnft zRdFk+Q=BR9??Fi%uBY=m{hifzpSs=Zjivcb$>$10-rcBVerCE6(fg-P5 z4|>%yO$wDUlA!hVr~|FFyMk*-(&7-yw}4N2i+-Ov$aaXI8&4b%C@_=M$+*R?(+|vq zaJpDH~i(PZY32zOh z_MrE+>yV*FHUfJNmGrlSC$PNHB4c$LOb!^F<#_6G+x#jf5`Byt{V)4Q{&}O2+)NG> zuRkcOx>mhwq+eTFU4RK~sHAY!nVIxohx}hIl9w8UbGMzfS_rZ>#zFmSweXg&;qQoA z<;m19Qf*ksM9}TPT>2WmT?}0_wbwo!ST>2N>5XY^E6*FKk(>Qk$5HQJ6WjQD*TZ_- z=ogO@sQDw5oVOpuYIX?9+7bA(%hL^|ytZ+;a-n(7N%yKS+e19?!EI}>w-_B5){&LQ z=4$@{!Z{SM$t9w@T<1GTz&^sS=>8Pc;JiA6JP^P@SmI;ks^;nj004lYvj&LLHML?JVj>>rM1wrnRDlf zeptxq)7HL{)pVZ^{7TX7hm4u-$|-Aki)E3$3G0d+Nt3bEX+9J_4$*Y^bj#~)Lrg`- zmm8BLe$AihTtCEL6xi!J4aKaQb)Lv_-e6q1;B*z4laoGp(lvyF(TKTqRmlaH8RxjK zN_*>VZ^E}aWai%L8PjXNz;W)UwE{dUUkyKoZ6=RNySTW84o8?iY(tyEJqj`uY@72%kpv%QB~5~Rr^ZH3b;LC)XlUaR3Bi28Mv@bH(5 ztd{q~a*c|>jqx^qUOM$PX6hvVBhy~PO})JE_2dqLw*`FsqdmoVit1OojMuiBftD37 zupPM!aogI0S&y^p4Hn#mQP9_^_;Xm+-^sdy}-Xfb%b-TEUZSGt9r#la>Xt1Rdd&N`uZ^e2Q-JG{58bm3`=QtxfvB0m6 z^*;`4z8C_+8^^niaLI7;Zv+$2{uB_SW4O>Yce9JlS(|SFk<;G2H^aJ`@0#h7Ig6b9 z!-e;tzf$9TN{-%3m@Q?6E@O~vbpQqWkF9Cnd_(aEiLDhSw}~!d+^OX@OyjXW=7U~D zd8>GiNHrO4X1JO=@y5(_^s4RRT~|)C5$iC?so2FKA%Mw<6P)AxC?-+tdf$b-Z=oAl zE@Qa1xU%1ej6T;<{&QbM_$T6bhTxXk8y!X)c*5ZMkM~>fspLjHhVP2}e|33lb7^q` zx;9iW!z&L^Yvy}vAGGU@HNamf&Nh_cdFxXsgVR&mZoE5WbYJYb<&SD~bc}8X>(>?Y zSBg9n9+uaVu@4im4aNfd(t{G2M@?1HY@>z~b39Bo62~~>sm)#RW|-D5elKpPytlZN z$TqgdLD@kbm8oY_s6iF;n`cy!0^{av{&fbFny#4cJh-EUS8|0U;Ci3ZqDw(UZJ)$z z9Ye)7T0X07Z)Ii5gAn4=0iMR~Ht>yz^_w23ZCxDD4N_tti3~LaP_37Qu8=1dfQNh4Kd*? z0|2Ot&NE*}d^-3vviLqv5$PA!^6EHZ*8G_y!05icdR3-vWn;;8y?WnCa+kqizg|Q{ z@=tMCGW7 z*y>(G0mkjv>q)Mm?9Lxh)_=3t>`6O$as$86bDUQu`h%*-_Gbv)GC0j~)t!;ODrVM= zq2Fs#Af6XRZZde!(!FqKT1Jg$XKi6?DoUUkJkCKr)${ngP4qo_Fw(}>pX1A0D3eIm z71G;rMA;B5r?JnbYdciXWxPey0MOJB_vP(010K)^hOCJXwh+ub!=9I8lJHQn_b&Ob3Kx0 zdZ_!})uXA{leCIG67@9MZqj#%fYOojmFJP~SG-T*tp?8HeuX@j)@4MB(k2;C_fON- zv-X84So4VFmMvm9C5_fd&i?>lI&v$z(Y0srSBW9<73Pr*-Mc9avd4hHkLBO+t!c*l zntM`j5_s=G)aOg@4%@Z2mO~iJWUKeZVfe4adPj;PvDG8f#2WG_StM22=O`Wh`qr_f zVr5zNG9%M8onFG}=by;DRLY0tNcQ)xI`Yn2WsU%{Ttdfd9Ap9Xt?B8Z$5Nr3_Lo9d zNDHztz!(D+yB~)&c)rCH5WLMJ1&w3q?0XYkaj}GD)cY&okL<1DKN??IPjd{GlTOMS z7UfeOhaZi7v8Ddbz9#T?qXv~0h_|*ZKYJp^H=_f<$*7sCnm)q#eelsEj9STUI$XrS zA2B){X1<`&^xLQ)lE~XDMYJYySvVQWM@6Mt9Y1xmGbtw_O?K&}&v6uJv9~$o3aG~0 z5arO|{BQ8G&&67ES?UnD?a1JdaZz|Tz>DDxIy)^fV~W%rs;Dp)s9fmw%@a?(ip3U5 zH$Zd7c@>ebX!hvoGAbO5f;x&WOPR>rx?3u}vl%B-f;|OLwrDjAwfjV8InFWE`cfA; z^iPCfvVz@Wk}(@_a7A@qBGUXneWbfFLvbI@2XjqDjZdNEgTy~(uxlh+JF9ruw#fiE zJq>uir>WS9L`Z~O7AF94O~%HChM#pBGCP1257x9~*CQrnfP|C}x_i{HGeyko=2+Ye z^#+)ih{UX`haJay&gi%;PFquw3ptwd25V<#8}|Bp)w}EG)a@PC3xwCpbKY!J&CIa<;T&Qa=Q>t7P@v=e7F+--HGG`nZ{zG#Q9(z`je zIJH}aQ zTf@Hy@q^gml;hs9sF5;uKbl{U9|g5v1?pFJcDDM2nqsNM#0J}fc>J+nEK6)7*y|y| z^cdp1uyed@%-osozXSdxYJL~-D(SZqt=5esYZ-<`;xql=eZ_u<+sKpK+ur%n$!{Wu zLamX{Z>@JqHzA%w@#DeKc&owU?@W#5*6k74L>KQKNFe?uy*K^|HTzh%z|W1ApA7tS zclM74YwY&(+%%u+BsdBR_QB$_jCHZKHqYyVNGvUccX~bGys(f5g^2{Rk&&EM?}hb| zr)tYAtX4NTaynwTW|^Wsq|+x$i+J8S3#q{eHTfU^00pl7kmCKL{{Uy3e~msEw=eN4 z!2#!yBad_5TjQ0$>%iUkHD*+mkKylK)80|`$5`FLD!?DQM+Hy5YmaDDU3JE`lQy{mY;97OLKbx7mNs5#${(A5@{Z#h;Y1#4ndkzFBI z#?W)P9aY3XXLQgdCN{3#A3epyj zer<$TPXor@Y<%z>a=H9K=94?ApWHY65v%soU)tC9Y}5P~;!RH9{uc*=m-{j z8u}|mmr}Rj?Km#JhP?TqpDTESL$cJYHEjb^fxohEqA|EC8)NoAfv@Ge_SEVFBo zD0qwDPsI-g{9W*U-Nml0qh7^1Sl?pJ2I1x*Bd$hxJW+cc)RFz@{2}vyS~i_XPK^MDZ@4Wqk{&XuQ=TSX&&U4un^QkEdxfp(9s8 z@dP*8Obv2Z?I=9CaCyk$rJqmpl68t#Ao7DX;MG=VOd0uW{{RIO{g*9%F?>0>@dl4> zE&NMjJow*d%^b=P&7VR)oqsqw1=Azk>9=EMsc7a4l{^t3I6um=JqmL-?jV> z6$Ytf<_6mse2fr9b>ZYHjPk3S1+)zqGVs|9Se$cRFNQoz4~Ml&8`)ThVvswPJy)U5 zI`C`Tr?JU2e$xKV-a59_TG|U+h>%Eulg&681Ey>3_&jMb#k{g6<>}KEM=YtHu^+{F zw0{b;nuWEjsS20#0OT$`Yn<>;#VsSpo@L#otndIvL#{KP;;AE&bk5@PUGKAT5uU{H zTNX3KF=;HZhv+iEgF}t9FtN4drM>|>0rfQ*k$k{F!wx>RA|G>f@*_mxG(hI7#lK@J z6Q6njtrnd7jPehg_(nOZQr_NJUz>ZYS9lq6Gv0t1KBoF)Gv31sx<(6Z10?+_){Emk zA6?UuOIM91B!e4_GUL{oLo}R6A{Jx_tx%OT^}x5SZ**1(*O0DpyYQx%(y_4~teSry%~YRDkG zfhA0WHxIf;dWKk`(*l7YKQ~4_Dh*Q5Y!_`Kg(^DaV!NAtl3B24!1?K0y#ayiXGpIaD{!!#I?)GJn=pLiV=xx?-r(mQ z@j%p0lE&rukP?i&2XJcO)_mMUcnM+9nr4bU3*JI90E}>Xs*e_-5mvOEZXe#~BhrC# z5S>bOkz>^1+Jxh9UWTZ6gTwY3oJom{Q>e^rr-SvNw2orO!a9YImm*xk=OnfX8KY6P z)U9MkktGX{zA3c20kLB%N{W-WZvAg6Kpx!e>%+6PnxSDubQ0!0+1X%_M>Cw zHNDe_GI54Dr)l~%mA9EPI!(OiAkaG+5!!jv6^9;`)@iWbTPX|`%Aq*;yiS#tpEy0bXiPQoLoHc6!9OQQL+uE!kvys8c z$u$J{RVCZz1B$RX&0<*##tP%MK(2mEC6ZxtBVqbvS2*l+78?=5vM@cHv9ChX-V#B| zhV7oT21%g;OuL>LU&^^zP@lTTIQmuHL1f66Y1@jS zN+&wEZX_|GCkLVGYgI2NU9RcJU`1so&`?CvYNKNLLk;{&MPWXoqHwMlC)T9U*`C(k z_5|3$91QiW{{Sr7fQ-P5{pvtt+*vy}+GBmB9Oo729vSfr32N528w9!97@E;j?gj^m zrnrh^p4{s{N87JH~FBGuScURMq%W3Cl$cQGz(%1Cy`#~razUs_w30cZg|+Z>91%ttdmp>b%8 zke{@!?p3;q=yZ)jInfN3=&#oTuE-9~&P#bAXrq(xG~Xf6w_ds6bfyJ?ZRU;2*zHw* z$1E&m0F?(M&?h50{{T{GR~vUHt~ypdzM*q>DTYgF(RkW=gF%~-y4rBqLHp*Lr`}!I zUI^|Z-);yT9+VQ1=#IKY^@Hw6fo_aXB-bR-eUEsKM)LXv^q|p0xyoNjY$SGVyN5NC zG}e~}GbDRiP670wy9Dt_wzz@Gj~zd)a|ic(M5y2s+*Wdku5_Ah)SgRV0~tJIR4Ij!!f);Et=qUS78wG(lv?IT+3>a$N&_fea2n;-lIcY+9GW z5JPPt5zKhq^9+Mr&Y`EKjcV61zSUph0-riFl#ei z;-}gYbh;*`Z6hpgGWp{N9<}V6P246Z)E}F@ILo+=i?#U`qq&SWdIQa8vdr=-NtYdR zD(qtSJqyFXWk-%VcwFO-wRguFWu5MwBiOQATm|_^Jhdktg+}LwX*N2#xQ|q~JxKEa z$T&P!zN2Wf1@hxwIN)GbPBt_r(=8x)9w|mW#~jz1_`6DEa-n`wdXCi~dHVQzJD}1b zB4s^?TJsHd>g!LK*nzo&9aW0qv-LzzVXlWWAQK8?x zhZNw`+sFby@aL-W1sVKKUdrxNY0Kuze4`cQ)4l0J$ur%EPuetc{}^7&ApQ5*OXH6P`O&>sFW} z%CjQ6j*rG`vXe8M4^8+{<2#Ev=F{~hwMG+dQjAyyKK1p*ri}WQO{{`>6mHyuAP?zX zs$Gt0z?Jl?`xhXT01U2r9M?+G%_V|ICALSirBel48+s{nb9a%H7oa}Ae z>C)-;z`ePfZc951gI+!2t4NkPuI*c9?|z>3k25+{&0mAQDsK+>t3lGW2|WECX-Z1$ z-!MIY#=ld%IW!tvku{vm_R;`j@4@Fet>Vn*BkB(f>kW4pjV50`a0fWeb+N&&G{tYN z_Qno31DuNLrnNZdx!P$L5n9b0YrZ3pIPPoEFLdP8w6|I9(tnhNAaV_MM`NCAQ^#+# z=`^5T5a>b18>tn?-(SfjrDiNM?b4V*YI1s>i6zgMGQzSZbI)qg&@}n%qi>kWf=(N% ziovr}UPrsc{r=2+`MeeXF9@Ahff0R#n~r z;ZAXy-Y-KVgqG#Zs;YLdJZHUYLkr4_E5^#-rD;!aIo)qleLfkR1p@aXzI)gFZzSS- zQv2dpASpe_=B>pY5s!1mZ#6Vqh~hwgZn+pUr6< zqdR~bhf!B;*~F3|xHB(K2TI1|v!k@PlZ1^+57gDxx4JpPHu2LUk%~D>%e_Ho!wu*- zU=;kc=r16+Ss;_lS+j&5w9+;=Y-ZHp`FBLt-^IByc&fMlCtW6Vw#!E=<$|c|>qWbb zBT~-#9c>Zqz+O4rdCd|*EweUIJSUHo@(m#q+dyJPRNT?$a2YLw?^+^FlLIORMi}~4 zDOjkd(6t@B7ijwxC)!4GI#y)%_Di}JwOAWCW&^DbML4l-ZBoseTX`MSp8czNFWzt# zQq1%xSdiIZ&xwZaK{YHL!>*MI}sa}W@bSiHss)P z)Y+l3vYC?Ml{m?lL*-+ShcZ975+j z4u+Uiq*6=0CEP|6Jt-N>VgV$w5DG|v52pg9i)%2Ba@g$I#&bcCsRR+Xkkgqqo(bet zTc{E%ck+Chj!EO3Q%d?52;JEEf8tMwwJk2{>f$z%J*$)oFdH4c>&|=w@tMBfBGm-2 zm+AmGT=q4mA-}P@(EG2#dhM(P?$Or9h1tFRaV^fb2E zn5KE_7W)%#tu?Yy+HN5sVMkyXElao2c6V0BkZ^ z$GdD>hBpQS{Qh;AC#}nxMWKOiET*}*k|Y^cU;%Dx()=NzPX?+bjjpX`3Fc)zI3S_pi6c0S*s8O40#i=zk5` zX}Z3Vr^^_DnE_m=Jh_W3`a6`=hC$rpM&Z3%=K8lHsF?Z{mBzDnEqCkjpy!9k;#eFN{ zy*kS8!@7LB%r>_kXe{zNgYzD|_2gED{MSB1@n(sk>6eCmI!NuBM=yyx#qZyC&afpcB33o zjMzJQPsTz5Ib-QbM_V#^4{f~DG@HF1DZqI(4Wx$OkVm0k!n~H^;=up8|F5s3+Y!Y0ay)Y}jw$QXqUj1)0{W1i&F06RmOZ|G%xb8E= zx0kwlTv|ZF*@!B4jNppqygPZK-&;)gw((s|kGpEN2_XKJLo;Izkr>wylByK{E zu06h#2PZ?;U&2~d&YNiV7Yh@(5|sm$2b>;0znyay{vEs*$qS=-C9#k*kwFSu+}ZI5 z!yoL+3C*qPc>KRN0OX)=rz7#M6GrgTYVpZseil?!C8l-2Ks(T3D(j)Z2yNk-;?wM` zkpBR95zY;5cwbiDQ&>pB`Ht06Z~Z6Y%9fr0Buok~i^UyHmd+Mb~L^cKPHRANR{zzRN<&#m39*8Mpx zqRU6MvNNB06Aol}Ux@85JS(ovYEA1$Dw2z{2s!96P+Ix%-C50TnC=zButG*xt_?CL zx%S_~J#G9);Q1~uEyvnz@~;yy=bQo$dZ^ROBFvE6$@YNfoZw*hpw3BkJO2O0ij zlj)w7Z|v7eW&NRHa*!-o+`D%I4Nkk7K;`Xqo0Zg=E-vlXRwO7>_xp@{;=K|d5hj?e z=USN@$Ai135B1`yM(EZtJafgG&7H2Yo+E+;S)*v$6_cMR=LGTfuibxx9v;)YOYmP# z)om^#)@Pp9NX!9qv-f9%+#HZ-lG4L*vH45!M&9#6@lLI#OFP2tE>a}`c|#|R_vmZS zbj=@8y@2Y*(SFky^4ah)*Er9o1lB@5THj4))2$y+(n~`p%ESzXCyq^4)I1fZY4Itr z(~=k&cq+K({F-+Y*y5~wDR~|A-hJELLR%`1gA42pch^e>mld>Y4AV)Bxnc5;VMAqd zo{8bl6zP|il4omQ$sMz|odorzWzLbtx+|7g4>m z(@|%2hhVcgE;DZEEMr>&VLM|NYoc^Cq{v%@|) z)cikeEhD>lRl|(O$WTT&$A5a>5kP$P@fzKwygHl{Nh~3<#EiE;%Dl4w09-3<5(5;Q zdFPD%Yf`z+X|*GEpd{X0r#o3d`A@Z6u<@6PZEmgftAskbO1?@;{{VSN$}%RDwD5HKR0f+d&tTV*`{Ro=-mJyew5t$9*VwJrlw@+%nll z@!A+}PD?2@(%fqIQL>qlAB+G;Uuy7b-JOuw7E#tIIJ0(*L)JGQnDv*nZfT| z@|RXzV_}+vw$WlcL{Z53K<1>pwVrz@UU4W5t>Zi^9PIWUmEBH8EXj`ADcE^K%I9~bOl{u97n174 z@=T&I{yHRXR><+ zduWS>Yyt@b-oHhD2Y$%*)^<8Xo+1((sO2*mT<=h)rWe<(ZOn<~vHD}-j|q4~N7JJ;zOCz!K}sQd2wOCkgju5zMlo7g`@`}v1LT^ zS#O@(#rBpL-eskg&H#}8(B6me=Dj}u0K*r8-d52rVKWeXrXwJp#-&Q;p3Ln$8LDcR zmMIRjEv?g9JW_2s&n zGTtn)L-Q8LJYZ&~pwc=kXq3XNTLTpJD#{3qF$bJiJixhhEagQpA0}R$R%(dinE9u8 ztjde9-9%YWZumsrPDOElY_qqL9XeGoq^-3MI49DBTb{FLp!qr+mkB5VS3LHvMBT?B zc#8p^2fb8S&PHt|HH}g9yQE(&$L`Aym8;tPE#P=GjWP{BAU6Hsfq=hC>WsP>$sM+y zX0R^1jt5Nlt^G}GH9Zn&wOe$NS#SyJxuQ$CjGd3k&)U!6J)7wF`j(8h7gmzC3kAl) zdhz(z^VQ>z3EcQ!UcAvKo9zyOylxY2Q$78~Z-#baxx?GbEKY?dXr)uTE7rck_&4!B zPd84{b$MFm-QUZMyI?8zuTn1NXV9zxXKU?1y{%CjQYrF8FtIZ#B}s@dq-FkBWhZgTt4V`*{LiM5oh3nIL&#oT}ri& zi@qRe5@>pi)=H#qc9I>S;P>LcHGgfdgBG6?JO!wDhATLmRfgEbHvlnk4jcJ?ROys| zE}Hg%ec}CIRMGVq?clhALJ$V|oqM)DGhE%=aij|DpEx+r_p{hnd=`f-Se2t`7Yv92 z^dqf6(qW3B+Q*z$%0~;(luEEE!2R((bKB`rNf2$5#~}_!9`&J|rO>Jm&hArb?}65= zz@+{D{WhMI8Ix^DpXFn}q35Bgyw5NY=PSS-)Em=g+Uy(3}zLjCZf;qe>85 zLq3;vD<-LG<~I%0iu1DySJdi@EZF!xbj?bAS5CQOXK+8#E!gm`I1Ij-@A!T_s9z@4 ziYRFl=D_YN=POgx=z}<~6X|+)i1aJtnB<1yHilF^6rMS+QXD{4EHJ&pra(|p7w z269OHS1_7)mg?KL5ysqciuWkXLzZu$_2eer@mo>rQW!`se9nM_)~e)-qHDL}dy73z6nJtBa<5;;y6LVy&ViNJY4ogLkTS5> zBA*J!j25NhMH>{{SO! z4th`{UMv=LkcJ+jx&3QH(eKw6cEA(N(Cs`>}0)35P59M+2h)(#WarPSfk^nX%JGpzguwrRBXF{TKU_={ye`r z%yzEN8^*6xVv{|K!n%#VpmOr4Q+9pjPMO2PJ>U8k^H$r zIrYz4y*zPB97!57pHZ520}9GmZ0BGjUn?Z^u8QYSS&>StdwqphBPG2KURl{E^BoC5 zc?YFKJ6g=%eX$$80HMIhvlXN|ig|4rcg6tqHEItGPZJzMR4C3pDn}j6+3r5bS|b{f zo}Kelo=>!<@SiuXI#M)fjwQ8~S~*xG*1-xuyw3f(Q z074Ow*l=hF#A`ed;53S)^I22et4hHn44~qxm6TDqWd!-E2ptV+=<5u{V=Ankgm$SK zb}{^a@bAO^BC&BW`zx^dS}}%39mRS6i{ZUjjsxn0zr<&s(d99c5 z&D_W(7Kh5lBLS}VA~Yn`_z|uWwy{_2+h|7bgWwFJDE2(OK6XfcVo3-MX5!4OmRDm z92}lS2o312QDA7~QI3N(&QA)NoWxl&dS@A}xsVpEbt|Z|Z9nf|Jq9zjwa1nLWFQY( z9Dvc%G}yH%f~<=RXXYg16;D&!rq1y@2~=~RQCJ!CTS7&)(ywB2K1qt?0C8OG`e*=w zFm)Nny=e%La~GD{j+r=?1D)L99+iWsY7HX1Q_RuGN8VG7rnN(g)LjPR@Jcazy;O0} zCc25D7m=9mg}m9%-x(shBF>ej)fW(%~7>H4^SPY<8~^i{bsuj?!;UtH=y7yB?Li zUsMM_s%a~4xf%hxJn>#PJDD%$RkfXxISg&RNc=~&bkmv5IGVsRM(`^gr<3X{Hgxk@ zkfHMe<0Mw*1XeOjXK@^I#2g-Tj8~`W8p-kzVnCAeNFD2%Y}yh%o56Z>Yto>)g`xw4 zmEhMy;%|ph$2Z%O+b96wdVAIln<<>$pQIam)LSV+%J>8W_iO3j3c);9s3)I#g&E_T z=aVA+4)!Hjj`fos+3WSKc%SV^$tELi#;|75C9=7a-bRcz;p?8YqGg_EXTd!BQWq2%G3oWfE>7hT&M(HuIEakSLEC6a*#E<^IDNoHo(F zJl2)B+3lqZI+)a)2E|RwI~zD+h#4CLIK^uO6EG-1T4YW1Itv{zIvfQf8O}P^ZT@V* zjl#5NjQUd`;;y2OHZQ$h7?Z&1P{nm=8-DDgxb!_J6^*Fx66F9f^W6GY70grH+=oLX z(VP><3qXw)yH|uqjhlF^^E8a5H)IZ+^q|@-%bwMnd2kqY=}Q%aQnD+kPH;{!iV7@T zScns3GAm&HYoBeRQyhxBhxdmS5+S`wLq-T#(LwLFu0SO!>mo9qgWj?lmvQTE`x!ws zp4LW5NtBYK)2#+=n-SX-3nY0Ydea{2Eyof0b9W=XbR$UloL7jnroD{I8j^jh&*1Q= z)S080%MmBJ;*&OmNbbBh;rHATeppbiiy7+#%n%ReF9SGY#m%IMI;d; z9=Wdv@z;uNA$yo^Ey^L|J*vH#nc=q&1J3sr;n1-rvtD^6e36gBvuF;>!|1Zl6TEvQ zA1Etc=cbtAg-K#14IaO-b4pB0bB~j`fW9Gx@3^bqY@))XivFr2WIxQ|n$!0;VYdlcbFKj zT#j%niM-JT>=VFL%7>H3Po)F7^5?`q3fo0-Ar@zP$OvG#z^|A7B34Rm<}T>Y z-J>A5>}o0^)X#zMt!^ymFv}0`1b`630~zP^uT;^kG`6#rHYEzE*|Y*P@A}szM07!u zG}hK`e6bwTD96fhYNfuZG~~HMm1Bh?(zt3JFqcDC&g#X0m_|gUvB>CasfJs%^4%v) z^}_Rytz~^|XjqYa-Lc4#j&gE()GQZ!IA1YO0RZb;Q;{+;blVA_oi6QUmra+=-cVzl z9`*N+!u?PCOHPMn>HAUv<_2)P$G5N2y5jnnv(q(iHPK^`pS{Kod8M^YQem5VO4dRvp}Anr;AyFXLNAk;ME8hc&b+(Kk6BD-hHtJ>v_j-g=*h$_g+eo}Bru6{&q zW5V^AXYkIgZw>r2D}u5kDiQ{Jm?+#ntp{Tc{^<6mlwqjyW~p*LE;LeD?FACQb(L zPil!u#Hlnano7lN%?yg$Pk#RZO5`;gJF9Opc*6saTE%L$)0s}XAptB$n%5L4s%@8x_k>KpD7^%sh#&xSfry#_f-d%s?FWuENe#R1!+LE)c`EG8hx@PUf*X`zYp`)P+=+JSYQ`Tz;o&(qAHKHgdkgN6bF$ z4VIA=tJrC6Bcx7)JGk|$Z>+<1lC&<|ebwo>)^25TGS-u-&SNbtxKuv*BAI!rLn&gH z0bFMw_BA~0(mjj%2BkQW!wB3I8QL+;Yw8g!u97FhU4#yMsU;TX`D!{$r^xoPcV*$A$E-5<>BB5ajg)f`{82(PLOMb41ebyftnu z{@T}3jsYVX6;o7s^(o{x5hJTMagM)*XDbxliwmbq$ zWsy|$0nRZ}q-D#{;_k+yrb{Zxw6eF$&O=frscj^3M>&qz=b-4uwTzCcQRsMwkGwe7 zVJ^e7#7WBa1Xs=ycs*j(lgc7FNgyfU8s0Lw(w&j?kAQToS4;ajxR~3-2I$dGA5&jN zX*V)T@Wvfj5ynm^md71q*YuAJ$9V}jjy6x91-|$H0A90vLt-tFfpW|aFb@@)jm%)R zKbc)OQ+-ClE154D?gH)Wh8P@Tyjk>1>pgDj@Fc9wGfWx&@Z+)kE9u%iILOn6;@xG4 z$R&(0JBS?St?8Gl_fWu*9j@gIDCza6aW#xi%Im{lYH)nffTV^aq568)qWCYv7TSfR zR+qODER5SYZUFWA)<`)DUNN=RG+UT0L^8~wK2y+vpZ@?~dvfjq(-ELxV?z8VqE3nAI{*=-h zpmhEN@m=17saxrG*Y~lVrMPYap4HxX*TlMxp%NwGS!Ew|<1F8e1k|Tvh|}#nn8V)4 z)>j)rNaP=UpMRxnTxk$%HYo^6(YfEW;J>h`k&DsX`g7p-iM$^clc;E#taDixjK!V1 zO1?XeHcFr-P6{u4{^Bp%v#Rvcn#GaMbKZx{QBkgwj zjE`+I03jfN8OiC*1~QG$F}?A-t?b%Nw`Mn#5T`f{Ju0+UVPKjS+qu^pf$Pl%N{ToM zbS7KLoLu>v&J{nq_|&=|hp!^kVwQDxQgX5F&T-t-Ihw{c(H`;P{S!~uY?$fsruI06o zZLxWAj<`7u$4-K^Qb4AAhlj84yd9!0pFOzad!bdqVf6YB=T%?E-(kF1;ZK;b&gIBC z1p0kyh8h;R;+xH9b-m29+q}E?qHQs*c}#T2YWfpK@*|EhC=hw9NOtO{=|Gw1K0LPY z)~Dy%>YryX&cXosnz<`&5NOuRZ*?qpR+7V&A+j(>e{n#f&ojLEd*Z!9{ykU2+GLm3 zh~F_I<&2JU53PN1@T1|5jqxYKj}EasP-<%y0?eN&an*f6&T1TuRFXbY_`TqbGeYqt z_Ll|B$LCn(gdFVvk@EU^d{6N# z9y+@k{61WIgpwH$xa{3}RlkS2mY1POf3%cc+bImn=ORp=c%ne`OjBk;BEogJOB z>5$qn1QkpcIO*$NQKoBpKl~&uq3Uv4C5^;_J6Q{I4}J}ExV4~I>bzI*-TXg!GeK}1 zl?}9;Xg9K=@yo-vGc{cEi7#e~6@-a{_cJO*OK zesp_ehhwMlM~AF6OAzpw;b_QK8?lq>Yvk`1_)6*>QcD{m&1f7F$)x>aK!U0KKV4)qW z%&(5Vi0q|Btqo5Z_@>WRNN;row2TE2{h~G7<^V7W$A5amZ36pH)7w$g;hJqZqAj@w z>;dbF^CwZWwkpd~rh;A-3vBJU0C0M**0psB@2;B=F>8?7ARJa&Jq;ABaC(~E%>H7} za|OgMNf^dXG0uBbS~S-hgv)NzNRteW<+>WuoKbw|r`_l}rIwVMt;~OIwNcEe)qc3I zF2C0zp6bOcBuSVOWp4h!S7nk8bGEU+xNB$vPa`1XrC6P$o_NG#5{wgpjw_m@Gdc|~ zK)TfDV+eWVM9-IumOiwtd~EKcvAP9W6rdQ!I`R3}9G;^~xtFO*wv)ytg`|)$+=w#D zJ!`I)#ZP_VSF&w7-s4V$5eo&xs(Il50QKuyWV6TaZ>?4sRoS3IcWfsBdm6WAb)>9` z_K^-qBMtocuIhb^WXPwx(=EfDh$CzTJv-JOt9vX`v=+$MmgFxeGlF{oT`^CogpT*X ze-Aue;w?!c(V&P-WLAv0I6k0?{TKLg`zK#`vrm@yP>$Q}iktAq1B1@cd-GcJX<|>% zKZf4`8^D@nzWX~nyJuC#^bF`n>N?lanr?w_Z4moCq70lI4wP;OMQ@};T0M$ll}OJW zYrNASNS$NaQL)z*sg&8+h~RXMUDtU2AZpz4!DJwqNfg0`PSc!yYT}G!%$wm0J6*(q zH)Eip&B6wnCc};^Q#U4guf#tUf5JI!CaD#j)xn8NN#&+^`c)qac%IY7T3x=QYa7I_ zp@?NFe-YY&SnObFZJk{o1$z;k(HDr|j_GVKl%u{%5I8lAmZwBazZK|K+P$Q2AR(2* zt0}<*d)BXqHFmJG7S|UH&Yy6%@l+*aa^>!}{##tCfc)}1*OE!9Yj-yjB-bWn+)8%9 z&qG&o`HgEi?k9D(n<+3HW4%99i(0Tv*LrW-H22|VUa_BgmimxIYj-mu7@W2`udQZ7 zs>-^HS`?LY=s5iA06Tj-XkOoRgn6AtO#r*i^JV~k*7gAUclPZBdUkV&3<9+h!gjxw>>Xj*I+uWl|^7ZH$m zEUpP&Eqpd@F7)3J=|6AM=Ut2k-&6hN_pj!c_UrIAiQu0fTt1ZHp_Q2<4x?~f^dwb5 zYJp3k`OPaq8JalBOq>?3%fi}{Y1h^zn8wKBMPt#JSEB?$`bF@^##TD^oo{m^Jj|*i zk%;@P=xayfkA-b~b)nCuEwbEA7-zS1Uz}hQ#SS_b8Cd840N|UyAEo`9{{U$#F9-O* zO&@{vmp0A0uwtJ$QU|4fUV2^FhE;oa64|&98?QM+G7sxm)rx5|t}?mX=sJw{T8d8; zn2eE;>t9Q0SAT1_M;o(&*106C^d-dn=KlbKw0_Cf-?bO)(|6+C0?sA)li>t6uxwwR zc$8#}j(G}y5PfU-LGf0S>hj&eZexk1e>pRe41nR3`W%B*hi{pta@CHPJm&7+Sh5%^ z6Wx1McJa8_N#3Ke?km0vQ_ZL~%BJRZ!xlUN(vjp=B%d z`r@Ht>!lO1b+Fa;YFgN*B!4ge0Ps;C+3!*CFN-cU{U1+?IO3GSC{eYx z6Od200>3k46GxFS`SXl+71d5|);a1(g_~~j6mG^ol}H!)4#B)+ao)O5KB+6LO&NDB zzp%#wp)TSePzNIe>08HR5u2RkXUony_x7pd1u-WC1Nu_}MTlg}f*rXZ?Fx}1k+4F7 z0OTIj8^v}lp*s%tAOnuS%CAKv>z4z1k5kPDML8Xxf&6u@d@%8bh2!50YQw|&y@kYg zB4CA#gpaFO)fTFOOp4W+~{9lYTAa_5c1wQE}3B!Qw?5uFAb2b%e;OiqYMl3QCSP{*-W z3G!G0#(it^hxYLOn&9}Y@WaKE+F2b=`r6f{j1?QB0CgGXjw{VN>B#__b5@k-M7OSaQm+6iQt zK*Kjj_WbM8GLk;H(5GniIHKS7VIvXO7$&{833W{$dJBSz-z$Ybd+SK#sE4)I5=R&r z=M}@ruEjOg#h`E|UJ4!v_n_ry?0hY8ZRATFvoM>Vl=GU{j#yUlNGex9boZu&ck85o zXxYgu2^z>3Ja;wW{{Rwo4-$BPPJKejt{ov|+^fz;dF}ZA6|x$3EOu2dd-%e(ZLM2ExJq%!`6dH>QUEjtgY?jc^x2NGCAp7=7Hji zfX@_cmyxOJdWvYb6VPonndQhbd2*hDwwPYeYSQd8Mmb^!O4pSGb~yIAQ7e^ZDh>!E z6>{3;E`ytC)p^_Vam`|4*jrq>?uKR?fjAOx}8lB1_e zj@#kihP6#fIdv!?60S&)kLy7`(6ujz?Q~aoEFx8lKPaoV52xGid&orm9s$8x0nDP8 ztM;Jqxl{+&rFQYgUIO9#&}(QST%N{zTSpWvkD6aXIW>-N9RUG0s5r(tRT4oZ!_N~$ zS8|?}lp||*LlI@(W0lT&Cd4r21~%d{8sRDP7`Vz-s!XHdzW zayn9RDBilTwJ}Eab184GYe!6;+Dmb7ayB~WJB2j@T)G-Ik=w-UvBRRA;F{@fbuBLL z2qA@536x{67^_hP&pq(~-m+|v1_P+BcEinf*d!ce{M=Jz7gA|150i2f_Q|& zI@FcS_Bd()?_+aw6FsAT8O3v-VV>Sra#Pbalqxm#p#!O)?onK6qwole%$e3;G)bpY2nrs#Gt-Mp&l1cc=0_^TsB zuv<9gP*p)A+M=4;(6Sk#UORzKz$MO|XADAk8z7EBHIW>CbCr*fJ9<#i7ZoLocbAoK zrDk2s@~KJG5_^%1P-npe^&7|x_NgbBK4#i0Q$)HPrHp!=t-}qn!sDrBuSBzz=eAw!1f(AQD_A~) zIPFf(V8y0BVk>nct#dk+wXNlp%NST^QS#tc^uYPE#hPvHq^@O=oM#}{C8Ag@&GaiP zLK&MMyy$+lv|WtmjV)ip@GH8TaRzwYhrMG%;QdE2c?JoTwlkhj)~(btbWcWu;nkhq zog|k5()CBm6l4?itNs`GNj$T)(3VzEyL`V-ddtNC-m#MtT@Rn3)Frjon-G=xh8Ub~ucCBaLgHIRF^!H_9CWBIF;>*hOWzUc zy2^d2UF=E8K9%j7Y|-4pq&fN;&Sr+7vtRXzC(b&G)wa~u-AWj_2L#q&H&E0J(HMzP zy>p7@V1a|5E!IW$pqWPHhmD~oPD_1jD(-1t7~QtBl)4TvvCU8B#N%Nqy>stfc8e^8 zAi7wl0~pHCrO;;kPXw4kzbNU&Oy!`DbXi)^mmbFUkFOh4K7Lt9=~=q%>S|#5DibHY zG7_=JUt2s@%vHF-#t%y6^g9nB-5Ix?<+}69q)pF7w}tKEkM|17PbR0nftDcX2F!Gz zMh`nB$tW<~XQK=bD|Yu-V}&R%qX4O_r4rOTi5{p5M!>G~%V)5y zTWJ#H0+E&(sahAxY`{FVVT5pa=~*{c;jWe1A+YiEt;SgU0+^Vn-lLzOtfOd=Nx4i? zMgh+piW&j&LK|@*Teb~N_ZWb99`&CsfZ}{Xt2`{>a6+7YYs7q0ZE>qXCzm1Lo!s}L zQtSr-rA2k+wY~P}WM25o5XR>JFI$f}!i8$HE(7u({uDugph z-hmpiT|oX{&9t9USCwRtH3PCM4aAucxJFeXuDk7&kot=~w`ZcqDD4oYxQHcn-$H zlng$ZpxP&fYmnUtTlc%yrZdfXgyMU73nZK#-jo!NJMnLaF11Lcx(FnGta|3YIPqqb zf_t4l>e%gKRA;pVQPB9q;>UsH(k6TBNKCO3OKmv{J!{BxJBcju43dXnInR2+sy9gN zAU3x$JgyNOo_)<~td^FbZdkYD9V^YMZ5N@9bE!ts5UUQ*GxCfEKA5GGQENAa{JGL6 z#{l&AtSoO9cJ@9^<(zZG?<%m*9EPj0f%~@#!4&jNb$f71}oYvJt}?&{=IP_{i-|t3g1?+ zmf7uE>5OfK-_wq@jYMw=p9TCw_+vMQ^@+7}r_JR^H;|3SdU7j{jkhR~5rU}4&D-f* z(%k4djb7C?7}_~o)c3+cAHD87Pp&r7k?HR)9z%U#qb znb6*7-IH_{(GnN3xm&mQbIi1 z=fO6b=A~h%qOh9X%YN=mWaGFUYuI$XDPy&Tx5iF62d;f60WNIeNf%~S!O8Tk$h@Hu z^PRJ|F)}ey6R*~} zWZlOo=xf>dh}xsX(KJMy@^hL+RMaG9j7h!5;0FL2Ai9{f)VXPAty*10Ers+@Ddp6z zNg3!4c<)}FZynX-MBJzhG5l4si9}Bw^bYbo(aHxv!nAF!<97yVz{h-Xn%Kr$nRDt} zALfl@=Y<0Ripsm!blbr^a>FbWrZL9=8l;S-b2rz}L>X1GfbvHfu10 zG_xYZEy}~Z=gfcMABAUdY@_{-wn$RW?Wa;n8Sn30?cJTsY+Sm`%1PvO`coQqBNDXH zBh0}cIVPZ!QSz?f@}X8zxMo_#?kP5J+aYJllx5EDPa?FWV-{GDoK%$+cXO7${{Trj zAcX|uBdM-0Q_xxC5~O=hd!8seDd>#JG^yS%vXCSJ3EEHTUTvs&Rug`S9CM?yZc@r{ zJ$bH*QYiGDA54~Tf2Z3dfccirF@g?xTHe<(noRC=-D>*EL`0i?u6}i4 z$r$ZRe|z@A7duxuWlUF;6%G5o4+OIg3Txcerkvplgs zl@l1sjlFTZzk2!;=Bas)w6bw{%rX$LRm$WF>m$-M?HqaW1c1Aea(bTaNu6XWDJK-hk-8%W3R5R}B z{VTJ)SnuI$$lG-1Ewz7!v?1X|4U4;5&0$X50Sk=J1!P{uMl=D5ug9YasKf-A|4(T8a^9u;#!X0e@*e$zC| z4MOe8jak`H6}R%eGS^_w=EPt|Rvwz-ce3pRHV!TNNev!9maTC94dl(zQ~M{tcB z=W+rh^|_@O=m^E zip(?HKiSU>gZD`Fr_NtDV;jSoE{fN1-0Co|mVQvnjJLLH+^($c^oRw(2$4gAg$^^3 z$JUkav72X@_>0Dta@bwl&kQrd!!j8U3y$KruL#Md_>%hX!_nPY+v?K{+J}9+z#TGp z=97Tz$LR6u9v0UeYF3_X4$m7GOr7sL(kOHSkjhT z8AGIUV~%iP`#E?x*8S0j+CkO#d!VqcNcXc`s%gQQJ)C7g+5*^H8$6W0~R-|8{7$dcIvN+wXs zMsm62)XA{sJ>SE6-k+!2M#$+fWE)!`Z9d|*uQZrEPpIklJ0iML!_8JvfIUaQ_|#pO z8FxBeNA`NKzLplhnoB=0nIe#a!Fb?;E9aH)Z;iY$tY2yRgeCO!lXNn>aU@wiJLigS zUCkpTd)I*cC*gk-qiMJIU)eX$CIsz*s4>*$y5Zo{;GIQc`$QVewYm9jqg;j_qmFAS zO4=709g(upKFB7}CbxTsLo3Fqw`+5e?rY~i8SDCuw1(dHJBw}1Q51uL$r;bRC^jpc z(yW(o8NSoAYV8Tvn$yvBC>h?t-b9^1!+ZKxh7;WAzR#$Zc8E(eCJO=74^vtC#9Xnf_jBnwlsRbR1BUiKhdt?~a~^($&xYD{j5qiIARZQv>{sRs{WFpg$KGNw_@0&Qw~#<|d;8xE$SouT%wQA(N%R7_WZ{q?e(gy-RC<^?Yzvs1lckyFE zvGC3G*Hc(ZqvQ{fxOK*VGn&Ckf*s%=2 z@l9_WNL2;~GmO+uOtlxWLL6Uxz=hvyB-%1Bvy6aB1klM>U8^FdmBDuT$HMJ!# z=LeIJ+lM)?Hd8$a!0NmSZKT<15otQ@y53sL8>;0qw~oJ_D>-~$7sD?RMPa4ECC;BL zax}K8HwGCTbHE*IJM|pw@anU_E(Z_zW36*B{60EWCr;N#(_Axo=N^Aid)+;^jp4|KGi z-sZ+jcY-y^8%{b^KkW2{U6Dszk_A$YnGRM0!Z{EWM_gw$y<|Li2<}Un#KeR&PF@Z zY_b0U+80qv6u>NUryuWD-S>ztH5+t^Koaf28Q_}9urqYa3)U>^t+;i^O6@dlJz5sH zk`&*#gU3ohRlR10P_ZLA1CjyhTiQgd3``(kAFf9gQIBvvI^RUMytPS`Cz+fP>06e1 zRh&>R_)tm@Ty^{_MH>N;;(rNgSK)3U0VHAbs9N!p@Ye56)Wh0cw6+Z2arwv6twax6 z(R?u!K3G*mkerd+RnHOVGeraKNjShHbrqymgt;Df6!&^ur8lvNoZ+jv(fnGsu^VTJ zywTq|4OVCBS=C!ip3Yyl*)7U2ARa?6(!ZJS_$Y>=$?*o`N`gol(kq28l+26{eo;<4 zi2TZ$J7^Vfb|>(HI#njQoo9ubL*#HU2S0^+6xlMBkE;Fw_|`2yTD{Wey@?>Yjd2vG z?vdPnL;RZiUe@U)MV33ahD9WfI#$F+UC)p{H+VZ*)BH&nigXE*BjuSy;xHQCP;wf- zr4RTfkL^sK9=-?I=^i4xTYntrNYKtDJl)2)Rb~2)Ynp4J*G=etmy7=ZF&0P&-N!ZW zKM#CT*HNvtzzZVaU>f3*H*r0YC9-CkEA&}3yNJ!b$`QCcY%p>=`u-LCKmP#1SAS#Y z{g*#ze-z1KX&tY_e-~V}{)_f>{nfnOv!~;cPMY_VxrCAU!K&NM3zd~+Q@yw&9A>f^ zn}|Wc>z_*Qi|l#TqDA&eAyPLqib-He=l=lJR3x55<;Kt}G2^cb?rU^m%2~N3Rii+% zvU19&KZvTPa;QXy<^zr>7>o*#;zg4@mK}$sXA)VR70!Cl%8aa9wrL+CaU!ui6V%kK zto#DoM;&_9sT;y&i1;h9vcsV~*ViAg{{Zbr;t$yq_M7kz#;7mgxA4w?v$eI!RGJ5H zK5^>3LG6k!W_8A){)M_>Rl2peAzCZDvmnM;{>NbJ} zT{7?YkYwj;bs&GATH+b`*ZWxfDv!rr3Dq@Ot)jhnr2YQ@$+^Pgf_yHI^ zr&Q33IbXCqk#Fg+l5zM~RViv^CU9mjvA94tb_DU7s&g8q6MTiaIpIZi#a!j6yAqwH z8wf)6#Z~h*lOEBQ9mh)OIocw3WSR)s7_n|Jgpbao&eFqUaB_K|L-&Zhxg?Wo=j0u0 zK@88Z??nFhA9zq{2hfRRF_uj3!REDKa`3~aeP3^zfJKT3&0_g&72AJylF^ypd{)eFI4YgSL3c;m2cNJ&UKQ*G%*^OKY2Oq;b@9$gV@h zFj?H#+*#hj@>)w1Ln9#PX%*wtjhWL1e=pzgP_KYmkHUY5ujAbo++1iEYKw5Hm;qS) ztWT)V>0b>b)1)OLX4xSf4MEcuJ{cr}MJP)U-!b&9`IRpqL@-A0+~ciw(4B=*9&N4Z zkz3s{Dq+t&SHFJFJ}sWlTx}BmZ!cpTn|YX#kUxYUUfB1qUYxFuNxe_kt6fX}5`8O4 z*EGW_`D%$aACVv(eR=-?8uy(OR+93@(%SdUGj03FwOPw4cQ^jYJ)COgnp<*71fFV0 z>@;0oSlWAKhUXi1DZw-tIUPQq;dpH418{!e_pO~qEiyB1>j;A7atX%`{{YvZld|yC z^2DBGMNC~VPgCZl5MB)(wd9jiLi z#@f!RBe$A3RuF+zm#rr&8^>agiF7;dUd5mnQ^mi4>Umn1!yX5^(G{*^)FqNx6b4p2 zHYiMOo{MfBFp`Wqjt+X)U!!aC*sPEcB~l0=fNHK_-ON2mTRSwN8Zuauj`foxLFAT& zwm-EY6zv7skcr)0KfE}_Yk=@LjzWH6ochpXEz25om-d>YNS6w2nLr45uGY@~05hPJ z4Y|gBC?wL?KF%OBB%25TgI+&>sNET4HuEFKr<`}73H04h%#jt)i2>)*y;D!sA@U;$ zwIosV4E3#{uo|SpbQ)PBWNyS(CGCb0*-rTJ&#h1yHia$cLzZazbJ~{o%`-mojJf$p z^q>s;i}<0!k@I?It!Kx!S(Z`*0(11BwJR0%n@js)X?I{^nhnQ%VEo@vR->Na+pKT7 zkH1ktEtt~k&ueh;5a``^cExOH`jhH1mSUtY0B4%X#79pwimF?Z)ts#~Ze$9K4^V0V z+Ok&+UN8#v!R=bNH<6H$umQ(UdJQ=WF~#O1fI^<$)l=+KGnahhI5_EBMQ9$(Nfr>w zRk0$TIqO!gZ#1;AnoG;HhE*Boy=bCoW6gfoVRpuAE97)9jiA=moX(14W4b)_p~ZpK z=^AqYd146vr7A?sY49 zVJi*Nxz0NEte7ukQg(y4IL%Ag(Hd6LJkqNxbGZ1k#E z7RWaRP*nC50bP8kk>c60$l|f&7ilV(nM8fT9e$OR)}ygyCf$XVcMSSg%zAC3z|tsm znTK5QQh;@~Vg@*z5V zkPsIgxT^5jG*5yVpPZJY1<0h8TrTzianh%IY3|FEJIEO|x?pF^6zqmQy9ncx&11s_ z^}OYROCP!8H8PiAHNMesr*Ol!p%tBXFWN~vc9F+EwU8Lwg6`g+H+*-eL29xD{`1vomf7IsEG`N8=|NF_&hp0Y<_lc4x;hN?9GdR@5#kGDJdCjo>UOfQ z=xZ4=k6)g6E|YUd5Z&#J*9WTTjdLhIUItFqUc=s`&Sxig@Y3Q-*e(`mHn9c0MS5Mg zh9uD~Aa|N66ph0Nr6wn1UKmp00!l+E{_xFj#SC_81Y_m?RfyvwS__Ds6?XH}IqOyK z6hx9uy#kJU(rD1fZxh(w1%R%}SK9>E<&s(yStECL1CgHfJiUN|_0D#qjl7IhXt4+B9wC&Jn@mJXNRxBF8BT(f;wfd)3JvF|_}#g*mzqeVC>xb>?r*~{krrY9?oxS+~W?02?W zlybr4I05m`xvKYxeZ8lYmI~7{1 zb0R@*!3=KH*O|4CAMtmJTFMCq@HT=72Z8w4gxh>twUbbLGVw}^aCWt7qP8wH`<}Kcc-P_5%3WgkWTG4r!A<4(5tzl6Fp-BiIh}qY%T-O;3T)o&RCD_LpBb?O*&YCz3A2f`6 zWFFMF577X&~-8hL8+XOrnx zZ6tX1glQCKr>!((bTC}`uFHm3UZD4;+}cGb-0C+kHMufm*7s=8ENVb*M_R8mtU*oO z;)4^B)OB~W5w zoY7;VGCVWIx=c2JnAOfRyFLDu<5w_4A~QsUk_o{dc9GE)sm{E3-x(!I>t8y2Q1E-K z?>YgFS$N~|pw=-yU-3SNYpLlsnq}l5%d~}&2P%F2MSghe`YrZ_tx0b>vZ*Y5%wQZ5 zipHcJjX4Do%J&>sXF2@jswP|m2JPJ9>b|>M{nUj99|13?MXK7+4*zDdJGzz@;S?+qjAB`4MU=e z_J?YTsA=%SG(}b>0Oa;HL3~-M+g(Vv7YxgiSpNWfKGjg9t|v3;zlAx_e0N<9vkKIaqTeGK@MPrNM%cVW1=9I5{R zCcYc-7lyAiZCd6zS}ARFl5?G-w-v`YopF~#l$Oc{LL+2lbWiytmcVECTO=*rW= zfnwz33TjB@XPt}EM0V09{lMcR?^iFZ=z4*H+ScC(sN;cDIPQ5iqoL|oIr~+lwo?$; z-N-)TsKqRL0xbHB%?d`j+y()tZJU<03%HpU>d9b}CwE_%igtzL0I&9G;f@fk@-R6q z^{a%skC621UlwXs#z6}gUAgCxT>k)wH3O>Jgw(%z103upgIcMH#Lv>aL1U)kD3UnN zNaGly>r}eClw3fm<>%%({VE)_GL$1 zk(s}vY42wex?MK$g~JoM{{R~FOE@l-GOh%^hn&+Cjo9t5H_m~Zt}1J@50F|k!vXU1 zL6lL(%{xZVlDom}>F->Iv8gL|vKZ&e7dmq$x7PE;3Y(hwD$fmSJwt zCfJ*xZ+hpJ$4@&kZ6wz$F4{@H%Xwz%F@f`|cRx;**4b)*+WQ{VOAL_`tQ|-h70)D0 z=3dF2^E@~w+pTnVb`mYRmpgEIBhrYY2P2@qn zc}^c(xRugbAug(?pdZq-G)wyk1-aD1znH;NGxC#J&FE;LYxu8H@YHCqNo#Fwch27| zo_?pA<*ZUGoXKvFj)eNwRx6R6_Jekd8HRP4O65&xOK)iGlE~qC;F?6($hy3m&Syr8 z?GUNR_xe{gscVtQRbz%on1XP7P|Hv_A&zi=!ntKD4M7&# z?^d(@`bQj`fq~w)to6%nK?%K$kPM6g-lLtGINL)?(@eL#nOI!yi-JKNeX91S;qcbN zTU)rLa^(3Ta6LBP;!P?U*eKgPgn68(;f;MXwmxyirgPEwe)Pf?J9~mN zkgB~;wRuN~wRvPgrd&ey_YiJPtUh7^KR4@Gn?^?^C8gkNRYsZi{KqSu+;sNs`BvVa zw%tnIq|qixV8fI>Xe~;{-lgG)ZLCvMu(_Ujn29{R;YX)6yWy=~dr6~?`r)IJMcP3< zIHcr0a(z*XU45?H%l46jfItjA4Ql@YXk0$!hEo$d>?#2HzY5M$B62mnJ>mO@kNZA! z7Z%f}mivG#PIHl-_2J(Vd>N_edd!ygrsm4&6tc$0uJ~W^PTEftS$Jc{HumsB=vYr6D;o^pZeTOswoAF9h0dGe7NG`<~Vr? z>CcBAIncGu7Ckq{R?$HF$dW*EB>eq*DDfPPDz2*}x<(owIg&{cEf6=fPb?(QGH0=6@}T zW{?#sp!6O43d@ zO$)^Oc$Qz0TRTJGT~^&f~e%^zNX$)?;%<~A6{2MeEi2O1{_rCn+=TwUq+HZuK% za8l))zn~p!w$S`TXW%;ns_;2Fp zf^K5A(Qcfi_ORfY2pkdUJ-w@!ve5iTZKc}FZn53jA{Iqcf_}6mV_t16bXGb<@IxKl z?)zw?l*o#DF~xgl!Y>=>H`;~no^P#WxPgI|-P@KPxb&%tZwSEfC9 z{*?xmr`l`Uora@37SvO6`Gof;pXEut1s%_`d?sbn(guZtjf1M^BDg<^nm&=@g4%wq zZzyI`Hzx$1qPbkos6_cu^p6{OCsez#v(mLaTR@&NqD_SPP7hr4>0HZbUlH%D?xYvV zzGmH@G=mz3;RpwgKgpxoD;;r#wJ?{&^J&seVXi?XrR;ME_VqdGn)E$6V7a=}qqp%i z8iMaumt=(s1Nuaf_l*4ss4>)FF_i_F; z={^^d+eN#1wVg39bk;+Nq(D`;?Vk0X%vL^D@%Ehsrnc#$H1K)k%#1ojGBOAG^{&f6 z)wO#~BGU3H7CF4r8Hh05v=Q?Y?m4YeGL_RkJ6`c*IRn2B1@fLZrJ3OXCE*FKU%4*X){<#3r5TxNzY^>wQmJuDS4c9 zT5h+i>H^NkM%6EJFbq)~ZuHNkeM9i~_G8wy`5~WO)7c_&jt%T9~Yw)A? zbnyQGhHW5{;s}JBhY^eu#eJFKUk5>^S^hO|i1RF0!c)kHIu$q(4qquXj$x0ZJ>ULwJHweLXQ7&UFGtNCLHdJDAn%CGbCKsAj@0WJU0gaDOd{yl>NoBMN zEFN5mz;EwXCdwrns65aM95zlH(x^a>Z+{xxfjmP8AmWf7hZl$}Y#!b)L~=e=LwDnv z=ybcGIhj03b=IXj;11+AM}BiKw& z0Fly^D{@XNXhb>K=`H-!B>cA7cBAJM*VTP z`VU$JK|YCTa;MCWGRM9;)EaMvZK9O4YNG)0jQVt zUK+ab8pjo`yQjp{MLa9ZH%vFLQAxWiqNNl0sPV^#XYjVEd7cg}8_tAAbJG8XF)8%=zYpB+EBpjBp2yRqvgyCBs&bTIb zA5H0(kZLxnV>{H0;P(~zvHt)CLj8@K_N4urJXACjd2{2x4x!aFsJ53sFC-x9dSmh( z>Mw0k%`|@v-ZRl}AZKgfmfDT3VZ4dcW21sW45z0eypiP)sa6MY=RURBPIp&F4OBtr zw2XLR&U20hQ)Fjy%my+~71IrlVk!3q3JDBHQQm`Zh=2!kd-IW01vN0Lh$0Ape+cbY zyo8HynopPNC;|xrqK8&z8S78v08xP?^X*dLX-u;c7jdwZK7*Xq`53?-u*PdHWOSurn$MMcXDB-vSu!*0UoiOZLYDskPGvD4 zv_MNK$2I0jY6r@izMPUpbS8#7tv=}uwbV_}f_eOMKT7^>Kj5L?0!M*$>AXO;S5V95 zv5H9J+zJ!a_Syw$NIvvdT-LM{} zf}^<}+{$Du%m#1=TCp2>YBsBkoKS3NM9!|HhHvhVO6cu1%k2{9N!B#^Bed0RZX>#e zb$zWC!e$=0{$AtbNT5XTw28SG0dh9@Dn1BFsdxMPU-1-Xp zy>+SeP?vzA5)ZsPn(?vpttNI;J8cDJXarM|%scy4xvbz4y}Y2j5)5){!l<=3rhIGr zTYLl3z9sxV@h^vU$d-F{wQ*-4A8_E1G6s5@{!sOe2T}NU;$IPX4_yQ8nsl3DX3y_p zIoiUplDayf*vf}c)25$f^Zk=N0Di`_gY2uwf&XaSxpn}-orarJb_-V7h{@Hx%!##6XI)Ie`P+Qb079a z$VGMp;h2$MYHL0)lfw@M)OK>}7A3}Ii;#+ci|JiP6M^gcR=fSLrb9ddXN87Tk;P3M zEg24|Lmc+3ZgNgGI^8NusdgEqmuU6vT|Tj=${>PLKHCWafl7JF}fzIbmxxJ zc+ZgE#pzx4`+1p$;L)C(*0Gh0TODjt8G zZ7%K7OTe-^gV=Pf%@a|xk^au|6q`8wsT(5qh%_rrY6V#nd|+VU*EwzBOM3>2I0FSy z(2wg$#NIDMp#I8|C0{l^Kb1!cz>@@0b`#Lhm5G$P8kcsE1PvP&Uf_}ODPZ)^hBxCKK)EJ7* z6RSnM79BaJ3&})f0n39yP+F1SYDes?6!$G3_dz{tnwl${c*VqO3|p{x>M5GIliFOv zHoy?aD9%0W(e!HxB=W9g9Y0!em5iku9cthGoy07mpl-PS8nogG5tcbrf-_pFT$2*p zPgySZ1_Ros)U=g^$>p)$2SeVN9(SzUOK}^lZXmc$gpBi9*4Gy{)~eGVHdx2af!3EY z*a_p+{@W5u41trU(EHW+XL*ny;m0`@4tS+1xDJ^9y(^V;L?MVSwTb6krIgxpc_p=EK!$?a6s)PpD~=LmY0hk3ye z(FRf&W1ngne8u}4_@IqviL;bd=Bkem*sRZRB9C@S;83K>Qn3xq%3J0rSZy4ADxsLV z;Er=bm5DFGsar$^yoW4CFh@$d1X~|r;~k9-T>#GeOGfIr{P@jYX;@&g=jl=dXGLHX zHBVxXYT?z`jPvM4YZ#FxPkgH?nIb@}PI2i}T5PA5Sx44~0#wd=dzmfSm7{mgaNux0 zwS#kbi=40uI@Lx6##cCx5o^{^TD-Qm+b&2dRPoJu--mo(s?9scGQ}Vbj=gJj8y9|u zvuVtAC=tve89HH)U!`y#6Z{hT&WUiaMvs&sm45^L8 z#Wqp##GLcTYWuUnQ(P{e1*Pl{=7Gl?ntsy4b}j3=m)P!--gjt~jubHa-%7~8woChW zNh1#t7$$`-sLh^HtNb|9FRo4Ul!D+c&EZB*wQ|vTK0P*8izTAZQZfx+I39`N&kE^- zYs(CNTXi6Dn%LCzi(439%V>x>;0|$8Dm9L7djAu5?T_Z8ImVRZMsSfcV`pE)Yn z8?p7NCRgZsebw!fqDE9JbO$w3ceyZbfsv5(=d}h;%(bT3>NlZKG-oG`?Tl2~mWQfI z43_fU#1I}f9Fa;zC==;cjIn*5S(ke8$>djI8pY&@@EC!O$DGy!RK^i4hQ}bsG^6SX7Xn0IIN{Bidzv|+C-CK zrj1-=jQ7QEB#|KlaAS|d6(%N}L3)4y`gE?7O@FfmV(Q9HK&@jQrZRUH`p@l-rZvI! zu5VB>X-tmrfnkEN0WQQZC7 z!tj2!JW)K>u(C+eoMjs)G&tyM7`~^o_}*70D`!D-UF+zpI2gNDy)>Lb%7oBbviZL8OwD3h_D zvpDY)=yTo1vZ%_b=~T3fbhcGcHmE;zRs;5DpupCbCJF~wBw$%7I{C8 z^z@Nm$ef;X1~|odJo-(}8M2JPo&^T+k;iHZA;EOnBA(-uTvv%x`(IADwU*sW>>*nm ziVm2wZaJ&2PXb72+6_EREbfTZ-QOovT}{VYdw9ye{{G@G%L zW(wZe&2Sn7Xyo1eCp&A={5Z4i6PcXFoSq0Zi(@@H4-hlPA!afl10y{L(y6|jx6`G< zyE_61`LUXwdoif9zwoxR7K5rmJg#DNz!>Bao}bFT-|*(Uq-(YecuR}}z`!H?Yk11z zrc=wOIA@++&WVS?B*h`#b@mzIxI-vDFJk{hD4rW-VbqrHx(g`EbRyLuk zt-Qx#vJ8CS_V%tLV=~)cunZ5FvB{k6YWs)wbG-2Hjgs2VIV`O;aLpPn4qbu9bN+hP zuw!b+-5PF{f1=!_o}!?-kf3^3twG_#KAgAqw~;%m?P$6%9<{t?V~ z%8u2ztZ`btrS^#9Pbsh&2wH9}zLCO+Dp!mNPZR0Ae`ix+5zX9Sd2a2z;1EZAYooEck}?CulhcFHR>o6( z4vnToMcW#`9Su>q3nmZ^k{)>-y((p~na^EmE0#9lUSKlVJ$;RNcCl-70!t%6VV#Kq zal>=kvMZUMX)ISl>Pa0Wh0jhap|-SZ$U-!k#|^k(ipFbGYxFuz8${8q=VSt&BB|fh^ldqrAXSGaRCnOAvni+q)7W+NNyt8 zofTUL<;HPZQr|S26#+4xNhiH*q=rCV;$jy9L(`LhD&^jjaxMJw!JC1c@CT(*VmbA; zEpU>mZej9~>MNhtY(C35^PxqMdUX^EGP%TR8kP~vLwQ#G>1@*1Rg9y%tl@#iF@yD} zo9J&D7B93m^Ao0WiI5FvCnBc4bm1E>N?j+VQnSoD-@3$gy3hLwbclj&5L)Yyh>u7 zQdj859cz}k)1gzgG&_6Ztd%nZ?H^{5?b$rU&m0g(<5!mDBnl;MsKgFv<|~-BZ3-}S zNj_CMU#G24J?mIF5Dz(t9S%S>QEi8_yFZ=ndr#1G?KT+ggC@HXBWdIn{_yYVTom3h z)l6>?5qYt6cSDx;`d8B)T}UQ%{u}tUJ>92=%=&B=aY748xMf^tmM6bz>%2watq;W) zF!-L<*2>yv9ZQUmdkRN0Ry_XzNYL%|2DpwCeelT9;nb<%^&Zum;*SjKnklu^KF2Fs z%`gT>A1D;1uw3+?2lz`)@g=E-OUp}EMa#Uc!N~)K?~ZFbR``1roVO_z?v*{j#kR#x;uXk z{8!Ko#5zu)rg?8}IlBkt4gJ;`&2^s;G}{exM{9vSq}PkKRdnT~Mjb!Tty-ofNu$R6 zKjB*)GG<_c*l*m!u|Bowm%3Z(aEn;2l666~m@g!KYg3_UQIo=Vl9bd;j^^EVV9ImP zwt4AT-Y>k>E#=d86$=`E^f@4(PBBp_0S2R~&wXlqq!5+^lw1%%uOHN|H3KI5@^4vJ zZSu71ShPYrJ9FKaLQ@Ki+?j9}IJS=Q& z_02N=+E{Lt1KXhip>xR_M{4;AT!)Hymf!4p)sf*(va)+(Zd0a&^~dsyD>i1YAl{sXX>6E@JQ8PTD7vX)vXEL z_L$=U$;Wbet_Cj&ht%&L8#`6Al!B^&5}@4yBD)QhmJTrZ>3$^YO&ktdW)kfG=O1P6Z0Rg zGhaMQq)aC4ec*i+cWZwa(%BnY5RGE27ty#6~|o4+_kZzIJNg$X?}4m0{z1`VC> zgkZ6f@s?O)hD8Nf$T5-a>(;jQUjy6S!8Prrx(lO}VynygRmN5nCV7S5falQ(xtUF+ z+_)>fa9abgKT5l&Uf#uZX3C$tNdnEu8<*SOwK^2h?e^N1oitG(EfgXCQHBwM_?Ko_z{A13E}lk(>ct4}*RWTliYi_gJ=d)HOSdlQ4{z z3Qr18wPh-Ro3Y4T_`_V$HG7!v+8Lm?EW2<^5!;WYb+&S7{xyy{8a4UxAT84$N{gEE zcQrKM1%JXZEyHQ{__brZF{cAQ)z0|f$EMGx-pg*r7jG}jTxD~fzvsOi#5x_1C)edm zi;H<6x$>hJFS!BA4&K$&u8m_2y}qvktJ_EjMpLwd-|5=2lL*p1Cfmi+X_{Otl8=xK zuI!R4nv2KQn&zV|#e>G+6Y}SAjQSeoln$C``ai(m5VXs`4~;Wev#^jZMC&F9+D0-x z`RXg;pBvoj`bUW8xYO+6i$t1M^5luKua5lV+PSA5Q>K}~j|R7hCZ6VST2^l{7>u_* z_0;I!3#|l+G*IU095>83Us~g-iE%v&bow7h_(tB}Mv6;FL0n)Sdi&R<+cM0gOBrnQ z!REZ2MlW4W{h5j5bbwmIe7N}mF^qGJS0CYT1KiwO8>@sSCSqAs{m^<>ky8+98fKQI z;7i>WHJZ{_oeAoxfP|j)v*KM#S$_ju_;zR_zCeZI69P)H?7o1}3WeLD^G2hoYr0?A zlG0do_S_n6;F1TR{#Dy)UMWkvE17ls8*6~Uk#I7s4nRFR^P2VOY$-_di@hI5Yw0d+ zAdV}1l2KP^$^I;Q)?LP$nmjA2AT4eiU~qE7-yL!9UZpu1O`X<-t7;mR&6UQUj@R&z zV`MvB{YHK3?%hvA)iqB7TU~0FMI=Ha^Ds9DIV3U0Nvv!3LgzkCid4|NNM3Cy-@yc< za!$EfKPvP;8FH4B>Nmm=zN{3>66QN!a&oI+eQHS zY8^*G8WWlA?}gx+G-ix8L}wi_*w)ZyZ5Xh9tlTVWWMQ9_0n)u!!@3vS8DP~#vMY=a zG<>-C&2^&*G>tjePSW)l^!reWcQ?!uBsj-TqosFV8u%mP?}(StNg~Uq>8UAM6pxs$ zI_9gHkbZ%D4EO<}_%8ndO=+~@sKSUzNj_|!T%WCd$uEXVcVk9tJ{{V?CqqVh~B)(YJDu*S{b5+V@>0IY^%XwEX3EoR` zK;#PMqO`eYF@j$wspu;y>`kn5`j(W|lfB!Bnq}kVJdx>I7MiT@3tI-*>ONfetV)cm zZ)xE^#XLHSKbphjIO8>olu5qNF;r#yxjd0UT!x(9OC(#sWnPWxU8aaovbC$`FGJK- zM{!CPItlHiodu;t83MdF_1Dkan_l20lAT-+%VYb+L#Q)mT0P2?H}InS$c)~Mx~D3*v(W| za6I=@@zd#2Mwc*`w=M?dA9Nn|A@Tf7=$6uat;lcbT5_XBOi6r9@`6@&NsmLCqpn9T zzocB+#P;az84czPtM|eDg=IC-4pGqlVE+JazlJ)ugZyQvU&C#0Y|=25(8fWOk_QK; zKr7%=2bS#YtdG!>+Pd(XBbuQe*GUpokYt}+6ZNm9{tC{ zWPRUYvB;{?F_j1ebN7XO)$#k`h>Gsp#g>6>qgcGw11#WHRCC54DauusQjo3{_AR1Ep1C zGz0}eP6#5pl&o;HR(ELv;ZQbkMMdWb)Trc+4?NT6Vk`ME`JsZJIN;>^Q=T_F1dL=% z_cdxjI#Q~DV;Sf%(x$e7bzJx)OPsg_rjmG@=A$;Yh?9hBd5 z+dpS7kKQ2tmHz-}4~O3zJR^8*u5GSkO;$BhMa{0@955g3lV9k|@XN=(7x>%ol zJSBH;sCau{vX15_QZO8#CphCIl76|YD#r0Tm5WIcH#a&xz+{yV$`sIj&v+^JP>%#rlXe_}D) zSlexnPrZ)sN}U$w&B5iPVUhkBu54_1l4opQhd~CXt6N&fb*IL+b3)-}UhJNtwk6b_ z>EaBH2b<7=_YHjQdT7!N>FwmUo)HGE1Q+mZG03i&4y0iIIIrhx{tDOoGTZz+@lKcV zgTcCG)z*h|8lxDKDiHM#k3wscmd8as&%|qu4*vjLl|_xjFfz7I;D0P;y&p>OCGMA} zG=Ti=_mr{gj=!aA8mVY?Doo6`xthvnw!I;TMgIV1mr_KK2aKn^b;4&oN_IWN;LnOq zof~L#-K4Oo-hr`|eB=+-zhC|l_@3j&-Uhcz%Wcxx1zD7+!h?^`n%?FU*!KSb4#gF+ zG!PAopS#=eu8v2UP!t@mYDW!Dr(xmkP6xGUr$uK68-S*t5#DK6_t2r=WhNDPLbL%yLHT3XYf^MPkchVqkDi59L6Jq_}vMRf!|{ z)n~bj40i2m0G8V32f;HZpa!nKs~?i~&u{bbwm^DNDMsad#Uk#0K=rO;U7l+uj`GP~ zxg;=6 zrJ-pp+Xp0P1bQFNf%A4cZ4%x&aL<6;5J>$i(IVAgx3`AfB?x+L&sqqSx(g-A;HeC~ zYeoymM^>6WGBv!4?O6vn-H*<=yPt^~drurUlO#+|(YW<$)Ydfm z7EHfwjU-7CqkQrWSBF8?E$4ZV39N|U%Vgu}SxP-d>DxkRtg(2hyWP<+;*qR%$d&KUB2g6P2?Pm^fk#tsX?de0a4?&cWmRJG`U1|65r2x7$oF& z#d34Lr3CMST?23l?LZb*^UOfZtg>{is13c%zR3<7rg2-2ZG z$cr44tX(iiY69kNrD|ZgA!JF{)el;NSlz8y05@QsPf7%E65Y!czz$E82?S!e&lq^Z z(?Wt7l5|CHyd*dS+ci;FDlxfU&%}CGu?!{D6nuT|aBHZv(I611wrJWW9S?zSq6CGLmQ~s&>r-F*wZ8lfZi6>c1$) zMRd(=JgNh~?uf`04crYaKSi~YDG81s266I?=DCkPO*Zo)FccHcDFY$ZH7z?=F~K6j z(&vsVnV!x|bd*CRjG4v{Z>4JlXUgnwy1MHSIg-spiH=Z?NvW)&n^U!BxVQ2gaj=f{ zW`|Ru+s44zNTx75fzq@m&~3}N+9hX?cLesJw2_CXL7?fjvlqTkIFp6OdGxQIyg{uk zt@>Qp%%)+-%6{!>7Cxt*1V1ZRU@hHbp4H%BJ% zjMg(iP+eIXSmBlzMp2BY>ss%sOB6)3h2q8ltiZvV@X47WQM8VDs;?B+2nd)V&*O?t zRs!5=W5GW@I@7~RCJa!PT8rEZg;~M|j}7#!yXhx{WQN($@zSQiP;WVvOhl60;;pL7 z^0R^g?T#y0>?v$pk(w;C5XT<1opJ>6ml)hQ`cpDU<)?|AhVThqn5axl%&1#vC$FU@ z>}+i5>m($sZpAu%YhM2VMY_9yyi8G#MjYa&oC;cXr22a-Q%Fe-_p7{zP?Rf29D+s0 zDf1ypBzKP_af~;9IjoN~{{XCzki)p8DFjuH2U)$)wMpfQZ?e6{O5}mdW1;u2FV%b* zV|OG5D@EQ8SB^gl&h4A29mj`s7SoYTmhPyX$l%u2x2e6IyEH%`?SayZbP4QnRyxzn z%4TxVlfx0z*QMCO1d+osmd*xqR|H~i34$`H#%V63ySGJ{A$Wn$UX{EeN~Vq{Rrr^C z;qAs4pYbh*$n26M1oL0g8~rABe9* zg_>(t^Ha)lF`rsALv)fpYWR_%&#FDda86(<+>lNP9gTTEf%KcrBVKRp){-lQkV(B5 zsAJ!O^sJ>*peUpCN5U4mmDQX#7km8vK6>;yFRra1SZ*Dp0PxuAYY9uB%7I3pfXs(E z$ie2b?sSNOk)tlBu*E@>ktL>(OQD^2C_gQ9_I3sfh*CMi#y>+rCYGZePc{cJi{wt>qfp8wjW@KFx_EjDTyO)b&f761bh=!()@hP}4Ob)}H3lA2m0y&UEO61nMjFFrGcXk=ANuSSv$O~`oq|_9t_dMss?J0rOWn~A0n(`TM z+TKSJ$(7Czy#>ZLFf}^}?$}64XzQ4}x4|J)fTJBdP-{)}Jb%Xi8yD8n%&K?x+I!c_ z8s45>E2{wvPLGg$$iXA?p&b#Gk?;@2{{RC&hi_xPSlOXwCvxzqpI^$n=Sb8bg`sCf znO6sCJUwSLDV;67wT=D4wV`OU_ro3msP!!_Cr5@@)RMbInXD=qv~yNo6Vhx=w2<7x zZ}X8ZMtA4@is|5zIBn)gWs#v@ymNwiu4zl4&22JsEUO}}R16XZIIU5tO=CQAB5cEe zHy*!A%;`v$^H67*E@O&BR>|H60Qy(6d@=ZfmbU{>)R44t9C@M7$N}`Ox?7FL$J8~EgyHYu2E~JoKER!|DuGY^?R{f}XrAUH?=RTD( zL`Gc=WQusMRf5MVE;z?Zr>~d1i)3)@Omnn#t}3uMgt{LZc=JRsUK!FCbXF_?9V@}S zQ9NEu@;D)h${cg=n&))&H;lR;KI+<>miJT1Zy_)`gU?WV*RT8s__L{eI`MXssN1oU z#$3TN>;y-js#xjm84l^C-_b=Usrf4a~-5!Q>@9;8R=C7?sLgoL7p%0>gzGh z<*>JykV9iR_OF^X{{RN-Huny)L>*5cj`h%~m>3JCNdl}hLWRimu4?N;neL=BC<(^Q zdRB9$H7gNZcq>h49$3)@*-W&GxH1+7bQc&%}85!Ja@JPOLiIccHv4xw!uSfr%JBXOLm&3ROs zHT;vT)~votx!@kZTIfbDC!=W4-$`z(cM75Q=qqJ3rn8-n?^MTfx|r2hoG}%&UCwzeM4MCl8^+T{&ZV*PsXv`I^Hzn)lqp<#4l0Q< zj;H0YeVd;cIPdRVzO!?Gc>_xuM=?*72kbqoIiq-^m}^G43najKtL;@5%ts-LR4fia zE5%_mWe(wY3tL81M+cS4SQFgt01HM48ynf31B9Z7L6lPuA{ay#%s#_UvB;uur`pzJ;FyPmb`-9anHRoliIfIaylNP1)i*z ze`FHx`6p&#c8nYxR=32T7ijiA7F{}3^Wu_W^S=QBN#IMw(w9|+)!kPHaSup<=*{VxZ-Os$Jx)i8_W2Q_C4b&vaku{fuS}k1 z%04i-y3#!PtsDIaF#w<9{{TE!i1>$An^jQo&RXTh?Z=Sb*{r1(xN|dO!v|EF-fJ7n zbwD3-k~wZT=N|nlnb!O>tAA=pFRhx#X~N*+EAA?z9;L?Ri+_gq7m!DAtS7fw17XO^ zA78`#E7UwYrt0>V?`L~$2#HC+RLMU1{Hn`0BGD2%d$-gQCUU3BI3c4s<36>Bd_13L zYm1bgSkO1`6k`VzGa8aSnoFHV-&76fnABxT<2#0U{A<-TPY=g`Z!Pko7LN_jQhkMF zmr_@e?q3XkBYZQ}^vz@8U&JSfdBCJXSbzjz?g~iz*y&y;@dNftv(vQMb-w_3*7*2w zckf^2WO#b7TX@-3O;i^Zx*i z+GqCFhLx*ZSxFa&ZHa4ps2l?7M+(EC98)!nyO_TY{7tD%Y#U!QMKB^cBRR($WM|gB zJ6Dp;K)ccu#|z}_E(;&7C={*G^G_DvJhpc7A&%Nym3Ve#jtAZcrA^_@ZqHD#O*yBC z4Y@Is^Nz=g2t9+t+ARM7VuHypC%A!fL1WH6E7&v-4a;q8Wm|WW0f4My$zP==$&)(m zOG3A}va@FU4DgP)+Kt@zx7PQz3Qow3XV;EvILVswo{y{e zB14Vn!{${ZuhXcnHPtjIHK8OLn9f52Td4m4JXY|V3m#qK9RlaW#7m=o{ndj! zdq37Mx4%lcDW301(sf-ZNfpnXo58+(S2e8~Mi@$JV-@Rz%S8~N=b zj$}Z@mSy0duj5-q8&ipaJ@x&);s~a>kpu2h8-ew&eE50s6(Q2~8z#PyHBXfgNI2?p zPq!7LvDBl{o7&RLtH38~wuRNh24CX!&0m98@njwoy=@xa=4j$aVv(jB7{T|(DpUr4QZCsdZ<$*MJRhY}cQm(SR-XC2e`qJF_Xi1VY$ZVW}OgRxhh~qZaW(!Bz zCNs78KDFTXa_bh_jm^YRt*qJHK4bgA>UgBxw<$-lX8XpP^moP7tYNrt9Dsg;t=ixC zk6b!^v?#9;+*%n)&OKC$V1pz882r&t{QN1h%tn+C0IKE9hMt;jN@MNi5cc z+qeL{X9S;9UpI@YdbFvYsiu4)(WkY!jiy^xVU%*Y$@Ddwci@dC%Kiqn5<@Z#g}3Eo z{4rlUUV5F-rge?sKMvn%^ZBm=%!B}iMq4ATc=oTRPvLz;MQa?BSj&uL@S?aSRqSav zBWF(3(pVnG9O_ZF?Bxod!u85CoYp5My8iw!Sy!K2c2-wMYjvtetg%?*XLqk9QK z!>IoNBD)`pUKa2)dL$Pf7mDI5zbHo}TmJxdao-=6cg93YEb^}a=@;5=>$@n@Q=O=c z2*y1t?_Dd!my>v6-qz~YIBie{bAyI#b*q-9XNY*A^hxyxX!hju@(#7+8jbaZgK9B( zTV>8b#@-Hkdes1Vz4XSa$cS zUMq%nu?(T4QPdjRF|nEAI)=E`6Ohb&t^woj)R$f)v->(o9fITU6UACaitL}lliFTt zNjuHD7x{84+pat&dB=KIFH3b5Zr5uOxm5&#oM+hAJ#VNB z_ya6!8>kst%2BXIYChh=JJ|tc!5#fRm44GqmruC!Vh!cv40;?<7h`yCaDNgsxV5`g zg%BthA%WzPUS(&dUs_qkZ*bCG6rM`Xb#L@-~P#d4S~ip^`M(j(|G!VcxTwF_ey5Thm3zNsyJ5 zeFs{}fJGRLPYSlv)DCf35}Dq8pG%U}CW=OBanPQhg?Z+yZi4-!0Pu0RjsT$7oahdV zE7^IXXyuE6!+O_M;afGgLUIEG!uP5~N>@7zxgk-w5gUIh=C3Ypg9xW>>OScev6Q27 zq+Tj-4^3^lAG9klKnTbguUoRbwA7y7{?(*`xZHub&!ul2iS}o57CnO}=k6-C-1ET; zN~+HnPCFl3W^HsZKey6bY17P(ZGeNGpx2h_dd<+0qu#?U!6$+!8YoL<+KLsBgSdCD zT^0>K@oc1YOg7a9gLICneL3vRGdoG-w>ifKyS*Cj&_W}WBCB!r_o#E$z|rxi?bYx< zNBF<+s^;d_8(2I?r2#w=tV8`R2k<%X-oKXb6KJzpYBv@)DAr1h$S`w)3E=v4t?=`+ zv5cUsaaVSeTeN4+YlTsq`kLxIFFm_&S&GRE5%<4@iuDsYnz8yn@Q=k2c#B6>n4)SH z$f)H{56}URrF&0_JS>{_hvm$qmP3<_j+K>GZA~9O{0#B_yZbkMa`1PEG{?8L&@OMp zdXjG1WK7@|KAhL}hoJb1&i>a)*KA%XwA<(-xkf{k`G#;Cr+VO=uc_Z1k5jPJCA52e zLdn(kkl$MRufqEEzOSdk`5TIik4nrWkDotnpV^;C{jI-dpNKySZtQI@wfJo$ywRRl z+EQQ%03M^C=j~tT>EmAnYMvU`d_mz|ddcm)L84C9H*iQWW04775243e)|{;LIi`5~ zz((;R$s2>f#~)19c?@7NKPwT6>WjJO)moVDqBkn4GQ&SFT+}NHZ;hs3Fe&Ie)|{t0 zmq8_nWV*KI?afBA5=xQ4<35!rvCPrF0m)VC#axzkNYyRI%#0r9w>RcPqiui*8*>VB zxdepy7c?5v>}o>7Sno?RFacA_cud1S3>w#O&g^EfC1#o%K`Rz+GSn76R$r4)1p1tv2 zRan~Sqvt;v_$oa@$5PVaWL-fcX>FPEer4nj(!M;uOS_wAOVkYCHMQ&@_3Ux_~Q=Z#pB`k^XqE#wafS*=p|grWaOVSKJ?3?4-=3 zQjuCgjPMWT?Mx`jjD+Dt;G+7{MqH5DD!`GBqZG}fv7rb%9yulo*d%dRZKaWASlxtZ zM@x^R3JMAjY0uw5mxv z<0qVZSA&U((2I7kxP%GD*63@*{{Uz|hPqe9AB5f|@J7FCFRh+8nhdrZa8rN}Zn@&T ziicG*`8V+&!fC!A{6p0|A$WG&MI$|<$bZ(upHtj$E6eQULw zvoW{_BaWSDIBFNAM7G5CZMlXrI#qpE?XLtSZPgh@7_arMBQA`=Zk2RQFq z(Q2{9aD@Uy+3Wq|S^?@>7NYX1N=iwd2m^}i;PNg33J19KG#I#$Ug_{OEC2<2gV5J0 zE|sU25<_Kg4cdY?s`6>3INZ_G;GMYgbB{q*?=WLAF$&5$QZ+HGuJ0_|`9+8wn0BnY z%l28re2bIN_n-?i*ct6oY|P!0uNI zk)K-Aof^dJBA)KjC4p2bDCCaSy$6UdZ0(`iWt9oRK9w$g0!*WI{+Du^hMRI=yCeo( z-9~xi^RAIG(FBqOUJ0}Qp#-FS`-Ds#R~j1MCG%v^m=Yn;(MS$B1KE$6h789c@SIOKqO)|M;Tp1`XO^}ZG`j7N3kR~LQZxGra7 zGVOI>K^=`N5h&Q}bgL+q*AooXCeJ0G=C7s95-;62*81y42p4?QI&@1-V@UFdt|bS1H>C6 zaOi7p3wbRZEK@OD<851&!O5MTnH|z7GD6#rBZ}O&wU5jmX)4+7I#iNxLumqh#|$&Y zW9p?*%u%@S-heP6H&(>4Zk_#WRykgLY;3kO*ONuYk-~Vl!tnTl*~3WN!TEqSTf%-8 z{?CxHk0$|l0fRvFvFlMpks!*9j-Irp%6au1RVT#AIRN^O z#-d|4G}9WQrPC{WkzF#!Y^VYN7u&sL1-m&cWLX2S+m55Par&x8mwsE7^7~*_#uo-| z#r8{R6oyh%RB_+IbLYksGY&W$8q^LWQ?!v}E)W$R@lAGZaR~TT?m%T9{bO`#5kmo$`8mQazihh6+OC^Pmzi z1=p7&26MrzyZf72l0=dO=lGV38`$Kpv^0=zjx!`@jkNo132gFVh9ep1JBk47blX3( zsd5)_Iq6%B%$o~iY3YN~fF*006astJ z=Z51P*T48_Ce-axMuDAh4s)JrxtJS+L$;aSCXlDG7_4{j__DuMS%%Vc&q^*cdGr`8 zOFVA`jkj@S^sXydeOB1K(6UKp1_&azK$+n_IJik|T4=skT$WyhpK9?xGE2lVh!_*y zt8^mnpLpBFw5Xv${A<7P+!l#^j&0c(ADCmc0+g(Krke$#y3K4x!^Yl~-KBxlE!b`e zC>&?KV<}wEotz!fyV5lhu{shDARY~Nw%UdCu|~o}i~+QsD=LT-nY5NuzGhG{j{Rzs zw=Ea$<>Q_*D6aEV!13I~HgpUHXWvB>6Ojuki?#+UDF9nPUB@bGQVXSogj7}? z#Y;eFsYg=S8T9TdE67!mS(O=BVE+L1=s;nKZJ`B9FB}XCfL;0cK%;0pREI=o>y-mBDMkR}eisiwJ`SqQ*};+%P@R7dmEVLu~dOKWRP*1^m{!OypSf@k;gTZssY1zm%utcrw#9z z_jZ>qzq@G98TYR`(LNr_qiUA&Mi%ZY{qN!&_pFJz^?sLh_Ew1w#M`&0r9S3Vx<*qN zC#c7245ZB4N#co{1SsiSFAtgl+&X50L~FN?5jf~GR_yK)Y;FWF=Bg^}4uon>@Dx;z zR!%wVTut=uUEHE6&rX%HL`;Pz5-!ug9)_!3X?E9YuQU<42Rw=ji|S-HoMJ8lZBf%5 zstB~Q=LRCt^(0men!%B^gckA#>yFszREo>I7{hXU6H=9p41H@#d$lE_KBFBoUK_4> zDp;;%lkF3tI|6gjJ%FYIVq0a5#UT5q0Q%N8wWr!g0gygR52Zx*E*qX(s6dS2uMK|vF6`YI!w}&|TF&OD&fgF`HE-e_3g*sxW=oVGBLSV>#=ki{Md9sB z!#b_qrSliJSqnt_aq^S*e+pc{UD1urRODM{)?W`iWpCn}7#9R= z8yEeYa7Xj6YP9hDOB+cH$tcF{=ugUh4R^v_4r!W36K;wEtHK9RIjUfXbe`6B9PS); zt1&epyp|YbmRDtwhybYR^{ktrdn*#I{y-$;9#7#>D5FI)%{*D*wbrdAhBkDaRP`7Q z?V9+L#kRIuV%}M5!u&Ku{HYls!Q+Eis%pnXXWaRB#IZ+hJd0~F5o2pH$2Sa2s>BmXMlCsn@x`HCk_D-w$}T` zrmtHK)jp^2v&R^=ytlj`INz}LHTBPfHMo+_7DF6wo&l*QhP#zA{2bLHs|3dd`_0g}@n~%4}hBdi`iB zNp3xo{?2puThi%|l}{>briSwBOLbd>MRpw)wNo)6itNK8hA6}jUP-B^)F*;Nb#CfQ zak04-QI}&GMQl1LX1|Sxmm)dmrw8d(0H0}!WgSS!@AVa`sodvr=v-KKM#bXao}P>E zS+l?n<&BhQgU3pVNY*BNnqph1`Q6;}>M3;lV)LuIsUY;n70%ytPIhn0qd{>KpxNf0 zes1**wu|;|WJrL|1!)r5blJma9Diq-RYK=!?0qVDlH{V@vV@7w-o5LfO_$@=ri`Vn z)Z%FHc*g_qs#gi-lK381QGq}wb23()cao=S)y+B>byyzVrda3X0NoGN&}js4zB2G~ z#RLzjEEC2LnH#1y?i~pC;=F_H7Rx-at=Z+ujGyBAP+Kbq^*d{cJj8+Ri(wcX?jGZ{ zUYk(3w1~|DI!)W2GfA>J*;db3I+Wf{ri}|{8;|k*E4S0_?Bbn#sSBw4!G>v)RJ4KE5%Z99pK9ZuNY-s7l1pp3 zR?UbeGJaP2)TN_Fv6aq>%I)ARe#9W&fgfPuzs@QvtH}4}GzzFP>Z7G(%D#m5dW09y z`Dq)W83!YiOD($Fpp{vauOkPF%3F+rEnTgMoXE;EoU!j(KiiR9!sW_IyQ2zmxs=wV z&?N2_Xf_kyCa1cAZbXXUA=-HztD*$h#VkwPKibr=B!LJrAgez}xWj*Yf{u8hs+l^K6cf#L4 z!k1Q>-M5)=rBzrfD!J}6+qFkBCQ(O&T=-}H5!Z!avqwBKA?@_dP9k-XUdHl4EN8L) zVzXx~n%x$fOHUBp!x^@^OV?rxsNw$r40_i~W#Nk`5^c$D(`+Yu@DL8Bkr(QC&x$oE ztnTDXc~|VD@TxIZJQ?CmJ4Mt5%<{zm#^)uzU!5_)}A|)1LJq zx&k(d8zX_&b~OaLFcx6OM)hl5MyF_RUN8ODO*F9_;unvRkfQf7gD#dxwE+jCUQ#soP(X; z%D%SJJU?YEjPt=FD@MT?gMtV@&Z_UAr6bI|XR27(%NUwylP+Sz{JV`$ZQ*mTXp`!i zZS3apBifOt&WwNBP;x%Cq1Y~q zORvwI4h=JCG5#+2c^||(+ii0}lkEEaxM`$kV6pD@9Ad26>N@s@ww4}zpJeicO_?_Z zZ^z&IR5_cc(DJVs>KfEqj43qN)}mQLh7tUY+^|2VTJ((??%Pn)r8k$#w*f+;5t9D^ zk3mFd+||V4ZzsCYZy7G2cema07{*RLO?EyE7FzOZ66v!^aVp`8t7I>^6=qgBKNv@< zK`DW3-dR3Xx+N>ItEuC4G*|$2NLoBGx&s{E3MS0-nTV9=`R-+34Diq2WzJ%ShJq zsawSITY2sNwobUu;rdrB%Zjo-NYMTwd`{G^wJ!JM!axk(Y*%vq0Oha=Lxo5522 zMes`9{{U|^GU+!7g=U0hlz%V6wNQzr&XVWi9-j$~uH#+1x0Yab4ttvA{9k)#skBpD zBrrGLEQ0{jaIq!;(qe5aYFCpus)H+;7v0kg@I=1O1^|#w1xLQ1K)l8@AEX&qukE z=&0TtE(B+u0IwDvCXy)M%4t0GBptx6O;STp>T_^wv1*qSK=DY!2XJ0LTC&zKBOkO0 zAcgr1MoIL|GL@0b&1EZ1@~nY@z$!a>)HVa&yoc8y(Mh(XBNL?H=y_ z$Th-1p_xEDDdV5Uy>H;}i8Py?P4q2(IbjAlBT}b{K^-dzR2*X2=@(uCvGCq5>gp9Of+ z!;#&1g39jUbm`@0IV6HW;CpZ?T2U%4$2H&&i#{H_v(&sP<4qp!D|?k5UF;`uw{gJ? zq*o!NANWPCZX&h4Hu`f&Q5}Xd3F4uesH3#Ait|yqPdesXxeI)~K3eqqKM#w$a}<`* zPb(*sH$*ZGty6$*JE6CdNMQLlOFqt$8+^CAWvQgR0oVvP$10ZTqq* z?rYz}GbaPs^*@LDr(CP8n zY5s799^>U{n>fOc>t2OAHdkjPqR+oR6n@Q-GTU2U$8iFo^EYF6C!N1a{Sf$j@T}?Y zY>`82m0vHIhXWV~r&_j(in2bF&^{l1j^-vXE4rQtTx9y!w-tFeTosgr%DnNiz?W#pQ# zqif>cR9Iz<-NnHNsTI*qnmNtu&xoySFp_&VXutunT(-0EYeBl7>`@t`kPn$;9W&`& z9Ei0~x#bdHL95(P1gRj0es?ciR(_|a!D$zi@;sJpz%S5y8i_{5w9>LY58?ia6}72l z{p?$^m>9tH74)T)7RJF|7sDvz6U|FzEabdFXC3{W#0+D>1ad3E8%H(@@kZOoeh3&C z&1W+QwfPS>elReW; zxSl(tD6SCy01zBkp<8%r=K4ryM3amXq;P4aavLq{J`1{%)uyyWHyF;^`Tqc4)MC)! zkm?H1Fnzywy*^NjCh)ws+NH1CVMdWpN?k(LB)5@flbnIq z9<|E643fMPBdY^}xN$%a`z5rbMJy4sbm`OHt=K)qjKU~bA_J4?Xc6ib8jqg}FdJX^ zhI-SrEmlY^W{*BtV0zQLF=+B9*CK>mV{#r#oOK^c#I)7)?M#=7NUow{a7TIzjXtK# z@+h}qYFNv+DhE+sL$CO6SJ!T0)a^X+EHduc#I8uls^(_O4D~A()J~UgZ*=>%4Y)mP zXG)E(k)u};%A+_vO-m%|tn_3lYx$r50D^>k2DA88@n-W@ z(A2h#e=4$|Qp(vpk&ZjnQ+lRD?0$D$MGHjif%=d`DHzAGs*pa=@d9I0)84&`PUky` z^k>0u8m^13Sy~AqhFP2>*~wkK0sTdOo!HFjVG6v-a|@s-(YFK90TPQBK2**wh^l44$10LBPC z@m!p`G&S`xk_~KqG@!5yDI{Oin|--i5P{d*-Fe z%`=)v{&97CYnWu2Zf)KM&mo2@gp)G61O)SrpL)F*qlT;s@>^^xvv7V(j8TUQm|Pxz z8r4fnGm*zzqMO^4Vk3{rUbz1Dd(~aIoTQA(F^phfniNrEoqUyL+#KhfF{iQw)co*Xbg)U>d&~?iQ zo^=iLLpfZK|7J@~r^F)m# z5)w&tBapv_4Sy(K7rqnU{5A20wWXv3`#Nb@+T$Z>87v5{ib#oSc)!^0Bi_#$RmtRZ zC(^U$QRPfs-{v25bv4@!j%gygMy&}#PV^rxTlxCc*tX0*Q?@_{2B_wiQ$2K3}?#LFy32^CRTVZFtDzyAOP^ZlmvkJ(@LnbCEqt}g!o;SSaUY1);)EeoR% z1LLt$I{H*S?9RA8hxWyzPZXA#SBP|L%X{As>hP`Aw6PzM0yB?nWPS#{7S{6k+c1nQ zvqj4P0JJN?#oacJm@}xgmFIyak~1FR$n-UzJ)&w6&!*q0nggDP2OnDTYVLH>XW>Wu z6l3;x)_fhRLGc?x5r1Nk@043P6UAqkUotQe#m~#zA~`Yw0Px;^3p4m3H!Dj$iAY!*iBzf z)-9LFgqxNB09eHE$J(hQf~_+o+ijS*1ar#zS9fWqX_wj*_kp1MQpgooj(~IhD6z)X zv^Y!K6p%B-%sJX|+POLHU1ST(jP>-bqqd?wC&3z)m#5yvZ>V0hcM{|%enIvX>spLy z8C#n}u#ZlRDVfgZRGOEVtdcsWMn1L8%XM>aEM*ACUU|&|jI}x|9c~y2XW%wBV05T8 zT}~<8e6?0Sqp#yZsX{5F+E@eA2a4wPy9qTwfmFunlev5SXadcSrE_I&mX}P^r$L|L zr`&5geWrZL6XzguYLr_hQMr?=>Uur0Z%edCVV*l0n?k>jQi%klJ9G>W>s0BpHwJZo z*&s&$06yo(2RN=ac~IQ7t&+sf%2$@= zWAo)7IpVW#H0{=c;?eVX7=oC=Bi4gsmO72Z4g->|IVfunP}i?~_{fD?COA0$0YD6b zNUr4D!tUT#uy}6HTR0*{S7@*>NuUm!P>9J90o#$yaB;_|tnypUDVakS4UU7-fD4-$ zlWfVHau3((TY73*wX>zvTiGM zQg92L4Ej(*mqVdj8>_2faTp&V4y2!vr;XyTJV_2|XYZ2aqDeiK5*Od7v6tO&GwPM2r z(XnTY>^#so8=8Dj-XkswNT;D4MQ-FogkW*hds0?3D@0H}=*H2~i=d>BHawh+98&`Y z6q~n>HYEw~+P4xo?BfpzP@Bklure0PE~D_f#HKfE;tpSh&)JQVWSzOk=O50A}6Wg4s#PJ%RMB z<(gQ@0f`x{Ao>9_$^w73N99@PTfU0bpi$(1|l* z3mHTO<6-Axtx=25GnJiAM-|64sJV@eu>@5BhpVtayE5aGP(E^`mZDc^*%h#O2BBRd zIGi&^pq~DfT&!HhsbyPWkjR^puJ1}@cMybfptBl$jFZka4MOYf?F0}@3Wmw~PCq*C zbgSohlXia^ryjsaV!pV#eZRj$_*UyiVnQTVAB9Ei?kg4Gx`Nq=Rwz%uTEW)d?&4&7 zSlN@kQkYx04V+gebIciArVVr<S~eVUL&zxGU{cW_m(+K3}f29ANb+mt2@QI)NL5V{{ZVG zUZuF`38p5`l5~r|?7R1g?mVOn0p$Fr{NlUIEp5Y;c*`N^%Ge^NTNBJ*l^*1!#ENHB zVpn(Y))u6*N=u|@(gH95#b9U7$t-+9t3w=Ck-{8jB{R4w`qUbqohvMo*~uHT9;$E- zDpYK17jnLbbrsB${{Uzf)7l)En>fh_y>CxCiBeWE%_{PPIS1=oQ#w-adUwNL77Y_o zjn!5L-~Oxvh9|9k=cQ`1T>b7&`FiA@0L_7 zsUFgJAXm$O7d$%J&zW&)XdYxz3Z64ilR6@NRj+t)**w{;gco5*DA>ZEOxKiNTFqxM zfW)PUJoEy#1}>i)7e70|+qrD?!R=qEAG3JWd{v=|EN_zi;bd)!`FR&O$OElqDO}D^ zQ}6E$t;M`CuPZvX4m%G@_sP;CsSqUk1 zB$X_nXPV=8I%69hW`&{LTHUOzZXV#_akn3hdcMCRUGqnMYhpwC6(^uK2)rG9<^xcsjy&xbJ$ZxCHSXXMvgZi zV~#~=NdyeR*JPdY2YS{%W=v6R@}$923WIZfD+cb)AvghwoM!}5nib1YX->#_SI-qu zH0H9FLdk_J4MP529|l=TbZ#Qu48_B53)Yq2QtpatXDy}5 zqp)a+BPXG)`$g05;%iw}6_AiJzyJrWMaXvOVd_2^dwcN7HLUh)!Ps+y?83Tu1R@2F z7^CBpx02OymvM43!Z>?Z-6X1r++gFMN}+teX^lY&>;?eEXhE-_q8OG;DjnSqwRfup ztnn8zN3;+a4ov`6VP^w`Dub^qIK^{Xy_Kx5_K0R(&D1Xd)-SQNb~0KqYXV3Y${Fl4 znwAUr=Z--+Q5y^lj)t(BD9*W)OqL8a$ql~@0O{|VTWBocMT`?L&kPR~qbn08cYYqx zA-oR8c`&DN3UQjZ;vG2IqdLY5uU&_?y=xhEGP&Uz{PJ&@G))HdAP{qk%(K)Pt;BoT tvbf`@HE4X@N|zsLhUChw9x^lYbB}7dZ!Ns&!4;9f02Sy>Y>HZ+|JlLYP - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/lws-common.js b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/lws-common.js deleted file mode 100644 index 5d56ca2..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/lws-common.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * This section around grayOut came from here: - * http://www.codingforums.com/archive/index.php/t-151720.html - * Assumed public domain - * - * Init like this in your main html script, this also reapplies the gray - * - * lws_gray_out(true,{'zindex':'499'}); - * - * To remove the gray - * - * lws_gray_out(false); - * - */ - -function gsize(ptype) -{ - var h = document.compatMode === "CSS1Compat" && - !window.opera ? - document.documentElement.clientHeight : - document.body.clientHeight; - var w = document.compatMode === "CSS1Compat" && - !window.opera ? - document.documentElement.clientWidth : - document.body.clientWidth; - var pageWidth, pageHeight, t; - - if (document.body && - (document.body.scrollWidth || document.body.scrollHeight)) { - t = document.body.scrollWidth; - pageWidth = (w > t) ? ("" + w + "px") : ("" + (t) + "px"); - t = document.body.scrollHeight; - pageHeight = (h > t) ? ("" + h + "px") : ("" + (t) + "px"); - } else if (document.body.offsetWidth) { - t = document.body.offsetWidth; - pageWidth = (w > t) ? ("" + w + "px") : ("" + (t) + "px"); - t = document.body.offsetHeight; - pageHeight =(h > t) ? ("" + h + "px") : ("" + (t) + "px"); - } else { - pageWidth = "100%"; - pageHeight = "100%"; - } - return (ptype === 1) ? pageWidth : pageHeight; -} - -function addEvent( obj, type, fn ) { - if ( obj.attachEvent ) { - obj["e" + type + fn] = fn; - obj[type+fn] = function() { obj["e" + type + fn]( window.event );}; - obj.attachEvent("on" + type, obj[type + fn]); - } else - obj.addEventListener(type, fn, false); -} - -function removeEvent( obj, type, fn ) { - if ( obj.detachEvent ) { - obj.detachEvent("on" + type, obj[type + fn]); - obj[type + fn] = null; - } else - obj.removeEventListener(type, fn, false); -} - -function lws_gray_out(vis, _options) { - - var options = _options || {}; - var zindex = options.zindex || 50; - var opacity = options.opacity || 70; - var opaque = (opacity / 100); - var bgcolor = options.bgcolor || "#000000"; - var dark = document.getElementById("darkenScreenObject"); - - if (!dark) { - var tbody = document.getElementsByTagName("body")[0]; - var tnode = document.createElement("div"); - tnode.style.position = "absolute"; - tnode.style.top = "0px"; - tnode.style.left = "0px"; - tnode.style.overflow = "hidden"; - tnode.style.display ="none"; - tnode.id = "darkenScreenObject"; - tbody.appendChild(tnode); - dark = document.getElementById("darkenScreenObject"); - } - if (vis) { - dark.style.opacity = opaque; - dark.style.MozOpacity = opaque; - // dark.style.filter ='alpha(opacity='+opacity+')'; - dark.style.zIndex = zindex; - dark.style.backgroundColor = bgcolor; - dark.style.width = gsize(1); - dark.style.height = gsize(0); - dark.style.display = "block"; - addEvent(window, "resize", - function() { - dark.style.height = gsize(0); - dark.style.width = gsize(1); - } - ); - } else { - dark.style.display = "none"; - removeEvent(window, "resize", - function() { - dark.style.height = gsize(0); - dark.style.width = gsize(1); - } - ); - } -} - -/* - * end of grayOut related stuff - */ - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -function lws_san(s) -{ - if (s.search("<") !== -1) - return "invalid string"; - - return s; -} diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.css b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.css deleted file mode 100644 index 6cd32e7..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.css +++ /dev/null @@ -1,190 +0,0 @@ - -span.title { - font-size:18pt; - font-family: Arial; - font-weight:normal; - text-align:center; - color:#000000; -} -span.mount { - font-size:10pt; - font-family: Arial; - font-weight:normal; - text-align:center; - color:#000000; -} -span.mountname { - font-size:14pt; - font-family: Arial; - font-weight:bold; - text-align:center; - color:#404010; -} -span.n { - font-size:12pt; - font-family: Arial; - font-weight:normal; - text-align:center; - color:#808020; -} -span.v { - font-size:12pt; - font-family: Arial; - font-weight:bold; - text-align:center; - color:#202020; -} -span.m1 { - font-size:12pt; - font-family: Arial; - font-weight:bold; - text-align:center; - color:#202020; -} -span.m2 { - font-size:12pt; - font-family: Arial; - font-weight:normal; - text-align:center; - color:#202020; -} - -.browser { font-size:12pt; font-family: Arial; font-weight:normal; text-align:center; color:#ffff00; vertical-align:middle; text-align:center; background:#d0b070; padding:12px; -webkit-border-radius:10px; border-radius:10px;} -.group2 { vertical-align:middle; - text-align:center; - background:#f0f0e0; - padding:12px; - -webkit-border-radius:10px; - border-radius:10px; } -.explain { vertical-align:middle; - text-align:center; - background:#f0f0c0; padding:12px; - -webkit-border-radius:10px; - border-radius:10px; - color:#404000; - padding:3px; -} -td.wsstatus { vertical-align:middle; width:200px; height:50px; - text-align:center; - background:#f0f0c0; padding:6px; - -webkit-border-radius:8px; - border-radius:8px; - color:#404000; } -.tdform { vertical-align:middle; width:200px; height:50px; - text-align:center; - background:#f0f0d0; padding:6px; - -webkit-border-radius:8px; - margin:10px; - border-radius:8px; - border: 1px solid black; - border-collapse: collapse;font-size:18pt; font-family: Arial; font-weight:normal; text-align:center; color:#000000; - color:#404000; } - -td.l { vertical-align:middle; - text-align:center; - background:#d0d0b0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - -td.bigger { font-size:120%; } - -div.bgw { background:white } -div.conninfo { - border: solid 2px #e0d040; - padding: 4px; - width: 500px; - height:350px; - overflow: auto; -} -span.f12 { font-size:12pt } - -.content { vertical-align:top; text-align:center; background:#fffff0; padding:12px; -webkit-border-radius:10px; border-radius:10px; } -.canvas { vertical-align:top; text-align:center; background:#efefd0; padding:12px; -webkit-border-radius:10px; border-radius:10px; } -.tabs { - position: relative; - min-height: 750px; /* This part sucks */ - clear: both; - margin: 25px 0; -} -.tab { - float: left; -} -.tab label { - background: #eee; - padding: 10px; - border: 1px solid #ccc; - margin-left: -1px; - position: relative; - left: 1px; -} -.tab [type=radio] { - display: none; -} -.content { - position: absolute; - top: 28px; - left: 0; - background: white; - right: 0; - bottom: 0; - padding: 20px; - border: 1px solid #ccc; -} -[type=radio]:checked ~ label { - background: white; - border-bottom: 1px solid white; - z-index: 2; -} -[type=radio]:checked ~ label ~ .content { - z-index: 1; -} - - td.wsstatus { vertical-align:middle; width:200px; height:50px; - text-align:center; - background:#f0f0c0; padding:6px; - -webkit-border-radius:8px; - border-radius:8px; - color:#404000; } - td.l { vertical-align:middle; - text-align:center; - background:#d0d0b0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.dl { vertical-align:middle; - text-align:center; - background:#c0c0c0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.c { vertical-align:middle; - text-align:center; - background:#c0c0a0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.c0 { vertical-align:middle; - text-align:center; - background:#b0b090; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.dc0 { vertical-align:middle; - text-align:center; - background:#a0a0a0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.c1 { vertical-align:middle; - text-align:center; - background:#c0c0c0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } - td.t { vertical-align:middle; - text-align:center; - background:#e0e0c0; - padding:3px; - -webkit-border-radius:3px; - border-radius:3px; } \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.html b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.html deleted file mode 100644 index 047bcc8..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/test.html +++ /dev/null @@ -1,261 +0,0 @@ - - - - - - - - Minimal Websocket test app - - - -

-
- - - -
- - - - - - - - - - -
- - - -
-
...
-
-
-Click Here to -have the test server send a big picture by http. -
-
- -
- - - -
-
- - - - - - - - - - - - -
- Websocket connection not initialized - dumb increment-protocol
-The incrementing number is coming from the server at 20Hz and is individual for -each connection to the server... try opening a second browser window. -

-The button sends a message over the websocket link to ask the server -to zero just this connection's number. -
- - -
-
-
-
- -
- - - -
-
- - - - - - - - - - - - - -
- Websocket connection not initialized - - lws-mirror-protocol -
-
-Use the mouse to draw on the canvas below -- all other browser windows open -on this page see your drawing in realtime and you can see any of theirs as -well. -

-The lws-mirror protocol doesn't interpret what is being sent to it, it just -re-sends it to every other websocket it has a connection with using that -protocol, including the guy who sent the packet. -

-libwebsockets-test-client joins in by spamming circles on to this -shared canvas when run. -
-
Drawing color: - -
-
-
-
-
-
- -
- - - -
-
- - - - - - - - - - - - - - -
- -
- Websocket connection not initialized - Open and close testing -
-To help with open and close testing, you can open and close a connection by -hand using the buttons.
- "Close" closes the connection from the browser with code 3000 - and reason 'Bye!".
- "Request Server Close" sends a message asking the server to -initiate the close, which it does with code 1001 and reason "Seeya". -
- - -
- -
-
-
- -
- - - -
-
- - - - - - - - - - - - -
-
Websocket connection not initialized
-
- Server Info - - -
-This information is sent by the server over a ws[s] link and updated live -whenever the information changes server-side. -
-
-
-
- -
- - - -
-
- - - - - - - - - - - - - - -
-POST Form testing -
-This tests POST handling in lws. -
- FORM 1: send with urlencoded POST body args
-
- Some text: -
- -
-
- FORM 2: send with multipart/form-data
- (can handle file upload, test limited to 100KB)
-
- Some text: - -
-   -
- -
-
-
-
-
- -
-
- -Looking for support? -
https://libwebsockets.org, - - https://github.com/warmcat/libwebsockets
-Join the mailing list: - - https://libwebsockets.org/mailman/listinfo/libwebsockets - -
- - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/wss-over-h2.png b/minimal-examples/http-server/minimal-http-server-eventlib-demos/mount-origin/wss-over-h2.png deleted file mode 100644 index 1a62d8327f688a51276cc420128dd54ddfeaba62..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2727 zcmV;Y3Rv}tP)ooeXXq+FZEx=t4=9dI;lx@01SAPJ^I0rBdx zEcjVt;1O^-0 zzAC+5FFqGBoLz-RqY3&igdo7DxX0tc?RMjKyA@;%H)u2(1VKO)MMP0V5QH8wf<*z3 z#{)crMzeodEAB&gcLI%#pJFr`F&d5N^?F26M5ECJ?f~D)d%aEQbid)ZTZSzMT>qw zua_33yIbVlcPFxE&p67e__DXiReR~?y|r^(KKR3Wo+qE{L`N$LXl?BwVArm@0#>}X)*}DEsmVls{&+dR zc5N{ljZ#JwJ#5%;2(4D~KPf2<%$!***SEEW(cEm5^BEcEc>M96)t)e+jz=H;QH@IK zOu%4p5gF-_^S&Kmx9fQO?a2TnCN^U>I{~P#52ve3;y5oa4ZB^6tK-MlGiOc(pd{7p z7UX_{VZ?|oxo?1ylF<|wC#X>&0IDxT{(itmz_x9ZsH+m%P$|pX1hdu ze5+jF)MO$rFHO#`U0V`xyxy|qKjh{8TS45}vr){RovrXQAd!6d@CQ8g)c1<=0|#zp z>Cy+)s&i!~5Ea$QhaXB_`Gy-hdF{2M0E`~pLqJVUB*%~648Yj2zwyW;!JX8yW#3U+ z`YuUH&2m|7Z6upEWdz6?jorNW-hK)S{zX`rOD^BDXB;IZqgCm1MLR%JE*600%a6zo zG9jTwmf5}gPP|@e$=9qYK@dXUEN{E5k;1}%D$0%=i4Q5Cl~qn|Zjqww=+VB<2)%Jd zKEP+AF){7D@WOGqeDvrZ0#2QhWX6nXVBWm)e)}Iassm9BJcfrtOia5X?<0GlP<0M~ zz|$bW>eVF*`}H>gAA+s^v}ubOGp2#blg|+s*GhM{$kwfYQF!z*V;TUcs~f@8sf$^# zpp4YidPa@v;Nry*tXefq(Pv6ZgDQP4g8-!yOiF6z>8F*U%zp=fw6*8YSFZkv6E|`2 zU?K+(CbDhYq@ZI7f|n&rBxjeOpUUaeR@SYX8gg#&@vVx3(?D=VP7vUYHx8lGDX-4G zcfjh^hXc0t`|nSnFX(h`wr>4GzHId;Z?j!u-@XF*&M;7@-T^n=)InC3w3?BTj)02? zNTF)+;uF~II>N)9isPyeYu1#Il+;XdaRL<;R+^i`5JfLBG3`vAT+7m>|K;}E8)f-@ z`wG~*cO2h-doyRxM$+7DBs|MDtF#zSVaLp5-+6N34+S}pRU!koHtX3(R0`E(z zp^AXgQpm~*U7wo^bLR$@FIoggjs$O$kN{tQ9lWl*9Cq%6!a}I5ls<^~pwU2TDm?H2 zy!awSM-NyH1ym8>aKO($hpumL4_;nZ7rLD&29|Yp!t&*?eLHwU916W&IB`NsTee8# zKl^Oo^ACn0X95lfJp3>e749%Uz+!<&zn>h=pAX%K!2q$b1E2F%C7`B8N|y^kkPbJgsnX%b>xCbG zgzuH#Kl$jR(0$C9A(1dp47qcFKQtN`J61|Q6coVGqoLcp`l`AyhLjKJ4^>t0%rl|u zpLhc9y;ohI!-jy`TDbpy>9iLN_uK-o9+!(D7X_q0f`FAPp}sz_UaN(i9GEZxKKl%uPH1USek)kG z5XOxg*my&ZfLXKpz74uukeAnYAL;1>Ct%2#Kt;u$JKm5Z;LpZ&0tR~mgAG+qaMC0x zu7`rz9K8I~PeUJsdWW!+CqsV-9VkN0BN$W>pw&WDl-lV)c=*6&EtdXet|qP-6VPZh za`MMDL4Zc1Q9P39_sNVP2(+{;psFg7GiT25%P+ske`fBvQUm=Hq0wj%MG=oD0*l3h z*=&}65%zmB6F`9PC578Pndatb&Y%B*s;WvF8X9mo9K-4zfglKIwOS$~B8ZQVW8}z@ zn9XK%I-R@|f)XH#A|{gwo6SaYaxx~9iMF;j#Y2PP0G}>KqYgvMj zbmDfqhn4;NAU}@MYB3lL==FMZI-TqXf)W5dPiK5-IBor45ClO^{*fRg0ib+jFx&|U h_G%RRA>dlT{{S|F>$)6GJhcD-002ovPDHLkV1mh3C^rBA diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/CMakeLists.txt deleted file mode 100644 index 2d804a7..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/CMakeLists.txt +++ /dev/null @@ -1,97 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-eventlib-foreign) -set(SRCS minimal-http-server-eventlib-foreign.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(LWS_WITH_LIBUV)\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" LWS_WITH_LIBUV) -CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(LWS_WITH_LIBEVENT)\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" LWS_WITH_LIBEVENT) -CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(LWS_WITH_LIBEV)\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" LWS_WITH_LIBEV) - -if (LWS_WITH_LIBUV) - set(extralibs ${extralibs} uv) -endif() -if (LWS_WITH_LIBEVENT) - set(extralibs ${extralibs} event) -endif() -if (LWS_WITH_LIBEV) - set(extralibs ${extralibs} ev) -endif() - -message("Extra libs: ${extralibs}") - -if (NOT LWS_WITH_LIBUV AND NOT LWS_WITH_LIBEVENT AND NOT LWS_WITH_LIBEV) - set(requirements 0) -endif() - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared ${extralibs}) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets ${extralibs}) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/README.md b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/README.md deleted file mode 100644 index 4c21fa1..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/README.md +++ /dev/null @@ -1,58 +0,0 @@ -# lws minimal http server eventlib foreign - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 ---uv|Use the libuv event library (lws must have been configured with `-DLWS_WITH_LIBUV=1`) ---event|Use the libevent library (lws must have been configured with `-DLWS_WITH_LIBEVENT=1`) ---ev|Use the libev event library (lws must have been configured with `-DLWS_WITH_LIBEV=1`) - -Notice libevent and libev cannot coexist in the one library. But all the other combinations are OK. - -x|libuv|libevent|libev ----|---|---|--- -libuv|-|OK|OK -libevent|OK|-|no -libev|OK|no|- - -This demonstrates having lws take part in a libuv loop owned by -something else, with its own objects running in the loop. - -Lws can join the loop, and clean up perfectly after itself without -leaving anything behind or making trouble in the larger loop, which -does not need to stop during lws creation or destruction. - -First the foreign loop is created with a 1s timer, and runs alone for 5s. - -Then the lws context is created inside the timer callback and runs for 10s... -during this period you can visit http://localhost:7681 for normal lws -service using the foreign loop. - -After the 10s are up, the lws context is destroyed inside the foreign loop -timer. The foreign loop runs alone again for a further 5s and then -exits itself. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-eventlib-foreign -[2018/03/29 12:19:31:3480] USER: LWS minimal http server eventlib + foreign loop | visit http://localhost:7681 -[2018/03/29 12:19:31:3724] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/29 12:19:31:3804] NOTICE: Using foreign event loop... -[2018/03/29 12:19:31:3938] USER: Foreign 1Hz timer -[2018/03/29 12:19:32:4011] USER: Foreign 1Hz timer -[2018/03/29 12:19:33:4024] USER: Foreign 1Hz timer -^C[2018/03/29 12:19:33:8868] NOTICE: Signal 2 caught, exiting... -[2018/03/29 12:19:33:8963] USER: main: starting exit cleanup... -[2018/03/29 12:19:33:9064] USER: main: lws context destroyed: cleaning the foreign loop -[2018/03/29 12:19:33:9108] USER: main: exiting... -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/minimal-http-server-eventlib-foreign.c b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/minimal-http-server-eventlib-foreign.c deleted file mode 100644 index 053f1bf..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/minimal-http-server-eventlib-foreign.c +++ /dev/null @@ -1,425 +0,0 @@ -/* - * lws-minimal-http-server-eventlib-foreign - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws that - * uses a libuv event loop created outside lws. It shows how lws can - * participate in someone else's event loop and clean up after itself. - * - * You choose the event loop to work with at runtime, by giving the - * --uv, --event or --ev switch. Lws has to have been configured to build the - * selected event lib support. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -struct lws_context_creation_info info; -static struct lws_context *context; -static int lifetime = 5, reported; - -static void foreign_timer_service(void *foreign_loop); - -enum { - TEST_STATE_CREATE_LWS_CONTEXT, - TEST_STATE_DESTROY_LWS_CONTEXT, - TEST_STATE_EXIT -}; - -static int sequence = TEST_STATE_CREATE_LWS_CONTEXT; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static void -signal_cb(int signum) -{ - lwsl_notice("Signal %d caught, exiting...\n", signum); - - switch (signum) { - case SIGTERM: - case SIGINT: - break; - default: - break; - } - - lws_context_destroy(context); -} - -/* - * The event-loop specific foreign loop code, one set for each event loop lib - * - * Only the code in this section is specific to the event library used. - */ - -#if defined(LWS_WITH_LIBUV) - -static uv_loop_t loop_uv; -static uv_timer_t timer_outer_uv; -static uv_signal_t sighandler_uv; - -static void -timer_cb_uv(uv_timer_t *t) -{ - foreign_timer_service(&loop_uv); -} - -static void -signal_cb_uv(uv_signal_t *watcher, int signum) -{ - signal_cb(signum); -} - -static void -foreign_event_loop_init_and_run_libuv(void) -{ - /* we create and start our "foreign loop" */ - -#if (UV_VERSION_MAJOR > 0) // Travis... - uv_loop_init(&loop_uv); -#endif - uv_signal_init(&loop_uv, &sighandler_uv); - uv_signal_start(&sighandler_uv, signal_cb_uv, SIGINT); - - uv_timer_init(&loop_uv, &timer_outer_uv); -#if (UV_VERSION_MAJOR > 0) // Travis... - uv_timer_start(&timer_outer_uv, timer_cb_uv, 0, 1000); -#else - (void)timer_cb_uv; -#endif - - uv_run(&loop_uv, UV_RUN_DEFAULT); -} - -static void -foreign_event_loop_stop_libuv(void) -{ - uv_stop(&loop_uv); -} - -static void -foreign_event_loop_cleanup_libuv(void) -{ - /* cleanup the foreign loop assets */ - - uv_timer_stop(&timer_outer_uv); - uv_close((uv_handle_t*)&timer_outer_uv, NULL); - uv_signal_stop(&sighandler_uv); - uv_close((uv_handle_t *)&sighandler_uv, NULL); - - uv_run(&loop_uv, UV_RUN_DEFAULT); -#if (UV_VERSION_MAJOR > 0) // Travis... - uv_loop_close(&loop_uv); -#endif -} - -#endif - -#if defined(LWS_WITH_LIBEVENT) - -static struct event_base *loop_event; -static struct event *timer_outer_event; -static struct event *sighandler_event; - -static void -timer_cb_event(int fd, short event, void *arg) -{ - foreign_timer_service(loop_event); -} - -static void -signal_cb_event(int fd, short event, void *arg) -{ - signal_cb((int)(lws_intptr_t)arg); -} - -static void -foreign_event_loop_init_and_run_libevent(void) -{ - struct timeval tv; - - /* we create and start our "foreign loop" */ - - tv.tv_sec = 1; - tv.tv_usec = 0; - - loop_event = event_base_new(); - - sighandler_event = evsignal_new(loop_event, SIGINT, signal_cb_event, - (void*)SIGINT); - - timer_outer_event = event_new(loop_event, -1, EV_PERSIST, - timer_cb_event, NULL); - //evtimer_new(loop_event, timer_cb_event, NULL); - evtimer_add(timer_outer_event, &tv); - - event_base_loop(loop_event, 0); -} - -static void -foreign_event_loop_stop_libevent(void) -{ - event_base_loopexit(loop_event, NULL); -} - -static void -foreign_event_loop_cleanup_libevent(void) -{ - /* cleanup the foreign loop assets */ - - evtimer_del(timer_outer_event); - event_free(timer_outer_event); - evsignal_del(sighandler_event); - event_free(sighandler_event); - - event_base_loop(loop_event, 0); - event_base_free(loop_event); -} - -#endif - -#if defined(LWS_WITH_LIBEV) - -static struct ev_loop *loop_ev; -static struct ev_timer timer_outer_ev; -static struct ev_signal sighandler_ev; - -static void -timer_cb_ev(struct ev_loop *loop, struct ev_timer *watcher, int revents) -{ - foreign_timer_service(loop_ev); -} - -static void -signal_cb_ev(struct ev_loop *loop, struct ev_signal *watcher, int revents) -{ - signal_cb(watcher->signum); -} - -static void -foreign_event_loop_init_and_run_libev(void) -{ - /* we create and start our "foreign loop" */ - - loop_ev = ev_loop_new(0); - - ev_signal_init(&sighandler_ev, signal_cb_ev, SIGINT); - ev_signal_start(loop_ev, &sighandler_ev); - - ev_timer_init(&timer_outer_ev, timer_cb_ev, 0, 1); - ev_timer_start(loop_ev, &timer_outer_ev); - - ev_run(loop_ev, 0); -} - -static void -foreign_event_loop_stop_libev(void) -{ - ev_break(loop_ev, EVBREAK_ALL); -} - -static void -foreign_event_loop_cleanup_libev(void) -{ - /* cleanup the foreign loop assets */ - - ev_timer_stop(loop_ev, &timer_outer_ev); - ev_signal_stop(loop_ev, &sighandler_ev); - - ev_run(loop_ev, UV_RUN_DEFAULT); - ev_loop_destroy(loop_ev); -} - -#endif - -/* this is called at 1Hz using a foreign loop timer */ - -static void -foreign_timer_service(void *foreign_loop) -{ - void *foreign_loops[1]; - - lwsl_user("Foreign 1Hz timer\n"); - - if (sequence == TEST_STATE_EXIT && !context && !reported) { - /* - * at this point the lws_context_destroy() we did earlier - * has completed and the entire context is wholly destroyed - */ - lwsl_user("lws_destroy_context() done, continuing for 5s\n"); - reported = 1; - } - - if (--lifetime) - return; - - switch (sequence++) { - case TEST_STATE_CREATE_LWS_CONTEXT: - /* this only has to exist for the duration of create context */ - foreign_loops[0] = foreign_loop; - info.foreign_loops = foreign_loops; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return; - } - lwsl_user("LWS Context created and will be active for 10s\n"); - lifetime = 11; - break; - - case TEST_STATE_DESTROY_LWS_CONTEXT: - /* cleanup the lws part */ - lwsl_user("Destroying lws context and continuing loop for 5s\n"); - lws_context_destroy(context); - lifetime = 6; - break; - - case TEST_STATE_EXIT: - lwsl_user("Deciding to exit foreign loop too\n"); -#if defined(LWS_WITH_LIBUV) - if (info.options & LWS_SERVER_OPTION_LIBUV) - foreign_event_loop_stop_libuv(); -#endif -#if defined(LWS_WITH_LIBEVENT) - if (info.options & LWS_SERVER_OPTION_LIBEVENT) - foreign_event_loop_stop_libevent(); -#endif -#if defined(LWS_WITH_LIBEV) - if (info.options & LWS_SERVER_OPTION_LIBEV) - foreign_event_loop_stop_libev(); -#endif - break; - default: - break; - } -} - -int main(int argc, const char **argv) -{ - const char *p; - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server eventlib + foreign loop |" - " visit http://localhost:7681\n"); - - /* - * We prepare the info here, but don't use it until later in the - * timer callback, to demonstrate the independence of the foreign loop - * and lws. - */ - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.pcontext = &context; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "--uv")) - info.options |= LWS_SERVER_OPTION_LIBUV; - else - if (lws_cmdline_option(argc, argv, "--event")) - info.options |= LWS_SERVER_OPTION_LIBEVENT; - else - if (lws_cmdline_option(argc, argv, "--ev")) - info.options |= LWS_SERVER_OPTION_LIBEV; - else { - lwsl_err("This app only makes sense when used\n"); - lwsl_err(" with a foreign loop, --uv, --event, or --ev\n"); - - return 1; - } - - lwsl_user(" This app creates a foreign event loop with a timer +\n"); - lwsl_user(" signalhandler, and performs a test in three phases:\n"); - lwsl_user("\n"); - lwsl_user(" 1) 5s: Runs the loop with just the timer\n"); - lwsl_user(" 2) 10s: create an lws context serving on localhost:7681\n"); - lwsl_user(" using the same foreign loop. Destroy it after 10s.\n"); - lwsl_user(" 3) 5s: Run the loop again with just the timer\n"); - lwsl_user("\n"); - lwsl_user(" Finally close only the timer and signalhandler and\n"); - lwsl_user(" exit the loop cleanly\n"); - lwsl_user("\n"); - - /* foreign loop specific startup and run */ - -#if defined(LWS_WITH_LIBUV) - if (info.options & LWS_SERVER_OPTION_LIBUV) - foreign_event_loop_init_and_run_libuv(); -#endif -#if defined(LWS_WITH_LIBEVENT) - if (info.options & LWS_SERVER_OPTION_LIBEVENT) - foreign_event_loop_init_and_run_libevent(); -#endif -#if defined(LWS_WITH_LIBEV) - if (info.options & LWS_SERVER_OPTION_LIBEV) - foreign_event_loop_init_and_run_libev(); -#endif - - lws_context_destroy(context); - - /* foreign loop specific cleanup and exit */ - -#if defined(LWS_WITH_LIBUV) - if (info.options & LWS_SERVER_OPTION_LIBUV) - foreign_event_loop_cleanup_libuv(); -#endif -#if defined(LWS_WITH_LIBEVENT) - if (info.options & LWS_SERVER_OPTION_LIBEVENT) - foreign_event_loop_cleanup_libevent(); -#endif -#if defined(LWS_WITH_LIBEV) - if (info.options & LWS_SERVER_OPTION_LIBEV) - foreign_event_loop_cleanup_libev(); -#endif - - lwsl_user("%s: exiting...\n", __func__); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/index.html deleted file mode 100644 index bee267a..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/index.html +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - -
- - Hello from the minimal http server eventlib foreign loop example. -
- The timer messages in the console are coming from
- a timer on the event library lib loop set up before the lws context
- started using it. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-foreign/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-eventlib-smp/CMakeLists.txt deleted file mode 100644 index a60b3d6..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/CMakeLists.txt +++ /dev/null @@ -1,91 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-eventlib-smp) -set(SRCS minimal-http-server-eventlib-smp.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared pthread) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/README.md b/minimal-examples/http-server/minimal-http-server-eventlib-smp/README.md deleted file mode 100644 index 56dfcc4..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# lws minimal http server eventlib - -WARNING: this is under development, it's not stable. - -This demonstrates a minimal http server that can use any of the event libraries - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --t |Number of threads to use. ---uv|Use the libuv event library (lws must have been configured with `-DLWS_WITH_LIBUV=1`) ---event|Use the libevent library (lws must have been configured with `-DLWS_WITH_LIBEVENT=1`) ---ev|Use the libev event library (lws must have been configured with `-DLWS_WITH_LIBEV=1`) - -## build - -lilbwebsockets must have been built with `LWS_MAX_SMP` greater than 1 to use -multiple threads. - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-eventlib-smp -[2018/03/04 09:30:02:7986] USER: LWS minimal http server-eventlib | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/minimal-http-server-eventlib-smp.c b/minimal-examples/http-server/minimal-http-server-eventlib-smp/minimal-http-server-eventlib-smp.c deleted file mode 100644 index 7e166e6..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/minimal-http-server-eventlib-smp.c +++ /dev/null @@ -1,159 +0,0 @@ -/* - * lws-minimal-http-server-eventlib-smp - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http[s] server that can work with any of the - * supported event loop backends, or the default poll() one. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -#include - -#define COUNT_THREADS 8 - -static struct lws_context *context; -static volatile int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void *thread_service(void *threadid) -{ - while (lws_service_tsi(context, 10000, - (int)(lws_intptr_t)threadid) >= 0 && - !interrupted) - ; - - pthread_exit(NULL); - - return NULL; -} - -void signal_cb(void *handle, int signum) -{ - interrupted = 1; - - switch (signum) { - case SIGTERM: - case SIGINT: - break; - default: - lwsl_err("%s: signal %d\n", __func__, signum); - break; - } - lws_context_destroy(context); -} - -void sigint_handler(int sig) -{ - signal_cb(NULL, sig); -} - -int main(int argc, const char **argv) -{ - pthread_t pthread_service[COUNT_THREADS]; - struct lws_context_creation_info info; - const char *p; - void *retval; - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server eventlib SMP | visit http://localhost:7681\n"); - lwsl_user(" [-s (ssl)] [--uv (libuv)] [--ev (libev)] [--event (libevent)]\n"); - lwsl_user("WARNING: Not stable, under development!\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.pcontext = &context; - info.signal_cb = signal_cb; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if ((p = lws_cmdline_option(argc, argv, "-t"))) { - info.count_threads = atoi(p); - if (info.count_threads < 1 || info.count_threads > LWS_MAX_SMP) - return 1; - } else - info.count_threads = COUNT_THREADS; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "--uv")) - info.options |= LWS_SERVER_OPTION_LIBUV; - else - if (lws_cmdline_option(argc, argv, "--event")) - info.options |= LWS_SERVER_OPTION_LIBEVENT; - else - if (lws_cmdline_option(argc, argv, "--ev")) - info.options |= LWS_SERVER_OPTION_LIBEV; - else - signal(SIGINT, sigint_handler); - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - lwsl_notice(" Service threads: %d\n", lws_get_count_threads(context)); - - /* start all the service threads */ - - for (n = 0; n < lws_get_count_threads(context); n++) - if (pthread_create(&pthread_service[n], NULL, thread_service, - (void *)(lws_intptr_t)n)) - lwsl_err("Failed to start service thread\n"); - - /* wait for all the service threads to exit */ - - while ((--n) >= 0) - pthread_join(pthread_service[n], &retval); - - lwsl_notice("%s: calling external context destroy\n", __func__); - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/index.html deleted file mode 100644 index 8da5b66..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - -
- - Hello from the minimal http server event loop example. -
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib-smp/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-eventlib/CMakeLists.txt deleted file mode 100644 index 66a4452..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-eventlib) -set(SRCS minimal-http-server-eventlib.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/README.md b/minimal-examples/http-server/minimal-http-server-eventlib/README.md deleted file mode 100644 index ecfb733..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# lws minimal http server eventlib - -This demonstrates a minimal http server that can use any of the event libraries - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 ---uv|Use the libuv event library (lws must have been configured with `-DLWS_WITH_LIBUV=1`) ---event|Use the libevent library (lws must have been configured with `-DLWS_WITH_LIBEVENT=1`) ---ev|Use the libev event library (lws must have been configured with `-DLWS_WITH_LIBEV=1`) - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-eventlib -[2018/03/04 09:30:02:7986] USER: LWS minimal http server-eventlib | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/minimal-http-server-eventlib.c b/minimal-examples/http-server/minimal-http-server-eventlib/minimal-http-server-eventlib.c deleted file mode 100644 index 9c2d49c..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/minimal-http-server-eventlib.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * lws-minimal-http-server-eventlib - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http[s] server that can work with any of the - * supported event loop backends, or the default poll() one. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static struct lws_context *context; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void signal_cb(void *handle, int signum) -{ - switch (signum) { - case SIGTERM: - case SIGINT: - break; - default: - lwsl_err("%s: signal %d\n", __func__, signum); - break; - } - lws_context_destroy(context); -} - -void sigint_handler(int sig) -{ - signal_cb(NULL, sig); -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server eventlib | visit http://localhost:7681\n"); - lwsl_user(" [-s (ssl)] [--uv (libuv)] [--ev (libev)] [--event (libevent)]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.pcontext = &context; - info.signal_cb = signal_cb; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "--uv")) - info.options |= LWS_SERVER_OPTION_LIBUV; - else - if (lws_cmdline_option(argc, argv, "--event")) - info.options |= LWS_SERVER_OPTION_LIBEVENT; - else - if (lws_cmdline_option(argc, argv, "--ev")) - info.options |= LWS_SERVER_OPTION_LIBEV; - else - signal(SIGINT, sigint_handler); - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (!lws_service(context, 0)) - ; - - lwsl_info("calling external context destroy\n"); - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/index.html deleted file mode 100644 index 8da5b66..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - -
- - Hello from the minimal http server event loop example. -
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-eventlib/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-get/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-form-get/CMakeLists.txt deleted file mode 100644 index 1b43056..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-form-get) -set(SRCS minimal-http-server-form-get.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-form-get/README.md b/minimal-examples/http-server/minimal-http-server-form-get/README.md deleted file mode 100644 index a22d8c2..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# lws minimal http server form GET - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-form-get -[2018/03/29 08:29:41:7044] USER: LWS minimal http server form GET | visit http://localhost:7681 -[2018/03/29 08:29:41:7044] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/29 08:29:49:8601] USER: text1: (len 4) 'xxxx' -[2018/03/29 08:29:49:8601] USER: send: (len 6) 'Submit' -``` - -Visit http://localhost:7681, submit the form. - -The form parameters are dumped to the log and you are redirected to a different page. diff --git a/minimal-examples/http-server/minimal-http-server-form-get/minimal-http-server-form-get.c b/minimal-examples/http-server/minimal-http-server-form-get/minimal-http-server-form-get.c deleted file mode 100644 index de149ac..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/minimal-http-server-form-get.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * lws-minimal-http-server-form-get - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that performs a form GET with a couple - * of parameters. It dumps the parameters to the console log and redirects - * to another page. - */ - -#include -#include -#include - -static int interrupted; - -static const char * param_names[] = { - "text1", - "send" -}; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], - *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - 1]; - const char *val; - int n; - - switch (reason) { - case LWS_CALLBACK_HTTP: - - if (!lws_hdr_total_length(wsi, WSI_TOKEN_GET_URI)) - /* not a GET */ - break; - lwsl_err("%s: %s\n", __func__, (const char *)in); - if (strcmp((const char *)in, "/form1")) - /* not our form URL */ - break; - - /* we just dump the decoded things to the log */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(param_names); n++) { - val = lws_get_urlarg_by_name(wsi, param_names[n], - (char *)buf, sizeof(buf)); - if (!val) - lwsl_user("%s: undefined\n", param_names[n]); - else - lwsl_user("%s: (len %d) '%s'\n", param_names[n], - (int)strlen((const char *)buf),buf); - } - - /* - * Our response is to redirect to a static page. We could - * have generated a dynamic html page here instead. - */ - - if (lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - (unsigned char *)"after-form1.html", - 16, &p, end) < 0) - return -1; - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", callback_http, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server GET | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/404.html deleted file mode 100644 index 6f85f25..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/after-form1.html b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/after-form1.html deleted file mode 100644 index 938ccb7..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/after-form1.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - -
- - Thanks for posting the form. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/index.html deleted file mode 100644 index 147ce5f..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/index.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - -
- - Hello from the minimal http form GET example. -

- This is a static page served from ./mount-origin/index.html. -

- When you submit the form below, you will see the values of the
- form parameters reported on the console log. -

-

- Type some text:
-
- -
- - - diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-get/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-form-post-file/CMakeLists.txt deleted file mode 100644 index 1cffb98..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-form-post-file) -set(SRCS minimal-http-server-form-post-file.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/README.md b/minimal-examples/http-server/minimal-http-server-form-post-file/README.md deleted file mode 100644 index d0fce2c..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# lws minimal http server form POST file - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-form-post-file -[2018/03/29 09:58:30:8800] USER: LWS minimal http server POST file | visit http://localhost:7681 -[2018/03/29 09:58:30:8800] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/29 09:58:45:3284] USER: file_upload_cb: upload done, written 2729 to wss-over-h2.png -[2018/03/29 09:58:45:3284] USER: text1: (len 3) 'xxx' -[2018/03/29 09:58:45:3284] USER: send: (len 6) 'Submit' -``` - -Visit http://localhost:7681, select a file to upload and submit the form. - -The file is uploaded and saved in the cwd, the form parameters are dumped to the log and -you are redirected to a different page. diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/minimal-http-server-form-post-file.c b/minimal-examples/http-server/minimal-http-server-form-post-file/minimal-http-server-form-post-file.c deleted file mode 100644 index 14d78cd..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/minimal-http-server-form-post-file.c +++ /dev/null @@ -1,260 +0,0 @@ -/* - * lws-minimal-http-server-form-post-file - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that performs POST with a couple - * of parameters and a file upload, all in multipart (mime) form mode. - * It saves the uploaded file in the current directory, dumps the parameters to - * the console log and redirects to another page. - */ - -#include -#include -#include -#include -#include -#include -#include - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - struct lws_spa *spa; /* lws helper decodes multipart form */ - char filename[128]; /* the filename of the uploaded file */ - unsigned long long file_length; /* the amount of bytes uploaded */ - int fd; /* fd on file being saved */ -}; - -static int interrupted; - -static const char * const param_names[] = { - "text1", - "send", -}; - -enum enum_param_names { - EPN_TEXT1, - EPN_SEND, -}; - -static int -file_upload_cb(void *data, const char *name, const char *filename, - char *buf, int len, enum lws_spa_fileupload_states state) -{ - struct pss *pss = (struct pss *)data; - - switch (state) { - case LWS_UFS_OPEN: - /* take a copy of the provided filename */ - lws_strncpy(pss->filename, filename, sizeof(pss->filename) - 1); - /* remove any scary things like .. */ - lws_filename_purify_inplace(pss->filename); - /* open a file of that name for write in the cwd */ - pss->fd = lws_open(pss->filename, O_CREAT | O_TRUNC | O_RDWR, 0600); - if (pss->fd == -1) { - lwsl_notice("Failed to open output file %s\n", - pss->filename); - return 1; - } - break; - case LWS_UFS_FINAL_CONTENT: - case LWS_UFS_CONTENT: - if (len) { - int n; - - pss->file_length += len; - - n = write(pss->fd, buf, len); - if (n < len) { - lwsl_notice("Problem writing file %d\n", errno); - } - } - if (state == LWS_UFS_CONTENT) - /* wasn't the last part of the file */ - break; - - /* the file upload is completed */ - - lwsl_user("%s: upload done, written %lld to %s\n", __func__, - pss->file_length, pss->filename); - - close(pss->fd); - pss->fd = -1; - break; - case LWS_UFS_CLOSE: - break; - } - - return 0; -} - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], *start = &buf[LWS_PRE], - *p = start, *end = &buf[sizeof(buf) - 1]; - struct pss *pss = (struct pss *)user; - int n; - - switch (reason) { - case LWS_CALLBACK_HTTP: - - /* - * Manually report that our form target URL exists - * - * you can also do this by adding a mount for the form URL - * to the protocol with type LWSMPRO_CALLBACK, then no need - * to trap LWS_CALLBACK_HTTP. - */ - - if (!strcmp((const char *)in, "/form1")) - /* assertively allow it to exist in the URL space */ - return 0; - - /* default to 404-ing the URL if not mounted */ - break; - - case LWS_CALLBACK_HTTP_BODY: - - /* create the POST argument parser if not already existing */ - - if (!pss->spa) { - pss->spa = lws_spa_create(wsi, param_names, - LWS_ARRAY_SIZE(param_names), 1024, - file_upload_cb, pss); - if (!pss->spa) - return -1; - } - - /* let it parse the POST data */ - - if (lws_spa_process(pss->spa, in, (int)len)) - return -1; - break; - - case LWS_CALLBACK_HTTP_BODY_COMPLETION: - - /* inform the spa no more payload data coming */ - - lws_spa_finalize(pss->spa); - - /* we just dump the decoded things to the log */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(param_names); n++) { - if (!lws_spa_get_string(pss->spa, n)) - lwsl_user("%s: undefined\n", param_names[n]); - else - lwsl_user("%s: (len %d) '%s'\n", - param_names[n], - lws_spa_get_length(pss->spa, n), - lws_spa_get_string(pss->spa, n)); - } - - /* - * Our response is to redirect to a static page. We could - * have generated a dynamic html page here instead. - */ - - if (lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - (unsigned char *)"after-form1.html", - 16, &p, end) < 0) - return -1; - - break; - - case LWS_CALLBACK_HTTP_DROP_PROTOCOL: - /* called when our wsi user_space is going to be destroyed */ - if (pss->spa) { - lws_spa_destroy(pss->spa); - pss->spa = NULL; - } - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", callback_http, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server POST file | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/404.html deleted file mode 100644 index 6f85f25..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/after-form1.html b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/after-form1.html deleted file mode 100644 index b01062e..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/after-form1.html +++ /dev/null @@ -1,14 +0,0 @@ - - - - - - -
- - Thanks for posting the form.
-
- The file you uploaded should have been saved in the current directory. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/index.html deleted file mode 100644 index 06ffd24..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/index.html +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - -
- - Hello from the minimal http form POST file example. -

- This is a static page served from ./mount-origin/index.html. -

- When you POST the form below, you will see the values of the
- form parameters reported on the console log, and the file will - be uploaded and saved in the current working directory. -

-

- Type some text:
-
-
- Select a file to upload: -   -
-
- -
- - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-file/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-form-post-lwsac/CMakeLists.txt deleted file mode 100644 index eec5b06..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-form-post-lwsac) -set(SRCS minimal-http-server-form-post.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/README.md b/minimal-examples/http-server/minimal-http-server-form-post-lwsac/README.md deleted file mode 100644 index 910b4ce..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# lws minimal http server form POST lwsac - -Shows how to parse the form using an lwsac to hold the form data - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-form-post-lwsac -[2018/03/29 08:29:41:7044] USER: LWS minimal http server form POST | visit http://localhost:7681 -[2018/03/29 08:29:41:7044] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/29 08:29:49:8601] USER: text1: (len 4) 'xxxx' -[2018/03/29 08:29:49:8601] USER: send: (len 6) 'Submit' -``` - -Visit http://localhost:7681, submit the form. - -The form parameters are dumped to the log and you are redirected to a different page. diff --git a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/minimal-http-server-form-post.c b/minimal-examples/http-server/minimal-http-server-form-post-lwsac/minimal-http-server-form-post.c deleted file mode 100644 index 5acc255..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post-lwsac/minimal-http-server-form-post.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * lws-minimal-http-server-form-post-lwsac - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that performs POST with a couple - * of parameters. It dumps the parameters to the console log and redirects - * to another page. - */ - -#include -#include -#include - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - struct lws_spa *spa; - struct lwsac *ac; -}; - -static int interrupted; - -static const char * const param_names[] = { - "text1", - "send", -}; - -enum enum_param_names { - EPN_TEXT1, - EPN_SEND, -}; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], *start = &buf[LWS_PRE], - *p = start, *end = &buf[sizeof(buf) - 1]; - int n; - - switch (reason) { - case LWS_CALLBACK_HTTP: - - /* - * Manually report that our form target URL exists - * - * you can also do this by adding a mount for the form URL - * to the protocol with type LWSMPRO_CALLBACK, then no need - * to trap LWS_CALLBACK_HTTP. - */ - - if (!strcmp((const char *)in, "/form1")) - /* assertively allow it to exist in the URL space */ - return 0; - - /* default to 404-ing the URL if not mounted */ - break; - - case LWS_CALLBACK_HTTP_BODY: - - /* create the POST argument parser if not already existing */ - - if (!pss->spa) { - lws_spa_create_info_t i; - - memset(&i, 0, sizeof(i)); - i.param_names = param_names; - i.count_params = LWS_ARRAY_SIZE(param_names); - i.ac = &pss->ac; - i.ac_chunk_size = 512; - - pss->spa = lws_spa_create_via_info(wsi, &i); /* no file upload */ - if (!pss->spa) - return -1; - } - - /* let it parse the POST data */ - - if (lws_spa_process(pss->spa, in, (int)len)) - return -1; - break; - - case LWS_CALLBACK_HTTP_BODY_COMPLETION: - - /* inform the spa no more payload data coming */ - - lwsl_user("LWS_CALLBACK_HTTP_BODY_COMPLETION\n"); - lws_spa_finalize(pss->spa); - - /* we just dump the decoded things to the log */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(param_names); n++) { - if (!lws_spa_get_string(pss->spa, n)) - lwsl_user("%s: undefined\n", param_names[n]); - else - lwsl_user("%s: (len %d) '%s'\n", - param_names[n], - lws_spa_get_length(pss->spa, n), - lws_spa_get_string(pss->spa, n)); - } - - lwsac_free(&pss->ac); - - /* - * Our response is to redirect to a static page. We could - * have generated a dynamic html page here instead. - */ - - if (lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - (unsigned char *)"after-form1.html", - 16, &p, end) < 0) - return -1; - break; - - case LWS_CALLBACK_HTTP_DROP_PROTOCOL: - /* called when our wsi user_space is going to be destroyed */ - if (pss->spa) { - lws_spa_destroy(pss->spa); - pss->spa = NULL; - } - lwsac_free(&pss->ac); - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", callback_http, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server POST | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-form-post/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-form-post/CMakeLists.txt deleted file mode 100644 index 32a9f76..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-form-post) -set(SRCS minimal-http-server-form-post.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-form-post/README.md b/minimal-examples/http-server/minimal-http-server-form-post/README.md deleted file mode 100644 index b89353c..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# lws minimal http server form POST - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-form-post -[2018/03/29 08:29:41:7044] USER: LWS minimal http server form POST | visit http://localhost:7681 -[2018/03/29 08:29:41:7044] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/29 08:29:49:8601] USER: text1: (len 4) 'xxxx' -[2018/03/29 08:29:49:8601] USER: send: (len 6) 'Submit' -``` - -Visit http://localhost:7681, submit the form. - -The form parameters are dumped to the log and you are redirected to a different page. diff --git a/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-form-post/minimal-http-server-form-post.c b/minimal-examples/http-server/minimal-http-server-form-post/minimal-http-server-form-post.c deleted file mode 100644 index c7d0943..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/minimal-http-server-form-post.c +++ /dev/null @@ -1,207 +0,0 @@ -/* - * lws-minimal-http-server-form-post - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that performs POST with a couple - * of parameters. It dumps the parameters to the console log and redirects - * to another page. - */ - -#include -#include -#include - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - struct lws_spa *spa; -}; - -static int interrupted; - -static const char * const param_names[] = { - "text1", - "send", -}; - -enum enum_param_names { - EPN_TEXT1, - EPN_SEND, -}; - -static int -callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], *start = &buf[LWS_PRE], - *p = start, *end = &buf[sizeof(buf) - 1]; - int n; - - switch (reason) { - case LWS_CALLBACK_HTTP: - - /* - * Manually report that our form target URL exists - * - * you can also do this by adding a mount for the form URL - * to the protocol with type LWSMPRO_CALLBACK, then no need - * to trap LWS_CALLBACK_HTTP. - */ - - if (!strcmp((const char *)in, "/form1")) - /* assertively allow it to exist in the URL space */ - return 0; - - /* default to 404-ing the URL if not mounted */ - break; - - case LWS_CALLBACK_HTTP_BODY: - - /* create the POST argument parser if not already existing */ - - if (!pss->spa) { - pss->spa = lws_spa_create(wsi, param_names, - LWS_ARRAY_SIZE(param_names), 1024, - NULL, NULL); /* no file upload */ - if (!pss->spa) - return -1; - } - - /* let it parse the POST data */ - - if (lws_spa_process(pss->spa, in, (int)len)) - return -1; - break; - - case LWS_CALLBACK_HTTP_BODY_COMPLETION: - - /* inform the spa no more payload data coming */ - - lwsl_user("LWS_CALLBACK_HTTP_BODY_COMPLETION\n"); - lws_spa_finalize(pss->spa); - - /* we just dump the decoded things to the log */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(param_names); n++) { - if (!lws_spa_get_string(pss->spa, n)) - lwsl_user("%s: undefined\n", param_names[n]); - else - lwsl_user("%s: (len %d) '%s'\n", - param_names[n], - lws_spa_get_length(pss->spa, n), - lws_spa_get_string(pss->spa, n)); - } - - /* - * Our response is to redirect to a static page. We could - * have generated a dynamic html page here instead. - */ - - if (lws_http_redirect(wsi, HTTP_STATUS_MOVED_PERMANENTLY, - (unsigned char *)"after-form1.html", - 16, &p, end) < 0) - return -1; - break; - - case LWS_CALLBACK_HTTP_DROP_PROTOCOL: - /* called when our wsi user_space is going to be destroyed */ - if (pss->spa) { - lws_spa_destroy(pss->spa); - pss->spa = NULL; - } - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", callback_http, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server POST | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/404.html deleted file mode 100644 index 6f85f25..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/after-form1.html b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/after-form1.html deleted file mode 100644 index 938ccb7..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/after-form1.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - -
- - Thanks for posting the form. - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/index.html deleted file mode 100644 index 12ab4f4..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/index.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - -
- - Hello from the minimal http POST example. -

- This is a static page served from ./mount-origin/index.html. -

- When you POST the form below, you will see the values of the
- form parameters reported on the console log. -

-

- Type some text:
-
- -
- - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-form-post/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-fulltext-search/CMakeLists.txt deleted file mode 100644 index 6032845..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/CMakeLists.txt +++ /dev/null @@ -1,82 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-fulltext-search) -set(SRCS minimal-http-server.c) - -include_directories(../../../plugins) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITH_FTS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/README.md b/minimal-examples/http-server/minimal-http-server-fulltext-search/README.md deleted file mode 100644 index cc8794b..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# lws minimal http server - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server -[2018/03/04 09:30:02:7986] USER: LWS minimal http server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/lws-fts.index b/minimal-examples/http-server/minimal-http-server-fulltext-search/lws-fts.index deleted file mode 100644 index b38484b77c870d53ff71382d29a256a9e24be03f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 332641 zcmZ_1S8y9k8zqM60h0nniIS+uAc>SjQldm~t=jVLgUc^|@`GLbV*Alm`{HvNxRmbQyW)S(^z_X1bbsIZLifzz z|F@rSyfb92Pz_myw+yQCe;5n~#qjS9|C7P6dFX^N+ikmq*eq6w?UhwR6bjKS@NYjM z{cnRXilrEd0)|xDi8ewrbtoGHyWXHcXLbEwEP2V7NE1Gkl%AxDl147#=j)(?f({Q0( z*YM}C+w3~pI)KxxCN!zpEH>R{6I!WgF#Pw1|Hfe0a99+eA*)Sy*vu=14V}?(qP<4g ztrm-86K-a+TZG=UN9baWSc#G-5#~ztQ`haStVFeB#v0^R_iulGuzRB z8+)Qz?Yh~aTQ$8}G}H;Rjy~lHYn`xY4mhilf?uH*c=eJz7;oKDjar|tr+z|;jlRLdbF?} z>alFb6?Xj~NCr7TW|~d2*!K&oq0{iwU?{z2UnT4|i+PuDEXJUALW7#MRyYm{4gIc# zqO?uIqHDEaAXIND7UpJ?!&WLBhtMxghoCf!6C!ft3cGGWV;UH2)~u*(L^XH}Jz5(< zo(53K<^boQBoj9Fos_|1VQawkntdIbJ0u*3QE9Uq+Q2|ViC;tiG%!@NRHI(E?}3sv zt6qdbLYm+RRIb~tsD#d}Hp@DY*CROZgU(T4wDq#Oy#{ zz+26-MAQmRShfl)WCAk5dZ1dc!(mGEuPlZ8mI)|*kFf3*q*R$$D|QO-4=h28ON7+~ zRoe8u5c^sT9iy5p*TCCu3QNl<{gk!(ZDn%)JNOtR* zNjM7N*m6a^FuXTBHy8@f;J|iVgjP0DH5<^aRbmTjU<&XI1*nAc*(qsC2L;z-wdyt# z_~5Y81voT}YQNB%E%sbtT_fyJ1T0-Qp%RMHU|zN&VP6h`T6M#1!xe*Jd6m5h!v+!H zAfQFGscR(|7Py5gu?u-@hkK;q!&B`?R~(zst39F~f^$H!G_NMp5)OBxupbasbYmxm zknt1SSHr`AW?Ewz-0NWhi!@uI1KbKN;-QXaYBM9VP<_ z<0Ol2v4L^8Ubk9sKwAqpx)Vpua0VtQkwX<5g>|ja&1kt)SWLofvFs8WT3Q4>n{_+H z0JYmJ_2{kUC>JKMzzzos4+-WtRFn8q@p@53;_5IZ#Ju%fMIv|)ExtgD1$7qqcoY!J59!XmT^VO@<|g3^xFna~Dz z0m&i)!MbUQ_8ehf&vTa`o@_%W91e_1YdRuo1bTsH8igTh=rb6~N?~5~5A@MZ^d^X# z4Y&%rfzT}GWpIb}wj6;WF2f+9;JpZi>p|dM!m=3cErZ`Jf-tovdkG3KRhw?I>djUJ z+8j{!!4b#xk`dy6oX z8#WpYIsXz3*;k;Cvdead87jA+X#`t1qqLtWe@5Q~?!Zj#8rXyTA|}Ew?}nW99bmGf z0{4ZZaM-sC#6m<@-CPU7!W%U;VI-gm%-9M)06RkyqzGM4@YDFxDZd z(`13TAakgc>H#%u;GzQp-$LE47W;&$0`gjfYheg5HnhD6H=veaBux;Kre`CL*&PSq z*etlC;hNzb{DeRV$O9$x909w<$QKE{QE2d!2#heP#zy2INHp*d{DCf;plIemP$eU< z1!0E?j?HS(9cBlJhoa%D;jO{2rV(~&2d&_}AxO;u`oq*9{3h7a7MLOe2izu9rP)nZ zu%BtoRslbeBMAu2Vr+<9xCOcnh1yI4t`qXsKxa)yJh8!|n$W6-bWJzGJPiM{Va{OK z+JgbZi$d3M><(rlI7QEgPc$EaZNjbS-Tth&Sfeym5VZ4TAh8*OvueBB82--~ZZ_B@j2u)IW&_*+| zh-QQX>vEy5A@v{w&}0oo%ajQcfR=QNepu`PJvWFdjIjX(utU*y3z92Kqi)KF=AjU9 zcpv!FAi!!nOh!kdf_pn4b$Cu4vV$!kwX|B{Ce0A!VmN687>d}WBa*;_YL=zq2))n> z?$I`~Ayf2{bU7jr9H22XGoS{;zcKtvgJJEz!wqOKpamQ+5+!KH;;_S?*-+06+l=fC zd6XRyD_gP1|tgBT`Mirfs^Wy(RG+O4KW z;V?tB7za8GE+N$B2!n1g84UUVJA{SUyB=y>4doq$RYEDKLc8#0O-*L(;8G&)?XV*M zYNGe6L{x*>cV=?91B0uBM}l3!2f~R_BS_&KLPPk2C)oiDwIR>aOqNEv zZyWT1uw#bvu43$gp@X?d6yPn<0uly&6YhwtV=IoB%b^QoMkZv<+nD<52sm03h6dFj z)v>^EVL?)oQVZw`{0j15yV(LxSk1VnuER0p%WRnmK4K=4C|sa03QYeurSU`(Ll1a85kjRp*lEka0ICUNkv0I1Dy9*saq%& z2^;#8FRT^^rfp1+5QFh&FU3far5lo`GU9{W;Az2-i z01V33XiDo9IloC;1s)w1g9T5qIQF2f<1+ z)EKrJ40(PtZP2bYlK4k;JHpULiWYtpB18P)v;iY91Pt8>yKct_IxDc0x=5b zSs4I9mU?s){=^DDrV(1M<-FW2yPD%6H3sjA(%WY+h!|3!|*Xh;TRwMhWI18%IS`nt#>LF?*qt0b$`Yz!C5Xh+T-2^C>8d=>a;0;pogc zAU_0ShsIlAMubcWH`n0W5i|-&5K=}vjDVxV7235O0gX;z29f*S%fYWd<*eJ3C2lB3ZunxYd zn&hiOFmymz@SZSG6GRHPh|Yqk03;cWut11iHiS9OX2XAH_*Ym@`j5g4$AH+6l*J6@ zP)cw;RtKi{R7^dEY{i7dY`1QL&@FJqbVdlem>$`VK;(7s9$ZU-bA+?fwavVc_6Uta zjIe5r3p#di2QxPZW&xED0&EM*2(V8`3ZcSb&C!M($N~lqXG8a40n_Yh{?**T+y!GnJ=`qWN4o->%?Oe@&O~B^)e@Ly zkrXh`L~o&DoMwVEv|At*Ot0zd==^l71=^4tkOgEixQn?7XUoiJ4+#^bjL=H&K(n(U zIAaEi>kyf-6oEcijzSm*AV+vI-i{{BXn{2XuAE?X%Zh{^4bvQ?E#kg*t0CWzjWnFmzcnNbhFvoj?9raA&^=^f$2tmfRg;XNm=bGdIxSFnn`pwy6y}HMH^^>+PF7>C z4GGgdptse+)(F=Ifr1@!Typr#@sZayH`=WYa)u38jC+Fha15ZOnTBPuK}Kkbi#-?* zW;)12;VNxr3{Lt=nhO>h>A1PBXVwnlo=v+TErE3FkioDF_oY+iYA5_E;<6kMCvy0Q z+ac4!lo1kjV6_T&gFk0A6pz)ie*;fni+;3(-P6INJ)>4@U=v(4L{XMtUr}c9a3e!I_8| z^5beUB#MhriB@?RY73dC6?O&#g*#x5K<8lDNx^7_8-|Nmg87e)jwa5fmcj~oIkO%F z5=a57kLD$)1rxCB2ra^Z%@%}FGmMBS6xOogEWlfssZ~SZsE2EZyN6QOh>TzVS2&C2 zg!Mu&A7X%sLxFJM%-f+TRAQv2)eJirJr`DB7tkV%P3BhQ&<;%9DL3>RM8)9fKh02| z9HqmC^)&=CtTNJ#AZTDZ1=?BR(QKPBcDXE4&!|hgK`w|0gyaME3Q=J;fr#NKma;)Q zxf8;uLMj6D!a2xHU<}}@q0q1xcIC$E2pk*&%YI>)H%wvbNZ)Ql292o^Xvj5bPJgfh zOwZcPB^=CQKqmw{JJvmI4lG$!;J-tdiD6a6&c&HLVMBDGg_?9LaxDkEA_NE3!|7qJ zq@g`5Iv?WXnEn9rL9fj?lWWjOamd$YxJ0)W;AFZ)G=}~oy$6}F0Ew1h3LvnBF&~X! z;Ty)I8~(N7UtsP%$h@Wky@8K}U0~r6OL<5h%CSs{#g^5ai(yR<^g%E}^9@p5AXhWf zV4E%)HA@Kxh&;!RK!el(4g&s(mV|p-8G;=SWY!oMx=#UV-~gtQx&>3rijo>(IBu}P zrTXwndDu|l3$EWu!r79k~o#`P^sM41J^n2~F0@Otb9 zl1$A^ZAi^HUJ_AQi{0 z!E@%kaFjNz@6;i%=b}BVDRIpQP8JUcnh*h)bQl5{xYeZt^0{0|7;|0`Ss@=2?mb1*DH*dUAotcyDIJ;+;i z3zzJ`m?H zZg_CGR9FLshrj{(AC^&QQmopP2V@xKoPJ&4%mN9UG z0}~#2HmsCFLCg|iM*_M)?B`NH43rZJFp>@x|3hSpg9G6Uj(GN3pZN^DhJj9X}a{UUfGeMblF3+IX=rgBpN5pb) z-jRdT7J>L!=B$MkusaCZTn)fVrUMgqcwBn{yblD8Cm4?O{C6pr*kK5jpaPsIDFp|? zbz?*t1~bfNpkA4U;)ZpYlkib28ixoW5vVxBzmhXLpF`;mf%z+lX2+v0xE&o1009qA z2H>EP+R`t=XJN7cPYs8yaj5{7Uz}c-2I+T0y*i$*Y3QvCwrCUPfqWJnLqGWx1d|VB z0`OkQfTiVClN@`Hkyk<%n;`)m%r(=@xzd7lddCh7b2(T1L5_Oxdljs{8B-oCdX$4l zWe{&2xKkuH8iuj@Zz%j9abls!gLyAStE=VZ>rit9bcVOvBcK$le&J47bb|hXnpTb* z!kl!N00>FRqt{kUCt&a(hA{2M+q~ zkYw7PwuO;ybIpy5k(kV*uQttO!g`msjVTzmh&HeQ%#PvsAz-90n9o6mh#81acC3%# zIR>=Md4mn62G@)^23UeMU&P15GS0zeGarUS!c@jaejgByeb9{!GXW$qXbwKd!8ATc z9EAt5VP$kDO%;!t(WYHG3DD1iH3ORin#6T{7J_z*AY8LB{8w1@Hmn$8nhw$0$PEW9 zz`iI@k&Eke3j zWyFxUz_kx8Vlc2f^bDP-5T+Vv$c7dDV|XHe3=W3tVtm@pWC=mv1}~|@yV)_{abO{h z&y5)`IiE*ZTaFX3YHY!Jsa%aHfi%IUdMGNbr^>sy27T5LKCvbVuZ5Wy9)H>`d@_hE z7Ksc-g^a|3l@#0xQ%q#LuqMv5A$7CNg0QrO(_r!N-w-Pd5(z!xek0-y(hV3mhJnF#~|KVWRL?$R3YCg?4yo zJ9JlG0u1Mm#Dhz5ptQAfgua>NW z+#qOVCP-z_7s>YZ&^p$QZ3q}?caLTuMdT+o7!h18M~Se27d?>6qTfiR9BKY-yo+Ta z#0|{f=;`61n6~k3UZ7!uhIt1vH^>*(jL|^GW|$28D@KEt0l0z+uM0!ub!LnnP8-1u zODPyI*a5q9;N1Z(EXZd9^goEbc;bbeI?ccT=wPg6z}J(fQyFgITuRvuloN*!UEI6R1k^6QCL_rz-m8= z)Dhmdxf#ONkP%o#b2G-a21ynYzh?M+j+%CZ5MqJg5D1W_T9C5fMC(x`evpv~FIZTc zvl(%)xFsi&c%GwK>TH%xlv1&1s1?n4YGm6X5N@?P8(#BqaJFkRLEaWK5?>e>@>M7p z_iKikV-4dlM$rt#f!yFNLWK^E8nziq4TkI{bk&SlUyO9k3>rBscpnLl++wlXF-<)n z45zRnVpzHq9Kyq~b)tOzW@KaLjW7=ojn7(9uv#0C;BfsCYYCWHnvurS(&-zSlwp@S zRFlP8FLM|P$~+p*fP*C@>B>Bwekk(?33!=8nMZD_%)?MJu!E(_1;7&lWgZ~rx6R8# z+gKr?f~E2Wz%y=TUczRUN(dVX2oTErdcr!w8a7sx?nMzRRxiLRmL#lXX$gT-xA{dG zQ0I;FS?NI;S@oZTm{;eEc}QIV!P4JAF&Na;kNL{^BRH7)jxMFX&9mRBZv^=F41D3C zFDWeGDk+pR@R_xr=h6MF)Mp(2jsa0pDICbaCzb$e>Qm~g9DeE}tFUCCq@MBmXQ>w~ zKV5()EIlSXB;3z{NZm`9@A0a86i{ZPr0(*ZKmGx(u};EOmLyzZ=`sP!2TJO~0^sqm zk~*6Kkvfwe?ip4{IK|RQj^$+PRJsa#O6mjwaY%wl9c6`z%`u*=q)0h}NLf-~o=BOw zQBn;A&{Rp)5wJLv0g^KHH#opL5LKl1rAXD(-rqr__Hb+}Hv3pGrgoxui1%l)Hr-u; zBCb_a)$^+*-BML-1RzpX=}jd!YN`@_wDTA(ASG2Q0fbjm6{!bl^^y50Qhfo`)aKMh zk}L;>%Q)|G>hZjwm5Ed_O-!UVrZ+1&ay3<$s!!b@eF{@GsUx_nju)F!D^g{+ey6O` zQ_ZOpX(cV=^@~$bypmc>fISqXa@d{uW%Gp?)cX12`O^7v80q%;>iHe>HS=;5Sv;9W zLJ%oqY7fgW4K*cFS+sg%N|~>~=`}n6tH??jQpKrVsRL<_z>SFH4_>WebDAU($?r*; zLlTyvCcm*E?!DuYH>n(!$?@b%_`c+e6bEI7IG*!t?k>emlh5a~=S_4+*~#ar*Vw5} z@2bgXJjS-3v6;+9Nj_nd5@;aFU+{>#67I8fX8~@q1QBO|7LX)El2?*flP~7;*q^h> z^GR5RF?n`=10+b5Cc$`P@^tc3%9^^w;;Gc$)Kz*iWAbG3GOoQ2DWP~Nc@2H1r%2Kc zlFdBBo;)?bYMz`;lIm%&avbL5J>Jojygv_l8IwogKi15b^3Y-FJCd}6BpH)DFkj8G zY=%BMNwp+Bq11JFnU|YuI4v?>qNPxL)_l(VlKC?51i@ozvK&g! zPUWUHf+){ZFH`SQAK?NE=4tTBP3%r7&bdL)$2+V~{Xq|2lw6zKjP96{$Ih@~FaC9D4Meyn zc^Hhgpqca15N;%IB_DvA&y%l{?~|XC-_e;RsRBr99o$JdZm=7-;0>;W7q?S)Q%_P) zQ!nOM;CB1uIAJb1vbUrrnn>-YR9-L8GXZa)CSE0%QX4smmx*_tsN7;zd#g ziykGPQao!D&y(f&JG?;D5>R!2>O$(GB<$K>m|sWg<|m#fUP6==$$iQF z$s>PSdumH+`#gL$55GumOKyja97xu~FPwne-7voyZWpGr=r4zlzz?ivwLni`NJ;|a z$xS>mkdn8AYv} z-$PXy6VJ$@R5|ZL51DvOKnjtYxc^t{l~u__vNA`SGmJ|l?xpU@O%g6MH*qhS1E%as z+LC9Ix1?Ppz;q=I=UHNKPtfNjjuV&wB#shblS%?)RTA_BX=q{z;!_fIX9-5{#4bWH zVJ%@bVHJUCUjoriNgzrn3HWFw0U9fFuqHA0J^@WDb8iUDn&uu5=<(A)XFtbeXznuM z;sUVOb4+69*w;Dsbq;+MbB;Mg1Z57~Q|92Ml{v^mnKKj6TQRqtK~9+~Bdl2fI9z3p zww{K3mL#y#v#@hzmIj`N4=nuxc7FEO0z3JKKCtN_eFI~n+bGiSccatJdhD>EGV308N*CYhSAd;?evX*0FrrH0{Jk_QBR*CQ1{a{1cV=DddC8A ztkYZm3LNz`RX$B^Pjl#L;Fza>0Y^Vwgz!CGG`(rMcKYB<4r>YtiwQ=+6h}GrmH<+T zsh86RmN~>JYIlnIo1$e--6mWoTw8#vEL|bcMyD>YiL=s$Oi`0lWDGDS}@RYjoc zrZ}c45K)<0v;bMW+BgN<6O-R3zoR}4q}rr}M=T*R6q8ry>4qmM$4QEClDC_L7f>e2 zo;1|6bQnH$azFkWSt%y>PH#ZyncRuQvSHXWx9(*ToH<43RrJiA$gm;&%yDa2js1B!M)J|G_(4lA$0@qm5JSand(_nn2mdDfT#hTHHpk5UBn% zG_Z+!>8s=WSW7;{cM-M|wh^d`IJFR`u;Xj~0l;S^E@3%K%Lq#eWOSSakAuKs;^PD* zHt}HrD7y*LdV-8j!$X!h>NH@O%ET1{c&tpEBXE!eF=3zJ;3i=3$^`p80aFzdJJXx0 z87ucnrLUSGb0+AQCNK_lV%@|>#vf&3-2!lE69ojaVPXk^BbcByOhA=l!Z^b~I!;$a z5aSsE~1VSd6dXMj2npa$(#KN{_D?uN$vVH$`h6#~>Ds=Z!BL--+sL z6D1Qn;yF{h<~Z_k8cG_nSb|ApK(GY0DP!Ljfa4zf3_BY8IB`0@GF~NJ#@H)X(-(}9 z*<)a^7`rc{;27ON8cwl97LI|1VyrQKgk_F54RtK-=b?RbjV#v^sMIl1aBTAeaO`6o z`&dz;P;SP*vx*`ZTRcggj8SF30Y^E;v5j$91Tm&eenENk2Z2K*h|#a3Y-<#Q6r-PL z{mSSk0!S-H-%1xY3LT5lS90lM^f?bcAv|L3-3f|p6e?FnuMkcUj{g;?^HC629kq>J zNr0rv=r1sFw~0V0j8gfdRQ@Q3JxU6VmJ&$iG!(N05TolxDYQ|_W^~!)HI`|Nqxl4i zWE3t@8O`SLEILGN60+XNvY4U|8KvJNh*3kjUmQ}5a!Lb*5~IY@KvKjg$}~_~F`9T9 zXcVz`gx47`#$Jvt9(^(mt%}%lnF7T~p1%XR6oX_%?6DMZ3<6ft0EQ{CdxYD6gj3J=(~;LB;D{J`96QJ(4+#(c0Vu^033plg1ytDx zRW?FhjGQDKBh)PbWiqmdciF?Rx@4p_{yhG6(m0uon7n$jc=GV%k*TFqt9cqtAq`aW zNF{;N8-cLYk*y=!Vse<2+6bhkj+Bp-&tQ02BV{8sW1l7#O;LvFDN9Q-AV$PAnL13<8K&tB(=LW7%;A>{fDtLfl;|)Co(2kPn6w@ytS)0`qHhRMERFii|MOt0eR$Z$QYHWNS*Ww@BI zfrmDv%WGLdA2PgV7(POlGf>1`4sAG>kh1{UECIx@GHgU&qTh!N@hntEIoc?EgfaSI zcQU0!=)6 zCAKqDHbyUuQRkgCs6Rw!@S^7{5Ws4KYEZ;8e?={tZpoCnna2syoqQ{ zw25We&mAm*k|J8pGt_A5^qB-KF*{lsy)e9F_`vWf$>}In7X>$0M~kDC(YomM=)>si z==*u4c{65Jd!gMA`&1mC31kUmq2+$stHwWv~mP=5|J%(@)MyR z(on_{MG_&ABL#CLNCd_yBFm=Vv7FCxKBEmb>6w}8sR{PKvrc47pX&U zV=Lq5xc8EKFC*pB{llU&_!;}#nGeep%asKtf4g~KX7qN z3~BQ#c|JKZ5dmXTh6=IXG_+!*5T(Vfxy?12q`_ z1*^IH3#iqw6cpU85~h#+I~ZB_3smm@0)@K(b?^rkNFWd~_%#fxUf6sI=W*}%jWP&- z@H;SN82kk!(jY(`{E%);?q%RT5B?3vw?Tjye3x!oR*-;$e}mVolkf`8bMV#R>%q6_ zJ7ZrNq%AIhI{5O>+rMBvz&Q8<=gR@AgU`ZC!esv-NUjXRVE;3C%)0*qh`~p*G=@Ry zeDHx>^I}<6D1-M|`UQ+mg8+5#9=a?=C9B{qltJ0dH6FYeeLgAo&a++uj6oSZPM~cJ z9_8JR&e6;VZ3KFVLE6CJLBavT9zrbv79s{~rsU~0tk|{yprshxnm%m{%cX;t*@u$B z%TbVW0}J7@@b++h*c`qaej5Hd^d^!OSsd9C*&eBh)JH6lvyqFDJCVmxC7Ksq8eNH% zyE}6bX4zl~F5HGoUWPvniJ_%K`9lRmtB1A>?Hy_wIy-cE=#QZrLpO&W4}FQ`L<%FN zk-d?_XzW(xVRZSQjVOcYLBTpA9AOaCO6HI=eLkPmpKr;_D zkAaCIq|23*5Svhdw3h5@sHC$o16_H55WjQ$tPRbFo|8Ya}%AoWlv4f2fX! z4~^!>(Nlo}SsS84(*Uiiq1r@EVjruh-VoIr+CB6K%M1k}I%lDyWJauts@hom3Lb;<- zI5|9vPA5cXLJ%Q!bTi9xFaQw}a)vzsjj02l!yhIg1>?Ynp|a5%To=e4xHs@1^ls#j zSlQUY_+9xhV&Dc^NW%rRFmOIZ*F11)Twy(<0YMDtVOqxk&(od50?_U5CtRJBE z?~0Yiz!asw=64YN>l2h!KLnHkMyUQGUb4FX$Z#R|RxQ9v_H|i59F*wK?WeH&bNaz5 zr9X>hV?WrIi_MC`hoj}A4Ws7KQ=>3RwI5d{;N^_{%FvdXHFM8-35n3h;iQ3r?1Lah z-^V_b)xHmjLkSGZ*!RAFNq>EqV(g=x_PrXUb@b6G^xf}YA)f;EQJQ@>rqQzK)A~rQ zh0Q2M(`P4;N_~`B8o(LRSI-sVMSb71;U-Ief(YKE4T#_k z`PeIXg9m>B9FP+H8!$}>N?i+el5mVAhQ%}>EGj_>up}i&+W!W2?!ugZ2Y4ejXq_&ch5;x+`ld8k zSo#IDz2Gl^Z74y28f+T0B`UcmId*_m`_ryQ3DUlTh*?SyhMyJO8QVE(n7*FKWz7zP zyzm#$e+MO0umms$D+Vl)+6Y<_!Sa47#w|Q1VKYk-HnAk3j3r61Ur@rj;sw~q(gwnM z!rBao;2J)%RDyH`!J@uAmTA>#SjC|gj<24Uk}c#pD}v=byyABd!R2xhEeJX(|7Aeq zYA`prDk@u(68RJIg1Ljr;A$j)k0Q3niO5yHWgvn%!9{ElZX*NPEM*Z?g5XJFQjS_- z1waH9`O0O`zzRa(8-de$8Eb@|@qkQK<2{dOw1a#?G z0GOao{s0-Gj3u%e7W6%j(9wa#lBCtN>V0k@Z9bqkN z*N#Z7fv9R=&D1mb8dji)M~Y%(YycnvD+A!H5};QMkgtJ4HlYRzl=X_S?;H|3V^&KkS!m@u&e|~y z_$AN;{SuzB^a~h${Suz==1=4bqW>{#p@R%i+5W$P@IU0k8P)&L|1nJN`R^|P%vJIK z3BrGmoXz&%LnlRGd0TmMfc{j!1 z#8aF6xKQyoX29rg^f&t-1fgZs-{3c~qr%@1-Nxhf3vh%bfbbuY*%`}<{}ACI;lN)3 zycPa^b9-33k09j;5dK>E3Y=fc;4dKjyZy&_uB_d~5P(5;pU) z&Hg{jihmQ&1PK2onSc1{iPHd93x8<<`c(WVD}K0R3Bq3z0{=1;{O}0 zXPpH4Yd=8v*HNg#zt%6M47aWLrT+j3e-SyQ_*XB09P_HQ+9Z8f@{j~6zUAEg3mE+c zSc-cmmnr>VnbE%t&Dvxp=%?5A=Vw6p^V3?E6-#;lrG6>PbeS(&EB+-JQ2k2=N@9|# zi`nX8f3<%{TIq{;$}h;{ETsyhAdD~^_*`n zb zc*R|S@V!j;;Uy~o!uLWx_4Lu9{|3*w`wO0N_b(uP&-hA!>U$dhGD*?<==psx9tpzt zL}st)ibt#k2;W2bDxL2kjLG)^Uuk6FPhS0iM<1}u*!a)#0)zqKyT|lP_1*L5GPhBD z_Xu}?2cz%KOwG(L`BtV6K3_@0ZI%GScRRLQZfNDI@0Ncx3&MAcOGLtVGfX@1-Q=;G zzDKkh6vC_J+ZL=Az8mrl2p(&SK&5;& z!Uqc%zDsjb>lbZVOB?-b!AD~_kx170h>zku)^OE;#&x_sJ@Y3O1^N?+rta0|j`OVCn%hz=5j z&&qer6rYv1v;@B;-f$0b!ss){&d1J=VtB%5mIm*GbEUvg_`KtR0LZ4#K#vn1_s|rc_RPjcYzNdqK z$ftR}ZM+O%^lc5E4J{r#&3*Jt__l_jA;nkmI|yGnD^y>3;4;_y6yGMETE+}t@i9*L z;PzGDhQOzpz1)Mt7rqVhty)4Q<~gfos^?d*>K7DnSHd!uq%I`Dc?w_NptM|R zg}FSQ!`hq~NwF*rI17`(oT!yq)MB6N%kn+PHvwz$6~aAy&{2}oQ>S=iL%bxupO+ev zP`cv%_7CutbpX}-$@^JmN?y7|?>hn&ng$ZeE8!&?^uCk~@IGg)1RAdQv7A+TAF~!9 zypQ6`S*ArUfbc$)37q#~2%Qw(2eY7=@ZR%nhi<%gr-~9EI#J8MHP3#)mrW;m46O=pv(%dxq*J`KO|OGs&w%jShG`sL z7^UK+QKg}QC774+9tnKr<}e3f^d5>nh(6#vOZ6V|<&vqwdnh1yHtD$l!n?ok11q3e z38q>{ta#D5;wAUJTgQyNV}-wl4-m4v74S>v zM;^wn@eEpox10d0RlKkO#aqJDi^n#}m;Jo30maL_#=92Jdc3Q=bv^`(z=q(7vF|)_ zRiHu6-MuS$4#4PL;Vlgo55R#4Z-M-X!AleH;_kw`I7;4n7xx#A!ZQi)qP~0F&+<3P z#WHUe&xA;X=ZBo5dw$6B_(RmQtawOqg3Q8}rSenD_>G(JypmDf1BNS}XBdy?s^@jz%E270yHrf9V(n!D)FnLUeYudA=bZ1x z$b-qUX(-v~ITzd-dM;m1^pJg?bMoaXmW`g%-XEiz#%U%jvKbPIAUr4do*6cA2nZYb z1k*!jn+6im10wzc;n98Ms7E7!b~zqLpEbG*f4hgX<@@^{^6)nR_Z81yKzJ;pw0;kK zgX%F)|CmKb<(}{~&VZV#r_r}D0AZ<~de1u#6smY=tDXbQEQDu26E4-W&v$?JHjjaI z*`DoQJzxo3#QHmx<-yfCo~;3Mv^sVvc9}1|vX)FDsGd#u^k@;!Df4X)y%;(+ax77i z05erjnOFCh@-}5*Fj;s?(^r+ST*6tK;z2pfQyh8~ZW#L{U$gg+kDiVH83@lt(tU|% zEu3U2KEJz%kL*6A6nvCfgYThe&7L&@$$>Q zo_qqBt9bGVIT_{m;Xf`7)~FzRi|y`Sj7f2I7;#|@_|+&6+?ywUxKceVFN zU^mbHBLl+y$IyG8a?O36Rg|0iVi1V|Hhk)%xZ#FX_xbT%bEK5}Jb{+&J~>b~3MLEp zNgs?_v3CF*urKSy*s>Tcu52Ijs%~|50u<61;q`{8{K;bR)!8n?(>q`F>nGKuD)TD zV1RPN3I7f|xC;>O>H*M5xVJ|Ta#i=Xf#vcIU^hB1+?#`6Z4r*B#SsW^b@UN^9A z5)@eCE^=>^eW(}`k^3WyVmD)NCYL2>s_qr;)x2_f22}TQ&n5X_JzYftyK{dB;m(P| z%NgC-?oIBGk#aVY)rV7lZM+zCuA679a#y%_y6?MRk$%E0UrRUk{_qs}-}hCaruVyi zZMzq`HuiqQ=d2r2)NC)QNig=lbD#7!2PmN4w*>H2>3xOK^}Y%`9H+i}L2tG9X>jKZ zv#ws)fztbkmp%w=i`B$P%3g@x*n2OsH@Z9yTUL7S5$-O)9d_lmo95XI#){snlXM-u zSAwSC)BbM*xSz52Qb-+qJq-`6^n%bzFT8wS?}gqA?$h3l{pTYGA_t}~&Vd%j-t!~N z##H(4d+%B9pY?9_J?H9#!hNNeTfPC2IJtbXWa=T?t0rt?qgz9D z@k4C1qW=afVGc`sO9Kr3|(HEt64Xf7l zJ)4CN<(|?DI*Q&^-kYo-`v`fxi`{y^A#@?~V))y{hp8%=&-DDj;T{M}=>dN-K$7%; zB*vcSp*P{zeBVy=IOY{rlPx{8?H))+=|RUOh@SoO)q@_&p=Y1}n*W7dQ|{TzYxnZ! zA+X`=f5x8LzKwVp6Z8>1J3>uz6JCc0%01Qns(cW>{P#!UqNkc~X>o&-)Sjwf(-ed+ zdaA~E@#ZiA32INJ-yVbwX7z0M?DL-+I3A{+d$tlv2*tc=%`|$b^eiDPW^c0HI|2=y z3y2=I7wlELKaS+d4;s7QbMMVq{WSEXbictV-LK^X-)@SUP}u#{_Y5m0>-}%UkFD9^Er> zP=3?heJMtjbd$H;=Xu(h9uB4(rjY?iQtdv_uT9Y9cUQw-a*W;ZYHIhUzR!GnFuQxB z??m`mtG(nxakaX$VvWjtm|R z*Tie(hhbeDa2GhJc75$O%KLZ0H!EH5761xRx}Nilvt8$UU`3+qtbDDqi`Jh8jU|Xm z?XpE4^YfmKI(FAkYmI2<}OR={d7NObM$s^ey7Kd6+|Ro#2me<*lSz8T$B z&6B{O+^%xZ+TfXig0a&{Q%aS;cG87#VeBe%7kCQzY)I`YOTUYr)m4Vn7# zMYVLnY!`Jc?K$E87B7zLli#Nd)Ah4g8kdxB+bpa@-&QCbA^P`9I>iqCKh|c$Mw3XNSw)10`A(%gKHMA^L5Lz<_v5C$% zNw{Ot`GSkH*`3e(N(V~9wUO=oQaZcy8QyTdlE}s%S=jlE-(wp)pLjQTKgku<&d02N z#PDhCd>Fjne_{?y%j$gS)&h6>FHe7#JKlBvT>+IZ!6=;%AgRvVzDoIkuoKrQow!2j zgoDVy6*hT+&qS5Z3q1Q=@ZIQb?!o7a&J&$rywZujtDVON&&h9=JK@_!XLAp_7&Lo%`@pIV?56X0tlWOWt=ABUa|+W4J@=q#LKOzI@17C>|s#OhfA-T#8@&V08cP#Inu zGtKN~H*-2y&j_ADMR#U%*1n=sL4Y~ZYw5KiK%H`fHQu7Wtplq4T5WKPD?PSwr^Hdi15q*`8m#lo!y{WreuEKUec?v;vJc!bf zcR)Ex2OP5mW5>O&XYgNeDM|<8d{)QZj+fopfj7}RyySKiT{U+6;rS9hAioCepdLG@ z$235XN(Vhy2e^~lao+zD3CpU`tEgl4+uUK+pIZQER_!=FvU7y0=s;M{?l{$X5i1~D zC*RF1VjYO5cAV&3&4+Pn$8q0jzQC_`=pD!8%b*=PPlCQhhx~{%yTjJ?u z*s-*Ow$VW^(g8_{jyyM+-T^)-9oZRB+rM_b?Iz*cKXjGzTLEMH+wO}!yQ3zY(GHo4 z_7|aJ@KWv1+MfrnhR%&0o~fIupRvsxA0w(^S((SB}>vS>dW$3|&KjLdC6 z(O(tSMzSVfOun3aJ%e$n?Z?{h4q;f??MK_sgSi!+4IX(}^NfR+K}?I=ZJkBkdhl52 zHa==zG<^^=kOT4;AlflF(Ox$RSE9Dpc`Eo6PHo@QzdwGN*TUjOdsX`mmbVeW^z8PM z9?|!`zjWZ@IC;}v%#(`wjiB0IFkUu`z8Kr{-1|ZgMi7sT?YW)T2X*A!`$y1ux+@;3;C>vJazFVFS4YipO?tM+I2A00R`Yn)w*nZ4_? z>$7J~@b%zb{K646?}86Bx<0wS$7&|o0qzUe`!3j*(e=)k8(1D?Ja$1e!u2*nvva*5 zAiiec8B0$IPY92A<~_cDmhHORlihoLpd|8entFHL?ED@_unP_A!qv z+3EQnz$=Pj!?cYbB+2^UVH4{BOI(|J&v*~|EqGM_&i}#xJy3-AN0!OA{#=`ev!=ia z#f3PZ`{}sAkI8JqkKaIJd9IbN6Ru0X9Wh(%^XMOAs{CmHS3a+X zRE@4Bt^!wW??>+EWx(jl?OxP-TD~XaLMouRq&9K}V5>Q<99O=})@kXj^yF~q#^}m& zU+@X}HI57FQe5D-ge;ekOXT=rCDb^<1fvsDj=bi#Q!AVwTs1Bof0tl4j;>|hhr5q- zH+P@ye%ZUVcX#ho_eL)C$c~h=aBcv;11ToZz)c?CudXtC76q| z-ro?~H@IQsfF(@l3z4sIjfx?J5LTiY^o)%2eB?D8G* z-3^w6vO`-3AB9VY-i|&T{W1DutbBaS3|zvZ^l9$b?(d#8o?W4>q0fUbNZ~B)hPD+a zEJuRsED0>(tK>#!vHx`NEPn<^IE#besfwDX>N`8kRoP`P5R$=VcY$*>E`j_#0 zA=SCUS<#7PL2<4iEN4}Ipl}K@6wZ83eH16HDGf_m0vMf3L*}T?=S9M~G)6b(ToRMY zTf*m%InE{iT>lb(ncwQyrg1~XiSY~P;yB2SP4F%Cwb*qrq>ucNZ<9G`odn^`V=rV` zLY6bH>nz^nImxeBgfmzE?2!|8i!%G7IBCAloZc%e%MJsCGnot_mIvLu*-W-+YCky1{z+d3f7bo<-068^C>twvUsvlQs|l z<*_=siGdXbZSP$Ndmnl8ylaCSgLT2L{f7r$g*Jk6_(i3;Pjm9(_xzy)we5W{i=W&Z z+g^9y7_-k&9&NAK(#v)bKfCQ&$Qn5p&5u^ZZ}Jd)hiH4qwcPBs2hMXHI|Ium_Dvjw z2Wh+S+}M5{(JVW(H}Wj@J-%k{a^fsczweWSz0cd-cb*8r$BMR_-58c=yUcIl7Pnn; zR=e&7*96~$az;1C>*A;JYbWq6O4}s@5@FGHoYQ?{o8Ixg_l#UZZPQq7mOmTO*2H5? zuG`(qM{cqDP`r{?qGL+i?giMzF4VNu_(+_#9RwJ*(uUz=fI+AYnVYd~U3BxTnQtGd zZEHJ=Ld<~L))Ll$s%9zp{)>(xovsd@~$18YlA1F_om+Qx0ckl zg0@Heh}qay(0#o7R{trsK)$tsRyl2|^R)AI*ZZ!|{jUZO;q=xYZR@%q{=C-j&g0Gp zowqyh^qj<0ad8;#SG2yD-}1B~D^Xfu4N5C-(fX#-#;H_x>+6p5;p?%_W4jWhVC%~a zsI7N8-=`qNoYvc2w+9YH_K%k0JNPp^{Ko=N^R1M0>)A2ttMxd+kpahteV!#XaA zOhjvO2-;U$H?&sD>0B#we1d3QKPtsdhP3_yoGn_{$X7F4i?|f2w8HZ$tt(ky7?YPT zXGK8DXGc!zWk< z(Q;a|oV&bh=1#&IHzYQ&R+2-i7`{er`P_3>u79ZKmU}JGx6*QtaF-|D4Zh`1Z;6(>ZIFhslR5i$CDPPR?{wb0EjfU)Ij+Xvrw{+N@oD~f!5G_a8Rkh_%i)jiz zRkYNEr2y!#S}Isk!6nh$mJ0kGLBKN&p2Mq52icD@XSREb+a964w3PBzC9ds#4SkK= zrxzoLmf~*c$JnyI_2fj!G;}0dR>_ARE$Fe*0Y6duE!LzUTck{e05$qVuTtRv^E>q`zdmkf%3=F0hA? zw(|1;0c=)(?r&K}kCOd!Pn)%?w!5NNJ_S^M${y9aR`8r%ZJVZHBw0VVc}qhpLlx3v z|AY+HpPM~upGg*6>-fx8{4ACWct2P14%G7h&(?c?HPLMW!_1`7dsAr^5T%Hq0#c-d zh>CRSMMbbsr6WI?HmQ?F3M7;y5Fqpr>8Q{D_3k~7_r3T1*0*M@Ju_#{oH=vOE~o5* zfYb%!`afG2yjo`OVpLXj!E4X)DKZ@dq%Oz~NXXU&f&Omz5r;`ZHA|K*&@tqKM;u+? z+7KvDN1&oRp#$Xc)CDfSTq^~o$=>4|7rBhPL!Cc9g!jC4K6-ysqVxOq^Zh6n>p1Kr z5q;v3I_~-~d`CN}3t9JZltGGi(g>spDW;nnRg6%+gHp-Al~T*xA|{n|l%t#>p0I0`d;K+ugPw`<#Nt>`iKBfrAG6%KK7Ijju(U6=ukaD6t;8jDLJMuj)fU^L*6(Z=9S*plKtc<+zyP+k za6Z?PbZ`gn5#_WXc1dlzy#P-S?ctb&LmBOLEII->%maJ^?m_T(1Aq7ZX+Sk*QtM-l z!)!n*e}N~y;JMg|n-FX*@5JxC?oSCm1)L$Y@D2k=EerSh2rVL|mW5V?gqHjZNUg^* z5EMu2@%zD_FW{XSNP*DIK~BvadhGan{oQ~(T=N~%XSKjt2@O1CX{O!%=sAqkOfkNh zG*eI!&A6^~}p2m9CX}KuN zNKM@y;3r2@clP?+_Q(cga*)w0i>qHc@wX(QxTAwLi7Q|*5oggyW7v;8L7!d z|DP;Pt}zhjZ(L2TJ;_nF6TP2`o=OQ#Hs(pbLZs2$N5E9;E?xm3H8IRSzXouP&>*F0 zu3>5f4robDxC2@zOcQ2$zff!GK}EpzSL^*-kG8U$#7_HeiYw0j{3QG&`=sGC>Z%a8 zXSteSbHvsp%xgN)eJ!c+w*sYmYWz$itJ$Cvj=J0Z2k;@b#&5j=&3^HlP&=;12kgA> zyE!ma25e<%d=@-$mPu$3RW$?xWG4(zBZ8{u7;Rs?CJ=Dc-`!qk(SPosJ90ve$cunf zPcas0YQRn6UoeSR{{f_W61{Gb>Iod8km_;9;i4Kam#rSxT-Wc7>w}nrO zew*P3(A1=QWCOcbJp|j|>OtK%W2q^7;j88S(*32<Dv>UIQe2wJhMRt+M98W8m_XvV9z2#`tr3!s98ngI=X#ei&l`^n)aOaQVV)X;hi zAk~kVy~ckN9zidtGd99E;y3PZahxOD0nEf%o#9A6?nH0sTy^?ZttmfBw(!sv;p{qUXtfKaucddTp`@Ye9&@O~-6=4p>xuUdb%Np1&$FOE2H z>Cv*!JxM?RjK%vJq3(nls0psow;o&VyAZQbW@S*@2U7?&(`-Jt+QwCT8^)bgN1bl4 z3cyFmchn$HeAJ$5FUzAN)=}?C*4g)S;+#BZpF^>pYENT;{})`^9Fmsl)NaMP*u+nxpn+oSdqG zln6D@H>sL)0{4g0VFhGR&7L+ed|Nf6Zdfg~JwuyTQZ;RO5BXI<%v{x!dP0+DNw7wv zWdut#g*Sg6a#WLGmOtZ8M@?t8YSMVkQo99$oKTHpDPv}+F`+_qQVpFT?Wll?IjSL8 zpMG#M^oyy-7ke~5fTwKLCrg&SeHR#zkE+kuWU5~ASPfmhzB+1sx%b9hc7~iu1%3G! z0Jah;L|Ik479PfeV^6Be#p|5Q9Lxg%uK$U_ zYhW52RrXqjtK_7DvB$s^LIrGqRAu6crOI@3&}%8&ZvaKIR8N-k_n^1gs>hmIYw~(E zOfXcBR(m!(cfRa->~onlOI61HO?)Ng6eyZdrNFwEDrKQ%HP-59i`eqmLVs3md)N0v z4|#|6XH8c#znI$J!^{kT4{}urn!NpIuHmC+j096LMKJ)%W~*W~afYw^Mfe$J&yi3e z;j5rg2^CPdrz%2ySNquZYQ1iwXXD*2G(TGvtm$^vGd}%PK(;JZuq}E0GnNqahiPK? zFG2;h>Zc0Sv}@X7;~>t?+WD}Tb5L`19ef@CJ7!S%=mF~ql^4u?Ri3I?)jic5pmCPE zSY4s6Q-9U)G}kmSntK}P0Yb&a@;SJJNvLq-r6MnYMA<6Bn7Z;6eRUBk25SI#({m~x z&D27_`7!8pB)G%echR3JL4#Cd(R22~Q=}2RBkAwB%S6&MX!ePxV(3YFS~EM}qrdM0 z^kC6bszCfpg8l}dqeoTY>NgrB3wi|K7_x$t_NG6nJT+ySFsf`js#W80p~;Kvt97f=Z-&z%6QTJ`U!LS(sO6>QJ?#bdk~!n zlXSlZszcEISX96IiKc$5+=YlmL*ZU@pQ>9mJ>PA+Q~=ZBN;0cF&$de-d;D{%8Bo#$QakAUmO3S7MkE z7Y!5?M8DN|z;E&X-4!suSbe+NX^Y$F+j_cHe$?XrjPG&jx2i$?HT-kNn3ZnAKWH!j z&HK>}>JOSe>wtC0)qd6bD+6LZfLa@b#dwE#>J5`viTb~Qr0dWVE1dA#EV@qD>qx|E zzgekYX0tqx(Z#nvT0cOFb^=EglM34f(DkyrOS1(dY-=D@Dg=lNV?2029ZSQviT45A1$71 zao`9b(NX7UbG&o(Zu)PPIv;Ll?w0J0xKiCsXFb0>fB9oP0XAIc%&a{m@Ubf={ssHk@+SDo=s$K?<|eNM~a5V|F^p(Qxtiz5Y=sHjOfhNp2V|~5Wur@=!H1t* z6|RwAxy;ffjjWf3N|N*qD`Y3>Yc%jKl8#`egmlDW6lMs=ZU}c5T|&X(bf~W0m|*NN zellg6M=X^~p-bOZ3+#UOP)ER4=}z&Xx4ZW;>xz9<&x|zb5G*g4F(spe7|*FR^e{>L zqxum+`y&7b!lQlY*5!=#S&SR-`#YxkAlZ4Yd|iLE^#m8bNt(9?6=u;~49kN#fM~pE zjy}Ygy4bXyyjif*zBh&&OrA7*KHI`xO>m@v4K{K+iOS7??Oy_x9a5reoQLg{RHvD zQT8l9wsYYC3}q|37kllMXlv}P>{4gw;}=@YB`b-m-p)tP9`vb3DmySZn~$j z4_qExp0E|z-a0-XWL+YsQnovw!%1Zu+Dekjw>rdFWs`XpD-M)FC;`PhmG$NdN9Uhs ze+vE-LzEwZWeFuR zHD&c0Vz;u|l#H$LTAyNSvUsiBKdC%>bJd1U)Jf%Qv<@MZFsNZGU+S_~hU~z|2qj=A zseGaQ`tPX*<{^}s2%cc>$BdDg5(*}i@aLp5*};6| z-Z^}hPy%1&Dih{!%zsKfx z5=hWn8KVw@igsHj)`K@IB-ER0g3Z7oIYJ4p!f@HQTyuGeb%Z!7T=%pu1AD8c}a8_G3 zpKY~ob#8U<&bgRB@!n6x2J~9@S+B*#C_?Fl1#^EwyKs~oR0G@1+y!K0DLKk=ly*Ui zIm4idZH_YcT0Cvu4j*UN_7fKi_U39}*yjgc|DcmuiaGtKC7?Zy;=7@8{r;Z+)n_PI z@qH->(`NN7bL;9PhG}6brqjcVBZqg`?5k>F&9DiQc){ig9!J z<_P0`RROHSQ!%C-G~^lbO{2T)-86R~3n>-vi@^wS~ zS&DDQ2FG=*^e}`cx`z>@Fm=exwIB{CfE>LPttPf9%GzMBbM|b%{*{A~uSiA90&ott z;mvFu92otpG_)DsuGDupC8>y<_XK^EU3C2P(4Y7jO)zMpPr3Nv)UhwQ+di zgC)_DvHH}}ag0(@0oXz+QVxMhaTUpiLgS6KYx_?Q)A075qEP?Z>b((v23&-rNL;F3 z4RCzg1m?h1Br0>^_^3-jAFpghqQh^ugW3O9+{MQ^i6HDF(#vG&@*afCV=o$cE>J8ioxK*vJxRonvesOf!AcjU>F)0p#Qu!KtZ zm4SQvEQOaMTL+j(D%c9(k)(o!`mm&YP6189mCqQn&0&_3lRReeR1UvL%BL}Q4qHC8 z{CWB7K5$|}4xP>bwtRRcaHZok8?$|qe}VGlz3LPzuvwP;{o?;CX9sd6eP)nR8@6%!HCF48oW?*b=dHYWN<;$zL%%!qiQ;fT}YY0 zKWx)i*@ib?IbXS(|E7`hwk7BYuDk{ITJqN_977u*QCRX8(})9jAPMQr544~KEZzan zx1 zR}0p|(M}8=;ua%Y-lX`bEHZoI<0eIt&QF(!Y72xM#4A_+MwMcm1%1`0S0Eh-`5WLs z@;8PVW0EP~HevVNd~p5=i>fvNh7s~=EabI`YYw#!Z^8Sd{PhC!|G@1DIRKXY)pk0w zel35oT!-yU$}9EoBW!u4g0$a1h5qHppVQ^@jW9{NhHq8iTNTDI+-M@@<$EaN<>id; zC^>K!mb_Hwj~ntld5K}tI_pe_E#om9adYG)^9}PY`ocA)>hKXlUW_jk>wLEw|K5@E zB0W=ZksEkaki1YgX^LMATfDiL0!P+jt2w|DV;QvHUnBN!@87ws#PWC zu$JjW&voANXBw84H(y{3T#MdKIBaqGoxmuJkUv9^{}+(*{CPm`FnOM$PSLGoD{s(` z^zr&~{d0Yren>xR@B=-N=EY{qXUCJPkgKo1pk6$A?xNSm$4&5Qdiwetq!~}1qqwO{ z(A_l$n?uli%uoJQUIt{_rwmuus_V3kx_h9T&}R0uz&OPd9u_FRDWgCcAk=V^F&CEu zB@q7tAQeLXA3(|<$)UZtaB6q-ZVb6naHPYQKLRUS4>x>?kUv5IjFcl!-ETbfy9m2L zAums5bQ$D87X$*9JV{>kllki;<_@--0Pi7LU*ZBp;mPmmzZqf;b6a9?<>EH0~GzB{@dc)_0+B8t@ORGuF0cz{Ca{h z7_CfwEZkEbYnoZEUjDi~yb`flybJFU z@)&HB7&%;XzlIzS$XPXUC<1LS@5 z7fqio6NLTb!X&IXC)q!)`2p8$Jt#VUaNY~Y>}4yOtg_|aa&OJugK>NrD4CRVaixwU z=dO;dy#jY!fSvwwj@(Ngukg}E%)iq2Giy2z>~n`>hjZw5nv`>xy;nIH17j&{Oky+R zb2*!_J@_|?g>FdLa+Wr4y>z1+GqH>eyCCtc{{T-p3G6;a@l;WzH6LCTpJ3M@Hc zyoQe6Idbrgycgw4z#B*f9SOMbk$Wh4%1GsPogdm|!nW|xaX2or6LOEgfG3-qFExy9 z2EnU&E?^IYYz|70&6&oIArC2=TSnZ#M7Hd^rg`NdZXvT|-xY6v0_JdKvviYc)PCcv z>K`Oz8T=1dHm$s?e54sE@;v zO*+6gGoYtz0(1rYHoRT;F0NfbMnBm&(0A%`;PS)e^7W4GuDvN&+F956=YIfQyky_B zJ=PBEdm9g?pfyLaCr|}H*(e=I2kOcU`R4BB09%qhZuj}c^S>dUWFz?6h`dL2M|D@@ zznOB;N@ zvU5^?{`9;D154KbKcCH1E+W;)pfh}ADf%f;^Q>4&+{oH! z+-^Pma5(4&JSSu@n&ruo)wfO07T#LDz`z$c6ib%u3dQh99NGN^(m8WD$1E_(fT(z~ zc;mGB;byYS+jW;w$Cbr1f%jy0^nHdIJA8~MyQ#@HzOm=-viBNK;}I3WQ8#|;CKi2j zZJcqfCyT|qn1g$l$UJ0G2(Dx1h~I#~Tv>#*Vy}F!>Sxd~a&K7}{%x=7S_GznP{ z0uYR(%m>FLJ~AHcws5Rr)_AZMY}@{@JFq*#*bK^e_#Z6L_9;0lyGp}1$U}IMkP&b# zox>9$1^Q!4XEk0MsZ9J5DYOksIwOn3c{VAXHUj>$rPEeVYpfF}i7lPlsM+X0NA4$` zI>wQYbPAIvmGN8o%!E`rzIP9n*s?u5{G{WG*7^R0zJ($4BTJAa%93Kqggu+Nom{Ay zbXYnHtfFiI1*>!j3;DR4=E_8m=bqB{rUctVXU2BY&U1(q0{!YEeGh`4rTU_KrYkml zT7GK1dmMNijP-brmLD8AT{FD^3)*k^2k-WLG0+KH`c9W=e~Oa@Qu+=zCkZJK$bSJ_ z+M~#^zDCcJENR!;BPPC;6wrs1c3l==PGARYX&W7Tl8Ih0NogC}Qn972TX(l!>_hL8 z(pE+;NL$t8MlPdWE^R^2U8J;yahE4;!Tim1-`Wu4wN?scJT(j0+S4`^v&-Mh#mbLW3%I<3L1tkY&iK}c{4#~rO;ob zG*=Bn61Fr~n!8`)hRTrAEcE8cmS!q$I~$nrw9-swOH2y1>@R&Jtux**C9XWSdTfMl zWI8`=NALR`c3SGMIP5pL1=0@7M zmFUdegWmU(#;9KDNqzgm!1~?oFMF?khFuVs#aD4?0K}EXC}XX;)@esRhGpVNqv5vF zQTQ81D?Di!U7_(eCOKd2)E=_%X)rWNtm@MNv<@MKCMBfsHJ;Q*^WHFS`(p354>MC> zDG(zm_1TB!U`xFfKDs-oG{lj5$s*OEYc;>J@J(nQQp!7n-(*R7Hue@!8%xU7urwg? zI8v^mz&^Xy&nVPOIhY?RKuCdvSW7BN|bzuI!eB;wC`l2;{mp0Rxv(Lo;<=w zz%fY4^x-&OPeY|7)6Ps+nES;g_6nvD5~wssGNq}q#n}ne;v^+gXcWzsOwsLXAAFUR zOrmiEA(>>ZolpN>6OswMVhRVql8oDKk8Ky(fQq4~? zpz>0ssCo=fjsBLtt;EAT*UKaJ$$jLKY{?f{J5BzCU*JeS&wHL^U1VGUhO#A}?XTB6 z{^Ww_lJrWGWYcuma?Sde!}im6r$~j8_b9wPCGRD@x-wn6t^;gS%MP)BBs~~P1x^-d zD}PC+^p29FsWpAIrrJKN-`nune7-+&Fy@Xr2?tD)v`M;+{hP#D7d;o7SBI?O8|@oi zyFL(M1Td78)X1R?2?>Z529T0hc0hMR@*E#lFmnq@1@K}?h2(`44B+kQ_O^{WCwr&; zG7SeFY)P3sM%jRxY^0?0v=7^%L{bW?36;vZoz$JQoiYqs%90dcurE3>Q}LhMcweNr z%PinZituxVe}S*0KsKcGpabXQOhx9I-D+3E>GV|y?(DH8dGaUrat!W8NT5wgNe*Ma zEXlzH1^^0?k}TY@AtXRbEJ>#1>7Q~$j7;5^g*S_zFIv(2KOuRH8PiqBj3p28dD=W- zEM5v+4>)2_7@3hI5i{Mr0CFTG2?(Ixgyhy=KuT^&dhr`KLGShsCc>zaCyCKM(AO*` zF24BbbBY335+k{ZZ4xPuRW>T$!yZSz;hAk<8~&OniPTj73j39fPLKY;5P^^Y1LsI0 z^!IjZT=}>L%aw#LW?KFBvRsX*>IS#Voz`?)q}>Z6bFd}Bk`PlYTFh}Ifw~-B?$3IR zj7mxZx1l&v5};-J5;~fY0ANXc4>ONv@XiE*jrl5f6N$Q&fx`$1TY~I{YU^XhK5uA5I ziZnwWs6#}ehK(aT*_e4)3ZI4hgN6hAX=;e^*+&gRU8zB8T*A>lK$o_D)E7Egbq^G& zuIcU?n%6%=kdIsYMeey{6mHZfeVp;u7WOIy$V*avs2~j|DRd`6K@T&4q&_fC4ykTT zfWZQn>XK$^OLiXbCm+D%lSOrC>lUx!LwKDlQ|qFTgbs#aPD)AUL8H7!dU3F`A)*!}cbNo9Npy|j8+{cRa` zwmk>d{}b0AuIH>*IJk}kN7aVk#*K}Pjq%O&%{*t8a}Zpwkh`IKafiOJEW>sU|73%+ zjFQvti-!hbs2r+hzxwjo<+DE@070o5U4^c~@^v$0zZw(% zz5~pHq~1sYy$Pxs>t79PjX-oH^_ua7M!m-CR}A046HI?_@)MvMS$XWZyhP$S3p3`}m58mT{b$E0ho~xhkaGkXE{Cczb}zo& zf9yu?OI7KHZF%R={cP%mHSW)CR668PFC+od2ht2D;FKTrf|`){NdhDxk|;@>Y-PAjYhlB@Jz7EI(7)VlO@&f#1*iVQN~! zlDv^LNZO=aX^=EomT(w#*yNsc&;Im*kSR}(y^j5lgO6_?-v=|cr^ornMaM6Xt3l1Q z?_}V#@AUJT*O|}R^|P3>_$xqr4ppQY(x-0UV@9u35q=Q>Nfj!fLkWthJ^(K&ALf-) z^R-6bg`4JQ2dT%vRM}L%DQx>W#wF!axzuynU2ES4Zw~|$o62!LJ@!8ZPD4^TxL3uc za-??^Ehpnw5%}E@>JjzM_|e>D30keU5?1f^*Sj-&0mp%tMkbTVfMNyXfcwy&8Y8D zH>rmT;2eHboGw()Hn*+3wdL7+)_WX&JDgL_Y5Qp>)-w)%{>BQ!ZvgpNR5TT1^F!_w zCGR|#{*(A8^-nHL243Koq7VRrds5e_63O=^|CLVrO~(xfbdDEwP20M4{b2m)n)~BV z64Z@>pYf<`Qh%AB%wN{48(<90sYom$0s*u)n+luHJh_MAg1o6v$vs?jUwpV)y7k}) z2HTfIm@O1R2>w>c7RV3|6+#t*{zm8y)5^hm_VTrJPY;h!Du|9&ebk2P*g79m_+rgs zqxJ3j=*Glm=zisX??LHd%O>qk#hC%st=^w z4UG0dP|yur%2%2y3(-XwqgQ(H*M0W{raLBj+%=) zG-eSnurPoN)sC~r-e7Q9g`e6@S8jc#N+6Wwf7Q{YkF>SRr_ zArykRm!YX8ye#{qyshb2PF%jXo{F2(Hy~+9UZZI=6`>c1~-=Cm(SUkrV3=6+w9b5YNIh z@$4cXW|DY@@{%-3CuC`|H?mIHLQSEI=swM`?#&{1(HA_HlrDBHb}xQh90FGs8IHt_ z+0A5U<@THXr2Ufpn*B+L&D(#N0D-1oK(w@G_t0_k>H8}{M3#6)QnH8)Up&M3MG#M; z7A_&4#H5MKXLvmZh$kMFPtQ-Te!-0?Qaq%O!_(kN2Np3XZN}J6r1+~W3G??uhl)Q^ zGx8S0i=_uv*50ebME3{xx#BnCxt08tvb}CpzvhZxi|eR42`LGZ0DgFhU(4TX zznLNys@9)xJlrV$If{8+ircBt`DUXR&h|Otm$DGo`=j@`AL5D6#P7xZ;xAMe2$DYh zP?Z9BCMkY#0CzlbrMOb@U?Xzl=0U+3(y#crF3wPgC~!wyPI*hd$wuX^N^fNu?XUi< z`EDpO78rY$@2cl1^LFJzPA zGBHw}7(^l|E?t6-eFN zdah%1W8km@)kHbsY;pEV;Y#f)P?@hdOI&D-#h8pc`FrJu(e4T0GvheRBE%p?+2SX3 z&JqV>X?uyEQ1$Xx>PXGa{pb6W5M>wIgb+Uh9w|-}r!91vJdacxE@zi>;OV}5`tYQ;)SM@k>87+<%m!MNtjyOtu3y%C%kU5@zZ|*}AW{R^hi7mddl)7I0hrueK zNKzb$rXi#_SX_l28>9{}h8VvsUf&qpnAtD8Vww=@PKtxj$1W)jKud66v5(jnjuBYJ z>;CiYAMQV1{{;M#{!c0Xt&eybLr4>1Z>)|t{Ks4IJE{r4?Io*OY`X+j#}a$W2|2Vj zN6eMy8gK7M|Addg&A*pt@IFh-wLQiKRF0S>FIy_ujk$!;1R(~Bx+W&YY%vf1DGSs^ zGwCck3yA54Zq~>$MVn%dDuDmixEtJG&&JMu{&@ch`2+OhEt(U1io?V=fCs%34~gd- zQAa?gkSy_*gh~<>d5eLI?Z=_VcP?t+>!LYL`2l<#F2u|QAp&;dBbt`9fy0*XJ4O4C z_RIFm5A!Z_E@z=$qABQo(bU3w#*JRY!H2(T|9RjJJn2962lfD{NQ%ZV3{IeEO#DUS zDG!#Hs&XCN&4|tP{j#5h=P%Ez&+C3?{RaAGiAF@DsOIM{8lj^=b12>P%o1pASPOR! zfhlLzcH>?Gvpyyo0WZw3T8M>@Q02_&4BJbDsD^+P4Wr{`AJMSPTjp(iV~Sk71CEp* zuIHWiUO;WQqG9C+RStx^A^t%@BO1o}2PqoDePuXpWC5OvhODIh+eYTeSBN7KizNdh zu|LOU*63T}_uli_n;R2}nyM<1!D^mpSec#vbAv9Y$UA3|fXMD43LF%mLc z)D8q5DSm@L(k`0(AHr?;mvpIj7-WWf&}{ZLi1YXM$+Nj zPZ$gOh+2L(!IU}{{CVg8sr)na=i8r2^jYR5YLulK9&NnYtk`~cI1HvJIWS5PHBbSv z`|<>Zw<1+lqPwo2Fm{=WO>Y*0%|#YZ#^uxJ)#A-NTY+1#u-9?lnc{ro>~hZTPVRFd zlxDh{b6R_L2SdmDh#Kf>a}iiWbN9gf@Msi_sqUcr6kkyt!l;O&vEzY**cKBi4VdKyHxLM&T$}{mCsSsW>VY}|9C)zo2McJY*$wyhN zoQI2`UZN~*)O@}1y@j>)VwX5cM*9ku=m`XV?#EV6N5BvmN-WWBRHz_Cx3PC_Qp58x zi_cf0S6*5}HyU?BkE)Mfo;|sW$3M9yc}0i+9zvXo&;(jqm#5EwC3uU%RSnu#8`GOU z+cA5Mhh;|tXF#~YqF`|fbzhmN%23DaKk6q9sip!`<8rRG)jqdbxZQe^fPc>x1&Ra2 z6~A$4EaIZGbe0HWYpeqblOjT%hW7;Z)ClxKh+we95qU^Ky=*z1i3ud~fE3}Z#6vZ$ z3&5z0!NOTlJ`AFh=qS2E6{z>smzW=d=G`Of+cmZ$<@nWA3YvlW2xnz^%4a%`Dc#b( zJ9$v=uKwwH27((3Tj^TA?qKaff3t;C;wBxTy9M7C0;^>SC+BZ2LKpZ7Csi4$Y1nD6 zF_4A;LjZwy~0zVJ5S;G!jL5aW;c<}Uf26e;N79ZF_DibQBEj46;Vnr zRf#%XU90n(Pn$2Be`|;^j4V_yG@IWtd(=W0Ig`Q>Ybc(EG4eQDI4o^3dE(x)k8oHP zYw84>lB)HHy~6!Ft|Hf)bEH)v^bRQ;!iaislB3whB$jYU6pm3EAQ2}80m4CPtGt{J z(0PMn3s2KMQ|r!+{riVwt|17a3*EvI4vO+ko>t!WU3`1Mlw=3Q@)QoxHx@j=kvDtq znQH_aEI{~0`2dE4Php4d%YFrzKi+k>xO?5b7vC;mJa!x!>GxiG-c{R(mjD_@n*KgAYgFPg>7n z&j!ywUGOej@Sgzb{e*q6=;SR4k|wFXn659TFBhz)z{KVe>S^-eVKp74>9IC!eBS{q z$2P92j5->y&rsCT-2a6LT|c*e6=ktQ{LEyX1Z+4D6r&fnH|`YnAavpm0)HyVQdf zcqyDV-rOBwbOnUKTG+yuOC5Xtr(Hn0!b;~?2nnAJ`#^6lnl9R|zWhR#Ags^>qhJdw zz(wA>6=-XoutNS_&oksMlpgh--)6GdnaWly)H&0b>4LBfzh3HW*@G4)g{6$MKOwSp z1T0~RVaN_Y#TAwaYhh9H1N8w-$_QZz<}PL;l?jXSx(GEaJ%vTmdS$bHWNi$3e-3?L zxy+B=N}kv7}HJnO&O*N)5OXwG%l)< zb~z$9o^Doe#cd@xJ;5_giu18E-&yEv+m709*qMRxeaUY7?$F-1{qRF?u!frfwtDZh z>Eg*%^%amCDJ-xCVN(_uW>-h-++VH>V~Sz@OUxA>}~1Wtk`<6m%bn1;vEIK zi;!`83DZD}rC^?I2-qk*e0B8j*L5r)**uJ`g#uBSyjXAf==9p-?57+ty^ypzyituh zv>aiQ@VUKh>*01a<_1dk6y6u!m-5j2%5l<3^#vO{_O9gRX3#&t_DSL0OF#raVT>k3 zGrdUKI=7#?!`+YE)hFe@(%}H{?I(<)*}A*BI(@n!+Ss~q-BQ2R;Pl&lunRcN7Tyrv zSmZH|eT6XmCWMjr&2Z6>{JZg*{pIG!P6IOLFkzTDQ8q|N0>^o_aD8EPVHUj8=9_O@ zd@T=`*c+4EU5C{tF&8&+LdF$_sy&vnVN);+%|J+DFs?nYh5o`%if9_zlLwa#!ai-s z(kJ`%W2lCg&{x@@9##+QUl_VJ$96`};pYe;P@ty}MnJj@%ebxLvIX|1VDRfD>Lr>8~BI6>maq z*n+Wz?4|EG<0A#5Zft(Ri0dI>ykJO_r@RfzrOymyrh7+U+*K#nQAsIKFbFtSD1RZZ z(v;7SfHKpkg;7{7Xt7M}MDC@X=YbFq49ctMH_MMUytaB=VXk|wd{_5L_8DL^DHufi zB0?~TU;rxszE+OL&j6c!1p~rT;d2>p;j1&zne2SL9}gRV4^Vo?2!sGBRM003mKW0BRcYpC zbBk;ItQAY?W1P_lU^2oM^cwSzUbqvOOZ)Us0%OJ#g7?_k?`f9%+0Q%2kypSG2m#Or zOVG32i&H(8pi}*J3B)u@(4o&;e2lMmNWT3{y?|U?LA$EllDU$)(Tqlx96{TL&qn00 zTfZ8xo~^<#`FC}(cGfU!sR67PG|K!m1C|75!>leVW*n)cblsO0E#*l(K*(9dC z6y{n6F{ThHsG^%OrAjfNoj^ClY(eE}-g@yij4HeY<1^FjaxS=ZZ#o!13B4G@ z(o40kaKH#72thHGwKU}fzsWl-d%b&e5YXh_Y0^1yk$pLY%fjJ;VriB#M(+XMVn-}N zOS3Dn=xf2+xKR%ZdC}VyKykh&btir2H-5dq`V?bU%lOjFcJ#kVJVAkEOqHx|S5N5! zaH|^*@@sdz1DlXPWcfVUR20=;KM)C6E_s9 z@@&({oMHvJQg7)sX&s$P*QwHUAM_Q*JmdI6pe1-Y()!5SvlS1rD#@9@{S+kBx4rxO zUI&j4zWns~dGmY{-9M9p+@H{`q~NKYK_qA?LcjpvW-P%YIADfP3Nn_)5nIxKbAJc^ z4n?z2p5USSgW)L%pND%KCQ!EEJ}xqof_oU$6;9^?Sj0W`^x9XvPZW;8&{_~L&Xn?$ zMVd;Zx2ePuv=IV~wrZztH|n(ZwBd5(>gg2>>bQbilDEbz+fCa|#&ek9mJEg^{(_sz zD#H-EGX=x#XSTLA)_SkwvGe;*$qr1INkNQr7C#xI4{%N5j{ss20){UD2oOXI3ngRH z2F*)*?OL;=ZL4QHbBDVVedOULPT-$C1<{gEOCPL$)|$;!=L_6lV+o>7N#}7`474^W zxPfYNY{8BBsna(XFhV2**YG}4SR!pQ!oZz`OO&tz5HBo2gfX3o4UcymLAa*Ml(d(8 z3Z=0G;aD(c49B~$3s2PQ^Adz<-kYi*Bte|LdOu;mA63yff-ph1a2}t{JYGvdy734;x{dvPWz-Z@t?b>;etV!G)=XX$T|G1X`MdmLaRJEglS- zbM3inDeDg%;~Tt5QQ?;k>YrPk)g1^e8u_FT4lo0*QHU=6a9=) z&B6sf^NmKXDS08tlDy=-+74Q=Y4)}?@3lrS_>FPII!3np_q|J>-PN3$o=ZWpcCMd9D$eCQ(tBIhRUB_0-n@Enjwpk z#jN_+yEfv{6$DSfrS2-S)#T#CW zW&4boNZFXJ#eTyWD#TIzD zKVHUOwL>2M92CU=E(nmv>YptJofI)qG5EkLNd9+27Zkw%t_HQ+%cx5r)-?Vsh{Xar zM$Lr{j{tQDm?=jY`xd$80f<^sv+`->D?~MHfw00U5V9)|{FRqNQ0sE=cs;l_%y=%J z1FMSb>o?Y;A=G&)_(Z7M$lJ=^n>p}2yn8ry1!zj}fg6zg89^9x+Hb-nkS90z(}GW+ zDb*|sQQW1c!Npj&u5P|(vDo}&DPTDP0+>~UhmdERxjPjnwWqPCGiSMHZ!boH0Ql2} z?~HeKEQZCOG7LIkXv^kLiKfs0^*_uFMUXt+K5e=Zyou!?LsK^B(ll&E`)?3YWdkr|@!|KOw8#hTiA# zN2OorvJF3Q@;l{%fd$DQVM0Xnf#q=c!;;(Tl+8F7)QH6&S{$_j2PgT1d>9gu{I3cS zMkN1>%L|`=QPeR$?f9@j;>rJP0}Ucc?By@S(#=ew_=j8BPKiG~MG@!)8dDxKdsw zuTnf#cF@VNEAWhdtr`UC%F^a)8?{~Yne$)fzs?VW5mG6vE^!Pm!BP0c!uX;mm>E@B z?pShQ!=rJ3=KRC?)Kxl`UA+{HjrN*9EbmcHD`%E^mxES;WJvyNB_O#s{}tV;uQfh3 zel#^Nd8`a>m7U|5h+n1l(3G4MV}m`Hm#YTXn$bNI!3SCh^0Xg8!FO~3AbK2O&L~HzZ2duIc;8c;rFH&|c7um1< zn!r{rkn}4?mEHDGd)2P@33&mdQXW5F&01<&j&wD;pP$xycx3YP`BnUJLAi*8WpZCC zimH@XDl@>k-d~fed9Cx&JunP|zxojHi|=WPUd~$y0gw2vR=sQyc5i!teQJ&Ch}ekO zDsXy$Vp#cZ$lklXahUdu0~4=wmAeLy!jG!JC-b$-G6?RNhIP!h7az7Awxa_@7C%oA zbL5AOnzxmEJzP z!Q65AIg%l|MEAm;aa4t`KSdYi5&Wlumibacw(-7k92S;587Ke6@H+v^FRhWzneFzy z!Nc!B18wfSvuJ!Flb^*eCg&o=6}Ja)Zd7s?OzpvtZ){)xt^Etmg5)Gw`-*I0twfD>%~1M?$$JX%t+ z`KgruPQVWEC?9?bv$Dj6wd`nXlyesLoS5|`7C%Xrb`BB&F7)q@GO?!j1<>9cJ}e^W z`*yA!f=nRzAd5);Jy#n(xFs7{=v^K^hY=#&@Z$wtvM>ek3pU>T8vG4C8pMwkk0_!Q zRfapuH&-64b;GX7&5gY6xWhJxu$FK!iQ`6s554Tej}(kjRkC<+74$^?(0pUpV|QX7 zYESSZK|6~dLB+`v!8nYo%$a`z%Mq2vuS@>6Gz$OPc4u<9IEU=_*(SI?$S|AoU3%w8+rC_OS znOqKmo;WlaqbQJx#yxyhy#sylB6Krj7eC zDrgpF(=XJwG!HZ{G%cEL-6KOL#5-Uw)Iton(dE!p0z4m!kkD zcU|T z$JP%T>cFsY0Hj1Z>`71Wc}`ZtKu<0|VG*n!pUss_(BL0{ir0R8`teCN zp?ssB0yFFIRf);ah<1aBGYfF(x#_#h%AuauLtr?DS=U=6OeS&MBqA%Qwl|jTanQ%K>~qb0Rka}5G+6-SaE32|9W$A&b#-GH`W;O?Ch+) z&ohn#b4vUSiQMy^)i-BO}1K?_rmMXRj_pJ^L4oo38l#0;4&awA#>T%QYcWCJRAT|xu!(6U(t}?Ewe~12#yorH) ztmo~A+k$(Id(Zoj$L42U!Z^oe%YKK#8p64J8f%&#QkW?+)Gma2M4K%YRtPJ1n+RpR z4_nM16gbR$o++8Bn*D_8U_X(G$WG)S3Ruxx9axK#jBFOlJY|8h1X;0s5HdBPdnJ2K z2POxO2Q7&1w5#5$v(&{mem6-Ejt@=`JYk21{vhX>_a~fOk~~Sn?@rRUxv0Z_sn^zKbC+=%81PxtDDH03|aG7FWc-t@`1YIkK4h=a`NGf zFpEyT(M9NUycw8t0$AE3_`BNWmAuEJY6=GZC?o6G~Y>7m6KqCA^UO8 zXsuFWyD_-ki`rXL!fbPGNWKuKcfMSoByN3gvaggGb5t*qga*wA_IF zlgNqI`OnKO+qSzo$LJbkHWC0cz1a^!Jz?owjA(edMe^#h^RkP;YW&#pYhYR!igMk6<_X2v*NF zag?}H+#w!b4+X10zNBEoV8eZ*Vq+A@OjrD1#Ac36e@k=A03<(7yODbp`#H*Qhn$+;o2Z)tAQ=iCiZNblA3KRTt;vQ9 z`{k}=@PwSD-D%xn5*e|N;KkBq^YygN z+|5y0m8=gk);0$vN+YGop|+~&#Q!AWr2fnt2>pyJAD9e9k5-RZYqeNEHUd`{>%lA5 zk7vjGG^4p_wfuhNPJ&5@q!h0??rZx4ygk4n`=7wMNSml-#fcb^{O9}-Bs z#EkU7!vFViuYW)Cn)R9(7SztVkz+0o zNou8iTk+c(yV|>vyKM-Tdz}`MBRQ~MXg&N=7K=h3jN^UupKBO$TjcH?>D zb&~=gu;h05&fxCH{o98sOqA{?%O~3>C&Hg?fu4v*%b)C+HkytUcnQ3OiSw@Wjq}Y5 z#*6(M@v;V3(eY|*n40LLx4YlSz;&M*SROcnsiw`kubY7?_VZZ*+11?n?`CwCtU$Gv zcGP$5aA9|gJ;8`|Wt%7cBzAwo|3v(W0{Ct8@8~~v1h>OsF-^Iw3lVrRVqGSzgn{#g z3lZzXFTkv}yQT+&XD{*zC-%klaN;K|ah7wpzaAt%UW$68MsfFCXsOZAVHa!8UjZuDZHri>!6#DH(#-kr9Ego z7CxCiza}SyO-`S+-e}nv-t67%BQ&3g$6=$;WUZ!a7uw0#u@c&CzLhup(fr5%rGAt( zBYk43Y`G02syc?O$wbt=9~OIyqw-U`^P#Jt>)0m`($^;Zs40JhRtM(?ArACb+`r`` zA2@V7ayjxmZpP(HI3Kw!zsn%!fez=euwV_?SM$O1q08YA0_+2$bldO9+Y$16NZySl z6F3SU?v5O19#@lZz~6qkabyjq8^Mz2F_#1IPn~#R%@VMuh;55)>jSStN7P9sLlybW zvA?S3r2DkxbUm%p%8qFLN*O6~GRVQqo|G7~s&)uurcZK&_d>nKYev|eXMz*ZS z_fMan%AP9Fst8*hm(?D}2FztON#F^0doZ42SWVW2^(D?OLXZt(-}$dm;m#H4%%skg z&ZW#%A&K93gHb2X%1j-mjpcCANVyz_Ra8j=;Z z`-SK++nb`hf@fWF$u-X{&ih^{r16c|xzXKGwFeRA)MB|yBm4UM7;ZW&m)AJ`S@ceV zU_VARGdeyv^=8^)-etjZ-RZ34+8$$tfpK8T3{RR*W=@Apr_V&pM9##>bGLl~2X|5y z9625potB=toP9hSIU9M1!%>-``TR{sAc`$dFwgLGYIq(RZ!2Aoj`(@z=al}5Hql4c zVFq_f4^mVi>fm#%yxPnlq7H7?nM7GbkLl;-phx>>hZhRh6JKh?m_C?yOy77M%D8k% zAZ5uyYzv&Y0aQD*cDi>>pxaTm-w68X?2~@%8DB3dFAaZl@0%VFdC+9~n4vMa7A8#J zRL4vrcqqG9U6A23-pH4B$g)((;5`JBZCi`!71@Zwwy`haA@YhQLhSaMOwUx{9y~+~ zrU#ht0KWOO-b(#ODA4p)+hvNhy}SeegWh9{^Q7~X2jj<{$05?8J*>xg-$c-KlE714 zeeO&$B^;&)V~FV?jPYEi^9GKd7Ska&+)Y*!mzBW+qRF(6IVFzVL&31_Iuv;ZMqOb*pFjn!J4X=FntLZ@3#@Y+W_G2y)$(;l-1 zp5o0!JwhhsFVo!*9#rLG)nez8)>692Nt_R~qSIP3#KA2#G5{0ul=jISwo59A!9);+zhXQFs&vpjoua9kEP{lXwK)Y5){^gV<;KmCIGo@7LF{x8?WV4;*N4 zq&&5fL2HB)=@=^;x0)FNG3qDKvTK8#v_gfg0w+9`j}mY#BEo0Dd=vODYOH9j4vU9& zf{y*q8}2X$wU}=+A*#X~vIj8Vc+TU9Jk5m6eVHF!gi_VE&5kp9i_3gFfCHn=d_#1r zV`e~6Pr4Ich9=V>HX!IdF7tKQ6jO-#%Cnme5=4^tR*#oX8_pUmepu;WwHFud!RFV&C;DefMYf`#JIo&r^D<rg;JM*~dAAfR)DzS^SWYd1LO5ULSeD#Si`RXy1GoHc$NiI-)aVm`y zO)|tQ$0EmnObqa2rnToB=3^Gq0s9>hYp)w_d2RK|qvctOS9{+NB2+b}2}sNs-?iNP z5@Aborg$t0VN_c%(tIE|43PaBE=B|1RInX(V0PhomGNjm$Xm>qqG_9XljT5hs6<=R zzLCBC_8|Sx^3d^gNd4|i>#m)gnFUkCkDl_IPG5)>&FSaVQQ?2hC)xinz{m znF}L}mRJ}^RxDOxSKYxt1F7xJ5Lx?f(~nB(Z=1jp<-@=H%C z5&(vF{Esw&DfI#3G5t9I^woLy)u%^{cLOG$)tdM+k&8l!GO$hONoqD-H8kAtvLpKy zmEEn=7N8}|7c{{h_Y!3+zd;5xPO7!pBYP*S*#5GU1(tyNNM zFoZrlk%%&r&(!?`6F`&6n+}mgVWVgA#@`6N*M_B`*DlxC6U>=BHich0<2(Ct;R~om zlBC13Z*o&rm}(Gw1Nnb!Nb2$LM{4?6O2&Fo1}D94xQ|6FK;@Y zyqi7~E3=n#jtk%f#oyvxE|YeQXt^bm#@CwG*^J#xAVYE66f@`jLGn>KfXxLMj;^Qi z=jnG7C${jC^OUnXy*%1!0=a#wk% z{JZ>zyno*m0y0|12FI_C&5vzV^^lSIe42Aw1;5Vd;_Fr7P1~&|lt|5Qt!^FfI`8`L zMxX+tb#I6Y4)fyc_c$3mOX=&ls-|I4ra;+O0cEd?ejcdwJ7|mpbebD}y}~ z#WUoY@iI`&<_wmDEJ3}XNf;yy7ZogrE{Cm_ORB&x*RfT<^Jx4 ziJIz1_;X}74{6+y`G7@jpoxpcS=iJaq;c}f-QImOKzi~30Psfhx%_sW16w=(*5%&h zCAP#w5e-%@6Ge0)IZPyZ94R5*CKJKO1=M81mp-bnY$P&aO!!#nWXfbJYE`R9Y3XDe zKbfD6s=FLPuAo>@Dku|F2x>vGSv?=Q)CHoG6j92u38=iCmrGas#QEZ4=s}f$e6Cv3 zEa{RAN@I2+cA9`!$~tpDi^I;Hde(IT4Zq8f%h1aYK&}j2W&YLzw}Jb$$93C{`7Ksb zBPMLEKvF36-tE2h_!Idz=WpKML0IXSUxv(E{+Hq;K&vW%N zW|I!{_TMkQiEtoFni=DR{cg;^SPqO}EwKZWvm~LihvVZa? zKa*d{N8#F(=TzWSI;=9IY3$(IOvt#UC_^$L`%HQ{h#-nRnE>|HbfX}1CUYTl>Gev` zs{iWXx`xz6TD5JW(BEm@>4KwZa?o8TW-^Wf)nz z+~?mB@)A|By5t^n!I*JpiYHq5QFBfhGv>;mqt7QF0BxR1|#AXZ znF_yx9NS8q2ol1P&DUFv+wqFhoy47-eb4AdW4BR%W>4{M+a^JR=Lnn$2Ld**Z{V zdkb3@ibUT0iX8Y*}QAedJ&eae>;Oj6} zGi7tBA~P@>kCMr5HP*IRumY((IPj^bK^M`FM#Qk!W~^qvNZv|Y98a`<| zeSg_`^X&nrZq694M#al4zt=Q z>*;&KQ!ZmLi491b(P!92BliS(3qfPz6WHsaa)F4g+rRsB zPiODrUdP_xVd!B5GBrWR&Bx6uTUD{DLIwBja_DmC#t_2p2{+ZZIk$a}Zitv$Jf%J5 z!8P}P4ttLL6Z)s)@6bP7ROy?OVem5gv}bg8hRJx)mg|#v#mme8y{E}&k&0w@hRe3F ztte-FKkJMRX#nc462mQ9YO?7LX++blk1(|}@n_rs#|Q<+;En2)%0`uNntkaFt_7_d z_q$q>chP3Jyk=yy`yMdCI1F|wEr!Er&eSO2`EVJ|UNpJz8VmYMRf_VxU^T`DhsI3O zq(|pk<}l>(V8Q3I8;cV?0=!r_ST@2}$|UceUOqH37EUO_jqqL*@4Fxyn|}Rlmr!S+ zXgPm1o;ciw^a%TN&U8LQ9KBYsUc8Ymt=%?I#^cQB;R(~}l*RZh4e~3)jLsJEiD~2betGXWqBTW`4#@+idqzx5PnGEcqtOl@}?( z6zMxPyY73f2UUm%d0h?zCXK+GCOv?%BYC!{XJZdjvms6ZT8au$21JJ&Y++#M-k#NOY1`pQSn<9l>B-OW#%<4RlP z`h-BqfbL?0VWJq%R!NMd0qU4@&pRh_CLMI=SnonE5o>m!JD7AfekNDgjWl*AHlaLe z-d5OFhQd?ftLWJuIxsyNQnj1~pAR9EJ8)}%>v8w}v4-T$eP6yBhv0C}q&FC4LWIe} z+6Cw3c*J{*;ogwLnF1p4QJM<}Cl+B`9CkY#l=<&>zU@Wt<>JuMO$f1e# zq)B&7)J%NEVn+WM3kAWZ-=gobpQLWnQkF;96CXkzlE~G>o~%i?(rr_oq>r0q*!0cl zCc2H+HU?$gl@HrJ3a#USlg!hai#NY5ZwH|()bRxGMUQSA>z;nI>L-gi7`+O54#mKw z8d^JmbeKaOO;Y#Gklj~GoeQh`?new2Bf6f=oYb5&0Wn>( zz)jSD5Ox-Fmi{si=$DaJN6xKI7`2)}&a|35tCD9b+Yz^?s{mWHoN*BL&4;ai5NECr zOOv-cwmSDUpr2hw0;*iPlJI15XgoHjE7+cKi&>w!n#E>B(kx)Axo^5`=4_VB><==L zt|_~;Aan^_y5c;G{7$(nQdWSqk}hBO26unvruL@s0Y*NDCT0L##2QO#HXOIRc66aq zg>P8VMNoyQnA2R)0YSTibOfdQjyrBUNf1$p!gzN;?(f}6!eh|itiKrO9J-KhJ-$y$vCrbW(>9skQyjEu{^ONr;`D)tU%Hs z8N_2a)KTaCX(h$a=5#twlV{Ag2lgsg+_qM=QMa86bV!uq3t&HCJ8>7eH#H=6Ye=V0 zmn@Vmmr7i=wXrH1?7!KsAVNjXID!+ecr2g)n*V8B6ir(7mHSdk@ zGJn~7h5vrSQOj`*DN#H({LQ)XxygBmeAFPPkjDD*hG*Xkzt7pPn21fKQS#(%Lq(_} zYo~HAcRx{;ca`=JX0k4wDsU5)ih6;nXuE{zh!-a6XAQ($MfPsw0TxpZ4Y(DTPQCLc zcPT`vnM;3SG)WJ9;wKO}BON+fShSP6_x{xQ0f*41lh+3J+m&w0;-j_;*PHw&9L9l8 z1|Xw()@Zg)*oD?DM5T>XTl!vJyX~lO-}$)rYTt0*Xus?v{j&eo;jZM~6wm=EoRHs1 zl6l@>tQ*ovbQ1p!KOETHpGZG{*hxBwx*XBa2%taGbqE=UO?=}U@a?7t1-&ya2pi|l zxa104E-8NJVaZvE5#2UFO9{=jDNhJ~?f z_8^~*gZ|6#5oVk_{eiLIweg0=TM^8#m`(@#*|!&XmfoU^C|6X!(zNcl5g=>aZiIA` z1LP|U&RWmkUj$z3Ui;qY-swLEKBhn654@s3jJ=v`+lZ8o?k4QEq9`Kp=sOa8BUjj1j2?R@wm=&F%;ek z6jIMwfHOh|^{!v$YZlxV(if^1KZ3lXcWFSRjg>QSC4Gf()F-dkO3VQ_50SK?CN>wK z6gxmbY-GdRU#?&=7~rQq@V#crXKOdiW$_A=)BH;;-p1r*Ue}oB#1P+0+_LsV=7g$~ z4=R76kM)|4L!c;u=gw~vXwDP}y&*{cK^nSg0x?@3$k`TNzYq;N(6RIoTh1GqssOWD z;B3lzs4P}CB2QDi-~GPtzMp#Jt#UglLu9-iQR=3rRPdP?{{OTSlOTHubx5Z9(-_+I>aQSTAfH*Y$c{y=B2y1Wj=TPnxP z_!j(c)0%KmgJ-R0qh>3F@xoT&$b9(x;A-R=1cW5-H#|0e$ll5az#llOOg=0=EKzg8 zs+shd_tZ-(~N-#Er$UZ#4(&5sf zLfCZrbSRy~zT>;jq(}l}f!D=Ec+8Ftors(4BsrQ!R5NU?(e z>*434)}t}`3QVDw8%sKv>15l4roy2G#|6JtJ8_OYZr2?1*Ksd)-{;8eIOD4GuKZ8< z-%n&S3ZjE2TxMe6EUZK#|@Fj&z#Mj zFGW(x19DOyH`^6XO7G*e6TeGa&|Bma2h5IsgBpXNxnNK>y~X4MIf>8D6TR3oYt zcdrGkyKP#_T!EJOcGh(E{W9k|i9mL>=r_{_tCd8(IFo*Z_Lgp<2N@lvjx}Z5dBG@r zC_w3h_PFmv#dP3w`gElr8$u#3vzoJI1cSNoW#I?vtBgbeD3SDCi`mfF$U+J`U0SrM z3oJ+7W}Pe;tyXR&FW%0DHJPJmLrJ_YYN|r_LihWjzRNi*I*wI^0*YS%%DDUs$KTq& z{cl2VvTw?6ZEk(;e?CTPXuP34nb%A^>nJpxvzhxj|9&Y^^nR^e@^&K^BP$ugREY`; z#XCjGj?v2|p0}%Wpmp#`6@8L+;e6S3r3pZD`gQt4*;B|L(Wiqx|JYhjyFjm~5DdT(Uk#Cu`Df5AKA*M3;8smrunCxg_!?fqkJ( zyH4~8!d_8# zAmcG+yD_@+X|F@&@!#v=v_12ME#yV;TE`tgO*P6-nfAa8%@*1~@gjL4V=;HJT;wV8 zTee*8S*;WItqrZ)u73dwr9V)mY09|6QdPo<-Whfl4sB0P(w=Q+JA^r_30qD37LN!t zXwr5ok-PYp92zd|YuXNna75R=K{DqZXh}5JJ*5Mi4u|oou=A?l`VXEY9j{B%SmJQap?bhqfJ|jn)huVnn@^6leS)sB0?{E zv;`YI<~v)vWV7^D>3@j;uOV%59rs7?kJ%q{5)=Jv^f&Bp1SwqP&^Y^-8!l}|N;x^S znTAFxZN}!arR)GKvh2wZe7)&v7>J*Q`6y-TpEH}QpU+$HB$$zi=)LU z;!H8odWc=CT8~=)A@SYlk!5fBZ55%+zHQrI5v<5n{MganN!}UROWkYP4?XBqx*tXz zz5}|}_UOlPz((OEz2f^q*lnaOqbf zbdM%&d~W)?n0y!Or#o#-The`u8JY#JmRFBh#<%gDDdXvsnTWZsXbtmi3nd~~QRZq8 zMkkS?bCncrgl)uZnI71mq(C+`{t-X*ax^Y&Otfq@X`_R0N}QuTZNwNOt=uwRH&HpQ zH|;g!FylBIFZ7?cS?`x7Zhzd-R$3mG9kw1D9b26^T-ILM{I>axvC5$l7}TN-r-G+K zrVw1>&{!QjXhXW2G3Hf|JAz#-fuA}1M(8Ar5q<;oyb>x8uh%@cECHtQR>Wh8v)*w& z$~&q7C5MkX0E#PJ7fm=kRODFEx)bgQe|JxP6?iP9 zE*dSiL1noFAiAv0uUk=v!|Ey!fj0eizBRr_r`XWivGAH`9HUiK!La+4(W!8hwL*`=~vDLK3Jzt13n`cVI z-z8a+?5!fzYgE6w+`Kq}TC^6eO}@;fwE%(|Uai`1y|lSWx%q(zC(Y%39JiThnF^aO zSt=HJtpC`s-87f!%DlHb6y-ag_c~9~Z(HtPt_9o$4u#l`4mG^vwrjWRxf^?q%~FdR zM5gD91P&t}P8td$2(P3LH8>kHr!CcxIql#qBd7t|l+NJ=P7F=@PL@x1&N(8-RtQ90 zBC6H<)?C+$)?L@XOOrN@WpT1kvY%Una?|aiy`p`;eZPZBrS4(nk?-+mRTdQD$))r? z*FW#PFurKI)VV6Y4Za%trM_&2ieP4e}d^Pia#9w3Y%Z zlRF+n(vfU8qILEYUQ;16J+n5#_j6xGS)!`dAc^Znh;&dEF8d(+yw`K^?a2DnQf;Ol zydOb9LgkarU%!7||Kt7-adN2sGZ^<;R3Fu^{zBqGT&nK`J%T%GguKza->uB~i_hp# zJ!4@@Apk8k5RMT;s%Op_nRfH-{N1XfPseXBJZ_o^9g!B*jp$>lic8M7n>X}Q0ZEbl z<=-1jTn>dBF4e_gspe9h1ShRSby7WRjnbc+8qe5Z&q9feYZ(uBR{0-lPZ^=)B$W;|E)s`sb&YvyAY;c73 zT9x=a%81LL#@7NYQMfz>fqxEK$ZqsOjnYOLrhE@it_7ZEB?5NtsuWd*`r~EaW&gGF zZ6~T{tsWdnAwP%0$m390`L(DPiNBh9cifLY8ULxk21GT3|3q`qakWo2e1Y}Qg=(brk*Z3bYQ!b=o2^;& zTyIi=UY$6f1fOJ`d^s6L8&!MVXy0+}^r21B@ej#JP~Ujk;D!FG z!a&iZzA=@|@Jzfa0?xA0V>9XLZ$e81K`J(0@BPGHOErvF2`m>qmy)Hy2fhbMC;Bi1 z?H;f~Xi*JHO{J&m4FJB>SFmk5O}bBpfJilwZ#0_(3z5{J#zAzo77bKhPb zVLlfESdFMp?OpIgw%h|c=Lw5xi+PKsi`^p7*GWC(aoaBYK7UB@&R z>aRZm0NeY7U00VXo6HcH?MCd!pF5ISZjR5qqu;?C?H?2~FI51>RP zhf%746a6y`Mh;a<&ZP8TVkUBKrD7OYI#elRAx+=Z*c>=dBTq}HQo51uUp9RtI~r9? zbX9by;w5c_y;HU__HYt-bq}94po&@7N$2^>h1~V;a-)OMvw#G4fhYS-&AN=r7%w(JxLKp0U)Gud;MBJbtQ<;J3r%{%Ox1RqbgAJJcT~9JL`pZ+DV( z+Nmy77hkko>HzpNa`W>(>6!RI6fvo&0yR8z8>)a#naG%YGgUqxvmPa}lB8@TZ0c<0 zD#H#d4l9mqPBP9k&N$b0H%|BU551%~RF5j4N)%yx8S1#J!JCddBqljj{(m=yR6bn4 z(aBDs-;x!mL7R@#RLQ@wgX&QEtPihuKIyXR78fvv%EJV742mu`rVF610zbuq4)rm}(BUj$86tDWOcViLo-!LK9OPVh8lD(0IAats$K#qAg zd$$mkQg!=5`*F$`m9Z-ROy{@Jo&SB~L)-&Gp^p(ySSPfpJdxvao7(RNPc*394Z^qbW}E#LmM*oV{Y)Py!qDr0EkC$r>($e z!4*`%Ko6gNKl=scqZWY7G%a~8B`sAT%kL;k0D?b$IRgbSB>)J00dq#hTFzRX#CStj z8Y7QG?jmW&0>W4>dtt!L*B?|UO_iR?z~ds7^=Yk|qt;TJTzUg6+5ikmK2q4e&q>dz z$VJBd`S7RaPYa0-{x$h){nzKO@86KWX++dqm&#^5nGW{niaqRoEZ>?`*1FynTyJeE zlS!TKm^FCpC$DBwSqf}1T2#g?NA&%?3NdLagBLz+JCi@Jv1qmU9H-lHT{()oA9+gon6pRnVHP-#>R@9p>}K%=6j>jic* zo^u`x-OJUhzNoJ0Er$cG`BWcHMU)PpnQp0_~l9 z{rSf1CK(Fly7$HREsqUPG0!>AU;kA6qeHF<=DIeOMjMDaM4h`Y=EUb|m)X}#Fs?Wh zYzl4aGwU={uPh)!1V&UUoys&%>Wgw#?IhMRP35aYe-w9kkq=`jccW5R_ledQO6>+D zGx|jOD~{sA^$(JOt>#_L-GaRu2&-Bgy#u7qiNMBG*dOs_s+2)7aD6%Wvf5 z5tz`TK24X;r4!eNOC|3UCxwFFq)jDHTPcbIEH;9U7U8tWhZ#URpfrg#%LT^_jH=}?D-J6eD{ZSft68h9s0YoLMxnOK2-@qthgL}H<{o9L zoK#(>`QS;dKR3M4zD&HVz6!WCLCz%k5&N7z6*t{H7r0yo!LpXayo;X%-)u<15nD^& zcTjyf{Q!jaz(v~q01?fgBd9nkiTXsPpyiWwjjE(-nYT;_)5-KQqm$0qi@|S>mJD>y z=gD$lSB55s;h6gZEAfG!#Qy}mR2pz=HT-YV!IIo&sM%iXdH(DX0;A6*LK2(F28OMJP-wMXQ7x14Om`XM+%$i<*r_i<$j6 zn>3p-n}-G!;@K{=esJdKpcx>9W&grg5ek`_c<6L~LQ9!TMaxFZpDTP3Y%iWGL8}Dn zxn{0u?)zNxe{FDX2S3X1Ve=8NFB0aH=hImb5_d^wNq@;;DH*&PwJ63j5m};Hq1mIkh}=a1q99SQC=x9i0-j$)d1(2fn&s-{ zdI))Hu4p57r?+B)gpL{9Y?l?U6`vK~mDrU*w4Z3Buw->sbyqD`qk!km#E8mT%||O( zEnF>LZCGtwZC-5`r=w+vv!FenFK$PLQ-`=q+$|mwk3hrMeBFBe?Rw67>3SK8J}TCm z*W1tr)`!#2wBDOt%$8pV7hgMI7j1-4utTWcH8$Y_pSD=_icbnvE8?WREamx=Dx(EK_Vew zKN}(*g$IdBKc&Ai04))-;H^499i)D%j#I~@bmRkCqB>t)pe{b+oasVVS?|mU)k@Z9 zwr5UfUT1-*xGFenMiAfg-1}1ZGVn6vGV?O)vi`FBvKzeh4ggCtFPY0s6mhL2F0rLHl_>d_Vlaeb7bb zGX&w{t|$Aau&2nU$Y+;ltjn5I+=UI%K`+9*tE0XlM3~H^Ge1~;)||CNX-XpM0m^ud zh_L&kfTw7@apE-!cPv5V>@wL89i+Y~qyN!C0-@ypDj`ib3$&2LumVWPYc6aqX72q$ z(N>gP3-r*hPfvrpF&hI!23nN9WCHKj4II@X(d+1+hgoiumhi9p-u#xXa;d-;ij{+UVVDIBiXTJ)cXj-)^_q=8UOuged*M z+!VTCxYjKl1p!)|I!c}Q3{yjk3ZK+pYW@c%b^sMd_tK+GEao?x6Stl&IhSVZ`7ie0H>OFT7-?R9mItx*ZDW@2*!lm zhd;(V!D-Q=!l=l(0@Zi2yW=4hHK&7YOzXOvr0MeKP3CjJGb|ws>Mh7xny@tZtY)rj z!xQz9MabVN929}b%ekC?zwkml&EY1OY#VQd?aN)Ow&H@FdL*~&A2C|Bs8F^__+tac zz8w`xy&W?nE-w;+uV@*B zviAN`jjcw7v*MfL=Z?vq|K8Ak^nU7osWMSndK`7qe`>6Lb5VFXc%=_Lo{XEqdz1U( zN3SPbel8Uvh5ukf1&!NH3{4D84G3%2(`EMC1v}sOjX)sphtc1vu0Rb&JCes`D0L4; zY8sA#HWjp{BmHz+@sj1Ca4D^+06Lw?`40x2h)J5lx1Q-;`%W;6(l0W{t*Y%GiqHFD z%6Ct%|NZfR4H$z?ls^^7L@?Q?C$1a&!T$&>f%WW&Fn`V(`GBwmzopov4$%iuwWwO2 zx7`iyn?_`_hj#(eB6>9*__{yc&$y23O}-IuXY_<#!h*T3#W$j;m2Ti@h}J@kMqUN?nj2=$L{ccI4UkZkMdPUCpqdqkb(r0smi7NC9pmWC_i4I#6(iI<-GNC=R34_ z0!YB;73Ie`A*GngkKmUIqeX=)HIjzCc2)d2_ZohUDdk6{)4_BMV>+gVy|!VgV5wl! zUgjVRljYq0dRowa z!oR)Ay=l1pa##E``s_<4yN|Gx$U~Y?KI1NPP1pjV=(mDmZ7{;6saj9E)vs=H$?~a- z4>(TQO>4@_cdefhSn{EKs30l@%TN^KiW(CCNf*Aepk2^8J1i`k4__>T8=E8kCJmH1 zZ0n);rC+J7^gS$8d8=YniK=0>raJ7x@zUt(+kMmh@RRFv%s(FBTBE#??aDxGxMJLn zA1oN2F`0>-$%0klGy6$szofBjj^qP)_>lOHg-x$TO1hAq3*2m#S;}L!I~9J4j|V2o zV8GuZPk&(NiMw#Ta)Nq!JYUlx}q>j3DhEvy-(mu-^y$;;^HXqXtz0SfGMWTdoXA@$hZg-3VB^BcEa6 zdQjdx=ZOk_IE3l#gidqrD_v_{*uh(+PN3)fxjBS%v%y|C0(M~X1UK`@aVn_wOHn;H z2r{WRm+{wDkETz-&sa?(C~xX5C07S84gLxyG=!g1SYQ%ZCO+j;uv_P8lrg?X{6} z!LZ~~9>1%}M(i>9Y1&M{RY%`8-1gkVihp_Al5(d9CI%;U=6#l|5Gi)wtOX+B+ky2# z#^INvh9gw6s(R1sE_FzCjUDAK=o1Xh6weedST30Z8eq7RxstzOFLl})-L_PO?s1Qe zPRrE}>Nto9WQ7Y%aMk(2j zQdS>wuR;k@RhM!Th6%%k5i)1FK7oulQLgY&zS5?Q8$^au`Na!G3uOysq5*N|My~YD zmib=SUbo8ZBtqQ;>!tfa<3R_!%ytjKAQOgvq=T==!u8K1u8xLA^8fpkpz|jkp|JS> zWAiPiyP>?UFYpk&nN41_f@)o!G;k|HJ$v+}dLv(~e=v%a&zvtf8*I_LSnIoI~r-6YncMY*1uU4#(g z=hu`gFOxSg(KPA9Hw60X?Lr80)*4H-2hK;`N8PGe2%o?XFs584eI{f1x-;(La=^j* zcOrKqc1!MSNLI|8a$=I%H{$~m7a2!x0voUgu?EfkHf5En{XF=*7+}?!I|Q_hC?}9= zxkC6ydm~HsWy=e~@gWLRQq-qKIi2+0y57T4cAy;TD!QK0AL{_SP?9JM7@42gda@O{ z09#t`1*zUbVJ`zX*kW*$v;%&p{b=y`!aHb5IgW)8HY9=ZO#Uobfe|K8Ud)ol0T=i2 zpj#PoWONky+x5=*AIzc*$`Pyj7gmQI=Dp&jkLiw8kF`(bP7MJW+&}XkbW_}UGjz!4 zq8+lq)k}Iyh6rgT!gcmo3xM-pzxHiy1dhw-hU-Q(KrL~bU4YrWm$hu!B305UAKrem zld?0kAEhigj6X~|N;=9vjz>j$@9C@4I<+&Z1RE~mFFhdMmvQTfe-iQ(_pAYpKp!%A z9G3=m+x9fBzu)GN)xlv$hX_XLQ4X~AOe&Ch!y>cYiW@{^JShic34A6hCaeBii1ol) z@ODviIcc?bO>4arBof7vVrc?eA{Yl6b}Y#vfHKvt^R#O#7%~nIx=%IFo`emaLphL3 z;h?fS^}m1(iigWVYyP{4{OVE;TVcE3cL}|x?HNI}Vl8p3+#fv1CCczalcTqwhi*9< zK6b_eUaoRbWvRJ{I9OanUFuzaxN*KueQ11Wd3yiU``_{1aC{r~9nYL+Kh*&%QD@d| zVF1F1xvQgMOYzS&Uz7oN>~WOlpmYmGg!b);jXLRqdy{ul4!nKtz4N2%V;AXFyD{e@ zn1-(?J2sM+Hf zmLpBddaX)^tduTgHKqTj`OhG-;UE4YxaueVBCc4gS*u<51ZYPG zmUovtQl6`DRDd&br+AmM-=O@YOhve?`q1yN`#(IOKdIBabid*}nm@WfdOdnShC=nz zfv|M>P}*!BJ2crW7)H5z&U~22P2{~&xAIe524?BHjS*B{eghv0R~E5lxn+eP>)wml zgIxT+J2LjANBIDt)dH^LdL4T61(o^HPhZJJ*PiQHGGDEi+JNr#qwF)>qNsEHdre9U z1r#vEttl-KAEb=Oj(-v-u0^laz%w#Nl|n22Pd5BbyM4>U@WV=w$GDyTIK`w0qBNP>lE*m0 zxTr&M*NdfJZ=?QYq0yqa6v4e=n7UA)a2)p%RLwNcw65C2R&ymVV*H_&jV2HpL2yA~ zyYpi&XfJs`6EU22W!aI}QNg9wWhF#=n+T-QfYN}jCr8HFir#v!;-1G{8Q#WfXndkH zVBB>vVeBiOH_ZCb$uOY#YN2#oD{vP0&Ax{L+BHA4sJ}EMYFO_b?|)KODZ36Mi8+P{b}Nk0Sg>JNV5yJ0Du57-#&09! z84T_~rFyT2D$Vx~(U11v^2RLU{u&|Tu-?Ch=`^~GP2p8d1Wi=)eFWjCaEzI0nyZ^@ zU20y1E<9R|IDNxv!&=$_P=1xtSZPc&?$kqwM1l9`qWIe4!SB)bN%N`j?>7yNx?jUo z0IZSPaUUc;gMoR9n@q+mZ3Sel7Y;`Tf|m^oTB5h2Fj0gk0z6_p;_x;5weGdP_1D^XFB&puWlp0A*LB;F6>AM-TnYh^~vy=h+it^!N0-4zAk$>3^P^2T# zl6&|G(pztj-h)KL=-BMoT;+4xa+V4*8$xFTl7I^h#0Om9vxVM--+aD}zVp840C%JF z5DlfFp@&hRA%8siKfjQU=>O`R_#t+bckOmzV-3Aby+M*i=T|3$Him?j^PJOB?32Gb z8SX^Le5lM@-uWl^Pbg4wzdA9rH7OIyg$_WGLKJyk7u*u-*|r&o_hEdH+lfJSS&i zm9P#mqgUW$?_7*q%o91RT8UHE{MRzpJ%AaEhtP2LMzb_#vv9KxgST}%YP)QE02LFT zb_Zc~w*Y{a3nP zAdTRQ6Z=6A@gk7l&mHGZ>P%@*Ie@XJY4-EH33%JOml8zpmMvDZA(#@r;Ue|hdL<9v zZiFjW3wfBIr|(W1)tTzvv#fK?%b08L+sZqqN6ggNUu~2&wt}}*13;f1Y$jU^0>yN+ zFJoZIAG3q3wJu_a`T|pd2gDRz=Uo6}Dp>lCoJ9EAhqd~3$MtALWCk}};YWIHT46nW zwdIFxBYekbFLp2WF#a_8bX461eyFw!@KgTIyA8f`#&X+$jp|pMuw_0T;q*i#>G%4`2>+kAKQ{le}Jr>py`jqVgApol5|I^q#4=Qo_c3+0Ke zEQju7>qKsCfJ<}3~@=|ic=ZaIDx z0(@dqtQ5gO(YUW=tqrc51Dra#;k@x333rE0S5&@)Arzwl8>mn*favrHFrU$IAHVH& z9+)cQls~{_oUd|Ly(1*Kr}1iI^~Zm8tKrP1Tx4GKkW;?=ifNN}9e!gErS(3zw;tdC zih9UI>5tiS>~lJa6moyH5Z%$3UoDg+mhsv*)_^4l(oc{c7cBK;$ZqTU7R^nWtIml5?Mn+Dq=$ z@Qoj0)lT-)oZcrw4fGj?nyKVVt|Ft*6m{~n z@xPiVS0)4b)2@lw$brxY&sij0vA^j+y#>00SoeUA!eH?hZ> z_gcR+QW_=m+4kHH*%<&9D)_+oAmxQ2DE;UQeBW2dTV?_e$_6GH+s6r|M6_{`+L(7JTPj*nic zUTFh#T@S@l!SMAxLGR*^mbRa}Uvl)FSo5eNF+#y6)ale&=V|B77$BY4{1O00u>P%k z^W#<@Bw=|Ve+hUBcq)62en!7q;S?H~R91smJZ?0Ri>$2SjPZ=|yz?R#=%nt=tfQ>6 z$g|%2=KFp^HeQ8~chU_^DpL)3fgLJbJfZ*6HEsw-$~2$|Z6`hDV0*y!@S)q#y*8@;0;3AEa z)?(%DAteG^Y1@?tUqJMbt*k?|C--mwbQ_@!5;p&oF2^~oKzPXCIs=TT}8YKpa z6y589>n|Xz9k{c@F7old`=RXdWlS}aq0{iI@mJ$m%)Y167FHQ~ius;J71Ox_(;4U4 zIAO%xXOw0bh^)aik-Jj58n+fDafF;z%*HE-S;fklw-UF0K%Xskf9NplDDfou zVWNL1cxokj)0|&eieCTv3dk-vHWtkR$Ie8k(`vHp z^v;aWVy_17hXD!rRY#doR#eRYVeCAds%p11Pn4Vl$sk#foO1>N$vHbqod%y2m&w2tC+xM!!puZTKZo2{d zA?*?CcLn3#K$98&i4O7kz5Q!yp=UG?11*;LzlvQ@urvK_u%PBrbMQJuTh2TxdY zH67|4xtw|Nsj6NV-|5mu31xjbK(A#ee(ZLvDUVBQ@y9M3HacTgP!~$Y$7Co7s*TxH z$W+Lp%ZbOCfi#pw0Bg1vifQW{d%9uMiwY0j!BYCI_R(i!1>?FCk&{{< zGCpQ~EaCo3l$c={S-jPSfvnHovxBF<+|Dh}pMb&_U3=WA5Ctz3_xTMK4X3?pe%Cdc zJKlhsoc7H98Os^lIWffX$>K|5!=sl&SIs2xYszb?+l9LdyLo7B(hhTuo}SrVI9_D) zv^ZQoCB?h=y5q+GrtA+Bu7Ob0>pW0DrZZkQ`E06k+GW{K60zonA+N<|J3NxuZ))3> z2ZcYQ4s&ke?-&hb1x6@Yp%4+WgHR~E=uzu=40$Px?TlStalaokarj^y!A#*pu|q|? z@cP4k!@;Dcz8+N>jbzJKHrmEETkgHidpG(|(VeAaJcRa41+jZFV16jMm;brmvgsHe z&Log{Z_Kn=Ny`#3p9%ZLb0KD-UAmQ3{HV&5W3E`ZZ^Hm%Le7R%|&dCO&_ zc!^^GG(|yZ>hJ(g~)*os=9z&70 z`00bAjPFrBXQT14C%0M2iTsJ?N%KiF7-#sE3+Ijh_48{|TX3j!WbV(QD(*D@{b=Qd z!k(yGV1`~-KI0;)m}e@aC%h-BN8}e|^yKxF_B;b)^AO!a`cnGZ@m=Vm=`|;J!d1*X zhhy-B`pYw@!bPO!UCO)Ecj>STT1In5OGeA#6DVV3PESJ3&sYs_gZjxAp) z_O@9fq=}(nA!-jt7zEA}zOV;Er0jtx@^;eT4`hmYI}0sKm233yW8Q@&IFQ~4aDFQ#5ji|hae z%5d6*sJn;L!PAjc>~xtZ5eBf5rQ|qj73obLz!xwEKsTdHai8(0LZ$4*{29^os$`}d z#z6B-%gkFTTYxO(StXz@WjF&OYd~!_j0%_X2DImNDFdE13#L~u_yT_O?yv+(=byn8 zD5o0do5+Zhl`;mj;0oxXO|?XBU{5`!91$J_FNAQi#^ObuMx|333xx|sR54Y)(9LzA zNcNE~mx3?l2csZa$|lHJ%!N(R0E-~uWBSKjkwHM3p6607TL+OjP`FgGRK8R})hxBc z9_Uq%RhTUxLOTy}6^0?A6)OZ@4?`Rw}B9oB#s<;^S{ z0b2V8q*mro?oi=Sk-7(FYsjo-gkN0HVH@@8NbX1;Zl@W>l(t89`1d;)pD+YD^=V@E$Fm8 zhnvr3;$^CoQ}B$`lxp|{Eq{3gH_cdF8r+KBPR6&Mun2r8Ur`l(UnuBR?S1>+5x4Y$ zd8JRqXin;xgB)2mCGtzXIu92^qTdJwTs>NB5rcXWAdP(Pv@w%W z(ML?S36}9d%s+hGBW*cWZs?ed~Q^atFIoRVWZ42@c+}-GuK&KeI0^ZY)5=`QV5> zhtpF&RXO7@8$0`SHhwWlk|;^tOhB&hb?A1jc;hDaBl#%dvcDPcxa_b1))MjuQit;2 ztBlLc`pl-zX?_Y=_Lh{a8*D$>i4?{Bi9$Xfc2!RfjLzc0grS1rjNzBVEhFU|VWu2m zt)%9@z<*nAJQ8s^ePm+UvRil3LlsRk+)+ zZ*U;{LqlX=5{;dG(um7w7@qz1aNpox{*ecf6!K>@z6O1b-^%)yx!t;R?~E0Jp^!(n z|7y^FtOPtQf7*M_1TI_R#}3G>h_(asa%0khO z#$lG&bLUb8?;B=I;bizN6iUx8@6Yn^kTSo$+|k(y|LKeiRqm0;HBX1UkTa$~4l-se zRLG&J(dz5M5W$@h{J~`4l+}#oY~E~vl=hW1U;gpga`kfcm+W1| z;}p_RoG#Pv)PB>D-WRe*96l6I70x=(=28W-CG=^YbHQ_|^C9!COYSIY*%2BF*+S{a zlMlAjMl%Jorn3)c-6;2E$pYl`ZDCQ{c*zE$4Nc@ho zdlmbXChKRqH}iKaSUbJGju90(>Ow|O2j;Btc*vR0K3;sjY_k@+*1l09K40nmI)j@r%q`Mdc0F%z|tJo;xEa;wK9q8sEx}g zZQbOH=~oxj8Ct)b#UnvYNFNFxel?;x6}y_T^=kVi#BSF^Ha+n|T2E|GYoD5w=;JjI zHt=G&24k-R8kQOY=j6#Ax0`63^rbSUVrT5Q$lVq)7Q;RoiqyMh=jG?Cq){h@XMFS~b1 z@7mwJeXj{AGXz>@+E^N&gyv-UWZQ?9DJ=|?L#GO+${;)XPX|KndN}Jkn=xAgHPLG> zm{H9riZh?HIHtnD^H-PhmpV*^dRGNk&FF{jT}NLhTql#p^^(z?;Z03Q8@fLd zJob1pcq!(<=_p(LBiB49ibC3^J?4TQV&a^-kcx$9=sTHdla1mXOYA;7e#umIWJJBYVez2s8ZwBA2*$?g<{7&g$N4V8jUO+* z1OU6Yk>W6JOg zN&QyB_dIw!xnwd{T%}$ELdyv$q7+q5NERamJA`D!JgU7~KziwbdgXXniZL{rgT{j< zgQf&e-ouK|^qtjc)MzyR-;dr0iRQRm01qbLeo*+J$oS$7T`+peh8MeOx@D$j_T}8Y zIVBDd(V$P8(wn!Kw-keF<^%qXs;T?*=2O>_&9cd|*Rqeaf|qL~>1%&OYaXseZMFlS zX^>qOLVB6u)|=f9QVlf42%A0gpIS6rk%v)7$+*;XoyGC=%KfVQ_3GD~a~WDA56rB? zF5+;?ak?_lKaxgm@3Biz+xhEzHX5ms1@QXHeP=T z`4)gzvi}*Np(g(|d1#cchUMO=jC#(+%{45)_?+;?>d03VPs<8PGBOQ9Qs09<{h^d$ zn|D5=4)|P{j|Gi|jcZdTj1yTnnu%oNmJgaA{2&yU0riUo5Aj1I?Y<#2;JE3u>5S>D z=>ml1mXtFGk^4;jY}T9+*GckRKA#}Lc?$sx*$dfhvFxPfyy&s$y%@Y0u^6*hfS$c{ zv4-=YfcE*#ry7w`v>dV=Mzt+>N!#CimQhU-we^zq()H&X8Q&VV3->i>Vw--xLMkBibW5BX8bi(ah+KT9cDt_TKh=)0h@3 zMLq7og0a?dtMN>V3wHe3cs0&Ux(MS8C({uJmwrfNhAN)cnRcPF2)>J+HJWXitDje# z*WvMsf~u7?pEIBL@5~}jELMxA@C*IfODlX-1P6_Qo!`p6Y6fZ>g;V4kOuq_OW5trV ztl6*GuN!SRqF>9#=1T=0mKNo*8M0ZtSwgj7qoYb$;4E1MvKtP-QvS^oM&T>6QWLfd zw<~rmrPzu4j{8n0V2k-~G01B5UiJ6z?@>fBzr|V02E;e|=Tqi`$fM%pr^oTf3CBst z>Bn8i-SCPn@urMmGU#NR6!NR~Jn=l~LhiyC4A}l6=A!&E?6UQ;?aCTN*7G{xhe*Soi_-=N=kz-3Sw zS0l|4vysk`x3ui{um!Cr4!mN#dAt)jP6ESi%Lm&Ju|_fSNK6Q=L4zP_QsQR25~?{QnY zx2}35d+j14;~^yQ>y*QOR_H75d)==;WRI`x>ruP$7l^@JrXF$t2TvzWXUsUvII`}@ zpO>Al;z@8@jOH~dSu96Dp1IVq+_2WQQM+6CUFXo^$ok0Rm-e|i0i=G{G1vKG+_jt# zyUkCcBRmnx2J`VhNt-kMXexOkDf#Ta=YZ{L>#^o>18EI>(rQBVfa*m1RM%|c$H&XM z#5$<#Mg0QZ3lXAwltsEwZ*HF}=36@bdi|zDzC-><#tdO(SHQ=%7!AS6By8e7Y4VY* zshrt7%%_YIcX1pE8>GUt~8cYMSoKnKuFBdPXtdt;lOMsT{LXA zj#d}v4>9+3u4cX)WY&M70D+<{qCBJJ=gW;N_A9Q$CzUZAnX}uiSgTss+G^T*MK@N4 zc}^gbB40#BYIJ5qqY^Ih?1vADD>;X`huy~tV%G7Q@0s6O@GrAp56>gcTNs%%;GKxq zZ!(QX1N_W#d{V5qf~{{`Zo5SkQ%#5v_48o=l@qea&yD7a=IcMQ?a&n>dIB+5HesOf z!8k8-wq#xx^e$no@@pm{PbaQ@*8^|yISk)16i3SNS#O%SXWP$3GXZ%ad@Js%Q%1&H z2=8kch#T?2kVa{|X!0H!mTrhm&2yIX$tXJvsTWfHM&nZW(v#(c6}8nWN%oo%N{T1z zweY&i*b7;Gao%$J_HesqPX%sGF}9DH`>h0xHy>3V`=5rL=A3qk1X_NUFXrOU62{OO zch~wSL^PRD62c}^$U{i_X?q@i%Tn4z2ov(f(|kga9F_zqdq(I~s^@A6A%F1c!r~Qzh$;SrAp0^RdxoVV!u=nb-!Jis7?Z0OI)H!)6zJFmt+MwN}>a_M; z*u33GnT?9Cj^85>v|zYD`cZaXcqRRC!g{I}EVp0nCjM{~k3pV&RUwp)Rc)bZS#2e8 zC*UCUN5(mf4LKonPez=WLWR)Y`@L0t+WmzCt%EXyGQ+jw-qS{(OjcYasq6V)0(YDb z<2jzQ&LYpBUEI68f0cUGdQ&F;?Tj7@Ldc@iLF^^}nxYUgW^h$@+jM8~?|)b*1Y_&r z+ne57*jw3ONy|+7C_+uSL50ElL&}(;yclU2>3U~1W;L#Z$F1jNBFx81P&os%Ivw*y zXmQFou^h<`iv5_o6a?C(x~z${bK-K<%A?g65?P6y#E_i7cG1IN-EqAXHB8GF4cM)5 z+g?=kj_PjXZsVTGo-aD=$0)Ib_yB4S%TEnKlFTjwF3rfQ3%rTEiMvSz6)L^0zcacs z7k>kLA$Zggf|u;L`?$w=z<3zz(5Q*h$$Gll3@Q^Nf%t`{Mf*jMk7+DGotA@uom)2o zwmNqczdP(l|Fj~$O76yk^1PA83MvS}Gy0NBaV|6FqiIFk>@#38kUkomGheOA&X@nGd^W3DK43;xJw>L^fw-DhwP;9q%(@w9~p2- zd!G27K0J+P{_r~!p(QKUwDuP%Vh@gQXQ}v<1&(t#Dhq+{6c=A_+p*YHJINDQDzXAY zx2h1(>-x@hG;e@^X}vtVOTY(<6rh+K0lkYX4==@!yTyv-~DTJl6wIkjRa=101!mBnqC0 zo_jl=wDxvKX~*b$(|HnJ;_6p={K&l5{KFGAOqq7G?wi4XPaFUBvM*8RMSnE^goz)& zzYu^&j@yl^`0@LXTF&GXEcf67WI#*s6Jm*Is2gt@Z=F^C*nL=VT5^#r&L!7vqB)?3 z;5US=$XL{L*u27`7JS!$qa=K|8^v%yIl)gZdJLbFWcO9GsoDMpF7GCNCR;Av^$jGz^zP#&Qy_#Y>+Hc5TlMgUy z$2I$c{35*(-*-i$o}-cP&EGqZtBMmUkfirnXsgu#bGy7AU2Q{42EaZnGPNdwe- zI$H!ZZYk!Q&Fd~CBZ4cyEhvYTKW@ECiAzZ=)XV9x9haXh$E-R_+$42tu4~zA4I8N& z8C$+M>9%imY`x}1Ov6j43!#K9%l~K?Zht&&hnC=AAd-Z3QTQ?OgOi$YTETiB*mW?I7s+tQY{-^! z5Uoju3Wqv|I);rwgtJDTbFY`;f^R!&HyVyDnFjs7+k0OI=f6A=Q${5VkrU0p6f_o$ zPb7Ql@z)dD6VE4Y(W->w+#qgKo_}~br7>m4n%N)ZD1AC}IuEY~(XHXttjBEpZ0=mf zT&Bn~q5Q;wTYP#LxxGI{^9&imJh5WzZr}{H;sh1zF&l%TBeu zK4*p=Wk@;Uyji-YvZe-8MPxr4i)@vR%8gc@#RuY`zMaaK+l&-Bbf=Am*LY9o-{(_{ zyW0-a_LPJ4gJMWEen0$Sw-mtTj)uYg`pB3{hw0&dlFBiXdCCg|>W>rlnI9N`-mjW- zbDUO^FH+D8c3$dYdl?{(_*a!Y@oM5T4=={+#``Ar=IKr9O~p;^O(#8vyg2p?9(Cw^j`@TIgKDTmijWD=z-l^DgtR!9A<^ zzHER={G_C`GE`j69CkA7HtliIP*|~8dA#C9WSIME@@mFv`)apDivzl2EpYAWTIX69 z)B+idGRk*scD!KlKRZ=2w(2-E%Eb{#PVnq)67LK8q6EPcPJ2RcG_K2XD5akFKc{1n2c^-X z2n-&!9WHxk_RgI}=cD&dc)=HOzWGeFO|*Sb`k)L(6Y!ySx?nba_QmYW+4?!FdA(1j z%l?obLRPx)ZqoUpyVWJ)D?e@64ERdX6%STW>Aw`vZ`fXyU%TA6bDtM8Y8r_+%0G|) z3I8WXq}%gjeoYgx5|2UE38$%~k1`*-CE=TX;EWnA!kA2eo6y&1P0w-iBiZ2Im^>hjoi(|9UV`uzTelo3c(_=hM0lw)U{SX)FR zqO6{+;WH8ICAgIdmJ>l#41Mfjvy_R?vB@7})K_C+{H?_9qUQ@Y)(rw=m7$W4+r+ zo@4!|25z&~RZCu_H_!r}tjDgmZ^&)LZPb2K!VX0b{)iQ$peD8wZ+=7`s~m?Pmmk+0 zzdg}8iRJJr=b+LjRZr#C^p@U6S#a<3oejoCHu0PMcF0d)Mp?mKM#fTb<5o%TeSj9R zZPZr03lL#wV0CmKS784+n@{OW2FqQXxb>e^w+*-B4ifoLTuvXJXpIZM5sgD!W0VSaC8)5={)Yu=q;cFFYbNO=S7N{ zYrh*0mdMyNA8b@s%|$-HSiX+-i$sjEj(i&dYuvcJTi2i_!a|x)bS>{*&Fns)h?@3swsu3#AKX zcn}!#T`*65&DiQdg8O>U?|T^&)3YBQpe-IpzE`Q3_4?gJ%E;95SBmFYA=j!a-i?X9 ziL^w>?HTM`2i-p;yBxZ(eRDbsPoP*ZWn;lT-*K~y7-a9q>f&0Px5fB#A4hvX@#~#J~3OUz3 zFJ2l3yP4k|PP0$*u9C0yZZ*UOxHI2>Crs89)@m?(`ppLHMqEb1@eHApB;q09 zUFmqkgxbV?45a-gwb6g2!B+A8nEkO}$$GhJxq1~pb2>N}9Fi7E2hx;#$hMxYRm1Fa zfzMIM8sQ1t0b_c%w{WXNcOrMo4^$4ae|jDoohhH`o-3X=KzG)KpsvWCFZ?>;*5lSo zoKbqU_~{}!TbckOm3z#4@_Wj9DthW5TC4Z!;hXEz8$xGQ!%wb5UzO6A-B$}y&$Hi` zP?H)~X7Y4cE(6H}IRhf)Uz{2D5r`7?Y>>G8$_cdjqT0bliOWF=LE7AGRVKrL>9MNja`P^GQdj0Y2ig za59I=oy?W4Y3{>HdPXnZgeOTk>$pf%k3@OGA+i8LvzavzPcIfXs$7BASfqNe15Tx{ z7SXh~^D2-!AJd~1v4$vIs1U76X>iO~-`N5LIO0O!#v(#I0=zzk;02O{{^cGBX40n= zMy4|A<)>Fj4y=}}>Fz?nUyERa%b?H?UXG@ckscIFJ3MPTJnxl6csn^OuaF|B)0sbl zv*W!QN=3nH%U#W*>R6w#Gp0}XN2X9DsRD>LS##wZuUdP7P@#LRn=IuV(QY3HixlvD zXUYxKDS9*YOUjlyksQ%miA2GeezPP`$8lR1AwcMM3f8Z!JRkBq3Oo0hm6h1uKiDw> z(f8ab+^J>_S-;b`(@wwt1mbGhZrg6xo*JdG_h|1WMx%1yL%)~q-$%A?y`RDI?%shi zPKuV4HR8C$CO5Pw%r3wd3t{JuNs>I@6_{2&93FJF7W+ z4Sy)`R|N=h68N?KoWlJ#i@tKgRF z_8X-eof|inXbCszH|00w(k8?kEB3-Q!ZlFPW%PU0~XV`sI9iH zb>njAv#&(jLiBMPQ2{iWa)Q%4DY)YF750SC&7bh34|ik83FxWAeN%_m@j z_~2Dc=}TjTebv|5ua8RG3~h)nX}K-DkajcyqW@|&(W%We0Z*yCp=U$YB(1fSi!BRK)9J#aQG3$t_^jZ8hfKSEF2FKt1B62$RG!!WQsyyx`R+ z1n!nu4_c4GnA&`!md?&|JBg)L5jS)>J9baXehdAOO^B{}l<$Q+Q64Bm~1ZG2|164n2envxF);Y91%mg&=f)MJ>@b!dY*XSfb zOfWe~!E?5jF)SQDx5=+0_}m5zUuoFl=tv(x-K%J(4Mn!MD%W;w@zbw!0o7X>zuazO zZZd8%Z?bOcPz_m#pp>KF^uB9L^&5&0eZjFOzu$5&WGHXAanudK!D6a<)^#pswexf6 zcimsL*UmQqcR_eJd;bCOvJe~zC(s_OeWx}q3st6R(Q?UdBX#rPmo7rzTXqU}y>aL+ zJcu~^Dzmjqf_CX3?ugO*+{bRB>QfawgqWp9#_A@dD^^6qTCF;+RzZjClITeE*LBzR z*7c>w=97)5Bpus*F5cAs5`!^I($_qMcxK;hzBzmg-O=39#Ywap--4E!7=58$0M8${I5RgtN*x%p)+52OdsZlTbw)jvyT1Qyw5>{q3r4l zhOUbM%Va%({na+EWNiMfgw$Ont)DPid z+EO*fQ}Gg8Ng!`eB9$U3qSI0Zh-}$-u#rP_W5-7KraGx1HCsjB?tL@eb|R%b^LxsE z3vWp@??&B^${(GqjfzhSu~u`qX#$>keW!TGu0We#G-N*%1>enbL}o2*J_Kz4m{J73-tk&N7b+661$#>*Y=zB?hUmK58zm*P0h`q&GaoB8Y*i} zkh)zTvYG8r117R+2t9~9sQ=-1lyX$Znl$0W_r&icf{{k?>R5^uJN)DpP!=5epAKXVYAvg8 zMxO;<=gY{H^O@!M==P@ez3Ep4(8?LKN5zsh)Bp`XYeb&7aYMpzouL>skH2J3>pJy% zT76m@wo1rMJeF#m*r_Ga{AkR(Aq(t5>&yqNTFD;6R=<+g3%vzBg(rj4V73I61+7h!LOv zHOLOiP{?YulZErmg837_PzZFc%^0?#vNN6Tb$^g*q$m}=w9fO788H# z{@YuGD8!%JZUX$;L9i1#gwEc!{!DE=Wv4`asfe^M^V4j8C z`2VJVk{4{}ELN(;)r}2cMs1&FpAj)F8q>0K59S|#_WC0CHJIo{=k2x~^iIb`gwqCKlMw}l($i817541!R8$6gdSU(grVmlH{ z=!-S?OTlQ<#6tuOv6CeqG+09Va9UVR+fEl^Oc+0tPsh@YS)k5>IiR{Nj3eL0Sg86b zH1~d=o_(ssyr`QgHB_Y5uavIEqp7WD8g=??_4yI71&#Js)31-ezWmzo_0?9=H;r!r z-!hPy1c3!~?B2&CAdjr1M8bn}_KOa54!nK@qunVyszpHZ^f>1<|14BoS3(|c1Pjx- zd32j4F4Z;ofLz$0xAl1snM^#HDiSyQyV-||R|?{jX0yggYbIFZ%dIe2Gv-F@5M=HT zU1%qs%sp82`&hALzEZzlw^7Vx=Dh2_Uxz3v>rnYblh^S1%?q)WweD*f?HqeMUNo&X zZLrw3?)63Hi#KV0Ees6yyy0PcDF``bXz}Zg+Kz*dOHZGkXI;o4)8t*17p#XH_Upu> z%6i&vRb3JxiH0yxCI%bI3cL*u1goAls8U`-fs+=K?byX?Kxb;6kNQ-y(v0&}`hM8Y zF5;PA97_>kmS{@+iO!x*#@x)^EYYI=fnX`b3aP!1!11d`g2yXnUDg)TX{IXB6G?&&u#MWMGFf5GG4m;nt$Z&A~xGu87QC`n8?r*b}p zt+euzHA(KT*{v@i)qT|5`HBR49yUbm@ttS1CB$_9A8NT_BX7}As5r%bqcDijHm z0fzz4fsCOz^lkTs+dwL0MjF`)$)KhRAA2GeJqmjzE-FWnbDFz&(vufA}GsYpO zsSZLKG-qDV%Fo%s*Rw=7RJYK)*eJFBvi|t`lY`U?G;_sZ#cZXH48i&}ZQ73J^|lR1 zCU-rI?KHl4;q>YDH3XX)cQn=6;5ZMr9hlTzceOAKOW9M}^TT5}dM|6Q4AZQ3l-3Tg z?($IX%5y_m9z@ZSSYZB}FSQV}Wy&r-EJ2xLz-FixUl;|fld9p~RpZp0a+)eVc!JKe z&hyXf&)+bpXkD6L)?U7ZX6ylz_C8;S8IF^-x2|`7cZp&!r>kJnmKD-N%Qf3IzYQ%+1ueJZ=q1v& zi+0@)~Q(SIzusPC!mR$^`;US>{ zLF`dAC!;@TLpT-3(iZeKrqijAbA4tjq4EVXZ2B(fFR2s4;I`r>(U9m%%&CSoKdN@! zfFZHM#}qiK8MapHYidFCbR zYuH)ZU8zAOFTbw13BJ`5MHY|w(Hna60plxs+XuV{ec=<14+2R|)1FI?+3mrWQy}1yn z%c&L#ghcVQH12sY6#@;+cEjv5r)8fS|3z_4;3K5-a2EsQVRVO#(;Z_vgDdO@zYpw+KvWR~B(ERz$zoxnuTv7R&P=8^@ zNAT#K02*C@8r|tcBB67N_(;KGAyu?k47Ia#@wpT!sl)pE{*p0Zqb;j{5BRE8B5P*p zHPXRusdUg0?ndZx_;MuJdKS=Q)p9eUWSNzFm^oPCH5#}Q#Fb(J?C1~dn8|*uWA)8y z*J}4_H=v^eK(m&VEMNct=`3-Tcrh=AQ%@wtJcR9%ZUAVxH6==UO$~;u-kRB(`I;4$ zmp*HvmrCebG)tbiwQT0AViBZXtL4CxXUdGka>sCkshcY2kTayLwq3S^s2EnphV9e+G-#eI4RVcLstpiga zN&5q5s9_!l-Une~#{5AlcuvW|^Mg)Moo-YIGCyR0$WeayF4kZfu1P*i6pXC+pQZ46 zMRVk6xV?3U4SWHcF;Yu zL)Y(h7IRj0)(wAO>6a=(M`IRKDZgH!@JYK!r;0A#Fd@lYDljdIqCHFa!jW)f3b0SE z2B=hFdVF;4dL0H_9|Ka<0OLrO(!Vj{aJFHt6ggaPjZ`#=r-Gf=f zCXr6tnA1Q3j9XI0b4yH1h8Z z=Ms5$#J9(d`Q8uV?i+U2g~)E7^OlIK$9$@UiKKd|M!I&iqG9%B#!sOqc`13hR>qU3 zPCebQ#6Z!G&2{az*|x{_s~z8+j9ryor#y6&c*$wr;=9CgM$7LFS1 zw{>py@5=9L?q2+M{+<8F_YeIvTQ_4aK3^f2B}|pj0(Za}ge0UV6 zq7tL8n$?SOKREJ${XoP(q*z17L*+wNpt>gDy5S?uEK?e#L>8;DTux5WA|xH;L^O_f z<@1jtdpZq7w~VluCJf+fooXZP8LCd;u9KN4YCjtTG(`MQQ6K+L8yLv{jrETC9A%Syol8cZ!YcX3JLc zb`;d2Lf&+78PT<)iVc+RjybdzPcXNTov58?_=wdImQ8l^KxVZ;Wi!N;0V7t+L@_Q8PL6XvB$?mM^0GrqLt_0CtokcUT9@^%!Kr4K$9bFgT*IMYvBO$P*Z+ z;W!-^!p-w$y7q#dR|j3-5%D}VSm3`#l@JY2FJm@mwgMOAI%q^G^9`a@9br1cbM6RH z7gLC(m@CT%#ZL*?LMMyss3j#T1ta>VWo0-p`O6gu$Mre$U$4r5qbIMnN#v#PMmorO zz2psxMBF9TQbEt{) zhTUDmvKj6>vfQ}78>RS`YJDapZ&L%us@GhkxS4FSEx>&=($p z^cADvPiEB+*Js&h)o0yj+m{OO&jgB92`H-aVC7)dV9nqQ%oCM{lqoeF0<~F&CE;cA zdZ=?)`<;gvE5rz6Pernf$VI221D)2B5jcid*HUaPCxTh|zlCn5G9`n-sv(keL+T-A z0S&;CSJw$?o9I%3vm-7P>JYBId3~Sp0yn{!Nt%zGZ-WKs!mAs*7{@O8(Z@onnyR5* ze5|EjQVk?bP{@%2F~3azl<_J1Qw>%7sdmX6#-Qj9p$zz@3jC&p%egMCUJ}+g1yu2h z%SsZ0I5AaR7)cg10nq)@wE#&arE$YZ=sAjsY3Q z_-rZ%%f&n@f4z9UYP}jQg&_psoQ=YbqK)E>5~`G}gszS5&#IsGKbK*SsgKKy<)%HU z-(jnMRB~u;}cm3jYEml3e0Vf)rL>_DFBZ^g@U#k z#c6gYoo2av&lYuF#P`VWao^+jeE?#74&r~bFx7S+7o1q0dUF6nRFNuw{LZp}6w!@%{StxOWV_wLm1H15oQ*NRF5Z9z{+>yr~%G4veqBVA**(@8UrXOm}}VCw5! zbcyUWz4tofmYcv@)%>?Tg?5HmXSk2z&bp+poY&I;!bs#$iFk$$zol~#iD_n|j_(u3 z@{!eePqb2P%x3oR8P(V~n=p43K0LVELrg5 z(NDd@y31OcJq~t7{;RfQ1#9XDmZGvix5uWxc&uP6MATdt3c5T*K|DUL^y4)UYz#TN zlsLG=NDLXe?iV0*ii5gHYKn;v(W0}kgbdTj<)upgSqfaoH0I2d`IZGO=E%6kvgMSO zywxN$*X=weqE)!>=Wr+?8k?TTJi|AO@f5tzYpM6ep71(1Uch9iApv|IskBELC*e=ZpY%W3e{%m6{3-lX^r!eAi+>#cL7-K@ z$7Ulu7212BqP^7X3kHlqq={o?p~$>~ZRI@ja-?D84TNcvF;Ci0cWDO-xtY|)@WGsY5AxO%y<*MvzAY*?bncuCFE(ZP9wUxFU@K(dk0q*NW%z@7 z(m$F2fyEY&U-kF4oUV_@Qqfqbj+-F#@q{F;F=-7&uWt4+z)U;VunG&wB1vz_Wm$2> znL(wTW=%9pjb3}fZ^J)}Xe9z`Pz!FEOm++W5Im&VTbx_MD9X8XLj~D!ttb9SBBig# zRnTE*vqg;%Ar22h7Q-7ZDLt4sOUoHDgnLh5kN9)9QLp&P6=3eFP|m&ny$ReH#ncN1 z4SpY1{Yic4RDE9q1Gsy?=KwmC0r$ZKv6!{F)h*B{D9LwOdaN*MkhE75J>clHP6`M&9QJfEjN1v3?P(ZC*G^f=# zbTwmkn1}l0(M-WiB|($o7$W`j0Je-^{hA{gvPQCR2fXDo=QmdjtfesDwcxzqB7U|D z)r;DT28%``nWO2yG-NfINiBFikpfgxlS+fvvv+p^m7*bO8G#2lOH+H>Rc z+AG#Dn&KZFiXIbXw;3Ob=ZLQQXoRc3{fXu|$i+QDYe;WGW0AK?!d_NM&>ArsdpI7x zUw7yrzPWOO)|8ys?rR7gJpA6hxxFv@ln3g;iQI>yM&8ait@y2mNGv2)%%WZETHChU z@!K^!p1bZukfn>OoJ&iv6Yd*DL8I@*X3$R9J`N52dV;#3#rDou@Iwcr(US<-=n+u1 z7v%$ZozANZU0;R9#jW326O;gTp0hK48(A{CJZDEBo8_d1`QSyyiht=&U{hFJQ2>oXe_#3 z50?(NK#EB9Rir;PHA)9K7jn}NQrhH{$%<+ok<41$e79D?0607 z#FTA}4-K2&Y$QI9AviroFatdS$VkJeI~_8hB{T+IsaswExqCGv?lms9Be9X=CQ<_0 zu)|{4^J9!OfiDI3yd3=V3YeM7afht^SdT;G8=Q)5KRG~1^J7|ylvdQIVodNWDJG^* zFR`Xk!uwnaic9E9#7fkE{qk~F%2p~@YF27jnwgOlnUZv{t$DUu&AnhM5%)#@oGn?j zQ=LpovTH_bPaptftQ$ZVdI(tJvhKR>hOcTdmLug%NZ8Y_w@}cC#A57Lfh?fD;j_UlZPiZC$=Z$ zC$%Saq{_*IKDeEFaH31MrKf49l~Q0|{p{hd^k1zI{S>Lk=T5*@zF-tFsF9wYC!eRB zr;^x_1sq&>-gVxEd-B5z8>w$a-evw}@n!jC#bwoHHT9Aq&Xt2HXbT2Hi#@yH38%pz>}DZi{cLZ)Vj)e6}%Jkem~~cKst@&G0iE<+1Cr|3zm!8Ywhb6oBBAYhT+%l&W1GgP?vGZOf#jY9?bt@Zrrf3p4{*U&!PZ+$S@WQz zx8tSau^$LI-22p!^h8-!&MoxFFU6ZqUATYEe)TzjcT;a#Uong!&A|{-!CXdC-x?8h6U^2thtK$2lM6xe?~6UEHo}=afH|ar@R57i^8Mo?Mlq5mc(~0al>pQ zW~1Y?Ixkq6NcRGmNZ2;pdB!Fn6f4Y>y+YROf&2INjesGt_baf0wSvT+_oLyb%1@0$ z4;-BHd7$261^ei@0ZW?{qGSS28&BW<5+8*uzWfTVdlYV5?$02ZYjd$T-e!xzxZZ+V zPfSl;f7U?sP?(s&g8I}?Oko+1!F{y~MQ{|Zr>Ua9DG8_XpS+hWSM()hvTPaC!T3li zc%cVHKVBcYu!fR9NjOzIjXNtNgERO-2k_MKvg#`4x|*DMZe&@3?=@RcV=bgc!`>sFjfZK! z!=NkJtT_N~I=H*$umMJ2^3M%h59r*t+{}IV|U4V&^A4f>~QRY$h zvC6NcU(YYPu1#-^Zms{M{=r$M*NUG~L%O-K`peXZu#^DO@t3cUfQF7ofoA_-);THak)tKmJ8*)&IlfH)GRd^*`AB_3-(#2b%}m;PeOn%jy@g zm}))|?P2?2M`>rJ#GnvH!|@aY8kqi!f^Yw2`-?*LzkGiUDdS%k&i{ik19<<>#_FX6 z7gYv`zY2hgaZv-{Dyje`N+&A*zm)*Cj1UgMp?~!Ne-#1tv#uaF(X&baRR)+z#|az6 zIHFYguRg$@rXcRGMu2fbnSnyo3H;rJ=P@{l^>-64DhALDEY?BPvSFAIl>^=|e*dZm zL;+5vRD$y#4S^_ww_3Gh1LB5P`~RsX5c|(Z?707G3a~qsstSrAUA&MqNM1>YU#Y@C zIs(feT+~|E23ZRIkJ?~EN=jps{ddf;pt z^$6~wB4PK%o}pBgpz~i{g1FDtM4RCH|5PU=|J5h()QSoPBd)=}Uh}zxslECiT7?+# zi9Rl8du_zg?ebsU0(=cU@6rwXtJ|5L9_c;$>9I5mO=hfg>9QL(i%%~ zKhzB=Qhh_o|4rd=({l6X_Q9=%$Z-K)o%COLyq>jVv)lbM91M~} z%TZA3Q-BrjK3F@XAnF9hLug#JAd_d$X+rPmT$CfIB4bI1O=Qv1Yml!D()lvBJaB<+ zK-}cI@o-5mpzX#V@*2QEL8 z5Jpu)yYQxa3nC6e;Ub9ip%zSvGRP~8zA?E8rXp@NZ@qt;{;3j;e2s;B=%n&Qg;c-W zu*$gEME+9ovih1bp)(a<-frFB5B~X-r@r${>%8o|?8@OP^LIK3WGx>B9|rL$=w1PA z;(D@sL#4~4TGDpnVHdxFEvYI!hi&0RcrygHum!Hd#kg#^a>R*&PKUsEB-JdDlG*v{ zkC~1+j=M;W*3~dtFF+Bi%Rm+cC*KPf$tKRnw3#xTPW5JA1Fo3Q+0KVC8l_@H{%XN} zQH+{<$X++}WAw+T3_mGU6Xt#npM249M4)o%#+^l3y8Lm0db;0;Oy{S)y&vC^R5Wn)$>>hwjI z|5Bk0LPs4{Pc;Z_tU_3Zh;TV>G>VXN{yNg=5rARI1NaEio*3Hum~sRRcac7lZs3US zWD|M)FUtPIDXZ*z_eIG`kQ|gOIVUCOC`iso&L9~irveEoB7&$ONX|$Q1XPry{ePX$ zT)Kbz+*@a#y0=Dke?!~d@~(HyImR=dz}MTKFKFOk&_7CF9E83kNFo`7*;EPmXe&r# zCsgX*!Cp9&qWw_C{`A)WG$Hpei4u*7qeT6?Pebwm#Kc!Bzh?n>UIso3eirsDmWl(T zjF%3^jAt2;8}nFGRA6LLM>Pv%g?jp|9fF{e)X?Y+IS2v$koS-;C7PQ@U@a_ss4Ci< z8p&&?b*PO-r(MvDXm_-rSm<)-8d63yK6lyNT1#a+YzOti8D9f8(9j1UGX;{g@$Ns5 z9@7zX>Th!-$V#r18;EHMD-%U1h|27Kg^Q0Ufud%NwvTquKq~#)1K$R<5u8#ZuvJl} zlo?HxrR4V`)XPG@jF%y8R-i<1ipNJGnaV*(nTr=t!Sf|7tm#?v=`kk`dNI*Nvkh4mS4ADYQk+brc7}cvUq7F zl^tV_I|KxO(4!!t&q5`FPbAvu6sfH%!G)-d#Yi)#aLdb%mpw0gY4q~OiaCrr#=6G3 z$9f4DQO0gr4XGy{0m$v{zB0j+(T1{R-|d8$(BoAo6F>y+_Ni3btDILwkXKbGHALBKy7i5{O?`HU2#0}8uy_>K&xV;dW1BsX1tDSqT0s$!RA#dHOXB^lcrNk zqIDY3bP5669qe38DB+f5fnSpKYa961q8zzrgm;o~PYQaS4Vfv2n4t!dVMVpPZiA8C zAyGp6UQ-h?px-K#szkOCZR{<{bIEYRbiy1-s|}PJu;#$U-R= zd(e2v`yw6xiwyQ9nNUl!Cmv4};?>$nwNh83;B47Nbgera0fFY@5q$?JmZ#rl+6r_>Hh-Sk| z@{6*i{kB8k5(SA)%u!QUie zOuKkq9@E+tE&SPy#2^K`<=F0}R(G zPb!cSHf7`w{PP{jd0zk}ut6$_fzq`p13gdyucce0dl*r7$doZb-!BFWQ9^nw#tTtm zXW_&=?Z)Q9nyzk3W%w zzDWz4nf6bekc)di^-=wz*wV=2+4z@#qPJkc3SN{nZvAs1bA%S?vfxU_U@#1oaLCB9 z3-Nd%B#{uE4lOwoSA+se(35K)QsUm&AdhfZaa?hy9!Mp&S3ZaY z{2)>XtOQa)E5WpMAuC}N38{<=ag?A|SK?MQufG_uw6&2NG&@7 zXg<>Xa>kk`;LCNO%MJgkX}5W|g?cKX&3&I0*)wZEMbwdKqUI1q9Y4E64i~N!UcyM> zFQr2wkK%kHRTLyrQE3=97eOW!^#muo4!oNxs_fm}^VrK^02h@{6;hRq zV#ESZw3LY+ee!;~5QeD2b zh~yqp*8jToxt@42X$dofaO@1C@!}9gG6)rSk_coVU@%cx6t<3M1`JZhlyLd;q5RL1 z&r+as>aYzpkjfAZ+8tDACU^i^e!ItxG(e)rr$DQbh&Awzgfn0znLxGQ>hP$!C3ysD ze%GRO*q$1GHwT8e_uY}aAWzIlg&k?c_oVMBpq*-{y!3wPQ-1-9;2+Uc0+smV@xP6$ z#<@1GAZ8Lh+veQ%ybX%B21ce%xDWc`iWdW%AzTQP8I!Z{A}mMUQ~k4(>iXF&sQHld zWkDz9A?T}88h{=;lp(-}C#q)U!A1<*G16`~;UWv4JyDN^ z4fsU~C31`^sj7=ws{Vr9jf*})9RzS9N=YhZGAUIr)gT?+Vi?lKu}4s0?Jhk?^mz!2 zO~gN>P^myH!c4P}Dxyln1_7_DR;ul?^I!E}N`ZtIz40)E&LbLFu5%z)vV-7I5E~=byGcnH?p9$@{-Iz3n0hf`Yz6a7K~`< zKNSWP-}@c<{f-d!sfy2{NBYN1Cv4vpzgPTtZy|;)zTHL(>3YdmCSpWW91VO?GgkRZ zW;}N?bh41lpT23$Ig`2e)s(e>_2w=6t;ijtU7uaQqtIiMlbXxwYabbzCroIHOl6h> zy-1omB&C>+pr2BX(1zSF)$@9Bo9@~7rT>`OSPxyUCzbH3cKp`3DII7aotqu>A$PbC zwr`!M&EGvB9|hv-hcLXgeWdcmqrCc)`lqLefUSj+40lFZ+B89_(@wbTF=^z zJ+KAub394^u6XWwX?}@SjrM?oG_z_y@0h>4+{u2jPn<7D@%)>5**dlT2jpfmpn&2# zlLfd5igKF~m(kc4;V>n*O@|hAd0ShE3ZYufv$* zd&h}*yK0geo-FXY0c-x1^@CXqoJr`zieSuJOGc_0j9?wlZ86*ocJvL*q$v$spAolq~>p-yK5aLPbN$y4sYa6?Hsj zIp z#9K^l)szdeYqe`raa)5+shDfU5kwXPB(8%t$di=^%B&#`aC~@#4~#B8FczR}ksPIk zU(3Iu3}VITc9MZ#vK36hV2&e;bLDdl{10r;OMZHA#N3!k0~B31cN=jranpFeBP97v3ksLVMhpP!xypM-t1({dKq` zzl$TgLY8?Z9%xIBS)_n?m{@7fFvk|i58J%Pw{6o!@09W1vV;@;mwCpXy6zzbhcOhi!F zEjot~sVius8xXgD4GiQ2?)lWiGH!So?&JI1!RbeZk~mEJxSn7ZakpB7P5N-B=5dGi za%+Yo22wpWVXK_XeHf0op`M%2f!%R5UR9>wJ=x7A{77SGY{Tv2&23Zsvzf1j19=zu zzZ&tSQs%};B0*A{FNwpY)1^1AtdVSk`;j~tU3GKHTCoMLk&*G@>u^gVx%fVd8?JaB zH1=R3a7qOvypoSfZozt?kZ*ek4Qdr_XVq>Ere2MEL3@#Vz5AwMc6GEO#RUDTV*Xct zQhe(9P3QaLUj`SxTv+*BH|19q*D2y(G~~^{Nq}GiCf0$)YYf%RZNPIN5UaQZpsRa8 zQvrZaS*Q{8(98(pjqkGvM7z;IM}Og>YM>z*RArX`L(R7XA`*cKwL^6f-P!?rgo4zJ z6C-3ek*{q7)i~Taq6oBOi8G9VbOJ}>FqbPtgH}CKPdy!J9qC{T=FC^S1K>s&T-r)d zO&~x`hNLpB0+Oi%l!4w4{1OcC(h9U{$1T)H)G3B2)$ zt3jW0=`OH@4ThL`!jlNdp-UpxX>(EuNT2{vpbS``89k3Z=TrELx1Hyf*r%;p{m5oYBL1@(P7W%AhtzQ6omt_}Nkn?BsCu7UQKSelLL^ z!yw;@@e$bpL!%fL>v`R>sOEWVL-b2VS z+t6qn(6v;pKi$xV>723AK)zBRhAM*TtiKt%S-JUSvsO9)d@#W*W1KOOhL(E_EPqFp z5VWU{SVWXcgGd+0gAsVQ<>!02N4S3W#WyUPG2#hIRB<;b?5RQ;6xMjA`(YdyDhGv! znTKtd;i*a*LM^;LbR-p_tF*QA#u!hy2E}2SoyGgt!#!fg;o^PdL#rP}lbLMw{+;63b!Zd742R;VN2hT5f}HhBVhfkW{jy zfK7cQLop)v498s$sWDFc(fFh5M-P;hdy+UJ?O(iyId@bX4R97MZy#;0nzV{fAx^8| zLXR^cU20$-qe#W2mu9t7YDz^zD)4#3OC#D+*UO;GV8HWo^r=trGPB0%%HzsQ5)k;( zM8;DIQu|oN-Pd&0f2~QQn0KS`Tl;s&pZour3w53W$Bq0zAa|SJv)JbWW3eRN1b&EI z4CHH4i#?UoYT|Ctk6S-HF1xPtX*#m`)mD@nNWAa^FC!CM_<%b}VpczH#1t@RfiRoV z4`vQm57$#oBjw0h+bAJr?H=i+`bn)&9koRj^jE84glOHBC3+f%MLfcEWiZivS{65& z7BEeaNCfF35^utA!V1hVjYFVk>OL6T9r9bOxc&SwqpEoyj(AcZ>36PFdC<|H(pTmS z3FXI!EUk4U{KX&KrE0+dfu0efRadN*A1o__Hw5u&uy|gPN1TU8JGg<{iYIk{C5EY8 zc(jX&+)$dj1DUjQ`0AFz&T86i$BtI!vnOVE;e2W1G4Eoj%vV*5Vztc8rbfAb@sQjZ z(_pstp{Z#^_Ke7e|9buM-<_Hvw0noCMj6+o4rVg3UF5AH{+cI}bcDwg;526mOuI@0Qz?hXEkR1u! z#HmSbK;~J{aKUKuRO+nCyzQdSiunNxBliKBK?lBqdBeRUv18^q5cqS#yS~YuOq|S| zc9=6;>|AzP(O=0Ww!wQXb3GDwaf{8c%{-`h#oJlJIc_I)FKs_(ziPkb!0*uPFz$yx zPH@_n)t6n+;LU`$m5dO04A+gCOeW8jteCDRY;E-*rycnnhke<7YdXhUfAsz^F~|=Juu-zn$_BA;vuLY% zt94tSG{z8YX`mT?&N(nS@Hogjs5^{4EP>GH50S4E0-x4VH(oqFr*hx2AsYL$2dufU zy(qkBy?k=5b6s^~bmMg6ev|UM@jqlTclrmzpGOcZt~?e0w&Y#(yNnMtAAL9ack2&o zkFCEdo;*EEI4k?6cAjz(iOX1xh}>51AAmwT<2LWc-ZN`EWH)}#Vqf{fRYs<+f1sHK zTl}-aVfo<>)<+IF>*XO4Y~V9+dLA~W0|8flyaQ9EN2~$*0Ppj;)AOg2ABp z=3N#ycgqK3AmPZFs96Q#qMyum@o8m#teo?KSe>$%w3xf3x|~g0dS}IU)nm0`wFd=e z!dl^$9>mOAh?s6WF`tX}{P$w^l7N`>_hSy6;hPyB7NftcKXM1^={o8^d2(tDG12Pm z(OJWHb<~#u=Z5FLKf{Q@N<+>TMBKO*?O_`3dyb6V{qqs~$)~WT2k!Ji+>T@~*zzm| z+c=}4_@OFNjlG8hh(@y?^&{l5=cUV-!k8}>SsG|WY}k*4zUi1Uo$^5$;D!=F4W_T% zyUcf`?-OPMXQF2{NWZR`ZN&WN_MGFK=Uh96i`K^p?e;jVqxP)yvtsaucZc3V5|Gxdc2iK`7 zTD4?+ZSkmLr=Z2h!Lbk3(^ijsDtpqI#lsl62C1(sycq>VpSR z(b+AyoWbPGiM;6^5T&ehgP+>JOkrL&URqujW0??em3>tMvl34rIFtUrpZupN1?Bb) zRY5OIey8}}e9m&-eXZ$p>5&7Epo)Kj{7;(;%_}}yw?4MCad5-$js(F4Zy&WBvmf)F zDt;&XzT|^3UctF@LA)w%pJYDuF8GrL)wN=Kx#X$jSC1HoT$D#ali@quH zhNu0M{V5Ot*^An%Vn+YIXFYQ+3-MpLMthZUuQ;h)wOK1+`OW>S}Qz-*0R^b)|1z(@D$43&L+Vx0Zy;ct}RYNW_y8q z4|y$}4<7PbY8*Z}QarZ89VqOy<4pNSJ(y6P zJWra;d*AyZ??VCF4;9Hb*!qO1FHqqqD#tuGumcZBBe8>V@ZLxT+9#(?25i}eunc-)%Hf|X1 z8t$P4rC&v2a;S}Hj%Y#b*B;TO3}AHlkHkvk{)CZ4fTMhg+W$A?v7FOUpBW>HRA zM9GWN7nLunUOahGgXSN2X-paZhZYPFoiTG*AnueG#D3qgfU$TIWK+Z{_LU6UJtJ16 zx%j1*j(3iCkM}ZRSYj*H$QrX}LVh9wZ-Cf|X!6ly>SWqv0kr?8Q*u-CIAW?`iKNR*oH~^yX#WV6y>Q4Bo}e<*n$x!U zWO__{QeM;dF|4{Rt?ll<^T8()!|`{8MDCO@kvzpOQW*)e8vK+<)@!;+ONhF}TqD8A_11#vc;=JNQ(Q0^YS?PpYC00${M7>F z17)j?tIgaIc5BXSu4{g4{;+m}*TUE0))J8nl&y8G^>Bd7bDJrn;#Z~ABsR}&6#ZJb z5js;Y>#mZV;DID32t!WLyxvK$LO%*n#SLX-1?rR*vH}NW1+E(b8!;QPaDnpS0u@SZ zpsI~p_(1TcKOAaE8*hvM|fc+bX~X zv309!t9x5@TW$Lmk|HO{1wN7gcEENB@`QMV2{4N!Ny4oibtDP5@f+0H(c8HT*T{yl z-EpGac06~yktg_4euxx;snDH>ov5AIorIlq1Pi4*GGR zAPCXLiN%it!UY$J>*R}kA><(CApM~DpbX}d2BmqZB{87v4xJ8N4qXr34m}RNxVn4} z{SQMABj|pz51$-1!;q3=CG_BnHx3yANA*W7N9{-L$8y3e1Ll+-+$pPL=VMpaJAPbn zVc@L!Uya~$-j(=Nj*^2$o+M-_I4Pz|PMS|O0G>>d!rQ^I@?b6$;s&qNRQOiar=2)$ z7%(RmN}`5lqOs(;atvwmy}sS2yubN;^ZgbjI9YJlVXuFeBkfI>8PN$@L!iXa68x+f zDo!{XpBJ1Lo)?{$Q%`@| zSy?2oq<~^|*~Dt1{j!tggB7!3?p6L(0YiiAwGI3(PwKDq!TZ|#+LsEv4yD4W2r3e5 z_E<>{k#e2-PZE&}7p&mA@Vex>j4GGp5jEE}NF)S5tp2*0YL`U*{Rk#hkV~lDXxwPt zXu%m1tg*W{rV?+=;>Pmk-i@8OrYON8bGmV+TyEUxM?G#*Z!#ETdIm+W)iY)^*>K88 zQP4A>$sLpknyxz~!wl+Kb<<+d0q(^nQ=B7p}9A;!=myQ0I369H@<&j7C!VqvZsPRRbEhzKp}auK2aw zYy9-FihMAsGGzj-rvGjKbpAWpcPZ~>Bnn9Gr(7J_%on2;i`pQq3P zt=C9cCfw>6(Hu2-Z8LTIt?&EpS)cX({q{q76z?4a(E}yY8pL!km^DZ}p>HYAD(L*| z2_Mcv%4sp|N;j8)J}6?e0C8puiw_GdJ$qkRilxVx|9Iq^-uJri&7}oI$cM5S!xs51JllRXXiHj-jrlmB~_x9Wf z$>`x0aol$z9OE{3L*cRfN$HvOSv}SwRX4^rZcJll9iUZ0D}J9JArrK!fgeL-&=kv9 z8NN@Q!;bRUFYWT68 z;L4=Kjwx6wU+P9@Z3sx~4aX&JIT-qmgSkQ)V!3hHc20mk@OMW z#mvk8v)HI;?iuVkp$OFH<7t3t%SXdCsUtofQX2Vyc;LpAB@m)Nfjy!BHrs_De0+2q z;x&IiKCSkl@)w;`u2XK)86S*4g)Ueu8LjrN=N$xoDLB^u*1=b}eKcguZ!Ki=DPpJg zLCryZ=HAdDWz3;7rC0O;Uxlji^a&X_fH4zE=&aJ-l)|d(pHiYlcHt{==e;e~joLF| zvjrc0LFgLiv{0WWA|k0@3S3rR@yEQPc}*E}_@K4WwK$qFyLAr&iEKCSZ z+}ZWViPib26Y#d@#DrH+_Dl_jl{n$Ba$ZTqZo);uMfIiHmGQO0^_^>v8~juTirYH| zgausV;2jPbJI0%btW>-Jp@a!%E_~aLAtg{uo8h?Or%=(w)LAxqchq<^`MKkZ>KAqF z?;M%sjmBJ<6AMsuHK8BAEpan*;pw-&?wGKEv1t0n87^Wr-;oer_!!VO6Yxqe1_KAw zz767FdRK&Nk?s2+%v?%o`*SdU)0{DvmJN0@@iUKSJu%*Eo$W@StAP;QaL$Z2J_{Vc zhVM}_s@qarifT~Y=E5VZSN(AP-jZMkFA^$tx5WyL@v>` z_fQ>l+Xl+uRVTgb#)RK;R%X#2u2&XKbNY7PuI^FBSLMr$D_SrDHDEoIU%QM|GF2*ALOE)?ByU$ls)hPimQl zz_e|&V!~ljZ`F4#eLZSDX*+7i|En_A+-cwXE`qKjf6M%q`>ldh#gip@;qMAofX`X_50ki?+4Tv1VU7E z+H$7wE%saYxd9hn;FYns^yFFx__J*5-#;o^ffc+4v!7?Y=o||iSH$x<NJ zL_y^QtF|B)uo_YrQi0%qmo-X1yVx4gk$Ry(Wc#Z9Tu*WUwG<&=Fg?g4hVpKL2dIY> z^40jVWlV3(aLf$>krrR*wpShFaw4f1Qn)7QhtGsP8&!9R*x{fbNfVv;_XffQ=_BZ? zezIxGoGK-A$mDI$^aFB+Ql>kmyAT*TKpU?9pv2W?!Q~eEp$np}%}f?p?Cn`!^n(Ss z=;nN^0C~_QvMUise?wqOzfbWb3OO$tV1w4ni=z!I#2q?k5c7LBWKDA@l#U!gB^#kk zz3rPFn>|n%AEMz)MYrdVO#xCcpBD0#MJLqDr#=VtgTg9)njS08DZx)&Bu#9A-q z$OsC#Qn*sS(zpt|Dn#hy&E%qSL%*xrOo!<8IHH3$AMB{_JvdZ4)n^X$QJYqHq%_yW9v9;kq z;$Z7g*GMN9jMr$*3#+jQuWVl%PN+go7p_y@lYKmkd}1wq-xq)I`KUG5i0wi(_)7ez z#D&(C80_Mz*9zG`bZ&R=CPL8k*}wC}{5bUM(-S+STovUU1YfJem(h8uhAn}?I};GCc;eplKN!rZvB7Yha|0=Inh*JuvXlcYDj9BIi)yOUKdeBe$b|=BuLP1^~(Qla5n)W^RMi zs?%O(tSWTh33S(y%vZ%1Mm)8KtH^8pYiGb^IzPFlfd>BEI9|rj#_XZeI8ZyNH*|Nd zi>EL9tMu>x>)yyGUp#2fl^--*CA>vnK6+*L%JP*Z$Ixv|eS$#!DyM?yl;_)^a_1~4 zE#$7*ZbWZ|?*u@$_1H~5)Pa)XdlCc+5cETaGznKWu^o^{?%_9O!tbC#badaJC^ z^VjtZu+mYe8_d|ZI~BjUZcc@ekGkifODfA*s~MZF+qbu?ckE?k`fK5_IUuY~6KbYs zuIQ5Lo(a2RRY^7UfB;8fIBtrKTo+MhIjCDK(3|wXR*<61j9&-hfn-Q(^L?U`jB!oz z;I1fv;C7#T^eNp>8V)E)!o(ZB!2^PFYi3%BLKkA=JP`aC>@(XTl(k5y+DV-7_c04I zr#Eg}uBQ`rUkS%2F=oSl(+z&~>@ zU?dI)YcLJipk*x6yV#&w!s^VD1hR5uNz}6#54LG6EAgsy&O6R~ z0Yen+mF}yPIgqm7^`+_D>5^xqT{CF=?BS5_Xw<8Ynaq!U__P?Vg>JTQ<#;-iemoX1>P=j8!7*iSf2M6%R-IFX7qyguIulQ;MHMkGlPx=4~N!8?bTvHuBE zevJKl-&@OR?P*EmrxKB1i)@MS|u#2Vm_C}s<4v%%{|HwsQ4k@ zttys={cBOcy*?748@m2*y=_Auk4?)Bn+->NVf;4DHyeqcai)s5%D1Yv8i;V|*w!UO z;_kNbwl%&malj~rIKhT?Ab`LU9?6=atX(gX>zrD9mt~ zi1&z6UA!mi_DkCqt@dmr#5E_XOS%Fo?Mt-m`g2I{#EgH?+v$*!jsp|i#nox zmVff2_Lmi}?333{WCS;?MdPhoyJd~7mhz#(c^eD-Cqs8fE0F%!eGHp(S~OWtr3uv7 z)8?bgKToJeiH@?Mw z>~t&No8#=}^4^b~rIOS_5$ZJ4!*2H;>zMd?Jr*es0VD&_0Ch3N#VwYjTS{2! zLapMaD`NBbDe#|2{oWpJ&-)m_skTMY~Zt2ILWoJ4837= zsFH_SIeH60Xz*wS%s~gjXp;~$`rtcSgut(x0XYj8B}{x^yz(u`*gD>kq$hn?DKl+2 zQn=$t5rKKH?wpi>2ve?;jgt6?WEa)gC1najDYE7giR%eNsFM$etsW`Poz)DIjIH?4 zp04%&HFw&KM;w!Y3|XB|4u0U8IbWUuHCPbZ|?E!tlsVT$|);X{RR?_ zYV}U-S`14UQ5uwCEyO~y@W zOzBN`zKay88d!)$th?}^r;e5HFB{Q6TlE` zY3|bN)nUJtfz4LJ`qOn`u%)@-j2~*`=AF%GjI+vMW0=9*ai^P#`K+{O!=C6N+o6(! zLXJY;!|=n0V6JUgPibR2m2vd+xc0;l1F0bJRj+Tt{>kq=?L1#tJ^jkX%*pz)@kW_W z9dJj!YCriW|EW?nP&<)4-8qxEn7?&vi!0K#ssrwt`=Ha{qakaUP(9Cy!+g~{-Z9xQ z*~s8yz&(^Pt^B@erfJ0-+$nRTe4_$(Q`c7gw)2j{j?zvJmfeLrB|DWn)jKT*p+{}s zaGkmex(Ve`SB>5RNUa*YGjgA=yV0Az>4FvKZJlkSiznDTRbtj^0oOrwBxcNGJaass z^!MD!%qffMt`Axt%;)syY?d@u@2-1nsj=?Mh0=3p+w`>myUY~>g>vPH;#;d(zXjWk z=1tZi3YC=~mBe3AtenhS?mATX#=ly=@?+wGri_ep<={OSzqObhxs3RXM7%IT+MM({ zO`7>q$Xcm->+`l`M)PA2yWyx$4GZ4OZ7@KSnZwkfjhL;~t;_5>eM!TDQRP(sht1FA z%Vf4f3B2U0mEfn5Xx^*n2BJn4P-{B~Ry*40Xzc>#tGiS6j{$6U|N3j#q-tk4TPn1E!i#0q75{m?^EHGPFg8s zh3l|dzFM(b$$B=4^yQ58hK*Yr+M5+yceX6Hthd~@O1Ap=YWZzPu&QjpSFLwfok-EB zJr(*XA5O&T{ZU|t2Wl(O zXJ`(Xl5n3nAY!jn26g%9!tm2FGlph7Lc5 zuwhR;R_I6?@_J_&V}YZwxDb^gEl`Ip>5fP~2gY?9wod z#)m~0N{%Ap0xif&p`W5Z#R~JP1$VBskR=_MTB$IL1wf()wCfIBQ^l720UPoDt+1_! z?6BK*mDnt69;EQWIvp1tKam6hGWhLSV>##W)tzjRhhGzs+6kfE6QluhC%2dxADkqf z(i}rjU&H{0=a%PL$N}8B%6xxj{LCXWw)vO-FB?e|P<|1KAfN$BfD=-H zz{@dAtQYU^(d# z8@)7<9&^gS2c7c&^{D;-&ktMDm57I|C_Uz&|HFe;K+XNXA9cmQN1gINk2>c6$44E! zr2W4hHOSom!^0L2ddG6--cI$d(ryPvLZLixS04EP`{S%_gRqFz6(O z%ruqa&Z5L5leXOps(pVamAOUzv)Z04RE?@bQ#gVVhcOT=+P}zu$zm<4dF(0?BOpI; zJ@@`pqoR1h@-NaZ%C54nH8I_egg9&WC-1*N;Tt5&GFZO+S?>icynOk%`FJ*$S^0qJ zu-bFy?=rAz%SRnXW0s@Q<0b5c($iKD`78IW@w{F{S;z_yhd)$H2X*IeFO+VnF`*b7 z%3N~ODwU2r7&D#>os+rBVi(GPE_t`N&_4@`iGN4-0%nnfhnK|_@M}Q20 zOcDe-pKHJD9=ko}GT{v%n(?N2(hnOU{VCt6$f;Ja3lscWL#IpL^}XxIB_R*tNWuFS zvIKNVzjK`NAxR)>wt|793=h?6tk0Y0OFvnow(nZh1Ib9o_S}d&&7E%Efr(S(2^2v* zdP<%^=6WMzhzVs%Swa_bp*7Xp`~|J25MB z{qlf>fxc7Q)7&#pl)n$8gaO6xKHsyxSDpKzjLkq!{B~K)xgmrP?sO9s97n!)}R=sw_7q^GB#!~2SdG9i35)j68AvCp^ zkKk%h#a|#CSWxgMz1MoyH8u<(EycsIw*}iVCw(yuC)3`;Vi>3)N40GEN(r_pIZZfi zJIg<-I;;C;@XPvFG46{t7mgR+*Vc@QayM*;bV`ODu{jSNvwtTy@3>sI=EN4jb5jRN ztM6&TdHaRqCEugW;<`qzY5x(O(a_QQmwvAzz%3q6G^0^Xo6P4;%R@^S{Vsv4O%*Qg zqmSkv{Xez>vFO7EwW0B?oo@pkv|LD7)ZyLBUaDT|ggg?uo&hjiveC8Czv;bM#M@=R z<-Vi16AhK>ksy?O?t!Qg!oExqFgr@HK}n5tz#y)ME6S19Hub#er{zTfis70Yi{I(L z*(Q`052}$?nmY0T`gkn#=^{q&h8I~vYl~W<^0m=KJWy=vlrgEa8tC~YJyXNJ<$>*iC%ff3Tx2WQ^wmo~u^~s5#~Lt$WAS@6JgvpUwf0;O zm^R})8;?xOU%tO8ue11O34f+1@S}}~qW>j;=8QVNh@VKNA#IrJ`_#A)yJ)hMwidPF zyc2d5^uzeP`hsy@xtQ;x!)D8V($BOD6Hbld>GoMp3Z3G?_~Cw_^YSqwx27J>HEcNH z*PF6g3SHlN-|0}}i2aN@e>eNr&gom5@_Rb_QOAC#o!>mq>EG0giAHaI*7dAsykI(i z)_+L_YF*ZG1f1ETA%jsHFgn*6SDv;5>f^5U4AMf~VDvuN>p!hM?Zd71(YJ2Kk9#+P z{IiM%tVg~Q1jrq``+%0BkZJFi7-Hf-PDDgJD^=M6ekbKZLqc^xL` z=g$L+$}3vhC09M`0T-%wpm)%Wm9_(8&R+wo01T@VsorN=&pb$?3wjm@d)Ii#ddLWgJKVtpFGImAsWHt zkz_Q-p?oC^i2G5Z^x*C~)19IqAXz>d+ortdjnALbpBBO7EoXgR`=aqh(~B0M!*(o~ zOxRjky|jL5|Iz_=uQ2cSrvhFEz6^gEiEc3FV+QQCjFFaGFlty)He+@$ zr`+KGdcpwqh65Hc76$`3aV%}D5z8gZSKY6AU-geG(d)WWVdH7z8FahFBI$Cx3r=v4 zWR`RXo1-?YjFcvnC+wJ{odL0hO_4Av3Z4k1!l?-MWeHdisY)h98ki4RP_|Omr4Q2F zjyIhk88IYeBu?f~d6W6@go`Fisfx)bQehT8S;wADRLf*1)jioWB?F5}c1m$diLj$v zl*W`Mr9Gv?<)hCLYCdH-WsSkO4U~*WQ%O^qaE*JX`rpc9Cgk<@KK4Ozf^qz|o1L8; zB~K|%D@`j;t4ym>>eII=ooRi_VA`0A%uLGUwq+!<=TdWIFJbcT9vVrvcmD5!2vmyr zXDwdvuJ~Ok(FD~PjMtKD-~V2LQiQ8~i{-34Uy|XH8~JDGL(S9A-UcgJy$gL#T+^NDio^*|gcGRL5*5+76+oRL96i zSF-Xk!pi5)N6U}*C}G~?jJonM`J81Rn?Lq&J?U~NTcEGBpYwy|?9VbG4lZ-%T+UqX zToF9x^0_97!K?#^*=XK&-X6H!2MR?HO3W}U%;V-omYYa(%b72LRw3-nOL6^cm~Wha z$|0{PS(@v7(v{48tR&adG?ec-&@P02vw|d0kp)T`C?2SCQkX*0LI((y!lLq`_M#zT zGh;NGg7qA~n7}%}Y_WW?3M2G77|#9V#K~ZDpn{WQ%&2Kq+CDZnkW@>`J+DJY|TTDty7JB_Yy>oT#^%`>+$PJ>$&Si>)kY}GA!)1H*^TJasY65-w50Y#RnmgDuypz zLDg>5ZPcSTZQ6Lc@f1AChDszAUVBS#%V5iJ>)w_XWxeIP<-HX|Tl;7$X)9wZXX`PH z=|V^VwdBU@0I(QPCbYR;+d)(q6}A14N}%mcN473l({%w2mP|8?Dp*U9QItfT6`$qJwGt9;JuK&P{=lsd$ABo67~}Jk`c{|^i`RC zg?*L%Tl*SZa(0vxL>%9Jzx`lx0SAG! zk&#pada>ez@`H*)^~2i`#;gwQVO6^xy2Gb_0HZqaFz7IZmOp}cuxJ|pcq$F5PZp-} zE!5M)-ow7bJ}h~x;adAZ{n22Ds|j}J2#vxW)^+1iGq&-qFt1gQ)s8h#-s&A29GgO| zus~SkBw5M(9Q#wjFtAgP(~fhF^C1tF9@l@B`x-7bohPMO$+w<#p7bI-k~=lS3&Z8q zjdG^~fUh5c(AJ$coi?BLohhEFo!w^pFUt0;?yUK&|C<7PV?8Oo(v54|hYE+HlJKqL zTNl*}R-pA=n-p2y9|}K8&Sju^SVHs&rb5m`&%;s7k$EX`vU3UWE;z3_@B691KF#c> z1<5&?KigR~ibPp&1e@73r6tIpDq&|ULuE3?Y~JR={=ylKb`X@bJopA>7v`nYl!cE#u`c1}7=AU|+uA+fxQ2wY9$5G2spXYI7=5P8w z=+6Z&#Y5W*f|O{n3&F*`;3Dj%;EMcX;eA^gPCMU zK9;KRcj@nPs`_^e)%v@g>V$%H_mAZtE6Vkc8|jjl8$kQS|ADDOq?c*>OH zd##zcdATKnRcl08$?J7!LQ{5S_cRWykMEx9d}}**zX-cV2vwT}-@<&rec1_ zr1-%K>^g5f)50?$3Gs68u-k|?#7`xRETcx#pX-w~8Z?&q%22Xy#I_w{Myxr;n{X^J zrpyRHa+oNm7x1G4NP3eq8GvRn7(2fL?qQ4faY&LM!FjziQ;KLMww^l|b$d-D!a09tk+a#|kNsCs$ngZWR7+=ATIb`uvz!;P|~PuAAFjG=5w$Is1*ovY8#&AGmRaM3XL( zdC<@DMkI`cf=Ot6(S*j+a%?Hpy<-;+`H{j*c_MRXASjf`qb$d0!SI*!FITFEz;CMyPmrm6+`-D>m$|Ql{p2D(4{hixKr8z~qUaN(0PMHL{w#v;1XdH@w{8~_p8EyORsNt&- zh8F7~eL^dMk|E$;(orb-77d~#*nZ+D-2};`i~IC0s)V3(g`aXiD_Dw@UzXk2{RT#9 zPtSmBug@8iG*CWJ{_HL%N)fyvh2ij#!sn(hMNqTPm?pzh<(pLA*Se{ecXrYyyoa}~ z;6vSv_iXm;(~p%xpeVKEN$}$5YTYle+mMCMtfbVDugb(`s>^^ zh+G zsuKL;Wt~-JT6g!=E{P%Eye^pnY#DDkZMX0#$Vw8wCuoo>cB{w@?7`>V0@ubwn$9-f zWe-H~5<{8x(PiI@_c{GQ;ovUqp%Wo2I<$ZBI5O3O?<(TA=Se=zr3*LNe@s1gw3 z+dnmFo}6i(MC4^E>zLwSy1!}>*{e&9QrhJmoSED%LuiB&U>tO_j?v;}Fuk(6PN01W z5IDL9!6Z{P)2>{z3LlI1Z-0&a7JjXI9e)iLT$5JYF<{E(RddLk+e~fPa=2u;Yb2gk zTK;pV7nul(>tDvg;LjMVe(i!b;n9>H)YszaUNGGp1h*L&`SifJ4?;3q30Bq#Lqo8! zJ3rMi#-%Mq<2RZD_qZH{ES#OB-uivezXsA_+of~Y0GkH0%_LsAvhDlqB|~;oK0ko1 z5k%`A0DfC`Puz0MXwJGAq9Ahc;e zL9}F3`ET&5_@?Ei76JTt4tPN$P9Atn6=0~L`7Hfe6${25pd7);QMxN)9u*RPOL>{QQgn zQ+y>~G7s+OR8kKW-k5VE`{JxzGpRadG-XAqPRdjZW=wwpic+LlDI9tl01ct=x-!5g zN@Kp*j{wIoy#? z7jr-=RdAv$Txu5Y1B328#@uK`e5Ghc{MQ23de{(az})KEd`NOv19#qotw2V+jO{$w zSmg|DJ&-wLct=`D)>Oxc&i!-Po*si%#(u@YL!^H8I0r<1(LbsnhDd{(%!84n2ima; z%q-r46T$9pJL_YZNcq+T#a2t)K0iW1aedFT@V?Bs@I`dhbQKPT$qoO5)Eh^d>y+PK z;^`e)gAArVe+>0S`+eSe(heIX`P5m%-6|QG+?3P-dECAHsC4Y*Ix&$58I5E28%QXn z)}+^D#mnl;LCXot#rQZytfsN}X@E-|y(y0wK;O0!6YgEa8I@lwzr@o`%0YVU zy7Bxi|62);s`hWg-zKQ;oPT>j`uG0r|2yFK-+a`B-$}nyr0zWXcfORADzZ{VT59d@ zra!v4pXmQF{^R*4h@AJ(KjD8O$a;?xNvV7pD^vQo3JeDP2GZfz+Opot9V}(dl8^n& zJut>5tmwOGE4@V84tDVo&m&$~A-^yM{S%nqBMg8<+-5f1bv>!;zK^iR<+Tpl{j%3J zSdlkjLEek3NNK_e-M+B;4y5l+oeYP-VKr6z*7$AI+ZYM`QX*QfRZWD84OY~Ly@u_4G9=X7WZOLcR7snr&U(#Yp@rbOR>|2= zq}e>c@vVfW?CDbbQXfXfmSov9Vl5m1!qR~>Lt9do-@;}_jkVk3O`9!U;N9%)@}0XN z1jcw_S>l4_g?c&}d*1Zje5!!3w?-m4&nY-zWf1yiLhIGX zyk2}z4Y^b}UF9-ihhSKn#TWFU2=HM49m9g8{IrSPx61c`A38sSe#YQ2rTZ%$yVOoN z?&>&6nLvUqxN^HHgaCURS&jR3-_4^x%704!H2!J*PxC*||DyhbeWaMOT|%^V|5Yeo z*pw~!#Y!nlitD|bsyorAJu)(tDFdnlcOj0t50nmSBCZRSp06q1aw#0O8LTsvs8r;0 zMbE2ID`>$L%oux&XzD2kiaIWEcG$-oPx>H{>H__|!;xWuDSF)70+g!VA5=dy&K9BF zw4L{X78ktm1jnakCjVWkhVo!^#E=y!7XpglcQOupxQ!$;)1*o*Y;(a+2r2-K!u> zH)CH1F~{gn+`$3g6Nmd2NELEZs@O&}zm1#rBW62-onpv8c3{H$bV)l{HKRRaF;k9z zmCX{q`GN-H2Yzp%7+RRqQsmNOOcC6cy^vM}E{7tlXkU$kDU3MeMdGW@ZIi8GiEd=@=d&wLP1_vd;Jt9X~iN45!vZovo%nS3haO~4ka853T zm8yz2qwkR~&`k`&0;QAS)2cJ0vxh`>TVlj%E5xSXV}F?Zu>TQouKhCrhsB3{&@!;C zW4ODsFAGT7lSRp8z|iW!7SbQj+x}~<>w0?WTd--`ZaRPKawM4n6gYAm2{54bk2Rxy z-hXEQSqVD3WzvY&E3G%W*yc4aS*-S9!{C4kgEw5Dj14(LRn&p{YIagSN8m55%0$wS zpN-L%#xGBgY&i6^|3D#CNlKn}Ua_O>R}w`+_<%`La>GE-K>Xlckr+&7@NMo+EmDGu z$mg*cP99Mlxjzyx68BPt*OGbxS7gsg+V(`gw%fYF zWPubA*b*?pE{P42Dc+J*BaI`CY>YhF6J-+L(f2}@>PExu{xa-kEYTW`YZ*m0rn7E%K}AOdV`h^u(;I_5PY6%(qG@SqykFpoDrR1l|0)IYD5 zzA0xUW%j1s(5NPm~PbTh`ko%v%}E+hC(~(}V}sg_)Z3RxeVua@;yJap~}XlH>qG(_nx}B=`x@c> zM#3J8WZ7=L+zMr1mh3LS)nKgk(K>9qZhK(S=ZGT9eov9Cc#kh(3@&Czj}V81b8vZ( zF6eg>d=iP(dXi+WoC%J67gxw{ps-26NauO5P{K!3BHLWrd{=38;F1+g~a4h zh4}`qh{U9Q7SG9vgVuvFgVjUcY)dN$?)1mZH+{Su*HU7@-`ty0nZ7+^4!<|*V+jlP zbi9%?(f1oHL=wnQwOGZH-DSBNVpJSVWyUx}nf>fNJT_7{jp-K>A>ssXw|&09AAj(O z(bX2JM>X;QU4EAC<1C0Cq&tC8`~6fRY0U7#jQcDbF`_DnaOicq2z{4JoT4L>OB{ZL z+#~_wtL&iXaKU@w3Y0LPzgW4VDX5hjk2gxCrM}-$|1Z@Gdw#%#p^8HWU4{6K$c@ND zCVY+fM6q<8abT_q*a*auI^@LXD*XyzLoGgGIAY9t*5s4Uvf_68m&^->U){g|Ckl`3 zcj_O^KX~z%wLhh>xH4Yv-d6mQNwPb?Y)~UULC~PIfhfaZNZuK|_e>2Lwg{CDLW-S& zdxg?)1bu}3h!M1hkkRDP)X^uSPoCR74}Ja+cc{)6esCU(UX;Gn8M9{ln*k9*>Gf^= zKXQ;D8A+n^UOZxxA^3JP+*wbhPh}9s($8iz1zLXkyZZM^@BMLjwVZKfUzsW&}NKW0nmhh0dojS!az3pU+()A@(|I8mRXVKX)(vesHOL5ixfbwNNmD&LSsX3!x-<0%8feIaEc5niJRG* z`J3gNZCjfE7g1;3m36o7d%9Cn8l;<>?(XjH?(Q123buk62&f>a7>_L&sPF51=7hD+ zxW+ht?6Jo_YdsJ5{9V^K$^LP9(SjFmg2!9sz!b#BgTIO-tl6ey_ISZW&)^L4=M)y-p@?N8_majR_Uwwq#lOpscP&v{8&~OPAk;Cq-Pw7y&vz zXz@wcCeLDkhu@i_KI>C40*46_EnGj>e4d0qQO6dL&Y9EorH_gL=Wjj8JJP<3`rSS< zE|iZ`uy0>F$^D^(oAMGo#|)9mwe*Np{i^=e`Ky<#nX2F8zo$->PF0c5cK@;DGoQnC zF-;D4?BB}2RexLg%)9*a_!r4}%ipYO=628X1pW>)4~t&5eMKUsnz`SyKdGctoH2{* zJ7&?1>$Zklwx2`7dZp)bHsXS*tKqBuYgMwzyNAH@a)9|VsQ3wPQXJiPTh=o+RX}NN z9(X=Xk}cOI4<{crK;TYqnLa6}oqFKO1d)qV+b-ZMUQe^xpe#urh{d96E*HzGgPcRv zmlm%ojz&=_s{I%G(Fn0=39&y;-wS>kll1TOs~kJP$f>=OQcA|W62jlgg~CPk#qQa+t_y&ACf+{eAWJH{;lgc6Q71RcV{*Wei*q9 zrl&}_H8K`L7eb#nozw|0np*l=;PcG=WF@7XbPzntxi~)CJu88nm{s8TB?uzYLET4g z1@keTx!rq5k21XhI)?)81+QmrSV@fPBC0pl2W}6m2?6WlXd1>U87q-%-JK}T(ggV- zEP6KjY#Nj<EP=K9U=*h^X~bZA}($IGtF z5t6> z23Rz5Z&WeWHwQ7}8WK0{%<@2TjfvmSsX4g&iuQL0@;jYi_h53*&f%$0)PVJrlyAV)KWkSXsIRi^S+JE!} zxJ~<*2WVUHrG-N<^J@#}xIia*zS|K$JW2Gh*-6q#8mFKm`}xqX7=EldzjA+-|7!fz z#2O$A0Dq1C8vA|Wud+~Ws-*tM$6%o>mFSF6-s}V*-=6uX`LX#KmSzXWjkmiN^WYGX zz`9K4V*Zlbl0Ub81HKb~)I#~oMav~@f!%C@%8ZH#q~+(UyP}6jC~T!3Pg$D`X3*nj z;z9IEA(`S6S6rZ%Mz1Q+wGWW|C(H&4u19y;h_xw9v!fC%@Vc|;(=*9)YH_Ukd z+i&U9ZD2>YfiDiDzFV_gn5L*`{MiSqZ#QB$9OK&bqK->69cW91j1_$c(Xw=_1iGmA zZXcc`u_MNm9tR{ktC?3 zu8khbtYYYz?782Ilg0_vD|Tzs*#?ZUVgBC*df!IO!n8p-69gejo4ysc?!Lr z#-I?XeA*)V8>lgIMEOzltoT{ov-)REq~n=C?-L%My#i#b_2@ME_XhWk$pg1yqp{sj z;k(u%O96yoqXBubClk*1EcPJhVDMn{U<^+X)(u&4vhTN8G=idWVmwWQPolF(GW8X#GlN}(je~mHvDbm+X6yNP2QO?=5)12(kGGq zZiYiv4}F42a;nEs&QDID>=%QdszH5JX<;yqahf8tULf2;o11eY*otbf~3M&JjiJxHS33{-?MY<=Kq z&}q|Y^J(Yl5T~;R47)A3T_rMWb%fSle?$M~|I_$qDoiQ?sdM%VRzScO%LDM$!?$wQ zodhSn>HNSF71WvPsqt|tthC~ZGMb>8XCkYxntyXvoRN74@%+>Ge?3k9LMnOd+8@k5 z1b#^QkoL*vD|I-({C>w!laM;^3_+ZJ#re7kZnFB@19vkwoHpb6%Z^44ox<}r#=hD0 z)SlQYT~E`Fty2j5A9>4R@v8vg^v|RfE-@wYX~z*SxP6+>9X{+?vBXZ9RV@dee~& zyy&sj)+A4D@RMP1y13n;XMWE{_jC_>LE$n%-@54eHF%Zus`<6XkqcE*sqdQpi-N3d z{onx15%Ib3n>$JlEy%$dpo^AYtpFBW1u7|~V5ql%~M#hb1njBRSOSscxQU-r-#KRnTE9_P}Uhrnz;C+Z7jmZmW0?5_6BbrTO z?qmYyT5+sb@DS_W%e*Jb%~j|w4B!#YUhk6%d?nS51!r$Z zXmq$Z>5*U9@c5?l_*PKWVDrEQOsx_TVIvQ3-$QRAP%GhiIt2ub@NWp2h8{=f#m63x zeL4C|$XKeS>IR7)&#fU6KM%V0B1u~kEPg4hL^aI4C}U9O+ir>2&xs~I(V#brn9mt8 zUm))DVIEx*o?WvY^Bqs{x`G`#>~_s}74*2Jp!)Y4}a8S+m zRD&cg2`OAP(zlWQ@cl@%<>iuD@*}!)h_EzEz-3$dR+500YhXe0r$h$I(A8;d)PAvR)myUM{S!&n~OZHGgr7lRn5n1zNS*5b5ci>xv{|uN zwb#6_dB|^it}Q7KZoH5Nh5C7)`2c>Y(F7W{lCMy>*vxKPjW0AFT}>{{2+Bmjr~rPY zt)|fi6ogi0lwVgCw8sqlxUOtLu)AT$Z>f|PgmHdJNpzbI@hcKan37xd{E}K(bR2Fc z-wD4HdsmrL*M|MH`Q8lcO96_P7Jf5*h<5Gxy;Q=!2LN~_ac|gd*3y^>)czn9>1@@* zAvXH1N5cqTBZ%-7<=27KkfgA?mTYz66wu+X+)Qq-8N~M1Ly!oHM3MEwJry6I?KY)^B5$b2t>}e7dY>!-yN>QAMf4@4oU_`}7$op_&8r=zXO`$WW z)V0+C-3;=Y{k)kyZrsU}b3FR}`bIfj7L!e6CKgWQ3; zi9W3&QLF#=7=M33f7{rBdz12tKt8p=F3vKXB6*%mn31_@a2C~hwfRf@s}^`@5_o7Q zQY&rt<3Ra9H`2z_yEwTx3tDDFs0x2t#Ht9Ly~?s^JvZh!NoH3r;fWqt9)xHxUa4Ja zTp3!KxU5CmU5+u<5%~p$yGB>nMpQe52=h#hDoymM@`|e zuA?S+=-L?1bSjGXK3UakaKrIND6~W$#up==X0MxmvSzBBb{)f8#_Z3RZbhSN&y^2z zB-OViJkPU)_?g1eWO4vif~BgVG&ez6?t*P5jQu(JZW=~kSN3K<=-vkO<6{sU3H$+; zu9rjBYx7(?ZHQXfFeYvzl|RP1jRrWm7-Ut01jD$4!c;?m4m+wUYgNeoX4trrcQRpKvw6T9ciMKf zcFlI3dBnvNp1zA=ndu^h!0u@T6ZfAMvwYOj{hY+3Bue{ABeOq68e{v8 zpg-+2=k$YQhNDN$B1&Y6AAu=9fg$WSHazV46p!$<^HZ>8D|Y3S_F*rMdDX;btSxhw zBS|z+J2K$0kHtV$Eb$*7Vn&kQ)bm3*>&y{*u@^^UI1LdgOf@ZQVc^GA@9RlOp2Qp- zL<~vVfA#;hQgS)UXTX(2+FY7o5B*}mf zzywsZ!#{M{oYQ_3pqUkNts$xz&3?Mjf0K$rHlI(1GarpqJ{!3dCzkM|?V|B!5**Z< z4@W&>tqxFZBb2K{rz4VJ5~$M|xunNuB=m146jRYZ8%QR5@F!39fzvH1|+xw}44-a;6)pj)iq9%uE+QeIRqITNHVN?SWS>s*rP&pOz|*T{ZAUU)webHN(kw~dCLy8x!F?%@$7X^2Qdo7 z5gQ@AkS_RD^Y?mQD3f#;O3I?hq!dx*QHL$a?e$-lzslpkaSRiOOg`mx!BNvu+nY{Q zHDwsNy9etvBLy6ID;vgFZ`6y!tnfz(->jK9`=C8WnrqJJszlFx89X`?uRYqLW zjmT$yFO<;FkF(#$CEh1VQ8O-aLGRl5X3|dSCjp6!0a@F}CX z#QBUB)ho*26A3r!H!f}sJuTp)7kglS==jqYORD%^xT3U{uyOH8-18XmKbjAV$;vqs zCcC27^*}rkJC`_@FFz z)IquuQ0mqZ9T2%BA0{$DT1kf|KRVe)bG)@@~U!^#G)p-FBp8jrJfOe$Tt* zScvTJxvuMx?bQsK*0DYbAfic)fgKEhBf^U!nwhGALgIiz>hBMUjRPFk1;4BpWoeZU z8o*;GaaD%$jQ2paU8Eo_{c#?T^#IScCIE*wdv>do01VSveb!ItOzByHG}BCApz)w2 zpch%jFgu7okF*cAn6jNNv_XD6%}D?n?Zm>^JxzStD|?tzv91)#hu9EnN(`oxXg2Jr zeK$6dX21$#nJdw9kZ{n3uFiv~?NJ_K*mQ&&jr1rFy|SaSET6{Xs#m?R&MrquM&%K|gctkIq1;oRl+k=Bn z@Kh##FFu|=(I@oX9>%1V$Iph!(bS(ra$p9?`EAICocuc-Nx$={;xziS;I#RV)}ISJ zb7p^#W+Jt(;u+zM0PB3kSfX`@}qB&F(81W}8x(ibl()d&ESQuOwU6^5JVUAS+Zw=76n$k1kcJ5GY zWMev$rCY%%TeCaak};Gi#p#7;q{?tCRwA#gTB>E5mYSD3DSZ;{hGVjiWO`|KSs6NC z>{w@QB<9QJU?P_!7#xDMJ#D#Rxof$Xy=!!Nj8$B9MICfflh`u@b}&l>bJi;XD?#9t z(XdgacpjUj>roR>Uz^9?3NYE0<`OsZIT9}CUv9hH4#zzXeyMhz(&-3}*?grJ2jnn6 zORcL0SFI7qdR+|w*-VA~?z!5Bh(r^&qY*5)a5=gW1K`IK8-@%o8ICazZ)5Rl{c6wZ z*y<#VswRDkIwFdXy4}RJWTr|A?5B{|Yrve_@zbuv@z{vdQHbpI`Ei@@^NxmgNV;CZ zkG%c*7*ak>L@JIiyc?oB<|H3Lu{5$k4)@XrYk zWDGG9rA#9+&)VRwM(mDmx7=^}-%@a#L@}{+4QI$RMRcf?^RAWXyOnqQ zd5-jHj^at83^kU(8PT;eesAL5v~(|O<6pdh2w6d@X2N>Xdh&WPc7V$DdLFNi^-l2I z?)4seAqNO$Hf4mf(PqPz$INlVjjc6Gngvpj>J~6X8?9Id`ZvZl#-&NXfX)^R+H&pb zZ3(y^LR(}4k6sF%$Up5+d0B4A2>2jY`((l z=*jNuN2_E$Po#xxbaBC8;7!VEIKtHUhY38KqQ9jK_(HU{G(7Bh*z<6Z2s~|K#Vq80 zEIM1fX>AEZOqmX%T=S?7Jh?$mE3rGBk9r<22vF(KdtEw%~ylW4q-@#)~^thv$}plQC#3bSn&)B%1b@BsT3l z&c_lg4>dGcw$otQ186d~H34odypkH&9yE!5ya0S6h!H=q>`2)YlS4yHnQVq>hNSBN z*&bkqpNtT2Eu53K7$qF#wyr=Xok!qxEgHSv?J0~CT6_+4iC-`~cTIZpVemycnXpqQ zw)dURonAbXL)8C`F_Y}_=DT)s=?bPzM)b)Lza~ADvAeOLhw)4TpOa+L#?pXnikZ^g z3U>aw^Y+Xxx%~_5oZg0~zA*d>Zh%BYS)zlc_-QHkK;6?bw`JqgM%r;#8;{OToXs7Ipaulgg=VUK>U;;L>9)<$(aaImhwFR zdD-(?rj1~ULD@*7vZu-7XoSW<1R7fGSrS}r&j-(on288{mT7yLKudX?KD!Rm$LS3JEz~f+G~h(gf0O^B z1be>dy{RGYsR?ep6-VdHff8;81I7?PryCr3FcT_UaD=xr7H?;Q?83>GzRrq+#sd-0 z*mBSZ?=UG_G|rlFL@SOx(%}Df;G`a=$)VOzHs1{5&&ooFQy~YV0ZDSbFNYA=kG!0G zIYp$jGEBVrD=Tg@yH_ssmM2(M==?oJZ~eGYF# zUrrPO6Y(fTIRcn^6hbO*)ns#y*;~uEHmCvY002c_P8bu(!~zE<;O|VK>!SVbuoMNV zqcXh!hhp*0@|_(ZVK|aN5mT8?t7J4L8qgzIzQ(wX0 zzf2O3sq)qIs|7WiA#%dLCPR&8f7AS?gLvDF<;wvHqYqT6;#=gmHkce^e4w6$X+}vO zXyW&5+@DoU4Xr#)wDL@TpFUP6iO!j1DPcHD<%Z29Wjg=3?zs6xolDjZU4-|E0zYWm z$r$Dmtskb+4eG&V8w@Ly2P-7ppsh5%_Wu}y9a18!#Tfg8H4C2;M7R(3qzHuM@x*r~ z)9RDU6d|iDKeHOpouWgs2rmO#GF?q%rB-%Neu) z32jCVQ_Hmc>iISBYXE<#_HP}=2-}MZr;!D2YqkL6VXpA~i*cUpon z#268%4_EpmO`BeSgZ_s6jYl2Qb;f0B#>{sv>a6B%&OV;pCcj!gCT1z~@i33xINE*X zcT@BO#Qu%{hxQ^Vx{v~p(7BE&9p?C%M7Zc+w)KIDj09F&;sW z=0XZ$J!&*Ba?Z@}D?iW|>c5ADkMy?kpE$vnYV9~+JR)Bb#aYy|6k>TM4i&Gfk0Ra% ze^AEMR{PQFo544mV-NmqPNAc-{(b56A~#?3;?Pwytd6z^s)zC7pQ@6QeKd9qV_2)a zYfZNzZWliu*wK8J@LZi&-JjPyOTOQI9KkC4I){_5U9j5Ky=i{yAph+cb8|+cj7mHn z5dXL4+M`p_($X@sdWQKg?8g1B!-%B3ZLrpytO}rwbQ5@pNV^i}EDh z%VSr<`A6Z506&YE4gFO!7EjyN%+-3#tH`F%NT zP76yR%?m7m!i@>hPP>N+fZ)*Gi}zISMIo=sU$5Kn-^kx6xSzAB#88z@dhZOdUK4s( z1zEjyz;}+sF(@8opdiVV3rEr8GS&)zCO|F_u{gj=Sq74*LN(q_-fpCQF?nZt*B)%y zp5}QSnl5daAOZx8$+}A6<1_rCi1ZapoQ%nb6Ni&jP%B8^O?X-Svh-#5tKiqpOwj8A zO!N+KY)MD;dK*j{kHLHA_l?NL6KT85=c#JL2B-d^7ipB?N8gXlpVYb8vOjgt~nk!9!6bZd(uF-yfuQT0)j$?%P@!^YX2`Cs9t-B z-Yg2XsT1BVs*~5Q@Z0bGmAs0E1((x8nve>Pm zt&v?f?%*bt0nfcAKH}XkwD@>NAJiXA9!wE?Fo@Q~;8o~r@`>N7e=6c(?fE=TCSn@@ z9cpO%LT8FygYQa33z;{WU6mB5u~0;_E=yYpwR z!p)_5)j=AV`mRlp^Imbi0kvi;S4{yyK|_A}mzs8N6N=wxz`yIb;!~te<-;}XKX&-mL9Q%FK z{T9SG;@pbfOn?FQp(4|YGpbnV?Fpq%4>8-+jI?7RF%|T6(n%C+OYx5~7L)%K(Fft@ zi1`(NN~156#E77XoYQ=U;yym+<7go|NvDrkRJj^*HRfs)1!ETLQJmR58%p=vp2WS( z{}B4c^{du51H{LM0Qbp%$WfdxjEJtE0iM#}2ObWkW;h?k4?J|C7-#Ve@l}q*S4{#2 zsUs~DuVEPqhfx_*rNv)xDqL#b@+icafNu0wF3?=l3Ph85xtAy^5j*8U#8d_#i#b^Z z*1#;DB0NeO&J@5V_IMk48m9KF zU$|od6;=TtVTE+8_?|i{NgG0xQVC14L@rjjKFHsu^@a^#K=}P=PJb6Bb+b-J9hE<5 zz+i+kAI%<}wb-}wp}2~TSTg~ z5}0Cu)7Vn3st&}X_{&(7tUtDYP@UREEY>X*t|(pYzTSA-`hEjnv8EmUJx{)-lboSc zj!T62;;ZrFlplkv*xkR2!D@T{y8g368x(;gzVvqMooW#G96nFl>qYm~NhZ`LMcMVSJKY9>+Y!JW zetX6TjkE@YP|;rbO&zb*@NY{d znwxA=Ms)}YYe8S5;6+utZ*bpmGv&RxtbBEmx2KRC z%I^0D|LOkM^D*RO=%@Zq!{39*SSb2Y^vf0r8+4jW$Xx7v?n32i;9AjjmD}+fIrsaB zcTamVwG*@(^gQZN|Bc_<2{#qCLF^1Qi=@N>%)-FGeCZx!? zo_`)A$X?Fp>8a!+*?`#N0^5lr4^I&v%4V|im2dXL%6lQm4wfIwFpOsXxBI13%KuIz zVyV*&H; zD;Zy4^v(+O!bvJXE0H*9zE`}jV7V{*uNU;e^MeogL)nLJmVAwm7JMY#X-yK+X~pMc z%-z#pE_|{2V#^bw$p_M0ejrD_PJFZdR`{(3W_t`)y9sJB<+zMI>6YU*1W(;OHcH(6 zt|wVMGs#@|`8+g(KMmooeORE=xX1l}1vAlHr1+{Z!AS66KDJ8A2qjPw4 z8fM3k!@-0fz6E8NZgZY;6;#YA_?1M>Rn2wIb;0c@!R%PkwCW*vSdZ=CtngfB$G+eE|JBqLqQS}2rLv{1s-aaIm448z`xlWnfFr~++lxp-8hwx)}jgrQND42=aYGKXc)WiNE& zK};0vOd;y=F1C7QKJ0pMG8bTEoJeZ&fRTw^Nr926fRhPr5k7n5w)@nM8OyO#)BvZ8!N80gA4=@l z`bn%byk(84!3~~9EZ{jT-sQJy5s`Hgq%=fA<-~1OmYfT>eXz5p$o$DXsR8Q0J%tX) zoYm*z9r604!pIcdX(Weo@XiETl#__hR1t6L+||W6V#)$fZyF1d{atVBFN^M$z|&N* z&ex!_9|tbbXK6BnvvEW<6wUI)`b0ry@x9V}b@zJda2BhS-+BqWOb=d7wGBNYBrd?s zSisH*e#Uvjb;Etb54gdfg!&-)rd1&bZGoK;N_=6>P(GitFeh;y1hJ4s+>eK!DZ!9i zNwib<{eH>Ls1fU=OXZLSERF4^D=bYgheIZUjqc6C2g(!>Sv;^pFlP@_qaao{2ftX| zgN6rf54tHV)O@IW&ek{*w(HJ%r=STZ?O_Yt%qZN9ChUwg&Ok3%nP|#inpyFb5!(s& z#TmhA_~Ur!?<^+!aS`lGE&NM64#oW>z#~3@BZ23!mZ-1s;&C1CeD&h zSe2ozVMHXNDADGeOG#i=#Cr&LGWcZZ$@G&M)<(l^2UbT{Zdt$WFtR2id82cn(c4fw zkvEB)PjlzY)#|hpNicBnPW?{9PS;L1oXIe3$<(egF({_HPOO<8yPnjGD&z>BL_}1j z!i|){jnolTHMBdkJA-S}oJCX=HU>RSeVX$$PjVvlETvs=AN{~NY6Pn2V7xMuzD}QK z@z0X+8ixnBZYBN1o`t?+>dH z473!*w<(?xb*YI2ya;|nFdT(My;Q+&bng$sXH4zS&}5+WLJbSH$qO@?PAQTp-C;C* z;4~C3VqYZV^eiBsvgJkliw>f=`l!WVzHOmP(%ke-bMr z3G7NcC?%t^;-H#ofY0b6r(uY-T0 z!%+(vmu;LCJx6^<6Gzi;l;2npRPDow5hVGLIQWpfHzh>wD9M~l!Gm0c197L}+aI}5 z$lDk=5Rq@0Mv-kgKFRjCUCa<%$TX#(IwT6jvom%)a#f1ktyswSiV z4G8?UKDL1o2{;ZqjyR8ZDn1sC8}&@H+>*xGkaPe^U6J3$oMfF8pOl@HpH!YypERDd zoV1^e0G*luIavR&rM&FY5APp7h}A@teKtOtmLKguhJTDx5UlZ2@0=;IWw-MC8751u z^M4i+IHB^(5(dN`L#F#L#jik=f)N6+z!r&D`qvI#e*o;(8z5>!S8&M68 zoT|WCr~_@-ojP#zg`Y+N)25P!Ss;@zn@@WnvUv_s~imYc77tSRmfJa_#X_8X_RV@NoePvxK^gG)mz z)|YLsSKMg0t3jSv51&N;`!%Sz?O4d0wmP?`c8#94J=fnWc`@_G^h5c_VA^iD4iiGc zb91|q+t@8SlMOX?)o?ZGy2-6xI*}$g9Je~!_*aIeJ{iJpvhjpNpCQt&71~Q>>wFXy%2XupRuy zcVpmD-BvbqeA4s$ee;8{FM8i|{&f85{4?;+O#I(ns!&o|Obw1MDr#w;nq?g}nRA}= zMPnC_oXHj&f69CX5ugtI^J`?49U=|Wh_RGRNevj2I)yxO0%t-zq>kYzU^y5UP1JJY zat7Xm4&*}P7#MXyOEXsTz?xbp>+QdM0c0NaC+A|}<*F+&S4ytbi|})qhnFnRMGfQ*niE%JR#TAp6fi~jYX%YT*fZYO;)%a#xHc-5L@C`VM7~|eh}Cd{)h_`o zH3^4JrAW!7c{A~5%FQwSsyZxoNiqr}=T_UT3B)!kj2c1X8VGLkZ?_PL(Q|v4HO_}x zs0=bPeeMR{4Z_h{ezymd^#Wssgxl|463bZTy+Z8rChNBN2L>nt(%vu!(+WZD*)3bk z8yvNkhhW70dIMdY_3Vc+hXo?xyuSRThV$5@+uNL90c==ji&$)qZHj5uz0lK&DP zRiXPUe_Z#thv`K~;)p;y1l3;!BN8%4@EvGjxi@5?@qMCr67?kENh*`^B=<=%hQ~^z zA)RPTjR?>V*iK<`x4X6n&;uH>y5uwUJ0l<%o=gCan;0eonYJc2M-xOE*(@W)#9t57 zNuf;{mOHT>!7@uMf!f;aXZ5TaanBPOv0$V<&wZYUOV=0ZSS4a8^HXi z1`=dX8-d4u5I){+76Gjn9xoDbm?$4;gQP|9A+I?YJ{UWgfJjs#d(%~ZqC;@=gdWBn zCc<20GX;mG2oRb`EbHLIJoQqI53?Bo(>5<%(ISTMA#UJPdlB3%lvog>*A9G2UHOzI zz3zV93&W*!bWx7uk*6H5qbLHR8;%A^`}5}Gm`?z7)tfe%-WkkiF!^ov+mg5C?~?HZ z4e@bPmT}Hz?_J-!(Zt~g*`LK^GhOcoaSZ8z&zTbCEXEPC{}PeTp+q_N@Hy*XMn24( z4L#b1A6=LnjFpi3A7_bjc8AVae2U>?mPM=O*r!Q8TAH7ANdUFtV^#gRl@Aq$%g+;^ zry=xJp!8M0*fR=r%!OYH$!@&x)%k1m*E$FlUE1Vbpzaj}ID350X9~yx)dIzig_lb^ zuH@6xLT5q$tozyd%LWoX@K-FTpfR|h zGvoa`_IEzh{JZ=2$nQ}ZX`n(qlp&P%#nS*#@N}l&bc_#!H&e``ug*j7{x?IM=xV`B zIeVoCP}drYWy6~WTcQ6|h}hnhCPjQw%k=c@ERh(x@^m+rV$7bo0Tkx?^9l2XaJoJ7 z103ZRjH8?oobK@p zNk2cot2w##5k;D#91i4l3t5ijeT!a>!HAN=;hj#|r#bIi_(}wab~2}S1(|_W=)r|C zrHN@-LGQlOF5)>>I+#(~18lhk02hCB!&zVu2BS%WQd zTCcQTX}i+Rh$DTFBOR<>9_kubMc#2HIUu0`E_} zF@r-<^cOqb%(z)~vyD=RnVYjx#27?9bKH5YLx(7GxUEl%hYen<^4k@+2X4>sj_Tg= zxRb{jTzIDh7_Nb1cm!LFHKuYe zWrhhDZ-n(myxGDbCZ-y>Ve7+wtm>oGK~9m^sKJ;#vU+rh!&ZSYCyetpmK@W3WQS!) z4LjIIj1d^dGiMJ}M?#%8Q?pp3<6USF8PfjyVPD?osm$bs1)V+d^YoJ=DF%~ zOC%de{GXQ~+Gt<~pN~n0n=a?3Aza^CuagsJr>HgX-wPzMD~P=&YcCgXL&07L$E8T^ z^4<^Nzzj!uKJ!AEGtr%|MKrRv1SW|hgM3+IFoM`k$lSbeMEH<;>n~5jP`LYOj>2^M zhcht_~IWqYMh1YuXH&L&*BY@NSHRJ2KWN$w64hH;yDe=nF{puRj=we5dY`wNai3+ zeVxXnzs{uwp@74%ALhnyupTa*ya1!S5B`y9`EYCmn&w9l81bmMFocg(v z?`bVx)V9x^d{cXH9tekw3e^a@Sh!p{1w+0>d`bC|MbJ;#mkGpjT0|V!epS!{ob)Y^ z5=Biqs$5{%#32|;%4r0`I1vLRf`AIX7jX_&GqvAahz06rCO8V!_yQYp6gnTfa1zEI z$1_#O)d=J!PFx5_5QPclC$&r+r(X--<~9yM@pabvVaWMs4`V09a-uvT=|?Kx>S|6u zM~WIl5yT~t58Uvx@n_S|mYT=r{XXN092CDGjhqjM3b}ld` zyPl|SNzB-{ev|#l>9ZpdEu%lmfA^p2{B8M{DsnilB`AVJqvMnE3yX@|+Pelvra5BF zrP#}R&WB?rd@h@KfC4PWjUt45u4S$b=SJsT&s-ng4U>6m#%A6TM$8$U-{ai75kH>> z(q9bLUr&%gCo@c%%lLu{V+vnp#fbkN!Hhuv5gLqQ4n+nE|7>s7JMcIb*>HR=|%S?2yG!_<&rdcCi^wpp{jnOYj1Vql;72Y+Dgs z;Kh;>Nf&A~6T`%EfTiO0C}B$RceE_EqV#FQHLJ=gs4moW%NGdt5v*N0hglX9fIO0B z+TjaS@NpoPf-^9uzT0NScEuAPM<7m)pp{^_gD94o#1)aHp3VtZ#ni2|a>Vtl^sV%- z3|>~cY|Js2Mw3+|o{nBABj~%_55FMY9havG0KFtaggElVLeq%HP=gve%9i;yTCIl8MRQmkMNCn5L<2fQI- zoH-l=R^wQA5?52vGm5%}d=AL|H6>bK9oD?pLf67zBItd^8B({_ywy- z_o2?%AGRWi;)Z;tiqo|J`VgGOBr|(M`GzW-g*vjdGv2};*1`pAnLEsdx8yCN5m?0F zI*Gdx&m?flrZA}lP-Wl9l~c%ZTXkcEnPfpzmt2OuY~XUHgUc0JMl5GS$s;>i)ME^6 z3=;vS&FOD;-<|OwL(i9&Er`I42pYhI>m`Q{u%i3L_e4NN~Uac)*ZM zBz=owr#)YILKbF-5Sm#Wc%vb)P`9TZ)Uo#I? z9;!dorgqgxjwxMWHUJE+h-#=5kn!!AlpW^ak||_a?O;`%kj00ZkF+T1Fhy>2@sS;2eizMPT||QnKN=&Bd65OQ ziJhsP8BE9q@H_s%CgEtHf32BZBCYs4&@|mLN&CiFPkCLltxo5}XEm$6rPnFEtUAR{y zr(&<}yjiRZhsy|3C*f%kjF02K)4r?ZdZOTaV)x_Vdy3$9Dp4c|c4q>&iZUfCg55Eq zd(46&a;q2CWHvfV?~1#0t%Omr5<|&~Sm0A$q`pXdkxmO)1AI>#T+aYp&ooew5iF0@ zfi=z*;row9UUk+%CK#R?xSdv(_W`^r@H^yWjZ2B{w5)khf#b1c99Z7tfr~`RXvSgI zVaZ_yD|_8xJqpw|U?aimbg{aR9*#2;LJ$p*B-kC%Rp!7ry$oOkuM_by=4BEh=@zDq z>6ZSMG3jqnmCO4DB#DI3Axjkb1Kz++VNArUXcl;pL0SH)<5kbAUZzj7JW5z&jp2C& z%VYoA33%$#dFz?zJoA&QeKu=-@$1spWw1RJuPZUJkH~;KRX86Z8M8dPBpomQM?s{Z zryQlj`v~SI=ct@zzZU5x>_sd7ub9K348};55NHt1V=RjZGKe`Tz&#^c&}%=` zkzv*X?AHCE|HB|N1OPYjVOl_N=l$reg!qJ_a%tqOXydHtmWRcV>{pwThlSvqv_F}` zGda`#;>LL3xeOq76Hx!(pOFzJxeU{JsQ#iKa{> z_DjN-3?_^Awh~cv%(Q%IlTB{3UzG^J6p)|^J|9cQp0rXY073;2VdmGuuU%h9zRu9` zru)tDTgbNv4x5T^b>G^)^?d6CG}K1TW5!rg!C@oM94`)?LVP~0-@9=7C?Bgb+VEWZ z@}v%YajO{rwg5Es z!aEf5I|jo;>hJ8|Me@L^{#^st){Q@i(+ZD}Dtwy`K}z}vE=B)bgyh^Z5fh8HX7pKEr>;$(Ge&^w0S=6F4_3#)Eh^&%Xh5 z$;B|D!6M;rl4Rei|MvVHLr>-NFXUgCNCGieB#9Glu@(7G(T(N}#iq?x&|VDGd&8@8 zd?F72b$&L49`!h`R#Gxn%y%s-Uv^rx+P2?mc&4^rK>G{j`Zkjo^B>!Xi)no_EP)F@N4V$+XeyU!xsxOuIA zZRnaW-tER4RWfK^ajOc?wC!y>c2Qkq@_KiJA!rIVtRY%T*o>6fjGP{Nu?GbqFOGiL z{z(0i6I)Ilj^E+OMmT5HP=FY1U)&ztnZV`R_tfKQuuRmZlACX8>GSrzT13DB1j>i+ z_fes8@kKBJO~r?;BQ=Y**tYc2;G&zXEBorS1{_(kJI(Iitv6I zU2(nQb)^u+m+{qZ;_EK0xvUWrd|d^#Rmt^w{&{LsGuLpl{$|U~mV5T=?rh09>mxY6 z9jRl;W!oK>VRG)2zhPdvKd>22kX#FHZ8y?8lOLp_{ONhDLNaGDVXvc)#~#nH`DwHD zwQbFiA`~t+ut{9VK|3MrRih%}jd})KLMB=crcqb;A{Oq4!tuu`l8-BN5m8~gI2NQW7gLYNDiNG0mtFTnJ20z+OXk;yaBxknTh=6cV5S@)9thu7oEeO z0MvrHu*?1b$b#gbTvLD~dgq+y0_Ihjaq6jJm>x(^(?v6G^NhtpApaal;DMD9`kXIa zuB6^iv^UoS&kvGWpe4chC~nj$G;toZFZG8br;ygaqJ2Gg;57^6{(xsiz4 zY!J=r@NJ(vjyU)y@4A75WZu){Zs~=lj$SV%0V)+YeZFiBt^m63;aUiw8Mtn-hQI&!OqvsCKot{VUsXA->M~8IvhsPq5{R{jhnX; zy^0s@tQ6uwY&#znzwtmt68JVqs!d(rr||8LMBPyU#Mdsqz#siTDKLx~oLAb_ez71c zDf`R#SIciH-v&^S(kzNdJ(uso*vTX?S3Zgc+n=SsM(|x0;g+;KwMT(a^2g?{jxbuS zX$2HDPt6FTNExcgihr9fpg;l#3YhEV->TNUDa3Z(d<)Zy1<)FQl$#8WiIo^m!9u}8 z5%^6t(=QR6A<&y?5E~uF5)ptsM3SJA++{a-&SDN&P0?Z*hM_uv)-0)z%x=IKF7ayv zsS!Ahz-UBSWEpzS(WNmWC$$K+(_!?N4Ir0{Bt~PrY=S#WL@-~Hxf_CPihyRyAe2&I zHf1Z8yn-&EGAT^fN&!SuC8T;am`npSQ>R2_M!;muE?Y`s$s1xR6rw%xax#768RWtj ziEOkh7FPn8NJyr7@R;T+oe)bx`zbJ)VQ3|R#F)sxWg9RUK`Ds|!l)7g4im$~%c;FO z21$PbW2C@cocI*@t}0f8WF|+L%;ks#f5~QYD7q|P?IxR}586o!Bb3)#%vwCSOEuM( z9lYLyYg6YWl*lc%z7`9$p8yHfKt4w^C`W;Cx>8#Bg?-<(F#=}hj1yNuS1#7>pOq=I>5GF2pQbfD}M9pp27Hyl7V zE|H7x0=5xDM@A#rZo{%$-1v?wXolAvKgRz~@SPCUfJMvy3mUV5v=Yx-wV7K3Q;C9J>n%PH#*&5dYDhY3SeCxb3-BS{t#c3^q1yYB*m5eI^i zNNz_CWLp0H0;Z5=5LF}%4l+ixW3wMCtMUUKNu>p&0S$i;#pLttEqPGObU)|^p%|7k z{$Pslu_|Nq&=~8Ppx7MwIt!Z3`JpFPG(W!63J5pxrH*+ROS(rK*&Z3^lw0n@T$%Gx zfN54_eN>b7(Ln}Y7b$ps4+oghhhxk*GjUGFsXx+tbOD6J41~iGgu_`%EqtKn{GsMz zAm-xa#DjGtN~|Lj(@_Cw(_+dVRWXf^T4k!<2)TNrARpt8W**IeeW;;U)k3f#XgrV) za1M7ciUdr$LXwgGB!|f*O;4Z|)ew74U>5BpcXX56A@B;#ZEcxHE%py%1RK_%6+wI_ zi?+*&JyT}PAov`x(uM4V@5F;jWS~A39p|;O<6Iys}N4Cxn78b=0lk7_wJByn^;?U(q(h)B17It5Ol%(p}v z9jd`IFQ~v^a{JB@iWu;T6zIS-L{K@Dt_oVP98GEqnSKM$24w}S5<(FzGO=|fW??Gx zIxNtrx=~mZzyvd4&%;ruQeMQCRms$l)zJ@PF^*n!a!-YCmLAd)K_A-fIqqG8Japgl zk>d-Ar~u1|+e<%B?I?gjXpjvuwj^+PAvg(QUyIvMC4nOg^On%1Ht)CX_wM(TvjKJi z#i;s113`*DJrgE$rAI(77Ba<52}ENZ$r{sSYiOfE)diujg>rOyI&;^l;r=%JE&y}dLNL{j} z#6_r1r=-9|gH{V25)btdy13Hl5<)j}G}NN#Q%^;8iiP{-tQh*z)MYTJ0eD0l*h87r zmR7TqHqw&Q0|L=U%lg2pu~%cSm0lZyLRc}j;1Ko*W!xyj3L;}8nx^$w*|aV~Sb^DdHNbU*U=KN*cT8q}bp;G<9`95reb@n5M&d895D9u-MkqWY-% zs9vg5TO>l!4kg(IP9aFiF=)vtsZ=$1WAMiKjR|85LFoW?A%r>Js8<6>^ALF+k#Azp zCk>i1n{umMNmG`*DV2zZNcpHG=Yyn=H%$x?c*yNEklX1~f@Mm*lMO_s6LSfpyBCzE zk8F5X(C{99-t2zX?VkNM2lPYqyO+GJf#z&y1i?A{c2xAdgMuhiIH1m$qKGvE1qq@q zEaYAFyB;u*en?P3gHD2j7|;Q41`^^52BJVT6!kt4)T8u$gVe^hL5X(J4KLc^X@&;} znS4J5MXCfzs)BJ<3t5p4w}K(ah@ea_L7GN@f>bkgP^Zl#Q+A=B9U#G7jqHU02-IjY zDm&P>^pF`De>BC-Bg94+(nxX-|Cj)wnu74C0#db#5yWaO=_2*es|{cwEs|vIkisNE zvkow0AE!RfAX8G33S2?A+F(9pp92jEm1JuyMOo=!A_bqS(cm_JYWviV61R^Ln8-OI z@>zosNQlYjizsm&K|(H(oas!Syes1_g-#97vR#m}XCf!HFQN+c3={F2F-33zMsiN=2=zA-{Kbq0__CV?m(R;7Xg=TPU z!q|{}VhgS7a_n{NOP`duN}`~5OO8uHK&pvCsOLtpII)&)D6f;WlMKXHxhGYSz4aub z2;`%k={p$`yYI;qq^~jvh#KgJ5yC8csr_}42*_DpN*H3TD2U)_NZ>JxwS}sbbUFWak<_pcNhf}cKmAt< zIe{|wBn-M(j7UBa*(XV$7->=jRv>BPN{|eZe9{V8+yz-IGEWAWL1u&*`#te{iV-M> zl2jIJk%D5(TsSp7HG@#TDCuNtjHdSJjU5>$Ni4gax)HPB$@q|y;zvqK&}py;j5sYK z23z-E=-EZA7O<4L(YJ@FY~Cm!M|N`*&Q;Eha|JlU;7-85+ANBCcly}iT!)af8sL09 zt9H+2W1m>gMc!3U#_$Y=|8P1trmwVJ)q$yWVw%{1HNhe*K_l#uSLMPj2Ce1DI`>wp z+$XPTUn{z<%rz|v+zqZ`569dtq;~ z*hr8Q!NTNXlGeu?Q-EZYGIhzG1hbD+z>NrtbS`4hban-=U2ohfedKd_KCQ)f;>%aO zhO1EnH;L(UpXZZ!IvV#IUl{Ox^m)slDmZ8!(hN~{ z-cM$c%lR+6ms{rhf0`w-sZN zgwy2HI&|ipe<%OW{+<1&%xL`c{1+?)h*<&2nOWI6`T35P#u z`)x4xh07K&;iH$0uXL`uTsONBdeZ@)nBlD^rsY=aeKokcG8x_(5B8C^RRexxz3W8G zW+JI*t{IpE4)7gaL>oo?0#kmq{l?5I5FJhb<*aRu9fRGF zr)K*ZN=moX{UcH`GTV9vhR0_(bJZvr)It+!GH1$oaO#S_9LI@#b5JCtswJ=STr4mQA zIIAuA@!9e7bCgH5J3vbyB8b?<{HS{hy&XC^t+)y_wp>jnrZ9F{$>UizZ2_dnNz#!Iz(7AJZxBZ_=VmMe)^8Co7* z9$TJRo?&K@SzKT&uw~jXc8n9_Ns>tHO8iPOBSJIlnFbE|G2kUlq!p$d^6o^M$8)}? zp$;uUX3>nndhjv@f;>f|0C>8L5voxuWEP?f$ej_jf-zU(5M0!7-ghuvocMkJryQN- z#5cQYjc(Kv-KZam(FjV0lhKT3UCq5(ceS6Y;YoTerjc0)!>0*j%9$@7x{Ew@Hi#=c zIrSC5TR~D)8VAf3FE#o(9QvXys-086e|2zm`aJzagmLPv>7zI`T60`;W4xHiwYaq; zCYJ{7!nF$daLx!I06nS(g@{@_paKvuK!{<>*kKWOz2=7U--q#I0uW||0v9Ba(3^HG zla$_Ul&h21rV(T4^5mLbH@|+7ak%by-39At0Sph#eN%@KA)jZ!gMb^{Z+cL(=|}N$G?Ab2 z^mr6dvsZ*tRzRn1H`{LxF~iKr&Cy#*w^VMaVOiItgwKpIzvUo9L45%y67VI6IM8gm zQbizW(XC>p6hTI>8v2Metcen}0g4oJNmNe)atMec^iCY&jU?hl z)9$1LcGLrL3<7Sb{~x%a3&bwu8wSWXj7g<2ks=OT^u4x#98P@D{1I1x7sXe}Kq%RODEUZ1%K3;l-R~jE=bW%3_>kD5_#Ja5IF$ERorhh&Uvh_LhRps?BP0#F{pnsR$LC=6*yX zvp7ri$Q3i8RLdG$t^@I@&cO5TGDOvzA|j!6j(QONAPx~pBA|UTmfd{R&vle-i~-ds0o15b$0fiSSH=?yuMZ1HDBw&A8t6Q7gGwKk1H=dwbR#fK4=_wWGx+}@ z80x#!ADN?uwvqx97vL99ge7snEoXp>Xmc(k@x7Lmmo}-6rr=9XkLaL5YBGEdyNpS} zi8`Rm*=Ro2q~O2_%0Wag1WC8kx0HbM>N ztO3OMiM=dM@WGGcD~rbho&?c(6Uih=C@34jN(EC10MrBk)Fr1|%2#?3ubdf?m9~|D zgw8bIdI(t*2v^SR$T380B~w_Ix}C;kq5;p^E&wDdqQa~SHTdZE)b=bg7Bx8e=0*fB&6J?E$}re2tj*)hB*GV< zrCrrs?Oh#47gf2@uKBL@uHCK!VPC|3k;@;j8?+n3gfpW4Ar{+nGPdV5oJE<)Wb%Nc zL^y2QZu@Sp$l;;iM-(s8|seO9mdJ$J%9qoW@F~n>#)Ge{8*lcbr$2y)9YHlEuu-%*@Qp%*8 zsTOg$FWp~bP-XnUF-d@%W78tklqXV-~h>rswsM8~%UO)<{+HKWGJgn4qY+@4@-z<*P+ITO=ZoV;V6-89Y$Xc*meAO;&zho*o(uy z0BcSqL$KgzfP-3ao4@Zu(-(IhBvASv0ji9%Z;?|HJ`#BJU@@C=5xw zI+F&cLIT$1s0P(j`_cZS2QU5TlUWQoi)e|c^$KBYp)T1Fw03;zge^ymIpM6S1Us96 zHAiF4NynTc_}K!AV#^ql)hmyE=hI;{@^p+LnT*H)(Gtl%!0OQe%Z}kQsT6UgX~&-d zSr#^(BAoXPT9Zx>f$X(sht-(Of_$eBIND&=zp)I$@-gO=GYG54iQl6}UK2R+X9#8M z(mHR97hh1d4lg_zbVW1V%7J61sqZVngI}-I_@bGSmRNO$UW}`3n%+wz##vTac4VOC z%t*_FaaJJC{1}v^O8+v*ujRbVQ!(y}mo=yZpZ@U6nU@P<;$eWLN7ubEac)ysX%?)f ztw7w0>{(O00gCZ>h6DeOw!X8wr za&`5phGm4rz|`wGl^U?*(ir+C{7vMWC>0>je3ONw;=AxoE$U<>)(uow#$v;gDR?u< zSj^(BuZooCgSQb=(BRt%EJ4$6SFr&Zk~1)SXF<}y23C~&J5R`35o%19tm?6gh@Y1b zK(BmP^{)C|9ct7L&IHKY|8AC{m>t6~cO-?uq3^>Pi$%ScEMLs~xc3Q+#}dgS)YEVv zklr2!Vv9u4O+VOC8sp6P%U2D*f(WH2VhYN}4wTO|xR`5jEh&XQQVNn#m_jqyf+YX9 zrbc21X&rM0$>V}8$eZ$RA2k|_VKA17Nh|ClDeGNt_RNZ7L6#xq^q41`fVOb;i zpk_5NTl~6$T}UHLL)eA{A}k{`zi&z3#4yyVk`i6o0ouQbiTQ8K$};5i-HE}OJCS)m zaud;iq?hrW-JcwGCwPU6u7vyhpp*6|=$;r}CmAbsMG6h>-= zs2EA0z7BO_78+9-3mK~|{#gF8f?-JKr!GuW$x255OeAEV2G}Tr3w|LgqE)s-+od%@ z=zb0@{9Hn7Qm>8_sqWtEVi>&tT zFctZc?~L6~f;}u|B2gh>{?h&G{hIxT{r3Hi{Sn47;~0#l_Sg3h{Wkb*_1hMBljCof z-|kco1^kZuU4RND@F9_p4ZWyX694IixLXo&wiFZbgtBzhgR6b*u@Nrp#$2(+;3)O=g8_=$mC6{K{_4-*)Gawsw1+16bx=GkUG+w~V*S*<%IDzUqMqFJW6=vg_=KS|9ll zKNcF7hQ*cnwC_ba#PEjK4(b6H$h^PxbfG(6WXo z1q}Pv1=C>`9B#+Y2|no7U!%Kb;#~oT7ZsC`oSeE5jYTTqXyvht<3n(Yb54z%HsNMC ze#PO>EdGyaytZ;}g}XxWU;UJ}5B}Z%_dHz0sJmtlVjuSHG(0kgL9qU^@~!Wu#P7X~ zo1!51MMXvD7Zes17nhXQE^Z`j>K++5T6a3~PfYKB)j=jMz0-Ctf6M4u`41<)<-#7I zr{{pnF5Pc>{PW)UzyC_}=QRIp>T=xrzG8yg9g^{^zWvAYJss&!wmt}T z)#>B_CZyC;<)^Aob%KIQyXbj84e4M(@#qW2TIN5{{)FkHkA+&e$cHc9KHe5`BM|6S{4YS?(W) za6vRMCg}q~FiCZj3_c-n3b-JHJV&XhL?)!ufvok-PYEe#PZ)Mgpc2NA(8x%N&6^rE=Cxg7R8 z@6O_158Dc3|62{1wUsihT=uw?+cVlu1#`UQZui{@bJpK)0&3y>Ae#LuUUBxRc@O*9 zmpXDxY@mOjbEkV}@X4z0YAAK}_@C`y z-N?o<1{`L}voaN3^m!hDt2vxQlWY-_o@aA(Dq=UdjDtCd!%-%?ykRzZu`knJHYrE) zJhei(F!&o@O};j#wQU^c{sLPwe`qpYIK=9yqxXDQ_O6fZ)jTif1T@8j*@G=p2rt<} zwoKC>bqW2+%QGGJOM%)XwX#22#XW04n{gq(P}9#XxM1_Y^nMxm>d1a4m{(OJ@%dF= zNDjP;n!e4kr7=>@)DajgE=2GaiQHwO4kpp5zpB`fGy~AI!pSL*+*&v(VS6d~HEZ@J z=qYyPp&6)ZaxFnRS{`lNE8maU@8PFq$=6@c(rTAZ-55)&qYK9@32((>2byI&pq$GNbG${{Ciqa*WLhcBgcJL9UWVPBVB*Yoh8M7x%qG7 z+e;4uALYDh{umBx#cQvGcUKIxcgw7bLi7z|(ldId7_Lk0Smj2`X6xo4jxkrz0zQnn z6OI}mHD;__#MpSAj9u07QMAaQ*9FXs6NB32lZFgf1IVO#f*)Tw+kbBMygPNjmGlF( zlD_i7c{GG3NLMXfT*mtsNujSKp$-y?Z@4~z-TW)sZpj={$ zlg0p|=e9K}!$C4koB0~lvN+mZ#_vqrS-h*mrQh|J}l^nNWS=GumjdyQXGAV;ax zpN;scaZ~?tmaQb=Q!@aveS3O)hLDF$@I%{ibaCQ$6|fh&m&|V~doORVV6T|(UNx%O zs{=pLiMsZ>_j>pG_68IfXA~BZIHjle7WNkLNw096G2{MEhEFP_4U*QH%BA@-h zVGMmEyowS}`JXn&^ftiJB$Jw`(2Kp7X0J?Nbw<^H8eMY+vo{1CCW2Q%GKkTR8=Zfz z-YlSHw*B@5#DDj@X?G`>!T4b5X{MySWV>m5?S8(Dw6a0)QkwBEGA<7vm)Fmy9at+e7cQ&lB+ z1!aMQBzadi*KtIFZiqVB-)L2|hxXzchnnt;_mB}DM0suhwe>D)llxe=!$k+`Iz)hcQB^!({1sv1m@6H6i=&?G6W zi1OK}H{t<)o&jypqO*osx+NX{@?&#Smpe34pyJq8VbI$v{s5vH)@XJw^Rtd==VG@$6v z-bR@Rr@X+6VHdMe5h{lb+Kzj4jHmg8TF6LBR$x*_s=LhwMyNgAZL*Z{Q=ZZ)Rxo3i z##B1i?y@_tYG3lPwKzxHSfBWlb&aEGp$^zo^Og21vI<$gY6<&O(yX=kI3>y2izd<1 z)zzzqNU@sI+$PX}A3XZ;D#e=jXE|Q|N~%U$SaNi+*w9o@dXQX=Q@PbL78f!=! z!;L#)U_$v`-e>&UkR#ps4csma$&ZiSggisX48X=lT zlQ{mXDXnaihZM}uz8n32OYT%ipYaNrlF7}ggkk~BdZ2@|Y&T1S{=bJ<5a7`Slwzrz znE@;W5>d)OssEIcGOa+Bs7fsbq@!(6`7hUQ8ZhuTqu1DmW@BeY|L!+^mHaplN7Hef zObS(0jLIl6XrS%5iNSvdZ&Ojv%|68tou$KVPCNXk%$}sefm^oJ+1n}HmJI%*v|Q1A z>b@&j094+p#!XRwtBFNGHwo2&TSK(9*&`{r_f;saM27x_w~O#u6!WewM^$81n{SV5 z$Nf{cr)~>%bn*5QT4CI;%fMd{FNSx_$*p?9APpw98V%+p4^@&?9Yrg=;|-7x$<$b! zpeayDMd=Ljb0~o+K&5vpIN^8P?fRc#zNA;DaELB5!1ul9$EZG%Q$oD9%PsX@8iV>Q za;$mx3K-QlDn{v$%Cb)0o4L2dXx?ng1`nwRBl!@VqfuK)#k^8rT{`<7i@QQn5@W=jyoa4ou8r+n0fSAW*SLEmSO1fn|yr$%~IvoTP2g zP5W??jxd-X-=5}XVnExQsT#~XaX$%QI3J8;Krb%R1TwE0-f0;yGVzf1kb3P`Bl_hB zI*j5&7`(SLQlDU;&Nv+?nI$J30h9SMIuBu7K1)(H0VVCU?9A>g1C@!RF)d%I0N8&O zgYG7B64I8ojHHp;90fDd)}YE#x%HSSAelF}o?Kj-6(C@$fxyVvx|z1LL1qNflD5FG zTHr5^st+xLk#r_~Xq8W^$h=66Y8`{=VMfq0gw|*LY_F1{p|~_-R1;dd8bs%UHWQy_ z0Wg>fPF$_e+EM?r!Dqv8LIrv@{cMi(=$Z_u!Jp{>i7~>(X@if`@wqoQE>SSJm`og- z`M5QkpSR-F>>x+lOL}SK`3!Kh11};;kjhxP2Pe-E8IMHVJoPUdxrue4nU~8XL2cEj z*pE?h2sg7hoREn??9&+z=c%D^xf%)gy&8Kp`D#i@9Fl9V)?XcBG<-li7&c)jY=c`; zfH6trLo4w~wkW6M2sgYrw20R5Lx#MGev<%RE&EMAZphv@D`Y_>2WrpVFG{6B3+U;t zVca{-Df0m1-9Xy9BN*d$b0_S_-6-I-DF(Q+jFIf6t;$|Hle2tA+S-)u7)e628P@`0a=dhK2weByAUk{MB zG(>c2;V?|VU6{-ORYs_(BrOZRR(k7PCYto~8+qZO>oC?ije zk8oaftSzdnJtLi5NGS^JqQ8()6fI0|{Mgyan0Xw(2Ys|1y#+?qk zZVWfYDHw!;fzgEShB4?2r>;U2jig^KURAP8lAVm@hEUAKv4Uh+2BXS>-){7s>z{4D zZ@4o+a?F7{dNKC}m8IlX0Gm`tCsH4`Sn9E!<5PdQVooW$QqQ}VmelKsf2H2)xf8=v zWn{!gxIJpV0>fR-Dv+?_s&-gk5n(NTdW;)mxcb7R{OMbJMp{mrw1ge2)fsW4U zQGInJKDcpE>+`Y$apR&6#Xba_{5K-O)+gZlO5$)_yV0=Gy&(m~eF}IpwK2y5S+vSA zd7TC{Yvc{?CYB?%F~sNpR4dl?U80x z5ix#bl1P-H@^2Y~w3ld<;B0JAs&Z}>F@S3%5Y>Bh7>%JxG>ul2XUhh^mJ5C@DJm8T zdoK`$plEzr6KGNu6vJ&j?t#3K4+>I;=Lkl63E*r*xk_~a@as|Q@lFoXa+H?Cv>d00 zIY!GtTKrgxXa%hvU*kZni}dKiF+he&MjWzDP6SYC5yqjq?nFI@=|$XFW`9`Y#wl5p*4r-ArLuId^}F+vDryW zrGu&}BO1R}0tf1hlX<}St4`LQTs^sV^6)7g70Yx#{V!Jag1T+Jbe=6uq zI>i~ygs9p$2wPI0VRP0Fxgv2%i2_0Di&rXwLvjj%s=Tv>sOW65@<|QJaamRT>7BDu zPAQF7D&SloCCFLl3Q>b{OZA-_J~z&RS&qz8_@!1Df*NsjHal;DEYDjZ+w=D4of(bB z;F~HrU&9c4aJk26n#yzEX!4R)hJXjh5(^OK8+=SXLbV|hZ!X)VZ88oYP zNLd5n7jIM~W7Wt@aVQl!>)54nB>trtG9~iSqJ0E96GG{k`^gUJBatFNFB$UK+1>)(KMR>bLpDS zHQj3m0QVbRGsAUc1-jos1#Cm{8pU!{&xB-HMhKJ`D3!|f7=Zh(4RPD{MgAy2VP-;c z7li_v5r0wi^(659-5~qN35+hFmFsJNInXj#4nn3CpU?mfpk;4r) z_66>EgrtK$f}?#5a|iJUrQgUvnM&Cl_Qfrfdm~S&;6?#Qe=M)47?r3Blxi*mEnEiL z@e)Y|Krfmg5Uk5_-IC+FBNDK`FR&PK>%^nvn`t*QaOxCleL7V)>j)3`;nEqxr!&Q| zTnEg*F(G0zVE;a>XM%5Ka1if6U3hWUZymaI7)OqHaV&4!Faq~f$ML}1LAS$iN1|vH zrv~HV#z}>in@PyZjjCk#JDwc4eULAvXumuDcfu)W`PXric_-&i2`al&P8EQZ0aPl# zP4k@=)XBko;?6Yn08$XJiu*>ierNrz9tD}!xNZa{V|&-`?!Of;-t?i#;XPLCzDZGs z_$=aFrPRM@d^oin-}~>50-c#ea&Vu!JCCH2S-dznaq!_7A|qt1966Tv>~Q0VAIJ5c z8=f3-<%loGM@bI-Qb-VXFC34KU~5u1@JnHHG0vP4b>weXmCZdA&kW$t5r@w3y-_qq zRl%I{>MY({y0@y_I!0UxOyLAuZdp<5EEfUIC7@`lgov0Ot{Yd5`2i?!dypvD9G;p^ zj^jhD0vwSOa(m*Ae4qF$pGVk}SYl0?9G8o5c~o#%mg91Z!s++m_2?xMKEMQf>dB1K zELFn`%J;D%b;CrG^{Buxjp`Bn*3B# zNi43ATvbS%54uHj4400%T6Gwg<9HY9R$(e}iilTa>FEkuMQa?><)AJ{bvdkySHz8A zRp_%YMxoJKuSg5{{(kiD(R}^cArZ%Mo97f6;|Vds4`TOn3eDio5PyaR(RY#6D{CY* z#16>ie;gX#I5fnc5sJc4#H&cHOCt`4Mv4~Bk`1gshtX?3DnNy(L^(Dp@M}~7@vnVV z$1Fk}fU|+t*G=;4VJIn&Lpah zR;rMjP%|0?<1+Df^6eCwd%H+6vVp28a#XI3VD=g5?=nyxl|@C$u~DWx8&%@i0O4Zt z-t@is2b&KL9N}w~dgukS{Ai61B0CBI9C1`=JQePWtnB?U_+u)oA%QaFf2_h!QB547 z=3~dl5j+&epImWJM5qeo^iSE^<9#hym6gvrpAQf>I>>t0>9dPE=({N*bHL{ikOirq z6+@CJQrG9P&r^6SRz4rXUE%%32hFi&DnVsmE5Ft#M}&AHn!ZY*(wNfZ*Lg|t=~ab1MBE8%Q{oFAUKHE!I33_ z8(xPvl)!Qzne~8NBQjBzS`>);L8=TISP*ow^U~iqc*I?1>Uyld_-}stE}LZ#s+&%m zoX`1do)B{T&4HV%w@2?D*m7WqG0)(l;=%Gx{iBe_7EgZJBto+xV7N`o1+e|WzZKJ&$d7YSU9@~_TPy5W&d*linExb=!)~_mLV$|(gfuT zO)(U1VxD3qmSX20J-?95J9B^tMQI!p>h7)c!jI!cU$9lPEz~-n?JQNg-hehdH~z2Fy@3Z z7mn#Q@j?27<_B$Oetpo`4fLfE8grfb!_xI4%gyQyM=5J1bR(A5et zO)ird4&}9*j7c*4O)eys`ZtZr6uJC1fZ15v+upbRB!ws5MbfjA0t0RA-6GPk&s^TS zLOV+#*IU69tOmx};SV|x%?{wAus|*!$`!Fpvbu90mhe&-G7Xc2ZWxK&a!6zt4?meB z3*1hQz>}?cCHhiK;LmF?<#Pts!Y*uuW;E)!K^K#ff(E8t10-zMnRwY?6-*#QTSjf^ zz}IDFSpK}=a&TPq0z~%YrM61%O%yb*-X9}Bt$F>VGi7Sy)v?M;!I9TMHcd9Qzv_RD z!P5$1?o+qBu)D&>*qEKM8;^cZ9{!PgQ9Sr#c=RWzt#J`M<4QKhH9Y>C_gXL_bno@= zEz(rus2=Mj`^~6tf8@6lmNgFyYl$$j=%u+hs25dIT2WQgH8?yxHo3SgWEz7FD~30Y zc$a)Oe32jHn}CfV2sJUViqqgWQNKc1uX&@L@y*c2usEFH)>y+TmaV2UPjlBz51!}& zn?ai~MD`LH;-qfosi%7ZRS5N)4XAswe{+a!=j`U<<_gqegCiD4ERWdmhV@EV!&fY?oq=jcA>k_ov5A<`_CYPdcrGC zI$CzL@@O@$t;VDMM}=2B#h^!aqK9!{nNqGGG#rWO`O<0_f+s72?PwIvEQ#f1XnRGa z?Xcxo8=<@|!g%tw89g?x-Z#8$2;v=3CEWUuavbSD^hDt*fR_RzC-t}#GGwz-FI2Rg zO4Wy0uSP-ryq|`7KP{-Sj|_ee;{~%hVb3mAf_R=Myb0n3Q0g5-TVfm@u{2y_87Hz} z9!s5raF5Fw1<7``<3#^|We#K1I80IEpvP9#S`|5X{}ISQC{(*m%_6jyr$T$0p^%J( zx)dc@ILX3Do+idOhyTp-L*h zGGW(h3oBW|dpYo?N>9z5T2fUHX6#ulv{W8RCA%XpN_6~GM`I{k*KisdlT>I==sda5 zsidi~*#o;N!jK;Wtr+5YiI+6-ygXVYi=ZesU1~#}5Qj#H>CF<*;|xNH z2Et8ff~?huE0V#Mblc{^9_prFa{Tf%q&wX!`jC``HDt}n#17fxJ9JcM6zQ3i$_)?5 z%EBG;hprr=lICGrwz35CWbfS0sB7lR99rRAa{!rCtiD@*ZeIvuK$O z^*SddecX|T$o!fmXC|j>F4sKaE&Hn;%UCwoiPYH_G8C&)!?5OS1MrruIY$Mc5WJM> z?69-1=Up$O?xPxKWi0_aX|Ze~X4lGYyN9S9wf9oTqy}V@*Jscg1ZG3xcG7NX&gR=0 zno%$@yKEwMIh@7{@nzP+U+z``yOF;ppfJxU35)sA4W}EBb6LCuXNh%+BC%Lu8IDp(7pq z+m_RwE9X7oB84g@QsUoIj-I88NOGYf<#7@$M@_`!w=v7QGtCgC>|Ze}S4QYn|1AtWuGnuy)13fCDjz?1#D>n*QaA-58h zr!5!$vova(!@MNuO1W&=D{#8j-)=+g zw|j2)qH%WX^U51%2nX662~)|90iPeup5b(R#;E~c3K6<;;&UBvpeGsLtwUKlz~IgZ zGNA);IoG@XcLVN*!PARY$X zwor%)kx-&z2*jmPt|j|**|1lr7##i1=#Uzs*(oxUl(7V{VVAgD@>c#<(N>u%;cCR- zC7bp3t;O@{u2X+VQd(i)2fP2Kacon%#NEA*N z$D%%QI77VnMh{J4R@)&*LUFE0ie$VYSBFq16RxB_vn>umLqb6vB1u!%pRQ?16vL$9+Y`<{pkd9HZG(=+`uID~8lM6e%5i(FVln zjCM@9!2ihLA<=OKZJU;3jQd=HumopO8+b&nc=y|z%K z)2e7zJ&$@R(;0%tJxSl{3_R`?Zd1D4r}Vf{8R7-Ecx;Vq9@|3Zc0^9FuiUw3c~G+> zH!XjB6T-iWq=_|F744)vPI;Vza@GB-ND;hC@spQ7u0RqNtj1?rhw2|Ut6N#8B71i$ zx_AHM!NNhOc zCrRAwatj!*wS(wc2GHy34yX?S#gJQ|6%-UZZh{Vk z5S^cTFoyO+A@E_NpT-bGOyX{sNBFSxX)A25KG@(hX!hya({hc!+>f|n zkamC^!~HS&S=zG<;)fbCSCuOMX?oVneR54p>C(kZuPFku!{6Zrt4q8cVfgAJo=4%V zPl8FCiq|8Pwpj6d6mb76f*xL~Vv3c|D~T!!wW}49csqf`UfN`b;dD*n16dR|z9MxU zdZGWq60WVAqI7xU(3kLHECoWz++NcNG5%X4Bqc&pAk++-s~t&*aS$SxbkFL()Yrxs zZHO`2y|jPnpu&tUFI~9ldc6#TL>>);Jf23{L~W=sjb_>$s)wYTwgPE9C_*T2gHbM& zF5#4qznp;7HLHS-L>(b@=`%QYB%+wDoG2a2fig{F?JN$IB~?>o0;kJ^QMUJMKjl4< zg1;~-{v?u^P9QNG<*QI)1&);7*8_@KJ_D_5Ma%2brQKFf@w!Z4b-8KljRI9zG5Sp` zUKQ!P&3cpbCXcXU@taau=9S#Xn}{s-5?CD8lpw+JT7RpnsOC;@z3{Tcye)g%NNiC; zixV)tWbkc5Xi;K|b|{33q_lTgL=BZkNprv??aigEm`dsGUEpWG|MHi=w z)Fv6cH;3b8r@C~Vxa+&U_fX!KfcF6^$QXtDMZ@+=eV@qO$2ZfIW`-q#rMMh)#t_3mmX2GYH2uG)9KRLD`N=Mr=*Q)(gNI0o~4nt0># zhgFQjx)8ri6!F{+22l9NC>%Dz`pPGxQOayVSYJ~gS3jYF>S~o%}?xzee+f9u!)}E zX6WQ?Kf7_(l~B})s?uLw3|!z9->MgkrZ@o*%H7`#_R0I^O@V}|z)2pUS%(0$)`Uve|ijNlU) zu{ZCx?6>ZB?hot_5-}XxpG4D2Gy5z1hkqX+YH0Y|?Ds+9hIYSQp_{uSUl`{ROmGTG zr|4a5zBk0*Yf|{odiv=Fg~hniV>UXl(Zn-FsXKD$sNd1Jqq)b7=wMpKb~18&@k9%3 zsLYcEC%f=E&tcf8!JOfFwg{fKtF!=}cchB8_d+x-;*yIKz*`Jx)3Lhj2xO&{xpE8a zuY=sog02*B(<;5%%6+Pz8&u4n1Ak6kbLO67d_C}b!e6$)Kho9mK9QAt=Zz`FF;D)x z3us0gKn(qxO}JO3+_;qflo7%|k*vAJhg!-B`7n#?$~!%{NSE)d-p#pZ$vJhAveyz; zwl3S=+vUo4S<9KQPs;r8S=Qg5Rtb=F@BzgSD|SM6njdvPF(;lsME}J)vG{h{D3WA@wpm8X%`-&2l7LrL`viSj0-7#F(d@rcVhVj-T?P$uo!^ z&vb@5QgzjFs*}Nv4g4jq(*cZaGWbfRpDBlx)P839tbyVq1u}3cLqm*L4r6{drG&~8 z2Tw94_gQesM#`g;3ePALRh;j`e`CxT#OZj6(Raz2d71nKEGZv|Smvau^h`JqThcT}q>&vq61j&B5)*{8@U< z6i<8KE^I)WzN>Tr~Ce(S=rA)14WImZQPR*}dIkj> zxn~^D+o(DPqkk%IcHAl2PTv{(Pz9Nx`t#V=^zXU9tjR_$vbVP2-&vwwfrr>alL|fB zua{CSl*A8Dr% zX!mo#`2@^ocGQ>m+R)K;%$iomoUmk;9xFfAr`-WBg1##|Ue25D0LDoZ5=kyh&|_6k zVB3jy?2<;v1k+?5s;48t58C`7>FU{&i%hMAYV=S^cmwZg!) zomu3;X2V1|4WL^y)8loO+wlh5*29K(0sG-Pb75O@I|-D$r|@ViJHK+l3>v&QliVI2 zW=3Rm0xrg0%(>V?7RQpdI+?qs(o-k%)d>uP=E@!zN;*4%2V6VJOBbf18U}k91omXW zWF1##V5~=9jR!bZLhh!M{o!|BC#pO<}pBG0Jt_m{xN?Q>K0H z%=v0znh&aOwn=7n4$#VjDG$y=gFvw+$i28=ovXdsdUNvT9B+I})u)!hURMxRd8$dR z6I)#Ot+m^>SmFF`2a-w=1XVrwsjl1Iw})=ekUG)hQR&G{EaFZY_O_Zkjdx8Ui)WJ~ zsZot*^O(#6F^5&&tHkK#$!sbCqgN(Vsd{En-OQVez${s+)-p#XP6^w|+vzA{yHq7N zMz-g%eR;7P4!NJrglLj!kkrCwGvmpBP>8Le`=K=i1=ojx4`bK}r;;#L?PAPO;z?j6 z@6_$IlP>RJ&pV~M!AzNE1oGI7fUMom~$GVayH+DTVK2KRZVH!WLthClARm z9+DMLniUMl2NRe-{Vb_S06?|uW(D{&!7bYt^Od*i(#qo2JIW3)+6gzV48QeN571Sj2XBYQ|S?&mazfyi>a`r0u zRmSAm8SszE-zLAk zeuv3}@I-)KRCIKFVoG{OR&G&oSp^H!+WN)`Ebs;!CL}`b*`Io{H4WT|W@DPFs^H7X zXba-BnFE|Oyv|^EKZNr|msF_aLM0h$ylJ)RxaqZ-gt9k_RTgwqYkXhcT-jVbV#RjU znT)sF5ziyi3L;O**duXxWD?nyCaa{Vz)kbi=ClAyyrf1e0iD*N`Xh};x_FjKYIH*3 zPS?2~=pEHZ=0`Qj(R_}N)kjAGm>xdnfCWB;qhrpoTmrSFU`fl5)u0}pvqLH|>Pint zFi+d)<5}!7htY^O5jssOboTg)*1&E;GV~zLAe!dZd~F_dQDr}MRQl8S54S(u|A-** z8Lcv(={R#}0zv(NM3+>uQkp4S0vAZt(Qlj$@$Wrhj;-$oEu00VB?Hjr$# zj+LkCPW7J}(q=uUII8NLt~)({#t5tWLGC_|NRph~X9IxKmpo^LDzi_# zn0YbhQqm=9H6@0P7Py^BJ~I>iWhp8{wU_HKk++~$tmH#iXzfug9Sv%C)}F&ViR9wA7%oM z(gzS_^0h49FuB(X@DWv`8k$G{WkS!;$fQsEs2Q@PgVgc5Ggfg=vYo-adlGs3bY1TS zGdWAbb44-<dSw+by=CV;K*y<&J=*o^nl85mm1p9dt6_5v~XEQJ((|xAsmNs;0$p^f2TyAJ*jiB;D7INqI`r zePsJA0MR)xO@)$@|IIGgs;_P;wHb&d_D9(xj4zgxgvKs{Gs1sz7>31 zLaST{Y?(Dwfd!KevAOT_0>ue$lP_aFB-wpQ2`i=obfZ1GcGapw=(;L4K`6blwy_5TMWqw#?yfRah!GmuMN7ZO^?Ft8X$ z%)SDQNypGz1fAX2H!zb#}YB;mIG$A8gF%y0`>#4sqR#IN}ZNyoq^X zHY%V^&YBxk45OhL>Eoh@&mSOnDZ~U*;M<;zee&Q@mBK|x#c3mMn(6a8=QC)(lDC^1 z?v%od#kf*RVGY<`>b#tIISBx>11^v7EAzNE7XLJ+&1pqNhO)#B@mI`WDL0nb{a4)# zRXh6no9#FIX(@`h6?d!qb|&|N!xDobHd4(@&|%AU+n9uQ(01B(J`=&#?WOxx_ucP% zvg@tCf0(YFd@!ZGJTZeF21ACK!L{kM7V z&7QtCFV0^^r(*~QuASATKdtuc=sA6QCmhbX;E&EBo_C0|O~J(uoJjsx^*Dnx{Mr5I zz_rM0rJNOV>GJBjzKr|D3;Nj7jX~b{b2vE0Z+Q`*%DEE?RCpBELp^b%879W%TejO~ z>c;0ndViSPouF|iA6U{S-Tu(|(Fmifc=oIQ>_Cg2PCY&REIKQL^h@k|Cw zWkg$y>41oO;~*4jg#A0{~|#x-3S^8xVW+b#_J z_u=`e4^PTCL$Fk(acoo{?@_tb_DsMESUiBr2XV@_J&pM+9cWgaDHzRn^i?OGeu|pG&{P9}` z7aP@okhK&j-bBlFhSyJ_kx)S|vbhJ1}|@44MeWUx@q zL9O%N02#A69y+!R7?QTC_=1`7!VoM(Cdsko?X~~kFIhETGt(zlT=o6AE>mQ)4wK5VWtJBfd@)&)v&IhO%Neeg%o*wn zIu9RrU1hA2U$s)_w8Tm{l7v$#E8tpIzhh*X`0}#U&18u?@n(SxljBda1OeJg(lg&&HJ0(;Lb@5}+QP$`ts*~qA%IL6ow9@=6ST;_6 zUuLl=nVtlU($y>w5A$QOVY(T@qA)?_aT-+KW|XDiD$79M|N9}8swZ3&&o_h3B8W$k zeD#ajc9 zJ4E&CzSXa*XJEh&JOX-UbbNerN>)~GZeD(VegPQEva+&r{=wRZIYM1mS66p;5C7=x z?;ji-9vK-OpO~DSnx3ASnVp}X$D_S=ScUBkRI!RN69;QT_x3op#k1{+Q#**IQOHIp zi=!}Y>^@~91?RR%)=0TL|D|$83RgtkbQldEXnA9GQ%5_Y_;*U7zp2mv zXRUC0+vD^WiQC%?`KpO-wDNn)1S5?+PZ3j$ViG+~Xb_E|+08k$bj0+C895)31+vEZ z?Wmn?2>D9nspNIUk4Z-avksYdL>-A%l6O|Jnh@uzc}Jd_c@#4(7HQn#;ur5aGR(YV zgn7p_u5phg{@))E@;P%{wvwXaU79CA=HU zn3U8=7z%Y9?L0bwR+&i~ux%ArxgSfncpk};P)cQnQhKZcRUWH?yd`s#TGVi?@mSNb z)?=Nx%BAL|2lb+UG{}@?h)mO%R^#~1$LV{rV3B8w>{#bH9d||IHut3Z#aqo|LX`77 zPW31!9#6u5o`U;4OP%Jj0TL828?OaN(5%$ShdYE-hJF8rdLQUNai@m(<6&<6HMu@>j0)V2Wg7@vbK-!f87Gb#bs~ z;$atM^Bc{Fds@gZwd_O{y|Hyn={r%kT1gI^7(6kIM$jy{gF}iGX3VS1{XbS%=pSKf zdX&bgBm0jWZKG_F^0x~!tPJEq{U6ORRa@YO@f5)0KB*k;;&Gp2#E{7GaVin;Cj)7fvppTxC9G z%|yzFGjpJ#kA=}#8;&bJfh|K4IN4NkW*MilPUW2{JXM6mD_>3WtPZs?yBbxLve{E> zY$5dM6*u73Y>tFhW~~;lwyOHZft;EfOIUvt0KF^}W?3wXV=0@0Qt2YkqK!NUN4@yz z#Zg~z9M&@+Jg9(|?&V1;_4LcJ{gP2C~ z%*>LQnh66foitny^D~*CRiJ8Cz_n-U&UDBW?aZWd>Cc{-R}TH9Gs|aI>C;_jK`b&< zRXV2J9_#_@Y9v62BqTk%*#IHxxL35HcGQh}&h{zEQh9-ioFP>@t~m95I7x<_3q2Qx zXTKITpKHOp-+Hc{3Y~>>tLN6)%p73ptgn3grl27#)tpWyb*{Mh-POF#lg&*4(m47< zV6R2M(~W_T8P6n7v#QQIpF?gh?|d;TgUKdTwpu29&8P*Je+Lf#-t&D-`<6K zAA96VhCur5JuZ17ze`~x7Q-(^phPB@QudR5sgOKDDWyMUmnu;eMwODby5P< zeQ6kR&nM%kLkW-`doh#CHkS_~CshU{6+pq4!&KLC6jeZJC=Y~2nQA<)VhY*{wXR#` z5Bf0)OrhD!%a>P_R;dWmy>fs=f)oWw53;GsCRivVft9u@$N|4gfXX4nsNUmbHA}4m zzfq%#f!eScbYV1@zp{8`>B{nzm8-f}O}N=wz{C^TQxW8H)$M8^;EhNu2S6YIx=4@ArpOSPqJ!8N9FP;6KAF!D2=iHx5f3C0vl=Olrwg*dO$IMm|3_-A-gM! zbQF`_G*S=Q9P{&3wNM#*#&Qx6(#~8@{z25JG7!zAOk1zFDfOxp#4yeBW1vE&ug@Vi zlh@bCLr4XY9;pZe)hsBP2+O~$mF!5Ux*-oGKjz2&e+7}22xX2OO=d!hiLzC4A{UEC zF6oJU@)M=#-+H29RZujlQWR5)cRl;p9Gd4kvh>%o_Cn&QQWefOTy98pk*8K(BrGIj z;X{>C5J?LGqo%2ZMS)6K)I%Wbfto!`$Mo!tHL|knHx84Q)lsPmT~ZYWe;bjVHAQAh z=J2&Gv7XqFun^hPq3DEMksI<-lFB20B(+CDBrrswC`?r#Mf@E>Q?;h2I{EJuZBunN z#O@sOxsuH&L`BdKt5GZJLcMPd1MlG0c~>qsh+jQ=sAquQR7hLfsF^7+U2 zp8%2?At)5?cO={3*nfnQD7g($CdyI?j$AHolHw>vWsnmqNpsZFUEKshvHhPeZJMKB zWjQAQnL@K%^cKi-P^t9KI#)g&tTxhRZA`Ai@}@0Qe}6SGk`kp#2#U=&+nD+fvwNPT zI%ysN0Hq=>A6syP|*J|?~vKMH& z)y!_7OA|!GB z%p?;csgPV%wp7IJqXd;Il|f>Z4(?iJT|!20!7$VX-(Q-zhtTNliQAKK8K>Bd&)#0R zz05>R2PUHt84~H{HX}!3!9B)`t+_L45^sfz@xS8_t1+A%dJNkOfyShw9QGH5cS;p9 zriRUWEtg@bXBxUQhQ{wqfsC19t1*X`u_l?a-LS%*=iCHNPWw7hW zy(@gj64XEjMF@{Qs-|h|?l_vgy8s?$<=z3XFs5unY{{cIAvfefDkTuVpWt7@Nu@-P zNr_dGyI4Be6xo|dQByIOa_J4Pq&d9iUOgnp_IrciUsms}-#g5G&34Of%Mo*w`<5py z;?g4?ycI!SC2A{LDISkN0@wI7tW&va=aR4XE`?j=TNPVXsCrB4n;N#Hz^O?kTROM} zc5Zc%Z0Us=Ik+{vHHtLk$Vm)X^GZt?u~tuDmnyS_NhnV3WK>wG}F{5AIf;pZg z#Z}hibsUv6i5(YetVHe)JdqddaFGv^3{Lf}ofOgdRpquQEXhdo9 zfiTNwmF6F;qC*c3Lm1FS2bAkH8!a^5CqZky6y-zYli8Rco{ZFna2UdFS!#q@sq;{SODw;KN}ws?8KlJrqr&88r8B0WHEu5JJK#UG;}a8R=ppG@`HG zgq)FuHf3bBV}tCG1G9LMCU4}rM3{xvT5p8S* z+A%(MQYhA~Ts^%zeM*BngF8bz!w6HPmgz7F*Fl&L3p-1sn^tyKNjM4HK^Lxr$V{c1 zWXEvukuCWqkv(#F;iIJ|U?q3nSGOPO2%Ih6*7-Br3yY8dIhWlu5=ZhZ?hD zHWek*mOQE7kNfjP8S`JVZ#0=iOM`#v2h7diKpNv zA$X)TiKj#|PZStvtfC-##L!?8hvHR_i8Psrl2z_172by^ODS7*oaCz%mL`W){9Ghyta6b3 z6)KHYOB$(}=Ew?3%FAA*yc}LSA!k)v=lRl;tXCjuFUfmFsS3LU5?^9N z&V+YT#uiYF$TjQ&8z2q~bGZ9upUQd7k?>kjqk7#}x;XO;6eR5+MrAw5tKpQ?#VZPN zA_%l>+-pkrS>k61X=jo=(ovlvp}nrk|pZ`q_+A_@0}qjGLb2^Z1Z;($cn}s z(LvlDp12bOm4b12#Jr1Tp^^8l5U`qH)tcV5ylcg~*h$)~hqRgG%|_o%W9FVAVYW!Z zY#kkXclh0579c`ZHh*ual4kbr9g&b_ByT3Ad9ukBd9ly+L;j@C0^l!eBpcq)_hCqC z^@PW)snbh_OCzZ?QHIK<<-E^Bl1?kfNM5b7X$`n3Ta;Sgx4m!2UfxAkP1FO?c^HkL zQ8e~`T$@~*f4}g45iKE2hHd@*p$~c=3|QcpBC`*+%9`#$laR*;&kx=d`1z?$p_mWx zA5zqECyxrhBAV>WQ44DS(4o{x(rrj-^us9DcB%9ehvyPnrqs`n4YsMuy;%dKvr|Ai zfzW9ZaIrW)q3%!k(^E*+NXsPTL~Cdr%e>V8=_3Qy zOJ;aS55lLm$C2ZNBgYd*j+6mL(0Y`DQgP*EAYoQ_ed>W&-S=tk(-L4ilh0;qBkK#$ zE=0L>;#pFaf3C)P+VZ*Q^N`@|NZeU{vH4=BWKa6ekq#wE;Dvk%MKMZJAeev>za*(V zUiy~|$^8;_tzfO56MUa z@|*cO|8-Gmc)rj#pfRnx_BZ)&) z;)SXuqd0-4K?JT5k1!w}VN6a@{J~Z~?2*$CXXJt;wJ5noU&Ra${t-%oF@mLIB)+NG zA8{-nCC?~{#w1+DQl(fB$)Op8uDgOx;bzXPt&;EDN_op;GB?>8|vORqR&oR`1rROeLGr-4QgtJ3+Q`nq;MT zvsWqEGC)GWGS=oR1%jxl(emH(r#~qW1)*RCMGV^u*AlXXkrj^;@kb@?rS7F6sfNs@ zX-UEG+kIs3UN9~I&+msX}~B+X2Jr_tA{}b4*j_HAM7@6d{SLvY9*@#~ zXa9!JesM*Y1+guj;wQe379vK}Q8)xA>&9Zr6VR4<^vfYN$ zhUr^it0SdV5eLT*1eIgqdxY>>uP6g0LVRLGkP;l?Sk_*3)lvi zY?g0Uk@pz_<>~bY>RIc{9nr*J^ zb6d5WT-o6cX!o~c$HwVj6FIQ0bvf>SJWXw5WgnY!yySQ(s$vr>-g();N~@A=VVB^6 zt+R1Ga6-`U|L$7tVOTn|UzPY~3|rJ}Qcd}4ds>3?ss+BK>`i;r-c+`x69^92iRlvy z+Rdq;;r&qnNccP$n8m1y-DnFicwv4mt4*jiJI{iXLidsl=K#CS(f`?Q&O-ZI0RC=r z%KVfSfzUu4_layW(@$lqJ?7}CY4(*mYF8;PK{K|McBk!6%Z^e=U;gYTWkV^fuV~zz zsoK4yu)YdUm!h)Mm8YxNPS&5EWgoeEMu%Ob>>%URzA;yA8AsSGj-r3JiYsT<;C{(A zQJ7!uYLDo1Hu7u~VEMGO>1+|}{^NaVwurrFd({rH|LhDdG|O|=5WgHSI>{DMHi%*P z`pelN*0DqEh59vrZV4^3MHKp%J_Jtz%nMvzoc;&d9lD?QM8ULg%Dyn3O<@|@FQI@H zoG(0Iq&9`JC9K!(2!#aJiHBZTQ zESk7)yhb~d}75}+o(Y-3tGZZnNM;8Sbg%%~_Iwgqe;EXPu(p3ffHyR*{ z(_!(Qiw7X@*SEx6lDZ@tXK>xLqzz&;U6ypkNnG6#tLcGAO-~%G-y6FK`!5-|WDp`X z{G}`I-FOu7nX%Zx;jfI*lprFLrD8ER;3U~bIGd{};xN6`Z(b#%E`zY&a5z2>Bi7!-Ub1hY%kb zyF9ESBk72Xt53EBfO%vIedgjL63@73m1z^sdKn zdRJ`4Fk9Tz*PX8kI zPu%~pO60#}^`zCM_)Nw};s2G`zp2gxBgUUZ_-p=)@7G^*1NQjv*S?s!o<#Tg`=&(n zujBa1-#Wcboe@SHzu%fWaRNqvoL5X7fAGKOgYks0;cFfNmOu7iG@m$r5T6h*e4_Uy z3csI(6T+t8eB&p9-1B3uwbVJs#O|~4sRHD_MkRJ%OCk65fY&!rC_NGS>)1Sz`6MRa zer@|oOuoC?DSI2R_+B_Exi3x;yAz-OI4$}AVDd!dlX(1ywGRV@=WjMA(f8}v`#6QX z2Z6d5<7_b^? zG(J2vY^=h}iI@izVm@A-8dm&LOq~;!M9q0hSUS!;$wZ=YL!jliD13Y{(u~KblfZoV zH8+vE(6}h5<1iiH{Em@ngh>vA?+?kl(iWw5!B>iSY8*-R{L_ z5DtU5AE$N=**sF6*yYE0T?N2)d19AQiRxwm%O#Ra6!!+;w~g^>su0{Zl^AXZ?3wPN z@Y{#B48dm@@Y-?M#TLcc)f2FnO#@y_#I`E-_|(M7T>Q;A;Y83dX1-$fzmzycXv^7rOYL7JS zZb;PbgU>zKK|;jzew>6o9JuMom&d#uR(sy6Vkbf!;HBK5&7YnayWJ0rG*uy^NnEs6 zB_i4q=WIO!Rg+>m=Sy>}-Ru*wc zB9X)(a~1j+0n$i}Q3J;4Rw!czFh=5v&5fL0I#DZ$&=I3cB6MSc%@yGDe=xZTz~FGY77)0nUendD+qo(+xNLRSRwMkzci}9djD0nLiPZ!C)l%VJJd3M4cDz4`(}j2@mw#VAu&yxBE}qIYW#8lbo>aeu zmxg_SRTb7%7YJ92{jGs$B{8k;YKMG3q}3D88j7FD7==#&=W~UDVU^%?uH^6GSwOMs zVV7V-oY2(-I|XkBa>XCZ=yssH`fa>kz^d-Se!+q2$1q0VoUTU|UgbYfc%T&MRBim2 zMOz#`(&6BBH0my3QTJdE{-A>o0*4xg&uAb}x%d!&BKAb&>4`%;kIMy2sUG&gafd!p zrIz?jyzUA?>Id|Q*wJ8oh9b9~m{IN_?vdjzxkCVi-NVyXb`}{QRQQhUvQNzzq z9zv#IG9D72riPz`tzh*IH^8u)03y5baBDU6_J=zG2D`ly0=pAKAApUUgAWhI*3D6X zy1e-P`XGR=5MZtehbJHAz>P|Ps|to&SHW9Nk2F8h0ar4*wrL?uH(#{_1*-qjxum75dv02l8Si z5r3O-ej8sn67YuF6hyqGZDW&SnyDW+IY86(w|nV^DdPFMt{Lsy+h=09XCE5F?|D`D zJ*y+XXXN7hRF1j~X{MI|%hHv!J5M@1iyMrj}!@u39+mGPMv@1pb zJ|9*2JePkve>UDQ+@kDm%`nhrSt0*+n0AHLO}EDwt_)H3xZ!r=S-EPr)7wwtk@I)9 zo}MAf+pv!Ir~2{Mn~ik0N0j%*Ewf9PZf~|H-Eb|+hw`F>v-~FAohr&lVlwph|G5M2 zoXX=@A>Xcez_jpoOjRh#NdtGsjvcym?jXvawio2MJdyt zk0QNT#9QLCUw(iMnwm#UZK`3Gy<+M;{97oddhx&=^hN@qG4{?oS=F(Inq^(RHCdlq zOv|z?&B`r_jScjp`8^^ji_0ziJA}ue5y1ao1`Z$feU&v+gi)kr%knW9441@yFqLL_H%flVLD84VR1$mqfkj(7x7eWILCKy(+}-_v(>RW{~1mUI0b* zG{fz4ci{`QT4F{4`Nb<{Ou`Mrk1EM|Rv_q&+G|Ik)U~Rtro0ZmkV$qZ(ygqLcO5B8N%O5HkV}Hh(vv-Z<_j>K$>YiW~mM!z-Ni1!P0?zk0UN0t_u}(k7A>_?07>@Z1&@e@nOl8AfA=~qB|TBw2|mRbtP*P;S+yX_MKT0*X z`^p5gYrous@3^!K@ocKwtr>-W@l1YlRL^FU(<0$w@hmBn<}VJ1ypv-=u;jBfaKnNU z7-Mhay40#@eZ{kNwG59Q6Vn1(T8i!yGumh=ZarU2Ezmq3Jx@%(S980tA_SPg(t|<_ z(JYrvG1!X^{Qkt5YJzmVL%R8D;5)(6<;HELbFJ^MsX2j>W4>m`^Z@?Rtm^pxQH(It? z*IKr;&!yZUgj<%4XxBcSH9Rzh~;%)x`5@99^&!QtJURtB=+-1xxAq zD%sU^vn1jZGau9~9SbSXFJ?tF%QRvU=Mr1gQZ#3fnAsANm*_1r)Kps|6)SeHT>-I`0C_~IviYFKtpOkE~J3%m-K7WyzJs6V46^a#>M4gWY z@r7NeNq=J^s&<}k4I0?L8m5&dUdZCK2SNqng;cic_lXzSOUsLKpQVI5Ig+oRDK#>) z#S2sbs!USwW1WF#>WUZoWMaugqvC}cR+?!P$HZ(3nUqkh#2Z89_P%^nlK4+LHTWEz zm3V{B)JIwK+S~Ds;TmF2&C1&6)W?NY=<7LC6vLv+HN~8fl^jL?&l)F2`?T&g`!!Mx43f>vJ~O3o^Q5;UZ9S zE|)1ggcjXmF8**)&sBOcBIb6$Q+H8G5EX(2dx{rEX?0VuQ08W9HPgUYb3AU3?gG1@ zZ}U*pqn9}1Hg@duwj9)kA~c$qL!p(JeJkR-V%{h+Ow@UwmSe@@6s>1Zbi9|CH-Q(J zpLxmz$@M~E|1p?#EW1m~&bD7n!*zUDUlM74BSj=o3Vt!}d_lx$O{JPoMngRBi-vVSb!142Y)7+e3|1|{ts<_&X>UVxD*{@?gwA56moYL(gwW57) z6eOavy^-Ng7YpjZ4#9F13zV=y3(oGU?wmnl{xGec8#BM4p*!6$OT0m`ASE?bvm$)8M@d3GLT5H#4l z2l!gRC+6kqrk?g#i8m06k@>~EVW=l{d?-9I==T-i|9d%Kg#j2xQRl1S7>WJLZ5Rn` zP(v&nk!;k^(#68T=pEF+!qFPkedJvb#5!FQ!#(?`p}WPxCpk`xVi6ab9<|Rs1nR#r z`Z}Q(H6WpVViCn39v>^xU8!QxO(bh_xh)*0rJIolui= z&V}*Wr`jZIb&Ew&IuCe9S^uT>)+u;mpQirCM56wuV6_>!L9w_F?pPGMVsUl$01LGP zO4SCH6vG{fl+9wv@$#M~~c!26L*rkeC+)zs;eHTAydeB$r&=l0+ ztgo%RQ^XRJjmG>wl&mclhqWqccza2z8&WZLjg%@oJ(LMcwWw zbUKW~r48AaSRhK_Zi%H?s01P%wue~S4E5*{XMG0iGhxHLSgg5C!y6Jy!ELlPma;=; zAkVM4wb5eH0IhC1$x}zGooN&W1Xg^FRLGd6qqU55eS&zgw}!O^pH?gip;^zkFsyY5 z?hCEZg7ex_=%F*GF~04iW5KQV`&13iAN_RG63YhT4T?qkQ~GZ9XWcC`Lo6Esn}+IM zEE`z4GMDw|@YF;^#j-;D1NQ#9Gg>&`054*grdXad|FQbTa+?31ND*F`;CJRf!4@wS zlfEu3M=T4O87`9=bosrwWriWkm)}Sc8xYHS<4qGjidfzcSMFd5)p+8=`ymkHCz`@4 zODrqWGBOe$Wg7*P#fs_~8JcUNH{y$m6`39nEU7Sf1=i3&v7%1FWCOe!5i2|pqE^HU zS+V>9Ehj_IPi$+dwQe0h9M^j%Ti2!zCnQmv|?$DIH5z=A#9mjwLJPzu-(o~o`IX^%wVGn(Q>e!XmHvmi z?SoEQwQ31D-bimCR@JFiEvaLo|Kx@{_ ze)S>tc~=dPur&X_>D9hDya_kkfN=`Ro)vF6A`L>MXplz-?HI#LoNkhL_$Dx{7k?{+; zW@bIHu5GgOVjavU!wh+2VjW%3q`-B4e+1Q_Hx0$QVVU(@1{Tt~rlgt|7gKQIDh!tt z6qaosqJ=`Aw5Xyd!eVVpQo#jJ>7}M2$n1&UQuO_fX3fB#a1zC8f8)leAS7PWwT3Cs z?rWo3Jr`JT-3>W8ScABzRlU0Aiuk?0Qn6-0(wATTI0PuHjx&) z25JMCRCt^zHZ;=GT>50OJ`a|?6$2t6)>GG+k%<5AQdHtxfyr%%4P#Xg>>cemee)X8 z{MryjlU4ydMd$SW$@V;ALn#d>jDLe4HF~_!s28B7*qDa*-O7-N+TSZS`Jpa`;ruXC zPstJ+dr{BAsnB#+b+NHu3TP9uw-C;Y&wP}Q*v4cB(CJ!Y<6u{H!-D(j6&v&6jJaZk zr6A}=x)El`7p>TrMZ4^bezk>)-CYRaI_CdN;jc&Q=*a#m6kDs|31s<1dk-a-z3V}KZ?4qIhS=H; z&y8SIZ0&*zJz~!R2kXwh>YThUCqP!CQz>HWC`#p0v2_>-WCntz-xJ7!0M8IxbIIHh zv6ZMJh`g1A^8~|1UO+=)D;;L5BoHlhR^QF0_qM`!yu8G4dBipINq83&O%m>BMFSpZbP||Dz4rX`)@CN7(Zo7|- z`t4td*-hKrM5|gAovJ2Y4&lN==pZ6q=2Td|(vZJ=ZX0d*@WlIc^W(2{H5!$Q?ODTt zRiZoF3Ba-s_KQlVZBq8Y&WBNLqOAG#v2MQ|b$N=Qsz{dYw7$Wh_WnmO9~bCUqj5`Y z&!->Z7uyy1k#yKRV*6w8BaFvN#CF=&Mkp+{-=ca3bnmy(e3#z9D;}&!aOL(+dn$|Q3^3o@k((@3NWrPB=xHX*1l^Z$mJKWOu)pLK*FcKUN6HA z%*_&8Ymr%X%<-!!ti{6YY_Ho0Vk|n51n#fZN`ta{Ii^)3Cc5R$VIB6bkFF$0tRV#ocYPN^dN4g&N>Ff4WqA&J8U_Q5A{VgCT&!xTGliKnH`_f;@m z4#;Y{#m*egRW!bWR#~DvTTe+9JJ}iBo8MQ<%6gX}q_Z8^lh;~XMm@2!XBHd+u*}YO zDXDsrgLn2--2qW|-mTuXH!I;|YE8t>K?YQ0MC`0*!e|PLoytlBf^iX0U(!n2#qfg? zOU=a2r?e)Ne!H4LX~GGCaet)-Tfg!zEWJy4eLk^^UY`;5+Z*rUD3=scgW64qSN0IFP^y2gQzV>=q2T9mI@0-iUfn>>vu|p+t`sMa66M7hO=c z;h1=>Ij;4XEgwOh_9li{&|y=&_LQOnOsCg4|4^t;eMA{P3tQu`fldVnGn?!!prL7=mIi zXV~RcL*C0+qdOOhBV3HiYm0qd^qQ%NdhNX%HjU}^`RyOtvU{)grD?Kn3i}eXcb6pT z;S&3C8%9t_>{pO~xFj<5liFH51)o121dE)$nQzYpcxE`4Dk5-?){ z$O+JH{{RdK&|hA}EB4b$hDLa&4H*sYcV=e%zr&5{O~nBc0&0Cf*8t>Z#D0~qzvC1n z^{7W2pvwnD(kBiy04ZE_fb;CXZ$>G5KmEPi4&JJ};PYd04>o|BF=2U#gZGid;fde6 z@UA12X5TtKIRU0PRD~l{7^pZz)6)dHW*?#bWM7^{bm0)SKJmscxLV_vg1RR~93qln zd4s{y#NiZZmT7+tG#a!KhX!~6LLypnXcWDmDAsmoaVWPz8xt0#IMfyPlslg|dQcpy zNk-4J-y?fhTzyQpT;gy&)T)n}_U=9AK-(=2m1><+!Fz`r!}GCZ{qq%;ni6-WK(ExbFQ zKPZmUw{k0EDeC+@0R^4;!RtJ5j7E3N*yFGq|nRTIZ=O~Q!BQ;=|A z6!{a+jaD$AS@y0iYwO%bpiQ%ZbHpuM^>Q!me&C zdfG&<6L_U(XUFNeIA;3W9h-+=U)FZ>mrgh%QbjxY1uy6ZJ zL`c}E{a@;cKda;GGRc1JUK8=ZH!ydk`WqSeoAi+1ppUKWkaY1zO~YdvA-^~=3DG#c z=kPP;KRuxx^bWXc1834FWoP;a7w; z75z>EQ*>eQCn^1a%Gt}BCWQ!2AHO0w?wKN(WCt;3wAU{sEMPL$`Bv8AQj-A-)7fbDAnxFP$FG z#QsKcS~)d=*wo7eV1C6D&aWv>M^JBSZXk>RdU0W?I8Be!4aEu^$9^}LL#0GKoo7N% z!k`kTpGYpKx2S>5lA@43b-c@HB~Evu*$v5ix`vkS0pGsWj4^-we+!lk9Px-Z2#@y7 zTR>!29(m#e#$3OJd1Ba4gP_U&oPos)1O(##j0d-@2xOkKlE#`cN6%!kb-#G)2^8~q zAvb9#pJ~Cz;eao`j-tN&2^82PwYpUhvW4PnQnS5M8N}L%+jAy*x*-WG= zaYbX$YIhIa$`o&VAOPrw9Eay=*xxa%1N(J~I1|*ynP9EAGcAxbza%K$CM53~Pkdaw z&EPG1_I4B1m+^jkTL^F3Qy=I1T#;|nCIdi~7Zq>k@?J?~+VfA;kbREz7O(cCCwDu% zwAUjPPpz?{4nGK8+8a9ZrJI2LwS=X7Do6%y45B`NKO*h*VUBLDPmHE1H0!FKfTL@` zuUk-p_+C$}s1;p-(^o~h#oH~lDXIEIvGfUTbZ1P>Ypt|_?O{f*zD;Y#_~Bdqj8-|2 z%&WDgO*P2CGp%X0Oc2X@kb-`!wYODz+GMeMEIO`_cm6X9v;l?y6YeV3ttH;+r9_!C zyD=WbH{40?+)VHM3j)sNvx_ZXP`oo7tbkOFFip639z^9-m+vH@LGex=>P`k5FxL_B zPN6SoK_z=nsPX-l4Q{=Rvy1{8Nw77mt6Et~YBX-t9@DgY=4drD(6>6)rb> zZf65QwRahXaRtF~0rBn#_CNX~8S0Bl+ujiGlIbyb?*b@PGSOb&jqk4?O>6QjMIS=i zN%?aYod!CPC(bs2ISJu?c^Jm({EybOy`K;5Z7|nNarS<670+KKqGUf)h;Kxkvcy?P zCYpq2`%<0c5kWXRl+rgS&eChf{G25v40tYQDH=Q_Ts%I1;*&nC{Vy6jPFY8OZ%gI( zdrfE#zQ?r>Uk_H|XQLTTeeX_Kbrv#VV&c79SfM`xKJr|(0Z!02Ia&HFSw^?vL*0yK#InW%c_s zyr@^c2(a3pI;opveWkeE;{AaX;0Pv*_r18%{eLJ(;eD!oXBQ!7dx!Fi!Fu8YTEU>q z2bA@|Q~w$VmixRHi_Yqk>aH)|4{L49 zxFKpZc60Gz3(amyQT<_cbQS!3>28ku8!moD&JT&dkL>4rVJwjdgA+a>9$N!S8;GV7LTGG zy6abi&^Q~`vNF)wcSpMcFcygSiV4z&#DD8DwF)f33AB(f78d`d)9r!cjUZpf{y;&< z?*gYotC)h1Xn&!hk7#;f9QL&#=tX=^lC4|7n-m{)#v{(T_(*wo(S)SqZm*^6t5`9} zs8LgVq*k6!e1tW{WwEy|o;fxW|M33g7Tl)&PLh`Fe|zJ-(7+N)WXnI%4MK}W(bKJJ0#rTX-7Z@fXQ9XH9GX#CQRd|?e{ zQ=fJ@s<&<R#QtVlg9eFr zbC4y5G4>aqSh!#|miXV34H`fK`0XX^Y1uKrDJk*gX?ne;;*%R`xJR8Y@<9N+cBA;D zO}(ZBk3PAza>x*$A@NC?*581f0W5i=X@rZ!Cyg<9_jrG(&|75xM6=&ML_o=T<_=E6 zCr{xq4PX0{0R{pZpOj(&DRvc~y0}oI<*Np0IQ~B9?1|vzis!qqidV8o%GES4lu`8Q z-HKfl>wJ12ls%YPeA)+f!{eFY55*T|Sf)KmeA<>(F;@9$SFY5E`1H2qiv4sX>eXY3 z_s3`h1|&{A#7Odf!VTw|;R_WT;W7f{RXEZUyllU=SM4 z_j$=yO>s`afIe{!)aDHAC#d86-BWAU%-%>#43_9k;#^;Z4hzJ4(tp? z8pJ({crzUIP5rpHcKhwluUu`8eH%%6kvTt!=?c^S@?N7uSMhl!x`ajjIoF;ZO`NI} z8QsL^bvksVA@n&T5M*=ErHA;ui`LD8;{M#j0q5I4-;EK(H$0%HXNu3qsEM(UJc@gt zQUS)7ra-zm+pC%I2S0yO2{rLKLt+$HpVJ;^&CUlck`{ec@r7j|iwzY0qB&uNi5T$1 z;`0Go54REUi!WMfRT%>K+@GFFb@n+;BC7ysy!{6yy8TQMhN*nbFG9FralNO!1|GC@OL&3dNUMR2=z%*gs8B7)@6bUpCM(x!AwpJ_FF{i$Xp? zcrq%!q)3O%yiDC>zgU}7d7etxE^Eox$wps>Slkb*T6_sOM{`9Bk-cqiqbhXd%@i<6 zKg9yj`Bgp4g*7pdH(q?n92{uSuX6Ab0=q%+71x$g8jQc`((2ZYU+Jc&Hy2+$SQkPr zYM%fsV3dFGpkA}K_{tCRn!s7mfu7>4;pxrc%pmXatMN5qX2k5-G(5`YR?)k56JICY zJ?8?&8_IVVU)So2v@u}%UpHsVpkLXU1_)B);UMvKE3G@$jrh6`Zdeoj{*d!*4&IEv zLiZ9yOz|~acLjos?tVRnRRDH%wh_>?H&Lrjot9E9K4M0m_%w<|>H%s0cQ-^^9m->nUDp}EiM4;Y|X`C<4;pT%7FGO}=P%I&wS-ifcKXg#T=&fTxw zZ={3fFv2N*3XsuWlqhjLwXwT|ZHL1203fO2b$^UlyXTDL`Q{_h82_X)?Qt znS>_3NyoJ{IqZ%6sH}!J8IgA`HsvtBoy@Sox6G{3qwgx=G`(|@eunsVY;w${;#*=c z7BL0841A(jEXmO_GMpD%>PD70pN6y-OdNjp8T>L=p)!93Xk?vl#tM91=J-_?=c^dd zMm}-=W>{JVSoC}Y)*A5#gJrvEAv;K>!5xzR{76nb;8<~CCfqt6)MxAaRfYv101+D&>~=V>Fl!ohGsslB`&dTSpeWKi~2FQY*t@qIr$ zb?17K5a<)%-^+iByaD_ZpVotAzd~osbA5O@4IMVb_m88DKE`>u1|EQ1E^#57{TweY z;IR%g@_99r&p;X`m+pm|aN&Y`UQ{YBPzEAVXn#A_IEOB?y_TGhNwUO+he&vi{envJ zK$k8kOAMBu4~n~;`2K+gjSK_p`ho%>L*l|1fCoq^_x{v@-@qICyhl>1# zxp?*=3VnMX;fixlvONlwA2@gl&>uK(Hf+D*czrW+uP_pZM`s+_1*8 z#RCz%?<}>nTD9z#h%6^gc1LmhrDlfV5X<+{B#`*6hDz) zz-%t9llaM_)wiG=erl{|=oYr}6p5eu8>uE1{f{G1%wk%W_=!_##c)|((MGFZ-@b;h zlHmY|Kr_d>;5+_727})})0`(n`*Ryykjj|s=Hlmi_0c)M__-5enntux{LFnS763yZ zdST~?pYpX%ndrt3y4J1=q}tB|wdSbdbwR;3W;w5>F|Uulv<7UTNt~Jg`?}AqA>afR``X`8(HC(p{#+ZyG#6X3ppD1 zMq*@GeZP=RtZ+fd>m-J9O7V*LHJPewZ?FFEoknWT?9IyYdj%|QI%jUsF`K`3PcCW3 z5r6GvAkILS=GPjqz0l0BaN1}b{z`n#70CDI`KJP)O--G8{C>S*OY!Rj=Hx~ll}~Q} z$-XCK16uXJrLoh6;b!@`BSP6MLb4iAZ88jQtF;7HI{zZa+Cbv3VWH&q^e^D4RA7Y@oxY#W{ z1Bp96agos=qo7b+B-jKQe32fC3tBH0jf0U=Qk)7EJpP7ROU_%xrmL#>;|7qIZ1o58 z#S|U>xQW~mbO1nPWyNKL4&GBY@_c*@KReqV?FW$f0gEykFKObQI%iZ|Cn9GH9nX8}kb$KK% zIA50r;o;BVtI8T6WKkd@F4GIOfRl!xpu31mEo#?Ot_hN-;Yo(X<*`_H#>Akw1ny;C z#^tt2s*20Kaf89*ztAPam>dv)Mo|}(F!A@d2-n-YhOuMc^a1ZX$4BEk{`7sk^TiMo zX~};@Y2W615sLY%^t!q57w1Edo~Peo@4AWR`4#1R5%sx~H~;RBs+~=b7@1YXl|JZ= z;>RnusS#1=HW63u&IF7D^XQ7p%pme~rA^WS7Jt#kGx7?>Uqx)k=PV>)?9*fM9ekxZ>5Cq(fL=Rg%ajuF?o1L9fyTvL+w~>YU=j{DW?dnv|z(iK~>th;G9D zirTB{kP?5T^ZP?(Ha??-)9cD1dbzKeQAJ!OxXkIe2B(6$R$NPEJG8p&#Y8ro!!$>n zx9gA~*SaT5pqS>NCax*jkXM>`(Tk?y%SVFTWwY)vs@4+M3PD|H-)mfWq?Y|I zd?A`Wb;Y$%)mlVr{&rL9jCa;QPU<3K0;@GeyH)(1q1Cm(2-mVRs+eX$VNCqp0*{ys zUns6&*PQ7Jl6}NgsuJ2XSD94_lSN!*s;}YC7k@Xxg@uq+&^`-9&~RQy0)|Wc%?t?W z_%)=2y%wHJl9K;W@R`iJ|ECVF^wRjBouEDv2QyJ3K4*$ivyu3x3zbMn{DaLlOoKa1 zvp4>XM)LeKocE&6b8IWV8*0h0%iD49^FP=Dt)}rGmH8P>JWpI9@%$7$HA6nl{a5G? z+-uxh6VU3_1BDvMr(5DekIARi4m@wsIZEBc>ur!2B%ki9x(b)|Ie4e+ewuvxZe#)J zA^9|o3}yKG#6Ne`1P#Xf<l83~*y{+VbX1P599kIQuF zRvw^E@sHX$7eZdsKSU~#?C6htuh37mMb`eWp94RQZA(-yE@=-_b1iN1pzixEkE5SS zXBW0WinK>*u(kZsE(RsY3eu+Ju_lHi`paXhFG+#|f^uJqcx7Gk$`Bz=73*EY_O|<6O zthJ|BJsta~{&U^pknw6shPc!L-L>CPw&=;*aqawxd=5;GX399R8!(6OuPVtgxnvwz z2E2b6Z_nn(m&&+WiU^X7x8Gv$$@xN6_v$DPwnD6&L0zzF9&&2496E<}D@c3@OnQn)EPCHhf4f|d!@a1g(>)o zAI!0g>N4>F=@yU)rtP9-nILqaM`ePTfF6sl_j8PJ4`d>0RCj}e5;X}npkzm29~`qx zw8l)h3J}dGm1T8N+$!Z9CMXa*L0lq==FH}1H0Spl(RSh!B&1lfEDs~{V8dzw66s}G zfDM*9zqG($oT*$N@wYS%#sV42)6qYqTS4^5vapVwPKC0(D&DtXtN3JjE%kEzQ-Xo< zc@xm*A1i$%OP1f4oSdjECkBl+F5YsTnaacDs&Gh_KMV`R@<;N6Q=g9*IAOGbM4DMD zl)fy#8^c4)G4k0&bmz}|u$pBB?QU{ve8E$!3u;nU(C`Nhk^B)amKB+-1Q4? zL#NunQu%LZ;O2dFuf(|#PDU>JHMI}lM6=@0bQnLkVs-o+gp<$#cFT9ATEDt_;8G`0 z)S0SmLbwiSAG|21wcv#}B&W6J1%Q?rb@0r-Ho-JfPNR>e7s+XNqa1|U z;fL|Ry-P{hMRXyP)p1-N7&MULW8^gEVwu?L9_I1H}$0{=&ZenkO=Cvf5^2{sPM>33kR-FYg-NzR~Yf zieh1NjucJu;H~+k=&QrlFP4JlgBzR2v3XI74lIqmi`WqSwepc?4uLw9k{*~lS_r8h zjlZq7vtiLnSp&KNkhYXJl0A{7mXHWMVz;TKVJFX0ZtAdC7o&Ta0#nKdP|65Jr5wgP z#ifZeqv4ZJ+m`Oa57OpIc`qWaW+)t!G6MJ8oZv;#HX1et`lK916ecXC%3t%Bo$rTQ zuTqXEu2I|nO|BHR`5%!#SV0Lwjq&#=pX2is?_TLkQY}X2uS-5N3Jd{4Jd=w$R9=Ew zzt0rv&_a36^E7RKAg`+ip3TGs19kFQWddM-owIog>UUnf!R@Xop9S4aBNC9$Fs(lDQSjJz?5h3ZL;OAm;J}d2DFc8z#>;!S zsyCF+wF9EXP`!LEiQUWRAjJ^Mkk2*cD5342Blwa+Z-Tt<{FsY2FVniS7t=){gd}HD z;JTCYT+UP?H!Nq8C7BTBe5Dru;yx@+@i3Dr7z{si0RCb_BvUCCh4IvRs}5wQbB1`U zGpi9+8Oo>1nNuot(99AH%*4h>`|rn4&^`(O-Xmw#hIr+QL*XiNmY!5xvl0_lK6PB_L%cQA{9vUy891Wgdu6*iD0*Vlrlo z)dpsP$j^3l*UW@e!-oGHYS|Y;T8^og$QL^5NN<7;y3a^)>A7-FI#XUI_~kSzR$waF zxgn=xtTaHUb9tBrn3U;l>9E5#p3W6w1|nf+buETyKFrgN3^}(s!ZEtfUUf66wFxR$ zcTPPDs$y_1Irq*=n##Gi<87!&`xJu@=alEU^G4*7%DG8H3*|j>ZV?kmgK{oiA&);7 zTLAq&d)Ezkg)o?$m&1#w{U*28sut$m$Rz?%B7=TVx%s}AZv@Z|}n7Y1& zRs~^yt*V?i3>UB~=F$G96O(u*%QR}qd84qm6bU$T-o31t)%8OO%Zu}D@M3*AFJja} zbVJT-!*DY6j)p#!AMd3#Z*G4>?=gNk$Eev;&TrSeIc1TY-vwPYu=(H6ZkO|Kt=ZGS z7H7!L`9x-1z)cjGhHiRcug{%AxesE1bKv#k;udz= z=Z)AWX*d6VKhjF%0_q*C)i>#P$L9{!8#a~;n5P5Z#?YF{1-%<078Q{T+AyaiWbYz$ zZGZ3t=yKsfd?|spAnAI70T!s)7%vyl?8SLLut}ZEgGkB)gD7hkCih?1e-FmH4)*?F z@hwya$QXNv!q_?Q3)^AUnFUxW3mNHz<67Q~Z9!_vg?&juuUtqW!^Az@&5#SZ+rrF+ zP+B;K$wtNTmos?a!h28xe6NaJl#boOV9iBbdlY}piU(l2#4ps>b6UwoZD5z^KKoFY zB=5D8i#p}Bq6AoUM$uULY6M(f};x#kXP=8rPVzQ+5^An)X6crs6-< z_1bmhVyFhv_Sasf(L^pzsa;3s24}fQfrD6-a?#^p7i>Lw4UqzueWcO#K`!o&6%L;| zkS7;YpN-WOG3N5&-iVtSpSII%}A&U0s3h-Z*oODs188tnrWV5q~l{har`_~hGmnpTykkDit9e-%wuT9-gpywXRipd zMGM+;X|@iT;g?GZej>OfmnMmTE-xixx=KKyXkt|_&d{$<@#TY$7-pJWN-4|%Egg$D z6-T|^M29qAns275o$Okw<}{Tr_S7cT#0pyUsCGL*H@VP&$i+1cV4=lwVF~w7 z70IPf={Rg6CYQG3feul*Aez*Ai-=|zNC;j)Wa$lt^Uvne#9o$%?tyuhJxO}M{}|N7 z=WX!RITtZqHRQ4>D(WbgmGFJ^bGgp)rS{V_C+)A5g|oc5s>3ep3)WFC`0`tn1f$?_ z$>oTJlkY@%>iTq!A(B3Imo_zP&W;^yQ% zk9Mq$7tSYtT z$^h9B`;FvEu12EZa^-NgLug#CRFvV_LH2g=piT4$g9QGfhA-R{H*7;T1JeVxhU>nJp^_BzW|9klu>Xn$odZ2kwbCs$)zHR7~# zm7lOukzCygCEZatMc}5@O~Da}gq0M_m2_JHXcdI*8FW|@FBB3&`JK#YKdZ(`K3GEs zfQ+~%2?2%*zU;~#%_*WDU&D!qW_;xaQuY_va=6EwMnus*Cp;71_6U2vCJDSbP;Z#B zA7THQat)C`J%mxzlWRPHYj_@qT+;>CfEk7=Tyu{O9xRq?9)l8ti6r6Vfkt^@ZYq^) zC=&JYat*ds>o}?C$LeU!`R(6+uT?%M`n`4ly2yoYpG963cJLT3MbrW!9l_HlI?2szg zO~DE>Bd{^o<>zfB$(O>}HF2UB;;!U^b^y7!ZsmG{AD$v? z#iqr%o<4|@5+1p}HIaazTt5V@psV}4<9&O2JAQA%)&V#dFcLS^rS)7YH)P>W3wugK zGI$o2J~zNDVlD zV?G}il{yRI_8HDT1}x*>Sh^=&ZfdE9MRPAxZffg+jE>4pv)?9 zD;8N@xv3|y%c$IVzkzsTph#{)BE1C>v59gC#N9}%1u|`uLW;l$5xI#5n=vu^DHq45 zbPDa+NC>gyX6hhzd^4pxH@N;lDHh*)x9&-mo9{wTAdXe{HV^Wo(i+{|4(-AkO)!`l zU!nxf?}PvxMHMyl&5!d%RJ+AMwTij6D3@;@CK&C2WLqd{xjh!A9Lg=K8{?zSg#j>a zFqaMF=22Rv3u|M`owxzVGa|P@w&3gyEThfEtUf;`x3ogL>=PH9+Cv!qr9WD@K+R$w z9?Qna!&_6>Dzws81%woNCrNc40H9?j-k9S!UPG&0+c`yo|4Ci%{FB0*i4T>Me4aph zVnvBrwV~X4Kl3Mia_b}L1Df8dB7(uv@-L97MP_X(w|c8KL@Jxy#v2@b+-ZOn5Z~X9 z7{IprTm#t24&eY*)XFe39}v8^lPY=v^03PIDQI?R=sn9IfD zJktp|AaYwsy(PEN0Z`G@%T4eU@1wOCQ$T$3^e0=xCfjib`vD^EATK6EsGFHrYcGir@7O_OmsW%Z+SuoBgak%AX>w;a zF6b@FovDyem?!5lml!5FTkg!!V6bCn(Sd z=Jdj0CunGx8V8z@J4fNt6^;5!kk_ge%3aO1-X6^Vj=|OI5WwBpQOiaSguTBH+I4o( zO0hrbhHs3}kh{jK`Y~6#9>W#v{CVT>to$PFB$P1aZiRl8%H7HiQ8A#ztR|2!@e`fR zDR#Qt-9e>g$=!80DM7hwB3{*f_FHuHowM{GRa0v3f6{Z@%|3HfiKBgS#?gnQsXZ0O zuOau)-Ec*?3D}Nju!eUZ#B}@&oylran_Ag*>v-wJxFzg^tAUXF@3rjRo7mqZ*<2&S|-FTQfcJg6zDI-hI?x& zE5um`n+0jXO_NQ#yfreI0=#stulU-;KBp7d_AaAt8?UaPln5j;z!uph-))uNqJBLDjw4$AH{7#sv*s zD)%ZW2*m1LMDq2&wdD8=xu4*y3(z>`eSaNXyTjP$?f1ROaQ+#bRBOrow<@wheD;<5 zLR!mou;SjqT6GU(-u~WLpjHXR=zc6U>fOBssz&9M?4=Fl;r3_RW^T=?B6oKKYZGhc{xB*0m%K7)UVJ-c9&CVp zEI3h79>gyf=|NYqV;>IV+u8f5 zk&-44QTmwPU{oHOh%2!Fe=R+wnmqJG3WO}i?QA1Nc9J}7zxOYWaF|vHsd~5--l{aN zsaFqUS0I?aNFJtrW+JOK@m*`Y3lUjM9?nU@c?#erdH8)xJQfJ5`Dg=r_ z*jtnV!+ARL5WHliJ&ue+4LEItB0LhcH={OGP#%M> zM`z-HaIbn|2A%oDbb@it>ANi>OCC?vJZ>!Rv}S;Q}2Px1lo)sV;A8(C>! zs)&5O4rC}Tod1nR{q`qWy2~wJ@28q~Djq}6?f-E??e|KMKP_J$fxbdczs^1=Ih`qA z_nAPc(7?UORZOz5y^Np>n#z)|Po`ZPlqb~sQyY=D72)BhG(XP5O;fkcR9f_xje5S%@%1#^q1WI%M_L>PZ900+1%!KLf^+1_q> zViX||q)41#bYCxmJLi>0+jCD>UO>K%9EfUIMfl}{Y@CoRPt<0jU|7D<0K|a_dV(&# z5%bCuKo4;|UjRGeOYQB>kb&`kSR}k%oJuJ z$~SoOl#v&6-fP8Sd`1J^Nib50!Fc4!KDYo2pQKTYA6B49mnU!IaKb#Y!A9y5UP+t=umQ6K;LEAjynxt7?@o2p zGUx@JA|jzwpFP#fj?HZcdVP*;a5%&C&}=6c-|>U}$zI5&lcydb_ri!g#Xax@O;34Q z2hJqNCB>2%jD_VXswg8;dTKacv_GW3f#ISPlaO(RMet^8+(-%FXCg4(sC=^nD+?ow z90=XXMp~wYGWczbOscd~z2JsJZIsA2yAec=$Wuev4iCFo)`*>aD~E#ow6eKTU;G>7 z%($G7i8NriZh5*fh@50qdHP1a3nipZum6Fj_`B61=jG|USQ-;~dLS+oSyScdHUtNw z^7Ml$b=$tw1m!Dc*CR50dP?#I3@l5YF3?i3Cr7@8C$tPsS0&6AihWO;AUg|Ni zy!nXMxgL1tP;IStww@;s2YFUmzI>~fRyA9nAdg_zD)JrWq2Wv&^2sCI5SNOx3S!B$ zkt40RD8|X7nP|feAsGor{#J(8r+G<|8S;!GF;F~tW+X}hfL}j?L{(d@Fya(>hK!As zeuiN-0E=g^bQPFlucRcj_u-U#%RbZ_jsqqkL%!WQ=`Fn7f?^ilHBz)(A0Z*n`gkPr zuct5d8rhBI+Ycfo8plpC*84VX5Ka|ru+H-B|BI*V0FSEZ+V|cq=?Me`LX#?85mZzx zh=3pPth1%Rfl7aVXDe-=Q3dHaxtXa!F~2WnCQz+Kw{kmM zX=HwYkz1eROZa5JAu?{D$e?GnmGTzqBsyD3eRU0O@i(W0MNO9O7Z+a4) zZC$A;lglAz(An1AlL%P|64*AzS7CkIXp%%IXHK58jbRZnIcXS}MKr{smK-+Pc-GmP z!uo~*XIl=d*q~*Cc3V1IYSD)2bGE|4fN0Txv!x?@?d@!d*d2n-_G;(?e#D@?p5lSn zTn+#X*(j{+8GN#<>l%11{_ygEb5B6jy z#S~{k1N+hv{~)_R7%o9>x4UExevT0d&W<+--+)-w98GP9Ib4?!YU6fxMACnp9pu7p zT$GV--=a-Il$6F_4dk8L_5~exCylPKaBQcT87bXzqpn%1w6l{8#f55GXrJute5w?j zj)l%nvVZ#7#n-Lam)l5jcD6E-Df#ZmMff630XrGv2&T1DAICy_Eb^mWp|#OqSw$fJ zPdz10Y6`vqlBwnFg0+JJlepX)J%-hbNQiTGAu-3F1%Uqu5CGITWJpSN!)Cw^`cR-IPV#Km&L4DDcEP zyI z@f7}v1TClqD?Y=rOYV{(9?+cqQU|=aSqp#cEu@Gd{5}Cw+zM56oxT47juSAt0DvZi zUa;@IJ`=vHzFE#*tu?_syO$D!I~^4ooV{)F$e`xE9r3^;M_{2_Y$?y@8!2@4{L_&~z~}tKugu_n)Esq(W-|y2Sc{+Y`G7O~4`YFV<%4dM zg4h>;JFcQR1!i=dv#(s_M7m*K-d8yq0T2v6`KPNJ;lucUzeqIJzEYeiG%vSN!`WBg zs2YQV`wy3dUHpeDa&bZbL>A-^|L_c_x|~Q9not9L#a1ulS**{XJ!QWeTc&Ymf2^Lk zrU&~=xj_$doqb>MozI>hi)yN3R)5ZTeG-q#{+7D+5vm;c#O3U#-set-kKNf%yA?!k zkI~lI_m)v30l2dN1(st4CEQ<^xZ-#A>EKS>73J(_$y8*VAF69~?=F7OMZzp2%{frL zJ9_sy2N;I~UGaxD9R6f^Gd{sNK;B~p@1$`h(|Z!i$dYvqycQ4c>~{{(|L($_N6rCq zWF6yoq&?b(my%t;v>LPt1~!j#unF4* zor4sFsAL}`Er35a8_WE{Inc;R<0c*GVU(e-m*Ie-% z=w8g_iN+)>=MZHuZ;lUPq(SEps2fYk+F#LrV-JhR--8tC#ex4<1ay)=KyxUv3w8+S z-sK#k&E52it29xGB}`{T_ipD9i7?N@A^Ih_+2UVlnQmKlG~LmT&iu#EVk>MOF0nq( zGUJ`YW!#|4KIbrVAK*-8`f7@ExULCne_!WNADXEPK)en?XFy>;OuIY>Pj?PcD0Sx$ z1rM=erkQKcsl(ZS)8pZC5BDSJsKy-OE9A?33XW-?qBbrLR-n=2NOevblz2~detYgy zgoTB^uWZGacaFS(urNeFIY+cb9BqE5{ADkpO-2l37EAcoe9Il{9O=QMhKU^M`C#4H zt9s6nmhlL0@n<A+q~9C^%& zOLC4r_n)6yU>A3>Xihdbov=QVQhoXsfs+ zieq~}Hxf|&Rt)%(%i9kj)^c=;zv&yemvYvzeq7W3USzt*$p5qs;&qNaMaMPi!ZAuD z-b`rd*c?z>=U7X)8bJ$=LC!Y4*@$b+_lt?NPur6}rkUVaAAA9z+N=7I3*v4<{2h>p z3LMVyIBqlQX*2pHIm_}RY_`8jpo4{Y^xUPy3M67Ue2?G#9bLrs~M|rlyh>k8Z#yS2_4MbWm&$x2} zNJsnh*Kyp;y*R{p4eD}&lAq}lSG@RGBlU^rnET;(PLR(Q-hKACEf|*&4PVXn~>M{Ukummw{00GT9rP&Yw9^c z=U9K3fjj|LFL6#$Omp>1&k>8#(3ALHOZ0bIW9aaa&UkbCGkCY1(=7i>B6zw5+k*&- zf12V~u%u|`bQ=>jTmm3{rys|w7$m3o5T?S`Wav?lE>Tm<@0_N5j@wSMcGimVjDdte zdBkpwLo%ik;!*p6Y0PbeFa(hV_u|nWI9=~zHA_${0&l2Mh?(dw{;wQ4*&p>-6 zdPF;C>k&N)owGFDo0;K%sI-Ou(&@)Pzs6AVv+anNXz?ny6v8OjP?B@@2}B)H#yi`I z(aY%D;vgVZ-*n;>RuuBQpY!0Q8N5hlfZ<%uIbk8IqvD-&EhybU3O)BOklqURzW5=B8i8l@jY*yBX2jD#aIOzO z&2`RcV=O4U_`McdhQ_=CpMbdSH(|#|(O3wM`m@J#_obL_v11q|~phRdp=PPnjX@$-O1}edKA#U{qfX>kZ7`~rm z#g%d{bkpbAxj-um^pbyd?bS_Lk>$9Z3yiJg>AJ{`(H!w|R|pZI=`UMxWu1$U0)*NM z>s*9D3uY0x@)Ewi^e$I>EiNL|d7X>x*e*K<+T6ufoC_#1ok16C$CX7nIp;#pI7EW_ zor}nFp?Y@aygeY=f|urQ4is)HqojWKJga*4z@q1)$!8v z_({w4QO>0nuqC4VOPVmJ+LOzn-M^%QHeMm(=Tam9Pvi2XY!5CngMk2$y_ClO)3Ei| zUd1Q&ve%i?c=-{$#S+4HHzd1+OKO`PGo8!zS>+%o4pT`sZ~;xwx!ky8CU^E?hS31U zwVew!jVcLH7jP9+5=!+t=lUB-j2^#S3F(kl-+*%o34;t1zw`#IZ2-eLrefd-U#iR$ zWANWIL`gSX_IVDf3IKa>(SoB3V7SuLQypEh!`%xO39*X0p*T)g-G!I1=~$Y_x$+iw zyU@APUV{xu_lp}@^`3C9yhlTKmUBh32$UngOyitAiyp%8-O^;`SLyM^l&-q*Da6E# zpx8QjA_im&}MlVj1s?ObmVfzS2Y>>4@7H?<6k z>m;1(Nr+moGW$5!aSsOl^w;Rtb0fUm=Ui{Y32Mu-*h9I`p7AM-f7d_7dyuVLV9Us1 ztI3I=U+0F-|D+h>a&92h1EF?)=SDmlp!`DaEOU&dutaC!zs-f00EVpldxe+=su1 zczi=^YFe@J&dmT@vGAUAGoRA{H~6jzeg|<*bZ!>L#*<0k#K{7HoLgo1|2%sHY#vDI zW|u`HyV0U@O9%g>ms>RYn88g*-E!Sw$m!RRMZeRVbGs#NzkcU7BPS!iLChiAxs4LXG;ZC7?4q;VZdb)e+L|63 z2?2%hsOa4K(kM+U_8ojensSGhIN0`q455iy8M+Vs(j#zPBamz6(?qU2-K@@{@;)yK8cBG=0T7cQQeotW=+K7Xb%I@*r}=Id{t#v9#9Q;kk~& zuF-WW#-yQ#ziGJ=GgJ9DL>vo!_avX!rQ>hO(x=RrSm$mJd=?Ri(N|C0eL)xdT`Cng zMB*>txvS{AmIxOS%WL2>`=_cdZ(ZkJX~c-=9I|_q$AOg2y@#v-V0p^9SH)Ww0feyf z-YvlOgBFP6-FMJwG$KbMer-4Ghxc0On(5A63MCdW^e$K7^+&u0ci-SFdS#0Hlpg;j z(uapXfxqHAl1D7xa{jH12i&kw==@s)Pe{0fK03YqL-_ss3OdG}&{RF_O#me~&Exz_ zP032nbN+pepoE9wUm9bhS&p|KXsh0TLE5R$hm@oF@k#YwQepe$+_Rb zMEG~6b3Yy6gxGXHlN(=knrSyhWb-E zfch;20Wq*TKC^Yf*^uaqmw=c{4tR&l!6M}V4PTfg7m&!|N4Fe+GJ_Uf(Q*KVE;ml4 zPn@H5!JY@j(=A0Q&I_JZBS{WuVj>dMAMnWm2nGYgkfIzTkMeuT0d4U$qn39wZN|O} z=A%iw6rK4%`stN|erTe8AHNj;(FEQ;*aIT1So=686rR?_^2AHgpQ5c#+7?$F42^st z!c9v_JK6)ANSa^TRY6G}5b=M=7sMXYH?g`FCN4rmdcAbJ9VeeJZAy9(>gtyEyJU=c z(tZ^$qi`DoksiYGMvH{6^dc+!(3Lh{w=-UPF8fX3^%1;hD~S#crdl_ z%hAb*pUx?iVZ>3=e<^k(N4Yx4P;&#BU70fc9f(JLlW12eN^k+y`S z_pWx$|5R>@QPsTrjhugWhGhMn7#_XEP8{oUaHh(0Fd;l zFAyF`iNl`X8h=A;`{RIP`cbkZN=whsjAaQ4GQetIK?w=|8ZS!{3bne+H9BS zFZfi&ucQuj?ESe`p);eiOGFVO$Nck{}g3>|RMB z-q1~B4>TNYjl?g*!>YtGh)YDByY-AXR62AJR0>v@Ed@+*F6hmD9F|yc zn`v?&qpo0;yUC4-_96Br6UH@h8wVVPr9UO?*Ro8x9Ml(62FRxKq=*sC@QYYP(>Cm4 zF>=u7jGqDq`s82|XE>teAkr%jYVQ^J`hJ2JShcx7Vru##`F{IO$S*GQYLv-dj zZBbPvGI&y4s5s#d$RTMcSLVq?4S;;HKOIAdjQwZsZ5?jEX5e%Ql zsqALTCPi>5AK^pL9@HCQH&VJ_0N??UlDYxcEOioWPM(xW7+Y({B}Ws{N%7scfd3cC zT#mlZc_9%ZI(!xnhbELL!Iw9ch?ev6(&{dr)5-_0Q z_Bo!we39#vm?-vZZ}NAP_3greQ8mQnk+>#~ zd=X@?z8wC6Q6&!KZrJk-i^!5As_5+r~ z@;ncmR|%FGIVz%lTz>POK81M%FK$s~9=Dw`lcd?l(3+PAy2+c|IGgB`7K zgtpayiBFEE*rj)ObOk*XA3BPbqie#x=gLYgl%px6dQ*`k;13p!Ae_VD>g>tpHlwj6 zN0atML*@#i7MV|urWnLnMjRwDiLyY6K)i^jWC&@K?tV-n`7UNSMi)XSxMJj(ie!la zIfg=k)w8EqMr1A;|2WCWkUEjkqUD&^9}?klv@zhB+3FbsR$l6qJdGr9K-?@Fv`WF z`6z?7hYUHoIWt#t<*4_eE@>;09Q7I)wAovZ$j7c>4Wnw3$oG{)+J|1%twfVbz9nK@5$Ym}0~b@DnN#K~vGB4wXxgxrzE(ft_;{fNMGyJ-B~5>`Y*Z6^sUysD_kFtjQsVn)9$EvIhjF!Sk+{jy|IeP)i?x5DBwH!F?O4s8otp0H&Kg4IyM64Fii0q zJvk^ma&kHvx&0uaaqY$cM$5tR$!OF-r5KOsT*a1fuPf8X)!{zFR2MZ^5;Lr9c5n$*-F5feBo?o)NS%u5FTVwTbJo8$*l z;5QZchKu`#oR~Sy;r}rK9H5Ms-_)d@iQiiB1r)iGH1uFE%A+jz4R>4LOlYs{WWtE^ zjh|j~;PgE*Kk*G?OzdJ({+kr1L+4un#cf;%53M7NESs`&dS%ViF#7Zwm=HiPJt7$7 z$?2upds-^eq&*Onrq^}D+0$3zz{PtwqdxHY;Y`Zu+NX{@Svei}gfr3G9vs8buI3_| zp?GSV+2Cn8BbLz&ka~WuWSP&(8KoK^mx4!i21Ga#T5#3l@IBV=k~3QI z0n?lD68lC6$X$UXFcdJ14$UX?E#CKvC$_4b(G#Z&=se@u2Y{XNI!RfkoRNhtAWqKc z!Sx{YBxs|u7@l257l}dxsPONTGxB1q!kHsy*5WX@4DoaeG_k`-i;J~))82;ZB*>W^ zu?#ey`8IJrXfNNP8hwKKfN~`)wXV@8ztwu_lc) zv&e(YAOdnQ-OUfo3SK#@Kh9930mX0vSiuAqC1*oygvKPk{sL0;X;cM@RF|_+0tlB}$ywc9 z@X-c(%h@R=YzVn>7L_(nPs(L-b{?L+{rXV`vWL(>Y0rfUAEgX2 zkJJ}eLxG6RtBFQle}GlffFtp8UOmVVgd?n{SVOj)OY)7gH7>$1zrSv7%c<*;4T-!bYVV^+@YYgA9dshC?WqW8>u&4`aR3*@|f zFStaZnENq0v=8R+@1gQ$!$$Jk)))*V5YT*Fe%qe+_CO*J%5TXQVU`x7tFZCqa`+qC zMpZGi4R;^9<+nPj4t15fBXCg8$K`=EW_+uCV_8Byjh5l-)!;0@O6#9k<>RNnceWCe zKne+-l$ja9?lQy(rVI&!p}&HJeoTeS#rEN9z!szkiW{A%DM5cPCE7Bl7!ZnyO-;?_VXp z=F9KvQCaZI?@@6Z`zeOiBjhe2irXu{XZ>YDO$>rug|lS@OUp&?Q#9m}C?gkjk3~91 zPH(x0z7Z=>C}xmq+gF;PeP~?=(;X)l$DloT?H9^9_OcJrA3k=;#kIKnLb;gU!H0o0 za&eLyF*3b!963`sevv(sG-4(hF0og5oc##nG zZJ_8NB+Rn7`?Fhv|JM8q-iOtAeS_Y$Nfgsc9wkViAH{59-erxaQz-) zH1JJPA-c7Tz97o%OOFiUl1p_AY_?qbEc-{C!PJ&;?aHMuVJ{$D1?5uhro&}6R2DE) zj9mJ*3DGY{E`1EcTd6*|lpEkJL});2Kun;!dkGZp!OIoY-0gLB zU2)~)vJ@D;UASaOF4MH4mt6KZ8k>cGahk<5%Hkd*jP|5l))f!BvbJ3IR9rbXJ*9FP zjeoE@^xZ_qxmoSEl1_lIZ|#s0*}v0PRH_2E3vQ827i(VT+zue2#2pd=RFjk| zUPRxp;!mc^Q#=srFzTw8B_*K7x#B}SXo|R^3(peH*4R|=68xAbSM=ip0J$Qaj;d6~ zXg8B9YP+ggG|>ELFgCl7T=A+a3Z4L3GFLRibYnAE+CMd~AiKLxLf}CJ|4XNQq%mPbUzXeJsH{;agzpw5H2Lm$kt${))a&Ej#4RzAk!9|U+EmIh6g%Ri&*+vk@*_RtX=awS5^X#ZH=4V}8u za{3};0y5k_l4Y@gd|M3G201rQ=gKV36;892pJ3SNKze2_-Pm$vU;GoelbI@4aza+Y zr*}#9?K?zLOxlvGnzBh2%>Hr}kAN!}L`2^^?EegGqG-?sZ?Q8cqoCxAxfDI|VS-%M z8;U-5LaySN52#sbxvDQjVs9QUlZ7>7)k}a4R=0}r5>R$vp>B#j7vmdH`ddxU1A3mX zaga-zf-Y&T&;{CQ)q2LM}0>I-n`u0D~|)rm&wXgI0Xyvq34T)DcJ5#^!zW)(1n_OaEJhN3c= zXa_=jQ=6)1Q5+N#gAo9_+)7F0wP5V@`+d&A<^eS`<_uyxwGKz%Jd z<{dN=<7q)gw_f?vJNk2|{92hV){EZMRB zX#}2e^5+U<;Xe5@?a-PC6rJw`OH6nu_2of#S|TM&{`?9%VeME8`pwU;Ateje_FnSm z=CIVb5Y>VA4JA@3t5f0s8TUI`y4dhe9;WbkMn;H9ui~%0wmBvr+WKVVYPs_Amnv`) z@}30w3l(lSpAjW$4<;|y*5F@WZ~}>T@RdriVE`A7f4Llwk6>~+4tABc*04&Qw_}kg(&$eI0Bsxkdc4Q!Mo^!2a-y7 z5^h5)a}VdYto*GEDo%i5*teMgdZcpXV~_l;4t4>%@f!sIGq{tnu;?{f{?>#PJj*YC zYlAmh#;+`YOEJqbc254*p4MaBQ`VKx9nd=R6}tNjjo~oMm%kNY*={CUf#tQ6zt(V9 zN5#ZE`CAX8aug)wUvVwC2ez%>0XPJ52=OR-y8Jrkb*5%ya+ds^q=yxjArk)nI-aAz zv$V&5A@x_#3y=K$WsKv&jmo)x`MWm!WJ+BN08>UdX%~s~&UTMLzWh1IXcz?@?x#nq zHi*HBf2nEUev%xyHksq&}(JkIC@)h?(^uS3!`txCVJU@wlvFRyaDc!H%aW8vwE z60`a87Y`@$F@iIG(XQQWdU<~-&6k0KOmU>uLp)etj);X)n)>)+>*V^n#0=1lP0b&| zZ#_30zAw!i*FR26bZS<(xCT~xN>i?zkdpCbD*6XUy+^4QVNpPv0i-IIYhpC}pUMc% zmH)%`VLZK=|BFR%F3oD|sSoq~*azYm#Njn6%Ktrq2Tu@}t@$OA?qT*qyPn_@0LFSE zwgoA8eE}XkS%pxN<@$bj)~balVHj)ZIK!XAKNx0QqWm8*K!*yIl7HX@3WT6rjSN|+ zX(aA(i!rIv@{c5Hc&YM_I_x^)z}N<_8RTS;nm<}ojRe9@0bcThDESAtj_L8IqpFYm z<3D)mVtt>1l#|6&9(=J9K5e3}TmI?B15LqbN(Nx1BfJjQaEP>x`FELCOn9dMtbw1S zQ`1m~4VEAIrxpSI@=uC@o=g@pfDltn{?UjwmUQ`t4$sJyf5t*Mz*X7-`6t7qfM9=6 z!A5n9%${N}&8%Wi7yKahqoNY$lGXtSFg-;`4_E0uusar7-NQtStK-b+Yk*# zKd_#8$K_@|G|ik0MsCnLixqjhTF@JFqtZ^;eKDxx?D zY0ie$oOpgPJo#x@fd+=2G1{~VkBhgOi#WOA<2G$j8J^?H4L+E6P>9u6I57Ny`G)8! zH{_xX)Lr|`+m_32B>zstTO!zo_D$bHT_N#XCvXSxUs_WDfN1&mGgR2p{qk@6e_+JD zk`gI^T|xfcg;x43`FBhB`&>wq#s_w5`FB-xjDivJ?+*>sGR+K6LNUY$4sDEifI|Zb z;G*^a0a);nOKz-z2d#l^tjvKS7+fWhx39j#(4UR8u<(xB9uREBPdMSRa^u?&ZB3uO zfbtk9Pomt|)dW}f%Z-SOeNb{kZp`41fCXBVmm9MYV&g(|liUbXG?H=iuff>n zHfqRCZ{yBYq(90{FF`$rqm!g*Qzq#LEJm9sSYnaqX}GiJcf}qT-+DlEymB+|AOJz! z`~?258FF~U2PjW1hEqoZyvobX9Z;fLhf2%Mo$(HLU{d(f7X==DATnBVb3U5`$u<|_ z!L27p$LHq%kkY2g&D8hc;?J~20iH_s)+3$TLfH!n=Pi9Ai33}jfLZ~tTUwwS4NQ;m zx`eh_gArg`${8t$l$KlCfK(w5Om2Rf#{%U{<>p%WzysAG!~ZAez5%gxmc6GN)*CvW zWqM=e)=1>@92>WfbknuwqNet)J1*Magt4NhTWO%SYrkGqx1&SW1Ixz7+;m3+372 zwk+l>L&dG|dFT>kTdzGg$1>yPwiZBKlzQ~bZO_wO=G)K<4bf48+}6fKBsYHe2ro2w zPn6rzQJaIIbKA7}F3T_0GM+Mwx&&DNPXMAzZ0^Ho)9qY87qFd$Xd(g3Vkyze-T|p3 zf?V5M@HfQd=J_{~{MhU3&|idaj_utdHlXd9ctPs{-bP7W*N)oVLAf1N z2yW7Ysc3FbhndO>El9BvOUoTqbw_eX3YXxsr;}RR-!P0$goznqS%wRi%N;GyP7|OV zZ618_JV(}ckcx6gt;Eu}?uSs?(E$cQjk-7u_2iChqav!GX38C?F+}&$_DAV6!SUO! z%gblk`(Fmx2~SGLz(s>!r{R5Pqll$Q?&M(s<(-~SmBd1v&(7zfV1mRc-uWipc#-#r z?Y;d#)-Er1zGsx9qOp_SM{iCLKL)qzLybBmoG;Gnu0%X|^0Xm-R~bB`aGTFAp;06} zm<$Z9Tyj@aF4HG>kqkgo__aRg_eT~f^scw{yMf_WmbaGN)m77GVA(E|$p$`P-96>b zD5G8(;Kr^DZ!P+parAcX3l->OJB<)8(x}ZRjeX+KZY?ua^!9(f?PN7 z0J|}ZVQG3&yJ<)Sd)rOHQ(rS2UjAa_M~~e74o45j-Aq<+=i#ao`wGL}N>Hht0w@wC#xo>d`wOHrGRoYZWcCqTEx~C}%~XAQ)nO^5h;~qU7z9N^?M{7k;(=kVOA;l0ObA{`t5>pKlOhc z^}`6zG_{=@J7~%Mwb2m}c0X~C!5ZQ?!<+D%Tkda+CoFP5&ptenSIKxoupfFn;Y*dR z4)iD=RwU54wGKTU1FH*z4tY>tdeOez+nkEjkvZBeC4s>P*6nG900dP=ny+t6b z!$#vKdb%dTU}EIKXg+|7$^-q;j%4>BD5CyU*tErmcBPoH@$w)ekjN=uXqE?`j)f?f z{}=6Y2bqXwuObGDGgObop4M&;dS)DyCoMJ5J17rQ4MoIIzC5UX131bDd*GE0le+g5 zJ6KJk8afMV86^)PMlkZ5JX8+NC~cfc!+|`HIHGuYs5%O;YX|Y6<~WSnZ425`Umk3Q z0zbgQL$6rzZaNwcCNh08OCId$K^#(^jWP@H8&0Z5m=$yK_Qh0JOlf%-ud%p*JWOb7 zupOqX3Q{u_Smp^WHSkH%xDlt8u3EO`WdbMKF|=PxuF{M3l+olWO3I*F1;a*2&Td87{~ z5G*dHkr2Pc$|KM$iHJvW&!tYk387qY6*zc6+m1HG1BO0Yj)7{K$PB|KL&tz+e#%?4 zgdF97+ITC*!C3Z!Jlcd*FI^se3q}zyJQN^O@@N~j(hkV|WIFZ*3Xs>ZRF^zP0|fZ? zxX1Xz2-e~~o=(Z@SRGE?pLd*Yz@m%Eo=0lPV~r?#Wy@n_BkMf|jMwt`vFcnnk^UG} z6G;3(Is4~$NXSKVyW?cttY?{t@>qculjSj82q_p|k;Tx{(|utQ#CprgOrku&yH7M7+T9YJhnJ>O9XRm@m(CDTREGt2-?ea|lRV+mU={azxLh^miH~t< zlMC6C^2AFqP?OvmD4x;dq1N? z2dt>SJX-?~=2fzVsWY+=fr|?YT=3A~96zVJuuPDVQ&uUyu)g`QB z1xp+KyVA{wkyg@b+y4K08-$0(D(SrvBGE+-= zwyx11XJ*9$=`{`8d1;DDL~PWuXD|zuF^dFtLxeG%fs2kq^I5&{S&(Rg2I< zw#BmD@;tA!0(Cs!iqnND(FJmPzOjyO^U3olyT;X@e~G^ad}4YNd@eRr zyHu=QuYfU;{{NO3Q!q&A=gOOru7Rg*{)aqei|MI+aJ(3ez7tK z3yOJqt`jpOU0L$t6KLy!cm)I7#i!X_Zf;J=+K-vavR|LE<)tiF1$psZq_R+yxJc6+ zI@;2Jdrcz%_$>sTEP1gyJ?iMDIex*3zxXMKgha~wW;c+xV4BhLQVohHS&$bl(dLE7 zCz{iCF{nfwqUJI1W+kh7O?l}x&W7jYQb#>xXbb8adqY2dO71-h5vXq4PIARmke7M` zP}C(ZeL`NCCol1~DaPk2%6-KLdmAY!BJ_-9R+5)%rhwxI<>e}z4w4;4KhL;_4F#q< zNnUQjum%W39wS>`db@f}#O%t;^~_2ZD>ukXpT~e8_~qp`Zk$B=1uiwBbe($Y6$}%a zL5PGFHn+-@lUIiyeheYNz#9we1+ODto7$b{4Ti=(f*`n7cDOQV>X?RoeO;bDr zgIw|&{ZB3wAduJ6u^xu4iwkubbaYMopR(k&57EN(-KdBU&o*U$H>%>Vy^eMA(1%-I zXVQtruIu1~8WTn$;omJvI-(((c;xlhc}{)uI;CD<{J%9hnUMz4(Iv`+fCBpE^^f&b zpeD57D8o4SqUj(pE_s8x9AJ6zSw<7wC_}ECCvQ-&Vc{v(iSf!CHB2Zx`F&Eu`{j-2O!yV^<#o7ENqufGLkjAAzP$DpK60n0XZqwd zdTK2I<~q^a4Xb&UyiS_y$;~B7+~7&_^re$coT-Pw!js{I#^rXT2jUMXTb4cZalX0J zn?Zs%-@+gi)h9enzRB`?nUa8kLPKevJ`UH5N8Wn(K})f(7aE)+ z-#+;y<*r+VeZ-a|Z_xOnfiV@g+UdCj!~aVlJW6^##FpFL9%9SwclC;p=ln67TulJ=0Jg--+h5=T z`*NF-2Sg^HmOS)eihffzCVR|$59jIUxZh7Y=Oale3Zn{x33Oj!XL5p-{-3b`c6zOiKa$>3Z_Av^bp^YuUL_(u#fcl5V5!vj+z}y&l zuNoKt$G!KE+=ar_4#cmY@$aNBcwX)??hP=wN34R*HjW-2fhra>oiE6+*ct>xcK%HnjT1Ju@ z@O}aei#|1g@&}zTSy>|dIOle&KY9wI+ERR?5>x;|Jj6AW-!7#@*?3fq1$ht`=|dJb zc#`eI?+{3+Qx4JWvfmwr&*=3*@i~8PPzll&mPl11qNn(jAZ_txu_mw<)0L=cp&C(^ z678c9<&&=jDXi%eYf{mFX!$D~r3l5OJ@&44rZ-O6%)7?#|Im_J^!szHRlmL^i3TX9 zvRjkfAay_>au(mi{OFBRc31Yv@yaXvWkkIoBsSHj?C$V-fM+QiCD5?8jKC2sUj2=p z+~M0Uvt}I?DvJ)IpqwzwSKwqk7%23(9w-QozED-9?a+RELq`J8ZB$T2O-OKisiLk3 z!nFzls)!{>%|cbg+mk#2VhHRgIMYMhBZO5ISLGstgRgs|!~WuGD%8_xhXiyL{vze^ zI5S%n6&Mww01P|ZKy?GZvKx32l$q{V#WfM*s^b@xO%2+cmg$2VP}#&pAktjTLPue2 zQ+)kC*E770WqDKy@n6edszh^rST6pl4N>$A0UVy*%zCoDDtQ9(XoQKWk_Z{dyGvQv zcFIF%S0y}tuzO+2-BihQPl6lICm6YW*Q(3CS;yJ;Bp;(oCpo*X53hS{! zFQZ$GS)c|yYt+Z3B1(Kt)hb8fLQF*U2ju-~l-V=n{jwYeHrD&p2Vi+pb_yP%a(Ndc zj8>Z}aCQH*GAWQx ze4h^p9c9FX_$t?o!4J=H+tWecjRZBQc?^J_8B~KB<1MTh|D^;kmeJ4<+WZpaDmBQ@ ziLp$205?Bh;lu!(WHsn@UeK1V2KA<-)mshf&UP7ygF_KOH3%X!wZwEWkwT%^&C?G# zzlIv@F_NRrfErW-rD-8)sew#V24W1Rb2=&?Mg9=UrUplh1AuYpFp>$Z%Mg?;aSbQK zr3M#r2|3yJz-LKkrnIpV9#KOQKxcr?YVa2kwH=iX+-~tJicZF^6X~Bt~8=l$3s?u5wZBP{wa8L~; zZu9v4^}y-ZMh$IVrL~LrHk1Uw>W9)3$WKD0UF>#@8XBM}4U*emG|K=XI;)}oG1~C# z49z#;;{>d5OdJ<}bi+65L$;*Lbrv+mt(-^z-rWFZS8}hjVJFxL;+vNUib<0|sd6af;&x>SY+?iv&>qu-*x&^5UduBfq`Jh$hDUUyk~ky9vXYh5SxA70 zECs?u9vS|lAMzw#RnDs%5gL|qx|By-;H@lYp%P19O!!IOFO%L|IfcL^l6QxizAMw$ z-JVX)E$+9(-k<0IDMZP9;%QLH0Goi!W1m7jm3#uD#N(hjF-B)pdQw9&jRq+4uLi$p z)F=&7Df>}8DagzhFs1;v5jKdz;{#tZt5jF&HBHEX2sM=ISOpf)ETvvS|0pTTJAdri zl%~asTKEu+TuN~guq`XqPfs+E@z+P}bO+wzKeQM|`j1$3HLN^ZMEmkm;gCW?&Zb)A z7V2}hp2(wy)|MKk1y6_#!zg$n+-~f<_(|-g?_P{8uyfBCcFWojzplOqt+gfO zv46WmYI~dG)H7O^fxxy;n**DQ`EPPQE5QHFvzVYMiqiSw2<<;bx1YAW(P{+u8d$AH z5D3H>fFwqZc-@P07EmKd^j&@!%vRBtdz_mGK?#^RLQ|MX`&c!ikX8; zLK`$I8UyILuhiuiV0CI_0TBjYe8w)&{z5bCgFX6n=x}OOIgOzutJ|2Bs;Nym zSv~NzSiw=n0&P-2=r*Q?>Lef-v%2v8Q$;{LCp!M zQ7DzH1#LCzS^SPGO9Q^38bvUA$Pne{yd~h5;qAeZ2a4yVb?j-~_yy5lV54OvzM)TTRKm?h8 zsA~t*wAZ0;OZ+d5>$>tP@|Dz>$MtkIN!dY#Q_Oq?zlPV>(!YXEaj|YAQH^;DA$g<` zV|XbaR5+men9h9H4?{4V4tb|y9tGOsTM1^l@@i}>zSj3Xiec8gXuEvwSuxoSKkr6Cs8D-39XD~$skP=eGQvZnx9zSNWmQiYU1lI++G*dRCXd1 zY(&szt8pK3?%4vRvk(kX4~xQ7-D*-Zbm)Oo5Aw>S7xB`Q!)Gy}6k3S6&@>}+p5(&= zZ)W4ZPJ$B>DvO%LK4Y@eQuC2Jk)Il#MG_L4gAg%y$*}IQL7;WAn*1m&5cz5{?*h{X zlJTtwQ`kfGBrG+V9zM6fPhP5;Om;`3tBvb4F@vva{ePn#_{EdwOAX|x$&^1meIVea zilxt?#T_y-``k-f1o*_P_k@~KMyn*4L1Q%~r5>c)EHx#Oog+)H$f*bKOlTjjONtsi zIM-_Mnws(=yfawSlvgQ$1;bOJ+R(t$Sxsrz;58~WQ@TGmpt#gTR8dp>MrS0Ks3~=f z#_$%Y$+eASisX~}0>EJOlV1bu(BWiSdax^#c?P^X^CVqOpSLgZOAa8 zgFdTtW%X4jW~~+m)mOAeU?Xz^etSuEbQAg;SE-b>N55cN<4{a- zk|_k^r6L&MZ{>hMooRLW8EE}9O@&D7QQJxX=vLF3fF3~W&r{R19R_JhLOYfP3>N$j z2s`b8^+!$1=D6rUOxAKM+~;Z<>nwo8O#}I6Ivu#w*CfbZ-pY*0>}tfbHNkIM9`*H8 zJWAc|;nY>^Wy$(oTfQp{k0nltkv#e*U&No#pR^;0aZg)jl=?bbA5`^qFZ68sY-Ct- z2&1g}I>?&UpwVAHPnS^|9^T+XPPY2`1GHg+jruwbPq-2YN+A~d4b(XlWq{?~ZD2dz zGddtwTz!*dl#K<>Osn9*Rfqmmd|wKJyqS5Ec^aCCd_%WC0J(t*gt$hwUF4uLO|(7# zbE|S~HN6akbZ~*`2^c`{aCqulI3D5qZyH^?g#W4od=oP$1%#$0S&f^k=`RuM0I})h z+Aw>Uq~gb7Ty}sYG|Q-@rf1***fl+sJ^E13FLdGqG_m*SFq}zHRoz8SKbP=;HqD47 z&7$c;&Co^${NK&*7_Dos(R6R%gN^s987}~&jB-#jT1Ez6MX-lQ6`Id9Q!_|r7=0`j z_r%*n6ktMYI#KqTLAjS`cCrR`vE)|y_+YrIno*8(fc?v-ra#*SQPJe8(_e4g90>+K zHN*D|RJwdMJ*9GOqWSb}1GNgU?k3s?f;qH>{TLY~el_Duh;Rrj%?qfRi9ii%3DdPo zPt{~bJ{MGgl0vW zg3_|IJ*WqMv@h198u<&2o%Tw&fRS9v@`7UTdu}s9&3Xq=^7c&C689_yBk@WQHS2x! zk23Up9aOV=;9njHmY^)fpQ4KmvWLu_h=8T$koZ(yV3%0szz1+-Kqtr;GDE`*D^452!iGw08v+ zZhr70j7`mAu9nwVfRMaGHTxY1LdZU_*OKIkAyqKr5K5L2t6KqPtMO|Js z??JS~d@xwkUP$9g=+w(rg-YsMsI-h41nK!Up5yris)U;66^dx+-BRB^fV=vZ1`Zw( zkf6Hi+X@x*X_)r~s{F#5@+~P2ClTa#zQR9=Q{g48$cKJHZbB6FUQtoa`^b3D3(EEF z+eTfKnpWR_PUh5C&3BQV7Ajp0z@351H}4V+#14i_>3Kvl|9h(WT5$kRPxp&)L>qe@ zsf!3RNXlLazZ)0|;5a`(#OH~g-;2P~q%%&r+D>UrVIAepju$zg{O}{kdtSBMbnj7MG9*#PqU(8)PidGGC~t| z1pqU6i#UQ+#i|7jqhc)F6%6BzTF{#9Sg|I&<4KTxF`W)(d&1+K^MZ&1gpU%`0zWJ| zG}A2jgn<&d;gyeIL+sNCW3`Hk+T%I2oV?Kv({K_}Z9TD-)xxsa5e>hE)wnkSwUGEl zOTSvk57*@LZI@FneR1!_SwV^*=)*A0Y_<*V;r#NZUZzk8FO zTv)@-GKEPiXWv)igU`N!!^efX)%VqP319X7L;er^371lHJKzY`00JQ+R8%aB{affa zT2}xM{4S35LNnF(@PE481=(p?_DISzb_kP>jIs!K_F&p#G>?JU^gdGA)FLbrmU&F; zdn(636SXKpi0z3_5*jxj=Y}t$;{`v4r&a>7z?`GiqE4D~>TOx{t^snNuNJkSY974Z zfdd=|jBrP|j?G#_ZAokIive^%F~3kP(o6}a!^K|y7VxKDZ^`eL(c7Y#_hOxS9z4xF zrqgXGc`R4=b}{X21U9>DJJSIqnd(R+z!GA_7_*J&|Rod02GVJR*MSIgSThTREQmFG53M$ z<6I49dZGMH@}CN>#PAGTK39av3$%(i&B&(tN&DM@ACkm(oarEeeKLKWEgc zReU#SeDHz&bvrY*r&{{n2e^ZYg(+n!6&L!AEzEkj#A2PBGyWtvYvrUQp<3}NV~8_vz0FPsz)I#; zKfa)6Tr#~3+^zO_vYe2t>56$&{n&|)R#5yOU!lc^-Do#y;VGt_+lP|b$wXiRh6O)e zsUQ4>Y9&uSd~<(4#Rf|#%oVL~6=4-#wXzXd1g5f*HXu4=?V*oYR*YKN6hbHBQ`O2E z_(2O)h&#cjQ$ICC6M?8xToj~M_R`P%J{`?GIelS?v&Xgv1no^xCYa2sH~u8JfXbh0{uouQ0!GF6g|H0*_sb+Y19)athw&F@pIb)|D4qCJGJ^>b-x z68f{y6@@{= zNAwr}<41O=DOHoT^sH%z@?gd%qDtn7c(o*#G>lrun$OUQ3-*Imt+5B?0sYm_5iI1a zD{A84AOK4(%?90}-TcQ#jhCWP`d6(nV(WSUw55%Wnl$z;dC!AdB1rR6%TUqRgH2mX z&C8RKK@PCyHS7f_^4f|tMfdHk*4F0&`{B3ZG0lyqpBBr>n8g^1qM9?U>%fO#=vb^# zySBZa+K0Wq3x2h4zD;-{L%_0lwS*P^J=s;chFX`)4|=I})JG#O-*x?UAK~9Sx*thb z>prSoo16HPSs5;Xe6`Mp1E7h;I>zx}Bfh3crbqwjbv$5??7@{Vu(AOomEfZ$OxLNl-omu6@SE8^=$2i zRNStL1H!~SS0P_4Z{Mni(H+Q1Uh({qHd<&02#V)jbuQ-{P4vA()XW22-XC&rOZ89}Oous~<*zSscc1 zC(8kA<-l2IKMUK z#F79Bt3BLC@BuK}tZV}qsR(vv)dwsOo8hdfqam3vl-K?|XH6Rjab_Nvyp^A;Gs|#R z(gy4cAh}H_(^tUO*W@0^&X5sP&^xAcu zwVm*xqG*Kz>K4PA5@$p;bJjjryRNPjBWru20WQl|NE2Y*>|pBcoVC58ni0I$wu4bk znPk?oBognIJ(IBvrS^09Yma}EM0%a_KF)R4)#t0mE9{`7BI_sat1GNy&dMbjklHALRLf=e| zbZb3SNBgDcSvIf7CBUUc8pp(O1bAE5f zkD>v)>l<@PL`+Hy-fJD|S8&;OHmQr?fN=i0T zfdIjcYz#;gqu~5t+#w4g*5In?I|t&t#3trX6$gn)?1`OBGtSvSUq~`J8<>ztAigiHA_`MD{4g0*2%!h(Dafhrc@M1M* zL#i2v6q(LOl`l5vY;0jb4VD3G@P?P!9QmWNoQ>7-=!GjI0DL2%LofKZGkUPsl|_*? z>~~FPQxZ$81)WXQyn2%JbNh&5>Qjs7#KOhS+0-1bk<%nI8QZX^6<`ow#X6f>!-dWO z`?Tp<(g&!RExR#yV+tS&UnNISWOPYG+oi?rg42&m zf;eaEBgAAlM(ksfv-Jt2hy%24CHIKsY^{kNJvqR6_E)%NUNPZ8&S`Brbqb?C*DKX@ zw&p2t;CRxqGXfaH?`*5krZcPv=zL%$*!Xju zt<>O|FdB>RX#xo^>4;oeg)7SIqN;ev+4dUpWWgu|ll2;9u1eCv3C^}2{1L$-4sxLv zB%qgVEi^yvpqnacHAz1gc{D-_@Y)V9yf7oH^!O*G@gf{6kG$G^pJQZ+u6Xd zOAkU@Frzdw5_!&sXL#HxeVq;6F*Ss-5GieYfzMFtq+<e06n71!=bno6Y&biK1Md5k z?Np*Dy4k0EmWRG(p=4@vc6=0}%R8Uqzd6oM z-Y4+#>CR4G7j;9IfbTWMqF#DTyt9iLP;iN6QX?W(P-Uffx?Q#S5VDs)$_4(NVJ1~_ zcD3Sd2C>~$AFLJ;+pa3?(~pF_3)J@x8GSJ)GqNnx+4TW?2{^kb^&7b%E0SAvM`Jbs z?sj%TY$om61+*N&kh_5yKyaAUiHgl#k0w<@_GV{SY)riF2|z?}cE5IP+|S)sRImO)2}BQ^zki>+&L6KB*x{h_hvGmAY`BDzthD2Y%e+Qh zqVq>23=}-!AD?1=0QED-KI{z-sc)2P;OsZ!5Mr9)>}S4zJ+zS!y^WX}`)4@&$rVIl zHT0iw_A6ZkmH&;L{dLMU@L)0fJ7PQ!k`ty{%er&WQ!Vh~2rVl1t&|ABd7K0EwZp>p ze}?|ZFP>xrTHwVq>+z0RDz5k-mJ+!RGKu!suDfLCPTaEAZKNSv|g-bFc%PMBw!yW)4J0_U$Yp znS<$EClY(NKp)n&+7V(~);VN?#wsTi=O7P(nY~9*60#6~2+rtG9ZnX(Ys8kgL{%JA zr$H#4-#OF>h9hjxp*H-1qL-o7cMd&?+8Ic};T+5cw$Ov(CPl2H1^k-lc1RhYF!4jQ z0YU>}&8~+lz7tr?>l{uZcFQOz9Hf#NyHE$?WxdEtd>-o@1_{=^$h-#|++k#;fp#<$ zEFReidliq1wMBOTDU zHxz=ex!6dsD?tz?pyAi|{@Z~g*=XTOMb=g4NIo8+YKPjG9q~2+y&Or$+nAL6taPL( zfmV40S^6#a?f9m1^id8B?0J;Va9-R1pq`T)3cYxoqi{K-GVQyPd)$yd#I;YKgRI)agH?5D$v>e2vrT9>^{(D9s<-DNV|i%Z>8Q!9BCR^ zp5dH$k;_U+K>|rY=!w_(e@G_7(0>6pGPK?C;{Ug$4bq##g*qpQexi_;h3HJI3bN%_ zq-k5;#2>4;F-9C@cfq`W=iy+(yv|9^2$cOKK@L}Rbj^t1mgJo50l`fPJ13z&1#w6F zvd+m5;QwaiYEaX%<41r2R3ItA( z4Oom0RCS`_T;%mU<`B4Zex zMb40&jBkJ;|Hf{3oYU0(=mBB9#U5#(K8-TrL^G%B;|13g-axd5-(sB8O^NA1=uSV4 zH$V$SpKI^mv{>hK7cGXq)u(%L!jS?!NW9~m%wxHc4CgdrF9{l_dN7wtwsR85hwyNc zFbj(ewxNw#?DFDy#TV%8v}I|PJA1BK2b=TvYF(0^Z%dg8J@b4THu^{n-9Q2 zOQC>6k6KgbOc&_%czMrIT^N;$Tn9YMZiyfo{!w#dm zH#a~JTLQGZoC6vs*0sK%G-MS~?~X4`=bZ9FgmUKG1AGH^_-i2KXy+Wx3n&KHthNJ{ zK2q1Frt)N+b5Fv7($_DYc75k8ox-u3=P(+g3L>EGfJS1aKw8c@h+;_72s~)r31CR; zBB4mwkdsa4d=+eu9; zoj>d1qLDXn{vWB z9-(4lCg5AQN6^q~FKK}W;id6L39C5qR0zI5xSiViV~58AeR%Ic`uM~s!CDT9~6efk`9r5 zFrABv3PPQZD3*|O@p&|aVLT+J5Ss45hQ#eMoQq1eM^^>sA}K(Gl6akquSQVu#R2FR z*&*QN?-0w1q2$lSuiemrkWf17;(wj-##+`YLd>F_OUyqB_`XCHFaV@@Ni>@+{m3-p zol8i6N`@N1d5N47C8kTg@erL4Z#ka6b%&u>V&8q(FrCXtAqKT1vycRx%N5bq3*STF z@8fY)0w9r=*DDaoWJEcapCW4-utsr8SYM2D`56N|2AumY6aV=@zaz=klAOyxGPEUM zX7v@Q5AuXnkMkU-)JWW$E0p>H$yXBbui{r5XqP5T%#UF50zM; zN1#MndFNW?s5m6&%L4CoH4P9$ar+uILQzOb4hRi7*QiH^<6pqKLN*$J-`YVmet9|_ zU9F&%V`RydrnqX+!5qH=0Ox8)^yE=?^=nE{MG9@_N(Ic1-CrdVhe9Ve7#{s1-q|Yi zPvM4odf9T$bz)zl&b?)gn3~S@XUmq;O(MVRPjGueg)<1a)R#zY$Z@G|3QNSKyxxCPQr3aQ5~svf_n1La4NtFQZj@L2ci zFi3Ql$0*y#`76MfOib7LOI4Kt0^6U7{q4Bf9&acNiSHg`H&O6S|LeoDjSSv0=O!!{h9@^a2ahVQ ziloZ9Nk`u(B>Yqa;3k=C)FpFnw&tigxr}gdZc=mL=?8~JEV!?8vp3W8;IcV7v7e=ct^~qMTdrF@6NN&ySQR^29Ft8-9aHDS^(}U3=B7}WaLr!n=iwK z)Hht{%kK9)N-w3m4-zVIN_QVo<3KjJ+ZIoH=v*3FS&J0$o7a)g@QTDQ7{fu120ZX9 zYF7x8cx^g&`(p~8^giH9?oxSz7GfiP2C?!u=WYk2?Pe^?--(bDh#>Fw=1(l-==|Lf zk3J|?a8ma4*9ik>l^SUIKrRb?Ie(|}ffU_z{)VW>bNZV-kfBBjO11XCRR|@{r&J;nK_rBrQ z;Ovf_`iGXFsQ$S$-sD+3$TV1AD3V_M9QnL^+$0!6)gIhK~^A@R z$ZPyU(9Z!U>~roV<4F(6FQPeczw8u+74E%)Z(?(Dv;8S)d?CNU>_E&A-rJA=f9rGf z5=mW!CZi8yE&x!oNYWO(1CU3*`}m3B|#2UQ+brq_Xq!{MHZfwe17n6uS@gTqHsie6j{3C)3? zRIb5&%sEk2D`*Rz`#^oIWs)9{A{r@7v55!YiAOr8j0|ZN&|kZs^G6DIHN`m?jZHNB zApYfGZDP)J=Z|MFHE%L93M0Xjl7YYe7+6b&%iuj=YJL|?n73DkDR(j<%K@S>F-Yk* z0W=bc0U*Cn0V~5zd8_+MdbMcY?BpP}DBK>;NMjnz^ylVXu7PihM?MGl78$1EOAm-) z%BnTB4?MYwM^oT9Mlxq@_y{9gmlUH1rbiY=tN^mGDn6rsjx4N?Cr>}@>q(7MT0%pK zg1|zu-AE{t6_kYpUJpc?kWlGqV2EuY3lo?~Ei)LBVcPTc6j@jv;N(NVcQAx+no@Mi zm0=ad8^8;obliZg70nR;bWCb3FiSp*dyW>k=Mn#M43{YmanaV5S4auy}rH){pF z-pGr1WO2m$CySf01w;*N%9CI>#A5n`ieDcxj3imi3WRjZmBlng;4sJaXD`dMjp!<} zxF_-o8o>-%9H9V6t}*9zul|TE?jMb$koNb;gMp`R| zH(TS=w4@|4rwRJKLIFo0unT{`3UDA~{sEu8pe-~~vZOZ`401A$_9%gBh-k1c0e}DD z3E!!RKkDd8N%2W8WobNL!GN+@o$j3b)YFiqjrjx4sg#NcV?Zx4y*#hgUa)qiET#Tk zS*F9Num{$0!slk~CbE?Ehj4DCuK>4FhLxp{;3Ff5ddu2lvb0a_CO%x%l2jUz)3anL z1J?jt{tQ_{d0$OMCB7`4ypNg zMGk4xycNn)Vz}3}Bp52>;AZ5A19C7`?Vd~&W0Zrl3Anh9gBhM+rl(NJDEiAGowZlW z>G^U{wDwqeJzJKP(H|)b3Q^ckYf%BXx}6|<{tX;YCFzU%+4LD#%C|eF|#@&QEYa!LZ*464TKG;K&^@N(zQFaKV2vzvb z&}vD?mrxV_Fw&vq4Skn5N_Z9PNZ74aG>R0Di8pK1kxonYik)zjC>oLuMNzdQg=0SF zH|sw`whZZ{{I|;H(&<>E4m>rala8brdLL^dgSo5;iD->oh?g>sy0U?kA8b_*y&q4Xoa10`}F#KV7F zMWS>YL##4VgVMzY!3E(kd?nySN`ccZj6t}ObbGKTfT2sNTOm|9Y@*R^rL~1For*%n zPuWLf-~t#%mZtdl!c#AL#Y3XE9A1IWfLU^QH4Fq4GCUCrK|%>s)s({{Il=)=!!b5k zhEN_BBl^nWwfQZg9;BOsfF`&ENSB@^UPQWr+cq_;l^os!EfJ+B-8k(rC}^eISxW@> zBW5d=n@6+L5i@cGF&1hk70<54Ls{X+igAqba>P5_>})w=AYS+ipyC1+&Q|FibdqBP$877)J!?*c`SfQZR9AjUa-^dhyLFy zMzk{G%F9t1%8)8Yy+uwwBVBBW>cO2muIi^rQR+ULp3eviMwF>cB1ZYSrZ!jmCCNq#{B?aV5vp;1)vA%95iW z;^KmG4EY4T?=8hTC@ItWvOZK4atv3GoH%mKTYLxw4=cKhfPY;tTHW2KRzr?aTv)Cg zLj@SHxY$G4Qni%~tPU8ga;9@12HhV!csua)jiig8lo@x!` zxHxL4}KclJ~*NKzNlH(v#F+lG7uKz7VRRqIU zjZ5aopg#eePzyP(ay4N4pd338AYr7W$#Kx8f!!|L>DQVx2_GpyRgv&X@-*RbFW{_; zMl|(Qcvp_E(WHq&DC6s*%!q=M@ekto;ewbe$CEt)={ZC%Ozh$Na{MC|-u1w>PmU+* z1Miw4N;zkHV;SHXu^TxhlH>$KVHbg@C9G*J1P9$7-94u)?*#c=kif}TTbi&h{aeFsS3vICMr*y+-q-ep(k1! zvE}7N)Ea;zs+@#ZktGdP;_hs<8CxGPJU%%Ic- zMyvygEh8tr1i?!k%Ouu=2I{vIf-?*Nfjnh0ngTjE8(|oSl4SH zr`y1jCet>&_qstnDPE7gIx_hhLTop= zD`A0X9-(Nuocto=`}@hsjhIOg5Io5nTb>Nkq&Jv%M@}MWd-~)DLl=8v4dIh5;oK*uJkF^j*@1B0Axg*p$SE)4fuq}VUeF$U zOiU$O6jR8fW0r=TLj9M*s8gu^(hIhenb_Qt%=6S3E?OzD8{I&NrG`-PsYAg0ffSjt37_sKmC)snT7+I|V!0VZ=1)vZwr*>p!k${{^ zUc~GJS~FE81OZFbll_jr&j}lHS^|3T!m|jR`ZVxSush}Y#ke|bCBY{|)-sJ67P4^D zp1=btM=~FRwINZp0^KmfBg^O&D$8lg<_8gdQVqNmrKkm2Lrx1;s7!%=S{`>UPfk;c zffRp!p7pD`exo#k6iO^4R+eAZp)4P=zinxBdPjcQD6z7xZu^(jF)$3HEFW046#rw7fkVLv1N9p45tdW4d8xAGl=e*if$gXP2sZlo<&@Xq z8L!r(G_hdEr*+`w=WK<%YHmr7tlJ}}x4@JU1x7h(IvHRC2AsphcBel7Z*Qhk@-?Bg zmD3gWhiPO}zeq}rGIDw@Qfi@ljVhVY zRu^d^UCto!@nmEJRtF;t*bDge%9$$rnG!%mmYgw=EqSYEme+v!^Tb&0h`5EcB)}$s z=b2P{>mlUTm@Wjxzvg(VG?X)8$s!S$ z`3dn1T{zQGw64}QfX-o#R7u^JDKa#n{3 zb1_R*rw3O)OZiLC-PxW^1vc)W_)yMzmS1tySrPd=tIv^K{93#eIk&xXw%Y%Y{bgrP z`3}h(mKGytSEP9APm#0hsX2lznyt3J;0SfQ_JmaKBDw9^uSe!Fn<_Y6F%#~}hW&4U3j9}k znBHn~&La@cuwQc;bKe4T4*7D}0k)`1|5rOqsOZ!?22jKtdLePFIrM?!){3*q_*vC} z-^JYce?M>NUOAWCGwy0&qc9nBOZQH8BGP#wIQm-qtF$+wl z@elj6C#al!e*_}EM#*_~xTgU*j~ZXNklNG08hY*DDj4xq#3 zJO2%J1i99lPt3T1a(-{ECpohDk7^YRAaB2%{}LOd1?|H26t}ka;f@Z*ff8a3xq#Fc zYhR#9Z|F$X$PcDm08R+t5|j(tvqgb@>IphwkEm_d=qwk!4LvH(VL@dwH~6{}*{fXf zce99B#*1>n`!zZv0j^x|F|}3LHm$5y+)U1_jhHqhX^^w}<23t!_yz?$(C&P@EF@jV5ig*`L~LP5FkL%i@HgcXnfg|neS zMY%9XE6Zv%5<&5}1p&G61&$A6U1<0FxQ81bh(M!He$Ct;yi{L5ijzYU5aQ>%sH964o3@eun%8%z_3FLNWX!yu6hI{jdDy5oOa#k>7M?`;fK1B4=?0qZ_9l zMKg43%5Q=S3 zF2sjLq=Ur=yk_?va?t~H#0|I`z_5@m#kt^9YA z4Qr)>;UczFx`8FROc5K9-^LQ{K#Kg9R7vIIl;0{Tq+f2(Le*=q#HZ_UA_p2_Eb9`B zKx0>Y@>_EL#mR4x)`aKwZHO3*Q*LRQ{!qC2*&Fg?5@JM>Ln;q1a*+F7~%w$ejn|cWr49 z&XwP(k{BWD+hlZr$%&ToyO;0*3aZQR^6$gW37myqf5 z>t)Kz?-8eoxm&-IU?42FxTReD9Du+FMatqJj~m=OhDM@;mZ*#-7xmIULY`Q;q?XnQ z799C?S*>C;_`|OUXccID`2OKCDFao%O-6%KXUk2E- zfKIObhN2`K3A6e@XCuGwh>3U${74>QOKL>!qAaLK{_r*$K>_?Hs4DNDSN`xmozeSB z75-1{5dCwZguvmQq}k;hPv1TRT4h-0AI7tF>|MhbBbQb~Pi7DoXlZS9Mc5MylF>>W zcnPh<&oAIF&dwv3KFvMD?O94~5GBT?JUydt=vqCrxtT=-vXo4ZqI&|Hi4hk8D;n}g z{Kakf`yqCD8VFRkHlcj8DSuRscTleUSe=-Z>hK>Kegqi#u>tU;N`ZvevGT{Zu;D|~ zC4Z!T%n0^^3|3G6_^Jla|V$)&GFY&}c+(TW9cx}f|qo|r5z zD3`{d3kE_%U|tHT7=$!KE~P#eg*OX|5xas?C#BV*JfmKfP&E{{d=&ujRb|kxWB~1i z?vTk}rWo)lq=L49vmg6t^^o2|{`52iL6wzAE_{fq$Pkl>A;nA@L^eW0bgj@!_3__(~^7@;)>U)jQN#VxNw5+Uu zNjB_%C>~pPi43fZm3{R^eYq?-D~sx*Wtrej)D@J=(s*IPwJuYB<9?8*WwcJ3xj4sV z?{jSUV}jm&-H-F#2f5d<7eR_L<=3&ze*sB@bDy@pbmE`OE%Bi{?~+;XZA(7(j~&{#Zbq{9gd2bjcV0FPCp} z;Wt9ue@=<6*C2R!#8;3G&@)!MvMQGigW5`>A(-BRe{)yxn@_H6z;)szR}!dw&}`#p z0m%VnIf&W*qKN^w!IUfC#RHCXr62zykyS=Ou1v*alu9rK0QwCvO+In;KCcudS26W8 zpk@_mEd<~Byb<=obi;^~h~!s%>ni#sVr9E{&|RiGTo>Jk5~E{mTK9WRb2 z<8upnaFfc))#N;RN$^oOiOAKKNTDWIw@X6f0=cROWu9Q*Xdb$?e}bo|DOW29EAWTJ z9?~Q+op{7v`7~^;a-$0|ds+mt?tU|jc*YI0i&KjyI9qj9GjWI7M4)R0x z@YHypNR+Ez(7M5aME>>|1sYUxmj4@|AsRVZu6on}6VX?$>`2J!BY%rUa$Ga707upr zAi@b}k<|{#l@+)TLAf%KYfZ_Ps}$dX0A{)BHN1+3;R3WbJt)H5DQj*VQmDx_5nWeU z`uT3wXPB~$TxU=ru8E)kagc;B{KG)Q8!y+q3*BDiw#YTy3^0Eq$tmMR66Km~Z@fwU z&suP5_zC-3Rjy4!`T$&sH63GM`RFUx5NDu}J4}L4qhlm4#JJzK#9#Db$hAuO9gu5Z zRK4G=Mecm<>lgw{Tic1>CT9;2OJBwZC4xl1bVPl_^vbmn&uYeK$aVKm;JX3%-QGdB zjFRz{^g0dXIy#N&p=&K7<297)TGeTwbXM!0Lf<}SE>Ny=t>n7ST0`o;*2S7$q$YzS zTZUZQNB4NBXbm(6Khd5L{vIC}EAIGie7nJMC3;05CN6pXNtX$bP#o@RHP1E(3 zt>yYwxY3?eSfIdv6+I_cd`x^&9!%D<0?;-D)XU$x04`9;K>k`*%OC)(f3zi3Wd(BG z`&z36Olxg@t!fO>AF61eIFJx5j`V$F@u zQj~@sY2zatBWPJvBbJO{9RN(QyxiE2QXXuK8&QbWV|S%%yQQ4=23 zkUKW!;0bYR_kGAK%8j3Byp@LheKgzxM7X#Q5`(g~JTrj5U%f%1y5*;*9Ou z^j3rd9O+2@5xvPxd3f-qAh^818qoT^U~VQp_oM`20`zEQ zca3S02pfIPM; z_6tro2VcjPx2(>(FIH}?spwxojOY5t7>#S{@wbJrb_> zz>aBhC;6W!SYT4Jk-_v}SE|czS3@g-00hYRG>GqfkA|@T*sh(-m*7>EcI3`vdS8ulA<6;Ja{QCwV0$XLuT~Dd24U`ficXfvS z1gqUeCtO%2`paF9;|YbmRffb;+A z0W`tcCCNShC};t5<(>g}fx6!W;WBd1XN-@`&6az}Xn1fge(@V!2gPpMThYdldz<4S zI)KPUE=}&`-H(Fr2x9MpR*?!|+XYrlx2*a&EF8X9?xh0Kqa29$QVR%lr2_VeuFi4~ zj+1oScObFHSaaS6mDmR<*|VumWK6Hz$M7?5-##9t4}q{KO=vBuWBO{yeU&1-rrgIW z&9KKIa!~GT4&Gc(w{}3r_lRSikr_koQxacDEG1)urNqd6*~nLc{oMB{UXZrhZYMpy zqWl8}7t`?fwPw<^f@q2-<-RUHBr*-jKdQ!8q>!?=FO&#m*Y;9ngzLC3o-L7iDlZ?- zZu`hHD_3y&M`Jw3<|CRhHM2HXMhF;vi&jm zOws%ON$iW84Sz-Px!hAndo>;iVOQ1mPw7hC{l|malNB+!y%n@F$j%^lW-;4pK<;{( z}DDGnI7!j!B606bPxqscnA&^AdkBEDw7WB@fi$ z0}KuaBI#JKQC(>dX>UZAl~DRAQRF~79yInZ9BznT?-*G+5DpJM zim!bs5!c0o4!9uCBl9?Z`bn|VQQbDzVjKSx#}d-CggOm%tqHRcnd z1W{8S?hyksb(%cf6(e~4tb;5MEAfDSm?`pbE0$#p$-}8yO~Un|+MHalKptvHG>vrq zFi0Hg0$_*VJbaWkb;KPNyAThOB#*Sk&4a9VyE}G6d_xZqMZu2H;N(H;pgp6C5gjj& z(7@zX<@e+fr3eX$p&6JqrdUHBdD;hX2*@Mp(NLpj$)mvIOko^KvrrwEd}9WBK1zau z_8xhZ#zutV%A>ql$T}O6N6BZh)YPxNu=yn$(ohOn9z_{%V#%ZQJVOj!n7E+$`{y(f zBVz2r9&q=wTq?_~dm%dG%pi{*yCgBYG=cZ`IsUsp`c}l zFkbljgW8MOMeQYdyfPlp^f>VdJc`EWYt5UBL2P9&$>usnz-;Q1$J-MaSejKH|IZ*b z9nO$OcnK2f;de$p0u<=kc^n*_vTGerp_2(BpA7ABdHkW~&5zLa-tsjj|@bbqLY@~-z;i0Pe6Qv@;w+vP+Vf7Sk)1|S`%I) zxmFSAn9>5%h^i`2Hij<)K<6ZD?L<7PC%pmo1M{mbPj-r`O6&2-cmMOrNze-G$zvUG zdPv+SkNC6{ij9Y&JNu1@I_-E(?IpVSpNP^PCvSD|9j$&W`}b?Ly-?@FN3;g{^b@&S z4OGaJ2RcT>WCsV&1L`3CS@NI~SknBND2F2t@>)ZL%Cio!d|~*TUi#a~^3+GnK^Q9B z`zF!_i=s!d+g3^K|MvWJ#P3#2tj(>Q+Ccq%0e`V3L!NGe2M?%BraaC4GINy2jww&K zK?g=&x;$NvP2mc&SaD!SLv-&Q{3bfEOL`iy73Jv<@0$frbE-r?VmQffcrU`pn~FO; z>*5jZ4ZXQMQ?Y4No~t~=OF#sV3)o4XsiQYXs6I69r~AcLG{9`-$}_maWVS4aEQb9{ zM;%_FXWr#Y;L8=1ri%Yg=Lw$Su0KqMH6|p32>6mluY6+dA23r!7W6d_0(?ap|bg`g4e$CEcbv+e8~Rk4R$lQ z+xKpcrxCM4^YLkFD*zg&D-(oMQxUf)Pm|33zp~r<-k<1(NIFyJGip~vei8PQ@-=0s_svs!1 z$N~Viv_6*S2T;NY$#WSXJIo;;0P8d1ZMma91(8>AmDYEK#zlC+?wst8yYxP;!nq3A zw+C<+{!C;i3E=JaKMppfGiH3M|Jz{jbHybR2zz;D%=i$w$s-gD3rjx6_7r~glG&<_ zyx>(NQvUfd7Jyy7fCdq~Cg#4$Ud-6U3j{oK*@q@jvsq0gzE3sar4(Mx*dmCNc=)_6Pq?4aDsVl#~ z63KusuXKofy%m!}%~4#<$l+g!*u6;yO?d_E1gx~#@`@j=qrjFhyTrdw;1lbMxA^x^ zJu0QIR>03lK?o`RDn($R?BQ7v8)U4!${Yp}|IDlKQ8j#h(x|Ml_EEPgepN6#5m?id zS9@a;;0}PCjh)Ncb98snWd{&ihaktwgI0 zWFy2va2m$%%{lJO2RVoRk08WeUS|R-gu^jzPF`19DCEBZ!Ym!p+-%%hUa!btcl-nj z9+~Cm=-)^#C|Z*NcK{Tgv)+-{`g0r&%J^J)y-nlR42HPYmDna%Ui#bvZ~|~#si#$p zgEVseO?+ky$dgx}VzQ}pd8NA-I&i@8wN%CqD?Rfb~YU)V4(qG|Us@F4=CM3nps z`Vf=;-hZ`a`sgfq;|<>S6f|Zu0nJW-kyY@Z6h(pj>t#N&Sgbe&K^;ksC=6Sdatv>j zyjc!EV!v)y!N2fCu&#a_0loxzvz8b43w_;GDTPrL3F&eT<63uqeL%xzVV)j&^F2H$ z5%MODXV_730GtPu`Vip_d9wg7edHZ+u>}#2x*j(_hYcL7yT$Q&>BGa5K#F$qO4<7n zCm*xv2~#gGZ#{vPc|*(*ByT-P(u9A>hsPmaI0vSZJZ5A(_aHtKOQEkpML0s7LdLh~ zT?yZ_tU@=#h>DfBKH-%FXLw8TB$==!&*oMXu7NXyDQ}aWgJqaY%_JrnC2uqHffqXm zAJ^MWXu}DL6~y%dV24duigEPf!L7`MvhudF#RTMSf(nvN0kY+7UJ6|35udVJ#)Y;- zC1c=NXNWVc4BXB;Nd%gJyaQDl+HL3jF>su`Q{Bsuo}j!#?Vkq;Btl|ZCVmxPQvF^s zCEjaihd-2eVo-L2M)^MScAtc@%8+-vVA_B!1lint4l+&g zv>LkbiE{F83d9kwKj1G24LTEy7lD!{^3FS)X*}-N-E=mh@Bgh1I{Z zzJPyelerxmg#@VBxb_T13`wL{1_B5KqXiZs<}I>TRM_0DiHE3s zSmgj{)(9$h#l0u_7r6!D)7CJuv0nL)2PbM`=JFpR9oUSpJ=U@`{_cTy$3IEb=w!;j zX|ZHLZl3)6GmeM^YCzvo^zUb#pN=)Ih|uo(F(d0R6#vA{rYo3X1dK?)72VMUIu(G#e)2WqNJ}IpafRZS!2WYr zU6GH>BzmqZ7!aoC;9a6?c`;c%-xaM4pMmn0*y`(4PK!(B+09NqtFbKFzR0TS~=IMswKwgDX!It9p||g(S@0o8!Q?LA<7g#bVV=4%iBdHfN0l_rYMk~ z>)JrR(0*VyFh-nfCo)S>wrhQYwd(QM4&+w@3i+01b0O_F}01*<9I5%9zNByW9 zu7wv&(r8_(W>jnK+PSpv;C(&V*&$biOFC(d8Vx?E8}7j2ue;$VsQQ{C_@jT$j9 zDytAxELyh~KTwPn|Byop7xn;`?S?5J102Gi@ZSP^7|Dx;jJNn-*eu+_Dxfi#abYdK z2;~(baaV_KZee}p`DxE)Q9?9)*)4pcLpNwV-NLSTVRB*HALn35kB9QfycK6&<)0wJ ziQK|$_J(aL%;T`!=qR_afDt%ZZecp!v1WK)&>Bn{WDWiZ2*52;Mg-W=kdV;Is@P#Ft%V-}V^MTgSEv|?My}&I_0*{De3|h;SFn^kw>(aaVJ}b94-!1x_ zoj{~;i>qt>fd1X0_g_I6QwrwAxj-%txy6J#z+bV_4iyX#m$GrX_7<;Jvu1e0+n8PP zPtA>T54k0JP2}yyrj&rSP_SdIFNnBCJ>`}plzWJqQ__&WQi#SmkW3(k5UA_NsPZj_ z@ZpVeOH|l-sED}@fX%gdx8yZs90m8AjgNcd9gMzi33ZVkKU|+w{%@<8nd`A|uUpFa zS}eRYhVut)wN5cg6u-r~r4>K`d{nQe=eea#@s>q_gVxYgOrqFPN-Ip1oarGC&XuWP(0s3E8x?5yCu!F zr+C_^43!YA=eQ-QEMk`K7Jtlpg1cYR5f5ItM5X&(1j_=!=A~OdlRArUKGuOJ2L;do zCBW{Z=O}m3hbA(;z@X+*u%)sTT4#$F&-y7Av$EDb2++O=w~Q!va9zMOpp@G=7{)}# zmAZo~@k$~{${kz-vqtr|JRHlfWMRUS>w;giR#h=PiSFPJ$eD%Q!9CCldtrU|P-H{P zyMqIsM6lVp?%JFh$X@oM12iJ#Zl{=)NvapCr zgn>iNjOZkHNPCzWU}tlOJddV4J~1yFzuE$#lIM5cd+f8<9g@vc&Txk)ffY*^NC<02 zyF&)DOF!DgxI@dBhzRKe`Y?nSk}iWGE3CNJ4LCu?;JQQGPJ+L{!UN68L=$MA2KNF71m{LX2>9jgeQg(Pq^;q>@}8G$}JBi zAyC71iiY-b!kyStnJm+A@*mjD;UD5_J+Pg1AP>^pp=3^~Aq)}Yj))_uppy}0R8w}I zK3;rb%;g7VJ0EGE;d_c;1CkP z(;(xTcp^dX=Z<&~o%;0tu2b_(6o6#?S9efTt#=jRx55{-m%V`Wa8B#i$no!f;n(U^ z(vw}_r*etlY3zm+WCCtcJ62cBbcgk)LqE8;wlEXnri@?}4(|X~;c*K==Ai+~5O-l# zGA@AGGTo6X>ru!;d^^tg&)WElH5%?HaKAjVQ40AYPye4#fPy)J3d!e=Vh|dT@Tf-E z6tXt>B*q)`q3$RZh7G0=Uzc%5 z^^HQ>67;EH1Z8S&H^besN|h4sHfLvFCG3TfZl!kZ;*kt_5AROX8#Q%DtNe3h9lE=t z+cg3^n(K~kRU2ywgbN>nElx-V^@YRj&6reoba$;gL_l}+2e8a3zHBsA#Sm$SSMbyn z(eCIEV^V#%9iy89zyTej6~hC78x3TuN&!dGJD8fN=#GiSCp_TMRdD^WVPhzEL(lqE zI@W!ZRz}RrbjQ&5+5kH+hKLDn?RIGg&grK-J*kX4hJ**@h>$z{C2(EBrYTx%>O!h9 zHj!EjkeRU+_$4s(EGpi_9oQB1KZ!rBWqyn$?jWeu=Z@`6KrL{`wnl43*xj*|2N)Xc zjs>Q|k|4x2a>sm@M9qmiwi-weAZ%=)bWqicHvq$R^0S4DkiZ31gx z2;^JfVl5r|MT!mJ zM^AGx8{HblkPap{|KL?hQQ-W@L99l@*{2;|Yz>79FR3VnZ|b zvhD*U@ps2l{f@E5cVcG9+N?G|fB7=*NaP3drIF;xBC9Sw$xPY>&Aru$ibL zu0rla;$nILi`AL<)Vdq1m#gSbWCSqnG&VfvvF$56Be$0xf zBmd5!{yaRpF#@ODiKKV{`X#LWivjWT7;dILti2u`>rT4wffl}{LbXp2`Gf08bSISo zxO-FbGe9*bJ%I7CkM5)f_?2$S2o=Jy7RG_;DH%V|Tjg|E<8C`1yUg zXi|hfbteH2Q9Fb39&wuRxs!TUc{~Q!Zvu)p#{h#(Y*Vfx*evY9^D)?kzV5`25ZVQ+ z0Gcpl+(RPiPGE&^hL*V#VaGR2G6WOf!7f6l9AOV8_U0Tj(P5BFfuc^_<}nnVLVAXF z)~G&Mp*=)-Wt&|lPpr%A|nz^Cm0{iRsl#G6jaA(Riw)GV~I>w#C z+XZE@jau`SE8G8SW{a2HDX&+qtiFFH8U_A9q+OLQK<|a~ecPSVv&Bmu@V4%h*1YBL zdKo^@j1sloDFqrl&C*>YEJls6pgWoTEdk&r<&Img;ZJzo(?)|vt_u7|i>YleI)c%m z+d%o-s9IVZP;}~9LyvZ+ zDaCho$el)OkS7Rl%OhTXzPKX)jsvdKZ}C!CFjZ6hcnc-v+-XmvF-DyBr0P9@iNv_m zx_BTqXSvfjL9%|wP+AKR3PE7n`-uM}d7YL^6v0eZ)!b1|ts`|5>M!fswTk!LPA=~}3 zJ3c_L&uOK4{|QW+_b-a30PiUG%g;eCl>yrQk~&#Hz;psA0;@-RZGpLxb*g zm^@YdKb$eX;;`Gha2vmX|hjq=#j6;ChymrHU>f&Gu_!ru%(0`)^c3&1Myt(_YDzL z=+4QHV7NI{#X$XOYF*sfy(+Z=5>3f-=k$P}4X(qT^D%?=kk>lA={Y$1ibYh77hmlH zK-k`j%eaLMl%_lP8O|H_ZHmZqpCV9XxO2M!I~&;ncdlYZ0@-;&dGU&=R6if^f&^{$ z;|U9nap$qryjK<2aOW`vst1e_?{J(uFF^y_o$k*46tBHV6A7@HKruor;AK{aI`3&b zfS1a4=XK%JK#0D_-^Z`v&E%URZOHKf6}j_>2I&k}{2e9P!@MQdB4w!N-p?<`If0bS zC;e5bVV^snX(%aL&xg7lzPr$SET9@T{8JnZy6C^0JHI;v1q$5x&)|EdJDEo}iy5?#|CJDtV~MSfEnxhr~|eS_?UIxD{F(cR_6V z=04Jl`7P+LobE0l8xC(Mh>i;=>qR3yxbmYABj3PBXNk8lEz@1_9vT9pE}-y;%woxa zhp{AJ;@f(WHio-EA=y6Ao_s~T2W2os`tUHgGlQheEvt1&f?Ttph1Mn!7;A28xOu}N zJO__GB8r%KjVX|1x(lFMrLq+T;cvQIlZXmLiY0_w@TDNegQMHDl0)P(UlDQ|#=4S>GYy7F%AxUwiLc1i^(o zcU-nBbv=5byRbgU2={a03jjhd7#E!9LPel(1PeQ&EfRaDWc%~r(rJC~~X?#vIhT5;e-7QU+|!WYS%^*BmklWxsUG7zi+^Z)?Rec+1H{kiTeYRtUJ z$ykLuiwEL^_76om+}XSvo*dxm-I-t^faYS{ulwNv<*`!5`KL)1(ZKzNdC&CF*(9vV znn6BaLG3ry*{`3-(*343o};pmxgaY$%R1K(ZNzS>HzF-L5U}evBz4f$+FLTQnfM8P zLo3NEq*4IDgJr6Mu6YzVBA@d7A$TrQr;jKkXgqhT`@J2aB{jTJ?xH4?;0oMD_4pAi zreELJCq=u9TEgAH%mzceh;vY-prAe{=eVf577bn}5X6Ea3U)=3+yNmCa|t2% zRhivOLXk4FbQDmUz0pCWgH-8NdhfjpzMs!r_`UyJHg~gApLu$TE5Vo$(Ei_Bb9#sq zkiQ~4-UJHC$;yzwQf&(4`8zc1Mhtu_HA^3||9TapgeNotio;kjauzGC0hVX+AW-fH z=8Q}9hs2L@a#lU!rc60Y+hGO_NV1n}o6zpsq*<4UA?(Fnk=9Pm>Ve}W_R%Q-h^(Dc zEP`TBsEP6HwU3h=%#Pz2jL0tpH|2?vvlD>qJ&1i9Iw{@i^roC$+e72OoUPq;h_*kJ zvzvB8g;BaEOJo(m&uMZN30G7~QUIJ`zBo$J#u-}Hgs3z-19%JsXGI-MP5kmC#uh(t z=h2l{&M|q*QZUOo2fZwB9L*m zm_`~}G`9@y;2nxY=RfBNL!n46CFkbzVy4Ntbi`ptybn+@rtmh;^F|gj2adBSBZasT zpPWa}15Ew5>gWVzHP8YRlk;B0gD)wicWRcLM=P_Hl`gIkS2^eCA8gMLS-y&LUbe0` zD(6vg=Ve(6W-DtcXTNBCNSoEX{=SMtqjOpsWs#so&WkZic>!f}UpC?qEhoVz0Np0Z zd99e%zb{VWLvYL9UdRz3=XJ#_ar?y&?J#WN;Tlw^sJ8&k&Sjrf=Sev~HKMbapQU*> zdu#`u%u<{c*Wi&0B7SvpK?1+f9*3>v{M93+HdhQg+zM~kIT99 zsTmb57j(gIz^*Vk=iBqO%K^;?3*L&tP0N%Ev=s)#-5&8VUJ}1kwh?z=c(mj~!oL~1 zn1$8Ig$Y;`c3~lr62#;UojAsCAhr=;SV$`x5RqI+?F)kOwc!5^c{j173q}5glm#K~ zuGZmO1Bof^qtrrbs9D$pIsmL`VJ2>-cIlK*%tvrvsEEjdqWz6NG2lcSzqV7bb zA-ML5I&x9qk(ZJDST1O2v?lAm$e<5!j$Dw%dZ(#!VGX9A$dn7)V&ieFasjcs2g&Hf zmKQmveMI8U>5}kRk$({Tl0yBVNdUJ0J32Qx8$Y64^am3Rm;tAV#;(GXJMXpGPGsTn=djtATcMw# zdyiU)mF1FD>^K*QT;Ny_7dQ?J@``btIGAXR_70dzP=>hyZ&W$Cv=UyR*O^>eqL_p% zr3waAU?~+vn(y}*P2`fC#LB23k|UQs6jjdaL0vkjvkUl8_X;fYOs(!2&YI1(qL%*H z`=m=t^EscSOu3Xe57{5Uj6}(0J`$3Q@P1vjZ|vKg8iJm%putZ)U8tD%i7ZQ5Vvv}qXgjefO?H`*;`Eclp~it0-S?PJXroRMA3UdMZ{c6Y2rtXjmN)) zXS%A(Wobr5gqg~vA$AV4l3Y&Q046b0E+=Nf5iX}?#-9&kL}rp0SC8FHBSSClwa0wL z_d)8qmv`qL5yeu{U;YkuE+z<4&(caE2{$v`+rDx+WpgkF@T5LYSQp<_dj9F&JJ^$*5i(&1=aOUGM;+xZ*itgmiJR7H9M?IaU1b zl`Hya01wF(efdphuk+-U@snS!fbWN8^-Yy488C=Cfl1l7Nm}f453!FzUJ`LVm!Fp( ziM-^IE8Ftzlq|Wj6{nIUrXYUJEGp`3Hh)5{e4pPDK3mF_NzIW0HaiLY?@DMafW?6Y zpO!1LjFv<=D{0vQ30z6_hCd~UDjJz`C6CtEw|72_qbIo|;Uk%*KT59BaeRSeS{F0{ z+K~vWwCWWeFP*vNsu%Dkm4nlC0Z`Nf<+8EJRa`%|b5&pdg$jq>u}T`;CCpkUCEkydK5TwNNe2q zOH>4u|5sD6wjRJQg7WPOa+TkBI)>dsXe&!p(Zy(jx>It+TShISzvb18s->`BOJ1X< zHYopkp7bV9E~$vZ$ljDRm=Kre(8nS}{^d8K=#H~8fs$umxuPBx29mUdRw6%{9VlSd zypDgcFMmCZzo@sJos+*uYv^}pQ~R_QcahSWy`36)>`Js;+Xs3kifC)|@r@Z21)z#Z zI@FHKM-#cOEV~TKb(Qf~V>z-BYd@#TJw>i#zy{!FIzYj+w=q?bTt~8JB37D`kv*En z8|kTgaZdsK_2$5IfwG&xXp%+(v8OXqw9EDMJ=Q+)xj{YND~BA=iwm%t4Immm82rhDP-bwJ?2Okbysg?|g=??b|xk9&?i$ zHCcgGRV?Qb-gyikdLK8kSAVZuR^yW!8{r?bKZfNH!iNVuJRb z7x7JaaB}4GM#+tRd1*s(V;{Y@;`h4f-6>?1IdT7SJc}ju`T1=#ytft7okwn}t()py z+w_RGGfExjA91g{lg{=9|EJ*F^eV?r26o>>tnTkigcJ(f22Jn3ll2!{pTp-VjZe?l z#-nq`<4vp}H&OW;=~Qltki&rdo9w4AReKx!9gAlTB(>z>)xE zQsw6Ic!E7qNDaybohig@=EY+#_SxQ$5-@y%+`_Oq__oT;pF_5Q-aX(rD52ol`3{U| za!W&EaR9~-#caJ_ZfR-)@6htHr7gPCsTWSRj5GVl&2Jcw6ZLE%gvmSz$Q5-{=POm*sqv%a-(8}J_6Q5!~ zq1C>d4h@mq#`}+gy7XJx$}5RXU+}$_+juavqdHUJBW>BgRzyY|xvg0K+e)ogcyJ;K z)Oz@n#>#D-Nt}4t@p4-?E0&p#lIdC1mttq#)Dg(@hFO#9Qw^IA=X@Wi&OzV-` zX?Mc@qFo)it-nzdNfYFD)boQJbd@}{J?U8@y6w#)Kw=;4O?GZ?7g7jvU)z~;TN|9V z)BXxV80-~9Aj^w#drhNG3;=I?HxjOXa_f5##{jl+Yj4`-u$|lDaRk8kTPY8LQs&6* zPZ5Wak=&Yt0ZmkKCT2aBhz|!|iX=T?s&=#|BbYCDXhSpcOtjqb5)K>mWe3p{LcDZ= zE_+v0gbj$3J3gddC@ER)$Rn*!4`v8NnW9iVInxuxnk7r_B<=?rA$Qi`1F#$*R_?5e z9Yg+vRJjv72?-kFh4@h;%jI41(@_#&wDiiIj9lhz+NqWMfOX)jXt@*j#iFz4PB@;E z{O#A*PdD z_M(ejZ8Xz@x$b(7lOom;*STL}4JC|%%P}w^xa~q{6kbvrPUkxu3NPrUm(~^Y|v!o7VKyG3A57jbJ#bF`#Zv;tOAE;i- zeiOf9%>CeI!STZg6x#bR`WNe;VAnj*{S3deU>(}u0N*g=Cp@bx(CZ-N_s6b|;F<=x zh}ZDR{jZ`auFQU3D^GSZ6#J0Aq7e4tFCq7T41{9_w&M;GX(h=0d48}9L3uz&AYhrB zctG}GWN-G!1HAYe9?HrCF{C5`d7v)f7#oiZ_Div*p|U*Clo>r!B@8NB8F+w(25%M< ziwvi~o!AClnO7dj#MBs?+RG?yh*Y_!$vf{D+DTsi^QKX~3>e%4uNjr&fFk#Pz?!WY za@Pw+X`ctBDdq0oMhUuj!LkU?lw`T{69WeR6uF;O2T;~r9>{^w6m0Y!__HBMRqjU& z7MxMBuY_70+Mb6nt0>5yh)>3UkK(`R-bluyg{HmP_}8D+Gdq|Rup=1-k35O@^!6WO z)QJ~JFGU`zgLcdYnG$qvlBmE?Q_#C`9>Qng?ePW!jDe=Mye}6JXQ=KH%wT~fXdXP&9k)%qf}wtigDLSN?7&|i zKm_O2`||_nBA>*V^An)oZ-PxZ@g^qO1h?+@H;ww0VU|4%Q@h_A$_MBB%O?hmh`r>= zCou{NLM3ISqD(RIuU!DWyT`tmhG%DJBcwi*r!?ddkKIb*w__foH_|D}J{ryw<*7Ev zS;&ev^3)r2LqZ6ty$&8o)^&!kfHkNh;llvm>uh<74g~%PlO|6wz{>}(@Bu-2ieAYe zji-q6VOFy*qU3UnJ>?}1IV};Nx3oTL7=({Ghb@c3Y51dnr?L5$Ek%G1xHNpyBD6H5XQ6e2U5UyP*U6c7_F&(zX-j(|Kv zySKjIQ=cPmf26DBDI?FoTnAVBOnIh5>E; z&#X$H$J29KLEQ#2^eT~ zi&%NS4#{>;=vI;kYi4{pE4l$mNXFEb4DY#mEa(ykWBoM)u%6+V+H1qLRFj8l|t> zh5lF&f(Qq)$Vzw$RGVITu`E{&i20q&uHHbz^s|C!KwhMV6nPt`Q*IN}YjUSAcHjVj z+bi*CAN~TBskpD`h}Ca!%`Xxc`#=Z@g~Z{`&(UULS$Q$y02JO*3TY{vB6I>bAQ~E- za3>P3OV!XZd{Df`OY%|z6GzZd{E{aTlr<@&l+Zd{zPpTQcQ^@X7WmX3S#;4 z3bP`xxx7NJ5HItZ$t&cEkYwlwr0@4Si{3`$lvqOcKwO8>-|PJMf*D&A_els6wv1hnE<5bH1F>t5?Cg3RZpbxV+k; z7x-~#2(DJ7N+

wy%5*Y08pUyJ0d|nZ278YQ>*a$%}O%d=~s0>#1H>UZpKAGV!Zg z1jH^}&Cx3Wp0TURt8FkwG$_ZF#WIFiEPnZO3ko{Wi>vQ~hWp@Il9Vl0 zw#QO0e?(Zk_Buf(|@d6}*SI4{^j0E_Zk9}_AU)4aX4n@i91}P*6$aSb!VH!*einZDe0G-I|Phl9YaT_f!05p%h{w&pi>1YrBgNiq( z&jVZXc&1S2p%^HNK>AC{>mO6z3jEzM@?I%d06Sw$l)EG|~wtmOrw2Ti7zzje+Zjf<`>WvU6I4#OsPvBJ_1PjO_H$v!>skG%y8d*X2nbUoHHOzT8k>;Md z9EaHJHhEtP*SD+lK?~PDdAkm8eX6`o?%oWFov+}{@Z>0~eq(tXmA<{v7&99&nK|+{ z7Z=G(9I)r;q#Sd)60hB+{~^RMfYep$&@h}|-u{HrQ$XIK{R>1WAQsWqwv#FY`>4j} zKkMfiZ3xwO$N{rCAyJbEF^uA%11q4hv=#i z1_z6G=MnT2orDYrNDCLRe@(#G0)dL4+E;qubFZJ12UDplCMWUpyWW`M2?}d^p7#mTyyN%D zpKGSqEAO{u-To{TK~1;3#cnI#L=3uDJ|IZkkX_#ehbS7up<+F~D_M2(rwQ|1qhc73?YhdkcMP$^eK+Py?Y5BBuMVEtKMZ z4VxkPAK7VyU50|~M?;v|^!iWrH9 z4SQUP{uLY3-BQ^^LOxjRQ>a>Qs_YuZ<31}RSqbVY;X#UIT~MfjS>5;$UWUgL23lU# z<1el3E|H^E_FL$KYg6_IdLVI-P=Njtl%3=Uy$>jd>j&ye(HF-ah`zn{3}Vxrjqm{w z@+gPFH`-k~RylQWWS;C$P&s6Yq2*ByJovW6?KLg%0CO0z$3Rc{26)w$Nkfg#5(FqhqxXCKq6wlsZ9(p_xhraA@u-a%bjaSRw z{wVD4s=!-($_2!P+%7Q!l81SoRz-kgNmT$Vx@9HhsDj4$22NgjxB_y-{>&Usd`oBG zhXcTtepT>35QD}Y1$#fk`J60vAuOc|`r=%mX$`1?9wy?jld#|d9p#lTCe+0ep*+TF zS3L|guL`ShchRanCjQc7=C)E0eup(Z4lCaA)`-Z($V1aO)vf|U!g@8{{wQ27Y7W?#pl7CvkOSs=fy3Ns)hDkpL%*OJT#-{kQY8(%g9&T? zoE*w(*ZZS0Tf1C3^XWu|d3e=entkBUrUrkEre0)44TwWjI*P3iqrGl3q#WA#nQk0s zJA{V-@j76yARAGfyc@cXCGn2i8dPQ54E%a@v zAsqIBT}ln%Vc;e4uRk)lMuD0+;(^j_He1U*MVoXq<7#6oCh<lo)xOJ67kxy-m;f9^J)nlQL|ga`k?A=199ykzM{rz5v%pp@@h+<8i7BOq z;VSB@H;jZ{U%g>{@uX2%IW;Ud2C5h2FjB)hL?$+jz~lkzrG}9iM(T*9obZ;uuvmvT zGr{BF9Uodz<<;YC10d4XaGr=il6q1N z*S>hLji}*zQkl6y5&j?EJggO$tUh6>5yW!v=*Yp!J!-^b1bq}sP$TN_`(R$^Y;}%x z5Ml)ylZ<0Fm)qgH$P4e|1)ReOJp%MZK&Z9V@LYrX9yQ__Ox8?QBeL)pr*Jk2@7do% zn_;PuwIh8U(u80{u|@*lx4`#!cO>~AZlpevk@Yw+a8+t#J3tA_N9F9OkZ2Z`kk_h0 zvaCQ#)Wb-tZf2-Ku|})v5aVyPHkww4s{MA?`luokP+#;i9;*Y64#mJ4mN$EfFrKqHqlpTT%^jogX{+`Akti)1E3tGX{jF3{i{oZ`o zOvFS@yj)6^`Ua?W`c7P{jn~4Hs_<)`k7B+JO%)VbY#ar?_9+F><+WBX;EK?%Q2ao# z+*!zd7l<&x=dYYc(UMoZCCe)}fshU^#I1k_gpwRWYCAQ!ax%8ASr6j2cCj7y?)L+u9y~ zNi_;FQQ(x7OKAxw?NVv-qvgq7 zqOasH?a3yIw-HCCM&*G9gD)IKu2^5gQ5qE^dqhagCbk#1v`D*!g0nODA?%kL{V=-q z1t~A8(PS==|2Am`BUuE&*7K5uR$%LMw9W?P)bH(G*z;C z)Y0AGXo9tk&ZLeaO)PvJ!<{1ry;*E;vD6q6Uf$X<93RI)y_HvuYWD3yhObl0G%%l97 z&B*TyUcoQoyIO3uH3bEK)L5P*d&uSAP^8ySP^$+!G4_4T$x03i6d}ZG-%^XLk9Qnb z4+Y>yY8>|-b^XLz=%v9K0)HtL8f|F24EbL)f4b`}$ij_x-bOBnx949^D4hlX2EWzOrmuwhvN`RrIZXbE<<~MkMmsxW}btM%*6Z_^O=;*c_inn zNn`+N)KHVC1OWc}?G=!!0@cEdj#ra)^$SdQa09*xA7nN8k?446RMlicK@?oj8DVHo zf%d`UTuVaXJ2m-jeS+c&r(+{;6s9v-%NPN%5N=2wu?!@M7t*IDf3BAuP*W%a7NdhH zaa0Z&Zd1ZbuQT5kJlDZCi|y|ft}r>0N<)LHLs$a@&$OYKxMNXtIoJZ@Pf)RZ^1 zbq)Qp5*E>|bDC@o1}&+kBw28o?yaWK+l@wq8`NOmk0nAWVRTks8*~j0smV{%<26-H zc_tc!FH=owPDV0WP5#gig=l(EO{rL>SKk5#s$=F>aj8&5;cjI17O2!JT zo;}qhsxIJdrlt@@dJz?wqrNVWM*y$i7@Dj`W`R|)6Y$QL?*N!vLd$s>!BN#315C%X z1J-YVseE12===yETh$^w^%kqUW9BEQz!aB?kH}Kr5cz5n^UZr40BHyfw6JHxS=AB? zd6mV1PvFk3rUJOR>(I5RsnPID^yzY$>YM-Zd;k>R^g{!mPAP${i&s<2Q-aS{-}K=4 zY2tf!Rx}5W6cM&~Ds?X0nyGq~EZgY_q&@eY2WM_MBcJoclvPt%ewSEcDiU#`&WxIx zkKr^oagJ(FvHMjsHcm~eiLqgZC|uXuu>H3GtVXR6-m#QX?aa7%HLabVzC8+KTK4GL z9xFjjdm#>`RI{?xv^RMIAvKL2O1yG+sFJex!=22lrqQoTFWj!8rZs2xBudlXw-P9a zPDdLP5hXUt8p0t#kiLlxglFd)U~cmob#Z63OowQ0HT@N=8XWF)Qbj8%pr(_k;v}bY zf*#cJQ`0qrl9iQNu(h;NqlP$6<=nBi$REsr0T&MU&}ANbo)~aON%8}|#7|n#`xW*x zw28<+VtfeDQ4zn}8>pifr_+(DLd{6ymB~X! zX{7`D0TWVdGSAc?w{pByq{ApRll339f?_6tQx}W{c$8K%KGu0H)JztEv_d`AOwc>f znxL5UGUxOs^>Lano%t@;gBasX=WZ8Ijizem6GmzHMW~rjWSdrgwwg)C)DKYyYj(oC ze9pMf`8rYMw=``*r=oQ?-?EZCjcN5hrym5rc&P=x#P_q`vLXJ_ET(>bS5eV%WoWb3`bH@4aI6 z5SIF`EJGAS>bsH%YS&y_DI=VrrX#qZ3QU9QyUJ)~nfYpFW{swCIP`BnZP@_#<7-s1DCZAeb45 zg*E+s`}U@q;#&yX@KRDUI$_<2utP3DZ1dO1;^YxWvWN%2Z%eR40d{IM#oeCx)Ijll zu@O#v&+D((K+OGpN1!oJ0Mze$eS0%SftK5bQX}qcZG%m~NtaVURN@1;Vf6zQ9^gN8 zJ^-9Tdj5tc9LfQBTk40l98VkaA5uTmFp#SwTYaC$1f7}chv$L!$Y$UxDvN;=?D_9v z?#>>H|`A7Ohpz3_lf5r692yM$mS*0si`Go#}J zVEajvoqQF^1CRy2@>V~#+st&q_Vf?g`u>MrPpm>1KOEYUv(!)ZuqjBBnw6n`s)eDw zy;8H&)lYx{tORq2Q$IEH#3E%uy84lZHblE;i#d<5r#;lI=_C4yWY?QaBJdOGt`{MJ z3}h&&e(J&0W?AZI;xrupkJJx)f*C;@zISjPUDgN=LFl8b`neq*kOd9}j@8etN$*mE z_w-tA3K7Tp;KLqFk76;q(Sw11rpCdS8Gv_;`dK6QY@|A5U1Oj6`G1iif9}CHx;BdX zImp?ez*a#0Od9UXVa+sW!T@%=o*FJ8$N*yQ9`y^6921NO)i1B=#woBBsb6^Ay?HQe zg@2`Sz;-|58`wql%LDrVE7&g$s^SdtMU=sh<<+mX`2f_05D@U^Nf}}z?|^f&H(&P} zRn)JK7?3zI8X*gG^4DkZgFiJHGYF_(!3e>g(pL+ZLV^1=!(lpM9PPsQfe+QMpA*-l zYkRHwm8a!LJq^luIw63S-IKwp@#=?e#zQ60|BoLSwW2ZJuP+-_;sEVGzrez;$jqaD zu7>b?@D#sPq!WLZ`VCoskeTNEBN)$_g47j$ds(an$@aJ02lC%|F;hV#=?L1 zvg$WevuZ>x=d4QHEmj}0jOJ?AL-m`n=UIvP)=J6WNP&5GPx#}gS;b8MTGD#)HAxj- z@u*n=4ir?gv;v5=xV%PZHS1}kIV!&4YhQ^{FyKKnnDsW?Ewq7I&FahRmYaP%jnlrw zuu$~nRkI`6@6_za*?BN9==*eT&|s}{)FDwtqiP{*pPEfBR5L-dKSWcwuTOi@=-`(f`V;-j7p97=9xj;_WSQgcYNeL0L0J4#iH7z{h1rRMPJ zn?ZY6D*%OXUyAHfl$sk0z~EfwmPUhOtR17k+Cx$qpyvD!2+hp2FSVd#H~KleW+P?_ z-7W>|f{K#l^Yty9%d4k5;=Q9oy_yRq0$U({As?vsaW4FHJ@9E(bE#4XGo2F@cZr_t ze^DgDujWb&-7;msKU>_1mCJ}9vKcRThzmP)R|HI=M{L^badjG>QcKBooE^vvEO^}ZQJU7oG;AL%IYCg=@YOfX#ENPmGr)rJ7QbtQ6kb=0{E_7h zdxY2M;8SL~s%lY1z4Kxdvm=X>RgsTFEn);FhQ0eDQQ4o`uur*sQCmVSRH~RqZ4}_Q-Y~Ki0Lg<*7)k7NY7E~kIxC-sJEdOYd@gg_7BL2n5Y)R(H|bd z_Aga|7_r?|)#3*6a2-XvmiWTMDx9bDBE3{oi=T-owHK2EgLMG;t!PHHS3p~Y{Oy#} zSUS40n)5i2N(mlX6{CMSq7%Q-IUY>nAC}Rv1QGbVzD96^RP$ak8ljY``lC($hf=VPkCn3AWKXde|M?thd0bDB~1PDov`Y6CaNW$TJXIKs-?`pPV8VyTsYIYl8RsUPjD)dDY@Ag#zGRwY1ag$tb## zu9kejQi&M8v{9LQhh;5&zrdVUK*a-r)|vJwQRwbs+03t2JVq>#u2wJ#5H?99 zxnUo-@nvMwS5V6VULl}XK(;l&(udEq@;Hs1)(WO5kV(8-hMZAQt)Q|OD&)1bafiie zEyMiO0Ue3;Bxw2!S85wl5d$B&!D$FbY;F%O3Lye^~;`?^7#j z^(FmV`L=E%hS5eW1X+6YidPwfrW^d911>z))XEQ8s|+0Z%J%fY?WSZ@@q(T1hgm3Tkx+_-f)3uGV>&IF}m@ab^V*(ybg(O09l5x`M@VRwwi1GEcYRyhc#2(Hp!* zKVYxcJmA0awMbB_ksTZ1R9NsD2piz{>}fr4K?S_C^_#J34gJ>vi)*NXpdr*g)*3Ct zn~|D1uIOY>Og+3j&0C_LT9d>}ld0Aq(w-N4O)qRFro85XYL4~B`l&UwF>o{_o;4XI z>LEY0T3yk2*aud6bxXdVqgFR1%Zu|_&0t)f4?zr5SoHztgy^*|NGQZ=O*F3X1j667 zjG&cR^;Z`0H!jg%shn^yE#wT%#E0@~gO1fU?16fDrj}1YoG<>gV4)h~V!Uz?u);(VQvRX%%cbu!(^RWq`V%?J_ z!f$eLmusoDA4iq3n0O{zt?NRgP>xzhRSl6WmS@>Ny+VunIwlnaF8~3j=tH$4n|Bl; z)atKtIE*UT_T`O%duoFOt?O>oip9CCecGsq%nE8%1tSq2`)a)hR(FI?t;{ywd{ayh za3Lp3V+1jm@MVA7iMMh61Ba9Kq(kKKXbKg!#_984^Td@?>(hAgKzcV=u}-^BbY#g{mnXMy8GW5PAijfvLD@_g`eg z-A#~3SZyTv!SUD=p0!HUP#Yhkr!-D$<5S>!5e7Lv6>aS=9>%A*PQY@;YuRrgs=bs@ z8$Tv(4XKUX3jLZEsUgAZ>K={M#urP}@IZ>(m@HdgokM5n7%gQDJ@hvZ@^Gi$0LYpDd@W9~^ z#s|oXn-QCBT1nYza|L{32F186Hb20aReNwZ%sYJKQ^;soYcsXEJ!P?cwOL!_f@(7z zqI{_-5hnCWwfQBZnaApzt~N8RGopCZW{Qn|ID#T$W_U;weCrfcHL(p_;(=38c`_&e z92G#fdPXK>sV#LlkAT_&JBGfv_PiFj-RGO5fj~u_=;-jUcdY0HwT1ET9@+r5XmNlW zWzYLG(hmmc7LDBqsx4XUFJC~wMF)q|y;e1~CD$lJweuFnlWY30g{%NtZ;e4~oe)PL z=M1R9vS;ywSOH1eqqery5brGg03{rp1zmhq)792eRyBGkZ0&~1zyP%^WlELNw#==q zxImPv#BUv;X7pqNdyFC2*!J7#(=JNHy~G*#)warb(9_sfmhgo`8`_%qXIo8@@V;sr zS!C2FM3vKn9~&)O+7preBX%3yR=fp&wdSU7puiN~ipUXk*Go^cXkdB-q{^#pp8%vH z1L$<*h|jWlS?merc*(Ytwn8y6rlPlU8@1gu%7YrJ?bUI`{J9YUZ5zEtu|M0AG%ay{ zc>|-01Eg+Z0@-o#8#PV9*wJdc)&!8X-=50W`D(k?2=rFlHNr-*uOHqtW6P-RSqx&# zaZrwyGX@{Fqb?r;MoA<5tlIis)${~hN+jQW2Wg7c`mS%n3nw{0U2ShzxeY2zsBK+Z z!hQkRO*NjR-EmW815A7`wc&B2JaRs$9pz)o_{{zaIUo?E9Z=ieg157m4##Sn#^8O` zMq2W)upQtt=yV?*O9Ul`1o0UTL&<2VoljzWxO@7-?0gy*#)H}!YA0bE--qlGxD{sM zDVop4@9*Ffx5cA&MzBsu?IhOmr)!60wUZ3E1$W^eAR1cXu~EP=*tSHqt0u{AzS{XJ zHWD-1na97WYFB0Ki6=KbUHsAxZ-`MG%o)R5g9%w`7qvie)yP)6-ocZOR}_;pf2LB= z$ll4O_Rb(TnOA;y3^zHXc6-=EcK%r{*89OK?}pKj!8B?Y-Nxuax{C%;oWZUwW>w=h?v5~uVi7fy&O8PWilyWSZ25vGrli`P0SM5Lx0_tK2ZjZ;n=F|2KC_)p z0AYJPki1XrsZJ0hXO^gT=f{*p*pJ#%*YwfNRh*_8LrkPq7kgV??P+Qx(wk|Ij{nY6 zdtN}F2;H!M!XU`5)`B$e>vuV+WsvGj?XC~(0Y+nAw}{1KUp6{5^N&)y<%Hir$q4mNLwu!uHixrp35G1E{&^fF z9mvuB(~jR{Bd0dENz8-B({l?j?p6P=zHaeV@u`1OVcgd*@czT+1q$hnbx@z#-rNtb z6rO5hRcxsCmqwjt?CO5jIRd}3?;)dXSq#`#?XOy~A@An?ruc%r9@6+`K@*H>PX+6a zDFUANcjolbETVn`!rf241wjGOni%cX{+32tV*CA6!GUMEQV(wy7QquCsz~P*K&z7K zKqV?+g6cpG{N-R*smaFxrPYCl4AihlQwI|91yfc9)BzeCk?x_lnAw6b=`*s_{?Co} z$b6;#d4Z;xBz2%IqWQ7?|MaK62|ZKr^yX(Hhuj>7fdb=s)WOKAuRMib&Q#=xyrKsm zK~uzP2h_oco#QNl(AGKSHI6+90&CKwb+9SVu&+9(tupkFJox`D0atos7<(j&ar@Q5 z&oClL%kdA;lNbSc$Wn*McjG&~%7a~v=qOD4kcS1Ug1Fp=Dv&oobmca1QKqV*Ei$=En`=ylyKIv^{AMEaq$RCP$xfRH#`8NGy&?D*y;Q@L*GiwI5tkx;k8qFYAQ6VkDJG*qQR`FiOc1D<0MwNcg;oF z3;!%?tbOWmZ#)1WW~#%G;tezDTsgdK-+u(b%<2dPO#qoav;)2qXV9m06#M5@M;QLd zdw7I=5EO-4zfw{ii9u{LcI8MNnhbO7B{VRI`6+n)(sO*=mWzSc6BzArTIDsa1~JKz zbUo1eS{6{-k!;`t+Q^R(2|ft?sm^y!7E42xI$9aOL6px|M{Dv4iHESBD0S2@5j_VU zOC5a}17Z$4H5Tx~#CY@>05Nvs2+6W9n32f^e85!))KTihfIA)W8P9Dk-AuwrScu&5 zD_a?#eHK1h1&Uq_Alvc-Tp&Obhj=hK&eJiiGI>s#1-eeTQP{$bJ?CG5aO^xB8n~(Sk z%{s?C{2@6zD840Tx4-Ym&!e#NdDQVnTt-ODB382R)c2IHs*X2{Fj6_{cs>5wOC6`d z-^c3SAqUXz^A+6w)GS*`9jDj_Y%0c=!Rr{evO4~8*-G>(Il(Vj1}R`KgSWij-c^Gm z6ugbk@SH44-N(zCF=f<=#+0~21rr*hf*zo>i8|394AIusp+62errW z&XPLlCcNnbtHTTGr1m%psgs%!4kCfqyi_dk4pqs{*alXKvg+h3dX)ink{+PgtU=Tc z*^^23!y{hBr`V9qz=D%GoF}UAs*?k_dX(!*1J1&~%{#n6nc?KyCBS;ZBy_SiLS;2M zJ7pl=07_eRGLtVO>$@`zHw@!|={QBY3ttg&umMIXx?Z}J$S-QIj+ev%$Aa>ms$yiu zL54*ty3UkgkH1hJ^@FhaD8YfOfa>roMtL7Nv?FckKG{} z0uUeRf^ob^E)`Ixx`IQCf_5mF+AC8XdYa-T^;c9dSIs)2uK$FkB#4eB#W0W5-=G!rDxMjxXi*dqRw_9hu1SzoNdj; zAJKkn6PohEonz!BVCY}~zZ6{vQt5XNzYvs(ht9QxmJae(wmMgr*ASBXiEi8znkCM4 zG?2nENuBGCFSL?=9`_Y@pt3sKKjMyZ4l*TeEa$Yik*3b&qd_G84mK2+cySJ!wS{d9 z?di7cLqvKWP6wRUPGokaK_Fh8e~I@pN1aFfi3wrB2O592no)%`7s;ZveqJDl4N1E{8eJ%hMnrAmWDB&qK{-I2c!QsF zlll483jieXD|u=WDGfEF9Xb+swbB*?s0*o)jr=nfZ7^exx&U(o;p)Nz1Dsfqk3c_l z5knyWTwO@vf#NpJOGX(;b+Ll!M<||iua^~D<;kZjX~$Yh0DSeAvupmcFbvoZ)J4F;T@ zO-YOnyk+`ItIID@*8*;GYAevc@Qi-6qFwGz1}^h>5(YY>rQ4sh9(rID4h-8ArLI_b z;P$A?^tZ#%KH~{>IRMKUS*gpf`M}>oX>lc*Cg2=(nS3!~k=5lqK4jAkA6(IO?&3Bb20Mv`wqUzWN`If4US)odrov{<9j5zG~@s`DvE`>HtoE7grB5UZ^& z<{7oifGIfh8e_LHKzXB76!6t$)bK^1zq(M9EMsqVwH$SO6L^sjuI(<+;39h4_7=(zRGoEo{*CFq7 zPdw`S%N#c)DJM%^@51lWLhDlSqf=B8Iz$o4Aa}bhzBx|Kv^e;GhN>Hy2Mnqkgg@GE zv7iKXJ)4Ssd|L{`c#xz{UGIEN;h$n{+yodEOW7xA91&ovFy`DQ9)AUO zqZ_jq;h1jF6voA=8$Ix(WnHnJDwBh6p*iO7RX2Iqm_MRAZ&LlKmt95O=;^OO#B~#? zx@oOJm?{q8kN>+pH`}spnz~8UZ=u*5^1R|Y-UKZBu5kV6+^=pj2MT9$GXvjnCVEeA zW=Hf%Hz|oAW)IX;xEj`u)W)mf>9uIBy@j(d%#WPa&A^yAKV)(OyWjEntEgM8$sBN9 zw;IuWOZ0Gy92oHP;2s>@1C!*f7yMPIZMj9_N#~kdsr+R?Qpka22n^Ta#@GoYZ^HIX z{e-jsu2^gAQMYRpU#Z&xT&rGUEq z1~4GC%<49MLpeuh32CfYkr?G|p>Dt9twyER?UJ~C+?d;K@c<>rZ94wwC7~iDu0^&& zZUEdlC_!#l=Com97e770Js6{@Kv4s(leh8?v19}!)E$aEX8t;TarW1xaCIk(Uxoh3 z=Pn*??v1aZ?poMC40?wOK-|PTIS{aP+^V`m+-nBx4dehtAZ=z8eF8TuSQPZ`)UXH`e5R9SVGcTX?% zF8zP83k+^~L)|gGEf^Gf_amcTJoe~TmQf8cRqAF#qY8zKe|@FO(g70+?F2t~?&}Z; ze7Kp=ZG%_KP}kq&#-*s6uS8aLH-z4inHjl#)OEt2)w8GA40l0PVE#Y-#XUOV`g_7= z4w2=ab^*w@4{Peb=mkPXIF<891ynFK_h|9<XF^%H7JrFe4Quj6GMG&>K9PSs<&Q9Q1(t$X2pE*bf zarg6zx4&SVpUU-hk67Lc>OKp@sZi2nLCgQ2yJ63LYf*}=QEYir}%+qj%8JF zMY+gjc10ClX7uR_q7YAR-;n+Di)M5USJX3r9Z{o{R}s{^hbz2Ino-B(iWj46V4?27 zK7`7i?!abHUn6gpE3|l^iya>+gV(~#AiH^7TfRKDCQ7?@ zc7!UpHt7kMQD2w(jSXiwbi#rdv!7z7P8 zs*dZ_M@3LG=sN95tMXlkzDW>2L$32Q2hXq%y~foX1oic}4uh}shF{fIkr*S-wYwS* zL;iA|my9}aTyULo@l~N{b?s&*M1{wO~Qag$>655 z-7tKhh$f2=Vu`I&WQfCCdn1s*4MVvUQK8sl5P#_v!>MyRhJ3VsH~e`q;1oPy001}% zZa5RZ+7vt8f;eP1Gc&`}kp8@cSX2scIy0c0@QPJ%Pw^Dqe9ik;UeATkt#) zVYXX9^%KIp-2&~QuOlV@sSKj%EUW_OX174s9|>Tvm)(NbA8QXUR<{soYcy-|BMtv2 z$=>64uUp9LueY_3_a50Mu^hLs2`DmMh_mgXFL73bspmch4W-8|*TH9` zxP_&Sm!lAyRH-J;GKKpi+PLtY#ADsjq&c6`}q)OU-zk*f{nxJA8zSbQ4% z-6A-?TJY<2i#RTdnB??!izwa0L+K1@@Zb6}VpMlf1C9w1z#Y^WPhjQ30W@$D_x&~&@9mMz>&QZ**gLdMwM&ftjDS*BR_*jUukX#1PQwev_2joQ3+(FIJ zk(uHS`i$tPuRG{v4vVlacMzFx4>GX1I!qjp79RE*uOGg32kQWkfIa>xcE~du4DO0o zW3U!LxmWixC>tE_hhj>0&}A$~KCzCrHb0FN@wIZOYG@GLE4VC&r>WWCG)66oof`Q0HI z40Q{-Ln!X*LBHaOq1!U<5V~scwhh63hZUh$x{K;rI2u}RagO3ew=myGDQ_mZML9-& z=*-+9?F|?lv)rMTjWUS2bCD7pnv>KMS{09+WGFqgC64HI(d!t+zMTxUr#o~&@z@x( zhC4Keh&DCL{lcJfGv6JW$^AffoU2b_JHo$HVd#vcKpP$zi|2wduR$H*e$iHM8$1sE zMq?MwA3(SP_lu6uGC)0qr{?(GM|X5QQ!D`CcfV-G2khKXa)DT@Si-3eDi{D>(;Y^Y zI;hN=YEj;T9_rufU`SrTYKOML+MmI_4#ydJ6|h|KfzhKBn34Z-j1~}f+%MiT8biV4 z4y!~)G#}9pSF}hzn-C#(kr^E{;XSKVf~#ZxdFsRZMaEj3h9B2Gjt|G-Nr>xYMK84C zRx2MrWFO0lUvcQ{BLjG69mXmgN% z4_T@3Zgo8SgY*T=adcpySWEFjU+)p6@qo=Afg`{G$SrfXq?uUW9f6!UkUnwxkGUfn zCc-{|h&gxI|4JoTI(x7?93G}oX2{iP4g4q?3ca2?oEsUHfut@FXu=b_^OoMui!8?H zj?mUG?7;}yyaH`?LS+Pj*7`V|aIwW7+pQU~u~I`Rok?0{ju zel@a(Ok*{7~8BiFMU;0Cq1k0=nu& zJaWfWXS@$+9z-z!6uY#mx_anZ=BgIJD&CaT09uok!||zHw&}-cPD%N~+1N&ZYCAe1 z%BA)X0OCG`hV%?|T}_T)Z?21$MQ%ItX>ioWoDm)ToyN&LAGZ(B2P$!#PrU0sNsceg zb>9a=r0KZZ7YF3++dDVgIYX1hB^qyw{(K9;#_lK%20nC3vSpTXM>Rm~FmB-}GQws+ z?BK1z>6LazwKS14FX)cql98SS+~cXIO>bEjML}Wp%CKj5LQ`itb*%b6jUxI(DyfW+ zJL+>jLS374q$f^N6o$|!ynjHXG(-t^bOVG=dsE2`jOHct(6eJ|Ei@9pQsXFQ=8@=* zeu-U!#Ek~K1C)tLh|5*HzDn-sCb~wCJNiwM*^oOL!Z36R?r5TPParA(Fl0YdENnvR zG=>HrZlF$eZ||egSkHJ2cN<{YE6W{23haj?6zvRCc@d6i%HuVn+%cfDCORKO+zC=P zrYk`aK|-lX>F$_!@nSR_gLOI<@g*4{d&Of9h8U}v(11IZNFRLd5XbJ z#s}P~vCa7a|Ie9qFv`x_P`x{Jk0c&T6zk-I(aX?%)3 zFL*4UJH8!S@Y0PZ-%V`fj(=76C3d8s8G7`)kiA%Q zmJ5kW#B7cs7B%3!C+G{n9rU{s9tBFr9!=1!fUc?$(Y#>2>Bu*AC=}s+WQPweWKO*uBuMSvX_hCvUsQ!T{tKJRziKn5dw&F`hmH^{gT=S z+`=zIoLn$~@M5fP5~21iwObCH_<&*Wyo~3g?O-o;zd{01eYRg|B1}DPocmQ16S8H# z`z4Y$Sx{zY<+)$++E^KV-LLdfWJ5#XennIjG4Bn^WWNK;aySVpYq^tfQ`s^02%|6v z5<4&nk`HWi&e&Jj{Kk`PK8rj;(aZr>RE#@`m!Fql(v$3(q6OZMcPBj^6$3);PI{F6 z^tH!7gLmw|Kf*TLD0T{{;!b*-yA*UMu@(UwRNP4wh>nxoNwgk$kFGr- zr8iAtC)4_=hZ0}rqg!V;g+vVNbtjYBXn3FeTx4SS+VA38!d!=2Fu579yVW!2WHY>X z4mvE$olF9YWs93|z$f?Nb*CV;227Zl?iBE~&}}nLq=`G}e@2yf%=W8}MjTYf?qnzv zD7Q>OHUx-`_LmGwuyrkRv9KokM_-mZr5heRNIC3Id5>QW2o~M>oEU0K55i@t*hv?g zL4`Duhh=kuJNN(V1U?K1x?jiX>4gSCUZRE`hy68n32(YzHzGHk?|uyy8h4H1rAu-n zAmuTd^K3cx%i&kMFXIV*irJYEuiaQawi1s59b zGVuWBDOBNml2g;&Z%Xhd_=aV;-$1)!M5FR?eg^RU;LY_C?9#u~RqM;Zb2kf$^HV)( z?Cb(n`=1tqOLDMb!|H*374JcN_FXfCFSm!LWk(A*v3-a&pk}4>j9_f()$Y*Oe*mq_ zZ;vC&@mc814)ijzDnSjiufNfyJ}%Le21b)w5D>pfG%A#a&TZGj2JES6>d?bR>3FDo zu60AWFUs^Lsc%U1%#XwZqHQs%9X_2QQD*Bl?$loVC3Na7?vuxO#+{ncx((%AcPdq4 zNZ6_C&AL-H+m)3S3_weWK8C}y&Ermc7;WIIP*@1J5WqE<-f47YjNBT(JMB?g-O}A@ zZRvpmzIJ&6TsfRCSQ#ihyPehOId@tzJ$f?TX}S(5JbDbYz`1mFr)4&Jjznj=m+l_G z!{THG3|(+N6VhvVX({>!Z3K&GIoD!64W4(WH!N=FPJcL}Msue(#W^8g$$?sgBM-#+ z=`9;PPX=fDyTqgE?(~{me^7iwa$`G$I_G=*0^hv)_{2LNcLwQ;Hwoo2+!;}P>_wqv z28mHrX741FrO6hH-Y2wRGu#=i^_b#9e~c;CB}T4dlsn^9PJ#ND8C|(oWNc&H8Slb; zgz^>HE-iy#pTfh6troHF4EPriFV7@A)4@lqqdMC@P7MtdLHrh%d1ftijGCvke7Q5J zc7dOsJF^iUd^x#2dqNg2M`Sfxt03oOlM$Rr$rtRvP^hiYp1lOZK-(2CyN{7nUDSfSTQHk#K!opMQtMxl6PyFCW^kH({4v)+aE9Qa;YKo zARN@WLl#xAp2e9PSv15#AzL7zWj%yY0a^S4qq7R-og`Gm!=7JUi69QkyZ19(ezg4G zlk~G?$vbU1Z*+7k{~jfaQO6MR4F&Qx*AwWv*x1VuV2~?|xHaN(kTe83ab1j6oeof4 zeXqNj0jvuefuufn>KzENb)z{RUmbaGFypqv^4<#uDPYiv_VQG1CGQ1%I7uIp_j*B7 z^`vL2FUa(i+=<`FCz;5rAxp@CTZQ9dH9;JF?5q z8V(y{WKL7Cn&R<3&%lr@=?g2P;R;Iz8oLlaEs!N?14FdOE@2e2kJU&W6!(Ni^y|Y& zXdp`&YXuo?Vr%w0^(BwDiY%>-tOc6miFZ6Q2lu& zWioem547N}gA*@KmeTQShmYcZyewtFaV+8qm|a(vK0!-ZP?o;Tx~~PYlq3nX$$5j8 zn8>H;2(y>>o1%qy2yMoU_f}UtDRV;zy2hk#llLDrq1N(#_t@x8P&SOL$+4O=DV`J; zi+OG@?`Jh>LjC>yJT6O-`^ID3XP@Q7pz4=pj88IqcUff&!R*}!<^4jdy~mT5Ez6Lc z8%J#;>s!Wxe+J01=GKGAzAnqUAP5KqQr-{XJ7yHcs7A}Op4I?Fy2$%aS+~Kn;Ora0 z4f=Kl`cpe@D&ihlM%9N#dikHB0LWX8Y9h`HvMgwg#yLb;GR7((cE9&Z)mDCR;P)${ z94JMc_gnFtL9Q&h1Nm0`0cs+$jOpxY^jy*spg{Osrl2$k#QD*s7cbZJcoqD4B;}hn&?7!*}T#7 z{cLrsxpWX}uo^1pmhQga za=JQQC(O4K=LHw{mX#Iwkb;n`tiva!*%llR+$6H17RQU|0JPeb;~{@rS&gN5p{*Q%G!YHAufFNtP)E4j60RR&r>8XQ^e#oM&auD%uH zh^2kn*dNVZBac#x8*s#jo83I;C9C@}8mCBB_rcpzq(1o-7u57h$_ePpbxu8*EkAxA!_Vr~K*SBI^d)Rk5>^d$Od8C}(j8!_k{?a0Gp zTd*$niJJI{u0g|I`M~J@X@y{qAJ7uQ10j)L>VPl;WEJFtLR`e4Qt4MdC2)6e5jIT%~N>Ohs0~LCIHIsL$+m@j4hQWYr=Sr{OYo%Mz?MT zfj)TIqvlHht&N3i({=KA3heJOf~PrFvYh5_qzu`PSu&=SXV6Ay|T6riE2>R!fF)< zy0i9nF5oElcsn+E9QK$PFJDW?Gwt7NyKuT01u9BL<$UlEJwI#HcoU++%14OvkXB^v zC|sDh;6EtpZEudB==x{uzWrofRSrC_u)vA*AaP#7IZ`44F0# zm65WpR$mmDz-r36wy4+#F1|LCNq$lbWbLaov!}^A9;JmR%bl5uedCmk<_xK>t>*<$ zaorfKtDVWE=p^eNvqsXIzP15lXM(am&O&x^kk++N5bd(mUO*dVTzkj%pjX!SvSs{HC;AN)o( z8DG?fp?HRs-jKonLrT$CdXCmOfWadhA(3*4WFxg4gEl{R#zSXcz~k}DM!3~rQO%W& zw7h`|o#B3ueE0|sphafA9cZte&arqk9zPL@rjHHH*t->ap-8;E9Rs=#ceU?@IfSkE>2lj ztLC1Eo3o~TTn`+_#*x}o%wEC5fvn0d%X2srd;YgJA9ul&0XQH|1^Jkz2&hthOwQ{` z&6SVwBElnKCivLc>N10<-=zk~M~yKxgh|N8R10A-+46CUw893C%_k5HYF z^5@289>33s(;Ik_gv4({HYpZf#U$V=mJK|mE4G76)%6@{b+JusU>5%X(qd zkxA70BbV;Qa;cM4yQ7+SidVL>o_tavx&SM^<`o*cJ~g(-Fz^o7HE8HcQ;QhF;Udoy z#JEp6GaEqxj9XJvQ*26E-nno=P+M`pcTU#UA3x0$|Nkavf+&c z0B)1d)1f-UdL6(=dANtEd~Q5&&}?t86XzF9#3NroPBUX2zc;7yRKJXoO%_(n2BG>i z;YpZBvjg(^eO43t8b2?zu>D5KCnK@n5gCUd`jBi&sfgg|eEIAat7-*MwND3FNCOVQ zWkL;x`$#^m4{XK;_yUf2dK*6(jvkS@#1cLI(EBK#5-Uae0-hkV=C{InLW%e9W zO#9?ZhX2?BwU#z_)G5Q*OIf5=zBFnlwj@%X%a@%^Xq0@}j~s4F0@h>l($(7`0^c z(M-z2$lvgJWiglyT;!XPZ{ep?!uc?2Bi zUVOWU2Cv=2W36~(OA#NY1!W7Vu-{ZFSC@bl;M_Ej7?5ne6&K(fTkG@xu=8z;80YcJ zR!W{YW`O`F+1do-^Jk$rdvN?p+8Wf`o!EjOWN~XZWPd^M%~sCD3n!>-q0u)k)uf}B ztrU@bj5U(20bIr-j|$SH6sbSE;{A(|d%d!)5hmnkL`~Q^!B}AD2R=0HaT_&0M)_g5 zKH0|8$4J+nE!!RiS@Z<6-3Y@VtweYwH|JP)(mK7lxd(X_;C9;zQ6~xKE@ew)7Te8| zFEbd%mM&YKgN>6K*0x;If+E?5m=%@10pxJ>Bi6J)*YWZ-iw?rZQ+5}J^ky!4Q$GMUFm2xDfm8BpQXs70 z*J=0~XXzFr?Jfo3s`7QF7xHpYzJ3iih(&4_oea^pTOqtxwo||bv&XCTWIMuPebj-s zry$1HZ_>G8#O-B!E2~~SHuBfV&Yl3#=Ih5SD3559q!JeStnlS}9Lwqqj807L8POt*fdoQbf4Ro`+R$Y*mBH1}A7I}iCfc0?B(H+mRyL+2* zIls=}0%Cfydze{L^*Uqaf4v{C0HR*mO(&3-VA^ezUt-`IZXbmsR}?Dn&Yt?Qo#HH} z4G^FCWe-$fi1)d&=U(2)3aEET!PV6+_>Fw*v+ldk{b3}}Y^`XAJMPCFy@`*?o(-SRXv`S^2UDCMb^=5i{})_Y5k{=gDriV^Dk#>2W-)z_edD*GUDgkYq>3 zHAYM^;8R(?eV!4;Me^;_c-5B$j*Q#2_LAj+v!J3XQ2j(B{9?Qw*-PWE zFKZ0C+H06lkvof@;h|Ud)+cC?uT%DRz%4JJf%{cuZ$fe<8`+p-Z)b+ygi7AO=0-sER4mB5Jz!LR0OU$a$RE_G+w?RO&SJZhU9w&!X^}C<$w=n7okWrR%9xaZ~I@G)YN6VPYqP|-HnUH zLI(ISJXiL$#or(>Na1b(vyX>vKv?!Q#(gg$QH~h#et##dtGftM+2A`6jP^18a~zZg zydnE&GK@>l%i*@CJ7C{fri;UaTsEE>g2nqpHpj6Gg1kre-;3Kknsgd2K%crX2wkde zMwYt%IG1!ktuEN1YAdkD z@_)+yM*-isOz;B$YJW#ansG?>idrtR|0%SQkOjI-{QAudeF_cjY6AJu??w1=%SYoz z@xq~Yy<6o#V~zswahK=Bq`Jm(;O=@Ry*kKFO(ikg##0rRGb40L2(f$3s}(J zcrc8M1Qc>A#CevW9L(VeQ?o+q%1|`x?4#bVK7jeo{_8PbehnP($e|`^nbd%K)S6wjQP6Z2J%a9?#oVqxB7;)}^~r6x4dzl+4vhw@ z;?XNPl+Ag=@q8%6(I8c-97<)&m`RQt%D`m>lZ+ZcGoagtUS$h#%AjsbWJX_#SF=(v zKX)y~3*|h5JMJdx3g3Yza^HC6#~`~H5tJW|V?B3-I?re77aVLRVEl3zb>k^6U_6H@ zF8EU!6mo)83FuWtejEZh$_q!o9Ii$?P@eplPkB2_Olkpt>L?`hki*=cJ{W(BoV8re z=rp6eaR`U$1A&Pa?dNb*qjJ^B5oo;>?iX$#0>*id4Ahy>mc4>G$Px0RM5t_exn{2( zAyq`-byM9`ju>u`M;|x@p(9*^3Mj<(U+MP~OdI0tf^Q%}jxg^E>TVXDEo9r==11}n zr3roE2)S=Opw1qS(s<;aq2`FiPLiW2@rFuxsdDso-pK-OJ$e`4&qKOo`riK~v2uQa zxb1ODsKujgpB!cI9c@NO`{Tl&odHG(XE`9g&j>TSX;U&Q^Aiv`7ThXFNlnek-aqM; zKiZQmLuX`n2oOFxluBbzegfJcxm1%@mLprA1FHW5}!{e=BsHh;@ZsfSOy21R|psf#H0f76e4O9 z8qzUi^UD%c>;^uCxhkh^t z5XGMv-#57RgdW2MKFlP5pZVhUz@h&UWK49kY$9-&txF*lfworOdPWeS_h zTXN((IR&8Tc%s2cQa)!^)tD=B^$U)6Qu<=4CV z_BHh6*De;)VBwA1fc*Y|A(Fq+kqC2ANPcZaNQEf3xRGY)q(s+%!!UXT!SQ~zkNQdU z;H{Ljk3-mvh2DJ2)JkO+d-_uP$?M>mILU<{N?;KB z2=|S`v1zn4k&?7J($4FNmlI4uZ6c551YJRtbWacysKEi5=IaWDmT5sWC49{oH>N>#2B3 ztOat)Mtkv~D!CA~o$WO^y-oC)M#?(aNtNW(-GnKb(Cu<68R9GecIuuaaD5mVPZ^1a zA09@}9_RCyt&SZ{^;c8G@>>te(-dBQ>w@va1YhJL=>k3gaOAgi zT#$3p_4FH#U-`Ih4>3};bze1b%tX@^d>6i$e9=5-^lBR?B5Tq=4?d_&kt&ynk#4T03LX=ppTrTZ5UQZhTO|ph9)2u zh9N3vsp!IK;~eb80e<-kT8n(x1;5U|{)`1;A}kC-FoE}rqrw= zzo+2}n!@im1Ly_Je}@H@md~?15s6YE2-Q4GJ=il04H$VAd|1wMtAO&JC2RI0QW&XM z}XqZ~Q@)j9v8yLlnK>4bHx&@s+a`Cppyv z@_QzR$MAx)ZLG?~yED}gM+W3PlVK$i|NclP{RWm$noodbm*PQK{vc!Zjs_Qcmx!f) zAd0vvnHJD=`zJZSp<92FBiq49c@7{|s)}r1y!^>jTR_T#pq#e*eImcYMC4orUWA=( zcM?qxQZ7PkemQq5Q8iW0k@9$g;bNgdM*WuHf#dTWm=CwpIb#T+rK+-=>mHx%V<^Ts zr2D|OLEnh&JNF{byBElxBYi;fpqPXMCh4_WZoFl0kHJXxQZ)J2ghl+yl=ji&k*kF2LoW{MCx# zOQ1{_3h>Ye_8L~m@QLnzRm%q{t_>c&a%f%)%SOGKTVn>Fy705+O zcPtmrpo5E#GAnbIT)d5)qY8~&BqsS$8K)pi&FR3lH?r;MiKpp4xP*WjEG^D6ktkfM z6$@;imlKSU{C8ni{ZV9IUe%AaKNVEpjuoX_Tfva+0$M$o?27h5T^xSyw0JNY|i zfs?ju%`a$~cAcsEHb82N*k}_0!d@*Xn^NT<&Le zr>Fj(Dpqym1I||Kf?Ut@l+PVW(;@ov6*l2!={ zkXN5IQ&9^@R@It^FqO!*4xYqhG3Wn*gIA3&$Ve&o%GDQqO&C0T&7X)lWILaZ1Ufit z9)k=E2qen2`~H(mueBxyfE6sGmC0Q|@Z%MaTr)ieB*+QxGA!Mne&hG89tFIc*@(tcXMB)OPpCAp^m4645#^%bu4Lpdg%aI#? z@H*IuAo5)YaiWdy-$KHN5e(Od;VYlfEN|RmhM~$WwB($98JpOB^Iv6-mYr=XQ zd+{+wOOG=yUlQC-dfby$TOq_NQ;!>&kPNd!$oU}-lRXC+0L4p9!hw%qT1(Wby%Axx zx|@ItXmtL0S0Hff2BP_FHK=SK|kB}UuT^e7!;0z8|_`ibi`2quyze+3Wju~pBa|(J^j(j zXIN1f6+U;UvhmX+3bPw?CPDmGnqBFgKI`km=`}Qe2Ey#Mcx$&l5*`tfu7lx;c2jPOt{}+WZryTMTo{qsyJD@(j6Zb%-{koXjAE;D3 z7IYcXmoA}d6$c>=4w|0>{Pg5V&?`souoJ85l8%N-9RsOCvXNK$d#wtp>*^AUz3fhx z7%E6rsJ1TYk_Z#<2wn0b>+I(15@SRUgq30(wp!Yo!@zdd(Mnu%3_Dr_cMz60k<03= zL?8t<`p)=gAavP=g#T^!=P#_nV;A|>QWwHP7OwvJ&6la zW3~N7+;a{l^JK(2irhy?03&nzc>OhXSq2YAVtLDq?SW`g#(e~x=rTz*kfn|;8|6m{ zUeni5wCW#0+mD_=LnKdryL;PV6`i*-@xEGqlR|s+1d4)KmSE<^Q1Xt%oT87N=C@-hwy0#+ch&TBPjP`WFO z(D{;*(HKz_Ct+H)9KX7UPX(Ok^rZNfEivezo>&Ye$ED(J%oj4}?Ir4XoRjZcz z)mY=^k=IR_TGbPms3-FrJP6rjI$yCl)LYGH`a6~AxuvO|+&2zkCP6(phmsUh?vr-7 z`v*b4(&os&(Fh%s??62luAQ3q9BI`Qq8U7yu<+m&d`lOT;X% zh&%Bkg4wKx=q!X2ASpVdw_P(um){ME661)F#zsHx!m}njzD5c|QLirl;A>?#?S1q0J87v@rN)U*FYF2t`Rr~2= z5X5OuS{=BDCqG;Z8zdvBC%uaJd@mefdUAblf){~Odg>T3EfUSCh=U^cl5{i-!ydZK z;?)=wt@scUiP!nOi#oSwidYM+k;1IOXnDYpA-bNyG-{a({n(B|V+CD1@HnqDi79BhrI< zx(P+ZfTxedJpg9AH`$8hBLGBow-Je#EA&Fudh7p88lSS z$S|m@XRvbsT5U1Nv=d<^9zBy17TR;)d5C0kry)Eys-t_%6pyL#KuHPcnGJAd7nRI^ z96Q|IRRF@EzU_|poOcR5NwxLNo>Vx&0rku$_$FewXr#avX`p95lZ4S?bb4l&*!G@j zG=TzV?!DL|#pMZhQWZU`5|xu8MC&;jdPZx^8YO4+jO;-}A({Z#8FhIsUC+$78u$U! zSv8W7ofE?13_l5aP|vKx|8w3&FguKY=ZDZt5u%b`tS@kjE zTS51c7~1LVw+r?3XMm9~t7@HP<&Y&JCpk=zd3sg|*o$O7d3eOC7|;mx8@)&{Mq(4q z=#LRQ{~L^7bnMf!S%nN!o?V~+!-~gyO|S_OMY7d=9&iaRFRN?=I>B@E(CoQ9;k?gW1^-t8a$tBGsOO-L4wRv6J%^}*`n^!j-lR=HZ5za{h?Sshsujeu&uGubg$(+40Ur#$d zH`Qu{n0r0fGC|6EF2oNHShrL98XAuL+|RC7UC(P``gf<_&TV`8aRz}P>6@O{vRZW< zc^;hlE9XUN5T=C6+ljCXM_}dN!P= zUQcSip2sx7-a+Gzzv^jV5Logo1=Bkj)vY43;zkyRr46spzh zQV-?&HfVERp%rQXgnW~SW;~-tsiiFmrg!>qFof=#hP-9zH%Z=XMDOF?d^~_b{Ujx& zOF#$zFG1K0^!&!$mf>IO^IQ0J^!yey7K8$NKGD*fj!Dm_+~FGqQLp4GivzjyYS>Bb z^!%YL4-~#s11%n7;EFph6Ot2JsjKI|Mveo~VSWKxAw`={GZdG|0ZXq~vH06|_VcOw ztp*_caS#NcheamWvwDF+qd=B^tJ(7~XNL7#58@6MaDGNoJKK{Q(r@{!y0AWGs{`~J zyK6_nj6$V0%^Xh|o#S0DY>SfDF-Z1JA%;Ku6bupQT2FQ`FY9L&xr`N6W) z3y`B0)Qf}6A6D0^vAx~tcEiSc0Yh)>aM@d_-U%ZnXXpjZ_$sK4Uf}Q5$Kb?*E)5%# zK4G}!BlLpad=Hl1Lj6{Ej2~x<^n8qkQtVs#aQh-wFFSD6VDnPO9+@Rsco!~U-yK${ z*0hVQomVex8WXPG)zt!n%XO_EFCf&X=-5CgD#)9t5cTk!I zaKG6W*yucNkD4lvS6TF^>SE`WpJ{5%?&mhMb0(EO<9*{1_c=Rl(&>8s*Rx9c+3A!2 zml^l^Q<1)QV9M0g3e$(-fM`bf`kub&eVhSy_S6%dtZ9Rxtmo?mA;77wT{LC&P;1hQ zP8)kz`SmnwQax48&YgUyOYI3`T*&v+7SyyRq`A+)Qhs7AT-mA;0`vZ922-)BVUH}A z6wA%J-yTsu@ij}0ddeO?^-Nn!J#v@*(!?nPtnR(+Arm8ct-DpS+e|E}?MIrDwi8R* z;{2?A&%}}p%IEh^jP~)v_SSx4Ne@^f>~<5QULQ{5+&3}W9Ky4Gzg`H-y5Al%(H%ke TKx;i8XzaB|>xE>z_8 - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates how to use lws full-text search - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include - -const char *index_filepath = "./lws-fts.index"; -static int interrupted; - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_FULLTEXT_DEMO, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static struct lws_protocol_vhost_options pvo_idx = { - NULL, - NULL, - "indexpath", /* pvo name */ - NULL /* filled in at runtime */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_idx, /* "child" pvo linked-list */ - "lws-test-fts", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -/* override the default mount for /fts in the URL space */ - -static const struct lws_http_mount mount_fts = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/fts", /* mountpoint URL */ - /* .origin */ NULL, /* protocol */ - /* .def */ NULL, - /* .protocol */ "lws-test-fts", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_fts, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server fulltext search | " - "visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.pvo = &pvo; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - pvo_idx.value = index_filepath; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/dorian-gray-wikipedia.jpg b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/dorian-gray-wikipedia.jpg deleted file mode 100644 index 00e54daccca18fd2be007a31797752bdb57b1617..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 170097 zcmeEvcU%<9v+ocjXF(;SfFdAy7nYoJ&LD_{B`-N=MMY6SkRYHEB?ke?k^}*PRdQ68 zAV`!TN#dJD565%v@7?SBeD3>?;nO|U)m7C!->#k+YGn_w1F!=B zfTKx@I5{6XYXDGF1K0rozyokGC;%*w!T|pO3>x6fF%19~7_=v}JqFt^8B9=y7XWjB z6-;gze8)5;NGF8Z0ocEE3&8y_Kq@T>09VNV+DlnETfmt#ZJj-w-EEy+nB*Mc2)L7n zJCgtx50inNla;f#JHW@o%PY*oC(Osk!~+wCz=Q>$pe?LajGyfv9RWZp=3nh#@}^?_ zMPsRga_9{Q1M62`aehA@jLUx?4+huo#{**XtKS$<%oE$>20zUKir^kZ=I8$CcTCYd zu=Z#fAUZxaGZ{4icZKx zRA#s^O00SEX z3lkgj3@#4d87v}xu#y}L`yvJJ87VFEvzJ_N@!?QLrWbD!t*clj%^nRj2uwe)}4cv=2#U}jU_ z+Us6?Rz>UJ?3SQ{fsJ=qLUv`_(ARBp0234JE%tGraB~8o;8Q1E_`mny%HLf$ z8U={3j@u*$B!G>M18{uj2Rd&k0VP6>1s^O;^@pmYPnL790XT z_VS3YqxKfg43<}vx%S_dbs(eix}j!;tCYLmvvyA5i;^13OnQn5i*Z>y?%Ai%vNi`v zvCYuhJ@!S0&t*)Zj3M|}pXH1_(W4Syd|q0!>Hh{N^l(4fN0@ztWh5-NDR+2{!Mrv` zM|-7E2-(LFHmcxVU0&Io(p#-}1UyR|626+3_3_CI$-W<|YX|Q>nv42TV^`dGyIo$i zHu^Q{dqtkdrsG)M2bTg#p4QvJAIkcbG~A;S1DiL#ZM%8RVPF~A?y@(#ujcm*m3h11 zNeDStyA*w>XvA7_pDvq0ZCr6apcHm9;fhfT9lySx;-aLHJ`kO;m2{ZZxMqn=IZ0r@Jyc_Ew_k6Rx@bZ|$-37Lz&LhqHvNIZ-A>O<@mwG3nB zhQ~d-ebARmyj<|D>~JSX{0NZGu4#j&eqDBdag$7N4%wh&qZj-2O=tN79RCR4!@Q2g z?avAQ_n6I*c{MWZn2My^W_E`asLYrbG0(bG=G;rT5fciy<1{46Pi4&ZpD$`Z#K;s$ z>?aMepWRitenYOmv}Sln(<`3%gNTPn!RY7w^mh~MvhRQ3906anwQWd9>FmDi*(RTv zIP{Dc{1Vu($vzvlqQ^rLUv&h0ddPAF*i-1VZp<u0wby$&o(OrO00}M4tAbw$mw3ntC+q= zGvXio%sjfZEx0L=yJv6E+W%vLCxs+2)^mwdeoq){I#lTfmU8pOOo+*@r26pnCJXM-z#k$=p@J99|16e7ocUNqH|Fe06rT9%E??Z=1M*1Ru(<49*SGY3pRYYo-5Ji9#u?I^wbjy&&jKWwldN=|r zIB%s(ZrFGcqo*5xEd|?wzWi<%*<4S}UgiPQyo4O;Yucx&PnE7*fa1`Pt5@fOvd=Dz z6y1$cXzA2Apc+`HmdNcLyU|<#8QmeTJk0g9yL!~OvGvqaBZLsizvN$5sz_@>w_J7v zNHuIEWRBE!d!b&I(ym>iJpz<`6%6W*0H;cZiYNX{*B%^dIakgdE+|Wr43Q!u4`y`{ zn{HfoL-3nR<`2&9$N6V@1dPf3Ao0|P)@0jy2t&3@iX3QW%j}JOhRjO}UY!#OgRH~0 z6AzZ(Uu}PdNk5MBFm28gt|?}~kFXL%jAAN^j~)U3a}EAt`D71R3+_M0DQipl>SXNH z@!qkwlZJ!%5Yb3RXXAfs_r`L=5A4_t@miCEtU>%m{pXL~v-#IL7rYG@Icx5fH_ug2Kd8PUf9Is2paj+1}Iqc4pjx)MJlO_MIxL@e7C~zB_8D%1>#Iv*8)uQEs6T2 zY%Jun*refkt_*@zn6iotKupZ@BOrG$YzEe>WbTwMvcpwR@Fggxax?2*1QrJNj!P|Z z?$x9IjYWaNo{`L`YM(>TvyncIWG-=_^;MMD%GTCNaw`eiG+mlotkj&D^} zy>5AZxM(8&Vt#+OSNlLBUpU-&@T?^r7QNxFlO1bX+!1iqaM5?zdBkD#Ivhb&9kEr1 zsu~(xaX{FtEbS7q*71$z1*UyFuMOXnl~L#$v*{Uc4PJm`Dky&pJeR}?-%RmGj;EGl z8Gkgc7`QH$%u&1%JfW=<7E$+Ar`UyRVVrK8J`?gqCNg8sY?GEe*hVZttQ?cW{SItY zKx4LZi&+peY1q_r`AKyPq&8|j`P*nr^pHUgw50bd^(P{QuYuf1gBmZ|=Z}XznOra> zD*1Nt1+k0Gj#|!g_Dgd^!)t=Dfxz_JVnwgWm*IY;6=wTk)$#?2{##?aZoONmK~ZTWn^$vLl^rM%I0D41j8feqQNon8Oy$DWBK#0RJa_6t5g z)C$wTo*OW!uKn^* zGuzjzw5g$zPbCya2M<`bJZU*xMmZz0^-GHUBMTk8RA@f#eAMYJJ0ym9dlDrTSgw5< zjE_Gr)>xysD_wKpt4PXfP`a{*cwT#_Wuu4*;P8mdcs8MYEUbL2A^OK+@u%|_yO;LF z)y1ib9d6(`Tu@}~h71oQ8Zr)!fZ2x0^Lo{+5=R4@I0rcUxL-_g2kE@~2Any&trE^x zqh!Up?1JX@k;zLNM}UOI#yL{(%Kw4k5zt0)sz!;aI||q zYD5&dI6S|8MZxj*nrZNdWl#TcWQTfMRvX5~lwybmvS2&-*@N3deNQ_%xAfJAYKTHs ztk)z4mDKf|ss^}i{beEFf>NcDn(THNP#I+hG+0Z4gCvc3R(9oOW6tY!hXXb_g2Kt4 zA0$mIx_;hOsDOfQw)}eOU^b8#B_&QwRo%35yOAY|@k?g50b_nrNvpW$-IWj)d>%1m zPs1er5ujOUWg)@*a{B8)^@~(4gjX=^)%i}-`8_XF74PL;hZkM8UJi>iF;dug18-FZ z2hUW+PV?y9F^gXne3eYMRo>Q9^RYMRcEihs;J5lQ&&pz5Z_vslttz~EgIoEDHLmQ( zwc?Ew70c~hk-V?*kO+60*15ro@MQW1zSOMI9E7urrLjYNzp!MjI{Rl>yG_mAYIUMX!}&xg)gew?kbKMW1RfN!q0P5aq6WuE_t zjn8Dbg0xo-SXdZkq39=Cd^cUd&cTH9uwr@TU{k$7EncAdt1XvDYqn*eY0bA?GbzN303F|D{4jk* zUOr@()AWWH?h!CAr_tN)f;(2x;FMw781nrHP-7Ji*3ZYvof_^ThF-_Cc}y?yBW5|1 zOJ-pXmpu$4UnOKco)@+KZs41e#?jEG@DY&g+!!SHWRPfX*{Yca_e$sCVY$OD@eXNw zuBX1fgTpgyEXLr3^%$MD*&aKb)`+wZ#N(dAJ_>cHHN;l%yTLMgorf*<-&huK-c&Ju zJWOBUZhbjx0-yC#O_UgL}S+Z%mY|0D$lgyE1vX5yQ z29E%T1DdmjSoa?|r7dB%96HS|f(K#}2#uE!i-=Ido|7nSaLYwN!VrOxmCif7%b{z# zoQK)-6xtPti|K}6LkK-wnGd<=3SZn+yD(yA+y0sd=kbkgV!}HJk0Zd;W@^d|9x`N@ zR(x9tyLx)h9|7LGVCCLG&MRCFpC3poqD_ZF(y^Ks(&>DN8~`mJz&Pl3Xqt)5h{!si<+%jtrY zBk^AqZHTd|MCzXe`+pyD!TCbH| zrK{%$_Vp_|IWfifuoRv-rhGrQP}r9X8JwD3;*wCPfAVp&KBf`_Jkxh?vZH6K+=hW= zr6JaIh!24(IKpSHDk(CmSd}~?#+9DaU`&puF-5FH#<)JU?lr`3_CN}4@7>3GrNkouiXY39P%>2d_r=eJzG$O@6CB96$Alqrw#7Wn2+Ns+l5 z`l8LtoF$6>V$S<;Wd#6_=FA11i+td}awA8}=UV>`4DoaE07BAAYS`!y69AAM=f7p> zI;`bm1{pf2bsW0-wLjLod|XHJw~9mv@Y5pkF%KQ?@i~^HJ}EOCTm61q#y`%%4CAL3 z!EqT30-Qd4KxW*01z<80Iq>K7=A+2$F=BLD|+ zx(1;6=up1kVf zpqoa+4(NiBKSyUL8#ImHRN>Yhzn7&woDo0EKf9rAWBaTA_^@!?9qlaP?)r|Z?w~Tp zKiWBSTnDl#z=V5TP?G)4Hm;4Ev!}~HSUApZb~biSa3@a$s6!;DgSM`5%md5B=AItT z3UDX5o4E%Z?O=eeuM7N_Fu_k@GzVRygs@=(cmKbSAIsCtQCH4T7i{VmxM=YI$x(B+ zf&YVpWA5moYi{!o9*HF!)PwtYD7h=@s;OEyJ3FEc;{C<`hcLdavzwokqn*uPNRj?L zc*VcipeC*r+}hmJ(E}v$z2I&h|3O^;FZMsh2`y}7oE@Fregl{Mr+sOKlL}A;PZA`52^(4qbdpAZ~k+kcCrXDT)ux*>oFOc)ZY$MnzH zh7NK6bm8L}jg6K7$d8>6B<#VI3aUr~Ks!i+!Q%^H==U^Od>SmC-8u~xp9YIhgT<%8 z;?rR9X|VV-SbQ2RJ`EP128&OF#izmI(_rywu=q4s{Qn*-{uz(C2!>ezz!yvy=(yDd zKne_TIs+D9sFMlM1Z+Xt15ED6lncm{I}U>)z*3)d%+2lO&Sj2%;E~JH8Nuyi?!wK>#lsDVO8B^#TROl!m@MF6 z+)?b(N^Qd>COa#!O9l`%9yJ#kxUHR{pBr4qPhHp2&%qLAbxA^;K-5Rr2jPN%dzdr% zARL|Cg?+>>9UB)0X*8Sr64SAWhlAK9elA`vzH7X^{FlTDn3$ME-K?yIwPodhX@VuO zOTW74?d{Fw&CliRX2Z=3gTc6Y__+D_u7MKQ+;ZhIHFjVSlu++S^oa-$pmts}=ri8k;r{{PfLa7<2m_#X%BAH4&mg=O5} z<{n^}5)74!A3x&xKRnDTiXQiWX#I_o=t&h^77Q+nqn~@d#>01wk5BjKbFV!7*LWbp zJUqV{`6>A?8*0v0cGkZC*@gi0cN@P+{@VuVLRRJ;=6_`6ciI0BW1^<^-;W9c@lUq_ zaa2g3==J*uz53faYg~6XQKxE9( zlUAHpl>5K%emn5vIzw%^yR)O`PkEl>jhh#}`=$GP{l9gM{s-OP>;J9$x2m3#orgHz zujc;6{e?b`dd>-K;U=H-)jD?dHe&84tUXni(mVzwcmLE7XJrm z{7@mN0H**C49atyg99bV%l9+qJLde%`9VH}_os{iCt6GJI0pw6959dr<{(Ev2*Pum zg98fE;BbOD=m3KJpnITmP#(--=v)Yt1aov-{GhX-b95{GpcA2UP#4UPbwL*r;1vLC z(K*;#F#pLBJf?-vISlM4m>(GOMLT!!s_o1D*Np=DUg7WB zV_yU>jd1k2@jtPD^U%Mmm1JZz-JGrM9O2>$ZsxvB3g!reITIfjc+&chLjNr;KTita zJsNnY$9;0E_gi;QZms_JiNBBTf8X|r#nVPkp!gHw6s|u(=|tuft`jK!ggAxkPf$9M zIfd&4ia#Mv;rbJlPGnBuI)UO(h*P-!1f>(1Q@Bo`_!Ht3u0KKPMCKH(6Da0KOs)x`V*8+WKQ8af#OeyQ@H*Fr4yM`xK5z>6XF!EKSAk4<`k|IDE@>v zh3ijHI*~br>ja8FAx`1?6O>M5PT@L%;!lWExc&sC6PZ)EPN4V`;uNkwLFq*16s{8} z{)9M%>rYTRkvWCy1d2Z)PT~3!lul$$;W~lhPl!{v{sg5HnNzqR=jYY>uAy!HRq==WGnOuH=+B@vf=Sg1d}R`RT@?Mf zFgtG#7m$zP1JaZh4#)H(H0_|PEd%mXL7Kz^{3IK=2V|UGe2+g;#>8fMl?nZRCezP% z4t0FpJ>Up;CM73JXEzt;<4@CZF-bW(GHIi~Y39xZzAy!M^MYG(0YBSDTLVb{`I^Ep z?|(HzWBk+Lcim&`FwTAaoA-B9mY!~2ze*UG{NM)>|6VWSm<_I%Ap_uGV`HDe#yN8a z2OkGagm^eOc!Wd*1cU?xL}Wh~$N07T_evQ*%iwYsgm_r0n7kMm5hSkMUD-e0T;87(!x1w4lZUv$rqi5 zOZ9UtiAnx*7OO07x7S!@1axB3OD)~sLS(Nz$tZ)K*R}F!?w!KB9EwkHf%;CYoP6eM z{XRW5n)T`L==Ch%o_FJZu4(aqS<*sC(a_fC{?nYQ_Tjmmt1u-aJKqP1xz+DS=6|pY zD;wMUg(v0Jbc`g_#N zyX42I@4EYt(q(9^&qub%ei$MqyS2lX`>dNaIM(@n{gQs@N|)g9%F{!Jkr2wQ)y}LR zvINh!JF|?i%vGD0X0uK55GJoA=-xiBfYtcVY$E%3#j&6xR@=x}yMx5sr+pBOdx$su zoCJ^#}ZJTOW_QH>wz59$UL^jmrs* zp5NSEiv!CrcC0z1);nJcc6{0+C8`M=30c{meW_5glHAxZ2E zNDb1hGEIXl$FZ|XcgPbCJ-QtF8X^tn*O5}O@*7=tHxdIsAZk77-F5tCMYea{;o-9q z_ncp7(eC-cBU8i^b-OsmAka=R+(^rEz6ihB?0^iN3OzR51!`Xz-tGCgivE=drpO;A zAHdZtHoB>;XsofCxgl5kxT7jfngZMjoRboBRg0f?PFJpWT&gQ=7xSM@+vUsg4;(Qg zF>}mgB>H4G=8oc}?7#{bSmH~h3Zr0$3WziH!x{7rseMh$th4m(;nA;FI~Yc+>)e5$ zNBw(cI(z&iwX+hOWj7A^b=EplU%HjfxrN+RQviCxo^sgkPc-bR{1RExw zk`d!Nja06UHFG{Heu1dj=;AjJbWDraK*f!r*eD$K-M}Gv;}G|BW34r5Xbjq4BpAK= z@u+v>t42USt{_0{e*_S@Fu-z@wmP%)#FJ*T#yq4uPJzt?U=I7bL)K{eEZVjuMaaOIdekpELab@P| z2D1Lf5uk1%*u_^_B(!%(9awK93Ew`v&?~uMD-3`B-FbVK@t*xkQu4Frs&D){5NNUS zY%XTvUAtHg6x1GLy(2Zd!cd^g;c5Ry7xY56xNo4uePo=mzqJ@|0kmV;1mO;@rZ9hC zWJOepfmEhzb{gnpLL`qShCj;F$yV*}qK?2DbWK35f!$^;$10~dw3Q?bOySTfXeRV+{kv!s2by?&Yd1&>kd}^EF1{CzY>f4IVl#^R&U|@ z`kOl`V*?LzIeDgDs|#nd%g^J-Y}W9oc6DxCvU4`{hYWYX=PjhPyeYH;v(CFS+o`&C zCdxG_(IN!?>~raZj%@caHYc(5cl2$7O_UP@y=I`(MV<;D5&;tAuCn;vmJ}i#=@}a+OKKc&tW>d z#O^jHoO}{%Qj3&yUco}G|=lJqClIsN>^JZv{027pYF!&*ICgjQx z8*%9_VmhHE5T@G+lSCxlIlKEEBPqF$7qO&2P}6?P&LEs zg%(mHgFP{7I?k+?Ep&1n*{#D{Wa>^zGmE?Dw!3FdYfbNkT#h{O4eR9QEmj>no6JKk z8+cIWH@z)q!e8e`lL9>+XYGlm)wOP-LP zB}~fJ4!m&kQrAEFe6XH7RPUHE(Gj|ujVtxSiSp0=t;Oj}?^(tT z6^)b>q=u7M2E4?O#4_)OGj6Tb8f3L`*K5tkdNYhu%Q!t3Au2N|toO}N&~zfT zZhLUV#w^o}e-O+lce0Nyil`rEx;_WA&a8~lqRblt>Pl-iI@XG`Iywv8qV{~{6HCF1 zO_5{aJwv3)n}JSBdK^QTC#+(%lM<=b*UZyN#4af&JmWKq%O3CjpSY7SXP z8mX^`8{EbokpeD6B)HHeKL(ExaZawVKNzX|0Eg_lGlFCGH8~(pb5>}SV53uvuR&jr zFGr&%dF)jO%huj^Qs-K>=&CM~A5j$o!R4{RL~jrzP9xWKI5w?|Ox^A|B?h`PR z7X8Ri%I3sqTFmZjgQNkEjY zba)|IIrK3n`|X1AT+F!nTUPy3+IjbT&tu(HZY5>!TaFW>N?tm6CI_*vDvmnx7kgcJrI0cGGn? zMdn;=oRKib(Kh39+9(EE&7=T@=D=j<&ES!nuMB%?7)g$RW}2R)euAeyjv7Gj|kwcBNy>>=llH;tYwSzD=PbM9pj(5}YgZ$zv7v@F#V=uTeYJ zFZpt}XAa+F+{n(-Y89>psH$jgt6}8ex;ESg0gcoLXP<#-8GUJ8NlZs{4wujECaF&Y zPrHfB+=mUEWbabpG;qERLG+D5e<%nBmPYD3rN~<|F3)x>CM54z9|6MFW1J~lWmv;A zL(ZfD^*4T4?N}3U5T%aQk$s6-l_>zP~e1_^e|Pn#8}C-A5;c&T&_l}xx(zF(e&*>7>o zhcqwr@We~^?`Y)V>!AvQqH+(_F{<|42dpBk5G=3YyzF&CEkzO)A=Y9k* zV}1JZ)g%%%6#uqQ@$S8CzE4X0!fk6bc!+p{$bdZ5T867=#ZVE=xyv7}-$@fi49ae_ zDF@fY!-uc=WK$jn=qN-Pz3{GyasJ$H*k(s78=e{6l<5GsnbA8alW1%xyVpCKsjdOU z+@pIiRn83m+M?KC6+oCD^y*ZDL%gBa1|bK-HJt@{ zhdwuhy}3oHclKwe-ep+6lW($|qaMn((o`9^PA>ZVH0fZ455~$Gs0!3 z*zrv7I=q_yR4KK58)qc&J9r{#(6@i~sf^LFaBp^gV|L0Nyq}O0nMIZ`P)9oU7g;I? zR3amgGEc*;e^~nW(ZHkn$>TAlU*0xwOAS#If7albR*lNSdG+SJm;N?~I=_5mqZen| z{auc5B_@46qO|1H%Xe-KChF9tW5&+B$Jtvlxw=nsIZw>3f0&=(Nx9;UHvX=X=o_*_ zksC|+^S4-Q9=DbhJfszhdKB4@vS>?N+@nsfiZ_Z^%$eITZH^Qm9?W0upPC)j98kbh z+IgxUi(AzZzD#79Snv$?IK!=u9k(aEnO%jZJvqapZKJh}eP7j<9k*8vcRE>cq2o$3 z^bn?p;;z?stl4T6y+!r3e=Uv4^HU$A8Bxun0c2;fvd5i>j+v$#<%-x*JLaq_vtEfrZ}B*7Vhrfg9Ud^1%Tv8n5VW)V+~B!dr10$s zfNom5Qq>j4We63+jD4l|4%ZMg%0WXJln)PYkPAK!=*$((_0KoiyFNb`ujrtO8Tw(R zPhw?~ZolCP=6j#j2iFDx`eqeRM~3T(VStKgeWIJh+$?HxPdsUAusz?yW6Cme=|e?n z+5JW%TKJ<2E%%!r!zbT8NmAMpy7|;`d`_TL;@ewg)$i&viI;AMW3sPJ^6x%8pG(*I z?wrOgYgKt%-U5DYObf|CUYhoM(iqIsInkCoZSrQ7tJ!C!#;BS4%PC*=&LrAAeVx!7 zrNx5HBQIMe0XLMJ>zsGpFn6BOYZmbjF1m4Hd036JDD}cXJlmAkYDjwhGutQJ+@;G4 zDxKRYpChYlhYrc*;%z?_yuE(kNK<)AHvM&Useo3Bs-Hp%t8JB^Q_RJj>hIVI{gK~b z0t0j}aAKxtV=@C@I9$nMQ*pJKSYCDe8v6QU&hYhz9G+y2Mb>iGUM%%3C5ey1zwC?F z$#23YCSJajk1g@MX5dNiHV)@@$@?}xR-%-T@tEb!{NxME3s}`V-hjcK6k>-xv$Gbd zFI03|qVB@N%l!_As5#0tMop*)X-FhPYx?&*_9P*Si{ZF|i^?RipAH4O%GPNy@dY&f zpMMMsS#49eXs&(L?EC74h1sG5?=I55c(27*V)(83`34WM)E?08P1iNh_2;y%I@5vo zv-0{s?)uRmtheJ@@FS8N>a_sy{@|YdR+iJ@NYqF6*Ys``#U^=VqAnt`St~Cl51{I@ z^taeu^+e;83Kes6()M0KU$QG$PbNQziN3o1c&$Z%1wUhy9bAv2`?16TBPY3^9fp$$ zo7{zncWTh#6;=4sOH7hyFYjX<0b=LsR%uP1cv&*ly0dC}(6SN-9ade|R?@_<2#aP( z@k~uS@WDF*JYLqWS*Q_9_cI)LzpDdS=p-dscEUFy%YA`ikz9{d?U9mlgfQ9={aVs& z!hBBe3iS)sRorWRma8zTT(PQ~$-dZUo6ZW6E77j1hxU`arrm?^xGq+jz#DPSYJDb+ zQoyYcJ*3tfb1Z0cO!e**=*UIZ1(q353ug61U)lCQS6q_Q#tac>ZeOVyt2b4M9KWD8 zTNq?Y@|NS>y{i}P0%2cXC@~wx<_qS?YIQB;w@vQ^Veh=kHtL6bxs$P|zva$j(V%&Y zS|+ayFX?(hOu;*$0N&;{Ccl~1$e~<>e_>Ij_X1zCFV#0Zza=Vo%!K5JyR?(KX0M-J zCsRpy@!7byb!zg`m!3rY*AFN%i8F4P(c(pQ%b#7eGwTN!6! z;TBcq)Tc}ezrMCDV~rIt2;yZ$b##XQy$j6NUwN+5-FWR(66_`M#`|%KTGkQZd5{ZJ zntyry0RFR4+Zcdq8J^eV4QF<&$s9M?U2^$X^Jh5+F^WuZ8hgT%A<^i#4vA4Zx&1I0P+n@i>e z`ZBo1Liq7=n00gxzH$Y;dOK-hH@Lf^ZEG3fQ(o#P{=mY%@q4(PS=7?5W~M!g!X-!} ziqAITF5J+%|G+rCI#MO1kwF$W;hF18jbUqWou6V!BIQ{1{J||^g5f)RjkR-DmiP8@r$yw z>qahLW7+XqgcR@Y2vc9f26*qcwYcBs@nk~W;5`?a@_KnL9Xz+NBL}J>!#X$5e_cwgby@C#PTnc zh9hMby483@qRY}>n>rjWcP4aI5|YPxR9i~EtTsgwN#@YyE2?#+*i0R+(A5;BcHNsb zyrwTnkjeX|pd5Q3GqzR2CPIv~JoMT$9jwz+tbcKhEp8ApcL6hgkwWJHZr!AWu%oqI%R>`U4<7sV{>>(vCjnu<5<>2p#UQdc?? zD)1_j2Ms)L_Qd1xu_;i5doh0v33xl>sC(P?N#nQkKV)w|Yj~e?1l(?UZS9&dilw|} zJk(ey@}laptuOZdB?jB~(=CqYpO8LrmFOBiYg`?}w)E+$+mm(k?i4k`6pVfy^72af z0PIQkW7?cl?4a_d1PbMXHBhR1OiYSD;Ms1h$l#PD+I^2)pibxB@eK zfSURlpBRin^^L`$tBKkYaWJ0#Z6d4FT$_RPntxWXajtux`q<=LIF*40Hys z9B<(x85ZnU-Q=oNv%G=E|e$FBjBW6?eW{?UXUAaz$(|#c=M2l8IfIcH?O3 zuJ$#&=qu#d@go1Ayj4|9B*T;Ir8`;GeZp9I#R>N+5|(%&L~;z3{6^imgCfyGP7gn? zSSIp!nF^km1ce2zEUsznloB}> zTqa%p*;1}Y0Or#-FU(6SEyQaIIeKm=B2BstqQ2>?C>i?jXWTTOg|XaCQ16>b8f~bH zzWt8y9LmQ|IAy&pA8VrgK+u&4;qOtQrJw7Jt#k=-1aKP=yUwSOTqWcZ4;1gFOq$QG zd+JP7`Gj{$VegyF!gVmLVJyl})GcpB_HM!HyG{@BH!Hej!zeEkwm08X;tOVYmGZB* z@%O*+n#qh^!;U8(yVk|s5?I)WDf3m}xw7pjVkupkDvMVpyR{|Kv+#YgUw|3W1w7x6 zT@US5wG8LOKkZN(70t3x;JcDn-hxsUpFaXDZ_(-uTHB~RcbmOw9@kW^xG_g~XCd)$Pn$>Ijx+Bfbpw>jCPY;>4kox4#a2vx#7i zap`n=a$DgogDWj@!jmJwt7Nwvyu5?N{_}cV(}mz~?C?!x)%XvOz63sCmSL`<+Jjte zJ1`5w)yRDqdX*E&%)Ck$#eEk*S`h|cBJ4qQuzb^Y(xP%{4}1g1y@^Ys*$GWjky1Ggw*1FQ$?Kz zoK(cVPh?(grM0oK+*V|cw$~YbfrVuv(8!znxnotUb7D$<>iO;jVf#S(eG~b@HID2? zlr1J%iPj$F5nwR6Q*z0|CX%nYKSl;aRN<|OCRI+_RFw_oJcVMfm@e;f3jsklNyhx! zI`v8GS6oI`24t12*!oeOEfdeh`2=bWoAU88a&u`z*d+y)O(>P|EkCVmcM&TR=}B)N z0fsl}ja1%}Jr4Fs^ItNh++KB5QR8f~(#IMorg)nbI#sN`U%L4K8Z9dwn`^I2-k4Ju z0P}iB;bsY+d0)w*`HfJ^A7hOB*?1}!F$)`2*tLYDzN}_PS?bFXp<*gPp{6(ULq|f( zFB=U#AtTZGjeUNYcE%}Xsw!PfyYXH4=}9phX4_dP;`ckb!?zu_gH7-jKWa@^iHETF z=X^%md#zG7*%aA#g8`>Bnb@lvGkqM6PKZ|fA+qNxtXc9M=EzLABiw2+T z!aw8CSwA+t;L>1n7v5V$6~-j=>PC86nCh3xiy0eSv@vy=s*~~ZcUB{?`Sb>&!HF{# zUcxl#Uc^vfuhu8?b!kM8L={7{o@8Nr z$c1wS>ZosV{y}DTuKKq(V<5Zj%8a3X+DanfIYi7lhq_m<{7`z3^~A9}_Duox1I`${ z*pkum%8f9{p_9AP5kNWBgM2v(d(7$D(O@^J?uMx`YH^jV_`5Pw_CHJF?X+&jfuLLcH74lSE|)U>|&f)p=yC(T>zT+ouTQg+jpd5sUQ z!|1)=yS|e!HFJwJ!I8@*qA2Nln-|l8U6NZPrb_$D`_BzF%ixKUd1+$6lv|_h{J95I zrCrA2yz;4crLQZy)r(vfjGf~cEGsLOaJ(F?z$SxPZJ$8~=J3&Uk1)4rSq zv9Ql{rRfT{nrkno_D2?q5^oQ(HyPlK3Xar1a*j+VVPv z*=oZ|FmnV0!s;WnaMA`8=M4QlM2Vm^38l^hDwgnVhMg8qOnIi9ng0GKlEjjzZ*8sn z@wNVaZS$>NAuma%AH>h44#bDK*O83%VSZ9-e>H#U6#)hdxiU>RqH=eb#-?B^`hMfr zOW`2{>8yR_T1=qg&LP^ZfxO^m*8B40N zC3h?8NAQ;kHF;jvx;HY971VMvDKJY!oJYJa7!ePA=dDxui0I#DL^o+AV8Qe$YZXE&O1i0#g2&J~L!$`HBB4#5c7}^R5 ztUtFCGzguwQtDA;%Ll`XaLi}*NQuOTVavG8V8z@*%r8f&Y-!b>p` z9`Q78aYCMGyY)pgbea~m34c`3)<)wu8u@l>E`IE)@9%{!TW}HVoLOLrgeQO_7@=O(VKT_*?R3#Gdmj(#NRpU`Bcm=UV ztiC@OTK>YX)i*UUL@@?=wqATDQCw&yH#c&EiL9%oH1|uOx7nCYQ;?ZizKQW2GbQUM zvE;ln^Bv~Qz51z(LviOP)j8Vs${)|Ii8UWa$~4v239t^OZDd>zQMAuMaE1jxoY-+u zX>xTj>x=GEZn9!~*j}Y+C>AJfi)`dIx_-zRhWTke-qu*9TE&%sy2$Vz{;*yYmxO9h zaBc_}WaYAP`-}1}15EB$*P1^#sDGsRNXdCdqSgyMIr-dq5&Zggsi7gbN@}ERd-q6d zdYaKY!gfKC_7Z8-k_+>Xl`b8Y9^;YWk#xb8I&0r&9o{>25>hOFM?gc2D)Hso*}V{k zMblVUjLhp)ipui3<@&O+!FQOs-=fBYRxs#s2C|Jd6JHKES#cK9#Z*5o4ZGH=E|(PA z7hHbtoCPF&>H>uj6R!Xy!fv6fRxqrIik=zuPA%Updw{fIrq2AilW z;8p!>{O+h8Jp7QShrLysEy)xKa}}*ByuKABs)T$K`C(Du8}5Z~S#fE4hV$)hjcJCR zI!mjvX0I2w3?=3XeOM$gTgo*bP}-K(UYu3p)VMa}9CgQ}o_l;%RdK1 zjM;UF&$=57y4-2obNyg1s-z6(TnrDjaqJB9;~6>Fd8Up9>Fcvf7x$}37*BtJ=B|jfISqCNWWZE zZ+``U2~tPoCPN*Ic4AWyw2v`Ub!G!xV{!$wK1YoR9K`Rt#@DBdD6lFPQ@H`Tn6;Wy z33LbNCTtsZ0~tjLirKjJSRa{(O#ki8~)gyqaW@1dvGY&B{F&k(^twd?g zD|15vaXTHO^N@LUYPT0(;789w$k3EN;sMU{x_w?YBkilvPczyU&P*GJu)3P&hlYoOa3Vy~FPpQj+aC!2>Pvd)&Iv zPc)ayFpvw+9mbSSS)tueDZ9Nf_dIB|o+`IrdUHR!fgKTF zs;O10{mA>uWNsm}?KWP{Cx$SZMk=OnBrR}rzpCp-HA$b8y~Ym4-8L#&oo zMi5KTUGVp}v^oG5`w9Hx= zGdqdMFo+cTRuOl=V>xRY7pNC;NVE1OrkMNT)H{KB)r5EmHm5haqT~$|X-1vEiaqYb zrswsas@ZyGHavkP<%W4SxVv)FCpi}GA?J$rr_9Q3YW?A3p+s-w#K&4}f>LI>t#m%# zW$s%Z*SlW+`i0)c3|&Y>q89KCpnK}t9#Oc*xu$;E+VJa*n}I2ESn)(z57+JwlsH^} z8?ADUx}&v(#ZfmQHt#Wqj3&O`5n%JEvU0PMFAh5M-nBvSG0!FpW2?S%4ZH;t@11MiC4-PHp7umd}xOB-f8-c5Y0 zbsa4B4wMc86;sfgiY&1g6WlwKxcBG=yRW|&t}C41IFOU`O8~S`#jNvf^`g6)j`4$i z$_hBKEyl`ux4SkB4y|_b*93Q~V&i*dU>lrFk2r(zpkD?YTFL~mWEw_xj)2*h@Z0lg z8x)u0FJ5Y+l+tFIdPH?=c07e4sCchCbHK>VO4k z2(E~u)(_j7qwd*Wie_V(q}{FjICD@nea=29AQ>qAJla;e@p=BeTD z1S(OvIlp|9tuMTYHf@@ zA=wf9-B;bQnPr5q&Cn@ZQNhN&?-qC@mRPxqb#l1Q+2l_WE>q=5F)sTg6id2L#$1^XU0pv{ zvCMI{BbK8zY)<}do%js+>!24g0#B;zoS#ZTA@t>I0OJ_&ce{W4zB4*=Xi zBfow}c+bIBZq(!cZHs9@ev;H~g+o$1Pz^!-$PQ{Nu=xH1h5rCrR=QP?*VVcbH(i-# zP&TJZ5-?YpN}X#@S^zn(Ha!g)hhvBI{ra9j{{Vb9r%zFK>zP9RZJN6jP@}y@1}&Xn9A?@y2U zwp3Ly##*JQm2ZTDPFaxrJV2l{1TZ4MyRKyvbqY2PD?)apR2y{v0Av2k9*#>mAPy}- zLten|;nyAC3Z|2VqmoA>b1xD907q&u`a^O{w*LT^mmhK{!RIobEDybNj_USbS9G;^ z7TG2dfOY`_!i~SvCPn<-uO^>*OVQGJT}uKh#t;bHQ+Gny1xt65 zC!ODb2o(Vvd|aX@=D%wN@+SFiD6PSXbFh^TqF zKmau{t8VOGHjnv#$;~O6X*o1vK5`Q)i4?OlnA4395x1(`y+!_BUuCglsb3Tk6Br*1 zvN1xa%%BpNmt@^$Mc01Vq-^7ia3-iDmio~p=C-1tGWkt{(KV3 zVP8ol<1z(zo9q&&km3}5mg24IC&l|5pZ2hP5!+hE;yAditZfPt&=sVHAS%VVJhLFD z*j|6jm2eHkBV@{j9`*FQmG0keGn|)ghMNc?j6^`nWFJ z?%Y}#8ISoHInu~Fyi91s!nJTQ(hpGw@eZR91i^tk3ov&&B?R> z)AdeP``4#zzL~RT#H1#qg;P;Vlk86W9Bc8V0ix8Myh*9Rk@}>tdNKHzF(3`8(Ek8t zK1p~44e@eu8jefdi17Ji43i?UZ?qw13&>Y)gP`}{?BY?%1d~^Fw$I&y_Wk+px_Lb!jZ6_-y{ zETA#w+x9AYZThe-o9fSO$sngHqbl_QjDxLwP61hD=N)8bja`T>LR>p?UY;f%G_Tpl z3%EG7t=ojOod8Aym{y_|V@e9FrI}mo{_VM9b6G`d7Un5LW>B1@2)vQp{0zho-XB(o zRk(i7?BTAE&;FMqb3E=hs+A#C5Dkgkd_(BzCWHGf|Mp{{RJfdSXE#Q?)+I;Mp9FQUz1+JWRljn*ob+ zeoOHH)dPqX6eTOZ-Z;qLi^J2PA7rT&Xovi5{(NzXaK;r17l=jpd2y%15vPdzXZ{!Y zvHavL6xZ$b6hCHSzwsQX$Q%``T1G3xj_u+8Ym7r35UHtRyuKn2_bf+WmO7GANveU< zq5lANd;8{$m657`62zT=8zT3`u!8>JBxG__OZ&vlvPR|AeB9f^}^J#xVa9e z?9ysW-j)98zsdVq&Mq{>lk3LWicbvBHM<9DIu|7)Wn#!U%EcGp;>#NH_+)$!@v(Hd zQ*Ci>C0NkWgP7GCGObd=891VEB#NAV(|@|9nq#cGmDFoa7cfHcbo(B$h#k9exJ(gZ zf84gG7sc_S%@qw#?|pabf657kK5mWP9ZW_D4j^C~r3hk3KRFO&356}BjI9~fm22IY zd_OOX1jFgc43ety9}1}KLcEV(_C`!r+k}@&@~W~^(LF^rKs-NXSN;nH!vT$Kq>th& z8AvweSqCZxBf0dIRDU~Sv%e-b@~SYe2WM09s(=@bb}Xh!ALfc~T)%ghGFQ`h{YJJ? z{*7{`lf@Y&nkOfky1`Q)#y@xad_LYLuRM1gxPny~s(^FiR5yQ*it$g5JBN$n#qRGp zOESpSF4cJ4fXYh{Y4BVxFO9w~e+z$il#Gm#M;gL8JZ0kMi_EdA(|!s>L6m;)>_7AI z#bYldK*XxGPEjmHIH@8vIf}MIk9Fd^1ESLjKhSE4NRM zFY@^PjMiUQ_(K*%1XV)r!9_y1UNrrt`#h76?BL07ZZ09KvdEC1P2-rQRT%o7m=xqz zf+udXy*_pp-{vX=GFqxy_6qJpY7gESL z7A)SM15U%%mOcLf$-|ooaD$78WElr1Ew%Hx?BbcBTMD2&pdy$tjpXq8`w?EcUCxHc)FxMIIo z21YU?RDft}@K(G^GW>rR?6>(?0_8}BrT{PRVI1nevN`WUe${ZUNt!=dl^S14Bxxwh z2f*_Jci-f+_@DigVn#no@*rKL7Lo(EQ!Fw70q^mm$&#ZDbnvnO@*?qI)uH0FAdS1> zev+|7iy2}A7{Ml#tz6e~Y4&iAEA$SKx#H1;Aeyl0HFx>o)U=LkAhVMZAsRh`lCMQA zx$YbO2Op^@xL7QMvQ)<9l~j?z(UhIKa*K`()1;ZuRH@*I$h#824kM5$w^ZrzU<>lm zUd9OE&opX^JYs2E`Bu9Tis}rHsntLX=GB;u!T$hA1QXK@tdA?UNfljYk>j_ec+f3m z3~Ro}Z}xcmc1FCjZbXP|st0!FRYCs%g~7xrlC%{pz4kkxtp|oCj(EnQR46g=0sC@? zzdRK4?-%PuG^}{U^Ru;EJ0=%xz&+Nxi zd^+IR=4N#~squkMYIYN{cz)0y@vb`DxQP_MGEq0%dh-5JkUu%v%`T%l0Y&=kXQ}%# zTf$j}$EO)ZGnk9X-s12?)G5qK9KfnYEOCe9%9SxVj&2Y9%FXt8;#Tvu<=Wp}AU1{K zf;dst*~DMGW6(FJByLY1^8WyzB^olK-bC?Ar_!*IBiyevfnjwZ9k+XSWza9!2K3urB9v^0Jgfy2@#d9EW z#FEc1rB{twri~H!e%%TdU*4}4{_~Cu^&{h3gpbo^XO=<1RPi4b8;OEWRO9>9icU}P z{j8|sc~{a3tgTdJB1$m|Re|911}EY`%DkK70R*FeS!ax)X+^fM> zoVfo0!u^ptEGvCD5wPSd9E{%)RgaKX=E9$5QOB3r!>PQrs7&6FNK(=^1B*sjaQj~p zbEJ|p4y3R8+?R$5T>{R^+G#Bi-ru+;Fx+_aH2Y6SYDTs6`2Cgmf7XZU-nq4vriiV? z3=EPmWsz0cwr6AUF&%y;^#1_LkuVUMhz~OtF$nm_xI6;|pd|b?W%$0*{8RqMD=6b{ z^;&6Gt#@p@9<5FHzD_8Z{5Y=>Gthhm#bClyKXt$3hm4S7jVNG6yQrXulu(EJg&H2+Oks zMz~O_gJL)UNv|d?U*`V+o3J*qaKgpuR1WCejcBSZ!88Of^VbUfSGTsgQlvG*L}U)Y zA>%u8JwDA7eeqdbT(O=$K9@2W)8deT;DB~K70b6iJej}AUx@l?V2a3@2vCSiKOKct zx8zsH2w=Q1-9qyaKX?lks60WG^aj7~#KvkGZM-r<@$RzlR#jTiac#%iCcN-1l(Imp z7;@3btNWu`h9Uv5uFdga)|6dbGc2-kj1S(%1tJ-E(gr<-oNVM#jV4HGXi)S zq>9}^q2wI2howz8aO%8&*tG3>$tq7t0`Tb+A zF=_;0mLvB-Y@}AN`u_lH{udEJ7>kn*pb!dxO)W_6?f(EY;&A+NNyRo46$PjPv|hCP zKg<6BH)DZu8*D%-)gh}-^kpD{PZ74*F5QcA1lQseC#?#DklVQfUfU%=VRbWAhhwQv z)7#<0T`|Hf%>k#^Bn`kLdU&SCtJ{ulhsyc;am60+1@jV+u~kXyjqk z?U4TfIvGvUGI8fTdVGV%uO!y5(C@VAoWoTxORGGE9!bnX<`Cq^3@OdwGO-`-?}9EL z@v3^5Q>j`@1hW|K6f{j7{-UoT$~6bpkt%p|WhPDAhYwMH)SM-rUvV30m58h?Wjz53 ztt_lpYX1Pb!NZ6aW39))nyh9esoW5eThsm>jsw&wc5a$MK`n&y3VzcCS!v)a`_8!t zcm>U%-H@n5QQf2~$xpW1;&MeBPVvxewix1Am2#yxaZ_aFfk(tbVXbBaTLi zU80qZB}J86;ip3o`#g9zITO>!%q|hpr~~m1Tzr0SmpP%Hy3=Ph~9=spT3^ zKL({f6iFy(enTX-z=U18^*dLf`Cy7=(<`NXb8%k`|JLOlV96ki{bk#gjyx2OK9VkGSVWo#LPhw8SWpMYEi0wHCF!sDmKH?@^d1D zb0?=N3P=ZUo**P?Kx0(na3cUzhT=s}#79HPH~#=D3Ux>2Vab_`fTfQ?UqwR?wBNLw zVO^33xme_pix^~^iv6x}Ixrpw`^9Ge04;tTGSv)gE}f^sp;2d%D^4Xrb~gD>+Ml60BqT!3R$U?ibCd`5^R`q168>J@epVY zXn3flDV+LALDvansax3)b?EoERQy*Y+DivnKpfZWQi4II>R|_=9qa!91B28ztfYZn zOI`QgX%Dy08S!yY#O$a(6IDOBdi5C>^R!P(cLt%XsnGqXWLHvY)8lo{VRiL8&1BnM zTD#oDS`>}8L2PGv8h?jota8T7%abeme0aVTq);Nr@pBQA=*<}vXrglLjsqDv2Iclw z_dbhB7Y3J(AL+M|T&9z8A_&a0EN-h_3T`P7;ZjIOS&MFP^`zmcLn$NS;&vO=qhw9e`6fX zBbrouAz$gU}si_SY8no4>eCwWVe0G9*W7$ zTaT!}>+nC9K(VpCl6d7}_Z)zfu=o;;#PT#Qcr$&!v4V6HYPv1F-jb6XbcxAUAkZrS zXf~?<0G0m$5Xje>rkP?%3l*N_o-wdIl#VVLkJ;Jl$x8nKt^0WvQc^PL6u-j4Fu_o@ zDjAJ;AIttr`o9nExP?w~${et7kC<`??;IMIF`l~;7Bl-CV{f;HdR$S+;1%XV`mVy8 z839vK)O<4|ZwKt&LpJ9l7avHHKA_X*Nc-=?dMJfJQ*}&gi(`NnBUBqRT3V~#jYHm98%5~sm;u1Cr6@K7rLr#_d0F7|FR=1Ag2(4sb>dpyT zFZU{WI{an-0K5Q2{?7`LWQu8Kyx`LrTHU1s?Qvyy>`xObO3Pp7PE^=;e~T(; zE@ioyNIXP@14FeZMC0RDJCatgw~5$r}K6`4elN~6Ie#7Qc(1r!dVzqP(C2Q-yXr2#1- zuu)op#PnKkL4^9M2=5_qNRylesy~&Of<6`QGW^0)*I%)?kkJujd4aFQkrtFKO(|B5 zaMsRWM)%_kY68+_9$y0RYY6v?|eE$H4+Q~+Uv3e(;5KYX)D|MiFdT-;$ z{uc}(;$2S^2B_7q{983KFbxyoMJLnPH~hOjY5sp_3H;$~^4VKBJUGKVECHw>#FKz` zAGL3sk5`V`=Uaj&iKG%d!58d+Aqf+5dWQPASh-35S09H9^l9~wC-dDoqhhxIKW9Wx%AOb2Kb~!9-$1b-J9*Y(UB|t=kMbErNHr*jzIA#0To>t z44WzvDy2A*rNKbVzX$IX{vIuYR%1dy4mJx?s94Y^5CU?3L+mdPiCgSpj+*@93+b^` z0K^W;Nd>A<5-Y$Xe=qL;0Grm}W2A6_i_FENnF7l%!am3*IT?tk=-=!e{vY>i%Wliv zSduM;%zYhLlFHzK6d)Bf=_env_Bct)1Zjfc>G6xDi3r&tMPL;bXra09$-mUdH=VT@ z4f>PN`$1KkoqpF9!$=_GZFg`Qk0rayz|iqERsz4ZL@1*L+`^Hy#DB8P z1ppw_+${&tFm8&jvPvV|OfF#y*oh(vYxFx)IyQ|kmrXY{qM1_Wm7xtR={O$W-VB_^ zflwz>t=DtV;EtI@5B9R@w}x%A|IqbLYK+-Oz-Fy_e6o+fOl*t*r9iKbz9;H~(Z_n4 zjAY9Uql~DIKbAln>E5_UdnS?VvPo+TAB9_PCAo1y(R>>KTuW&Qw~X7Hc!*gKrzDE1 z3n(<=-v`?LoNl9WZe}qott1O1Vm?e*mXwunS-GFHz6I76XtcCsm`4gyL=PEvsG&a> zs5^g=iY?vLQvlY!uNCG5b4JWXOY&g+IPJ&w{{Y}|_OBshc`Q;#EHE%ALjojbhBc5dJvSVaZ}PCJ2vJfwg+Yj+9y58Cx&SNK>Gq)Q{i{#0%8`f5y30Tlm@AaX*qws`20&J(>2QtRovT4Spvf-Ne2e>{g2xFSX-_XS)di(SBVH(R9Bg;Mpu}4omL(}DI9YZ0QQjhsakOa{?-qISNiE;G=!cY{6(Yb{{S^&b4e(; zVK4?D^ofrR_}7Y+Abdzq8uI<0^1c<74CKZcAh%81(f|TvYOp&19ov1soB6OxmK=8D zx(Wk82Pfz}f8tq{YY?jz6sfH@9+4aW0A@Ce>7v({?^uFI`EB9h(-BpSiiKLY8n9vq z`^-m&hr|B>4Ud7PTZLBHT7(io19cRpK{Yf$2Sk(Al0|ZJ0eX;}|IdhRij2*Qtu)hI|IcOu=o)K{m){{S}NEp20K7)yLg zlg3CR;Q^s!YVjY+`Nn+11d}?(*B*=886%Le<|K@jc_V$*xV(UKDT{{ZKzpZcvHKpM_7s9%bFZ*?-D6{i^{ zm`C>^TrWsgJ6o0{vzj`CxTA=Cd__77JcEHJUfyzpO?h&~z#4s!r7mTvFAfR7a2yfbSU)jMaBu-W&flRzr40h_W5*J_{ zqE+X#Ul*tU02v#f?Td+{74-yQsp1qmnHaqT7AgwFSaRaNm)XWoavCxnOlv1V%3Ff< z4M*9Cr5BGckAicLm&GCS-l2UCk8d>V^@N;B6w%0P$ni{6@*<)|_*RYo09`Sq#<6tn zmhhy^>${Z-QZ+rh-`ZFC-EPIP~~q zUYmIETrj>eJO#nx(ukNS_mUP=STm8+jNI+XKQ37^(B)OL)vU-0 z)^{ykwh=_dlDkl!MHf0WK=1^b)YorwTvUH%YItSP4BSS4|IzhM`9n1`S8Db4#za-3 zRtBMmAZuNle06(Qt_PL4Os8%%;y3Bk{pN!Kv&kp-6k@}XTGgrm+h!O7;_ChuYk?v> z06MfYD2_$rN^oQ8tEr)Hh_CwXk?ZTQ?vKU&B7vl3VG@BDEVLgVK0HHm<;UXqa~r0f z(m0eS7Ko*J(1KJNQ1#hs*8@!I!3;$jHuWZ zD!(!#Dq0l*xSAe3hx~1fTiFCKU4XkUxhgF_;K+^&P9z> zRj%WTm8l^TZvG#)3pk|IHM>J*!(^+W7vVEx~jwhG) zx&GD$mtC@+zh4anvE7+cl1hHla6nsvm-{^1{I_Wxzjm&jt64*KW;%1-T+Bg&R=K$* zJ*o>W#81ih{_+C6e`PpegK@0dY5`(Lfn$mvHLQywbrdM%<4U z^q4r@x9ux#1_kpdf6_7)sDIt8Rqhykh8?^p6iXC*!J~8K@e|0SuHgR8H7Aqw%nr<^ ze?mye8vwy&s5JeW(+%XeVq!9pEXws?hk7^yfakZl@d{h!e zdKnEWF{%KF5P^tVfNHz?J~Z3;a>yb@0Dz&6{JdJU{BZ&gqf*4xL192^`-dOfkF$e= zC&RkY3jxGX5nlAj2CBZQxFomku1X#DJwW^0B^nTstzxQ)SW4%U5-7Z&H63~ni~VK8 z2vxWvqNom$(DLa)Cc>4k5`W>c)1L(_elLWY5Y#_cHLs5Q;2nSC(t-YanBMwAr z3nN1uwIi1%tz;`ItMcOU;g^@-Nc1^l5;Lr+73EwGXbO%=P)$@rXur+&{{YI#Fkv^B zD&1bkk*|-SNa_Avy5iTaeGE;RrXc>``!J(kH0xJz5E6Ht$OPo=X@%@aF*-VvF|zG^}bJ zE(lRtKQ4d;LX3Xjz@PD=a>;QNO$(Ov*O4MFY#H{bV$uMAXOSXL<>mHpY!l2lK^XMX zp$nP-DZaqgA-U*{#s1S^ojMrq_@MO#wZtt zjodnx6GWmo>af-p@DWLVXAC;ilTo%rAtv9gm` zx{_r{n#}!OWMRmD`Ix&a9=v!j2K}FpEZ)ZmRP^~tbswbaSkQW~lBS21IL7>G_P!-w z^+$Se-TL#aj-i#5C_GY0i}PB8@h1cOzfn&mfRnSQdAW| zI+|B?l6F)3Kj_KF482t?1Hi#<3@oL9W+5IDSoCB4>~UfH2_lHhJ_bOe0|LYdYl7psBi72ZJm1nPSQy*YSmVzw8QzN;-n!cW{{%sttyREKsfwV zR-yiER?$AFOAx659Ek(~ekzW?WocIXU+&NHR}+E}7M>NA7Dq;RP`wF>fTvE1p?)Fu zR|YyMEFA#_xenDMi3hiFnN-k{-A|20IW<0-b;P7s5Y)LfMkr}ry()ga@yuCnK_CK2 z6`>UcfcsTAlLlD6$o<&(fIMgfE!gzM03zU4v@8G>*nC5Mvz%Vcpj?tkBhvr^HWElj z{A-fGEm5?~S7Sn0l^sXgi)#HCVi7$kk0v!($2u)d5&qRWb`?f$hpdV){?#T-_=Jc8;sDJ4cX@4n-jjz6$kRRMQ`j4 z(T?UjIYq>DmE?IM|SeH`%%1gi?S@B$0^3ioqH%tn4?~e|N`-`wtVUD*o+P3^dC) zj45$B^&Lxa6d@z^0R=!cHC}vQm&NgZ%KR8HF28aeXpo|Wms665-vPLGXc2xR(TNh-0pB;jilqq z6;nL&DcqU~hSd5yYp3W@2WFE?y^l>UdYA~31uT3WWVL+h z+Io>`3bCn-GJn9D55Qo-jt75i-F{~_{{H}efB)0lH(=^#c42$PKWFSip?TZ#T(R)lZ%c(w(+oo=rb z$gKsuJF%eno%t1z(0!B$ixU3;GAxbpal?UfUg4%JRx+|&x)uZCHH>lP{zx*9=HkEQ zVm^ymSl@(l9_r<0G_50%m1;o$0Dba^O5f|g8QaVCdFTn*Vw9^MTU-_lv=mw=q^tI@ zN1C;Fx6`X{QzWyb1;GWCWK>>DQou0h@VD%Jyx_N*x;5n2CZ3JO(UJ!vm=Q1T-arq< z#aEI+{{R^#{jaiN7NYUlhhro&7+Ps$1%#;q0mAyDiz7O+^H{jMGyG1U2c$v3M}APi z$Wo5V02CwQ-~d`GgR$a_@B2S*Cpr?p1eZ|?(lZBWLwc1YZB_*HWvAKuDBlO{{4%&? zhDBCU#hB3)^(1dk$Np);O>0<7IodUo)RHqp3J^)97^(YQXb&d;0GqI0k>)QkExgml zVuIpYMP+DMapy{a+3Hv$ukF0NXy8uspJnjR=;Tv*yQ|w$^QT?FkQf8^u&nnk)tqDRtp#Xy@8Oi@ zN~s7Mg_fL((P~t7HK-WZsG5vOsj3jirzM~x5twp`gE?SS)wunt#Qxvs_Hk7S^?+7^ zjG!#<=2Ik47y{N2i2K{@!bZ5-gzC`P8Dn3Ij!OKt3AGDS5oekqFW#oEP{{Y9w#e|AgHE3o~0F=nXiP#6WNh$vT4%mdj z$zdlFj>xPwHT}RHz4;6n?H{eeVoJ2(*zM5DWMk9$Mj@mX`mDjJREdKVwPd*wt5p2= z!xk~z!E7Wy2=w`$n=Ih9ev08`yh^dghjZ$!SZ-)|wP=6Id=#=w)2cNdG+5#lqVkff z$(NNnKknGK?ePBqi!(J8dRL6Hv!AQi_%f%ZmfDw-1S<{e}INPlFb*)~B$( zXF$&c$<9k)$Av=;&^GJIPX7RF_n+(Jp6gbEA5!`@s7q-a1{6F()`T}kSw0R2_Majv zDx)ZBmq=rVSEWxcw%AfPo3Q4&#A(xM*B`vIN z)QUSTLrUyE&n4r;{e}MkE0$EKOlodIy~Moa^od}IR;(O@LnMl+!{ZCVn=0AbS!04X zq?5NLaj=ROa3heOpSwnGKkvq0^_fj=CxFQDMOekUHz>&)w3U&JgZ3F+Re1jZC;1-^ zX&0TJuIxfOufQwJ$?&*V@r*f!tAitPB#c?A`+&WGj!Jwr?YB$~=Cz*p%9rBUgLeh2 zlSUf75DmAWuJv5w@M&-*)DTF+ls3Vq979Htx7lW9s)H>{vo|gB2P_O%S$1b;{C7qsfrF~aup_Rh=l-_NLV$v~X+>f%2BY!JO z*(lOrmPd|efz}kLStJ}CjVjef`1t#`AM#Vv{_suvYLQ>E!8=B!LPCkfN#>o~?R-pF z^bCMhZxy53MgZe9g$qjc*feMxzb9I=w=cED@=4|ETdR3JFw!Kj#%AQ4 z9YZGUlyFH>wPY*)?)!Yvv!hTov@7Z?(NZ_&tkfln$Oxr&-wQPo(O#=YXtBZZd;B)w zAA~P%SZeha_QcS)s0@Je`$2dSS{l=fWkOz7)8r+C3DMf6zn{Hn-wj+Z?(CI>VLmre zRUVfjM)m0-S~vMD{{YR&b;A*Csc|nic!EvA326;a*;Eb3mj3|rRu1)$NhD0vlp2cE z0(b&=efXP3-iIJqmyMWxory)KUzhyVnm}4dsiKtvq$!{tuKxgc`TeYN8qPtgl21WO z(U|Y!i~xw$SRi=HEm&7-sUTFJ*Y>fm&0?WEP=KR}2EV&%@iebov?N@{#O%(b4mIjV zb1^TaBS}z6Hc9@(`ul!4Hqb}=kL^O&KtF|L6s3D$>2@qhV8A^n0Xurs{4(79P7h%x z!bL%%Am4v{a|7yfBvi-}hp!fuLEQUxrgASaK-Sttn#&n=hA3o{a(~_!otS|^-;kz5 zuI}zFwCGUsnn~+C@>_s-%{Rdka@{#bvHEelH~XvnzG|+AZf!Noh=7U~iGC}1Paq0b z;vfJEPl^c%r!VhgUTu>77`cxAAx8ABSR;EZ97f;qk|o99Cxr0>MKau~9|is6FZ`L0 zBHmz9Z*+Nq2pU+U_N>ph&-ZGX8<}02$=G}>ZP}HbMfAE+^D3v!@R;P$WjI8XSKVm8Q&ZzOd;=?xl=)hHRM{>Rh9A5EjRksN{Xw-%tH z{`3L~{{Ur)qR#}d!EG0HmFCs_88`B}EdU6i(I)BeNy+-?doK4KJAh>xAATAim zTBRL`c{vYfX4~v6-{kSlaIbYDt8?TWqM!gUV#11dAMVm*`&@XZ+2MrKlSGzSz)mW~ z(xgV;12q<-;H1A2{{Sy9=WG=Eho@yKNTbq}$Lb|_iO`-v8k(bUbm{*92EQ@~KAYyLr8GFI)54ZpTH zHeVs(pa0eMIq6*4yX7AazCH1Po=v{h`}P={vWI3gs;v)Bm9Ox^y>jjtV7Itpei=+_ zBCj&6(X|g69<-p}?Qza&e;krZuOO1qEzR7K*|`AxEyJ9o3N(c_z%L@Mx9WuCX1j)8 zhK7KoP_PH>arjsM39$q%>&I?s@VIH*ZL@qJtq1|yIQVt=V~xHaiykE>)I-2a8k=ON z#1n}4fjd`{`iQ^kM}_7@S1g>SE{I8#kYtPD2;?5_PsE?J-{h-tS~4KD9GjCj?%kBr z;V!fk>M0lqi-MxLiW_K326K*V#F-FYZ9avj|Puk8Fu{owm8>Hfnu zaoelOAi9jk^o3-1EQEtBiqta#HwZ}dpdkDaMeuQx;=|ddn)gMP;I|7H5guoLDHsk| z#}dW}NhG3{^ovItD*n`*eQ@yUdh|D3Zeszh8460IlD?s?{8nkBSFX<=q@Qc!_;Pg; z0TfCH!5G|%5O&|NuZ9>K`iv-{MZ9X z)?$Whe^z!ETSy~`BzImcO-PJC9$kt50Ajh(w412!H1l%>qgz`^Cku3LYs3S(r8y5s zI*}Rpf0aHQW}yH#L0UhFqN8qGehO$$`yH@U@~nZ08-lMxwHuU&`M1lrlp|PhC=}c* zdjNJ4vGFw6VY)T^sP80Z1U#97y$W z)IT4wi!^?;#Fk*LL-3*M6)1Y_MQiqPpen|wC{GChJVJ^&Q$iQv`?CHzmg0zNPsC_C zOYFm`_`lg=g}-=6BjF~DTc+>SQ02%8m;qELdiAIUdmf${nfW5q;vtk(l>MSQkH75< zOnQcB`2YZ!H>vR(S2>TT>J=5*mh$(lQaRXuE0aA8q?$A=RB|mj_=ifl!&wuO?21Se z8dj7fxUWz0zAyE&Ps}?IC?22?cleBAwEqBt#HE{vX&OR8xo~)j1r8pYb`<+r0`o0dpe`!=d1^)n9{ttsD8Z#KLwFnzw5Vt*go=jvr z{{S(G@I|31HOfg!LpmDxgB(21{GP%OGu!$}rqCK&Ud70G(ft)4LZxtmi&&-RFeyUHva%992-2brk-5x78H|hjafZM>;C{4>4;lP z7;so}^xiUQLP3#MI{iGEuw0X$sm`_doGFcHKWxN*;!TUBk3H1NC80yjk1guXXh-e* zDzUf2@&4L!^tiGU&Ptauu#pF-$Rh%UzR@JD6PMfL`(NF9UYlWL_d-G=1?0D!lzXL9 z$nXV9MjE>wAT4=2N&Cq@EEtnUAdpK#0VwYhFTzpDGBN{N@*&rU?5_-7+Ie0h9F1GF zMp>MlnnV&IKkBKDNq^Pjjg{a&p<3=4qfUmLSO8D+Fj#qit%2^E2{-`16tXGwR1Pf~ zvq;Pe^lwRcP-BPIS$i&0zb z{8)3RPb8AZAyP|7(JC5Hw1iJWPh-ozANerMmU=u~fahYiw*_|$$d3@Ou;7`}w0A9U z8&r`bFugj_g7IO~*>K1le=2q9mJj<`eEqZk*7Y?${B?T_X~vOJzxmUAZom%YP-14a zCbh1_cu-*no8=K{aLAzmTc}F%r44HzfAz8fs$X!@uC4_h^VIa!d`!_X_v^szg*R{_ z&pNpbE#gA%p}Dev%Ef8WntF@=R~!b$LvG?w5^Dj-6i~(1jKR>meZPy4W^eVr9$bOJ zH1{j@GbLu6lk3I;nndQMOE(o}lVyrevfTdH3>^OeS*Tgvzz)DlQ3s~s$^aC8$HdYP z^8WzU$6ZnsbLtr!{AbjY;Ux=6_Ehov3-ImxAL`}2lSdq}7>br#i-Zi@pq2?{3%}W* z2xjp0fwVw!c_yZ|gcF+D&~2lsI-C#Sr8zu9GZqfLh9 z>N}`V#!}KtW_CL>g3==bNL1owU5k86&A!TK9`gmH-=t*;&7y@z6=mYciothY-y4o! z%Fl+jT3TwFJXWbVvcI$fSdve&T^>S1(xpcxZ%qFHkgNUYsgp}sl4vcSRcU2}af()m zqm#NbFEETb9ml}G>R{Pm5kvr1L8-ox@cb_KC0Yz}j%rrnyNYhD*pu=JyfW$t|D&7C_RvtZ7a>*1W&jd`R6& z)~#m;?`i1q3Y8=F!gBjx@VFY~q>}wjOAaE6cBwxF2JOBna|-&25eJ)kZBU^6De5t) z;o+A7WflgF8E2$K0^EKH2-}Zu^&1RgGEC~R$iO2q!6LC7f{-MWku@p^6y`W``yAJc zV7NjBMvkU2!1HQ@_O~T~+|-_5@Hv#q#v*p8LQgKg6jkZ;{{Wk16DPn+5J(-tp&>uF z8qTU124KJwQlyf2$^5@B^W~3}f_S&Z&6q7gr9pc1_RNhNOk@M8txZL06n_l3+1U+h z0+nEP>;WTesQxL@!74ea+<J!-6KBLwy599Fl#cn(2Tc#}Vo&D@~r2ALPlC4JNW`w+h6OHKarX-j1l% z{{UriE(reskNMc0rGg25kwD}A25cwur^lrdPwxb<$lo&}NB;mC$%HpiM1f0kU!Z`P83d_rNzp%SW5QnyVqj#b*Ic?)H3Mqv@Pme#uxpPn1}Jok`l`#k$g;G zVUqppsQ#zuAq{sUE|MVm1(jf-~?`U0^S z!6B>HlgB6f3>#%Kl34=!g0n{-Q~S0AsG!&p97vz>mGMhK#z{n^GVw@R_W*#btZUY? zB1p&mY<#Sd7ikA6lq-ch)}xhA(y=B7gNn;&{D-CzL}slyNh;7b-8N#_I@VCqnE@mz zKnU$k3bdLyH7JQ4THOUaX5!pg$lX*D383jiUB8jF3vcTmn-u=6Kxs|rx;bL3Ahde#C zx_KlpNNW_*26b+P#wfdV+!K+_e?`--t^~2hi^>)xD)CB4v>cUq&=mVhjlrY%c>FQ? zQAF~`sLXWs`qr6fN1$e6E)*Em)WF2DdQ3mMfA^tcb~ zG+l$RZ{{Csd_0?pP}D5U03`GtgUs*U#p=3V`>QtNKFGbBT6eDi<10b@cAjRyA#<#H2@Q;NKI7k@&}>YuiEeb z01cahw5iZgsu~45`igpt)B0}8Ndd$`Q2ad|iS6OXE-;c$WU;A~hL9MP(9_c?y9#ky zveuvK;hYx=Rfnjo+<(1Yfh$lzp->}Vu^n6DZ`=DkpBY(#Ax>cmuc!MeSNy7dr62G= z%DC%Ul3Bz|>olO5-G_`DE9bR57sk8Sz}OCryvO8-9QLBei)=uFR2I$ z{{Ryp28?=JFf}P8GlIVl!iE$Fr}<5U^GK3UAw$JNL%-nDnPbt}KYswIo#wBg=6iDqCQRLU90=cXT{Q`q;J9 z^F&@-%Ec?Px1^@6Ux|xI!=*k7ZvOylqVqxRT^9Ebdx z_!qi?;;^%bkU4sY%r~bg6~lXREQkG$7D5^#VprhEw2DE!Bx3M_3Mw+1|7Q6qLfi{W2e)-~YKM^*wz%7RTwt46*(c;cadcWw^UkBw>6IX{UQjk`xB)I5}NVJ{~i@nmR4 zKjFG%-XKf)CPgjk$i`9yMOLg(5As?iKkG?`R!&$XPU+}ev>~Naw=kt*l{Tl@c1b_W zRsEci=@K*=Ya_R*bz-x!Q>jH`I{Av#BeL|!D2Z_T> zaK{X~=l{_4KkLe=%C7lD)21Tf_)?sODNg?YeQ_zA4s2=+YUF#-L9blrK5w}7E@d(D zEpC97EJ{&=F>bBfm-6IB?&Lg^F)Ry1bvqDfNVq7f-Cu8Y2CmFBWfTn1+29Ej8a zP$)|O0IVDS8wf5$q1wh`R^l!{Q+8t9$Yozxlf)ilkFKNaw>SN`u)@yfTZUJaM6)9h zk;sGhWw@XO0)97;HvaiJK1h)g`=SBKLNBr<~&wHcj=RoK&)8vIR6eW%(El`&f& zSjp(lpsbEoyYZ$ac?kxBi9E5eVw(WW4=R1?D~67XEN<$x7ZEdYsizqbIU5=e+5Z5B z!8X#yWN@Ddl}mN4SkMpnF1WGO6kA6#y#VyygwwxD{{WOQi&?#}XfI>AyfIt)AWg$! z$f#9^%&A{r_9nDYT?(|%tU?Ee5JEw5frrCnJ=s#-m)x8;7T8%qm47#bGz%)Xf0 z{Hz_N{)wLDtZ%gdWRY1Tv0hNEzyJ;r%vO)Ho>9f=y06>#KGe$E?Cg#Tjiik}KeBy7 zfDRyj%`sm~;S~5tbz}C8c$mlo_kP(|B&t?sJFmnSop|sxpxckcf0qhok*qZ4l6D}) zD*a)RLmmZFa2SgHt?P(?iF7xM(Te`#({o_}7EUOB&%%novo9RDJkO>) ztvI@wEzqiZ5kRU}n#RFPGe5$4@}qr~Xs~6En{>hHMkjAjAu>o{EmvA?{ov%qnZ7^T z!0+d4Na9&V#ltr~GKg*BP)DF7B|SqY*;HOX%+c`uzlDd+R?$r8w|CBnOmMSBYNUwh z57~`-H`;I7^#1^#;SD#QY@SKdOT9>h1$o9T&;o7VMm&8Xy0@#hK0n?5&)KH)ot&&g zMSWQ0F_l^9eM45DDhI+3O8)>N{{S;(C!FnlH)OWC3C=Q#Ze}Ecp_CELdV3#>haZa) zUpU)bD#-8c3QFdiWS!Gt4TnG3$@e?qiss2*9 zwvnjm(CFggOGXa-8=RKwbgEep$h?SePB_OC_CJ}v&I_Me)5(<*-qJ~8Jdm!RRy76H zb~`UPrE)m`0CU1GhvW4V8l{@a$}g!$>8cvZr_-E`_IUyRRF1MQ!oRcdBuj(Gnc=n6 zoo^Z|xB*zLSL&Xbsy7B=)cBi>s_i8g?5gnOoblJXg{G-4rF(17(R&D$k(4h5Ln$?0 zM}8Ck0H4F0vh+@xjr3luh|)}0q+&%iDqDeKczkW@x5B(4Pf}SV<;62H+TU7wYMzDU z5rcHJVC5*rX%M|XWbq6A;`3kivR9`}>#6DQDB1avDbb8_PvAUb!waZhJNp^~&XPi> z{G?EdKj4-#fc(>M>)6QxZj#3|OHRsTEbbY^G&0ErwK9~htEJeoC@Hd9I#S3B4IuZJm0 zdP>7}MjoGfs?xtesl;Oa-POL_iIzWcLX!j2++uPWBv^e-ox=$lv@`~<{>qJ9Gq
S|mPJD$a6EWNaP5Ngx^MVO)ZV+-0^+@1nVgmDWLlpZzVOx{( z$n2JqqFuo;Qz2;VjXocNA|=M(@oUOAz#mt)Bp@*lksvDWvzIgC0Um=(8+Bq64}41=*tu~%qV1Vfkf(mWtDy%$Ha;LrV4>$ zV;P2Zd!<)JlntX)Qdv|T*X;NBvp}#zdFX=Zu1QpF+A{K2dTvj{_D93^RkKGU3-k?A zBXj-lKo`~J@elz3hUNZOEE?BP+sAGf_m2~Cltoq{coEQY+M<{eJBd;#VtGs#P$IR= zAS=j-wB%%eiYWJ9<)8jB{j4R`JkJ_J$!8BK7nm$d8ifL(6~}t<{!UB#&sY1riQIaQ zWH*w$lgP*G56HJVI7$|#=nWMU_P*XP<&AZ%btae9F-aqtA(M9a*!_Y9PZ=vmCztbn z&&AlhzvfFlR?tX~@ehVXKWSJB5Y_%)1OEUTONO&e6cDqqs?-JXH8iIE`t|<+s+dir zYGXC;AyZ0fPi9JFZU3OKBrkA_5$DSzf)fqoemB^G+! z#jL4o45ld_LmH&Po&vlW6KbJSmiUY zefgtAQ-EcTf{pthwf;^vJL|z~)*xgGYGaK3l}SpGPK3kzT(BgUb4?4fsvc4XP-2Yz znCId;eUo2}e{c4%Wa~0qT}~5=eP$5t8XzCMjTF!Y+PKIsZe*FHk@*AZ7AmR@UJzYL zQC-x3vBq0nTtWP zysuVx?Tx%MJZU7hNKsgXB0+B%sO}0#>$v+k*JVvQB@}k%I z@Yzkn+@!v=gPh8e9&8xU$f;A@gkCj2vw_5yD>#HmNH)`nM)V>e9PPi__&Fc)f0qYn ztddJ8ZT)*Ehy%D4OJ&<{2Ad&znxfn#&BCby)*!>XO*D?cZZ||!X&E_uUYdMA1_abv z!d*5;cSgE~UrK4?kUYZPR{FRc#X7{T#zs%&cK%$DSjeLDOp)59ri{o*uG0_=O=-)~ zh~d_x{+yN*aI2*34GFJ5L8Ki&;>&(G%~B6iNaC-;(ukDz3g5X0{sL4#>~a~V%)-vu zm4A4U#^hIJ5ii5ryDWe3*o@JvYdldcB7u>Rb^Bs9J|D=~-A)F#hVZJ?i@A0KemqN4 zZx(Zb=eH>w>^EX%T8i{o8a@92*to~s$HF-7lz{2z#0aS3?y?bVnqf18KIziSx< z)ORyPlOoAH3sEGGAq7~~5UM9WK>Q_v`(JHVTtiZKieqq8B9h*UFT?`|{o+)AI9?3Q zsQ&=8{{YR8Ns@RWn3@NXM9OM5D$6PB*=7s=#{)2RlVu00ovOTp1H_*XRKv^sl;ies z8%djyEQiyMHIT0Cp<#M}I&@P7aPb1gW?F@apeCD=NPwPS>{9_7$0;l;{Me&DJU}Djr_@C*{{Ue^>=R-i_>zWLRz_KLP_I zNN6ePs-u}-?5oI=bLa5lkoku7kie5jjAWJG;8qy}DP-dnDd{Q{Dxf#3_I@?Osb;%N zRgD<{nD#?d^vvbzS1|9+F2O-H5|wQfQkcE+Mf}Le|R|l z&%~T~#;O|a-L3gC0WHx|G!4jrv9OP?#1%J>{ws7`B}Mp4c2X*SeLq%7Jh`vj!EzmE zYkQ;stbg$3b>%D`%Dr#bLak4 zO3t36ePI@pe`#{|Vo4m_TABGMj(BKRMUesckfN(b(l;;e+wJEb*EKoyElO*t+mwt* zV^T#)EZuxvn4A-1dXn2J%2mu?yOCt&!I7)SojR}cf0Deu-wc^Ubq&s)c3wdgmWqz@ z0y#w@mi_9GD8-QS{{VwV_%LjmxDrbOJZ4@TX0~PxMfE6DgS+tc12_BclK#W|XFgih z=9#CCM-Kj)7h_gDij;FwO+^+TiwA1*x9B^7O=`;9jlLNLD1MA4c|X$Cn`HpFTK@nb zi=qDjXSO41>loAnDdfrzE|uYF4&O#CGc(I0DEJf@)YG#Rul$@C!zUZ40;mB)p{Hs| zEjs%yT__L(P`?VX{{W0L4gUNNu%bgr7N25H8$&S89D=SdtYk4%-mI z0=3)aipor3>$;`RoXk$+;gZ{xYwxx_$EBuQ!qh8UcGwMsi4zbuuSWQ>^UWk0ag*&d zQ#8GH_)_Gkss8{eS08Z1UC38zMR0be?5GfpyBgr_3(-wRICdGDz?5%>M5y+S|ZANtr$Bo+oaZtWY>Yi1s$trW+>7Kp2<%C(!bCq2H9h2Rxh}tTR)RzO7jZ~McB4A6{{V%S zOl{#v(TPI$E5uvZ?1xrp*s%Sh@FySH$TT!TGa#!a-NbxNelJdGJrp18SC{&@#$o^j z&={jE-OmLo$LTUIKUVmyrBxpn6_SRPs}v{S_6`BMbPFVeib5uo@60lpG zlbQn=fQA6jF(x!$4gMNn1_5qf+0mq8#bA&(?;OX-R5{z5st<+!89%#|;zg1{_clJY zszn;8mOg%*k^qH>YJnvI_*T4I{I84roGiGsSYeV#SCzVg9yJE0FleN&XR9Iq04YDn zc(5^oF$}7#Yapr>KWMN4inime%JTkxDVoS1thL7Mr5%Mktk&|1cJYjb{{V`x+2U_S zQAh18Y`s7NNJ%??l+3^EakDg2LnI{uYk@38H$q9Fr?>&>{;nZu0vlM|6UpV-kMr`C zNk2vzMCxK$8|)?9A=;k;utI)Y*9)#s8Ja?%s=Fv7{xUp(?e7BoIdD5QjUVFl+2mS| zq;eFm`z8MXfx~MSp4(AnQ4oS@SVRh%H9?QkB>XANr-J^+`Ad>7EUYOxomi^Ul zKmXJ9E>Z84O?u@W@s!@Cl_T&U?crvv6q1k@w4hpoM(#@W3_DjLdacX?=&&q?7~Zl9 z{?`e3nx5b=$cb3}6KU#@tONmp4OTT%zl~pVTMM4rNv>W(r69SDCWvi9%z-4WM`Q7? z+Wo8vHLYeh7V0Z0CGE=vQiY4N2K|!%0Bex=U;La}-Otshjzj6hjFK!wP^t*lArPf% zKX+ZfoBdo%Rh5iWy0K|yDkS6yAQ{jqDvIt>yua1LEoya=M74#?zM91q%*;uwi2kIN zVZ8t)WT*Py>l8&auLxoSqw%8wvc?2x2|JEURp(#lR>xaO!qwyq+>|n_R8>nAC53Cr zlor~YzAuaHva)yU9PJW%ra!BL!c{vf5zdQJ8-mej#kqgTtbMJ^h#onlF4S|)fCimY zv7>Vdzx-b(#elDQCA^hlz_Ci#_W1=p&%;=!YTzKMWGdecS8cnBV@K|!1%NDvbZy4R zaB@-Qy=v+fj6(jXR^=pb+_0??kN0yLGKQ}S{>$-yjg36V=3aUrdv*{>bncP1raCi9Q=w54^vA)>p7RjYwWYX*qAR z=|~R(3ESY5JwKW}G_lZqCA|<#u{~vr<4;l10|oe9o4DlPWxwID!^`sA$*DYoWwp2# z(>kQ2h|MjYMq2k-B>KDY{{Vhumi~8}PGmv6(8ntB6ePT=Xh+hxS2Bl$$yyIcFKxX^ zAs_LkX&o91rxYR5dV$yBf*9&)^4lLQpSfT__+(aRJq=#iQ*VB_lQPF7lDlmj4sE`3e z@{a~v!~5%v{sx@>?2%92`jSv|*m1|o!K0E0!!M{LbR(xEkrK4`JVphYrrPb}1Tcc- z#e8HE@$2lP7k6q%yh|y%wg-BU47TH@<8C;cT$yZrLGY|`#7A$5QVzX;-)(|!p}6{+QvT? zOd|7ryeq9-t-^q?$s|tA_6h=hD)k=-PG99mBmV%iFP=O3EufIVg4a0#ZWJ5CtfBvbNP5ysiHL1Cs0TlG-$alyek_d(+e( z@uZ3W00WKG-I^azElB~|y^R)5-{rvB4l#i~uL2r1o#>fZf_~I=ul$_<0D{2RN{k^R zvKZfPypJ>g04Dzc;jv9ZLb2R2--@sZI?^bq-~6svS$wpz00IGur{uzvJ%3=FGmMF? zqZ^ps72+y7tc0GOXjYgFp;_P$vor)cGZRnVA6I%2UNuwK{gw#RQsHH_5jhbscZZu6 zI|d*~d^sx)U*1OF|gbPf?{^zhz4>{{V!NxFX&n z(8~bbMNqXy#iUg`b*)noxIUy;75h>*sX#|suRoPNY!3vy(4HkL@h4sW$1kKiGGX1M zu*@y3+52m5&8OuFa))b%Yl+bHE%rc-n$ z`*AuDRQN3k`>?9=W)et9p%QRH4&(&~$N8(abE&5VR%xXs7rT%#ss83GY2k7|$^FS{ zVH^5sVvSG>$ZjD@?a6~mDbu|^91A5ScDG3R#|T7@I)PH@%7p&_lqBKP14D4r#8m+e zBz~F_J1AA`cV%f#29x*KgsOA4jx?F5I?K#)9BKpmG!d z{9d0VQT)yR%LzRuhVFR>#^vNC4R#WiqU}xJi?906iK9G`%Nl<2BO1JH2IX2Hd`H4# z5+^U&cp}7Y*%EmrD711URoh`sOacB{k{kYc<6`wCg68IaUZiZ|NDwtga?A;#;M^OJ z!n{-d0Z3JpEP-n~vX!j?Bz!`L`5DB6{&~coEIVEe`euv(aZ}wQNmBL3dvE2<;MFW>4J!rqopWZL| zO1Q1$cN5PgTu9&Uq4t_yEyLiTJilny`7jYx-iM-txu*LAPp32z7^O$46!7a#n0o+8 zl51xG!9T&qg}Czz_CJ}?fFt~_DUv-V{ilV@k}FE963aS+#zKeF9e&F<4~zb9TuQ`* zy_~FseNcb`{7$Oy2;~4bAmo=U7mKT8%Hm0R&1-O{oHnuXVbVzCSf!3cAhyiE@GbD* zQ3>@5HB5XUUBzqr*X(dLyf5g8h^Hv!<_7-&YA{dS*vq)esNgD0QW9&{lUka782gAN z4?3wFk;4J*WobX-d~}ea#0V$hWRhN=vIwvI4rpOmh(OcFX64$nOJiDnCmI`dBv7muKpuy49GDf-SYW%O9t{J+i%$U} zkAAO@SmRh{1Oxl{m>+1$6HdRi9tDapbjf6GfwWc%C^l%+j2$Yh*J?tN;iri}@iIzj z_^mSlRp*7egCeP=1tN(Tf0rCtp-<8}e63C{u3h#cW)~n3f0?0(VQ-!+9P4K1v`ZH# z&3GD)E@*{*$%&ixxpCq4Ukc*Xqf6Q2x0CC)(J?O3kj11(z!9nBBaKpSZq@izeLv^L zVYi+OY0=7wSUkzbwGpwG(FdmEnlJj%fPE#l@a7 zH3=eN$%rbUsryQKR{|t4+%!>@COKQvD^pTFru7}aX@(87Sr!{8fa1nEJ*h7gAQ9O7 zPH-rOha5K>P7KH;wAuBk0$-=eJ7Q1_n#H5%5V-A-H*$U z6Hk}Lk^OAaQto*oyufX_Dzb3{?_6!5X@s$Tz7HbBUA_q|ODFtC3~YT*PGiTDM-$4Y z`HF!32lE%rbqp)@nA8G|c+sT>{**BVCK^~xrn zENc~~BiMc!8}k+Hc9x#072`M*75h&z#+!lPpZWc)=Sw=sbeI(nqXoITolkET_P4~Jj8P+> zvlGgRumtmw89}FZ_;3;ifQwDqMGE!!x~O&)JJ2ggt+(=V!cQ?=M%LreJYB9S7-plG z;!>QtP^G7eV;s|xB{jX?O_(vH% zLcP8&d$0UgE+n(Gb%ga$%9Wv@R;nIHr^Mgvc;>ZhZ>|Pm$!1nb5y;$>S$aB6zRWF{>Kt>7`uI%fwd{V-z;GJOUP_C+ha^NUSJ_L z1P~cd*+7Gq!`tHL{$5EuzcsycGWc#IQV(s$D!a zE%8W*4}^tWf614{JvZczC}fmwpl$%+*SAmj+Y^x_lG=VItu#_7VX)+5Kn^}g!?!r- zr+`%G08ot~q3u?TW2RnDGbpJEKZOk!jRil|$9lnJ>}s;H?Yk++U7jo&rm0EdQ}M|e;uwx! z6D1G)D8b^>(^?0phh*H;9ziLyarmpp{f20uhDd921G}vWU{7)g8=r=loPLF+vP~&r z6i$eWKV&QQs}R5NU*xaaYzre>*{a)Hzo}y*7|p#os1NXz1n#N^`}HyWPo%dwp!Qe$7NJ!|JL;-b5|&h@uv}USkyS#wsF{P+hs1fmsTF^h>|h(a zm|&U*bf6FRN7^2ms6X(h3gnf>m=K{^Bx*z{LK!(p8rSU5{{Y6g=~hVzjJe|oS0DXySFj)Rxy@zX7p{Psh|qa z#guJA@5KKAlZCU$@9AATlrO+EiWn&i)Rp*t#Xq}mwyT02N!Rj3Y>VU-D>U}a`=cJ4_4(<=<@#nC8YlVClli0uNwl9AKjDIswgYOlm6;Zzw7@1 zFC1{YXOq=)yPj3wim@Q_t$8aeQc9=o`i%VfaKrsC%W14zm7d~grBzU?3K@^6SDJ>4 zk0;|B{g~Z2@R6NUmp3oeJhiIAs<25F*|w;p3^}hOUx^9pxExWR0V@ZFWkJPWHZP;9Dsn6j3-}7*8Nl9aO>MdgANGwQo zbOC%=5*CB@T=K_3e2F5L9-;ymp`%rSuGIpSZ;K|LQ+TfQw6{0SV$n|b7jq{TmSW%$ zwHf%R;yHb<*!VbnM{~g%$1K`xO&b-b*KX>wNTBv*StX4({{VHOKNkC6yyY0ixUspg zw7rPPZmr`Qb4H~kNg|Y=NrA5@)F0Zcs^8A9ibhpsxC}nSK$~w;t;@gq*pw_>sQ?Ca zlD|xlQ@8n9k~e#(@WE!*hKR4tSoK`icqgTL4v zu|G|h)8qqy>B)X^$_0J5#G(%JF>|wtg7yF^1_SS7h{{~dR91+vf$!=DKk=?A(=nBX z%B+taJCo`t-?x0Gnz2S#aOoII`20`!Qy*^JWutHV=XR%ZjHqk>00W4h-PyvFqYFMR zE6{|d-$=m{DxX?l)d}i^-ly#b+wR4#Ielc&w~F3CovIe(fIjBvF_*rQ>FF~L3k$1` z^f9c{x83REeCckNmUf9g#!FdY8xzKU28=7$fdH*O&m4*@bHhEXP|mhKv??WmVoo3x zKMbUj?<>U{Jew12b+za+daPupJUBfE8d;b70`y7(_NYhV@ zNWhq-VEc5VBcH_0idm~Ik%?={Gb~%uyy9n1_?@!kXH|#O)ilW$;YTv2=f*=%_*vHj z-5SX;j5ifX71;g$a0~PKwnI%sVA1|12un_2H8s!-ozRB z4^f%96$H7Wg{Lm{_;5mAGZc7ToQEweaKQ2k?(|YrgYh@>W0fyy3QcW0Nm>G>V=7UH zExCnnv=;pCzWrH!lh!3B9v02 z_ioKf_N#nepQ--rz|!jX^IIRRtNmfQ8R&}{j66P@kU?$@CpPrIX;=4*yc3ooXz6jO z+&8Gq?zDM@DoJ0qszXfXqB%hQw76t$qK+aCx zAqQzPXrR0)veN?iZEbk;Db|DaM>Wo0YjJ2Z<}oY z*YzO$a*caqNv(IG8IA>*Dn`e8MjY%0)uGN?`G~7~eH?0E)YH;Y3Uyyy!zVt!7Z^Fy z{xV@Uvv9YXozX;PXr%Nb6d;CKAV#4e4nMR0!wIF-Vp-#wcRXXbU*3vSh+>4+zqKbE zKpDb`NN=pKBO`JS)r^X+-5DcaiO z+T2c;Eh3imF4zeTMR`yc`1k7;Lhc|oIZzu7L%6A(Sy{H&5>{C;NBpi$G2~x!TK#kZ9zMuFkY+xgXWDUiYk1EoY?@j54nswxnMGvB}776>*dW8!a z63NJ(jV}%_!;iqOpJ&s_ujxGo;@9gs&FuGqLFK2!JvdS5C|lDh-MIWu_FL?J-Wfgq znW_m>U{>GQ^E_X~AyuAxkm3bX#nXv)S9 z#l1L&#dwIPj8=*p(*$lPOmg-c{4ub{wYe;Uqk~*ROKrIfg@@r>5ccKh#1PDqIR|Z| zjHo~GD~yt%Y{w8duq)b|#&NL*W>p8Mh`R0eL~LpI?}^(W`nuMlu47u0(m;!e%l`CK z{?oz*d#c;LEBE7sUZ7V4bdc^VU$jr~$`xeD0DH=zSl6<#!x+h9Y-_ZS!M4~5 z6wJn*e%w)y^W%m3nyk89u`&4FJz7$r4@1*^=xN83{{X=@3-gV?)^wY55ib7#Te(uI z-jg0~?iZL9UU4FPL*n7~avLIxDFfWPO9DR`(cC0pxb<8HE9!b2BK_-pa!K}I zY0i^giQYjmxb$S^4<=aHuqxC5BT=S2D$V{@O1!QVHN-4>N{rpUDHL<3{EvV592ag% z{bHtuJBf=O`m;xHe-@J?-e-u2boDAZ3zG)@zjYw|eFVa5%WB*#E&+~5k{9GQDDn%1 zUH<@;IFI&N5$x=gys^TF$QffQstsf#fa(0B;S|GZt{UC0oi-7fS?NlutTC1#f2{3_ z-L2Fs62?L~cBb2WP`Z-D(~k)_w)j}u(LAH)P zh-I{?G&`ADk6-dhz*oSm*2x&9WOAf*AdsZ@1MOi=qoQ2HI0uUf2vgUL@p9k&k*E6{ zUeVj?GKmO2lR+g8#kdrex^MQG@O&zvSeB!LjK+tr?<8;4iHK4t&@n!WUV%;aR}T|Y z{E*hcux5r|^qgL>0M$uS2Gm4ycHgWohcLiZ)tFUG4-=XnwLH>zQlt`JG zMG2)vXbm%z`L^{^JIm1Hh0!etp)$9r6lqWOiTD$b*?Dp?sa(Scqi+<9vd0giUAI+J z63r~^Y4)KsL~r-waljt6xKCN1ot3F(<4O;Km5UH6#!~8vsz1p6zImi+h-QRNY` zz)0m9nV86S9~;x`uk(MaiA_5ssV7v9LmjvRp@4H5%19%Ub1ypz{hvz`SR;j5D$Q?T zujt0+h2%3gCSqt_p*=NrKX2mxOf0**L~^SBo$pf`#~g?kYJg{I~_=i6i8oQ*e>erA2BSnhtIkZeL^K%SBWnsv&iam~!5P ztrXYoa$(tiFZX5~2;>mQ98nn~GI3Xs1SO?p3U;e*PyF-vRk(eeF|@P|0?XZ;K$Nkyx57XnC7^9zmN(H2dDI+Qb<-th%QgN)jsrH-IU+*DI zR$Kiwu9_Pg){X|Dh8g2oBo5nv%B>0ouGL|~`T1l&TD%i$_tMm?ql(TKjRcV=@0ECk z3aaRM{{X9jCR)MqAPX7<4Y?`;ns}9|PCxa=GDL}-0+a{h71)AVc@xT;@~$Q&Ws2f1 zKrE;lMF(a)8K`Nw_^G$q=Z(8OnaN#)NZS%=$;Vp!OV{?fVn>SA7=4C2kyFK}4~W~Y zFK2Kfkz;x+WYvjL@b}-L>Z;%M(`CM)bLj}}WO$3F74W^Z)a>{LyV0&1OKAY!TT8Z)g+S}+ z-h3RF{#rQwoE^bdOM0F>rjhH=ibEh3ugeq+64r!raMCi@VhW%|6g@w9*t5ik;6wiH zp>Dw<96#c2_?wh6p|2I>Dn~*-9)sV8B^0meO5gy|rr$qB!hSfQB_v@`!aJ7$QnV2g zKZYeT9!jhBhZZHf9xoX`hr@$(Jr?HidCJa~{F;dxG?KIYRp5YbtM++673KDD_75pR zZ*vk|^0@_(5f|Vc*tF)ZBjQilSN-Q7*vRI+rM-p0hCx`E8SUh!?4?0Q+i4Msa{mBX zf6G-T5lI!P<*@)Wlm7q}dWcWpxU_;5%kduNeK9qDMX+2GaFD%tudLD_AIPZc zy}y+(5(k&ofdQjg+^ZValDJL)9lvHz_*^!gaX**fo|OpE%%+5sOGF+&&gZs7B$6#Y z(WaD%=a{4|GBWzEo{~}+jTOBiGabjp!~DOC0o&T!q}F#<`~-JAYX*<_gg zxqi>?llgJ;HO=+8TSfG3y%PLG3du%vl0C-DPM_stWLt=2hR>LOA{F&TIdhIE(|Uf% zbyNPVuHWvw0~vQqXB9uYUM|~)XM#|EWlC@Uwl@8l;{_|tN;;1k`ftDd0%3-b9xKI{ zmo%117N@NiS26AW$+yQy#xR0IMCTf*Jw+fi6#oEOa0aC6*KmbAh>?ph{$+BYZBg-h zJKjk>_smU+MWr2B4JE>u z?q_(_B0NEbVo@t7p#Jbm$Cuju{5(F(FC-$2-7BVa&8CZVu zPu_pNvEk%wN(_c^Re#(ElACiR{83MZtZ%#0XQ*TUz%0dp` z+=ONS05AQ95J{=I=LNhxxUps}(FipP#Mhf_f=~Ik;Z5G(bu9_hnvm!7wRRfaH3e*A>cCRLH-Zw0y)8T=AS)}-lKhhKyeqU;+4MhU? z;@m&r{W11d*73Khmg^iqupHN%uEByZ+?uehIDXswEyWobg`1c4Wo8A1v{Fix-{MG! zQ9un!Jh8tXT={>o;yNagtgYJf_Yy(`Q!r5UG$8O$2%E$VjOq##Ea4w>QORw+mR?k1vU82q2Q%(64&4e%JG5pyeu3Pfes}EkY5gx z?tkEa*1)S8x;a)g3sz!90@SL2KHD=AHecEJvZnx&T7Z@2po$NODHPxNTM{d|8z?-e zDNc(~x4+LDP#@vgf_VJ9bOW{yiqF-nKH#3)6+p+MQ{vl?{L_Y)HZa2+b6k2wrBUj$ zfFhTO3Z(x4FC}8jDmVAMp_hceZ1c!6%_o@drMKeJ#iZV_QskpD2!FvEP># zWlC{w5=Zu0P8=7xvbAX8D4$ZeolSlgFjJWu01v0n<8!+&*#7`x6Z}7SAXtk=k@PdE zXH};v6Hyy+-|T?R%M`oPE~ApMq%*XK;fY*C>{PpaDH!n?ZtgGCyRqe zVtq$-Vp(1|-6_d~D-LV${6EU;i$-O0BS$5})n|qR#UcaZ^vsl3a;(RqNB&>M@Zh^! zg@GY)FoB_u(=6o28pOMC0ct{VA7w}UYl7m|#jHl+D%_*&wFMAV&=uX8{{YD!3UK1= z>+tdo=6L10(QU3JUNba}8C9;_(4k^T_*P1({{W1fS0h*H9IrD4{oJ0i6GKr{V_(A) zWsxVeS0~bFJ~7k+ct`&L1+!w81p>q=MgYa*P_+)ipLQa@xd}nV*`buW~ES6neK9m5;;B#ubdwFHm<{M;Nb<+H7v28cPBA!FZ>g)KG&$ zWFocO<14rMEr8~{o(a)oZ-y6hBG$j&JG%l0fb`G#IZ{r>@+qVs@n)7b2AhG!dViBC z{{Ur)BJivVO&}<$LH>1AuHHVQV<$$E?g*+?CVO#Fxc>lpw;j4i4jEhgQ(3z1k*c}a z?dv%rzW`Z5roQkEh`hh(>SP091iV50qa1{E{{T}H)R2R3DWy_CB??UL)Z=0UhORCv#zk4B4z#b8nleLtChdA|-ZG(Wbug_^W2 z43{v74ZH}lf+|)*5>T8}w#n&4KbwLg{@yoHx{@0^l8Ok3`ejQ7VgHrVY!@*ObAn8=q6CeJ4g*ixLFn(lgW zlfUw13Ksq0CvrjDY(QFa`(lO5t~AHWTVTSV`i1M%ux2K^2JMJN$PhRd96%<6;iRm0 z$l`=@9YSN*Hi5P>LNX3OuA`bQb zzm5;Jd4AC>uBZ2M3UMr|g*zX!Pxf5bm&1ozHQQUi1Hwpy)yowj0Ud);U3iht;$Qg5 z`wuSi#lDxO>-RU-@CYEhu$mVrR0NrYIHDdbt17T)!IbiE~?iSw3(4c=w5mmm+ zywL_hLEF@hHb3!N$luL|T7BG+L8g}`;Voho?<9=gqudayEUrIpNk{j8w6HfQx%!WS zWS-!tj7}l8QVb#>L_ujm8A8oPEB0LqKkWUVwxky~!afi1Dprn2bUp=LcyRv!g#Q46 zUx_cR>K_zNV|#EZ!bT3X9XUlJq-($OzxtehG{GWCzealIsWh$W)H5)SI(!LIe|A`X zpSSS+m%xj9)>i8mrWuJWfOV$b8*U@Ja`=DUpUsyAxtxP_7wSxk za$n_7w5Fjf?WI}D#UzSDJdQm^6+5a1_!Ra1pY^$XUYczloh9qsOFiSfi%5$`Bmh+P zUx}S7w-rVBdAF&{;=(cM)@x>3O%u2)xgkoh4hi_UvbNvszn2ma^CEVx%<2K!h%N#x z2hwr#!Nw@|tE@9Weyu}8^tK~;6jD5^rxuE2TiswhBncO^xK&0MBo;mE0=jX z{{Sl7WI}0Ym?gYrA!d(~w5N(jWd+@j5X{cbRZ)2V0J@$}*}!tcaT-A&Wr7=*OM8eE zvqdK_-I@5ZucvcTzNY+TkDGsalDjEnX|(CVt1^(o{HiSUAM?@SOf(ga^((S^Oezmw zMn!M=Hmm;t1%=xBsM2m!^ob<|_2`Vht_8@5dM(Phrzx%|PjylCjlbBMW|iZT{uty? z@u`f+4)kf>k`4Wz8KwtVA!_cZtIoX^6_gqu^^{_AOUg@#*p-$^Ng(_{G$_ii->XY+ zxASJbMUs1&0udzY(<+1BOK8CzyUWKIFQzw;{-GO}Jm7|~~yMB8-q zqcRSkq;@+t#$h=)TNc2ObE@2&Fy=WeH8b)d&1G1iwdU zC4~S5$EOn=_KIdsK>q-$*v&~4JZOvXu~HOmUL+dyr`g*h@-M+~qNTZULUsnIt^WWL z{{W4!&_sF7K~wc;O9HPmwO*x^)a~%nM#0N(8IpGm$qTfx><0(*UM@Qd?#S$O ztLUej+eyR{9hI1k>hbcR{{Vu?Aj=-vvDEg@|I_su${^EhXRk* z?kADA2H%>MjF3SMHFs~f@!WqdINth~Qd|+s)plEDkdRA?bC4?Z;(y8be!_n4OiJES z5<5fb$-&H4^GdtRa?ks@nx}MCUM(dblSKTP5-*6h_U0I6i_&7mtaHK5NoHkKjac-r z#}BFh02v>O;!>}wkp(nFU62}n$&nnkE_z&n^*h&1Br8mB1+^t^`P@ZYtjsjrR16-W})wzP>F$9-Qz`Ze3VWiQ&tA z=vX5G{!0G zRFAhKa|`i&99#LYEu?k2kCi|mu_LGor1tq?jEah~6*VE$04q?UQUKg_R8{5v#~KiU zPy)ChDR0^(f!v?N_Hv<+q_*R7^_Ud|ifqeHpGjZlYy{Fsv51T^{i>qzQ2RMfNW9^!%dhW*h- z;PIk;ui6`;YO%t7H+tKlV>OupeFtDit;ExcMfUw$ejb~uwD2eQnKr(*7Pjz;5fm31 zdq%Z8s?L_~tZFI28JWMA3}A{Bh195-3Wbs<0a8fYb=iSmfHvj1f6p|N_hwMrqA+Ni z;A)bmeVfOTZOuFVujX&qbHnM6-O)%tVxBwnKKuUwpT=Jii<^S&M%eHmb*UUd_w>KP*6H>e(eh%NvynYYlRpR(t7NFDW z5OI!>!*6o|1J{~FF7cSej`77$vnLqQJ`d+^O@o?67SXE)23CjDFI5hrRgloX5%Gcc ze%>i@^@L#85j-Yv7?)O1sHIDML{q6yagq99F+x}|7a;Cyz$>bcW;_lE(c$KoR!R>y z7cl}W)sQi!0aF01|LFSX0@$I@~&tS~AT*ditxw{tqku>tk z`IGdq zWB#@V_~eGlX4+XDq);~i%7g-c)WxBcE~^BD1Qd=yK=`QE;20mji75BM?v00o9RxNC=sV87g3K_=aK`T}kC{%x?zG!isG4}`Fp zwxDgN1XsYBv#0rb;K?1E&=0Jq)b$r^$K{l3_x8kO zbqyFKd`&pGrWc7%cdxjVVxha^KZd zkBDE2HAnP5-z+Ac4h9*5G>L6Ui_)YAWq8jJJ}=&n54O#Ltt3fcjT_-alhSd!9%?yN zsrJLF@#FqS?Bk)0#}N?%LKBY?7}TFlTD?z+Z;Rke4I(Pa{(zD-U=_%zU$b55Ldvx1 z`(NyFb1k`%2yLZExYZPj*f}uenfukW; zDua=x;!xk@uP1i?Ru^F$Zv-E^;Ld4pB1ZhsRPs^)`y8poPo%5+4?p)YzQRH;p>Iwp zYO$j-zRY8%6cUns33$~%dFeEt?Ee6LInq_`^jl~flg}K`q@k3@Cn%;$sZxH@phTPf zZ&wU$BAo;*&sIfaT5ibTlyBOtD@7mV^80^eMV;FtTt=YFp5lad+p7NnpZpkA61=FQFw;3AKTLAudXQJ*HSha>&HkXfT?Q=)Z5eRX3mWo7xZS=kDe%7@QuFvwJpN*a*HDfPD@(Kzyk)Mg zk|^UyxU-%uCl-;F!tLpN99#SOWWs^xFEDEl>j>=NN-E7DM=G2}NC6&KaYj|)R!)4q zN#XkpGfmaCqjd{vm%r%OGl;a{B6v4oO2p90X5%jp?v)i4{vWd3uq3{0)R8o%CP1?m zR~JnghBB@h9(9KVucq?d6M9 z^qoyi(I{eg@-rpEy*D3cgnQ&}@J${3;xIvy<)l@p3+alGr`eh%X+OwM^6;8z;JUc9 zhSF+FZ7g+?U+)PB%Kdj%=KKo$AGP~G4oM<#H2GxYhx3#~`Xor2Ik#WHtCy@Ip;}l1xJN+v=?% z0Jd5|mKxQkw-O&YX}%&$Kt z0*W~VPBcFqTdp_j5Sim-BZ?TKJXjV&qP$2_+f_f+!gnbd;?e*?jed0s4LJ`UEB?y_ zTHVDWaXTu{1Vw5%@wjP)f8ZwNf|~RTW`10PQ;y=K%p`@+kJ@4|wrld%$siO~c#GGn zJ2bUZPW*V`oxS8sYiz|$ZX|ff>Ucz58IQLRi-x)?pV4;m^_JQdj4|rQAbca5qvb+MPtd5Fly7HlBeb|N)Em9>6f4X)%6`V$~`fs@x9U{Q{6ET{Ywce*Yl$evNg@&~#YYts17KM4EUFuRKkRY-skeeus6ZxHV9LK2 z1zA2Izwwfes(809Jb8VDT1&BWC$DoytxLzi8gIWPuIpYe!M+dn55XwynF*F4KqXMg zQOA>t(AU4DR!KR3sr>k*ymAC+U?rvaq$;!wL5!*cw&RBg{{YH+zuNt!18JOOlJHA3 z5VxljFBC}(AOrC1yU6m$p}(EKz5Rg_>K0SQb!ysVR(AH*%+D-5zOm{R3%??fwHb;P z;J+8e{!6PZu8%Zqu*-K9SgS-LibN0l#o}9>C6B;AWq!i^O@;R{Np8}5gQ&_IUBYhmcASv%`oANvWhlrk`cM&yF_Wk5WdCj9ZLk@meTuMDaBEKFFsJ z+5Z56%PGY}9yR1t)`~Y;f(ZWrSN#6~X+W(c+!ySboCKh)0AWgeUq%CDF9Hfyu2gmX zqfX-`7S^%qH*953+)R=%LTD}*`5xb&DIe4@QC-lwmyMr`DH1f@3;x5#zwsP4mfqh_QufjExl*obXk=$cPEA5N z7EgzNhvEI40SYrL7Z!IsEX_!cP+bKG42-)=6UWDkg(<=Q((vWPWHC5Wl11qN4<0NT zMd_iYv7~Df0IoqLmT*FVnLaKN`m6iJU+*3HZhhY8nH;dH2z#9vGR?L#r@Q>>BdtycJws(;wq6LAp!Lp zl5$PtD9WtgWj|#Gwvse^Z8CjJMRu^eavC*}g2!_NEgfYL2>t;F#*J?qe|734^73hL zc8zo*(V1k4qLS8GV}c8IHxNj&tHLD?;=DNk>mm53R$e^i!Rc`6uRxrX6%kb<6*0** z%ElH`xH7{Gzi0M-!+dLmdZo7wUr<+(mKBmlasjHr9T#EnkX#S=Y$MjCvAMR9AA?;& zV~!!ztep51QYu;5+D?DT=>E^z!}}Q;O*-+UUT&ye&{uaKzi>a*K7@N=tl-I}M*OPl z=$iESmC*_R0EU&YYOgsdS}TGFuw%r3z^%%Ez-K)_Dy%kdJP<;hvuK1PH zJoZx%K?JJA+kic4sXy>_#=$zW%PZBD+*L(QJ`YWe2H)N$DPpV6-r7O|nlz3{H~3qK z0Mp)_a_=LJ;S#EjQ}cu271)>CZoo!=;IJerBb6rvkgZtU{{SZt%i~(Oz_*Yn)7b?I zgzeBUlhg0l?8tB%Kdl%OfgH0&j0rR%L&%T~XuO(T&+_xe{d)XDLtLzj87>rpT!SS~ zPx!ObU*`C+R+{tF4rPs@k(<>qhEf!=#%eiGe(g-0NAmn%6JTL;c&R;LjoFkHZcW7O z#;Pm1`&@tEKWiRgkVpf_vO=s1tpbK6m@p&_{us~uEX=%Zo-lw$j+G~+BjhX4_+VF+ z+9MkMslZtPH2C?FpDIWlv6pfeor-*MmNyIu6f`7?Q>Vj*x>CyTXe3av#8xv?LRxkq zt4{v_7D_a-t)?IbjWOd+{{Ry4Cx7)@Iv$O4%S*GAnljG{Fz^p3Ez`Fq$)ql<(g48m zVOn;oDc|qKc<+vzt#^f=RULUKzv*96>~!RHDYu%Vlm%++dLvzvCxA*vM=KHoIvjiDM81PCv?` zf;4hZ6(S@arrcunCgke>0A`%PlGWpW7Zv)fF{$-sX$?xEw`%ZKS3IR&4DInOS!p!F zMSHm_>&ak-Gr%ZPq{+;H7J+$s+8%!({`Z3Z!{R7pNA+Y{$_vdriBtp~ z{uZHQ)0J!e+VlSL@G?qxGBY%Bo?fJzRF)y1eviw7r9Q*5x9v%Stzo&kwnV9c9Q|RP zKwyB1fP>+w;6HYs&Hla!SmKS6B!LssLCKgrqyq zr3|#>$_C$MxUE0C^*uk?R>Wd?C7Gv1DOsafn1B^bO}XTD9H(zlQ|$4F{Ej$ee77um zdfQ2C%uE6`4J=Sc8%TN3%2}%D=vn^H!zcMUQQ5@TGDkJcFnWx%qdcn=Ub9No;;gl9 zOuucu1pZ7D6GvgjH;x@p+;eDdR!K}WlmPBRaDAheoS5W#_|D3*Oyy(|J5_$q#~F3w z+|nt zI1=nQkVnG6a$0zwi~Obk09Tbs7pE1u`w|Ccc@SGjmc)U@CEBnM?K8{SeDbX$NZzP#*BWVIe6N=KJg?QJeWXTuR zp;$nFU2ZOvtV*#4CE;*f3a~X(PxD+U)M3`5GdtML^?r1YYH@O?Nmk&^#2S{^GxGjl z*}^fdi(N)owNnnAYQnb{H*&`tGXOvYER5{*;@p-tlb70c`1u<}cNmM+S(@o&dSPC8%RxBsUy6;q;LB!vPT~!{__c!%o_F0{Hdl~-RXB05}RAGGIEYoW#lGEn5Yp7 za9DY~zaOZwFB~1GX}6kvzpJdxd8smTQ9bZd3|&Ct#gE$UZa6%F< z0GK2IBZU+dAqiO8ySu67{=5G13t)F^r8MGRA`c#c(b0nnnxC^FE&DuiZ!_D3*KX!o z4nZ0yXg(yZPy#zM9+mjAId`SObt5<|XOoi2Fm4MZv}NQ9kA^tenv6f+ZNvARTMRt2 zG?H60&+)vGw<2~WLZrpFrFoZ)aNSZ#Jhv!QS(4gN0N%19&>#63F+c2Z#;vhVq&E}O zVox8{20=AAl-*xMj8Pd%E}Tje-D<7J{s;V!VU=v|0a6*Gr~rP|c~isfVr-s* zT*jpQPMm&USZN9W0D+JUc#yK&&J=SCZzF}RIINTd{ug|Gy0SwN8Gco~C+R%CSj6# z6fDl+xlz8?F;P$D3a9;M#T0(<{{XuLk^-ec;uq0k6>0|G8q;h(mf0c_xg>G95=K;= zy(U=)Px3+QhgM1w8&Jv_DI=ilIL{*nTN=wT z8>t`;+o5DX@f;EX`ZDux;4}Z%^${OOhBqkt;!{+{z-&mMISlg_t}V4aLhu!HrdfLB zM)a)A^kGA|`iahG=4)`{>Y;>bWGzknOc#(4Dl~C%uk6HC+MjESe>O%I%_mnrjO|$`%c__M^yg+ zQz_S%C-q)ch1fKX01OdavlCt<#==BOe{_-l>3Q+OuU=cLq*+{XPlnxyCaee^sX%H` zY49Nb046_={$X|%Jib~ud z1oJAT_;ytLN+jdhUC1nfLPr{ za?iK#Bq{LJ5NqnUrYe7L1H|&A^3Nw5iKK7dNh*#5kt^`W@UIiF>Gr|i09UBD@szWrzy;h-79T5F0UG_#^5nkcn%{lkrpS#kjd0x`jW@fn;VD z{G5Cw%~D43gUjMtaaQGDO>58oBZ9P0pIovMFWU6kLhh|Xr*__idaU2;d_QL-7DJ2{ zilme1B!KtipbhQ%WEaeSCWypUdAJ4^_=1hvp$h*1tk@#vZz1cD!D(@; zB#@9e+q|lU%8{#fv zW5pH2b^iccA-d<7ZnP`;ZYUp3VpiVYMtJR{w~OsW=5H}m0smNe}y zd7e4ojB?`(tU}#Z6i~G0%*?7)SNCl%rm}MM<7^oZn9K5yM2g-bkIk5UA(v%Zk?}X#KNEaE&C3AjR~qfj{1;cYk=w;_Gs1#aKC(w~6UIF_ zlz!}omag-+sNe88B=bqBB6XczgJ{{YxzcH+*}qj~L~SV&HD zj!fu4tfX+=xo~bj2gC8N!G<1Qo?~*aaH=G4id9+=zX_^rO4F1nANvpH!_5{6KBi%> z#~VozuJwAge)pC_rx0Hi!c zz9}8HqeJm=jsF0X_OPbH3E$R6KnN1DQ=u-+z*B#-vfw72nEIR#Hn&;0o}FRa>Ga=@ z4Y!ZuYiQ6B5R`HwU<96`0Z(e>1t}zol;a%g06U*jQb|8Rt|A~#4;kJjPecmte|yG5 zzxgv_CvKwF+&bkPq&XLjE7So#!Xz`>~Tf zA_AIisYEJq+{Hrfw6HG@R(v3@X8EQ^agNf{*j%jfzn~Wn;oVk%|hF^mqPxVr5tbEZw$0(zv7& zDqKLtd2o?ghmRHpo%-a?*;?gNW&}vem7t;f0;iQWWS8Q>`lBkCm+T1Rc_kvMOH>W| z{A!{zgo|orMne)iySq(Qs3h)G{{Y2>-Puq4Rmb*l#adWmlJGY#-52mJG@N6N=xOm) zSx@@-g`K=VRgo^Zym0y}AQb@pT!^^?w#ex9{{ScK{>}$B(%C~a7b|f$rqqH^rMRM+ zBFMva-CUadDfTclH>2VdS}+UnuwX()$Vpl$sBepp{A>1m;K&Yvw7w)7H`$T%lzw;;it*{l+ePx~)R0vQP2Ac&9@Sr{*NWA|5%E3B2 z@YJA?tt1sK9{kDY7-CHY12}#o{n!5h1Cl*B#Nrbn_)siB_W;EtYDaOoT-wmMm@UP% z7U}|Hb}L>{eOuF!HmBNInDxl5gUuOtJY#szIANewEGt!3Ag~}K6@QC^`d`n7(Op8Y zJ+V|;D2W^>_&B%j`Kal}RsG-mR_pfo^2EJ(724`6Xc}37^)2|QsW0|A3apZbRc8Ai z1IO?rk+A(b{tFplxUmA+nG8Ov3I<1^iee~L***_fm&Cre`9BPuyvZJ`U~O+&M}^pv z60-(J(=)I-|GTvVlt9w>pNF7$SGNmt_K{Mh?HH(glzEBZFVWJD2!dv`GwavRY`R#%jj3dfUv$1Z^A+@5E*=OZYL*s=9aOCk2+XZB8FvHWmx6t_`cOV{x1q~FiK`Zm)A}9OJAKGqsWR_PqMV=!i zuAfDYDdsX(S_-EvH2umuyl9y*pI(F4-WBW2gun zix&H3f1mf45kDlx+a{+T^Sk;furWkpN8|qp#=no%8NEUht8UUF4&`EUss8{bKjE@7uCm%{FvxA9h-dY}+zBD!P)jDBO&{X*hqC8a74aw_8tE8-U8+S4($s&@^TF zAC+UL`z#*>b-R*BVzLmf7p+~?B2&X|Sl$7x?kFiT+&j%qi^tXg{{X^b67fkwx{3~b z7x{~o_WhbRBPF{ykyGIg%@M5!#87hvyVX%!{tp1$i33S55W#rLRQ26U5A~_)^2KfJ z9U4|VN=Ga&#i{Y}9--;K#Ai$lZG||5<8KqBM2Z5c9bcjA$VbPP1C|v@5LcHt_{iN9 zIgl$7M}kP_7qk`SBXad7G29M=?fOaM{LXPpgaXpF{o4+8J%{g&KjD`uSdZy8+N=wO zr(McYzaY5lSdd)WNTBa_p~X6mV|xDps?@`o09$t`305&gO*S79LQdzq;gz@sJxUsy zR_Zvw@5&XWDeo!HfoI8Yq@(iX>DRFMgNmAesgkWEyT)C^BZ@>+)Q{cmwLq`>*gOOB z%b~7n9RJbv2?xaGWi@`E972_)iWiV+IJuKuG-D##;dZOPKKM zl3q(kV^db-J6HZG{#+!U@Umu8_LgaiGLFY@^1X*NOiSfXG=k+}*N;;gasUA!BMf2)%_J61%FNP@VE7m%Pe zR+@~JJ^*q?&3^|UQNkW%hC#U;fNmjcPmZBub->APk9!<-;|wYpR5f{+>Q=P-EFFF? z_3%`1xri)(-Nw>Q8g5NPJC*NWkB=4q09Pu~){vN_G>&BSqm%ZC4-%m)f0+j_=E(fB znJj}zG_S!L(%}GVi6e)aI)ULNY^lH5X#W700!wQQkwhIiGdCx4J|?U#XY*n0p zE+-3@2xMMiJy~U7Nd1~K7GL$HDt^~233CO)ppey#*exp4YOz%Y$73Qb>ygNxGj^04L znDBw*>(oR)R|A5zP$Ih6{kUavmE}UnW378rh7_kW%5*WtU8GSgsw7lk^1E{kelLX` zdVjj($BiH@WNkRa?Zw#H${A6E0Zt@?#=f8Wjq2h*qir9IZ)-KZ5@!LPj8zJwQla$Y~a(Iuk!V*Jr zB!j%9@~7GRDgI6%WT^NTbMVC#3l&uW@Bk0AD7?Sb_`k~+Zw1S@07$4{S!&G3{n)kY z(m4P(r|~zz&PZeXD%yE-TD(Hy9(M7LFE1ets-l|lGc^^`zwe)ge%CLH6kQKcc`dD> zc;|{rv|m<*<&D5JI#_KGNcPG+Mm(L|j_i z+t`Qw^_8X6NF0UT<`B*Gkli6V96Ql;`zh~iw1v~IBeroL3%D+k6Pr4YW+zvy zoR7x-tiGr0BY${>;oTLv{02Fh8O=T~MOB=dAKKxE`k;9{vvV2cTU}D|BjPs^LoLK& zhkA|CvL~qN_P5|ONFuyeVQ5w8;bH-HU)u%QKjFCGy&6Q86lW@CS7x|ssb^TpNZr5+ zL%fMb3^{y160S(>eha&vR0fes;PXntD<>yqsUg@jV2+&$!8RVEhPWcU3XTGVa;Fd*Zq4dr5-Bb3zACgUAX#fq z-Ym$fwfE-j{{RJ*IhCa(ukRTQmh{_;NC+>5{{Sl)Y>N%U@-$k&?LYxa`vd4N{1zsWqutyGeg@(s zcPC&8TB`y&cIkm{&>3#I0thc5VmAT6BX6OwUY`f49E0LBn|dXGWfh!w{{Y2t;w|XQ zY+|8R1=ODWJw;#mfvzKS$WIK6ziL?2uKxhEsa^f~HE~N<09!~#!sC|T@s>Wm8)30& zq?Ra7)VeCw>QN<%V@eU%{snnqj+rb;soTcjAFX=wIXiTY79@22k(0eWBz_`1dql`&VNefUpitYTL>fmzBShEsI>Q3hm{JWr=w}I|aVuIo5w-bCQB1)MgH3SIN zQR^=j{_aJO_n9MyQTmMV&tVhC3a|)R4_TGkk?~XA+tZ3A{`2j$pJ(6`YxR{6b3CW? zhNBx#b1FX|kx0ZsIUUC}SsETcV%;RV;wA8-7em|tmH9;C+V;?^~jfnQaA2P(p~EDcZ3_OcVL`AW*!F7E7Z+U|Qen(cJ? z0}oO(B3V5t2Il2>i4|EsFZe8tTG?9MsytFGiFa;TFltkg?3=*`6|zTWs$6(d<(N5(6?QA~}*Dnt?>TctkJ$g73W z`d*9zLf~+Wf+@3=U^Oy*wSTQX-(Bh zh*E~1?zq{1$$T~-M=iuFUJfH<*lvu5fP>Tf+-9aFn#uz+1(3x&Oln8lkw6MY-?xax zNh~!35aA;QnkdHQTh^KOuk$S1Qv{QD6s%GR-q1T{pHg^a4o2MT&C{<=EF^aS0AKu^6Lm68Y-V_p zSC7}2FdL`{$~v}tWu8tDb7JbIQb8&OejbEB*mjfquTo!!;*X9=H0?u2 zSAC)Cwp!ru!d6^5?MyFJj!T80zFWszY?no@%udZ;JXPOE}q_H z3nCv>%4mI6Kv7RBFFt&i;^X$0kNHg_uq-tuECT&0D{7=H(JkkV`=C_CcIhe5*|Mbv}2h(j~+j|m!B+)-&#jwX%bpW zlUz6g>UiqP1P>}ID}N}Gf%p%L_Wm9jS7Cm$Z*WSg%HTak0VXw!w%_Fy&7^vgB*`cd zsWKBoS}BsDhy0Ai5#D5hE z-=GgCtN#EaKbI1ndBn1W4JZH+-Jgg>AMj(R`FINC7J_Cdt!^pOpJhTxQT)|uBMtse zI3%Jut-uA4umI54i;grSveT1)t&C4jOW2qb`_yoPf`+_jUk`-*2r*mOR3o>i$wR>- z?NZT);V&wGk>mSVj+(N?9j~b%B=d^plnR=HS-rt{WL!>I8rtSm;X(@`9Y^n@1xL{9 z!xNoMaY#wxZKjBot!fH@-|;L6hS}|oAMkOi-0=m{7M@lkWAIzX z%U^GY6tlN!ubsiDf;j{%q*SO_iBaN8&}T={9j;@Ppd?5LE77Sio?3VkoYy9{D!z#0 zxMI$<{#Ihc@Hi`u{W@jw6|Pk?|I_seBPjI7pL{RZLpF_i0izgPDcsPIK-f~a4)`j( z?9EWh6_$WdERqs`;wzj#Q@T%GkcXLc%P0(ncvJ9H~=9B%T*{Fc#?91&8T4LLIZ05pyJEZ7#xTbXX;XoEjgg!M&dR*j{0 z?9wkNp$qZ)e;R)C;#owtwykRt$O|hla)>y*!96u(rD%Ot^x@n<{_Y0*RQQ(VU+u0;^vj!{PxrDkeys^pxuc+J^!SuBDlht< zzIM$+`qcp!DzRG6 zbm8Nbp_(=_DOW$T+cBUl-xPTr^9{*PI(4;7w=+p}(XD8)zwV=2ic{?R-xt{Z*ZEiq zIHlnkVbI54RPp}pp`kpDIQ^wOa5J%Mr+FBxL1T}CkUk+1cMDCIg7W_WRbTw91k<@; zE45stj(CNyDS0RYmGQ5|@qMl>_HkcOMQ}I{5uj#bD*pfsT%%g{-G>i{;rQ{4LiRqt>Wh|&_XrRFKAok=d zirIP=>Z==isKPIa7!rl&L<(A`<5fW*{{W1sifPu~fqSW0PYI%Em^jNuF<^| zf6X|_B)(f$h+N4e_DLlgq#c2Y3jy|xV@Eu&O|gydp=cD9c6C_AXg|^(DsSyGamH1KZ(N{J)zDHI7Nmsuy(VMGf4eYd zw_~R}!Y5YVGSER3W@6xU3}{n|pdaqvg>b?-MYw_}ME43nX1KOgl1NNoBO?$95%F-! zukos@@PD$n3gItok{O_lA`pfJrj27tNVM60DLL=({5<~vYYi>g{RNuw;kdYk)!Im{ zy)vr+4geCeu;K8s*N-R5w~e7w9|oOfkUy()DKde`Fit3{s)VI@tMSDrW9iB2GVbde zw?Xlu2O_mQbAI@Fr^V}OT8WgO-dG99TGEjycO-PD!^XHt!fSg&8HbuAZiW!RA*C6V zwRSDKFZ(>!@U^YYvGuvf5n&d?bqeK_@~6S-D*Auw{{WMRR-lXc6cDV@v_pQb%mM!Z zgjW9mg2NAl>Ta^9?&gI2Mw|ZkxB9U&f5Bj1H^J%oYW5jJCB)AXxs3d39D?cy{$6kX z%OST&LV{|`5Rq4~_$Kh*;Xf8TQsFI{@*nRzB$ViQl|}?p_L@cGjp7HO^FW&NK(8B#<$f|DXK>DTDM_SUjSEq{Duh#+D~12Pz2-<5^qm1F+uRdT>|i6uV{)cY$cf576OR|4u(EFP-Sw=xAv6H1=T z`+wzPdSbhRvn@n7Q>(x7l#|p-ugUoeVU_KiGDj`Q3MArXYIviG00-DLKiOd}p=cTJ zVL?dbj;ec(Ly{k#62I^`6G(~V7c-BDi=Rp9{LRGvqHyO(23WqcA`VmAfNFX)meMgF z@SuOO#dKgGyM?)P0%>C))8cPMejU310Cm^-v!!`9BulBI4oW(tpmh6GZ}^L-$$f-M zmXRv1%At4aIEsAxV6G=>cFj$)xc>m1PJjQ@^#QJ9jW~tC4!)k$li@WqJqg=mUYQv4 z2B9QcMDHo!!V&d}6OpLm2`D|7w_M~tcGM)7RKB%^fVX*RJg6&AO}#ac(}AQ;y!i6u zoO7Pu!7(1AC`P!IYY`wSh{Y8Fs{AT>C+zX`+W;g|Ng}9TQc72X^d!01Q{K5C(xHOh z>eUfLG6_~mPUcCTH&pmd7(}C;IDe4;0BQ2BP|2(6CN*_}j?Col$qB6#{?{oA^v3Cz zEhVEen^}fS~^XcGAB!-M$#3PuW(J}VRo}|I%yZyaWH9`34JtDKH8(q7@8lp;e9duv451f%^Dds%?`rKGxakA z#dk6*abq+gQZ-p9Pr+CJ04L#A{%nxydN!k}!qQvZsMH0M+4?sN$z+aItI^f~OF^{0 zoF(L{`>QY6`#)hFZVxg+qUO=aHhjbCs*N7T{JNwfkS?;_J+~is3^m6j>McD(oa+ zIF0`Ra~kts=fQl8(}o`ql$C9$c{?p@UCI5=Y%^wdlH%cNCQ; zcN-12z|grd+sMkw(m`$%1JRlZm~{D!f2m7pRIri9sl|LE5Xi!{*zt9j{gx>#5YHHv z?P+Z(PfjI26r__Ni^Gol{{X{$A88rykicYV1kw`bGaHqP1>?azA^>?0`G05O{{VhF zCOXSknj&N6BftwyJRAgysLQgp=#j-=kDoPWcKCl~@JxF24-C$1;A<%z<&GI^@Oq@x zf`Zib8>$iT;7K(gixVU^aW4`T?d+{%_-WnbGP>{9Pfz@;e0rv+@cm|4uuttzrg^`%3}Ri%H)4e;cb z%iNwr1dKg7tS_xQY)iC&`+n+PKkRUX#J^W|ay=GQW#njR$Xx7x?5Lo7Tf1;cYj!B! zG;j!#o(k_U_~#*h$&ivzNZ86e#b0^%!THX+^GmXSj|rKQXZgvI1+Q}>DMd? z;9-hrm;t{Baz_6E>~Yri%^l)%9H~31kZVvCq$i>O04pt`ZVd%dq<#`ec@e=$;UD`q z5%E_IGUZf?fu(Zf52vv2~yJTn>kkzj|PruWolEwTqQAQb!$6m zU?j){cMyO#r>Lz>{0aE6J9}8)*0*358RTTOW$FdeJk&kv3pP}d8=XEfPuePG_Yy(j z?ATH+3Qh}wS|_d#MkE9eQU1v|f5s;LzF2jqDhs(`AgfMcycMS=c%$^B@%TtF)L@%g zLwacE_c5X@j(lW}l>5dLU8{@f9jK1N-9SBPLm~UV91RPIuHN1gz)2)!i607>WLDgD z4CCR$G!olJkU~|NA|$g43i=IS*NfxT>+s5jiT?m(Bx94mDzZbXY2o5dF15hNCc=VBmE;CavKmXPB4&y6v-)w0BbjCF*K7BlL0p`!F z$!`_2auE}FXSrGi{nSU(QP=j~4h``9OPr%z)U7Wrq`#59D_Kc$MJU1=NSuHpmo#Z3 ze}nD6EL_^no`^ii?pm@ipr`C`=D_?Mn-$Y;G`E7%A*ZZ&5gBH^)SgCn zl8Qh?KvFnj3hG^4pTeyZyC%lt5Ea4GYSm>_$`tp)VPrNq>|% zr#U~DoLHux4aJA3R8`WhqO?{n{A=6c3^=#>3oC!SIb@E@UP-+LVi(k9aKmczUPEe% zo(ssYAKQsAhs+mt@?6TLL(vR!Ms^N&6&2f(x52l>-?8w?CoXY&Wu)5AZ>vWfvp?+% zcKz&R7HTv@_PsyYV7{bktgz|UlE8>muD!=<2BN8xWkq;M+g??kc{{Spi9gIK?(JEe` zd`!ou+_>~2Heygni5*;lP|7!k*V;hLm|+IW}!*=%I$4H_$|^zjvC#B|4sEn82# zoda80GwKt94&PIbNuyTS)H?-1zr@%bBfSZK2I58s{z)kR0A#qbK+<2^TZRg16aqL3q-hWpHK$%n{-gXjy{(!(vTy-| zOK_p7_NxP$6HnMBmlTRry3-?Pu;|S*T5G#WQE79RqoWWmL;Hu z6sH9(_L%%f_c8oDky+pEK0ewzSD*$@(Wv55=a3V;YQGVwtb?B~vG(8oD_l&)aQvPd zaAV~_^9}}zPbrv_!YEXIpNrIySNDGpEL%^oihGmEp5aspE^iS{UAT}IAVooT`#W>} zzuZQ#!-g2Y6uzOkbPFkD@c(?A|gUcJ96T_tMPB;;ltvUSx2Ou4_J}nTH0Al zcMSznD~o1Xf(`?VaO28G{{StyW^YGkZb1W~RHZ7cSpi;~GaOA~kzyy|X-QbVTxAI3 z{sjkNHKAu> zNZ;&;qbfhy<$9?YinVBfFA*Z3gaz4;&G;4n09O`_h-Z#KNf1bfe)1AmzkoP#Buy-~ zD-AtfZ3^}3u{S25t$4HY{{Ul)>q6R18tMoUnjvd4@^C8r!#Lsr=~s)0$SstQ$TW>t z5hQ`Dx9^u>{>N@vR>-2G?L7$k|82GZ&<))01muk4<9H0 z09ywG`;_?0dRG-H2PQtPQNSPMv92cqEw!;%Qt^ozw5cx?t;zgr>95%zB8-U%8~vGGPTjy$9!Jbes2LlQiKQix)bdh*EOI3U z2&F&ZpZR%U?G8JrWJxEL8A{9`3dNWrfc!~nGki@>n0Lhx#Z?+6Nz?M<=ar;SUq(5-MrV2pwzmd_V9xH1g`OxzgDr z;<3ia#+9g+R7!RJci%cCgO-iCb@gTZT%Y5D*EK)e%|`dn|JL;mP{y8~IKnExXFT(5 z-NRU1%&L>zT}JTf$WI!ZmW;BfBvz{mKL`F^DV&2}j^1FlmXb##Q%LO#sjoEs+9)LM z0s7jv`kx+0ZmivveKAKgju_XAsW%cDo>Z$hAA*$U_Av=yDQ2+8Q!_k~B?VcMHwSJ1 z0BTcCpYFehmT6>=TiM)1zZ6^Z0Zjm9R8mRaiV+HAMf%3NFADhG-s;#Gx579<_M ziYnoQx;&Sc3REPE>VQcUjZyfb)A`jY{{THO&8^_$ZD3FO6bP?$#MQ@Lnsqx@X ztvnX%9nmt(7mQqFK=N5@euNr(Y29?jY!+IX)ir|P;&;k!O0M$2P{FJ9>_*OCe%+G>hx0ZJb zprMp-Qi7@r6C7+uby*gz{!+=y;lXkGcSuD~33;OYJr++=7{=eUw2iqOHC;(0({Aoz z5vmyHmNFEA0Z^q$>+#DAH~TCgw7WrL=s1pI3WLc>kUT>%Wt-DpA8EM%0IP;J z7W2)1V46`FSUE{OXl0Spik+xEIOB>*6PN5KtNU0w>iXUj&c+cTnjn_ZcQNt`!h?QK zMM3=XNy&d}G*%@eg`QQCJB5A{Ehs@q*OyI?H)%iCk@H+b>Pb7sfEPgkjCO8dNH^PO z70nvmT3y3DpcWiRU4SGwH12j|C;T1@w_iry-Xgq2Wm;DTrmiH6(4V!%dABd+TxzPs zW=a)E<`OMBh>MOt@i>&%;lOc1@=GG`?)kb$%M2|v zZ&Fmayo1#WeJglPSV%xE@t!A={8ix!EFWRHzuLezS}vjL#}BC#Hu1k0)Y24C9LLS0 zL}SW`YV9}0!{OnE7T4N;qLD*1Yi}5#k|E5MhhxPf6R zDH2?R!Bm*fC0ddyq^i=b_E!#U^~=^vn^?4XV~$v)vMqBhVi<&%0diu33AgvEj@q?E3)2)nv zZ#}=I6kvnLlCVSfY}k}hsk6IJP3_jrRd^t&7V^qVbg#t{bK>9Z_^&JzX6bEc97R%w zR-7-!UKl0xkk|IB6Due4V5>;fEH?3KSC zX9Q6FdKyPCk(Q%xRyjFT8g+F-%#Ba8%K&K%$$dMQ^&KHTjARM|Sy=HWyS+c*aOMQ( zBC9Qbcnpje;WY})+p@MUZ8+V-8*Zg!fj(fcU#EkA!eJfd&YK>eJ+yAmG$h-q?OtfB zw)FT`id+4f;uiM}{*QD3VI^f&-AIxX%|ik?58d02qYrFPp$al?QLf=8v?|0hrvBl% zWS>YVi*g%vww^iTJ^dHC_12v`BWFOFYN~3-xxt|2_oh31|JU^nG=s7H zGL12g4+BF&dKy-q^v-YRH-kNfG#mhhUhbPBNcQ}(us-{JkPP5%HE zVH3+JNKYb#UD;4_97FLumcO#bzwEhSi(9ys5p3$bIXj2gay$A475@M~+QG2hM)v6x+=^`zitZJHDIj;E$HhnaO^14Q!x*hr;l!$Ci7y3r zQ5z`ZK~J^yiHZHJTEV5cjX!(o&3`h@dr%7_Ozi7H{{Sxb_T~7~kHf>4#MrFgQ%J#5 zu*Gj~@y8k8kEqfypdzHCD$C35Gq(o9i+hWYUMb{4ts@tiEB0f8OL)fhr~9XmFY@r` z%bLptNG{9&0HfA)m1;;?mL3jI*r-{1kK6s9OC<@cMR5$KCg&pYH&H5w^$ds#NP@e& zFYHs|;l%>bELgVd@w2fT24cgUw@~~0+EzrBO6C(5dtWsfD(LPXJZcE>oy=QWV0yD@yOG~4azF~VO7u{-Y0$~_z3>fOrNuhi7q91 z6h>U#i4o0H)M(=;)Z*0(>donKc3*}Ve#gTmG75UK%PgQIDuU)^Q^i$LhX_IH$ef~0 zzrUBC`B-^xEUhA>@d)EYXx$WsL}qqV7(Lz?y#FXh7v)J|0*ssTY#O&Dx>QoN9D@qAworzh-UDDONhva2bD(vCQXswiMe z5@=zt0n3$$G$=CKu4+wDinppO%XUg}zQn->d% zA(G`o#R`P=D3MgLB(DW#REobB+xrd0u~b-^{@#0XS~+5Zdv|5wQ93NK0uM$WqW=J^ zig|+W*Yvp(D<+xE%({W2Lmfy8vMhY%-Q!gZB4qf#$il6C=CQoAx`t@ydDciY^KCM^ zOY1U6BAx_|z73oFoEvo$!5jLdhlv<6@@GDxjtx@9o8u|!4gUad1W7A>QsyEFiaTc$ zNUT+m)0@aTmf)PKxr>m5D66REil@AU#~At$X$CukCRk@EBx(BV77KdTdCGxIAM6kUs1VRmG&SU99lW>Bn2hy(4K7GX9HtY`jRNQ`HOzuVy$JTV<85BX8a*Qk+l4%}Al!*fs`O zr52~h)LQ=llGy(ME!o=1q(waHP2BG*EV5J5c^UrzcUcy)ClkE` zM(xWg=HlMRQCK-jCG{BITl!!|0H`jE3;bX2&*tU+wo0^R=Wt?|adh!b867JekwWah zD1-uwG_>5ExW0u3r8Bs6%V?Zv!d8L8)%CfvkH^`e=HUbI5*wfE~ojw zR)7D{^%2IO#~Nxq@fqvswK&)OuAO`I&TsjPrMEb)T{*<^EHZ!w%PrhV&ATta>;e6} z<9h5j1}ke>(ae{E?9CArr0m?%yKKnh(0zDN;FItxPwyxFO zjp|Jge7NXQgHwx+4dSA;=Ugyb#){tRPM0oYerz~8$gVw3AZ^Gu1OBVF503HSO1lP> zO&Dbqt8=#uM&MC7C&m8&6~Dvw@gaLytwhSwv`{t`Dn$36Rc92-)^AscQY2)m(qB%l=Q;;6``v zQcmalao&-jV_qbX2nV$e-+oaI#SLm$k_WKbzkVqK$-|Nw65Ab!90wv#eZSyvYR1bX zaq^?XAW*?T3Tj5=?eLV6WUuXD?@CE+mNZY@nB{e9?9A|bF|7}DSBd`s=cYWQaih5( z2Nz_gWgeWB?YHmQa2u!9?yhas2{Ob!9l_?2i6sJ`v=q4i0A+)1(TtH?Bw#wUL47)g zeo)66Gki7pxQTgvuii^1+gw`C*xNX`G8q)5)d>Vh@qmbfZ}7Yjw_a9Ek89f4AR)Ng^m)k?zY-%MB`P>kwLyHSdRa?KULBSYA{l7Er$eWe(pMf9txH|s;zVK)12erR8vKpmGOBL7{sZt7Ue@44kZ!W;ikjmjegD^ zX_qs>1>MDiqFu))8ni-MERm}QL_fB&Jvkrpn~njUZmvL@?&e2WfeUdl6e334q(Cfa z&mj0d9#|^V%lG&3vs*^)6@tlma71yVP@{3>L<bN>K#NQFf|-7#bCBGjJT+qBW!q6L`22pmyG3Mt|}C8xt(GQHgzq};QKfi zSh>@*Ybd=?eR-M1t+Dt^(}>uD$|FRIoZIYYIgKaQ^>>zeS`@jFT3H&rVzx>nNPyO= zyj$vv$DETouMh7VCjPk>R`LZ9LmR1%5z;8F0=#kf{0S1rgRhcylT%w+W44fn;XI>~ zB@{^9)C#heG-XlC;`n|ngIK`#m&Wornj1?9%Zq|mp&_fZfk@-=H}@(1-@(Zj()%)N zZCcV6lG9exCu?f6N2}RP7^szbu#y?Ltr3{~MY;a~t&7cdq9vT9YWDMK_Ylc%AW1z7 zv@=G)7m8)&6Tj>;D<{MDn-+@nOv`m46_9;klwGOE_jIRftwu-YSC0Puj{GO}BNVSM zQY7co*_h%>0~uUM3dHaUqXMcyTCnNYepSN-Nj*dkq^pC(9f*x;qJy_Inyt1AjL@Qy z@R}C~eS+?Ke$hDlM&|blQ;IJD$EYXM-0%LbB+(;}SS<-uF>m`wj~9O)ST~&SZm9{R z#5^*{2J8$hl_Y$C>6FSAcuI=6<;2rrumcdfjU$p75832ackByLjqBTpz*AWIw~@O+ z7Z$5YGmdT}8<@D7kKPsQ`#%@Mh5|Jv<=^eSQKaucDmr`MEl$SsP||e^2uv`fu*77z znmHzA42k1GUKJ!JIDBxU_3lkLX&GriD^&ap*s8W5kjhII8+R1yZ@qpw~d{>~X_ znswcbX>WL7JY+!!)yn{}iHPCxD)eZ%f2+lRXARk#GJWsZ?x|p`nX3P zg{$4z$#MEQnh6jH-Wd_hPKZ;}F>|a`P@6n|v;4fUlIlh0CA6sa(r~2E$O@H_31s*v z8lMqQh+%y<$5fHlzuAsPp`jI0D8r>k`+MWii7pjiuA60-0y zZ6HuN7HEt-$Zvi;{{YHw^07-Pq-&tyo)=c~!0dM*n16dtqjvcJ0M&dr)3r&g^xacU zj5=7|UZK3Xf}#GVrjsQAV zNw}-Q0)FrJoTE%{=FP%gUBMhytRxob{FIme>SGu|Zyk&` znzP9QOB0(=;hp9JidG~tNEhNQ`_~Y!26tXRyU6sXzyVWG2S7Ux{V_`@M7NN}1$i2k z@d`N~ybLnCvhDP}kxVi9ct^sL-OMuC8gb5 z3FB01nBt9+l@xvp9AsCk4{wFAQ^P5@gb67OCfy@p)N+jtPq!%l0NG}^X(bS)sCgu4 zW%Oz&Jy|0GSHiSnkBi*GR`j|#NTYJf+wxTfY@&4no2nmNx9u`6Cuhlpt;??%BZ_;z z9TjDenRt%%jS?tSpXS6ZtS6CWh%o2GyGX#&OS#k)e!uRh+nUqtv*G2Ez+*P{+_ zyk@qHda4}Au&DJ<+U3!HABUD9b>@4SQDTyEh$_zovLp~M?0{E!8LAii#^r#Kb!+1< zqZ>1`$XGW;D%@6}`~zzK#t&aEPQ@1L=l3BIQZxh?EIbv@>%a@Sg=%gcEsD>Lm{6_oG? z`=Pad4~bXpa8KSzIr86;$rzPU%Rv%?qBQup`ja$q@?`#Ok7}CsqpQsJv8Nd2VrR8g;|N;% zgV&JNy7i-ov~r@p{{Rmva|eqB@WF7D3aHyg zzupl+K$KKnw&`A&(QO^o+<~deSz;Wvw1l$exCT*DTh)pH4J8ZZ`(C{4oh7iZOE>l5vfrgaB$0 z_!*e15kkCA#=V~{ZAES$hAvqbQ+uMXdD?Q+83FUh5*s{}C2 z{{U8DJW@$;p_OBjHbEMwcBq+|Riu-Tq|NHb8fQi0^@Qbe>M z2_BnJapybKeG7w)yBma8sVwIJjeHrl5+bWyKl3R zYugDe?;amQ;xz~NaoomYn~B_WL*M0yufPhhrGIO1MJrG-l_$CW%)*3I7D?1qp!~$7X&XGo@hZT!n-v-799_>f0O>l1;c%Cw{gvA#bk|EGS61z0ifr^ zSBM-}Z?*RR2KzEwJ#Oa8Cb_qk;D_b<=8U>B0%N7h+E4H1StgbIkk_ic~i`i+kI+1I$;ASc-la*nF9bpj5$`9l}8Uu zH$T|rhF($7Z+}WH#m%{nIK5S6loe%=DOxfbGM-I`_ckqkW|rl^XoP;5?^xm^bN*9u z{{Vu>bnF@`Fj}NDazW8tTbW3$2K=RctN#EsV0kT)3&|o<-lS~H5}rSAi=eFl`%meW z{{SJsn+;sKX;LyI3|W!Zo2&60wxIh=YnN{?rnYr746M#}-0_-W&>oC;%ZXu*M`Q{} zDyu>$ej^b)X%_|BJ1z(WwzZmk` zF>!SosN(aasW}61V}<=SpdYgB%l(cmE2YBU7?y%)f4ej$lG>ty*Y+ffiT?mw7Zwi` zwwF@KR9ngMAfW|9s&PQSZP-W3J~(q{qib?oL~X4Fglx50Z-`O{#XztpC*~B_gx-sM zSTQsU1h+_M)Gh!Dt1ZjM7FHlr?R;_8gO4s4Z2B#|@+|g$SVp&5B)Nv+q9vnMKO8Kp z7-+ctswcsO(+iZAk-VIwQ%(SuJgAY;xD)-_w@>Eya3sjYR1Z=$GzEbQBPvia_*Agw z%g5qxhc&gN5Zo-Dn#krw3hc|j0?y~-Z?nsaeV^IGjVn;3PE;zZcsOd4C;-(>J}-+0 zq>{@rHzUq6tgXoOi~wjlZs#F>Zq;YhHO>*AQrgHhy|TFsRL5AE_o6h4%Ko1&5%Bfo zli}yUl|2uJL}H>y$@K*po0$(@ObI;6=F9!$pKeKRf4Yvow<1YH3&_QjX_!}ot5BMB zs{a7Gmy-RM{Z0?YVK(-cw|9vQDDoaea%SYmjRSC1VuGCaJX$!D;{E>stdZTx^mt*G z<+STC1XhN+mGMTSupEjC$oya7hO+hW0XKEP$3 zJegE}?H&C_S_<$r`(HN3T?OU!wK5|gg+fU2@+6)W;N6Sjik4BJiEV^P6fDmivR15k z^k#Lgj!2}oneEk^_sJlNaQuK32h)tHB!0_(u*bdq+Onif8fj25wU`up^MUut$}Z!xrT6ItEZu zoS=6}mzOxbZXdn}b$74oR}%h)2K!EmA#nxOyDhPJhYwYYx?RWnw|)#1#VaSqvGKs` ztLjv1c_4z;aS0L2CB&Dz$i-cmC6?GbK*!^e)?ZKIW&PF36e!wil0zO zt^1~5PosXzH^GR+vXiF1pXpk?=oWL_f$8x2%X&qn8?2vg*ON4IFE6pf;>m4|&btkg zNiL3M3>H9bXY~O^PyrN=lUBV34u@BHqFYBxds~Y7No{j!J7XP!t1&bR2`9h}@)zbLj!CZMcbC=EV~)2Bq@;0#iKQ#I+mber z{2y=9{pZ-uadk=WirbQnIrVO(C}+6bC<|+E(WaV#7uJ7CB8!}#?#zte=(?TI86zM|h#0CFAL&?%cS?ZnPO;ifQE_UE38hA{h9DBn9|ULq>P_ zLq`)y{^~~icpgt)31KDP>L`N*jc1Zh029bEl~#y1T2V3353EZk)=)IzD-1IdtWkUk z8?ft7+Q5@rTS*kRF_wq-q$~v(pi{jBtjFS7(}%>({MbK9^2=ZPlKpBJZKGw3TukW_ znHUDA7ChKc{>uDJ-?Q;yz1Nd15((Zp>pE1&$Mx~ygjW^|ZEMOv z#&#utYl%Gch{0NzPuq+n3po!FpTm@`TqcRoBfT|{{UzA zzYZ0}J)=yhLWyJJ%~7^BPC&0tN_u^t=KDNyH>_z9!yC;A9OO`n0U&Z!Xq1t@(huEN z{JbeJ+p!l;q?IwxA)z9mBS<=RUqV{^SShW{7bOED#?(b9;M3FfxpJoUW{GhLtaR;UfsV&U3bSI#GX(#%S$^5uwYi}#kBLuQYKw@}E#;q6|zwAJ?&!)>R>$jBzLc^HnF1qS00@m;Nl1?O^MFC+ZiP#igI_EgDym zqr946Q`RWTv4xB~a`^cwzaLlPPI)gMlo7p!fAS;PY>(v|vog5d26QB%mW^D#M#Q zFYRz%AF|)IfOQKU2J*$U>y0wrDFIZmn$?!sW02Q^a8F4-DzkcS-k;jy@w0p}+pP@P zIr`<2#mE8}Ll>sVq>>3yt|gO??O;e%qX>x_nJBQha~iifDl{T*YLwcN-x^OxQl&WONlENrvqF+4cKmIpl|VW98rJfjDTFt z4El}S^;Z+zF}DGTAx|U0YRzBgV!s12{?7;XgL<%oD^DYtqEaR-!+`3{IZ!C%-`-JC zzq|WVaK)D1G6YejTs0rl^*02DW>~@!-aLP6?SCY;rchp+ds(gQVnYk_?X+o&fo9GUUFfjh0UT^q-f?FR%UmpCTpG`y8sXnQQP;DdTiec{{S!8eU_1N zb$RMu@({+v$|zJX?G%iThvNP7SNDGcD|+6mMskS3S;~rnT9oMWR3NAMDi;%r_b%jo zK`siek1wA5^_V~D-go|$QA zlSgqIRn?{9WqB8kQ_=W%N&db^yuy6TrdpjY;4QZ$lIdob(6w37ig0*686~%Qt_lx= z)%|H&K5rK<-ej8FM%JE9I_)mS)cT2%B)E2#-3mgUqLz|aRw+oY1bcZ`*ZW_*WRgrN zyz;6flh3K&&1>dsi55rEV3`fQ#7jUvJ9*8|r%$yrac|{^_A&Bm*Lq}XKCz`o5do6k z=6j@(WMNJ+Kdl*?h!k&96=^?fjwn3ebEsI|N2~dVO4Hs&i6Dj#T6IvWRop)b?iG(- zKBuRJdUfWDZLUQWz&o@H>(B(ba%wZQ3dh6=Y zd<>BeGAFtWTh+T(NEs|Jbgyx@PE60)*DBz=+eXJPpetoLnBbb zJl2f~CW3}PtO#DeH2!ilGq}_$Bi$?>;7KA))EacMMdaw}P`r@CD{#UH3s zgRIIFR1O@>inJA1a{mCjU-noA?jv}?jl_!^5@Yo_MB#}bn3dhP{$t0N{6h<^VtcFj zwEI^>8nBE?>LyT#deuRy@-6U2zrFQ8;>ApmKA)%DPS*EV6JK4zr31-Ex0sb>93hAa zcrO?D{aAVZzf;uWm^Vn(A&OCJrp5JDF)3+QM})`$qOwPH*AU!8@P&=!csaN1e%1=t zEacWSGYpp{rj5_lXL%x>J!RzOOtF?|6<418I4AS)&UFo`m3gx#qrcd7W4HMz9Q7U; zHr~zP0ppc}hA3ZyCkNx&Ll`_Y!@gRPfLh;okXTQ`HU!~XybyndP_ zU+d!cc30C-tgze?C>hkFFe7q}5n{?mPAxb3%Z2mV+`>a}oWNIvp`1*Dy^ORxU%wM4 z#NP^Au0`ZqXzqBjFpb(!Op41IdWuknYH|MncE7~U{{Rh_EY|QqXO;ahLbPY$sbrO9 z+O_`xe!Bkv!D5!u+Z&NRyiY8jY7|tEv7;Z3l;8XLJ}>3N__T}Lk{g=ZqR321PhLh! zQ|!ig_WLN(e=oy}+UdGAs83Q?xOQFvZc9bccyVZyLcsA9JpTaIU-Hc?tu&=?TH4+g zFSK&)EeB75%}UgF{k&RDO=Fl_%u4eEi*Lt%oT<16$M&+Lx?l+9%W4DeHXb9c+kKz) z_$CLI<~i-DG4&voYRJ@A08pbwMn7T&~~WMxwF*0KYi;P4@ZZ zUiVe7x7Ah^y<2sed0V`00Fg@a6<<+|XN?=;{{UC*WQNaKiNs%9ZZiU^vhfcamHnbX z$m3Mzs~q&6`<5?k&j;D2e#`oMUD5W&U_o+mwpGX}SD=y2!4f zU`$Pj#)00-Wmg|HP6hez6uJ+OMqZS52QQ4kFR7Fo&-_rj8 zb#mg(e^6VSv#lS(9a99#E)2g8c#eqf&VN%Z?PnJy4I zn}8mBF)sq&zx!^AvV0Mk;+4PS7s14fUh?(y7csV@>Rv@SJTKvj>Fy%vvXqQ*>dU4ITG9(Es%Ny03gGRA`laY-}Tk{sFBT0R6J;x!syE`ut z&>EAn(EYRg*oBzBlYzE&w`MgG$5@nu_G-!i?@mpNCXuMzOo;?iT};NT+cI(N#zI+s z{5iMs$q^M73&v78lu-n=1W{L;5NJp2D*php{_hO5y$Iba++C@?kJME+R}RT)S$-6S zu4gLj+>JdOcx98~{_oVocs!$`U)!vZi$s+NDH7HemSi1h%W==q0HUQoRFm0fTtg z4tK3``V7B^KmXPBF8=^VHk{aQMH=_UHajrE(KQXv;N*3p=?8;e;jjFB>F_Te2twT_;w zs~VMg8A(oVjq*&>!ttWEoIq9!`)K(To4e?_=mOwi3c zdNU$LDLkTh)xwC+*;SNq`yUtC=MIKjiwV-pQGrq^NO;OWBxC>ps(!H=Cp1Xt-l{uC z#rO*MdnCAmSqXU-D`|eQBW!Cj6F;q00U7?dj^E{Bj+G7K>O$p`=F;v& zNZLEARaGLqf(as$;&0uz*;yZwFU2D9URX)zJ6NOCEy7tnmDS_Yb|_7om)TutN_xcY zFQxwg6HFu@QjLPjw$8$}M`*&-Y&md&obe}cvMwzKscwUmme94hs?yfZLJJX4oaB}| zSN%*ijjoNiuLhBE6e>b9&v6y6P!B&#(rLI3O06Qdr^(Sd@@2*0lTwGG8;~VQDAWhCpG@%sr(7?zm(NjZGA+fVexvO12*NCb ze~3N35uf=?$Ce9&OpX~$$)w1UzQxuQx>RO0Dok<-A_km)xcfiu&)LP~)nP!9yy+DP z;|sAzRwH1l;Tk`O>^Bu>{{Vfj#Mmydl`LIkhwU(sDC63!LHLx{?R+eY`+PlIY8F!* z@Xauheghve?ciu6ty}&{%)hfA?A`9IXK2LFa)`w_QJd|k6&w!lM;~QadYrjOA1|?h zHM`q^6jzpTHNuLz0Z7V`LSN#gSB-z?rw3kN9}AA+;^|3~jf|1WNzy_jkOYAqfGroB z86)JM67Xq1$l_J1U0bS0>rEuaD^+9hG-^Ux$s=tUUx+xS{{ZCw05%=@KT`b@=BT0q zkxc@?;8Z&CjImlZc(<<3oPXk<<>QlyHHArq2_O(T*KRF9599H!a;-@;hQDQ+?*7Vq zM>esvN+gOPt4P<=-GGuW~rZ-58B#z?38CvcELCUMd`evO~{vJQD-(v`$$l7Y&#V3}0(PedG zbj+z|b$GVdT;l`xGX*eGMhxJm?wgM++SisfD|r*vhD|S4RQ~`*yHop{l7gXG)#ixyjq_Ne|N?I0J=iMq1j7w z9i{rLFij{cG)yD4cBlcSP#g(3jw-nvvT%&* z5Zl|_p^-U9ESBM!f)7$d$@ww(RaHJFWAOtC>A&BgGPq zeAps4z`R?R3=yNW42@>1Gs^%)lIAoF%j%9w&(DN4Mg5oMD#!igT)4-Cws%%C+}=wZ zrHqcNYaDUHp0gJ`SJYAasA7ye+{quryc>r%{8oI!$paBJfyK_ne;N)WK0}aa`To%^j3h*P#UgL_Z>bc2 zxA4fgA`9zX5PEkrNvc~&vdL)#)E=aOhjA=Gn30v4ni+Y=3v>A5X)w1;(=Klr{-F~Z9lyKY)JW4CsN5jgsZcl)+Jg?@FxyQ_WmEYg|S%MU0f-c z#`Bz8sWWX{B%MQu4?mYELw`A`{D;P{+;UM+KyIYNx|g z{nE|DkHWYT^H9{TZKBfb;s=@*dvga12ojZx;EYk^s9uT9e__9AiJL(4+&YXJvuhCF zYBuqRB9`ygjbns2E(*+4u;hPjS-;D}txYA>G@);*>DF@I20|V;y7+?A;pV9nrZ(IJ zQ#S?pel_@TE}y2}!6&UGg4zfdg}uCK97`Fmz(I*jio>FEet+>!UG}%4X^TtisNw+g zWRv2MwSV6sox^{x@qa(V`=%z;eD|s9R#I4LmO|f3kWsGgIKpHAfy5fBdQ{)iM&&2j z{_oU@`qz?HL7+fnELiVX5>|(Eyo!v~Vty_Q{!Sl`*x{GUKmXSCB?UZkjx_c5?Tuw5 zgHiDNSFR;GlMw&{PQV?;`+H|4{K&Pl)9fVE?Id#YNB)ot5ysqA)&y1feK{BdKlwio z`?eKcV;om^1S|+J!{Wh))-$DBz_GH- z%CcJN@F>(ZZI^30Tm!@iMzX$v?|P{{UB)?G@bKPi<)`+h|Z( zdZMV)B!o9W?<&Ib{2Yp}+4z6m%@^+ZfcoNJG+JfES67luq{U#f+sg=>ZY>kI56&cG z`>0RWKV`j4jp{a+dM2wFxnVO%k=&yzuO^N`%>>lt!cgn`=$LX8MGd88}*k-Ets*;FcWrL=t`;K=q20Ih|;{1~~y+ktJ z#?f#!k{Yy7B9p~hM2~4){9c@DlCLFiwyM_=zR%22MqV>(=-aB6l6%?alY*cGut!;V z$aw}>BbVU+0CqbEL9Id2c4Ar9=Q4fJ)pzX;0o2qSa~k z{tju!nlo_b8aLA~)mqM1b8JIMkxeQn2B(pVtH+fW)OGlHqObb371S_Hw-H4W&KYDE zMSdm>7!?HkUka>sRr@@@V-wVMb-L4%&L?KnP~1eMavqrEAr43UT=IMs4gUZIfhCsa zX=9Ez2wLXh!x2En>X2Kx;0;v-DRJU1ZBv^KP4Oc`R=@c8!@*7>6>) zmqAXy55zy>Sq;3owbbq}Z^BFIT+9$h>7%~{hzMT1w&m%+smGuDFSCzJ3&*gO>C(KC z+XA4Mv@hwS19}j=U~c1FDf?b$m{W^?EF&Q zE6kSHal_~tBAPH3RFH>sUV!sZqDXh+>N3XZ@h`%^8_X<34-w(VamcLzRvt7P72B$R zvHLvmdKi5k62|gD9{d!8ENTdEfSQI)zq@1ce>(pFc#9^V5-d_fGR!d~o{MF+aq2m(k9S_j-)LMHKTx>PmnBBoSM} ztsFc-{pTN6Sl5TG=zW|xsIrdhPxBq!_M^-yO2FyMrh`&eGG=$m4U7m2cgTMNu^|7 zHU9v0$ntal09z$7+xe&L6d-D!B zCsxvu*529H?$&tjkTg@qq$|O9P|303#&lTQ>_6`CCAXS<^KB2Kd*y+8n~^MWx5V35 zliQbzulwyIOcI`O^D*ULCfy)U?#mhDT6C|&Y){bztuK}X${P+#%u$i9C8Tan^gfR!ALM@VbB^gceyedcq_fJVzzc-C z987GnN5(b|qy|}K4$*&;>PpX)sPo1K|Y$g1y$sI zL{4%yAAvA-jV0W7Zzt&}?O~0F){8|P^9E2V3vp<^H6fr;aLfGCOzhZk9n@N6GftfE zZslVmPcTU1k8q&=?XA_>$HmG&hF1OC&FXN%ORI~?<}whlTq7&;XjaIcfbd6;63h&vD76+yLIk^Qf-wd2kH&MYqF zwt!0^Z&GCpVehxSlX8k5Qtj zWQ;K66VyK(jrOGY<@otw+!`FWDuA?P#(BRcCXyC1Gl5p(l0Pv<`+UC7ABD`UblbSy zx%1(0l$BHl<0NN@c@IS`4Lw5PIZCVQeXJhZgiucopLDJsWhF^cW1*>9`hgF`6_&hR zIeaok$msY@u6afi3tj06BsUR~>1zRGaKm?K6qCkE53nEipX;o_Xa97>q|CRFAZLj}%hGQ{hzN zd4DE3uGZFBey1ZBVZ|Ptc&Q%|r(SLX^Zx*6_OMTv`5EK4wPlL*iDgM>NiP}`97NY( zeka@fkMgnbUL7*>1(-34RE*rM1zlw7)IE7cBYY?Mu;%Le<4=|YDnuoL+8J&HRApGm z2zh`Th*J-!wfK>r_TuM=-C0X{EPA$x78jf|N~p@nTC|cmK&sPr`%A&UZ~Msc*O#%t zp>=C`4a91tR^ULyh1mdk5^0_q4}n6r7XD0Zn(f?He^{2$VziJm*}=g_sJx1aLXedT z$Z0uFP5ikYt;BaTOr*;pW)mHWXo&SW0vW#2gHAtXe#_%8<5!pK5i>}Vkybr@Mz6Wu z>CgP0Tt8u>U={#x@o-W7q+MRbFaiFOUd4o?+&Q}*MpCH;<3{{V9?O<5i&&%?-y0HUPS zRPnDy9pP{GIHr{~)EceGDstTWleM@VZ6#Uu$0M@~lZ>OwEV_S<@_9XpLqeD;TFhs>n zysfx@syO<;!15OoiHwo@Wv%MZ8*t$(DtuoO{hT55R*7|?`jcBZp2G4ujkLv8oeIjS zG*hYmNgkf6{2#iv^!_!I0%b!F~3f#yK8Y?&Nem*VF z5Gid4nv%0PxS9||WUNaC782v!H%pK*Ut3(V&JB`8t@tGJOiIuDI z@FVw<{{X+aBK$Gn-84^mIYGu4V+C4xnNm2NhU85m$RYJ8+&DCA{GVqJr1NZ0qiLEG z2yP{bl3htz0}z!Z5=!t$RC8rvAMJkWSN6yGe?|Pei%*J6=@V7HC7xn$p;U~T(HhQ6 zi+P0)_ng)L0GV*oZ#sTjSX@UOS}Bd-U+*p8vz#y|;T)p9E65h#pT+*gaAaSco?C`B zipJjJ8+hX~dJh$#0-vy=ITcCbKb@p(19$nUpf$qFEuG7>tjtVu*cDxY-CSLNH+TMj z<-k{enBH3#OC&Z^hlxXTmF*{LniUBuGVvn6W{t!C7ZADp#kMjRcp-UYLn}@2U6af9 zTB{p+o;;fn{{S9Z$q%ft2p5{i>8y63?^DT9m!A$J{rcR0Yx!_(znpb33$={)^0mJg zxa2M2i_+v#nEDdSD*o^aNXhA{x^w$!$j&c1YBxkema$vbBP+>#M5EI&nJT`J9b-mq z+mFNj=ks0mr0}bYySc6!DHS~%WlK`&>Osj>p#tKiE*VjMfA}mg(;%_Yb-CnwMEda4 z(n9=1vaHQ5z$qKGWG%u3{jcWEi>AWq0=&*-mP)ays2qtt19SUWG#&B6y|VYu|Iqa= zR#Oaa1=JpNvYoBiM{&V~E=M3FB8YhR_=wvgTAidxqFZQ|agi;0Y&~ zZSa4;BzXS-XE`1HqS#s8X|{Z%z5OjEtdbv%f+IvCQd@{v%1Y9;Kg(43Q-owXgyT+_ zTf*|PM(D7XcQ5sdsAAFp-2U8*oVfo0yFb~SXb?wZ<;S^c7MBsJzhw%oDK%~!-0*%y zw)-pbeU{;o+r3X#)ox0_&1!+xtgQ7FI3 ze3nVQUI8OgIL4Idy%ba$ow~RB*`f#3X}O?vAg>~-3$fVHk+S`!AaP&zSaBWgpVZnA z49P;Wk{O%Qi28+zAZ;xIs(&-LsqiFghB`K_^+^NVP8K_fB`?W`!0BE@vkITx`d=UI zKf}v{I^n*j=J|wTJ2su}lmt-dORSP9^y7(G3QH&2Ze0C1f8BnzD7w8pINwowb8APt zG6a?>2?Pj_BgFpzs}uYx(eU*!LRwkMv6Y$>QmyEqCKO%v_z_-3X#W6aijni=%D8a~ zxsQrmDwL%ki3kAbH!+`w_Be2V_*^O0Jga4^-3GFGV%EzCjjdyOR!IdY%?RY`+k8?n zi~U#PxDxZqy2YGYeYUu5^sQZ^npL%t(}{)&K%|m_B84jcv}*Ek^!Z006@N}5nS8%& zG+FO-yS2TzunO|a62>8LsLfPj&osgz5jRqp{V_#DUPWpPay2zI z-lzQj6~sxYtw|@Y2-9y3mZ5EUH#YJskb8iBA^!jaTs8B8#MiddM^dst60J%R6BSSS zCF$1|OSx}!OH#a~xQ0cA$qhow@Gl|*FF7ISxN>3~m6U%qO-*_p{Ibzx4pm7HL&uGG6x?m%Kjxelr@=3%CxTx}M5939E?&*P!y;;2_8n_#l9A2M5dNr2%)6nwJ8$F;R$cpET`1}08wJ# z+`h*@iBUPU?G8gE@}<-}eYoXWzA8}FW?9hJ{zm@*lY&=Hv5{g(uObslyu>&5b3-9t z73TK!P=9G+Wx>|k4yKFigtsV!aFW(Zk&QOw1MyY%<1P}*1h(4L;x=@U&hn^r5BuO8 z0l98}Y=1Tp>l$XOscB75-=&hIw)ScOGYDcyCNAt#s?74gAGaqS9~at<*+lo2atP66 zB+Dxl=Nme~#KxiP$R{U@hr*5UdVIOJB_H+aZqao+YagsZBx<^(QK+PHMkyS;Q*q1r z_LAuNK_$dPUt)W9raR z1F)*FDxyYT_+{n(SMz1(#PLQ(^rHBZDpgs)Ey}D%DvCWnd-ix_o^3`bRnkdS8|sn7 zyv;~yET)WaLGf}Rf31jKYjF#yW~7r`3Ychw6_iT>NA2-^6#oE)$wrN@U7cG008pC6 zKDL9MdgN|l0OPFG#6~Lq`XN1{sD1q{`~lp(*FP|Bd%MPzeDhPX6lo1=1hi; z{D~@RvaG5;1^9pA@q2+i<)yZ%aUu&goo)2E#Q~N^kcV)Gm%_B)k1zGrGkJeXvuNVH zcVuLR5UqH%6*##k;xEgaH^RJMm)c+1Q&P3FjwN~6$EQOF1PlNOwdBehpEJ$=86)HI z{9nCi#qDmOO)zQlMa10Q71OMXQdy#toIzxaF_t*Tsm=NE;-9zsIV2O>-x=*}o!)C< zBve#r?d3d5GDb<_tGB1?M$$A~e%!wsVK%d;X|S|U6^s$3!z^B$p(I6TVCu|OzBS~# zNzLO%^*vAB{0bJ+v-!MqY;Yn+t!(W5-T-d zklamzZZPaHIh(}GboyljMy4=oZeU5Ml9+I?sF zeI>~TvwdTtBuP3g*09XUa|AK8@LQ^$EVcgtcU*EjD4|oIBv$x-IQ7SzwTWSt(!%O( zHq5UJ$FniU@vCl)J;VSiNX+~qwzdB4{{X%E%ltA%CAtkP@mxq?vx-R8NF@Z2K_QLS z{-o?1n}~~ZoBi48!oLiQLAL!V4c>ub7A<35xAg7fkOvm%k}b)5i2*AMT&nsp#~640 z{C>N;=Q<~ngGz1Els`^U#UKjAqcW{`MtX&)>`e~M({cX*0=%$eK+WkF<>)gseBAO> z4@DgZ+KK)dIJ17o!;G;PO48b^ycYq4kwzG)^`aydAMs}r{6EV0KWiUr3h-xv1g%Yo z0QNf-kwT4*^mhLMQx>>*;(;Q5EdnY$$f$~1RwU5y3K&KKj=!_}UmgQ#V{Q;e%1mL^ zWi$b}xpZ%ce$tYZYzay(-Llb^ykG3L+_$Lr+Z7-O^qs0f;;z3CAnYl`5_>ZL0L|Dl z>a)WiIbvB_+5JTZye5XKt-z=ZMLi0ExFKqg+0@y^RR8 zv@aA~Om^1ci!^bHsR_tCB?$Vxv|L})Usr@r>F{)*)+|ys2|G*_v6?u3GS%3ps81A4 zxO#CnFYdj0xyblDUq`{E5i%@s(r030fmVctd5;vR?u+oJ`{#$pgxCIZ(5?7G6iKN1 zN7ao|E;ixou@W&yuk$o;{{X2gWXJNF>gMlHySjU5EiIYBj^5E76Od*s)pwMZW*_A7 z{{UAG^}j1bswe#>ND?@DbiP>|Rtx&qbj+Amr!Qr;A9Y$T`d{x#yrj#@_bxu-UTB*4q7 zUFp}{B2-&lLfx)oh65^Uk*&MzTi2ne2DkD0?7BvjaXaa>4 zuMkP)QQQ4*+RYqgg7b-An#gO+2KZK{yP9$PT|PhN%@j(MH9YGZpsIx`#+BZu{uRH= z!)QGPv%cjztnD3WIR5xA&O}a?qg+hFd-EDeA+n|_n+i8 z9>FElx3Nw2-$(1_FkaR*QAn5JWDiqb8=C(BE_Rh0DepubGJ^iQFttPjqR*`6q!l7JljZMDGg={0%TH8|6ht?wH z9pxgLD(?){;_;THRfBR={{V}B*G%U(Pc)jor)=&HvlIzir;E}zUssX|t(dmleNDb7 z&lu!+zTfOZb*(-tukweDXza#ztDb%(8md1r!B^RJFvtDoPGQAX|^A zC+{26;e?XFm-o?JUne-Nm)15aIHFre@I<`V;AV1E%H_V#!}dKjb@WRqul1>~V0O1x zNrFgM>_AFJI7hfsDP~Af{s^Lty-%})z>%c7NmfYhA$Nw>+9G080W1)_iARnuDn11q zzTYMEV}DvfZK?&fOJ;|YMZ_vi%2_@j3Vb|OjmF=*M)<#KPAknKTT#*NHOpf6X%ur5 zWA(p+#w{Xob8KjCx?i`0CAw_17(t5G=TlU-S^7wKkcjWzc3wdYy zg~@^`0xZTZC{U?9%OA7J#~9VW)c*6~!nU%yDHuo#as|1lsc!v8?D3}`_$+tT?+vg> z;gO>NODiZWJ}QJ`#-MyZX20cQZ5bnJgOIb7D-y8oNHzZeVxYI#$ql!X{Ka=>`jTmP zBTu)81!Kn98ER@(?hJ1tu&e&a@RoQV_$iTg2svgZVRB#`1SGgw%_&89_ev6T9yl$Pk6;#iM2 zk!LhWQnd7b#~=5jpX@Y3Nlv8A6l~WGB86mDbVZB-$(Xw;!56{(^}~Adf4X6d)KM#wgSiHvf;w&3gP6t(RR<)eE;Zhr z$I<@)5%};#=z=jMZ2UkEY#OGKl0&C1m5NUVPF%TvlZKEBi->-x@R`|=&XQZ7R4iP7 ze5|UiK#Kml{{SbzpJ$3;#k5MsCMYF_R8ar~ad(r8v}ImDi9Xbl*NX9ZU7z=SlsuQV z)-V{XgCO+;v6TajPr{P{uxS|wD=2;zRQ>#%e$#;D0cSsL$xy1qHwF}8$PM{0^!X>p zaQ^_gfqezXNvy4yXrol;_I((~_iCVkrNuyP{xm`G{hn!nXVmVlLM`RNkSVIdt+H+4 zYKTpK+bhlR;x?Aab8xYlsmPkJ1%jXktjuZc$8U>01LT`1G~X*(z!!^62$q3K3evN> z^4J!oFyeC)Tbh9X01--*-{2c=dkSq_h-%icu|YWjB@SFrA*k4N-{LC2_0KFQ8cv}p zkm=~xmlyO|ZTPJv4=FU_<#&oDjwSflimPN-%KFxqZD(rtaVuVnnFp%1X?Xf!kT%`}gIHap2ZuS2Fc3aQ(TmAR@td2`1%=bQ{ zmXdi9MP%NfC0PP|=W7?dn__Kzg2S%)7@qT?EEduAo@fW_d1hZ>5?*9 zT+r%iD2Vz$31ZG;ka6l)gpkD}{{XGeD)#Ct>-LHZamVW9+lf@EFfcSiR83heI8K;+Nra*^47%YTsTBc$^x-)VZI#ug=k5vPiWlG{r{>fEdTlE_v$ z5qWw~BK^NlmKJC!f2Mhw-|KD~<(fvhb6FBV%%*7T&@)YL8WjiQSP_0FpOzjrr!A$* zTK!|yTWgVXYQjM2EG-|^)2IW{oBb-)m;PF1w{P2vD&JI(L((+8IJ-+dsQQZ073%2E z7#vF~n3Wm@ZT|qf;GfCJRll8H`omAVys);^@8q}$mlvoFyb8@&%n&L@lF3Jm`p*9V z3&|(%8`I+LxV-YTT2ks!=~m?4{{W>!1+}bh{-meu$Hn6)#IW^vN%lWu_L;Exg4W8? z*4EO(&q$KuQ3}a!wIv)EWD>}J*QTZ9_FY#pZ{bKLbcsQA2wrIls=0P_V zb@c-o*_e7u&*Au9Z%-rkzGu~B)3rNoK~4Up1<%(l=8@dD7hohPSikPs6<5>bycMHp z`F)HmR)XhHYn?*ngUS`7x>pYymK+QYa`K@nL@558d?JNGQX@1=P@GxE+m#~W z%2+rgxulgn6(%1>$$xl}HA)ieQpPR0w<45j3w^E&D>wIPNhHxr1;x!vF<=Cwj;%)# zMv7!+<;S0;##i{-SzjA45=Mv@(zixtM3>W5Bmf))UP($(r<0fbWV~)%6w^c1wOdz| z*h3VvaXc@s1dg`KXiXsooX*V3dCfGR9mniVog>X&m7bTSUmJ-SM;FwuF5PJyj|ww0 zN!fq8m*Zcz@TxXI^_>pSP`vn}`lh7KU#vzs30Xw|bla1EF8-(5;V<(W8wsH z$YHpMBFw2N98lDuBcI#-+NZ<9L{hSTi1=ca!IO%yqeb?U zm%_iYg0-1%MwdO*fLhuH3Jd=3;%O#QL@OH}d?XyEmO_y#$M$(VoU$`#c`26Wfe_4` zy*R?gj8TL7U=65Km{q0*y5b#zIsM%uUSyUrf$$PREAWaBgz)=3G0?_`jGGu)xH^^s zwf=3^p3U&5`Co4tAgC+JnWH>V5x*Lf)3rP?NQWDU&d`!b9LK?mc(LN-MKXLYtNv2)4I_FHw-x1!>Gwu^ds|4G)4GO38oF21;tPGA zCzAS}u~L2&PfcBL>h|v5&rL|&p}Uk6P>RiOZ3D4k5GUf2zwXX#(@(-XcKCfo$mPSc zdXDBsX&kfjZ-~5#e|8N%+bLhHKkTRO*N!DE!B}0v$_#xsIlzbwtu=DT1h>{&AOPUCEQ6Y zcC!%97@{H>+K2X*R9}be$@Vz(jU&$b2BqkTF5`+oL2GNq7Sf6VK%k#WN_16@NB;m< z4B*v_sT;)UB2rgl6EuNpOAoVNpyXdv^Ci!x5oDwm1cMQL{76wMTe3`6qL;hNRZn@9l?q>-;{_X zBm>L+*6KbkT)6)LE>v1{KUTdPxUmE%W;OLVxhxcMpgd!){{XX!CY=Nqmat0_xhPBW zXHd?vgy+{_d3;pzF+!h;y@5kaF_0fin^^ek0nA~xyMy|RAF3qqiIFE~Z{{SQXjEidedd+XjvAW!T@ndmODsChoAMTn^?;MTC z(`RRHF~2!-Co;-KRIo4B>4=D=obzF-oR|n}@{8$?+$q zAN;hB;L5qS5}729Pp&~DH}_sw z$3=-_lkI(!!8&~DK7poN3DOs9MKJSX6V(oF=uJM)sA5S!X@0Tle$FYQ-~DzQn|P!O zZX=zFuux-m_++RQqbkV@H}ZX-^`B;!Eu{-YQ*El-%L820P_r!R&pzY#o}xm$i*n}w z0K5I15pN}~r5r@Y*4oTru596A6&S7BPb^{n*RK@udK`-@^8M@mzlEmV%1LIkdSSg= ziwPxB!M#voEKrcQCU^A<6-xsnUg%Ot^`Pe$LH+oB|^F5r5eFZHT-@Jt-sNN(745;&pft z8G@?>M&%l_J94*?{Xen(`(#{Et!>0oeN&W(u0uSO`qwDgsBU?K9jHbjx!evv@1>GY z-s5Q{PY6RxDE-*)8Fr(R(-sldpB=>K)RX=7!TDfDgZJuXou`~HIHHI;h4ldincN8* z?J!nx8hkt>Sy%UXwWKQ2{bJy=ax?+}SdxT=3J`L02Ooh)6pM%M{U3&PkZ8BkkX9=R zP{OB+LIm1Eu^8AWq9qbS!f&v zKMM2xu0PKI0Ba+Y`JE-Wbh5Wg$)e(AtExnu0X&Y#KV&=lOy6hsjqu<&FEp3bFEvrB zm~{>X<%+^bjELe=SgW%B_12X2eh=oy>-yuvq(tz`ESKrRL34K}t#uk+DP`p`-R1O` zkHyWP_`ho*calpqNpUoSNhD_8wJInDC^|9Y$-m&f(>5gpe7Tkfiz!uVR0pRe73^D& z5sCy?v-K61l57P+nxGZ^ky@(;UyJ?ME;ctPeL@3*eLI+(^%eVD6>h!3aU!0l*)-UO<---4Aq&UrArXe*bIEyBk;m0qqKZ6clz$h*%gY9>z3s62 z#FG?w`Ls6;QcSD@vY(B&YAdX$kMS?;{_XNZ<;w(t(r-zhQoDqUOG*Z4l4f#}v1l#JOQ?x#!$0(5SBytYP82d6e!yFORq>{hwb9ook<&k^Cb!TuO zyo@iyNm4Qk1uxB(wKRTX;#&Uzvf%u(uesjdLvLmbs*x;q@z8_B0^k5b)v32n-Z$A^ zSQ%|wkP;ph6{+kxn*5Yjn9$E16pAU_sMxSOj#S_1!FEyKNefK~OL$|iE20Ew4LW+q zdi*r|Uu*qrF|+btnso?FmYQtS+pome1PG#P_gN?Ok-hk{VZNXFVdi-5BNuvH@Jhr5 zD$!6>R;*+C#FQiKafP{LqRYur=+=@XnvCyrdkm0W4@8&>zrs>AxkYP&fU>cZ`S~O$ z`6HEd_DL^cTbM3P$o4j|PXw?dDUPYY#*;?B2iRtIPuTk$bCK%0bgv|{*{fVfF|kr( zF~O%l+MaO}g2#|#QnafN+1+;^@VE-^PPi5})0Yn))ghfgtyOMjkOlrQ-$a*B91hQR#b``wO&-EP@Z%jVXwb-M>N%{G{$Q)u-ju`2 zQ!bu4bobBy)%8AAH_Y8Jw8Z7A#Ow_yr1J3Fu0%CP4|OHF(QV40dIHL_KI#gn{fc_B zQ2n2^{pxTm)lQpXDp-AB$#fL#?7Y~3ShA=bxYO-9_NRQc zy2&E_udIANo)br+S-SIvI31i1PWwif+PR^r6U415Zr|^6)w{0<7vC_o?Y8cWOKP8@zPx7PB-8e9Uc>PYKo^M)cuD?~vk^cfyRUJSP} z@@apaX7~fzIFil-CA^k#IbbDjKAL*#S)z9bnx)A27vS|hMpsqm@jA9v-lNSbu@}hP z?jb+Ab-LoDno@}KAW0AGrOaO!?xf_VftFTT;!<@BcOifrR#hrJP8`0;_*0ZE`{)@{ z*5wLwkiLB|i(1FdV6y)1Xr!d5;e9_^N8kDo>?3g zb)<1z`h6LIC9O3GkHjP#QMf<(JV)DKBis=n!23mw?Y3HO;O|ltdP!ogkqQ@U4Z&m)(e+qn4Nhcib zb?L;im`Q+x1VDiVX+l9Ak zZJ9YdYs2|l0z0fSx1c2o+p?NUDIFXkaHH2$rz8Ns)&3Rr@|yJ(k_jV`o=#qfx2&GC zkVn9y{H{?arzbDB{*l9qW8{J6ig%4E8nlYZ1ap(k52pO*5Qv10%hP@@{!bw)NmpDNtS+wvJg2psTM3uacCE50h;VP(^pZYL%a=Uj z?{sCgw}DhgZvqZ6j`9#W$jA1bkNg60jeZru@wcVrxn3|8?k5mT#BTA0=fEH3sQCW? z&9O~#_H9L5QkVfG{*N?{wDkhIyD+5(+1mg!K-yx3{`NO4~ANjJQLC@lI zAZkP%3G~nCf7tQGkE;+_nSEbLc*v7f7Kk1P;ckr|_i`v_^q=DY04oH= zYLUYXrgc;VwYML($y%r=2$0j_<1$A#qbf9V{2VaK$~a`yp0?>D+bLwXbZ#GE@ad+vM92gbpLCq1^ ze0>P0qK*FmXW+z|7`=9RSy3vYyjX{36)phyxRLwKm-$zNWWURBS!x&PuL3lntH&&g zWGg{X6^&9dKGh?BDg4RyGGy9*t#5Rb8K9Ob5VA~oN*q)IuIn_;TkN7JRsR4X@=c}P zyokwp52}-Z8ZS~vt0z;*A?DmF7o3iNXX9V9jZI?TPQ7Dk9C4(8$LhMXkm^Zl$s;o( zcKFwi!-e-+u)4p3d5JdMVbIb#rYz+?cr%R%If+e|B9H{f+`yAfL;jcI14%t_?x>t!_^vu>NY`o6v&7 z(^8lk>G0{&OBVeb>g+`h^$Hsc^oW*CdILH)t#5YM1{L_JA!ZIaEjk-zf8}gK)+rjo zC|ckcV7K*Pmw^l-N#0UiAN6^BJiZpe7nU(YB#ieeZ1n}YdnwA1Q6ofMTvn^;x5rP~ zi;RiOlHe;?puASJw{%;HZLOh+OjnpBS^}EtieTisM@UE7b4fwO{H4>VmK1-TAY|I zZBW)XyO^)4=j@+CC*X|Vu?@c;x9~9!n0&us9kf<=D;?zegz#KRe&Gbt2n7g{D^&>e zXbelo_nbX1U;F5V>?oRptY%bsAK-t1TIFJ(22x?YIBlS$rBGQq?`^e${0CxWO_gFU1Nz)^?c`y_GeI=cf%S+|Y0x!J;-VRYDf?d> zvA4(Zs{On!iYAswWHzle;R=e-Tzzb;Y#d0EP#9?C>i(M}^7xbDk>p_$%_Q=DTHS%V zelFIx3lF9QZ}1SFqg{L)Xp()n{uKWJeIw+!oi1f91lD&-wYk6JB#^W~knzbOSn7g{ z`^mjePx<-$7&KeUbQD1qB;c&lzo@*3KM$yZSNpmL4TM|*3SjOTMw>^*;gpXM$8z9=jV z5-JIvAtx0gOUqF8B$B`HG@rcvuZ#W(v1sllfnGUL3cX2^az`Zt;V(C%3~%870J?AH z^&P$je7Ep2Mv>gDoZza34w6Db@e~Dux>Ac)RZc&*!x?kx3O(E?h)Jc)GB*HNo-HDf z#ZM+1*VFyA__*S&3L-pq@fH%XH3F)7508&^R95)^0OBi%!)ZIS${`a^AQGawmQS?J zQ@1%-GkgfY&BYg&?=TzNtT#o?%gfC`7lW8$$P@)g(vKiezNe(Vw0{@xIQ&?J-1E)w z3l)$`#mGjE;aq}Dl1iz~oTP)3v}p{ApU>(eWiFivvw528ImK46M>${$aa50ijnYz~ z&=s2Bmp|J0S@8w4cWSgtW)?!Yl1QI2}Zx0~VGcLh)Dq zZ&Us&UyC`1o^%NG{ZdP-NCmxxz=BZ>XZKLabdM*cA5Y!>>O&UaV+f_Vl1m67Dg;){ z>ZB7=@}6XoUbGx~W?7^b62($coGO3~1xF_}r?QXuEW0UxbtSs|AIn zRaNJ=CAc*P(x_dyl|O6YXqlVgjyx0UN)}2tEr>GmGB5xI`*9cez&?N>+!QaUOo34po;3J@4N?K)Pfd$M>HtbXwZ5ygiNQH!hf1=F(g_$wB57!3D8&Bl zKmsm%R7wq?A%&!&a&+J?`7-p>VB`sz(5Kl5I5%F+{ENjzm*>0G~xFKM~E3IN>Zc5Y@ zBn7PjsO0M0SDSoNBH|{CBOTI}-F6{|Dhkn58h8(j{EyigZElZb8Am5B=^2}42|-@u zB`L}O0LW&=Y;WG)f2w*?H zD$+`-D@Q!3>4hH>v-}?i#m5cwn~yZ=7Y`kUsJFHvi*t7)abZdi-9(78sQs0s@5kZB z`H#!~V6%>E>rH0f_Uahb#g)tfM8UQqFkAc7ulwy{=pw_@MDXN`wd1-`KE$M%1jaPL95wT{-}X54X}8hK1ebPm*u(0^(Ymbnk~bfS4m_4bAIpY%t-@M6_}2kO?u;H9qo@oR zb*MD2e;@L4N2lr!abYNo`er+LAYcgwxl(vaLCr*GL@5ev1(v2PMMlk4SRj1qpwBF^7JBft9D+Pttq z(6r(gh-+xyjVVIHr|I69Y%>0TK*w(0~ zQ&PX^&l#FVAQe@TNj)RC{ChVJZ1_aweLIh>uh#+}LP=PbdX-m5S~?mEAday>5XN*l=}4I2Gh(~u>3eVIn#`8#v{)5pqBQzLg8mG%6w))bcJzMh+E z{LzBP$O$Hmm6iSn{o=Cyriv)IyqxoYr`m+Dv5D?4ViAcWg+s6u9Hh8qnW2R7A8J@z z)cuI@8+EuDDh90s3E$E4BR;(7OYi|fA?60caF=(tus!TB5w5&k{$!}=_G1`sw zY2I&$uUGYOd&@8^gu-rEFl$dzd8K6Dg;Uey;8Xj~5B|0Rk@V$&rOm`|Zvz5jQ*N;- zS{ky-(}4aFdS0`CBj5<7voi8Tw^(A6V&M~!j+|HEP>9OTg_1u@i|~#3O#EZ1wM%Gb z;?k^94WkN#7HJBwMOf;>CSTq^2;xZ>kEQ7}yjI@g8RrvRTgz``rD9p`<3xE?RBU4A zlI=p=ZRBfc{{U(Rlj6r(>ej>(^m=D- zrQOqCn4FIg0eRd?r1A`w(mDdaw8RN1?eSw4Yc(Yutx72*ET6lV;vIfE z#4G%ss`9|+L$*c@YZujBPZPk)8nO_60;?hz+kc0NUVrb|Ke}Mrb>tSVEiO4n6E8R; zXALA=9l24Qh{1qcT`VRmDr!%hh`2H(r@&2 zc%SX?R_4;Ai_48|c*QNuHf*FxF^vz^r&%{yql~`>FjWR7_ea$hEx*VY<^ zwygv!XDyMnYv|bAqY|K75!Oa%WmWWf#S_NOH`wJSai1~yUgtsAH7x?-WRdJ;Q619? z2aZ(rRz+RNFZ?f{l5Xh_QDJmMM9DIdG;xTzj zl@r2fRks^*9IDkjl4$(bk^PPwzSb(ziQy6jS1|=ffUs8JIxJj^JB9sm8Z52_3=b1}b44#=j-k&0$Kzf4YC4#lFA`-EpG`PW@{y0gi%*M; zsmu4VdLP}U7+Ty}$vShAvGD>3q>QZ6ny(oQN%H#<$Hf!jPl*@R9XGEmp9pB;iiTDA zL;nCZ4)y0j_IR_azYY<%rFBW2X4P>kNH2&nuEm#^q>{r`Rht_rW^Th zPQSg>Z!N5+^d$PV%eYnN>MBqapdm*uQ|%AgR>v*Is~y&xHL{ru%@xJ8Y4NO#j!9J~ zbIMM2L;E;3_S@?BI>c`O0119`B})`{lsP+!{{V7O{{XFqx>=2UnRzk-MAJ*@`0@J2 z)TjA8zu4p4k*RCE&kwA%!!QSMuWZcQk>VR0p-dOdmJ~u#*4Ar*Kuuh$!lQ1V6rXE5 zhm_ZkmUOYl_`*mAs4yr67eo_^3%8tIwDE z@^C|6S*~syN^6cUsmLXrRXL{=49uZwzZ`{sef!UeJx_z}wia7T&#K&9%O|9gTC7q{ zB?6h{b1bPDF*1V5A}8(t0Fupw7E0G9*4}iQcAM0i>fA&fT308FvGroNE5K9t(yTFh zexIezH+(de?&C;gOIw)L6s5SDXswrss*;e|t4lXO*;HRo(_V4M`)(RdLr|6${UND( zKDP&s%F0J9BaWamO(cu6k^_G6QNQJ(AK<{NX{M#L;y7Muw|8GxU|Xz`myx9VKVjvA zkNf2({`rE73vMXw96;KG8lx$S1vD(h5Qey(LaMGEq5ne$#Me#bt|6^_l*u91%vPOvNI(y8=DR${5LQ2H&%FGu(g0eDGDTm>`aHj%gY& z>I8E)t2ALvLaCM7HIV-R#eY}epRp(G;kB@q;x%}tYly&ah6gVm#O!_kURAzwu^Oz1Vmz-c^Q3T04)5RSszBFy5P`p?|w=(QT%Ov0HV-FaU){Ge5lp&yzP=G1@ z=Qfk!{{S_{t)+{`WR_G6SpM-$TKEHNeR z&YyBU1!t^V)FA+rqZ)iHjj<==_&=ML2aeWsnb8j$nAnd&#}_m^aaQWveV?`bys;j1iFClk74J+cttbQ-Fl0U^RLp7r@ z)g@`wR#Fq1DXM}IK?1e-cKBEMa5xe&0D``msa~~_k7eJe3Muw}ANV2Gc2N(A$h<>w zHx&VP9}z-!;=k|KU-**X-8WiWd*9t#J;I(pR|`QQV?d;+?9CzUk)2dX=8V& z*~N7_9ZE>~%{(i`Laxzh@dZe?o9(JgB$9EGPfkCz&6NhXnj#M#pJS$5SU?>Fs;LMG>TzHc#y-~k zrGN6jYm>GS`P%Tzmh0&xR?TUBa;T$aEFJ_(15PSu+X$?0#251^t3=TH@S*}qGQ|<4 zHm~m0uwAT+q-vv4w`I7F8Ez&*7l>q?B)4VicS>TKz|`+ArM*@H9b#Wb-;At&uPc3& z*alG2g)=IC&mW7HH_Rx|(@TOA%3F8@2!^zvr3WH6<7`*?o9y99w}B%T^UTI1Usfps z(EK!Vph&32IDd7&6r0ukhQRl>;VtIopXm`wBay0GuP=tA(C)aLVvXqvI98c~C;lq| zx*u=z986)iSAqV>`WYNE&<`tF~Nv#>9l*rzrRpjFuvyGe6Ncdu!J=BNF z&uj+YSdge4cnD-;U-o!y=1Ylm?ORYW#$Gu&8A^gm0|KjVdjQS;%OB4 zuW2+6M^qvqGJ(_K;#~g#t)16EQTigzl`11pq?(!mLAl)Rh9P(PcgJi7J8umC(e+Mh zWm71FjbXJ$;W3(Kg- zs$+7Vk^@IYem~uDlhUuksP4`1`o95GrDC*YF^WXXQWy?02CXF(V-);avPd~b@h>?& z7+(>H3kOS@y9?$lNg?BM+)t>yLaNabVq*#P{s^S_el@}!Uc_6pmlsk>fO?ZO2aJ$% zAswSd0g#?ZvPCL9lKd<1&FOK%dsAr@n%XNQmv-?t@9n3NKCVgwB#{(g(?I_K1h+Q9 zk=8{0iv|*{$(nW5BQl6_X z?EGAva6C&iCN_e~C6Ig&i<3EtcO`u&KoUE*AKkwfkJJAEi!gIKU0q2gsFB_@N}vNG zh*d%2{P?pw@m?h*_2ggZ_YuMf>fZjrV~ku}#1dx+q9+oTJ$@u*i{t6={1Sh~-|_K+Oc>F{4db&u@)Sr7cuwVK}6 z)n!JCK{13zdL(fN;;T)&`j!6xc6y4-ocb8#mPJHfOnNBlY1m`#qjZqQ>|7`coQ~l; zDIc>>uT(Gy4@LS2D5Xo?Zqa=U4Xrf`ug=FU{yMMaA z7DnF2OJxzVD^s z$A&gGV6rp6s$vSNt;|LRc@-{rvkIS4it$JIC-ma@nMTf5HHsb~-r{8Bs`e#zclubs#)I95{e?HTc*!?0}92 z{{Ufs%lM46NhUh8T`(d^q-J7C<;E&TE4KTVuk8Fk>~o?nuw=4|YXpvTFxD8@5(Jg_ z!6WQ9GruE+53A}A%1f)3guLWRv6Vy%3rQs32;|5c zeUl;usAEq|ryug!{Xgc*jnQZI+xLT;d|gC=ZkbR3e#zm$@^6ce`8d9!mUCX%ShQ@{ zYZxL*0D?Jgc;g6yvfPNIUJR1@survK>A}|tHK*ZpmxPb3$7gFiCAJGO zxSBL$%7fwO%i=t6w)0TDx6-YxYCSUw`YgaRqJvcdsj~>oeMc^Q{{WYk6gidFNu+Yc zm~yR6OH|b2@VCTfVyYH80Nh6ACZz%G@BaWc;&39W6DJ*rB!VkKrhKw-BzmR7 zMKM>2X5%C~1H~$8d=DS>aNkOaB-0{hjV>pJ?j(gPRR|+S^cgAek5l)moPHMj7~9Bi zrMK6vCjsZWHqSan3aUu#XW~KJ5gImDii&i^JgCeiQyn_;aG?Fi4>gHJ)Y`m_#IqJy z%}+*-)?x>^MrFebcMW0X_~TGoIH#C{xAzve5p_Ft&efo(T`JT9SQx<>?4v_7mSAIVfmf(-y}uez<)&F3V~&E}DArfCby4wr4?_%*)r4N0s=sg4Nt5?)Qq6N~ za_tR;#Bp4+dUrOnq)?D(ILY;u7O&5bA69?fN&7r-G^bsXz)x))aKzFAW{JHwWhBru zll6M-Pl2uf0OGEB9lwKFcbLVe$EUy@T`c63#cJ{>+D1vyeOG2XyhbnQZc_g7%Uv}k zyL+fjx=QMzX^qrZF>nM{DAm?U5N@oao2SFYxi&Ipxp>yrONk=Wl+n?+EK(i;xie33 z1akG|@O&R*pFBw|?QX6U)w#aEQofOe*w=KvGR3EeU_}cqPjG zKezmX65M*yNgcbo?K^(C1Zfs&< z7pRLw*}1~kDmn4^LcO-M7^Ga^UChWLnvKlrx? zLw5GXBbweOB8kofw~VsW;Vm8HYZDgZ%z6^H?*7wD_ORINaoUJhPf|Bei4q{hsXGP` z+P&ic0IJ@tyD#!$v)@{l5ZhcO#FKrfp;J7my?{$TO((>p; z9`5yKbrCC+F}#0Pwk5%8zo+X;!~Cuv>YnI}q&>B+pB(=HR@7jEIIba?P%YF!J|D7p zPZ>k%#PPSO6o2twK35caj+d*>*2G5y?HkPuV0>GAN>p%3S%@v_);SlC!jj704eNF` zy2IOBUxN*?jf@PE63HP};=~Z6iX?n~AlzToN8*v^EO;FvQzyb$DJen^7e$dSu0;6UHJ`#;LrMtfUn zy>|4XRwab8PzEHAu%d;zAG7?+8n?wXOt`A*Bm|8?V=@i8B)XBk_S(QnlQCHpm&-*XlG?2SxV$JaL3<`orF5eNU z=v6sCED}#5g+Ww2WRUgZD9Zv05@?X8FdG{<4L_&Ig-{Vl-Bbk}h~-bS@kzP+O@jwG z;w6+sj!c~oz^VWWb|;AA7XJY8o9$u8mJtS_6~5<%u?ty?WqAC>hHd8krf2o@`!pb{td+uK)*6webGd2h$i^3wiEB z!jXmbeOd%67K)~fqli=fvbX$M#|K#2tdc@vl>MmVWp#7~Lvk_-uf&WO;B@8B_n)(d zSC{%>zDSkST-!?{tZE2lg$(?6ryeFiG7z*~PWI6mOhiPXjYiS{yB^=Xl`t?{yXd%D z#P2AU+^jzc=5At*MNMhDz_j1?vSF%dy7iBoF21hSH#c(2YUn|U#mikhL5uJnqRAv{ z!}fV|_?PT})zwYas!qIkY4-lAH58|%B+k{|n>w#7D%UO8>2W`$8Dmovia?Q7C3qAt zJFsZs+xcG!T*p$ZqJdC`sQs9L+l@x&ul&`DJq59HpSmv5@g$FmIE4xKZgu|vW14?} z+$9P>N>YZRDjJG*KWO7k#E{D*h-gW5Dh+mM_#Wr6{{Wk?`^#|86UJmw>r8z#19l=* zMOL9b>xU}}u=6x#Iy9Q1l?00Mc6h1QN0YZ6FE2;raQEmBc(E1HcyB}8#^}R7t z+Va-nh-*XYtE~faL@HLKHFU!Hs4FrP%tcjE@`oN)ia#jW65y{?0>h?e4CvjkJ)*EwnH3 zDi*a_A^?;2jlij1Dt;)_(dWhE^%0P=GKLnqwM(lzVA4bhSiKFH03%Z;CPPjC0C)Qy zny13}S$4PAHxgdWV;r{j?dttzk=u`jNi96&^5Eq1+x{Eu$XR!JeQ{|l^4l8-Bzg$# zp)*bKwLTB5Ne>1hpWa07&HK3j0D1eo4GqSZZ)tNK;<{U_QN4DBBTh^3qy0=l8k&8m ziId^u@w)w>_j-&mRA~BSR?JVqsNBS?7w>+vI?L)W_k6w?3z8pEsc#qr8Z7n^ z%A8kV@=10{j4v1!e9#%Up8%_QcJ3XifB-Ay;9=W4g^<8O z5qh@a#iX$^C?kw=#H5e1OUn?A>GrqvSC&+h-Auw}lGZsDLwfWxNU9jptbKVFjK2ea zE3d`JGThs}9_v%RxeNA|4nxyD0bfw@`(N>o{%LE?rpyZ1S(0c$xV(3iuYpjNK*_gN zZ-?zGV3@CDwc=XhILaS{DqgAzQ?D0+cRhF`{jOLl9ZOG@WH&yWR0T3B$V-FN#FtFs zPv!mNufm^UehjN!M^BNK+88Dh(W7Wr(@`4l@YJ`&+kbZ7xc>l(aBM7KRrT#%g{+L$ z@>}yV#kW+6+7?N8mGu_hNg)3Kia6r7cDi)SB-Wa|Yb4|;wY6v^W7e-Vx-4pI%8&k! z#ed=P`iJhv8_U}Pa?Quko=A!(!UyjJFhwz_-8oyba{mB=#@pRnO){m`!d}LM*I;2b z_RyfKGdxV6yIw2BW}nuYPqP$XA0`276w4*FEJRm!Wv(pMrQz$6vP;X56a~0V@sEl& zl0HAngS6=9x94RdG}f?4z)&ILjVqPq9eA&&IC!0TB0(=1;%`n#WXT69dGd8m~zgU@V?5`%bjn?YmGH`(MMM)RYVu@P(Bke?t$g#3W zpKff0OKz(@>9-KZP)b{y4lzU-kVX`lD>R*zS=l}xkL~dv<=rz-pHsAix1<%JsbL=k z9=>5))z5MvFUdw(zyV-dSWT4%!%ts z!-?e0>Tyr_$;WlOEA0Y!?cL9*S4rV9NV0K={9|TF+Mi{SzhmO~k(&x^u8`b%kv(PF zhB;-4z!V<~`fS3xFZYe`d^o(1bq%!9a=8|=H}4@gHtZdrZcolIe#t=1Cmw7601C&y z=ORST3k5ZWW)dqCQd|8VDM|Yy_WuBBJ}-yh9|PS&%&O~eEMkPZD$1mSBjkaml^MRz z`b7T#&;E%ljFIAH?`FDWhI90bnn_w1BJ|a5eszaK zHgU!xw~j#yt5!F8db1TQ(lL!cye?ae&FM(qq<_4PTgFN4CyaeiBlAcD+j0pjhq^Kruj zbed3EXp%URLN{MUTao0n{!VB9dcXNtYvpN}YFdQO#y?KlXJWmJdA27D;4?Y%0Z3i_w@5*$1E6WM7Nz;HS2CM@zW{xZ41&W}nBso&}jik7C{SRkoW$)kIT9)Oa0ClvnxgUD_1Xf3?wF?j#MGrsQ&;dk#Gy? ztt@u7&BlLSB$g=ExR@7|fW}MlEIE{ulKd>(o8pfFU+8yQdfj@mtp1WhuOf0W)^O;n z$bryCzwBKx8+g^Dka2Syg6q-^_Jgb`!JK~29)D{VHjf6SaySM^5zLXX*u1vKh}cr0 zr1*BhIu49=d*)F{*#*p=n<(Pt1-xYr^iBqTf3@~-`ewG$wH+GvL@gDh7S~r$o~~kv zBycO;hmZ4P?e0detm-=Dx7^oY&$_xh^AJlbMIWpd%PZ8~yO)rm(nnWGgZwB)?`aZWGr@{bX{vWhsv zT)A?T4JwBEv?4%NV~P|dIm`A$Xr8sijl-9u^5HwevRx~!x}w6)wos@>7W5<3c2r>V z-E%ATiPPYQR`g+#S-*9QT*(EKMw9;j<=fScD|O_~rHL;fh%zHO{{Xv{A!p&Nzg-gi~|9-l02&4uET zE~j}6cQTdq;XJ39?M}0ok!0k*3q=f{8@Co;vw`MCnr?6^$SN6bE>=tHnu1T+RcK9A>#Rwlp9P2Ys= zM69tTC_rf4$d8Q_eV?_<6-z5+FtWjPWMHf+-~#pHeK$Uj#>_qhjU;c_`0z;=G0Vi+ z2`*N@8K2aYiAO#xyd;y_zMu1ac}G~BMq!rXIMqqxG>o#y>cEC)6FK4;mzNJkKG!D2 zu5NYd8J71|yS0P>0wS`WMxcNudtRjcWn^!KzC5MY^!T9(JU3d*oRlHd7BUc}ei{Qe zH7(DKey{BPzlpemj#G0iEj$+1!9Z9o?IDKQ$!+Py74BrBwS7g3X8!;$m&JycHx{~T z#@9Sz3PZ#<4RpHztSHfAVt8-R*|04A%v|t8*ZZX$W;Oy9JDiPsA13qmAWn_vABhiC3I& zBCL-a+ZHzN9E6xt;E)>broRLDDSm6}bM*M4;AwB6mR7cqf207i2+0hJjNw?1=LyBR zukHTnIem;F)D_`Ni#Xth;>N~#BYSsA8A>rFS!IcY$?*Q^nS@-Kc>1o~{V{eIdSp*D z^2aQ2yo%FJ9FbfA{{Xu!$b%fQtNK*<;p6-7Pnsk0&XeUBG?{N~Z=X<->1~;==81hJ zLn^2$(um1HFFpmh7eEH>Ae97gjOAIJ8jzd_WdGf8sd#1ymU6#kmN{-iqMHyoejJ#*HHt{&dAHc(uLE&b4VMsZ|?9wHtU7 zMyL5v;?dnkoEVhm2Oudx7CN8+hVk|OAGF;60BhmHk0-$ML9I+1mkVoKa_lz!3mcMnn3wreib?SD_*W2$&CymjNn@HQ$#UVA zW|`PC)Uo)3asFlf(|*End|LZYvbvtmB;sx@uP2%nG~}^KD@7x3UxkkWklWdo+V%-q zC>{isNdY7usWWn_{hpBi*DhFZqu4YuL1`pzj@GWRD*;j@zmO03l6Jv*&(<1S&1EEe z3!7I2>HxDec1P8tSj?P(R8r6lm&aOHWqc=c)Yg5ZTBA=_x-FW zveQKRrk(XMB2N@n4|KtYB=r=TB&46@`hN%Vw;nt&PMsHA*tWrY?M3gk*Z5BXx z-kd_FEn{yTz22oAs_}vyLg+$?P!uPks6DG+_)OkLHPSTD6c9CsayZcb?!{%>Y=CC}>T0->&#;T(aIdTX<*x)%8wn*|QFvYmFfVTZpexX};J~sOYPIeGS*H z@y38G@gXDB3CPE|BAiT)-|#=nkWFgVJx5b!)8UE>Sqj-&n{@(H1U$Ji0p3{~f;Ym8 z7a4hTZ{5cv(vo}WrMp_`b~A*A%u(9<`6>Z$M;40R*VBd{?h&JsclZ(&#O`EEU#;pl zTyC$XuQ^kb`f9)*tJ`uvVUHG)MqYEsyxaE)3{4$2*ZfpmNb}qybql{rKs zV#M%5Ep4MuiJ5q`(sSh^@%wlOQI}F-9j*5ZiDdNEA~ORL@lvW<7^yRGQ^+)*0yjT_ zxwauZVn-JL09aeViWpkMNFZH+B%*D-1y92}e%deW)w+v0S}__+bfm1JB`#0}06BJz zr9)m+RP>})U*+S14ZM!+HR_8*1dpuF2_=g0COH|Ul6}i^Sm#b(@K^@0ulEl$kQE|X zZUXVhd;7pB@w0c}!uMn0!=E*j_yF8Fb)b zjz*DN;V_90BBG4DDp8wmKNml-_I}O^wT4DzhC3o#f=M9`&@zSxk2#nHjyDdqp!ohD z-mk@m3RWou4R>#8YVTPhwUJ>;bplt1)s@$cXpeNBr~C7t#g?}k3>MNuY0mCh5Jpnc z*ogi;hb~+mQ~PR?$uhSev-?>1C51H>fn!*$?qjW=DqKfh+q7dUx(s;SgwJn z-W_5Km{_!zHu8zrgG)&kL@p5!uP0ZPzsdcnJ|0|Ey3};5o45TNrltO{8JE;$h$Ro& zl2))0MaG|IlQgUU00oAcey?=l65{$bESx2V#c2b8d2m^NIcG)x0GEDE%l&RoGyeb+ zA@a-?QM|WTnw`?T5yp8uaEXvSoa5vb89_2jU+)@MOR=t0Vsa#ZUWEE>UULagzKl=2hLxyod!C zoft3gIal@<_rGm_b1ww0h-(?+wgk%5N+Xa=lI`i$MP-zrJipyg+sFH^YagwVpD

>Hv-uDfeC8K94cx! z6p!EsukDEBZSqm%=3%AWQ+Jx;(T@9;mT+hZ@9A*slWR+K)Aa^f!9Q8}u13rwjG$0s zG$o|lp5J5rZ-znlIzOl*F3QUivszs!sFof}$pGW<%gUVBOEN-At#0c^78};DQxy0>lBa+hgPfW6< zjq4Zk87|$!h)}CQ8Jd`I%_=r0KA&rO! z*seDEZ$fPnS@)_U@4vuN;!5v>Jl`xEq!~**b01dNYS79mrNJr)C*~& zTc{rvqbc91EoCGrAK3lltDqZADCzEJxP}IslBKFfSR^qh03>x$POcaJ7l+5f6|C8& zpFD6Fe&r-@0Yim2}X&+QjFBpMu8K8BxnW6;_hGq~GA<$`yZ$*8Sh8xCGm# zoog$4N?xra#R8XxGQ*F<8gTWd3-HFr?XT{hNF$fv0=hG!disJTyq4y-4JQYc6b*#8 z1btfHe}~YsjeRZ+6U>)5%}OC8LrsP!W9l^1z#=8xq(WJpW=RZR4SgrLkL$M_V*da} zl|OpHl*?}&%onPLclfC!_?#ZzfvguU$D5Pt%TQ8G;y+95ZtEG3rhrLO;m7yP`sZI_!I2> zKNqLRh6*2|VUAlk?M!-vis;rd2w)7%KXx0_uc-)XBZ+1B{w3h@VLbK{!5^V>Gr|zm z>Gs@$DucwAECTbdC6VVU-|KyxZS0p1YOQN5G27dLJW$!A6^>4&o=~X}We0uNl%E2} z@JEUpduZZ@W_Tlc)~H%FxR59c#5DImyGccVk|^W&zAxqvB$f|%6p%{y5(290Stj^Y z)2|THHx4QUaofh6IIl17GNlDxJBd~9u4Hf`kJU)z9QIf|1P2xM8^* z*Zps`h8Dv1;eXNIPf?g3j#fody?MuMik0BNGQ6qB_SJb{a<@=iDnSG>`f>V^G!P)T zkw+@Jw4R~o#4-3^{xS0VID}AJO)BzME&yR1ax+gZ)oyOc@g)=N{3wc_&x0*l}G3PMi=m~X|!nM+t9-IFF zcmDt_7V4=V6j`Pbk|R&vqN_Sa?ICbfKd7puUB>?ayL0=w7yFqN{u@Wzgt&>-$JVVb z5W8uVO`r|K)wc){UL`6yeU|$l3^PWJa8WwMZ{)P*(#Je85?O~Cy*c4wColKug;^wJ z`1vO}IJ?QkD=SZ`dRE$n6{MNglNFDgQ#G*<%k45SM&-+w@_n|+CaGs_Z*C&=-J|PO1WdCua&cK9`yB4zdXn1N7zLfh$TwF^!_i>{zQ}IKttllL z5d4 zW|Ci84s4{LN!@9y_p{ZSP&=v{v{`$t^g|#Oysli^MO&im8P(5z45Q-H1^_ zwc}JtK4+6PKF`CCv*rx5p`na=Ysk>As5oum#yYPr*>6u4Pf$!5NJ%IRFUyLVW#p*D zv7qZDzv`;~&%=zl5VR#@9|R~|G3r#6hA~g|SD#<9`8V?XBHGVK4pug}yNXgDqM}A* z9KaqA&2n93Z1!{9t25rke$~2|hIt-!a>&u1iyUgp8V}`Pw48Zit(BCCZ}p8r61K&; z`co4d73ju??5kFXmnQw6@*KABSG1m45Gy^It0J{#WsuO0Ez_Bx0C+D82%szz{xv`DLYYkpV{H+e(%#lYlxBUg`xidd#6g&souo4T zauu&p7!d|UazEW(n}AM7X3^IBRnpwv%FSsyzz~J?WroszFiRl-FE8DyxK;hGUk};B ztzn`g%kHCfTXIRDqZ_U3)A@5rZEf}YV3DYFN06d?Ki|bEM%tBN@yH1NX<4yLba06r0#s!CoEm=#JlD{H9;BZK^Sgf_sv?eJvIFv01RwH0McrF*}Hp_8wuHVc+NVMn@ z8tgf=D<2>L>ZT)!CA+S(Jj%g>*?LRw>LbVB-En*K1g)W#h)TYdx{%bM_}xkRJ@9Xn zERj6Kx_Yq!-uT3gO~{5s0jc-X9pqI>rPE0bPf*L(k6I0g+-%*j-%;k8RgtYJdZo(m zUTDFO{0YJSM2!BJl*TB<=Y9Zq%%pBV$&)%>fJoEgLTVx&nu0;65C?2D2mP$o9e(WJ z4~BpL*Y!?p*|TQNfHe&|3D2zH(JEv>2@)+g3mO(bo}3=x06la(EKSBYWvr1+!f&Np@l?X99~OJE@or^XNfvByrI2tT}fY`+&3 z{%?ngR2G*yj4L|I_QClSQYy%&V*H%^E+hCN_&7z%R`|X&mGaqH*~xDNaV@=tqRDkT zH4iB%@I0)=q-U=wIeoU{8?>IM42Rz{Eb-ic*0%AFRy%N6S~&`k7k3d#dEE%I$ryt%b%QyV9f5*fjY~#4pZYGZT z{d-$i52{58DFkxF+>#i;aV^}^I7pgVIeb3^T>k)dDh1T7W}YZ7tRj+lZDbN!TU;+D zm?Z>`wf*BFwLLZXx&6QLFnVelKA{^sD#>hCBm>juavj{!V|q#TciEK|KVIR#edx#b zBw$zZG%mK*@Ix)F&@n-0d_&FZ0$xcYXacB|f%u$-H`{NvDH0H{_qbjp|ty+7ve~oRe0f)6KW+CI+e^owI!Ex2Xj8aXvU$9^?|SySMCI3=y-Sl;qE4dtu| zm2=yh@CVxcH)9R-e3XcOIO7$@^Hm7inV>i)KR$R%D3H$kZ)C zDgmR(Dzz3EV^v1tlE3cRA6r?cET!$P)m6;a*AcS%sAO+~6?y8)ocY4M{ZHO;PG8?A z0BS*%zIk(HC#UJU>GQ^+W0A|OFufR$NJUxn`3u#WF#iBml|OmuvwS!v;{O0gSQ6`1 z)ne7Awhic7+9#*+xc>ll6;V`fKNVz+e{0i`u}?0`2By+l&u&)d(h`z{B0wlsB}imm z54Y^mqxAkCPEU&rtwUSO4Vp46Q}Z@AaVHd8i1&D285GdV@iRhO)nD|8dAAjH0jS?g zE!2WQqF6*#h;fnQ1fW$UnClh0FR2HveF0YCHc1td>^BskTl>%JIWw^Qx92VA(CBxmwn=`~CMp+o1vp1n1+5Ors z5q@E6GE3!cF5di@wOMYO=vs*cp)L3{Yst7M^+kVpV{R_|zTc`BP*JRcY;Rv+O!6CJAYD6Y=qghTy| zNUziFVul$mp)o+Ep5>ULf+}Kw2%!pT_MT0$aCkhnD2P1>ZoL@5=tOq%sUIM~GXDUR z@czb6UsZhUX|sy!~UnK!5b8b9WG>-kzrJg31;orjoKvAhj}ijVKGPhz~5!XES)e(3-#y} z{AKN;=KVzsveUO@ag|73UoS_}sFmsaQ_Me(9Cd9%~BIlE@p1a&K4Q`179L%PVR(_p-E0s801QG5At8j7orxrD289eLsiR zl|SPy7i#p2O!~ZJkFB_creYRS8+oOX*NNt14e@*&J|FJVKTj32gj~d|J_{fKNR%rH zN9-0m{_K1uQ});6f8F|g(w5rP%=bo5Qb_Amnh9{O|T+;}=am&EyK` zRi=r-CV}^rWoHC&WqG6t$^I`wD3ga75;-s)p>DQw$!BC#+sDa;yPvmlMlMvAKLdKS zYLsT-KOeBzUvUkTw-(m$Kwcsbtvg3ci5Z>Qy-o@deKGZ-h4{+SdQ!K+>2NWY`WToR z!whjCir&+b#T00*#bZ>gjNYd;_>^$x9DJsVFYgNmkpo>xduE=b(w|awhOt8*sl=}d zS!G#0UQ7P#^q-&Z8~1WtVzNPcl9(JN(d5xwhYBSql_uQ)ltk&txp4Z*G_uM2&sX-7 z)vhhgn!Bgfr-fwW8Hr(?ZVv(=;IX|yPJBH@_`hr6MVAR0CV8Zu?~FF_1}QDGmq>X! zmPBC1y-(gXJx6v=kBn`{l9(eTu&u49thSCg*5QgHa3MnSk*6W(%f>jPg}-VhU$um@ z$LLKhv~J=#Uz0@?mGuHwk#MgeWcZJzEq*`s8uLOAso!G4un92p^ z`%HL9{{ZT6%D!(>Wr=x5#++c9KTJ<3j1}b@dQhY>rytl(DfFs#iodtV z`J_g2M-+00EiIhI{Ywjljp2wQ&@`Tf9!1|_C+&T|gVXqwxQ$_tjrF>`ev)w1EtnY3 z#CBq?ya|vqdMoz7-EsP#-=l1kN}|RqxTb-t&yzZ8(Z zEGcb!b#SXCuA@$BuntJ8QVEp0fE~Wm$uc5w=ji_cy8S^hY2g0)<``~XU>HdpP`DK< zLQ$ce<4%j}x#96aAHm6yL*LoEMe!4IA#NrJkWo$;puR7FiR`DTXA`BDl~D{SgvjB#4CVVmMR4Z z+kIx%ykGmseHTxRZLYg(CE&U!v8~}2_waHD)4W9{7pWm+eNbUhH@WzWEVi{!h z14bP1hTQ~?{{S5GMD6MNavv+}F-fT{w3ba3&GyZCyWC7scS&V(Uyj`$;z)nrO~Ony z)ieuR&0#L?qqZ_#vRP>INM2~<^rB+RItn`Rc&7B{iTQjVAMEmr-FZbO(%SiLWz(-6 zWq9n%Rx;5)5gM$=>kajd+S+wzjrjV1Ya=EpAae!HyZvERqF5yj5sjOnaqzfhX641d z$>;EVIoJOHCp@)oN%Ib(;I+6hSUl9LNUEyLpoL)s5&rHq{{VhF{hR^$@POUubEm@# z+T2Ds&;or#YE!j;<6Pz}tLVtf#=KB1HmeXSI{yGO{9o#R&I)ymJ1UwZA4`=1q#<4u zHQJ5ntnxScUZ49Lw~el5Jdg)Fl^_6&SwfEvD;SL{{{R+X{So66$2|ZDM=%8k6hFCM zz5N-c_*W!aRC5b`B^+{+TY)>)yo0j5rMx~Sd6|CK+5N1Yy}qMTQt}HsW(2!SH>DV$ z<;mJH&!bVkCHs6o%Ea7G7n0s2^mS0yvAlZ~KfE%|S-5VzK0lA_`i+(7E7B>`lF$IM z(bQ9MPJF0q#*O~~Cgu1fS{r!XnO%XCy-izviDF8>16}Fqs{a5wN&Bpi+}+*syG44* zdd6pZRPq{}Y`^fcmB+w^xUvvUz?MMNDzuzDlmHS(6#oF4u}v<*$_)=sx?s&LZ!`%s zfkUOR6R=O+g<5frKehIL$HVq;29%nmt-ielz>?zPOKVxJqZMN$#&wZmh^mfkcrWhM zwikY4DLS-~BJwR`2nqqI{{Tdw6a%ULTr99IZ(!6fI5ZPm+m&kkT-pyor~vpX$Rls& z#dH^FS*{s@B5QdGJ|Z~gYJB}&unwbjExp~f$_hvIsbOgwr4QBSKYEja?;^NOR(C>N z#vq1eVrj-}bXMA%e(>|d8Ca&QP$MS`WOWP(Qm4^1TK%N>_^%U}$M@P)%d)^?h*xS6 zD>Z-NvP0zf)OoIc3`#7-^`#iBt-s6ETm|G(SM)Gp_M^3^6hCQ22jPeIq?<{?k;Xkr zFl4_ z)Q>^AGdZWk(6__NIIHo$2IKzi^jG7^ZS9}w0F$hWzgP<^tEgxTf>=nvP{$x263CD6 zKgYwLCc<{GvzgJZWORsCSJrP<-bd-iDOqBAzw9l;J4nCoo){&K+{e=Z5ViG8Z0O|H zrZwiYr|n5ue%IP|{pJ?ki<`3-ryN4j9i(&3T)Qcvo)MN-Qd^fbf8ICqf4YInE>`?W zZmTn_LN->aylqlJE77BM__=+rhwSjk_M%o8R7k<)aPs=HZ~{Q2@TVG8T6w-FuQ@$= zy(Qu3;akxyE#NB|HpZgm(l}&QekB%pm3gZ(1!T8KrPLeuf849b9%$?u;L7vF@M*S^ z6LTcdv<)l2z>wNolOr^SUPMcC>)iUk-Ny39%Zgi@ts>qrYaGxu%xt#y^S?HL5XIG6 zG8t|egU1X(ouRn(UTM?!zM7t_2^26{9|sdZf%j|x8ZSUzYB&R z8r!)e_fyI6JWX11pOSF>-!JC`Q5;Nko0o|$L5AunnnyARL0IF76{qLBa8~&Ed{O@G zusx*lMqVU%>}FX%e5g6f&Y+$_*gqZsy$dX!lJb$Iz`C54Q7o}QqzRI;ES!q6@A1{E z``%w+kjkwqw<$RBOciTpB2y=-@LngUTPacG48T=ckw}%tKi(@_tGfRHz;ash{_9VW z(o+?*g-YB6ihGKnQNhDGioXl-m-nv!0JPr|@5?ZIV=VmH0`h4ZS^g(p z{ERU1Sr`1A7-pEeYFdIx6^#-#x=-E5#B2*L^Dn4JB>KPii}vueM;l7FHgU8(IX$ch zsmeAe08*>MDER|dNZF+2_WcPlOCw~Fx1nybo50?@9+8l!kC1a80nS)hjn>_NcIzkm z$e(CXn@_b-I?ol&t$*X?iMvlt0CO8DX%*`nXm~5f_GA6dCk4rlMO2tDxM^iESk_5O zv5d#+vQw%ur`Er9@cQw)@_$jmT&1bASKTd#rkaNk7DbI^s>rQY9;AIEcnLpiJ zn9?cU10Smyl*+-?!zxEJ3ht;od4ZK9oo5>Zp|!SpFYV z_PtNj3tK2&#t0%n8br8oOn}y`IL5xETkSk>FBN`Xv|K(k9e1f++9#`dJ;j!t zYQJ5%bIKz!1#s6AfJ;ixC&OzCKMrXEw;nP_k)JU6O}xqGogNzqWrj^!6Lo*^ysd9; zTq=eDI;($rv46VRxco~G#GQ6XwG9_eT`JNCw6-FPB^u>e6$-&*NTV^x%B;`ouiE7K z&3`*5x0qS|eqX!RtpPUcxPzl|d@e zBM-6{?K@RJ$o_04^9m*3nNoBnt!Hf_Q>Z@-f2g)cTFE7_ip>d)4V2SD#FinTmU-9h zeXp^PxImU#v~i9v5>aR>0gBSpYozmbsd;=Pff`!}jfvP5w^-yW?N<1399Gh%nifE< zGD{4clB86Y1XTXbaM#LGh4Y2+Zh~fKr(K{y+vIRRkzK2z07wfQ4u6;6L+#;`YYKf| zP!0i9ytiPz_i}%R5Ax!*znpL51XJp<8d9GZsU(Mgkjd7O84^x;SK^@n>{&H07b~uwt9qD5?fl{dhsVIC%3zhf_+A5C@uoKEKE7f z#zdc=C4X6AdyWa->!(kNBc9$^ZlvU;NJirr9~9pSby$bP$JAfjPgXyV;4PIFX!vmS z?b?N5L;I!f0a9KbzZayd>3=sbw&4ZLw{jP@xKn0;ne`chm1=eRut6Agr(2i(*X%|0 zkF^qMb7kqfsQ&;&G$n{7=VE_of$`UGhxXM~5q%`WO;+&Sxp;^Zxg5SA86t*Cda;qn zEoUI}PHvuzFHSYuPEG4gE5GiQ zo_4oUATg}5ArXl~d9Ea0QAZMwT5q%JLmYD>7TKetU0=^EmeWZXj^|LE zq>_deF(fLS(jvqMSYq`X;7H<6g?(z0=JNP`MlVt-NE%p8E+ufP%6X7gQZ_8B$!;OH zL|^Z2rf2lR+{t;S%`7oGNp7fNxwP7hTj47!@kK^@pWVyp$twELzr*{<61P63z>>;A z9mFU7=b22AM(&|U8*}mfVx3#yNBx%gS}YpmzM~vLr(ZM1qBKPzfFyG&;e9j_{{Y1a z3e3L~yiYgpFdm~UcPlJ+v8&%CMWSm^-&a_f#_<az6O>3Hs#9#v`?tZ%F#J`04SB5@(J-H$|QD$(zRbk6T&6q z&-Z@{;M=dMTA0&RDt(oJb@3ukM-( zIGQ8@gL;vvk`!2imH1zS`l`ym-YO$KqN>duvPLXuM3%BUB=M|-j!-wkg(c(adUFp) z?D6CN>so8Y($mz6?nvR8c!^x6FyQg{qmiXC)9kFMw`s@wxnacZ?sN;ulv=|RUOD3G zfLknzMI~8d0#pjXllzpGE+0*w83-8s%LzNB7)nZrR_!PXJinkxw<^0(NNP{YK-0OT7t4C;<_`O*WB;6*NDvD&Okky%gsCB;_STP-?!yV*S`zOgK?DX2q8Bo6y*2dIyU zL8AG8Q?>mk4b<@3+sOwgZQJV6EU;O`QHk`{O_U%`FX{gPFU9d;WO109%^q6%79SL( zlEg=R%Tr2{XfQpRRp4qKKcg05F3=d}{8clf4?6+L@?>2OWD zIkb>$ifpv@b^!gKsm6h-e`ohyf6BvcTFNH#7M*xdG?H6gDo`J^Z5fwur1!=UB-DJe z&GuT}`9b&O06qTzmkJ_M_PUI2dA+2ts6DCbDxdgg>w`S75)U?CN!0qK2=7;lG2d?Z z6U*`oZ8J)g{5)W@Rv`ZXzX1OLjb9~g8$kNRZaA!OX~h2ksU2AT?OZapRfEq3LmJI& zvoNg<7C~=MzDCLYl5q}6-bQApZ+cVu;H=|dQvMW;E~ zIkk$kpj9Dcl)BNluvC>DeNJf6E4}P4qmeD5c9P}h0{;2F*CmYBH3Q*|xC84y`=&qL zMfRJ6+(g%xHrCATC9*723KFd(qnE|Ui#u`Q>BAev@VCbC#@`F?C5ukA^{xxas7NGR zG>K7!Y-8l|C3r>6RTua2aETFq%y1${DKz?IcS19G)T%VrkXh8at!hjFj%60Al3dIE z;7iGI!oOIVs7dZo*0 zw_E{(PPT-_D=Gf&DAG@b?dX0u?c@FXe)H6S*+K2@9_-pet!r|?ss=9)qzN=uxTy5Y zab}7o^`mZo?!S%jOmoL&rM8##7QVKaxky^sjP)UFG{Hv+hbcWY;WzIek3Zb67GyRy znvD=g>&6G~r7X=PZoxo}7^_P1!UCD5LGjGdqavp`RhJW5>F_m{u70$Lszn0Gz%i;N z%9c+|j$a4FoVb4NnHf?r2{T9ad#_ZqF-A}ZU|t?lb3oIjYJSQ*o~#po#B0HQCKk|r zW+OCktSA&x>R;~3HCnsOq2^UQdP5)YBTf@?XY4DG(QZM ze!G>9OCua}yg@(|w?Y$H3uWVqBFbr`#EfXWiyk3k7D{&F1 zVqc20^N)|kiVa^(5`!hlmeClJVji$lUPZkrVJNJ7taGG)X}@ch46)Sgu2D<`NibF9 z$t&6t6?l~~@{~Uj#T1jr{ffte8|&=wt+GO}RH$o&OTc&y_KFx!7XCo5`@i@cW$bMo ztH&&Hq+8r-3lT8zjZZR+h0hOLj}+tfV)!^o>T|%_Wb-6XEbS6-9<+)r+DX!B&odM( z&lC#OW&Z$vPyEq01yx@9(@?#P%PrWj)0Uj)xoH}5U1`QnYYHzf+4X;a&*F+a3H3Pa ztx11XztO*w*W>XU*`}uV2yT*r3VK#eGK71+MB7I0 zrDp#CMv0y8WR-ZuZR*Jm|HVtitpW6tg^FLji;_S5Y)#S%)w8 z=kFWrJ{w$J*aeYV>iRkrWNB_op*?{~u6-6P#C?b5{I8tT^MZH%Bd1LuX=F&HXjzS0 zkufw%)MozxFYLG4$V~R>#?H<$$$s3tb`G}D(TJ|!ykjD-#qoSU>fmU?i%BGP{B=ZD$j4~GZWHJYxl!k}WD$4YO?PSj5kddOY zxLat7fDy~jFM9C!!^Xt#uwUB1mO34)TtzmqeqElf*8BoUTYifnlD(N~zYp_%&O24I zNT~43DUB2}tkXQwnw`Rhr9asx{00S%Io1OHiU6Fb>^D>XR}l{e{%YLC{-^C^N6vQ> zTQ{k1Cl?oUlEZQe{cc66t8{Z4SCfCOgDkamX1AXC#ac<=s?=2mq3Ex`4(w4=rUtn4 z0M-1t`YKSc-QU~9@vC$)TnpkyPCy`ui*4~@n)SA=bLEXz3+9R&%|i0dJ7@I>jDZcM zxMIStp;|WO@c#h9;9XM5tu;HVFHp)7&S#EFaU<8gmPJ}r(N??{8=$Oi(8fbQ3mI9} zw42^zHriI769Uptrdfl;RPlxuQcWwe z@I0_x_N;H=(Qoa^M7HBFB#^~Ki32S^m7-?&PCrbz`o!8L%NiIZy|*fQ{4zI&BVx+- z9&L87819i!cjA*N9yl*Wi3goED7N&(wqy;B3#$en@=pmzFYw))si6>AkxB}GqemDY z@N+52<=moKFSZ2T+O5lfvJ1w)LtwIjywe5ZkPF))50Sb{gG2tS6P*s-Ld1$qNCKy+ ztvAI7j#$k@pa0bLNEFSRHermAM#^K5a#q->+!61E+MV^iybdL0^dmy^v$CW~AM;30 z!jX!8-`ZcYvgB*imr_|?bZc!X&lv$$ihG_^{_>~Ph87?0j$c@nIQ?bfjXtd)Eq47C zj23Y$Hr8sYs?iAI6ci5UZV=nA6Twk^S$IUh+_n`e!WE<}Vp!0qVYHF~S7Pxb>yC?4Q54#2%wPq7izER%#tecF3PHn$TFU1XH@; z8%V(s+@xwGAv!{?Js6!7__^q7c!g zk5`;}qVU8Esw7S+$$xbuL1p@~dOzhdqaw01!}W`{S>(8lXoS$g3ypM96ejiVhb3hi0aWt$N*g`FyQR*!gB#u@bR3a=?kQ8<1(pxOQ@5aQM z2eXD5B9e;j$t{(SqUCB=)1^5%tf?Q>Qa zr^2U{DZHgiF$~jB$C|MyXyQMM;^XP0cr!}0)omk|WER&KC^=k6q_pxgGOCFtd1HR1 zc>e&c@PCr^({-t(j(H%r5<+-zSX3jL^5ou}Hx-}*_Tz3pV~^X!ZyQjEh;DT|3snP{ zfJG933Hv^iKkkQ$BCjR>d@qvv%4@nwb8GdAs59HE*+}&ue|U`1Ip1|Wf0bnZQ#)w2 zD;UI0I$qpABCOLiQ^`++GRq*A3FATbRVVmazh{ z%YO{5diR%9Dv;Z{YL}dka1~zKDv#%$PCv}pCGEkOqX}%5Nog~rwVFu*sY$L6IVZUP z0E(?3RbS-e@!`e2hMlGe>kO0Xcdbn}z^R^TD%^^3m7GCn7%#0O7k1+(FWTYM{Gk=S zkCt?|)EOk7P=*VsWGNhq8PpbyL$ZGDDr1d<$ltWQ`C$D*80}Zp6WhT7EavK1n#{zz zvZ^uT9E^U)GJk1VbC!N&+dJxZce4ld8aQO$R+-(B^V4(8s@AbQeK{)d`&kD>;iIpO`} zpB$5yZa)vIoSQl>fv0*BH1BeKSrRoivMGpu@1Ogn8RV1u&)f9B*<_m1@gZMMOEu=i z)udH{MLPhcr1{}({q~$C2$s_QZI+81DzU`d{{XvG1(~b+KM%!$L1^$w!ON96Xpn%k+a$q0h=)keT^ zseCu{BsaR9H0#T0EkL^T4MIPGcWODDeKq*Zn5R-G?Oj9Pds5 z6cwjhuMC>1@u2p{-J%&6G$OkPX4P@3}jUKYm6o#onhkIb*H7Ey~K& zQG-aPg5pA?hNr?|O8)ENo8q6);+C(eL8V1BYF6h^jX5M>83bUOA!Q$F|MOZr?QVuc2$zzSz;&ume52SrYNNpH^-jN^< zBYq9Ua!>hq{{SoZX&k>BATO+~bhfz^wbJ53!GJL|i%<7Z>XDLYuT^LN0CoMZS&0GF zH3c({8g-2Umg|oec)<8YvPuW17Ufb|(SMmO(Rkn|k_|FZYopr(BEJDo-h0 zzj-NQd2jK^+`c9IaeP!?`&8f(u!B!|IID1+8C3vb=~Q-D{a!4beHLzN zHQZ6%%Xxbc4JAdKafh786cs{AT1gsBA!d?QMoC-wxVI!^SzX%Z)@TE_#9gRpNT z0As*z6`CK5;`L-^#3o}JtWrXddU3S&{1xSpkT{tgWj94Ru}_I2Sboa=W8lH|%V%$B z_i-UvBw}TjMyj({im8#^{Y2zD`svF9m>`%eQNmb>8`qe6aH~3xv?mK4RyAkbd~mn! zxcWT#qUTbDKClYwD&Tq%5CySiC!4rJi9hU~ZmyCy+GyYRc$&#Jr6<+(2;;cABo?=6 z1+hZ(0+GlPR%Tze&g}AkcZywJ@`^aFAi7%sT_jXUgf4l}MPU+FHBisWN0K&A?r|MT z#>lasNc66+3!^oJaIMu;^=TQGjk=2Nr;pq8{{UkL+37byy;)<5YlTmUq)@6B=yw** z+;{kSf57qhaeIv#;z*X(>dn3q%8(#o#DxQkDq2Ltb6Gjajr)9`3MJDt^_4wMK4Tnc z{DjhrK_fLNTkA5s-wKXDVNsu-@?iU2HaC@4%TCi_W7P;-ptao8v4yHA-xXFrhaMul zwVC0GN5+4_IqJ2g-dt_NI znFA%9jm-!M*tY2ljts z`^;Jcacpg#I~3Aw?P3=$4-)(gk}zVtMFo<6kW(>H24<36kh~f{WSO^URgcz^iWx7Iyk)GiqHtGCTSy%U#pVB-{59OYM@4N z5AA<83A?hiis9ZqH&dU6S%f8}_;;XU<&o+0et!`E0F7|hO}x2j4Xu^D*Vi{H%M>=tH>#vihKq@Jay`T| z&m1y2Wm%zTgaE^enH~p~TlawRPx5{aa<-Ds)OCAEY**UR8#k(>a)pkS%7(|6wt>SEnAxemD`H{0J{0V?BVyAYz^CJH)|MUZ**jmLqJkD z7Yb?qw1yw}6>N8z6#oE;FXSWPeLfOJHva&7Dmr9qMTsGv(~0JQ7#)GA;`dX_y*BEU z{{UMJXLW|+{{Wa;wVdas+>Ft6{{Vo(O-<&C%hXZEL1TOn5l%`N$=aW3ej&C2v`?wo z+};%99i{XZ=d$pTAftEx0Cmx_S2Bn+-66=RTbU5_{{VIxkNAcc=sIkl^RfbK^_sBd z{Gutq{8tU^(iPRDx&(5#VC8`8N0kQt!Eg?T3Jo?j<5Wln)Sx6m7YhFX!7fNNND@2v z7mZ^P%!JdGR27Ub(ui9nIzF2`QX|V&D{iXbC=1Lgd_k++5=4gi|! z7|6DQK-UEsobSYN{ihM`J|Z}x{_(jg{{WVymQcs1S;(<4X(jls9ML3_LMiIM6T&#q zao~A0aHqo>NZy+{Rp>>ITZ@T32xA|-X#rZI_2#X*ARPF_-)rLa`F{Qx37b@s^a;W; zSXPT9frqGTQN?TOTt8MtU)>^lk0h-pEC%Y|T#SMxxmpIbmy@Isf=FkRpQQte^7tcm zTmWnhbYsm%8? z$ltqOAymku29;vnVS*A@_pklJdVZ|lzYYaA@?KA<&GlGbAsw=$m#;{cDC93BrAuzL zNaI+VE=a20qH+HB18I63E*Uiloo^4O_cny6KtLRKQ~UJd6*#%{5u*P9dE)->AFb*y zV)9zspR8(g$NRfzn51^rfof!#hZc{M{9m;!yuJy3$EFg>!c=i}avxCDS!5Dj$yK$r z458jJv5qLveW;Orc3ywo!^?tj*xK5w-O8;U!ck>5=&F>epG_k^q-JS2EPoR;?)>KF z>FMGPb*K4x)oV=tTS1L;&p${rmy-4`~057PYwa4tq5IgJJN4$}=%39mP3trsB z8cs2lEF^fB``Jr;UZ>h$vnM~bhMJ~}bzq*Yq|G!E$f)v59FQ_7w-3y@JlSct?&ggX z`9EU|?kq1Sf>Wi(G;zNsms4kWqbUoNkj5+O6fD#-$?0dC^WcuWhtg?@U+|L6|RoL@cV~>wt zft{C%{f~>{M4`5^d0jN&VRIl*Oh}V4q65s<6E|b<`eIIBw7<+IOL%PHDJGw2qwE%W z76MwFhz%(c2ixJ`jNYf)=g0SsSuX8Sr&zT61ZuFkc-$yvp`b3YH!82g=|=JV5qy8T z=ZzQl7ZI%{mhRo#ips(4?46H9ML=h|fB30PpAY)}u4IP(c>+vS+b{Q4=^7$X57@S9 z!YSANCFYSA?Av{;6fKj~X(YH3JcD*ea!g&>?oawd!T$glT03v|^gf#6R@d zZlP_}LV;QYGErbt{`?WNp0C=A^80KeWrbx+i__|_7j;?Qv5A5d zju=#MlY`>_V3oqHu zi5;!Hajc%Q#tJcpBuYv)s066^7;H^rRDNH)Mg5?cP3p!R25{X4o0O4hx5m+!(!cC; ziT-G6&2{DmvWi(!8zl5(idiTNp(K*!_{sK}YIr|BUuk$`RDF2HSC=GKRxwHg)TlIJ z%rfyn+F#Ok6^`NVpclTA zoq!Wek|bRy0Dtm+)*l-WIOtMaOXfc^et?QmSgqsY^BBk5q!Ic`jl&gNZ>X8 zSz%en>%<&dUtU;1;I*?yb!~D1;D2_J!6gW<9hs?s?)1CX@~)?85;MzvsavJDLCnQ% z9A~Mg_prEZlWF!+&7tYZI*(o(wM&4ep=63_VtO{*zA?5t%dxDwboU%V6H9UxhWwY+ zmNhm108|VK1axaj(15Z<3YFMblgh;4Uo1y2)V(MBXaqza++()~CH`20_r9^G1y@%j zRd|>SZ{hJtlK4W^f_E_FT^d}OVak@%o8jnFDmw-O~ehB5t>^%5xf z#Ib{DwJY^E7bM#+*+ke%t6Fdz8`FZnwHhyrlIxFF*HRFYgk!wXn2ju!V)??aYVkbFzl#B9N}_)KVeEIG^3X-ke{v z$0{u($8`#nS#>SiNf(R33~E1ifmm@Y7_os>BaT0d(^UAL^?9U{MK0arWJepoyTMDkOroM3vqRAEIc|4#3@u6_6V3_rluNT==T##007KYiz8miFhdZK4r?bgx08!bD;1TyF91PczN^O{KT6$LukM3# zboBjMWM}=;;nJpxgHyYbcXG_}ufi!-+{YQ%Q~lP?>HEKjg2(VAhFGjF=WB^=rPQT& zf+&Dnf~0&Ktr)maDmn0r`H?;>U(9n^q>FQ?+{)KdFp5(N26G9wD4YYlYa_|OcNHY&9TV02G+$Hqf6K$|2h_BUHq{|$;<}zP z8tNG3QR+sL){76IzOSg?0wTul{C?N_t+0kDb$De99M=x_D52tyjO)!yGb+a@^(Bfl zr`eP3a(3s*a9zc&r)uKf>fI>8WihqA#4ae{G>sI?G(39_0h!;2!pg0Mw0R1{6}^-Y zNWZ+15*3oBj8$b$R8B4NI!F6VsH~iMiLICdD)d*o{F*DmuXyAZeO~7KWmO7Ew+tk6oyIpnf@QE+ly;; zZRk`K$vc@wc5>eiii>2x!U3Yhg^TXaPbPlf6SnWfe#h8eaC&PV57VsHHTv9?d1Q@2 z5vtNOKN_OH#8Z%=C0V3?QMbUH`3Q+5wz3XX!E{30NU^a+h{gnpqJ;2@E+Kfw@W0#t z0CqBDr7l>r$oCOPZ^*Hg1GHcb!%j#j?f(EhmlC|!EDWpli{zG9Kf7g_V@Cv%8;Evl zc>H(>C9a+aIiXkJ^3(fXn@uDoKyqlN6ziDzi9AOxeizt`0 zQ+jl6KNla^<%1xzvI`*=vN3v}Qce-Zri9m&Vm4kZy_*2CSTDe^TOr)Y&ot60AoMDq z7hTtO{{Sl+TY#nEFvN?wm19U$4{2o!D;n*@W07QCa4R^6q#n51moBxulr?z{Xv;{O0w6HRjV7xnEW7B>bcp%U1K zfr7>EtPdyHyK?=UG+kHE`n){bSJWEJGdj<6eDOh7prSjt<>Be4KlO1-Ps{6>BWYxn zz;Cr8#Lz-dde3qrb{)AS5`0-S^_NbujzB`Kv=f6;2&6YCdWu%OyfB~35^CpD)nl21 z+QDTcHxgEcvc%Fsw?jzdWMh|gQRbZnaNiJzN@ge8*5tqZ4@{8x8sYCeouYb#mP?4& z;;E=cNP(&U04Z^rjlvyaV`*w9($Is{ksaJykN7MG@GZs7q=uA^D4oS>J{U+-?e<0t z^8$KNUadh9UD>UCS*(z9-^8v0g3j{7;wdf)JaRO$##eH`SeaO>R-C_fihtJlFwM&T zi_@hi;X0{udV|g9Kdj-6mCC`T+|2t6d&`**`x~2=AHy5vn^v{aE$x|sk_APS_`j%m zpZF$h2X3t8b-8%MtIADBGTe9Q%oBDW zicJejRk*B+O{WrL37UJI%Dgi}AU@FR-Q}&;i#`xyCNTMX7mtagW z4TTU@+mln%i5KFMXZt_ie$;BAmdBDwG}jFuuf6Tz3?+2!6ifE4?bg2vAKtg^@pf)b zg)HqPSgj*PoW_e33Zjs~y*YSqUH;Rz?5eNsm${za+7~Rz3IY4cHl=qvo~+wfrbO>% z{UdW7$0H4zqpVNFnXZJ4rm>HSmfZ39OAp@v0LDMwO>1gxgWSr?X=wz0n22udia9eg zlhl*(D)QyQJ~l=8(6u*a2-e;a3{w18H^Y~N}`>V{qSClTqWs29OpJh@f_)jl-<+CpP2zsd@244}0oMZ#9jd3)g8PmP^{_0xC_pLu*Gghb@6DGMQ>p>wbcwK#Df4;J+Jt^&T6&PgGj;nLR4ek8blYb@rK5yk;CI)+EB)FcqT=yQs(zNSmE@B4 z%)=R$brKna3u6}`PwwgQ(LF9-7e9r#V+&oFq)V%7dwBh8d1SkiRf<9(b!iJIGEMv5 zE!DWEKlf(^d?S(@HZnprJ6R0x>dsf!xVV*pByVlWxUGK2K1#Tp+J%Oms${sik@xi^ zP_QZFPT<@!-l_ipS}Y8=b{A-}Sn11gat7BoGTrJ^CxW9nva^c6vY+WM{>$OO_c7jF z5fDbZw%i!Y@U;wU@T3;MSGN)$+Vy95fAz3+mX9T`#W71)qVhmY0YdFYSb|Plu=ONl z{f>X`tV>iaePvuz@BcR-C@I|_-Q6GvNcX7Gq0(J~fWQEy8Az9;bV?2+rgW+>Lb{QL zAu$-^d!OI`bw6Ye*micE&$+I57WGfttyu!7!hcw)THilpX%7AypytW?jNPvShUdxN z%jO)&d3lv-3C{PgMp{(D*;!{%K~cKe@~N$iBNXByEHPhyC~4_pWxvyvS7g1riSjC4 zxfdP>@wj6WEE`-N3_$1}0`8i!9}mz+HXeuxdt-snA@4y59N!A`psOQ{YFf&`%*C|c zrkdpql@n%9N8$zn1LRc@NdS7m>S4Wd#rn8~|IN3cB*8C;-dt5rQf@>;bPQ+W{5yy5 zV`!Vos{){lFLDg$PVC`CduKz?$ogUpKE6)$OckA?m`ZmG?oqw?sn9koIxqygv=+yF_sPrK*W=djb2Y*F#6v+-(yv7-3cIt&yRPDDs|wqxwd zlP}2w{N>1pY6ZDAC z37qakJdWxA6bcbmuw5PF%eB^^r}>;_D~lon$1vgzdQ0y-&Yen*33CNo=yTU$Zuj2n`xWN(aPVbs(P_o53vkXu`QVHGBTRYB8s^w zGMVF=zf7?H_&a`n$v~cZ8+RTlw!VcqPHY%B?jX7dL;lz;l-tFu_5=kjXz0uo6%g#c z=o<^ZeWPElcL$BBMmgK^|A*8*;v5Wl zGgMSgqCw_%dI8BBpx380g889q+Ep@H#us>U)><|uw9R;3npFA?`DPj$BhE}1sfd^> zzOnLG(shPqmNs5JglXz@SoS(76B?9|zO@Cs(m5d^YZjG;IOSpHzOE2|k`UrF4LpO@ zCs56oNl%LvW~ZR2o&dlZs_ze*m{ewuE1gPc6Huli=`Q@$hgx*NEaL+^FM}&Xf#v0; zJd)XYjdV9I!Ph$jc})z_FR2?ynE_lT3I(>45ptEC&X-{0`RE%977i_3e)ZvG{N&nv z3vy!<%&;`NrhR0i#A&6FP6lSqiZUS7c8am6Tjm*DcRsayC*pM=QmvQ93eHG-W&InU z&k8Z?TM>t=(8<#LYZIDppGsJnFRxYZXmxKIQta=nH1(Y(xdh{zvxu$_hFi@bc? zZ{3eur@v4l9fsc3s5#p)MPe4X;{aM6_Own>42t+AGq*)P_=K-rpsJSKpuYd(<*vGE zYTV+3nhvw{of~V`H9v!Hp~0nJ0(ov46-}*G)wN^624S|`qJZDqk zw48PHbQ?XkLTa$KrUYYd3v-IF>(=;Rf-k8Xa~p$HN+E;_TKj`=FqQFD`>^lLTQ!1Z~$Rihp&aaW|y>8YuJ4?HJfQ zQH#~~o}-_xQ$pZh)yItfMTOtA?&p4G$7o| zruAliGheN`_%giSKQv4qtUrLarOk5s3v?SHXn*LzWwm#BWB3lQS4_;?^w5<-z<~|` z*iBMTv?n%)trs=jM`mE{&1vdZnveJXCIz=+g8>D>N(qo--|X^kOAjF#=V-C}iZXj8 zujFxkuAc7>i}t=|q$7ko+?6`Qnh#LyY5RIVpAOf=^kCaf^FE7ch+FDczgMAKpJdVeHn#z@5b( zUuqube=-y>NxFEz^ik);Eouzk$ssTlFybqd=Z|@Rb#5f<+X&wyFgNGRtxdwJtg)tq zbs9ZsA?jmM$|a{evr(k~w2=WHHXg2g`}=3;=*v>nJ)%|D^xPevekaL1O&xrS4d9|h z84u`UK|`sbo|)CUhb=3N&!<{m!XLKa521ekO(ID%+UB3f;XOO5dxhd#r#XhjhTr?X z$m`(X#BDn7)kD#`NNNAR#z_x^cF*n`z`aQ_P5L&tiliM=~F!a!h8-|A10c9 zL~X~9HXIGN#hZR=u(OF&EX6aW)L5QPrAaVzx9Tq~9Al$;?2j)n!)omX@9nl|cKD*8 z)ZG~$dLKm-4ei?rO(1^;)Ybm&M3Y>Lb>tH-NMuDBU*&)1Xs6H~!KCAEr4T) z=*6$G94MbwIsP#p5BnP^;y(T)TN^+_(;>9W1NstUts}A_QUn-6q=*xfSq4|=hk)S? zKwV%t2Ok}CRJ82Gb||{uBq;f4x5D`oGA@{=&AA+80Wc)?)VA#7SR})6|MrGp0`^xL zyTPjD{6#D*wd=of_O)M>>nvpSkFIb(jUTBTneCJ5A%d`hAv=HbhAx%Mb0}GrLHL#F zG<*j2C6B$=o$<|YL$;FmWp3(wJ87+&*KZr?Cq3KJ0 z%q3WoS^Y=M+8XvKV(1ItiuwMnFV(G9-}l6Kn!xL1ZI8EL<6Yvvk4}9wsA$#xs6NTf z``nHS;92{bkdv&vcc}e`I}OTfCu@ZU~)beEGBHDtIK-NT+mP|HNzO`9|^c7hd zO?HZ98@aQ(%hw|r9!2TfN_wE&q$`On#;^&56vM5@~ zZ5h3$ggkzBnASh3Yp~BxMkXgkYP_P^<;*t}qBMYB*CIm7yB58ecBXgHn5MK6t%9arZFLx8aHE2P$#lb)c$FyTZ;@f=0K!Szu}>0<4*fr9x5MZEV@nr3AUm(RiZls^S5 zjdfcev@=O{R^L5r;X2#5<2H#5LcM$@tjL~w#lYtSEei?`=D)AlX>;-YJo)SUkiC9- z3(mPdm-=^`e@pz1LO93!uZIPwE@1R*I3!;373lz#QGHs(;3&Mef7Gi7UaIEpsKC|5 zlboUD?d|mX;ixS89XtHZlN~q`$^9h9WbO>qP<7BhBhm(A$Q(_2*(~;w03Wc-CZz$| ziURU))2Cd}FFkIJWt<><9?52t1-S|67g5%^{I4?$4*Pp@X8L zcm*TPyL-Tp6h0Ek^H1?JsFbS3-TzX0UJFrIG-;NYypD9JFW%8iu$`)}SF-3r=w~%A zI?f8eY1i*j1^220@f~{)_L@ZMKTBnXuI9AjmY#&a`ywel-u&`qvs?a(h|<%D%o?;}KYu;abfQkFdML64JQW|&=I7;oK^*@q_NGMlQ~gwy zbgua{n#q&gB3VrO#})Egd5l=RE2Qg?3q;YM!!iHbh>Blj7(tCDS9f7y=>X)4KWG?+ zE?wsG$NAZ$uaN>h<1>MmhSqoKQ~VK={1Z&#VY))_KLcvT<|!&ZoU{z>-y33MC>Evx zzCXnGl^qE1$aOz6;H__9gnju%`W6k*STw{XVnDhDnKmeLzy=1xtG0T~lwMAArzlzo zPBFRCS6*%=-}@_l&svK74@!OwMSBR_UNmx#&@CmsWns*7DK$4-IJxLKoLdc_lEPv zby7L&>#n*cMJ&&^w~bfAlnpcek$S9euPU4#mwZdxA1u5btz&=){MACdF8pFKRA*iF zhkVqi;??@3oa8IGQ~it#`gB*eB|c@qD9ACSERo~k4tB-vFa3o!;PAZiY+&QTqS1 zUuS-<{gm76`XuLCZmAM$Ky6~E%-=BFU>DXU;Wx^Au>t!hvu{y$_12=kku8Ldj39kS z&Im*U@Y0V5y|y1s<_pAZ@4G#D{oCBI!wMVj5cgH1l<+%J<%)C6|MyJKEg&~GZ|)?J_YSbEvB>c%E8sdhZr zf82J)C`aq3Cl&BfiF{ZL%uq(WL$i+5DoxKLnCz0+&$cv6tLN1?ZEyPrTez?J3HdpF z&M-S}|6z%rdum%8ts|BXIvikYV!`g&D;A_@>^$%RixBDMlV0B&^%ypLHPQsEnrcb@ zYDEX)Y1u>u%9SWkwtS;|gj`L55@4RxaKFJ=LIejyhkJuRJuk{a4wh~>1^`9%c={2J zXB|5azwSL^zU?#&J_09Iey7lPd#MAnlPm#H=$p^JvC0vXZ<1w*Hl$ZhC)&g4A=~U> zGHiG&=`j8+ib)xx6jR+vBOuoM^Y)g+p&0$MNStIEYb@Y`Xj^0 zKUf+Chx(ugUHWSpuK3FN9fQ5bv&49K3lFt~gyv62*H3F2(ztz4nw^3_3q82{3Y@cj z8|*f}lWDYIgN#Esh0QmQIO=TR|Awx8bBt%g21Lat0tNlVpOGDOoN!Ix^g49rAk^X_ z>^oh%B4%Wk`fcS6w1hdc322XmUr2EL@Dm)0JJvfQ&x1mo8DoKKNE}Wb3o$s{3-O^3 zSNq!BDz=jUmS@gw>Iuu)|9tK)SZfEN(8-!3w;NIQ?l$Kw1IM?-$X07*_>p8z>izUc z{L3!~`$Y{!S+6BGvSk9E^u!z9>)|k3JW5@L)c=IzXt5_zmTc zz4vRhw3PZ@$LgU ze?2-7K%$h^bH#&?JvTLGg@um2b~wvLGp`&Oea3PHo3`1BV*bOj1Aq6wt?lQV7ZTBX zpP-Ke67+U_egAv-2j@2IOg7vkXUQk-M(@exLcWygWr^Qahu{$xociPUCqoi#akF5S z(>ywH47~1qJE5X?*Vwi3R+l2`&cf)AkWAu?v>Ms76M+e)rfXnZoP=ks>Gc98AZf9k zJFl-_h_O_AQ?6mv;+J|Nugw7$Nl>gW?)zTze04J0mjKj2OB8rnSWzU+I(poUOcwx@ zbzy^JSK0Q)dp^1aJ6{Yg{td3!?QZ57Y6|*3*Y=Nh4OcQWUH~N)pC$#SgF#T?A~S=> zLGxrwa_#LM{PmhOIDn2>nyHc-$_Z~Bw@+aCZ6}WDVe#tU0;k~KT}`QE<5uKJs?`3*r~c0oELL`2cPyMs5Z8+h z?XKBxUc6j|Mj{dctfq8OZ-R^P`}d4N$vOMAw^Cq*uC)6vMenrRSskaX0Uh!V6pDn+^(ujb0@Eeft6AD!01xI35zUngL zsz?yr;g(4NtuX0q!H8??tsg-_Z@9g7a(aeV)ta-{$lvo#PcuF5GXEj4Vykf}xORb%_e-EjDyf%c*nNXgAgje@saXI^V@4_KQmOB_efKl)R=e*a!}C3+OZ)g83z`Vx5a36@GCa2_*;7GG&dm_oCIy=uW_I3Xt9O#*lg&ynOC51*Ni-9cW2@ibki$gBSu)MI|PiBX*hu}Q@Atd$46Vw@^Bdl?>W4IU1!EnxxFII$>_ z##r-&676tZ?jGjni>dg2YLwu{5XlnDfALDWTAX|(90nxa*{2T0*ThRa7j*-HHxK=l zU=||-V~Vp8rCFt^TRyvkXC=FyEjGyPH3mwqKgnt-#bmzBmf@g_5&BMG@tYHvPvx^_ z#P`B_^LsdT?bjC~qRewv1-ct%OlNR{>0 z!`FeCIgZ`d7OIXnq?QxI7xKN*pfxJ?Kq}07>5yodb+C6;aQ!J~Z%25-P8w%krAuplx0=G= zRqM@(S^YUj%;ty3h|@QArCs+m5rf#n^m&N+Iw)3O3|K8M5BN(55Ve+F?s)s?rLP)* z-ArS8S#EC7XEYxSq`zuk#mCIv@MK+0#!rz;KAderb-4670saZnJoO*eS_q5ZzV))c zU#-X~=NEN1!HCizwDw{2aa`3YMmoX#`1~@0So5d`GOX+3W@LWTpUTeqXS(j7edY4u zgh|uKyLfHmRsmjnXgtC^K33`0K#}2jT=uZVKS$JG>Hv%D@tfGU9`30~Op}8~s5*UT$D1S2$#f+$M?P=uF!BiPh`9Ca-U`8iK)3s)8Z8be! zPkU|g$Ezfs*FF>e99r+e-x>x&S0l6MXYvpqN$|S9@D*%wnkAYsP$K<=hs|~eZi><+ z6AlDw+?F8aHzsk0wQRW(rV9R@D4etL2q#O~2=v_ML3lkcf;i3HY6yDCEq}y8#kQ|m zgPZVEPVv#zxo(~j0Z_@~O*)=8eNz^W3X_VMkLt{oLzLtT~&#gUUc7)iaM<}mq? zI*3o5fAC)YKqG`GOd?`7ae80?PpEGwVM7L$gnunhBZ+NTgW^n69JvwOsA}$c#nBcY z?wDCNp-c{Pd1-Ehb|b8VldgpZzy}hoLKJuZUNw66T51#d+9BP7Glb7BEqxk-CVH;jltI+}4_B zT!(M>LM;vXcdc2iywvBS{BJCowbmRPU0EVc6TK-Ac$NAU0Qk9lA6a|9kb$N-=Fw+f z*r~j8Fq9FK;e2$vjLGILSNZ;F*7k-~N*C->%DHHeQ;II=M~hWzAhLSjVngk{`Nre=Ph*1S;#$>D7QsO-&Mz`Pw*egk;-IP} zRVN3MT;Jj60i{^2HT*Lsuou9n&4|s8L^_u;PSe*|83wcLHH!4PlfnhAoXkE*F%F#n z0{nn4v=8}C3Ov8M6?jgzpXoIc!IJ`CTmXU`7)y(SbS3tzl$KD|whDt2V?(HUh1(pA zg(M`rc+V!@M(09|HIKe;^~1>^~Oy}%>KHfMgQ^@)krII?wGvV>|(*E2YaLPcV=NPJp;o(2Bisrlk&Xz z)U8aSN0{K`FFud-b6@U65I02&-M7};g?FPGSfL&Yzn60`yY5CGTa?5b&XFv%B5~2@ zNmL*K*B>vt=B2F5uyLr~!crZO&&0~$T$m1*kPJeX3!dyR3GMW(W^L84Ukv(6)(RNy zuiI-M)I)ZwhSxn1=A&1qElk~R=Tls5#M7+iSJN+-6ZQ0H+zamgdTJ!$6ETRm#2jH>uSF+X0w8w^eq-VAvVsi8fOrqn$8qdqf0$t^v!II`@OHgH_3G02XMZP@jd~EeZAF+yRbUt zytnlJY!!Z4>c$ma#4iyrd^NrH;fNq5x8>)$eY$**d#IHse#LhZ9R;^Z$Y>iV>7@&ws5khY9)OkTJcVi>!|1J&@4N^{Ja zLwEAwU!jMPNd_SJt?hY4)eDNf@vGh9V+#$EPR9qp8-ty*{U~Qns4GmVCue);+4jrU zTTtSO1gH8vF5y1 zwC#IKzO)z-599gl(PknhKdTXCUjPxkYt<@t_lf)PL90!dkMZ&?q@szs%f?Qh&BN4J z+eJ`r_!sPSH1Tjx#y-WTIT5?&P_MdRxa1K>^rz@|il3GLeFk!B*I~j+&h}?4Bqa#R z0-59$|NKqO?>8*ukK0L@cuR)M!}!;~Ib*UfBLqcV8~0uc$j;QS)jDMv{+v|GrW_05 zMcHp$$wC6p!-ywL$_D~S=eE1LItvF4*9{s3r*vAsX4Vcp8=o4J1Eyqvg3gMc^{+Me z>G~8nAt$-40(d90EwP$lXBPTGO;d?b9Mcr7fD4=MtzFl0?0^MXK(|gij(j!CXCC?u z_Sf>qTQr9?Qg3QVN7#!TW-40dFQMN3a~QJXvOujeyxf-@p=o*?B~sB5?ApcKsdIk? z!yqB-Cu2)V$mZ2xXu%38>1{TW=fp{~Qb#LiB)Pmu1b4Xsu~ z>Kv{=TP8AfmbaaoP`rzxZ;C&_V$aT=cK9eR==Tr~l@-Ncvx3J|!ATdUOZH&_-J-OI z`CJoDjjIruq0-Fz)FP$P^wFdb<}X#oeUIKsml~m!3oBAAy+w)TW$*(vo#K zNBHr7#loL2$I@7j(E!KZ7|%+7jzOEf4UeZyW6r9iF#!(4-Q# zQeDnh)Tlb?{rfr%MX58`T~{>c(-{d0c8zzBvrrMz)lG|NDnK?uAUs|1At`omAcJ=; zJ@&831JHOhP-h){@>-qO`?v!5hse3A-!q`R{bi(DfAZ2qB?$If!b)qARlrd_?ur&Yn=G_cvZGzE~a=G_PT>ihXX6O|zTsS&6qg-nwQ{yN5f36r&n)Fl4XjOY|gD0MK_#`*Y( zMCJt*L<|sZ0Y1d7zZ#bKg?XI|xhyRu*Ua$6hnWjZ4$AX3f?~z;GpPeIe5?4}-XrJM z2BWE2vOL`0s@-SW4d9>L8{Nys%=MM+X$hUo3-JE>L7uD!kps_~0}8LqArxFle2M(g{JQ*S-@_|W45WWBmHlHmdhK07Z7{Qs-I`CR`A_T6Qb9#-g>i$2 zK<&$!qnaK0_6v6!v2V*d-(mG~1Ty=F$5!CT@SHa*@Ylvt{T~!Fd^npWkpqI4ZWxJS zm(As5hXP1C+zCJzuFdK3Dk|##!?I|Zam){eF{>Qsah0yL`NNweU0O%g0a#?13-wj6 zBfoc+rRQxs>7bToZHa(cQvd39da9MooptECSGav^aUKd3ICVQ%3C8F$%!`ybZn$d#y$>(=m`_i-CsM{YoX>v_Ls0Et>8`S*7tLb_=Ju9Ovv1$hMO!oT4FquUL&nb4DYYj5X*eCV z+Dttya1o&U4s|LjhhdTDgJTxMA3Nb0mB%=spTY^*v({ZhD_b0GRW>T>DcU5K+K@lo zXN3RGY29?b>d`m~oVYcAY`ttb;vdmi&-l6H`dpJ8Z<{eUuOKsU<45obGkoCuAJ}P& zQm3n{E3hN|RoaLL)z9q1BsRtJG?^N%5D_JP%U-h-VI_|Yziqa!Uwc#32{~FxRE)`5 zY?{3jXJjv@*D*7FnefS$093P&F?W}k#b8c=A#0ca_6Pq6XWcvjf#D}r6_#m)oaxz+zfs@qr=}*L9r!8I(uBOX`?6u{JS1}LRW$CDz2}j{IQY34 z|7&RcvE`E+v2Y9RF~G8oDAGiUGAF-#o|BbL=O9B&I=3UvqO!^is!kR2wQN|wd8@UZ zGq+cF^|k=RLG`tL&Ra6?q}Wiam&F*7sPZNwQzwEpJE+Us!)R(oX+`A5sOgMrNOHfi z5bJ#iTh?tr^edto7LRR18ZAVYl~x~1q8w%F5QX48f|YG&n$aWWt zv(|&6Y}8%Lb8$A#rz$EDgp}vg38=hZ=<)T}=9^dIjpbdJkvW;t80M%;eYfjJFp5?L zdRA#oWHCcJuiDjIv21ZgXt|1#Yp6GzYVEU`6<*vb7ex2IUb>~nJZ*-Isd0*ecM0y; zqs9}roRkhgpg+>>RVmUq__AE}+{5h%mrWNwHaCTKu;2A~`En$R?rYwp%L!>TF@QDu zLH!@cJNYcf3{4YA|D*=JUO(2?Tq-{8QWWfXO|I1$m-g_C1X*0->ojW(xjAufcCfv;IFy=3v};w10{Cg1ZCm6W4xTDL zpVq1}8qYKarrA0$0=eaRbI-2(K9v>zvJ>;Uh7_FKTR0IbF;j!8%W15@BL=;ukPI|m zTKucOw{gxSV21?RilAMp42i&ocVp!=!?LGQxCI4yT>P%?mC+wCPF7DXniJyp8Jh+L z#;Y9QGwbITBQcA&{84>#OPR|R*e|q?&;(IZ203T~owzT>rqWInf?; z$G)!k%qk6z=3j;z90q?KC@XE^T&#B0SH^rIL~?9ZSS)0-31!44a6J7H{DF-%5>H0q zaQ(FX;QkLk9R+^2Bo!EoByykc4|bx-ve0{#0BQpPME^(5x!q zOJq<3#HHd9WJ)#@p^6(eYr0T^D(qOVX#%la+n8^C=hl{!Fc_?+Cckp%mHquY5Czm3 z1-JTTFr|-T5NwD*n0^XAiGeXBD0kz-;W)KVjc?hsX@{LRQm6j`g4M z-ifAvxURWgxuAYAS|e-@_L{@q4^S#Y;mDV^Qp>sYTZh|4N zcXb_D-w-{)&h=v=(KvkhxCU)hAsewSNGX&3_C44mCzdn4nD|}=SyJNtCUwdbxzh+A z@6;BY7at|2G0$Pr$BJDt{MdAiv)^32rv(u8_KVJ*1l*-fxr>*D6s~gwL<+6y?zVBq zgMW|Aaa13U{}O4fkLObS)&Cazd!pfR{+k*lm-<1X2MiZ$Fa7G}>AX+E?M-F4RjsATHo$C|hOlyIJL^kfg+I|b4u_p3b zS)hiSqtosX4+m7$Xkka6RoEg14of_Eu5i6TDhv$9$roEYl2zFuR7~<5!^tha5N=z7r2Q!gd8ZLPZNFGBF7^vr6Wpe5_K zx_O9O-xeZ}WJvU;bDY*}pw>6dkm{+s=X0ZLHDkTz_M|!nf^cs+aRY~cig_MPp~GFJ zA)%~%B%l5K%Tf~Y?mLXqmF6<;KL_^JR)an7k8^S;47utG&TJ)fy82$ZE)ZjzGk`0Ho_Hc>+JA0^7!F|2>tA{*iWpZ~y z%%|rJNGZ^@4IFs2qlNR6tGQRaByKR_tjT?zsL*h13rPppgs8ghVNjKD@s!z>lF#NY z(qU_w&1?mis?<<7{UxVq5g+LGFEV0Y?nJPGOn$D@ILYvXSEeTztR68Hv2grvoc3ws zXrwB`G}uV_*y5hMh|zy*-Q&jRx{wpm5YY##q}Gj^KZv|~M8!8-EpXl)CTJ7_SJGbI z`f)Tm{xUR+EgISxEjt}~)G3674ChwxorVR3Gj4kKlrO0x5R@Z_(XNE;rl~0R4IyFr z@^0mgY$$uWhSU*z#?3_>3wXabItpDtGw<#mN?HwSDS?t)D8r9oJ)&aI$7*s`8u;cE|mgmvC6~KRM85M z(Fdeo5-B%ZVQ#kJU>J79GmVn$|EcJgZ~Iu*s*m1FE?Ek2m}c(GVUh8=-7kk%?oFUY zM(_+5cz0AMpYL3NgtB_o#EQg`@?Gbg5mOLnI7@#|gaWT=2p_rC$bBNO#Y`JxV!KRg z&PhPV7Rq;R1mtXVSjJ`q#?AL*q`6ML&GbX{Er(gSy!g``Lm@jgHJc^6OtW=bXW*$% z`sc~JD$-^auHA`8<&+9ZLX$-m140Ia?1{f)o|Gj<^kd+u8UA{2thIV3V|E3;73RJd z5P0_ZP0%i|BuBRT<@cp58kq!mPh@)A8>^-YsALC!zuP!FmcqQzjj#EtR z*Qz1S;?CCq8Bb-nQ%Zj;oqlB2>t%5J(j!lp(`-jwI?eo}nm7DR7Y+pGqL4Yyg64$B zt#02NxG)bI<)mTDhY7PsKR>$$irXKoF!hg~rZ(9fkyq@@-!QDWPqEXuDOUHqWZFd& z?r8OtcEnw8VREj@C1{qO#d9X24L!QsSYK4MKl1l8Y-#3sRdu7yq4`5`T;i2H6uhxb zl1z3G8Cc{n{>u8cs?f?n^IA65{FeMHhkV|oSb~p8$YYO$!I)pnHyx=rCEDk87?+uy z;|!5yg!P^Y`vDre^UaE>WSO7^}oYSf!>)(<)T!<49e(45clu1-#isViCq&GtOzWk!+@IZ}4#acg{HD*yia zm0$)w0FBGdXB)A>(O}GQA}0atD{sI&Bbyo7w3<5y+}}LL+U54Tc+z_- z+CSsd6mqz+=lw4F{Bc@)UE-J776n|99oIIg}$xn$@dVhlDKswH$EOmiMb*pGHrz%yudNQD!e zz5tbhkdS?g3CU!S^9(_dk3a{i>>zY?)-y-O-bVeEN^S1;)3{sb^s_9|C39C_g{APr z6>4__X>Y^A+?450%3%8&NAHOT11ceS0mTk0tY!8j!C8Co!pb-{GwlWA$2{6=jK~sj z*;Uh5p9&<iLMp zSeh*hgj=IT&DSg_I~(38`1xT%dm!7eIW%^M|LO84UgZ_!qk+Iw#9v@Hl_*qQE$FUH z#cC3MsLaS?{|5!nTcsU&C66kW`P2^a{q)R_ls*{#PNK40wU5|4_*m9~FN5nFc<$T@cmcsCpy)H+!hPg9dnrnpE{Tx#tGXUkF zZTh4h?p4Y!cjbhS-Q9asQVE}0KV631t)H$~@y_eV5WDN7>8HjoMP~uQ|CltzMYW** zUVFntu1gw~`eiNiudK&z0O#U>eEpn#W#XWsc12IX-UuEnu#i!+(}q^^*z{Q%u#lAZ zCGVyF7%Ql`#4!NHLENYNhFXuXkk!_fkPiwyLFhSl@Nv{#@C}mnNV5ZW-a^7H9~Xvh zId?>GsWMo(LQzlKw7rX zH{MPw?AAvv&7o$z?vey>=no!DM0rX731Hlnb~n~(n5;s~mD^#WT#Fkap_3xI@u zy_fMf586AVp05gikS)Mq7=fu6d38dwHB2Ye)+=@@v=0fVl+a<0;xZO}10^cl>C6US z(cbvW{OKQk%j~^p$LHYd>|8z^L=&|AAg)b+H#ttaNPYpjQ1T%jBy)q2yMf*=(0cbZ z?H3A5bttztSj7~_Mf5BK#v$_dNY@V9JLq?_qQ423SzUtwM#CuknA_WB+Z#9?kp4Iq z-(3H~)Tr2^oozAOhEoyGaXqIg2i6=w|JeiWc@kB(Pu1UrXQz6mudYn&%XRwGEUmJK z(64A((kMkaXlZ_-4A@4)+vC0kea<%gy6046#hCC1dooG~mxb7`=~x3!_#al|&tv}B z%;V>zp8dIFY|tBdGCrf`s#r;DRXaT*DLy2_&G`Y$8Et{2dd0wt>YHEn*xt?#(;lz7 zO&(;bg}~B!t-3M1NDY4`9N!izd~^Xp)(T$~w!?m70Kay-y@dti!nOJd-r z_oNSM&Gc3F%Soj5Z3$nje))#0@M)DsrSTUE34 zd&Gy0rY^VLY-X!|iH*x?E?0uFamkHVm`ZAE$xYdL%VMywUPMlMWZBd@Igd*YBN+4J zlz>Jm*;{iFX}kY*Jx&#nd7C3K#QwdXHP#HR28BjUS3ovH zAT7hZpIb{*O2o=X5=hRW*X}b_sp@ExiU+4?@a4(Frn8v|)sIv&#y_K&BAC zT{P3}8w#UBc(4apsB1Y3kC%616jF!u%K(BXURBp`B-fqe{WhXY%whrP0O9pGUv_SFmik$iR!#=ls$FV_m7veZHYX|Imvt}@ATezTn;|zEY&DoBxhO? z;AFy!c6uwaB6(CsH;8Wmz;vZIK<&?cla*V8)O6@Yo zOXwZM#!LSIA3IgA6fwdNNUGF;74`@@zMYG5GAUgANY zd;f0cgDkjBPc4H_mZ83Ua;sjcvfD{!=-vzQRH#2xpwIKm!qwioz`6kM*J_p^Tk#k^ z*mTyici(L)+y-D;jK-%jJ(hV>!$t%=%lI<=x-2`Fz{+v#m9y-%^two4ewMd*9MAu83ZcqFq-4P&TdzWXiMKx*Mm35z*_Zi?els zK0615czz=0)nY^bJ@7SI*1Q4t)-}W!c0U+m&9x2Og&e0;VFzOQv-8 zI6P~KXPc1YYngJbhE66Frd^a>&L-Gk^6Dp_e691i+xRt~3V`Ca&^FDgCQx~&tJ__s z;V!!o-lniJ=}Iu^bXK-|0CtCG12WFLE4;Z%q*1yoYtpZ6Dk}@h5#}~Eaewr`qaN!) zu6fwIqj9OKqe&&EUf^Ni)$Ppe|I23CC)Zi-{qElQvKVk-p&lJR|KvjA!oJuv)QVqM zb=ck7H}#4`r5gn7WBX)}7h77rR14gl$C=+RtjiotKHt`to;d0AzO~;A@OcQAU@+lD z><>3Rdla`=xh}Y94ctQOqBl)IZ9(tBve@;VTc(H2YR9AmljCPMxZbi?X83%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/index.html deleted file mode 100644 index d1f7d25..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/index.html +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - -
-
- -The Picture of Dorian Gray
- - - - -
Fulltext search
- -
-
- -
-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.css b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.css deleted file mode 100644 index c1bfdb3..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.css +++ /dev/null @@ -1,154 +0,0 @@ -span.title { - font-size: 24pt; - text-align: center; -} - -img.eyeglass { - display: inline-block; - background: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCAyMjQuMDUyMjIgMjU2LjQ4MjE1IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KCTxkZWZzPgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYSIgeDE9IjkwOS4xMSIgeDI9Ijk5Ni42OSIgeTE9Ii03MS4wMzUiIHkyPSItMzEuNjEzIiBncmFkaWVudFRyYW5zZm9ybT0idHJhbnNsYXRlKC05MTYuMDYgMTA1LjU4KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjNGQ0ZDRkIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iIzgwODA4MCIgc3RvcC1vcGFjaXR5PSIuMDgyNjQ1IiBvZmZzZXQ9IjEiLz4KCQk8L2xpbmVhckdyYWRpZW50PgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjEwMjAuMyIgeDI9IjEwMTcuNiIgeTE9Ii0zNy44NjMiIHkyPSItMzUuMzgzIiBncmFkaWVudFRyYW5zZm9ybT0idHJhbnNsYXRlKC05MTYuMDYgMTA1LjU4KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjOTk5IiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iIzk5OSIgc3RvcC1vcGFjaXR5PSIwIiBvZmZzZXQ9IjEiLz4KCQk8L2xpbmVhckdyYWRpZW50PgoJCTxmaWx0ZXIgaWQ9ImMiIHg9Ii0uMDg1NTgiIHk9Ii0uMTIyNiIgd2lkdGg9IjEuMTcxMiIgaGVpZ2h0PSIxLjI0NTIiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNDc2NDQ5MzkiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJkIiB4PSItLjIxNjYxIiB5PSItLjI5NDQ1IiB3aWR0aD0iMS40MzMyIiBoZWlnaHQ9IjEuNTg4OSIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iMS40NjkwMTk0Ii8+CgkJPC9maWx0ZXI+CgkJPGZpbHRlciBpZD0iZSIgeD0iLS4wNTkyMjgiIHk9Ii0uMDc3NjUyIiB3aWR0aD0iMS4xMTg1IiBoZWlnaHQ9IjEuMTU1MyIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iMy40NzIzODc4Ii8+CgkJPC9maWx0ZXI+CgkJPGZpbHRlciBpZD0iZiIgeD0iLS4wNzUwNTMiIHk9Ii0uMDY3MDAzIiB3aWR0aD0iMS4xNTAxIiBoZWlnaHQ9IjEuMTM0IiBjb2xvci1pbnRlcnBvbGF0aW9uLWZpbHRlcnM9InNSR0IiPgoJCQk8ZmVHYXVzc2lhbkJsdXIgc3RkRGV2aWF0aW9uPSIyLjMwNjQ1MzgiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJqIiB4PSItLjcwMzc4IiB5PSItLjY5MDc0IiB3aWR0aD0iMi40MDc2IiBoZWlnaHQ9IjIuMzgxNSIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iNC4xMTIwODgiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJpIiB4PSItLjA2MSIgeT0iLS4wOTUzNDUiIHdpZHRoPSIxLjEyMiIgaGVpZ2h0PSIxLjE5MDciIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNzU4ODkwNDIiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJoIiB4PSItLjA3OTU4NyIgeT0iLS4xNjc5NyIgd2lkdGg9IjEuMTU5MiIgaGVpZ2h0PSIxLjMzNTkiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNTgwMDg2MTUiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJnIiB4PSItLjAzMjI5NSIgeT0iLS4wMjgwMDkiIHdpZHRoPSIxLjA2NDYiIGhlaWdodD0iMS4wNTYiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjEuMjM0MzQ2OCIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9ImsiIHg9Ii0uMTY2NDgiIHk9Ii0uMzQ5ODEiIHdpZHRoPSIxLjMzMyIgaGVpZ2h0PSIxLjY5OTYiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjMuODg4NzYzNiIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9Im0iIHg9Ii0uMDM1OTIyIiB5PSItLjA0NzIxMSIgd2lkdGg9IjEuMDcxOCIgaGVpZ2h0PSIxLjA5NDQiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuMDUzNDk2NiIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9ImwiIHg9Ii0uMDM1OTIyIiB5PSItLjA0NzIxMSIgd2lkdGg9IjEuMDcxOCIgaGVpZ2h0PSIxLjA5NDQiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuMTg1OTg3NSIvPgoJCTwvZmlsdGVyPgoJPC9kZWZzPgoJPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTkuMDQ0IDUzLjQ5MSkiPgoJCTxwYXRoIGQ9Im0tOC44MDY4IDI2LjA4MmMtMy4wMzI4LTM1LjM1MyAyOC43MTItNjIuMTY3IDY0LjY1My02NC4wMTcgMjIuOTg5LTIuNTkzMiA2Ni44MTkgOS4wNDY5IDgyLjk1NSA0Ni4yOTMtMS4yODAxLTIxLjkyMy0yNS45NjctNjguMjkxLTEwOC43OC00OS4yOTMtMjUuMzc2IDguMjg5Mi01MS4zMzYgMzUuMzQ3LTQxLjQxMSA2My41NTZ6IiBmaWxsPSIjOTk5Ii8+CgkJPGVsbGlwc2UgY3g9IjYzLjgzMiIgY3k9IjEzLjY5NyIgcng9Ijc1LjgwNyIgcnk9IjU3LjY3OSIgZmlsbD0iI2IzYjNiMyIgZmlsbC1vcGFjaXR5PSIuNDQyMTUiLz4KCQk8cGF0aCBkPSJtNjIuNzU1LTQ3LjQ3MmE3Ny43ODQgNTkuMTgzIDAgMCAwIC03Ny43ODMgNTkuMTgzIDc3Ljc4NCA1OS4xODMgMCAwIDAgNzcuNzgzIDU5LjE4MyA3Ny43ODQgNTkuMTgzIDAgMCAwIDc3Ljc4NCAtNTkuMTgzIDc3Ljc4NCA1OS4xODMgMCAwIDAgLTc3Ljc4NCAtNTkuMTgzem0wLjEyNjEgMi4xMDI3YTc1LjgxNyA1Ny42ODcgMCAwIDEgNzUuODE3IDU3LjY4NiA3NS44MTcgNTcuNjg3IDAgMCAxIC03NS44MTcgNTcuNjg3IDc1LjgxNyA1Ny42ODcgMCAwIDEgLTc1LjgxNyAtNTcuNjg3IDc1LjgxNyA1Ny42ODcgMCAwIDEgNzUuODE3IC01Ny42ODZ6IiBmaWxsPSIjODA4MDgwIi8+CgkJPGVsbGlwc2UgY3g9IjYzLjYxMSIgY3k9IjE3LjE4OCIgcng9IjczLjAyNSIgcnk9IjU1LjU2MiIgZmlsbD0iI2IzYjNiMyIgZmlsbC1vcGFjaXR5PSIuNTUzNzIiIGZpbHRlcj0idXJsKCNsKSIvPgoJCTxwYXRoIGQ9Im0xMzkuNDMgMTguMjI0Yy0xLjEyMjUgMzYuMDg2LTMzLjMxMyA2My4xMjUtNzUuMzMxIDYzLjEyNS00Mi4wMTcgMC03Ny45NS0zNC43MS03Ny45NS02Ni42NzkgNy4yOTY1IDIxLjUzOCAyNS4xMTEgNTIuMTA4IDc4LjY5OCA1Mi4zMDkgNTMuOTYyLTIuNjA1NCA2OS45MDUtMzQuODg3IDc0LjU4Mi00OC43NTR6IiBmaWxsPSIjODA4MDgwIi8+CgkJPGVsbGlwc2UgY3g9IjYwLjQ5NiIgY3k9IjEyLjEyOSIgcng9IjY4LjU5OSIgcnk9IjUyLjE5NSIgZmlsbD0iI2VjZWNlYyIgZmlsbC1vcGFjaXR5PSIuNTQ1NDUiIGZpbHRlcj0idXJsKCNtKSIvPgoJCTxlbGxpcHNlIHRyYW5zZm9ybT0ibWF0cml4KC45MTQ2MSAtLjUzNjUyIC41MzY1MiAuOTE0NjEgLTg5NC4zNCA0NDguMjkpIiBjeD0iOTY5Ljk1IiBjeT0iNjMuNzI0IiByeD0iMjguNDQzIiByeT0iMTIuNDM1IiBmaWxsPSIjZmZmIiBmaWxsLW9wYWNpdHk9Ii44MDE2NSIgZmlsdGVyPSJ1cmwoI2spIi8+CgkJPHBhdGggZD0ibTg2LjU0NSA3NS4wODYgMy42NjU0IDUuMjU0OCAyLjAwNDggMS42ODM3IDIuMDkxMSAwLjc2Mzg1IDAuOTQ2NiAwLjQ0MTc0IDkuMjMyMyAxMy43MzQgMS4xMDUyIDUuNDI2NSA2Mi43MTIgODkuOTA3YzguMTA1IDkuNjI1MiAyOC45OTUgMTIuMDIgMzIuMzM3LTMuMDkwNiAzLjE1MzItMTMuMTg1LTkuNDY5Mi0yMS42NTItMTYuNDY3LTMwLjc0OC0xOS41NDgtMjIuMzU4LTQ3LjU3LTU1LjE3OS01OC4yODgtNjcuNDQ1LTMuNTc0My0yLjIxMjQtMy4wOTY5LTAuOTY3NTUtNS45NDg3LTMuMjQ2Ni0yLjg1MTktMi4yNzkxLTcuNDI5Mi04LjAxODgtMTAuMjAyLTExLjEyOC0wLjgzNjMtMC45Mzc4Ny0wLjE5ODQtNC4xMDIyLTAuOTg4NS00Ljk4NTktMi41OTg4LTIuOTA2Ny00LjkwMy01LjQ3MTEtNi42MTkzLTcuMzY4NS02Ljc2NjctNC4xOTItMTguMTk3IDIuNDc2MS0xNS41ODIgMTAuODAyeiIgZmlsbD0iIzY2NiIvPgoJCTxnIGZpbGw9IiM0ZDRkNGQiPgoJCQk8cGF0aCBkPSJtMTEzLjQ5IDk0LjI2MmMzLjUwNzEgOS4xNTc4IDYuMDYwNiAxOC44NjUgMTAuODM0IDI3LjQzMiA2Ljg4NTggMTAuMTY2IDEyLjYyNCAyMS4yMzMgMjEuNDE2IDI5Ljk0NyA1LjUyNDggNS44Mzk1IDEwLjIwOSAxMi42NjggMTcuMzU4IDE2LjY2NCA1Ljk5MyA2LjI1NCAxNC45MjUgNS41MDU2IDIxLjk5MSA5LjQ3MTIgNy4xMjEzIDIuNDAzOCAxNi4yMTUgMTIuMjIgMTAuNDQgMTkuMTk3LTguMjk5MiA1Ljk1NjItMTkuOTU3IDIuNDY3Mi0yNi44NDMtNC4xNDItNi41OTU5LTguMjQ1Mi0xMi4xODUtMTcuNDA5LTE4LjM5LTI2LjAxLTE0Ljg4OC0yMS41MDUtMjkuNzEtNDMuMDc2LTQ0LjU5OC02NC41OCAxLjMyMjQtMy44ODcgMy40MjM2LTYuNjg0NiA3Ljc5MTYtNy45Nzg3eiIgZmlsdGVyPSJ1cmwoI2cpIi8+CgkJCTxwYXRoIGQ9Im0xMDguNDMgNzIuMTg2Yy0yLjA0NzctMC40OTI2NS00LjEyNDItMS4yMTE1LTYuMjQyNS0wLjY0OTA3LTIuODIxNiAwLjI1ODIzLTUuMjYxOSAxLjkyMjMtNy4xMjgyIDMuOTY2Ni0xLjA5NDggMC45MjI5MyAxLjU3NS0wLjM3OTc2IDIuMTg4NC0wLjQxOCAyLjA4ODItMC41MTk4NSA0LjI5MDItMC40OTI3MiA2LjQyNDctMC4zMTQ5MyAzLjAyNTUgMC4yMTIyMSA1LjMzMDUgMi4zMTc3IDcuNTYzNiA0LjEzNTIgMC42MTI0IDAuNDkyMzYgMS42OTg4IDEuMjIzMiAwLjU1MiAwLjE5MjkyLTAuODQ4NS0xLjE4MjYtMi41OTM1LTEuOTIwNC0yLjg3NjctMy4zODM0LTAuMTYwNC0xLjE3NjQtMC4zMjA5LTIuMzUyOC0wLjQ4MTMtMy41MjkyeiIgZmlsdGVyPSJ1cmwoI2gpIi8+CgkJCTxwYXRoIGQ9Im0xMTguMzUgODYuMjE3Yy0yLjQzODggMC4wMjQtNC45NzU3LTAuMjc1MjYtNy4yNTQ3IDAuODEzNzYtMi43MDYzIDAuODYzNzEtNC44OTc1IDIuMDc2MS04LjI3MzYgMS45OTI2LTEuMDk4NS0wLjE4MjktMi4zNTk0LTEuMTY2Mi0zLjgzMjUtMi4zNTM0LTEuNTU4My0xLjI1NTgtMy4yMjE1LTMuMjE1My0zLjY5NS0zLjMyMjIgMi45MTQ1IDQuNDE3NSA2LjEwOTYgOS4wMjIyIDkuMDI0MiAxMy40NCAwLjM1NSAxLjU2MTUgMC43MTQ4IDQuOTY2OCAxLjMwMjEgNS42NjI4IDIuNTQzOS0zLjI1NDcgNS4wMTgzLTYuNzQ4IDguNzIzMy04Ljc3OTggMi42ODQ4LTEuNDkyNiA1LjUwOTgtMy40MDAyIDguNzQ1MS0yLjk1NDQgMC45MDg5IDAuMTMyOTUgMy4zOTA3IDAuMjE4NDEgMS4xNTQ5LTAuNTU4MS0yLjEwODctMS4wNjU2LTQuMzA2NS0yLjEzNTUtNS44OTM4LTMuOTQxeiIgZmlsdGVyPSJ1cmwoI2kpIi8+CgkJPC9nPgoJCTxlbGxpcHNlIGN4PSIxODguMTMiIGN5PSIxODUuMTciIHJ4PSI3LjAxMTUiIHJ5PSI3LjE0MzciIGZpbGw9IiM5OTkiIGZpbHRlcj0idXJsKCNqKSIvPgoJCTxnIGZpbGw9IiNiM2IzYjMiPgoJCQk8cGF0aCBkPSJtMTI1LjIgOTMuNTUxYy0xLjkxLTAuMjc5MjItMy43NTc3LTAuMDIwNi01LjU1NjMgMC42NjE0Ni0wLjg2MTcgMS4zMzE2LTAuODQ5MyAyLjUzNzkgMC40NDI5IDMuNTYwOSAxOS45NjEgMjUuNDQ4IDM5LjkyMSA1MC44OTYgNTkuODgyIDc2LjM0MyAyLjgwNzIgMC42MTM3IDUuNjEwMiAxLjQ4ODIgOC40MiAxLjkzOSAxLjU3MDQtMC4zNDM4MyAzLjQwMi0wLjQ4OTAzIDQuMzg1MS0xLjY3NzkgMC4zMDg3LTIuMTczOS0xLjkzMzctMy4zNDY5LTIuOTkxNS00Ljk3NDEtMjEuNTI4LTI1LjI4NC00My4wNTUtNTAuNTY4LTY0LjU4Mi03NS44NTN6IiBmaWx0ZXI9InVybCgjZikiLz4KCQkJPHBhdGggZD0ibTEwMy45MS0zMi4zOTFjNy4yMzI3IDEzLjM0OCAxMS44MiAzMC4wNjkgNi4wMTA0IDQ0LjY1LTguMjg4MiAxNi4yNTktMjQuNDQ0IDI3LjQ4NC00Mi42MjEgMjkuNTc1LTIwLjU0MSA1LjMzMTktNDMuNjc4IDUuNjI3OS02Mi4zMzUtNS41NDYzLTE3LjgyOC01LjEyNTQgNC40MzQ4IDE0LjgzNiAxMC4xNTkgMTcuNjQ0IDMxLjMyOSAxOS4yMjUgNzUuMDUyIDE2LjY0NyAxMDQuMDUtNS45NDA5IDEyLjE3Ni0xMC44MjggMjIuOTY0LTI2LjMyNSAxOC43OTQtNDMuNDQ4LTMuOTA5NS0yMi4yNTYtMjMuNzAzLTM4LjEwNC00NC4xMzQtNDUuMDYgMy4xMTc0IDMuMDA1NCA2Ljg3NzEgNS4yMTggMTAuMDc2IDguMTI3MXoiIGZpbGwtb3BhY2l0eT0iLjQwOTA5IiBmaWx0ZXI9InVybCgjZSkiLz4KCQkJPHBhdGggZD0ibTEwMi4wNyA3NC45OTJoNC40OTAybDIuOTkzNCAxLjY4MzggOC43OTMxIDkuOTE1Ny00LjExNTktMC45MzU0NC0yLjYxOTIgMS4zMDk2eiIgZmlsbC1vcGFjaXR5PSIuNDA5MDkiIGZpbHRlcj0idXJsKCNkKSIvPgoJCTwvZz4KCQk8Zz4KCQkJPHBhdGggZD0ibTk1Ljc3IDYyLjk5MiA2LjQxNjEgOC40MDA1IDIuOTEwNS0wLjA2NjEgMi4wNTA1IDAuMzMwNzMgMS45ODQ0IDAuNjYxNDYtMC4zOTY5LTAuNzkzNzUtNi40MTYyLTcuMjA5OS0xLjM4OS0wLjcyNzYxLTIuMjQ5LTAuNTI5MTYtMS4wNTgzLTAuMDY2MnoiIGZpbGw9InVybCgjYikiIGZpbHRlcj0idXJsKCNjKSIvPgoJCQk8cGF0aCBkPSJtLTE0LjM2MyAxNC4xNzYgMC43OTM3NSAxMC4wNTQgNS4wMjcxIDExLjY0MiA1LjAyNzEgMTAuMDU0IDkuNzg5NiAxMC44NDggMTIuNDM1IDEwLjg0OCAxNC44MTcgNy42NzI5IDEyLjk2NSAzLjcwNDIgMTEuOTA2IDIuMTE2N2g4LjczMTJsMjAuNjM4LTIuNjQ1OCAxLjA1ODMtMS4wNTgzLTIuMzgxMy0zLjQzOTYgMC41MjkyLTUuODIwOCAzLjQzOTYtMi4zODEyIDMuNzA0Mi0yLjExNjcgNy45Mzc1LTQuNDk3OS0xNS4wODEgNC43NjI1LTE3LjcyNyAzLjE3NS0yMC42MzgtMS4wNTgzLTE2LjY2OS0zLjcwNDItMTYuOTMzLTguMjAyMS0xMS4xMTItOC40NjY3LTExLjkwNi0xNi40MDR6IiBmaWxsPSJ1cmwoI2EpIi8+CgkJCTx0ZXh0IHRyYW5zZm9ybT0icm90YXRlKDUyLjY0MikiIHg9IjIyMS4yMzgzNCIgeT0iLTM0LjUzODExMyIgZG9taW5hbnQtYmFzZWxpbmU9ImF1dG8iIGZpbGw9IiM2NjY2NjYiIGZvbnQtZmFtaWx5PSInT3BlbiBTYW5zJyIgZm9udC1zaXplPSI4LjkxMDNweCIgbGV0dGVyLXNwYWNpbmc9IjBweCIgc3Ryb2tlLXdpZHRoPSIuMDQ2NDA4IiB0ZXh0LWFsaWduPSJjZW50ZXIiIHRleHQtYW5jaG9yPSJtaWRkbGUiIHdvcmQtc3BhY2luZz0iMHB4IiBzdHlsZT0iZm9udC1mZWF0dXJlLXNldHRpbmdzOm5vcm1hbDtmb250LXZhcmlhbnQtYWx0ZXJuYXRlczpub3JtYWw7Zm9udC12YXJpYW50LWNhcHM6bm9ybWFsO2ZvbnQtdmFyaWFudC1saWdhdHVyZXM6bm9ybWFsO2ZvbnQtdmFyaWFudC1udW1lcmljOm5vcm1hbDtmb250LXZhcmlhbnQtcG9zaXRpb246bm9ybWFsO2xpbmUtaGVpZ2h0OjEuMjU7c2hhcGUtcGFkZGluZzowO3RleHQtZGVjb3JhdGlvbi1jb2xvcjojMDAwMDAwO3RleHQtZGVjb3JhdGlvbi1saW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uLXN0eWxlOnNvbGlkO3RleHQtaW5kZW50OjA7dGV4dC1vcmllbnRhdGlvbjptaXhlZDt0ZXh0LXRyYW5zZm9ybTpub25lO3doaXRlLXNwYWNlOm5vcm1hbCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHRzcGFuIHg9IjIyMS4yMzgzNCIgeT0iLTM0LjUzODExMyIgZmlsbD0iIzY2NjY2NiIgc3Ryb2tlLXdpZHRoPSIuMDQ2NDA4Ij5naW90b2hhc2hpPC90c3Bhbj48L3RleHQ+CgkJPC9nPgoJPC9nPgo8L3N2Zz4="); - width:0px; - height:0px; - padding:2em 1.6em; - vertical-align:middle; - margin-right: 0.1em; - background-repeat: no-repeat; - color: rgba(0, 0, 0, 0); -} - -img.spinner { - display: inline-block; - background: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiCiAgaWQ9InN2Zy1zcGlubmVyIiAKICB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciCiAgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiCiAgeD0iMHB4IiAKICB5PSIwcHgiIAogIHZpZXdCb3g9Ii0xMTIgLTEyOCA0NDggNTEyIgogIHhtbDpzcGFjZT0icHJlc2VydmUiPgoKCTxkZWZzPgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYSIgeDE9IjkwOS4xMSIgeDI9Ijk5Ni42OSIgeTE9Ii03MS4wMzUiIHkyPSItMzEuNjEzIiBncmFkaWVudFRyYW5zZm9ybT0idHJhbnNsYXRlKC05MTYuMDYgMTA1LjU4KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjNGQ0ZDRkIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iIzgwODA4MCIgc3RvcC1vcGFjaXR5PSIuMDgyNjQ1IiBvZmZzZXQ9IjEiLz4KCQk8L2xpbmVhckdyYWRpZW50PgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjEwMjAuMyIgeDI9IjEwMTcuNiIgeTE9Ii0zNy44NjMiIHkyPSItMzUuMzgzIiBncmFkaWVudFRyYW5zZm9ybT0idHJhbnNsYXRlKC05MTYuMDYgMTA1LjU4KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjOTk5IiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iIzk5OSIgc3RvcC1vcGFjaXR5PSIwIiBvZmZzZXQ9IjEiLz4KCQk8L2xpbmVhckdyYWRpZW50PgoJCTxmaWx0ZXIgaWQ9ImMiIHg9Ii0uMDg1NTgiIHk9Ii0uMTIyNiIgd2lkdGg9IjEuMTcxMiIgaGVpZ2h0PSIxLjI0NTIiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNDc2NDQ5MzkiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJkIiB4PSItLjIxNjYxIiB5PSItLjI5NDQ1IiB3aWR0aD0iMS40MzMyIiBoZWlnaHQ9IjEuNTg4OSIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iMS40NjkwMTk0Ii8+CgkJPC9maWx0ZXI+CgkJPGZpbHRlciBpZD0iZSIgeD0iLS4wNTkyMjgiIHk9Ii0uMDc3NjUyIiB3aWR0aD0iMS4xMTg1IiBoZWlnaHQ9IjEuMTU1MyIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iMy40NzIzODc4Ii8+CgkJPC9maWx0ZXI+CgkJPGZpbHRlciBpZD0iZiIgeD0iLS4wNzUwNTMiIHk9Ii0uMDY3MDAzIiB3aWR0aD0iMS4xNTAxIiBoZWlnaHQ9IjEuMTM0IiBjb2xvci1pbnRlcnBvbGF0aW9uLWZpbHRlcnM9InNSR0IiPgoJCQk8ZmVHYXVzc2lhbkJsdXIgc3RkRGV2aWF0aW9uPSIyLjMwNjQ1MzgiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJqIiB4PSItLjcwMzc4IiB5PSItLjY5MDc0IiB3aWR0aD0iMi40MDc2IiBoZWlnaHQ9IjIuMzgxNSIgY29sb3ItaW50ZXJwb2xhdGlvbi1maWx0ZXJzPSJzUkdCIj4KCQkJPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iNC4xMTIwODgiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJpIiB4PSItLjA2MSIgeT0iLS4wOTUzNDUiIHdpZHRoPSIxLjEyMiIgaGVpZ2h0PSIxLjE5MDciIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNzU4ODkwNDIiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJoIiB4PSItLjA3OTU4NyIgeT0iLS4xNjc5NyIgd2lkdGg9IjEuMTU5MiIgaGVpZ2h0PSIxLjMzNTkiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjAuNTgwMDg2MTUiLz4KCQk8L2ZpbHRlcj4KCQk8ZmlsdGVyIGlkPSJnIiB4PSItLjAzMjI5NSIgeT0iLS4wMjgwMDkiIHdpZHRoPSIxLjA2NDYiIGhlaWdodD0iMS4wNTYiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjEuMjM0MzQ2OCIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9ImsiIHg9Ii0uMTY2NDgiIHk9Ii0uMzQ5ODEiIHdpZHRoPSIxLjMzMyIgaGVpZ2h0PSIxLjY5OTYiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjMuODg4NzYzNiIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9Im0iIHg9Ii0uMDM1OTIyIiB5PSItLjA0NzIxMSIgd2lkdGg9IjEuMDcxOCIgaGVpZ2h0PSIxLjA5NDQiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuMDUzNDk2NiIvPgoJCTwvZmlsdGVyPgoJCTxmaWx0ZXIgaWQ9ImwiIHg9Ii0uMDM1OTIyIiB5PSItLjA0NzIxMSIgd2lkdGg9IjEuMDcxOCIgaGVpZ2h0PSIxLjA5NDQiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CgkJCTxmZUdhdXNzaWFuQmx1ciBzdGREZXZpYXRpb249IjIuMTg1OTg3NSIvPgoJCTwvZmlsdGVyPgoJPC9kZWZzPgoJPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMTkuMDQ0IDUzLjQ5MSkiPgoJCTxwYXRoIGQ9Im0tOC44MDY4IDI2LjA4MmMtMy4wMzI4LTM1LjM1MyAyOC43MTItNjIuMTY3IDY0LjY1My02NC4wMTcgMjIuOTg5LTIuNTkzMiA2Ni44MTkgOS4wNDY5IDgyLjk1NSA0Ni4yOTMtMS4yODAxLTIxLjkyMy0yNS45NjctNjguMjkxLTEwOC43OC00OS4yOTMtMjUuMzc2IDguMjg5Mi01MS4zMzYgMzUuMzQ3LTQxLjQxMSA2My41NTZ6IiBmaWxsPSIjOTk5Ii8+CgkJPGVsbGlwc2UgY3g9IjYzLjgzMiIgY3k9IjEzLjY5NyIgcng9Ijc1LjgwNyIgcnk9IjU3LjY3OSIgZmlsbD0iI2IzYjNiMyIgZmlsbC1vcGFjaXR5PSIuNDQyMTUiLz4KCQk8cGF0aCBkPSJtNjIuNzU1LTQ3LjQ3MmE3Ny43ODQgNTkuMTgzIDAgMCAwIC03Ny43ODMgNTkuMTgzIDc3Ljc4NCA1OS4xODMgMCAwIDAgNzcuNzgzIDU5LjE4MyA3Ny43ODQgNTkuMTgzIDAgMCAwIDc3Ljc4NCAtNTkuMTgzIDc3Ljc4NCA1OS4xODMgMCAwIDAgLTc3Ljc4NCAtNTkuMTgzem0wLjEyNjEgMi4xMDI3YTc1LjgxNyA1Ny42ODcgMCAwIDEgNzUuODE3IDU3LjY4NiA3NS44MTcgNTcuNjg3IDAgMCAxIC03NS44MTcgNTcuNjg3IDc1LjgxNyA1Ny42ODcgMCAwIDEgLTc1LjgxNyAtNTcuNjg3IDc1LjgxNyA1Ny42ODcgMCAwIDEgNzUuODE3IC01Ny42ODZ6IiBmaWxsPSIjODA4MDgwIi8+CgkJPGVsbGlwc2UgY3g9IjYzLjYxMSIgY3k9IjE3LjE4OCIgcng9IjczLjAyNSIgcnk9IjU1LjU2MiIgZmlsbD0iI2IzYjNiMyIgZmlsbC1vcGFjaXR5PSIuNTUzNzIiIGZpbHRlcj0idXJsKCNsKSIvPgoJCTxwYXRoIGQ9Im0xMzkuNDMgMTguMjI0Yy0xLjEyMjUgMzYuMDg2LTMzLjMxMyA2My4xMjUtNzUuMzMxIDYzLjEyNS00Mi4wMTcgMC03Ny45NS0zNC43MS03Ny45NS02Ni42NzkgNy4yOTY1IDIxLjUzOCAyNS4xMTEgNTIuMTA4IDc4LjY5OCA1Mi4zMDkgNTMuOTYyLTIuNjA1NCA2OS45MDUtMzQuODg3IDc0LjU4Mi00OC43NTR6IiBmaWxsPSIjODA4MDgwIi8+CgkJPGVsbGlwc2UgY3g9IjYwLjQ5NiIgY3k9IjEyLjEyOSIgcng9IjY4LjU5OSIgcnk9IjUyLjE5NSIgZmlsbD0iI2VjZWNlYyIgZmlsbC1vcGFjaXR5PSIuNTQ1NDUiIGZpbHRlcj0idXJsKCNtKSIvPgoJCTxlbGxpcHNlIHRyYW5zZm9ybT0ibWF0cml4KC45MTQ2MSAtLjUzNjUyIC41MzY1MiAuOTE0NjEgLTg5NC4zNCA0NDguMjkpIiBjeD0iOTY5Ljk1IiBjeT0iNjMuNzI0IiByeD0iMjguNDQzIiByeT0iMTIuNDM1IiBmaWxsPSIjZmZmIiBmaWxsLW9wYWNpdHk9Ii44MDE2NSIgZmlsdGVyPSJ1cmwoI2spIi8+CgkJPHBhdGggZD0ibTg2LjU0NSA3NS4wODYgMy42NjU0IDUuMjU0OCAyLjAwNDggMS42ODM3IDIuMDkxMSAwLjc2Mzg1IDAuOTQ2NiAwLjQ0MTc0IDkuMjMyMyAxMy43MzQgMS4xMDUyIDUuNDI2NSA2Mi43MTIgODkuOTA3YzguMTA1IDkuNjI1MiAyOC45OTUgMTIuMDIgMzIuMzM3LTMuMDkwNiAzLjE1MzItMTMuMTg1LTkuNDY5Mi0yMS42NTItMTYuNDY3LTMwLjc0OC0xOS41NDgtMjIuMzU4LTQ3LjU3LTU1LjE3OS01OC4yODgtNjcuNDQ1LTMuNTc0My0yLjIxMjQtMy4wOTY5LTAuOTY3NTUtNS45NDg3LTMuMjQ2Ni0yLjg1MTktMi4yNzkxLTcuNDI5Mi04LjAxODgtMTAuMjAyLTExLjEyOC0wLjgzNjMtMC45Mzc4Ny0wLjE5ODQtNC4xMDIyLTAuOTg4NS00Ljk4NTktMi41OTg4LTIuOTA2Ny00LjkwMy01LjQ3MTEtNi42MTkzLTcuMzY4NS02Ljc2NjctNC4xOTItMTguMTk3IDIuNDc2MS0xNS41ODIgMTAuODAyeiIgZmlsbD0iIzY2NiIvPgoJCTxnIGZpbGw9IiM0ZDRkNGQiPgoJCQk8cGF0aCBkPSJtMTEzLjQ5IDk0LjI2MmMzLjUwNzEgOS4xNTc4IDYuMDYwNiAxOC44NjUgMTAuODM0IDI3LjQzMiA2Ljg4NTggMTAuMTY2IDEyLjYyNCAyMS4yMzMgMjEuNDE2IDI5Ljk0NyA1LjUyNDggNS44Mzk1IDEwLjIwOSAxMi42NjggMTcuMzU4IDE2LjY2NCA1Ljk5MyA2LjI1NCAxNC45MjUgNS41MDU2IDIxLjk5MSA5LjQ3MTIgNy4xMjEzIDIuNDAzOCAxNi4yMTUgMTIuMjIgMTAuNDQgMTkuMTk3LTguMjk5MiA1Ljk1NjItMTkuOTU3IDIuNDY3Mi0yNi44NDMtNC4xNDItNi41OTU5LTguMjQ1Mi0xMi4xODUtMTcuNDA5LTE4LjM5LTI2LjAxLTE0Ljg4OC0yMS41MDUtMjkuNzEtNDMuMDc2LTQ0LjU5OC02NC41OCAxLjMyMjQtMy44ODcgMy40MjM2LTYuNjg0NiA3Ljc5MTYtNy45Nzg3eiIgZmlsdGVyPSJ1cmwoI2cpIi8+CgkJCTxwYXRoIGQ9Im0xMDguNDMgNzIuMTg2Yy0yLjA0NzctMC40OTI2NS00LjEyNDItMS4yMTE1LTYuMjQyNS0wLjY0OTA3LTIuODIxNiAwLjI1ODIzLTUuMjYxOSAxLjkyMjMtNy4xMjgyIDMuOTY2Ni0xLjA5NDggMC45MjI5MyAxLjU3NS0wLjM3OTc2IDIuMTg4NC0wLjQxOCAyLjA4ODItMC41MTk4NSA0LjI5MDItMC40OTI3MiA2LjQyNDctMC4zMTQ5MyAzLjAyNTUgMC4yMTIyMSA1LjMzMDUgMi4zMTc3IDcuNTYzNiA0LjEzNTIgMC42MTI0IDAuNDkyMzYgMS42OTg4IDEuMjIzMiAwLjU1MiAwLjE5MjkyLTAuODQ4NS0xLjE4MjYtMi41OTM1LTEuOTIwNC0yLjg3NjctMy4zODM0LTAuMTYwNC0xLjE3NjQtMC4zMjA5LTIuMzUyOC0wLjQ4MTMtMy41MjkyeiIgZmlsdGVyPSJ1cmwoI2gpIi8+CgkJCTxwYXRoIGQ9Im0xMTguMzUgODYuMjE3Yy0yLjQzODggMC4wMjQtNC45NzU3LTAuMjc1MjYtNy4yNTQ3IDAuODEzNzYtMi43MDYzIDAuODYzNzEtNC44OTc1IDIuMDc2MS04LjI3MzYgMS45OTI2LTEuMDk4NS0wLjE4MjktMi4zNTk0LTEuMTY2Mi0zLjgzMjUtMi4zNTM0LTEuNTU4My0xLjI1NTgtMy4yMjE1LTMuMjE1My0zLjY5NS0zLjMyMjIgMi45MTQ1IDQuNDE3NSA2LjEwOTYgOS4wMjIyIDkuMDI0MiAxMy40NCAwLjM1NSAxLjU2MTUgMC43MTQ4IDQuOTY2OCAxLjMwMjEgNS42NjI4IDIuNTQzOS0zLjI1NDcgNS4wMTgzLTYuNzQ4IDguNzIzMy04Ljc3OTggMi42ODQ4LTEuNDkyNiA1LjUwOTgtMy40MDAyIDguNzQ1MS0yLjk1NDQgMC45MDg5IDAuMTMyOTUgMy4zOTA3IDAuMjE4NDEgMS4xNTQ5LTAuNTU4MS0yLjEwODctMS4wNjU2LTQuMzA2NS0yLjEzNTUtNS44OTM4LTMuOTQxeiIgZmlsdGVyPSJ1cmwoI2kpIi8+CgkJPC9nPgoJCTxlbGxpcHNlIGN4PSIxODguMTMiIGN5PSIxODUuMTciIHJ4PSI3LjAxMTUiIHJ5PSI3LjE0MzciIGZpbGw9IiM5OTkiIGZpbHRlcj0idXJsKCNqKSIvPgoJCTxnIGZpbGw9IiNiM2IzYjMiPgoJCQk8cGF0aCBkPSJtMTI1LjIgOTMuNTUxYy0xLjkxLTAuMjc5MjItMy43NTc3LTAuMDIwNi01LjU1NjMgMC42NjE0Ni0wLjg2MTcgMS4zMzE2LTAuODQ5MyAyLjUzNzkgMC40NDI5IDMuNTYwOSAxOS45NjEgMjUuNDQ4IDM5LjkyMSA1MC44OTYgNTkuODgyIDc2LjM0MyAyLjgwNzIgMC42MTM3IDUuNjEwMiAxLjQ4ODIgOC40MiAxLjkzOSAxLjU3MDQtMC4zNDM4MyAzLjQwMi0wLjQ4OTAzIDQuMzg1MS0xLjY3NzkgMC4zMDg3LTIuMTczOS0xLjkzMzctMy4zNDY5LTIuOTkxNS00Ljk3NDEtMjEuNTI4LTI1LjI4NC00My4wNTUtNTAuNTY4LTY0LjU4Mi03NS44NTN6IiBmaWx0ZXI9InVybCgjZikiLz4KCQkJPHBhdGggZD0ibTEwMy45MS0zMi4zOTFjNy4yMzI3IDEzLjM0OCAxMS44MiAzMC4wNjkgNi4wMTA0IDQ0LjY1LTguMjg4MiAxNi4yNTktMjQuNDQ0IDI3LjQ4NC00Mi42MjEgMjkuNTc1LTIwLjU0MSA1LjMzMTktNDMuNjc4IDUuNjI3OS02Mi4zMzUtNS41NDYzLTE3LjgyOC01LjEyNTQgNC40MzQ4IDE0LjgzNiAxMC4xNTkgMTcuNjQ0IDMxLjMyOSAxOS4yMjUgNzUuMDUyIDE2LjY0NyAxMDQuMDUtNS45NDA5IDEyLjE3Ni0xMC44MjggMjIuOTY0LTI2LjMyNSAxOC43OTQtNDMuNDQ4LTMuOTA5NS0yMi4yNTYtMjMuNzAzLTM4LjEwNC00NC4xMzQtNDUuMDYgMy4xMTc0IDMuMDA1NCA2Ljg3NzEgNS4yMTggMTAuMDc2IDguMTI3MXoiIGZpbGwtb3BhY2l0eT0iLjQwOTA5IiBmaWx0ZXI9InVybCgjZSkiLz4KCQkJPHBhdGggZD0ibTEwMi4wNyA3NC45OTJoNC40OTAybDIuOTkzNCAxLjY4MzggOC43OTMxIDkuOTE1Ny00LjExNTktMC45MzU0NC0yLjYxOTIgMS4zMDk2eiIgZmlsbC1vcGFjaXR5PSIuNDA5MDkiIGZpbHRlcj0idXJsKCNkKSIvPgoJCTwvZz4KCQk8Zz4KCQkJPHBhdGggZD0ibTk1Ljc3IDYyLjk5MiA2LjQxNjEgOC40MDA1IDIuOTEwNS0wLjA2NjEgMi4wNTA1IDAuMzMwNzMgMS45ODQ0IDAuNjYxNDYtMC4zOTY5LTAuNzkzNzUtNi40MTYyLTcuMjA5OS0xLjM4OS0wLjcyNzYxLTIuMjQ5LTAuNTI5MTYtMS4wNTgzLTAuMDY2MnoiIGZpbGw9InVybCgjYikiIGZpbHRlcj0idXJsKCNjKSIvPgoJCQk8cGF0aCBkPSJtLTE0LjM2MyAxNC4xNzYgMC43OTM3NSAxMC4wNTQgNS4wMjcxIDExLjY0MiA1LjAyNzEgMTAuMDU0IDkuNzg5NiAxMC44NDggMTIuNDM1IDEwLjg0OCAxNC44MTcgNy42NzI5IDEyLjk2NSAzLjcwNDIgMTEuOTA2IDIuMTE2N2g4LjczMTJsMjAuNjM4LTIuNjQ1OCAxLjA1ODMtMS4wNTgzLTIuMzgxMy0zLjQzOTYgMC41MjkyLTUuODIwOCAzLjQzOTYtMi4zODEyIDMuNzA0Mi0yLjExNjcgNy45Mzc1LTQuNDk3OS0xNS4wODEgNC43NjI1LTE3LjcyNyAzLjE3NS0yMC42MzgtMS4wNTgzLTE2LjY2OS0zLjcwNDItMTYuOTMzLTguMjAyMS0xMS4xMTItOC40NjY3LTExLjkwNi0xNi40MDR6IiBmaWxsPSJ1cmwoI2EpIi8+CgkJCTx0ZXh0IHRyYW5zZm9ybT0icm90YXRlKDUyLjY0MikiIHg9IjIyMS4yMzgzNCIgeT0iLTM0LjUzODExMyIgZG9taW5hbnQtYmFzZWxpbmU9ImF1dG8iIGZpbGw9IiM2NjY2NjYiIGZvbnQtZmFtaWx5PSInT3BlbiBTYW5zJyIgZm9udC1zaXplPSI4LjkxMDNweCIgbGV0dGVyLXNwYWNpbmc9IjBweCIgc3Ryb2tlLXdpZHRoPSIuMDQ2NDA4IiB0ZXh0LWFsaWduPSJjZW50ZXIiIHRleHQtYW5jaG9yPSJtaWRkbGUiIHdvcmQtc3BhY2luZz0iMHB4IiBzdHlsZT0iZm9udC1mZWF0dXJlLXNldHRpbmdzOm5vcm1hbDtmb250LXZhcmlhbnQtYWx0ZXJuYXRlczpub3JtYWw7Zm9udC12YXJpYW50LWNhcHM6bm9ybWFsO2ZvbnQtdmFyaWFudC1saWdhdHVyZXM6bm9ybWFsO2ZvbnQtdmFyaWFudC1udW1lcmljOm5vcm1hbDtmb250LXZhcmlhbnQtcG9zaXRpb246bm9ybWFsO2xpbmUtaGVpZ2h0OjEuMjU7c2hhcGUtcGFkZGluZzowO3RleHQtZGVjb3JhdGlvbi1jb2xvcjojMDAwMDAwO3RleHQtZGVjb3JhdGlvbi1saW5lOm5vbmU7dGV4dC1kZWNvcmF0aW9uLXN0eWxlOnNvbGlkO3RleHQtaW5kZW50OjA7dGV4dC1vcmllbnRhdGlvbjptaXhlZDt0ZXh0LXRyYW5zZm9ybTpub25lO3doaXRlLXNwYWNlOm5vcm1hbCIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHRzcGFuIHg9IjIyMS4yMzgzNCIgeT0iLTM0LjUzODExMyIgZmlsbD0iIzY2NjY2NiIgc3Ryb2tlLXdpZHRoPSIuMDQ2NDA4Ij5naW90b2hhc2hpPC90c3Bhbj48L3RleHQ+CgkJPC9nPgoJPC9nPgogIAogIDxhbmltYXRlVHJhbnNmb3JtIAogICAgYXR0cmlidXRlVHlwZT0ieG1sIgogICAgYXR0cmlidXRlTmFtZT0idHJhbnNmb3JtIgogICAgdHlwZT0icm90YXRlIiAKICAgIGZyb209IjAgMCAwIgogICAgdG89IjM2MCAwIDAiIAogICAgZHVyPSIyMi44cyIKICAgIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIgogIC8+IAo8L3N2Zz4="); - width:0px; - height:0px; - padding:2.25em 2em 2.25em 2em; - margin: 0 0.8em; - background-repeat: no-repeat; - line-height:100%; - vertical-align:middle; - color: rgba(0, 0, 0, 0); -} - -img.noentry { - display: inline-block; - background: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCAzMy4wNTQyMDcgMzMuMDQ0NzI0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgoJPGcgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTY5LjY1MSAtNjguODExKSI+CgkJPGNpcmNsZSBjeD0iODYuMzk1IiBjeT0iODUuMzQiIHI9IjE1Ljk0OSIgZmlsbD0iI2ZmZiIgb3BhY2l0eT0iLjc0MiIvPgoJCTxwYXRoIGQ9Im04My4zMDYgMTAxLjY4Yy0yLjI5MDItMC40MDg2NC00Ljg2NTItMS40OTg5LTYuNzktMi44NzQ5LTMuNTAwOC0yLjUwMjYtNS45NDE1LTYuNDIyNS02LjY5NzItMTAuNzU2LTAuMjIzMDEtMS4yNzg5LTAuMjIzMDEtNC4xNDUzIDAtNS40MjQyIDAuNDIzNTYtMi40Mjg5IDEuNDc1NC00Ljk1OTIgMi44ODE2LTYuOTMxOSAyLjQ5MTMtMy40OTQ5IDYuNDQ3LTUuOTYyNCAxMC43NjYtNi43MTU1IDEuMjc4OS0wLjIyMzAyIDQuMTQ1NC0wLjIyMzAyIDUuNDI0MiAwIDIuNDM2MiAwLjQyNDg0IDQuOTU3NyAxLjQ3NDggNi45NTA0IDIuODk0MiAzLjQ2ODQgMi40NzA2IDUuOTYxOSA2LjQ1NzQgNi42ODk5IDEwLjY5NiAwLjIzMDA0IDEuMzM5NiAwLjIzMzc4IDQuMTgxOSA4ZS0zIDUuNDgxMi0wLjM4NzA1IDIuMjE5NS0xLjM2ODcgNC43MjA2LTIuNTMxMiA2LjQ0OTItMi41ODEyIDMuODM4Mi02LjUzNyA2LjM5OTctMTEuMTE2IDcuMTk4My0xLjI1MjIgMC4yMTgzNi00LjMxODQgMC4yMDkxNC01LjU4NDYtMC4wMTczem0tMy45Mjc2LTUuODQ5NmMwLTAuNDY0NzEgMC4wNjQ1LTAuNDQxODMtMS4yODk3LTAuNDU3NDctMC41NDgxMi02ZS0zIC0xLjA2MjUtMC4wNTQzLTEuMTQzMS0wLjEwNjQxLTAuMTg3OTktMC4xMjE2LTAuMTkyNTYtMS4xNjA1LTZlLTMgLTEuMzQ3MiAwLjA3NzMtMC4wNzczIDAuNDQ2NjktMC4xNDA2NSAwLjgyMDY5LTAuMTQwNjVoMC42ODAwMXYtMC44MjA3aC0wLjY4OTA5Yy0wLjgyNjc2IDAtMC45ODA2OC0wLjEzOTMtMC45MzAxNi0wLjg0MTM0bDAuMDM2Ni0wLjUwNjk0IDAuOTM3OTUtMC4wMjk0YzEuMzg3NS0wLjA0MzcgMS40ODctMC4wODAyIDEuNDQzNC0wLjUzMTRsLTAuMDM2NC0wLjM3NzAyaC0zLjE2NTZsLTAuMDMxNCAyLjc4NDUtMC4wMzE0IDIuNzg0NWgzLjQwNDN6bTEuNzU4Ni0xLjI5OTRjMC0xLjI2NTMgMC4wMzYyLTEuNjk3OCAwLjEzODkyLTEuNjYzNSAwLjA3NjQgMC4wMjU0IDAuNTYxNTMgMC43OTQ4NiAxLjA3ODEgMS43MDk4IDAuOTEzMzMgMS42MTc1IDAuOTUwMDQgMS42NjM1IDEuMzI4OCAxLjY2MzVoMC4zODk0OWwtMC4wMzE0LTIuNzg0NS0wLjAzMTQtMi43ODQ1aC0wLjcwMzQ2bC0wLjA1ODcgMS41NTQxYy0wLjAzMjMgMC44NTQ3NS0wLjEwODUxIDEuNTU5Ni0wLjE2OTMyIDEuNTY2NC0wLjA2MSA4ZS0zIC0wLjUxMDY5LTAuNjkyNTctMC45OTk1LTEuNTU0MS0wLjg3MzQtMS41Mzk0LTAuODk1NzgtMS41NjY0LTEuMjk2Mi0xLjU2NjRoLTAuNDA3NGwtMC4wMzE0IDIuNzg0NS0wLjAzMTQgMi43ODQ1aDAuODI0OTN6bTUuOTc5NC0wLjY5MzY5IDAuMDU4Ny0yLjM0NDkgMC41ODYyMy0wLjA1ODdjMC41NjAxNi0wLjA1NiAwLjU4NjIxLTAuMDc0MyAwLjU4NjIxLTAuNDEwMzV2LTAuMzUxNzJsLTEuNjYxOC0wLjAzMjVjLTEuNTkzMS0wLjAzMTItMS42NjUtMC4wMjI1LTEuNzM5IDAuMjEwOC0wLjExODMzIDAuMzcyOTkgMC4xNDEwNCAwLjU4Mzc1IDAuNzE4NTkgMC41ODM3NWgwLjUxMzIzdjIuMzI1M2MwIDEuMjc4OSAwLjAzNzcgMi4zNjMgMC4wODM3IDIuNDA5IDAuMDQ2IDAuMDQ2IDAuMjQzODkgMC4wNjgxIDAuNDM5NjcgMC4wNDg5bDAuMzU1OTQtMC4wMzQ4em0zLjA0ODMgMS4xNzI0IDAuMDU4Ny0xLjE3MjQgMC40MjAzNy0wLjAzNTJjMC4yNDM0LTAuMDIwNCAwLjQ3NDAyIDAuMDI5NCAwLjU0Nzc1IDAuMTE4MzQgMC4wNyAwLjA4NDUgMC4zMDQxOCAwLjYyNzg0IDAuNTIwMjcgMS4yMDc2IDAuMzkxNzMgMS4wNTExIDAuMzk0MTkgMS4wNTQzIDAuODI5ODQgMS4wOTA2IDAuNTM2MzIgMC4wNDQ2IDAuNTQwNzEtNmUtMyAwLjEwMTAxLTEuMTUyOS0wLjUyODg5LTEuMzc5OC0wLjUyNDA4LTEuMzE3OS0wLjEzNTQ1LTEuNzUzIDAuNTUwMjUtMC42MTYzNCAwLjYwNTQzLTEuMzg2NiAwLjE0OTExLTIuMDgyOS0wLjMwNDEtMC40NjQwOS0wLjgyOTM1LTAuNjE2NjMtMi4xMjM0LTAuNjE2NjMtMC45NTI5NSAwLTEuMTc2NSAwLjAzMzctMS4yMzQ4IDAuMTg1NDgtMC4xMDA2MyAwLjI2MjI0LTAuMDg4OSA1LjI2ODEgMC4wMTM1IDUuMzY5NiAwLjA0NiAwLjA0NiAwLjI0Mzg4IDAuMDY3OSAwLjQzOTY2IDAuMDQ4OWwwLjM1NTkzLTAuMDM0OHptMC4wNDc1LTIuMjE0MmMtMC4wMzQzLTAuMDg5My0wLjA0NTgtMC4zOTI3MS0wLjAyNTYtMC42NzQxNGwwLjAzNjctMC41MTE2OSAwLjcxOTE0LTAuMDM0NmMwLjU0MDI1LTAuMDI2IDAuNzY2MjkgMC4wMTM1IDAuOTA4NjMgMC4xNTQ4OSAwLjI3ODA1IDAuMjc4MDcgMC4yNDA3MiAwLjgyNzAxLTAuMDcxIDEuMDQ1NC0wLjMzNjk0IDAuMjM2MDEtMS40NzkzIDAuMjUwNjItMS41Njc4IDAuMDJ6bTYuMzc1NiAyLjE4MTEgMC4wMzM1LTEuMjA1NiAwLjg3NTE3LTEuNDM4MmMwLjQ4MTM1LTAuNzkxMDMgMC44NzUxOS0xLjUwNDcgMC44NzUxOS0xLjU4NiAwLTAuMDk5MS0wLjE0NDY5LTAuMTM1ODQtMC40Mzg5NC0wLjExMTQtMC4zOTgxOSAwLjAzMzEtMC40ODQzNyAwLjEwNzE3LTAuOTI4MjcgMC43OTg0Ni0wLjI2OTE1IDAuNDE5MTYtMC41NzI4MiAwLjg2NzYtMC42NzQ4OCAwLjk5NjU4bC0wLjE4NTQ4IDAuMjM0NDYtMC4xODU0OC0wLjIzNDQ2Yy0wLjEwMTk4LTAuMTI4OTItMC40MDU3My0wLjU3NzQyLTAuNjc0ODctMC45OTY1OC0wLjQ0MzkxLTAuNjkxMzMtMC41MzAwOS0wLjc2NTQ0LTAuOTI4MjgtMC43OTg0Ni0wLjMxMzI2LTAuMDI2LTAuNDM4OTQgMC4wMS0wLjQzODk0IDAuMTI2MDMgMCAwLjA4OTMgMC4zOTU3MSAwLjgwMDIgMC44NzkzMyAxLjU3OThsMC44NzkzMiAxLjQxNzV2MS4xNjI5YzAgMC42Mzk2MSAwLjAzNzcgMS4yMDA2IDAuMDgzNyAxLjI0NjYgMC4wNDYgMC4wNDYgMC4yNDM4OCAwLjA2ODEgMC40Mzk2NSAwLjA0ODlsMC4zNTU5Ni0wLjAzNDh6bTMuNjM2Mi02LjczMThjMC4xNDg3NC0wLjE0ODczIDAuMjExMzgtNC45MzE4IDAuMDY5NS01LjMwMTUtMC4wNjQzLTAuMTY3NTktMS40MTctMC4xODU0OC0xNC4xMTUtMC4xODU0OC0xMi42OTggMC0xNC4wNTEgMC4wMTczLTE0LjExNSAwLjE4NTQ4LTAuMTI0MyAwLjMyMzktMC4wNzk1IDQuOTczIDAuMDUwMiA1LjIxNTQgMC4xMTg5MSAwLjIyMjI1IDAuMzk5MTIgMC4yMjY3OSAxNC4wNDYgMC4yMjY3OSAxMC42NzQgMCAxMy45NTctMC4wMzI5IDE0LjA2NS0wLjE0MDY1em0tMTAuNDQtOC40OTYyYzAuNzAwNzctMC41MjMyIDEuMDYyNC0xLjkyOTYgMC44NDUzNy0zLjI4OC0wLjIxNjIxLTEuMzUzMy0wLjg0MTIxLTIuMDI1Ny0xLjg4MzktMi4wMjY1LTEuMDcxLTllLTQgLTEuODAyMyAwLjg4Njc1LTEuOTM5MyAyLjM1MzYtMC4xMzQzIDEuNDM4OSAwLjMxMTM4IDIuNjQ4NyAxLjEzMjkgMy4wNzQ5IDAuNTExMjUgMC4yNjUyNCAxLjQxMTUgMC4yMDk1OSAxLjg0NDktMC4xMTM5em0tMS42NDUxLTAuODMwNjVjLTAuMzExNDktMC4zNDQxOC0wLjQzNjY3LTAuODI2MzctMC40MzY2Ny0xLjY4MTkgMC0wLjk0OTY1IDAuMjA1MzUtMS41Mjg3IDAuNjQ0MTItMS44MTYyIDAuNjY0MjctMC40MzUyNCAxLjMyODIgMC4xODA0OCAxLjQzMjMgMS4zMjgzIDAuMTM5MTEgMS41MzMyLTAuMjM1NDEgMi4zNzUyLTEuMDU2MyAyLjM3NTItMC4yMjk4MyAwLTAuNDc1OS0wLjA4NjYtMC41ODMzOC0wLjIwNTR6bS01LjY2NjUgMC44NDA2NGMwLjAzOTEtMC4xMDE5OCAwLjA3MTItMC44NDA2MiAwLjA3MTItMS42NDE0IDAtMC44MDA3NyAwLjAzOTYtMS40NTU5IDAuMDg3OS0xLjQ1NTcgMC4wNDgzIDllLTUgMC40OTEzOSAwLjcyNTUzIDAuOTg0NSAxLjYxMjEgMC44MjcwOSAxLjQ4NyAwLjkyNDc1IDEuNjE0OCAxLjI2MDQgMS42NDg2IDAuMjAwMzggMC4wMjAyIDAuMzY1NDgtMC4wMTkyIDAuMzY3NTQtMC4wODc5IDJlLTMgLTAuMDY4NSA0ZS0zIC0xLjIzMjYgNGUtMyAtMi41ODY4IDAtMS4zNTQyLTJlLTMgLTIuNTE4Mi00ZS0zIC0yLjU4NjgtMmUtMyAtMC4wNjk1LTAuMTcyMjEtMC4xMDg1Mi0wLjM4NDc4LTAuMDg3OWwtMC4zODEwMiAwLjAzNjctMC4wMzI3IDEuNDk0OGMtMC4wMTczIDAuODIyMTYtMC4wNzM5IDEuNDk0OC0wLjEyMzkyIDEuNDk0OC0wLjA1MDIgMC0wLjQ2NTEyLTAuNjcyNjgtMC45MjIxOS0xLjQ5NDgtMC43NzY1OC0xLjM5Ny0wLjg1NTk3LTEuNDk3NC0xLjIxMi0xLjUzMjktMC4yMjU0Ni0wLjAyMjUtMC40MjExNiAwLjAyNTQtMC40Nzk0MiAwLjExNzE3LTAuMTExNzkgMC4xNzY0NC0wLjEzOTg4IDQuNzg1Ny0wLjAzMDggNS4wNjk4IDAuMDQxNCAwLjEwNzc1IDAuMjA4MTEgMC4xODU0OCAwLjM5NzgxIDAuMTg1NDggMC4xODk3MSAwIDAuMzU2NDktMC4wNzc3IDAuMzk3ODItMC4xODU0OHoiIGZpbGw9IiNlYzIyMjkiIHN0cm9rZS13aWR0aD0iLjExNzI0Ii8+Cgk8L2c+Cjwvc3ZnPgo="); - width:0px; - height:0px; - padding:2.25em 2em 2.25em 2em; - margin: 0 0.8em; - background-repeat: no-repeat; - line-height:100%; - vertical-align:middle; - font-size: 20pt; - color: rgba(0, 0, 0, 0); -} - -div.searchbg { - background-repeat: no-repeat; - background-image: url("dorian-gray-wikipedia.jpg"); - background-position: left top; - width: 561px; - height: 844px; - padding: 10px; - padding-top: 20px; - text-align:center; -} - -table.searchtable { - position:relative; - display:inline-table; - padding-top: 6px; -} - -div.acomplete { - position:absolute; - display:block; - float:right; - text-align:left; - background-color: #aaa; - font-size: 12pt; - max-height: 50vh; - right:0px; - margin: 0px; - padding: 0px 1px; - overflow:auto; - opacity: 0; - z-index: 4; - border: 1px solid gray; - border-radius: 3px; - background-color: white; - white-space: nowrap; - box-shadow: 0px 5px 15px gray; - transition: opacity 0.3s; - font-weight:normal -} - -div.acomplete ul { - list-style-type: none; - padding: 0px 2px; - cursor: pointer; -} - -div.acomplete ul li { - margin: 2px; - padding: 1px; - font-size: 14px; - left: 0px; -} - -div.acomplete ul li:hover { - background-color: lightblue; -} - -div.acomplete ul li:active { - background-color: blue; - color: white; -} - -div.searchresults { - position:absolute; - display:block; - float:right; - text-align:left; - font-size: 9pt; - width: 100%; - max-height: 600px; - left:0px; - margin: 4px 20px; - margin-top: 24px; - padding: 0px 20px; - overflow: scroll; - opacity: 0; - z-index: 3; - border: 1px solid gray; - border-radius: 3px; - background-color: rgba(255,255,255,0.7); - white-space: nowrap; - box-shadow: 0px 5px 15px gray; - transition: opacity 0.3s; - font-weight:normal; -} - -div.filepath { - font-size: 14pt; - padding: 12px 0px; -} - -input.viable { - color: #000 -} - -input.nonviable { - color: #aaa -} - -td.searchboxtitle { - text-align:right; - font-size: 15pt; -} - -td.r { - text-align:right; - color: #aaa; - width:99%; -} - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.js b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.js deleted file mode 100644 index 8da940b..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/lws-fts.js +++ /dev/null @@ -1,211 +0,0 @@ -/* lws-fts.js - JS supporting lws fulltext search - * - * Copyright (C) 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - */ - -(function() { - - var last_ac = ""; - - function san(s) - { - s.replace("<", "!"); - s.replace("%", "!"); - - return s; - } - - function lws_fts_choose() - { - var xhr = new XMLHttpRequest(); - var sr = document.getElementById("searchresults"); - var ac = document.getElementById("acomplete"); - var inp = document.getElementById("lws_fts"); - - xhr.onopen = function(e) { - xhr.setRequestHeader("cache-control", "max-age=0"); - }; - - xhr.onload = function(e) { - var jj, n, m, s = "", x, lic = 0, hl, re; - var sr = document.getElementById("searchresults"); - var ac = document.getElementById("acomplete"); - var inp = document.getElementById("lws_fts"); - sr.style.width = (parseInt(sr.parentNode.offsetWidth, 10) - 88) + "px"; - sr.style.opacity = "1"; - inp.blur(); - - hl = document.getElementById("lws_fts").value; - re = new RegExp(hl, "gi"); - - // console.log(xhr.responseText); - jj = JSON.parse(xhr.responseText); - - if (jj.fp) { - lic = jj.fp.length; - for (n = 0; n < lic; n++) { - var q; - - s += "
" + jj.fp[n].path + "
"; - - s += ""; - for (m = 0; m < jj.fp[n].hits.length; m++) - s += ""; - - s += "
" + jj.fp[n].hits[m].l + - "" + jj.fp[n].hits[m].s + - "
"; - - } - } - - sr.innerHTML = s; - }; - - inp.blur(); - ac.style.opacity = "0"; - sr.style.innerHTML = ""; - xhr.open("GET", "../fts/r/" + document.getElementById("lws_fts").value); - xhr.send(); - } - - function lws_fts_ac_select(e) - { - var t = e.target; - - while (t) { - if (t.getAttribute && t.getAttribute("string")) { - document.getElementById("lws_fts").value = - t.getAttribute("string"); - - lws_fts_choose(); - } - - t = t.parentNode; - } - } - - function lws_fts_search_input() - { - var ac = document.getElementById("acomplete"), - sb = document.getElementById("lws_fts"); - - if (last_ac === sb.value) - return; - - last_ac = sb.value; - - ac.style.width = (parseInt(sb.offsetWidth, 10) - 2) + "px"; - ac.style.opacity = "1"; - - /* detect loss of focus for popup menu */ - sb.addEventListener("focusout", function(e) { - ac.style.opacity = "0"; - }); - - - var xhr = new XMLHttpRequest(); - - xhr.onopen = function(e) { - xhr.setRequestHeader("cache-control", "max-age=0"); - }; - xhr.onload = function(e) { - var jj, n, s = "", x, lic = 0; - var inp = document.getElementById("lws_fts"); - var ac = document.getElementById("acomplete"); - - // console.log(xhr.responseText); - jj = JSON.parse(xhr.responseText); - - switch(parseInt(jj.indexed, 10)) { - case 0: /* there is no index */ - break; - - case 1: /* yay there is an index */ - - if (jj.ac) { - lic = jj.ac.length; - s += ""; - - if (!lic) { - //s = ""; - inp.className = "nonviable"; - ac.style.opacity = "0"; - } else { - inp.className = "viable"; - ac.style.opacity = "1"; - } - } - - break; - - default: - - /* an index is being built... */ - - s = "
" + - "
Indexing
" + - "
" + - "
" + - jj.index_done + " / " + jj.index_files + - "
" + - "
"; - - setTimeout(lws_fts_search_input, 300); - - break; - } - - ac.innerHTML = s; - - for (n = 0; n < lic; n++) - if (document.getElementById("mi_ac" + n)) - document.getElementById("mi_ac" + n). - addEventListener("click", lws_fts_ac_select); - if (jj.index_files) { - document.getElementById("bar2").style.width = - ((150 * jj.index_done) / (jj.index_files + 1)) + "px"; - } - }; - - xhr.open("GET", "../fts/a/" + document.getElementById("lws_fts").value); - xhr.send(); - } - - document.addEventListener("DOMContentLoaded", function() { - var inp = document.getElementById("lws_fts"); - - inp.addEventListener("input", lws_fts_search_input, false); - - inp.addEventListener("keydown", - function(e) { - var inp = document.getElementById("lws_fts"); - var sr = document.getElementById("searchresults"); - var ac = document.getElementById("acomplete"); - if (e.key === "Enter" && inp.className === "viable") { - lws_fts_choose(); - sr.focus(); - ac.style.opacity = "0"; - } - }, false); - - }, false); - -}()); \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-fulltext-search/the-picture-of-dorian-gray.txt b/minimal-examples/http-server/minimal-http-server-fulltext-search/the-picture-of-dorian-gray.txt deleted file mode 100644 index f4ffc49..0000000 --- a/minimal-examples/http-server/minimal-http-server-fulltext-search/the-picture-of-dorian-gray.txt +++ /dev/null @@ -1,8904 +0,0 @@ -The Project Gutenberg EBook of The Picture of Dorian Gray, by Oscar Wilde - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.net - - -Title: The Picture of Dorian Gray - -Author: Oscar Wilde - -Release Date: June 9, 2008 [EBook #174] -[This file last updated on July 2, 2011] -[This file last updated on July 23, 2014] - - -Language: English - - -*** START OF THIS PROJECT GUTENBERG EBOOK THE PICTURE OF DORIAN GRAY *** - - - - -Produced by Judith Boss. HTML version by Al Haines. - - - - - - - - - - -The Picture of Dorian Gray - -by - -Oscar Wilde - - - - -THE PREFACE - -The artist is the creator of beautiful things. To reveal art and -conceal the artist is art's aim. The critic is he who can translate -into another manner or a new material his impression of beautiful -things. - -The highest as the lowest form of criticism is a mode of autobiography. -Those who find ugly meanings in beautiful things are corrupt without -being charming. This is a fault. - -Those who find beautiful meanings in beautiful things are the -cultivated. For these there is hope. They are the elect to whom -beautiful things mean only beauty. - -There is no such thing as a moral or an immoral book. Books are well -written, or badly written. That is all. - -The nineteenth century dislike of realism is the rage of Caliban seeing -his own face in a glass. - -The nineteenth century dislike of romanticism is the rage of Caliban -not seeing his own face in a glass. The moral life of man forms part -of the subject-matter of the artist, but the morality of art consists -in the perfect use of an imperfect medium. No artist desires to prove -anything. Even things that are true can be proved. No artist has -ethical sympathies. An ethical sympathy in an artist is an -unpardonable mannerism of style. No artist is ever morbid. The artist -can express everything. Thought and language are to the artist -instruments of an art. Vice and virtue are to the artist materials for -an art. From the point of view of form, the type of all the arts is -the art of the musician. From the point of view of feeling, the -actor's craft is the type. All art is at once surface and symbol. -Those who go beneath the surface do so at their peril. Those who read -the symbol do so at their peril. It is the spectator, and not life, -that art really mirrors. Diversity of opinion about a work of art -shows that the work is new, complex, and vital. When critics disagree, -the artist is in accord with himself. We can forgive a man for making -a useful thing as long as he does not admire it. The only excuse for -making a useless thing is that one admires it intensely. - - All art is quite useless. - - OSCAR WILDE - - - - -CHAPTER 1 - -The studio was filled with the rich odour of roses, and when the light -summer wind stirred amidst the trees of the garden, there came through -the open door the heavy scent of the lilac, or the more delicate -perfume of the pink-flowering thorn. - -From the corner of the divan of Persian saddle-bags on which he was -lying, smoking, as was his custom, innumerable cigarettes, Lord Henry -Wotton could just catch the gleam of the honey-sweet and honey-coloured -blossoms of a laburnum, whose tremulous branches seemed hardly able to -bear the burden of a beauty so flamelike as theirs; and now and then -the fantastic shadows of birds in flight flitted across the long -tussore-silk curtains that were stretched in front of the huge window, -producing a kind of momentary Japanese effect, and making him think of -those pallid, jade-faced painters of Tokyo who, through the medium of -an art that is necessarily immobile, seek to convey the sense of -swiftness and motion. The sullen murmur of the bees shouldering their -way through the long unmown grass, or circling with monotonous -insistence round the dusty gilt horns of the straggling woodbine, -seemed to make the stillness more oppressive. The dim roar of London -was like the bourdon note of a distant organ. - -In the centre of the room, clamped to an upright easel, stood the -full-length portrait of a young man of extraordinary personal beauty, -and in front of it, some little distance away, was sitting the artist -himself, Basil Hallward, whose sudden disappearance some years ago -caused, at the time, such public excitement and gave rise to so many -strange conjectures. - -As the painter looked at the gracious and comely form he had so -skilfully mirrored in his art, a smile of pleasure passed across his -face, and seemed about to linger there. But he suddenly started up, -and closing his eyes, placed his fingers upon the lids, as though he -sought to imprison within his brain some curious dream from which he -feared he might awake. - -"It is your best work, Basil, the best thing you have ever done," said -Lord Henry languidly. "You must certainly send it next year to the -Grosvenor. The Academy is too large and too vulgar. Whenever I have -gone there, there have been either so many people that I have not been -able to see the pictures, which was dreadful, or so many pictures that -I have not been able to see the people, which was worse. The Grosvenor -is really the only place." - -"I don't think I shall send it anywhere," he answered, tossing his head -back in that odd way that used to make his friends laugh at him at -Oxford. "No, I won't send it anywhere." - -Lord Henry elevated his eyebrows and looked at him in amazement through -the thin blue wreaths of smoke that curled up in such fanciful whorls -from his heavy, opium-tainted cigarette. "Not send it anywhere? My -dear fellow, why? Have you any reason? What odd chaps you painters -are! You do anything in the world to gain a reputation. As soon as -you have one, you seem to want to throw it away. It is silly of you, -for there is only one thing in the world worse than being talked about, -and that is not being talked about. A portrait like this would set you -far above all the young men in England, and make the old men quite -jealous, if old men are ever capable of any emotion." - -"I know you will laugh at me," he replied, "but I really can't exhibit -it. I have put too much of myself into it." - -Lord Henry stretched himself out on the divan and laughed. - -"Yes, I knew you would; but it is quite true, all the same." - -"Too much of yourself in it! Upon my word, Basil, I didn't know you -were so vain; and I really can't see any resemblance between you, with -your rugged strong face and your coal-black hair, and this young -Adonis, who looks as if he was made out of ivory and rose-leaves. Why, -my dear Basil, he is a Narcissus, and you--well, of course you have an -intellectual expression and all that. But beauty, real beauty, ends -where an intellectual expression begins. Intellect is in itself a mode -of exaggeration, and destroys the harmony of any face. The moment one -sits down to think, one becomes all nose, or all forehead, or something -horrid. Look at the successful men in any of the learned professions. -How perfectly hideous they are! Except, of course, in the Church. But -then in the Church they don't think. A bishop keeps on saying at the -age of eighty what he was told to say when he was a boy of eighteen, -and as a natural consequence he always looks absolutely delightful. -Your mysterious young friend, whose name you have never told me, but -whose picture really fascinates me, never thinks. I feel quite sure of -that. He is some brainless beautiful creature who should be always -here in winter when we have no flowers to look at, and always here in -summer when we want something to chill our intelligence. Don't flatter -yourself, Basil: you are not in the least like him." - -"You don't understand me, Harry," answered the artist. "Of course I am -not like him. I know that perfectly well. Indeed, I should be sorry -to look like him. You shrug your shoulders? I am telling you the -truth. There is a fatality about all physical and intellectual -distinction, the sort of fatality that seems to dog through history the -faltering steps of kings. It is better not to be different from one's -fellows. The ugly and the stupid have the best of it in this world. -They can sit at their ease and gape at the play. If they know nothing -of victory, they are at least spared the knowledge of defeat. They -live as we all should live--undisturbed, indifferent, and without -disquiet. They neither bring ruin upon others, nor ever receive it -from alien hands. Your rank and wealth, Harry; my brains, such as they -are--my art, whatever it may be worth; Dorian Gray's good looks--we -shall all suffer for what the gods have given us, suffer terribly." - -"Dorian Gray? Is that his name?" asked Lord Henry, walking across the -studio towards Basil Hallward. - -"Yes, that is his name. I didn't intend to tell it to you." - -"But why not?" - -"Oh, I can't explain. When I like people immensely, I never tell their -names to any one. It is like surrendering a part of them. I have -grown to love secrecy. It seems to be the one thing that can make -modern life mysterious or marvellous to us. The commonest thing is -delightful if one only hides it. When I leave town now I never tell my -people where I am going. If I did, I would lose all my pleasure. It -is a silly habit, I dare say, but somehow it seems to bring a great -deal of romance into one's life. I suppose you think me awfully -foolish about it?" - -"Not at all," answered Lord Henry, "not at all, my dear Basil. You -seem to forget that I am married, and the one charm of marriage is that -it makes a life of deception absolutely necessary for both parties. I -never know where my wife is, and my wife never knows what I am doing. -When we meet--we do meet occasionally, when we dine out together, or go -down to the Duke's--we tell each other the most absurd stories with the -most serious faces. My wife is very good at it--much better, in fact, -than I am. She never gets confused over her dates, and I always do. -But when she does find me out, she makes no row at all. I sometimes -wish she would; but she merely laughs at me." - -"I hate the way you talk about your married life, Harry," said Basil -Hallward, strolling towards the door that led into the garden. "I -believe that you are really a very good husband, but that you are -thoroughly ashamed of your own virtues. You are an extraordinary -fellow. You never say a moral thing, and you never do a wrong thing. -Your cynicism is simply a pose." - -"Being natural is simply a pose, and the most irritating pose I know," -cried Lord Henry, laughing; and the two young men went out into the -garden together and ensconced themselves on a long bamboo seat that -stood in the shade of a tall laurel bush. The sunlight slipped over -the polished leaves. In the grass, white daisies were tremulous. - -After a pause, Lord Henry pulled out his watch. "I am afraid I must be -going, Basil," he murmured, "and before I go, I insist on your -answering a question I put to you some time ago." - -"What is that?" said the painter, keeping his eyes fixed on the ground. - -"You know quite well." - -"I do not, Harry." - -"Well, I will tell you what it is. I want you to explain to me why you -won't exhibit Dorian Gray's picture. I want the real reason." - -"I told you the real reason." - -"No, you did not. You said it was because there was too much of -yourself in it. Now, that is childish." - -"Harry," said Basil Hallward, looking him straight in the face, "every -portrait that is painted with feeling is a portrait of the artist, not -of the sitter. The sitter is merely the accident, the occasion. It is -not he who is revealed by the painter; it is rather the painter who, on -the coloured canvas, reveals himself. The reason I will not exhibit -this picture is that I am afraid that I have shown in it the secret of -my own soul." - -Lord Henry laughed. "And what is that?" he asked. - -"I will tell you," said Hallward; but an expression of perplexity came -over his face. - -"I am all expectation, Basil," continued his companion, glancing at him. - -"Oh, there is really very little to tell, Harry," answered the painter; -"and I am afraid you will hardly understand it. Perhaps you will -hardly believe it." - -Lord Henry smiled, and leaning down, plucked a pink-petalled daisy from -the grass and examined it. "I am quite sure I shall understand it," he -replied, gazing intently at the little golden, white-feathered disk, -"and as for believing things, I can believe anything, provided that it -is quite incredible." - -The wind shook some blossoms from the trees, and the heavy -lilac-blooms, with their clustering stars, moved to and fro in the -languid air. A grasshopper began to chirrup by the wall, and like a -blue thread a long thin dragon-fly floated past on its brown gauze -wings. Lord Henry felt as if he could hear Basil Hallward's heart -beating, and wondered what was coming. - -"The story is simply this," said the painter after some time. "Two -months ago I went to a crush at Lady Brandon's. You know we poor -artists have to show ourselves in society from time to time, just to -remind the public that we are not savages. With an evening coat and a -white tie, as you told me once, anybody, even a stock-broker, can gain -a reputation for being civilized. Well, after I had been in the room -about ten minutes, talking to huge overdressed dowagers and tedious -academicians, I suddenly became conscious that some one was looking at -me. I turned half-way round and saw Dorian Gray for the first time. -When our eyes met, I felt that I was growing pale. A curious sensation -of terror came over me. I knew that I had come face to face with some -one whose mere personality was so fascinating that, if I allowed it to -do so, it would absorb my whole nature, my whole soul, my very art -itself. I did not want any external influence in my life. You know -yourself, Harry, how independent I am by nature. I have always been my -own master; had at least always been so, till I met Dorian Gray. -Then--but I don't know how to explain it to you. Something seemed to -tell me that I was on the verge of a terrible crisis in my life. I had -a strange feeling that fate had in store for me exquisite joys and -exquisite sorrows. I grew afraid and turned to quit the room. It was -not conscience that made me do so: it was a sort of cowardice. I take -no credit to myself for trying to escape." - -"Conscience and cowardice are really the same things, Basil. -Conscience is the trade-name of the firm. That is all." - -"I don't believe that, Harry, and I don't believe you do either. -However, whatever was my motive--and it may have been pride, for I used -to be very proud--I certainly struggled to the door. There, of course, -I stumbled against Lady Brandon. 'You are not going to run away so -soon, Mr. Hallward?' she screamed out. You know her curiously shrill -voice?" - -"Yes; she is a peacock in everything but beauty," said Lord Henry, -pulling the daisy to bits with his long nervous fingers. - -"I could not get rid of her. She brought me up to royalties, and -people with stars and garters, and elderly ladies with gigantic tiaras -and parrot noses. She spoke of me as her dearest friend. I had only -met her once before, but she took it into her head to lionize me. I -believe some picture of mine had made a great success at the time, at -least had been chattered about in the penny newspapers, which is the -nineteenth-century standard of immortality. Suddenly I found myself -face to face with the young man whose personality had so strangely -stirred me. We were quite close, almost touching. Our eyes met again. -It was reckless of me, but I asked Lady Brandon to introduce me to him. -Perhaps it was not so reckless, after all. It was simply inevitable. -We would have spoken to each other without any introduction. I am sure -of that. Dorian told me so afterwards. He, too, felt that we were -destined to know each other." - -"And how did Lady Brandon describe this wonderful young man?" asked his -companion. "I know she goes in for giving a rapid _precis_ of all her -guests. I remember her bringing me up to a truculent and red-faced old -gentleman covered all over with orders and ribbons, and hissing into my -ear, in a tragic whisper which must have been perfectly audible to -everybody in the room, the most astounding details. I simply fled. I -like to find out people for myself. But Lady Brandon treats her guests -exactly as an auctioneer treats his goods. She either explains them -entirely away, or tells one everything about them except what one wants -to know." - -"Poor Lady Brandon! You are hard on her, Harry!" said Hallward -listlessly. - -"My dear fellow, she tried to found a _salon_, and only succeeded in -opening a restaurant. How could I admire her? But tell me, what did -she say about Mr. Dorian Gray?" - -"Oh, something like, 'Charming boy--poor dear mother and I absolutely -inseparable. Quite forget what he does--afraid he--doesn't do -anything--oh, yes, plays the piano--or is it the violin, dear Mr. -Gray?' Neither of us could help laughing, and we became friends at -once." - -"Laughter is not at all a bad beginning for a friendship, and it is far -the best ending for one," said the young lord, plucking another daisy. - -Hallward shook his head. "You don't understand what friendship is, -Harry," he murmured--"or what enmity is, for that matter. You like -every one; that is to say, you are indifferent to every one." - -"How horribly unjust of you!" cried Lord Henry, tilting his hat back -and looking up at the little clouds that, like ravelled skeins of -glossy white silk, were drifting across the hollowed turquoise of the -summer sky. "Yes; horribly unjust of you. I make a great difference -between people. I choose my friends for their good looks, my -acquaintances for their good characters, and my enemies for their good -intellects. A man cannot be too careful in the choice of his enemies. -I have not got one who is a fool. They are all men of some -intellectual power, and consequently they all appreciate me. Is that -very vain of me? I think it is rather vain." - -"I should think it was, Harry. But according to your category I must -be merely an acquaintance." - -"My dear old Basil, you are much more than an acquaintance." - -"And much less than a friend. A sort of brother, I suppose?" - -"Oh, brothers! I don't care for brothers. My elder brother won't die, -and my younger brothers seem never to do anything else." - -"Harry!" exclaimed Hallward, frowning. - -"My dear fellow, I am not quite serious. But I can't help detesting my -relations. I suppose it comes from the fact that none of us can stand -other people having the same faults as ourselves. I quite sympathize -with the rage of the English democracy against what they call the vices -of the upper orders. The masses feel that drunkenness, stupidity, and -immorality should be their own special property, and that if any one of -us makes an ass of himself, he is poaching on their preserves. When -poor Southwark got into the divorce court, their indignation was quite -magnificent. And yet I don't suppose that ten per cent of the -proletariat live correctly." - -"I don't agree with a single word that you have said, and, what is -more, Harry, I feel sure you don't either." - -Lord Henry stroked his pointed brown beard and tapped the toe of his -patent-leather boot with a tasselled ebony cane. "How English you are -Basil! That is the second time you have made that observation. If one -puts forward an idea to a true Englishman--always a rash thing to -do--he never dreams of considering whether the idea is right or wrong. -The only thing he considers of any importance is whether one believes -it oneself. Now, the value of an idea has nothing whatsoever to do -with the sincerity of the man who expresses it. Indeed, the -probabilities are that the more insincere the man is, the more purely -intellectual will the idea be, as in that case it will not be coloured -by either his wants, his desires, or his prejudices. However, I don't -propose to discuss politics, sociology, or metaphysics with you. I -like persons better than principles, and I like persons with no -principles better than anything else in the world. Tell me more about -Mr. Dorian Gray. How often do you see him?" - -"Every day. I couldn't be happy if I didn't see him every day. He is -absolutely necessary to me." - -"How extraordinary! I thought you would never care for anything but -your art." - -"He is all my art to me now," said the painter gravely. "I sometimes -think, Harry, that there are only two eras of any importance in the -world's history. The first is the appearance of a new medium for art, -and the second is the appearance of a new personality for art also. -What the invention of oil-painting was to the Venetians, the face of -Antinous was to late Greek sculpture, and the face of Dorian Gray will -some day be to me. It is not merely that I paint from him, draw from -him, sketch from him. Of course, I have done all that. But he is much -more to me than a model or a sitter. I won't tell you that I am -dissatisfied with what I have done of him, or that his beauty is such -that art cannot express it. There is nothing that art cannot express, -and I know that the work I have done, since I met Dorian Gray, is good -work, is the best work of my life. But in some curious way--I wonder -will you understand me?--his personality has suggested to me an -entirely new manner in art, an entirely new mode of style. I see -things differently, I think of them differently. I can now recreate -life in a way that was hidden from me before. 'A dream of form in days -of thought'--who is it who says that? I forget; but it is what Dorian -Gray has been to me. The merely visible presence of this lad--for he -seems to me little more than a lad, though he is really over -twenty--his merely visible presence--ah! I wonder can you realize all -that that means? Unconsciously he defines for me the lines of a fresh -school, a school that is to have in it all the passion of the romantic -spirit, all the perfection of the spirit that is Greek. The harmony of -soul and body--how much that is! We in our madness have separated the -two, and have invented a realism that is vulgar, an ideality that is -void. Harry! if you only knew what Dorian Gray is to me! You remember -that landscape of mine, for which Agnew offered me such a huge price -but which I would not part with? It is one of the best things I have -ever done. And why is it so? Because, while I was painting it, Dorian -Gray sat beside me. Some subtle influence passed from him to me, and -for the first time in my life I saw in the plain woodland the wonder I -had always looked for and always missed." - -"Basil, this is extraordinary! I must see Dorian Gray." - -Hallward got up from the seat and walked up and down the garden. After -some time he came back. "Harry," he said, "Dorian Gray is to me simply -a motive in art. You might see nothing in him. I see everything in -him. He is never more present in my work than when no image of him is -there. He is a suggestion, as I have said, of a new manner. I find -him in the curves of certain lines, in the loveliness and subtleties of -certain colours. That is all." - -"Then why won't you exhibit his portrait?" asked Lord Henry. - -"Because, without intending it, I have put into it some expression of -all this curious artistic idolatry, of which, of course, I have never -cared to speak to him. He knows nothing about it. He shall never know -anything about it. But the world might guess it, and I will not bare -my soul to their shallow prying eyes. My heart shall never be put -under their microscope. There is too much of myself in the thing, -Harry--too much of myself!" - -"Poets are not so scrupulous as you are. They know how useful passion -is for publication. Nowadays a broken heart will run to many editions." - -"I hate them for it," cried Hallward. "An artist should create -beautiful things, but should put nothing of his own life into them. We -live in an age when men treat art as if it were meant to be a form of -autobiography. We have lost the abstract sense of beauty. Some day I -will show the world what it is; and for that reason the world shall -never see my portrait of Dorian Gray." - -"I think you are wrong, Basil, but I won't argue with you. It is only -the intellectually lost who ever argue. Tell me, is Dorian Gray very -fond of you?" - -The painter considered for a few moments. "He likes me," he answered -after a pause; "I know he likes me. Of course I flatter him -dreadfully. I find a strange pleasure in saying things to him that I -know I shall be sorry for having said. As a rule, he is charming to -me, and we sit in the studio and talk of a thousand things. Now and -then, however, he is horribly thoughtless, and seems to take a real -delight in giving me pain. Then I feel, Harry, that I have given away -my whole soul to some one who treats it as if it were a flower to put -in his coat, a bit of decoration to charm his vanity, an ornament for a -summer's day." - -"Days in summer, Basil, are apt to linger," murmured Lord Henry. -"Perhaps you will tire sooner than he will. It is a sad thing to think -of, but there is no doubt that genius lasts longer than beauty. That -accounts for the fact that we all take such pains to over-educate -ourselves. In the wild struggle for existence, we want to have -something that endures, and so we fill our minds with rubbish and -facts, in the silly hope of keeping our place. The thoroughly -well-informed man--that is the modern ideal. And the mind of the -thoroughly well-informed man is a dreadful thing. It is like a -_bric-a-brac_ shop, all monsters and dust, with everything priced above -its proper value. I think you will tire first, all the same. Some day -you will look at your friend, and he will seem to you to be a little -out of drawing, or you won't like his tone of colour, or something. -You will bitterly reproach him in your own heart, and seriously think -that he has behaved very badly to you. The next time he calls, you -will be perfectly cold and indifferent. It will be a great pity, for -it will alter you. What you have told me is quite a romance, a romance -of art one might call it, and the worst of having a romance of any kind -is that it leaves one so unromantic." - -"Harry, don't talk like that. As long as I live, the personality of -Dorian Gray will dominate me. You can't feel what I feel. You change -too often." - -"Ah, my dear Basil, that is exactly why I can feel it. Those who are -faithful know only the trivial side of love: it is the faithless who -know love's tragedies." And Lord Henry struck a light on a dainty -silver case and began to smoke a cigarette with a self-conscious and -satisfied air, as if he had summed up the world in a phrase. There was -a rustle of chirruping sparrows in the green lacquer leaves of the ivy, -and the blue cloud-shadows chased themselves across the grass like -swallows. How pleasant it was in the garden! And how delightful other -people's emotions were!--much more delightful than their ideas, it -seemed to him. One's own soul, and the passions of one's -friends--those were the fascinating things in life. He pictured to -himself with silent amusement the tedious luncheon that he had missed -by staying so long with Basil Hallward. Had he gone to his aunt's, he -would have been sure to have met Lord Goodbody there, and the whole -conversation would have been about the feeding of the poor and the -necessity for model lodging-houses. Each class would have preached the -importance of those virtues, for whose exercise there was no necessity -in their own lives. The rich would have spoken on the value of thrift, -and the idle grown eloquent over the dignity of labour. It was -charming to have escaped all that! As he thought of his aunt, an idea -seemed to strike him. He turned to Hallward and said, "My dear fellow, -I have just remembered." - -"Remembered what, Harry?" - -"Where I heard the name of Dorian Gray." - -"Where was it?" asked Hallward, with a slight frown. - -"Don't look so angry, Basil. It was at my aunt, Lady Agatha's. She -told me she had discovered a wonderful young man who was going to help -her in the East End, and that his name was Dorian Gray. I am bound to -state that she never told me he was good-looking. Women have no -appreciation of good looks; at least, good women have not. She said -that he was very earnest and had a beautiful nature. I at once -pictured to myself a creature with spectacles and lank hair, horribly -freckled, and tramping about on huge feet. I wish I had known it was -your friend." - -"I am very glad you didn't, Harry." - -"Why?" - -"I don't want you to meet him." - -"You don't want me to meet him?" - -"No." - -"Mr. Dorian Gray is in the studio, sir," said the butler, coming into -the garden. - -"You must introduce me now," cried Lord Henry, laughing. - -The painter turned to his servant, who stood blinking in the sunlight. -"Ask Mr. Gray to wait, Parker: I shall be in in a few moments." The -man bowed and went up the walk. - -Then he looked at Lord Henry. "Dorian Gray is my dearest friend," he -said. "He has a simple and a beautiful nature. Your aunt was quite -right in what she said of him. Don't spoil him. Don't try to -influence him. Your influence would be bad. The world is wide, and -has many marvellous people in it. Don't take away from me the one -person who gives to my art whatever charm it possesses: my life as an -artist depends on him. Mind, Harry, I trust you." He spoke very -slowly, and the words seemed wrung out of him almost against his will. - -"What nonsense you talk!" said Lord Henry, smiling, and taking Hallward -by the arm, he almost led him into the house. - - - -CHAPTER 2 - -As they entered they saw Dorian Gray. He was seated at the piano, with -his back to them, turning over the pages of a volume of Schumann's -"Forest Scenes." "You must lend me these, Basil," he cried. "I want -to learn them. They are perfectly charming." - -"That entirely depends on how you sit to-day, Dorian." - -"Oh, I am tired of sitting, and I don't want a life-sized portrait of -myself," answered the lad, swinging round on the music-stool in a -wilful, petulant manner. When he caught sight of Lord Henry, a faint -blush coloured his cheeks for a moment, and he started up. "I beg your -pardon, Basil, but I didn't know you had any one with you." - -"This is Lord Henry Wotton, Dorian, an old Oxford friend of mine. I -have just been telling him what a capital sitter you were, and now you -have spoiled everything." - -"You have not spoiled my pleasure in meeting you, Mr. Gray," said Lord -Henry, stepping forward and extending his hand. "My aunt has often -spoken to me about you. You are one of her favourites, and, I am -afraid, one of her victims also." - -"I am in Lady Agatha's black books at present," answered Dorian with a -funny look of penitence. "I promised to go to a club in Whitechapel -with her last Tuesday, and I really forgot all about it. We were to -have played a duet together--three duets, I believe. I don't know what -she will say to me. I am far too frightened to call." - -"Oh, I will make your peace with my aunt. She is quite devoted to you. -And I don't think it really matters about your not being there. The -audience probably thought it was a duet. When Aunt Agatha sits down to -the piano, she makes quite enough noise for two people." - -"That is very horrid to her, and not very nice to me," answered Dorian, -laughing. - -Lord Henry looked at him. Yes, he was certainly wonderfully handsome, -with his finely curved scarlet lips, his frank blue eyes, his crisp -gold hair. There was something in his face that made one trust him at -once. All the candour of youth was there, as well as all youth's -passionate purity. One felt that he had kept himself unspotted from -the world. No wonder Basil Hallward worshipped him. - -"You are too charming to go in for philanthropy, Mr. Gray--far too -charming." And Lord Henry flung himself down on the divan and opened -his cigarette-case. - -The painter had been busy mixing his colours and getting his brushes -ready. He was looking worried, and when he heard Lord Henry's last -remark, he glanced at him, hesitated for a moment, and then said, -"Harry, I want to finish this picture to-day. Would you think it -awfully rude of me if I asked you to go away?" - -Lord Henry smiled and looked at Dorian Gray. "Am I to go, Mr. Gray?" -he asked. - -"Oh, please don't, Lord Henry. I see that Basil is in one of his sulky -moods, and I can't bear him when he sulks. Besides, I want you to tell -me why I should not go in for philanthropy." - -"I don't know that I shall tell you that, Mr. Gray. It is so tedious a -subject that one would have to talk seriously about it. But I -certainly shall not run away, now that you have asked me to stop. You -don't really mind, Basil, do you? You have often told me that you -liked your sitters to have some one to chat to." - -Hallward bit his lip. "If Dorian wishes it, of course you must stay. -Dorian's whims are laws to everybody, except himself." - -Lord Henry took up his hat and gloves. "You are very pressing, Basil, -but I am afraid I must go. I have promised to meet a man at the -Orleans. Good-bye, Mr. Gray. Come and see me some afternoon in Curzon -Street. I am nearly always at home at five o'clock. Write to me when -you are coming. I should be sorry to miss you." - -"Basil," cried Dorian Gray, "if Lord Henry Wotton goes, I shall go, -too. You never open your lips while you are painting, and it is -horribly dull standing on a platform and trying to look pleasant. Ask -him to stay. I insist upon it." - -"Stay, Harry, to oblige Dorian, and to oblige me," said Hallward, -gazing intently at his picture. "It is quite true, I never talk when I -am working, and never listen either, and it must be dreadfully tedious -for my unfortunate sitters. I beg you to stay." - -"But what about my man at the Orleans?" - -The painter laughed. "I don't think there will be any difficulty about -that. Sit down again, Harry. And now, Dorian, get up on the platform, -and don't move about too much, or pay any attention to what Lord Henry -says. He has a very bad influence over all his friends, with the -single exception of myself." - -Dorian Gray stepped up on the dais with the air of a young Greek -martyr, and made a little _moue_ of discontent to Lord Henry, to whom he -had rather taken a fancy. He was so unlike Basil. They made a -delightful contrast. And he had such a beautiful voice. After a few -moments he said to him, "Have you really a very bad influence, Lord -Henry? As bad as Basil says?" - -"There is no such thing as a good influence, Mr. Gray. All influence -is immoral--immoral from the scientific point of view." - -"Why?" - -"Because to influence a person is to give him one's own soul. He does -not think his natural thoughts, or burn with his natural passions. His -virtues are not real to him. His sins, if there are such things as -sins, are borrowed. He becomes an echo of some one else's music, an -actor of a part that has not been written for him. The aim of life is -self-development. To realize one's nature perfectly--that is what each -of us is here for. People are afraid of themselves, nowadays. They -have forgotten the highest of all duties, the duty that one owes to -one's self. Of course, they are charitable. They feed the hungry and -clothe the beggar. But their own souls starve, and are naked. Courage -has gone out of our race. Perhaps we never really had it. The terror -of society, which is the basis of morals, the terror of God, which is -the secret of religion--these are the two things that govern us. And -yet--" - -"Just turn your head a little more to the right, Dorian, like a good -boy," said the painter, deep in his work and conscious only that a look -had come into the lad's face that he had never seen there before. - -"And yet," continued Lord Henry, in his low, musical voice, and with -that graceful wave of the hand that was always so characteristic of -him, and that he had even in his Eton days, "I believe that if one man -were to live out his life fully and completely, were to give form to -every feeling, expression to every thought, reality to every dream--I -believe that the world would gain such a fresh impulse of joy that we -would forget all the maladies of mediaevalism, and return to the -Hellenic ideal--to something finer, richer than the Hellenic ideal, it -may be. But the bravest man amongst us is afraid of himself. The -mutilation of the savage has its tragic survival in the self-denial -that mars our lives. We are punished for our refusals. Every impulse -that we strive to strangle broods in the mind and poisons us. The body -sins once, and has done with its sin, for action is a mode of -purification. Nothing remains then but the recollection of a pleasure, -or the luxury of a regret. The only way to get rid of a temptation is -to yield to it. Resist it, and your soul grows sick with longing for -the things it has forbidden to itself, with desire for what its -monstrous laws have made monstrous and unlawful. It has been said that -the great events of the world take place in the brain. It is in the -brain, and the brain only, that the great sins of the world take place -also. You, Mr. Gray, you yourself, with your rose-red youth and your -rose-white boyhood, you have had passions that have made you afraid, -thoughts that have filled you with terror, day-dreams and sleeping -dreams whose mere memory might stain your cheek with shame--" - -"Stop!" faltered Dorian Gray, "stop! you bewilder me. I don't know -what to say. There is some answer to you, but I cannot find it. Don't -speak. Let me think. Or, rather, let me try not to think." - -For nearly ten minutes he stood there, motionless, with parted lips and -eyes strangely bright. He was dimly conscious that entirely fresh -influences were at work within him. Yet they seemed to him to have -come really from himself. The few words that Basil's friend had said -to him--words spoken by chance, no doubt, and with wilful paradox in -them--had touched some secret chord that had never been touched before, -but that he felt was now vibrating and throbbing to curious pulses. - -Music had stirred him like that. Music had troubled him many times. -But music was not articulate. It was not a new world, but rather -another chaos, that it created in us. Words! Mere words! How -terrible they were! How clear, and vivid, and cruel! One could not -escape from them. And yet what a subtle magic there was in them! They -seemed to be able to give a plastic form to formless things, and to -have a music of their own as sweet as that of viol or of lute. Mere -words! Was there anything so real as words? - -Yes; there had been things in his boyhood that he had not understood. -He understood them now. Life suddenly became fiery-coloured to him. -It seemed to him that he had been walking in fire. Why had he not -known it? - -With his subtle smile, Lord Henry watched him. He knew the precise -psychological moment when to say nothing. He felt intensely -interested. He was amazed at the sudden impression that his words had -produced, and, remembering a book that he had read when he was sixteen, -a book which had revealed to him much that he had not known before, he -wondered whether Dorian Gray was passing through a similar experience. -He had merely shot an arrow into the air. Had it hit the mark? How -fascinating the lad was! - -Hallward painted away with that marvellous bold touch of his, that had -the true refinement and perfect delicacy that in art, at any rate comes -only from strength. He was unconscious of the silence. - -"Basil, I am tired of standing," cried Dorian Gray suddenly. "I must -go out and sit in the garden. The air is stifling here." - -"My dear fellow, I am so sorry. When I am painting, I can't think of -anything else. But you never sat better. You were perfectly still. -And I have caught the effect I wanted--the half-parted lips and the -bright look in the eyes. I don't know what Harry has been saying to -you, but he has certainly made you have the most wonderful expression. -I suppose he has been paying you compliments. You mustn't believe a -word that he says." - -"He has certainly not been paying me compliments. Perhaps that is the -reason that I don't believe anything he has told me." - -"You know you believe it all," said Lord Henry, looking at him with his -dreamy languorous eyes. "I will go out to the garden with you. It is -horribly hot in the studio. Basil, let us have something iced to -drink, something with strawberries in it." - -"Certainly, Harry. Just touch the bell, and when Parker comes I will -tell him what you want. I have got to work up this background, so I -will join you later on. Don't keep Dorian too long. I have never been -in better form for painting than I am to-day. This is going to be my -masterpiece. It is my masterpiece as it stands." - -Lord Henry went out to the garden and found Dorian Gray burying his -face in the great cool lilac-blossoms, feverishly drinking in their -perfume as if it had been wine. He came close to him and put his hand -upon his shoulder. "You are quite right to do that," he murmured. -"Nothing can cure the soul but the senses, just as nothing can cure the -senses but the soul." - -The lad started and drew back. He was bareheaded, and the leaves had -tossed his rebellious curls and tangled all their gilded threads. -There was a look of fear in his eyes, such as people have when they are -suddenly awakened. His finely chiselled nostrils quivered, and some -hidden nerve shook the scarlet of his lips and left them trembling. - -"Yes," continued Lord Henry, "that is one of the great secrets of -life--to cure the soul by means of the senses, and the senses by means -of the soul. You are a wonderful creation. You know more than you -think you know, just as you know less than you want to know." - -Dorian Gray frowned and turned his head away. He could not help liking -the tall, graceful young man who was standing by him. His romantic, -olive-coloured face and worn expression interested him. There was -something in his low languid voice that was absolutely fascinating. -His cool, white, flowerlike hands, even, had a curious charm. They -moved, as he spoke, like music, and seemed to have a language of their -own. But he felt afraid of him, and ashamed of being afraid. Why had -it been left for a stranger to reveal him to himself? He had known -Basil Hallward for months, but the friendship between them had never -altered him. Suddenly there had come some one across his life who -seemed to have disclosed to him life's mystery. And, yet, what was -there to be afraid of? He was not a schoolboy or a girl. It was -absurd to be frightened. - -"Let us go and sit in the shade," said Lord Henry. "Parker has brought -out the drinks, and if you stay any longer in this glare, you will be -quite spoiled, and Basil will never paint you again. You really must -not allow yourself to become sunburnt. It would be unbecoming." - -"What can it matter?" cried Dorian Gray, laughing, as he sat down on -the seat at the end of the garden. - -"It should matter everything to you, Mr. Gray." - -"Why?" - -"Because you have the most marvellous youth, and youth is the one thing -worth having." - -"I don't feel that, Lord Henry." - -"No, you don't feel it now. Some day, when you are old and wrinkled -and ugly, when thought has seared your forehead with its lines, and -passion branded your lips with its hideous fires, you will feel it, you -will feel it terribly. Now, wherever you go, you charm the world. -Will it always be so? ... You have a wonderfully beautiful face, Mr. -Gray. Don't frown. You have. And beauty is a form of genius--is -higher, indeed, than genius, as it needs no explanation. It is of the -great facts of the world, like sunlight, or spring-time, or the -reflection in dark waters of that silver shell we call the moon. It -cannot be questioned. It has its divine right of sovereignty. It -makes princes of those who have it. You smile? Ah! when you have lost -it you won't smile.... People say sometimes that beauty is only -superficial. That may be so, but at least it is not so superficial as -thought is. To me, beauty is the wonder of wonders. It is only -shallow people who do not judge by appearances. The true mystery of -the world is the visible, not the invisible.... Yes, Mr. Gray, the -gods have been good to you. But what the gods give they quickly take -away. You have only a few years in which to live really, perfectly, -and fully. When your youth goes, your beauty will go with it, and then -you will suddenly discover that there are no triumphs left for you, or -have to content yourself with those mean triumphs that the memory of -your past will make more bitter than defeats. Every month as it wanes -brings you nearer to something dreadful. Time is jealous of you, and -wars against your lilies and your roses. You will become sallow, and -hollow-cheeked, and dull-eyed. You will suffer horribly.... Ah! -realize your youth while you have it. Don't squander the gold of your -days, listening to the tedious, trying to improve the hopeless failure, -or giving away your life to the ignorant, the common, and the vulgar. -These are the sickly aims, the false ideals, of our age. Live! Live -the wonderful life that is in you! Let nothing be lost upon you. Be -always searching for new sensations. Be afraid of nothing.... A new -Hedonism--that is what our century wants. You might be its visible -symbol. With your personality there is nothing you could not do. The -world belongs to you for a season.... The moment I met you I saw that -you were quite unconscious of what you really are, of what you really -might be. There was so much in you that charmed me that I felt I must -tell you something about yourself. I thought how tragic it would be if -you were wasted. For there is such a little time that your youth will -last--such a little time. The common hill-flowers wither, but they -blossom again. The laburnum will be as yellow next June as it is now. -In a month there will be purple stars on the clematis, and year after -year the green night of its leaves will hold its purple stars. But we -never get back our youth. The pulse of joy that beats in us at twenty -becomes sluggish. Our limbs fail, our senses rot. We degenerate into -hideous puppets, haunted by the memory of the passions of which we were -too much afraid, and the exquisite temptations that we had not the -courage to yield to. Youth! Youth! There is absolutely nothing in -the world but youth!" - -Dorian Gray listened, open-eyed and wondering. The spray of lilac fell -from his hand upon the gravel. A furry bee came and buzzed round it -for a moment. Then it began to scramble all over the oval stellated -globe of the tiny blossoms. He watched it with that strange interest -in trivial things that we try to develop when things of high import -make us afraid, or when we are stirred by some new emotion for which we -cannot find expression, or when some thought that terrifies us lays -sudden siege to the brain and calls on us to yield. After a time the -bee flew away. He saw it creeping into the stained trumpet of a Tyrian -convolvulus. The flower seemed to quiver, and then swayed gently to -and fro. - -Suddenly the painter appeared at the door of the studio and made -staccato signs for them to come in. They turned to each other and -smiled. - -"I am waiting," he cried. "Do come in. The light is quite perfect, -and you can bring your drinks." - -They rose up and sauntered down the walk together. Two green-and-white -butterflies fluttered past them, and in the pear-tree at the corner of -the garden a thrush began to sing. - -"You are glad you have met me, Mr. Gray," said Lord Henry, looking at -him. - -"Yes, I am glad now. I wonder shall I always be glad?" - -"Always! That is a dreadful word. It makes me shudder when I hear it. -Women are so fond of using it. They spoil every romance by trying to -make it last for ever. It is a meaningless word, too. The only -difference between a caprice and a lifelong passion is that the caprice -lasts a little longer." - -As they entered the studio, Dorian Gray put his hand upon Lord Henry's -arm. "In that case, let our friendship be a caprice," he murmured, -flushing at his own boldness, then stepped up on the platform and -resumed his pose. - -Lord Henry flung himself into a large wicker arm-chair and watched him. -The sweep and dash of the brush on the canvas made the only sound that -broke the stillness, except when, now and then, Hallward stepped back -to look at his work from a distance. In the slanting beams that -streamed through the open doorway the dust danced and was golden. The -heavy scent of the roses seemed to brood over everything. - -After about a quarter of an hour Hallward stopped painting, looked for -a long time at Dorian Gray, and then for a long time at the picture, -biting the end of one of his huge brushes and frowning. "It is quite -finished," he cried at last, and stooping down he wrote his name in -long vermilion letters on the left-hand corner of the canvas. - -Lord Henry came over and examined the picture. It was certainly a -wonderful work of art, and a wonderful likeness as well. - -"My dear fellow, I congratulate you most warmly," he said. "It is the -finest portrait of modern times. Mr. Gray, come over and look at -yourself." - -The lad started, as if awakened from some dream. - -"Is it really finished?" he murmured, stepping down from the platform. - -"Quite finished," said the painter. "And you have sat splendidly -to-day. I am awfully obliged to you." - -"That is entirely due to me," broke in Lord Henry. "Isn't it, Mr. -Gray?" - -Dorian made no answer, but passed listlessly in front of his picture -and turned towards it. When he saw it he drew back, and his cheeks -flushed for a moment with pleasure. A look of joy came into his eyes, -as if he had recognized himself for the first time. He stood there -motionless and in wonder, dimly conscious that Hallward was speaking to -him, but not catching the meaning of his words. The sense of his own -beauty came on him like a revelation. He had never felt it before. -Basil Hallward's compliments had seemed to him to be merely the -charming exaggeration of friendship. He had listened to them, laughed -at them, forgotten them. They had not influenced his nature. Then had -come Lord Henry Wotton with his strange panegyric on youth, his -terrible warning of its brevity. That had stirred him at the time, and -now, as he stood gazing at the shadow of his own loveliness, the full -reality of the description flashed across him. Yes, there would be a -day when his face would be wrinkled and wizen, his eyes dim and -colourless, the grace of his figure broken and deformed. The scarlet -would pass away from his lips and the gold steal from his hair. The -life that was to make his soul would mar his body. He would become -dreadful, hideous, and uncouth. - -As he thought of it, a sharp pang of pain struck through him like a -knife and made each delicate fibre of his nature quiver. His eyes -deepened into amethyst, and across them came a mist of tears. He felt -as if a hand of ice had been laid upon his heart. - -"Don't you like it?" cried Hallward at last, stung a little by the -lad's silence, not understanding what it meant. - -"Of course he likes it," said Lord Henry. "Who wouldn't like it? It -is one of the greatest things in modern art. I will give you anything -you like to ask for it. I must have it." - -"It is not my property, Harry." - -"Whose property is it?" - -"Dorian's, of course," answered the painter. - -"He is a very lucky fellow." - -"How sad it is!" murmured Dorian Gray with his eyes still fixed upon -his own portrait. "How sad it is! I shall grow old, and horrible, and -dreadful. But this picture will remain always young. It will never be -older than this particular day of June.... If it were only the other -way! If it were I who was to be always young, and the picture that was -to grow old! For that--for that--I would give everything! Yes, there -is nothing in the whole world I would not give! I would give my soul -for that!" - -"You would hardly care for such an arrangement, Basil," cried Lord -Henry, laughing. "It would be rather hard lines on your work." - -"I should object very strongly, Harry," said Hallward. - -Dorian Gray turned and looked at him. "I believe you would, Basil. -You like your art better than your friends. I am no more to you than a -green bronze figure. Hardly as much, I dare say." - -The painter stared in amazement. It was so unlike Dorian to speak like -that. What had happened? He seemed quite angry. His face was flushed -and his cheeks burning. - -"Yes," he continued, "I am less to you than your ivory Hermes or your -silver Faun. You will like them always. How long will you like me? -Till I have my first wrinkle, I suppose. I know, now, that when one -loses one's good looks, whatever they may be, one loses everything. -Your picture has taught me that. Lord Henry Wotton is perfectly right. -Youth is the only thing worth having. When I find that I am growing -old, I shall kill myself." - -Hallward turned pale and caught his hand. "Dorian! Dorian!" he cried, -"don't talk like that. I have never had such a friend as you, and I -shall never have such another. You are not jealous of material things, -are you?--you who are finer than any of them!" - -"I am jealous of everything whose beauty does not die. I am jealous of -the portrait you have painted of me. Why should it keep what I must -lose? Every moment that passes takes something from me and gives -something to it. Oh, if it were only the other way! If the picture -could change, and I could be always what I am now! Why did you paint -it? It will mock me some day--mock me horribly!" The hot tears welled -into his eyes; he tore his hand away and, flinging himself on the -divan, he buried his face in the cushions, as though he was praying. - -"This is your doing, Harry," said the painter bitterly. - -Lord Henry shrugged his shoulders. "It is the real Dorian Gray--that -is all." - -"It is not." - -"If it is not, what have I to do with it?" - -"You should have gone away when I asked you," he muttered. - -"I stayed when you asked me," was Lord Henry's answer. - -"Harry, I can't quarrel with my two best friends at once, but between -you both you have made me hate the finest piece of work I have ever -done, and I will destroy it. What is it but canvas and colour? I will -not let it come across our three lives and mar them." - -Dorian Gray lifted his golden head from the pillow, and with pallid -face and tear-stained eyes, looked at him as he walked over to the deal -painting-table that was set beneath the high curtained window. What -was he doing there? His fingers were straying about among the litter -of tin tubes and dry brushes, seeking for something. Yes, it was for -the long palette-knife, with its thin blade of lithe steel. He had -found it at last. He was going to rip up the canvas. - -With a stifled sob the lad leaped from the couch, and, rushing over to -Hallward, tore the knife out of his hand, and flung it to the end of -the studio. "Don't, Basil, don't!" he cried. "It would be murder!" - -"I am glad you appreciate my work at last, Dorian," said the painter -coldly when he had recovered from his surprise. "I never thought you -would." - -"Appreciate it? I am in love with it, Basil. It is part of myself. I -feel that." - -"Well, as soon as you are dry, you shall be varnished, and framed, and -sent home. Then you can do what you like with yourself." And he walked -across the room and rang the bell for tea. "You will have tea, of -course, Dorian? And so will you, Harry? Or do you object to such -simple pleasures?" - -"I adore simple pleasures," said Lord Henry. "They are the last refuge -of the complex. But I don't like scenes, except on the stage. What -absurd fellows you are, both of you! I wonder who it was defined man -as a rational animal. It was the most premature definition ever given. -Man is many things, but he is not rational. I am glad he is not, after -all--though I wish you chaps would not squabble over the picture. You -had much better let me have it, Basil. This silly boy doesn't really -want it, and I really do." - -"If you let any one have it but me, Basil, I shall never forgive you!" -cried Dorian Gray; "and I don't allow people to call me a silly boy." - -"You know the picture is yours, Dorian. I gave it to you before it -existed." - -"And you know you have been a little silly, Mr. Gray, and that you -don't really object to being reminded that you are extremely young." - -"I should have objected very strongly this morning, Lord Henry." - -"Ah! this morning! You have lived since then." - -There came a knock at the door, and the butler entered with a laden -tea-tray and set it down upon a small Japanese table. There was a -rattle of cups and saucers and the hissing of a fluted Georgian urn. -Two globe-shaped china dishes were brought in by a page. Dorian Gray -went over and poured out the tea. The two men sauntered languidly to -the table and examined what was under the covers. - -"Let us go to the theatre to-night," said Lord Henry. "There is sure -to be something on, somewhere. I have promised to dine at White's, but -it is only with an old friend, so I can send him a wire to say that I -am ill, or that I am prevented from coming in consequence of a -subsequent engagement. I think that would be a rather nice excuse: it -would have all the surprise of candour." - -"It is such a bore putting on one's dress-clothes," muttered Hallward. -"And, when one has them on, they are so horrid." - -"Yes," answered Lord Henry dreamily, "the costume of the nineteenth -century is detestable. It is so sombre, so depressing. Sin is the -only real colour-element left in modern life." - -"You really must not say things like that before Dorian, Harry." - -"Before which Dorian? The one who is pouring out tea for us, or the -one in the picture?" - -"Before either." - -"I should like to come to the theatre with you, Lord Henry," said the -lad. - -"Then you shall come; and you will come, too, Basil, won't you?" - -"I can't, really. I would sooner not. I have a lot of work to do." - -"Well, then, you and I will go alone, Mr. Gray." - -"I should like that awfully." - -The painter bit his lip and walked over, cup in hand, to the picture. -"I shall stay with the real Dorian," he said, sadly. - -"Is it the real Dorian?" cried the original of the portrait, strolling -across to him. "Am I really like that?" - -"Yes; you are just like that." - -"How wonderful, Basil!" - -"At least you are like it in appearance. But it will never alter," -sighed Hallward. "That is something." - -"What a fuss people make about fidelity!" exclaimed Lord Henry. "Why, -even in love it is purely a question for physiology. It has nothing to -do with our own will. Young men want to be faithful, and are not; old -men want to be faithless, and cannot: that is all one can say." - -"Don't go to the theatre to-night, Dorian," said Hallward. "Stop and -dine with me." - -"I can't, Basil." - -"Why?" - -"Because I have promised Lord Henry Wotton to go with him." - -"He won't like you the better for keeping your promises. He always -breaks his own. I beg you not to go." - -Dorian Gray laughed and shook his head. - -"I entreat you." - -The lad hesitated, and looked over at Lord Henry, who was watching them -from the tea-table with an amused smile. - -"I must go, Basil," he answered. - -"Very well," said Hallward, and he went over and laid down his cup on -the tray. "It is rather late, and, as you have to dress, you had -better lose no time. Good-bye, Harry. Good-bye, Dorian. Come and see -me soon. Come to-morrow." - -"Certainly." - -"You won't forget?" - -"No, of course not," cried Dorian. - -"And ... Harry!" - -"Yes, Basil?" - -"Remember what I asked you, when we were in the garden this morning." - -"I have forgotten it." - -"I trust you." - -"I wish I could trust myself," said Lord Henry, laughing. "Come, Mr. -Gray, my hansom is outside, and I can drop you at your own place. -Good-bye, Basil. It has been a most interesting afternoon." - -As the door closed behind them, the painter flung himself down on a -sofa, and a look of pain came into his face. - - - -CHAPTER 3 - -At half-past twelve next day Lord Henry Wotton strolled from Curzon -Street over to the Albany to call on his uncle, Lord Fermor, a genial -if somewhat rough-mannered old bachelor, whom the outside world called -selfish because it derived no particular benefit from him, but who was -considered generous by Society as he fed the people who amused him. -His father had been our ambassador at Madrid when Isabella was young -and Prim unthought of, but had retired from the diplomatic service in a -capricious moment of annoyance on not being offered the Embassy at -Paris, a post to which he considered that he was fully entitled by -reason of his birth, his indolence, the good English of his dispatches, -and his inordinate passion for pleasure. The son, who had been his -father's secretary, had resigned along with his chief, somewhat -foolishly as was thought at the time, and on succeeding some months -later to the title, had set himself to the serious study of the great -aristocratic art of doing absolutely nothing. He had two large town -houses, but preferred to live in chambers as it was less trouble, and -took most of his meals at his club. He paid some attention to the -management of his collieries in the Midland counties, excusing himself -for this taint of industry on the ground that the one advantage of -having coal was that it enabled a gentleman to afford the decency of -burning wood on his own hearth. In politics he was a Tory, except when -the Tories were in office, during which period he roundly abused them -for being a pack of Radicals. He was a hero to his valet, who bullied -him, and a terror to most of his relations, whom he bullied in turn. -Only England could have produced him, and he always said that the -country was going to the dogs. His principles were out of date, but -there was a good deal to be said for his prejudices. - -When Lord Henry entered the room, he found his uncle sitting in a rough -shooting-coat, smoking a cheroot and grumbling over _The Times_. "Well, -Harry," said the old gentleman, "what brings you out so early? I -thought you dandies never got up till two, and were not visible till -five." - -"Pure family affection, I assure you, Uncle George. I want to get -something out of you." - -"Money, I suppose," said Lord Fermor, making a wry face. "Well, sit -down and tell me all about it. Young people, nowadays, imagine that -money is everything." - -"Yes," murmured Lord Henry, settling his button-hole in his coat; "and -when they grow older they know it. But I don't want money. It is only -people who pay their bills who want that, Uncle George, and I never pay -mine. Credit is the capital of a younger son, and one lives charmingly -upon it. Besides, I always deal with Dartmoor's tradesmen, and -consequently they never bother me. What I want is information: not -useful information, of course; useless information." - -"Well, I can tell you anything that is in an English Blue Book, Harry, -although those fellows nowadays write a lot of nonsense. When I was in -the Diplomatic, things were much better. But I hear they let them in -now by examination. What can you expect? Examinations, sir, are pure -humbug from beginning to end. If a man is a gentleman, he knows quite -enough, and if he is not a gentleman, whatever he knows is bad for him." - -"Mr. Dorian Gray does not belong to Blue Books, Uncle George," said -Lord Henry languidly. - -"Mr. Dorian Gray? Who is he?" asked Lord Fermor, knitting his bushy -white eyebrows. - -"That is what I have come to learn, Uncle George. Or rather, I know -who he is. He is the last Lord Kelso's grandson. His mother was a -Devereux, Lady Margaret Devereux. I want you to tell me about his -mother. What was she like? Whom did she marry? You have known nearly -everybody in your time, so you might have known her. I am very much -interested in Mr. Gray at present. I have only just met him." - -"Kelso's grandson!" echoed the old gentleman. "Kelso's grandson! ... -Of course.... I knew his mother intimately. I believe I was at her -christening. She was an extraordinarily beautiful girl, Margaret -Devereux, and made all the men frantic by running away with a penniless -young fellow--a mere nobody, sir, a subaltern in a foot regiment, or -something of that kind. Certainly. I remember the whole thing as if -it happened yesterday. The poor chap was killed in a duel at Spa a few -months after the marriage. There was an ugly story about it. They -said Kelso got some rascally adventurer, some Belgian brute, to insult -his son-in-law in public--paid him, sir, to do it, paid him--and that -the fellow spitted his man as if he had been a pigeon. The thing was -hushed up, but, egad, Kelso ate his chop alone at the club for some -time afterwards. He brought his daughter back with him, I was told, -and she never spoke to him again. Oh, yes; it was a bad business. The -girl died, too, died within a year. So she left a son, did she? I had -forgotten that. What sort of boy is he? If he is like his mother, he -must be a good-looking chap." - -"He is very good-looking," assented Lord Henry. - -"I hope he will fall into proper hands," continued the old man. "He -should have a pot of money waiting for him if Kelso did the right thing -by him. His mother had money, too. All the Selby property came to -her, through her grandfather. Her grandfather hated Kelso, thought him -a mean dog. He was, too. Came to Madrid once when I was there. Egad, -I was ashamed of him. The Queen used to ask me about the English noble -who was always quarrelling with the cabmen about their fares. They -made quite a story of it. I didn't dare show my face at Court for a -month. I hope he treated his grandson better than he did the jarvies." - -"I don't know," answered Lord Henry. "I fancy that the boy will be -well off. He is not of age yet. He has Selby, I know. He told me so. -And ... his mother was very beautiful?" - -"Margaret Devereux was one of the loveliest creatures I ever saw, -Harry. What on earth induced her to behave as she did, I never could -understand. She could have married anybody she chose. Carlington was -mad after her. She was romantic, though. All the women of that family -were. The men were a poor lot, but, egad! the women were wonderful. -Carlington went on his knees to her. Told me so himself. She laughed -at him, and there wasn't a girl in London at the time who wasn't after -him. And by the way, Harry, talking about silly marriages, what is -this humbug your father tells me about Dartmoor wanting to marry an -American? Ain't English girls good enough for him?" - -"It is rather fashionable to marry Americans just now, Uncle George." - -"I'll back English women against the world, Harry," said Lord Fermor, -striking the table with his fist. - -"The betting is on the Americans." - -"They don't last, I am told," muttered his uncle. - -"A long engagement exhausts them, but they are capital at a -steeplechase. They take things flying. I don't think Dartmoor has a -chance." - -"Who are her people?" grumbled the old gentleman. "Has she got any?" - -Lord Henry shook his head. "American girls are as clever at concealing -their parents, as English women are at concealing their past," he said, -rising to go. - -"They are pork-packers, I suppose?" - -"I hope so, Uncle George, for Dartmoor's sake. I am told that -pork-packing is the most lucrative profession in America, after -politics." - -"Is she pretty?" - -"She behaves as if she was beautiful. Most American women do. It is -the secret of their charm." - -"Why can't these American women stay in their own country? They are -always telling us that it is the paradise for women." - -"It is. That is the reason why, like Eve, they are so excessively -anxious to get out of it," said Lord Henry. "Good-bye, Uncle George. -I shall be late for lunch, if I stop any longer. Thanks for giving me -the information I wanted. I always like to know everything about my -new friends, and nothing about my old ones." - -"Where are you lunching, Harry?" - -"At Aunt Agatha's. I have asked myself and Mr. Gray. He is her latest -_protege_." - -"Humph! tell your Aunt Agatha, Harry, not to bother me any more with -her charity appeals. I am sick of them. Why, the good woman thinks -that I have nothing to do but to write cheques for her silly fads." - -"All right, Uncle George, I'll tell her, but it won't have any effect. -Philanthropic people lose all sense of humanity. It is their -distinguishing characteristic." - -The old gentleman growled approvingly and rang the bell for his -servant. Lord Henry passed up the low arcade into Burlington Street -and turned his steps in the direction of Berkeley Square. - -So that was the story of Dorian Gray's parentage. Crudely as it had -been told to him, it had yet stirred him by its suggestion of a -strange, almost modern romance. A beautiful woman risking everything -for a mad passion. A few wild weeks of happiness cut short by a -hideous, treacherous crime. Months of voiceless agony, and then a -child born in pain. The mother snatched away by death, the boy left to -solitude and the tyranny of an old and loveless man. Yes; it was an -interesting background. It posed the lad, made him more perfect, as it -were. Behind every exquisite thing that existed, there was something -tragic. Worlds had to be in travail, that the meanest flower might -blow.... And how charming he had been at dinner the night before, as -with startled eyes and lips parted in frightened pleasure he had sat -opposite to him at the club, the red candleshades staining to a richer -rose the wakening wonder of his face. Talking to him was like playing -upon an exquisite violin. He answered to every touch and thrill of the -bow.... There was something terribly enthralling in the exercise of -influence. No other activity was like it. To project one's soul into -some gracious form, and let it tarry there for a moment; to hear one's -own intellectual views echoed back to one with all the added music of -passion and youth; to convey one's temperament into another as though -it were a subtle fluid or a strange perfume: there was a real joy in -that--perhaps the most satisfying joy left to us in an age so limited -and vulgar as our own, an age grossly carnal in its pleasures, and -grossly common in its aims.... He was a marvellous type, too, this lad, -whom by so curious a chance he had met in Basil's studio, or could be -fashioned into a marvellous type, at any rate. Grace was his, and the -white purity of boyhood, and beauty such as old Greek marbles kept for -us. There was nothing that one could not do with him. He could be -made a Titan or a toy. What a pity it was that such beauty was -destined to fade! ... And Basil? From a psychological point of view, -how interesting he was! The new manner in art, the fresh mode of -looking at life, suggested so strangely by the merely visible presence -of one who was unconscious of it all; the silent spirit that dwelt in -dim woodland, and walked unseen in open field, suddenly showing -herself, Dryadlike and not afraid, because in his soul who sought for -her there had been wakened that wonderful vision to which alone are -wonderful things revealed; the mere shapes and patterns of things -becoming, as it were, refined, and gaining a kind of symbolical value, -as though they were themselves patterns of some other and more perfect -form whose shadow they made real: how strange it all was! He -remembered something like it in history. Was it not Plato, that artist -in thought, who had first analyzed it? Was it not Buonarotti who had -carved it in the coloured marbles of a sonnet-sequence? But in our own -century it was strange.... Yes; he would try to be to Dorian Gray -what, without knowing it, the lad was to the painter who had fashioned -the wonderful portrait. He would seek to dominate him--had already, -indeed, half done so. He would make that wonderful spirit his own. -There was something fascinating in this son of love and death. - -Suddenly he stopped and glanced up at the houses. He found that he had -passed his aunt's some distance, and, smiling to himself, turned back. -When he entered the somewhat sombre hall, the butler told him that they -had gone in to lunch. He gave one of the footmen his hat and stick and -passed into the dining-room. - -"Late as usual, Harry," cried his aunt, shaking her head at him. - -He invented a facile excuse, and having taken the vacant seat next to -her, looked round to see who was there. Dorian bowed to him shyly from -the end of the table, a flush of pleasure stealing into his cheek. -Opposite was the Duchess of Harley, a lady of admirable good-nature and -good temper, much liked by every one who knew her, and of those ample -architectural proportions that in women who are not duchesses are -described by contemporary historians as stoutness. Next to her sat, on -her right, Sir Thomas Burdon, a Radical member of Parliament, who -followed his leader in public life and in private life followed the -best cooks, dining with the Tories and thinking with the Liberals, in -accordance with a wise and well-known rule. The post on her left was -occupied by Mr. Erskine of Treadley, an old gentleman of considerable -charm and culture, who had fallen, however, into bad habits of silence, -having, as he explained once to Lady Agatha, said everything that he -had to say before he was thirty. His own neighbour was Mrs. Vandeleur, -one of his aunt's oldest friends, a perfect saint amongst women, but so -dreadfully dowdy that she reminded one of a badly bound hymn-book. -Fortunately for him she had on the other side Lord Faudel, a most -intelligent middle-aged mediocrity, as bald as a ministerial statement -in the House of Commons, with whom she was conversing in that intensely -earnest manner which is the one unpardonable error, as he remarked once -himself, that all really good people fall into, and from which none of -them ever quite escape. - -"We are talking about poor Dartmoor, Lord Henry," cried the duchess, -nodding pleasantly to him across the table. "Do you think he will -really marry this fascinating young person?" - -"I believe she has made up her mind to propose to him, Duchess." - -"How dreadful!" exclaimed Lady Agatha. "Really, some one should -interfere." - -"I am told, on excellent authority, that her father keeps an American -dry-goods store," said Sir Thomas Burdon, looking supercilious. - -"My uncle has already suggested pork-packing, Sir Thomas." - -"Dry-goods! What are American dry-goods?" asked the duchess, raising -her large hands in wonder and accentuating the verb. - -"American novels," answered Lord Henry, helping himself to some quail. - -The duchess looked puzzled. - -"Don't mind him, my dear," whispered Lady Agatha. "He never means -anything that he says." - -"When America was discovered," said the Radical member--and he began to -give some wearisome facts. Like all people who try to exhaust a -subject, he exhausted his listeners. The duchess sighed and exercised -her privilege of interruption. "I wish to goodness it never had been -discovered at all!" she exclaimed. "Really, our girls have no chance -nowadays. It is most unfair." - -"Perhaps, after all, America never has been discovered," said Mr. -Erskine; "I myself would say that it had merely been detected." - -"Oh! but I have seen specimens of the inhabitants," answered the -duchess vaguely. "I must confess that most of them are extremely -pretty. And they dress well, too. They get all their dresses in -Paris. I wish I could afford to do the same." - -"They say that when good Americans die they go to Paris," chuckled Sir -Thomas, who had a large wardrobe of Humour's cast-off clothes. - -"Really! And where do bad Americans go to when they die?" inquired the -duchess. - -"They go to America," murmured Lord Henry. - -Sir Thomas frowned. "I am afraid that your nephew is prejudiced -against that great country," he said to Lady Agatha. "I have travelled -all over it in cars provided by the directors, who, in such matters, -are extremely civil. I assure you that it is an education to visit it." - -"But must we really see Chicago in order to be educated?" asked Mr. -Erskine plaintively. "I don't feel up to the journey." - -Sir Thomas waved his hand. "Mr. Erskine of Treadley has the world on -his shelves. We practical men like to see things, not to read about -them. The Americans are an extremely interesting people. They are -absolutely reasonable. I think that is their distinguishing -characteristic. Yes, Mr. Erskine, an absolutely reasonable people. I -assure you there is no nonsense about the Americans." - -"How dreadful!" cried Lord Henry. "I can stand brute force, but brute -reason is quite unbearable. There is something unfair about its use. -It is hitting below the intellect." - -"I do not understand you," said Sir Thomas, growing rather red. - -"I do, Lord Henry," murmured Mr. Erskine, with a smile. - -"Paradoxes are all very well in their way...." rejoined the baronet. - -"Was that a paradox?" asked Mr. Erskine. "I did not think so. Perhaps -it was. Well, the way of paradoxes is the way of truth. To test -reality we must see it on the tight rope. When the verities become -acrobats, we can judge them." - -"Dear me!" said Lady Agatha, "how you men argue! I am sure I never can -make out what you are talking about. Oh! Harry, I am quite vexed with -you. Why do you try to persuade our nice Mr. Dorian Gray to give up -the East End? I assure you he would be quite invaluable. They would -love his playing." - -"I want him to play to me," cried Lord Henry, smiling, and he looked -down the table and caught a bright answering glance. - -"But they are so unhappy in Whitechapel," continued Lady Agatha. - -"I can sympathize with everything except suffering," said Lord Henry, -shrugging his shoulders. "I cannot sympathize with that. It is too -ugly, too horrible, too distressing. There is something terribly -morbid in the modern sympathy with pain. One should sympathize with -the colour, the beauty, the joy of life. The less said about life's -sores, the better." - -"Still, the East End is a very important problem," remarked Sir Thomas -with a grave shake of the head. - -"Quite so," answered the young lord. "It is the problem of slavery, -and we try to solve it by amusing the slaves." - -The politician looked at him keenly. "What change do you propose, -then?" he asked. - -Lord Henry laughed. "I don't desire to change anything in England -except the weather," he answered. "I am quite content with philosophic -contemplation. But, as the nineteenth century has gone bankrupt -through an over-expenditure of sympathy, I would suggest that we should -appeal to science to put us straight. The advantage of the emotions is -that they lead us astray, and the advantage of science is that it is -not emotional." - -"But we have such grave responsibilities," ventured Mrs. Vandeleur -timidly. - -"Terribly grave," echoed Lady Agatha. - -Lord Henry looked over at Mr. Erskine. "Humanity takes itself too -seriously. It is the world's original sin. If the caveman had known -how to laugh, history would have been different." - -"You are really very comforting," warbled the duchess. "I have always -felt rather guilty when I came to see your dear aunt, for I take no -interest at all in the East End. For the future I shall be able to -look her in the face without a blush." - -"A blush is very becoming, Duchess," remarked Lord Henry. - -"Only when one is young," she answered. "When an old woman like myself -blushes, it is a very bad sign. Ah! Lord Henry, I wish you would tell -me how to become young again." - -He thought for a moment. "Can you remember any great error that you -committed in your early days, Duchess?" he asked, looking at her across -the table. - -"A great many, I fear," she cried. - -"Then commit them over again," he said gravely. "To get back one's -youth, one has merely to repeat one's follies." - -"A delightful theory!" she exclaimed. "I must put it into practice." - -"A dangerous theory!" came from Sir Thomas's tight lips. Lady Agatha -shook her head, but could not help being amused. Mr. Erskine listened. - -"Yes," he continued, "that is one of the great secrets of life. -Nowadays most people die of a sort of creeping common sense, and -discover when it is too late that the only things one never regrets are -one's mistakes." - -A laugh ran round the table. - -He played with the idea and grew wilful; tossed it into the air and -transformed it; let it escape and recaptured it; made it iridescent -with fancy and winged it with paradox. The praise of folly, as he went -on, soared into a philosophy, and philosophy herself became young, and -catching the mad music of pleasure, wearing, one might fancy, her -wine-stained robe and wreath of ivy, danced like a Bacchante over the -hills of life, and mocked the slow Silenus for being sober. Facts fled -before her like frightened forest things. Her white feet trod the huge -press at which wise Omar sits, till the seething grape-juice rose round -her bare limbs in waves of purple bubbles, or crawled in red foam over -the vat's black, dripping, sloping sides. It was an extraordinary -improvisation. He felt that the eyes of Dorian Gray were fixed on him, -and the consciousness that amongst his audience there was one whose -temperament he wished to fascinate seemed to give his wit keenness and -to lend colour to his imagination. He was brilliant, fantastic, -irresponsible. He charmed his listeners out of themselves, and they -followed his pipe, laughing. Dorian Gray never took his gaze off him, -but sat like one under a spell, smiles chasing each other over his lips -and wonder growing grave in his darkening eyes. - -At last, liveried in the costume of the age, reality entered the room -in the shape of a servant to tell the duchess that her carriage was -waiting. She wrung her hands in mock despair. "How annoying!" she -cried. "I must go. I have to call for my husband at the club, to take -him to some absurd meeting at Willis's Rooms, where he is going to be -in the chair. If I am late he is sure to be furious, and I couldn't -have a scene in this bonnet. It is far too fragile. A harsh word -would ruin it. No, I must go, dear Agatha. Good-bye, Lord Henry, you -are quite delightful and dreadfully demoralizing. I am sure I don't -know what to say about your views. You must come and dine with us some -night. Tuesday? Are you disengaged Tuesday?" - -"For you I would throw over anybody, Duchess," said Lord Henry with a -bow. - -"Ah! that is very nice, and very wrong of you," she cried; "so mind you -come"; and she swept out of the room, followed by Lady Agatha and the -other ladies. - -When Lord Henry had sat down again, Mr. Erskine moved round, and taking -a chair close to him, placed his hand upon his arm. - -"You talk books away," he said; "why don't you write one?" - -"I am too fond of reading books to care to write them, Mr. Erskine. I -should like to write a novel certainly, a novel that would be as lovely -as a Persian carpet and as unreal. But there is no literary public in -England for anything except newspapers, primers, and encyclopaedias. -Of all people in the world the English have the least sense of the -beauty of literature." - -"I fear you are right," answered Mr. Erskine. "I myself used to have -literary ambitions, but I gave them up long ago. And now, my dear -young friend, if you will allow me to call you so, may I ask if you -really meant all that you said to us at lunch?" - -"I quite forget what I said," smiled Lord Henry. "Was it all very bad?" - -"Very bad indeed. In fact I consider you extremely dangerous, and if -anything happens to our good duchess, we shall all look on you as being -primarily responsible. But I should like to talk to you about life. -The generation into which I was born was tedious. Some day, when you -are tired of London, come down to Treadley and expound to me your -philosophy of pleasure over some admirable Burgundy I am fortunate -enough to possess." - -"I shall be charmed. A visit to Treadley would be a great privilege. -It has a perfect host, and a perfect library." - -"You will complete it," answered the old gentleman with a courteous -bow. "And now I must bid good-bye to your excellent aunt. I am due at -the Athenaeum. It is the hour when we sleep there." - -"All of you, Mr. Erskine?" - -"Forty of us, in forty arm-chairs. We are practising for an English -Academy of Letters." - -Lord Henry laughed and rose. "I am going to the park," he cried. - -As he was passing out of the door, Dorian Gray touched him on the arm. -"Let me come with you," he murmured. - -"But I thought you had promised Basil Hallward to go and see him," -answered Lord Henry. - -"I would sooner come with you; yes, I feel I must come with you. Do -let me. And you will promise to talk to me all the time? No one talks -so wonderfully as you do." - -"Ah! I have talked quite enough for to-day," said Lord Henry, smiling. -"All I want now is to look at life. You may come and look at it with -me, if you care to." - - - -CHAPTER 4 - -One afternoon, a month later, Dorian Gray was reclining in a luxurious -arm-chair, in the little library of Lord Henry's house in Mayfair. It -was, in its way, a very charming room, with its high panelled -wainscoting of olive-stained oak, its cream-coloured frieze and ceiling -of raised plasterwork, and its brickdust felt carpet strewn with silk, -long-fringed Persian rugs. On a tiny satinwood table stood a statuette -by Clodion, and beside it lay a copy of Les Cent Nouvelles, bound for -Margaret of Valois by Clovis Eve and powdered with the gilt daisies -that Queen had selected for her device. Some large blue china jars and -parrot-tulips were ranged on the mantelshelf, and through the small -leaded panes of the window streamed the apricot-coloured light of a -summer day in London. - -Lord Henry had not yet come in. He was always late on principle, his -principle being that punctuality is the thief of time. So the lad was -looking rather sulky, as with listless fingers he turned over the pages -of an elaborately illustrated edition of Manon Lescaut that he had -found in one of the book-cases. The formal monotonous ticking of the -Louis Quatorze clock annoyed him. Once or twice he thought of going -away. - -At last he heard a step outside, and the door opened. "How late you -are, Harry!" he murmured. - -"I am afraid it is not Harry, Mr. Gray," answered a shrill voice. - -He glanced quickly round and rose to his feet. "I beg your pardon. I -thought--" - -"You thought it was my husband. It is only his wife. You must let me -introduce myself. I know you quite well by your photographs. I think -my husband has got seventeen of them." - -"Not seventeen, Lady Henry?" - -"Well, eighteen, then. And I saw you with him the other night at the -opera." She laughed nervously as she spoke, and watched him with her -vague forget-me-not eyes. She was a curious woman, whose dresses -always looked as if they had been designed in a rage and put on in a -tempest. She was usually in love with somebody, and, as her passion -was never returned, she had kept all her illusions. She tried to look -picturesque, but only succeeded in being untidy. Her name was -Victoria, and she had a perfect mania for going to church. - -"That was at Lohengrin, Lady Henry, I think?" - -"Yes; it was at dear Lohengrin. I like Wagner's music better than -anybody's. It is so loud that one can talk the whole time without other -people hearing what one says. That is a great advantage, don't you -think so, Mr. Gray?" - -The same nervous staccato laugh broke from her thin lips, and her -fingers began to play with a long tortoise-shell paper-knife. - -Dorian smiled and shook his head: "I am afraid I don't think so, Lady -Henry. I never talk during music--at least, during good music. If one -hears bad music, it is one's duty to drown it in conversation." - -"Ah! that is one of Harry's views, isn't it, Mr. Gray? I always hear -Harry's views from his friends. It is the only way I get to know of -them. But you must not think I don't like good music. I adore it, but -I am afraid of it. It makes me too romantic. I have simply worshipped -pianists--two at a time, sometimes, Harry tells me. I don't know what -it is about them. Perhaps it is that they are foreigners. They all -are, ain't they? Even those that are born in England become foreigners -after a time, don't they? It is so clever of them, and such a -compliment to art. Makes it quite cosmopolitan, doesn't it? You have -never been to any of my parties, have you, Mr. Gray? You must come. I -can't afford orchids, but I spare no expense in foreigners. They make -one's rooms look so picturesque. But here is Harry! Harry, I came in -to look for you, to ask you something--I forget what it was--and I -found Mr. Gray here. We have had such a pleasant chat about music. We -have quite the same ideas. No; I think our ideas are quite different. -But he has been most pleasant. I am so glad I've seen him." - -"I am charmed, my love, quite charmed," said Lord Henry, elevating his -dark, crescent-shaped eyebrows and looking at them both with an amused -smile. "So sorry I am late, Dorian. I went to look after a piece of -old brocade in Wardour Street and had to bargain for hours for it. -Nowadays people know the price of everything and the value of nothing." - -"I am afraid I must be going," exclaimed Lady Henry, breaking an -awkward silence with her silly sudden laugh. "I have promised to drive -with the duchess. Good-bye, Mr. Gray. Good-bye, Harry. You are -dining out, I suppose? So am I. Perhaps I shall see you at Lady -Thornbury's." - -"I dare say, my dear," said Lord Henry, shutting the door behind her -as, looking like a bird of paradise that had been out all night in the -rain, she flitted out of the room, leaving a faint odour of -frangipanni. Then he lit a cigarette and flung himself down on the -sofa. - -"Never marry a woman with straw-coloured hair, Dorian," he said after a -few puffs. - -"Why, Harry?" - -"Because they are so sentimental." - -"But I like sentimental people." - -"Never marry at all, Dorian. Men marry because they are tired; women, -because they are curious: both are disappointed." - -"I don't think I am likely to marry, Harry. I am too much in love. -That is one of your aphorisms. I am putting it into practice, as I do -everything that you say." - -"Who are you in love with?" asked Lord Henry after a pause. - -"With an actress," said Dorian Gray, blushing. - -Lord Henry shrugged his shoulders. "That is a rather commonplace -_debut_." - -"You would not say so if you saw her, Harry." - -"Who is she?" - -"Her name is Sibyl Vane." - -"Never heard of her." - -"No one has. People will some day, however. She is a genius." - -"My dear boy, no woman is a genius. Women are a decorative sex. They -never have anything to say, but they say it charmingly. Women -represent the triumph of matter over mind, just as men represent the -triumph of mind over morals." - -"Harry, how can you?" - -"My dear Dorian, it is quite true. I am analysing women at present, so -I ought to know. The subject is not so abstruse as I thought it was. -I find that, ultimately, there are only two kinds of women, the plain -and the coloured. The plain women are very useful. If you want to -gain a reputation for respectability, you have merely to take them down -to supper. The other women are very charming. They commit one -mistake, however. They paint in order to try and look young. Our -grandmothers painted in order to try and talk brilliantly. _Rouge_ and -_esprit_ used to go together. That is all over now. As long as a woman -can look ten years younger than her own daughter, she is perfectly -satisfied. As for conversation, there are only five women in London -worth talking to, and two of these can't be admitted into decent -society. However, tell me about your genius. How long have you known -her?" - -"Ah! Harry, your views terrify me." - -"Never mind that. How long have you known her?" - -"About three weeks." - -"And where did you come across her?" - -"I will tell you, Harry, but you mustn't be unsympathetic about it. -After all, it never would have happened if I had not met you. You -filled me with a wild desire to know everything about life. For days -after I met you, something seemed to throb in my veins. As I lounged -in the park, or strolled down Piccadilly, I used to look at every one -who passed me and wonder, with a mad curiosity, what sort of lives they -led. Some of them fascinated me. Others filled me with terror. There -was an exquisite poison in the air. I had a passion for sensations.... -Well, one evening about seven o'clock, I determined to go out in search -of some adventure. I felt that this grey monstrous London of ours, -with its myriads of people, its sordid sinners, and its splendid sins, -as you once phrased it, must have something in store for me. I fancied -a thousand things. The mere danger gave me a sense of delight. I -remembered what you had said to me on that wonderful evening when we -first dined together, about the search for beauty being the real secret -of life. I don't know what I expected, but I went out and wandered -eastward, soon losing my way in a labyrinth of grimy streets and black -grassless squares. About half-past eight I passed by an absurd little -theatre, with great flaring gas-jets and gaudy play-bills. A hideous -Jew, in the most amazing waistcoat I ever beheld in my life, was -standing at the entrance, smoking a vile cigar. He had greasy -ringlets, and an enormous diamond blazed in the centre of a soiled -shirt. 'Have a box, my Lord?' he said, when he saw me, and he took off -his hat with an air of gorgeous servility. There was something about -him, Harry, that amused me. He was such a monster. You will laugh at -me, I know, but I really went in and paid a whole guinea for the -stage-box. To the present day I can't make out why I did so; and yet if -I hadn't--my dear Harry, if I hadn't--I should have missed the greatest -romance of my life. I see you are laughing. It is horrid of you!" - -"I am not laughing, Dorian; at least I am not laughing at you. But you -should not say the greatest romance of your life. You should say the -first romance of your life. You will always be loved, and you will -always be in love with love. A _grande passion_ is the privilege of -people who have nothing to do. That is the one use of the idle classes -of a country. Don't be afraid. There are exquisite things in store -for you. This is merely the beginning." - -"Do you think my nature so shallow?" cried Dorian Gray angrily. - -"No; I think your nature so deep." - -"How do you mean?" - -"My dear boy, the people who love only once in their lives are really -the shallow people. What they call their loyalty, and their fidelity, -I call either the lethargy of custom or their lack of imagination. -Faithfulness is to the emotional life what consistency is to the life -of the intellect--simply a confession of failure. Faithfulness! I -must analyse it some day. The passion for property is in it. There -are many things that we would throw away if we were not afraid that -others might pick them up. But I don't want to interrupt you. Go on -with your story." - -"Well, I found myself seated in a horrid little private box, with a -vulgar drop-scene staring me in the face. I looked out from behind the -curtain and surveyed the house. It was a tawdry affair, all Cupids and -cornucopias, like a third-rate wedding-cake. The gallery and pit were -fairly full, but the two rows of dingy stalls were quite empty, and -there was hardly a person in what I suppose they called the -dress-circle. Women went about with oranges and ginger-beer, and there -was a terrible consumption of nuts going on." - -"It must have been just like the palmy days of the British drama." - -"Just like, I should fancy, and very depressing. I began to wonder -what on earth I should do when I caught sight of the play-bill. What -do you think the play was, Harry?" - -"I should think 'The Idiot Boy', or 'Dumb but Innocent'. Our fathers -used to like that sort of piece, I believe. The longer I live, Dorian, -the more keenly I feel that whatever was good enough for our fathers is -not good enough for us. In art, as in politics, _les grandperes ont -toujours tort_." - -"This play was good enough for us, Harry. It was Romeo and Juliet. I -must admit that I was rather annoyed at the idea of seeing Shakespeare -done in such a wretched hole of a place. Still, I felt interested, in -a sort of way. At any rate, I determined to wait for the first act. -There was a dreadful orchestra, presided over by a young Hebrew who sat -at a cracked piano, that nearly drove me away, but at last the -drop-scene was drawn up and the play began. Romeo was a stout elderly -gentleman, with corked eyebrows, a husky tragedy voice, and a figure -like a beer-barrel. Mercutio was almost as bad. He was played by the -low-comedian, who had introduced gags of his own and was on most -friendly terms with the pit. They were both as grotesque as the -scenery, and that looked as if it had come out of a country-booth. But -Juliet! Harry, imagine a girl, hardly seventeen years of age, with a -little, flowerlike face, a small Greek head with plaited coils of -dark-brown hair, eyes that were violet wells of passion, lips that were -like the petals of a rose. She was the loveliest thing I had ever seen -in my life. You said to me once that pathos left you unmoved, but that -beauty, mere beauty, could fill your eyes with tears. I tell you, -Harry, I could hardly see this girl for the mist of tears that came -across me. And her voice--I never heard such a voice. It was very low -at first, with deep mellow notes that seemed to fall singly upon one's -ear. Then it became a little louder, and sounded like a flute or a -distant hautboy. In the garden-scene it had all the tremulous ecstasy -that one hears just before dawn when nightingales are singing. There -were moments, later on, when it had the wild passion of violins. You -know how a voice can stir one. Your voice and the voice of Sibyl Vane -are two things that I shall never forget. When I close my eyes, I hear -them, and each of them says something different. I don't know which to -follow. Why should I not love her? Harry, I do love her. She is -everything to me in life. Night after night I go to see her play. One -evening she is Rosalind, and the next evening she is Imogen. I have -seen her die in the gloom of an Italian tomb, sucking the poison from -her lover's lips. I have watched her wandering through the forest of -Arden, disguised as a pretty boy in hose and doublet and dainty cap. -She has been mad, and has come into the presence of a guilty king, and -given him rue to wear and bitter herbs to taste of. She has been -innocent, and the black hands of jealousy have crushed her reedlike -throat. I have seen her in every age and in every costume. Ordinary -women never appeal to one's imagination. They are limited to their -century. No glamour ever transfigures them. One knows their minds as -easily as one knows their bonnets. One can always find them. There is -no mystery in any of them. They ride in the park in the morning and -chatter at tea-parties in the afternoon. They have their stereotyped -smile and their fashionable manner. They are quite obvious. But an -actress! How different an actress is! Harry! why didn't you tell me -that the only thing worth loving is an actress?" - -"Because I have loved so many of them, Dorian." - -"Oh, yes, horrid people with dyed hair and painted faces." - -"Don't run down dyed hair and painted faces. There is an extraordinary -charm in them, sometimes," said Lord Henry. - -"I wish now I had not told you about Sibyl Vane." - -"You could not have helped telling me, Dorian. All through your life -you will tell me everything you do." - -"Yes, Harry, I believe that is true. I cannot help telling you things. -You have a curious influence over me. If I ever did a crime, I would -come and confess it to you. You would understand me." - -"People like you--the wilful sunbeams of life--don't commit crimes, -Dorian. But I am much obliged for the compliment, all the same. And -now tell me--reach me the matches, like a good boy--thanks--what are -your actual relations with Sibyl Vane?" - -Dorian Gray leaped to his feet, with flushed cheeks and burning eyes. -"Harry! Sibyl Vane is sacred!" - -"It is only the sacred things that are worth touching, Dorian," said -Lord Henry, with a strange touch of pathos in his voice. "But why -should you be annoyed? I suppose she will belong to you some day. -When one is in love, one always begins by deceiving one's self, and one -always ends by deceiving others. That is what the world calls a -romance. You know her, at any rate, I suppose?" - -"Of course I know her. On the first night I was at the theatre, the -horrid old Jew came round to the box after the performance was over and -offered to take me behind the scenes and introduce me to her. I was -furious with him, and told him that Juliet had been dead for hundreds -of years and that her body was lying in a marble tomb in Verona. I -think, from his blank look of amazement, that he was under the -impression that I had taken too much champagne, or something." - -"I am not surprised." - -"Then he asked me if I wrote for any of the newspapers. I told him I -never even read them. He seemed terribly disappointed at that, and -confided to me that all the dramatic critics were in a conspiracy -against him, and that they were every one of them to be bought." - -"I should not wonder if he was quite right there. But, on the other -hand, judging from their appearance, most of them cannot be at all -expensive." - -"Well, he seemed to think they were beyond his means," laughed Dorian. -"By this time, however, the lights were being put out in the theatre, -and I had to go. He wanted me to try some cigars that he strongly -recommended. I declined. The next night, of course, I arrived at the -place again. When he saw me, he made me a low bow and assured me that -I was a munificent patron of art. He was a most offensive brute, -though he had an extraordinary passion for Shakespeare. He told me -once, with an air of pride, that his five bankruptcies were entirely -due to 'The Bard,' as he insisted on calling him. He seemed to think -it a distinction." - -"It was a distinction, my dear Dorian--a great distinction. Most -people become bankrupt through having invested too heavily in the prose -of life. To have ruined one's self over poetry is an honour. But when -did you first speak to Miss Sibyl Vane?" - -"The third night. She had been playing Rosalind. I could not help -going round. I had thrown her some flowers, and she had looked at -me--at least I fancied that she had. The old Jew was persistent. He -seemed determined to take me behind, so I consented. It was curious my -not wanting to know her, wasn't it?" - -"No; I don't think so." - -"My dear Harry, why?" - -"I will tell you some other time. Now I want to know about the girl." - -"Sibyl? Oh, she was so shy and so gentle. There is something of a -child about her. Her eyes opened wide in exquisite wonder when I told -her what I thought of her performance, and she seemed quite unconscious -of her power. I think we were both rather nervous. The old Jew stood -grinning at the doorway of the dusty greenroom, making elaborate -speeches about us both, while we stood looking at each other like -children. He would insist on calling me 'My Lord,' so I had to assure -Sibyl that I was not anything of the kind. She said quite simply to -me, 'You look more like a prince. I must call you Prince Charming.'" - -"Upon my word, Dorian, Miss Sibyl knows how to pay compliments." - -"You don't understand her, Harry. She regarded me merely as a person -in a play. She knows nothing of life. She lives with her mother, a -faded tired woman who played Lady Capulet in a sort of magenta -dressing-wrapper on the first night, and looks as if she had seen -better days." - -"I know that look. It depresses me," murmured Lord Henry, examining -his rings. - -"The Jew wanted to tell me her history, but I said it did not interest -me." - -"You were quite right. There is always something infinitely mean about -other people's tragedies." - -"Sibyl is the only thing I care about. What is it to me where she came -from? From her little head to her little feet, she is absolutely and -entirely divine. Every night of my life I go to see her act, and every -night she is more marvellous." - -"That is the reason, I suppose, that you never dine with me now. I -thought you must have some curious romance on hand. You have; but it -is not quite what I expected." - -"My dear Harry, we either lunch or sup together every day, and I have -been to the opera with you several times," said Dorian, opening his -blue eyes in wonder. - -"You always come dreadfully late." - -"Well, I can't help going to see Sibyl play," he cried, "even if it is -only for a single act. I get hungry for her presence; and when I think -of the wonderful soul that is hidden away in that little ivory body, I -am filled with awe." - -"You can dine with me to-night, Dorian, can't you?" - -He shook his head. "To-night she is Imogen," he answered, "and -to-morrow night she will be Juliet." - -"When is she Sibyl Vane?" - -"Never." - -"I congratulate you." - -"How horrid you are! She is all the great heroines of the world in -one. She is more than an individual. You laugh, but I tell you she -has genius. I love her, and I must make her love me. You, who know -all the secrets of life, tell me how to charm Sibyl Vane to love me! I -want to make Romeo jealous. I want the dead lovers of the world to -hear our laughter and grow sad. I want a breath of our passion to stir -their dust into consciousness, to wake their ashes into pain. My God, -Harry, how I worship her!" He was walking up and down the room as he -spoke. Hectic spots of red burned on his cheeks. He was terribly -excited. - -Lord Henry watched him with a subtle sense of pleasure. How different -he was now from the shy frightened boy he had met in Basil Hallward's -studio! His nature had developed like a flower, had borne blossoms of -scarlet flame. Out of its secret hiding-place had crept his soul, and -desire had come to meet it on the way. - -"And what do you propose to do?" said Lord Henry at last. - -"I want you and Basil to come with me some night and see her act. I -have not the slightest fear of the result. You are certain to -acknowledge her genius. Then we must get her out of the Jew's hands. -She is bound to him for three years--at least for two years and eight -months--from the present time. I shall have to pay him something, of -course. When all that is settled, I shall take a West End theatre and -bring her out properly. She will make the world as mad as she has made -me." - -"That would be impossible, my dear boy." - -"Yes, she will. She has not merely art, consummate art-instinct, in -her, but she has personality also; and you have often told me that it -is personalities, not principles, that move the age." - -"Well, what night shall we go?" - -"Let me see. To-day is Tuesday. Let us fix to-morrow. She plays -Juliet to-morrow." - -"All right. The Bristol at eight o'clock; and I will get Basil." - -"Not eight, Harry, please. Half-past six. We must be there before the -curtain rises. You must see her in the first act, where she meets -Romeo." - -"Half-past six! What an hour! It will be like having a meat-tea, or -reading an English novel. It must be seven. No gentleman dines before -seven. Shall you see Basil between this and then? Or shall I write to -him?" - -"Dear Basil! I have not laid eyes on him for a week. It is rather -horrid of me, as he has sent me my portrait in the most wonderful -frame, specially designed by himself, and, though I am a little jealous -of the picture for being a whole month younger than I am, I must admit -that I delight in it. Perhaps you had better write to him. I don't -want to see him alone. He says things that annoy me. He gives me good -advice." - -Lord Henry smiled. "People are very fond of giving away what they need -most themselves. It is what I call the depth of generosity." - -"Oh, Basil is the best of fellows, but he seems to me to be just a bit -of a Philistine. Since I have known you, Harry, I have discovered -that." - -"Basil, my dear boy, puts everything that is charming in him into his -work. The consequence is that he has nothing left for life but his -prejudices, his principles, and his common sense. The only artists I -have ever known who are personally delightful are bad artists. Good -artists exist simply in what they make, and consequently are perfectly -uninteresting in what they are. A great poet, a really great poet, is -the most unpoetical of all creatures. But inferior poets are -absolutely fascinating. The worse their rhymes are, the more -picturesque they look. The mere fact of having published a book of -second-rate sonnets makes a man quite irresistible. He lives the -poetry that he cannot write. The others write the poetry that they -dare not realize." - -"I wonder is that really so, Harry?" said Dorian Gray, putting some -perfume on his handkerchief out of a large, gold-topped bottle that -stood on the table. "It must be, if you say it. And now I am off. -Imogen is waiting for me. Don't forget about to-morrow. Good-bye." - -As he left the room, Lord Henry's heavy eyelids drooped, and he began -to think. Certainly few people had ever interested him so much as -Dorian Gray, and yet the lad's mad adoration of some one else caused -him not the slightest pang of annoyance or jealousy. He was pleased by -it. It made him a more interesting study. He had been always -enthralled by the methods of natural science, but the ordinary -subject-matter of that science had seemed to him trivial and of no -import. And so he had begun by vivisecting himself, as he had ended by -vivisecting others. Human life--that appeared to him the one thing -worth investigating. Compared to it there was nothing else of any -value. It was true that as one watched life in its curious crucible of -pain and pleasure, one could not wear over one's face a mask of glass, -nor keep the sulphurous fumes from troubling the brain and making the -imagination turbid with monstrous fancies and misshapen dreams. There -were poisons so subtle that to know their properties one had to sicken -of them. There were maladies so strange that one had to pass through -them if one sought to understand their nature. And, yet, what a great -reward one received! How wonderful the whole world became to one! To -note the curious hard logic of passion, and the emotional coloured life -of the intellect--to observe where they met, and where they separated, -at what point they were in unison, and at what point they were at -discord--there was a delight in that! What matter what the cost was? -One could never pay too high a price for any sensation. - -He was conscious--and the thought brought a gleam of pleasure into his -brown agate eyes--that it was through certain words of his, musical -words said with musical utterance, that Dorian Gray's soul had turned -to this white girl and bowed in worship before her. To a large extent -the lad was his own creation. He had made him premature. That was -something. Ordinary people waited till life disclosed to them its -secrets, but to the few, to the elect, the mysteries of life were -revealed before the veil was drawn away. Sometimes this was the effect -of art, and chiefly of the art of literature, which dealt immediately -with the passions and the intellect. But now and then a complex -personality took the place and assumed the office of art, was indeed, -in its way, a real work of art, life having its elaborate masterpieces, -just as poetry has, or sculpture, or painting. - -Yes, the lad was premature. He was gathering his harvest while it was -yet spring. The pulse and passion of youth were in him, but he was -becoming self-conscious. It was delightful to watch him. With his -beautiful face, and his beautiful soul, he was a thing to wonder at. -It was no matter how it all ended, or was destined to end. He was like -one of those gracious figures in a pageant or a play, whose joys seem -to be remote from one, but whose sorrows stir one's sense of beauty, -and whose wounds are like red roses. - -Soul and body, body and soul--how mysterious they were! There was -animalism in the soul, and the body had its moments of spirituality. -The senses could refine, and the intellect could degrade. Who could -say where the fleshly impulse ceased, or the psychical impulse began? -How shallow were the arbitrary definitions of ordinary psychologists! -And yet how difficult to decide between the claims of the various -schools! Was the soul a shadow seated in the house of sin? Or was the -body really in the soul, as Giordano Bruno thought? The separation of -spirit from matter was a mystery, and the union of spirit with matter -was a mystery also. - -He began to wonder whether we could ever make psychology so absolute a -science that each little spring of life would be revealed to us. As it -was, we always misunderstood ourselves and rarely understood others. -Experience was of no ethical value. It was merely the name men gave to -their mistakes. Moralists had, as a rule, regarded it as a mode of -warning, had claimed for it a certain ethical efficacy in the formation -of character, had praised it as something that taught us what to follow -and showed us what to avoid. But there was no motive power in -experience. It was as little of an active cause as conscience itself. -All that it really demonstrated was that our future would be the same -as our past, and that the sin we had done once, and with loathing, we -would do many times, and with joy. - -It was clear to him that the experimental method was the only method by -which one could arrive at any scientific analysis of the passions; and -certainly Dorian Gray was a subject made to his hand, and seemed to -promise rich and fruitful results. His sudden mad love for Sibyl Vane -was a psychological phenomenon of no small interest. There was no -doubt that curiosity had much to do with it, curiosity and the desire -for new experiences, yet it was not a simple, but rather a very complex -passion. What there was in it of the purely sensuous instinct of -boyhood had been transformed by the workings of the imagination, -changed into something that seemed to the lad himself to be remote from -sense, and was for that very reason all the more dangerous. It was the -passions about whose origin we deceived ourselves that tyrannized most -strongly over us. Our weakest motives were those of whose nature we -were conscious. It often happened that when we thought we were -experimenting on others we were really experimenting on ourselves. - -While Lord Henry sat dreaming on these things, a knock came to the -door, and his valet entered and reminded him it was time to dress for -dinner. He got up and looked out into the street. The sunset had -smitten into scarlet gold the upper windows of the houses opposite. -The panes glowed like plates of heated metal. The sky above was like a -faded rose. He thought of his friend's young fiery-coloured life and -wondered how it was all going to end. - -When he arrived home, about half-past twelve o'clock, he saw a telegram -lying on the hall table. He opened it and found it was from Dorian -Gray. It was to tell him that he was engaged to be married to Sibyl -Vane. - - - -CHAPTER 5 - -"Mother, Mother, I am so happy!" whispered the girl, burying her face -in the lap of the faded, tired-looking woman who, with back turned to -the shrill intrusive light, was sitting in the one arm-chair that their -dingy sitting-room contained. "I am so happy!" she repeated, "and you -must be happy, too!" - -Mrs. Vane winced and put her thin, bismuth-whitened hands on her -daughter's head. "Happy!" she echoed, "I am only happy, Sibyl, when I -see you act. You must not think of anything but your acting. Mr. -Isaacs has been very good to us, and we owe him money." - -The girl looked up and pouted. "Money, Mother?" she cried, "what does -money matter? Love is more than money." - -"Mr. Isaacs has advanced us fifty pounds to pay off our debts and to -get a proper outfit for James. You must not forget that, Sibyl. Fifty -pounds is a very large sum. Mr. Isaacs has been most considerate." - -"He is not a gentleman, Mother, and I hate the way he talks to me," -said the girl, rising to her feet and going over to the window. - -"I don't know how we could manage without him," answered the elder -woman querulously. - -Sibyl Vane tossed her head and laughed. "We don't want him any more, -Mother. Prince Charming rules life for us now." Then she paused. A -rose shook in her blood and shadowed her cheeks. Quick breath parted -the petals of her lips. They trembled. Some southern wind of passion -swept over her and stirred the dainty folds of her dress. "I love -him," she said simply. - -"Foolish child! foolish child!" was the parrot-phrase flung in answer. -The waving of crooked, false-jewelled fingers gave grotesqueness to the -words. - -The girl laughed again. The joy of a caged bird was in her voice. Her -eyes caught the melody and echoed it in radiance, then closed for a -moment, as though to hide their secret. When they opened, the mist of -a dream had passed across them. - -Thin-lipped wisdom spoke at her from the worn chair, hinted at -prudence, quoted from that book of cowardice whose author apes the name -of common sense. She did not listen. She was free in her prison of -passion. Her prince, Prince Charming, was with her. She had called on -memory to remake him. She had sent her soul to search for him, and it -had brought him back. His kiss burned again upon her mouth. Her -eyelids were warm with his breath. - -Then wisdom altered its method and spoke of espial and discovery. This -young man might be rich. If so, marriage should be thought of. -Against the shell of her ear broke the waves of worldly cunning. The -arrows of craft shot by her. She saw the thin lips moving, and smiled. - -Suddenly she felt the need to speak. The wordy silence troubled her. -"Mother, Mother," she cried, "why does he love me so much? I know why -I love him. I love him because he is like what love himself should be. -But what does he see in me? I am not worthy of him. And yet--why, I -cannot tell--though I feel so much beneath him, I don't feel humble. I -feel proud, terribly proud. Mother, did you love my father as I love -Prince Charming?" - -The elder woman grew pale beneath the coarse powder that daubed her -cheeks, and her dry lips twitched with a spasm of pain. Sybil rushed -to her, flung her arms round her neck, and kissed her. "Forgive me, -Mother. I know it pains you to talk about our father. But it only -pains you because you loved him so much. Don't look so sad. I am as -happy to-day as you were twenty years ago. Ah! let me be happy for -ever!" - -"My child, you are far too young to think of falling in love. Besides, -what do you know of this young man? You don't even know his name. The -whole thing is most inconvenient, and really, when James is going away -to Australia, and I have so much to think of, I must say that you -should have shown more consideration. However, as I said before, if he -is rich ..." - -"Ah! Mother, Mother, let me be happy!" - -Mrs. Vane glanced at her, and with one of those false theatrical -gestures that so often become a mode of second nature to a -stage-player, clasped her in her arms. At this moment, the door opened -and a young lad with rough brown hair came into the room. He was -thick-set of figure, and his hands and feet were large and somewhat -clumsy in movement. He was not so finely bred as his sister. One -would hardly have guessed the close relationship that existed between -them. Mrs. Vane fixed her eyes on him and intensified her smile. She -mentally elevated her son to the dignity of an audience. She felt sure -that the _tableau_ was interesting. - -"You might keep some of your kisses for me, Sibyl, I think," said the -lad with a good-natured grumble. - -"Ah! but you don't like being kissed, Jim," she cried. "You are a -dreadful old bear." And she ran across the room and hugged him. - -James Vane looked into his sister's face with tenderness. "I want you -to come out with me for a walk, Sibyl. I don't suppose I shall ever -see this horrid London again. I am sure I don't want to." - -"My son, don't say such dreadful things," murmured Mrs. Vane, taking up -a tawdry theatrical dress, with a sigh, and beginning to patch it. She -felt a little disappointed that he had not joined the group. It would -have increased the theatrical picturesqueness of the situation. - -"Why not, Mother? I mean it." - -"You pain me, my son. I trust you will return from Australia in a -position of affluence. I believe there is no society of any kind in -the Colonies--nothing that I would call society--so when you have made -your fortune, you must come back and assert yourself in London." - -"Society!" muttered the lad. "I don't want to know anything about -that. I should like to make some money to take you and Sibyl off the -stage. I hate it." - -"Oh, Jim!" said Sibyl, laughing, "how unkind of you! But are you -really going for a walk with me? That will be nice! I was afraid you -were going to say good-bye to some of your friends--to Tom Hardy, who -gave you that hideous pipe, or Ned Langton, who makes fun of you for -smoking it. It is very sweet of you to let me have your last -afternoon. Where shall we go? Let us go to the park." - -"I am too shabby," he answered, frowning. "Only swell people go to the -park." - -"Nonsense, Jim," she whispered, stroking the sleeve of his coat. - -He hesitated for a moment. "Very well," he said at last, "but don't be -too long dressing." She danced out of the door. One could hear her -singing as she ran upstairs. Her little feet pattered overhead. - -He walked up and down the room two or three times. Then he turned to -the still figure in the chair. "Mother, are my things ready?" he asked. - -"Quite ready, James," she answered, keeping her eyes on her work. For -some months past she had felt ill at ease when she was alone with this -rough stern son of hers. Her shallow secret nature was troubled when -their eyes met. She used to wonder if he suspected anything. The -silence, for he made no other observation, became intolerable to her. -She began to complain. Women defend themselves by attacking, just as -they attack by sudden and strange surrenders. "I hope you will be -contented, James, with your sea-faring life," she said. "You must -remember that it is your own choice. You might have entered a -solicitor's office. Solicitors are a very respectable class, and in -the country often dine with the best families." - -"I hate offices, and I hate clerks," he replied. "But you are quite -right. I have chosen my own life. All I say is, watch over Sibyl. -Don't let her come to any harm. Mother, you must watch over her." - -"James, you really talk very strangely. Of course I watch over Sibyl." - -"I hear a gentleman comes every night to the theatre and goes behind to -talk to her. Is that right? What about that?" - -"You are speaking about things you don't understand, James. In the -profession we are accustomed to receive a great deal of most gratifying -attention. I myself used to receive many bouquets at one time. That -was when acting was really understood. As for Sibyl, I do not know at -present whether her attachment is serious or not. But there is no -doubt that the young man in question is a perfect gentleman. He is -always most polite to me. Besides, he has the appearance of being -rich, and the flowers he sends are lovely." - -"You don't know his name, though," said the lad harshly. - -"No," answered his mother with a placid expression in her face. "He -has not yet revealed his real name. I think it is quite romantic of -him. He is probably a member of the aristocracy." - -James Vane bit his lip. "Watch over Sibyl, Mother," he cried, "watch -over her." - -"My son, you distress me very much. Sibyl is always under my special -care. Of course, if this gentleman is wealthy, there is no reason why -she should not contract an alliance with him. I trust he is one of the -aristocracy. He has all the appearance of it, I must say. It might be -a most brilliant marriage for Sibyl. They would make a charming -couple. His good looks are really quite remarkable; everybody notices -them." - -The lad muttered something to himself and drummed on the window-pane -with his coarse fingers. He had just turned round to say something -when the door opened and Sibyl ran in. - -"How serious you both are!" she cried. "What is the matter?" - -"Nothing," he answered. "I suppose one must be serious sometimes. -Good-bye, Mother; I will have my dinner at five o'clock. Everything is -packed, except my shirts, so you need not trouble." - -"Good-bye, my son," she answered with a bow of strained stateliness. - -She was extremely annoyed at the tone he had adopted with her, and -there was something in his look that had made her feel afraid. - -"Kiss me, Mother," said the girl. Her flowerlike lips touched the -withered cheek and warmed its frost. - -"My child! my child!" cried Mrs. Vane, looking up to the ceiling in -search of an imaginary gallery. - -"Come, Sibyl," said her brother impatiently. He hated his mother's -affectations. - -They went out into the flickering, wind-blown sunlight and strolled -down the dreary Euston Road. The passersby glanced in wonder at the -sullen heavy youth who, in coarse, ill-fitting clothes, was in the -company of such a graceful, refined-looking girl. He was like a common -gardener walking with a rose. - -Jim frowned from time to time when he caught the inquisitive glance of -some stranger. He had that dislike of being stared at, which comes on -geniuses late in life and never leaves the commonplace. Sibyl, -however, was quite unconscious of the effect she was producing. Her -love was trembling in laughter on her lips. She was thinking of Prince -Charming, and, that she might think of him all the more, she did not -talk of him, but prattled on about the ship in which Jim was going to -sail, about the gold he was certain to find, about the wonderful -heiress whose life he was to save from the wicked, red-shirted -bushrangers. For he was not to remain a sailor, or a supercargo, or -whatever he was going to be. Oh, no! A sailor's existence was -dreadful. Fancy being cooped up in a horrid ship, with the hoarse, -hump-backed waves trying to get in, and a black wind blowing the masts -down and tearing the sails into long screaming ribands! He was to -leave the vessel at Melbourne, bid a polite good-bye to the captain, -and go off at once to the gold-fields. Before a week was over he was to -come across a large nugget of pure gold, the largest nugget that had -ever been discovered, and bring it down to the coast in a waggon -guarded by six mounted policemen. The bushrangers were to attack them -three times, and be defeated with immense slaughter. Or, no. He was -not to go to the gold-fields at all. They were horrid places, where -men got intoxicated, and shot each other in bar-rooms, and used bad -language. He was to be a nice sheep-farmer, and one evening, as he was -riding home, he was to see the beautiful heiress being carried off by a -robber on a black horse, and give chase, and rescue her. Of course, -she would fall in love with him, and he with her, and they would get -married, and come home, and live in an immense house in London. Yes, -there were delightful things in store for him. But he must be very -good, and not lose his temper, or spend his money foolishly. She was -only a year older than he was, but she knew so much more of life. He -must be sure, also, to write to her by every mail, and to say his -prayers each night before he went to sleep. God was very good, and -would watch over him. She would pray for him, too, and in a few years -he would come back quite rich and happy. - -The lad listened sulkily to her and made no answer. He was heart-sick -at leaving home. - -Yet it was not this alone that made him gloomy and morose. -Inexperienced though he was, he had still a strong sense of the danger -of Sibyl's position. This young dandy who was making love to her could -mean her no good. He was a gentleman, and he hated him for that, hated -him through some curious race-instinct for which he could not account, -and which for that reason was all the more dominant within him. He was -conscious also of the shallowness and vanity of his mother's nature, -and in that saw infinite peril for Sibyl and Sibyl's happiness. -Children begin by loving their parents; as they grow older they judge -them; sometimes they forgive them. - -His mother! He had something on his mind to ask of her, something that -he had brooded on for many months of silence. A chance phrase that he -had heard at the theatre, a whispered sneer that had reached his ears -one night as he waited at the stage-door, had set loose a train of -horrible thoughts. He remembered it as if it had been the lash of a -hunting-crop across his face. His brows knit together into a wedge-like -furrow, and with a twitch of pain he bit his underlip. - -"You are not listening to a word I am saying, Jim," cried Sibyl, "and I -am making the most delightful plans for your future. Do say something." - -"What do you want me to say?" - -"Oh! that you will be a good boy and not forget us," she answered, -smiling at him. - -He shrugged his shoulders. "You are more likely to forget me than I am -to forget you, Sibyl." - -She flushed. "What do you mean, Jim?" she asked. - -"You have a new friend, I hear. Who is he? Why have you not told me -about him? He means you no good." - -"Stop, Jim!" she exclaimed. "You must not say anything against him. I -love him." - -"Why, you don't even know his name," answered the lad. "Who is he? I -have a right to know." - -"He is called Prince Charming. Don't you like the name. Oh! you silly -boy! you should never forget it. If you only saw him, you would think -him the most wonderful person in the world. Some day you will meet -him--when you come back from Australia. You will like him so much. -Everybody likes him, and I ... love him. I wish you could come to the -theatre to-night. He is going to be there, and I am to play Juliet. -Oh! how I shall play it! Fancy, Jim, to be in love and play Juliet! -To have him sitting there! To play for his delight! I am afraid I may -frighten the company, frighten or enthrall them. To be in love is to -surpass one's self. Poor dreadful Mr. Isaacs will be shouting 'genius' -to his loafers at the bar. He has preached me as a dogma; to-night he -will announce me as a revelation. I feel it. And it is all his, his -only, Prince Charming, my wonderful lover, my god of graces. But I am -poor beside him. Poor? What does that matter? When poverty creeps in -at the door, love flies in through the window. Our proverbs want -rewriting. They were made in winter, and it is summer now; spring-time -for me, I think, a very dance of blossoms in blue skies." - -"He is a gentleman," said the lad sullenly. - -"A prince!" she cried musically. "What more do you want?" - -"He wants to enslave you." - -"I shudder at the thought of being free." - -"I want you to beware of him." - -"To see him is to worship him; to know him is to trust him." - -"Sibyl, you are mad about him." - -She laughed and took his arm. "You dear old Jim, you talk as if you -were a hundred. Some day you will be in love yourself. Then you will -know what it is. Don't look so sulky. Surely you should be glad to -think that, though you are going away, you leave me happier than I have -ever been before. Life has been hard for us both, terribly hard and -difficult. But it will be different now. You are going to a new -world, and I have found one. Here are two chairs; let us sit down and -see the smart people go by." - -They took their seats amidst a crowd of watchers. The tulip-beds -across the road flamed like throbbing rings of fire. A white -dust--tremulous cloud of orris-root it seemed--hung in the panting air. -The brightly coloured parasols danced and dipped like monstrous -butterflies. - -She made her brother talk of himself, his hopes, his prospects. He -spoke slowly and with effort. They passed words to each other as -players at a game pass counters. Sibyl felt oppressed. She could not -communicate her joy. A faint smile curving that sullen mouth was all -the echo she could win. After some time she became silent. Suddenly -she caught a glimpse of golden hair and laughing lips, and in an open -carriage with two ladies Dorian Gray drove past. - -She started to her feet. "There he is!" she cried. - -"Who?" said Jim Vane. - -"Prince Charming," she answered, looking after the victoria. - -He jumped up and seized her roughly by the arm. "Show him to me. -Which is he? Point him out. I must see him!" he exclaimed; but at -that moment the Duke of Berwick's four-in-hand came between, and when -it had left the space clear, the carriage had swept out of the park. - -"He is gone," murmured Sibyl sadly. "I wish you had seen him." - -"I wish I had, for as sure as there is a God in heaven, if he ever does -you any wrong, I shall kill him." - -She looked at him in horror. He repeated his words. They cut the air -like a dagger. The people round began to gape. A lady standing close -to her tittered. - -"Come away, Jim; come away," she whispered. He followed her doggedly -as she passed through the crowd. He felt glad at what he had said. - -When they reached the Achilles Statue, she turned round. There was -pity in her eyes that became laughter on her lips. She shook her head -at him. "You are foolish, Jim, utterly foolish; a bad-tempered boy, -that is all. How can you say such horrible things? You don't know -what you are talking about. You are simply jealous and unkind. Ah! I -wish you would fall in love. Love makes people good, and what you said -was wicked." - -"I am sixteen," he answered, "and I know what I am about. Mother is no -help to you. She doesn't understand how to look after you. I wish now -that I was not going to Australia at all. I have a great mind to chuck -the whole thing up. I would, if my articles hadn't been signed." - -"Oh, don't be so serious, Jim. You are like one of the heroes of those -silly melodramas Mother used to be so fond of acting in. I am not -going to quarrel with you. I have seen him, and oh! to see him is -perfect happiness. We won't quarrel. I know you would never harm any -one I love, would you?" - -"Not as long as you love him, I suppose," was the sullen answer. - -"I shall love him for ever!" she cried. - -"And he?" - -"For ever, too!" - -"He had better." - -She shrank from him. Then she laughed and put her hand on his arm. He -was merely a boy. - -At the Marble Arch they hailed an omnibus, which left them close to -their shabby home in the Euston Road. It was after five o'clock, and -Sibyl had to lie down for a couple of hours before acting. Jim -insisted that she should do so. He said that he would sooner part with -her when their mother was not present. She would be sure to make a -scene, and he detested scenes of every kind. - -In Sybil's own room they parted. There was jealousy in the lad's -heart, and a fierce murderous hatred of the stranger who, as it seemed -to him, had come between them. Yet, when her arms were flung round his -neck, and her fingers strayed through his hair, he softened and kissed -her with real affection. There were tears in his eyes as he went -downstairs. - -His mother was waiting for him below. She grumbled at his -unpunctuality, as he entered. He made no answer, but sat down to his -meagre meal. The flies buzzed round the table and crawled over the -stained cloth. Through the rumble of omnibuses, and the clatter of -street-cabs, he could hear the droning voice devouring each minute that -was left to him. - -After some time, he thrust away his plate and put his head in his -hands. He felt that he had a right to know. It should have been told -to him before, if it was as he suspected. Leaden with fear, his mother -watched him. Words dropped mechanically from her lips. A tattered -lace handkerchief twitched in her fingers. When the clock struck six, -he got up and went to the door. Then he turned back and looked at her. -Their eyes met. In hers he saw a wild appeal for mercy. It enraged -him. - -"Mother, I have something to ask you," he said. Her eyes wandered -vaguely about the room. She made no answer. "Tell me the truth. I -have a right to know. Were you married to my father?" - -She heaved a deep sigh. It was a sigh of relief. The terrible moment, -the moment that night and day, for weeks and months, she had dreaded, -had come at last, and yet she felt no terror. Indeed, in some measure -it was a disappointment to her. The vulgar directness of the question -called for a direct answer. The situation had not been gradually led -up to. It was crude. It reminded her of a bad rehearsal. - -"No," she answered, wondering at the harsh simplicity of life. - -"My father was a scoundrel then!" cried the lad, clenching his fists. - -She shook her head. "I knew he was not free. We loved each other very -much. If he had lived, he would have made provision for us. Don't -speak against him, my son. He was your father, and a gentleman. -Indeed, he was highly connected." - -An oath broke from his lips. "I don't care for myself," he exclaimed, -"but don't let Sibyl.... It is a gentleman, isn't it, who is in love -with her, or says he is? Highly connected, too, I suppose." - -For a moment a hideous sense of humiliation came over the woman. Her -head drooped. She wiped her eyes with shaking hands. "Sibyl has a -mother," she murmured; "I had none." - -The lad was touched. He went towards her, and stooping down, he kissed -her. "I am sorry if I have pained you by asking about my father," he -said, "but I could not help it. I must go now. Good-bye. Don't forget -that you will have only one child now to look after, and believe me -that if this man wrongs my sister, I will find out who he is, track him -down, and kill him like a dog. I swear it." - -The exaggerated folly of the threat, the passionate gesture that -accompanied it, the mad melodramatic words, made life seem more vivid -to her. She was familiar with the atmosphere. She breathed more -freely, and for the first time for many months she really admired her -son. She would have liked to have continued the scene on the same -emotional scale, but he cut her short. Trunks had to be carried down -and mufflers looked for. The lodging-house drudge bustled in and out. -There was the bargaining with the cabman. The moment was lost in -vulgar details. It was with a renewed feeling of disappointment that -she waved the tattered lace handkerchief from the window, as her son -drove away. She was conscious that a great opportunity had been -wasted. She consoled herself by telling Sibyl how desolate she felt -her life would be, now that she had only one child to look after. She -remembered the phrase. It had pleased her. Of the threat she said -nothing. It was vividly and dramatically expressed. She felt that -they would all laugh at it some day. - - - -CHAPTER 6 - -"I suppose you have heard the news, Basil?" said Lord Henry that -evening as Hallward was shown into a little private room at the Bristol -where dinner had been laid for three. - -"No, Harry," answered the artist, giving his hat and coat to the bowing -waiter. "What is it? Nothing about politics, I hope! They don't -interest me. There is hardly a single person in the House of Commons -worth painting, though many of them would be the better for a little -whitewashing." - -"Dorian Gray is engaged to be married," said Lord Henry, watching him -as he spoke. - -Hallward started and then frowned. "Dorian engaged to be married!" he -cried. "Impossible!" - -"It is perfectly true." - -"To whom?" - -"To some little actress or other." - -"I can't believe it. Dorian is far too sensible." - -"Dorian is far too wise not to do foolish things now and then, my dear -Basil." - -"Marriage is hardly a thing that one can do now and then, Harry." - -"Except in America," rejoined Lord Henry languidly. "But I didn't say -he was married. I said he was engaged to be married. There is a great -difference. I have a distinct remembrance of being married, but I have -no recollection at all of being engaged. I am inclined to think that I -never was engaged." - -"But think of Dorian's birth, and position, and wealth. It would be -absurd for him to marry so much beneath him." - -"If you want to make him marry this girl, tell him that, Basil. He is -sure to do it, then. Whenever a man does a thoroughly stupid thing, it -is always from the noblest motives." - -"I hope the girl is good, Harry. I don't want to see Dorian tied to -some vile creature, who might degrade his nature and ruin his -intellect." - -"Oh, she is better than good--she is beautiful," murmured Lord Henry, -sipping a glass of vermouth and orange-bitters. "Dorian says she is -beautiful, and he is not often wrong about things of that kind. Your -portrait of him has quickened his appreciation of the personal -appearance of other people. It has had that excellent effect, amongst -others. We are to see her to-night, if that boy doesn't forget his -appointment." - -"Are you serious?" - -"Quite serious, Basil. I should be miserable if I thought I should -ever be more serious than I am at the present moment." - -"But do you approve of it, Harry?" asked the painter, walking up and -down the room and biting his lip. "You can't approve of it, possibly. -It is some silly infatuation." - -"I never approve, or disapprove, of anything now. It is an absurd -attitude to take towards life. We are not sent into the world to air -our moral prejudices. I never take any notice of what common people -say, and I never interfere with what charming people do. If a -personality fascinates me, whatever mode of expression that personality -selects is absolutely delightful to me. Dorian Gray falls in love with -a beautiful girl who acts Juliet, and proposes to marry her. Why not? -If he wedded Messalina, he would be none the less interesting. You -know I am not a champion of marriage. The real drawback to marriage is -that it makes one unselfish. And unselfish people are colourless. -They lack individuality. Still, there are certain temperaments that -marriage makes more complex. They retain their egotism, and add to it -many other egos. They are forced to have more than one life. They -become more highly organized, and to be highly organized is, I should -fancy, the object of man's existence. Besides, every experience is of -value, and whatever one may say against marriage, it is certainly an -experience. I hope that Dorian Gray will make this girl his wife, -passionately adore her for six months, and then suddenly become -fascinated by some one else. He would be a wonderful study." - -"You don't mean a single word of all that, Harry; you know you don't. -If Dorian Gray's life were spoiled, no one would be sorrier than -yourself. You are much better than you pretend to be." - -Lord Henry laughed. "The reason we all like to think so well of others -is that we are all afraid for ourselves. The basis of optimism is -sheer terror. We think that we are generous because we credit our -neighbour with the possession of those virtues that are likely to be a -benefit to us. We praise the banker that we may overdraw our account, -and find good qualities in the highwayman in the hope that he may spare -our pockets. I mean everything that I have said. I have the greatest -contempt for optimism. As for a spoiled life, no life is spoiled but -one whose growth is arrested. If you want to mar a nature, you have -merely to reform it. As for marriage, of course that would be silly, -but there are other and more interesting bonds between men and women. -I will certainly encourage them. They have the charm of being -fashionable. But here is Dorian himself. He will tell you more than I -can." - -"My dear Harry, my dear Basil, you must both congratulate me!" said the -lad, throwing off his evening cape with its satin-lined wings and -shaking each of his friends by the hand in turn. "I have never been so -happy. Of course, it is sudden--all really delightful things are. And -yet it seems to me to be the one thing I have been looking for all my -life." He was flushed with excitement and pleasure, and looked -extraordinarily handsome. - -"I hope you will always be very happy, Dorian," said Hallward, "but I -don't quite forgive you for not having let me know of your engagement. -You let Harry know." - -"And I don't forgive you for being late for dinner," broke in Lord -Henry, putting his hand on the lad's shoulder and smiling as he spoke. -"Come, let us sit down and try what the new _chef_ here is like, and then -you will tell us how it all came about." - -"There is really not much to tell," cried Dorian as they took their -seats at the small round table. "What happened was simply this. After -I left you yesterday evening, Harry, I dressed, had some dinner at that -little Italian restaurant in Rupert Street you introduced me to, and -went down at eight o'clock to the theatre. Sibyl was playing Rosalind. -Of course, the scenery was dreadful and the Orlando absurd. But Sibyl! -You should have seen her! When she came on in her boy's clothes, she -was perfectly wonderful. She wore a moss-coloured velvet jerkin with -cinnamon sleeves, slim, brown, cross-gartered hose, a dainty little -green cap with a hawk's feather caught in a jewel, and a hooded cloak -lined with dull red. She had never seemed to me more exquisite. She -had all the delicate grace of that Tanagra figurine that you have in -your studio, Basil. Her hair clustered round her face like dark leaves -round a pale rose. As for her acting--well, you shall see her -to-night. She is simply a born artist. I sat in the dingy box -absolutely enthralled. I forgot that I was in London and in the -nineteenth century. I was away with my love in a forest that no man -had ever seen. After the performance was over, I went behind and spoke -to her. As we were sitting together, suddenly there came into her eyes -a look that I had never seen there before. My lips moved towards hers. -We kissed each other. I can't describe to you what I felt at that -moment. It seemed to me that all my life had been narrowed to one -perfect point of rose-coloured joy. She trembled all over and shook -like a white narcissus. Then she flung herself on her knees and kissed -my hands. I feel that I should not tell you all this, but I can't help -it. Of course, our engagement is a dead secret. She has not even told -her own mother. I don't know what my guardians will say. Lord Radley -is sure to be furious. I don't care. I shall be of age in less than a -year, and then I can do what I like. I have been right, Basil, haven't -I, to take my love out of poetry and to find my wife in Shakespeare's -plays? Lips that Shakespeare taught to speak have whispered their -secret in my ear. I have had the arms of Rosalind around me, and -kissed Juliet on the mouth." - -"Yes, Dorian, I suppose you were right," said Hallward slowly. - -"Have you seen her to-day?" asked Lord Henry. - -Dorian Gray shook his head. "I left her in the forest of Arden; I -shall find her in an orchard in Verona." - -Lord Henry sipped his champagne in a meditative manner. "At what -particular point did you mention the word marriage, Dorian? And what -did she say in answer? Perhaps you forgot all about it." - -"My dear Harry, I did not treat it as a business transaction, and I did -not make any formal proposal. I told her that I loved her, and she -said she was not worthy to be my wife. Not worthy! Why, the whole -world is nothing to me compared with her." - -"Women are wonderfully practical," murmured Lord Henry, "much more -practical than we are. In situations of that kind we often forget to -say anything about marriage, and they always remind us." - -Hallward laid his hand upon his arm. "Don't, Harry. You have annoyed -Dorian. He is not like other men. He would never bring misery upon -any one. His nature is too fine for that." - -Lord Henry looked across the table. "Dorian is never annoyed with me," -he answered. "I asked the question for the best reason possible, for -the only reason, indeed, that excuses one for asking any -question--simple curiosity. I have a theory that it is always the -women who propose to us, and not we who propose to the women. Except, -of course, in middle-class life. But then the middle classes are not -modern." - -Dorian Gray laughed, and tossed his head. "You are quite incorrigible, -Harry; but I don't mind. It is impossible to be angry with you. When -you see Sibyl Vane, you will feel that the man who could wrong her -would be a beast, a beast without a heart. I cannot understand how any -one can wish to shame the thing he loves. I love Sibyl Vane. I want -to place her on a pedestal of gold and to see the world worship the -woman who is mine. What is marriage? An irrevocable vow. You mock at -it for that. Ah! don't mock. It is an irrevocable vow that I want to -take. Her trust makes me faithful, her belief makes me good. When I -am with her, I regret all that you have taught me. I become different -from what you have known me to be. I am changed, and the mere touch of -Sibyl Vane's hand makes me forget you and all your wrong, fascinating, -poisonous, delightful theories." - -"And those are ...?" asked Lord Henry, helping himself to some salad. - -"Oh, your theories about life, your theories about love, your theories -about pleasure. All your theories, in fact, Harry." - -"Pleasure is the only thing worth having a theory about," he answered -in his slow melodious voice. "But I am afraid I cannot claim my theory -as my own. It belongs to Nature, not to me. Pleasure is Nature's -test, her sign of approval. When we are happy, we are always good, but -when we are good, we are not always happy." - -"Ah! but what do you mean by good?" cried Basil Hallward. - -"Yes," echoed Dorian, leaning back in his chair and looking at Lord -Henry over the heavy clusters of purple-lipped irises that stood in the -centre of the table, "what do you mean by good, Harry?" - -"To be good is to be in harmony with one's self," he replied, touching -the thin stem of his glass with his pale, fine-pointed fingers. -"Discord is to be forced to be in harmony with others. One's own -life--that is the important thing. As for the lives of one's -neighbours, if one wishes to be a prig or a Puritan, one can flaunt -one's moral views about them, but they are not one's concern. Besides, -individualism has really the higher aim. Modern morality consists in -accepting the standard of one's age. I consider that for any man of -culture to accept the standard of his age is a form of the grossest -immorality." - -"But, surely, if one lives merely for one's self, Harry, one pays a -terrible price for doing so?" suggested the painter. - -"Yes, we are overcharged for everything nowadays. I should fancy that -the real tragedy of the poor is that they can afford nothing but -self-denial. Beautiful sins, like beautiful things, are the privilege -of the rich." - -"One has to pay in other ways but money." - -"What sort of ways, Basil?" - -"Oh! I should fancy in remorse, in suffering, in ... well, in the -consciousness of degradation." - -Lord Henry shrugged his shoulders. "My dear fellow, mediaeval art is -charming, but mediaeval emotions are out of date. One can use them in -fiction, of course. But then the only things that one can use in -fiction are the things that one has ceased to use in fact. Believe me, -no civilized man ever regrets a pleasure, and no uncivilized man ever -knows what a pleasure is." - -"I know what pleasure is," cried Dorian Gray. "It is to adore some -one." - -"That is certainly better than being adored," he answered, toying with -some fruits. "Being adored is a nuisance. Women treat us just as -humanity treats its gods. They worship us, and are always bothering us -to do something for them." - -"I should have said that whatever they ask for they had first given to -us," murmured the lad gravely. "They create love in our natures. They -have a right to demand it back." - -"That is quite true, Dorian," cried Hallward. - -"Nothing is ever quite true," said Lord Henry. - -"This is," interrupted Dorian. "You must admit, Harry, that women give -to men the very gold of their lives." - -"Possibly," he sighed, "but they invariably want it back in such very -small change. That is the worry. Women, as some witty Frenchman once -put it, inspire us with the desire to do masterpieces and always -prevent us from carrying them out." - -"Harry, you are dreadful! I don't know why I like you so much." - -"You will always like me, Dorian," he replied. "Will you have some -coffee, you fellows? Waiter, bring coffee, and _fine-champagne_, and -some cigarettes. No, don't mind the cigarettes--I have some. Basil, I -can't allow you to smoke cigars. You must have a cigarette. A -cigarette is the perfect type of a perfect pleasure. It is exquisite, -and it leaves one unsatisfied. What more can one want? Yes, Dorian, -you will always be fond of me. I represent to you all the sins you -have never had the courage to commit." - -"What nonsense you talk, Harry!" cried the lad, taking a light from a -fire-breathing silver dragon that the waiter had placed on the table. -"Let us go down to the theatre. When Sibyl comes on the stage you will -have a new ideal of life. She will represent something to you that you -have never known." - -"I have known everything," said Lord Henry, with a tired look in his -eyes, "but I am always ready for a new emotion. I am afraid, however, -that, for me at any rate, there is no such thing. Still, your -wonderful girl may thrill me. I love acting. It is so much more real -than life. Let us go. Dorian, you will come with me. I am so sorry, -Basil, but there is only room for two in the brougham. You must follow -us in a hansom." - -They got up and put on their coats, sipping their coffee standing. The -painter was silent and preoccupied. There was a gloom over him. He -could not bear this marriage, and yet it seemed to him to be better -than many other things that might have happened. After a few minutes, -they all passed downstairs. He drove off by himself, as had been -arranged, and watched the flashing lights of the little brougham in -front of him. A strange sense of loss came over him. He felt that -Dorian Gray would never again be to him all that he had been in the -past. Life had come between them.... His eyes darkened, and the -crowded flaring streets became blurred to his eyes. When the cab drew -up at the theatre, it seemed to him that he had grown years older. - - - -CHAPTER 7 - -For some reason or other, the house was crowded that night, and the fat -Jew manager who met them at the door was beaming from ear to ear with -an oily tremulous smile. He escorted them to their box with a sort of -pompous humility, waving his fat jewelled hands and talking at the top -of his voice. Dorian Gray loathed him more than ever. He felt as if -he had come to look for Miranda and had been met by Caliban. Lord -Henry, upon the other hand, rather liked him. At least he declared he -did, and insisted on shaking him by the hand and assuring him that he -was proud to meet a man who had discovered a real genius and gone -bankrupt over a poet. Hallward amused himself with watching the faces -in the pit. The heat was terribly oppressive, and the huge sunlight -flamed like a monstrous dahlia with petals of yellow fire. The youths -in the gallery had taken off their coats and waistcoats and hung them -over the side. They talked to each other across the theatre and shared -their oranges with the tawdry girls who sat beside them. Some women -were laughing in the pit. Their voices were horribly shrill and -discordant. The sound of the popping of corks came from the bar. - -"What a place to find one's divinity in!" said Lord Henry. - -"Yes!" answered Dorian Gray. "It was here I found her, and she is -divine beyond all living things. When she acts, you will forget -everything. These common rough people, with their coarse faces and -brutal gestures, become quite different when she is on the stage. They -sit silently and watch her. They weep and laugh as she wills them to -do. She makes them as responsive as a violin. She spiritualizes them, -and one feels that they are of the same flesh and blood as one's self." - -"The same flesh and blood as one's self! Oh, I hope not!" exclaimed -Lord Henry, who was scanning the occupants of the gallery through his -opera-glass. - -"Don't pay any attention to him, Dorian," said the painter. "I -understand what you mean, and I believe in this girl. Any one you love -must be marvellous, and any girl who has the effect you describe must -be fine and noble. To spiritualize one's age--that is something worth -doing. If this girl can give a soul to those who have lived without -one, if she can create the sense of beauty in people whose lives have -been sordid and ugly, if she can strip them of their selfishness and -lend them tears for sorrows that are not their own, she is worthy of -all your adoration, worthy of the adoration of the world. This -marriage is quite right. I did not think so at first, but I admit it -now. The gods made Sibyl Vane for you. Without her you would have -been incomplete." - -"Thanks, Basil," answered Dorian Gray, pressing his hand. "I knew that -you would understand me. Harry is so cynical, he terrifies me. But -here is the orchestra. It is quite dreadful, but it only lasts for -about five minutes. Then the curtain rises, and you will see the girl -to whom I am going to give all my life, to whom I have given everything -that is good in me." - -A quarter of an hour afterwards, amidst an extraordinary turmoil of -applause, Sibyl Vane stepped on to the stage. Yes, she was certainly -lovely to look at--one of the loveliest creatures, Lord Henry thought, -that he had ever seen. There was something of the fawn in her shy -grace and startled eyes. A faint blush, like the shadow of a rose in a -mirror of silver, came to her cheeks as she glanced at the crowded -enthusiastic house. She stepped back a few paces and her lips seemed -to tremble. Basil Hallward leaped to his feet and began to applaud. -Motionless, and as one in a dream, sat Dorian Gray, gazing at her. -Lord Henry peered through his glasses, murmuring, "Charming! charming!" - -The scene was the hall of Capulet's house, and Romeo in his pilgrim's -dress had entered with Mercutio and his other friends. The band, such -as it was, struck up a few bars of music, and the dance began. Through -the crowd of ungainly, shabbily dressed actors, Sibyl Vane moved like a -creature from a finer world. Her body swayed, while she danced, as a -plant sways in the water. The curves of her throat were the curves of -a white lily. Her hands seemed to be made of cool ivory. - -Yet she was curiously listless. She showed no sign of joy when her -eyes rested on Romeo. The few words she had to speak-- - - Good pilgrim, you do wrong your hand too much, - Which mannerly devotion shows in this; - For saints have hands that pilgrims' hands do touch, - And palm to palm is holy palmers' kiss-- - -with the brief dialogue that follows, were spoken in a thoroughly -artificial manner. The voice was exquisite, but from the point of view -of tone it was absolutely false. It was wrong in colour. It took away -all the life from the verse. It made the passion unreal. - -Dorian Gray grew pale as he watched her. He was puzzled and anxious. -Neither of his friends dared to say anything to him. She seemed to -them to be absolutely incompetent. They were horribly disappointed. - -Yet they felt that the true test of any Juliet is the balcony scene of -the second act. They waited for that. If she failed there, there was -nothing in her. - -She looked charming as she came out in the moonlight. That could not -be denied. But the staginess of her acting was unbearable, and grew -worse as she went on. Her gestures became absurdly artificial. She -overemphasized everything that she had to say. The beautiful passage-- - - Thou knowest the mask of night is on my face, - Else would a maiden blush bepaint my cheek - For that which thou hast heard me speak to-night-- - -was declaimed with the painful precision of a schoolgirl who has been -taught to recite by some second-rate professor of elocution. When she -leaned over the balcony and came to those wonderful lines-- - - Although I joy in thee, - I have no joy of this contract to-night: - It is too rash, too unadvised, too sudden; - Too like the lightning, which doth cease to be - Ere one can say, "It lightens." Sweet, good-night! - This bud of love by summer's ripening breath - May prove a beauteous flower when next we meet-- - -she spoke the words as though they conveyed no meaning to her. It was -not nervousness. Indeed, so far from being nervous, she was absolutely -self-contained. It was simply bad art. She was a complete failure. - -Even the common uneducated audience of the pit and gallery lost their -interest in the play. They got restless, and began to talk loudly and -to whistle. The Jew manager, who was standing at the back of the -dress-circle, stamped and swore with rage. The only person unmoved was -the girl herself. - -When the second act was over, there came a storm of hisses, and Lord -Henry got up from his chair and put on his coat. "She is quite -beautiful, Dorian," he said, "but she can't act. Let us go." - -"I am going to see the play through," answered the lad, in a hard -bitter voice. "I am awfully sorry that I have made you waste an -evening, Harry. I apologize to you both." - -"My dear Dorian, I should think Miss Vane was ill," interrupted -Hallward. "We will come some other night." - -"I wish she were ill," he rejoined. "But she seems to me to be simply -callous and cold. She has entirely altered. Last night she was a -great artist. This evening she is merely a commonplace mediocre -actress." - -"Don't talk like that about any one you love, Dorian. Love is a more -wonderful thing than art." - -"They are both simply forms of imitation," remarked Lord Henry. "But -do let us go. Dorian, you must not stay here any longer. It is not -good for one's morals to see bad acting. Besides, I don't suppose you -will want your wife to act, so what does it matter if she plays Juliet -like a wooden doll? She is very lovely, and if she knows as little -about life as she does about acting, she will be a delightful -experience. There are only two kinds of people who are really -fascinating--people who know absolutely everything, and people who know -absolutely nothing. Good heavens, my dear boy, don't look so tragic! -The secret of remaining young is never to have an emotion that is -unbecoming. Come to the club with Basil and myself. We will smoke -cigarettes and drink to the beauty of Sibyl Vane. She is beautiful. -What more can you want?" - -"Go away, Harry," cried the lad. "I want to be alone. Basil, you must -go. Ah! can't you see that my heart is breaking?" The hot tears came -to his eyes. His lips trembled, and rushing to the back of the box, he -leaned up against the wall, hiding his face in his hands. - -"Let us go, Basil," said Lord Henry with a strange tenderness in his -voice, and the two young men passed out together. - -A few moments afterwards the footlights flared up and the curtain rose -on the third act. Dorian Gray went back to his seat. He looked pale, -and proud, and indifferent. The play dragged on, and seemed -interminable. Half of the audience went out, tramping in heavy boots -and laughing. The whole thing was a _fiasco_. The last act was played -to almost empty benches. The curtain went down on a titter and some -groans. - -As soon as it was over, Dorian Gray rushed behind the scenes into the -greenroom. The girl was standing there alone, with a look of triumph -on her face. Her eyes were lit with an exquisite fire. There was a -radiance about her. Her parted lips were smiling over some secret of -their own. - -When he entered, she looked at him, and an expression of infinite joy -came over her. "How badly I acted to-night, Dorian!" she cried. - -"Horribly!" he answered, gazing at her in amazement. "Horribly! It -was dreadful. Are you ill? You have no idea what it was. You have no -idea what I suffered." - -The girl smiled. "Dorian," she answered, lingering over his name with -long-drawn music in her voice, as though it were sweeter than honey to -the red petals of her mouth. "Dorian, you should have understood. But -you understand now, don't you?" - -"Understand what?" he asked, angrily. - -"Why I was so bad to-night. Why I shall always be bad. Why I shall -never act well again." - -He shrugged his shoulders. "You are ill, I suppose. When you are ill -you shouldn't act. You make yourself ridiculous. My friends were -bored. I was bored." - -She seemed not to listen to him. She was transfigured with joy. An -ecstasy of happiness dominated her. - -"Dorian, Dorian," she cried, "before I knew you, acting was the one -reality of my life. It was only in the theatre that I lived. I -thought that it was all true. I was Rosalind one night and Portia the -other. The joy of Beatrice was my joy, and the sorrows of Cordelia -were mine also. I believed in everything. The common people who acted -with me seemed to me to be godlike. The painted scenes were my world. -I knew nothing but shadows, and I thought them real. You came--oh, my -beautiful love!--and you freed my soul from prison. You taught me what -reality really is. To-night, for the first time in my life, I saw -through the hollowness, the sham, the silliness of the empty pageant in -which I had always played. To-night, for the first time, I became -conscious that the Romeo was hideous, and old, and painted, that the -moonlight in the orchard was false, that the scenery was vulgar, and -that the words I had to speak were unreal, were not my words, were not -what I wanted to say. You had brought me something higher, something -of which all art is but a reflection. You had made me understand what -love really is. My love! My love! Prince Charming! Prince of life! -I have grown sick of shadows. You are more to me than all art can ever -be. What have I to do with the puppets of a play? When I came on -to-night, I could not understand how it was that everything had gone -from me. I thought that I was going to be wonderful. I found that I -could do nothing. Suddenly it dawned on my soul what it all meant. -The knowledge was exquisite to me. I heard them hissing, and I smiled. -What could they know of love such as ours? Take me away, Dorian--take -me away with you, where we can be quite alone. I hate the stage. I -might mimic a passion that I do not feel, but I cannot mimic one that -burns me like fire. Oh, Dorian, Dorian, you understand now what it -signifies? Even if I could do it, it would be profanation for me to -play at being in love. You have made me see that." - -He flung himself down on the sofa and turned away his face. "You have -killed my love," he muttered. - -She looked at him in wonder and laughed. He made no answer. She came -across to him, and with her little fingers stroked his hair. She knelt -down and pressed his hands to her lips. He drew them away, and a -shudder ran through him. - -Then he leaped up and went to the door. "Yes," he cried, "you have -killed my love. You used to stir my imagination. Now you don't even -stir my curiosity. You simply produce no effect. I loved you because -you were marvellous, because you had genius and intellect, because you -realized the dreams of great poets and gave shape and substance to the -shadows of art. You have thrown it all away. You are shallow and -stupid. My God! how mad I was to love you! What a fool I have been! -You are nothing to me now. I will never see you again. I will never -think of you. I will never mention your name. You don't know what you -were to me, once. Why, once ... Oh, I can't bear to think of it! I -wish I had never laid eyes upon you! You have spoiled the romance of -my life. How little you can know of love, if you say it mars your art! -Without your art, you are nothing. I would have made you famous, -splendid, magnificent. The world would have worshipped you, and you -would have borne my name. What are you now? A third-rate actress with -a pretty face." - -The girl grew white, and trembled. She clenched her hands together, -and her voice seemed to catch in her throat. "You are not serious, -Dorian?" she murmured. "You are acting." - -"Acting! I leave that to you. You do it so well," he answered -bitterly. - -She rose from her knees and, with a piteous expression of pain in her -face, came across the room to him. She put her hand upon his arm and -looked into his eyes. He thrust her back. "Don't touch me!" he cried. - -A low moan broke from her, and she flung herself at his feet and lay -there like a trampled flower. "Dorian, Dorian, don't leave me!" she -whispered. "I am so sorry I didn't act well. I was thinking of you -all the time. But I will try--indeed, I will try. It came so suddenly -across me, my love for you. I think I should never have known it if -you had not kissed me--if we had not kissed each other. Kiss me again, -my love. Don't go away from me. I couldn't bear it. Oh! don't go -away from me. My brother ... No; never mind. He didn't mean it. He -was in jest.... But you, oh! can't you forgive me for to-night? I will -work so hard and try to improve. Don't be cruel to me, because I love -you better than anything in the world. After all, it is only once that -I have not pleased you. But you are quite right, Dorian. I should -have shown myself more of an artist. It was foolish of me, and yet I -couldn't help it. Oh, don't leave me, don't leave me." A fit of -passionate sobbing choked her. She crouched on the floor like a -wounded thing, and Dorian Gray, with his beautiful eyes, looked down at -her, and his chiselled lips curled in exquisite disdain. There is -always something ridiculous about the emotions of people whom one has -ceased to love. Sibyl Vane seemed to him to be absurdly melodramatic. -Her tears and sobs annoyed him. - -"I am going," he said at last in his calm clear voice. "I don't wish -to be unkind, but I can't see you again. You have disappointed me." - -She wept silently, and made no answer, but crept nearer. Her little -hands stretched blindly out, and appeared to be seeking for him. He -turned on his heel and left the room. In a few moments he was out of -the theatre. - -Where he went to he hardly knew. He remembered wandering through dimly -lit streets, past gaunt, black-shadowed archways and evil-looking -houses. Women with hoarse voices and harsh laughter had called after -him. Drunkards had reeled by, cursing and chattering to themselves -like monstrous apes. He had seen grotesque children huddled upon -door-steps, and heard shrieks and oaths from gloomy courts. - -As the dawn was just breaking, he found himself close to Covent Garden. -The darkness lifted, and, flushed with faint fires, the sky hollowed -itself into a perfect pearl. Huge carts filled with nodding lilies -rumbled slowly down the polished empty street. The air was heavy with -the perfume of the flowers, and their beauty seemed to bring him an -anodyne for his pain. He followed into the market and watched the men -unloading their waggons. A white-smocked carter offered him some -cherries. He thanked him, wondered why he refused to accept any money -for them, and began to eat them listlessly. They had been plucked at -midnight, and the coldness of the moon had entered into them. A long -line of boys carrying crates of striped tulips, and of yellow and red -roses, defiled in front of him, threading their way through the huge, -jade-green piles of vegetables. Under the portico, with its grey, -sun-bleached pillars, loitered a troop of draggled bareheaded girls, -waiting for the auction to be over. Others crowded round the swinging -doors of the coffee-house in the piazza. The heavy cart-horses slipped -and stamped upon the rough stones, shaking their bells and trappings. -Some of the drivers were lying asleep on a pile of sacks. Iris-necked -and pink-footed, the pigeons ran about picking up seeds. - -After a little while, he hailed a hansom and drove home. For a few -moments he loitered upon the doorstep, looking round at the silent -square, with its blank, close-shuttered windows and its staring blinds. -The sky was pure opal now, and the roofs of the houses glistened like -silver against it. From some chimney opposite a thin wreath of smoke -was rising. It curled, a violet riband, through the nacre-coloured air. - -In the huge gilt Venetian lantern, spoil of some Doge's barge, that -hung from the ceiling of the great, oak-panelled hall of entrance, -lights were still burning from three flickering jets: thin blue petals -of flame they seemed, rimmed with white fire. He turned them out and, -having thrown his hat and cape on the table, passed through the library -towards the door of his bedroom, a large octagonal chamber on the -ground floor that, in his new-born feeling for luxury, he had just had -decorated for himself and hung with some curious Renaissance tapestries -that had been discovered stored in a disused attic at Selby Royal. As -he was turning the handle of the door, his eye fell upon the portrait -Basil Hallward had painted of him. He started back as if in surprise. -Then he went on into his own room, looking somewhat puzzled. After he -had taken the button-hole out of his coat, he seemed to hesitate. -Finally, he came back, went over to the picture, and examined it. In -the dim arrested light that struggled through the cream-coloured silk -blinds, the face appeared to him to be a little changed. The -expression looked different. One would have said that there was a -touch of cruelty in the mouth. It was certainly strange. - -He turned round and, walking to the window, drew up the blind. The -bright dawn flooded the room and swept the fantastic shadows into dusky -corners, where they lay shuddering. But the strange expression that he -had noticed in the face of the portrait seemed to linger there, to be -more intensified even. The quivering ardent sunlight showed him the -lines of cruelty round the mouth as clearly as if he had been looking -into a mirror after he had done some dreadful thing. - -He winced and, taking up from the table an oval glass framed in ivory -Cupids, one of Lord Henry's many presents to him, glanced hurriedly -into its polished depths. No line like that warped his red lips. What -did it mean? - -He rubbed his eyes, and came close to the picture, and examined it -again. There were no signs of any change when he looked into the -actual painting, and yet there was no doubt that the whole expression -had altered. It was not a mere fancy of his own. The thing was -horribly apparent. - -He threw himself into a chair and began to think. Suddenly there -flashed across his mind what he had said in Basil Hallward's studio the -day the picture had been finished. Yes, he remembered it perfectly. -He had uttered a mad wish that he himself might remain young, and the -portrait grow old; that his own beauty might be untarnished, and the -face on the canvas bear the burden of his passions and his sins; that -the painted image might be seared with the lines of suffering and -thought, and that he might keep all the delicate bloom and loveliness -of his then just conscious boyhood. Surely his wish had not been -fulfilled? Such things were impossible. It seemed monstrous even to -think of them. And, yet, there was the picture before him, with the -touch of cruelty in the mouth. - -Cruelty! Had he been cruel? It was the girl's fault, not his. He had -dreamed of her as a great artist, had given his love to her because he -had thought her great. Then she had disappointed him. She had been -shallow and unworthy. And, yet, a feeling of infinite regret came over -him, as he thought of her lying at his feet sobbing like a little -child. He remembered with what callousness he had watched her. Why -had he been made like that? Why had such a soul been given to him? -But he had suffered also. During the three terrible hours that the -play had lasted, he had lived centuries of pain, aeon upon aeon of -torture. His life was well worth hers. She had marred him for a -moment, if he had wounded her for an age. Besides, women were better -suited to bear sorrow than men. They lived on their emotions. They -only thought of their emotions. When they took lovers, it was merely -to have some one with whom they could have scenes. Lord Henry had told -him that, and Lord Henry knew what women were. Why should he trouble -about Sibyl Vane? She was nothing to him now. - -But the picture? What was he to say of that? It held the secret of -his life, and told his story. It had taught him to love his own -beauty. Would it teach him to loathe his own soul? Would he ever look -at it again? - -No; it was merely an illusion wrought on the troubled senses. The -horrible night that he had passed had left phantoms behind it. -Suddenly there had fallen upon his brain that tiny scarlet speck that -makes men mad. The picture had not changed. It was folly to think so. - -Yet it was watching him, with its beautiful marred face and its cruel -smile. Its bright hair gleamed in the early sunlight. Its blue eyes -met his own. A sense of infinite pity, not for himself, but for the -painted image of himself, came over him. It had altered already, and -would alter more. Its gold would wither into grey. Its red and white -roses would die. For every sin that he committed, a stain would fleck -and wreck its fairness. But he would not sin. The picture, changed or -unchanged, would be to him the visible emblem of conscience. He would -resist temptation. He would not see Lord Henry any more--would not, at -any rate, listen to those subtle poisonous theories that in Basil -Hallward's garden had first stirred within him the passion for -impossible things. He would go back to Sibyl Vane, make her amends, -marry her, try to love her again. Yes, it was his duty to do so. She -must have suffered more than he had. Poor child! He had been selfish -and cruel to her. The fascination that she had exercised over him -would return. They would be happy together. His life with her would -be beautiful and pure. - -He got up from his chair and drew a large screen right in front of the -portrait, shuddering as he glanced at it. "How horrible!" he murmured -to himself, and he walked across to the window and opened it. When he -stepped out on to the grass, he drew a deep breath. The fresh morning -air seemed to drive away all his sombre passions. He thought only of -Sibyl. A faint echo of his love came back to him. He repeated her -name over and over again. The birds that were singing in the -dew-drenched garden seemed to be telling the flowers about her. - - - -CHAPTER 8 - -It was long past noon when he awoke. His valet had crept several times -on tiptoe into the room to see if he was stirring, and had wondered -what made his young master sleep so late. Finally his bell sounded, -and Victor came in softly with a cup of tea, and a pile of letters, on -a small tray of old Sevres china, and drew back the olive-satin -curtains, with their shimmering blue lining, that hung in front of the -three tall windows. - -"Monsieur has well slept this morning," he said, smiling. - -"What o'clock is it, Victor?" asked Dorian Gray drowsily. - -"One hour and a quarter, Monsieur." - -How late it was! He sat up, and having sipped some tea, turned over -his letters. One of them was from Lord Henry, and had been brought by -hand that morning. He hesitated for a moment, and then put it aside. -The others he opened listlessly. They contained the usual collection -of cards, invitations to dinner, tickets for private views, programmes -of charity concerts, and the like that are showered on fashionable -young men every morning during the season. There was a rather heavy -bill for a chased silver Louis-Quinze toilet-set that he had not yet -had the courage to send on to his guardians, who were extremely -old-fashioned people and did not realize that we live in an age when -unnecessary things are our only necessities; and there were several -very courteously worded communications from Jermyn Street money-lenders -offering to advance any sum of money at a moment's notice and at the -most reasonable rates of interest. - -After about ten minutes he got up, and throwing on an elaborate -dressing-gown of silk-embroidered cashmere wool, passed into the -onyx-paved bathroom. The cool water refreshed him after his long -sleep. He seemed to have forgotten all that he had gone through. A -dim sense of having taken part in some strange tragedy came to him once -or twice, but there was the unreality of a dream about it. - -As soon as he was dressed, he went into the library and sat down to a -light French breakfast that had been laid out for him on a small round -table close to the open window. It was an exquisite day. The warm air -seemed laden with spices. A bee flew in and buzzed round the -blue-dragon bowl that, filled with sulphur-yellow roses, stood before -him. He felt perfectly happy. - -Suddenly his eye fell on the screen that he had placed in front of the -portrait, and he started. - -"Too cold for Monsieur?" asked his valet, putting an omelette on the -table. "I shut the window?" - -Dorian shook his head. "I am not cold," he murmured. - -Was it all true? Had the portrait really changed? Or had it been -simply his own imagination that had made him see a look of evil where -there had been a look of joy? Surely a painted canvas could not alter? -The thing was absurd. It would serve as a tale to tell Basil some day. -It would make him smile. - -And, yet, how vivid was his recollection of the whole thing! First in -the dim twilight, and then in the bright dawn, he had seen the touch of -cruelty round the warped lips. He almost dreaded his valet leaving the -room. He knew that when he was alone he would have to examine the -portrait. He was afraid of certainty. When the coffee and cigarettes -had been brought and the man turned to go, he felt a wild desire to -tell him to remain. As the door was closing behind him, he called him -back. The man stood waiting for his orders. Dorian looked at him for -a moment. "I am not at home to any one, Victor," he said with a sigh. -The man bowed and retired. - -Then he rose from the table, lit a cigarette, and flung himself down on -a luxuriously cushioned couch that stood facing the screen. The screen -was an old one, of gilt Spanish leather, stamped and wrought with a -rather florid Louis-Quatorze pattern. He scanned it curiously, -wondering if ever before it had concealed the secret of a man's life. - -Should he move it aside, after all? Why not let it stay there? What -was the use of knowing? If the thing was true, it was terrible. If it -was not true, why trouble about it? But what if, by some fate or -deadlier chance, eyes other than his spied behind and saw the horrible -change? What should he do if Basil Hallward came and asked to look at -his own picture? Basil would be sure to do that. No; the thing had to -be examined, and at once. Anything would be better than this dreadful -state of doubt. - -He got up and locked both doors. At least he would be alone when he -looked upon the mask of his shame. Then he drew the screen aside and -saw himself face to face. It was perfectly true. The portrait had -altered. - -As he often remembered afterwards, and always with no small wonder, he -found himself at first gazing at the portrait with a feeling of almost -scientific interest. That such a change should have taken place was -incredible to him. And yet it was a fact. Was there some subtle -affinity between the chemical atoms that shaped themselves into form -and colour on the canvas and the soul that was within him? Could it be -that what that soul thought, they realized?--that what it dreamed, they -made true? Or was there some other, more terrible reason? He -shuddered, and felt afraid, and, going back to the couch, lay there, -gazing at the picture in sickened horror. - -One thing, however, he felt that it had done for him. It had made him -conscious how unjust, how cruel, he had been to Sibyl Vane. It was not -too late to make reparation for that. She could still be his wife. -His unreal and selfish love would yield to some higher influence, would -be transformed into some nobler passion, and the portrait that Basil -Hallward had painted of him would be a guide to him through life, would -be to him what holiness is to some, and conscience to others, and the -fear of God to us all. There were opiates for remorse, drugs that -could lull the moral sense to sleep. But here was a visible symbol of -the degradation of sin. Here was an ever-present sign of the ruin men -brought upon their souls. - -Three o'clock struck, and four, and the half-hour rang its double -chime, but Dorian Gray did not stir. He was trying to gather up the -scarlet threads of life and to weave them into a pattern; to find his -way through the sanguine labyrinth of passion through which he was -wandering. He did not know what to do, or what to think. Finally, he -went over to the table and wrote a passionate letter to the girl he had -loved, imploring her forgiveness and accusing himself of madness. He -covered page after page with wild words of sorrow and wilder words of -pain. There is a luxury in self-reproach. When we blame ourselves, we -feel that no one else has a right to blame us. It is the confession, -not the priest, that gives us absolution. When Dorian had finished the -letter, he felt that he had been forgiven. - -Suddenly there came a knock to the door, and he heard Lord Henry's -voice outside. "My dear boy, I must see you. Let me in at once. I -can't bear your shutting yourself up like this." - -He made no answer at first, but remained quite still. The knocking -still continued and grew louder. Yes, it was better to let Lord Henry -in, and to explain to him the new life he was going to lead, to quarrel -with him if it became necessary to quarrel, to part if parting was -inevitable. He jumped up, drew the screen hastily across the picture, -and unlocked the door. - -"I am so sorry for it all, Dorian," said Lord Henry as he entered. -"But you must not think too much about it." - -"Do you mean about Sibyl Vane?" asked the lad. - -"Yes, of course," answered Lord Henry, sinking into a chair and slowly -pulling off his yellow gloves. "It is dreadful, from one point of -view, but it was not your fault. Tell me, did you go behind and see -her, after the play was over?" - -"Yes." - -"I felt sure you had. Did you make a scene with her?" - -"I was brutal, Harry--perfectly brutal. But it is all right now. I am -not sorry for anything that has happened. It has taught me to know -myself better." - -"Ah, Dorian, I am so glad you take it in that way! I was afraid I -would find you plunged in remorse and tearing that nice curly hair of -yours." - -"I have got through all that," said Dorian, shaking his head and -smiling. "I am perfectly happy now. I know what conscience is, to -begin with. It is not what you told me it was. It is the divinest -thing in us. Don't sneer at it, Harry, any more--at least not before -me. I want to be good. I can't bear the idea of my soul being -hideous." - -"A very charming artistic basis for ethics, Dorian! I congratulate you -on it. But how are you going to begin?" - -"By marrying Sibyl Vane." - -"Marrying Sibyl Vane!" cried Lord Henry, standing up and looking at him -in perplexed amazement. "But, my dear Dorian--" - -"Yes, Harry, I know what you are going to say. Something dreadful -about marriage. Don't say it. Don't ever say things of that kind to -me again. Two days ago I asked Sibyl to marry me. I am not going to -break my word to her. She is to be my wife." - -"Your wife! Dorian! ... Didn't you get my letter? I wrote to you this -morning, and sent the note down by my own man." - -"Your letter? Oh, yes, I remember. I have not read it yet, Harry. I -was afraid there might be something in it that I wouldn't like. You -cut life to pieces with your epigrams." - -"You know nothing then?" - -"What do you mean?" - -Lord Henry walked across the room, and sitting down by Dorian Gray, -took both his hands in his own and held them tightly. "Dorian," he -said, "my letter--don't be frightened--was to tell you that Sibyl Vane -is dead." - -A cry of pain broke from the lad's lips, and he leaped to his feet, -tearing his hands away from Lord Henry's grasp. "Dead! Sibyl dead! -It is not true! It is a horrible lie! How dare you say it?" - -"It is quite true, Dorian," said Lord Henry, gravely. "It is in all -the morning papers. I wrote down to you to ask you not to see any one -till I came. There will have to be an inquest, of course, and you must -not be mixed up in it. Things like that make a man fashionable in -Paris. But in London people are so prejudiced. Here, one should never -make one's _debut_ with a scandal. One should reserve that to give an -interest to one's old age. I suppose they don't know your name at the -theatre? If they don't, it is all right. Did any one see you going -round to her room? That is an important point." - -Dorian did not answer for a few moments. He was dazed with horror. -Finally he stammered, in a stifled voice, "Harry, did you say an -inquest? What did you mean by that? Did Sibyl--? Oh, Harry, I can't -bear it! But be quick. Tell me everything at once." - -"I have no doubt it was not an accident, Dorian, though it must be put -in that way to the public. It seems that as she was leaving the -theatre with her mother, about half-past twelve or so, she said she had -forgotten something upstairs. They waited some time for her, but she -did not come down again. They ultimately found her lying dead on the -floor of her dressing-room. She had swallowed something by mistake, -some dreadful thing they use at theatres. I don't know what it was, -but it had either prussic acid or white lead in it. I should fancy it -was prussic acid, as she seems to have died instantaneously." - -"Harry, Harry, it is terrible!" cried the lad. - -"Yes; it is very tragic, of course, but you must not get yourself mixed -up in it. I see by _The Standard_ that she was seventeen. I should have -thought she was almost younger than that. She looked such a child, and -seemed to know so little about acting. Dorian, you mustn't let this -thing get on your nerves. You must come and dine with me, and -afterwards we will look in at the opera. It is a Patti night, and -everybody will be there. You can come to my sister's box. She has got -some smart women with her." - -"So I have murdered Sibyl Vane," said Dorian Gray, half to himself, -"murdered her as surely as if I had cut her little throat with a knife. -Yet the roses are not less lovely for all that. The birds sing just as -happily in my garden. And to-night I am to dine with you, and then go -on to the opera, and sup somewhere, I suppose, afterwards. How -extraordinarily dramatic life is! If I had read all this in a book, -Harry, I think I would have wept over it. Somehow, now that it has -happened actually, and to me, it seems far too wonderful for tears. -Here is the first passionate love-letter I have ever written in my -life. Strange, that my first passionate love-letter should have been -addressed to a dead girl. Can they feel, I wonder, those white silent -people we call the dead? Sibyl! Can she feel, or know, or listen? -Oh, Harry, how I loved her once! It seems years ago to me now. She -was everything to me. Then came that dreadful night--was it really -only last night?--when she played so badly, and my heart almost broke. -She explained it all to me. It was terribly pathetic. But I was not -moved a bit. I thought her shallow. Suddenly something happened that -made me afraid. I can't tell you what it was, but it was terrible. I -said I would go back to her. I felt I had done wrong. And now she is -dead. My God! My God! Harry, what shall I do? You don't know the -danger I am in, and there is nothing to keep me straight. She would -have done that for me. She had no right to kill herself. It was -selfish of her." - -"My dear Dorian," answered Lord Henry, taking a cigarette from his case -and producing a gold-latten matchbox, "the only way a woman can ever -reform a man is by boring him so completely that he loses all possible -interest in life. If you had married this girl, you would have been -wretched. Of course, you would have treated her kindly. One can -always be kind to people about whom one cares nothing. But she would -have soon found out that you were absolutely indifferent to her. And -when a woman finds that out about her husband, she either becomes -dreadfully dowdy, or wears very smart bonnets that some other woman's -husband has to pay for. I say nothing about the social mistake, which -would have been abject--which, of course, I would not have allowed--but -I assure you that in any case the whole thing would have been an -absolute failure." - -"I suppose it would," muttered the lad, walking up and down the room -and looking horribly pale. "But I thought it was my duty. It is not -my fault that this terrible tragedy has prevented my doing what was -right. I remember your saying once that there is a fatality about good -resolutions--that they are always made too late. Mine certainly were." - -"Good resolutions are useless attempts to interfere with scientific -laws. Their origin is pure vanity. Their result is absolutely _nil_. -They give us, now and then, some of those luxurious sterile emotions -that have a certain charm for the weak. That is all that can be said -for them. They are simply cheques that men draw on a bank where they -have no account." - -"Harry," cried Dorian Gray, coming over and sitting down beside him, -"why is it that I cannot feel this tragedy as much as I want to? I -don't think I am heartless. Do you?" - -"You have done too many foolish things during the last fortnight to be -entitled to give yourself that name, Dorian," answered Lord Henry with -his sweet melancholy smile. - -The lad frowned. "I don't like that explanation, Harry," he rejoined, -"but I am glad you don't think I am heartless. I am nothing of the -kind. I know I am not. And yet I must admit that this thing that has -happened does not affect me as it should. It seems to me to be simply -like a wonderful ending to a wonderful play. It has all the terrible -beauty of a Greek tragedy, a tragedy in which I took a great part, but -by which I have not been wounded." - -"It is an interesting question," said Lord Henry, who found an -exquisite pleasure in playing on the lad's unconscious egotism, "an -extremely interesting question. I fancy that the true explanation is -this: It often happens that the real tragedies of life occur in such -an inartistic manner that they hurt us by their crude violence, their -absolute incoherence, their absurd want of meaning, their entire lack -of style. They affect us just as vulgarity affects us. They give us -an impression of sheer brute force, and we revolt against that. -Sometimes, however, a tragedy that possesses artistic elements of -beauty crosses our lives. If these elements of beauty are real, the -whole thing simply appeals to our sense of dramatic effect. Suddenly -we find that we are no longer the actors, but the spectators of the -play. Or rather we are both. We watch ourselves, and the mere wonder -of the spectacle enthralls us. In the present case, what is it that -has really happened? Some one has killed herself for love of you. I -wish that I had ever had such an experience. It would have made me in -love with love for the rest of my life. The people who have adored -me--there have not been very many, but there have been some--have -always insisted on living on, long after I had ceased to care for them, -or they to care for me. They have become stout and tedious, and when I -meet them, they go in at once for reminiscences. That awful memory of -woman! What a fearful thing it is! And what an utter intellectual -stagnation it reveals! One should absorb the colour of life, but one -should never remember its details. Details are always vulgar." - -"I must sow poppies in my garden," sighed Dorian. - -"There is no necessity," rejoined his companion. "Life has always -poppies in her hands. Of course, now and then things linger. I once -wore nothing but violets all through one season, as a form of artistic -mourning for a romance that would not die. Ultimately, however, it did -die. I forget what killed it. I think it was her proposing to -sacrifice the whole world for me. That is always a dreadful moment. -It fills one with the terror of eternity. Well--would you believe -it?--a week ago, at Lady Hampshire's, I found myself seated at dinner -next the lady in question, and she insisted on going over the whole -thing again, and digging up the past, and raking up the future. I had -buried my romance in a bed of asphodel. She dragged it out again and -assured me that I had spoiled her life. I am bound to state that she -ate an enormous dinner, so I did not feel any anxiety. But what a lack -of taste she showed! The one charm of the past is that it is the past. -But women never know when the curtain has fallen. They always want a -sixth act, and as soon as the interest of the play is entirely over, -they propose to continue it. If they were allowed their own way, every -comedy would have a tragic ending, and every tragedy would culminate in -a farce. They are charmingly artificial, but they have no sense of -art. You are more fortunate than I am. I assure you, Dorian, that not -one of the women I have known would have done for me what Sibyl Vane -did for you. Ordinary women always console themselves. Some of them -do it by going in for sentimental colours. Never trust a woman who -wears mauve, whatever her age may be, or a woman over thirty-five who -is fond of pink ribbons. It always means that they have a history. -Others find a great consolation in suddenly discovering the good -qualities of their husbands. They flaunt their conjugal felicity in -one's face, as if it were the most fascinating of sins. Religion -consoles some. Its mysteries have all the charm of a flirtation, a -woman once told me, and I can quite understand it. Besides, nothing -makes one so vain as being told that one is a sinner. Conscience makes -egotists of us all. Yes; there is really no end to the consolations -that women find in modern life. Indeed, I have not mentioned the most -important one." - -"What is that, Harry?" said the lad listlessly. - -"Oh, the obvious consolation. Taking some one else's admirer when one -loses one's own. In good society that always whitewashes a woman. But -really, Dorian, how different Sibyl Vane must have been from all the -women one meets! There is something to me quite beautiful about her -death. I am glad I am living in a century when such wonders happen. -They make one believe in the reality of the things we all play with, -such as romance, passion, and love." - -"I was terribly cruel to her. You forget that." - -"I am afraid that women appreciate cruelty, downright cruelty, more -than anything else. They have wonderfully primitive instincts. We -have emancipated them, but they remain slaves looking for their -masters, all the same. They love being dominated. I am sure you were -splendid. I have never seen you really and absolutely angry, but I can -fancy how delightful you looked. And, after all, you said something to -me the day before yesterday that seemed to me at the time to be merely -fanciful, but that I see now was absolutely true, and it holds the key -to everything." - -"What was that, Harry?" - -"You said to me that Sibyl Vane represented to you all the heroines of -romance--that she was Desdemona one night, and Ophelia the other; that -if she died as Juliet, she came to life as Imogen." - -"She will never come to life again now," muttered the lad, burying his -face in his hands. - -"No, she will never come to life. She has played her last part. But -you must think of that lonely death in the tawdry dressing-room simply -as a strange lurid fragment from some Jacobean tragedy, as a wonderful -scene from Webster, or Ford, or Cyril Tourneur. The girl never really -lived, and so she has never really died. To you at least she was -always a dream, a phantom that flitted through Shakespeare's plays and -left them lovelier for its presence, a reed through which Shakespeare's -music sounded richer and more full of joy. The moment she touched -actual life, she marred it, and it marred her, and so she passed away. -Mourn for Ophelia, if you like. Put ashes on your head because -Cordelia was strangled. Cry out against Heaven because the daughter of -Brabantio died. But don't waste your tears over Sibyl Vane. She was -less real than they are." - -There was a silence. The evening darkened in the room. Noiselessly, -and with silver feet, the shadows crept in from the garden. The -colours faded wearily out of things. - -After some time Dorian Gray looked up. "You have explained me to -myself, Harry," he murmured with something of a sigh of relief. "I -felt all that you have said, but somehow I was afraid of it, and I -could not express it to myself. How well you know me! But we will not -talk again of what has happened. It has been a marvellous experience. -That is all. I wonder if life has still in store for me anything as -marvellous." - -"Life has everything in store for you, Dorian. There is nothing that -you, with your extraordinary good looks, will not be able to do." - -"But suppose, Harry, I became haggard, and old, and wrinkled? What -then?" - -"Ah, then," said Lord Henry, rising to go, "then, my dear Dorian, you -would have to fight for your victories. As it is, they are brought to -you. No, you must keep your good looks. We live in an age that reads -too much to be wise, and that thinks too much to be beautiful. We -cannot spare you. And now you had better dress and drive down to the -club. We are rather late, as it is." - -"I think I shall join you at the opera, Harry. I feel too tired to eat -anything. What is the number of your sister's box?" - -"Twenty-seven, I believe. It is on the grand tier. You will see her -name on the door. But I am sorry you won't come and dine." - -"I don't feel up to it," said Dorian listlessly. "But I am awfully -obliged to you for all that you have said to me. You are certainly my -best friend. No one has ever understood me as you have." - -"We are only at the beginning of our friendship, Dorian," answered Lord -Henry, shaking him by the hand. "Good-bye. I shall see you before -nine-thirty, I hope. Remember, Patti is singing." - -As he closed the door behind him, Dorian Gray touched the bell, and in -a few minutes Victor appeared with the lamps and drew the blinds down. -He waited impatiently for him to go. The man seemed to take an -interminable time over everything. - -As soon as he had left, he rushed to the screen and drew it back. No; -there was no further change in the picture. It had received the news -of Sibyl Vane's death before he had known of it himself. It was -conscious of the events of life as they occurred. The vicious cruelty -that marred the fine lines of the mouth had, no doubt, appeared at the -very moment that the girl had drunk the poison, whatever it was. Or -was it indifferent to results? Did it merely take cognizance of what -passed within the soul? He wondered, and hoped that some day he would -see the change taking place before his very eyes, shuddering as he -hoped it. - -Poor Sibyl! What a romance it had all been! She had often mimicked -death on the stage. Then Death himself had touched her and taken her -with him. How had she played that dreadful last scene? Had she cursed -him, as she died? No; she had died for love of him, and love would -always be a sacrament to him now. She had atoned for everything by the -sacrifice she had made of her life. He would not think any more of -what she had made him go through, on that horrible night at the -theatre. When he thought of her, it would be as a wonderful tragic -figure sent on to the world's stage to show the supreme reality of -love. A wonderful tragic figure? Tears came to his eyes as he -remembered her childlike look, and winsome fanciful ways, and shy -tremulous grace. He brushed them away hastily and looked again at the -picture. - -He felt that the time had really come for making his choice. Or had -his choice already been made? Yes, life had decided that for -him--life, and his own infinite curiosity about life. Eternal youth, -infinite passion, pleasures subtle and secret, wild joys and wilder -sins--he was to have all these things. The portrait was to bear the -burden of his shame: that was all. - -A feeling of pain crept over him as he thought of the desecration that -was in store for the fair face on the canvas. Once, in boyish mockery -of Narcissus, he had kissed, or feigned to kiss, those painted lips -that now smiled so cruelly at him. Morning after morning he had sat -before the portrait wondering at its beauty, almost enamoured of it, as -it seemed to him at times. Was it to alter now with every mood to -which he yielded? Was it to become a monstrous and loathsome thing, to -be hidden away in a locked room, to be shut out from the sunlight that -had so often touched to brighter gold the waving wonder of its hair? -The pity of it! the pity of it! - -For a moment, he thought of praying that the horrible sympathy that -existed between him and the picture might cease. It had changed in -answer to a prayer; perhaps in answer to a prayer it might remain -unchanged. And yet, who, that knew anything about life, would -surrender the chance of remaining always young, however fantastic that -chance might be, or with what fateful consequences it might be fraught? -Besides, was it really under his control? Had it indeed been prayer -that had produced the substitution? Might there not be some curious -scientific reason for it all? If thought could exercise its influence -upon a living organism, might not thought exercise an influence upon -dead and inorganic things? Nay, without thought or conscious desire, -might not things external to ourselves vibrate in unison with our moods -and passions, atom calling to atom in secret love or strange affinity? -But the reason was of no importance. He would never again tempt by a -prayer any terrible power. If the picture was to alter, it was to -alter. That was all. Why inquire too closely into it? - -For there would be a real pleasure in watching it. He would be able to -follow his mind into its secret places. This portrait would be to him -the most magical of mirrors. As it had revealed to him his own body, -so it would reveal to him his own soul. And when winter came upon it, -he would still be standing where spring trembles on the verge of -summer. When the blood crept from its face, and left behind a pallid -mask of chalk with leaden eyes, he would keep the glamour of boyhood. -Not one blossom of his loveliness would ever fade. Not one pulse of -his life would ever weaken. Like the gods of the Greeks, he would be -strong, and fleet, and joyous. What did it matter what happened to the -coloured image on the canvas? He would be safe. That was everything. - -He drew the screen back into its former place in front of the picture, -smiling as he did so, and passed into his bedroom, where his valet was -already waiting for him. An hour later he was at the opera, and Lord -Henry was leaning over his chair. - - - -CHAPTER 9 - -As he was sitting at breakfast next morning, Basil Hallward was shown -into the room. - -"I am so glad I have found you, Dorian," he said gravely. "I called -last night, and they told me you were at the opera. Of course, I knew -that was impossible. But I wish you had left word where you had really -gone to. I passed a dreadful evening, half afraid that one tragedy -might be followed by another. I think you might have telegraphed for -me when you heard of it first. I read of it quite by chance in a late -edition of _The Globe_ that I picked up at the club. I came here at once -and was miserable at not finding you. I can't tell you how -heart-broken I am about the whole thing. I know what you must suffer. -But where were you? Did you go down and see the girl's mother? For a -moment I thought of following you there. They gave the address in the -paper. Somewhere in the Euston Road, isn't it? But I was afraid of -intruding upon a sorrow that I could not lighten. Poor woman! What a -state she must be in! And her only child, too! What did she say about -it all?" - -"My dear Basil, how do I know?" murmured Dorian Gray, sipping some -pale-yellow wine from a delicate, gold-beaded bubble of Venetian glass -and looking dreadfully bored. "I was at the opera. You should have -come on there. I met Lady Gwendolen, Harry's sister, for the first -time. We were in her box. She is perfectly charming; and Patti sang -divinely. Don't talk about horrid subjects. If one doesn't talk about -a thing, it has never happened. It is simply expression, as Harry -says, that gives reality to things. I may mention that she was not the -woman's only child. There is a son, a charming fellow, I believe. But -he is not on the stage. He is a sailor, or something. And now, tell -me about yourself and what you are painting." - -"You went to the opera?" said Hallward, speaking very slowly and with a -strained touch of pain in his voice. "You went to the opera while -Sibyl Vane was lying dead in some sordid lodging? You can talk to me -of other women being charming, and of Patti singing divinely, before -the girl you loved has even the quiet of a grave to sleep in? Why, -man, there are horrors in store for that little white body of hers!" - -"Stop, Basil! I won't hear it!" cried Dorian, leaping to his feet. -"You must not tell me about things. What is done is done. What is -past is past." - -"You call yesterday the past?" - -"What has the actual lapse of time got to do with it? It is only -shallow people who require years to get rid of an emotion. A man who -is master of himself can end a sorrow as easily as he can invent a -pleasure. I don't want to be at the mercy of my emotions. I want to -use them, to enjoy them, and to dominate them." - -"Dorian, this is horrible! Something has changed you completely. You -look exactly the same wonderful boy who, day after day, used to come -down to my studio to sit for his picture. But you were simple, -natural, and affectionate then. You were the most unspoiled creature -in the whole world. Now, I don't know what has come over you. You -talk as if you had no heart, no pity in you. It is all Harry's -influence. I see that." - -The lad flushed up and, going to the window, looked out for a few -moments on the green, flickering, sun-lashed garden. "I owe a great -deal to Harry, Basil," he said at last, "more than I owe to you. You -only taught me to be vain." - -"Well, I am punished for that, Dorian--or shall be some day." - -"I don't know what you mean, Basil," he exclaimed, turning round. "I -don't know what you want. What do you want?" - -"I want the Dorian Gray I used to paint," said the artist sadly. - -"Basil," said the lad, going over to him and putting his hand on his -shoulder, "you have come too late. Yesterday, when I heard that Sibyl -Vane had killed herself--" - -"Killed herself! Good heavens! is there no doubt about that?" cried -Hallward, looking up at him with an expression of horror. - -"My dear Basil! Surely you don't think it was a vulgar accident? Of -course she killed herself." - -The elder man buried his face in his hands. "How fearful," he -muttered, and a shudder ran through him. - -"No," said Dorian Gray, "there is nothing fearful about it. It is one -of the great romantic tragedies of the age. As a rule, people who act -lead the most commonplace lives. They are good husbands, or faithful -wives, or something tedious. You know what I mean--middle-class virtue -and all that kind of thing. How different Sibyl was! She lived her -finest tragedy. She was always a heroine. The last night she -played--the night you saw her--she acted badly because she had known -the reality of love. When she knew its unreality, she died, as Juliet -might have died. She passed again into the sphere of art. There is -something of the martyr about her. Her death has all the pathetic -uselessness of martyrdom, all its wasted beauty. But, as I was saying, -you must not think I have not suffered. If you had come in yesterday -at a particular moment--about half-past five, perhaps, or a quarter to -six--you would have found me in tears. Even Harry, who was here, who -brought me the news, in fact, had no idea what I was going through. I -suffered immensely. Then it passed away. I cannot repeat an emotion. -No one can, except sentimentalists. And you are awfully unjust, Basil. -You come down here to console me. That is charming of you. You find -me consoled, and you are furious. How like a sympathetic person! You -remind me of a story Harry told me about a certain philanthropist who -spent twenty years of his life in trying to get some grievance -redressed, or some unjust law altered--I forget exactly what it was. -Finally he succeeded, and nothing could exceed his disappointment. He -had absolutely nothing to do, almost died of _ennui_, and became a -confirmed misanthrope. And besides, my dear old Basil, if you really -want to console me, teach me rather to forget what has happened, or to -see it from a proper artistic point of view. Was it not Gautier who -used to write about _la consolation des arts_? I remember picking up a -little vellum-covered book in your studio one day and chancing on that -delightful phrase. Well, I am not like that young man you told me of -when we were down at Marlow together, the young man who used to say -that yellow satin could console one for all the miseries of life. I -love beautiful things that one can touch and handle. Old brocades, -green bronzes, lacquer-work, carved ivories, exquisite surroundings, -luxury, pomp--there is much to be got from all these. But the artistic -temperament that they create, or at any rate reveal, is still more to -me. To become the spectator of one's own life, as Harry says, is to -escape the suffering of life. I know you are surprised at my talking -to you like this. You have not realized how I have developed. I was a -schoolboy when you knew me. I am a man now. I have new passions, new -thoughts, new ideas. I am different, but you must not like me less. I -am changed, but you must always be my friend. Of course, I am very -fond of Harry. But I know that you are better than he is. You are not -stronger--you are too much afraid of life--but you are better. And how -happy we used to be together! Don't leave me, Basil, and don't quarrel -with me. I am what I am. There is nothing more to be said." - -The painter felt strangely moved. The lad was infinitely dear to him, -and his personality had been the great turning point in his art. He -could not bear the idea of reproaching him any more. After all, his -indifference was probably merely a mood that would pass away. There -was so much in him that was good, so much in him that was noble. - -"Well, Dorian," he said at length, with a sad smile, "I won't speak to -you again about this horrible thing, after to-day. I only trust your -name won't be mentioned in connection with it. The inquest is to take -place this afternoon. Have they summoned you?" - -Dorian shook his head, and a look of annoyance passed over his face at -the mention of the word "inquest." There was something so crude and -vulgar about everything of the kind. "They don't know my name," he -answered. - -"But surely she did?" - -"Only my Christian name, and that I am quite sure she never mentioned -to any one. She told me once that they were all rather curious to -learn who I was, and that she invariably told them my name was Prince -Charming. It was pretty of her. You must do me a drawing of Sibyl, -Basil. I should like to have something more of her than the memory of -a few kisses and some broken pathetic words." - -"I will try and do something, Dorian, if it would please you. But you -must come and sit to me yourself again. I can't get on without you." - -"I can never sit to you again, Basil. It is impossible!" he exclaimed, -starting back. - -The painter stared at him. "My dear boy, what nonsense!" he cried. -"Do you mean to say you don't like what I did of you? Where is it? -Why have you pulled the screen in front of it? Let me look at it. It -is the best thing I have ever done. Do take the screen away, Dorian. -It is simply disgraceful of your servant hiding my work like that. I -felt the room looked different as I came in." - -"My servant has nothing to do with it, Basil. You don't imagine I let -him arrange my room for me? He settles my flowers for me -sometimes--that is all. No; I did it myself. The light was too strong -on the portrait." - -"Too strong! Surely not, my dear fellow? It is an admirable place for -it. Let me see it." And Hallward walked towards the corner of the -room. - -A cry of terror broke from Dorian Gray's lips, and he rushed between -the painter and the screen. "Basil," he said, looking very pale, "you -must not look at it. I don't wish you to." - -"Not look at my own work! You are not serious. Why shouldn't I look -at it?" exclaimed Hallward, laughing. - -"If you try to look at it, Basil, on my word of honour I will never -speak to you again as long as I live. I am quite serious. I don't -offer any explanation, and you are not to ask for any. But, remember, -if you touch this screen, everything is over between us." - -Hallward was thunderstruck. He looked at Dorian Gray in absolute -amazement. He had never seen him like this before. The lad was -actually pallid with rage. His hands were clenched, and the pupils of -his eyes were like disks of blue fire. He was trembling all over. - -"Dorian!" - -"Don't speak!" - -"But what is the matter? Of course I won't look at it if you don't -want me to," he said, rather coldly, turning on his heel and going over -towards the window. "But, really, it seems rather absurd that I -shouldn't see my own work, especially as I am going to exhibit it in -Paris in the autumn. I shall probably have to give it another coat of -varnish before that, so I must see it some day, and why not to-day?" - -"To exhibit it! You want to exhibit it?" exclaimed Dorian Gray, a -strange sense of terror creeping over him. Was the world going to be -shown his secret? Were people to gape at the mystery of his life? -That was impossible. Something--he did not know what--had to be done -at once. - -"Yes; I don't suppose you will object to that. Georges Petit is going -to collect all my best pictures for a special exhibition in the Rue de -Seze, which will open the first week in October. The portrait will -only be away a month. I should think you could easily spare it for -that time. In fact, you are sure to be out of town. And if you keep -it always behind a screen, you can't care much about it." - -Dorian Gray passed his hand over his forehead. There were beads of -perspiration there. He felt that he was on the brink of a horrible -danger. "You told me a month ago that you would never exhibit it," he -cried. "Why have you changed your mind? You people who go in for -being consistent have just as many moods as others have. The only -difference is that your moods are rather meaningless. You can't have -forgotten that you assured me most solemnly that nothing in the world -would induce you to send it to any exhibition. You told Harry exactly -the same thing." He stopped suddenly, and a gleam of light came into -his eyes. He remembered that Lord Henry had said to him once, half -seriously and half in jest, "If you want to have a strange quarter of -an hour, get Basil to tell you why he won't exhibit your picture. He -told me why he wouldn't, and it was a revelation to me." Yes, perhaps -Basil, too, had his secret. He would ask him and try. - -"Basil," he said, coming over quite close and looking him straight in -the face, "we have each of us a secret. Let me know yours, and I shall -tell you mine. What was your reason for refusing to exhibit my -picture?" - -The painter shuddered in spite of himself. "Dorian, if I told you, you -might like me less than you do, and you would certainly laugh at me. I -could not bear your doing either of those two things. If you wish me -never to look at your picture again, I am content. I have always you -to look at. If you wish the best work I have ever done to be hidden -from the world, I am satisfied. Your friendship is dearer to me than -any fame or reputation." - -"No, Basil, you must tell me," insisted Dorian Gray. "I think I have a -right to know." His feeling of terror had passed away, and curiosity -had taken its place. He was determined to find out Basil Hallward's -mystery. - -"Let us sit down, Dorian," said the painter, looking troubled. "Let us -sit down. And just answer me one question. Have you noticed in the -picture something curious?--something that probably at first did not -strike you, but that revealed itself to you suddenly?" - -"Basil!" cried the lad, clutching the arms of his chair with trembling -hands and gazing at him with wild startled eyes. - -"I see you did. Don't speak. Wait till you hear what I have to say. -Dorian, from the moment I met you, your personality had the most -extraordinary influence over me. I was dominated, soul, brain, and -power, by you. You became to me the visible incarnation of that unseen -ideal whose memory haunts us artists like an exquisite dream. I -worshipped you. I grew jealous of every one to whom you spoke. I -wanted to have you all to myself. I was only happy when I was with -you. When you were away from me, you were still present in my art.... -Of course, I never let you know anything about this. It would have -been impossible. You would not have understood it. I hardly -understood it myself. I only knew that I had seen perfection face to -face, and that the world had become wonderful to my eyes--too -wonderful, perhaps, for in such mad worships there is peril, the peril -of losing them, no less than the peril of keeping them.... Weeks and -weeks went on, and I grew more and more absorbed in you. Then came a -new development. I had drawn you as Paris in dainty armour, and as -Adonis with huntsman's cloak and polished boar-spear. Crowned with -heavy lotus-blossoms you had sat on the prow of Adrian's barge, gazing -across the green turbid Nile. You had leaned over the still pool of -some Greek woodland and seen in the water's silent silver the marvel of -your own face. And it had all been what art should be--unconscious, -ideal, and remote. One day, a fatal day I sometimes think, I -determined to paint a wonderful portrait of you as you actually are, -not in the costume of dead ages, but in your own dress and in your own -time. Whether it was the realism of the method, or the mere wonder of -your own personality, thus directly presented to me without mist or -veil, I cannot tell. But I know that as I worked at it, every flake -and film of colour seemed to me to reveal my secret. I grew afraid -that others would know of my idolatry. I felt, Dorian, that I had told -too much, that I had put too much of myself into it. Then it was that -I resolved never to allow the picture to be exhibited. You were a -little annoyed; but then you did not realize all that it meant to me. -Harry, to whom I talked about it, laughed at me. But I did not mind -that. When the picture was finished, and I sat alone with it, I felt -that I was right.... Well, after a few days the thing left my studio, -and as soon as I had got rid of the intolerable fascination of its -presence, it seemed to me that I had been foolish in imagining that I -had seen anything in it, more than that you were extremely good-looking -and that I could paint. Even now I cannot help feeling that it is a -mistake to think that the passion one feels in creation is ever really -shown in the work one creates. Art is always more abstract than we -fancy. Form and colour tell us of form and colour--that is all. It -often seems to me that art conceals the artist far more completely than -it ever reveals him. And so when I got this offer from Paris, I -determined to make your portrait the principal thing in my exhibition. -It never occurred to me that you would refuse. I see now that you were -right. The picture cannot be shown. You must not be angry with me, -Dorian, for what I have told you. As I said to Harry, once, you are -made to be worshipped." - -Dorian Gray drew a long breath. The colour came back to his cheeks, -and a smile played about his lips. The peril was over. He was safe -for the time. Yet he could not help feeling infinite pity for the -painter who had just made this strange confession to him, and wondered -if he himself would ever be so dominated by the personality of a -friend. Lord Henry had the charm of being very dangerous. But that -was all. He was too clever and too cynical to be really fond of. -Would there ever be some one who would fill him with a strange -idolatry? Was that one of the things that life had in store? - -"It is extraordinary to me, Dorian," said Hallward, "that you should -have seen this in the portrait. Did you really see it?" - -"I saw something in it," he answered, "something that seemed to me very -curious." - -"Well, you don't mind my looking at the thing now?" - -Dorian shook his head. "You must not ask me that, Basil. I could not -possibly let you stand in front of that picture." - -"You will some day, surely?" - -"Never." - -"Well, perhaps you are right. And now good-bye, Dorian. You have been -the one person in my life who has really influenced my art. Whatever I -have done that is good, I owe to you. Ah! you don't know what it cost -me to tell you all that I have told you." - -"My dear Basil," said Dorian, "what have you told me? Simply that you -felt that you admired me too much. That is not even a compliment." - -"It was not intended as a compliment. It was a confession. Now that I -have made it, something seems to have gone out of me. Perhaps one -should never put one's worship into words." - -"It was a very disappointing confession." - -"Why, what did you expect, Dorian? You didn't see anything else in the -picture, did you? There was nothing else to see?" - -"No; there was nothing else to see. Why do you ask? But you mustn't -talk about worship. It is foolish. You and I are friends, Basil, and -we must always remain so." - -"You have got Harry," said the painter sadly. - -"Oh, Harry!" cried the lad, with a ripple of laughter. "Harry spends -his days in saying what is incredible and his evenings in doing what is -improbable. Just the sort of life I would like to lead. But still I -don't think I would go to Harry if I were in trouble. I would sooner -go to you, Basil." - -"You will sit to me again?" - -"Impossible!" - -"You spoil my life as an artist by refusing, Dorian. No man comes -across two ideal things. Few come across one." - -"I can't explain it to you, Basil, but I must never sit to you again. -There is something fatal about a portrait. It has a life of its own. -I will come and have tea with you. That will be just as pleasant." - -"Pleasanter for you, I am afraid," murmured Hallward regretfully. "And -now good-bye. I am sorry you won't let me look at the picture once -again. But that can't be helped. I quite understand what you feel -about it." - -As he left the room, Dorian Gray smiled to himself. Poor Basil! How -little he knew of the true reason! And how strange it was that, -instead of having been forced to reveal his own secret, he had -succeeded, almost by chance, in wresting a secret from his friend! How -much that strange confession explained to him! The painter's absurd -fits of jealousy, his wild devotion, his extravagant panegyrics, his -curious reticences--he understood them all now, and he felt sorry. -There seemed to him to be something tragic in a friendship so coloured -by romance. - -He sighed and touched the bell. The portrait must be hidden away at -all costs. He could not run such a risk of discovery again. It had -been mad of him to have allowed the thing to remain, even for an hour, -in a room to which any of his friends had access. - - - -CHAPTER 10 - -When his servant entered, he looked at him steadfastly and wondered if -he had thought of peering behind the screen. The man was quite -impassive and waited for his orders. Dorian lit a cigarette and walked -over to the glass and glanced into it. He could see the reflection of -Victor's face perfectly. It was like a placid mask of servility. -There was nothing to be afraid of, there. Yet he thought it best to be -on his guard. - -Speaking very slowly, he told him to tell the house-keeper that he -wanted to see her, and then to go to the frame-maker and ask him to -send two of his men round at once. It seemed to him that as the man -left the room his eyes wandered in the direction of the screen. Or was -that merely his own fancy? - -After a few moments, in her black silk dress, with old-fashioned thread -mittens on her wrinkled hands, Mrs. Leaf bustled into the library. He -asked her for the key of the schoolroom. - -"The old schoolroom, Mr. Dorian?" she exclaimed. "Why, it is full of -dust. I must get it arranged and put straight before you go into it. -It is not fit for you to see, sir. It is not, indeed." - -"I don't want it put straight, Leaf. I only want the key." - -"Well, sir, you'll be covered with cobwebs if you go into it. Why, it -hasn't been opened for nearly five years--not since his lordship died." - -He winced at the mention of his grandfather. He had hateful memories -of him. "That does not matter," he answered. "I simply want to see -the place--that is all. Give me the key." - -"And here is the key, sir," said the old lady, going over the contents -of her bunch with tremulously uncertain hands. "Here is the key. I'll -have it off the bunch in a moment. But you don't think of living up -there, sir, and you so comfortable here?" - -"No, no," he cried petulantly. "Thank you, Leaf. That will do." - -She lingered for a few moments, and was garrulous over some detail of -the household. He sighed and told her to manage things as she thought -best. She left the room, wreathed in smiles. - -As the door closed, Dorian put the key in his pocket and looked round -the room. His eye fell on a large, purple satin coverlet heavily -embroidered with gold, a splendid piece of late seventeenth-century -Venetian work that his grandfather had found in a convent near Bologna. -Yes, that would serve to wrap the dreadful thing in. It had perhaps -served often as a pall for the dead. Now it was to hide something that -had a corruption of its own, worse than the corruption of death -itself--something that would breed horrors and yet would never die. -What the worm was to the corpse, his sins would be to the painted image -on the canvas. They would mar its beauty and eat away its grace. They -would defile it and make it shameful. And yet the thing would still -live on. It would be always alive. - -He shuddered, and for a moment he regretted that he had not told Basil -the true reason why he had wished to hide the picture away. Basil -would have helped him to resist Lord Henry's influence, and the still -more poisonous influences that came from his own temperament. The love -that he bore him--for it was really love--had nothing in it that was -not noble and intellectual. It was not that mere physical admiration -of beauty that is born of the senses and that dies when the senses -tire. It was such love as Michelangelo had known, and Montaigne, and -Winckelmann, and Shakespeare himself. Yes, Basil could have saved him. -But it was too late now. The past could always be annihilated. -Regret, denial, or forgetfulness could do that. But the future was -inevitable. There were passions in him that would find their terrible -outlet, dreams that would make the shadow of their evil real. - -He took up from the couch the great purple-and-gold texture that -covered it, and, holding it in his hands, passed behind the screen. -Was the face on the canvas viler than before? It seemed to him that it -was unchanged, and yet his loathing of it was intensified. Gold hair, -blue eyes, and rose-red lips--they all were there. It was simply the -expression that had altered. That was horrible in its cruelty. -Compared to what he saw in it of censure or rebuke, how shallow Basil's -reproaches about Sibyl Vane had been!--how shallow, and of what little -account! His own soul was looking out at him from the canvas and -calling him to judgement. A look of pain came across him, and he flung -the rich pall over the picture. As he did so, a knock came to the -door. He passed out as his servant entered. - -"The persons are here, Monsieur." - -He felt that the man must be got rid of at once. He must not be -allowed to know where the picture was being taken to. There was -something sly about him, and he had thoughtful, treacherous eyes. -Sitting down at the writing-table he scribbled a note to Lord Henry, -asking him to send him round something to read and reminding him that -they were to meet at eight-fifteen that evening. - -"Wait for an answer," he said, handing it to him, "and show the men in -here." - -In two or three minutes there was another knock, and Mr. Hubbard -himself, the celebrated frame-maker of South Audley Street, came in -with a somewhat rough-looking young assistant. Mr. Hubbard was a -florid, red-whiskered little man, whose admiration for art was -considerably tempered by the inveterate impecuniosity of most of the -artists who dealt with him. As a rule, he never left his shop. He -waited for people to come to him. But he always made an exception in -favour of Dorian Gray. There was something about Dorian that charmed -everybody. It was a pleasure even to see him. - -"What can I do for you, Mr. Gray?" he said, rubbing his fat freckled -hands. "I thought I would do myself the honour of coming round in -person. I have just got a beauty of a frame, sir. Picked it up at a -sale. Old Florentine. Came from Fonthill, I believe. Admirably -suited for a religious subject, Mr. Gray." - -"I am so sorry you have given yourself the trouble of coming round, Mr. -Hubbard. I shall certainly drop in and look at the frame--though I -don't go in much at present for religious art--but to-day I only want a -picture carried to the top of the house for me. It is rather heavy, so -I thought I would ask you to lend me a couple of your men." - -"No trouble at all, Mr. Gray. I am delighted to be of any service to -you. Which is the work of art, sir?" - -"This," replied Dorian, moving the screen back. "Can you move it, -covering and all, just as it is? I don't want it to get scratched -going upstairs." - -"There will be no difficulty, sir," said the genial frame-maker, -beginning, with the aid of his assistant, to unhook the picture from -the long brass chains by which it was suspended. "And, now, where -shall we carry it to, Mr. Gray?" - -"I will show you the way, Mr. Hubbard, if you will kindly follow me. -Or perhaps you had better go in front. I am afraid it is right at the -top of the house. We will go up by the front staircase, as it is -wider." - -He held the door open for them, and they passed out into the hall and -began the ascent. The elaborate character of the frame had made the -picture extremely bulky, and now and then, in spite of the obsequious -protests of Mr. Hubbard, who had the true tradesman's spirited dislike -of seeing a gentleman doing anything useful, Dorian put his hand to it -so as to help them. - -"Something of a load to carry, sir," gasped the little man when they -reached the top landing. And he wiped his shiny forehead. - -"I am afraid it is rather heavy," murmured Dorian as he unlocked the -door that opened into the room that was to keep for him the curious -secret of his life and hide his soul from the eyes of men. - -He had not entered the place for more than four years--not, indeed, -since he had used it first as a play-room when he was a child, and then -as a study when he grew somewhat older. It was a large, -well-proportioned room, which had been specially built by the last Lord -Kelso for the use of the little grandson whom, for his strange likeness -to his mother, and also for other reasons, he had always hated and -desired to keep at a distance. It appeared to Dorian to have but -little changed. There was the huge Italian _cassone_, with its -fantastically painted panels and its tarnished gilt mouldings, in which -he had so often hidden himself as a boy. There the satinwood book-case -filled with his dog-eared schoolbooks. On the wall behind it was -hanging the same ragged Flemish tapestry where a faded king and queen -were playing chess in a garden, while a company of hawkers rode by, -carrying hooded birds on their gauntleted wrists. How well he -remembered it all! Every moment of his lonely childhood came back to -him as he looked round. He recalled the stainless purity of his boyish -life, and it seemed horrible to him that it was here the fatal portrait -was to be hidden away. How little he had thought, in those dead days, -of all that was in store for him! - -But there was no other place in the house so secure from prying eyes as -this. He had the key, and no one else could enter it. Beneath its -purple pall, the face painted on the canvas could grow bestial, sodden, -and unclean. What did it matter? No one could see it. He himself -would not see it. Why should he watch the hideous corruption of his -soul? He kept his youth--that was enough. And, besides, might not -his nature grow finer, after all? There was no reason that the future -should be so full of shame. Some love might come across his life, and -purify him, and shield him from those sins that seemed to be already -stirring in spirit and in flesh--those curious unpictured sins whose -very mystery lent them their subtlety and their charm. Perhaps, some -day, the cruel look would have passed away from the scarlet sensitive -mouth, and he might show to the world Basil Hallward's masterpiece. - -No; that was impossible. Hour by hour, and week by week, the thing -upon the canvas was growing old. It might escape the hideousness of -sin, but the hideousness of age was in store for it. The cheeks would -become hollow or flaccid. Yellow crow's feet would creep round the -fading eyes and make them horrible. The hair would lose its -brightness, the mouth would gape or droop, would be foolish or gross, -as the mouths of old men are. There would be the wrinkled throat, the -cold, blue-veined hands, the twisted body, that he remembered in the -grandfather who had been so stern to him in his boyhood. The picture -had to be concealed. There was no help for it. - -"Bring it in, Mr. Hubbard, please," he said, wearily, turning round. -"I am sorry I kept you so long. I was thinking of something else." - -"Always glad to have a rest, Mr. Gray," answered the frame-maker, who -was still gasping for breath. "Where shall we put it, sir?" - -"Oh, anywhere. Here: this will do. I don't want to have it hung up. -Just lean it against the wall. Thanks." - -"Might one look at the work of art, sir?" - -Dorian started. "It would not interest you, Mr. Hubbard," he said, -keeping his eye on the man. He felt ready to leap upon him and fling -him to the ground if he dared to lift the gorgeous hanging that -concealed the secret of his life. "I shan't trouble you any more now. -I am much obliged for your kindness in coming round." - -"Not at all, not at all, Mr. Gray. Ever ready to do anything for you, -sir." And Mr. Hubbard tramped downstairs, followed by the assistant, -who glanced back at Dorian with a look of shy wonder in his rough -uncomely face. He had never seen any one so marvellous. - -When the sound of their footsteps had died away, Dorian locked the door -and put the key in his pocket. He felt safe now. No one would ever -look upon the horrible thing. No eye but his would ever see his shame. - -On reaching the library, he found that it was just after five o'clock -and that the tea had been already brought up. On a little table of -dark perfumed wood thickly incrusted with nacre, a present from Lady -Radley, his guardian's wife, a pretty professional invalid who had -spent the preceding winter in Cairo, was lying a note from Lord Henry, -and beside it was a book bound in yellow paper, the cover slightly torn -and the edges soiled. A copy of the third edition of _The St. James's -Gazette_ had been placed on the tea-tray. It was evident that Victor had -returned. He wondered if he had met the men in the hall as they were -leaving the house and had wormed out of them what they had been doing. -He would be sure to miss the picture--had no doubt missed it already, -while he had been laying the tea-things. The screen had not been set -back, and a blank space was visible on the wall. Perhaps some night he -might find him creeping upstairs and trying to force the door of the -room. It was a horrible thing to have a spy in one's house. He had -heard of rich men who had been blackmailed all their lives by some -servant who had read a letter, or overheard a conversation, or picked -up a card with an address, or found beneath a pillow a withered flower -or a shred of crumpled lace. - -He sighed, and having poured himself out some tea, opened Lord Henry's -note. It was simply to say that he sent him round the evening paper, -and a book that might interest him, and that he would be at the club at -eight-fifteen. He opened _The St. James's_ languidly, and looked through -it. A red pencil-mark on the fifth page caught his eye. It drew -attention to the following paragraph: - - -INQUEST ON AN ACTRESS.--An inquest was held this morning at the Bell -Tavern, Hoxton Road, by Mr. Danby, the District Coroner, on the body of -Sibyl Vane, a young actress recently engaged at the Royal Theatre, -Holborn. A verdict of death by misadventure was returned. -Considerable sympathy was expressed for the mother of the deceased, who -was greatly affected during the giving of her own evidence, and that of -Dr. Birrell, who had made the post-mortem examination of the deceased. - - -He frowned, and tearing the paper in two, went across the room and -flung the pieces away. How ugly it all was! And how horribly real -ugliness made things! He felt a little annoyed with Lord Henry for -having sent him the report. And it was certainly stupid of him to have -marked it with red pencil. Victor might have read it. The man knew -more than enough English for that. - -Perhaps he had read it and had begun to suspect something. And, yet, -what did it matter? What had Dorian Gray to do with Sibyl Vane's -death? There was nothing to fear. Dorian Gray had not killed her. - -His eye fell on the yellow book that Lord Henry had sent him. What was -it, he wondered. He went towards the little, pearl-coloured octagonal -stand that had always looked to him like the work of some strange -Egyptian bees that wrought in silver, and taking up the volume, flung -himself into an arm-chair and began to turn over the leaves. After a -few minutes he became absorbed. It was the strangest book that he had -ever read. It seemed to him that in exquisite raiment, and to the -delicate sound of flutes, the sins of the world were passing in dumb -show before him. Things that he had dimly dreamed of were suddenly -made real to him. Things of which he had never dreamed were gradually -revealed. - -It was a novel without a plot and with only one character, being, -indeed, simply a psychological study of a certain young Parisian who -spent his life trying to realize in the nineteenth century all the -passions and modes of thought that belonged to every century except his -own, and to sum up, as it were, in himself the various moods through -which the world-spirit had ever passed, loving for their mere -artificiality those renunciations that men have unwisely called virtue, -as much as those natural rebellions that wise men still call sin. The -style in which it was written was that curious jewelled style, vivid -and obscure at once, full of _argot_ and of archaisms, of technical -expressions and of elaborate paraphrases, that characterizes the work -of some of the finest artists of the French school of _Symbolistes_. -There were in it metaphors as monstrous as orchids and as subtle in -colour. The life of the senses was described in the terms of mystical -philosophy. One hardly knew at times whether one was reading the -spiritual ecstasies of some mediaeval saint or the morbid confessions -of a modern sinner. It was a poisonous book. The heavy odour of -incense seemed to cling about its pages and to trouble the brain. The -mere cadence of the sentences, the subtle monotony of their music, so -full as it was of complex refrains and movements elaborately repeated, -produced in the mind of the lad, as he passed from chapter to chapter, -a form of reverie, a malady of dreaming, that made him unconscious of -the falling day and creeping shadows. - -Cloudless, and pierced by one solitary star, a copper-green sky gleamed -through the windows. He read on by its wan light till he could read no -more. Then, after his valet had reminded him several times of the -lateness of the hour, he got up, and going into the next room, placed -the book on the little Florentine table that always stood at his -bedside and began to dress for dinner. - -It was almost nine o'clock before he reached the club, where he found -Lord Henry sitting alone, in the morning-room, looking very much bored. - -"I am so sorry, Harry," he cried, "but really it is entirely your -fault. That book you sent me so fascinated me that I forgot how the -time was going." - -"Yes, I thought you would like it," replied his host, rising from his -chair. - -"I didn't say I liked it, Harry. I said it fascinated me. There is a -great difference." - -"Ah, you have discovered that?" murmured Lord Henry. And they passed -into the dining-room. - - - -CHAPTER 11 - -For years, Dorian Gray could not free himself from the influence of -this book. Or perhaps it would be more accurate to say that he never -sought to free himself from it. He procured from Paris no less than -nine large-paper copies of the first edition, and had them bound in -different colours, so that they might suit his various moods and the -changing fancies of a nature over which he seemed, at times, to have -almost entirely lost control. The hero, the wonderful young Parisian -in whom the romantic and the scientific temperaments were so strangely -blended, became to him a kind of prefiguring type of himself. And, -indeed, the whole book seemed to him to contain the story of his own -life, written before he had lived it. - -In one point he was more fortunate than the novel's fantastic hero. He -never knew--never, indeed, had any cause to know--that somewhat -grotesque dread of mirrors, and polished metal surfaces, and still -water which came upon the young Parisian so early in his life, and was -occasioned by the sudden decay of a beau that had once, apparently, -been so remarkable. It was with an almost cruel joy--and perhaps in -nearly every joy, as certainly in every pleasure, cruelty has its -place--that he used to read the latter part of the book, with its -really tragic, if somewhat overemphasized, account of the sorrow and -despair of one who had himself lost what in others, and the world, he -had most dearly valued. - -For the wonderful beauty that had so fascinated Basil Hallward, and -many others besides him, seemed never to leave him. Even those who had -heard the most evil things against him--and from time to time strange -rumours about his mode of life crept through London and became the -chatter of the clubs--could not believe anything to his dishonour when -they saw him. He had always the look of one who had kept himself -unspotted from the world. Men who talked grossly became silent when -Dorian Gray entered the room. There was something in the purity of his -face that rebuked them. His mere presence seemed to recall to them the -memory of the innocence that they had tarnished. They wondered how one -so charming and graceful as he was could have escaped the stain of an -age that was at once sordid and sensual. - -Often, on returning home from one of those mysterious and prolonged -absences that gave rise to such strange conjecture among those who were -his friends, or thought that they were so, he himself would creep -upstairs to the locked room, open the door with the key that never left -him now, and stand, with a mirror, in front of the portrait that Basil -Hallward had painted of him, looking now at the evil and aging face on -the canvas, and now at the fair young face that laughed back at him -from the polished glass. The very sharpness of the contrast used to -quicken his sense of pleasure. He grew more and more enamoured of his -own beauty, more and more interested in the corruption of his own soul. -He would examine with minute care, and sometimes with a monstrous and -terrible delight, the hideous lines that seared the wrinkling forehead -or crawled around the heavy sensual mouth, wondering sometimes which -were the more horrible, the signs of sin or the signs of age. He would -place his white hands beside the coarse bloated hands of the picture, -and smile. He mocked the misshapen body and the failing limbs. - -There were moments, indeed, at night, when, lying sleepless in his own -delicately scented chamber, or in the sordid room of the little -ill-famed tavern near the docks which, under an assumed name and in -disguise, it was his habit to frequent, he would think of the ruin he -had brought upon his soul with a pity that was all the more poignant -because it was purely selfish. But moments such as these were rare. -That curiosity about life which Lord Henry had first stirred in him, as -they sat together in the garden of their friend, seemed to increase -with gratification. The more he knew, the more he desired to know. He -had mad hungers that grew more ravenous as he fed them. - -Yet he was not really reckless, at any rate in his relations to -society. Once or twice every month during the winter, and on each -Wednesday evening while the season lasted, he would throw open to the -world his beautiful house and have the most celebrated musicians of the -day to charm his guests with the wonders of their art. His little -dinners, in the settling of which Lord Henry always assisted him, were -noted as much for the careful selection and placing of those invited, -as for the exquisite taste shown in the decoration of the table, with -its subtle symphonic arrangements of exotic flowers, and embroidered -cloths, and antique plate of gold and silver. Indeed, there were many, -especially among the very young men, who saw, or fancied that they saw, -in Dorian Gray the true realization of a type of which they had often -dreamed in Eton or Oxford days, a type that was to combine something of -the real culture of the scholar with all the grace and distinction and -perfect manner of a citizen of the world. To them he seemed to be of -the company of those whom Dante describes as having sought to "make -themselves perfect by the worship of beauty." Like Gautier, he was one -for whom "the visible world existed." - -And, certainly, to him life itself was the first, the greatest, of the -arts, and for it all the other arts seemed to be but a preparation. -Fashion, by which what is really fantastic becomes for a moment -universal, and dandyism, which, in its own way, is an attempt to assert -the absolute modernity of beauty, had, of course, their fascination for -him. His mode of dressing, and the particular styles that from time to -time he affected, had their marked influence on the young exquisites of -the Mayfair balls and Pall Mall club windows, who copied him in -everything that he did, and tried to reproduce the accidental charm of -his graceful, though to him only half-serious, fopperies. - -For, while he was but too ready to accept the position that was almost -immediately offered to him on his coming of age, and found, indeed, a -subtle pleasure in the thought that he might really become to the -London of his own day what to imperial Neronian Rome the author of the -Satyricon once had been, yet in his inmost heart he desired to be -something more than a mere _arbiter elegantiarum_, to be consulted on the -wearing of a jewel, or the knotting of a necktie, or the conduct of a -cane. He sought to elaborate some new scheme of life that would have -its reasoned philosophy and its ordered principles, and find in the -spiritualizing of the senses its highest realization. - -The worship of the senses has often, and with much justice, been -decried, men feeling a natural instinct of terror about passions and -sensations that seem stronger than themselves, and that they are -conscious of sharing with the less highly organized forms of existence. -But it appeared to Dorian Gray that the true nature of the senses had -never been understood, and that they had remained savage and animal -merely because the world had sought to starve them into submission or -to kill them by pain, instead of aiming at making them elements of a -new spirituality, of which a fine instinct for beauty was to be the -dominant characteristic. As he looked back upon man moving through -history, he was haunted by a feeling of loss. So much had been -surrendered! and to such little purpose! There had been mad wilful -rejections, monstrous forms of self-torture and self-denial, whose -origin was fear and whose result was a degradation infinitely more -terrible than that fancied degradation from which, in their ignorance, -they had sought to escape; Nature, in her wonderful irony, driving out -the anchorite to feed with the wild animals of the desert and giving to -the hermit the beasts of the field as his companions. - -Yes: there was to be, as Lord Henry had prophesied, a new Hedonism -that was to recreate life and to save it from that harsh uncomely -puritanism that is having, in our own day, its curious revival. It was -to have its service of the intellect, certainly, yet it was never to -accept any theory or system that would involve the sacrifice of any -mode of passionate experience. Its aim, indeed, was to be experience -itself, and not the fruits of experience, sweet or bitter as they might -be. Of the asceticism that deadens the senses, as of the vulgar -profligacy that dulls them, it was to know nothing. But it was to -teach man to concentrate himself upon the moments of a life that is -itself but a moment. - -There are few of us who have not sometimes wakened before dawn, either -after one of those dreamless nights that make us almost enamoured of -death, or one of those nights of horror and misshapen joy, when through -the chambers of the brain sweep phantoms more terrible than reality -itself, and instinct with that vivid life that lurks in all grotesques, -and that lends to Gothic art its enduring vitality, this art being, one -might fancy, especially the art of those whose minds have been troubled -with the malady of reverie. Gradually white fingers creep through the -curtains, and they appear to tremble. In black fantastic shapes, dumb -shadows crawl into the corners of the room and crouch there. Outside, -there is the stirring of birds among the leaves, or the sound of men -going forth to their work, or the sigh and sob of the wind coming down -from the hills and wandering round the silent house, as though it -feared to wake the sleepers and yet must needs call forth sleep from -her purple cave. Veil after veil of thin dusky gauze is lifted, and by -degrees the forms and colours of things are restored to them, and we -watch the dawn remaking the world in its antique pattern. The wan -mirrors get back their mimic life. The flameless tapers stand where we -had left them, and beside them lies the half-cut book that we had been -studying, or the wired flower that we had worn at the ball, or the -letter that we had been afraid to read, or that we had read too often. -Nothing seems to us changed. Out of the unreal shadows of the night -comes back the real life that we had known. We have to resume it where -we had left off, and there steals over us a terrible sense of the -necessity for the continuance of energy in the same wearisome round of -stereotyped habits, or a wild longing, it may be, that our eyelids -might open some morning upon a world that had been refashioned anew in -the darkness for our pleasure, a world in which things would have fresh -shapes and colours, and be changed, or have other secrets, a world in -which the past would have little or no place, or survive, at any rate, -in no conscious form of obligation or regret, the remembrance even of -joy having its bitterness and the memories of pleasure their pain. - -It was the creation of such worlds as these that seemed to Dorian Gray -to be the true object, or amongst the true objects, of life; and in his -search for sensations that would be at once new and delightful, and -possess that element of strangeness that is so essential to romance, he -would often adopt certain modes of thought that he knew to be really -alien to his nature, abandon himself to their subtle influences, and -then, having, as it were, caught their colour and satisfied his -intellectual curiosity, leave them with that curious indifference that -is not incompatible with a real ardour of temperament, and that, -indeed, according to certain modern psychologists, is often a condition -of it. - -It was rumoured of him once that he was about to join the Roman -Catholic communion, and certainly the Roman ritual had always a great -attraction for him. The daily sacrifice, more awful really than all -the sacrifices of the antique world, stirred him as much by its superb -rejection of the evidence of the senses as by the primitive simplicity -of its elements and the eternal pathos of the human tragedy that it -sought to symbolize. He loved to kneel down on the cold marble -pavement and watch the priest, in his stiff flowered dalmatic, slowly -and with white hands moving aside the veil of the tabernacle, or -raising aloft the jewelled, lantern-shaped monstrance with that pallid -wafer that at times, one would fain think, is indeed the "_panis -caelestis_," the bread of angels, or, robed in the garments of the -Passion of Christ, breaking the Host into the chalice and smiting his -breast for his sins. The fuming censers that the grave boys, in their -lace and scarlet, tossed into the air like great gilt flowers had their -subtle fascination for him. As he passed out, he used to look with -wonder at the black confessionals and long to sit in the dim shadow of -one of them and listen to men and women whispering through the worn -grating the true story of their lives. - -But he never fell into the error of arresting his intellectual -development by any formal acceptance of creed or system, or of -mistaking, for a house in which to live, an inn that is but suitable -for the sojourn of a night, or for a few hours of a night in which -there are no stars and the moon is in travail. Mysticism, with its -marvellous power of making common things strange to us, and the subtle -antinomianism that always seems to accompany it, moved him for a -season; and for a season he inclined to the materialistic doctrines of -the _Darwinismus_ movement in Germany, and found a curious pleasure in -tracing the thoughts and passions of men to some pearly cell in the -brain, or some white nerve in the body, delighting in the conception of -the absolute dependence of the spirit on certain physical conditions, -morbid or healthy, normal or diseased. Yet, as has been said of him -before, no theory of life seemed to him to be of any importance -compared with life itself. He felt keenly conscious of how barren all -intellectual speculation is when separated from action and experiment. -He knew that the senses, no less than the soul, have their spiritual -mysteries to reveal. - -And so he would now study perfumes and the secrets of their -manufacture, distilling heavily scented oils and burning odorous gums -from the East. He saw that there was no mood of the mind that had not -its counterpart in the sensuous life, and set himself to discover their -true relations, wondering what there was in frankincense that made one -mystical, and in ambergris that stirred one's passions, and in violets -that woke the memory of dead romances, and in musk that troubled the -brain, and in champak that stained the imagination; and seeking often -to elaborate a real psychology of perfumes, and to estimate the several -influences of sweet-smelling roots and scented, pollen-laden flowers; -of aromatic balms and of dark and fragrant woods; of spikenard, that -sickens; of hovenia, that makes men mad; and of aloes, that are said to -be able to expel melancholy from the soul. - -At another time he devoted himself entirely to music, and in a long -latticed room, with a vermilion-and-gold ceiling and walls of -olive-green lacquer, he used to give curious concerts in which mad -gipsies tore wild music from little zithers, or grave, yellow-shawled -Tunisians plucked at the strained strings of monstrous lutes, while -grinning Negroes beat monotonously upon copper drums and, crouching -upon scarlet mats, slim turbaned Indians blew through long pipes of -reed or brass and charmed--or feigned to charm--great hooded snakes and -horrible horned adders. The harsh intervals and shrill discords of -barbaric music stirred him at times when Schubert's grace, and Chopin's -beautiful sorrows, and the mighty harmonies of Beethoven himself, fell -unheeded on his ear. He collected together from all parts of the world -the strangest instruments that could be found, either in the tombs of -dead nations or among the few savage tribes that have survived contact -with Western civilizations, and loved to touch and try them. He had -the mysterious _juruparis_ of the Rio Negro Indians, that women are not -allowed to look at and that even youths may not see till they have been -subjected to fasting and scourging, and the earthen jars of the -Peruvians that have the shrill cries of birds, and flutes of human -bones such as Alfonso de Ovalle heard in Chile, and the sonorous green -jaspers that are found near Cuzco and give forth a note of singular -sweetness. He had painted gourds filled with pebbles that rattled when -they were shaken; the long _clarin_ of the Mexicans, into which the -performer does not blow, but through which he inhales the air; the -harsh _ture_ of the Amazon tribes, that is sounded by the sentinels who -sit all day long in high trees, and can be heard, it is said, at a -distance of three leagues; the _teponaztli_, that has two vibrating -tongues of wood and is beaten with sticks that are smeared with an -elastic gum obtained from the milky juice of plants; the _yotl_-bells of -the Aztecs, that are hung in clusters like grapes; and a huge -cylindrical drum, covered with the skins of great serpents, like the -one that Bernal Diaz saw when he went with Cortes into the Mexican -temple, and of whose doleful sound he has left us so vivid a -description. The fantastic character of these instruments fascinated -him, and he felt a curious delight in the thought that art, like -Nature, has her monsters, things of bestial shape and with hideous -voices. Yet, after some time, he wearied of them, and would sit in his -box at the opera, either alone or with Lord Henry, listening in rapt -pleasure to "Tannhauser" and seeing in the prelude to that great work -of art a presentation of the tragedy of his own soul. - -On one occasion he took up the study of jewels, and appeared at a -costume ball as Anne de Joyeuse, Admiral of France, in a dress covered -with five hundred and sixty pearls. This taste enthralled him for -years, and, indeed, may be said never to have left him. He would often -spend a whole day settling and resettling in their cases the various -stones that he had collected, such as the olive-green chrysoberyl that -turns red by lamplight, the cymophane with its wirelike line of silver, -the pistachio-coloured peridot, rose-pink and wine-yellow topazes, -carbuncles of fiery scarlet with tremulous, four-rayed stars, flame-red -cinnamon-stones, orange and violet spinels, and amethysts with their -alternate layers of ruby and sapphire. He loved the red gold of the -sunstone, and the moonstone's pearly whiteness, and the broken rainbow -of the milky opal. He procured from Amsterdam three emeralds of -extraordinary size and richness of colour, and had a turquoise _de la -vieille roche_ that was the envy of all the connoisseurs. - -He discovered wonderful stories, also, about jewels. In Alphonso's -Clericalis Disciplina a serpent was mentioned with eyes of real -jacinth, and in the romantic history of Alexander, the Conqueror of -Emathia was said to have found in the vale of Jordan snakes "with -collars of real emeralds growing on their backs." There was a gem in -the brain of the dragon, Philostratus told us, and "by the exhibition -of golden letters and a scarlet robe" the monster could be thrown into -a magical sleep and slain. According to the great alchemist, Pierre de -Boniface, the diamond rendered a man invisible, and the agate of India -made him eloquent. The cornelian appeased anger, and the hyacinth -provoked sleep, and the amethyst drove away the fumes of wine. The -garnet cast out demons, and the hydropicus deprived the moon of her -colour. The selenite waxed and waned with the moon, and the meloceus, -that discovers thieves, could be affected only by the blood of kids. -Leonardus Camillus had seen a white stone taken from the brain of a -newly killed toad, that was a certain antidote against poison. The -bezoar, that was found in the heart of the Arabian deer, was a charm -that could cure the plague. In the nests of Arabian birds was the -aspilates, that, according to Democritus, kept the wearer from any -danger by fire. - -The King of Ceilan rode through his city with a large ruby in his hand, -as the ceremony of his coronation. The gates of the palace of John the -Priest were "made of sardius, with the horn of the horned snake -inwrought, so that no man might bring poison within." Over the gable -were "two golden apples, in which were two carbuncles," so that the -gold might shine by day and the carbuncles by night. In Lodge's -strange romance 'A Margarite of America', it was stated that in the -chamber of the queen one could behold "all the chaste ladies of the -world, inchased out of silver, looking through fair mirrours of -chrysolites, carbuncles, sapphires, and greene emeraults." Marco Polo -had seen the inhabitants of Zipangu place rose-coloured pearls in the -mouths of the dead. A sea-monster had been enamoured of the pearl that -the diver brought to King Perozes, and had slain the thief, and mourned -for seven moons over its loss. When the Huns lured the king into the -great pit, he flung it away--Procopius tells the story--nor was it ever -found again, though the Emperor Anastasius offered five hundred-weight -of gold pieces for it. The King of Malabar had shown to a certain -Venetian a rosary of three hundred and four pearls, one for every god -that he worshipped. - -When the Duke de Valentinois, son of Alexander VI, visited Louis XII of -France, his horse was loaded with gold leaves, according to Brantome, -and his cap had double rows of rubies that threw out a great light. -Charles of England had ridden in stirrups hung with four hundred and -twenty-one diamonds. Richard II had a coat, valued at thirty thousand -marks, which was covered with balas rubies. Hall described Henry VIII, -on his way to the Tower previous to his coronation, as wearing "a -jacket of raised gold, the placard embroidered with diamonds and other -rich stones, and a great bauderike about his neck of large balasses." -The favourites of James I wore ear-rings of emeralds set in gold -filigrane. Edward II gave to Piers Gaveston a suit of red-gold armour -studded with jacinths, a collar of gold roses set with -turquoise-stones, and a skull-cap _parseme_ with pearls. Henry II wore -jewelled gloves reaching to the elbow, and had a hawk-glove sewn with -twelve rubies and fifty-two great orients. The ducal hat of Charles -the Rash, the last Duke of Burgundy of his race, was hung with -pear-shaped pearls and studded with sapphires. - -How exquisite life had once been! How gorgeous in its pomp and -decoration! Even to read of the luxury of the dead was wonderful. - -Then he turned his attention to embroideries and to the tapestries that -performed the office of frescoes in the chill rooms of the northern -nations of Europe. As he investigated the subject--and he always had -an extraordinary faculty of becoming absolutely absorbed for the moment -in whatever he took up--he was almost saddened by the reflection of the -ruin that time brought on beautiful and wonderful things. He, at any -rate, had escaped that. Summer followed summer, and the yellow -jonquils bloomed and died many times, and nights of horror repeated the -story of their shame, but he was unchanged. No winter marred his face -or stained his flowerlike bloom. How different it was with material -things! Where had they passed to? Where was the great crocus-coloured -robe, on which the gods fought against the giants, that had been worked -by brown girls for the pleasure of Athena? Where the huge velarium -that Nero had stretched across the Colosseum at Rome, that Titan sail -of purple on which was represented the starry sky, and Apollo driving a -chariot drawn by white, gilt-reined steeds? He longed to see the -curious table-napkins wrought for the Priest of the Sun, on which were -displayed all the dainties and viands that could be wanted for a feast; -the mortuary cloth of King Chilperic, with its three hundred golden -bees; the fantastic robes that excited the indignation of the Bishop of -Pontus and were figured with "lions, panthers, bears, dogs, forests, -rocks, hunters--all, in fact, that a painter can copy from nature"; and -the coat that Charles of Orleans once wore, on the sleeves of which -were embroidered the verses of a song beginning "_Madame, je suis tout -joyeux_," the musical accompaniment of the words being wrought in gold -thread, and each note, of square shape in those days, formed with four -pearls. He read of the room that was prepared at the palace at Rheims -for the use of Queen Joan of Burgundy and was decorated with "thirteen -hundred and twenty-one parrots, made in broidery, and blazoned with the -king's arms, and five hundred and sixty-one butterflies, whose wings -were similarly ornamented with the arms of the queen, the whole worked -in gold." Catherine de Medicis had a mourning-bed made for her of -black velvet powdered with crescents and suns. Its curtains were of -damask, with leafy wreaths and garlands, figured upon a gold and silver -ground, and fringed along the edges with broideries of pearls, and it -stood in a room hung with rows of the queen's devices in cut black -velvet upon cloth of silver. Louis XIV had gold embroidered caryatides -fifteen feet high in his apartment. The state bed of Sobieski, King of -Poland, was made of Smyrna gold brocade embroidered in turquoises with -verses from the Koran. Its supports were of silver gilt, beautifully -chased, and profusely set with enamelled and jewelled medallions. It -had been taken from the Turkish camp before Vienna, and the standard of -Mohammed had stood beneath the tremulous gilt of its canopy. - -And so, for a whole year, he sought to accumulate the most exquisite -specimens that he could find of textile and embroidered work, getting -the dainty Delhi muslins, finely wrought with gold-thread palmates and -stitched over with iridescent beetles' wings; the Dacca gauzes, that -from their transparency are known in the East as "woven air," and -"running water," and "evening dew"; strange figured cloths from Java; -elaborate yellow Chinese hangings; books bound in tawny satins or fair -blue silks and wrought with _fleurs-de-lis_, birds and images; veils of -_lacis_ worked in Hungary point; Sicilian brocades and stiff Spanish -velvets; Georgian work, with its gilt coins, and Japanese _Foukousas_, -with their green-toned golds and their marvellously plumaged birds. - -He had a special passion, also, for ecclesiastical vestments, as indeed -he had for everything connected with the service of the Church. In the -long cedar chests that lined the west gallery of his house, he had -stored away many rare and beautiful specimens of what is really the -raiment of the Bride of Christ, who must wear purple and jewels and -fine linen that she may hide the pallid macerated body that is worn by -the suffering that she seeks for and wounded by self-inflicted pain. -He possessed a gorgeous cope of crimson silk and gold-thread damask, -figured with a repeating pattern of golden pomegranates set in -six-petalled formal blossoms, beyond which on either side was the -pine-apple device wrought in seed-pearls. The orphreys were divided -into panels representing scenes from the life of the Virgin, and the -coronation of the Virgin was figured in coloured silks upon the hood. -This was Italian work of the fifteenth century. Another cope was of -green velvet, embroidered with heart-shaped groups of acanthus-leaves, -from which spread long-stemmed white blossoms, the details of which -were picked out with silver thread and coloured crystals. The morse -bore a seraph's head in gold-thread raised work. The orphreys were -woven in a diaper of red and gold silk, and were starred with -medallions of many saints and martyrs, among whom was St. Sebastian. -He had chasubles, also, of amber-coloured silk, and blue silk and gold -brocade, and yellow silk damask and cloth of gold, figured with -representations of the Passion and Crucifixion of Christ, and -embroidered with lions and peacocks and other emblems; dalmatics of -white satin and pink silk damask, decorated with tulips and dolphins -and _fleurs-de-lis_; altar frontals of crimson velvet and blue linen; and -many corporals, chalice-veils, and sudaria. In the mystic offices to -which such things were put, there was something that quickened his -imagination. - -For these treasures, and everything that he collected in his lovely -house, were to be to him means of forgetfulness, modes by which he -could escape, for a season, from the fear that seemed to him at times -to be almost too great to be borne. Upon the walls of the lonely -locked room where he had spent so much of his boyhood, he had hung with -his own hands the terrible portrait whose changing features showed him -the real degradation of his life, and in front of it had draped the -purple-and-gold pall as a curtain. For weeks he would not go there, -would forget the hideous painted thing, and get back his light heart, -his wonderful joyousness, his passionate absorption in mere existence. -Then, suddenly, some night he would creep out of the house, go down to -dreadful places near Blue Gate Fields, and stay there, day after day, -until he was driven away. On his return he would sit in front of the -picture, sometimes loathing it and himself, but filled, at other -times, with that pride of individualism that is half the -fascination of sin, and smiling with secret pleasure at the misshapen -shadow that had to bear the burden that should have been his own. - -After a few years he could not endure to be long out of England, and -gave up the villa that he had shared at Trouville with Lord Henry, as -well as the little white walled-in house at Algiers where they had more -than once spent the winter. He hated to be separated from the picture -that was such a part of his life, and was also afraid that during his -absence some one might gain access to the room, in spite of the -elaborate bars that he had caused to be placed upon the door. - -He was quite conscious that this would tell them nothing. It was true -that the portrait still preserved, under all the foulness and ugliness -of the face, its marked likeness to himself; but what could they learn -from that? He would laugh at any one who tried to taunt him. He had -not painted it. What was it to him how vile and full of shame it -looked? Even if he told them, would they believe it? - -Yet he was afraid. Sometimes when he was down at his great house in -Nottinghamshire, entertaining the fashionable young men of his own rank -who were his chief companions, and astounding the county by the wanton -luxury and gorgeous splendour of his mode of life, he would suddenly -leave his guests and rush back to town to see that the door had not -been tampered with and that the picture was still there. What if it -should be stolen? The mere thought made him cold with horror. Surely -the world would know his secret then. Perhaps the world already -suspected it. - -For, while he fascinated many, there were not a few who distrusted him. -He was very nearly blackballed at a West End club of which his birth -and social position fully entitled him to become a member, and it was -said that on one occasion, when he was brought by a friend into the -smoking-room of the Churchill, the Duke of Berwick and another -gentleman got up in a marked manner and went out. Curious stories -became current about him after he had passed his twenty-fifth year. It -was rumoured that he had been seen brawling with foreign sailors in a -low den in the distant parts of Whitechapel, and that he consorted with -thieves and coiners and knew the mysteries of their trade. His -extraordinary absences became notorious, and, when he used to reappear -again in society, men would whisper to each other in corners, or pass -him with a sneer, or look at him with cold searching eyes, as though -they were determined to discover his secret. - -Of such insolences and attempted slights he, of course, took no notice, -and in the opinion of most people his frank debonair manner, his -charming boyish smile, and the infinite grace of that wonderful youth -that seemed never to leave him, were in themselves a sufficient answer -to the calumnies, for so they termed them, that were circulated about -him. It was remarked, however, that some of those who had been most -intimate with him appeared, after a time, to shun him. Women who had -wildly adored him, and for his sake had braved all social censure and -set convention at defiance, were seen to grow pallid with shame or -horror if Dorian Gray entered the room. - -Yet these whispered scandals only increased in the eyes of many his -strange and dangerous charm. His great wealth was a certain element of -security. Society--civilized society, at least--is never very ready to -believe anything to the detriment of those who are both rich and -fascinating. It feels instinctively that manners are of more -importance than morals, and, in its opinion, the highest respectability -is of much less value than the possession of a good _chef_. And, after -all, it is a very poor consolation to be told that the man who has -given one a bad dinner, or poor wine, is irreproachable in his private -life. Even the cardinal virtues cannot atone for half-cold _entrees_, as -Lord Henry remarked once, in a discussion on the subject, and there is -possibly a good deal to be said for his view. For the canons of good -society are, or should be, the same as the canons of art. Form is -absolutely essential to it. It should have the dignity of a ceremony, -as well as its unreality, and should combine the insincere character of -a romantic play with the wit and beauty that make such plays delightful -to us. Is insincerity such a terrible thing? I think not. It is -merely a method by which we can multiply our personalities. - -Such, at any rate, was Dorian Gray's opinion. He used to wonder at the -shallow psychology of those who conceive the ego in man as a thing -simple, permanent, reliable, and of one essence. To him, man was a -being with myriad lives and myriad sensations, a complex multiform -creature that bore within itself strange legacies of thought and -passion, and whose very flesh was tainted with the monstrous maladies -of the dead. He loved to stroll through the gaunt cold picture-gallery -of his country house and look at the various portraits of those whose -blood flowed in his veins. Here was Philip Herbert, described by -Francis Osborne, in his Memoires on the Reigns of Queen Elizabeth and -King James, as one who was "caressed by the Court for his handsome -face, which kept him not long company." Was it young Herbert's life -that he sometimes led? Had some strange poisonous germ crept from body -to body till it had reached his own? Was it some dim sense of that -ruined grace that had made him so suddenly, and almost without cause, -give utterance, in Basil Hallward's studio, to the mad prayer that had -so changed his life? Here, in gold-embroidered red doublet, jewelled -surcoat, and gilt-edged ruff and wristbands, stood Sir Anthony Sherard, -with his silver-and-black armour piled at his feet. What had this -man's legacy been? Had the lover of Giovanna of Naples bequeathed him -some inheritance of sin and shame? Were his own actions merely the -dreams that the dead man had not dared to realize? Here, from the -fading canvas, smiled Lady Elizabeth Devereux, in her gauze hood, pearl -stomacher, and pink slashed sleeves. A flower was in her right hand, -and her left clasped an enamelled collar of white and damask roses. On -a table by her side lay a mandolin and an apple. There were large -green rosettes upon her little pointed shoes. He knew her life, and -the strange stories that were told about her lovers. Had he something -of her temperament in him? These oval, heavy-lidded eyes seemed to -look curiously at him. What of George Willoughby, with his powdered -hair and fantastic patches? How evil he looked! The face was -saturnine and swarthy, and the sensual lips seemed to be twisted with -disdain. Delicate lace ruffles fell over the lean yellow hands that -were so overladen with rings. He had been a macaroni of the eighteenth -century, and the friend, in his youth, of Lord Ferrars. What of the -second Lord Beckenham, the companion of the Prince Regent in his -wildest days, and one of the witnesses at the secret marriage with Mrs. -Fitzherbert? How proud and handsome he was, with his chestnut curls -and insolent pose! What passions had he bequeathed? The world had -looked upon him as infamous. He had led the orgies at Carlton House. -The star of the Garter glittered upon his breast. Beside him hung the -portrait of his wife, a pallid, thin-lipped woman in black. Her blood, -also, stirred within him. How curious it all seemed! And his mother -with her Lady Hamilton face and her moist, wine-dashed lips--he knew -what he had got from her. He had got from her his beauty, and his -passion for the beauty of others. She laughed at him in her loose -Bacchante dress. There were vine leaves in her hair. The purple -spilled from the cup she was holding. The carnations of the painting -had withered, but the eyes were still wonderful in their depth and -brilliancy of colour. They seemed to follow him wherever he went. - -Yet one had ancestors in literature as well as in one's own race, -nearer perhaps in type and temperament, many of them, and certainly -with an influence of which one was more absolutely conscious. There -were times when it appeared to Dorian Gray that the whole of history -was merely the record of his own life, not as he had lived it in act -and circumstance, but as his imagination had created it for him, as it -had been in his brain and in his passions. He felt that he had known -them all, those strange terrible figures that had passed across the -stage of the world and made sin so marvellous and evil so full of -subtlety. It seemed to him that in some mysterious way their lives had -been his own. - -The hero of the wonderful novel that had so influenced his life had -himself known this curious fancy. In the seventh chapter he tells how, -crowned with laurel, lest lightning might strike him, he had sat, as -Tiberius, in a garden at Capri, reading the shameful books of -Elephantis, while dwarfs and peacocks strutted round him and the -flute-player mocked the swinger of the censer; and, as Caligula, had -caroused with the green-shirted jockeys in their stables and supped in -an ivory manger with a jewel-frontleted horse; and, as Domitian, had -wandered through a corridor lined with marble mirrors, looking round -with haggard eyes for the reflection of the dagger that was to end his -days, and sick with that ennui, that terrible _taedium vitae_, that comes -on those to whom life denies nothing; and had peered through a clear -emerald at the red shambles of the circus and then, in a litter of -pearl and purple drawn by silver-shod mules, been carried through the -Street of Pomegranates to a House of Gold and heard men cry on Nero -Caesar as he passed by; and, as Elagabalus, had painted his face with -colours, and plied the distaff among the women, and brought the Moon -from Carthage and given her in mystic marriage to the Sun. - -Over and over again Dorian used to read this fantastic chapter, and the -two chapters immediately following, in which, as in some curious -tapestries or cunningly wrought enamels, were pictured the awful and -beautiful forms of those whom vice and blood and weariness had made -monstrous or mad: Filippo, Duke of Milan, who slew his wife and -painted her lips with a scarlet poison that her lover might suck death -from the dead thing he fondled; Pietro Barbi, the Venetian, known as -Paul the Second, who sought in his vanity to assume the title of -Formosus, and whose tiara, valued at two hundred thousand florins, was -bought at the price of a terrible sin; Gian Maria Visconti, who used -hounds to chase living men and whose murdered body was covered with -roses by a harlot who had loved him; the Borgia on his white horse, -with Fratricide riding beside him and his mantle stained with the blood -of Perotto; Pietro Riario, the young Cardinal Archbishop of Florence, -child and minion of Sixtus IV, whose beauty was equalled only by his -debauchery, and who received Leonora of Aragon in a pavilion of white -and crimson silk, filled with nymphs and centaurs, and gilded a boy -that he might serve at the feast as Ganymede or Hylas; Ezzelin, whose -melancholy could be cured only by the spectacle of death, and who had a -passion for red blood, as other men have for red wine--the son of the -Fiend, as was reported, and one who had cheated his father at dice when -gambling with him for his own soul; Giambattista Cibo, who in mockery -took the name of Innocent and into whose torpid veins the blood of -three lads was infused by a Jewish doctor; Sigismondo Malatesta, the -lover of Isotta and the lord of Rimini, whose effigy was burned at Rome -as the enemy of God and man, who strangled Polyssena with a napkin, and -gave poison to Ginevra d'Este in a cup of emerald, and in honour of a -shameful passion built a pagan church for Christian worship; Charles -VI, who had so wildly adored his brother's wife that a leper had warned -him of the insanity that was coming on him, and who, when his brain had -sickened and grown strange, could only be soothed by Saracen cards -painted with the images of love and death and madness; and, in his -trimmed jerkin and jewelled cap and acanthuslike curls, Grifonetto -Baglioni, who slew Astorre with his bride, and Simonetto with his page, -and whose comeliness was such that, as he lay dying in the yellow -piazza of Perugia, those who had hated him could not choose but weep, -and Atalanta, who had cursed him, blessed him. - -There was a horrible fascination in them all. He saw them at night, -and they troubled his imagination in the day. The Renaissance knew of -strange manners of poisoning--poisoning by a helmet and a lighted -torch, by an embroidered glove and a jewelled fan, by a gilded pomander -and by an amber chain. Dorian Gray had been poisoned by a book. There -were moments when he looked on evil simply as a mode through which he -could realize his conception of the beautiful. - - - -CHAPTER 12 - -It was on the ninth of November, the eve of his own thirty-eighth -birthday, as he often remembered afterwards. - -He was walking home about eleven o'clock from Lord Henry's, where he -had been dining, and was wrapped in heavy furs, as the night was cold -and foggy. At the corner of Grosvenor Square and South Audley Street, -a man passed him in the mist, walking very fast and with the collar of -his grey ulster turned up. He had a bag in his hand. Dorian -recognized him. It was Basil Hallward. A strange sense of fear, for -which he could not account, came over him. He made no sign of -recognition and went on quickly in the direction of his own house. - -But Hallward had seen him. Dorian heard him first stopping on the -pavement and then hurrying after him. In a few moments, his hand was -on his arm. - -"Dorian! What an extraordinary piece of luck! I have been waiting for -you in your library ever since nine o'clock. Finally I took pity on -your tired servant and told him to go to bed, as he let me out. I am -off to Paris by the midnight train, and I particularly wanted to see -you before I left. I thought it was you, or rather your fur coat, as -you passed me. But I wasn't quite sure. Didn't you recognize me?" - -"In this fog, my dear Basil? Why, I can't even recognize Grosvenor -Square. I believe my house is somewhere about here, but I don't feel -at all certain about it. I am sorry you are going away, as I have not -seen you for ages. But I suppose you will be back soon?" - -"No: I am going to be out of England for six months. I intend to take -a studio in Paris and shut myself up till I have finished a great -picture I have in my head. However, it wasn't about myself I wanted to -talk. Here we are at your door. Let me come in for a moment. I have -something to say to you." - -"I shall be charmed. But won't you miss your train?" said Dorian Gray -languidly as he passed up the steps and opened the door with his -latch-key. - -The lamplight struggled out through the fog, and Hallward looked at his -watch. "I have heaps of time," he answered. "The train doesn't go -till twelve-fifteen, and it is only just eleven. In fact, I was on my -way to the club to look for you, when I met you. You see, I shan't -have any delay about luggage, as I have sent on my heavy things. All I -have with me is in this bag, and I can easily get to Victoria in twenty -minutes." - -Dorian looked at him and smiled. "What a way for a fashionable painter -to travel! A Gladstone bag and an ulster! Come in, or the fog will -get into the house. And mind you don't talk about anything serious. -Nothing is serious nowadays. At least nothing should be." - -Hallward shook his head, as he entered, and followed Dorian into the -library. There was a bright wood fire blazing in the large open -hearth. The lamps were lit, and an open Dutch silver spirit-case -stood, with some siphons of soda-water and large cut-glass tumblers, on -a little marqueterie table. - -"You see your servant made me quite at home, Dorian. He gave me -everything I wanted, including your best gold-tipped cigarettes. He is -a most hospitable creature. I like him much better than the Frenchman -you used to have. What has become of the Frenchman, by the bye?" - -Dorian shrugged his shoulders. "I believe he married Lady Radley's -maid, and has established her in Paris as an English dressmaker. -Anglomania is very fashionable over there now, I hear. It seems silly -of the French, doesn't it? But--do you know?--he was not at all a bad -servant. I never liked him, but I had nothing to complain about. One -often imagines things that are quite absurd. He was really very -devoted to me and seemed quite sorry when he went away. Have another -brandy-and-soda? Or would you like hock-and-seltzer? I always take -hock-and-seltzer myself. There is sure to be some in the next room." - -"Thanks, I won't have anything more," said the painter, taking his cap -and coat off and throwing them on the bag that he had placed in the -corner. "And now, my dear fellow, I want to speak to you seriously. -Don't frown like that. You make it so much more difficult for me." - -"What is it all about?" cried Dorian in his petulant way, flinging -himself down on the sofa. "I hope it is not about myself. I am tired -of myself to-night. I should like to be somebody else." - -"It is about yourself," answered Hallward in his grave deep voice, "and -I must say it to you. I shall only keep you half an hour." - -Dorian sighed and lit a cigarette. "Half an hour!" he murmured. - -"It is not much to ask of you, Dorian, and it is entirely for your own -sake that I am speaking. I think it right that you should know that -the most dreadful things are being said against you in London." - -"I don't wish to know anything about them. I love scandals about other -people, but scandals about myself don't interest me. They have not got -the charm of novelty." - -"They must interest you, Dorian. Every gentleman is interested in his -good name. You don't want people to talk of you as something vile and -degraded. Of course, you have your position, and your wealth, and all -that kind of thing. But position and wealth are not everything. Mind -you, I don't believe these rumours at all. At least, I can't believe -them when I see you. Sin is a thing that writes itself across a man's -face. It cannot be concealed. People talk sometimes of secret vices. -There are no such things. If a wretched man has a vice, it shows -itself in the lines of his mouth, the droop of his eyelids, the -moulding of his hands even. Somebody--I won't mention his name, but -you know him--came to me last year to have his portrait done. I had -never seen him before, and had never heard anything about him at the -time, though I have heard a good deal since. He offered an extravagant -price. I refused him. There was something in the shape of his fingers -that I hated. I know now that I was quite right in what I fancied -about him. His life is dreadful. But you, Dorian, with your pure, -bright, innocent face, and your marvellous untroubled youth--I can't -believe anything against you. And yet I see you very seldom, and you -never come down to the studio now, and when I am away from you, and I -hear all these hideous things that people are whispering about you, I -don't know what to say. Why is it, Dorian, that a man like the Duke of -Berwick leaves the room of a club when you enter it? Why is it that so -many gentlemen in London will neither go to your house or invite you to -theirs? You used to be a friend of Lord Staveley. I met him at dinner -last week. Your name happened to come up in conversation, in -connection with the miniatures you have lent to the exhibition at the -Dudley. Staveley curled his lip and said that you might have the most -artistic tastes, but that you were a man whom no pure-minded girl -should be allowed to know, and whom no chaste woman should sit in the -same room with. I reminded him that I was a friend of yours, and asked -him what he meant. He told me. He told me right out before everybody. -It was horrible! Why is your friendship so fatal to young men? There -was that wretched boy in the Guards who committed suicide. You were -his great friend. There was Sir Henry Ashton, who had to leave England -with a tarnished name. You and he were inseparable. What about Adrian -Singleton and his dreadful end? What about Lord Kent's only son and -his career? I met his father yesterday in St. James's Street. He -seemed broken with shame and sorrow. What about the young Duke of -Perth? What sort of life has he got now? What gentleman would -associate with him?" - -"Stop, Basil. You are talking about things of which you know nothing," -said Dorian Gray, biting his lip, and with a note of infinite contempt -in his voice. "You ask me why Berwick leaves a room when I enter it. -It is because I know everything about his life, not because he knows -anything about mine. With such blood as he has in his veins, how could -his record be clean? You ask me about Henry Ashton and young Perth. -Did I teach the one his vices, and the other his debauchery? If Kent's -silly son takes his wife from the streets, what is that to me? If -Adrian Singleton writes his friend's name across a bill, am I his -keeper? I know how people chatter in England. The middle classes air -their moral prejudices over their gross dinner-tables, and whisper -about what they call the profligacies of their betters in order to try -and pretend that they are in smart society and on intimate terms with -the people they slander. In this country, it is enough for a man to -have distinction and brains for every common tongue to wag against him. -And what sort of lives do these people, who pose as being moral, lead -themselves? My dear fellow, you forget that we are in the native land -of the hypocrite." - -"Dorian," cried Hallward, "that is not the question. England is bad -enough I know, and English society is all wrong. That is the reason -why I want you to be fine. You have not been fine. One has a right to -judge of a man by the effect he has over his friends. Yours seem to -lose all sense of honour, of goodness, of purity. You have filled them -with a madness for pleasure. They have gone down into the depths. You -led them there. Yes: you led them there, and yet you can smile, as -you are smiling now. And there is worse behind. I know you and Harry -are inseparable. Surely for that reason, if for none other, you should -not have made his sister's name a by-word." - -"Take care, Basil. You go too far." - -"I must speak, and you must listen. You shall listen. When you met -Lady Gwendolen, not a breath of scandal had ever touched her. Is there -a single decent woman in London now who would drive with her in the -park? Why, even her children are not allowed to live with her. Then -there are other stories--stories that you have been seen creeping at -dawn out of dreadful houses and slinking in disguise into the foulest -dens in London. Are they true? Can they be true? When I first heard -them, I laughed. I hear them now, and they make me shudder. What -about your country-house and the life that is led there? Dorian, you -don't know what is said about you. I won't tell you that I don't want -to preach to you. I remember Harry saying once that every man who -turned himself into an amateur curate for the moment always began by -saying that, and then proceeded to break his word. I do want to preach -to you. I want you to lead such a life as will make the world respect -you. I want you to have a clean name and a fair record. I want you to -get rid of the dreadful people you associate with. Don't shrug your -shoulders like that. Don't be so indifferent. You have a wonderful -influence. Let it be for good, not for evil. They say that you -corrupt every one with whom you become intimate, and that it is quite -sufficient for you to enter a house for shame of some kind to follow -after. I don't know whether it is so or not. How should I know? But -it is said of you. I am told things that it seems impossible to doubt. -Lord Gloucester was one of my greatest friends at Oxford. He showed me -a letter that his wife had written to him when she was dying alone in -her villa at Mentone. Your name was implicated in the most terrible -confession I ever read. I told him that it was absurd--that I knew you -thoroughly and that you were incapable of anything of the kind. Know -you? I wonder do I know you? Before I could answer that, I should -have to see your soul." - -"To see my soul!" muttered Dorian Gray, starting up from the sofa and -turning almost white from fear. - -"Yes," answered Hallward gravely, and with deep-toned sorrow in his -voice, "to see your soul. But only God can do that." - -A bitter laugh of mockery broke from the lips of the younger man. "You -shall see it yourself, to-night!" he cried, seizing a lamp from the -table. "Come: it is your own handiwork. Why shouldn't you look at -it? You can tell the world all about it afterwards, if you choose. -Nobody would believe you. If they did believe you, they would like me -all the better for it. I know the age better than you do, though you -will prate about it so tediously. Come, I tell you. You have -chattered enough about corruption. Now you shall look on it face to -face." - -There was the madness of pride in every word he uttered. He stamped -his foot upon the ground in his boyish insolent manner. He felt a -terrible joy at the thought that some one else was to share his secret, -and that the man who had painted the portrait that was the origin of -all his shame was to be burdened for the rest of his life with the -hideous memory of what he had done. - -"Yes," he continued, coming closer to him and looking steadfastly into -his stern eyes, "I shall show you my soul. You shall see the thing -that you fancy only God can see." - -Hallward started back. "This is blasphemy, Dorian!" he cried. "You -must not say things like that. They are horrible, and they don't mean -anything." - -"You think so?" He laughed again. - -"I know so. As for what I said to you to-night, I said it for your -good. You know I have been always a stanch friend to you." - -"Don't touch me. Finish what you have to say." - -A twisted flash of pain shot across the painter's face. He paused for -a moment, and a wild feeling of pity came over him. After all, what -right had he to pry into the life of Dorian Gray? If he had done a -tithe of what was rumoured about him, how much he must have suffered! -Then he straightened himself up, and walked over to the fire-place, and -stood there, looking at the burning logs with their frostlike ashes and -their throbbing cores of flame. - -"I am waiting, Basil," said the young man in a hard clear voice. - -He turned round. "What I have to say is this," he cried. "You must -give me some answer to these horrible charges that are made against -you. If you tell me that they are absolutely untrue from beginning to -end, I shall believe you. Deny them, Dorian, deny them! Can't you see -what I am going through? My God! don't tell me that you are bad, and -corrupt, and shameful." - -Dorian Gray smiled. There was a curl of contempt in his lips. "Come -upstairs, Basil," he said quietly. "I keep a diary of my life from day -to day, and it never leaves the room in which it is written. I shall -show it to you if you come with me." - -"I shall come with you, Dorian, if you wish it. I see I have missed my -train. That makes no matter. I can go to-morrow. But don't ask me to -read anything to-night. All I want is a plain answer to my question." - -"That shall be given to you upstairs. I could not give it here. You -will not have to read long." - - - -CHAPTER 13 - -He passed out of the room and began the ascent, Basil Hallward -following close behind. They walked softly, as men do instinctively at -night. The lamp cast fantastic shadows on the wall and staircase. A -rising wind made some of the windows rattle. - -When they reached the top landing, Dorian set the lamp down on the -floor, and taking out the key, turned it in the lock. "You insist on -knowing, Basil?" he asked in a low voice. - -"Yes." - -"I am delighted," he answered, smiling. Then he added, somewhat -harshly, "You are the one man in the world who is entitled to know -everything about me. You have had more to do with my life than you -think"; and, taking up the lamp, he opened the door and went in. A -cold current of air passed them, and the light shot up for a moment in -a flame of murky orange. He shuddered. "Shut the door behind you," he -whispered, as he placed the lamp on the table. - -Hallward glanced round him with a puzzled expression. The room looked -as if it had not been lived in for years. A faded Flemish tapestry, a -curtained picture, an old Italian _cassone_, and an almost empty -book-case--that was all that it seemed to contain, besides a chair and -a table. As Dorian Gray was lighting a half-burned candle that was -standing on the mantelshelf, he saw that the whole place was covered -with dust and that the carpet was in holes. A mouse ran scuffling -behind the wainscoting. There was a damp odour of mildew. - -"So you think that it is only God who sees the soul, Basil? Draw that -curtain back, and you will see mine." - -The voice that spoke was cold and cruel. "You are mad, Dorian, or -playing a part," muttered Hallward, frowning. - -"You won't? Then I must do it myself," said the young man, and he tore -the curtain from its rod and flung it on the ground. - -An exclamation of horror broke from the painter's lips as he saw in the -dim light the hideous face on the canvas grinning at him. There was -something in its expression that filled him with disgust and loathing. -Good heavens! it was Dorian Gray's own face that he was looking at! -The horror, whatever it was, had not yet entirely spoiled that -marvellous beauty. There was still some gold in the thinning hair and -some scarlet on the sensual mouth. The sodden eyes had kept something -of the loveliness of their blue, the noble curves had not yet -completely passed away from chiselled nostrils and from plastic throat. -Yes, it was Dorian himself. But who had done it? He seemed to -recognize his own brushwork, and the frame was his own design. The -idea was monstrous, yet he felt afraid. He seized the lighted candle, -and held it to the picture. In the left-hand corner was his own name, -traced in long letters of bright vermilion. - -It was some foul parody, some infamous ignoble satire. He had never -done that. Still, it was his own picture. He knew it, and he felt as -if his blood had changed in a moment from fire to sluggish ice. His -own picture! What did it mean? Why had it altered? He turned and -looked at Dorian Gray with the eyes of a sick man. His mouth twitched, -and his parched tongue seemed unable to articulate. He passed his hand -across his forehead. It was dank with clammy sweat. - -The young man was leaning against the mantelshelf, watching him with -that strange expression that one sees on the faces of those who are -absorbed in a play when some great artist is acting. There was neither -real sorrow in it nor real joy. There was simply the passion of the -spectator, with perhaps a flicker of triumph in his eyes. He had taken -the flower out of his coat, and was smelling it, or pretending to do so. - -"What does this mean?" cried Hallward, at last. His own voice sounded -shrill and curious in his ears. - -"Years ago, when I was a boy," said Dorian Gray, crushing the flower in -his hand, "you met me, flattered me, and taught me to be vain of my -good looks. One day you introduced me to a friend of yours, who -explained to me the wonder of youth, and you finished a portrait of me -that revealed to me the wonder of beauty. In a mad moment that, even -now, I don't know whether I regret or not, I made a wish, perhaps you -would call it a prayer...." - -"I remember it! Oh, how well I remember it! No! the thing is -impossible. The room is damp. Mildew has got into the canvas. The -paints I used had some wretched mineral poison in them. I tell you the -thing is impossible." - -"Ah, what is impossible?" murmured the young man, going over to the -window and leaning his forehead against the cold, mist-stained glass. - -"You told me you had destroyed it." - -"I was wrong. It has destroyed me." - -"I don't believe it is my picture." - -"Can't you see your ideal in it?" said Dorian bitterly. - -"My ideal, as you call it..." - -"As you called it." - -"There was nothing evil in it, nothing shameful. You were to me such -an ideal as I shall never meet again. This is the face of a satyr." - -"It is the face of my soul." - -"Christ! what a thing I must have worshipped! It has the eyes of a -devil." - -"Each of us has heaven and hell in him, Basil," cried Dorian with a -wild gesture of despair. - -Hallward turned again to the portrait and gazed at it. "My God! If it -is true," he exclaimed, "and this is what you have done with your life, -why, you must be worse even than those who talk against you fancy you -to be!" He held the light up again to the canvas and examined it. The -surface seemed to be quite undisturbed and as he had left it. It was -from within, apparently, that the foulness and horror had come. -Through some strange quickening of inner life the leprosies of sin were -slowly eating the thing away. The rotting of a corpse in a watery -grave was not so fearful. - -His hand shook, and the candle fell from its socket on the floor and -lay there sputtering. He placed his foot on it and put it out. Then -he flung himself into the rickety chair that was standing by the table -and buried his face in his hands. - -"Good God, Dorian, what a lesson! What an awful lesson!" There was no -answer, but he could hear the young man sobbing at the window. "Pray, -Dorian, pray," he murmured. "What is it that one was taught to say in -one's boyhood? 'Lead us not into temptation. Forgive us our sins. -Wash away our iniquities.' Let us say that together. The prayer of -your pride has been answered. The prayer of your repentance will be -answered also. I worshipped you too much. I am punished for it. You -worshipped yourself too much. We are both punished." - -Dorian Gray turned slowly around and looked at him with tear-dimmed -eyes. "It is too late, Basil," he faltered. - -"It is never too late, Dorian. Let us kneel down and try if we cannot -remember a prayer. Isn't there a verse somewhere, 'Though your sins be -as scarlet, yet I will make them as white as snow'?" - -"Those words mean nothing to me now." - -"Hush! Don't say that. You have done enough evil in your life. My -God! Don't you see that accursed thing leering at us?" - -Dorian Gray glanced at the picture, and suddenly an uncontrollable -feeling of hatred for Basil Hallward came over him, as though it had -been suggested to him by the image on the canvas, whispered into his -ear by those grinning lips. The mad passions of a hunted animal -stirred within him, and he loathed the man who was seated at the table, -more than in his whole life he had ever loathed anything. He glanced -wildly around. Something glimmered on the top of the painted chest -that faced him. His eye fell on it. He knew what it was. It was a -knife that he had brought up, some days before, to cut a piece of cord, -and had forgotten to take away with him. He moved slowly towards it, -passing Hallward as he did so. As soon as he got behind him, he seized -it and turned round. Hallward stirred in his chair as if he was going -to rise. He rushed at him and dug the knife into the great vein that -is behind the ear, crushing the man's head down on the table and -stabbing again and again. - -There was a stifled groan and the horrible sound of some one choking -with blood. Three times the outstretched arms shot up convulsively, -waving grotesque, stiff-fingered hands in the air. He stabbed him -twice more, but the man did not move. Something began to trickle on -the floor. He waited for a moment, still pressing the head down. Then -he threw the knife on the table, and listened. - -He could hear nothing, but the drip, drip on the threadbare carpet. He -opened the door and went out on the landing. The house was absolutely -quiet. No one was about. For a few seconds he stood bending over the -balustrade and peering down into the black seething well of darkness. -Then he took out the key and returned to the room, locking himself in -as he did so. - -The thing was still seated in the chair, straining over the table with -bowed head, and humped back, and long fantastic arms. Had it not been -for the red jagged tear in the neck and the clotted black pool that was -slowly widening on the table, one would have said that the man was -simply asleep. - -How quickly it had all been done! He felt strangely calm, and walking -over to the window, opened it and stepped out on the balcony. The wind -had blown the fog away, and the sky was like a monstrous peacock's -tail, starred with myriads of golden eyes. He looked down and saw the -policeman going his rounds and flashing the long beam of his lantern on -the doors of the silent houses. The crimson spot of a prowling hansom -gleamed at the corner and then vanished. A woman in a fluttering shawl -was creeping slowly by the railings, staggering as she went. Now and -then she stopped and peered back. Once, she began to sing in a hoarse -voice. The policeman strolled over and said something to her. She -stumbled away, laughing. A bitter blast swept across the square. The -gas-lamps flickered and became blue, and the leafless trees shook their -black iron branches to and fro. He shivered and went back, closing the -window behind him. - -Having reached the door, he turned the key and opened it. He did not -even glance at the murdered man. He felt that the secret of the whole -thing was not to realize the situation. The friend who had painted the -fatal portrait to which all his misery had been due had gone out of his -life. That was enough. - -Then he remembered the lamp. It was a rather curious one of Moorish -workmanship, made of dull silver inlaid with arabesques of burnished -steel, and studded with coarse turquoises. Perhaps it might be missed -by his servant, and questions would be asked. He hesitated for a -moment, then he turned back and took it from the table. He could not -help seeing the dead thing. How still it was! How horribly white the -long hands looked! It was like a dreadful wax image. - -Having locked the door behind him, he crept quietly downstairs. The -woodwork creaked and seemed to cry out as if in pain. He stopped -several times and waited. No: everything was still. It was merely -the sound of his own footsteps. - -When he reached the library, he saw the bag and coat in the corner. -They must be hidden away somewhere. He unlocked a secret press that -was in the wainscoting, a press in which he kept his own curious -disguises, and put them into it. He could easily burn them afterwards. -Then he pulled out his watch. It was twenty minutes to two. - -He sat down and began to think. Every year--every month, almost--men -were strangled in England for what he had done. There had been a -madness of murder in the air. Some red star had come too close to the -earth.... And yet, what evidence was there against him? Basil Hallward -had left the house at eleven. No one had seen him come in again. Most -of the servants were at Selby Royal. His valet had gone to bed.... -Paris! Yes. It was to Paris that Basil had gone, and by the midnight -train, as he had intended. With his curious reserved habits, it would -be months before any suspicions would be roused. Months! Everything -could be destroyed long before then. - -A sudden thought struck him. He put on his fur coat and hat and went -out into the hall. There he paused, hearing the slow heavy tread of -the policeman on the pavement outside and seeing the flash of the -bull's-eye reflected in the window. He waited and held his breath. - -After a few moments he drew back the latch and slipped out, shutting -the door very gently behind him. Then he began ringing the bell. In -about five minutes his valet appeared, half-dressed and looking very -drowsy. - -"I am sorry to have had to wake you up, Francis," he said, stepping in; -"but I had forgotten my latch-key. What time is it?" - -"Ten minutes past two, sir," answered the man, looking at the clock and -blinking. - -"Ten minutes past two? How horribly late! You must wake me at nine -to-morrow. I have some work to do." - -"All right, sir." - -"Did any one call this evening?" - -"Mr. Hallward, sir. He stayed here till eleven, and then he went away -to catch his train." - -"Oh! I am sorry I didn't see him. Did he leave any message?" - -"No, sir, except that he would write to you from Paris, if he did not -find you at the club." - -"That will do, Francis. Don't forget to call me at nine to-morrow." - -"No, sir." - -The man shambled down the passage in his slippers. - -Dorian Gray threw his hat and coat upon the table and passed into the -library. For a quarter of an hour he walked up and down the room, -biting his lip and thinking. Then he took down the Blue Book from one -of the shelves and began to turn over the leaves. "Alan Campbell, 152, -Hertford Street, Mayfair." Yes; that was the man he wanted. - - - -CHAPTER 14 - -At nine o'clock the next morning his servant came in with a cup of -chocolate on a tray and opened the shutters. Dorian was sleeping quite -peacefully, lying on his right side, with one hand underneath his -cheek. He looked like a boy who had been tired out with play, or study. - -The man had to touch him twice on the shoulder before he woke, and as -he opened his eyes a faint smile passed across his lips, as though he -had been lost in some delightful dream. Yet he had not dreamed at all. -His night had been untroubled by any images of pleasure or of pain. -But youth smiles without any reason. It is one of its chiefest charms. - -He turned round, and leaning upon his elbow, began to sip his -chocolate. The mellow November sun came streaming into the room. The -sky was bright, and there was a genial warmth in the air. It was -almost like a morning in May. - -Gradually the events of the preceding night crept with silent, -blood-stained feet into his brain and reconstructed themselves there -with terrible distinctness. He winced at the memory of all that he had -suffered, and for a moment the same curious feeling of loathing for -Basil Hallward that had made him kill him as he sat in the chair came -back to him, and he grew cold with passion. The dead man was still -sitting there, too, and in the sunlight now. How horrible that was! -Such hideous things were for the darkness, not for the day. - -He felt that if he brooded on what he had gone through he would sicken -or grow mad. There were sins whose fascination was more in the memory -than in the doing of them, strange triumphs that gratified the pride -more than the passions, and gave to the intellect a quickened sense of -joy, greater than any joy they brought, or could ever bring, to the -senses. But this was not one of them. It was a thing to be driven out -of the mind, to be drugged with poppies, to be strangled lest it might -strangle one itself. - -When the half-hour struck, he passed his hand across his forehead, and -then got up hastily and dressed himself with even more than his usual -care, giving a good deal of attention to the choice of his necktie and -scarf-pin and changing his rings more than once. He spent a long time -also over breakfast, tasting the various dishes, talking to his valet -about some new liveries that he was thinking of getting made for the -servants at Selby, and going through his correspondence. At some of -the letters, he smiled. Three of them bored him. One he read several -times over and then tore up with a slight look of annoyance in his -face. "That awful thing, a woman's memory!" as Lord Henry had once -said. - -After he had drunk his cup of black coffee, he wiped his lips slowly -with a napkin, motioned to his servant to wait, and going over to the -table, sat down and wrote two letters. One he put in his pocket, the -other he handed to the valet. - -"Take this round to 152, Hertford Street, Francis, and if Mr. Campbell -is out of town, get his address." - -As soon as he was alone, he lit a cigarette and began sketching upon a -piece of paper, drawing first flowers and bits of architecture, and -then human faces. Suddenly he remarked that every face that he drew -seemed to have a fantastic likeness to Basil Hallward. He frowned, and -getting up, went over to the book-case and took out a volume at hazard. -He was determined that he would not think about what had happened until -it became absolutely necessary that he should do so. - -When he had stretched himself on the sofa, he looked at the title-page -of the book. It was Gautier's Emaux et Camees, Charpentier's -Japanese-paper edition, with the Jacquemart etching. The binding was -of citron-green leather, with a design of gilt trellis-work and dotted -pomegranates. It had been given to him by Adrian Singleton. As he -turned over the pages, his eye fell on the poem about the hand of -Lacenaire, the cold yellow hand "_du supplice encore mal lavee_," with -its downy red hairs and its "_doigts de faune_." He glanced at his own -white taper fingers, shuddering slightly in spite of himself, and -passed on, till he came to those lovely stanzas upon Venice: - - Sur une gamme chromatique, - Le sein de perles ruisselant, - La Venus de l'Adriatique - Sort de l'eau son corps rose et blanc. - - Les domes, sur l'azur des ondes - Suivant la phrase au pur contour, - S'enflent comme des gorges rondes - Que souleve un soupir d'amour. - - L'esquif aborde et me depose, - Jetant son amarre au pilier, - Devant une facade rose, - Sur le marbre d'un escalier. - - -How exquisite they were! As one read them, one seemed to be floating -down the green water-ways of the pink and pearl city, seated in a black -gondola with silver prow and trailing curtains. The mere lines looked -to him like those straight lines of turquoise-blue that follow one as -one pushes out to the Lido. The sudden flashes of colour reminded him -of the gleam of the opal-and-iris-throated birds that flutter round the -tall honeycombed Campanile, or stalk, with such stately grace, through -the dim, dust-stained arcades. Leaning back with half-closed eyes, he -kept saying over and over to himself: - - "Devant une facade rose, - Sur le marbre d'un escalier." - -The whole of Venice was in those two lines. He remembered the autumn -that he had passed there, and a wonderful love that had stirred him to -mad delightful follies. There was romance in every place. But Venice, -like Oxford, had kept the background for romance, and, to the true -romantic, background was everything, or almost everything. Basil had -been with him part of the time, and had gone wild over Tintoret. Poor -Basil! What a horrible way for a man to die! - -He sighed, and took up the volume again, and tried to forget. He read -of the swallows that fly in and out of the little _cafe_ at Smyrna where -the Hadjis sit counting their amber beads and the turbaned merchants -smoke their long tasselled pipes and talk gravely to each other; he -read of the Obelisk in the Place de la Concorde that weeps tears of -granite in its lonely sunless exile and longs to be back by the hot, -lotus-covered Nile, where there are Sphinxes, and rose-red ibises, and -white vultures with gilded claws, and crocodiles with small beryl eyes -that crawl over the green steaming mud; he began to brood over those -verses which, drawing music from kiss-stained marble, tell of that -curious statue that Gautier compares to a contralto voice, the "_monstre -charmant_" that couches in the porphyry-room of the Louvre. But after a -time the book fell from his hand. He grew nervous, and a horrible fit -of terror came over him. What if Alan Campbell should be out of -England? Days would elapse before he could come back. Perhaps he -might refuse to come. What could he do then? Every moment was of -vital importance. - -They had been great friends once, five years before--almost -inseparable, indeed. Then the intimacy had come suddenly to an end. -When they met in society now, it was only Dorian Gray who smiled: Alan -Campbell never did. - -He was an extremely clever young man, though he had no real -appreciation of the visible arts, and whatever little sense of the -beauty of poetry he possessed he had gained entirely from Dorian. His -dominant intellectual passion was for science. At Cambridge he had -spent a great deal of his time working in the laboratory, and had taken -a good class in the Natural Science Tripos of his year. Indeed, he was -still devoted to the study of chemistry, and had a laboratory of his -own in which he used to shut himself up all day long, greatly to the -annoyance of his mother, who had set her heart on his standing for -Parliament and had a vague idea that a chemist was a person who made up -prescriptions. He was an excellent musician, however, as well, and -played both the violin and the piano better than most amateurs. In -fact, it was music that had first brought him and Dorian Gray -together--music and that indefinable attraction that Dorian seemed to -be able to exercise whenever he wished--and, indeed, exercised often -without being conscious of it. They had met at Lady Berkshire's the -night that Rubinstein played there, and after that used to be always -seen together at the opera and wherever good music was going on. For -eighteen months their intimacy lasted. Campbell was always either at -Selby Royal or in Grosvenor Square. To him, as to many others, Dorian -Gray was the type of everything that is wonderful and fascinating in -life. Whether or not a quarrel had taken place between them no one -ever knew. But suddenly people remarked that they scarcely spoke when -they met and that Campbell seemed always to go away early from any -party at which Dorian Gray was present. He had changed, too--was -strangely melancholy at times, appeared almost to dislike hearing -music, and would never himself play, giving as his excuse, when he was -called upon, that he was so absorbed in science that he had no time -left in which to practise. And this was certainly true. Every day he -seemed to become more interested in biology, and his name appeared once -or twice in some of the scientific reviews in connection with certain -curious experiments. - -This was the man Dorian Gray was waiting for. Every second he kept -glancing at the clock. As the minutes went by he became horribly -agitated. At last he got up and began to pace up and down the room, -looking like a beautiful caged thing. He took long stealthy strides. -His hands were curiously cold. - -The suspense became unbearable. Time seemed to him to be crawling with -feet of lead, while he by monstrous winds was being swept towards the -jagged edge of some black cleft of precipice. He knew what was waiting -for him there; saw it, indeed, and, shuddering, crushed with dank hands -his burning lids as though he would have robbed the very brain of sight -and driven the eyeballs back into their cave. It was useless. The -brain had its own food on which it battened, and the imagination, made -grotesque by terror, twisted and distorted as a living thing by pain, -danced like some foul puppet on a stand and grinned through moving -masks. Then, suddenly, time stopped for him. Yes: that blind, -slow-breathing thing crawled no more, and horrible thoughts, time being -dead, raced nimbly on in front, and dragged a hideous future from its -grave, and showed it to him. He stared at it. Its very horror made -him stone. - -At last the door opened and his servant entered. He turned glazed eyes -upon him. - -"Mr. Campbell, sir," said the man. - -A sigh of relief broke from his parched lips, and the colour came back -to his cheeks. - -"Ask him to come in at once, Francis." He felt that he was himself -again. His mood of cowardice had passed away. - -The man bowed and retired. In a few moments, Alan Campbell walked in, -looking very stern and rather pale, his pallor being intensified by his -coal-black hair and dark eyebrows. - -"Alan! This is kind of you. I thank you for coming." - -"I had intended never to enter your house again, Gray. But you said it -was a matter of life and death." His voice was hard and cold. He -spoke with slow deliberation. There was a look of contempt in the -steady searching gaze that he turned on Dorian. He kept his hands in -the pockets of his Astrakhan coat, and seemed not to have noticed the -gesture with which he had been greeted. - -"Yes: it is a matter of life and death, Alan, and to more than one -person. Sit down." - -Campbell took a chair by the table, and Dorian sat opposite to him. -The two men's eyes met. In Dorian's there was infinite pity. He knew -that what he was going to do was dreadful. - -After a strained moment of silence, he leaned across and said, very -quietly, but watching the effect of each word upon the face of him he -had sent for, "Alan, in a locked room at the top of this house, a room -to which nobody but myself has access, a dead man is seated at a table. -He has been dead ten hours now. Don't stir, and don't look at me like -that. Who the man is, why he died, how he died, are matters that do -not concern you. What you have to do is this--" - -"Stop, Gray. I don't want to know anything further. Whether what you -have told me is true or not true doesn't concern me. I entirely -decline to be mixed up in your life. Keep your horrible secrets to -yourself. They don't interest me any more." - -"Alan, they will have to interest you. This one will have to interest -you. I am awfully sorry for you, Alan. But I can't help myself. You -are the one man who is able to save me. I am forced to bring you into -the matter. I have no option. Alan, you are scientific. You know -about chemistry and things of that kind. You have made experiments. -What you have got to do is to destroy the thing that is upstairs--to -destroy it so that not a vestige of it will be left. Nobody saw this -person come into the house. Indeed, at the present moment he is -supposed to be in Paris. He will not be missed for months. When he is -missed, there must be no trace of him found here. You, Alan, you must -change him, and everything that belongs to him, into a handful of ashes -that I may scatter in the air." - -"You are mad, Dorian." - -"Ah! I was waiting for you to call me Dorian." - -"You are mad, I tell you--mad to imagine that I would raise a finger to -help you, mad to make this monstrous confession. I will have nothing -to do with this matter, whatever it is. Do you think I am going to -peril my reputation for you? What is it to me what devil's work you -are up to?" - -"It was suicide, Alan." - -"I am glad of that. But who drove him to it? You, I should fancy." - -"Do you still refuse to do this for me?" - -"Of course I refuse. I will have absolutely nothing to do with it. I -don't care what shame comes on you. You deserve it all. I should not -be sorry to see you disgraced, publicly disgraced. How dare you ask -me, of all men in the world, to mix myself up in this horror? I should -have thought you knew more about people's characters. Your friend Lord -Henry Wotton can't have taught you much about psychology, whatever else -he has taught you. Nothing will induce me to stir a step to help you. -You have come to the wrong man. Go to some of your friends. Don't -come to me." - -"Alan, it was murder. I killed him. You don't know what he had made -me suffer. Whatever my life is, he had more to do with the making or -the marring of it than poor Harry has had. He may not have intended -it, the result was the same." - -"Murder! Good God, Dorian, is that what you have come to? I shall not -inform upon you. It is not my business. Besides, without my stirring -in the matter, you are certain to be arrested. Nobody ever commits a -crime without doing something stupid. But I will have nothing to do -with it." - -"You must have something to do with it. Wait, wait a moment; listen to -me. Only listen, Alan. All I ask of you is to perform a certain -scientific experiment. You go to hospitals and dead-houses, and the -horrors that you do there don't affect you. If in some hideous -dissecting-room or fetid laboratory you found this man lying on a -leaden table with red gutters scooped out in it for the blood to flow -through, you would simply look upon him as an admirable subject. You -would not turn a hair. You would not believe that you were doing -anything wrong. On the contrary, you would probably feel that you were -benefiting the human race, or increasing the sum of knowledge in the -world, or gratifying intellectual curiosity, or something of that kind. -What I want you to do is merely what you have often done before. -Indeed, to destroy a body must be far less horrible than what you are -accustomed to work at. And, remember, it is the only piece of evidence -against me. If it is discovered, I am lost; and it is sure to be -discovered unless you help me." - -"I have no desire to help you. You forget that. I am simply -indifferent to the whole thing. It has nothing to do with me." - -"Alan, I entreat you. Think of the position I am in. Just before you -came I almost fainted with terror. You may know terror yourself some -day. No! don't think of that. Look at the matter purely from the -scientific point of view. You don't inquire where the dead things on -which you experiment come from. Don't inquire now. I have told you -too much as it is. But I beg of you to do this. We were friends once, -Alan." - -"Don't speak about those days, Dorian--they are dead." - -"The dead linger sometimes. The man upstairs will not go away. He is -sitting at the table with bowed head and outstretched arms. Alan! -Alan! If you don't come to my assistance, I am ruined. Why, they will -hang me, Alan! Don't you understand? They will hang me for what I -have done." - -"There is no good in prolonging this scene. I absolutely refuse to do -anything in the matter. It is insane of you to ask me." - -"You refuse?" - -"Yes." - -"I entreat you, Alan." - -"It is useless." - -The same look of pity came into Dorian Gray's eyes. Then he stretched -out his hand, took a piece of paper, and wrote something on it. He -read it over twice, folded it carefully, and pushed it across the -table. Having done this, he got up and went over to the window. - -Campbell looked at him in surprise, and then took up the paper, and -opened it. As he read it, his face became ghastly pale and he fell -back in his chair. A horrible sense of sickness came over him. He -felt as if his heart was beating itself to death in some empty hollow. - -After two or three minutes of terrible silence, Dorian turned round and -came and stood behind him, putting his hand upon his shoulder. - -"I am so sorry for you, Alan," he murmured, "but you leave me no -alternative. I have a letter written already. Here it is. You see -the address. If you don't help me, I must send it. If you don't help -me, I will send it. You know what the result will be. But you are -going to help me. It is impossible for you to refuse now. I tried to -spare you. You will do me the justice to admit that. You were stern, -harsh, offensive. You treated me as no man has ever dared to treat -me--no living man, at any rate. I bore it all. Now it is for me to -dictate terms." - -Campbell buried his face in his hands, and a shudder passed through him. - -"Yes, it is my turn to dictate terms, Alan. You know what they are. -The thing is quite simple. Come, don't work yourself into this fever. -The thing has to be done. Face it, and do it." - -A groan broke from Campbell's lips and he shivered all over. The -ticking of the clock on the mantelpiece seemed to him to be dividing -time into separate atoms of agony, each of which was too terrible to be -borne. He felt as if an iron ring was being slowly tightened round his -forehead, as if the disgrace with which he was threatened had already -come upon him. The hand upon his shoulder weighed like a hand of lead. -It was intolerable. It seemed to crush him. - -"Come, Alan, you must decide at once." - -"I cannot do it," he said, mechanically, as though words could alter -things. - -"You must. You have no choice. Don't delay." - -He hesitated a moment. "Is there a fire in the room upstairs?" - -"Yes, there is a gas-fire with asbestos." - -"I shall have to go home and get some things from the laboratory." - -"No, Alan, you must not leave the house. Write out on a sheet of -notepaper what you want and my servant will take a cab and bring the -things back to you." - -Campbell scrawled a few lines, blotted them, and addressed an envelope -to his assistant. Dorian took the note up and read it carefully. Then -he rang the bell and gave it to his valet, with orders to return as -soon as possible and to bring the things with him. - -As the hall door shut, Campbell started nervously, and having got up -from the chair, went over to the chimney-piece. He was shivering with a -kind of ague. For nearly twenty minutes, neither of the men spoke. A -fly buzzed noisily about the room, and the ticking of the clock was -like the beat of a hammer. - -As the chime struck one, Campbell turned round, and looking at Dorian -Gray, saw that his eyes were filled with tears. There was something in -the purity and refinement of that sad face that seemed to enrage him. -"You are infamous, absolutely infamous!" he muttered. - -"Hush, Alan. You have saved my life," said Dorian. - -"Your life? Good heavens! what a life that is! You have gone from -corruption to corruption, and now you have culminated in crime. In -doing what I am going to do--what you force me to do--it is not of your -life that I am thinking." - -"Ah, Alan," murmured Dorian with a sigh, "I wish you had a thousandth -part of the pity for me that I have for you." He turned away as he -spoke and stood looking out at the garden. Campbell made no answer. - -After about ten minutes a knock came to the door, and the servant -entered, carrying a large mahogany chest of chemicals, with a long coil -of steel and platinum wire and two rather curiously shaped iron clamps. - -"Shall I leave the things here, sir?" he asked Campbell. - -"Yes," said Dorian. "And I am afraid, Francis, that I have another -errand for you. What is the name of the man at Richmond who supplies -Selby with orchids?" - -"Harden, sir." - -"Yes--Harden. You must go down to Richmond at once, see Harden -personally, and tell him to send twice as many orchids as I ordered, -and to have as few white ones as possible. In fact, I don't want any -white ones. It is a lovely day, Francis, and Richmond is a very pretty -place--otherwise I wouldn't bother you about it." - -"No trouble, sir. At what time shall I be back?" - -Dorian looked at Campbell. "How long will your experiment take, Alan?" -he said in a calm indifferent voice. The presence of a third person in -the room seemed to give him extraordinary courage. - -Campbell frowned and bit his lip. "It will take about five hours," he -answered. - -"It will be time enough, then, if you are back at half-past seven, -Francis. Or stay: just leave my things out for dressing. You can -have the evening to yourself. I am not dining at home, so I shall not -want you." - -"Thank you, sir," said the man, leaving the room. - -"Now, Alan, there is not a moment to be lost. How heavy this chest is! -I'll take it for you. You bring the other things." He spoke rapidly -and in an authoritative manner. Campbell felt dominated by him. They -left the room together. - -When they reached the top landing, Dorian took out the key and turned -it in the lock. Then he stopped, and a troubled look came into his -eyes. He shuddered. "I don't think I can go in, Alan," he murmured. - -"It is nothing to me. I don't require you," said Campbell coldly. - -Dorian half opened the door. As he did so, he saw the face of his -portrait leering in the sunlight. On the floor in front of it the torn -curtain was lying. He remembered that the night before he had -forgotten, for the first time in his life, to hide the fatal canvas, -and was about to rush forward, when he drew back with a shudder. - -What was that loathsome red dew that gleamed, wet and glistening, on -one of the hands, as though the canvas had sweated blood? How horrible -it was!--more horrible, it seemed to him for the moment, than the -silent thing that he knew was stretched across the table, the thing -whose grotesque misshapen shadow on the spotted carpet showed him that -it had not stirred, but was still there, as he had left it. - -He heaved a deep breath, opened the door a little wider, and with -half-closed eyes and averted head, walked quickly in, determined that -he would not look even once upon the dead man. Then, stooping down and -taking up the gold-and-purple hanging, he flung it right over the -picture. - -There he stopped, feeling afraid to turn round, and his eyes fixed -themselves on the intricacies of the pattern before him. He heard -Campbell bringing in the heavy chest, and the irons, and the other -things that he had required for his dreadful work. He began to wonder -if he and Basil Hallward had ever met, and, if so, what they had -thought of each other. - -"Leave me now," said a stern voice behind him. - -He turned and hurried out, just conscious that the dead man had been -thrust back into the chair and that Campbell was gazing into a -glistening yellow face. As he was going downstairs, he heard the key -being turned in the lock. - -It was long after seven when Campbell came back into the library. He -was pale, but absolutely calm. "I have done what you asked me to do," -he muttered. "And now, good-bye. Let us never see each other again." - -"You have saved me from ruin, Alan. I cannot forget that," said Dorian -simply. - -As soon as Campbell had left, he went upstairs. There was a horrible -smell of nitric acid in the room. But the thing that had been sitting -at the table was gone. - - - -CHAPTER 15 - -That evening, at eight-thirty, exquisitely dressed and wearing a large -button-hole of Parma violets, Dorian Gray was ushered into Lady -Narborough's drawing-room by bowing servants. His forehead was -throbbing with maddened nerves, and he felt wildly excited, but his -manner as he bent over his hostess's hand was as easy and graceful as -ever. Perhaps one never seems so much at one's ease as when one has to -play a part. Certainly no one looking at Dorian Gray that night could -have believed that he had passed through a tragedy as horrible as any -tragedy of our age. Those finely shaped fingers could never have -clutched a knife for sin, nor those smiling lips have cried out on God -and goodness. He himself could not help wondering at the calm of his -demeanour, and for a moment felt keenly the terrible pleasure of a -double life. - -It was a small party, got up rather in a hurry by Lady Narborough, who -was a very clever woman with what Lord Henry used to describe as the -remains of really remarkable ugliness. She had proved an excellent -wife to one of our most tedious ambassadors, and having buried her -husband properly in a marble mausoleum, which she had herself designed, -and married off her daughters to some rich, rather elderly men, she -devoted herself now to the pleasures of French fiction, French cookery, -and French _esprit_ when she could get it. - -Dorian was one of her especial favourites, and she always told him that -she was extremely glad she had not met him in early life. "I know, my -dear, I should have fallen madly in love with you," she used to say, -"and thrown my bonnet right over the mills for your sake. It is most -fortunate that you were not thought of at the time. As it was, our -bonnets were so unbecoming, and the mills were so occupied in trying to -raise the wind, that I never had even a flirtation with anybody. -However, that was all Narborough's fault. He was dreadfully -short-sighted, and there is no pleasure in taking in a husband who -never sees anything." - -Her guests this evening were rather tedious. The fact was, as she -explained to Dorian, behind a very shabby fan, one of her married -daughters had come up quite suddenly to stay with her, and, to make -matters worse, had actually brought her husband with her. "I think it -is most unkind of her, my dear," she whispered. "Of course I go and -stay with them every summer after I come from Homburg, but then an old -woman like me must have fresh air sometimes, and besides, I really wake -them up. You don't know what an existence they lead down there. It is -pure unadulterated country life. They get up early, because they have -so much to do, and go to bed early, because they have so little to -think about. There has not been a scandal in the neighbourhood since -the time of Queen Elizabeth, and consequently they all fall asleep -after dinner. You shan't sit next either of them. You shall sit by me -and amuse me." - -Dorian murmured a graceful compliment and looked round the room. Yes: -it was certainly a tedious party. Two of the people he had never seen -before, and the others consisted of Ernest Harrowden, one of those -middle-aged mediocrities so common in London clubs who have no enemies, -but are thoroughly disliked by their friends; Lady Ruxton, an -overdressed woman of forty-seven, with a hooked nose, who was always -trying to get herself compromised, but was so peculiarly plain that to -her great disappointment no one would ever believe anything against -her; Mrs. Erlynne, a pushing nobody, with a delightful lisp and -Venetian-red hair; Lady Alice Chapman, his hostess's daughter, a dowdy -dull girl, with one of those characteristic British faces that, once -seen, are never remembered; and her husband, a red-cheeked, -white-whiskered creature who, like so many of his class, was under the -impression that inordinate joviality can atone for an entire lack of -ideas. - -He was rather sorry he had come, till Lady Narborough, looking at the -great ormolu gilt clock that sprawled in gaudy curves on the -mauve-draped mantelshelf, exclaimed: "How horrid of Henry Wotton to be -so late! I sent round to him this morning on chance and he promised -faithfully not to disappoint me." - -It was some consolation that Harry was to be there, and when the door -opened and he heard his slow musical voice lending charm to some -insincere apology, he ceased to feel bored. - -But at dinner he could not eat anything. Plate after plate went away -untasted. Lady Narborough kept scolding him for what she called "an -insult to poor Adolphe, who invented the _menu_ specially for you," and -now and then Lord Henry looked across at him, wondering at his silence -and abstracted manner. From time to time the butler filled his glass -with champagne. He drank eagerly, and his thirst seemed to increase. - -"Dorian," said Lord Henry at last, as the _chaud-froid_ was being handed -round, "what is the matter with you to-night? You are quite out of -sorts." - -"I believe he is in love," cried Lady Narborough, "and that he is -afraid to tell me for fear I should be jealous. He is quite right. I -certainly should." - -"Dear Lady Narborough," murmured Dorian, smiling, "I have not been in -love for a whole week--not, in fact, since Madame de Ferrol left town." - -"How you men can fall in love with that woman!" exclaimed the old lady. -"I really cannot understand it." - -"It is simply because she remembers you when you were a little girl, -Lady Narborough," said Lord Henry. "She is the one link between us and -your short frocks." - -"She does not remember my short frocks at all, Lord Henry. But I -remember her very well at Vienna thirty years ago, and how _decolletee_ -she was then." - -"She is still _decolletee_," he answered, taking an olive in his long -fingers; "and when she is in a very smart gown she looks like an -_edition de luxe_ of a bad French novel. She is really wonderful, and -full of surprises. Her capacity for family affection is extraordinary. -When her third husband died, her hair turned quite gold from grief." - -"How can you, Harry!" cried Dorian. - -"It is a most romantic explanation," laughed the hostess. "But her -third husband, Lord Henry! You don't mean to say Ferrol is the fourth?" - -"Certainly, Lady Narborough." - -"I don't believe a word of it." - -"Well, ask Mr. Gray. He is one of her most intimate friends." - -"Is it true, Mr. Gray?" - -"She assures me so, Lady Narborough," said Dorian. "I asked her -whether, like Marguerite de Navarre, she had their hearts embalmed and -hung at her girdle. She told me she didn't, because none of them had -had any hearts at all." - -"Four husbands! Upon my word that is _trop de zele_." - -"_Trop d'audace_, I tell her," said Dorian. - -"Oh! she is audacious enough for anything, my dear. And what is Ferrol -like? I don't know him." - -"The husbands of very beautiful women belong to the criminal classes," -said Lord Henry, sipping his wine. - -Lady Narborough hit him with her fan. "Lord Henry, I am not at all -surprised that the world says that you are extremely wicked." - -"But what world says that?" asked Lord Henry, elevating his eyebrows. -"It can only be the next world. This world and I are on excellent -terms." - -"Everybody I know says you are very wicked," cried the old lady, -shaking her head. - -Lord Henry looked serious for some moments. "It is perfectly -monstrous," he said, at last, "the way people go about nowadays saying -things against one behind one's back that are absolutely and entirely -true." - -"Isn't he incorrigible?" cried Dorian, leaning forward in his chair. - -"I hope so," said his hostess, laughing. "But really, if you all -worship Madame de Ferrol in this ridiculous way, I shall have to marry -again so as to be in the fashion." - -"You will never marry again, Lady Narborough," broke in Lord Henry. -"You were far too happy. When a woman marries again, it is because she -detested her first husband. When a man marries again, it is because he -adored his first wife. Women try their luck; men risk theirs." - -"Narborough wasn't perfect," cried the old lady. - -"If he had been, you would not have loved him, my dear lady," was the -rejoinder. "Women love us for our defects. If we have enough of them, -they will forgive us everything, even our intellects. You will never -ask me to dinner again after saying this, I am afraid, Lady Narborough, -but it is quite true." - -"Of course it is true, Lord Henry. If we women did not love you for -your defects, where would you all be? Not one of you would ever be -married. You would be a set of unfortunate bachelors. Not, however, -that that would alter you much. Nowadays all the married men live like -bachelors, and all the bachelors like married men." - -"_Fin de siecle_," murmured Lord Henry. - -"_Fin du globe_," answered his hostess. - -"I wish it were _fin du globe_," said Dorian with a sigh. "Life is a -great disappointment." - -"Ah, my dear," cried Lady Narborough, putting on her gloves, "don't -tell me that you have exhausted life. When a man says that one knows -that life has exhausted him. Lord Henry is very wicked, and I -sometimes wish that I had been; but you are made to be good--you look -so good. I must find you a nice wife. Lord Henry, don't you think -that Mr. Gray should get married?" - -"I am always telling him so, Lady Narborough," said Lord Henry with a -bow. - -"Well, we must look out for a suitable match for him. I shall go -through Debrett carefully to-night and draw out a list of all the -eligible young ladies." - -"With their ages, Lady Narborough?" asked Dorian. - -"Of course, with their ages, slightly edited. But nothing must be done -in a hurry. I want it to be what _The Morning Post_ calls a suitable -alliance, and I want you both to be happy." - -"What nonsense people talk about happy marriages!" exclaimed Lord -Henry. "A man can be happy with any woman, as long as he does not love -her." - -"Ah! what a cynic you are!" cried the old lady, pushing back her chair -and nodding to Lady Ruxton. "You must come and dine with me soon -again. You are really an admirable tonic, much better than what Sir -Andrew prescribes for me. You must tell me what people you would like -to meet, though. I want it to be a delightful gathering." - -"I like men who have a future and women who have a past," he answered. -"Or do you think that would make it a petticoat party?" - -"I fear so," she said, laughing, as she stood up. "A thousand pardons, -my dear Lady Ruxton," she added, "I didn't see you hadn't finished your -cigarette." - -"Never mind, Lady Narborough. I smoke a great deal too much. I am -going to limit myself, for the future." - -"Pray don't, Lady Ruxton," said Lord Henry. "Moderation is a fatal -thing. Enough is as bad as a meal. More than enough is as good as a -feast." - -Lady Ruxton glanced at him curiously. "You must come and explain that -to me some afternoon, Lord Henry. It sounds a fascinating theory," she -murmured, as she swept out of the room. - -"Now, mind you don't stay too long over your politics and scandal," -cried Lady Narborough from the door. "If you do, we are sure to -squabble upstairs." - -The men laughed, and Mr. Chapman got up solemnly from the foot of the -table and came up to the top. Dorian Gray changed his seat and went -and sat by Lord Henry. Mr. Chapman began to talk in a loud voice about -the situation in the House of Commons. He guffawed at his adversaries. -The word _doctrinaire_--word full of terror to the British -mind--reappeared from time to time between his explosions. An -alliterative prefix served as an ornament of oratory. He hoisted the -Union Jack on the pinnacles of thought. The inherited stupidity of the -race--sound English common sense he jovially termed it--was shown to be -the proper bulwark for society. - -A smile curved Lord Henry's lips, and he turned round and looked at -Dorian. - -"Are you better, my dear fellow?" he asked. "You seemed rather out of -sorts at dinner." - -"I am quite well, Harry. I am tired. That is all." - -"You were charming last night. The little duchess is quite devoted to -you. She tells me she is going down to Selby." - -"She has promised to come on the twentieth." - -"Is Monmouth to be there, too?" - -"Oh, yes, Harry." - -"He bores me dreadfully, almost as much as he bores her. She is very -clever, too clever for a woman. She lacks the indefinable charm of -weakness. It is the feet of clay that make the gold of the image -precious. Her feet are very pretty, but they are not feet of clay. -White porcelain feet, if you like. They have been through the fire, -and what fire does not destroy, it hardens. She has had experiences." - -"How long has she been married?" asked Dorian. - -"An eternity, she tells me. I believe, according to the peerage, it is -ten years, but ten years with Monmouth must have been like eternity, -with time thrown in. Who else is coming?" - -"Oh, the Willoughbys, Lord Rugby and his wife, our hostess, Geoffrey -Clouston, the usual set. I have asked Lord Grotrian." - -"I like him," said Lord Henry. "A great many people don't, but I find -him charming. He atones for being occasionally somewhat overdressed by -being always absolutely over-educated. He is a very modern type." - -"I don't know if he will be able to come, Harry. He may have to go to -Monte Carlo with his father." - -"Ah! what a nuisance people's people are! Try and make him come. By -the way, Dorian, you ran off very early last night. You left before -eleven. What did you do afterwards? Did you go straight home?" - -Dorian glanced at him hurriedly and frowned. - -"No, Harry," he said at last, "I did not get home till nearly three." - -"Did you go to the club?" - -"Yes," he answered. Then he bit his lip. "No, I don't mean that. I -didn't go to the club. I walked about. I forget what I did.... How -inquisitive you are, Harry! You always want to know what one has been -doing. I always want to forget what I have been doing. I came in at -half-past two, if you wish to know the exact time. I had left my -latch-key at home, and my servant had to let me in. If you want any -corroborative evidence on the subject, you can ask him." - -Lord Henry shrugged his shoulders. "My dear fellow, as if I cared! -Let us go up to the drawing-room. No sherry, thank you, Mr. Chapman. -Something has happened to you, Dorian. Tell me what it is. You are -not yourself to-night." - -"Don't mind me, Harry. I am irritable, and out of temper. I shall -come round and see you to-morrow, or next day. Make my excuses to Lady -Narborough. I shan't go upstairs. I shall go home. I must go home." - -"All right, Dorian. I dare say I shall see you to-morrow at tea-time. -The duchess is coming." - -"I will try to be there, Harry," he said, leaving the room. As he -drove back to his own house, he was conscious that the sense of terror -he thought he had strangled had come back to him. Lord Henry's casual -questioning had made him lose his nerve for the moment, and he wanted -his nerve still. Things that were dangerous had to be destroyed. He -winced. He hated the idea of even touching them. - -Yet it had to be done. He realized that, and when he had locked the -door of his library, he opened the secret press into which he had -thrust Basil Hallward's coat and bag. A huge fire was blazing. He -piled another log on it. The smell of the singeing clothes and burning -leather was horrible. It took him three-quarters of an hour to consume -everything. At the end he felt faint and sick, and having lit some -Algerian pastilles in a pierced copper brazier, he bathed his hands and -forehead with a cool musk-scented vinegar. - -Suddenly he started. His eyes grew strangely bright, and he gnawed -nervously at his underlip. Between two of the windows stood a large -Florentine cabinet, made out of ebony and inlaid with ivory and blue -lapis. He watched it as though it were a thing that could fascinate -and make afraid, as though it held something that he longed for and yet -almost loathed. His breath quickened. A mad craving came over him. -He lit a cigarette and then threw it away. His eyelids drooped till -the long fringed lashes almost touched his cheek. But he still watched -the cabinet. At last he got up from the sofa on which he had been -lying, went over to it, and having unlocked it, touched some hidden -spring. A triangular drawer passed slowly out. His fingers moved -instinctively towards it, dipped in, and closed on something. It was a -small Chinese box of black and gold-dust lacquer, elaborately wrought, -the sides patterned with curved waves, and the silken cords hung with -round crystals and tasselled in plaited metal threads. He opened it. -Inside was a green paste, waxy in lustre, the odour curiously heavy and -persistent. - -He hesitated for some moments, with a strangely immobile smile upon his -face. Then shivering, though the atmosphere of the room was terribly -hot, he drew himself up and glanced at the clock. It was twenty -minutes to twelve. He put the box back, shutting the cabinet doors as -he did so, and went into his bedroom. - -As midnight was striking bronze blows upon the dusky air, Dorian Gray, -dressed commonly, and with a muffler wrapped round his throat, crept -quietly out of his house. In Bond Street he found a hansom with a good -horse. He hailed it and in a low voice gave the driver an address. - -The man shook his head. "It is too far for me," he muttered. - -"Here is a sovereign for you," said Dorian. "You shall have another if -you drive fast." - -"All right, sir," answered the man, "you will be there in an hour," and -after his fare had got in he turned his horse round and drove rapidly -towards the river. - - - -CHAPTER 16 - -A cold rain began to fall, and the blurred street-lamps looked ghastly -in the dripping mist. The public-houses were just closing, and dim men -and women were clustering in broken groups round their doors. From -some of the bars came the sound of horrible laughter. In others, -drunkards brawled and screamed. - -Lying back in the hansom, with his hat pulled over his forehead, Dorian -Gray watched with listless eyes the sordid shame of the great city, and -now and then he repeated to himself the words that Lord Henry had said -to him on the first day they had met, "To cure the soul by means of the -senses, and the senses by means of the soul." Yes, that was the -secret. He had often tried it, and would try it again now. There were -opium dens where one could buy oblivion, dens of horror where the -memory of old sins could be destroyed by the madness of sins that were -new. - -The moon hung low in the sky like a yellow skull. From time to time a -huge misshapen cloud stretched a long arm across and hid it. The -gas-lamps grew fewer, and the streets more narrow and gloomy. Once the -man lost his way and had to drive back half a mile. A steam rose from -the horse as it splashed up the puddles. The sidewindows of the hansom -were clogged with a grey-flannel mist. - -"To cure the soul by means of the senses, and the senses by means of -the soul!" How the words rang in his ears! His soul, certainly, was -sick to death. Was it true that the senses could cure it? Innocent -blood had been spilled. What could atone for that? Ah! for that there -was no atonement; but though forgiveness was impossible, forgetfulness -was possible still, and he was determined to forget, to stamp the thing -out, to crush it as one would crush the adder that had stung one. -Indeed, what right had Basil to have spoken to him as he had done? Who -had made him a judge over others? He had said things that were -dreadful, horrible, not to be endured. - -On and on plodded the hansom, going slower, it seemed to him, at each -step. He thrust up the trap and called to the man to drive faster. -The hideous hunger for opium began to gnaw at him. His throat burned -and his delicate hands twitched nervously together. He struck at the -horse madly with his stick. The driver laughed and whipped up. He -laughed in answer, and the man was silent. - -The way seemed interminable, and the streets like the black web of some -sprawling spider. The monotony became unbearable, and as the mist -thickened, he felt afraid. - -Then they passed by lonely brickfields. The fog was lighter here, and -he could see the strange, bottle-shaped kilns with their orange, -fanlike tongues of fire. A dog barked as they went by, and far away in -the darkness some wandering sea-gull screamed. The horse stumbled in a -rut, then swerved aside and broke into a gallop. - -After some time they left the clay road and rattled again over -rough-paven streets. Most of the windows were dark, but now and then -fantastic shadows were silhouetted against some lamplit blind. He -watched them curiously. They moved like monstrous marionettes and made -gestures like live things. He hated them. A dull rage was in his -heart. As they turned a corner, a woman yelled something at them from -an open door, and two men ran after the hansom for about a hundred -yards. The driver beat at them with his whip. - -It is said that passion makes one think in a circle. Certainly with -hideous iteration the bitten lips of Dorian Gray shaped and reshaped -those subtle words that dealt with soul and sense, till he had found in -them the full expression, as it were, of his mood, and justified, by -intellectual approval, passions that without such justification would -still have dominated his temper. From cell to cell of his brain crept -the one thought; and the wild desire to live, most terrible of all -man's appetites, quickened into force each trembling nerve and fibre. -Ugliness that had once been hateful to him because it made things real, -became dear to him now for that very reason. Ugliness was the one -reality. The coarse brawl, the loathsome den, the crude violence of -disordered life, the very vileness of thief and outcast, were more -vivid, in their intense actuality of impression, than all the gracious -shapes of art, the dreamy shadows of song. They were what he needed -for forgetfulness. In three days he would be free. - -Suddenly the man drew up with a jerk at the top of a dark lane. Over -the low roofs and jagged chimney-stacks of the houses rose the black -masts of ships. Wreaths of white mist clung like ghostly sails to the -yards. - -"Somewhere about here, sir, ain't it?" he asked huskily through the -trap. - -Dorian started and peered round. "This will do," he answered, and -having got out hastily and given the driver the extra fare he had -promised him, he walked quickly in the direction of the quay. Here and -there a lantern gleamed at the stern of some huge merchantman. The -light shook and splintered in the puddles. A red glare came from an -outward-bound steamer that was coaling. The slimy pavement looked like -a wet mackintosh. - -He hurried on towards the left, glancing back now and then to see if he -was being followed. In about seven or eight minutes he reached a small -shabby house that was wedged in between two gaunt factories. In one of -the top-windows stood a lamp. He stopped and gave a peculiar knock. - -After a little time he heard steps in the passage and the chain being -unhooked. The door opened quietly, and he went in without saying a -word to the squat misshapen figure that flattened itself into the -shadow as he passed. At the end of the hall hung a tattered green -curtain that swayed and shook in the gusty wind which had followed him -in from the street. He dragged it aside and entered a long low room -which looked as if it had once been a third-rate dancing-saloon. Shrill -flaring gas-jets, dulled and distorted in the fly-blown mirrors that -faced them, were ranged round the walls. Greasy reflectors of ribbed -tin backed them, making quivering disks of light. The floor was -covered with ochre-coloured sawdust, trampled here and there into mud, -and stained with dark rings of spilled liquor. Some Malays were -crouching by a little charcoal stove, playing with bone counters and -showing their white teeth as they chattered. In one corner, with his -head buried in his arms, a sailor sprawled over a table, and by the -tawdrily painted bar that ran across one complete side stood two -haggard women, mocking an old man who was brushing the sleeves of his -coat with an expression of disgust. "He thinks he's got red ants on -him," laughed one of them, as Dorian passed by. The man looked at her -in terror and began to whimper. - -At the end of the room there was a little staircase, leading to a -darkened chamber. As Dorian hurried up its three rickety steps, the -heavy odour of opium met him. He heaved a deep breath, and his -nostrils quivered with pleasure. When he entered, a young man with -smooth yellow hair, who was bending over a lamp lighting a long thin -pipe, looked up at him and nodded in a hesitating manner. - -"You here, Adrian?" muttered Dorian. - -"Where else should I be?" he answered, listlessly. "None of the chaps -will speak to me now." - -"I thought you had left England." - -"Darlington is not going to do anything. My brother paid the bill at -last. George doesn't speak to me either.... I don't care," he added -with a sigh. "As long as one has this stuff, one doesn't want friends. -I think I have had too many friends." - -Dorian winced and looked round at the grotesque things that lay in such -fantastic postures on the ragged mattresses. The twisted limbs, the -gaping mouths, the staring lustreless eyes, fascinated him. He knew in -what strange heavens they were suffering, and what dull hells were -teaching them the secret of some new joy. They were better off than he -was. He was prisoned in thought. Memory, like a horrible malady, was -eating his soul away. From time to time he seemed to see the eyes of -Basil Hallward looking at him. Yet he felt he could not stay. The -presence of Adrian Singleton troubled him. He wanted to be where no -one would know who he was. He wanted to escape from himself. - -"I am going on to the other place," he said after a pause. - -"On the wharf?" - -"Yes." - -"That mad-cat is sure to be there. They won't have her in this place -now." - -Dorian shrugged his shoulders. "I am sick of women who love one. -Women who hate one are much more interesting. Besides, the stuff is -better." - -"Much the same." - -"I like it better. Come and have something to drink. I must have -something." - -"I don't want anything," murmured the young man. - -"Never mind." - -Adrian Singleton rose up wearily and followed Dorian to the bar. A -half-caste, in a ragged turban and a shabby ulster, grinned a hideous -greeting as he thrust a bottle of brandy and two tumblers in front of -them. The women sidled up and began to chatter. Dorian turned his -back on them and said something in a low voice to Adrian Singleton. - -A crooked smile, like a Malay crease, writhed across the face of one of -the women. "We are very proud to-night," she sneered. - -"For God's sake don't talk to me," cried Dorian, stamping his foot on -the ground. "What do you want? Money? Here it is. Don't ever talk -to me again." - -Two red sparks flashed for a moment in the woman's sodden eyes, then -flickered out and left them dull and glazed. She tossed her head and -raked the coins off the counter with greedy fingers. Her companion -watched her enviously. - -"It's no use," sighed Adrian Singleton. "I don't care to go back. -What does it matter? I am quite happy here." - -"You will write to me if you want anything, won't you?" said Dorian, -after a pause. - -"Perhaps." - -"Good night, then." - -"Good night," answered the young man, passing up the steps and wiping -his parched mouth with a handkerchief. - -Dorian walked to the door with a look of pain in his face. As he drew -the curtain aside, a hideous laugh broke from the painted lips of the -woman who had taken his money. "There goes the devil's bargain!" she -hiccoughed, in a hoarse voice. - -"Curse you!" he answered, "don't call me that." - -She snapped her fingers. "Prince Charming is what you like to be -called, ain't it?" she yelled after him. - -The drowsy sailor leaped to his feet as she spoke, and looked wildly -round. The sound of the shutting of the hall door fell on his ear. He -rushed out as if in pursuit. - -Dorian Gray hurried along the quay through the drizzling rain. His -meeting with Adrian Singleton had strangely moved him, and he wondered -if the ruin of that young life was really to be laid at his door, as -Basil Hallward had said to him with such infamy of insult. He bit his -lip, and for a few seconds his eyes grew sad. Yet, after all, what did -it matter to him? One's days were too brief to take the burden of -another's errors on one's shoulders. Each man lived his own life and -paid his own price for living it. The only pity was one had to pay so -often for a single fault. One had to pay over and over again, indeed. -In her dealings with man, destiny never closed her accounts. - -There are moments, psychologists tell us, when the passion for sin, or -for what the world calls sin, so dominates a nature that every fibre of -the body, as every cell of the brain, seems to be instinct with fearful -impulses. Men and women at such moments lose the freedom of their -will. They move to their terrible end as automatons move. Choice is -taken from them, and conscience is either killed, or, if it lives at -all, lives but to give rebellion its fascination and disobedience its -charm. For all sins, as theologians weary not of reminding us, are -sins of disobedience. When that high spirit, that morning star of -evil, fell from heaven, it was as a rebel that he fell. - -Callous, concentrated on evil, with stained mind, and soul hungry for -rebellion, Dorian Gray hastened on, quickening his step as he went, but -as he darted aside into a dim archway, that had served him often as a -short cut to the ill-famed place where he was going, he felt himself -suddenly seized from behind, and before he had time to defend himself, -he was thrust back against the wall, with a brutal hand round his -throat. - -He struggled madly for life, and by a terrible effort wrenched the -tightening fingers away. In a second he heard the click of a revolver, -and saw the gleam of a polished barrel, pointing straight at his head, -and the dusky form of a short, thick-set man facing him. - -"What do you want?" he gasped. - -"Keep quiet," said the man. "If you stir, I shoot you." - -"You are mad. What have I done to you?" - -"You wrecked the life of Sibyl Vane," was the answer, "and Sibyl Vane -was my sister. She killed herself. I know it. Her death is at your -door. I swore I would kill you in return. For years I have sought -you. I had no clue, no trace. The two people who could have described -you were dead. I knew nothing of you but the pet name she used to call -you. I heard it to-night by chance. Make your peace with God, for -to-night you are going to die." - -Dorian Gray grew sick with fear. "I never knew her," he stammered. "I -never heard of her. You are mad." - -"You had better confess your sin, for as sure as I am James Vane, you -are going to die." There was a horrible moment. Dorian did not know -what to say or do. "Down on your knees!" growled the man. "I give you -one minute to make your peace--no more. I go on board to-night for -India, and I must do my job first. One minute. That's all." - -Dorian's arms fell to his side. Paralysed with terror, he did not know -what to do. Suddenly a wild hope flashed across his brain. "Stop," he -cried. "How long ago is it since your sister died? Quick, tell me!" - -"Eighteen years," said the man. "Why do you ask me? What do years -matter?" - -"Eighteen years," laughed Dorian Gray, with a touch of triumph in his -voice. "Eighteen years! Set me under the lamp and look at my face!" - -James Vane hesitated for a moment, not understanding what was meant. -Then he seized Dorian Gray and dragged him from the archway. - -Dim and wavering as was the wind-blown light, yet it served to show him -the hideous error, as it seemed, into which he had fallen, for the face -of the man he had sought to kill had all the bloom of boyhood, all the -unstained purity of youth. He seemed little more than a lad of twenty -summers, hardly older, if older indeed at all, than his sister had been -when they had parted so many years ago. It was obvious that this was -not the man who had destroyed her life. - -He loosened his hold and reeled back. "My God! my God!" he cried, "and -I would have murdered you!" - -Dorian Gray drew a long breath. "You have been on the brink of -committing a terrible crime, my man," he said, looking at him sternly. -"Let this be a warning to you not to take vengeance into your own -hands." - -"Forgive me, sir," muttered James Vane. "I was deceived. A chance -word I heard in that damned den set me on the wrong track." - -"You had better go home and put that pistol away, or you may get into -trouble," said Dorian, turning on his heel and going slowly down the -street. - -James Vane stood on the pavement in horror. He was trembling from head -to foot. After a little while, a black shadow that had been creeping -along the dripping wall moved out into the light and came close to him -with stealthy footsteps. He felt a hand laid on his arm and looked -round with a start. It was one of the women who had been drinking at -the bar. - -"Why didn't you kill him?" she hissed out, putting haggard face quite -close to his. "I knew you were following him when you rushed out from -Daly's. You fool! You should have killed him. He has lots of money, -and he's as bad as bad." - -"He is not the man I am looking for," he answered, "and I want no man's -money. I want a man's life. The man whose life I want must be nearly -forty now. This one is little more than a boy. Thank God, I have not -got his blood upon my hands." - -The woman gave a bitter laugh. "Little more than a boy!" she sneered. -"Why, man, it's nigh on eighteen years since Prince Charming made me -what I am." - -"You lie!" cried James Vane. - -She raised her hand up to heaven. "Before God I am telling the truth," -she cried. - -"Before God?" - -"Strike me dumb if it ain't so. He is the worst one that comes here. -They say he has sold himself to the devil for a pretty face. It's nigh -on eighteen years since I met him. He hasn't changed much since then. -I have, though," she added, with a sickly leer. - -"You swear this?" - -"I swear it," came in hoarse echo from her flat mouth. "But don't give -me away to him," she whined; "I am afraid of him. Let me have some -money for my night's lodging." - -He broke from her with an oath and rushed to the corner of the street, -but Dorian Gray had disappeared. When he looked back, the woman had -vanished also. - - - -CHAPTER 17 - -A week later Dorian Gray was sitting in the conservatory at Selby -Royal, talking to the pretty Duchess of Monmouth, who with her husband, -a jaded-looking man of sixty, was amongst his guests. It was tea-time, -and the mellow light of the huge, lace-covered lamp that stood on the -table lit up the delicate china and hammered silver of the service at -which the duchess was presiding. Her white hands were moving daintily -among the cups, and her full red lips were smiling at something that -Dorian had whispered to her. Lord Henry was lying back in a -silk-draped wicker chair, looking at them. On a peach-coloured divan -sat Lady Narborough, pretending to listen to the duke's description of -the last Brazilian beetle that he had added to his collection. Three -young men in elaborate smoking-suits were handing tea-cakes to some of -the women. The house-party consisted of twelve people, and there were -more expected to arrive on the next day. - -"What are you two talking about?" said Lord Henry, strolling over to -the table and putting his cup down. "I hope Dorian has told you about -my plan for rechristening everything, Gladys. It is a delightful idea." - -"But I don't want to be rechristened, Harry," rejoined the duchess, -looking up at him with her wonderful eyes. "I am quite satisfied with -my own name, and I am sure Mr. Gray should be satisfied with his." - -"My dear Gladys, I would not alter either name for the world. They are -both perfect. I was thinking chiefly of flowers. Yesterday I cut an -orchid, for my button-hole. It was a marvellous spotted thing, as -effective as the seven deadly sins. In a thoughtless moment I asked -one of the gardeners what it was called. He told me it was a fine -specimen of _Robinsoniana_, or something dreadful of that kind. It is a -sad truth, but we have lost the faculty of giving lovely names to -things. Names are everything. I never quarrel with actions. My one -quarrel is with words. That is the reason I hate vulgar realism in -literature. The man who could call a spade a spade should be compelled -to use one. It is the only thing he is fit for." - -"Then what should we call you, Harry?" she asked. - -"His name is Prince Paradox," said Dorian. - -"I recognize him in a flash," exclaimed the duchess. - -"I won't hear of it," laughed Lord Henry, sinking into a chair. "From -a label there is no escape! I refuse the title." - -"Royalties may not abdicate," fell as a warning from pretty lips. - -"You wish me to defend my throne, then?" - -"Yes." - -"I give the truths of to-morrow." - -"I prefer the mistakes of to-day," she answered. - -"You disarm me, Gladys," he cried, catching the wilfulness of her mood. - -"Of your shield, Harry, not of your spear." - -"I never tilt against beauty," he said, with a wave of his hand. - -"That is your error, Harry, believe me. You value beauty far too much." - -"How can you say that? I admit that I think that it is better to be -beautiful than to be good. But on the other hand, no one is more ready -than I am to acknowledge that it is better to be good than to be ugly." - -"Ugliness is one of the seven deadly sins, then?" cried the duchess. -"What becomes of your simile about the orchid?" - -"Ugliness is one of the seven deadly virtues, Gladys. You, as a good -Tory, must not underrate them. Beer, the Bible, and the seven deadly -virtues have made our England what she is." - -"You don't like your country, then?" she asked. - -"I live in it." - -"That you may censure it the better." - -"Would you have me take the verdict of Europe on it?" he inquired. - -"What do they say of us?" - -"That Tartuffe has emigrated to England and opened a shop." - -"Is that yours, Harry?" - -"I give it to you." - -"I could not use it. It is too true." - -"You need not be afraid. Our countrymen never recognize a description." - -"They are practical." - -"They are more cunning than practical. When they make up their ledger, -they balance stupidity by wealth, and vice by hypocrisy." - -"Still, we have done great things." - -"Great things have been thrust on us, Gladys." - -"We have carried their burden." - -"Only as far as the Stock Exchange." - -She shook her head. "I believe in the race," she cried. - -"It represents the survival of the pushing." - -"It has development." - -"Decay fascinates me more." - -"What of art?" she asked. - -"It is a malady." - -"Love?" - -"An illusion." - -"Religion?" - -"The fashionable substitute for belief." - -"You are a sceptic." - -"Never! Scepticism is the beginning of faith." - -"What are you?" - -"To define is to limit." - -"Give me a clue." - -"Threads snap. You would lose your way in the labyrinth." - -"You bewilder me. Let us talk of some one else." - -"Our host is a delightful topic. Years ago he was christened Prince -Charming." - -"Ah! don't remind me of that," cried Dorian Gray. - -"Our host is rather horrid this evening," answered the duchess, -colouring. "I believe he thinks that Monmouth married me on purely -scientific principles as the best specimen he could find of a modern -butterfly." - -"Well, I hope he won't stick pins into you, Duchess," laughed Dorian. - -"Oh! my maid does that already, Mr. Gray, when she is annoyed with me." - -"And what does she get annoyed with you about, Duchess?" - -"For the most trivial things, Mr. Gray, I assure you. Usually because -I come in at ten minutes to nine and tell her that I must be dressed by -half-past eight." - -"How unreasonable of her! You should give her warning." - -"I daren't, Mr. Gray. Why, she invents hats for me. You remember the -one I wore at Lady Hilstone's garden-party? You don't, but it is nice -of you to pretend that you do. Well, she made it out of nothing. All -good hats are made out of nothing." - -"Like all good reputations, Gladys," interrupted Lord Henry. "Every -effect that one produces gives one an enemy. To be popular one must be -a mediocrity." - -"Not with women," said the duchess, shaking her head; "and women rule -the world. I assure you we can't bear mediocrities. We women, as some -one says, love with our ears, just as you men love with your eyes, if -you ever love at all." - -"It seems to me that we never do anything else," murmured Dorian. - -"Ah! then, you never really love, Mr. Gray," answered the duchess with -mock sadness. - -"My dear Gladys!" cried Lord Henry. "How can you say that? Romance -lives by repetition, and repetition converts an appetite into an art. -Besides, each time that one loves is the only time one has ever loved. -Difference of object does not alter singleness of passion. It merely -intensifies it. We can have in life but one great experience at best, -and the secret of life is to reproduce that experience as often as -possible." - -"Even when one has been wounded by it, Harry?" asked the duchess after -a pause. - -"Especially when one has been wounded by it," answered Lord Henry. - -The duchess turned and looked at Dorian Gray with a curious expression -in her eyes. "What do you say to that, Mr. Gray?" she inquired. - -Dorian hesitated for a moment. Then he threw his head back and -laughed. "I always agree with Harry, Duchess." - -"Even when he is wrong?" - -"Harry is never wrong, Duchess." - -"And does his philosophy make you happy?" - -"I have never searched for happiness. Who wants happiness? I have -searched for pleasure." - -"And found it, Mr. Gray?" - -"Often. Too often." - -The duchess sighed. "I am searching for peace," she said, "and if I -don't go and dress, I shall have none this evening." - -"Let me get you some orchids, Duchess," cried Dorian, starting to his -feet and walking down the conservatory. - -"You are flirting disgracefully with him," said Lord Henry to his -cousin. "You had better take care. He is very fascinating." - -"If he were not, there would be no battle." - -"Greek meets Greek, then?" - -"I am on the side of the Trojans. They fought for a woman." - -"They were defeated." - -"There are worse things than capture," she answered. - -"You gallop with a loose rein." - -"Pace gives life," was the _riposte_. - -"I shall write it in my diary to-night." - -"What?" - -"That a burnt child loves the fire." - -"I am not even singed. My wings are untouched." - -"You use them for everything, except flight." - -"Courage has passed from men to women. It is a new experience for us." - -"You have a rival." - -"Who?" - -He laughed. "Lady Narborough," he whispered. "She perfectly adores -him." - -"You fill me with apprehension. The appeal to antiquity is fatal to us -who are romanticists." - -"Romanticists! You have all the methods of science." - -"Men have educated us." - -"But not explained you." - -"Describe us as a sex," was her challenge. - -"Sphinxes without secrets." - -She looked at him, smiling. "How long Mr. Gray is!" she said. "Let us -go and help him. I have not yet told him the colour of my frock." - -"Ah! you must suit your frock to his flowers, Gladys." - -"That would be a premature surrender." - -"Romantic art begins with its climax." - -"I must keep an opportunity for retreat." - -"In the Parthian manner?" - -"They found safety in the desert. I could not do that." - -"Women are not always allowed a choice," he answered, but hardly had he -finished the sentence before from the far end of the conservatory came -a stifled groan, followed by the dull sound of a heavy fall. Everybody -started up. The duchess stood motionless in horror. And with fear in -his eyes, Lord Henry rushed through the flapping palms to find Dorian -Gray lying face downwards on the tiled floor in a deathlike swoon. - -He was carried at once into the blue drawing-room and laid upon one of -the sofas. After a short time, he came to himself and looked round -with a dazed expression. - -"What has happened?" he asked. "Oh! I remember. Am I safe here, -Harry?" He began to tremble. - -"My dear Dorian," answered Lord Henry, "you merely fainted. That was -all. You must have overtired yourself. You had better not come down -to dinner. I will take your place." - -"No, I will come down," he said, struggling to his feet. "I would -rather come down. I must not be alone." - -He went to his room and dressed. There was a wild recklessness of -gaiety in his manner as he sat at table, but now and then a thrill of -terror ran through him when he remembered that, pressed against the -window of the conservatory, like a white handkerchief, he had seen the -face of James Vane watching him. - - - -CHAPTER 18 - -The next day he did not leave the house, and, indeed, spent most of the -time in his own room, sick with a wild terror of dying, and yet -indifferent to life itself. The consciousness of being hunted, snared, -tracked down, had begun to dominate him. If the tapestry did but -tremble in the wind, he shook. The dead leaves that were blown against -the leaded panes seemed to him like his own wasted resolutions and wild -regrets. When he closed his eyes, he saw again the sailor's face -peering through the mist-stained glass, and horror seemed once more to -lay its hand upon his heart. - -But perhaps it had been only his fancy that had called vengeance out of -the night and set the hideous shapes of punishment before him. Actual -life was chaos, but there was something terribly logical in the -imagination. It was the imagination that set remorse to dog the feet -of sin. It was the imagination that made each crime bear its misshapen -brood. In the common world of fact the wicked were not punished, nor -the good rewarded. Success was given to the strong, failure thrust -upon the weak. That was all. Besides, had any stranger been prowling -round the house, he would have been seen by the servants or the -keepers. Had any foot-marks been found on the flower-beds, the -gardeners would have reported it. Yes, it had been merely fancy. -Sibyl Vane's brother had not come back to kill him. He had sailed away -in his ship to founder in some winter sea. From him, at any rate, he -was safe. Why, the man did not know who he was, could not know who he -was. The mask of youth had saved him. - -And yet if it had been merely an illusion, how terrible it was to think -that conscience could raise such fearful phantoms, and give them -visible form, and make them move before one! What sort of life would -his be if, day and night, shadows of his crime were to peer at him from -silent corners, to mock him from secret places, to whisper in his ear -as he sat at the feast, to wake him with icy fingers as he lay asleep! -As the thought crept through his brain, he grew pale with terror, and -the air seemed to him to have become suddenly colder. Oh! in what a -wild hour of madness he had killed his friend! How ghastly the mere -memory of the scene! He saw it all again. Each hideous detail came -back to him with added horror. Out of the black cave of time, terrible -and swathed in scarlet, rose the image of his sin. When Lord Henry -came in at six o'clock, he found him crying as one whose heart will -break. - -It was not till the third day that he ventured to go out. There was -something in the clear, pine-scented air of that winter morning that -seemed to bring him back his joyousness and his ardour for life. But -it was not merely the physical conditions of environment that had -caused the change. His own nature had revolted against the excess of -anguish that had sought to maim and mar the perfection of its calm. -With subtle and finely wrought temperaments it is always so. Their -strong passions must either bruise or bend. They either slay the man, -or themselves die. Shallow sorrows and shallow loves live on. The -loves and sorrows that are great are destroyed by their own plenitude. -Besides, he had convinced himself that he had been the victim of a -terror-stricken imagination, and looked back now on his fears with -something of pity and not a little of contempt. - -After breakfast, he walked with the duchess for an hour in the garden -and then drove across the park to join the shooting-party. The crisp -frost lay like salt upon the grass. The sky was an inverted cup of -blue metal. A thin film of ice bordered the flat, reed-grown lake. - -At the corner of the pine-wood he caught sight of Sir Geoffrey -Clouston, the duchess's brother, jerking two spent cartridges out of -his gun. He jumped from the cart, and having told the groom to take -the mare home, made his way towards his guest through the withered -bracken and rough undergrowth. - -"Have you had good sport, Geoffrey?" he asked. - -"Not very good, Dorian. I think most of the birds have gone to the -open. I dare say it will be better after lunch, when we get to new -ground." - -Dorian strolled along by his side. The keen aromatic air, the brown -and red lights that glimmered in the wood, the hoarse cries of the -beaters ringing out from time to time, and the sharp snaps of the guns -that followed, fascinated him and filled him with a sense of delightful -freedom. He was dominated by the carelessness of happiness, by the -high indifference of joy. - -Suddenly from a lumpy tussock of old grass some twenty yards in front -of them, with black-tipped ears erect and long hinder limbs throwing it -forward, started a hare. It bolted for a thicket of alders. Sir -Geoffrey put his gun to his shoulder, but there was something in the -animal's grace of movement that strangely charmed Dorian Gray, and he -cried out at once, "Don't shoot it, Geoffrey. Let it live." - -"What nonsense, Dorian!" laughed his companion, and as the hare bounded -into the thicket, he fired. There were two cries heard, the cry of a -hare in pain, which is dreadful, the cry of a man in agony, which is -worse. - -"Good heavens! I have hit a beater!" exclaimed Sir Geoffrey. "What an -ass the man was to get in front of the guns! Stop shooting there!" he -called out at the top of his voice. "A man is hurt." - -The head-keeper came running up with a stick in his hand. - -"Where, sir? Where is he?" he shouted. At the same time, the firing -ceased along the line. - -"Here," answered Sir Geoffrey angrily, hurrying towards the thicket. -"Why on earth don't you keep your men back? Spoiled my shooting for -the day." - -Dorian watched them as they plunged into the alder-clump, brushing the -lithe swinging branches aside. In a few moments they emerged, dragging -a body after them into the sunlight. He turned away in horror. It -seemed to him that misfortune followed wherever he went. He heard Sir -Geoffrey ask if the man was really dead, and the affirmative answer of -the keeper. The wood seemed to him to have become suddenly alive with -faces. There was the trampling of myriad feet and the low buzz of -voices. A great copper-breasted pheasant came beating through the -boughs overhead. - -After a few moments--that were to him, in his perturbed state, like -endless hours of pain--he felt a hand laid on his shoulder. He started -and looked round. - -"Dorian," said Lord Henry, "I had better tell them that the shooting is -stopped for to-day. It would not look well to go on." - -"I wish it were stopped for ever, Harry," he answered bitterly. "The -whole thing is hideous and cruel. Is the man ...?" - -He could not finish the sentence. - -"I am afraid so," rejoined Lord Henry. "He got the whole charge of -shot in his chest. He must have died almost instantaneously. Come; -let us go home." - -They walked side by side in the direction of the avenue for nearly -fifty yards without speaking. Then Dorian looked at Lord Henry and -said, with a heavy sigh, "It is a bad omen, Harry, a very bad omen." - -"What is?" asked Lord Henry. "Oh! this accident, I suppose. My dear -fellow, it can't be helped. It was the man's own fault. Why did he -get in front of the guns? Besides, it is nothing to us. It is rather -awkward for Geoffrey, of course. It does not do to pepper beaters. It -makes people think that one is a wild shot. And Geoffrey is not; he -shoots very straight. But there is no use talking about the matter." - -Dorian shook his head. "It is a bad omen, Harry. I feel as if -something horrible were going to happen to some of us. To myself, -perhaps," he added, passing his hand over his eyes, with a gesture of -pain. - -The elder man laughed. "The only horrible thing in the world is _ennui_, -Dorian. That is the one sin for which there is no forgiveness. But we -are not likely to suffer from it unless these fellows keep chattering -about this thing at dinner. I must tell them that the subject is to be -tabooed. As for omens, there is no such thing as an omen. Destiny -does not send us heralds. She is too wise or too cruel for that. -Besides, what on earth could happen to you, Dorian? You have -everything in the world that a man can want. There is no one who would -not be delighted to change places with you." - -"There is no one with whom I would not change places, Harry. Don't -laugh like that. I am telling you the truth. The wretched peasant who -has just died is better off than I am. I have no terror of death. It -is the coming of death that terrifies me. Its monstrous wings seem to -wheel in the leaden air around me. Good heavens! don't you see a man -moving behind the trees there, watching me, waiting for me?" - -Lord Henry looked in the direction in which the trembling gloved hand -was pointing. "Yes," he said, smiling, "I see the gardener waiting for -you. I suppose he wants to ask you what flowers you wish to have on -the table to-night. How absurdly nervous you are, my dear fellow! You -must come and see my doctor, when we get back to town." - -Dorian heaved a sigh of relief as he saw the gardener approaching. The -man touched his hat, glanced for a moment at Lord Henry in a hesitating -manner, and then produced a letter, which he handed to his master. -"Her Grace told me to wait for an answer," he murmured. - -Dorian put the letter into his pocket. "Tell her Grace that I am -coming in," he said, coldly. The man turned round and went rapidly in -the direction of the house. - -"How fond women are of doing dangerous things!" laughed Lord Henry. -"It is one of the qualities in them that I admire most. A woman will -flirt with anybody in the world as long as other people are looking on." - -"How fond you are of saying dangerous things, Harry! In the present -instance, you are quite astray. I like the duchess very much, but I -don't love her." - -"And the duchess loves you very much, but she likes you less, so you -are excellently matched." - -"You are talking scandal, Harry, and there is never any basis for -scandal." - -"The basis of every scandal is an immoral certainty," said Lord Henry, -lighting a cigarette. - -"You would sacrifice anybody, Harry, for the sake of an epigram." - -"The world goes to the altar of its own accord," was the answer. - -"I wish I could love," cried Dorian Gray with a deep note of pathos in -his voice. "But I seem to have lost the passion and forgotten the -desire. I am too much concentrated on myself. My own personality has -become a burden to me. I want to escape, to go away, to forget. It -was silly of me to come down here at all. I think I shall send a wire -to Harvey to have the yacht got ready. On a yacht one is safe." - -"Safe from what, Dorian? You are in some trouble. Why not tell me -what it is? You know I would help you." - -"I can't tell you, Harry," he answered sadly. "And I dare say it is -only a fancy of mine. This unfortunate accident has upset me. I have -a horrible presentiment that something of the kind may happen to me." - -"What nonsense!" - -"I hope it is, but I can't help feeling it. Ah! here is the duchess, -looking like Artemis in a tailor-made gown. You see we have come back, -Duchess." - -"I have heard all about it, Mr. Gray," she answered. "Poor Geoffrey is -terribly upset. And it seems that you asked him not to shoot the hare. -How curious!" - -"Yes, it was very curious. I don't know what made me say it. Some -whim, I suppose. It looked the loveliest of little live things. But I -am sorry they told you about the man. It is a hideous subject." - -"It is an annoying subject," broke in Lord Henry. "It has no -psychological value at all. Now if Geoffrey had done the thing on -purpose, how interesting he would be! I should like to know some one -who had committed a real murder." - -"How horrid of you, Harry!" cried the duchess. "Isn't it, Mr. Gray? -Harry, Mr. Gray is ill again. He is going to faint." - -Dorian drew himself up with an effort and smiled. "It is nothing, -Duchess," he murmured; "my nerves are dreadfully out of order. That is -all. I am afraid I walked too far this morning. I didn't hear what -Harry said. Was it very bad? You must tell me some other time. I -think I must go and lie down. You will excuse me, won't you?" - -They had reached the great flight of steps that led from the -conservatory on to the terrace. As the glass door closed behind -Dorian, Lord Henry turned and looked at the duchess with his slumberous -eyes. "Are you very much in love with him?" he asked. - -She did not answer for some time, but stood gazing at the landscape. -"I wish I knew," she said at last. - -He shook his head. "Knowledge would be fatal. It is the uncertainty -that charms one. A mist makes things wonderful." - -"One may lose one's way." - -"All ways end at the same point, my dear Gladys." - -"What is that?" - -"Disillusion." - -"It was my _debut_ in life," she sighed. - -"It came to you crowned." - -"I am tired of strawberry leaves." - -"They become you." - -"Only in public." - -"You would miss them," said Lord Henry. - -"I will not part with a petal." - -"Monmouth has ears." - -"Old age is dull of hearing." - -"Has he never been jealous?" - -"I wish he had been." - -He glanced about as if in search of something. "What are you looking -for?" she inquired. - -"The button from your foil," he answered. "You have dropped it." - -She laughed. "I have still the mask." - -"It makes your eyes lovelier," was his reply. - -She laughed again. Her teeth showed like white seeds in a scarlet -fruit. - -Upstairs, in his own room, Dorian Gray was lying on a sofa, with terror -in every tingling fibre of his body. Life had suddenly become too -hideous a burden for him to bear. The dreadful death of the unlucky -beater, shot in the thicket like a wild animal, had seemed to him to -pre-figure death for himself also. He had nearly swooned at what Lord -Henry had said in a chance mood of cynical jesting. - -At five o'clock he rang his bell for his servant and gave him orders to -pack his things for the night-express to town, and to have the brougham -at the door by eight-thirty. He was determined not to sleep another -night at Selby Royal. It was an ill-omened place. Death walked there -in the sunlight. The grass of the forest had been spotted with blood. - -Then he wrote a note to Lord Henry, telling him that he was going up to -town to consult his doctor and asking him to entertain his guests in -his absence. As he was putting it into the envelope, a knock came to -the door, and his valet informed him that the head-keeper wished to see -him. He frowned and bit his lip. "Send him in," he muttered, after -some moments' hesitation. - -As soon as the man entered, Dorian pulled his chequebook out of a -drawer and spread it out before him. - -"I suppose you have come about the unfortunate accident of this -morning, Thornton?" he said, taking up a pen. - -"Yes, sir," answered the gamekeeper. - -"Was the poor fellow married? Had he any people dependent on him?" -asked Dorian, looking bored. "If so, I should not like them to be left -in want, and will send them any sum of money you may think necessary." - -"We don't know who he is, sir. That is what I took the liberty of -coming to you about." - -"Don't know who he is?" said Dorian, listlessly. "What do you mean? -Wasn't he one of your men?" - -"No, sir. Never saw him before. Seems like a sailor, sir." - -The pen dropped from Dorian Gray's hand, and he felt as if his heart -had suddenly stopped beating. "A sailor?" he cried out. "Did you say -a sailor?" - -"Yes, sir. He looks as if he had been a sort of sailor; tattooed on -both arms, and that kind of thing." - -"Was there anything found on him?" said Dorian, leaning forward and -looking at the man with startled eyes. "Anything that would tell his -name?" - -"Some money, sir--not much, and a six-shooter. There was no name of any -kind. A decent-looking man, sir, but rough-like. A sort of sailor we -think." - -Dorian started to his feet. A terrible hope fluttered past him. He -clutched at it madly. "Where is the body?" he exclaimed. "Quick! I -must see it at once." - -"It is in an empty stable in the Home Farm, sir. The folk don't like -to have that sort of thing in their houses. They say a corpse brings -bad luck." - -"The Home Farm! Go there at once and meet me. Tell one of the grooms -to bring my horse round. No. Never mind. I'll go to the stables -myself. It will save time." - -In less than a quarter of an hour, Dorian Gray was galloping down the -long avenue as hard as he could go. The trees seemed to sweep past him -in spectral procession, and wild shadows to fling themselves across his -path. Once the mare swerved at a white gate-post and nearly threw him. -He lashed her across the neck with his crop. She cleft the dusky air -like an arrow. The stones flew from her hoofs. - -At last he reached the Home Farm. Two men were loitering in the yard. -He leaped from the saddle and threw the reins to one of them. In the -farthest stable a light was glimmering. Something seemed to tell him -that the body was there, and he hurried to the door and put his hand -upon the latch. - -There he paused for a moment, feeling that he was on the brink of a -discovery that would either make or mar his life. Then he thrust the -door open and entered. - -On a heap of sacking in the far corner was lying the dead body of a man -dressed in a coarse shirt and a pair of blue trousers. A spotted -handkerchief had been placed over the face. A coarse candle, stuck in -a bottle, sputtered beside it. - -Dorian Gray shuddered. He felt that his could not be the hand to take -the handkerchief away, and called out to one of the farm-servants to -come to him. - -"Take that thing off the face. I wish to see it," he said, clutching -at the door-post for support. - -When the farm-servant had done so, he stepped forward. A cry of joy -broke from his lips. The man who had been shot in the thicket was -James Vane. - -He stood there for some minutes looking at the dead body. As he rode -home, his eyes were full of tears, for he knew he was safe. - - - -CHAPTER 19 - -"There is no use your telling me that you are going to be good," cried -Lord Henry, dipping his white fingers into a red copper bowl filled -with rose-water. "You are quite perfect. Pray, don't change." - -Dorian Gray shook his head. "No, Harry, I have done too many dreadful -things in my life. I am not going to do any more. I began my good -actions yesterday." - -"Where were you yesterday?" - -"In the country, Harry. I was staying at a little inn by myself." - -"My dear boy," said Lord Henry, smiling, "anybody can be good in the -country. There are no temptations there. That is the reason why -people who live out of town are so absolutely uncivilized. -Civilization is not by any means an easy thing to attain to. There are -only two ways by which man can reach it. One is by being cultured, the -other by being corrupt. Country people have no opportunity of being -either, so they stagnate." - -"Culture and corruption," echoed Dorian. "I have known something of -both. It seems terrible to me now that they should ever be found -together. For I have a new ideal, Harry. I am going to alter. I -think I have altered." - -"You have not yet told me what your good action was. Or did you say -you had done more than one?" asked his companion as he spilled into his -plate a little crimson pyramid of seeded strawberries and, through a -perforated, shell-shaped spoon, snowed white sugar upon them. - -"I can tell you, Harry. It is not a story I could tell to any one -else. I spared somebody. It sounds vain, but you understand what I -mean. She was quite beautiful and wonderfully like Sibyl Vane. I -think it was that which first attracted me to her. You remember Sibyl, -don't you? How long ago that seems! Well, Hetty was not one of our -own class, of course. She was simply a girl in a village. But I -really loved her. I am quite sure that I loved her. All during this -wonderful May that we have been having, I used to run down and see her -two or three times a week. Yesterday she met me in a little orchard. -The apple-blossoms kept tumbling down on her hair, and she was -laughing. We were to have gone away together this morning at dawn. -Suddenly I determined to leave her as flowerlike as I had found her." - -"I should think the novelty of the emotion must have given you a thrill -of real pleasure, Dorian," interrupted Lord Henry. "But I can finish -your idyll for you. You gave her good advice and broke her heart. -That was the beginning of your reformation." - -"Harry, you are horrible! You mustn't say these dreadful things. -Hetty's heart is not broken. Of course, she cried and all that. But -there is no disgrace upon her. She can live, like Perdita, in her -garden of mint and marigold." - -"And weep over a faithless Florizel," said Lord Henry, laughing, as he -leaned back in his chair. "My dear Dorian, you have the most curiously -boyish moods. Do you think this girl will ever be really content now -with any one of her own rank? I suppose she will be married some day -to a rough carter or a grinning ploughman. Well, the fact of having -met you, and loved you, will teach her to despise her husband, and she -will be wretched. From a moral point of view, I cannot say that I -think much of your great renunciation. Even as a beginning, it is -poor. Besides, how do you know that Hetty isn't floating at the -present moment in some starlit mill-pond, with lovely water-lilies -round her, like Ophelia?" - -"I can't bear this, Harry! You mock at everything, and then suggest -the most serious tragedies. I am sorry I told you now. I don't care -what you say to me. I know I was right in acting as I did. Poor -Hetty! As I rode past the farm this morning, I saw her white face at -the window, like a spray of jasmine. Don't let us talk about it any -more, and don't try to persuade me that the first good action I have -done for years, the first little bit of self-sacrifice I have ever -known, is really a sort of sin. I want to be better. I am going to be -better. Tell me something about yourself. What is going on in town? -I have not been to the club for days." - -"The people are still discussing poor Basil's disappearance." - -"I should have thought they had got tired of that by this time," said -Dorian, pouring himself out some wine and frowning slightly. - -"My dear boy, they have only been talking about it for six weeks, and -the British public are really not equal to the mental strain of having -more than one topic every three months. They have been very fortunate -lately, however. They have had my own divorce-case and Alan Campbell's -suicide. Now they have got the mysterious disappearance of an artist. -Scotland Yard still insists that the man in the grey ulster who left -for Paris by the midnight train on the ninth of November was poor -Basil, and the French police declare that Basil never arrived in Paris -at all. I suppose in about a fortnight we shall be told that he has -been seen in San Francisco. It is an odd thing, but every one who -disappears is said to be seen at San Francisco. It must be a -delightful city, and possess all the attractions of the next world." - -"What do you think has happened to Basil?" asked Dorian, holding up his -Burgundy against the light and wondering how it was that he could -discuss the matter so calmly. - -"I have not the slightest idea. If Basil chooses to hide himself, it -is no business of mine. If he is dead, I don't want to think about -him. Death is the only thing that ever terrifies me. I hate it." - -"Why?" said the younger man wearily. - -"Because," said Lord Henry, passing beneath his nostrils the gilt -trellis of an open vinaigrette box, "one can survive everything -nowadays except that. Death and vulgarity are the only two facts in -the nineteenth century that one cannot explain away. Let us have our -coffee in the music-room, Dorian. You must play Chopin to me. The man -with whom my wife ran away played Chopin exquisitely. Poor Victoria! -I was very fond of her. The house is rather lonely without her. Of -course, married life is merely a habit, a bad habit. But then one -regrets the loss even of one's worst habits. Perhaps one regrets them -the most. They are such an essential part of one's personality." - -Dorian said nothing, but rose from the table, and passing into the next -room, sat down to the piano and let his fingers stray across the white -and black ivory of the keys. After the coffee had been brought in, he -stopped, and looking over at Lord Henry, said, "Harry, did it ever -occur to you that Basil was murdered?" - -Lord Henry yawned. "Basil was very popular, and always wore a -Waterbury watch. Why should he have been murdered? He was not clever -enough to have enemies. Of course, he had a wonderful genius for -painting. But a man can paint like Velasquez and yet be as dull as -possible. Basil was really rather dull. He only interested me once, -and that was when he told me, years ago, that he had a wild adoration -for you and that you were the dominant motive of his art." - -"I was very fond of Basil," said Dorian with a note of sadness in his -voice. "But don't people say that he was murdered?" - -"Oh, some of the papers do. It does not seem to me to be at all -probable. I know there are dreadful places in Paris, but Basil was not -the sort of man to have gone to them. He had no curiosity. It was his -chief defect." - -"What would you say, Harry, if I told you that I had murdered Basil?" -said the younger man. He watched him intently after he had spoken. - -"I would say, my dear fellow, that you were posing for a character that -doesn't suit you. All crime is vulgar, just as all vulgarity is crime. -It is not in you, Dorian, to commit a murder. I am sorry if I hurt -your vanity by saying so, but I assure you it is true. Crime belongs -exclusively to the lower orders. I don't blame them in the smallest -degree. I should fancy that crime was to them what art is to us, -simply a method of procuring extraordinary sensations." - -"A method of procuring sensations? Do you think, then, that a man who -has once committed a murder could possibly do the same crime again? -Don't tell me that." - -"Oh! anything becomes a pleasure if one does it too often," cried Lord -Henry, laughing. "That is one of the most important secrets of life. -I should fancy, however, that murder is always a mistake. One should -never do anything that one cannot talk about after dinner. But let us -pass from poor Basil. I wish I could believe that he had come to such -a really romantic end as you suggest, but I can't. I dare say he fell -into the Seine off an omnibus and that the conductor hushed up the -scandal. Yes: I should fancy that was his end. I see him lying now -on his back under those dull-green waters, with the heavy barges -floating over him and long weeds catching in his hair. Do you know, I -don't think he would have done much more good work. During the last -ten years his painting had gone off very much." - -Dorian heaved a sigh, and Lord Henry strolled across the room and began -to stroke the head of a curious Java parrot, a large, grey-plumaged -bird with pink crest and tail, that was balancing itself upon a bamboo -perch. As his pointed fingers touched it, it dropped the white scurf -of crinkled lids over black, glasslike eyes and began to sway backwards -and forwards. - -"Yes," he continued, turning round and taking his handkerchief out of -his pocket; "his painting had quite gone off. It seemed to me to have -lost something. It had lost an ideal. When you and he ceased to be -great friends, he ceased to be a great artist. What was it separated -you? I suppose he bored you. If so, he never forgave you. It's a -habit bores have. By the way, what has become of that wonderful -portrait he did of you? I don't think I have ever seen it since he -finished it. Oh! I remember your telling me years ago that you had -sent it down to Selby, and that it had got mislaid or stolen on the -way. You never got it back? What a pity! it was really a -masterpiece. I remember I wanted to buy it. I wish I had now. It -belonged to Basil's best period. Since then, his work was that curious -mixture of bad painting and good intentions that always entitles a man -to be called a representative British artist. Did you advertise for -it? You should." - -"I forget," said Dorian. "I suppose I did. But I never really liked -it. I am sorry I sat for it. The memory of the thing is hateful to -me. Why do you talk of it? It used to remind me of those curious -lines in some play--Hamlet, I think--how do they run?-- - - "Like the painting of a sorrow, - A face without a heart." - -Yes: that is what it was like." - -Lord Henry laughed. "If a man treats life artistically, his brain is -his heart," he answered, sinking into an arm-chair. - -Dorian Gray shook his head and struck some soft chords on the piano. -"'Like the painting of a sorrow,'" he repeated, "'a face without a -heart.'" - -The elder man lay back and looked at him with half-closed eyes. "By -the way, Dorian," he said after a pause, "'what does it profit a man if -he gain the whole world and lose--how does the quotation run?--his own -soul'?" - -The music jarred, and Dorian Gray started and stared at his friend. -"Why do you ask me that, Harry?" - -"My dear fellow," said Lord Henry, elevating his eyebrows in surprise, -"I asked you because I thought you might be able to give me an answer. -That is all. I was going through the park last Sunday, and close by -the Marble Arch there stood a little crowd of shabby-looking people -listening to some vulgar street-preacher. As I passed by, I heard the -man yelling out that question to his audience. It struck me as being -rather dramatic. London is very rich in curious effects of that kind. -A wet Sunday, an uncouth Christian in a mackintosh, a ring of sickly -white faces under a broken roof of dripping umbrellas, and a wonderful -phrase flung into the air by shrill hysterical lips--it was really very -good in its way, quite a suggestion. I thought of telling the prophet -that art had a soul, but that man had not. I am afraid, however, he -would not have understood me." - -"Don't, Harry. The soul is a terrible reality. It can be bought, and -sold, and bartered away. It can be poisoned, or made perfect. There -is a soul in each one of us. I know it." - -"Do you feel quite sure of that, Dorian?" - -"Quite sure." - -"Ah! then it must be an illusion. The things one feels absolutely -certain about are never true. That is the fatality of faith, and the -lesson of romance. How grave you are! Don't be so serious. What have -you or I to do with the superstitions of our age? No: we have given -up our belief in the soul. Play me something. Play me a nocturne, -Dorian, and, as you play, tell me, in a low voice, how you have kept -your youth. You must have some secret. I am only ten years older than -you are, and I am wrinkled, and worn, and yellow. You are really -wonderful, Dorian. You have never looked more charming than you do -to-night. You remind me of the day I saw you first. You were rather -cheeky, very shy, and absolutely extraordinary. You have changed, of -course, but not in appearance. I wish you would tell me your secret. -To get back my youth I would do anything in the world, except take -exercise, get up early, or be respectable. Youth! There is nothing -like it. It's absurd to talk of the ignorance of youth. The only -people to whose opinions I listen now with any respect are people much -younger than myself. They seem in front of me. Life has revealed to -them her latest wonder. As for the aged, I always contradict the aged. -I do it on principle. If you ask them their opinion on something that -happened yesterday, they solemnly give you the opinions current in -1820, when people wore high stocks, believed in everything, and knew -absolutely nothing. How lovely that thing you are playing is! I -wonder, did Chopin write it at Majorca, with the sea weeping round the -villa and the salt spray dashing against the panes? It is marvellously -romantic. What a blessing it is that there is one art left to us that -is not imitative! Don't stop. I want music to-night. It seems to me -that you are the young Apollo and that I am Marsyas listening to you. -I have sorrows, Dorian, of my own, that even you know nothing of. The -tragedy of old age is not that one is old, but that one is young. I am -amazed sometimes at my own sincerity. Ah, Dorian, how happy you are! -What an exquisite life you have had! You have drunk deeply of -everything. You have crushed the grapes against your palate. Nothing -has been hidden from you. And it has all been to you no more than the -sound of music. It has not marred you. You are still the same." - -"I am not the same, Harry." - -"Yes, you are the same. I wonder what the rest of your life will be. -Don't spoil it by renunciations. At present you are a perfect type. -Don't make yourself incomplete. You are quite flawless now. You need -not shake your head: you know you are. Besides, Dorian, don't deceive -yourself. Life is not governed by will or intention. Life is a -question of nerves, and fibres, and slowly built-up cells in which -thought hides itself and passion has its dreams. You may fancy -yourself safe and think yourself strong. But a chance tone of colour -in a room or a morning sky, a particular perfume that you had once -loved and that brings subtle memories with it, a line from a forgotten -poem that you had come across again, a cadence from a piece of music -that you had ceased to play--I tell you, Dorian, that it is on things -like these that our lives depend. Browning writes about that -somewhere; but our own senses will imagine them for us. There are -moments when the odour of _lilas blanc_ passes suddenly across me, and I -have to live the strangest month of my life over again. I wish I could -change places with you, Dorian. The world has cried out against us -both, but it has always worshipped you. It always will worship you. -You are the type of what the age is searching for, and what it is -afraid it has found. I am so glad that you have never done anything, -never carved a statue, or painted a picture, or produced anything -outside of yourself! Life has been your art. You have set yourself to -music. Your days are your sonnets." - -Dorian rose up from the piano and passed his hand through his hair. -"Yes, life has been exquisite," he murmured, "but I am not going to -have the same life, Harry. And you must not say these extravagant -things to me. You don't know everything about me. I think that if you -did, even you would turn from me. You laugh. Don't laugh." - -"Why have you stopped playing, Dorian? Go back and give me the -nocturne over again. Look at that great, honey-coloured moon that -hangs in the dusky air. She is waiting for you to charm her, and if -you play she will come closer to the earth. You won't? Let us go to -the club, then. It has been a charming evening, and we must end it -charmingly. There is some one at White's who wants immensely to know -you--young Lord Poole, Bournemouth's eldest son. He has already copied -your neckties, and has begged me to introduce him to you. He is quite -delightful and rather reminds me of you." - -"I hope not," said Dorian with a sad look in his eyes. "But I am tired -to-night, Harry. I shan't go to the club. It is nearly eleven, and I -want to go to bed early." - -"Do stay. You have never played so well as to-night. There was -something in your touch that was wonderful. It had more expression -than I had ever heard from it before." - -"It is because I am going to be good," he answered, smiling. "I am a -little changed already." - -"You cannot change to me, Dorian," said Lord Henry. "You and I will -always be friends." - -"Yet you poisoned me with a book once. I should not forgive that. -Harry, promise me that you will never lend that book to any one. It -does harm." - -"My dear boy, you are really beginning to moralize. You will soon be -going about like the converted, and the revivalist, warning people -against all the sins of which you have grown tired. You are much too -delightful to do that. Besides, it is no use. You and I are what we -are, and will be what we will be. As for being poisoned by a book, -there is no such thing as that. Art has no influence upon action. It -annihilates the desire to act. It is superbly sterile. The books that -the world calls immoral are books that show the world its own shame. -That is all. But we won't discuss literature. Come round to-morrow. I -am going to ride at eleven. We might go together, and I will take you -to lunch afterwards with Lady Branksome. She is a charming woman, and -wants to consult you about some tapestries she is thinking of buying. -Mind you come. Or shall we lunch with our little duchess? She says -she never sees you now. Perhaps you are tired of Gladys? I thought -you would be. Her clever tongue gets on one's nerves. Well, in any -case, be here at eleven." - -"Must I really come, Harry?" - -"Certainly. The park is quite lovely now. I don't think there have -been such lilacs since the year I met you." - -"Very well. I shall be here at eleven," said Dorian. "Good night, -Harry." As he reached the door, he hesitated for a moment, as if he -had something more to say. Then he sighed and went out. - - - -CHAPTER 20 - -It was a lovely night, so warm that he threw his coat over his arm and -did not even put his silk scarf round his throat. As he strolled home, -smoking his cigarette, two young men in evening dress passed him. He -heard one of them whisper to the other, "That is Dorian Gray." He -remembered how pleased he used to be when he was pointed out, or stared -at, or talked about. He was tired of hearing his own name now. Half -the charm of the little village where he had been so often lately was -that no one knew who he was. He had often told the girl whom he had -lured to love him that he was poor, and she had believed him. He had -told her once that he was wicked, and she had laughed at him and -answered that wicked people were always very old and very ugly. What a -laugh she had!--just like a thrush singing. And how pretty she had -been in her cotton dresses and her large hats! She knew nothing, but -she had everything that he had lost. - -When he reached home, he found his servant waiting up for him. He sent -him to bed, and threw himself down on the sofa in the library, and -began to think over some of the things that Lord Henry had said to him. - -Was it really true that one could never change? He felt a wild longing -for the unstained purity of his boyhood--his rose-white boyhood, as -Lord Henry had once called it. He knew that he had tarnished himself, -filled his mind with corruption and given horror to his fancy; that he -had been an evil influence to others, and had experienced a terrible -joy in being so; and that of the lives that had crossed his own, it had -been the fairest and the most full of promise that he had brought to -shame. But was it all irretrievable? Was there no hope for him? - -Ah! in what a monstrous moment of pride and passion he had prayed that -the portrait should bear the burden of his days, and he keep the -unsullied splendour of eternal youth! All his failure had been due to -that. Better for him that each sin of his life had brought its sure -swift penalty along with it. There was purification in punishment. -Not "Forgive us our sins" but "Smite us for our iniquities" should be -the prayer of man to a most just God. - -The curiously carved mirror that Lord Henry had given to him, so many -years ago now, was standing on the table, and the white-limbed Cupids -laughed round it as of old. He took it up, as he had done on that -night of horror when he had first noted the change in the fatal -picture, and with wild, tear-dimmed eyes looked into its polished -shield. Once, some one who had terribly loved him had written to him a -mad letter, ending with these idolatrous words: "The world is changed -because you are made of ivory and gold. The curves of your lips -rewrite history." The phrases came back to his memory, and he repeated -them over and over to himself. Then he loathed his own beauty, and -flinging the mirror on the floor, crushed it into silver splinters -beneath his heel. It was his beauty that had ruined him, his beauty -and the youth that he had prayed for. But for those two things, his -life might have been free from stain. His beauty had been to him but a -mask, his youth but a mockery. What was youth at best? A green, an -unripe time, a time of shallow moods, and sickly thoughts. Why had he -worn its livery? Youth had spoiled him. - -It was better not to think of the past. Nothing could alter that. It -was of himself, and of his own future, that he had to think. James -Vane was hidden in a nameless grave in Selby churchyard. Alan Campbell -had shot himself one night in his laboratory, but had not revealed the -secret that he had been forced to know. The excitement, such as it -was, over Basil Hallward's disappearance would soon pass away. It was -already waning. He was perfectly safe there. Nor, indeed, was it the -death of Basil Hallward that weighed most upon his mind. It was the -living death of his own soul that troubled him. Basil had painted the -portrait that had marred his life. He could not forgive him that. It -was the portrait that had done everything. Basil had said things to -him that were unbearable, and that he had yet borne with patience. The -murder had been simply the madness of a moment. As for Alan Campbell, -his suicide had been his own act. He had chosen to do it. It was -nothing to him. - -A new life! That was what he wanted. That was what he was waiting -for. Surely he had begun it already. He had spared one innocent -thing, at any rate. He would never again tempt innocence. He would be -good. - -As he thought of Hetty Merton, he began to wonder if the portrait in -the locked room had changed. Surely it was not still so horrible as it -had been? Perhaps if his life became pure, he would be able to expel -every sign of evil passion from the face. Perhaps the signs of evil -had already gone away. He would go and look. - -He took the lamp from the table and crept upstairs. As he unbarred the -door, a smile of joy flitted across his strangely young-looking face -and lingered for a moment about his lips. Yes, he would be good, and -the hideous thing that he had hidden away would no longer be a terror -to him. He felt as if the load had been lifted from him already. - -He went in quietly, locking the door behind him, as was his custom, and -dragged the purple hanging from the portrait. A cry of pain and -indignation broke from him. He could see no change, save that in the -eyes there was a look of cunning and in the mouth the curved wrinkle of -the hypocrite. The thing was still loathsome--more loathsome, if -possible, than before--and the scarlet dew that spotted the hand seemed -brighter, and more like blood newly spilled. Then he trembled. Had it -been merely vanity that had made him do his one good deed? Or the -desire for a new sensation, as Lord Henry had hinted, with his mocking -laugh? Or that passion to act a part that sometimes makes us do things -finer than we are ourselves? Or, perhaps, all these? And why was the -red stain larger than it had been? It seemed to have crept like a -horrible disease over the wrinkled fingers. There was blood on the -painted feet, as though the thing had dripped--blood even on the hand -that had not held the knife. Confess? Did it mean that he was to -confess? To give himself up and be put to death? He laughed. He felt -that the idea was monstrous. Besides, even if he did confess, who -would believe him? There was no trace of the murdered man anywhere. -Everything belonging to him had been destroyed. He himself had burned -what had been below-stairs. The world would simply say that he was mad. -They would shut him up if he persisted in his story.... Yet it was -his duty to confess, to suffer public shame, and to make public -atonement. There was a God who called upon men to tell their sins to -earth as well as to heaven. Nothing that he could do would cleanse him -till he had told his own sin. His sin? He shrugged his shoulders. -The death of Basil Hallward seemed very little to him. He was thinking -of Hetty Merton. For it was an unjust mirror, this mirror of his soul -that he was looking at. Vanity? Curiosity? Hypocrisy? Had there -been nothing more in his renunciation than that? There had been -something more. At least he thought so. But who could tell? ... No. -There had been nothing more. Through vanity he had spared her. In -hypocrisy he had worn the mask of goodness. For curiosity's sake he -had tried the denial of self. He recognized that now. - -But this murder--was it to dog him all his life? Was he always to be -burdened by his past? Was he really to confess? Never. There was -only one bit of evidence left against him. The picture itself--that -was evidence. He would destroy it. Why had he kept it so long? Once -it had given him pleasure to watch it changing and growing old. Of -late he had felt no such pleasure. It had kept him awake at night. -When he had been away, he had been filled with terror lest other eyes -should look upon it. It had brought melancholy across his passions. -Its mere memory had marred many moments of joy. It had been like -conscience to him. Yes, it had been conscience. He would destroy it. - -He looked round and saw the knife that had stabbed Basil Hallward. He -had cleaned it many times, till there was no stain left upon it. It -was bright, and glistened. As it had killed the painter, so it would -kill the painter's work, and all that that meant. It would kill the -past, and when that was dead, he would be free. It would kill this -monstrous soul-life, and without its hideous warnings, he would be at -peace. He seized the thing, and stabbed the picture with it. - -There was a cry heard, and a crash. The cry was so horrible in its -agony that the frightened servants woke and crept out of their rooms. -Two gentlemen, who were passing in the square below, stopped and looked -up at the great house. They walked on till they met a policeman and -brought him back. The man rang the bell several times, but there was -no answer. Except for a light in one of the top windows, the house was -all dark. After a time, he went away and stood in an adjoining portico -and watched. - -"Whose house is that, Constable?" asked the elder of the two gentlemen. - -"Mr. Dorian Gray's, sir," answered the policeman. - -They looked at each other, as they walked away, and sneered. One of -them was Sir Henry Ashton's uncle. - -Inside, in the servants' part of the house, the half-clad domestics -were talking in low whispers to each other. Old Mrs. Leaf was crying -and wringing her hands. Francis was as pale as death. - -After about a quarter of an hour, he got the coachman and one of the -footmen and crept upstairs. They knocked, but there was no reply. -They called out. Everything was still. Finally, after vainly trying -to force the door, they got on the roof and dropped down on to the -balcony. The windows yielded easily--their bolts were old. - -When they entered, they found hanging upon the wall a splendid portrait -of their master as they had last seen him, in all the wonder of his -exquisite youth and beauty. Lying on the floor was a dead man, in -evening dress, with a knife in his heart. He was withered, wrinkled, -and loathsome of visage. It was not till they had examined the rings -that they recognized who it was. - - - - - - - - - -End of Project Gutenberg's The Picture of Dorian Gray, by Oscar Wilde - -*** END OF THIS PROJECT GUTENBERG EBOOK THE PICTURE OF DORIAN GRAY *** - -***** This file should be named 174.txt or 174.zip ***** -This and all associated files of various formats will be found in: - http://www.gutenberg.org/1/7/174/ - -Produced by Judith Boss. HTML version by Al Haines. - -Updated editions will replace the previous one--the old editions -will be renamed. - -Creating the works from public domain print editions means that no -one owns a United States copyright in these works, so the Foundation -(and you!) can copy and distribute it in the United States without -permission and without paying copyright royalties. Special rules, -set forth in the General Terms of Use part of this license, apply to -copying and distributing Project Gutenberg-tm electronic works to -protect the PROJECT GUTENBERG-tm concept and trademark. Project -Gutenberg is a registered trademark, and may not be used if you -charge for the eBooks, unless you receive specific permission. If you -do not charge anything for copies of this eBook, complying with the -rules is very easy. You may use this eBook for nearly any purpose -such as creation of derivative works, reports, performances and -research. They may be modified and printed and given away--you may do -practically ANYTHING with public domain eBooks. Redistribution is -subject to the trademark license, especially commercial -redistribution. - - - -*** START: FULL LICENSE *** - -THE FULL PROJECT GUTENBERG LICENSE -PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK - -To protect the Project Gutenberg-tm mission of promoting the free -distribution of electronic works, by using or distributing this work -(or any other work associated in any way with the phrase "Project -Gutenberg"), you agree to comply with all the terms of the Full Project -Gutenberg-tm License (available with this file or online at -http://gutenberg.net/license). - - -Section 1. General Terms of Use and Redistributing Project Gutenberg-tm -electronic works - -1.A. By reading or using any part of this Project Gutenberg-tm -electronic work, you indicate that you have read, understand, agree to -and accept all the terms of this license and intellectual property -(trademark/copyright) agreement. If you do not agree to abide by all -the terms of this agreement, you must cease using and return or destroy -all copies of Project Gutenberg-tm electronic works in your possession. -If you paid a fee for obtaining a copy of or access to a Project -Gutenberg-tm electronic work and you do not agree to be bound by the -terms of this agreement, you may obtain a refund from the person or -entity to whom you paid the fee as set forth in paragraph 1.E.8. - -1.B. "Project Gutenberg" is a registered trademark. It may only be -used on or associated in any way with an electronic work by people who -agree to be bound by the terms of this agreement. There are a few -things that you can do with most Project Gutenberg-tm electronic works -even without complying with the full terms of this agreement. See -paragraph 1.C below. There are a lot of things you can do with Project -Gutenberg-tm electronic works if you follow the terms of this agreement -and help preserve free future access to Project Gutenberg-tm electronic -works. See paragraph 1.E below. - -1.C. The Project Gutenberg Literary Archive Foundation ("the Foundation" -or PGLAF), owns a compilation copyright in the collection of Project -Gutenberg-tm electronic works. Nearly all the individual works in the -collection are in the public domain in the United States. If an -individual work is in the public domain in the United States and you are -located in the United States, we do not claim a right to prevent you from -copying, distributing, performing, displaying or creating derivative -works based on the work as long as all references to Project Gutenberg -are removed. Of course, we hope that you will support the Project -Gutenberg-tm mission of promoting free access to electronic works by -freely sharing Project Gutenberg-tm works in compliance with the terms of -this agreement for keeping the Project Gutenberg-tm name associated with -the work. You can easily comply with the terms of this agreement by -keeping this work in the same format with its attached full Project -Gutenberg-tm License when you share it without charge with others. - -1.D. The copyright laws of the place where you are located also govern -what you can do with this work. Copyright laws in most countries are in -a constant state of change. If you are outside the United States, check -the laws of your country in addition to the terms of this agreement -before downloading, copying, displaying, performing, distributing or -creating derivative works based on this work or any other Project -Gutenberg-tm work. The Foundation makes no representations concerning -the copyright status of any work in any country outside the United -States. - -1.E. Unless you have removed all references to Project Gutenberg: - -1.E.1. The following sentence, with active links to, or other immediate -access to, the full Project Gutenberg-tm License must appear prominently -whenever any copy of a Project Gutenberg-tm work (any work on which the -phrase "Project Gutenberg" appears, or with which the phrase "Project -Gutenberg" is associated) is accessed, displayed, performed, viewed, -copied or distributed: - -This eBook is for the use of anyone anywhere at no cost and with -almost no restrictions whatsoever. You may copy it, give it away or -re-use it under the terms of the Project Gutenberg License included -with this eBook or online at www.gutenberg.net - -1.E.2. If an individual Project Gutenberg-tm electronic work is derived -from the public domain (does not contain a notice indicating that it is -posted with permission of the copyright holder), the work can be copied -and distributed to anyone in the United States without paying any fees -or charges. If you are redistributing or providing access to a work -with the phrase "Project Gutenberg" associated with or appearing on the -work, you must comply either with the requirements of paragraphs 1.E.1 -through 1.E.7 or obtain permission for the use of the work and the -Project Gutenberg-tm trademark as set forth in paragraphs 1.E.8 or -1.E.9. - -1.E.3. If an individual Project Gutenberg-tm electronic work is posted -with the permission of the copyright holder, your use and distribution -must comply with both paragraphs 1.E.1 through 1.E.7 and any additional -terms imposed by the copyright holder. Additional terms will be linked -to the Project Gutenberg-tm License for all works posted with the -permission of the copyright holder found at the beginning of this work. - -1.E.4. Do not unlink or detach or remove the full Project Gutenberg-tm -License terms from this work, or any files containing a part of this -work or any other work associated with Project Gutenberg-tm. - -1.E.5. Do not copy, display, perform, distribute or redistribute this -electronic work, or any part of this electronic work, without -prominently displaying the sentence set forth in paragraph 1.E.1 with -active links or immediate access to the full terms of the Project -Gutenberg-tm License. - -1.E.6. You may convert to and distribute this work in any binary, -compressed, marked up, nonproprietary or proprietary form, including any -word processing or hypertext form. However, if you provide access to or -distribute copies of a Project Gutenberg-tm work in a format other than -"Plain Vanilla ASCII" or other format used in the official version -posted on the official Project Gutenberg-tm web site (www.gutenberg.net), -you must, at no additional cost, fee or expense to the user, provide a -copy, a means of exporting a copy, or a means of obtaining a copy upon -request, of the work in its original "Plain Vanilla ASCII" or other -form. Any alternate format must include the full Project Gutenberg-tm -License as specified in paragraph 1.E.1. - -1.E.7. Do not charge a fee for access to, viewing, displaying, -performing, copying or distributing any Project Gutenberg-tm works -unless you comply with paragraph 1.E.8 or 1.E.9. - -1.E.8. You may charge a reasonable fee for copies of or providing -access to or distributing Project Gutenberg-tm electronic works provided -that - -- You pay a royalty fee of 20% of the gross profits you derive from - the use of Project Gutenberg-tm works calculated using the method - you already use to calculate your applicable taxes. The fee is - owed to the owner of the Project Gutenberg-tm trademark, but he - has agreed to donate royalties under this paragraph to the - Project Gutenberg Literary Archive Foundation. Royalty payments - must be paid within 60 days following each date on which you - prepare (or are legally required to prepare) your periodic tax - returns. Royalty payments should be clearly marked as such and - sent to the Project Gutenberg Literary Archive Foundation at the - address specified in Section 4, "Information about donations to - the Project Gutenberg Literary Archive Foundation." - -- You provide a full refund of any money paid by a user who notifies - you in writing (or by e-mail) within 30 days of receipt that s/he - does not agree to the terms of the full Project Gutenberg-tm - License. You must require such a user to return or - destroy all copies of the works possessed in a physical medium - and discontinue all use of and all access to other copies of - Project Gutenberg-tm works. - -- You provide, in accordance with paragraph 1.F.3, a full refund of any - money paid for a work or a replacement copy, if a defect in the - electronic work is discovered and reported to you within 90 days - of receipt of the work. - -- You comply with all other terms of this agreement for free - distribution of Project Gutenberg-tm works. - -1.E.9. If you wish to charge a fee or distribute a Project Gutenberg-tm -electronic work or group of works on different terms than are set -forth in this agreement, you must obtain permission in writing from -both the Project Gutenberg Literary Archive Foundation and Michael -Hart, the owner of the Project Gutenberg-tm trademark. Contact the -Foundation as set forth in Section 3 below. - -1.F. - -1.F.1. Project Gutenberg volunteers and employees expend considerable -effort to identify, do copyright research on, transcribe and proofread -public domain works in creating the Project Gutenberg-tm -collection. Despite these efforts, Project Gutenberg-tm electronic -works, and the medium on which they may be stored, may contain -"Defects," such as, but not limited to, incomplete, inaccurate or -corrupt data, transcription errors, a copyright or other intellectual -property infringement, a defective or damaged disk or other medium, a -computer virus, or computer codes that damage or cannot be read by -your equipment. - -1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for the "Right -of Replacement or Refund" described in paragraph 1.F.3, the Project -Gutenberg Literary Archive Foundation, the owner of the Project -Gutenberg-tm trademark, and any other party distributing a Project -Gutenberg-tm electronic work under this agreement, disclaim all -liability to you for damages, costs and expenses, including legal -fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR NEGLIGENCE, STRICT -LIABILITY, BREACH OF WARRANTY OR BREACH OF CONTRACT EXCEPT THOSE -PROVIDED IN PARAGRAPH F3. YOU AGREE THAT THE FOUNDATION, THE -TRADEMARK OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL NOT BE -LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE OR -INCIDENTAL DAMAGES EVEN IF YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH -DAMAGE. - -1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you discover a -defect in this electronic work within 90 days of receiving it, you can -receive a refund of the money (if any) you paid for it by sending a -written explanation to the person you received the work from. If you -received the work on a physical medium, you must return the medium with -your written explanation. The person or entity that provided you with -the defective work may elect to provide a replacement copy in lieu of a -refund. If you received the work electronically, the person or entity -providing it to you may choose to give you a second opportunity to -receive the work electronically in lieu of a refund. If the second copy -is also defective, you may demand a refund in writing without further -opportunities to fix the problem. - -1.F.4. Except for the limited right of replacement or refund set forth -in paragraph 1.F.3, this work is provided to you 'AS-IS' WITH NO OTHER -WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO -WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR ANY PURPOSE. - -1.F.5. Some states do not allow disclaimers of certain implied -warranties or the exclusion or limitation of certain types of damages. -If any disclaimer or limitation set forth in this agreement violates the -law of the state applicable to this agreement, the agreement shall be -interpreted to make the maximum disclaimer or limitation permitted by -the applicable state law. The invalidity or unenforceability of any -provision of this agreement shall not void the remaining provisions. - -1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation, the -trademark owner, any agent or employee of the Foundation, anyone -providing copies of Project Gutenberg-tm electronic works in accordance -with this agreement, and any volunteers associated with the production, -promotion and distribution of Project Gutenberg-tm electronic works, -harmless from all liability, costs and expenses, including legal fees, -that arise directly or indirectly from any of the following which you do -or cause to occur: (a) distribution of this or any Project Gutenberg-tm -work, (b) alteration, modification, or additions or deletions to any -Project Gutenberg-tm work, and (c) any Defect you cause. - - -Section 2. Information about the Mission of Project Gutenberg-tm - -Project Gutenberg-tm is synonymous with the free distribution of -electronic works in formats readable by the widest variety of computers -including obsolete, old, middle-aged and new computers. It exists -because of the efforts of hundreds of volunteers and donations from -people in all walks of life. - -Volunteers and financial support to provide volunteers with the -assistance they need, is critical to reaching Project Gutenberg-tm's -goals and ensuring that the Project Gutenberg-tm collection will -remain freely available for generations to come. In 2001, the Project -Gutenberg Literary Archive Foundation was created to provide a secure -and permanent future for Project Gutenberg-tm and future generations. -To learn more about the Project Gutenberg Literary Archive Foundation -and how your efforts and donations can help, see Sections 3 and 4 -and the Foundation web page at http://www.pglaf.org. - - -Section 3. Information about the Project Gutenberg Literary Archive -Foundation - -The Project Gutenberg Literary Archive Foundation is a non profit -501(c)(3) educational corporation organized under the laws of the -state of Mississippi and granted tax exempt status by the Internal -Revenue Service. The Foundation's EIN or federal tax identification -number is 64-6221541. Its 501(c)(3) letter is posted at -http://pglaf.org/fundraising. Contributions to the Project Gutenberg -Literary Archive Foundation are tax deductible to the full extent -permitted by U.S. federal laws and your state's laws. - -The Foundation's principal office is located at 4557 Melan Dr. S. -Fairbanks, AK, 99712., but its volunteers and employees are scattered -throughout numerous locations. Its business office is located at -809 North 1500 West, Salt Lake City, UT 84116, (801) 596-1887, email -business@pglaf.org. Email contact links and up to date contact -information can be found at the Foundation's web site and official -page at http://pglaf.org - -For additional contact information: - Dr. Gregory B. Newby - Chief Executive and Director - gbnewby@pglaf.org - - -Section 4. Information about Donations to the Project Gutenberg -Literary Archive Foundation - -Project Gutenberg-tm depends upon and cannot survive without wide -spread public support and donations to carry out its mission of -increasing the number of public domain and licensed works that can be -freely distributed in machine readable form accessible by the widest -array of equipment including outdated equipment. Many small donations -($1 to $5,000) are particularly important to maintaining tax exempt -status with the IRS. - -The Foundation is committed to complying with the laws regulating -charities and charitable donations in all 50 states of the United -States. Compliance requirements are not uniform and it takes a -considerable effort, much paperwork and many fees to meet and keep up -with these requirements. We do not solicit donations in locations -where we have not received written confirmation of compliance. To -SEND DONATIONS or determine the status of compliance for any -particular state visit http://pglaf.org - -While we cannot and do not solicit contributions from states where we -have not met the solicitation requirements, we know of no prohibition -against accepting unsolicited donations from donors in such states who -approach us with offers to donate. - -International donations are gratefully accepted, but we cannot make -any statements concerning tax treatment of donations received from -outside the United States. U.S. laws alone swamp our small staff. - -Please check the Project Gutenberg Web pages for current donation -methods and addresses. Donations are accepted in a number of other -ways including including checks, online payments and credit card -donations. To donate, please visit: http://pglaf.org/donate - - -Section 5. General Information About Project Gutenberg-tm electronic -works. - -Professor Michael S. Hart is the originator of the Project Gutenberg-tm -concept of a library of electronic works that could be freely shared -with anyone. For thirty years, he produced and distributed Project -Gutenberg-tm eBooks with only a loose network of volunteer support. - - -Project Gutenberg-tm eBooks are often created from several printed -editions, all of which are confirmed as Public Domain in the U.S. -unless a copyright notice is included. Thus, we do not necessarily -keep eBooks in compliance with any particular paper edition. - - -Most people start at our Web site which has the main PG search facility: - - http://www.gutenberg.net - -This Web site includes information about Project Gutenberg-tm, -including how to make donations to the Project Gutenberg Literary -Archive Foundation, how to help produce our new eBooks, and how to -subscribe to our email newsletter to hear about new eBooks. diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-generic-sessions/CMakeLists.txt deleted file mode 100644 index dc9b0f4..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/CMakeLists.txt +++ /dev/null @@ -1,82 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-generic-sessions) -set(SRCS minimal-http-server-generic-sessions.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) -require_lws_config(LWS_WITH_GENERIC_SESSIONS 1 requirements) -require_lws_config(LWS_WITH_LIBUV 1 requirements) -require_lws_config(LWS_WITH_PLUGINS 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/README.md b/minimal-examples/http-server/minimal-http-server-generic-sessions/README.md deleted file mode 100644 index 976aea6..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# lws minimal http server with generic-sessions - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-tls -[2018/03/20 13:23:13:0131] USER: LWS minimal http server TLS | visit https://localhost:7681 -[2018/03/20 13:23:13:0142] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/20 13:23:13:0142] NOTICE: Using SSL mode -[2018/03/20 13:23:13:0146] NOTICE: SSL ECDH curve 'prime256v1' -[2018/03/20 13:23:13:0146] NOTICE: HTTP2 / ALPN enabled -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: Loaded client cert localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath -[2018/03/20 13:23:13:0196] NOTICE: Loaded client cert private key localhost-100y.key -[2018/03/20 13:23:13:0196] NOTICE: created client ssl context for default -[2018/03/20 13:23:14:0207] NOTICE: vhost default: cert expiry: 730459d -``` - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/minimal-http-server-generic-sessions.c b/minimal-examples/http-server/minimal-http-server-generic-sessions/minimal-http-server-generic-sessions.c deleted file mode 100644 index f4e11e6..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/minimal-http-server-generic-sessions.c +++ /dev/null @@ -1,202 +0,0 @@ -/* - * lws-minimal-http-server-generic-sessions - * - * Copyright (C) 2019 Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates setting up and using generic sessions - */ - -#include -#include -#include - -static int interrupted; -struct lws_context *context; - -static const struct lws_protocol_vhost_options - pvo_mm1 = { - NULL, NULL, "message-db", (void *)"/var/www/sessions/messageboard.sqlite3" -}, pvo_m1 = { - NULL, &pvo_mm1, "protocol-lws-messageboard", "" -}, - - pvo13 = { - NULL, NULL, "email-confirm-url-base", (void *)"https://localhost:7681/" -}, pvo12 = { - &pvo13, NULL, "urlroot", (void *)"https://127.0.0.1:7681/" -}, pvo11 = { - &pvo12, NULL, "email-contact-person", (void *)"andy@warmcat.com" -}, pvo10 = { - &pvo11, NULL, "email-helo", (void *)"warmcat.com" -}, pvo9 = { - &pvo10, NULL, "email-expire", (void *)"3600" -}, pvo8 = { - &pvo9, NULL, "email-smtp-ip", (void *)"127.0.0.1" -}, pvo7 = { - &pvo8, NULL, "email-from", (void *)"noreply@warmcat.com" -}, pvo6 = { - &pvo7, NULL, "confounder", (void *)"some kind of secret confounder" -}, pvo5 = { - &pvo6, NULL, "timeout-anon-idle-secs", (void *)"1200" -}, pvo4 = { - &pvo5, NULL, "timeout-idle-secs", (void *)"6000" -}, pvo3 = { - &pvo4, NULL, "session-db", (void *)"/var/www/sessions/lws.sqlite3" -}, pvo2 = { - &pvo3, NULL, "admin-password-sha256", - (void *)"25d08521d996bad92605f5a40fe71179dc968e70f669cb1db6190dcd53258200" /* pvo value */ -}, pvo1 = { - &pvo2, NULL, "admin-user", (void *)"admin" -}, pvo = { - &pvo_m1, &pvo1, "protocol-generic-sessions", "" -}, - - interpret1 = { - NULL, NULL, ".js", "protocol-lws-messageboard" -}, - - pvo_hsbph[] = {{ - NULL, NULL, "referrer-policy:", "no-referrer" -}, { - &pvo_hsbph[0], NULL, "x-xss-protection:", "1; mode=block" -}, { - &pvo_hsbph[1], NULL, "x-content-type-options:", "nosniff" -}, { - &pvo_hsbph[2], NULL, "content-security-policy:", - "default-src 'self'; " - "img-src https://www.gravatar.com 'self' data: ; " - "script-src 'self'; " - "font-src 'self'; " - "style-src 'self'; " - "connect-src 'self'; " - "frame-ancestors 'self'; " - "base-uri 'none'; " - "form-action 'self';" -}}; - - static const struct lws_http_mount mount2 = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/needadmin", /* mountpoint URL */ - /* .origin */ "./mount-origin/needadmin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ "protocol-lws-messageboard", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ &interpret1, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 7, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, - }; - - static const struct lws_http_mount mount1 = { - /* .mount_next */ &mount2, /* linked-list "next" */ - /* .mountpoint */ "/needauth", /* mountpoint URL */ - /* .origin */ "./mount-origin/needauth", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ "protocol-lws-messageboard", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ &interpret1, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 5, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, - }; - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount1, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ "protocol-lws-messageboard", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ &interpret1, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - lws_context_destroy(context); - - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p, *plugin_dirs[] = { - "/usr/local/share/libwebsockets-test-server/plugins", - NULL }; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server TLS | visit https://localhost:7681\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - info.plugin_dirs = plugin_dirs; - info.pvo = &pvo; - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.headers = &pvo_hsbph[3]; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/404.html deleted file mode 100644 index 6fdd6bf..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/404.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - -
- -

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/admin-login.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/admin-login.html deleted file mode 100644 index 113df9c..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/admin-login.html +++ /dev/null @@ -1,5 +0,0 @@ - -This is an example destination that will appear after successful Admin login. - -This URL cannot be served if you're not logged in as admin. - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/example.js deleted file mode 100644 index 1606ea0..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/example.js +++ /dev/null @@ -1,22 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - - var transport_protocol = ""; - - if ( performance && performance.timing.nextHopProtocol ) { - transport_protocol = performance.timing.nextHopProtocol; - } else if ( window.chrome && window.chrome.loadTimes ) { - transport_protocol = window.chrome.loadTimes().connectionInfo; - } else { - - var p = performance.getEntriesByType("resource"); - for (var i=0; i < p.length; i++) { - var value = "nextHopProtocol" in p[i]; - if (value) - transport_protocol = p[i].nextHopProtocol; - } - } - - if (transport_protocol == "h2") - document.getElementById("transport").innerHTML = ""; - } -}, false); \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/failed-login.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/failed-login.html deleted file mode 100644 index 9ab065b..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/failed-login.html +++ /dev/null @@ -1,3 +0,0 @@ - -This is an example destination that will appear after a failed login - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/http2.png deleted file mode 100644 index 439bfa482fa00e69af2d562f17a6e89453eb98cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7563 zcmV;69dzP}P)hJCKl}1r-pgb%At50^h&s(NL+gbgh*}K=@24(BV^6&tYNdLrZS7HN zyRhvft=8kJ)}>`BinW|B6&C>(SXZ@*0u?HyMyuE;F`57gnPfs{=FNL~F8gx+c%FA| z?>m_n2rSNOzH7~znf?5p=h^%B?7e^Y4X1Dlr*I0Va0;hz3a9X26Jj|6@4W!nv17+9 z?fCdOJ9q9B+sgm%*u7f-Y#kf(ckJFRwvLT?)~pe`_UsW`Mn>GudC%LnZJTGu4j3B~ z^X~=N`jVHxo;_l3no34T8Ld<-larp^yM6g$-=*#LXS`^id%@0~qWiwxyLbEX@o_JN z@GOBP8Q{Ga?A$5$w^~7zWikyzS5Zo-JeM+x#AKTKwNk2PttLgMBV>{YH8iAbyB!DC zX1P*fn&+Yx$4S!|Us1|60i%=~4gw*Kkx8eclyedwlTt-eIw55ZKsYC@wI)=m(R40Z zp|yJiuu0-i8yfP{c`j>1L#6?0MWYb{C~Kuv%5}$(typ2*#6N?=@0pSX+EKt*a;%k>@EwSkkmjr_&_QkK>%7)yk;XYZ#N^ zoW=WqT5TAuL%av?9Z6#FJ|<1u4<0`Ji$Lq|SE6X|%8eVF;^K?V{ITkOUw_vbXQ;E1 zWXNRM=GB$T`SHe$XHl(=5Ji$8a7gJ0!#Ywbobz}u(Yp98r9udcQgytyK!kI;Tvrk) z1z-#I3x`r3=Oo_C*)}Nyj4?QuBSeOCO^nHL&LCxulrhc)IF}FvRjd^hvq|HeB}sC! zEF(!8XQin*&}{BQsTC{t>}h%L#r#>&!vMTz%g&u*GEGR6?>orIjBc(!0iIgA&I9GJKK=&(pgb+aSTPZ=g*%3wEPIT|--tP%R0f_S17VjYl zJk~m#^C%@|83v$KK@S2Um|X%&)dnY9bfs1pB-EnvgtX`5l4?60*3&mS5znnvd4$ZcYjEwM-7r&StS6<1pHf{3d5-OIR z)&l49iV(^P;m+>Ufxa_fG>Y7TFwAVHlcTjq2um0`yccLKI-L$vQ&TjKA7}O}m&}`< zo@Q!liZstjO1cxF)ovq$U|G6Onu_V^X$~Dagb;$&t5*XsIXTHKx8BM(Z@Z0u|He1O z=4U*^m&;US_Kqe`u6XB7l0^=II?dac+bCn?|Z!JwXbDnW`>V_<}-Zmum8H}Pq73Y&iUyy zZB&Pbnyu++yF3GcX!UAo4j%oo0AtXs#^ zpZ2r`X^~mY#kf(i=Wt!0Yc@u6wZZF7zTu4jQ0WFD;8}` z_wU)m`Okm;@|}D<=)(}_9QXdmf6(r9xapQ#xclzA0eHowmloo*_*fPpa-8$R`^;vU z-&w1{ocIO$G2o6nWL~L6S))-qT`7(CvQ%n%)=v~goVkAef(}0Lzyny@LwZt?Wf>Q~ z@P!N7F4?-3cVBTucbOK90EG}j7*o~5!*bi2HC?@-zb5EGFgfYdG&NPFS{-ZCiV$tQ zw@85m*0zKgLv(932a`K59J5Y%Ei=O{{wAO6guz{Ced@=vyvdd6H z6gq+T0x3P-8=Nyj2o+iz?4F#I-g_(N&8prRux5>@N0DtGK5U1*mt+}$BhMvaxTIbE zWFibh?z-)^Li2;-w{yk7y%(k8Wl<_6&r>O7mS>q6>vVehzhDa&;Muy>9XW8oue*5jT3@oV!~x8hzIW5VJ3Os-y5ZMhG!96h$?!lph@(?OF4^pVWJ{jEsoT+Gs@UIzdpy`(oFb zQ+S^0OTnX*1vFZVwlTR-D&4zxFWxWgdViN#t0i+|bX2QplnU@ZEC=r&>xSp^ob2a6 zCx7T6@`DF)jRrn1R+(D4618d-`iwJ(pZ#oP;edJcP^!=b=k~4R7;`)`CJnqdlTqZv zAlBevrBsq6T^Zz2%9Ok9+}#5(BDwEA8aLle>pR~e`N0oxozC)u(3<$X^BB715=MUO zw+PPe=f_zB))ub$?tWDoLz(w26~}hVh7DaCVeWN3581Ip93LH3K@bFi)*%oBEU*T< z^0yCMtHtz}zQnO>t|9%&PX_ON7sim>doRho_j2STA0d3jE7-7O2XX04IU(lvsc?(M z2%%k;<$z;y^2Dkz0OR9?jfO&qm4smp==%M;J8b`VrzwwIeKkMZyqQDqdCy}T{2~bF z$p7h|xc|Zn+5LeJ6#D*&Ft;~(ycY6}69!k;fhH;N-%`rZ8RK_NO-U9h ze|-h}Oc)AlOckYcX=PcQo4e7NVn@t#4qtT@`(OD=vY-9zv5oFgVD(Ra!dJ$|NS0zk zp#pbf28H+z0*z8}E~ToBjPy+5z6@AVL~c?#od(9V$_R`uHyOHtkj5>yaP$+OSaLsj zBCzSm5w3mV3wy*_51f-|tr0?vgkhzslo*4azV_P#d^$XAA}Jebk~9c{?k4CK%l{RZ zT}EfVN9akyuik$@pT6p;b{^dwD-kTKi5YTa)FRKaz=vqxgahw`! zEygsEvQzp6#B7kW#PFq;(mMbAfjd71>;Vn{184hBdkFjcGq-dPe1SuoaAwonMOhzci`)rH}mR0{$uXC>n@V1DGu%1#}Dqg zhdn?3G2fq@m5$*i0{FWeRzoWr})T`$fLZ9tMm9GKxgI(^)wjhE?Kt6+%>TPMt^<2H5b{xAGUC z`3yg}=blG3@cDSgyWT}UG&B&c1STJNV6LGnrn|~pkzSKWN`*EI?e1o?$C_Po(J8H? zpk5zAsbX&m0#mw}PRN8eyzX_Jb>^7^4WJ){)~tHzO9!TRNkW>Ya}C}XjOf||*4j>< z+c3*qXKKnXmIA#?01&N~FhyW7ER&!t-sj8BfRlxI)24xGJ3!K9K&hY1qMMv0Wjg`3 z^tr!x35<_>tF;RXmr@R7rB=1H$UMoA)#^ZW4rl|_t^;LGQ*|h1u{J~qVF6oYtid40 zP;QLXS|24zIyjfk(mqMS5p(3oKy-(Js9GfmdNkZ3DN89s6oqxISHwcZ`@>KzUcvoU z;V^WWlpVbHC{+bQq?}7no68D&LSQB)2BLca*tlWCT*E?5&;br>WvEo(A&#`+#2>9i6lAiX~9w2Y7D)hcQXh+C(~+*^!aK6d_fq z2pEb+EQWk%Ic9O#j9|{^LM&-vR2YR&mjV7xpI*!cpXAxm0K0ZYM5Owj!2e;$bT7T`6nel=PzlFr3GrSU#ShzO-( zzzZqG#~Had2@K^j5CCXIJb6fRH@YHCNE2A7HEPenGrrsnY!+} zfoN|4{@XL3$%_^xO3emE3KYhhbH14*3C<-OYc;pLPY}?~1Lmr84P*C zKL6C;|2=t`?{^{?;8x&&U2z4A!(3%TN7r>PDVBm)K_Fe}6IhHM25i~1$p=#ALdu+> zp<$GYkW%4&IJ*o^GJKM7^kW|zi1rqsS*`Lv-~8s@i(Q5kt}qD%2oYDL3`Cv}7#IQC z#(3p@h_#9$S5PlVJUYqK|JY|gJJ8q9fNOwvzWwd2EK_iM`Xhuu2w5s|bQ8QHDc#;a z^#Z*Nn4I)s5SU!bqonB!)|xWuNX+^KPhxo796rqChd(?J?F~S)UguA)ymD!x`6)9+ zf@f5V z-}}9RXdeKs1GfL^pU%0!`=M(Lb<<>v4A)dUH|ezQY#AAG1H}bWu#pf=jA>zQUY5U^ zQpZ*pGnXRw7%}m__mMyN;6Swh2iSD(xxDKg?^t+Yu{K&*tlj#eluoBjk~Dl2wO6cJ z<9N+$2D1haPfZ!=+;o2Y_ypchB18i)vwFbe^amXO>Q|Zm;ui;^{W@@$5M1-Of7{RT z(TgHG#G_P>5Yx2V$A$N@F)<-o97$pc2CRp`DrJr|8Z+d1yR5)CDbqiH=phdN?(Ysn zJ4NyJ-+uY!ykNPyg!!|faNZicx8!*ect0)MZP6{*o{xSE5K*nB1BlODv0@EE)G?+) zp;bLDCipz(z~z@?A9-XT`o9FC_3Qb_ps|7?ZPo(@=Q5I{nWkw+NGVpVS<{sOC-w>M z+__U61KP%{qEcBw7_P#(3dYQ($UMf)aN^1qakR~lnh#ohF(V; z{QJK@7%fFm^_ZCy;}GLD@Zv+6e$Nm?tRdinp$28i~~$g;)IwgOVpcq z?+Aj&R0!mnO&)s7TX3z`K=dC39;ny3;R|1&@>mikjS-~{V+aC+){(My9ZFS((^L+W zB4f06LrP_NyWOD37tR4g5n~v9`a8$L-}xQVpZ;_p@-G9o2*KyCxrTE$ZyxwH3sB4i zMX?M5qG(7e6}vnShgPoa(R-GR4R)N>4w1KrctDxLERX@saDrB*@+p;WrI)5!+f18l41m6QgpV~Xhbf&UG>_~MKC(7bAnfibUknZgSs@V@Y8Div14Fw&6k9vSIjS^u~|ttN!E zqSJ0ag7+E5__BU*pfBIP`|g1^JwvhSRW@wk%m45XsK=>d1KqlYV!1l!8+qPxY1%i< zw0~S+{d#l|SZl2(O`Aw57UTz=z%0)8?&ZPX_znF0ko6Mqz=whVjAL%P{(4rQpqA)S zLQupq1A-t+jmZGU3MsI>F=RU(FN`rQA(DD=c!}>ZJo?=?HN^w3e?9itv1Msnz@G!( zl#=VNzM3u1eeUwZS`Kq{!=m&I8S*@r)>>JsNuKt!!9!!#IUPzF5Jf8xLgSpCwYU2O zNnE?lgKvD}Kq<371KtRHZ`CTkdh^Y^^-XVjbOT)q-F_7g+@fM+&ME5HvuF95A%Lj| zAC$Eyibg7x8bMG;h=|1jhy&O47U{n?+f^3WkB-v55w z@=4H3V&u1fo657EwXm@`n8gu>VeDLN^SnENrE7QAOZ)cmiVuI7Uw-B@=Ngsrq$wCv zQ9+=L5b^Flr^xhGgoeY=S?4rbhX_$9LGvR+T|K~i4*lUDGIQgN19h|pydGF{^eDcl zNj@pK?e^Pw@W6qEjYU$oL~BuvqSzW^!ikBV9G|}P+DuKks2I4NJu;{82ran(@c1}W zpa1+x8^}pRktgUe#sebvJ{Msqbr_1pm8Sh8Ln9;7N0B4XQ=D^vMeA zv?vl8)Tvg7kx~)_k}M0$+`EBofhQeZT}23wltr4q_wC#{mt|Rc#@S~NkRLEUPCJgZ zEOG-K5S8b2Eewu6iB%#4qg&Ael%8yll*$-mDz%!}yLa#Mm7}{p`&lKEM2OLS%k(GfJb`&L@j2(7TLeUlpW+;m zJP(nwF0|Ipxgc7-S}qoY{VGSPJpJi;Dnv(WT^vQx=|B*4voE2TV&FY5zVO232Hc&O z^Y@Rg&c6H_DmGp}`@0_#ip&s!wS~r-=Z@moJxiLlvpmmLy>4uuLsa@ILT+Tln};8k zMr*<>Go??UIH*vmLK7^~W{Md#H=uIxsgk{{ldzM%?^GcO#uQ))l>wpgehqc|F%2Gpld~8Yog}(lkVCgAggs<>jDs+3}*T-}|DjuQ&)XFJ0Lh=Za%H zgwR;4kTS!$;xNTL2c-gxNzu9p+FDzL@2!=1?{H3#=NZ->quoAi8jWMhxz0=+XPXWl zw2M!b?R%i&=I8F^S_*}wl{ z-@eZJk&)BlN~MO@3dr)~#~*1XNyipnN7mxFGL<9^oMZjaP;ty{wOU8Y2xHnLNrxz^ zmVSi@5ajuB($t`oL+gkz9Kzb7;=9=RELoNlhCwNgDP7%BDT-sjk!3A}5U$;B<;D;x zHMDPLW-;748u%hnWzj6xlHRkedG}xYaME>M@*V_b%r=s$_rzZ*V@V~TR{+XLLrVR z=Q87cV2n{(%20-34$!pL$IfLg46XJ)Aj{f`QbH9cMaDvFDa#@bp;Si%fs~LqYopwI z8Cly&tJUeq+U!85lWjS4$cpXTdwhZ?mS5Yq%R4}B9UGJTTPhmZZtJ}1wQFiht{oZCL6S%}GUB^Nh^$nK1im;H05cO4dA4p{&$Jwyn(}Pg z - - - - - - - - - - - - - - - - -
-
-
- -
- - This is a demo application for lws generic-sessions.

- It's a simple messageboard.

- What's interesting about it is there is no serverside scripting,
- instead client js makes a wss:// connection back to the server
- and then reacts to JSON from the ws protocol. Sessions stuff is
- handled by lws generic sessions, making the actual
- test application
very small.

- And because it's natively websocket, it's naturally connected
- for dynamic events and easy to maintain. -

- Register / Login at the top right to see and create new messages. -
- -
-
- New message
-
- -
-
-
-
- -
- -
-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lws-common.js b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lws-common.js deleted file mode 100644 index 5d56ca2..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lws-common.js +++ /dev/null @@ -1,128 +0,0 @@ -/* - * This section around grayOut came from here: - * http://www.codingforums.com/archive/index.php/t-151720.html - * Assumed public domain - * - * Init like this in your main html script, this also reapplies the gray - * - * lws_gray_out(true,{'zindex':'499'}); - * - * To remove the gray - * - * lws_gray_out(false); - * - */ - -function gsize(ptype) -{ - var h = document.compatMode === "CSS1Compat" && - !window.opera ? - document.documentElement.clientHeight : - document.body.clientHeight; - var w = document.compatMode === "CSS1Compat" && - !window.opera ? - document.documentElement.clientWidth : - document.body.clientWidth; - var pageWidth, pageHeight, t; - - if (document.body && - (document.body.scrollWidth || document.body.scrollHeight)) { - t = document.body.scrollWidth; - pageWidth = (w > t) ? ("" + w + "px") : ("" + (t) + "px"); - t = document.body.scrollHeight; - pageHeight = (h > t) ? ("" + h + "px") : ("" + (t) + "px"); - } else if (document.body.offsetWidth) { - t = document.body.offsetWidth; - pageWidth = (w > t) ? ("" + w + "px") : ("" + (t) + "px"); - t = document.body.offsetHeight; - pageHeight =(h > t) ? ("" + h + "px") : ("" + (t) + "px"); - } else { - pageWidth = "100%"; - pageHeight = "100%"; - } - return (ptype === 1) ? pageWidth : pageHeight; -} - -function addEvent( obj, type, fn ) { - if ( obj.attachEvent ) { - obj["e" + type + fn] = fn; - obj[type+fn] = function() { obj["e" + type + fn]( window.event );}; - obj.attachEvent("on" + type, obj[type + fn]); - } else - obj.addEventListener(type, fn, false); -} - -function removeEvent( obj, type, fn ) { - if ( obj.detachEvent ) { - obj.detachEvent("on" + type, obj[type + fn]); - obj[type + fn] = null; - } else - obj.removeEventListener(type, fn, false); -} - -function lws_gray_out(vis, _options) { - - var options = _options || {}; - var zindex = options.zindex || 50; - var opacity = options.opacity || 70; - var opaque = (opacity / 100); - var bgcolor = options.bgcolor || "#000000"; - var dark = document.getElementById("darkenScreenObject"); - - if (!dark) { - var tbody = document.getElementsByTagName("body")[0]; - var tnode = document.createElement("div"); - tnode.style.position = "absolute"; - tnode.style.top = "0px"; - tnode.style.left = "0px"; - tnode.style.overflow = "hidden"; - tnode.style.display ="none"; - tnode.id = "darkenScreenObject"; - tbody.appendChild(tnode); - dark = document.getElementById("darkenScreenObject"); - } - if (vis) { - dark.style.opacity = opaque; - dark.style.MozOpacity = opaque; - // dark.style.filter ='alpha(opacity='+opacity+')'; - dark.style.zIndex = zindex; - dark.style.backgroundColor = bgcolor; - dark.style.width = gsize(1); - dark.style.height = gsize(0); - dark.style.display = "block"; - addEvent(window, "resize", - function() { - dark.style.height = gsize(0); - dark.style.width = gsize(1); - } - ); - } else { - dark.style.display = "none"; - removeEvent(window, "resize", - function() { - dark.style.height = gsize(0); - dark.style.width = gsize(1); - } - ); - } -} - -/* - * end of grayOut related stuff - */ - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -function lws_san(s) -{ - if (s.search("<") !== -1) - return "invalid string"; - - return s; -} diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs-logo.png b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs-logo.png deleted file mode 100644 index 723a124431189c21c340de517bd9b82cb35374d8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9729 zcmai)cQ}>*|HsckkrgsBvR7p9Egkb?CD~g<_KHLZA%rA*XJ%&aO=Zj8vNs_ze=pbd z`~T}A*Ev_mec$i<{d&G$&&Tr)QCF46!=}JSAP{(p3MdWu{T+VPux`S?MceN$;TMLB zjG`tMe0gC#3x?OX92In35D3Pk>mQ`9|6dV!liXES$MuPWrK`KCvjxK4-JR3g-p0k; z)X{>|!TEXOjyMGZL5omCJ=F9_+BSS;pt(GIh2MtThX2iW0mO2ir9plbnGm4fuE)DblKjH&_fjJn9Hy)Ra(?HtP zlu_7cyx+Z_d_4#`Q_Pe zxz|5uY&<+B78VvF>_7}(F$^?h2#OvXA3yum!OCFB9hTh6%F(q0b+(xDXFrI(m6Xhf z7jFx@u0;-Z`6TQu1kwE28Ea|rgX>EpUpc?hn>g(jrGTNW ztzBJL_lS`wy}q8R%3-dv(r!v!Umr(IOicW2t4uDrduyVs^yT)X<>swG8C)vifn0Mb zJM}9LL|R4$n)~joth)NZorK4mdpXPmSsEc1XUB`HsXn7850jFU3GdwtA0O8lpPZ!U z;0XWfzA=2?!tt|mLc?h+H=lto>=6H<@OHxu20U@DZS{kiEgC_|S6Vvy;zIQ=E@`)sWVa?MD z3c}pCo31Xnj9zaGgx4C@y_6j*GMwU{O+}*lA@=w8gCin*hMrj8!DWdocrZUeH$Rm1 zG6^4{txd~`@3BHIO+Tm`9;~jR@wT>Bl$97eoEJ97r`XuVf%He?b?#i9AMS;opL=O) zY02bi!Z(H8Pf8*CrR3x7DY9SLDmHFD$GdY~H7={do7z{G7lT>uv zk6BVuB5h@5RYqF&`gmvI{NDj97gtb4g#cXKSO$-ai%V2uVrX--G;HX*)2bs{M}y9; zt|)bN0#Ddf8IqHDHxCl(#WSw{(a;+k(?XP9>dZ)~`#=A@_lHD3JH z-xw`S)CwKRfBKd6{{0Zk{uGtb(NTWqC588)p_#tE2%-=azezKq*7Jx>F>6S$bpGAD zn?#`<^&$lZHQ%0kFE1|-;&9bVqxnfcdKUKnea6}G?!m_HR8<6fRaqHBje)BC2P!&a zV`C$IN=nMfa_i_(9v5e4tM*_*y{@niA4cyU#2UX@`1wdiMu9W-SAlL>_1~SH9TduS zz8Ps`e1}DK*t4l$>Z)Fg-MGqrhE+hI;%Wb29Cwnx>jp;HJsfc_tgXo#pJI@5=h%p{LR9m~qz)zEH*^rX=nL_Bz-&u5jUZ~q`Tr6_i82*uV#=*)e4F}nouF0$rmyo!~<9>Eml@<*-zm4}m zr@8T{%AqWF{4Oopix~cLtIE9%8gc(gwiQ8;&Vv;~ zW2n8xe=C$;=lflHXSyXOetkTkuy4-y<%OT7LKUvn#m_?Z7r=o zecRjHbc2~<)@`NcU5*Q_H+H6>L)5wN%6WJQf1nb1JD4f&!nJ){>O3u48j%K)qf_lj z_eqIK@?;);X=TOPB6j$&%h>0FBrh)y7CV#Scv~5R9>6W1;*HYU-JU`uvi^M_=QJJUMP6N6N~f;o}ovVK}7>MnnWa{cK8$q+_E z`u_fHR)|4FP2Jb<3^DLko6D%CR%AMoXXKuDM@NTVsv&fS&|q{#kzrk@SVU;(V(*#t zTc=w~Lrf-TFHPnoY5AhpN!b(_!zhVKkkKsYMn++*2^lup^I5Sv`ZY;TA8SSD$BdEb zk%p9lxF-y}LaeM<)YQ~^Br5bW(6OK?sq5-1H)@!6CNvgxnt7CN`nZQ@u%l{PEnXLKs*)R!d7uJ-hfn;cO5w#3(WC z>Jk#ZyG>*Ni3iW`^a4$}-BZt$3N1=$BKC66bbiP1@6c-xL}_XB;kvXrL*(b1RKf@< zv726(BJ*24KMf5ljwim7nOOf2?tF*WQ#&%y++Ov^x%nqHOm9A$b2K0>3TkRy6*go1 zJ&hZ}ZX3icV8IJHZR}Ia^f3rr;3+XTwJ*$ z-Rr23xaal%k#$P^-9if5p?Mw-sL&$jcW?J3cM~6{zA+o+hz|>S;j)6bI%mN!HNDGk zMF2x(R8*87w8MrcDvFAJ8hHWA%)cnGhcphiChnm5`O3$!sHH4neG!REOgvEj+Sk{o z)8JXrcl!DBXFEae;0`l*-=z~BhCUF-t3lnlpFfpyL>dIFPEFZ3IR*9RI^Q{Ap_tK~ zUC3D;6DrI#`qpO3Gn$QMt6}cUVcJid_&ky+KNUuBC%4Tc>z2NF5f}Vay}9!~heeWN zUO-iqP)25ERBUWep?(#buc|72jFQvEsT(6Rb8AlzE?2`LQ9(h0p7$m`K0X#MF3Qr9 z*`0%jhtQ$%Uv>*uOlT+$%K@maSx+3#cH^JHj*h^x7f&@cX*oHI49TMMGV>H-Vq%VT zI_>bn%r|YV5Jkq%Pm#^Udpk2UF{?|6rgO9;F-&1mUKwj!j2AZXSR+&ct@8Aw&DE-2 z;*@QZ6dMV}!gUUJ9XS%&^v zB@yj~JyT|_nd%nemsua3@Je;6j4@0uW@_5nOS@yqqpE9pZ+M@&rW_0m4icuPr=Oh7 zU48ie{ktVe)5gY&^S@ILI#u@fK2S^K^G&xBC?|`O{AM
`M|k*(&Q-fBLi|yvnrg zX5n@a{=J`KS0{@R0!xQ552o;y7IHu90pZI0kSFsitBRbQT%0f>*m3{2Y-Yq1#oeF? z9E>gYVxs$uM1AR)2x0F8-Ad7y&wQR}#1ZW-ebKM~_~WkA)=ak-EeT0jNv$hVF5+hS z`0V!97Wa!`R;)l7==Vt?E;mU?NJMiu;LgG{5AVjs$I~%0%eC>p!1D6;=5gOK@H!gN zo))Mv_`vkvXOs1zEKqP6C#O=?juRLN9?Hm|QBYDM5zqUQ9u^xl5Rj2!>g($-Eiaqy z&Nk4}FRiXp%I0}5$7n+_qa5^7QuL*9vP*AH=$g)F+(Sg&=)YAk zIlC}?t76eB@nsd$f9<2hG?*-gV%H*=m>|4`QDE%nYqh4H;g1>ejJM&5sK*{{IE8=` z!;sb(4~(er+T<(ELpwW;Kec!*&PjcygYfpPQ=Y4!{Oim(!455<1A0m{4 zd7FCgCyWby>{n}<5x5jCu+t1EkF1Ok{B9eXh5eZ|R zLNs0V9R{3wW_ulPbYOM$eF%|@it0Hgr1;sYRIdAiS`uTl=tiX-`ky~>PkZ|C)nDm% z|BRzygpMa_Z{PE28iPIx3uMXB$?2iDw}i8^^Wo&Bgt+(~?Cr`QU)f1Rc`SSGws&^6 z_VwX|Ne5p97qNGABntz^N`GpEfX%2CBNy~?kA*-o0%*bU;T#Vh%)_+}45-)tTS-(< zRz`ujsS%V(CrC+2xgLby;ZeSWd6a>hJ8~?ip+Q1h5_Zt+#Vri9FbV-||C@Md&0fMF z4n{^sSU5Os`VI|&Fz#GWbM-t8_4TeF@*M0pXfQ^`VK!SC;?vdBqo<`sfa%n!coEY= zQ}r_N@kykn(x+6lax22ev7D&UQB=Q#{Nb+8otV!=_lbLt>0--jjo&B|6ScMrq(^=q ziCMci4ym*=&(JfWy;IR{meJxLB4|hd;#;o#Jqrtqa-XX=6ui%ZM=Lh-Gacp{%U^Em zWs2k9xfJEb$0Wo?zJA?F0s<$?E)*O1Sy-6c_+7;j17X4aCFf3&m%BF`&+x0=LJbcN zG33HbR9l)Z!jCf5xd{u(KOGqx_MX0UyHVbL1FoWVWP}8crtsf?iv>z53+wA4joxRH zBTf&Q#oyc=qZ}!uUau>rlia~cWHATWrjIg&izWVP^_Aq_hxxNQhva&rjxeQ**P6Ub; z7EDlyk#TXkrIQ3EetzbiVb|(7Ju@@qEoq0mAoTP(*)t6Y3|trk2jRn#U1^L;st^dB z_r7rZ+nOTLEi+4k-N_W}o9eUD<%sO5q9fj5#wY3N(J9}pb_!E?a~Z$Rb#$aR)-8qq zn-v@%$b|h&ZC05o$mD3TaYWXCv6W|DlkWkKP)T~-ML?I+HK=y<)Bk*Sbz_^7_XXSs z^44$Bti;ONCl~IdqG;Tu`Hh!RebN|TvcKgT%FAc>2cu5Au&~Wk6*WmRMxm$aCJ>ifg2e<@>5Bd!ySvLzB16E|&8YodQYA9a(5`d}Psy z;4q!qR-t|R^eOc3F`8eu+QG$mY*GVz8Z6WoQjX(ZP&4N)si^2!|CQskHb4g+xpi#p zSW#`gba9^`SQ-&V-q!eMdD++V%gTI9Po0qtR;~eWR+e&2@mKW5^N&u^E5!OVG^Ccs z+Q;9q(%$`Ljs&FQXzgs-mz3vTkx|NhVQwF zCUKcoV35=hji9Z`&zG-6_^!~JpQrL%$+_To2FS=!=^056eGD9oQ&$_^drpw5%#9l% zR9BbDz}Ld5+e+n?UtNHIFD_2Nj)LK%#A_WLFH<@krSgg!mi?CNZxa|kvPe@QJZvht z3~K{^M6*=Y7JvLmlqBUtot2ffcX)_8-kBME?Cl*+3QqL*?~c&i++1JqGid1Ogj7@o zBVUwJ)n5O2hkpGU93RJmyK%TPQ`e!GGXkbGGASuc%za1t0V${^LBIHca;Wm8JGkE% zc5QV%J!}UD2iTbF%k2UJ0t%|CouG`gq@jbrI>e8sT{>0hhN<`2m9jo=Y;NXNSI6b& z=jQ_aA(o|KUBsMQQ1E59 z@$3Vz!ATC%ukhI^hW5$H1YSNq{b~89Pf2p3XJSiz%f-L5vnTfUMJ;xe z6cntyydP~G0BT-dUW%K&TF;8*pS&J4*vUdWmKGNu5rqWQRoaYk7TKGdGq~+c$Fl=~ zqNkyu;S~~E#VRc+i5&BB!T1JbdDi9d@NlW2dSzt=Oz@XMRasi_JDFf_(4=M3BfY%5 zJYI{}*3>+fmAz5C4d&gWeQ9Gusi>%E`X8VRyf-_&=_(i*>Z|~vKZ7l~&%+Zn>wRoU z!DEKuwmlgG4!HUjPN2-U($e(ENP+}0cg|#Cr?=FSUJAV4p(!7uLyWv*IKB~uj1v;0 z%5BLX>*|KC=<4b!&b>LatGlBBcNi}G;LSA9xVyuDL%AB~CmRm>#Hgw~PWI?zQ7A`? zST5t0$xoj@J9GU6{`sm-7+TpNIMB|i0!?qf5rFGmb{DkKKUkTV0<{Ws(s{VNF`Qu! ze5e+6-%$qWMo0hG2;kp4h8@*p(Z`P-p%)jvm)7h8_FMhBC_g{rai*M;#pYP?YDIWN z1Pg*OO2LCFJ3s$D5c2G3n~Ixu^pQ|+lMSzh!l@+^3JMEoCP!~X#8bYW+ReW2TFDCNFGCDaFHo0yz< zI@VZSJ)U+pC{N30*)#uU4xrYHPh3Xzag+`aO4ReZp}o2|8WWhbw6Jhm1|GZ^lP9cd zYg_Q}c!0Ega@GUX-|O<_6iVGKJE?ccwDhC|BO)VHU)fpYRIqnP*G9QCk@;|?U{vz zb-}_qWJmyZ9M4ajK*3YaJjyZklxbnP!9uh{{Y9pxI+SSZ&=NSdr=5B(16rIAh0H0m zEPxUl-~$FGruolL_eGn2-xGBm_&zpFs-vsB&_(0Z4z>u~(# z@X!@u>kyTYKoLG&(af-F)}S|?02Umglc4RXs>SIVm*DsBTS2?r5&}|vE?=Ge`**#> zU$qKlU~<{2q3;o)ig6sjG87NKP^` zGD@5l<$xYm2D+Qj>d{BsC&p%DXV1*dWi9O1zDGs%eQYeY)^%NGc6RpJ^XFanqu3;PQ8t@bYs0jqy?j_olMv{VOq>lR0WrgPLTp(isp=6is(_ zzPm=s$)f#%IAk6-KfzueTxbh&>obhS|Mt9}x+ntldCgV|98i%FFm!jrEPr89(G6R% zH|HK`(vZrGu%7L;-G0??F`WBYQ(Zl+tavm-R#X8r_0OL_k@4|Ayq6)2>*?)Xn4kA8 zDdAR5mAvP&+Sjr4BYLpdSZaJ~%Eg&=eE=Qsx<8PR-;gB9fwu@nRZ5}1_4jvzdu*RG z0RzjQO8X~H0_o~l^78Tx@=uvDJMi|ZikEDSfqtO zsvPbD$n|2ip8{hB^s9jc0UK5+sni!XHhD!wAAr5Bftr-Nu4`-z=S8dTq>Dlm{5~}F zFX+M7)ZGJ$mxp&V}rC@$3XVD zHa0eW)3&(fN{ZT7n@dXpu*la|4UA*;n+s81US23`EC|1p6ZmhzhHuVRNxbG9$;S5~ zUN}AV+?uMo4GRBiOAKFEU;jFwC~iD`QOEHtLD-3Y)?*P5;YDubR?L=FRS_H-+BVGG!RNUgiaB#vrAA{LG%Pg1 ziEjT%JUuxvnQQbuIX~#Xj%Ogp{2eYd%T2*zP3V`4x_@M)3CJzr-MiM_UOYIj7C7I? zgaqsw1N`UDpTm@j1Y;fmG*6us1zC@gmXW6B@CsR$06}O+wa=9#RFGwF!VS3K%;#cN zRaHUZ;ds}W^mhbXSbbw7HK=J4>nH{6;@^;LJ%nof+1#?K5@mPA5ALWDtlO&ezWZ{BFN>&0;{b0N;ARY7OS7 z(O_Y`&9OJE)MS%|tVhscHVg)=s&OwnEGU1G2}6nM(&zmt(^olasrCoLA3l5tzHHO} z(m0a984wiY@|o+=26~Sg-KjZGViCp|s(o92+)!f5N9>_QcVqhTAQfmN%tC7;U&&xJ zLzWaQv$+)OJdlH8;W2B+g26nkw3HC`?e`x){I10g5QnU^$_l-&}cPrquB+lev6a0l|yY<@u{{-gxDAARxaRj%U%EtGm_)Gi#i=xVWy11aXk>^XCT(g*hn+iBlqa z9t3g%m6|tw0Ym+U|A%Nka9mwpw%)SGK|oMAeN$4!y>lc;F`5}^LRzR>X1OoP43m_B zrf*CPNoNF&gJVy?__P)QUFhv6L{c^DNH)fz-OPy+I(o>&bdBUPA8vcZW8*vxnm1+m%p0APnf zM-KLs?caC^c|Y3hE-%YMI7CcCqxR?>E*)eYDHW;`ty+O$VYo)bwvLY64Hti>_OTYyJB`#Eaqqnr%)?2WVy6p0mqv_*Kivna9E=l0-Pn3l zrBY!pwB4YZoS3L!P0(hJ-j`W@eYp1UV5K)xXx76YTzJi~h$Yoa#?Q}>kr?~O>}<;U#l?L9 zPw@93*?kW)hZQK^rmr+>H4+Hc8>(Gi8P3Jb@5<}{pq5XH#I zxYycKanIh~o??@4*y;4p`p@3pz=R|}|0n1zZ6m2tK8<~~FeWx$p4u2)frt$2&J7Mm zUBhFZoR!v@-I+Rh@6*FUks#=WFYLzj&}v>CWY2PN$UJ)V>T$1Kpl_~QYl21|%F|Qy zdgg;b6vh#!QQQy|8dy9O3T1M#w}6F>Jygq~XJkZuonAsmlN1oc76=Rsya85{2f8Kz zdvwrd(Lx@WjKGPLUB@{9Q9uWsCx$TbC;}k+v2-8h;Nt26Pv*2UEh6r9LI7j!+H8ZE znVDI6r#L+5viLoUq59PUGvq@i*482LJdPR6H1)O{2$w@ZO$!jvUB^X+hWDV@_p6#N z@L-DlRm&c$6mgvrM$$bh@6+XsHSbT65cWFZrWW@=z*7r{YlG<&Ahji7-8~vBA*CzsyA2K0{%3e+t zk3Uv?@JLdtF}Y95IUjS}9>)KCQ0ad>+jLHI=TVqeB|~x|Jg$XMlvPC)$(X$TKVRg% ARR910 diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.css b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.css deleted file mode 100644 index 907851f..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.css +++ /dev/null @@ -1,144 +0,0 @@ -.body { font-size: 12px } -.gstitle { font-size: 18px } - -.group1 { - vertical-align:middle; - text-align:center; - background:#f0f0e0; - padding:12px; - border-radius:10px; -} -.group2 { - display:block; - vertical-align:middle; - font-size: 22px; - text-align:center; - margin:auto; - align:center; - background-color: rgba(255, 255, 255, 0.8); - padding:12px; - border-radius:10px; -} - -body { - background-color: rgba(205, 205, 205, 1); -} - -div.lwsgs { - z-index: 3; - text-align:right; - background-color: rgba(255, 255, 255, 0.8); -} - -table.lwsgs { - width:100%; - height:100%; - transition: max-height 2s; -} -table.c100 { - text-align:center; - width:100%; -} - -table.r { - vertical-align:top; - text-align:right; -} - -table.l { - vertical-align:top; - text-align:left; -} - -table.fixed { - table-layout: fixed; -} - -td.logo { - vertical-align:top; - text-align:left; - width:200px -} - -td.rlogo { - vertical-align:top; - text-align:right -} - -td.lwsgs { - vertical-align:top; - float:right; -} - -td.h99 { - height:99%; - vertical-align:middle; -} - -td.c { - margin:auto; - align:center -} - -td.tac { - text-align:center -} - -td.ava { - display:inline-block; - vertical-align:top; - word-wrap:break-word; -} - -iframe.hidden { - display:none; -} - -div.hidden { - display:none; -} - -div.hiddenr { - display:none; - text-align:right; -} - -input { - margin: 2px; - padding: 2px; -} - -input.em { - margin: 4px; - font-weight:bold; -} - -input.wide { - margin: 6px; - padding: 6px; -} - -input.hidden { - display: none; -} - -form.r { - text-align:right; -} - -span.bad { - color: red; -} - -span.small { - font-size:8pt; -} - -img.av { - width: 64px; - height: 64px; -} - -.green { - color: green; -} diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.js b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.js deleted file mode 100644 index 059ad11..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/lwsgs.js +++ /dev/null @@ -1,637 +0,0 @@ - - -var lwsgs_user = "$lwsgs_user"; -var lwsgs_auth = "$lwsgs_auth"; -var lwsgs_email = "$lwsgs_email"; - -var lwsgs_html = '\ - \ -\ -
\ -
\ - \ - \ - \ - \ -
\ - \ -
\ - \ -
\ -\ - \ - \ - \ - \ - \ -'; - -/*-- this came from - -- https://raw.githubusercontent.com/blueimp/JavaScript-MD5/master/js/md5.min.js - -- under MIT license */ -!function(n){"use strict";function t(n,t){var r=(65535&n)+(65535&t),e=(n>>16)+(t>>16)+(r>>16);return e<<16|65535&r}function r(n,t){return n<>>32-t}function e(n,e,o,u,c,f){return t(r(t(t(e,n),t(u,f)),c),o)}function o(n,t,r,o,u,c,f){return e(t&r|~t&o,n,t,u,c,f)}function u(n,t,r,o,u,c,f){return e(t&o|r&~o,n,t,u,c,f)}function c(n,t,r,o,u,c,f){return e(t^r^o,n,t,u,c,f)}function f(n,t,r,o,u,c,f){return e(r^(t|~o),n,t,u,c,f)}function i(n,r){n[r>>5]|=128<>>9<<4)+14]=r;var e,i,a,h,d,l=1732584193,g=-271733879,v=-1732584194,m=271733878;for(e=0;e>5]>>>t%32&255);return r}function h(n){var t,r=[];for(r[(n.length>>2)-1]=void 0,t=0;t>5]|=(255&n.charCodeAt(t/8))<16&&(o=i(o,8*n.length)),r=0;16>r;r+=1)u[r]=909522486^o[r],c[r]=1549556828^o[r];return e=i(u.concat(h(t)),512+8*t.length),a(i(c.concat(e),640))}function g(n){var t,r,e="0123456789abcdef",o="";for(r=0;r>>4&15)+e.charAt(15&t);return o}function v(n){return unescape(encodeURIComponent(n))}function m(n){return d(v(n))}function p(n){return g(m(n))}function s(n,t){return l(v(n),v(t))}function C(n,t){return g(s(n,t))}function A(n,t,r){return t?r?s(t,n):C(t,n):r?m(n):p(n)}"function"==typeof define&&define.amd?define(function(){return A}):"object"==typeof module&&module.exports?module.exports=A:n.md5=A}(this); - -if (lwsgs_user.substring(0, 1) == "$") { - alert("lwsgs.js: lws generic sessions misconfigured and not providing vars"); -} -function lwsgs_san(s) -{ - if (s.search("<") != -1) - return "invalid string"; - - return s; -} - -function lwsgs_update() -{ - var en_login = 1, en_forgot = 1; - - if (document.getElementById('password').value.length && - document.getElementById('password').value.length < 8) - en_login = 0; - - if (!document.getElementById('username').value || - !document.getElementById('password').value) - en_login = 0; - - if (!document.getElementById('username').value || - document.getElementById('password').value) - en_forgot = 0; - - document.getElementById('login').disabled = !en_login; - document.getElementById('forgot').disabled = !en_forgot; - - if (lwsgs_user) - document.getElementById("curuser").innerHTML = lwsgs_san(lwsgs_user); - - if (lwsgs_user === "") - document.getElementById("dlogin").style.display = "inline"; - else - document.getElementById("dlogout").style.display = "inline"; - } - -function lwsgs_open_registration() -{ - document.getElementById("dadmin").style.display = "none"; - document.getElementById("dlogin").style.display = "none"; - document.getElementById("dlogout").style.display = "none"; - document.getElementById("dchange").style.display = "none"; - document.getElementById("dregister").style.display = "inline"; -} - -function lwsgs_cancel_registration() -{ - document.getElementById("dadmin").style.display = "none"; - document.getElementById("dregister").style.display = "none"; - document.getElementById("dchange").style.display = "none"; - - if (lwsgs_user === "") - document.getElementById("dlogin").style.display = "inline"; - else - document.getElementById("dlogout").style.display = "inline"; -} - -function lwsgs_select_change() -{ - document.getElementById("dlogin").style.display = "none"; - document.getElementById("dlogout").style.display = "none"; - document.getElementById("dregister").style.display = "none"; - if (lwsgs_auth & 2) { - document.getElementById("dadmin").style.display = "inline"; - document.getElementById("dchange").style.display = "none"; - } else { - document.getElementById("dadmin").style.display = "none"; - document.getElementById("dchange").style.display = "inline"; - } - - event.preventDefault() -} - -var lwsgs_user_check = '0'; -var lwsgs_email_check = '0'; - -function lwsgs_rupdate() -{ - var en_register = 1, en_forgot = 0; - - if (document.getElementById('rpassword').value == - document.getElementById('password2').value) { - if (document.getElementById('rpassword').value.length) - document.getElementById('match').innerHTML = - "\u2713"; - else - document.getElementById('match').innerHTML = ""; - document.getElementById('pw2').style = ""; - } else { - if (document.getElementById('password2').value || - document.getElementById('email').value) { // ie, he is filling in "register" path and cares - document.getElementById('match').innerHTML = - "\u2718 Passwords do not match"; - } else - document.getElementById('match').innerHTML = - "\u2718 Passwords do not match"; - - en_register = 0; - } - - if (document.getElementById('rpassword').value.length && - document.getElementById('rpassword').value.length < 8) { - en_register = 0; - document.getElementById('rpw1').innerHTML = "Need 8 chars"; - } else - if (document.getElementById('rpassword').value.length) - document.getElementById('rpw1').innerHTML = "\u2713"; - else - document.getElementById('rpw1').innerHTML = ""; - - if (!document.getElementById('rpassword').value || - !document.getElementById('password2').value || - !document.getElementById('rusername').value || - !document.getElementById('email').value || - lwsgs_email_check === '1'|| - lwsgs_user_check === '1') - en_register = 0; - - document.getElementById('register').disabled = !en_register; - document.getElementById('rpassword').disabled = lwsgs_user_check === '1'; - document.getElementById('password2').disabled = lwsgs_user_check === '1'; - document.getElementById('email').disabled = lwsgs_user_check === '1'; - - if (lwsgs_user_check === '0') { - var uc = document.getElementById('uchk'); - - if (uc) { - if (document.getElementById('rusername').value) - uc.innerHTML = "\u2713"; - else - uc.innerHTML = ""; - } - } else { - if (document.getElementById('uchk')) - ocument.getElementById('uchk').innerHTML = "\u2718 Already registered"; - en_forgot = 1; - } - - if (lwsgs_email_check === '0') { - var ec = document.getElementById('echk'); - - if (ec) { - if (document.getElementById('email').value) - ec.innerHTML = "\u2713"; - else - ec.innerHTML = ""; - } - } else { - if (document.getElementById('echk')) - document.getElementById('echk').innerHTML = "\u2718 Already registered"; - en_forgot = 1; - } - - if (en_forgot) - document.getElementById('rforgot').style.display = "inline"; - else - document.getElementById('rforgot').style.display = "none"; - - if (lwsgs_user_check === '1') - op = '0.5'; - else - op = '1.0'; - document.getElementById('rpassword').style.opacity = op; - document.getElementById('password2').style.opacity = op; - document.getElementById('email').style.opacity = op; - } - -function lwsgs_cupdate() -{ - var en_change = 1, en_forgot = 1, pwok = 1; - - if (lwsgs_auth & 8) { - document.getElementById('ccurpw').style.display = "none"; - document.getElementById('ccurpw_name').style.display = "none"; - } else { - if (!document.getElementById('ccurpw').value || - document.getElementById('ccurpw').value.length < 8) { - en_change = 0; - pwok = 0; - document.getElementById('cuchk').innerHTML = "\u2718"; - } else { - en_forgot = 0; - document.getElementById('cuchk').innerHTML = ""; - } - document.getElementById('ccurpw').style.display = "inline"; - document.getElementById('ccurpw_name').style.display = "inline"; - } - - if (document.getElementById('cpassword').value == - document.getElementById('cpassword2').value) { - if (document.getElementById('cpassword').value.length) - document.getElementById('cmatch').innerHTML = "\u2713"; - else - document.getElementById('cmatch').innerHTML = ""; - document.getElementById('pw2').style = ""; - } else { - if (document.getElementById('cpassword2').value //|| - //document.getElementById('cemail').value - ) { // ie, he is filling in "register" path and cares - document.getElementById('cmatch').innerHTML = - "\u2718 Passwords do not match"; - } else - document.getElementById('cmatch').innerHTML = "\u2718 Passwords do not match"; - - en_change = 0; - } - - if (document.getElementById('cpassword').value.length && - document.getElementById('cpassword').value.length < 8) { - en_change = 0; - document.getElementById('cpw1').innerHTML = "Need 8 chars"; - } else { - var cpw = document.getElementById('cpw1'); - - if (cpw) { - if (document.getElementById('cpassword').value.length) - cpw.innerHTML = "\u2713"; - else - cpw.innerHTML = ""; - } - } - - if (!document.getElementById('cpassword').value || - !document.getElementById('cpassword2').value || - pwok === 0) - en_change = 0; - - if (document.getElementById('showdel').checked) - document.getElementById('delete').style.display = "inline"; - else - document.getElementById('delete').style.display = "none"; - - document.getElementById('change').disabled = !en_change; - document.getElementById('cpassword').disabled = pwok === 0; - document.getElementById('cpassword2').disabled = pwok === 0; - document.getElementById('showdel').disabled = pwok === 0; - document.getElementById('delete').disabled = pwok === 0; - //document.getElementById('cemail').disabled = pwok === 0; - - /* - if (lwsgs_auth & 8) { - document.getElementById('cemail').style.display = "none"; - document.getElementById('cemail_name').style.display = "none"; - } else { - document.getElementById('cemail').style.display = "inline"; - document.getElementById('cemail_name').style.display = "inline"; - if (lwsgs_email_check === '0' && - document.getElementById('cemail').value != lwsgs_email) { - if (document.getElementById('cemail').value) - document.getElementById('cechk').innerHTML = "\u2713"; - else - document.getElementById('cechk').innerHTML = ""; - } else { - document.getElementById('cechk').innerHTML = "\u2718 Already registered"; - en_forgot = 1; - } - } */ - - if (lwsgs_auth & 8) - en_forgot = 0; - - if (en_forgot) - document.getElementById('cforgot').style.display = "inline"; - else - document.getElementById('cforgot').style.display = "none"; - - if (pwok === 0) - op = '0.5'; - else - op = '1.0'; - document.getElementById('cpassword').style.opacity = op; - document.getElementById('cpassword2').style.opacity = op; - // document.getElementById('cemail').style.opacity = op; - } - -function lwsgs_check_user() -{ - var xmlHttp = new XMLHttpRequest(); - xmlHttp.onreadystatechange = function() { - if (xmlHttp.readyState === 4 && xmlHttp.status === 200) { - lwsgs_user_check = xmlHttp.responseText; - lwsgs_rupdate(); - } - } - xmlHttp.open("GET", "lwsgs-check/username="+document.getElementById('rusername').value, true); - xmlHttp.send(null); -} - -function lwsgs_check_email(id) -{ - var xmlHttp = new XMLHttpRequest(); - xmlHttp.onreadystatechange = function() { - if (xmlHttp.readyState === 4 && xmlHttp.status === 200) { - lwsgs_email_check = xmlHttp.responseText; - lwsgs_rupdate(); - } - } - xmlHttp.open("GET", "lwsgs-check/email="+document.getElementById(id).value, true); - xmlHttp.send(null); -} - -function rupdate_user() -{ - lwsgs_rupdate(); - lwsgs_check_user(); -} - -function rupdate_email() -{ - lwsgs_rupdate(); - lwsgs_check_email('email'); -} - -function cupdate_email() -{ - lwsgs_cupdate(); - lwsgs_check_email('cemail'); -} - - -function lwsgs_initial() -{ - document.getElementById('lwsgs').innerHTML = lwsgs_html; - - if (lwsgs_user) { - document.getElementById("curuser").innerHTML = - "currently logged in as " + lwsgs_san(lwsgs_user) + "
"; - - document.getElementById("ccuruser").innerHTML = - "Login settings for " + - lwsgs_san(lwsgs_user) + "
"; - } - - document.getElementById('username').oninput = lwsgs_update; - document.getElementById('username').onchange = lwsgs_update; - document.getElementById('password').oninput = lwsgs_update; - document.getElementById('password').onchange = lwsgs_update; - document.getElementById('doreg').onclick = lwsgs_open_registration; - document.getElementById('clink').onclick = lwsgs_select_change; - document.getElementById('cancel').onclick =lwsgs_cancel_registration; - document.getElementById('cancel2').onclick =lwsgs_cancel_registration; - document.getElementById('rpassword').oninput = lwsgs_rupdate; - document.getElementById('password2').oninput = lwsgs_rupdate; - document.getElementById('rusername').oninput = rupdate_user; - document.getElementById('email').oninput = rupdate_email; - document.getElementById('ccurpw').oninput = lwsgs_cupdate; - document.getElementById('cpassword').oninput = lwsgs_cupdate; - document.getElementById('cpassword2').oninput = lwsgs_cupdate; - - document.getElementById('showdel').onchange = lwsgs_cupdate; - - if (lwsgs_email) - document.getElementById('grav').innerHTML = - ""; - //if (lwsgs_email) - //document.getElementById('cemail').placeholder = lwsgs_email; - document.getElementById('cusername').value = lwsgs_user; - lwsgs_update(); - lwsgs_cupdate(); -} - -window.addEventListener("load", function() { - lwsgs_initial(); - document.getElementById("nolog").style.display = !!lwsgs_user ? "none" : "inline-block"; - document.getElementById("logged").style.display = !lwsgs_user ? "none" : "inline-block"; - - document.getElementById("msg").onkeyup = mupd; - document.getElementById("msg").onchange = mupd; - - var ws; - - function mb_format(s) - { - var r = "", n, wos = 0; - - for (n = 0; n < s.length; n++) { - if (s[n] == ' ') - wos = 0; - else { - wos++; - if (wos === 40) { - wos = 0; - r = r + ' '; - } - } - if (s[n] == '<') { - r = r + "<"; - continue; - } - if (s[n] == '\n') { - r = r + "
"; - continue; - } - - r = r + s[n]; - } - - return r; - } - - function add_div(n, m) - { - var q = document.getElementById(n); - var d = new Date(m.time * 1000), s = d.toTimeString(), t; - - t = s.indexOf('('); - if (t) - s = s.substring(0, t); - - q.innerHTML = "
" + - "
" + - "" + lwsgs_san(m.username) + "
" + - "" + d.toDateString() + - "
" + s + "

" + - "IP: " + lwsgs_san(m.ip) + - "
" + - mb_format(m.content) + - "

" + q.innerHTML; - } - - function get_appropriate_ws_url() - { - var pcol; - var u = document.URL; - - if (u.substring(0, 5) == "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) == "http") - u = u.substr(7); - } - u = u.split('/'); - - return pcol + u[0] + "/xxx"; - } - - if (lwsgs_user) { - if (typeof MozWebSocket != "undefined") - ws = new MozWebSocket(get_appropriate_ws_url(), - "protocol-lws-messageboard"); - else - ws = new WebSocket(get_appropriate_ws_url(), - "protocol-lws-messageboard"); - - try { - ws.onopen = function() { - document.getElementById("debug").textContent = "ws opened"; - } - ws.onmessage =function got_packet(msg) { - add_div("messages", JSON.parse(msg.data)); - } - ws.onclose = function(){ - } - } catch(exception) { - alert('

Error' + exception); - } - } - - function mupd() - { - document.getElementById("send").disabled = !document.getElementById("msg").value; - } -}, false); diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/md5.min.js b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/md5.min.js deleted file mode 100644 index 4bd9de1..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/md5.min.js +++ /dev/null @@ -1,2 +0,0 @@ -!function(n){"use strict";function t(n,t){var r=(65535&n)+(65535&t),e=(n>>16)+(t>>16)+(r>>16);return e<<16|65535&r}function r(n,t){return n<>>32-t}function e(n,e,o,u,c,f){return t(r(t(t(e,n),t(u,f)),c),o)}function o(n,t,r,o,u,c,f){return e(t&r|~t&o,n,t,u,c,f)}function u(n,t,r,o,u,c,f){return e(t&o|r&~o,n,t,u,c,f)}function c(n,t,r,o,u,c,f){return e(t^r^o,n,t,u,c,f)}function f(n,t,r,o,u,c,f){return e(r^(t|~o),n,t,u,c,f)}function i(n,r){n[r>>5]|=128<>>9<<4)+14]=r;var e,i,a,h,d,l=1732584193,g=-271733879,v=-1732584194,m=271733878;for(e=0;e>5]>>>t%32&255);return r}function h(n){var t,r=[];for(r[(n.length>>2)-1]=void 0,t=0;t>5]|=(255&n.charCodeAt(t/8))<16&&(o=i(o,8*n.length)),r=0;16>r;r+=1)u[r]=909522486^o[r],c[r]=1549556828^o[r];return e=i(u.concat(h(t)),512+8*t.length),a(i(c.concat(e),640))}function g(n){var t,r,e="0123456789abcdef",o="";for(r=0;r>>4&15)+e.charAt(15&t);return o}function v(n){return unescape(encodeURIComponent(n))}function m(n){return d(v(n))}function p(n){return g(m(n))}function s(n,t){return l(v(n),v(t))}function C(n,t){return g(s(n,t))}function A(n,t,r){return t?r?s(t,n):C(t,n):r?m(n):p(n)}"function"==typeof define&&define.amd?define(function(){return A}):"object"==typeof module&&module.exports?module.exports=A:n.md5=A}(this); -//# sourceMappingURL=md5.min.js.map \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needadmin/admin-login.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needadmin/admin-login.html deleted file mode 100644 index 113df9c..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needadmin/admin-login.html +++ /dev/null @@ -1,5 +0,0 @@ - -This is an example destination that will appear after successful Admin login. - -This URL cannot be served if you're not logged in as admin. - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needauth/successful-login.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needauth/successful-login.html deleted file mode 100644 index dfc25cf..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/needauth/successful-login.html +++ /dev/null @@ -1,4 +0,0 @@ - -This is an example destination that will appear after successful non-Admin login - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-fail.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-fail.html deleted file mode 100644 index ead3d13..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-fail.html +++ /dev/null @@ -1,5 +0,0 @@ - -Sorry, something went wrong. - -Click here to continue. - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-ok.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-ok.html deleted file mode 100644 index 3e8e9cf..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-forgot-ok.html +++ /dev/null @@ -1,6 +0,0 @@ - -This is a one-time password recovery login. - -Please click here and click your username at the top to reset your password. - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-fail.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-fail.html deleted file mode 100644 index 063c3c5..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-fail.html +++ /dev/null @@ -1 +0,0 @@ -Registration failed, sorry diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-ok.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-ok.html deleted file mode 100644 index c00c3f3..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-register-ok.html +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - -
- -
- Your registration as is accepted,
- you will receive an email shortly with instructions
- to verify and enable the account for normal use.

- The link is only valid for an hour, after that if it has
- not been verified your account will be deleted. -
- - - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-fail.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-fail.html deleted file mode 100644 index d1d89ca..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-fail.html +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - - - - - - -
- -
- Sorry, the link was invalid. -
- - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-ok.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-ok.html deleted file mode 100644 index ae647fc..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/post-verify-ok.html +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - -
- -
- Thanks for signing up, your registration as is verified.
-
- Click here to continue. -
- - - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/seats.jpg b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/seats.jpg deleted file mode 100644 index 5bed40d919872359f2fcc00a8430e7dcfabaab4a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 122754 zcmb5W30PCt)-b%!AqT@jZNNiR9NrTonqWX=QgC=rVxS?Qh6E7M`XUl05tYHIxBqj9 zU;&2)3^RBG24s>Vpe@$+qOV$Jf#N`~w{P#Q3Tk`bw%Yc)_xqpc{_6xBYVG@d|MKBv zpFOR$*IIk+wb$Oqf8G7p*GQla3JyXTh9MRFL;w0KelPG~asooZ!ET6;5VA*aVYoF_ z1aAUJ+re)I{5fJa2!mhl&lw}EzZOU@m`=AqS~6V+hxAHlI}?68;m-@w6#RC>-yHm9 zKgsX&to@8ZzBq3xoyIi=$k?$vBP%Tt={CBDuUhH50dWLdYd`;eJ9wjp_VQTmvC3xzf`UGrt@oZk`$!I|Ct`=`6QKgUcLd|E8m#+ z4b+W?KNp~t`<(&2d`U45{NM(GXbhw_orYHdn&LtXq?uRpHPdNpn`x@pb<3t{IdI^B#{qAT zJ?V)nR{Hz(t2+%KcBTLUeEn?%}{+>B2@MA@mc+9)#>aP zbvN$VrC&ciL#OLmvtCx%6R%HQ|9tK~uVT%7QD<{{vK|J^4Q;(PIWZ~IJ#)|A>8h`m zy=V}n)o1KU&9XLFgUwFD11>}xg%2_p1fPXe#%7sYNAeKdQs&?qv#EB8`3pFYT~@Sm>zJnu!Nz=M1DWMrl5HR*d2(|7D% zziChU?j5Q0-l^B=RE_{2@811f zTCWtmsLjo;^i6v*_3Qmt({YC~^%-$PtyrmMe_`=TZw(x*l#LE+P^3i684dA;b@ zZK7YcdByrz+q_crqRn&dwDMn`mAQx3Pb>8_alfkYqS=c#o0WOD* zo64GQ`>R?n+P)&O;52XF-MfR5Q+KcTUiqAPFXi@1@r%~Fo%%HWh8=r3l?y+#SHFG} zrz~^^mp$FXZ>qd#Y_;NGp!Q|ygO%%lZ(*J8=GT>9_Q6?@J)rbE;*wL7GY3O3!mi}(z=gQ>eE2C*o`1Adpex6r+(bL-+UFe=Pn7mo>daXWTec*J%*Yn@lVEsz3 zl``7f2mYS3{nd7`?5$nFt-P+*^ht2ey7SpW5Du;{0AtNXwHj5eUf zl+al?XR-4pF}fQ8_WUW4w#Jt z_OEN;0)qF>Iq)w5!)Y{cd z)IlibahdD>w%B7ufiBsYoZEF^3~JBigPSM7Su(ucl(zl$?8tPQr6epG{ofCMj@BLj zlh;rt4+XCIy!BJ3BP*|UJGC7et2!=V&yPCx8EP3V8#CTif2QDF>`eLnZMcnDR742` zNQ0sTjFmoka3m6D{Kf+hlivR>pV+!0`n`cKs!wZu2ZK_bPZaw{SBk8)@S%y-@4qWD zc<}IocxMquAuy|n2OcQ^sl5_(qS|rGoTVXTt~6FboW1lP!DlKmKKx@mK|754?DzjO ze|BTY)_{eZ{d;n}>=*5j@fzciS@_B0chAl5pZGl7vf2Y7%Hl;bd<~|^;{#i!06ba} zs0@1GoU~!CXGxU1?32>3hIIXV#1hAzicRY1g&-;}roVKC^9wr@P+s^uMh;eYUJ_qod2@(Yo>A zsDNeWTjajALCA}jc|y%=8AlSLwfL)#gW~WbOBu8Xn<>DN29xW}6R|AUGY3)rv6*fKt?z|S~g84#=Imm zDP(f!GegFI%~>(&aV#Lx%7v}51*3@GMrI6!^yc~ zG<_^EMvO%#P(*#5Q=Hyyv?X+0KYq+k)(g4=BDl4x<;$_QhbgPw=ox_z6{h(x46dY; z2}fMgCg|Fy-XCr{FydF0^~a^(uUR-m9@8ucxGs)YmR|m}ciR{H4>b>0%}zL8Rzj_4 z617*${+oGAG_ksjCO!y?NKdFMr(y3dKuNtMrd9xNL7<|p!wWWtJ>6Btp|S#j7M)2X zgu5cs+q>P7gNSi^977q$i|bSSqLVAjip zB|{g?8*VNPjhs0TUthBA!Goxl@d`c|5uUVTDXB0CED{=K1Ezm=HY2g03rtLd25T5U z7PjT>6!_T(nq$3W7+)XCMBb^8wu-tsr{$Ic%@NjWs+5{Rgkq8czy z2-`^gl<{a(d$ls8<$oPGzAVH3S`Nx3d{?MeL`}xs^r)Y;Xl6Mw*p`k+*9b4w4=wZN zi8su^`Tv}swt8z{*LVd`g{jD-h1~=g0O*|5o-X@&p8sO!S2aLlA1f?tvqvb9?sU%% z9VhW3WY7S5P{Oyj`a5rW@^I6IBEf~7+NaxNsT?SPk_aI(xVq0ZE z^ydeE7+1x^FwA3@q+RbSZZ56I)QHZm`zdJFqD>|7y+>^G)P*;?jQ?HQw6^4FdpI&9 zL`%)FoK1$l0zxd4sSjhX48538P(Y9cRC${dg;b2ZS?JKZQJODVKxZ(ldAZTX*p+nH{ye zqMt4!b45l(*w#&^`F%P^c^z;j&cz?Z>F3S@J719 zs%dK77dKmMQ;!yncmCyIORq`+MCeD(bbji%tTa@B$k{*sT(E&Rqv_Jwl!YJo#GVcK z5xStIFmwrYW!nSw8DiDE20kp*F90wY5o(i8XGlcqTnlh@(*$qPuKdZ>WrS_MjBWty zL~y;-b~mY}CaCtvotq6KrUeZ}L-`L|g-HT1LUkn-0n{=#P+aQKiYD8c!$-flaQf27 z!%ZP$_tV!NWl%27p#jzKd2h}H1aC;NOWe?2f(9cI!CK!jMk?sUjkz>|o-NL-Kfbu) zsS;iI`0B7-G>s7WLBL1^mJO$J5oP}0^KQ4``G;04@T%ICd!#0GVGokXF7TXGd`zWF zpZw|ChXMTE?^es6S=JtV>|eDR8?Z)%tke)vV1XI1Lcgy7#R8=`j9P>2R2oH#gvXO0 z>e=G>NyVZkgSer>v$Jmd=j44H_(>tWfF>9m0kxFPofG#_s^if9`0FNiK4Q)MCbyIt z8w*NdvxWbPJ3wqgZ(3gTG- z;G254W==g|AFCoxKvEt~R>R4p3PAzj7$1~;H62EunKT14tF#2jYDchZr-oVZcI}>#BM(WeYS+_G5 zKDf8xi)|erZr?a@qVQn9*dUtxFsx%BW959$gm(UvxF}c<%DogUrUK+IDVj==_MA%b zwLD5d1!cqHDOZsPJ~AZbtXUk#V#4mN6)c3PIYUGth8rf(^~g8jBad&Cs&_r!bG|wM z!}7%C$SzQ*AjIzkO3#e#U;EFS>&r^gZ#+yp^?32&A3`Q?tG1_qk-${v;f+h)PI+2A)7kG(A9A~IKDrx; zlmaVpQ<`9=Y!3Zp`}n7PEbYCI{65<;(T20RO7uwqcIMXN%8bO)vujg!3KOG_#dyig z!f5yW@NW-?R-Fvnln{Dbg^>(Lz!XIkrr@I~slG~;CW^|IM1|wsR4zf#NML4d5}M1; z%-Fe%##9u)%PfeU6d(EKxUTta%hL&;N#cgYQ7^3sss$^|3IqhFctd%N;VR z4i>(s5<J!9tpFD5${9h2}nORV%v$sSgcDDu10C2l!cK1tX2b$oTR z;PP!pcW{rLeX5tAKlQd_kgV55Fy7SDq@qHYHRaNo^BvAd`x|p;Zcs3tq>66*ZgazU zX!Ojbsh|k20pZJQ0tc!a)+AVPq8V51I%UH?pVY4r4^s-ed7TEUKQkqFjvCE>pDvOF zIQuSairjKJ_34v^9_gJ7i7jyIe1;|J23IT)m7&zZ4K+n-X-DHJaGMB`ye)Qm_5(Q) zlKR_uGOrL9CdBSFTHsZCosjToiGv2_l0$3*rihx{-&*{D^`}@#e%s~iZJ0Z+i-n5R z^iV*1MtsFrbaxW2Ol-GrY%ThyKY8w57cnWHt^Hwp#yfS}{^47NXCsaFNR#@>yq3kMdi5uF zJ>zF>CV%wFoZ-l~G{Ag1`a#$?UQ-$fuAxv{;tKPlv;E}ZYmBwuS07{)NCQ)9S)Gen zBmv*jqN~mF+J|!8?jvD13Xyxnf+0dcFb5I|`Xyvn6O$5=VZ2w_F z(#WP6pRUcCQ2j~aANhgy;N1Sm02@;+3PH%pY5j?Vn`oTt0ZevtTnn!jISzM*)J^QG zgo*STz@pAjxPjFz=S#RYQ6rXb5A{&9=A-NgXckh)ErQc5(vTLLJHE|p>g=^9$C!gl z&nGS~qoQy&;%uGIJ}G(lt#|(D`S3l-(|I2%4!?!}W1u>JVK~9CSS0oLs&7tct#XI% z>cZQwc*3y&NV+}*yYSb6fMX|(S&QIMlYz1mPHT=7+&9I1n&j`)>1*qJQh%;a{YTNyp5?8*lYW2t_kg~qw*#v5 zY%wWFwGW8C_t)yZw8+{K(vT5qTFlx@YEm9YC$1R+vrA8vynN!U*bJ;NbHc`@mb1D< z@1krzie~I3j#sVKrbj42&-!m)8FTbXYuuFnzgn*FNpWqiEIIl1=B$jh6JC9{6)rmuEkE*P=aMnr+>>FalqYnqR$8uiTYrs+B z0QPf=67WeZh!oSEI8b5%^%GdxB_T*=UHeaMdu`(uH78a*HR6=SOfOhBqt-7|8hSdg zw|ii8YvP7oU#8S{EzW$1)PYXH)v<~`tuo3dgSKMSU=i+gJM`@oSdu%@8V{MQwczCg zB-BJR=BWZq36zKw`HDVNf?L;hhUTi8DKvZZ%V)0sMP6Cbt6eA%kpePxyfJHmyY6kL zAIk$aW|k%#Zw)Q)a8;0ICi0^d>oQ6`+f9Z1bKrAxK%v@xm5jx6nI^Y00oND_60p{S zmk*8-9#BGCvn07ZH$2bH>=14j3psF-Y~>;e?D=wRLSK&`9C?W&81!2%V=(8!5GTmHfkD~3~lX; zeOh%zQRLDy>vL6Onl8fq>I;tK%oS^B+2s6 zWyZhFKCf0(HH%j*+7x2YNGxi_m5{C=4;6Nx`f%M}8*`j4osktS9iNQLJP}f6>WJ9K z+5SeIQxUM7#lkUrr}z9)+kXx?EB-QWyVI$mSfs&2cmZ##@U6XiBjQQGPeJY3upUhT zMF=%CQ#gVh z4RX@hdjxZcL7@>znD{Kj&=JQ`oqjg64)}kV(@SQq zTHyq7_quH>!!MPTbs>#-I54n-QMz_mqFcUn5tg75Wr>o#Rn;wGu%No12IKqG56j$G zM1xiFIs8TA5uEYU2rLD3Wz)oxax!V`b||YsE)h;yzLjM;?s!bHP`ELWS7N^`u&*1db!7r) z9=UKjmeC;lu6H+nonPr?l29!46tJRBH1Ph0+6_j3)8y`TP7nWs0$bsDmEut)W0;J` z0;(DY9&H*IG^JlSRNxU9*bJD{=9l!K8c;OsjH~oahIZSyk+h&(ciF}EL9Zhr`li64 z;}^2sUDUxNzVkoHA$*EYA0I9HuYmi-Cg^)b@PSqQ@^;#tv_lMtlPlV2?-d+*MJcjpBql&&*c)3NAp1KO5>C&aZT_m!@2E z>{guY9UJ+?cVX#J(ztH;kLyAlsjH2g1YFz2qyXd^jgt(A8Db+Oa-}#qbJ6fAfbO{U zbsEfwVmYF8+MkC0+8^Bup(sCnV5u^6+;ld0qeI3_2~p#!8xdvf@$JUlxxo!eFW+b zTW>AmgHlfcFcb7>3ZO=e0Tf&!x;y6Gp78}(v_LoZg!_y&WjgJxQh$+RTxCAd&}-7V zC9g^_{M@np?%%6+PHY|ILXut096h42`aYKs7lF16Hl)^GC9=PW%M~Gf4Q|gMUUB?g z?`RDKlesdU0d$UZ856;PAOM%g0G}XX7I3c|z%3`es0d+km8}UUZk*Y7?BJJh;8o0= zuNzJ8pvO7~jpk;(iDA!;TOJ>9OC9MbzkC1Coxz26pb1GKR*GUZk%Rm~F>8WwnicS~ z!8^_Q5NPL=8psf>SvpsEwY!-sWWa7SIFhhUGfgZQc9PF|MnIDUbZH7eu9K-F-950~ zjp>%|Y)v@ne2)hK0aDs9uU(XKH@e7hP9(_O^wZf5j|lESa5Xf>RnM95V$$bCvJdl)?aW$bA!LSnSMaT z#*eoz{6IRiw!au5I~mg6c-V5cB*YNqo-`h(EcK*W9)T>dWkzT;vt(0oMttbDej|4x4y__*8ST^aI(G=70|Yi_<{ zw7`I5fzr9U!^N7VY3VFNjbCmXD&A39we4CI&;}yHYTY@Sc~V$`s3{h4Yk?IA8fK?8 zWyUE^nClBWX3QCg#VZHKw5GbEWBc};ozv^pPV?~d10`1`6Y9=bb#P=0yp%w`&RThMmfk6E)8BU_5ZkWc)+Gn8ER=WLizSn z^&C-Y={*R!WtQspwI}qHbqdrQXQN=tBj=)E~^2(NY-taKdc06!;>!?#Q;>826SV6@sv zAdAbink;Jq=mpSB@oN~Nx0HWWUuyJ!`+jS9)C%;$3SgSJB(P`6vZZgKn%a#ARKMW?d5mOw1z3mEL-`>mHP6ap8?+lLb zi@M{ba0=bG+fT1*GLdYE*7$NJ&c-EGeKoPP2ts7z1LHYY??#Hp4b^XPx78!=-KuB`4s%K9#$fi~ zvzzQ&6?+p-dhu7Z%$#4Sz=QBHm9w9MG!K!mloxgiEaHMDfF+==KTKMjDj^Vuq z*|tm3O=nj5clFa~Q^z{BZh3jjJAW-txIbAg`>MX{cGd~+;jfdveb@bI$R}%-4#k%) zJ(gIpYySbSO20#My}tM7^t#E{x4w`g@G9nLgj?C1>Ty~~NqF2Gh=Szr0EE$zi>Y0s z(V{jdk^D@fI-boH&CdCcbsvXq>Im5MzSp9;rw&z1M3u+4vDg~#QNNiUk*jk5)Aw}a zDc!pj6H&K)2G`u#5OktyZgTOpr1@*2bMGJCyzp@9)yaSJ{#jR+xS`5&^KGwfBASrV&QvXvcUFXY0;?hy z=X~G)Xl=*<=ks8JvI|YfR=bULfgl|)l9MQaE1dJiH zb>`|1y=xwAUO5t+pC0=tvEgsJ!V#bSeSnKobVlQO9LIYNSB$ta$jW`iQP`9AMnU7`TlnF zf}QCGzdE(^l%(c7v0#=lD!+2RdTX`vkCC{%+R~hQuzNXmx zNJ?NKtWhDv7cro2N{+}k0@ym7b*YXY;cE>hI5!@b>|cF@N~Z0L?)bGujqXpF@7E<- zG$#w(`(p+)Bf8pE^3K99Pdsqh{YUxj!Lg|FHC5`=tKU9Mec&>Y5dhXV62xV~G$B#;naiemQvRiY@jUk1ebUiO zRUr$73j!iT7atLyYkf58PmOjx&0eGT0?Xb#*3-cUnaUpxDG(?U$&hK)SU@9aI zBa_n=EDKl198tnmhP&_ZKM{s0SU&5Mw$ao#OsdE4-OqBm`~BkooZ(iqd$<(>>g9IeRH84H>-)~GuD_Nh zhX42WjIo1D&R>78Bo(~+?`GUAE$Bu8-nYGk8yC6d6%8H0^Q3OOi;|j8?f7h$kY>Rh z%tj0?E=1@;D#StuklFo&y9RSf=s6PT8gVO@8qJ7dl6qhUQUV85!WfZ;LINkw{=O03 z+V=69ElbMz3S%yAH~j1d8B0E^Y>58DvJ0y}M2B_dgYWInnz3Z~(9J)3gd@p}Y2lJr@EtiIyE6;UY2^Ja*f{`MF4KrfEjiageYk4*<-6{k-Ub&)& zeKUo~X54qgD|YeN!_Q*sKkzTYY#P4|)_k}1r2UsepI2K=B(7Gg2%Bxgj|D2 zrktF8%BOjm`Y*Y9ad|wlJ@uE2p|I;MYI`*uhrE={LJ-^(US6ldS+nvU>KmMaQQFmMln;Y0Z?e_V2kFJgTNh6sN{%D(v zfYLm!Dgn<@;zTlJJde!@L>P>bt~Eyg-fS>G@|E>M9e(Wvs(1KreC?v;D~oG$iiY{5 zoIzx##RY4aT(Ge~;o43k@?uDsEv$BVZHgO5_BA0MBPYrkw@0a30U>a_k3~>6$zR>{ zxfN=%;5pJWuDLEAMI|+C()fTy<7#=+?WAFOsX2ey4aqm8tWXJ zIY#)pSA3!B1b(o{E_!5F#lsjr3d~Uys&1v31U!~5Hqp(ISK=ZNKLqZFX~O?fe5g-_ zY@Z04c#5$Tk&LKg>3~2ms^htU?+hSM;!MgLK?CO!+-)Ra9v(p>j90TmWuwiK-gxZp z>v2l>0F7NZw=t@=R=Mpyntf;evD1kkpS@Y}W2+h?i&5c*pr&zUEuVFC>@l3%>J*Ez z?L8R0&uw?W)~oNh+BUDmQW)nJlM&_e%!G8)4iSz>A<)62h~FoOwGs`hrWp2gxZ2Fv zv{Z*K{H{Oz-lfo18QcDhtgM^sTYPitI*Hf5ZS{Fcj}I>G0w1$NEoOaE&Y9fkJibVl z=XOG^K@RpZ8t+$|#&2I9_RN6FMvWPj?vpaZ|f@ z^@{k%X-B{5dU~hVLotk&_^zqCmh@=b!}dpdi<3Y}=d{x}%b<7EVgcFkZ0Ro3C+#=* zZdWf=-T(6VQ1;4zG_>Dn$;%mAnCF z|D)>f9SlMkUZBV!Fo)sEj9vEOg*1GYTpj;t>-LaqXY2gWom-ZXJ@ihLsQ6mNn&{2J zBmRHBcI~sBjx3yMxvF)0eF9J1E*e(nxmamZ3$)U}3dcO#x;l~38V!*!up$#kh4Tdw zP8L}{N7BnfJMQIG_|DY2pM?OE+#M6cmhpts-V4elZVX=NbNJMZ!y%_CeiW%QH<1Bn zV@3~n>4q+=O_PT|Fnw$ohE57?Pv-a}#GD`Pm%GvV0$ArTALR(&+?YAmPCJ)0xY96G zgkNPD4U6niHjf_@X>1s1gQhqGk2ir$Yh+i88A@bkIJ#$fwdcZ@%NpTw!5`HFZC_P^))w|$;)g`jcx2f>dG?N?dcfGeGSX5ToO5tZ3Ktj=~(g4i(i z%?;(a;h0Z!x@~=f3j@fhY;K=#q;h#UGUCO}j%QXvhV>h9`1vi&9@qH}!H9Vg$S#&U ze?6yh2@w!8;*ZKVZ`@b9tajr3H}90MsoxxMs^-~dhqrc|>N!+Oc%uj{_}@{%)TAy^ za&AFKxMPm0kjE`EIc6E@R$rInT+(94p`$sT0Pt~!jLdeC$3hmvWxNRj9wwDMy$Ay! zG{~_VBZ-o8;Z6zBaGZ8~XmnrH?2t{3vu|fc?X%m=_|IG2x~XwuTepV68=TZC!70Dvv6qm0Jn?@?2*}5ctAy{q)>6_@_@~}wyr4e2 ztv%&Z6dtb7bDYsQnk52hv#hP6!ko_`c+MFN=fnMy29BEFS7w{mgo2Pm<(&}t(~xo* zc(CH;$nG$4b=bV9w43#({SP*-yPdv$Uq^ml4JOWZXRtVkl55P7Ej0*U1-y>kFy*zdWb-gu5@Rj|TaD3>|7Q5ET-DW(FpS(; z27&Q3; zIBPTSaMCJ#{sQaGsqBMscZjlh-|KG(P7n@F(cy%iL@_}CxVi6pxugf}<{ksTRT zU$QYUJYHsuFu)d(hQ4@CaR??QVec-xrSZ;ih*Rm5J}EKxc2kbE%K2R^h37Sa6iiYl zCfn^Q3nv;yR~=hu*iN$u!UXJv;QyH!x_UjP*V$JHH3)S&AaQ`$D?I4C36HJe2^tk{ z#^Ib0Cb<;nq->Bz_Qw!|1MvlU1*vr<7Z!wsD@*W%0kc`Ck%sd_aOA{TkL(OR1L{C% z2OxmEHG;f0#AB?lZ+d)ZQuN{T!@?nShVqDwOY_2Ox3zAKjOIzQDHD(d_%QdExu%P`G*fQny9&?kxik|Sb|C!aE(XB$S6qEyL1T3+rz`C}KJtoM1D{0V|GTq384J#-=(rCJ;DQgq`{F zGwF!Cy<-@*GK0kL!c_;i!my5V7zQ{1hW|%O|5x#QAXouLw#|3vPQaWYAf*eKA7Jsc_1j!!X z^z8Dvw2d(X!+;PtJ@HVpSQ5#A{U(s+0^=GSilLcUE@7lG;XC)BbnF|tjXInaCJob%bzz$Qx$jlWY6;tPwVs>+t@T39( zX&U*XA%27A zypb@N@X;3WfPyVhALsZ1^2FRhrkabqh5_O4Do71Ow;Ph?^CF@HV;bDOGX$L?CNI$C zY(~vstGhA}p}A@n?ABElll3{$$U-8LM_ouIlnz8pMF@RjL5Dod#bMu>S&T3b5iFBK z$-+CGQm*A!!j+MH4+evMG(zCbX^5~`_3vvQ-4tek;#vK^;Izpc4sraGerlq?TH6_oNF!(It3N9~%}6x}%7vWHGhZ zV<1A=jhdEtbt4Ss3LC~~P>llbag4J29U|}s*gWH+K-g>E;zvf~M}kziuBJDoKtZEg zLw~qZW0wTN85~f-jakH!xMA3gE7)S0=~&%Fil$A#)aKTLtQ<}^7C*#Gasy)^O32^_ z*ESxkVrCpm(m<3OIr2(y=FKD!BwRpZ>`ByaxYg!V!cdkl0qi9OFhOLuczh&9?x;jx zR=^Mz!~-u!E=Q>Pi(3iDl}R6$+UGoo=ercZ_kx5{f6z!1W_K2u62vY{gl#TS(vV*XC-My&x2%?Ou_D7TtN>c@<#=rvEP`(U zjM2bON|LMfIDSQ*X)dHuv%p%dDTX(NTq6#3HG@I{gfVam<6(*rI^_)Zz{{6ldM+0qhDq&F!eT|y z^WoDfVK)}9>cJ_gJaDVTwH-lR9@CqVo$_qW+Q(9)-Ov)(ejeO7x=v(*Xb|G5YiX{V zUjyhoz(s_Mt*BwSy^sVb2<}P&=2ZZ9rzHq(qG+U{Eb_xfo>&vSo{WBM@!X&eQXF1 z_Q|BUCJ9>;-95h3iBE;Q%PP;6`_CtQVrg{vEl&xJ7JYk7pUw|KJQfiC3alg`0~-ir zKmbyubYk4M5}*(H5&@$5psRW(HR3rCv~9On9ghdZFc2CZzKBW$Jvgc(DEDj$9Qt9( z+G1Fa8C{UR#y3i1m~9I6U_=Tng7b>nA?;H@N@GsHbzvn_GDn07xfL+{LUhsG*#y3t ziyMvjI3|E)x(TF63n;2UVtIQB3FmUJlk0~p3c@epbWVEYfo!wVAUGL~0 zc&KpXn>gGtu`xj#BbCX+zpe0JLBj#PU2U0mmJJ}IgB8&CuYuDF&?_+4R*)yT-3nol zpack!;#lgF`P&;OThsrsltqN#QmM9I1mOgZ96X1_K{=?L<4xCFu60HOLD7u6Z7Pk} z3+sr|il>OqHTxw!aBQ$W-hK2jcUtRXV!16Eh7n*hUIQx`xilAzvjV@#z7FWHc&Eek zAeG>{<|}z_-8iyD+-t8@nozy~7ijD>1mB&|&=PWP=&3~q#T z+)kE8T94YsU{e#!Q>w`&M5H(c=QIr{oCe9jt{s9i`X-v#3VR}tL ze-9BHl*>{smT#NSBWN`~mZPOiNAnmmp$BI;Jg)+`dlE1RnSl)M1``U@-fDx@NDs^eADALr0=G58X<=kHyL0 z{sQS{92v+(xo|euH?y+ zC`ZB!@yuv}*2uzPJAtYA;1aqbGa-zrMPcr41$>i}^wg&}m$s+)WOelWFu1uOwSKuP z!Yf4W@Wrs4nNcUbvX@Cc3cgba?E+|i4Wlef1sER(Km>`$2+!dNi^trGaifW0Gw7Dr>cQWT+YOaF1OM{_#T~Gd_?eA5+T31HYx?#kL0hCn#$hjJR^&zj^JLp` zR!hM_b{WE1mej<=1m_e}0LZ1yMZ&4J`@sgl}B9L{@ulMrO3`reuLXyP@V(L|*ub z+j1V6(jISynW5ReT4K&;W^7m*$}$Dq4(4^ZS4S5Ei$N$HfObkScTfruv&MD18gz6p zC(i{*!=2lQk;p-rHzWKkY!j3aOGxUTYSC~mB|2W>I9kE;jV~2R`Q)rEnOA>2`O8}8 zXWkPj3;eGhJ#IAHC~3kiuty@txX(1XwOnOw{p#bM+0FD2@e#{qlHhJ(OrUm{VacRl zqQ5SYrjnLH@ceirS=SLx&|pb&Zo!3;HX5#;BA9pp7_-&4QP0|Y6fhftE84F~eH7Fd zMg0c>C-Zw5xK~YsKT~A0Tn?PCKVD7;!aQWrYcQ)xwCin8@OZ7PA~BT)J`&MGrL*VO zHWxLtX9tJzf@AUSy6{_C){ZFTuZv7Sx!gfcK9?s)g-3k}qf5_2YwrELwtq;}A$FoS zBm}F9p}ScEqZx*G#0@^P5>WHG8#z4q4D~fC?$zFwLzcms&7CVFv)GK#I$?ULD-otg zYS^~YZEnN2D!?aoZ95W#$q)`-rIU=cg_&sodr}DeKNBI0)L7kYyORd*ZJpntaG1%) zMRVSE0xwc=b^|XAM^bFF;*bicKsW=BS7Fwm($WAK0zQ`uRp4rcJ$GnnFCZI}#H^AN zhVUGa;AronL?IAMM%=Wfp*DPg{Yiyo&EmnG*Q+x$cC*6Q9sh^(0J6B@)wA=jB(re) zOvLT7a3c<~^C|acpb?J2<5if|kOQw=zfj0RX$=#?05h5eaMxd87t5Gy0xOzg7=aSL zOAX;v2NW1F@TYO|c=(az(e^*z9Jo`VVOA*?{%x#ac@X1gs-M{+J;N>S;HrT!w1L4H zxK_Va$=O8@&0IbYr&u`GfE5p7O7bMDuwpRqtrRV!uvizt2zY}z*}OLR$N*`gH1NMB z#B&S?>-x06_VlMa`+a+OhNFGeo0bl_A&aQCW-mgyX#9)`IO@7)-ZrBv*nN%yxb98E z&#N%nZGEG2>FL}ifrcS8JT+L2JSv-!h6@M5`Ezt_=Q&aT?3>AI_g(&7h#u z86-t>8xXV84qOT@BZ|481z(q6bd@Q(ssLq`#u*~KtY3z6*gx`>S5U6O5j?*v)n{3t zMx7(4f*@v#zKrNK81O=nQoI8U1V&EqG+T=B?PPVkk3JvKEn5p^ViSu;N>7U5a`D9f{p zW{?>_;_AXJh7hua8$7I%OT7XxcDj~@<@Y&LNQy`B2>7Ixhnj2$a?P@W2rk4}C?m*uXYQKI)whtGhZ5bJ21fQy(GER(G2Mi3t^ zYqMUEjKG{z`a~Xj_B9s)295WJgKJ_}`P|8d9sLyWFPbBoSbO+{3gJsrT@#`qo5ap^ zO^8%hrc=8Do~%N2pz=B>76!;QTwo~<_LF|RCB|2fv=KEIff&x5i#&XIxVQYH!Q&7y)#Up99+1D8#t2I z&IeJkU@bW&x@9L^kT?$1P&}^eB>-bFeRBi}2RKW-dH|mhj2p>K3Ao$?`o}34QXKQG zL%4FV(7n(LGGS;?4%2(V&@VnH+X*6$dGOBpGH`7H%qoTyMo?283wbqxr8>Ca0{7OR zYcXU(;|4HL;g`Ze5w0d&Wgx?V!^Jr>pyXU43eUlfg|G2bBidnF6+3Rr z19Ef0$73T{&caV-aAUv;g2s{?n}%^3E-i=9(3F56HVeN_K~Fy&M7%(LS=ZEvp@;`f z7^{@5S(Mv5zHu5?hUPbLEuI6O3*)kvW;ReP7UrGKaQT22=%qnqFed!Qr~nSRZ;jmr zw6f#1((E@7jbnX=ZdBF9i{>Bs*E{GMD$C{nJ`0#%_aF_U8 zB_JU9`kg|WB?+@1&fW!HQ$3q!C%fJ&QgK}Xzv1Z=)X{n>7MCj=C#13$J;U7OU`mhi z-1b{64d)AaFUldo$%NoHZ_zOztDra;Ze&3tK}KMGa&3>Z8-f^Q#=DW$iD_aB#!@08ASU_?!{ayt$rJxl>Ow3yNni`65z- zcsXahdQ24juUR}OBVb$-E&-prVmRgQR^OE87@jb7CyC&;?i|*}*7CbZ8EyxG=$=kj zu&xNPR?Xs4)BdVc800gk^mV)>p3~`3*MyL&YnK-T@${xuyVS_$Z31k*jH` zsgx!e$RQ!7Dmnv4hr(U0`(Z72Ntp11BL+r;Fqlj*f2}aZXZRLe3(AH6>Jk-q=S+eH znj*%ADVCSh?$yR%$of4Pw8W>-BSe#$Hqd#_gXCtH_1i3`u=-1hu}rpN*_vGF1WXC| zqA1Xc@P%mEPsK;!+er8h^Z(=QO8}wzzQ^B;8I2JQhRW91hY(Vs?U60QSVJmA*(yXy z+q0D=Yp6sGA+#Y$I}(!0T4`ToY5SzTJ}v+A-i*@r`S$yt^4{I=yXT&J?z!ildxsxR zytsg3l%6;igdT)!;?d}&?+G&Bh!pVQ!i<89GK7rsLvb9COnMIO?6#+;IZX~p!m9)h zL@T3!Wj^i(g(mT&lOHQ$oZnPQCmo?{N*yZFVj*HuzIkr8TNplMA`AZkdt9b$#f*Fc zvk(SmzQCX{W}L9^;51)MF&3)xWMTN5PVPa$QVABJxQ`FGw8w<2 zCd>i>^ya}I(+vCz2IVLL6oJn zqBXCDWIO|WTO2GMX$)h}c*4tjz}^6KDLGau?p8O4f`a5kT#qs$1+YY5T6h2#gGV9! z1A6xDC@SIzjSl2dDME$iT@u&>U$*yz*l%lUI%tV7C>6Ah-vO{sgAt8ZCZ5b;Q!p_& z?K$#`;6pK(0}wLgAjfpA-I|H<@{-FYIvJZGjTQWkaISnDP{L*L$%)(8TQVP(HwEYyz~R zilkPQkXd3X=Dw}Nk^J}fmf_q3g%2nJVP|-}fv4vnTZ^S=t;9pla0?-#8!;sdf2$vg z1IoYwXOs&sF-Z(sM(Ztp*ANjS9?&VF^Dult@oy5fLLEMJzlBZc_vPrOAb} zbAVq!D5AnW=vpRhOpCpgo`r`D6DgG=-UjQjAB_IX;FAHkbdwgO>rN)#h0Pg#MA**{ ze5(|~NGOY{V3Gu@1~DJ-QsHQPV%Vb4wkmd^kY)?6b;A?!S|JIl5I9RalEaZp06#e4 ziJ4#;&jSu9SYm0}OM8h=$0J4pm7-lZAB08LkU_>w#;nf)nqBxV{yx$kL7KH-ZOk6F~nM49! zM}n0g$_8FBlGnicEDn-XMz@jhJvHbkic0J81R@vj0VM#@Vz`IsM!eU_Nm{N9P#7>E z3+re&n`F;2=`MFL_OWEJdASHmfCavI;!m`SFMtthCagD6a#|U9Ed7`RKQ39VJH?5VZ=idM<*h69@b@d9S$c6(2DtvX2f@bod6d|hXzt00Eq<;oF!41 zoF5jR5$oeM9CT@) zaygtPfn5V6IvQj(fOz6baw2NvaYQ0Sz>%Yf;Z?#agN1^URMOfqO&R6VSP;!aB1q`C z_=N)<#h+j<0OJGdba2yDw#QH8`>@3nm-e}mNGABy7afgoF>v6W(+=M%i3*t^WMLsZ zFAt{Zv!uY~h9YUWmY&L$M8y;la>8&t-cE$af`^0fA=!;6ma1ella>TNUaWte5Pd7I5`iYS3Qta^B7Br`@~K>erV0CK!}W^Tz+o92g>aAx{uE2difO{AgY^!` z{|6vr`OtA4WoS3UEh%NqaGXYL74Aee z$t)sB1Ixw=L7#wvPk%H=4alnD7j#pK})eLCpwP(<7nn)(gO z61lvtV<2GegW(0US$OO>@&#S2=st)A#>B#(Oa_-~7ElVQE4Q0F?*2Z1!zzjkA4#In z@`>cob8!gS*ayXP@qkMK9w%!B$Y;qZpOZ)0H%XmNr^#!A?P<;f`=m_t>+1E0;u1M1f-e7Nd;ge zGBQ$nmNWs@1=L02$rX~QnLVf&-N?fwz#Cs$0LkDX&{t{SV&K;?O!ywYY{B!vCxIaX z7zm8~UIKX#!-`^BLNbtasw7Q?G{wG^1`akM9LICPNrU^Tz5%d3!VUfNt=EVEE>ewm zl(H1g{rNyLDJa3`e+q9xr*kPVn&V5b;dpoh_mM<_hv7kS{23W{6I+M41Ayoro)dvt zt=b)S*iG$6pc6!344*mp%hEE$8g<}}Vty`Y57-xChNxRD&s( zn=*+pOT>}*^&q^`0c{A;QT&YR@aB+#Rq^-|^5YkbDE*t0?pJ5h1DcK>`>Sf7WXpqR%;g!yR)`M>j!=y)r-o&dhw&Ws~OZz~+1!m1}PxP<# z2-tw2o>qu6O|tN?wEkNottUZCfT9sr^l#}E)+89ko>Pd635r-eUftgT%zrd3&7&~n zU?-l1=fSyhbUlhYe*%qIHXcIFBq8Nw6nFk5XkcKLdeI6RLRdKPd*uhYf?pCo+W-Jd z{j*g*Kk1JzDu+>6MXl^8f$cLE!jXave7qfXFvfoYPy#_12hqY<|F?F45|7R%flW9x zLnB$falICefpeMPqYFeLFcyJM%T9CUueX2sl-~z{&Zi0lG-EPojQna@K%>J_=FjQD z<|+-)32F_gznJeKHyz~_0aO*;hQJXD1b(Xtg5cEo4=QV3s^KS|-W`PvH&tgsZpxo}gjXPLrtzC0^lNQg286-lJP8G*2`cG_^t3{MhwBGJ zFwC?6#nNHjG(wvEwdijlpp1+LcFdu&G*OK*^{&41IN0#dM~m?0aZFeUH7)*I;-4L$ z(d4r(F7|WW4}LZR^9W2Wg^5f$2X^&M(#X+FIWU%oesR3EEYXjFj9NEi@P|C#JX8c0 zAgD86p2RuXe*l~)faU!P3F%0!Y^>)2-2pwhGSI%NGH)eP+(gyS-|=Q2O7pfCVR1P=l?$dwVPlF4SIqCHQ?h|T99r^;HGz5Oc8@^dSLq6DA z=%>tlFKi?KOP>rwFh z3O}qLe~spc5X3A#AYh(S3Q`8HY=ABSP-c%>lG7_-ZcIn;Jc ze9?fkx9vM>csOU#Qeza9LR1!_;K@c*6r+Icv1u$M-;V;V!7)hU`YG}TH=rhRh>pg>0Gdnf^H+Xf!z{Z62(`2gYf@*DTa&vSnMx8 zl1Y>&7bH&Lw@f+X3n=1P7V1jFoDskFZ7kmWMX!Pj1DI@OJa5lv4CXy@6btu^1g=1t zS139%UOgH<9@!8i^paGkdnNdM@G99}2(U6sJgT14~+=I2N7*zJb6hU@-E)BUu=P zaV#4154?7`ir=t8E?Wu?)tZ1Ak;piEOL{tvKZ+Gv081>EBAyQ}HV=hfBY@2Uf~TWV zs5n31uV49SWmFN^XOb}m6t3o>!k7WdhU`R1^uqSN8N43B#~oC{f!qA~k_Zv-HxDYw zOuQowLl6|sm8To!M%RkNZ`;91FDD1c9uI#c7_ls9AB56HfD+(33#uN*{yPa2^78>G z!O7o?16xyo9wvDwV4cc>^8i-i1|`rgJe5Wi{sLUVCB8r^J@c$N+-Ts9G!`EF*TA+1 z9xl+fHWLm9p>Tl3B+=h68b?&VKaAp7oMhGc6o*0pjNVdaJic;=1HFG;37(M2HnVq0 z<6=NXY{Vh67Qb8?S_kq^9M3Wi*SSKvLKccMLWFLL?_ZD)uuU-t{c8YavkTnWgwQg@ z{E&7MLPG>fV^s7Ac^;vlc*(FI3dI5Aa|Ut&7s<>Luq-(|s{XDjE*n-<7~U6Dd%y+- zZfL-ukx^(qT@f!6wMS5Rkr81O!B`Li;Ed(}A1l#-Ti+(Kz@FbAPK6_wa-p9Cr#e{B zC@@fi(MgOps{UBKmk{!5%`JPI5LKk zx($J{Pz26M)_G^}l9My#L|M2K#iTIUMZ_D4TXIq-qrB0D$NdGs@gDqy8bU^$@rjZI zqz21tE8MvR*Mf2zXwj~8ZB4NSPc}mgrH2kBDx5(j{|-j zVB(0zF|}U|K7)(F1~T*u7tH73Zc9)HqC}$KJ%+LIJq~J`VyTHS6fAMAI!5ZM!{BQN zJezq*s8e@Tn}UfM1}vKbJi@WSvmOljX+U`--_ouJ6*vhRe=qK57mni}fUBW@wJ5sT z6apnp)yZI714zq9RKAn}FvmPCud0-Rie3teS2L=jK-8z5uoFQH|c zS0BZe)8e?L?Ruwb1-D{&3Vk0g@kX&i{L=|qf!k%$Sm1`$2!fUYL2$@7NqEX&HP{{y^0g&l5P$f|jjEaZ_fFD{U#*0eBqyGxP`s_rGcpaUL zk62&=&Cro36rI-@U5{W;ACksp<3kLWyFiJ8;abfoD>E^u8R(8i#Ne_26X;SGmzHY6 z^vQsv0_G?`LmXhAgfie<2K-i)b2bYP20amOI{*zjKm#umL4MN{c*5U7eo(caCNiQ^ zVdNn3kdg~E0V`)gUunRs0j1)=&}hI{2GAA~3%q{^BxmjHi{C53#SR_;BV0=;0hEDU zjLr6M&A_D&6A!(M=RhY>Wsd&i=u?i6;&K`o2&)5={6!8eTi)aYGsO1BSV8hP;@rG&0 z(ZrR46AiS0ji)BF@F$YbfEB$7e$)c4>VSswd!OhKJe~rw%ijU)D2D6v4=kd9b{tIc z2R<|7>LCg@3+1HY#c}cAZve74_RaIFqi{qJQHL2JxsdsTUGBg`yeptkD47crk|Zj1 zgaZC=Xd+^vCA?&O-+#Q|)Pmyzp~Mz^W`-G)Na?`qb`Eqb>|i0}HmU;}50)ptRD%6S z!6T!f5{K?=6cD6fNyarz03Z-T$z+r$l!8!QVYWt@iEO`daU-*Wn~cKaZvf2Vxnw{+ zn}QNXhR`7R(H9^mAXt*I^*AUh5hWvBF+ciJ;v+_4JNkDu@LBs0QEY|B*J*^Jh11E6!(@WeEJr014;I`DO~0 z@<|GhveOYQOXziwYhaABr_uWfq_LcF68Q!UeAxa4;4Ko|8jI0UXjEJj!YLe$Ft5XKbcP?`VL>jOx^R5)fDB#4cj7M=ud_yk z{MHHOWA1!X!8b{9OH>%7@d%X#vm&4ZEO+=BN#qRP+{JCjAR-OW22}Gmz+tkEvH(MX z5~8#?pr?GV03ZM+2J8~BJzNJc3B15K5;`k!{hMa^=^eWM3E$C6noo{xOMGYMtEy*6N!%CTWI z|Jc>MQt(LvluExX@|QrU!vT@BHsZlStn` zS<;&cgZd}wgo0~r)al%ITTfo`g}fKusq-*!GyV==xa2@r+`WIselYL_1FW>+V(>Rj z(i8>U{nG0sOJJOk{Qpn|Fca9X#0wn(7`VA3{NJ5aSZzSJ{RP0}PNv#3NU)0io|=h) z8-+i(^9Y_JfbZv^41_fz_|MLK6xdQc0t;a-15yzWUTWI+kN=J~lwaTf`g|B!JiyCG zxN&feg&+#w>v}tMIEFa;2=(&(?P>gQd?myKn2`Sh@I9RGGj*cI_bd*ePa5`pBcEZm z4%o+rBme6S>nDVfZ_H1UX!R{EIT|H*7|myW3m_a69&-mbXoh}_`hySOkL24wBXD!Z z_f!~u!2d@ufmwtXLi@X~hvhK_WFKi~NT3(?EP#sqVt*`kgpV~m;DPD>6~M|5_%@R$ z5kF@D+k})qWrQO6G%OB^<-Y;ko?{qbmNfoGEyIB$-Wb7J@#W3memikj0>1>-9|kHf z8Yf{`0uUOnzx#6BoOT%CsMN4?#GB*D;`=b10)SXx%={I_LpHw1j~BoK0_DR9M)tjQ zLbxOo^5Gv!r?Q3%;J8HadKPCI-<)A=g-w^^horisk{Kdf&Ss=k5zWk>Qj%e)< znEw{dE9aYcgaZRNI>P^FC(bZO^eTNg7eO3EHeOc@mjLn)Bq8uV9Q5OR#Kg>t_yI5c zwBHyfHiAZpKp^@5VgZEsHC!Q(2d_`@(f1vw82n%@53pgrh2t8hF8J{OD*k&RgbU{b z&>o(QFdRoRZtG{@#0LOFlX$~}g^Q~Qp;;ad`rmJyO@cj>2{s}rg#$;JcmUP&0U!Nb zoFIn-{^kuQw0=%Tp`-jTTqOXX3v^3nV({WZ(YW`I@B`}cRKyJOV{&wO1b-_X);c(Q zAbu?T$F%?L``x#HLpDzMG=6@9&tU&m7#;m3mdiuJH)#P9e3NLPw?Xa9;^q0?j$g_c z4j5SoKND}rP~mn59LW0$UzYGMgpAs)&jA%~s36eCJU zc_DxQ99jBz0{otzgb=&|`yTT5t`TM9l+67(C!hi@HTs3peopp#Kf!4DtN;bHV?QMW zq(JchAK<%f!=n@mfwI5LrbLN<9QXoX8xU>Kh6o4tjujJNh_e)QbWu*Q zgr}mh9tJ<}#^fqZ{(1wUK^hX3Tytt~YvYALFR8L<0~0Tswr7*>$!+799xAQ6?_`9w z&o=YDlyameHc0H{gSPlSdfwd=>pWjf(LYfCf&9TS&xpLr*E`*X1r-nzD%A)V<)QSNHwhRKXTM6OCwBISSCEsy&`=pyGxs6 z({}&J(Uh0#kb?7A`Llb7eQ;jw+RF(~qmw94@)RaWH_$VO*zx72N}loeg{r3ph;C83 z+B7HZh_N#{dCrlnndgj-iOWlDiuw5NscntzvnxTjM`212-J=|eoR-JsPMSuaMAz&L z&2db5ou_f=@&%uSHs+zS)(aJBggZC51|z zjo9YIyM|KPo5K$q>Wpw@j=SU z{$rBk!Fem4o^P>ZTeX%tMAH(+Jh`kn)JR@wAuQmT&kz%^el9j^e4fXk+YV~JE3mYlu1$i`Ve_8$!~8TkSc>lD;oFK6>q%og{`zSY-X5T}yA|}nZLfv(x$&6`lJ*8U zMz7(TY%=Xy-k!6`eX8w{;eo4xDmj;yR+_#IPQmicH)qnPNo96=t9Fzr&Lnp|nOZly zcw6BIn%S`>D$^^JEGx!(S}fNqnsT%1Qi3fz)Bd%9*s;MWvkz@6e80DZRW?O`?wSXk zrTGTINd|sWc}c5<@}2G#KP!@vnShFBPo=$inG)a8)t1{c?!lt)mdpr~U=C*LF;{V? z?FykiY2k*8$>HPdrQPFhFM0RktfkV*p_i3Glcb7+UhL`7(XWuCdc73+EAflq% zykfs7r{H=<0YfL|s%4&nSfhk}ThPW@v8Q$t_7&v=&(C-}4NO-xbP^xKI=R|5I+t z6xl_`CB{`|&35+csnZYQ*besPQ(UYk>hD{TWZx@PWH`l8Moz$#eTu~_b=x=o9_?LP zzDbW&)@)a*FFP#QczV=n51;oBG$mX#BzBx|s}5bmsw&?1bn{@nzKMvbS^e}oPA{j- zKE3BKIj8r@^j1nAJN6Q_q$12%Jay6_IoEfJVWpT<@$7MT881Hicqkg)?7npU{gT&~ zr(ThZn_7iU1RQgsLoBvx`i61n@f^CM#I)t^!A@2yYKyZz#aV>}+soEXTRmgt{nWM# zPjA-D@(DKBsC<1Wwj*(e+ktF{(&H1FomQx%#C#0Tc?9W$3tH7L^#$e|T-h?)C6K#h z;<&c;dm|=%vU6HHzD6td{=}mC!rr&N6D;FwZW>)e_pK1=v!J+3xN<4~Fg6~#RpH~d4plbm;zN*Z2v9e~JxmdZw5sMrb>nZHdUtAVB2{T0!&|CZD{ma!; zU0cG{7Yi*0+eG2}SuZ9f80I|S6x(~xa{BDBzPX~RAnsP`49OEhvD`-*kpJbR^rgF_ z6$B4R3411+E}rH3aVm#BD78k%hD1ZBcz2V$bGy_1!{?4yuc0pS7uF9@d^D>ei#^_A z-o8~W7nYtedpRj&Mx9 zR6amT!|;nq+4O0Vl%!L^T=;Tpt5&NpOMYn}4 zxk2e*y-1NLQR=CWy`ggP%W;!jcEILyUNp0|WYd74h0T-LAEii($C)R-Pi!bTUgMCu zak@}{T-4(6Hig$m3w3q+OiC9oT1Gp)KF;vf1v-;GRYZHSOuE7v3F0i z@ei-mq8jby#=jspoe0!3NnC;~PShr?PfpER-`qV>CF6pftW`q^r?iv8(9=Z1%p6Ok zbNU$l(X&*K7euLFT4iVUGUM9m;yrhLt+FyMERAW4jIcl*?~U?Gxn(RMpm$`VUeZZT zXI*+(gQ=Bxms~=rgZ*lo(P{2UG>&6{VTns@)2OaPNa=u^Lrmwt4-bUY$BoUaiJr-& zP4in&>X75LN!fM&c{0tof%Pc2)PI7!&FciZVRO4|3`QNxewlLVzy;}u8;){kU#{vA zX5Nd=><{Ybn8k989q+KOV_Bm9r5kyLPo!eaOJU$YX`U|CxoZ1);eu6_W(C5Ewe^>z zPcE|?4QR;JOf8B_9sPJ(-Y85V=(x^AfrjZ)&JDAw=cr_SpohB!mA<~$w$ANAoZtgncN0;*)HU?)ix z*&5q#9PSffrMfX~hJnR^vD7MxegBN>hI%=HGHa5152Qs*&0KW-l3{1d41?z~w9omc z-EWswi`JOBvX4LKmW5T?6jBq9v+KP7~D(57|nSQ^;aZ^Va7tb+Mcg z+wa?B5+{4E>s7FdgJ;a#^=9jrIqkhn-z9O&M4)n1rR>9+^At61%+K58|_ta%R$2E(Xe!>0V3Ydh9HG-ZiNDLJui#23y9Y(f_AHxW9A zMFejU?Tj!>=f2g+r%+4xcx;;;HGr#YVx@Z<=HmFRV<0B zyybUlx%O4Ta-+SIn`6|7;_ncB>dY2HCvNJ@MjBS#|czIjxS<7(}7b;gVZUR1792)DS>g{4p_p#MT( zmBL)(I2!5SuV)gIp!qc@lLqM!5!z z67TQd7(XBt80u=`e_rAg*Rfe+PK@ckngenIvY~FH^e3xYijb%-I-;amh1pI*pVvKn z*S1!{lof9e*RThu=Q;Y>j-^eR9%wN=>`RsY+TVwvk8+(xv2Wk=kW6qjH1VCWEysOF zpK6EbVp-L4V}(QO&P8XqK+(U~nWwnjgF9R~)yP14YwiNC~j~eCEt+LV`J?&pD znUMOlwzQL`nb~tt+n#!IUuRsqZgce6(C!$IGRO0}?~4r#oL0OpR8zCh`p~Jl(Q0q4 zSqtZZQGHxTXa1pvoVulPE_+=STrciUO6VA^)O!ibTreS=K82(lKhI#xbVZ>A_R&M4 z)Xhnil5Vu{F^(Dgt(VqR(4)?Y?@>QQJDymjxZ;}0Zixe`JM8q2W^KXXPu3ogl zYu=ryZ5vz0C5bHwdEXwy=H!FPmyUJ6qlTJ(@r<$qHw%gf0(U!cE#3NZTZ3AX{XUS) z(-cw~w(CdNMa^J6do%9L{NyvOWDQ>*i8Nu~t=yhDQf0{!MaKe4?L3{VmOJEiAJ!-` z49dQ-%QbmwX5WKdW0qT47cA|6pIB_wJS5u4WWRjoAG-GDW&_$y#~tpoj?EjT7Gy<2 zYV#69=9RhUIV#&0-waooT2N}a#HOv;kkV zm@e_@K9AT|J6_4&cur&OoOrX|1Bp}gr03k~n)lAT^ZFItrxr`wRW4~(osaPiYu8=X zq2{69CU|E{%Ck$M4Ify$2k(tm_S?~B>c4{~GN;Xc$qlncc179^pS)(Wq(|t`eX;nq zPT>!MBHEoZ6y(}pk2AKKCf&G$Q(>~Txbyl0#*!ruGX0p+uUl#k?|S*c@$#1$LA#%3 z>P$A}>Y4W}_fHaduQ~U~g7lJG9y7;&?Df{qUq81sZs^41xQrz?%omKBTibgzn`@#n zsyCT+262p)cbz42>HPlC6AD7_FWyWp9=o85cIx_xp5<@LSj+b55mJUq)pxF1I4`k$ z$EW1^7U{w?MvUOJCj+%XYd2?~uCWT&!(wX2r_DP~4^3t-9-pA#<8(N~;#EkYalOQ9 zv-A1}H9E|X%jeaVm23&EWW8rqIuuQ?6rP@`J|}E^`i2=cyBxiJjcwd09+fs_eFrLC zTQoy&3kg4pdo@-gqGp_w%-B<=edGK;KzUM+bq^!GcM^Xh3R&yphVuxlAr_b)eF>x8q^&J z#JZmat%_?PjxU|}?o#j(=+>T+2!;OXg-ferUi%F|K z{%gCN?yvaKy0`F*`K0tXYo|Dkb?T;94k-;DTD@rRp3)`9ZjfhX2HC`H5^OrY%X~rY zwc1Ci*4gQ=$K9CcmQ2mb*H@crU@<>@_tXyUAhnL#NLi8e$^BmuSuOU9inc`xf@8Oj zUbtbe3!?WTTrb~`z4L95->Q(Vg&Cq+7OT#8OQlEJ#kfp<8>XoERD9u)yPKtq-nPpG z>t9&EtiG|&vSFY8u{Q6RmI*`K1_fE_bu<5MRyq+=fBQm!l0+?K-(&%q;48|A>gA9% z+-OOUGZspH{+G8D%!EMA7AGTg^L)_W%%>)f}qg!S&Jvs`*#-pPBZqt)!Ohgqd( z#Y=Sz8!f!gJ0Dzr<7tGa z1#QOlXZ`z{Y6E9b)jZ3bTHiMxp*eKD8@t%A;z@97?4IfJ#wW?^N598Z)@yf8Ba@!g zH|bAK(@61u7)yB}H!d~x(v>?qD@s31Y1O(n=DdVjv=AzF{MjdOd+Hgw{hPF!d9&l( zcLoScs4cgcvoIky_c>Mj<7 za&De(Bl+Uc1AmL|^d6D%sH)B03s*r90dG$A5lY2zfPaW>n@RHT_ zyE%6$s;Va?i=g;8;nUz^V+zw>$K z$Q|dHK2c$d^167X7TXLZj;+|^(x(<-MqQ+RTU||NMkKs35KmgL#b^5QJpriJvQVx6$^LncwY_ zsyaTQ$a`b+#u(i`T1taZBc^WRKG%Hz6=_SD{0}9uNZxjPXVc0x7g9fk`yTtEe|GWn zh<}?kj>v{QH<{bJ=d)|Z-K5*ECfuBg&3*C!HQtl(PJ3}G;+Fo*@vMZW#I@t8Ar*1A z4r;!yk+EIy1WENF2gj_9ows{+&9SuQ4IeYEJlokDdq1^W!8`YsdAVn()$|u~Cpl^Z z`C=17<3JOf5utvxNKW^%*fUp8C;6&WF}W;_O$r;Ex`&GQ)~$>#be9dY^R+D&=~+wsoA z$No2)o+Ze?SoQMlL}}Sg8zY3&mb92g#;y+48QNBF8tJn4##$_I#Yg=sC3Ue6x9?Ql z;Ac3#`?me$*AAP?R|JW8If)fcU3>4HvRLo9TS;$crK?$niF&TGIJ{!9*4rSf>7gR0 z6F&Y^IzuP#O7_K-^QwfDHYv*}olSALE?>Xn1*y&8y55v4Z{vk*$L$F@T03_946W75 zJ7?}i+3%LGR%x^gv{nB2cJ-Izp0j2v8VWDD{rd8xb(L$D&N|c~@nD0gwB_5L>8ryY zd!{Znn%!L@o^pp&A)g!Qd&b;;@{^vAp0l65FrOtq(?;xd>CLW~$6U3kGY?5@eMh-c z(L(#E^LgT%x0@5R85>mlny%Kx&ilv#+E|c!65XX+SA6o^?YqZ5%<%rl{>!Q96Qa~M zDk{}HxxV|%0o6_IyVdS6lS0`~x^Ja_>!ykVr8|@>RZ*$W?ccI( zzuY5ziQRjimg>FjD}qJbyq;AtwCcIQS0rjB?8c~wfr%Bq7sK0%!FOYV#SoSb%HW7& zo@r!mdD}f=69(dEldfi>AN99H6a@I4G&7r1hX(D zvm{mpO;;`Mc(&W_ymiAVVd=<%qlt;*ALJjIG9%^nfkxM-^cIcDV%M^fdnu<5H;p1$HfhpEJsESXO?W6a zbh)$us<~IE*3hWnVf@7NTiCUR(?-8?bX??YNIvDhN@k1d{WFpeIx`m;PNV1KQ1oTS85xlbv>FVlwHAUO)u*S>7TD33a6D}Ie5U8CY(7=C^udguU33UDhzVARtoU*hD+&p_03r#xEjDnuK;d z(3q9x^@$nrkB34LW21QgjZ-^XH~5d~UnKVxNjf9n@sCRT*o=Qv?pUANzE=CgS7eOUtV0&B zo=q5XS`0+S0wMz{6ZpQlOAxrb_ZM#zze z#$u<;Ka#@ORq4#J1~G!q$4y)J-qhgz0S&Df>-gS+r2MNPU%nz=k+b)qqKU-bBAGIZ z1VC&>iXkKghHfwrG{+Moiz^!2d!=#p%0u`Yi-NPs0|lR-0t;{HKQi|-d*khv)aGru zqr7zI>`LtmTaC;Pyu5Bacg@L7_Y7tQPr9Rjb(Kd*@fMZKCHGpGM^#Fg9F9>{-}H{D zD&|Y2-BTZ2GD+FI@{G60?bBIR^|@D!M6`DH+hkQWF3CApdhp5M`ZbY@GwXBj&pyxH z7%Q4#%yt(&wB%I$nJzx7diSe=`+^qfSqSCoaL?B{M!n#X#cV825(#;J1FcwdpZ zEtAjcSH@`<#M!jl7hJq=J88Gs42qND{M)kzA9ZW!bxmUL&15XL8ru@f_FunJX4X;J zwE>?y^cU^fFzVgaRh91P#sy9xFArKag;-B=E)y$CqaC%PzkU_5xK!zo>Nd+o2PItR z7agbgAkWZ&$72>aMdU3^U$%RX+_J|O=a%m@E0d4va#>kmwDRI3foP*Ewzj)gjxx(E zDG8TWk#cxU)@q*JvbkR{-ztS6T9(XcK0GPGeB1p4`CQp!gC{blSZUGx$8=W2czrx% zKn{^Re*X^hjADXWW{2Tx@BQlS8ixDsR2UbE=x#pj(7mf|^8T#Ih4i~S&#OcR<%CZ^ z!|fWkD9pyp>)Hto*TZpxkJOvvw~x9BI2U0*?WnyFGC-{m~gwrI$!FSOPr+1q4tY0@M;IaSl))Qgbk(Yf=FWC{5s(P`r?b`f=U=Oku8D@}a0PZEFAOsXK3XuGMeZD!Zt~Fvwf{ zQ*7wHT^Bb@h|C}RU`b$C?t%jrtQp9oMJwq6?iqQ}bE z9|zwb$gf;|>+af92OB0=Pg~Z*erENGGs_JWfKfGm_8WHI6P^1;v8%da<>>NR5r*CG zvXz1#=jq0MwrZI%Ep2x4J+;M6Ul z!PIFEdp4TRtoAiOt35^g(?s9U#|!l(#~*T<;`^$0j<@S`dDlqt?L`Y>*h481Vo!I8 z?%tMbWZ=0EV}}-R$~7|@|7Fb;678(|rovgeI(-v1+_dxDv{ox7xZ!yBdbH3tQe(GatTOuQz5_PiN|dgwNN!-c#0A zHx~+*`JpV`yDv2(N6ToQkC9pwU3KtcrCYA5t8|3@4VR>XhtJ{z(g#8}=PKSjF=tNC z=zxc%gR>6SPs_5{-x3nTrPw`cQ`IcqzbcZH#~Qi9kQ2Euzu!dP7%l zC~;4mx%D_ESv^TU{;je>Zoa|g4Ranh8*SZd(>>89z$`w1G%=^E)PdXPb=s`mp-N(` zaag#j{q@%r7Y`+how}~MjGTy7!nM*xC2j2w^Di3|FAyxcb2v!0rF5AVb;q2OjZK}> zJ(Gqss@y5k5{=P<*!9>*-8t&L3V!7(=A)NOZ*}%RX}t_ zNNAc#D0>%}>v&g6ix_tll}Sfh>|dZUMefP=QuzYrMX^??!^S>=LPQTE}wcMr>t-W6p9jSE{(FJfK(q*Ph*_>GN(^?+ci z<65D$+L!Inw`zXAC-mJy)`_mx_A;#RpOfHF6QLRMK`|E14;|Y0vihDp&c6 zW(@{P4k$iebZmTL(Rpr{;-g0AM%uZOn9;?wfj5>bZk;*5)IO$Q*#NyLC;egN@swTL zaxT#?jMrX&ZO%aJT}}5DtXSH=Q;1`$czV2-pSGgT5)IkN=}D(* zQp;-2B%W|>%9B%G8-4xL`W2JpTfHbJL}r>W+H4tNYp*C6be#%wdV0un@`LPLTiyQC zlPCJV7K%u1e^RbHTK2qY*YtI{r^Ag;&AFFaM;V%=Jx9!Y>D4MV)41?GW}U+D6QuOp zQt1y?NsuU(x`yxKnXWqTz9RdaH_bQPYBV8Pcg2fWRl6ow&00ErinBUnyZxQm2W}mU zt&XaUZlY%UhrZ5;KQumbvcb|y*>?p)6DoEsMLKicViz{akmzE&XWA4zDtg4NGLo!0 zC+2(cv0&5!!xpP98!6>;h68@Gb6j*EIQ1z!oIC5n!hVBiSvpFh-nBPub=qQ`%+7k4 z3W<$5EB#VuSw(5<<&%9?lVXm0o@!0X*i=N8>*mrHtF-wiZ-Vl<`I`IbrgZAR?)%%;&?zu=2I*!!}L5(fl6&i+>-)}^y! zNW#cw^t!zk1CqC{nLe~rzi6v;W$uQ>Z`;tUab-Kg&Wp@+^x|IMzBgGki!-BOo^||U zv!e9trPc@x`Pe7J$F2xRi9s6?0cf9w{=UI$mXc=64~4~ z50yKvec~S_=SfEl3{gt*ZoZ-41u2HIz;>Bd>OuV+rvRaQiFuxl8nU!Q?t8VU+eeA@ z31{hKb!}a{*|Tkp>Bg;(Qj!DC9Wd;WkPV#pj`sp?cX`qWMbbW!*z$}9(ob&XPsz1?(B-72b#y%mCZLB z5RWJAY!Tlqr+Up){*BhD-yAj9>Egk_ zq!UGfEut@9PckW37dW_h?!f5NmbY{zPg*|P;EPUfu`X@0$`Z+(S5mBgW#4>_9Sqki zn+;l>8mncm#>5BR7a6l-tFE?s$TCm2jZa@+8q@aF_xkY-x@{t6$1nOHe{(9o!J2)& z$#Tg70|l-i!`tJym8y`oZ%Ihg&TRXfRmr0)E{7jCi?$y$9eO?G;yQ)s3o(mJ~DT-2NJ45`gD(TX5Cnq+o6}Bq%U#VBT zrE`L_w8tw?yK}O(j@v6ox8xchF%!{dW^dE4d7a?S@MwAIf9T?l+MT{0t=CgLf)98t zYRV72@3ujtdV*!s*`{$1yW!Vv`lRJlM_Z@}jMa5C+_~eqmnFwaQ7Fvv=30rO2QxnE z&E6tnFiRNw9Q`+fhfZoTfE?tS0SdCqg5^PF?Hro=LHQI;Vy_Aym2=F2m0s^ewN6eiwF zT`KV{=vREppLtb4&Yt^ZNaXheKf0XSZ|_SAU{MoVWvkrZn$xjeFLBe?Ght1}$tQve zPMVe)#}^LC>5dP#I)#Q^5;SG{5+9Mlb6nQUkJ(Xx>>Wwmh8>CN864!Y32JQ(xvu?& ztFEYctAw$lnVCCF0j~g-^=f_wk-cfS++#*XGoWANE{(r0lu)6|*Pd{XFVm>C*JDwZ zZ}-#Vk%=OFqa6Jl{bH;EXL+Q76^DWIlIe=!~5Gwx%duVo%PwOm&$kzrC8 z<-nb%lBSe;RU(be13Gvm*PyQJYtWe6oq&Yt=fF%y+q_JXM#GxaaZxPGOcfk(y2Y zwu6Fl+Q$>cn;oWQ-PilMIQtpZU#zIN7*;%2T0TCK?Fd?zhSY4Q< zQJ=6`d9PEY-u(}bvV+XDuwy1+skM)jZn-;b4zg}?G*83mJ#)`)tILR;S7zlsn*Aw% ztMcRf&3W2WTh2KQ9a8U15k78X-+bxTXiq+MbK;i`Y1UJ`7@7GfWsMwPV&MC%E~yUR zeVY~nPn`BHHm8ixg3MHvaQ0RyX2M*}oq01`r8>@q=jZ7qDiIv7^J((Qm2Yj<+lUl* z2XBwy$(QMNCNzr6ZVM|6Ho$u+`(OmE%e{oz`_htg>E(g90=7xD*=-N7Z@H`HnJzLu z!sc=`sgkem)V3By8LdcFUOcPaNQ#Y&!lNT!nxAanBYFHr{`CgtLDd?KTGN{N*P*+U zEC_odvlXL9hOI;~2Oi6bY-@_MK5{TN&SFN={hrkRP`&}H);Ii#W@)YmARB49yE{A# z`6ISxGp(e#ww|qcIiG}lALO##;iG-O#WQC7t;n|5SB{;CjGsN-JV@#$v>wi?L?!oc zi*QlJ4dm_)JO4uOu6)|LL8I5S`tMe%f{n5syd^HpTop$jo_bJ~zcF>l@ND(S2eO}T zz0-zmp2=2@vNo7vQPbnCH!j|7blkxHd?VN4zO;~xZGIT;&zTLP3xOHploZhfg=wY7 zqBhOM?eW}%){%6vN-<%-Q#_$U+;7fxSIXI2W#r2dTFzqbG$l?ae^!<+@4k9P`z{hX z>42GRy4uvXbpF=1np$G8+66C-TZMJS94D3UuAFY8Z<=OlNIojE;rUsS2Z|me(E&`_ z8cjh1f;Se@_=So%51lv`uu<)d!nS()%rU!{owFobiOtI!;Ip3XV zb<-iwMP~D>{cOdekMxJey@IQ*j|bYb>O_g?y&u?CIV8lTQ#MfYWsl|U`-GbpKFzEg=O7V2@oZw(@eDtrTo4@Vp zoVm9-ZyNfvR(b1ltHWVBgRIxni>^BP@*|deT|^qf4<|Wx z)W?esh$?iJ2X7Lp1=r3TcXsF0Zaies4>wo5ayNE(nn&mqD%$K+ZozbheMBLNe9keN zaxAbfN9EKZWmPF%^AQJ)nx|&wFSqSZ#;YXiXlUtZ=)D}Y-sVuR$bmN|ZqLu)EjhOa z74tNos;I=El?R;Xd2jg`ipUY#sMbb-sK|@`JRGKB=aZ0l)L!Q|R_OWA7rL)L_~>uJ z@15RrDzZ`P-W|p3CK*(&C?r&qULlw$`iIoRmk|?XpSKaZgDqfi&gG3 z{A@wC56#cFn^qFCt)Ffaebg5c(%3z0lBIJcnKM8n@WCi)K#y=YRiiKK=6n!K=h<&w zP^kW`n+|vO)I8$NP}}TSoMCtSkmiQ+K83*YOj&O1fTb$G>iOofJ=$Ut@*k4l?oD(= z-zYk6T_2MD?KtIJ$5a;G)|FOspBUbGc=N$+QoX{~!jWZIdJ6mIqv@>EEC;m0rv#sD z??2xf+;U#A{>Aym#<*R3FEZ_53Q&|d-f;7lt9jY{3)R|#SHd(f7S6SY`I%g?Rzf?Q z=TDi7LkV#gBPRNE3gYD)b>f^;;|Eo4ZPf}^cWi1;*O!V_!0j|nHp#i=`fTEIz}_H5 z-V(+7I>Y3xw+eT&aEae$x{(k^m~a=9LtU)3*dsiolDv80a@1_qDX|g#3gssYX`L?` z931n|Q}1`v0{Hi|JKRb(=V*3p@CXmn*KRI5^u>ykn^Wt;d~5jo+y~qh-!8F)k@_`W zP{;w{+nbBF*6A8~@~8D5NmKq<9*9K9p7_L*T&IX0J+3CeE`8Bx_%jOj5+eenoH5k?pSXXq4d(zS7cil5)Sp z+FI)vZc>%T{>Y(Vn@E-}H7?&`w-H}p$;-o~-!(CJCSx}6-h1d^6~F1m*Og>GLepe*3m$(oy~FS9Vl!g%<|ax+8;T7tX7Mo)v_7g2kOa z_0)Mx<(++hBP_>UKL47;d)cbfTTjbz$s+YzGK4>|1+kdd%x7%4!`g3ba{-rt`Bq?y znF`;6Z&q0{CALI|-=-Mv5bG%q3F%KWslL@Sr2OoL+o zxl>i9V$JgQNlcfLZ1>oRZ-?#ftmy9*bnUBh+~%06(uEh8QhZJblON+GdaWa%o_AoDl*hUUQ6Tor#(mP z1vbTQVK2OyP3W1~NYXJ^nX$f*<@drjYZ`YjrLWFox?J9bKbLc(?N{LzXw3rI znYCU^RA+?X%ci7`13BD|r-hSt?clPxGc7FKB87XjVGTm=)zgxWPrZ^){<@RIeKfRr zM~cdYV&JfRvM033=xjm zKH+VAT~u=SJij#mLG3)j2Z_=8cbE(Nl{O5DkVFYz+Rt$%uR)SVk>Z5bmQ5957X4RW zoxClTH-7%r!}t5IA2KWK_voIqSGh6~Szg}BCwENTC#I-VC@b|c!%*~~Z}IL#UZt&C z8+I`leQva}vXT`!pW-2Ib;>U~G&wd@nzdCSux87ktQ2Yc9pxga?t*)t!cF?@({O8$ zgK1JgoNiO=@swxjgWnz$(e_vXPSsr|vmHJWKhD%!tp-qYmC@@$v8$VP$b$c`7yXWx(`$7-wP zWZ+`Gh1W$(sE|6ZyVbdCkj2W)4fxaHv!_~|Wd|hM?y#>xtW1;Rg^xrzFLIvULvAVb zmE6XY&hy~i(NNR9@)t_t_huIj-1jKXOZp(YDS7)_W#{`hCpbbWHybydx7u@JN^CbK zP_X2M5L>7*VQ@opzZ2gp3F?U`OS5P3Vdv-*2cF-Vy&BCX694c_Sv=Q{#IjR8X>Oj_ z7QsEIR&3%oO+}}2yje93IkYW|CaGr3CuT5;N5T)YRP$+al^4wX___Bb?Arn1%(1$#OYPW>Dxwaxo0w~Lx_acG1 zr{iQ^a~_A0#BJ6yW)k;Iz8-%QQu5f;-O5NgZd~Q(;g|> z<12fUr$Vzc7xI~wj-Nm!7I7!uxB6{S|Y1|^-i`EmHowLOt{lW4VNcUYy!uELHn ze*2)p8dhx@;d%#QMJJEcL+c~IiOTxhqv=Ydt=@{~fu(U=WyHyPMCOc^c)2(3Zn z{_<7|84MQx^x%Z^V0gP!W4YJ)4sUJB(R!JK66Uf~+=?vsr1n|U$}HTx zm{i6#H3cPYyAtp;NI{?3YQy2CECPC?@+S9dpyLUAb3%Eu(NkGgR3_?3MGBjvSEIsl zY#A2Lt2Si2>lFS(`HZlw@$d({Thd;OB)z(i^i!8Owcqod&|4t^%q$8`f!^^zw z;QUl~tNcj#8Lai|6Z(SnEZw^D$!2C|xk>r`C*$&8>}?t3Fx+snOa67PTi|v(LsWA! zSJUgufz|n6pDb~l?@|~r6ip}YNo+f~n2{8>$F$k;?r@QQz#f#TOzg7%mo!&#p?>@3 z=bMfx`-entF8eB=Z+&-H(@NaDu6h5b@6*kgP9FZj-8UAz(KZS7BAI(~x_D7S2X;*a zu;q$N8`o=Z{Cs-rp{|CcOos0DIKx@NKCKc*xiQSN;2N~e;jE~V8Z#mKk~!Z&$Com8 zhgXrrq*n@K4L*k_LIgH1%4zW4*@ZbQ@=9at5y8{OpE5gy@7)Zk^;O=b!Qbz$!5by9 zW%$f~1D4BKN2&ULj*Z|x1qm^}+YiN^ee$yor_~6rDAEAE&JJOoeSS)cGIMq z=$%5-nr#{T`4^g!2#M$HIi7n2gen)?bE$1w$PiWd=s9>RJn@>7XWr(t^sl{{TBaT$ z61O})YUmvZT7$j|ln8DKu6>JKZie3v%xaayGnOb(hV( zll_$2gd!E4Ov2g5W`7deaYLXiB zO&-pN802kr^4W6qCbM(cpPE9xacw`b3 zDrIuh9FFR>C|YVaPj}JWPRfEtcq|F8P%?hjEZ<{;_Zc#O9c%ovVGD!HO;o!UqQLgF zrQO3Jb5E!{tSVo2c#9-HrW=?ugG!&+J7VH7%-<|Sx^!9Z(d^0Do8EK7a}kkq`BtdP zl&FH;^izw+Ua&3hmeSarYSD`C1--o@u#QzRqGGUwEcSatfl;&3zf_XjAACvs|4hK&2q5F9jiJB4@$`nqQ36xryuIs$6CQxTvdA;?@&TmY8rW1C;EfpJ(qJ)ar3>Ui1-#C zqtNLdkzQ-5`Ao7*vZ1KRqW9?8(;#DfYIBC~tKN<&7Tf#Z@>XzQy5F)*N-giGhzKWzd1H^NL-Lv?Ixl??z1HMt%C&p118MrP?B*M&slB>7 z+0nI@h?JN3;P5t@2xbk%B$HK^XUBQvCG|Z^Os&)Z{G4v(Y^Uu(nI%xmz5kBYri|bZ9KrE zyIJFvL~@k+NY_-5vFGv6Vv{*;vs|a%tsGnNy4`S0@Ve{yobfk$wMX7<&Ddf!;phEUCn|eXf~Si@uiPAsoxt5qix(&N>4hJ zIyoj=zxV2XuQJCS1X+cvS*K?f(%c-&t>)7#^&P!&o7K&}lHJ@*dQ{bvj32}Z&|JKp z-xvQus(L)MDus1N?-rZt^ptoT5$uks+%#FHZo&I8Bc|f%Cv6)Wl$@^kKggU#~ z>sp;s*;aSbS@uLIC4}|KBt9Xq)jD&@vG(qFqp(c~ps~_Le`X%nkuDHZ}DV6tnob^bl#v3&*vPXY+WzwTp zfg*CwUvK4>zWR{onz!szD>$tbd&eiwh_I_kaBg1@!+d`1O+cRhp^ja&HONS8QH1M* zx7jow>TI3L<9W&IU6!4XF8(mnJ-jTjg3cLDoj2^`(GC}z-Z!@@ zn%p{|d*hB`q)CMQ-kT~l>;|5-9uKG$Vzn2n8sF61{q}k?;&N9~>_G>)E1mYu7OrZQ z2I!T^8uT*;@$CUBBOAYSe6*cz-tM!fXVgo9y~d62st9Wx z?+I-=z0Q7%rB3fxeFHu^1;J&rC9{)VkK;SMWh>)5d3(ldv!6^q{ZdvL`OW10nObhY z*3wrK!o)nU1IhR2BSyHq(IP#s2kxOIufM9UlDg4NdF#Ye{n4iG+9jDH38gUnrxxK( zCB7FbSEUrJ&#DPsY&zE5xyt-wGS;VaR>wlIplRZDR3DF>no`99(4*HJ+dus+QPK94 zkg!+k5a;}-mJ4O2BZe(J9v3n`j);amygzD4J6LoH&O2Faae%-4`=ukASN6TD{9&^% z%E7g9{B2KUY{7`Cd&cTJ9~JcD?9W}ixyHpkvu|A-=Jh_BR8sGa?CWXo_&!YY+E%K3 z=c0>uYT}r_@9f1B>P@|NuH`<%&KEW!E0g1a10xRy+N$P$t=y3 zw992*5NmjRk~3}5yehVpGoIMndGs7-nj5WCbmWal(qfC8X1dKA$okob4_w5hk4uG> zf}yvbI<6ky&d9uS)vCjh;^r(goH!p=*Z5oa_6(*%wn)xKY)$g#n zF}Li*h}i?%BMpg@gYpA2(`RK4c()53zdB>itCk7-nHefZ5b9Kpzk4saEjmMT)Av_vWwEZ2 z<9*?GrT5*bVqbN)VlS{gz}Xw;bxq>1DfoR*s`*8mZ~2GLn(w@~zk}=h@LT5-%VC%G?R5-7<9NqY1=@x!U1uVy(Ansiq>ouRUmXgqBl}bim+v^YO|o&!G+WQM9d3 zc#<-SW*Zwgc1WD~GL|mJ>P{GcBv9V5WvW%`s;eZnQ}v+Fg6f{|rcrbD^RfqR(tqew zG^Q%J&yQT2^sLVEsLM&T(=FxyyuGyLe)F_O;|4j=A!`rcBO7egNI$|3U5;|js2-F( z!SK=E@x`o6tJ_!KN+`1Neib40OYPx|o-cR4?(TKpEVx;28ok$BhH&G-(L_g^Qqhe} zQ!VjbvQY=3_@k^>$jA1f+(*mZCI^ym51)RLJGWu;M?bCEvg=oR_0s6S{^NUZN1e$PY-a2EZUl0-aN=bK0F3- z-Vf|CpXZ(txZ<^antu88PPUzG8@nAYnH(rtnV(^a({}kGkdtYCg7%8T`q`qmr>?`w zM9McE&BOs_Nv=@sx+h1DZ5+t(&)Apm@b*(}+1IWc)ze)iCoLA<3HRG%#1om9A?21ho*#xz zxqemLmiKLz1Y3yBRZUp-W1EHLeI|K*FSX=T&%AHk_hw4IKGawGb~Qw&{=)rP6BY;A zd7;SAx=H!z+5L-MV}z)=kC~5pH^xRuZdu@IF}D2iL5N8pK2w|4j_zbC=SnT zme6`3~Lrt@v%wv}>W$Gn6?Px#hFLqb6f;P!j`FEsWS8VW;ie9lzd zitZ}eljJ*tnZEjzV;iC!zkM9RaKLD7X0#TBfhdu+f2hVo=r;Og9=Xny4C=~K(KD8x zXmO|^z%LB`DOz0mxC;>Np9~8wd>ts2=vvrD(B#2V={MNXXdK^s0fM$<1}_{A#51EI zNK)0ttdSx8a_PnZ9|n&_Lu~!*IcreZdMSaar3IV)5gczl=a$GoT`{s;mTYs1l6FvN+M8~;0b z{&Rf~BR7%9;C(IG4q!2O=CWHHEBN1@xARgLFCZteYG{W!iNJyJ?Jgt;JtyQYlMv03 zc)tOLa9B_)z}&nXc!kq{ky+c0%;5R`c1?%LH6)(y1I@x8;)^=ZP~dH<83_H-LSE$h_c0|t+eIXVl=t5aXLk2nO&!Q3SV7lE8 z7QWe7tYAubTm$Ss{J`2++7iO&0?`m!3xW_lmKSEp?8g8Vpr=4> zkdm2chptN*r~~pLe89{?G_W-NRJ>Il_~eW_5^qrh@y1Y_BCtd~N-hVpKL;8Zg_i>k zgnVwd{zV4IGW&CTQ%c9F47>tTUyH_***sIQQc8FUym%pkkC|C0L~zV>9e&SE_YehY zTM^V1h)HflpOu2NDH0s(DF1cc;FA+D^m7yZ@^cY~wV>3Wt3(t_v=){j&f@nzvtq-z zbQ>P1jq!UOjo1a#wfq>ld+Jftc2nQrB7(6hc=k&4xi$sj;W7Aszgh4O)Mm2)Q)OF|HQ^cvLc9}WA{NeueV8=>6NZEj7iNYB<7qjQc~ z1oAJ{(OM7!tPNt*Z@s@%1NVY>@kLD>%ny>`22@cEBr~yO+ka*c49Wt~Rn5T&?4Lri zmv8k!42tQ;tPUl-Xf8K`ObdB{rGG*I8Dd7`Ku!L^{JjD}{ttAJLXn;l+3joE+gS!_*42_h;pJheiiHt6 zfVu$tMGL#M^YYJOw33LYhza~@7eC&YGX*ZOvH7K_0ms6+-HW{}p=DK1<}rpHrtI@zU~?k3F*ypw9%gcv7;AV1Nd z`Yd5Y+u*;^{=g9u7%Q`##MLFYxxvOKE{K8SPcm7$;inE^mne)i_l6^#>?~@|o~GZ8 zsWrujL6QHjHVqsMybQmoEBK#^*Cok^K{tSnsh!Dlj4vgF-90Y6n^+owXd>koI$C7; z0Xvz2vco~xbIbw}YY>hj{eeFR27~-OGY%4LC$qafz3^Xbgyl1dLG)RJRvM^T+h%>O z>9%AK?zbZAZ1tbAqf^I3+eLQ<*x{jF9CA~Ss$Q$@z(P1sTAg*{0`%)4g-V;2pF6Mr z^5?=_%)tTKu0hMmxv+o9p;?Bh>Rca=K626HjtO)Q}uBT;zAnOyatM=_oBOSS4F+b)?Y-#^9vxuO+~hYP#l;t0AyX+rn~x(8l@<@FZWAM+R4 zBbBnB2@cX)4S*9fcBE`DD|*jx>K4)ZMW*_6z-d!I{sjKHq7BEo_Nt&g+YaHS>Fukp z5xoJ0*Zf#P1TWpSUf|$XN=v7K+%PWObFoCKFp#7sn7A5^;QXKJ{2~`ed{>X3`tT?4 z&lMa5ZF}G3+gpSIUYzK|Qq=X6i~)!JK^CS{?(jHqQhHeAkq=Q~Vj_&_tubU1=5;b2 zt9o;h`YxSo3yg5AEBX5p9h*76y1d?E8FRiL6B?dT4A7AJ`sVs>!LgLjsS8pfl)VsU zD|b<&a$42ZwsW>ITEf_$5UjclooZ6W4VeE;j$yd1L4E7!R133aDt^g@g4QZVpx@|r zip~Zo7$NUOv89K6_tI@`k-9Oc&2s*{{!g^H`f+-pNrmVF=+ytA82oQ^Oq<^t1iEE# z-s40VvEA?Gg2oqDL+kMx55pfRCMYP-l)MvSI(>5uB0(3X3wMmMKv&%CezIX{*0w^z zK8@!Ph?T#7`SV}Ewq1hP(XmEE62@TvcUKU{>LKP|=wwQtb~i#N^P*jBSG(Tq$jVBK zy|R&+Jh~pZ)^oO-t%%9fuptQD=7Q*fU!h5%q`*t$gn@e%piedr5Th2gPs;d%byeHrQK#BsvrsH*_w!aT7#U{(TDIV zTc=<|$cP(e9OTH2r4*<9Zo%MxqXD{_yBMK>xXVXk&SjW1{zCsW2M}GP%Q!8fEk|((!}Lt>kJf!~rxx4ZqD17t?DKh%Z8~lR+L+ z%J3zi*G2zw4?xaV0u%OZLq&+Tb0K3Y?9QAj!;PDD=QSKagPj6bmfommjvXY0MrH*P zwPAmjx0b)r#W6J7=lE6RB8KFD{u_R54+ZPfMXqzqdkXMiBxTavzn>yJCaav zcAd<*xX@}un?v27WwEzsPiHeOg4(N%)uR|}`AyFCr}YNnK?VzkSAZXpL6-L9jzGw;+N7(xj6Xj5|6PVO%GRLY~++mFJ) zLzP%P@LrZ*WGVOtttSxVYk-UcAI-u-z&FAA@2~{7F;^e%h(^(grL`kFQk|jud{SP8 zJoDRkhaqT#%uD;}{%g>J%$#3RhUKuMZj^ z;46W6>Gc!9U|<$4T;xyjWt4=DY9fcGJG7;bNQ5B|H1j3U`iY9%P;RPQ=~6jWy+tc5 zpEeKKF8Z~Rz=6349&M9i`yA-S!tMHKJPM1}f*HW-Kl1|+KIk}*A@Wi@dP{pp<9F3h zEED%_O+-!|TZ8h{(f9;@?}X$hZgVw(iYMXoB6!f3U~S6`i~ySg%8$IySc95$fFa=2 zb@5mbqq`LTf~SJ>LcBVsX)|B>V}Z4QX$EA_E(Mzpexi22CH~N}MZUQ* z<#|zQCpbZi*89%>y<_+Imjpvl0GP_QD-BEhj)w;c4bIM#A`t3k>+uj4%M21VaH%8Ko~4M(yeH-)!$#<&uxK6JggQ2<=43O;6jte^?!-AiY4d0+o9F z1lG0)pPR5~@g7KfO=Yasb6{a?Fwm?82Dm`;U*u>E1;c^efQPwvFLhmE>Kcyp*)pBM zUKo0?$djK!d`dG*ezZa&+UA19FhK(M5$c`A!|e)cR7*GkPfD5X;*g*)1I-c;gwX=V z2J!9>&1ec5j4($VwAP<~|JWsY=6g`@SL>AR%(OfzzMZ@VElFtk-*Ed(x7CyZ22tMs z13Y_B)BrP9K7$M}fkDcg)#3nCADh-K0)cUG^dEG82n!-6!~yfL=*Li~j99|!q&O$0 zV*kTFmXxXnJvY5+CD*WQH`w+<5k~_|%~6{L88k5Ev$u}aCJ?qy_Z9!n}#r`4Df7(o6VBAYwE}v1o!sif*KU4 zw`L`JS3>YJPrRj&E_tNO&j*AiX$VSS;CWH&Y#^TXr%}KZ1lYu|L+rB+B-I24Y+$*) zSkK;-;RllN19eN@E~9X_$*Ny&`&E2!mlRd`=<#)NKfpnt4?}Ff1M>nhGcyAp4KX8H z%z;`^2!jHu6&MEWq*?>frMk|IC9XkpUpxc-SEvlU<}5?vfEW zb6W)}las=sHwb9%R5y7lL(`Ai@)HiuM5F*aqru1zd}?xCHh{1DqG}twC=9=o?qw)! z5A&=8R<~1HWjLk&$Xr@HZmZVDw|duemgCJwDQcm3t}eC>UqT%(2A6w5kOKgW!R-c6 z2p0eXTaecJX?~*Db;F3n*N=HmxTsxH1y7MQ3e4y)SY>QyGq@HCUnhRzSN0n_QXRT( za%wdBp;kAD5eRsn!WuNQ&Vry=1L_}eL>rh0jMM=foah(awd6rwj(p~Yc7rJR8D82k zyo1Kru|4?WnBZ&Ed2MC4;Zu4zgLElsN@Y_5{V9ctfLz__7a1G-mu?_*eff=EUoS?E zxm8l19su`uX@A^VZP;{FK}%tdv0bmaQ=;F;Vx(Pd<%=P%aeN01UfsJg!AILgnMHit zv><*1klp2iVt~F-Z`~%pmvx%}+3TBB1b1z&azQLN*$>OhzCo;Ik@ZX>V;oUIWB%22tMN zHtg;dej#XYE)@=^FGR9d|Q@=0>HFfK5!vus=sG-2nSDLHLvShw$}6NHg%e zPg8QaOOf{CxRhgxla59C#+j5?r6}K%YL#%aAu1wKb4Q zt$PYL=sB>&KMe8@vw$Bda4K0w0Vj~K8T}?sU=2FH@e>}U%%e%6eOnYcJjjx8!l`nE zdsKP}wA2nw+#>d2mhzD{49(V3>sO^>)Q!rIKfS4j^3Qj zA(;iOu5h>$pwZrB9u))Ldn(&erKs&^(#Fw5JV@MZH~82*i;K!pA?!34f6l zq(LTe%RmqrR!<;L65nqJqu9d;OFVT{HEiS3{vE8*%vVWEmYUQqAedE>hEhswSWmW# z@CpfdFK$(!nv?XG!GG3h(J%7=o2OFXQeoA1;eN=KKKtwos0HN+6pNHJT<@45k{3(! zu-xN~r^Ub%vmu%ZsN2XD>2@MWN3X^@RZ?_w5!`>E6V@Z)uPRVb2XhUHbDzHio#PPv zF3r5@`d(}z%j+FhJ;6IPO1t$+7%P>R@KyEPFRPAVIpW!n1!~pXFen$%;-MITmIsCZ zL-gOtRJs;a`eKW62amYja+5 zD|IpmE}ltf(qQJJ-J>jn`xFPL$JI7z-Zh9e;X*)a1HnAExv9|*+c)?R%dW5d%^Val z(R5}!QiI`RTwvzm%_RCQZRd>Oie$9$xrDr%a`EkE$^0on;vD&Lr9WDsEai`Dh2{SYwB|KH8WPDl3 zZ_LBy(JE&O#V$#LWffm^BREqQr4B@o{VlM9c-sD_caSrGBd!gJyr#Ox1=IR^h74MNoKO+CCB9Z#JzVN}guK{Y5OP`hSuq->U59SOzfJjdaM z-9NbDtG${tnv^e32se9mcPAL}%PFZF+{Oznn5<{PY+wFCPGJ0D9wNRNWEZIvRm2Jp zZvi<&^#xmq^}2XkN>V!OTbDfW9?BikTT?}54i3X5xY|VV-Bk|lrWI{2MV8#o-`Dd5 zw$BCs6#WO<3Ut&UWyY%`1P(aXvxx4le<}K?%%}cdKMcA!mYJ>8wIw`ubY?%J;0Mn9 zS#s&_xmmIgZ3XU>B+kud0rGgn|0V-lfP@tEplt+>V&pHpcc@ofQca0#Q0sOG zVp%T#hiKwo=9q0W0B@)TNf+X+H`}%{yV!r*tmq48AFuXvaj^zS6D2Wt)ktJu4eBPk ziG^x^d`H`Q?IV>aj%lRtBGS4t{2_2~{y*uI-d1X|1_x3~5TZ0gp77c&trghhKhS@( z$qN*Sg(idsNXYBTfD7_vd5rIYzkgWt;5)?6?ZXKBrisww+9gGmD~|M>Ebx>gxPUZH zWjGdv5xU0HOeg;fz3$LI7d;B08p8A-ga(+^3xD3F6fS#QXo8n$;kvUL=t z;@MD1{a8}HkEzygy_J!RQz_~UKu)^e2SFTvc*UR0Un@k)suq;6nmDe7La4qXjxock z87c%)@e4nYG_?(iwk~L0F?{SdI!C3yf`ELDZhul@pM}gI*rTlDA7@qpdrrCqM26?CD)y-a90Do*2FWlO!A^1p4_g(P*{rQcAFSY58)X`sXBd}w%Rsr-?HLzrjoWF z1gkD-f`NH`@WeWNyhMvgDU5C-5Pi}iEVO><H$nR8|EC>fp?T$Srh$i+`ZIn7p)e{P4e-5>)}X51@uRBdbnvEZu;>HOS2Y zywc^=@3fv3EA$Uq`@E8OU{|!z#iKmUO8&a>}Ns&o{ zsA}mm7@<(tAb> zL1E>1Ix4k_S1L7vctn>IZ@~;Ofu`q5o9%)P)}VBQ-M4fPeBt>#$XHE6xfX$(l~N3b zC1W5dU1!${YW=Hl1_k1%lG{JmOkj#CXbv4tBgdSes88 zWZ<`(P$e3aipDE9i!G;;6=)2fC(k#9ZesjzyCg6u0US@{PPpntP_Kxm?q4awgSOeQ z%gGJ27a%?pc*=>O*DSNT&x-rNb9rC+JWt~pv*T1_pd|HV!Mc#~C(jA>|E3?DpcNp*_cRnxy+mjK3xVeEs;{+?7j&7i)BEbau%Pk#NUD^f!DZQ7U6J2 zd^Yb8g^@dtfWvgbK}Bu%OFf=$?AxI_`qJksIdh?C4Kn6H zU%Co3!w~mt>gu4>Ho<>ob2wk`348pVCXF=TsStpB=VzHkK^YD!twFsEiqyE6fUo?@ z$!fw_vqE0j-re}OF@7Ckst~L9XUOn1jhZcW@Ym$_FBAX$-(mig8iW+rgG2pH@JP20xSdZXIM8Yd|R5W&hQ;<0TRl5A44w zhfqa&WAUC!Vsnh)(s%oFXASelx5#IXOn~IU4bTCcq%dAqVz6>kff^usduA7z$~awF zy1G>rAb+A)H6npP43z9DiGKA=DEJDgJ<_*ya-PVs;h%rmpp=(2~hhC^;*^euZxMG_BX6%)Kgde##1%@Rc54$@S+zOd77;@mJUl9@krgEFHUL)E5nk5#Cb622et!LRDDdh=0g^+LL(d zLqkx*ov&9Zz(Mg~t_FWBS(67-x|lm>(|dg zeT(4meJeV;CF*W-^PVxEmR7Qg44(oBj5BwU-`|LZK}&N?_D#wQ7)i7Q?A2 z8UjfG7`^`;y}sUNfZ%Wm@7_1TnIN1j;T^m8R<--%cTm+)`EyI-wC~4rDfP&a^gFZ4 zvyCgX-X)gQu9YJ6ZJ?iT7!CsO_9jh?_hPlNn}Fs2sT>SeFkrT`6Szk1I($(Np4m(7 zQNiI*2cdj0umC>^A{4bnW@nckUNOT69D52EvYRaO~jAac@-O9o z7zIqBt|yavbBy;r8R_Z_Un2(bbP+MCcZDb3n+cl^_kQ!=cIAXTE}>n|j`8+LCRxn1 zVGZhh7ERol?Bb78$c_QM(ee{?*Z*YWVU!e=p#_O0o&h5bwQJk7qL*f zG~+@vkFAL8`J-~gQ;gS*kfPp)t|}ezHu40+$sf-#ma@KYDK+bV;aO8Dx&G_MfjB>W zmF_*8PdVer2&27c%wXKlL0hC3>1|AJv(FcD$Z|RmU#INK$@~6#4SIQvZmH1dghom2 zOaym?tQKMai_QCUW;_>I225RYdbH<)sHJCzWe5WawN!QmtmoZQx6?n;^#P^TI$mY`E!5?GK)3H zoB9s@-|&W?7v~ZDZE&(=R~K5s2qgzR6_l{Ia+Ol>ehZi#Kb_*ge$9-#5J8tZoj+Mn zN(g#v05UzlSPDj)8DnKIy6Sb35|3t({zEt%^YfxH1AN2>4<{*lp&6@V!z*R6DjR%# zN-_>mLi8@DKvo91C<@Yc^g7A(=jbD~D!j_=m-%T>-wat5WD3a~4FsRCm~xeelo)lqIoQ#~w^QQDj4r2p|S zz7PemYVY@%SS7~d1pkXne&+N$ivd??qQT8ArsK3==j~6IT!UXzOF5-7x}@sSS|A-H z0dkU~=SqJmi1)QTZ=n7r{7w$+S#99kb9B8ni1okNloUJY=Z#e0GEH$CYC?+kF{{I8 zug8-!EpNZQ58De;%~f^?1tY+_tn^dz1c8w+eXQzJ*K>mK_-Ky*f1ecyinJJ&e(+;czYInQ~{bIy6rbM9bt$w|yF{V&jE?H`r6ZY%{BR8Tfih(T<# zOn{=#ci@8b}xSCAQBZ0)GDNqeevg+Qqd zO&0fxrrrU-uF@MkuVR4yc_O!-ivtrspKRn<9o5K~P0M|%peBFK{j>z_TItSu9NQ}h z+-iYvM=CAXx#5#6Bi=o_)Rj${iKXI#D6!t8BqAVVZL+^_HHM84OH)G`g5a&G@+21h z^OIM#jjjUf$NL;MNi=`~wU9EaUK;D950Y@CEZ<|)FxRVVuvcid2 z47lCkM(!k9?*g_U7o)X*KsIJ+b4m~t8K|N$gu4Dg-jcb^ImI{fM)eWo=&5?+NA5w| zFxmjmbL!jtWbjG0+XyZ-B}fpB#1cn96dUR2k|1Vbj1<`1`8Z?WS22v@MlW2I;8L5& zSMe~8edo>W;xu9?h@yG49<(O+R2GHArc-;stg5r>ONlt0MI$2OlF{O#=(u-%G{8&n z{DgmiXJKr3%n{ai@MsoHZ)PujQGIyHEX?(M18`i?V#$aD4O?Jgqv}ZUm(4xU1z~XP z_BZ$g&0R%93>HfMvpvF`F(?7OB%+u%G>et+M}t$F=+ZS>O9lqjRkttR#uA@CK!6+3 z%Tj{?+?vXe>^d=gdW6%wZ|Xz6B~<*f6_DLicNT(+#@yDm_yHS1w5!sa-zbb>Co3{? z5O^;DfO8wTo-Nub!~hgrI~C2_dP~pyQ;Ml<;5Cog*bKN$K`T&~syreBD-xL7H(171 z0;I8T=;m0>t5ax)E~G5gTJqcQz0Pei#T2_0q-YT4xkL zSNF(~u0UHC4JX4VdmEWUWW3;daM0PlE-1mic&J!d*F>?e_3!#&L5Yaq&W8vahk5}3 z3&qADcp!V?yC8}T!G{yn9S^8f1k1kUsP8T_^IU9r);HkQw*S`O@ zqXDIf1W@OsvT182A&jL+!O}YdXozs3I@kNsJ>$?=7K~FVI24{v^(1p{ny@QA^&-lDzGxVcuq0~8uX$5XPNkJ3%Tp)IfwGU*VYgSm=|I&-!hAoaP9@SD-Tu*QIQ$tGMiuW*EiWTPr^(^>+NHx0&F6iYP11ryd{$e zL?iB`I|6VT337oq?f;bXX?VZi- z=5T=`elKrxP^g%Z23h&W* z1J1ablSG<0fJKqPHx|M3kyDrPfw6RVwm2zT3@*?K6;1n`4TqZ-F`j1i26FQ1GWyHm zjj*!=wcC28SK;tbC^I6a=+o4~*Jzjq>_m};NeNl;u6h861sh#7co0z_EQ0DI^0`Z# zX3qD}RV0#9p5t(0(Q$BCBC+Y7W9pKk9<+V*Wq5oxM1ml}e8zf)ZQ2IRwW+|#kPvP3);$F@ctjnF1YMPwMf=KkB+7?fy44DFj* z$;D@9LknRL75ljcW&ryQnWWy&-T57|dKD@4MDsiDkf%R5%mWA`8!bN|JWo)90BG|!*QnD*Qii$;>iZUHx_ zq+?%)VEjxyMe;n4f`$W*1^yM(^>&PA6q!U~_FY(%`3)A0X&{BLXRJuH;hm!5zh=iz zfBceiE(0FD-a+X^N~}PKF`>BNsw6Z4am{4GwyJOv(Dbf ze}_zj<{*fHZ-jP09mp_-S~T&lSnMK#f59g9K%-j_sBBh zq#!hg2%>@xA7~7P#TMuJIPo=fZlMv84{gkk$%$-L-;psMffNhKltBw*%9Y&)-yxIO z7_=3G)`0ZUG#nrwA0^Ebq-mtzFTTu27UuAgj|GL3IQiM*5J0?Gcxv1pib&tf@$mqN zr4VJr0U5`q90J$NuL7H)Q z`Iu-8vQh295bow}5!|hD>85@zM}dXMkZV2k`t$hd`5DnjIB;1lvoT&2$(r!=5UN|o zoqSz17K1=ShA@XKK#s3**{*Q&FD##C!BaKsN&UIwkpak%DxM?pI2p5N;}6JRb3x1i z7L__cURMQAkU4=a-Kz-hD6l}+k>aBr)D82-*A!Ykh`4dd9*Pw)alZ0E zA*qRlLi3HUWKPY_**SUY;|N25HK+&giU@xILP$fqf>zn)P14BpMYC8ZpQUpc|b4+L1D%?tj

tCQuv?(5I!_D$hq!C3^DWUvR@$+L7zfA>`BuXAUBFSobwN$ejY`e|&SMYN7t^Z}AX-X|&)H5yPPYswZZ&(Gl8P&BUz- zX9wKr8$(XwcVNf?8`5{k2p;r}Zr3G_8_#oLkAnbe3{V_&+!#1N#&b#!&&q+6!`k|( zXw&^WP0ynFoaWP@Nz-I_gL@j({{8Wlg2OH6J^Bs-T9by2AXLY zK#nEl1nybb-)cJP+&%#^pU=q%lS_(ka^NHL=|Pbt*50*}@1lDagPqv`iamA`5ejaM zXns;QmL_}YA7pC`IaQ)>MYex!Ptq%6G-zm@P_2BGz52FwC@Pb-QMP`9tC41etwoHUu5`}7% z1Q`2dSCd|(SA8oK5oR2GsT(Uw^aLQBGot8;O`EggV9{Fh)9-t!C^X^)oq7%ngJL_L zAh89-1eZy;<#-boC>e{I-;(Qa|7J@B3v3Vu#f=sehC-8#AquUd#dg&>DS6*Hp2rxi zLXr8<;I3-=vW^aV;wy4LR0e$>hr1y)7Bhcz3Nj8E8h5lH87kIf11w{j9Bn$A8duD5 zOcsB*xr#K}K*Ul|WYATO;2XlVmJsM&l%D=X1Zm7qMMU3{VqeZ-CMThhf)lkG^O47B zwxdm{vl%I~ICkD@HG&Lo2MfRr5F7;2g7lzgh2L|xP5Sq7dL4poENV`Lxx#2{zfeMd z5PA=fqQm@B(AAEy1HYISGnLUDOw5uIy@OCELTN{eUve6V2((}#o4W;h&l?YIy^WUK zm;|QScN|!?>pTV$IJV0H%>oL`&jk&mrxi_hmA6y)3<}lTRS{gxw;&^V!$1`YWeE%} z8KN(_+ibt4rjck28-&iL4-t{Qb%QewIGp=-3*CN+6@Uu97t>_v45m1?si7GrTj_KL zQpjl@$@5}Kq8SU2SABb&MAN>+q4!!hkg(Q!Tz0_b@h|`03qnAT{(A|2+Cqvpj=Lfi z@dGgX0A)wKnGG86y#N|E)V}0xTlH0(fatVK$r8*_=n4Y8SAemi%H4ge_}_u@Gq9#j zO4{zIjcu4*%Be!3lc&XVz2aYvL2nV=%-cGylcMG1CL`Xdco5!+gBqf5_x&E(!E<^N z=}upGBnMhi`6O(_`RInm)^oZvBVo~j3E_A;2>;8+w9fmwmC z6~Dtp^JA!1GmJcD+rc0k50~0G(n$8JagDAj58a^sK_(z({4L(q{k zgHuI{7d!=;Q2;)M%*UTZQ@!J&9$3G>fe58u%%IcY<~gRIbTf}-ySC+S~j3s z0lfFgxZ3@8|NDS8$tl(w+Eoq0p}=5>kzOZ#A3VtT*yG!Y;3*s$%qZ-d+7%H zGmuGwQg)@~{Q*3YwGnzziVXTpgZiBPMHelQ z==`|x3goBc(T=EcL{vb;)MvlH!;EBaw?S#YQG)qF%2BLCq-YzE*tBAzfG__OIs{%5 zz@-rvui&ZschhIDXzq33bEO2!_?c`NpPS)8{QMZ=NJ{ZlOLK);$bd zM%ecSEP=)4pPrx+IaMUKP0l4`oId|K*;ou6sGF6VhzNJcJ+GR+o1D!+r7)>p;upwo zwezmoaA>K8*q_Az7x>mFLVO(s86Nen${tLOWeE83Q=5lmuzWBXqn%04{Xy~m0`^;Z z!6{MY=JPwTZ#m7dOf?DuSWkEV`2lqnC?8A#35fp1-JjE=G1iP^c|ZT%lfYM#w~fgG z;VTyi*SF010sgojF(&2yNiBZONjp`v-}_dv^*_iH`0aF*>ha9{Iv60u(hS)YxsFSJ z#Og7!7^y98o}vG)8@PYo^u6L ziJzWkiIbumF~%!@}K*`V68$DKwda~^v0m{tFhF#ZuV?Dz|f z_+uJaNnl%G=}b+X=7;_4Y7g*qCo{;T>;_#PlJg6KYH00W-x|*%E^NoQ$xXY)$SeB?j6x0YIylD72&lxd zuIlD*;L*ocavx$AJp!zL3hZ$IJWBggXRghmd-E8;b=bU`EBDibs2NEx zW&g!30n5l77Q$|P;lfF98IDJBvMJ)Ow7fiPLv}TTvzN*BoYUNOX;7rwaPh#}=X>1TX~P9VOkBYOb4DZ}i&!`DhZ;_0JY8qnRP{YLH=(EnO^*uTucnu?_{ zj8}c>8ZNHZVsCS2GccS6_axxWF&S7&2W)Wg?1JBw|4EsGQu#IHw|pEeIK5Bw(wn=w zI9xKD*%xnz<8X&TY`$byq3x%?(VE%3KP`8hIdTj#`aiLwHEEl;;Q9;1z2+nx0JPMr zb*NQV@aYq&Dyn0`<^${PJWq07i{g*8B1>`qn|e<0n)L##QBZFXB1#m@lcXlP-NmEk>KVS7fPsiGeSiA`V9NYmns2LJC2 ze%5O=eCp_Pcm>IO&TbM1Ty+}6-HEziGw?oI+{KCY1au%;JARmjjw1grCpB(+e1m$O zH7SYi#jesWuC``eHT{b2^c*OM&0|`8crB2yXz}d-6TTHS?Eo-_%ea(h!+1jTD1Hal zI6n29Q3pnGS86=X10~nm9l&8;`hNnqvwU~4muAdm%)~mNB=f*!x+g1o5~wwl@8~Wh zMh*w0s*1#(VR#09$_N?1I``jfs?&7IJ0{L)q|)Xzm^KTzvfE)YsyDmxUR3G8Gy}TY zY`XWO;!*x>#<+!+Kd6T2c|Pt~T6*1L1>?pb^HCTxivTJEJ}5f3Dj9 zC5vMxR!Mkd)4{)!TBQy-z{Vi-)6*4eJ=#1tIz&IfrICx#HJ-6d_;-h%tNo-&|3|To z#SHW_I6d9$ims3p)_UHe&dCiKzI0z|V=ko{Cmxe`=n4whcdnR5nw< zB~l%Y$wgo5;KAX)!zIV`lNlt1nxF8$)!ldU%wZ*#d!tXiW@`Xp`n= zGg=Kfe*HXRqM`Amqst-&y}O2 zk;P2N0g7(}*v2rB6yWpoU~pjmJW@Q83U788r6G0TeZd=T6n({AmMrw=WtdwYk^oZj z0?Ou~US~ZngIdtAHfWdBmFxnXq0N9Fj4$bSRw$1Kfg|u0(fYL zhJY^tKFm0oRhG$MC#!<8{^m3r7w>4^1XCOsDDemITzLWQ=ywfRt`MmEA!{i?B)r2M zR&UUDE+bANLQel9i}6`IF0PImLWLjA77Pquvly*GNP#%0+g?WtltufES>Sd;1$=~p ze*KZD4>EFGJn(o3rZ`=xXo;zUc5H)=x)E_;*C_O>{~(2IZy?|J5x|233l3JJSPkRY zFrMBY!d6RiXAIHY6JVf+-q8kLr*S|#GdQvQn&_u{kL0meq(i5OqVo?72|4jAbn%}e zt(L$>M79eQe}v4(2lBhLgXo{2`SRg=;oe9wSWTi44(~l{44=$W{0Zs@x&@b3OJntTmWWkzFwlnXw6?EU@CU1)fl)>Q@O zCjjT6nS=4_OP%Lcj4muSFpL|i92Nra!A9_cHu+yQVP$5`fDsqJ5P%FrSr~}(nAYy) zQSiTKw95D?ngv7M&MO+Dox}6waB=t&s0Hou%ldrj_)S(;7H>&sM#nOM3Lc`NoiGgQ zN3@fmBD##>DyNDOR0Gn_nDGT<%bjxv!GgLN=Qr>_GoTjmcZq*xl;A&eG>Q3^gcn?l zKB95XKsNA({z;%eAzL2g1CE{umQF;l|7)!LZ_ZZK;+Nm&QN$fVVQHuq?ct5qVL-Ne zh-e)nh#7O|CmUn%uc9D$7-js=@%X=aP^l`WXdY+-;B|4h-svh(D^h4w55%%oprL!9 zBG5x(Ka?Sq=V?Ge*q@+zOJ)DEnSF~C7t|0{UQh~7^DuXtVJ&znFdLX7Py}cvkCfsW<{hYACV3gH|HW$w);zfa>gqlnk$7U?x8V9`Vs*W!HSd7LQ#nTot{KtQ!%7J z8vf2Aav7!|l6+p|K&t@@4>0%<5s?^jK_mNmYzlva^KY5` ztyHtrK*O8?7-*IlVHg||t-*!@J-Q&v5!fOJnBXS)^?)=alrc%}f4~?(_kN2`KLDLY z=D-k2Oe?eo-f$v7e_O=$Vu5D(ijA{fCGwm--RU#d2;-ExwxZazR_`X_VK)Cm4BhdhDlBApxKG6^YzEL17 z{>R9S{#ZbUrCjfwu*}Xsj2|(Fv)tKcz#i~-6U5O-EZkKz2*`iZW2utpFt`L{S7`Y_ zd^R5@9+=&qh{HqSF=S2&KMpY?u>=8eb?%>t2@0K)q@6MqL0n)LA|nOR5K!KrNQf*7 zAd|i#qoYssz|xHWsQIXpps~a*3!)&zGa!ascpWVIIH*1Bvn^~2Kr=X1@C|Xm5BP?| z)A$dGMlF_}EP=p{!lqTe4vDWpf+#qaIOs=4Dh_}23NSAfJK;ptvb zR4g6XiwX+t`4C2#AO^d@fmTL}I1v$t>I9cT;1qO2z>q(wMcB`Z$Z;*;AvtJ-D0Cyj z8ml>+3}k4|v<>{{!Uho!K8-AR9u8bQq^E=WL(%?a2i=RszYUUs zHXool>5q^>oKgdc{6}#>NwxwRL>NoopF`ot0oio-u@GN0fXlGt!TAI6KxqzikLEwj z;Vz4Bz{Qs!FpwKb!4T0%ECow6=z8gPHd4j>e={&uDY@;hDxhuR!zL_7rq zaU|P}h=RfHAq@H-J)&`F55TqoSPob|$02+RE2aZHW=DKZokRX6+tNX6xS8H}cq zu;N64@_^|u62wPFwFaLL^k4EBmC5mENQ^2`(MJ3MdMh|1|I>9 z2mrDWcy|i}`Y0e6hmeB4BBSQ~|JkSfj2s;eDgrk)s)l(PNEqDAOYD$Bn{_#KN-WHP!H2S`MS2u2$^ z7YIVd0{tMxsL?G6#@v78LG)eLW5^`fzmLKJav&fhK>&=_Be0id2*}+3Pvm~CD~kq% z!cQqM;vJ!D0ZiylNGLY|lgr4adu9Kw)W3_j1G^O&I1nv1hAaa;D*S36ip)qwX@691`Y)N!4nunR)(lYS?TJds&5u;%StYRU+ombKoV1# z(y){zI*a@#9we7JxfPW8EHT+LC#)U6M#X3#h_FlVjYlb=@8oqA=`A0h?*6dto?fM! zG*%>1tTMHurtj8-D2v**d7G=ARIHD%zjTtYXIX*Yh#OAjrS52Ht>Mn1f>%X)7WLIx z=Pm?Kq#e;+Rj0=|$W&WPscm|vLUfNz*U_)9eOwxrTFKQX7D@-_nqNA=7%1Oa;MZ@s z!)Jp>-}yCP-ry9LNxQARxi3cfVD*tB3A%IS&kwa;!1?*#45JRtN%QL~@Ecw9oS?s6 z^rm(1*0s@}njd7n)#r(JKGE83v({ zG}ihih$x9942gBOrTle@P<_NmrOw`DedmlxNf92D5YuH+CjxdAEzx&vyQ;VGwvLlZ zZIGh6SYMqwPRXEE&LC~^#5cLYOGwnE886MJXigb;d+nv7y7JMswu&{<(?14pez0*z z=h|GmG^;qx&NBx#{hbhbc*DojYEI5;cNt}3NgFDC1H&TCRn8de@p{BI=sSum z*rAEvRykeejERau&kNm^R^j5dWUII`^NH*Or#_y+0^P|GV(1R4GUHU zez{;(AL_kS(xWtFhuCq0LHVwUlUojm*N28=+TKzk%vDtwz3TB{TVM;>>aBg|`fKmb ztEUMx3)>8gxtnfLHk zb5uZqU&n`&A$mK=Z|3?`D41lpe%`hrih4IrbJd(9b?2&VhZ-9Pq&jiSqMJNQI;vB8 zts{KYqqH}iX{yg$Z}jAvU#o__Xv%>yC~b+4Y?W9{i;ubgwz7`fZ}3+$*Dt|;vg2f~ zGa~dB|7CvgFIABWCCO<$e$@#Ft8d-atIXYf@r7pKuu`06L}&|?>gmCOC8f2I+fv<Ug%mkuZBPSIGCt9fErDP;E&gXF5a z8I(~+_xFg>UjHe2ay^0Di*|P*k?LzTIQxwcF6y@lalOgUymNX^d4>1uix@9T9<6q zuAm>)8YWfUVAoQbAg5!RpNS@z8CSE5;Ff%Q)4Gp|gpWrh-3BI=nV*Qf3xLu`s}sbI z?^F%5O^XOPDj84_O7eGM*=N#aS_}4Qd02(5KcXYKGQ2=?-chfBqtf^V>RxV2^;Zgg z{W`k+=Vt79))HbHu>&5@jC>FpsvjkOHe$ztkG<#DN=%benx`;7blv+m+uW2VnTO5M zF%9^v<5aM>Y1(C{b$W3cdP!L|XKE)&hb}Kua4UD+5V1!n5n9Fb!o3N)Zfn;{+RHXX zE;Ff=UUn)pbpE_!A=#B*bQZX2xv@d}=ur&`-ZU@5^y-GH*sFDwb99{klEi;t zsw(SWfE2w@>_*iDU&%vB>JLoZf@kehEAekm<2>VGnH5D+A%2Z#y?NdGNc=s|B zgI$vA#ceBj=VC&=BSJ4Sl~v>C&-7@jv_0HX=33S2tYLqV{aNhOA?t*51B2)Cc%eb_ z=g;$LEeqMTMoCfDqb;E>noBHtr}=kmQQeM?HkD$O?>5#9PWy1`UvZ)ju%M~Xe) zq%~s3$Kc$z>k7qJ&T}_*%leYrq;$F5r#AAIhgj=Bh)-KbH>jcsaR=8rc2t+O65j97 zSOYmfZFVXWl_I=Pl3k*`;)`?$TBRZO=yyk^U4G}9u%mC8-kaaQvwHH$E@i7e)6lgc zvReG0wL9@JRPg2NK7>o_239o0+^KY}HJn}>d`!=Kil$LbfE2aTf0O>}E4RwlRGkYA zpB8p_&MwspgdV$M>?Kj7utO%wvca1s%547t`nk{TO|i&l$$1kcSaF)+1{|r1)cKV{ zCAU_;Z&G}3ir+xq-Z}SXq*9E5(q-!BUGlox+R_1U5}Wisths=HJ@|~O`9@={R5e&+ z_3e^3runB!UEG;5ZF)@oDt8bDjy$q+J@U! zaqwJBoaV~7if&7(Q_8D!R?MtciJEUDgRMX8{VlR6Sc?_|k zO?kut^?Md<)-0Rj*ZqOux0_@z9N3_G?m^j_?M{W7AZ&3_n80fZyI8kkt5g#@sav|= z?iaDYyx9KYO%ag?>t6^-Lq4BLhHkf4p;|Bj1LC+=U((*^gRJ?Qxw`_yHk5WKxb@C( zuf6@I$1eABX8Zyx#kqTg&erUC5V~%}_FSRo`bSGAVoH4aq|Y@P9-zLLG|1o3mS_?n zmh02n!dFgM`%BWnFAkiBdY2;%;*_#l^9M8*OaWbIm$u{dCl&TQole;(_Li8)S0a(& zZTejbZhevEdV|v?v)Ys<9;(dohG_NV(&eF5% zE^SNKtDd&F#oV0bqaTq!ZF7w8?)xecyQaMeSDshXy2o9w(kj#&6S{t>1VQGVep|tQ zi$Md$g;?45`fs8`*LQ2>wxk~* z{H1}L(Js{o6$>kz@~smRQnKpnt4l@-5&~O_@Y6&VR@i4Qn><1*i*j=epNxf%4t_(oaTGw zOD$blP0u6i(rUg$oPCXTG z@bqcGlWWYG-MgeWcGHE{78%Xm?kq1YHxXa2*tOTZX#D#@!XfN2eWWwvAVMYtVryxUFAq@2hs-5$rL*MW7mo_W)8z|1Z=Q7-{ z`~Ikovoc;ua^FTmhG~qw;`3uyTMK+Vs)sF~SC^T!?%0P{*vRxy62&`ZSmjR{oF(H$OZz{ek`o_2ZpS4|6(hFt@tMVBlRzjsmoY4PpzdieyO>-ry- zPrB6WGVzO5u^8EcrxB+aQ>}t)otIW}dEO^@yZ6uxGq?^DQrTCn;v1FnmlOJc^3m!~ z%d$R8&uHOas_d)%EUmsMw>m-hU{sLLao($_45*8P1FF_^YB)(SzZWUftRL8K;_S@$q56 zhFi9ayh3%HqwLLhF4FIbFj;rT(0tc<)f*~=(5M{Cvht{V(N8*VN3Ddq-KacJ+DbiR z;8VC*G3(=f7q0;JjC)GDaLcVNx^4f4;Ihg$&S#}X7U`D{wTm89+b>kFT2gsiwVWq$ zFuZT#N~nem;)kq7`#WV?+}c${7A!lk`)$}HmGe$oD^Bm(3<1J|S(7@Ji>BbyeD#O2 z+Ni^4OFrR~{Y_WdCHv|xTG_HYGPo}nRN=~YYURrZqQ_qs+w{Sx;RxZ3y3c~M+0|8P z)x2HeDr^&F%JZ6`RhQe^dzT7T;5qA;H5KQ(sl=KPK7<(MXYDW;>bWphy)asUcx9Qu zbD=sFI*V?+<+tRf+NirqlDotdwOj)C@qqV>N9|j7iA~MgIIQ?Vx~KA_^kWI;^LX7d zQ=~g)pgoW~6nFmiz}hyINE4;{4C76TEXO?h z?i0Orw@{(Wso5ieJP%5oMsa{+a7n^@mlBt!kMF)cxV!kJ;+J=?uY8&C@rhLLw0FbD z_kPy685cOHxAyG*#1U7`zSZD>W7_j}nM(1~kxfU3-+if!9o@ODw@oE4x+m}b+IE~8 z{47>|vGG5MlxlD8om(I3;Lga+Fb{$+d5AVpHIaMgzzg&KUM0_o7Y@7}Dd~OGx9W?~ z7c8XecIk9C^;YHWM$@#QAM^fCFRt8+YMNMF+@#s7IZ_zbmC5YaWPVX)=Ig-^`-J_2 zgl`yJh5M)HXh&lvjFID738X$`Ci8xDqt#kIy#x3+wI$kvn6PbJFkouMRx?UM>t$Zd|CEqa@JrDrVvZugsBuVz^|l*LL@kgN<->3;zBsj0Q{GNdZKj1uh?47`>Gtb1ER}o?1f2a$ z4Q&lC@fDky9282}wvc$sC!^3^MvPeVCPNG}A-rtf+s)5^_nMO}p}4Gl3V+^s{A5gV_XrOrIx9;Mo+qBz-Sn%ZoW)R2gev54|&aiqzo>yoBKf8i-M!cGVBU*3JK|muz^4#6$BImD> z+4r%^dHU8P3dsw7Zl!Elxc08}@!-pZJ{!?B@>8XR%-SR?N=xf)w&hnb%xh7V|yp3O68=FQLL1<&`Fp&Bf?ST(pTvO zLt&{U(=9~`YWGFo!YNb)M@+oNP#)l)($ZIj!tI)7L=JEuJ|SiDs|(xg2jc%4&wl>0LyN#h9h z){+OZ$9qiL%e8J!&p>3v<&4?-sd0 zsA|rU2t%2TgokpAG$WrX3kBS)F+1coN1C|w(EFXiyRWtx%52TBSh@H}xNO`T%}CYb zPFsliy*uRNb?4gPbmANpJ}*(LeG!nnz{JEq&F zr)0>k+mn2@?4m72EhXih`P2$|CqqL0nnOeLqgMYlFCCcL9vRht$#Syujq^R4`HSua zwB9XDlhcp!ePqT96Kk(j=x_3E-{%ZP28wFMHT=3_y0j=OAKZ)Ux8;=@P^UT^1YqRS3b;ui9QQU z0DdAbh@X69_8HKfS~93984kYg#2}zY!ITU}WKf^BD_uAE`UJ+D&0>|-wtnF2P)Gq5 zW#hP+6$3*~pCXs8^j!K6Le%%a=MeldGlboyt5&g4uY9Z!}5m0LDyW9B~hR6qhwb=ni((j(Zdt&wvd$ZYkC z*#GkST(c(GO!h#&>VWUW3DXH!trsH~Xe+G` zvn$f1Ta=_?7VD=jUTvQ7MMu&xa@*l&vT953u~z=Q%zW2me`SZiW$P6EwX(0e(?!yz z-Iw*&U6dH2$O<@Y95YyX)LMViNtpz>ln1m6EsJIA9ouIfZn`|_q`scdKB4?nCH%eI zf|Qdf<)2!18J0e5vkDY8UfNAOuXs4}Z$h5AyUnfROOJO>E^*MbveY{7q2{8bzs_OJ z(n;HFgCA#tga&*|lHTH}PPQHzQUejhPI8&B z`|*f5n^&3pUVk?7GOL83F-3LV%p<;~1nnbO*{IfKs$%5fvjKnGuHLZ5LGJ32CJjj^ zyZ8yj!(TLBUF~yUT$(qi^*~`qzTO?YhH5TF;desdaL>$E#kNL;BPszP$z-@ktjaGlxx)NLSLML!ZKyHA*^7vnN~) z^X--0ApK$X$wkjz>)>TXZ&o~7xkEXP@JWjv*%hW9JEdhYi7B>8mUz^bwo5MpYgmm> zv)*ZDW0uJv-#SS=WD&B!BD(Rlq?V-$)zf=rhK1HEqqXvQX21efO)oR8!^d&QuZRfk zU;J!th${m_)=44xK}qTQozj4cA64&CJv|ky%MTCv_+4<|`SCOEz)RRrMzyM0AL4Am77Euj_3o zUHXByF7(yKf+B3W)uGJeYl?(I-rif)B;S;Rll~|d6PA(L#A(XV36+`I;I%`?Awfqb zPwATb%%*H5>jWv)Ep;;fQZ{M%oeyWyhMO9ah>^B!Q+9f;VTn%qIj8bwgy0$n36a?IK7C#_T?tg$PmZxhp z{{umOQcbz}Io^cD$v2LsbgIfcZJ{nbZrQTn!jvHAd58TqwQstt4zSPsYvsB8k|iIn z2j%k`>s>ASq5iVBP{m4f#l5oLna1Xn>8}4v|CO%6=Su8jH|=lKeucqJZ~Ge zIB%6V)8p!GXH4kbv~)G~^rq_L-D~LLeL8fV;X}S!W;U}=c$?W(%2-_%e=Ilaux@>EsW)zp zl(NMYjoT00-dvdnHnj|VnmJA)^sGEy>A{M#e$P+hi+2b6gyg5Wyc4tc87189eXk*9 zz+Txsv%!{`344$njHu_eSq>e_r5t z@YVC~dA>X38;ikr6oZ)@3j`v@~+mR3}_SeeNJ9haiy<@ocy zK_)~>yhNY1lEmf#vZW{Q7^!jpYO%#y9U77+O=Siw$gSaoPczl>B?%2D++Mn$<0z|# z?6o=acE(KgOsfyn+O<gP*+BaH}4Y$Xb|tu=UXbZPWEiw3!xRf9oqgq7P$CE%yQ_uqUd5l=3TA;RpFYnQfo zmC4DHxFZqu`MEmII_sDEx>^>wa<(rDDahMzJ2mZtc=DB1+ZNl?HfMxVx`nQ=_D!F; zo=~__%2pzPtYklF_1tr6d&^{BIai&{uSGuM&*+C}aU`aASVg!x<)n5B-?DI~ddT69 zo@^;=o*j~G=Bj0kC* z5%aCW50qZ5A;*>7C>7rmZNK1kX@~Tnb{KW?X}nZuQS#s&!%)#^2Dy+ zu3WXL;}%ccR<1dc_fUApJ)#paKE^99ZDN7BSEP>iKyUfgrZocuu{6oQGPf<(s1R!^ z4wBa~2us|OSacS1b*I&NTE#VZXGSG!wBq)}f&0^S{0aUhRaVDh6{Sj-&ZgxM4wyHY z3=aqThb$x9ylI`FJMDqq-8jvFjKsi6K8NE(B4-Rv*d4yS&AuUV{t=F1>drFZRO`|9 zTurUcT}hd{DvMbGDt?mLN-5T^O*okb?Pa;8O6-ox5=w}|UA+8+69J)TkCM&?XAF1v z3+JtZgMTh!c#-q)n7$dtK2%Rny=$qzok=VUDNeY zdT4`PUxDP5BT+t9s;L$t}Ws1HUDfy zM(aR1fxPF8Xs>8s$0~P;I4m<-KV$ZZouBK0zV`xi8O8(rSAg5j8emx7#4mEc!tj7C_?>$x5Mp*t~f8`nBUM9}GB+gax z#rpC>N?n`G9Bq;E!)*b|2QONY3ZtEojTa=;WL6gVn>JY2HR^U7Z_3Ov*`YPV@6|Jf zoz|s)nb1u8@g0)3;ks%Bw~xnmTJ`ytFL8D*))Z+WWLD@-jxJa$ywu4$*zl9qbgu~~ ztwPgN-NZhLNG)$GQMgFV_y@UjxM_;fWeK0#x5EfGufz^aFAvs{@M#dkh)hv^{P1e* z_NhVP&M|=*oh}m+6ZUosZ__=SdCl|QD_Ie4>YLa0IF>0Z}Qrihfub^6rj6xcs-%gBt9Colr#eI&Hr9=c?I^Kakh z8WRuBn&Krd>)^$iV74(iZzO&?VR)61-yMDDPF3vTkFwo5DVGT_84JdCaD9}CShcq5 zDqMn8p2puW$UnNGcb4DXgwIEU{~t$Z;m~yZwQ)eYH)50S7%)N_q{|`5=omRMklGLd zrE@S!WlRYrL^ec9!J!~EKp7!0MPVw8(y0h49nZVp`!9Us-1j-xb$t$0Jvob&%m9vz{gpV z!{IIb9}ID+=W}7tNP4T3tgQRBcBjXaN`x=R9a^4*Gt}C{DR@pqok)i#^-Ri;-=pwp z@~brjNvnGd(LKqHS`0k`EXHs@$}OAB)DT9}@}J&qEq@;2c>@n}IzDxZ+n@hiv=(L{ zxxrX>{X(@v5!xn!qoLCXE+ysc=!iLl*++y#yAKj*c2|pQhM)1=0r#BA)R85q6OP=4 zvx7iTM4w=61p4S6^SlhQ>vbLwm&_NGX^#g;jQshO*e5v*EU3zg{AQo5JfRe7aQeoQ z1_+dqC$uOeVDBbw>J;Oa1>sG%3(w4sJA!E{e61M}UyR&1R27M;p=_$tVHkiX>MCS(=AfS zTN>}teQl-gR3lD779-Kw0r9}S`0pg0lM5ZZlbFadZ1c+=oz+bpW)EDJ=s!SgE+pw> z^asEtX?6g^kVe(oXqK{T<@v917h4bnbI0=8m zu~<+bxUToa@qGSPUJ=wo@ z@BP2wZ}C8T$-(o)K+k~We$lp~dE1}DGsAdUUaMb#T1~p5^tsWQL6`G=!rR~;fbGSk zqlqC9y^mk#(aC^#2PTq}>&kB@efvJHts)yy`7Zqgh(ebD3KJz{t9ic1=Po%*!{b5y zPr8Ij%BY)svaWilB4D|f;`XwHC9K_mQxayJYe;F9W@cE9Oy1Az6lUU)M^wmf3VNu^hlT^tb9o{P#5WBuz!Nh_ekV_Ozt})iC>* z+l$U+u$uN1(@dr({-fi9#C+y~Ty#Wawry9(E_3Q%E)m5%3$BSqyf9F(4r2su3+kR` zPW{}brWm9(0EImTx}L zT;a;LtdC&fqnyzuHdl%tVr-04PC@y>@v`=ezVqf2qhjBZpR7JmNZ@m>6rSab%Li2! zgYTs#3IX>$cABq&uqa zUuJZdTp>|nnSLf7Ix*14`@c>Dx6dZS!0i_7`~~*5E(*yH#*t%a-~<7M4~|S3IBaHS zmt$9KS1WnIM>kq(Pz(rBq`e@b6v2N5I;Nk*+D(~IX_&8fO<+S)BR{57ZF6GSoq~a{ zFzH5;HQAYE&$iav`m3%{6N_}CJ&EX};h{~((gFOda&(zJDJn}`Y=&b%>8cjm;|zx0gFsI8w?ccM(NXCwwcF&?rAeu(0cxEj z4oF^$>bIr(#_q*ytUg$^OOTDC3_vwoZE6x^2V@Kj9#R#`wV>Wh1l`!&TK=I=KjjeD zw{#sDQTgY=y7BB`w)dZ>0fMYA(RtDslxdtF8s@1^?jTRdUj#%_(&V<~GV>|0ik zn58N*$1lW2b0g>(xbhJ(|A$-^a;l&ytkkd~+=t;ixk$mHutj%%=EcSfZW69l@!=p| z%@ku;@-k_@2I|4qclUZox+bbzrI?|b!Z0>32d*tII=!wp8QT`#Xp6#Ha znp)37^)JCt#LhqK%+G?JwiUylrY#k}8Gr~1kO!N%2On&T2zXkA=gkVG|pOC*>grH-!Ws)bjwc|lnuk@>gBUlJ6Mq;L;r#Mkc#w>s~f@x!dO5n|}WvNw(P2J>kuD+He z#qQ(Ua=Yql755g`Jmd5qV6en5+;#4jesYv-cn0u(+e9%ZGzA;i-R`k3?rWcc zgoxyhy4)-po%Or&1r(D1E9^md$BZG)ZpuP& zOwVtFrxk&0-aKwN`kt1{{cBuS!8>e!>>~SCzILAIE}9A0Yz*2lO-w{k?Llb}H* z42T*Yj~S_}N1!9J)`&UXnnvUrnXq>qX62x(v@e~_Sp<&{<=ZruSfn@i+bve`et4f$*(fovF8;d0c+4aP?Z!)x?3K>PK0lnJUrk`kI&(ac>Or1eeA|9HuHN^heG<$mi47erD%h|66|ZhhG|u=qth(m;Ixv zm)+NVDO$O-TWwgd_R%ExXPNgZXZ>X*G_f$|Rz8-f8MYy~e)_1$aMZuTzP(FeR_(U6 zR=l(aJu!|#PU^Se>>hNmFhFs;P(e{64U(bgT9arKLnSeqS3&cJc9zDhdqZeRKfl+g z(f4LgqVHJ{qZ!d`F~51)j~{SkZ->)(lkJW$$pGh|fMc@OV$o*(8(Q{M65TYGIJhlb z)Wc?Cf&&CCzbiSf^$iy%frp$EC!BR?cp0V9-LjNJviffI@a+w?|5y}sT6Nx_2900J z8zTv${cHLP9j{lB=-%Fo%57Aq5ewC3TBSty~>)~@Xe6dPKwooXBzUM=ww1*DR#%=xrB zHJpW*n8VB5Eo~|*RfRU>=4Wz~GdTC1o5kYgFaC6`Nnv13Yd5^+r|PwspR8${WaDgj zr@s@h=wW2Lw`U%DZ1xC`zSreHAmtb}wy8JvTG=GI+lrc0rT92TP0o`T>|PIUUw;Sb zfGmhE^P`JFYb$C{&r9zd7w?1Hu&B4%{re!Xj${75@D;jpvcqZGrPrHBVNDieFJjMH zn?LLJp|-Og+4u|@xm60-C6yWQ$BVPW2FV%&LAdi5UwQn;GI*`K(36FPPezE*6jN8H72ML zRM=X)3`8eow2E1q+P{_rA!;CqbH2&YAmia-{8sM07n@ZHJzwZ2GJi>D@-Na{HyZ?J zFemX6-<9WEuGB^5?L?%-Re`;?8A4nv(X1O+NrkUyJw63E4Y8o*`%m&;#O5}f?(pid zFmHUH8KK>Mg`pa2BT;;U;iQf7BN--{!fy>UP-4J`;v%`r=eP&*)P0HmC2av>FRw~C zMnVyO;f{ZNWZx8qQzTx=mBc#xhB+F<3ERKw?g?70`*&wagEy$&TaZYP2FP9xswWB3 z4Z1_e(@G;^vl8dMU^tFN5x*&r`=|3F(9IF^gZx3x#?!j9h65{c#v`@RC?I;kq@=Un zR7QF8^GQOLY@vrk{#TUoHNsPVNA%pi{^4fP&qIrep30M-Ix+&SD z_Ty(|G(vVgrvBc7=$V=Vg<)!PgeTD-#};duRr%_@NE6Yp9Yx3e!;Q79A_9fk6OOWkt-`cAI_?nFISvaCp<% zV>YPH>s;-6g!@+RJrsu-Wyi6t0-h5djPA_1lO+}*_bOxYH!F+-qmb*I0## z)7em(C}_QjovE!r>8m%euAl`nCy`Y+1`ls!wqSbL)FlDe@Y@=1JtpNZ9CF)d*He3{ zA-tiYG^aR?|5&>3e0(2IU|;h#b}%bM596URcR+(&3^WAs%&D^@ut8|YV15|@8m=O9 znM8g1r(172_n>&`2-db4$p~W`EUmJ)qCa@VaVEeZ zY<+Ew@Brb^coxSxV`tX{wUuIK_cmgHiZ=lM9XS2T1bQdh17o9fL9+P??S%WzYSRmY zhKx`mDv#u!32c#X=z+RQt)kRDqML4&ah|igbWn+s2`LSfCo8kD)8len2-oVQC9($2 z8J`ROWHWnW*Y`&R?)e`J_|)V*!=KWgH!2nt7R2z8;J>SrdiUWlA~nn|OA#dWtZ!jh z+9p9QEqpY#U4L*xi7@Xu%kCLAGE)xpfV`}nL0qS@0H}NN8Kn|VTmU(kF zKRtn1D`u$ot9G2s$y+TS?oOUhv|>joZ4&%M87q&deFUlID@=AmDpgbX-faw?1*x`p0L&=jXLGTjCD@dbd1kr26@!7cQLjLQ9%hNWUbD8jc5YWlBaL+Kn^>$ayf z3Jho#tc!+n*LV08wz69-p{(YYt2&CMhd+oVDlh<~%mvNbB6nbmz*^@Ej|l%N^21Mc zd{_{%9a!@LJapmqQI*Sx4M!NI)-CVQFr9Q+B*d1Z6mz2ZFMk6)&bqdoUyTn&7w6^^1 zhBnQNm~d3sWJ^RQ0ML}17g(il7a}JEU6-7G9sdlm%HVg?O&2+t6F_z+uFro^xskw&xN!3@L>Iw%s(&rx__$tzAk&2W2jefBZh0e0F{!@Dv-L zLaV1U`7CcptH#|in<#emA?mz%T04r{_|nnLE7emeYoWxX!1D%=F^Y@R=1u;6TD?K+hEF7*^WdRFe8H>)UWg~g?d7lZ8}@GXyP7bg0Z`Kro)FMf_dau1 z%+KkUJww?+vg`4FT7LhjZ|NII=gi9oK#p)C6JF(MTRq`2OhLUU_t)6ly+Wy?zskP! z>BsI5Y^*nCvoeqRbeb(fSu%6FPI^JuJu`2|453^F;02hvDlb|WJ=J&SiF4HZyhNIa z+R$nXRE&I1O;GS=pC%cgcV>yV%5sM57V}WEzRl*geex(?2G@+TOEWq%m}Yy?H$nn0 z%z!_aUh=+=N}lu^Fru3v;ZEJNlXglVH8YT{xYRS*Yp-;HXa!mOn|t#`CTc z(qR5nbuF`}&Q>^Z=Ipp!^M?&D<%*}UD39+X<&Mp5EsS>$=e6-Ew<=ZlMz?(SyR8)GpvYuA5bBp+;56mFio!9tgvD~Y)9aGT~_X2Uedv46w;O+JSsfe2* zxf=dh4$sppJV)J$*b25RMqGbLQv*d{i+!FqKR8{uO0hEgU_w^%J` z{xTZjMec?#bU!jgti%1~u4I1h52_^u*u54AaS=hXSUKy%jBJn6jX(^kvB&j0nWVBN zlM<)13T368^i$iyO@)y9^g4|Uj!(cH2jPlBBa zX4Bcge&ja8ngh0Bp?OomLgZFS4sYm>+NnQmeeL1RO5&CB=ba^idemJTh}EQna_Eso zL&$nXS?H?(jFlPk14>I@cBQko?`LOdc^^BLsWv!c-R!n{O~~P4bxbuh$cvpa=#y^k zwJXX7`N4jiQAT?gz2Qqco9{xQenhxa-2`4f{GgB>=0v_;))iFOI?FO6-$7&x%y;xS zu})DBx0XYh@NkMgKe#I$|MDR$g{)*sG}DXloyD}tQN-Y}gY&1<)|h0c(l3k0E^gVr zWUATL$?&V<(v*Sc0fzDFK&6y>Q5D9y=O|L|d|b9=bz^8JC5IAR`@kLl-d@-%4$3xv zbj#8g^S{Es2#bAN;Fa>av%j!)_iD@1#?2EzUc)1G97Z%7V4 zDRgnX4<9Jla^i=L0ykke&flDE8Q-%e=4u!wlo4jzF`%L6 zDB}#RfT!=R*>V`4Ui`%NKI6*Jr=5}Bm{}?Oe=L|^1eFi#JK+TWm@6-gVyj#)3)7Mc zk>7~!of`hDb-WC2V__Pc0mVK`w z*?-V&>t*y_=7a3jdh{<^WQ1JCoc*rF>XU+emFG0+cK1P+SnI=6YRFKg_`CA`dPRA8 zU;C{0<6j=6n1zooakK_S0l4gUz#~Z#ubN=PgNy*00DJr4!;|5ZvCZ!x4KJ$(2RVgH z0GR^&p2Hn{YvSwh&u#)ONN>YkeeN`H?9`6l>vr_f%c{`fB_mnutqTfLW8P9x)%GZZ zOh2JAZg<+Uy`r`vPgI?pX+C4tR{}41nH@cbQ^%QA>4tWp)EDYJ)9xH#wc*F`MxU#+ zU)ryJt4lk!h&eDYW);Ti*#3gp`tULHNj>*6D?$1;8xxd?j6cT67c8S2heb!vHktpH zKE@Ym5IBc^nQY5nuNj?xKG@x25j3qDeB5+85-V`#e9dR`(GO?t`anMy;NOSSUREh^*!ZY zXAl%ZNxD1@Y1r^^x43hdaZ&F1{aKI5M}A3-_qzf-QR&`z&GQMy2;`>hyNxJ<>7HDU zrd*|XNe(GL)T}amv-V`_B&MN+3DB$D1O*43r*dpsM`UyZi+e83z*{f&k?HZ~{@7@+ z#!~~d@Pc!t|9TEjo8_AkG5DOM{sy;8Mf$^^XCz=7XPZJMCCWZ~Zkxo+-V9c+6E(?b zRtm+jbHpa0FDA`u%Fbm2+)g z#)K{_K-y1%un()*vT%_USZN=1RexlL9^i6mRfn%j>7CsT?LVjmRbYyPtx+_&!*)lX_CJsnhD46_Ao)M+goTPtgykk@4QMMtLN^Q0Zm4*4w)u7(eR_Y#D} z2&g=Azg71rSb3Pu>y_nEv2<&^;m|MM_96Z3V}|_8ZPG^MN;9`hK9&|RVMY2h9ssL_ za*Pd341Ppqi%JIS7`c3WMS|_h#7h?Xo)AAx*jzczX4!&SJt@(5X+bypPwZHSY%Bwt zl%u6=*i@aNR=P;L6UVxzc=Z!iT3)DRnSxP`0Vz5CXIUtn4`go-`ILF+I6+YniXURb z!KY}cv_k;x%!V{K2TF>W?bu0!hr&+mQ!b+dHro046pWr7Rdp^Rxsr(PEfEb3+WV}% zW5xBSPZERp?-Fc0ThBUJuq)Dyeg7`SW^wg@sfGNZo8pKxr6vwM`UO}bUGpVFQSODE z7Jwt@8nM>B9lbREvtUt3H*IPovQn8s0uf5PK5VWv)W*r?!H;>~@myNH;$`%!;#*V3 z3Ok>AKw7vspQr=)e4pqiafIrzx!Ngk5JcE_x2+o`}t_9 zyrkxJF^%_d3Ly?WlYbd-;~JYTjV58r zGxx8rRSqLAoVrhzufRhwnt~s6^76;Z8HPpzTZVsGnn8`OpW@9V3c4$es5V`G<^Yw3 z4vZwVY0d9u*1Xb+v|aS-0v`->QlCKT1Z6*qG#W>4etmau366}5G~WmeCqp0KxY(J2 z6HG%nk3aYM0+Dt|all@q{4cdy``w%$*vfJF#{GH{(UxG$P>NlaGGPd=n>%|qs4OXT zJ8QKwSs5PpQ9Vz;p858Uf~VHgQt6yS-Ol&zBE)3E$<*e%_gwX!vW-2ABlMOkIhj+U z6}?5SWh*Si<|J@6fwuW>bWPl8GcJ%o=_hEG@8(LAwMxsUjpgNDz&mkbX+HruSAJ5y zG)nx{@QQXXM?q9%F(=iDL^!Ts^FlVmQ;x79JmCX0zCOsMW5ACHi%@FjCsCrk9JJE4 zt_z27?Mt#g5|~ZcmUfhO#`5@?6ok-(K=)R&g4hpT$l;gj!j3rkIoUR1VJ=rNc%Y}F zH?x1xe~jqu@0E>gCEX>qlY*oXUJ0~w(H}U-CxfdoRYr*dpmwTB20gcgRO_mGv#0_W z34W=2&I>M14gUJu%HlQ~8pksNY2ZIEH7qLCWQu$p76GAxUwKM1xvwjBD)XV&4G+um znFr(B0m65NMEl0{K z16Pt|M}d9H(B+evpmR6s?_Y$e8aJn1BYYWZXV10tcf7suj@c6Y!qbPUT*F?tb<NLEw#VO_SFx#)26|I7)tHtvQGapvlp!z5SiIP9j77vgzDO2A? zx7AJl?QXr!CvJG=VK5(*J-8Y2(_vB=a)s43Og`1RtCiIGEY0nsWVN)Xh&vx)o>@BH z)FUmaZORuN8o^v=l7B@s5yqT0@EkYID%J(_?!Uy&J9-Ko*oiYOG;h564ho*W<_to@ zYGbv^crGD)e{8s$<+7>X8L?30+{1z&ODPWw(H*P|haRIt!?545oOw!C-__@vqJ4@M zE`U?W7YOesLoz>lDtKfaYDCb}n3fUaZ~+pQ`NFFQa4fvPH?&n&JNX9p+W!eF-?OQ>F~U>9h#(X4PsIMk zX?MSFwRC8`7hI4z^pKMw@N+d_h=TG~O0c{fBK) z82Oa&>txYuRRlFpE?XyYrGkpbK`~!g&)1K57%)8L{Eph`e zVj@B|zRE0kANo{T)blF)SF?a|IqANSkQe`gnZ5Ft!D|p(MKP2sPDiZb0i+Zvc!bfgpse?mhj-opn|!44JIe0@#h#N>}B{b zf7=({c^cwPkq_xQ1vGt&Mv=WN=^zm5Rh}7s(SBR6URFVPFm%VV=D7tQ-9XfIxFy23 z?6;W6WCz3Z%7?qmv(}NDI0hL{^Sus2W0qcV`x9h;HJgi90G zOP@NK=HfWPNF3$6pg~@2uGC$JL*8j6PRmpye^-INWZdg1Heq@j*^!<^6 zMoJ?gBDR$4z{+^@oUc5cm~Dlta~FNRJd^*~>O1NCl(1%_vnT#0&4QlRjy0>+B#2v{ zxF*?qb8SSiCV12a(&8P9*ycq7C$2HGwd4brINojN0|5(a8 z-(62}gnk;cc&rnC-vz?C))v3ZwquvYZ;UkCW*e_?E}?-PO!QtBG)J$ac6YOa8ppGB zM*l5U4o&s<=@MRA$?$x);<`6Ya4tan$Kv*Y91!SS-?^b1PqJCP>R1c$fA}li*NMg0 z1{r@_4E6A* zb~NsaYoH7CJ?+MG*ebVcqizYH7`$A<##!?Z_$uVL%166R+SsU3<&;b=I7PA~i;g-? zTH5Zbxvhz_n7={XF1naKn;I2;17>wd$I+*GQTg^jjPlFs!B-1}MPK*9k=bipW z^rx5R*DasbNFHB#lyR+@jglw}EB@0f*d<`nT{=&3~EXIxa1I80$~ zGrLJLZdc$+@K3pyRUWJsduPeccPn%LQHTO_RKt7cu4LWPR#J$Nn!N^EDHjR% zlFj;>0sB^S0I z8_Sh%)Oq|$ao}$sq)PW&Kh=o6Zg;%}1OQWAo!A%x-VBW^Mee$?H>nGJ2Sxr-Rv$n+ z%8qrP0cwwarC+6GtOZ6uUJ+5$Zlk?R_s^YB{3E@WP(n#(Su=t4Kno4Ftynm3)&(@7 zN{5M6K|+^TLh!MjRQ+KRX2CdQm>N2nKsaDSRTQG8h#^B0n|h=F-qDnCfn%=z+f3*L zF(`{Gi@c%0&HfQF*+$kMm2r|PHCu)Gux7;u-0V*JX&Rx;dk66}?fiMkG~GJnhgS)IB~48N}#V1cWRnEx}C4<+ZW)9kw7<@Fk@9gx4j1FWAM@9(0r#*I(yl|BMt^7HAaHLW9 z{OGwX27Tgb`+4u$ON%4Jq^hl;%dhg%HyKw3p_)+7PUmg~?E2Y1MtS`4yscs(Z>D>+ zu#!%SVG8VaI5PSge=FpV6GN`5wd?O>u%c#~i%z|(oOj*6aEI`@zVOfq*k9ubs`SXo z1Z5`;@G8!srci%lIgdu!DXpjuNm6jvPy6Zh+Val#+)s~mgFoKJ_i!mfl1Vs?IP5t1 zj|D^FFFFrfsRb-+mVNzRe8+Z$Z2q$$!pfBlG?Z#ECASN&uOFT>8Bm zW>H2Ay*(eQLye{T=SlZto1eY82vRd4B9Pvm#=2XIyOj%mV6@FKvVkdFP&3Kqt8zR9 zFG16SidTDGCdOzCPlo5R824!E`Bs@D4LGiQ>Jxe^mHA~I>)0t&k7llaDysQP_`7=g zv4ng)AD+V{!Ub0aDAC3L=*yY9oyo8BgX;~_)Ci~#IqO`IwabHE9!Ek29Q)t$dph0T zOe|~rhY$!~);u3n3mQ>PLLOY2X)zkUuyZEA>w?E(g!_n+0dLyfXvGG5(uifAJZV=r z+r5!{R7t?z<@Spem`NpfTeg%ZY;?zKL)R$levlZqqhI(3=vnJH_}42p1;b3MlgvlJ zsUnNE>fn=m206=^I=e62H-p9C3#d$c2=_FdpOrMqwQR}$&>Oh9wE|*`r3!*#uTx|8 z)j*HrbB$@vSxNE_V(S=)Ue|DiM>U<~n>oWFOwjk+S5jNWN9vdP`(*0JQ>6DF>{vd2 zM1+%W8!Q4F62Tkhd;IV#RE2SSP78Zg6>Y zx2p}@#XN}EG|2{H5+&aayk>&qo@CY~GmUgU={?3w7tz))Ju4E9OA&4^tvn{d8kP6l z=c?w@P%<5%Gs+`6M!mk0m$A$4V)r;umXz~lDU?(t@>6h)%8yVip#2`m{xMLP>Id=3 zI98!oQ5Z&St1iP?oZuC_tcI&TMY`Elp(#z3nJw7O=5cE_0SVYgFK-ZB+uJz>U2kP` zg?0&gqK@qYo0~TEIyUvUL=qs+m*0(|im4)=_Oa>)S8$J>I8ZM2@ZZxJHOhNqUikXK zk&|s&Ba~mjb4=S34H+2k~1pFymOk z&j-@0^iJ+r6Lh2UfD8a2AoH~CJ;Q84?5XIG zY?ayb5MjKr{ReS@;U6meA52D?e_?OoTG>!gp?n;rpHl6(#+@i-*>Go<7ZB}>j4T~q z`opkb_c93K&132m;MVNIlv84hwxdUdNZIrY8{A2ynYfq2+kEtUdbOfvxxPQt2BOka zD5qu&00;vRd4a676o1FsF-rmqHIe5=6^CrD87JG0`SiD4lF*`!xkx6pHFe{5?f{$WF; zyZ7YAA)mMg`ul1oP;mclUXiWXQXEsIUOT|pPS$FduZzEge+AZJY+NJFH&PV{`(nU^QuR`w?%#{>5V=VT<8AvhbJjU zC?`ZO`I`G*^e(@-U12IKXAr+?$@SMwSGZc{n0ulOS!D;WOdWGqAkx~!nEZBM@4f@a zD4sOC?v$leye1;hSyh#G&0FT8&X%l=T|?DmicrneVZ}eoMk--a&-VUYO=xl<|5XF- zt-Jky!q@YYdUPam@-)R87yQnQXb%zn^H~mXafLzzku;Qn5G@>8BKZeNmMGB0756x~ zb|jxK4@BIMyejNEjHDhs4yCjj+<|zT*_$vGl zoy%?PyJ4JMNZK%tT`_mE6#{I3aP*3@5c?nAg_*F*rara8&>Y`T4#EctLvqEBHgt|` zWH{A|HD;51|8AQ8NqP(Qlw&Zxb{VA6H*fR!lO5kVm^)6px4XC1xIN#y#Pr-UBr_nM zHFCE&OjX86-866Qdd-|=Yl*-s#sAN$(|b5`o-aFUC2V;m83@SMTiM)5!1E`Uq}&A2 zdeTanIlWd#;Q=!W)bqlLBeY@f-VMi(RyeaU#ATFsZGUa(uJ*nMw_oP_Jd6Yqti0_y z2xarW+U&{We=;muiIIpf5j)U2Vv?-O&*R!POX@Xb;R-O{{5|Fk}D+YNRe~4a1o-Ez3e;dijU*wCoNH48Gm~9{oq#iN6Ba{ptRjG{R2j1k>S{A$)?h0)1 z`DU~R+dBUhGsIQocs6`^wIrX%Z35YSk_4zdbRZ{Dmg1qCAmiklZ?T(k-J^%b_S6g3 z%l_MiI()n)6(}(h?K$0&6*cYKDX9D+W#HeBOUsr!Qp?cGXO7fi4RaqI__5wP%qK$P zTHwDv9F$gSQ&o{(k%VLUD1l>eyFcX_x)V5@*$!bFjTjD}p*#MI8(G&axy?h?O%gFtA=c}>JvPJ7 zc5t0v-&wJ(K9-pCNYA)Fi|J}UZ|>S-HrW)%bn7Frg~(`Sos90AIFtdpcA5NR=%_Gs z(YXkgTP|{}DECx<$TfV2Qh@?2ba@ht*nfFIrSM%K>c3I5DipMV5jYm^5UK15Sas@k z@gR5k|1Icd?hMn6Bg8=^asuJuz@}Rx1b6MK|6i2qu zyG-ig@P294auS-pOt^XN6gG<+wGLO1l^13X7{=cRADXD1H2e{{8U&3%@uRZ0&Vo#F z8rRI2EG*M)Rn(uv%nO38C@(XsxZ}+Jh1Q>+MfMbhH(wm(JBPMP632rHp={2qXleTzoB8RIgYWss-z ztukK}%$i8Zt}kDU$jlue>w2PZ6(_ zc`2t6{%Q_RhD2)=fBxGDxF3=G&gL5j*QcRz#j*!fUD|pB`NL|af>E69lq=%WYm%OrCR=hMX*K_qBa z*A*m3-={`(QD){R2(k)O23fuhMpejb#L9F<7E!b#llmjxo-C&frpZs%Jh73;QHN9u zftzW358t8}UG2`1E_-Q9F}ad#vi)O%4JXYZ*~)tf*<o@RZvCQ+SYkj5QNP;-;+qQw1UAzU=#BqPTHhbeeBVn33&$<6t3TxO7!QTtJV?$A1 zQ2y=&ZGo{2weFi8y?b$-kEebp$!Br$7qb6W7txgG*2(t0w?0vAO`QqOdE}LBG7+(4 zhLxUZ5blm{Oj__+O&yv6KZU({9Z~`5*u~Fk5E0p0%*a&t#qZ7;hE*zq0>G07>$ZZk`M>Pdpfh=Khisp`av=)zIZcD{;I@fB8-T#H zWj?o1SH<{U=(_tRw^jtA_01fe+ZLpKst0O}LT~wAhHuIZ-E)2+l#`@8!1AduH8XO3 zc$nUa&9V!a8&c)oyC2V8>Kh=&Xw-YD!1mn?f1Enb{g|iqaVHsIcCdJ&tcPgQ6i*U{gA=bW{1aRCw%jwhwOEq5O}}#fDKY9a~!$ z3xOtAC(IT|rTQr{APtW^kf~~7kAO&Dri-c&@U&o~u2RhSvxEL!@%jO1-RQgiC=hF- zS((u|^PVXgHeSvID^rR;)N(ExcF}!ffgRRvqP-L%`ePYl#)BpY%i`;$Z_P&8X_gC& zK35#?j!fF@8}rE-Qve(Ruv;(jP+g3RE0pssDO~5*rf;KScWNX5Z}s__D-BV0uwSv4 z{(u*h;yL1H`?Bp#suy$lAv#)@XZqWOe`jg?wsvh@T&cAE#~fQG5wN(=ScTmIW4E>lpz z_Vt64+S6?_hdDLO3;4RD$GO%!VZAbg9^^$v6<+gCMFq{3o?U@2ycl56zo~eTO_y-LUSAL%;bd@;|Q(s=gU=kxSU*=M| z*?r?V(uL}YiDAnf+JvZJvUXc@;j}?(jw_gH z9Mx8FN_vzuX8r!*T&6&_o1yEsLv6b7T0EVvEXJK<&V6;5W=9XO)^tMVjODZKl{I-) z;BYY7r}{U$nt{ZS(2kAR%C&&bNE>=n%lj@w_#AM9KY?>Y&M4yQ@DIU7Sd{~iXIwJ8 z3ic&tutz)^V!C|Zh5jFlew2h;L2F5{a52vb`L*I|Y90$S<=djzr%{N47oQtRqN5%h zRei|`M7-4ZTu+Qk)2V8N8=OAQoXLAST-5ydM!d8hf$z9n?dl7vv13N;NNwLEJHB|b z+Ld6M9p@{ZF#?xUc|d?7R4uFq=FKs%L~RGGR^mBbfP}2C-v@wiR#SqYLA6@6o=UTDNac%e5-an$ugDp`sOVIp|%JOgXTf-N% zG5K$Q$d|Z}tP1TUxX=E_vZljg-1n8YN1(qmM<9*darR+s&Rx4lHTWGX0>_4)1hat* zagHM!pA1Pn0I19|RsAffya+n`lT0zeug8~iX^Vw^{_&EgbX7SjF&O>0QTQsA=l|@{e!!ZVVVvD2iDST&7 zp=7=Xb)a)s1?0#dt0SWyF!#nOk`;K4oRM12f`>e}ZYMYQqOV%Eb4xhfzXaECi-!i0 zvLte1J^2knecc`}wHOFB>n*Gyx)V%rkhe#yfVT??(lR_;V$k*2yZsQYb&;t4l5emh z*EH5tE|F$hpEX>CZhnwLExCSa@s+X;_0<(w zFexu{f3gkX*o3uQYK@g-o^1XPcNwvljj2C4oFVm^GLeV7Chv)fG;V+w;I>;(v|nw6 zn|fa9dZSx4{U>31N>CFeUitzgrm=f%!jTFqFkaJop0;nu@D>tm8!m6vv{ zc{lnL(foHQwV_80skvkT+AxLnOW>bmDWoqtTDu+|6ic)qdIFuPq!&UzZ^5<1L54)$ zo;c%7OxYa@XopG0P&{wfA*_KIa|(OB`a_^$HIHI=)j>RXpmoX;19qH9v==aDwsQ`rPK6Krlrixg2bHok5NDn|%73(GtE5SV%zrE8V? z>fv~K9-;7Q*b9Nb)EmR8!muL6{g*iWCLW7lcea)oW$J!9xL7}K-fWB2jjbTi-QtvN zlWY)=7pHPXMI6Lp_TJh^gX8|v&4T^vJ!Qk8TrRnPXA<980g$1II#z#lm(14WzAQCelduU8vYs6eKu1^^$T}kGImf;QPOan22I{2{`3P50x!lUl#SD5fIHE zkV0!f$qFLbFPQynSG)|T!1m&~+&9vG_6X7kTnc?++sR4z*yI?H_R<4!p)naAWAu`u z?8pNUwy?tw%5NUw2@bmjj|jX$`QpDT@*8Tt7YCj|AB=*ugM5|}yJNY3u-PUTUoJNNVCFk4to&F54{Uq?#tNLoKzpWS*6&ve%Q%X{vO9a zS^Uf)rKi(Di9~*o!N&T?U-YK)TTSJ`C#VzWDtpe=J(7;C$YrH~f6B}u;?#hu`5X-u zxRh%NIg;%M_(^%XoH&jBJsBf0ge2bY%@t7tw!k3$Z7Q2jTwfq%03tqosfIb*$4T9L zP4PQ%MdCkCy?wYQJ@EU-){3Vy9)t={^p+jvH_}jFc@WJk6EZk>%*Q6rrfqBl{7IUd z_^BhDVAy0sM3CWPIE4%=j0+n0^o;>9&q)0DXUhm!Rq`;6#deAr9{({+0V+QbS4Kvj zM>PC+AFLXe7W*m>xcRD1be8mg9i4kTll}k4$1R7-A;p&1NJ>sa$uTSED5q#hn^PwW zBexM-&c{qeB$9;5VI(z$VNN-gNXc!pIn)%JLpGcFUEkmT*W+_NuIqYSpTqn8dcB?> zim9#(a?C-8KAOK%?f91`y`gOuRj$PWtcYcZ_jcd>=CY-9P%6wC*7v}fDLFp_G3a)` zDCL^m^(SLhFET$V9+ikfRJxjIC>go0I8~1r`7A^qSk!CkGCA4~8mENhEy+U9an(sh zR?v5xZb)ckPD5Y%gRV} zdX_mhEMJC+y7Eo%;^<|bsJ6w$^IefaeMFw8qMlO0W*G9sZVO zD5%p@__-+kP%wju+`7n9KwX*DI}#|We@us@J(fgDcAgL3o`hQfg5_ldeP2AVwKWuA zJ=%I^+DIu2+sdjZL#UpK{ek*pz% zmBK?Q1uFI&u!Pe7mUEH^eB=(easKm<7gR~j$iEJT|rUJu=RX@V)sJNx< zoL%w37Iq+@s=Ziz1b^_WUewcMz`wEI6- z+|ORnhCkv~joITYOairJdnB;R@r`c7ck%iAOgAx0s-69|gInC!%3bn}Uc{mt%3jAF zf5C*@Ep}}qfgujpvA`uh>+I7<81<<+8%C%?ro?kX#;|~S8 z)wN3cCAqhjk2LlkoDT2g-eqZf{;WkaWKSXFsI^h_WdniRDjxF6%$=LtgK;x%86q9Y zb|NrWW-VXkocW=7+kL5zbfSZeQ)6h%X5)8T_i*q~zs^kkpX*1Iakh3*hMAhm}WcV^L9_Ra_VAVA*)9p!P2j`Rzf(i zuH3Z6P+zjzoogS5YJDSH_Xv_YQH)4Q#|_arrOYiCXhYv@A#g|O$3~m~)8d<8zl6S)%z0D1i~;`1Qg=ZDanm$Ery&xm4*LyD#UXg6 zFLtFh5k;Li5mpGric4BrFYxX?euHG-EdE{nex2lf}=wkR>Scx5yQkESU1S`c9w0KBz8C(^fu0j z%Ps17cS3}ao-No%08ioGh*Oyz4n8VNulFSzkwr}tPl@pF&AwmxN3TLC-s zXE-Z`z1kDV4q0bh)aC)M|A30XQoV*{`~t*S9+6lv3ON~4D4qIDsL+|uHey)2tp&or zfp4(z3n0YR9=39_99;EgMolZG%17?Q`skrCCS)CsIX!7r_L$)!(Q zEM56~*jA^kx$s`ZL%h6S(jv|nZmh=+$`0tEq}#uO&JhO(|B0w@WP`K>zu1h44<4EvbYrt3XYU-g&tl# z7QyI6&!hXN4+7a`1zDVfku8`&SZ5?mQF)HgwL*`kJ6Bw<^$64q_0g$?ESND|H3##v z;R&-5!i#HOLLhwyC;;AF{~z%nPPu(VZH3&|)ef0_KdMblRE~it+`S*AEpB{r-0IP@ z#S_^E(;l{uYdA=i_vwIV&59C3Cr4Z-l_0e_i~7udhCxE^*K&oQ{1m{STDB)}bKt{_Hyc{<=*;u1ClsAzSPtod72@3~ zE*EQQ36DOHpreo-fp`&U#7O&1)LQ>|pq9sVU%A_E{JeMY<^;lD9SznIHeY zY5?=$MwFEJm6E|Mwt0rvNg)MJ9X?TkU`ewRR5cE;RBQZMAwDR=$o#J?ee{$s-g}98sWr9;cPx#9y_-0-mMU9dq9#_2#@rs{rY-2; zP4OmXyK4QUQJYD8*y5Y@!qApUO7&#(KesMhK;x!^ItKIhhvG0RI2cssAU=^Y1bG>} zx!cpmFtf21!(Wq)S=t<|J$%hEk1q6sEAvM=1 zkYc0nS!<`QO%DjvDTB!L95eQ!X7?PDF55*R;MK6WbMlnkCrW175huIn*ZRYH+x;IS zULv!&Glyxz(j6*c)Z$#`M}Zm}mWKbZ#`FkdTPZ4ilpbjU@t-gwm@teMGT%ybYU7XPF5JC1`wi;kWLGsx8yCsT zT!*o{JR}Q`kcx#@w&&yfS{IElQ^4kYeOP|>xMP8N-W#WN=oc~5WY(qT)-0`%@*E-_gQChpfHAGbY{QeOPF0So}Zv)Y9H>UzgxC=z>N2dS`6VP9xT{0)|`>OqpkTB|+p9<>UI zhpvj5X2o$m@QWn+E9C0U-34HANyQO&;XgYdeSKHiA0Wrh%||V$frN1W8KY607c+pyIV(rujZOWHMITa4dtC ze%b9+TvEc2l6H{qeH^uD^OwY*8uB6cF(WYzYZ(~NwZMJ0*R9`Iv@-ea=PSNjXn7RV zY?xUJEmQnKNVkr@L<(ma#j>UHB}x;f51$LKO3!^|Zn$HJ&2>mfCmyz;>KjTn?3y1AhCHN~pwuUWpNjI+9}!r-R((8>1ayS*=A z_my8U(9&8%YJbAWp2dm8Cb`Zm@^@KgnIxKKkq*2NtN)J*Z{MH`1KK3a8LnsM{^{``Lo;k|cTEDuGkHTaud2BgBkh!gcQ*Da4~e`KH<1;w$hf2MWT80ZFYPQ~l(l31y8XYHI_ zxIK>jXZQ(Ii4W|jb@jL8E^FZ!wbHWXMs$C+?7p2Jb1?}_!JK*aI82p+~YM}$8@i-@5lr!^gdahL09L9tsZ6o zC)oo*Ww$J1H!H3LTk0%FLM>>AkK>wl!Aew76)c3k817kM9j?JKrSe;X()u$SFJ-ap zC(d4eCBQ!y*jHdFsjqpm$FVlt{=V%h0DVKfHtTa2NID;xivFp%=H6`vwfffG@$HO{ zW}7p@?D(PO_kJ>2DwNvCi4`Cl<#NJbi^0rU)sW7~#C;gW{oojyr%v4%_)vN!on(u9Yrk4n?Ha|z z`s+mzv%RVR;dbvUiP<;YhkLrFp*d++5Us${AeDp7G*4oNX=%m4D>kuG@Ew&7i2h{U=cj0E*LEh=(Lb z1STA{17LSf?BKzn_^LiXS^e*NAJSgeAAVUiE)@C=`??+=!aU?2j~ja!t=lSaAgG`?cV49eOMT5RVkhH#HUcf zh9puQ7Gri;U6i4_WtI;!rladq8QK>Fk*vejS+VO0NGKjJX*=1u##NYCFyc*?o3{)0B!C7@FLm=|L(T$ zR;aGZ8l_4u&3P#Be~BB9zp&t$Q&m&(=@}EqxvKLbX)=-nRI#-p4ZD2Y> zkZtzn_RoZ{-7w0{U+Sxp6*DzXPqD9SXSdgr)reC^?7M>_nW!Ldr%(&i9PCNrpP3NZ z{Hr6HU>h;8%aLkVFd_9uy4h9dTVr^f!3&GIIJW|mKt5Z&Is)KZHudD3hft2N^~V)^ z$_vT^E1M#3A{9szxFE`&)mjcqiNwjK=>~`uktkYqdC&(V7^SjXPiqZmW4WRz8k|f z#6Nd^HBCXy)CBVFindb({?Kv=v-AREBN8XuNkZbZNn)9rSYA+cRwt21^S9^8_jvMm zK&ek&KQ_ZmR?aH1Yw}w?yYYWDbyp3h7ffZm16Y8nIIMEDTl7x2{oIo(7Sq|~;?kbL zx81Bf9`kS>J55eJ>H+6>=T zi#T^*Byo-YocNk5U-gvGk;1G^vZ`L~^x zhX}tHmtN5rnDUk%HX0_!iNt5NanZf;rya>lrJqADdrr>f>tEMoSsoRe(m97^4a0^^ zUv9S<&4FF3-4>5Mo#Q@Jac(!@1~*laTgQa!Uc6~+YO9?f*s?ud%vJU<)-n;1ToY{M zV!Fs|DxI;$;*>ngJZ*ohe8FXPLRK~Py>#weEx{Qz(+W^Gv?Z_LI~_1!l$zF+z9+a5 zRgMx)rEfvGuatLI#$tty04&yOHZZ=dxN(-&<>aGh14SC=_7Q2h#h~osEWqw zoyvPRIxmTVNzg?fa68FShumkcO&s^TWhsk)Rz11!&F3;@KrXPit$-O*nS&e=O1BN* zE`)p@Wzvcbx2^LYxHFHTc)f)f_18Y{_z78ToJOoegO}!- zMj$a%3RH8*ThT;cFmN5lVL&~(QRb>XzbdtJE(bIA`0W0`n_I9TDhAZMaCwYd2p$wC zpFcn3hsKSBAA5CC>tWsdjQV(uYNf?vefy}dQHM~1_v^VC?P_v>$~I%Bg4PeoYtP(( z%F0c?;-~+?9bTFRoFd+&4x(I?rhVzT8>MU|K^@NYA}qH&dcW_|4hUK#IXYQ`P6~mG zM0((Q>vgwpp$!%}*RWJMp~erofcnLydhJ*wfl6B{;Kc^-fTWz%@wkT&WT)(IM;E9t z8f{j)ElBie3*mGUccEYGvzfJY@%kVzu-B{&uBUY<^ zgs@3tMU*17Ndr%S5Ozue2-$H1*1Y2H%msulx}%iM>>%X4`=>y7;aMqYqfy5D?l+z> z(AsVpO&NUZ+0!Nfk83qO)F8mOFKi#*0aX<3fJ)J^Rf diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-fail.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-fail.html deleted file mode 100644 index ead3d13..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-fail.html +++ /dev/null @@ -1,5 +0,0 @@ - -Sorry, something went wrong. - -Click here to continue. - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-ok.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-ok.html deleted file mode 100644 index 83df751..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/sent-forgot-ok.html +++ /dev/null @@ -1,4 +0,0 @@ -An email has been sent to your registered address. - -Please follow the instructions to reset your password. - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/successful-login.html b/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/successful-login.html deleted file mode 100644 index dfc25cf..0000000 --- a/minimal-examples/http-server/minimal-http-server-generic-sessions/mount-origin/successful-login.html +++ /dev/null @@ -1,4 +0,0 @@ - -This is an example destination that will appear after successful non-Admin login - - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-mimetypes/CMakeLists.txt deleted file mode 100644 index d270d7b..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-mimetypes) -set(SRCS minimal-http-server-mimetypes.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/README.md b/minimal-examples/http-server/minimal-http-server-mimetypes/README.md deleted file mode 100644 index 3240d30..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# lws minimal http server mimetypes - -This is the same as the basic minimal http server, but it demonstrates how to -add support for extra mimetypes to a mount. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server -[2018/03/04 09:30:02:7986] USER: LWS minimal http server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 and click on the link to download the test.tar.bz2 file. - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/minimal-http-server-mimetypes.c b/minimal-examples/http-server/minimal-http-server-mimetypes/minimal-http-server-mimetypes.c deleted file mode 100644 index 6603821..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/minimal-http-server-mimetypes.c +++ /dev/null @@ -1,94 +0,0 @@ -/* - * lws-minimal-http-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_protocol_vhost_options pvo_mime = { - NULL, /* "next" pvo linked-list */ - NULL, /* "child" pvo linked-list */ - ".bz2", /* file suffix to match */ - "application/x-bzip2" /* mimetype to use */ -}; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ &pvo_mime, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/index.html deleted file mode 100644 index 5c60e88..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/index.html +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - -
- - Hello from the minimal http server + mimetypes example. -
- This shows how to teach a mount new bindings between file
- suffix and mimetype used to serve it.

- - Lws has a bunch of built-in ones, but you can add as many
- as you like when defining the mount.

- - For example, lws doesn't know the suffix [.tar].bz2
- implies the mimetype application/x-bzip2, but we taught
- this mount about that relationship in the example code, so it
- knows how to serve this example test.tar.bz2. - - - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/test.tar.bz2 b/minimal-examples/http-server/minimal-http-server-mimetypes/mount-origin/test.tar.bz2 deleted file mode 100644 index 730b7ee2101e30637c00f59f24f1278774479e4c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7589 zcmV;W9a`c-T4*^jL0KkKS*zDO0{{kL|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0|NsC0 z|NsC0|Nr0-|2?n1cRcyJdiQ+9zB^!ML=@2|b_?|t*N?sj)~d*0FY zx3%xQch}!-_j|VYuJwD%&F;P1w_h1XO$JJPB6>kQn@OV-{VC>v2-;0erkY?)PbZ~3 zn^4nJz(XggGfht>5u+xVshX#O8BOYHZ%LXH5_(Oh5u+vzO&V=aATb!8r1T~eN2XKI zWkjYkZTG}Az8c{I>5Oq)$iXc46GPf_Z6VI$K`PbQjTY3P|D)bvcqQ}sMXNt0+bHmT&v zl=U~2Jv6|lTIX!F%x8-n4s!<14zLbYBnTcHiYywHl|bbLkMZHHjp$J1vZTu zn8Fj)JQ|0ol6Z|w+BHpyF!UxVW1K*Bbp(=|4RMDUTL(rJwo)YA#HMwn_nO&FSF)6^OoZ3x8ECWB3= zX!Sh}O+6D$HjN0u2AVdbO*GR@F*Ib;CPtYLP>N_Kf}V-(Q#CybdOar4HBS*dr=;~Z zO{PURlxQ_JrZi|78K`8+c?q$pJu-Sk@=qpcnNK9m8bfKLLsJ@hnKqgPn94I#^d=^g z)b%myo)Mv`=`t8bd-akbfEM8JOfNQ^ae)AUV22RE<-7RE7zPNT4TKq&QPr1<3b-sAlr$uU!j3i|*ozG+P;jy8a_;v@iwrCm4Yk zZ5Lmih-Uj0Yr_%L?=4OGyDbE*sVhu$Gu=MKbqpt|xSVY~@8#oRb;fyDdlbzMrvVg^ z`u5DN3A%q$s6nC6UW{Dc(WVf6ChHb*&b*Pb8KV>>W|g_t-swLYX_Cp4blbxH^}HPE zPpyW=B`JbdARVev%m!$6tzVOKV~O1zu7f7dR!BRpcg_tu(^#-BDI#_iZ@+oyPb$fA`2p>lMdFDU2vH^xf0b zr40|6wGUzS^o{85>A+Od-K#2mf6udRq^=&a@(|90%b##+(EeSR`Srm;T)o@HoS7B&45CWj{KmYjhivWRRalnwDyXw zT@Ld-8~rbn=asVC^ck20-eKOd3H^KR&St7wG9q7!LSM>%QU_*V53_j~U2~v&qx0U> zbs(==v2ZT07LzZOjhi*Hu71+XvYbetS;?7JN9TdIbc9PXg-OUc%zj4yjOj&L+z+#P z7t`eDALV*Vq=9D-mOEADN`CRefaDj`zsV)dRbm8*NAOM0G>GW*B$C zT-5q9wotR{gSLxu0&@MnGj49$iZiSs-6dn0J?*GNupVY#%AAcR5=AtxmMBhap{P1Z zv~cX$-h`#v@W`2 zI3`V7Cc787Zynb1iS=4C@nNOi{qp?{nF#{LrPjM6+Q+i>DZ?2E=JguRos|5WwI*Cr zLDX{`5Q1y^Zg%x(<}h_>17eYo4n>V-0FxZSOKN$nXB!>`4wjH|pnIEU{7%Q51jiq# z`D-&7Uj&=`|D*3q2a=$lNBN8UMN_^xTB|zy=K4J~9_jkq*ZMdjP&{IM1xO?IS(2%T zoydM=*VmM+T#h!@?%|A`Zq&9rrOn6n_;TzhFlc!Og-6|hAUxyXr*}r9!`D6!I@9#A747y z#mfutBh1SZZ@Br9h(`!lnYlW#zCL)9P|Ri$BWMqyWk5nZWE+05F#brOBG}u;Qa&%w z{TpfcEWE5)aEl1hy-Q7g%`(9(0GO}YWdR-NP+w%7h8)jQHqj7q9N-wEc zUWBUF`#S9Ym2Of6TDUN4fO0@pSRs!5PJ-kj!FkM{$vF`v*;}=D(W#A_3jI}2rCiv+ zit{||?feb2Q^%gW+8T@EsYf$kl8SQ;b?Gi@?$tQV^bzOnp=X!tIROnvfXKyLQX!XqHwuik zNN>s}u_rO%pLrB{g#UiyoJ01u0Ojh znxj}&Lh{`l30%+f_wZ4Ar;x*{mJHoNqEg>8hW5CE=)FHgRpPpD6|e0fF*#KkHE#_c zg3M#DakV`$nZcK(s#9%}Vm-uNN#qh)jlBFSI41|Vk2gCNrxO28Z)(u1BFTxM4zQRB zA7moV2yF>N6fE;je&F{BN&odqccrkhrD^yL&noF1w^vAnAXghxk++d9I6LI?nA`^~ zTW}b@5xp#3NM)-l{L8n_)1I!EFPI|1`Rqn=f>J(xlX9==lF;&m9&pStZ-AZ&pH^ju z9Urp9Tgl6APEY!Q7OT-TbUB>Jh*rYII|i2ig)B%9Y5|6`z0`iemXP0DsqPGso(2yCnUeZIR-Y8oT;^hhwO3!$%Sb1;JR+9#7K zGX1mBlOE%oQ_v&;sFsBnBh(dInTUcT!p?uA0q>ERE$6R-rWtdtb-%ryWI5TSw6)bc zD5q_QGM_MaqBz)F8iL6SOR^EAiAo;vXRCH+r!IGWNWs4(x?Qa_F4~g1>Oe3)I(%v4 z*7wJf@-Y=**$Hg7KD&jB(LyFPUc54jm ziT<(}rq8*krdut9T)2AyBq1`_Xr5=&yCF@-mcVFSy35D2ynLGL2#bWsgOPP|iMlE+ zB@fAR)@y}VQJt1?MH+2odTFbwHpvZ*7OGsq_s-fLHAFEdLU%7-AQr!}aY1GbzXD9a zPkVgm!_(}tR5ho+DQ+|zeMLjK%>OE#04^Uxm&pfW#8&F0*T=SQZ=DNE`OsXlZoi(% zYug?96*2|UyMsyz8AQoN8^g1V=2L=R2h_@XW@D$paF$nk(9B%+QfRknIhFOny81P= zYv`l2o}R!gf;^-(Dd#n@?1WJWUfu=OKaDI(i>tE)vxx$uHIqbalM4 z!FCVEHZh`5ML_m{U2Uhshv2P?Id03qIANs)@z|42?F;T)JEO;`=ZfV-xdPq zuNhGMaH`yn7hev3fx4S;B*OgZ8xoy6Hl8i~`2x`kjE0*@JmqHW_OP54pkuqi2~ z@@KuhbH_sI{1H0%AuaS4w$kckRZ_6jD{9fud)4Hk!=l4BqCSKNfR~#4&YQ{)$nv3W(F`HoJVSqIH_xp;l zm|X%OuG9;fa4j`tW>Y1z51ZVzg9mW#Qf?#U)H5lh}EXgZp2P)K+e&YS=m)bVa7F#~C`WbOwB0uJSVu z-saD6QM4&{+Z|vj1IMFbp9+pmQRwkw3wG8Yl1d*|G^Jcc>2-=Z zZ$?~nH-Z;n0R)H#n_ecr0%V1nnnyfSxPhM&xygvP{c3Zq;Ux)DI$bJ^<}#fF0fypn z`yS+Ji8@0y_olXByZf^Z&iA6pdGck3^p6SWUWeWFqnWT&(%ytuf(G?Z4s_xtSa~`z z4@|vciPWxK_$zN+B4}MzeD^>Y8mHg(GnX7w`rwn(y$*~y*SV75jkxmj3F#?sQ9a?M!rVZhI4?A9z-ZcD-6RcWctNE3 z$5y*);bcLpKNgFxe4+y~HYL34-+96cV->H(bqEcpj`8Y@n!71I&a5&0Y^E=3{q7Q4 zQTYZS85f)*7%U1`6v%cEwrjl29`7Ra6!_tr+~9KF>ZQioVfA8vjQ7nE+L(e<*sWi) zg30Ik&?6c_7qyi%a4uFwEQSG(B-RDt>nspbddMYJRcSdS<(20kByVi(=k?1_*Ir#A zLal~#aIT2H9)xx&=#7|shF(<{}O967aU!oyDM+quGnx1J)AFo z*1Pv!eBMJw>xSx5NzRd>)C*{inNLv3^HXz$;CgPBb8zLSstJ_mH9n~FmH zOVr8=bCA1gvh=Lt?isqYm~BPB4c!0kZP~}LY|`TZ+CS!uEd5YBU1k1n5YyP>V*uWP z!r{pBGNLw7=?79EW1v9UP?Q`odg@6gsWmzp4SQ*CNLMIG@A)&FXVih_w6Xdw*IwN6 zXLMxzqsh&pe?B=x=I7LhoIhVeSF6PI8c)ZU-1F#S^<047mcxJ;#|e?&6VNKWDjQ4B zVlnq-F#ST&m67r#iUJHOTPN_&_#4zf{&Pc!oLbEot4fbH%UIZAklesA8RZ#at!~K9 zC$5KnG}8ON(WM2BtA9%M##(U*m?z$}IHitRtMhL8m9Y*cdw5j{%zN*kKO9={t?uy){0V%-VC8`Xpk9k0lJ z%{Ho9L+MF;j<-qj6En(Z4>cLQJ)am~FJ%;B!{5`Ed&C1-IOp*?5dwkqRBP;TYh0$3 zm^*>!6N?};pkvw;33RJWD zO{;go0*|Jlq}L)mXRz8QoLC00ecHR^v;S$^{InH!O*7qDaL!g4J)1F}MX~8_h;T$- zKAT1Fg?k+`?;QgiKF2gK2O$g-3&*+OCW5|%J1Yn`0)C&pSKEdwv_+$3NkkcsoS=lD!xZUVCyWRCnUJsyy||P1W6WcdRTVfWve4W@O5Y`Jdw=`v0Lqe>_?@~@GWT; zBFPb=CdYZ1CxWCUw@es3Sz5(fR}pcuZ|Za*eWM!-#MEcIcSvIldb?vrKO>a)ZdKY5 zF)r{QIH;zWlB~pm$w?Ie?irn`V+WE`%3iu+$}#J)HueTxkcNigoVnI_xA&9SbrYN` zldK3bwL7;uNj>v=64RGt`V*|@)3qAZBf#n3U@uu13%-t$dNqD4$YQV7sMzqgFI_s` ztk$Q+=j7&-&r?3JophVZYbuA2uUIh*XHpE4R0a0wGJ_!pXi!#eThm&=a|`(O$lzG_ zuUFO#Pij29vwL~3Bbnk1Wou-H3d2;Onz&r+JW59ymBvT(N6L5KbFf?>P(8>r$oj2~ zmHE$?f$o_$!ulk4r0B|dG-}CX!D6N6lvAkfroy>BmBFW0MRsi3DO^Gmv63*KH?1#_I)9YMx(!`3n#`1!|xHxv5%Bp4P zQOvo*y3dQTD>p*XeD7rU`-N)BP+ekW*Va9dNH>Mn1AeiAqNJ#T;VfRo<+c&3!C&1d z1vFo#wqa`K$i2wxhRlDUlAj8Y&ptDI>f>ml0RgkhHm+AXJiUB|qWxZm`-C4z8q{q9 zp)0=H5uG`HYR*D_)Vex!Z*jzRv8G)WsmRSkd#m;Psq2Kh5*V)3ITN%h5x*)q;#KIY zo96l<5PgKnmY3n-sk`>1`6Cq_=&z`hnWz#v2!`47Xv=GebI#C1oyg;bSYKu((2AnK zY$~%v(!USLQ+gto%ugd_yVaw%@GE$UpVs zmxFczC->4~+E&gRd*GnDdhqU_mdtKuk2s*pyn8 z37%Rql{2fFNf+bZI_ksrV(%%in4NE5zj(H1;i5mD_SUQUAk{H9Miv(R&?SmPYp_tb~8<=4&ue)qW!eI1mbf zdHUg@9h>oDfPzpM%Na^51wZaOiu8shVcV>C*<{8`79SF?7&Uh7B@Hoqa(cUi>D zH?@V|y8&0%!U5n$a2&4T{093*Z4_e9XwZiHBzTq8b3;t%pHO&l7iCVS> zR!etPCLMepuI`oTE7Q}a@2bBu*+ZP)_EXalEpCZ(EZ2whafA;-xx6*-V71pZDzO23 zrpnxhY;xR!W)w}D!3p3QclK9goEDNiX@bf|>a)a5O|xT9i0MIjkznMtcvx#f3h?E+ zBB(uU-~&B8t+p~S;l)k+6z8u9gD`%JIvf)X*fj%}_vho9e4qfe!U75g@`;Vee^VYS z3I$-DR#xQHf1RmNgE<5^KUJA8St(9}TG*rgrmm2$H3p2?_#>GmGgS|jdZEE=>Gqc^ zESD~P{{S=05`PaS;n^n;oqEDIVS5k-Z?v^D@?gN2K-7=!xK0xhZw z%a4e7zhW0YTM3YSAnQ2qCEF*y>J4j)SEhO9i11if_&jUJK(}8o%WHLSoqCd5M$?(5 zc(u|++@Il;w-terImN&1xmS9(EH7lo_*9J(SMg%krJm^^JuOlbQ2^@Jw+ti&CUhp+xC49{bH%K<4>7R8tfM&^#4b=dFmC+90DNDOW&S zl5K6>h{k>Lo~Kadcr&WiwJPikZSXG^T*-+ObDkvd{6@5VIvqCeZ2uyq%ee|hdaxrC z_Vz`;w=wy<n+G>WdUasBiqi$N(o}8urM#bw?dy)6`g;*pD(4NB{B9Zy^HQWe+(3C`MaBMd z`Ztk?juIQ8XpOM*MR8B#fa+6nD?x9>NRXt3OJ9);0T;2RrZ%eU3{Wn%f5qI9P81|6 H_0GV+DB\nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/README.md b/minimal-examples/http-server/minimal-http-server-multivhost/README.md deleted file mode 100644 index 26c99a1..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# lws minimal http server multivhost - -This creates a single server that creates three vhosts listening on both :7681 and -:7682. Two separate vhosts share listening on :7682. - -|vhost|listens on port|serves| ----|---|--- -localhost1|7681|./mount-origin-localhost1 -localhost2|7682|./mount-origin-localhost2 -localhost3|7682|./mount-origin-localhost3 - -Notice the last two both listen on 7682. If you visit http://localhost:7682, -by default you will get mapped to the first one, localhost2. - -However if you edit /etc/hosts on your machine and add - -``` -127.0.0.1 localhost3 -``` - -so that you can visit http://localhost3:7682 in your browser, lws will use the -`Host: localhost3` header sent by your browser to select the localhost3 vhost -for the connection, and you will be served content from ./mount-origin-localhost3 - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 ---die-after-vhost | For testing failure handling - -``` - $ ./lws-minimal-http-server-multivhost -[2018/03/16 09:37:20:0866] USER: LWS minimal http server-multivhost | visit http://localhost:7681 / 7682 -[2018/03/16 09:37:20:0867] NOTICE: Creating Vhost 'localhost1' port 7681, 1 protocols, IPv6 off -[2018/03/16 09:37:20:0868] NOTICE: Creating Vhost 'localhost2' port 7682, 1 protocols, IPv6 off -[2018/03/16 09:37:20:0869] NOTICE: Creating Vhost 'localhost3' port 7682, 1 protocols, IPv6 off -[2018/03/16 09:37:20:0869] NOTICE: using listen skt from vhost localhost2 -``` - -Visit http://localhost:7681 and http://localhost:7682 - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/minimal-http-server.c b/minimal-examples/http-server/minimal-http-server-multivhost/minimal-http-server.c deleted file mode 100644 index b3677a2..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/minimal-http-server.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - * lws-minimal-http-server-multivhost - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount_localhost1 = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin-localhost1", - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}, mount_localhost2 = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin-localhost2", - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}, mount_localhost3 = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin-localhost3", - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -void vh_destruction_notification(struct lws_vhost *vh, void *arg) -{ - lwsl_user("%s: called, arg: %p\n", __func__, arg); -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server-multivhost | visit http://localhost:7681 / 7682\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - /* - * Because of LWS_SERVER_OPTION_EXPLICIT_VHOSTS, this only creates - * the context and no longer creates a default vhost - */ - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* it's our job now to create the vhosts we want: - * - * - "localhost1" listen on 7681 and serve ./mount-origin-localhost1/ - * - "localhost2" listen on 7682 and serve ./mount-origin-localhost2/ - * - "localhost3" share 7682 and serve ./mount-origin-localhost3/ - * - * Note lws supports dynamic vhost creation and destruction at runtime. - * When using multi-vhost with your own protocols, you must provide a - * pvo for each vhost naming each protocol you want enabled on it. - * minimal-ws-server-threads demonstrates how to provide pvos. - */ - - info.port = 7681; - info.mounts = &mount_localhost1; - info.error_document_404 = "/404.html"; - info.vhost_name = "localhost1"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create first vhost\n"); - goto bail; - } - - info.port = 7682; - info.mounts = &mount_localhost2; - info.error_document_404 = "/404.html"; - info.vhost_name = "localhost2"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create second vhost\n"); - goto bail; - } - - /* a second vhost listens on port 7682 */ - info.mounts = &mount_localhost3; - info.error_document_404 = "/404.html"; - info.vhost_name = "localhost3"; - info.finalize = vh_destruction_notification; - info.finalize_arg = NULL; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create third vhost\n"); - goto bail; - } - - if (lws_cmdline_option(argc, argv, "--die-after-vhost")) { - lwsl_warn("bailing after creating vhosts\n"); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/404.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/404.html deleted file mode 100644 index 8f66287..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404 (vhost localhost1)

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/favicon.ico b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/index.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/index.html deleted file mode 100644 index 042a0b9..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/index.html +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - -
- - - Hello from the minimal http server multivhost example.
-
- This was served from ./mount-origin-localhost1/index.html
-
- You can confirm the 404 page handler by going to this - nonexistant
page. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost1/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/404.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/404.html deleted file mode 100644 index 3f1a438..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404 (vhost localhost2)

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/favicon.ico b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/index.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/index.html deleted file mode 100644 index 2a12308..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/index.html +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - -
- - Hello from the minimal http server multivhost example.
-
- This was served from ./mount-origin-localhost2/index.html
-
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost2/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/404.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/404.html deleted file mode 100644 index c891f79..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404 (vhost localhost3)

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/favicon.ico b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/index.html b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/index.html deleted file mode 100644 index a38b75c..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/index.html +++ /dev/null @@ -1,17 +0,0 @@ - - - - - - -
- - Hello from the minimal http server multivhost example.
-
- This was served from ./mount-origin-localhost3/index.html
-
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-multivhost/mount-origin-localhost3/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-proxy/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-proxy/CMakeLists.txt deleted file mode 100644 index 4c582a0..0000000 --- a/minimal-examples/http-server/minimal-http-server-proxy/CMakeLists.txt +++ /dev/null @@ -1,80 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-proxy) -set(SRCS minimal-http-server-proxy.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITH_HTTP_PROXY 1 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-proxy/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-proxy/minimal-http-server-proxy.c b/minimal-examples/http-server/minimal-http-server-proxy/minimal-http-server-proxy.c deleted file mode 100644 index af9b1a2..0000000 --- a/minimal-examples/http-server/minimal-http-server-proxy/minimal-http-server-proxy.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * lws-minimal-http-server-proxy - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal tls reverse proxy - */ -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "warmcat.com/", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_HTTPS, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server proxy | visit https://localhost:7681\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-proxy/mount-origin/http2.png deleted file mode 100644 index 439bfa482fa00e69af2d562f17a6e89453eb98cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7563 zcmV;69dzP}P)hJCKl}1r-pgb%At50^h&s(NL+gbgh*}K=@24(BV^6&tYNdLrZS7HN zyRhvft=8kJ)}>`BinW|B6&C>(SXZ@*0u?HyMyuE;F`57gnPfs{=FNL~F8gx+c%FA| z?>m_n2rSNOzH7~znf?5p=h^%B?7e^Y4X1Dlr*I0Va0;hz3a9X26Jj|6@4W!nv17+9 z?fCdOJ9q9B+sgm%*u7f-Y#kf(ckJFRwvLT?)~pe`_UsW`Mn>GudC%LnZJTGu4j3B~ z^X~=N`jVHxo;_l3no34T8Ld<-larp^yM6g$-=*#LXS`^id%@0~qWiwxyLbEX@o_JN z@GOBP8Q{Ga?A$5$w^~7zWikyzS5Zo-JeM+x#AKTKwNk2PttLgMBV>{YH8iAbyB!DC zX1P*fn&+Yx$4S!|Us1|60i%=~4gw*Kkx8eclyedwlTt-eIw55ZKsYC@wI)=m(R40Z zp|yJiuu0-i8yfP{c`j>1L#6?0MWYb{C~Kuv%5}$(typ2*#6N?=@0pSX+EKt*a;%k>@EwSkkmjr_&_QkK>%7)yk;XYZ#N^ zoW=WqT5TAuL%av?9Z6#FJ|<1u4<0`Ji$Lq|SE6X|%8eVF;^K?V{ITkOUw_vbXQ;E1 zWXNRM=GB$T`SHe$XHl(=5Ji$8a7gJ0!#Ywbobz}u(Yp98r9udcQgytyK!kI;Tvrk) z1z-#I3x`r3=Oo_C*)}Nyj4?QuBSeOCO^nHL&LCxulrhc)IF}FvRjd^hvq|HeB}sC! zEF(!8XQin*&}{BQsTC{t>}h%L#r#>&!vMTz%g&u*GEGR6?>orIjBc(!0iIgA&I9GJKK=&(pgb+aSTPZ=g*%3wEPIT|--tP%R0f_S17VjYl zJk~m#^C%@|83v$KK@S2Um|X%&)dnY9bfs1pB-EnvgtX`5l4?60*3&mS5znnvd4$ZcYjEwM-7r&StS6<1pHf{3d5-OIR z)&l49iV(^P;m+>Ufxa_fG>Y7TFwAVHlcTjq2um0`yccLKI-L$vQ&TjKA7}O}m&}`< zo@Q!liZstjO1cxF)ovq$U|G6Onu_V^X$~Dagb;$&t5*XsIXTHKx8BM(Z@Z0u|He1O z=4U*^m&;US_Kqe`u6XB7l0^=II?dac+bCn?|Z!JwXbDnW`>V_<}-Zmum8H}Pq73Y&iUyy zZB&Pbnyu++yF3GcX!UAo4j%oo0AtXs#^ zpZ2r`X^~mY#kf(i=Wt!0Yc@u6wZZF7zTu4jQ0WFD;8}` z_wU)m`Okm;@|}D<=)(}_9QXdmf6(r9xapQ#xclzA0eHowmloo*_*fPpa-8$R`^;vU z-&w1{ocIO$G2o6nWL~L6S))-qT`7(CvQ%n%)=v~goVkAef(}0Lzyny@LwZt?Wf>Q~ z@P!N7F4?-3cVBTucbOK90EG}j7*o~5!*bi2HC?@-zb5EGFgfYdG&NPFS{-ZCiV$tQ zw@85m*0zKgLv(932a`K59J5Y%Ei=O{{wAO6guz{Ced@=vyvdd6H z6gq+T0x3P-8=Nyj2o+iz?4F#I-g_(N&8prRux5>@N0DtGK5U1*mt+}$BhMvaxTIbE zWFibh?z-)^Li2;-w{yk7y%(k8Wl<_6&r>O7mS>q6>vVehzhDa&;Muy>9XW8oue*5jT3@oV!~x8hzIW5VJ3Os-y5ZMhG!96h$?!lph@(?OF4^pVWJ{jEsoT+Gs@UIzdpy`(oFb zQ+S^0OTnX*1vFZVwlTR-D&4zxFWxWgdViN#t0i+|bX2QplnU@ZEC=r&>xSp^ob2a6 zCx7T6@`DF)jRrn1R+(D4618d-`iwJ(pZ#oP;edJcP^!=b=k~4R7;`)`CJnqdlTqZv zAlBevrBsq6T^Zz2%9Ok9+}#5(BDwEA8aLle>pR~e`N0oxozC)u(3<$X^BB715=MUO zw+PPe=f_zB))ub$?tWDoLz(w26~}hVh7DaCVeWN3581Ip93LH3K@bFi)*%oBEU*T< z^0yCMtHtz}zQnO>t|9%&PX_ON7sim>doRho_j2STA0d3jE7-7O2XX04IU(lvsc?(M z2%%k;<$z;y^2Dkz0OR9?jfO&qm4smp==%M;J8b`VrzwwIeKkMZyqQDqdCy}T{2~bF z$p7h|xc|Zn+5LeJ6#D*&Ft;~(ycY6}69!k;fhH;N-%`rZ8RK_NO-U9h ze|-h}Oc)AlOckYcX=PcQo4e7NVn@t#4qtT@`(OD=vY-9zv5oFgVD(Ra!dJ$|NS0zk zp#pbf28H+z0*z8}E~ToBjPy+5z6@AVL~c?#od(9V$_R`uHyOHtkj5>yaP$+OSaLsj zBCzSm5w3mV3wy*_51f-|tr0?vgkhzslo*4azV_P#d^$XAA}Jebk~9c{?k4CK%l{RZ zT}EfVN9akyuik$@pT6p;b{^dwD-kTKi5YTa)FRKaz=vqxgahw`! zEygsEvQzp6#B7kW#PFq;(mMbAfjd71>;Vn{184hBdkFjcGq-dPe1SuoaAwonMOhzci`)rH}mR0{$uXC>n@V1DGu%1#}Dqg zhdn?3G2fq@m5$*i0{FWeRzoWr})T`$fLZ9tMm9GKxgI(^)wjhE?Kt6+%>TPMt^<2H5b{xAGUC z`3yg}=blG3@cDSgyWT}UG&B&c1STJNV6LGnrn|~pkzSKWN`*EI?e1o?$C_Po(J8H? zpk5zAsbX&m0#mw}PRN8eyzX_Jb>^7^4WJ){)~tHzO9!TRNkW>Ya}C}XjOf||*4j>< z+c3*qXKKnXmIA#?01&N~FhyW7ER&!t-sj8BfRlxI)24xGJ3!K9K&hY1qMMv0Wjg`3 z^tr!x35<_>tF;RXmr@R7rB=1H$UMoA)#^ZW4rl|_t^;LGQ*|h1u{J~qVF6oYtid40 zP;QLXS|24zIyjfk(mqMS5p(3oKy-(Js9GfmdNkZ3DN89s6oqxISHwcZ`@>KzUcvoU z;V^WWlpVbHC{+bQq?}7no68D&LSQB)2BLca*tlWCT*E?5&;br>WvEo(A&#`+#2>9i6lAiX~9w2Y7D)hcQXh+C(~+*^!aK6d_fq z2pEb+EQWk%Ic9O#j9|{^LM&-vR2YR&mjV7xpI*!cpXAxm0K0ZYM5Owj!2e;$bT7T`6nel=PzlFr3GrSU#ShzO-( zzzZqG#~Had2@K^j5CCXIJb6fRH@YHCNE2A7HEPenGrrsnY!+} zfoN|4{@XL3$%_^xO3emE3KYhhbH14*3C<-OYc;pLPY}?~1Lmr84P*C zKL6C;|2=t`?{^{?;8x&&U2z4A!(3%TN7r>PDVBm)K_Fe}6IhHM25i~1$p=#ALdu+> zp<$GYkW%4&IJ*o^GJKM7^kW|zi1rqsS*`Lv-~8s@i(Q5kt}qD%2oYDL3`Cv}7#IQC z#(3p@h_#9$S5PlVJUYqK|JY|gJJ8q9fNOwvzWwd2EK_iM`Xhuu2w5s|bQ8QHDc#;a z^#Z*Nn4I)s5SU!bqonB!)|xWuNX+^KPhxo796rqChd(?J?F~S)UguA)ymD!x`6)9+ zf@f5V z-}}9RXdeKs1GfL^pU%0!`=M(Lb<<>v4A)dUH|ezQY#AAG1H}bWu#pf=jA>zQUY5U^ zQpZ*pGnXRw7%}m__mMyN;6Swh2iSD(xxDKg?^t+Yu{K&*tlj#eluoBjk~Dl2wO6cJ z<9N+$2D1haPfZ!=+;o2Y_ypchB18i)vwFbe^amXO>Q|Zm;ui;^{W@@$5M1-Of7{RT z(TgHG#G_P>5Yx2V$A$N@F)<-o97$pc2CRp`DrJr|8Z+d1yR5)CDbqiH=phdN?(Ysn zJ4NyJ-+uY!ykNPyg!!|faNZicx8!*ect0)MZP6{*o{xSE5K*nB1BlODv0@EE)G?+) zp;bLDCipz(z~z@?A9-XT`o9FC_3Qb_ps|7?ZPo(@=Q5I{nWkw+NGVpVS<{sOC-w>M z+__U61KP%{qEcBw7_P#(3dYQ($UMf)aN^1qakR~lnh#ohF(V; z{QJK@7%fFm^_ZCy;}GLD@Zv+6e$Nm?tRdinp$28i~~$g;)IwgOVpcq z?+Aj&R0!mnO&)s7TX3z`K=dC39;ny3;R|1&@>mikjS-~{V+aC+){(My9ZFS((^L+W zB4f06LrP_NyWOD37tR4g5n~v9`a8$L-}xQVpZ;_p@-G9o2*KyCxrTE$ZyxwH3sB4i zMX?M5qG(7e6}vnShgPoa(R-GR4R)N>4w1KrctDxLERX@saDrB*@+p;WrI)5!+f18l41m6QgpV~Xhbf&UG>_~MKC(7bAnfibUknZgSs@V@Y8Div14Fw&6k9vSIjS^u~|ttN!E zqSJ0ag7+E5__BU*pfBIP`|g1^JwvhSRW@wk%m45XsK=>d1KqlYV!1l!8+qPxY1%i< zw0~S+{d#l|SZl2(O`Aw57UTz=z%0)8?&ZPX_znF0ko6Mqz=whVjAL%P{(4rQpqA)S zLQupq1A-t+jmZGU3MsI>F=RU(FN`rQA(DD=c!}>ZJo?=?HN^w3e?9itv1Msnz@G!( zl#=VNzM3u1eeUwZS`Kq{!=m&I8S*@r)>>JsNuKt!!9!!#IUPzF5Jf8xLgSpCwYU2O zNnE?lgKvD}Kq<371KtRHZ`CTkdh^Y^^-XVjbOT)q-F_7g+@fM+&ME5HvuF95A%Lj| zAC$Eyibg7x8bMG;h=|1jhy&O47U{n?+f^3WkB-v55w z@=4H3V&u1fo657EwXm@`n8gu>VeDLN^SnENrE7QAOZ)cmiVuI7Uw-B@=Ngsrq$wCv zQ9+=L5b^Flr^xhGgoeY=S?4rbhX_$9LGvR+T|K~i4*lUDGIQgN19h|pydGF{^eDcl zNj@pK?e^Pw@W6qEjYU$oL~BuvqSzW^!ikBV9G|}P+DuKks2I4NJu;{82ran(@c1}W zpa1+x8^}pRktgUe#sebvJ{Msqbr_1pm8Sh8Ln9;7N0B4XQ=D^vMeA zv?vl8)Tvg7kx~)_k}M0$+`EBofhQeZT}23wltr4q_wC#{mt|Rc#@S~NkRLEUPCJgZ zEOG-K5S8b2Eewu6iB%#4qg&Ael%8yll*$-mDz%!}yLa#Mm7}{p`&lKEM2OLS%k(GfJb`&L@j2(7TLeUlpW+;m zJP(nwF0|Ipxgc7-S}qoY{VGSPJpJi;Dnv(WT^vQx=|B*4voE2TV&FY5zVO232Hc&O z^Y@Rg&c6H_DmGp}`@0_#ip&s!wS~r-=Z@moJxiLlvpmmLy>4uuLsa@ILT+Tln};8k zMr*<>Go??UIH*vmLK7^~W{Md#H=uIxsgk{{ldzM%?^GcO#uQ))l>wpgehqc|F%2Gpld~8Yog}(lkVCgAggs<>jDs+3}*T-}|DjuQ&)XFJ0Lh=Za%H zgwR;4kTS!$;xNTL2c-gxNzu9p+FDzL@2!=1?{H3#=NZ->quoAi8jWMhxz0=+XPXWl zw2M!b?R%i&=I8F^S_*}wl{ z-@eZJk&)BlN~MO@3dr)~#~*1XNyipnN7mxFGL<9^oMZjaP;ty{wOU8Y2xHnLNrxz^ zmVSi@5ajuB($t`oL+gkz9Kzb7;=9=RELoNlhCwNgDP7%BDT-sjk!3A}5U$;B<;D;x zHMDPLW-;748u%hnWzj6xlHRkedG}xYaME>M@*V_b%r=s$_rzZ*V@V~TR{+XLLrVR z=Q87cV2n{(%20-34$!pL$IfLg46XJ)Aj{f`QbH9cMaDvFDa#@bp;Si%fs~LqYopwI z8Cly&tJUeq+U!85lWjS4$cpXTdwhZ?mS5Yq%R4}B9UGJTTPhmZZtJ}1wQFiht{oZCL6S%}GUB^Nh^$nK1im;H05cO4dA4p{&$Jwyn(}Pg z - - - - - -
- - Hello from the minimal https server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. -
-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-smp/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-smp/CMakeLists.txt deleted file mode 100644 index ab2718e..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/CMakeLists.txt +++ /dev/null @@ -1,91 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-smp) -set(SRCS minimal-http-server-smp.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared pthread) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-smp/README.md b/minimal-examples/http-server/minimal-http-server-smp/README.md deleted file mode 100644 index 6bc0096..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# lws minimal http server with multithreaded service - -Lws supports multithreaded service... build lws with `-DLWS_MAP_SMP=`, the -default is 1. If nonzero, some extra pthreads locking is built into lws and it supports multiple -independent service threads. - -![lws-smp-overview](../../doc-assets/lws-smp-ov.png) - -When an incoming connection is accepted, it is bound to the pt with the lowest current wsi -count, to keep the load on the threads balanced. Only the pt the wsi is bound to can service -the thread, so although there can be as many wsi being serviced simultaneously as there are -service threads, a wsi can only be service by the pt it is bound to. - -The effectiveness of the scalability depends on the load. Here is an example of roughly what can be expected - -![lws-smp-example](../../doc-assets/lws-smp-example.png) - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-smp -[2018/03/07 17:44:20:2409] USER: LWS minimal http server SMP | visit http://localhost:7681 -[2018/03/07 17:44:20:2410] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -[2018/03/07 17:44:20:2411] NOTICE: Service threads: 10 -``` - -Visit http://localhost:7681 and use ab or other testing tools - diff --git a/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-smp/minimal-http-server-smp.c b/minimal-examples/http-server/minimal-http-server-smp/minimal-http-server-smp.c deleted file mode 100644 index ae07e4a..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/minimal-http-server-smp.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * lws-minimal-http-server-smp - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal multithreaded http server you can make with lws. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - * - * Also for simplicity the number of threads is set in the code... note that - * the real number of threads possible is decided by the LWS_MAX_SMP that lws - * was configured with, by default that is 1. Lws will limit the number of - * requested threads to the number possible. - */ - -#include -#include -#include -#include - -#define COUNT_THREADS 8 - -static struct lws_context *context; -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void *thread_service(void *threadid) -{ - while (lws_service_tsi(context, 10000, - (int)(lws_intptr_t)threadid) >= 0 && - !interrupted) - ; - - pthread_exit(NULL); - - return NULL; -} - -void sigint_handler(int sig) -{ - interrupted = 1; - lws_cancel_service(context); -} - -int main(int argc, const char **argv) -{ - pthread_t pthread_service[COUNT_THREADS]; - struct lws_context_creation_info info; - void *retval; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server SMP | visit http://127.0.0.1:7681\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - if ((p = lws_cmdline_option(argc, argv, "-t"))) { - info.count_threads = atoi(p); - if (info.count_threads < 1 || info.count_threads > LWS_MAX_SMP) - return 1; - } else - info.count_threads = COUNT_THREADS; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - lwsl_notice(" Service threads: %d\n", lws_get_count_threads(context)); - - /* start all the service threads */ - - for (n = 0; n < lws_get_count_threads(context); n++) - if (pthread_create(&pthread_service[n], NULL, thread_service, - (void *)(lws_intptr_t)n)) - lwsl_err("Failed to start service thread\n"); - - /* wait for all the service threads to exit */ - - while ((--n) >= 0) - pthread_join(pthread_service[n], &retval); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-smp/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-smp/mount-origin/index.html deleted file mode 100644 index e677926..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/index.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - -
- - Hello from the minimal http server SMP example. - - - diff --git a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-smp/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-smp/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-smp/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-sse-ring/CMakeLists.txt deleted file mode 100644 index 464cfbe..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/CMakeLists.txt +++ /dev/null @@ -1,91 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-sse-ring) -set(SRCS minimal-http-server-sse-ring.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/README.md b/minimal-examples/http-server/minimal-http-server-sse-ring/README.md deleted file mode 100644 index 08c21bb..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# lws minimal http Server Side Events + ringbuffer - -This demonstates serving both normal content and -content over Server Side Events, where all clients -see the same data via a ringbuffer. - -Two separate threads generate content into the -ringbuffer at random intervals. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-sse -[2018/04/20 06:09:56:9974] USER: LWS minimal http Server-Side Events + ring | visit http://localhost:7681 -[2018/04/20 06:09:57:0148] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -``` - -Visit http://localhost:7681, which connects back to the server using SSE -and displays the incoming data. Connecting from multiple browsers shows -the same content from the server ringbuffer. - diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/minimal-http-server-sse-ring.c b/minimal-examples/http-server/minimal-http-server-sse-ring/minimal-http-server-sse-ring.c deleted file mode 100644 index 2e51c2f..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/minimal-http-server-sse-ring.c +++ /dev/null @@ -1,395 +0,0 @@ -/* - * lws-minimal-http-server-sse - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that can serve both normal static - * content and server-side event connections. - * - * To keep it simple, it serves the static stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include -#include -#include -#include - -/* one of these created for each message in the ringbuffer */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - struct pss *pss_list; - struct lws *wsi; - uint32_t tail; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct vhd { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct pss *pss_list; /* linked-list of live pss*/ - pthread_t pthread_spam[2]; - - pthread_mutex_t lock_ring; /* serialize access to the ring buffer */ - struct lws_ring *ring; /* ringbuffer holding unsent messages */ - char finished; -}; - -static int interrupted; - -#if defined(WIN32) -static void usleep(unsigned long l) { Sleep(l / 1000); } -#endif - - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -/* - * This runs under the "spam thread" thread context only. - * - * We spawn two threads that generate messages with this. - * - */ - -static void * -thread_spam(void *d) -{ - struct vhd *vhd = (struct vhd *)d; - struct msg amsg; - int len = 128, index = 1, n; - - do { - /* don't generate output if nobody connected */ - if (!vhd->pss_list) - goto wait; - - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - /* only create if space in ringbuffer */ - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - lwsl_user("dropping!\n"); - goto wait_unlock; - } - - amsg.payload = malloc(len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - goto wait_unlock; - } - n = lws_snprintf((char *)amsg.payload, len, - "%s: tid: %p, msg: %d", __func__, - (void *)pthread_self(), index++); - amsg.len = n; - n = lws_ring_insert(vhd->ring, &amsg, 1); - if (n != 1) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - } else - /* - * This will cause a LWS_CALLBACK_EVENT_WAIT_CANCELLED - * in the lws service thread context. - */ - lws_cancel_service(vhd->context); - -wait_unlock: - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - -wait: - /* rand() would make more sense but coverity shrieks */ - usleep(100000 + (time(NULL) & 0xffff)); - - } while (!vhd->finished); - - lwsl_notice("thread_spam %p exiting\n", (void *)pthread_self()); - - pthread_exit(NULL); - - return NULL; -} - - -static int -callback_sse(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - struct vhd *vhd = (struct vhd *)lws_protocol_vh_priv_get( - lws_get_vhost(wsi), lws_get_protocol(wsi)); - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], - *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - 1]; - const struct msg *pmsg; - void *retval; - int n; - - switch (reason) { - - /* --- vhost protocol lifecycle --- */ - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), sizeof(struct vhd)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) - return 1; - - pthread_mutex_init(&vhd->lock_ring, NULL); - - /* start the content-creating threads */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (pthread_create(&vhd->pthread_spam[n], NULL, - thread_spam, vhd)) { - lwsl_err("thread creation failed\n"); - goto init_fail; - } - - return 0; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - init_fail: - vhd->finished = 1; - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (vhd->pthread_spam[n]) - pthread_join(vhd->pthread_spam[n], &retval); - - if (vhd->ring) - lws_ring_destroy(vhd->ring); - - pthread_mutex_destroy(&vhd->lock_ring); - return 0; - - /* --- http connection lifecycle --- */ - - case LWS_CALLBACK_HTTP: - /* - * `in` contains the url part after our mountpoint /sse, if any - * you can use this to determine what data to return and store - * that in the pss - */ - lwsl_info("%s: LWS_CALLBACK_HTTP: '%s'\n", __func__, - (const char *)in); - - /* SSE requires a http OK response with this content-type */ - - if (lws_add_http_common_headers(wsi, HTTP_STATUS_OK, - "text/event-stream", - LWS_ILLEGAL_HTTP_CONTENT_LEN, - &p, end)) - return 1; - - if (lws_finalize_write_http_header(wsi, start, &p, end)) - return 1; - - /* add ourselves to the list of live pss held in the vhd */ - - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - - /* - * This tells lws we are no longer a normal http stream, - * but are an "immortal" (plus or minus whatever timeout you - * set on it afterwards) SSE stream. In http/2 case that also - * stops idle timeouts being applied to the network connection - * while this wsi is still open. - */ - lws_http_mark_sse(wsi); - - /* write the body separately */ - - lws_callback_on_writable(wsi); - - return 0; - - case LWS_CALLBACK_CLOSED_HTTP: - /* remove our closing pss from the list of live pss */ - - lws_ll_fwd_remove(struct pss, pss_list, pss, vhd->pss_list); - return 0; - - /* --- data transfer --- */ - - case LWS_CALLBACK_HTTP_WRITEABLE: - - lwsl_info("%s: LWS_CALLBACK_HTTP_WRITEABLE\n", __func__); - - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) - break; - - p += lws_snprintf((char *)p, end - p, - "data: %s\x0d\x0a\x0d\x0a", - (const char *)pmsg->payload); - - if (lws_write(wsi, (uint8_t *)start, lws_ptr_diff(p, start), - LWS_WRITE_HTTP) != lws_ptr_diff(p, start)) - return 1; - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct pss, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - - return 0; - - case LWS_CALLBACK_EVENT_WAIT_CANCELLED: - if (!vhd) - break; - /* - * let everybody know we want to write something on them - * as soon as they are ready - */ - lws_start_foreach_llp(struct pss **, ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - return 0; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - { "sse", callback_sse, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* override the default mount for /sse in the URL space */ - -static const struct lws_http_mount mount_sse = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/sse", /* mountpoint URL */ - /* .origin */ NULL, /* protocol */ - /* .def */ NULL, - /* .protocol */ "sse", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_sse, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http Server-Side Events + ring | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/example.js deleted file mode 100644 index b32bf0b..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/example.js +++ /dev/null @@ -1,38 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - - var head = 0, tail = 0, ring = new Array(); - - es = new EventSource("/sse/sourcename"); - try { - es.onopen = function() { - // console.log("EventSource opened"); - document.getElementById("r").disabled = 0; - }; - - es.onmessage = function got_packet(msg) { - var n, s = ""; - - // console.log(msg.data); - ring[head] = msg.data + "\n"; - head = (head + 1) % 50; - if (tail === head) - tail = (tail + 1) % 50; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 50; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - /* there is no onclose() for EventSource */ - - } catch(exception) { - alert("

Error " + exception); - } - -}, false); diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/index.html deleted file mode 100644 index 576c9eb..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/index.html +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - -
- - Hello from the minimal http Server Side Events + Ring example. -

- This is a static page served from ./mount-origin/index.html. -

- It connects back to the server at /sse/sourcename using EventSource()
- and displays the perioding incoming event data below. -

- The data is being produced by two asynchronous threads at the server, - which each sleep for a random period inbetween samples. -

-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse-ring/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-sse/CMakeLists.txt deleted file mode 100644 index c22a71f..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-sse) -set(SRCS minimal-http-server-sse.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-sse/README.md b/minimal-examples/http-server/minimal-http-server-sse/README.md deleted file mode 100644 index cc8f478..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# lws minimal http Server Side Events - -This demonstates serving both normal content and -content over Server Side Events. - -## build - -``` - $ cmake . && make -``` - -## usage - -You can give -s to listen using https on port :443 - -``` - $ ./lws-minimal-http-server-sse -[2018/04/20 06:09:56:9974] USER: LWS minimal http Server-Side Events | visit http://localhost:7681 -[2018/04/20 06:09:57:0148] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -``` - -Visit http://localhost:7681, which connects back to the server using SSE -and displays the incoming data. Connecting from multiple browsers shows -content individual to the connection. - diff --git a/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-sse/minimal-http-server-sse.c b/minimal-examples/http-server/minimal-http-server-sse/minimal-http-server-sse.c deleted file mode 100644 index cb60774..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/minimal-http-server-sse.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - * lws-minimal-http-server-sse - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal http server that can serve both normal static - * content and server-side event connections. - * - * To keep it simple, it serves the static stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include -#include -#include - -/* - * Unlike ws, http is a stateless protocol. This pss only exists for the - * duration of a single http transaction. With http/1.1 keep-alive and http/2, - * that is unrelated to (shorter than) the lifetime of the network connection. - */ -struct pss { - time_t established; -}; - -static int interrupted; - -#define SECS_REPORT 3 - -static int -callback_sse(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], *start = &buf[LWS_PRE], - *p = start, *end = &buf[sizeof(buf) - 1]; - - switch (reason) { - case LWS_CALLBACK_HTTP: - /* - * `in` contains the url part after our mountpoint /sse, if any - * you can use this to determine what data to return and store - * that in the pss - */ - lwsl_notice("%s: LWS_CALLBACK_HTTP: '%s'\n", __func__, - (const char *)in); - - pss->established = time(NULL); - - /* SSE requires a response with this content-type */ - - if (lws_add_http_common_headers(wsi, HTTP_STATUS_OK, - "text/event-stream", - LWS_ILLEGAL_HTTP_CONTENT_LEN, - &p, end)) - return 1; - - if (lws_finalize_write_http_header(wsi, start, &p, end)) - return 1; - - /* - * This tells lws we are no longer a normal http stream, - * but are an "immortal" (plus or minus whatever timeout you - * set on it afterwards) SSE stream. In http/2 case that also - * stops idle timeouts being applied to the network connection - * while this wsi is still open. - */ - lws_http_mark_sse(wsi); - - /* write the body separately */ - - lws_callback_on_writable(wsi); - - return 0; - - case LWS_CALLBACK_HTTP_WRITEABLE: - - lwsl_notice("%s: LWS_CALLBACK_HTTP_WRITEABLE\n", __func__); - - if (!pss) - break; - - /* - * to keep this demo as simple as possible, each client has his - * own private data and timer. - */ - - p += lws_snprintf((char *)p, end - p, - "data: %llu\x0d\x0a\x0d\x0a", - (unsigned long long)time(NULL) - - pss->established); - - if (lws_write(wsi, (uint8_t *)start, lws_ptr_diff(p, start), - LWS_WRITE_HTTP) != lws_ptr_diff(p, start)) - return 1; - - lws_set_timer_usecs(wsi, SECS_REPORT * LWS_USEC_PER_SEC); - - return 0; - - case LWS_CALLBACK_TIMER: - - lwsl_notice("%s: LWS_CALLBACK_TIMER\n", __func__); - lws_callback_on_writable(wsi); - - return 0; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - { "sse", callback_sse, sizeof(struct pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -/* override the default mount for /sse in the URL space */ - -static const struct lws_http_mount mount_sse = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/sse", /* mountpoint URL */ - /* .origin */ NULL, /* protocol */ - /* .def */ NULL, - /* .protocol */ "sse", - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_CALLBACK, /* dynamic */ - /* .mountpoint_len */ 4, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* default mount serves the URL space from ./mount-origin */ - -static const struct lws_http_mount mount = { - /* .mount_next */ &mount_sse, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http Server-Side Events | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - - info.protocols = protocols; - info.mounts = &mount; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.port = 7681; - if (lws_cmdline_option(argc, argv, "-s")) { - info.port = 443; - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/example.js deleted file mode 100644 index af73512..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/example.js +++ /dev/null @@ -1,38 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - -var head = 0, tail = 0, ring = new Array(); - - es = new EventSource("/sse/sourcename"); - try { - es.onopen = function() { - // console.log("EventSource opened"); - document.getElementById("r").disabled = 0; - }; - - es.onmessage = function got_packet(msg) { - var n, s = ""; - - // console.log(msg.data); - ring[head] = msg.data + "\n"; - head = (head + 1) % 50; - if (tail === head) - tail = (tail + 1) % 50; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 50; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - /* there is no onclose() for EventSource */ - - } catch(exception) { - alert("

Error" + exception); - } - -}, false); diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/index.html deleted file mode 100644 index 42f6b83..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/index.html +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - -
- - Hello from the minimal http Server Side Events example. -

- This is a static page served from ./mount-origin/index.html. -

- It connects back to the server at /sse/sourcename using EventSource()
- and displays the periodic incoming event data below. -

-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-sse/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-sse/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-tls-80/CMakeLists.txt deleted file mode 100644 index 01305f8..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-tls-80) -set(SRCS minimal-http-server-tls-80.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/README.md b/minimal-examples/http-server/minimal-http-server-tls-80/README.md deleted file mode 100644 index 83a7a94..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/README.md +++ /dev/null @@ -1,64 +0,0 @@ -# lws minimal http server with tls and port 80 redirect - -## build - -``` - $ cmake . && make -``` - -## usage - -Because this listens on low ports (80 + 443), it must be run as root. - -``` - $ sudo ./lws-minimal-http-server-tls-80 -[2018/03/20 13:23:13:0131] USER: LWS minimal http server TLS | visit https://localhost:7681 -[2018/03/20 13:23:13:0142] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/20 13:23:13:0142] NOTICE: Using SSL mode -[2018/03/20 13:23:13:0146] NOTICE: SSL ECDH curve 'prime256v1' -[2018/03/20 13:23:13:0146] NOTICE: HTTP2 / ALPN enabled -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: Loaded client cert localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath -[2018/03/20 13:23:13:0196] NOTICE: Loaded client cert private key localhost-100y.key -[2018/03/20 13:23:13:0196] NOTICE: created client ssl context for default -[2018/03/20 13:23:14:0207] NOTICE: vhost default: cert expiry: 730459d -``` - -Visit http://localhost - -This will go first to port 80 using http, where it will be redirected to -https and port 443 - -``` -07:41:48.596918 IP localhost.http > localhost.52662: Flags [P.], seq 1:100, ack 416, win 350, options [nop,nop,TS val 3906619933 ecr 3906619933], length 99: HTTP: HTTP/1.1 301 Redirect - 0x0000: 4500 0097 3f8f 4000 4006 fccf 7f00 0001 E...?.@.@....... - 0x0010: 7f00 0001 0050 cdb6 6601 dfa7 922a 4c06 .....P..f....*L. - 0x0020: 8018 015e fe8b 0000 0101 080a e8da 4a1d ...^..........J. - 0x0030: e8da 4a1d 4854 5450 2f31 2e31 2033 3031 ..J.HTTP/1.1.301 - 0x0040: 2052 6564 6972 6563 740d 0a6c 6f63 6174 .Redirect..locat - 0x0050: 696f 6e3a 2068 7474 7073 3a2f 2f6c 6f63 ion:.https://loc - 0x0060: 616c 686f 7374 2f0d 0a63 6f6e 7465 6e74 alhost/..content - 0x0070: 2d74 7970 653a 2074 6578 742f 6874 6d6c -type:.text/html - 0x0080: 0d0a 636f 6e74 656e 742d 6c65 6e67 7468 ..content-length - 0x0090: 3a20 300d 0a0d 0a -``` - -Because :443 uses a selfsigned certificate, you will have to make an exception for it in your browser. - -## Certificate creation - -The selfsigned certs provided were created with - -``` -echo -e "GB\nErewhon\nAll around\nlibwebsockets-test\n\nlocalhost\nnone@invalid.org\n" | openssl req -new -newkey rsa:4096 -days 36500 -nodes -x509 -keyout "localhost-100y.key" -out "localhost-100y.cert" -``` - -they cover "localhost" and last 100 years from 2018-03-20. - -You can replace them with commercial certificates matching your hostname. - -## HTTP/2 - -If you built lws with `-DLWS_WITH_HTTP2=1` at cmake, this simple server is also http/2 capable -out of the box. If the index.html was loaded over http/2, it will display an HTTP 2 png. diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/minimal-http-server-tls-80.c b/minimal-examples/http-server/minimal-http-server-tls-80/minimal-http-server-tls-80.c deleted file mode 100644 index 178500d..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/minimal-http-server-tls-80.c +++ /dev/null @@ -1,136 +0,0 @@ -/* - * lws-minimal-http-server-tls-80 - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with three extra lines giving it tls (ssl) capabilities, which in - * turn allow operation with HTTP/2 if lws was configured for it. - * - * In addition, it runs a vhost on port 80 with the job of redirecting - * and upgrading http clients that came in on port 80 to https on port 443. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount80 = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "localhost/", - /* .def */ "/", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_REDIR_HTTPS, /* https redir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server TLS + 80 | visit https://localhost\n"); - lwsl_user(" Run as ROOT so can listen on 443\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - - info.port = 80; - info.mounts = &mount80; - info.vhost_name = "localhost80"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - info.port = 443; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - info.vhost_name = "localhost"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create tls vhost\n"); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/404.html deleted file mode 100644 index aa63b71..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/404.html +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/example.js deleted file mode 100644 index 389dc7f..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/example.js +++ /dev/null @@ -1,21 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - - var transport_protocol = ""; - - if (performance && performance.timing.nextHopProtocol) { - transport_protocol = performance.timing.nextHopProtocol; - } else if (window.chrome && window.chrome.loadTimes) { - transport_protocol = window.chrome.loadTimes().connectionInfo; - } else { - var p = performance.getEntriesByType("resource"); - for (var i = 0; i < p.length; i++) { - var value = "nextHopProtocol" in p[i]; - if (value) - transport_protocol = p[i].nextHopProtocol; - } - } - - if (transport_protocol === "h2") - document.getElementById("transport").innerHTML = ""; - -}, false); diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/http2.png deleted file mode 100644 index 439bfa482fa00e69af2d562f17a6e89453eb98cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7563 zcmV;69dzP}P)hJCKl}1r-pgb%At50^h&s(NL+gbgh*}K=@24(BV^6&tYNdLrZS7HN zyRhvft=8kJ)}>`BinW|B6&C>(SXZ@*0u?HyMyuE;F`57gnPfs{=FNL~F8gx+c%FA| z?>m_n2rSNOzH7~znf?5p=h^%B?7e^Y4X1Dlr*I0Va0;hz3a9X26Jj|6@4W!nv17+9 z?fCdOJ9q9B+sgm%*u7f-Y#kf(ckJFRwvLT?)~pe`_UsW`Mn>GudC%LnZJTGu4j3B~ z^X~=N`jVHxo;_l3no34T8Ld<-larp^yM6g$-=*#LXS`^id%@0~qWiwxyLbEX@o_JN z@GOBP8Q{Ga?A$5$w^~7zWikyzS5Zo-JeM+x#AKTKwNk2PttLgMBV>{YH8iAbyB!DC zX1P*fn&+Yx$4S!|Us1|60i%=~4gw*Kkx8eclyedwlTt-eIw55ZKsYC@wI)=m(R40Z zp|yJiuu0-i8yfP{c`j>1L#6?0MWYb{C~Kuv%5}$(typ2*#6N?=@0pSX+EKt*a;%k>@EwSkkmjr_&_QkK>%7)yk;XYZ#N^ zoW=WqT5TAuL%av?9Z6#FJ|<1u4<0`Ji$Lq|SE6X|%8eVF;^K?V{ITkOUw_vbXQ;E1 zWXNRM=GB$T`SHe$XHl(=5Ji$8a7gJ0!#Ywbobz}u(Yp98r9udcQgytyK!kI;Tvrk) z1z-#I3x`r3=Oo_C*)}Nyj4?QuBSeOCO^nHL&LCxulrhc)IF}FvRjd^hvq|HeB}sC! zEF(!8XQin*&}{BQsTC{t>}h%L#r#>&!vMTz%g&u*GEGR6?>orIjBc(!0iIgA&I9GJKK=&(pgb+aSTPZ=g*%3wEPIT|--tP%R0f_S17VjYl zJk~m#^C%@|83v$KK@S2Um|X%&)dnY9bfs1pB-EnvgtX`5l4?60*3&mS5znnvd4$ZcYjEwM-7r&StS6<1pHf{3d5-OIR z)&l49iV(^P;m+>Ufxa_fG>Y7TFwAVHlcTjq2um0`yccLKI-L$vQ&TjKA7}O}m&}`< zo@Q!liZstjO1cxF)ovq$U|G6Onu_V^X$~Dagb;$&t5*XsIXTHKx8BM(Z@Z0u|He1O z=4U*^m&;US_Kqe`u6XB7l0^=II?dac+bCn?|Z!JwXbDnW`>V_<}-Zmum8H}Pq73Y&iUyy zZB&Pbnyu++yF3GcX!UAo4j%oo0AtXs#^ zpZ2r`X^~mY#kf(i=Wt!0Yc@u6wZZF7zTu4jQ0WFD;8}` z_wU)m`Okm;@|}D<=)(}_9QXdmf6(r9xapQ#xclzA0eHowmloo*_*fPpa-8$R`^;vU z-&w1{ocIO$G2o6nWL~L6S))-qT`7(CvQ%n%)=v~goVkAef(}0Lzyny@LwZt?Wf>Q~ z@P!N7F4?-3cVBTucbOK90EG}j7*o~5!*bi2HC?@-zb5EGFgfYdG&NPFS{-ZCiV$tQ zw@85m*0zKgLv(932a`K59J5Y%Ei=O{{wAO6guz{Ced@=vyvdd6H z6gq+T0x3P-8=Nyj2o+iz?4F#I-g_(N&8prRux5>@N0DtGK5U1*mt+}$BhMvaxTIbE zWFibh?z-)^Li2;-w{yk7y%(k8Wl<_6&r>O7mS>q6>vVehzhDa&;Muy>9XW8oue*5jT3@oV!~x8hzIW5VJ3Os-y5ZMhG!96h$?!lph@(?OF4^pVWJ{jEsoT+Gs@UIzdpy`(oFb zQ+S^0OTnX*1vFZVwlTR-D&4zxFWxWgdViN#t0i+|bX2QplnU@ZEC=r&>xSp^ob2a6 zCx7T6@`DF)jRrn1R+(D4618d-`iwJ(pZ#oP;edJcP^!=b=k~4R7;`)`CJnqdlTqZv zAlBevrBsq6T^Zz2%9Ok9+}#5(BDwEA8aLle>pR~e`N0oxozC)u(3<$X^BB715=MUO zw+PPe=f_zB))ub$?tWDoLz(w26~}hVh7DaCVeWN3581Ip93LH3K@bFi)*%oBEU*T< z^0yCMtHtz}zQnO>t|9%&PX_ON7sim>doRho_j2STA0d3jE7-7O2XX04IU(lvsc?(M z2%%k;<$z;y^2Dkz0OR9?jfO&qm4smp==%M;J8b`VrzwwIeKkMZyqQDqdCy}T{2~bF z$p7h|xc|Zn+5LeJ6#D*&Ft;~(ycY6}69!k;fhH;N-%`rZ8RK_NO-U9h ze|-h}Oc)AlOckYcX=PcQo4e7NVn@t#4qtT@`(OD=vY-9zv5oFgVD(Ra!dJ$|NS0zk zp#pbf28H+z0*z8}E~ToBjPy+5z6@AVL~c?#od(9V$_R`uHyOHtkj5>yaP$+OSaLsj zBCzSm5w3mV3wy*_51f-|tr0?vgkhzslo*4azV_P#d^$XAA}Jebk~9c{?k4CK%l{RZ zT}EfVN9akyuik$@pT6p;b{^dwD-kTKi5YTa)FRKaz=vqxgahw`! zEygsEvQzp6#B7kW#PFq;(mMbAfjd71>;Vn{184hBdkFjcGq-dPe1SuoaAwonMOhzci`)rH}mR0{$uXC>n@V1DGu%1#}Dqg zhdn?3G2fq@m5$*i0{FWeRzoWr})T`$fLZ9tMm9GKxgI(^)wjhE?Kt6+%>TPMt^<2H5b{xAGUC z`3yg}=blG3@cDSgyWT}UG&B&c1STJNV6LGnrn|~pkzSKWN`*EI?e1o?$C_Po(J8H? zpk5zAsbX&m0#mw}PRN8eyzX_Jb>^7^4WJ){)~tHzO9!TRNkW>Ya}C}XjOf||*4j>< z+c3*qXKKnXmIA#?01&N~FhyW7ER&!t-sj8BfRlxI)24xGJ3!K9K&hY1qMMv0Wjg`3 z^tr!x35<_>tF;RXmr@R7rB=1H$UMoA)#^ZW4rl|_t^;LGQ*|h1u{J~qVF6oYtid40 zP;QLXS|24zIyjfk(mqMS5p(3oKy-(Js9GfmdNkZ3DN89s6oqxISHwcZ`@>KzUcvoU z;V^WWlpVbHC{+bQq?}7no68D&LSQB)2BLca*tlWCT*E?5&;br>WvEo(A&#`+#2>9i6lAiX~9w2Y7D)hcQXh+C(~+*^!aK6d_fq z2pEb+EQWk%Ic9O#j9|{^LM&-vR2YR&mjV7xpI*!cpXAxm0K0ZYM5Owj!2e;$bT7T`6nel=PzlFr3GrSU#ShzO-( zzzZqG#~Had2@K^j5CCXIJb6fRH@YHCNE2A7HEPenGrrsnY!+} zfoN|4{@XL3$%_^xO3emE3KYhhbH14*3C<-OYc;pLPY}?~1Lmr84P*C zKL6C;|2=t`?{^{?;8x&&U2z4A!(3%TN7r>PDVBm)K_Fe}6IhHM25i~1$p=#ALdu+> zp<$GYkW%4&IJ*o^GJKM7^kW|zi1rqsS*`Lv-~8s@i(Q5kt}qD%2oYDL3`Cv}7#IQC z#(3p@h_#9$S5PlVJUYqK|JY|gJJ8q9fNOwvzWwd2EK_iM`Xhuu2w5s|bQ8QHDc#;a z^#Z*Nn4I)s5SU!bqonB!)|xWuNX+^KPhxo796rqChd(?J?F~S)UguA)ymD!x`6)9+ zf@f5V z-}}9RXdeKs1GfL^pU%0!`=M(Lb<<>v4A)dUH|ezQY#AAG1H}bWu#pf=jA>zQUY5U^ zQpZ*pGnXRw7%}m__mMyN;6Swh2iSD(xxDKg?^t+Yu{K&*tlj#eluoBjk~Dl2wO6cJ z<9N+$2D1haPfZ!=+;o2Y_ypchB18i)vwFbe^amXO>Q|Zm;ui;^{W@@$5M1-Of7{RT z(TgHG#G_P>5Yx2V$A$N@F)<-o97$pc2CRp`DrJr|8Z+d1yR5)CDbqiH=phdN?(Ysn zJ4NyJ-+uY!ykNPyg!!|faNZicx8!*ect0)MZP6{*o{xSE5K*nB1BlODv0@EE)G?+) zp;bLDCipz(z~z@?A9-XT`o9FC_3Qb_ps|7?ZPo(@=Q5I{nWkw+NGVpVS<{sOC-w>M z+__U61KP%{qEcBw7_P#(3dYQ($UMf)aN^1qakR~lnh#ohF(V; z{QJK@7%fFm^_ZCy;}GLD@Zv+6e$Nm?tRdinp$28i~~$g;)IwgOVpcq z?+Aj&R0!mnO&)s7TX3z`K=dC39;ny3;R|1&@>mikjS-~{V+aC+){(My9ZFS((^L+W zB4f06LrP_NyWOD37tR4g5n~v9`a8$L-}xQVpZ;_p@-G9o2*KyCxrTE$ZyxwH3sB4i zMX?M5qG(7e6}vnShgPoa(R-GR4R)N>4w1KrctDxLERX@saDrB*@+p;WrI)5!+f18l41m6QgpV~Xhbf&UG>_~MKC(7bAnfibUknZgSs@V@Y8Div14Fw&6k9vSIjS^u~|ttN!E zqSJ0ag7+E5__BU*pfBIP`|g1^JwvhSRW@wk%m45XsK=>d1KqlYV!1l!8+qPxY1%i< zw0~S+{d#l|SZl2(O`Aw57UTz=z%0)8?&ZPX_znF0ko6Mqz=whVjAL%P{(4rQpqA)S zLQupq1A-t+jmZGU3MsI>F=RU(FN`rQA(DD=c!}>ZJo?=?HN^w3e?9itv1Msnz@G!( zl#=VNzM3u1eeUwZS`Kq{!=m&I8S*@r)>>JsNuKt!!9!!#IUPzF5Jf8xLgSpCwYU2O zNnE?lgKvD}Kq<371KtRHZ`CTkdh^Y^^-XVjbOT)q-F_7g+@fM+&ME5HvuF95A%Lj| zAC$Eyibg7x8bMG;h=|1jhy&O47U{n?+f^3WkB-v55w z@=4H3V&u1fo657EwXm@`n8gu>VeDLN^SnENrE7QAOZ)cmiVuI7Uw-B@=Ngsrq$wCv zQ9+=L5b^Flr^xhGgoeY=S?4rbhX_$9LGvR+T|K~i4*lUDGIQgN19h|pydGF{^eDcl zNj@pK?e^Pw@W6qEjYU$oL~BuvqSzW^!ikBV9G|}P+DuKks2I4NJu;{82ran(@c1}W zpa1+x8^}pRktgUe#sebvJ{Msqbr_1pm8Sh8Ln9;7N0B4XQ=D^vMeA zv?vl8)Tvg7kx~)_k}M0$+`EBofhQeZT}23wltr4q_wC#{mt|Rc#@S~NkRLEUPCJgZ zEOG-K5S8b2Eewu6iB%#4qg&Ael%8yll*$-mDz%!}yLa#Mm7}{p`&lKEM2OLS%k(GfJb`&L@j2(7TLeUlpW+;m zJP(nwF0|Ipxgc7-S}qoY{VGSPJpJi;Dnv(WT^vQx=|B*4voE2TV&FY5zVO232Hc&O z^Y@Rg&c6H_DmGp}`@0_#ip&s!wS~r-=Z@moJxiLlvpmmLy>4uuLsa@ILT+Tln};8k zMr*<>Go??UIH*vmLK7^~W{Md#H=uIxsgk{{ldzM%?^GcO#uQ))l>wpgehqc|F%2Gpld~8Yog}(lkVCgAggs<>jDs+3}*T-}|DjuQ&)XFJ0Lh=Za%H zgwR;4kTS!$;xNTL2c-gxNzu9p+FDzL@2!=1?{H3#=NZ->quoAi8jWMhxz0=+XPXWl zw2M!b?R%i&=I8F^S_*}wl{ z-@eZJk&)BlN~MO@3dr)~#~*1XNyipnN7mxFGL<9^oMZjaP;ty{wOU8Y2xHnLNrxz^ zmVSi@5ajuB($t`oL+gkz9Kzb7;=9=RELoNlhCwNgDP7%BDT-sjk!3A}5U$;B<;D;x zHMDPLW-;748u%hnWzj6xlHRkedG}xYaME>M@*V_b%r=s$_rzZ*V@V~TR{+XLLrVR z=Q87cV2n{(%20-34$!pL$IfLg46XJ)Aj{f`QbH9cMaDvFDa#@bp;Si%fs~LqYopwI z8Cly&tJUeq+U!85lWjS4$cpXTdwhZ?mS5Yq%R4}B9UGJTTPhmZZtJ}1wQFiht{oZCL6S%}GUB^Nh^$nK1im;H05cO4dA4p{&$Jwyn(}Pg z - - - - - - -
- - Hello from the minimal https server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. -
-
- - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-80/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-tls-mem/CMakeLists.txt deleted file mode 100644 index e6ea90a..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-tls-mem) -set(SRCS minimal-http-server-tls-mem.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/README.md b/minimal-examples/http-server/minimal-http-server-tls-mem/README.md deleted file mode 100644 index e139c54..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/README.md +++ /dev/null @@ -1,60 +0,0 @@ -# lws minimal http server with tls and certs from memory - -This is the same as the minimal-http-server-tls example, but shows how -to init the vhost with both PEM or DER certs from memory instead of files. - -The server listens on port 7681 (initialized with PEM in-memory certs) and -port 7682 (initialized with DER in-memory certs). - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-tls-mem -[2019/02/14 14:46:40:9783] USER: LWS minimal http server TLS | visit https://localhost:7681 -[2019/02/14 14:46:40:9784] NOTICE: Using SSL mode -[2019/02/14 14:46:40:9784] NOTICE: lws_tls_server_vhost_backend_init: vh first: mem CA OK -parsing as der -[2019/02/14 14:46:40:9849] NOTICE: no client cert required -[2019/02/14 14:46:40:9849] NOTICE: created client ssl context for first -[2019/02/14 14:46:40:9849] NOTICE: Using SSL mode -[2019/02/14 14:46:40:9850] NOTICE: lws_tls_server_vhost_backend_init: vh second: mem CA OK -parsing as der -[2019/02/14 14:46:40:9894] NOTICE: no client cert required -[2019/02/14 14:46:40:9894] NOTICE: created client ssl context for second -[2019/02/14 14:46:40:9894] NOTICE: vhost first: cert expiry: 36167d -[2019/02/14 14:46:40:9894] NOTICE: vhost second: cert expiry: 36167d -[2018/03/20 13:23:14:0207] NOTICE: vhost default: cert expiry: 730459d -``` - -Visit https://127.0.0.1:7681 and https://127.0.0.1:7682 - -Because it uses a selfsigned certificate, you will have to make an exception for it in your browser. - -## Certificate creation - -The selfsigned certs provided were created with - -``` -echo -e "GB\nErewhon\nAll around\nlibwebsockets-test\n\nlocalhost\nnone@invalid.org\n" | openssl req -new -newkey rsa:4096 -days 36500 -nodes -x509 -keyout "localhost-100y.key" -out "localhost-100y.cert" -``` - -they cover "localhost" and last 100 years from 2018-03-20. - -You can replace them with commercial certificates matching your hostname. - -The der content was made from PEM like this - -``` - $ cat ../minimal-http-server-tls/localhost-100y.key | grep -v ^- | base64 -d | hexdump -C | tr -s ' ' | cut -d' ' -f2- | cut -d' ' -f-16 | sed "s/|.*//g" | sed "s/0000.*//g" | sed "s/^/0x/g" | sed "s/\ /\,\ 0x/g" | sed "s/\$/,/g" | sed "s/0x,//g" -``` - -## HTTP/2 - -If you built lws with `-DLWS_WITH_HTTP2=1` at cmake, this simple server is also http/2 capable -out of the box. If the index.html was loaded over http/2, it will display an HTTP 2 png. diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/minimal-http-server-tls-mem.c b/minimal-examples/http-server/minimal-http-server-tls-mem/minimal-http-server-tls-mem.c deleted file mode 100644 index b3953fb..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/minimal-http-server-tls-mem.c +++ /dev/null @@ -1,465 +0,0 @@ -/* - * lws-minimal-http-server-tls - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with three extra lines giving it tls (ssl) capabilities, which in - * turn allow operation with HTTP/2 if lws was configured for it. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* the cert and key as PEM */ - -static const char *cert_pem = - "-----BEGIN CERTIFICATE-----\n" - "MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD\n" - "VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb\n" - "MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx\n" - "HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3\n" - "WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl\n" - "d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0\n" - "cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA\n" - "aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW\n" - "aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8\n" - "Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek\n" - "LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH\n" - "KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6\n" - "jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ\n" - "Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz\n" - "TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK\n" - "Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0\n" - "nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo\n" - "GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p\n" - "sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU\n" - "9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar\n" - "jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow\n" - "YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA\n" - "xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P\n" - "wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34\n" - "H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv\n" - "xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk\n" - "ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g\n" - "1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA\n" - "AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg\n" - "mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s\n" - "8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX\n" - "e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE=\n" - "-----END CERTIFICATE-----\n", - - *key_pem = - "-----BEGIN PRIVATE KEY-----\n" - "MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ\n" - "PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK\n" - "nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ\n" - "toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU\n" - "0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT\n" - "J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS\n" - "Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN\n" - "uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9\n" - "fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn\n" - "zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au\n" - "ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB\n" - "QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f\n" - "qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+\n" - "vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9\n" - "fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A\n" - "Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT\n" - "G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/\n" - "HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8\n" - "YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl\n" - "xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs\n" - "esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw\n" - "zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz\n" - "mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw\n" - "au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77\n" - "40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5\n" - "YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH\n" - "PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj\n" - "W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR\n" - "naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6\n" - "2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m\n" - "39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79\n" - "J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC\n" - "R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp\n" - "Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh\n" - "BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE\n" - "fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ\n" - "x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI\n" - "UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM\n" - "OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L\n" - "65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A\n" - "aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5\n" - "SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S\n" - "me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I\n" - "G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK\n" - "TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY\n" - "56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2\n" - "gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr\n" - "Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E\n" - "NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs\n" - "fBrpEY1IATtPq1taBZZogRqI3rOkkPk=\n" - "-----END PRIVATE KEY-----\n" - ; - -static const uint8_t cert_der[] = { - 0x30, 0x82, 0x05, 0xe6, 0x30, 0x82, 0x03, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, - 0xda, 0xb9, 0xd0, 0x8b, 0xb0, 0x3c, 0x52, 0xa0, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x86, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, - 0x55, 0x04, 0x06, 0x13, 0x02, 0x47, 0x42, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, - 0x0c, 0x07, 0x45, 0x72, 0x65, 0x77, 0x68, 0x6f, 0x6e, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x07, 0x0c, 0x0a, 0x41, 0x6c, 0x6c, 0x20, 0x61, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x1b, - 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x12, 0x6c, 0x69, 0x62, 0x77, 0x65, 0x62, 0x73, - 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x73, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x31, - 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x6e, 0x6f, 0x6e, 0x65, 0x40, 0x69, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x2e, 0x6f, 0x72, 0x67, - 0x30, 0x20, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x33, 0x32, 0x30, 0x30, 0x34, 0x31, 0x36, 0x30, 0x37, - 0x5a, 0x18, 0x0f, 0x32, 0x31, 0x31, 0x38, 0x30, 0x32, 0x32, 0x34, 0x30, 0x34, 0x31, 0x36, 0x30, - 0x37, 0x5a, 0x30, 0x81, 0x86, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x47, 0x42, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x45, 0x72, 0x65, - 0x77, 0x68, 0x6f, 0x6e, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0a, 0x41, - 0x6c, 0x6c, 0x20, 0x61, 0x72, 0x6f, 0x75, 0x6e, 0x64, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x12, 0x6c, 0x69, 0x62, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, - 0x73, 0x2d, 0x74, 0x65, 0x73, 0x74, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x6e, 0x6f, 0x6e, 0x65, 0x40, - 0x69, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x82, 0x02, 0x22, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, - 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa3, 0x62, 0xdb, 0x96, - 0x68, 0x80, 0x82, 0x63, 0x4b, 0x49, 0x3e, 0xe6, 0xf1, 0xa4, 0x88, 0x08, 0x2f, 0xe5, 0x96, 0x9b, - 0x3f, 0xdf, 0x98, 0xaf, 0x08, 0x42, 0xbd, 0x75, 0x5a, 0xd7, 0x9e, 0xeb, 0xf2, 0x14, 0xc9, 0x49, - 0x68, 0xe4, 0x8e, 0xb4, 0xda, 0x6a, 0xb5, 0xa9, 0xc2, 0xe1, 0x4f, 0xf9, 0x26, 0xa6, 0x84, 0x7c, - 0x0e, 0x2d, 0xc3, 0x02, 0x61, 0xca, 0x9d, 0x25, 0x9d, 0x3d, 0x6b, 0x67, 0xd4, 0x1b, 0x57, 0x2c, - 0x4a, 0xcb, 0x95, 0x48, 0x87, 0x81, 0x90, 0xeb, 0x65, 0x62, 0x27, 0x98, 0x40, 0x63, 0x28, 0xcd, - 0x43, 0x65, 0xff, 0x82, 0xbc, 0xd1, 0x99, 0xf8, 0x4c, 0xcf, 0x80, 0x1b, 0xf9, 0x9d, 0x37, 0xa4, - 0x2d, 0x67, 0x1f, 0x23, 0x96, 0x59, 0xb6, 0x81, 0xae, 0x20, 0xfd, 0x43, 0x97, 0xf2, 0x24, 0x34, - 0x3c, 0x3c, 0xcc, 0x5c, 0xf8, 0x72, 0x98, 0x8c, 0x7b, 0xf0, 0x45, 0x19, 0xe9, 0xb2, 0xc5, 0xd1, - 0xe1, 0x2e, 0xb2, 0x87, 0x4a, 0x6f, 0x04, 0xa3, 0xe9, 0xd3, 0xef, 0x7e, 0x2d, 0x22, 0xd9, 0xc7, - 0x29, 0x3f, 0xe6, 0xe8, 0x34, 0x94, 0xd3, 0x19, 0x59, 0xd7, 0x77, 0x7a, 0x7a, 0x12, 0xd1, 0x9b, - 0xbf, 0xfe, 0x37, 0x1e, 0x3b, 0x33, 0x75, 0xcc, 0x4d, 0x11, 0xf9, 0xa8, 0xa3, 0xff, 0xed, 0x34, - 0xc4, 0xda, 0xcd, 0x14, 0xeb, 0xe3, 0x34, 0xb6, 0xc1, 0x88, 0xdb, 0x3a, 0x51, 0x8b, 0xe9, 0xba, - 0x8f, 0x38, 0x4d, 0xc8, 0xc0, 0x53, 0x27, 0x5b, 0xb9, 0xf2, 0xa0, 0x1e, 0xdd, 0x95, 0xb9, 0xff, - 0xe6, 0x00, 0x8a, 0xe6, 0x58, 0x00, 0x1e, 0xa7, 0xe5, 0xb8, 0x54, 0xa7, 0x8a, 0x05, 0xb8, 0x1e, - 0x70, 0x61, 0xb7, 0x01, 0xcb, 0x05, 0x51, 0xf2, 0xe8, 0xc8, 0x9e, 0x91, 0x7c, 0x6e, 0xe5, 0x90, - 0x52, 0x3c, 0xb9, 0x37, 0xca, 0x52, 0x36, 0x9e, 0xec, 0xcd, 0xd6, 0x2c, 0x9c, 0xb2, 0x69, 0xbc, - 0x07, 0x74, 0xb2, 0x26, 0xeb, 0x34, 0xf8, 0xc2, 0xd0, 0x54, 0x02, 0x36, 0xba, 0x4d, 0x8e, 0x02, - 0x66, 0x20, 0xad, 0xfe, 0x98, 0xa9, 0x38, 0x91, 0x75, 0xfb, 0x65, 0x3c, 0x1e, 0x7e, 0x80, 0x33, - 0x4c, 0xae, 0x25, 0xda, 0x91, 0xcd, 0xb8, 0x2e, 0x77, 0x41, 0x57, 0x3f, 0x10, 0x5f, 0xbe, 0x18, - 0x12, 0xc0, 0xc6, 0x6b, 0xc2, 0x0e, 0xaf, 0x59, 0xa4, 0xc2, 0x18, 0x8b, 0xb3, 0xa6, 0xce, 0x49, - 0x00, 0x28, 0xa0, 0xbd, 0x51, 0xee, 0x84, 0x7f, 0x6d, 0x7b, 0x2c, 0x54, 0x02, 0x14, 0x80, 0x4a, - 0x23, 0x3b, 0xfd, 0x72, 0x08, 0xbd, 0x7f, 0x03, 0xcc, 0x2e, 0x1a, 0xca, 0x95, 0xea, 0x15, 0x44, - 0xdb, 0x1e, 0x70, 0x1b, 0x02, 0x3f, 0x9e, 0xbd, 0x5a, 0x02, 0x57, 0x85, 0x49, 0xf0, 0x7f, 0x69, - 0x68, 0x9f, 0x87, 0xc4, 0x66, 0xbd, 0xfe, 0xbd, 0x1b, 0x9c, 0xf6, 0xc8, 0x5f, 0xaa, 0x75, 0x74, - 0x9c, 0xf3, 0x75, 0x20, 0xc4, 0xa7, 0xcd, 0x70, 0x9a, 0xb2, 0xde, 0xc8, 0xd9, 0xf8, 0xae, 0x45, - 0x77, 0x48, 0xcf, 0xde, 0x8a, 0x8e, 0x51, 0x90, 0xa4, 0xfe, 0x17, 0x7c, 0xd5, 0x40, 0xf9, 0x11, - 0x8b, 0xed, 0xa3, 0x27, 0x58, 0xe1, 0x48, 0x69, 0x5a, 0xca, 0x58, 0xbc, 0xc0, 0xb6, 0x0c, 0xe8, - 0x18, 0xc4, 0xef, 0x3f, 0xf0, 0x2e, 0x7a, 0x12, 0x97, 0x9d, 0xc0, 0x49, 0x85, 0x8b, 0x56, 0xd2, - 0x5b, 0x53, 0x8a, 0x85, 0x71, 0xfb, 0x9c, 0x93, 0x61, 0x20, 0x19, 0x5a, 0x5f, 0x88, 0xb2, 0xc9, - 0x97, 0x8d, 0xe7, 0xf1, 0x26, 0xa6, 0x22, 0xdb, 0xfe, 0xd0, 0x5a, 0x6b, 0xf5, 0x40, 0x2f, 0x69, - 0xb0, 0xd7, 0x23, 0x4c, 0xc6, 0x81, 0x40, 0xb3, 0x74, 0xdd, 0x3d, 0x50, 0x7a, 0x56, 0xec, 0xed, - 0x8d, 0xbb, 0xb3, 0x17, 0x44, 0x9c, 0xd5, 0x2d, 0x87, 0x89, 0x08, 0xfb, 0x02, 0x03, 0x01, 0x00, - 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0xf6, 0x66, 0x14, 0xdb, 0x7b, 0x56, 0xdb, 0x3b, 0x28, 0x9a, 0x42, 0x93, 0x01, 0x76, 0xab, 0x8e, - 0xbd, 0xaf, 0x8e, 0xeb, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0xf6, 0x66, 0x14, 0xdb, 0x7b, 0x56, 0xdb, 0x3b, 0x28, 0x9a, 0x42, 0x93, 0x01, 0x76, 0xab, - 0x8e, 0xbd, 0xaf, 0x8e, 0xeb, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x36, 0x32, 0x01, 0x32, 0xba, 0x30, - 0x60, 0xd0, 0x9b, 0x84, 0x02, 0x5d, 0x3f, 0xb7, 0x61, 0x96, 0x14, 0xf6, 0x45, 0x41, 0x51, 0x75, - 0xe4, 0x54, 0x24, 0x3d, 0x08, 0xc6, 0xb1, 0xff, 0x86, 0x4b, 0xdb, 0xea, 0x6c, 0x87, 0x1e, 0x72, - 0xbc, 0x9c, 0xe6, 0x1e, 0xcc, 0x53, 0xe3, 0x52, 0x59, 0x91, 0x29, 0x48, 0x0d, 0x10, 0x3b, 0x80, - 0xc5, 0xb9, 0xd7, 0x67, 0x33, 0xdd, 0x09, 0x13, 0x55, 0xf5, 0x5d, 0xa6, 0x4a, 0x16, 0xd7, 0xbc, - 0x2c, 0xa2, 0x0d, 0x8e, 0xd6, 0x09, 0x01, 0x36, 0x06, 0x7e, 0x38, 0xcf, 0x6e, 0x8e, 0xd2, 0xe5, - 0x95, 0x93, 0xee, 0xc3, 0x34, 0xd2, 0xc7, 0xf4, 0x19, 0xe4, 0xc1, 0x4b, 0x4e, 0x9c, 0xcf, 0x4f, - 0xc2, 0xd9, 0x83, 0xf6, 0x98, 0x56, 0x7b, 0x19, 0xb8, 0xab, 0x61, 0xa7, 0x4e, 0xc8, 0x8b, 0xe9, - 0x49, 0x7a, 0x73, 0x2d, 0x10, 0x95, 0x32, 0x56, 0x29, 0x52, 0xc4, 0x51, 0x04, 0x3a, 0xc9, 0xd6, - 0xb9, 0xf3, 0x67, 0xb6, 0xdc, 0x9d, 0x40, 0x5e, 0xab, 0x6a, 0x15, 0xca, 0x5f, 0xa0, 0x4d, 0xf8, - 0x1f, 0x76, 0x9f, 0x12, 0x21, 0xb2, 0xf3, 0xcd, 0x9b, 0xf9, 0x90, 0x62, 0xc2, 0x47, 0x95, 0xfa, - 0x8a, 0xba, 0x5d, 0x51, 0x7c, 0xb0, 0x5c, 0xab, 0xf7, 0x36, 0x2b, 0xbf, 0xd0, 0xaf, 0x59, 0x36, - 0x25, 0x92, 0x94, 0xd0, 0x7c, 0xb4, 0xd9, 0x4a, 0xc8, 0x0f, 0x74, 0x41, 0xd8, 0x55, 0xc8, 0xef, - 0xc5, 0x0d, 0x83, 0xf9, 0x7c, 0x83, 0x47, 0x46, 0x91, 0x2d, 0x19, 0x6f, 0xc5, 0x46, 0xbd, 0x74, - 0x71, 0x85, 0x1c, 0xb2, 0x02, 0x1b, 0x7e, 0x09, 0xba, 0xae, 0x40, 0x8b, 0xa9, 0x4c, 0xd4, 0x4b, - 0x28, 0x0f, 0xc1, 0xd2, 0xb0, 0x9a, 0x4c, 0x72, 0x6a, 0xc7, 0xec, 0xc5, 0xb0, 0xd9, 0xc2, 0xa4, - 0xba, 0x30, 0xb7, 0xac, 0xc7, 0x45, 0x4e, 0xdb, 0x5e, 0xf3, 0x7c, 0x05, 0xd6, 0xeb, 0x85, 0xe0, - 0x58, 0xd4, 0x0b, 0xbd, 0xbe, 0x4a, 0x67, 0x10, 0x37, 0xb0, 0x37, 0xf3, 0xa0, 0x42, 0xfe, 0x79, - 0x36, 0x4d, 0x3b, 0x09, 0x6b, 0x04, 0xc3, 0xce, 0xac, 0x0e, 0xbb, 0xf5, 0x5d, 0x66, 0xfd, 0xa0, - 0xd5, 0x6a, 0x53, 0x1e, 0x5b, 0xa6, 0x94, 0x29, 0x59, 0x78, 0xff, 0x86, 0xfe, 0x39, 0x12, 0xc8, - 0x3c, 0x2a, 0x36, 0x74, 0xee, 0xd5, 0xaa, 0x1d, 0x0e, 0x65, 0x1a, 0xe3, 0x16, 0x68, 0x75, 0xf8, - 0x4f, 0xd4, 0x75, 0x8f, 0xc1, 0x42, 0x85, 0x72, 0xaf, 0x28, 0x42, 0xbd, 0x78, 0xf1, 0x06, 0x00, - 0x00, 0xe9, 0x5b, 0x50, 0xe2, 0x50, 0x53, 0xb4, 0x30, 0x45, 0x67, 0x75, 0x55, 0xb9, 0xf0, 0x84, - 0x3b, 0x50, 0x59, 0x70, 0xbd, 0xd8, 0x0d, 0xb0, 0xd6, 0x7f, 0xf1, 0x91, 0x94, 0x91, 0xd4, 0x13, - 0x3f, 0x35, 0x44, 0x83, 0x86, 0x40, 0x52, 0x51, 0x4d, 0x56, 0x8c, 0xc6, 0xd6, 0x83, 0xa1, 0xa0, - 0x9a, 0x72, 0x19, 0x2d, 0x17, 0xab, 0x40, 0x2b, 0xb5, 0x3a, 0x8c, 0xeb, 0xf3, 0xba, 0xce, 0x42, - 0xa4, 0x1a, 0x90, 0xf9, 0x32, 0xb7, 0xc0, 0x54, 0x48, 0xd2, 0xb7, 0x2b, 0x8d, 0xa3, 0xda, 0xa7, - 0x1f, 0x84, 0x03, 0x8d, 0x75, 0x19, 0x7c, 0x1e, 0xaf, 0x10, 0xb3, 0x9a, 0x6e, 0xa7, 0x2f, 0xac, - 0xf2, 0xc7, 0x42, 0x18, 0x39, 0x70, 0x47, 0x72, 0x4d, 0x08, 0xcb, 0xfa, 0xbb, 0x8f, 0x0e, 0x2b, - 0xce, 0xc5, 0xe2, 0x67, 0x08, 0xc6, 0x19, 0x12, 0x79, 0xf1, 0x49, 0x50, 0x52, 0x08, 0xdb, 0x9a, - 0x42, 0x18, 0xde, 0x56, 0xb4, 0x4e, 0x29, 0xe6, 0x5f, 0xbd, 0x72, 0x73, 0xb5, 0x1a, 0xb2, 0x17, - 0x7b, 0x61, 0xe5, 0xff, 0xb3, 0x34, 0x73, 0xf9, 0x5b, 0x67, 0x81, 0x6f, 0x5e, 0x00, 0x11, 0x95, - 0xec, 0x76, 0xae, 0x48, 0x12, 0xd0, 0xa6, 0xb4, 0xe8, 0x71, -}, key_der[] = { - 0x30, 0x82, 0x09, 0x43, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x09, 0x2d, 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, - 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xa3, 0x62, 0xdb, 0x96, 0x68, 0x80, 0x82, 0x63, 0x4b, 0x49, - 0x3e, 0xe6, 0xf1, 0xa4, 0x88, 0x08, 0x2f, 0xe5, 0x96, 0x9b, 0x3f, 0xdf, 0x98, 0xaf, 0x08, 0x42, - 0xbd, 0x75, 0x5a, 0xd7, 0x9e, 0xeb, 0xf2, 0x14, 0xc9, 0x49, 0x68, 0xe4, 0x8e, 0xb4, 0xda, 0x6a, - 0xb5, 0xa9, 0xc2, 0xe1, 0x4f, 0xf9, 0x26, 0xa6, 0x84, 0x7c, 0x0e, 0x2d, 0xc3, 0x02, 0x61, 0xca, - 0x9d, 0x25, 0x9d, 0x3d, 0x6b, 0x67, 0xd4, 0x1b, 0x57, 0x2c, 0x4a, 0xcb, 0x95, 0x48, 0x87, 0x81, - 0x90, 0xeb, 0x65, 0x62, 0x27, 0x98, 0x40, 0x63, 0x28, 0xcd, 0x43, 0x65, 0xff, 0x82, 0xbc, 0xd1, - 0x99, 0xf8, 0x4c, 0xcf, 0x80, 0x1b, 0xf9, 0x9d, 0x37, 0xa4, 0x2d, 0x67, 0x1f, 0x23, 0x96, 0x59, - 0xb6, 0x81, 0xae, 0x20, 0xfd, 0x43, 0x97, 0xf2, 0x24, 0x34, 0x3c, 0x3c, 0xcc, 0x5c, 0xf8, 0x72, - 0x98, 0x8c, 0x7b, 0xf0, 0x45, 0x19, 0xe9, 0xb2, 0xc5, 0xd1, 0xe1, 0x2e, 0xb2, 0x87, 0x4a, 0x6f, - 0x04, 0xa3, 0xe9, 0xd3, 0xef, 0x7e, 0x2d, 0x22, 0xd9, 0xc7, 0x29, 0x3f, 0xe6, 0xe8, 0x34, 0x94, - 0xd3, 0x19, 0x59, 0xd7, 0x77, 0x7a, 0x7a, 0x12, 0xd1, 0x9b, 0xbf, 0xfe, 0x37, 0x1e, 0x3b, 0x33, - 0x75, 0xcc, 0x4d, 0x11, 0xf9, 0xa8, 0xa3, 0xff, 0xed, 0x34, 0xc4, 0xda, 0xcd, 0x14, 0xeb, 0xe3, - 0x34, 0xb6, 0xc1, 0x88, 0xdb, 0x3a, 0x51, 0x8b, 0xe9, 0xba, 0x8f, 0x38, 0x4d, 0xc8, 0xc0, 0x53, - 0x27, 0x5b, 0xb9, 0xf2, 0xa0, 0x1e, 0xdd, 0x95, 0xb9, 0xff, 0xe6, 0x00, 0x8a, 0xe6, 0x58, 0x00, - 0x1e, 0xa7, 0xe5, 0xb8, 0x54, 0xa7, 0x8a, 0x05, 0xb8, 0x1e, 0x70, 0x61, 0xb7, 0x01, 0xcb, 0x05, - 0x51, 0xf2, 0xe8, 0xc8, 0x9e, 0x91, 0x7c, 0x6e, 0xe5, 0x90, 0x52, 0x3c, 0xb9, 0x37, 0xca, 0x52, - 0x36, 0x9e, 0xec, 0xcd, 0xd6, 0x2c, 0x9c, 0xb2, 0x69, 0xbc, 0x07, 0x74, 0xb2, 0x26, 0xeb, 0x34, - 0xf8, 0xc2, 0xd0, 0x54, 0x02, 0x36, 0xba, 0x4d, 0x8e, 0x02, 0x66, 0x20, 0xad, 0xfe, 0x98, 0xa9, - 0x38, 0x91, 0x75, 0xfb, 0x65, 0x3c, 0x1e, 0x7e, 0x80, 0x33, 0x4c, 0xae, 0x25, 0xda, 0x91, 0xcd, - 0xb8, 0x2e, 0x77, 0x41, 0x57, 0x3f, 0x10, 0x5f, 0xbe, 0x18, 0x12, 0xc0, 0xc6, 0x6b, 0xc2, 0x0e, - 0xaf, 0x59, 0xa4, 0xc2, 0x18, 0x8b, 0xb3, 0xa6, 0xce, 0x49, 0x00, 0x28, 0xa0, 0xbd, 0x51, 0xee, - 0x84, 0x7f, 0x6d, 0x7b, 0x2c, 0x54, 0x02, 0x14, 0x80, 0x4a, 0x23, 0x3b, 0xfd, 0x72, 0x08, 0xbd, - 0x7f, 0x03, 0xcc, 0x2e, 0x1a, 0xca, 0x95, 0xea, 0x15, 0x44, 0xdb, 0x1e, 0x70, 0x1b, 0x02, 0x3f, - 0x9e, 0xbd, 0x5a, 0x02, 0x57, 0x85, 0x49, 0xf0, 0x7f, 0x69, 0x68, 0x9f, 0x87, 0xc4, 0x66, 0xbd, - 0xfe, 0xbd, 0x1b, 0x9c, 0xf6, 0xc8, 0x5f, 0xaa, 0x75, 0x74, 0x9c, 0xf3, 0x75, 0x20, 0xc4, 0xa7, - 0xcd, 0x70, 0x9a, 0xb2, 0xde, 0xc8, 0xd9, 0xf8, 0xae, 0x45, 0x77, 0x48, 0xcf, 0xde, 0x8a, 0x8e, - 0x51, 0x90, 0xa4, 0xfe, 0x17, 0x7c, 0xd5, 0x40, 0xf9, 0x11, 0x8b, 0xed, 0xa3, 0x27, 0x58, 0xe1, - 0x48, 0x69, 0x5a, 0xca, 0x58, 0xbc, 0xc0, 0xb6, 0x0c, 0xe8, 0x18, 0xc4, 0xef, 0x3f, 0xf0, 0x2e, - 0x7a, 0x12, 0x97, 0x9d, 0xc0, 0x49, 0x85, 0x8b, 0x56, 0xd2, 0x5b, 0x53, 0x8a, 0x85, 0x71, 0xfb, - 0x9c, 0x93, 0x61, 0x20, 0x19, 0x5a, 0x5f, 0x88, 0xb2, 0xc9, 0x97, 0x8d, 0xe7, 0xf1, 0x26, 0xa6, - 0x22, 0xdb, 0xfe, 0xd0, 0x5a, 0x6b, 0xf5, 0x40, 0x2f, 0x69, 0xb0, 0xd7, 0x23, 0x4c, 0xc6, 0x81, - 0x40, 0xb3, 0x74, 0xdd, 0x3d, 0x50, 0x7a, 0x56, 0xec, 0xed, 0x8d, 0xbb, 0xb3, 0x17, 0x44, 0x9c, - 0xd5, 0x2d, 0x87, 0x89, 0x08, 0xfb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x02, 0x00, 0x55, - 0x9e, 0xf0, 0xc4, 0x19, 0x6f, 0x7e, 0xe4, 0xda, 0x07, 0x40, 0x57, 0x76, 0x3a, 0x6a, 0xaf, 0x1f, - 0xaa, 0x89, 0x0a, 0x42, 0xa6, 0xc2, 0x34, 0xb7, 0x77, 0x82, 0x21, 0x85, 0xc1, 0x89, 0x1e, 0xcc, - 0x75, 0xe8, 0x25, 0xf8, 0x3a, 0x0e, 0x2e, 0xe8, 0x67, 0x13, 0x5c, 0x2b, 0x2c, 0x37, 0xe4, 0xb1, - 0x44, 0x82, 0x19, 0x20, 0xb5, 0x0a, 0x84, 0xad, 0x0a, 0xa8, 0xdf, 0x95, 0x4f, 0x22, 0x81, 0xfe, - 0xbd, 0x75, 0x29, 0x58, 0xe8, 0xe7, 0x0a, 0x63, 0x38, 0x9a, 0xe1, 0x40, 0xf7, 0xf7, 0x17, 0xea, - 0x66, 0x0c, 0x73, 0xc4, 0xe6, 0x26, 0xc8, 0x34, 0x7b, 0x02, 0xdd, 0x04, 0x23, 0x99, 0x57, 0x0f, - 0xb0, 0x3c, 0x00, 0x65, 0x6a, 0xac, 0xfe, 0xd1, 0x43, 0xa2, 0x48, 0xc3, 0x1f, 0xb6, 0x99, 0x3d, - 0x7f, 0x3f, 0x49, 0xc0, 0x67, 0x7c, 0x11, 0x1c, 0x81, 0xb1, 0x3f, 0xad, 0x93, 0x74, 0x22, 0xe8, - 0x3d, 0x2f, 0x3d, 0x95, 0x6c, 0x0b, 0x52, 0xaa, 0xc7, 0x12, 0xff, 0x73, 0x02, 0x05, 0x77, 0x71, - 0xdf, 0xd9, 0x90, 0x6d, 0x25, 0x77, 0xb4, 0x28, 0x19, 0xf5, 0xa6, 0x4b, 0x56, 0x86, 0xde, 0x40, - 0x2a, 0xac, 0x7d, 0x9a, 0x57, 0x76, 0x3a, 0xf9, 0x7b, 0x36, 0x38, 0x22, 0x0b, 0x51, 0x71, 0xf6, - 0xbf, 0x9f, 0x67, 0x0f, 0xe2, 0x39, 0xa6, 0xc5, 0x17, 0x04, 0x00, 0xe1, 0xda, 0xfe, 0x47, 0xc9, - 0x84, 0x30, 0xaf, 0xfb, 0x6d, 0xde, 0x15, 0x5d, 0xf4, 0x35, 0xa3, 0xf4, 0x06, 0x19, 0xb3, 0x13, - 0x1b, 0xeb, 0xa5, 0x16, 0xbb, 0x22, 0x0f, 0x23, 0xfe, 0xac, 0x12, 0x00, 0x68, 0x60, 0xb4, 0x8b, - 0xb8, 0x03, 0x8c, 0xb0, 0x08, 0x05, 0x07, 0x83, 0x84, 0xfe, 0x34, 0xf5, 0x98, 0x6c, 0xc0, 0x81, - 0x1c, 0xfc, 0x60, 0x6d, 0x38, 0x35, 0x37, 0xef, 0x66, 0xb6, 0x09, 0x02, 0xbf, 0xbb, 0x84, 0x3f, - 0x1c, 0x14, 0x2f, 0xb8, 0x1b, 0x4a, 0x14, 0xd9, 0x06, 0x52, 0x8a, 0x0b, 0x80, 0x20, 0x9b, 0x17, - 0x1c, 0xe0, 0x35, 0x41, 0x9c, 0xf3, 0x71, 0x81, 0xff, 0xa2, 0x30, 0x6c, 0x43, 0x3b, 0x47, 0x9b, - 0x97, 0xaa, 0xc1, 0x62, 0x13, 0xbd, 0x4b, 0xa6, 0x6a, 0xe8, 0x0f, 0x28, 0xca, 0x4e, 0x54, 0x3c, - 0x61, 0x99, 0x29, 0x21, 0xc2, 0xcd, 0x54, 0xbc, 0x34, 0xba, 0xca, 0x06, 0x60, 0x71, 0x66, 0xda, - 0xbb, 0xc2, 0xc8, 0x45, 0x65, 0x7e, 0xc1, 0x37, 0x51, 0xbf, 0x1c, 0x17, 0x24, 0xc5, 0x93, 0x9d, - 0x12, 0x78, 0xe7, 0x05, 0xd9, 0x02, 0xf6, 0xc7, 0x32, 0xa6, 0x99, 0xb6, 0x44, 0xa5, 0x78, 0x25, - 0xc4, 0x11, 0xd1, 0xd2, 0x18, 0xe0, 0xa2, 0x7d, 0x08, 0x28, 0x90, 0xc6, 0x7e, 0x8a, 0xf8, 0x6c, - 0x73, 0xbb, 0x36, 0xdf, 0xb5, 0x11, 0xc7, 0xbc, 0xbb, 0x6a, 0x13, 0x10, 0xab, 0xe9, 0xcf, 0x96, - 0x88, 0x9f, 0x8e, 0x0e, 0x78, 0x2e, 0x66, 0x02, 0x94, 0x46, 0xcb, 0xcd, 0xff, 0xd1, 0xbb, 0xec, - 0x7a, 0xc9, 0xd6, 0x8c, 0x31, 0x3f, 0x6c, 0x6a, 0x68, 0x4f, 0xca, 0x85, 0xbb, 0x2f, 0xb4, 0xba, - 0xb0, 0xc4, 0x3c, 0xd2, 0x1d, 0xe3, 0x85, 0xdc, 0x26, 0x6d, 0x48, 0x44, 0x89, 0x46, 0xe7, 0xa1, - 0x2b, 0xc4, 0x2d, 0xe5, 0xd2, 0xcd, 0x75, 0xc2, 0xb2, 0x29, 0x4e, 0x65, 0xd7, 0x72, 0x4a, 0xb0, - 0xcc, 0x54, 0x7d, 0xb3, 0x6c, 0xfb, 0x7f, 0x4c, 0xe3, 0x7b, 0x2c, 0x6a, 0x66, 0x0e, 0x0d, 0x4c, - 0xf2, 0x3b, 0xc2, 0x43, 0x37, 0x33, 0xc0, 0x57, 0x96, 0xfa, 0x76, 0x19, 0x30, 0x48, 0x7a, 0x8c, - 0x6b, 0x58, 0x1e, 0x15, 0xdd, 0x80, 0x2b, 0xc2, 0xef, 0x10, 0x17, 0xcd, 0x10, 0x06, 0x05, 0x73, - 0x9a, 0x01, 0xe5, 0xdb, 0x89, 0xd3, 0x83, 0x4d, 0x14, 0x1f, 0x53, 0xa3, 0x66, 0xc0, 0x01, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xce, 0xc5, 0xfb, 0x52, 0x0d, 0xb4, 0xaa, 0x1b, 0x2b, 0x5c, 0x5a, 0xa3, - 0xd8, 0x3f, 0x74, 0x99, 0x1c, 0x05, 0x83, 0x03, 0x43, 0xb8, 0x00, 0x21, 0x0c, 0xf9, 0xe0, 0xb0, - 0x6a, 0xef, 0x40, 0x4a, 0xeb, 0x65, 0xd0, 0x80, 0xe5, 0x34, 0x33, 0x09, 0xf2, 0x70, 0xb6, 0xa6, - 0x1d, 0xb9, 0x04, 0xc7, 0xb9, 0x84, 0x70, 0xd6, 0xa7, 0x67, 0x06, 0x40, 0x9a, 0x20, 0xee, 0x96, - 0x7f, 0xde, 0xa4, 0x28, 0x81, 0x08, 0x68, 0xda, 0x05, 0x27, 0x88, 0xa0, 0xe2, 0x7c, 0xde, 0xfb, - 0xe3, 0x44, 0x1d, 0xca, 0x49, 0x65, 0x4f, 0x34, 0xd5, 0x44, 0xea, 0xa6, 0x3f, 0xcf, 0x9e, 0x7e, - 0xb7, 0x88, 0xbe, 0xa9, 0x73, 0x1e, 0x6b, 0xaa, 0x68, 0x67, 0xc6, 0xb3, 0x9a, 0x13, 0x91, 0x96, - 0x96, 0x8f, 0x9b, 0x2e, 0xf8, 0x1f, 0x9b, 0x4f, 0xef, 0x6b, 0x23, 0x06, 0x5c, 0xc1, 0xfb, 0x39, - 0x61, 0x12, 0x0d, 0x85, 0x04, 0x71, 0xd7, 0xba, 0x9a, 0xfb, 0xec, 0x61, 0xe6, 0x67, 0xc4, 0xdb, - 0x97, 0x3e, 0x33, 0xd7, 0xe2, 0x20, 0x14, 0xe2, 0x35, 0x2a, 0x38, 0x95, 0x3c, 0x56, 0x30, 0x14, - 0xa1, 0x9c, 0xaf, 0x31, 0xac, 0x66, 0x8c, 0x12, 0x63, 0x7b, 0x5b, 0x4a, 0x93, 0x31, 0xb1, 0x47, - 0x3e, 0x04, 0x33, 0xe4, 0x57, 0x31, 0x46, 0x30, 0x82, 0xab, 0x01, 0xe2, 0x97, 0x03, 0x41, 0x78, - 0xb0, 0xd3, 0xa7, 0xf6, 0x44, 0x08, 0x40, 0x7b, 0xcb, 0x7e, 0x24, 0x85, 0x58, 0x79, 0xdf, 0x59, - 0x81, 0x13, 0x69, 0x8d, 0xcd, 0x25, 0x48, 0x41, 0xc1, 0x99, 0x3f, 0x52, 0x3f, 0x0e, 0xf5, 0xe3, - 0x5b, 0xb5, 0x14, 0x35, 0xd8, 0x05, 0xc2, 0x28, 0xbf, 0x19, 0x6f, 0xba, 0x33, 0x4b, 0x94, 0x0f, - 0x2d, 0xb7, 0x51, 0x54, 0x29, 0x6c, 0x5c, 0xdc, 0x57, 0xca, 0x35, 0x0b, 0x69, 0xd9, 0x73, 0x81, - 0x5b, 0xe3, 0x3c, 0x01, 0x02, 0x82, 0x01, 0x01, 0x00, 0xca, 0x48, 0x99, 0x05, 0xc3, 0x0b, 0x91, - 0x9d, 0xa5, 0x49, 0x4b, 0xa5, 0xb1, 0x38, 0xa8, 0xd7, 0xf0, 0xc0, 0xae, 0xf7, 0xf7, 0x0a, 0x3e, - 0x7c, 0x01, 0xbf, 0x69, 0xa6, 0x23, 0x68, 0xe0, 0x1b, 0x11, 0xd3, 0xc3, 0x9b, 0x2b, 0xdd, 0xa8, - 0x66, 0x17, 0x97, 0x93, 0x6f, 0xc6, 0x68, 0xd7, 0xd0, 0x68, 0xc3, 0x2b, 0x4d, 0xfa, 0xda, 0xfa, - 0xd9, 0x91, 0x68, 0x20, 0x10, 0x3d, 0x51, 0xb7, 0x3d, 0x7a, 0xc1, 0x00, 0x53, 0xc9, 0x77, 0x7e, - 0x08, 0x1d, 0x7c, 0xcf, 0x36, 0x72, 0xe4, 0x7d, 0xb0, 0x67, 0x1f, 0x41, 0x5a, 0x02, 0x87, 0xcb, - 0x4c, 0x83, 0xa0, 0x4f, 0xf0, 0x80, 0x4b, 0x3a, 0x66, 0xd2, 0x52, 0x13, 0x77, 0x3c, 0x6d, 0xa6, - 0xdf, 0xd2, 0x3c, 0xd3, 0x6b, 0xb4, 0x7c, 0x53, 0x55, 0x40, 0x22, 0x4a, 0x87, 0x1d, 0x66, 0xd4, - 0xc1, 0x45, 0x2c, 0xeb, 0xbb, 0x95, 0x57, 0x03, 0x4b, 0xd2, 0x4d, 0xfa, 0x86, 0x15, 0x3d, 0xbe, - 0x8c, 0x0d, 0xf0, 0x4b, 0x9b, 0x98, 0xce, 0x88, 0xfb, 0x98, 0x90, 0x56, 0x78, 0x80, 0x7e, 0xfd, - 0x27, 0xb8, 0x17, 0x23, 0x4f, 0xd8, 0x2a, 0x16, 0x89, 0xef, 0x25, 0xed, 0x85, 0x85, 0x64, 0x76, - 0xb4, 0x85, 0xe8, 0x4a, 0x28, 0x7a, 0xbe, 0x11, 0x66, 0x09, 0x9a, 0xeb, 0x60, 0xdd, 0xd5, 0x53, - 0x73, 0x4a, 0xad, 0xc9, 0x06, 0x8e, 0xab, 0x62, 0x31, 0x7b, 0x2e, 0xf7, 0x7e, 0x47, 0x00, 0xc2, - 0x47, 0x5b, 0x61, 0x1e, 0xb9, 0x9f, 0xfc, 0x85, 0xe9, 0x97, 0x1a, 0x4d, 0x56, 0x4a, 0x0c, 0x57, - 0x1b, 0x73, 0x6e, 0xba, 0xdb, 0x82, 0x70, 0xb6, 0xe5, 0x09, 0xaf, 0x45, 0x87, 0x34, 0xae, 0x54, - 0xbf, 0x92, 0xf3, 0x38, 0xc9, 0x08, 0x4c, 0x1f, 0x77, 0x80, 0xec, 0x8c, 0x9c, 0x0d, 0x93, 0x29, - 0x63, 0xed, 0x31, 0x9b, 0xb2, 0x3b, 0x8d, 0x34, 0xfb, 0x02, 0x82, 0x01, 0x00, 0x62, 0xb3, 0x28, - 0x83, 0x03, 0x5d, 0xd0, 0xb1, 0x05, 0x62, 0xa1, 0x35, 0x82, 0x7c, 0xcf, 0xb8, 0x62, 0x22, 0xd3, - 0x65, 0xd4, 0x86, 0x59, 0x31, 0x6d, 0x93, 0x3d, 0x48, 0x98, 0xd2, 0xb9, 0x7a, 0xc9, 0xa0, 0xa1, - 0x05, 0x55, 0xe3, 0x33, 0xd5, 0xb4, 0xaf, 0x4e, 0xd0, 0x3e, 0x71, 0xd9, 0xb1, 0x48, 0x81, 0xca, - 0xa6, 0xfb, 0xe3, 0x76, 0x9d, 0x91, 0xb4, 0xd4, 0x8e, 0x6c, 0x5d, 0x27, 0x38, 0xda, 0x56, 0xdc, - 0x4d, 0xed, 0x95, 0xf0, 0x66, 0xf3, 0x95, 0xad, 0x8e, 0xc8, 0xed, 0xf3, 0xd6, 0x62, 0x70, 0x84, - 0x7d, 0x70, 0xab, 0xe3, 0xe2, 0x15, 0xa5, 0x92, 0x3f, 0x64, 0x76, 0x56, 0xa4, 0x65, 0xfa, 0x08, - 0x64, 0xa0, 0x4f, 0xa1, 0x0e, 0x8c, 0x26, 0x79, 0x21, 0x4b, 0x9f, 0x22, 0xf1, 0x29, 0xa9, 0x54, - 0xa6, 0xb4, 0x5f, 0x0c, 0xa9, 0xf5, 0xce, 0xf6, 0x8f, 0x6e, 0x21, 0x82, 0xe8, 0x92, 0xb5, 0x90, - 0xc7, 0x57, 0x41, 0x97, 0x95, 0x27, 0xb9, 0x32, 0xc3, 0xab, 0x0f, 0x1b, 0x0a, 0x1a, 0xbb, 0x3b, - 0x9c, 0xba, 0xc9, 0xfb, 0x96, 0x68, 0xe5, 0xaf, 0x2f, 0xb9, 0xf1, 0x23, 0xc3, 0x6f, 0x4a, 0xc7, - 0xe3, 0xe3, 0x2e, 0xb7, 0xe6, 0x02, 0x1a, 0xff, 0x47, 0x45, 0x78, 0x16, 0x19, 0x11, 0xf1, 0xc8, - 0x52, 0x51, 0x9d, 0x35, 0x5a, 0x26, 0xc1, 0x7c, 0x18, 0x13, 0x38, 0x04, 0xfd, 0xcd, 0x7d, 0xae, - 0xe2, 0x28, 0xc1, 0x7e, 0xc7, 0x53, 0xf3, 0x60, 0xc4, 0xc5, 0x93, 0x31, 0x98, 0x69, 0x6b, 0x39, - 0x71, 0x81, 0xeb, 0x17, 0xc9, 0xb7, 0xa5, 0xf9, 0x83, 0x5c, 0x7c, 0x34, 0x38, 0x7b, 0x74, 0x4c, - 0x38, 0xcc, 0xf7, 0x64, 0x58, 0x9a, 0x31, 0xa2, 0x6c, 0x18, 0x63, 0x5f, 0xe3, 0xef, 0x9d, 0xf5, - 0x39, 0x8c, 0x82, 0x4e, 0x0d, 0xb3, 0xaa, 0x03, 0xb3, 0xa4, 0xdb, 0xf4, 0x01, 0x02, 0x82, 0x01, - 0x01, 0x00, 0x96, 0x33, 0x77, 0xe4, 0x8e, 0x62, 0x8d, 0xba, 0x88, 0x1b, 0xb7, 0x9f, 0x0d, 0xcb, - 0xeb, 0x9b, 0x84, 0x7a, 0x1e, 0xb1, 0xa2, 0xef, 0x29, 0x5c, 0x7d, 0x13, 0xbb, 0x88, 0x10, 0xac, - 0xf4, 0x13, 0x45, 0x96, 0x7f, 0x9d, 0x3d, 0xe2, 0x36, 0x03, 0xb0, 0xaa, 0xed, 0x60, 0x46, 0xec, - 0x5c, 0xab, 0xb4, 0xce, 0x8e, 0xde, 0x35, 0x51, 0xda, 0x88, 0x28, 0xef, 0x2f, 0x37, 0xbf, 0xc0, - 0x68, 0x96, 0xaf, 0x0a, 0x96, 0x8a, 0xa0, 0x83, 0x28, 0xc3, 0x2f, 0xda, 0x18, 0x26, 0xef, 0x02, - 0xf8, 0xcd, 0x3e, 0x95, 0x37, 0xba, 0x75, 0x3c, 0x8d, 0xd9, 0x7f, 0xb7, 0x4f, 0x04, 0x5e, 0xce, - 0xfd, 0x4b, 0x92, 0x0a, 0x3d, 0xc8, 0x00, 0xc7, 0xce, 0xec, 0x4d, 0x38, 0xbb, 0x28, 0x33, 0x79, - 0x49, 0x8b, 0x78, 0xb6, 0xbd, 0xae, 0x3c, 0x47, 0xb9, 0xdc, 0xd4, 0xd7, 0xb9, 0x26, 0xad, 0x8a, - 0x51, 0xb9, 0x40, 0x2c, 0x84, 0xc4, 0x81, 0x0b, 0x3a, 0xec, 0xd6, 0x00, 0xc2, 0xb3, 0x83, 0xb0, - 0x80, 0x88, 0x89, 0x4d, 0x4b, 0xd7, 0xe8, 0x59, 0xe2, 0xf2, 0x56, 0x40, 0x60, 0x09, 0x0e, 0x92, - 0x99, 0xef, 0xcb, 0xf2, 0xd6, 0xbe, 0x99, 0x40, 0xf2, 0xdf, 0xb2, 0xba, 0xbc, 0x2d, 0xf8, 0x8e, - 0x1f, 0x6f, 0x2b, 0xdc, 0xab, 0xc0, 0x5e, 0x97, 0xe3, 0x82, 0x2d, 0x46, 0x83, 0x89, 0x69, 0xf0, - 0x9a, 0x55, 0xf1, 0x88, 0xfb, 0x5e, 0xf9, 0xab, 0xf7, 0x96, 0x72, 0xa4, 0xd7, 0xe2, 0xaf, 0x88, - 0x1b, 0x8b, 0x4a, 0x96, 0xce, 0x2c, 0x2f, 0x89, 0xa0, 0x38, 0x92, 0xea, 0xfa, 0xb6, 0xb9, 0xd1, - 0xa6, 0x0c, 0xc5, 0xb7, 0x2e, 0xa2, 0x69, 0x9c, 0xb4, 0xf3, 0x17, 0x53, 0xa0, 0xab, 0xad, 0x8c, - 0x90, 0xa4, 0xf4, 0xc7, 0x30, 0xd5, 0x43, 0x43, 0x2d, 0xad, 0xb4, 0x57, 0x6c, 0xab, 0xd8, 0x8a, - 0x4e, 0x77, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9, 0xad, 0xff, 0xcc, 0xaf, 0x3d, 0xf9, 0x52, 0xfb, - 0x1b, 0xf7, 0x92, 0x0f, 0xd9, 0x06, 0xf4, 0x7d, 0x24, 0x1d, 0x48, 0x9f, 0x69, 0xf7, 0xad, 0x40, - 0x98, 0x60, 0x3e, 0x3b, 0x45, 0xe2, 0x85, 0xa8, 0x9d, 0x37, 0x56, 0x6a, 0xb9, 0x0b, 0xd9, 0xd8, - 0xe7, 0xab, 0x3d, 0xc3, 0xb3, 0x94, 0x3b, 0xca, 0x5e, 0xac, 0x15, 0xe5, 0x25, 0x89, 0x8a, 0x65, - 0x08, 0x4e, 0xe3, 0x6f, 0x77, 0x96, 0xfc, 0x59, 0x0f, 0x62, 0x2a, 0xe0, 0xd7, 0x19, 0x6d, 0x54, - 0x82, 0x32, 0x81, 0xc0, 0x53, 0x38, 0x73, 0x63, 0x76, 0xeb, 0x76, 0x0b, 0x52, 0x23, 0x16, 0xb6, - 0x80, 0x6b, 0xde, 0x18, 0x07, 0xb3, 0x67, 0x7f, 0x2a, 0x28, 0x85, 0x36, 0xe9, 0xd9, 0x33, 0xed, - 0xd7, 0x84, 0x09, 0x8e, 0x2f, 0xae, 0xc4, 0x64, 0xc2, 0x1a, 0x53, 0x5b, 0x42, 0xc6, 0x54, 0x2a, - 0x63, 0x71, 0x0a, 0x1a, 0x2a, 0xfc, 0xa6, 0x02, 0x80, 0xa6, 0x02, 0xcf, 0x15, 0xda, 0x83, 0x2b, - 0x66, 0x2c, 0x35, 0x61, 0x0f, 0x6e, 0x39, 0x4a, 0x16, 0xc0, 0xea, 0xa6, 0xd7, 0x06, 0x6a, 0x99, - 0x57, 0x0e, 0x5e, 0xf3, 0xc8, 0x4b, 0x68, 0x16, 0x02, 0xcd, 0xdf, 0x42, 0x55, 0xa3, 0x1f, 0xd8, - 0x64, 0x71, 0x04, 0xcc, 0xb1, 0x46, 0x97, 0x40, 0x33, 0x83, 0xd1, 0xaa, 0xa4, 0x49, 0x8d, 0xc4, - 0x36, 0xa3, 0xaf, 0x6c, 0x25, 0x75, 0xfe, 0x85, 0x29, 0x46, 0x2d, 0xf4, 0xef, 0xa9, 0x21, 0x0a, - 0x80, 0x17, 0x23, 0x56, 0xca, 0x4a, 0x7f, 0xc0, 0xbd, 0x1d, 0xca, 0x0c, 0xfd, 0x78, 0x07, 0x9b, - 0x68, 0x1c, 0x8f, 0xc5, 0xe4, 0xe4, 0xd2, 0x12, 0x21, 0xa1, 0x84, 0x77, 0xac, 0x81, 0x1a, 0xec, - 0x7c, 0x1a, 0xe9, 0x11, 0x8d, 0x48, 0x01, 0x3b, 0x4f, 0xab, 0x5b, 0x5a, 0x05, 0x96, 0x68, 0x81, - 0x1a, 0x88, 0xde, 0xb3, 0xa4, 0x90, 0xf9, - -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */, ret = 1; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server TLS | visit https://localhost:7681\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_EXPLICIT_VHOSTS | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.server_ssl_cert_mem = cert_pem; - info.server_ssl_cert_mem_len = strlen(cert_pem); - info.server_ssl_private_key_mem = key_pem; - info.server_ssl_private_key_mem_len = strlen(key_pem); - info.vhost_name = "first"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create first vhost\n"); - goto bail; - } - - info.port = 7682; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.server_ssl_cert_mem = cert_der; - info.server_ssl_cert_mem_len = sizeof(cert_der); - info.server_ssl_private_key_mem = key_der; - info.server_ssl_private_key_mem_len = sizeof(key_der); - info.vhost_name = "second"; - - if (!lws_create_vhost(context, &info)) { - lwsl_err("Failed to create second vhost\n"); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - ret = 0; - -bail: - lws_context_destroy(context); - - return ret; -} diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/404.html deleted file mode 100644 index 6fdd6bf..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/404.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - -
- -

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/example.js deleted file mode 100644 index 1606ea0..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/example.js +++ /dev/null @@ -1,22 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - - var transport_protocol = ""; - - if ( performance && performance.timing.nextHopProtocol ) { - transport_protocol = performance.timing.nextHopProtocol; - } else if ( window.chrome && window.chrome.loadTimes ) { - transport_protocol = window.chrome.loadTimes().connectionInfo; - } else { - - var p = performance.getEntriesByType("resource"); - for (var i=0; i < p.length; i++) { - var value = "nextHopProtocol" in p[i]; - if (value) - transport_protocol = p[i].nextHopProtocol; - } - } - - if (transport_protocol == "h2") - document.getElementById("transport").innerHTML = ""; - } -}, false); \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/http2.png deleted file mode 100644 index 439bfa482fa00e69af2d562f17a6e89453eb98cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7563 zcmV;69dzP}P)hJCKl}1r-pgb%At50^h&s(NL+gbgh*}K=@24(BV^6&tYNdLrZS7HN zyRhvft=8kJ)}>`BinW|B6&C>(SXZ@*0u?HyMyuE;F`57gnPfs{=FNL~F8gx+c%FA| z?>m_n2rSNOzH7~znf?5p=h^%B?7e^Y4X1Dlr*I0Va0;hz3a9X26Jj|6@4W!nv17+9 z?fCdOJ9q9B+sgm%*u7f-Y#kf(ckJFRwvLT?)~pe`_UsW`Mn>GudC%LnZJTGu4j3B~ z^X~=N`jVHxo;_l3no34T8Ld<-larp^yM6g$-=*#LXS`^id%@0~qWiwxyLbEX@o_JN z@GOBP8Q{Ga?A$5$w^~7zWikyzS5Zo-JeM+x#AKTKwNk2PttLgMBV>{YH8iAbyB!DC zX1P*fn&+Yx$4S!|Us1|60i%=~4gw*Kkx8eclyedwlTt-eIw55ZKsYC@wI)=m(R40Z zp|yJiuu0-i8yfP{c`j>1L#6?0MWYb{C~Kuv%5}$(typ2*#6N?=@0pSX+EKt*a;%k>@EwSkkmjr_&_QkK>%7)yk;XYZ#N^ zoW=WqT5TAuL%av?9Z6#FJ|<1u4<0`Ji$Lq|SE6X|%8eVF;^K?V{ITkOUw_vbXQ;E1 zWXNRM=GB$T`SHe$XHl(=5Ji$8a7gJ0!#Ywbobz}u(Yp98r9udcQgytyK!kI;Tvrk) z1z-#I3x`r3=Oo_C*)}Nyj4?QuBSeOCO^nHL&LCxulrhc)IF}FvRjd^hvq|HeB}sC! zEF(!8XQin*&}{BQsTC{t>}h%L#r#>&!vMTz%g&u*GEGR6?>orIjBc(!0iIgA&I9GJKK=&(pgb+aSTPZ=g*%3wEPIT|--tP%R0f_S17VjYl zJk~m#^C%@|83v$KK@S2Um|X%&)dnY9bfs1pB-EnvgtX`5l4?60*3&mS5znnvd4$ZcYjEwM-7r&StS6<1pHf{3d5-OIR z)&l49iV(^P;m+>Ufxa_fG>Y7TFwAVHlcTjq2um0`yccLKI-L$vQ&TjKA7}O}m&}`< zo@Q!liZstjO1cxF)ovq$U|G6Onu_V^X$~Dagb;$&t5*XsIXTHKx8BM(Z@Z0u|He1O z=4U*^m&;US_Kqe`u6XB7l0^=II?dac+bCn?|Z!JwXbDnW`>V_<}-Zmum8H}Pq73Y&iUyy zZB&Pbnyu++yF3GcX!UAo4j%oo0AtXs#^ zpZ2r`X^~mY#kf(i=Wt!0Yc@u6wZZF7zTu4jQ0WFD;8}` z_wU)m`Okm;@|}D<=)(}_9QXdmf6(r9xapQ#xclzA0eHowmloo*_*fPpa-8$R`^;vU z-&w1{ocIO$G2o6nWL~L6S))-qT`7(CvQ%n%)=v~goVkAef(}0Lzyny@LwZt?Wf>Q~ z@P!N7F4?-3cVBTucbOK90EG}j7*o~5!*bi2HC?@-zb5EGFgfYdG&NPFS{-ZCiV$tQ zw@85m*0zKgLv(932a`K59J5Y%Ei=O{{wAO6guz{Ced@=vyvdd6H z6gq+T0x3P-8=Nyj2o+iz?4F#I-g_(N&8prRux5>@N0DtGK5U1*mt+}$BhMvaxTIbE zWFibh?z-)^Li2;-w{yk7y%(k8Wl<_6&r>O7mS>q6>vVehzhDa&;Muy>9XW8oue*5jT3@oV!~x8hzIW5VJ3Os-y5ZMhG!96h$?!lph@(?OF4^pVWJ{jEsoT+Gs@UIzdpy`(oFb zQ+S^0OTnX*1vFZVwlTR-D&4zxFWxWgdViN#t0i+|bX2QplnU@ZEC=r&>xSp^ob2a6 zCx7T6@`DF)jRrn1R+(D4618d-`iwJ(pZ#oP;edJcP^!=b=k~4R7;`)`CJnqdlTqZv zAlBevrBsq6T^Zz2%9Ok9+}#5(BDwEA8aLle>pR~e`N0oxozC)u(3<$X^BB715=MUO zw+PPe=f_zB))ub$?tWDoLz(w26~}hVh7DaCVeWN3581Ip93LH3K@bFi)*%oBEU*T< z^0yCMtHtz}zQnO>t|9%&PX_ON7sim>doRho_j2STA0d3jE7-7O2XX04IU(lvsc?(M z2%%k;<$z;y^2Dkz0OR9?jfO&qm4smp==%M;J8b`VrzwwIeKkMZyqQDqdCy}T{2~bF z$p7h|xc|Zn+5LeJ6#D*&Ft;~(ycY6}69!k;fhH;N-%`rZ8RK_NO-U9h ze|-h}Oc)AlOckYcX=PcQo4e7NVn@t#4qtT@`(OD=vY-9zv5oFgVD(Ra!dJ$|NS0zk zp#pbf28H+z0*z8}E~ToBjPy+5z6@AVL~c?#od(9V$_R`uHyOHtkj5>yaP$+OSaLsj zBCzSm5w3mV3wy*_51f-|tr0?vgkhzslo*4azV_P#d^$XAA}Jebk~9c{?k4CK%l{RZ zT}EfVN9akyuik$@pT6p;b{^dwD-kTKi5YTa)FRKaz=vqxgahw`! zEygsEvQzp6#B7kW#PFq;(mMbAfjd71>;Vn{184hBdkFjcGq-dPe1SuoaAwonMOhzci`)rH}mR0{$uXC>n@V1DGu%1#}Dqg zhdn?3G2fq@m5$*i0{FWeRzoWr})T`$fLZ9tMm9GKxgI(^)wjhE?Kt6+%>TPMt^<2H5b{xAGUC z`3yg}=blG3@cDSgyWT}UG&B&c1STJNV6LGnrn|~pkzSKWN`*EI?e1o?$C_Po(J8H? zpk5zAsbX&m0#mw}PRN8eyzX_Jb>^7^4WJ){)~tHzO9!TRNkW>Ya}C}XjOf||*4j>< z+c3*qXKKnXmIA#?01&N~FhyW7ER&!t-sj8BfRlxI)24xGJ3!K9K&hY1qMMv0Wjg`3 z^tr!x35<_>tF;RXmr@R7rB=1H$UMoA)#^ZW4rl|_t^;LGQ*|h1u{J~qVF6oYtid40 zP;QLXS|24zIyjfk(mqMS5p(3oKy-(Js9GfmdNkZ3DN89s6oqxISHwcZ`@>KzUcvoU z;V^WWlpVbHC{+bQq?}7no68D&LSQB)2BLca*tlWCT*E?5&;br>WvEo(A&#`+#2>9i6lAiX~9w2Y7D)hcQXh+C(~+*^!aK6d_fq z2pEb+EQWk%Ic9O#j9|{^LM&-vR2YR&mjV7xpI*!cpXAxm0K0ZYM5Owj!2e;$bT7T`6nel=PzlFr3GrSU#ShzO-( zzzZqG#~Had2@K^j5CCXIJb6fRH@YHCNE2A7HEPenGrrsnY!+} zfoN|4{@XL3$%_^xO3emE3KYhhbH14*3C<-OYc;pLPY}?~1Lmr84P*C zKL6C;|2=t`?{^{?;8x&&U2z4A!(3%TN7r>PDVBm)K_Fe}6IhHM25i~1$p=#ALdu+> zp<$GYkW%4&IJ*o^GJKM7^kW|zi1rqsS*`Lv-~8s@i(Q5kt}qD%2oYDL3`Cv}7#IQC z#(3p@h_#9$S5PlVJUYqK|JY|gJJ8q9fNOwvzWwd2EK_iM`Xhuu2w5s|bQ8QHDc#;a z^#Z*Nn4I)s5SU!bqonB!)|xWuNX+^KPhxo796rqChd(?J?F~S)UguA)ymD!x`6)9+ zf@f5V z-}}9RXdeKs1GfL^pU%0!`=M(Lb<<>v4A)dUH|ezQY#AAG1H}bWu#pf=jA>zQUY5U^ zQpZ*pGnXRw7%}m__mMyN;6Swh2iSD(xxDKg?^t+Yu{K&*tlj#eluoBjk~Dl2wO6cJ z<9N+$2D1haPfZ!=+;o2Y_ypchB18i)vwFbe^amXO>Q|Zm;ui;^{W@@$5M1-Of7{RT z(TgHG#G_P>5Yx2V$A$N@F)<-o97$pc2CRp`DrJr|8Z+d1yR5)CDbqiH=phdN?(Ysn zJ4NyJ-+uY!ykNPyg!!|faNZicx8!*ect0)MZP6{*o{xSE5K*nB1BlODv0@EE)G?+) zp;bLDCipz(z~z@?A9-XT`o9FC_3Qb_ps|7?ZPo(@=Q5I{nWkw+NGVpVS<{sOC-w>M z+__U61KP%{qEcBw7_P#(3dYQ($UMf)aN^1qakR~lnh#ohF(V; z{QJK@7%fFm^_ZCy;}GLD@Zv+6e$Nm?tRdinp$28i~~$g;)IwgOVpcq z?+Aj&R0!mnO&)s7TX3z`K=dC39;ny3;R|1&@>mikjS-~{V+aC+){(My9ZFS((^L+W zB4f06LrP_NyWOD37tR4g5n~v9`a8$L-}xQVpZ;_p@-G9o2*KyCxrTE$ZyxwH3sB4i zMX?M5qG(7e6}vnShgPoa(R-GR4R)N>4w1KrctDxLERX@saDrB*@+p;WrI)5!+f18l41m6QgpV~Xhbf&UG>_~MKC(7bAnfibUknZgSs@V@Y8Div14Fw&6k9vSIjS^u~|ttN!E zqSJ0ag7+E5__BU*pfBIP`|g1^JwvhSRW@wk%m45XsK=>d1KqlYV!1l!8+qPxY1%i< zw0~S+{d#l|SZl2(O`Aw57UTz=z%0)8?&ZPX_znF0ko6Mqz=whVjAL%P{(4rQpqA)S zLQupq1A-t+jmZGU3MsI>F=RU(FN`rQA(DD=c!}>ZJo?=?HN^w3e?9itv1Msnz@G!( zl#=VNzM3u1eeUwZS`Kq{!=m&I8S*@r)>>JsNuKt!!9!!#IUPzF5Jf8xLgSpCwYU2O zNnE?lgKvD}Kq<371KtRHZ`CTkdh^Y^^-XVjbOT)q-F_7g+@fM+&ME5HvuF95A%Lj| zAC$Eyibg7x8bMG;h=|1jhy&O47U{n?+f^3WkB-v55w z@=4H3V&u1fo657EwXm@`n8gu>VeDLN^SnENrE7QAOZ)cmiVuI7Uw-B@=Ngsrq$wCv zQ9+=L5b^Flr^xhGgoeY=S?4rbhX_$9LGvR+T|K~i4*lUDGIQgN19h|pydGF{^eDcl zNj@pK?e^Pw@W6qEjYU$oL~BuvqSzW^!ikBV9G|}P+DuKks2I4NJu;{82ran(@c1}W zpa1+x8^}pRktgUe#sebvJ{Msqbr_1pm8Sh8Ln9;7N0B4XQ=D^vMeA zv?vl8)Tvg7kx~)_k}M0$+`EBofhQeZT}23wltr4q_wC#{mt|Rc#@S~NkRLEUPCJgZ zEOG-K5S8b2Eewu6iB%#4qg&Ael%8yll*$-mDz%!}yLa#Mm7}{p`&lKEM2OLS%k(GfJb`&L@j2(7TLeUlpW+;m zJP(nwF0|Ipxgc7-S}qoY{VGSPJpJi;Dnv(WT^vQx=|B*4voE2TV&FY5zVO232Hc&O z^Y@Rg&c6H_DmGp}`@0_#ip&s!wS~r-=Z@moJxiLlvpmmLy>4uuLsa@ILT+Tln};8k zMr*<>Go??UIH*vmLK7^~W{Md#H=uIxsgk{{ldzM%?^GcO#uQ))l>wpgehqc|F%2Gpld~8Yog}(lkVCgAggs<>jDs+3}*T-}|DjuQ&)XFJ0Lh=Za%H zgwR;4kTS!$;xNTL2c-gxNzu9p+FDzL@2!=1?{H3#=NZ->quoAi8jWMhxz0=+XPXWl zw2M!b?R%i&=I8F^S_*}wl{ z-@eZJk&)BlN~MO@3dr)~#~*1XNyipnN7mxFGL<9^oMZjaP;ty{wOU8Y2xHnLNrxz^ zmVSi@5ajuB($t`oL+gkz9Kzb7;=9=RELoNlhCwNgDP7%BDT-sjk!3A}5U$;B<;D;x zHMDPLW-;748u%hnWzj6xlHRkedG}xYaME>M@*V_b%r=s$_rzZ*V@V~TR{+XLLrVR z=Q87cV2n{(%20-34$!pL$IfLg46XJ)Aj{f`QbH9cMaDvFDa#@bp;Si%fs~LqYopwI z8Cly&tJUeq+U!85lWjS4$cpXTdwhZ?mS5Yq%R4}B9UGJTTPhmZZtJ}1wQFiht{oZCL6S%}GUB^Nh^$nK1im;H05cO4dA4p{&$Jwyn(}Pg z - - - - - - -
- - Hello from the minimal https server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. -
-
- - diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls-mem/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server-tls/CMakeLists.txt deleted file mode 100644 index 758d973..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server-tls) -set(SRCS minimal-http-server-tls.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_OPENSSL_SUPPORT 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/http-server/minimal-http-server-tls/README.md b/minimal-examples/http-server/minimal-http-server-tls/README.md deleted file mode 100644 index b10ffed..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/README.md +++ /dev/null @@ -1,45 +0,0 @@ -# lws minimal http server with tls - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server-tls -[2018/03/20 13:23:13:0131] USER: LWS minimal http server TLS | visit https://localhost:7681 -[2018/03/20 13:23:13:0142] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/20 13:23:13:0142] NOTICE: Using SSL mode -[2018/03/20 13:23:13:0146] NOTICE: SSL ECDH curve 'prime256v1' -[2018/03/20 13:23:13:0146] NOTICE: HTTP2 / ALPN enabled -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing cert filepath localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: Loaded client cert localhost-100y.cert -[2018/03/20 13:23:13:0195] NOTICE: lws_tls_client_create_vhost_context: doing private key filepath -[2018/03/20 13:23:13:0196] NOTICE: Loaded client cert private key localhost-100y.key -[2018/03/20 13:23:13:0196] NOTICE: created client ssl context for default -[2018/03/20 13:23:14:0207] NOTICE: vhost default: cert expiry: 730459d -``` - -Visit https://localhost:7681 - -Because it uses a selfsigned certificate, you will have to make an exception for it in your browser. - -## Certificate creation - -The selfsigned certs provided were created with - -``` -echo -e "GB\nErewhon\nAll around\nlibwebsockets-test\n\nlocalhost\nnone@invalid.org\n" | openssl req -new -newkey rsa:4096 -days 36500 -nodes -x509 -keyout "localhost-100y.key" -out "localhost-100y.cert" -``` - -they cover "localhost" and last 100 years from 2018-03-20. - -You can replace them with commercial certificates matching your hostname. - -## HTTP/2 - -If you built lws with `-DLWS_WITH_HTTP2=1` at cmake, this simple server is also http/2 capable -out of the box. If the index.html was loaded over http/2, it will display an HTTP 2 png. diff --git a/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.cert b/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.key b/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/http-server/minimal-http-server-tls/minimal-http-server-tls.c b/minimal-examples/http-server/minimal-http-server-tls/minimal-http-server-tls.c deleted file mode 100644 index 3cda698..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/minimal-http-server-tls.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - * lws-minimal-http-server-tls - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with three extra lines giving it tls (ssl) capabilities, which in - * turn allow operation with HTTP/2 if lws was configured for it. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server TLS | visit https://localhost:7681\n"); - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/404.html deleted file mode 100644 index 6fdd6bf..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/404.html +++ /dev/null @@ -1,11 +0,0 @@ - - - - -
- -

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/example.js b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/example.js deleted file mode 100644 index 1606ea0..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/example.js +++ /dev/null @@ -1,22 +0,0 @@ -document.addEventListener("DOMContentLoaded", function() { - - var transport_protocol = ""; - - if ( performance && performance.timing.nextHopProtocol ) { - transport_protocol = performance.timing.nextHopProtocol; - } else if ( window.chrome && window.chrome.loadTimes ) { - transport_protocol = window.chrome.loadTimes().connectionInfo; - } else { - - var p = performance.getEntriesByType("resource"); - for (var i=0; i < p.length; i++) { - var value = "nextHopProtocol" in p[i]; - if (value) - transport_protocol = p[i].nextHopProtocol; - } - } - - if (transport_protocol == "h2") - document.getElementById("transport").innerHTML = ""; - } -}, false); \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/http2.png b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/http2.png deleted file mode 100644 index 439bfa482fa00e69af2d562f17a6e89453eb98cc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 7563 zcmV;69dzP}P)hJCKl}1r-pgb%At50^h&s(NL+gbgh*}K=@24(BV^6&tYNdLrZS7HN zyRhvft=8kJ)}>`BinW|B6&C>(SXZ@*0u?HyMyuE;F`57gnPfs{=FNL~F8gx+c%FA| z?>m_n2rSNOzH7~znf?5p=h^%B?7e^Y4X1Dlr*I0Va0;hz3a9X26Jj|6@4W!nv17+9 z?fCdOJ9q9B+sgm%*u7f-Y#kf(ckJFRwvLT?)~pe`_UsW`Mn>GudC%LnZJTGu4j3B~ z^X~=N`jVHxo;_l3no34T8Ld<-larp^yM6g$-=*#LXS`^id%@0~qWiwxyLbEX@o_JN z@GOBP8Q{Ga?A$5$w^~7zWikyzS5Zo-JeM+x#AKTKwNk2PttLgMBV>{YH8iAbyB!DC zX1P*fn&+Yx$4S!|Us1|60i%=~4gw*Kkx8eclyedwlTt-eIw55ZKsYC@wI)=m(R40Z zp|yJiuu0-i8yfP{c`j>1L#6?0MWYb{C~Kuv%5}$(typ2*#6N?=@0pSX+EKt*a;%k>@EwSkkmjr_&_QkK>%7)yk;XYZ#N^ zoW=WqT5TAuL%av?9Z6#FJ|<1u4<0`Ji$Lq|SE6X|%8eVF;^K?V{ITkOUw_vbXQ;E1 zWXNRM=GB$T`SHe$XHl(=5Ji$8a7gJ0!#Ywbobz}u(Yp98r9udcQgytyK!kI;Tvrk) z1z-#I3x`r3=Oo_C*)}Nyj4?QuBSeOCO^nHL&LCxulrhc)IF}FvRjd^hvq|HeB}sC! zEF(!8XQin*&}{BQsTC{t>}h%L#r#>&!vMTz%g&u*GEGR6?>orIjBc(!0iIgA&I9GJKK=&(pgb+aSTPZ=g*%3wEPIT|--tP%R0f_S17VjYl zJk~m#^C%@|83v$KK@S2Um|X%&)dnY9bfs1pB-EnvgtX`5l4?60*3&mS5znnvd4$ZcYjEwM-7r&StS6<1pHf{3d5-OIR z)&l49iV(^P;m+>Ufxa_fG>Y7TFwAVHlcTjq2um0`yccLKI-L$vQ&TjKA7}O}m&}`< zo@Q!liZstjO1cxF)ovq$U|G6Onu_V^X$~Dagb;$&t5*XsIXTHKx8BM(Z@Z0u|He1O z=4U*^m&;US_Kqe`u6XB7l0^=II?dac+bCn?|Z!JwXbDnW`>V_<}-Zmum8H}Pq73Y&iUyy zZB&Pbnyu++yF3GcX!UAo4j%oo0AtXs#^ zpZ2r`X^~mY#kf(i=Wt!0Yc@u6wZZF7zTu4jQ0WFD;8}` z_wU)m`Okm;@|}D<=)(}_9QXdmf6(r9xapQ#xclzA0eHowmloo*_*fPpa-8$R`^;vU z-&w1{ocIO$G2o6nWL~L6S))-qT`7(CvQ%n%)=v~goVkAef(}0Lzyny@LwZt?Wf>Q~ z@P!N7F4?-3cVBTucbOK90EG}j7*o~5!*bi2HC?@-zb5EGFgfYdG&NPFS{-ZCiV$tQ zw@85m*0zKgLv(932a`K59J5Y%Ei=O{{wAO6guz{Ced@=vyvdd6H z6gq+T0x3P-8=Nyj2o+iz?4F#I-g_(N&8prRux5>@N0DtGK5U1*mt+}$BhMvaxTIbE zWFibh?z-)^Li2;-w{yk7y%(k8Wl<_6&r>O7mS>q6>vVehzhDa&;Muy>9XW8oue*5jT3@oV!~x8hzIW5VJ3Os-y5ZMhG!96h$?!lph@(?OF4^pVWJ{jEsoT+Gs@UIzdpy`(oFb zQ+S^0OTnX*1vFZVwlTR-D&4zxFWxWgdViN#t0i+|bX2QplnU@ZEC=r&>xSp^ob2a6 zCx7T6@`DF)jRrn1R+(D4618d-`iwJ(pZ#oP;edJcP^!=b=k~4R7;`)`CJnqdlTqZv zAlBevrBsq6T^Zz2%9Ok9+}#5(BDwEA8aLle>pR~e`N0oxozC)u(3<$X^BB715=MUO zw+PPe=f_zB))ub$?tWDoLz(w26~}hVh7DaCVeWN3581Ip93LH3K@bFi)*%oBEU*T< z^0yCMtHtz}zQnO>t|9%&PX_ON7sim>doRho_j2STA0d3jE7-7O2XX04IU(lvsc?(M z2%%k;<$z;y^2Dkz0OR9?jfO&qm4smp==%M;J8b`VrzwwIeKkMZyqQDqdCy}T{2~bF z$p7h|xc|Zn+5LeJ6#D*&Ft;~(ycY6}69!k;fhH;N-%`rZ8RK_NO-U9h ze|-h}Oc)AlOckYcX=PcQo4e7NVn@t#4qtT@`(OD=vY-9zv5oFgVD(Ra!dJ$|NS0zk zp#pbf28H+z0*z8}E~ToBjPy+5z6@AVL~c?#od(9V$_R`uHyOHtkj5>yaP$+OSaLsj zBCzSm5w3mV3wy*_51f-|tr0?vgkhzslo*4azV_P#d^$XAA}Jebk~9c{?k4CK%l{RZ zT}EfVN9akyuik$@pT6p;b{^dwD-kTKi5YTa)FRKaz=vqxgahw`! zEygsEvQzp6#B7kW#PFq;(mMbAfjd71>;Vn{184hBdkFjcGq-dPe1SuoaAwonMOhzci`)rH}mR0{$uXC>n@V1DGu%1#}Dqg zhdn?3G2fq@m5$*i0{FWeRzoWr})T`$fLZ9tMm9GKxgI(^)wjhE?Kt6+%>TPMt^<2H5b{xAGUC z`3yg}=blG3@cDSgyWT}UG&B&c1STJNV6LGnrn|~pkzSKWN`*EI?e1o?$C_Po(J8H? zpk5zAsbX&m0#mw}PRN8eyzX_Jb>^7^4WJ){)~tHzO9!TRNkW>Ya}C}XjOf||*4j>< z+c3*qXKKnXmIA#?01&N~FhyW7ER&!t-sj8BfRlxI)24xGJ3!K9K&hY1qMMv0Wjg`3 z^tr!x35<_>tF;RXmr@R7rB=1H$UMoA)#^ZW4rl|_t^;LGQ*|h1u{J~qVF6oYtid40 zP;QLXS|24zIyjfk(mqMS5p(3oKy-(Js9GfmdNkZ3DN89s6oqxISHwcZ`@>KzUcvoU z;V^WWlpVbHC{+bQq?}7no68D&LSQB)2BLca*tlWCT*E?5&;br>WvEo(A&#`+#2>9i6lAiX~9w2Y7D)hcQXh+C(~+*^!aK6d_fq z2pEb+EQWk%Ic9O#j9|{^LM&-vR2YR&mjV7xpI*!cpXAxm0K0ZYM5Owj!2e;$bT7T`6nel=PzlFr3GrSU#ShzO-( zzzZqG#~Had2@K^j5CCXIJb6fRH@YHCNE2A7HEPenGrrsnY!+} zfoN|4{@XL3$%_^xO3emE3KYhhbH14*3C<-OYc;pLPY}?~1Lmr84P*C zKL6C;|2=t`?{^{?;8x&&U2z4A!(3%TN7r>PDVBm)K_Fe}6IhHM25i~1$p=#ALdu+> zp<$GYkW%4&IJ*o^GJKM7^kW|zi1rqsS*`Lv-~8s@i(Q5kt}qD%2oYDL3`Cv}7#IQC z#(3p@h_#9$S5PlVJUYqK|JY|gJJ8q9fNOwvzWwd2EK_iM`Xhuu2w5s|bQ8QHDc#;a z^#Z*Nn4I)s5SU!bqonB!)|xWuNX+^KPhxo796rqChd(?J?F~S)UguA)ymD!x`6)9+ zf@f5V z-}}9RXdeKs1GfL^pU%0!`=M(Lb<<>v4A)dUH|ezQY#AAG1H}bWu#pf=jA>zQUY5U^ zQpZ*pGnXRw7%}m__mMyN;6Swh2iSD(xxDKg?^t+Yu{K&*tlj#eluoBjk~Dl2wO6cJ z<9N+$2D1haPfZ!=+;o2Y_ypchB18i)vwFbe^amXO>Q|Zm;ui;^{W@@$5M1-Of7{RT z(TgHG#G_P>5Yx2V$A$N@F)<-o97$pc2CRp`DrJr|8Z+d1yR5)CDbqiH=phdN?(Ysn zJ4NyJ-+uY!ykNPyg!!|faNZicx8!*ect0)MZP6{*o{xSE5K*nB1BlODv0@EE)G?+) zp;bLDCipz(z~z@?A9-XT`o9FC_3Qb_ps|7?ZPo(@=Q5I{nWkw+NGVpVS<{sOC-w>M z+__U61KP%{qEcBw7_P#(3dYQ($UMf)aN^1qakR~lnh#ohF(V; z{QJK@7%fFm^_ZCy;}GLD@Zv+6e$Nm?tRdinp$28i~~$g;)IwgOVpcq z?+Aj&R0!mnO&)s7TX3z`K=dC39;ny3;R|1&@>mikjS-~{V+aC+){(My9ZFS((^L+W zB4f06LrP_NyWOD37tR4g5n~v9`a8$L-}xQVpZ;_p@-G9o2*KyCxrTE$ZyxwH3sB4i zMX?M5qG(7e6}vnShgPoa(R-GR4R)N>4w1KrctDxLERX@saDrB*@+p;WrI)5!+f18l41m6QgpV~Xhbf&UG>_~MKC(7bAnfibUknZgSs@V@Y8Div14Fw&6k9vSIjS^u~|ttN!E zqSJ0ag7+E5__BU*pfBIP`|g1^JwvhSRW@wk%m45XsK=>d1KqlYV!1l!8+qPxY1%i< zw0~S+{d#l|SZl2(O`Aw57UTz=z%0)8?&ZPX_znF0ko6Mqz=whVjAL%P{(4rQpqA)S zLQupq1A-t+jmZGU3MsI>F=RU(FN`rQA(DD=c!}>ZJo?=?HN^w3e?9itv1Msnz@G!( zl#=VNzM3u1eeUwZS`Kq{!=m&I8S*@r)>>JsNuKt!!9!!#IUPzF5Jf8xLgSpCwYU2O zNnE?lgKvD}Kq<371KtRHZ`CTkdh^Y^^-XVjbOT)q-F_7g+@fM+&ME5HvuF95A%Lj| zAC$Eyibg7x8bMG;h=|1jhy&O47U{n?+f^3WkB-v55w z@=4H3V&u1fo657EwXm@`n8gu>VeDLN^SnENrE7QAOZ)cmiVuI7Uw-B@=Ngsrq$wCv zQ9+=L5b^Flr^xhGgoeY=S?4rbhX_$9LGvR+T|K~i4*lUDGIQgN19h|pydGF{^eDcl zNj@pK?e^Pw@W6qEjYU$oL~BuvqSzW^!ikBV9G|}P+DuKks2I4NJu;{82ran(@c1}W zpa1+x8^}pRktgUe#sebvJ{Msqbr_1pm8Sh8Ln9;7N0B4XQ=D^vMeA zv?vl8)Tvg7kx~)_k}M0$+`EBofhQeZT}23wltr4q_wC#{mt|Rc#@S~NkRLEUPCJgZ zEOG-K5S8b2Eewu6iB%#4qg&Ael%8yll*$-mDz%!}yLa#Mm7}{p`&lKEM2OLS%k(GfJb`&L@j2(7TLeUlpW+;m zJP(nwF0|Ipxgc7-S}qoY{VGSPJpJi;Dnv(WT^vQx=|B*4voE2TV&FY5zVO232Hc&O z^Y@Rg&c6H_DmGp}`@0_#ip&s!wS~r-=Z@moJxiLlvpmmLy>4uuLsa@ILT+Tln};8k zMr*<>Go??UIH*vmLK7^~W{Md#H=uIxsgk{{ldzM%?^GcO#uQ))l>wpgehqc|F%2Gpld~8Yog}(lkVCgAggs<>jDs+3}*T-}|DjuQ&)XFJ0Lh=Za%H zgwR;4kTS!$;xNTL2c-gxNzu9p+FDzL@2!=1?{H3#=NZ->quoAi8jWMhxz0=+XPXWl zw2M!b?R%i&=I8F^S_*}wl{ z-@eZJk&)BlN~MO@3dr)~#~*1XNyipnN7mxFGL<9^oMZjaP;ty{wOU8Y2xHnLNrxz^ zmVSi@5ajuB($t`oL+gkz9Kzb7;=9=RELoNlhCwNgDP7%BDT-sjk!3A}5U$;B<;D;x zHMDPLW-;748u%hnWzj6xlHRkedG}xYaME>M@*V_b%r=s$_rzZ*V@V~TR{+XLLrVR z=Q87cV2n{(%20-34$!pL$IfLg46XJ)Aj{f`QbH9cMaDvFDa#@bp;Si%fs~LqYopwI z8Cly&tJUeq+U!85lWjS4$cpXTdwhZ?mS5Yq%R4}B9UGJTTPhmZZtJ}1wQFiht{oZCL6S%}GUB^Nh^$nK1im;H05cO4dA4p{&$Jwyn(}Pg z - - - - - - -
- - Hello from the minimal https server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. -
-
- - diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server-tls/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server-tls/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server/CMakeLists.txt b/minimal-examples/http-server/minimal-http-server/CMakeLists.txt deleted file mode 100644 index a0fa4ec..0000000 --- a/minimal-examples/http-server/minimal-http-server/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-http-server) -set(SRCS minimal-http-server.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/http-server/minimal-http-server/README.md b/minimal-examples/http-server/minimal-http-server/README.md deleted file mode 100644 index cc8794b..0000000 --- a/minimal-examples/http-server/minimal-http-server/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# lws minimal http server - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-http-server -[2018/03/04 09:30:02:7986] USER: LWS minimal http server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 - diff --git a/minimal-examples/http-server/minimal-http-server/minimal-http-server.c b/minimal-examples/http-server/minimal-http-server/minimal-http-server.c deleted file mode 100644 index 1cd2622..0000000 --- a/minimal-examples/http-server/minimal-http-server/minimal-http-server.c +++ /dev/null @@ -1,87 +0,0 @@ -/* - * lws-minimal-http-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - */ - -#include -#include -#include - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal http server | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/http-server/minimal-http-server/mount-origin/404.html b/minimal-examples/http-server/minimal-http-server/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/http-server/minimal-http-server/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/http-server/minimal-http-server/mount-origin/favicon.ico b/minimal-examples/http-server/minimal-http-server/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/http-server/minimal-http-server/mount-origin/index.html b/minimal-examples/http-server/minimal-http-server/mount-origin/index.html deleted file mode 100644 index bc9ffa4..0000000 --- a/minimal-examples/http-server/minimal-http-server/mount-origin/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - -
- - Hello from the minimal http server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/http-server/minimal-http-server/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/http-server/minimal-http-server/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/http-server/minimal-http-server/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/http-server/minimal-http-server/mount-origin/strict-csp.svg b/minimal-examples/http-server/minimal-http-server/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/http-server/minimal-http-server/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/raw/README.md b/minimal-examples/raw/README.md deleted file mode 100644 index ea3bd7a..0000000 --- a/minimal-examples/raw/README.md +++ /dev/null @@ -1,11 +0,0 @@ -|name|demonstrates| ----|--- -minimal-raw-adopt-tcp|Shows how to have lws adopt an existing tcp socket something else had connected -minimal-raw-adopt-udp|Shows how to create a udp socket and read and write on it -minimal-raw-fallback-http|Shows how to run a normal http(s) server that falls back to a specified role + protocol -minimal-raw-file|Shows how to adopt a file descriptor (device node, fifo, file, etc) into the lws event loop and handle events -minimal-raw-netcat|Writes stdin to a remote server and prints results on stdout -minimal-raw-proxy-fallback|Shows how to run a normal http(s) server that falls back to a proxied connection to a specified IP and port -minimal-raw-proxy|Shows how to set up a vhost so it listens for connections and proxies them to a specified IP and port -minimal-raw-vhost|Shows how to set up a vhost that listens and accepts RAW socket connections - diff --git a/minimal-examples/raw/minimal-raw-adopt-tcp/CMakeLists.txt b/minimal-examples/raw/minimal-raw-adopt-tcp/CMakeLists.txt deleted file mode 100644 index 6ee4fb8..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-tcp/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-adopt-tcp) -set(SRCS minimal-raw-adopt-tcp.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-adopt-tcp/README.md b/minimal-examples/raw/minimal-raw-adopt-tcp/README.md deleted file mode 100644 index 605c722..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-tcp/README.md +++ /dev/null @@ -1,57 +0,0 @@ -# lws minimal ws server raw adopt tcp - -This example is only meaningful if you are integrating lws in another -app which generates its own connected sockets. In some cases you may -want lws to "adopt" the socket. - -(If you simply want a connected client raw socket using lws alone, you -can just use lws_client_connect_via_info() with info.method = "RAW". -http-client/minimal-http-client shows how to do that, just set -info.method to "RAW".) - -This example demonstrates how to adopt a foreign, connected socket into lws -as a raw wsi, bound to a specific lws protocol. - -The example connects a socket itself to libwebsockets.org:80, and then -has lws adopt it as a raw wsi. The lws protocol writes "GET / HTTP/1.1" -to the socket and hexdumps what was sent back. - -The socket won't close until the server side times it out, since it's -a raw socket that doesn't understand it's looking at http. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-raw-adopt-tcp -[2018/03/23 09:03:57:1960] USER: LWS minimal raw adopt tcp -[2018/03/23 09:03:57:1961] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/23 09:03:57:2079] USER: Starting connect... -[2018/03/23 09:03:57:4963] USER: Connected... -[2018/03/23 09:03:57:4963] USER: LWS_CALLBACK_RAW_ADOPT -[2018/03/23 09:03:57:7842] USER: LWS_CALLBACK_RAW_RX (186) -[2018/03/23 09:03:57:7842] NOTICE: -[2018/03/23 09:03:57:7842] NOTICE: 0000: 48 54 54 50 2F 31 2E 31 20 33 30 31 20 52 65 64 HTTP/1.1 301 Red -[2018/03/23 09:03:57:7842] NOTICE: 0010: 69 72 65 63 74 0D 0A 73 65 72 76 65 72 3A 20 6C irect..server: l -[2018/03/23 09:03:57:7842] NOTICE: 0020: 77 73 77 73 0D 0A 53 74 72 69 63 74 2D 54 72 61 wsws..Strict-Tra -[2018/03/23 09:03:57:7843] NOTICE: 0030: 6E 73 70 6F 72 74 2D 53 65 63 75 72 69 74 79 3A nsport-Security: -[2018/03/23 09:03:57:7843] NOTICE: 0040: 20 6D 61 78 2D 61 67 65 3D 31 35 37 36 38 30 30 max-age=1576800 -[2018/03/23 09:03:57:7843] NOTICE: 0050: 30 20 3B 20 69 6E 63 6C 75 64 65 53 75 62 44 6F 0 ; includeSubDo -[2018/03/23 09:03:57:7843] NOTICE: 0060: 6D 61 69 6E 73 0D 0A 6C 6F 63 61 74 69 6F 6E 3A mains..location: -[2018/03/23 09:03:57:7843] NOTICE: 0070: 20 68 74 74 70 73 3A 2F 2F 6C 69 62 77 65 62 73 https://libwebs -[2018/03/23 09:03:57:7843] NOTICE: 0080: 6F 63 6B 65 74 73 2E 6F 72 67 0D 0A 63 6F 6E 74 ockets.org..cont -[2018/03/23 09:03:57:7843] NOTICE: 0090: 65 6E 74 2D 74 79 70 65 3A 20 74 65 78 74 2F 68 ent-type: text/h -[2018/03/23 09:03:57:7843] NOTICE: 00A0: 74 6D 6C 0D 0A 63 6F 6E 74 65 6E 74 2D 6C 65 6E tml..content-len -[2018/03/23 09:03:57:7843] NOTICE: 00B0: 67 74 68 3A 20 30 0D 0A 0D 0A gth: 0.... -[2018/03/23 09:03:57:7843] NOTICE: -[2018/03/23 09:04:03:3627] USER: LWS_CALLBACK_RAW_CLOSE - -``` - -Note the example does everything itself, after 5s idle the remote server closes the connection -after which the example continues until you ^C it. diff --git a/minimal-examples/raw/minimal-raw-adopt-tcp/minimal-raw-adopt-tcp.c b/minimal-examples/raw/minimal-raw-adopt-tcp/minimal-raw-adopt-tcp.c deleted file mode 100644 index 1134234..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-tcp/minimal-raw-adopt-tcp.c +++ /dev/null @@ -1,188 +0,0 @@ -/* - * lws-minimal-raw-adopt-tcp - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates integrating somebody else's connected tcp - * socket into the lws event loop as a RAW wsi. It's interesting in - * the kind of situation where you already have a connected socket - * in your application, and you need to hand it over to lws to deal with. - * - * Lws supports "adopting" these foreign sockets. - * - * If you simply want a connected client raw socket using lws alone, you - * can just use lws_client_connect_via_info() with info.method = "RAW". - * - */ - -#include -#include -#include -#if !defined(WIN32) -#include -#include -#include -#include -#endif -#include -#include -#include -#include -#include -#include - -static int -callback_raw_test(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - - switch (reason) { - - /* callbacks related to raw socket descriptor */ - - case LWS_CALLBACK_RAW_ADOPT: - lwsl_user("LWS_CALLBACK_RAW_ADOPT\n"); - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_RAW_CLOSE: - lwsl_user("LWS_CALLBACK_RAW_CLOSE\n"); - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_user("LWS_CALLBACK_RAW_RX (%d)\n", (int)len); - lwsl_hexdump_level(LLL_NOTICE, in, len); - break; - - case LWS_CALLBACK_RAW_WRITEABLE: - if (lws_write(wsi, - (uint8_t *)"GET / HTTP/1.1\xd\xa\xd\xa", 18, - LWS_WRITE_RAW) != 18) { - lwsl_notice("%s: raw write failed\n", __func__); - return 1; - } - break; - - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "raw-test", callback_raw_test, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - lws_sock_file_fd_type sock; - struct addrinfo h, *r, *rp; - struct lws_vhost *vhost; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw adopt tcp\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.port = CONTEXT_PORT_NO_LISTEN_SERVER; - info.protocols = protocols; - - vhost = lws_create_vhost(context, &info); - if (!vhost) { - lwsl_err("lws vhost creation failed\n"); - goto bail; - } - - /* - * Connect our own "foreign" socket to libwebsockets.org:80 - * - * Normally you would do this with lws_client_connect_via_info() inside - * the lws event loop, hiding all this detail. But this example - * demonstrates how to integrate an externally-connected "foreign" - * socket, so we create one by hand. - */ - - memset(&h, 0, sizeof(h)); - h.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - h.ai_socktype = SOCK_STREAM; - h.ai_protocol = IPPROTO_TCP; - - n = getaddrinfo("libwebsockets.org", "80", &h, &r); - if (n) { - lwsl_err("%s: problem resolving libwebsockets.org: %s\n", __func__, gai_strerror(n)); - return 1; - } - - for (rp = r; rp; rp = rp->ai_next) { - sock.sockfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol); - if (sock.sockfd != LWS_SOCK_INVALID) - break; - } - if (!rp) { - lwsl_err("%s: unable to create INET socket\n", __func__); - freeaddrinfo(r); - - return 1; - } - - lwsl_user("Starting connect...\n"); - if (connect(sock.sockfd, rp->ai_addr, sizeof(*rp->ai_addr)) < 0) { - lwsl_err("%s: unable to connect to libwebsockets.org:80\n", __func__); - freeaddrinfo(r); - return 1; - } - - freeaddrinfo(r); - signal(SIGINT, sigint_handler); - lwsl_user("Connected...\n"); - - /* our foreign socket is connected... adopt it into lws */ - - if (!lws_adopt_descriptor_vhost(vhost, LWS_ADOPT_SOCKET, sock, - protocols[0].name, NULL)) { - lwsl_err("%s: foreign socket adoption failed\n", __func__); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-adopt-udp/CMakeLists.txt b/minimal-examples/raw/minimal-raw-adopt-udp/CMakeLists.txt deleted file mode 100644 index 7262705..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-udp/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-adopt-udp) -set(SRCS minimal-raw-adopt-udp.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-adopt-udp/README.md b/minimal-examples/raw/minimal-raw-adopt-udp/README.md deleted file mode 100644 index edaf8d2..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-udp/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# lws minimal ws server raw adopt udp - -This example demonstrates echoing packets on a UDP socket in lws. - -A "foreign" UDP socket is created, bound (so it can "listen"), and -adopted into lws event loop. It acts like a tcp RAW mode connection in -lws and uses the same callbacks. - -Writing is a bit different for UDP. By default, the system has no -idea about the receiver state and so asking for a callback_on_writable() -always believes that the socket is writeable... the callback will -happen next time around the event loop if there are no pending partials. - -With UDP, there is no "connection". You need to write with sendto() and -direct the packets to a specific destination. You can learn the source -of the last packet that arrived at the LWS_CALLBACK_RAW_RX callback by -getting a `struct lws_udp *` from `lws_get_udp(wsi)`. To be able to -send back to that guy, you should take a copy of the `struct lws_udp *` and -use the .sa and .salen members in your sendto(). - -However the kernel may not accept to buffer / write everything you wanted to send. -So you are responsible to watch the result of sendto() and resend the -unsent part next time. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-raw-adopt-udp -$ ./lws-minimal-raw-adopt-udp -[2018/03/24 08:12:37:8869] USER: LWS minimal raw adopt udp | nc -u 127.0.0.1 7681 -[2018/03/24 08:12:37:8870] NOTICE: Creating Vhost 'default' (no listener), 1 protocols, IPv6 off -[2018/03/24 08:12:37:8878] USER: LWS_CALLBACK_RAW_ADOPT -[2018/03/24 08:12:41:5656] USER: LWS_CALLBACK_RAW_RX (6) -[2018/03/24 08:12:41:5656] NOTICE: -[2018/03/24 08:12:41:5656] NOTICE: 0000: 68 65 6C 6C 6F 0A hello. -[2018/03/24 08:12:41:5656] NOTICE: -``` - -``` - $ nc -u 127.0.0.1 7681 -hello -hello -``` diff --git a/minimal-examples/raw/minimal-raw-adopt-udp/minimal-raw-adopt-udp.c b/minimal-examples/raw/minimal-raw-adopt-udp/minimal-raw-adopt-udp.c deleted file mode 100644 index 5689563..0000000 --- a/minimal-examples/raw/minimal-raw-adopt-udp/minimal-raw-adopt-udp.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * lws-minimal-raw-adopt-udp - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates integrating a connected udp - * socket into the lws event loop as a RAW wsi. It's interesting in - * the kind of situation where you already have a connected socket - * in your application, and you need to hand it over to lws to deal with. - * - * Lws supports "adopting" these foreign sockets, and also has a helper API - * to create, bind, and adopt them inside lws. - */ - -#include -#include -#include -#if !defined(WIN32) -#include -#include -#include -#include -#endif -#include -#include -#include -#include -#include -#include - -static uint8_t sendbuf[4096]; -static size_t sendlen; -struct lws_udp udp; - -static int -callback_raw_test(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - ssize_t n; - int fd; - - switch (reason) { - - /* callbacks related to raw socket descriptor */ - - case LWS_CALLBACK_RAW_ADOPT: - lwsl_user("LWS_CALLBACK_RAW_ADOPT\n"); - break; - - case LWS_CALLBACK_RAW_CLOSE: - lwsl_user("LWS_CALLBACK_RAW_CLOSE\n"); - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_user("LWS_CALLBACK_RAW_RX (%d)\n", (int)len); - lwsl_hexdump_level(LLL_NOTICE, in, len); - /* - * Take a copy of the buffer and the source socket address... - */ - udp = *(lws_get_udp(wsi)); - sendlen = len; - if (sendlen > sizeof(sendbuf)) - sendlen = sizeof(sendbuf); - memcpy(sendbuf, in, sendlen); - /* - * ... and we send it next time around the event loop. This - * can be extended to having a ringbuffer of different send - * buffers and targets queued. - * - * Note that UDP is ALWAYS writable as far as poll() knows - * because there is no mechanism like the tcp window to - * understand that packets are not being acknowledged. But - * this allows the event loop to share out the work. - */ - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_RAW_WRITEABLE: - - if (!sendlen) - break; - - fd = lws_get_socket_fd(wsi); - if (fd < 0) /* keep Coverity happy: actually it cannot be < 0 */ - break; - - /* - * We can write directly on the UDP socket, specifying - * the peer the write is directed to. - * - * However the kernel may only accept parts of large sendto()s, - * leaving you to try to resend the remainder later. However - * depending on how your protocol on top of UDP works, that - * may involve sticking new headers before the remainder. - * - * For clarity partial sends just drop the remainder here. - */ - n = sendto(fd, -#if defined(WIN32) - (const char *) -#endif - sendbuf, sendlen, 0, &udp.sa, udp.salen); - if (n < (ssize_t)len) - lwsl_notice("%s: send returned %d\n", __func__, (int)n); - break; - - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "raw-test", callback_raw_test, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - struct lws_vhost *vhost; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw adopt udp | nc -u 127.0.0.1 7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.port = CONTEXT_PORT_NO_LISTEN_SERVER; - info.protocols = protocols; - - vhost = lws_create_vhost(context, &info); - if (!vhost) { - lwsl_err("lws vhost creation failed\n"); - goto bail; - } - - /* - * Create our own "foreign" UDP socket bound to 7681/udp - */ - if (!lws_create_adopt_udp(vhost, 7681, LWS_CAUDP_BIND, - protocols[0].name, NULL)) { - lwsl_err("%s: foreign socket adoption failed\n", __func__); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/CMakeLists.txt b/minimal-examples/raw/minimal-raw-fallback-http-server/CMakeLists.txt deleted file mode 100644 index f0cb7b4..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-fallback-http-server) -set(SRCS minimal-raw-fallback-http-server.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - - -set(requirements 1) -require_lws_config(LWS_ROLE_H1 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/README.md b/minimal-examples/raw/minimal-raw-fallback-http-server/README.md deleted file mode 100644 index 9a827c5..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# lws minimal raw fallback http server - -This is the same as the minimal http server, with one difference... -if you connect to localhost:7681 with something that doesn't send -recognizable http, then the connection will be switched to a -raw-skt role and bind to a protocol that echoes anything sent back -to the sender. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --s|Configure the server for tls / https and `LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT` --h|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER`, allowing http service on tls port (caution... it's insecure then) --u|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS`, so the server issues a redirect to https to clients that attempt to connect to a server configured for tls with http. - -``` - $ ./lws-minimal-raw-fallback-http-server -[2018/11/29 14:27:34:3014] USER: LWS minimal raw fallback http server | visit http://localhost:7681 -[2018/11/29 14:27:34:3243] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -``` - -Visit http://127.0.0.1:7681 - -This allows testing of various combinations of special features for unexpected -content on an http(s) listening socket. - -|cmdline args|http://127.0.0.1:7681|https://127.0.0.1:7681|ssh -p7681 127.0.0.1|flags| -|---|---|---|---|---| -|none|served|no tls|echos hello|LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG -|-s|echos http GET|served|echos hello|LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG, LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT -|-s -h|served|served|echos hello|LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG, LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT, LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER -|-s -u|redirected to https|served|echos hello|LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG, LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT, LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS - diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.cert b/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.key b/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/minimal-raw-fallback-http-server.c b/minimal-examples/raw/minimal-raw-fallback-http-server/minimal-raw-fallback-http-server.c deleted file mode 100644 index 1a7edaa..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/minimal-raw-fallback-http-server.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * lws-minimal-raw-fallback http-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff from the subdirectory - * "./mount-origin" of the directory it was started in. - * You can change that by changing mount.origin below. - * - * In addition, if the connection does to seem to be talking http, then it - * falls back to a raw echo protocol. - */ - -#include -#include -#include - -struct pss__raw_echo { - uint8_t buf[2048]; - int len; -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static int -callback_raw_echo(struct lws *wsi, enum lws_callback_reasons reason, void *user, - void *in, size_t len) -{ - struct pss__raw_echo *pss = (struct pss__raw_echo *)user; - - switch (reason) { - case LWS_CALLBACK_RAW_ADOPT: - lwsl_notice("LWS_CALLBACK_RAW_ADOPT\n"); - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_notice("LWS_CALLBACK_RAW_RX %ld\n", (long)len); - if (len > sizeof(pss->buf)) - len = sizeof(pss->buf); - memcpy(pss->buf, in, len); - pss->len = len; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_RAW_CLOSE: - lwsl_notice("LWS_CALLBACK_RAW_CLOSE\n"); - break; - - case LWS_CALLBACK_RAW_WRITEABLE: - lwsl_notice("LWS_CALLBACK_RAW_WRITEABLE\n"); - lws_write(wsi, pss->buf, pss->len, LWS_WRITE_HTTP); - break; - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { "raw-echo", callback_raw_echo, sizeof(struct pss__raw_echo), 2048 }, - { NULL, NULL, 0, 0 } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw fallback http server | " - "visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE | - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG; - info.listen_accept_role = "raw-skt"; - info.listen_accept_protocol = "raw-echo"; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - - if (lws_cmdline_option(argc, argv, "-u")) - info.options |= LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS; - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/404.html b/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/favicon.ico b/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/index.html b/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/index.html deleted file mode 100644 index 573e515..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - -
- - Hello from the minimal raw fallback http server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/strict-csp.svg b/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/raw/minimal-raw-fallback-http-server/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/raw/minimal-raw-file/CMakeLists.txt b/minimal-examples/raw/minimal-raw-file/CMakeLists.txt deleted file mode 100644 index dc0f863..0000000 --- a/minimal-examples/raw/minimal-raw-file/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-file) -set(SRCS minimal-raw-file.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/raw/minimal-raw-file/README.md b/minimal-examples/raw/minimal-raw-file/README.md deleted file mode 100644 index 47fba24..0000000 --- a/minimal-examples/raw/minimal-raw-file/README.md +++ /dev/null @@ -1,48 +0,0 @@ -# lws minimal ws server - -This demonstrates adopting a file descriptor into the lws event -loop. The filepath to open and adopt is given as an argument to the example app, eg - -``` - $ ./lws-minimal-raw-file -``` - -On a Linux system, some example files for testing might be - - - /proc/self/fd/0 (stdin) - - /dev/ttyUSB0 (a USB <-> serial converter) - - /dev/input/event (needs root... input device events) - -The example application opens the file in the protocol init -handler, and hexdumps data from the file to the lws log -as it becomes available. - -This isn't very useful standalone as shown here for clarity, but you can -freely combine raw file descriptor adoption with other lws server -and client features. - -Becuase raw file events have their own callback reasons, the handlers can -be integrated in a single protocol that also handles http and ws -server and client callbacks without conflict. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-raw-file /proc/self/fd/0 -[2018/03/22 10:48:53:9709] USER: LWS minimal raw file -[2018/03/22 10:48:53:9876] NOTICE: Creating Vhost 'default' port -2, 1 protocols, IPv6 off -[2018/03/22 10:48:55:0037] NOTICE: LWS_CALLBACK_RAW_ADOPT_FILE - -[2018/03/22 10:48:55:9370] NOTICE: LWS_CALLBACK_RAW_RX_FILE -[2018/03/22 10:48:55:9377] NOTICE: -[2018/03/22 10:48:55:9408] NOTICE: 0000: 0A . - -``` - -The example logs above show the result of typing the Enter key. diff --git a/minimal-examples/raw/minimal-raw-file/minimal-raw-file.c b/minimal-examples/raw/minimal-raw-file/minimal-raw-file.c deleted file mode 100644 index 21c5c48..0000000 --- a/minimal-examples/raw/minimal-raw-file/minimal-raw-file.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * lws-minimal-raw-file - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates adopting a file descriptor into the lws event - * loop. - */ - -#include -#include -#include -#include -#include -#include - -struct raw_vhd { -// lws_sock_file_fd_type u; - int filefd; -}; - -static char filepath[256]; - -static int -callback_raw_test(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct raw_vhd *vhd = (struct raw_vhd *)lws_protocol_vh_priv_get( - lws_get_vhost(wsi), lws_get_protocol(wsi)); - lws_sock_file_fd_type u; - uint8_t buf[1024]; - int n; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), sizeof(struct raw_vhd)); - vhd->filefd = lws_open(filepath, O_RDWR); - if (vhd->filefd == -1) { - lwsl_err("Unable to open %s\n", filepath); - - return 1; - } - u.filefd = (lws_filefd_type)(long long)vhd->filefd; - if (!lws_adopt_descriptor_vhost(lws_get_vhost(wsi), - LWS_ADOPT_RAW_FILE_DESC, u, - "raw-test", NULL)) { - lwsl_err("Failed to adopt fifo descriptor\n"); - close(vhd->filefd); - vhd->filefd = -1; - - return 1; - } - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - if (vhd && vhd->filefd != -1) - close(vhd->filefd); - break; - - /* callbacks related to raw file descriptor */ - - case LWS_CALLBACK_RAW_ADOPT_FILE: - lwsl_notice("LWS_CALLBACK_RAW_ADOPT_FILE\n"); - break; - - case LWS_CALLBACK_RAW_RX_FILE: - lwsl_notice("LWS_CALLBACK_RAW_RX_FILE\n"); - n = read(vhd->filefd, buf, sizeof(buf)); - if (n < 0) { - lwsl_err("Reading from %s failed\n", filepath); - - return 1; - } - lwsl_hexdump_level(LLL_NOTICE, buf, n); - break; - - case LWS_CALLBACK_RAW_CLOSE_FILE: - lwsl_notice("LWS_CALLBACK_RAW_CLOSE_FILE\n"); - break; - - case LWS_CALLBACK_RAW_WRITEABLE_FILE: - lwsl_notice("LWS_CALLBACK_RAW_WRITEABLE_FILE\n"); - /* - * you can call lws_callback_on_writable() on a raw file wsi as - * usual, and then write directly into the raw filefd here. - */ - break; - - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "raw-test", callback_raw_test, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw file\n"); - if (argc < 2) { - lwsl_user("Usage: %s " - " eg, /dev/ttyUSB0 or /dev/input/event0 or " - "/proc/self/fd/0\n", argv[0]); - - return 1; - } - - signal(SIGINT, sigint_handler); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN_SERVER; /* no listen socket for demo */ - info.protocols = protocols; - - lws_strncpy(filepath, argv[1], sizeof(filepath)); - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-netcat/CMakeLists.txt b/minimal-examples/raw/minimal-raw-netcat/CMakeLists.txt deleted file mode 100644 index ba3997d..0000000 --- a/minimal-examples/raw/minimal-raw-netcat/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-netcat) -set(SRCS minimal-raw-netcat.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-netcat/README.md b/minimal-examples/raw/minimal-raw-netcat/README.md deleted file mode 100644 index b50483c..0000000 --- a/minimal-examples/raw/minimal-raw-netcat/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# lws minimal raw netcat - -This example shows to to create a "netcat" that copies its stdin to -a remote socket and prints what is returned in stdout. - -It has some advantage over the real netcat, it will wait 1s after stdin closes -to print results that are in flight. - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ echo -e -n "GET / http/1.1\r\n\r\n"| ./lws-minimal-raw-netcat -[2018/05/02 08:53:53:2665] USER: LWS minimal raw netcat [--server ip] [--port port] -[2018/05/02 08:53:53:2667] NOTICE: Creating Vhost 'default' (no listener), 1 protocols, IPv6 off -[2018/05/02 08:53:53:2703] USER: Starting connect... -[2018/05/02 08:53:53:5644] USER: Connected to libwebsockets.org:80... -[2018/05/02 08:53:53:5645] USER: LWS_CALLBACK_RAW_ADOPT -[2018/05/02 08:53:53:5645] USER: LWS_CALLBACK_RAW_ADOPT_FILE -[2018/05/02 08:53:53:5646] USER: LWS_CALLBACK_RAW_RX_FILE -[2018/05/02 08:53:53:5646] USER: LWS_CALLBACK_RAW_CLOSE_FILE -[2018/05/02 08:53:53:8600] USER: LWS_CALLBACK_RAW_RX (186) -HTTP/1.1 301 Redirect -server: lwsws -Strict-Transport-Security: max-age=15768000 ; includeSubDomains -location: https://libwebsockets.org -content-type: text/html -content-length: 0 - -``` - -Note the example does everything itself, after 5s idle the remote server closes the connection -after which the example continues until you ^C it. diff --git a/minimal-examples/raw/minimal-raw-netcat/minimal-raw-netcat.c b/minimal-examples/raw/minimal-raw-netcat/minimal-raw-netcat.c deleted file mode 100644 index 1d8b59d..0000000 --- a/minimal-examples/raw/minimal-raw-netcat/minimal-raw-netcat.c +++ /dev/null @@ -1,255 +0,0 @@ -/* - * lws-minimal-raw-netcat - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates sending stdin to a remote socket and printing - * what is returned to stdout. - * - * All the logging is on stderr, so you can tune it out with 2>log - * or whatever. - */ - -#include -#include -#include -#if !defined(WIN32) -#include -#include -#include -#include -#include -#endif -#include -#include -#include -#include -#include - -static struct lws *raw_wsi, *stdin_wsi; -static uint8_t buf[LWS_PRE + 4096]; -static int waiting, interrupted; -static struct lws_context *context; -static int us_wait_after_input_close = LWS_USEC_PER_SEC / 10; - -static int -callback_raw_test(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - const char *cp = (const char *)in; - - switch (reason) { - - /* callbacks related to file descriptor */ - - case LWS_CALLBACK_RAW_ADOPT_FILE: - lwsl_user("LWS_CALLBACK_RAW_ADOPT_FILE\n"); - break; - - case LWS_CALLBACK_RAW_CLOSE_FILE: - lwsl_user("LWS_CALLBACK_RAW_CLOSE_FILE\n"); - /* stdin close, wait 1s then close the raw skt */ - stdin_wsi = NULL; /* invalid now we close */ - if (raw_wsi) - lws_set_timer_usecs(raw_wsi, us_wait_after_input_close); - else { - interrupted = 1; - lws_cancel_service(context); - } - break; - - case LWS_CALLBACK_RAW_RX_FILE: - lwsl_user("LWS_CALLBACK_RAW_RX_FILE\n"); - waiting = read(0, buf, sizeof(buf)); - lwsl_notice("raw file read %d\n", waiting); - if (waiting < 0) - return -1; - - if (raw_wsi) - lws_callback_on_writable(raw_wsi); - lws_rx_flow_control(wsi, 0); - break; - - - /* callbacks related to raw socket descriptor */ - - case LWS_CALLBACK_RAW_ADOPT: - lwsl_user("LWS_CALLBACK_RAW_ADOPT\n"); - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_RAW_CLOSE: - lwsl_user("LWS_CALLBACK_RAW_CLOSE\n"); - /* - * If the socket to the remote server closed, we must close - * and drop any remaining stdin - */ - interrupted = 1; - lws_cancel_service(context); - /* our pointer to this wsi is invalid now we close */ - raw_wsi = NULL; - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_user("LWS_CALLBACK_RAW_RX (%d)\n", (int)len); - while (len--) - putchar(*cp++); - fflush(stdout); - break; - - case LWS_CALLBACK_RAW_WRITEABLE: - lwsl_user("LWS_CALLBACK_RAW_WRITEABLE\n"); - // lwsl_hexdump_info(buf, waiting); - if (stdin_wsi) - lws_rx_flow_control(stdin_wsi, 1); - if (lws_write(wsi, buf, waiting, LWS_WRITE_RAW) != waiting) { - lwsl_notice("%s: raw skt write failed\n", __func__); - - return -1; - } - break; - - case LWS_CALLBACK_TIMER: - lwsl_user("LWS_CALLBACK_TIMER\n"); - interrupted = 1; - lws_cancel_service(context); - return -1; - - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "raw-test", callback_raw_test, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - const char *server = "libwebsockets.org", *port = "80"; - struct lws_context_creation_info info; - lws_sock_file_fd_type sock; - struct addrinfo h, *r, *rp; - struct lws_vhost *vhost; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw netcat [--server ip] [--port port] [-w ms]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - info.port = CONTEXT_PORT_NO_LISTEN_SERVER; - info.protocols = protocols; - - vhost = lws_create_vhost(context, &info); - if (!vhost) { - lwsl_err("lws vhost creation failed\n"); - goto bail; - } - - /* - * Connect our own "foreign" socket to libwebsockets.org:80 - * - * Normally you would do this with lws_client_connect_via_info() inside - * the lws event loop, hiding all this detail. But this example - * demonstrates how to integrate an externally-connected "foreign" - * socket, so we create one by hand. - */ - - memset(&h, 0, sizeof(h)); - h.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - h.ai_socktype = SOCK_STREAM; - h.ai_protocol = IPPROTO_TCP; - - if ((p = lws_cmdline_option(argc, argv, "--port"))) - port = p; - - if ((p = lws_cmdline_option(argc, argv, "--server"))) - server = p; - - if ((p = lws_cmdline_option(argc, argv, "-w"))) - us_wait_after_input_close = 1000 * atoi(p); - - n = getaddrinfo(server, port, &h, &r); - if (n) { - lwsl_err("%s: problem resolving %s: %s\n", __func__, - server, gai_strerror(n)); - return 1; - } - - for (rp = r; rp; rp = rp->ai_next) { - sock.sockfd = socket(rp->ai_family, rp->ai_socktype, - rp->ai_protocol); - if (sock.sockfd != LWS_SOCK_INVALID) - break; - } - if (!rp) { - lwsl_err("%s: unable to create INET socket\n", __func__); - freeaddrinfo(r); - - return 1; - } - - lwsl_user("Starting connect to %s:%s...\n", server, port); - if (connect(sock.sockfd, rp->ai_addr, sizeof(*rp->ai_addr)) < 0) { - lwsl_err("%s: unable to connect\n", __func__); - freeaddrinfo(r); - return 1; - } - - freeaddrinfo(r); - signal(SIGINT, sigint_handler); - lwsl_user("Connected...\n"); - - /* our foreign socket is connected... adopt it into lws */ - - raw_wsi = lws_adopt_descriptor_vhost(vhost, LWS_ADOPT_SOCKET, sock, - protocols[0].name, NULL); - if (!raw_wsi) { - lwsl_err("%s: foreign socket adoption failed\n", __func__); - goto bail; - } - - sock.filefd = 0; - stdin_wsi = lws_adopt_descriptor_vhost(vhost, LWS_ADOPT_RAW_FILE_DESC, - sock, protocols[0].name, NULL); - if (!stdin_wsi) { - lwsl_err("%s: stdin adoption failed\n", __func__); - goto bail; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - -bail: - - lwsl_user("%s: destroying context\n", __func__); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/CMakeLists.txt b/minimal-examples/raw/minimal-raw-proxy-fallback/CMakeLists.txt deleted file mode 100644 index c0f72ce..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/CMakeLists.txt +++ /dev/null @@ -1,84 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-proxy-fallback) -set(SRCS minimal-raw-proxy-fallback.c) - -# NOTE... if you are building this standalone, you must point LWS_PLUGINS_DIR -# to the lws plugins dir so it can pick up the plugin source. Eg, -# cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_RAW_PROXY 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (LWS_PLUGINS_DIR) - include_directories(${LWS_PLUGINS_DIR}) - endif() - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/README.md b/minimal-examples/raw/minimal-raw-proxy-fallback/README.md deleted file mode 100644 index f673f46..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# lws minimal ws server raw proxy fallback - -This demonstrates how a vhost doing normal http or http(s) duty can be also be -bound to a specific role and protocol as a fallback if the incoming protocol is -unexpected for tls or http. The example makes the fallback role + protocol -an lws plugin that performs raw packet proxying. - -By default the fallback in the example will proxy 127.0.0.1:22, which is usually -your ssh server listen port, on 127.0.0.1:7681. You should be able to ssh into -port 7681 the same as you can port 22. At the same time, you should be able to -visit http://127.0.0.1:7681 in a browser (and if you give -s, to -https://127.0.0.1:7681 while your ssh client can still connect to the same -port. - -## build - -To build this standalone, you must tell cmake where the lws source tree -./plugins directory can be found, since it relies on including the source -of the raw-proxy plugin. - -``` - $ cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --r ipv4:address:port|Configure the remote IP and port that will be proxied, by default ipv4:127.0.0.1:22 --s|Configure the server for tls / https and `LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT` --h|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER`, allowing http service on tls port (caution... it's insecure then) --u|(needs -s) Configure the vhost also for `LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS`, so the server issues a redirect to https to clients that attempt to connect to a server configured for tls with http. -``` - $ ./lws-minimal-raw-proxy -[2018/11/30 19:22:35:7290] USER: LWS minimal raw proxy-fallback -[2018/11/30 19:22:35:7291] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/11/30 19:22:35:7336] NOTICE: callback_raw_proxy: onward ipv4 127.0.0.1:22 -... -``` - -``` - $ ssh -p7681 me@127.0.0.1 -Last login: Fri Nov 30 19:29:23 2018 from 127.0.0.1 -[me@learn ~]$ -``` - -At the same time, visiting http(s)://127.0.0.1:7681 in a browser works fine. - diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.cert b/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.key b/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/minimal-raw-proxy-fallback.c b/minimal-examples/raw/minimal-raw-proxy-fallback/minimal-raw-proxy-fallback.c deleted file mode 100644 index 98572ae..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/minimal-raw-proxy-fallback.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * lws-minimal-raw-proxy-fallback - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a normal http / https server which if it receives something - * it can't make sense of at the start, falls back to becoming a raw tcp proxy - * to a specified address and port. - * - * Incoming connections cause an outgoing connection to be initiated, and if - * successfully established then traffic coming in one side is placed on a - * ringbuffer and sent out the opposite side as soon as possible. - * - * If it receives expected packets for an http(s) connection, it acts like a - * normal h1 / h2 webserver. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "../plugins/raw-proxy/protocol_lws_raw_proxy.c" - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_RAW_PROXY, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -static struct lws_protocol_vhost_options pvo1 = { - NULL, - NULL, - "onward", /* pvo name */ - "ipv4:127.0.0.1:22" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo1, /* "child" pvo linked-list */ - "raw-proxy", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - - -int main(int argc, const char **argv) -{ - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - struct lws_context *context; - char outward[256]; - const char *p; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw proxy fallback | visit http://localhost:7681\n"); - - if ((p = lws_cmdline_option(argc, argv, "-r"))) { - lws_strncpy(outward, p, sizeof(outward)); - pvo1.value = outward; - } - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.pvo = &pvo; - info.mounts = &mount; - info.error_document_404 = "/404.html"; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE | - LWS_SERVER_OPTION_FALLBACK_TO_APPLY_LISTEN_ACCEPT_CONFIG; - info.listen_accept_role = "raw-proxy"; - info.listen_accept_protocol = "raw-proxy"; - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - - if (lws_cmdline_option(argc, argv, "-u")) - info.options |= LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS; - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/404.html b/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/404.html deleted file mode 100644 index 3e5a14b..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/404.html +++ /dev/null @@ -1,9 +0,0 @@ - - - -
-

404

- Sorry, that file doesn't exist. - - - diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/favicon.ico b/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/index.html b/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/index.html deleted file mode 100644 index 573e515..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/index.html +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - -
- - Hello from the minimal raw fallback http server example. -
- You can confirm the 404 page handler by going to this - nonexistant page. - - - diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/strict-csp.svg b/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/raw/minimal-raw-proxy-fallback/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/raw/minimal-raw-proxy/CMakeLists.txt b/minimal-examples/raw/minimal-raw-proxy/CMakeLists.txt deleted file mode 100644 index da033dd..0000000 --- a/minimal-examples/raw/minimal-raw-proxy/CMakeLists.txt +++ /dev/null @@ -1,84 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-proxy) -set(SRCS minimal-raw-proxy.c) - -# NOTE... if you are building this standalone, you must point LWS_PLUGINS_DIR -# to the lws plugins dir so it can pick up the plugin source. Eg, -# cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_RAW_PROXY 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (LWS_PLUGINS_DIR) - include_directories(${LWS_PLUGINS_DIR}) - endif() - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-proxy/README.md b/minimal-examples/raw/minimal-raw-proxy/README.md deleted file mode 100644 index 53793a8..0000000 --- a/minimal-examples/raw/minimal-raw-proxy/README.md +++ /dev/null @@ -1,41 +0,0 @@ -# lws minimal ws server raw proxy - -This demonstrates how a vhost can be bound to a specific role and protocol, -with the example using a lws plugin that performs raw packet proxying. - -By default the example will proxy 127.0.0.1:22, usually your ssh server -listen port, on 127.0.0.1:7681. You should be able to ssh into port 7681 -the same as you can port 22. But your ssh server is only listening on port 22... - -## build - -To build this standalone, you must tell cmake where the lws source tree -./plugins directory can be found, since it relies on including the source -of the raw-proxy plugin. - -``` - $ cmake . -DLWS_PLUGINS_DIR=~/libwebsockets/plugins && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --r ipv4:address:port|Configure the remote IP and port that will be proxied, by default ipv4:127.0.0.1:22 - -``` - $ ./lws-minimal-raw-proxy -[2018/11/30 19:22:35:7290] USER: LWS minimal raw proxy | nc localhost 7681 -[2018/11/30 19:22:35:7291] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/11/30 19:22:35:7336] NOTICE: callback_raw_proxy: onward ipv4 127.0.0.1:22 -... -``` - -``` - $ ssh -p7681 me@127.0.0.1 -Last login: Fri Nov 30 19:29:23 2018 from 127.0.0.1 -[me@learn ~]$ -``` - - diff --git a/minimal-examples/raw/minimal-raw-proxy/minimal-raw-proxy.c b/minimal-examples/raw/minimal-raw-proxy/minimal-raw-proxy.c deleted file mode 100644 index 0999780..0000000 --- a/minimal-examples/raw/minimal-raw-proxy/minimal-raw-proxy.c +++ /dev/null @@ -1,91 +0,0 @@ -/* - * lws-minimal-raw-proxy - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a vhost that acts as a raw tcp proxy. Incoming connections - * cause an outgoing connection to be initiated, and if successfully established - * then traffic coming in one side is placed on a ringbuffer and sent out the - * opposite side as soon as possible. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "../plugins/raw-proxy/protocol_lws_raw_proxy.c" - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_RAW_PROXY, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -static struct lws_protocol_vhost_options pvo1 = { - NULL, - NULL, - "onward", /* pvo name */ - "ipv4:127.0.0.1:22" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo1, /* "child" pvo linked-list */ - "raw-proxy", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - - -int main(int argc, const char **argv) -{ - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - struct lws_context_creation_info info; - struct lws_context *context; - char outward[256]; - const char *p; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw proxy\n"); - - if ((p = lws_cmdline_option(argc, argv, "-r"))) { - lws_strncpy(outward, p, sizeof(outward)); - pvo1.value = outward; - } - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.pvo = &pvo; - info.options = LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG; - info.listen_accept_role = "raw-proxy"; - info.listen_accept_protocol = "raw-proxy"; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/raw/minimal-raw-vhost/CMakeLists.txt b/minimal-examples/raw/minimal-raw-vhost/CMakeLists.txt deleted file mode 100644 index db4810b..0000000 --- a/minimal-examples/raw/minimal-raw-vhost/CMakeLists.txt +++ /dev/null @@ -1,76 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-raw-vhost) -set(SRCS minimal-raw-vhost.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/raw/minimal-raw-vhost/README.md b/minimal-examples/raw/minimal-raw-vhost/README.md deleted file mode 100644 index 7992bd3..0000000 --- a/minimal-examples/raw/minimal-raw-vhost/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# lws minimal ws server raw vhost - -This demonstrates setting up a vhost to listen and accept raw sockets. -Raw sockets are just sockets... lws does not send anything on them or -interpret by itself what it receives on them. So you can implement -arbitrary tcp protocols using them. - -This isn't very useful standalone as shown here for clarity, but you can -freely combine a raw socket vhost with other lws server -and client features and other vhosts handling http or ws. - -Becuase raw socket events have their own callback reasons, the handlers can -be integrated in a single protocol that also handles http and ws -server and client callbacks without conflict. - -## build - -``` - $ cmake . && make -``` - -## usage - - -s means listen using tls - -``` - $ ./lws-minimal-raw-vhost -[2018/03/22 14:49:47:9516] USER: LWS minimal raw vhost -[2018/03/22 14:49:47:9673] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -[2018/03/22 14:49:52:3789] USER: LWS_CALLBACK_RAW_ADOPT -[2018/03/22 14:49:57:4271] USER: LWS_CALLBACK_RAW_CLOSE -``` - -``` - $ nc localhost 7681 -hello -hello -``` - -Connect one or more sessions to the server using netcat... lines you type -into netcat are sent to the server, which echos them to all connected clients. - diff --git a/minimal-examples/raw/minimal-raw-vhost/localhost-100y.cert b/minimal-examples/raw/minimal-raw-vhost/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/raw/minimal-raw-vhost/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/raw/minimal-raw-vhost/localhost-100y.key b/minimal-examples/raw/minimal-raw-vhost/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/raw/minimal-raw-vhost/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/raw/minimal-raw-vhost/minimal-raw-vhost.c b/minimal-examples/raw/minimal-raw-vhost/minimal-raw-vhost.c deleted file mode 100644 index 097abef..0000000 --- a/minimal-examples/raw/minimal-raw-vhost/minimal-raw-vhost.c +++ /dev/null @@ -1,158 +0,0 @@ -/* - * lws-minimal-raw-vhost - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates integrating a raw tcp listener into the lws event loop. - * - * This demo doesn't have any http or ws support. You can connect to it - * using netcat. If you make multiple connections to it, things typed in one - * netcat session are broadcast to all netcat connections. - * - * $ nc localhost 7681 - * - * You can add more vhosts with things like http or ws support, it's as it is - * for clarity. - * - * The main point is the apis and ways of managing raw sockets are almost - * identical to http or ws mode sockets in lws. The callback names for raw - * wsi are changed to be specific to RAW mode is all. - */ - -#include -#include -#include -#include -#include -#include - -struct raw_pss { - struct raw_pss *pss_list; - struct lws *wsi; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct raw_vhd { - struct raw_pss *pss_list; /* linked-list of live pss*/ - - int len; - uint8_t buf[4096]; -}; - -static int -callback_raw_test(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct raw_pss *pss = (struct raw_pss *)user; - struct raw_vhd *vhd = (struct raw_vhd *)lws_protocol_vh_priv_get( - lws_get_vhost(wsi), lws_get_protocol(wsi)); - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), sizeof(struct raw_vhd)); - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - break; - - /* callbacks related to raw socket descriptor */ - - case LWS_CALLBACK_RAW_ADOPT: - lwsl_user("LWS_CALLBACK_RAW_ADOPT\n"); - pss->wsi = wsi; - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - break; - - case LWS_CALLBACK_RAW_CLOSE: - lwsl_user("LWS_CALLBACK_RAW_CLOSE\n"); - lws_ll_fwd_remove(struct raw_pss, pss_list, pss, vhd->pss_list); - break; - - case LWS_CALLBACK_RAW_RX: - lwsl_user("LWS_CALLBACK_RAW_RX: %d\n", (int)len); - vhd->len = len; - if (vhd->len > (int)sizeof(vhd->buf)) - vhd->len = sizeof(vhd->buf); - memcpy(vhd->buf, in, vhd->len); - lws_start_foreach_llp(struct raw_pss **, ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - case LWS_CALLBACK_RAW_WRITEABLE: - if (lws_write(wsi, vhd->buf, vhd->len, LWS_WRITE_RAW) != - vhd->len) { - lwsl_notice("%s: raw write failed\n", __func__); - return 1; - } - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static struct lws_protocols protocols[] = { - { "raw-test", callback_raw_test, sizeof(struct raw_pss), 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal raw vhost | nc localhost 7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.protocols = protocols; - info.options = LWS_SERVER_OPTION_ONLY_RAW; /* vhost accepts RAW */ - - if (lws_cmdline_option(argc, argv, "-s")) { - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/selftests-library.sh b/minimal-examples/selftests-library.sh deleted file mode 100755 index 154e05b..0000000 --- a/minimal-examples/selftests-library.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -if [ -z "$1" -o -z "$2" ] ; then - echo "required args missing" - exit 1 -fi - -IDX=$3 -TOT=$4 -MYTEST=`echo $0 | sed "s/\/[^\/]*\$//g" |sed "s/.*\///g"` -mkdir -p $2/$MYTEST -rm -f $2/$MYTEST/*.log $2/$MYTEST/*.result -FAILS=0 -WHICH=$IDX -SPID= -SCRIPT_DIR=`dirname $0` -SCRIPT_DIR=`readlink -f $SCRIPT_DIR` -LOGPATH=$2 - -feedback() { - if [ "$2" != "0" ] ; then - FAILS=$(( $FAILS + 1 )) - echo -n -e "\e[31m" - fi - T=" --- killed --- " - if [ ! -z "`cat $LOGPATH/$MYTEST/$3.time`" ] ; then - T="`cat $LOGPATH/$MYTEST/$3.time | grep real | sed "s/.*\ //g"`" - T="$T `cat $LOGPATH/$MYTEST/$3.time | grep user | sed "s/.*\ //g"`" - T="$T `cat $LOGPATH/$MYTEST/$3.time | grep sys | sed "s/.*\ //g"`" - fi - printf "%-35s [ %3s/%3s ]: %3s : %8s : %s\n" $1 $WHICH $TOT $2 "$T" $3 - if [ "$2" != "0" ] ; then - echo -n -e "\e[0m" - fi - WHICH=$(( $WHICH + 1)) -} - -spawn() { - if [ ! -z "$1" ] ; then - if [ `ps $1 | wc -l` -eq 2 ]; then -# echo "prerequisite still up" - return 0 - fi - fi - - QQ=`pwd` - cd $SCRIPT_DIR - cd $2 - $3 $4 $5 > $LOGPATH/$MYTEST/serverside.log 2> $LOGPATH/$MYTEST/serverside.log & - SPID=$! - cd $QQ - sleep 0.5s -# echo "launched prerequisite $SPID" -} - -dotest() { - T=$3 - ( - { - /usr/bin/time -p $1/lws-$MYTEST $4 $5 $6 $7 $8 $9 > $2/$MYTEST/$T.log 2> $2/$MYTEST/$T.log ; - echo $? > $2/$MYTEST/$T.result - } 2> $2/$MYTEST/$T.time >/dev/null - ) >/dev/null 2> /dev/null & - W=$! - WT=0 - while [ $WT -le 820 ] ; do - kill -0 $W 2>/dev/null - if [ $? -ne 0 ] ; then - WT=10000 - else - if [ $WT -ge 800 ] ; then - WT=10000 - kill $W 2>/dev/null - wait $W 2>/dev/null - fi - fi - sleep 0.1s - WT=$(( $WT + 1 )) - done - - R=254 - if [ -e $2/$MYTEST/$T.result ] ; then - R=`cat $2/$MYTEST/$T.result` - cat $2/$MYTEST/$T.log | tail -n 3 > $2/$MYTEST/$T.time - if [ $R -ne 0 ] ; then - pwd - echo - cat $2/$MYTEST/$T.log - echo - fi - fi - - feedback $MYTEST $R $T -} - diff --git a/minimal-examples/selftests.sh b/minimal-examples/selftests.sh deleted file mode 100755 index 77fbdd4..0000000 --- a/minimal-examples/selftests.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -# -# run this from your build dir having configured -# -DLWS_WITH_MINIMAL_EXAMPLES=1 to get all the examples -# that apply built into ./bin -# -# Eg, -# -# build $ ../minimal-examples/selftests.sh - -echo -echo "----------------------------------------------" -echo "------- tests: lws minimal example selftests" -echo - -LOGGING_PATH=/tmp/logs - -# for mebedtls, we need the CA certs in ./build where we run from - -cp ../minimal-examples/http-client/minimal-http-client-multi/warmcat.com.cer . -cp ../minimal-examples/http-client/minimal-http-client-post/libwebsockets.org.cer . - -MINEX=`dirname $0` -MINEX=`realpath $MINEX` -TESTS=0 -for i in `find $MINEX -name selftest.sh` ; do - BN=`echo -n "$i" | sed "s/\/[^\/]*\$//g" | sed "s/.*\///g"` - if [ -e `pwd`/bin/lws-$BN ] ; then - C=`cat $i | grep COUNT_TESTS= | cut -d= -f2` - TESTS=$(( $TESTS + $C )) - fi -done - -FAILS=0 -WH=1 - -for i in `find $MINEX -name selftest.sh` ; do - BN=`echo -n "$i" | sed "s/\/[^\/]*\$//g" | sed "s/.*\///g"` - if [ -e `pwd`/bin/lws-$BN ] ; then - C=`cat $i | grep COUNT_TESTS= | cut -d= -f2` - sh $i `pwd`/bin $LOGGING_PATH $WH $TESTS $MINEX - FAILS=$(( $FAILS + $? )) - - L=`ps fax | grep lws- | cut -d' ' -f2` - kill $L 2>/dev/null - kill -9 $L 2>/dev/null - wait $L 2>/dev/null - - WH=$(( $WH + $C )) - fi -done - -if [ $FAILS -eq 0 ] ; then - echo "All $TESTS passed" - exit 0 -else - echo "Failed: $FAILS / $TESTS" - exit 1 -fi - - diff --git a/minimal-examples/ws-client/README.md b/minimal-examples/ws-client/README.md deleted file mode 100644 index 10db2fa..0000000 --- a/minimal-examples/ws-client/README.md +++ /dev/null @@ -1,8 +0,0 @@ -|name|demonstrates| ----|--- -minimal-ws-client-echo|Simple client that connects to a ws server and echos anything the server sends -minimal-ws-client-ping|Ws ping test client -minimal-ws-client-pmd-bulk|Client that sends bulk multifragment data to the minimal-ws-server-pmd-bulk example -minimal-ws-client-rx|Connects to the dumb-increment-protocol wss server at https://libwebsockets.org and demonstrates receiving ws data -minimal-ws-client-spam|Spams ws connections in parallel to a server for stability testing -minimal-ws-client-tx|Connects to the minimal-ws-broker example as a publisher, demonstrating sending ws data diff --git a/minimal-examples/ws-client/minimal-ws-client-echo/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-echo/CMakeLists.txt deleted file mode 100644 index d5162b0..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-echo/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-echo) -set(SRCS minimal-ws-client-echo.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) -require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-client/minimal-ws-client-echo/README.md b/minimal-examples/ws-client/minimal-ws-client-echo/README.md deleted file mode 100644 index 5153896..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-echo/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# lws minimal ws client + permessage-deflate echo - -This example opens a ws client connection to localhost:7681 and -echoes back anything that comes from the server. - -You can use it for testing lws against Autobahn. - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --p port|Port to connect to --u url|URL path part to connect to --o|Finish after one connection ---ssl|Open client connection with ssl --i |Bind the client connection to interface iface - -``` - $ ./lws-minimal-ws-client-echo -[2018/04/22 20:03:50:2343] USER: LWS minimal ws client echo + permessage-deflate + multifragment bulk message -[2018/04/22 20:03:50:2344] USER: lws-minimal-ws-client-echo [-n (no exts)] [-u url] [-o (once)] -[2018/04/22 20:03:50:2344] USER: options 0 -[2018/04/22 20:03:50:2345] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2018/04/22 20:03:51:2356] USER: connecting to localhost:9001//runCase?case=362&agent=libwebsockets -[2018/04/22 20:03:51:2385] NOTICE: checking client ext permessage-deflate -[2018/04/22 20:03:51:2386] NOTICE: instantiating client ext permessage-deflate -[2018/04/22 20:03:51:2386] USER: LWS_CALLBACK_CLIENT_ESTABLISHED -... -``` - diff --git a/minimal-examples/ws-client/minimal-ws-client-echo/minimal-ws-client-echo.c b/minimal-examples/ws-client/minimal-ws-client-echo/minimal-ws-client-echo.c deleted file mode 100644 index a74d454..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-echo/minimal-ws-client-echo.c +++ /dev/null @@ -1,172 +0,0 @@ -/* - * lws-minimal-ws-client-echo - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws client that echoes back what it was sent, in a - * way compatible with autobahn -m fuzzingserver - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_client_echo.c" - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_CLIENT_ECHO, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static struct lws_context *context; -static int interrupted, port = 7681, options = 0; -static const char *url = "/", *ads = "localhost", *iface = NULL; - -/* pass pointers to shared vars to the protocol */ - -static const struct lws_protocol_vhost_options pvo_iface = { - NULL, - NULL, - "iface", /* pvo name */ - (void *)&iface /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_ads = { - &pvo_iface, - NULL, - "ads", /* pvo name */ - (void *)&ads /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_url = { - &pvo_ads, - NULL, - "url", /* pvo name */ - (void *)&url /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_options = { - &pvo_url, - NULL, - "options", /* pvo name */ - (void *)&options /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_port = { - &pvo_options, - NULL, - "port", /* pvo name */ - (void *)&port /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_interrupted = { - &pvo_port, - NULL, - "interrupted", /* pvo name */ - (void *)&interrupted /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_interrupted, /* "child" pvo linked-list */ - "lws-minimal-client-echo", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client echo + permessage-deflate + multifragment bulk message\n"); - lwsl_user(" lws-minimal-ws-client-echo [-n (no exts)] [-u url] [-p port] [-o (once)]\n"); - - if ((p = lws_cmdline_option(argc, argv, "-u"))) - url = p; - - if ((p = lws_cmdline_option(argc, argv, "-p"))) - port = atoi(p); - - if (lws_cmdline_option(argc, argv, "-o")) - options |= 1; - - if (lws_cmdline_option(argc, argv, "--ssl")) - options |= 2; - - if ((p = lws_cmdline_option(argc, argv, "-s"))) - ads = p; - - if ((p = lws_cmdline_option(argc, argv, "-i"))) - iface = p; - - lwsl_user("options %d, ads %s\n", options, ads); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.protocols = protocols; - info.pvo = &pvo; - if (!lws_cmdline_option(argc, argv, "-n")) - info.extensions = extensions; - info.pt_serv_buf_size = 32 * 1024; - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | - LWS_SERVER_OPTION_VALIDATE_UTF8; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - - if (lws_cmdline_option(argc, argv, "--libuv")) - info.options |= LWS_SERVER_OPTION_LIBUV; - else - signal(SIGINT, sigint_handler); - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (!lws_service(context, 0) && !interrupted) - ; - - lws_context_destroy(context); - - n = (options & 1) ? interrupted != 2 : interrupted == 3; - lwsl_user("Completed %d %s\n", interrupted, !n ? "OK" : "failed"); - - return n; -} diff --git a/minimal-examples/ws-client/minimal-ws-client-echo/protocol_lws_minimal_client_echo.c b/minimal-examples/ws-client/minimal-ws-client-echo/protocol_lws_minimal_client_echo.c deleted file mode 100644 index 7023e76..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-echo/protocol_lws_minimal_client_echo.c +++ /dev/null @@ -1,328 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal-client-echo" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * The protocol shows how to send and receive bulk messages over a ws connection - * that optionally may have the permessage-deflate extension negotiated on it. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -#define RING_DEPTH 1024 - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; - char binary; - char first; - char final; -}; - -struct per_session_data__minimal_client_echo { - struct lws_ring *ring; - uint32_t tail; - char flow_controlled; - uint8_t completed:1; - uint8_t write_consume_pending:1; -}; - -struct vhd_minimal_client_echo { - struct lws_context *context; - struct lws_vhost *vhost; - struct lws *client_wsi; - - int *interrupted; - int *options; - const char **url; - const char **ads; - const char **iface; - int *port; -}; - -static int -connect_client(struct vhd_minimal_client_echo *vhd) -{ - struct lws_client_connect_info i; - char host[128]; - - lws_snprintf(host, sizeof(host), "%s:%u", *vhd->ads, *vhd->port); - - memset(&i, 0, sizeof(i)); - - i.context = vhd->context; - i.port = *vhd->port; - i.address = *vhd->ads; - i.path = *vhd->url; - i.host = host; - i.origin = host; - i.ssl_connection = 0; - if ((*vhd->options) & 2) - i.ssl_connection |= LCCSCF_USE_SSL; - i.vhost = vhd->vhost; - i.iface = *vhd->iface; - //i.protocol = ; - i.pwsi = &vhd->client_wsi; - - lwsl_user("connecting to %s:%d/%s\n", i.address, i.port, i.path); - - return !lws_client_connect_via_info(&i); -} - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static void -schedule_callback(struct lws *wsi, int reason, int secs) -{ - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), reason, secs); -} - -static int -callback_minimal_client_echo(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal_client_echo *pss = - (struct per_session_data__minimal_client_echo *)user; - struct vhd_minimal_client_echo *vhd = (struct vhd_minimal_client_echo *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - struct msg amsg; - int n, m, flags; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct vhd_minimal_client_echo)); - if (!vhd) - return -1; - - vhd->context = lws_get_context(wsi); - vhd->vhost = lws_get_vhost(wsi); - - /* get the pointer to "interrupted" we were passed in pvo */ - vhd->interrupted = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "interrupted")->value; - vhd->port = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "port")->value; - vhd->options = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "options")->value; - vhd->ads = (const char **)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "ads")->value; - vhd->url = (const char **)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "url")->value; - vhd->iface = (const char **)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "iface")->value; - - if (connect_client(vhd)) - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("LWS_CALLBACK_CLIENT_ESTABLISHED\n"); - pss->ring = lws_ring_create(sizeof(struct msg), RING_DEPTH, - __minimal_destroy_message); - if (!pss->ring) - return 1; - pss->tail = 0; - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - - lwsl_user("LWS_CALLBACK_CLIENT_WRITEABLE\n"); - - if (pss->write_consume_pending) { - /* perform the deferred fifo consume */ - lws_ring_consume_single_tail(pss->ring, &pss->tail, 1); - pss->write_consume_pending = 0; - } - pmsg = lws_ring_get_element(pss->ring, &pss->tail); - if (!pmsg) { - lwsl_user(" (nothing in ring)\n"); - break; - } - - flags = lws_write_ws_flags( - pmsg->binary ? LWS_WRITE_BINARY : LWS_WRITE_TEXT, - pmsg->first, pmsg->final); - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + - LWS_PRE, pmsg->len, flags); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lwsl_user(" wrote %d: flags: 0x%x first: %d final %d\n", - m, flags, pmsg->first, pmsg->final); - - if ((*vhd->options & 1) && pmsg && pmsg->final) - pss->completed = 1; - - /* - * Workaround deferred deflate in pmd extension by only - * consuming the fifo entry when we are certain it has been - * fully deflated at the next WRITABLE callback. You only need - * this if you're using pmd. - */ - pss->write_consume_pending = 1; - lws_callback_on_writable(wsi); - - if (pss->flow_controlled && - (int)lws_ring_get_count_free_elements(pss->ring) > RING_DEPTH - 5) { - lws_rx_flow_control(wsi, 1); - pss->flow_controlled = 0; - } - - break; - - case LWS_CALLBACK_CLIENT_RECEIVE: - - lwsl_user("LWS_CALLBACK_CLIENT_RECEIVE: %4d (rpp %5d, first %d, last %d, bin %d)\n", - (int)len, (int)lws_remaining_packet_payload(wsi), - lws_is_first_fragment(wsi), - lws_is_final_fragment(wsi), - lws_frame_is_binary(wsi)); - - // lwsl_hexdump_notice(in, len); - - amsg.first = lws_is_first_fragment(wsi); - amsg.final = lws_is_final_fragment(wsi); - amsg.binary = lws_frame_is_binary(wsi); - n = (int)lws_ring_get_count_free_elements(pss->ring); - if (!n) { - lwsl_user("dropping!\n"); - break; - } - - amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)amsg.payload + LWS_PRE, in, len); - if (!lws_ring_insert(pss->ring, &amsg, 1)) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - break; - } - lws_callback_on_writable(wsi); - - if (!pss->flow_controlled && n < 3) { - pss->flow_controlled = 1; - lws_rx_flow_control(wsi, 0); - } - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - vhd->client_wsi = NULL; - //schedule_callback(wsi, LWS_CALLBACK_USER, 1); - //if (*vhd->options & 1) { - if (!*vhd->interrupted) - *vhd->interrupted = 3; - lws_cancel_service(lws_get_context(wsi)); - //} - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - lwsl_user("LWS_CALLBACK_CLIENT_CLOSED\n"); - lws_ring_destroy(pss->ring); - vhd->client_wsi = NULL; - // schedule_callback(wsi, LWS_CALLBACK_USER, 1); - //if (*vhd->options & 1) { - if (!*vhd->interrupted) - *vhd->interrupted = 1 + pss->completed; - lws_cancel_service(lws_get_context(wsi)); - // } - break; - - /* rate-limited client connect retries */ - - case LWS_CALLBACK_USER: - lwsl_notice("%s: LWS_CALLBACK_USER\n", __func__); - if (connect_client(vhd)) - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL_CLIENT_ECHO \ - { \ - "lws-minimal-client-echo", \ - callback_minimal_client_echo, \ - sizeof(struct per_session_data__minimal_client_echo), \ - 1024, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_CLIENT_ECHO -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal_client_echo(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal_client_echo(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-client/minimal-ws-client-ping/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-ping/CMakeLists.txt deleted file mode 100644 index b9a265e..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-ping/CMakeLists.txt +++ /dev/null @@ -1,90 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-ping) -set(SRCS minimal-ws-client-ping.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared pthread) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/ws-client/minimal-ws-client-ping/README.md b/minimal-examples/ws-client/minimal-ws-client-ping/README.md deleted file mode 100644 index 13be92c..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-ping/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# lws minimal ws client PING - -This connects to libwebsockets.org using the lws-mirror-protocol. - -It then sends a ws PING every 5s and records any PONG coming back. - -## build - -``` - $ cmake . && make -``` - -## Commandline Options - -Option|Meaning ----|--- --d|Set logging verbosity ---server|Use a specific server instead of libwebsockets.org, eg `--server localhost`. Implies LCCSCF_ALLOW_SELFSIGNED ---port|Use a specific port instead of 443, eg `--port 7681` --z|Send zero-length pings for testing ---protocol|Use a specific ws subprotocol rather than lws-mirror-protocol, eg, `--protocol myprotocol` - -## usage - -Just run it, wait for the connect and then there will be PINGs sent -at 5s intervals. - -``` - $ ./lws-minimal-ws-client-ping -[2018/05/09 16:55:03:1160] USER: LWS minimal ws client PING -[2018/05/09 16:55:03:1379] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2018/05/09 16:55:03:1715] NOTICE: client loaded CA for verification ./libwebsockets.org.cer -[2018/05/09 16:55:03:1717] NOTICE: created client ssl context for default -[2018/05/09 16:55:04:8332] USER: callback_minimal_broker: established -[2018/05/09 16:55:09:8389] USER: Sending PING 10... -[2018/05/09 16:55:10:1491] USER: LWS_CALLBACK_CLIENT_RECEIVE_PONG -[2018/05/09 16:55:10:1494] NOTICE: -[2018/05/09 16:55:10:1514] NOTICE: 0000: 70 69 6E 67 20 62 6F 64 79 21 ping body! -[2018/05/09 16:55:10:1515] NOTICE: -... -``` - diff --git a/minimal-examples/ws-client/minimal-ws-client-ping/libwebsockets.org.cer b/minimal-examples/ws-client/minimal-ws-client-ping/libwebsockets.org.cer deleted file mode 100644 index 4a9fb35..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-ping/libwebsockets.org.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgISA9x0/oj5PLdW46hsmR82/7ytMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5NDBaFw0x -OTEyMDYwNzA5NDBaMBwxGjAYBgNVBAMTEWxpYndlYnNvY2tldHMub3JnMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPinIkleLmvEcA/YuBss6ASXVi7g -yr6Sss7cB3vTy7Fp8OB2c1N25prHZxVpORAUo0UreiaY2Ws4NFvDaYp08ZffevuC -UhThsEJlbkD0uvt7dPapJt9PNJtlxjNFWyvHEy6PijzIaMYDROiStcCJQn7kAew/ -Za2+5kNVgKqT+7OXukJEFdSdVZI6QC/npeQlkIrFSq1WVthCGBNJehxxES0hSWzk -0gNVKlkD3/SbkupsfUpe73XiawMtrtsSE7cdnul7VZmiP8I/3sJr1+4/3xZ+DEYg -mVB82B0vd08VJYzU7Nf0pz0PWusAmzRoRn81IXkOfBg9ohlSSEoZhHYS7QIDAQAB -o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmKKyGjufWgp7pR2x0tWxG -D9G+WTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB -AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw -dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw -dC5vcmcvMBwGA1UdEQQVMBOCEWxpYndlYnNvY2tldHMub3JnMEwGA1UdIARFMEMw -CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j -cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAdH7a -gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFtCsWIfgAABAMASDBGAiEA -0H55VqSKV3otHK7uHNbcR0QwoUYtCmeObhsqxzCnmDwCIQD3mtuSKrxTD3oA+Yde -nmTgWfFyS4TNgLNEPCJYo2s75gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM -9OVFR/R4AAABbQrFil4AAAQDAEYwRAIgNSpvz/1JA2aP6fh6ujGNuYfrAvWjlxXo -CJtVGe4XaDYCIGmK1/9tl1uQbVD46P5NswnULq06KQmuOrlI3HO4r86HMA0GCSqG -SIb3DQEBCwUAA4IBAQBiAlV7wkCsWE99VmZHBmcbZChWyWUHG3LM1hnaQRQjTSYk -CIlauCpWzlUd6weuvra85KqBbCYo+1hxbwITI796uAdgtHmBE8nj0VltHwKeSq2s -KKiGXBRT7Z7t0VHYSLOlGOVn1auuQFaWBArc0cQ/m1ZsoHvOiHTlKQvVsA4HnIxA -CjGY9OOQoh0c36ecbJZ44XKnU9J/OXtDx00aW6QodaZmgMp/OOCghFQUvufkgTUL -LZid873/8dJVWjAaj1VdadO1nSbdAfBbeWXy93+vg1aAoig80RoscrzYCaNlwmR7 -EO5zWxL3l+xUZogQSJuICgUgNzVB3wjn8HeHGsqt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/ws-client/minimal-ws-client-ping/minimal-ws-client-ping.c b/minimal-examples/ws-client/minimal-ws-client-ping/minimal-ws-client-ping.c deleted file mode 100644 index 49b5d6c..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-ping/minimal-ws-client-ping.c +++ /dev/null @@ -1,222 +0,0 @@ -/* - * lws-minimal-ws-client-ping - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws client that sends pings from time to time and - * shows when it receives the PONG - */ - -#include -#include -#include -#include - -static struct lws_context *context; -static struct lws *client_wsi; -static int interrupted, zero_length_ping, port = 443, - ssl_connection = LCCSCF_USE_SSL; -static const char *server_address = "libwebsockets.org", *pro = "lws-mirror-protocol"; - -struct pss { - int send_a_ping; -}; - -static int -connect_client(void) -{ - struct lws_client_connect_info i; - - memset(&i, 0, sizeof(i)); - - i.context = context; - i.port = port; - i.address = server_address; - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.ssl_connection = ssl_connection; - i.protocol = pro; - i.local_protocol_name = "lws-ping-test"; - i.pwsi = &client_wsi; - - return !lws_client_connect_via_info(&i); -} - -static int -callback_minimal_broker(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - int n; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - goto try; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), LWS_CALLBACK_USER, 1); - break; - - /* --- client callbacks --- */ - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("%s: established\n", __func__); - lws_set_timer_usecs(wsi, 5 * LWS_USEC_PER_SEC); - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - if (pss->send_a_ping) { - uint8_t ping[LWS_PRE + 125]; - int m; - - pss->send_a_ping = 0; - n = 0; - if (!zero_length_ping) - n = lws_snprintf((char *)ping + LWS_PRE, 125, - "ping body!"); - - lwsl_user("Sending PING %d...\n", n); - - m = lws_write(wsi, ping + LWS_PRE, n, LWS_WRITE_PING); - if (m < n) { - lwsl_err("sending ping failed: %d\n", m); - - return -1; - } - - lws_callback_on_writable(wsi); - } - break; - - case LWS_CALLBACK_WS_CLIENT_DROP_PROTOCOL: - client_wsi = NULL; - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_CLIENT_RECEIVE_PONG: - lwsl_user("LWS_CALLBACK_CLIENT_RECEIVE_PONG\n"); - lwsl_hexdump_notice(in, len); - break; - - case LWS_CALLBACK_TIMER: - /* we want to send a ws PING every few seconds */ - pss->send_a_ping = 1; - lws_callback_on_writable(wsi); - lws_set_timer_usecs(wsi, 5 * LWS_USEC_PER_SEC); - break; - - /* rate-limited client connect retries */ - - case LWS_CALLBACK_USER: - lwsl_notice("%s: LWS_CALLBACK_USER\n", __func__); -try: - if (connect_client()) - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "lws-ping-test", - callback_minimal_broker, - sizeof(struct pss), - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client PING\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./libwebsockets.org.cer"; -#endif - - if (lws_cmdline_option(argc, argv, "-z")) - zero_length_ping = 1; - - if ((p = lws_cmdline_option(argc, argv, "--protocol"))) - pro = p; - - if ((p = lws_cmdline_option(argc, argv, "--server"))) { - server_address = p; - pro = "lws-minimal"; - ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } - - if ((p = lws_cmdline_option(argc, argv, "--port"))) - port = atoi(p); - - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed\n"); - - return 0; -} diff --git a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/CMakeLists.txt deleted file mode 100644 index ace89a5..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-pmd-bulk) -set(SRCS minimal-ws-client-pmd-bulk.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) -#require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/README.md b/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/README.md deleted file mode 100644 index f43a458..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/README.md +++ /dev/null @@ -1,164 +0,0 @@ -# lws minimal ws client + permessage-deflate for bulk traffic - -This example opens a client connection to localhost:7681 where it -expects to find minimal-ws-server-pmd-bulk running. - -It sends and receives a large, multifragment message, and then exits. - -## build - -``` - $ cmake . && make -``` - -## usage - -Both the server and client side must use the same options - - - `-n` disable permessage-deflate extension - - `-c` send compressible text instead of uncompressible binary data - -``` - $ ./lws-minimal-ws-client-pmd-bulk -[2018/04/05 12:08:58:9120] USER: LWS minimal ws client + permessage-deflate + multifragment bulk message -[2018/04/05 12:08:58:9120] USER: ./lws-minimal-ws-client-pmd-bulk [-n (no exts)] [-c (compressible)] -[2018/04/05 12:08:58:9120] NOTICE: Creating Vhost 'default' (serving disabled), 2 protocols, IPv6 on -[2018/04/05 12:08:59:9139] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9139] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9139] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9139] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9139] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9140] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9141] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9141] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9141] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9142] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9143] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9144] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9145] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9145] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9145] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9145] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9146] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9147] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9147] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9147] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9147] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9147] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9148] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9149] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9150] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9151] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9151] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9151] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9151] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9152] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9153] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9154] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9155] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9156] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9156] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9156] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9156] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9157] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9157] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9157] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9157] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9157] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9158] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9159] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9160] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9161] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9162] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9162] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9162] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9162] USER: LWS_CALLBACK_CLIENT_RECEIVE: 1024 (rpp 0, last 0) -[2018/04/05 12:08:59:9162] USER: LWS_CALLBACK_CLIENT_RECEIVE: 580 (rpp 0, last 1) -[2018/04/05 12:08:59:9180] USER: Completed OK -``` - -Visit http://localhost:7681 in your browser - -One or another kind of bulk ws transfer is made to the browser. - -The ws connection is made via permessage-deflate extension. diff --git a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/minimal-ws-client-pmd-bulk.c b/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/minimal-ws-client-pmd-bulk.c deleted file mode 100644 index 1f6aa47..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/minimal-ws-client-pmd-bulk.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * lws-minimal-ws-client-pmd-bulk - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws client that sends bulk data in multiple - * ws fragments, in a way compatible with per-message deflate. - * - * It shows how to send huge messages without needing a lot of memory. - * - * Build and start the minimal-examples/ws-server/minmal-ws-server-pmd-bulk - * example first. Running this sends a large message to the server and - * exits. - * - * If you give both sides the -n commandline option, it disables permessage- - * deflate compression extension. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_pmd_bulk.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted, options; - -/* pass pointers to shared vars to the protocol */ - -static const struct lws_protocol_vhost_options pvo_options = { - NULL, - NULL, - "options", /* pvo name */ - (void *)&options /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_interrupted = { - &pvo_options, - NULL, - "interrupted", /* pvo name */ - (void *)&interrupted /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_interrupted, /* "child" pvo linked-list */ - "lws-minimal-pmd-bulk", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client + permessage-deflate + multifragment bulk message\n"); - lwsl_user(" needs minimal-ws-server-pmd-bulk running to communicate with\n"); - lwsl_user(" %s [-n (no exts)] [-c (compressible)]\n", argv[0]); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; - info.protocols = protocols; - info.pvo = &pvo; - if (!lws_cmdline_option(argc, argv, "-n")) - info.extensions = extensions; - info.pt_serv_buf_size = 32 * 1024; - - if (lws_cmdline_option(argc, argv, "-c")) - options |= 1; - - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - lwsl_user("Completed %s\n", interrupted == 2 ? "OK" : "failed"); - - return interrupted != 2; -} diff --git a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/protocol_lws_minimal_pmd_bulk.c b/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/protocol_lws_minimal_pmd_bulk.c deleted file mode 100644 index a1b38c4..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-pmd-bulk/protocol_lws_minimal_pmd_bulk.c +++ /dev/null @@ -1,319 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal-pmd-bulk" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * The protocol shows how to send and receive bulk messages over a ws connection - * that optionally may have the permessage-deflate extension negotiated on it. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* - * We will produce a large ws message either from this text repeated many times, - * or from 0x40 + a 6-bit pseudorandom number - */ - -static const char * const redundant_string = - "No one would have believed in the last years of the nineteenth " - "century that this world was being watched keenly and closely by " - "intelligences greater than man's and yet as mortal as his own; that as " - "men busied themselves about their various concerns they were " - "scrutinised and studied, perhaps almost as narrowly as a man with a " - "microscope might scrutinise the transient creatures that swarm and " - "multiply in a drop of water. With infinite complacency men went to " - "and fro over this globe about their little affairs, serene in their " - "assurance of their empire over matter. It is possible that the " - "infusoria under the microscope do the same. No one gave a thought to " - "the older worlds of space as sources of human danger, or thought of " - "them only to dismiss the idea of life upon them as impossible or " - "improbable. It is curious to recall some of the mental habits of " - "those departed days. At most terrestrial men fancied there might be " - "other men upon Mars, perhaps inferior to themselves and ready to " - "welcome a missionary enterprise. Yet across the gulf of space, minds " - "that are to our minds as ours are to those of the beasts that perish, " - "intellects vast and cool and unsympathetic, regarded this earth with " - "envious eyes, and slowly and surely drew their plans against us. And " - "early in the twentieth century came the great disillusionment. " -; - -/* this reflects the length of the string above */ -#define REPEAT_STRING_LEN 1337 -/* this is the total size of the ws message we will send */ -#define MESSAGE_SIZE (100 * REPEAT_STRING_LEN) -/* this is how much we will send each time the connection is writable */ -#define MESSAGE_CHUNK_SIZE (1 * 1024) - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal_pmd_bulk { - int position_tx, position_rx; - uint64_t rng_rx, rng_tx; -}; - -struct vhd_minimal_pmd_bulk { - struct lws_context *context; - struct lws_vhost *vhost; - struct lws *client_wsi; - - int *interrupted; - int *options; -}; - -static uint64_t rng(uint64_t *r) -{ - *r ^= *r << 21; - *r ^= *r >> 35; - *r ^= *r << 4; - - return *r; -} - -static int -connect_client(struct vhd_minimal_pmd_bulk *vhd) -{ - struct lws_client_connect_info i; - - memset(&i, 0, sizeof(i)); - - i.context = vhd->context; - i.port = 7681; - i.address = "localhost"; - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.ssl_connection = 0; - i.vhost = vhd->vhost; - i.protocol = "lws-minimal-pmd-bulk"; - i.pwsi = &vhd->client_wsi; - - return !lws_client_connect_via_info(&i); -} - -static void -schedule_callback(struct lws *wsi, int reason, int secs) -{ - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), reason, secs); -} - -static int -callback_minimal_pmd_bulk(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal_pmd_bulk *pss = - (struct per_session_data__minimal_pmd_bulk *)user; - struct vhd_minimal_pmd_bulk *vhd = (struct vhd_minimal_pmd_bulk *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - uint8_t buf[LWS_PRE + MESSAGE_CHUNK_SIZE], *start = &buf[LWS_PRE], *p; - int n, m, flags; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct vhd_minimal_pmd_bulk)); - if (!vhd) - return -1; - - vhd->context = lws_get_context(wsi); - vhd->vhost = lws_get_vhost(wsi); - - /* get the pointer to "interrupted" we were passed in pvo */ - vhd->interrupted = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "interrupted")->value; - vhd->options = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "options")->value; - - if (connect_client(vhd)) - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - pss->rng_tx = 4; - pss->rng_rx = 4; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - - /* - * when we connect, we will send the server a message - */ - - if (pss->position_tx == MESSAGE_SIZE) - break; - - /* fill up one chunk's worth of message content */ - - p = start; - n = MESSAGE_CHUNK_SIZE; - if (n > MESSAGE_SIZE - pss->position_tx) - n = MESSAGE_SIZE - pss->position_tx; - - flags = lws_write_ws_flags(LWS_WRITE_BINARY, !pss->position_tx, - pss->position_tx + n == MESSAGE_SIZE); - - /* - * select between producing compressible repeated text, - * or uncompressible PRNG output - */ - - if (*vhd->options & 1) { - while (n) { - size_t s; - - m = pss->position_tx % REPEAT_STRING_LEN; - s = REPEAT_STRING_LEN - m; - if (s > (size_t)n) - s = n; - memcpy(p, &redundant_string[m], s); - pss->position_tx += s; - p += s; - n -= s; - } - } else { - pss->position_tx += n; - while (n--) - *p++ = rng(&pss->rng_tx); - } - - n = lws_ptr_diff(p, start); - m = lws_write(wsi, start, n, flags); - if (m < n) { - lwsl_err("ERROR %d writing ws\n", m); - return -1; - } - if (pss->position_tx != MESSAGE_SIZE) /* if more to do... */ - lws_callback_on_writable(wsi); - else - /* if we sent and received everything */ - if (pss->position_rx == MESSAGE_SIZE) - *vhd->interrupted = 2; - break; - - case LWS_CALLBACK_CLIENT_RECEIVE: - - /* - * When we connect, the server will send us a message too - */ - - lwsl_user("LWS_CALLBACK_CLIENT_RECEIVE: %4d (rpp %5d, last %d)\n", - (int)len, (int)lws_remaining_packet_payload(wsi), - lws_is_final_fragment(wsi)); - - if (*vhd->options & 1) { - while (len) { - size_t s; - - m = pss->position_rx % REPEAT_STRING_LEN; - s = REPEAT_STRING_LEN - m; - if (s > len) - s = len; - if (memcmp(in, &redundant_string[m], s)) { - lwsl_user("echo'd data doesn't match\n"); - return -1; - } - pss->position_rx += s; - in = ((unsigned char *)in) + s; - len -= s; - } - } else { - p = (uint8_t *)in; - pss->position_rx += len; - while (len--) - if (*p++ != (uint8_t)rng(&pss->rng_rx)) { - lwsl_user("echo'd data doesn't match\n"); - return -1; - } - } - - /* if we sent and received everything */ - - if (pss->position_rx == MESSAGE_SIZE && - pss->position_tx == MESSAGE_SIZE) - *vhd->interrupted = 2; - - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - vhd->client_wsi = NULL; - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - vhd->client_wsi = NULL; - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - /* rate-limited client connect retries */ - - case LWS_CALLBACK_USER: - lwsl_notice("%s: LWS_CALLBACK_USER\n", __func__); - if (connect_client(vhd)) - schedule_callback(wsi, LWS_CALLBACK_USER, 1); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK \ - { \ - "lws-minimal-pmd-bulk", \ - callback_minimal_pmd_bulk, \ - sizeof(struct per_session_data__minimal_pmd_bulk), \ - 4096, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal_pmd_bulk(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal_pmd_bulk(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-rx/CMakeLists.txt deleted file mode 100644 index fb8c938..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-rx/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-rx) -set(SRCS minimal-ws-client.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/README.md b/minimal-examples/ws-client/minimal-ws-client-rx/README.md deleted file mode 100644 index 5c267e1..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-rx/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# lws minimal ws client rx - -## build - -``` - $ cmake . && make -``` - -## usage - -The application goes to https://libwebsockets.org and makes a wss connection -using the dumb-increment-protocol. It shows the incrementing number it is -being sent over ws as it arrives. - -This example only receives things to keep it simple. See minimal-ws-client-tx -for code related to sending things. Of course rx and tx are supported in the -same protocol. - -``` -./lws-minimal-ws-client-rx -[2018/03/14 11:57:24:0689] USER: LWS minimal ws client rx -[2018/03/14 11:57:24:0705] NOTICE: Creating Vhost 'default' port -1, 1 protocols, IPv6 off -[2018/03/14 11:57:24:0710] NOTICE: created client ssl context for default -[2018/03/14 11:57:24:0788] NOTICE: lws_client_connect_2: 0x15b8310: address libwebsockets.org -[2018/03/14 11:57:24:7643] NOTICE: lws_client_connect_2: 0x15b8310: address libwebsockets.org -[2018/03/14 11:57:26:9191] USER: RX: 0 -[2018/03/14 11:57:26:9318] USER: RX: 1 -[2018/03/14 11:57:27:2182] USER: RX: 2 -[2018/03/14 11:57:27:2336] USER: RX: 3 -[2018/03/14 11:57:27:2838] USER: RX: 4 -[2018/03/14 11:57:27:5173] USER: RX: 5 -[2018/03/14 11:57:27:5352] USER: RX: 6 -[2018/03/14 11:57:27:5854] USER: RX: 7 -[2018/03/14 11:57:27:8156] USER: RX: 8 -[2018/03/14 11:57:27:8359] USER: RX: 9 -^C[2018/03/14 11:57:27:9884] USER: Completed -``` - - diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/libwebsockets.org.cer b/minimal-examples/ws-client/minimal-ws-client-rx/libwebsockets.org.cer deleted file mode 100644 index 4a9fb35..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-rx/libwebsockets.org.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgISA9x0/oj5PLdW46hsmR82/7ytMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5NDBaFw0x -OTEyMDYwNzA5NDBaMBwxGjAYBgNVBAMTEWxpYndlYnNvY2tldHMub3JnMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPinIkleLmvEcA/YuBss6ASXVi7g -yr6Sss7cB3vTy7Fp8OB2c1N25prHZxVpORAUo0UreiaY2Ws4NFvDaYp08ZffevuC -UhThsEJlbkD0uvt7dPapJt9PNJtlxjNFWyvHEy6PijzIaMYDROiStcCJQn7kAew/ -Za2+5kNVgKqT+7OXukJEFdSdVZI6QC/npeQlkIrFSq1WVthCGBNJehxxES0hSWzk -0gNVKlkD3/SbkupsfUpe73XiawMtrtsSE7cdnul7VZmiP8I/3sJr1+4/3xZ+DEYg -mVB82B0vd08VJYzU7Nf0pz0PWusAmzRoRn81IXkOfBg9ohlSSEoZhHYS7QIDAQAB -o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmKKyGjufWgp7pR2x0tWxG -D9G+WTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB -AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw -dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw -dC5vcmcvMBwGA1UdEQQVMBOCEWxpYndlYnNvY2tldHMub3JnMEwGA1UdIARFMEMw -CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j -cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAdH7a -gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFtCsWIfgAABAMASDBGAiEA -0H55VqSKV3otHK7uHNbcR0QwoUYtCmeObhsqxzCnmDwCIQD3mtuSKrxTD3oA+Yde -nmTgWfFyS4TNgLNEPCJYo2s75gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM -9OVFR/R4AAABbQrFil4AAAQDAEYwRAIgNSpvz/1JA2aP6fh6ujGNuYfrAvWjlxXo -CJtVGe4XaDYCIGmK1/9tl1uQbVD46P5NswnULq06KQmuOrlI3HO4r86HMA0GCSqG -SIb3DQEBCwUAA4IBAQBiAlV7wkCsWE99VmZHBmcbZChWyWUHG3LM1hnaQRQjTSYk -CIlauCpWzlUd6weuvra85KqBbCYo+1hxbwITI796uAdgtHmBE8nj0VltHwKeSq2s -KKiGXBRT7Z7t0VHYSLOlGOVn1auuQFaWBArc0cQ/m1ZsoHvOiHTlKQvVsA4HnIxA -CjGY9OOQoh0c36ecbJZ44XKnU9J/OXtDx00aW6QodaZmgMp/OOCghFQUvufkgTUL -LZid873/8dJVWjAaj1VdadO1nSbdAfBbeWXy93+vg1aAoig80RoscrzYCaNlwmR7 -EO5zWxL3l+xUZogQSJuICgUgNzVB3wjn8HeHGsqt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c b/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c deleted file mode 100644 index e309260..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * lws-minimal-ws-client - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the a minimal ws client using lws. - * - * It connects to https://libwebsockets.org/ and makes a - * wss connection to the dumb-increment protocol there. While - * connected, it prints the numbers it is being sent by - * dumb-increment protocol. - */ - -#include -#include -#include - -static int interrupted, rx_seen, test; -static struct lws *client_wsi; - -static int -callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - switch (reason) { - - /* because we are protocols[0] ... */ - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - client_wsi = NULL; - break; - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("%s: established\n", __func__); - break; - - case LWS_CALLBACK_CLIENT_RECEIVE: - lwsl_user("RX: %s\n", (const char *)in); - rx_seen++; - if (test && rx_seen == 10) - interrupted = 1; - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - client_wsi = NULL; - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "dumb-increment-protocol", - callback_dumb_increment, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_client_connect_info i; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, lws - * must have been configured with -DCMAKE_BUILD_TYPE=DEBUG - * instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - test = !!lws_cmdline_option(argc, argv, "-t"); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client rx [-d ] [--h2] [-t (test)]\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./libwebsockets.org.cer"; -#endif - - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ - i.context = context; - i.port = 443; - i.address = "libwebsockets.org"; - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.ssl_connection = LCCSCF_USE_SSL; - i.protocol = protocols[0].name; /* "dumb-increment-protocol" */ - i.pwsi = &client_wsi; - - if (lws_cmdline_option(argc, argv, "--h2")) - i.alpn = "h2"; - - lws_client_connect_via_info(&i); - - while (n >= 0 && client_wsi && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - lwsl_user("Completed %s\n", rx_seen > 10 ? "OK" : "Failed"); - - return rx_seen > 10; -} diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/selftest.sh b/minimal-examples/ws-client/minimal-ws-client-rx/selftest.sh deleted file mode 100644 index 070ef7f..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-rx/selftest.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 warmcat -t - -exit $FAILS diff --git a/minimal-examples/ws-client/minimal-ws-client-spam/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-spam/CMakeLists.txt deleted file mode 100644 index 25b9d72..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-spam/CMakeLists.txt +++ /dev/null @@ -1,90 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-spam) -set(SRCS minimal-ws-client-spam.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared pthread) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/ws-client/minimal-ws-client-spam/README.md b/minimal-examples/ws-client/minimal-ws-client-spam/README.md deleted file mode 100644 index db4b7f7..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-spam/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# lws minimal ws client SPAM - -This connects to libwebsockets.org using the lws-mirror-protocol. - -By default is has 10 concurrent connections and connects 100 times. - -## build - -``` - $ cmake . && make -``` - -## Commandline Options - -Option|Meaning ----|--- --d|Set logging verbosity ---server|Use a specific server instead of libwebsockets.org, eg `--server localhost`. Implies LCCSCF_ALLOW_SELFSIGNED ---port|Use a specific port instead of 443, eg `--port 7681` --c|Amount of concurrent connections --l|Test limit (total number of connections to make) - -## usage - -Just run it, it will repeatedly connect and reconnect to libwebsockets.org -until it hits the test limit. - -You can also direct it to use the lws test server in tls mode by running that -with `libwebsockets-test-server -s` and running this using, eg - -``` - $ ./lws-minimal-ws-client-spam -c 20 -l 200 --server localhost --port 7681 -``` - -``` - $ ./lws-minimal-ws-client-spam -[2018/11/15 09:53:19:9639] USER: LWS minimal ws client SPAM -[2018/11/15 09:53:19:9647] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off -[2018/11/15 09:53:19:9695] NOTICE: created client ssl context for default -[2018/11/15 09:53:21:0976] USER: callback_minimal_spam: established (try 10, est 0, closed 0, err 0) -[2018/11/15 09:53:21:1041] USER: callback_minimal_spam: established (try 10, est 1, closed 0, err 0) -[2018/11/15 09:53:21:1089] USER: callback_minimal_spam: established (try 10, est 2, closed 0, err 0) -[2018/11/15 09:53:21:1132] USER: callback_minimal_spam: established (try 10, est 3, closed 0, err 0) -[2018/11/15 09:53:21:1166] USER: callback_minimal_spam: established (try 10, est 4, closed 0, err 0) -[2018/11/15 09:53:21:1531] USER: callback_minimal_spam: established (try 10, est 5, closed 0, err 0) -[2018/11/15 09:53:21:1563] USER: callback_minimal_spam: established (try 10, est 6, closed 0, err 0) -[2018/11/15 09:53:21:1589] USER: callback_minimal_spam: established (try 10, est 7, closed 0, err 0) -[2018/11/15 09:53:21:1616] USER: callback_minimal_spam: established (try 10, est 8, closed 0, err 0) -[2018/11/15 09:53:21:1671] USER: callback_minimal_spam: established (try 10, est 9, closed 0, err 0) -[2018/11/15 09:53:21:3778] USER: callback_minimal_spam: reopening (try 11, est 10, closed 1, err 0) -... -``` - diff --git a/minimal-examples/ws-client/minimal-ws-client-spam/libwebsockets.org.cer b/minimal-examples/ws-client/minimal-ws-client-spam/libwebsockets.org.cer deleted file mode 100644 index 4a9fb35..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-spam/libwebsockets.org.cer +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWjCCBEKgAwIBAgISA9x0/oj5PLdW46hsmR82/7ytMA0GCSqGSIb3DQEBCwUA -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA5MDcwNzA5NDBaFw0x -OTEyMDYwNzA5NDBaMBwxGjAYBgNVBAMTEWxpYndlYnNvY2tldHMub3JnMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPinIkleLmvEcA/YuBss6ASXVi7g -yr6Sss7cB3vTy7Fp8OB2c1N25prHZxVpORAUo0UreiaY2Ws4NFvDaYp08ZffevuC -UhThsEJlbkD0uvt7dPapJt9PNJtlxjNFWyvHEy6PijzIaMYDROiStcCJQn7kAew/ -Za2+5kNVgKqT+7OXukJEFdSdVZI6QC/npeQlkIrFSq1WVthCGBNJehxxES0hSWzk -0gNVKlkD3/SbkupsfUpe73XiawMtrtsSE7cdnul7VZmiP8I/3sJr1+4/3xZ+DEYg -mVB82B0vd08VJYzU7Nf0pz0PWusAmzRoRn81IXkOfBg9ohlSSEoZhHYS7QIDAQAB -o4ICZjCCAmIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRmKKyGjufWgp7pR2x0tWxG -D9G+WTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcB -AQRjMGEwLgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlw -dC5vcmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw -dC5vcmcvMBwGA1UdEQQVMBOCEWxpYndlYnNvY2tldHMub3JnMEwGA1UdIARFMEMw -CAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9j -cHMubGV0c2VuY3J5cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcAdH7a -gzGtMxCRIZzOJU9CcMK//V5CIAjGNzV55hB7zFYAAAFtCsWIfgAABAMASDBGAiEA -0H55VqSKV3otHK7uHNbcR0QwoUYtCmeObhsqxzCnmDwCIQD3mtuSKrxTD3oA+Yde -nmTgWfFyS4TNgLNEPCJYo2s75gB1ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM -9OVFR/R4AAABbQrFil4AAAQDAEYwRAIgNSpvz/1JA2aP6fh6ujGNuYfrAvWjlxXo -CJtVGe4XaDYCIGmK1/9tl1uQbVD46P5NswnULq06KQmuOrlI3HO4r86HMA0GCSqG -SIb3DQEBCwUAA4IBAQBiAlV7wkCsWE99VmZHBmcbZChWyWUHG3LM1hnaQRQjTSYk -CIlauCpWzlUd6weuvra85KqBbCYo+1hxbwITI796uAdgtHmBE8nj0VltHwKeSq2s -KKiGXBRT7Z7t0VHYSLOlGOVn1auuQFaWBArc0cQ/m1ZsoHvOiHTlKQvVsA4HnIxA -CjGY9OOQoh0c36ecbJZ44XKnU9J/OXtDx00aW6QodaZmgMp/OOCghFQUvufkgTUL -LZid873/8dJVWjAaj1VdadO1nSbdAfBbeWXy93+vg1aAoig80RoscrzYCaNlwmR7 -EO5zWxL3l+xUZogQSJuICgUgNzVB3wjn8HeHGsqt ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/minimal-examples/ws-client/minimal-ws-client-spam/minimal-ws-client-spam.c b/minimal-examples/ws-client/minimal-ws-client-spam/minimal-ws-client-spam.c deleted file mode 100644 index ec6f523..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-spam/minimal-ws-client-spam.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * lws-minimal-ws-client-spam - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws client that makes continuous mass ws connections - * asynchronously - */ - -#include -#include -#include -#include - -enum { - CLIENT_IDLE, - CLIENT_CONNECTING, - CLIENT_AWAITING_SEND, -}; - -struct client { - struct lws *wsi; - int index; - int state; -}; - -static struct lws_context *context; -static struct client clients[200]; -static int interrupted, port = 443, ssl_connection = LCCSCF_USE_SSL; -static const char *server_address = "libwebsockets.org", - *pro = "lws-mirror-protocol"; -static int concurrent = 3, conn, tries, est, errors, closed, sent, limit = 15; - -struct pss { - int conn; -}; - -static int -connect_client(int idx) -{ - struct lws_client_connect_info i; - - if (tries == limit) { - lwsl_user("Reached limit... finishing\n"); - return 0; - } - - memset(&i, 0, sizeof(i)); - - i.context = context; - i.port = port; - i.address = server_address; - i.path = "/"; - i.host = i.address; - i.origin = i.address; - i.ssl_connection = ssl_connection; - i.protocol = pro; - i.local_protocol_name = pro; - i.pwsi = &clients[idx].wsi; - - clients[idx].state = CLIENT_CONNECTING; - tries++; - - if (!lws_client_connect_via_info(&i)) { - clients[idx].wsi = NULL; - clients[idx].state = CLIENT_IDLE; - - return 1; - } - - return 0; -} - -static int -callback_minimal_spam(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct pss *pss = (struct pss *)user; - uint8_t ping[LWS_PRE + 125]; - int n, m; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - for (n = 0; n < concurrent; n++) { - clients[n].index = n; - connect_client(n); - } - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - errors++; - lwsl_err("CLIENT_CONNECTION_ERROR: %s (try %d, est %d, closed %d, err %d)\n", - in ? (char *)in : "(null)", tries, est, closed, errors); - for (n = 0; n < concurrent; n++) { - if (clients[n].wsi == wsi) { - clients[n].wsi = NULL; - clients[n].state = CLIENT_IDLE; - connect_client(n); - break; - } - } - if (tries == closed + errors) - interrupted = 1; - break; - - /* --- client callbacks --- */ - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("%s: established (try %d, est %d, closed %d, err %d)\n", - __func__, tries, est, closed, errors); - est++; - pss->conn = conn++; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - closed++; - if (tries == closed + errors) - interrupted = 1; - if (tries == limit) { - lwsl_user("%s: leaving CLOSED (try %d, est %d, sent %d, closed %d, err %d)\n", - __func__, tries, est, sent, closed, errors); - break; - } - - for (n = 0; n < concurrent; n++) { - if (clients[n].wsi == wsi) { - connect_client(n); - lwsl_user("%s: reopening (try %d, est %d, closed %d, err %d)\n", - __func__, tries, est, closed, errors); - break; - } - } - if (n == concurrent) - lwsl_user("CLOSED: can't find client wsi\n"); - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - n = lws_snprintf((char *)ping + LWS_PRE, sizeof(ping) - LWS_PRE, - "hello %d", pss->conn); - - m = lws_write(wsi, ping + LWS_PRE, n, LWS_WRITE_TEXT); - if (m < n) { - lwsl_err("sending ping failed: %d\n", m); - - return -1; - } - lws_set_timeout(wsi, PENDING_TIMEOUT_USER_OK, LWS_TO_KILL_ASYNC); - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "lws-spam-test", - callback_minimal_spam, - sizeof(struct pss), - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client SPAM\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; -#if defined(LWS_WITH_MBEDTLS) - /* - * OpenSSL uses the system trust store. mbedTLS has to be told which - * CA to trust explicitly. - */ - info.client_ssl_ca_filepath = "./libwebsockets.org.cer"; -#endif - - if ((p = lws_cmdline_option(argc, argv, "--server"))) { - server_address = p; - ssl_connection |= LCCSCF_ALLOW_SELFSIGNED; - } - - if ((p = lws_cmdline_option(argc, argv, "--port"))) - port = atoi(p); - - if ((p = lws_cmdline_option(argc, argv, "-l"))) - limit = atoi(p); - - if ((p = lws_cmdline_option(argc, argv, "-c"))) - concurrent = atoi(p); - - if (lws_cmdline_option(argc, argv, "-n")) { - ssl_connection = 0; - info.options = 0; - } - - if (concurrent < 0 || - concurrent > (int)LWS_ARRAY_SIZE(clients)) { - lwsl_err("%s: -c %d larger than max concurrency %d\n", __func__, - concurrent, (int)LWS_ARRAY_SIZE(clients)); - - return 1; - } - - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and n (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + concurrent + 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - if (tries == limit && closed == tries) { - lwsl_user("Completed\n"); - return 0; - } - - lwsl_err("Failed\n"); - - return 1; -} diff --git a/minimal-examples/ws-client/minimal-ws-client-spam/selftest.sh b/minimal-examples/ws-client/minimal-ws-client-spam/selftest.sh deleted file mode 100755 index b9f2cde..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-spam/selftest.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# -# $1: path to minimal example binaries... -# if lws is built with -DLWS_WITH_MINIMAL_EXAMPLES=1 -# that will be ./bin from your build dir -# -# $2: path for logs and results. The results will go -# in a subdir named after the directory this script -# is in -# -# $3: offset for test index count -# -# $4: total test count -# -# $5: path to ./minimal-examples dir in lws -# -# Test return code 0: OK, 254: timed out, other: error indication - -. $5/selftests-library.sh - -COUNT_TESTS=1 - -dotest $1 $2 warmcat - -exit $FAILS - diff --git a/minimal-examples/ws-client/minimal-ws-client-tx/CMakeLists.txt b/minimal-examples/ws-client/minimal-ws-client-tx/CMakeLists.txt deleted file mode 100644 index 47f2dc6..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-tx/CMakeLists.txt +++ /dev/null @@ -1,90 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-client-tx) -set(SRCS minimal-ws-client.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared pthread) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/ws-client/minimal-ws-client-tx/README.md b/minimal-examples/ws-client/minimal-ws-client-tx/README.md deleted file mode 100644 index 4a606d4..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-tx/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# lws minimal ws client tx - -This demonstrates a ws "publisher" to go with the minimal-ws-broker example. - -Two threads are spawned that produce messages to be sent to the broker, -via a local ringbuffer. Locking is provided to make ringbuffer access threadsafe. - -When a nailed-up client connection to the broker is established, the -ringbuffer is sent to the broker, which distributes the events to all -connected clients. - -## build - -``` - $ cmake . && make -``` - -## usage - -This example connects to ws-server/minimal-ws-broker, so you need to build and run -that in another terminal. - -``` - $ ./lws-minimal-ws-client-tx -[2018/03/16 16:04:33:5774] USER: LWS minimal ws client tx -[2018/03/16 16:04:33:5774] USER: Run minimal-ws-broker and browse to that -[2018/03/16 16:04:33:5774] NOTICE: Creating Vhost 'default' port -1, 1 protocols, IPv6 off -[2018/03/16 16:04:34:5794] USER: callback_minimal_broker: established -``` - -If you open a browser on http://localhost:7681 , you will see the subscribed -messages from the threads in this app via the broker app. - diff --git a/minimal-examples/ws-client/minimal-ws-client-tx/minimal-ws-client.c b/minimal-examples/ws-client/minimal-ws-client-tx/minimal-ws-client.c deleted file mode 100644 index 137201d..0000000 --- a/minimal-examples/ws-client/minimal-ws-client-tx/minimal-ws-client.c +++ /dev/null @@ -1,342 +0,0 @@ -/* - * lws-minimal-ws-client-tx - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws "publisher" to go with the minimal-ws-broker - * example. - * - * Two threads are spawned that produce messages to be sent to the broker, - * via a local ringbuffer. Locking is provided to make ringbuffer access - * threadsafe. - * - * When a nailed-up client connection to the broker is established, the - * ringbuffer is sent to the broker, which distributes the events to all - * connected clients. - */ - -#include -#include -#include -#include - -static int interrupted; - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - pthread_t pthread_spam[2]; - - pthread_mutex_t lock_ring; /* serialize access to the ring buffer */ - struct lws_ring *ring; /* ringbuffer holding unsent messages */ - uint32_t tail; - - struct lws_client_connect_info i; - struct lws *client_wsi; - - int counter; - char finished; - char established; -}; - -#if defined(WIN32) -static void usleep(unsigned long l) { Sleep(l / 1000); } -#endif - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static void * -thread_spam(void *d) -{ - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *)d; - struct msg amsg; - int len = 128, index = 1, n; - - do { - /* don't generate output if client not connected */ - if (!vhd->established) - goto wait; - - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - /* only create if space in ringbuffer */ - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - lwsl_user("dropping!\n"); - goto wait_unlock; - } - - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - goto wait_unlock; - } - n = lws_snprintf((char *)amsg.payload + LWS_PRE, len, - "tid: %p, msg: %d", - (void *)pthread_self(), index++); - amsg.len = n; - n = lws_ring_insert(vhd->ring, &amsg, 1); - if (n != 1) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - } else - /* - * This will cause a LWS_CALLBACK_EVENT_WAIT_CANCELLED - * in the lws service thread context. - */ - lws_cancel_service(vhd->context); - -wait_unlock: - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - -wait: - usleep(100000); - - } while (!vhd->finished); - - lwsl_notice("thread_spam %p exiting\n", (void *)pthread_self()); - - pthread_exit(NULL); - - return NULL; -} - -static int -connect_client(struct per_vhost_data__minimal *vhd) -{ - vhd->i.context = vhd->context; - vhd->i.port = 7681; - vhd->i.address = "localhost"; - vhd->i.path = "/publisher"; - vhd->i.host = vhd->i.address; - vhd->i.origin = vhd->i.address; - vhd->i.ssl_connection = 0; - - vhd->i.protocol = "lws-minimal-broker"; - vhd->i.pwsi = &vhd->client_wsi; - - return !lws_client_connect_via_info(&vhd->i); -} - -static int -callback_minimal_broker(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - void *retval; - int n, m, r = 0; - - switch (reason) { - - /* --- protocol lifecycle callbacks --- */ - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) - return 1; - - pthread_mutex_init(&vhd->lock_ring, NULL); - - /* start the content-creating threads */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (pthread_create(&vhd->pthread_spam[n], NULL, - thread_spam, vhd)) { - lwsl_err("thread creation failed\n"); - r = 1; - goto init_fail; - } - - if (connect_client(vhd)) - lws_timed_callback_vh_protocol(vhd->vhost, - vhd->protocol, LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: -init_fail: - vhd->finished = 1; - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (vhd->pthread_spam[n]) - pthread_join(vhd->pthread_spam[n], &retval); - - if (vhd->ring) - lws_ring_destroy(vhd->ring); - - pthread_mutex_destroy(&vhd->lock_ring); - - return r; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_err("CLIENT_CONNECTION_ERROR: %s\n", - in ? (char *)in : "(null)"); - vhd->client_wsi = NULL; - lws_timed_callback_vh_protocol(vhd->vhost, - vhd->protocol, LWS_CALLBACK_USER, 1); - break; - - /* --- client callbacks --- */ - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_user("%s: established\n", __func__); - vhd->established = 1; - break; - - case LWS_CALLBACK_CLIENT_WRITEABLE: - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - pmsg = lws_ring_get_element(vhd->ring, &vhd->tail); - if (!pmsg) - goto skip; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + LWS_PRE, - pmsg->len, LWS_WRITE_TEXT); - if (m < (int)pmsg->len) { - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock */ - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_single_tail(vhd->ring, &vhd->tail, 1); - - /* more to do for us? */ - if (lws_ring_get_element(vhd->ring, &vhd->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(wsi); - -skip: - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - break; - - case LWS_CALLBACK_CLIENT_CLOSED: - vhd->client_wsi = NULL; - vhd->established = 0; - lws_timed_callback_vh_protocol(vhd->vhost, vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_EVENT_WAIT_CANCELLED: - /* - * When the "spam" threads add a message to the ringbuffer, - * they create this event in the lws service thread context - * using lws_cancel_service(). - * - * We respond by scheduling a writable callback for the - * connected client, if any. - */ - if (vhd && vhd->client_wsi && vhd->established) - lws_callback_on_writable(vhd->client_wsi); - break; - - /* rate-limited client connect retries */ - - case LWS_CALLBACK_USER: - lwsl_notice("%s: LWS_CALLBACK_USER\n", __func__); - if (connect_client(vhd)) - lws_timed_callback_vh_protocol(vhd->vhost, - vhd->protocol, - LWS_CALLBACK_USER, 1); - break; - - default: - break; - } - - return lws_callback_http_dummy(wsi, reason, user, in, len); -} - -static const struct lws_protocols protocols[] = { - { - "lws-minimal-broker", - callback_minimal_broker, - 0, - 0, - }, - { NULL, NULL, 0, 0 } -}; - -static void -sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client tx\n"); - lwsl_user(" Run minimal-ws-broker and browse to that\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = CONTEXT_PORT_NO_LISTEN; /* we do not run any server */ - info.protocols = protocols; - /* - * since we know this lws context is only ever going to be used with - * one client wsis / fds / sockets at a time, let lws know it doesn't - * have to use the default allocations for fd tables up to ulimit -n. - * It will just allocate for 1 internal and 1 (+ 1 http2 nwsi) that we - * will use. - */ - info.fd_limit_per_thread = 1 + 1 + 1; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - lwsl_user("Completed\n"); - - return 0; -} diff --git a/minimal-examples/ws-server/README.md b/minimal-examples/ws-server/README.md deleted file mode 100644 index b8e7ec2..0000000 --- a/minimal-examples/ws-server/README.md +++ /dev/null @@ -1,13 +0,0 @@ -|Example|Demonstrates| ----|--- -minimal-ws-broker|Simple ws server with a publish / broker / subscribe architecture -minimal-ws-server-echo|Simple ws server that listens and echos back anything clients send -minimal-ws-server-pmd-bulk|Simple ws server showing how to pass bulk data with permessage-deflate -minimal-ws-server-pmd-corner|Corner-case tests for permessage-deflate -minimal-ws-server-pmd|Simple ws server with permessage-deflate support -minimal-ws-server-ring|Like minimal-ws-server but holds the chat in a multi-tail ringbuffer -minimal-ws-server-threadpool|Demonstrates how to use a worker thread pool with lws -minimal-ws-server-threads-smp|SMP ws server where data is produced by different threads with multiple lws service threads too -minimal-ws-server-threads|Simple ws server where data is produced by different threads -minimal-ws-server|Serves an index.html over http that opens a ws shared chat client in a browser - diff --git a/minimal-examples/ws-server/minimal-ws-broker/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-broker/CMakeLists.txt deleted file mode 100644 index 719147d..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/CMakeLists.txt +++ /dev/null @@ -1,77 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-broker) -set(SRCS minimal-ws-broker.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/ws-server/minimal-ws-broker/README.md b/minimal-examples/ws-server/minimal-ws-broker/README.md deleted file mode 100644 index e6405c2..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# lws minimal ws broker - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-ws-broker -[2018/03/15 12:23:12:1559] USER: LWS minimal ws broker | visit http://localhost:7681 -[2018/03/15 12:23:12:1560] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -``` - -Visit http://localhost:7681 on multiple browser windows - -The page opens a subscribe mode ws connection back to the broker, -and a publisher mode ws connection back to the broker. - -The textarea shows the data from the subscription connection. - -If you type text is in the text box and press send, the text -is passed to the broker on the publisher ws connection and -sent to all subscribers. diff --git a/minimal-examples/ws-server/minimal-ws-broker/minimal-ws-broker.c b/minimal-examples/ws-server/minimal-ws-broker/minimal-ws-broker.c deleted file mode 100644 index 88ee988..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/minimal-ws-broker.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * lws-minimal-ws-broker - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with an added publish / broker / subscribe ws server. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws broker | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-broker/mount-origin/example.js deleted file mode 100644 index 61c7617..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/example.js +++ /dev/null @@ -1,83 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - subscriber_ws = new_ws(get_appropriate_ws_url(""), "lws-minimal-broker"); - try { - subscriber_ws.onopen = function() { - document.getElementById("b").disabled = 0; - }; - - subscriber_ws.onmessage =function got_packet(msg) { - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - subscriber_ws.onclose = function(){ - document.getElementById("b").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - - publisher_ws = new_ws(get_appropriate_ws_url("/publisher"), "lws-minimal-broker"); - try { - publisher_ws.onopen = function() { - document.getElementById("m").disabled = 0; - }; - - publisher_ws.onmessage =function got_packet(msg) { - }; - - publisher_ws.onclose = function(){ - document.getElementById("m").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - - function sendmsg() - { - publisher_ws.send(document.getElementById("m").value); - document.getElementById("m").value = ""; - } - - document.getElementById("b").addEventListener("click", sendmsg); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-broker/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-broker/mount-origin/index.html deleted file mode 100644 index c733b95..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/index.html +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - -
- - LWS chat minimal ws broker example.
- This page opens two separate ws connections...
- A subscriber ws connection fills this textarea
- with data it receives from the broker... -
-
-
-
- ... and a publisher ws connection sends the string
- in the box below to the broker when you press Send.
- - - - - diff --git a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-broker/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-broker/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-broker/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-broker/protocol_lws_minimal.c deleted file mode 100644 index 4ee8981..0000000 --- a/minimal-examples/ws-server/minimal-ws-broker/protocol_lws_minimal.c +++ /dev/null @@ -1,250 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal-broker" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This implements a minimal "broker", for systems that look like this - * - * [ publisher ws client ] <-> [ ws server broker ws server ] <-> [ ws client subscriber ] - * - * The "publisher" role is to add data to the broker. - * - * The "subscriber" role is to hear about all data added to the system. - * - * The "broker" role is to manage incoming data from publishers and pass it out - * to subscribers. - * - * Any number of publishers and subscribers are supported. - * - * This example implements a single ws server, using one ws protocol, that treats ws - * connections as being in publisher or subscriber mode according to the URL the ws - * connection was made to. ws connections to "/publisher" URL are understood to be - * publishing data and to any other URL, subscribing. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - uint32_t tail; - char publishing; /* nonzero: peer is publishing to us */ -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - - struct lws_ring *ring; /* ringbuffer holding unsent messages */ -}; - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - struct msg amsg; - char buf[32]; - int n, m; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) - return 1; - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - lws_ring_destroy(vhd->ring); - break; - - case LWS_CALLBACK_ESTABLISHED: - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - if (lws_hdr_copy(wsi, buf, sizeof(buf), WSI_TOKEN_GET_URI) > 0) - pss->publishing = !strcmp(buf, "/publisher"); - if (!pss->publishing) - /* add subscribers to the list of live pss held in the vhd */ - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - - if (pss->publishing) - break; - - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) - break; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + LWS_PRE, - pmsg->len, LWS_WRITE_TEXT); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct per_session_data__minimal, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - /* more to do? */ - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - break; - - case LWS_CALLBACK_RECEIVE: - - if (!pss->publishing) - break; - - /* - * For test, our policy is ignore publishing when there are - * no subscribers connected. - */ - if (!vhd->pss_list) - break; - - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - lwsl_user("dropping!\n"); - break; - } - - amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)amsg.payload + LWS_PRE, in, len); - if (!lws_ring_insert(vhd->ring, &amsg, 1)) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping 2!\n"); - break; - } - - /* - * let every subscriber know we want to write something - * on them as soon as they are ready - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - if (!(*ppss)->publishing) - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal-broker", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-echo/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-echo/CMakeLists.txt deleted file mode 100644 index 78823ea..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-echo/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-echo) -set(SRCS minimal-ws-server-echo.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-echo/README.md b/minimal-examples/ws-server/minimal-ws-server-echo/README.md deleted file mode 100644 index bf65c6e..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-echo/README.md +++ /dev/null @@ -1,30 +0,0 @@ -# lws minimal ws server + permessage-deflate echo - -This example serves no-protocl-name ws on localhost:7681 -and echoes back anything that comes from the client. - -You can use it for testing lws against Autobahn (use the --p option to tell it to listen on 9001 for that) - -## build - -``` - $ cmake . && make -``` - -## usage - -Commandline option|Meaning ----|--- --d |Debug verbosity in decimal, eg, -d15 --p port|Port to connect to --u url|URL path part to connect to --o|Finish after one connection - -``` - $ ./lws-minimal-ws-server-echo -[2018/04/24 10:29:34:6212] USER: LWS minimal ws server echo + permessage-deflate + multifragment bulk message -[2018/04/24 10:29:34:6213] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 off -... -``` - diff --git a/minimal-examples/ws-server/minimal-ws-server-echo/minimal-ws-server-echo.c b/minimal-examples/ws-server/minimal-ws-server-echo/minimal-ws-server-echo.c deleted file mode 100644 index e3b217f..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-echo/minimal-ws-server-echo.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * lws-minimal-ws-server-echo - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a ws server that echoes back what it was sent, in a way - * compatible with autobahn -m fuzzingclient - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_server_echo.c" - -static struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_SERVER_ECHO, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted, port = 7681, options; - -/* pass pointers to shared vars to the protocol */ - -static const struct lws_protocol_vhost_options pvo_options = { - NULL, - NULL, - "options", /* pvo name */ - (void *)&options /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_interrupted = { - &pvo_options, - NULL, - "interrupted", /* pvo name */ - (void *)&interrupted /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_interrupted, /* "child" pvo linked-list */ - "lws-minimal-server-echo", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws client echo + permessage-deflate + multifragment bulk message\n"); - lwsl_user(" lws-minimal-ws-client-echo [-n (no exts)] [-p port] [-o (once)]\n"); - - - if ((p = lws_cmdline_option(argc, argv, "-p"))) - port = atoi(p); - - if (lws_cmdline_option(argc, argv, "-o")) - options |= 1; - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = port; - info.protocols = protocols; - info.pvo = &pvo; - if (!lws_cmdline_option(argc, argv, "-n")) - info.extensions = extensions; - info.pt_serv_buf_size = 32 * 1024; - info.options = LWS_SERVER_OPTION_VALIDATE_UTF8 | - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - lwsl_user("Completed %s\n", interrupted == 2 ? "OK" : "failed"); - - return interrupted != 2; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-echo/protocol_lws_minimal_server_echo.c b/minimal-examples/ws-server/minimal-ws-server-echo/protocol_lws_minimal_server_echo.c deleted file mode 100644 index b2a5531..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-echo/protocol_lws_minimal_server_echo.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal-server-echo" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * The protocol shows how to send and receive bulk messages over a ws connection - * that optionally may have the permessage-deflate extension negotiated on it. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -#define RING_DEPTH 4096 - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; - char binary; - char first; - char final; -}; - -struct per_session_data__minimal_server_echo { - struct lws_ring *ring; - uint32_t msglen; - uint32_t tail; - uint8_t completed:1; - uint8_t flow_controlled:1; - uint8_t write_consume_pending:1; -}; - -struct vhd_minimal_server_echo { - struct lws_context *context; - struct lws_vhost *vhost; - - int *interrupted; - int *options; -}; - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} -#include -static int -callback_minimal_server_echo(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal_server_echo *pss = - (struct per_session_data__minimal_server_echo *)user; - struct vhd_minimal_server_echo *vhd = (struct vhd_minimal_server_echo *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - struct msg amsg; - int m, n, flags; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct vhd_minimal_server_echo)); - if (!vhd) - return -1; - - vhd->context = lws_get_context(wsi); - vhd->vhost = lws_get_vhost(wsi); - - /* get the pointers we were passed in pvo */ - - vhd->interrupted = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "interrupted")->value; - vhd->options = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "options")->value; - break; - - case LWS_CALLBACK_ESTABLISHED: - /* generate a block of output before travis times us out */ - lwsl_warn("LWS_CALLBACK_ESTABLISHED\n"); - pss->ring = lws_ring_create(sizeof(struct msg), RING_DEPTH, - __minimal_destroy_message); - if (!pss->ring) - return 1; - pss->tail = 0; - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - - lwsl_user("LWS_CALLBACK_SERVER_WRITEABLE\n"); - - if (pss->write_consume_pending) { - /* perform the deferred fifo consume */ - lws_ring_consume_single_tail(pss->ring, &pss->tail, 1); - pss->write_consume_pending = 0; - } - - pmsg = lws_ring_get_element(pss->ring, &pss->tail); - if (!pmsg) { - lwsl_user(" (nothing in ring)\n"); - break; - } - - flags = lws_write_ws_flags( - pmsg->binary ? LWS_WRITE_BINARY : LWS_WRITE_TEXT, - pmsg->first, pmsg->final); - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + - LWS_PRE, pmsg->len, flags); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lwsl_user(" wrote %d: flags: 0x%x first: %d final %d\n", - m, flags, pmsg->first, pmsg->final); - /* - * Workaround deferred deflate in pmd extension by only - * consuming the fifo entry when we are certain it has been - * fully deflated at the next WRITABLE callback. You only need - * this if you're using pmd. - */ - pss->write_consume_pending = 1; - lws_callback_on_writable(wsi); - - if (pss->flow_controlled && - (int)lws_ring_get_count_free_elements(pss->ring) > RING_DEPTH - 5) { - lws_rx_flow_control(wsi, 1); - pss->flow_controlled = 0; - } - - if ((*vhd->options & 1) && pmsg && pmsg->final) - pss->completed = 1; - - break; - - case LWS_CALLBACK_RECEIVE: - - lwsl_user("LWS_CALLBACK_RECEIVE: %4d (rpp %5d, first %d, " - "last %d, bin %d, msglen %d (+ %d = %d))\n", - (int)len, (int)lws_remaining_packet_payload(wsi), - lws_is_first_fragment(wsi), - lws_is_final_fragment(wsi), - lws_frame_is_binary(wsi), pss->msglen, (int)len, - (int)pss->msglen + (int)len); - - if (len) { - ; - //puts((const char *)in); - //lwsl_hexdump_notice(in, len); - } - - amsg.first = lws_is_first_fragment(wsi); - amsg.final = lws_is_final_fragment(wsi); - amsg.binary = lws_frame_is_binary(wsi); - n = (int)lws_ring_get_count_free_elements(pss->ring); - if (!n) { - lwsl_user("dropping!\n"); - break; - } - - if (amsg.final) - pss->msglen = 0; - else - pss->msglen += len; - - amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)amsg.payload + LWS_PRE, in, len); - if (!lws_ring_insert(pss->ring, &amsg, 1)) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - break; - } - lws_callback_on_writable(wsi); - - if (n < 3 && !pss->flow_controlled) { - pss->flow_controlled = 1; - lws_rx_flow_control(wsi, 0); - } - break; - - case LWS_CALLBACK_CLOSED: - lwsl_user("LWS_CALLBACK_CLOSED\n"); - lws_ring_destroy(pss->ring); - - if (*vhd->options & 1) { - if (!*vhd->interrupted) - *vhd->interrupted = 1 + pss->completed; - lws_cancel_service(lws_get_context(wsi)); - } - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL_SERVER_ECHO \ - { \ - "lws-minimal-server-echo", \ - callback_minimal_server_echo, \ - sizeof(struct per_session_data__minimal_server_echo), \ - 1024, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_SERVER_ECHO -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal_server_echo(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal_server_echo(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/CMakeLists.txt deleted file mode 100644 index d27769f..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-pmd-bulk) -set(SRCS minimal-ws-server-pmd-bulk.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -#require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/README.md b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/README.md deleted file mode 100644 index 274dbf9..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# lws minimal ws server + permessage-deflate for bulk traffic - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-ws-server-pmd-bulk -[2018/03/04 09:30:02:7986] USER: LWS minimal ws server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 in your browser - -One or another kind of bulk ws transfer is made to the browser. - -The ws connection is made via permessage-deflate extension. diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/minimal-ws-server-pmd-bulk.c b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/minimal-ws-server-pmd-bulk.c deleted file mode 100644 index 6f655c4..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/minimal-ws-server-pmd-bulk.c +++ /dev/null @@ -1,143 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_pmd_bulk.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted, options; - -/* pass pointers to shared vars to the protocol */ - -static const struct lws_protocol_vhost_options pvo_options = { - NULL, - NULL, - "options", /* pvo name */ - (void *)&options /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo_interrupted = { - &pvo_options, - NULL, - "interrupted", /* pvo name */ - (void *)&interrupted /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_interrupted, /* "child" pvo linked-list */ - "lws-minimal-pmd-bulk", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + permessage-deflate | visit http://localhost:7681\n"); - lwsl_user(" %s [-n (no exts)] [-c (compressible)] [-b (blob)]\n", argv[0]); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.pvo = &pvo; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (!lws_cmdline_option(argc, argv, "-n")) - info.extensions = extensions; - - if (lws_cmdline_option(argc, argv, "-c")) - options |= 1; /* send compressible text */ - - if (lws_cmdline_option(argc, argv, "-b")) - options |= 2; /* send in one giant blob */ - - info.pt_serv_buf_size = 32 * 1024; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/example.js deleted file mode 100644 index d1c49a7..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/example.js +++ /dev/null @@ -1,65 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal-pmd-bulk"); - try { - ws.onopen = function() { - document.getElementById("r").disabled = 0; - document.getElementById("status").textContent = "ws open "+ ws.extensions; - }; - - ws.onmessage = function got_packet(msg) { - console.log("Received ws message len " + msg.data.size); - document.getElementById("r").value = - document.getElementById("r").value + "\nReceived: " + msg.data.size + " bytes\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - - /* echo it back */ - ws.send(msg.data); - }; - - ws.onclose = function(){ - document.getElementById("r").disabled = 1; - document.getElementById("status").textContent = "ws closed"; - }; - } catch(exception) { - alert("

Error " + exception); - } -} - -window.addEventListener("load", function() { - - var n; - - /* - * we make 5 individual connections. Because if we don't, by default pmd - * will reuse its dictionary to make subsequent tests very short. - */ - - for (n = 0; n < 5; n++) - conn(n); - - console.log("load"); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/index.html deleted file mode 100644 index 45b0d81..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/index.html +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - -
- - LWS pmd corner case test.
- A ws link is made back to the server and results shown here.
- It should show four binary blobs of increasing size. -
-
- Ws closed
-
- - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/protocol_lws_minimal.c deleted file mode 100644 index 1558b37..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/protocol_lws_minimal.c +++ /dev/null @@ -1,304 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This version holds a single message at a time, which may be lost if a new - * message comes. See the minimal-ws-server-ring sample for the same thing - * but using an lws_ring ringbuffer to hold up to 8 messages at a time. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* - * This came from... - * - * cat /dev/urandom | hexdump -C -n 1024 | tr -s ' ' | cut -d' ' -f 2-17 | head -n-1 | sed "s/\ /, 0x/g" | sed "s/^/0x/g" | sed "s/\$/,/g" - * - * ...then the length tuned by hand to get the ciphertext sizes that we want to - * confirm are OK. - * - * We can only pass in a maximum of one compression buffer of input at a time, - * which is 1024 by default. - */ - -unsigned char uncompressible[] = { - 0xfe, 0xcc, 0x47, 0xcb, 0x10, 0xf4, 0x3c, 0x85, - 0x8e, 0xd4, 0xe2, 0xf6, 0xd1, 0xd1, 0xdb, 0x64, - 0x94, 0x50, 0xf6, 0x14, 0x25, 0x03, 0x09, 0x3a, - 0xb1, 0x47, 0x86, 0xa8, 0x3c, 0x4f, 0x3b, 0x98, - 0x7b, 0x3e, 0x67, 0x3e, 0x22, 0xc5, 0x4c, 0x45, - 0xf4, 0xf7, 0xb5, 0x79, 0xc0, 0x26, 0x6e, 0x5c, - 0xf4, 0x10, 0x04, 0xa9, 0x3c, 0x4f, 0xed, 0xc5, - 0x3d, 0xd4, 0x9f, 0x9f, 0xa3, 0xdb, 0x29, 0xeb, - 0x1e, 0xe1, 0x52, 0xab, 0xb5, 0x75, 0x25, 0x86, - 0x86, 0x02, 0x2c, 0x9d, 0x9c, 0x86, 0x46, 0x92, - 0xe9, 0x04, 0xd8, 0x2c, 0x7d, 0x8a, 0x56, 0xe1, - 0xe1, 0xb6, 0x84, 0x4d, 0x17, 0x30, 0x01, 0x60, - 0xa6, 0xf4, 0xba, 0xc9, 0x5a, 0x29, 0xe3, 0x05, - 0xe1, 0xb4, 0x0b, 0x23, 0x74, 0x93, 0x25, 0x76, - 0xce, 0x15, 0xe4, 0x82, 0x9f, 0xbf, 0xe8, 0x6a, - 0x4a, 0xc5, 0xc2, 0x22, 0x91, 0x80, 0xb5, 0xd7, - 0xb3, 0xce, 0x70, 0x0e, 0xf7, 0xbb, 0x2f, 0xc5, - 0x83, 0x39, 0x86, 0xe5, 0x3e, 0xb7, 0x83, 0x87, - 0xc2, 0xeb, 0xc8, 0xed, 0x59, 0x26, 0xc1, 0xe6, - 0x80, 0x17, 0x3c, 0x29, 0x53, 0x4c, 0x1c, 0x3f, - 0x54, 0xbe, 0x34, 0x26, 0x72, 0xed, 0x38, 0x10, - 0xd1, 0x37, 0x07, 0x2d, 0x12, 0x31, 0x9b, 0xc5, - 0x92, 0x09, 0x13, 0x5d, 0x8e, 0xef, 0xdb, 0x52, - 0x7f, 0x7d, 0x6f, 0x62, 0x1e, 0x17, 0xd2, 0xf9, - 0x72, 0x74, 0xc7, 0xd6, 0x1f, 0x8b, 0x9c, 0x4c, - 0x26, 0xd2, 0x6f, 0x7c, 0x33, 0x06, 0xee, 0xc2, - 0xa3, 0x41, 0x43, 0x4f, 0x40, 0x2a, 0x9c, 0xb3, - 0x4a, 0xb1, 0x88, 0x4e, 0x6f, 0xf2, 0xb7, 0x38, - 0xde, 0x87, 0x0d, 0xdc, 0x15, 0x6a, 0x36, 0x6b, - 0xf3, 0x6c, 0x61, 0xf5, 0x24, 0x8e, 0xb6, 0xcc, - 0x8a, 0x3a, 0xa0, 0xb4, 0x9b, 0xae, 0x85, 0x87, - 0x75, 0xf5, 0xbd, 0x50, 0x1f, 0xb5, 0x0c, 0xdb, - 0x6c, 0x68, 0x59, 0xef, 0x37, 0x5a, 0x2a, 0x85, - 0xf0, 0xce, 0x4d, 0x58, 0xa1, 0xa5, 0xde, 0x73, - 0x9b, 0x1a, 0x3d, 0x8a, 0x00, 0xba, 0x2f, 0xe2, - 0xda, 0xad, 0x3c, 0x63, 0x8a, 0x33, 0x39, 0xc4, - 0x07, 0x29, 0x1d, 0xa7, 0x40, 0x3b, 0xa4, 0xa6, - 0xae, 0xee, 0x37, 0x08, 0x83, 0xd1, 0x72, 0x66, - 0x3d, 0x43, 0xe3, 0x7a, 0x48, 0xfc, 0xf8, 0xd4, - 0xe3, 0xab, 0xd0, 0xe9, 0xb1, 0xf4, 0x4d, 0x3c, - 0x6b, 0x58, 0xde, 0x3c, 0x91, 0x0d, 0x3e, 0xec, - 0x35, 0x6d, 0x53, 0xe6, 0xb6, 0x4b, 0xc0, 0x80, - 0x18, 0xab, 0x96, 0x7f, 0x05, 0xd7, 0xd4, 0x81, - 0x0f, 0x92, 0x2b, 0xaf, 0x72, 0x59, 0xc2, 0x14, - 0xca, 0x62, 0x82, 0xac, 0xe3, 0x17, 0x43, 0x61, - 0x4d, 0x1e, 0xfc, 0x72, 0xaf, 0xfc, 0x55, 0x2a, - 0x2b, 0xb6, 0x8e, 0x6e, 0xe6, 0x86, 0xeb, 0xcc, - 0x26, 0x6c, 0xdf, 0xac, 0x02, 0x58, 0xa1, 0x5d, - 0x1b, 0x07, 0xe2, 0x5d, 0x50, 0xb9, 0xbf, 0x2e, - 0x1f, 0x49, 0x39, 0xe6, 0x7f, 0x2f, 0x0e, 0x9d, - 0x09, 0x42, 0xc7, 0xa1, 0xcc, 0xeb, 0x5b, 0x06, - 0x1c, 0x11, 0x9f, 0xea, 0xc1, 0x96, 0x82, 0xa9, - 0x30, 0x6a, 0xda, 0x98, 0x87, 0x43, 0xfd, 0x25, - 0xe7, 0x27, 0x53, 0x9a, 0xb3, 0x2f, 0x19, 0xa9, - 0x1a, 0xf4, 0xd6, 0xf3, 0x9e, 0xba, 0x9a, 0x91, - 0x52, 0x8f, 0x20, 0x6b, 0x4c, 0x3a, 0x2a, 0x3d, - 0xa0, 0xff, 0x8d, 0x61, 0x04, 0xee, 0x26, 0x55, - 0xdd, 0xd7, 0x67, 0xe4, 0x84, 0x0d, 0xf1, 0x5d, - 0xc7, 0xeb, 0xb3, 0x8c, 0x67, 0xa2, 0xc8, 0x1f, - 0x53, 0x02, 0xc4, 0x8c, 0x89, 0xd5, 0x51, 0xc8, - 0x8b, 0xb7, 0xc8, 0x11, 0xbe, 0x0e, 0xc2, 0xb1, - 0x00, 0x35, 0x81, 0x96, 0xac, 0x90, 0x9c, 0xbc, - 0x09, 0x82, 0x75, 0xc3, 0xe7, 0x66, 0x4e, 0x68, - 0xdc, 0xa1, 0xf0, 0xd0, 0x2d, 0x49, 0x3b, 0x47, - 0xba, 0x19, 0xc8, 0x9b, 0x90, 0x12, 0xc0, 0xdf, - 0xda, 0x32, 0x0f, 0x79, 0x6d, 0x1a, 0x5f, 0x92, - 0x51, 0x70, 0xfc, 0xca, 0x08, 0xd4, 0x7f, 0x1a, - 0x56, 0x04, 0x99, 0x33, 0x89, 0x3d, 0x6f, 0x89, - 0x10, 0x25, 0x81, 0xe2, 0xbd, 0x06, 0xd6, 0xaa, - 0x02, 0x8e, 0x4c, 0xa3, 0x60, 0xfd, 0xaf, 0x9c, - 0x81, 0x75, 0xaf, 0x2f, 0xe1, 0x72, 0xe0, 0x6e, - 0x15, 0xdd, 0xbb, 0x92, 0xd1, 0xbe, 0x8e, 0x9b, - 0xfb, 0x82, 0xb9, 0x47, 0x6f, 0x02, 0x28, 0x2a, - 0x67, 0x50, 0xed, 0x24, 0x9b, 0x4d, 0x69, 0xd7, - 0xa9, 0x66, 0x3e, 0x14, 0x4b, 0x00, 0x2a, 0xe4, - 0x3d, 0x63, 0xb2, 0x10, 0xd4, 0x05, 0x9d, 0xe3, - 0xde, 0xce, 0xd8, 0x04, 0x41, 0x03, 0xb5, 0xda, - 0xb0, 0x6f, 0xca, 0x63, 0x64, 0x04, 0xff, 0x07, - 0x58, 0x5f, 0x96, 0xf7, 0x6c, 0xb7, 0x67, 0x05, - 0xd6, 0x85, 0xf2, 0x1e, 0xc1, 0xdc, 0x76, 0x12, - 0x50, 0x83, 0x78, 0xa2, 0x51, 0x94, 0xe1, 0x2e, - 0xb8, 0x97, 0x5b, 0x08, 0x81, 0xac, 0x59, 0x43, - 0xe9, 0x01, 0x09, 0xa2, 0xed, 0x10, 0x4f, 0xb1, - 0x5b, 0xb8, 0x67, 0xe8, 0x61, 0x8d, 0xc8, 0xd9, - 0xc3, 0x5f, 0x65, 0xd7, 0xaa, 0x30, 0x0e, 0xc9, - 0x43, 0x98, 0x1d, 0xf1, 0xa5, 0x28, 0xd5, 0xa1, - 0x6b, 0x8f, 0x89, 0x76, 0x97, 0xa1, 0x3e, 0x6f, - 0x39, 0xf4, 0xb9, 0x6b, 0xa7, 0xfe, 0x58, 0x24, - 0xcd, 0x75, 0xa8, 0xec, 0x9e, 0x1c, 0x8e, 0x02, - 0x2a, 0xce, 0xe9, 0x0a, 0x24, 0x31, 0x89, 0x5a, - 0xd5, 0xdd, 0x70, 0x8e, 0x5f, 0xee, 0xc1, 0x34, - 0xf8, 0xe2, 0x8a, 0xca, 0xf1, 0xf2, 0x71, 0x4c, - 0x31, 0x56, 0xeb, 0x03, 0xf9, 0x6c, 0x0d, 0xa9, - 0x65, 0x6e, 0x88, 0x4f, 0x8e, 0x80, 0x69, 0xd7, - 0xd4, 0x63, 0x45, 0x9c, 0xab, 0x8c, 0x3d, 0x08, - 0x8b, 0xd9, 0x97, 0xdc, 0x88, 0x59, 0x19, 0x2d, - 0xb2, 0x84, 0xf4, 0x78, 0x3e, 0xce, 0x80, 0xba, - 0xeb, 0x34, 0x5a, 0x9e, 0x8e, 0x98, 0xc4, 0x45, - 0x9d, 0x59, 0xb2, 0x7e, 0xc1, 0x7e, 0x5b, 0x89, - 0xd0, 0x02, 0xcb, 0xa4, 0xf1, 0xf2, 0xa7, 0x3a, - 0x05, 0xc3, 0x7d, 0x43, 0x64, 0x7f, 0xf0, 0xc1, - 0xf8, 0x71, 0x3b, 0x38, 0x39, 0xc7, 0x1b, 0xf4, - 0x2f, 0x5a, 0x5c, 0x43, 0x1b, 0xe3, 0x93, 0xe8, - 0x79, 0xe8, 0x35, 0x63, 0x34, 0x7e, 0x25, 0x41, - 0x6f, 0x08, 0xce, 0x6f, 0x95, 0x2a, 0xc2, 0xdc, - 0x65, 0xe2, 0xa5, 0xc0, 0xfd, 0xf1, 0x78, 0x32, - 0x23, 0x09, 0x75, 0x99, 0x12, 0x7a, 0x83, 0xfd, - 0xae, 0x1e, 0xb2, 0xe9, 0x12, 0x5c, 0x3d, 0x03, - 0x68, 0x12, 0x1e, 0xe3, 0x8f, 0xff, 0x47, 0xe3, - 0xb4, 0x7e, 0x9b, 0x7e, 0x60, 0x2e, 0xf4, 0x06, - 0xba, 0x10, 0x08, 0x6b, 0xf9, 0x25, 0x59, 0xf3, - 0x61, 0x13, 0x2b, 0xd1, 0x2f, 0x04, 0x5f, 0xd6, - 0xd3, 0x42, 0xf6, 0x21, 0x57, 0xf6, 0xd3, 0xb3, - 0xec, 0xec, 0x07, 0x33, 0xbf, 0x69, 0x04, 0xec, - 0x88, 0x8d, 0x06, 0x2b, 0xfa, 0xee, 0xb2, 0x7b, - 0x41, 0x2a, 0x49, 0x0f, 0x30, 0x52, 0x41, 0x29, - 0x70, 0xd0, 0xf6, 0xb6, 0xbf, 0x27, 0x1a, 0x56, - 0x9a, 0x4b, 0x2a, 0x67, 0xfb, 0xc8, 0x16, 0x46, - 0x59, 0xc7, 0xf5, 0x5f, 0x20, 0x10, 0x25, 0x6c, - 0x1e, 0x36, 0x20, 0x0c, 0x3e, 0x7e, 0x15, 0x6c, - 0xa2, 0xbd, 0x22, 0xc4, 0x3d, 0xc9, 0x74, 0x56, - 0xab, 0x31, 0x92, 0xb8, 0x9f, 0xa1, 0x05, 0x2e, - 0xc4, 0xdb, 0x32, 0x91, 0xcb, 0x0f, 0x4a, 0x73, - 0x7f, 0xe1, 0xe6, 0x65, 0x2e, 0x5e, 0xa6, 0xaf, - 0xae, 0xa9, 0x04, 0x14, 0x83, 0xef, 0x19, 0x70, - 0x5e, 0xcb, 0xf5, 0x87, 0xcc, 0x45, 0xf7, 0x60, - 0xd7, 0x9d, 0x1e, 0x2e, /* 1012 */ - - /* up to here, this generates a 1022-byte single packet of compressed - * data that is well-formed and produces 1012 bytes of plaintext. - * - * The compressed packet ends - * - * 03F0: 70 5E CB F5 87 CC 45 F7 60 D7 9D 1E 2E 00 - */ - - 0x54, /* 1013 */ - - /* up to here, this generates a 1023-byte single packet of compressed - * data that is well-formed and produces 1013 bytes of plaintext. - * - * The compressed packet ends - * - * 03F0: 70 5E CB F5 87 CC 45 F7 60 D7 9D 1E 2E 54 00 - */ - - 0x83, /* 1014 */ - - /* up to here, a 1023-byte + 3-byte (1 byte payload) packet - * of uncompressed length 1014 */ - - 0x09, 0x99, 0xf9, 0x71, 0x9f, 0x15, 0x49, 0xda, 0xa8, 0x99, /* 1024 */ - - /* up to here, a 1023-byte (1020 payload) + 3-byte (1 payload) packet - * of uncompressed length 1019 */ - - 0xf5, 0xe6, 0xa1, 0x71, 0x64, 0x9a, 0x95, 0xed, - - -}; - -/* generates ciphertext: 1022 1023 1023 + 3 1023 + 3 */ -static int corner_lengths[] = { -/* bytes plaintext, ciphertext */ - 1012, /* 1019 */ - 1013, /* 1020 */ - 1014, /* 1021 */ - 1019, /* 1021 */ - 1024, /* 1021*/ -}; - - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - int which; - int last; /* 0 no test, else test number in corner_lengths[] + 1 */ -}; - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - unsigned char buf[LWS_PRE + 2048]; - int m; - - switch (reason) { - case LWS_CALLBACK_ESTABLISHED: - if (lws_hdr_copy(wsi, (char *)buf, sizeof(buf), - WSI_TOKEN_GET_URI) < 0) - return -1; - - pss->last = atoi((char *)buf + 1); - - if (pss->last > (int)LWS_ARRAY_SIZE(corner_lengths)) - pss->last = 0; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (!pss->last) - break; - - lwsl_err("%s: writable %d, %d\n", __func__, pss->last, - corner_lengths[pss->last - 1]); - - memcpy(buf + LWS_PRE, uncompressible, - corner_lengths[pss->last - 1]); - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, buf + LWS_PRE, corner_lengths[pss->last - 1], - LWS_WRITE_BINARY); - if (m < corner_lengths[pss->last - 1]) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - pss->last = 0; - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 2048, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-pmd/CMakeLists.txt deleted file mode 100644 index db9f03e..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-pmd) -set(SRCS minimal-ws-server-pmd.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/README.md b/minimal-examples/ws-server/minimal-ws-server-pmd/README.md deleted file mode 100644 index 468f74f..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/README.md +++ /dev/null @@ -1,23 +0,0 @@ -# lws minimal ws server + permessage-deflate - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-ws-server -[2018/03/04 09:30:02:7986] USER: LWS minimal ws server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 on multiple browser windows - -Text you type in any browser window is sent to all of them. - -For simplicity of this example, only one line of text is cached at the server. - -The ws connection is made via permessage-deflate extension. diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/minimal-ws-server-pmd.c b/minimal-examples/ws-server/minimal-ws-server-pmd/minimal-ws-server-pmd.c deleted file mode 100644 index 2b7b567..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/minimal-ws-server-pmd.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + permessage-deflate | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.extensions = extensions; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/example.js deleted file mode 100644 index 4760a20..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/example.js +++ /dev/null @@ -1,71 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - try { - ws.onopen = function() { - document.getElementById("m").disabled = 0; - document.getElementById("b").disabled = 0; - document.getElementById("status").textContent = "ws open "+ ws.extensions; - }; - - ws.onmessage =function got_packet(msg) { - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("m").disabled = 1; - document.getElementById("b").disabled = 1; - document.getElementById("status").textContent = "ws closed"; - }; - } catch(exception) { - alert("

Error " + exception); - } - - function sendmsg() - { - ws.send(document.getElementById("m").value); - document.getElementById("m").value = ""; - } - - document.getElementById("b").addEventListener("click", sendmsg); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/index.html deleted file mode 100644 index 43c548a..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/index.html +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - -
- - LWS chat minimal ws server example.
- Chat is sent to all browsers open on this page.
-
- Ws closed
-
-
- - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server-pmd/protocol_lws_minimal.c deleted file mode 100644 index be72f82..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd/protocol_lws_minimal.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This version holds a single message at a time, which may be lost if a new - * message comes. See the minimal-ws-server-ring sample for the same thing - * but using an lws_ring ringbuffer to hold up to 8 messages at a time. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - int last; /* the last message number we sent */ -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - - struct msg amsg; /* the one pending message... */ - int current; /* the current message number we are caching */ -}; - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - int m; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - break; - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - pss->pss_list = vhd->pss_list; - vhd->pss_list = pss; - pss->wsi = wsi; - pss->last = vhd->current; - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - if (*ppss == pss) { - *ppss = pss->pss_list; - break; - } - } lws_end_foreach_llp(ppss, pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (!vhd->amsg.payload) - break; - - if (pss->last == vhd->current) - break; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)vhd->amsg.payload) + - LWS_PRE, vhd->amsg.len, LWS_WRITE_TEXT); - if (m < (int)vhd->amsg.len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - pss->last = vhd->current; - break; - - case LWS_CALLBACK_RECEIVE: - if (vhd->amsg.payload) - __minimal_destroy_message(&vhd->amsg); - - vhd->amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - vhd->amsg.payload = malloc(LWS_PRE + len); - if (!vhd->amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)vhd->amsg.payload + LWS_PRE, in, len); - vhd->current++; - - /* - * let everybody know we want to write something on them - * as soon as they are ready - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-ring/CMakeLists.txt deleted file mode 100644 index e199801..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-ring) -set(SRCS minimal-ws-server-ring.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/README.md b/minimal-examples/ws-server/minimal-ws-server-ring/README.md deleted file mode 100644 index 25eb0ae..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# lws minimal ws server (lws_ring) - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-ws-server -[2018/03/04 09:30:02:7986] USER: LWS minimal ws server (lws_ring) | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 on multiple browser windows - -Text you type in any browser window is sent to all of them. - -A ringbuffer holds up to 8 lines of text. - -This also demonstrates how the ringbuffer can take action against lagging or -disconnected clients that cause the ringbuffer to fill. diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/minimal-ws-server-ring.c b/minimal-examples/ws-server/minimal-ws-server-ring/minimal-ws-server-ring.c deleted file mode 100644 index c87ad20..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/minimal-ws-server-ring.c +++ /dev/null @@ -1,97 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with an added websocket chat server using a ringbuffer. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server (lws_ring) | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/example.js deleted file mode 100644 index be1037f..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/example.js +++ /dev/null @@ -1,68 +0,0 @@ -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - try { - ws.onopen = function() { - document.getElementById("m").disabled = 0; - document.getElementById("b").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("m").disabled = 1; - document.getElementById("b").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - - function sendmsg() - { - ws.send(document.getElementById("m").value); - document.getElementById("m").value = ""; - } - - document.getElementById("b").addEventListener("click", sendmsg); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/index.html deleted file mode 100644 index 7081c31..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/index.html +++ /dev/null @@ -1,20 +0,0 @@ - - - - - - - -
- - LWS chat minimal ws server example.
- Chat is sent to all browsers open on this page. -
-
-
- - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-ring/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server-ring/protocol_lws_minimal.c deleted file mode 100644 index 7b51066..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-ring/protocol_lws_minimal.c +++ /dev/null @@ -1,314 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This version uses an lws_ring ringbuffer to cache up to 8 messages at a time, - * so it's not so easy to lose messages. - * - * This also demonstrates how to "cull", ie, kill, connections that can't - * keep up for some reason. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - uint32_t tail; - - unsigned int culled:1; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - - struct lws_ring *ring; /* ringbuffer holding unsent messages */ -}; - -static void -cull_lagging_clients(struct per_vhost_data__minimal *vhd) -{ - uint32_t oldest_tail = lws_ring_get_oldest_tail(vhd->ring); - struct per_session_data__minimal *old_pss = NULL; - int most = 0, before = lws_ring_get_count_waiting_elements(vhd->ring, - &oldest_tail), m; - - /* - * At least one guy with the oldest tail has lagged too far, filling - * the ringbuffer with stuff waiting for them, while new stuff is - * coming in, and they must close, freeing up ringbuffer entries. - */ - - lws_start_foreach_llp_safe(struct per_session_data__minimal **, - ppss, vhd->pss_list, pss_list) { - - if ((*ppss)->tail == oldest_tail) { - old_pss = *ppss; - - lwsl_user("Killing lagging client %p\n", (*ppss)->wsi); - - lws_set_timeout((*ppss)->wsi, PENDING_TIMEOUT_LAGGING, - /* - * we may kill the wsi we came in on, - * so the actual close is deferred - */ - LWS_TO_KILL_ASYNC); - - /* - * We might try to write something before we get a - * chance to close. But this pss is now detached - * from the ring buffer. Mark this pss as culled so we - * don't try to do anything more with it. - */ - - (*ppss)->culled = 1; - - /* - * Because we can't kill it synchronously, but we - * know it's closing momentarily and don't want its - * participation any more, remove its pss from the - * vhd pss list early. (This is safe to repeat - * uselessly later in the close flow). - * - * Notice this changes *ppss! - */ - - lws_ll_fwd_remove(struct per_session_data__minimal, - pss_list, (*ppss), vhd->pss_list); - - /* use the changed *ppss so we won't skip anything */ - - continue; - - } else { - /* - * so this guy is a survivor of the cull. Let's track - * what is the largest number of pending ring elements - * for any survivor. - */ - m = lws_ring_get_count_waiting_elements(vhd->ring, - &((*ppss)->tail)); - if (m > most) - most = m; - } - - } lws_end_foreach_llp_safe(ppss); - - /* it would mean we lost track of oldest... but Coverity insists */ - if (!old_pss) - return; - - /* - * Let's recover (ie, free up) all the ring slots between the - * original oldest's last one and the "worst" survivor. - */ - - lws_ring_consume_and_update_oldest_tail(vhd->ring, - struct per_session_data__minimal, &old_pss->tail, before - most, - vhd->pss_list, tail, pss_list); - - lwsl_user("%s: shrunk ring from %d to %d\n", __func__, before, most); -} - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct msg *pmsg; - struct msg amsg; - int n, m; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) - return 1; - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - lws_ring_destroy(vhd->ring); - break; - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - lwsl_user("LWS_CALLBACK_ESTABLISHED: wsi %p\n", wsi); - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - break; - - case LWS_CALLBACK_CLOSED: - lwsl_user("LWS_CALLBACK_CLOSED: wsi %p\n", wsi); - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (pss->culled) - break; - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) - break; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + - LWS_PRE, pmsg->len, LWS_WRITE_TEXT); - if (m < (int)pmsg->len) { - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct per_session_data__minimal, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - /* more to do for us? */ - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - break; - - case LWS_CALLBACK_RECEIVE: - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - /* forcibly make space */ - cull_lagging_clients(vhd); - n = (int)lws_ring_get_count_free_elements(vhd->ring); - } - if (!n) - break; - - lwsl_user("LWS_CALLBACK_RECEIVE: free space %d\n", n); - - amsg.len = len; - /* notice we over-allocate by LWS_PRE... */ - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - /* ...and we copy the payload in at +LWS_PRE */ - memcpy((char *)amsg.payload + LWS_PRE, in, len); - if (!lws_ring_insert(vhd->ring, &amsg, 1)) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - break; - } - - /* - * let everybody know we want to write something on them - * as soon as they are ready - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 0, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-threadpool/CMakeLists.txt deleted file mode 100644 index 951e9f6..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/CMakeLists.txt +++ /dev/null @@ -1,92 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-threadpool) -set(SRCS minimal-ws-server-threadpool.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITH_THREADPOOL 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/README.md b/minimal-examples/ws-server/minimal-ws-server-threadpool/README.md deleted file mode 100644 index c8a91df..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# lws minimal ws server (threadpool) - -## build - -``` - $ cmake . && make -``` - -Pthreads is required on your system. - -This demonstrates how to cleanly assign tasks bound to a wsi to a thread pool, -with a queue if the pool is occupied. - -It creates a threadpool with 3 worker threads and a maxiumum queue size of 4. - -The web page at http://localhost:7681 then starts up 8 x ws connections. - -## usage - -``` - $ ./lws-minimal-ws-server-threadpool -[2018/03/13 13:09:52:2208] USER: LWS minimal ws server + threadpool | visit http://localhost:7681 -[2018/03/13 13:09:52:2365] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -``` - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/minimal-ws-server-threadpool.c b/minimal-examples/ws-server/minimal-ws-server-threadpool/minimal-ws-server-threadpool.c deleted file mode 100644 index e0d8a9d..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/minimal-ws-server-threadpool.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * lws-minimal-ws-server=threadpool - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal ws server that can cooperate with - * other threads cleanly. Two other threads are started, which fill - * a ringbuffer with strings at 10Hz. - * - * The actual work and thread spawning etc are done in the protocol - * implementation in protocol_lws_minimal.c. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal_threadpool.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* - * This demonstrates how to pass a pointer into a specific protocol handler - * running on a specific vhost. In this case, it's our default vhost and - * we pass the pvo named "config" with the value a const char * "myconfig". - * - * This is the preferred way to pass configuration into a specific vhost + - * protocol instance. - */ - -static const struct lws_protocol_vhost_options pvo_ops = { - NULL, - NULL, - "config", /* pvo name */ - (void *)"myconfig" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_ops, /* "child" pvo linked-list */ - "lws-minimal", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + threadpool | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.pvo = &pvo; /* per-vhost options */ - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* start the threads that create content */ - - while (!interrupted) - if (lws_service(context, 0)) - interrupted = 1; - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/example.js deleted file mode 100644 index 783ae13..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/example.js +++ /dev/null @@ -1,78 +0,0 @@ -var head = 0, tail = 0, ring = new Array(); - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - var n, wsa = new Array, alive = 0; - - for (n = 0; n < 8; n++) { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - wsa.push(ws); - try { - ws.onopen = function() { - document.getElementById("r").disabled = 0; - alive++; - }; - - ws.onmessage = function got_packet(msg) { - var n, s = ""; - - ring[head] = msg.data + "\n"; - head = (head + 1) % 50; - if (tail === head) - tail = (tail + 1) % 50; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 50; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - if (--alive === 0) - document.getElementById("r").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - } -}, false); diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/index.html deleted file mode 100644 index ab3a306..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - -
- - Minimal ws server threadpool example.
- 8 x ws connections are opened back to the example server.
- There are three threads in the pool to service them, the
- remainder are queued until a thread in the pool is free.

- The textarea show the last 50 lines received. -
-
-
- - diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threadpool/protocol_lws_minimal_threadpool.c b/minimal-examples/ws-server/minimal-ws-server-threadpool/protocol_lws_minimal_threadpool.c deleted file mode 100644 index aea48e7..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threadpool/protocol_lws_minimal_threadpool.c +++ /dev/null @@ -1,343 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" demonstrating lws threadpool - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * The main reason some things are as they are is that the task lifecycle may - * be unrelated to the wsi lifecycle that queued that task. - * - * Consider the task may call an external library and run for 30s without - * "checking in" to see if it should stop. The wsi that started the task may - * have closed at any time before the 30s are up, with the browser window - * closing or whatever. - * - * So data shared between the asynchronous task and the wsi must have its - * lifecycle determined by the task, not the wsi. That means a separate struct - * that can be freed by the task. - * - * In the case the wsi outlives the task, the tasks do not get destroyed until - * the service thread has called lws_threadpool_task_status() on the completed - * task. So there is no danger of the shared task private data getting randomly - * freed. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -struct per_vhost_data__minimal { - struct lws_threadpool *tp; - const char *config; -}; - -struct task_data { - char result[64]; - - uint64_t pos, end; -}; - -/* - * Create the private data for the task - * - * Notice we hand over responsibility for the cleanup and freeing of the - * allocated task_data to the threadpool, because the wsi it was originally - * bound to may close while the thread is still running. So we allocate - * something discrete for the task private data that can be definitively owned - * and freed by the threadpool, not the wsi... the pss won't do, as it only - * exists for the lifecycle of the wsi connection. - * - * When the task is created, we also tell it how to destroy the private data - * by giving it args.cleanup as cleanup_task_private_data() defined below. - */ - -static struct task_data * -create_task_private_data(void) -{ - struct task_data *priv = malloc(sizeof(*priv)); - - return priv; -} - -/* - * Destroy the private data for the task - * - * Notice the wsi the task was originally bound to may be long gone, in the - * case we are destroying the lws context and the thread was doing something - * for a long time without checking in. - */ -static void -cleanup_task_private_data(struct lws *wsi, void *user) -{ - struct task_data *priv = (struct task_data *)user; - - free(priv); -} - -/* - * This runs in its own thread, from the threadpool. - * - * The implementation behind this in lws uses pthreads, but no pthreadisms are - * required in the user code. - * - * The example counts to 10M, "checking in" to see if it should stop after every - * 100K and pausing to sync with the service thread to send a ws message every - * 1M. It resumes after the service thread determines the wsi is writable and - * the LWS_CALLBACK_SERVER_WRITEABLE indicates the task thread can continue by - * calling lws_threadpool_task_sync(). - */ - -static enum lws_threadpool_task_return -task_function(void *user, enum lws_threadpool_task_status s) -{ - struct task_data *priv = (struct task_data *)user; - int budget = 100 * 1000; - - if (priv->pos == priv->end) - return LWS_TP_RETURN_FINISHED; - - /* - * Preferably replace this with ~100ms of your real task, so it - * can "check in" at short intervals to see if it has been asked to - * stop. - * - * You can just run tasks atomically here with the thread dedicated - * to it, but it will cause odd delays while shutting down etc and - * the task will run to completion even if the wsi that started it - * has since closed. - */ - - while (budget--) - priv->pos++; - - usleep(100000); - - if (!(priv->pos % (1000 * 1000))) { - lws_snprintf(priv->result + LWS_PRE, - sizeof(priv->result) - LWS_PRE, - "pos %llu", (unsigned long long)priv->pos); - - return LWS_TP_RETURN_SYNC; - } - - return LWS_TP_RETURN_CHECKING_IN; -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct lws_protocol_vhost_options *pvo; - struct lws_threadpool_create_args cargs; - struct lws_threadpool_task_args args; - struct lws_threadpool_task *task; - struct task_data *priv; - int n, m, r = 0; - char name[32]; - void *_user; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - /* create our per-vhost struct */ - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - if (!vhd) - return 1; - - /* recover the pointer to the globals struct */ - pvo = lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "config"); - if (!pvo || !pvo->value) { - lwsl_err("%s: Can't find \"config\" pvo\n", __func__); - return 1; - } - vhd->config = pvo->value; - - memset(&cargs, 0, sizeof(cargs)); - - cargs.max_queue_depth = 8; - cargs.threads = 3; - vhd->tp = lws_threadpool_create(lws_get_context(wsi), - &cargs, "%s", - lws_get_vhost_name(lws_get_vhost(wsi))); - if (!vhd->tp) - return 1; - - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - lws_threadpool_finish(vhd->tp); - lws_threadpool_destroy(vhd->tp); - break; - - case LWS_CALLBACK_USER: - - /* - * in debug mode, dump the threadpool stat to the logs once - * a second - */ - lws_threadpool_dump(vhd->tp); - lws_timed_callback_vh_protocol(lws_get_vhost(wsi), - lws_get_protocol(wsi), - LWS_CALLBACK_USER, 1); - break; - - case LWS_CALLBACK_ESTABLISHED: - - memset(&args, 0, sizeof(args)); - priv = args.user = create_task_private_data(); - if (!args.user) - return 1; - - priv->pos = 0; - priv->end = 10 * 1000 * 1000; - - /* queue the task... the task takes on responsibility for - * destroying args.user. pss->priv just has a copy of it */ - - args.wsi = wsi; - args.task = task_function; - args.cleanup = cleanup_task_private_data; - - lws_get_peer_simple(wsi, name, sizeof(name)); - - if (!lws_threadpool_enqueue(vhd->tp, &args, "ws %s", name)) { - lwsl_user("%s: Couldn't enqueue task\n", __func__); - cleanup_task_private_data(wsi, priv); - return 1; - } - - lws_set_timeout(wsi, PENDING_TIMEOUT_THREADPOOL, 30); - - /* - * so the asynchronous worker will let us know the next step - * by causing LWS_CALLBACK_SERVER_WRITEABLE - */ - - break; - - case LWS_CALLBACK_CLOSED: - break; - - case LWS_CALLBACK_WS_SERVER_DROP_PROTOCOL: - lwsl_debug("LWS_CALLBACK_WS_SERVER_DROP_PROTOCOL: %p\n", wsi); - lws_threadpool_dequeue(wsi); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - - /* - * even completed tasks wait in a queue until we call the - * below on them. Then they may destroy themselves and their - * args.user data (by calling the cleanup callback). - * - * If you need to get things from the still-valid private task - * data, copy it here before calling - * lws_threadpool_task_status() that may free the task and the - * private task data. - */ - - n = lws_threadpool_task_status_wsi(wsi, &task, &_user); - lwsl_debug("%s: LWS_CALLBACK_SERVER_WRITEABLE: status %d\n", - __func__, n); - switch(n) { - - case LWS_TP_STATUS_FINISHED: - case LWS_TP_STATUS_STOPPED: - case LWS_TP_STATUS_QUEUED: - case LWS_TP_STATUS_RUNNING: - case LWS_TP_STATUS_STOPPING: - return 0; - - case LWS_TP_STATUS_SYNCING: - /* the task has paused for us to do something */ - break; - default: - return -1; - } - - priv = (struct task_data *)_user; - - lws_set_timeout(wsi, PENDING_TIMEOUT_THREADPOOL_TASK, 5); - - n = strlen(priv->result + LWS_PRE); - m = lws_write(wsi, (unsigned char *)priv->result + LWS_PRE, - n, LWS_WRITE_TEXT); - if (m < n) { - lwsl_err("ERROR %d writing to ws socket\n", m); - lws_threadpool_task_sync(task, 1); - return -1; - } - - /* - * service thread has done whatever it wanted to do with the - * data the task produced: if it's waiting to do more it can - * continue now. - */ - lws_threadpool_task_sync(task, 0); - break; - - default: - break; - } - - return r; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - 0, \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-threads-smp/CMakeLists.txt deleted file mode 100644 index 32ecbf5..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/CMakeLists.txt +++ /dev/null @@ -1,91 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-threads-smp) -set(SRCS minimal-ws-server.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/README.md b/minimal-examples/ws-server/minimal-ws-server-threads-smp/README.md deleted file mode 100644 index 81be312..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# lws minimal ws server (threads) + SMP - -This demonstrates both independent threads creating content -as in the -threads example, and multiple service threads -as in the http-server-smp example (but with ws). - -## build - -You must first build libwebsockets itself with cmake `-DLWS_MAX_SMP=8` -or some other number greater than one. - -``` - $ cmake . && make -``` - -Pthreads is required on your system. - -## usage - -``` - $ ./lws-minimal-ws-server-threads-smp -[2019/01/28 06:59:17:4217] USER: LWS minimal ws server + threads + smp | visit http://localhost:7681 -[2019/01/28 06:59:17:4219] NOTICE: Service threads: 2 -[2019/01/28 06:59:17:4220] NOTICE: LWS_CALLBACK_EVENT_WAIT_CANCELLED in svc tid 0x7fec48af8700 -[2019/01/28 06:59:17:4220] NOTICE: LWS_CALLBACK_EVENT_WAIT_CANCELLED in svc tid 0x7fec48af8700 -... -``` - -Visit http://localhost:7681 on multiple browser windows. You may need to open -4 before the second service thread is used (check "svc tid" in the browser output). - -Two lws service threads are started. - -Two separate asynchronous threads generate strings and add them to a ringbuffer, -signalling all lws service threads to send new entries to all the browser windows. - -This demonstrates how to safely manage asynchronously generated content -and hook it up to the lws service threads. - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/minimal-ws-server.c b/minimal-examples/ws-server/minimal-ws-server-threads-smp/minimal-ws-server.c deleted file mode 100644 index 8303f5c..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/minimal-ws-server.c +++ /dev/null @@ -1,148 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal ws server that can cooperate with - * other threads cleanly. Two other threads are started, which fill - * a ringbuffer with strings at 10Hz. - * - * The actual work and thread spawning etc are done in the protocol - * implementation in protocol_lws_minimal.c. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -#define COUNT_THREADS 2 - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static struct lws_context *context; -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* - * This demonstrates how to pass a pointer into a specific protocol handler - * running on a specific vhost. In this case, it's our default vhost and - * we pass the pvo named "config" with the value a const char * "myconfig". - * - * This is the preferred way to pass configuration into a specific vhost + - * protocol instance. - */ - -static const struct lws_protocol_vhost_options pvo_ops = { - NULL, - NULL, - "config", /* pvo name */ - (void *)"myconfig" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_ops, /* "child" pvo linked-list */ - "lws-minimal", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -void *thread_service(void *threadid) -{ - while (lws_service_tsi(context, 1000, - (int)(lws_intptr_t)threadid) >= 0 && - !interrupted) - ; - - pthread_exit(NULL); - - return NULL; -} - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - int n, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE; - pthread_t pthread_service[COUNT_THREADS]; - struct lws_context_creation_info info; - const char *p; - void *retval; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + threads + smp | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.pvo = &pvo; /* per-vhost options */ - info.count_threads = COUNT_THREADS; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - lwsl_notice(" Service threads: %d\n", lws_get_count_threads(context)); - - /* start all the service threads */ - - for (n = 0; n < lws_get_count_threads(context); n++) - if (pthread_create(&pthread_service[n], NULL, thread_service, - (void *)(lws_intptr_t)n)) - lwsl_err("Failed to start service thread\n"); - - /* wait for all the service threads to exit */ - - while ((--n) >= 0) - pthread_join(pthread_service[n], &retval); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/example.js deleted file mode 100644 index a6ff663..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/example.js +++ /dev/null @@ -1,71 +0,0 @@ -var head = 0, tail = 0, ring = new Array(); - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - try { - ws.onopen = function() { - document.getElementById("r").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - var n, s = ""; - - ring[head] = msg.data + "\n"; - head = (head + 1) % 50; - if (tail === head) - tail = (tail + 1) % 50; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 50; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("r").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - -}, false); diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/index.html deleted file mode 100644 index 13145f6..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - -
- - Minimal ws server threads SMP example.
- Strings generated by server threads are sent to - all browsers open on this page.
- The textarea show the last 50 lines received. -
-
-
- - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads-smp/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server-threads-smp/protocol_lws_minimal.c deleted file mode 100644 index 3943307..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads-smp/protocol_lws_minimal.c +++ /dev/null @@ -1,333 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" demonstrating multithread - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message in the ringbuffer */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* - * One of these is created for each client connecting to us. - * - * It is ONLY read or written from the lws service thread context. - */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - uint32_t tail; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - pthread_t pthread_spam[2]; - - pthread_mutex_t lock_ring; /* serialize access to the ring buffer */ - struct lws_ring *ring; /* {lock_ring} ringbuffer holding unsent content */ - - const char *config; - char finished; -}; - -#if defined(WIN32) -static void usleep(unsigned long l) { Sleep(l / 1000); } -#endif - -/* - * This runs under both lws service and "spam threads" contexts. - * Access is serialized by vhd->lock_ring. - */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -/* - * This runs under the "spam thread" thread context only. - * - * We spawn two threads that generate messages with this. - * - */ - -static void * -thread_spam(void *d) -{ - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *)d; - struct msg amsg; - int len = 128, index = 1, n; - - do { - /* don't generate output if nobody connected */ - if (!vhd->pss_list) - goto wait; - - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - /* only create if space in ringbuffer */ - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - lwsl_user("dropping!\n"); - goto wait_unlock; - } - - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - goto wait_unlock; - } - n = lws_snprintf((char *)amsg.payload + LWS_PRE, len, - "%s: spam tid: %p, msg: %d", vhd->config, - (void *)pthread_self(), index++); - amsg.len = n; - n = lws_ring_insert(vhd->ring, &amsg, 1); - if (n != 1) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - } else - /* - * This will cause a LWS_CALLBACK_EVENT_WAIT_CANCELLED - * in the lws service thread context. - */ - lws_cancel_service(vhd->context); - -wait_unlock: - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - -wait: - usleep(100000); - - } while (!vhd->finished); - - lwsl_notice("thread_spam %p exiting\n", (void *)pthread_self()); - - pthread_exit(NULL); - - return NULL; -} - -/* this runs under the lws service thread context only */ - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct lws_protocol_vhost_options *pvo; - const struct msg *pmsg; - char temp[LWS_PRE + 256]; - void *retval; - int n, m, r = 0; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - /* create our per-vhost struct */ - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - if (!vhd) - return 1; - - pthread_mutex_init(&vhd->lock_ring, NULL); - - /* recover the pointer to the globals struct */ - pvo = lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "config"); - if (!pvo || !pvo->value) { - lwsl_err("%s: Can't find \"config\" pvo\n", __func__); - return 1; - } - vhd->config = pvo->value; - - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) { - lwsl_err("%s: failed to create ring\n", __func__); - return 1; - } - - /* start the content-creating threads */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (pthread_create(&vhd->pthread_spam[n], NULL, - thread_spam, vhd)) { - lwsl_err("thread creation failed\n"); - r = 1; - goto init_fail; - } - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: -init_fail: - vhd->finished = 1; - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (vhd->pthread_spam[n]) - pthread_join(vhd->pthread_spam[n], &retval); - - if (vhd->ring) - lws_ring_destroy(vhd->ring); - - pthread_mutex_destroy(&vhd->lock_ring); - break; - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) { - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - break; - } - - n = lws_snprintf(temp + LWS_PRE, sizeof(temp) - LWS_PRE, - "svc tid:%p, %s", (void *)pthread_self(), - (char *)pmsg->payload + LWS_PRE); - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, (unsigned char *)temp + LWS_PRE, n, - LWS_WRITE_TEXT); - if (m < n) { - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct per_session_data__minimal, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - /* more to do? */ - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - break; - - case LWS_CALLBACK_RECEIVE: - break; - - case LWS_CALLBACK_EVENT_WAIT_CANCELLED: - lwsl_notice("LWS_CALLBACK_EVENT_WAIT_CANCELLED in svc tid %p\n", - (void *)pthread_self()); - if (!vhd) - break; - /* - * When the "spam" threads add a message to the ringbuffer, - * they create this event in the lws service thread context - * using lws_cancel_service(). - * - * We respond by scheduling a writable callback for all - * connected clients. - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return r; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-threads/CMakeLists.txt deleted file mode 100644 index bf67791..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/CMakeLists.txt +++ /dev/null @@ -1,91 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckIncludeFile) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-threads) -set(SRCS minimal-ws-server.c) - -MACRO(require_pthreads result) - CHECK_INCLUDE_FILE(pthread.h LWS_HAVE_PTHREAD_H) - if (NOT LWS_HAVE_PTHREAD_H) - if (LWS_WITH_MINIMAL_EXAMPLES) - set(result 0) - else() - message(FATAL_ERROR "threading support requires pthreads") - endif() - endif() -ENDMACRO() - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_pthreads(requirements) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared pthread) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets pthread) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/README.md b/minimal-examples/ws-server/minimal-ws-server-threads/README.md deleted file mode 100644 index 123b7bb..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# lws minimal ws server (threads) - -## build - -``` - $ cmake . && make -``` - -Pthreads is required on your system. - -## usage - -``` - $ ./lws-minimal-ws-server-threads -[2018/03/13 13:09:52:2208] USER: LWS minimal ws server + threads | visit http://localhost:7681 -[2018/03/13 13:09:52:2365] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off -``` - -Visit http://localhost:7681 on multiple browser windows - -Two asynchronous threads generate strings and add them to a ringbuffer, -signalling lws to send new entries to all the browser windows. - -This demonstrates how to safely manage asynchronously generated content -and hook it up to the lws service thread. diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/minimal-ws-server.c b/minimal-examples/ws-server/minimal-ws-server-threads/minimal-ws-server.c deleted file mode 100644 index 40d7fc7..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/minimal-ws-server.c +++ /dev/null @@ -1,129 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates a minimal ws server that can cooperate with - * other threads cleanly. Two other threads are started, which fill - * a ringbuffer with strings at 10Hz. - * - * The actual work and thread spawning etc are done in the protocol - * implementation in protocol_lws_minimal.c. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -/* - * This demonstrates how to pass a pointer into a specific protocol handler - * running on a specific vhost. In this case, it's our default vhost and - * we pass the pvo named "config" with the value a const char * "myconfig". - * - * This is the preferred way to pass configuration into a specific vhost + - * protocol instance. - */ - -static const struct lws_protocol_vhost_options pvo_ops = { - NULL, - NULL, - "config", /* pvo name */ - (void *)"myconfig" /* pvo value */ -}; - -static const struct lws_protocol_vhost_options pvo = { - NULL, /* "next" pvo linked-list */ - &pvo_ops, /* "child" pvo linked-list */ - "lws-minimal", /* protocol name we belong to on this vhost */ - "" /* ignored */ -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + threads | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.pvo = &pvo; /* per-vhost options */ - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - /* start the threads that create content */ - - while (!interrupted) - if (lws_service(context, 0)) - interrupted = 1; - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/example.js deleted file mode 100644 index a6ff663..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/example.js +++ /dev/null @@ -1,71 +0,0 @@ -var head = 0, tail = 0, ring = new Array(); - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - try { - ws.onopen = function() { - document.getElementById("r").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - var n, s = ""; - - ring[head] = msg.data + "\n"; - head = (head + 1) % 50; - if (tail === head) - tail = (tail + 1) % 50; - - n = tail; - do { - s = s + ring[n]; - n = (n + 1) % 50; - } while (n !== head); - - document.getElementById("r").value = s; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("r").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - -}, false); diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/index.html deleted file mode 100644 index 8bd248c..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - -
-
- - Minimal ws server threads example.
- Strings generated by server threads are sent to - all browsers open on this page.
- The textarea show the last 50 lines received. -
-
-
- - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-threads/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server-threads/protocol_lws_minimal.c deleted file mode 100644 index 3abd727..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-threads/protocol_lws_minimal.c +++ /dev/null @@ -1,326 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" demonstrating multithread - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message in the ringbuffer */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* - * One of these is created for each client connecting to us. - * - * It is ONLY read or written from the lws service thread context. - */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - uint32_t tail; -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - pthread_t pthread_spam[2]; - - pthread_mutex_t lock_ring; /* serialize access to the ring buffer */ - struct lws_ring *ring; /* {lock_ring} ringbuffer holding unsent content */ - - const char *config; - char finished; -}; - -#if defined(WIN32) -static void usleep(unsigned long l) { Sleep(l / 1000); } -#endif - -/* - * This runs under both lws service and "spam threads" contexts. - * Access is serialized by vhd->lock_ring. - */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -/* - * This runs under the "spam thread" thread context only. - * - * We spawn two threads that generate messages with this. - * - */ - -static void * -thread_spam(void *d) -{ - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *)d; - struct msg amsg; - int len = 128, index = 1, n; - - do { - /* don't generate output if nobody connected */ - if (!vhd->pss_list) - goto wait; - - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - /* only create if space in ringbuffer */ - n = (int)lws_ring_get_count_free_elements(vhd->ring); - if (!n) { - lwsl_user("dropping!\n"); - goto wait_unlock; - } - - amsg.payload = malloc(LWS_PRE + len); - if (!amsg.payload) { - lwsl_user("OOM: dropping\n"); - goto wait_unlock; - } - n = lws_snprintf((char *)amsg.payload + LWS_PRE, len, - "%s: tid: %p, msg: %d", vhd->config, - (void *)pthread_self(), index++); - amsg.len = n; - n = lws_ring_insert(vhd->ring, &amsg, 1); - if (n != 1) { - __minimal_destroy_message(&amsg); - lwsl_user("dropping!\n"); - } else - /* - * This will cause a LWS_CALLBACK_EVENT_WAIT_CANCELLED - * in the lws service thread context. - */ - lws_cancel_service(vhd->context); - -wait_unlock: - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - -wait: - usleep(100000); - - } while (!vhd->finished); - - lwsl_notice("thread_spam %p exiting\n", (void *)pthread_self()); - - pthread_exit(NULL); - - return NULL; -} - -/* this runs under the lws service thread context only */ - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - const struct lws_protocol_vhost_options *pvo; - const struct msg *pmsg; - void *retval; - int n, m, r = 0; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - /* create our per-vhost struct */ - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - if (!vhd) - return 1; - - pthread_mutex_init(&vhd->lock_ring, NULL); - - /* recover the pointer to the globals struct */ - pvo = lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "config"); - if (!pvo || !pvo->value) { - lwsl_err("%s: Can't find \"config\" pvo\n", __func__); - return 1; - } - vhd->config = pvo->value; - - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - vhd->ring = lws_ring_create(sizeof(struct msg), 8, - __minimal_destroy_message); - if (!vhd->ring) { - lwsl_err("%s: failed to create ring\n", __func__); - return 1; - } - - /* start the content-creating threads */ - - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (pthread_create(&vhd->pthread_spam[n], NULL, - thread_spam, vhd)) { - lwsl_err("thread creation failed\n"); - r = 1; - goto init_fail; - } - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: -init_fail: - vhd->finished = 1; - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pthread_spam); n++) - if (vhd->pthread_spam[n]) - pthread_join(vhd->pthread_spam[n], &retval); - - if (vhd->ring) - lws_ring_destroy(vhd->ring); - - pthread_mutex_destroy(&vhd->lock_ring); - break; - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->tail = lws_ring_get_oldest_tail(vhd->ring); - pss->wsi = wsi; - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - pthread_mutex_lock(&vhd->lock_ring); /* --------- ring lock { */ - - pmsg = lws_ring_get_element(vhd->ring, &pss->tail); - if (!pmsg) { - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - break; - } - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)pmsg->payload) + LWS_PRE, - pmsg->len, LWS_WRITE_TEXT); - if (m < (int)pmsg->len) { - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - lwsl_err("ERROR %d writing to ws socket\n", m); - return -1; - } - - lws_ring_consume_and_update_oldest_tail( - vhd->ring, /* lws_ring object */ - struct per_session_data__minimal, /* type of objects with tails */ - &pss->tail, /* tail of guy doing the consuming */ - 1, /* number of payload objects being consumed */ - vhd->pss_list, /* head of list of objects with tails */ - tail, /* member name of tail in objects with tails */ - pss_list /* member name of next object in objects with tails */ - ); - - /* more to do? */ - if (lws_ring_get_element(vhd->ring, &pss->tail)) - /* come back as soon as we can write more */ - lws_callback_on_writable(pss->wsi); - - pthread_mutex_unlock(&vhd->lock_ring); /* } ring lock ------- */ - break; - - case LWS_CALLBACK_RECEIVE: - break; - - case LWS_CALLBACK_EVENT_WAIT_CANCELLED: - if (!vhd) - break; - /* - * When the "spam" threads add a message to the ringbuffer, - * they create this event in the lws service thread context - * using lws_cancel_service(). - * - * We respond by scheduling a writable callback for all - * connected clients. - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return r; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-timer/CMakeLists.txt deleted file mode 100644 index acf3468..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-timer) -set(SRCS minimal-ws-server.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITH_SERVER 1 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/README.md b/minimal-examples/ws-server/minimal-ws-server-timer/README.md deleted file mode 100644 index 2f90df5..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/README.md +++ /dev/null @@ -1,34 +0,0 @@ -# lws minimal ws server timer - -This is designed to confirm long term stability of ws timers on a -particular platform. - -## build - -``` - $ cmake . && make -``` - -## Commandline Options - -Option|Meaning ----|--- --d|Set logging verbosity --s|Serve using TLS selfsigned cert (ie, connect to it with https://...) --h|Strict Host: header checking against vhost name (localhost) and port --v|Connection validity use 3s / 10s instead of default 5m / 5m10s - -## usage - -``` - $ ./lws-minimal-ws-server-timer -[2018/03/04 09:30:02:7986] USER: LWS minimal ws server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 and the browser will connect back to the test -server, you'll see ESTABLISHED logged. That triggers a TIMER event at 20s -intervals which sets the wsi timeout to 60s. It should just stay like -that forever doing the TIMER events at 20s intervals and not sending any -traffic either way. - diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.cert b/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.key b/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/minimal-ws-server.c b/minimal-examples/ws-server/minimal-ws-server-timer/minimal-ws-server.c deleted file mode 100644 index 7349030..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/minimal-ws-server.c +++ /dev/null @@ -1,134 +0,0 @@ -/* - * lws-minimal-ws-server-timer - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with an added websocket chat server. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -static int -callback_protocol(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - switch (reason) { - - case LWS_CALLBACK_ESTABLISHED: - lwsl_user("LWS_CALLBACK_ESTABLISHED\n"); - lws_set_timer_usecs(wsi, 20 * LWS_USEC_PER_SEC); - lws_set_timeout(wsi, 1, 60); - break; - - case LWS_CALLBACK_TIMER: - lwsl_user("LWS_CALLBACK_TIMER\n"); - lws_set_timer_usecs(wsi, 20 * LWS_USEC_PER_SEC); - lws_set_timeout(wsi, 1, 60); - break; - - case LWS_CALLBACK_CLOSED: - lwsl_user("LWS_CALLBACK_CLOSED\n"); - break; - - default: - break; - } - - return 0; -} - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - { "timer", callback_protocol, 0, 0 }, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server | visit http://localhost:7681 (-s = use TLS / https)\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.vhost_name = "localhost"; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - lwsl_user("Server using TLS\n"); - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/example.js deleted file mode 100644 index 3a638d0..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/example.js +++ /dev/null @@ -1,69 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - var ws = new_ws(get_appropriate_ws_url(""), "timer"); - try { - ws.onopen = function() { - document.getElementById("m").disabled = 0; - document.getElementById("b").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("m").disabled = 1; - document.getElementById("b").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - - function sendmsg() - { - ws.send(document.getElementById("m").value); - document.getElementById("m").value = ""; - } - - document.getElementById("b").addEventListener("click", sendmsg); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/favicon.ico deleted file mode 100644 index e69de29..0000000 diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/index.html deleted file mode 100644 index 5b59786..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/index.html +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - - -
- - LWS wsi timer minimal ws server timer example.
- This opens a ws connection back to the server and just sits there - setting the timer to fire every 20s, which resets the wsi timeout - for 60s each timer. It should just stay like that forever. - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-timer/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server/CMakeLists.txt deleted file mode 100644 index 6b938b1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/CMakeLists.txt +++ /dev/null @@ -1,78 +0,0 @@ -cmake_minimum_required(VERSION 2.8) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server) -set(SRCS minimal-ws-server.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() \ No newline at end of file diff --git a/minimal-examples/ws-server/minimal-ws-server/README.md b/minimal-examples/ws-server/minimal-ws-server/README.md deleted file mode 100644 index 9b0a094..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# lws minimal ws server - -## build - -``` - $ cmake . && make -``` - -## Commandline Options - -Option|Meaning ----|--- --d|Set logging verbosity --s|Serve using TLS selfsigned cert (ie, connect to it with https://...) --h|Strict Host: header checking against vhost name (localhost) and port - -## usage - -``` - $ ./lws-minimal-ws-server -[2018/03/04 09:30:02:7986] USER: LWS minimal ws server | visit http://localhost:7681 -[2018/03/04 09:30:02:7986] NOTICE: Creating Vhost 'default' port 7681, 1 protocols, IPv6 on -``` - -Visit http://localhost:7681 on multiple browser windows - -Text you type in any browser window is sent to all of them. - -For simplicity of this example, only one line of text is cached at the server. diff --git a/minimal-examples/ws-server/minimal-ws-server/localhost-100y.cert b/minimal-examples/ws-server/minimal-ws-server/localhost-100y.cert deleted file mode 100644 index 6f372db..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/localhost-100y.cert +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5jCCA86gAwIBAgIJANq50IuwPFKgMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD -VQQGEwJHQjEQMA4GA1UECAwHRXJld2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEb -MBkGA1UECgwSbGlid2Vic29ja2V0cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3Qx -HzAdBgkqhkiG9w0BCQEWEG5vbmVAaW52YWxpZC5vcmcwIBcNMTgwMzIwMDQxNjA3 -WhgPMjExODAyMjQwNDE2MDdaMIGGMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRXJl -d2hvbjETMBEGA1UEBwwKQWxsIGFyb3VuZDEbMBkGA1UECgwSbGlid2Vic29ja2V0 -cy10ZXN0MRIwEAYDVQQDDAlsb2NhbGhvc3QxHzAdBgkqhkiG9w0BCQEWEG5vbmVA -aW52YWxpZC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCjYtuW -aICCY0tJPubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8 -Di3DAmHKnSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTek -LWcfI5ZZtoGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnH -KT/m6DSU0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6 -jzhNyMBTJ1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQ -Ujy5N8pSNp7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAz -TK4l2pHNuC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBK -Izv9cgi9fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0 -nPN1IMSnzXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzo -GMTvP/AuehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9p -sNcjTMaBQLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABo1MwUTAdBgNVHQ4EFgQU -9mYU23tW2zsomkKTAXarjr2vjuswHwYDVR0jBBgwFoAU9mYU23tW2zsomkKTAXar -jr2vjuswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEANjIBMrow -YNCbhAJdP7dhlhT2RUFRdeRUJD0IxrH/hkvb6myHHnK8nOYezFPjUlmRKUgNEDuA -xbnXZzPdCRNV9V2mShbXvCyiDY7WCQE2Bn44z26O0uWVk+7DNNLH9BnkwUtOnM9P -wtmD9phWexm4q2GnTsiL6Ul6cy0QlTJWKVLEUQQ6yda582e23J1AXqtqFcpfoE34 -H3afEiGy882b+ZBiwkeV+oq6XVF8sFyr9zYrv9CvWTYlkpTQfLTZSsgPdEHYVcjv -xQ2D+XyDR0aRLRlvxUa9dHGFHLICG34Juq5Ai6lM1EsoD8HSsJpMcmrH7MWw2cKk -ujC3rMdFTtte83wF1uuF4FjUC72+SmcQN7A386BC/nk2TTsJawTDzqwOu/VdZv2g -1WpTHlumlClZeP+G/jkSyDwqNnTu1aodDmUa4xZodfhP1HWPwUKFcq8oQr148QYA -AOlbUOJQU7QwRWd1VbnwhDtQWXC92A2w1n/xkZSR1BM/NUSDhkBSUU1WjMbWg6Gg -mnIZLRerQCu1Oozr87rOQqQakPkyt8BUSNK3K42j2qcfhAONdRl8Hq8Qs5pupy+s -8sdCGDlwR3JNCMv6u48OK87F4mcIxhkSefFJUFII25pCGN5WtE4p5l+9cnO1GrIX -e2Hl/7M0c/lbZ4FvXgARlex2rkgS0Ka06HE= ------END CERTIFICATE----- diff --git a/minimal-examples/ws-server/minimal-ws-server/localhost-100y.key b/minimal-examples/ws-server/minimal-ws-server/localhost-100y.key deleted file mode 100644 index 148f859..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/localhost-100y.key +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCjYtuWaICCY0tJ -PubxpIgIL+WWmz/fmK8IQr11Wtee6/IUyUlo5I602mq1qcLhT/kmpoR8Di3DAmHK -nSWdPWtn1BtXLErLlUiHgZDrZWInmEBjKM1DZf+CvNGZ+EzPgBv5nTekLWcfI5ZZ -toGuIP1Dl/IkNDw8zFz4cpiMe/BFGemyxdHhLrKHSm8Eo+nT734tItnHKT/m6DSU -0xlZ13d6ehLRm7/+Nx47M3XMTRH5qKP/7TTE2s0U6+M0tsGI2zpRi+m6jzhNyMBT -J1u58qAe3ZW5/+YAiuZYAB6n5bhUp4oFuB5wYbcBywVR8ujInpF8buWQUjy5N8pS -Np7szdYsnLJpvAd0sibrNPjC0FQCNrpNjgJmIK3+mKk4kXX7ZTwefoAzTK4l2pHN -uC53QVc/EF++GBLAxmvCDq9ZpMIYi7OmzkkAKKC9Ue6Ef217LFQCFIBKIzv9cgi9 -fwPMLhrKleoVRNsecBsCP569WgJXhUnwf2lon4fEZr3+vRuc9shfqnV0nPN1IMSn -zXCast7I2fiuRXdIz96KjlGQpP4XfNVA+RGL7aMnWOFIaVrKWLzAtgzoGMTvP/Au -ehKXncBJhYtW0ltTioVx+5yTYSAZWl+IssmXjefxJqYi2/7QWmv1QC9psNcjTMaB -QLN03T1Qelbs7Y27sxdEnNUth4kI+wIDAQABAoICAFWe8MQZb37k2gdAV3Y6aq8f -qokKQqbCNLd3giGFwYkezHXoJfg6Di7oZxNcKyw35LFEghkgtQqErQqo35VPIoH+ -vXUpWOjnCmM4muFA9/cX6mYMc8TmJsg0ewLdBCOZVw+wPABlaqz+0UOiSMMftpk9 -fz9JwGd8ERyBsT+tk3Qi6D0vPZVsC1KqxxL/cwIFd3Hf2ZBtJXe0KBn1pktWht5A -Kqx9mld2Ovl7NjgiC1Fx9r+fZw/iOabFFwQA4dr+R8mEMK/7bd4VXfQ1o/QGGbMT -G+ulFrsiDyP+rBIAaGC0i7gDjLAIBQeDhP409ZhswIEc/GBtODU372a2CQK/u4Q/ -HBQvuBtKFNkGUooLgCCbFxzgNUGc83GB/6IwbEM7R5uXqsFiE71LpmroDyjKTlQ8 -YZkpIcLNVLw0usoGYHFm2rvCyEVlfsE3Ub8cFyTFk50SeOcF2QL2xzKmmbZEpXgl -xBHR0hjgon0IKJDGfor4bHO7Nt+1Ece8u2oTEKvpz5aIn44OeC5mApRGy83/0bvs -esnWjDE/bGpoT8qFuy+0urDEPNId44XcJm1IRIlG56ErxC3l0s11wrIpTmXXckqw -zFR9s2z7f0zjeyxqZg4NTPI7wkM3M8BXlvp2GTBIeoxrWB4V3YArwu8QF80QBgVz -mgHl24nTg00UH1OjZsABAoIBAQDOxftSDbSqGytcWqPYP3SZHAWDA0O4ACEM+eCw -au9ASutl0IDlNDMJ8nC2ph25BMe5hHDWp2cGQJog7pZ/3qQogQho2gUniKDifN77 -40QdykllTzTVROqmP8+efreIvqlzHmuqaGfGs5oTkZaWj5su+B+bT+9rIwZcwfs5 -YRINhQRx17qa++xh5mfE25c+M9fiIBTiNSo4lTxWMBShnK8xrGaMEmN7W0qTMbFH -PgQz5FcxRjCCqwHilwNBeLDTp/ZECEB7y34khVh531mBE2mNzSVIQcGZP1I/DvXj -W7UUNdgFwii/GW+6M0uUDy23UVQpbFzcV8o1C2nZc4Fb4zwBAoIBAQDKSJkFwwuR -naVJS6WxOKjX8MCu9/cKPnwBv2mmI2jgGxHTw5sr3ahmF5eTb8Zo19BowytN+tr6 -2ZFoIBA9Ubc9esEAU8l3fggdfM82cuR9sGcfQVoCh8tMg6BP8IBLOmbSUhN3PG2m -39I802u0fFNVQCJKhx1m1MFFLOu7lVcDS9JN+oYVPb6MDfBLm5jOiPuYkFZ4gH79 -J7gXI0/YKhaJ7yXthYVkdrSF6Eooer4RZgma62Dd1VNzSq3JBo6rYjF7Lvd+RwDC -R1thHrmf/IXplxpNVkoMVxtzbrrbgnC25QmvRYc0rlS/kvM4yQhMH3eA7IycDZMp -Y+0xm7I7jTT7AoIBAGKzKIMDXdCxBWKhNYJ8z7hiItNl1IZZMW2TPUiY0rl6yaCh -BVXjM9W0r07QPnHZsUiByqb743adkbTUjmxdJzjaVtxN7ZXwZvOVrY7I7fPWYnCE -fXCr4+IVpZI/ZHZWpGX6CGSgT6EOjCZ5IUufIvEpqVSmtF8MqfXO9o9uIYLokrWQ -x1dBl5UnuTLDqw8bChq7O5y6yfuWaOWvL7nxI8NvSsfj4y635gIa/0dFeBYZEfHI -UlGdNVomwXwYEzgE/c19ruIowX7HU/NgxMWTMZhpazlxgesXybel+YNcfDQ4e3RM -OMz3ZFiaMaJsGGNf4++d9TmMgk4Ns6oDs6Tb9AECggEBAJYzd+SOYo26iBu3nw3L -65uEeh6xou8pXH0Tu4gQrPQTRZZ/nT3iNgOwqu1gRuxcq7TOjt41UdqIKO8vN7/A -aJavCpaKoIMowy/aGCbvAvjNPpU3unU8jdl/t08EXs79S5IKPcgAx87sTTi7KDN5 -SYt4tr2uPEe53NTXuSatilG5QCyExIELOuzWAMKzg7CAiIlNS9foWeLyVkBgCQ6S -me/L8ta+mUDy37K6vC34jh9vK9yrwF6X44ItRoOJafCaVfGI+175q/eWcqTX4q+I -G4tKls4sL4mgOJLq+ra50aYMxbcuommctPMXU6CrrYyQpPTHMNVDQy2ttFdsq9iK -TncCggEBAMmt/8yvPflS+xv3kg/ZBvR9JB1In2n3rUCYYD47ReKFqJ03Vmq5C9nY -56s9w7OUO8perBXlJYmKZQhO4293lvxZD2Iq4NcZbVSCMoHAUzhzY3brdgtSIxa2 -gGveGAezZ38qKIU26dkz7deECY4vrsRkwhpTW0LGVCpjcQoaKvymAoCmAs8V2oMr -Ziw1YQ9uOUoWwOqm1wZqmVcOXvPIS2gWAs3fQlWjH9hkcQTMsUaXQDOD0aqkSY3E -NqOvbCV1/oUpRi3076khCoAXI1bKSn/AvR3KDP14B5toHI/F5OTSEiGhhHesgRrs -fBrpEY1IATtPq1taBZZogRqI3rOkkPk= ------END PRIVATE KEY----- diff --git a/minimal-examples/ws-server/minimal-ws-server/minimal-ws-server.c b/minimal-examples/ws-server/minimal-ws-server/minimal-ws-server.c deleted file mode 100644 index 12e828a..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/minimal-ws-server.c +++ /dev/null @@ -1,109 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws, - * with an added websocket chat server. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server | visit http://localhost:7681 (-s = use TLS / https)\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.vhost_name = "localhost"; - info.ws_ping_pong_interval = 10; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - if (lws_cmdline_option(argc, argv, "-s")) { - lwsl_user("Server using TLS\n"); - info.options |= LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - info.ssl_cert_filepath = "localhost-100y.cert"; - info.ssl_private_key_filepath = "localhost-100y.key"; - } - - if (lws_cmdline_option(argc, argv, "-h")) - info.options |= LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server/mount-origin/example.js deleted file mode 100644 index 189f464..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/mount-origin/example.js +++ /dev/null @@ -1,69 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -document.addEventListener("DOMContentLoaded", function() { - - ws = new_ws(get_appropriate_ws_url(""), "lws-minimal"); - try { - ws.onopen = function() { - document.getElementById("m").disabled = 0; - document.getElementById("b").disabled = 0; - }; - - ws.onmessage =function got_packet(msg) { - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws.onclose = function(){ - document.getElementById("m").disabled = 1; - document.getElementById("b").disabled = 1; - }; - } catch(exception) { - alert("

Error " + exception); - } - - function sendmsg() - { - ws.send(document.getElementById("m").value); - document.getElementById("m").value = ""; - } - - document.getElementById("b").addEventListener("click", sendmsg); - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server/mount-origin/index.html deleted file mode 100644 index 9c1dc9a..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - -
- - LWS chat minimal ws server example.
- Chat is sent to all browsers open on this page. -
-
-
- - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server/protocol_lws_minimal.c b/minimal-examples/ws-server/minimal-ws-server/protocol_lws_minimal.c deleted file mode 100644 index 3c8160b..0000000 --- a/minimal-examples/ws-server/minimal-ws-server/protocol_lws_minimal.c +++ /dev/null @@ -1,187 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This version holds a single message at a time, which may be lost if a new - * message comes. See the minimal-ws-server-ring sample for the same thing - * but using an lws_ring ringbuffer to hold up to 8 messages at a time. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* one of these created for each message */ - -struct msg { - void *payload; /* is malloc'd */ - size_t len; -}; - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal { - struct per_session_data__minimal *pss_list; - struct lws *wsi; - int last; /* the last message number we sent */ -}; - -/* one of these is created for each vhost our protocol is used with */ - -struct per_vhost_data__minimal { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - struct per_session_data__minimal *pss_list; /* linked-list of live pss*/ - - struct msg amsg; /* the one pending message... */ - int current; /* the current message number we are caching */ -}; - -/* destroys the message when everyone has had a copy of it */ - -static void -__minimal_destroy_message(void *_msg) -{ - struct msg *msg = _msg; - - free(msg->payload); - msg->payload = NULL; - msg->len = 0; -} - -static int -callback_minimal(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal *pss = - (struct per_session_data__minimal *)user; - struct per_vhost_data__minimal *vhd = - (struct per_vhost_data__minimal *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - int m; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__minimal)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - break; - - case LWS_CALLBACK_ESTABLISHED: - /* add ourselves to the list of live pss held in the vhd */ - lws_ll_fwd_insert(pss, pss_list, vhd->pss_list); - pss->wsi = wsi; - pss->last = vhd->current; - break; - - case LWS_CALLBACK_CLOSED: - /* remove our closing pss from the list of live pss */ - lws_ll_fwd_remove(struct per_session_data__minimal, pss_list, - pss, vhd->pss_list); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (!vhd->amsg.payload) - break; - - if (pss->last == vhd->current) - break; - - /* notice we allowed for LWS_PRE in the payload already */ - m = lws_write(wsi, ((unsigned char *)vhd->amsg.payload) + - LWS_PRE, vhd->amsg.len, LWS_WRITE_TEXT); - if (m < (int)vhd->amsg.len) { - lwsl_err("ERROR %d writing to ws\n", m); - return -1; - } - - pss->last = vhd->current; - break; - - case LWS_CALLBACK_RECEIVE: - if (vhd->amsg.payload) - __minimal_destroy_message(&vhd->amsg); - - vhd->amsg.len = len; - /* notice we over-allocate by LWS_PRE */ - vhd->amsg.payload = malloc(LWS_PRE + len); - if (!vhd->amsg.payload) { - lwsl_user("OOM: dropping\n"); - break; - } - - memcpy((char *)vhd->amsg.payload + LWS_PRE, in, len); - vhd->current++; - - /* - * let everybody know we want to write something on them - * as soon as they are ready - */ - lws_start_foreach_llp(struct per_session_data__minimal **, - ppss, vhd->pss_list) { - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL \ - { \ - "lws-minimal", \ - callback_minimal, \ - sizeof(struct per_session_data__minimal), \ - 128, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/module.json b/module.json new file mode 100644 index 0000000..ba2c35b --- /dev/null +++ b/module.json @@ -0,0 +1,21 @@ +{ + "name": "websockets", + "version": "1.6.0", + "description": "Libwebsockets", + "keywords": [ + "lws", + "libwebsockets", + "websockets", + "ws" + ], + "author": "Andy Green ", + "homepage": "https://libwebsockets.org", + "license": "LGPL2.1-SLE", + + "extraIncludes": [ "build/frdm-k64f-gcc/generated/include" ], + "dependencies": { + "mbed-drivers": "", + "sal-stack-lwip": "", + "sockets": "" + } +} diff --git a/plugin-standalone/protocol_example_standalone.c b/plugin-standalone/protocol_example_standalone.c index c33f683..36172d4 100644 --- a/plugin-standalone/protocol_example_standalone.c +++ b/plugin-standalone/protocol_example_standalone.c @@ -1,7 +1,7 @@ /* * ws protocol handler plugin for "dumb increment" * - * Written in 2010-2019 by Andy Green + * Copyright (C) 2010-2016 Andy Green * * This file is made available under the Creative Commons CC0 1.0 * Universal Public Domain Dedication. @@ -24,7 +24,7 @@ #define LWS_DLL #define LWS_INTERNAL -#include +#include "../lib/libwebsockets.h" #include @@ -138,7 +138,7 @@ init_protocol_example_standalone(struct lws_context *context, } c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); + c->count_protocols = ARRAY_SIZE(protocols); c->extensions = NULL; c->count_extensions = 0; diff --git a/plugins/acme-client/protocol_lws_acme_client.c b/plugins/acme-client/protocol_lws_acme_client.c deleted file mode 100644 index b25cce5..0000000 --- a/plugins/acme-client/protocol_lws_acme_client.c +++ /dev/null @@ -1,1625 +0,0 @@ -/* - * libwebsockets ACME client protocol plugin - * - * Copyright (C) 2017 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - * - * - * Acme is in a big messy transition at the moment from a homebrewed api - * to an IETF one. The old repo for the homebrew api (they currently - * implement) is marked up as deprecated and "not accurate[ly] reflect[ing]" - * what they implement, but the IETF standard, currently at v7 is not yet - * implemented at let's encrypt (ETA Jan 2018). - * - * This implementation follows draft 7 of the IETF standard, and falls back - * to whatever differences exist for Boulder's tls-sni-01 challenge. The - * tls-sni-02 support is there but nothing to test it against at the time of - * writing (Nov 1 2017). - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include -#include - -typedef enum { - ACME_STATE_DIRECTORY, /* get the directory JSON using GET + parse */ - ACME_STATE_NEW_REG, /* register a new RSA key + email combo */ - ACME_STATE_NEW_AUTH, /* start the process to request a cert */ - ACME_STATE_ACCEPT_CHALL, /* notify server ready for one challenge */ - ACME_STATE_POLLING, /* he should be trying our challenge */ - ACME_STATE_POLLING_CSR, /* sent CSR, checking result */ - - ACME_STATE_FINISHED -} lws_acme_state; - -struct acme_connection { - char buf[4096]; - char replay_nonce[64]; - char chall_token[64]; - char challenge_uri[256]; - char detail[64]; - char status[16]; - char san_a[100]; - char san_b[100]; - char urls[6][100]; /* directory contents */ - lws_acme_state state; - struct lws_client_connect_info i; - struct lejp_ctx jctx; - struct lws_context_creation_info ci; - struct lws_vhost *vhost; - - struct lws *cwsi; - - const char *real_vh_name; - const char *real_vh_iface; - - char *alloc_privkey_pem; - - char *dest; - int pos; - int len; - int resp; - int cpos; - - int real_vh_port; - int goes_around; - - size_t len_privkey_pem; - - unsigned int yes:2; - unsigned int use:1; - unsigned int is_sni_02:1; -}; - -struct per_vhost_data__lws_acme_client { - struct lws_context *context; - struct lws_vhost *vhost; - const struct lws_protocols *protocol; - - /* - * the vhd is allocated for every vhost using the plugin. - * But ac is only allocated when we are doing the server auth. - */ - struct acme_connection *ac; - - struct lws_jwk jwk; - struct lws_genrsa_ctx rsactx; - - char *pvo_data; - char *pvop[LWS_TLS_TOTAL_COUNT]; - const char *pvop_active[LWS_TLS_TOTAL_COUNT]; - int count_live_pss; - char *dest; - int pos; - int len; - - int fd_updated_cert; /* these are opened while we have root... */ - int fd_updated_key; /* ...if nonempty next startup will replace old */ -}; - -static int -callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len); - -#define LWS_PLUGIN_PROTOCOL_LWS_ACME_CLIENT \ - { \ - "lws-acme-client", \ - callback_acme_client, \ - 0, \ - 512, \ - 0, NULL, 0 \ - } - -static const struct lws_protocols acme_protocols[] = { - LWS_PLUGIN_PROTOCOL_LWS_ACME_CLIENT, - { NULL, NULL, 0, 0, 0, NULL, 0 } -}; - -/* directory JSON parsing */ - -static const char * const jdir_tok[] = { - "key-change", - "meta.terms-of-service", - "new-authz", - "new-cert", - "new-reg", - "revoke-cert", -}; -enum enum_jhdr_tok { - JAD_KEY_CHANGE_URL, - JAD_TOS_URL, - JAD_NEW_AUTHZ_URL, - JAD_NEW_CERT_URL, - JAD_NEW_REG_URL, - JAD_REVOKE_CERT_URL, -}; -static signed char -cb_dir(struct lejp_ctx *ctx, char reason) -{ - struct per_vhost_data__lws_acme_client *s = - (struct per_vhost_data__lws_acme_client *)ctx->user; - - if (reason == LEJPCB_VAL_STR_START && ctx->path_match) { - s->pos = 0; - s->len = sizeof(s->ac->urls[0]) - 1; - s->dest = s->ac->urls[ctx->path_match - 1]; - - return 0; - } - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - if (s->pos + ctx->npos > s->len) { - lwsl_notice("url too long\n"); - - return -1; - } - - memcpy(s->dest + s->pos, ctx->buf, ctx->npos); - s->pos += ctx->npos; - s->dest[s->pos] = '\0'; - - return 0; -} - -/* authz JSON parsing */ - -static const char * const jauthz_tok[] = { - "identifier.type", - "identifier.value", - "status", - "expires", - "challenges[].type", - "challenges[].status", - "challenges[].uri", - "challenges[].token", - "detail" -}; -enum enum_jauthz_tok { - JAAZ_ID_TYPE, - JAAZ_ID_VALUE, - JAAZ_STATUS, - JAAZ_EXPIRES, - JAAZ_CHALLENGES_TYPE, - JAAZ_CHALLENGES_STATUS, - JAAZ_CHALLENGES_URI, - JAAZ_CHALLENGES_TOKEN, - JAAZ_DETAIL, -}; -static signed char -cb_authz(struct lejp_ctx *ctx, char reason) -{ - struct acme_connection *s = (struct acme_connection *)ctx->user; - - if (reason == LEJPCB_CONSTRUCTED) { - s->yes = 0; - s->use = 0; - s->chall_token[0] = '\0'; - s->is_sni_02 = 0; - } - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - switch (ctx->path_match - 1) { - case JAAZ_ID_TYPE: - break; - case JAAZ_ID_VALUE: - break; - case JAAZ_STATUS: - break; - case JAAZ_EXPIRES: - break; - case JAAZ_DETAIL: - lws_snprintf(s->detail, sizeof(s->detail), "%s", ctx->buf); - break; - case JAAZ_CHALLENGES_TYPE: - if (s->is_sni_02) - break; - s->use = !strcmp(ctx->buf, "tls-sni-01") || - !strcmp(ctx->buf, "tls-sni-02"); - s->is_sni_02 = !strcmp(ctx->buf, "tls-sni-02"); - break; - case JAAZ_CHALLENGES_STATUS: - lws_strncpy(s->status, ctx->buf, sizeof(s->status)); - break; - case JAAZ_CHALLENGES_URI: - if (s->use) { - lws_strncpy(s->challenge_uri, ctx->buf, - sizeof(s->challenge_uri)); - s->yes |= 2; - } - break; - case JAAZ_CHALLENGES_TOKEN: - lwsl_notice("JAAZ_CHALLENGES_TOKEN: %s %d\n", ctx->buf, s->use); - if (s->use) { - lws_strncpy(s->chall_token, ctx->buf, - sizeof(s->chall_token)); - s->yes |= 1; - } - break; - } - - return 0; -} - -/* challenge accepted JSON parsing */ - -static const char * const jchac_tok[] = { - "type", - "status", - "uri", - "token", - "error.detail" -}; -enum enum_jchac_tok { - JCAC_TYPE, - JCAC_STATUS, - JCAC_URI, - JCAC_TOKEN, - JCAC_DETAIL, -}; -static signed char -cb_chac(struct lejp_ctx *ctx, char reason) -{ - struct acme_connection *s = (struct acme_connection *)ctx->user; - - if (reason == LEJPCB_CONSTRUCTED) { - s->yes = 0; - s->use = 0; - } - - if (!(reason & LEJP_FLAG_CB_IS_VALUE) || !ctx->path_match) - return 0; - - switch (ctx->path_match - 1) { - case JCAC_TYPE: - if (strcmp(ctx->buf, "tls-sni-01") && - strcmp(ctx->buf, "tls-sni-02")) - return 1; - break; - case JCAC_STATUS: - lws_strncpy(s->status, ctx->buf, sizeof(s->status)); - break; - case JCAC_URI: - s->yes |= 2; - break; - case JCAC_TOKEN: - lws_strncpy(s->chall_token, ctx->buf, - sizeof(s->chall_token)); - s->yes |= 1; - break; - case JCAC_DETAIL: - lws_snprintf(s->detail, sizeof(s->detail), "%s", ctx->buf); - break; - } - - return 0; -} - -/* https://github.com/letsencrypt/boulder/blob/release/docs/acme-divergences.md - * - * 7.1: - * - * Boulder does not implement the new-order resource. - * Instead of new-order Boulder implements the new-cert resource that is - * defined in draft-ietf-acme-02 Section 6.5. - * - * Boulder also doesn't implement the new-nonce endpoint. - * - * Boulder implements the new-account resource only under the new-reg key. - * - * Boulder implements Link: rel="next" headers from new-reg to new-authz, and - * new-authz to new-cert, as specified in draft-02, but these links are not - * provided in the latest draft, and clients should use URLs from the directory - * instead. - * - * Boulder does not provide the "index" link relation pointing at the - * directory URL. - * - * (ie, just use new-cert instead of new-order, use the directory for links) - */ - -static int -lws_acme_report_status(struct lws_vhost *v, int state, const char *json) -{ - lws_callback_vhost_protocols_vhost(v, LWS_CALLBACK_VHOST_CERT_UPDATE, - (void *)json, state); - - return 0; -} - -/* - * Notice: trashes i and url - */ -static struct lws * -lws_acme_client_connect(struct lws_context *context, struct lws_vhost *vh, - struct lws **pwsi, struct lws_client_connect_info *i, - char *url, const char *method) -{ - const char *prot, *p; - char path[200], _url[256]; - struct lws *wsi; - - memset(i, 0, sizeof(*i)); - i->port = 443; - lws_strncpy(_url, url, sizeof(_url)); - if (lws_parse_uri(_url, &prot, &i->address, &i->port, &p)) { - lwsl_err("unable to parse uri %s\n", url); - - return NULL; - } - - /* add back the leading / on path */ - path[0] = '/'; - lws_strncpy(path + 1, p, sizeof(path) - 1); - i->path = path; - i->context = context; - i->vhost = vh; - i->ssl_connection = 1; - i->host = i->address; - i->origin = i->address; - i->method = method; - i->pwsi = pwsi; - i->protocol = "lws-acme-client"; - - wsi = lws_client_connect_via_info(i); - if (!wsi) { - lws_snprintf(path, sizeof(path) - 1, - "Unable to connect to %s", url); - lwsl_notice("%s: %s\n", __func__, path); - lws_acme_report_status(vh, LWS_CUS_FAILED, path); - } - - return wsi; -} - -static void -lws_acme_finished(struct per_vhost_data__lws_acme_client *vhd) -{ - lwsl_debug("%s\n", __func__); - - if (vhd->ac) { - if (vhd->ac->vhost) - lws_vhost_destroy(vhd->ac->vhost); - if (vhd->ac->alloc_privkey_pem) - free(vhd->ac->alloc_privkey_pem); - free(vhd->ac); - } - - lws_genrsa_destroy(&vhd->rsactx); - lws_jwk_destroy(&vhd->jwk); - - vhd->ac = NULL; -#if defined(LWS_WITH_ESP32) - lws_esp32.acme = 0; /* enable scanning */ -#endif -} - -static const char * const pvo_names[] = { - "country", - "state", - "locality", - "organization", - "common-name", - "email", - "directory-url", - "auth-path", - "cert-path", - "key-path", -}; - -static int -lws_acme_load_create_auth_keys(struct per_vhost_data__lws_acme_client *vhd, - int bits) -{ - int n; - - if (!lws_jwk_load(&vhd->jwk, vhd->pvop[LWS_TLS_SET_AUTH_PATH], - NULL, NULL)) - return 0; - - vhd->jwk.kty = LWS_GENCRYPTO_KTY_RSA; - lwsl_notice("Generating ACME %d-bit keypair... " - "will take a little while\n", bits); - n = lws_genrsa_new_keypair(vhd->context, &vhd->rsactx, LGRSAM_PKCS1_1_5, - vhd->jwk.e, bits); - if (n) { - lwsl_notice("failed to create keypair\n"); - - return 1; - } - - lwsl_notice("...keypair generated\n"); - - if (lws_jwk_save(&vhd->jwk, - vhd->pvop[LWS_TLS_SET_AUTH_PATH])) { - lwsl_notice("unable to save %s\n", - vhd->pvop[LWS_TLS_SET_AUTH_PATH]); - - return 1; - } - - return 0; -} - -static int -lws_acme_start_acquisition(struct per_vhost_data__lws_acme_client *vhd, - struct lws_vhost *v) -{ - char buf[128]; - - /* ...and we were given enough info to do the update? */ - - if (!vhd->pvop[LWS_TLS_REQ_ELEMENT_COMMON_NAME]) - return -1; - - /* - * ...well... we should try to do something about it then... - */ - lwsl_notice("%s: ACME cert needs creating / updating: " - "vhost %s\n", __func__, lws_get_vhost_name(vhd->vhost)); - - vhd->ac = malloc(sizeof(*vhd->ac)); - memset(vhd->ac, 0, sizeof(*vhd->ac)); - - /* - * So if we don't have it, the first job is get the directory. - * - * If we already have the directory, jump straight into trying - * to register our key. - * - * We always try to register the keys... if it's not the first - * time, we will get a JSON body in the (legal, nonfatal) - * response like this - * - * { - * "type": "urn:acme:error:malformed", - * "detail": "Registration key is already in use", - * "status": 409 - * } - */ - if (!vhd->ac->urls[0][0]) { - vhd->ac->state = ACME_STATE_DIRECTORY; - lws_snprintf(buf, sizeof(buf) - 1, "%s", - vhd->pvop_active[LWS_TLS_SET_DIR_URL]); - } else { - vhd->ac->state = ACME_STATE_NEW_REG; - lws_snprintf(buf, sizeof(buf) - 1, "%s", - vhd->ac->urls[JAD_NEW_REG_URL]); - } - - vhd->ac->real_vh_port = lws_get_vhost_port(vhd->vhost); - vhd->ac->real_vh_name = lws_get_vhost_name(vhd->vhost); - vhd->ac->real_vh_iface = lws_get_vhost_iface(vhd->vhost); - - lws_acme_report_status(vhd->vhost, LWS_CUS_STARTING, NULL); - -#if defined(LWS_WITH_ESP32) - lws_acme_report_status(vhd->vhost, LWS_CUS_CREATE_KEYS, - "Generating keys, please wait"); - if (lws_acme_load_create_auth_keys(vhd, 2048)) - goto bail; - lws_acme_report_status(vhd->vhost, LWS_CUS_CREATE_KEYS, - "Auth keys created"); -#endif - - if (lws_acme_client_connect(vhd->context, vhd->vhost, - &vhd->ac->cwsi, &vhd->ac->i, buf, "GET")) - return 0; - -#if defined(LWS_WITH_ESP32) -bail: -#endif - free(vhd->ac); - vhd->ac = NULL; - - return 1; -} - -static int -callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_vhost_data__lws_acme_client *vhd = - (struct per_vhost_data__lws_acme_client *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - char buf[LWS_PRE + 2536], *start = buf + LWS_PRE, *p = start, - *end = buf + sizeof(buf) - 1, digest[32], *failreason = NULL; - const struct lws_protocol_vhost_options *pvo; - struct lws_acme_cert_aging_args *caa; - struct acme_connection *ac = NULL; - struct lws_genhash_ctx hctx; - unsigned char **pp, *pend; - const char *content_type; - struct lws_jwe jwe; - struct lws *cwsi; - int n, m; - - if (vhd) - ac = vhd->ac; - - lws_jwe_init(&jwe, lws_get_context(wsi)); - - switch ((int)reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct per_vhost_data__lws_acme_client)); - vhd->context = lws_get_context(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->vhost = lws_get_vhost(wsi); - - /* compute how much we need to hold all the pvo payloads */ - m = 0; - pvo = (const struct lws_protocol_vhost_options *)in; - while (pvo) { - m += strlen(pvo->value) + 1; - pvo = pvo->next; - } - p = vhd->pvo_data = malloc(m); - if (!p) - return -1; - - pvo = (const struct lws_protocol_vhost_options *)in; - while (pvo) { - start = p; - n = strlen(pvo->value) + 1; - memcpy(start, pvo->value, n); - p += n; - - for (m = 0; m < (int)LWS_ARRAY_SIZE(pvo_names); m++) - if (!strcmp(pvo->name, pvo_names[m])) - vhd->pvop[m] = start; - - pvo = pvo->next; - } - - n = 0; - for (m = 0; m < (int)LWS_ARRAY_SIZE(pvo_names); m++) - if (!vhd->pvop[m] && m >= LWS_TLS_REQ_ELEMENT_COMMON_NAME) { - lwsl_notice("%s: require pvo '%s'\n", __func__, - pvo_names[m]); - n |= 1; - } else - if (vhd->pvop[m]) - lwsl_info(" %s: %s\n", pvo_names[m], - vhd->pvop[m]); - if (n) { - free(vhd->pvo_data); - vhd->pvo_data = NULL; - - return -1; - } - -#if !defined(LWS_WITH_ESP32) - /* - * load (or create) the registration keypair while we - * still have root - */ - if (lws_acme_load_create_auth_keys(vhd, 4096)) - return 1; - - /* - * in case we do an update, open the update files while we - * still have root - */ - lws_snprintf(buf, sizeof(buf) - 1, "%s.upd", - vhd->pvop[LWS_TLS_SET_CERT_PATH]); - vhd->fd_updated_cert = lws_open(buf, LWS_O_WRONLY | LWS_O_CREAT | - LWS_O_TRUNC, 0600); - if (vhd->fd_updated_cert < 0) { - lwsl_err("unable to create update cert file %s\n", buf); - return -1; - } - lws_snprintf(buf, sizeof(buf) - 1, "%s.upd", - vhd->pvop[LWS_TLS_SET_KEY_PATH]); - vhd->fd_updated_key = lws_open(buf, LWS_O_WRONLY | LWS_O_CREAT | - LWS_O_TRUNC, 0600); - if (vhd->fd_updated_key < 0) { - lwsl_err("unable to create update key file %s\n", buf); - return -1; - } -#endif - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - if (vhd && vhd->pvo_data) { - free(vhd->pvo_data); - vhd->pvo_data = NULL; - } - if (vhd) - lws_acme_finished(vhd); - break; - - case LWS_CALLBACK_VHOST_CERT_AGING: - if (!vhd) - break; - - caa = (struct lws_acme_cert_aging_args *)in; - /* - * Somebody is telling us about a cert some vhost is using. - * - * First see if the cert is getting close enough to expiry that - * we *want* to do something about it. - */ - if ((int)(ssize_t)len > 14) - break; - - /* - * ...is this a vhost we were configured on? - */ - if (vhd->vhost != caa->vh) - return 1; - - for (n = 0; n < (int)LWS_ARRAY_SIZE(vhd->pvop);n++) - if (caa->element_overrides[n]) - vhd->pvop_active[n] = caa->element_overrides[n]; - else - vhd->pvop_active[n] = vhd->pvop[n]; - - lwsl_notice("starting acme acquisition on %s: %s\n", - lws_get_vhost_name(caa->vh), vhd->pvop_active[LWS_TLS_SET_DIR_URL]); - - lws_acme_start_acquisition(vhd, caa->vh); - break; - - /* - * Client - */ - - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_notice("%s: CLIENT_ESTABLISHED\n", __func__); - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_notice("%s: CLIENT_CONNECTION_ERROR: %p\n", __func__, wsi); - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - lwsl_notice("%s: CLOSED_CLIENT_HTTP: %p\n", __func__, wsi); - break; - - case LWS_CALLBACK_CLOSED: - lwsl_notice("%s: CLOSED: %p\n", __func__, wsi); - break; - - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - lwsl_notice("lws_http_client_http_response %d\n", - lws_http_client_http_response(wsi)); - if (!ac) - break; - ac->resp = lws_http_client_http_response(wsi); - /* we get a new nonce each time */ - if (lws_hdr_total_length(wsi, WSI_TOKEN_REPLAY_NONCE) && - lws_hdr_copy(wsi, ac->replay_nonce, - sizeof(ac->replay_nonce), - WSI_TOKEN_REPLAY_NONCE) < 0) { - lwsl_notice("%s: nonce too large\n", __func__); - - goto failed; - } - - switch (ac->state) { - case ACME_STATE_DIRECTORY: - lejp_construct(&ac->jctx, cb_dir, vhd, jdir_tok, - LWS_ARRAY_SIZE(jdir_tok)); - break; - case ACME_STATE_NEW_REG: - break; - case ACME_STATE_NEW_AUTH: - lejp_construct(&ac->jctx, cb_authz, ac, jauthz_tok, - LWS_ARRAY_SIZE(jauthz_tok)); - break; - - case ACME_STATE_POLLING: - case ACME_STATE_ACCEPT_CHALL: - lejp_construct(&ac->jctx, cb_chac, ac, jchac_tok, - LWS_ARRAY_SIZE(jchac_tok)); - break; - - case ACME_STATE_POLLING_CSR: - ac->cpos = 0; - if (ac->resp != 201) - break; - /* - * He acknowledges he will create the cert... - * get the URL to GET it from in the Location - * header. - */ - if (lws_hdr_copy(wsi, ac->challenge_uri, - sizeof(ac->challenge_uri), - WSI_TOKEN_HTTP_LOCATION) < 0) { - lwsl_notice("%s: missing cert location:\n", - __func__); - - goto failed; - } - - lwsl_notice("told to fetch cert from %s\n", - ac->challenge_uri); - break; - - default: - break; - } - break; - - case LWS_CALLBACK_CLIENT_APPEND_HANDSHAKE_HEADER: - if (!ac) - break; - switch (ac->state) { - - case ACME_STATE_DIRECTORY: - break; - case ACME_STATE_NEW_REG: - p += lws_snprintf(p, end - p, "{" - "\"resource\":\"new-reg\"," - "\"contact\":[" - "\"mailto:%s\"" - "],\"agreement\":\"%s\"" - "}", - vhd->pvop_active[LWS_TLS_REQ_ELEMENT_EMAIL], - ac->urls[JAD_TOS_URL]); - - puts(start); -pkt_add_hdrs: - if (lws_gencrypto_jwe_alg_to_definition("RSA1_5", &jwe.jose.alg)) { - ac->len = 0; - lwsl_notice("%s: no RSA1_5\n", __func__); - goto failed; - } - jwe.jws.jwk = &vhd->jwk; - ac->len = lws_jwe_create_packet(&jwe, - start, p - start, - ac->replay_nonce, - &ac->buf[LWS_PRE], - sizeof(ac->buf) - - LWS_PRE, - lws_get_context(wsi)); - if (ac->len < 0) { - ac->len = 0; - lwsl_notice("lws_jwe_create_packet failed\n"); - goto failed; - } - - pp = (unsigned char **)in; - pend = (*pp) + len; - - ac->pos = 0; - content_type = "application/jose+json"; - if (ac->state == ACME_STATE_POLLING_CSR) - content_type = "application/pkix-cert"; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE, - (uint8_t *)content_type, 21, pp, pend)) { - lwsl_notice("could not add content type\n"); - goto failed; - } - - n = sprintf(buf, "%d", ac->len); - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_LENGTH, - (uint8_t *)buf, n, pp, pend)) { - lwsl_notice("could not add content length\n"); - goto failed; - } - - lws_client_http_body_pending(wsi, 1); - lws_callback_on_writable(wsi); - lwsl_notice("prepare to send ACME_STATE_NEW_REG\n"); - break; - case ACME_STATE_NEW_AUTH: - p += lws_snprintf(p, end - p, - "{" - "\"resource\":\"new-authz\"," - "\"identifier\":{" - "\"type\":\"http-01\"," - "\"value\":\"%s\"" - "}" - "}", vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME]); - goto pkt_add_hdrs; - - case ACME_STATE_ACCEPT_CHALL: - /* - * Several of the challenges in this document makes use - * of a key authorization string. A key authorization - * expresses a domain holder's authorization for a - * specified key to satisfy a specified challenge, by - * concatenating the token for the challenge with a key - * fingerprint, separated by a "." character: - * - * key-authz = token || '.' || - * base64(JWK_Thumbprint(accountKey)) - * - * The "JWK_Thumbprint" step indicates the computation - * specified in [RFC7638], using the SHA-256 digest. As - * specified in the individual challenges below, the - * token for a challenge is a JSON string comprised - * entirely of characters in the base64 alphabet. - * The "||" operator indicates concatenation of strings. - * - * keyAuthorization (required, string): The key - * authorization for this challenge. This value MUST - * match the token from the challenge and the client's - * account key. - * - * draft acme-01 tls-sni-01: - * - * { - * "keyAuthorization": "evaGxfADs...62jcerQ", - * } (Signed as JWS) - * - * draft acme-07 tls-sni-02: - * - * POST /acme/authz/1234/1 - * Host: example.com - * Content-Type: application/jose+json - * - * { - * "protected": base64url({ - * "alg": "ES256", - * "kid": "https://example.com/acme/acct/1", - * "nonce": "JHb54aT_KTXBWQOzGYkt9A", - * "url": "https://example.com/acme/authz/1234/1" - * }), - * "payload": base64url({ - * "keyAuthorization": "evaGxfADs...62jcerQ" - * }), - * "signature": "Q1bURgJoEslbD1c5...3pYdSMLio57mQNN4" - * } - * - * On receiving a response, the server MUST verify that - * the key authorization in the response matches the - * "token" value in the challenge and the client's - * account key. If they do not match, then the server - * MUST return an HTTP error in response to the POST - * request in which the client sent the challenge. - */ - - lws_jwk_rfc7638_fingerprint(&vhd->jwk, digest); - p = start; - end = &buf[sizeof(buf) - 1]; - - p += lws_snprintf(p, end - p, - "{\"resource\":\"challenge\"," - "\"type\":\"tls-sni-0%d\"," - "\"keyAuthorization\":\"%s.", - 1 + ac->is_sni_02, - ac->chall_token); - n = lws_jws_base64_enc(digest, 32, p, end - p); - if (n < 0) - goto failed; - p += n; - p += lws_snprintf(p, end - p, "\"}"); - puts(start); - goto pkt_add_hdrs; - - case ACME_STATE_POLLING: - break; - - case ACME_STATE_POLLING_CSR: - /* - * "To obtain a certificate for the domain, the agent - * constructs a PKCS#10 Certificate Signing Request that - * asks the Let’s Encrypt CA to issue a certificate for - * example.com with a specified public key. As usual, - * the CSR includes a signature by the private key - * corresponding to the public key in the CSR. The agent - * also signs the whole CSR with the authorized - * key for example.com so that the Let’s Encrypt CA - * knows it’s authorized." - * - * IOW we must create a new RSA keypair which will be - * the cert public + private key, and put the public - * key in the CSR. The CSR, just for transport, is also - * signed with our JWK, showing that as the owner of the - * authorized JWK, the request should be allowed. - * - * The cert comes back with our public key in it showing - * that the owner of the matching private key (we - * created that keypair) is the owner of the cert. - * - * We feed the CSR the elements we want in the cert, - * like the CN etc, and it gives us the b64URL-encoded - * CSR and the PEM-encoded (public +)private key in - * memory buffers. - */ - if (ac->goes_around) - break; - - p += lws_snprintf(p, end - p, - "{\"resource\":\"new-cert\"," - "\"csr\":\""); - n = lws_tls_acme_sni_csr_create(vhd->context, - &vhd->pvop_active[0], - (uint8_t *)p, end - p, - &ac->alloc_privkey_pem, - &ac->len_privkey_pem); - if (n < 0) { - lwsl_notice("CSR generation failed\n"); - goto failed; - } - p += n; - p += lws_snprintf(p, end - p, "\"}"); - puts(start); - goto pkt_add_hdrs; - - default: - break; - } - break; - - case LWS_CALLBACK_CLIENT_HTTP_WRITEABLE: - lwsl_notice("LWS_CALLBACK_CLIENT_HTTP_WRITEABLE\n"); - if (!ac) - break; - if (ac->pos == ac->len) - break; - - ac->buf[LWS_PRE + ac->len] = '\0'; - if (lws_write(wsi, (uint8_t *)ac->buf + LWS_PRE, - ac->len, LWS_WRITE_HTTP_FINAL) < 0) - return -1; - lwsl_notice("wrote %d\n", ac->len); - ac->pos = ac->len; - lws_client_http_body_pending(wsi, 0); - break; - - /* chunked content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP_READ: - if (!ac) - return -1; - switch (ac->state) { - case ACME_STATE_POLLING: - case ACME_STATE_ACCEPT_CHALL: - case ACME_STATE_NEW_AUTH: - case ACME_STATE_DIRECTORY: - ((char *)in)[len] = '\0'; - puts(in); - m = (int)(signed char)lejp_parse(&ac->jctx, - (uint8_t *)in, len); - if (m < 0 && m != LEJP_CONTINUE) { - lwsl_notice("lejp parse failed %d\n", m); - goto failed; - } - break; - case ACME_STATE_NEW_REG: - ((char *)in)[len] = '\0'; - puts(in); - break; - case ACME_STATE_POLLING_CSR: - /* it should be the DER cert! */ - if (ac->cpos + len > sizeof(ac->buf)) { - lwsl_notice("Incoming cert is too large!\n"); - goto failed; - } - memcpy(&ac->buf[ac->cpos], in, len); - ac->cpos += len; - break; - default: - break; - } - break; - - /* unchunked content */ - case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - lwsl_notice("%s: LWS_CALLBACK_RECEIVE_CLIENT_HTTP\n", __func__); - { - char buffer[2048 + LWS_PRE]; - char *px = buffer + LWS_PRE; - int lenx = sizeof(buffer) - LWS_PRE; - - if (lws_http_client_read(wsi, &px, &lenx) < 0) - return -1; - } - break; - - case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_notice("%s: COMPLETED_CLIENT_HTTP\n", __func__); - - if (!ac) - return -1; - switch (ac->state) { - case ACME_STATE_DIRECTORY: - lejp_destruct(&ac->jctx); - - /* check dir validity */ - - for (n = 0; n < 6; n++) - lwsl_notice(" %d: %s\n", n, ac->urls[n]); - - /* - * So... having the directory now... we try to - * register our keys next. It's OK if it ends up - * they're already registered... this eliminates any - * gaps where we stored the key but registration did - * not complete for some reason... - */ - ac->state = ACME_STATE_NEW_REG; - lws_acme_report_status(vhd->vhost, LWS_CUS_REG, NULL); - - strcpy(buf, ac->urls[JAD_NEW_REG_URL]); - cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, - &ac->cwsi, &ac->i, buf, - "POST"); - if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); - goto failed; - } - return -1; /* close the completed client connection */ - - case ACME_STATE_NEW_REG: - if ((ac->resp >= 200 && ac->resp < 299) || - ac->resp == 409) { - /* - * Our account already existed, or exists now. - * - * Move on to requesting a cert auth. - */ - ac->state = ACME_STATE_NEW_AUTH; - lws_acme_report_status(vhd->vhost, LWS_CUS_AUTH, - NULL); - - strcpy(buf, ac->urls[JAD_NEW_AUTHZ_URL]); - cwsi = lws_acme_client_connect(vhd->context, - vhd->vhost, &ac->cwsi, - &ac->i, buf, "POST"); - if (!cwsi) - lwsl_notice("%s: failed to connect\n", - __func__); - return -1; /* close the completed client connection */ - } else { - lwsl_notice("new-reg replied %d\n", ac->resp); - goto failed; - } - return -1; /* close the completed client connection */ - - case ACME_STATE_NEW_AUTH: - lejp_destruct(&ac->jctx); - if (ac->resp / 100 == 4) { - lws_snprintf(buf, sizeof(buf), - "Auth failed: %s", ac->detail); - failreason = buf; - lwsl_notice("auth failed\n"); - goto failed; - } - lwsl_notice("chall: %s (%d)\n", ac->chall_token, ac->resp); - if (!ac->chall_token[0]) { - lwsl_notice("no challenge\n"); - goto failed; - } - - - ac->state = ACME_STATE_ACCEPT_CHALL; - lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE, - NULL); - - /* tls-sni-01 ... what a mess. - * The stuff in - * https://tools.ietf.org/html/ - * draft-ietf-acme-acme-01#section-7.3 - * "requires" n but it's missing from let's encrypt - * tls-sni-01 challenge. The go docs say that they just - * implement one hashing round regardless - * https://godoc.org/golang.org/x/crypto/acme - * - * The go way is what is actually implemented today by - * letsencrypt - * - * "A client responds to this challenge by constructing - * a key authorization from the "token" value provided - * in the challenge and the client's account key. The - * client first computes the SHA-256 digest Z0 of the - * UTF8-encoded key authorization, and encodes Z0 in - * UTF-8 lower-case hexadecimal form." - */ - - /* tls-sni-02 - * - * SAN A MUST be constructed as follows: compute the - * SHA-256 digest of the UTF-8-encoded challenge token - * and encode it in lowercase hexadecimal form. The - * dNSName is "x.y.token.acme.invalid", where x - * is the first half of the hexadecimal representation - * and y is the second half. - */ - - memset(&ac->ci, 0, sizeof(ac->ci)); - - /* first compute the key authorization */ - - lws_jwk_rfc7638_fingerprint(&vhd->jwk, digest); - p = start; - end = &buf[sizeof(buf) - 1]; - - p += lws_snprintf(p, end - p, "%s.", ac->chall_token); - n = lws_jws_base64_enc(digest, 32, p, end - p); - if (n < 0) - goto failed; - p += n; - - if (lws_genhash_init(&hctx, LWS_GENHASH_TYPE_SHA256)) - return -1; - - if (lws_genhash_update(&hctx, (uint8_t *)start, - lws_ptr_diff(p, start))) { - lws_genhash_destroy(&hctx, NULL); - - return -1; - } - if (lws_genhash_destroy(&hctx, digest)) - return -1; - - p = buf; - for (n = 0; n < 32; n++) { - p += lws_snprintf(p, end - p, "%02x", - digest[n] & 0xff); - if (n == (32 / 2) - 1) - p = buf + 64; - } - - p = ac->san_a; - if (ac->is_sni_02) { - lws_snprintf(p, sizeof(ac->san_a), - "%s.%s.token.acme.invalid", - buf, buf + 64); - - /* - * SAN B MUST be constructed as follows: compute - * the SHA-256 digest of the UTF-8 encoded key - * authorization and encode it in lowercase - * hexadecimal form. The dNSName is - * "x.y.ka.acme.invalid" where x is the first - * half of the hexadecimal representation and y - * is the second half. - */ - lws_jwk_rfc7638_fingerprint(&vhd->jwk, - (char *)digest); - - p = buf; - for (n = 0; n < 32; n++) { - p += lws_snprintf(p, end - p, "%02x", - digest[n] & 0xff); - if (n == (32 / 2) - 1) - p = buf + 64; - } - - p = ac->san_b; - lws_snprintf(p, sizeof(ac->san_b), - "%s.%s.ka.acme.invalid", - buf, buf + 64); - } else { - lws_snprintf(p, sizeof(ac->san_a), - "%s.%s.acme.invalid", buf, buf + 64); - ac->san_b[0] = '\0'; - } - - lwsl_notice("san_a: '%s'\n", ac->san_a); - lwsl_notice("san_b: '%s'\n", ac->san_b); - - /* - * tls-sni-01: - * - * The client then configures the TLS server at the - * domain such that when a handshake is initiated with - * the Server Name Indication extension set to - * "..acme.invalid", the - * corresponding generated certificate is presented. - * - * tls-sni-02: - * - * The client MUST ensure that the certificate is - * served to TLS connections specifying a Server Name - * Indication (SNI) value of SAN A. - */ - ac->ci.vhost_name = ac->san_a; - - /* - * we bind to exact iface of real vhost, so we can - * share the listen socket by SNI - */ - ac->ci.iface = ac->real_vh_iface; - - /* listen on the same port as the vhost that triggered - * us */ - ac->ci.port = ac->real_vh_port; - /* Skip filling in any x509 info into the ssl_ctx. - * It will be done at the callback - * LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS - * in this callback handler (below) - */ - ac->ci.options = LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX | - LWS_SERVER_OPTION_SKIP_PROTOCOL_INIT | - LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; - /* make ourselves protocols[0] for the new vhost */ - ac->ci.protocols = acme_protocols; - /* - * vhost .user points to the ac associated with the - * temporary vhost - */ - ac->ci.user = ac; - - ac->vhost = lws_create_vhost(lws_get_context(wsi), - &ac->ci); - if (!ac->vhost) - goto failed; - - /* - * The challenge-specific vhost is up... let the ACME - * server know we are ready to roll... - */ - - ac->goes_around = 0; - cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, - &ac->cwsi, &ac->i, - ac->challenge_uri, - "POST"); - if (!cwsi) { - lwsl_notice("%s: failed to connect\n", - __func__); - goto failed; - } - return -1; /* close the completed client connection */ - - case ACME_STATE_ACCEPT_CHALL: - /* - * he returned something like this (which we parsed) - * - * { - * "type": "tls-sni-01", - * "status": "pending", - * "uri": "https://acme-staging.api.letsencrypt.org/ - * acme/challenge/xCt7bT3FaxoIQU3Qry87t5h - * uKDcC-L-0ERcD5DLAZts/71100507", - * "token": "j2Vs-vLI_dsza4A35SFHIU03aIe2PzFRijbqCY - * dIVeE", - * "keyAuthorization": "j2Vs-vLI_dsza4A35SFHIU03aIe2 - * PzFRijbqCYdIVeE.nmOtdFd8Jikn6K8NnYYmT5 - * vCM_PwSDT8nLdOYoFXhRU" - * } - * - */ - lwsl_notice("%s: COMPLETED accept chall: %s\n", - __func__, ac->challenge_uri); -poll_again: - ac->state = ACME_STATE_POLLING; - lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE, NULL); - - if (ac->goes_around++ == 20) { - lwsl_notice("%s: too many chall retries\n", - __func__); - - goto failed; - } - - lws_timed_callback_vh_protocol(vhd->vhost, vhd->protocol, - LWS_CALLBACK_USER + 0xac33, ac->goes_around == 1 ? 10 : 2); - return -1; /* close the completed client connection */ - - case ACME_STATE_POLLING: - - if (ac->resp == 202 && - strcmp(ac->status, "invalid") && - strcmp(ac->status, "valid")) { - lwsl_notice("status: %s\n", ac->status); - goto poll_again; - } - - if (!strcmp(ac->status, "invalid")) { - lwsl_notice("%s: polling failed\n", __func__); - lws_snprintf(buf, sizeof(buf), - "Challenge Invalid: %s", ac->detail); - failreason = buf; - goto failed; - } - - lwsl_notice("Challenge passed\n"); - - /* - * The challenge was validated... so delete the - * temp SNI vhost now its job is done - */ - if (ac->vhost) - lws_vhost_destroy(ac->vhost); - ac->vhost = NULL; - - /* - * now our JWK is accepted as authorized to make - * requests for the domain, next move is create the - * CSR signed with the JWK, and send it to the ACME - * server to request the actual certs. - */ - ac->state = ACME_STATE_POLLING_CSR; - lws_acme_report_status(vhd->vhost, LWS_CUS_REQ, NULL); - ac->goes_around = 0; - - strcpy(buf, ac->urls[JAD_NEW_CERT_URL]); - cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, - &ac->cwsi, &ac->i, buf, - "POST"); - if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); - - goto failed; - } - return -1; /* close the completed client connection */ - - case ACME_STATE_POLLING_CSR: - /* - * (after POSTing the CSR)... - * - * If the CA decides to issue a certificate, then the - * server creates a new certificate resource and - * returns a URI for it in the Location header field - * of a 201 (Created) response. - * - * HTTP/1.1 201 Created - * Location: https://example.com/acme/cert/asdf - * - * If the certificate is available at the time of the - * response, it is provided in the body of the response. - * If the CA has not yet issued the certificate, the - * body of this response will be empty. The client - * should then send a GET request to the certificate URI - * to poll for the certificate. As long as the - * certificate is unavailable, the server MUST provide a - * 202 (Accepted) response and include a Retry-After - * header to indicate when the server believes the - * certificate will be issued. - */ - if (ac->resp < 200 || ac->resp > 202) { - lwsl_notice("CSR poll failed on resp %d\n", - ac->resp); - goto failed; - } - - if (ac->resp == 200) { - char *pp; - int max; - - lwsl_notice("The cert was sent..\n"); - - lws_acme_report_status(vhd->vhost, - LWS_CUS_ISSUE, NULL); - - /* - * That means we have the issued cert DER in - * ac->buf, length in ac->cpos; and the key in - * ac->alloc_privkey_pem, length in - * ac->len_privkey_pem. - * - * We write out a PEM copy of the cert, and a - * PEM copy of the private key, using the - * write-only fds we opened while we still - * had root. - * - * Estimate the size of the PEM version of the - * cert and allocate a temp buffer for it. - * - * This is a bit complicated because first we - * drop the b64url version into the buffer at - * +384, then we add the header at 0 and move - * lines of it back + '\n' to make PEM. - * - * This avoids the need for two fullsize - * allocations. - */ - - max = (ac->cpos * 4) / 3 + 16 + 384; - - start = p = malloc(max); - if (!p) - goto failed; - - n = lws_b64_encode_string(ac->buf, ac->cpos, - start + 384, max - 384); - if (n < 0) { - free(start); - goto failed; - } - - pp = start + 384; - p += lws_snprintf(start, 64, "%s", - "-----BEGIN CERTIFICATE-----\n"); - - while (n) { - m = 65; - if (n < m) - m = n; - memcpy(p, pp, m); - n -= m; - p += m; - pp += m; - if (n) - *p++ = '\n'; - } - p += lws_snprintf(p, - max - lws_ptr_diff(p, start), - "%s", - "\n-----END CERTIFICATE-----\n"); - - n = lws_plat_write_cert(vhd->vhost, 0, - vhd->fd_updated_cert, start, - lws_ptr_diff(p, start)); - free(start); - if (n) { - lwsl_err("unable to write ACME cert! %d\n", n); - goto failed; - } - /* - * don't close it... we may update the certs - * again - */ - - if (lws_plat_write_cert(vhd->vhost, 1, - vhd->fd_updated_key, - ac->alloc_privkey_pem, - ac->len_privkey_pem)) { - lwsl_err("unable to write ACME key!\n"); - goto failed; - } - - /* - * we have written the persistent copies - */ - - lwsl_notice("%s: Updated certs written for %s " - "to %s.upd and %s.upd\n", __func__, - vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME], - vhd->pvop_active[LWS_TLS_SET_CERT_PATH], - vhd->pvop_active[LWS_TLS_SET_KEY_PATH]); - - /* notify lws there was a cert update */ - - if (lws_tls_cert_updated(vhd->context, - vhd->pvop_active[LWS_TLS_SET_CERT_PATH], - vhd->pvop_active[LWS_TLS_SET_KEY_PATH], - ac->buf, ac->cpos, - ac->alloc_privkey_pem, - ac->len_privkey_pem)) { - lwsl_notice("problem setting certs\n"); - } - - lws_acme_finished(vhd); - lws_acme_report_status(vhd->vhost, - LWS_CUS_SUCCESS, NULL); - - return 0; - } - - lws_acme_report_status(vhd->vhost, LWS_CUS_CONFIRM, NULL); - - /* he is preparing the cert, go again with a GET */ - - if (ac->goes_around++ == 30) { - lwsl_notice("%s: too many retries\n", - __func__); - - goto failed; - } - - strcpy(buf, ac->challenge_uri); - cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, - &ac->cwsi, &ac->i, buf, - "GET"); - if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); - - goto failed; - } - return -1; /* close the completed client connection */ - - default: - break; - } - break; - - case LWS_CALLBACK_USER + 0xac33: - if (!vhd) - break; - cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, - &ac->cwsi, &ac->i, - ac->challenge_uri, - "GET"); - if (!cwsi) { - lwsl_notice("%s: failed to connect\n", __func__); - goto failed; - } - break; - - case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS: - /* - * This goes to vhost->protocols[0], but for our temp certs - * vhost we created, we have arranged that to be our protocol, - * so the callback will come here. - * - * When we created the temp vhost, we set its pvo to point - * to the ac associated with the temp vhost. - */ - lwsl_debug("LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS\n"); - ac = (struct acme_connection *)lws_get_vhost_user( - (struct lws_vhost *)in); - - lws_acme_report_status((struct lws_vhost *)in, - LWS_CUS_CREATE_REQ, - "creating challenge cert"); - - if (lws_tls_acme_sni_cert_create((struct lws_vhost *)in, - ac->san_a, ac->san_b)) { - lwsl_err("%s: creating the sni test cert failed\n", __func__); - - return -1; - } - break; - - default: - break; - } - - return 0; - -failed: - lwsl_err("%s: failed out\n", __func__); - lws_acme_report_status(vhd->vhost, LWS_CUS_FAILED, failreason); - lws_acme_finished(vhd); - - return -1; -} - -#if !defined (LWS_PLUGIN_STATIC) - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_LWS_ACME_CLIENT -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_lws_acme_client(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_lws_acme_client(struct lws_context *context) -{ - return 0; -} - -#endif diff --git a/plugins/deaddrop/README.md b/plugins/deaddrop/README.md deleted file mode 100644 index 8b113ad..0000000 --- a/plugins/deaddrop/README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Deaddrop: File upload and sharing plugin - -## Building the plugin - -Just configure lws with `cmake .. -DLWS_WITH_PLUGINS=1` and build lws as normal. - -## Configurable settings - -|pvo name|value meaning| -|---|---| -|upload-dir|A writeable directory where uploaded files will go| -|max-size|Maximum individual file size in bytes| -|basic-auth|Path to basic auth credential file so wss can also be protected| - -## Required mounts - -To use deaddrop meaningfully, all the mounts and the ws protocol must be -protected by basic auth. And to use basic auth securely, the connection must -be protected from snooping by tls. - -1) Set the basic-auth pvo to require valid credentials as described above - -2) Protect your basic fileserving mount by the same basic auth file... this is - used to serve index.html, the css etc. - -3) Add a callback mount into "lws-deaddrop" protocol at "upload"... so if your - URL for deaddrop is "/tools/share", this would be at "/tools/share/upload". - It must also be protected by the basic auth file. - -4) Add a fileserving mount at the url "get" (continuing the example above, it - would be "/tools/share/get" whose origin matches the "upload-dir" pvo - value you selected. This mount needs any additional mimtype mappings since - it's where the uploaded files are shared from. - -## Using with C - -See ./minimal-examples/http-server/minimal-example-http-server-deaddrop for -how to use the plugin directly with C. - -## Using with lwsws / lejp-conf - -As a plugin, you can configure the mounts and pvos per-vhost easily in JSON. - -All the snippets here - -The mountpoints would look something like this (added to vhost/mounts) - -``` - { - "mountpoint": "/tools/share", - "origin": "file:///var/www/deaddrop", - "default": "index.html", - "basic-auth": "/var/www/ba" - }, { - "mountpoint": "/tools/share/upload", - "origin": "callback://lws-deaddrop", - "basic-auth": "/var/www/ba" - }, { - "mountpoint": "/tools/share/get", - "origin": "file:///var/cache/deaddrop-uploads", - "basic-auth": "/var/www/ba", - - "extra-mimetypes": { - ".bin": "application/octet-stream", - ".ttf": "application/x-font-truetype", - ".otf": "application/font-sfnt", - ".zip": "application/zip", - ".webm": "video/webm", - ".romfs": "application/octet-stream", - ".pdf": "application/pdf", - ".odt": "application/vnd.oasis.opendocument.text", - ".tgz": "application/x-gzip", - ".tar.gz": "application/x-gzip" - } - } -``` - -This enables the plugin on the vhost, configures the pvos, and makes -the wss serving also depend on having a valid basic auth credential. - -``` - "ws-protocols": [{ - "lws-deaddrop": { - "status": "ok", - "upload-dir": "/var/cache/deaddrop-uploads", - "max-size": "52428800", - "basic-auth": "/var/www/ba" - } - }], -``` - diff --git a/plugins/deaddrop/assets/deaddrop.css b/plugins/deaddrop/assets/deaddrop.css deleted file mode 100644 index 549e362..0000000 --- a/plugins/deaddrop/assets/deaddrop.css +++ /dev/null @@ -1,70 +0,0 @@ -.td { padding: 8px } -.h1 { } -.dd-fileinfo { font-size: 8pt; } -table td { - display: table-cell; - vertical-align: top; - background-color: rgba(247, 247, 232, 0.6); - text-align: center -} -table { - border: 2px solid #ccc; - padding: 4px; - border-radius: 12px; - transition: background-color 0.5s ease; -} -table.nb { border: 0px; border-radius: 0px; transition: opacity 0.5s; } -table.noconn { background-color: #ddd; } - -div { transition: opacity 0.5s; } -div.da { padding-left: 20px; padding-right:20px; } -div.trot { - animation: scale 0.5s linear infinite; -} -div.uplbox { padding-bottom: 8px; } -div.disa { opacity: 0.2; } - -td.ogn { text-align:left; font-size: 8pt; padding-left: 4px; padding-right: 4px;} -td.dow { text-align:left; font-size: 9pt; padding-left: 4px; padding-right: 4px;} -td.r { text-align: right; } -td.err { color: red; font-weight: bold; } -td.vm { display: table-cell; vertical-align: middle; padding-top: 12px; padding-bottom: 12px; } - -h3 { font-size: 12pt; margin-bottom: 6px; } -span { font-size: 9pt; } -a { font-size: 9pt; } - -input.ubtn { font-size: 16pt; margin-top: 4px; text-align: center } - -img.working { - display: inline-block; - float:left; - background: url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIGlkPSJMYXllcl8xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIKICAgICB3aWR0aD0iMjRweCIgaGVpZ2h0PSIzMHB4IiB2aWV3Qm94PSIwIDAgMjQgMzAiIHN0eWxlPSJlbmFibGUtYmFja2dyb3VuZDpuZXcgMCAwIDUwIDUwOyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CiAgICA8cmVjdCB4PSIwIiB5PSIxMCIgd2lkdGg9IjQiIGhlaWdodD0iMTAiIGZpbGw9IiMzMzMiIG9wYWNpdHk9IjAuMiI+CiAgICAgIDxhbmltYXRlIGF0dHJpYnV0ZU5hbWU9Im9wYWNpdHkiIGF0dHJpYnV0ZVR5cGU9IlhNTCIgdmFsdWVzPSIwLjI7IDE7IC4yIiBiZWdpbj0iMHMiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICAgIDxhbmltYXRlIGF0dHJpYnV0ZU5hbWU9ImhlaWdodCIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyAyMDsgMTAiIGJlZ2luPSIwcyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ieSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyA1OyAxMCIgYmVnaW49IjBzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgPC9yZWN0PgogICAgPHJlY3QgeD0iOCIgeT0iMTAiIHdpZHRoPSI0IiBoZWlnaHQ9IjEwIiBmaWxsPSIjMzMzIiAgb3BhY2l0eT0iMC4yIj4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ib3BhY2l0eSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjAuMjsgMTsgLjIiIGJlZ2luPSIwLjE1cyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0iaGVpZ2h0IiBhdHRyaWJ1dGVUeXBlPSJYTUwiIHZhbHVlcz0iMTA7IDIwOyAxMCIgYmVnaW49IjAuMTVzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgICA8YW5pbWF0ZSBhdHRyaWJ1dGVOYW1lPSJ5IiBhdHRyaWJ1dGVUeXBlPSJYTUwiIHZhbHVlcz0iMTA7IDU7IDEwIiBiZWdpbj0iMC4xNXMiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICA8L3JlY3Q+CiAgICA8cmVjdCB4PSIxNiIgeT0iMTAiIHdpZHRoPSI0IiBoZWlnaHQ9IjEwIiBmaWxsPSIjMzMzIiAgb3BhY2l0eT0iMC4yIj4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ib3BhY2l0eSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjAuMjsgMTsgLjIiIGJlZ2luPSIwLjNzIiBkdXI9IjAuNnMiIHJlcGVhdENvdW50PSJpbmRlZmluaXRlIiAvPgogICAgICA8YW5pbWF0ZSBhdHRyaWJ1dGVOYW1lPSJoZWlnaHQiIGF0dHJpYnV0ZVR5cGU9IlhNTCIgdmFsdWVzPSIxMDsgMjA7IDEwIiBiZWdpbj0iMC4zcyIgZHVyPSIwLjZzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgLz4KICAgICAgPGFuaW1hdGUgYXR0cmlidXRlTmFtZT0ieSIgYXR0cmlidXRlVHlwZT0iWE1MIiB2YWx1ZXM9IjEwOyA1OyAxMCIgYmVnaW49IjAuM3MiIGR1cj0iMC42cyIgcmVwZWF0Q291bnQ9ImluZGVmaW5pdGUiIC8+CiAgICA8L3JlY3Q+Cjwvc3ZnPg=="); - width:0px; - height:0px; - cursor:pointer; - padding:0.6em 1em; - background-repeat: no-repeat; - vertical-align:middle; - color: rgba(0, 0, 0, 0); -} - -img.delbtn { - display: inline-block; - float:left; - background: url("data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHN2ZyB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCAzNC4yMTcxMzMgMzQuMTQ0MjQ5IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIj4KCTxkZWZzPgoJCTxyYWRpYWxHcmFkaWVudCBpZD0iYSIgY3g9IjEzNTguNSIgY3k9Ijk3Ny43MiIgcj0iNC4xMTYiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoMS41MDM1IDAgMCAyLjQ5NDQgLTI1NzcuNCAtMTgyMy44KSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjZmZmIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iI2ZmZiIgc3RvcC1vcGFjaXR5PSIwIiBvZmZzZXQ9IjEiLz4KCQk8L3JhZGlhbEdyYWRpZW50PgoJCTxsaW5lYXJHcmFkaWVudCBpZD0iYiIgeDE9IjEzNjYuMyIgeDI9IjEzNDQuOCIgeTE9Ijk3OC4xOSIgeTI9Ijk1OC43MyIgZ3JhZGllbnRUcmFuc2Zvcm09InRyYW5zbGF0ZSgtMjE3NCAtMTA3Ni4xKSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPgoJCQk8c3RvcCBzdG9wLWNvbG9yPSIjOWM5NzlkIiBvZmZzZXQ9IjAiLz4KCQkJPHN0b3Agc3RvcC1jb2xvcj0iI2Y0ZmVmMyIgc3RvcC1vcGFjaXR5PSIuNzQwMTYiIG9mZnNldD0iMSIvPgoJCTwvbGluZWFyR3JhZGllbnQ+Cgk8L2RlZnM+Cgk8ZyB0cmFuc2Zvcm09InRyYW5zbGF0ZSg4MzQuMjkgMTIzLjc1KSI+CgkJPGcgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIj4KCQkJPGNpcmNsZSBjeD0iLTgxNy4yMiIgY3k9Ii0xMDYuNjgiIHI9IjE2LjA5IiBmaWxsPSJ1cmwoI2IpIiBzdHJva2U9IiMwMDAiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIHN0cm9rZS13aWR0aD0iMS45NjUiLz4KCQkJPHBhdGggZD0ibS04MjUuNjctMTE0LjcxYzE3LjMzIDE3LjMzIDE3IDE2Ljk5OSAxNyAxNi45OTkiIGZpbGw9IiNmNTUiIHN0cm9rZT0iI2EwMCIgc3Ryb2tlLXdpZHRoPSIxLjY2NSIvPgoJCQk8cGF0aCBkPSJtLTgwOC45Ni0xMTQuNjFjLTE3LjMzIDE3LjMzLTE3IDE2Ljk5OS0xNyAxNi45OTkiIGZpbGw9IiNmNTUiIHN0cm9rZT0iI2EwMCIgc3Ryb2tlLXdpZHRoPSIxLjY2NSIvPgoJCTwvZz4KCQk8ZWxsaXBzZSB0cmFuc2Zvcm09InJvdGF0ZSg1NS44ODUpIiBjeD0iLTUzNC45NiIgY3k9IjYxNS4wNyIgcng9IjYuMTg4MyIgcnk9IjEwLjI2NyIgZmlsbD0idXJsKCNhKSIvPgoJPC9nPgo8L3N2Zz4="); - width:0px; - height:0px; - cursor:pointer; - padding:0.45em; - background-repeat: no-repeat; - vertical-align:middle; - color: rgba(0, 0, 0, 0); -} - -@keyframes scale { - 50% { - opacity: 0.5; - transform:scale(1.1) rotate(2deg); - } -} diff --git a/plugins/deaddrop/assets/deaddrop.js b/plugins/deaddrop/assets/deaddrop.js deleted file mode 100644 index ebb6e12..0000000 --- a/plugins/deaddrop/assets/deaddrop.js +++ /dev/null @@ -1,300 +0,0 @@ -(function() { - - var server_max_size = 0, ws; - - function san(s) - { - if (!s) - return ""; - - return s.replace(/&/g, "&"). - replace(/\/g, ">"). - replace(/\"/g, """). - replace(/%/g, "%"); - } - - function lws_urlencode(s) - { - return encodeURI(s).replace(/@/g, "%40"); - } - - function trim(num) - { - var s = num.toString(); - - if (!s.indexOf(".")) - return s; - - while (s.length && s[s.length - 1] === "0") - s = s.substring(0, s.length - 1); - - if (s[s.length - 1] === ".") - s = s.substring(0, s.length - 1); - - return s; - } - - function humanize(n) - { - if (n < 1024) - return n + "B"; - - if (n < 1024 * 1024) - return trim((n / 1024).toFixed(2)) + "KiB"; - - if (n < 1024 * 1024 * 1024) - return trim((n / (1024 * 1024)).toFixed(2)) + "MiB"; - - return trim((n / (1024 * 1024 * 1024)).toFixed(2)) + "GiB"; - } - - function da_enter(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.add("trot"); - } - - function da_leave(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.remove("trot"); - } - - function da_over(e) - { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.add("trot"); - } - - function clear_errors() { - var t = document.getElementById("ongoing"); - - for (n = 0; n < t.rows.length; n++) - if (t.rows[n].cells[0].classList.contains("err")) - t.deleteRow(n); - } - - function do_upload(file) { - var formData = new FormData(); - var t = document.getElementById("ongoing"); - - formData.append("file", file); - - var row = t.insertRow(0), c1 = row.insertCell(0), - c2 = row.insertCell(1), c3 = row.insertCell(2); - - c1.classList.add("ogn"); - c1.classList.add("r"); - - if (file.size > server_max_size) { - c1.innerHTML = "Too Large"; - c1.classList.add("err"); - } else - c1.innerHTML = ""; - - c2.classList.add("ogn"); - c2.classList.add("r"); - c2.innerHTML = humanize(file.size); - - c3.classList.add("ogn"); - c3.innerHTML = file.name; - - if (file.size > server_max_size) - return; - - fetch("upload/" + lws_urlencode(file.name), { - method: "POST", - body: formData - }) - .then((e) => { /* this just means we got a response code */ - var us = e.url.split("/"), ul = us[us.length - 1], n; - - for (n = 0; n < t.rows.length; n++) - if (ul === lws_urlencode( - t.rows[n].cells[2].textContent)) { - if (e.ok === true) { - t.deleteRow(n); - } else { - t.rows[n].cells[0].textContent = - "Failed " + san(e.status.toString()); - t.rows[n].cells[0]. - classList.add("err"); - } - break; - } - }) - .catch((e) => { - var us = e.url.split("/"), ul = us[us.length - 1], n; - - for (n = 0; n < t.rows.length; n++) - if (ul === lws_urlencode( - t.rows[n].cells[2].textContent)) { - t.rows[n].cells[0] = "FAIL"; - break; - } - }); - } - - function da_drop(e) { - var da = document.getElementById("da"); - - e.preventDefault(); - da.classList.remove("trot"); - - clear_errors(); - - ([...e.dataTransfer.files]).forEach(do_upload); - } - - function upl_button(e) { - var fi = document.getElementById("file"), - da = document.getElementById("da"); - - clear_errors(); - e.preventDefault(); - - ([...fi.files]).forEach(do_upload); - } - - function body_drop(e) { - e.preventDefault(); - } - - function inp() { - var fi = document.getElementById("file"), - upl = document.getElementById("upl"); - console.log("inp"); - upl.disabled = !fi.files.length; - } - - function delfile(e) - { - e.stopPropagation(); - e.preventDefault(); - - ws.send("{\"del\":\"" + decodeURI(e.target.getAttribute("file")) + - "\"}"); - } - - function get_appropriate_ws_url(extra_url) - { - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; - } - - function new_ws(urlpath, protocol) - { - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); - } - - document.addEventListener("DOMContentLoaded", function() { - var da = document.getElementById("da"), - fi = document.getElementById("file"), - upl = document.getElementById("upl"); - - da.addEventListener("dragenter", da_enter, false); - da.addEventListener("dragleave", da_leave, false); - da.addEventListener("dragover", da_over, false); - da.addEventListener("drop", da_drop, false); - - upl.addEventListener("click", upl_button, false); - fi.addEventListener("change", inp, false); - - window.addEventListener("dragover", body_drop, false); - window.addEventListener("drop", body_drop, false); - - ws = new_ws(get_appropriate_ws_url(""), "lws-deaddrop"); - try { - ws.onopen = function() { - var dd = document.getElementById("ddrop"), - da = document.getElementById("da"); - - dd.classList.remove("noconn"); - da.classList.remove("disa"); - }; - - ws.onmessage = function got_packet(msg) { - var j = JSON.parse(msg.data), s = "", n, - t = document.getElementById("dd-list"); - - server_max_size = j.max_size; - document.getElementById("size").innerHTML = - "Server maximum file size " + - humanize(j.max_size); - - s += ""; - for (n = 0; n < j.files.length; n++) { - var date = new Date(j.files[n].mtime * 1000); - s += ""; - } - s += "
" + - humanize(j.files[n].size) + - "" + - date.toDateString() + " " + - date.toLocaleTimeString() + - ""; - if (j.files[n].yours === 1) - s += ""; - else - s += " "; - - s += "" + - san(j.files[n].name) + "
"; - - t.innerHTML = s; - - for (n = 0; n < j.files.length; n++) { - var d = document.getElementById("d" + n); - if (d) - d.addEventListener("click", - delfile, false); - } - }; - - ws.onclose = function() { - var dd = document.getElementById("ddrop"), - da = document.getElementById("da"); - - dd.classList.add("noconn"); - da.classList.add("disa"); - }; - } catch(exception) { - alert("

Error " + exception); - } - - }); -}()); diff --git a/plugins/deaddrop/assets/drop.svg b/plugins/deaddrop/assets/drop.svg deleted file mode 100644 index f413cf0..0000000 --- a/plugins/deaddrop/assets/drop.svg +++ /dev/null @@ -1,102 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/plugins/deaddrop/assets/index.html b/plugins/deaddrop/assets/index.html deleted file mode 100644 index a3f80f1..0000000 --- a/plugins/deaddrop/assets/index.html +++ /dev/null @@ -1,34 +0,0 @@ - - - - - - - -

LWS Deaddrop

-
- - - -
-
-
-

...or select files to upload:

-
-
- - -
- -
-
-
-
- -
-
-
- - \ No newline at end of file diff --git a/plugins/deaddrop/protocol_lws_deaddrop.c b/plugins/deaddrop/protocol_lws_deaddrop.c deleted file mode 100644 index 7c40f69..0000000 --- a/plugins/deaddrop/protocol_lws_deaddrop.c +++ /dev/null @@ -1,702 +0,0 @@ -/* - * lws protocol handler plugin for "Dead Drop" - * - * Copyright (C) 2010 - 2018 Andy Green - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation: - * version 2.1 of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include -#include -#include -#include -#include -#include -#ifdef WIN32 -#include -#endif -#include -#include - -struct dir_entry { - lws_list_ptr next; /* sorted by mtime */ - char user[32]; - unsigned long long size; - time_t mtime; -}; -/* filename follows */ - -#define lp_to_dir_entry(p, _n) lws_list_ptr_container(p, struct dir_entry, _n) - -struct pss_deaddrop; - -struct vhd_deaddrop { - struct lws_context *context; - struct lws_vhost *vh; - const struct lws_protocols *protocol; - - struct pss_deaddrop *pss_head; - - const char *upload_dir; - - struct lwsac *lwsac_head; - struct dir_entry *dire_head; - int filelist_version; - - unsigned long long max_size; -}; - -struct pss_deaddrop { - struct lws_spa *spa; - struct vhd_deaddrop *vhd; - struct lws *wsi; - char result[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE]; - char filename[256]; - char user[32]; - unsigned long long file_length; - lws_filefd_type fd; - int response_code; - - struct pss_deaddrop *pss_list; - - struct lwsac *lwsac_head; - struct dir_entry *dire; - int filelist_version; - - uint8_t completed:1; - uint8_t sent_headers:1; - uint8_t sent_body:1; - uint8_t first:1; -}; - -static const char * const param_names[] = { - "text", - "send", - "file", - "upload", -}; - -enum enum_param_names { - EPN_TEXT, - EPN_SEND, - EPN_FILE, - EPN_UPLOAD, -}; - -static int -de_mtime_sort(lws_list_ptr a, lws_list_ptr b) -{ - struct dir_entry *p1 = lp_to_dir_entry(a, next), - *p2 = lp_to_dir_entry(b, next); - - return (int)(p2->mtime - p1->mtime); -} - -static void -start_sending_dir(struct pss_deaddrop *pss) -{ - if (pss->vhd->lwsac_head) - lwsac_reference(pss->vhd->lwsac_head); - pss->lwsac_head = pss->vhd->lwsac_head; - pss->dire = pss->vhd->dire_head; - pss->filelist_version = pss->vhd->filelist_version; - pss->first = 1; -} - -static int -scan_upload_dir(struct vhd_deaddrop *vhd) -{ - char filepath[256], subdir[3][128], *p; - int m, sp = 0, initial, found = 0; - struct lwsac *lwsac_head = NULL; - lws_list_ptr sorted_head = NULL; - struct dir_entry *dire; - struct dirent *de; - struct stat s; - DIR *dir[3]; - - initial = strlen(vhd->upload_dir) + 1; - lws_strncpy(subdir[sp], vhd->upload_dir, sizeof(subdir[sp])); - dir[sp] = opendir(vhd->upload_dir); - if (!dir[sp]) { - lwsl_err("%s: Unable to walk upload dir '%s'\n", __func__, - vhd->upload_dir); - return -1; - } - - do { - de = readdir(dir[sp]); - if (!de) { - closedir(dir[sp]); - if (!sp) - break; - sp--; - continue; - } - - p = filepath; - - for (m = 0; m <= sp; m++) - p += lws_snprintf(p, (filepath + sizeof(filepath)) - p, - "%s/", subdir[m]); - - lws_snprintf(p, (filepath + sizeof(filepath)) - p, "%s", - de->d_name); - - /* ignore temp files */ - if (de->d_name[strlen(de->d_name) - 1] == '~') - continue; - - if (stat(filepath, &s)) - continue; - - if (S_ISDIR(s.st_mode)) { - if (!strcmp(de->d_name, ".") || - !strcmp(de->d_name, "..")) - continue; - sp++; - if (sp == LWS_ARRAY_SIZE(dir)) { - lwsl_err("%s: Skipping too-deep subdir %s\n", - __func__, filepath); - sp--; - continue; - } - lws_strncpy(subdir[sp], de->d_name, sizeof(subdir[sp])); - dir[sp] = opendir(filepath); - if (!dir[sp]) { - lwsl_err("%s: Unable to open subdir '%s'\n", - __func__, filepath); - goto bail; - } - continue; - } - - m = strlen(filepath + initial) + 1; - dire = lwsac_use(&lwsac_head, sizeof(*dire) + m, 0); - if (!dire) { - lwsac_free(&lwsac_head); - - goto bail; - } - - dire->next = NULL; - dire->size = s.st_size; - dire->mtime = s.st_mtime; - dire->user[0] = '\0'; - if (sp) - lws_strncpy(dire->user, subdir[1], sizeof(dire->user)); - - found++; - - memcpy(&dire[1], filepath + initial, m); - - lws_list_ptr_insert(&sorted_head, &dire->next, de_mtime_sort); - } while (1); - - /* the old lwsac continues to live while someone else is consuming it */ - if (vhd->lwsac_head) - lwsac_detach(&vhd->lwsac_head); - - /* we replace it with the fresh one */ - vhd->lwsac_head = lwsac_head; - if (sorted_head) - vhd->dire_head = lp_to_dir_entry(sorted_head, next); - else - vhd->dire_head = NULL; - - vhd->filelist_version++; - - lwsl_info("%s: found %d\n", __func__, found); - - lws_start_foreach_llp(struct pss_deaddrop **, ppss, vhd->pss_head) { - start_sending_dir(*ppss); - lws_callback_on_writable((*ppss)->wsi); - } lws_end_foreach_llp(ppss, pss_list); - - return 0; - -bail: - while (sp >= 0) - closedir(dir[sp--]); - - return -1; -} - -static int -file_upload_cb(void *data, const char *name, const char *filename, - char *buf, int len, enum lws_spa_fileupload_states state) -{ - struct pss_deaddrop *pss = (struct pss_deaddrop *)data; - char filename2[256]; - int n; - - (void)n; - - switch (state) { - case LWS_UFS_OPEN: - lws_urldecode(filename2, filename, sizeof(filename2) - 1); - lws_filename_purify_inplace(filename2); - if (pss->user[0]) { - lws_filename_purify_inplace(pss->user); - lws_snprintf(pss->filename, sizeof(pss->filename), - "%s/%s", pss->vhd->upload_dir, pss->user); - if (mkdir(pss->filename -#if !defined(WIN32) - , 0700 -#endif - ) < 0) - lwsl_debug("%s: mkdir failed\n", __func__); - lws_snprintf(pss->filename, sizeof(pss->filename), - "%s/%s/%s~", pss->vhd->upload_dir, - pss->user, filename2); - } else - lws_snprintf(pss->filename, sizeof(pss->filename), - "%s/%s~", pss->vhd->upload_dir, filename2); - lwsl_notice("%s: filename '%s'\n", __func__, pss->filename); - - pss->fd = (lws_filefd_type)(long long)lws_open(pss->filename, - O_CREAT | O_TRUNC | O_RDWR, 0600); - if (pss->fd == LWS_INVALID_FILE) { - pss->response_code = HTTP_STATUS_INTERNAL_SERVER_ERROR; - lwsl_err("%s: unable to open %s (errno %d)\n", __func__, - pss->filename, errno); - return -1; - } - break; - - case LWS_UFS_FINAL_CONTENT: - case LWS_UFS_CONTENT: - if (len) { - pss->file_length += len; - - /* if the file length is too big, drop it */ - if (pss->file_length > pss->vhd->max_size) { - pss->response_code = - HTTP_STATUS_REQ_ENTITY_TOO_LARGE; - close((int)(long long)pss->fd); - pss->fd = LWS_INVALID_FILE; - unlink(pss->filename); - - return -1; - } - - if (pss->fd != LWS_INVALID_FILE) { - n = write((int)(long long)pss->fd, buf, len); - lwsl_debug("%s: write %d says %d\n", __func__, - len, n); - lws_set_timeout(pss->wsi, PENDING_TIMEOUT_HTTP_CONTENT, 30); - } - } - if (state == LWS_UFS_CONTENT) - break; - - if (pss->fd != LWS_INVALID_FILE) - close((int)(long long)pss->fd); - - /* the temp filename without the ~ */ - lws_strncpy(filename2, pss->filename, sizeof(filename2)); - filename2[strlen(filename2) - 1] = '\0'; - if (rename(pss->filename, filename2) < 0) - lwsl_err("%s: unable to rename\n", __func__); - - pss->fd = LWS_INVALID_FILE; - pss->response_code = HTTP_STATUS_OK; - scan_upload_dir(pss->vhd); - - break; - case LWS_UFS_CLOSE: - break; - } - - return 0; -} - -/* - * returns length in bytes - */ - -static int -format_result(struct pss_deaddrop *pss) -{ - unsigned char *p, *start, *end; - - p = (unsigned char *)pss->result + LWS_PRE; - start = p; - end = p + sizeof(pss->result) - LWS_PRE - 1; - - p += lws_snprintf((char *)p, end -p, - "" - "" - ""); - p += lws_snprintf((char *)p, end - p, ""); - - return (int)lws_ptr_diff(p, start); -} - -static int -callback_deaddrop(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct vhd_deaddrop *vhd = (struct vhd_deaddrop *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - struct pss_deaddrop *pss = (struct pss_deaddrop *)user; - uint8_t buf[LWS_PRE + LWS_RECOMMENDED_MIN_HEADER_SPACE], - *start = &buf[LWS_PRE], *p = start, - *end = &buf[sizeof(buf) - LWS_PRE - 1]; - char fname[256], *wp; - const char *cp; - int n, m, was; - - switch (reason) { - - case LWS_CALLBACK_PROTOCOL_INIT: /* per vhost */ - lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct vhd_deaddrop)); - - vhd = (struct vhd_deaddrop *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - - vhd->context = lws_get_context(wsi); - vhd->vh = lws_get_vhost(wsi); - vhd->protocol = lws_get_protocol(wsi); - vhd->max_size = 20 * 1024 * 1024; /* default without pvo */ - - if (!lws_pvo_get_str(in, "max-size", &cp)) - vhd->max_size = atoll(cp); - if (lws_pvo_get_str(in, "upload-dir", &vhd->upload_dir)) { - lwsl_err("%s: requires 'upload-dir' pvo\n", __func__); - return -1; - } - - scan_upload_dir(vhd); - - lwsl_notice(" deaddrop: vh %s, upload dir %s, max size %llu\n", - lws_get_vhost_name(vhd->vh), vhd->upload_dir, - vhd->max_size); - break; - - case LWS_CALLBACK_PROTOCOL_DESTROY: - lwsac_free(&vhd->lwsac_head); - break; - - /* WS-related */ - - case LWS_CALLBACK_ESTABLISHED: - pss->vhd = vhd; - pss->wsi = wsi; - /* add ourselves to the list of live pss held in the vhd */ - pss->pss_list = vhd->pss_head; - vhd->pss_head = pss; - - m = lws_hdr_copy(wsi, pss->user, sizeof(pss->user), - WSI_TOKEN_HTTP_AUTHORIZATION); - if (m > 0) - lwsl_info("%s: basic auth user: %s\n", - __func__, pss->user); - else - pss->user[0] = '\0'; - - start_sending_dir(pss); - lws_callback_on_writable(wsi); - return 0; - - case LWS_CALLBACK_CLOSED: - if (pss->lwsac_head) - lwsac_unreference(&pss->lwsac_head); - /* remove our closing pss from the list of live pss */ - lws_start_foreach_llp(struct pss_deaddrop **, - ppss, vhd->pss_head) { - if (*ppss == pss) { - *ppss = pss->pss_list; - break; - } - } lws_end_foreach_llp(ppss, pss_list); - return 0; - - case LWS_CALLBACK_RECEIVE: - /* we get this kind of thing {"del":"agreen/no-entry.svg"} */ - if (!pss || len < 10) - break; - - if (strncmp((const char *)in, "{\"del\":\"", 8)) - break; - - cp = strchr((const char *)in, '/'); - if (cp) { - n = ((void *)cp - in) - 8; - - if ((int)strlen(pss->user) != n || - memcmp(pss->user, ((const char *)in) + 8, n)) { - lwsl_notice("%s: del: auth mismatch " - " '%s' '%s' (%d)\n", - __func__, pss->user, - ((const char *)in) + 8, n); - break; - } - } - - lws_strncpy(fname, ((const char *)in) + 8, sizeof(fname)); - lws_filename_purify_inplace(fname); - wp = strchr((const char *)fname, '\"'); - if (wp) - *wp = '\0'; - - lws_snprintf((char *)buf, sizeof(buf), "%s/%s", vhd->upload_dir, - fname); - - lwsl_notice("%s: del: path %s\n", __func__, (const char *)buf); - - if (unlink((const char *)buf) < 0) - lwsl_err("%s: unlink %s failed\n", __func__, - (const char *)buf); - - scan_upload_dir(vhd); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (pss->lwsac_head && !pss->dire) - return 0; - - was = 0; - if (pss->first) { - p += lws_snprintf((char *)p, lws_ptr_diff(end, p), - "{\"max_size\":%llu, \"files\": [", - vhd->max_size); - was = 1; - } - - m = 5; - while (m-- && pss->dire) { - p += lws_snprintf((char *)p, lws_ptr_diff(end, p), - "%c{\"name\":\"%s\", " - "\"size\":%llu," - "\"mtime\":%llu," - "\"yours\":%d}", - pss->first ? ' ' : ',', - (const char *)&pss->dire[1], - pss->dire->size, - (unsigned long long)pss->dire->mtime, - !strcmp(pss->user, pss->dire->user) && - pss->user[0]); - pss->first = 0; - pss->dire = lp_to_dir_entry(pss->dire->next, next); - } - - if (!pss->dire) { - p += lws_snprintf((char *)p, lws_ptr_diff(end, p), - "]}"); - if (pss->lwsac_head) { - lwsac_unreference(&pss->lwsac_head); - pss->lwsac_head = NULL; - } - } - - n = lws_write(wsi, start, lws_ptr_diff(p, start), - lws_write_ws_flags(LWS_WRITE_TEXT, was, - !pss->dire)); - if (n < 0) { - lwsl_notice("%s: ws write failed\n", __func__); - return 1; - } - if (pss->dire) { - lws_callback_on_writable(wsi); - - return 0; - } - - /* ie, we finished */ - - if (pss->filelist_version != pss->vhd->filelist_version) { - lwsl_info("%s: restart send\n", __func__); - /* what we just sent is already out of date */ - start_sending_dir(pss); - lws_callback_on_writable(wsi); - } - - return 0; - - /* POST-related */ - - case LWS_CALLBACK_HTTP_BODY: - - /* create the POST argument parser if not already existing */ - if (!pss->spa) { - pss->vhd = vhd; - pss->wsi = wsi; - pss->spa = lws_spa_create(wsi, param_names, - LWS_ARRAY_SIZE(param_names), - 1024, file_upload_cb, pss); - if (!pss->spa) - return -1; - - pss->filename[0] = '\0'; - pss->file_length = 0; - /* catchall */ - pss->response_code = HTTP_STATUS_SERVICE_UNAVAILABLE; - - m = lws_hdr_copy(wsi, pss->user, sizeof(pss->user), - WSI_TOKEN_HTTP_AUTHORIZATION); - if (m > 0) - lwsl_info("basic auth user: %s\n", pss->user); - else - pss->user[0] = '\0'; - } - - /* let it parse the POST data */ - if (lws_spa_process(pss->spa, in, (int)len)) { - lwsl_notice("spa saw a problem\n"); - /* some problem happened */ - lws_spa_finalize(pss->spa); - - pss->completed = 1; - lws_callback_on_writable(wsi); - } - break; - - case LWS_CALLBACK_HTTP_BODY_COMPLETION: - /* call to inform no more payload data coming */ - lws_spa_finalize(pss->spa); - - pss->completed = 1; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_HTTP_WRITEABLE: - if (!pss->completed) - break; - - p = (unsigned char *)pss->result + LWS_PRE; - start = p; - end = p + sizeof(pss->result) - LWS_PRE - 1; - - if (!pss->sent_headers) { - n = format_result(pss); - - if (lws_add_http_header_status(wsi, pss->response_code, - &p, end)) - goto bail; - - if (lws_add_http_header_by_token(wsi, - WSI_TOKEN_HTTP_CONTENT_TYPE, - (unsigned char *)"text/html", 9, - &p, end)) - goto bail; - if (lws_add_http_header_content_length(wsi, n, &p, end)) - goto bail; - if (lws_finalize_http_header(wsi, &p, end)) - goto bail; - - /* first send the headers ... */ - n = lws_write(wsi, start, lws_ptr_diff(p, start), - LWS_WRITE_HTTP_HEADERS | - LWS_WRITE_H2_STREAM_END); - if (n < 0) - goto bail; - - pss->sent_headers = 1; - lws_callback_on_writable(wsi); - break; - } - - if (!pss->sent_body) { - n = format_result(pss); - n = lws_write(wsi, (unsigned char *)start, n, - LWS_WRITE_HTTP_FINAL); - - pss->sent_body = 1; - if (n < 0) { - lwsl_err("%s: writing body failed\n", __func__); - return 1; - } - goto try_to_reuse; - } - break; - - case LWS_CALLBACK_HTTP_DROP_PROTOCOL: - /* called when our wsi user_space is going to be destroyed */ - if (pss->spa) { - lws_spa_destroy(pss->spa); - pss->spa = NULL; - } - break; - - default: - break; - } - - return 0; - -bail: - - return 1; - -try_to_reuse: - if (lws_http_transaction_completed(wsi)) - return -1; - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_DEADDROP \ - { \ - "lws-deaddrop", \ - callback_deaddrop, \ - sizeof(struct pss_deaddrop), \ - 1024, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_DEADDROP -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_deaddrop(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_deaddrop(struct lws_context *context) -{ - return 0; -} - -#endif diff --git a/plugins/generic-sessions/assets/index.html b/plugins/generic-sessions/assets/index.html index d40904a..276d1cc 100644 --- a/plugins/generic-sessions/assets/index.html +++ b/plugins/generic-sessions/assets/index.html @@ -1,44 +1,52 @@ - - - - + + + - - - + +
- - -
-
+
+
- -
- +
+ +
+ - +
- + + diff --git a/plugins/generic-sessions/assets/lwsgs.css b/plugins/generic-sessions/assets/lwsgs.css deleted file mode 100644 index 9dfde75..0000000 --- a/plugins/generic-sessions/assets/lwsgs.css +++ /dev/null @@ -1,134 +0,0 @@ -.body { font-size: 12px } -.gstitle { font-size: 18px } - -.group1 { - vertical-align:middle; - text-align:center; - background:#f0f0e0; - padding:12px; - border-radius:10px; -} -.group2 { - display:none; - vertical-align:middle; - font-size: 22px; - text-align:center; - margin:auto; - align:center; - background-color: rgba(255, 255, 255, 0.8); - padding:12px; - border-radius:10px; -} - -body.seats { - background-image:url(seats.jpg) -} - -div.lwsgs { - z-index: 3; - text-align:right; - background-color: rgba(255, 255, 255, 0.8); -} - -table.lwsgs { - width:100%; - height:100%; - transition: max-height 2s; -} -table.c100 { - text-align:center; - width:100%; -} - -table.r { - vertical-align:top; - text-align:right; -} - -table.l { - vertical-align:top; - text-align:left; -} - -table.fixed { - table-layout: fixed; -} - -td.logo { - vertical-align:top; - text-align:left; - width:200px -} - -td.lwsgs { - vertical-align:top; - float:right; -} - -td.h99 { - height:99%; - vertical-align:middle; -} - -td.c { - margin:auto; - align:center -} - -td.tac { - text-align:center -} - -td.ava { - display:inline-block; - vertical-align:top; - word-wrap:break-word; -} - -iframe.hidden { - display:none; -} - -div.hidden { - display:none; -} - -div.hiddenr { - display:none; - text-align:right; -} - -input { - margin: 2px; - padding: 2px; -} - -input.em { - margin: 4px; - font-weight:bold; -} - -input.wide { - margin: 6px; - padding: 6px; -} - -input.hidden { - display: none; -} - -form.r { - text-align:right; -} - -span.bad { - color: red; -} - -span.small { - font-size:8pt; -} - -.green { - color: green; -} diff --git a/plugins/generic-sessions/assets/lwsgs.js b/plugins/generic-sessions/assets/lwsgs.js index b9bfe16..1d63b5f 100644 --- a/plugins/generic-sessions/assets/lwsgs.js +++ b/plugins/generic-sessions/assets/lwsgs.js @@ -5,7 +5,7 @@ var lwsgs_auth = "$lwsgs_auth"; var lwsgs_email = "$lwsgs_email"; var lwsgs_html = '\ -

Error " + exception); - } - -}, false); - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/favicon.ico b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/favicon.ico deleted file mode 100644 index c0cc2e3dff34012ba3d4a7848a7ed17579788ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1406 zcmZQzU<5(|0R}M0U}azs1F|%L7$l?s#Ec9aKoZP=&`9i!<^REA8>%80(yxAC$j<-A zkb5S8;qL6446ipNFl>5#fuVR6L=8goC~GtXMnhmYga9MSfQgBTk&TUw5$JocUP63y z3phA97+G0a8QIy{!BT|y==xb$SQt4uIT@LmnZZ(o_~`mk`Tv1M8w?+DXJCL~kQj^& JqOtKoVgQl$ETjMc diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/index.html b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/index.html deleted file mode 100644 index f54f1cc..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/index.html +++ /dev/null @@ -1,19 +0,0 @@ - - - - - - - -
- - LWS bulk transfer example
.
- A large ws message is sent to all browsers open on this page.
- The browser js echoes the large ws message back to the server.
-
- Ws closed
-
-
- - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/libwebsockets.org-logo.svg b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/libwebsockets.org-logo.svg deleted file mode 100644 index 7baea64..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/libwebsockets.org-logo.svg +++ /dev/null @@ -1,120 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/strict-csp.svg b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/strict-csp.svg deleted file mode 100644 index cd128f1..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/mount-origin/strict-csp.svg +++ /dev/null @@ -1,53 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/protocol_lws_minimal_pmd_bulk.c b/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/protocol_lws_minimal_pmd_bulk.c deleted file mode 100644 index 09e4307..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-bulk/protocol_lws_minimal_pmd_bulk.c +++ /dev/null @@ -1,256 +0,0 @@ -/* - * ws protocol handler plugin for "lws-minimal-pmd-bulk" - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * The protocol shows how to send and receive bulk messages over a ws connection - * that optionally may have the permessage-deflate extension negotiated on it. - */ - -#if !defined (LWS_PLUGIN_STATIC) -#define LWS_DLL -#define LWS_INTERNAL -#include -#endif - -#include - -/* - * We will produce a large ws message either from this text repeated many times, - * or from 0x40 + a 6-bit pseudorandom number - */ - -static const char * const redundant_string = - "No one would have believed in the last years of the nineteenth " - "century that this world was being watched keenly and closely by " - "intelligences greater than man's and yet as mortal as his own; that as " - "men busied themselves about their various concerns they were " - "scrutinised and studied, perhaps almost as narrowly as a man with a " - "microscope might scrutinise the transient creatures that swarm and " - "multiply in a drop of water. With infinite complacency men went to " - "and fro over this globe about their little affairs, serene in their " - "assurance of their empire over matter. It is possible that the " - "infusoria under the microscope do the same. No one gave a thought to " - "the older worlds of space as sources of human danger, or thought of " - "them only to dismiss the idea of life upon them as impossible or " - "improbable. It is curious to recall some of the mental habits of " - "those departed days. At most terrestrial men fancied there might be " - "other men upon Mars, perhaps inferior to themselves and ready to " - "welcome a missionary enterprise. Yet across the gulf of space, minds " - "that are to our minds as ours are to those of the beasts that perish, " - "intellects vast and cool and unsympathetic, regarded this earth with " - "envious eyes, and slowly and surely drew their plans against us. And " - "early in the twentieth century came the great disillusionment. " -; - -/* this reflects the length of the string above */ -#define REPEAT_STRING_LEN 1337 -/* this is the total size of the ws message we will send */ -#define MESSAGE_SIZE (100 * REPEAT_STRING_LEN) -/* this is how much we will send each time the connection is writable */ -#define MESSAGE_CHUNK_SIZE (1 * 1024) - -/* one of these is created for each client connecting to us */ - -struct per_session_data__minimal_pmd_bulk { - int position_tx, position_rx; - uint64_t rng_rx, rng_tx; -}; - -struct vhd_minimal_pmd_bulk { - int *interrupted; - /* - * b0 = 1: test compressible text, = 0: test uncompressible binary - * b1 = 1: send as a single blob, = 0: send as fragments - */ - int *options; -}; - -static uint64_t rng(uint64_t *r) -{ - *r ^= *r << 21; - *r ^= *r >> 35; - *r ^= *r << 4; - - return *r; -} - -static int -callback_minimal_pmd_bulk(struct lws *wsi, enum lws_callback_reasons reason, - void *user, void *in, size_t len) -{ - struct per_session_data__minimal_pmd_bulk *pss = - (struct per_session_data__minimal_pmd_bulk *)user; - struct vhd_minimal_pmd_bulk *vhd = (struct vhd_minimal_pmd_bulk *) - lws_protocol_vh_priv_get(lws_get_vhost(wsi), - lws_get_protocol(wsi)); - uint8_t buf[LWS_PRE + MESSAGE_SIZE], *start = &buf[LWS_PRE], *p; - int n, m, flags, olen, amount; - - switch (reason) { - case LWS_CALLBACK_PROTOCOL_INIT: - vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), - lws_get_protocol(wsi), - sizeof(struct vhd_minimal_pmd_bulk)); - if (!vhd) - return -1; - - /* get the pointer to "interrupted" we were passed in pvo */ - vhd->interrupted = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "interrupted")->value; - vhd->options = (int *)lws_pvo_search( - (const struct lws_protocol_vhost_options *)in, - "options")->value; - break; - - case LWS_CALLBACK_ESTABLISHED: - pss->rng_tx = 4; - pss->rng_rx = 4; - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_SERVER_WRITEABLE: - if (pss->position_tx == MESSAGE_SIZE) - break; - - amount = MESSAGE_CHUNK_SIZE; - if ((*vhd->options) & 2) { - amount = MESSAGE_SIZE; - lwsl_user("(writing as one blob of %d)\n", amount); - } - - /* fill up one chunk's worth of message content */ - - p = start; - n = amount; - if (n > MESSAGE_SIZE - pss->position_tx) - n = MESSAGE_SIZE - pss->position_tx; - - flags = lws_write_ws_flags(LWS_WRITE_BINARY, !pss->position_tx, - pss->position_tx + n == MESSAGE_SIZE); - - /* - * select between producing compressible repeated text, - * or uncompressible PRNG output - */ - - if (*vhd->options & 1) { - while (n) { - size_t s; - - m = pss->position_tx % REPEAT_STRING_LEN; - s = REPEAT_STRING_LEN - m; - if (s > (size_t)n) - s = n; - memcpy(p, &redundant_string[m], s); - pss->position_tx += s; - p += s; - n -= s; - } - } else { - pss->position_tx += n; - while (n--) - *p++ = rng(&pss->rng_tx); - } - - n = lws_ptr_diff(p, start); - m = lws_write(wsi, start, n, flags); - lwsl_user("LWS_CALLBACK_SERVER_WRITEABLE: wrote %d\n", n); - if (m < n) { - lwsl_err("ERROR %d / %d writing ws\n", m, n); - return -1; - } - if (pss->position_tx != MESSAGE_SIZE) /* if more to do... */ - lws_callback_on_writable(wsi); - break; - - case LWS_CALLBACK_RECEIVE: - lwsl_user("LWS_CALLBACK_RECEIVE: %4d (pss->pos=%d, rpp %5d, last %d)\n", - (int)len, (int)pss->position_rx, (int)lws_remaining_packet_payload(wsi), - lws_is_final_fragment(wsi)); - olen = len; - - if (*vhd->options & 1) { - while (len) { - size_t s; - m = pss->position_rx % REPEAT_STRING_LEN; - s = REPEAT_STRING_LEN - m; - if (s > len) - s = len; - if (memcmp(in, &redundant_string[m], s)) { - lwsl_user("echo'd data doesn't match\n"); - return -1; - } - pss->position_rx += s; - in = ((char *)in) + s; - len -= s; - } - } else { - p = (uint8_t *)in; - pss->position_rx += len; - while (len--) { - if (*p++ != (uint8_t)rng(&pss->rng_rx)) { - lwsl_user("echo'd data doesn't match: 0x%02X 0x%02X (%d)\n", - *(p - 1), (int)(0x40 + (pss->rng_rx & 0x3f)), - (int)((pss->position_rx - olen) + olen - len)); - lwsl_hexdump_notice(in, olen); - return -1; - } - } - if (pss->position_rx == MESSAGE_SIZE) - pss->position_rx = 0; - } - break; - - default: - break; - } - - return 0; -} - -#define LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK \ - { \ - "lws-minimal-pmd-bulk", \ - callback_minimal_pmd_bulk, \ - sizeof(struct per_session_data__minimal_pmd_bulk), \ - 4096, \ - 0, NULL, 0 \ - } - -#if !defined (LWS_PLUGIN_STATIC) - -/* boilerplate needed if we are built as a dynamic plugin */ - -static const struct lws_protocols protocols[] = { - LWS_PLUGIN_PROTOCOL_MINIMAL_PMD_BULK -}; - -LWS_EXTERN LWS_VISIBLE int -init_protocol_minimal_pmd_bulk(struct lws_context *context, - struct lws_plugin_capability *c) -{ - if (c->api_magic != LWS_PLUGIN_API_MAGIC) { - lwsl_err("Plugin API %d, library API %d", LWS_PLUGIN_API_MAGIC, - c->api_magic); - return 1; - } - - c->protocols = protocols; - c->count_protocols = LWS_ARRAY_SIZE(protocols); - c->extensions = NULL; - c->count_extensions = 0; - - return 0; -} - -LWS_EXTERN LWS_VISIBLE int -destroy_protocol_minimal_pmd_bulk(struct lws_context *context) -{ - return 0; -} -#endif diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/CMakeLists.txt b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/CMakeLists.txt deleted file mode 100644 index 1098d50..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/CMakeLists.txt +++ /dev/null @@ -1,79 +0,0 @@ -cmake_minimum_required(VERSION 2.8.9) -include(CheckCSourceCompiles) - -set(SAMP lws-minimal-ws-server-pmd-corner) -set(SRCS minimal-ws-server-pmd-corner.c) - -# If we are being built as part of lws, confirm current build config supports -# reqconfig, else skip building ourselves. -# -# If we are being built externally, confirm installed lws was configured to -# support reqconfig, else error out with a helpful message about the problem. -# -MACRO(require_lws_config reqconfig _val result) - - if (DEFINED ${reqconfig}) - if (${reqconfig}) - set (rq 1) - else() - set (rq 0) - endif() - else() - set(rq 0) - endif() - - if (${_val} EQUAL ${rq}) - set(SAME 1) - else() - set(SAME 0) - endif() - - if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) - if (${_val}) - message("${SAMP}: skipping as lws being built without ${reqconfig}") - else() - message("${SAMP}: skipping as lws built with ${reqconfig}") - endif() - set(${result} 0) - else() - if (LWS_WITH_MINIMAL_EXAMPLES) - set(MET ${SAME}) - else() - CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) - if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) - set(HAS_${reqconfig} 0) - else() - set(HAS_${reqconfig} 1) - endif() - if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) - set(MET 1) - else() - set(MET 0) - endif() - endif() - if (NOT MET) - if (${_val}) - message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") - else() - message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") - endif() - endif() - - endif() -ENDMACRO() - -set(requirements 1) -require_lws_config(LWS_ROLE_WS 1 requirements) -require_lws_config(LWS_WITHOUT_SERVER 0 requirements) -require_lws_config(LWS_WITHOUT_EXTENSIONS 0 requirements) - -if (requirements) - add_executable(${SAMP} ${SRCS}) - - if (websockets_shared) - target_link_libraries(${SAMP} websockets_shared) - add_dependencies(${SAMP} websockets_shared) - else() - target_link_libraries(${SAMP} websockets) - endif() -endif() diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/README.md b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/README.md deleted file mode 100644 index eb5a738..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/README.md +++ /dev/null @@ -1,24 +0,0 @@ -# lws minimal ws server + permessage-deflate corner case tests - -## build - -``` - $ cmake . && make -``` - -## usage - -``` - $ ./lws-minimal-ws-server-pmd-corner -[2018/11/21 16:47:49:0171] USER: LWS minimal ws server + permessage-deflate Corner Cases | visit http://localhost:7681 -[2018/11/21 16:47:49:0172] NOTICE: Creating Vhost 'default' port 7681, 2 protocols, IPv6 off - -``` - -Visit http://localhost:7681 - -5 ws connections are made via permessage-deflate extension. - -When the ws connection is established, various amounts of data are sent -resulting in ciphertext packets of a known size. - diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/minimal-ws-server-pmd-corner.c b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/minimal-ws-server-pmd-corner.c deleted file mode 100644 index 7a31a1f..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/minimal-ws-server-pmd-corner.c +++ /dev/null @@ -1,108 +0,0 @@ -/* - * lws-minimal-ws-server - * - * Written in 2010-2019 by Andy Green - * - * This file is made available under the Creative Commons CC0 1.0 - * Universal Public Domain Dedication. - * - * This demonstrates the most minimal http server you can make with lws. - * - * To keep it simple, it serves stuff in the subdirectory "./mount-origin" of - * the directory it was started in. - * You can change that by changing mount.origin. - */ - -#include -#include -#include - -#define LWS_PLUGIN_STATIC -#include "protocol_lws_minimal.c" - -static struct lws_protocols protocols[] = { - { "http", lws_callback_http_dummy, 0, 0 }, - LWS_PLUGIN_PROTOCOL_MINIMAL, - { NULL, NULL, 0, 0 } /* terminator */ -}; - -static int interrupted; - -static const struct lws_http_mount mount = { - /* .mount_next */ NULL, /* linked-list "next" */ - /* .mountpoint */ "/", /* mountpoint URL */ - /* .origin */ "./mount-origin", /* serve from dir */ - /* .def */ "index.html", /* default filename */ - /* .protocol */ NULL, - /* .cgienv */ NULL, - /* .extra_mimetypes */ NULL, - /* .interpret */ NULL, - /* .cgi_timeout */ 0, - /* .cache_max_age */ 0, - /* .auth_mask */ 0, - /* .cache_reusable */ 0, - /* .cache_revalidate */ 0, - /* .cache_intermediaries */ 0, - /* .origin_protocol */ LWSMPRO_FILE, /* files in a dir */ - /* .mountpoint_len */ 1, /* char count */ - /* .basic_auth_login_file */ NULL, -}; - -static const struct lws_extension extensions[] = { - { - "permessage-deflate", - lws_extension_callback_pm_deflate, - "permessage-deflate" - "; client_no_context_takeover" - "; client_max_window_bits" - }, - { NULL, NULL, NULL /* terminator */ } -}; - -void sigint_handler(int sig) -{ - interrupted = 1; -} - -int main(int argc, const char **argv) -{ - struct lws_context_creation_info info; - struct lws_context *context; - const char *p; - int n = 0, logs = LLL_USER | LLL_ERR | LLL_WARN | LLL_NOTICE - /* for LLL_ verbosity above NOTICE to be built into lws, - * lws must have been configured and built with - * -DCMAKE_BUILD_TYPE=DEBUG instead of =RELEASE */ - /* | LLL_INFO */ /* | LLL_PARSER */ /* | LLL_HEADER */ - /* | LLL_EXT */ /* | LLL_CLIENT */ /* | LLL_LATENCY */ - /* | LLL_DEBUG */; - - signal(SIGINT, sigint_handler); - - if ((p = lws_cmdline_option(argc, argv, "-d"))) - logs = atoi(p); - - lws_set_log_level(logs, NULL); - lwsl_user("LWS minimal ws server + permessage-deflate Corner Cases | visit http://localhost:7681\n"); - - memset(&info, 0, sizeof info); /* otherwise uninitialized garbage */ - info.port = 7681; - info.mounts = &mount; - info.protocols = protocols; - info.extensions = extensions; - info.options = - LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE; - - context = lws_create_context(&info); - if (!context) { - lwsl_err("lws init failed\n"); - return 1; - } - - while (n >= 0 && !interrupted) - n = lws_service(context, 0); - - lws_context_destroy(context); - - return 0; -} diff --git a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/example.js b/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/example.js deleted file mode 100644 index ec3a99c..0000000 --- a/minimal-examples/ws-server/minimal-ws-server-pmd-corner/mount-origin/example.js +++ /dev/null @@ -1,88 +0,0 @@ - -function get_appropriate_ws_url(extra_url) -{ - var pcol; - var u = document.URL; - - /* - * We open the websocket encrypted if this page came on an - * https:// url itself, otherwise unencrypted - */ - - if (u.substring(0, 5) === "https") { - pcol = "wss://"; - u = u.substr(8); - } else { - pcol = "ws://"; - if (u.substring(0, 4) === "http") - u = u.substr(7); - } - - u = u.split("/"); - - /* + "/xxx" bit is for IE10 workaround */ - - return pcol + u[0] + "/" + extra_url; -} - -function new_ws(urlpath, protocol) -{ - if (typeof MozWebSocket != "undefined") - return new MozWebSocket(urlpath, protocol); - - return new WebSocket(urlpath, protocol); -} - -var ws = new Array(); - -function conn(n) -{ - ws[n] = new_ws(get_appropriate_ws_url("/" + (n + 1)), "lws-minimal"); - ws[n].n = n; - try { - ws[n].onopen = function() { - document.getElementById("r").disabled = 0; - document.getElementById("status").textContent = - document.getElementById("status").textContent + " " + - "ws open "+ ws[n].extensions; - }; - - ws[n].onmessage = function got_packet(msg) { - if (typeof msg.data !== "string") { - //console.log(msg.data); - document.getElementById("r").value = - document.getElementById("r").value + - ws[n].n + " " + "blob uncompressed length " + - msg.data.size + "\n"; - } else - document.getElementById("r").value = - document.getElementById("r").value + msg.data + "\n"; - document.getElementById("r").scrollTop = - document.getElementById("r").scrollHeight; - }; - - ws[n].onclose = function(){ - document.getElementById("r").disabled = 1; - document.getElementById("status").textContent = "ws closed"; - }; - } catch(exception) { - alert("

clWKM6p&Ram6WY zcUX!IH6@fHs^kOnVyNr3mim32l#Kb2oQBE8U~3JF`fQNR6jHf6a0dprnbD(2;$gQu z^UVd3%^u~(?c{aEQhO+5RXYMOs^wrLww`26qn8{lW;KM-fU>C)j+|67;LDbg&W*j! zY( z6sKLl@l|!$Z?z8$>N<20tkAFT$l3{Apz;q|e5O?oGSF{@>G{{Rpw=^iU-V^}Qo`;a`S$7ke` z`D5~`CT~Nb)81V|bkppA(ytrt#~I5XpzBo3>~0!2aSW*2SxLbM(AC8p6>6kjw7D=( zhLD#eo=C*<~}RDmd``hn-NJARx>|1;FKf$EAb6Sas$_TKYf37d|<&@KpXM{?oC% z)gzHd_IXX)P<9^m*Bc&1dPi{%t99bv4r%vVwwv~3M>4uG`A^~LU9X4WO+!wa_ewF! z7b+JW!0AJ_$B|k#KKt-SjXWM5)9;nc4$%RF++zn7xR!D*3~16m?wvDKd3BlS+8(by zlW9C`7s{1NIAk0TZ1k)fm=#u5iN+r%Iq6!%V~pW6$Tf@q021l8Rt+?=G@f5Sb#v1{ zjw|V<@a6A@?cy4n$M%zwLcV{MS(LjTP2-zOJzDY!_6upz!QP|qkH)d=bO>gd%5R#` zpPM6^P1u9b^$iD1i$_?r$V^vCz{i7(t~wg$bo=BjCY^fnMJj`zkdgGw9L937%3kTr zURHH;22Kb)tIG8#?nBO&tX!)cZWPSQ+FTlkmO*xvPCb87|T^4A|;D1qLlXr*C7cnYatfg7*=Z?fO+MS3x$9u>oS-DJL`mn!Xdey0>La34`s#igWc9zXy;I(nF>Wf3gHa0=e1QT1@r^EQQt1)SGL^oGH=Y0<@@jQBdt*Tt!qz&i3e9VvH^{!bwIJVL}u*o2e zz&K&is46$=X6hPc^j6W_ArbA98TBH$i5lg#7$u(QM>ay zw5G{)#}_`Im2nn+Bc9N#5W4vQpSpPbs1#R2p^VvTZv?k~NQZE2xX1>rwy4(9%N>#; zZ_ajr0Uw0|lzJT8`rMXrPZaVCha|Ah0Up(_q3D|b0E+BxWw6ul?jnveB%V+w%U@iI z4J;;?q2EocrRJ#a=!g<9{YERj)FX+lpoZPrDN;?vfzI)cl`@UR%#SX-@eGh%+{A$= zDanr`gY>SaO!%91r`SV1)Hp@KXxMc2qA{?}A659ftZTZZ*s$>aZKVYfVtf_Hd}q?R z>AYL5>biWo1UBnsYUj+FMf<_AjA!vRKzkR4ycwpQ4I#bM9^&j)g~?EF!y&!eWC zx;C61&@f5XKsg-eABHP&B(&9Zbkr=ZqmJLEKZp=H6%Kj<<`1l))ZQt;Si$2MClpJm z!Et)<#SfPF#&-3tdG;C~bEQpfG&eF#@X9cDo{T!u+-tg|dt3tFwu-*zMKnXEYCbdYwxZhphpaRxpDdQL%yzn-zbUUqkH=QNFVbCSSknD6 zT>;M4s&GclBKL&!?KfJ2`qKXPNG_H#VQrZb9P~eiY8%Z4ICrhR$33z*A4+89(Y zFZBEPA%RluE?YP`9S76ax~(-*(%uVr0tQo_1~O|Up^0b2%Ot}F|5JaQy&xiM}7v=lHQTzK!BX*0f7jFC4Lt-OAa< zGv5@KiDj#+Xn$u}t|C5W3U=+!;aYn`Gtae~3885o8%S*=QUOkJj+MwodvW%LguXez z#bYXmO*WIca#{S=PcW+EjQZ9dp?WP`#{(pcdLEUDl#(tBi5}4Y>~7;cbM&mso9pPI zQ5Cx?;|vdK#!lqMRy_y8Y~svGgaG`wBN)wkEGs;70VHwZR|AU2scJ_V;+g!7ff996 z*x+Dhxap_4x{YCYq?8uIfz59NHgdPRG>l41Yvre05G!)qb)|}1#lz$84hXGDld)D? zo9mebR}xDm7Xv)vsY1|#@J=~v50%}0D`I_FZS8;(N4>sblaq=XA2T`I&k+_zB0=S->^}8j zo5(K__lIWAcpU`^4m;ehaXrK_w5x3_YJ?1hEu8%-Yd4r?IUK~zoN?Nwq1j2;`ZM6w z-L;mZr`q3bXvXY?`_0E4dRNgJu!8nTmeSpAq79YHZXoyOzIPcG@L>yiu$f6@PK}VD%^0>-_7jeIrbpL6-BxmkDUDfGh;z zh{v}<#dp(z!zpTCw$=5CAZP}ka}I|bA}Hnwfa{WR$MZGB`1e=vot}$l4wt3t+WxGo zksMI@s~dWf0r&T<#~5Ei<a(${kS&2O7*kh$%In=2m1$8SQ106|p*x$uZa;uw(0m{g6%AUYgooeS! zpG&auZ;Cu*+DtaG`C{62VkBH=<@!~{+)|B?&)<(dU3g+%r3W+lpd~Ly8`g7j9 zD=p6-mGYl3%d5eqUfe5N6Ergz@T>P&HagXR5&^7R!>U6gM%iU>JBsCQ$4q0P!)P7~ zyzvdq#1`(YamY=?D9H7%u5>#%Ep&Y+NxjkZwA3xv9&!(!O!dj{OPw7l^f-?f%d+Y1 zZQIH$dDw6i`d0(3Y5KO4K8vjAkhB+U#u<4ymz?fzag0;BtYu@@d{YW|j>AMT>Nf`N zB~x&r1`j<4>0UkiLU>B^;6IPNJ>m@-=JtOMYLUXXe<=|%lu}iWaaS2whR;ye{6XMt zSHc>1i2NbsSWLwucu__Js^pyK+PhDMJ|^&oiS+G5RJfk<37}_9p$^|QaxzCwpjTuk zWO?;`&YR(Hi@Zr~d*Zzp#SEH~+!Otsb&LqtaNzrlWAUsXjL~ZvYDsB$&1~Tl_t3Cl z!1^9VOxROCcksruV;-iq+L4z~jX_bD!!h?buA0ZinkR#NSv{5fA{Mw|BFIoOsPrw` zp|hnfhtv8;h_u=KbEIiYsp+$5%wl;2Qvzj18OOC{{8#bK{{Vq}Ph(@@J9}Yqs7mP^ zb4R(AImQ9+)0&A!?5OT`9|}G(Hksm`OGWX;rH_ZME$uwhJ=glO#2j@Uc(0y*F8oop z@s7Tx7%eqx{{XZWhI5cM^vFL$NmJC+>g2qV$HBU@TU*I3+X&1^ib>8GXCtR1SGs&1 zk6XFZ?e8^ffR~o>2a$K21O82K1=PWwmExUOOYtn4E|20BwYichcg9}?uRTGl-Z}8^ z_WqHkSx;{Y*;!;olmHy(l4z84GUx1k#o@1s`VNP!>lPQ9CDo0Mtfm1tKQ8cbk_K=q zi~XehIj4B1QPI3b;p1&{Y}UJOW{4m4-lSl9S2Uww=RZ1pK@;2D-@=XOc}!!#TwwRE z7Hd~V49?6+>Q7428wa#5_uLzKZR>3=p5&##UzE4?FC8W-nZ@a6!9Is&Wj^O5?sb%F5H#Rr}^(*W+!7<$oVHp zw$uD4;vW$BS6dOAO9{f4kS=6iyaulZ_`|OFcUabL8$i+Hv9(m%th;d`$KJr{TvYkF zlUp5-XRCZ7)$M*D{4sA2U#PY54vQ3%LkJly2+!x!wOjZl@n6K>vscF7ho2sFJG;v% zw9QgEE>O(MjS~>B8)Nucax2tUxuuWvFYvdGyf^Wq;g^B_G5AXE4Npnd^!R6KBXGea zC^*RPjOW}M^nZrh@X<9}eJ#+fvy2;4tCuG~!8C;C$OaKY*@R?)%T7lZpJV z>b7XD9p$@kvnotsP8Els`e2IY8etsBO0it!lz)wPLG&|}dKq#wcQ5mk!Rjd@gFGV_ zP;-y*tz)^&$plL?D`10+6YWynBySIvf%*)$r?qTHE~R+KLc|cga(ewMW;sIi8%8nG zlSa{YEWvV-&Q}k&f=)4mU7vd%!UNrE3#g77NSK3#Nyf=87t&H}^48<4{81x{3 zK~vVVak14+^gq&@_7wfBJQe#{du|-^!u?T0tEo9to;maf zCvdN>{6TLVurkA!afVU{YUi&_DKwsjhlKe1!a9)ooA0L~eZMcKImb#|uH3VbdV!9$9Hz9{EuO|lkOhqH%P8;eYSTw*kV`G3PMU&A z9MLj;<#k{|9-TVS<84m3NdDJ9;E`XoeXs2e@G{fFT9x@-S=d-euHQD9slcPkm0Pfr zXdNr}@4{adr@GPftz%O}x4X4;)Agu&7$zSs>>hc*Jo}o$syYtaP+Of&?naTZJSWVz zV0d*SKgzK6--rGg_`l#E8+*EYsDY3ug7m3d_ULT$IG?U8q_o~GM0$^(9YTZ7fq)IR_&Y<++uPS5mf{Qwc20 z-)T4nh{<8;UqE~e)!Rk7jues7;Ys`0%7A$M4LHifoDa}VOX37xD_u6>Z!I5Dw}ow* zIR60I_4lUR%3!*TqN{Fg&F*Vd?s8P8se4v2OvtF^oB&Qw6{(?G3%#kekOTLz!L8%5 zj8?jy{{Z3pcx~*20no^!kT}S%M)-L=8b-7uyvqHfF{-io4ng9XyjOEuQ9d2Bmg*aM zt>U@fT%w+O^{*cB*Nl@$(zPu@Z9$qHyAnL}pXc7QOhEy`9_^&u-x*PvOQlde9{s8d_J0w?NTMNMvGz z9+j2i4O~ZQG%(!n+{1F`kSHkeKN8JjCZdAfgih!Q1ob%N*R*^g)^s~&gHG191hY_# z;#cQ!10Zohw01qe!%yLDQ^dd8`eC=a)Ex|WE*lN76T$q?=Um>UCZDVL+U_kDH8)Iz zm{+)5^!;g(Bzdoibyl=X(IPrr1!AC#b6yb_i*-FpV*}3{+yV0iIp&))E(@6WW{>xU zvi|0_{40HH{kILB>&nqdmHB#}I)1evXk1-9SC=|uit)T}(Y@=X(X{t2Z-sbw57Pa%p6ukQC1T%^F@d~J29_=i^0q=6DkWRJ=vnEaz1g=|e@ zIPm)=!FknF0YS#vlX_>B%NT-xD6m!Q(~(;7*vM^+?r^8L6dDXxn$|te%;}!EriP00 zN6KxNA1@fepov7?@Rq4{XL}SE7SY~qIXjmi{uSy+N`>K{P$;p6IVd^|_7$AbXQ8O`b}Y>Y=e2+dj5wCl^*EiP>?e7IBv2%{mr>b#9%E`T&$ zUgJ$MmX>7)0lod}h?Qoxc0$`_Q_p&CHZ(0;-2&Oh)I4IQ)b%O1+pW8Zkq%!2h82vW zH0*m{f;Ej2TM-VUG%+Kv8;JY9^~m`7tn}?jTWRc#8;#q?@eanK$5lBTDUmNN=d^V5 zk%kUNMQeCJT)go0^j4d$7Qvej7(8N;*BM;&opW5VMYy@LQxdd)CgYR4*1Y-|uQdx$ z?hEtF5saD&A87@pwddL-U8n{egUPPfWPHfeY?**F5GZ$qk<_dXZ+!SOE3Rn-^6dVG8BEr2q+ z{KI!#lhd_O_+#LYv}^0)-w=ygUfxeLPX{cn2>v0{*1X(ItbX_47YBc9@dYYXBYIT* z`T9p?=Xr9gcE4lkT~_i})09VT2%T4lRl)pf--l8wixu4>`NWcQUpf^ki*{w)h!2>*#q_R*$K^rg7B$TksqRpLXvrU#f?^d(=O&X`@YSZNr!?_dmbp?4 za-h#oPCk{>8CyfH>27&szB9VhEbeVJfp?{}QxyH|EUJ0Jki=sIRsA!>@J%LnqmB-D zbsnOtoW{LXZ4RSX)nkK2zSW^n>kNCx&HyK#KT7935%BXw_=n+d6l$8gTQ;|eB1k0p zj6{R9=iiUcvTXT$+P5qmyB{rlG4RjC4~Bmdyg%X{HpUOM>9=H-4gRtqa8-tTkN&-W zwCjHYSN5Xt?XQUZJ*U`dz9uld(XddZoGx(8D+_cyIn}b}N98T&_Q!`N)_gy#M)sP< zopm*h(x2d!7^xNYm+Uv<_I#S%+TijfijW9{v zPa?VH3mV2&J;F^_R9zn4(^HCTXj?NNW!g7m2Ds$BKW#CW1#yrof~0I*XWY4LQKfu+ zmNQl zr-JestnLtkQbj6od*Id5k-s`RDCU&Ni3kqB=D$;aVDH(d!ymUlhyFMCZ^SX&Xja}D zuomBGNibUOR3l=HkNPSn|yjted|OqPm8k%5_-|$0s!sT@TQ(7^Pa2D+^sbmyJSzEgRGUZM-X-#f!Viez_WB!X zt#pFXM(zH*B*S>d+5xKJZ93@A7s<65a)cx2$&vGF_M6uN(h zZ*Oc2@La?TM{tSqsrEI?65#MZi1dAb$9@&oyji2^614h+@IqP$k+?>ew$MmC z@yESXQSMO0H%*?M`$v3v*S+N4T{4m$N zb)o!0@WuCnJQJ$;*TxWPQC?VDTUwcqnHy&;2P?*Tu9!&T!O+8HSxl%W%Lqlb{chyn z&9;9_J{|au-wr+#$MIj{^^Tk21l9FOZk`wu_wboUFyp)N)1C!-Pr*MPYW_UcJ|*AkdZ`5CR?`X39N*WEpf zpS7=ub&m`D9E0J#)EYLS;ja=T>u{1L=Uoj&`GF+~4>i+=X9@A(9wgl(*p|g^ERhTZNi(oB*oE|I2tGV}7J`=36lkFuJ za9nfGO7s5!6I?}Qb9JTPTge5>9q>qTwo%_7O2pZtp76EJt+t^m$pZZNJC9;3)oq{* zT2ufI=B@x-iUdhmD|PG5YAY1~09Hm9l5<-Z7>~M(?XZ}{WVdgvayELL@ZB_1z}BrB z5r+OCJBo2c$~_s-eXO}>B}*Qau>|k5ZBS2Y*yXJoAucuRI}5Ek(^b3>CCr{&dHyEH zPtepF=+QKb3(bD}PK{88SOXj!+-rr||yz>&5zOSZOlCB~dWjB#Y{R^T%A$_E$eY&hsTsQH||$%d`z{KLzLq zz`qZz<>WE6JZ12+;y1(FK^D2;i?-AeH;*N9vkd>K3&c~w|qoIeyx^<(snR#rA4$=&RHJ9Qq5ovm)aoFkdMRPFA5!Js+#l+Dg9^Y7a z0JcWj+54xj#WkTce{PT(eu zcDF2D7#tjJBdu@VK^~!NJfU{o$H*Vvq~d_(VY!cKF57X&+P$V-TYa`LIp?Qp$ZW6U zD>TzQL2q{u7Z%cm`IT{;f&M16pq3X<%66dXnnDJ>g&CFK<>Ml)L3M2K$qaG`e8gzm zE&wV<5A&yEIV0z7F(lJ3E^NYL%u3q=_FVM-b>3R)1kVgbPR8JSRmR;&w{x|(zKzx> z%P!;ckykbCK20v}-WO#T3W7)ZvKQMwO42B|Rxw(hli**6o+a@`?w@ZG!J}DE%HH2) zAOQE>>0ZgGdSoi}cUg@56o*NInvLGVu%=^fLy7Sh;umPBW59o^kZ;Tvvf?ycunMsb6@@z;@mz zvbbNK88<6ukC{j#oC@mp2>I+DVT^EUvrb;0f%K1zzu=qS41P0sUq$iX?CbHu-CHqgL~B(z`}G7dnmT+=lBJwg?Ti1zT?hX?6g zl8uj{rCXbFj<2WP=$8#9jd?05Wq00740i*bDoZ_9{^{A}pDn-`7{zH#n@JDx&6KV1 zx8fbt0O3F$zgITrR{qM7;mds49+mi=;Jsq;cEo6V49HywHOuX_i*&*Sff?u^+-}FBWGliDMsuLgW9OicV%RX zWR~4w$MGJ9sxq<4;Cc0ji$24u&pw?S`HLXkCf*0qy@u1p4XC0#(#b5O;DT!T%w~#O zy|~nFks~gNj0(}xG}$!EdzN_$rg<6QVykpvCSz+l?ZVnS>FpHb1R)2Z_pd$h*NsiI zmv)-^K|Ib#+y)AtT#?eMG|aq?yGDVvtEti($kx#qaz`K^YR%SsGIYD??hvKY6OcxB zwOfsljPyY}$NrDy9DK&LE! z%EudkMls&BybE^*r1Pb+H1fpYNC#|;)Y;t3_eivBXuy^wXGs(mUrOe+ICQmJh#KKy zxK%g2vQaQ~0PQ#r5X1 zYchlpx{O3X>z__5-;#HiRFhA+wq=Su0Vf++`%p1FXW{rH(wU>X4#bBZSsRn_A_bMD3>HA*w`M2+PwD8&rSZ)@*#myv79LF-hwRF z$91h(*j(C1VY7zbG*wo>>T%Y%xur`tv~RP|JO#EEPvQ485zNT$a!dp(;^ZgMg) zm9InaXN{l2_VZlnav1I13cBY3*Bu&wcQNjKOkUb;O3pYgnZDwe!0YSz)=j5~?yoP5 zLeVw>o;l`$5X+@$*EdY+Arm`%?~D}Bt}D#^S@wwUCez@Z9?f>)knrRlpP-=9E%h*M ztgfM+8Lb{jS-5?tk)A8mG`|f00A?#RuXl1^4jI70OU<@TX`78Z$OX-H-J>(>IlcZb4S zW}kO?1-wZD10$ zr7V742IN!DeZ^^5_}*D;Zeh|^;M;N+1EHwoCdUVD;r(w?x|>jjHbx^P6UiR+v!h-` z_T94vh@mRk?eAF50b{w=zRffd%9rBxP$)+^1aax@(ztUK{{Wm_Uw%$Ut}C8Pp>RiI zWdq$K$tc-zg1d*_Big&~4Qegnl(w5}vz0heA<1v8V$q?4tm_NnEoAP~?wV$D%D`kt zj_2CDoiglM>HbyZ0fY7a%C$RmzLTFy`#ORsi#LAst(=&V0waBSC;D958A9- zPSYb;QE*1zym4Jr(NUY&@|{TdlS{jX-&C`|w*`Llq1xlr8u|m_4xgq=plU}_vWk1= zlQBrG&cb>%Y@^t&W^=y~E_Hnt?XGlXmc|7hSrHGqdmejMUXk%HP*=0FzO{<&+vRx= z@cWvF5NBHkw%6Bjt6HQG?mL(sr`o$wbEWD2UBu*&MgS-89CWUEQ&$y*i&nRLX&w+A zROfGAE5r4~()EpW1aS?4khJ?aEJwfj=}Ev6J?6*6z8UcJ32`e+b7c~!R3|P*I@LcB zd`|FBi}cjDg3Zxo;ZFQ)BaVZbhYKAlH#sdOV$&W7?GqL_`2akDp0(LGh&201gwVqy zPQ+!i&(frpj#FOo1Xpo+aima&JFQF$lm69k}vJJR7_ciBo>h@Mwo>;dK zC~d3UwOl}D(yjbc4E);;GsR-*@$!i@EuNel;<^(i-OW8!EiA28c=pRP9Bl*c{cD$< zUgaZLpeRo)K%jAlV?r1tia5&5zGyhwJJb`}N@ot}WpRUoYZf~bHi)xZvs}22=&;(k z#}%2WM;vM`6_JYdW$tQ8<<{pouuE;dz_*br{d?q*?t%eCTYAuZGSDy@+QU`WQZ^KhrM#T+Su!k=QrUC ziR^W)BKjt_5=9^k(i5~H>tAj7s`A;i>upLn^vfu`g8az^7iGJszD#!C${m7_3vMOd@B8jVU89S3|@LZ*&MCfU?m_!C5Z9!+b;&`*1Q$(OgE=2*~-kO9c-J9A#MtN32~ zOwqJOvWC(v5_@3w&k<3M#aItaR`7`uk3*C2o`?N~d~EEaYuo$zwzEtDjBe@Ik4o~- z5NT7Vif?4suT1tqo)HDP+*E;%pIYdOFerGrJ|Xyocz;cibuA~tf)a^vhhPjdg+BGW z;olRdfOM;vd@^FX)nrq>t`HK^atRDU>zaJM4XMh30>Q` z9AhKen%Z=pAivago20bx?v~1SGD21v7y-t5DeF&@Q+{-O)A3LCp!j$2w@$jz{5W9o zUcbnm-bokAh_6N@aslmMls_0hX^)8?6`d0MRXP@sh5rE1EhRe!cpUZVT@>I%rE})z zlW2{+=93@|r0}?^Qn+lscXqDCj3)XJI|qST(Y78r6-RN{7~^husGi3>+54}i_^QiK z@O8eEtY}txt;5EN8g0XF3=0$;{{R~M2S)JZ`ZtGcb;Y+^XicZuW8i$BQTSJFc`G(> zsOWqz;+xxBoo83LfHFxe=3R#$LPxh1i>BVLq6M9+3E3YEGxtgLt{H7%+o954>6+(- z#CJnXnC@k0<3%L6J<0UNeGTC?lT(HbN_#g*f_%V#%Mf@u{VFVJ&7tL5_So?lS{_JH z-`xYIYt#N4-Rs^MO-j;R$smH^gG(1ounXi9l>5aazp&-SOc%Zz-Aal0LTDaBpf=!}j!9}M{4!`>x>Qqr$ylHLhIhD9W_ zVYnZKeShOEF8jw<9uDzaYE#Fo*z+uMAN7MA8reW@s@&kdGQr|aK_6ef)MJwAWQ0w? zCGfl{1K0}i-wR&qo+t6YhI}0zwavx$p>!gRqxnjO?|lS=Srk8vCqH<9_0NeSK{Ty6oq$fpf-GMg>v8dZmi z(F@sKz^gRO4-KJfK`_-kR|=ScNiH)e4za^c5(^~XIcovUa>WPCO8 zv*9Xe9xuH%dX=MCOBkQaz}yM-_vv3D>vl6)J;ky*JLl!@1!WnV$IPXn=~ma%!EQ=L zbkFh^d}Y0>>fhPZ#LwaVdS47)-dft)T#_Z+#O-av2lO?!HkLPyGw<7Z3|p2$8I_15 zu&##6{#$t#SXt4*$n_se=BXQ(%VXxR+9yb~OIvRmM)wyJL<-%gUO{7wpI=|jz7o~0 z{K@6FVfRS`o=tMorfV98mw-HLd+_VUx@U@38=L!KDnUFb;Z&m#2>NqhRs2!#+D+V|dR~`WOEIgMNQ&txsNm6n@9w6195|kQ>hr6@R#c z?=BCa!N+cE`Z&I@xzn|MuHqS@kfCgK!RPr>uM1iCU+@hseH-B|Y-_q&+Rp1NvHYXl zSI<8g`~#=U;wiO_VkoYBEvi_)k*!-8RnkOdAsv*1kO?{U1pYh~Af3}Qlv_W~Yxe8? znr}a4e~*6@J`+o6adBy7b1nXnC?74&jLc+=4|NA=`WpCB<}L9o?;}Ae!3sw>tHRVy zDKAgELpdg4`DmoKZ|w`=twT?XNAb3uYv*cO zbcQRWZba72!9MuwgXvy%Na_c~zCG~9k>briQ_&V!4v%#kUTLwg3=PH!WIn_Ud+}e$ zC+(5&MEoQ8t0u7xoy~@UtIsfnq(V?kTO~)K<29uxsf%aGvU%}3tEpH19CxdUI{9)m z?96}@&mZj8$vm+D@Q} zWQ>tZ^8&fRZokgBYAsCfipo2*OOec2>a*#Wp`%7r-?xR% z?t0gxE~RmJ-fKCL@y1UTL?(A$8P;IAi6PWUlK`L?!31X*uVnBxgEoL?lGk+sg7syC8ZWB{)Npf&D)3+(N63)s!+ibYo*U~cpX z?|fPC*lJp>)cSLzHqQH%Lh!5YUR&ay4c&M{Qnu3W)uHpF^O5tAR|C`QOjqn_X#Nh> zb;~AeNs!DkLlcbpb?@z5we_B_qhCp5bY+c`mIPyMA##^AZBo|4Xddntx`THp4hvQU zZ2GRRskCY$`SQT=xOSkUit%l~*zWD}PnnaAqcwpA+>u>CtXs_OpW&?|6g!^p1%{QR zXz#0Ocej@MtoGy0kskpYC;8Va;ZG3Fr}&k%SsHt}C5%Q{*!+NJk&IC&>7X8~E~}wx zx5*vd#B!sIva!LX)qFqU9}m3RzMH4nPjKt<064)N3G2mX2ZUVOmuVzLWE+bfdUMjN z>Ck_~);Y4lqdCt?1bUB&q_x!-Pt~n0k}IJYj#dPdDIL$}O|;X#$#)I>fi3Oj8p47z9EV^&=DfP^!}h~axx13xW0$#Zq|j55qi>~0BN(L2@G!u~ zABAQA0KykQk; z0!p5k6x>-x{{V)ydn>zW;+EzZWGYEAcO$lItCssqOGX#cVN7gLFFT0nDr{VCc#ffc z1=Y*DB3rh0t`DVDO+xzIZ4P9QJFrgzkzD!~*H?SU5;Tny2j*<`u9Hf+w8U#HN6pUC zagmA$zf-x=bloyL@hlPrW=?W{rF9oN)G~Q?D8WD&0CywSgIK$nsdn)+%IX3iZk4g7 z>Q<2+yEy^bHox}CIkOErzst;@c~P&$uVt>JGD+fAoi>eqLx4Zw0- z5rTsQx8quSKIV!Y$n^z+<)w}nGFlU~zCC?wrB4t40AlE{h2J`^0xw*QQ{+Xc5=nP8 zghDiP6i%d(_+$E-@*P&dOTJjxd7$GT-l>^ITMZWO;pJw9k}#oxJPNuzH+8*bm6sX7 zOnvWq&8~w;x&4}8w`oH(NR5mR=CaBiMptW@WOI$GLHnYyX``Y#7xeureaV6cAm<#O zwYe^d3`&LAZzmjgsX8L;LoSkCRQch62jw(Cvn)~Dpad&m;)7(!^*eYXl)$oy1_5k# z%|A!CTN}n`Ns=sjb)ec0p|x>uB)5V{)tPa|J6ByEn>$zoBKcDB)3rp-gw=_43)>Ac z#z}+bO@TP+oL7xsUB@KLELaY_dmnnp(4BR7?IL41Su!#I0N1Yp_@(hvN{hmpt%jF0 zl3kL^GGrahIssW#b~|v?u6&>H{{Z3q-Z0hfb)OVl-Dxn#wcaJ`v2~s7f2JQseguwLlK%i`SB(_!HuA!#&e+oDQ;x_JQp70~HudDF$5#)%?$w?sBp(fy)1 z<50U#-p@={kA=0_`~$9P5#QOmD-R~_Hu*>k-22utr>W!SQ}&dl3+|3{TJf4_UO5`> zg6CB5-R-$!5Ic&uLO4I?t$w_I!#eC5{*|I?RxnR(6fDx*#^(YR8Oc7K>3ctT`C1sK z^>n4W{SV2{+aYv)FIM=G<9#yD-5}IFM=b86qXuvf@-^UI0`axS!(WM>3GrK7ul6nD zMlN?TRhBSulaEj6Yod}Wy!A))(eU5I8fV210BIN6RlIXYXA=JMA-P^A!CaqFk}5l` z4J~DzV2q+UA%Gn#vN6!t4O3e)Gs9mDd{?jdt549pII!GDedZ$<0H|G!zi=ZTcQyR( zcu&LHpTi%D{{R;}2Y+L4rD{4yinSXVqK(4?iP(dY+vfdiD$weErd^1Onul9l`yR^W zr?Iu20@J68j)*xOk6r@|MvMP$<+;l- z=NQTQb^Pm&q9!TzHKHz!xBwT})2}XJi4*sqG35GJB#JYnyojp>8LINml18m6s8z>W z$98C>_AY6fo7vn$duukyBav7P3>*+huWk65`^&jl3!xG-A z0vF5}>H#Ao2b$=GO>T}%&nm;?aPz|A;HOS%&MjRuR8;=}gojeHw0VqDlY=`RS&8MC z`jT>MoAHi~;tvVxi(}#&U$98zn|CCUGWEzf>sP(cLZ2)WiqRJ!yZ-=0w~-}|eZ%-q zLtVCk;Y-bAY4hBv)AXsP5jD(%3b{RV?beh_saaUb(e!`qJ!`~%9FpP&drOvqCy3=_ z01ugcxvakvY1+@iFCOVSFNw6+9vho@@2zH+YsGUBJqY!!>FRiRxx#m)FSLz6+7H1O z-Y(Pa{wVk_!TM#dhDs%s(15IaCcx)t?ayCvUlzrx&G6RaOtO3FZ*=RHCUtY4vdNy9 zJ-gR;E%iT^vk1zKY0#GOZGFVvAn?RGgqM2$mWe!0ft;b~_*O55{(0kp<7pZ)aK4~& zf0a+O3_VM;FU30bmyETDwM%V2I}3{#XFyazqK8g!;cr}79Jw-2aDuB9JpB#UO3E*e5Z6^Lk>!jjzb#hj7}WS z16L7(uZE>ASxOQ~_HAhXN73ICz6AI`;YaO7dGM>@*NrW{9ZTZKqB=FEr*G!kTZw^J zNE@!*;gl|T$Q;+a{>vY-=ZpUUV{eH602I7y<9!0-;(d+oogdisy$TO9SX41-Bl{~b zWjV(yo(Fu^ytY4@xSzzCRpH7stG23QskP0euNx_S@5ubX_@(hf;%~>#8+i9rk6Q6g zncAoiLXZ9b4JUM3tg}$pS zY_e+d45-`DFrhgs?Vhy`tG$u%ekM`D)5tK`8VPgLw3}U9TECv>;6MBn_r&8={k}dt z-u<%L{{T<2veGp8nkNmgrK*=hj^T@Dz7LC0j^!3ui+Mz61Y*4E^Y^ts)9<6s9n;{v zwk=!tQT(&HSp&SYpeXM-TZZ)IIZ=s3G2{Kl5S;Zwvt%lbvWRHX6St@ z`H9r-E-n5cYgex%zv&W&!8lWq+w!b2(6Z3-JR{;LW^{2ekNml+;qy_9zxL}Mxn(mw zym(Nj7&sNHWf7T~84F-!@zB?WH}6>evYN5GYM*7E6hh?ZrYnENx+Si=;nDV})vhhh z_@yJ5N3{siv%v4*{?3gh3kh<0B`J=lE?1wtjD$<}aPwq1nx={0se= zb-0=*J}vm06GJVbjH!kk<0KrOdh=haehv7*pA|egr0P1=<-Vz5dvE2b4ZrN*j9`J# zjV&NZ5f>>d4(94hAx*ngUX6*Y?s}+tt!#GjW zij+Gad4p-fCxZUhT1CCz?BlFv(l)(KR@D+x_#-Wo#e7ZS61Hh*mhv%Zz*T(nToq~C zbJV7_(E4V_#X9D(WoHJhsa)Qry6u3-IoNZq7fmJWCW}N3oDD3W<4WnNA9k z!6bv|e!=*U{{RH&_&ea=583#a;b(}o{c_dV7MY|hOk`*8W1gOs)jDyMB9gOTj;;Ry z!1*63M>ob%$4}Zj(VJHO>$SfZ{ce1v;!oMT!a8=fr0dgPYEoJ+?rvg0RoACZdGB76 zC+xZ4FCKVCNOX%^-78p-AG2y}CS--walCgG%RD*v5XHty=jJx=80bDF)_fJNPE!8T z?n`NB34tQ1`B)Cw9M^AqZ+oImV>X+tL#tWK2oeH*c${?wex|VHwua84WHw$Uzp%O? zQ+GM!9xH74<5h}Ce5*u}4tJdN`qVjeWkkc#?)Cow7-|~i8f;Ko%V-*6ivIw82V7^r zwOzKn)ZvC%;UVs#AQdMYjb_-{vwh<&cVAm;JIGaFfp((|aDSafz9m}-rCBW|k<@4J zR*{X&Csjvt&^{9UFZiwdLF+PTpAGcy4X(N&^M$shd*qpuAbf-a&p(BGABjKUo?o@M zgsg_U@dv|JJ{9oF+z9V3tThF>dw2=KkyK+f*G~-Ex#40srw2;1!_=Lo_VYbnFW7(f zTTKg0)%0)M1I1dVwGaG$>F;EWT%LdefUZ8KzG~HfX3rj9YrZAZ{0ns6B-5dg{fgp5 z5j>07k<*&mcspB{Qw$DyQm;R?hb5a!TitYiSL}SBr+Ayh`d+E7_-Doz6KEbFvAAnn zi)j-N5eJ6nvFn=q3-)T%z82~_?cay~C$;Xcsm{35ouVcp$3H8P--?*iv$Hudc*)6G z9`oX#jGjI4*NBIMl06dt0KvAZVzsxH(OKgk?|W7^g5uLPt!)fiexE$gD0xv3Wg9uk z#dXt>;>Lno9>4L|Qo7Q0Uk}S~ZDC^xvI`+ZA3o9OJKz!c3hZ?6hq_*|q3C+8!4X}} z9{eHT^Nf*QaEVKmD;2em3V4UX@~)|%+}*`($C&XFFh@W~e)YtBP}XlgFh{3Yd`G=) zR>l~N3hx+W2*(ZXdVBFr)6j1ZPEARzPlvC6XYYxNt=(Ao3d+O9dL%KEZRAObm=1YL z<@Bvm_e#_*G;K=K>q*sZ=JIZB=Nn{(LD_|JRi)VIr%fZ(Em9k#kuH90uV3)07v3Fx zJq_)dSs?1bb*$;bTQjmJJ>y4V@aM-@N~+QgCSbYhymcP6_=Dl4kuuzww-LLcet0$Q z;PgL{ewH-thrr9ur{xdwI@$F5i<6tQY1N3@PhZZygzz7P^qb3DT}N4KX;lu>48#z= zjq6_hIiJLJ*|RT&yanPNV^VnS;jvg#%v4d8IPL-O-lvnpmU{B(v0Av=j1op+oPdA* zRnr%9%Bs((V(_M?r)dd3kk-;g3aacJF&O8MrfSxi9mk3m+eMMS&v4SIPc;a@3=c!w zirO*ic-7JR5#f&n+Qs3iH7!DOa}~X@K#@2N8-EWTnXX#G_1&h90(UEMj&Lf^F0w~a z6~)EO5w+5SfOW?;!}zO2xxa#Mv0Q|al;C3}PpvbOQnAu_2ST)c49$CPE*%)8jz-d3 z>Gc)bTIlw+xVyECJQ&_;KN_-9Vlo+4o-t#=cGbDZZUi@gr%X1i!D)@y=u$mv@~{XxZ@ zXM!yCzb5|v;sIbHAp+;`k6PZen^?KlBNM%~)}534wj7^q=9J$${CU?n{j^WFcS!C-ba~;yrEjn00ruvAJpBEyHK6ceZwk4CuneO7^!7swJE6 z0gC4Bm?{;J6p&Cuk5ph^UbgumW!Ty0+*VJOEO>MUm#%#%Am_DtX1bkGM>zqw&MWGF zhCdDT-7~}XTDRMxdz+HdNwk7g4x7JUz*7sOC&v24?vJQLZ>Ky{+p-evk_vkddh*!y z8>gL&`(~3pN2MZ5)7;8q0Fb=n8LeF->@I;W_Z7kIKoDw>=@Pm{0));-UbU;EctIY{ z=1YejPSb);1p_ej{WyKH=tUx-LynoOU4O{B1`DEw#t4KPI1PJdnIw z9S-1GbGX-2sB4Kd1ue=sAA262lnJAIPt&xt(xbS0g_34c?1!-=@m_c04-GD%cMR4! zk;%iLJ%?~9nMK%we-2v6iT<)S0~yCtSQ^cuS=&QzZiS@58?oMzvFF#CSD6H!am=bR z2;&~r<$9&t>5Dll<}W85$e@Y7hA)P^QERM8GU22O9&E#9F0l1z4{3&&@vM%dh2k}ki_HCiHeI`W>4ag^v z^!zKbYdcE~EcjzogH61-i{@F?azg>?DW)=S23u(wMzICLqeF1H2*B~rt!Vs2ywokw z!>1!X!!|?4I*JL7x}B%PYrQ*L(xM(E-(&l{IBr;+@mOCHS4q?DuLhB61G10ZyEi$< zYRXb&9!KDo&f7_+0XLO)Q}=P# zrF#yKq3EC49&221(<~c-D!m}v@ zU|=(!K|q{{d_ZLyCBzXom8-AH%B|IKb6+KD`VIA*5?(wmkdoPEQaQ;y&`sTs9hTDe z@>#swVvw&w4`0H!^t~zJ+{zj?+w*M|l;kL@>dc9JKMtjTAX%DqT<=oHn(3@OF{Nq6 zCGr+L5s{t`)Kv4_+A-*MV@|UE&(!bi#ig^PMSQM?OpI|~Jos+L`&GWw1@@Yj*0%vURJGD>g}cb5_W%YDUe(h0 zCsfrg^&7h#af@mDcfidb+~n{n88g&uuKX#b-AQW%*57G8B9|QJsXwi88sCPjuI`py zCRnX8CS+W0E)ORjoYYFlNM^I7Sjz-9jVd$j!-6nW`d5*S0xc&|VGvUoWBfg<3B3&? zF6X4_^T`TBBHOpw_UtFIs}t{NH$=cMUA~5~4s)ElgZoBhmQHRI6t?juS&xD0BrLYtKG!}`<{U9rnZj&a;{ z6`avZCjN(U97xkR35L%~>a{NzSxRiJp@}#0T1M-SO66-(qa8}mH`-LZaw^G!Mot4) z6D6>{B1x3TavP9&!3Uaf9FeS^N-$NBGY$y!t1v+fG8ugM;(X^7s%Az`uRJnbv^MD^ zpbf<1fmo4AF>ry^80AKIE%c+Cp|nv;JS?93>mWjSzgdQl`%?~FTnVVEvYOq#2U*`2kIgr>WVO2S*GIO4hpyd1#| zxqq_nJje$r?^(HA=#4TBD_ij|gDZFev2CVbYvlMd!3?PF zb$K8}nm+pp>V2yRO%6!?F7RK$UkiLGwRk=p_#riYQZ`uS@g2lropIHdJOSxl{id1! z00_Os_2#pEKZ|u~qGF1JAh%!#wtts3Cp@onDhPaM;tfPyYbA7z9Z^;|fWax~-%NI| zd+=qqg`kz}^er~&;!}%@oDaQ@zSW|W*t?p3A(Knf3tV2e+bxMGBF;-5!yW0`-PPO) zr9pLz9X3dVWkKAz=m7m|rY2K7gT`MJ^_vY-Pw>BoG<)02?U*wva~kJ@Pvcf(gGbQd zx4gL2*HYAOvm;x?zdSNy_>L=GjQLTe;cMA^Rb}Ge6!`bVbJ}U~X4_A&jxifaAOr_K z+;*=E)yI`AGHJ;3z_aa<_h3d2dH(?GRmX8yudew20O6;?Jtp_W9wyYIyW1j%Rso1} z+hY@o{F3c*D;+mpp4K^HF;8zM_+xwwFF7FoKdpNQ#UC3(;O_+6 zT4@uD&35e?)GUpZM8~IGfuG8|Dr#XCetg+mYj=9YChet_%!G-R2;)8bSJPh$J``R{ z;vH(@3(HWF#Ev(fB~|B+!2UHVHwj9|S@A>0dKZWML8a+Y%W-hNRwa`Gyp~adzMo3+ zn_r1n*7sA%r%s~T;%L?u0AQZy^rP7rDKZt;Z!ZzAHG7DryKXWDa6cOJ>2Ec-wTp|$ zZtt$`Tm=vz`B&*s;bW?qu-3ZG!$QzO16~(GBYpz>!>&E6>2DSIBKuO)d_CvtS5~%$ z9oURz(~h4^=BHz#-A|qyMY_Mf)U=CLl3DElbz-LsPp6^cx_b`Y_N_FQx5yO7 z7#ZEqbK0sh>|r!x-%F@ZZDpgwCCmAev}(i>A{Zw>r}D40{s@b07s8s3gK203No^z| zUB~w>z~ztPYgF%ZE<@uhPXYX8_<7>(bHv&{hh?tZ!!tN&xbw$7G3q!p?Jr5a@eZLk zh_yWpw5@HN$s|TStqE-8eLB^~RxQ$f~5eTscLYri8{-ljDGayjc=jMf^BuZJ#m z`wKU{ju0}d{6?wOC)wEfcU$mB#e2O%{{Y2W{9?<)H*Q`u-MB=frvrh|n)96>QPe&j z_`gT-)}3^dYC3b7pbm19=cppH=SM=4S|4da`&eo|DAM#V6j)ltr)%kOUiGBqP!7sF zV-?2B@$&b^9}`Be;)x$qu)bLB8h$q0u;EA}^8Bje>}4%ap!7XkPVm07Vd1R;=6zG` z^1SZkU_mER6z7m~KRWcAs|EOpq2FnZcWev|xT`+bW(T1Bt93JmaK6Wm{7CV=zlEPe z@YcCwEOyg3*<_kDETofxyYV=z%}>Lh5`GVhYl}#y)VwP!!cDU0F^3uXPfTF+>sifp zE}U$RBld;xW#+Zu)cBZ})5Qveid$P@f}{J`{44XzRkjESNnU5c9%FSsUwY(7*5@rG zaKiSbiJIXXdNCZK^{uTt#8=v8x2J0H%;@mG`JbQ)D`=ZWT~F2DhyE>p8F*^TQ(MTV zxhR50RL9Nl_zLxAm6fAh0>gufnWRINgw^yrUlM7T8b$Qb!DBj=bLH+Mjz3dhmcBml ziSXx$^$SUx&6XKmcWl8>PDfvCRw-CQ$#Lk+`*=DxD{O{`mdLil&7 z{5!n^`+C4L*~%n2WFsUmy)&+x(@^*s@o&VxvlqvYhd&y;F>7-sx1wrri?mrbEYNPm zi|!a?SNb7%L*nO#e`s%mpAUXG_&Q~MA6C=il3)nk6s3ATJM{p_$_zrS#|Mq;7I+T{vYTO z+!tXL-5)+x%zq(bI*gDGJso{BN>^~@?fU-!Na%|`?A50e-A!+_D)mx3*O++cM77kk z;$*an>OF=j<0Ctif;xUR=2S+9<#&v{D`(*?V_Wc|Ldg^|8=X2`q4Q{rZZWUA3de&sL4}~17sX~)F)#(uBY=Id2KzF<=&I1+s|vP zSuuuq=Eh47GCsf7vP7@3gQ~2c;{v;)a@38qDL~gU86uYvf=JI%ih4$fNG-XC2Pds` zqZKZM%Dq`IG1zvf-<$^pb3vfSO`=xbK3+$?K2rpdE>*?|BL|_NWVY$HaKk7MQ=XM! zWD>NyB;igEwFc4iEQm$a0tYd9nGG3!Fw4j}9FA-H$o~L>CH~f0C&aG>AA#QxE+o_^ zNLxYHP1xmh7t80OV(k^I8y=r)j5Ol(~WM9d~d+ zuc*8Y;$f`mQ|R|wJlLNQlo>3z8QodRChA>_I`4zDu_eBx3at8%&UPsKx%96@_z&Zm zru%n>E@Nwdvk`=0^C;=hRyo+>3Czz}MJTV@F!=59Iu z8n>swWtB@XRs)>W0q7ncc=c4gj>xRPWFSnv*Es(G5nYC_sA;zPRB%d6H>F0_$j8!= zr8Ic{r67`YyO_LgharP-Ypt}l)g+DwjyW18UE7$P5$Y&3Ed7Pe!bQ1Dk;u(l@gA3P zrs*Y>(RV3TIs3E`J&zi-v6A9cS;Icp=L4y)Yw+Y6UYBtQxlNZ$xmE9vUtCaTb-IS9 zrQBLvSZd$su_!Mb>D5>QN9&678{KZ##F}&qrOiFH^fDBg^SDWd^!Eaoj@QEsJjlh= ziiaF-?^XP9u4&plDQu9Nsi$D2)vzK2;8wiWMzqfuxYK;eQNGHKisAPWo_%YnK?UWi z**s{={8`}DCUjFq9;hBLDR z4XSwDO*3Lk?Mgi=+{nMYR>3Gc*MAR*2C1jp0!pez2GP>8as!doZ>?RHHkj_saaxq| z#UNGn#XuUGR<(C=Byrq98I1r%&lwffU(W=njDulbdF?@T_c<%8-##fKjG>RY2dSvEB4N=}BmB6H>$T8yo$r>x#g2< z_g9fm6FV4>6^AU20)!jAdFfLrSnQ)7tn#0WJ~p}V-h!sqMuu5WmRK%GuOaY{h34^G zX{`8;&fEJfX7dbQU=MT;M<4#9UVbLMkJ$Vj;8|z+-7FJdx?c51+6veCw`i`--)o;n zSm`<)pNE_5YinzCv#N*yIb^}-KHPqFE}dy@b9Du^))p3U8zZ32eC>JM{{UJrxM)*^ zX~9}4StYVa^)HED6Seq%tZ4dt8mt<=n|)+2ZKsTMT;mPsf5Nsq(Ax(a|u;Pf4< zj!5+(4#cvt)*?Q9XeCfe9CfZX2{ru|>`4kZJGWtzBZ`Q`RUMJzJ}&WM!+UAs*-93J zSb*Iw-ojiQ+pEE{PN#p2ivXS6pYuT?-m+Zmf zm(+YEr0Lf)#W_vLr>5R|5%>!FqvIdK?Gxhf?Ee7qi{X~F3dyHmXjd08WM!e97b@%S z2t)q>0TtH`jwsdE$Mb9OUi$Ja7f!I6fAok)mRzyV%1ZwLO82DjeyihOi5?u%=DdyU z^;r_ydFFl)Z7hVn`sG8H|c!W0m0Y zI6Xb9^au7<_}!~~IMDtecx_!TKeeq8DQy1W?I7dpl5zB`r7Ipr4+HIEWz_Qj0EpT= zelpOtZwlW!yIuK{N0G`%Ng$7W;8*9DiDuP5vt#g%wG7c->9Q3u%aBxq)O#F$riyiS zHqEdu8m@=ySNs!`_LSHD8fuB)En5Ax-wA7w0T7wKTSf!!gV!9_?H`Juy0FuK*9&ugN>fG|97Nm`B2Uf7q{3YT)9)H42d@ZQymadHLX!u+Un)E=0} zIj`qy#@4!yt>fyq5a@Xut+Zow7*-=qhT|(ECh>4BX{5yCb#ICzULt zUpau}fu4f5Qg_0JC59``sV>LqG->Ef727W0K@0V&ny#FlE7K>_r3N_ypDn{+sq8`Z ztlab}aIwinY2uA1MO#f`Z?=Ww%-l;b9<|^)_1p)?x0cB&msnz%g7gKm$Ki_QsV=7* zosPLL-(tBtSI`Qfdv871X&_dS@q`566I^qB0Z!(fo{^{+6ipt-z&~2hzVJq=tJxs2 zy^BwLF&uRR@vlb< z7^d9y(f(R~C*~d|WqGbI4~B+QCZ!tmr8_%*?LT{}zed*WCbii7)V%PPo21(7x3>C| z+uOq-o*41KQrXx&hc(vxA@M!OiFKV%!FseVbl0~MS}!9c@P33J=SfgL>QybHI}4xL z$6N4*pQ-rUMb_?&a9m-n-0mPYNGFb+y5_vY;^f{V_>ZAoTx-((uUgaWRy%eI7iy^( z0R3xNQ?Uwgn^Ij4E5IKUJWs56Hg5q-sJvQ5>!6-C18H%NLF?2Go`SqP#yU2St6$ye z(#I-luuRK5U}1p3!w%=Ib;apsemUX>N9^l;Y75<#{-+nA>bj4Et>%t1_M2n{HpsaS zhk^(`)mK8$r14*hG~GKwy^hLlO6b6f58Y-5ikUv==X9D;pDK7#9DT!ntrZqXD<3{N-)3?%IujHfINX9>(;*U z{ek}gYU`hmUJbnPXN@iZ_?e(b9Cs2({{XzzE&2)Z-M9gde1qywVz*QH=Z<(5D}!s% zgkL^iUTQbiP7X<~+BnWKZq~GKvDp67-?DTc6SU72_=Dk;+INJ0B5HPTX@34#NVS9` z08B?m{{V0E>0gl_@Kg`l2U7i(eg}TcKL>wj{{V^?{{RktE$Onur|Y^Vkv_|nfZHzl zCsD~8!!X^$d6@v?j(V|C)gOv@WlDM8ae~Tfu4MokLFK+F#Xs<^{^Wif_=8yf*}1&d zHA(I@9eVagp8oE4FE!lka?c|kNhF%*Al&3^I}}&X)_U0g0B$&Q2@EC%lvnd>@4i>S>N*xzvk#Y3>c$m2DJHmGn(zMN-?P@!QCe8`}vv5dLBb{9JV@+)g#N!1`k^L z+uy{SgovYe#(JkIobd`j%$k(W9TV6 zs~*jwMv9wB`MZ18+bm0#ByJVtPjk8vIiD0fGU(G4Rg4A-NZ|czL%`NC-94qV03(xf z?O_K^i!&p^kX= zea0T6-HMkA__M{51#_z&?%$G;bT5?M#$j~Z)!BAzu6+(&V8&U1n{6(`%R zdpKD4J`Wd#r8)D-U9O}NX}%D$yqm+?u8$m(7tZF30DJVsdKI6;ojqWWUGUTf-gM+N zZ|FN$r7BUe)lR!w-26xX0D_wMb58KT$E^oY(HPlk8m5?+7iB^DS$O%e(}F9M_!}Iy znnjJ|@+HQg^Qpn%lO6v68sMu)?p5Q|`oL(C>%Jkhl48#+j8x#~AB}yn@W0`nm!#WS zrkSSN{{U)8cQl8Wk-aNARE`?;;~UuX@7iNZ)CQfQ$rhb(`h}I=WmQhG5_^6oy=&o~ zy`uQD!unnAoUyNvq8E&=7%=O>uG)0nk1AN3?0OaaQC!B+7(=5BF!dGkH;FX+S+8|# zeKy?9Dwf+0a8J^i+e)OYj!(kco%e-qlToy`xq{|1xW)-aBf96_x&Hv$1K{t&?-=M_ z3HaCWb6dM#8%O)Sdq$k*Sro2I4mo8x^~gS=x#bnG@l`6t##GhS_4LLLD!!kjUF)|u*0y(2>CnRa3qIv9^z{1IyF~s0s+%^Y zYh5Q#5ltyck+!>*$zfd|!(SQLU29gFd~UNOt&{|3I5pc$^Qy(4WT%KPpos~MVprry zqaTHL9ut8z4SPnr+_1byaZ-Z}dVgBpGCYdx`%=p3Y@m=Uv&A6&;^T~0AAP1;X>W0J zr?5twEI{ZF(yN)eOLMlc&}{C}_gl>%Ron`S zsIob_9%m1SE|%&$t5_yZM;k~Zp7q=PuKM28Lm)nKoM4VY_ohUR80U~EXAC68ar*Vz z*%2cUj^_hC82eH%o9KD`ch5b{vP@lrHUTHCcQ#%_LJ^Ae+Swf_GAPY&6}7}?%U>%$ zHb*t+c0Mfr#I=veW)J~|+uodAnWPRoTk&dYwjFzolJ*(`;_$NZrQ`jya@3jV_0EE!xQtcHF@K0J=qWQN^o68{5q@Y$Ji| zKpuZ*f2f^Oc7Y|gL}o`0F}vJXR~D6Psm8Y#5Bu2rj^omRIPH4c3wH|$F*fcS+Oe#x zrt<~Jc4h9pxS&kjxw|n&yQT}-R0?gLp%t{Ic^#FM9Bk@Oy#_|@zN2A%8kSMHzHUcK zuc%q+caW0{uGAkld>RdpJfA~*nIFnc=ud8#uM_c~f;C8HCJ6kppDC~I#yw}7Rmr#j? zoPlRyyK9mF9q34-*gPBKeNN*>)7J9UP%M60oS&PXy!~rf#P^r2I9^YsF_)7w9QmhV(izu?lh3O?W?vXO1>>Ms$Zib^B0FjBgIXWpg_)QkmnX0XgQqZ&$Uj z31%#$k~9&Ff^r$L&*4Cuv6ZA)`Pzs`V0i)gb`hP%w(oo+rN)dIV70nAbH4*{9ffNd zbTZ~-IyZ-Oi;JR@eVz+#rHeA-x2Gn8AqJ7qhq z!Cj{edzz^L`*H<&BVE}$N$e;U%q7)-v!lAVjt|@tL*(FN*0|fdnN7o7MBYk){09Z7 z3!R^X^{8aJf9;D)xnfn}zz27=V))|c{t_0OOovN~&cz4rw-)nBd;s`v{ zOq6Y?bHVRUvb=*qn%4O(+2_bCzz&_ksOLo;HTQ}%j}Tp2m^2tIWL8uxfRgz=PJJuV zb$<`a+Fi8zY9F`xXMniedkQ_FgFKGM!}ravD|nA;vV6fuB)`_WtGV?{JJpsI0@=pX zwR%)Zio#!N8{#)I!gt`QC3y$dy#CzJc{KCMAv;*E&Ac9Z)-s444UVOJ!L3UuwMN{k zPk#JX`(In!s=|P#(S|t2YGWId8C{uo*H&6hw3Eed_fxRKg5B%RuKZ7VsyvJ2M`lOL z6;B^iSM19=O*|KY-J~VJ1Pt(MR@4Lzu}d3aho=;zk`b?AZ*I`#Sz~5yqrGd3TNRDs zy)V0P8SPk2^fionnXt=m1fOL|2#oWRD?-M`3&)meqZ0)=0Y@r5Yo1ZpLdsW~^jdxJ zv^Mf=-S>$8RnS6u|ocb*b) zk}=d*u>SzVKHpzxV^s1cwuL!(*+Ci_9<1dD`{vEb}>9#lNyaIgO zvCcY=YT@*c3twI8Hp-fF&$+-VN8LWOql><$Lc*T(d@FaQ>CJM+H0TOooF7WUjt2~7 zcZfzkPI7Bl)*GQ?nbqw@!rfd;1-MnqZ&drgm2^K1ejRw<;>NRWp!_@Vr2ZniAS{zF z$sAnuZ2EFdY@N(y6ZH4s&+Jj6crR2--xHgE75MsQSkq324Q&Y>cYk>2(!S!8!Cox2 zjx7h`E~RPV?IOxHlE&UY-NuoR;llMiVu>ReUghh}dsy*imv5kGmR8z+lWG(~=)6ua zGW;I=*JqDGX12(jT+MRw3$^U^O-QW9G*jUJ?m)Fv73OG`sJ60Z*5@~cG|9|A~%x^i@6!V;4RFQ^0jp{2-QW@gDEb%1z^cuRii0w28t>p72 zjK7wuGtSdrC;VOgwX8fH4Y!6o8>U-o+P2nPtKlH>um%GULt4U^t=#;v@#n=)8vI1o zZuNf^Yi~4e`@|752*?MFj_0L$&EBW>l1{?7{ITs_agB+V#zWxlb#O|bxq{y#w&5a$VV|e9OrvuaJxamlvnwbk8L6jTj(`S{U!DbI z(HzMBi#`=-)-z9Mej%Gs(csuF9wx~^eNW+DTk%yi{a@lNllXq{-RSX$L<~+-C-U_b z-6ZaE(`PTOTz|p~3%l99*>I_V22{6vo`SV}G2V^y^z4LfmRs3mk0VeNVM#BvNf1-i@b2 zs(6A~ppE1nU{%5X5PF*XM$7&Y?+j>gYu+blZekJ0QV9;wyHn*Pp2YU7Dk7Yj^2fm| zOOF!#QSqmZH3%)QJSQ~BA-6`_Gtb=v^ZYBU`2PTN;oU0hPi-Y6)8)Jjzh@w0a_2bw zsDvzKJD)FUTCLT!(urT>5*Nu|x&?jh@T0=MBN}YlmCIbirCfm~!n`*eWAZhvnNfE> ztnePG;oTohYdL&Br{3Sn2$9_7lea$J)eg1rSHXJkgtc!F!FLQ-tP1QAg!0>WuX>j4 zsj2yW@fYEt(EL?%YZxR&w28^$Q=H^u(;a>5qq~<;xbW4co1)(vS;V8v1m#(H{u+*P zKQpq?H34y;r-k*wCCu;poUj5Q4{|$xb>W^m{hu^Lb!iQxwnh|kLnOtN5_8+NXdI`T zFT%y}bG^UzzuWAkSCS%;<7py7kh7QH!PEr@M zT~0gU`{*ANd^;zGb)8+TQHI&0QJv}s@cWKy^Uva+gghJ|n+|fs&;rEd)L1k8qbGscX2;&k)>nH}_p#%7Vs)45_hu9yo_m8sL--hla4=HdU zh>w^kJP7bMhCIpgu?R*no<)4!`%L^H)wOLV9~|ixfiED4 zE!z*6Tp;Pjdg8E@lGTndw6#6}nh9;+?DsLt769Fmj0)=f5#rrL!X7NpHH#}a@2wJ5 zNt1rk5RsBG^rmeXZhbZJTSv5QTTbyVl^A~t>Z-Fw+lFA19H9fyoLBFM{1A8cv^Lk? zEB%o?d8pmTWqeJ>gEX>(8WHn4C_O)f;CfT&(X@6yqs>aev^(dpX)@}^XdKtmp95CI zSMb)M4b#2Wp>J|ykU#J#<$pt5&2%;8(?fH{OW@5TPuKL%7QqDm5Wlv2JxV!a^CR+{ zV=lbpV4V9CU*`w^00k)hk?((GAKGWf-T_S_-98*@Hw~=#ZvNexMSD4AVyJW7PFL{F zb9*GJDSW?G`u*k;iTTfeXjO}^-5h7qvTeNBmSsCzamm2v73fD}k;cS^NVyEbk4#jt zjqa+yDya10sV;{+hC4$O5TIv1w9_WyvBohe=kl#p#->RWhG%3eg##q!n;^K3a-w$; z=k9hjMyd5iylpfI9GjH0agE%8?_ak60PsQ2+fpCdPxh3!_$T8XTkKy5ejt>xR+IN@ zX{qw4RGu)~i2C66qsetT>7U-n)BKpkQcfp~Nk%(dILpDscZ8JqE zz*4#I+P(YsTlnFq{?0!iJQ?H5En--FJ#lol+ReSeFAtRL2K*1Zk6O-Koe=Xs&>P@q z#yfu%_-{q{%$og-`elR>>HZ*+1G#VPBvItt6Wop1$>d|Fr|GwZ-WWVP7xsO^Y8LFC zb)>-LOB-?sK9$Q+YR;5rUtHQnA-tW{E#@LQ5RsI6{I&l8g1G+2_TRN%?7^=1!^8SK z8mGmd2;0pqxkb#k_9SLVPB~+M8Aqy|b+0x~eLM~3mt<4-dvjDZJquB|(fDCRAl(^9=G2(~4!JU$WFfY4X86yi!O&3P8s`wVw=-qq6P8G3rlGYJA3#m5LhF zUuxED<+KtN*c7PY0T|@|U#)vw`gV(X;rl73nqjJBAxwOsKrQ zVDraX+?+gmdPcxD!Nvt4^7lOBRPhz=pKztl+hrMGM?qS;o{6ma8g{9si#ywC(7skq zSL!`!q*P3;Qkct(6s|A#(E~X ztLS=;foXd*aLXW(ik#q&@-8|Bg z$r`W9n{rmXuUFEd)SA_Gs2(_@aM8PtR1Z(3R;G}-<~rrk{@I?&(6st^aw9*)SKhj- zOW(5DTcRUG>%)r1#)ej*bp^%Ex7lZqs<<-ydWz{aYfS^}u-(OQW0PiZPIopau+ll$ zF7s^;)F|2Oj=a}dqOlr|HMkyqAg9czaQu#=^fZSQ&QeB>lbg z?^ZSkcy1dVMJKV*9msVTHj~2&xr#-{;a;)f-9GB??6cfsa3HIZ+OaoC==^`J$^QTd z{{Yx6135>_EsW!LzFz@1b_OfB)4nQ-rXJ|+hkyV?MZtLnk0r17nd$%d~wO^nwc|nx*mUd zvKD2Dm&+%p?_B$Mhe^}#PMQ@n5=$e}E5e2}8Ku3RG3H&SSUl@MUI=kBV zddFV3Ti*)U*hONVL`1YI6bzs7u9`Bo=f`G|vUlihd>HtpqpmRRuI?tdw_uV-Gm^}Ga(O&s zn)Lqw0Qu4Ckj-XxEQ#f~Ex`ky@va%j`YbIt-$Z&hi9F}HvAl{BX`_4O`@T_AyGpiARRTE6|e*$<5#=j4*Etc0=k5A|V6)d+&Ab_{pGs#iY-lA3X zKJPEUs7A=I;r{^b8=XG&))#cP#$V7M{=IJ6>Q64rs0)h1RS$YGva!+Wo?fMJZ9dU& z3+!eE+h{l$#aB&6+SS@5lMjw74u%P;nqGhzSbJ<)nf9I ze6=~;K|JJp5nS^;s*>(@I(52Cn+W3-sisBtYt;m0S0|o=u#|30YS`~|i|8(|{>?hu z`2zqRgcDyy-25w9G-!2=BH}BEL_wVg@SjR>k3(qUmqUzQEW1M<@E3TSb9V)tK52Sw2Ha{2sDtsjHEFLSLz?ycy;#(anQNFfNBv@s9 z95LV?z@J+B^Zp7Y{{RHb@qg?`tmwWb_+#S@OX7dR-A>%*&rxL>hMO#4Zy}TcA{^v# zk<+$MRA^o;u7~8@b>h7&k3Gw>s`2+RZfl$QTzPqVrDo-?%E#tUhx|`xsVVz4;=HT( zkTw|)p%v*`4~W0Cof1&WVr&iFLC5A@kT_PP)#_LeBx3K>Jgw6=} z+FZ`Re;n*%`F>SAy-&2w@GBFCl^(3p{hfbfiN9>mgg>$Q*4^G^2g`2NwhIV+7H(l zuIu6UouJwZneQ zzAx1N1b)_k2U}f+=SaD@)>A>${NPoZ+U0gDk==4s=DQ&$m_@8t5jW2;;*94NmjOXTNxjQlr4VJl$E~- z$o$;+n+?{B;@x~pWboS0a?{$lOh#ipm+9&Bu3y8q@J(|(Q#oY=<@Y|7;a8Hm{=jh6 zcT)=)%UAyZ0PGne1SVS*xuM-dYb*KiM>?|Y8?(XnsHY?9;{DTh;zeLsD93yX&4%f$ z0|-Vu^#6}2k2x`W0X9VdcSGK>8P7{ke zc&wpi`GhDFaQDS{KZ;;!bxWCyEU`=T#NMO5a#TW%B$?*A<=yUq9i{cnyr0>!%ph5S z`4#b;6JCX(O%?13GzVtY9s1WZdf4=6qth(Z7~^xn=tW)BEiW|7nNgR#aIwV zI}mHDyS}^B=S!QpJjv7r$sCXd2kDC1m=$K8NMUK@a8Q1gi{U*JUihctTb&n2k+jQb z6U>%eZdm{wJNg>yRPJ)ts**Z;zlRcOUujK7Fm{rmyZvkD*tOpf_!q}9YE~NVs}7i@ z#MaL#^4xn4-6|%meC{sO-1Gkc9sEkwyk~Xx3wznE?b=+v)Az@5n#YU4dS8h2$*is{ zZRL1mWoE`UmCsDqrB14~nbkuEeq?-E@j&ta z0F8B>d2OSzws&tTG0|5%SIt_CnoX{=4ZQa@zih!|Qbz0w=dW7m_UX~Jj@Hh2*%hHX zh5^XvYoS1sTQ$Utv4tFhYt597lb7)X#dIx0%7k3X7kZ5FYF`EGO%yQQq9lbjumI#_ zcKTLH>vJlxK5O`!q-q}wJ~7GhJHt^zG;LN@ot87UJ2oQ>tiI$|*3mlFN^#m;`^bdJ*IB#E(zl5+@3M+I(}Z&(K&TFaFpd2D4!5~ZL`z-f8s-~ zu5YiP{o2aM1;FXg;496vi&re)z$oKf|vScpKstk}a<^Yojf-<+vafl$GHAL!Z{Z z$o-psDBSp0P=@~iNVpKjN{Jx{f}VtQ?_S;-E1~iDx)yHTPtt8y#5ym<8@P2_3tM|z zff^&KC=3ocCmn0p{u=0)77<(NJDN)sl*=Qw2F1@gJ%%gM~@@TbI@bh`G147Ubg(u0sPM?EX`Q%~@ukZ9vt zvbngoy-%Gsj0GO1vV;}QvH06ruBSIGqWFqgf3)#?cbt z6qIeo3lcDXg0Yl(pFxAD+3mhJ@J)^VoZ5x7K1J9Z>|6&GW_k+7MEYsul4gAJTa1}*gHlJI5n~2S3ZlfnkXbo zYp}~33~$Fu<@{r)SlcVwY4srKe{DrRpSNUr+T3ytRFlIE9mK`6GJ}=K=M}tmGj7I3%vR7zAi0F_ zIKb)kr&!)W35IJxrV!kdTXUJpM}26TUc9P7Sf)^SW7idpJ>AuhpBP|N3@;hYX4w`o zZ8eMS-g3z5M`O^|_Lq14vwW7*#yqmSWM16TGn8~a9{0l9CV^t2(J;${yF3i@isFJs zE*e-!Ne9fsfx4z$%qJeEy2*8YYHlJ9SqTid;jvvshN-7sTbpAV+TE%Q$B(^^wMfY4 zb$f{7w!6905fU@xzq^0hDN!3yqQ0BsgW~bb!*8dHp1PNI_1~; z)y-k7wGA*qJRzlzI|`0PBP$$FhP*9xc`VBd#Oj%l`Hlg`dJlhU?H5ai*Lui#&T;B! zGL&pfO*Jw9@jd zsu(6Z4)h2{w7N@KZY@z-IJtbB9A>GPm4dqbs(Ok5?6f=R;gJCVvYh9-n!n-=Qr10> zEVwK)k=W1&HT{nsqX@e)o(@jajQwh(Gg!n{0u=^9DH^RpC!jj%*Fh+V*Z4+6< zu|!nl9#^FRVF;&`5juyIAD0~fs*&l}QeCQ{IVU;x_n=&+{k@>IcPzoz9V*GPiP4F3 z5IsOYdV!rkhV<<^J6H3ZTSc5PK8LO=$GmB%+pfIu+FS{=^MHqL2*<4fbB)&Y%^qMT zm1B*Y=G>rXIIjWLY<#PWiBoihu{rJq76XW%L%X@SGe!c#o_$Sd4Idx-P;Evt~EYGyM^MUGWT!y^QOVK<(b#Ru^T+19P z$04LUSC3kr`bm@(fB9Q#%Wk2MV+R=WwO+auXK%9p#BL?{|<44_sD8@!0JD0O2p6SFrM?F~m`K zE`Nyo``0CTyHreEaloL;TarQHSgb9hxV47hKJDxYIAVQ0s-KDOa*)|9mrxE1 zmE$ARJ*n8jZ0h_!;#*r0439F!Dv(1K=Z|{qH7K>?iwzoSiI>GE=Suavl zgMtE%O+k5S6wKEf&fF8Q_CB>US_w0syhxtWnPiV>`FeZvUP0rn669DRj!)c9b}5gN zPaI;QG;0}H;e0vZrLy0f73H~R1Du|sy(0R33&XY-4Xinch>VcPM;n0qr|U_xQ-{*N zAWf;k1eTCpSX&(MWXNuN4?-)Z)_hxJH1!hBw(|b~2Lt9mUcR*^ZW^8^e+%o^bIUMG zi&q02WT_s%rFJ@5vbBY6CbXI|EN!_UAoRm|&cG z*8YdC>d|V?e7Dy|*>U@V{{Sz(JJyyJjQxK5QGG#mC7h&e`F=X&*67y}Z6N*6n4_x} z;Lv2>V%77=Z~Qh;v~e-eX^1!tq&)-t&intEQ|8Rm1nPI2#D z0bwe`Z48Dvx@En+D+#`ZSh*#;Bo4Enc|bYA&P{WgWRWG;*x_I&$pjAd043%8_7_gl zD<#k$DzL}nT%GQ-s_Iu086=aX(egRy9wU^U!9z{7p+} z&Z<~;eKFu&5%gD!PSm_M(Lyo2FvBBbp(C30Z!O*346N4scBp3PJuAbhTU#EDI&B^! z;`j>cPz$*p7>PSokKPr`&8s(u>@P1gsjQ;A3y{u$(MnF{@|BV2Q~1u}`_B7q!~FST zPXM)Xmb&hvt?CwGXLW=m_XGW@I6U*my>`M~ z&RJEtY9Ae1cvj*~GfL8+zSiYsMU|AfiM?_ydhEgIbz!7Rp2a0FMAk?0xD;HD4EN9t_hgyg6|sx*Sk#fZPHS z7{@1`*v&f`N=Gvt^_Gm5@d@C()#L@X<8TK&o@$lWwFFm_>V7c2oau{hV}?BO2>|sT zhl+lI6nVa_u3zc$LUij%bj=R*5Z4_8E_!CZJNVi0{{X&-2FID>oSf`O{^9?;AmIPd?Nfvyev? z&R1$v;%S8TjK` zzO?a2g>=1T^!vHu3fowM#~&?acyiarUJ1F^EH$ZC^@?w49zyI6bJX-5E4tyxk=^)1 zUe>-N+f5FwrnTG=WpEQA@zWoGsP)ZSdx&)%14R;8JW3JphjQoB)YLfZp-J0A^gG}l zw{_sZgz!tPJ44}gwvs3it{zrl^Bi^On(*%hY2F{W@&2gZ9k;%YYl#GsGn~dwdjs|8 zD(pe^CyIU@-)jCEYq_nY`)qss$6yr#<0EgsUOtui`#8KB{q~Q23P*Dj6D2HG~YW0eHv8{uua=Zf$f+oAl3>_E2~41mk!fmG&RR{{RkaUl4vCrk$!Jx+c3c zzq`R9V)nqtuS(3_(mL;k9||tM6!>dOk6pZ1w3GL#a7Nw!xgOafx=)Os2=sp$cvj0( z)32wWS+@Q33dxYY@}wSn@l6=irmu708;u_KM%OLoyqLhLAQC3r=N+-yzNqmh?KR?G z3iu;Tm&3xt%!tQt94vrtLO?j<+}6!pg&j_d;r{@{yXh`9eOmrSxw@7N!5-WV-j(-u zi*q&K!}}R-Y=T?eLRhvkvOam+?O4to1<#@IAI1GwM7P%O?PhqOx>)i<9&zhlHKfT4 zhrBwRHu1)r^5+WQ{d&qU70#hy&fad?e!}&5P~_G)dLf;NFWc^ zi?&NV@8NW}I!3c@SX^7^3Zmwab3dzYM%D;k38$r-QW%o6Aj7e=_RTvAzjO z0G#@FrDA#P?0kWF5tJC^S22Qmjw?N7D4|st1?TBi2dT6f()eFqyU}%xHva%kNh6*q z1cb(Rk^vtn_B_|?zlF8Se-LRFTD7F@G%~1jkHpRiPH*L~>?f_i@s< zto6m4OVoTlc=qDb?gokEkvHrZ;HdSkO8XF*`S0;F!1^>gjr0?PYb~646X$51N#Ft8 z`&Z17hK~8|plFd5iOTSBE1ne{>~_VURD2%QBJpQ}yh-ruRb;ulia|DMwl~q9o;GxkfxV&NGi*m5i39 z#q>Ui)#uUm%gg%>X&3t%{vR#(bO_7TeKITXGyV#h`vZ7~_LlvWJZ$S9Mq{f+{j!g#cu_v$1TRs6m77uD}$4c^pUhd z_kr~0wGu(K#DJ&)Gta$SjxRM|&HLEv-h-kMv2{tvT(CioNanO>-#iwYmX_DHn#P#x zd1)+fwU%UH!IX}Be>#bsP~86jMNjx7hwZs%`)_{7-UIQbt$PCePVn?2Nbx1M?7Ni0 zi7}k~!wt{(o6^5eFKoQQBpC)K8$L;6v4%6bV!u>iZZJFvl z1xUDJIowBT06^YUpS#Z9`R1jKV^(%6$6WUm8^vfMhY~X&VjG-Ph+?`%jgamju18b# zr6g}m{+vJHhQGC~{;z8{?DO$1=SRQN^xH{cxDO`jH7zz%wKt*r<}yLZ%RuIElBDYejRafqg@xvUFmWS$`3r0AIiDwBdqnip9HUp=hs$!OHh3uP(*lF zI5u-A>V$OU1N9m2R)4dn&|$QZ=bKQ5+z4+~zvbp5!v-GX^{+Z`2_yJ&{{VvP{=;*A z%pbJUd|UW?q}f?~81d+91EqcxYPQRW= z#h!G>RSMe(F1X}ZpLmXY9|&t+Ce$pgrJCOTnbl|Iqa^3$KD>WAsK;GPJI{bW5wA5H z&09*oV$rO-;9^EskGsdG^{=#a`^J5;EPLYM`t$8urO?WIolV`Oj{;p3X5Go-rE;=e z%@yLLW6FeMhR<5w#2%*_=@R&I&P1N&HNE_=o zH@%+bHCYjNV;;4i;=M4*bR|f9i#38ZE(S8eMt@Lf8An0!Ja+d`8)uGWi{&m4-sjf6 zYJZ6FYG!LmrH`BUr6p1e$Lc5pdr!EGTARrt1^D?}u&$lOrlX{YtweF$ zq0W710@jz|+j$xp=Zz$~Ol5${1JGBHd|bP-U0X}Bdud^G1*2_;X+1eTJM^v6T>{6S z5i#2oq?qx>@99@Omrc1Wc=<@^X_)ettPn`&U>nB=jgpz3tt<{IZrTa*L-}F8=^MrAauz2ZL0l)9vvr zq#gk)#Q(%Z@#%0bUG8%JZF)+e={5;Z|4?hZ!)S7D&Fn#73|jPZ#6;W!F?sg#|GmMJcp zLW;ntz&ZQ1>DpA&jXpbbhuS*#prtc za`o%e=~ZKR$Fa%SXo}j8n9=#Hpk(8%bvND}g6j=zvMKw{0pL~=+#0dY%i*yM%-hQj zq++vgY<##HOsgvJ6!xhqEh0@0crKBa;t=YDX9wQ9?Lyky_i3lh9UVH3+)!wl!e3bG zaZb=dwr+Et;<}9v&N-u7nUEuf=Od+MIdn9F)Wg>NEhfEmkEekyBr4b#C)ic^t}pbM z5)iHO3>@_ss5>ds>NiG``&WkeUYMmuVyd8E?Wg#ULb0^a65BzyT_W~35;GyekmO`~ zfBNV;;S_LR+nS2YXl~Zx?Id9t=kEP$s*pvoCC1V^`%zwVdaaBS z018AH7jx-~;51(x>3Z}Jdt-MU%I(@hAGm!8u4;0TvTx}WJy8c8c7uCh0is>^Q!?+er~O7hWSf)Zc^da z2P$M>P6!9Raygxp+DDrBe)>H_Y|S*+S;z&>K<7MHsUntuDI<=RjHTT4DM<-!CK=)* zXz%Y@rP;Q9;kSyN8P@4@A-7rOA#1J6yf1-QCz08;LS$X$R(nsT zr}$6dr-sFu))lVz$*V200Te(ez(T+=2dTjN_fxNHqw+2&;Qs)vRHHhZQkt4w+EPpN zzsUTxvhl_D#&3vzE%=$L+FL1&yH+1$kp3PSe~R^V*_XtC&H}SBjDG-|Y?X{>NTRABdhGNG)~9F5PdTjyyE* z@I30EER?xwE&rREle8PS)MZ4!*xyO`SBLj*mjPdsUVfCP>fSAKk4Fwir#+ zvLdp&lssn{?*RQk0>4qr&rXaCXzp6s9Ux{Aw_e%$)V7n2iWN@m_MuO?*(6I8?e>sS z8A;>XyFCZOZL8c`Si&CXSGt%*1W}xqW6%$J(DN}fvF5%$v%b@{d+!e1B-Yn9(uA29 zV`~oIrF{9~4Msf&S&H6kk1{Don8f|%=szmXQFlIX6O2n!-@Y7a4dPj$iW4z~i23}p z#%tevSMZNY@YjUzb>XZ#-NZ&vrvx1LG?aUud&j4uJR?Jf-Yr5wc%o>D7{_}1f8l1L z>!)fOec;_>Vp$V;_Z(HmHa4e-WsPgX){Ua;uN(cIS3@Lt=zXgfzld11 zz)~|?Mkhzs8aX*Fbxjvnw@o{3uDPb(L#SGp&QeI^4z26eO@Cfq1-9@{?VIqs;1BHs zHI|Wou2{hGT-hD7LejKmD~opw4%{|fayJi`@%8YO*0Dd1{+YNrJhKCwQ*WAuM;$sT z#`p5Gf=kVx%ZL0F{{Z%A@VA10Y3*?T2dWG{dk81iq{tIjS zI^B3L<1d0gY27yIE_7cNh1+QvI4gZco@}MDdTtAA)}rz8m~m z@YTJ%mwqtQG;c6jTrbL8%DH0$lbkRBXRdHhqe`XY%HD_a500EYiNWJ=`G#Jt@233j z^ZjdXx`H5<{L*U`SR96V`Ag5!;ZeS`L+8% z{49Il+Ozhv@SHZ$og(MNS6YNoDO`Lpx; z;I6-}{5#gQF9%*5$Te*`^wtrTv32eMLy(GQCJHFnx9^tQKieW`zW9Ev`5VaOo*f^(mGJLNOidhjV4uX&F8ud;Wq9E1cEcp>fSd$DDhVnUk8Dwh{CJ2HGfMxlK%j~ zM*jfdp<2d)Vd8Jt_d=S+4~QqjvA2lzyK9hRk=+y+;z9EubCN;l1P`y^*TKzh!c8jk z!Z(+8aO;**eWE=4rdZBN3+i)<#}O$fW_(Y8ejKc;CY5OGI`5xtd3K8VE5G}BpF#X% z@ZO&v?8mHpM%8VkYp8WdEi7d#z;@uSeK{5Ieujw!>1m<|dE5y0uPV0Z_9urN&ka&C z=`Yb8<6U434tv$eZk)29Q-O+5KS$-U(MLS;sEJupG1TUrC9Kd!A90j7JF{J9Em)T< z^%i(VyD9=X>yuBOU8)IP;0~U&>~PORv+>5Apxt~2(ENAdz#{Pr-y2!uWA~7A%J%x# z9pMiT=^qt8XU%U^(`_y!@!y2+iMbJ;XSZ>{9=vDigIUg*kF{%4m(wqNIdkxT;&*^G zt4N}}yNF(Cmkkhe1nbuw!8rbP;lB?j31e+-cIv?~C> zbMIUFXAC7zmQZ-XtXa`>hxo-{%`LvL$sD&bfh@8U$Q+N(ygN_3mq_s)zuHiJhUOu# z=YZh<09^i*CSfXv(snw1<-MJ?<;A?v!zyoxvfxNPN3CmlCt)BIka~9&wJph&Q=IV? z)#bL6cIgkB8jZvS=N0dNvyX^8FX4T5+W!DmNUg2zW7uT}g=5g4#=Uw`JZxOsO(UcD zyY@!$7Ofqv>`h|sWQDWA1ZKZJzBEQLra=wbCCr3}1E^3=e>_o$rnz)Dsl~LB+_F$^49l`8t!KjYKM(b0%ywx7-OM5AqE^S&pjTC?|Bil9Pw|)fh zmdOpig9e`=>*Vkc)K*;9MJyaxx@MbWpxZn;a*IXFINRKsgG=)kc_kXIthddR<~7R^ z^xK?%l|J4^pI3@Bw7pBm7ycj~7}7N~p8i}YS6sA%+mI{jABCR_J{W$|J`C4>9(a|< zgg!ZFQc6-#rYnLvs}O$r`+X_^ewA2DeXYJL>db>9Z~j%b_2I!)x3Hvk+73Y-Q5 z(2CZ&yVW%dh#e>L?FR){qf@ymI-M9N?rH41on-dfABl9;vezx6zqOEl_A)R>(2-oOjiB22V)UIg^sJAurE4N?;yPAhmveY#T zOKZ(OSfReRK4NwbJq-YPevz&Vy<+Ao$WqGjBqCVU{nPF2Yu0Tgj%ZhINj>w{w}g&b z)bF_tyW!0X#rhQfAJ^>Gc(;jRm@y9vj)Ye&;Y%xThPs(+sRh-%s1Zv^%U~RSHQz$L zk0TL;=10~(1^D%&cxmnDx|-ey8I&AMGDdm_FTvd_##*YuJ>B1kw5haqWzP=z!6bM801;oD-wwPx z{jBynewPi>Y5+Suuzpy9l7C9c;!mE%$F>&c_U{~%6l-bw9ZO3Ei(gK)1se5)UD=^%?_J+86fAae3RiV0`kw|{p`9d zYRe1@=W)(5dwz6S`fMe3v_8>EZA3yVjifNcXOUhf;x7v6cJtj_Sj!IXTaG^p&PTOI zPj%GpJ{^2u({vx%*Y=S8ntms|67J$iCMHdf`~} zmU!t$1%tw^r727Q00Bua{VAVc_%Gt7g`s#Z;>*vLO;TvuJYWUR1_?cVYn1Q@jdhms ze3zGrZ+UD`qejYbU$I>MYv^#u{tT_5>j|d#UsCg*RMT4C=1DfgBXSkL`t{Iwcfgj` z?#pOx?Yz=hIT#FmIIhUMGsv$a+k6kRahal(fIYzVuhGv5BY0oJYvJz zD0vVj&iJZjQ1z92&dj*o5S-N&We@D+c*?Oq#Wdm`V*EXnqwTW?N)*2kMt zM{>52GR9R+b#_`!tahs4t2=Y_tL4z-l)IL^JLG9s*KHcei6P5wAIiFILtRKt=q>#H zpz;0c(k#K8hN%bkots=m50P@ilmfXOD%W9>3#611PZ;QFktta3^vTmtiKE;CIqQx` z6(z!~fWF+W4`1g&M;#ovStE5B+?krX%`LX0B1v!+9eFK})~luUs2gLrLyiaskwENo`p?^p47T&CLQmc9 zY5HU<2A*2w_rC5i+JPESTtxyg02S-UHD2QBHH#~>5y>MaI4eLLj-RP&>2UUpB#sc+ zUf_zqF0U=L(rLP(h|CUuc5{$=W`SJhKGhk&k)s%OUO_!a(zPvhVI{jOL_+lBe!2#DkxLXU{Fh!Lz%z3xofadT%N#p#a~NlwHVa1I>>;Wbj<`xMz)bJ zmW^e2WtS(Xf2Db+iS(;EHC9VG8aWE*ZgY=X2~5ej@W=Lzs>kLQkwGi!IIk(xd_8$* zy{?lbiP|%qfkCWfaI*qlby4KEDlj@#C$?SbBTNq5WD&{tsgvqacK5|l+FKYQD)(wL zuqZrxS54qZbv{_X42SQM>KCLw<^uhS2?C?QAufe zZKyJRt&Zeye&`wF^&gcq>?6#4MXXO^WJ_yynYRyY*9Yc(wM$O!jxtU^g!&qCmB8mG zm2EDH%glsvoKko z+#=gc_py*TG?MB^H$&6Ui)5F>)*3|GbaG7t7g@7{RQ~`8uQBmW*+tAMq2+!CGq>qd z(Go@iS(~UrT`u(u4l~eKt!R3C$dDx0X4VqQ3lqp+YS|K2@wQ^Lo z-9Sm4?y4v93M?i@Vh0APcuwz2T~OIx7^0m{2s{=Z)EKkUF5B>3akb8Sllx}4d&TCfG(@~yZCfRLOj?k(wx%RF-MKXj@9DZChxSbR$uPpoK%~}M-6ZG z3oSa{&cf8&%@AP3Hg}H3ur=8)^)YP)mAG|?XLo$mNsi}PWo2(^rbR8lkuQiD0CA7; zu1izD)NFS~CYkM+{DadqF_nl@IWM-~L+8qj{z*8%=dZ0~*~2!Wa`56vW+0vU#w%1r zozAYt?*2(2fQckjZl||uo5flbcaVRhNd9Yl*v3ddN(EyeX+S+V$A`Qs}PRwV1s7_Lb@ zO(P?r)pXrHd2HH6N0A&z2t6AZ{{R}(k57SN1z=a>xXn0jYH}VT@Yee|C$dPyfMluT zoY$0T3v~>W$8xT+MFZrkeGH`|vYOUQi$+-C-m8YmTxOqZronM)V!DP0jZQY6 zb5SkGHkncgRy2%97SW7WF1NNTcs!XBNl5Aa(eGGJ=2A}QCj(19^kBP{x!YO~5R?%( z`A@YF+=G(4M}pvkw8h2^Y-#gAXTbqy+sHf$)TqYh&=Tqd+C1>2Xr+KB+cnO?6fsWE zJG+p@kH57<-$P`rp}(fh6M2M|P#c277!>V6rMY}SSfh1dD;6^%TPH_d>AdleTGh0O z#F9v42?;LPzCml;F%i?)RHia7>b%_2d z=V!Z#Z&Bhxj1LS3F~?e^8v|sKPxi^3Wp{Va-(%9Q`S!7FDy!!X8v~4b)s8!vxBAV8 zl;%Gr0&((^OP^C-r||3H-ksw;BJ)zzbvSG+WOE2&aO&gxwVi6bvAO6`w^P?VCGhLQ zx<;h>HITp5HE84>RGas2?V9@sMDTu_rs-E2gX%C@Y8LT%f*HmMBeMFRYWe(LA-3*% zbdo%(YsZy~!j7!xEL)B~m7y-9rP^rL(O|Zu&O^Cxx;-&oY&B-mw?pTzi8{TUf_68S zlU*Za7k?@}Yv*V@Re2=$wwHbFRxEak=tMD-c# zUYu!J924C7J@gA*AzxDQo}k_#)tL@#Vmu)1z47$^RhwfMi2flPi2O9k;qMPyp)^s2dSgRVN&oi|cwF{MF9mT*Kvg7$2`c~FCT*_MZhI9+)Z*@IzOEeLg9@;Ux%WmP9ztft*x7GYv z<6^cjUq_|*Q47oD#(@>`GIxw{II4_C9d|fQW5-?}@Rh=7nsu6MTGY`P;FrrjUB5j` zV!YepCx|R`2rf0>h#oW2Y-RGqf(d2ImG(hfMh8q1N9GU5Z`*rO@eY}%cw54Z(dahw zy0p>BhA1=Jt$uaue-U*JNu?&@Y4B(7PQlj~hjfJxZ%Yn$uosjyj zLpJhPj%!nzbpT7bKt>FE`q0ti92}m0f`guN6a;tN>ew9d#YG&>)2gxC5#W+37_@0D z2wad&qr`WrvO>+cBb z&#l_)k;@mEwS2q+xf#Lr74?6>8($B2ug2Dv{xhD|<4Ktc%{|H=EC4>~KDn;w$v2_r z{bjS#z9QZD8^BlEz0Zg3Ahytg?2V!Xbm@<&{&n%5tK*??`i0Yk$84E;2eR+p{=aJ zL_AcsL;FfqRF*^hNIMbh{{YtXu4<9g>7ysH-1s{|&@^v}R^BMK)2+>SgR!5Q>F<6L_4*zb&wv7p!WFBtqi@V1$* zY7^=g7WSY>{GoDiNI#W&zl8jC;oq}pxoZZ-{nJ z;vW`xf@s81LM1W?K?+a;c^Rv`c-aKj@QkqlV-1f}UwQl|_@k|-!mTe;*YucdFD=;0k#8iteQ?X$psHxi zp9FZr$G`Bgz99IYS-G;cu`MwxgU-&m`W$qxJ@G!KmNx0-vAeR6vSkO#IPd;@(&P^# zW8e&4An_lGuWkG#ph(cf2{$25Gt`2-X1`JVKd0Tzq&?l`owNxGB0Q-cz*`^8;;zDG zFU9W<_=@k~Z-^)G){_>l+a61p*O!q8LG zP)S?KRpcrh^Zcu!MUGNF)Y2}zFWNrhd;fnYxQk7cfO{ilb${h90aw>gMydH*^hP+RC;SGDk`s^(J zL^nz1qMUA0z;j<-d|%LX$tQ=#S~OP{dN!?YvKWssq`2o8=z3R8j+mdezwkkC+ZX;3 zpBH$W_CE3T{pb86nwov9KzoM(BJHe`zI^$!TMf23IQa`Vmo4 zY+QFfp7=}RJtM~2BlvG#w6{8~qZN!e`K6DN4t}5Kiu4^zPt&|T9O)gfZ6_?P77? z7(MIp?^Cq6x4N1qi_2B%kyC_^EEHEwKI4+1jukQ%SHT0dH|&b#WZqYi`B!W=IVQCw zo;+u1`A1<@r;Vf8v5|9(*1;EME6L@81ew~{z#Xd9wbmGhB%$E?iVfo7Z668Q>sp1zo$zLN>)K zsp++wk~!K>(!bFnJG*AGX(42|w~{ruwUJNXg}GDx54bgrXTn#6nG6nnvtP@1{1hYhcfa^Y@jqJeLa=BqCNSP3ugf0X?Q|e? zAX9>~MpKdbue`~&KzGDWLk^58Ho$yrC3@i3d`=llsU(mI0Cap1Gqm?LLPZRcd4T8C z*7pJhg)mq#&MHrtT~aj#xaNzFJC0ca-mEagud$|va$9%Ky|~3LbZn$bl9--7<;QGP zioY`vm2A{=8`JE1kHN2sTGzmji=GYm#h~7#Yo^Vz`rOD+UBGx`Bz5)2wSRx#voFT& zBjTsRe}ex295g*o`%hfats|awP)XIasc@{PpP$P;xjcK+)!6KdKVGzZ?J`Xw8=Vg3 zJF8o`h1H`14-7H~;nVQ0HYqhLo5&=YV{~RQUq(;e=hNk0_J~{sYf`$Ib)?c;P z?4R));I+lHSH2{$i~DoKa~Ss(o+G=<9rD1k{{XD7!j@6TsT2X=dXATU zV>j9CZQ{bq^9DP3%{?MmwMO&fSZ0ZOgPdpo0MsY~&Y`Vd-b-Z(ltBzbYV990eSbQa zRlK;ogUBt0kA)+vdzt{i(XKTcO+{dp3Ab`LA5W!v?azdC=`Lc_r3O9f1F6S8pU#0d z(9ZEDjs26OLv?OeWSPo^0OfJq{&mG!UtC!L@{`HVI|>Pmx*o0JO<6BQl99b*>x0s+ zc$fPseG^#wU8EDUAOYA7%6&nqjI3GnESBjvm*s+0J^961YY9>z<$=@ktyGXUX!v^E zM|B%LzD7oJ4mhu3(KSf){Zk)jjqTWAoxL+rDRe_8@w>h3_IEZx1-J|uhxfg!p0d@h zENv17oZL(o8;IvMnWSahgH_dMxzgp0&(23ede;x4TK%%sW4Ts{@}LonkwIp5y=^s# zjb&pVMpq*nt1{M0rio+)f~f>?(t$K}x?aC`X*3|k_PEa+kGo!nX&$q!n`H-ektMc~ zfGUzidonl@4K{0q$r6G1b*wF4R(rfggze4>{{VWVB8u=u6fGR?!~w~{>0Py-iS6Y> zZ*d|B)d|UN!?iO+j4u@UgGO02`826pET6uO@NnM5cBkoAaOx_cvaavQP|<$PotB37 zkzPq}I!!D}r*Vvo6WjH!SH!x+5=JcGV3!FdT{F(#S_)7k(DfTYjEyvYXawMzz2F-RngT=86YP9rTZK^Tt@aa7Jd`0fI#TguY}C@(PS%VRAbQpPPTt~pL%A-dgQhR3PAwALSR`ITJb||Z-!=1B$3KWypAT*1 z(CuQ|;tPPHJ?DtyKgW-1QrPUL8?)sNSHy|0`8OBSHSOZ44(v`h4&ZbZ>R$xyq|`sR z^=OdV+AND~`5-H>$=p7_(zvS3`;HOe99D6Rh6e>6YLdOaO6|XrK7#Twh~Yay?mE=> z7UpQJ(3d_-Zccg{@o^Km{;GIw!4z^VvX);>-<4|nx2u17V$#C@08+k4A%a<_Dp&P{O7hy*Q}hK{t&g(2DS6?YIt?W*F7(#Dy|-EXh9Ekr z_BEILWBeZQ2a3K4Szc)umR=e7jWkMOxwirQ_>|{ks69`wt!E@EHD@N0KPkQ%UEk?3 zjSE+I`*pF~D3D=~zta`;wWZ(MVFV~1mCsRhJ-i})N6fOs={D6Wdgrwf>V9ch|{qvv0S{{Rv6{{RbkrrP@DFvdJMtWHM>oUr!!nA5ZUfQnQbGZ@IK?hrr+j3Q z(Rh2|=Z!pVc9z~5(Qajli4QEG#~S0gC+S|ZrThs#AJer9{{R+vvr22w0fyGo5487E zK|h@}Ov0`;Ee|);w2iX2*&=fgZV&aZUHC7l*!Ww<+6RbrI~Kn-Q~B}6PTkHFf&A-O z(>zRGF7S5fN%61Yzlywd;=2zPMPqHH{{U$D(@w!Kq_gKE*S&FGKKKLh{q+9;2x{|K z+{vul4VO+^DKlpy`Sh-(N2&Q1Gd^kx7u9Hb?}F^~?KaNN-pa<-+#$#+gK_$r+4zsA zi@yN)sifNQ#SoR0{{R*V7$2QuI#y)hGj};8&xh=xl-)%;p^3o-lNrageG7f#-wx^C z47IU>OUOJ$I+zERFgkI~V->0TB?@gtT=pLZTxvS^!!*<`;rm9Sk(lHF=YTr?G|z|5 zi8vA|hX8^YV+Oh@qe_vr&bP+C8cknkiS2E%s9ObDC5&TqeuowMPyYY}qWJT#_!r|d zd;_>+f8ZY#!#<&589z3ieH44#f&JG|K?A-$E7ql^sQiP+ESedQ2xb&2eVTHb^{4Nz zy~f^*?7!f;x<7*TuL=Iocb8gB_Fom^@fFM(eb7v9(?TCPS%KwA^4J61x353X{{Y0# z*?U2k;I^mnf5E>IA-(vQ1cF!a^6lSo8n6tgpLn+4m=HaxF{xbm@1llbT9*UixuWE~ zq|)+>o4fQ)wtUO*&&ADi3dudo$lHu;9BnAWf~0mLzO2))GXxSq>>PoHUOBHWGWU<_ z`flj$d>`ZA82l&riQ)eMie3fr759U@eWtMx-^8Jr(S{m16}WUD@~4XQuZ>@|N5#L| zI?GH?j9xUj@x8^A?Qv#;+BhJzVx@ACpa2{b&t7Y?on0C}D>v}hD#vEneDe`X_?ii* z%gO8WwcWd2_daA>i7jrU5ittiE)ROwypItv%I6vS)ka!qeW$W(bCi_?vMvU~M&39z z`Y-zk{?}d?_$}j)h`t5=q1JtG;Ma=0D%wBq?f%hg49Zvpnk*59M|I8*V0h$jPIhYh zADZ~F!ZOaXO86R1)g+%Q?JH@q`32*j*y~;RO|9GNI!M$!P4Lp~^(|$ePk%BvEIig| zU!lR;%1G^>YV!X808Is@%3~dNb$H|6-ygJrz_SHlpm~L`CIQkp^xHy>%z%!*=}jHktnb z2}g-_{eR-GiKW-PQQ|x6z}mL4JG1YVhYHM39CQ`bYW^6$x=A%}4{ATz`kKaMjPyIb zGwECvYu{FVmQ$3|qe?WP8%8N4ypi=^#4nFtCGpqn&*9&IvS_{?TX>|lySlo|d8Sz0 zJ78lOBx5MBTVcvY|xwrBzE<#Qr^mRv9!LP zE%476c-(X#_Z3bE^M1CZu7zb&0JNE8lF*!(^TE$rpW!SzKf@mwT(}qZ-U-z$rnc0r z;%tW{enN6{!6)*prmeZWEYaXzFxIq-9YX5D+GKg0xJ(|#xX%yi@mtRe#?6B!Mt#r! z0A9FiXwKSiW7Vx4MC_dI1d8nR*c=iu@}6^^mCGXPGe5^x*0+8hyN>8HsxIvJuataF z?PXzMezD4Bf?S2~f-(JSQaEZz`b)unJ=FY1;U5m@+N&(-WUR2bTo9~tf_wC?+DTty zh!qU088|(~Z3!!!l`7dDm+-&A*4`@9FQnB>_Rw8hylP7Q(nkb??~3?i`%}ao3e`1F z4{JJI=COF8H*FZHC`)0y;;|QYXbQh&v?g7*Q_-yE5*JJo#62WsSSlC zOAvU${{TJf-LAZ84~y>fza3sjFM@t6SlcGuLr!v^Y+==04_|&d(-Wk5PO0bXJ|fk8 zTY5b0TJlZzFP>$7>_@$HHib4Q$of%pH%zaoYQNcNyc)5#cBN0s*$Uc$R8h&8e)C$3x6~M{8=nDO=4v$1UWsW^@25uqp!*_Wv9 zzSVHt#%n{Qjin48MI`?KO33jpnFh0`$PKhpv_pCq<7uvl?sK@@^PN9Uwz(=IjtNRI z!3qx3UfJNeUeXEehU6{TTg|e`vRh!FPWK_1_ZR&#YKR7RuV@GaQ~qc?2G~uG$qW&ymdX z%f-nbU1^%Xn&?c!c5*qdQM~bXocd~=Vp!K|g$#Nq`q!yWdLI)i51Pp3^*Jn)M!VIT zXpN)_Bw|={x$R#M_(xsV2gQ9u#2QthxU;>w5junNtXS*({{TAF_i%81Pqx0z1*m5rycyn)B-~c>0*Q>0{1+Y9AB9p!^!uEX?pN-lQ7b zF8!`op#r}yB8oU|?coZs#Hbh8aa}ky-2N>3S>n{OI65E88Nd7q#eeOmr+90^>#15p zlZZa>IIiMN9>&_{-L#4BK2eED82P=c=y2N~#dw9G?;aM`^le{A(e#VhVzjN?j>5VRGNIRfrCA}D zV94XATAEEs#@QoHillL#w9Yz()w)>}7E-)*^{a5)7Q&H_O!uc3shcFc)DqDYuI=3i z9qSWYxp?k$@e9WZnM0OdaDD4z8E$rVQ(D7rlH6iv7~O%_-l*&IBAF9T5=jqVLy81& z6JAFgiiDiEwQE`_U6O?(9Ou%37VdTHo2CNx;L8+aZ#}D@NRsM#?x9`5dhI<1d(dMh zZdk3vUTL;1B48b!mA?v0BD&urCI=bpC^D3-q0Q=g4Wis8rh%3`XJ|YTTn4qM+00u` zNVnwRH?;rMKW4DDLYo{Y_I0Cu@axBO?YKRHy6mgmiDJ_Q@L~`=_V9X84xkD~o7ttwSk^^XDiTZ)#!4 zjz%djJhZv{ddRLy7=h(+-2HP`Y%K)W1T2jkvC9y8;(&2R@G9>1(BRyYlTf+z#0v9)=2$+5h$I{Mc;;^-1P6FOTf zN~&<6e8z&Ju6+5cY5AAUjdn8}obYRupHFz)f*sVH5<6CMmqTQW8YYXT%RSA-{ka?z z9Q?#)y-!HK(6n7jKeNXwM)(*9p!YSIs*BF^Gbc(&3A3Hgsk#eBJ^>o*eW zzGvGHmRkUSjRZ*PZ!MmDyQybBm5Uyb(n&JHP`^{?DX%l0Tb!n|;TbgsOR3AP#A~$* zwg=^0%GfrW6Nx1K;5o@X4Q@%-=z4|JS5UJsa#uTv=DO>vdub=PnmyxwJlviX=dC7y zef5RCmE@5@aF?)yfXH}nrEyxenSD0fh|kEmAfAKpteVsW(jilGX&ul)9fsg|-Sn=n z#@bfB=3D)R#ihQ%g^vd#9cxtAL7d#S7g|=5vT8{^>NzYyC5Za^SDI=MZ>Y&?@Y$`X z1Oz1GcReYaMV+>p6tK9GTbXv?5Ue;~rFKiI+Q$d)w@ENL&-9>*hdrn@_0FSi%N?-O z%^CVrE&LwR_=48r8-+;o_g#4e@to8~UCd;5`p%v9WV+HWoeH1bk{7SIJ!`== z?FQ!F^LiF{Q;pB*?N@SR-JB-5u3p&ra0HO4$t(!Mk^0soekhXVk?skWRBj7%ik8u$ zDC+mu*QFZD<&rQmbNs7})R`fUYllR6Sng&$bN)qSYaYiD{jK)HAKAm(N=X}>a>MEV zde>QTr0P0eoqejL(JWTMUR5WaeX1oJlReHYe0Qj7nwkrU8c1EhR|)_>fUeI`vP+v) z19Y5k-Pls(AmG|mww3KcS5h)@+|{c|A&TxZv}O3{ZJ~?mL(!fCW30;OFkw343l92Wwx9=eBWH3)oFq^N zaYc!fG%Th9+_6ucx#PI0O~6nVM{o%p4_~bYYBwy&qeXLXaXCP~Sl!Qh;+8=z@QE0O z1QCzopwcH|wo0)@DFjRj2Ork6tzJv^ zG+&o*9PSv!WigpCU)#xtf1R*K2VB*(bf5P@c5WCyHU?`Zx*EntbbeL7;Hns4sU&p8 zL~q1k<)m%H0D4eUm5d9awZz4}iS1gJF$<^zHa=W~#RefQy{)>lD8rG0LF-v@yJ{1| z0$^c+?)9b2jp@a*+4w zd^;7CZ6hp~`RaZ7_WuCu^{cVPCd~f;2KZpwY8Qi7l1uG*%g8}u`&T^_9*bSZkEQBR zL#SR|Lk+!}w&Yde*n9iuwNisJlY19@Hh;IQb$gEwSuKVAtb{Y&3~#~YsN+BVYUq4V zsv*1Fnq@m;eQcoH@+^?yg{vaO4854$u8-k zketZAfM*|>tKKK^KZG=WX6EPNcZN@gZ0AD6!g3kAl6_C~tL5wwq|XrX2Z?QMk{kU? zRe|+M+i#PK%5omk7G+GakK9yu45S3>{b)Jc?h2|l zg-}18OR?Pp39`WS$7&2@Ibn7{%gzr$PAd~SkeufSipo;#Ly@O%U~)?xxZ@b9QpNn) zTr-%IXFGC#DuN)oovw+X-s++`po%oL3Rtvpz5FvyQjoOPKC&#Cm?5VrdIb zg$%nb$6gQCZKl(&UOR~_q__iYZGgmagYA+l===Q#N7FtWL9XfL zH1iB;ZkK8Ma)=Z^II+iXbiUH~^L<8XR^!;8HV?*9N?((H7r zc`oLJ7HMNU2|Vrk@mj`4m$rrf01tS_LD76gsd#Ty(jn3{g}4iBzGeZ(r(<1@#jCpu zi(Ly*@iJT{nKYu`%#8IsWPdNxwddH@o9KRv!Ke6k&*27$<5z||bkml2<2M621EI3uoSMYY16}O7)u9jU!#x(=&NI3<4I#x1vXKZvvPk`=kW$?wD z-rJjZBX-00lw+a#SAl#}@ivv=KOYON8&SHmxRww?79)29KH12p&8ae(z2RQ~TzIp= z_kS29*MHLk`EO)o&Ie7|?_OQ5>vprVS(x2*2nj&mzV&HqW1ZAXb5p{0_S44xWa8#% zhnPgJ21w?BNeUFnh&k4(EZFvM& z#w(JWM9evnzsH*7w4V)M>9&^#R*O*8ZNd$Vs-adwexF_|MkL!lzW5>ITb~8!*AQto zRuJ9IAtvZX8P_8la(h>%CyxA2b>Tf9X%&)j}s7ZSnx(M-ld>A zT{pzy(AsJeNIccRRRt}sq`z;69&Tu};{%6Qh&&rljq zh;-X!wm5i-Z_ZmFl7C9%<<#!9_-*gwTX>8^bgD*oaqCR3Q>^g*w4OQBt*-3#53y;` zqt4Nf<8TPa=SlE;!ColWf8jO1@dPYwCwCTRQgXP@Jn%TFbo-Lg@`uFl567T*-0Abm z{{U!M&qw(iCyqOwE6+7(KF@(7kfWTD#wo^~wINE!3x6M+jTX@GlZV0WU1x$kM&1(f zKAn97Pc#n5lDZS}sXd2Yrn*r|N9*T>JV6Gvr&?+ne&HJ;gSh<4K(6ef4B}^%Sne!( zpK9f*%3X<#ou0L8d7|nT*6(X~3AW3Fwl+N+{VVfx;!l8XydkS<)|X2e`#kP^$j1&c zd9FTVT2GPZ$siseSu$UKfzj(ctOs(QrUF+GdIdX$=Pigd~2klIfim@K?* zUqXK>`;S?-T~AAn;wMSer#L(~HP1baoKNQy{tFNLF~{+9;P$(54u_~-c=N&{ZCgS% zqkNZexy-Q+IU#c2hqZqeUl6o;>@Hxxk!~ipx_l}!;otyc3_XZ7H07;~8ys=e&~A%XtcZjhj&t>`I9UU+EPG=#w>E~xrQM`A+HaX6$#ZjV>vIktV=E^k zYYsu+SNGZf00d0^xLfwT{gkw?2zajc>;4xPfg?>fR)XoXHO;VJl3;&}Dxl=^m2CCq z>BpLs*Hvfu+x7eom9hIhcchoFQxorsQIU>tYsHFW&p*GkJAM^2Mx&M} zzWChS=W+fj9lmyQpe8yB$hbX3w_mio7YK+s9qPkuMGOf!>+Md)@s)=d1c>V+D?;NO z@(q6V{{X=ke{4(dhuV{V&bs637gqXAzi!Z4NjJrHX(0l8VhP9`V%K%yWmg6 z%_957+PA_GQW9 z8%J^*ja8u%URXosYBonEBi2;z2jO4Fr~DV^_9`C@{vg_Z)m{YB3j8ziOv^R!g$fNn zP(OWG0!Qx-Tk0CQZDtZj^HF}#$t>$`e8)qy{Jjlpcuc&GA$E;q+<5n`C9w@3OME?x zRIs?3^6W^KVTb}h`Di`s(Dh#x=z6X8o2P1!&8OS>Wdx;3QQ!HVmB}ZlMm9W>`@|Zj zgEd?EbfXQ-E(nTG;ghceBmCyN?}9!x@qB(KGWeG4K$nCIWtH#{1D>Cc>0LBrCk+qP z9}D=7d#xw^Fd|%S1b}mqipbP&V!709_b`la1pC)?Wn-3T>Fs62k-T5L#s}eEwYXbp zmiIbadAH1jv~o5EMO0)#=Gw=LBfPxRy!%0GaDe%vIRdmSHH&RlQ)_H~WgRNSSiaD0 zZt~zjCsVtT-nd)+8p_`4@=Zb75#^RA`^Ov#0Larc?Jn|rVGvj2e)eRCZ9f)cEIQ~|RT>vrn~;0PceYU(AqwS+?quv^C* zLuqyXBkD~9IqhoFZyxG)c9!fP?2#0Sfa5qmoqC$Jr}#%vhS4o`SPXN0&=;e7(@N&C zHV1{9PmQi7Q4DA|bNp4)cw@yHCFRms3%grMSNCBF01i5uY9$$-A+wq**^yaUPu*l7 zhWtfw=EusFNk$}`^zTZ*dM1zHn@xV!VAs)DZH%0`>e%Uu@hk5IYZeCYOTM{w8=btx z7!IV9kIJejsG^tHB9RHR&+eCL=eVwqM@j81-Q;4a+tQPXvPR~S;s~v$mNP!Yem7>Q z>k%#Nt$%I6qV zJbmHFHK9jwrb^K%W>NEcn(XZ_Y~%7?5LMTLeGLtj8Cc5kBYnPGxm~$AkPtDGUU{Wz zNiLsqZW)#LouN*00pg-kIwQHE60e4oM{N$L3pvok83>@lfS$1B@sov(v4#3lG)G!3Ev)QkzrLC~SYnN(B13}8I_>wb$j^*kA%7M8LDn@(*{5`j zeVW~g&SLA&(DC?IbzPC&Lvw`i#7(MQN2Teu{{U>ek%A&Ca?6pp{s7n5T2F=#f~;*U zVUB1mm@KWiw{BuGdGF3^#KqONhxaeh8->*8iOwev^J{a)LwcVbb9xfLiWZg`i9{tqOY#-ZZ>018KKi7+lLBqVJll38#F z?f!b!$AElQRubxJT<7jl+)ead70Q=Mt%PPLTgB- zc~$GEn%YOh&k$;}#7(k6Xn8E>1P`Tq*Moi%==N7jHN;DGDv;Zo_q+^Ni&} zn~V=<_^G8#-V5;j_NFGbvX{#8$KDFve-H4ljeK!)bab__joo7NLl5>z;=6ef_?=qM z-oJKc_*Q$Ulq0DugKkfH^zgR2j*qC=U8^{_g`?Pd6WjFyxhkW(DX+^lC(!s?QjY6P z)$gq5jw~dMib3ZY;=L0?@T+*kK$_mx#y8ai+-`t?70&t0ZRV-YmMd zv$)c3B%C~lY>34C!oJh}h~T>LFYQI}E5~}Zh1+OrsL!U7sBnVr-J?f1?5(udp-Q9J z_&z!F!#@(Ih_nk! z>q*R@9tM8t?mnQ`oo93Q+%sEtJug<&F142pba%=CR%6w$Fi6*RVi$d}k z)PtP2rF2s^sZ~W?o?YV@?>srIHIAtp>9;~a3~~Y)bL@W#)cbNt3`(Sx#y+*WcG%6; zPR0e}mU3bTAo53Q#J|5cim}e*s2D5RzO?02K~%%3EluqY;xCB&Euv}~b+!G))`KOq zmeN|zOp*CaK4l7Xf%LDO*3(QnjmD#=+lx;>Z^)wx0O^6+u$5DSu3sD7BiTG5s>uKV zv51bm{oz<&7nTd9(6wC#Lf65`ky%b-Z(NUFD&bV+bU9^X`j-8YJb&<8_Wu2ium1pM zKaN(KJ-QnR?JfN4loKS;ugfeuxmS&p5PO2a@xlIPelPeNUj3W?C;UYCO&^M3)Nb@m zN$oA};TaM`!$#eDlq->%>aQt#HB+X?@|T7($L0KIo8;9l=~S1uj+!oK8{5@MC;lHM zd3+xdd}7iuk6O4%7bE54BDr`p@u*+Pb#WMHk^IRpxGsH7c{9X5hxGjnHmAO5+SK+w z7}UHuWU<@nmxeaDk6`(kIvn<;u(R9@Z98+&VxdamLBTcE8FV}CrHWS{Xj@s{ z0=tMkYqI^8J}2mK>OL#*tSyK4^lCYrJ8^FG+)Z!KF>@0C!AL9F(gC~eMh*i zcU?%WqdzivEc+94W0Gr3rMs}TSt6GiDoX*!=U*f1 zdNux^V=ld;!8DfE@fmI++(|?oz~`LexGJX4MwE?j32V?_MQL#yi7K-0=da^l%ctD_ z>wtG2de<{LWwpz9wh(Jteb%3F(xXbH0aJnxt#}WKd_SnP^J&+%@ut(XFzDcS`qaSl zYdadh383Gn&8HY8x45;N$-{pZ58fWfgI`P9Xj)Wv_ETT0$$FV80X_PITS0X^TGMRe zzBPPoo5Hcfp?GfN`zg{h=74dA{(hDDB@xN&Z!)mdP5a zATtj2E>=BCM5?JKa4^+Y@&g6DmnggTjJLHM$6O*~K@;CPO&}wV^|kgy9Tx;vCrn}7 zbcQ%HD=PHHO;L^|mQ{GvmOkAn6)4=kba`&wOfX_nKp}h9ZPt&dK_ZA-Y^r;j4r#>0 zyTr3cZF2*8qnzV|TRLk(jDe4qL8oI0O2@N!bM{mC&-+Lv=A-aq!(o;#)&xVLXLPW+sLdse(J7s|K*4%wy7L}RID>7po) z6MX7=RO;_@5Fz%S^*rSm8itVJF64=Gba5ne0&rdwUdExcw&+rT|~)}@@*`}~<_cCX00evG;H?`PvCcpBGAUY z;Y;te+H3?YiII`jbJsted0&b&Zx+v@TO9Ju`~9 zp1mqoT6I45wp&Ryt)%NTU&6q36=qZ9t2Bg#=iiFm!L(dr^gb>4>EVlH_;>MJSF@N~ zM3yYEPo1G1k5BXIUz*+-i5ExHOiY>b5FMw2a58I(q;=H#3_W*rnc!cwea4XA4|Mw- zdrUKjnnPtYYnE2;{EdEa{h75pgtU%B66JDzJu9yT6{!>tR>h2W4RQ@%~;&j4s_fN0#uX~SMfrG}1 z3$IL8(S^?%t1~aP>ExHoF#w~l7_2swtgYpbl-8#NkwWJ0$&w%55V_<5Tegv;`#xqQ zka#_4IgN{`9Z@oHr;HO>izKjbR3=94lT5*)^z&R?+X&sT+k1AXY_#{ekp$bf$K3Qa zv{{tVzixr<*4kT`t)l0a&JVR~q?S@6+Xnsj@R8D)nULB=mz(FvxsV^ix~m%v7UBae z?qGaiE;u|;4W3itD+m{ST6M#G?04Y(-=$#K-Hj0QaEAR_JPI{vw(i znIwo9kf|BtfnJxUu)4M~N?JhN=lj$WaQ-Ee#J_BNRJKLaN`+S)aa>)mhb|+zHy2Z% zC}pyGA8MwBDrW7`cvV>jPB_I!X?oHF@)GKK;-tz@I-7T$WrpDq!uLCIioJcPLWmU` zC58z-jR?*#vBM{bj+8Df~2YMo!>5HapN!%Gv3YMJ&6@ zJgw=#%`)D0((a6RPSLwJ3P&R}8BOYR5^q`3WQ3B#IqcQc+ALDoq_WPC$Qx;oJh!-@ zgO=6xD}6Ry*6PMFjlhoe=lbrkGh9PGtKCI94eAlF8|&*p8n9^^&c6~~%OsP|$8hJ9 zT}xgsh3!N-gfI4%7zo20&{3`7UmMxq&o!p23tHN!%tc%s$J|pSo?T~Anhzu-0OB%E zcMp05$aUWfLYC09Xd38!>~yYuVw%@%YK<9Fjz@Y4Xv@^JyT35YbTAGbed{~Oc2f|K zImpf^FfMq1L6%F{;`0ck%;l9XxxJM%= zoK{DQG(!rahkjf6+h;jd=U^glWXKF~zsIP&4UVub8VmqNa$rP$p?u#NDs$iW!;SDb4)ABW!Uzq9nH zH>&6_Zwt(sQgemR-S@6$&eG~e+U0iSzYV$* zB&zNFMF%4k2Pxs&jIwH_B#Jh4ZUH?=u5K+3OFQXhypzpEIFDoFob@83oYFDwL3eEN zT+XW`o>3<_Y=C{Mh1O-baQ1dHNhHyrVhHL7ujFY)T9;$aUAyb-QzmvUOisA<;9+1kf| zqqcKfcODIs!$~ci_Ylu=6FcI6mn3JcD;Hxs;r+LW^%>5YtBCHP4op$Bn}##ey{>lf zpM$jMW74%9IklUu(%f6ZgXM2?>%~l=*oNN6o$7kj6Qj)S8?yQzyIHpqNvWcTU?c8* z1#?P0N=H35ofKMwf2_J%HN%IZ19&=QxI(JZKpY`%Z#jEw~u$8io^iFFTFC_ z$yX|fWmV4rVmiJJ5_@pj@3HGI8<1VPeS(t7@R66MH6TA9ftZ%%_|q&^DqUZ!WfI$W!12ph0-jQZlcZwmM~?AI2T_lr8A z#$oco!)Cm^MkOr~>QcjZKB$96g3`h}n6%3)h?%}^@d9z&XSQp^yl3$5T9)oR?J~_E z)10wg&wx4T4RCv2Z4SuOvCeo;{u2!^Qb_{a*(4H@%vhYLJ-sWW_=)ib_TO^Z%9lEW z#y7g)ZEROv7$KiCPpN9!ma!8&H@CMNuvR>|=b*suPAl*4g1@l8jC@x5M~yx$>d)}^ z!R~y|vq*$oO%WN$UjG0}^(opbLzb;eBlXMSf5GMOkANe#_yOP@H^Vv*l)-R zIn&%p;oU0hRMdPr?KHccP$0yFbHVqnC&L@=t@S-a#W$^Op*)*b%qdHS9=JRjqc+N? zSA$x;m&5)Yjy*Cpf=7npU=dpxIA`g*j)u88bzKgB4I2*^-FS8I{#e+sw) zIX!PulUC4Yvek7lpxFi9v8<#yLDX^6{PSFO_losdw99Q9M$^^{7^1>l#+=N)gpPO> zykm28kD2~1d`b9Y@Jv67yhY+`JyXPJqBhc)lKYC}4Ce!y{Hgfy`(OM*_?J8yZl24a z_*G-_n%N|6?t15N;E(>jbjBS?Z$si6-A3|eGtTqRA~|8tOq!ziz%ebj$>>FDk&L83 znUs?=whv79sN?cPr3oYsGCgTMH96%jrIQ}eTXuU=TU!QZ^GgBF2<~b*&S^`iu!SOY zZNRS?1HCLZr^;SSkZ^HIQZsXAow_=%)Bi@V2q3eV*r7n@zIO#lG01gyEG}j0GJ!R}EUI@1;$%%RE7R(c3|P zcXMwv50WtBAdbX#u3yE!5hc{T8rog0m96cNk0D7oke)N1hP|Y(q4MbYQ%vxW#J?H{ z^?wg(AuVk#N=Sk57ChtVYxTqSdHtWXEoZ@lUe|R!KSk9-D4HYz+;Rs$iL2%4S0VF9 z$8Ux{7Vvk(@>q-gM?PvhgOwu~Y@GY{ZnN82-daWhBm;t1@TqZU zRBE42{5a5jG2mZ}I)95=2fK#sc`k_CQX&^1k4$6qufO#@S4P%sRB2W*Oz#sUfrjBG zbIw0108GANO8XBBXy_UcwSkhytX#;Ha0sR4r{;ARjypzMy3~Jyo%VNKXBEE?&pIEz+<|8QbV_-0ZaxsBimaF62nPI!|riu2IzGdbZl(tSdV^w?X zTw;3X!S4-t$vz!wPpu@jnu=UUD*3dvf+DlhFRpCiw<{yWtXY0vyPy96Re9Hsv@K)9I=n2`Ge=^|B~uyB<@a9Q zs8TA&XKO3lcy7&&!pjqrD2yDsp7|ZKS$5ipytUR6?g1PykbJjJWn6V1t!iZ?eGOyq z+e7frf$Vkf4^0HNH?av3!fo=~t0*17C#`aDd~}n-8aA<@e`Z?hK?*xE^DZ;a0RI3z zXyzx`-0yVX2K+Jop>)j}@&3u-?-0cso${)$n8a`iBw*L)*Tv5S+jvLBTAzo-+?Qf0 zcB_Mtj(hrWXy?|(GNjKCmf9$HtGcf}4;!k4mbZ4&vq0|*r3m?X=hnJWgV6i8_E_=s zdX=ruhBc|KZFN{;-w<{O&H!@XrG3kyNfg$yZjm-{SJd-Z)ud}0nw=fEff-bWUj2F+ z`Q!GO@Zwx}QuAEVZRM6$MTYU42WdaV59Vvnl{2QCwLdpl%Wl9sv%37b9qX|0w}^E= z4(qxuv2O1g+R7z#Qg=!}yZwIwT1GZIVDvtm_^qPp8jRX!#2*jKb*9*AuqWCCUoshh z>fed4+RykQm+gq33BDzGhxTCjnX8lFzY;iY1*Tu!+udy$Ky!sH)O)C>ZibxNSpKCX z(CHj8JkrvuE`95J9Ky))s-TI9&q6<~F;Y{RU5*bJ9lhu^gXmmGK#K8} z3)Atdu*c^n){sPb!6T7Hj*4d0yCR}Py>_0w^{>#6_$BY{fvJAQf3_!sJbQ7k+*y1x z)?528#CGh&qekokzTW#!&Gg8pN~46Xy4`*H9dKv*L-=pRS`MM4X}X4$sas!YH}=VU zr_7ESUMCsAZutIK^{#JRRh63R72KeZ+;tV^SEpxYTh#g6<0rz~A0GH><4uzJbm>$z z)tu@EVU+=F4@~0~`LeohgLQf?wQ(H!eb<|&YSFY|gk%z-xya#$eR!@tnVh3@`G@}i zf|mZy7hexPBHZ}bOwlo89FG;_Mu7y76Y|OL+ZFk1Gep@Ch1;|cLC7`NN?IKCDVg&| z(WvsWGtS^D2_aP;X68I+-*tAzXCsGUqS!QTGcXcl0abqLGPLmX?rEsXk9vPOE!=hTX|14zrEN(+|WVQ|cY?txv8 zgnVt{UxofS@VCVe21#{e;yo(nITm16rWwO1rB_}|BTbPK(7=B0p0M={De`tSz zo*MnAeg^zg_zU8lKTXs$ty02A(dD^a-(|YNDBi_eY2*E>;G9cr{{S^#jeiKW{{VpB z6ufQltHydv+JA`jtwMWQl!6q5as!O=bB?v-kPoq5LvzYL?l667BR*)UM`lg+KD+p5 ztZRB!g5D$4EiG=WVw8x9T&oOn2t7_K()?NBtqWD~s$ALz8qCrOqw@abYtI<^{*}pD z+30IZ*D>^6A`AZj4MC=A+7OxT+1O?-Lk>9h;=JF)wst-zk}YpfS+x0W06_vBg;_Yp z2hxf&mocQ$vGvEoABb04-kE7@sV&8=-q8sRF`RvW3iX-V?PUnW@7!=tTK8iUhN3&Y z2G>x!kt0(kMjJWg*QwdTsMGX>)1^tLZvZiw3=xM|oE);GWgzekiiJxoIM`2+t=R)r})N!X6LQ zZ9GE+*XZ^{uvpu6RE`fmmG8QqnWV>cX?JO9_GwiHNPXLntp)O#{w$kDUk=-t)UK-Y zva*wbvjYTvweuC+LfUq>2kyB8zC{GGzNI2Pua~q2^&M-CMY%p)3XaH5Hs=%)br8Mf zvY1$~QU@cbty@x;;z(y0IRl?hS^)K}E5ou{_>j^HJ@S3NK~ zn##7(HTQ-{wL2F3B&^;;#!dhpr`DRex-fMOB`qQ-u{=wjbL&^FF61_%$s1_zj;5SZ ztRiAw+r8AlBg$QIxxKyXV@ZXjxQ^ZKK2X3G{_bj|%Nunb?MdM?7uv^=eJV*Oy0(%B zjA2yrNZ{0|SP3JEt|e)tV}t3`8rQVB0_7ms6frv!}ht5lLX7=sLQDKJ;i@WpYTv0 z*~0h0UkN@4e$k#4y0q5(7vftB2sH>JZ<^BbXne$xI}~B^pGF?_ue0V%{P&3Xwiz~M zfTLC|tW{5Ee$SP)_q#8h`X7#(jfKtau-|OK+-LpM>0IxHbQHGLX0_BpeA#%_P7f8y z8du!?lAUF9?C%A99q?z1z8~FRogJmr968?Ym1Y>>hvI95@NewV;IE0F7ybqKC&apZ z@MxDlHq&i&xP0P~UD&+AUN*rP1RhRnvYr~~&UN%?`|th=UHY$2XAjliBGETm_k9edZ{(`vWcP2^Tuow(DdVs>wAi4+`VPeYp5 z5kVCV6SA~`4n_@OYZ~%tS#&YGt8%5WpK7{j#;zg7Xnm>h zw?_D3;|py!#JV&v+-f%PD&1R6&c^O=dlO$qH^c7>UTuvunC<0t$zXAhryVP{6px+9 zX0nN&@b}@SwGWP_($`COuvOe{Gr>}N52h>XzY_c*@cLOnd1DOs7jUo6WB})m!nTD2 ztlGb0Ay7zxEbY7rD-Lh@|c<3o@b!yu*)K#WXT{AjAPopLK{}N zwZLJuhCuIJl@YE6e)31mUOw<$-k*InvhX+-F(-Hfjjcx%k^^%%lH>w-ueAFX}0`x03EQSk4E{C)dN_`=HHRsEj4 zEcY<9INfzD@kh+islt_vzo9D<13n4BdP;@Tcu}@Y7uQkE=zc=(^Kf={kgW88BZn!bCzr z(;=~feNWcBfA;wOoqQ?#9{$pLRqw-iB-1_`c+UF$>}@4h`y^8b4g?L*0vmz!#U)1Z zen-S+d`*eMab_P1llC>KwSJt@a+ltfzVpRzw7p8}Tk!suZXu3KhfyMy!2pbc59MED zd^+%=E|&fqTZtZZmm_mzm(OhdYU2$L(s4P5v{pyXzqCh$(rsEx*{@#XSY$6SafSst z4!+g%Z-jN(Z{iI+6GFi4WRUU*?fKMASoHAnx{Eyk%D!6z8jiKbUs~csDy_G7r$JnE zne9`Kg=u6d8>0YFakTUzy!qh}UP@hZ4?qVM%;wD@Vx`hi^~yl(9oQdP6xis*sgPLaMKGowcANFyIg0}BDWrU2X37!(Y_b! z{t5VA{xiRa;ck!OEq7Ff0^BhOQbldRl6}W-{{Ua1N+*e%;bmVBIx&2$t6#DDC;LPH z0Krgvd;36s&o_SvqVQ$E!r1TZ#fGyzrQe+QaDV}dJ_f{WaysLR{H4&=(@C?3PPF~i ztV$6<>?@{Hx%m%;J`-X1R|#5$8M)4^+~p^~WW5snTRM0r^JNVTq5E-ObMXa>URar= zfAmL=;h_!plpN%b!nx(S`ejDrsrpm!Yr`H9@o&P}^~)LLx);hU?iMgMpd*5R5nlrM zpTiMon!c~$;94t1mP=;~*$*SH;aJqC(VRIpXzEv~Mq9?m#oh;(`y*M_H0D_&hTiGI zZ|YRBBk-@SbZ9T8u@`Y!NhDGnh9AN!%c~@N_3_l{uYOk6#*^Gj7RCfDql(AYw8zwM zv0yiVBj@=oWXeon<8LQ`}Wa@1wk!+<8i&v(R;*<*16{ z${Uwvcu@A|wP0%&)*3yH=A$*jTU$ah#PrEL3f`1YClfm!-SAJvo<5G#T9@H}jr>{R zOSXX@QHxHyXx8AU`AdQ9ai2q9s2&SzPZIc6(r*%J)*AeG5Cph4kckZ7j&~E@y$I9j zeElfXg-KP4N>a7oS8cE9(ENb?vOj12EB0~t!Qr0~_!>Ve;n#~^O}69i*j*~_DxSoG+r+cNrQ>bNd#Uvm$@u!?Si94$^*^*v zsCfiNBQ3er2Vf6x@UJ>?I}S%hzI%d_#^9r`Aoi_$sP14WKq!nd52&mFon6`o56K<# zOQlIHtPbsmI5;^KQH{ot=sJ8spq7c<#X;o0b0f- z`!gp*)Gn;j3q4^{8?d__LF0}xE4ZD!n8O>x%s6 zmgav4>T`HvW}eGZw7P3~GPrNO!N+XmS5-Bs^EsmBS|5LWB-Sl;-w45^-Cewz%n}mj zRReeR*9N_-Nw~Dv;kMKmTTd2uCgcr@^ioIXIgJ{Wo1A-}o&Nx}XTX08_^$I* zy_-s~x|&8U73v_4Yevsdz;VrfZ+K@x@fX5R61Icl31izc2_d=3JNV$2WKXp)d zB=K7GJsRAw(Vr!M!AJf9e0umL`#yXa{{V!OPq)&vZyDXBnuWge=h#c-?^vZCr9sHg z1QB1C8Xc_KeY7@g86iQp=qt^v+Lf8(@W&D1b4ov1!bxv`y@Zlh1#la76Ts{O3(0SZXpjz(xXWwEtqtHFAxrbG@HuF`opts!cx z<-#620n&q(awoR6-6TkgstLzEtENbuZez6&62xP2j-J%hv6+#nS)iGWiHB33R=FuW zOJk(;}J?WIyf|f zb~85lnf8;g87l!T(_U4oJki{4-o`BBfkH94pC*O& z*&&uPIppVz)}o2@I1B1dpbvf1?6ln@N{01e5lEmF0N0NA?#lbbH*cs~LS)#xytO$r0p%90r^7Us z*TYb=z0TdHHdCLes z+OvFF;Avvkl27d`T|&**J0l=~bKLcyX7-I~Yo@6$7Qn06SD*N!Rg+SvF<%|0s}%ZU~% zv5%J@cvJ!1>CI&dks~ab$LCS&R(B5!O=)VT5cvQmOMW!SlDX&8`Ln zd+S+s36RAjqp8oJH2ImEM@emJwvZ-Kh6Y0q!mJOHt<`D15{BTAGc(;ch%tdHt+D&ucH))Tu6qoac}Q zdTy8TCdA$gTep$rkR7T{#s}WCP(tN2wOwNMVTOBn%$D2svZ=-a?_PWV00~ByWvox6 z$$K%C)Xbh>QQJL^O&>cg=G$+ge5Y ztC{f$!iJFN^F3)Za+Ug6*g(=k%QC6SA#exMysqx(PcWOzFB=`{#bN|2I+*5$I7HGn z%n2vuHOpPw>NB8*Ye?ZZBP-O8b3y}|*EE@BiB%W(n?Nhlxl2#AX-^ti$OORilZ~~q z6GV{f*HG#v`s{hHob4o>{cC&etEpySIrSgPlX?!t?J_%=u9gt;Iba7PitX*R%~eE; zZeo%1h}7}8Xk5Yo}#@!@040i6vL01`cW4Q-~ zd?&5xs`B4H`AeTIv5%LqtldxH>e=cuYtgxa^5o%wearPDv8w|T#yB3;jYf*MW0XtFtILJ+0ER8uRws;m*5;q~dn=ZCW_1mc7k}P9 z*{)FKXIrLf5!~+^ypfz>^);!d%>rFFm|R1+WcLEI=hRIYo+rL%jndZOlw;72qqT5a zbm{hmCBefD;d>g^ok1SIZFG^_q>(5LK-xj(u{B**{M*e0=R3M~#w&heWRE?%w_BoC zQ1OiQ?rUDg&@>T1s+e9B=NbCebC*La6Q!h<)3|9^_do3YD{lI67M(6j$&f!9!<>AK z;ii=rEwEvE-HvK)D2ao{N<4vy$?PjcX6c!?H*9ZZgs9C1x&Gdywp{$Duby&{t6 z4P&v^OdZ`mwE5r*l~24lzJ?WN%I< zp?GiMrlaCn*Y|B@r4A*OH$m%<#=f`khr{h3L9}}WvxfQROhGJv)Ee?JIIf4IPBt^z z*Tmiwwbrzj(=?TPiI49iy**Zv@A?PYUr(@Q)cFpY7Ir`Eb?Qf#h!A2|4%#{U55 zZ)affCCe}>%-AF!TI+rh{>@(*{yFM4(P-Likm*uOw&M0wD+-R|dG@bvjV%nNGxitY zFYNvBbKq6T9>~w}m`4;j36z zMOW8#<{;cidE7z9M&fBW|*oIbnadw&bOzA5oeqorGEhBD!=xC9(^;;B4Q<&Re2{U|wP$pYmN zy6}GQwN8-%^8g2^$6Cr#=wT^zA(cG5$Xjyf00CB#9!40jJmVcI4B9LUY=Wem9=vp` zkXgCJfAY__xu%yxK1Os=X!Eiz*nG(p=N`OQdEvhYYTCk^dtE0`d&b+cIHTN1Cmdpi zjbTXpr{LG@ucFz(4yo}r;`-YB%+f_{>~|u8(SR7|rGA9?C*ifV?}s&6d_Qra=#aqy zXy=i3kXJYXhdJW8D#+e2=#MPWY}&(9W_c4**Wz*>Scc)r=rh{8jeAYkH0yg?-Ah}u zlsruT0A^A1N6!Jh4RA>vbmhu?H{vZq?^@FlB!44g{PAZbis^JH^i4-fI$hP+wYg|^ zLykh9LOWN{Cu75%1f`*=@QcI#EcknSsOe)_noBt+l0hWTl|V;Ndg(qJe$!tQ{vG&> zQ_-*HvA@u^%Yh^yKi=aVkF{K7s3;*kQ{r>+BUxQ;_GupOMG9G*hXc^po%o~SXz@Ij z-(`|eRDz6KkbB~_CQv$EHq%S+E`u%9`g6aO>h6efkT%lvY?FaC^4Lm zrYnx59ke&G`1A3X#M;)S;`m^^j`HsMIpkIdr0+YA%6P9!_;2wtO#^Mbz8%$Ubuy)6 zk#JFQ!OzyJ5wfvO9>=G6mq6FGOKmSzg6Y=ahmE#yvMB@xJ-M%?{AI0uqr)~BR|TTeGRz=_@CkI`ag*EJti4qnbJuZWP!$W!TMJMux*vqm7NuWuu+qo;-r~& zN3z}M{{Yy!5B93dZRG3&Yc?HDE6(krw%6hlYDpZ#{DiUGSDwf4s*SptxmbeJ!*-Uw zdLTO*U=;F4JXXJmJTwwpeL5X7?shS=$mtm>%Z`VSO0_LajXNJ6_*Y)|VR7O67Syzz zZo!x&b9}2R=N}@P@NE{;NV&b%C)K07OQ(wwI3R~_dM~;)iPv~`&hE`;nmdze8ja)W zT`$HzgiUqf9T&#(FnO*aXOM-#A#=`q^!(~m6pzlU*x|gHu^YONm=;`d{xzQL(a3;; z-^|xtIrKQ{#OnM5uitoE#u{d~WO9lM$a=6D2Ltu5*6#~z8g{LsX?OZt$Ze;HN%If7 z$EdC6v6K!H(5UC+vY z7Whr{FA!>4O2Q$MDP5f#AmEdNGg%NRky&OqX2S4rMPPSRmWS3~0QF066X|-V!cP)v zMFf$()|Z6bK~?*p_N)u5?-BTKUeml$pgh_aiS#SfmML77aLD-tW7i+4sBX;KDE|4s zVo#5HFYS%{EO-avevPeKU-+8B$!zt=BjKaCKm+A^j1W)JhoyZ<;EhZB4_UXojR19% z5)S2SIW0?2KEBm$Ej&r2G>B4rNncH`5nO}HxnN&f%}X`L`*;S90^^AcM*BY{@#ZS8d! zUMVf%n&1ubZepj*9XTHL6FRA%+u!^UfA-=30EU}xW6FF*6Row)y9O+SdS|_UcKlB8 z--on4e%0Z#y^F${(Uf00NAlU;9EB&@kMtc)dD2>l{Q3Q<{tmsl{c5jCO7 z9LpefW3&uorYfuMSqCQybH{q_gXnOwHM zND?-lBD+}!85A^iLv!|L{s_tYU|swK_|D%2HEXLYT_;=j}LfeM2|q#SnE1e40wuG$&nC$yjzc@bJW`BR3duR8h~hRb!nkv zxA%7lrpzFZ)<1PfUU9U&);NjEie`2#Vlx(e-6M{*|35D>di;00dm8 ztNbPLWyX)F-FRnI)loES#s=0Yc@fEuarp}M+uw;AUY9wyeZbqd?*jb9kb4S>l$Pa1 zS=}E}X!^aTtEXumG}GmQtY?iKRa6b&0gy%q`8DGHHN5bm__J2H(QV_?6&A#t`%4fz_(I6*4)P#jv94c5Fc9UL5;XfLA{vev)Rnyhh zHVOeb!DE0AeASl}eONpx1ot+#lSsKl5=D%KY>tM!yIQxn@MgPn7l^e99^L-{c^V96 zFh>LF(t@QMBgHkJ5?<=s-Xxc8x;7JU86LH2PYYdNpwuFn*)!7}Y1qi+^}9(l+5XQe z6qN@#?^#PUOjTD3Pfuz>Pg@YjsWj3uAZF)jtI+xEOp$I<57L}gqi0;6Gu1RpVPhK` zi#vcf0DkH9u4_=dmgyE)qAdH4eSaF+A{32%4k?x`{{ZS`BbDjRb$6N+@!H2d)QRQ* z-asM0NrEFMJBMRYH_)?RQ+z!$Ce@fZ4)nl3qo#lMZ-z$GgML`^)WS;&MSup&JFM9S}H^NftJ`}sYon%*u zTNwxD^yY(8%6uhgw{hQU5<>P@&`8lTG5f?G-o0zJg(1APo^_cP;YUU^0Y06mBx<41 z5!0`FXNc}nJviJf0!dZI%$f<3>S9?*d1nk4(A+VV$sv^ToYtP5;v4Cndn=h`l~90L zj}7lY;#rqjv0M9XJzEmC00d)kJ%x3bvTE9HnRBPwD7lVVRzMwaV!*)ygQ71(jJ?pM zxQmm&9Kl_R09S6x)m?k*+TCQ{f>Eja*s)AA~t=vdLN)_Ah& z>R4pwx7N4hWw84+aYpSNxfuh6z|S;}m~2Q3BdF<$$xEHOFKx#T!zjR zboQXpM&&#GMrno0K+ch{;d@j3D`7lR8NA10TOE2*lF-&F$7?OU#mgvhy#eDrt0pZb z(@(gX;L2WEKfU}vO2E=Fxa~@KY|*bRq+RAbHfzlE&3;wX)(gdlYd^~4sXmk&#+mC8 z_=8zk8pbP$KEz3Fhu7Ajmh)LQCf-S9Htcd#9zPLR&CuF0=!#3E-9!Y^G>VKk$7;E6 zs;#;ul(Gp5wmI~uH>V3Tz`ts%TWu@AULVwS*u49T%l(r_kGdBhFt5)401ZOEE7qmc z?8!EWS*FJX5!8N$xNAuIJcj{1UMijz8_r5A=Inhx;ajBeKZ!gGbD&;b>0xzic=ty8 z3kGZu#CA3Nf1<(SDLx}u#i?ob_u4(q#Z}vrBe3XwkFTwGmD@km9EKFIn0R67=@=_7 zM67rp?L(kT;17sb-wS+0q)BTHoY3ki6R=@C68d)IZa+Hw&%e?q_&4$QTJXd-?EW0T z5$alU1i_DR`J?0073Ngj{jZ18tAdShGwPciQ7`Ucnb4-}92(l56f={aPo)q?zgCro zTv@@X>DStA!oaro5j1iJOz#-zYmD*7#4n20z6|hx!(CJ2XNb-u z2akHaVyzUaa;&6s2qQJ8tBs4)tqPmsOP7O51Gi)a_@_RU*AF!&?6U_L~+m2^C)i6&tlik3HB&qMfqu4y0ek$7hFT(E-w08J9CcgZT`Dv&{JcgGd-zr?Qz zY4#pE@l}?cA^yZ&PH(g9IUY%3Mn5x9(Z^E0wmy9LrQppwz}`EtO%iD?G<{0dZ{iHN zc!?NnpnB-nvR{P+G`g`Kp0Di$m6I4pGxe08qKHb znsJLyB>6C}$`1;Cy{e%T-knRt>i!|$>Q;UemeS7J>gQ3MtXA;Cg`}C!MNm1f(;wRx z;>L~eEB*;BbFQeWJHl%?{~edzvfBiHYI72-_`QL?iw6_cwlZXPupV0~-!o5g6pH}Ji- zt*6HlPVg<#$Jfgwaz9Gsl(p3TwP=$(0tCC$?lj*J!30l#rro978^;1fIT`$odmsE1 zcjDf;`&fR=o)qzhool5n*M)B_^*K3R(k*wQB-%nrXSX5`)WY5}R;Zb!xVPY(Z{O1|0o0MrJlPbG&ir}h!Eja08 zou1W}S1iM3JJ%(4WqBIhENY>@TIQ6kq12Z_Ev^ROgq_2K#dWYdN~)2ar-7QEc+=UM zm);V2^z$wCx-R(ISQ&?0XPo{9yo%XMU5M9~1gXKzClVzN=S(fal_wx~t=mWzK%lNU z{OQ3Q>N=azM;v63NMrg|yb@pqAm=sHPh+MqHf^TZpcOnGwUgquwUflUW%ijIkSEy{ zB~#Ix11CRR*GyTlpidFArP^<#~yM_Tz@UMrSYJf9MC8OCs@7uM&4 zd{D8n(0o&Ur)dxN+ilrhgOSZ)Ho0r0S*y>vZWjaw9V^kx{pcw(=yJ@;Rd8^q-@MV` z_uf0yd{5)O6T-S>tg_u*&K5p+Z}W=%I{16=stXM-PSiX>Vgxct<+SoHV?sKEk4pCG z!sZ#aVCcf#PZaQ-$HQ*}d}oSL$vE!~ip+T-8MxEaMc(&6IrP~) z8+`L>I){UNKW-(SNhGy~GLgnviQ2gAGm81Y;~&Eh32RUGjT=X`(_bahR406A`=yU+ z^DEL_4{spiJar1H7>RR3Z!_YZUei+WcZ%CV@kON8@HApuTe#Gi-F;byPSxnzP27)b z=iA&ta}IIA&3UqokKOX@WM-3#JN+L}A~q&93cT<;RVTi;ywqfq2h$#=rsvbqms6m( zk|sc2NWI2m;8Z? zV61r9$mquY%U=_;zXW_iyPody3$G69R=;Jq48Q7GPBZ>}EB0gI=ZLhOb~m%poh7x6 ziAG+9Po;V=mWR(uEoyw#{{RIn_;q=#{1*6csV&5CU)t*pdV!ZMv~U0(`TcA28^X4- zM*tTpt0+K72cuS1UD@nlUD7-2HS>ZXptuQV1J|aoCFd{{Z->@NZFu*HX~DN2Wq_*+_V<$NI=HP71gA6{jy#&CBYl z5%x^Q{g<>IQ%(4h(b{a03h!MaQ;CJt|v2BJsX){M^$d^PmOSARJef zUU!k{_$QTB%lLZ@Myj;jd7byXz3qI}?9Y^cZ5!trcYySGBZ01w)?`E&W{97dn)$!L zx^f$#Jn%@72E%dAJ!{a*)|Wq>evVxr&{+ZJrCw;@;;r5;pMl8gphrr_DiLWL0FFrO?{R7DQP+< zhI9`S>3Y_PZoENfFpgPS@WwX#t&ePh&2>gcgNkRo6 zs39}0wYxD4&zvv0uBfd=%#N}j1ZtXnl-9=XA!_F+RBuZEs8|9Wuu#RMg};o zQn8%oS)N}iQyeY#NgaP$$h@(N;^166y3TQ)csTZ~=ef&K+^-##j7%bqRe6~1Do!h^ z@4dXfhL@eVJ+Vk_9Hfi(yXhV@ z+PUW)s?=An_O*#41V%7&J5WijCZ`N4q=GTr^r~$dYfwMg!f#b)$USf~KpcjHf2hlG zHki`}A&X-eEBM!ObPdcgTD`Dt#i#?2zE#t$)+=$d0FFC*Rt}$ZJn-(!yz`OHXfc-O zV;ZxDxPe*X9et|&Qo$%WjF!mA%>x*X$O7pY`M;vtas{_QEPN2yP+{eOo#tvv0 z%j@~>E%rw%wYrR89+iut_>yfuQePwnU@!>)gY^c18(uEEU2?`}k}E@dxW4fksef$Z zyw6C|HMH~ZZQyvI00sc{pp?z!(^Bg4(BIm}K3p(-a)fiA(!H5sfi1(qHNDtK_igMr z=s}<-vE~}R-No9xDpYPfV13%k)26Z0CJS*WSyvmmpvfzkULyF162SI$b}4O!BhC^K z(tfm_4%MzNoIJ8f?VJKhIH1);^j&FgAk${Ljg^7wE5J29PD_i)7{(MK;DLY*1sxWN ztIMg|JU5NzZ7c^ps-O03Hgo;9LFPC)8Rv=s;l3f?>DtzZbEKuRyX3iIIpd%nmGSJh zVq{=MkV?ch3w_c%QkK9^rwe;&*X?b%c4g;nSBFivxV@F_NLg99!R3#=Uqt+nV&r^(b`B9%;;H$&3~ao_L^{E1o+mPvRsRtWZrYws#V%llawJi&>*p zN3*)Oz~8-)fY|q-jz%|4osatM{!4+we+_oJCWqn4nBD2xazijVEZ`iscIn=lCdMwi zs^4f=3wvV=JDHVmi_@M+te+8TR~{olBuwIR2J-z|-mVe@BSnH;Chk*vV{dX92vWeE zr`Dp9=S#o6Ww(gE#Aoj^5wQAJf;x+BR^mH&bnvD^Ny}q}`qX!y4DW9i9}wL{?_r$B zA{=c#{QA%bE}D+BYjHM{d2SAztXdg&4!mSztwQ%}Z6Rr5l2`%G&~QydfYLeLdsp!6 zcCt>UXl_@o?sH!w_=m*vYC6HWu}I8(g?#5HIQ*)4Ivd744`T4wh~QzTTV6x5aSjZK zIDd2R&2_rM#dD%g_)v?PH#p;tm7KO2CZiDQ$V}CcKcMPa*m{TKJ*ZK3?3!>Y&LpuM&qa_CpDX_ z<&*^lhfk#@>}yQmFW|YA8aPA8&u;ZgOwx?@vWwVpC~`B540foLjbiLvZwOfG5Y04E zn^_3j6b`k>>Ka06%Fx}Rd64bgM=M#E?FVTdL7b|Tj{swyTi&(xx$SJ?F9~OCckfwp z>So!<&Lp^rXB}IoJt~E!j6|+2lWeYXc8qR4&0J$(J1Yq%x3~KoyJK;|bICP~`hzXw zTexWy=cwo^#L+$Awp4+XXCQ-Ea$bu);wDLYj(UIk>SeJiHfElmde;%GuN$~uUihs@ zZv)3XQWSXDyDBE3b95k0ub`TJH) zZAv%MlIZ#k#;d+)M65S#Vd-Ao@ay4qz5UWns6%(Re%St!Qxr&&cU(fev0u81%W2d}++^;)-j9d0&9FXDU4 z>ld(Tte(o!MJbs9%Msr{=e2po$Bb=k%elB@g>o2g;T&}tNX>vwFmckos#LAHE^Pf?_(%T$ z1oQB(!msR~8-CHZ(A>_E6Ay>sn{k)A`H$!;^rylabo!o;29srDW8fbKC_7=chhj1X z<8}r~AXlMI9n76W0x$SOJT)A8U&EUywH;mMk-pOF<}7WVTfRBRCz|Th!5DGToK6i&%S*t)HIt2 z?Co^TGefe2&5b;tH#shI$3NDoK^#-LJl`7MG+bDSYzLwhLc6P zxtb)>?&SL&k#oN%Xm#|fNQmxBsn6lt8`;-OvW6Q$!UA$sW3Fq%_5T19PkHCq&ooVO zxT>PIOD=fgw1tj{yBwacpzD*^-+yVez8SViJmi*OVh*FYVliJK{8|05J{x=`(Y38N zKoIz&#vVwC=8OhNBNpVC-L{S2DCMhS(%Ld15LsN^MZsxQWGf!nrc#a1uRauh&-%xUtYOsrOA}~* z9FyfG)TG274&Ucre|$aoec;aq+reYtT_StES{T*=dw285;B;l|D=AB%vR2Ub*mRE$ z#S9w1jUvC+wK!yL(TR4ZdJkOnBNfbQUMuk~xR)Ltv$i@%gyEI8x}C3v9k4U)&1cJf z%^;2*J!w2MsZV90U2VIRh}u>kInNm<*NPnK8a}#j?{y~B;#`An=X7n)=iBwHDn%`g z<4)(tI;@v*m>M)YS#yAT`&E&o_>)S~Q^c)hJZq2(5Ze`c{&ns09$Q9rkHt?NY8s8S zcIyY({?eS|=GYE85$RjM5cS)$;yYbBdvcdELb4fFEue!-Vp_RROx3Tfp7E6>WJts0 zpT2zuJWHlttSdE)T7+7Im|z78U2ZOAgavy;cB zYu7vz;9VxpZ8z;Uisg=S7aOWT?EF{ZZwTlyHO8r;+hmi8+ow@b=yY^paU~*EHTuNt$DwKbbI?vX6}2r zn(`TPJhmSy`faL-H_+)kXRBJ>i>)i|DI$Os;s+&ahle!#TbLo!ZA_5ekT&6PN8wsV zJ+!H)! z>Cf`4p5VJ3t9&}}-^Kp`0c(18o8gOSd}XG_@+8r~SIlPlk2vS3uZMI$3~Otu-Pzs1 zw&@djVm#!>jt}yxhU4be$FDw;ZS=LahTKmhFbvQ9Be*s7KAGT6BgdZwwJ#1`YPTsg zHqRxHjj})sl8g1M=Ipc+k@)xG-wQ?Imu)p+k`S2$vB^BwkX)wuB@r=a$owkk)VfV| z9n%v}Nn@JeWQh|Elj~ohpR-?&;nn;*KZdnykZ)|5EvQuiST+k2^scUEOlhB8!oz%L zkoX^!YRH~=NSiC^jybGqYB6N{c-a~fM75`jeJKMnTp7+ zuDQhDsr9P+WZ~PGx_R5#wC+!t+@K44!)=>B_#`ArOIHZ`yw$iGQ zj6Z~z1dm*iU)eUjrKXvvJKKyxz&tDm5=MCkHJsDjzH{0>68M%Dwv$D_kZxg^$vt!0 zyyNzu_;r1*_$Ez%!-*jAc8x#VY??p4G&@L=BkH7NW8Bv?-lA;&75@O>r+)%8Z-jpv zSK`&eAx4jq~zkiBJW_D&gy91Lg>fk2cmr_r1UVV>{5m=Wanu^5XB1>K zVHsx_WD#$vC$Q&^;hg& z`%deBu~+RU@VDc)hp#qi%Xto&tU}ol+}TLrIdVIINd)vFztZ=>9x>3qC3sgu@u!6^ zto1Jr>-G_9HWR?Xqj1U?fJYeQ5$r`}Q8yd*Hn3}U2V`s<0zRyyM@hwo>HZJ^blI+W~VT}CnXlpl2^0}X-DbI;>i z^4tFaVOy*kT!wjVRY=Lnbo9+})HFG7ik}X=A@SScpNu{a_|Dirg#1lmCAyU$HMHbq zT?y#Q!B}v41CC99n_umn`#5;V_D%h!JZ1Qk;hQ_ zH$=NbZvl;yaL8aisruEWjk+}4&lj@Es7_n%`E*dnqSc2mxp!_Q2dUGb` zU%DHp^{wK`J6{fYfY0Va3`@pOIj)*(4I58$sWp|LivmU<4CGTPF2^_GuZ+f5(i_81 z8d^pQGKSre&-KUUURSC3jrILf8@u_Xp6HHM*q;8B!csP`ygzTQM`S_!8^+;-Cj|4* z`&Xbt=V^8pu}Toa4g($upo4(;gQl(gX>}dIgk%hib6#70WfX9t#_sM1(9$N_+_RxX zJkbj(t2<J3psL9P1>8Cwg6*m|`9 zcUljC;gbDzDPr3asL2PD&;I~ky`tm9dQO+&>%9vyt4dU;BcU1p02*l&qjTo%ZvJQ| znmaXE)rlhmtyl2umX9m_xXlAQZQY7PaXaf>64EGUH#c%j3ZE~_1C!e|S5>r%+rz(Q zxKTW%!3t-E^*d&rtoBCW!a)`H_Jm3&(S z_8KkJu)vedk#0@BTQ%T%d_QTw*>;TqECD#6(H_BN;n<^s8KTz?tWYBq0YACMZ^q$hqxRPjlx5y@kj(C+T7?`{@JNk=&wy9(~Fb(vDY z#*6a-!Re2BMzBYp>sr2}b)`cTlNS+WWRG7;=X9tYpprt)7;}!|OJTG9E*0Tm__OQr2?KO$1^h}-=(Hg;L zft&3NKwLLYIpUpn;mbQ4RF*jm#gq~lbUxIXT*$)Iu30Pu43_Mx%KV@l{cDi7(yjFw zKva!o&g#lfp{+S}JlEs*!>hj%d^ptaZB}cYPfC$4qJcqds6R0u;qPA+co)L9b53;& zTWFzzN69g-%v(P;N3C$zm6oUMz6oW2T;duqQM!%f{H&dy{sm*9_=Tg|>2o%jc;YDK z3q72Tl>m$obL+^j)t}j$_Mmxw9(Z8*-$iJ=Z>P?d+FZj1E59s;LjM4Q{{Wu;HCm|u z06}SGP5ZKaPgMA&p!`hzwZ1IrzBciS_?`t*_L}%X z;=hI;9iKz-9n?DW=}Za2B?ewqI z&j(nDJS*Xpi4hU3(oo7dB;@D%Q;G7JtX{S{jT2JTW$|&*UN7`}0B8RIjk+C{DVp!oj)#$FWgZ~P)Uo&J;O={H(@p{$C?QBLp17z-)SZB1ijU5*8blNy9nyo;=1YlMRjN5BBn`T z5i-aQK3%!#pTf7Kc~vS{`%A{Y4Hw#OhvNHBAy#{6T1|)V5~C;dsy+(vDr;UPx3ZE0 zHh$QX&$1!^oREH@Ylq@0bh7G_J#NxW#Wsep?g%jvq8EwJo!9mE9}V7oH1JQuFN!)om#tsjY90`h2rk-fHtz)@ zVoNIEkC+T~_ODL(nFqkhQpV@t@5C>N5;Mw0?wzS_l@)RPC5A^ng#Hyy7d^Scv}GMM z>TsHW!%bp)ooV!s6zJ31K@!|3l}v9S>O$m!k@WTJ#dvp*Y;G)Pw`-^mpLr3M-cqD3 zzy}1QbZmQ6N|Dp;HPrck#+G-H>h_wBq|G!<50@J;&J-WIKQGd^GzimVVGhxp;<&0t z$Ekv8w0F>HabCjl%??z9_}7v6tHZHrS5WGZz_P;>f<+#LR~1O~KTgT94QzBCJk;mb zG#AtE?bTA|CK+YO+(k?K4tyi=U&MbIYCaOOf;&r(I9r)+TWo(Q$#0+-tBoy@^f=6V zqlKwnTSYhbAEzEa@!#y@`yF^=#hR9>CX3_mj}}fWtn~beJgEp9S$gdp#vc*BAzJvV{^lKPP`H>Djz=OpP0h+gIu4{$t)_>`@D3XjjH^7;7ObVD6X_oR z06+6RZ{kmY{5@^o(P%7w8>Bs37AZeQWv2iXjHLFXaRz z?iqt|wzR}kad$sI`Z4&8J|p4ZZCP5SDasGd){=j8lKCF6?GnbJG1DVy;}y-$*_@!q zJuA<=%XzIqA~5nmXW%_Od}F2&$VU=t$~ov9*;W zhA|{k&_t+4Z0uobZttb=KdSm5`qqO6USPM!%7tz(SB1F89l?^t@} zwCo|C-Bco+Hsj7KT6>6gkL5_-OH2thZtH!qA2w5)M1n&S52>vtl2$AgisbR{TJv2T)gVs0%*_RsyRJ~4jP-WKq5pA_H2HX5FW?jfH@wP;n9zzkb+9$OrN#c@@r(s5l+%6Nx> z@EEM;51&+z`%WE6MfpiJXWrL#?RI`k>UQ@UcCjVGT&n!yL_2`w9@Y9I@So!h7kVYV zpZ0tbYJNz!^9jkuF`rEP*M(aL?JdlYKZtV0ikg(V8a^Nht~L2G4mbv?v_H4%(}O?sGG9I>(<3NfQ)eG&98?AP$UbT1U?zZHCE zqD!f18dEga4YLL%BZ4w}dUvn0^ly${6Y=$>-LHVPT}J1^zH<<=fD|@xP6r;_(KTsz<$ih4!nhI&ZNTc-2qM*b*t# zTAuDngN7;+i`^aOhpg!K&?@VbHMW{a^JYcKKu$A?{ZjaS{{RG`@W;ffKM(lN!JoBP zhWthF&g$J})GcI&Ic`H0B*qAADCKxKVa;+%DW95nrJ2^qXh#tmPH~gAogbgC`JW*E z*q;o32mB`RXTuX9MVK@M6yK)@a_w>5|?+t+h`J z#d(;hB+s_+KZq;lm|B%<>C4M+nr*L^hhe1ngIv?3xJcb@U?UiD$Kq?JpT$;INpAX# z0?GFb%DoPISD$104-ck?S!1ke`h%?27YI?h25b@a&0mX9yMVse4y5wAp!B0Fo`Ixl z5nS5G60)_=*8@LOUV5t5y0y`CA$OdQN)2y)4T)rrBz78u+(A6n&ST%%*gE^XoP_PydOeLTIt+U4DFh{t0erg7S|?Bep`%8q*UpvFkh zw!||d^VjmKo+7naCywb8_gKkc>rpL-O%`-*Ofm++3VR;a*V-}`8Tpc?523S;hJL-G z{{U*(-P^{}MVJR$J|;U1IVv^Lta?2h0%u?F43@IM3mtK#h^PZse-Z0)?D0Gwkcv~tws_73K` zMuJs!QUN`ED(&WzrFhFo)I1-oBnzis4=v=8H+e1D$G=LddNUgIp2y3+3I5#p2jjg@ z!k#U)v0XX-OGb3v9Ppk4hV{ljD*IPKvlGE>s_3&vscCMaM=`ccdFzqXeR@};PAAG$ zpDdhN>>3uKrYSP4h8w8HMh9Q5dasOpG5-Jy7vZJ0zoKut*R-HzxQ`sm5Is2jf5@*& zif1KS*H9SBDbCT6#{h9yRK+-_71u-ObDjjl=Cq+4YV@HL;>WxTOzW7G>5l6>UK$EzIiU6zqzg2W>;eWd~2#|FG!d$aE;;Q2H@ z4E?Zg+CPha9f!i=TRju?B_v4Vr;O#c8qJbrKe zXv9Umlt1*`LMwY)okvmCEVn^u?Vl~bg!_J!-AUd)asy*zkl0&#Ms9bIO*QVNAK;OQ2(TAtCX%}P0s?R?0P1@=66t@xW zVsHrQ?MtJ_E$ym_*UNA-$9mN}ob2Z{5qF?XJMW(62^%3~IScG7A_?YZ5`fXLIb52f z2F{DaR|&3aV#`~%hUGWzQsXANUlq%J;oU~U32mAiS4^iJeFx>53?(a@8gw!>qTR+B z!8@^zlwa7~+(s@P9x~rB$j3B{WiG`vS8a(o3Y`hXavGMUac_S1cJ|BmbqDu^@=vBK zrVPyA(De@!YOcwsh@sMLlWa_*ByvwbjbugQOWi{5{wu7b!v0)KgP8#DTR9>oJ4aW& z)s+b#HbZXU52>q~y`|bkb2X}Y>k{R*ob4ILO=R87k1DZi+udEvG0gIA1E)+^w&?NS z+W9_qBf|rdy(t0cR~kLGp=zQDqFG4GC?9y&jCju0+f8F0pL)UZnG|>FLPtG=VUXV;&r0U*JUVTBxdg%>dAm+`O+O6C$H2>6)o~CaG-D{e{rMyAlJO zfkA^-I;|e^+Bi<% z395OPvmOagY6lrugHY47DR$d=a86eQ5;+yWq(^6Gv_%|H#-Q>BC@Y-U@pQAr;mKOu zADMTOhb33&E5m#`E;R_tM;X7iVov;ZAkZteciMiJ9gGhu#j-<_w-rt~VS9-pxInOv zPI4$UIR5|==+=_i+?!})A1V3B!9QC0J6qFICNau^B?N=Ce=5#VU~}V6(h(XtZ)S#Z zmS2}6@#l)61&okg?^%_|Amkpkm>u=4@gP+cU zp5>=_Q$m`+9XXjp#mH;{kU6R6)3i-jMV`|0Pl+BVimR#n$DC$@Wi1buFKv?A<)MTs zM66VU{5Y-MD_4@z)nO4AVn_!R8A<9xeqz=1_JFI|-EJiZQpUJx?#7CWvNT5IjN!WR z{zV1A%Chkr>UZdotI7)zAUqN8TlX?p+7WVq20S{RF^b(Q3Q_D{wvskOG7M*&de>71 zq~gp+B=QS!!l`a4nKW~nirU=48zeEALlKa9{Huo4FA_P%lRP&bbNs?kK3sZzXf%fB zHLU1bMdiEN$t1AIK`iH;$I}(_hl}kX@SV-0>H2-O-gBIcFXdSC9WZG14}%vvPsAJh z-8T12lFIVRF(iN}2{7yd{5dtd@mpLvR-1L8*~taHjPJ?>3{F3UHAtlHe4iGI`pQdb zW|K&ZkOGYU70+soE{$-SMa(U3>T*MjV-=K_QlM|x#d;Ydm0cjnVUfcF-k`pg{>xB? zX#QxGzG2_$KU#vM?0O}ai7aP<04gU{%K|Z4D{BqN7?W^pwo7m_ed+SE0}oTPvbH5e zk%<`nwGlY*&tIliuqRJ4nq7Hh4Va+JOzVwz<=q9q3hw;N!J#qFZ0I=JL^`P?$m+7(Vm? zpL1~(QHyBd0Z`!j8p(!Bp)Z-{vtVIYu;zd@B-NfMOGpt}d*iKT#jEMpj6Qh{$j)#v zObS8e400T(j*x8@){&f*HyK91=>|AMGD{ znJoaLcN;5642%?>NHw9QMHiOYkSgOm{{RuJMA2VTzlPC<<#x#f7|EjBSMoz5xK1|! z4_ad}=hUrOJE{HQZb3aO8_JU6WuMKFM@_wl;at_7w>P65ZhaB(o5T0l_sgeCaUGSD zNxaVe7-QStHTEPP8K1(kEH?9`yVpNxR|GI4{{XIQ=P`1-XR}83AfDR(0M`>sB=RsM zJ08Nk+r(Zqk4JZNJRWjzK4J5>U^`bG8ZF4)+F0>VAAC*MbsK0b-fuZkcLoPLNgY3x zeD<S0)_$R~K#f4&-`^s_j?cTC)HN9_Gi%RgOnznipHWT|q9jv^M zzu1p@1XBS#FfE%_)h)GsWg9401>A$z9WhxK_sQZYuV%fwT`CZTL2fhj$3C46TUBeH~3$rCbQzLMmYRdh*_;8kOxd21D?a%uQkz1 zAbv@Fd;PRNDEwNuZ6`zV9oCQG)tI>%EY5?nk4}~GCDrBC#Eo@*Jh#_xA$E4)lk~3W z#=?=0a?(h_8wk0`ALCUR>?NF$+nS>RimvY;&*i8i2eVY|=BwkMs2yuLoaBo8V>`e` z^~Y+FW^jdre(xLu-li(-o^&=O-5SVAE!P#P6|1OMW%)_1IZ)KDYr$w8*Kiv^$j^G| zw7nKtr!qCUV50#*=sjx_YH?3<-98z74)I6CUl7BkX|@J9TddNd2)XOeek=4t;jiq+ zp!i2v(eyhz7`$KNX&n_-IPnx``=k-iHH_+5-NhxL?fy9MuDRjXT{l^>n@2<~C)t`k zxIgTVO1a@{EnecxCYfP%4VF|~T`YL=LGPc^x%ru$j@QKUcss&+WcD+)&cAyqhWkvC z0kQoyk4o~*I@s!3UH+ijoHlmAZ;48rzqh46X16LX#|h#{EN#}>>1>K#?;kloeZ9ZJ zs_Bp|<-=a;hT->T{gp01~_zuinMssPtyKHaGH^ z?Hw2I$&M3_z3K}+7vX%~DfnNnTX-wRJ{}~&B2LoG0C-u4MIYz2VSdqGIM*((g}nY7 zjM<~E@3WE#UNMo})38|f580OMOwn|GXT{g1>p;+KZOq15Ml;9VQT5GsnxE~Vqm5Th z)BG`I6t}lBtZlkX2OF`w+asE7>!A{)+>c=Kzr=YpdkYI`W^|Hxfdvk54?l%`^WwPe zbzLdY#`8+#sTk)2){)KZ&j}h0j+rOg??ifSqOe&TA9a0e=&ykO8qxe+scLt2dX$$^ zSi&drkY_ybeX8RlNX4G1<6T=()LP;gF2I7UV-wC9mjejE7K{{Twy5=DQg{jTI6 z-9YF*Px1U|xapy)fn7EbQiqi%ztX&`O@~>~uP=3N zI`A?C^COM06u9n9IIT){KEPS-{B!W*!k!_}jrKA!6=iS6t}(HM+Og*LH=ZPa7GG)>_pwP~J4GLsSDv_HPp>uhHk099OZ#g> zZ9eMVoXr!0P6IC)8LKeoI)98`7<7Ga;x3z^O{X=!p&Tm&(TP4*DhDI-?OhIoscA74 zf9wlL2JAU_@<<-$k7uRF86QpfN8=8Q;E#vCDb#fRD@?uAfEbCB45^M!9G|6rc<3_Q z>%KW>)8LvrTid6Z_ZC9R%1w?7DHsO>JpO-; zT+zNP{{X@%b)iLRJQ7&We6m2m0QABADiY{VDe=ecHSpKO9uU`CSDEHr9_mlDCgYQ| z^YXCk^skj=iSBmGAlc{#1d6J09Al`>lBtN>x}aAC<#W7u2E9Mw--@R2zlfs0j`{5E znFMmE7z5@VYpOdMAE_P|)kdY{-KEN1#L=e4<ex{{XFBjoM0CT(YVYo(D>qL|3ts zb)wko7Mg~csIQ-EaT`X!^d|>yeY1-E!||tub$V38~Wt?(pA{{Y~g-?ZJA?S=axd^qv<_JZ8_ze%ibMCAOg&40%%_D#Hhn$Q6|>8%I4zo_!fvLr9DgB6gj_ zuldDQmphqL=fiPcfz0D_^@Yck9H^l0smk~CSSK$=F1l`V~_#ntd<1h4Z+~ITCP*7oQK>D&zKNhx~8)#QJ zw$yxt!4hO)&*pmi`&YvM0JN9F&kp=l_-n5CV$R;%`*Op~p595yAZgPd7qqci763 z0?*K3b*CNABYyBA{W{P%yOraTXs!w}VFw}oeW|TGdCj#j!GO*>nhj~268zAr#?hI5 z&r@HcpYTfW+9Oc?oxf?_2SK#EO+Uh3BAhkT34|+UfByh1>7gb*l*zsa6t60qKp?&Lmbi|`$9h12ddW%NLcBM zF5Fw#$!{Kvv$PVq^Q|NYlyS}hujkwT3%&al&+(_>mxliUY8?jB&2{|(-00pWifH)z zF>l@6D*!f?bI)u@Ju8i(`H}oj$~9dv?)0nsIac-wOfnv-op5q`@sG~BpNGCI)OveT><%F2p zPX&*tHI$++X{p5c?%MammWXfCSS|_|AodvIli^p7HSdS|>^kfoAevaDlr79*GO|K= z+CcQD1Z6Yyi$U=nsk^oo7h-!WfEjRp?s@0ly&4G~YxIg2EJFat)K^R%ha970t!sZW zWraz|IBqMvw$PeQI6{`lqoI6q39BUIub{lrQs&kv%QzcDf!4U0d{uDrycdlqRrwot z0M_V74>q3!m$Ka0s-!u~fz*oJdo=RmyRn5gDCDu^&<9VY$#HOFKv1wdxixph_g4=Z zTeEfN?{KsM<{I_%)7wXDxtsoP-}K#~hjqjC-DQrRpDUxRO~W zQl#W=?Ni;!aSh8QlSccG%ag-UXrp2ytKP|HG6dWKyt5f?P_#9y`@U>4}?n;QdO}TkHBmxVeNdFmA$= zj;6h9z}_Ie)HLgL@k}sU-mGn(n+fuRfzQ&l=0`+ha}!+gTFH8iV+3m&aBw=;pLmi> z?Q6`{1FO3HqBYaBSxPo0 z#TW4Dwb2?Vgpxise8VNG?}Ypkzel-k|}6(!5KP#h%fHY3%@L=BryZ;Ry1kif49B%ogAAyz=|2LyK~mF zp2qQsyYUmmdX=AsW`@yTO-4po<{OAsh~p#q{zAM%!JZMi)U|f9@a~+2%E>cEfDB+3 zVh3~7*NcvpmPhu-(KCa+q;WaCt-rHf*3y^Xc$R!s;cYj>*22qLw_D^xg$!^|k3u?k ztbH5AlXzPDPq9U5w2Nj93}>n^;~@SO;Lb<(ymGE-Cb}PdctiI7gHG_J=fhnq;fv|_ z7j|YVjZS9!%s+@@ocA7;^Zx*dojhRomwK5OHxqN0`LmiMvFzo!N3)ZkR&W~c!}jp3 zdMMU3^8#PQWU_wJsLw(;?0ELCKDf|Y*6r`3xtV5PxCccPN+-INqFu4queAM60XZ{y zZmp0z1E1+%6?|2@*5~-as_UO-6I*Ipq)7v32j&>Zu;83jL27(g72`dX1uryu<@NQ~ zhVEz4$&B8@n@YD%oh$XT;Dyv4A^3gaZC*Q!$>gkZKu<89c&+Kc`5Kt+WSTy;(EK%_ zX_`;=wZ!Qy^q}pGV{(CB39tC-KOWDj{5H_8E^Y34d6W{T13ZtXHQODE!&Gv5o*8N5 z3y+6>C6B}2J6C~jSgn=IsoLq&B%bx|I_JaNT~^XN?J=#E<>L|~kGm#DL90j5QkPzb z)t>{uZC@9BC-6KU2Yx3@d#e03X;LQCASdmb0N;@;dCv4w0o(1xepG+KYknSlFtPZ} z`!W92Uj=?3=|2!GJWFkHp=-A`D;f!=g*?dGML-CX=5-*CmuMVjrgr6M{392^^2#{d z37X*-?r}4G-cxaRzm&cu=9<|f<dSD8T16(%s!kzF(Bv7Q8C**F*b< z4T?@FomH)-uDV1Tp|*dsI5>Q8an`v%5!z3wSgq~7vOT(zk`_4I)Z`DsxZdRAYb!J7 z`%7z)t~HcljI93vD92G+KN7XGr>2GBLvA3ufEgt#&zMg+KZem+TeZ2J zV*6_VW?bNw?nQck!JiIzYs4B4#VIxIejOiF()7=@>8T(aE+tTMtWT*5Fgf|N+XvHw zKR?VQ?Cf~l_fM)t4yCjs%8JE7$V`rvzoFYS*Dx%MBRq3mDpo#g69je_QC}^tq?Yqc z>LX+F5*TsV^{=nLXn%rhtbf5iJ_h*rNwkJtd%_C_r*SHcrduglqnI%ralSL(q59I1 z`ClGqHE=aBQl$Pm@PqSGQcnK>pQ=aW@5NmawO@tMYu1WeP}21=D_g1gnim+)xZwVE z$@ntvDdSb$5N(;{^)<&*C+IjDwvp_bcIAx*0m$dtuYbZDE~x{@ab|8Une&pl6^)O* z%Q2~F%-@K<8b#1;kz$NoM#!K6ji7a}E7iU;Tzng~-|+8SOFtI*1hd9=n|EP@&(NCA zRV;n>T~0OO$n{M4Q^vR6D!;Y6@m2P*d#+yUH)i8dzMft3F+7u#^%czMH;69noFdJ! z)MV= ziR6+MGr`pvdBCcSQP!2TW`}`qw5>;8@Wro*^)}P=DQ{th;_q(nvZFTA#Ci+2=UX6Yvoud;pi{p zsmA@SZ_PG-UjG2WXZ{shd@lXDybJMP!afRZ2f|(?vWrO6FCvkAi|fS8EVu_Dg5f#q zx8En`eQx>-$ZfAKZza>svx%(kVr{ZnI6IZ&ZlHtCX-ZZ*yb;IG7sFV2S9g+9i}^}P zeilCK*MDi>+8^VG?Dcu@@8TcESMjfb@8XWhfQ?1^^Xec){@)a+eoavvWJ!ZD;m`s)cao!I5RECRctm{4oFm+n@el7mW!gYO3Oi- zCckk#tQcb3Kp8dB!7Ixm$&Z*GIIaqe{eFYGCe`I{u$Y(>mGgo}73CL@pCl}WUB?Ew zr7Ingk}7G-<;qy{0KxXIsv$qw<7V4}#~AJ^BQEBM@AO+)*2HQN!p1y+eUH5!D6^MQ z(=H^miZ#1YxE38NLu(#wrFnrJN!;1v9qUd&$_C(7iNywdwr5x2sjXqWj9$WSZI|yR zakzbJqc?E0>@C!yp!(yqsQ{xD9ZcRwDtp# zisi+?jfl#eH>j?fJEdjL(inb1w~Vc$B5~?oOO2>WIjitq0;?WKY}S`N+(ZtR-%@B0 z`4hBk$WeejbJnQ%lTeD!!uQsb3ulJqqlA}G#aOTd>B$v?ihG|oj#f>c^Zx(@`2Czd z1bk}vhw%?e{irkz6aEmbD%;J1Y3@uLox<#8A%Vafv(H>tnqB-O@L$8P9{A@<_;qnL z{{Vn(wTb@#v927JFKi#>89b0M27A-?QAsoLTA9`{=XG$ce&JJ#PTy|s`t`cDoh{~5 z_}6!)UU)-Lvb~xsX^d$sE0MLBbI7liegpXXO4mGRs%bte(EiD36`3%~5I9%K1)J%N z@l_imqY+kaoUD5De^{DLbPi@g#np;;@szER> z0Ou9wb2XvwQ;mWR8UYc4HDq7sRh|~Km6FPNkN1R*P7k(djQgEXk$MeJQ?^4M@Xk7N zahlQ5)5qGK==%qTt~Co{Gv`J(ufBWMmoM6zu!5A)=JCl*L43I0l*8Fwht3L%yw)ZnWu|MvbBDlhw9FNG>sLON0^heX> zl<-7&Q%1%Wq^dh3U^Vf^6ojhqg(HCfB zz~FF5KmB_3Ef!dw#d4{?7|-EBi$xzTVUj>(`8Q{t)va=L>#Z*C1|`nit`B;~PUDPw z9%l`~vtkHrsmB%HX?n8H5&{RA)9FuJ8vJkhhWg;vib`d0Co$6SNr&5oDj4+)z+UIBA*vc@g0 z4-!L;!1cv>kAl2w;x7SSSy{ck+_o${g3%IG0o}cbuR@Jecn0nj?ZW2-X&oArbE63;|xf8J{tTscWWw zwf@LIv(JWpCHzR#d|MBQt^6(U`s&l|I+W`#{Cc=Q>X$q#5KkwtC#`wM?ce)Z{3h@h zjPCvt{>+*_kAHP-5wz5`=qC-%IT;^$y5#%T^OB0x{MI>!BOAmK%jvJ(Q;#&?pGD`> zPtT|18e2tss9owetX}f!LoAX=*(9G+T=u=CM9+kfbH~bS!>=Ru$kRzB*yo0Z>ApbC z(;SYqO>JVfGknaYxUOjKbJg7V2lk4w(>!VMk5`Y*k4V*7uTrP|w zn@iL!p$N!!tB#=JzKaJNME?Lb{C|@F09tWB_UHbah&w|9EDE7qec(EpxubcHs@bjP zopAOn_;Lq9Ueq=}4y_~TnRFd1Rg%cV8%Jn`Rv5|Yk6QcF;4QwZpm=vt(v7?yVV-4m zJ9)qv=kqnu86FlT?t7)oj>rUPJkFgln$*$m?cOP^XHgW3&f;p15~?^a6j-LEJVM;z zl#ZRncK#pIw8(6dE2NxWf$~1@lzl~Q4UTD?w~K7S^DQQHbyJmL+PvC0nRjIv6D z=9}ng_;C3;n3p6l&u*3KdX>~V;DhY|N>FXw$2g$Ks}8Xzhi(&27J~lSoDIO_C;tFi zyTsO3<`=h~AVC;jIK>8Yk5hoYjyJe#a_t&qFeAPyD~%o-fMt!Nc>&>i6I-J(_ZB+M zmXkD=P`=EK>+A1|^XXS}`Rp1QbDo$q%vxrKov7Mdf?7qH!NKRHZABfe>~o|yB@$I3 zioH^e$dc$_=-va=w2OzcknDA>Q@ z{{RJ9lwWeq`tGgmKR71aCY!b zd)=kAjCy6d-)ZshOph?<<{tH%L>v~s4xKlj9lTrk#t-zbDxd8(jMk4KMb1XrMshj` zBlBR4vwryh0C@3H%DWSG$CXE*&*wpzpXJ9n-{l?n^r`I`46hSMxpB|?CV&?2P1xZ5 zpfS(g_N!J`bHZ8_19${b0>^VCjU-Zr4bDyv%4<%>(p#`&NyA`gB=w*ORv~TY8=?eY z<8bX;9v0U$`|H`Xw|^;i?nwyYy}!?`0BHD+PF*tM-gc5F65tJ_6ZqDB!$S-UhGu5x zr3AQ;S(yB$1+v-AP@l~6u?s4>IOc;nElq0$3m{fy5)+OqTT}3DwZutzB!U*sbLuD@ zW8C4cv@2U#gs|Ub!N$Yhx-Akb3&>e4B}Q`~ycBeI?wNZ^HMF~*={2l$0yhqILv z`z||RisvOz43KbhKqgp7?cG3;BHYCDjAFSBL&Au+4RvoYa1Sb{iVaS8TeJH@ve4|+q;_O?Az?@P|nYTj5ixc zr9|R1KUALPdshC>43{GyWw>Kp#jVz}Zn2q&OSCy5dR9foH$88{pA~O}QR%nVhk>`u zR>(hx=UZCej&7}O=ATWCCPi$Oa#UbYOrc}W{6(tI;wu>SEiTks%#G$v<$T^^`TdV$>kGi4h!* zN6h0Ls^U1NbKeiN!DW6{_QoIH$WRhFC)T}-Tkw93cjQCm!em$T0XfIxT9%O&kHbw% z#C{-_3m|N?#fSqeBY236BnzM1c zCxn9XawH$b4Om-CP4UAjiRT>&=zg@NuqfE^%}PR=z0UKGZgKcm3F4?=zc97bV3CY) z0L5TjQBO#`J{ye5q0Y9=gS|rX-;H)QI`y`rq+CU)Sy0K75q*&fvEro#dLWMwc$!f%gC69q@Z6+F(@Q_A`OoTo- z`d6Fy+f#T&xY6C7+~AOh0M_fsMO_Bw{`{q*mS9+rTcGu?XoJI$ECr*OtNDBrQ7|#| z+dHe<*S5cQb%^|~4mU5juG>=5tRGH66S7=(+m4mZDfTjyPdtaifXjB0NW|>kr>Q5> zxqGcR!8nFjF5{fz?)z4J#ldK7X-+io$t;rXW4T*BDyFS?75?80*ti&7_|MXVNbY69 zs@}@L~o6=u@eC6Pl( z9AKPekGVlbT|?|@#szUR9^c*`wN4E#)n*RBMJ_lybCWhNxL6PpX`s5 zf;M*^w41ONBZ)#ZMnynJeh8*Ukd{aDH^`X{k=n9u;8vaD8-8K1pUl?FSnsus;!qe2 z1CI3|b2rh8ZYCy4dHIOqvFt6H^6gPeGqY?{j+HJ*r54LerCY%~=__V%{G4-LK8NAM zs@*IRTbupa!bW*-YT(4w(#K^O^ghq(3DC zI)&4<#lovI5TVXD4^dt8aP~H-qCKbJKkUKrul9x3{{XW*8KFp;TFi+x-O8UOK|eO> zJ79WO?B~Lt*z4er?8&BF%i?`HFN=Q@9zdRKZN57;CjvD01o!#cv` zyi({|FNnS(_`h55-IfRKrs`V1iM(^9Y2F(6RKnj$fwu{+A_`+% zVDpZr@~)WEFl>K@yer`k1nU}Zm*QK`_(?o*b(q#eBQS}{>5gzX?ZtgPt9V}5O0-1R zEUhgr7h#Mm0~>lA`t+@NPFXu1Bk?oD`re+FdN+pcQfaOuX7ii)zWYvK&#&h=p>NEIOHm&3D3qht| zYd$L0hM8#)$|8_AW6*c$LJmXo3-*Zpyv(b0;m?OK*iJmL9G6kAlm=4R{j&SoAz7{ zgK=tcm5d9vR)q=Nti%Jrt^Gernqbby$xgdl)~lRp*z~UrcuMD6y0o{_VHfwV{#Zmp z!*`}fO8dXSKeBDybF{uTm-{Dux01cz_j34Z_FKJfX+cYdeqnE8*b3z5SFyT*>OT;?12j5+ zhdgcKpNaPRz5UI)6|q;|?%fXZdU}2axT}v5c#7*pxlIz%d#yGE^5j+d7lXj#uQ}$o zjhRxhi>P>8N4d};)^Bdv^@7`y*&M$;@;g^CqQh%#dV|Eb-(~RnKK4MofCoYi5_U7O zq2hgBJ$BaW$HEp?mwJ0Yn+cQ#BLkpuT+}uR;fqLR)paDkymd2qNT2GxR1WyAS<9i* z8f~6!<2@bqt!XT6RvDqY$%Gg6=s%r#ji-lSM2bsmIR60E1CgE&t$XfWkDH|jYcm5} z@l4(y`#Tj(wgad+J$ls-7kKki7CIKGqT4n7>=F`G$&C7A&~&I?XJle}5zvRkuLVJQ zt2}x~h`|daFfiVGmTLOX_J6h-CX=IRHwkB`-^0vLcA{S-NkUxdUz--sa68_BXr1;K#BSXHH`t~{5E!|O05~tb?%dzP;ehKj< zi%n^IX1TdQK*%`&anhjhRkP??sE5Q!J^ie15;Riau0PrCE1CE?@m_C)w_5GFp7&2(g?!hHkuW2nJ;3ytaqB1 ziRZNVi3OdUH+LFBf~Mnc?YQ86gZWnh@qbTW8f!WS*yfRLB4YA1oqY%x_B7l`jYEOd zejY*Kt#-u8d2gs$-@%cE$yFUj)6n&=Kh_3;Y2tf9eLbMjl64YUxW}3aAKCnkqjDRBhMYId$Sy8An}g;*TsJyJOkkyJ$7#w+QWaQX}3``#Hury zI|2qf{+*~G@m~p9+gd^{ZlK)b=NpB4x5CdFSi$0Ci(gmNtOB#7MD51}01vUn2#!^; zPsCmtMb_i-mDQwgJTsY5_GIn%^{&re@r9MffN!*^JjR&rWg{Oy*BvRgOk&S1y!eBv z>F;l+N}uT0WJIkPCm{9D#Fv(_>$fSY zX@OUBFU-mYI2rV>n>F6 zPA+u|2N3x(XE_~C?wHyD#eQe&T4UKtME26bASHIOA1VAQp!I0ZGBD$XA$^S9v&hCN zXSAB;31qaJ?C!W=M^^T(n8@89dH&BnGoJUukZBh;06mEjg>#cAAZG{LkJi4ux1BE) z0cA+nxUC4A8vEm%Gcj(R1$@i-$S3;A>)M2=aRDS9M44=xN>8CU8PmA`}o+|L}hw%=|^%@KN zV7KnD;2CfM+Iw?fe}BOczig%boc{o6y+`3kk1qp!G4Y8@2&8A*6gPljclP;%75r(z ztJ$3~mCx+2R?#tcr(*Tz&LBf)C^T>)yT)_^#S`@AMnSVCjIF{wn5cp?4~L zZuoI+Me`MKy8vIAQ_|>Fox^zAP@ny-i zzm6OtSn6@)IAPm<39fkQAvAs}-Ps!^k`WHoOddY#anx5kJo0V=IR2H}Oy-mZ+3GKC zbu>()W3CBd-l*Nk7@e!lX%u4Bh~Pz7l{fF_<{p(|McRO5WcST(kc5R7%vZ@)9V+k+ zSy(A`J;!QEn?Yz^TzRRvck_>7Uf=KsY-_#fjJfwg4SJR{;=HY>O#QG*=22IX$JZ2q|& ztFOGa^Wb1hJn+^#9 z8d#-+}92(VxQq z032UdIOuIEH$bJ(qHx1fP#oYnb z_-9p~c}QP5E;=gqCcc#Le~%-STIl-I$h&ib26p}?n~03Rik24l`fN8*+}%$O&gI*R>0VxxS8DcG?() z+A>I|VvZK-X19%=SY6^#yQe0#d?H8MWV*X&dnW_SMi|&>3g@XWglshnYl)<|Rg^AN z9(Q{R^Vu}Svz_9{%1=rLYiRnUR&y*22GIHBb6uC&wCz%5l{}*(47OVsAB_XC=9;y# zNp*0A!=N}^_Z5w&K&Mbax%Q#K#}o}j*VQ!Fnr2i+WaO{CSn%{@NFcwA#uq!i{*)V7 zo?S~%n^uz2-JdDdNX9FxdsnuC8<@z5oE(GJfH^zM8%d_Pk(FP2WyU+y`cZ<)GSMO1 zl0e4v2Ol?3E>p-Z8e$o!WtHsDdz;c?!wudc6ji^cnLhqPrF@4=`M=-M;s zE2l+uZdx!#Ub?w--7m$S7}Q|0y7MK8a)uYnBM!!?MADh(8b^k&qqVnE9l}|d z_k5!ZyN)yXnz-(DMphv@PN8dO8&1U}b;vz%DhTdlvxr42WwVZZ*2d%)R-;*Q0JkzK z4aeo}T}`ZTT3ATx5+_lB3F}cbVA-4D&luinI;NqdTdF<01qm#@&!PM)+#*X!Ue$}H z* zTqw&cHa8DivumZT)s&X4CLEj$cA(P5NW3xjDA_Vt?#@`}HA4Ev>drX>!d6j?4^itu ztRvK|V=BVK&P~dAKGd*i(cE3k=&d4?p1r6#p|MWuNW8PWSz<0CcHs|BJuBV(HKZ$9 zLoCRz5Cc3{Jy{#T@*j%N6{L$}VGG@)u0blisP#3&_#aok@Vvucu#MoA9pgz^K2|uv z9QEpJ#>Gtk08YM(`D8HsDNd^1tfwdPmnY>EUbE44PZ2?>-)Uwhy$K|{als&GfnPKK z0BAvb;*+Ml5dhFL&X9|(uu9or79Ox9jcI8iM^t)X`Xe|Q9(Z<-q zvF8;rlUg3dC?1)wc=FH0{{Ra-C*hmO-c5f>yOv0=u?ER*$bx#j#)(@n=*Rq^!rvP8KNEOwRg?W9!z*QS z-|EzoNZNlI^WOycx8fhd?-*$R01JG6mUp^jtjS}1yq5rE0)CjPJ-RZwvGmuAv^egq z?RCpgn}7lEKJfRi&9C?H7BgQ6a>$Nb&sS;B&$2^{#5NI^8JL zj9j(lX|Gg#(eV4kwpUs$tSZvm!+@hJjiSDix6v){Y-A-mK@knvc#^gbDtKd@)iwZR%mb8j0U%Jd`=oL9_Ro#o`0miJfD-1*O$KY9pa zr1a;tbILY6d17ScW^^7B*KcjLd71^9*%$=}Cu@Bx*RFLImP;80!74D)@!!x?MUg6p z-e0oTvpwyPio7ud8|;=vyNtQZV2rU}#G3n$;f0JhnpcTz#E7t4++oqX?itAZ>(Qdm zn9ZkT$1Jn>cH{_ObX)Pa7zV9Hc?#0zG9Df?~EfefM zA@IhpXw7qOw>oslTbQmQ%94K-{Y`w);g_D*QFvVS<8B>MrA_*XMlJ*s(wgl=Sh)z+U1 zeh+9`&XxVD{x0$4mg(h-Km;~rjtOpg!T$g`ufcy5E!y~pQJ!fem`#UbPu?}jh(BWR z#;mH+samerNq(oSd@j7xQ|)>lxux4*>Gw9}RUC4@>*#CG{v!M-y6{}^_}jx@Xua@> zlghb`kIii7p~iZDO5x_{eyKZdk4E?}<11Y&RGF_~b+n!n8Tq<;8v367V!49O@T_xL z?c53E5Nlp@k-MH1;vWvjrC&AdXp`u-Cy>9w)%sccA^c>v_?6*ZNA`F4fqcK)#k}7O zUdT@3P-I8Du^8$2^IE~XpO*N+!=KtY9aO$5Ui$w4w{L&^mAiS^@o)Gj-KM+aFWJUh ze;R5FbKQP==U}F&}+UyUoQO9l7`PpS{X{~8q6tr_Bi+quic{_mz`U+Jpossaq z2G#aCMCm90052c@lN0Oj3wVCpLDHq$Io;_Yu&zm5dd zX0$|C18(L-$MpQobIG&!oQk5BBIx;V!OA8ZWK$c4DpRh~4ha1#)govuVtEMQ9G+_l zL9~7KDcJQthu;f4W%0__T($7b8cZo+7-n0E0yLoK8!=xdc(Y5^JPYDoN5XzAvwbsE zhGQBB=_vJ6-m;Y!V^v*V!=j2Qt=VA&Ipo#t5HdQz&n%Gxo=tMfHfLQaT^^fddhtT( z87m1qgIm^eyzor`iC9R5a(i<`WOc`5$@M9hL)4~&vzoO)IH z92Lz=%j*S|{>BT%oGCmX#*3Q?^=&TmPq@?C=*pp@Q^wf=1yAWwW_-40{nnpTy6{e; ztN15E8kdNZ?7D@-D;>fi;FTO^q}9G5*w3OJW$p}CjJX8yf!C!><)QEr!NyW@N9S+E z?;Yy?Gw~jwX=!yQ_8JhWvCd^9>C@BjtbYxQjXG75DP^~tyD8?mXIjPo0A{BSTOT-l zRI|MBcZ@CPvXbpI%g-`UtTx14^27t&*AA$YOB~U%h}pM3)5zk8)w%OE^3GX1A5nY- z`1!4TF!3&(q-%E5YyJzLhQpC1i0M5h!J^@bi$EeRNvfAFMz>UxP#p#jwSJZbt8qzh`Bj0NbT8aaP0~@*O zYpu&e?#% zY#@=sd7vJi=M~iJ-T?TU;k|m}M%DBSi)*Ntb5Hk?zLk<Mo zs7lC;0V27bGV5K|d~Ijp=K>&rWt?4}ahFi_iFN}L}2)wr_NXti`(y}r0eC3P^!qrN$; z4~MpXD)HZmE;L;pSgtR&mP>UYGh??}hZnF$ylmS$Yww1i5bds|w7&4Y?Ty;D+)6_8 z@7}R3^iLA_Tg4apH;XObOpTEq+@3_dazUw#S~PXzYo=E5^qSgP**As*UhI$=quc?J zM_^A%tEhiv-U}P6D|fPyp+=quIcVeq=KV&08rCiB&T5r}ME8b;CjERQ`3x>v|jL?QM6N zk{>X%ELf7nQ!%M4qtbM%+nrv@*j@bb733apYofLA)tkcNK-+qbde>zw&zi?mZ95yV zG0Z?eswn*9KjGJmgQY1nypIw1!~0fzWca7y9ZSPnUYn(SEz_@U#CnQo zGqh`TLH_8*JJ-SbE~h7i^&_V0m$F<;$Q>PlX&)U+nyg+mPTog$QIo7S+SR_NxamG8 zgHyCq5sGcCjOPZnWROasi*)BC^sgeM?$4>FowYD$@g1xpYjRD)V;NuJs-L^LwP_f( zNGIIY(n+%_kktIm{jl`KviQfO&8FX5E#1bGX*(*CB#uGD2Ks`3I>7KYuYIFh>k)ru zT55vs*`dt9<`RF2ef{g|vi0sR=lQGjf>z?ZSN*yF0H)w)Tj+DO=(v(=q>!*;3lahJ zucR~!8%<8eC}xmARR`}t18zE#_-4Hm@T%g6zq6dnRGdYmN`+{LSbNfHFR1ng{GveR&9eA zCp=csPpRcpZImsv+i0(3+U7=6fC%eO*7Y>fE_CZzpp_C}-@Oa+t~)X9TR`QgavHn~ zeG^S>HuW5~)0*Ml+U3FdnluOaYR*}1YEPyCfS~ak7@~;(96{9S*0rspDN^*HG!mETv+Rxb?x=H z+jOLt_wnS0WzS<&os3Ur)O<^$-=?Mgk)vF`=BRNaZJU9;DPZ+QgQ-&9RLeIU}`HHzG-HcM)qEp0lONa-vunPB`ds zT(+U&JFAOhZ@5UxFnxZNv6B7s{W#Jmannb=NvorloT=;zI*Ut@D(|b4pIe zGL4R}O@7#o+SXfl*~lTT}PV8ux?^dB!uT|WL%P>)ftTYb(7jk!H2Hj3!aKh=CQtIfacMed}|R3}qbv>g{z(XEZe z{2?wGim=DspgB&jQ-TZ6u?d?b4Dxz?D!r|Rt%b71YR%=d5^~wWCWAg(JqlXQ?UjwN zdx@83c~E|1_*1m~Q%H+VisE;iMIbvyFlY^SGPMY_eQMe>ZE#*-No50-$4c^l6L==} z;yGrrW@b=9_IcvC^MuI6uEKEVwrkF>w2Qk58E)VSI6H6;2Bt$U zS;q>-L4C4ky>&Jk1&*SOZaK)#SFS4&nA(@a>Fn$#)HE+7tR$8Uae-Mexw(cgh zi7akzr@2|9l=2+m0nbrh@2%-G$ssW_T|ispY~*#Sp5ij~Iqr1pSmcH=6QJRM!v^)K z`~!We>-P88n$)b0CMcWRA;+$NI-X+Uj>}KG@l~DG{Q7jp&e$PM>meR*9S$p=9uv|$ zXMB+A>?696`Fo3W2d_PGLSlYIUOe!`9s$x)9WF~r;ff$4+a^Z?rg_DD$^EIT>p7jS zn${;>suzHy_stECEp<5S`<-GdwzX*%NinqKbB|iW*Dg%f%@mG&!}9d$QzmGw(9hBB zW1d)Ix}2i71;44UKJoSQ=w|mwww!&Wjmz`>V8=-Oa9{oJb@2k$~xp^zT`tM0w1b zW}_4l%q}Bgy9}7*4_e37t?q5@Q1AI!`2g0#xVl}9&Gg6^Z2^D_(ARdQ;vyDg#6xJs z1eLX&O(KRgft<_yM?4zgdcNeeUt;glRy zP4ou?u$N4>5t9&A_s2ENU&hwSByc(F>)x|NF`|KiS*2t+;Gas?j&yj2ALQsU*0%yD zHtm8N2cgNPF73zVI|pjPfhYD_-MY$Mys`Lptick%^D3N^*F8-mRSx4Jfh1x3tdP~M z{jQb}$r%xra2Mwvboz?UQ#6e(#QJ}S?)ACh6FdnN{6^=deJbU*g)eQdUJ-4dEw-5f z9OKfsD%ZA%?5Bmf*7!f+{hqI{$eNX_EJ{Jk9B&o$v>p%eXM!Ma6I+=y*$4*SAO;;7!CypID(?`*U$j_G;EWCB~Jw0lo%q26&waqWXx;Kt3 zwXX_U&8h3<_Q`P3ZUfVUkSd>v^&NT*XkKf&qeEvO4{IszdgOZau7qUddFH9&3tevR zNOZePyL)9)-fnkB$2|w7V_4rs^1u z8+^zV5h5%1Q}6y2`JwSo_J{b3@gnLwjZaehC9)POmh4w@o`8>TYqpgxq{>!4ah~^l zj50`KS@}GZ-l%giz$F0Vis(6~QsEK3<(_Yj~ku z*%@zM^&IA9)Eh?l;~_}raO!DxZv+5pW2+O`w`~Ep+(b_&Iq95MxU({OaRg}YBp{40 z>6(^cbx>(BTdW3H<$SWC3)B-|V|*I@ko;lsHrDC^Kymcv@vI$e={iNz>3##! zzS!nQebYJ5Jy_$gtRol9Ztc*@xRTrL5I(+Lm>~*^{{VOCpK)E^gFHQ|c(h(=+8nla zPLY{GyOczvemKo^saaUU&7NU?w>m}4wy?=9#p23&M%=7($p_N5tu*~VRe5hbb9nF< zgtDYcG3I0C-Sw>HD-{G%xw)PlGSf@atZkx5i6M~!u~K`U;<2v9m7K<1MPRzr(?7c1 zxGHw!de;?6os`dp?S3oxk3h53VS+)b>X75?{&MpRbsK)Q>YfVlZ^jQ3Xm{Q*lFfAJ zcBnB(a$9#{>*-%vCDi%l9WHpUj&zTRvUr*cEByd{y$ol|`=wXDN7B8*%i#v0;;#<0 zc028^?O|)Ff`G2vebJww{OdDhv_4*o#$Gn?cZiI7OzdZ3(c*O7yyT27Iv??`uzV5X zUmtGp{;hX&4v#j{v#E$-f#ZyKq+3T*1?~64ABvVb)ZQwF`@_>n9lXDph++2$>?_qi zE9fuciC4zH5QhHZ#yHVL$L1_}J5O$))J+P;{*$I_I**2}pwWbu-XxWFf;l1ZF~xU& z75G)+9RtJi_?N}k$hxwRzDCn8Kf*n$7ah$M51aL09bH^_gI2Q99koeqT&~F9=RV(B z%+)o^%{#-5sNdDOC|?d5q@w+4?G#^27m1tS~4H@e2D;43c=Tj|l++CP~1e@V`P2`{~EjL=U+hF-iGM`rcE1?*2E9h=~VALS+zJuZa01)a(&_#alZ){n4 zECx#O~;#`R>4JiBtZA14I+ z*3W_?wblIFi9*S90pJ0Sd*Y*JG}=C`_;YP1kK0`E@$lFE;w!IF4sM`%bSz#qS=G+bs@R9gXl4yxDr1+=fi$4zPi{Tf9!K=j(CDln1 z1CyNe;=V@lKCJ%$ZjW7_;^OY&Q~R$sAnhDrW}hN6wa=)(XWxpp_u6i=@b>asMOk8Z zNariIMkC(7A^oEKGpzVm#q3{CytT2Ik1yo;B+2{0)bd(aEmQ1xPbM(ZG0uCAf~kG3 zK`9ZJ*_?evZxzthD;~A*m&Et}4)HdfEu;OTPmtdSbBcbardsOOvT1h~aLsRU3~bVj;ZGT^TB&q1N9HGw z{4;;yj~46R6~4ETQU~7)vXPY}^v_Z6T!hx*E$CI&-LNn^*F2u5L{GB6X3btN6W(Z_ z26d~!K8LBraT@N%VRc-gQ`pymC~oeW%{(Egq$9a~QfV+1y}itu zCaDgg3%WY6M%%zV^);OLHa^MGub}Z3gK2#W4>&LWJOzGS{@4EivR8)x0BEm=e;57% zc#luhr;EgTeAQe&{p)$dG1<{INi~rAUhm4ps3lrn~;tjw!Ixu~GOI7|82?$%|A>160*y)Ylwf%M7_;zH0t{E0NafuZA*EM+cH;(6=-f2cy zt~B|=znXHn>}&J)TAxH=Euc97=9Vc@fX7y zw}PxyCbzeaTgw%E6Dn=_kPhbn9D5r6K7VL`hEn_`_@l1)dOJJ2O(tpNlGT|4pd{p| z`c{->?_9;R!7kC&8I*)^f-*k!P?|qG_sXXj!Q-K?MKg+`DlNH1SM$8x#FC(Jzl|!K zZABw-II4?hE!rN^jjb4AxN*f-f#j5!-Ae#_cNM28qLAyif;ou_!=U>(^-;SJ zf>?P@M@)vtHU5I$2Kc?D+b@KEF5kA@7gZ2xUME<8)!9zLe5-;xD+XRqsOO62o~Z1m zeeq`{u)j+{*;G*^ZV$^Uk&s8!5mLc;BfphFM6_^rXZzmO!%{k%Sp0YY0D{ea#rkjU zLHj!D9}{%FDoH*f_&y05_w31uwJj@>@&5p|w}}RNVeyRD@DHl^cI(30-lySRMk}Z# zwtU-}4ok!QCp9r$1C+0#YX1P)dWg6}(M!B3B;@hwUY)7kquedu+8Du+Am}%D=B-7N z%G$5QP3sSw(D`vX1_*QVjxv9pb{;dcf_Aagw0XtVyw>R|0fOB*&O789O$o}!NAQ=& zde4TTxx1EWH2sVQ0Ux|x;}!Zv;O#-RUk+%#Ar}!#YkCP7JfR-Gl~-uQ_YFQcOcvw} zHr(dC@5Z`q#n!t$@wY733J%pw1CRdzU2K_-sMgW+4NCf32^!i|ia)$S^z3V`_`|Ph zc3vOSY_DwI=T&?NXFXGBJbR8SaU3Uw#lESgMS9>BWetpQaa-_T3r$R4#6pGne6z@{ zAdKev7j89pr#BbH2beo3z!k=Qrfov(OsC|}IrOJ8U|Q8Ag4a)yCbsiYk2oBUda>b) zJsSGPE7X|DY<^R>qPM5%S(OFc-PLbmwT2OEaLDL;9-_SJ<59Vu_<5|(?BD=JBGG2< zCO0U=6=gU*zdDBY+V*RtlHT-)uoQq!1qRWG8&(PxLV;x%{lv_RDI*^PR7*VLz>fd zxaPigXc{$%*$69w3X%`Aw!N zNG4hDwG)YhHG)SWX6X6q^)FLby@GamF*9@+z^%`cXk+t< zRnJgs7|T;wvu8unJo}rrwVFaqdCqb8R;Gnzt@+n*+@hqJ{nidi9{&AnQqM}$bPMf6 zO?1=>#dEQ~VaLn`c?)WaW}X*sIK?4}i*d;9LAo=qr%5D13}!M<;a%Q?YOz9|V&f;T z_o+$fYfbbuHO(>STQ`ar_M>lB^#1@n)|Q*CMGdspaIf!_;GF%_=xdIl)lBg1W5gbR ziC+F2h4Zb+k6{3VoM(!&uK4cG)4YD~jx(@(o;V)0TrRQ;8fxCVKy?K*~`j!(LszpsQHETONq@FvIBw?E! zRP@38tEOKD_}f*{bsb~F-WTx>y{6iOCBs?U8GNMx^MUj~m1WA$s>5PclV=^_OojYpsC~#dskxjO%PGf98t*6MpI1^nVFGBPCNV8hWujqV}0V-hQFm) zmslYp;h1iXKpYeA@{Ydsv^PFeizq2zXMUQWKl~{1+CFF8i-dkLECn8Ms9^GqI=6)N2uBR?j_apXf_~T)y_-jznH3x;Y zSA;<6CIZ~X2VtJI*Zg+)4`ja#bnl2h6Hv^_G?z&b1lkdj8Gg02Bz+Y)ax|IoN9@1x zR^Hh)yH60RY7KR851vRYxZo8%x^(uhtiCAtA$)h>>2<9o@vnn5p9uJB_I)z{ z0K(TunwFkz!QNd@JHhA(J$|*%RULF{d+HCV`S;+^bo7vHVJRe#PZjm=fIL?`dOVib z3mzm2atPp$O7mv*x%YWxxla6Q4#){$-ST@@mWempZg$)=6g_fyAX84~uUd+>htB^1 z7d$z2r+;tT+FVT0Pjagk(~>tZ7_48~qSn{LzZd)|;Uu(q#Id0tI%KH_ zy=TkZniZUrXV~Af&%_vfHLlp|4>4P56x+y0bU6nj@iqD*@L$DNHoqJ^P2sq8D{I{Y zRJD#+8QbMUj05%iy!%&e1h+i=-juzYl0K2~PlVF$&8M}6R%He94_d9^Q4G3V`epD! z+=G$8;=LFn^Lp5e#PjoQKAU|a0z8#-w;#kSa%-fM?D8Qf{rb7o4Bo@Z>Q_+{N>C&}NL-X!0 zz|qEK_3-uW$tbkj>Dm0AtF@1h{{U^@0MGEl_NMr)rD@UmdQP?Ec$&p_1XL5Q+0}8_ zNUizT<>cver})0{ANQ(X2M6vP{{Z#sCArDKn3aji@U>#^ctZZEB>v`_erMQ!4)o8p z+pX-9Mv+9N$#%x<4wdY8{{R-J({!6FUkxnQTFRGMZiIvtUY{;Kt0^P&j4lOF-Dk{R zF}9mtg8ngK)C@4O>#;hjoLZzEiYAx1qLC#Sy#xZ3J|lLqX3v*Paw zYTpa4bknOxB58BG!EZ1a#ts6XUY%>|FNB^Zvhjb1B+*vkWz-@Y6 z%-%M!q{pafTC7O%37g9x6NJwP>riOghl(_PZ^OFRf-bIXyk%#59oCf4ruS*rkb!@Q zHV7lQuBfC&B8(*m87rr``q%M0QBT^}_CffC<4q$#&~5eGy#nt^*Yxe1XVdj)L1*eR zI2p!!gUx;fcq3c9x$rlJ^$Q!A;k>uEjRtuE)Ql5qu|C=goJ4h z20+d;_*Su94Lz!{ek)6;cZrarhA2n4HL+u9J;lAzNM3o-2~<(Zz^zutElQ_P@k>t9 zC-_09`Fb+JuY>!$fS^0KQmyOSzIpg)ch?$~7)}G`9e;Seb`4 zd1PZ4{`d2%hUZGyjiW8JjH%8}D&LANw0%cG(B!nSj@MtZnYY|1!Ja1U-%fu|O4J_5 zEonSq^COZ&V!Cs3CUsO`fDY&HRdXJGAg`v{-0C`_*joML!uy=pxamG6&}~JPhP$k3 z)>l@;U=kc>AN_MjH*?|hu4!o#iuj4ISY0i`%RF+xn36dolPJU2HSph!z9&nl-)bHi zFi4h>sCZCE!}qso2h z@KfUqQuu>Sv(*()$?}I*#(ICB!oNzqH+Oe^HMzFhyM|P`0CCqO*P$6Z9kg)rJ`er0 zz9!#zpI5Z-Q%k2^S?R933=i_S&nMj1!dFrxm}xffYl{&r&$Yl%<%&G7U5+bBqPvU) zm82tR>T7#M)xOah!2bZdm=3wkc=CFlOWRUOcOF-mBjPE^q)Ug79?&Ye9_GV6{WS0O;nMsEP`qwdS zs`*zEK|Fz!Hr$TiS_pBm)5c(sBcrUI;O4Bx&ayW6{y;D@Q01wWMWM!cn@qj2y|LE( zJE>f0dh937g5eGt7xp5)(fDKW;@?p4h2i+A66;~g996>!BRRL{c6(^qcnY$@SFCF z)~&5<{5SDoExbvmK&CjaOkm69fx^G9*1Z1!;%AC9zaIFKZD!9*gHN|b5XKP#Jjo^`Z4wDW7X<(V<~?hf@y?wdpREgsL?IQY#07K^_YIMRbxFQ_CuU`t=5pk}d9m(lVLf(9~Wf5ngB}KO{Tb zjlq?9$9id*%_9fFx0ceZF^4Z3H}MQ(+P!W&n>Zo}h^4XGx?=3lBNYQa?&(N%fR@HM zBDl++6WMrr@;|k=$t!L9rwZTFyJJ&B!Kq7Aw`n1o&(2j+j50R#HRhW4hG5j4CPnft z6cyYTJRkBaDN5pm4g&f0Ujxfw7Mo)Fjm^yAN|xFcd$;9ZMa`yMcz;6h&x~)94-oh_ zQ)jZd@)(J9>z;AH^8G#Q7i;Qt#yT16q1qMQ8U=?xFC9fkb7^VirMyjvO97hcqRb|b z%l`n{RxLW`<4n_qY44)bV@YL@^l)*7ADwXe4x@6d8lwc0KQ23;O8QK_+9&y`^n{9h zSBn1tw?FjU4&n6g5kX+Omal0DX`Gbuj(8rU*0}v+#W%Lrs||(hsVv{Si3i?tc)%6x zMEn~PkFmdFzl1(3@TR?Y@fTXMO+QeTRUnCuS|l9gk5io2>rIZeKCuE^Y6{PAM%HlYoiH?3@Bk{xNsiJ?O$+2mjKnCuU(E5 z#dQmL;eh?+HEP{N;(ZMUlGEv+X)?wl+BgT3UURAFHa5a{XykjX-!@N5zi332j%!Ve z?6;+mszydWZYjE+wKj)z=S{j;UO)?wI+|^n*z5c?<9#zxwU zlm%ABQlG>35k`-0gJb8|)X8W=fxzD+@Le<)3dsJ9IK?auEx-sIauk8jB-C=fjM^6V z-saBoIc@_+qyjVPTJbD%L^duPuOh9$MYt`^wYx^ntPeYY=~$0*eQCDd-6WqfWH4Nn z&tvUPD*^601j~70XXn`>Tm}8%1B3OgtGx~vu)3NgA@-bmeJPPM=WG7}wc2Z_l3Uzd zGMuWY>-g8DNj1CMqA~?`Oq}z!f;m~h-MSW%5CJ6h?nO2YDGDKsY?Sl29jFjn=@Of^ zoy%_oU}vcGuTZyJWw7$3WQq7AAJ&4o*?ULSzq9oiZX#uxL?D8CWLCDlty^ohx{bZ$ zO$F!m_-O z+p2uUm;ssq`Jcs7M7|=tpHH}n?aOE69a}wX%KT5KHl+cR$;^oV0DHYTxjCxlc2ih%lsjSO8 zBR9%P$O3|q)?Ro{3&kkTKsh^rl|zsX1LQG0MRxag3e9qm&5|+bJ$);G!`jZUJQTKa zSz8rGAtXQnkoxW(w1p*Pbh<{lc@$B_ei2X*cCRFldgAQ-RdoijsZDhRF$ugb1uPR5aGzLY+qdZbidpUP( z1v`g9TvoTOOLhsi+OvVcBONIWv83uUe(j_i@8z>w& z9Wm)yax+e3WnO$SNDACX2iik$SEgQ}|xSCle2y8Pf!&anGe3ggJCO zzZBWMj4*wU>MKoHNzs=f*S@^$kVDZn7C02Wb9P zoZmu-<#_a{0cd>o8QjG770KyS*y=5Ja}C5n9h;RI=QWs;HeKeowGi9f?smxedSH6j zo=GmDVRt!`i%AIOk5-_gdryLSWkz=f4*BObSHwD6Tx7%&J8%wp=RU%L97Uv)THUNW zsOKqmi^TLp>=|Re_IAiE(N!Slc(%`t7 z)@!Lxl`^*qtHLPnpTep&yljl?8D6>Ltzg*GD#vWC9PvEh=ObWmmtAT@!hd-@+ zyW>9|YCa*pOK7f}?9dXCrbz=m#dc7meOY!ndpMNeBp1!MBXX9>+&wGoZ-QU3$HWhg z*A_R?+m8l(I`cN&>UxAt8IWUzi@7J(y$Hjxg;^wi)BGI$mi#O52SGM|0Pz0+{3Kev z)CU^<#29$w^j!4Et#y7KiVq5F@@l><)enqyn{mG42tjd-=WYg1Y-gU8(Fk-r+LJro zS6cCB#|=fb1`FX24_UH94VK-WbR1&?gPu=5$J(u4X!m{%xcF|As3t`+;`%;i`!oo{{Uy&c-vpoBr3+wM+m_HjoZ2e=#GQpsDGTCf2 z3t-U6GXuHUkG!Y8Yp$I#neZLm>s@LW8kOAhUEj=eJd(L$&FU(Qv*5ZHF2HmLrFEQ> zeF`i(0bG{+`iBq0!i)OgPv3DC(kJ-CzJVBv~fn{M&QRDGF#H3W@3GwDZnVj zReJHkrmCj$n=*ZeN{E4ZV9Y_HV$0LhV9>M)^!+)Xi}}+i!~K=6c}uGHNh)dT+8^u>K~WiFEh)=%Psw!R;Mm148DK&NMAUv4p6QkC{PqfF%W z3u$~`u6Tz30KwiIywmiXSvH_^$CrWg1IhmYCb`R5tb8A+$$K@=+x1(JA`#7o2ZMxP z%+#ow#>mc=S;o0_2Z{ylt*p^*SmIEx8}rouBDveB?(}QBY4qE9*(HA{$TCP$58nR( zJ?mJ*xO4O-@dtu@F3F_$fJyojHz)_?$miC% zBy9-v8TQ>rT8(AXt>T8sp)8HivH{nc@Sha?L-6N?;}Ii&Y3p*UMq*)>L7oW5UiHf) zcGISL=Y_lpqTK2+_=8)%wvNj_UeMzY&!v6m;x83=XTzTg^horZt9jeZ4J>N;Do4r* zJ-YO-teWb4#A>66KK^!*e7SbCkNHi65$9^H``WAt8 zsayDqT#D9168RB^40n<1`Bs0!585+c()1ZV9ZjMgR?>TgNN-VFfDQp;(vw{af>JMm~Up>I7SaxzYO5_@Mg>)tu|o#B6oxAH}ApnqnD&Ne0lhn{ne zYh@isl#c<{bvxe#-!R_^`DCt@q9EEI@g5Yw!OHB7iko> z-Z;k`9%{&PI6nhVW2)%(aazX=R*#mAae`av>s0(gEOZ;ENhe5TW0oBlW7p|Gj>2Dv z+D?JsQEv{lJI>Crq)~EFPg9S|yyrsk6dIlQzOhR*<K=8$>SCCuYi6d-26ZBOq#Bpr@VTds1hse;#1G&E21sz zV%J0V2ljLLi$BFJD@XAbrKL|~_iAL8HsCKLaDQ6%Zy9(uQr5KHQ%Qp_Y{=WtAC!O( zIqB0hrjB#-cj8UHjiSc7ZQ{z(w3`rM;Yjs0m+<3M@ci>#l$tXox!mcD2CQa^hW9?9 z_)GCKPw;lFaeP+TywN->o<39G>Nu}I_`j>!TV7t=z1#@|v5SrCAUm_q=UJNA`ESJS zp)Q9nilWqSBi3MGvH5Ai4eD#^zXdUrN>{ zGQUINeJkSDnW}iw8T@T`cYkSOTs`7|MBLymJMrRzkWTd)+o%A{jJG&)`VtHq`om>#=abKXn0sL!ssA-2!y^Lyn^U(!Uk~1DnpUr-_=8Q5*AEY8Js;E&q-;r4+ImxBCci=%j-$&ZVB@t-bM0B~CcN%cZ{o`07ub5D~` z)NX7UKh(PgF zpHzUvpEPrfi6bNPcFmJCbHgC|*($Ty1QQLk z_M#Y(j@a9HAA63J8zVviv@(=akJ6`DJgFW)Ffq6Apxz5Xm)3AE@PdC7{{UiKcyGjVNjA5k-btsdgzoe0bC_Hnq-`VdHS3q!UDB+U)0Xli`H_La zQ(P5Ik-u#|nR}$%+3K)Cbz<=wTj*t7%Ped*ki)paKZa}g68`{#%KpRW_G9?#te*&2 zYp>v|f_2>%;iKIX*~m_9)V?eZu-yy7_fI_5mr*((05eKH{d=E)EUvsQeW^zvOWi%8F~*ED zuw$LM=~T>2GiRw>!>vapyl_Oh*y`NvJvjBRd;OihBkLBHGI(27zDBi42#0aY0yzFy zqQ$`-0@z+4y&i?O=EC@UkTiFG{}-Y4#MuzT{i9QCbx-V!Ew;B z^sWcTUKrE7Utwb@yAxf)NeX&L^goHMAZIny;cVsp#nPkGNJWM-fq~6(z9+fA(qOZ_ zV6j6ym{M{xS|?+kaq4GjTD9({e3qC{vT#OlE2K!TtfzQkjh!}-#~IoxoQaO*T_eYK zHn!JsU1`?(h03!=46VZU&IM_BHu~C2T}@?#M`+FFDyhKSPhZs2jjU^9qZ8QN7Pb(^ z>e=~^QHtR;Nh7zqcu?w+Qk+5@yX zMyE5wFcG)#d)B4bgCI+k`#@njFm8QlDD@3%;n#-zNuudm{f@CVpLb-qo+AGMeTc?D z?_5r^p~Zh;V`!5^?+_`yMaaT1>4Rt*-Z7%leK+3-< z9ELQ+v}YaR8)@t{37|t8MjN7zsyMH9PY??`by%bFb`8YRG)7d~Y&xy8Usp+h< zj{4PZuB6kXDGaz~tq%}*fpo-p(3!l&Ja)xWm5rjbJib2>+s$}_@-QLC zO!6yw^4m(*XScZ1)6BO7WwC;%zxAr;HH-*kur}I?L1>a(LfCgqWP#GUT~AfA)9%+t z+a!CGGGu=VtjbX_JZY(4=-=6vvAcOv0Omz(1O#XLieC$OuUoa$n%?J7ne3!cHWA4D zYdNHJQ(7DPo|S8;>QAi*(|V@d4gtnFBiD-aj}XLdVR_<&n3Uv!+PS7#CxkU=H1D{{T2)>r`t45+(aoDmNc7PBZCVkz`}GvyaVZgayj(A9}EC);pVC9K5x=)Z@3f zxp8jYc*qr7#=54Nq(Q7*K&WR#$W<80$E9=BJ?Dtt=NBSTWTcOJYn$GbA=~(?m7zbuNM3_*8DxKW;zSx50lAe2qUt zc{MAb1i5>sg4v`0D_==CGiJ@e{2tnJ`vO*MA9O^wbryrv%}e4MbLYz ztAp+j*12WypEpm5sz-`pl>L`NRX%E>kK}xV6AujNx_aJRI_@GJ`2Bxc{RsV!zAx%u z54=%(;8A%6{91y?dtw?e;#`a}4^!>epK6{|ewk9FrA}1ux;MYzsXwx2i~B$PPxuA< zLiig4ia8QhkEmx3LBPk!o}}mDnLL(F_#}H@!5@RZBlx*J?0Qa_c{(J?Zj6J5X7B7X{Hv+) zf5FX1;D3(%LEwKMYU9dTO@_;-=MFfe`o&y zh;Vp@dHg8S2fCdMAh09M>_8`vO6-F=r$a~NewF^lf3nW0t$5G-KU%W8wbN}iLw7Jm z!V7KL#&M5tsl|SGf5B?}Q{gWe{?~B$bHK|S)*ch^%IUh9w;;f`lF7fz7&zRD27L)5 zwJNqycRwM*aXoxz8Pdw|&h)8Ml&X5WCHHCfzQ^JJ0QO^9T(c~MF5|)XuR-wMtM+tQ zA(lBJR@&T-4R~{B^xg(Mr?csr%vVqk-zzxB9V@!hCn7T7s^^ZqXs09GQqs(4i#$7Z zsNDE|;?Yt?lIA_YoQ5jE;Qm$2f5Aa?jW1UHrFGMO51Ds9!c?!!gpFvfqossacw2Op=estN0euCXCwarLa!i?!8h8)qRJf} zTooZ$Za;-`&7GM)zZTKx`VNDyXz^K??e7v`>$w^-a6bzAqv2nR?jZP|qO3PiyyDfO zbPbjmE7$d{DAad7yj?gt5|5GlAK;%8+W50dv|OdV;zhN?HxG{W%-vYu**)aidimu^ zEw|FWic-1wZa$QuIU>)2yjS48Kl@_W$G#B1)uE9w1lIEvcu#x)4u26|jp7dqd^OiD zt|j@9t|p@q9%(prK7y2?-1*<5?m1$3eiZuBl%oFrZ^}sT?d6)sPq(x# z(V~nUr>$#RZ44JAoOkbBl@a|NfrXj5CXDwsa?C(TvBAe$`E%kwhMp;;bsM3Sk;&v5 z^Q!E9=0#C^OCKvq7}NC;8xiu!f=_Xp?^DUP@h*T3(q6=qB#_{q4m*7^Yl`RU^rW4S zqkb^y@OZ1kT6*8Z1|E8|}YYFD2PJbJ7Ot3X{EHe-NT@P9%pNV^p! zW9~aSG~bB+1{&N7KeW}J8H%5}!>95;m3Ty&?})r1bz|ax4_(P);yoViE^Qn}92peg z22;UPo<(S+VK0Wv{nhw!b*Sn800y)ViBj6>R$eLbCCHas)2;1O! z&wgw9k?@Y5o)!3$@q^)xv@dkqiw_W9HJ!dVi6oG^sRx{4kLO*Ie(GoP_k^_79w5hH z;dceiYySXpe5>$h(q9F9F|04`3GhQtZC&)g3~D|hwXoLa-?lMm?gJSCIOtC%zoU=% zEMM%+@Yluv0J1;)EqyxDJtN0o4`PCU4_@0a%+{rnIW3?5dLt*yJA$VN=4|O2SBp4& za^f6rS;bsEJSEg;Tb5dGq~Qj?@EOSdP;UG`dupM4y6mJ==}jQ17h%AK`8vbhsym-uf))_xu9db4Qy#MfRPyKmlG$O+oKW9y6x z`m;*-qp00{G@rqiw+u9Sw$oMk;F<5_OHj zVAl+!dh{t-9gd%yW3Z2uj8{~ejm5RR*7ok}44>;19vkW^6+>ykSn&S$GH{wZiNCC7^V6KcAz+96=SXtz~okzDt}BN6`q*RRQ62zZ`p zV$-!dIh`Y#HI_D0_i{5`vZrlNmf-B#RsFUaqr9m~-zT;I02SzZ&9&QIp^=L`oyqT7 z_C6?I2Hsd}ayp1(f8MJMi4=?##b(`)v7I;2`d9Xk_%-n!)Alj=OZ!}ScS7@i72axQ zeNW0e<*~Doj8V-Z_Fd`$^d)_3^P9sqH&&XZ-Rx^0*k_Z@1RRzme=2f~kC)+2D8lBS zSdJE4&kt5~r{y@>>+Wdu{{XeKw*9KTt9H@yV^$)nJD+TgBFKQI4_cGViY3U}{@BfH z)Kb{sHH%BFD(&u-9NA2Kz;V;owDh^2^JIXtsb7@(Qk1ND^~KaR3G{9vkE0%R$=Yxx&nVY0|cjA7(qiWFjYf_w~Hd0-Ep6XAURZ*RY zI_Hj@*USD9@tnG$Gu||@+y*hqta(QaK~g&qMRC-ddLCS9D6{CT8&xJWR~gO#uB~+j zk&#peLDvSbJuEC!(A!B-@wGybay_df#C{jj{7Gsc)$I~_7bYo(4;l5%IJ+HnFxN+g z_?O|Qh;;iwb)+r5?%$Med=vGkygzNL+giu=`+qL+e)_LC`d3XkBZ8(~eGj2LKNaqc z9+9eEJ3tO)hCpzBwf2kt(f%dA@D7!vXtBd*Dgu``BPK}z1aNy+@~>mEhFF!8K1J~! zv;Dr8dd&K|r0T^!Y?qYhkz9;d-)lmsjq-KRdh@H-J=$1wmWFlqmNg_-Rv?Vvd)8&H zkS#!wC6q`ryLUlc4n~JfWqm3qlOfzY99FDTvc|->w=`U+#^pP^DQ1Obj}v6)+*Mm^ zmkb~(Re|T8v|QH3$u%FcjF^O|JLjc7+W!FUYOfP-89Cy&Ff@TzP>g}SYR-uthrBO+ z;lGHwds%CGZ`$P3b&W1WR`SW-L z83&5xZv4wPO@u1vy;7E@e5lg5xs_EN-1F#rS52jBPp8kk#SHP4WMy%jsTj}Jt|D!!M8CEcjDCtv`a>PqVqb zP_ma%jyv=`ist-R@fTC^UaK~*u4>Ia?Ce>IVsdL`SE0`w98SThj062Rmb# zOE2MGj~1?0G?r&3vXo4|vbq{EYp{~2BwYI%*lXmIVu?4dK5X$=Ud+F1bCi7PI*6Lt zGI|g`B^r<{KWf$8mBoZqqan`=O z2>sNN{#tn1RlX?3%1`av?nxf$7K7pqVeO#NgFU`-;f7c1Uu66?{gV7O;w>-3zYu&? zWYWEr*pV%O+qy*=$s@IUP(KyL)v@-S-M5F8?c~yQ_$^SVQiwk3^sb`9)+i$n8hhfl zi#~R>OS8?qe-@&bRySH@==(m>Cx{L~?f!l0ZwxctluNc|+Mh9QGfwws6s3I)y?R|b z#l$cw&x{^d81?;gQ$LRMzp=p!x9?+IGLCkETO&C{Yk20>j4N)!_9s)ZnBpa zI*3@Xl4y#;Ii`*mw?29tFe8F$CefVD8=WA@1d#;t)7Wygg0>oAx02pi zk=zR&ftu&F-wRr4 zjFD>$zJFYBc2FZbOSZNWsDTmCoaA?|!7P}tXF<3QloK;r-UpQ!AYG&Gisj?gAUB3I zVC=1i!TYB@DKvArSn98B@1EWXZ0yX8?~T~N>FZZuifL_3cL2w5qX1*{rcycUy%tSs z?%oEC5wa6=3f#2t)E*ktT`yp^zP9CZy$SWINKPago`t4(fZV)XDz+m`aJA>!&XU?t z5C+I!LrBh1v6h!4#sO{Z+O_QUZ5l+hvyR1KzEXV2gPcpxLOXsGh&!D>R(o0CwT8uB z*@-ep9|eA%wb{q7$0U*3$OK5-4@v;xHAIDV87#^az2t_+YLe4UjKL#L2g~Ylnl1;I z>vj{tb1lS5Hmec_cp|m5YsQo;hB)^qz@Ujh+w-lN)+{HQ7PSQ7> zYU;--IvUK>b(N9^hcXzP5thjZj+7cEc|NCaB8en{wl7?P(y7{O`cPA(UrOnBI+Ty) z$j&>`k|^PuPma#|OJ`XaqY!uc(=NO}ZFun+Q8w<$9k$S5G^)4Y>MMqhoEqv!|V7ni%C$alpvO zrD@&WrkP^a=1(fwS1A}=V;=KUL{~4sRmTU^*O6ao5NP^~-&@lI(wN? zH+C3Y@>Kg*C-w^)jXfIVNY30Y(~f`6Y05xRzqF-!h zMJV(*O;23=M31LS9vCrPp7hNz?Cc?AFh}I3PSn8MYC=)5ogS~Y=@uJzV8Gtu*=QBj7=LB^=)VhQ)YB4^>RAI&e=M)g;d4=V*#k0t) zz^Eh#?~2~gubyBbCx0Ad@_ncX%TuIFJ&mvhh1;jKNezNoT*q-Fq^kVeg=IaHeK1ECr3Rj)6W-2+UHh%i21@TeV*d9Gtel5}R?$L|q>YNf*@pvcZwb8}MF zwhIiAEo1^HluPPK=~0(Rl|q%zOk%TgWhjw@I}rlg%BMLF2T@k+V38g`?=CwQJXTYk zjbk2&vuO&?edUJ}%18$sh5Fa0kB1hLPLazZ$hb)nq8Z%W92)ZR7@HoI2w3_Lz}^P4 zw0nEgYZ6R^G-Lo6H?4MhhN+@kS==tCtTvzJu{bNcar)-GY1DFdN23R0&3r-QOFcdd zRj|Idxr#>INb8S!@XdF{`qkCmp%sJ%dtJM?tcT^U>@5P_L&kNl70-6D>9?Zc3-G{_ zc+N6Sb>9uX4SYiQx358wz>cRvy?01-j%zM=S!@mfieJ3TOhmeFN$30z@_BEL;-ycgoX3+nb-@5E{RHK+Jy z!dxbW6R1{FCSL7yuR^TerP=fMzAl)Q*@WV01Ox7}$xvg(HHe1xLLsXs%SL z-rX`OoK+cK<}$7d1CiMFq>W26F;J0}!RMUNam}&OrX05_y#V#Af+s8xkaOG`O%kuN zG$FN+ERdl9slmbEnw|@7lPlqpQoBI)tZZo|bEvVbgF;Jf1O}TFVJlXoUHVFnGu5Q4P%`^g4ysb!lxbe3!ub;$JLunze3KhmO7>@uT8;lB^)?$@$k>YgTN zXATd zXH&h>RupLCka9^K&!_lTZKOrvZx{G?QL}Antzx$u9^OE}%OE@i^zC1HR>$YKd0iM< z+v-+2OnPfxU+j$vd5ewAG2G&(@I=Yt7ne-?N-eBWb1Sw>GUtLlNBGw%=qYw4vDNK# zZx-6v%Vj0qlOMc_e_u}3^|y!b?R7ma>{+7z?~|Xrqt=3ykB$C2_+$POipy-h7%#07>G4Jv$~ z;A1~tE5&5}pmiIqb4&Ps@yGp_B#s%pvRdE~$IaXfQszuoI!_aPJ%;kYS=xq$9{|J# z+z&xsb75(zXuc}bG{>|y_6Pyp&PqbUhXf$VvGZ?r~c8~zzfzz+)Ru1M)wc%?mBTm#TG>uLry@Df# zj1UWdvtK`IBUZk;(d@4@`-{0)FnLMI2ORG0K$ON^_-b)+r};|wQX=w(a0g7{y-Psw z?vvn)3EoSEeMVMhk}bI?Ti3N|7tp0Hrc>*h%oCNiYjIRl z*nU_2;>va*8STYw9n7V<`w#m!YnpB6gBsd3w6eXlg(HU9BL4tdJDuOHdga%MwQI|J zn+t|EF2T2^JM+qplV$Z`#Y7t({60!iCt8T##@5E_4P-?C?(ds6K$uimbP|8x|9jV)5de| zIjXgdBejYj5WiuTg=JB0gjcyX<8%b8Y<{F*O5%y%WiNo zeKU&IGSF>YwHBp5gNCqlLma5#)N~;A8LzlJZ{vRg>)!{pD6h}@Y??;NWhWA>-k^O4 zT2(cTjHI2ekH-B&!;L(1Us-+a1hTMvnyJ$E?l@i)n z9GMjCSI7t2y|dw`jik_ZNIuar!E6~y<**6QO3>(WXX(#}^>@Ftwv_z-Y(f4~2vOVm zR_B(yg>=e;Kr8kZ!qvP<7Q-dS7fu&5$fq+gYnq2uwd%+HGd01oBwUyJpSi12Ci z$>%{C{{U;B<%-3jQomEpEvKE{9X%2`5!i#ca(%1lf7$;4#i^nAmVXH9@Y^SawOm?% zb#0~U9gn6!sgk~jqeqYC*aIAEaU^gFZGv3kbGbYpY$BSX2k z(QiJ{8@f7t%g0BN6q zUlTuP?;qO6)*8j5n+djp_Lo3qC5)botg3kT&3~FN#}9|TCHPzM6UN^Pe0!(rnpclJ zH-A2xez#HJ%82J=x$X+%2chf8=CXuZuYQewU*~_o=9cHpvI7%&GJO1#yZhBw$jfDd zm9IuSoRdYRQM7Fh$4t_4Ki0>!h^mx~h@=Xrpau+jWN}f)1JCm=M&Fp$X0hx~8+lnE z{cBY|UUPpU(Kq&R{i-}Q@gLzPmE+t&_RBjfc=aZQ#G>NWlx(;RI^bX)q;X$+ zK^z+1i(>Zrie15Qi*s!{Hbbf8VAlm`bUI@jmEqBCEbgxEi#cnB5zM*cAa%!T{QUm_ zf}Q@z@B37K%UbS@;rL{m;zxz!msioF3%u$Psy6#=y-0Q7dNQxAa80#-UCMAj&a1~d z3-~X@dXABQA%YYkqgEKfB;`(fgTWQf3Et9VmM$NRaa}Q)m5#a}5Tx^4xn&HasPz@; z8cx5X-NUNe-dGiF^?Arb1SuJ8vBVm$M^)=1gE%uwO#%$!clF~@srHP!CEyqtz^`r@w z#~G}qxfSfP%W%dAAfkc7Vy#|l7hWW@veIwihFIn5(`C4_U$X$FF`v45pk@C6 z?RQBf2pJDzPHPfd+2@)@c-h0AT7WuzG5pI?!AvTr0DAk?r3O-ED?2-VGWG5t`5z}d=QY}Wrrz^Uk>V;Rz+Iqq^`O{-Jxb?JPqV;`i?@N= zv2OL9_YvEG!bUvffG7iR!#8*KdX3$^?8$R!CJbP&`m#FY)&Bq%Jh!)&?L3Mt_U!q3 z3IOumV@iWhnc%mdd~Mx&3WCNtA&uGJdt~FDaY1zVHSMou4os51&#y!4UG|mYOS?Ff z<);b#NIwYFkFFE%2R?ge#Z^+J*4rL zJA>SEX8MwlAmKPjC#0f*nESNE}od6)*2CZLC@ZVp)&M4^V53GQ{^0!!&H0 zj@{U#(XwZIq1fq`rLDu^@yX8_#c;kp0^i8{J8p56{OQ>0g6MNT2JnsFiZ1R1K+kZz zARRMaqv6j9YFZt}wPC7565B}1$?}T)F>nP#W?9%Ee&&pe>kM1k1%KWyNbUB&AzV`ep-CtK-xw~sx*V> zQM|N+Pl{Ql!YcjlJJ$oO_|EH7cx^46{>+#PNyZ1D6q-j=HafoxwDx$N!TI}>$gIyC z-K6uhX(46dpPr-MyxdHzosZo76ytjS9es28-qF9|FZl8MOHHhJhr|#^b>e%lF0KlHsR&Q>4J61hy~mf`q$V$vD{w;J|1eG9lQ9q z;tf{I#5zQ)b*Enx-5$`{C|AEgFx9x3z@S9Bd zess_HLcBF~CaAMIx0!o#$*_!n3V~mm8q_Uxsd!*WZaSTy3>wmU>dzy>&Ip!Al+(dC zc_%49SxL+Ay}n1I{1*MF{vrO)QtC2zM&8Ey)=*vGpOVk&4{D|3zl>fa_}AiTymjLn zi)Gj3K^m&QL{aC26kPj{^?sMuKD5`pvCYpFjrF`Xx`IV=ndywR9#t0hO zi_YMHVVHBfJ%Q)-rwLivpJP_4RL{~|KigNv?eHoeh2OIGgD3GP#>v`CJyTt1cG>A! zBzdhN`_7<%2RP*O-}5_M{e%2B;r{>&>i#A8nep%YbK))Zk9DZpTa=OHxsdK+#GUMN zdYaOtd6kdG_&X}6lxBFWV~;&*^8Wz9VblH(O%eIw;t$!&!`eotd10wRe{})eBAp~E zWFEfN`UUVm{t4y#3jApJGw@HtnuXVjeir<2*L+GeUxycS0wgqJh0l>o% z*N}MrtbWhNS-vw1maJx4xu%+JTK9_8uU41z&hz$^{{Vs${?LC2biGf;-?LA|)cED3 z*(jX&Z&kMz+N80Mys$d{?pDV*`ANY6Nx(mnIySj|Wv}X<67g=2s`xX;RuY(RG@V8k zhUV5lc?^sJ;MNte?i!z-_$lM=4~uBZn~$=@)A*r%*Ld}6`X2Y9O+DNe&;XLavhPEH zcAh!?1#lm1?udI8fFiqh!&E;Gdc0Jc(5^E_wv zr`N8vKLmJw>^sHwJJ_FWV2?16qm%DmJ>WkPN+E_R3bg+Kc;NGoO6RDKJ{HBkS02pz zhvDzUO+wFGus2B-rE1fvN|TNM0J|Nz?O$}>{6F}8uK0(;zA^Bwou=uUgon+^Hy(%l=Dm7K z$L1L4%-dn&tqm;7YSwO(Sxe*-w8 z7eo4!4N&f%Sc&{K4x5GhPn)}N82NG1ur9tIf5KmqMd=6De`@JMb&yFN=Cq`eu`7<4Z^-xkBRJc*66Z zFmw3-06M}l=z5bq=k{sVf3!5){U#wgp@2@&lixWx{c7)u^!s+!^*u7r0gGhkkQn;@ zRisQ=_TP-ZYz=PL;CF?z4+?0yb+?V|EkqX{Y6ga1E0ksL*#7{JYW)0L&jkL`-XhUH zF8E&2bgzl`@ja)BY?XjTx`>7I0%s#28t;s*tbSd?9v**ZW;HVyPVRD@*G@@lmwTse zdl+|?`h}&%=9zs2@J$rkatTrx9-{{!*GH=O*T*`?hUW0!iT)t?_r%^CRoXP`{Z?tM z<5Ac~TNM4Hj>qYh@{BenP@Q^eP7d+9PnE8!`#&^zmcM+m_(xdqZu-Z z53O!mN4EsF{@67h%(<-&7vhbC$>EmQH2pqn$G329(jkJejA8!(KjmD8z2dz)#vTjs z+**ya(rcCgGF&TQvSa06!n)~Gvefcx(!8#JN`JFuu9NWF{s^h#Ul{n)Q?4+e;ynV<`kN1&If@75VG7=Rvd6 z;|wtjX%Q#*umGoCzcPyKd=Ccj1{Wm7W3gCiHt}^`StqiSNjrMGzn+J0rd`9S+ld%P z7Z@0>t53C1h4!}@LyXD2=DhO5^@hF1K;LJZao(GU1RkU7T$5)kull_jQ6dPtPLwkCeu|eWw&O- zau{)3^l7PhpTuI%O0$9~CJfN+Y$4h*MtgLivwy3!l!jrLnfN7d}i8?wE#^dpY$Yi-_hmom%5j)`XWbO+2d- zA!lN6sxYJQ99L6mDr``=0~r;fmvSa-L{OGoscdnY;I()l)9%p1sTg6LDDOu(%`7($Ct4DDVvX4`hmjVlyK2)c$Y4SG#}WSk1qbjC{1eCGC+z*9c+=nq!7UHL+Rl%yLT&G~{WUcCCylsd zk&pu-pF`Y!f1Um(_!av;&+x0lI_87p4Oc?=n=~P>wB?t6*6s?P0326NDvc|*9glILn(>p>FS8AD@x(mFL258(Ji{x(xPu;)yU|EwT20cwiiw}kHl?#;U$^%Ygz5!0I`sdkbO^T>Vwe1 z(Yej(7mG1Vt5;bem*yBb1bbIY=BqG_Eh(6~Z*tF;uehqH;<+yr_$yV{{6BT#8%;50 zio#XjAzl+F{{XCOCmV~EnLZr64Qdl|i9-;74&SAAc9TgB<&=?(x0<;gyw=nssS-aS z{{Uzov1p$i{C%bA=peKENt7u*y{jw3ek{_oxuAQid2XI3S42fDTRpapwe}blc%%HJ z@y6?k@vHmq@<-^$z`qCHYPRjJ>T7drZpg21Zoq@iKJfhO^fSX(64-crM*jf0v&MFh zTJ|ZU@Z4ms>_Mb0v^R3R*AmMSZNsO_?OoJM=-< zI8xs;@H1OMbpsDf@eG=Nr+sH|eDzl-gHlYmp9{3#jBV{+#9 zD3UjdLKyS-)<%Vat8H^RQ!U5v zfz_#|GQ@YtVGSa!wAjzh{53-BT(^-#PRwpGjE+H|42x|^p$`mTCv$;}n&!1VK+T`D zA>145iVUR8FECFzAqq#+ip;pTYg?`0t{ILOAFTu)iKSh)kdezKP6j=VU6NxQfSH+* zPDefH0_1vvNb!lIc9ebABb--7X)0Z#Wmk?d>sZThIek?kX{3qa5GFbv{`JHQfu~(G zaK>6P4=1A4MqR+F*C*|)&xrB|L)NZqP{nO$1d>D<*o-*mHJ}W$hCM>X9@UH8u_LEX z!m7_{f2XK>nEp=wqJXhd$Hdy2Nix{Z>lg$OM}JC^Zxr9kV@tR^n1@rI8iFRYItVP} zzqU(@X+)5>-5KOpW2GsA)QLEiMkq2lEqd4OjL#~%^U8tLSD)V7z05K|mhpUm;OCkP zjI3ZorU^DB%x7*sZhCuH4|m|rGy83C<1V`xuuyWO{U~O!k<#kE7=rZ|QB-!Aurl+( ztW8GJ#v5@Rs|A-i;MN5;aJtTceLNyarck`@1GvR_)}w24r`$9baXM}p3yw(t063|X zZYv%ApM>nZMWwVdN^RH58QO3~bXt5mXN6#fNUj=Ig+yVS>FZdv(6~N?nwN^kq&AI5 z?L>g3IUJuK?Dt!8!Q>y16{J^IDMsg?w~1`+FPvoqmtRpJhn=75%bgY||zPK>40ZN><-YP;;xvAxDw#1AS zDEr=(XGe}H&e_|~Ki?hbF_UGDR!LN}a3I>e@_JTYpC#n#4a8zIk{fBw1SN4bEi_z4 z+ji$T0QG9igH4-C%%MU}pW)!pYNKO!O}m=vW=S`@4nZfSQSm;!BeXUa(x=)0J9+C$ zQMsg12ZygFi%o^4kQs*sO=uwmPX&easTHk~NhRM486cidOya%M!QZpZ z{<&^r@rC825VPg{tBzE0{2=DMj7}vZ(VPO&sr>&lgr!&oPUIajKmFbG{CpS4*^dlP_wzcse!?rd?YYVY7A#fXzOL~5F@~?|O{^zQVN*wXHs(ZK8N` z)_qG@xNj{{5VlD;!N+>`>EV(xl|%GP;4kbWf390M#1GmF#1`HL@WLRJ=_G}@xWVHY zqOjJ~PyHy(?Vt{q60Q#4>sD+K1{-@VQEtX1K2Rz_@BHX7oVphwUEs8fxwFY5 ztynN3?vYhgp2CxMGH6dL2$)h>^c89w7X@E##Uys`OPCgiLvLziRsjxI(z^XS!|Y;$ zQ*SJY-*gDe7H+@+Su*0TearBV_Ez!7hoWv~;&$5>6xw_Ne1Ijg#5-0CHUWUG`E^h!+7VmyT-wKgXB|>Uc8S=^N2h>uj&m3 zr>|-f>Ux9a-HYxjeKFd(YE2%c7$kbYbj|EsvMgWxunxU0K~?Aa5nO!1u3x@b|+%0k(&wUnQNpJgj66 ztTy%Pee3iYpO?m3S}5oL0BBDFX#O9!x4F`_D{1#z0*HhZT#O8n-y*&pmt57nHm-E2 zBW*z!EEhXT?~m5AJ0X3KuRa@icEiTM3+=pW@0~zpWXKsTy+HS`NBDnvYiV~fTH1@V zI*45u;C>_4qEhH=k>?*1{4;ssd+W_WX}1xi&A)4$fKRcm2f+G+U*bzRUG9T035@jr z0QFZtK8Hjjb1^(e;sfHlZ9HkWQ_FETlO#-;Ax3!^;=Ys8ejDg=-)UOTvZ-e>24Lkz zW8l#*yS2uGlRuX*)L>f)! zpAd43f`4|oJ%38n&y}9QuV<=waql9zku_$JF2I}^{d4PF-oN7w7s2pp(MzNW@6j4% zlO&co1LgzLn7J%rcwfZ2cB|r9Z?%Vt!rE15P=4wh9)t4Yv07WV)O<_gON6<&)1!<4 z3uQ?J@&{wcraK($UN+N#n%Pt&VS{dC_kF3lw~KVI?e7lWNo#AUK$j^ru{hY0DCz+G ztD+`STA!ky4*YfD&1%NuQSiQ>K82~e2R7jRs=wVB9jm+4{Bs?(ubY1%OZEfHP;-(! zX}H+tXU>|H?3dbv(%C>Fkjcs0fHUb?{v`NOsn}atc$Dh!!5zx%NI?aG9G1u8D=DFJ z+~j;qW2?pC`>REoMbtKLw`_3dpU~GQW$N%b4}#GYcY3mDIH>qHQH zHh0$FvxdL$^HI5*#kbKq_vqgLS_GrlF}V^_HU=fo+llp#Yu3@W<>C!c;+<+qks0X!pPshK9vv|+L;_4Z^jY`rm@f43OC|-(do?0C7 zmZ#>W^}N<{v~#4E@snfjnvR)i9-|y@=f=wGrx5Gabc&p*|qj9YGC&ikVg|2QcRjv#( zIvcN>Bryl@qQ{|5r$hVL_#NUsf5blneiG_B<;;4Hp(c-RP0BX!IBW-#-xcgE! z+Ut$s+puC;^6-*AP~*3@b6Ltdmf7@Yi_+m9#^&ARidc^2E7^sAC!g?f2kd7Y7v2l~ zx4Z|U-3uK-V$l3+EvC31 zX15lq$H--F9e<@@MIQX_0Z8ZvO7sqSc4HbjT$WRUzJrWaSqrut{r)QrxpiSTj9UbWHa zek|9#6XFdU;s=AS{=wqy4ph`^q-@|kZWsaY^5UCT)f>V``bYl&!8yNd9}E81-?N{? ze~h*>+rh6(X%?O0J4o9;SRNTM5@4q1Iq>tC9lG4QqBkBIf(30vJHx0b-)X~oormNI_o`-~sb zxHc&Ka{mB=jsDHi{6_e3dE;#dNrms6I-Q^?hV1|+{oMZmQ(w)U<(0*>F~z7vEwwn# z$zeY+ib25@*+N|rl}KF4cvupnmOXMRIZu=2t~+zhcEfYenzJd-1ZpE~tWQ$KxIWmU zdJbFx-#M*_7B*EauwWkb361=~cV#_0&;;@;XQ2uJ9Xir8G^6*DF>%u;r3RGA?VZrL zX%5VEt1<+*wYh>#(!nb1WIe?ru9UhT(zpB&NA|>IgIE2ZJYQ>Xb*SiZvZt9YPOYR$ zcD!C$f+rl{(u0(4w$6uvM_M6ym5@;4lE@Ey1o?F_qFmgT9K(W>J3k!i1AL%6nv}5lMIr`$b ztyf99wQo9L$r-@}k576AeGB^}_`P8Gk~|f6J40uvLnoBdKIPxf3J=}uU!x{VeHP~C z35k8f0FFl;>v+40+T69JYLGOhVAzOp&3ZkZ)}1Y!FBpy4@K}p=KU5VU~&fowIQ7~&)V&wc7&4S2P9UE+V$1dv#gF) zS#a6o6dOZh4gq@>)@g%9f^m+%^pfhoDq3!3+;P_c&{3EDmY!ilz|T42rk3R`)<|vq z%qbiZ{HO~WGuzx;>B}v<6$Eqb?OiW|bd5stTV<3gKmpErwkQL)*3!loXjDY9#xOwZ zUSFzdR`-t$+y$b!iHYF->HyKQy?Znev0cnKZ1Y_e)5U+Kp_HODSO=b1&xgA zyQ%nBN43&hP&%}BSIHNdvRB*Z4@Dle^W?hZ8qDS!q$rWG9FDj&+*#KX(!2@r55vC> z?&GzSM}?)9Wnpogs%NM?;=S`({>;5a)U6}g6sjIPoa7&RmW?Ic=Pd0@8K>HqKv?8= zu5K?CHRholh#ApI8<=2%J*x*B8J2uOt}@!Q#*Mg)aqC#RLdpa;^En7R8b*}Pzf+DY zi&$kdXYs;^%w3ueQPcc5-3FQ~>1M68f&0?QJkF(MnQM$aI{kO(kI+8F_w6w<- zaym0_8Q_}KwHJL!Z=_48-JV4;$NVJqu75&fHPy?+>LSO;dSFm(1*yB@M7-5Bma(>m z2^_Kz%sE_j>Hd0G4SDeY08q0?E>mU1E`DOYR;Enur4y>QTZOi@wIG&3jAI0SYt3~# zZDU=ZRkF~dTb)f&nH7(xsjnv$C2Jqoe?;uLJi`@?{zxeQ0N_sl0Q+Hq;ax#n!+M;z zu{?Ly%uquA0L1&SK>l^N@EcgaPl{K%j-h|Ktsyc)Y7REB1pfd*UOevhKelldw6Z?< zgW=bRzCLI=uZp!>SJO4Sb_u4)$++%QoMRm@I(ygGy6uLY@gM#PkMXO(-w`9Rv(oLX zZtcvf*i9=?h=+%Aj$>0Q#^X2{$o?TtDW8@2r-+m=6suGJ0GD+kFS+UX*#2(6XU`Ps zTAq_-9-%0@)P~sPA+x)TarlE@U+QY|MQJ0(H!5u)54wHnAJMo8#nVlb_0UA7uY(>U@CdZlw4G8v6XTStmB%V()B>dkVsJ51+&2kfyB@XHD@H z^}Md}G?_eL^slA93*C5^$G#=dd;wwN$-FURbvK!JEOKokB^i7S^}yn}{h{3|5R6-v zr__HDziS;+_H@y_MetML7Oki1fT?-40Gp?$dLI#3%MGNq#lSN`E;wv@epSzE z*78|=Dez9Irs@+}c)rI`d5MLJ$!#oTZDEdj02$ zZ>5^QEA8hK`IPuAdEyzYOj`b%HMXf^JK5?GvK8`YM#BORBc9&%7s(@SS-z z_9un>Yp&_h=oglHhn66@jIjXx(eC+%KN{AHKJpYJQZ6k0VbDB5Y2yoPXyk?%ZW`GN z?LAJ~@BAMJ!<}nH@jt_#9oTbnQx8ITwD`Ax?NTvEa#?cQ^9g zBsTXc$_;~#-u2dacIF*6`aSL*HW=ri;t3PZElWx9Hmj&hcXb?h1eWE8&V4H58;N2h%S z-j&TL-0Xxqoh&iB7GlSm(BCJNRTP#{&%I>Tj`%L7Rm?h*Zjwk`z<9_smaG#YhsXyN z&d%sW(}r;N+f0XU;stJ4d5(*W?;Q23rnRxPj-JBv1)+3~c-$0pag}lCMR|XWz8cxb zX?Ln3S7qPIK!H{#cduY4_}cr#hnZyQ3jMe^*P;mi@Z{vjTA z=RNUUZ0wghnYarYv+_ti>q*o(F!^mN9Nx+*Jk7UdYqz_7+wN~#w$*Ly04LV9jPVGI zE=CtWTIH1P!n5TyG}tY*4Rga}r;$?}qd3R8@V9}yRwnxzU?-g0R1QERs6Uafsx*khShT4sd7pQ0 z_p?G)JsNdUBUoZ1F$dp{D+*YyB%AEYg`Dyfb{@5|mWMtfvN&%PUj2&h9X)t#e83*2 zxo-q`qTKR|0aJD)X+#w8|w#i;xV(LN^lUiVhDYJtt&7(QWE1`qp4~IAQ z6EF5f^^b`(woEg|NFe$iE5v>_cy8}l@RphVucqB2X_q2MWKoiU^&gNm!zyhbPYFg# zL&fyFbhnvO3x<)#K0}TLcNQ|Nj$$B*LFjtsu#@OSsU0?(b$1QOh=)lt`d6V|T}gSS zz)X>_UPuFzNlQx|G>(TwfknEyfzQi|>L;@EqgV%Gtye6$;JQHO(j&?FbsyE=-(|YQNc| zV8pIZL5|gxjLhYU)ts{70l=&AI*f$`$T-iXI~r4c4x+~PTe~?l%ebStv~%}Lss)FGrt%d^Gw0+ zXvej%Faqa{RHILdM;p{XerrVnTRi*4I%~t?8@7tkEo_`CDyiw${{XE^6lD@P!ky!% zH2HL~l%;ca&e~BE7Y&kn)R#I`T7)JERYZf7e&Ez{7)o6ZUrkBik?mw$$gPa}*GJ?w z8tz&w~9M^?KVa{Vpvbg z0reH#P7Ly@;ugmiJ{ap#jYVv%W@okeqyc%`$0OIRQU1GPH$z-D z2AX$@-0JN#u>sCLPea8eQ|GW>r1pL{Rj z?L$P>J_u^pw=zi{FSLu7XWIGWYo7e{>0T3|-&|R0XGqoJI%ctMaXq_?G9U1+c`Z(Q z+8*8D-xq2=0rCF;!~Xyu*`T`8EU%PbM7eFyF#)opupHOzlz+44iShTt+WxEX{p~fc z3|#56UO|(DN89%YzE9;^Q-$4;$6p;9QFSUiBz`6M5T5SvfI}$rmoKA&S`W0^0;bMO*;y^gZt$II&ykP+Sn>=%&>k=)ei{aGTNCPi7 zvG&09AJg8lLXq>bX*b7H)3pd;b+VXdT#RjD(;uCBbb{GzVhaw-oyRZF;axN%)aR+W z@h``Z*_PMhHmtrb@Mf(BpW>DnzWY{oxF5v0>V2!I_%Zu1X#Nnqk5tw#$BFff0%S1l zjeUSM_82JIDE|N_e0Rnv@m4p=R{N4i=%0gpD{Equ3J=tRgPHhKeKM61-60*-5#~4ImpL0i>O_~ z@)c;n<0rLi=)ND0Csw*r*gboiYG*9=I=wLgMv2nRB=1K zf(RfJp)pf%I?U|DQ8AM zDF+#@Vk_$?StCIC9Zz9RD-uDh7Q83yZtV*W3G146pQSiR-a_mY^0?_t%1P{KGwGIB zt8Z}2=RZN7SW~sH4cc9-b6GaYO60C-jYGM?L{h?56U1DCRDwFx46wYvX=Vc)j(A!` z$~Gs0{@cxEiIujE&5qvm_0;WTpCVNZJ^3^U>7&1f+BhV-Pm#~=$>Vp@x)}9n?b#AY zwv*c!$EIo}9>HOngIH<;L}qBNRO4x`8&$E6$LE>ie3Dd#2XOo6+iO7yr}&>s@V(`;-MTCa*!?YLJKAK~f08{#DCrelE}gBE8HeBgm~mqqXp#jC?f~ zmnca>Os)!|kGwmYwo&NYo!|sv z&qJST`TPDCzlAjYd|PYxP+D6nW@F|7v=fYs&_8BcwD`~9e-vsL`gevk$fgmq25AWC z?T)qPTDR>3;olAFZ(*Ao-BA&y^5rBUQR_gIENlS$Km)%^`(gM4S@7ngcWpcX>>}0LVz7k-C{OG4_B2?~^jY;^DhqRac5T`J z0C>Bb0f%bwKN);MlIKxNNRuKxqjTVv1FjFy8ixQn2>fk*X{W_`q}@W%6xk}{o}DY^ z&xv0bH9ch}(zH3QEU)~~SUzDZ+`)A+ z+JU}9v+j>mn(=*m#1Uya{MroGVt8YTWcynTEStIjDWeHU%G5OYHAY+8Ap;aUu!n{< z4Dqb$E#!_Bd|>2fnr=prk(XnmDop5CB)3k2u9qXY zuy8TkkSKcuV`ISeSueGXMnAKKgXaf(ra)ZRx#)KnKVwT*5i+3LyVMHAvnNrw^Q34@ zTM)6XW^fky14ee94hH~=LUOUKbD}ltqQpWZpfF!gYSoKEO9)XEc`Uy!-|phGo9IV3 zb29f#`!ckzGRn?!a(h-az2dVSip+twP;bJRI6=lwdf9@)`e@qRuvo|g zgHbkGn;JC924i*#K^;e0+KSE{o24j9oG&%YQg$^fUE5u14ie5C*BC0f9At4`hoJm6 zX>ILqbw-HYby!s7gZ_PM&BWqtj@lT0=eqbK!h=t_lJT^}egt4hoO9e)wCUOeD|T-6 z4Ow*fiwu~-KQE>`{*~a?t9E*Dr({8`-e_75xo@j!I*r_bAP6Q^WmeCA)$;GgUli)I zYS$MUqQPig!$2+HXkbTDpx0g+mbWHH&6j%o(<;Yu70Ek(Q`7LOzi-orm_gq<<96Oy z@zWLV(uzvR<&?W0PkaXbkp44#e$@rmo2J`%N5OD1JL)=tD6TP_1JgfB{fPJ_@B`tG z!9Ne#>3$RNu9xFK9JSB-X039bX@&F8lut}`uAY8~=BWB3>=?8^1Zl}Wv+)W!yicsF zAd1n(^f~AldglWIrqlE(j}$Yxy#H9kca5wbI;MTj&P&{u0ahwY_oYEpLeiBkS^!&Pc$m6mD9V za|cz_yia>|qrBHmVWNlMARKv-@;*`ZAEj8h_@GkCe+c+nMY+{9D6Wj2djPEy9tqEU zR>>17b|bil!x{|s-XYiSZS|YCMl-=9Wp)wNp2wfkzIO2!k2Dg(*Fug2vRU_j=!_!z zd(*L*E~D``M!B_nPX>5VbzNQv!II`jVV5HZ0CC4&hQ4a}x$!T+Uk!97*L-oRxbXzJ zjw>dYXi?OjPhV_iw1i#D_Le^(zCQlk+OLUht~7s!*4Lg9vAF^nC1Om0I&t3yzdE%o zYWrBYmitkXOU*=+`{@o#b|>+!`f;){l*|I(co0I9p1n;#RoRfMGN?Vf`&Nb=!>3gJ z(~~Cgo!oS(V-cU;VTvD7gPH{K=y30)pdzm*(rYmT`V&zF(RBSqNK9cYs?C0Y@8&9Ue zqv`R*V(-1~f%!sXs|JPxb*=NI^0*_AnWgCvLo_36-N&4<_c_OU#PL;?lWG<>b6!t&5DCD^!at@v^{AAH zJDE^d6x-uF=Pzr;JsTg`Uu>?6++LZwxgC+~XK zC0QhP)1lP$Z3n^kHdf+W7@${DGF~v*A46WP;eUtHUP?Tu+G~m1abPg22dVU~8DDdy z>7nd8KZdk@BQ1MpZE-AQg>-HQy?trm)2wT{ex0U69-C)v9{?^FAoOB=dQ!J@ns<61 zlO8JYj(a<6|P*#CCe`+bq`hYxs8-%Qo&a+uFRVSnwUo-aX}|?ZmdO#K;H-k3s27?2H-g zKL@-|Wu`-W;EgF|kIGh=;?Kwk&h9@S*1bl58R+^g^_|QR!xX!Q@PM&)^}y->0M@9K zdV`5y;-AJp4|uOc9vy}VqPc}U#T{Mq!6g3xO7MS$7c*L2O7~Wm7O{tChF#qCJxBTL zQ3#qv+e6rOpNZZW_;=#J3*R=I72Nk@W@dzyjk~^oD*6Wh0AJF)d7?e`jF!_%6fRVN zp^kdvr&_fR=A7*CPYhTm!zp1Kj@ro|ToV{1vscFy86%Ft@jn zWS7gyQa`$CfmKUG(x8h<)8e*Rq?9WFp&S9v*0?W-zYgzp>s8kDn~@FFCwG?2Fv>cQ z#)iptJDxjhq+IHHWwqp1^H|P0N7W_vO9(W&}Tan8x%?sUr zeI;#YiIK#CTW;^Y_*A|k@#dqcX?Ehks=nRZ2%5zL63LU!XM_Url9(SY2IPuhcBxU#jllL=CY~K+fWQsVHb^DRf86)A*w2$38WG4lTSoXOnt1 z?in&f9~nG%?O#Ry(jNglQ(UgT&UB=FrIk4eUVSiSLdp=KlbWe+Z}WPMn(Z+D$f@hIW$~%8Y~f)^bQu zZ1{&$OMg5#QRTQBc;x21?^uH7!t6X3EY{(RU=BWpt}SeJ#k&@~J>pCKD*79{A|t#G z7%&{y>fgf;A6a7CVJ}0$-pA1z2Co~q5*2927-Pmg z>nFs7T+i~q?)n^b#c|b*%oKIG@K48&0xyU4DD}H`nY2syW!tbeAGjm0ar##oUE0U*xn`75;e8MHhArdnM%g}Y<=0_JzgIb_(xB= zorLqK^5x0PD-T-Yem8s{@L$I7g#J7D72}IlyYRn=^!co0&NCCT{I0p^!LUK~1J=2# z(N!TTa@nhW<8itEXdkrqz)uu@&tDflA$$<=PM<34o)^`pwQGq}%2{oRK19J!Rdm4z zzH8&#z{zq#01zCu+N>2vDsgYIg-T^1bny`Kpj17(8m}hDlg(4K_vX6J8E!;pmte~B zPBJ=Frb*H<8x8m$=b8-VD-CB48W#sS`?T>o3=Ve!K9timj^?l>R5LjG`qr(Z!ZxGH zxmaN5_=lxamqVrtQ}*lr2w(eRP5Uu^(}UobiQtao;U~li5*aQYeWOpm84%-l9OMtF z2euFQk8N!F+B~yKiDJTnIT9v5RvyG){xywu<*Pbl6NjHqOFP-Dt~b4;p_Q}Rz90DE z;G3zfCGjqo0>|Rb0!F*Ga1LgGpP6tvoOJ&H>sOg2siE-y0E=zn@wShycx=a|wvDWz zk|t!pwz=ejzL`HRJ?r^P{kZ-M-h3?hr>JX?>GIlGU6}3U-1v=W2M3PXtEHr_OxB0P z&n735F}0Zo&5^>@29^mJ`KTQ*2TJs#BhILTRgPhWBt|&KDyP|$fS_){>FZlYUCfGX z%81It_nG3Y2L%BDZtw3_1e>Io7k0~VIP55IFp#Rz6~;PpC`Pa)SfleyK>3WE8nT{D zOq&;h@79BQXL0b?;$E@vH{wTxJ~H@X;^G_q9_&o<+stBnh}eMZxOE#r;=j<-_AmI| zrTlI9JMiP;mxOg&y=HA9(k({Nup(>yI#nKQO^?6jHhqQ%u`QoGe%+t4_KW*qe$75J z_-!ViVLywbwrxwpmlp|I*Ke6P7 zcnfawZX;rk9#3#V;;@X8moIZUBgu>p1cp#}1Z0ZrwELS|>&PaK5e?Q=Sb_JO)|{o- z!1@pGW& z@8Q?h6tvYK$c@S1jPs0F>A!%!D8=L73+dW~a#%gYIE}<-=f*#Xem!fh2vT|;r482K zETLkKMr+f&G^CiIe29U{@zdJ3g6ea&bz0oXWoqRR@AvIqIV`t2oa#%uF8mc88ngqU zztJu&Z5CHX5pX_~!)F^=$W>9~UwQ!J=Ue1p$c@(@FJW8K!tWFyjAU|60%gY1Emc_+ zi^{-Y_7zm=%fHH&Gv@R-9jF6B$4!B*V_AV{6!a&W>Syq^rHtuuYVRU21Oj?{P*U?I z@?^M>*^GJbf;U&0-f9=CJ2)IpF$G z2Iial)XmER6!Ys;FCGyT*HI_RgznEkC<8t(5b74C?V1JqGh@pjaCq)(u(;MA`wXs{ z{zjpIImXl+{u4x zh}OX+VhJbsaoU0Mn|>nIEVQ=Mtf5s&<^KR!N#Ocoxy?d*dut2HZf%zB*-EEBbo$h} zSVD^ za>&WXOMUOHM+TvgsLI$UIrYVAbVYPKojXmi*L*vvwX(}`s>R7x=tmeC&U4Llo(b_s zifnX=G_6)gYZW`ASpY8?^v|UY8pbw0fzrHDJ*S3Y*56NoU2u}5i?}g8Gx-|%%=pG# zPhGjYi4h}7$}&gL5$#;^k3l%2*`dCVR<#D=6i2`~0=dm&TaQj*ZivYzVVq{Mlx%4T z^fq+A5npRIHt{90KqEgfVUk99?~365BwJZSt_@>MEjA%jDMY|yjz&B4nu~QhEM-Bj z$1S+Zd0U1E9qNVk+-i#&mJG*seJO~cVQGDFHOn)hwF(Fzl1b+|{VLQJvRN^B%dUDa zwFSd-Z%EbN-I!bz>OdXHuRzoFyD4NuSk<2(>|w)uRuviDNu0lq=eE+8?^Cr;B3Tm~ z2Sq;Lop_91Yj3-^o?Cmj1aCuvYskeP-XBF=t`N$xIK}Z!r!UGeO@1?H5vogd;r{?C zD~C9^ejUE+H(Y&d#x<{ul6)}uhopG=8)&s1JsmBzC}BfVTl&P3Yvj{Q*Gr$r z=fW)(EduXXj^0UaLS4@#yGS;%kIi;KN3xM$PHTQQx6!;caj4(k!1A+hSWg?zJm>5D z>yD=ONA=DQyQfJhc0G&W9mkD)ac5<9;jIAcT58RUi6LN3pzDUlYwTTm@(nlpFHXHv zVJj)femCQ-C?J+GH@TB@q{pkW+*`*RDqs?zV-<~i1)8Phz3dT7Zt*lMt%1~F9QGjK z*71*UpF{-H7ESbnl%{AB$FevM{c7B1qD>vcp zvj>YjF=ejU$d`7rMy!%6XLuv8>qSI%33+NbjdvBf9X1!QTn^-aS%Fe;nxk7}hQAWVrh+#s{6Z zu+OhP{?+&I{1ZRo4u$aJ#=a-`F{t>3A+gs{H4PRSTzPGDnG!`C9*n^53*R2K-%dSG z$h>#UWtnicGY=K-Mm+2O+%eQz+V%foZiI_ zQ6SeK!Inb5ba|@i+3L>i>CffA{1gkq$#bKA%>Muo?`{k>S5_104}dv%xm=%pr}C+) zlDYDp6KBsG!#QYu3X_p9#e@eT>s*&=Y8F`&9fak)ye>viRlj<4D!L=-hO)PMNQLBRj=RuGK#}sE?~OeTF{&_cLI{udm9Z< zw2dR!D`%0Diqf0tWz2rje#D;@bQ|vq!|=qrE~yEU?$z)Bo-%S&`>sD4`Ro1)sqoch z(|#KKW3_IAu!Lm(sW@mrF3 zN((D%$R~mgLr1(&^=l-N?Ptt$nZLM=D=RtJWQh}1z3&`;Yvqb zHZr1@YqC22>pjI|-&n7h&uWb74nhj$ln%ObA%{;^U9pmfB=h{MQq;+7@?f#)S4tY4 z2F0XvBeb|9j`iqzLfXw`GG9X15jqjU!Bc~e*A?g_Or4LLJXvKfm9E}IVN?Jq2h$|+ zijz!{%OH`7^ggwPQzp)<&-n_UUe%`#Ww!%yM$aCGxzXq2HfPcP3Xe?jkAr*}do83Z zt!bAsBZd3Gh!5azNMgQ8p~)F@M<=?d!npyZ7sBY^Y7n2)Xy6oUdQIPuj7lGyPIp@F<_alGDdj- zHD%sh{{UfpLeg*bE0k%PWWBd5C*S#fy7e@Zx$-#5ubBOq_(S_i+3KDYhr=;x`aS)m zsuJ$fMCeabjQ+i=xU}#$h9=ZS)E1VHWLtQFlo;{-(~f(g3!u{tU%e-abdKcD4Z%kiJ!XNkTU>j|krq+aU&7r9lE z8;dv#q7%*w4{zmOC2BT4ijE@to>=kC0(rh$3Dbh4bNGs}X{tm?wU!A{h$rca;&8Fw zO>1MSve&IN=;OJ0V-VyL7}nfh5H#rKnaGafHUny_at38K;#kJ!&jO*dIW~%t zc@iOvkQjRRsG@;n1V#zRA6jI_eHl@0M3OvXEHm1yKAa-j*d4L|0N13^s&+Os^-FOi zsJ}V_=j&cYXz<+li%^M*9nI!r`?a4VDa`Jz;GF4Ad4|=AO&sSLsYP*bsxjC% zhWclk-FeKYvM@lzV1=XxRJS=8z|XxlD^ELgnHx`~RAX`~O33Sc2jPkJe;0UrNL}7s z_aPjf%btIoT>YjzA8YXA;{A(h`dV4(T7*j+1qW6DXBhP+yQxyp@Nw9iA5DJEJ{Z+5 zd|_?6+B;z_vquxkcBp-)87Jy1>lh-`?XNF%&1T2RcqA*=A&0Gc6zQKMipN@8m%hyk z%5Gs#B0@H^Cm9vyUl4o`rQGSGU(%z9Uqt84P~BIKaa;R6O2gwF&y2n(+8tncYr=YS zBzHHHm!5IYl7Mu_u1D)%LU;?|*M|H(rP=87wcHmw0?JM>eF&jO+Mh><#a&phtoUg( z`?p=jLKk<57!0kg_5j}FqRZTh0cvgQ7!Ql(AWQQ;l zHM6h*ww&V!(1S`6ad$^1Gc2cGo2OA-f06T_nqu*8wC=L`ce9(l?6}<{l33^KU5xRF z0+%B_s~Jn7qNQUtOV2Eq`94vT#c;Ozt(K>)-q=MWd9e^>h~xpDMP@|h(Dfg-T2Etb zXt2W*4B+RIewB}FD(Z`Q1*^thBHOti!U;dhy$mtSDReoVCPdU8M2T<#Bd;d}kLh0P z;ol3%X13Q7q|eacI7f)9GV=94Tg6J$VcBQ?;(?(JI`o4Snl^3S#>W{J67!vv37*VAqbTP>=l`BRn0Q%J^7Qq;EBGZuOG zFz1fqt!X|DvA9XDqE%UVBscMW1qUe0jU{cSD;k7+Xu)Gx-Kwl3cw01i4-ma7DX<9FJ_x$i(0?Jv?978yX;tTD}WSAHz; z)|qi|E^f_*(?$)l1CYm#GnxjYbCsXs4}(70Vl`WphT)%RX2;(4t9PFfyflzW6}7}~ za+x8wa7StjRQsL@<3EY^dVIooUMW6dy-RlWuOQXFJ!sI&6|L3eRxrt(tVtaD8ZHi* zsiu5Nl52FHauzoP22y@yu2)$2$91ONo4qD$dFu~epm&dt#9U@NcVzA?)J2K^%dp1zr}wReT_6*KNVeRMVT63FXb|TdJ*r6l^%kP zG1`~Jjc#SJvVB>;(0*myd2D)n)r-#=-fDKkOTN9kjiexEHz4EdRTdnFZEfQHS3=W* zTVG9bV~^!`kdoYYHRV1k_?_ZeK)tuQnPwnIA}f#pCz20b^`sk#3EmzZV7 z)7TIztJgjn9iq=sxQko8RonKQVVgYl?Na7#W6QK(g*x`Hs@~h_msV*RWfR8a1}ZxY zpGx*EGfbODx=T2N3wW1fDFkGJ*NR->ZpWSY&&Rs zWSYIgMr58jGq5@jz3*ADvFW;H+?E=8$7yi)6EM%rqpfka(djd47q+^+i`r|9rT*v4 ze;(qql(ZTuAkp;Ucpp!WIgUPTZ6lx7tKBz|Wb;@AX6v+y&z+X#q04D{4~Vs`Y+l_= ze$Cn-zbkv^wR>cmd)nDs+nM5$Ra|_(!|hb2%w-#vw670Ido(walaO|u$EA8(N2h6a ztt6PZRFC~w9Grd?q+Q75XNGv&;x4y(km))^ro}$%z=}7?&OkMfW8g3C4F*kTT)hc% zEa6r+Y?WUB0EJNwBMqLPq~ATIoy2j#s23N`h8=#iGI?xa>i2VL_XrXb zw2n@A#ZPOh-dx+XaHi6~G2A-WJ7uNV-qCecurf5!$c2V5I{r1+SooJsyt9$zus<$9 z^L@X@kxC~K750~5sy3@_r$UmfhCs1^06Fbk_l_iQ5nkJ0TH8#@&->WH;d9jc)kzh| zJ5126qJ*QCf?dBU1EH*Y`;A7@UnSN_U;_ZNaD8f75{-<@d#h6+R#2`v_7%N8xGke5 z)g9B*HG@QmH8i^^B$1Q{7#Qek)xDbCPUskgCnw&K6GpAfZ)I$vHpHDh#dF%0x#U1T z(q28hWslxI)iQ~Y=yfP>Eq9xbH{{CX{{SkZXxry8D8g>!dR8D^)NOp!DQ_ku`eYjC zo;aaH5M8Vec|2yVPR6h)-P-w*t4DDRu2d4LI#f2=Ld|szywZp**-0&o;k$87&#`9h zwu9w}1hOhdyzV`XT5FZGVu*6YU~$&4l+8H@T}DbHsBOo$t#%q8fUmqlVu4Jsz}Rre zFvkZtt_szXM`bEEJvLv4dajK6MzAa%O)2FT`AGpP{;UD%*Z%;oUg>3`ctb|9oh}%@ zsVb_+D|4~CfzRPyEqU`hBh#k~5m|WF4+~9mqu)af4RF_qonJKPt+W8t&}qjI4aM<6nqL3$>P&Jnd|HjFY(6hdrN(JX@%35M0j6 z*;a7DR=u1xH5GCi=z8aez7A@-^V;aTErzYFc#`S12(6PoNj({e`=j2!M*aqV!oCjp ze+7?z`CfDbDR z)1a-np2inBT?Ste__Id5*BVP5CTm#=3p=+VK>it@+Pb!l4TP}bwH@b;Ll z%=66Q5fpQhPCp@CG~x%tA09t%F9rNGxw!D>!b_`b{{R$>TU<{XGe*uvH?DZ>Yw^$G zN5#*He-w3#eM`nZC7$hIcH0}EJd@Y0cS4=DGLk&PS%mWMcafw6ZcAq)=}FV1=znM%NV?|^<2_>afBwWf{XeJV{( z?Y6Y85R|r0?>QX>ewX|%{gM1X;Hz=2d_>n%Tf7dcmQVl?doVwhbIMjWjBI_K;oSxp ztrB?jQQ@x(FYcCGc);FpdiwV7>s|izLR4YvVn7*3Q#M(_xQ7ibrDP zVG+GJ=7FfTcU~6pu8l8+B+_p*J6qjN{y}sY?v1^NPPODdGw`2`^gHNBh@e{-E|AFp z-}1D5jy-W%N=;m-(>PBoX~?m`X#(6gJI8bWMQ&-gnr54&TrR1n{{U<1GD@r_QcspM zjAN!cepSgjjHy#-w=_Df%ExhVW3kf!{mBiCj{G0#UU#bASm`b_-3H%Mz11cMebc5< zkG2ON=cQwFN^m%T6L^Eez8KTnQ}G?cOM1i+3N}dtuN|wwb$=E3-{Kq#28Au&kKux( zOK&v$8dL|5*R^Lk*&dB3SdU8hcX=zov4xeowEb+wvJ0xxRYSn#zKnW zoSWF}RT5S{j?sP|-$kcGb#@_0s1BR5IJe;15S62ED3KMG5e2c+k8Lo)Yxe=bH=biSoYvSEH$TNMO zbyJayDw25~)$+&1O#?xi!O|9v`u$&O;Qs)t1oMwW#eH`#W8mmXmVOsltaDpN@l6zN zL`9W(!1b?fzMk7jh}*)FUNbg4y}4%RJbF`7x#_8NN1J$yQHR62<<_a7X{~E@APm4Z z3vrH3bp8fgPZ0Qn!xCyOB3RvA2<{k;V+3>fb)#@^L(=~MY0m`wF!*~mgW^90>ZbA; z)W>>(ckICGJAs_n5#WtaNY(U{f2Xyy(JP49D~yBm>qjqB7S6|C@O{UOtYwDVPD`nx zkA1LiL`S#bpXXkI@T0?CKhnG``Uar{CVAHqBFB~t4;Ulzrc`BP;9rb>E%BFw{AH~8 zZ^U!4Tr`o!0grNq>CaLJTJ-G?S(W@V1^$g&KMIY~DAxh&o89ev>DkZjr$~}*V)=ft8?%sJN zkrosCwhmYiaySOQulRrAYySWjy}6mZ+dG^>5o5tG(2@C$Dy(HF_bzy^;B;RMZm%P~ zC>B)QBF=UL?b^H>Oz>r;wzsM4kSGBZ%7k*vSGG@YYR>wFkC*&uY?qpbrK(1vcs%0E zwQ;l5etE20dpDizQ73KrAMh-8trG)7#2?#t+WwVgYi)O9Fi;HJa-l#R5$}rk?Qcqw z%ffnO&pX{ihwT zx409uWXMk=cWe&bs`f2FyQcgV@jae{;_ne19#u^>UR8!b51hH`0Q#EZe`N27UM#=( zn``06(39+UaL|u)bdCQ|% zT|y*B+HwKzYv?b5pAaql4X?!n&6_KrV=E&cEFb89!n!%GHv{y~L)7i{4LTe9D~P9s z$QV#IImE>a{rxp3Rt?5_R zmsb{AltCtnR*xY_3<2Qt>M&~vn$y=q4(;PtiY7AQ7(PcBAmo0czPf`~vG}F%w$om; z@>|5(RG(+K+&46c1~(8nIO+J)Q9EN3+CSi%-?dHO>}~s6_&3I}Y7*FdJJ#eDTI6cX z$mmELjAZaskix&cy++eZ)hzU{5@=U3Txj}?3wvucY#A9CX8?~({#d6`XqlfN1XTsp8g+DAewo%bck{#k$E;IG+_Me$#R z{2BXVcyi6`wT(VuqIkv&cy|fy`4LRV9BpE}obcdhivB(PQ=~SZbcvRC*}O9JV0vb< z!`dyRy8e3pcQKrq$2_0ARg|6HNkB2Z2nXzPmZIOb0t(zplZCakj&8z5ch80*rm zF}ah8nuLQ+gk%dhNPgBFO@dMn!oJv!%uJ>T_AeJcz9v zi6Z1W5J3m@_Ui=+4Xc&Q9eA*LQD!YW%$Yy+3Ew z_@(gn?cmZ>Y7iqueoFHk;QX$8jNpDC)+3xx<%?0!bv+YU*8DlFCzGkz+%>$w1Cjyx zNc9ACHG*MCWq9NpNATp=p-NZS^Xt@Rs#c zk;k{ad*!BsYX$t;?YEb@ub!jIp2l}~6 zxISsXg3M()8F_dZnD76!Go{regB5wr|o zdj9}A?mh%~#!m+LuKEd@Bc|U4j6%m7U(|hnrFYYhK$H*DYfGDXRsj<#qbMUS$UcU> zPfEIItzndHRa3OE>}z9^QRsDY-bbifs$5Ktpb?YlTn5`q8^S{=P1#<0&?CE-RfATF zJ2;_ioMk}k?rWaE(=M%D6;u>%$ATyVy~TmIh!#>0T#?d|SuUZC1~-m5JtzW&v*Jd> zo$5|1?)e+en1UM|&<0{jEycpBNg^;H@m**3{oDx*HwoszfUwV8{b(vNxkBFlPZTZ1 z#-5Tvb80?u(1GpwisR}0sp*_7>UDFc8# zaadTp2D84Tb4Jw&=HSbZ_@Wt`&go#szvcj-e&LhhE99#Jf=8amtfHjf%E2 z3%gddl4eE&YLF|*wQEV^)GjUOA?DqIv-`Q?femjD$gugi0Y@j=wX|Ti#bsb5WIrz9 zL2z1~1L|X6ElU|Q!;2k?p(_Txc+D|O*+~=y*dqb)Sz2VynD{I?nbR}1}ox@6*KQR9QAXjs9 zp!xTcxwbKGIl_)9bF!J#T&s;H%S!T7$VPd{>xik2yB8o zS1jK{x{^7c80wF46^vJsyN4w6-nr`(NSfaayBp>h?OtVfc7LUxMtq_)xLTc0`TIG` z?tGv7Y2DoEx?ZQFEv4n8cT)*G#V$VR$8Xc}u7lv$g}xMcTF1vWTE~L)%|iEA+I;EI zI9vh<=j)y;mMJ6l+2$4s_y^(!g{E2AX;ICs5H+xw-Hewc=LhgL<-ZdplU&s-wEGz6 zirxiGsC@2|zZmJ(xjLV>;_FH=)cZ^R2}SWES+Mxc|e%DhkAF3yfdI{_O>bZ>qcnqHV#i*XWtpFm_+dE<{YxQ^Dl!wANcP~@kQXV zXm5NNVGoI4GF!Pg+wLpq4-5XzTDOb!ZBPCZXFeJ5tSGZR`vHT^ChpucjIURmUoJ7Dr)6+bU#MkrD`!;x%Zw+X^Ch#@= zid!X({MHtV4njv8<0stWvYyAaz<9cg7U5IvtDf27%Zr_I&dF@p&ah6hgl+*Hz^@na zR*|IZkY7P@Wh4>42nD%`v)I=KWA+M^x-$~$D_u9kx1t%NN#cm4YqyrjBEDvVZCg&W z{@iuJg^SIBoE)CD#cqedaSkO@(f2$50E8=R{{RaXeOaJHmgdFB$S?uP{{ZZND*Z(G zU8*IA*kHI3v<1~lNs>0!^rLOhh^dZ#-F7PYqV8{kf3y~e(McElAs#73F{_`Hzd0lM zbLpD;^Gwrbzq}IZ5jEN}ysWCbum(xT;4@y0C!zIpCb?7YR=yfsuczzL+Qx1z-wlDZ zvYr?p)~a~VOw-2gL&NuXa4ouv>seAm6xNcj&GIlj5sYTKl&q|C<2iX+lDa;P{kwiG zS$@>t@Jt^Id}O?~yr0J&0r7o_yqTOc$s}yByE9|>#L%(txC5H_JNA+A-iPr!{t2;V z;@jIb{{V!8!`iEVXHKN$8O}%MB*kS_-PrzY;5-Y;^1AqFyQ+AXZ${wkyKc|LUk7UU zR`;F*)>(Hv_bVLO;IGPZKQJnv#a%vM4fw-Qjf$ou^EM86JwK&*b=Iu@fWcPx(lxv# zu3FsLwWNy}4*Q5B&{wYy0c#r0fhM=${vW?Ut1NS(+$5byNH%mC_U&G-5%fN1jHybc zB~!8O-vm5QYw(-n*M+=YaLT$3)N^S%f!mNEl@1Gg1`2DIT{lY6^=}mTQ%`8`G&_At z>1^gz0VKC+8PjO&0DOKG=^v5Qp%qotTeO$mfAeRWYZ_ze_g4_A6@k9ttm%|oMG(nZ z0K;)r9l^8PJ{b7hQ}9jJmEvs{?rU9NOSz79*g*4R2j@ecFjsYc&U}CHmW%sH{>#2G z)3nF6njKR`{?gNBbuJ;ejCrU=Fmf3-@#<@1`M1ZIeNPvc=Sm6tDw_0e&NGU?{kto6 zyY7E0o+8uRU(wXh0wvpRl>Y#-;NXGygHrfR&t(#cLGnic9<_x?pVb&mT4!Y~;bK-I z-F-UO6XVSm$HcxF)bzRGGtA4mPI0u3YtEZz++}qwW5F~(0i$?sX`V^+y<2|BG6!E% z`hIoe-X*m0SB1Pn)}A91!GE+rm~s+NaC&FGb2rfaBLg)4Bj`VezBNTlYfI_pJAeSW z`=-67`&6^GhTKgwVWpE|^PSnIbxI8@Bg(!b>CwY;VSR6JjpJj!E7ZJU;9Xp<8Xj^*7B&_2?L#{J$p+;L@Dk9{wVyaqQqLAfJ z6)q=DH_+LZ!5>XsS{tZ5-#g1_N%`@Qz4WRv;h#G~w_2!1$4nlE%yP}OI1IfFbQX7s z7s-ND_O5~?k2(0I9j&pl)R~uj$Tuh)jB%6sR|ThBTFDV;rB@?@Jq=+|5O#V(!#9~5 z5zjcTq6-f-B!L{o*f1Y-`qw&Lj!NsHwcwlk?+1KL_+GlMy=US56H)Ocg`M=0^BY?{ z%Cb2fu%w#(BL4t_%6tp(x4}P(e+d2}_%7o9=Rw!Brm?z+KKLVeh}huv+!%gU(5ZWk z-269;xT<&_E6T7cH>Zg9v2U}CQ%mnZ0z6J7x$$J$jF2MzqD3K;sO7%%G|M=*j&BS(D-}jTWmGoI`z;VrZ@x zZ{GwJYUuWE+MgGU#wpFkbU!HmHP~BdekIlC@R4m(MVeNaMS>a}laMRH<<@4_63Y3m zCB?MBj1pN0{u5l%e5adI9LKz9{x|UthF%Rz!e;VnPeGf}7r6((NJ`VVg;FR$mp$@O7+%}h}Mx_~}81qM5 z9DCxuPvP&yZ;1LngAao|L9I5k;kcJ-36L|du_PRi#=P3PpHoJZk?DUJd~@)B$9@p- zmX+Zx0?|B20o!|V3=1CC0|i)*ymQV^^)>SK_kiu5SQ^@66S3}kR~+e{jSggT{xkSz zsXl=5(Z&yBT0>)x*_t-Gyf9sY(}5A{E2;Z+h1TfS?gTi zm4440Y|KA8Rv@<(+U!zFmOSFROFYV%H~?~atrQA-9FN5Wj@rw^cN-UT7mqmP9Jl`f zTDkoSa;+XXl!7x5qkaMbzFQ&<>Mk_Y%FrhLfhn&nGqd1M%g=QN$EY=yV*)ANB#(jM{Rkfwc_MY+Pf3j;|U-%PI zxt_#EpV}@Xn4k5Flk5&|5?C6G)MdCPU^S1DeUxx$9D?t&cSLx$tvL_}Sr0 zOG6Y;c%CI9!tZ!jhCng_Kixj{`OTui;*SD&n)|^1I@4}6j}clhU9ubr*R!GS4l`KF zk~`_uN7Eh<(VOD0i2NbpY2W)g(hGs-UBGt85T9QBpYxjfJL5;gp9%ahwS6}GShdxa zHi(RJ11gX>-VSlvxo2cdr>&9jWZp1>+gYDa)FBbsO4}{u4t{4nh_3TS@U#V*=V42> z$L}%89jhhS=c=sE`{CBRrFc)`cZRgz5@`Bnxo3LDIF{kIrv5MqCmrkA{{Uz|hCT$+ zw0ob5J`l2-!g}Ss;@j$W3n%VoMp7~cdmPuJhL1zWuU^fgvr9uRoZjy}_2y7&67SuS}mx_2IGk4McAyyQ%KCW|MNSwkxZ%)gN5l4a3gm2GN7s zsOO%>^_`8Sos{g;NWnf~xa9pR1k?q}DUak_;ODJWcR6Rd%W79QCPI-!sBlK%)YlvK zXs<5NUL(AUc>|6sW13r<+MUE#5?b5GY>`bGd1DLrhu7A(ygg&(!7E&{tAp~Ad7zV~ zk)XD>k;q4UV!6#PS$k`?n|>8o{J7&8puwX@U-1Q;vkSG2W8cOx)Z(%1HMfKrq*Y)} z0+GS?pjIx)b8V}co$RCe$x^uK^sZ-4(XQ<;#4fT!Z6U%pQNspDQNW}qm{{Y0=oyCUXGR+$t zk{7OPleW}vmSQ<&-N+{tifY&K7(1dUyMwfRZUTIG_l z%_#Ld9Xng{%E3IwSeprq_O1iPk;@hHTPl}AODlR*-I%!RbDWYzx3}{qypBDXJe~)& zaNZ#Cb-kPqs6fec6nwCZ=Z|`KWx^+j>mM7SxrS)$Khd3>sBm`-SCi|0Hr82E-r{$c z3SAkSn!alt2_Al*5pJx?-s+D7>M=%etogz971>$%@akG@7Xs^KQm5ZT)ctB4n2h;k zit!6I*_4rxTd=MU-pblb_c!*@T`I_MBpCp9Ld7b!So+qg zeacS9BV%u=uCmtCjjJWWXi6LmXMk%<#TtB)GbC&pb;_0}sPD}_aW`Y5@YMQdnf7t3 zNMwnVZv17FBd^xH-^Sh*H$Eh{)f-(+PflPO6bA+#dJ+CLn`B>7?ca%X`zwoUX{JKS zg(N83kHVYd3r`R0_u6KqZ6&3>$wf05&;gOy56ZG^l$zA1abs^0hW1B}bc_(B4n=0% z-j#%1F2bsCtx`cE_>xPQ($ZOiwlVV@3gu+cHFK&LQ!H?!Zvjr>GMaIAGL)`X@#U_v z+H`jscIfXw03(b7E10wJuBWI+Z7!<<0B|xp`_pqOG46NTAH!{bK-F~Su<E5}$YrxtbjeK=2 zCfZZIL1Nh)`wrDIm4MFh^s--T7S@VcdGi)A!8kqZ+dN05S>8eYq9jkWLW;OZfWY@Y zwTol9;65UW9x2}T;UwP2obsdIv9!1n#wemQ7YDg))(%FNx;kw$Uexqkg0`-bTQT{O zln`sB({3WYnpvfhyzK5(1C07qsrEB!$9<)1dOTM1T3k7b>@esvn(1!Mh1H@#050Sl zkTII*gv_Mb;(CvP#Jcsh{7)m>0Tc#ly!jrzwNtVZJ!1P6~n#dbQHX_guyOCj=7d zsUC3^rLx4)TRZ1@VUwKXxpcJUL~hqkW-Fn}}7~0qNek zC)c!_?KU@#WV&zpXY*tr^q|b=CbW+6#DV~K9*e*gqXvf(AbD7X0G*)nDkgx!yx(o- zM62{YIIio!dQrQE*%sh#+z>kwc|NAINDrhhzh~`Ld^f7=6L^m63riS8ZUPg^&Jtb@)9NZ` zv8k_oj~oFc#@}3ZterPX8lJ6eTJ)ps&SGWOmVw-I4F!8t@GFafxG8muSlQ zi^Y2D*+=1xHW>j(r;HNvAjUxz;bLoaJ(_e)9XDRNn?x`OqPew^go~B=f%UEz#CnXH zWNgxgXwFFEA!{m8yB$Si=IRQ~n@+~3-<(0qL758t!-`Hc~T$Z-JCHSeR>7NZe z5pWBeSq}T#i2Dtr?&i88nJ%gNEAV6B7lQmh4!FMz!SME*GzFVdyF&8IuyQwmNCf(O zSE}gt+J26=9vZV2ek9g;k`#V2=g{Llt7ME_Q@Zfi!)<$1w7Bty#p~$wy%GgB_WC3e z`DcUovy2~pG5FW3Xnq#a{70n-JUOS^*=ftl%QKDW2N~Qzt>Uahms7ryPYw8U!p)-H zX)t)F#I^yQq*e0_gBS-NP;pc&CH~gXZf?9;dp3=xEvr0aDGaz7*f|{6Tq0pP9&Hun z?yKR&*7P`T?=+kZvc5(aILRma)f=5pOVF+D^(`SJ*8Eoy603$#V;xFzIp-YotxOq> z<1IqVQ}DX$KWvl3+WX9W=ysyzNX}OrbAM=dFpx68zsy;)`qsxiN6@JeF}pN_=EtuB zrt=Y=Vr27Z;QmSDq%43cs44x)gu zDrr(H2aNvc@Ob3b^`?~e@V3b0e4k30O2oLGzLnwmu3~~ER+j0=RYV(^iRs0C#qf9b zCDnX+V{5AT%HnSicycM0XO8AFB)T8n9@Wn&Sg6Lw>R;^f@FT*09`Q69H-oP&d>5z6 zzh|3LmM~bL>~qKGUAM%40_dI(@ouN#=sZVl;`z`CkCFk)A5Pz|TIH0^n6Bm?nWWvN zt*rht7kW>JOB9z*+!kG}(ZS?&{&fwsz8kf?Z5zOTe+{uqefDp2`B1htb90PcDRz>CM*jl zuUv7>eCP24<5ldl>Phgr7t-9rvOBp4n4s_o3)E+mQ2fh;dY)CFct2I~9qQidS63R1 z{L%+=BOR)HfC=DN(pm?BVT#fVSnWKF5=!?K&rw|IjJh7T;SYz8b$O*ld1f^2C(a8r z;QY*|y?qJ)01DGVwbsp-hvI9yR{>U2jGPYn#bTqW4x#Ou55TVw+}r)M1$bi!88UF7 z*RE+k3Dfk3gZFWXN6J-(RGQu@#%`i4_@!RMO?wDojJvrcq5HM-TwW2?ZuPcX=)Tov z&Sl{C9kE*bdkr)3&%~ZD*E}^AqoruETii-mK`)vzB3`?PeAks}?W*{i`gQWo7x%A@ zI34Ti?0o05OJljyHU9t+cw+w8Xlo73;1w~lZrnWvd)K{qLG{g2(rtL@ZDn<^nAU6t z-_P*lr})z4MJU+u9}{aL+f%%YP-IKkzt(N#N2mwdy+`3@hp6j*4b{9`XtG0X4aklh zo=88$M^Vr7spJP9gnlFN#=YWw7UN91M!J!t1ZV5edsm!&s_Wt2yKA9OV%D%vh6Xg? zu=T64E}8FN3cPLN81)@SV{R?%nHmku`ObS|@fG%;gnlXMeiPEyQrDxlf+)rrys$_o zp#;!nD4q-PpT$1~J|$d3;y)1ST1rC_zxqgwG@OiNdy`)fPptS)PSoVnw3)8w(gcgJ zG2{&N_WD!u2*vDukMR3lTa7B-=SsF)n?@xWlxKzO&#iff$2~(%@x-a4MJroP40$TA zf)67(qTLPSey5oDI(zLqL%h@OuPxs0IMy+j&zXWT*XS$j{{V*H6)e05;A=@WF>x)# zQkmhn3QGas7#_p&piVbD_v2^nBR|E9)Vj12TG-0~LnL5^C3xqK_2hOwC)XyD6w~MP z6c4z-^YlHb0*^p#D(lA3N#Ur)m6VO)=m#VN{gVLtg)Xr@9Uq}a%({=v<4Qf&97M9WKwz(>e^0Z2)87gT>1@EZujK2@{ zFC2J7P}Y1aX&$Ms+No579Lzfa--k;4x$&-pt=aBPLe70A?EqPzk#@9i+*VOm(B7TT zDAaBD0TV{+v}18KkqW)Ek%fgC5Zzeyu8M5dOGEA7*|*|McQ=#xKKAZAYmz~NGs3VP zFn=DE_m=c%qbn}pIP3iDSuGA(ElE;LM%-afT=S7%AO6t(8nDwZ;_)_|F4ER!QE?l9 zV~ms3et*ijTGZB*kCgQpAfD+=3S*3d4o{_ef5CqpkB7b~7Ywl-4)6CDP`Dc$wg&$I z&lDte##cI@i+&A|oqu0H@I>$11~1wh_IXc%o-x+` z+wn8Ou!wD5d2>DOwmws|@<0GCeU_7r(P`*@xY&obc9EoHaUgU*LtkomKg2e^DDdnO zFdLBsZ}kKJ0IgioT?eL z3y8`(!9Gnbx<25`gvLBp+4?~*K8o}sE60C?r5~Fo=o)_^>yYTzP`WM8X z2kTmwhkRk8y3cEMXmI6s0#y2f0ps3=j+$^kzCZXUkL@+5{?mW6=Y)Js;Vp7KQ&USO z)U?k(A(HYS1=XXcP+J9tJxzYh{5ra&4+g*m0FRdGl9wbB9*A?;W;O~Y10BFyHel_?*;-Jv!`puKaZ*YhAmRBGX z9MPW4j01jSy>ZEOA1VH6-?g8>U32z!_~+v9hn^y~pGnuP?4FNn1WW6VEn3d4e#>-g3cgu-QSEtn$lK@ydV_d0y)i!HkaC%NlSlInON zjb(y0a&TB4v;<{xls5<@ON@mffg>G7dMfIAU5p7MTSGaOKJ1COE@(E4tZ;T;Y}55N zmd0d_9gh4Cpw~xvEVm>_br}T*9Co0tWM)fiaTM0(2xoO}p;VAQwFa}O&7{W<+T)N3 z4is(gj`Rp+=@h+p{9co5d zqqQ>}e1ikww{u+E+X=kHk{#c4n%L2`DW-zqViEaG_qLAo8j|SO`u&WWmA;E1 zRhSfgo&7~?>Cx)wl1p-qk|_X!In7r>)$O4}Rf^{Bc->LjPU9T$SeAOM>2n>c#q+D} zT#`%5z6u4ggyTN3io|J>gHgg<`D(Q_duyn zpgCODypA@vRvU29(C$eW zyAH?nrR>g#MB}_qcK04>fqrgq0ID7xH;EXU=G_tV#z$JsqeE*@*RyRhX92xC8sY6V z192>iaG{k>0rjk=X-w^w&Iuxp>d;2`U*0L_6~Jo$0BC1+UCg1ewMSa!sO)x9IUg5A z150IU9bKbQA^!km;<1$^7Oj168{8xxcrR-4>hA1+tDXeq(!%hj4xIOKa`{e9Yw&3F zEh_pet2h~PyBy%xKxDO!*+Mh3LmvPGt%EfxKT*h)Rah`d_ zc;>6(Yt1uU)2?9hSTlq>(>ZG9jnh6~H;j25jqlm_#9EKSKiZSSI_{(AY4($YO{ z;IwYTC){&i*FS^rG*1+0S69|EL3`o-Nq1Y!2xTfpascQ?YpNR`pW@}ru8*DJx4iIw z#BEQ)I^zpld#Fs-GWKkC{Elnrk01EgQq;U9W#G6W7B(_jDUp!#HyGVpa%gkHijej5BX)Z){;Y2u4pxnFreYJub%b&E8m}EX0gsrEye|`h{AT zj)%=2JFvR6wVP0|%+~3|tIx;>Q(kqW{{Us`egyF-yh29_W3Pa|#g~?dv+;>_&K~fKF=lR#yf3p|GNp(*R_;19zM3&NP z7LW^TnAvle+EtW;>M|>?n`hWyE4N7=xjvty-N!7VFSExhGf5hsy2RxEroCI>zrnu^ zd|lE0BuQoCO*==|bXze!t(ELSqq}jI+QjpNv@SX8TXUXw6=qYx<<)Ufk2fN{kEMTZ z{{VpA68LfZ27G?;4}w=r@c#gSHO~*}x7S)k12Ds@nPXPCi##ZQ+^HRRCVJQ9w}!ka zd*Ywi7xseiW!3eq>)Ghm+TE-wKxkS74&-3lB9+NdvZl}UmbMotGDpqh+YWgTf1oEnbd$$wvN8! zYsz2JDbD)CDU*1!+8rLw5q`2l=b@8B8`u| z%j#)kyYWwj{4(DZ_0JP{UghG`CzMLCrwFf)n;zNCeu93?-ZR&9sf1dMoxsuNR*xhD z)425i0P9zwhtZm5xMfodD6{Qr?-}XOZXt_LFD5hQyLYB|LLV9UhgnTG!}gXswATa( zU}y5&u{Z!8LHbvx6?5^dUJ27$v$^<*;ZKMj3YSFDJb&=h#oiv&btZJNKW6ii<~^0+`5Lcg&z1hvp*Zu?nrl^~ zzNy*$&qvtrv^zZ+T3dLvL34c~{MN38WE^xck-PM-ynkb#+6P_Iymw{rdh1WR)I1Gw z`;g`~KiPLDJ3-GxV}L>F)OuE}Sp4h6yrzz8lUAcsM+D^;+EGofzf}C0`8)C3!YAR+ z$A66f01w5b&6GNKh_0ozhGoGvQ#YFnud0yz9+l%#YcN~h$7aaDk(>eAv6??s;cUa} zI2twOyyF-5q|K>7=okL5vktDY{=XW6I@Wn$uiks-qWAR*8 z+RultKFfhB9E1ZVBi6e=*%RVbuZKP&PvD;r+ga*981W6e+W8j%?KgmYgSZ>9xAUak zk0(9Ay7(H@p{$%;y=`^)*!jar_> z+#3A3)91I;JVD}3VJ41vuP^4gQU@VfvIc98d!I?em1S24O03=F;}-pFeMR6~UHTNa zk2*&vm>`6om<)a4?ZtXsq5_*4iyTv?&#t6z>Dv|785JZ$)lW+D&ly05dxg5@9bztL<8*u=~YV=IykSN{H z=Uo9Kj`8rbwY}0VwbS-p8tGcw&CYzc^&gR}&xSF0KHI@x5HwA8+wC4B7YQbpb_pe; z80*j1{EE(7kU`=3S!CTQQ7Ijd8Lv!+We~>5ptdT|(*Z8q_GjR4h)>(}7f^_C9km z%CPmSLbYfqPMf@2TE)E`yImhD-uPDT?@o{Gf;YQa2GZk>yqfxl;ZKFE7RE%>8A~eU zl5nbV*0rS$=aG)ZO4diCr^G8y2}35GroF$O(a8{G{t!k#sjrcIYvU-ip>c0y{{U*$ z<##2N;2=5w021_ zop$iYxyPxmI;8coJ&IT~bMp9V@+s8Ym|Z$!p0(Y0ZtiUY;tSc4e$x|WFvM*&F`bUu zd2QX<^<1Hp9$_;NuF+*gQrtHA8HS2vnSnoDOJo&s^S{{XY-Xf;u5W9YvEe0%YJ zi=!`uJW-@rc)!ANLOi9sk9^TE9Tc9utGm9^J`VWj!*~8A)3m8PGvcdwON)3(+i>Tz zFK?wxkx{8Ay$_UP)2#J5?lS?mlrdLEUWYY3=flHyr(C6+5Q$7|Km-ngxhE4y)|1hk zhrtaqN4?VgL*TC$>8#qsg`URacHbe?pOv%0$^MnBx>VY9mzH-Hb4P+>JI7yeYck^< zbv*w7#FAd<7B=PpmpO8$etK7Xr1%e6);tYos1ANKGc@?A|L#`2xwItK* zmg@rL8d$Tmkl6gIih|5|A78%HK#)YtB#(0SL;C*!`sqtzWd*U^uZT3uEwbERz>2^T zmc>rqDX_eO;9oO-cyHmUM-1s%jJMTLT|pCMx#N!2>pFCh+`M62A;27-wMo8&dozys zy9LxbR*=z_cT0h}N#G_&BlWIR!}rjHg;;rVgMpLQscK~-LbuJz(*!=yMxAm3iYYR$L86Ue`zbTuleS;a?s_%)8?IyL%}~4R9xG^uRJLe<1+z{ zPkQtpiF#So^ceMvbu&PycF4T&Y8m#pd<%|;=l6v5IrPsTUbIN7VGY1UfSIO+Us9C_^QuU@rI44_+r9UjJt#+lZC+_ z(zT3qGn%xIt9}{yS`P>KS4h#V#6l>b212}Ly-jg{6?H2{OED4&W>z_2$;YKRw2wm% zcIiq{{XZ8hv2*IJ3!Nt=5~p^$!2qs z?bjpIn&W&iu1y?f&s2g~t|K84w}Kf*0-R|xDwX;5X3vT=J56>gX;wcj`T`_^;18M? z&OHhMRQtUNcXDP33JX$zgLSh~EHmSSk339&fiy*r5WTb+AQbz$Uh zw%in))JrsyI1v(xeW)>$Hxj~Y$f8LyRZdqutEK+I@}gN|V8;NJq-8O-mo^aJ!Z(07 zg*bmUcw$)K7k2#|T0&s<`%lnf^N9J!M17Fo-cMLb~FpZJr@Nq4 z1as|~o*uvySQlYo84)~vsUFRVzoxW1O@CL8uQ{IdtJrlcI`@=p?J z!0K+6v&i`V4D~+sW*t9Lw@9*O$sM_@%SU|CU7ampNMv*zmd0{xozrcilHTId7J?mx z-M7iKanua=&uR=M9)~G=V5PCY2(xwhGrlDayHe!5%?oSYe*Um^Gr_V+ClQqzvgR6O2aGocf+?n z7}M7?wD6WJ0qxFzt#uc7Qfi3=Y{}&+Y#1E{XDM76%xRh)pqj8Y7BgJT4nd4$k^Je} zzOSj?YJ*6zOY3`yayB}WyN6uXGM`{a7vqf+QqnH%?QUVZLm(L}hZ)C8x8c1aORFF! zK!gMHxWKMzjNT}(BuQm;9j(;JBqtny7t*`0543jE#dQ#k@cCSU)}U<|KM^&%Yco9h zW|a2&u~0WJM`7#fPViU6$)eL1d)RGdxrvBAXgJ{X_pRXcA=5{b{6P5C;;m~?U+jyU zO+6!%59N$+PxJh%)O3Fs%i=v6!R{X3X7a*rQP&=|(oCtV8TziswuthL>Uvcf8c!_* zU?C^C&P5mKbILX=+(<5Cdv*;I4(z-du8_UGVgafqZ ztJ~|>7xxiqmrpQ(fD5?rzd=k7P|>t)4$ji%Yt2qbuJ8y=yMtq}^sB#UTktI*BkbKt zUJ3T08b-$rt$03I<+v9X^25CY#>Ae7xUN`f52i$>Nf{tj3JZ?EjZ~#_Wx0L{Cb-%5 zbak8S!1t^6EiAVJ;_%$0h&F}Yg>QUT6MYQZv0qiSlJ@Q?@_e}Sx0C#1Xh;Ad3UTl2T!r=aqpHe~ z!m!-ho&smDY*&R*b2HV9^wg1jVW8--&1-ua#X863h1>=jyi?*A#7_*}*+*k*D=q&3 zoAVI+fh1!bbgxGZhGsLB&j7r;N4bHXEwL#I^Eu#qn)}z_KfymA{7um7KlIuD8Kjd{&Z9<4A$EK{!D>4crX!Px$&)s+p2Z^$kzLca!Vdea5?a zYp&_-gC(472pKuZJpttLUZ8v-HJ^v>FJq41Nzx-5Vpm{=y_9#YBMyNnSn%yTS-J3r zuKI?RE!EY{*)g=tg_nSSQ^qmYvNdz6PYuSQt7`I0jLd${09e31v0X8bLpEX9_^RUf z!}nTVlYaJkN*~`wenkOKztX&)RlEB&%=2jQwECMwKy*Ae)OW4p0#5|-H;r{420{M- z2^Yl8b4XiQiFmCVZH3efg$hnheq4Ug{{Zk&sdWXH!e0t>d9)j5c8X~PgyoO%Wb@j( zY10|`d#m`5TGn+7oljcT?{!^9M=sAhZsxh^Byk~-F;>oc*Fr>2LnS-a*^lo@#(UKz zjK`g}uT~Bg4P;xmEtau^hQdo1JO3{u6o8~8ugmg3) z33M&n+q7ue4}qL!v>=nr0a-#maeyf|V$E$n(o4Bg3pmZ~$bXR)zVmt-`#0d1?7Q(- z;;qHBqd;8?LBMHlW=8$mgYy%RJ9AjhWyU?v)qjEi0J8_fe+23l`UaJyY2OikB0FU# z3B+Uj+fQ6)>0d}|J{&ev>b9Q{wVU4#_<{*TT3N<{qIDfpumJJX*107kRZQfp{6k@? zYVvqz`$pr!`h2UlYu_P=jeS&s*XdMe{{VzL!Upo+N&8QTuBC6?>I@h&0o0%HCbRN1 zP$*qJpNn+6yN?%M>JjPh9wJm?9WXvo$@Q)h!fiUz>2%#HK=+a`3m`Z#p4mT@EA%xb z)FOQj_{Vdprmb*4*2&da)m=+Z*Yz}O$lBJ+MNn2zyI~x0x0*)kCMAxod!^|!+UZtW zY}%p|oG`(%oA|jMDD$BQjl6rR+245E zR-aJ;84?|vRGjA|4z=mpPr}(@xQ%U67$RofCI>7{b5xSq7UN^xv=4@p+QkD|+BXfk zq}$rPyTQH{cy(o2tXA@6`II{48y>ih=&ks2r2H=lH#`T1E#foR4;kP&bU`-Y8%U3G(9@3O<#Atmx@H4PdjUGv|S`JBe%_rRHg?-=iN;dvvb@nIh0`+EjS#l}2XTKZN9CHTDOO&Ct~FwxDmddrR9k zX{Lrzv5@B+{{Z!?@58U@ekSnj5{)%4saRyGsdM{4e446aw^U!kdP#%gb4-ZUQs={gsMENs8AY$dl+ z*tsc}Cmjj)uaiDH>o!_GgL$Ugk2-nZ%Q-(JW7LX;FpEAw@lT4p{{RZu_Y(oV$Aut#R5Gy4SWk{+f|Ubjt@Z11p2Ow*#+wksOtb_Sd&@X%;qlndA|v2ZS8; z^cB>NHa`!g-JT>{=5oxEey~W1(C*bNc1_aZ+2%n*q_IL0(=c|s9D@;J{gBabS0;F*r}P%@f>2f zFA?|$SJQ7a?LWhslvdle#$?ID0tQY;JPg)GT>TmHpNu{qc=y5nFfiC8+Vy}Sw6X7V z&tI7RYxUdU-;8yCfnEgAd|zoYTElN*WtKN#wU2N|b5EN~8!0Oucc}jW!APJ;wY_d8 zy*jk%G6iJXj>psw#=c7UGkdIf%i?^W8?G*8I?KuCG!ic5F`mc1DkB?8~d&dvvc((=_WZ722+YHR!XB;x8$kKqPV6wTiZc z&MRZZ8^FuquM-_IE67tzE>yXX44n0BekQ)F_<7?E9{$3|!k#j}vy)4O8Yh{~3nnt$~( zx$^)x3|G33%ZgHs)yEjv^*@Hc7;HQjs%t(7xmY!QMdE29X~!OXw#WK!FrdZ;Z5*s~8#Z(!g zv7l;m_*=xVYL@dPKRT{Y0eSVW)z1ZL&#vgUdWO~@CyKN}vcN=mFBaaJ_8rZ4 z{{XRX?NO@!$$zw`!tae%HgGPIZc|U!AZ9AY)<@V_s}6lvNA zj5G_YYmW|VHmiMWG$b@hfQ{PqnqrGsU%Vpl2>nW+PJCY zktJDB^yyxNUWX-AIJ*d7^GGaugVLapIm|4ee=4Jq=)qztq1i@He#WDp3W~V%6rBAj znxYfAKvmsq7B9wc$-cK-8?}C_p&f89X*SR@5c$G-p#|nw$;HiWwWyqm5Dx zqEKDB{VUNt>aVCv<(zFhhkshB5=QI^Twvp#^>K;KCvqv(zI6}(0M@7@Rt~7ZjtTnW zuGU7eMXx;sY_cmBJq|j46?P=IWXNe1RCC7}sf@HbBD50KiXYv&?a$1<)uk({gD0A? zjAJ;>4q6>l&(`nwBbV)!;!oMzlaV(Vt&!bh|44~#9wtE55~0>e>H_0b#vFvOBE$0YmKHCI!rC)h9N+{a;m zZ0ehSS@Jm|ue$%TeMYLxlAdH&&cTMq*iLZEcT*)3jNidfb~X-8HA=EtbcYHwnc4DW{CBewAO ziuC%G^q0d-*Kph3#L{^zHxuhy#zr+FdRpA1A~ysgw;%qx)ztMV zQ%HFCl!eS=1BPngFe371WN(qkM#ta5w_GD@$wUy7|si1E`?BL%!5JW#Nwp+t^%B zzH8E@b|ia=Y#wog$4cO}eNMx~HV#S?BR1~c4F&R^aN046x1!+`=Y!N%*lA|8K2hEX z+CiYBH$c%fSH0alDY;2-+2D@dYp^;a>dxZ$Y*ok~E`F37Mf5O}!;;$E!*UpAIeU6n ztx0&(X?E#v1WPCw$Q+-o1sqJ;Y>R&dz>#p-EIkcLCZ8d>Mw}TSC!p;?jJGYvZ)+41 zpe8v7Jv!A%{{VXciGs5B?LeZgO5YE4Xtc4a-YShgOte5SIUe;cgJEr^LX%BxA&+)S zuW>=pk=N-L8ePTIcQD&Eyj#xT%e1Mje;IGLwzrE!+cQewySV7S-t-$LjEe|gU{{U4 z(mMSsi1BTpvefkH?d;e0z@rd8>tLMzlo`1mhv6+=XmsX>R!_7p!ik>86~*d0E!6su zytP$i+%gHr6r1R66K)xei%S7jl>!sbV~Xuzk0@jAf!4M(eLhV+1cKr7kCcPbrOfJtO$$q;7tuxM2bG%~ zp0(HEVYV$I?dQE>-&0>^axmE1-OX@0Q^D;9LAWci~L zGN$43=DM+=-7FGbNMjMRe4KTzYNuQ`JXcn+ytvi18^IdAjBcn{9P`f~rF)m`^WuMp z9v|?3#w{<#*7m1Xng^1}XOBDbqz#1k&fc9cYsjfBPxafwj(G6?3OibjKm8&n%w8DQ zF4$ao_Ag?qAy}7wLne5ySJ1U@59-UQrT(uDlc-vN!Y4){_|F7Z6xsLjZ+2GEok#*FfOr)VRnKT6u&4je^x zld<$S#Z4o?elPIc5nK2-L(^}gwRpVSX!ba7@A1_AYx1w+&%(`bN6{o2bG7VOZArHL3Hy#-&;lmu7ipjjqLa;vE+D?INFDw^X-xD{PK6?lF(E9BSmOgd_!V)H^HRcIHfQRu#~*}x_r?DJg+4m?h2R?-=saoR zYZSV+f+c5?>OM@U0OXLM^!Bd?_($UJ5qwD>4)k3v#{0w?)yQ2rU`WeJ3x5{>06+;n zYj*TJY(8N_+RBrf=7#IHQrGRJ`#yYB_$T4f;;na0)2zHZHMG{^>MMniEX==fVCWRhssYMf~+-P3H(!sQgx0I zqFm0X0L!vqfIlkvclLJh<)4cM#fs0T%JXTyWKqgScPjQBbI0?fkIwjxzOLuXe-^*B zZgp*QO^)1IT*GkC$f|bj$4q1JudRP(zl_TE8XtlDeRmq%KzyrfmLR*S#sN9)iry=s z`R#dgO6T7?O`eyp*=pVt)+1Z3Hu^TV9$+}h=yCa1&Hn(hCyuRrFY$}T-w7wwF0J8t zrjp$!7~3Ry10DGo{cEn8JuJTx<8*%M{9Dj;h`tj17V(aQr@t_D|y)s5I>DwRvs^zH-ZhogrGL&hnYSH=k;~f*>ew??OZ-tun@@r|D19vm-^LCti ze_F%v%C zfgcr~D<#pj6^ct@;n#28Om`J@DyyGKTJ8=9=w^c2KZ&&4dF@1e4XwAS_pR7;%bN>% z4xf2-V|t5vvqwFF}wJW+apW?5AwODWd z)KOkWYk4;BkvaSEy934!3H7g_z65^NP<&s|ypIt0YTC=hsWL_6#&^XrDh}WdPdWW- zwlPQX7ZvbK>(a$4a%s}7Hx<*CYBIN~f2qy>(!KAOM828r5!-TsChqJ@J~3; zN}PKdaLx|CCntC+l^S+wYu|6W-*Mr8@Ko=HwkK8iQ~N^bYczJ+wYT;TrpPj`O8J(~ z?a&+m5JB(07f--f;_r$exr$4B@Wmb`!vXw4xT>S~PX{sbsghHtRo-;mqWrmJ(qAQG zw($I(dO;&D_3PHV_l7-zvKx0`e(i8gcRz2z)wPcu`0?=LRJ!!9Nmibh|~-Z_nEF$#B3i5>;qvx@V|fUFehQ`fY{UJ&nhf zCAFE;hXi&t$9zV!)%+DLpNZ`RGTEf4C1cJ;dWy>D(n6Ea^#1?|_=89BAKDtu53@}u z4UMJ3EV8gk7Z1Bx+=E-lrnJ47@v|-`iTj6yXahp!qoHI#)g-*SYcD z4$iEw6=~IXWg4DbmGt`7_s|!adgj|p)L|Naw;Wd%IAS-9`D{nt z9^m4>TQ@1;y;D%KwVp=a#R{M96I`_=(5();O4uC=GUd&BZL^r7Ku0(ktc+?c3%CpW z&~iStJKfv;ifzOf`>USy(2pAwjzW8=Et7Mq#{U4yv9(`_*BWk@CYfh)AdK?F3>K>P zsUJIE4Rhx$Z{jwwZF=)TaO)8#cIM7&GsF7d{3IHaO?xWKh6ex~7TyN=Fe%C>aXa&pwsMDfT@&RFTD-P$X7C^7ZS|vvtNT zV8~EpFkpMssWf*&JrM<@rYNIm7=;8DuSc}LGQ|Y!xm@Xt4p!-;U0NI5AyT*kyBleI)I-WGD~&+ajzxIgcppxtshHAP8a4`e>U+?g zi{&U!rlYoS0}g~$?K<{d3Olw;Hv9rWrsdGWap*h6bNE){S<|mPJ9LdKws4!SHierX zFvU-0IgUJKU!PvJ64X&zocy{?th$uiibA&XZY}b0TTLm7P;^Dm9G>;C``>iTA*bqAZKedSaK z?*p7S*A?$t`}iBhdPj%6Tj1o5)vh8DUD^SUB2@q%&-`niP_eUiZu?BgdKewCr1_)}EY z>~%dt#6Zbm7oRL_;aIM5@`Ki@Cp6hTzO1Pvak5H_w%|~<0J~w#9b)OMih;%FK6^0ds=U__6*z2Fe^sg+?d|#?*lSKYSt^6S1 z2~Jj&VsO^49j z6yHPh+(dOSG#jlR+0=;yOUY1seJi5W^*t+5(eHHYsguZXNy+pTM{WY0q?z*`uD%_z zwYi-&T|C5uhDB_Z1MtOkKM#ICcn?U?bw3OEkHjr?qTC_!oxo>}`(xYx0IgZ=x%w6k zT+v=f&NFKM1Gm?8eM-w$bcRXHj1NND>x}SCeIsN0Nc=VMw}!NvO+Nm6*zLw8k6_Mt z>4JFTt`9@iST^-I{{R&J*8czvb%!@LcDFuiorw&SuUvixymv|cr=;-qse5&8qUpDc z`C=t~!V&Aodf%JKsO7y`(?|PFd~flyzMbGt1Z&#Q%be+2T+*a#>RD8J)Y>n={{Y+f z-)^hIMNhcF!dDK4fu*Cu<3il_P`FxO>lmpBHr7 zn{_@Fy4SB~i+n3&=4W{Q0OXVGD~fbxouqmgZ0iY$p&U*gYEK6LU`g9GaUq*{}!tWsQRc`Tc@ThR9kUI6PXglZ>um{{X`_l01tjK=E~Bjw|Z$u+r@R02=&9uBvecI%}UgGjiM^3m?Z7Ca}+xLBO>DH-FxV@V& zmq*mB?F&d3%43XUkH)WCM1k#NbsPTg1Fcs&F_k+VtQvF9L)*Hb2a#Li&gr3KhzyQ1 zRC820i{A}>pUk+-o^fL*PrF(6((YuAH_Z6}5;~u1adtB`bsOugKG{&Dk-iQ|IKi(n zy74{Yq|r+-nmyd^^v!IT9cGoOY1cN2-(`g)Bd8=1Tuz}hmKubLkv#Uy`?%~Wm^Nwt z?(qzk(3w<>>;szS*6or>qD3k*f;}h^-)UB{-N20GsZo)Wj)JhY0?T-f5LZl)-0~`1 zfZ5w?s9FVuVvc3wdiDHiZ>+37!EOZ1*UCs@r>OU(8TT=k=OwG_c3vKZX1-`=wr&cU z06&Q9Ujq31TJa}~yicuL=vq>}v~9g#Ck(ut16GF{nHIW*^p-Dckqz?4`^7KQAO5QI z?+|$E%SSNj65fQpbT5KSeiIi;-uq2+1^sT*qShUR=HeE{6CG!U0 zP;Lj)KA(+ZD|bA<#Xcdu(<~rsBW`DRUCd8G{x#;ZTHiHbDWl= zd8_zuQ?`dpxSYhUzGO!jBR%Wrd)Fq(UIotSp`r`ipNDwTHTP4?M$3b3gtJtGnu~Xze z?2tc-lSWOG{{UyK5rRuF10)|>>AW}g_KO(cdF{gP z1RcwdYV)lTCArp(`$sjCDKVJb5x8frDNABcakFSuV)LUHJ9+2R>rhRpXm^rb#<#YX z_YnYgF#~pc3dlzTcV_Ww^Qn7Bv>{A#METBo=Ze_0zqMIb2Vhtn9GXRHb~pYC)~|F) zH9acg1h+;3yw?8!SUakZTz@L^_@&kKyO{(+-H@ptFx)}!#SGDQJAVs!ts}9Pd7!fz z!oJo%VO)A+2fbF%ejwXg_?k)eeLm6~pD?hPF5sY^*{*rOX&!^)nbXGC7DGzeb8gZm z93TOGN9kC)hlCEAZFJeEc#{O+4gvK21#`-ov}MrnpAr86#GhX__t50R!va2PdYqj!yX;6{?WLa_{TrYV{_MO9jo8GHKgb^&l;#ix5#1x1^U*+%3Tht zRPgSdscI0}>GFx7k+2Yqo@*;r@T*x#6n3{(uCd9r(38D!*oqEnk~6$lr`qXOHnPak z<7)px{No}H^jJu52d`qXzVW&ZM z*B@`)wO=_@KsZzBSel)tpLJpbI~D{S5yMteW`-r3+rsLKBaQuYfmAQ`2+~)!UoKfP zaLRZBrLYxcSkw%wE;H7ebr>0mC@{Qq=~o#dqONvc6Y;l*{57ZQwmKfGJ-(lK#LsRC zA-L_&6_cn=mt;#Lo!+c+bNJCJgOpM^85DA>Fg%mjrE1>!mX_9R<17x|2Lx9gNfFCq zo@ousmyr1zTY;XnzoSam4q$myM5lsBBv&O#*&9-Y&cjUbcB$eS*4IReKkWx&971oE zSo`}|xp-^gw}*Tqs4U(t)4a=sU*4dT3eG!MiHpYDL)yXNZ>u^J}ayv(X^FSncfYVgO6MhGlP1E6R1}Cu7i+C`DX{M%1jYw7o)m zOYJ;C26yE0GhQX)&xjVbK6SQ{F!R?cT}R3f`8DccXkT-hZ5|lYU+YsWmvbp(%W`-g z^%bAPFBN=6)@^hjhSnOdi@Zl65&3oz?pVqG^K=#OQ;LeRIi)Kftv>|6;GTXR_-1r3 z8UE5*#n*{7u@rX@_-@5_Aa24#{6{@N^smzI2WXm?h;(eHhT`~Z@cP}_G`BH`P@?zQ z-MI9sZ04Mfr%KnYygwuwFT$S)Lw$X7^GB%760$@y%W=Rzt#>l`Crc$YFNqpno8r5* zK5ItglveiS^Hm+pnX%xf7yc=OQ~t`avG{z^d4Fa_WR;sZ#!qYyt$H50py@sk(sdcU zJ)vIlx>S#LS-2i%I?K;U+A)n0|i3efVKZR{g5_z_>z|VVTCjS7Bk0diQV;h;V zk<+btZ;5rrk}zkP;z-HL#&hOl*Z%;mTR{~V+@Y!3yxJ^!hM|9Dr0C)-xpwmQu6nWW zU!Om;r|r$~@8N472KXCLUlMrM1Ysq`mI}k@bKbh?#JePZAN*1H<>TLsI`ziC>2R;!Fpbq<6ntdoEnzA7|PmZx{omjP%-`L`q^Z-)}Xi2 z6x?_>!x6DaQb>Hgv5uRR43qV)I+D3*mOKTfc!B&&K9}&hq1QF$ERQ^L2$>_tEL*7Q zTY9~tcuT}rH@^|?=kXNLxJfN%kPJ6rxO3K~G45=ndB2JLLfWiXQfQiehMxmTxFJuv zzJT?vN-L@EH2JP9EhoAbiVWpcw$qv#w#8hJQPc&-n10mAj0pJ%!8OL|I(^o$sWeti z4YW$7x5&W<(WMcA&Zim5rsng~i?OqEq*#Md4U_bIovfcQ?~qLl&W^HLNI0 zY#eU(#dA7^bD6e{sp>bEG3m*4VU0^M5#tIvpQUgfGx4v0d;%xbb-VMeYIsnK4d0d&55sE$!S(3^HycefA`h zJ46jj9{Le^{l-=O}1-zZ^iN@&|-c=%8}Z-Aufh8Nb0oBT_e0mZZ5VLJ9GW& z^r>|V0T~w8Mpec+9G`4fmbr_8=lZUr_C#xyfNev$n>-rDlgIPVaR{}2JM7>OFe&-E zQubX(6=U!&(^9sc7McRGYEcd401bu4bB}CQ9X{7a@jN<>h3=aR>Q|&7kd3AxpW#u* zf5N`CM@>(jg+kty;axZ3edeDon%0+B5`bjfH*Gxdz>d6ErRqAqsjXT~dj+&stix)A zO{U4}r8)uY5k^U98;2%3nyplODt&>WHe6)^L!;E*$VNypovu&QH zzZtX-4VlKJd1_K7$|D{mC!igx^26hI#4TT3*7a-nE^V$fN1W^ma8dL3eLd?a`I~zN zi(d$S6?msxX*^9ej91zcNC11IgzgeeKw3CavKVCl0H4B-56N|)IEMP_?@|SWZjj`FO*2T! z+8y7EG+6AdW7T4`j%$em$r(%%0sd9>D(|-5M!t#2t6bZ=d{464b zulgFig@bvR!5Hmb1X^|F?01XeTO_p)y`YzNGM$O~&`IY_9pv}o9VFxlHVkre>zee> zhh8Gqei>cenPhn%?FF2v<-zO4R5vTxpIUgEGbB8#(xp? z-9y28hKKfu?rb87n8xFUQ^COgm79aG;RcV*Jwnj`2gEN9YLhEQn>8C?n?YRRa0lU64T+SjeDJYa_#s8Ev2b9HLP7@M1s$u^ zZ?y}kJSpMt5_l>zb9T~gU9XLWNar1f2(1i@UNhF9(yXP|^}C4Yol#}E+Ca%}a0lmK zIe7LT6WrTcc!R?>cZ~jFX0}O+vqpL8(~dgOBbw7Z6M3j;SKcMN`*oj)-{*LpakK%& zdbh!AzYtHQS{StnuOc!qkVwP@86b?-@sDFUO#Ayy_;KKi{RRz28T9La8N~#WEUZ9h zj124yeZj9J)czgW{8R9}^F`uG-uA@0HMC(lM7yP{p#wZ@;Z4^G-P@l2CS+h6?A-S`%QQnOJi;0T|V2% z)4>qj@t>WD86Epq$qQ=MZg3lnkO}H5GqRMAO!!^#A5ri>iY@Lu`DW8+aTL%6%CejT zpXXl1@sGk9KAU%N+7u@K%K9{#2^e4pW!>`q4u2{RxNd(_-|#`7+UY(ud<)h80A?Q_ zYEWAE_rh(B7~IYK`@3#?9!Li&NcCSz{hX0!w!ehL>?B9rSbC1tIGR?Hmv#MqH#R=S z@K1@Yyhov1SV~XZ<5G>2*WSGE#C{RbwH;4f@SlnFt6fjQo+z`INY)^k14k;d6;j~v zN6b`{*^O~dns}p#)dwESBRl=NLvSp2z80VI=t%Hs>96b1LpR(W62*#zD?-DX^@MnB*;tXFiqI za+hKX6O)x34tmo@$cXb0OYC@{3h0H9kDx;kSc zBU9eDDR_uB1BVsi-xK@~;q7Nh)pWgT+DofB(A-$OXKUNs4pfiCVE+L1tIepa%Re}L zO{H4j==!y!^Uk*a05z7c3a)o9ahx7K$KhYghx`=#_ItMQCyedhNJi8W5M}ph2=~^h*+A_9+EH_X!occ}5Y4`T`3v(U8BottCkb776 zS^oe8d;P6u{ic2b_*X^MB(+_B7Lvx=PczLHT8+B&Il+x3P)-k1%_+v{?1YcsuMK#P z=IckYxx9iTXZ_8{UXjQLHPKC{Bf$Ye9_l9F86&9r*PT&yIxbN0r-OVq@f*QjCh!l7 zY$3n!*0*IYpLqm`8Chgqr-R0M1bcyB=DGg>1qS_>JX`xEe$l=@_;Ii4(U>f5UPx}B zj0My!Bs;C<1GZ3rN2nsOh17)Pd?BjaNp)_rqPj#tAQ98+R=ybPDWKl!7IMJ?+sT%1 zGmvw^IPF&CXU)+1qfFDZdGv_{g`kM1$+Tb^=(Tv)#(o*nv5Y494Z4M1I0eAR^P-k1 zIdY=sO*D0yW3|jJ7FI^xxlS@MT{KLnl0e~H?I#3Rtxf8AwIgi|>t7R%D9vLuK7Fj@ zE(+&i&ua87CTm*@WMzybEZN36$*qoKyoTD*;!BS)L_?AZuM_c}ofAFAr)46_k+#Da z>T~>GhA0usX?JeVADD8TGhN-ZGu$GGuse=)8^b?%dhuo|TT1Nb{KFQMVKg zI~_)uJ*JwCE3cU=jBV}(bP(!MPZyS|q0impnhj$ld8df(uOhsXOS^FP>B5jQaf-L$ z;cc~q%2qwUChA125Q}<+A>TSNm6}09^!o|kc#~G?R3i{QxpwTAPES4AtoHr^z-5$8> zim_p+!EtJfBgAAK3m%l&O}&OBsG5O%?^hYmt#Y0z)!~-@7KYh{vY)y++C6hp$U4m{ z?6+D<%?`l(NnG%2o4LH3PmV^q4E%6KWn*|FmbLLHyz^G>27_x5r;nU^)l18Re(^<= zi34Rg8LcHA$4Syex*gPUq4LI}7jEqH_|?5Jn%X&_hGJV7$UO~BnCxvyeW}~&Eh~Md z?a_eP21^X~uBO+-LOm)-9@^e#>I*Ikn$W1k^UI4H-BVH1udXD9H;PX)fsx!`es$Js z-gW9gq0Dd8P~i17egPgzNpOo33}pWR39Ousm^01g(XP&{ zlPk-gG%#TJ$OgS@#CO-0cDBnkw2HFCtPVc-$6x1Jxm?ubETd@C?NT@INzVhdKJrzX zWtC6w0KusPOHDAu=*&Qno&m2?zH50rGV5-vmkNaL&lQbBrk1TE=kEh}YWu{#GSd7w z`jW#YrFZsd*n&eyazOnnJK{%ywNC_i*HrMPwI7wJL&~=Ydi#E3^REiJ-Jk7VUkX&= z3Ng~lMdY+IG^+@pQYMRf@J4$Y)VkB+xIwZtRc<&n#=MVR$3u|6)8_DnjF;XWEopPR zoRf}tIIW-A!^E)KYu-GKtX1{n04&6A0UH3a`f;Dux2G=WhmEJYKGyh4r|8}|M-kY6SH5*EFyQAWN zAK2S?vtRJ_>>6Y`be2(@d4A0pPqZ?>4%p+hd;b8!4O3B*#hwI6xo9DCb;?Som{C#T=c+G`1P-t zzC3=~KeBJ^$?=cFo+Z(=-7~~m&F!tkTDSHL3HzMw+b&dK$bMjbLFDH(=tkV9`P)~9 zv;5nOaade4lDnK+*>Y-?{HPpI7JyhDE!TSN7$-(TUvcjPlhOEat<-_whvM|S0#BXpWnU<_;LQNQ^yqS`tqZLm~O5h=bQYp2EJ{x!3#);{N~< z_*>$Sg*2F;@uV`v{i3LVZcOcCk?ILN`c~BHSl$$!?2qUx;I5ma-2Tmf7B$^@6II2! z$6;j;&2corcPK^bTPJ`zfPE{y{hK}(Xfpgi(Y`%?)E{r~osWmF1@4gr+>dYM6gl54 zW0Eot%iljxeI9jXWAaWi%&`)~SD{DZZ6)V@8TeWIfBx6kpS5T0BdKayW!|TA@Snqy zwXcUDmx%n$p=6y$`&i9$>$tbIGiTGg~kqUyqX zyGIQqGCO>VPgTZx{{WuV%T}fKJXvJa>3!_^8{>b5wY>?)iY)DA{{Vz)S+-pHBOY9Y z@Yxkp!n%o$OJ@w@~WRll}$w>*8ExU(Y$r0>HZ|};$B@{>8d1}D9_AOxdXpX z!lC$i@dD>ap3}&fsbWxX`F5U|ZsMk!vp%X%srw`Fm&MRa;olGHntQP=2uq+&R7sQ5 z@Wp+1V>}v_m969nwk92YO?!A*=zeX*I8IqMkE%ap{{R%*X+IJ?L-6NPecl}LUX62a zbsUfTzcEt)g*o)Ga4v+$G0mNpu6w-!%lsR&v_(L%Wj*!l&pQk;*%b3DB& z^(Fl2ei#1$GxZO^elyejQ>*yzOxLbf8RpUMBKvVax_>nf-uCK#xUbJ$F|MuP(zG2$ z)jZpDHl{`Uv#OGzzNBE+Ly_>f9JAO~l8Ur!t@xi^_~XMf{CWMBJ|KJ~iW^;1R3lj>FEibs1A1ZKuCcToq(~zre7R zQ|H=6i@z0WH%q3Ai6o!MQ5qcNh4inbbn&J5)4J;@1b!p)_N*L_ z(0z)whl>0<)UJFt<8;$?DK0H-<7bXnZWWiO_}5eM3;q$`82G32o)M z9PP@HkUuIp)r=JndgshP9=_~wl4yU2o zqdxWH8e|!0*9UPt8s@E1<#7H-O9KhQkJ^-`{bcU`?U#~0he1PR=@R^fvAf>ACe}}x zV!#dQ(3;Mk=hst-)W%&=N-sSz?Nv4J2}gHm+O4#PJB)9YV;BT<0E|~srYSYC;To2o zaUHbN+rn<{BVx*(;1kZzE*Fxd(&w*xOf0eGTVt{rY8nhWKS#VlpN)wnny{#DA^%^9ta zuXJA!53-{G&^H+jf0cR`k>Y(u*H6{7+gS;+yg;+Y-!hyY4?PbQtas2yHf{E>S7I1; z0;peFG_gp861eoHj_APTC0XKRjTo=aH+zcjw5f9xXhHQ98^dFN%vlu%JNi>+cZtMB zSJytZ6WHp4IsI$pumU7QD!6?A0CunGR}3JDjL7Onb3&QXV`*hSE*l>HwQF*LxHcN7 zEH){(IY$@(a6M`(!@f4$n^Olrl{AbhSsmxYpV?2vpAx0dtB*}-{w z(JJ)ov~Yc>=hWt@O*VZG@b|>J?}3u~*F(CJ#=_!1E_74XeZNY*f2qEqb0yU5@-v=G z9Fte=1x|`FH4QS;SB_h2xDr^~`_+r~I6Nx?t%a4V#!lUZMgcr$9Z`wmny0_*dfJ3~LvjAMquxhV{z`ap%hpPX0O!kA6mLXI}U>@Mpyy z4!e^`@V&o;JX3EGk{3rMCm?qR__JM zG3NXa(XR}C!9Va!--`M*mA`?0E%>{@J}tOaV-4oC$s|q(%#8)e+Ik+1^z^Q#U-%=p z!C5D{R{f>571B=MBMoilDDRWM2eo=o!lU^o7vtu6fvq|i>@vD;&d=r6&(#~r{{RGL z_;+%!E`j??_{MFjO2llfWmjx)a;=4>_k(4cPkM55AF<@pzA`X0TLyOIv*JdwSl-=SHRQ>J38QQO=Jxm3GUl}zY4aj%g#J3Xcd|=_iuxxecYxFb2z5xFKgLgF@J51HC zEHC^$aT9?xmE79Ec^lExZsV`rBD*NzqO?CH@kfey+Lt9>9prJ>nOR@S`_J-!Bj_z} z#ozEim(ldk49D>EzjwKu9r$D^ZrF26e~;F;_J_rU0m&JzbAb<824ZBR6hmy9t5@c zHTySsQ^QdO^5k2ODis*}xLClhF30`~yZc;fDRXOOFT*bh*@GAeEkpYQSlpI@kfiiNAZ5+{u9`BOJ=vbwqUWw02~<9 z3@$V2>+4@Jd^qvOt>AAT_;cb1grJJ{eLDQ!M`d>B%bGKv-M4%YaqV1n@f_N{S^Kt4 z!qLmU$MXZ75nye@jv#5fV2+){?$4LjU;iY{l(^=a1@y3 zjzs{^Zd(VT+m-|ZK|jdn!})a&4{F-y!+#iA-P(A&LcE(u)MA(KB+)rTpROyGs!vpp z$owMAGaM#mjp5wNPEL#Fru)IaowtsiHR^tcd^*+byiMV2%?HKaD%&=j0c|&U3R!cX zFFos!)#A2_?PRu*oe1Ue$u-GR4eEbJP@i*<)bzxQuH&{j_peCs#;0#=i454m1KTzBRPAJci#$t;Rr4D4)2M0_T`qE z@GvmkussOKKZRu^!ckT^yX&bni_3>qiYS@41VMl*8Es~WrZO46U|YPhkbn|@h}-Y%y4t-UVpD?Uu0%yjI5`gokcPyu{Mcqbs8as$&mV= z(z+Y;-IJ-g z7O$iQHV-+5=mV7Qr{1}ZM(N_Z5yAw7E^;YY&PnwwSZUL&X?^B6R_AEQtKMoym!3%D zLU2hq3-zi|DlqPTcz)AfGy6drcZ7UdVSA_{%!x7~z|IbSmCdcqvg2xu9{A{JGJ72? zGMi01&xP6URfz$Q-LFCTf8u!jMW;%9L8bW(5&Jn$FL0G}_klest)YyO!g$`>N**bf zO|pVmw3TI$2W|)XBC@p|;t55xv49RiG}73PQ-{<1RX&}nHNE@~acJm3kxwez_WY@j zb7w8o*Sdt$MQ)(5+usAFUm`1!8n%8b@bfJuv3CW2uxDJEsL41hnG;fGHlooT?+}qlp zl%vQO_oz>A%Bg7{4A6XEsm-eDH*aes4jlr%Ji-q{ipoh3l^q9(V$tkibEMfylca#| zGUw$3pctW7aeR&Qef(pLcdma> zO+Qo9PP^gT<$p2Cs;|scj*ZNnR_;NjB`!}<}C)r{r zV0iZ6XM@kL6hFA76Cpg5KX$znNxRfF zmO6|pJ4W9&=@f!-*EC$hM0&Ng&Ze$qP4>tKCy=7J+rJH3-$cn2&mw0Eqa4#lY6p|* zx+b}xUu}lQ;uL=EzzdEEs}X3{`kKcql9rWOK>+$1K;U|YnRhj$3?V}}PvOopj@4&X z)$Dbfr28(Pd!wmA`~E}IN19|PSEf%DwWw=wwVOsD zX%hf+$zO3<%gmlua*Ze25QTI7 z-7Qg_wPp&_-VvO$%6)}v&Sxndf5N&=DIB(#nmy&5_nPh8 znthZ^Hlnt|*yIz_jw`&A#_!^7J5Rr{wg*f_`#63;m<}^qdom6KThz3T7V66O)){YZ z;{=dYA1%MxKb3R-Bk|?6%;xXL7k8_t?8}h+s^j0aYZ%)=O!?#4tybWio&Eg9^U&Rj)X>9SmrIQ_j_u{%K(|Z@peg%HfpSQ2X z-;KB0ora63UU+lB?%N@>jD)}+-UHgc50>&-e9NODd$!K`UzdJ+n(mBjjHe?ecX?bs z0DhHUVOdm44l~9NQ&eFo610x8fIt}?eJNv&iWVieb>f0K%P`wY9Bv!p!9PlwV|H}F zZJv}FwpsEKpLX5uyb>x{ZIw$hu5w0bFngU%j+k0G9gvgRM`2xWhdetsi0`fRpAK2g zuj`Ua;53U zvhd!S1g0nRE(Z4lJg6M>!Tf8^v<*$PYwcsh{uOBNmhFPO$l2U;@{oIUtSU;wu{VhH zm+)q{4BjE0*I4;dPqW7;Wy$I?z3T^4)MeMNWV^D4+rzeAVcizq6-OL>c&CuJXP&iQ8vTvR`)M#q3c+#hAyK_%(;8*WFyFA+7DiVsq$Ie*==~O z;lp73!>u^(IMh7)?^xBYykln_u8|}fZM0@U+w!u=c)|S7`4#M%cBgGPw-->X4Z(bR z*71>C$IYJ|zAE4NZ&0_VI$^2`#@EYn-c&ks4%{grCS(^YSBd@>sSJb~V=Ai6* zZl~d2_()be+k4S0t2WsbpP9P+!nYRTyeFi<+K9Qmva}h-GFW%wvQRpqQ1kx)gs~?PEjj#Q@h&|&%H&$vEyzQM`NCviemyBT8(+Eg z*l4^BefBhCJTAUiA;V{mcfnBBThLipmN^lgIvybIz6XyE58DG zd*SQ{;r^8r&|6sz>l*?Kp~wtD{{VKrKlq`kPp8_?qm4f6Wy2KQfOIDq&u+D?I;L`F zR-dP8`UadHc`r%;pd_qL(Sg#Ld*XYIJ5QGITeZmo2JPBZt1)Nx&ph%PL3Zwy;m*~z-@G-Texl_c?xVL?ZZ_;TLYOIy7oGyec+Dcl*s z`Mt$;Y8!f$3XD_A``w9tZL3!J4eTFcv-+ zxmn>!im)V+A_J8Ld-0mN;rTAo);OjE%|#gi4l2xLv0ui%J+iRVCyxHs&c^GapiDE2 zV~*yvz7}g*HJ5^t!sf;#fXZYuD`Chv<3Ej3lSKP7&Naj>xZ7PonB z687C!&R#xXj7~B?59eP4-`JaGGcZJfi6b2VtSRZCQIB&f;s=#i$+--iACzYU(z~yR zzA(A)7QbnI1oEYead4_}$M?Rq(-(ATey;dqQMU0Om1V6%b#ZlLaEkWxNH&=`8SmKU zyV)Uu(%s+;90QO|Ow1bUa~>nmEp^=!QP8z~8*8*NZUdO}-oGRt4xW@SL!Owcm=CqC;IHAZ?Mq{{lz!ml%fb|FQ@5Afw4&NCc#CmS#wLo%Yg!fa_ zKMDA?fHwE1Je~S|5Y|0PtTQ*v`}AhwRUze$zf1(`{t>@81jU0Nc**v(cqM3P`&Y8=M3~ja>(iy2uKaopGsuQC(DHmoO4v8auwNO z)#CwzkeU4HNFH15V0p=^<+jD7I?__HxFGE((-mR|jL1|B9F9kNT!&Omb$fe@b8iZw z%ov=N{=$d3R+)90_{O`qpms)+@HW#=NIi&@B>Hqnef+A)2_6buWt0zY5bXhCTI^k zhI-@q5nRmXvCSsXiMA=mFu3WS z^vMWKxd-d(N;2qID=FOhz%K!TJYe*viP|Pe&m@eH4<@uWMubeV>_!B|oDfbhF<*QC z0KqrEX^ngKRQ;m#IiuF~JukqXAiajt;h=mioyJF(Cd2aMJRe-vQrzmLBmD+^A@MFd z*?t~)n(A}^00@VSU>3J?1BmqfOeiYHC*=}+#B=#(zPhu9{j5I0Bb3xFSPY-zTH~m? z9Z}f0?C2WaRvTm=A^!kt(!UBn;J9D10sWxAXSu#Q_+!G>dWXc11zSv-phU&R#+moG zE+-Z7{m+ffhe&LLQNf`VwSlWEnminAYa`49N*afRe zAviPaJ1rW{@543;YUbgji+`CLk&y?4o5@5>s^<|tKA06NYk%${Yn`dQ&DoTvu$XP z2N~``{#D4Z){>GpXTN+N_=n-GbHjRjMLNx_Kzy5|XW^S2zLoB98ylI)RO4X{pQU@0 z&IpKYc$Q8NAv96ZSTzj3100lw%zOjDJqpBBU`eUN9afLrefL9Z&m5d{+gZYc^Ul+UTKb3lAj=gntWFkn`G6@6$)KeK= z;_`5OmqNJZMmpC|r|IFL^BpD)!BL8tY$82o%H9a0YlPds+NxYYETDm6D9Fp6JAG+I zX<#v9w7j~wn9Nn(Q#CocrQD;~JTVZ}An6WYA8NMbzT8ghE*YMIfl zufJlX&AA3SJw2*>OGnf$8P$Vvk}D}bf=1+;bdkcX1>E-1D*>@Th*Z8Mx`KTaqCkGo zi?yFU2d*nC^fx?u-YF&74%XU)ZD2V*_0j5jZPwd2g%6aVhjZSxi_qRLLyp?oZRE`p zw64Pix#F$Cad1R|W{_^@IXqJ|hUcgF7f`>8O`gK~bi9wvXIx6r#q*j4g zWrC1$0rcs`XUK2PdHP(+w&v86_>PsBh+q=AkhVQ)N{p^-=yLt0c*`p~6NBwujVyQ3 zY4=c~t3qNeyZgLXJw|Ow+DPy(2U+E#9DR2+uYgS3#)g)J7iLDdH(=B*FW(m z;zpOEJs?YY{4MIGzmsF0b(Tvb6yFgRv+P>rc zmHY+p)8dE1PZ}qV;Ev10_A*>yjs&7H_gX%A#s}wEC8^VhsVKp?pB`)e8+qW@bZaM( z?jjOJY|b|scAg3KB!0E>HLs4f--iA$(|lc^#S~iopz?Jq7r|S&f%%so%j->OczCMK zOH=oA_G8w52Y%EVEri|s_{!t6b@?Z+&Gcwz&)lWEd((dgb<=kD`_lO6i`9ru}^6Sl4#3o)00RPHwCsl%DUY z=(akP_g2d+%<>Qj8TGDrR=D$3nnqOGdCA5r8Psh0I#l|Z(dr3f5|%1+_j&7DdPj@r zl>~7BL2fs8`c`XmSzD>;RvM~aMGP+AIL<|V1@ODYdIg=1wc!sPcz;jvFMu@!D}8S~ zVao7E<r{{XA4bkj)r-XqJ_F9$j+dui&nJ{I`X`y}a}3BU1Hz3_9!{&&OQvzz;C zT|rr+v;^eFuhe5b`&Y>H~#<}zAITlsCc&O z$RF&PqTFpmecpQcpURYBsmYGcTw)zB2e`chPK2Qt8@# zyo9n&jkqyVMsg0)IUd!}{@TB`{JJcx!pk{JqOaM z)aZTJ3HW0yUTsG(tiN+jJ^H;Z_@(7*qw=d&vk~7S#|oq>#{h6EUK>v~-a)lW?eE-I zJf?q0;;`$LqdViHYd$>vo4h}+XzK;myWstNMK2k2wrmZ@zCLfu>0Te;uO6We@yF-(N$4`Brk3_dg!Yu-vXovpqiP^nVlRH{Ke)D>QQ`5-H>l_N(Im033LC z#2yCLAhor&Npz6dhE{wDI`Nw4le;)DbsSxp^k2dM0Eo}wty04AB#9S*;m^y1!BRgO z_WuCdH{cGRZ=ol~e}%K@^Z0t;M%VT+9$}D-l06P;BO4!OLVVF)Mc>)mlg z^-U+lnsv)r%Mc-CUqg@Z71VrRyoHjy%R3Z^vSBlkRKOrurX- z=9n*gW7oa|{7KUF-wk|6@cyrRK98;2=yJ3#yf50Z$i{k{sN%Svfm)=R@;-y&YlMdN zaV4~_e)f8UpYzhTQnB%PoF6M}`wQW+>OKbek)zoOBl{$`;wy$m%E=1?2_Cs0&c7@_ zYtMt4kHN2xzBcgt+ca7Rr76~QSI5fmNPcw$^(xr}cC4xzWO;-s<`AIwoL}K@^ZXBx z?$S*oR#q5SloH+cyxBU zg{8;X?$uI$tb?3=E3xqGclSDlj+JS4_R+hH{MZ%GEA>8!SBdNM{42PJ#Kg&Zw>G6V zq=090AJ@{pcm1Lx{{V$&6y6-Wjni1v?ToN&f0`sG8?ozAC!q?ux$*_Do=B`SG>#W) z$jmZa0gCTzt)AXu0|!nD*CeFwdQ@s@bb5Y>+hu^vaTsMS^v!+Y;OIOb;$H#ylS7|P z(;~WWE$y%NfjmTDe5ccs#dT2J+NL5(H%F3cejmN?_NP9Pe8Ovp!k;h>9Z1MOh^#`u zRkSd){b}w#A$UH@Ii!zExYZ)FxI&oW&I4rj2ER-6dpqxkUlT{esbG&%@Z9nJr5TqS z9|H^z(2UnjD4uOxYfi>L{1iLkSBCYE+0xJBeu<}@E5+Uy)$Nt0wEzpdc^y^N{YD=? z+iT(92uL4Jw7iU&;CRCVeKB3Gl4W7BPI`7d6H3)@^xK1XVW?f{bC0_u54DHmUtWAG z{j5A;;Wv`gTAJTo)7UIxNzP?aT+*d&j|YqRPKIkkmU>NXF01|l_m6}=E_gfQPlWXi zcIp_O%F-hp>=zM&TdoKMSK}YYdk+ulTF;7aw1^|JiEa#*`xFe<9x6WWhv!}vceA>ywfmexmi>wIVw*)`cbFdtUFW_ zw>|x7Ias5pOOol6g~;zqad=83Y(QbgeQPO7=Jd+)E^VaVH=`~-m64>VDzHRJR5;}G zPBA*;x!8!A0+J2~H7rpXl$RTQD@EAV#G`d9*<#^YOlWX(Rj;*MTg@8y#KoDSV3-_+ zr*n>~xr^|JT>k)sYvHB*(wDf^blpjARy1v{@$MzgJDhP}S$@=(-wysV{4elF#jgVD z+I*fZvoXgvlb@@+DYc947-)S_qAl?&7!mx z;v{sM4TEkEIO|?3rPz%hS=1aP;uo88t8`ynduKnLNfX@lyGx{%6#08suTHf%Mt&0| zvyY_$i`41Nno!cAxAJ67Q6wbEzlU5540_f+sbZIQGU1oZ3R@)fBDAJ#aNZHtV7+^v zCTQErVuzlj99OB?V8_lw8qkTN!o#*>ycA6Hk=Cl~_CIdYbqH+H0NJ^S;DA5%{rm(tGHyjjGHpB2F?#Q(r=O8&|*5wH-51iG#@;i=3Pqw0yogmbO0MzS1nO{3#!b zF77Sjj^(zhvH6+1*N1qr!|VpwTQLyGK>RDZoKKd-(zKE}YafSCq3idWy{pBjXqO^6 z;gqf(8L{&z{VVEk0eG8IvVg6n!yAamI6X05rW-@^UM8W3T*lW#oa z1G{MB9l`1<-Oq#cMuBFxeM;5j`F>luIQ%zay-IUGGsWdJ=KbYy@_aqkbdd$_ldO1# z-cUq|acQZ{vLPKXLv`t1;o)!Ed-kdD91NEK02FmSZpUbhrn77=a)YsAbDw^-w4``g zz6Q&&QTBD|C-SrV)~APjXDRV}P`vnoVd0w%E5|B^=H@*)3deW=`H2U)>z~HH3;2tt zYC1K=my4i|D~}J|fU+v62F_gn03WAs^P1zSE~x!;hhnHwg#_;yt1m^OICwRPq`FVF zS=-A43}e#0e@OUk;O`Xa&`V`^Z>Q=9k1rul;5+_R&+RRt`UNKrMA-%B!QD$w)6M0T z?Tyq+ARAc}NI=DOCqvUTO$9WqTTEE*?!cDb={YIM$ZUQ+anhmGWlFs`tHo-0mZjjW zTEcO2s7Y@nqyGS^bmwsQsVqOxr&7eQQ_~z8=akv>SUQlBO&w0T6f@e!_9zjgPndcd z<9sh_EwwXibsz4ZD%m`bdd%ysO<4AihaNHUZ^Qop9OxSNgf+X}7hAWv8zqQ;u8i=} zzxS1fMl0bD+rLQv0E9>O%hh~(nks2Je~fhKFJxX39`RHO90Api22XR7PobLIe0Cp=e99qN(8#2Cki%j?&U@Pwb-n>FFsT$w`=T|SbrF5Di69XeOl zQPwE`02r|j@@(|DBf7bYJ&NBb!St?QU$?oD?a@z_$y}cG*m?CNV_Mxdlc`z>98VwJ zJn_wUdgb+?xq?f15>!wQ)7a4K8od^eGobk-l3tlSlR=za zj4S;n<_wt?ZH(R zIhoeFx7hAvaG~3^Y3Z80*UdA^L2!QWpsI{+am|+Qb&yzs8L%)p?^x4#k6DH`v)wR* zw$s6`h$9lpUTYF)tqGD-DxJ$CjFVRMpB7%pXC|L|(S_VdDl@oNyr{~1nbFGxx`yc3 zsLvpZr>*(7uBu2OeY*Qp$~qZMXk*@MR(e7glHHUj1b_}}tkCtVO-dwtc*~=Ja?8l6 za56e+QD=xFH#oq@@YU$8=JNd0ZjNzjzRS5@WI z`j5(!1dq*+8|wZCxAC>kp=D?GvvdLT_U$3@&Um)L-Mx>V^!o{XLwOz6r=?xNG-OCO##cEVy?WNC#Xk*eJ{IuG zYZ^tIm$KXiSfYVRV0v;pQ;e)zN651HL&cX9Nqa1lw2`=#;gg4mo(MSl)}EfXc8Ia+ z7XDm}PXJ_$R<|*nO{*LDZYOA@nIj5%H+tFd{{X~WZw+{^O)YKU)ileb^2|~U1tUK) zk(@wIn`(N5M31i6zuhSKx zk3wvD&EA=+TivWHXEc%n$=mXQ^{k&7Tk1M?pAeNEC1xCBoPUK;GQUHO@D8VaYvRp5 z=TCsTLndc9&R5eOwe|j|bKw5~KHB$BvXL6*1{Wr>XWN-u6Qd@#dmKxkbpv~cOS}vqU>*dp5Ern zte~`xavhIK;QUjh>C>&af+bm1cJEX3F{cy`OyOqHyrzrg^4Oi3{`Gq2g0w4LJ~=+$ zCitXY0zWC9{{V-jHm#v1i}*{+yK9XiX>~gY{`8V5AQS3qsJGUWMvC6U?D3G?HWwedt2z@(h5a;6ojHK8ILCfepIBJrM&71CwF$UJ_voUPEoo{{i+eKTH~S+!V~R6}&ln~1Q( zlk$*zb6&ym0w0I-T3IfUqQPr$@icOx1BE%@`_dmV;y2d!5p4ScLZ&bRl9<39>zte7 z*Ni+oml5fji=?L{6gUcT{9M$=J-!jcl#$BS{_AQJVuKab4z>;>%bqpwgN~`zSk!jC1eJVI&KhA%L9qWjljoZpo0wQ={K|!I+ zwVlGqJgJPUzYI?V4@%v&ws=(ekFi&io(cA)EsBh+bunHGyEv_)w-`LFpo;lgWnBW9strrn0yz0L!BR}|}CbGi_=r*)_J z7V_H0?mR;zQLpcQVYRz)^{t%(_S3>%cB^+hNwzXJZU=ABAFWJdeGOM*=kJIg8-KO+ zT}~|(r;6D~R*;NtC$8G?-A~1Owx-6+>Qe)>>|F2B`sB%(FcXNZrJqis>vzbkd$6KXo#_ZNERv3ueR(;<->;fX8X13d+I)20_W zDP?(b?4=pGBNY$_l@(1Gx74X3upt!kKRT5VCK-!Vm@?2vlrh0#M?+Ct#Q7(1+&G|< zMhJ>9-b?fPR*J;sgGU*eGthRR8ZAL%Gsw|}J9FvJ<6GADYi*xBeoS`iPoSjTg%}@M z{22Y4JbCe2`$x9Z^jo`q9%lk;nNXk+u>0Wl#eU&_&EEk275o~q(>y)lPY&4llj0}^ zp8Db-{$!-}RzHPv)T^zL(3OtM##(L7z1E=KA-j^(RY?jPGN*AQlk$KukMXZQk4V%~ z;1-TcD?}g`la1LOs|%YYu7{ym-*^{K(wj`P(PY#-NV1t4^?|?`=s3aeSQ_LvIfGWZ z)pVq`f0){#`N$rlw`$F^PF8rW#=P)qPd1VzvvS80WP(2$AfHRMx0q@$Nv&$m>m+Vu z{{U8V$i-993dVi)zNF~$-boyGQV*6TlPiyL>s2i^3!8R_PSbST7&6Sybs+$} z-Q~uSYZNo;+JqNco3TjKIXj11!MmR4P+9dm`LyjfMu>TPoT_fe_q}t)a>^{yFg!QL zKeP^mqFp|V@Z#BZEp6avrMf5zL{D%J9C2SUNonG57V3$4u4-DH<;R%QWJp2+MhGf6 zJ?dooo%EoQ>>eEWXZE?{miA=@NGLJ<>*_Cue+RX%5Kb*LjXf@x%maB}x+|TUwtX?- z--jAcg~k1@wc)#cPgVZ_mU5i!g@+mWdetpU;60y>E};8$n|+A5A!A~ojC*yc_GS(B zJ^N4nnfx=Q_-e)&b&(KUg+r3)2TY&93gfNj@jr$288rJV=_9g{)+s>#AP?59D`;~| zQ`$89O->|^?(-Kh1GsKHHCxm!;MN?=EEcd}V{B>^epDQiiPGs>eWYlKGo&!><98~x z&v=UZAf`CpCdUJBf5Ns=>L|sYX4h>L(iCA7y*_Fd_Fc@Ld6CDV>}ry>hKG}UMEGp} zIT1FeH}ClnPZ`5Txfsdzz^`xkeLbJUtr;{JZXZyD#=d;za_rdW6*HGXINbhhXZv-u zs2b96yS%k!mJ-&N^)RYruL?7O6Cs1*KHVBQGRZ zq+fU<+fdQ2UgCI>4n`Zl6)H_=Tw~n%D0o`e!moId!31&%U*`#rl$_R5>3Vc`f7-Ar z%XavY-Z6$;anBVFM)5-jh%RsS6|{S{3Z#8kHT2JiJaeV^8p7sZ5YGx*I;crxKvj9b z{0(I|T-{SWTSA{w)vRNWNV`}fl$VK*-O2Rl>0Y^EK*xn+#1S`qs zgZSdR>EEfJk>?V4rVS1;3(xjhTHzy74t_%5WP|K;U!`N_{ z?}Cgk*FN~IOnI4h{{T_2y}C>7cHY`~gkloU#{gg-uL8b3_=VvqZaiOl&u0vlk+QwJ zt7Mn!ocdsj&y}0gnf2G~-QvrSg7?~QkM$cXYpJd6+j|TRpyUktb6-w;H~qY{e~cdz zd|%-27hBk*OcqT(U_@^tD9b7n*QP33Hos%f{{U%^i{2E}d?%<~cy~*5co3_J7#5Q` z+?(8EBf*%NSiav{{XXfO)pz}C|2Dd ziJ2y47{ZM9uQKuX#C<xPZ00UJTdZBm*NC?l zH*5*vzGB|Syz0~9p0D8R>)3T&9{%2GKXtLj{lJ{@?^dKW3!A?hJXN81vfIO&u9X~% zszGP=d820K&mT9}{3|=c8m+~=6I;(C#|omDw;m6#ADu39bqxr-M{?`peJ54YwD|2T z-Bvjizxvn4Gn{ZU&wBck!hU7uwc%|8?XcLxEXy3Ss_qIt_Y5mCTe0bXweiz@72wEq zD=jq7DYiC`Byi-jE`DbE*W_r_F7;bErE7S%N=Z*e2c{}wo~+N>9Nn0_xBEZ~D@dFa z>AUHglIC`KAz5G#4{$|w!T{&k`+N3b_=OerooV3v$+ZWX-I!XdIbf;}J$rwJed%X( zk|OVR0~i1bRUk>S@yqb55^hu?b^lnMwW!k(9cItXpGg_Af z(eboVG(t%v%t|mwae}qnd^hpFqu|dPXuAE2sDMf3+#zq3)bWx%sJYb(pGEvi@NJc? z+Uizs3|da27U~(J0D#?2KN|j#{{Y~HAGN9YiQo?s{>WZ4)Yk7@(Bo_W01nS2fJryLpRA$?E6vuPTQ*Pp9e zPU_pw%<=yK3HRe4on}*tH~e?u9}W1L((l8*FVn5HZwTMU_V;$Ppm?NLQok~u4l|nn z06V|KTFT{`9p|edBzoX}HN#q`v#$ql zj_Ur2wST$w-R-WNl@hu6LvbTaj?tvNu~WN(IjRL!RBj_ZGhVU7Q4zW#rtiK_8R?3x zZq4#6q^Ry|N@htK^2EVVi5a6EG0;^P0U3;Elg4SbGC38Mmm#+f)vIGS*;{#xG2@(a zK9tn1Zyk;HYZB{m8oEozCys0B57_JWq4AgOU;9z~HTeGk;kX6vjSa}P*6h*Bo6A`U zM;venQ@9>^6)$_UrkVbj9}IpY_;bg;4e;lTyd`-Kq2XP6!YxX|NSG7>)DobMILJ8c z2&>xEZeA;xknTgyJJ$txTSI8OpF4b9_-m&4=Fay;RJXNTN*Ski&2HfH^OqcBm1N<=eB*Th^EiyKmH1P`!!r?I)vUU@a3hu3we#@ zxd$sPvvmOd59TZJCR;^RXN;Fpa;#4TS7sJ^Smvn6Jf&AtgV(hZ&7^(8@or<^wDDs{zTh^kjc2Ijzu|E*B3Au9m7Dro-WX3{>#>4VTKI6B$)JJgZPfM%Tgz78$EjF*7E7DL@Z2W62Sed0%n6*hUVW{ zvA4g`Z(?f=O5Q}=lE%QP+@~OpPwQMx8k=(;=kNaj1%v&E^)J~A_KNW=J{;5KkH8v< z{?X8+X3T$NkF(TO8TF|-XenBS!#*tcx0M*`3J)=a8N~E4_zJg4WVO z8nleSXCK2|QP|^~GOZCCQ2PS0GO!13Yqpz6Z8pXH_xqKHNDEnSDf|7 zdhN97?e1-5j_|AQ_TqpjNcMU@=;JZ@Z;U8C4SIKjbqhUmD;s@6MY5F%k8_=?jPcC? zVEFG#)AbEf^3EH!x`y8(AsgjO4*YOy$YRni?HU5?%z?Qlu4p%jvHhkac_Wr*Jann_ zjYVc>^CJX}QfR@Q^$NjX>*Sy{7yd(c!@bKA6khV80qR)+bEMOSx}7nb89rtyB6 zVd0Cp%x+RB-)jaufG925Bg{4JV$SmGPM8FERdB!_ht{FgC$YGJCRf;3wrU@dn={~f zu4PMTBM&LzKs>cUsc6@>H>u~V#8BX=;O3k}Np&TS#0DaOT&Vlq%`;1wM$RN-5MDvg z-l{i=4zA9ANb|6q{c8?LE^{2NWb*I;&q4I1Ct;FXHePg$VoYx2arCa2!%}KZEb>G` zM2brSKKE`b6KKZ9>ua$jo>LWO$53gLOK)=w(IkX!1oCmk1sVD_kpiAKpLF#I4 zLgoo3xV8%WF|~NbZ55%sR)-Y^mOS@K3qNjYH4Ps6&Nx!slBK!Nr88I~e@1Dv^;c#j z;<{@cSI(6TWHE7%n0?bhQk97$xsPYr=C`+*%$xUPmHHa#tXA4H6UW2j=FJ2t98ZfD zOMCXcwwQ^?I3uDr_=6J6NK&-24@t+;%-?lWE`R)4p6Pk~(0_ z%H<`IN8cli{W1-DEO*n}Lp0V`mzInIpiog(hXE>^ql8ukSvt9|zr^lE)+KT@GWv5C?PX7RF-d48v ze9?a=u7}|?77Vgp+wPCcNuSHwIwp7r@U7bxh(@uD790~^e4UTznlD3Z&4v_JbDyPS zU+ufOk7&U`iW57bvE6t#M!wd3)KU>5a2uX5d)KsS9tH5a-OHt4+}YjVNtR@G>OHEW zt`eeom&tY{Kc%)O*5NqULjgWW>YsnwN z9thL?A8fIKb8iNGvg4}(jt4bf*4v++XM8135nfeRjh) z?tRbs?L<}dKQqs8{IHcvXn0SEyan;=;LnNL9~^iqSNkMS`>Uv(Ws34HO$K6(Mo;``G;Jf&T!4ig*Xa zUlBeI_&4K)m6eRw{u0zBgHU{(@@ewzQv3{IS%EqCG)d}yO<5*kY=lOvN}_-K2-Y zyvwrRO%h^7o1ol1EAl(Wo;UGN#BUSc__xLLd6y1$TgK;iksf$l*DY0T4$4%`T{Z}& zMN$>AKOt4g6c%J&(P8JY9m9*dy z#z(z&VfQ;_MOgY9;l7Qg_}9cf57M>mXjqLx@+%o8VUr%?fO-5Yf8wXZU1Q-d#BUJz z9{da2Yk3i^FBD-ep=AsYu^GV?>?mF>pFdwQgfUUVwXBnC{@u2pjs8c-+S>PrZ9ir268r?xj-BF7Q&nhgn(8(fjYA`2*}r#>p|8nL0cp4Px-2$`zIC;< zY8U{1Rq4;@E4@9DIW`Vdl$`gIzv=oN;kAxP&eRD10A7?^#;`d@T!GWtrd^Mrbo4si zAH~}KjTPpfrfL&gSzIVtkTKfdhu|vecnidyF3|POS4q?3*3!(RmsaZFOXVND>b>@k zO>$JFbB3fN2IRLsdGJ4g{u+3j!@nD%@jr>RoeRWvNV52S(31XGAcxL7;Tf|n-WqhP!%-)stR)gVh5_qaxZx8rt z#jo`n*IPSq4%OWJe9h1gdTNRD8J=LEo0GBTcb~F^KL9l!7h8Npn;#M0XzuNn8F$Cz zIV7LYzpZyZ7t_2Ss9amy%`94ctiLgyC6P(*kVO)q(D}+a%&SM*QPp%U_~Z6T(fnVh z{{U&|nwNuZbqRTn;wh3RPJg&@kEMARjQ;@On;*3{so*~qYMvPI1;4~k3_)V|KwD24 zo?xRtx=-V51H$rij;9sPJTp318sV_9=ElpBcY7a@9s|=_Q>t5|Y8HBhox?$MZE%HN z*@qhno`;I|8!2_2I3q^BZL0FesmIV)B%@>WY$bTkH;L?e4~#8cRx7)In~p%QL6*kL zP(ePJ$tx7y#~+1fW7Vf8W5zYh@A#Ter=qe;77LF|(;;A}L$Cx?Os-~bTiztXG-k*L zA6nRJb1Ii`LF4hP&YE&FwM*o%uy_w9L$qhEYM+PRMA&)X-1_@gk&)RJdM4&@3oaW1 zoeX8nfJj3xBi@H3Uo$X#TP>t;X|NVG=ImeTJ-hT$z0p|X*@$Jl;d-N_Y)Gcjn;(t=)MVBvx1t#(jG z(S;ELPfSuRwQCx2!z<-*D}(VKkrtOEH?hg)nOl`7rEYUgiKgmHA@VaB3yy}nt7L(r zO^0bcXe6yXE*$MS^feS_QBW2JhBWXJ zG$I+Cup!h;fBvwnMOWH zrD4LJ!}G4%a?ttAZ8dAH(ew|(?+w^%aBKb-)~!v%vPK%!$=YI+ebye_5nO$ZuA$-m zUi(hJwvx{N37Q#WVU7X7KZvhFlRquuRJq%U^pAiqtmV0iCw2~Sg!)&n>)LhJn6^@a zv)H?J726qiKRCs^GiSrM^TBj1=L5=d@?`Y(uDe(JJ**8B*3ruZgKK1Ts+6p8Q>gBF zMZ_1HP3qif!Qw&6k=S>y7V$TQ?d~VlyvR+@hc8sE<)~g4Jy}PuIs87k!fg7Cvbpg; zioP9c9s}_W<+hP_y6=S_A7_=bz9Wq7IqB*6Rj4hdgF>6cwz|B!Zn2A%>OQpjnmM&0Z!E5blTh5f zvg;DttaxC=v)^(4D{{XVbiM7e% zlf-vM;uoBu1dua~_22_j?KeJ0HK?Ofl6_@w{FT4Z_`|}w_NU?K0?WDLRKsolD)${H z#-~@X5?RM8xm~0(nWIyGDodlvXR0}%mEn1b>Q`qJPtjaVUXiz zEtM*t`b3TUOA&Jj!jRd|HPUIe$rEkmSR7}tud$^bRb%{eto3K4>GQmHq&N;UoYr2a zd8fk=lKnDW!hz89>0KuUMtOd!@x0rkfy7aqh9j*>ZF3~*9hc?oC^>2u?XMEnP>dTr za7A|7ez$KdB}(kMQGh|=s52?vK=&xczzv<*tlb;Kx}D9_0}IavepkR4_Mi^V+ru}h zbnrA{2*Q%A=Kz}E{8{1G(`QL!MN=sA3C>CF{VAo;ne1>mvaVlQQpd~t`i_|8`iX%=UQMa#+Krw1nNm+E9xyU1Sb}B0Csb>Onk%%kNSDm{_&5VUkJ7&|el~dD zT$jWeys_$wGQ5sLmCkT5N9ReJK_4i`scO2n+03@?GB*+j0O#|qxb&&pV0J4rH&1HH zX56Q>d<%`V?SE3x^;wnl+oAilk^cbIHz#l>@Z!FJzrWOUn6I?W9`PkcK3UrNQr(4e z$&ZzuVW#|97P3$O010h^v{t_&OM?vlT<%dG6gyaF_`S`2Bz_#Ux<~e${{UrKl;NW+0S(Uw z-n5KtV<{d@ckuT1?)|5i&wpWmXiHE0QA&TMT6QMq zYbS|3Co&b&-qLMS1M@C2O4cuf_1_2To+_VD)^y2~n98K&5Mploe@dk*8FHO6_%;nc zQq-<({6+n<46=i5Z8SklLmzao>&%5N)$RPvF(nbk(RBmR{uOFOnAaW% z@bAOzLRQfyySTTwP}2F`QO{blbE{^|p@I;lv*r&#DkZL>C-9xdjd^m>UQQuHlFf|c z71~Rq9b^kDC07OZhR!ta+}54Wl8&3if=0j~RVi45CG?AxMz}7C8W4Fud+Ago zvea*GW45!M?TG#?e6=n0V0s3RJLz%UY0G;vLVor$wTSPEs%bnhKG3V4e`DdF5o^~*>8+$TMa*(TGLTmXl09qG z^sfteGr|Qg;?SbB*SBn0(MNv7Qucyqt*mHQ8vL)QNg-)S+!&nWpGxQA@WMh<&nnIv z?`+`WoMqgJM(0y`t6pff%_f5)wc09@%)3JV0<`=;@d_OLx>9i3Io{jDHBN z4BTuwX3Arq-d%@-naz%)X6TSopiUC)^G!7Cc+NlE1Etbn)T!? zgY5(5#yTH*#BL?~JLw0^>Y=;ikw})2U0kl`C^~ykN!Qxw_P=Lj4291JXy+A+ckuBd zc<&;-n&oz}*zz9dxamwvJq&fUZ95Sc2nS3K=DhP;n({l@jE$JHoRj>h8BwKFRnFp= z%8t0HR`9q9!mm!9DFNJgPeiu5Nsz$)Zs6GiJG1Xv_gZvTZt%>jg*YP_tfel4Fn-x> zZ820IDQs{$R^*@Cy2Yr18?gqS8!iI#^%cWfXGJPa=yiS(_-TEu->t;=u+Iv{SSeg! zj&e`oUf1EPOKmCTj9ZZFfS`khBfWU_s#x_Y(a`Isjz171$!>PvZV@)*$Y2Mqe+s8{ zq)(>8+pN|XTw~?NbKbe5CfTxsIm_=C*x1lFTcnj@bod^lW$C~(S!oD;3jjs<2cniZC*NU~qC>ASNckSGIpKfdRU-okU0D@@v zL*doszmER^YAtj7e^cKSns~E0 zX#*)$IBS>i<7)TTwt97@rLS6$42*|-0QVn-SH7{-tZpo|`FvApdxrl2kZ+Q}`(?kT zYpNR=Ib5TrL8xn5#qseoS?L;gGC)uk1Y0Pr)6QZSKjJ6Vq4 zpmEfbR_(1KKoy)Xf2{^78!2XrqX6wV!Nzl42AQHY?)QYWTU%>qfttz8-Z6JQKfs?3 zyi?U7azRMJ#M5p*e z^NxQy=c!cQD#zXt=~h;nJ%k!fjh2m|Mm)Hpwjpr7hqJJ@4OS7^TtnVtv$B4 zV=N<)2p9)$M`7tz&D80HPdn4B~3shpI>_8 z^|@W9ic7}wNhBzKIi=05%}h7awQH#NMW@_Z*sBcAMnM$M_?2mIB(mGv>Nl!#v;P2h z85I(knkY2CYu|N!aU2%S_frR&=QVv!Tgf4`(c^+EShB4q+%peTSW04zBgp(u@mIl~ z3WQyoJB@o)iP<0J48Kv1e>(YJ#C|&Qf5dyaC)`X9SOWNX^XpPr_am)}-HkIDlGC zF@gq4`X9tsrt4Zfnl_HQo|&gbF+#h^;3vIrZivoI@|*7w`AZ~aou|jI0=(YF(p`I4 zS*M0YfnRr1hNtlv6896#Qp-J*DlHrG=sUDa%OX zpcvzit!CffB$kjg5T&$%LgW*YeN7ITC*>46cZF?j64z4FVRsUb-m?(FdSG^}{ZCBO z^yrINsFD!hc>x*rHT23iJS(0eyyekagxG-wukMA8vs z0#Os^B#*s=Qz-N+kolHnvGKGz{1|PpZxH(>UyS`cO}G(VSyz3I>b*4 z^AK45dsaNG(krp4pxNq|*Ectj!yeGee*Q}e?zR15FYJw1PSmYhR4|2I*<%X>oQ~bU zTG=CWx%g}G7sPsEL2s(Z99HSGY^x^+)Z@2m?Y=PlTDa46=;4M59y^H6%Ybqjuy`Hm zINw55TRWrU?+s{|t$81cFK@0dBT2z<$0)w!eJkm|8(rOam%`KO8abKXWD)=*APu9S z_v=S0GjqA%ej4#6tKmE7V86^Z3nF<^sli4h4Zodqy3UEBU;I!>FP$&mV;aQlaAe#! zcJIwFQnBp+0PxKp54HP^M^nGKmrtHn9$YQ+A~NzY+2cJc>d%Eh@^fGJ%)PH!Q&ls!@e87x6?1K^ov01 ztj-R_AoKF~tz#n8EGLirU*c^-`@uHWI)Ys+%BJEdmuj{#*SI(tuc{*OUVuD1V|2FH zU)r)FNXA(*4o6Tr(7`(&Bm7zMpNO=t8|ps`ZWZnAyoAcEpX-oX{g@mGh68QH@5%+LH)j07g5H$w>yx){{VO% z{cE!Qp0)n~_(Xmu+3K;(EufYn7!@F+bleZ)(uA2u*|y#$@MeqR7-H8Wv%R|1)zKk# z+GfZgk?u2CZSXt6I?cW07Pr=Z9J00FENe0U09Z*UXwTR1s7a9IkCuE}plbdeO%*V$npoJ&;!70LZezDHw2X&wV5E%u@l8Z`K5}GLot_8#ZMZ+X zZtd9DwfJ{LlIKFU)ozunw8wD?o9|$nPAs#wlfxFacP(QLZhbl99~Itsrpn_<)ih{zORx*FyaQ@*K>%YNze@bw zhv9#Rbxlje3oX!r?cQ0Sw^OvFgFFH0LUuX%PbJlSD)v`5D=L+U0EodA{ZtUcE6DD2Eq2a3hGaSN=PUCo5#J$!_g1fN_V%43EIrKik*6rZcbh9iDvd4|;NAU{$KmP!N$$rNJ_No1p z^$!<#TS}Vu<2S>yb!{xb2bq6nG3LXM;u{q4*D9cW>{l)-pENDn&+d2q3@RVM_lPW% z-RgJI*&8cXn4P5j(U1m1dK`mZb0UIWRY(VsitmHabO@Oo1!Ad-l%%1d$I)~&&CSeaQ#9gPUyEVQ#L3^_h& z>w{Ym#|_+TX)Ml&N6f%;O}>Xj8U1{J!MPu{{9Y~a7O(ped`7rie-rq1=JC#2yd7v4Z~qRI;^e%{|;@rihQ7Gv9(+*R6ja-y1#{>wgTqf2#O$REzr-N#v5* zdNe9Y!uyU5T^%QG=RHUsDKt_mg+jZPhI3I#z4stcp7rV@j-n|=J;k)qyd>pL1_w%X z;nhI|b?J_^t;~m$3dX6oB%B(BV~Mv0`4oNAS#HKGQf30q*j(hCQ_Dup^S_tIezl|u zj71Dou@r|QiWsI@S73Bu(U6RWA5cfTX&2 zgZ}^pQ~i-FziR&g*_&KjEi&U!_@UtV=G1hgf-xkw*2OV3xKHBTpb!T;k#X0b^TF{R zkA2|XcU$f(Vt()6jhhX8k zE0fsP1G$rJGTBZoWO20{d}lpt?=ONLENyGUQ)!o0^F=+W0SFs|t~%%N71c*$8j(Jo z(VbS#Be6lrJu#Z=t+f?|GE4UeuDWM5qhgz1C8hrW_Jy=5=BWf8_0&P)=hfl8i&75H zyC^U^)rjP;0=sO9wz{5x)kyATv&a&*NzXjcA}PaaE+LpXPrZXQG)8-WByWwe(t~7itj{dS z?H^YB>!#C|IEs?07pGpd4A;E3Ef<{=D<(1qdK%c!ME1}LM+%`IT)*h+x zGULSTw;H9SQED@sN~(AUtB~2pp`m4IX7;i@!z@j=Jvgk}y)x=MPcjCL)Sl-YR2a2m zp10Iyu$?E3E#Gu@6`}TqoIF)E)2=kAZhqHx-+DrrH4=RdDV&|- zeV*A-lMU2klU$YU0u*AFv2`Z3V29mu!5APhL;=~~*I;J<>< zYyx<}1;4#oMZTu`QiJh#^@#!~;Bbs+QMc zM^@TY6Un6)V`WhH{{RbHMWpyz@5C1OF}&tggj<7`eD}wvK~;VsSzc&A5xgs_yz(`* z+z`yc2?7I;m>>J=r=@KZnx#&M+gcOp-YnA8z#*1MkVdB;F&OVsM+)g4MA6v^uOO5* z&@f8oyI~9Hc~g_sAANq#J`V6##t#gB*4`-bN@^O;nQ5UUlj)NIBnuIOR$#H?CCTPeOgY z>&>c<+x?1c`Fr9whpqe}d1 zEA-lV5Gy*j$s`@kx0Xj#7NE_!oax5f|IHs{03rTCx22IE-KBVRT-;**#`{uWW! zw>6Y^KS!liNoaYW!k>tG&w{)|E}N^E?kt*IMhoL|_XT>4SLj!RJZA;YopX5xFD)_@ zjllUt`&U&n$Ib8xanSTV55(4YdW36bG=FGU0HHWF@BaW3d>M7&J70%-yU7b%>$WEL z*_B8!$r)10+3q(3UDVe@@(lL|=*}tic0Ie{C&Yb1F*v!sk+n&-qdsyZLH+MugYvJw zJT0lmsc56&H;N#))chynjWT73;anAwc4PyQ!w@;?k80LP{3DFA_@>^?JFk|%q5RSO zOVPFOgdY&RZ}7KOSuJk#Eka97%9}jvbIfuNP|8O=E5ST-@jt`97rM8%Ymc9{r!s3t6@L76+>V5;9Tw3Z@S632G46TVnz7xtlbM&v5ek^#C!yW^>)HE*! zYOr5i`M^L>T8L{=evexHi>#AzDp!;ordHe z-W~B?%M39<0gais1ms|YU3h1y>B=`+9gdx=T-hbO(8}vHF0#hJ;G+Y<9`*Ds@5Iep z$M(=47hX@P-l{6C%#E2aIs#8M?LqseiHX3%Q&l9r<+JU5&l2(cm)1HR-L2#)sAJz-Axc4 zV{PR9E9cLM-VfC*Cx*{ZTk9CytnncjC`UpnW1-PbQD?L19yZjkd^KxtdeU87Duv9f zNjMm-e-7Q7%RE{6DMdcDilt^`wznUdCj%d|)^S z2Oo`NG!hIQ+>ct{ms^@hBpXyBoFPoQK9Du*wu8I-5KOFG_ zwO3J5r?*q(kB{09iM(s^5%r_2$*F305Jzspa#@P0+_NqYggEDB|*5RTmq+NwwuA7SsFB&L8+HAHqL}{vQ7T zf{T99w!aN7EwuEyi%!&a3pkVrqP~(K(trnc;feKgUkOFv&1z(q%Cx(+;GrZ8XYj8d z8$vwKmts5_#n-LFI2yQ@@49in$y@TV&qUhJfQ2=UKGtxIS23Ix9;EU7>r+qhNV4*d zo=GLL7j|%K$dqh;)rQoesNaj*=`ZDr7cw88j{fEgFWK_URDru5l_qL7(B`$fi+hbyC=xQrjgWKFyFC)t z1xB5tR%PRF^`Pj4x}6+Sd8`J~5O6)JQ^Pq21P{)Gpx``1d-jb+*(Fxn9C!oMn%%HF zqE!h=y8|VbG-g-GEDtn}BAaS?3d6YUYXbv;OCR_~bvYnurIy~}Lh%+qcR#|u!xiXO zrHoNXjm~rLiqbJ6QZ%h)dFOM5jd|*8m(=FA)I3+D_*O_!uWllFqTG72vRm2GI6jBNyL7-S8gwATx=zO(t;sm+zuCEw&nQi3}C!>r5`Sq`^{u#*y z{<)+;(6=qUmAD``OY!@g&Yx%E4L114eWt+R zJZ_`tx%YjWDx?C2TDW;i(ZuUi1Ui3CsYdvb*TdW}_iNm9TfC#P6KB48>tfm6`RB(rwj-+sE zg_fUsxQv6r>5O87o^0GYMAEc)K{FGI>#cMcY;L16+idxIj-QPL8Vx3yB+8N>D}cBS z)84FG_^QXk!(^`<_RYg>KQ#bFsd)QJ)+0aJvq>r|U}u5{zrA_yh_yA;8rY+$DmI>T zPQ=e+lDM%FMj1~(O48D_i=+U(3!^60Wd1T!gT zkEr&lGJTBZyj9IUjRE!CBPz{u-CjgDdqd869I5}E1mT|K3wEj$f# z84OMZQj0N^PQvQKJL@2T z{{T?9kjnv%6~Rz_YuBX~_I8VJBw{&Njo!6MSWOukMynO2IXP?HIQI4mJ{7}~KG#xr?>oEaPI!VZJiu|DQOd6)S;t3^a8Li#qEw}-*CxSg{ z9L~CN5MX;b${v+#} zo*xVNt46+(_fOU2n@reDiJXx5Bb?Sm^P|YEV1r1PUDGvptislWjrF)U|ti$nfHE6{C zO~i9cCe|#Z0@>^N(>Y}uo`t1rv))_55w};9CoHR+il?et++Rm`1aK5As{Ek8)n{Bb-nTu#>!F%grI^7@fLHg-DBww9JF zCAt=$IowYoymsT_2Z}Can%2hoEL_SEhsaPpYgi%1DW5}lbHOij6groP5NlI1fMH}I z2rKu!eJjrVZ{T|$4PDI+p0Yt@faw&CyJ#akRXq`H9!(5T!7-BDA|2l`^)=h*n)SuB zj~YLi3gB_~O=4juV%o_a<-wNii?>YlBD3ew%3L(a&Qthv-jRW)V;Uo?O~Pj%O6x9s zKcv{EpQ~Hy*AlhQ$jHF#L!LcH<3JX5?J~~J$%Hovbc#1_^*)%dB$rjWLpZWx(ysw= zjQeJ@m=|>0%juYg4HFZNYg)(qLfYb2mDSfdLI*4D?^w@cNXpt4zqf@B{bv z6*aB>u9>DhaX}nbiJmdQ&!u8gmqRH$MQatw4CQsq0g&nRTO|IH}3nNc=k2xqi-`A$yH!Y;~z3osQ>IK0kV= z-0|L~ann(?b+6}IOM7OxmP{y4_^1{sBb=~}B0ISQ`qYidnsF>j+$k;8 zU{-LtS;sKC`_n1AUm<4IQ5r!X$k`eC*SYCl2h;S4PMUn{xdAH0m-!0tF*v@6^(a$F-te>ld|9t+`lpB`R<)W- ztDVFoHsrCG9)knDeee4`e!xEx{wjES+gSLk8vHx>Ugc(a?jvNpxP9B zYaTy&JjpFz_o)f&M<<{1YFq4a)Mux7hv9y|@d0f0e~3OX7G4U9Kipc!I7V!B3<1gP zG4!ruO}4S{rmp%o!PsE?B(~&SOK}J$FZPkK*N?3@s~EI;qI^Nuz8QE;>})h9@xP5O z**?d21Z7&%Oy?wyfM=fEReRZfFL=*R(Dk1fc%*n^#Mbvw$$4mPz!wmP`=5yP^{$xt z6YS5TykV){>E0c?*R2WT<3imBO(f-5&Me*ShwOH6dZ)biGSi*vlQ%t{p>@ z&Q5sb{V`fbH!zoD$bL6|(0>TN5qM7Z{weA@SBUk+kV^tvTn3p!_r`zDYw&0GgZ;XG zBK%oP-wk+ES-}#cwF{OTUP)Ud z)>#o#spHy$d9R_TX$r_@K!EnitxZ2jNp1q{ zVUB2KkdH&q^bZE#c!u)dO3^g?ooe~q1h==0v22`n9jo?>_HO?Gf?ntvuZOh%033eN z+WF96-X7mWgXJ>-GOp*TJoLsmu1d49(4%AROCJSz2f@0Yo8Z5P-U~hw(jRI~s!a&; z*)!BP@Q+bi-YcKLx+a%<;p;sY{t}-Qi;!czjk6exOo$)Aoa#83s(53bZc9`3iutbw7ml0va%@QuzTYe=|?X^WY0a* zn@hF6eR|?`)HOM=8Hwa9PCZw!sWqEDYfeL{ULn)8d4@tV?cML3@;UUNr!xme@xH5} z3%ef<%WW0i!ue?-10ZL&rD9#!OQ$^7o+7!ATDyJDskjjs_QC7PsFUa}W)gU(#J(%i zA=CG^k)y)E2*3(h4(ID!_0)F8SJJex{i%A({oL$h^vz=}jUvuR#=qF#5AFWn;{N~; zTE#oe&;A`=gpf+TQ1ygQ$I=a$EHG^p`^_ppX)^c;f74QBP_0bx@F0ppDk5-NE zwhAGfz;e8TaLI=@ac}Q<5mG+c9vN6pD5|>0v4yk{qpElM#=)CMT=(^sc zs_On0mK#XJ#3L-w4gpHj?K?=7arsuxk)~Z(nB%}3n;;X` zua)dXrK#9!u|1}W(_GDSZ*BV<#MZr>gSJ5%qe1H-YXxez{YPlGsnGT;Unsvmn$#_;aY>e@N z=~k|;p5=^|?j%9UENY-kS96N-9*=QxBzNy}(ID!-!%^AzeqB=Bd2k6F9Ot*=RdSSG z$owI=*YD$kI5jKKIZ&%3edFz#@0a2YpZp_NdK{K9$#zI{DIYR{{nPo^(sa=CoDuWV z>Ncask=-lF_DO**267p3)BN_YN4@d&@{b_hz00@?B4^1U3~}_W67FXx*t4N(f7rJc zn(W1N`6eM)2FPMhwSCLrp9**r$9@Ucd^@Y?x|xWCeEA5?^#1Pz`3z}7^% zto3~xL$$xsVY0JrooHeY|Dl%j))9c!Txoqrt{{W3_th8H(u)Y1> z;;wfJ}i9u)AgO$WrfsI=6sR2wHj z^1m4%`}D67m*S}%&w5a=)A%ciwDf?eDJoxy=n4>%u8(=wGCI~H2T>oI9Eqwq32f9*jp`Fb6q*OrTAVW|5F)XZb-7)#oP1u(ciTG{d9a~Jg)b!sG+Y5+ez(F7_f!m+LyWbi3 zQtJNz%hgOG8)Jx=g~F%<0DhHEaxS_b9r)+Mnn%O`02@l$y!I35&OwSe8@%m_~`yycH>)j{n$9e2aKTWKtlNY$;{&h-qL%8`r{-=WF= zb>C=yAJtB=ZF!{68?~gKX6^p~GLLFZT*t25_={8Uy!vIR%4*J}Y=G@uSwQ3$@%N00c~WzB_iT83(}{w0dr_rd~a~jMovnM<74azHQcE zQ0;FN5*|q8bgGNgQKoV4XwmLRRb(R@O?{F3H+)7mY~CN%Pn8%xTsvEci2Jx5#cy+N zL-Yp9=0%8kir+9880lRcD;>h@0}e%DR2tCv$M%fyEPB?7rg(}AcTG;pLbEh!lPqO$ z6#l=Eug<&AC_Ths$nw~sR_df0h?f?0-w(W3KY;v6W8xh(2ihW#84xHYRPHP4Pl`GX zh4HcR=9ciE4(iZ}WKE|q$VLdqW0OqjjE~OH`$9Cap9KY>s9E9dM=-?A6&MdB?t zL9)8F_(kHOF1_K&&oHEp*_s7zhhaPe&e93%UyD=OtO1O>+ELTx#_njrIdUk=rk``Q z{(G2CB?it3*^C-zI5=!>7~peVXEc!$MmDGK9FQ=_)YDYuwt!1|P-A;L5%~d}#>WHK z(wdTaN&p41?@q8Ij&%~l%ct|E*3;M>I#ww@0$MrPCtNO7x%Pg4E*2Jd=KJ}58moJ2x#v0Jq{+46UJw?_Wt(-=hzcpfd2sSQvU$i zpx^j@^Tz%c(-sMvH@55tDnZM}G24PaDu`}pGw=dPrZJ@Rt4A|uBm1X4DxB-`5FJSA zUYr@lIGJEN%yPM2oK#ZHI-iw8uk#SJJ{Hy^X?5QZ1h$e)llI#q{;FjsuLKXT(!H)L+g&<%71{pFbU}=sLb2^$ zeMp@#9jIDME#1DYVyi1eOmoC~OBvvg%D;yn_%2`UFE7A9kJ^{TPYOXd{2<;VX?3kB z5+D&LZ}|GQEC3%X9qK>2;;@N!NAvrCYbES4-P_0_Rsoq$C)`$Ek*!^6la+|biXV)6 z)sTHJqL{K01&qJIx7l(Z&cRx&c}l z79KZ8-4X)Xum>fG(?Qr%s=*V4(oL`>Nk>VC8qNFtW;sXNZa^6+b-%Oq> z+x8ifCK%bzuj^OM(AF;JplTWdTIp;Hl%IjO9X}f8W3srqf=gDJy!0O`j`bE4qjH|D z;S0E7S&_)xm?Id$tgSarxUiiTETe(G`Ba}82;J3HwTs$}TTBW_*A_q&{VO$TodQ#;r#N4;EK3ZEc zs=2{DVzn%EbhLLQ`Ma`s>5TeTQZi8%<5q#Z_~SA}=tpjtr$w*4u@;+fg-!++sibQa zp~>FO=3Rya;Gd={waj-AO1^k1hmdjFw?iegl(S5tDCLZf2_JT$OXRg_9!4&EW41d` z29}*2w}@s^(=1Y^Ok|uK`&XlAz6ZK(MjQ3J651*q@sanl@Ay>nYH1iAt>JAJ*Gzk| zR~D@kjEb3?rtS%6_}hxfb{-Vn~|hp*!6VLJUyk_z2>nr z7X?WOe8IU$&je$=cwdOMy)NSY-rCu1@<=5|1l03rbw-(w9M=#=C%0EtQ~6k5EVDT2}IXuFE-4S#f}RSA~g&r~7Bav9=D3 zTfL(len|6A5@`m_Z8bPu{Kk{)@}iDd5;mXL`O%=b{B!r4m{82TEy$U(5e<9#QoppP{|3o1~5jzIH;M&QYWA4_A`02 zS=;%t30HumgP!8KNi8I`hsvEyZaBg1T=RVnDayw=e|`2~B4UNf=LfZB&8hiN#|5NP zPpHV^I8jDRvFI^V9nK2ayC0?>2K)h_XtsJm@lC2Wr*b1RLcLIt-`=)9HheYGY`k(U zO_+TeSd_!RqMQOSe;?AjX~&`GJb%1kXxc8h;B~XQ(e4%-IV3E=eBNUB9eA&7)Ad^o zSw7cuaRe6(yGnQIUG&)!#J8$CPlp~d@qfczd&I-Q`i8x0ajsbXhfuY*wrP_30g=jW zJb=dpax-4<@muzO@W<^#`w41(8o1N7jZ@-Ait_3n7;mt;Tv}X1$c+v&kG`aL2iR7Z zcCq+>iFGiT98Da}SytzT_1#DMx7@oQh@TF1jrOZ$eQz{cjiY^*@+UZWW=F#T z^!+Qt^p6Q@J{-4c^+N=`RwAPTP;|)8TJtJXJt{PG%2ujjP%`cOqDd&V%nm zCP=~m06w+k_ST7IG{7Sawm<{D9OsdXrF3cP8g;&@VJ(&93p6q*UQRZX(ASCSKMH;z zX?`NJ(k*;HKBwTj>-DuwL^&~9yNu#iJqI045uZclGn@+ce$g17BVA|V-;8yy4b0D@ zUU|h5H90`b#z$^{rEP0h&}-fmpI5rOzW)G(n%%<2s`wWvgPq>|4t?u*$?SYhDJ$I@ z-wu3Vd1qr}lf-)O&)(QUXW6ut!AJN<8Rs{0~q{2r?qxd zX!<-Adv0^T82%3UBUJG1t@ep-`Ztd4r*&CW5|?qeKR3|-06O_kz#cpCXTwhy_=ii@ zW0utfVP}ECA(J0{0qdN8g13!Cduq*cv+Jd{z16gPKN)yp@@KY{L$t6q3NRmazt4L6 zhei0Isd)4DGtzafQt7o{7I+85jbV6M4)5&whShBM;zZ~DgPQ22RowV)GRl=&FsU8m zDE-ab^*Mire-tmEzD;i4#@(%KE|qQs`NJXh^fmU!gZ@41J|VvFZkeNM+J2EXmwJ*z zB+0#A2ap*fJn`I*d{;*~`2PSKaFcSB(z;*deBJ*51;+R*Cx(1e;7{6m{lL$Wjttvb#~?b;H3w@=PtG4K zak7!W@HnZAPP$UD&1+sA&^#^iAH*77i+62zrP^LP*=&$VL?ry6pYzhYsq{Tk9Xj7z zmc`)G=8(l4#C)v7836k7E76@8My#O+c&6<8o|3Df99GgnxJwf>Ob*js7MC+a8pd3R z$8SpMjqGw)k*DH)e%8Z6nJ!y-WXT7*@sHNL7Ht+k?0Y|pEgX=fFR>s41gCOGw-u9J z&jS}xpISlV5A8`bT}dF8D+|a~k%udl7&$*sYEO!v3AOKv9v;+uL*e^)Zmx8@Gd#se zQ{^c1?~iICx*Rm|p3Z7b=zIa;jYXbw3dsA;P@y^6K{>B~(k-qRO@c>K#OE0HuDDM_ z>@d|Xb|3JSUSC>i`Yx#^Qq(!OiO&FMCm)S-bKWbvvKB?p0=D+2RF_g7ckge-o*~{lIN%u^OwZ=#s2_`N1#?#j)kvrA{e z42L0?v98)E_zdcjolbUjJ|fa=QaEm|BTuw}x7_>Jo!)8ocW_A##VkfM+}EQGiOQtb zhmUxJ!+M69JYTtxTXhYNK9%l&vXIcUkBuH2@o$JVOB*Xa5-IgKUTH!RI;IzCKkpJp zpfpJOEXotDfvrxSvXms3t4#ci_}$~pQ{t!XAMwZH#-}kCdd|Nm+1qhr_E^3|8SXH( z)A(yvF~{==BGUAmaQJ0Y`3cM zl=7FaUOyZP_K(LR zb|?JwtJ-$C0%`L@=c&EMHty?Qbx1UNHB@>SQOh}JnUwj**1ZEr)S5duS%&r_1oWo~ z9I-q7J7vU3ckFy;>sOi(i7d>ewt`MO*3xLTCXWoX)P}FD>he0tAD1VW8n?G`?Opwg zB6&oU*VeI=Zf7cmjZ#=l(p%aWjSnN*vu)*g%Bge57|lw79PER}X%cCAbly|_r5qjE z`=p$IBT(sb-K+~UxbpG9?^;GZ1-a5#%30N1;1V!E$2H0PMeu&9s9*SJ#-1G1Q%Tlz z%Yd&dG5L`Dei;7%_15&+!&aNv`#a!A?LTv&d@=Zu;BOGLdWN@jzD2Z=j7J(Wki>#| z@@wT4Lj}`BuA4&>@{Dyn@moq~BB0Z3y>mE_7zCc@n%3~gjJ!*s_*+}>Y*){7;fvPH zmeYLRSqDEU?O95x-A*pUA%!k<`K<61vfvJbisLkB8a-NDNu42yxX)!ZmpRbR!ZuMU zgl&8rXZ$K_>*?*IW0?$bsc-7RTI~9N;Qs)K-^0mqtZFWrd{)I|bd~T41ZNfXWv7a~J@H~2 ziL~20Yugr#?()vy&vt(UHC)9PlaeTA%P2%jBfrP%DL1L`Zd+GKCP1TQut@5*bQ>?Pw@|j9}5lr zw8Bs`jAXCWSD@QNZLDbK_fKeNwwf~N%0UETv`FWZvE;rU(mvg&&tO;v+*q!0#%i{! zrVTRwNF3%d(-oBC)VR-~TH?{x0#$^ndt;ne=Ev<6ZyVwdhpkPxf;i)rQVQ}o!v6p| z=9z@ICh(MR98jB=+wz{3)yNff3wwoCa-0*2=eDL&c3K_Pvm3Wa)c`oprUi8Dz)2b? zC!+D%z1*^&y>@>w{VOw=(#UCG{?%Eh@``Q#Egja3(3@$4WU&|r90UGyR-w=)yT41* zd`+NItrxGoePuKJ;;kNr^_<#&hjm+fNhAvl!~n$PFMexc^IoyGlI|ELS*2`*3V8a~ zhnrSCP8`|CsNBgsu5IoVWM`vdwC$ov-ZxGHT5G6#9L|isbVHS90OQnCQSKut?WfaaaT6;t zj)SF4vWetIAyYr4Q?-od`Wn{pGfxey1U#<6Fi)*^Z>P_qd9dD(E_7lJMln!w$?9`= zx~%gfMYznsWD{0&pAtRW!KU6g8Ococ_N^l#Y*W{5{P!XNsz+RU*Ev2E zR*0EK=EaO6SqxF4Ga=96>s?&BB5HQ%!WL;_JJrF)FxaF1#)UX z7@fA1djBIe89@UX-UPmn(F(a-jz1;K9ERl(Ppy7czXa2!2x#&U3i+ua&e9 z3S8>;*O!s0lG@$WOy!1CJu*7>u4z3EsBCi=ddyL3cRCR;yw>fsk;rWNR%Ct!PZNJ@ z+uGlKhUyrabJP~V&jfud0-8LZN%)7XeWy;)mdfV)OSdl+mpe1%5PFl0o@?sg4_RHk zvn}&MG%~0>9vhDI9J4&z#WuQ1-b~AB8DKWQ91-nX9}o1u2St-*rs-*Rq{v!T0Tg4O zt#1}`IX#OSgm!nbUPo#nWoAD*j4nQv^Zx*gw5QW@OGsZyRMrJR^?!_U_&uD+1IUh z?cg5;+Ujd{G}BKTxox|*DLskiv{JD4KBv+=Yol9emU?t%!d8Mkk%o^2y@?%q*ULUW zyw|l2YU*iZwKi+QgOWh>rOX#R1H@J{T+D_Gm$doED18lU*{rs&9%e3j6YEfAQ1r_^ zH6*onF3B$hardiEaI#vYNPl^apktw+%;+>NDk!a^7t%(}fH97yy-QNDg2OKXae<%fKpqRMUqds=BHXLRxTsY<52ayf+C;j9w=)#PYTx!%b!} z$sDLYUEZd$+Wlmip$=8OK>k&n_5*>uy@K-oKQX_0je(w~y&~pFuQW*Evn4Ko0DPPt zyqd&k3l@(nPrS)H$eCpfc7{IUzOMLf_M2@D47S={sd%yPc#s{-^gU|hD`+)+j}`GW zx;DAuJ#zP4(acv7e2VVpXyc3z(zsm#WO?0eE`PJka*d1z2q5Hs6%y3bn#lVfNbzTg zBeT$M;VhR7sL)4MXg5+R0}k zdAJRg{vZCmMJ(IMk(}ow{{Z#PNEMd+tc!^E1E5@jQ7&-W?lHF zLeS%AbvrR5p)4|R+3omNlqecGA2xhU_^)@bvf1e^Z=%>Hcc2`cbtAbvQ$J__0NI!0 zZ|z^KO{e@e@O|W(Oj2#R)%6$}J3-G)#0-)>Gt#|^P~}<@>L0itvybdy@L%>`@m8M) zi*(y>iC+{Zh{1`Ib+w$JZrrPb?lOLvue|R3GY5%u-BSMm;;yFx=$1vKx3sp*O0fR` z3XnMCztB@scRA$EKel*-#Xc2-NBAwI+IW7>G!Xf|LH+0lInFcq*IV$@zyrbd+NP_h zT3mRC#p@rLdS(Vft&iac^cbz6nUs$}@pp&(E91Wf*xKt>m)d@yB}uj;lmT&^5D4f0 z0Iyz5Y;Hc$CWE6#C4(viir~kt-NyLSRHs!<3D%&;<{l0Hfng!;!lozQEjJa zRx#NwnQd&T9>K7Zr<+*eIH zeGKH!Bk?!Ip9I=?dso)JK1p%lVI;CTK!Yekl14b=JXhoo?E(J)1vk+xKH1=}+4dO4 zlvzg9B#7ovMlf^R>0Q*QobrkI<>G%9>)tKBxz>DBeS59ylDjq~kg~^F zMZs!ymU<1%q?Xb&Ahe7XSE+xXuf6{OXTR8I;!np-M1+RlLGYTYO+D=IvPMp&Li%F3 z>Qy`GL%I6b@O$Au!q0#{9vXjxyfbgDc+5=Ez4}HU%Ev+p>D=?{UgP5{v{-bFbHpAk zT~kxIhzM=sazrQltb?KAxVf(Gbw;0aj?^_ji#|Hjn?=39O(Vd_q5uIw{=O+ULKVsm z!MkVkr&(xz9J6Vxv?!vvo;ZMZ-_HZ7@7VRNl#qKQc_ya>^6CA=>bj?mA-J2xn$)e~ z=%NK9G7;aXV9axXu#~IGz zf1s(qK{|HWxGe5(EhW@7-CoOGvA{8 z>~q+kyPi6FRLSUFI!DiT{s(^)YSHWdI@Yi5bva*tCUWQ`J+aV!7404z_-|;gmte&e zuo-3BlK$XV6zcRklr5?B?VrM}Ojy|7Nv27sTC`!2q>sxipGx?_lJEv9&9MZA%9TUU*I zz!4M<4}P_=%Qkl2DA%mjo^234rLe#Sm}HN9R$qm+w4YP~CQHkKlFG*<@#*>1#T?A- zuk}45U$Z(-Y`cydVHh7;*weLHt)gfxWN9FF?07ZP2=x+|Lo39(y4u*xr4x5n$mbr_ zd_etT1-BOxFS8>(-xRSy|h_kuV`xa1W(t zEdcY|Z9`f>4a7E<>cp{Fh81#tg1QL~sdH#9VOe%Dz-)1vZ(un~#J)-5d1jkAC4oE| z>NJTFfr{=&iZV0242*l!#_VTNr?rS?H#duSX^qj~3}?`asdeJpT@)6>C87hMB19!ESDBt!_~r(n<5k$02d+z^&sVT4kRa zS!wzwg(kGLQvyK~hnT-i`e&vpzrZhz9w*UmXYj00Uf=1HTf9+AvwMceCqLci8KKCZ zXQi2o<3EP}B)io$T~fIEKZl+V)qE@AZBE}&n$iSm7US&X zlFPxuuhTr%B+d%PoW3eXMUEwfc-TgH9{8@~!@9D4ibp7yaQS4EKXv}2(xvP}@;np9 zI$h%H_F9&WYPPyu!P0oZz((v=rL*wvsScq9=+v&FjX@z48T75ao_ZXf{Al^NgRyuyMIj@;+$smx8P; z^~;%+F%0;Xm3UnGf$y5{JQ&tq8}jcg+BgGpfR2QFRH%11K7hB^((R1! zN*ym_KnN!u{=U`emp=-v`~_n*<=p2`)3%mrviKZcE_=-T9(Myk$BJV!eMoaEA!x*Yz^pPjxh@RpaUYg$K$wJloO z_IUFeqCd`ie8bYdm;IeS7~SfgDPI-Y+4;H}MJ1+l_tl0Q>yB!pE0@a8Lioe*?YEo-NENEYK;^`%nF*3GFulGl==9h6jkEHK4?K0-p z8_@&F6DpCoXSZtS{v-IB`uE|b&Vy;J%VDP9v4T+;IT*$P_Q|Y+o3Zd+rkShhkE!XF zx=y32L1;me;yZJ)M91IflU{kQ+o6qbObZpejlstQtyFg^GCZ>S8DqG2W!>L{+N;FAbp&N(Xru;JADW8&3H_FAp!lcZZyx+D)b3JkM&2cxN=%HQ z+nuA{obSr)birtHJ^=WM;{O1EpBFT*h#nh~eLKeb1>jhnOGep8`Im2efs7uxukYvJ zm&FYq_LBGs@ayBBhwcT~{!S7$xfBYMf`*d6QQ&RCK>_71nT5Dy#k+1w1 z^GeQ!MFhzhWA}1EV7)&6IW-ZD^gAHW>^}Zkt|Nv?6vuL;r0M9xgI;f~TBXd=>92tt ztHC^A*9AzHe3|j%!#~+R8qz)@XmLpwi1ZupFHs1@eWt=gg3LM{y#7Phzdk-Td_U2= zSE6ga6KF;CozyaFI$N;G$wFCk>D%fBbH#&4@$vgn{2Z6z7sah=!v+lpQvL0x7)6&P zGOxFK`JQ-EGGm0RjP)JOcG8vhIjW+B>m)m3E5JOOhY2Yllei8z>s==V^dM-ww?niA z2R!$uq_OfccqbVZtYvZ|KI76gk&A`Lf2A>1(nfMiC+k#bTa6H-v1Z@c9@L76%BbWC z4p>lbT!KB@1~$0QUiIuBvwz3EYxY|B@8Hjl+B7lU+Ss_U)$E*LURg@pWL%Em9D~@3 znH$nS(Np$(__yI79{eu&UGZbV-XZ?bw{12zz6&sz-RbgUV>1p9m-lnjV;HZ$^xGw9 zR>tAd?$%UWi&ymoWMa6gMCysyTSk#Z_i)4j)$v#D@%u4p-?gXg=i@Jhg40Zw#+I@F z0BZPdYq<9+-bM)tp262BaoK_GTvF3RWBl4aDEvIteieL2@h^k52vXQZdn(Txf8bgI>_>wHrSU z&m?Vg9@$X5$=GR46iGJF1Y$XaTzqwCg06STJldgLAl z^RAj&13yRp8hElTUr4f+S=sLPg?yZGfz5qK;roTTjZp23AAYsfOy#J}Z?{>jcQ7oG z$ug1%^!GK!HSGh1otW~|EbaG{SQ{NkM+p(HRcke582#Ag%% ztEc#nQMu9YGtMv$%N754ugK@9=nG>B#)4v}}7+7m2M|$9E)A#_Tx?bCc^_+?H0c z-AM|_H;kTpQ%DXv9bqgr8^1B+F2fkxox-`ub(^g#QMtbXr7YM%j#O1O(Ug{_sA>1Z zTGPJL>S9Js%#3nD9jdO2ai?mtCH0=7VrzFXn3!NY1IQ!rr_0pcI}4-uN$Fm_IdUfZ!uG@!rDI zx5(sY6{q7U-rCnnlVRB^8511tT;uv0y^tKPnJ)Oxn5?-YpGw=*EiGEz3~Yj4n8#X| zCTUJ4PM>bpcPRPjat(a}qia8B)0fI|xv{wWdQ_Y8GeYOZmb!kMdP79_teA~Uahk^P zABuoMcY0$!B}q$0LJfp-$3KMy#aQsYYgq9;&ap|A1v}9Yzq0Ym}lh6;+xhgFVi0IEf_!;3{JIC7P&xf@Om(XFDOx|k%F(Rqz3H23~ zCFGhZo=d{1X&u8``Jckra-iqlyo$*G0BEudT39+?;a`$EeFsj`b)OP=Y8`g}0Q)yU zmi`sHxZAiv5pG`{@x^=J?Njg%M)*N-pnOmGJMj<0+U(a$7#8ueumySCLX)2V0Lr-> zRgYeItf5w%6kAfg-)kn$uELcDI@{BslcR zAIuu@X4dYbzrMEA*^)4KDf}xL#PVy@M-_Lj#P{olE}85*S84F(U$uNm(QG2MTcq=R z$YdOX-7p8x(G_FnG1!CkGsE*N*MDk=G!r9lD%{}yHR{^Vw_)PzdrLnM1#6^?LXx+) zPsY0`o?I(lNuEcl==zS4JdiA}ab`{tv5+%RUuhbqm8VCmMJRVuhfH#(*1KUIhtW`s zU77UXz%SZQUGN3XuZnIoof_)*NRVxe!nwG&INS-wbAsOW{Stg5_^;s4kKPXO-;4Yq zXZ@4mw~>dKw&7Mgykb~gc*j%q&2(F#{D<_T;cP_+(avbM$e$#aYu&~AZl9gIpUPkS z6mQ@@srx*B-5xk6O^U<8{xr27AkpTxk7P5xcFedOd4Ypub?^K_zHEwPGzcVosOg&E z#74*T?}GW_%(z8RELOOLSCys#F3i#kKu3MW^bPx0Z3pCyk>~ z*ULEvBl52jzhm`Cv*$ZQJ(bzhu2N#^zauc=hq?8x*2Z1NF(Y=zO5!~nJheS9!f&I+ zCZw9cxQ$xfjk6%>DCwVS>ol2BCPil(SP{=ksH45R9(&_I56huyR~K4c&|3#!^F%)B ze^FfZt?XB1F;!<62P65_v~ko%*Mw4*A0&cDYW1$-azOF_51k4b}2*CYYson_nPwmKety=(Kj??Jxs zhlsU532XL}+T7ZI z-agg-9e9^V*KBTX64FKyTtYckR_K4vV@?v(_V98)R=yYfO7MrpTN(7$WVG=;y6-SK z$eBG;->(%z_JH_p4~)Dwrt8)s$`2Lk?jeS90=&!FThw4;x*;Rz=+wH@;65K-YaRoH z={M}QQ%Y$yA#kaEeNsXvdsdhfxX7{lS~uNwGv@++x4BdHs(INnvU_}rpzNq+J@m70u~tGa(8KNS2<@Kwiz^&bQH55Yh1kJ(Li_LFqy z=LF{=PvUFDZs2>}lREj#xd5@r1KPZbv1j+~8cc1ylzA(+p84%v4Wwc;2vZ;qYl=%# z)P!t?G*-}EN|1uvloMXB;g1k#=fGYn@Mnm0b)3sGT03o= zVLGY_xjhjN$FB}(J_+%(TCRnm>RMECDyE>)TQVX_IL|#ZTNd6r)U{6o+xSR`CDJ3g z7itRS)$!Q+S6vlp6+;mkky3-YW{#D4CGE6⩔V4;gyK!PaSKl@mGV-g|4HtdzkN1 zNRnu!kM6i5JXd1ay3)|`4;sj4DQ`Qz=TH=5j1J$WdUwFY(tLN|4-@!4^&@NRLnI3m zu2_ILEA7Di>lYnQp2kVpw0Vw!;v3HlXg(nLajQ#mw-&Dd0A`bR8Zplxb?MvMzgzzR z;G5qE{viBo@b;xHrQz*gNYeiRur6e4yXZ=#>NaCfEdKxzIS1)mVW>IHMEw5%#9k!B zK*w@eN)lCqqBRrV%_XKSeVQ%_q6 z%U{NYt`Bc)ezcTcr|Wncs&wO0J2aWX_=8DFAWMc%D)JIqIR{lfm6Hsfd=Sm$uu?nq z6pu=!M3LKgcSN67apWl4y?bVp#!aaBX&qy?N#In;Vl%fjgyr1uG1!%|K0KSn`g(YY zE_HSZ))pNNcF?ML*s4lVX!=QR^j{f?E;Q{%ITc%s z^dg(7_%vzP5lsZ*Mk=g899O3bnjUr@Jd(3H?-gmcT84`Du)woQq!j>iK9%{;@v?S= z-gt4Rn%d$w`NVEf@!d`jPNVUxs?Q8ZwLs{!Z=arE70_)W4DY1CvGdr zt5WCD#y;(dyj2w1pM-T?HpbuWmt+YdLF%CY0F8OC?Ah^p>)_|bO+Vr`gC(qbg{+Tn zcWWWw^M(NabyTVzHaafH?q7obDR_JKhPTyxS7)qQ{{U^PEB^pyD}w4V&Ih%2a(H&b zT4j5PVz_mTM5_0B1h|TiV)do*2+Zg{%wT zwL<_xBAz^a#C=FL`IBSd&kWjlhNBHH{7CmdW&^0?- zn4%KSsO-5p>J1|bl+7!)NaqYB$UFioLeEe8Nmh-=nZe2QpvAjrN8?s7+S^#j(e5QA zz~u3aR#u+gToJF|$8TC_xX9}5qZbbwFUS`Lx=ZU*bEVxzpb}RjHBps;q0-}}#v8XNvm9wn*iE>wlzFAd1&J4E)>mix8yndrn+M-tJ`WVaU8EOv!7<)?`%K) zdT8@8Z2Zr*xeI+i$js*AP(l6zT-V({v(C9`qxgeEcX-xph{1Ef1Xo=&e64!+c0Jq2 zmzMT^Ab6vYByM=zc|PK{JPq*&RPe^BZF{8ODrK>cgB zoX-a}%N*!V+oSYXQqZitM-$7W%LB+bCjv=50*l^Sx>!l&PUvE<|b5M?%j@3-r+nd?W^L;&&c9auoG0++kaf?1zZPz_I~bGC zxbUxtk+-k=2_gO=$;b1rF42EzZxehh)P{@We}{VZlLXOy*hiX-q>Pm#fz%(z-lv%L z<6E5{L;NQ37l(XhtKMsV9@g}|L87*InmFzk%!PB38BaMLmEL%g(#u%4pIEZKv7Mm- zT~yJO*fE?cOfp8n(gU81vX-rSCv&sz8k_TBhf zcktu(i?!3O{CnZwA82yvqF8UV*%YW#$X8I!hT}bX1Xgld95cn*qJ^HR>(fhV>hGtc zJflIHc13{!W?_JRE7WvrRfFp1M91?3&&zaG-E}{d^~SzS3ZsM)xmLF-U*$!c)&>2c|r zTyadoON{>jtj|&OtYwKIWN6hlgV!A@>5^(i8_vxd;hc3MtlzDq8a>QzLQR2>YS7M7 z=#C>u)mKcrT&rAfI3S(~uSmM_4EB07*S3~YPmB$T*BSS%VX>J9hJGr~qH7k#yf+QZ z235?AazXlfS0CdD(^u6mwJ7bQv=T^M6(4kGp!!vl$cp-Yo^EX9@-7jAj1iu5S2Udy zRF$3PC8G<0iU@EwZIbTDIP&uzI%APqaW+&r192RVnXKh~#~8HFmHskYLH35aH*qY{ z0=qNU+P*ft)EiE^Wn09wxPEpkaL4IcGkCignk|*J_m3geA5Kf#8SpMaeWe@Jf1gVG zL&5$S@U5+q&2Mkz+(o-_kbJI~`=|A;X-dH<>tm3Y!rC~#ms7LSY$HgRmPCYYe4gX+ zuO-)J@q2ixeM3Ns${!9uM*C)7qrc(BD9YqLPn~>E!la5kPI z*5-RxiZ_jc2L+1ce_GxI`!sszhxMx_h2y!@&8^-))pM5~qPSlk>T}uK6E&6G>oEP^ z%y2qx=C!fUI267dXwZG4^Huvjz_^u1C!R-4j-4}I=*=Mx2O>&%vpCqb{i%qD>&+M{(iRG5&G%!sW402ddXCs+nUL~<}!`W=H}`cosH7OC&(EX zAC@YdA~_!-L$^IotvhI9cA7INEgjSbWNd78KX=}&_}5jEFAYA2J>Ka|zY7$uLQM$&(aD8hg z7!o+V$y9*DB{BJj)&1@5VFb!<T?&1F5n^Ise3vgOy}eRAc3x+=1vtVCmYNP|8yI@aRC@&>EW; z6@3jYLjJ@$OJ^Hr1F6ni*0aZo&ZOo$+i0z%M%b;KZ&BX2A0cbY(>AT!Pi-{Hapkej zN2#t4RZDSwBC1C+f*Du%Xd=fnVV-B0ydFUWkf792Dn=b#ZzqGhwFF4L9EL1;Y{=bI zgZF-w#p{v5Zp|;18qFhQxE!%ORYo^4C~5F9!nfTV_32taW-&{E#qu*rp_d_w6DbV} zV13h$MQZF>HsB0&9`%&pK?!xG`A8<;vCc3F=CyRTyPDGGDHV7>FSaY5Z=s}R(A3iO z=q`%MIyCWT5&_rTRJskh@c#gbZZ3{e$K_P#J^9G#=~zluG>*F)SHJL(YZ{Bsronh% z5(bi0Kvh#X>Ds!BuLtTER*k4cv1?5a9F9oz!LC}h(mUy4-sTU7yb$`G)!N?a>8C=u zZ<~V0@UKD9w79I)X-cvxt~M{Y{{SYun)r@~YNup$i=n}&g8^9PEtOEif_*7GyZ-)BW~BY4+@Y#jb|&kb2uOGC@NZ}C-Z@2wNTx3>~pK^SIZ7aM^2hI)0c1B?C^ zpT^%6Y5E6%bT1KjyTq4`ICZ&`RtKB0MU=d!rthdIYN`qh5|_qd7Y>~Y3fe50N=Vlh zI?F|mQ@heUH2_$Qw^E!U1IFiWy*BGmP-9Qcav=GtavOEi$IXmi2G(AR~}bM}R2D1`7q z1Mb&+ER3Zjimf2Zmg*|3+huZ8k~{m;Zu=b4eMm%6yPc{Xhejf&RVO4a2{^#*P;w9E@@?{{ZXuue0Ef!~PweZ~Rkb2Za0}Am49o zVgh-K+d1q0eQScD*-l+q%i8=!{@%U0@Lz$vH)AHA+oo&zS7gzl&MyS98furGH|&cZaRNvUK%QlE}!)WKrCYPw=lO z@i)gW2z)fTSu`t+KV9*nFpXfiP3rxAZ(*NW7sNB=KN0KRIQX%v&2!>yRld$;^P1Mo znBvLx9qYF6_rutKaF&{DLxZ|WK_55Qy+q}uj)=(mkHJ3)C-DuJ@UXK=sF< z?_N2nPZp)9&2lYW4)VaU;g7XbreVtZmGvu0Zmdeh8^TB@Y5p&I`S)G1@y3^|&8TS_ zvf5i4ay*~_V0*A`{C1)-EhMyN4}$eQMhoVS_gB@WzvuUNG8~+qp?ZEIzPRw7rL0Y* zF}pIwIvlUfg3Hhv+9|EfTGY|kwF{|qx#XRdoFN2}(!8(3pAkGUZ>UG6UF(`;7p@PK zUGQXK{3G79u&jF2+M&3B&m8`6Bd9gR-%TaNGD>fDW1JkGYFtLlcr9+OQtnp1CLo)D zCj=jA={zy1>+@;yXxqg4YJBUH^KS2-$WySaa~j;&me|VTq z_|bE+o9KQQYCa>=^!p@|-r4S@R8S*8GEaI@h_xowpq4~7ZV&||46^!DE;j0WKZoqRH{!V4K=GuWMU~Qj zuWW!jmr|bkca8<5(fnuU0aIa8s)HpqRtCPgl6VpUKorhBQ%t4?;b0_*T}N zu4#Ypj?XTkeVs$3qp(mpH9Uy5Ow7_eHzv47t7|mvYRGn}IovxoI@hgu2f=#e_mSFN zUM0nuC6VM^ixzQ!f5w`Pi%DBkhxq3umWQl(SHjxnlDGPQo+l3wz~rt+9eA&0@m81M z?-h7HZ7)L7oiw+NOlD9wLd%nkj(VPy%W}}-G+&Cd{3_HftuCWm{{SE)$sTgfqxeDp z06lAp_?PjYU-*~e(|2d2Po?P7;z0>HIRl|I8BLWm%ge1Y-DI@4Yg@;Slx1=h5JCQC zpW&MYiLP%iGyS2k{_(jFjGhN>v>fc*vz8rdWCvu04+XlY&*@md6Z{)<;*B=>ph5lV@D~c5lANai_UK`a{MZb?_=u;$Rhf(#fCcoCT3(YPuY>Z@u za^X17<3v`6QmA?-fIcEmWn(1Pv)kC;q;{V|Bbt z&lq655C~t&orlk%%xS(I)HM66yPGSi<oS`!H&H-h=Sn^gFh- zgH^VhbTQ{Uivzfm`BP6pO(VAW)#4bnuL!-Lh#EL&GI@JdHsOzQc<+k%XHvJHM1ijr zjMkyD-zg_=)|%Ahnd%VuqBYQ=yPiSzbwCkGzylp>roG@l6Y3uiwJ#9p*Aq`fh}{@Q=Zo zTi;oDZVk{BaV%{f&nS*~_N=P46?0o3lD;6fOMBTPNZlh)MmrkfFJY0Q1_u%3^T!6Z zgpGN0J^S{2@%7(>JV#~vBeHRz*__01%a0MFit^#p!=*E7>npzP0!uI{`r zbdV#`uB`PWaFa2~4~{Yie46?P_Gp(>@V|;Kd`Y5-EvHfsm^z$s`C_x?I_dU0-;Vwt zH`Cb*D`kes2A@s>Z0e&K(?2mb(U{{Z+yykFw)*x%wdxYpVpuo8a?tfz7; z!80N&9+_Ym1Kb>Sr%&PKM^t5V`c1vj?yPlr?I+AvG0H&$)OQEP+%mHZ+90KsiPV+(KD$M%)i zd|%<~^pD{W#3y}kO_AZ-6^^01bg(N7C|cq01>9)PaLp-&3v*$NF4;!{4;#hx=rH z&OZwNJa~Unu$^^1Iv6#0AwM;h@LW2$$s-Ms&tMNZ74+`Cpfb((^6T>}dWz=6MJYaA zjgjOYJkX-lw0nr&Fl}dzt?szUApZb(SLbiUpM~1jg&;l{)aP5tV}#ylcWJaIJ?o;1wudyeAd?7$xcT}3YcMY7Vx(*XsjlRXI*}_o$T7Pt1xlti zAehJa*2*iPi-};evK3a__*6b!%#tfc-dsvIH`19=EHBE+*#LFNty#w4SxW96v>U;e zE!`ZHm5LG2`ch&7z+5DATe%8De;BEgI%%KK{{Z|DxAx4F;r6Yoe$8Gj)b1Bb(-vEe z8Y!H}m%3c7ncyR@$(_R-Na0P=7$J*x_+ z?TS6tJx<+i(&AYHF~Ya|)tNlEGu(+l*>P;%WMp)adxP~A#U*AbJx}Aq{tgTMgd4-Y zJ+l3#J|5`v+4x(;`=04+5Gq^iVSZyW0gvA(Es^|6+4Vond~&Vbqr-5FuA^fi7%Ibp zIrq&(SqGj?Ecz7l+#*V(v0?zvPS~$(@cyl+X>#Zj%?0z@T_BONyKp_vp~Ym^Q8TUa zWu4{BFl%$7uVkslO zpIMrJIJrhS$3Z~On?%qch8b>Av6cX@^{vZ&VhuJ>HW`=#F`RW20q6G~W!2QufD2^j z1KzL08-1Qa>X^n3d(Z{n3^lHwI?NG#wa6PsO7%S>;tq`yK*);>s@Y=0913Z4H;j4} z{xAGdw(%~Xr0Cusw6%@xn6%RuE#?D^f$3j8Y4-0dvr6%!f=+jTI;RoX^sf$Uc6xeG zZ8gbNRRulGS-F;bsny~cFUCRS)Pc@w5$)6x0T~kk^Bh)wucTc>@%e8QrN>=clc7w%RgYO#(Z4E6yJr16ebsiY;os6_ZZ07sZV6BY@5Z0+Z7}tgbW<{o*itiE5~X7v+fuPQmByQXOjim%=6TQg6{)I5 z5-&P9#xOVngILS4$WN$9*pAvZc?Vqd6;f&Mg|*x-FfzIvZajS}j-k^D-$TW8YsZFL zvjp*n4oj3h8orwF#lMC8SMbNgej2=ODrb~6>d40r1FE;o4m;$3I`S&LPxbqP@ov6P zgs#=Oslom6O!<@H)~kGo+GeXV+}uYjk$JtPP{a-^(sl6n7O)k!mC`Z-Y*Ipxpsra< zqCVc4bG{&07e|^m_LETGYu{h^2gdqU#mYkpUZ*=o zfvz@z^052E(wX7;7T{lLTB>iAPS#c&8tjX)^_VK!Smm{C0rXu`QE1yNWf;IbeJkz{ z*~j*~)cy#3Bu|C&`8tdS&mzs~t~GH+~hKTg${&cD2XMR1D=$elz)3k6Fb$ zb2AYl06^N~1xV~iYL^=xh7U6Ki_p8`NQkoYuC1O(WgshKATa(_mToMIi7Qj6Zb5@(mlLlmD9XRPwg7!M!2>82E@cr@_u4R)?E%Qa54P5=H zeiCWkD)=R-e$xIL@f;Q!?twHg>N-(CeEW7~Liy{Tn>_G#n(L(-s~?kb;*J`uaWPj? zaf|u8U-8uW%i-3Gs(fGY)~%-K8XOl|)tqZ0M49uhhTQy$IbryAu1mt2n(NlrR@RH> zYIgET3&443WI{nk9YF*dIU3aC!&i)F$bBX7M(s5lxaQO5xwY{OH$p!s9i$PRz@Ja? zucCe;`2PUKdX4OMnpxA*?j}{06p%8fpU16L?V~-~c$oJ-qR?~;AB|oF({+2jE-T`Y zh#L{*k(Z9Xwc@va6Y;NvwTVBoF72-@V#xAt;~=k~+&cauv{h}?zwHQfINa#%z9QM` zWpw`l6=^Tw+nC1FI2nRw^bOj-Vn5)To(%n$^=Z6KsCa{1@W+b0cQwQ}HWs>zsQVTM z50#UG#N*!;+d`ynu6{k^);kusTNNA{jh!n{?2|B)Z_7n zv1L8t$K|G-3t^ZM?diu)YW_q&;GjRWMUU-?@t?w<5Og01L*dOcOtF^A8-l>kc8qcZ z91oNnk@YpUBC@wB{Qm&-Nbvg|{jnVOqH(27Nq>pTEq%)O^*$=oJU@MPc_q4_EV(5~ z!2k|V>0N!EmX_d&(OanLUL{Ff{{T*CO6<>VA!B0b02$`3M{5LkP{$(_iLf*2T(&#n zwJ2QJ{{Uy|a+fAcaKJ2>;kn|vfc6a5&$vdJ0!3b=deg8}(__$M_)V>AJ`VApjdZK4 zcF=U_9%$r~8rl_>03HCHuof)n57zLx<$!wwEAQG|$134Vm=BxZS*M1Lp z$Hm_Wylrz~ajfZcuakEJA1>+!UC6`gI*!%odnayVi-7Tbl6YI+svNBLmq{BJ>%jwp zE2on7;_0IEW|mb|!sO=z(z2Ve`fQe#Iqw$uSa^>^yt%QtHrl8sEy2^4;S*AYIrb2k3Fop0(RT zvV^XW!+dz)+PT(4{h2}9q~{eI_rAM-cIWe*;@>}5xH{9cD}8ZuHQmav!B&<=kdLS> zkHWoE;l`~!noSe3h@?;seJhq#H$Q&D(^Tn3n&^@{-ydiZ>DHPp;w)_q+&*Xk_Q@a6 z*NV++aI%Yd5XOPBLk`uM74azaT~60u_;LM_s74`kJ-l~uk@E&t=nv&y8}UcS`rF;y z-Kz*~uOc~*94YC?=4+awJRC&1wLUA??X?@Fyn9P|ZX_F>G5kinZLV&uu5Hcny3;jB z8(2<^fa9(S;QkfGE2GGCwLOEu{vb9pqdG-!j6lwF{Hy9;3wYKhof6nQE4O0|@K3F4 zN_HHmHhnGd%i?ycq)s4d-Rzb3E?Xpu{S)|kuibn^fSnLeeo{Tsu5x1@_3G28a@WEA zqdVev#V-$hCbfGw@2qcpUUCFcy12IlV<-Kte+vA;@m{C@00};|scScXyt|#tGqKL< ziuF%-Cc#S1O!HftRgIa33g@65Dmy}=LZ!B2*R^?-Cw6^hJUx|*(Owv3X0>J<@I`n} z#IJ;}KBhcT;aio`<&~B0Z31qNM;z`RlD;vQ{x{IX?kv{8yF|H4~LkA$Z$Q+TJDWhe6}wso7Nkj zEB?^G7UuYyty#lpVuwJnjKysVE&`8S_wQd6c(1~`H;5G$?%iFKlnm2`^)a`|g?-jL+qnC1d0~N*W z(|1R)8pQ?;}!{i7wkXBMF21;6j1T+_oduC68)xnkKbaI&(@;DFw>+u7=H zAcb7C6K9?~S39QB=2XPR>Y2>=lTusFRbCI@!U;{;=sur?U$BxM7k4AKtxbY84zo_V zj!B+4fQ;i9&o$Us##~7hl5AmsGI%v>LX^)U)Tc`=QuawC*j>r%Rp5#551)<6(>>|~ znH@d6E_SP^Pfu#npD{vXc3yfAYbkCt`xW%-h~u1m!XOV)de=#E&|V?6l|!fZy4A)# z0kfO5{>amHNUVb&wMIiSobnI(HR)#N&9!*t(V&bZiep5Z?x|(L2k|Dhgik9QBl9=J zaITl*okrT`$~f)P?`{Y2WwK8m=Dxf5F=wJ`J|VJAHB-ZQ=})OrU~(hlpY8f9 zv_f@mqFD3D&Oci7JyZ5>{iZ$@ctCtf&~+aUd|>!`C6wKNWytG)U=*B*B5%BYoYySl z*!t;aFr~{Hy%?h0lW>Vd^gf2(qoHPu#((C9Jj%k7Fg7k2X5Szz$6pYl5llW zgNs_bYxn8%{XI?`eqCCoHiddqv?8XYwbz*|X||1Z?(Nj^-3BDIC>9Zs+zRibl}xEI zQH5gL9eaLqP?D{`F-Q|dh-q? z#K~<<@-O>yNB6s()t-);B*tjkDN{W3BnsM^TPJwNpTA*IyFcFVUb@iyGNy+)u0^U^ zK=MT&%E0BltI4!@(&tkxaB;Yj52b95S?qdnf*WGOCnPe8%NA>Kc^XK|UR&6QUzAFtA?#xh4i;9EUL z@)@sgiWvqA#zqR}m&I0gmskqhWdm-`pN%sXjuA8?CEBrOTwn|y2fcSIYp7W`vxXJC zwJXajWE1qQp|FlZ;sc^xNpUr+2^*9T#^0q>ZA$A`xVN*8&_wQV06k4n4rR+SbgSbO zs1*kcGv2#oH^Eqy!SFNn8s+1}`St>v>?&ZVM}&I+=RQ~6g7NfpRxXqxq=ovFtF4?*z0 zcYCf}TSIW;<&f@D2cYz>H{$P#t$aVNYBw=Vme%s8nHoevSrqo;*P4jPhXdeSy+Y$r z*F=j9zhss|+n9aI?RAUi(ngxDspjxi)bazw!ma^KOb|}MpP-_-rB$|eh$nZND3C2H!5m4G) zU+a3AwZ59t-KCL=^RzdA!hxM$onxq`qAgw&c$jS54nqBFSHwOBzOY7)KsOv6s=>dN zE11dZa`x8q+Of9s8QFLM4z&tg&KgIWHdg4W-By<>GL`xq-RxSW?5FIu4RLR~X>sdQ z!G87@jTOWsHsRN*jPOYp>cb>sx^mxH*0fN|J=I;BkBF*xr7Y8JZe zDw_SgvRSvx_&gEc73v=myb0jhG=2DWmz@1*w<}$upJgPth zw+)|a^Y0kSk%fu{Sm)}vJxyE}QN`JqIyRx=3%xwceGs>}LR2W|KwZSLS$+IA1-oQ(Fx zWSJJ_%R*c44%nn(<#Tp5jUg`M<{V&G8LiI*vjt#^i`OTL(wPN0?Ht<^YIFQwFL6m` z)0t2)=b@!AHsnP8*bEl~pIXbi)aTQsjl%+)fW|YNoN-vrJwWK>hT`}Mq<<)?2J+kZ zkF|Cl6towvmd`9v%Z>vaXY;N~j>Sb>-PCOEG|Q>2t;+4k&dPpLe+ts@=Z0d`;JDQ_ zo0Rj>34}+G3G^d8*PU9S>0zmLXKUfjX>1;CGCd~tMw{g~5u6}S>chWk_2~4wO)k>c z?6!9hsRf)c;j_+1wRsh)-$U1@6>Aua_E_&EieiD7?!oJ}qtv`%;V%H|QR6-oi@Grq{3;xZX7}0zc`!Remw!OVwi*v6?5@!*SmUb*MdB-26cg1u@4qXn} zH4A?Oc!qBl_?AoEU&S*hj!2~afp9**^x1EhR;LLDv zjJV_Q{cC8ZX5>D9g__2WmbQKZGR3FGA|!@&CRbeY+r4_68u|-K)CY%>4HoKnHQy45 z{{VL~V{=AFD9MZ;yasEgG3aAA(C2ksBE~-kc!R{AG`-R^?+(J{r?!$^lEj@!0Cnlx z`ew5{5%IIZe-;}?@ZZCa4_|5a)}Y%itu?Dh71#s}nJ@wC*0kj?lO5xo7f#Xjt1FFK z^GUy+DM#7bIfH!u-u0WRc!GUrS!VZi2%1bB0$bd6ug}~4N>8-j zU!s}rXJYfp`Dc;+a%<9rIaP?Mp^ldiEMUGvo>(5Dn+u1KLYz19tFgr?6=#uyx{-pU zk6hB*1(r8lv`h{F$9mTGFqFEo+%}33sU#n6rk=4Wc8LHkInSkJ%nOo0kM?-gKY7nN z;j3EPNtCF{9p7FmTd?C3qJuz^@ljZe=clE1UJ~$K*1vXiy%}$BwGS~AEHM{QGsq-X zE=G`~exv@+pYTsBi_5!j9eiQGdru6-w8dagHwaEbk<|44EB6aZ@ZX61AMj^Tx$qW` zr1)3CHp}F}Dn_x$gqxJ$X$1B&mB4c03w^2S2nHuHTG`~T=j&f` zc2Ey)anx5OsA_kr?m=xlD6(lfR-YcTb32HI!Cn)e z;U}eWUMJW5EAZ7C`{F*KBgz3OXKKn_&u%htP?fc2ky_aJf8tN=N8`U8T|SH8Yb%ck zXlsbefEDJ9@y{Qva^4&GU#Z?)Hm`koKA|L`cNvc7U!kQbSsFqe&!>D3@RwQFWlJ9n zSfu)kar1(4?r~p#d^7!+ZUXQPR32C37}l-ZV4az#*7O{WAQ0aaJX;zlPm!7#6qPwOkC~){aLx zM_JV7TWe{)-5J_;Y;nr_R{`chscNd1qj<^2&MP+TONrHA_+wAh8&93=t!0uh3dk1> zq;%%H{X9V!hTTII+5yj{X&QpE>Utfvh?@SJCA@ZymdtR(r+-@U4;y~V+6KR>S$KxV zcy#NVSMwbhf5*rBzK1ouBtv}&zQ=c@MJAl+#w6qBJfCWs-%_)l*{nRc!-Xnvypu$k zpEpCCzq6j!-^mh722Sn3az~{>qiUC0b4*jaCW z$|Amrax#00&P>{zkLAxx(qB{6;hbDDDEV6-#B1EVVesxK{4=DgPZhSSk|jp@i?3X; z?bj9bN0p)F-Wbqz?LPMA2n*Cg>Cf+2=qDed+&iZi#SG4IFe zRmw!AW7}*z9jxnK9MkRANj}+W^9PWRUJgFB+W7wf;oaYjJTqtE+be4eUlT>Jn~9hP zk%u4*ky2;v4=MP4t=@PV?%Tm0C)FItk`y9VJ9#|;KgzoucU7{}u3lDX)Rruuo*URu zH7!ps@f7-Ji7Z<8QPJQRC5wqza~K@}1A$y_nIsKy3{n*aM%W7;2s9eTN3Co2Gex9Z zx?9N5tU*aUfGf?s58;0k_~Tn$4@I*Yt;F&eme~(GiQpW1iVZoD`YWdV8u0hReJua{%5JM9$%kfa9%s-^86}*TS~;`c9Cx>aj-7$q*-;_ddK1DP5ULvGX5@{5yZ~ zIW4?Hr$Zi_s4A>-nKG;wb~CoU#@FCRz2Ql;dktRl-%u0VrNk1zN!%D`1fKmWh3#*l zCAWt}H$vje~7&_;U#8pMu&RbZ5$4i4lzn0@pjw=WxV8kE;=I(R(S9fFL z&3j0SSuO9RpCo5_$I4GmD_&$rE#9Rc8hAGQ;#Pxae`T!S=r`8VnU;9@R>xh#xT);E zFh7Aby(`1w33W?oHu`$SbQI5Y}D?WaPusk|%huX%2<2_!-Q@3=r z5)Uci$id0a1HZj}TW8`Z8^bzxhxC*dnxaNyc_UGj^dx%yX~suKE{9n+#Yp@g;CVbL zt^JfueJX^Vj@b#|91p1eb>IHZ8jY>I`n|V_j5qGv{>;ukc2*p7_|}oJOy~Y9SZO{D z)(yOYRte5iBj!1+tr9z(FF}i4v$yiCw*XvlGm4f&mqUX1v#Hv6tHO7p{`{raoeYO* zIohWuC-4>GUL@9rli~Yl5;-nQ0#`hebB;eMTN%jbd?T!0Ygg9#KB)wc7Vx2vU~MO% zuebEShsog!7~Eal9XjUNo10lCAToV3jymz_Q_Z0|9~xSQ(Ecc$YRFwdZiJ#YMFS%Q zezo`C#4iooc)#G}z95F`d*2cpafwm4?&F=^^UzijSB|B$el>hX@MgcHUte76mX}az zvZ}Sbj)Vir$Q9yuEH)~|mQjG)RAHHxtYn>4m_!+VA|F)@-Q&wosN*Xm!u&l|<# zZwp%(L)%XZ10-a8%Zv=?>s=}6Wn<|0fG`cu=KlaOO_NTF{T>NcDWaJg7Z1<^F`DD5 zjj6=><5K;abUz1bA@1&%SJK)>k{_6#l=Fa2dK}d^*Sr_-?m6w6_}bo-DG;{+up}M` zuNHWT%6zFE(2rJfp9%a|4~=YmY4G>OmqO`pWoax4Y!U&;`X1HIS$LDjKL)-f_-o>q z!^`K;{9mBm$8!vajmnNbR?kpCITh)}G|_gk{r&#UKOgi@+N<_`_;K;m!`C*G-QC(p zZ>gkxVY*SZl#ZhXNawcSTKE3|2>6a&7sVQN|E#pJD2j(fF4~ zx4yH^=1|M-JBs|~{{Vu3{>B{0g}h(4o{RwIz62w}7gHbp5bnnyx-&Ll!#2*;0F*@*9UjmntHv}_MT4Pw#J27f@` z@Nb{(xqI+0^S-|&}xztrs z?lG~3au1;g(2O6(v#M_gslfPyPJveH++k8>DnaahYvd1(nijFBcmfC)v4+m`!`kwQ?TY|b&g-uq-6uHuA7hW? zQ}*Nd8GZ1p;`QFV16gS|?rrA|m{{dNaDB6kR+OdhCd_8FJ{!67M2r}3L(q5Q& zLFI_x3h#@#$32Gq(529E`qM&|Q6L{CdWzZ`7?De`1!X@mrA6~fkaOFbupZIK&cF_F zk6}@-oe~h)W4Hm1!i$#&sdsFQ#ei+zpj5HQq#$y4A;99Xk~(S2q1Sjb#vUX1Z{u$Z zd{FRZ-NlEAv|FD%NedNuA;|M1_YAoe{rY~wKeSb!?HT(v{6F}K;5+N9-x2t4%hasm z={3!%z`3_|=OuF9!-|P)cEVjx*u4t#NY<=ZQHhAtbp>09vT_lKefYhucsIm4efF8D+v*bO_p5UmQj?<{#0-7b;DgYESVmfr$=L8e z5n5YZ*uC-;SyZTG1Mg?Ju9HFWU-pNGqS0^u&1}$d48xbe&l&C3q4qOq^vx#uCexDE zVdh)z3^$%WwTI&m3|QDgn#5NY(KX4zKzR&15m_mTK)~>2&5e||%P|7w)CkBu_YS{? zYwvG{k!-Zm#ntpTbIJ1tMi~I~1bbIyI)-zmeG_Rckl`ehs*VN^HPj`-6%mkSE-}-k zbR(6k8Ep>RxY1B7*}%ZYYj03{wzn2HhCvoSRsQMqtzg7*7E174O~X0I032?vuU6An zQqtZ_U;~61LCNB*4m(G>eJr#Rz~(jw85r7Ya?a38x_Qp?nvB=r zoD=sCBl53YkHgn`ri%KFy`;$+N4{(+!u!xTyPjcft9_c_Nogo+a!5R9am__M?{P74 zxNht!qq)@`$QfKIc$AZmo8Gsy=%bR(Upbj3=rAg!ZH*i|6|L-XKb8wH2N^x<&=EjI zHtNBY1N5xO zdJ$88fN5!$7W#$Qktf6%+kyNwTUXO2j`Yn8!dRJz>p&63rGipfSfoSm5Gz6rZa8LZ z7$eF@%DFk9>ZWu$hly`5G&{XMBOjG1Qpyx%vC_QuSP^h$AajiRS2^g?eT?~9ds$WB z1h4TATI;+ytHE;&*3K0sB#(1RGNlw|TwC5ndm}WAtL{42OW><(o1YLQ!LKdg^2#%U zcE90W5qCJ+I$dwWRs&R$@l$=#Wh8^w6{B}NLIA8b5I-su;bN`~(H!P=IY zq2BI-8_DgDl`{^Z7>s^Kxl~&|f_S(kX3tyreg6Oi`2D7SICw#PW$?E5;ZC_~*G~&t z-dsr(r~&A4kUDfHJl8StkM>FU;ozMKt6Pu7zYKmRc%$I=#y<BIF4XB^54<;ToD#cX{(9~a7#HLP^6w_Giy?Wmnwrs3Yc zuhjnlWYPOZ{5$YZi@q9&ZM;(x9}f7JN4Jo9kVpa9D--uJ6;C(>ILCUKM(2sdoM8;M z5wB7Em$US<{cL`Ce&3pYqv0Qe{{R6#7g*j9m&3SeAvOQl4s!^5#Rj~Hh0k{wdPe)k+P$6v?)0IxzviHw_! zl$O^j{?C69E^WMXqv*5B{{U_CQIHXW20$u)xixS0r|`TV3cqMS75Hu^L8RW>+iI49 zumpZ)Lny~>%4#LCwjO+#r5=(`@UiC?lFf7BtB4RIuHQ4%X1q4d0$($R+q87|u6d*A zsZ`w4k>!GMFC{%O-n)GlMu%F`^@NvDiqlkyL%|G#{eK+=Dsj|xaVjx9V@&aVoxZm| zmSmFp>JrN=NDs=u;~B52J`j9Jk#2lb;V&9^PR~*JSFLHSV|@gqG@FioU^;j8_pe(D zlx23VetpF?qh1al)z3NjG4S)mpR>RBzR8XAe0=8?c+6> z@q^+Yggz+zY4L}QeiZyV{{VzPQ@`1BaTUBkeX8+u=1Ng`+}|!watS<|)>P6~KQzTc zOBoDLGxuWSZjSCQ{;Jw~vjfALPl>fVx%FEGDXU86Nj#ykk^AHhhuXcD;D3YAd`F)1 z$9KBq7V}4#W4sL%cMLj&&kfLY_55qgs}_v0oJS~VkKaFpw>|~ZJR_%Ro*B|~%UBFz zNd~}vU{Cq{YX1O*d@=C9$KEjU2ZQ`|phE$;h|Ohugen8w8Go1IT#l<+9|=7F01*oE zs~Kv~o&Gg`#}DDFWY@eAuh?q77r2}x$uP;YLfB^a0CUvW&R#t5MxXmP{6z3?i9Qv4 zOtIGW%T2d3$!u3{)BG%oN}ib=>BhTSpGOWXm3l6PWq8Rn{SP4cv#R)q_K?>#4MWE| zkks|7nS$F$7^1>Bz{gIt@{fwVJ*{{bQn~Q&iZu7Ix{a`sbyfqW4^Ew{N#b4Zeu?3Z zI}bt&0Y!4H(Z>CZX9G(bKgVv%r#3hyR-OT;!RKC z2Z{bEXx3BemfA1xbqi%ro-2Hx-UHu&PCW&AuA0zaM{Rk4_VOr_K01Oj4L1YUrByw; z8aToZt?AzkwNC?$N@#SOyM`ALslXwJ zALrOt74TPH@c#gbbQyjfc#7iI9dk#$6Iur$9g$BCg!kcV(4|t!$L1OKTBlZ0Teoxd zqr(z-@8TbV?tUNq9k-eMQ1oJC zsmF9jm>F1s^LHI^YppC5-k$>RzjtiTM zazE2H#t}#uuv66aF%soR(Vr5vjSI#e7WikTXmCeus_FKxZ+Hsh zKQSW*zg+$`!RlTJTg?jPAf7v2VN)?XE<<}(+^G3FwdECO-JU^tt$37Z>81FU?d6Ku zill>`sp+1-g?zj5H^lJkTlCEqNZiNrE=Szw{{XIQmbHgMT*haH^urMnNQCYf867Lq zQpO9*bhN(H^!-xY9D{KPVu$_izpZgf*F9QzMD;xTUHD7km@mJy^zAAgF6^H-_fB>n zqW*RC_v}^s8p-=#{7dn-foJ%~WAJ+0Nz-7xfz7hZJ@dOZN{1k9U7#O!6|FjHyB=2% zV*a6msf%%P2BV~?+caa4Su^sn z9YD`KSBYvL8a_2?R(g{BFx2Jnb-9hL<{nw|SdPukp^=L%q7c)-Gf$w=(DV$Iv&h#})5-MzICz2*tv?^uReLxu;Q|TZY1@ zt0Q63APIb}S+ej}t>Wlf&%)NXdZw-SysLC9?T*!r&ZnW|ddG;hkA(Wnc0UsQ9pYaO zTgxeoOL+lQ9kQ>|x_hq_>DRXUZT5>g+}cP^clvhzVwuk?7wsZe#E_z+XD4XK6}tti z#0A8Icqf2PM;_GFn3WXH(k(@rV6J?Q4Sr?X3A=l=kSx|Oz_uflHt zwRVhc1mH04MNqu)f?4Od0Y^~eWepRI{&leouDOdJq_@2KFym#PF5NkIP z$EVLa#UzTSDoF>H`ilOkyjyAE?}|PI@VAJ?m4x=U7K%LBlyk>M_wQc48dp9GADB)u zgyQx-M)5zv-9Jg*mX?}j)sEok?QW%)zA{E@7l&IW;jE;H7^{pyl(pNovE@vvL*FQJ>D{|VNmuzm<++CCeg%}+=VzkQX-){0| zwTL&}&N|nRTAAGnj@L$f-VCs7x$Yr?SkRr^HyQQCa{7gb*&Gy?$(MG~lYrk!;;9Rs zoeHn19lRRelC6Ju7Dxxoti5sct?NG;TT36>6`n{>9P}sNxuqLudJ(B}%e9Z~4O>=w zmLZdWn9Qy~8UgojTpdTQU?bviZ@TL9D$=t>ctQ84oBK z+B%czSxQ|Fc){N2{EPjj_03aC@ny3m+})#{l0PJ-at3{~U7opNVXXL4 zO+_IKcNDo2xA%Q9_*QKC42?>S7^!qQ?+#6Kr!vb7%IXI>^sh$n=Z*Cp4_(r=t2l0T z9X=blt~CuMZc0a~!VVn>CmAC+C%74`WRIqEQ%>j1zqcKa?CBNF=fod^lFi}0QsDX0 z*~tNk;hnzpWOO|GXRliLAH!FVIZKU1B$7GYHgk@&s6$iLophq)`W^bgG}GWAk}jA6yPZDb+e)<9 zu%gS{kzZ$or|xKfk33zN%N3c|uPt2XDLU4%W+>^Xc3a<_n=WpRyZufc>^o?^a z=(mu&dy4d76Xa%(P|(vz@uq`t_Lp+yk&xv`WFvxqI`T_z0^Ddp?e1r5xeW|lp_xjTW!Bdtr7 zh&sCyYV$=SS{WRXxGx`#bb5qpN<0fBah{4!aqXIgGY2A;>7hHYHund$M;4_qGAry6 zo;a-&B;2&sEj0T^jx~R@G0)4#70x}KN`>$oCbmr^^PJDorXQ0C@ytA7fCXsEr09bbG5(#YpD|g|9d91-18{-(`YXWNslgP9spQ8JOc;5JIT)^K>~%!Y(k#Wy zD?a$+lpWha`^Vf?=A&(WKAR=Yxs{-U=a5F&WdpyhaJby*x##+?i#6S9${RZ?sYD8_ zi2h*)Klf{xxxCgcP(y!tb8@Nz=0_}e;;IqU<(m=|nnVyI1e9Q_W2I(l_IjAUjoNQ8 zq1;J1-Rdi*8=SL!4gC< zeI-z+7cxg2jDAzlx27wvyRms}#o=Vke=ZAhJ@M&KV9zDHmLY#6r2MMHo@$NGp{1t|)0py~IEYTjT2e*~aC>4D~Yo}CSh&kRz= z_+kNG;2O@i-(znz*P0BAoS<1(y$sjjVcGzZktNKf?u-SC&(CWQ`;iC zsJt8YE$X*3-B`cPoxBfVX>#jxXrmKb(k)^Tq%+CohRcFKN_DP{rpcJr$;=oa#^X7r zT6Q{XYYihyxv`4EIMN~%IAM*SO7%OR3D|3Pb~oYYc%UJOMfo=a#%l(|*~njfUwaK& z-@+Ff1eaFvsZ((poX6-$9c#_}XX2!`a;YWAhC`JP9tr$AR&EGApHmOQy4|hh>MqN{ zhxF^uTI@AVJ`Hm4&avzY++g+ht6BqAI!HV_YikTs103$)lAwLs!MxJ!M&Tr3Uw2n#%7eaH>5iIe~?#8+3(|DZchc9Ys>poWv3} zEWiw8@^esSG+Q@-mMrWCO6P8E(rFmwm4PQC-n304GX1@p3wLID1;_)x%16?%mf%M} zlz_V)gj7k~en(Mb8Ig>VFPO{xC$((0l>t~^YC5qDayeSUavv{4wuyA*7R`I7Z``6V zRPD#V@}9o z>~e5BpL+B#_;8hEGxm4=n?5xD*4nG+KLxxge>R+C*>kPmK+##-CV3)5)Z;t~{*M0u zXOH+NU+mZWCfN@X_@7O0jvpH>;z_Q%6|drx<;$# z%2EhtK`e1a_hKYu3f3{PE@vfqt7_3|7d{@+tfRV!{{R;N?(9EW^BoQw?+18`Sn-9! z&8Rf0Hp7kIXLatU>yACEMy!m_HSu<>s(eAz?i0ltak}uG?taq)e(Fqj1Y;G^>pm*B z_+Q|C7sI{{({%*!v@$GK`(hvH<;FjF!<=>Iv`khrb&nSKeRLa%8%~SF8t_pfY;p_? zeQU^kQ{tZw$Kbg9RpTEMKZR|q<=kSGz}}eW<b?a7D-jn zl}hJ!de(Yy$IaxC$n>plbIx}fVQ|6YK={e|yVPRhNZ}C1hGyip(bB3dBbIX=ZEPfF z^9v63YDkFx08lx`Nj>RF+~$;-b}Mf%zXTj-9`$C@+D|=ybG<_DB#M@W7IfNHmh;?4 z8o*vw=Y{1(dQ>_Rf1^PqywTma%N`Ru$>=!mQ8S`3KSDoczxXE?#1D>(H;H~BYBxU% z{0(YErRKFe@0Yj)k%9X2U#Ol2_!;mg;C7dBr2H%J?Z1h2=*d~N2~*~YvDsVk>s-^9 zM08)GJ%w*P4W((e`u?xtd38?{%Br^-RPpUd@z5p@`Qy^CC-HBMekJVi#<8fsg!~SN zaI{cBoOa!}r}OL0Wy{psHfENwCxEmVZ7jSW1@)cy<)oR1%^>cWuQb-KHAjR?ugtf$ zk}+jRAA6qp>S|<*Fk_pvuZO8K_S!~Q1mCag725>0>N zJ#y+&1kT00wd?d9>p4v5gb$%SE#O;Q3vnIhmkje{CHq)MJ1vJ%DZQn2NAmT;5zHjNC4I z3d6j!mge$rI!2xzxo&G(a|3|aHSY-cd97ON8T|0(FvE}u{4y(()cj{|@(FZ#u40XV z1xd&!z6WaEOwB;zwOwX&CA5hgvzcVUPzlE!eXG!{{5mIHGV)j@M&YxZb?j;+^(Dr~ zpusGfO~i1^YZdxSnD&qPXO%qv04mYdZ2thTmrA)UZz@VRgc5R`o(TLZQ?oOk$I_k= z)$}&eA(DIBWS409RCAw0Ssoz0u!#)C)9kq1&z_aj2{RWH=I;|~FkZ`X_9jPWCj@#| z7o}-hb+)Nvsoz|ic8$*M@*SifP%Cjb^g3;FduyAejb16CJS2*_V-%JwEvLZ_8S+US z99CVvxdFG9DB}fo;O_1{YdH;Qe>K+T&rGm`R^h9MWvZw)nSs;th8}(qpoRM7vijB#^Ph#~f}Qy?+YpJZ0m3bHl-J?k*e7 zR@h5|PI_cxuWFegM&~zqdb8VbPH&9W~F0HF%^z@W7JXT{u=_@{qmuj^{Y9N$@w1d{Ga>h;F=0 z@@jgOh#<6sEU|Xr`(uipRn(Z=c7v|pYkG{*#{?0=#1)Yn85rk^)>YE4F7NFIp%hnk z_;*)4^Uz>cZpTbf!T6)aI)uI_(JU@uKiSbJiOR3u9k~9r?J?-+G?*^*F>gJ~C(jrs zbYt976I~7$TZ8PO4bzld@(I8dhWe%D{-U}Tn`>~=uuzOa0zz|~A8b=Xw?ujdui{C* z7kE!cUlLwO`c?hGf-x8^hXVv2{lArYX1U>=a>_`&M{#c@$A>N>X&{s?O7qhLwQd}} z&i?>L@a?v}ptYZv@K3Na6Y}jmV~)RtdWV62AHm^vwAO9zU;BAu3-*YH(%zurrb%v8 zbkLIHM@#K_B)btC^7#aTlat>y(O-NSvhX&qapS09l&+_5k1uz~WD0o;*o=z7yBkH= z`ESG@4X!nC`j(}r>J8#J=VwI+F+!QnHlFwZS5@%uUGZ*<;w>{#ztQitO)Qga-dWqU zD8MJ41_e@=Vw|@m_^aX*;;ZX<1e<4yQ@4^#W79S0dPl_zHTYw5;SF4(qD|+tpy7!M z2VYLVojz?WVI`r(X`0TDso&Y!YC>piW_6D!17sTEzB~9YSnvmqQY|^=*1REq0?lQ2 zkRy!a=0WO39;9kw_#;h!v@O7PnfHk}^c{!gUZvx&iasOMg|?HY+v=$TkF)vQl|zoF zJ*xEBs6^&98*P4FA{z;9ZEbF21-!)>cO-W>uf2a`xdyr59e&Tm_Q(5H%^gQK+9x*D#D^Sr!&ERI9%(uUIuj0E@p=I z2?@&eWIb2gzvo{Mr-QGxeHr{+Y^`^19NT1R0W9S3cDJ@Gj>%l>jYBT}4P(K&w}-Xe zJ{#L-j^;U|k~A1~2bCw%zKHm=mOduZv@eP_F0E~Q35w|>OemC)Fi$`~`t_`5pxm9$ z*N^xh$L)aM3w|qV-?ERyjYy}3JXQtPg0e^qcK09>>W84+g*fh1SM@`$i~SQ+y|*x| z(j%1_=<0eA>_!jcRaRHjzE*ut@QcOCHl1nV`=UdEm`|suHRyW0l4&}EY7nS!LCSx4 zcNNPusHGG5Z~p*-RdU!`3`bzyji4FjWw2jEoWb{$oO++jW~t%p?Hg0P@crzPrR}46Zjwer05}YOxXo5rU<_BQ0pF;vLY%rB zRU%QiNY{DZ&5u)5K6e;XfO`YQY@LpA$OhJqS0`_A>r-tov}K0m>-DF&5*c=}*j-Pd zrfvSylQ~+H#59zo!P+t8b?ewHS8viUGd1k#zq?)WLNE9{1Hd? z(eZEW-SN483hJ8Wz0Zbqsov+qkzVlJ3l~r_C48uM1S=4qhX!V;7P7BR7RtQ(k zjk#q!9{m1Q?iyB+;m;I!ZaWQL%(dPOi77n}4lq8o%PHGKNF#@|_&IN9Vd4wByO?6Q zh&+~{FTQy1(Qch!!IS4Jy;S_e2iR9tDw^0Pexh0Gnr^wF=pG=` z4BBHFvQ?|I8PxN(d$Bwn=zuOj? zoNEV{8%Uk;)K=8@InH8x8yhQt@e}*T`~j_-a%|j%1Lj;XHK-UjR!~oRWne-ca1R-) zXpzZlBq@Y-QgV8l3ye=UlTyBh_3cNOG@F1@*#nc(y?*Dx8l1K^5akoZ7q-VZJl0Z>dqdLiW}R%IiZt322d5(y*shqK zA@KOOyS!MXSjj?8HXlq>-=K4!KWh3;ucGfqNpA{~mxeMy8S9E|u%712`%6y}JE6kh z<18t?4O3^SX|f=K(tEj<8CU|uAG&MLJX5S){{X^6Br-Rf5WpD(oK!Pn^}eWW%G`)c z#-k-gdVF3T(ELNC!KfRrF6uxJmPQB%y=5K7naFAW7m~|RzOszRJ(^{fQC$7>_g2_O zUBI!y&lRwY`-{t~=oZ-=s`mrFDf)f1cC1w7%G@?+G=u1OS|k=*&z=LQIQmqY)|q8( z15B_7-U$Go*0P#AsZ8T9t>RTiiyKOO-o~)3t=%sHw>gw#j8s_Z=R55ePQ2AM3uqk; z)P=E(b@s1N)a+MC`z5WNliA3se9@kB?M*uv&Gay@H3)2@Q6mO&**Q5iM^LpF_H8Uv zY+^XU!R?`v6cVJ^Cv+gd)Qxp?ydgZEg#y4k$HlG;3y}u|)-dT^osjgb{ z;*W<{Tu%+lCLSaPSpfM|lhFIukyf4A{=iVhLXI93VYE_9)r{t(>zP?yT^Vs@LUo+cW(`y>&BvG@ZFMV+tWlOcnB-D0$k@gYLVrG(v-2+#xDu9UgPtl2mb?|y zTf209^w`$;AMjV;C+!n`@fXCp2A019z94u%#j`Drt)xyPZM(@vV8>}wz$5uB>X<{_Nnnt!Im1o#>IvhyeZ==8&HXMh{2FNiNfb6Ao2723g@Vg!)b9g zI|rIjo+fS7r^=$<{H-T%nr!}d{4p-9m)HIu*X&=^0ms0pgHOF_pS}4WBWTk%&5yQbBwpx{J#B=HApVC z4ST>IB7!R|dgjHfT=NUel2)E!JikrD`#t~XqNNcscpBAjjn`x?d#gUaQJob3!F=V`Xq@hp?fna7zRZWJ6G4!m@)yZ#M+&p!sgX0I3cv&6Q(IFbBauE!L2LsQfu zj54kf^?79sAE*4sp_6G_yK+6O&?9s>?cVs z?!1!}%DEB9_{M)aOzHCB`TNYUG1wp-VGK10Jp6?MPV`1H5++WMRXfjka~S9%l`mrkBGh~@%N7- z@t=!U+F9)^VzV+vhm}^yBoBO_#MeC4k?Ye+>RpLEIpSNLN5Gc)rj$~6r&a@Z0k)n; zH7|wq4JTKg^y-(<>GBwik^H&y8~e3^*($c!-qn07YjLLBTU$;bkfzmo=R6^%U(2rA z4N+2Lw{nG|Vm!nrzrPi|D5J;5Vq}$$mr(GYi=}Ee*H&6Zln*3@-IYNsPduLWpKQ9P z+9!@AWVHMI3=G$yO{9EgVOX~E>P-GxLgF$;dE&M_BY&fK1IC&cjuym6d1ZGM#HCZ2 z&=I{z?~$6hKF7%8oz{owe~LUC`!D=p)OAma-v|CFX#O7YeAY=k`W@~qp_X8{JT?d? z7&y;7=bHMP_B@N=2klAlGvbH9{{Y%uv=0W$;p>>B)3s}@! zduhW@sah$|n0B!U;WP5&i0JHL3xw>9YA3I5gbMYGN&g8NZ; z%&jH@voF7`d6gw&=`fVh*lAj(o#83&Exb)|mQLq#6ZeY_z!EAi66$^(_^)fINo8$v z*S4qtEQbw&*q@~kmGnNlB*Z!xh*po;XU&?9pJN0QTQqAEsUWX)LhTSz zxd)IwwckP~^(J48_L1jXGw#pX@8g!Y@Ylfq013R&P7TZvk5+Wl!0(t?A0DY^w+1(^{Ww;ef6;~0> ze`(97ZdBLeYU#R^7tx6znH@3M=C(`^93djVQL$v+8D9)|o5Q{&u#Zx= z)FA!SsQu-<%lAlb-A-{|C|Ud|)ECEEE}{O75>n_1HWdE8+hkj@kXOJisHV~Bhw(bvr!~*@>?vOLCX$(zZ(3k_>|IWzY@G# z;>5Xot2^ttogKJfhDIm|_EU=WezLuar`fmn+x(A&$v8t5Lx`*9wI%zh(}W_rrkig4 z7wTtN&ggmhoC=&fV`1VQ`0nY^-Dn2ts}Rwh}2_eW-Xs z(_PRmEoWak0e-21edlmvTVo|gF4P3Q!G=+PfUEn=R_fFLBbip&T zd7f0c7zY?R1Mn60M}@U17R@jLL4%RheQT9ZQ=b!3@o4rh3dd_K&8ceFklEP`;z7p0Ok$ivSu%QV(BWO7NS%1xMpMJwwDgHI==wo=+~~1W=jJx8YrG7dWu>`E*+& zz`iJc&KiW?0`Xz6@a3+fszU=_*((qwj$~4DjrsAK{PFNVi!5$@J87(3EZTOc*%Jbo zUCMU1KT%wDX<44_3{}r!e;8P%k2LZ~j6AO}KJE@Z>$Ux#JXzw~Eq-ql_t-wbG4=ACh<{2=jSwdaMkFzo*TWh3TmSy+s33x*wtJZA?Q`xet_ zYEQGohWWyO%HVausjLiZw6~$v#*Vl!#3^V zO-E2oKKMMGJPZKIC!y!AYvv!?gZ6b_+3&_0E%$}4FEuZOz9&QFLnHZ%r`#TPs~${k zkVmKLdgrkm<;W3mQ+CNG3tJ_Z$B0iiBqiHY7rap6; z_-FRT_*Q-%yXn(vFx=W|kQw}!$L`4ohF`?~wcRgzBFiVqQ<0yS9u)B1wwvNRZ5rzA zxR?}-^c%Cs^BecV+F>W@h?a+J+#5d6CmenFMfyfuO_8EPp`wJ zvEzORygHO0>2QcI9LuwG2X1)_(hX4$2i^7 zZ>@Rrf<;E7M=g1#Uc&Q1<^rdt4@!LUUlfAQn5~&1{*) zi+4tMk9;kq_`^ffuSK+Ps#wTnG7>jRr;L6XHS_E`Ro{m-x$R>~h;_&q;AgdTQ(7Mr znn^}?J!e3?ni}5KHC)W$qcw9!ON~|Jg-Dv+ zm6d~X2(Le$($_)P?yY0Gj^J?MD8>P(K7$J*(R6FL-B)432O}oEH%h&{Pl z+LX0BpL5v$7yN4RFNL*r5lw8`R^S>eo_+b^zd)_LOX05_=#68mBr0xVI4OdqvBxCW zr%GK9%s9g#=Be%J?$4I|I}8x(7giRtxU+_4QMl)iYWD30+6is~7jz@gaz%7p{L2x9 zY3h$ekH)X3TuEbZ0iM-H0FeC3YmV^;k2Ng{Sa06j?F60xAdkqU_KLn#g$C z5qo~}M-1ptI&e_?dRNAfX}X@B;#+?UM?LIewv@S6>yPh#pPh45(ET?r!bW&l!}(98 z{8M9Npj#y0X^&G&YjE<(AMs#h?e(jge~C0bTf){_hMLk#V{w%+9vwjLLHvIz!s4vC zVy)2S7hSTql1pgq-6IDX$5CF%;Ex4-Ki2#?d8}(1-TBp~kO-}!n8)M+-H)fzwB=3e zC}Lkj^LO^5z3|g`+QY&A9lV=Tv5ox6WPWzYI|JUlw@&cHLJiQ*C?NLlT-6|v>d>iu z&f3pRxwR22S0&Mh%nxexO&ZN@;NKz;?lFgC-0M`}vRN|J$`8i)!+uZc81NeVT(O|oZ(%;RJ zT$Xk@B>Mi9=AJ0id_=mrNi2=Ugs=O#6lcr&*Hlk7XzsMX4r-cqhHmX{merINC|d=% z^sghm@tywwojg~hs|F)*J!;c1mt=Nc61e{Wgn}TBf@F2TY*&A%cvc%LBoHw3yX1DH zbJU7FcV6&h(oSYcfGjXZaxy#DAi8bUjOen)>GOT;WE$2dB;nBMZta@ZG`W?NVHx~u zo^4J!or4?|;8hqk(ACnhJBF7J&*nWVQtwZK?8zJni-Fh-;8qRlOo+Tar`>7yl23gZ zSOEb}e)qW*+P&tPB)EHsL|s@8xuV7_sd=Rd(kqK{&uaVwn!;@n1G`4A=8toVX|!b~ z?lx;>Un!Un!;Vc)b8_&-8G$wob^f(#WHwoiBDog#Z0;t`3X%HPZ>Q@pXz&I5ELVi& zZIhK@k4n)9^B)k|EOu?E&k%|xVnWxIdF^vDl`5zk2aZKtS&WsAtrkSLSwTN902;Gt z1h;7<(-0Rprsg63V_NQLWM)j@uTCkE>(*;@#p6C$KQ>27B`po3vGDKhJ+EAAn(m!( zJ>ANWnPWnJP;r1hoonOUpAKr$1iBC;!M^(^01oD{lIU#&dELgjH-vRt*d(+wv!Q5@ zKQZnFdX1-tZ@gFFyPa~zQEhR8V}-K5cO3r!PtLiWJxe^(Mz;}4mQzO^jQIPf_)SvQ zBe}HH1TKKabGVL1Xi%}8N6_1`w18WQ81wz`I(r(csCaqxE66rnh)=0JHhpVoE~goh zsr)+DbiF%J*EHGMc_MI_T!dhHwtvrBsp0tSbvPq8j^_0_#yT8gv<7q@AMosBSDyOP z`e>%N0)3A8M&}s8$mi0#-w=44NdD1+-bX~amObvOK3(45=hlN4t0?`p&f4BdrDh?p z6p!JklTnGS-J`jQlNtNnXke2o+uliSG;;l>DV4bZbpzh3HleHA-y}){>5`1#_1)Nt z=aj9vuITm+U%|7!nc=JGHTzqE^3N?ImJ+NzL?%w|D$81cIjkrHB`H%S(Dp%0N z@(mp&@dt>t9WL4k1EDFI9|4;c;@%`aBGLR;9klRS!wO1PSc8(p{{XXF!(w`!?X}u;bNeI$#^xZ_k<3t%wMBCs|{p(dFTir!n; z+8e=xBw*!K`g_*A*FGOI+bnRH6p*`AS%$_cIRB#aWW0lqSM z!8P;$0FSJv)~}Lj+C7Q@AxGZDOp8)DtusywI6}&?DZt0@*R<&iVwP5{p^T~uxg3Ih zY81k6p(WMp$j8Vn2vdN1ab9_UtH`%+=1B4efBWXHGP#+BeLS!9t)FAKpHd47SM(lB6tl=RIgKmgKfJk=;!MELJ?8Tbvqo z=7%(MnG3616+iGJnh76nw(KO0(6og>TppFtX&xW8L^pFnyK|5+`qoZn_D14Kr^Du@ zrLdMjr*_fKYd=r3xz&|rf+=And6sy15sa zo>^sPk7E3*_57=i>TewmvhT&wcw)(#bg-8zpPL(#ALpU3n*3Gqmit+gQZd6NtYsNl zlxN5!5ddBUeK;_lJtYB5k&eT+TKbpacZJmx!}_$*t9Tui*5RRW zlDXi5KMeKu_pRX&XGg2gYAx>1hv$3!J}Hc2%<8tW#LCraI0TBjFNZ9@# zYL?u21-?zZ_4T0TsUc$GY^+RMp7o_1dxDilJoX(825@I(q-e(SQ4f|`hy=dgg1vV@ z@FtIL##^A*5j=k@7TN*p-jtn=s&PJ+_$m7~{7LxpuMY_PH1NyXfXZjpZsIEp5a*T$ zxv$vYgkQ0*z>nG9>IuAec?ZQWiqoCY!3u|t)xh8d?SenXxN6onP(H-ey!~6l+L!z# zo+6*YzhsSG+fVX>hdo@=JTOYO?zJGgplC!2qY2w zs+5_$Y1!E7Z|CsVx2{}iJ_fY77oiM>E0NDRIaWLoUR$l{sbQ+E$A~T@x>y%6+vH(i zpYf$B_bZoO4>r~Byg}kkT12(6T_?lo^2Wi5z^!W=ogYB7eLB}ou)4i(n9Os%efTwu zrPva)IXnC0mPa~`#Eh&62wNi_n5^hz*7el7hewU{EfzG|@`(aCQPhub*V>@jBf~sT z`$BkQ;mzKoYvHTNwa*k_#8gGN2O}9R+<+_OUl3}45I!bqb6$9hTDiHkc|6GN;$49_ z`@Z9?Wa4h3c3vF#Vdcwh99EuOth;_d0c`tM*dGl33F{ZPHW4kS*{rY;rj@xLrDG*> z?tNRT{1&zFuAEoPw7a+fHuU+1aoGCSkAu7&eLPzkpoMy-c*yiV^`Eo37du<434A}N z+}&y~632tpbBtHdH-8=UyBoWUYc`hR0Q(4D27khurpR}D9oK}uA=_*7Tt^z2m=H+L zLaFck>*#Ga#uq*qvTKVSEV7GS*v89p7~rxHI`*pCKY{#Jpg?ET z)gBp~$rjh$#%PkTk7d#Hk1i-DxQ-=IG8X{j>t4}k;ypTj5^XwdKG?=a5t#<$Be*?# zQZlIQaI(X9aA%g<+D2s=1apeVu)DgtnHyJyTgwG;oPk=?gE?Hgoz=DM%BCAvRzO20 zIw`E}Rdt)2m9)B?{f1TLMtK$63S&|*?>seWWpf4B+HPTt0ksvl9C!7u3hoVVTe%}P zR@YXW_MA3O)7*?zxQgd*qGI3~}mz}D8vs>)ew{o;gJ0-#l;CIayDCe)dF}mUz)M!Nco4>y1fqebb?zs?TL*1 zs8>86z~?Jnfxdy`(HruZ{e*WtF*EhmOJqrhfvjNQjtY3r#HNc2Am_?`_HP0c7~t4r_?fxJnmYnG8E^wuF^fusRt+%b|5=R~wMf%*5~Lk6`z zp?hj!i3TN&;mO|HRJ z$0OKPJ#ynt)UT`smE<#BqYvElDo>~9Ql+WSRyv&Kxu@#3nv|AT_lEaR5-gFce8M)z zIQ>5=-_q`3wzy@ugU*G&)*<0sdKykf2L1l81(Mps4V-aD_f$n50*=`tx$EsV-|bhL z%u1Hmvcjc;pY@pO`0{E>O_&y*1=RdSe7es2iRQM%sTh+31J~BQH&5|MvA?&1XvUu- zkPg=C_)v+G>}mM3OkHnUhRPd>Cxyt|#Wsc=c&@*~*V-WQww9Wmv=O{#&=p%&0%Eo>NjvOMw!!KCp{0neO>U|P}H^S2pSEq zsO>EAh8=yXWX93QY8t|7UM^dqc#D4x9ghk{v-T4Uxt^KF;A(! zp=Wy*^nf-wW;jC}?^Xh$PfB zwYNjHmn4jWcMr@|v}+498{yZ(j|lh*(hDs{HoCh}vOjBU;VADE~uJYTAOJNS{M zXu3t&wOP@T(Z|a$?xWQDid@TKoQKCBfSUKjhOyQD7C^SQw=Ba@whOtLz~R@>AM$!v z<@dy&haM;JCcb<<;_DG(tOPO`(D2Eg4IIfk5a4;=_6+flv=yAfIXrx#uUJlW>#Iwh zJ+18TB7MlrILCVFgV2Xe{ayG2;@JFC;cWv@pHa4!^hj;WMETf3>-07D&xoV@Zi6I^ zb@r(-lb$p6tZTa$7#!^k0A)^_Hh^t^6z1#3xA9 zp)y)|>{vq})?yMigV$m%1%XnB9wYgD(BppW}@PE83syF4-u4H|m z;muNQ4*tsaH)N7F1g>$BUtY_5W#SzTH9J7kCNqxedy2|P##5lxDFM%gO0w`@XlR9ZgGx#nrb0o{{S>E!5e$ku`iZWaSVXu zk6Nh1xwIaJ=AVA3;F!a1;Hz{M`z8MX1S=c-rNq_(ky@#+^LRBF7bl z;)CSB{0Om5-9gV7GUL$bi$BmB%nPe2Y~Fb8C4?(SD)g2zGORwJisdh@Ve=~h;HY2fNuzOcw$jKVo z812Ndx#VPq_03g*S)?l?5gs@vwN!hP6=8ORA?K%hxVCHLEZ$-foMSXLX&8hh1cord zm~-p}K^E(OK1t>*SeykN2c=1|6jQJvVjOhNI#&IK)~}`NejV4e+oJBexhLt3#$6pWdhZ5@+_SllGPUoV00eb!|3J5ZZ3IjUt?6Ul_5V;)=Y8-Ub znKMtrjd7#vSK1z=Wr5kjT(1mq{Oj$1g`N!YFN-fNn?chizlPX(mkAmYe4)WS4^jtpM@jfE@jG6#k5QY$^S+va z%<~1@&;T>@dU4*SoVC<)jnAyU1^9vN?N>(BqiJkxz=1?<$sbQ*Yv{Whn5CXYjE%X< z*Q-i*IO@de<&p`kh(WQ`ZTB^WqFoqLWmf&+W1f0fT{D@hXj!>?xzIF@(l|LB{o0<> zSGb+hDL1<)+HfmD8+KZC@w=1v;#+w}LgVh!b(vF4vPmCm%e!tt>L@gW=yR)JlTU3n z**7;kNbB!i`F&4WvxiN$z1m{|ah_M+gF~$QP41DVc@u<@z~r#b>hT>`(%xsgn$#l8 zD;9mDsh|t?nvC#i>l8&Ix=w)q02O+7hORGf)W>ka?Ik^Pf~J76=e|4e{2CvKrn0oW zj`kg))w^?C#A!Q{BTdGGcG|}6}3O3R>O5nd zVTVvf29bSEPRmlcvPDbi*!l5ne2=`RtwX6nq(`M)+`!3c@|Fstf_>_)Zy5=o+1cM{ zH9TswRYNt+)?Gu%zAPtXzQl>6n@7T zwUOnJJAs4i`Bp}mBoW<^u0RL1WyooBv9`Gu@Jo3FjF+*nC;aHF5Ubo@hGQ&{NZUar_+`^n4!{+=AOp@q0o@c9D zPZ;vdtlI$vvDUbok3KxR6D9_0o~hSGHzbkd{x0zapM`uk;vIJWUn&HQq-a4tWQ2?_ zALpff5r3__885X9i0v;XJA-t~V<2wQ)NROD#4<+9>+;fsdL49eZMAda?Mlkt^4jLc(%fPva7Hn-gU%{{ zg!Y<-m*c%A_eGQJ+N@q3L7s7r0qQYX zP6zWp(kq5kFfq+=%F=_6HM?q)`8JoQq5SLr0Kr{9VOR7g>W1mz^*#DuOHLCC2AJF9J}$ppQ?*#+GHM9Hw~n7$4q04 zR|Q%PNcOxi;<@J;3@T0DP<)d0R=562)AeWL_wCK_SHvF(e0yp8Mf^CoS$qfL3$cGa z#k&6h$UgDD{BEP7u?O+br9+^6cD(q5rsy|%yR7oW6(j%;l#aEHNLc%N5OH=sk?^&Q zcRnPwkhC9To-C&vsUstr><#ydd^bJa-ij{d5veU64%P$OvF5S%Ie#SAyzG5{`wRG& z;&<%@@p|v!XNELK)aN>RytrSv6_N(V`B|_4$^QTf{)MCcpFd|W*`vY#0PwQDJKkx! z{;zEd99;a+v*3R2-ruXfc+bB$>t2->elg!aTT`myR!MWbiF+ff^;9+ zzvK6fV7Tz-!wq)l;n#xN`eUM4Ev#bZ8)C=Hjio%O!Oko4gZ7^BpNVuGYg(6I*L+2B zb`=ZzjFe6So>l6*k$eU;ti&Co3+p&YvMFXu$B_!^5SuDJ8g7Z<(Vk$8h7fPry}OSHp>;{5ZDwk~IaHEp>0~ zx#9zrBoCYOBv%xmf~GdemrT_pzj)(URafH!wS5cW{{V+mX+9gi@h#=My`(Yu@{z-B zCm9~Ug;JVZA3d4oR*lXFOR|#t&D5C7Eu`5o0=U{c15>@cIzq*JcWu8<5Bu$>m0Gn_ z_`FtO%t9p?+2uOgy3 zsbj4-4#|GMw2j|N_8z6jNPQQ{pSTwLg}H0^}L732ex->3N%*M7*>aC}(!eFm#% zr9dK|QD}?B%SK1=H{pX(O4rc#Ddtv==b3)me*&ZU1N%VT=r;?028rSgE-hC_mSn_k z%axWOM;nLAao3-E`QO5N^j;mikdP#Wv%N{^JJ+j8*`Lz<51FdjRVm-P`)xA zx$(Ef{eQ#o3pMgBUVC`dozkcrk?MN!U#;+1=^qgM27VlPzd^I{H-_)xYe~{*!FWS( z3X|#A+qHUejnA*An00Lae=K|w{{RO60B8@1{{RCou0GYLX%}kNHw@X$yXBEv{h&Df zE7-L=Rfc(^jCpFTMmq||wH*(zz*Xmo$z35ynjkqG@mZG^Zu?&u+CFYG#c-#o>&BX7 z+AXX$6T90+uso-ooM+IHUcKR+3rz70_ZAxFplo7jT*omW1(YsSA7Vy78rqxJU4)}! z$aJgtip-{X8fa#CTq}PPk`MCF<6eoU-7>)p$eWe9uBbkSHMTvMz}^woJ|kQY3wU=> ziqltk+E`t2EJyW%|m028&J2es{|*se4kJNqIhn3leeYYpO3x zA2pA|##LiCymenSW0UZ^%Lb!uEDVn#k+&cbpQU*x#*Gqt4Ql4{dkAb`pZAC(TqtAh zT$SQgDwb!;mi`}z_^usAfklxv9lp7*Z_{G9vhxx*WVcbdj(dC81lvWqT;;rVa663zFUIU&H!zULn+C(9H0`JnkYw=K)Fes)al1dM-*U zQ?2-~`!f7<_)FpU_=Td$r2J0sg}4%2{{UnH_ZDCrl2`bE9R3ygtJi+&ov(SU-UHY51hjbD%d|Y_1}UuEi%tn)$}%t?01PS9ws=+^&Yj@v^;NW`HyzfJUeTz%;M$Eyf8s5Dm{m5o)eE;@aC(b#J*C= z11hq%(gr#VR?qB@VEz^HKBuRri3A!o?W03~Z*?YGHym;KboQ<*+DEA>T+u$N(Y`AD zP5qX>B^&K`!m@a?;br*}C)tixG(W}1Zhu{(K1|W2!T?(gqy{FgYBAhHD#%#^FykEN zxo0b%Nk)y4qo!Q#!nT(`uJ4PSVV!?Uf7b5Aw1i<@t;lj z@B1NNcmu==tML!QzEt{rughHoaf}|v9DV}5Gvf!vp9cJ5_yzFe!mu!#QGzHYl|o_d zWJJf_>74V$baS2@^7pry@x|wW^j{NMO{8nKX7=4i_@o2pg@fP`Ukuvh7-3`PFyjRFJr5uLy51EnvE|pwu6~jDd;SV}@Ymozi>r83z@G>84PQ}_ zq-!lgX(K@kk-%-kBL|*8`t|Ui#9xnIDEOnPTzKEcdbCpN7f#Q$r~TY2Pu&AJ?Ok75 z(Idjcv`cNIfzAEA0OO*}LPmg``QX zL*mPk2a7(-xg7>$xo|Ll6Ie>7wr8(Sn>>3^hR$ylYg(q41a`L9cP%c(7*!{!1GR14 zLuW3XcWZZZEE2S5%XQ}m{NjkSx(ThxybJK>#J)C5n0!BDCaHB0b`h&!zCAP6v-JDX zrrztm7V#F6`fj&v9MRm_T}O!`J5C!1wntjRNZM0dA2!FRNolRMwY&MSm&gaA@@v@b zBZ}n|d1$YWhPY}(aE->?cy7*6Opv3vJR0Y9Eh5?pqbnQv_{b#v(^)!Zp2*_Qgrxq` zpHWjG^G;+=aDDOkR-U2Z%|7PMZGzU!3D9%fC+<2`e9V~eC<;x@8{2gv?Hcaf( zZ&EhrfNRZlC|^?XJ?wGp6K~iGo~kP=9`+Wo-e|TnTcUZR+c@c6>^8S8<*Y=NY+;W| zxFgw(OQS+B4_u4LWwD-TpF2!yIQ%Q?--H_F)}P>?6GP$%5Z->|=yD9^d_H z?}U#Z9|b7cpP#=9zBTx-K=Cc@-Iky=9X;=+l1Szy`P_a{>MQhr;aBYu;Ooy2>9F{^ z%3TuT>QfwR67G%L9D5I?bjGK1^PJ-VmE@0W@jcCp>c;;7O`bXJk^%)vd`2stDXM!T0N1Ep|RWg=nUvx*SmO7OeURj{4>+$V!60E(#j?)8aqF z4Sztf(Y#@%-Pl}{aMtrhxb8*clkd{8sZ9G!zcb}c6f}F(iq7sWRwHmq9l1T~3mZ7^ zEjHVSv9*bS!ma|3O5{7IT}=+sv;jT)T1|Nz$-IPf!N;C}lBzPrKM?Dz- z0JH5@qul3{XRG)wIJ8HFKo~)c@%d-SqSdHBL+~9sSc3oD^+Bpo;NB+xn%{Ltkq>dW;;Y6=2PrBUm z>&)cGg~*(+lk|f=t38a6vhesD@y^!`13{8 zF2$_cITPuto$)c}IR60k*OA4iUc)eXE!|IX{o2=;LS&ATJGs^uwv_@212DpNwil(;V+K* z1^14x<+9PW2&@|3Tty)R}m@d}jCU$Kc4c&mnVltoIP!De^abgdT#e`9kJF7)IOMjTc6=jQdSzaFGkHj5mu z6{M0d+s~~&WMFvJj2BQ`uE$n{xDrX-hp+OlY}2$yx>Avy@sWT@!Ks?+29}w3cc zrfMq2*+RTTH(#x0>odUjv70#pN~E*I2+j{r^X**q4dS#q4K6!th>OPK&mVbC20n(Z zNZ)3;`$Ts$$3Dyru5dB!(>0LHd;N0q@^rLAG!o+`MmgQjYBWhFw3U{7hn{X&GY*s# z)sIWlykU7|G;&EZ%NEZqk%+-xOd9b`O4?uTnJ?hDlq$*Q5L1Re^=b^0ztny;Dbj5; zJv!Pui-|U*o0t~fGsw?xYNvZ|d#ma3O05;O#@zC?PMFR*J9#ZHCP^Y(<0EP7?^f;g zTgyUT5@H$dI@V4Bb2{^1)Lwaw)1->P1==u0a9Z8orf0R1%6+(#G6FNWdQwrajk_Dm zrYj>KpBOkD=#t(?kgTzlEZafFG9<(MFj=we`Tzk%*%0H4KR6= zTY|*xvqp6hp7?R@40Wehjy!EUqPRB$eeGhZfJS%G~R?{LFE{EP>!D{Q{@U^a;BsbQ9 zBA9c>bLn0^ddHzol0_Xt&ie2=+q+t@Y@B0}Ow&fD*Ad#;&QoliLV#Z*7|n8fTj*)X zjal?vQ%{i2XOhxp%90!o2>w+i?~1Ja38tH=?({jXT|r(|+rMtr(MlIH<$E6zc;m)b zULw{t8;!{fvK{cOTd=?$2GL(_{>%RW@J=s}{{XZmi)rJZ6=`vNJ@{tQdB%IWJiCkQ zamgsZ!l%^x*QLsmv9xLRKTNEAW&1S#$XYDk6!;0@4I{+g6&VC~8ibJfvMXmFG@x^X z*c^20R&=n-IP_?L2YE7{?f{8OvK83kjv!_P@X% zj}!jXy1$97d<~@NdJllKxE4#hRZy-o*lpm~*_sZKcj2r};GGpxU{z#U03no+803z^ zu8X^|%TkMp>AIE9m!v#)_p)1FGsGOA7}`kWei^PaOP^ELFQm1#c{Gg@ISQgF&zLdS z9ff+d(Sl5t`b(`n#*L(dD@xpz9Fy)V&h%C>=G5-K*l_gM) z{0;>^OYR(~@Xw3C7CZs_Hzv2^zl(nqZMCb_#J2Vp(}}JE^#DeDap_-%f3-LK6wl(v z#`ATd_y$YA1o$Q8!ZZ$Jns|DA{^WM9{5~CS&U%wa=1uL)&F4ME&Bmbev3U&67`e`Q z?^Ha*X2XrFdt$rnaZY4%>|zjtSNYTtuGV$qC#SUsEUFMq8=zan4)~DkQP2~`uu*75tPpKZ6uiIaNU+_#H2l!jVaQOH3uygN}pxS1URdmV}MrJx|4#5cr?s7OoRt z5508Q-TblvI5@x^G1vSmhP&cjM@f?7Nz;@2KTL271UOd5WBF3CYF&>a@h+vLUOX~d zT1s!&;nQ#?NA|4^E5n*q!`RE?8;koJ0trYF`Q#jM4?NIprEq$7)yC zx{D>3hV-YtyDlSXaf}Y_^c`y}iBe_5B?ikTuZC?uG?Jk9z#WFryzQ-zcul{ zioP#=PWY9oy@sDGz83Jl(1{(e2(qSm&u~br+>yK~jnMuX2$)H0ZF6)_CPy2X{d?Eb z9su|^t28{hJ^#9Wm=&viNJmX4=*b9?C?O zS2D36f_=EIsz~Q^vp#tJrQjYG_;sl24YE>@yo(Z?vv7aHza+dXr}&q~8oY+y%Fp{3 z$|hFdgShkq_2RaYR=J|8eZS!L@b|;JJ1Mo%ELQIt#@j~XeutX+7T-~{)~zh{O%7=8 zwCP9g#`WG8-Fk!4xMzKAS2{ZAuP$3kdkLbFSj!Edj)&U0#nY|j)C^Yvjk5p=#zLCT zB;eZ`)BR3n0HhDjlVp-}o zm-lj+5kj#iIP03&`B;n#wwys)6nyC2UVg7qD5!@4u+$n71ht>!AH%Z2nlxUZl*3*$X5?@rZp z`?w5OQ8Ixe^lbkC`s?TpIYjgCi!nj0IG0Lvu$_=b@xu$V zvOM=uNTzp2WZRR2fyHfjbS;LKG>bXplHFa8-~0LNL6eEVc+PvhB72(&vuh)!eAOVb zf;tY}{{YW5<{OA3N5d&y#{;f0 zUt#=g_%EdVXz(|L^<6sctu+{+2_plv%NfQ2Ur~;=QjUX-OCEpl@Aho)&%>=o*HPB5 zOi6VSR#znDhquAs~ zwD34xiWB`_I-J(#p>G^o-kqpLG?B@?Abq*uXRoC|`O)s$9M;;c+%RfEl4G?&JoN91 z^o?i1`Z=|N>L5~h{{Yr8I9B$>239za6F}BFYQ7-*A}~A0Ja-xE_*Xx3ZD7}099FuQ zn$nyY)Ntnnh69L&&L6x><34eeakp{w|I{#z|g8pPZ=`8IVPxS@HC zQ#~uVS3M3tE`93N_P42cr$IK_z3g{xO9TOl!es5w z;fe^Ak0#SJ`Lr!G-0E^+t;-c@9JT;sgOm7IU*kU?FU3y`_)AN@Gv8}g^So@!kU9;V z^*s;iR;AFv#Ak;!D7+cs9VTskBaY?dHp(Vnx_RVR=@){2F52E5F|2LvrnRl#fw|3Vt z$1~drV<4OknD#ZJk2I6)XDJ^QPpZA0teSe3c%@;u5z`$xt~z$Q^ZdkctDZ8sz^>Y8 zagp`M?8D;|2DbW4x7JWhKYEd}Y~XQ`>ze(9(=TJybTo4!dCeB(Tx2!}{{UK|yl#s; z&gNL9i5JWAr3^uCgRiA|AI2>z*}NHXtwjX7hOGmTACgRX91qI8+VQzjk@?ww4b|d2 zk0UFyWUCH?(yE)gtpe*v@eQio$EaAo@(}&*dB#1esVT9Lc_m&WcB9-qq&QxuBY>_t!eFREzEMj$*=>Ss@e3eLPbsw%vYy1 z+fQSTakC#An9*=m4p+*&M_*H;!AoJ^M%^2TmO^p}JdS@F#y6|N2 zJUOw{qID$~YT+g4k=P!&SsJ z2fiD4%S7>(hoEcvIyd|x+UWD33IJO>k@uruI&++K7{{eWL#`*#k!g6A%I-D`JZrJZ z{w4RV6LD(&BiMLu0S`Cv3Cn zZIZH+-^p?q1N<)B@n6E7&Wot{XIZ_`wR?ZE+}l3JPyGeQu^2U#`V(R+yS0N?wA6&s z&Z*Bm&#AA_zu9}@+jvV^)MJupp|sU><7T9sGCLE<_vu{Ih~ln&@n_&a3F(3h`}=Eu z6knT3B%jNDuNMB8<2-R+A^4NW8fJ%mHj$ufjiSWGp}ra8oQx1Xh^{u;(ASda`P0DO zAJ*?YXLWg{>Y?nGX3EFHxIVu9>+5X>X(E%zl|aV_J#$_7YP}4q)3NGSxDf)XuEce! zBGpyo$l6YM^fl{3T}}z^WZcCxP7z;!xbIdhidt@G7$?4Z*FgtUVd5KmWOi08%z7M9|+zVU+s90C9cs}Pwj$3^`?%LIE zWsi5521v)RZuA=_Vffm6dEVyM7s4+9fsBu(c0nnUiu7GS#4>9ZcB?dT!clP8=b8(QRgW$4OU)2@B}27bg&=Zk7eUnT;=7J` zSL9QM3{ElaQ!eFlquI1y5n5_*a}C(vaJa&O&{s_uc_4ZB7EpHk3dB8`)p%>g5Jbkw zq!75uf=)RV$@s3${_j+h`aAoXtq05^INP56sh1dbH)7F+-j%1%a-?iSh9jS+^R6oL zO(sQ>$_ZhU84RTN^yajUGib-6INcjk7L#fk4(SpJ3osyL4Cb?R%Q$SWt`hMUNOu8| z)rC@uM)6iV8wqT5nW4BvN4L&MZuQ*gn)R&L6UlB2cpbRKF`S2tuc8+a-#SLjtVZTM zf$dyR_MDf5#|YaI?hQc@88qMAR0N5{O({0vyRY}@={VO?0 z+Mbe49tH6xTaOfYLesof5A7tAwP!xBYh&ZB z6l*h2r0I7u7>&_f2r@qLKA9Dv^>|wMR%e%Z-@~)o-|EoCc^$|}q(LlaA(tlwe+u_s zf*-V>#s2^W{73k0s%cVx!brAl4wW^zj~{5WW&ooR(*rm?sYqGgQA04nRKizRjN;<` z8f)+De&l}FpA0n5+NbtK_|fp!PL3Oky;nt)+9km;{hsI@t8?`FqCAyWSW2aNjNXTp9Y_*d~(%0CeNI@PoH#$>W{{Au(!KZoFdEq)?=71w`e?}%ECl@_ADBlu}| zA)iguEymyw@)hyXheKRdqL1k8P6@(pT@RqX8%yFlsr2KfUd?)+cxRjpam{_H@V8X> zspB6JLEvpKK(>=qy8_lpB#05ToN{rIpIYK*%9bHT?tYbcZ{k0PKj51Bnrgluv(kKD z@qbv-e#v_i94ig`lrb0}1Nv9S`u_m!Q}Gw#@5YP2iN74Rs|{VQk!|g4Vl1|LOkI{3 z^MQ|Er26w+3aytaIBHWbQ(lgS4pSByJ3&bVzG}!1mJ!ZtM=!TIW*gb5?e`t%H135`Jc|P_RRNim{_yd zJ{NfFRQNp}v2oz@6|-HV`S6w99OSM!2a4-&yk{qhbXykG)-}`+7I3FHC(^Z!B=#eN zMh&&^lWtqgqM&E99W7LO!NN$iC+sN_;k8wiM$=+DgOZB z8`R_?>e@g-wVxb;*aC50VW;@B9t8NM@aM%utXHZv9XeDWFPxn};9Y-8<*7Xnn8wP< zvxxY6;tB73KW%i^0cTVJ+b1aA{`LA>eXe-MF9P^CN!L=^EjLntT6xHzJ7IF5@$|>x z*0|+YQ{gjwTeXXaNU+fKsI5GbBa$#lWyl0)@~l|2dp%P^)NNz5N%aWW$O7b+Urc^g zP^f&H#Oi#-tm+pwcNe;4)(KbnV_}V+-=VD?8%>gN6x&KlIR`wCrFv9kSGLgX?6m&? zEz2?;{d4P5*lAk7hrTR)Klq)XTr1n#B$k?;vFSVv2*4h^=QXWKSy=P2H8ebn#20#X zzr~LlX&N=1%nxg+J?)?>M%9-s@_r@1I??cEk^P(TQ9dZCxwh6~aU>z{Bz>38vU|m)b%Yw zOUa8qaLn1rKaF{{C(z@KBkgTl#hx$mXN2`F2V2!Yv^2Z>Giz}h43*EJ>N;1^Ke1QE zuY^*zd5vr3lh8eYE3-+h@(I4%B@n1ltbXi#CFXCWV$vvBdvd2zp>xKj}QLPKL+%l zihdou8b#IR(7Co*239!wlwpkUf0cWsmDOvnu^@-l3IIVQBJyD)X84@LCgT_JbZ^0JlunRcgwxNx7K<^4{Q4VkKl{{7U#g zb>ZKK{tx)^;llSG6xM@Ba*@V!Yc}GcoM*XH&1vZNGLHsnTAM?Vka?F91t2d@PoS=- zqlIE&QtmHi*UcMV3h@S|rD}HGB=Gj2@LyV-#XL>Z@ve&FS-92j?k=wnnRz^hNeIBp z6UnZaK8GGAntGiMk*O}5aIDLQRu!-Db8n6`O+PSsH%e3nUiiQV^r@Uy$BR|+o&g7f zqS51m*5He)&DhXru8~0)YS1mh5kC8M~UQ6`9X(f$vux1 z^}mNTf43^Jb?eyHSJd?=)ICQ}oE29mobyur6ZoT`_*3?q(lkFFS=%RtFH!7XSN{N) zd02doeK{m%yQuaqyuIBI*)N3NI=Ij^?-O_nScWMygp>&GBg3uCY(7@U)A8h2D>E6Fieir;r)JCIkec}yBUX_dkJgu1yJ!#6RRB%#nW9&_5 z_N&lzpN5+5o#EX!Jy*nc5wr!_un|bX!Tf9TlGs6icXu>)zh{z3-f2@mc0zJ-T-9ox z?h63c=G+!Bd8f==sT>bOT)wN|JvDECwk*<13)lHxSX`+f_32!4ne9S_k7?6>DBkJ* z9go7g#jJiN)BL|KC%XBb9y=QHU$bkv(QOCAnoynL4RN+L!3os#^u(Rk)B0$(oN`jIEkcs-^1?-{2A4JF|KI-E%;}m zYF;w7nWT#1=l)u$AcKsK*{gmV_<8VK{uU2|d_&^@00ddTgtUw3?;A^u?v8T2;Gz4= zoP4K)(!B`NTc0jBhr7dwV0K~j?0Zk_ zQLk8Dcz?zEcBe4Y{9mWv7l}bA?HOzzu5+KxwtsJ3J3tfsEAeidHJ|(?#yM=YHcyr3 zh^NWsdXRbN-l|bK-A8lsm-|E}x8)U9WjvnUYu$9&fQ|`EVYnM}Tva1u(!xuj)`?o@ zDgjpLE1uNtW&1>Pw4W&8k5gIQSoD;1xg-*Z$lLe2b)||(B!4%EpK%-tmoCRWSe)m? zDQ!QpEvL9q=ay)}#&Q4^#rQW$=hyVE z1b95GeY&4*KUEz<}-^35_2gKhPPNep~*{;uXX*IJZ$odRF ze!q~kvU$=Gsye&^ zaGL=c$j)ouZSV9CDhQ{6;gORW#~Jma5I&9=pLE~w=8d;m(r@f_SOcZNkgt3W)%54a zXnX-_`zCx<@kILWouK?oj$bm)-d6zKAlvey_uZH2$iV!2VNHFedAXJ{N-4*Cqwss- zma8?r`a)7T*hpm0_rr72zVz_Eqhltg;i*y>%))dBJ(~yS8Ln!waaKMs589~G70w!~+^nO&w?kh?cvsm?du3__$H{3dZ3X|73ITh4?(!Lk)snt9`+Hj{Qx0RO4l1`2wcrITC%7 z&4%c+KwCJ+QS`3o!`k+ef)tW(Doy(W5y7s=u7{s3&eu@3`$yTPw744y<#Wb8>y_0s z_xnVjX8^I}n!Z+JH_$9B?#;aFq-P!b)H)1z_d1l;MoD1V{ortYFN(;W94KHco{W?s$Rh@vYa%J-y`nObDZQFgp99mxxGG> z+~}7QY4G{3u}=m-ZP+9l3}p2#>KD>WJa|#$whvx|+Phr}!W)DW&Zc-&WpnFHldcw) zx|O_y55G4D=F#xhns?)u;6cot=ho}6^5-dkHnVV(%4 zEoCDI6HH@x)L-_9E&q}$~E|NusQbu#Tfsd_xh4BjKMe#&tZ|wy$83Shl zvOPhpq?u|>9cPB-z0>r&c&%8Qbc_gyB=J%;Ef>n)Y26TCvgZ zWU{h~eL1dyWb<6It^neib~BMeO(y$Md%KH|DpXg-;naOc=U#8(1u1&!k-T9r0R)WJ z>5x%fUg8!v21z!jzcub34|Od+#Qq=M4XiWV`HZiT`^3@vK9w?+gq@CF4L(M6H%}rS=RHMqcCgypTzQem=?e5Y ztXWQHb)VoxaOACp4C(a8-O@D=~?nJY;(4H$goos z???}w421bYEOP7bSc(PvncFzhjOVyvXr~d|>CC*B)++Ejf*MLy|MMkxXV*p?P$uSqa^dfCm+FGac+t5uB?q z+E>!Hi_p`RSc=2p{*P~aZ+RPuhI6}aJhSOukj0{n6qGCcJ%JRZD-$D-*&MortQab> z`=+zJQ}#%jAFzV5V~`smjbzye7|PRSq$EG5rDjQQwf=GQbpntZ77VI|3WX!BXa@=b zW>p~LtpQ^%QG3_7ki(xd`PZEJx6dofDz^B~%s}IVS;{21oezbd{t_<~X<9Yxk!_vH z%N&-+UOyW92Gc|F4~Fbo9}8PsTZn(wEUmYCbI^WO%T{(SG3a@i_4Du`1d^O<>D@?VH1cKJtLCM&?>&dTN@1;!bmqCU!Axh`{p7hl4{ltVz8qQNE zl1|fJT9IYglJduJvlW4(QgFn4-%8=UZQ^Y^z}j2fS=+&=U0_MhLocWUp{=OX zZGrRei+(if8oi*G%v%IR!iK=x=ng9{;D5lMjo-BY0E?vX$HQL@-Rn_1m7h_#h1S;0 zpW`z09eZ=qy_`KhT|oWW{hxo}pWg((Wo!KdRQS25AB?{mX4@FBNH^PA`ihyTAhB}oBj#q`zUzJ_Hpsg#9t8j)JLc2_m)uGPo{?{BXP@&@tmC3>HVe3Ug|cB zrpxwSCwV30Jc$0i4Qob|M-6(M$C`NBTN??l?&FR1yRGEfs<7RUO6Ytoaiv>mmin%- zH2Q9!K4-Km_lKZwUZTA!YfVl|>tm19JVKr+y11V}u)okew<JH|w>z=jbt8sFNw!`EOs=uNFJs68uHgp!jd$828TYF$i|4 z{t=!*1OEWmUy^^c_xu#!L9nvD@K5achfvfl-Q$;8*i|kUp!vFkT~ujZoRup*kHrrd zd_eJM#7_{vihN(<8@*3lIrBHR-~s3XJ%($LmPVE`rGl{Z;2QK&wudz4MfPAqOaA~Z zJ8{yG>|LoQH=ac^DGCDl`seW(PkZduq(bv>P~nWtXg>JvCv?V?ZK z6WA5&U#NewAN&(T;#bDaKzPIAzNK&Qufg`w34X_M8w;7&Czb?(w*&PR%UY$5s&GGj z{sjCz_*w9aPJame67Y_OlG{LIn^rI?%IA&DGv6dvOXAIY;qQmE?Mlza`f7Ol#20Dh zTgM&2VY#@@-cEkC!r9db_dZzDJU4%9E}sR~n>U6uZ#yk*5CH7Y10#-@>0YO)zlRlW z?0z3<65GrW`R?R1F~?Fd#XFbEc&OGcyg#W}Yj?N6-wejq@*Ja&P%9GnT=)yF zu22+6`Bgpgd)6{$sT}U9tZ3dEv!BF26LogeG|1yE6e0E&$>44O02=ti;xFwPuK0&h ze+>LKw1dMw9y}Yho6MDu_qg`{eJd7?m6nH+=>Gr@uKYo&Cbg*C&8S`;Jjn*)*zbz^ zSHj;7-r_}y3uta;Bw%g9#bHp@R9z2z&^{Xf0B1^$kVGX$1*0r+j^e*Sd?31W_;Tk@ z(KP!lIvJx>k|kW09_04Tb4vY5l#G2l;hn_S5^s%>8ID{j9D7%!*!XM1S|y0LxSr%{ zcsq+I3+yXuXvS?1wo9QR$8Q5%Mo7t1+Nab!NS+>4GOW6G1#8f+f3$?)bk%1 zr~E8?N%Z^6cG~UGs^BY_exo?>`C zYS;F4^~I>WTUNJDq_-c9WZ~EhYrDH^0K3oc8$9*E6_I1A+3E;nwUmi>mBui5Jk(fC zoxP5srQ6ytyoKhtQ;Ef1qDG@CJ*nPU!No_h@*)&D~Hs>cD{pp*MMls^cu7HqQ_2((&7cUMlzOCR|BSN*a^p}>#^x= zcPyS{49GAJ;lMSOtax5Kdx)>?9Qjd_%z)=^eQO?ObMuA&0E6`J7+qOvVs^51L7FX1F5+@L=TPu|nXGtQSH07W(dr9? zj!6Dtj&gDBUQMN4&86D~xSieAND^?TBe|%E4Vf8p&8TZ=1Cno|=KA@|2~&*@(b>V6{D^;VJ{P6*_-C3Y4h zumhmm*oxW|qrKj_z1q7Gx};mv0rzYg2fiP=idE(3v2Jmnx;OP0{{R~BD_?+%q-s{$>KnN1E+>&~)(%cOz`wKH&e8C17RTs1cRJ?IIos99TUQq64)EbzRxruv}Q6sT>EFeB9kaQ znk3q8qVru{i}^7cIDP{A5Adz{yfdlmJ{o7Uj!p4KANRn3SbESiBf*{_@fX@J^vzLH zTRV49H!ev%#(h7=y6sQm#ih54EOhs`j@cV(ghkU+thwNtL8t2+HSKaif^WoKGmb7%)2B)LmcCr_2QL<%IrgBon7p-ZCxM|Lo`G# zax=*t4{G^`!9NhZTkuoImiAhW~Qx@`6~vZ}JQb72nfd0(w}e-Zu}_-|OzH60&YhEsPT1}%;-pm)gpI#J2cN6H=` z_&F--FeF;s&1#CKErS?g+?)enGk(}#1ZMvLglkUmJknfhh-L?TV4dU)9FG40{c1L5 zNc^SoFNU7ZNw%iU=C~OS$iQg14c9f(36;y-*YJ;sX7K+2igaCKJDBZYibArnP1!^I zxfS~n@VDYDx4I^ou2@bciID9(K~+A(@fD<%)}=G9{?vl)ipZ*5l5>n=u1=OZj+s7_ zb&`cx4?;*he=6dw0mXDbKRk8dDLfsm-a&LGwuloXVa64dl6W=dQ_e1JMkDf3@}!>p z^{#mCb;cSWLw?VmGPcq+OTPhMy}Rhzltwg-u)bNr`@Z=#=KlZ_{2!=%KJjYnnl;_# znRTSyjYCSf11vDvEIa2TwRJ;#m1{Hmru~3_YCSXd)curv0prLnlJCZvO{(eI<-YvP zuAFaSobpEQf4qGw?oS6_OQmX%Tq(oEz~J}6s;>nZG`197NfDHQhkvHZPjhHF7d>VKZU#m@uy zpTNE#@jrvL{W9*yS<&?ev7S4DwTKOcYPMmb|pys2^-(43Iigqf}WA z#^4^^>7klYG%2(fEhcf(rCyHVmN^uYgT_GQR7+!eZ2cbp0D@J1+LwQ@kL_{c-xlk7 z_OB1YuN0W{uM*qmd@AgA$2+I{B=sENk>3^mj@l*Oo2lqFT8^DG8m5_bY?qcdC_@RM zagoUDj-RbzQ5|vI#ndh$k|tpqg*jJJI3m76`1|nE+u{d;_1!85eLuvyWPjS49O_Oy z)jNuQARpJ(y!w%`vG9fc=AYuf3F*E)J{y(%_zsogdw(Q1l_0_i7j@H~yIAI>47{Fy? z$Px{|s2rX~uc6l&AJNBy^|`e>IcB=u1=J30uA-3q(a1eVZk5s8+AN?)8)86r#%qeK zbTm()&g+^cm8t2Pj+NpaKG#z4?xzFk`kk!k8ad&0DnlvABLwyAO@E#r{1u1xGt_@% zui9tC-Wjsd^_B3=%)iXR$F-LP4wZiT3!P6+Xy8wj5Oa>SFg)hrrL?*+ zNW%n!lU7X1jD<4(ymh3RQQX&qNL@ib?k4^bj+Nf{Q$u@r@9n2VmE~WPKf>ASDVG#- zemn5jh%L0+x1KoO#ym)hhn$YNuQ~AjwD+bsfIABZ>5eHl+|eIE=(=Wzs)iDfT@W`0 zz}$Un$vk1L>KYG-Z?u26qDQ!FRel@kPR8ky*`0ad7kXr{{kfPjdAY##=Dp%QQW&(o zGCe^M%EU(8edAMfv;(__2qujnX%;I{f*6hzd)LbzDorvCcT*Z*RX%6$IqFV10;mm7 z3u#(R@SBT~BjvMZ$nH&>kvVO+tM( zX@#;oe-|D7szjedqt-8NHH#Zq=YhnE!MGs=ytciN z#2N99N8LW6yMG7S*y=*(%x@>lI2;d}vICjbuPwCwctVlJ(1$8;dSbM0b=z3rQ252VbQIv34zJx->o_ifcIUr?QdJu_BC>V5I*5 zO7k5i^6hmP?8Wonv`k}?OktRVj&V~pq0t%G_se}wSnVT1r{!D*tf_C zBkxx%qtxnz`o7%h}k9>KBFF^ z(xx&!8Zomve;D{G{^rd1irY_zQogfwl|eWo2dJzs75rTBcaCPzG@FeJMzMwrLS>66 z?Z6*0H?S|&%vSEq5?wICCVn~bByZri zRYMk=AxO0*kv8S>nQu~?T-L{(%%Ap80k_chi$bF5crMYCeKt`U8Rl= z8$9E!d9`Y&yR-AUu2Q;3=aG zeihXPw}sJo97uuuT2vEa0>MC5dKDR8)V=XRsmU^YEvBMy6%G`D4yUiBSuOuQS`umF34(HRu z5Uh1C;hU+hXNC#l5u$m7X9SOI^{%hO9u>WU-fP2aD76Rg5y3vS(HNd?F1lKuL1;R5 zh2sy0T9$$0Jq>ja4Nq~i?FKRo5_H^+Ujh7L_(vv-f2jCsIPN0UEtK48@`IJSiwA;7 zu@#+2-1xl15V{{Kd@@>_)t7q}T620u|#9S@MJjI%qx4SvVZ@o&MO5;dKFQ@c+e z+u6%4u#NC7?i6GaGBcBozP0erfj%Z`pYV@c>L*B#P`R{`;<<()xr;`{TkH3FS7kb+ ztaI*tPj_T4Z?ye+gm(Hip=lk|Fs}^>Im)-tkJ7sRIz1B3IKR?kEOWFIk||WgD;ZV9 zT<{OtcJD~F*E|Q~tv*DK{bL$-p|v)ddHGq7elb<-HS1jq>^B#4S~Z3IAh8EKNjxd{ z;=J0G(dSNAH}!oJPnI|**>5Bac~U=IS0Q%poh9|d5^J?PMbv=m*3xW7 za=GP4Ol1Cb_1H{J^*7Ei?!FCCsk3L~PshKAP4PG4hlo5;b8k2HuJ(#&ln{RL_4ltE zY%FXT6OuYsvZ;9=)tnPTG;+EWp|Xk*U_uE%W8a#J0<`3ZrQD zt-EoEnV9kqZsM%Qu#sz?CDk-b--h;jz2NZEhm|z^{^-s3vIlN|rF!rD6Q5tze1GwV z^Wdhl;dA1dbt2k#*k@6()DN7V4gdo=`qx!0T0U1k#Cr@aYRgVo%2)JT{s&R<_x5Mi zKV$y@+JE9d!Y$H2f%OeO9}ws(A>a0RWoB26Tew*jfbW1S#KH3CXWjE>v98WeS7vzJ zA;k1EjINGnhIfTn-94|-@2b@@(7ZCsx@RT*k6PQi*5uReV`gIRMpX&UD+xOtxVarh zgKHGFCse+GOK~G)1K3x@pB;Qnsd$g#wzUG=?rT>_U_g1mUc=}B{40v7=24pGvuA7J zpV`C39y##T8uVJU+C#_=*!-jO5ISz#kJh+tci}IH{3!58szSPzqOnPfFa(TpaokrN zsh*W8@N%*~5Ai?4nY=CI+qg6}kL=-T1>nTUEASFz%Hw00jEu0;Kr4@g^UN9wOBB^bU~EA!y@a z_gAw1RkEsD%M+I|;};rbz1l(~vA5iZA+`<2>S~0xlUl^a+)5ChgNjn9chkZski{+4 zv?AU%lK^Doo_@8FZ9JnTnJ87ZPT{35bxc-!*%w+{fJRY?M(nl}i38T23bop+hwN)uQ z83q-VPDnpoSEc-Y_rM-4nGlIg%jrSxP=%wJ&{lL zqVT1sz|S7|Ls&yE_I30@Rz*J}pGN-x$E$At0K!mso5Navj669cQY`-fdKl08rX8!( zryJ;bFs!EqKIa!_9rm9(NfpHQw+O(Ur|yyMUpfBMU$gCpkGv^y@drna>JJ{U~80{}SBtuJKFxe@c1z&{j8tZH-kS6Q_-8ug@)Yjq6H0|^vz$F@7y)+-T`6$Veb zc)_eBtXyE4O%-gUzwrI+y0(XUbp1z<-k{{*=aJsGek$r7J@}2L!K+_rnumydn1f9` zQT@%U*A|e1*=5&50wmvAmwz#*F%Jn5A+e`AfP=59gHS}+XwN$u8l|vNjMtWws zCYjMjDQtR`jPXjO3<)}#ZN<5f{I*@$;&{ERHTe~>oh$5$!arxH^d8t8aT^i~* zHgdt3e7{?~7Y@~_kK zsuH9V%)#Qyk=Wv|og7s#YDuH$`ybmA<1d5$8f)JP8u!CqDe!iwZfw@uQMD#pIEs}% zT#9+%^k8v;itt+*v`t4&TRW8zx*$NRy*U2>>sLf2eGh@f@QTCKsffcbdT#I49Y==z z6Q}Cat*xE)v~Ra|*#{>a?8yD8DW$IsW| zIbp9Fo1@lzTl*6J&_4~y@m0Q?qxi?dQN}WK`AC{Q$L|$9kSoN0Z1Lw-~79b@M$uHQR$L7 z{445RBGXgT^ysC&(e=$IP>2Fn;?7vuFzw3Xx$04Sn=DN^y&2zVJ~Z*4ie-nx+A-F( zU1fIzV+?F%Obq0%IUOs#@dl|jsiH~Y%}2q0Dzot_L*)W=YlJ3G_qJp4tkx1nk@it~ zSo$~M-|Rd4VR*Ou4m~^IUb(7i7uL&ix|QY9S=+=2%7^ng>5tC8X8r|#!8YtXHTx=j zQ}9p4-vjB^pA#TYj++8$HoA=G7V#>KV90)X4;d#TCz{`tMO~a( zrgw?rd|Wcz7x0o&lm5GHWBKR!vGJeBzqD7xO@HF2#G$6c;!EjNh%E*qw~0m-2d+J8 z#+?K!0w|3MDg$m%b6gc_ChmVu=cf@us`uE8`BordrvQBP|PjvoQWFdgigGy^o=U5@vL^(8iF%YYK@7!N+>& zbbUTsHuFw*bs&zF?_i^{Kh94d_=D^GLskpnrD!jfum1ohZ1fkjxocFI+D(W1rAGk! z)Y^WVBL4uVGc(AU7{z-qk5l>nuH_rK3&|j5R&sHiR#A=}K3N&i1}7kq(zcH044K>b zbHp~~-DZ;^M*}<>*h}eeZd+^%8WV;0t&9t|j%+YWkuOk3LMp>tTm6zN(#0j|j)u9! zb2`e*Rc;~y;yFBau08csx{BJ>Nm*l&uz$QgC?ZnmNp!MH5LIIv=c%duJ!z=D&SYgV zqi)GPt4KbFJl{jo?mS6rrCH9R&elt}UzMG6x7>Tzmuh|`@kY6IWA?j+YdBQxh;kH@ zS{XKJL9ALXA-n|}fC%sHRO~c2lTo<4S?73UU{oH9^q`J&xm_mJtz?e&4?Pbf*w+)T zXgWl8sM_mIab)El957`k83)$BSX~1_wY-MYOOkIp19WBg zC_aPQha2c>ncOJWG$ew~-5ucsDHuO0p2PF2n$%ae(A&Ml4->lYiz2acXlBlx;~4HV zfuUW)EOG757L#4Wuf!-js2p!u+E@lvFR$Q z7(Dd`y`C*f)_7rxaTL-a0bKQ8YS~1S)NK~jTdK;DSjtoeIqSz-^A8m0VmCKY$S!UC z!WLilvD5XZVq|&yTPvAkbtf4up7p2UjanZEZl2i590*H%t=HPIZ&MP^yW*%Wrzxw!d=^G(=@zqURNid*1gZfeiDpM}d#bz|cDWXzX1Nj1{473|cEe7VNy}e5OKQgvk~@2TG@NV>7CNho z8&Z(kuIQhp@zhtPcvHh#T(h#YUn-(#fR1R>#ags4X zvRw~Myw~CJewlFEo}V53Zy(GE+Io6)uM0@h!tre_ZKqY}0UvZ`qmU9V4RY$=LZ6gKsw90)>Hy!1(bZb>}#Et-%+=mlLSv{+4=d; z;o726u$-(>yJGueR0T=ok;tscqn_S%5L_>m%a-|i9@wb`GhW*M`q;#cD0IdMVZryQ zp7rqC<&r(8j2^THGAZ0@F@!7u^Hg9O=NYHDomq%w-O&0_N3<61;ushzFU(F49R*3L zT4=CAXDx;F^WGILGBEq6*w7_29#Q*&F6In-lTEX?xYfb5u#lUH4h9b==~>EV(T&ea zPYK;YYRPbu#~>RUaPM3rcy`-MX&}9o#j6wM65Q?Tc{R;CsT~o+-08eC@cK`-*y?(0 zBgsV~GDke)o!>!UMR-TUzAn@*rhDB$UE0GDD-h*?_c`reb!zuI;f6QHj~m~8pgzO* zOhbTu{MNnM@#dZ3y*F0T z?=L#`Ui)^h;;L%*F4u`R{6 zhi@|drg;ee09PU83~|S;e%AO`;OC0`2WzB!KKMo9j|==i_+@ViOVM<~E2mD3`_3|b ze=6%Rb3JvwDfkEB40;5gc)P|rgP3h~iEaGD6rgq7LBfu`d9OUS_+{cG&!uuc9nqlEl{m@BDo$&z1@Gog(9OQ0R70t1rwzX6?WgtYKn#&j7mB>~!Bc-pL^GCZLV5 zN*Lu2x$RfHM}2Rj>DGF#v#VQP#UTgCS%&!d`=lP9TIh@h=6SpLrd@bkEr*wM-1IJ9=YbasnNNF<u+a3&Ld`TX%ZGGQK?$CF8s~Li6?iMa7Le-4 zNL^cA-~N#7hDS!vPjS+NsX&Sg{V(ElG{s-C%8YcE;VTsn8nJg6A};N z&T*bS%}k_e8f^J9P>aMqG}Q049}wT`I<&I3#e!K5(I0P=`vG2?;O~Um6U`f3!}cTQ z2HP3I{A-?bu;onpr$YE%bmfY8);RS1aU(9%k6~W*;XNYDNxid^OVVJvm=BrdUEt@w zD;{pfO*DN4q4+dv_w8`D)+s9{N?8r09AKkcsVuwZ{PCxvim2;^sT8cf>n1 zyy$Oh7Xfndg2RrYyoyahwFwvdOJtAHm=0>xQ4*8rU(q!;)1{C^S(J3=pst{59vIbj z#W1(LxL#Tb26_5dL{XiIbt9qA6`--Pi%*qC*#h)$LtM7CFuuCBhI?oxXh1;7pk+s? z9cqccLu*^sY{r86d+64YVSZhy^R@@6ubU>-QSW57p4s8r3C0c&Ju_KPv9&j)#j$Hg znf4<@x%BDuuT?tS{{YzQY_Y88U<$;Xipoo|XP#VGySo`T9Q4TPSHIyB62O->>k3@P zrIpVarx=OJ94(FKh;OxfjXG^3SBBYKfpXAdA_u;Hyw|6HV@DFgO2GBRfwVadaX5-M9&LNE@k#-FA z>?%lgJ3|vRQ-1L0z5z5w{YT2o#J_ctV;lbPf-_k+cafx9cNUe8%bKoh1dJuu*sKu%%FuT5-*5a_KCJj4~S~c@++;B%fc>wC@nxE1fnGB9X!%0FlVZ{41u??BRz@ z49hCaI4F8nkeQb@rw`(NU7)jQY-171Ng$^u@vjWLz42DE9@1-1E@o05INX(B4^nYm z)Z}X)L-Jd|`nvjyGo?O7?0+ ztq(q=jM=V8g6ca**jc{wbinkkdeY{5ku`!$$Rz#{A@a9M*S_d>vz<-s@IBWJzLHak1O(mi4O?o~ILKra^b%JID+c zi4ChM3mOgkdFXoAo!q3h7fW@eBU~bY`6^27@5t|3MqSB@?0qlr$3?R7kvdDni+vyf z13~=0-UFN!ToQOcPtv}k_*k}0xuXV`q$*Ajyx}Oq-)|Ud$=T=Z;!|ig=Ysj9dX~+^sH~Kg&Y0H zVc~1-ETlGmCXy&ELI~t{TI9hp{!JcMfK8{{R$x zc@Ktk?G$MwN2{POaHJioIl#c@(y_HK+7DXPz8_lIM|W!4=a=QI5yDxRp4sYtm8qm+ zLxv6$rS-$CzvSZjs?lFHF@n;v*K)f%5+Vcpi*@&r1DX_+{b03SRs%(sjrZ z!&J1sP^C7EI+Yx$>yeZCQ?Sp5J|}o49|?HRUeT?uVz{tu&uBuFV6Djq*96zka(H4* zH&V5^)=}M@mx;=syWa==^rFObp7m!QnWO2}_pPbJEw$QifHCL?WAE0l_#%6`H7!N$ zUKZ1x!QK<)PCNcNG!o``hr|yCc!7q!s9);B?qNBa+=tJWGH?L;R<@DiO>11zwAIve zWpfN-5wHw}UwR3--f225jOlfIaWt~(LLkWJA284H8mpwm{gL9mGh1oeTX>lHk?qJ} zeg6OoWXe`MPl(#~r|})^{6C=0_A4#G$q@U@Jpugd!9FnjF7Z@)--a~xhfz8;xJF^- z4T&JKUnbgwWbSQ zUeY~~HN-2rLfv+g+v!nJ>11ydk68FE2BF}uhZ@$OrR&p7A$EO)V`371LF_UsxA51G zyd&`!;rEXGDSfG5opuNp$a0v+T%E^{TIHI((XTF-K2Nmq)xU-&*Yv$6d#yI=7>dO# zOaeTZ``jMB_3EDt{{U-djCfy9@jd9d){pMwSAD`m&;#gAY=tPFdEedG>N<9vtR`MjtLWCp?f25M%E9*5!2#F(E-*R@?ARkxE* z)Y9RRp_E~l2a)b8z_r^uc$iA8+fO?|??e`WnaZ!qRs;ea!v{RzSKR*qvhT#m?CtM- z1$%7@+%^OcG0&GCe)#M&)9|j?#^@dTpK;mj0T}>d!#K}c=`{3-9LYMXulIA(x$7>4 z!5&}nufjGyGSFkZL2niApBZFbg@cZI`k$NhuYhFK?XNt$C~f8pj>)@W10uZcTRjfS zbLdo(OZzMP3%e;~vb%;=kzG`7ARoKWt$oYlW1@Uw_;q8iX%HpHiR>*xOc>zF*|G=Y z{zYz$B>JCA{{X=oKWmA_Iu`53rV3#&QJ!Yz(f> z4&nh7ehuYY&SR2t1xrSh-$HwfBYA0eWJ#4+7ES*E!6)#LdvjmjU;Gd!_TB#ghMxVJ zG_Qg`5H-ku;d*>Mg={V%cN?#)a0F5>_lDI~C$V0B^u~DWXkU?B zF0G|Yhk_6q;y;-(GnMqOHmW)!vG5O$d^vgW=i;3Drkxy6d^+(ueV0+UBQe`t;~R?O zjFZ9j0>3&xY;S;eUNrC*j66AgXQ%3V-j>WLbz4 zI4Pbn+^g+9MnF=EI_K7>wz_q2*ldx(6coIP;+|A2WE;84*VMnUkH@W3 z;1|dL00sDpEmq>k!e-hUvL#CNpYlpvh!ZO@gTrM&{ zgxBR?{1vPAIZxW7_Gi>}dkq%%R`{>raW18$#b^heso53%^}augDgyvH+=Cx`o;LL? z{{TO2Pe+@>8s+DP9@65>D;ZbKQlyek2R!6-KH|CkN`J6Qvd8mW<6-9%NrBqw-Z|E8 zJUTR6w-ec8`56XAXhacxwRCeeVg#}#79uH zw4I84-~ywyeJ7;q8?r_y&>$g5kO(Q4G$<8YeO_dqUvNqV+anEim zrV{9L+|9naR5E!^Lxa|uk9jq-Vpr$x^UY{(bed|<90+G<-Om6>FQPnd1=sOJN>wp%uU!utzj2Q{JRS!tHB zm_j((caFKJY!4jNbmi10yq(j_%Wht4B714A$~JPto;@h$=m$%q>xwZ0N9DTw#fMW} z*N64*wk*aJcwQ+nmmhoFRVfVgD~tElbS+ZKQEb9^{H82`h3BaB>0da=UffUPDefJ?CZ_EjHNan zzVsT{+_-2bv4x_?nT~Ke*C9N25nP;3&l@n~9Vi+{p!jb3I~z-j&7mZXSOy#%;=IRC zk|_0=Z`Kr4cKNbB=r>ED>i3$I4{ncYy!Z61=w*uReB*Q1JeNbFCgtKurs&sK_=H9f zhV@ZiMAzbS+nj)XtCFV2MLBACr;hwSHLni%fo(0Lmsf$l(*Y-z134a^mEr#Y5A^Le zFB3;^GR0>Ws{yyUnfVd7@R9hR(!8py{{Thp$xbWC^8Wyc+P8>20k2(ndr*>CA>LXE zlRv#d*A@CT`wjll-(u43{1dP10LmYJnC0`7<0{<$0GxekK-pFItdHHlhu$N!@jjj+ zQ53B#dqBo>^sf{6!Kc}LJh`*hZV_R%xtJhs!1~u@RnJ0=~Q z9@u7%QVN0xPsmkYiatKR@j`fLOALQ*v$7VFTmgwD0QGa+)wrX+7znv3b}xRN9vm-$STLrMcg@D~53qKX)K>^%dm*0PswPiLy?cKU9s zs6lqHM8ewIaK9@6N6HURPtvzEy(>=f3^VvgSi6$POS({GBxEVU0M`|2y$`puo-oopQKx8d-C7y!8~0>q z1y|Hp&tvOpbbKv(iY~|87atCEO)p80T6;)tE$0Wz^A2{L-~;*owd5B54YY>)SiE#d zCi4MMIo_afJ*(#`;+iIoH~ZqSn}J|Q(APCgV@FfXn(BU?0X@Rz{e8`b79ERxF6ha`c@;Pf@} z_loRvj|yGc_{QHrw@YM@$N-Bg8+QZzD~?%)ru1`ZT=B0N{2%bI#Vh-N6Ki@@4{dN& z)>J^P7|7^90mXdn@eB3^(!5DNrL6on_>XmAsfmM|3#h_E$~x^QxxlXcJ~6$|t;_SN zM$I$h>3j=yp?IoK14%W(@lwb|yc2LPG5x|gHMOH_Gie?o9vSfhP2sIocYK#$Abq2q zt=w18Vd~ubY#$Q4S(|?p zrjdNt7j`LXF*pZoibvkh=U%-y+{YQ4%1cIf{xSHO;qMiE6^G!~nc(YR4kUJ|96FV; z0feeBBm=H{^IsEuNAQNFJ&up6NplnHnoLp0bdn4kr3VCo?Z+P9TAI*4U8<38T-Up~ z`El_t!uCEK_`!LpX?I^@((nHOe-v9b{_}!B$4pn*zX5(Ic;@3(lfwEP&y@wlA~{Cl zT0zL;(~Q@XS3~FXI&WK^z2d)zHy$Ce*1SHq_m@}G`H`}DjO;i$E9@%g{1ekx@t?s@ z8fxAP@!Q$ncwX-4AeL7KCsu3*=kBomE1k;6#Nwl7ewui??#K3j_^0tUTcu0?00!&Y z5SGc|aKZ^W1zme*0A{}nyfB(y!_N?2>G0|8dj-YR*PDWnjE?!neSU70g-Yow9I2kY zajaZx6WLkVSX{+x$x*u@N2Y4@`aR5%6rOg8vNp0GnJdY}W)?aUI*miZei88>fqY@6 z>o)fnx`ET=Yk4}9kw$Ve^sayQSnwu?3cpn;S109TVd!*_Ej z#PnYhcnibY7OAMiu3pb+br<@W<8aHzw(M7n_=EltNUtT9>fxl7V*S_%GDUJ!$7yqF zJDxYIYu1;y0N6lY%NP%kIj#K$4I=hfbnEC@T4imZ5Hi@~+pTyw%zHkA2X3ami{Yzn zJ?`5|g+kN*H!tX~Ols@8XSymwB&gbN=UB)0$Rz=e0k4tY?kG?+!ax z1uT1APpHB^hdc3a!L{dEJG37NZDqLH%>Px1E>UNrGB{n z$NvBvY&CxYYI;YH^{YQ8PPX3!leive8RPNv^{>^qcM0g~c5&RY7Z-QSI{6X+@$HLC@Q?-m; zSl_~N7Nu&(<#h*;!=WCczPH&fRVBIlmxo#9NMe4Wh<@u{@5`snenmeqlm)=w{Hs3a z%}GPL@M|XFMqGSEYW!9~(R;@I&_S_;2xJ#^`k42j5y;+FeTwdy?7a zjD?pSa5&GguG(*vqw}sb!BosLtX=|xwCdBG75mC9FU6ka{{RIE`0b^9b^WsZTjI|N z>Tzqn2h(&LEfY(gFhZ~d$uC~NJ2yY!UlrUmjWaeGd9JxsPFFr(!Y&-Elkmn1Ew3J0 zl;F9R_LKLdzD=_IowLM^sLVIQhvp}@wQ#;L*R;3Pt?%^N<--W=+A`n7NCe}jQfro4 zpH-Mu=zRgEmq_d_P)j?y#;CEWB$5YVS6B8y)+X`9e-J!HJLo!1<0+C!6Ost*54Sxl zHA?5_S(bX}$+Uimcyr?C!oP+739|TEaUPGVcx?xkZY8%KViw@YJqXD;u9xCd{{X=~ zzh_Sccz?zdogd@IjpB=>vDIvDZqjRuRw_uI-#o{HFjSCE;e)}=I(k~i<5|u#I;DvA z*hcMD`^`6^OHan%EA&4#e{Rp&d-hN9pTXTLH#hY47tX2bCG!{Oaq>xoEh!YX48j`Ka_4>v_rZ;RgkK8&1h(2>a(qm1WF_%bT!Oc z+ZLT}WdLMy1qLoU*yi#RO!00wT=tBcvH*SFc@aXaDUG=*T+Ayx5XCI8T>VS z<;$hrugbF=h?_hW^sj22M0j~kTj9AR?$PzXi@qPncL~;Xff+d6BCkgG73aETwUw3S zvg+1$*E({@vQHfR#>l56H@8~V)JLUGzcdeqzi#h_9u4>}`(tRnF7QQ*=)NBDZi5c1 zi2nf8O>hZU+M|UfL}dMHe-G-hU0SS=ur5d=Ju8N_O-^1HuPNYQ=eoN4n_r;aXH+&9 zI(4aJhHHsHjIhd_a&!3_{VVuFFSLys#bkJ-vAlt0#=t{hk%N)#QwUu3Yu2`h&;J0o z-|WBOZyfv})c!JfQ%tt-$HjjQ$M(gN$^}uVLJu)Ij-Y~l!TQ(a_rl*4CaI)G_s`|s zGO5PgZ9aySsiG-jUC(xg@sxtj3VM$9=pG4JHO*$nO`b^7Nn{F&SOV40WqTdd#`2@< zcs>&7ks?C&U%mc4!#vk{ZSY^=-nZe~y&G2WW|MO)gKwTe51)S3)fgwS<6?6yH9krB zq5CBG9`eR*BE_z}6Rqz)Mcf(kSB|Wm>+@sA9}WH?{15S}cz4Ej@2P1sVCnkhyl3q9 z{r2Q^Y<8k_kyPrbE@XP=hP9-WLQ8F2fIX|$Ewvr-G$n&BeQT0YvAd49H!LBHMD5o+ zRF9{s;gN<(;-J|>Lx+D7ClZS%opqKbr zdW!Q;5&U!b^YHglnm-Kq;`d0j3RubpNav0#zLqA-L*jF+f{r5o(mI~6;2+!T_RsLF z@;#r$9WTVXbn%V$+LfV{aotEfR~2RZO?*rr7j8Z(d`0k2hrT1sau(Uf)P!RIpdgQ4 z)zq;m=zJC@fhotC(rq@6vvj}sDt@Gv*Eagk!+VbhTEvUwNo4{`53Y9u)7usFAA-N& zq`$NO0Et;NkBNRWZ9h()HDNWzfgT}~-0eO6zbfjdD6{f@An^YHH>Y~IY4bJN+5RWh z-wVIssb8~ZmEwyZ4c_X%0#2h7`8NI|pGtUlr#Rf>?vgmhK*{v4qWoF^00mO`58=NQ z-Dn;l@wdXO?FsD!@ah^gK7W+QILlNA(~>)zZ1g!8&N=FP*Pr;${tLC?om=5|iu^C| zzr+6k5%jN!ZzD%xsOnbfCc;kz$>0nQnC^M2oYK_1ujuEPSDb2MTwxZ~)$c2H*)@B4 zpNrbZ?NR$zc-K(zY4H!nZxUMQy3)z^y9-%1L`(441Exo%c^dd{!}`stY1-U!%!ocq zhWVWwbZpm=h^(H6_Ad@_t`9DPr-Ooy$@g~AUGDy8onClXTJVIiUfsl(S}A5Q-792Z z9*jL}zVNo8r|QhBX>l9K56m;txFpZDqe{oC>G4}c!Z&>GI3!mc<2%bO9trgiCgSJH zV1INn%n8PE`qQVmqgJ^Fk*&e1+rxQe`-iyXW40^S{28mms9(ivsKMlu*@xc6eHIcs zALSp2SeVq#@s%L&7glzC{pYFlRh^%oLNRu7^1 z?P(rys%TGbDVeSD67%jWk?|d!&a(tkK_m$}5V*z*3f?=MW_N}(t+&B0WDspqdUZ9} z+-hdR;wM)`iahQZ`_-|Oqtv(m00~8ou!|fE$nTuwS1+pT(M5D(j4=ZNN$6`CM#Qsf zJ!L1-UNwdkmAE);llWIBX=^0Xo1q`wZgJ~Ub4m3#Wz5d3_#U8lu8&J9@p&dKk}3Px zs*dIjnVQs3AjF7DgN%V$wifp`k<8^Xq~$p3D`F+FmwjgrrwK`wp>lcJaBH#BEM4sc z7WXo7z!Vspx7xq<7L_D7QHjO}?-+6`jBP^KRe>i1kaP8>V9K}c1?)mUCM9JU>CJNI zO7jb(ZGqm4u@z36Yi=;02G2g#EuNYtY@eA){DmTUPL9t=uvb$#R77m&)84yVeQ!;H zOfvlMf~zJvjB!kkLx9yTXOO&x7Ig<09+~T0rRJwR8@|u?an9jE2Ryok^tUT3vqnDd zMOnM>)%LZzbi0>%Ly$&680(6t$Ek6R&wzd|czav$mx=WWuh!0MX`9PCMsP53k=w0& zp>Oc}#8d0W^2bnAkjT!8qiZlHfKGV=t=QT$`yPYf{{S9cFx31f;;St}ZBo~9igx28 zJ-tUt;dNge>xtqIvKSKYPtTSbL-Qcwv0`hX=vG#%dpr`v9z21O*qXxluczGUS{=3B zqFh`|@)X!t0~~bx>Ksg*PYm$2wx@Pam1R73#dl<;E2nF56Uh|qE5cjm89C3jSkzZj zu7kxBc}6oM%8T-I!4*7rw=-LVG>s~PTh{`D8B%Q%SJoccw0R+nFb}z$46l58*IT6c zH|=^Y-k&Aqy!TTAuCf3DKF7Cu&8>AMqnp#d80t2Jo*R@*kKPRR?@cmY zwmi2|)Gu`1S+#8rPqNxs2P7$9yhvF-;)_gzxi92Z#Z)s2lL~aTL%}n+)l&%n3w5YPm zrJQlskZY>aB6}$yyf3mS&Iw-i&nM7>6U8?&NqF;G-Aa*Tg$Iwuyt*rhBGetGciLEW zJ$b4^QL)^rcz#%=nk%?s)DUJhal`)r_3I}}(W1P(4J0k)wn1ey>@(P{tgJMRI$H~Q zBe~#WKzReu=Dg>`{!1)PXBdiQ`CGQ*>sd-&0P#&u+UYOSNa6El?Ups)cydYF5|@$) z)N)6msJVkWeQWHxgalj77o8M;FUyac)Z?vVX?Oaat&PU{16*x%0r^r*AsLs~lSKf* z+b^gc>jv9f2+p?>DcpAR*ww}t0@Gf}xx{Q7DZ#*~-ubSa1v_!gDMr9a5!vP>!cR0F z{RLK;9aOs#7eB*N1vQPQ+vRO{1RhT~s_kr&Ow)h_i^g-#Jt!tAt;)Bz@!Q)?4$a$_ zzhUiNXTw_vZdzGh7}99+W86T%_RVwDTb*>IdX}%^*r2kO-6c=8MfVdN$@tZMBTUjf zVI&{g_V{#}OknUbJ#k(|d!y8%M6n|&(E9Y5^$(xgq4D!+JoXSk}7UA?^56WQ6l zs}}h}9CQ8^=2V;5^q~^Ahp10Jry}b5c(fp$tgaXnRlH^5O&dyh_dnV0IxrmMe@ZD+ zyB&`e)_ytKMpD~NgyJlqAoApOHS@QNz9HXhO(RcmpJ;ji0CN_3C;PY@oY%KQ4QSn* z(~?^sY5vTg@J;^!+8_3!g5Sm3?wb$6{{V$85S#l`QTc8z6gNIxd=LoFCj!4~ehYrj zUkZO_=dkccz^?*Zc;Cg6u!`@*SCNTiNjs3(%5$6#{;{s9K8WR0j`Tc=O{Pmb#_l-q?6cxvq@{Y}wlmVDBPM!p zfj$`MmI)@FbVrUwR!F3naISxd6I|Dgt>W;k_u5a3EbVpuD&Q)lP=4`;z6N<5R*D_W zW_m@nzN4#na>7wHrLTukJeRj|wqGoaf%^B&a+eyOsp0J!K z0dBY)cdLwg8L0O*N?Oa|%>-((wEir&1l&xg2_s-&sOmfMUS)Z%>vuYwr%`0m>>@cx zvJalV^{iHxHH1$s@wdcJ3;1_ji%Rg{g|6-8zaZR7uon@MIc?a$`y`Cz|wO3mo+spK~k8mR4msz{OK!cRp*9 z*!gg3(l}ERib!>b@}LjVatL3-vHt+Hb&Xo~KMeR%-QcibRNNDs0n>y0 z`f*U?icz^FcNzwf;hW7C??=1V{6!>;{&ToHaDRk;Cyt#fk-O1iys#REr+B)4o~JJn zU?1tWxoR=0XP;YZ+KiIwz8>)2k0R+~=3C(wS#nMXr@eC0{7cb14S#Z%vE6u+UyC9X zQMpyec3fis{VOv_(>M)tSn*$sWIBh5HCDH@XY(PpiHem6vt#*mu3GBCYnWrU)1Xhi zupDEpH`w0xN4EGg;63iCZ)rG<(%^tzR*x%Q&c6wv@Mfkh!L!wwRam-m7~`O=NohBqZ#2wGx*`zEk6tN4JqT>; z^$!Qlac+;JKqb8k!lL6991?r~07~knh<35o*y&HGB$oP) z^ylRRwKm_ww$}QD$u#S5gC1E`+mB=G-ibua)4lMUSY0&MSehA-4Wsx?YG|Gx`zV@O zt?iOr5PauV;QD0K=FmA$G}PH8zPPt89yDSVmZj6}W(rET2n&ME%`a$WDA>=untRFc zOHI!wJu8*hBDdad64oq$SC##08y)P9ZVff(Xzm#7Uch>L*KubGD2Z5p=mE&@MTdP1 zZx(-P+}zs5phau;aG*4dakaSW2jg4*9fMOhk=WflAwk=_IpEfiM9BJAOVTv!D+rC! zq}Jq(-7xsCC-E+sr5n>M46#Sg9Rk&oaoUEtBvx&vz3h@%jNw7zyup+}@rzF}6;H}H z9xE9wLiRcazZX_5WpQ^J73AlwV11Fa`w@=gSl#2xcu4C+4x^gziDKe^=#(GLJ&wl;avWwrp2V+ExonaxLk9`Q|(KU z8MIUW)YUZCM}{wy9!TVVRQ+E1`tB{^o;>sN90oMfv71)dcZT4x)?3TeBlpLH z`DU>ES78O6;W|`m(UXSfoC?-5=)p+*0`OezqiA;8F0mb&`ItmpXKM3>QR&TY_>w8? zTFOm1i^QZeVB>;6rF}(7T;i6;DRFaqtCE&iQsss+t-u}YYvI&aHrGNcslL>rQ?>V; zo_ZYm8qC9z`X6d|Hq%(RyOUVAw-GJ6Y?bknLHnS0u3y3)KGeKJ@tWUA)Gh4aL4ll4 zHQDMy^&jW80qoD2b**#8Q2cB0Ka1ki7-rY7=;x>sr(;msE*oEG`vB z)F=3GdT>7)Rw2c7IUgTbSa_dOxr4(uQL_mbdOC#)d#M7kekN$T--di6V`E^@$9}9g z#t+PZ5Pt(qsHN2E?mQ2p`0wF1pL?vm_L1TygtT`NV{D8M-6Z}Zu>J%547Tvrw-1Xo z?Qi==Q#ROQNcctvIc)LiPUYPD2gi~4Yfy(#((mo!ZDK`4OfC#vhSOYk!aZ8wQ}Irx z;90L2t%O13X`2kmgParB6(Z(EjSF3e!ygjcM$>Nmj}6H-dF7Ln&**rsv3y@b~<~1g-{ruwC{nW)$BYk<7*px6iWs+mnBng-p&gj z?+^z*)$(q=6qj}o=K2jxqIpRg@?!SIB4m#$*R+jgEbL)fj7b!MiYn(Lxb_um!=5hx z0EBM!VVy!*ONhzrgzz}}nhE4RPWw>OH0aK&cF=1!Y6&WtV1F)a#kF4&*xCJ{>Fbz| zS$OH6N(phXO49FFpGt>Zx4pTD5w&9{gWr+)SD}0=*0p_3S+uQw(mSYp!uIlkg5dW3 z2Q{TLDXk4P*T3Nu*2Uy@ainm_(z2d+fO)S$k6qRLe|09HW0qK*OBF=@i(*|zAjE-=di3L(^?!%c>h|6h)o0gqYeTBtTf7p8GyAYX0FQp0)L7_0 zJ@sYQd@rhM+CAmY_`cA_C1LZb5^yql@my4zRnC#BHTrq5#>Hlh$R(kC@K?}xtBUFp zXX=0K;qj}*9zFPe{uR~k>@Q@~UnHxBbwS4OP(7<|$Kvj{r}+0@@a%1G1(Zs@Q||fX z^}zNbl$NG$DW5TZ(jN}|A>*6J@n4$ye~F|=XviNUIR5bWugyEF8;Ql*$e+A|R*CrF z5Nb(_T}~R}GP5&WZ4S8{9ssVl!+s~a@ZPIssHOVZMu%*S6Csxz4_fGhG(TDX9r&6L z75G!b`rIKwdv!-DKKUQTk8nkLBFG)U4BL9=KhBj@CD_-rwM&TSfn!UTagB}6@4~(h z_@&|N-v;>B<_Xc-#$aw?l*AQLPgOrm^{+mwwuZ2M4>S7()~749QAszJ8bVZbUt0BV zfIko{yeH#XG@WA3N%TAQ@}vlU=6K2akx>bBH(Lwwr@)89-YL7)bo)6ipL*PBk`I-Y zgBJOl@UQJ({s}YtTu1w1e#iO<@g!o`;)jG2`zrl6hc_|C01^Y#f}kFIhV`zrlZ(GW z-$V2^%I);)u`R0z+^}Qs&3$j8Ud69yk<8L7w!j#B;;8D9w_^hB{-t zcCRyrYQkIwDgXeH+M$dfVcZXXmAOfb^HxbP5AOlZC{~P#3}xb9y^cwtfuN#Rky~h3 z`(*U13n}x_1{~)dc&L=S6&=lWmN_#EGa>JTj91y8ut)7#tbW6PwdcZbjoLVtMKifCQ_pYqpoDXn0_Q9{k*MBk?r;0{+Tb@pK*H#-vW@S+=jO&lx$XQ4$ zfHEnQ&K@t6lD+G!Qba3T%}Dthxv^DxYOAL&`LqU=ZmlY&V4_pKQ1x7$6n#oI#+s>rf0-iePw zr?DJTJ83ie$NvC=41U`7ekHJj;7^Tp%e%c^+<#?iEqNeGCX9c_y~5`KijW3=zP$ec zRK6SWEP9>o_JtOs3V5eOkyB8&86sPD`;X6J5Aye{Y8`Rh=`J-U(lu*sHYiLs_nCMf zA1HCjAI`SsyYr%s@PQ@78>702@Fa|kFeCi-uRdFvD4)V-{1*fE7k}B?8yaG9pTZ=Z>Ipkw~i?_lBlb zxRS#4rI8(hR?abA&p&{jY$3U`K{PSEZu=YVD<1WQN!W{7p2grB={zZ@z0IVo5Wr(G zla;~GIQ)N=bQ1Uv!QLvo)cirM3yWK)vvx@mUAtsll^FLvmFCX9rOb(OIsX8Jo+xb= zbkL{1TnQR5T;zeC57VW6*Wqn&NeV2ivakc3*S$h_NtjfL+MB=aD4j06wA;YXaal6N zuY^;zM*!DkcQE8Le!%<411p?zI@YRMnBY;dfK%93*DWFc0P!-qbd4N53&uxbT`i@8 z+vz1-ub3RRm!Q%`K-%hV)=~@9kFfJ2EuYnOKPj029a8s{Z9VwIpUJyR$%3ZPZ;f2ZyinG zhHy(c!8o9C+_f%~c)^+*b})`X9+ksto*{`KxJxO~?qOpbhz~KJL+M$}*&{Pg)UI_M zvp8I-!(i8`czXUew=hKeaDMJN%}jjFBNJO+zScB55k8pYTs9OjA8?-a;m@q<%y(U} zySWZo*e*A7>02Vs)(unpQpzL|Hc?LmbQO$s0|*H!s5z&8fFroN$`v?1{2IM!KlVyV z3aAS*>>v)_{{WRlpFyN*+Dfv($r<5JI#nH7d99%(iFF`$tlwj3s~8sZJ=?0PW>SAD z-cc+AWaIb0&ZMEr$ISCd=sF6kaVuQz-cT70 zjwm&X)Tu4(rXq^vQ1f$jE&OiyQK)<}@h#tn?k^`gee#W0M7sy>obG6e9n}7ruPUrh^w%AShq8=T=;5`i z`G06nh1dEL=`H^N3nN79_F&yp4RP$m1YZZ-_h}ck|yx^TtP~ zK~+7EP8C#Hz%H$)cn?|8d_%6>8$Ax*;U4Znxln_yeXH_^T=DI%h(0m=Qq(MO*HrMV zx~!*3yW4^Ga&xtN;B@>ej;%{-6)MK(*1raPV`HoMb^aY{mzq|wpo_t9H?Z>{K7ont zSG;wh!SLV3mS5VlTHg3V^~c%n?c6h4sW=Mw^*!syuU6-Ui^S^MHohiZ{5$YupA7sF z@dD!4#9j;WbkbYF4Z>r|k(U62+mbtq{G#}+;XjH$uwTV_bcw9BJ0Ah+w+}CeZm%O_ zZ#n~$5R<0tFc>G&ygL5&ozI2G;{EHNv!AlJ?E~O1j(T2&ple!HoSLM_5#f#gXrGQT zp2oeOT>YQ)oi|n1bt}7;)9n>Zw+$l@BSGK!SIT0pu8%S}r*r2|0NnUv#S`kQquw%J z*TMiPMs{)hBpwd& zCyN@-#1{ujyO_@e5BDK{;11dU06w*W;vWV0zD*89xxKZQM`!Z~n7Cg|XE@F{u5~+} zmKwRh=vOo9z6bFphj}~*mUmdQc!t>`$mDzU{RMN@dN!jTmnE&m(_Sh0mPa2m4|?`6 z(mtyPJEP0AYq@?K{8aEi#MJP1hvJB|OV2*;-gwl>cWiicRv>`bB!k$1YwS<>D#z@5 z@Sn%u0(>v~XnY&fzp^v~X%+6J1PQSDQz!w*93v?^8@A#2*Vo`x?{mQ7-1eqlTM3Bf zwK-3cOZ-XM{F*)Ks5}Bku^*j(R3EcmrvCsOehpf9 zpv7rU_IDtVgCyC*dNpi5o^7$K%;1?Y+UQK$|J`)!e zdzqSNk2M`5`$E@Ry}R*ctHNzx?Q@oUZZI%=V~XP~JUij*n8vGns=*{oxCv>{9m=I-q@Xqe&*q==T@`1c+7brS##go zv8h?4bW%w34S!35)ul}q$?dFX{ovWiMm(D4^vz3Go&j%u16;uDB6JueXNvK$61FXR!j|44hf;!VvOG62BYen5sQmu` zDymw_$IkJVdn~&JEK^rX-;SD}TzpIT1>xO8;ijFY>bjkUovo~92;-dqNo48+cJI{J zS_$=_}v-T|chp z0pLwR?(Q1gZ=H)321dzleQUAQ?%LTVJ2t*Z=B6@d>P|~yzL|G>s_ELK5ls|nZ42B= zuJ{ZTcJ(#!uDRn|i=AAX7i5+@rBza=YY^Q292(J7JZwa7CYk#m@Lyi=Z-F$;56504 z)1&bx?gYCO9LL*{gV5D4jvutQi1l4ZO4eE%XYh=Tv8~leFoV&!_O7T&G=51u8>x-= zwnbkKXnI$~$yQ$q-9`47hs-fe&i*-2dK$p-Z^NxZ9X9Jg*Yv9~Zj$a;$_^NJ9B_T> zNouq{;|rFHp0@8~_4Bo#p~mKCfr^_Rpab4GiFD()|qn>=u&61>g)Wusv*oMcV#>nf`IR2G&Aq^Lp1^_(O8%BK@ zz-r}guOu;++MPYcT(-7yrPzUtVuM3hY)l6A%K^u=KkVw;SxM*gpqV=uo;A8n8^U_d ztgJH%1qwQ`IqCURKW86>TGxxbHR2D98fLL`HnXPPEHYcGauhcMZ@vfT?Ol|q-16(< zIa&KL;Uf=@bPG#g73tPmmY;bF!Fy#oD@MSs2>|d9di*l@!|dghO)!t>n6W+b+J;3skj_5l83ze@f9Yf))hlB2!2jj+2%@fz%<6XJ0- zb&@|_v`-1?-Z$`*==V?MTirpm*BKkIc*TAid`j>)i2e(FO4gu)JIFKvdAibdTm%KV z2hb0C^&u8~?nz(Ylpl6}gZvNpnWuQiMol_Pm3>YC5>+Q5)Q`PYK00`2`%BWUVAH0z zvKp$3duEhiHuef}`I>UQk5W}VoSbBQ?f(D;r0`#h{tZj}A9x>H@Qv-QkkXxE)xg}d zGD3l&-Pet(NdEw6SI1usb$hq9hC7Hu#1UCeHsjP9>nW@+j`1w~FdnA!P)dbU5T!q4;-8)*{!m%dHv_CF)GFM$MdK zJoK(Oy+XZBH9u7RH+?>-py>A+t(-Qxua~yrWBaVbA2;J&{+gxOAW|0~@m`G%%=yam zxu4_D4#TVI63$5TVO*~q*TWweeivVSU-)UQ_!(tLwTpKbx>SxnwS0SQ-gmt@JUN?ngA8J>_W9d^W@_HOKFo|rBOqWlR+R`aN2X{X8G#2?p zWkL>qZ>>Y9%cDgbcPRwc!U<7iLC90mysuF3mCltWtKx4CTHGB$6MTw!7aAY{Jy&PNVxNzqvA(?A_yc_>%Uvv&U&}X97rw7}&@7Nw2s^hh);+J6nN$5XLcI zRY~lT{ySo6>iM@i>kVUFxPuljnC=u{f^m`cuDeHYcxY} zMN&HYirbkPIb5d}gKc7gt)3mEk? zt_ZGj?oYAqP*q6#pmwd%mCh3SJEwb#iGUCh^17U2qR{+Pd8K&;Br;1G!j>7`?rEV5 ztN4pn)*zlMriMiXx+08oUcsjPDY~)nWF8?~%TZuq4kORby!FSWZOV+LW6i_HByHn? z-l@wpL`ZFquxhj*0UkZr5*HFM11Nd zQ}<6w(emJx{Hax4LCE|)C?Uy@)Dqa)x`Q8_2Icj~y?KjU%Xs$>44{Skz?^yuhRb#%*YlI2hnjk)dmQ!|vh9;v2l)?e8PWoM>G z4%mbeU}JNCdc5z%WB2L>w~#tFJm=PfBLXEy1yGXt#dW%7sJeSbB#jZul{x1ijC4O* zRs*!rtrA;*GBX-PIRuTkVncplh(R9RxL&WC?xOoG@vV- z=C9!&w_B=5ZXR=updYB|=>9&@)i0an@Cp?0F>8@u|p8L&`-qEfS zHDFz~k{DKRKqRoZwYn=5l8uZoON@Uy!qq%5qDfxV?%LTVnqYFX=+aGd43`Y8<+ec1 z3YzpCF-3*6DAR_x#zs9UiLZz3ekz}&zC_}49~U959Rvb1x;8yQi?D;cd! z+|EZ+x3!vh?;vJC58Vf-sx1_aaAdQT`9tr99MlkMTT04QH_G_w*wnvlG00+(a~3n4 zbTsS+X0JR?919Z4j51q257N2e6a{6Sq0ECA#cdU!8qrG)#0w&ARy+^~aaAssBt>|R z+#W#hQBb%54MFn0BUaKhxkN7e2UED!h_>7`*1O>-2Y$7aMK}|~rCLJhR0Ak%f@_S{ zC6X;dcpf0pF*$VOZ8J8ka!yQBfF$1+Kv?t@xntsg?B`!6XPKVIkHAurx;3Oa*6R0F zziFj+UJ1Y*e;W18A5zpbi)1#56H2^-{DyCO^DEN3JsLBy^>=~%ZKQa@2qV;PUe{AZ zMYvHH%MTa_gUxkvURh}JUN8DKpt!=Z2jxDZytz=jJs4H7<+|U*KMm;dPj`J1Nps0W zM!}HhrYq!s7I^Y)b6B{#OO%G)av2H1KZ&l&6m7Upp{wwF_I3E-`&D?eOz^+K&kWx^ zti^@Sw=$KovjBj^$&3;`2PVIv&)Jv$38nBq_GdbFx#NiRzl`4(;=zpE$GY0Z@zg2E zBzyDp>s_;{rH*M_{Wgok)9Uut`iI0n6X@O#&~2ed>Z-`ozuf$IjnR15V zcOt()RdZgIq3fDW?~Nz$qx?+J{5j&A9k(YyNmNO4nftz8Kb9+|B)GJF8{>~3Y7xib zdp$3~_j20ZKbLoR1Y>M002_~dfA#Ced}Akvd^tp*Z5ViZYaY z9nXn0%R65VczXW;`+HB0-gH@IjT}DFjQ;=*c;s_l5#m3HT7&q8EkDB=b+oFHDD#yV zB+JnJ*!#p*$s&0f&*~mA(>ytKHSN9a?bf9-`I1>r^DHC|tCP_BSB?0C;)b6!x_H~i zelF6yH{p1jSX)-U9A%gE%kr!*I z7~GlkHTWsx&xsy5_>rvY-XQVch_w$C>Q_@1-8-GCJ%xI7XxR}dcQ{C#Bjy`_B^AEv zjty6qDZXi4G6_8^S#EMvmGmH2IUI(oq4y)H2pEiX=}>Y@aMp4+Pb;kFLot6ewZAMFu&55qqMMyo1m zvM@=fjDUZ5bMpFE?gzllFGToX;C)lUpR-?rbSUg}(d0eq#ui3D-rwBvPELOc^D1g} zLY=fczJG|%r})z2Nbz#sYrZmeB@D88s}zI%q6o(wJJ+r0x}W?fl4@3;74GhI4-Z2S zF!=2ezZ}hjH?>w2Y) z#pHU8z;apHfg!4tK=XMolf>G^=l15Lx)MVXNaj_@YzzUkeFrt<_j>lRr_DZ%;b7YK zpppQxj-_{c@!K>uRAP5JjjfKEr?guA%#rIawWIRb5xcI|73TgT@fN**ZXvX>veOb3 z0K6-MG7hZVb*_0ECD_H&HEWwof&H4s{{T>Rz%BCy&s@Os06u!2L9C@RTCw$ihkPYHm4&{YXKlL42Hb&w2fb_RUkbc5w>CP1Z%dXZ%}3`a z)O&kWnM=9R>G4|V_XRAGU@8DoyjJ{1%3GM^ySb3uKLiuSGdW1~Z3f!b+U6;zD+C;c z&+!`Rb#JiV+ejiYyo2T4>MN?6GUsQKuZ7|Je6wzCgmI5r=e$$lt9>@ruI0S)-0ufe!Q(DGfu9rkO3)=0I+%UPU;#jz-Q#F~RFwLFhx7-|4eOBwLr``1a=jRT@50LG;3`|ZJu3D*~Zr+Bx55yRnN9r7j{|W zjiVczCkG!&$;G0%dmXNnwzpP7_S$rG<7rm}obyz*DI&YLC4feaKvR#rYNIZU$*UD5 z8jDz5M+$j%>-U`pKab^Ho%h=AEupsD7=k#?)A-exJ@hI>>28+`a(1{F1k_SX_K9IZ zB9#;f{6#(#xwW{mmtC`KJ7pv!(kB3ppdVWFtrth|?z1ZC*Ym*@m`7tgoNP=VnEsXY zyyq9RK6i>}JT@Gz%N5oP6M8kMq{JSv)s&@c#hB8ja>=ztq2avL)kW64}V( z-h#Z3pYHs1;yYKqx7saQc?tz&;A5cAryXnRU)j%9(7Z`CkB2;Tnq91tO_rWQL~@}Y zbQ9B`T4YV=?0GNkN8x`9{5kld)_xGUl1(w>QlJ1)6pjLs+b6A4@U`^!mTf!6?}yuf zIO47`TeF&Tc1-op4oPvTUahT+Z0w90W&Z$XzPGj1?#8&f@l{h%aKBm5v@PC7JzYl2RNteX87ZTiqC8Uxa z{&6InvHWpRYaOn9v#sh{e}lDsUJLRP_3qs62k$p0AEjq_tKyBWyQf7HY4G06P{-yw zoy>87diJ3sXvE+p)jUC`_-jYgZ?#*9lF~+!CN5M+r=6y~XTzTn{8KlBEUh%#TZY-X zY+x1#*EO#vaFKTZ0LFUWtf8*%q>ofkB{FXL&OiNC)&9=c*S;X}Pl~l2VqK8o;W9D( z*|B>cJS z{OUOwYDX&;iKBRaC|63md;4IbMJ$-v-)KJ7>mLigD%@GjFYJ)JEVxBu!76+HRia%7 zDIVqHzZ>fQA^2PmeM{{Y20ou`QOn@im)(iL@#iDZajT%TdmzERYzwPSsFmk=9!ZR5+_2rci5 zg5vr!ukfz1Yo=(|`evwZC0{B-5kdTYK>Ak)r}%=?RWn6<0koTtk>f3q>p)EO4+6y3 zvR&!2yev!p>LPg~AN^|Q_1_GA22WMM=Nwfz z^cNxFzA^9x_ro1~TfOrddpV@@aT;!15zrCTU{}un01>QwBjO!6_^(UTC$_&1R|7jr zjOPIJ*0Z@u_Bj6lhTbLCG>NX^)AXd;&J3*IF5&)hUqpCw_LQ;k?}$c;G!6FOCE}7a zAbiDm-Jg6P!kMgJL+39TX*!R@KZL;IiRNd}S1@=-#-1lzEj>$UhC>p9cQS%73H)(intv635cr?r zXN&cH2VYRhb8#ijt^p!g*pe`Ps!2Y1)NDny#l%J+j7EBPtXW|5LLpV!r*R&&ybW!k z_0R0-@i=KZjGh_2c;;F095J^AMmP!dufO#F06XUws{sjW9_B`&XA=b82f-;;-zh{T(hQc>@Phi?e`N z(DPn#JWmwUO>Fbp+$jvL8)32zKnAglwK};Ex-4L{_~r1bd+)WM?Y%P9AIf=i=8@C} z>${5efA}RY?MH3<9e&!L6}`QmSF-qF;*4n8ow;-5#WOfmk<{_Sb?<^}zA{&{A~9;| zpWT+Zr&`B+w^k04X_pAMHnIbq(KjG|9FM}gZ->4jZ8uVFKHM%CYJU$w`2h|w4^)?ysIGt7&XXwdtN^=@COA)L0wUIII2@4 zF3jzatU<;FH)hu?0Kw`pSIyAl)o3|khs`ViPB=ca*N`fMh6|o?Lw6}M2A$h##=zj! zs3lUva0o~}PeVx7JDL$XF6Y542dCbv*RVFNrpaiYV41#TQgMPk>A2YHrhjJt0Pt?l z?Zb8PN8vuL`y_blRMXGI9|S7R;llGDKK{jtC2-wBoGwQkr=@>N*P4ROEK|1Ticx|O zW9e8`k7H=PPIFYTg6_^}oqp&oAF&njSM39!NvNf##7!#FTbbeurfabx7x_9Q#CvC- z_z|x1HKb_~K<2Jl7^90}3p)Ya_n_>i&ujgkzBXzl zxF4TyuU=2o=TRNeKIOAzyS!a3=Ua`$-D&Q_1(VcP&Z%j8Wp!_=h23u|`FC++ss8u# zt_qPfx$$T1@%t<%?PdEf_}k&Wm2G5vf2AvHUKg5p!BaYdOeFOSB9}wY@efM>068xm zcwbofdE<>s!rFY3-PU# z+8_3H%xm_Bk701f=jV)y=BrBTz*bI91O%uh3tG9xKyzy*AuN(u`$6_2P-wh)&Rv|8%f2nt zv_{jC(tST!+sX=2CuDaR#wRuoZ>r$8N(Ih^X8K}AtRR6 zG~GKvdyO{27KpEXxF3aa$$52aa+BN6(WvXs2BJHi2=`4R%+@q$Qs!i3AherXBp+Jy zKN0AW>DqyU)GmjE zVYN#VcC8?cY-Gu%2@rX4vMY0w)9Fs0vYsm@ij+7S@GUCn`waRDhA&BzG=s(VD zx9~QP7PLr9c@{|iNj_7L&W4T8S<^fdbtl`PwEg34KQ21go$9(ox;?eTGE4rG5G9q5 zHI$=b;*ULx#19^p(+9~X2R*AIEqCqK7xO6qpd%-ag1Kr(q3vXtIbt!Cs6$67MK7DN zsjPT6Snz6i2gjO5v1zMm*JziIYN^bq9B+*0@gG|DPuk9ZhF>3F!q6ycImr|j48XTNR4 zXCvOd%l5MPRGtlAhu^g~g|vIK@RP){K_0OshF(2B_5SO~2i-;^8@g`ejEc%M_da_S z2~w9VkG4N%nY8DdN!IV)*xM|TozgJhjCBM2^{>_YZ;dvv{ewgBnwXdd5=wf?ryZ-J z2=u9`G?3d*2l&_GJKx3N-8)j%b$fMdhPShfyEX=JRCCTN?C;s%;17vDIeZtWgZyjo zsx4AK_(}fV8f}1v!9qa_dh?uOza0DzW}Y9i)GoESB#O-1Ocb*8l>O8B;=J1ZjiZik z3TvtLf9!YQABFz_7kn|IS?cm?f7=67dn@&|x$>s7$ry4+Jq~O3%iFNI~(Nz`h&s?|^j(Z1t;zSJh^L$#W!`- z#+>DSPcrx)@XJ#0&x76m$tRa~#g^tKB(FXC{+zb==kZb4dD__6ygqrt+7Fi;DXWAi= z@L6``I{v?vVNGg#cumg)hrznH!~Xyle`(tImP_q6XfIec_Ed9=HEB9cpjuNfHmhg|lrwm)QliHWIbJ~91{Jb9y^7W^#n zR-Jtnf=eJLPLZN!k|Ce@W^uR=;a~{rYwNPv^4XqG8sw`VmR7?%-q%*|7tFsDlk&Oz zqWo?6QGf8W#eWn24*0PyG%aSsP@QbVxXkL0g~=HhAwkH_bNJWlZ~PKB!yJL@-mXy4`ph+7bo`e1@2A;lR+H&b zBBq^xJBgM-$Lsml{{ZY^q*~p4K=C{44AALzRz7{SxgRb;1djc2UKTPut)tJ( zt9z%~H}XMqsa&nO^X-8jF&}&0y))p}y%v+K>H2=NZ)*$?>IQX?jESQp9jEXZubjll z_)Jw(&-E_^+Rx&@8*7)s8yynaITcQ)>L`~`gNNosYU zYR~%++KT~fyG-6Dl|t+L=S$FF*;ZK0*Q zIb>Nk9F8$w1}3hj(P3qwkaYX4FIIx(QGUkcmm9fLUYl*Hz`tjOWkiLz1-n;08C}@= z3?#L&o8ui;`rg4VtRaHu$lQ(`WJ?E0jWBN@29r{84M`Q(xMGw>7Q7yL7ajIMll;Li&9V*dcd(?R4(adMa`&Pi5YeQPV@ zU&Wsjd}#4X__M{6Lq4h<PY7moYDF%IN54z=(dsGPaHe8$%B($W`4>3EFTQKWqWn4YY~qPUEnk& zuo1C>-^#P2erumG#@HXN<(06>UCJ)rt5x`;>|fe{#(ogJ@Li6JrE3=Yo#CE4wlra(I zla=++>2K8^IcRt)ts}fPPQnJ?Xy@?X?dK+gVF_0ch?RqP}_%3I3Iw^hfFo z6WsA%3F{E+8vXv0J;FyMusm`8^8-6b=k%{1i$c*nH*>1Rs^0ylP+5pjc@6U(KLBf* z=Oud0$=Lln{hWR$cpt@DR-NF#653no{#+(Cn73T_HIMs7_zPCD@Mf(Ch7l%DFbEkK zZDh}H!nUVS@ZJmeyvXpcfnOK3kAzz9h9=d;?aUF}2xr~~&5Uu$_RcHyJK_$bp!lyu zU2jT0Sdo0t9OSNhS9LnpK7xiF^C@>eFZiSJd&j;T_-W%0g}xfstfBCpzXM09+dN`b zkxK1s1NT^tKQBRF32BP@aJPy!WrQNCk3a@197SGj`X03$6lqFRinErl&qTi@k<$Dt z@s-cPzl$m2+bNpo!#69o{w#gmfyo`mTKa3mUl0Bm{7LZ+wW|0H>@>Tp%w9wy03^;v zSO7Y8HRj4EO*~ynbvc&ZPX+Ps!2bXo_-?}b{{H|-ab<6Y7Ycq(eNSre?KVrBYrw3@ zax=BCc|-49(t-69GdNDipy|4#_T)pjva!b}wRO;H@y}s20rpBx(a%F!o|Gn@#yzFC z&g$eyVSHDfn~ZKNDGMmdOu- zt&E;$Q{3Yo=M}u9t)a_?r6ny-ob-!Fg2oqc$_U8x6|by8sn6k=Akm?cNg7Z$r&Z4c zlk~4Xv>QH-jZ~wl@7@&smoC0I{500IB)E@2*CUKv>H2~Jy=PI7johj4Ukv;`w7=CX z^{5I6Q zBjZ~wcf%JgWh87Py0m4&+#o!UW9V!85B-t;9DFtS-{JN;_k`iqpGTI?>Itsn+##J< zGa*y>k>7(|FvBY!miXty7_27_*Tvx_X~iXfR+s92SAW6ApB4Ne;vW}&&A$dTx$X52 z6KMCBI?k?B2ka3_ijku?V%u2l^u>N3cq33Ku>?p=KzzR9yzFEbHiu`?GcK(|gK+A) zYEpBSy;GC3`R;o%Y7^Z+(8(YuyoJw7q`H;ejHX>aje$8=6v`&o320M`OP6FNr)8t?K%HkAY)~D@ZM3^8n?G738t{=DpAMZt;Gd{{RX0 zsbPJm+v-*k+aiUP@MC^SBfmgDTGABtK0_B>?0&MJ3Fw-)g@=heD|ox(KyGcAAKkIf zLynwRm)-cuyf1I|i`#TktCqpyy(&<)r<+MSj>i{2#;XhKYlzaxU72x>-1A&TuZr!= z(>S-9*+?v3INSKv{?6yWhQUrJ=y%6I*gL@AAO8U0k`eg3#2*bTyfg9FMA0rhPp9f} z*&w?!LnF9huw<-}DB$|!gMe%KVfbC*FYPTd-|aJbcjydrt}&Mf2lW-tjG&Za(fs+~ zcO6#D^UUK1Qhd>;Rk&ZG=9F~u(P(`mrpbt7bS3v1(Y}$|BOGKIO?dks)Vm|B_!;8C z;olxls9ZsJYpCg}vcTZ&^Od@)pL`H&+&^ot5BNV@_J3!bKlmT1Y#n`cT8fF@*;GNTR#J7el(m~Y8TRJYytA* zRNM;@z&_cp0KU<0d>!HqO4=`(?d0;^myOh4xyM$5vFn}?@fDuAV>C@OeW@e}BV{~{ zbC1%ycY-*x8lRgPrjBoBlO|m@X#m>fIqh3Ex^lq;izfCZNIv7zgLr6gnr@qIrq6jK zR<_ZDA?Sbu^{<%!0Bg&iBfuJ8+OH#m!R{tZDCndPG45;7!o5-D@dV=>1$QT8p)Gr8 z^*rbHU7kBTy)s=S+_jiHo#Sk(wg(^mYW=-OCq|2(V3$_3lqzIYw0L#e~&n- zp7T2k4G}H3h$bpn_dNx4mfAJNrMpUG5(YWPab1UtUPqsJhVtJ-xqVJ3472UqAR{&A z4Lsf}*1)#{7+7@Zt0sM^Rezw1oOQL)9@O6LN#>D}n%p{SC zV+($DUQISw5u}U&RPqSx?^8BIMruHO@hQR#=NPBzP&}SgrH;^g4#J?osFtx?#x4nG zeB>WWjOwz-HUL!g_Mj|m`Ac}8XfrF^s_hB~T-PaWY>9kU@r+1G1c5*mo;0@A7E4EW zkD$&7`qxO>f-RN9TuLF3A?hd@`P1=g_Urxx^w3tL2{%Yoba2Tej)fWIkdu&Dcycgt>xvAFrSWCu)KUGF)(AialqTKB*XvQO;JLV4i@T`; z{{Rx_tpYUSj>=YfEUq`XBrhCfRCh5*xbxMLW$MGBrOdV!`V%*a{{XUWp50zYLccZ# zPo-DWHSI%Eb%lhFVys-Fj1iyz098AZ;&)mOqXwNL%LT&6DI;o*=hC`Mt!gXC=NGIl zV`Gx7>p`852=Oh9abC5?oo3KMoQT(uqNNwQwdR~HY$J}@&}Bo61~~6Pj=IlMnQS35 zgh^3GPpPGwSAogcOm`i}_o`(p0n+FYNOnsZc?L*eqPd-4Nx9awS!^`eu3-hZ`A9hW z^sGi`=+-mo*Rtui@m)exZbsHT`QoUOTE#OdwFgI_U#xkbDg>Gp7kO;=-S;&EX}#M7Re;_t7?yJGD$RtfrHN# zqMvg)uA^@*A(7&rJDM_awx&s=okr|!106clN=9W1i*;5KD-D~u1HE0eTYZ8+#|#MD zj8uUR^gG)hK6v)0ESvsT+I{ig(zH@E_GJsJN0{wg5uU!4kk+$6?}i3G;L}qdvn1IQ zfq=+HIvfgUvYafE$msEg;CHB#xlxUa(Oav=HkK}WfI3n_g=P!@9OI|+sTrpC0w|@L zLVU5o_OC71^&5DYx17>55=IY7sH?L&hnin%S2H8SZ0tG7&ssG5hKg8(m}eYwMAtz< zp4s7TK^icup~t8kk?CH$6dFC&oDpY|*6Xh9@K2^If}z<>mTWCGeHu+N@B2|LETxmn zGAQA>9eU!uYhCf%MWjn<91vaJq-HNN+>A^;Px#j|w^P0wA1!S0FOBs@vGCu9H9r@4 zjIc{<4LTN{Ln9mjc8)9c!}e7F0D?hkw{hEiO8u}rNok?!Gejqk!nQn5&mc^BKTtn0 zROi^H?0(32Gr^kj_+rz+{{XW0hP*TIv*Dhc8Viey>u)E`TypAoB=zS!``4oQH$>6= z8)0*0Z>dA#{{R=68cWNC8`WE|Ku-gYr|VGV(9KV|(pmn>x|hVu>#b|Y8p2&z`9|go z8)-;oP%;ArIm!P3BC+*91#12X@bq(hHP$WsA*Mrf|{DA$0{{U|95PTQ$4zHyA zVTZ*&FYu117ugtjjXT+|9HKGc00$z!ZafS7K=?c3c8LTZ2QA*q!*(s3>2IT0U2~je zjt@@5-_o#E?Xgvd=R6MH z^$DMR3<{QBneSbky$(s$E30e~fEYGA)rMa=1SUpR>x#g_QW%lK8#~Au$4Ztces)qa z4th{yC!uL=T{DQ)n2rW|d(+~ym=@fpX*d`?C^`AHv9WJyDPQq2>;eh!w?0*{bD%88TL(`_#$oezHTGoT( z9|KwI{xb0bEZ5*f`Vx||Ch$j=ykpyeUK8NI0^h?vwWL9*YTpd}B_>%Od46dC=s@Q< z{{SDQVx($vTK<@{HxBXGUX(F z$EkQX!zWA9?eyI`&dL~5?ae^SlV*SUBLOOEGFTRWu@g&0;ol@MnJc z-No&L7+M!lj#y`K_RUYO-)Xb#w=EvxnT!lqRAX})JDe5Bf;F67NXdbe!0Ky(x$(A( z1;SX}YW5Ld=l4*&fnENUv}yJy$nUItRI+J>(cX6%35fv$lR)uPTS+t%v*n*S+({X& zqZ=9W9Uq8%RU9t@>FmIT2X=ppy?Mup{9AWsa?-K$E9!b~ji_9i z+S=J=n;kafpX*(nlqsqeYh(Meah!FmWg|&FPP)=7T_QO=_# zxVVn+%WQa9&)ou@G;=$qbXR^R)8&E_aPcMBIA8|>ed`uYUfNkaxY+p)F_3txk|gD? zuCKJ0Tb&_{&E^cI>~K#f^38f2zB8KU#@apkk}>jRcE=BzKIXOQM%I{KQq zq^S=T!I2BEI~Z;ms)HoEJYweW%#cNHr03*N0sJaU9dg>l-JL#o<+zFVlq8ON^ZHh% z=*!ggtwh}|+?LpOZRcw6YQ*}wgh>(t^4w!$@we$& z$(;#Y=sX9Z!K7HpZEZE&c7{hGCM~%+>CZT>j`_?C&RfhQCxiM_##))rVw_svn6rm- z97J>+07Y^OeKYDZn|6DMz}^WxK(2@*hHS;u^*h~0@#APjWDKqp07YnNHrJOsQZ)hc z1rv!1?EFIUZ;iY|udSwyC~5S_T*(NfL37*Q+{pO+^*=h$M2 zYVKTHx#S-Zw7KBbAe5XgMLV&*R7INz0)U zrE^xt#+qk?yfdn6Q$_~5v6Z)hxDsS_CcbFC_~GMSQtI+cokXwh_Q!0Deo^k;ob;-> z5yRN-z72R|NBGOA+;~gI^IGW*#Ho0&tg@fM>tqjMy}K{M@EZ0;bCOMbMrSFl4pnVCd!hRbuu){bpK zK8MzNwzKf($G!v7JecCT*DZXzeV_sW8TrmVYdgR?gjUjAM`xy+sI8od03R;V)E{c7 zuxBx>M=aXK&GdGQY#${8oCRFx7_U|MYWi)g7m+zw?&M%|oM2e? zB33Jx_8$CK={Lh2Q%~_1!ygFivPE-gsZ6EiNmpxz#v73*llIAxUs#|KFbGBDlIQrEW7Ji7?e$2iM@aC;Ii1bIZxxBZH zR#@d-%EKK2?_WOraq#Y+4x6T}o{rGm?~q(c`~(y7mHJZV>{a?73*LWcczeWhTx~O4 zMH;knWRydZo(~zW!so>;u4PaW&&x z#`9gm#7Kxa2Rw{=@m@)Ow=Fz3DI3SecAhx*6;OKE(lY4H3k_W8cXs;Sw22MHtb%;7 z;eZ^2U#mY1{8?q<{{ReGYCma9silov=bga+0H4;bTNIJ)ntt{Qc~=9kpst+S{i@zL zCQ)#OP84uRKK16}O(CN`68O1esCaY5;@0lfqS2fJm_vYb%9i!72=Rj=-w73OM2Y?#(&_BKem0p?O*#g>7NTcWqWZi#*YTsMQ?Q1 z50}1;R~y0V*#igM4_f_CThFjevc|3EYoVihALpCG#IR@wsXZ#U`Er;aGfyGXtK^W)ZmiV z`2Ylb%Z=Ff;Qj)<>Z?;@^B=|9eyic#R`*T*@8aPFEgT@wUG2`{)Ru`g8u-vO#Tb;l>Yz&ykU6BphYX#q%qu= z`)!=0j1)ZPHg2PkI24*X;j#Ue_-5P8mdi($_Bi}epi0eV`}n)Cf0;*Kcp&=zRqbYG zl~!3p8+(DVm$J2S)kg7;avd(>7@kGk!s6WWG1Y(lRs3^*!F<1ATTcl5M3duxfqXZg z3i!7-mj3`@j3Qd=E6v1iy+3-R%^&S=7~;93xlJF06VZ|63dCH0gGwnl|A$}8FQE72P!p=S*7-98ut z_lF(pg1k|+GtI7iIe9Gl#Pch8%34GcH!aU>{cA_z?!TybQ^dA%J;ArrTaf<% z%ht8SXzVGiPrrOQsHM$~yRFBaoVMb6*Q8j#+bztBPs`gKYt@d&4MbOp*fTVUm;;`b zA=HEpj*HZR>?*8eb(WWt$pg;_Ew?=@PfXFE)~%$txwjJTQPp}Mr3u()nRu$#QSk-! zzL>TQL zt=Zk_`lgiVkSpQC4odwhjUtZ1?s>HPbeim}a<>>Y=4-8K*Lsu|_w1oWxyU#wbHz+# zI~P1_Z5(!&_o;erBDVpsyzX3Ajlro~OSWMmpgfOyv0Sx2w{08}8;F|XA~+!9X|8I* z#r3IH2sf>h<%m*n-1|^w=h*d|2yHw!66tVHIaN^O%yQjFPEB;0R;%Ts%M4K>E=z43 z{vv==IA0Ll9a{QJg`JLDoFBdQtY|ztcYT$BZ|{tErjgN1^a!jjw2u$H#5;xV2`Ekm z?@G*q>UkMwyobw>ag67h8KKfxY7$8@ksvl@2t0H(n6#UjUzv*q%We!$N*h3Q9wP9Ti?3LPTZfMMIaMGPV}sOwHP~rB8oFH~ z&I_2+?O_6*ak`6iIu18c@YMQU`xa9SEO)m&v8iXXg5nbp8!|9!7J%mEhR(s?5#jOt zBNd-#Bi!7Xywl`oq3kIdL7io^u}cw*E+bs_?^zG6TE#0y%krq;VuNTsOuHMK8@*jn z#~1|kJuzQH_+V*zTFl{Nfia#3S`CiRN!6@e0(&V@_&u`MYf-&Ppw%^9PK)P z3F-Jy(QrOYv9x)|lv&XUuA5fTtaNP#;^N-%S>;cdN%HM)O!`+HL+^Y!rlp?XqyGR; zY5xG}X!ScEhdPIZ|ufJbTwY29WK4abpe4QX+2J z*}!l+^Xw~vrH}PmG}V(w2k{%iehv7QqrZeaeQzz^oLp_X2pU^#aq^SSJ%O&z_CfIv zg*+YM?;L*0e;VV5#yaHLqkN1$c^Ke^>IejLQ5jj>`Q9VRy{$JmZgX1q z?CavM*{j4F?v-(Jnynn&+ukMXPa9Q~6l zHO*@O0OIGv`z=!8pUg2_tK2%M;T05MAg3ByJt(Drz&}0TIMgb+YMh%z0ScOlc5DvS{bK1Kw2y!^&)Kf~ z!k#MeW|!iR72jB*#|5;Z2GzW%RAg{V~xWE4%O*WrDN{0$z2tOw6NIR+FrRS z)m!_uui!t4x@W^L9C%;Hl3t|W*_R%0RFegP7%G0C;=YRswU1t{HsaCw=l=i&5Ag?v zelq-Vlf+T@Zu`QT&GneSx4x4Mmn*kscKVQ%1J za;Nx+uYQEIJZcyfMlpm{lFy!Q7$V%Q2skgFL6CjxxztuW-G65j@r(A!@Gy&6@QPY_ z7WS9(Nh-Mi0G3aKggNeO=O2MyDWAhWF|@SQZRd@W;q>d&Q-dUIct6YYuLB<|>Uem} zYI+}kE%f?st8rm&k9X zVDlc}2p?P;@~fW`J(bK?tmX-#b$!g-5IOv-!kl$GkI;QK?$^W`K8vnKk(p<=N66^M zrhiJ(ytMmOl#nuVMnV4Ru82V8s8aBzruKVnr??VI8yWWWs@^s5?e4p8ES4xd)X5nB zAzZk+T~WRsXUQ6lr>SUKjQVD$7-S=F?-XP3&1_isgG&N5zlB~fK2`_rpL+RBT{fBY z7+H=p1v#}N-@??hJsR2#(;FEh zTa?b-jK6puE8^?#4BF^l8np;C+2)V?NuCw9UK%-9k)Nn0zUP8*F<9uSbw2YU#q!iw zKBv(23u&}iqLJAyq8?nK&IuyEmi?YTXW9P%XcMh}!aw653Fy~0*DGwX-%FDt(0b{(@RQv~BH|6t9y=U$u6m65sbUjtADy~~h%W6M zYDn_IG-Q(^sn6+HPpMsM6DheyxMn%?N%yWOv z_^-KsAADGkRf)q0u};Z!N6r zhlWF)lPTy!eJW2{oUNg^rt6Sgz`@Lr-frpDS$?&y+T;xqM3OIaK0Fp?kmZBW$?eiH`=s1 z?}nmlnbUt5wvK zR^9fpE+t`|#OEf5Q=olaBaHDlyI%%tgG_`QxKK$MP&Y0C;C^HBu5;iY#P1Dh*ZR+f z{A+qGv^`^Qm3tt|T1-ELk4%cCu7{spwW2>`zh~=f9V119SAuIx-4@1Nz2s*q%Ytxm z?O%}p02H)QVe#9?-YL_b1krD`2fB?Ba9Tq9i+(@Wj$L&;O6pCvd`)xKJLRn~9g-@RhqdoKWE>03b@6{uZZ zpP@P~pW@F1YBqY`g|%s*l~rVpTWK>K!>=R!kzaZII{1%!&5y+R+`p!$jWoS z-_pHWOz<(3`mMSko_-W&R8+Ra!&-_6Ww~Wv^@>RcK9~pa&2-A6TOR|(I7~h>2=F+V^Tu{feAnf<{PFyA z@ehl>BKZFRUGayGH3!!<%e#%zTu$C&Z5^_GD~<5}lr7Z+KqOoqIw-FT5m#HEw{ZSZ zO9_RA3K8XmQb~45?X62iDcL8>p8e}uO*;DK*6UETg`~EJ9&sPS4RE>kKAI7-ISorr zO-9JU9mLj?s|gZC{uT$&*DvGkXU10F3H1*PUo;xNnH;9+35*Y)82-H|jQgHeIyzkN zuY)W0ne~gen%)^Avsn&KGBJz~erxJ)+2Y$o{{V%ZW@NdJ(tGgH26rG9?fomdf%)D# zs=G()=Y#bN%`48(qPmeHm3*mGbZk|h7I;G6QnCKey-@JTIbeAry-H~1!Qwe&kDYZ- zh0|%5$Lx+?+ZkVPV_fb2nR_;utXLa1^FGZYue)tH{cEj9vG*8!bY~q;>_hf`)wI8e zU$dXWYxc9om8keu${B6s0P*&9jnMWz7+3k~d|UW`Vep&wuKl9E8R;>``aY53>*#ED zi~#|ZkUvpe*yZk{{QUYd%2YW2064+RqpSY_lGeBCdR~QXBU=Y$5yW{O^`~)RGg_bMe=YPSw($fybcGkC&#KDMRfWUUHzv9QnEANRv45IL4HZbXWRkzNO zBJzw5at~hqwI?lFC(as9qU#(i?0LsZ^*t|8g67V98;Fv4opz9VeQISZ9RAGk+v^+c zBgPM>Y3mEx$^kH^R6f9Z{{TwtH2aYR?Q1)PxC9cX?+?P9SaN7|>kG{L%L0I8Rf#5y zKqGehr;a*Sv6C_=SzNu~b!7-tkSgqUj5nEckIJcCkv)x_D^r(GnIN=>6yWrfA5>Q@`)9_UDsbG_Z1% zT$e-Vvux^)7IdlAz3NMqY1hyC{ZGp1rSS)Wyi;@G&0j>n&^$qFgK=+h8COHEnrja4e)Y`&TNu!)nL&}Q9=w`umH`?m{@03)ql(lq1~Ni<6u+#uY?v8sx`hEkEO ztN54uF4>2Y8IM7ZD=$Ow2-gGK%8wMJ`f*93Y)!2RER^hAu5dCsn$1glyO=!Yh0_@0 zJ!)IAgGKu*7FhwfG6*t0UB9hQsp<9&1;lVNzJBLs2Qw*V*p?@1V zk=G%4$;V0xL>g28Gdye^zm;M5!buX&LKX5y8+y|;jC!A$-xhp)`d^5ztZy_qoH}AK z{CTGxM>*oYevUz?KpI%u-e2zj0CzP`Hbs)#>7w|<4wG=#x7oplK3h5HYu2=>6T`ZB zcvHwY0#0#{P-+R5#;%*LOLcT+@{`L`ji>I(UTxxSOH;emE+B@|$?aq$$rxTx9-C+} zIhXM2OAwMJ2*HLy6^E~A>1PBpmLECB&~S6GB4Nqk(twGn`_t$8!v*vNVVg4xY7K>`bXUL31EgD#&~GtM-~Tvq%6x zXwOw&Ph&?r5mxs`TNq%5sxCVZ7pnDQA^^7a)Q3po46k1;mPdajx>gJw00Z3 z)5gxemB{K|FHI_Y>}kcWW0!JIoQF_50a7$_a(q?R{6lvlYMM2?5gaNy5J*we+*O9U zhggBYSuJHwq;a~Fjm=aMMTFMy1QQlQahzo4qSL0;EmBCeYm;{YbL5@4B0od=)-4eG z5zRe=>Qh_Uw)|nS{oMAXyVEDuWs1he&PSAig&j$v#58e_X{qVDh1Qp;*~@8h8*ODL zAXcPtJZ+4t!|l{l<$D=QBKay@s3lh&s(Xn|qM|N0V~>`ahj4;2&+XU=kGb!g0vcKq1u z)oa#t&1dBiJ+to589WN(s*cKJy3dRBT_VmAdw!zoMQyN-NF&&O75ZWOApZctIzB&s z(!LhZJYB44w!aBJ8OpwMUTP8pbErU1Sde|d!;o7YYlcalg*~-DYrYeH%Krckzh)ge z<4FCTJ{&%~<2hIzM_Rszd$SRZz~dW1>_7VT?>-#6zwq9lsOz5?^(#$R#K_wUq5~be zsJ^N%8wt_JYA~mUN-Q@#cvOImsM*;zu=d8 zr;ENKe#-s;@n6KvOIq<2#jLVf-mUNaeEB&2+bLnl9>3&$ovio;4gJ4}d_Adab~m;& zi&n@u$RXTSxIHi8VhI>yb>?8g0nCGuz0AIppv$>)NUL8&athbKVO0JK&#ycNhLA z{iD1^X#&KgE|w)zA@|^ngY91o{8Rm{HRRWPPo{hX*F0J9`@pl#_VUFP;x@UAjAtX9 zbNuV42ZB%Dk}a+^~|SpvCk|??^$xmx>g1J(lO34Uep$+ zjaH@g5?59rD*l}+L{>QrM$&s$tmYX%9!c2G&tXr7CRg3Jd2Tc5SO~c-vye9J$T+KT zTKvl}Exb|_M)X=;!vaX!ze?yV^eAm&Ypp_PAhsAgq#yzL(Aa%ly^nYJ6Z<%PX#J%; zUVK0BJHT3(h+#}5`jnCEvbV{`S)QVSgi>7|Ju~6Q!+2Bu9@f@Gibp~G z1vokB#xeA-mOMqO=~q`)T7QFl6&3Z@+FR|K%&)Yje~Sn29RC3N>(6&*R3T$yP;U?T zF4oF@c1=H2)!Jy<2}6ewNPP!5>sX%@{7>Tl02AC>T5A?JmYQ2ytdZWt%Bv_nhB@hu zX(Vf7g3)|qp?Fdlyf>t2R@eHJ@Q_|{^8!u@9N^a_;w#S%PKG}fU%Yab4Fm``WP|7q zc;dBJ2F|8wyjkMQOA#8{Y5pF7EHX}F5jad>WZ-l4=D3Z0d=a9&k@$Mz?^@U5d^GB~ zKz%dG&S{ky7)hvHUZK`}Rj7God3c@jGwg9wvDJKLmzRDV)8o;!Yj}YYONB0@t8-lHY6Not1P1nxNL>sm&c%{dfg)UMZaU1|+=HsVGH zLFrv)lPovPx6c@!M8MoSf$3dvT9~>&GoLBq%|Ydd?%n^={jUEs>^ldAYH+-P6tz4Nq;)X9^w_sb=o=l8gh?e z^D}8R7^T^9<(-F&H)_e(?5$<7xDe_Qi5nj-aa{97Mt#qhd}HBDT}d7onWvj4?;MqH zQC^Ag;>z<$vaz$jxS7c6|^R{ZFDd6VX&1|Q@3g8Drd2imWMt!Lwd1F z?qdWg$2@x1TQ$A3R*fpFEaM+GIIK+UaWXyINh56A4(x6owbW?PT}z#ka1@@j8Ym-j z8%C9rea2A&RB$zmU!l1vt(lzS|?52&TRs;~kzqLb&a3|3rw$tsJIhEswX%Uq; z#bh%N>77^$3a%EbqFr(l28zXGXkUp4sKP>V{}Z>M{0jTI=_S(>sNKSy0?@$-H*CD znhU>TZx>s5c5PEgkHgkUYh~mlVNx(RV1438U#(#HgHpWEbl0@BhIuW)FYJP7+`}0^}x+~R*i9MrptY6VPkD1Gj5H8XDYz^ccx}*Tlix8#U2E|)wF9FTUCl< zAD1kAE>1JMxCB*C2K+Jcc7>@e&b@bUeQhLRyqJ^jH`hN(LMeEQMb<2JTV}RZk`{83 zD?bC@^sQ^1ZL~cu?hi06$V{#|1J^VfMkkipc%#JLB-UXTj{;l6lIp`duseQL@BaV_ zwa9dRM_IbNxJ@ow*nFFYivd^;a6qcDt7m%^wWhgwGuzyzqoi88$#Iq$jAUTr@~=Y+ zJ;F^FhT6G|Rh-OKBM(V=F#686@@mYs`Fk zqs`+zAPDY~DONM(nF+vddg75>;&?~GX{5H9{iK%qk&!&MMqHt6V4NTG(zh+OyBz`V z^xZniEUeMURgZ;VZ`QP@9Z7OI>-p^bMXYHWUE_K7lH4I+8=MYtk?sJm)7=((Zx3j? zWs7Oo5JBXuh?(BSNcQ?wxM*i1SH{pK$Afh(LK}IYxAL-N4Z!Qy@~_Q*A3-yz)b0_H zHZw*x{8R8=nc*Lb zmR=+9)};z~4eizyMLA`0j-N`I4#TzGc2&Bzx6p6fQxla~z-(?LbUyV{#GV#ib4-rc zTAiS`Afes-ElnX<{Id9tA5Fd1qS7n|sFo82oS?_c>yyWEUU@F9eSbZTww9$9MpVeb z2np(IXd;ihEp%@N={_Cst3z{Tb*N66xo`$Vo}Sh3ULWxkmi`IVygRP}a|5G`cO7HT z0DUpVDMZFcE7W!CS+?mnBXnC(DPjrEewFgBrx{434xyNFf;!e{aeACP zqq4GstfwQ9`d8F{vxmefJTs|7;eA5#(QFx%#2kG1C#U9ku7jcn>7}$6WJdBL+Lj@} zQ=F*)kLO;W;oUywc%`^SVpUJL0=&#rjVa5y<{uYyulP#*E34VXqQySHZyQM#&X+A+-U7M18fLhp60yZA1TM-tm0}z4ukZf=#PMj?>!x^@!!z66czaWUFD&GRgCSM` zoDuGSA}dOXa;7_KX!sMvi==B}#^g!%Nr)cGYuY?_pxf%YJfRReGUq=1tCCR(AI!)6 z7Yp`ikK-r6y)*Wn@cxHv{{R!dA4~n0;$%CPTiqqw0rvxz#^sZrSwA1+n_AJQvU!Ay z1dx`@EfLBx5s*jcPKxEaGMdogCx&QcEJ~QWeSVb)mpi^ujQ%y>1CC2jRz_mLhHUUi zsq!Rw0EMCF13krRLuHJ$ydXx(#EcI36`nyQhEHz&DOg)9h~Id>S`54caS z<6eDOo1Y?lZSW6~Y&?5xB7Iv%Qw{6|K3mH+BP5RGWBGcT{O|a$@bkgmEwb@Hg{^ei z#ijg0_eXU*kVru-7IDzz^Xw~_XYwukS^OHg_&M=oT#DY=W685Rf%0xDUL;nBP@BQM;`m2KvoObo*KH&DI%P~%#NT9fb*WC z=}|_@5H7Ax4_XKq-|I}M(l&BH9qUFYo)HjRLPHdChm<4?ZDkKL!3Gcq`(^g;rQ~?Hc)R9b-EM%q0BiNbiiA(kWY0 zvYGyfU$KwJeG~SZ{hvM-d}#1rh(ETqojw$gQ8EH1mer0KAD(s|{dhUA(%lYM-r8Nq z?`)=3p4w1)f-{Qcs~a|Mbr&}2Y>jxa11K1L4x+wV{i%Ov?+<>|e*}IZd=b~u5_KC! zy3j8O!)dyVV6;*r;FTes^0>JVi7wZF#6$`5okqn}9Q1^&%0Kk8SZjm!s?YEZVk~QrdXf;xK+^QV&0d zE9BX4H(yAX>E(^Yd2Q8zH8iDWY<